Computer English,Chapter 10 Network Security,Key points: useful terms and definitions of network security Difficult points: distinguish between several kinds of network security breaches,Requirements:,Principle of easiest penetration The kinds of computer security breaches What is firewall 了解科技论文标题的写法,10.1 Secure Networks and Policies,What is a secure network? Can an Internet be made secure? Although the concept of a secure network is appealing to most users, networks cannot be classified simply as secure or not secure because the term is not absoluteeach group defines the level of access that is permitted or denied. 怎样才算得上一个安全的网络呢？怎样才能使一个网络变得更安全呢？尽管安全网络的概念对大多数用户都很有吸引力，但是网络并不能简单地划分为安全的或是不安全的，因为安全本身不是绝对的，每个团体对拒绝或允许访问定义了不同的等级。,10.1 Secure Networks and Policies,For example, some organizations store data that is valuable. Such organizations define a secure network to be a system prevents outsiders from accessing the organizations computers. Other organizations need to make information available to outsiders, but prohibit outsiders from changing the data. Such organizations may define a secure network as one that allows arbitrary access to data, but includes mechanisms that prevent unauthorized changes. 比如，有些单位的数据是很有保密价值的，他们就把网络安全定义为外界不能访问其计算机；有些单位需要向外界提供信息，但禁止外界修改这些信息，他们就把网络安全定义为数据可以被外界任意访问，但不允许未经授权的修改。,10.1 Secure Networks and Policies,Still other groups focus on keeping communication private; they define a secure network as one in which no one other than the intended recipient can intercept and read a message. Finally, many large organizations need a complex definition of security that allows access to selected data or services the organization chooses to make public, while preventing access or modification of sensitive data and services that are kept private. 有些单位注重通信的隐秘性，他们就把网络安全定义为信息不可被他人截获或阅读；有些大的组织对安全的定义会更复杂，他们允许外界访问一些公开的数据和服务，同时有些敏感的数据和服务对外界保密，不允许访问或修改。,10.1 Secure Networks and Policies,Because no absolute definition of secure network exists, the first step an organization must take to achieve a secure system is to define the organizations security policy. The policy does not specify how to achieve protection. Instead, it states clearly and unambiguously the items that are to be protected. 正因为安全网络不存在一个绝对的定义，任何组织实现安全系统的第一步就是要制定一个合理的安全策略。该策略不是去限定具体的技术实现，而是要清晰地阐明需要保护的各项条目。,10.1 Secure Networks and Policies,Devising a network security policy can be complex because a rational policy requires an organization to assess the value of information. The policy must apply to information stored in computers as well as to information traversing a network. 由于制定合理的网络安全策略需要正确评估系统信息的价值，网络安全策略的制定并不是一件容易的事。(为了对数据进行有效的保护，)网络安全策略必须能够覆盖数据在计算机网络系统中存储、传输和处理等各个环节。,10.2 Aspects of Security,Defining a security policy is also complicated because each organization must decide which aspects of protection are most important, and often must compromise between security and ease of use. For example, an organization can consider: 制定安全策略的复杂性还体现在必须决定哪个指标是最重要的，往往必须在安全性和实用性之间采取一个折衷的方案，例如，可以考虑：,10.2 Aspects of Security, Data Integrity. Integrity refers to protection from change: is the data that arrives at a receiver exactly the same as the data that was sent? 数据完整性，即保护数据不被改变，也就是数据在发送前和到达后是否完全一样。 Data Availability. Availability refers to protection against disruption of service: does data remain accessible for legitimate uses? 数据可用性，即在系统故障的情况下数据是否会丢失。 Data Confidentiality and Privacy. Confidentiality and privacy refer to protection against snooping or wiretapping: is data protected against unauthorized access? 数据保密性，即数据是否会被非法窃取，也就是防止发生未经认可的访问。,10.3 Responsibility and Control,Many organizations discover that they cannot design a security policy because the organization has not specified how responsibility for information is assigned or controlled. The issue has several aspects to consider: 许多组织发现他们无法设计一个安全策略，因为他们还没有明确信息控制的职责。这个问题通常可以从两方面来考虑：,10.3 Responsibility and Control,Accountability. Accountability refers to how an audit trail is kept: which group is responsible for each item of data? How does the group keep records of access and change? 帐户。考虑如何规定系统各用户对系统各项信息的访问权限，如何监督用户活动、记录用户活动情况等。 Authorization. Authorization refers to responsibility for each item of information and how such responsibility is delegated to other: who is responsible for where information resides and how does a responsible person approve access and change? 授权。对系统内每条信息，考虑如何规定各用户对它的操作权限，如只读、读写以及用户之间的权限转让等。,10.3 Responsibility and Control,The critical issue underlying both accountability and authorization is control an organization must control access to information analogous to the way the organization controls access to physical resources such as offices, equipment, and supplies. 不管是帐户管理还是授权管理，关键问题是安全责任控制一个组织必须像管理有形资产如办公楼、机器设备一样对信息进行管理。,New Words & Expressions： archive vt. 存档；n. 档案文件 incur v. 招致 liability n. 责任，义务 focus on v. 集中 result from v. 由产生 data integrity 数据完整性 data availability 数据有效性 data confidentiality 数据机密性 accountability n. 责任，可计算性 audit trail