Professional English in Computer Field,Chapter Eleven Information Security technologies,内容,正文 Intrusion Detection Systems and Intrusion Response Mechanism An Introduction to Information Security 阅读材料 Introduction to Firewall Internet Security Architecture,1 Intrusion Detection Systems and Intrusion Response Mechanism,1. Introduction 2. Intrusion responses 2.1. Why Automatic Intrusion Response 2.2 The key factor of development of automatic intrusion response system,Key Words,intrusion detection system 入侵检测系统 anomaly n. 异常 intrusion response system 入侵反应系统 orifice n. 漏洞,Notes,There are many solutions for the first problem, such as using new detection algorithms, improvement of old algorithms, fusion of multiple classifiers and extending detection range of systems etc. 第一个问题有很多种解决方案，比如使用新的检测算法、改进已有的算法、融合多种分类器并扩展检测范围等等。 Intrusion responses are a series actions and countermeasures when an intrusion is detected. These actions and measures can prevent further attacks or restore the system to a normal state. 入侵响应是当检测到入侵后采取的一系列的行动和对策，这些行动和对策可以防止进一步的攻击或者恢复系统到正常状态。,2 An Introduction to Information Security,1. Information Security and Cryptographic Systems 1.1 What is Information Security? 1.2 What Services do Cryptographic Systems Provide? 2. Types of Cryptographic Systems 3. Security Services using Public-Key Cryptosystems 3.1 Public-Key Encryption Confidentiality 3.2 Digital Signatures 3.3 Signed Challenges 3.4 Certification Authorities,Key Words,information security 信息安全 confidentiality n. 机密性 concealment n. 隐藏 audit n. 审计 authentication n. 验证 repudiate v. 否认 plaintext n. 明文 ciphertext n. 加密文本 symmetric-key cryptosystem 对称密码体制 public-key cryptosystem 公钥密码体制,Key Words,divulge v. 泄露 hash function 散列函数 message digest 信息摘要 challenge n. 挑战 mutual authentication 双向认证 subtlety n. 微妙之处，精华 certificate n. 证书 Certification Authority 证书颁发机构 revoke v. 撤销 reap v. 获得,Notes,Simply put, information security describes all measures taken to prevent unauthorized use of electronic data - whether this unauthorized use takes the form of disclosure, alteration, substitution, or destruction of the data concerned. 简而言之，信息安全描述了所有用于防止未经授权使用电子数据的方法。无论这个未授权所采用的是公开、修改、替代还是破坏相关数据的形式。 That is, the receiver of a transaction is able to demonstrate to a neutral third party that the claimed sender did indeed send the transaction. 也就是说，事务的接收方能够向中立的第三方证明发送方的确发送了事务。,Notes,“Real-world“ applications are rarely straightforward, so a typical implementation will require that various services provided by a cryptosystem be combined to provide a variety of services simultaneously. 用于实际生活的应用很少是简单的，所以一个典型的实现通常需要密码系统同时提供多种服务。 The essential difference between the use of a public-key cryptosystem for signing and its use for encrypting is that the order in which the keys are used is reversed. 使用公钥加密技术进行签名和加密的根本区别在于使用密钥的顺序是相反的。,Notes,Suppose that Eve is also able to place a public key of her choice into this public directory, claiming that the key belongs to Bob. When Alice now encrypts confidential information and sends it to Bob, Eve intercepts the ciphertext and decrypts the information herself. 假设Eve也可以将自己选的公钥放入这个公共号码簿，并且声明这个密钥是Bob的。 当Alice将经过加密的保密信息发给Bob时, Eve可以截取加密文本并自己解密信息。,Reading Material 1 Introduction to Firewall,Todays Firewall Solution Matrix,Reading Material 1 Introduction to Firewall,Firewall Architecture,Reading Material 2 Internet Security Architecture,1. Introduction 2. IP Security 3. Transport Layer Security 4. Key Management 5. Domain Name System Security Extensions,Exercises,IDS stands for _. _ are a series actions and countermeasures when an intrusion is detected. AIRS stands for _. Current intrusion response systems can be categorized as _, _, or _. Cryptographic systems (or cryptosystems) potentially provide all three objectives of information security: _, _, and _. In a cryptographic system, _ assurance that the parties involved in a real-time transaction are who they say they are. There are two broad classes of cryptosystems, known as _ cryptosystems and _ cryptosystems. In a cryptographic system, certificates are issued by a _, which is a third party trusted by all users.,Questions,Whats intrusion detection system? Briefly describe the two points of the weakness of present IDSs. What are the reasons of developing automatic intrusion response systems? What is the key factor of developing AIRSs? What is information security? Whats the difference between the use of a public-key cryptosystem for signing and its use for encrypting? List some algorithms of Public-Key Cryptosystems. List some algorithms of Symmetric-Key Cryptosystems. Describe the theory of digital signatures.,