《计算机专业英语第10章.ppt》由会员分享,可在线阅读,更多相关《计算机专业英语第10章.ppt(34页珍藏版)》请在三一办公上搜索。
1、Computer English,Chapter 10 Computer and Network Security,计算机专业英语,10-2,Key points:useful terms and definitions of computer securityDifficult points:distinguish between four kinds of computer security breaches,计算机专业英语,10-3,Requirements:,1.Principle of easiest penetration,2.The kinds of computer secur
2、ity breaches,3.What is firewall,4.了解科技论文标题的写法,计算机专业英语,10-4,New Words&Expressions:breach 破坏,缺口 involve 包含,涉及,也可不译depositor 寄托者vulnerability 弱点,攻击perimeter 周围,周边 penetrate vt.攻破,攻击Exposure 曝光,揭露threat n.威胁,恐吓asset 资产interruption 中断,打断interception 截取modification 修改fabricate v.伪造tamper v.篡改spurious adj.
3、假的,10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches,Abbreviations:,计算机专业英语,10-5,10.1.1 入侵计算机的特点Principle of Easiest Penetration.An intruder must be expected to use any available means of penetration.This will not necessarily be the most obvious means,nor will it necessarily
4、be the one against which the most solid defense has been installed.最容易攻破原理。入侵者必定要使用一种可以攻破的方法,这种方法既不可能是最常用的,也不可能是针对已经采取了最可靠的防范措施的方法。This principle says that computer security specialists must consider all possible means of penetration,because strengthening one may just make another means more appeali
5、ng to intruders.We now consider what these means of penetration are.这一原理说明计算机安全专家必须考虑所有可能的攻击方法。由于你加强了某一方面,入侵者可能会想出另外的对付方法。我们现在就说明这些攻击的方法是什么。,10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches,计算机专业英语,10-6,10.1 Characteristics of Computer Intrusion and Kinds of Security Breache
6、s,10.1.2 KINDS OF SECURITY BREACHESIn security,an exposure is a form of possible loss or harm in a computing system;examples of exposures are unauthorized disclosure of data,modification of data,or denial of legitimate access to computing.A vulnerability is a weakness in the security system that mig
7、ht be exploited to cause loss or harm.在计算机系统中,暴露是一种使安全完全丧失或受到伤害的一种形式;暴露的例子是非授权的数据公开、数据修改或拒绝合法的访问计算机。脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害。,计算机专业英语,10-7,10.1.2 KINDS OF SECURITY BREACHESA human who exploits a vulnerability perpetrates an attack on the system.Threats to computing systems are circumstances that
8、 have the potential to cause loss or harm;human attacks are examples of threats,as are natural disasters,inadvertent human errors,and internal hardware or software flaws.Finally,a control is a protective measure-an action,a device,a procedure,or a technique-that reduces a vulnerability.人可利用脆弱性对系统进行罪
9、恶的攻击。对计算机系统的威胁是引起安全丧失或伤害的环境;人们的攻击是威胁的例子,如自然灾害,人们非故意错误和硬件或软件缺陷等。最后,控制是一种保护性措施控制可以是一种动作,一个设备,一个过程或一种技术减少了脆弱性。,10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches,计算机专业英语,10-8,10.1.2 KINDS OF SECURITY BREACHES The major assets of computing systems are hardware,software,and data.Th
10、ere are four kinds of threats to the security of a computing system:interruption,interception,modification,and fabrication.The four threats all exploit vulnerabilities of the assets in computing systems.These four threats are shown in Fig.10-1.计算机系统的主要资源是硬件、软件和数据。有四种对计算机安全的威胁:中断,截取,篡改和伪造。这四种威胁都利用了计算
11、机系统资源的脆弱性,图10-1表示这四种威胁。,10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches,计算机专业英语,10-9,Fig.10-1 Four classes of System Security Failures,计算机专业英语,10-10,10.1.2 KINDS OF SECURITY BREACHESIn an interruption,an asset of the system becomes lost or unavailable or unusable.An example
12、 is malicious destruction of a hardware device,erasure of a program or data file,or failure of an operating system file manager so that it cannot find a particular disk file.(1)在中断情况下,系统资源开始丢失,不可用或不能用。例如,蓄意破坏硬件设备,抹除程序或数据文件或造成操作系统的文件管理程序故障,以致不能找到某一磁盘文件。,10.1 Characteristics of Computer Intrusion and
13、Kinds of Security Breaches,计算机专业英语,10-11,10.1.2 KINDS OF SECURITY BREACHES(2)An interception means that some unauthorized party has gained access to an asset.The outside party can be a person,a program,or a computing system.Examples of this type of failure are illicit copying of program or data file
14、s,or wiretapping to obtain data in a network.While a loss may be discovered fairly quickly,a silent interceptor may leave no traces by which the interception can be readily detected.(2)截取是指某一非特许用户掌握了访问资源的权利。外界用户可以是一个人、一个程序或一个计算机系统。这种威胁的例子如程序或数据文件的非法拷贝,或私自接线入网去获取数据。数据丢失可能会很快被发现,但很可能截取者并不留下任何容易检测的痕迹。,
15、10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches,计算机专业英语,10-12,10.1.2 KINDS OF SECURITY BREACHES(3)If an unauthorized party not only accesses but tampers with an asset,the failure becomes a modification.For example,someone might modify the values in a database,alter a progra
16、m so that it performs an additional computation,or modify data being transmitted electronically.It is even possible for hardware to be modified.Some cases of modification can be detected with simple measures,while other more subtle changes may be almost impossible to detect.(3)如果非授权用户不仅可以访问计算机资源,而且可
17、以篡改资源,则威胁就成为修改了。例如,某人可以修改数据库中的值,更换一个程序,以便完成另外的计算,或修改正在传送的数据,甚至还可能修改硬件。某些情况下可以用简单的测量手段检测出所做的修改,但某些微妙的修改是不可能检测出来的。,10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches,计算机专业英语,10-13,10.1.2 KINDS OF SECURITY BREACHES(4)Finally,an unauthorized party might fabricate counterfeit objec
18、ts for a computing system.The intruder may wish to add spurious transactions to a network communication system.or add records to an existing data base.Sometimes these additions can be detected as forgeries,but if skillfully done,they are virtually indistinguishable from the real thing.(4)最后,非授权用户可以伪
19、造计算机系统的一些对象。入侵者妄图向网络通信系统加入一个假的事务处理业务,或向现有的数据库加入记录。有时,这些增加的数据可以作为伪造品检测出来,但如果做得很巧妙,这些数据实际上无法与真正的数据分开。,10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches,计算机专业英语,10-14,10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches,10.1.2 KINDS OF SECURITY BREACHESThese
20、 four classes of interference with computer activity-interruption,interception,modification,and fabrication-can describe the kinds of exposures possible2.这四种对计算机工作的干扰中断,截取,修改或伪造表明了可能出现的几种威胁类型。,计算机专业英语,10-15,New Words&Expressions:cryptography n.密码学encryption 加密 cipher n.密码(钥),加密程序decrypt v.解密transit
21、通行(过),运输plaintext n.明文cyphertext n.密文scheme n.计划,方案secret-key 秘钥public-key 公钥symmetric adj.对称的data integrity 数据完整性session key 会话密钥crack v.解开,裂开hacker 黑客,计算机窃贼encode v.编码triple-encryption 三重加密built-in 内在(固有)的,state-of-the-art 最新的proliferate v.增生,扩散,10.2 Modern Cryptography-Data Encryption,Abbreviatio
22、ns:DES(Data Encryption System)数据加密系统DCE(Distributed Computing Environment)分布式计算环境,计算机专业英语,10-16,10.2 Modern Cryptography-Data Encryption,If the receiver of the encrypted data wants to read the original data,the receiver must convert it back to the original through a process called decryption.Decrypt
23、ion is the inverse of the encryption process.In order to perform the decryption,the receiver must be in possession of a special piece of data called the key.如果接收到加密数据的人要看原来的数据,就必须把数据转换为原来的形式,这个过程称为解密。解密是加密过程的逆过程。为了进行解密,接收者必须有称为密钥的特殊数据。The two main competing cryptography schemes are known as the secr
24、et-key(symmetric)system and the public-key(asymmetric)system.The secret-key system uses a single,wholly secret sequence both to encrypt and to decrypt messages.The public-key system uses a pair of mathematically related sequences,one each for encryption and decryption 1.现在有两种主要的、相互竞争的密码术:秘钥(对称)和公钥(不
25、对称)系统。秘钥系统采用单一的绝密序列,对报文进行加密和解密。公钥系统采用一对数学上相关的序列,一个用于加密,另一个用于解密。,计算机专业英语,10-17,10.2 Modern Cryptography-Data Encryption,Secret-key encryptionOne of the most popular secret-key encryption schemes is IBMs Data Encryption System(DES),which became the U.S.federal standard in 1997.the standard form uses a
26、 56-bit key to encrypt 64-bit data blocks.The following is a notation for relating plaintext,ciphertext,and keys.We will use C=E k(P)to mean that the encryption of the plaintext P using key k gives the ciphertext C.similarly,P=D k(C)represents of decryption of C to get the plaintext again.It then fo
27、llows that D k(E k(P)=P密钥加密IBM的数据加密系统(DES)是最流行的密钥加密方案之一。1977年,该方案成为美国联邦标准。该标准形式采用56位的密钥对64位的数据块进行加密。下面是有关明文、密文和密钥关系的表示法。我们用C=E k(P)表示用密钥K对明文P加密,得到密文C。类似的,P=D k(C)代表对C解密得到明文。因而遵循:D k(E k(P)=P,计算机专业英语,10-18,10.2 Modern Cryptography-Data Encryption,DES has been studied by many of the worlds leading cry
28、ptographers,but no weaknesses have been uncovered.To crack a DES-encrypted message a hacker or commercial spy would need to try 255 possible keys.This type of search would need days of computer time on the worlds fastest supercomputers.Even then,the message may not be cracked if the plaintext is not
29、 easily understood 2.为了打开一个DES加密的报文,黑客或商业间谍需要试验255种可能的密钥,这种搜索在世界上最快的巨型机上也需好几天的计算机时间。如果未加密的“明文”是不易理解的,即使算出报文也可能解不开。,计算机专业英语,10-19,10.2 Modern Cryptography-Data Encryption,Developers using DES can improve security by changing the keys frequently,using temporary session keys,or using triple-encryption
30、DES.With triple DES,each 64-bit block is encrypted under three different DES keys.Recent research has confirmed that triple-DES is indeed more secure than single-DES.The User Data Masking Encryption Facility is an export-grade algorithm substituted for DES in several IBM products,such as the Distrib
31、uted Computing Environment(DCE)3.使用DES的开发人员可以通过频繁更改密钥,使用临时的会话密钥或使用三重加密DES来提高安全性。使用三重DES时,每个64位数据块用三种不同的DES密钥加密。最新研究已确认三重DES确实比单重DES更安全。,计算机专业英语,10-20,10.2 Modern Cryptography-Data Encryption,Public-key encryptionThe key distribution problem has always been the weak link in the secret-key systems.Sin
32、ce the encryption key and decryption key are the same(or easily derived from one another)and the key has to be distributed to all users of the system,it seemd as if there was an inherent built-in problem:keys had to be protected from theft,but they also had to be distributed,so they could not just b
33、e locked up in a bank vault.公钥加密密钥的分布问题在秘钥系统中一直是一个薄弱环节。因为加密密钥和解密密钥是相同的(或彼此容易推出来)并且这个密钥必须分配给该秘钥系统的所有用户,这好像是存在一个固有的内部问题,必须保护密钥不被偷窃,但又必须分布出去,所以它们不可能只是锁在银行的地下室里。,计算机专业英语,10-21,10.2 Modern Cryptography-Data Encryption,Encryption can be used to protect data in transit as well as data in storage.Some vendo
34、rs provide hardware encryption devices that can be used to encrypt and decrypt data.There are also software encryption packages which are available either commercially or as free software.加密可以用来保护传输中的数据和存储器中的数据。一些厂家提供硬件加密设备,用来加密和解密数据。也可买到软件加密程序包或作为自由软件免费获得。Encryption can be defined as the process of
35、 tasking information that exists in some readable form(plaintext)and converting it into a form(ciphertext)so that it cannot be understood by others.加密可以定义为把现有的、以某种可读形式(明文)的信息转换成其他人不能理解的形式(密文)的过程。,计算机专业英语,10-22,10.2 Modern Cryptography-Data Encryption,In public key cryptosystem,the encryption and dec
36、ryption keys were different,and plaintext encrypted with the public key can only be deciphered with the private key from the same pair.Conversely,plaintext encrypted with the private key can be decrypted only with the public key4(it is used in electronic signatures).The notations for these are as fo
37、llows.C=E k(P),P=D k1(C)=D k1(E k(P)orC=D k1(P),P=E k(C)=E k(D k1(P)在公钥秘钥系统中,加密和解密密钥是不同的。并且用公开密钥加密的明文只能用同一对密钥中的秘密密钥解密。相反,用私有密钥加密的明文只能用公开密钥解密(它用于电子签名)。这些关系的表示法如下:(见上式)Here k is a public key and k1 is private key(or secret key).Users can make their public keys freely available or place them at a key d
38、istribution center for others to access.However,the private key must be kept safe.In public-key systems there is no need to find a safe channel for communicating a shared secret key.这里K是公开密钥,K1是私有密钥(或秘密密钥)。用户可以让他们的公开密钥自由地使用,或把它们放在密钥分配中心供其他人存取。然而,私有密钥必须安全的保存。在公开密钥系统,无需找一条传送共享的私有密钥的安全通道。,计算机专业英语,10-23
39、,10.3 How Firewalls Work,New Words&Expressions firewall n.防火墙 offensive adj.无理的,攻击性的hacker n.黑客 filter v.过滤,滤过,渗入private 私有的,秘密地 packet n.小包,信息包employee n.职员,雇工telnet n.远程登录traffic n.流量 proxy n.代理retrieve v,检索match n.比较,匹配,符合customizable 可定制的 block n.妨碍,阻碍port n.端口 bug n.故障,(程序)错误unsolicited adj.主动提
40、供的 junk n.垃圾,无用数据spam n.垃圾邮件 counter v.还击,驳回session n.会话 inundate v.淹没macro 计宏指令,宏功能 viruse n.病毒,计算机专业英语,10-24,10.3 How Firewalls Work,Abbreviations HTTP(Hypertext Transfer Protocol)超文本传输协议FTP(File Transfer Protocol)文件传输协议SMTP(Simple Mail Transfer Protocol)简单邮件传送协议ICMP(Internet Control Message Proto
41、col)网际控制报文协议 A small home network has many of the same security issues that a large corporate network does.You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.一个小型家庭网有着与大公司的网络相同的安全问题。防火墙可以保护你的家庭网和家庭免遭恶意网站和潜在黑客的攻击。,计算机专业英语,10-25,10.3 How Firew
42、alls Work,Basically,a firewall is a barrier to keep destructive forces away from your property.In fact,thats why its called a firewall.Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.实质上,防火墙就是一个屏障,保护私有财产不受破坏。事实上,这就是它被称为防火墙的原因。它的作用类似于一堵防止火灾从一处蔓延到另一
43、处的实实在在的防火墙。What it does A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system.If an incoming packet of information is flagged by the filters,it is not allowed through.防火墙做什么 一个防火墙就是一个程序或者一台硬件
44、设备,用于过滤通过Internet连接进入你的专用网或计算机系统中的信息。如果一个输入的信息包被过滤器做了标记,它就不允许通过。,计算机专业英语,10-26,10.3 How Firewalls Work,Firewalls use one or more of three methods to control traffic flowing in and out of the network:(1)Packet filtering:Packets(small chunks of data)are analyzed against a set of filters.Packets that m
45、ake it through the filters are sent to the requesting system and all others are discarded.(2)Proxy service:Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.防火墙使用下列三种方法之一或几种来控制进出网络的通信:(1)数据包过滤:数据包(小块数据)由一组过滤器进行分析。能通过过滤器的数据包被发送到发出请求的系统,其它
46、的被丢弃。(2)代理服务:来自Internet的信息通过防火墙进行检索,然后发送到提出请求的系统,反之亦然。,计算机专业英语,10-27,(3)Stateful inspection:A newer method that doesnt examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information.Information traveling from inside the firewall to the o
47、utside is monitored for specific defining characteristics,then incoming information is compared to these characteristics.If the comparison yields a reasonable match,the information is allowed through.Otherwise it is discarded.(3)状态检查:一种更新的方法,并不检查每个数据包的内容,而是将数据包的某个关键部分与一个可信的信息数据库比较。从防火墙内部传输到外部的信息可根据特
48、别规定的特性进行监控,然后将输入信息与这些特性相比较,若生成一个合理的匹配,则信息允许通过,否则就丢弃。,10.3 How Firewalls Work,计算机专业英语,10-28,The level of security you establish will determine how many of these threats can be stopped by your firewall.The highest level of security would be to simply block everything.Obviously that defeats the purpose
49、 of having an Internet connection.But a common rule of thumb3 is to block everything,then begin to select what types of traffic you will allow.You can also restrict traffic that travels through the firewall so that only certain types of information,such as e-mail,can get through.For most of us,it is
50、 probably better to work with the defaults provides by the firewall developer unless there is a specific reason to change it.你所设定的安全级别将决定这些威胁有多少能够被你的防火墙所阻止。最高安全级别就是阻断一切。很显然,这就失去了进行Internet连接的意义。但通常的经验做法是阻断一切,然后,开始选择你将允许什么类型的通信。你还可以限制通过防火墙的通信,以便只有几种信息通过,如电子邮件。对我们大多数人来说,除非有特殊的理由要改变它,否则最好在防火墙开发商提供的默认条件
