計算機(jī)英語論文

計算機(jī)英語論文SecurityofComputerNetworkSystem班級：姓名：學(xué)號：指導(dǎo)教師：計算機(jī)網(wǎng)絡(luò)安全淺析摘要：針對計算機(jī)網(wǎng)絡(luò)系統(tǒng)存在的安全性和可靠性問題，本文從網(wǎng)絡(luò)安全的重要性、理論基礎(chǔ)、具備功能以及解決措施等方面提出一些見解，并且進(jìn)行了詳細(xì)闡述，以使廣大用戶在計算機(jī)網(wǎng)絡(luò)方面增強(qiáng)安全防范意識。關(guān)鍵詞：計算機(jī)網(wǎng)絡(luò)虛擬專用網(wǎng)技術(shù)加密技術(shù)防火墻引言：隨著計算機(jī)網(wǎng)絡(luò)技術(shù)的發(fā)展，網(wǎng)絡(luò)的安全性和可靠性已成為不同使用層次的用戶共同關(guān)心的問題。人們都希望自己的網(wǎng)絡(luò)系統(tǒng)能夠更加可靠地運(yùn)行，不受外來入侵者干擾和破壞。所以解決好網(wǎng)絡(luò)的安全性和可靠性問題，是保證網(wǎng)絡(luò)正常運(yùn)行的前提和保障。一、網(wǎng)絡(luò)安全的重要性。在信息化飛速發(fā)展的今天，計算機(jī)網(wǎng)絡(luò)得到了廣泛應(yīng)用，但隨著網(wǎng)絡(luò)之間的信息傳輸量的急劇增長，一些機(jī)構(gòu)和部門在得益于網(wǎng)絡(luò)加快業(yè)務(wù)運(yùn)作的同時，其上網(wǎng)的數(shù)據(jù)也遭到了不同程度的攻擊和破壞。攻擊者可以竊聽網(wǎng)絡(luò)上的信息，竊取用戶的口令、數(shù)據(jù)庫的信息；還可以篡改數(shù)據(jù)庫內(nèi)容，偽造用戶身份，否認(rèn)自己的簽名。更有甚者，攻擊者可以刪除數(shù)據(jù)庫內(nèi)容，摧毀網(wǎng)絡(luò)節(jié)點(diǎn)，釋放計算機(jī)病毒等等。這致使數(shù)據(jù)的安全性和自身的利益受到了嚴(yán)重的威脅。根據(jù)美國FBI（美國聯(lián)邦調(diào)查局）的調(diào)查，美國每年因為網(wǎng)絡(luò)安全造成的經(jīng)濟(jì)損失超過170億美元。75%的公司報告財政損失是由于計算機(jī)系統(tǒng)的安全問題造成的。超過50%的安全威脅來自內(nèi)部。而僅有59%的損失可以定量估算。在中國，針對銀行、證券等金融領(lǐng)域的計算機(jī)系統(tǒng)的安全問題所造成的經(jīng)濟(jì)損失金額已高達(dá)數(shù)億元，針對其他行業(yè)的網(wǎng)絡(luò)安全威脅也時有發(fā)生。由此可見，無論是有意的攻擊，還是無意的誤操作，都將會給系統(tǒng)帶來不可估量的損失。所以，計算機(jī)網(wǎng)絡(luò)必須有足夠強(qiáng)的安全措施。無論是在局域網(wǎng)還是在廣域網(wǎng)中，網(wǎng)絡(luò)的安全措施應(yīng)是能全方位地針對各種不同的威脅和脆弱性，這樣才能確保網(wǎng)絡(luò)信息的保密性、完整性和可用性。二、網(wǎng)絡(luò)安全的理論基礎(chǔ)。國際標(biāo)準(zhǔn)化組織（ISO）曾建議計算機(jī)安全的定義為：“計算機(jī)系統(tǒng)要保護(hù)其硬件、數(shù)據(jù)不被偶然或故意地泄露、更改和破壞?！睘榱藥椭嬎銠C(jī)用戶區(qū)分和解決計算機(jī)網(wǎng)絡(luò)安全問題，美國國防部公布了“桔皮書”（orangebook，正式名稱為“可信計算機(jī)系統(tǒng)標(biāo)準(zhǔn)評估準(zhǔn)則”），對多用戶計算機(jī)系統(tǒng)安全級別的劃分進(jìn)行了規(guī)定。桔皮書將計算機(jī)安全由低到高分為四類七級：D1、C1、C2、B1、B2、B3、A1。其中D1級是不具備最低安全限度的等級，C1和C2級是具備最低安全限度的等級，B1和B2級是具有中等安全保護(hù)能力的等級，B3和A1屬于最高安全等級。在網(wǎng)絡(luò)的具體設(shè)計過程中，應(yīng)根據(jù)網(wǎng)絡(luò)總體規(guī)劃中提出的各項技術(shù)規(guī)范、設(shè)備類型、性能要求以及經(jīng)費(fèi)等，綜合考慮來確定一個比較合理、性能較高的網(wǎng)絡(luò)安全級別，從而實(shí)現(xiàn)網(wǎng)絡(luò)的安全性和可靠性。三、網(wǎng)絡(luò)安全應(yīng)具備的功能。為了能更好地適應(yīng)信息技術(shù)的發(fā)展，計算機(jī)網(wǎng)絡(luò)應(yīng)用系統(tǒng)必須具備以下功能：（1）訪問控制：通過對特定網(wǎng)段、服務(wù)建立的訪問控制體系，將絕大多數(shù)攻擊阻止在到達(dá)攻擊目標(biāo)之前。（2）檢查安全漏洞：通過對安全漏洞的周期檢查，即使攻擊可到達(dá)攻擊目標(biāo)，也可使絕大多數(shù)攻擊無效。（3）攻擊監(jiān)控：通過對特定網(wǎng)段、服務(wù)建立的攻擊監(jiān)控體系，可實(shí)時檢測出絕大多數(shù)攻擊，并采取響應(yīng)的行動（如斷開網(wǎng)絡(luò)連接、記錄攻擊過程、跟蹤攻擊源等）。（4）加密通訊：主動地加密通訊，可使攻擊者不能了解、修改敏感信息。（5）認(rèn)證：良好的認(rèn)證體系可防止攻擊者假冒合法用戶。（6）備份和恢復(fù)：良好的備份和恢復(fù)機(jī)制，可在攻擊造成損失時，盡快地恢復(fù)數(shù)據(jù)和系統(tǒng)服務(wù)。SecurityofComputerNetworkSystemAbstract:Thispaperdiscussedthesecureanddependableproblemaboutthecomputernetworksystem.Onsomeaspects:theimportanceofnetworksecurity,basictheory,function,andthemethodofsolvingaproblem,etc.Goodviewsforsolvingtheproblemareputforward.Itstrengthenspeople’sconsciousnessonnetworksecurity.Keywords:ComputernetworkVirtualprivatenetworkEncryptiontechniquesFirewallIntroduction:Alongwiththecomputernetworktechnologydevelopment,thenetworksecurityandthereliabilityhavebecomethequestionofcommoninterestbyallusers.Thepeopleallhopedtheirownnetworksystemcanmovereliably,notexternalintruderdisturbanceanddestruction.Thereforesolvesthenetworksecurityandthereliableproblemcarefully,isaguaranteethenetworknormaloperation’spremiseandsafeguard.First,theimportanceofthenetworksecurity.Withtheinformationizationdevelopingfasttoday,thecomputernetworkobtainedthewidespreadapplication,butalongwiththenetworkinformationtransmissioncapacitygrowingfaster,someorganizationsanddepartmentsbenefitthespeedupwiththeserviceoperationinthenetwork,while,thedatahasalsosufferedtoextentattackanddestruction.Theaggressormayintercepttheinformationinthenetwork,stealstheuser’spassword,thedatabaseinformation;alsomaytamperwiththedatabasecontent,theforgeuser’sstatus,deniesownsignature.Andwhatismore,theaggressormaydeletethedatabasecontent,thedestroynode,releasescomputervirusandsoon.Thiscausedatasecurityandownbenefithavereceivedtheseriousthreat.AccordingtoAmericanFBI(USFederalBureauofInvestigation)investigation,thenetworksecuritycreatestheeconomiclosssurpasses17,000,000,000dollarseveryyear.75%corporationreportfinancelossisbecausethecomputersystemsecurityproblemcreates.Morethan50%safethreatcomefrominside.Butonly59%losscouldbepossibleestimate.InChina,theeconomiclossamountinviewoffinancialdomainandthebank,negotiablesecuritiescomputersystemsecurityproblemscreateshasreachedashighasseveralhundredmillionYuan,alsosometimesoccursinviewofotherprofessionnetworksecuritythreat.Thusitcanbeseen,regardlessofisthemeanattack,orunconsciousdisoperation,willallbeabletobringtheinestimablelosstothesystem.Therefore,thecomputernetworkmusthavetheenoughstrongsecuritymeasure.RegardlessofisinthelocalareanetworkorinWAN,thenetworksecuritymeasureshouldbeOmni-directionalinviewofeachkindofdifferentthreatandthevulnerability,sothatitcanguaranteethenetworkinformation’ssecrecy,theintegrityandtheusability.Second,networksecurityrationale.InternationalStandardizationOrganization(ISO)oncesuggestedthecomputersecuritythedefinitionwas:“Thecomputersystemmustprotectitshardware,thedatanotaccidentallyorrevealsintentionally,thechangeandthedestruction.”Inordertohelpthecomputeruserdiscriminationandthesolutioncomputernetworksecurityproblem,theAmericanDepartmentofDefenseannounced“theorangepeelbook”(orangebook,officialnameis“crediblecomputersystemstandardappraisalcriterion”),hascarriedonthestipulationtothemultiusercomputersystemsecurityrankdivision.Theorangepeelbookfromlowtohighdividesintothecomputersecurityfourkindsofsevenlevels:D1,C1,C2,B1,B2,B3,A1.Aboveall,D1leveldoesnothavethelowestsafetymarginrank,C1andtheC2levelhasthelowestsafetymarginrank,B1andtheB2levelhasthemediumsafekeepingofsecurityabilityrank,B3andA1belongstothehighestsecurityrating.Inthenetworkconcretedesignprocess,itshouldactaccordingtoeachtechnologystandard,theequipmenttype,theperformancerequirementaswellasthefundswhichinthenetworkoverallplanproposedandsoon,theoverallevaluationdeterminesonequitereasonably,theperformancehighnetworksecurityrank,thusrealizationnetworksecurityandreliability.Third,thenetworksecurityshouldhavefunction.Inordertoadapttheinformationtechnologydevelopmentwell,thecomputernetworkapplicationsystemmusthavefollowingfunction:Accesscontrol:Throughtothespecificwebpage,theserviceestablishmentaccesscontrolsystem,inarrivestheoverwhelmingmajorityattackimpedimentinfrontoftheattackgoal.Inspectsthesecurityloophole:Throughtosecurityloopholecyclicalinspection,evenifattacksmaygettheattackgoal,alsomaycausetheoverwhelmingmajorityattacktobeinvalid.Attackmonitoring:Throughtospecificwebpage,serviceestablishmentattackmonitoringsystem,butreal-timeexaminestheoverwhelmingmajorityattack,andadoptstheresponsethemotion(forexampleseparationnetworkconnection,recordingattackprocess,pursuitattacksourceandsoon).Encryptioncommunication:Encryptsonowninitiativethecommunication,mayenabletheaggressortounderstand,therevisionsensitiveinformation.Authentication:Thegoodauthenticationsystemmaypreventtheaggressorpretendsthevalidateduser.Backupandrestoration:Thegoodbackupandrestoresthemechanism,maycausesthelosseswhentheattack,assoonaspossiblerestoresthedataandthesystemservice.Multi-layereddefense:Theaggressorafterbreaksthroughthefirstdefenselinedelaysorblocksittoreachtheattackgoal.Setsupthesafemonitoringcenter:Providesthesecuritysystemmanagement,themonitoring,theprotectionandtheemergencycaseservicefortheinformationsystem.Fourth,thenetworksystemsafetycomprehensivesolutionmeasures.Ifwanttorealizethenetworksecurityfunction,weshouldcarryontheOmni-directionalguardingtothenetworksystem,andthusformulatethequitereasonablenetworksecurityarchitecture.Belowonthenetworksystemsecurityproblem,proposessomeguardmeasure.Physicssafemaydivideintotwoaspects:Oneistheartificialharmtothenetwork;theotheristhenetworktotheusers.Mostcommonthingistheconstructorwhodidnotunderstandtotheburiedcableclearly,thusleadtothedestructionofelectriccable,thiskindofsituationmaythroughstandingsymbolizedthesignguardsagainst;Hasnotusedthestructurizedwiringthenetworktobeabletoappeartheuserfrequentlytotheelectriccabledamage,thisneedstousethestructurizedwiringtoinstallthenetworkasfaraspossible;Artificialornaturaldisasterinfluence,whentoconsidertheplan.Theaccesscontrolsecurity,theaccesscontroldistinguishesandconfirmstheuser,limitstheuserinthealreadyactivityandtheresourcesscopewhichisauthorized.Thenetworkaccesscontrolsafemayconsiderfromfollowingseveralaspects.password:Thenetworksecuritysystemmostouterlayerdefenselineisnetworkuser'sregistering,intheregistrationprocess,thesystemwouldinspecttheusertoregisterthenameandthepasswordvalidity,onlythenthelegitimateusercanenterthesystem.Thenetworkresources’host,theattributeandthevisitjurisdiction:Thenetworkresourcesmainlyincludetheresourceswhichsharedfiles,thesharedprinter,networkusersandsoon,thatallthenetworkuserscanuse.Theresourceswerethehosttomanifestthedifferentusertotheresourcessubordinaterelations,suchasbuilder,modifierandgroupmemberandsoon.Theresourcesattributeexpresseditselfdepositandwithdrawalcharacteristics,ascanreadbywho,writeortheexecutionandsoon.Thevisitjurisdictionmainlymanifestsintheusertothenetworkresourcesavailabledegreeinusingassignsthenetworkresourcestobethehost,theattributeandthevisitjurisdictionmayeffectivelyintheapplicationcascadecontrolnetworksystemsecurity.Networksecuritysurveillance:Thenetworksurveillanceisgenerallycalledfor“thenetworkmanagement”,itsfunctionmainlyiscarriesonthedynamicsurveillancetotheentirenetworkmovementandhandleseachkindofeventpromptly.Mayunderstandsimplythroughthenetworksurveillancediscoversandsolvesinthenetworksecurityproblem,suchasthelocalizationnetworkfaultpoint,seizestheIPembezzler,thecontrolnetworkvisitscopeandsoon.Auditandtrack:Networkauditandtrackwhichisincludingthenetworkaspect,resourcesuse,networkbreakdownandsystemkeeping.Itcomposedgenerallybytwoparts:One,therecordingevent,sooneachkindofevententirelyrecordsinthedocument;Two,carriesontheanalysisandthestatisticstotherecording,thusdiscoversthequestiontobeat.Thedatatransmissionsecurity,thetransmissionsafetyrequirementsprotecttheinformationwhichistransmitting,preventedpassivelyandencroachesonowninitiative.Wemaytakethefollowingmeasuretothedatatransmission:Encryptionanddigitalsignature:Thedigitalsignaturewhichisthedatareceiverconfirmsthedatatransmissiontrulyandunmistakable,itmainlyrealizesthroughtheencryptionalgorithmandtheconfirmationagreement.Firewall:FirewallisasecuritymeasurewhichiswidespreaduseontheInternet,itmayestablishindifferentnetworkorbetweenaseriesofpartcombination.Itcanthroughthemonitor,thelimit,thechangesurmountsthefirewall’sdatastream,itexaminestheinformationinsideandoutsideasfaraspossible,sothatrealizesthenetworksafekeepingofsecurity.UserName/PasswordAuthentication:Thisauthenticationisthemostcommonlyused,itusesintheoperatingsystemregistering,telnet(long-distanceregisters)rlogin(long-distanceregisters)andsoon,butthiskindofauthenticationwayprocessdoesnotencrypt,namelypasswordismonitoredeasilyanddeciphered.Useabstractalgorithmauthentication:Radius(long-distancedigitdialingauthenticationagreement),OSPF(openingrouteagreement),SNMPSecurityProtocolandsoon,theseallusesharingSecurityKey(key),inadditiontheabstractalgorithm(MD5)carriesontheauthentication,buttheabstractalgorithmisanirreversibleprocess,therefore,intheauthenticationprocess,cannotcalculatesharingbytheabstractinformationsecuritykey,thereforethesensitiveinformationcannottransmitinthenetwork.InthemarketmainlyusestheabstractalgorithmmainlyhasMD5andSHA-1.BasedonPKIauthentication:UsesPKI(publickeysystem)tocarryontheauthenticationandtheencryption.Thismethodsafetyrateishigh,thesynthesisusedtheabstractalgorithm,hasencryptedasymmetrically,symmetricaltechnologiesandsoonencryption,digitalsignature,wellsecurityandhighlyeffectiveunion.Thisauthenticationmethodappliesatpresentintheemail,theapplicationservervisit,thecustomerauthentication,thefirewallDomainsandsoonauthentication.Thiskindofauthenticationmethodsafetyrateisveryhigh,butinvolvestothequitearduouscertificatemanagementduty.Hypothesizedprivatenetwork(VPN)technology:TheVPNtechnologymainlyprovidesonthepublicnetworkthesecuritybidirectionalcommunicationusesthetransparentdeciphermentschemetoguaranteethedatatheintegrityandthesecrecy.Summary:Generallyspeaking,thesecurityproblemwhichtransmitsregardingthecomputernetwork,wemusthavetoachievefollowingpoints.First,weshouldstrictlylimitthesysteminformationandtheresourceswhichthesurferuservisits;thisfunctionmaythroughthevisitontheservertoestablishtheNetScreenfirewalltorealize.Second,weshouldstrengthentotheuser'sstatusauthentication,andwecanuseRADIUSw