内容发布更新时间 : 2024/11/18 6:02:12星期一 下面是文章的全部内容请认真阅读。
网络地址转换。翻译内部主机的IP地址以避免通过外部监视器被检测,或者我们可以说成IP伪装。
代理服务。代表主机电脑应用方面具有较高水平,能够完全中断连接之间的跨主机和外部网络层。
我们应该更加注重的是没有防火墙可以提供绝对的保护。防火墙具有边界,其中包括来自防火墙外部其他攻击方式的无用保护;难以阻止病毒污染的软件或文件的传输,几乎没有拒绝构成内部用户的威胁;几乎可以防止运行数据的攻击。此外,由于防火墙的安全政策在公司是由网络管理员来控制的,所以他的道德标准似乎更为重要。 1.4.2 加密技术
加密的目的是为了保护数据、文件、密码和网络上的控制信息,以及保护网络上数据传输。这个过程实际上是进行了各种加密算法,用最低的成本获得一些保护。在大多数情况下,加密是保证信息保密性和重要性的唯一途径。加密系统可以根据分类代码之间信息的发送者和接受密码的方式,通常被划分成对称加密代码(单个键)和公共加密代码(双击键),如典型的代表DES和RSA。
伴随着高加密产生的优势之一是对称加密代码管理与安全方式传输信息的难度。公众的加密代码的优势是它可以适用于网络不限成员名额的要求,并实现数字签名和验证。然而,复杂的算法将使数据加密速度放缓。随着现代电子技术和加密技术的发展,公共密码编码算法将逐渐成为网络安全加密系统的主流。人们通常将常规密码和公共密码在网络安全中一起同应用。
常规的网络数据加密具有链路、节点和端到端的方式。作为最常用的加密方式,链路加密可以通过链路层和物理层在网络和硬件条件下实现。它用来保护通信节点传输的数据,对用户是透明的。节点加密提高了链路加密和克服链路加密很容易被非法访问的缺陷。它也可以在协议传输层加密,使原始节点和目的节点之间传输的数据进行加密保护。端到端的加密是在网络层,在表示层中的网络和数据传输加密具有高水平的水准,而不是低级
.
别的协议信息。相比链路加密它往往是由软件完成,它具有较低的成本和更高的安全性。 1.4.3访问控制技术
它是网络安全防范和保护的主要技术。并且关键的任务是确保网络资源不会被非法使用和访问。此技术规范每一个文件和资源,比如可读、可录制和可以修改用户的操作权限。据预计,所有的信息资源可以集中管理,没有任何含糊和以往法规之间也没有冲突。它应该与审计功能记录所有活动作进一步检查,以及提供微控制。为了保障网络系统的安全性和保护网络资源,访问控制技术是保障网络安全的最重要的核心的之一。 1.4.4病毒防范技术
目前,日益发达的网络技术提供了多种方式的传输,使病毒的极大威胁网络安全与传播的多元化路线。专门的反病毒软件可以被认为是以最常用的方式驱逐电脑病毒,它还可以自动检测和删除在内存、BIOS和磁盘中的病毒。然而,反病毒软件的探索和更新总是远远落后于新病毒的出现,所以它有时可能不能够检测或删除一些病毒。尽管反病毒软件的版本已日益更新和功能大大提高,带有病毒的程序和常规程序有共同的相似性和特异性目标。更重要的是,人们很难预测病毒在未来如何发展和变化,所以我们在探索软件和反病毒硬件设备的时候也有巨大的困难。
此外,一旦病毒成功通过穿过系统或违反授权攻击,攻击者通常植入木马程序或者系统逻辑炸弹来为下一步攻击系统提供便利条件。互联网正在挑战很多的反病毒软件。如今,每天都会有几十种新病毒出现,其中大多数是通过互联网传播。为了有效地保护企业的信息化,防病毒软件应该支持所有的因特网协议及可用于所有的企业的邮件系统,保证它能够及时申请和跟上不断变化的世界步伐。有些像诺顿的防病毒软件,McAfee公司做出了很大的进展。不仅有效地切断病毒访问,而且可以保护企业和其他方面避免病毒的爆发和造成经济损失。
.
1.5总结
随着计算机技术的飞速发展,计算机已成为一种工具,同时网络已经成为我们的日常工作、学习和生活中的重要组成部分之一。因此,网络安全技术已成为信息网络发展的关键点。当人们踏进信息社会第一步的时候,它已变得对社会发展具有重大的战略意义。网络安全技术是保证社会发展不可替代的保证。中国仍然处于网络安全探索和信息网络技术产品探索的原始阶段,这意味着我们应该大力地研究、开发、探索确保信息安全的措施,从而促进了国民经济的快速发展。
.
附件1:外文原文
Security and Precaution On Computer Network
1.1 INTRODUCTION
The rapid development of computer technology has provided certain technological protection, which means computer application has infiltrated into various fields of society. At the same time, enormous progress and popularization of network technology has brought large economic profits to the society. However, ways to sabotage and attack computer information system has changed a lot under the network circumstance which gradually makes network security issues the mainstream of computer security.
1.2 NETWORK SECURITY
1.2.1 Concept and characteristics of computer network security.
Computer network security is considered to be a comprehensive subject that consists of various ones, including computer science, network technology, communication technology, information security technology, applied mathematics and information theory. As a systemic concept, network security is composed by physical security, software security, information security and circulation security. Essentially, network security means Internet information security. Generally speaking, relevant theory and technology on security, integration, availability, and controllability that is related to network information belong to research fields of computer network security. On the contrary, narrowly, \security\means security of relevant information on network, which is to protect the information secret and integration, avoiding illegal activities by using system security vulnerabilities made to wiretap, pretend, spoof and usurp. Above all, we can protect validated users' profits and privacy.
Computer network security is characterized by privacy, integrity, facticity, reliability, availability, non-repudiation and controllability.
Privacy refers to network information will not be leaked to non-authorized users, entities or procedures, but only for authorized users, for example, mails can merely be opened by addressees, anyone else are not allowed to do that privately. When transferring information with
.
network, privacy needs to be guaranteed. Positive solution might be made to encrypt management on information. Although one can intercept that, it's just insignificant Unicode without ay importance.
Integrity means network information can be kept not being modified, sabotaged and lost in the process of storage and transmission. Integrity guarantees facticity, which means if the information is checked by the third party or non-authorized person, the content, is still for real, not being changed. So keeping integrity is the basic requirement for information security.
Facticity points to reliability on information, mainly confirms identities of information owner and sender.
Reliability indicates that system can accomplish regulated functions with stated conditions and limited time. It's the basic aim for all network information system establishment and operation.
Availability shows that network information can be visited by authorized entities and be used according to their demand.
Non-repudiation requires all participants that can not deny or repudiate the finished operations and promises in the process of transferring information. One of the measures to deal with non-repudiation is to use digital signature technology.
Controllability directs at the ability of controlling network information transmission and content. For instance, illegal and unhealthy information are forbidden to transfer through public network.
1.3 Treats faced by computer network
There are various threats confronted by computer network: hostile attack, software leak, computer virus and natural disaster. 1.3.1 Hostile attack
Hostile attack is considered to be one of the serious threats for computer network. It's a man-made destruction with propose that can be divided into initiative attack and passive attack. Initiative attack aims to wreck network and information, usually using ways of modification, delete, falsifications, deception, virus and logical bombs. Once succeed, it could stop operation of network system, even a paralysis of overall system. Passive attack is to get information, which is usually conducted to steal secret information that on one is aware of, such as business and
.