計(jì)算機(jī)網(wǎng)絡(luò)安全與防范外文翻譯

1、<p><b>　　中文4960字</b></p><p>　　2012 屆本科畢業(yè)設(shè)計(jì)(論文)外文</p><p><b>　　文獻(xiàn)翻譯</b></p><p>　　學(xué) 院： 計(jì)算機(jī)科學(xué)與工程學(xué)院 </p><p>　　專 業(yè)： 網(wǎng)絡(luò)工

2、程 </p><p>　　姓 名： </p><p>　　學(xué) 號： </p><p>　　外文出處： Security and Precaution</p><p>　　On Co

3、mputer Network </p><p>　　附 件： 1.外文資料翻譯譯文；2.外文原文。</p><p>　　附件1：外文資料翻譯譯文</p><p>　　第一章計(jì)算機(jī)網(wǎng)絡(luò)安全與防范</p><p><b>　　1.1引言</b></p><p>　　計(jì)算機(jī)技術(shù)的飛速發(fā)展提供了

4、一定的技術(shù)保障，這意味著計(jì)算機(jī)應(yīng)用已經(jīng)滲透到社會的各個(gè)領(lǐng)域。在同一時(shí)間，巨大的進(jìn)步和網(wǎng)絡(luò)技術(shù)的普及，社會帶來了巨大的經(jīng)濟(jì)利潤。然而，在破壞和攻擊計(jì)算機(jī)信息系統(tǒng)的方法已經(jīng)改變了很多的網(wǎng)絡(luò)環(huán)境下，網(wǎng)絡(luò)安全問題逐漸成為計(jì)算機(jī)安全的主流。</p><p><b>　　1.2網(wǎng)絡(luò)安全</b></p><p>　　1.2.1計(jì)算機(jī)網(wǎng)絡(luò)安全的概念和特點(diǎn)</p><

5、;p>　　計(jì)算機(jī)網(wǎng)絡(luò)的安全性被認(rèn)為是一個(gè)綜合性的課題，由不同的人，包括計(jì)算機(jī)科學(xué)、網(wǎng)絡(luò)技術(shù)、通訊技術(shù)、信息安全技術(shù)、應(yīng)用數(shù)學(xué)、信息理論組成。作為一個(gè)系統(tǒng)性的概念，網(wǎng)絡(luò)的安全性由物理安全、軟件安全、信息安全和流通安全組成。從本質(zhì)上講，網(wǎng)絡(luò)安全是指互聯(lián)網(wǎng)信息安全。一般來說，安全性、集成性、可用性、可控性是關(guān)系到網(wǎng)絡(luò)信息的相關(guān)理論和技術(shù)，屬于計(jì)算機(jī)網(wǎng)絡(luò)安全的研究領(lǐng)域。相反，狹隘“網(wǎng)絡(luò)信息安全”是指網(wǎng)絡(luò)安全，這是指保護(hù)信息秘密和集成，使用

6、竊聽、偽裝、欺騙和篡奪系統(tǒng)的安全性漏洞等手段，避免非法活動(dòng)的相關(guān)信息的安全性?？傊?，我們可以保護(hù)用戶利益和驗(yàn)證用戶的隱私。</p><p>　　計(jì)算機(jī)網(wǎng)絡(luò)安全有保密性、完整性、真實(shí)性、可靠性、可用性、非抵賴性和可控性的特點(diǎn)。</p><p>　　隱私是指網(wǎng)絡(luò)信息不會被泄露給非授權(quán)用戶、實(shí)體或程序，但是授權(quán)的用戶除外，例如，電子郵件僅僅是由收件人打開，其他任何人都不允許私自這樣做。隱私通過網(wǎng)

7、絡(luò)信息傳輸時(shí)，需要得到安全保證。積極的解決方案可能會加密管理信息。雖然可以攔截，但它只是沒有任何重要意義的亂碼。</p><p>　　完整性是指網(wǎng)絡(luò)信息可以保持不被修改、破壞，并在存儲和傳輸過程中丟失。誠信保證網(wǎng)絡(luò)的真實(shí)性，這意味著如果信息是由第三方或未經(jīng)授權(quán)的人檢查，內(nèi)容仍然是真實(shí)的和沒有被改變的。因此保持完整性是信息安全的基本要求。</p><p>　　可靠性信息的真實(shí)性主要是確認(rèn)信息

8、所有者和發(fā)件人的身份。</p><p>　　可靠性表明該系統(tǒng)能夠在規(guī)定的時(shí)間和條件下完成相關(guān)的功能。這是所有的網(wǎng)絡(luò)信息系統(tǒng)的建立和運(yùn)作的基本目標(biāo)。</p><p>　　可用性表明網(wǎng)絡(luò)信息可被授權(quán)實(shí)體訪問，并根據(jù)自己的需求使用。</p><p>　　不可抵賴性要求所有參加者不能否認(rèn)或推翻成品的操作和在信息傳輸過程中的承諾。處理不可抵賴性的措施之一是使用數(shù)字簽名技術(shù)。&

9、lt;/p><p>　　可控性指示控制網(wǎng)絡(luò)信息傳輸和內(nèi)容的能力上。例如，禁止違法和不良信息通過公共網(wǎng)絡(luò)傳輸。</p><p>　　1.3計(jì)算機(jī)網(wǎng)絡(luò)所面臨的威脅</p><p>　　計(jì)算機(jī)網(wǎng)絡(luò)所面臨的各種威脅有：惡意攻擊，泄漏軟件，計(jì)算機(jī)病毒和自然災(zāi)害。</p><p><b>　　1.3.1惡意攻擊</b></p>

10、;<p>　　惡意攻擊被認(rèn)為是計(jì)算機(jī)網(wǎng)絡(luò)的嚴(yán)重威脅之一。根據(jù)建議可以將人為破壞分為主動(dòng)攻擊和被動(dòng)攻擊。主動(dòng)攻擊旨在破壞網(wǎng)絡(luò)和信息，通常使用的方式有修改、刪除、弄虛作假、欺騙、病毒和邏輯炸彈。一旦成功，它可能會停止網(wǎng)絡(luò)系統(tǒng)的運(yùn)行，甚至整個(gè)系統(tǒng)的癱瘓。被動(dòng)攻擊是為了獲取信息，這通常是進(jìn)行竊取秘密信息，我們知道的，如在不影響正常運(yùn)行的情況下進(jìn)行的竊取貿(mào)易和商業(yè)秘密、項(xiàng)目計(jì)劃、投標(biāo)數(shù)字和個(gè)人信息。惡意攻擊，不管是模仿或者被動(dòng)，都可

11、能會損壞嚴(yán)重的電腦網(wǎng)絡(luò)，導(dǎo)致機(jī)密數(shù)據(jù)的泄漏，最終造成不可挽回的損失。</p><p>　　1.3.2軟件的泄漏和后門（計(jì)算）</p><p>　　有兩種軟件泄漏：一種是通過建議精心設(shè)計(jì)來控制系統(tǒng)和竊取信息為將來使用所準(zhǔn)備，另一種是意外，比如因?yàn)樵O(shè)計(jì)師的疏忽或其他技術(shù)元素。然而，由于這些漏洞的存在導(dǎo)致了嚴(yán)重的隱藏的網(wǎng)絡(luò)安全威脅。例如，為了方便地進(jìn)入操作系統(tǒng)開發(fā)者沒有為系統(tǒng)設(shè)置進(jìn)入密碼，這將為

12、黑客提供進(jìn)入系統(tǒng)的通道。進(jìn)行作業(yè)系統(tǒng)時(shí)，一些系統(tǒng)進(jìn)程一直在等待某些條件，一旦一次滿意的條件下出現(xiàn)，這一進(jìn)程將繼續(xù)運(yùn)行，這也可以被黑客利用。否則，雖然一直保持保密，由程序員設(shè)置了供自己使用的一些后門程序（計(jì)算），如果它們泄露出去，或由其他人發(fā)現(xiàn)這可能會帶來巨大的損害和信息丟失。</p><p>　　1.3.3計(jì)算機(jī)病毒破壞網(wǎng)絡(luò)安全</p><p>　　計(jì)算機(jī)病毒是一個(gè)專門的計(jì)算機(jī)程序，它通過

13、各種渠道比如磁盤，??光盤和計(jì)算機(jī)網(wǎng)絡(luò)進(jìn)行復(fù)制和傳播。它在20世紀(jì)80年代首先發(fā)現(xiàn)，到現(xiàn)在的數(shù)字已經(jīng)提高到世界各地的10,000多個(gè)。同時(shí)，隱瞞、傳染和破壞也進(jìn)一步發(fā)展。隨著互聯(lián)網(wǎng)的飛速發(fā)展，計(jì)算機(jī)病毒的擴(kuò)散速度已經(jīng)在很大程度上加快，大大破壞和傳染世界各地資源。這場災(zāi)難對每一個(gè)國家和整個(gè)世界的信息系統(tǒng)產(chǎn)生了一個(gè)嚴(yán)重的影響。美國大約63%的計(jì)算機(jī)被傳染了病毒， 9％的情況下已經(jīng)導(dǎo)致了超過10萬美元的損失，根據(jù)著名的MIS系統(tǒng)管理和數(shù)據(jù)任務(wù)

14、營銷公司進(jìn)行的研究。在1996年，計(jì)算機(jī)病毒已經(jīng)造成美國制造業(yè)大1億美元的經(jīng)濟(jì)損失。互聯(lián)網(wǎng)提供了計(jì)算機(jī)病毒容易擴(kuò)散的環(huán)境，同時(shí)增加了消滅他們的困難。計(jì)算機(jī)病毒的傳播，不僅破壞網(wǎng)絡(luò)，也使網(wǎng)絡(luò)信息泄漏。計(jì)算機(jī)病毒已經(jīng)嚴(yán)重威脅到網(wǎng)絡(luò)安全，特別是專用網(wǎng)絡(luò)。</p><p>　　病毒代碼很小，通常附在其他文件或程序末尾，因此它們很容易隱藏在系統(tǒng)內(nèi)部。病毒的自我復(fù)制能力使其在網(wǎng)絡(luò)上傳播時(shí)能夠傳染給其他文件和程序，病毒一旦擴(kuò)散

15、到網(wǎng)絡(luò)上就非常難以追蹤了。</p><p>　　1987年，計(jì)算機(jī)病毒在美國四處蔓延，而且第一種計(jì)算機(jī)病毒“小球”在當(dāng)年年底傳播到我國。從那以后，已經(jīng)發(fā)現(xiàn)進(jìn)口和國內(nèi)的病毒。迄今為止，計(jì)算機(jī)病毒已經(jīng)增加到20,000多種；其中90％以上能攻擊微型計(jì)算機(jī)。病毒的基本特征有：</p><p>　　傳染：計(jì)算機(jī)病毒作為一個(gè)程序，能自我復(fù)制到其他正常程序或者系統(tǒng)的某些部件上，例如磁盤的引導(dǎo)部分。這是

16、病毒程序的基本特征。隨著網(wǎng)絡(luò)日益廣泛發(fā)展，計(jì)算機(jī)病毒能夠在短時(shí)間內(nèi)通過網(wǎng)絡(luò)廣泛傳播。</p><p>　　潛伏：隱藏在受感染系統(tǒng)內(nèi)的病毒并不立即發(fā)作；相反，在它發(fā)作前，需要一定時(shí)間或具備某些條件。在潛伏期內(nèi)，它并不表現(xiàn)出任何擾亂行動(dòng)，因此很難發(fā)現(xiàn)病毒并且病毒能夠繼續(xù)傳播。一旦病毒發(fā)作，它能造成嚴(yán)重破壞。</p><p>　　可觸發(fā)性：一旦具備某些條件，病毒便開始攻擊。這一特征稱作可觸發(fā)性。

17、利用這一特征，我們能控制其傳染范圍和攻擊頻率。觸發(fā)病毒的條件可能是預(yù)設(shè)的日期、時(shí)間、文件種類或計(jì)算機(jī)啟動(dòng)次數(shù)等。</p><p>　　破壞：計(jì)算機(jī)病毒造成的破壞是廣泛的—它不僅破壞計(jì)算機(jī)系統(tǒng)、刪除文件、更改數(shù)據(jù)等，而且還能占用系統(tǒng)資源、擾亂機(jī)器運(yùn)行等。其破壞表現(xiàn)出設(shè)計(jì)者的企圖。</p><p>　　通過我們已經(jīng)學(xué)過的知識，我們知道病毒有如下的分類：</p><p>

18、<b>　　按寄生分類</b></p><p>　　按寄生，計(jì)算機(jī)病毒可分成引導(dǎo)病毒、文件病毒和混合病毒。＊引導(dǎo)病毒：指寄生在磁盤引導(dǎo)部分的那些計(jì)算機(jī)病毒。它是一種常見病毒，利用計(jì)算機(jī)系統(tǒng)通常不檢查引導(dǎo)部分的內(nèi)容是否正確的弱點(diǎn)，并且留存在內(nèi)存中，監(jiān)視系統(tǒng)運(yùn)行，一有機(jī)會就傳染和破壞。按寄生在磁盤的位置，它能進(jìn)一步分成主引導(dǎo)記錄病毒和段引導(dǎo)記錄病毒。前者傳染硬盤的主引導(dǎo)部分，例如“marijua

19、na”病毒、“2708”病毒、“porch”病毒；段記錄病毒傳染硬盤上的常用段記錄，例如“小球”病毒、“女孩”病毒等。</p><p><b>　　按后果分類</b></p><p>　　從后果看，計(jì)算機(jī)病毒能分成“良性”病毒和“惡性”病毒?！傲夹浴辈《緦⑵茐臄?shù)據(jù)或程序，但不會使計(jì)算機(jī)系統(tǒng)癱瘓。這種病毒的始作俑者大多是胡鬧的黑客—他們創(chuàng)造病毒不是為了破壞系統(tǒng)，而是為了

20、炫耀他們的技術(shù)能力；一些黑客使用這些病毒傳播他們的政治思想和主張，例如“小球”病毒和“救護(hù)車”病毒?！皭盒浴辈《緦⑵茐臄?shù)據(jù)和系統(tǒng)，導(dǎo)致整個(gè)計(jì)算機(jī)癱瘓，例如CHI病毒，“Porch”病毒。這些病毒一旦發(fā)作，后果將是無法彌補(bǔ)的。</p><p>　　應(yīng)當(dāng)指出，“危險(xiǎn)”是計(jì)算機(jī)病毒的共同特征?！傲夹浴辈《静⒎峭耆辉斐晌ｋU(xiǎn)，而只是危險(xiǎn)后果相對較輕?！傲夹浴敝皇且粋€(gè)相對概念。事實(shí)上，所有計(jì)算機(jī)病毒都是惡性的。</p

21、><p>　　1.4計(jì)算機(jī)網(wǎng)絡(luò)安全防范措施</p><p>　　為了保護(hù)網(wǎng)絡(luò)資源，我們應(yīng)該指導(dǎo)一些管理和合理的說明。此外，我們必須進(jìn)行有關(guān)的技術(shù)措施，旨在解決網(wǎng)絡(luò)安全中存在的問題，實(shí)現(xiàn)網(wǎng)絡(luò)和數(shù)據(jù)的保護(hù)。在此之后，可以保證定期循環(huán)，可以確保合法用戶的利益。目前，處理網(wǎng)絡(luò)安全的措施如下：防火墻技術(shù)，加密技術(shù)，訪問控制技術(shù)和病毒防護(hù)技術(shù)。</p><p>　　1.4.1防火墻

22、技術(shù)</p><p>　　在目前保護(hù)計(jì)算機(jī)網(wǎng)絡(luò)安全的技術(shù)措施中，防火墻可以分割本地網(wǎng)絡(luò)和主網(wǎng)絡(luò)，在保護(hù)網(wǎng)絡(luò)和外部網(wǎng)絡(luò)之間限制信息訪問和傳輸。</p><p>　　防火墻是關(guān)閉在網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu)和服務(wù)上不安全因素來提高網(wǎng)絡(luò)的工具。它保護(hù)的對象之一就是明確在網(wǎng)絡(luò)接近臨界點(diǎn)的模塊，而它遠(yuǎn)離是外部威脅來保護(hù)網(wǎng)絡(luò)。因此，在公司它首先是適合在專門的網(wǎng)絡(luò)，尤其是連接公共網(wǎng)絡(luò)。防火墻三個(gè)的基本功能如下：<

23、;/p><p>　　過濾。它可以拒絕未經(jīng)授權(quán)的電腦主機(jī)發(fā)送TCP / IP協(xié)議數(shù)據(jù)，并拒絕接受未經(jīng)授權(quán)的服務(wù)鏈接要求。</p><p>　　網(wǎng)絡(luò)地址轉(zhuǎn)換。翻譯內(nèi)部主機(jī)的IP地址以避免通過外部監(jiān)視器被檢測，或者我們可以說成IP偽裝。</p><p>　　代理服務(wù)。代表主機(jī)電腦應(yīng)用方面具有較高水平，能夠完全中斷連接之間的跨主機(jī)和外部網(wǎng)絡(luò)層。</p><p

24、>　　我們應(yīng)該更加注重的是沒有防火墻可以提供絕對的保護(hù)。防火墻具有邊界，其中包括來自防火墻外部其他攻擊方式的無用保護(hù)；難以阻止病毒污染的軟件或文件的傳輸，幾乎沒有拒絕構(gòu)成內(nèi)部用戶的威脅；幾乎可以防止運(yùn)行數(shù)據(jù)的攻擊。此外，由于防火墻的安全政策在公司是由網(wǎng)絡(luò)管理員來控制的，所以他的道德標(biāo)準(zhǔn)似乎更為重要。</p><p>　　1.4.2 加密技術(shù)</p><p>　　加密的目的是為了保護(hù)數(shù)

25、據(jù)、文件、密碼和網(wǎng)絡(luò)上的控制信息，以及保護(hù)網(wǎng)絡(luò)上數(shù)據(jù)傳輸。這個(gè)過程實(shí)際上是進(jìn)行了各種加密算法，用最低的成本獲得一些保護(hù)。在大多數(shù)情況下，加密是保證信息保密性和重要性的唯一途徑。加密系統(tǒng)可以根據(jù)分類代碼之間信息的發(fā)送者和接受密碼的方式，通常被劃分成對稱加密代碼（單個(gè)鍵）和公共加密代碼（雙擊鍵），如典型的代表DES和RSA。</p><p>　　伴隨著高加密產(chǎn)生的優(yōu)勢之一是對稱加密代碼管理與安全方式傳輸信息的難度。公

26、眾的加密代碼的優(yōu)勢是它可以適用于網(wǎng)絡(luò)不限成員名額的要求，并實(shí)現(xiàn)數(shù)字簽名和驗(yàn)證。然而，復(fù)雜的算法將使數(shù)據(jù)加密速度放緩。隨著現(xiàn)代電子技術(shù)和加密技術(shù)的發(fā)展，公共密碼編碼算法將逐漸成為網(wǎng)絡(luò)安全加密系統(tǒng)的主流。人們通常將常規(guī)密碼和公共密碼在網(wǎng)絡(luò)安全中一起同應(yīng)用。</p><p>　　常規(guī)的網(wǎng)絡(luò)數(shù)據(jù)加密具有鏈路、節(jié)點(diǎn)和端到端的方式。作為最常用的加密方式，鏈路加密可以通過鏈路層和物理層在網(wǎng)絡(luò)和硬件條件下實(shí)現(xiàn)。它用來保護(hù)通信節(jié)點(diǎn)

27、傳輸?shù)臄?shù)據(jù)，對用戶是透明的。節(jié)點(diǎn)加密提高了鏈路加密和克服鏈路加密很容易被非法訪問的缺陷。它也可以在協(xié)議傳輸層加密，使原始節(jié)點(diǎn)和目的節(jié)點(diǎn)之間傳輸?shù)臄?shù)據(jù)進(jìn)行加密保護(hù)。端到端的加密是在網(wǎng)絡(luò)層，在表示層中的網(wǎng)絡(luò)和數(shù)據(jù)傳輸加密具有高水平的水準(zhǔn)，而不是低級別的協(xié)議信息。相比鏈路加密它往往是由軟件完成，它具有較低的成本和更高的安全性。</p><p>　　1.4.3訪問控制技術(shù)</p><p>　　它是

28、網(wǎng)絡(luò)安全防范和保護(hù)的主要技術(shù)。并且關(guān)鍵的任務(wù)是確保網(wǎng)絡(luò)資源不會被非法使用和訪問。此技術(shù)規(guī)范每一個(gè)文件和資源，比如可讀、可錄制和可以修改用戶的操作權(quán)限。據(jù)預(yù)計(jì)，所有的信息資源可以集中管理，沒有任何含糊和以往法規(guī)之間也沒有沖突。它應(yīng)該與審計(jì)功能記錄所有活動(dòng)作進(jìn)一步檢查，以及提供微控制。為了保障網(wǎng)絡(luò)系統(tǒng)的安全性和保護(hù)網(wǎng)絡(luò)資源，訪問控制技術(shù)是保障網(wǎng)絡(luò)安全的最重要的核心的之一。</p><p>　　1.4.4病毒防范技術(shù)&

29、lt;/p><p>　　目前，日益發(fā)達(dá)的網(wǎng)絡(luò)技術(shù)提供了多種方式的傳輸，使病毒的極大威脅網(wǎng)絡(luò)安全與傳播的多元化路線。專門的反病毒軟件可以被認(rèn)為是以最常用的方式驅(qū)逐電腦病毒，它還可以自動(dòng)檢測和刪除在內(nèi)存、BIOS和磁盤中的病毒。然而，反病毒軟件的探索和更新總是遠(yuǎn)遠(yuǎn)落后于新病毒的出現(xiàn)，所以它有時(shí)可能不能夠檢測或刪除一些病毒。盡管反病毒軟件的版本已日益更新和功能大大提高，帶有病毒的程序和常規(guī)程序有共同的相似性和特異性目標(biāo)。更

30、重要的是，人們很難預(yù)測病毒在未來如何發(fā)展和變化，所以我們在探索軟件和反病毒硬件設(shè)備的時(shí)候也有巨大的困難。</p><p>　　此外，一旦病毒成功通過穿過系統(tǒng)或違反授權(quán)攻擊，攻擊者通常植入木馬程序或者系統(tǒng)邏輯炸彈來為下一步攻擊系統(tǒng)提供便利條件。互聯(lián)網(wǎng)正在挑戰(zhàn)很多的反病毒軟件。如今，每天都會有幾十種新病毒出現(xiàn)，其中大多數(shù)是通過互聯(lián)網(wǎng)傳播。為了有效地保護(hù)企業(yè)的信息化，防病毒軟件應(yīng)該支持所有的因特網(wǎng)協(xié)議及可用于所有的企業(yè)

31、的郵件系統(tǒng)，保證它能夠及時(shí)申請和跟上不斷變化的世界步伐。有些像諾頓的防病毒軟件，McAfee公司做出了很大的進(jìn)展。不僅有效地切斷病毒訪問，而且可以保護(hù)企業(yè)和其他方面避免病毒的爆發(fā)和造成經(jīng)濟(jì)損失。</p><p><b>　　1.5總結(jié)</b></p><p>　　隨著計(jì)算機(jī)技術(shù)的飛速發(fā)展，計(jì)算機(jī)已成為一種工具，同時(shí)網(wǎng)絡(luò)已經(jīng)成為我們的日常工作??、學(xué)習(xí)和生活中的重要組成

32、部分之一。因此，網(wǎng)絡(luò)安全技術(shù)已成為信息網(wǎng)絡(luò)發(fā)展的關(guān)鍵點(diǎn)。當(dāng)人們踏進(jìn)信息社會第一步的時(shí)候，它已變得對社會發(fā)展具有重大的戰(zhàn)略意義。網(wǎng)絡(luò)安全技術(shù)是保證社會發(fā)展不可替代的保證。中國仍然處于網(wǎng)絡(luò)安全探索和信息網(wǎng)絡(luò)技術(shù)產(chǎn)品探索的原始階段，這意味著我們應(yīng)該大力地研究、開發(fā)、探索確保信息安全的措施，從而促進(jìn)了國民經(jīng)濟(jì)的快速發(fā)展。</p><p><b>　　附件1：外文原文</b></p>&

33、lt;p>　　Security and Precaution On Computer Network</p><p>　　1.1 INTRODUCTION</p><p>　　The rapid development of computer technology has provided certain technological protection, which means c

34、omputer application has infiltrated into various fields of society. At the same time, enormous progress and popularization of network technology has brought large economic profits to the society. However, ways to sabotag

35、e and attack computer information system has changed a lot under the network circumstance which gradually makes network security issues the mainstream of computer security.</p><p>　　1.2 NETWORK SECURITY</

36、p><p>　　1.2.1 Concept and characteristics of computer network security.</p><p>　　Computer network security is considered to be a comprehensive subject that consists of various ones, including compu

37、ter science, network technology, communication technology, information security technology, applied mathematics and information theory. As a systemic concept, network security is composed by physical security, software s

38、ecurity, information security and circulation security. Essentially, network security means Internet information security. Generally speaking, relevant theory and t</p><p>　　Computer network security is char

39、acterized by privacy, integrity, facticity, reliability, availability, non-repudiation and controllability.</p><p>　　Privacy refers to network information will not be leaked to non-authorized users, entities

40、 or procedures, but only for authorized users, for example, mails can merely be opened by addressees, anyone else are not allowed to do that privately. When transferring information with network, privacy needs to be guar

41、anteed. Positive solution might be made to encrypt management on information. Although one can intercept that, it's just insignificant Unicode without ay importance.</p><p>　　Integrity means network info

42、rmation can be kept not being modified, sabotaged and lost in the process of storage and transmission. Integrity guarantees facticity, which means if the information is checked by the third party or non-authorized person

43、, the content, is still for real, not being changed. So keeping integrity is the basic requirement for information security.</p><p>　　Facticity points to reliability on information, mainly confirms identitie

44、s of information owner and sender. </p><p>　　Reliability indicates that system can accomplish regulated functions with stated conditions and limited time. It's the basic aim for all network information s

45、ystem establishment and operation.</p><p>　　Availability shows that network information can be visited by authorized entities and be used according to their demand.</p><p>　　Non-repudiation requ

46、ires all participants that can not deny or repudiate the finished operations and promises in the process of transferring information. One of the measures to deal with non-repudiation is to use digital signature technolog

47、y. </p><p>　　Controllability directs at the ability of controlling network information transmission and content. For instance, illegal and unhealthy information are forbidden to transfer through public netwo

48、rk.</p><p>　　1.3 Treats faced by computer network</p><p>　　There are various threats confronted by computer network: hostile attack, software leak, computer virus and natural disaster.</p>

49、<p>　　1.3.1 Hostile attack</p><p>　　Hostile attack is considered to be one of the serious threats for computer network. It's a man-made destruction with propose that can be divided into initiative

50、 attack and passive attack. Initiative attack aims to wreck network and information, usually using ways of modification, delete, falsifications, deception, virus and logical bombs. Once succeed, it could stop operation o

51、f network system, even a paralysis of overall system. Passive attack is to get information, which is usually conducted t</p><p>　　1.3.2 Software leak and backdoor (computing)</p><p>　　There are

52、 two kinds of software leaks: one is made by propose, which is intently designed to control system and steal information for the future use; the other one is accidentally made because of negligence or other technological

53、 elements by designers. However, the existence of these leas bought serious security hidden dangers to network. For example, for providing convenient access to the system developers without setting up entrance password f

54、or system operation will offer channels for hacker </p><p>　　1.3.3 Damages to network security by computer virus</p><p>　　Computer virus is a specially programmed computer process that can be co

55、pied and transmitted through various channels, such as disk, CD and computer network. It was firstly discovered in 1980s, and up to now the figures have been to more than 10,000 around the world with high increasing. Mea

56、nwhile, the concealment, contamination and destruction are also further developed. With the rapid development of Internet, diffusion rate of computer virus has been accelerated largely, destructed greatly and</p>

57、<p>　　Virus code is very small, usually attached to other documents or procedures at the end, so they can easily hide in the system. Ability to self-replicating virus on the network so that it can spread infection t

58、o other documents and procedures, once the virus spread to the network very difficult to track down.</p><p>　　In 1987, computer viruses spread in the United States. The first computer virus "small ball&

59、quot; at the end of the year spread to our country. Since then, has found a virus imported and domestic. So far, computer viruses have risen to more than 20,000 kinds; which can attack more than 90% of micro-computer. Th

60、e characteristics of computer viruses are:</p><p>　　infection: a computer virus as a program that can replicate itself to other normal procedures or systems of certain components, such as the disk part of th

61、e guide. This is the basic characteristic of the virus program. With the increasingly extensive network development, computer viruses can be widely disseminated through the network in a short time.</p><p>　　

62、latent: hidden in the infected system the virus does not immediately attack; the contrary, in its pre-attack, the need for a certain period of time or have certain conditions. Within the incubation period, it does not sh

63、ow any disruption of operations, making it difficult to find the virus and the virus can continue to spread. Once a virus outbreak, it can cause serious damage.</p><p>　　can be triggered: Once certain condit

64、ions, the virus began to attack. This feature can be triggered is called. Take advantage of this characteristic, we can control its transmission range and frequency of attacks. Conditions may trigger the virus is the def

65、ault date, time, file type or frequency of the computer to start.</p><p>　　damage: the damage caused by computer viruses are a wide range of - it not only undermines the computer system, delete files, change

66、 data, but also occupied system resources, such as disruption of the machine running. Its destruction of the designer's attempt to show.</p><p>　　By using the knowledge that we have learned, we can know

67、the Computer Virus Classification as follows:</p><p>　　by the parasitic Category</p><p>　　By parasitic, computer viruses can be divided into lead-virus, file virus and mixed virus. Boot virus pa

68、rasites in the disk guide meaning those parts of a computer virus. It is a common virus, the use of computer systems do not usually check the guide part of the content is correct weaknesses, and retained in memory and mo

69、nitor system operation, one has the opportunity to infection and destruction. According to the location of parasites in the disk, it can further be divided into the Master Boot</p><p>　?。?） by the conseque

70、nces of classification</p><p>　　From the consequences of watch, computer viruses can be divided into "benign" viruses and "vicious" virus. "Benign" virus would destroy data or p

71、rograms, but it will not make computer systems paralyzed. Initiator of the virus are most mischievous hackers - they created the virus is not in order to undermine the system, but in order to show off their technical cap

72、acity; Some hackers use these viruses to disseminate their political thought and ideas, such as "small ball" virus and "Ambulance car "</p><p>　　It should be noted that "dangerous&qu

73、ot; are a common feature of computer viruses. "Benign" viruses are not dangerous, but the risk of the consequences of relatively light. "Virtuous" is a relative concept. In fact, all computer viruses

74、are malignant.</p><p>　　1.4 Precaution measures on computer network security</p><p>　　In order to protect network resources, we should conduct certain ladder of management and legal instruments.

75、 Besides, we must carry out relevant technological measures aimed at the problems existed in network security to accomplish the protection for network and data. After that, regular circulation can be guaranteed and profi

76、ts of legal users can be ensured. At present, precaution measures dealing with network security treats are as follows: Firewall technology, Encryption technology, Access co</p><p>　　1.4.1 Firewall Technology

77、</p><p>　　As a present technological measure for protecting computer network security, firewall can compart local network and major network and restrict information access and transmission between protected

78、network and exterior one. </p><p>　　Firewall is the instrument that closes off unsafe factors on network topology structure and service type to improve network. What it protect is one of the modules with def

79、inite close borderline in network, while what it keep away is threat outside the protected network. As a result, it is firstly fit for specialized network in companies, especially for the connection with public network.3

80、 basic functions of firewall:</p><p>　　Filtration. It can reject TCP/IP sent by unauthorized host computer, and reject accepting the link requirement by unauthorized service.</p><p>　　Network ad

81、dresses translation. Translating IP address of inter host computer to avoiding being detected by external monitor, or we can say IP disguise. </p><p>　　Proxy Services. On behalf of host computer to make appl

82、ied connection with high level, and completely interrupt connection between inter host computer and external one in network layer.</p><p>　　What we should pay more attention to is none of the firewalls can p

83、rovide absolute protection. Firewall has boundedness, which including uselessly protects from other attacking ways outside firewall; hardly prevents the transmission of virus-contaminated software or file; barely rejects

84、 threats form internal users; scarcely prevents data-run attacks. In addition, because the secure policy of firewall is made by network administrator in company, his moral standard seems more important.</p><p&

85、gt;　　1.4.2 Encryption Technology </p><p>　　The aim of encryption is to protect data, file, password and controlling information in network, as well as protecting data transmitted in network. The process is a

86、ctually carried out by various encrypt algorithm, which obtains some kind of protection with minimum costs. In most conditions, encryption is the only way for guaranteeing the information confidential importance. Accordi

87、ng to the way to classify cipher code between information sender and accepter, encryption system can usually be divi</p><p>　　With high encryption as one of the advantages, symmetry cipher code manages diffi

88、culty by transmitting information with secure ways. The advantage of public cipher code can be made to apply to network open-ended requirements, and to fulfill digital signature and verification. However, algorithm is co

89、mplex that will make a slow speed in data encryption. With the development of modem electronic technique and encryption technology, public cipher code algorithm will gradually become the mainstream i</p><p>

90、　　Regular network data encryption has link, node and end-to-end ways. As the most common used way of encryption, link encryption can be achieved between link layer and physical layer in network with hardware. It is used

91、to protect data transmitted in communication node, transparency for users. Node encryption improves link encryption and get over defects that link encryption will be easily illegal access. It also can encrypt in protocol

92、 transport layer, and make encryption protect on data transmit</p><p>　　1.4.3 Access control technology</p><p>　　It is the main technology for network security precaution and protection. And th

93、e key mission is to make sure that network resources will not be illegal used and access. This technology regulates manipulation authority by users of every files and resources, such as readable, recordable and revisable

94、. It is expected that all of the information resources could be collectively managed, without ambiguous and confliction between ever regulations. It should be with auditing function to record all acti</p><p>

95、;　　1.4.4Virus-precaution technology </p><p>　　At present, the increasingly developed network technology has supplied various ways of transmission, so virus immensely threats network security with diversified

96、 route of transmission. Specialized anti-virus software can be considered to be the most commonly way of banishing computer virus, which can also automatically detect and delete virus in EMS memory, BIOS and disks. Howev

97、er, the exploration and renovation of anti-virus software is always far behind the appearance of branch-new virus, so i</p><p>　　Furthermore, once virus successfully get through system and penetrate or offen

98、d authorized attack, attacker usually implant cockhorse or logic bomb in system for further attacking system and providing convenient conditions. Internet challenges a lot anti-virus software. Nowandays, dozens of new vi

99、rus appear everyday, and most of them transmitted through internet. In order to efficiently protect information of enterprises, anti-virus software is supposed to support all Internet protocol and mail </p><p&

100、gt;　　1.5CONCLUSION: </p><p>　　With the rapid development of computer technology, computer has been a tool while network to be one of the important components in our daily work, study and lives. As a result,

101、network security technology has become the key point in information network development. When people step into information society, it has turned into significant strategy of social development. Network security technolo