《《计算机专业英语》电子教案-第10章.ppt》由会员分享,可在线阅读,更多相关《《计算机专业英语》电子教案-第10章.ppt(34页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Computer English Chapter 10 Computer and Network Security1Chapter 10 Computer and Network SecurityKey points:useful terms and definitions of computer securityDifficult points:distinguish between four kinds of computer security breaches2计算机专业英语Chapter 10 Computer and Network SecurityRequirements:1.Pr
2、inciple of easiest penetration 2.The kinds of computer security breaches 3.What is firewall4.了解科技论文标题的写法了解科技论文标题的写法 3计算机专业英语Chapter 10 Computer and Network SecurityNew Words&Expressions:breach breach 破坏,缺口破坏,缺口 involve involve 包含,涉及,也可不译包含,涉及,也可不译depositor depositor 寄托者寄托者vulnerability vulnerability
3、 弱点,攻击弱点,攻击perimeter perimeter 周围,周边周围,周边 penetrate vt.penetrate vt.攻破,攻击攻破,攻击Exposure Exposure 曝光,揭露曝光,揭露threat n.threat n.威胁,恐吓威胁,恐吓asset asset 资产资产interruption interruption 中断,打断中断,打断interception interception 截取截取modification modification 修改修改fabricate v.fabricate v.伪造伪造tamper v.tamper v.篡改篡改spur
4、ious adj.spurious adj.假的假的 10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches Abbreviations:4计算机专业英语Chapter 10 Computer and Network Security 10.1.1 入侵计算机的特点入侵计算机的特点Principle of Easiest Penetration.An intruder must be expected to use any available means of penetration.This will
5、 not necessarily be the most obvious means,nor will it necessarily be the one against which the most solid defense has been installed.最最容容易易攻攻破破原原理理。入入侵侵者者必必定定要要使使用用一一种种可可以以攻攻破破的的方方法法,这这种种方方法法既既不不可能是最常用的,也不可能是针对已经采取了最可靠的防范措施的方法。可能是最常用的,也不可能是针对已经采取了最可靠的防范措施的方法。This principle says that computer securi
6、ty specialists must consider all possible means of penetration,because strengthening one may just make another means more appealing to intruders.We now consider what these means of penetration are.这这一一原原理理说说明明计计算算机机安安全全专专家家必必须须考考虑虑所所有有可可能能的的攻攻击击方方法法。由由于于你你加加强强了了某某一一方方面面,入入侵侵者者可可能能会会想想出出另另外外的的对对付付方方法
7、法。我我们们现现在在就就说说明明这这些些攻攻击的方法是什么。击的方法是什么。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches5计算机专业英语Chapter 10 Computer and Network Security10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches10.1.2 KINDS OF SECURITY BREACHESIn security,an exposure is a form o
8、f possible loss or harm in a computing system;examples of exposures are unauthorized disclosure of data,modification of data,or denial of legitimate access to computing.A vulnerability is a weakness in the security system that might be exploited to cause loss or harm.在在计计算算机机系系统统中中,暴暴露露是是一一种种使使安安全全完
9、完全全丧丧失失或或受受到到伤伤害害的的一一种种形形式式;暴暴露露的的例例子子是是非非授授权权的的数数据据公公开开、数数据据修修改改或或拒拒绝绝合合法法的的访访问问计计算算机机。脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害。脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害。6计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHESA human who exploits a vulnerability perpetrates an attack on the system.
10、Threats to computing systems are circumstances that have the potential to cause loss or harm;human attacks are examples of threats,as are natural disasters,inadvertent human errors,and internal hardware or software flaws.Finally,a control is a protective measure-an action,a device,a procedure,or a t
11、echnique-that reduces a vulnerability.人人可可利利用用脆脆弱弱性性对对系系统统进进行行罪罪恶恶的的攻攻击击。对对计计算算机机系系统统的的威威胁胁是是引引起起安安全全丧丧失失或或伤伤害害的的环环境境;人人们们的的攻攻击击是是威威胁胁的的例例子子,如如自自然然灾灾害害,人人们们非非故故意意错错误误和和硬硬件件或或软软件件缺缺陷陷等等。最最后后,控控制制是是一一种种保保护护性性措措施施控控制制可以是一种动作,一个设备,一个过程或一种技术可以是一种动作,一个设备,一个过程或一种技术减少了脆弱性。减少了脆弱性。10.1 Characteristics of Comp
12、uter Intrusion and Kinds of Security Breaches7计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHES The major assets of computing systems are hardware,software,and data.There are four kinds of threats to the security of a computing system:interruption,interception,modifica
13、tion,and fabrication.The four threats all exploit vulnerabilities of the assets in computing systems.These four threats are shown in Fig.10-1.计计算算机机系系统统的的主主要要资资源源是是硬硬件件、软软件件和和数数据据。有有四四种种对对计计算算机机安安全全的的威威胁胁:中中断断,截截取取,篡篡改改和和伪伪造造。这这四四种种威威胁胁都都利利用用了了计计算算机系统资源的脆弱性,图机系统资源的脆弱性,图10-110-1表示这四种威胁。表示这四种威胁。10.1 C
14、haracteristics of Computer Intrusion and Kinds of Security Breaches8计算机专业英语Chapter 10 Computer and Network SecurityFig.10-1 Four classes of System Security FailuresFour classes of System Security Failures9计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHES(1)In an interr
15、uption,an asset of the system becomes lost or unavailable or unusable.An example is malicious destruction of a hardware device,erasure of a program or data file,or failure of an operating system file manager so that it cannot find a particular disk file.(2)(2)(1)(1)在在中中断断情情况况下下,系系统统资资源源开开始始丢丢失失,不不可可
16、用用或或不不能能用用。例例如如,蓄蓄意意破破坏坏硬硬件件设设备备,抹抹除除程程序序或或数数据据文文件件或或造造成成操操作作系统的文件管理程序故障,以致不能找到某一磁盘文件。系统的文件管理程序故障,以致不能找到某一磁盘文件。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches10计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHES(2)An interception means that some
17、 unauthorized party has gained access to an asset.The outside party can be a person,a program,or a computing system.Examples of this type of failure are illicit copying of program or data files,or wiretapping to obtain data in a network.While a loss may be discovered fairly quickly,a silent intercep
18、tor may leave no traces by which the interception can be readily detected.(2)(2)截截取取是是指指某某一一非非特特许许用用户户掌掌握握了了访访问问资资源源的的权权利利。外外界界用用户户可可以以是是一一个个人人、一一个个程程序序或或一一个个计计算算机机系系统统。这这种种威威胁胁的的例例子子如如程程序序或或数数据据文文件件的的非非法法拷拷贝贝,或或私私自自接接线线入入网网去去获获取取数数据据。数数据据丢丢失失可可能能会会很很快快被被发发现现,但很可能截取者并不留下任何容易检测的痕迹但很可能截取者并不留下任何容易检测的痕迹
19、。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches11计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHES(3)If an unauthorized party not only accesses but tampers with an asset,the failure becomes a modification.For example,someone might modify the
20、values in a database,alter a program so that it performs an additional computation,or modify data being transmitted electronically.It is even possible for hardware to be modified.Some cases of modification can be detected with simple measures,while other more subtle changes may be almost impossible
21、to detect.(3)(3)如果非授权用户不仅可以访问计算机资源,而且可以篡改资源,则威如果非授权用户不仅可以访问计算机资源,而且可以篡改资源,则威胁就成为胁就成为修改修改了。例如,某人可以修改数据库中的值,了。例如,某人可以修改数据库中的值,更换一个程序,更换一个程序,以便完成另外的计算,或修改正在传送的数据,以便完成另外的计算,或修改正在传送的数据,甚至还甚至还 可能修改硬件。可能修改硬件。某些情况下可以用简单的测量手段检测某些情况下可以用简单的测量手段检测出所做的修改,但某些微妙的出所做的修改,但某些微妙的修改是不可能检测出来的。修改是不可能检测出来的。10.1 Characteri
22、stics of Computer Intrusion and Kinds of Security Breaches12计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHES(4)Finally,an unauthorized party might fabricate counterfeit objects for a computing system.The intruder may wish to add spurious transactions to a network comm
23、unication system.or add records to an existing data base.Sometimes these additions can be detected as forgeries,but if skillfully done,they are virtually indistinguishable from the real thing.(4)(4)最最后后,非非授授权权用用户户可可以以伪伪造造计计算算机机系系统统的的一一些些对对象象。入入侵侵者者妄妄图图向向网网络络通通信信系系统统加加入入一一个个假假的的事事务务处处理理业业务务,或或向向现现有有的
24、的数数据据库库加加入入记记录录。有有时时,这这些些增增加加的的数数据据可可以以作作为为伪伪造造品品检检测测出出来来,但如果做得很巧妙,这些数据实际上无法与真正的数据分开。但如果做得很巧妙,这些数据实际上无法与真正的数据分开。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches13计算机专业英语Chapter 10 Computer and Network Security10.1 Characteristics of Computer Intrusion and Kinds of Security B
25、reaches10.1.2 KINDS OF SECURITY BREACHESThese four classes of interference with computer activity-interruption,interception,modification,and fabrication-can describe the kinds of exposures possible2.这这四四种种对对计计算算机机工工作作的的干干扰扰中中断断,截截取取,修修改改或或伪伪造造表明了可能出现的几种威胁类型。表明了可能出现的几种威胁类型。14计算机专业英语Chapter 10 Compute
26、r and Network Security New Words&Expressions:cryptography n.密码学密码学encryption 加密加密 cipher n.密码(钥),加密程序密码(钥),加密程序decrypt v.解密解密transit 通行(过),运输通行(过),运输plaintext n.明文明文cyphertext n.密文密文scheme n.计划,方案计划,方案secret-key 秘钥秘钥public-key 公钥公钥symmetric adj.对称的对称的data integrity 数据完整性数据完整性session key 会话密钥会话密钥crac
27、k v.解开,裂开解开,裂开hacker 黑客,计算机窃贼黑客,计算机窃贼encode v.编码编码triple-encryption 三重加密三重加密built-in 内在内在(固有固有)的,的,state-of-the-art 最新的最新的proliferate v.增生增生,扩散扩散 10.2 Modern Cryptography-Data EncryptionAbbreviations:DES(Data Encryption System)数据加密系统数据加密系统DCE(Distributed Computing Environment)分布式计算环境分布式计算环境15计算机专业英语
28、Chapter 10 Computer and Network Security10.2 Modern Cryptography-Data EncryptionIf the receiver of the encrypted data wants to read the original data,the receiver must convert it back to the original through a process called decryption.Decryption is the inverse of the encryption process.In order to
29、perform the decryption,the receiver must be in possession of a special piece of data called the key.如如果果接接收收到到加加密密数数据据的的人人要要看看原原来来的的数数据据,就就必必须须把把数数据据转转换换为为原原来来的的形形式式,这这个个过过程程称称为为解解密密。解解密密是是加加密密过过程程的的逆逆过过程程。为为了了进进行行解解密密,接接收者必须有称为密钥的特殊数据。收者必须有称为密钥的特殊数据。The two main competing cryptography schemes are k
30、nown as the secret-key(symmetric)system and the public-key(asymmetric)system.The secret-key system uses a single,wholly secret sequence both to encrypt and to decrypt messages.The public-key system uses a pair of mathematically related sequences,one each for encryption and decryption 1.现现在在有有两两种种主主要
31、要的的、相相互互竞竞争争的的密密码码术术:秘秘钥钥(对对称称)和和公公钥钥(不不对对称称)系系统统。秘秘钥钥系系统统采采用用单单一一的的绝绝密密序序列列,对对报报文文进进行行加加密密和和解解密密。公公钥钥系系统统采用一对数学上相关的序列,一个用于加密,另一个用于解密。采用一对数学上相关的序列,一个用于加密,另一个用于解密。16计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography-Data EncryptionSecret-key encryptionOne of the most popular secr
32、et-key encryption schemes is IBMs Data Encryption System(DES),which became the U.S.federal standard in 1997.the standard form uses a 56-bit key to encrypt 64-bit data blocks.The following is a notation for relating plaintext,ciphertext,and keys.We will use C=E k(P)to mean that the encryption of the
33、plaintext P using key k gives the ciphertext C.similarly,P=D k(C)represents of decryption of C to get the plaintext again.It then follows that D k(E k(P)=P密钥加密密钥加密IBMIBM的的数数据据加加密密系系统统(DES)(DES)是是最最流流行行的的密密钥钥加加密密方方案案之之一一。19771977年年,该该方方案案成成为美国联邦标准。该标准形式采用为美国联邦标准。该标准形式采用5656位的密钥对位的密钥对6464位的数据块进行加密。位的数
34、据块进行加密。下下面面是是有有关关明明文文、密密文文和和密密钥钥关关系系的的表表示示法法。我我们们用用C=EC=E k k (P)(P)表表示示用用密密钥钥K K对对明明文文P P加加密密,得得到到密密文文C C。类类似似的的,P=DP=D k k (C)(C)代代表表对对C C解解密密得得到到明明文文。因因而而遵循:遵循:D D k k(E(E k k(P)=P(P)=P17计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography-Data EncryptionDES has been studied by
35、 many of the worlds leading cryptographers,but no weaknesses have been uncovered.To crack a DES-encrypted message a hacker or commercial spy would need to try 255 possible keys.This type of search would need days of computer time on the worlds fastest supercomputers.Even then,the message may not be
36、cracked if the plaintext is not easily understood 2.为为了了打打开开一一个个DESDES加加密密的的报报文文,黑黑客客或或商商业业间间谍谍需需要要试试验验255255种种可可能能的的密密钥钥,这这种种搜搜索索在在世世界界上上最最快快的的巨巨型型机机上上也也需需好好几几天天的的计计算算机机时时间间。如如果果未未加加密密的的“明明文文”是是不不易易理理解解的的,即即使使算算出出报报文文也也可能解不开。可能解不开。18计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptog
37、raphy-Data EncryptionDevelopers using DES can improve security by changing the keys frequently,using temporary session keys,or using triple-encryption DES.With triple DES,each 64-bit block is encrypted under three different DES keys.Recent research has confirmed that triple-DES is indeed more secure
38、 than single-DES.The User Data Masking Encryption Facility is an export-grade algorithm substituted for DES in several IBM products,such as the Distributed Computing Environment(DCE)3.使使用用DESDES的的开开发发人人员员可可以以通通过过频频繁繁更更改改密密钥钥,使使用用临临时时的的会会话话密密钥钥或或使使用用三三重重加加密密DESDES来来提提高高安安全全性性。使使用用三三重重DESDES时时,每每个个646
39、4位位数数据据块块用用三三种种不不同同的的DESDES密密钥钥加加密密。最最新新研研究究已已确确认认三三重重DESDES确实比单重确实比单重DESDES更安全。更安全。19计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography-Data EncryptionPublic-key encryptionThe key distribution problem has always been the weak link in the secret-key systems.Since the encryption
40、key and decryption key are the same(or easily derived from one another)and the key has to be distributed to all users of the system,it seemd as if there was an inherent built-in problem:keys had to be protected from theft,but they also had to be distributed,so they could not just be locked up in a b
41、ank vault.公钥加密公钥加密密密钥钥的的分分布布问问题题在在秘秘钥钥系系统统中中一一直直是是一一个个薄薄弱弱环环节节。因因为为加加密密密密钥钥和和解解密密密密钥钥是是相相同同的的(或或彼彼此此容容易易推推出出来来)并并且且这这个个密密钥钥必必须须分分配配给给该该秘秘钥钥系系统统的的所所有有用用户户,这这好好像像是是存存在在一一个个固固有有的的内内部部问问题题,必必须须保保护护密密钥钥不不被被偷偷窃窃,但但又又必必须须分分布布出出去去,所所以以它们不可能只是锁在银行的地下室里。它们不可能只是锁在银行的地下室里。20计算机专业英语Chapter 10 Computer and Networ
42、k Security10.2 Modern Cryptography-Data EncryptionEncryption can be used to protect data in transit as well as data in storage.Some vendors provide hardware encryption devices that can be used to encrypt and decrypt data.There are also software encryption packages which are available either commerci
43、ally or as free software.加加密密可可以以用用来来保保护护传传输输中中的的数数据据和和存存储储器器中中的的数数据据。一一些些厂厂家家提提供供硬硬件件加加密密设设备备,用用来来加加密密和和解解密密数数据据。也也可可买买到到软软件件加加密密程程序序包或作为自由软件免费获得。包或作为自由软件免费获得。Encryption can be defined as the process of tasking information that exists in some readable form(plaintext)and converting it into a form(ci
44、phertext)so that it cannot be understood by others.加加密密可可以以定定义义为为把把现现有有的的、以以某某种种可可读读形形式式(明明文文)的的信信息息转转换换成其他人不能理解的形式(密文)的过程。成其他人不能理解的形式(密文)的过程。21计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography-Data EncryptionIn public key cryptosystem,the encryption and decryption keys were di
45、fferent,and plaintext encrypted with the public key can only be deciphered with the private key from the same pair.Conversely,plaintext encrypted with the private key can be decrypted only with the public key4(it is used in electronic signatures).The notations for these are as follows.C=E k(P),P=D k
46、1(C)=D k1(E k(P)orC=D k1(P),P=E k(C)=E k(D k1(P)在在公公钥钥秘秘钥钥系系统统中中,加加密密和和解解密密密密钥钥是是不不同同的的。并并且且用用公公开开密密钥钥加加密密的的明明文文只只能能用用同同一一对对密密钥钥中中的的秘秘密密密密钥钥解解密密。相相反反,用用私私有有密密钥钥加加密密的的明明文文只只能能用用公公开开密密钥钥解解密密(它用于电子签名)。这些关系的表示法如下:(它用于电子签名)。这些关系的表示法如下:(见上式)见上式)Here k is a public key and k1 is private key(or secret key).U
47、sers can make their public keys freely available or place them at a key distribution center for others to access.However,the private key must be kept safe.In public-key systems there is no need to find a safe channel for communicating a shared secret key.这这里里K K是是公公开开密密钥钥,K1K1是是私私有有密密钥钥(或或秘秘密密密密钥钥)。
48、用用户户可可以以让让他他们们的的公公开开密密钥钥自自由由地地使使用用,或或把把它它们们放放在在密密钥钥分分配配中中心心供供其其他他人人存存取取。然然而而,私私有有密密钥钥必必须须安安全全的的保存。在公开密钥系统,无需找一条传送共享的私有密钥的安全通道。保存。在公开密钥系统,无需找一条传送共享的私有密钥的安全通道。22计算机专业英语Chapter 10 Computer and Network Security10.3 How Firewalls WorkNew Words&Expressions firewall n.防火墙防火墙 offensive adj.无理的,攻击性的无理的,攻击性的h
49、acker n.黑客黑客 filter v.过滤,滤过,渗入过滤,滤过,渗入private 私有的,秘密地私有的,秘密地 packet n.小包,信息包小包,信息包employee n.职员,雇工职员,雇工telnet n.远程登录远程登录traffic n.流量流量 proxy n.代理代理retrieve v,检索检索match n.比较,匹配,符合比较,匹配,符合customizable 可定制的可定制的 block n.妨碍,阻碍妨碍,阻碍port n.端口端口 bug n.故障,(程序)错误故障,(程序)错误unsolicited adj.主动提供的主动提供的 junk n.垃圾,无
50、用数据垃圾,无用数据spam n.垃圾邮件垃圾邮件 counter v.还击,驳回还击,驳回session n.会话会话 inundate v.淹没淹没macro 计计宏指令,宏功能宏指令,宏功能 viruse n.病毒病毒23计算机专业英语Chapter 10 Computer and Network Security10.3 How Firewalls WorkAbbreviations HTTP(Hypertext Transfer Protocol)超文本传输协议超文本传输协议FTP(File Transfer Protocol)文件传输协议文件传输协议SMTP(Simple Mail