英文原文:CHAPTER 8 Security in Computer NetworksWay back in Section 1. 6 we described some of the more prcvalcnt and damaging classes of Internet attacks, including malweire attacks, denial of service, sniffing, source masquerading, and message modification and deletion. Although we have since learned a tremendous amount about computer networks, we still havent examincd how to secure networks from those attacks. Equipped with our newly acquired expertise in computer networking and Internct protocols, wc 11 now study in-depth secure communication and, in particular, how computer networks can be defended from those nasty bad guys.Let us introducc Alice and Bob, two people who want to communicatc and wish to do so usecurely. ” This being a networking text, we should remark that Alice and Bob could be two routers that want to cxchangc routing tables securely, a client and server that want to establish a secure transport conncction, or two e-mail appli- cations that want to exchange secure e-mail all case studies that we will consider later in this chapter. Alice and Bob arc wcllknown fixtures in the sccurity commu- nity, perhaps because their names are more fun than a generic entity named “A” that wants to communicate securely with a generic entity named “B. ” Love affairs, wartime communication, and business transactions are the commonly cited human needs for secure communications; preferring the first to the latter two, wc，re happy to use Alice and Bob as our sender and receiver, and imagine them in this first scenario.We said that Alice and Bob want to comm uni cate and wish to do so u securely ” but what precisely does this mean? As we wi 11 see, security (like 1 ove) is a many- splendored thing; that is, there are many facets to security. Certainly, Alice and Bob would 1 ike for the contents of their communication to remain secret from an eavesdropper. They probably would also like to make sure that when they are communicating, they are indeed communicating with each other, and that if their communication is tampered with by an eavesdropper, that this tampering is detected. Tn the first part of this chapter, we 11 cover the fundamental cryptography techniques that allow for encrypting communication, authenticating the party with whom one is communicating, and ensuring message integrity.Tn the seco nd par t of t his chapter, we 11 examine how the fun dame ntalcrypto- graphy principles can be used to create secure networking protocols. Once again taking a top-down approach, we 11 examine secure protocols in each of the (top four) layers, beg inning with the appl icat i on 1 ayer. We 11 examine how to secure e_ mai 1, how to secure a TCP connection, how to provide blanket security at the net- work layer, and how to secure a wirel ess LAN. Tn the third part of this chapter we 11 consider operatiorml security, which is about protecting organizational networks from attacks. Tn particular, we 11 take a careful look at how firewalIs and intrusion detection systems can enhance the security of an organi/ational network.What Is Network Security?Lets begin our study of network security by returning to our lovers, Alice and Bob, who want to communicate usecurely. ” What precisely does this mean? Certainly, Al ice wants only Bob to be able to understeind a message been altered in transit. They also want to be assured that they can communicate in the first place (i.e. , that no one denies them access to the resources needed to communicate). Given these considerations, we can identify the fol lowing desirable properties of secure communication.that she has sent, even though they are communicating over an insecure medium where an intruder (Trudy, transmitted from Alice to Bob. Bobhe receives from Alice was indeedsure that the person with whom she and Bob al so want to make sure thatthe intruder) may intercept whatever is also wants to be sure that the message sent by Alice, and Al ice wants to make is communicat一 ing is indeed Bob. Alice the contents of their messages have not Confidentiality. Only the sender and intended receiver should be able to under- stand the contents of the transmitted message. Because eavesdroppers may inter- cept the message, this necessarily requires that the message be somehow encrypted so that an intercepted message cannot be understood by an intercep- tor. This aspect of confidentiality is probably the most commonly perceived meaning of the term secure communication. We 11 study cryptographic techniques for encrypting and decrypting data in Section 8.2. Message integrity. Al ice and Bob want to ensure that the content of their com- munication is not altered, either maliciously or by accident, in transit. Extensions to the checksumming techniqties that we encountered in reliable transport and data link protocols can be used to provide such message integri ty. We will study message integrity in Section 8. 3. End-point authentication. Both the sender and re