Computer English
Chapter 10 Computer and
Network Security
Chapter 10 Computer and Network Security
计算机专业英语 10-2
Key points:
useful terms and definitions
of computer security
Difficult points:
distinguish between four
kinds of computer security
breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-3
Requirements:
1,Principle of easiest penetration
2,The kinds of computer security breaches
3,What is firewall
4,了解科技论文标题的写法
Chapter 10 Computer and Network Security
计算机专业英语 10-4
New Words & Expressions:
breach 破坏,缺口 involve 包含,涉及,也可不译
depositor 寄托者 vulnerability 弱点,攻击
perimeter 周围,周边 penetrate vt,攻破,攻击
Exposure 曝光,揭露 threat n,威胁,恐吓
asset 资产 interruption 中断,打断
interception 截取 modification 修改
fabricate v,伪造 tamper v,篡改
spurious adj,假的
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Abbreviations:
Chapter 10 Computer and Network Security
计算机专业英语 10-5
10.1.1 入侵计算机的特点
Principle of Easiest Penetration,An intruder must be expected to use any
available means of penetration,This will not necessarily be the most
obvious means,nor will it necessarily be the one against which the most
solid defense has been installed.
最容易攻破原理 。 入侵者必定要使用一种可以攻破的方法,这种方法既不可能是最常用的,也不可能是针对已经采取了最可靠的防范措施的方法 。
This principle says that computer security specialists must consider all
possible means of penetration,because strengthening one may just make
another means more appealing to intruders,We now consider what these
means of penetration are.
这一原理说明计算机安全专家必须考虑所有可能的攻击方法 。 由于你加强了某一方面,入侵者可能会想出另外的对付方法 。 我们现在就说明这些攻击的方法是什么 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-6
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
10.1.2 KINDS OF SECURITY BREACHES
In security,an exposure is a form of possible loss or harm in a
computing system; examples of exposures are unauthorized disclosure
of data,modification of data,or denial of legitimate access to
computing,A vulnerability is a weakness in the security system that
might be exploited to cause loss or harm.
在计算机系统中,暴露是一种使安全完全丧失或受到伤害的一种形式;
暴露的例子是非授权的数据公开,数据修改或拒绝合法的访问计算机 。
脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害 。
Chapter 10 Computer and Network Security
计算机专业英语 10-7
10.1.2 KINDS OF SECURITY BREACHES
A human who exploits a vulnerability perpetrates an attack on the system.
Threats to computing systems are circumstances that have the potential
to cause loss or harm; human attacks are examples of threats,as are
natural disasters,inadvertent human errors,and internal hardware or
software flaws,Finally,a control is a protective measure-an action,a
device,a procedure,or a technique-that reduces a vulnerability.
人可利用脆弱性对系统进行罪恶的攻击 。 对计算机系统的威胁是引起安全丧失或伤害的环境;人们的攻击是威胁的例子,如自然灾害,人们非故意错误和硬件或软件缺陷等 。 最后,控制是一种保护性措施 —— 控制可以是一种动作,一个设备,一个过程或一种技术 —— 减少了脆弱性 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-8
10.1.2 KINDS OF SECURITY BREACHES
The major assets of computing systems are hardware,software,
and data,There are four kinds of threats to the security of a
computing system,interruption,interception,modification,and
fabrication,The four threats all exploit vulnerabilities of the assets
in computing systems,These four threats are shown in Fig.10-1.
计算机系统的主要资源是硬件,软件和数据 。 有四种对计算机安全的威胁:中断,截取,篡改和伪造 。 这四种威胁都利用了计算机系统资源的脆弱性,图 10-1表示这四种威胁 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-9
Fab ric ation
Modification
N ormal Flow
I n ter rup tion
I n ter ception
Fig.10-1Four classes of System Security Failures
Chapter 10 Computer and Network Security
计算机专业英语 10-10
10.1.2 KINDS OF SECURITY BREACHES
(1) In an interruption,an asset of the system becomes lost or
unavailable or unusable,An example is malicious destruction
of a hardware device,erasure of a program or data file,or
failure of an operating system file manager so that it cannot
find a particular disk file,
(1)在 中断 情况下,系统资源开始丢失,不可用或不能用 。 例如,蓄意破坏硬件设备,抹除程序或数据文件或造成操作系统的文件管理程序故障,以致不能找到某一磁盘文件 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-11
10.1.2 KINDS OF SECURITY BREACHES
(2) An interception means that some unauthorized party has gained access
to an asset,The outside party can be a person,a program,or a computing
system,Examples of this type of failure are illicit copying of program or
data files,or wiretapping to obtain data in a network,While a loss may be
discovered fairly quickly,a silent interceptor may leave no traces by
which the interception can be readily detected.
(2)截取 是指某一非特许用户掌握了访问资源的权利 。 外界用户可以是一个人,一个程序或一个计算机系统 。 这种威胁的例子如程序或数据文件的非法拷贝,或私自接线入网去获取数据 。 数据丢失可能会很快被发现,但很可能截取者并不留下任何容易检测的痕迹 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-12
10.1.2 KINDS OF SECURITY BREACHES
(3) If an unauthorized party not only accesses but tampers with an asset,
the failure becomes a modification,For example,someone might modify
the values in a database,alter a program so that it performs an additional
computation,or modify data being transmitted electronically,It is even
possible for hardware to be modified,Some cases of modification can be
detected with simple measures,while other more subtle changes may be
almost impossible to detect,
(3)如果非授权用户不仅可以访问计算机资源,而且可以篡改资源,则威胁就成为 修改 了。例如,某人可以修改数据库中的值,更换一个程序,
以便完成另外的计算,或修改正在传送的数据,甚至还 可能修改硬件。
某些情况下可以用简单的测量手段检测 出所做的修改,但某些微妙的修改是不可能检测出来的。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-13
10.1.2 KINDS OF SECURITY BREACHES
(4) Finally,an unauthorized party might fabricate counterfeit
objects for a computing system,The intruder may wish to add
spurious transactions to a network communication system,or add
records to an existing data base,Sometimes these additions can be
detected as forgeries,but if skillfully done,they are virtually
indistinguishable from the real thing.
(4)最后,非授权用户可以 伪造 计算机系统的一些对象 。 入侵者妄图向网络通信系统加入一个假的事务处理业务,或向现有的数据库加入记录 。 有时,这些增加的数据可以作为伪造品检测出来,
但如果做得很巧妙,这些数据实际上无法与真正的数据分开 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-14
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
10.1.2 KINDS OF SECURITY BREACHES
These four classes of interference with computer activity-
interruption,interception,modification,and fabrication-can
describe the kinds of exposures possible[2].
这四种对计算机工作的干扰 —— 中断,截取,修改 或 伪造 —
— 表明了可能出现的几种威胁类型 。
Chapter 10 Computer and Network Security
计算机专业英语 10-15
New Words & Expressions:
cryptography n,密码学 encryption 加密
cipher n,密码 ( 钥 ),加密程序 decrypt v,解密
transit 通行 ( 过 ),运输 plaintext n,明文
cyphertext n,密文 scheme n,计划,方案
secret-key 秘钥 public-key 公钥
symmetric adj,对称的 data integrity 数据完整性
session key 会话密钥 crack v,解开,裂开
hacker 黑客,计算机窃贼 encode v,编码
triple-encryption 三重加密 built-in 内在 (固有 )的,
state-of-the-art 最新的 proliferate v.增生,扩散
10.2 Modern Cryptography- Data Encryption
Abbreviations,
DES (Data Encryption System) 数据加密系统
DCE ( Distributed Computing Environment)分布式计算环境
Chapter 10 Computer and Network Security
计算机专业英语 10-16
10.2 Modern Cryptography- Data Encryption
If the receiver of the encrypted data wants to read the original data,the
receiver must convert it back to the original through a process called
decryption,Decryption is the inverse of the encryption process,In order to
perform the decryption,the receiver must be in possession of a special piece of
data called the key.
如果接收到加密数据的人要看原来的数据,就必须把数据转换为原来的形式,这个过程称为 解密 。 解密是加密过程的逆过程 。 为了进行解密,接收者必须有称为密钥的特殊数据 。
The two main competing cryptography schemes are known as the
secret-key (symmetric) system and the public-key (asymmetric) system,The
secret-key system uses a single,wholly secret sequence both to encrypt and to
decrypt messages,The public-key system uses a pair of mathematically related
sequences,one each for encryption and decryption [1].
现在有两种主要的,相互竞争的密码术:秘钥 ( 对称 ) 和公钥 ( 不对称 ) 系统 。 秘钥系统采用单一的绝密序列,对报文进行加密和解密 。 公钥系统 采用一对数学上相关的序列,一个用于加密,另一个用于解密 。
Chapter 10 Computer and Network Security
计算机专业英语 10-17
10.2 Modern Cryptography- Data Encryption
Secret-key encryption
One of the most popular secret-key encryption schemes is IBM’s Data
Encryption System (DES),which became the U.S,federal standard in 1997.
the standard form uses a 56-bit key to encrypt 64-bit data blocks.
The following is a notation for relating plaintext,ciphertext,and keys,We will
use C=E k (P) to mean that the encryption of the plaintext P using key k gives
the ciphertext C,similarly,P=D k (C) represents of decryption of C to get the
plaintext again,It then follows that D k ( E k (P))=P
密钥加密
IBM的数据加密系统 (DES)是最流行的密钥加密方案之一 。 1977年,该方案成为美国联邦标准 。 该标准形式采用 56位的密钥对 64位的数据块进行加密 。
下面是有关明文,密文和密钥关系的表示法 。 我们用 C=E k (P)表示用密钥 K
对明文 P加密,得到密文 C。 类似的,P=D k (C)代表对 C解密得到明文 。 因而遵循,D k (E k (P))=P
Chapter 10 Computer and Network Security
计算机专业英语 10-18
10.2 Modern Cryptography- Data Encryption
DES has been studied by many of the world’s leading
cryptographers,but no weaknesses have been uncovered,To crack
a DES-encrypted message a hacker or commercial spy would need
to try 255 possible keys,This type of search would need days of
computer time on the world’s fastest supercomputers,Even then,
the message may not be cracked if the plaintext is not easily
understood [2].
为了打开一个 DES加密的报文,黑客或商业间谍需要试验 255种可能的密钥,这种搜索在世界上最快的巨型机上也需好几天的计算机时间 。 如果未加密的,明文,是不易理解的,即使算出报文也可能解不开 。
Chapter 10 Computer and Network Security
计算机专业英语 10-19
10.2 Modern Cryptography- Data Encryption
Developers using DES can improve security by changing the keys
frequently,using temporary session keys,or using triple-
encryption DES,With triple DES,each 64-bit block is encrypted
under three different DES keys,Recent research has confirmed
that triple-DES is indeed more secure than single-DES,The User
Data Masking Encryption Facility is an export-grade algorithm
substituted for DES in several IBM products,such as the
Distributed Computing Environment (DCE) [3].
使用 DES的开发人员可以通过频繁更改密钥,使用临时的会话密钥或使用三重加密 DES来提高安全性 。 使用三重 DES时,每个 64
位数据块用三种不同的 DES密钥加密 。 最新研究已确认三重 DES
确实比单重 DES更安全 。
Chapter 10 Computer and Network Security
计算机专业英语 10-20
10.2 Modern Cryptography- Data Encryption
Public-key encryption
The key distribution problem has always been the weak link in
the secret-key systems,Since the encryption key and decryption
key are the same( or easily derived from one another) and the
key has to be distributed to all users of the system,it seemd as if
there was an inherent built-in problem,keys had to be protected
from theft,but they also had to be distributed,so they could not
just be locked up in a bank vault.
公钥加密密钥的分布问题在秘钥系统中一直是一个薄弱环节 。 因为加密密钥和解密密钥是相同的 ( 或彼此容易推出来 ) 并且这个密钥必须分配给该秘钥系统的所有用户,这好像是存在一个固有的内部问题,必须保护密钥不被偷窃,但又必须分布出去,所以它们不可能只是锁在银行的地下室里 。
Chapter 10 Computer and Network Security
计算机专业英语 10-21
10.2 Modern Cryptography- Data Encryption
Encryption can be used to protect data in transit as well as data in
storage,Some vendors provide hardware encryption devices that
can be used to encrypt and decrypt data,There are also software
encryption packages which are available either commercially or as
free software.
加密可以用来保护传输中的数据和存储器中的数据 。 一些厂家提供硬件加密设备,用来加密和解密数据 。 也可买到软件加密程序包或作为自由软件免费获得 。
Encryption can be defined as the process of tasking information
that exists in some readable form (plaintext) and converting it into
a form (ciphertext) so that it cannot be understood by others.
加密 可以定义为把现有的,以某种可读形式 ( 明文 ) 的信息转换成其他人不能理解的形式 ( 密文 ) 的过程 。
Chapter 10 Computer and Network Security
计算机专业英语 10-22
10.2 Modern Cryptography- Data Encryption
In public key cryptosystem,the encryption and decryption keys were
different,and plaintext encrypted with the public key can only be deciphered
with the private key from the same pair,Conversely,plaintext encrypted
with the private key can be decrypted only with the public key[4] ( it is used
in electronic signatures),The notations for these are as follows.
C=E k (P),P=D k1(C)=D k1 (E k (P)) or
C=D k1 (P),P=E k (C)=E k (D k1 (P))
在公钥秘钥系统中,加密和解密密钥是不同的 。 并且用公开密钥加密的明文只能用同一对密钥中的秘密密钥解密 。 相反,用私有密钥加密的明文只能用公开密钥解密
( 它用于电子签名 ) 。 这些关系的表示法如下,(见上式 )
Here k is a public key and k1 is private key( or secret key),Users can make their
public keys freely available or place them at a key distribution center for others to
access,However,the private key must be kept safe,In public-key systems there is no
need to find a safe channel for communicating a shared secret key.
这里 K是公开密钥,K1是私有密钥 ( 或秘密密钥 ) 。 用户可以让他们的公开密钥自由地使用,或把它们放在密钥分配中心供其他人存取 。 然而,私有密钥必须安全的保存 。 在公开密钥系统,无需找一条传送共享的私有密钥的安全通道 。
Chapter 10 Computer and Network Security
计算机专业英语 10-23
10.3 How Firewalls Work
New Words & Expressions
firewall n,防火墙 offensive adj,无理的,攻击性的
hacker n,黑客 filter v,过滤,滤过,渗入
private 私有的,秘密地 packet n,小包,信息包
employee n,职员,雇工 telnet n,远程登录
traffic n,流量 proxy n,代理
retrieve v,检索 match n.比较,匹配,符合
customizable 可定制的 block n,妨碍,阻碍
port n,端口 bug n,故障,( 程序 ) 错误
unsolicited adj.主动提供的 junk n.垃圾,无用数据
spam n,垃圾邮件 counter v,还击,驳回
session n,会话 inundate v,淹没
macro [计 ]宏指令,宏功能 viruse n,病毒
Chapter 10 Computer and Network Security
计算机专业英语 10-24
10.3 How Firewalls Work
Abbreviations
HTTP (Hypertext Transfer Protocol)超文本传输协议
FTP (File Transfer Protocol) 文件传输协议
SMTP (Simple Mail Transfer Protocol)简单邮件传送协议
ICMP (Internet Control Message Protocol)网际控制报文协议
A small home network has many of the same security issues that a
large corporate network does,You can use a firewall to protect your home
network and family from offensive Web sites and potential hackers.
一个小型家庭网有着与大公司的网络相同的安全问题 。 防火墙可以保护你的家庭网和家庭免遭恶意网站和潜在黑客的攻击 。
Chapter 10 Computer and Network Security
计算机专业英语 10-25
10.3 How Firewalls Work
Basically,a firewall is a barrier to keep destructive forces away from
your property,In fact,that’s why it’s called a firewall,Its job is similar to a
physical firewall that keeps a fire from spreading from one area to the next.
实质上,防火墙就是一个屏障,保护私有财产不受破坏 。 事实上,这就是它被称为防火墙的原因 。 它的作用类似于一堵防止火灾从一处蔓延到另一处的实实在在的防火墙 。
What it does
A firewall is simply a program or hardware device that filters the
information coming through the Internet connection into your private
network or computer system,If an incoming packet of information is
flagged by the filters,it is not allowed through.
防火墙做什么一个防火墙就是一个程序或者一台硬件设备,用于过滤通过 Internet连接进入你的专用网或计算机系统中的信息 。 如果一个输入的信息包被过滤器做了标记,它就不允许通过 。
Chapter 10 Computer and Network Security
计算机专业英语 10-26
10.3 How Firewalls Work
Firewalls use one or more of three methods to control traffic flowing in and
out of the network:
(1) Packet filtering,Packets (small chunks of data) are analyzed against a
set of filters,Packets that make it through the filters are sent to the
requesting system and all others are discarded.
(2) Proxy service,Information from the Internet is retrieved by the firewall
and then sent to the requesting system and vice versa.
防火墙使用下列三种方法之一或几种来控制进出网络的通信:
( 1) 数据包过滤:数据包 ( 小块数据 ) 由一组过滤器进行分析 。 能通过过滤器的数据包被发送到发出请求的系统,其它的被丢弃 。
( 2) 代理服务:来自 Internet的信息通过防火墙进行检索,然后发送到提出请求的系统,反之亦然 。
Chapter 10 Computer and Network Security
计算机专业英语 10-27
(3) Stateful inspection,A newer method that doesn’t examine the
contents of each packet but instead compares certain key parts of the
packet to a database of trusted information,Information traveling from
inside the firewall to the outside is monitored for specific defining
characteristics,then incoming information is compared to these
characteristics,If the comparison yields a reasonable match,the
information is allowed through,Otherwise it is discarded.
( 3) 状态检查:一种更新的方法,并不检查每个数据包的内容,而是将数据包的某个关键部分与一个可信的信息数据库比较 。 从防火墙内部传输到外部的信息可根据特别规定的特性进行监控,然后将输入信息与这些特性相比较,若生成一个合理的匹配,则信息允许通过,否则就丢弃 。
10.3 How Firewalls Work
Chapter 10 Computer and Network Security
计算机专业英语 10-28
The level of security you establish will determine how many of these threats
can be stopped by your firewall,The highest level of security would be to
simply block everything,Obviously that defeats the purpose of having an
Internet connection,But a common rule of thumb[3 is to block everything,
then begin to select what types of traffic you will allow,You can also restrict
traffic that travels through the firewall so that only certain types of
information,such as e-mail,can get through,For most of us,it is probably
better to work with the defaults provides by the firewall developer unless
there is a specific reason to change it.
你所设定的安全级别将决定这些威胁有多少能够被你的防火墙所阻止 。 最高安全级别就是阻断一切 。 很显然,这就失去了进行 Internet连接的意义 。
但通常的经验做法是阻断一切,然后,开始选择你将允许什么类型的通信 。
你还可以限制通过防火墙的通信,以便只有几种信息通过,如电子邮件 。
对我们大多数人来说,除非有特殊的理由要改变它,否则最好在防火墙开发商提供的默认条件下工作 。
10.3 How Firewalls Work
Chapter 10 Computer and Network Security
计算机专业英语 10-29
One of the best things about a firewall from a security standpoint is
that it stops anyone on the outside from logging onto a computer in
your private network,While this is a big deal[4] for businesses,most
home networks will probably not be threatened in this manner.
从 安全的角度来看,防火墙的一个优点就是它能阻止任何外来人登录到专用网中的一台计算机上,这对企业很重要,大多数家庭网在这种方式下可以不受威胁 。
10.3 How Firewalls Work
Chapter 10 Computer and Network Security
计算机专业英语 10-30
学术文章的标题主要有三种结构,名词性词组 (包括动名词 ),介词词组,
名词词组 +介词词组 。 间或也用一个疑问句作标题 (多用在人文社会科学领域 ),但一般不用陈述句或动词词组作标题 。
一,名词性词组名词性词组由名词及其修饰语构成 。 名词的修饰语可以是形容词,介词短语,有时也可以是另一个名词 。 名词修饰名词时,往往可以缩短标题的长度 。 以下各标题分别由两个名词词组构成 。 例如:
Latent demand and the browsing shopper (名词词组 +名词词组 )
Cost and productivity (名词 +名词 )
科技论文标题的写法
Chapter 10 Computer and Network Security
计算机专业英语 10-31
科技论文标题的写法二,介词词组介词词组由 介词十名词或名词词组 构成 。 如果整个标题就是一个介词词组的话,一般这个介词是,on”,意思是,对 的研究,。 例如:
From Knowledge Engineering to Knowledge Management ( 介词词组 +介词词组 )
On the correlation between working memory capacity and performance
on intelligence tests
Chapter 10 Computer and Network Security
计算机专业英语 10-32
科技论文标题的写法三,名词 /名词词组 +介词词组这是标题中用得最多的结构 。 例如:
Simulation of Controlled Financial Statements (名词 +介词词组 )
The impact of internal marketing activities on external
marketing outcomes (名词 +介词词组 +介词词组 )
Diversity in the Future Work Force (名词 +介词词组 )
Models of Sustaining Human and Natural Development (名词 +介词词组 )
标题中的介词词组一般用来修饰名词或名词词组,从而限定某研究课题的范围 。 这种结构与中文的,的,字结构相似,区别是中文标题中修饰语在前,中心词在后 。 英文正好相反,名词在前,而作为修饰语的介词短语在后 。 例如:
Progress on Fuel Cell and its Materials (燃料电池及其材料进展 )
Chapter 10 Computer and Network Security
计算机专业英语 10-33
科技论文标题的写法四,其他形式对于值得争议的问题,偶尔可用疑问句作为论文的标题,以点明整个论文讨论的焦点 。 例如,
Is B2B e-commerce ready for prime time?
Can ERP Meet Your eBusiness Needs?
Chapter 10 Computer and Network Security
计算机专业英语 10-34
科技论文标题的写法有的标题由两部分组成,用冒号 (,)隔开 。 一般来说,冒号前面一部分是研究的对象,内容或课题,比较笼统,冒号后面具体说明研究重点或研究方法 。 这种结构可再分为三种模式 。
模式 1 研究课题:具体内容 。 例如,
Microelectronic Assembly and Packaging Technology,Barriers and Needs
The Computer Dictionary Project,an update
模式 2 研究课题:方法/性质 。 例如,
B2B E-Commerce,A Quick Introduction
The Use of Technology in Higher Education Programs,a National Survey
模式 3 研究课题:问题焦点 。 例如,
Caring about connections,gender and computing
Chapter 10 Computer and
Network Security
Chapter 10 Computer and Network Security
计算机专业英语 10-2
Key points:
useful terms and definitions
of computer security
Difficult points:
distinguish between four
kinds of computer security
breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-3
Requirements:
1,Principle of easiest penetration
2,The kinds of computer security breaches
3,What is firewall
4,了解科技论文标题的写法
Chapter 10 Computer and Network Security
计算机专业英语 10-4
New Words & Expressions:
breach 破坏,缺口 involve 包含,涉及,也可不译
depositor 寄托者 vulnerability 弱点,攻击
perimeter 周围,周边 penetrate vt,攻破,攻击
Exposure 曝光,揭露 threat n,威胁,恐吓
asset 资产 interruption 中断,打断
interception 截取 modification 修改
fabricate v,伪造 tamper v,篡改
spurious adj,假的
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Abbreviations:
Chapter 10 Computer and Network Security
计算机专业英语 10-5
10.1.1 入侵计算机的特点
Principle of Easiest Penetration,An intruder must be expected to use any
available means of penetration,This will not necessarily be the most
obvious means,nor will it necessarily be the one against which the most
solid defense has been installed.
最容易攻破原理 。 入侵者必定要使用一种可以攻破的方法,这种方法既不可能是最常用的,也不可能是针对已经采取了最可靠的防范措施的方法 。
This principle says that computer security specialists must consider all
possible means of penetration,because strengthening one may just make
another means more appealing to intruders,We now consider what these
means of penetration are.
这一原理说明计算机安全专家必须考虑所有可能的攻击方法 。 由于你加强了某一方面,入侵者可能会想出另外的对付方法 。 我们现在就说明这些攻击的方法是什么 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-6
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
10.1.2 KINDS OF SECURITY BREACHES
In security,an exposure is a form of possible loss or harm in a
computing system; examples of exposures are unauthorized disclosure
of data,modification of data,or denial of legitimate access to
computing,A vulnerability is a weakness in the security system that
might be exploited to cause loss or harm.
在计算机系统中,暴露是一种使安全完全丧失或受到伤害的一种形式;
暴露的例子是非授权的数据公开,数据修改或拒绝合法的访问计算机 。
脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害 。
Chapter 10 Computer and Network Security
计算机专业英语 10-7
10.1.2 KINDS OF SECURITY BREACHES
A human who exploits a vulnerability perpetrates an attack on the system.
Threats to computing systems are circumstances that have the potential
to cause loss or harm; human attacks are examples of threats,as are
natural disasters,inadvertent human errors,and internal hardware or
software flaws,Finally,a control is a protective measure-an action,a
device,a procedure,or a technique-that reduces a vulnerability.
人可利用脆弱性对系统进行罪恶的攻击 。 对计算机系统的威胁是引起安全丧失或伤害的环境;人们的攻击是威胁的例子,如自然灾害,人们非故意错误和硬件或软件缺陷等 。 最后,控制是一种保护性措施 —— 控制可以是一种动作,一个设备,一个过程或一种技术 —— 减少了脆弱性 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-8
10.1.2 KINDS OF SECURITY BREACHES
The major assets of computing systems are hardware,software,
and data,There are four kinds of threats to the security of a
computing system,interruption,interception,modification,and
fabrication,The four threats all exploit vulnerabilities of the assets
in computing systems,These four threats are shown in Fig.10-1.
计算机系统的主要资源是硬件,软件和数据 。 有四种对计算机安全的威胁:中断,截取,篡改和伪造 。 这四种威胁都利用了计算机系统资源的脆弱性,图 10-1表示这四种威胁 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-9
Fab ric ation
Modification
N ormal Flow
I n ter rup tion
I n ter ception
Fig.10-1Four classes of System Security Failures
Chapter 10 Computer and Network Security
计算机专业英语 10-10
10.1.2 KINDS OF SECURITY BREACHES
(1) In an interruption,an asset of the system becomes lost or
unavailable or unusable,An example is malicious destruction
of a hardware device,erasure of a program or data file,or
failure of an operating system file manager so that it cannot
find a particular disk file,
(1)在 中断 情况下,系统资源开始丢失,不可用或不能用 。 例如,蓄意破坏硬件设备,抹除程序或数据文件或造成操作系统的文件管理程序故障,以致不能找到某一磁盘文件 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-11
10.1.2 KINDS OF SECURITY BREACHES
(2) An interception means that some unauthorized party has gained access
to an asset,The outside party can be a person,a program,or a computing
system,Examples of this type of failure are illicit copying of program or
data files,or wiretapping to obtain data in a network,While a loss may be
discovered fairly quickly,a silent interceptor may leave no traces by
which the interception can be readily detected.
(2)截取 是指某一非特许用户掌握了访问资源的权利 。 外界用户可以是一个人,一个程序或一个计算机系统 。 这种威胁的例子如程序或数据文件的非法拷贝,或私自接线入网去获取数据 。 数据丢失可能会很快被发现,但很可能截取者并不留下任何容易检测的痕迹 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-12
10.1.2 KINDS OF SECURITY BREACHES
(3) If an unauthorized party not only accesses but tampers with an asset,
the failure becomes a modification,For example,someone might modify
the values in a database,alter a program so that it performs an additional
computation,or modify data being transmitted electronically,It is even
possible for hardware to be modified,Some cases of modification can be
detected with simple measures,while other more subtle changes may be
almost impossible to detect,
(3)如果非授权用户不仅可以访问计算机资源,而且可以篡改资源,则威胁就成为 修改 了。例如,某人可以修改数据库中的值,更换一个程序,
以便完成另外的计算,或修改正在传送的数据,甚至还 可能修改硬件。
某些情况下可以用简单的测量手段检测 出所做的修改,但某些微妙的修改是不可能检测出来的。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-13
10.1.2 KINDS OF SECURITY BREACHES
(4) Finally,an unauthorized party might fabricate counterfeit
objects for a computing system,The intruder may wish to add
spurious transactions to a network communication system,or add
records to an existing data base,Sometimes these additions can be
detected as forgeries,but if skillfully done,they are virtually
indistinguishable from the real thing.
(4)最后,非授权用户可以 伪造 计算机系统的一些对象 。 入侵者妄图向网络通信系统加入一个假的事务处理业务,或向现有的数据库加入记录 。 有时,这些增加的数据可以作为伪造品检测出来,
但如果做得很巧妙,这些数据实际上无法与真正的数据分开 。
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
Chapter 10 Computer and Network Security
计算机专业英语 10-14
10.1 Characteristics of Computer Intrusion and
Kinds of Security Breaches
10.1.2 KINDS OF SECURITY BREACHES
These four classes of interference with computer activity-
interruption,interception,modification,and fabrication-can
describe the kinds of exposures possible[2].
这四种对计算机工作的干扰 —— 中断,截取,修改 或 伪造 —
— 表明了可能出现的几种威胁类型 。
Chapter 10 Computer and Network Security
计算机专业英语 10-15
New Words & Expressions:
cryptography n,密码学 encryption 加密
cipher n,密码 ( 钥 ),加密程序 decrypt v,解密
transit 通行 ( 过 ),运输 plaintext n,明文
cyphertext n,密文 scheme n,计划,方案
secret-key 秘钥 public-key 公钥
symmetric adj,对称的 data integrity 数据完整性
session key 会话密钥 crack v,解开,裂开
hacker 黑客,计算机窃贼 encode v,编码
triple-encryption 三重加密 built-in 内在 (固有 )的,
state-of-the-art 最新的 proliferate v.增生,扩散
10.2 Modern Cryptography- Data Encryption
Abbreviations,
DES (Data Encryption System) 数据加密系统
DCE ( Distributed Computing Environment)分布式计算环境
Chapter 10 Computer and Network Security
计算机专业英语 10-16
10.2 Modern Cryptography- Data Encryption
If the receiver of the encrypted data wants to read the original data,the
receiver must convert it back to the original through a process called
decryption,Decryption is the inverse of the encryption process,In order to
perform the decryption,the receiver must be in possession of a special piece of
data called the key.
如果接收到加密数据的人要看原来的数据,就必须把数据转换为原来的形式,这个过程称为 解密 。 解密是加密过程的逆过程 。 为了进行解密,接收者必须有称为密钥的特殊数据 。
The two main competing cryptography schemes are known as the
secret-key (symmetric) system and the public-key (asymmetric) system,The
secret-key system uses a single,wholly secret sequence both to encrypt and to
decrypt messages,The public-key system uses a pair of mathematically related
sequences,one each for encryption and decryption [1].
现在有两种主要的,相互竞争的密码术:秘钥 ( 对称 ) 和公钥 ( 不对称 ) 系统 。 秘钥系统采用单一的绝密序列,对报文进行加密和解密 。 公钥系统 采用一对数学上相关的序列,一个用于加密,另一个用于解密 。
Chapter 10 Computer and Network Security
计算机专业英语 10-17
10.2 Modern Cryptography- Data Encryption
Secret-key encryption
One of the most popular secret-key encryption schemes is IBM’s Data
Encryption System (DES),which became the U.S,federal standard in 1997.
the standard form uses a 56-bit key to encrypt 64-bit data blocks.
The following is a notation for relating plaintext,ciphertext,and keys,We will
use C=E k (P) to mean that the encryption of the plaintext P using key k gives
the ciphertext C,similarly,P=D k (C) represents of decryption of C to get the
plaintext again,It then follows that D k ( E k (P))=P
密钥加密
IBM的数据加密系统 (DES)是最流行的密钥加密方案之一 。 1977年,该方案成为美国联邦标准 。 该标准形式采用 56位的密钥对 64位的数据块进行加密 。
下面是有关明文,密文和密钥关系的表示法 。 我们用 C=E k (P)表示用密钥 K
对明文 P加密,得到密文 C。 类似的,P=D k (C)代表对 C解密得到明文 。 因而遵循,D k (E k (P))=P
Chapter 10 Computer and Network Security
计算机专业英语 10-18
10.2 Modern Cryptography- Data Encryption
DES has been studied by many of the world’s leading
cryptographers,but no weaknesses have been uncovered,To crack
a DES-encrypted message a hacker or commercial spy would need
to try 255 possible keys,This type of search would need days of
computer time on the world’s fastest supercomputers,Even then,
the message may not be cracked if the plaintext is not easily
understood [2].
为了打开一个 DES加密的报文,黑客或商业间谍需要试验 255种可能的密钥,这种搜索在世界上最快的巨型机上也需好几天的计算机时间 。 如果未加密的,明文,是不易理解的,即使算出报文也可能解不开 。
Chapter 10 Computer and Network Security
计算机专业英语 10-19
10.2 Modern Cryptography- Data Encryption
Developers using DES can improve security by changing the keys
frequently,using temporary session keys,or using triple-
encryption DES,With triple DES,each 64-bit block is encrypted
under three different DES keys,Recent research has confirmed
that triple-DES is indeed more secure than single-DES,The User
Data Masking Encryption Facility is an export-grade algorithm
substituted for DES in several IBM products,such as the
Distributed Computing Environment (DCE) [3].
使用 DES的开发人员可以通过频繁更改密钥,使用临时的会话密钥或使用三重加密 DES来提高安全性 。 使用三重 DES时,每个 64
位数据块用三种不同的 DES密钥加密 。 最新研究已确认三重 DES
确实比单重 DES更安全 。
Chapter 10 Computer and Network Security
计算机专业英语 10-20
10.2 Modern Cryptography- Data Encryption
Public-key encryption
The key distribution problem has always been the weak link in
the secret-key systems,Since the encryption key and decryption
key are the same( or easily derived from one another) and the
key has to be distributed to all users of the system,it seemd as if
there was an inherent built-in problem,keys had to be protected
from theft,but they also had to be distributed,so they could not
just be locked up in a bank vault.
公钥加密密钥的分布问题在秘钥系统中一直是一个薄弱环节 。 因为加密密钥和解密密钥是相同的 ( 或彼此容易推出来 ) 并且这个密钥必须分配给该秘钥系统的所有用户,这好像是存在一个固有的内部问题,必须保护密钥不被偷窃,但又必须分布出去,所以它们不可能只是锁在银行的地下室里 。
Chapter 10 Computer and Network Security
计算机专业英语 10-21
10.2 Modern Cryptography- Data Encryption
Encryption can be used to protect data in transit as well as data in
storage,Some vendors provide hardware encryption devices that
can be used to encrypt and decrypt data,There are also software
encryption packages which are available either commercially or as
free software.
加密可以用来保护传输中的数据和存储器中的数据 。 一些厂家提供硬件加密设备,用来加密和解密数据 。 也可买到软件加密程序包或作为自由软件免费获得 。
Encryption can be defined as the process of tasking information
that exists in some readable form (plaintext) and converting it into
a form (ciphertext) so that it cannot be understood by others.
加密 可以定义为把现有的,以某种可读形式 ( 明文 ) 的信息转换成其他人不能理解的形式 ( 密文 ) 的过程 。
Chapter 10 Computer and Network Security
计算机专业英语 10-22
10.2 Modern Cryptography- Data Encryption
In public key cryptosystem,the encryption and decryption keys were
different,and plaintext encrypted with the public key can only be deciphered
with the private key from the same pair,Conversely,plaintext encrypted
with the private key can be decrypted only with the public key[4] ( it is used
in electronic signatures),The notations for these are as follows.
C=E k (P),P=D k1(C)=D k1 (E k (P)) or
C=D k1 (P),P=E k (C)=E k (D k1 (P))
在公钥秘钥系统中,加密和解密密钥是不同的 。 并且用公开密钥加密的明文只能用同一对密钥中的秘密密钥解密 。 相反,用私有密钥加密的明文只能用公开密钥解密
( 它用于电子签名 ) 。 这些关系的表示法如下,(见上式 )
Here k is a public key and k1 is private key( or secret key),Users can make their
public keys freely available or place them at a key distribution center for others to
access,However,the private key must be kept safe,In public-key systems there is no
need to find a safe channel for communicating a shared secret key.
这里 K是公开密钥,K1是私有密钥 ( 或秘密密钥 ) 。 用户可以让他们的公开密钥自由地使用,或把它们放在密钥分配中心供其他人存取 。 然而,私有密钥必须安全的保存 。 在公开密钥系统,无需找一条传送共享的私有密钥的安全通道 。
Chapter 10 Computer and Network Security
计算机专业英语 10-23
10.3 How Firewalls Work
New Words & Expressions
firewall n,防火墙 offensive adj,无理的,攻击性的
hacker n,黑客 filter v,过滤,滤过,渗入
private 私有的,秘密地 packet n,小包,信息包
employee n,职员,雇工 telnet n,远程登录
traffic n,流量 proxy n,代理
retrieve v,检索 match n.比较,匹配,符合
customizable 可定制的 block n,妨碍,阻碍
port n,端口 bug n,故障,( 程序 ) 错误
unsolicited adj.主动提供的 junk n.垃圾,无用数据
spam n,垃圾邮件 counter v,还击,驳回
session n,会话 inundate v,淹没
macro [计 ]宏指令,宏功能 viruse n,病毒
Chapter 10 Computer and Network Security
计算机专业英语 10-24
10.3 How Firewalls Work
Abbreviations
HTTP (Hypertext Transfer Protocol)超文本传输协议
FTP (File Transfer Protocol) 文件传输协议
SMTP (Simple Mail Transfer Protocol)简单邮件传送协议
ICMP (Internet Control Message Protocol)网际控制报文协议
A small home network has many of the same security issues that a
large corporate network does,You can use a firewall to protect your home
network and family from offensive Web sites and potential hackers.
一个小型家庭网有着与大公司的网络相同的安全问题 。 防火墙可以保护你的家庭网和家庭免遭恶意网站和潜在黑客的攻击 。
Chapter 10 Computer and Network Security
计算机专业英语 10-25
10.3 How Firewalls Work
Basically,a firewall is a barrier to keep destructive forces away from
your property,In fact,that’s why it’s called a firewall,Its job is similar to a
physical firewall that keeps a fire from spreading from one area to the next.
实质上,防火墙就是一个屏障,保护私有财产不受破坏 。 事实上,这就是它被称为防火墙的原因 。 它的作用类似于一堵防止火灾从一处蔓延到另一处的实实在在的防火墙 。
What it does
A firewall is simply a program or hardware device that filters the
information coming through the Internet connection into your private
network or computer system,If an incoming packet of information is
flagged by the filters,it is not allowed through.
防火墙做什么一个防火墙就是一个程序或者一台硬件设备,用于过滤通过 Internet连接进入你的专用网或计算机系统中的信息 。 如果一个输入的信息包被过滤器做了标记,它就不允许通过 。
Chapter 10 Computer and Network Security
计算机专业英语 10-26
10.3 How Firewalls Work
Firewalls use one or more of three methods to control traffic flowing in and
out of the network:
(1) Packet filtering,Packets (small chunks of data) are analyzed against a
set of filters,Packets that make it through the filters are sent to the
requesting system and all others are discarded.
(2) Proxy service,Information from the Internet is retrieved by the firewall
and then sent to the requesting system and vice versa.
防火墙使用下列三种方法之一或几种来控制进出网络的通信:
( 1) 数据包过滤:数据包 ( 小块数据 ) 由一组过滤器进行分析 。 能通过过滤器的数据包被发送到发出请求的系统,其它的被丢弃 。
( 2) 代理服务:来自 Internet的信息通过防火墙进行检索,然后发送到提出请求的系统,反之亦然 。
Chapter 10 Computer and Network Security
计算机专业英语 10-27
(3) Stateful inspection,A newer method that doesn’t examine the
contents of each packet but instead compares certain key parts of the
packet to a database of trusted information,Information traveling from
inside the firewall to the outside is monitored for specific defining
characteristics,then incoming information is compared to these
characteristics,If the comparison yields a reasonable match,the
information is allowed through,Otherwise it is discarded.
( 3) 状态检查:一种更新的方法,并不检查每个数据包的内容,而是将数据包的某个关键部分与一个可信的信息数据库比较 。 从防火墙内部传输到外部的信息可根据特别规定的特性进行监控,然后将输入信息与这些特性相比较,若生成一个合理的匹配,则信息允许通过,否则就丢弃 。
10.3 How Firewalls Work
Chapter 10 Computer and Network Security
计算机专业英语 10-28
The level of security you establish will determine how many of these threats
can be stopped by your firewall,The highest level of security would be to
simply block everything,Obviously that defeats the purpose of having an
Internet connection,But a common rule of thumb[3 is to block everything,
then begin to select what types of traffic you will allow,You can also restrict
traffic that travels through the firewall so that only certain types of
information,such as e-mail,can get through,For most of us,it is probably
better to work with the defaults provides by the firewall developer unless
there is a specific reason to change it.
你所设定的安全级别将决定这些威胁有多少能够被你的防火墙所阻止 。 最高安全级别就是阻断一切 。 很显然,这就失去了进行 Internet连接的意义 。
但通常的经验做法是阻断一切,然后,开始选择你将允许什么类型的通信 。
你还可以限制通过防火墙的通信,以便只有几种信息通过,如电子邮件 。
对我们大多数人来说,除非有特殊的理由要改变它,否则最好在防火墙开发商提供的默认条件下工作 。
10.3 How Firewalls Work
Chapter 10 Computer and Network Security
计算机专业英语 10-29
One of the best things about a firewall from a security standpoint is
that it stops anyone on the outside from logging onto a computer in
your private network,While this is a big deal[4] for businesses,most
home networks will probably not be threatened in this manner.
从 安全的角度来看,防火墙的一个优点就是它能阻止任何外来人登录到专用网中的一台计算机上,这对企业很重要,大多数家庭网在这种方式下可以不受威胁 。
10.3 How Firewalls Work
Chapter 10 Computer and Network Security
计算机专业英语 10-30
学术文章的标题主要有三种结构,名词性词组 (包括动名词 ),介词词组,
名词词组 +介词词组 。 间或也用一个疑问句作标题 (多用在人文社会科学领域 ),但一般不用陈述句或动词词组作标题 。
一,名词性词组名词性词组由名词及其修饰语构成 。 名词的修饰语可以是形容词,介词短语,有时也可以是另一个名词 。 名词修饰名词时,往往可以缩短标题的长度 。 以下各标题分别由两个名词词组构成 。 例如:
Latent demand and the browsing shopper (名词词组 +名词词组 )
Cost and productivity (名词 +名词 )
科技论文标题的写法
Chapter 10 Computer and Network Security
计算机专业英语 10-31
科技论文标题的写法二,介词词组介词词组由 介词十名词或名词词组 构成 。 如果整个标题就是一个介词词组的话,一般这个介词是,on”,意思是,对 的研究,。 例如:
From Knowledge Engineering to Knowledge Management ( 介词词组 +介词词组 )
On the correlation between working memory capacity and performance
on intelligence tests
Chapter 10 Computer and Network Security
计算机专业英语 10-32
科技论文标题的写法三,名词 /名词词组 +介词词组这是标题中用得最多的结构 。 例如:
Simulation of Controlled Financial Statements (名词 +介词词组 )
The impact of internal marketing activities on external
marketing outcomes (名词 +介词词组 +介词词组 )
Diversity in the Future Work Force (名词 +介词词组 )
Models of Sustaining Human and Natural Development (名词 +介词词组 )
标题中的介词词组一般用来修饰名词或名词词组,从而限定某研究课题的范围 。 这种结构与中文的,的,字结构相似,区别是中文标题中修饰语在前,中心词在后 。 英文正好相反,名词在前,而作为修饰语的介词短语在后 。 例如:
Progress on Fuel Cell and its Materials (燃料电池及其材料进展 )
Chapter 10 Computer and Network Security
计算机专业英语 10-33
科技论文标题的写法四,其他形式对于值得争议的问题,偶尔可用疑问句作为论文的标题,以点明整个论文讨论的焦点 。 例如,
Is B2B e-commerce ready for prime time?
Can ERP Meet Your eBusiness Needs?
Chapter 10 Computer and Network Security
计算机专业英语 10-34
科技论文标题的写法有的标题由两部分组成,用冒号 (,)隔开 。 一般来说,冒号前面一部分是研究的对象,内容或课题,比较笼统,冒号后面具体说明研究重点或研究方法 。 这种结构可再分为三种模式 。
模式 1 研究课题:具体内容 。 例如,
Microelectronic Assembly and Packaging Technology,Barriers and Needs
The Computer Dictionary Project,an update
模式 2 研究课题:方法/性质 。 例如,
B2B E-Commerce,A Quick Introduction
The Use of Technology in Higher Education Programs,a National Survey
模式 3 研究课题:问题焦点 。 例如,
Caring about connections,gender and computing