計算機安全防范方法(中英對照)

   
　　Computer crime is certain to continue．The goal of computer security is to institute controls that preserve secrecy，integrity，and availability．Sometimes these controls are able to prevent attacks；other less powerful methods can only detect a breach as or after it occurs．
　　In this section we will survey the controls that attempt to prevent exploitation of the vulnerabilities of computing systems．
   
1．Encryption
   
　　The most powerful tool in providing computer security is coding．By transforming data so that it is unintelligible to the outside observer，the value of an interception and the possibility of a modification or a fabrication are almost nullified．
    Encryption provides secrecy for data．Additionally，encryption can be used to achieve integrity，since data that cannot be read generally also cannot be changed．Furthermore，encryption is important in protocols，which are agreed-upon sequences of actions to accomplish some task．Some protocols ensure availability of resources．Thus，encryption is at the heart of methods for ensuring all three goals of computer security．
    Encryption is an important tool in computer security，but one should not overrate its importance．Users must understand that encryption does not solve all computer security problems．Furthermore，if encryption is not used properly，it can have no effect on security or can，in fact，degrade the performance of the entire system．Thus，it is important to know the situations in which encryption is useful and to use it effectively．
   
2．Software Controls
   
　　Programs themselves are the second link in computer security．Programs must be secure enough to exclude outside attack．They must also be developed and maintained so that one can be confident of the dependability of the programs．
    Program controls include the following kinds of things：
    •  Development controls，which are standards under which a program is designed，coded，tested，and maintained
    •   Operating system controls，which are limitations enforced by the operating system to protect each user from all other users
    •   Internal program controls that enforce security restrictions，such as access limitations in a database management program
    Software controls may use tools such as hardware components，encryption，or information gathering．Software controls generally affect users directly，and so they are often the first aspects of computer security that come to mind．Because they influence the way users interact with a computing system，software controls must be carefully designed．Ease of use and potency are often competing goals in the design of software controls．

3．Hardware Controls
   
　　Numerous hardware devices have been invented to assist in computer security．These devices range from hardware implementations of encryption to locks limiting access to theft protection to devices to verify users’identities．
 　1）Policies
    Some controls on computing systems are achieved through added hardware or software features，as described above．Other controls are matters of policy．In fact，some of the simplest controls，such as frequent changes of passwords，can be achieved at essentially no cost but with tremendous effect．
    Legal and ethical controls are an important part of computer security．The law is slow to evolve，and the technology involving computers has emerged suddenly．Although legal protection is necessary and desirable，it is not as dependable in this area as it would be in more well-understood and long-standing crimes[1]．
　　The area of computer ethics is likewise unclear，not that computer people are unethical，but rather that society in general and the computing community in particular have not adopted formal standards of ethical behavior．Some organizations are attempting to devise codes of ethics for computer professionals．Although these are important，before codes of ethics become widely accepted and therefore effective，the computing community and the general public need to understand what kinds of behavior are inappropriate and why．
　　2）Physical Controls
    Some of the easiest，most effective，and least expensive controls are physical controls．Physical controls include locks on doors，guards at entry points，backup copies of important software and data，and physical site planning that reduces the risk of natural disasters．Often the simple physical controls are overlooked while more sophisticated approaches are sought．
    3）Effectiveness of Controls
    Merely having controls does no good unless they are used properly．The next section contains a survey of some factors that affect the effectiveness of controls．
　　　Awareness of Problem
        People using controls must be convinced of the need for security；people will willingly cooperate with security requirements only if they understand why security is appropriate in each specific situation．Many users，however，are unaware of the need for security，especially in situations in which a group has recently undertaken a computing task that was previously performed by a central computing department[2]．
　　　Likelihood of Use
        Of course，no control is effective unless it is used．The lock on a computer room door does no good if people block the door open．During World War II code clerks used outdated codes because then had already learned them and could encode messages rapidly．Unfortunately，the opposite side had already broken some of those codes and could decode those messages easily．
    Principle of Effectiveness．Controls must be used to be effective．They must be efficient，easy to use，and appropriate．
    This principle implies that computer security controls must be efficient enough，in terms of time，memory space，human activity，or other resources used，so that using the control does not seriously affect the task being protected．Controls should be selective so that they do not exclude legitimate accesses．
   
4．Overlapping Controls
         
　　Several different controls may apply to one exposure．For example，security for a microcomputer application may be provided by a combination of controls on program access to the data，on physical access to the microcomputer and storage media，and even by file locking to control access to the processing programs[3]．This situation is shown in Fig. 18-3．

      
   
5．Periodic Review
       
　　Few controls are permanently effective．Just when the security specialist finds a way to secure assets against certain kinds of attacks，the opposition doubles its efforts in an effort to defeat the security mechanism．Thus，judging the effectiveness of a control is an ongoing task．

NOTES
[1]主句中前面一個it代表legal protection；as... as it...為同等比較。
[2]a group暗示many users。
[3]該長句實際上是一個簡單句，只是方式狀語有兩個并列成分by a combination...和even by file...。

KEYWORDS
encryption     加密

EXERCISES
1．True / False．
（1）            The most powerful tool in providing computer security is coding．
（2）            Some less powerful methods of defense are able to prevent attacks．
（3）            Encrypted data is unintelligible to the outside observer．
（4）            We can’t overrate encryption’s importance．
（5）            Development controls are limitations by the operating system．
（6）            Access limitations in a data base management program are internal program controls．
（7）            Ease of use and potency are often cooperative goals in the design of sof-tware controls．
（8）            Policies in hardware controls are complex controls．
（9）            Legal protection is not as dependable in computing area．
（10）           The area of computer ethics is likewise unclear．
（11）           Control is effective unless it is used．
（12）           Overlapping controls combined several different controls to one expos-ure．

2．Fill in the blanks with appropriate words or phrases．
（1）The goal of computer security is to preserve             ．
（2）Methods of defense provided in this text include             ．
（3）Encryption can be used to achieve              of data．
（4）Some              ensure availability of resources．
（5）Types of abuse in computing systems include             ．
（6）             of programs must be confident in the development and maintenance of the programs．
（7）Tools used by software controls involve             ．
（8）Hardware controls include             ．
（9）The simplest control in policies is             ．
（10）Physical controls in computing systems include              of important software and data．
（11）Factors that affect the effectiveness of controls are             ．
（12）Principle of Effectiveness means that computer security controls must be efficient enough，in terms of             ．
　　　a．hardware components，encryption，or information gathering
　　　b．backup copies
　　　c．secrecy，integrity，and availability
　　　d．frequent changes of passwords
　　　e．confident
　　　f．integrity
　　　g．awareness of problem and likelihood of use
　　　h．encryption，software controls，hardware controls，overlapping controls and periodic review
　　　i．hardware，software and data
　　　j．time，memory space，human activity，or other resources used
　　　k．hardware implementations of encryption，locks limiting access to theft protection and devices to verify users’ identities
      l．protocols

答案：
1．
（1）t　　�。�2）f  �。�3）t  （4）t
（5）f  　�。�6）t  �。�7）f  （8）f
（9）t  　�。�10）t  �。�11）f  （12）t
2．
（1）c  　�。�2）h  �。�3）f  （4）1
（5）i  　�。�6）e  �。�7）a  （8）k
（9）d  　�。�10）b  �。�11）g  （12）j

翻譯：

防范方法
   
　　計算機犯罪肯定還會繼續發生。計算機安全防范的目的是對系統進行控制，以保證系統的安全性、完整性和可用性。有時這些控制措施可以防止攻擊；另外一些不太有效的方法就只能在事件出現以后將之檢測出來。
    本節將看到防止計算機系統脆弱性為人所利用的控制方法。
    1．加密
    保證計算機安全的最有效的工具是編碼。將數據進行變換，使外界看起來都是無規律的，這樣截獲的數據就無用、修改或偽造的可能性都將化為烏有。
    加密用于數據保密。加密的數據一般不能讀出，也不能更改，因而能保證數據的完整性。另外，加密在協議中也是重要的，因為協議是為完成某項任務而制定的一系列規定。某些協議保證了資源的可用性。因而加密是為達到3個計算機安全目標所使用的各種方法的核心。
    加密是計算機安全的重要工具，但有時也不能對它估計過高。用戶應該知道加密并不能解決計算機所有的安全問題，甚至于如果加密使用不當，不但對安全沒有作用，還會降低整個系統的性能。因而了解在什么情況下加密有用和有效是很重要的。
    2．軟件控制
    程序本身是計算機安全中的第二個環節，程序必須足夠安全以抵御外界攻擊。程序的開發和維護必須能保證程序的可信度。
    程序控制包括以下幾種。
 開發控制，指程序設計、編碼、測試和維護的標準化行為；
 操作系統控制，限制由操作系統強制實施，以防止其他用戶對某一用戶的干擾；
 內部程序控制，強調安全限制，如對數據庫管理程序的訪問限制。
    軟件控制要使用如硬件部件、加密或信息采集等工具。一般來講，軟件控制會直接影響用戶，因而是計算機安全中首先要考慮的。因為軟件控制直接影響了用戶與計算機系統交互的方法，故必須認真設計。在進行軟件控制設計時，容易使用和效能通常是相互矛盾的兩個目標。
    3．硬件控制
    人們已經研制成了有助于計算機安全的大量硬設備，這些設備包括加密算法的硬件實現、防盜竊的限制訪問加鎖、驗證用戶身份的設備。
    1）策略
    對計算機系統的控制，有些是通過前面所敘述的增加硬件或軟件功能來實現的，有些控制可以靠策略來解決。事實上．某些最簡單的控制，如頻繁更換口令，可以基本上不花錢而得到意想不到的效果。
    法律和倫理控制是計算機安全的重要部分。法律的變化是很慢的，而包括計算機在內的技術發展是很快的。盡管需要法律保護，也希望有法律保護，但在這一領域里的法律保護并不像在其他易于理解而又典型的案例中那樣可信。
    計算機在倫理上同樣是不清晰的。這并不是說計算機人員不講倫理，而是一般說來，社會和實際的計算機界并不承認通常的道德行為標準。某些部門正試圖發明用于計算機行業的倫理代碼。雖然這些是很重要的，但在倫理代碼被廣泛接受和有效使用之前，計算機界和公共社會需要了解哪些行為是不適合的以及為什么。
    2）實際控制
    某些實際控制方法是最容易、最有效和最省錢的。實際控制包括加門鎖、在入口處設警衛、重要軟件和數據的后備復制以及為減少自然災害風險所進行的場地設計。在尋求更先進的方法時，人們往往會忽略最簡單的控制方法。
    3）控制的效用
    除非使用得當，否則有些控制并不很有效。下面介紹影響控制效用的一些因素。
 認識問題。
        　使用這些控制方法的人必須認識安全的必要性；人們只有懂得為什么在各種場合下都要考慮安全性時，他們才會按照安全的要求去做。然而，有很多用戶沒有認識到安全的重要性，特別是在某一部門現承擔的計算任務以前都是由計算中心完成的情況下更是如此。
 使用的可能性。
        　當然，控制如果不使用是沒有效果的。將計算機房門鎖上并不是好辦法，因為人們可以把門打開。第二次世界大戰期間，編碼員使用過時的代碼，是由于他們已經學會了使用它們并且能很快地用之對電文編碼。不幸的是敵方已經破譯了某些代碼并且能很容易地譯出那些電文。
 有效性原理。
        　必須使用有效、高效的，容易使用而且恰如其分的控制。
    這一原理表明，在時間、存儲空間、人的活動或其他所用的資源方面，控制計算機的安全必須足夠高效，以使得使用控制手段時對所保護的工作影響并不嚴重�？刂品椒☉�該是有選擇的，這樣可以不排斥合法的計算機訪問。
    4．重疊控制
    幾種不同的控制方法可以共同應用到一個方向。例如，微機應用程序的安全可由對程序訪問數據的控制和對計算機和存儲媒體的實際訪問控制的組合來提供，甚至由對處理程序的控制訪問文件加鎖來提供，這種狀況如圖18-3所示。
    5．定期評審
    控制方法很少是永久有效的。當安全專家剛剛找到了一種抵御某些攻擊的方法時，對方又變本加厲地試圖挫敗這種安全機制。因此，判斷一種控制的有效性是一個應持續進行的工作。

文章來源于領測軟件測試網 http://www.kjueaiud.com/

TAG: 安全防范