-
原
理
与
实
践
< br>
信
息
安
全
英
语
:
网
络
安
全
学院:理学院
学号:
1308105066
班级:
信安(
3
)班
姓名:张令宁
Chapter 1. An Introduction to Network S
ecurity
第
1
章简介网络安全<
/p>
This chapter covers the
following key topics:
本章包括以下主要内容:
?
?
?
?
?
?
?
?
?
Network
Security Goals
—
This section
discusses the goals of
implementing
security on a network.
Asset
Identification
—
This section
discusses the need to define
the assets
in a network that need to be protected against
network
attacks.
Threat
Assessment
—
This section
discusses how to recognize the
threats
unique to a network setup.
Risk
Assessment
—
We discuss what
risk means and how it needs to
be
evaluated for all network assets in order to set
up meaningful
safeguards.
Constructing a Network Security
Policy
—
We use this section
to
discuss how to set up a network
security policy in light of the
definitions established in the previous
sections.
Elements
of
a
Network
Security
Policy
—
We
discuss
the
pieces
that
come
together to form a network security policy.
Implementing a Network Security
Policy
—
This section
discusses
technical and nontechnical
aspects of implementing a network
security policy.
Network
Security
Architecture
Implementation
—
We
discuss
how
the
network policy can be
translated into a secure network
architecture.
Audit and
Improvement
—
We discuss how
audits and continuous
improvements
are
necessary
for
a
successful
network
security
policy
implementation.
Case Study
—
You
see how the theories discussed in this chapter can
be put into effective use.
<
/p>
?网络安全
Goals-
本节讨论在网络
上实现安全的目标。
?资产识别
-
本节讨论,需要在需要被保护,以防止网络攻击的
网络定义的资产。
1
?威胁评估之本节讨论如何识别唯一的网络设置的威胁。
?风险评估之我们讨论什么风险的手段,以及如何需要它来为所
有网
络资产,以建立有意义的保障措施进行评估。
?构建网络安全
政策制订我们使用本节讨论如何建立一个网络安
全策略鉴于成立了上一节中的定义。
?网络安全政策制订的要素我们讨论走到一起,形成一个网络安<
/p>
全策略的作品。
?实施网络安全政策制
订本节讨论实施网络安全策略的技术和非
技术方面的问题。
<
/p>
?网络安全体系结构
Implementation-
我们讨论如何在网络策略可
以被翻译成一个安全的网络架构。
?审计和
Improvement-
我们讨论审核和持续改进是如何需要一个
成功的网络安全策略的实施。
?案例
Study-
您怎么看这一章中讨论的理论可以投入有效的使用。
This chapter launches the book with a
general discussion of developing
a
motivation
for
network
security.
It
aims
to
develop
your
understanding
of some of the
common threats against which a network must be
protected
and discusses at a high level
some of the controls that can be put into
place
to
defend
against
these
attacks.
A
security
policy
is
the
foundation
of
all
network
security
implementations
that
occur
on
any
given
network.
It
defines
the
scope
and
methodology
of
the
security
implementations.
We
will discuss the basic principles of
setting up a meaningful security
policy
and how it
can be
implemented
in a network
environment.
The later
sections
of
the
chapter
discuss
the
value
of
auditing
the
security
policy
implementation and how it needs to be
continuously tested and improved.
本章开发一
种动机网络安全的一般性讨论推出这本书。
它的目的是发
展你的
一些共同的威胁,
对其中一个网络必须在高层次进行保护,
并<
/p>
2
讨论一
些可以到位,
以对抗这些攻击的控件的理解。
安全策略是任何<
/p>
给定的网络上发生的所有网络安全的实现奠定了基础。
它定义了安
全
实现的范围和方法。
我们将讨论建立一个有意义的安全策略,
以及它
如何在网络环境中实现的基本原理。
本章的后面的章节讨论审核安全
策略实施的价值以及它如何需要不断测试和改进。<
/p>
Network Security Goals
网络安全目标
Network
security
is
the
process
through
which
a
network
is
secured
against
internal and
external threats of various forms. In order to
develop a
thorough understanding of
what network security is, you must understand
the
threats
against
which
network
security
aims
to
protect
a
network.
It
is equally important to develop a high-
level understanding of the main
mechanisms that can be put into place
to thwart these attacks.
网络安全是通过该网络被固定以
防止各种形式的内部和外部威胁的
过程。
为了开发一个透彻地了
解网络的安全性,
必须了解其对网络安
全的目的是保护网络中的
威胁。
同样重要的是,
开发了可以放入地方
阻止这些攻击的主要机制的高级别理解。
Generally, the ultimate goal of
implementing security on a network is
achieved by following a series of
steps, each aimed at clarifying the
relationship between the attacks and
the measures that protect against
them.
The
following
is
the
generally
accepted
approach
to
setting
up
and
implementing
security
on
a
site,
as
suggested
by
Fites,
et
al.
in
Control
and
Security
of
Computer
Information
Systems
(M.
Fites,
P.
Kratz,
and
A.
Brebner,
Computer Science Press, 1989):
一般情况下,
实现安全网络上的最终目标是通过以下一系列步骤
3
实现的,
每一个旨在澄清的攻击,
并保护对他们采取的措施之间的关
系。
下面是普遍接受的方法来建立和在网站上实现安全性,
所建议的
Fites
,等人。在控制计算机信息系统(
< br>M. Fites
,
P
.
克拉茨和
A.
布雷布
纳,计算机科学出版社,
1989
年)的安全性:
Step 1.
Identify what
you are trying to protect.
Step
2.
Determine what you are trying to
protect it from.
Step
3.
Determine how likely the threats are.
Step 4.
Implement measures
that protect your assets in a cost-effective
manner.
Step 5.
Review the
process continuously, and make improvements each
time you find a weakness.
步骤
1
:识别你想保护什么。
步骤
2.
确定您要保护它的东西。
第
3
步:确定威胁怎么可能是。
第
4
步实施的保护您的资产以具
有成本效益的方式的措施。
第
5
步审查的过程中不断地,
你会发现一个弱点,
每次进行改进。
Asset
Identification
资产鉴定
Most modern networks have
many resources that need to be protected. The
reason
is
that
most
enterprises
today
implement
network
systems
to
provide
information
to
users across
the
network
in
digital
format
rather
than
in
another
form,
such
as
hard
copies.
Therefore,
the
number
of
resources
that
need to be protected increases
significantly. The following list, by no
4
means comprehensive, identifies network
resources that need to be
protected
from various types of attacks:
大多数现代网络具
有需要被保护的资源。
其原因是,
大多数企业目前
实施的网络系统提供信息,
以在整个网络中的用户的数字格式,
而不
是另一种形式,诸如硬拷贝。因此,资源的需要的数量要显著保护增
大。下面的列表,并不全面,标识需要被保护,免受不同类型的攻击
的网络资源:
?
?
?
?
?
?
?
Network equipment such as routers,
switches, and firewalls
Network
operations information such as routing tables and
access
list configurations stored on
this equipment
Intangible networking
resources such as bandwidth and speed
Information and the information sources
connected to the network,
such as
databases and information servers
End
hosts
connecting
to
the
network
to
make
use
of
various
resources
Information
passing across the network at any given time
The
privacy
of
the
users
as
identifiable
through
their
usage
of
the
network resources
?
?
?
?
?
?
?
?
网络设备诸如路由器,交换机,防火墙和
网络运营信息,如存储在该设备的路由表和访问控制列表配置
无形的网络资源,如带宽和速度
连接到网络,如数据库和信息服务器的信息和信息来源,
连接到网络的终端主机利用各种资源
信息传递通过网络在任何给定时间
用户的通过的网络资源的使用量为可识别的隐私
所有这些因素都考虑在内的网络资产。你需要通过制定和实施
网络安全计划,
以保护他们。
5
All these
things are considered a network's assets. You need
to protect
them by formulating and
implementing a network security plan.
Threat Assessment
威胁评估
Network attacks are what a network
security process aims to protect its
network
assets
against.
Network
security
attacks
are
attempts,
malicious
or
otherwise,
to
use
or
modify
the
resources
available
through a
network
in
a
way
they
were
not
intended
to
be
used.
In
order
to
better
understand
what
network
attacks
are,
it
is
a
good
idea
to
look
at
the
types
of
network
attacks. Network
attacks in general can be divided into three main
categories:
网络攻击是什么样的网络安全处理的
目的是保护其网络资产反
对。网络安全攻击是企图,
恶意的或其
他方式,通过在某种程度上它
们不旨在用于一个网络使用或修改现有的资源。
为了更好地了解网络
攻击,这是看网络攻击的类型是个好主意。在一般的网
络攻击,可分
为三大类:
Unauthorized
access
to
resources
or
information
through
the
use
of
a network
?
Unauthorized manipulation and
alteration of information on a
network
?
Denial of
service
?
?
?
?
通过使用网络的未经授权访问资源或信息
未经授权的操作和变更信息在网络上
拒绝服务
6
Chapter 14,
examination of
the various categories of network attacks.
第
14
章,“什么是入侵检测?”,提供的各类网络攻
击的更详细的
检查。
The
key
word
to
note
in
the
first
two
categories
of
attacks
is
unauthorized.
A network
security policy defines what is authorized and
what is not.
However,
in
general
terms,
unauthorized
access
occurs
when
a
user
attempts
to
view
or
alter
information
that
was
not
intended
for
his
or
her
specific
use.
In some situations it can be fairly difficult to
define what was
intended
for
the
use
of
a
given
user.
Therefore,
it
is
imperative
to
have
a security policy in
place that is restrictive enough to clearly define
a limited number of very specific
resources and network elements that a
user should be allowed to gain access
to.
关键的字记下前两类攻击是未经授权的。
网络安全策略定义了什么是
授权的,哪些不是。但是,总体而言,当用户试图
查看或更改的目的
不是为他或她的具体使用信息未经授权的访问发生。在一些情况下,<
/p>
它可以是相当困难的定义什么是打算利用给定用户的。
因此,
必须有
一个安全策略的地方的是足以限制明确界定的非常具体的资源
和网
络元素使得用户应允许获得的数量有限。
Information on a network can be either
the information contained on end
devices connected to the network, such
as web servers and databases;
information passing through the
network; or information relevant to the
workings of the networking components,
such as the routing tables and
access
control
list
configurations.
Resources
on
a
network
can
either
be
the
end
devices
(network
components
such
as
routers
and
firewalls)
or
the
interconnect mechanisms.
一个网络上的信息可以是包含在连接到网络的终端设备,诸如
W
eb
服务器和数据库中的信息
;
信息通
过网络
;
或相关的网络组件,如
路由表
和访问控制列表的配置的运作信息。
一个网络上的资源可以是
7
终端设备(网络组件,如路由器和防火墙)或互连机制。
Denial of service is one of the most
common types of network attacks.
Denial
of
service
occurs
when
legitimate
access
to
a
network
resource
is
blocked or degraded by a
malicious act or a mistake.
拒绝服务是网络攻击的最
常见的类型之一。
当合法访问网络资源被阻
塞或恶意行为或错误
发生降解拒绝服务。
It is important to
note that a network security attack can be
intentional or unintentional.
The aim
of the security mechanisms in a network is not
only to protect against planned and
coordinated attacks conducted with
malicious intent, but also to protect the network
and its
resources against mistakes made
by users. The damages caused by either type of
attack can be
similar.
要注意的是
网络安全攻击可以是有意或无意的是重要的。
在网络
中的安全机
制的目的不仅是为了防止有恶意企图进行规划和协调的
攻击,
还
能保护网络及其资源对用户所犯的错误。
造成两种类型的攻
击所
造成的损害可能是相似的。
Keeping in mind the attacks just
outlined, you can start building an
outline of the goals of implementing
network security on a network. The
ultimate
goal
is
to
protect
the
network
against
the
attacks
just
described.
Therefore, a
network security implementation should aim to
achieve the
following goals:
牢记攻击刚才提到,
您可以开始构建的网络上实现网络安全的目
标的轮廓。最终的目标是保护网络免受刚才所描述的攻击。因此,网
络安全的实现应力
求实现以下目标:
Ascertain data confidentiality
?
Maintain data
integrity
?
8
?
Maintain data
availability
?
?
?
?
探悉数据的保密性
维护数据的完整性
保持数据的可用性
Risk Assessment
风险评估
Having
identified
the
assets
and
the
factors
that
threaten
them,
the
next
step
in
formulating
a
network
security
implementation
is
to
ascertain
how
likely the threats are
in
the environment in
which the security
is
being
implemented.
Realize
that
although
it
can
be
important
to
protect
against
all types of attacks, security does not
come cheap. Therefore, you must
do a
proper risk analysis to find out what the most
significant sources
of attack are and
devote the most resources to protecting against
them.
在确定了资产和威胁他们的因素中,
在制定一个网
络安全实施的下一
个步骤是确定威胁的可能性有多大在将安全正在执行的环境。
要知道,
虽然它很重要,以防止所有类型的攻击,安全性并不便宜。因此
,你
必须做一个适当的风险分析,
以找出攻击的最显著来源和投
入最多的
资源,以防止他们。
Risk
assessment
can
be
done
in
a
variety
of
ways.
However,
two
main
factors
affect the risk associated with a
particular type of threat's
materializing:
风险评估可以以各种方式来完
成。
然而,
有两个主要因素影响与特定
类型的威胁的物化的相关的风险:
9
-
-
-
-
-
-
-
-
-
上一篇:破解Excel保护方法
下一篇:解决U盘无法复制磁盘被写保护