外文翻譯---asp的開發(fā)準(zhǔn)則及安全管理

1、<p><b>　　附 錄</b></p><p><b>　　外文原文：</b></p><p>　　The exploitation criteria and security management of the asp</p><p>　　Exploitation criteria :</p>

2、<p>　　Application servers have been, or ultimately will be used in Web server, which usually operate in the IIS ASP page computer. ASP is the only object of your client. It offers specialized systems and security c

3、onsiderations. While many of the Web sites use ASP simply not components, but in this article that ASP is the Internet as a bridge between the client and components. The following ASP components Guidelines (English) :<

4、;/p><p>　　ASP and the division of services between components</p><p>　　ASP server in the most commonly used building for the client to use HTML or XML documents, so we focused on the use of the pro

5、gram. This leads to a common problem, if ASP page on the server, then they are part of the operational level? Components in the world, the answer usually is not. Although the ASP server is in operation, but may be relate

6、d to space applications in the same server, but it can not make it a part of the business logic. With user interface development tool, or as the opening o</p><p>　　Let us look at some of the most important o

7、perational level and that level division guidelines :</p><p>　　Separation of the UI code and business logic. This includes preparation coupled with the UI code, such as the use of ASP components MTS internal

8、 target it with the business logic code separation, as in a different DLL.</p><p>　　affair will be separated with the ASP page. Services ASP in certain cases beyond compare, but the components and multi-stor

9、ey applications will change this situation. Components should not be dependent on the client layer to manage their affairs and business logic semantics.</p><p>　　Will be expressed components (use solicit and

10、 responsive components) and Web server on the same machine and / or tenor. If the use of ASP internal components of the target objects on remote machines, then all of the internal components will be available in retail f

11、orm. Server client access is COM+ server, which significantly reduced the performance and security of complicated. These markings will be lay in COM+ applications mark as "library activated" .</p><p&

12、gt;　　ASP exist in server, ASP pages must be consistent with resource sharing rules, and remember to flexibility. Look at the following details :</p><p>　　In the "conversation", management should av

13、oid user specific state. Keep ASP stateless and where possible to allow resources pool.</p><p>　　Mode operation:</p><p>　　In evaluating whether a code of business logic layer or expressed, may I

14、 ask myself: "If I have to use click-phone applications to replace my ASP page, then the code are there?</FONT></SPAN></P></p><p>　　<P class=MsoNormal style="TEXT-JUSTIFY: inte

15、r-ideograph; MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: justify"><SPAN lang=EN-US><FONT face="Times New Roman" size=3>"If the answer is" yes ", then it could try to business logic code

16、into machine code or user interface to help.</p><p>　　If changed after the client code can not be used, or if it is constructed with the help of the user interface, the code is expressed services layer. It A

17、SP page, or in the internal components used </p><p>　　ASP components. It does not belong to the operational targets of components. Understanding of the distinction between desktop and ASP client</p>&

18、lt;p>　　It was modular incumbent engine，different table's top' tradition uniline ran win32 application from that asp. Key distinction generalize as follows: Thread management : ASP is a multi-client threads. Th

19、is means that it can have many activities in the operation, perhaps at the same time dealing with different ASP page. This shows that it is not the only pseudo-objects to exclusive system users. This may be unexpected re

20、actions, for example, into a bad habit : the object stored in ASP application </p><p>　　Security environment : ASP is the Web site of the Internet Information Services 5.0 implementation, a low, medium, high

21、 three separate degrees. The Web site can even have different security setup, or refuse to allow anonymous access, for customer and so on. All these have generated a lot of programs, namely, the use of different end-user

22、 account is your object.</p><p>　　Easy rose : This is not a technical issue, but Web applications provide facilities Deputy effect. Traditionally, the increase in user base for desktop applications, the numb

23、er of requests carefully planned well known to the client transferred. ASP has changed the process in motion and operational, ASP-Visual Basic applications can be conveniently opened for local or worldwide for all staff,

24、 all business partners and customers all use. This approach can be used to describe - owned super links ind</p><p>　　In the use of Visual Basic ASP should target? In the context of the establishment and abol

25、ition of pages of your audience. In other words, as far as possible so that no state ASP pages only in a state of dependence conversation or temporary applications variables. Not to target storage applications in English

26、 or variables. This will lock in your conversation ASP systems, the expected value of flexibility may cancel all. In other words, the Web servers handle no more than a few dozens of users. I</p><p>　　The col

27、umn includes a lot of technology, practice and skills development can contribute to the expansion and reliable ASP components and applications.</p><p>　　Not to be quoted or applications memory at conversatio

28、n all the inserted object components are Visual Basic 6.0 "cell thread", that is to say they are operating in the Inter module. This means that if the thread established targets, then the object of all resource

29、s must use the same threads. Many threads (from it Web site users) use the same examples Agency targets, raises a series of activities, the application process may become bottlenecks.</p><p>　　In addition, i

30、n conversation with Server .Create Object stored within the object STA to be implemented threads can be effectively linked to the current user, thus it will be the largest applications to give users a few restrictions th

31、e 20xN (N = number of processors).</p><p>　　Mode operation:</p><p>　　If you according to our suggest to take object stateless, are not used for storage of a client, and stored in the context of

32、their applications. Client will be able to establish an independent, use and cancellation of their own target. This reduces the need for maintaining conversation - because they do not retain the skills unique to the stat

33、e. Recommended approach is to target a state, it needs a database or other storage area to visit (such as cookies and LDAP). If applications require the us</p><p>　　ASP security management :</p><p

34、>　　The basic concept of security management</p><p>　　Safety management is based on information and ASP solution to manage the security strategy has set the security level definition process. Including man

35、agement of the response to violations of the security act. ASP can be controlled without fear of attack and ASP clients business continuity, so to be able to deal with malicious attacks could really an art.</p>&l

36、t;p>　　Safety management in large measure dependent on the security strategy. These strategies could produce from different sources. To be considered when designing security strategy are :</p><p>　　Service

37、 level agreement on the definition of external customer needs external security law requires external suppliers within the ASP security strategy and security strategy in the ASP environment integrated customer circumstan

38、ces, the internal / external security strategy, For each solution, ASP must be defined security strategy. The strategy should be based on the various aspects of the most reliable Hop. According to customer needs, and eve

39、n the basic structure will be very different design. </p><p>　　The dedicated network joint of the both asp solution and safety precautions completeness by asp proceed end-to-end Control usually，these purpor

40、t asp versus proprietary basic structure subassembly possess full control，include asp and client of compartment. </p><p>　　Public : ASP solutions and security measures by ASP component control. Usually, this

41、 means that within the ASP is in control of its own website, but does not guarantee to provide solutions to the public network with control. However, the ASP can be used as "virtual private network" (VPN) to ca

42、rry out such technical links between ASP and client security.</p><p>　　Mixed : the solution is a combination of the previous two. "dedicated" and "common" solutions are used. In ensuring

43、security solutions, and also involves ASP customers.</p><p>　　There are five dimensions of the process needed to improve the MOF model : planning : planning activities including in customer requirements, as

44、well as internal and external strategies based on the legitimate demands of the SLA security component. In a dialogue with clients at the same time, it may be necessary to establish or adjust internal security strategy.

45、Of course we should decide whether to do so by the ASP. This resulted in a level of security planning, including all aspects of the sec</p><p>　　Implementation : Put stratification plane execute possession n

46、ecessary safety precautions，withal observe SLA suffer have definitive security part for in force. at a pinch，this phase return should put make ultra internal security policy over in force..</p><p>　　Assessme

47、nt : Assessment is essential to end security management process. It involves determining the strategy and measures adopted by the state and effectiveness.</p><p>　　Maintenance : maintenance based on the foll

48、owing security measures on the basis of : the results of regular inspections, the risk of changes in the situation clearly, and SLA or other conditions change.</p><p>　　Control : control activities can organ

49、ize and guide the security management process itself. Definition of a process control activities, functions, roles, responsibilities assigned, organizational structure and reporting structure. It is a continuing process

50、and to ensure the engine improvements.</p><p>　　Security management process must be continuous self improvement. New solutions, new technologies, new personnel, new steps, negligence may lead to the installa

51、tion of integrated security attackers solution.</p><p>　　ASP security configuration tool, ASP configuration tool for security managers should be very familiar with, because the system was associated with all

52、 aspects of information security, it is essential.</p><p>　　These tools should be very easy for you to answer the following questions : "My computer security?<SPAN style="mso-spacerun: yes"

53、> </SPAN>"or" My network security?<SPAN style="mso-spacerun: yes"> </SPAN>". These tools should allow for the definition of security strategy has covered all aspects of con

54、figuration and analysis, such as : account strategy. Installation or alteration visit strategies, including domain or local password strategies, domain or local domain Kerberos account lock strateg</p><p>　　

55、Local strategy. Of the local audit strategies, a wide range of user competence and the distribution of security option, such as diskettes, CD-ROM such control. Restricted group. To be embedded in the group and the alloca

56、tion of any other specific group or modify designated members of the group (such as Administrators, Server Operators, Backup Operators and Power Users, etc.). This should not be used as a management tool to use general m

57、embers-only used to control specific groups (with sensitive </p><p>　　Document or folder sharing. Distribution systems and document services Reorientation of equipment services devices installed. This includ

58、es visiting various networks, the sharing of documents and the closure of anonymous visits opening packet signatures and security of the option.</p><p>　　System Registry : installation or modification of the

59、 system of security of the Register. Storage systems : a local system or to modify the document tree inventory volumes and safety. Preparation : ASP for customers and prepare a secure environment for users to establish s

60、ecure, and documents. These tools should also help to monitor security strategy has been defined in all its aspects, such as : account strategy - passwords, lock and Kerberos installation.</p><p>　　The all t

61、hese figure of the use, closed loop video frequency grade of the both the access control of the start-up mode and access control of the policy of the mount of the both local policy-look through, user purview and secu

62、rity option. Event log-system, application, security and directory services log has reference to security option. event log-system, application, security and directory services log 'mount. restricted group-compose a

63、person engaged in some field of activity. System servic</p><p>　　Physics visit system-versus equipment drawing visit, calorie type key. These instrument return ought to could analysis block policy，all the wh

64、ile descend solstice subscriber stage. command rest instrument came analyses surveillance course suffer make a raise of. These instrument usually in particular trust statistical technique to.</p><p>　　The AS

65、P managers can use Windows 2000 "Windows 2000 security configuration tool set" for the following components of some or all of the above security. "security templates" management module. "security

66、 templates" management module is an independent Microsoft management control (MMC) management module, which can create templates based on the text document that includes all aspects of security for security.</p&g

67、t;<p>　　"security configuration and analysis" management module. "security configuration and analysis" management module is independent MMC management module, or it can analysis of the security

68、 of the Windows 2000 operating system. Based on its operational use "security templates" management modules security templates to establish the content.</p><p>　　Secedit.exe. Secedit.exe is a "

69、;security configuration and analysis" of the order management module line version. It enables security configuration and analysis in the absence of graphical user interface (GUI) of the implementation.</p>&l

70、t;p>　　Group strategy for the security of expansion. "security configuration tool set" also includes a group of the expansion strategy editorial management modules for configuration and local security policy

71、domain or organizational unit (OU) security strategy. Local security strategy include only the " Account number Strategy" and "local strategy" security. Domain or OU for the definition of security str

72、ategy may include all security.</p><p><b>　　外文資料翻譯譯文：</b></p><p>　　ASP的開發(fā)準(zhǔn)則及安全管理</p><p><b>　　開發(fā)準(zhǔn)則：</b></p><p>　　應(yīng)用程序服務(wù)器被,或最終將被 Web 服務(wù)器所使用，它通常是運(yùn)行

73、 ASP 頁面的 IIS 計(jì)算機(jī)。ASP 是您的對象的唯一客戶機(jī)。它帶來了專門的線程和安全考慮。雖然許多使用 ASP 的 Web 站點(diǎn)根本就不用組件，但在這篇文章中假定 ASP 是 Internet 客戶機(jī)和組件之間的橋梁。下面的 ASP 組件準(zhǔn)則提供：</p><p>　　ASP 和組件之間的劃分服務(wù) </p><p>　　ASP 最常用于在服務(wù)器上創(chuàng)建供客戶機(jī)使用的 HTML 或 XM

74、L 文件，因此我們主要討論這種使用方案。這就引出了一個常見的問題，如果 ASP 頁面在服務(wù)器上，那么它們是否屬于業(yè)務(wù)層的一部分呢？在組件世界中，答案通常是否。雖然 ASP 確實(shí)在服務(wù)器上運(yùn)行，而且可能與應(yīng)用程序服務(wù)器在同一個空間，但是這不能使它成為業(yè)務(wù)邏輯的一部分。</p><p>　　隨著用戶界面工具的發(fā)展或者隨著啟用更多的業(yè)務(wù)對業(yè)務(wù)方案，擁有這種明確的區(qū)別將獲得巨大的回報。</p><p&

75、gt;　　讓我們來看一些最重要的業(yè)務(wù)層和表示層劃分準(zhǔn)則：</p><p>　　令 UI 代碼與業(yè)務(wù)邏輯分離。這包括編寫與 UI 耦合的代碼，例如使用 ASP 內(nèi)部組件的 MTS 對象，讓它與業(yè)務(wù)邏輯代碼分離，如同在不同的 DLL 中。</p><p>　　將事務(wù)與 ASP 頁面分離。事務(wù) ASP 在某些情況下非常好，但是組件和多層應(yīng)用程序會改變這種情況。組件不應(yīng)該依賴由客戶機(jī)層來管理它們的

76、事務(wù)和業(yè)務(wù)邏輯語義。</p><p>　　將表示組件（使用請求和響應(yīng)的組件）與 Web 服務(wù)器放在相同的機(jī)器和/或進(jìn)程中。如果將使用 ASP 內(nèi)部組件對象的對象放在遠(yuǎn)程機(jī)器上，那么對內(nèi)部組件的所有調(diào)用將以回調(diào)形式發(fā)生。調(diào)用 IIS 客戶機(jī)的是 COM+ 服務(wù)器，它顯著降低了性能并使安全配置復(fù)雜化?？梢詫⑦@些調(diào)整對象放在標(biāo)記為“庫激活”的 COM+ 應(yīng)用程序中。 </p><p>　　ASP

77、 存在于服務(wù)器上，因此 ASP 頁面必須符合資源共享規(guī)則，并且記住可伸縮性。請看下面的詳細(xì)內(nèi)容：</p><p>　　在“會話”中，管理應(yīng)盡量避免用戶特定的狀態(tài)。保持 ASP 無狀態(tài)，并在可能的情況下允許資源池。 </p><p><b>　　操作方式：</b></p><p>　　在評價某個代碼段是否屬于業(yè)務(wù)邏輯或者表示層時，請問一下自己，“

78、如果我必須用按鍵式電話應(yīng)用程序代替我的 ASP 頁面，那么該代碼是否還有用？”如果答案為“是”，那么可以嘗試將它劃分為業(yè)務(wù)邏輯代碼或者用戶界面幫助器代碼。 </p><p>　　如果改變了客戶機(jī)后該代碼不能用，或者如果它是構(gòu)造用戶界面的幫助器，則該代碼屬于表示服務(wù)層。它在 ASP 頁面中，或在使用 ASP 內(nèi)部組件的組件中。它不屬于業(yè)務(wù)對象組件。</p><p>　　理解桌面與 ASP 客

79、戶機(jī)的區(qū)別 </p><p>　　ASP 是組件的特殊客戶機(jī)，不同于桌面上的傳統(tǒng)單線程 Win32 應(yīng)用程序。主要區(qū)別概括如下:</p><p>　　線程管理：ASP 是多線程客戶機(jī)。這意味著可以有許多并發(fā)活動一起運(yùn)行，也許在同一時刻處理不同的 ASP 頁面。這說明不能使對象偽稱它是唯一的使用者來獨(dú)占系統(tǒng)。這樣做可能有意外的反應(yīng)，例如，養(yǎng)成一個壞習(xí)慣：將對象存儲在 ASP 會話或者應(yīng)用程序

80、變量中。</p><p>　　安全環(huán)境：ASP 是由 Web 站點(diǎn)中的 Internet Information Services 5.0 執(zhí)行的，有低、中、高三種隔離度。甚至這些 Web 站點(diǎn)可以有不同的安全設(shè)置、允許或拒絕匿名訪問、驗(yàn)證客戶等等。所有這些設(shè)置產(chǎn)生了大量的方案，即不同的用戶賬戶最終用的是您的對象。</p><p>　　輕松增長：這不是技術(shù)問題，而是 Web 應(yīng)用程序所提供

81、設(shè)施的副效應(yīng)。傳統(tǒng)上，為桌面應(yīng)用程序增加用戶基，要求仔細(xì)計(jì)劃好向已知數(shù)量客戶機(jī)的轉(zhuǎn)出。ASP 已經(jīng)改變了該過程，在啟動和運(yùn)行后，ASP-Visual Basic 應(yīng)用程序可以方便地打開，供當(dāng)?shù)氐幕蚴澜绶秶乃新殕T、所有業(yè)務(wù)伙伴和所有客戶使用?？梢杂眠@種方式描述 - 擁有超鏈接的單個電子郵件可以使用戶基成十倍地增長。您的應(yīng)用程序?yàn)榇俗骱脺?zhǔn)備了嗎？唯一了解的方式是對 Web 站點(diǎn)進(jìn)行強(qiáng)度測試，以獲得實(shí)際性能的預(yù)期值。關(guān)于強(qiáng)度測試的詳細(xì)信息

82、，請參閱“應(yīng)用程序生命周期”一節(jié)。 </p><p>　　在 ASP 內(nèi)應(yīng)該如何使用 Visual Basic 對象？在頁面范圍內(nèi)創(chuàng)建和取消您的對象。也就是說，盡可能使 ASP 頁面無狀態(tài)，只在暫時狀態(tài)下依賴會話或應(yīng)用程序變量。不要將對象存儲在會話或應(yīng)用程序變量中。這將 ASP 線程鎖定到您的會話、取消所有可伸縮性的預(yù)期值。也就是說，Web 服務(wù)器處理的用戶數(shù)不會超過幾十個。如果需要在會話或應(yīng)用程序中存儲內(nèi)容，請

83、使之成為數(shù)據(jù)而不是對象。還有可以遵守的許多其他準(zhǔn)則。我們建議您閱讀 MSDN Voices 上 J. D. Meier 撰寫的專欄“Servin it Up”。該專欄包括了大量的技術(shù)、實(shí)踐和技巧，有助于開發(fā)可擴(kuò)展的、可靠的 ASP 和組件應(yīng)用程序。</p><p>　　不要將引用存儲在會話或應(yīng)用程序中的 VB 對象中所有 Visual Basic 6.0 組件都是“單元線程”的，就是說它們都運(yùn)行在 STA 單元中

84、。這意味著如果在線程中創(chuàng)建對象，那么對該對象的所有調(diào)用都必須用同一線程服務(wù)。許多線程（來自并發(fā) Web 站點(diǎn)用戶）使用 STA 對象的同一實(shí)例，會引起一連串的活動，有可能成為應(yīng)用程序中的瓶頸。</p><p>　　此外，在會話范圍內(nèi)存儲用 Server. Create object 創(chuàng)建的 STA 對象，可以有效地將執(zhí)行線程聯(lián)系到當(dāng)前用戶，從而將應(yīng)用程序的最大并發(fā)用戶數(shù)限制到默認(rèn)的 20xN（N = 處理器數(shù)量）

85、。</p><p><b>　　操作方式 </b></p><p>　　如果您按照我們的建議使對象無狀態(tài)，則不需要存儲引用以供客戶機(jī)復(fù)用，并在應(yīng)用程序范圍內(nèi)存儲它們?？蛻魴C(jī)將能夠獨(dú)立創(chuàng)建、使用和取消它們自己的對象。這就減少了保持會話特有對象的需要，原因是它們不保留會話特有的狀態(tài)。推薦的方式是使對象無狀態(tài)，它在需要時訪問數(shù)據(jù)庫或其他存儲區(qū)（例如 cookies 和 LD

86、AP）。如果需要使用會話或應(yīng)用程序范圍的數(shù)據(jù)，請將數(shù)據(jù)，而不是處理數(shù)據(jù)的對象，存儲在此。您可以創(chuàng)建一個類，來封裝對所需值的處理。</p><p><b>　　ASP安全管理：</b></p><p>　　ASP 安全管理的基本概念</p><p>　　安全管理是根據(jù)對信息和 ASP 解決方案安全策略中的設(shè)定來管理已定義的安全級別的過程。其中包括

87、管理對違反安全行為的反應(yīng)?？梢钥刂乒舳挥脫?dān)心 ASP 以及 ASP 客戶業(yè)務(wù)的持續(xù)性，能夠這樣來對付惡意方的攻擊可真是一門藝術(shù)。 </p><p>　　安全管理在很大程度上依賴于安全策略。這些策略可從不同來源中產(chǎn)生。設(shè)計(jì)安全性時要考慮的策略有： </p><p>　　服務(wù)級別協(xié)議中定義的外部客戶需求 </p><p>　　關(guān)于安全的外部法律要求 </p&g

88、t;<p>　　外部供應(yīng)商安全策略 </p><p>　　內(nèi)部 ASP 安全策略 </p><p>　　在 ASP 和客戶環(huán)境的集成情況下，內(nèi)部/外部的安全策略 </p><p>　　對于每個解決方案，ASP 必須定義安全策略。該策略應(yīng)是基于上述各個方面的最可靠的合。 </p><p>　　根據(jù)客戶的需求，即使是基本結(jié)構(gòu)的設(shè)計(jì)也

89、會很不相同。通常使用三種安全設(shè)計(jì)： </p><p>　　專用：ASP 解決方案和安全措施完全由 ASP 進(jìn)行端對端的控制。通常，這意味著 ASP 對所有的基本結(jié)構(gòu)組件具有完全的控制，包括 ASP 和客戶之間的專用網(wǎng)絡(luò)連接。 </p><p>　　公用：ASP 解決方案和安全措施由 ASP 部分控制。通常，這意味著 ASP 在自己的站點(diǎn)內(nèi)具有控制權(quán)，但是不保證對用來提供解決方案的公用網(wǎng)絡(luò)具

90、有控制權(quán)。然而，ASP 可使用像“虛擬專用網(wǎng)絡(luò)”(VPN) 這樣的技術(shù)來進(jìn)行 ASP 和客戶安全之間的連接。 </p><p>　　混合：該解決方案是前面兩種的組合。“專用”和“公用”解決方案都使用。在確保安全的解決方案時，同時涉及到 ASP 和客戶。 </p><p>　　該過程有五個層面需要遵照 MOF 模型進(jìn)行改進(jìn)： </p><p>　　規(guī)劃：規(guī)劃活動包括在

91、客戶要求、內(nèi)部和外部策略以及合法要求的基礎(chǔ)上建立 SLA 安全部分的方式。在與客戶進(jìn)行對話的同時，可能有必要確定或調(diào)整內(nèi)部安全策略。當(dāng)然要由 ASP 來決定是否這樣做。此層面的結(jié)果是產(chǎn)生一個安全規(guī)劃，其中包括安全策略和所有方面的設(shè)計(jì)（基本結(jié)構(gòu)、人員、步驟、環(huán)境、基礎(chǔ)合同等等）。 </p><p>　　實(shí)施：實(shí)施層面執(zhí)行所有必要的安全措施，以遵守 SLA 中已經(jīng)定義的安全部分。必要時，此階段還將實(shí)施更改過的內(nèi)部安全

92、策略。 </p><p>　　評估：評估是結(jié)束安全管理過程所必不可少的。它涉及所采用措施和所確定策略的狀態(tài)和有效性。 </p><p>　　維護(hù)：安全措施的維護(hù)建立在以下方面的基礎(chǔ)上：定期檢查的結(jié)果、對變化的風(fēng)險狀況的洞察，以及 SLA 或其它條件的更改。 </p><p>　　控制：控制活動可組織并指導(dǎo)安全管理過程本身?？刂苹顒佣x子進(jìn)程、功能、角色、責(zé)任分配、組

93、織結(jié)構(gòu)和報告結(jié)構(gòu)。它是過程的引擎并確保進(jìn)行持續(xù)的改進(jìn)。 </p><p>　　安全管理過程必須不斷地進(jìn)行自身改進(jìn)。新解決方案、新技術(shù)、新人員、新步驟、疏忽都可能導(dǎo)致攻擊者攻破所安裝的安全解決方案。自：動態(tài)網(wǎng)站制作指南 | www.knowsky.com</p><p>　　ASP 的安全配置工具 </p><p>　　ASP 管理員應(yīng)當(dāng)對安全配置工具非常熟悉，因?yàn)橐?/p>

94、獲得系統(tǒng)中與安全相關(guān)的所有方面的信息，這是必不可少的。 </p><p>　　這些工具應(yīng)當(dāng)使您非常容易地回答以下問題：“我的計(jì)算機(jī)安全嗎？”，或者“我的網(wǎng)絡(luò)安全嗎？”。這些工具應(yīng)當(dāng)允許對已定義的安全策略所包含的所有方面進(jìn)行配置和分析，例如： </p><p>　　賬號策略。 設(shè)置或更改訪問策略，包括域或本地密碼策略、域或本地賬戶鎖定策略以及域 Kerberos 策略（在適用情況下）。 &l

95、t;/p><p>　　本地策略。 配置本地審核策略、用戶權(quán)限分配和各式各樣的安全選項(xiàng)，例如對軟盤、CD-ROM 等的控制。 </p><p>　　受限制的組。 對內(nèi)置的組以及要進(jìn)行配置的任何其它特定組指定或更改組成員（如 Administrators、Server Operators、Backup Operators、Power Users 等）。這不應(yīng)作為一般的成員管理工具來使用 - 只用來

96、控制特定組（具有指定給他們的敏感功能）的成員。 </p><p>　　系統(tǒng)服務(wù)。 配置安裝在系統(tǒng)上不同服務(wù)（包括網(wǎng)絡(luò)傳輸服務(wù)如 TCP/IP、NetBIOS、CIFS 文件共享、打印等）的安全性。如果不使用，則會停止 TCP/IP 之外的服務(wù)。有關(guān)詳細(xì)信息，請參見 http://www.microsoft.com/technet/ </p><p>　　文件或文件夾共享。 配置文件系統(tǒng)和重

97、定向器服務(wù)的設(shè)置。這包括訪問各種網(wǎng)絡(luò)文件共享時關(guān)閉匿名訪問以及啟用數(shù)據(jù)包簽名和安全性的選項(xiàng)。 </p><p>　　系統(tǒng)注冊表： 設(shè)置或更改有關(guān)系統(tǒng)注冊表項(xiàng)的安全性。 </p><p>　　系統(tǒng)存儲： 設(shè)置或更改本地系統(tǒng)文件卷和目錄樹的安全性。 </p><p>　　準(zhǔn)備： 為客戶和 ASP 準(zhǔn)備一個安全的環(huán)境，以便安全地創(chuàng)建用戶、文件等。 </p>

98、<p>　　這些工具還應(yīng)當(dāng)有助于監(jiān)視安全策略中已定義的所有方面，例如： </p><p>　　賬號策略 - 密碼、鎖定以及 Kerberos 設(shè)置。 </p><p>　　本地策略 - 審核、用戶權(quán)限和安全選項(xiàng). </p><p>　　事件日志 - 系統(tǒng)、應(yīng)用程序、安全和目錄服務(wù)日志的設(shè)置。 </p><p>　　受限制的組 - 有

99、關(guān)組的成員的策略。 </p><p>　　系統(tǒng)服務(wù) - 系統(tǒng)服務(wù)的啟動模式和訪問控制。 </p><p>　　注冊表 - 注冊表項(xiàng)的訪問控制。 </p><p>　　文件系統(tǒng) - 文件夾和文件的訪問控制。 </p><p>　　物理訪問系統(tǒng) - 對設(shè)備的訪問、卡式鑰匙的使用、閉環(huán)視頻等。 </p><p>　　這些工具

100、還應(yīng)當(dāng)可以分析組策略，一直下行至用戶級?？梢允褂闷渌ぞ邅矸治霰O(jiān)視過程中收集到的全部數(shù)據(jù)。這些工具通常特別依賴于統(tǒng)計(jì)技術(shù)。 </p><p>　　使用 Windows 2000 的 ASP 管理員可用“Windows 2000 安全配置工具集”的下列組件來配置上述部分或全部的安全方面。 </p><p>　　“安全模板”管理單元?！鞍踩０濉惫芾韱卧仟?dú)立的 Microsoft 管理控制臺

101、 (MMC) 管理單元，它可以創(chuàng)建基于文本的模板文件，該文件包含所有安全方面的安全設(shè)置。 </p><p>　　“安全配置和分析”管理單元?！鞍踩渲煤头治觥惫芾韱卧仟?dú)立的 MMC 管理單元，它可以配置或分析 Windows 2000 操作系統(tǒng)的安全性。其操作基于使用“安全模板”管理單元創(chuàng)建的安全模板的內(nèi)容。 </p><p>　　Secedit.exe。Secedit.exe 是“安全