互聯(lián)網(wǎng)安全外文翻譯

1、<p><b>　　專業(yè)外文翻譯</b></p><p>　　二〇一二年五月二十日</p><p>　題 目Internet Security</p><p>　系 （院）計(jì)算機(jī)科學(xué)技術(shù)系</p><p>　專 業(yè)通信工程</p><p>　班 級(jí)2008級(jí)2班<

2、;/p><p>　學(xué)生姓名李華山</p><p>　學(xué) 號(hào)2008110311</p><p>　指導(dǎo)教師陳瑞斌</p><p>　職 稱講師</p><p>　　Internet Security</p><p>　　An intruder with the right backgro

3、und and malicious intent has many ways to infiltrate internal company systems and network devices through the Internet connection. Once inside, the hacker has free reign to destroy, change, or steal data and these action

4、s because various sorts of network havoc. The most popular use of the Internet, e-mail, is also insecure. The same hacker with a protocol analyzer and access to routers and other network devices can intercept or change m

5、essages. Threats like thes</p><p>　　The network security market is quickly responding to the threats by applying authentication and encryption technologies to the Internet and by developing new products. The

6、se products come at a time where methods of attacking user networks are more elaborate and vendors are improving their products to keep up with the increased threats. “Users need these tools [because they realize] they c

7、an’t use traditional monitoring tools to stop increasingly sophisticated attacks,” says Jim Hurley, an analys</p><p>　　Types of Internet Security Protection</p><p>　　1. Security Policy</p>

8、<p>　　Internet connections will never be 100 percent secure. Rather than aiming for total security, an organization has to assess the value of the information it is trying to protect and balance that against the l

9、ikelihood of a security violation and the cost of implementing various security measures. A company’s first line-of-defense should be either to devise or to revise its security policy for the organization that takes Inte

10、rnet connections into account. This policy should define in detail which </p><p>　　Part of the process will require evaluating the cost to the company of different types of security violations. Corporations

11、will want to involve people at the highest levels of the organization in this process. Hiring a computer security consultant may be of some help. Once a companywide policy is implemented, the company then should start ev

12、aluating the use of firewalls, encryption, and authentication.</p><p>　　2. Firewall</p><p>　　A firewall is a barrier between two networks, an internal network (trusted network) and an external n

13、etwork (untrusted network). Here the external network is the Internet. Firewalls examine incoming and outgoing packets and according to a set of rules defined by the administrator, either let them through or block them o

14、ut. Firewalls are not an Internet security remedy, but they are essential to the strategy.</p><p>　　Different kinds of firewalls function differently. They scrutinize, examine, and control the network traffi

15、c in numerous ways depending on their software architecture. Below are firewalls that work in different ways.</p><p>　　1）Packet Filtering Firewall Technique</p><p>　　Many routers use a firewall

16、technique called packet filtering, which examines the source and destination addresses and ports of incoming TCP and UDP packets, denying or allowing packets to enter based on a set of predefined rules set by the adminis

17、trator. Packet filters are inexpensive, transparent to users, and have a negligible impact on network performance. Configuring packet filtering is a relatively complex process, requiring a precise knowledge of network, t

18、ransport, and even application p</p><p>　　A problem with packet filters is that they are susceptible to“IP spoofing”, a trick that hackers use to gain access to a corporate network. Intruders fool the firewa

19、ll by changing Internet Protocol addresses in packet headers to ones that are acceptable.</p><p>　　2）The Application-Gateway Firewall </p><p>　　A more sophisticated and secure type of firewall i

20、s an application gateway, which is generally considered more secure than packet filters. Application gateways are programs written for specific Internet services such as HTTP, FTP, and telnet; applications that run on a

21、server with two network connections, acting as a server to the application client and as a client to the application server.</p><p>　　Application gateways evaluate network packets for valid specific data mak

22、ing the proxies more secure than packet filtering. Most application-gateway firewalls also have a feature called network address translation that prevents internal IP addresses from appearing to users outside the trusted

23、 network.</p><p>　　There are two primary disadvantages to application gateways. The first disadvantage is a performance decline caused by the proxy function’s double processing. Another is the lag time for t

24、he firewall vendor to supply an application proxy for a newly introduced Internet service, such as Real Audio.</p><p>　　3）SOCKS firewall</p><p>　　Another type of application-proxy firewall is th

25、e SOCKS firewall. Where normal application-proxy firewalls do not require modifications to network clients, SOCKS firewalls require specially modified network clients. This means users have to modify every system on thei

26、r internal network that needs to communicate with the external network. On a Windows or OS/2 system, this can be as easy as swapping a few DLLs.</p><p>　　In cases where performance is concerned, organization

27、s using application gateways should not be worried with a 10-Mbps Ethernet or 100-Mbps Fast Ethernet connection. If companies use application proxies within their network, they can consider fast hardware-based solutions

28、such as Cisco’s PIX Firewall or Seattle Software’s Firebox. The company may also consider installing firewall software on a system with multiple processors.</p><p>　　Major firewall vendors have incorporated

29、additional security technologies into their firewall products and partnered with other security vendors to offer complete Internet security solutions. These additional features will be discussed subsequently in this arti

30、cle and include encryption, authentication and protection from malicious Java and ActiveX downloads.</p><p>　　3. Authentication</p><p>　　Firewalls do their authentication using IP addresses, whi

31、ch can be faked. If a company wants to give certain users access over the Internet to sensitive internal files and data, they will want to make sure to authenticate each user. Authentication simply describes the numerous

32、 methods that positively identify a user. Passwords are the most common method of authentication used today, but employees are notorious for making poor password choices that can be guessed by an experienced hacker. In a

33、ddi</p><p>　　Tokens are small, credit card or calculator-size devices that the remote user can carry around. Smart cards used for authentication are similar to tokens, except they need a reader to process th

34、e authentication request. Both use a challenge response scheme. W hen the user attempts to connect, an authentication server on the network issues a challenge, which the user keys into the token device. The device displa

35、ys the appropriate response, which the remote user then sends to the server. Many of t</p><p>　　4. Encryption</p><p>　　As offices and organizations connect to the Internet, many will consider th

36、e Internet infrastructure an inexpensive way for wide-area and remote connections. In addition to companies, Internet commerce vendors need to protect credit card and order transactions being transferred through the Inte

37、rnet. To use the Internet for these purposes, companies have to protect their information and customers with encryption. Encryption is the process of using an encryption algorithm to translate plain text i</p><

38、;p>　　1）The Encryption Process</p><p>　　A pre-hash code is derived mathematically from the message to be sent. The pre-hash code is encrypted using the sender’s private key. The encrypted pre-hash code and

39、 the message are encrypted using the secret key. The sender encrypts the secret key with the recipient’s public key, so only the recipient can decrypt it with his/her private key.</p><p>　　2）The Decryption P

40、rocess</p><p>　　The decryption process essentially is the encryption process in reverse. The recipient uses his/her private key to decrypt the secret key. The recipient then uses the secret key to decrypt th

41、e encrypted message and pre hash code.</p><p>　　5. Virtual private network</p><p>　　Virtual private networking (VPN) is the term used to describe remote access over the Internet, as well as use

42、of the Internet infrastructure for connecting two offices of an organization or even two different organizations. Basically, a VPN is an encrypted connection between private networks over a public network. With remote ac

43、cess, the remote user calls the local ISP, and then connects to the central network over the Internet. </p><p>　　Two industry standards have recently become interoperable to make remote access

44、 and connections over virtual private networks a viable strategy: Ascends’ and Microsoft’s Point-to-Point Tunneling protocol and Cisco’s Layer Two Forwarding (L2F), now combined by the IETF to form the Layer Two Tunnelin

45、g Protocol (L2TP). This standard essentially allows the authentication and authorization process to be forwarded from the ISP to a server located elsewhere on the Internet; a corporate central office f</p><p&g

46、t;　　6. Analyzing Other Security Threats: Java and ActiveX</p><p>　　Even after one has done all possible to block unauthorized users from accessing a network, there is still the danger of viruses, which can e

47、nter through e-mail attachments, and malicious Java and ActiveX applications that come into a network as users browse the Net. </p><p>　　When dealing with hostile Java and ActiveX applets, Finjan Software of

48、fers SurfinShield X tra for desktop users as well as Surfin Gate for servers. These unique packages actually maintain a database of known Java and ActiveX problems and monitor incoming and existing applets. Both products

49、 block only applets that misbehave, letting all others through.</p><p>　　1）Solutions to 6 Common Threats to Security</p><p>　　Here are six common Internet security problems and their solutions c

50、ited in PC Magazine, 1997. Reprinted by permission December 1998</p><p>　　2）Interception of e-mail</p><p>　　Encrypt e-mail using desktop or server encryption hardware or software. Use digital si

51、gnatures and certificates to authenticate senders and verify that e-mail has not been tampered with.</p><p>　　3）Theft or alteration of corporate information</p><p>　　Use the same procedures as f

52、or intrusion. Also use encryption hardware or software to encrypt traffic flowing from office to office across the Internet.</p><p>　　4）Macro viruses from e-mail attachments</p><p>　　Install an

53、e-mail anti-virus gateway to filter incoming email messages.</p><p>　　5）Corporate network intrusion</p><p>　　Protect the perimeter with firewalls. If you want remote users to access sensitive in

54、ternal data, set up an authentication server on the network and equip remote users with authentication tokens or smart cards.</p><p>　　6）Disruption of network devices and services</p><p>　　Prote

55、ct the perimeter with firewalls. Set up an authentication server on the network and equip remote users with authentication tokens or smart cards.</p><p>　　7）Misbehaved Java and ActiveX applets</p><

56、;p>　　Configure firewalls to block Java and ActiveX applets, or install a Java and ActiveX gateway to filter out bad applets.</p><p>　　Internet Security Products</p><p>　　Security Auditing<

57、/p><p>　　SAFEsuite Internet Scanner for Windows NT</p><p>　　SA FEsuite is designed to test security implementation for protection against inside and outside attacks, Internet Security Systems’ SA F

58、Esuite Internet Scanner for Windows NT looks for hundreds of vulnerabilities, provides a list of possible holes and suggests corrective actions.</p><p>　　SA FEsuite has three components: the Intranet Scanner

59、, Firewall Scanner, and Web Scanner. The program runs on a single PC loaded with Windows NT 3.51 or 4.0 and comes with a license key based on a single range of IP addresses. To scan multiple networks or segments, multipl

60、e licenses are needed.</p><p>　　SA FEsuite’s tests covers known weak spots that internal or external intruders can exploit.</p><p>　　Each of the tests comes with three different settings: light,

61、 medium and heavy scan. The light scan looks at the basic vulnerabilities on your network, such as shared resources without passwords, and requires only a few minutes to run. The medium scan looks for the same holes as t

62、he light scan, plus a few more. For example, in a light scan of FTP, the test looks for just anonymous connections. A medium scan looks for anonymous and trivial FTP connections. The heavy scan looks for all vulnerabili&

63、lt;/p><p>　　After all scans have been run, SA FEsuite creates an HTML based report listing the results by level of importance and even provides you with some ideas of how to correct the problem.</p><

64、p>　　SecurIT from Milkyway Networks Corp</p><p>　　SecurIT, among others, is a product that can identify network holes and, like ISS’s SA FEsuite, provide instructions on how to fix them. The product can sc

65、an all of a network’s devices, including: firewalls, mail servers, UNIX hosts and Windows NT- and Windows 95-based PCs. And SecurIT Audit can check for vulnerabilities on several platforms, including Linux, Solaris, SunO

66、S, Windows NT and Windows 95.</p><p><b>　　Firewalls</b></p><p>　　ON Guard by ON Technology Corp</p><p>　　Protecting a network from hacker tricks is easier with ON Guard,

67、 a hardware/software combination, which makes the usually difficult process of installing firewalls easy. This package is designed for administrators who aren’t security gurus and don’t want to be. ON Guard includes doze

68、ns of services, powerful event logging, and a utility that tests one’s security plan. It is also one of the few firewalls currently on the market that can block both IP and IPX network packets.</p><p>　　ON G

69、uard uses Stateful Multi-Layer Inspection (SMLI) technology, a hybrid of packet- and application-level filtering. Unlike application-level filtering, SMLI does not require separate software to block each new Internet ser

70、vices, such as PointCast and Real Audio. This is advantageous, because one does not have to wait for ON Technology to provide software to block these services. The firewall can already handle them.</p><p>　　

71、Unlike The Wall, with which services are either enabled or disabled, ON Guard allows customization of multiple services. The program disables Web, e-mail and FTP access by default. But these services and others, such as

72、Java, Real Audio, and newsgroups, can be enabled and access rules created for users based on an IP address. Once a service is in the list, administrators can enable or disable access for both inbound and outbound traffic

73、. They can also control access to subservices, such as POP a</p><p><b>　　The Wall</b></p><p>　　The Wall runs on a Windows NT Server and Workstation 4.0 and includes powerful logging

74、capabilities. In addition, its built-in WebNOT utility blocks access to 15,000 unwanted Web sites. The Wall also disables all outside access by default. W hen first installed, no one can access the company’s LAN, unless

75、the administrator enables e-mail, FTP and Web access for remote users.</p><p>　　Unlike ON Guard, which uses SMLI, The Wall is an application- level firewall that uses proxy servers to protect the network fro

76、m the Internet. These firewalls have two network adapters to provide a shield. One connects to your LA N, and the other to a router or other Internet connection.</p><p>　　Server Security</p><p>

77、　　Web Stalker Pro</p><p>　　Web Stalker Pro resides on the web server and protects the data stored from both local users and outside intruders. It does so by letting the company set protection policies. For e

78、xample, it shuts down your web server in case an intruder tries to access protected data.</p><p>　　Web Stalker Pro also has excellent reporting capabilities, but its primary function is detection and respons

79、e. It can’t always prevent people from accessing the data on a web server, but it can alert if they do. For added security, it is advisable to use a firewall in conjunction with Web Stalker.</p><p>　　Web Sta

80、lker Pro runs on Windows NT 3.51 and 4.0 as an NT service and works with Microsoft’s Internet Information Server (IIS) and Netscape Web servers. It relies on Windows NT’s audit trails and event logs to alert it when a ha

81、cker has attempted to access protected data. The audit trails and event logs track everything, but they only show the series of events leading up to an intruder’s entry.</p><p>　　Careers in Internet Security

82、</p><p>　　In short supply and in high demand, systems administrators are prospering. The strong demand for system and security managers has forced salary increases to 15 percent in 1997.</p><p>

83、　　Surveys show that close to 1,600 system and security administrators are responsible for the care of electronic commerce systems, Web servers, enterprise systems and computers used in advanced scientific research.</p

84、><p>　　According to the survey, salaries in New York, Boston, San Francisco and San Jose are the highest, but salaries are increasing all across the US, Canada, Europe, and Asia. Of those Administrators who wer

85、e surveyed, salaries ranged between $50,000 and $59,999 with an average of $57,346. The greatest salary increase was for employees earning $70,000 to $79,999 with an annual average increase of 14 percent.</p><

86、p>　　The highest salaries ($70,846) were those in research companies with fewer than ten employees, followed by systems integrators ($70,230) working at firms with 11 to 100 employees.</p><p>　　Lowest sala

87、ries reported were in education, ranging from $43, 933 to $47,262. Typically a job posting describes the tasks and skills needed to excel in this field as such: Qualifications: BA /BS degree in Information Systems, compu

88、ter science or business related fields. Self-motivated, good communications skills and enthusiasm for pursuing a career in Information Systems.</p><p><b>　　互聯(lián)網(wǎng)安全</b></p><p>　　一個(gè)有著良好背

89、景但懷著惡意意圖的入侵者，有很多方式通過(guò)互聯(lián)網(wǎng)滲透到公司內(nèi)部系統(tǒng)和網(wǎng)絡(luò)設(shè)備。一旦進(jìn)入，黑客可以自由支配破壞、改變或者盜竊數(shù)據(jù)，這種行為導(dǎo)致了多種網(wǎng)絡(luò)毀滅。由于互聯(lián)網(wǎng)的廣泛應(yīng)用，電子郵件也變得不安全。帶有相同的協(xié)議分析儀的黑客和其他網(wǎng)絡(luò)設(shè)備能攔截或者改變信息。面臨威脅，像互聯(lián)網(wǎng)商務(wù)公司這種企業(yè)，希望通過(guò)互聯(lián)網(wǎng)把他們的辦公場(chǎng)所連接在一起組成局域網(wǎng)。</p><p>　　網(wǎng)絡(luò)安全市場(chǎng)很快做出回應(yīng)，發(fā)展了身份驗(yàn)證和加密技

90、術(shù)和新的安全產(chǎn)品。為了應(yīng)對(duì)日益增長(zhǎng)的網(wǎng)絡(luò)攻擊，安全產(chǎn)品的供應(yīng)商正在改善他們的產(chǎn)品，以應(yīng)對(duì)越來(lái)越復(fù)雜的網(wǎng)絡(luò)攻擊。The Aberdeen Group的一位分析師吉姆.哈雷說(shuō)：“使用者需要這些工具（他們已經(jīng)意識(shí)到），他們不能使用傳統(tǒng)的監(jiān)測(cè)工具來(lái)阻止日益增長(zhǎng)的網(wǎng)絡(luò)攻擊。”這篇文章描述了多種類型的網(wǎng)絡(luò)威脅和可以保護(hù)個(gè)人以及公司的解決方案。</p><p><b>　　互聯(lián)網(wǎng)安全保護(hù)類型</b><

91、;/p><p><b>　　1．安全策略</b></p><p>　　互聯(lián)網(wǎng)永遠(yuǎn)不會(huì)是100%安全。一個(gè)組織必須意識(shí)到它要保護(hù)的信息的價(jià)值，平衡安全侵犯事件的可能性和落實(shí)安全措施所花費(fèi)的成本，而不是目標(biāo)只是總體上安全。公司的第一道防線應(yīng)該考慮到互聯(lián)網(wǎng)連接，制定和修改它的安全策略。這項(xiàng)策略應(yīng)該詳細(xì)規(guī)定哪些員工有權(quán)利得到特定服務(wù)。它也應(yīng)該教育員工們意識(shí)到有責(zé)任保護(hù)組織的信息，

92、譬如保護(hù)密碼以及當(dāng)發(fā)生安全侵犯事件時(shí)可以清楚的指明行動(dòng)。這種類型的策略是第一步，向員工們解釋公司對(duì)于濫用互聯(lián)網(wǎng)連接的方針。</p><p>　　這個(gè)進(jìn)程的一部分要求公司估計(jì)應(yīng)對(duì)不同類型的安全侵犯所花費(fèi)的代價(jià)。企業(yè)想網(wǎng)羅這個(gè)進(jìn)程處于該組織最高水平的人才。雇傭一個(gè)電腦安全咨詢或許會(huì)有些幫助。一旦公司的政策被落實(shí)，公司應(yīng)該開(kāi)始考慮使用防火墻，加密算法和身份驗(yàn)證。</p><p><b>

93、;　　2．防火墻</b></p><p>　　防火墻是兩個(gè)網(wǎng)絡(luò)之間的屏障，內(nèi)部網(wǎng)絡(luò)（可信任網(wǎng)絡(luò)）和外部網(wǎng)絡(luò)（不信任網(wǎng)絡(luò)）。這里的外部網(wǎng)絡(luò)是指互聯(lián)網(wǎng)，防火墻根據(jù)一套由管理員制定的規(guī)則，檢查傳入和傳出的數(shù)據(jù)包，要么讓它們通過(guò)，要么阻止他們。防火墻不是互聯(lián)網(wǎng)的補(bǔ)救措施，但它們對(duì)于策略是不可缺少的。</p><p>　　不同的網(wǎng)絡(luò)防火墻的功能有所不同。它們用多種方式監(jiān)測(cè)、檢查和控制網(wǎng)絡(luò)

94、傳輸，這取決于它們的軟件架構(gòu)。下面是幾種以不同方式運(yùn)轉(zhuǎn)的防火墻。</p><p>　　1）包過(guò)濾技術(shù)防火墻</p><p>　　許多路由器使用一種稱為包過(guò)濾技術(shù)的防火墻，這種技術(shù)檢查源地址和目的地址，端口傳入的TCP和UDP數(shù)據(jù)包，拒絕或允許包通過(guò)一組由管理員事先定義好的規(guī)則。包過(guò)濾技術(shù)對(duì)于用戶來(lái)說(shuō)花費(fèi)低廉，透明，對(duì)網(wǎng)絡(luò)性能的影響可以忽略不計(jì)。配置過(guò)濾包是一個(gè)比較復(fù)雜的過(guò)程，需要精通網(wǎng)絡(luò)傳

95、輸?shù)挠嘘P(guān)知識(shí)，甚至應(yīng)用協(xié)議的戰(zhàn)略。</p><p>　　數(shù)據(jù)包過(guò)濾器的一個(gè)問(wèn)題是，它們很容易受到“IP欺騙”，黑客利用這種招術(shù)進(jìn)入企業(yè)的內(nèi)部網(wǎng)絡(luò)。入侵者通過(guò)改變可接受的數(shù)據(jù)包報(bào)頭中的互聯(lián)網(wǎng)協(xié)議地址騙過(guò)防火墻。</p><p>　　2）應(yīng)用層網(wǎng)關(guān)防火墻</p><p>　　一種更復(fù)雜并且更安全的防火墻是應(yīng)用層網(wǎng)關(guān)，通常被認(rèn)為比數(shù)據(jù)包過(guò)濾器更安全。應(yīng)用層網(wǎng)關(guān)防火墻是為像

96、HTTP（超文本傳輸協(xié)議）、FTP（文件傳輸協(xié)議）和Telnet（遠(yuǎn)程登錄）這樣的網(wǎng)絡(luò)服務(wù)而寫(xiě)的程序；應(yīng)用層網(wǎng)關(guān)防火墻在連接兩個(gè)網(wǎng)絡(luò)的服務(wù)器上運(yùn)行，這個(gè)服務(wù)器的作用是一個(gè)應(yīng)用程序客戶端的服務(wù)器，還是應(yīng)用層服務(wù)器的客戶端。</p><p>　　應(yīng)用層網(wǎng)關(guān)防火墻評(píng)估有效地網(wǎng)絡(luò)數(shù)據(jù)包，使代理比數(shù)據(jù)包過(guò)濾器更安全。大多數(shù)應(yīng)用層網(wǎng)關(guān)防火墻都有一種稱之為網(wǎng)絡(luò)地址轉(zhuǎn)換的功能，組織內(nèi)部IP地址出現(xiàn)在外部可信任的網(wǎng)絡(luò)。</p

97、><p>　　應(yīng)用層網(wǎng)關(guān)有兩個(gè)主要缺點(diǎn)：第一個(gè)缺點(diǎn)是由代理功能的雙處理引起的。另一個(gè)缺點(diǎn)時(shí)間的滯后性，防火墻提供商需要時(shí)間研發(fā)對(duì)于一個(gè)新實(shí)行的網(wǎng)絡(luò)服務(wù)的應(yīng)用代理，譬如實(shí)時(shí)音頻。</p><p>　　3）SOCKS防火墻</p><p>　　另一種類型的應(yīng)用程序代理防火墻是SOCKS防火墻。正常的應(yīng)用程序代理防火墻不要求修改網(wǎng)絡(luò)客戶端，而SOCKS防火墻需要修改網(wǎng)絡(luò)客戶端

98、。這意味著必須修改內(nèi)部網(wǎng)絡(luò)的每個(gè)系統(tǒng)，其內(nèi)部網(wǎng)絡(luò)需要與外部網(wǎng)絡(luò)通信。SOCKS代理一般用于使防火墻后面的用戶能夠以有限的、受控的方式連接到Internet服務(wù)器。</p><p>　　在性能方面的情況，如果有10Mbps或者100Mbps以太網(wǎng)連接，組織就不應(yīng)該擔(dān)心使用應(yīng)層網(wǎng)關(guān)，如果公司內(nèi)部使用網(wǎng)絡(luò)應(yīng)用程序代理，他們可以考慮基于硬件的快速解決方案，例如思科公司的PIX Firewall或者西雅圖軟件公司的Fire

99、box。公司可以考慮在有多個(gè)處理器的系統(tǒng)上安裝防火墻軟件。</p><p>　　大多數(shù)防火墻供應(yīng)商已經(jīng)將額外的安全技術(shù)整合到他們的防火墻產(chǎn)品中，并且也與其他安全產(chǎn)品供應(yīng)商合作，提供完整的互聯(lián)網(wǎng)安全解決方案。</p><p><b>　　3．認(rèn)證</b></p><p>　　防火墻使用IP地址來(lái)認(rèn)證，但I(xiàn)P地址可以被偽造。如果公司允許特定用戶訪問(wèn)