计算机英语论文

计算机英语论文SecurityofComputerNetworkSystem班级：姓名：学号：指导教师：计算机网络安全浅析摘要：针对计算机网络系统存在的安全性和可靠性问题，本文从网络安全的重要性、理论基础、具备功能以及解决措施等方面提出一些见解，并且进行了详细阐述，以使广大用户在计算机网络方面增强安全防范意识。关键词：计算机网络虚拟专用网技术加密技术防火墙引言：随着计算机网络技术的发展，网络的安全性和可靠性已成为不同使用层次的用户共同关心的问题。人们都希望自己的网络系统能够更加可靠地运行，不受外来入侵者干扰和破坏。所以解决好网络的安全性和可靠性问题，是保证网络正常运行的前提和保障。一、网络安全的重要性。在信息化飞速发展的今天，计算机网络得到了广泛应用，但随着网络之间的信息传输量的急剧增长，一些机构和部门在得益于网络加快业务运作的同时，其上网的数据也遭到了不同程度的攻击和破坏。攻击者可以窃听网络上的信息，窃取用户的口令、数据库的信息；还可以篡改数据库内容，伪造用户身份，否认自己的签名。更有甚者，攻击者可以删除数据库内容，摧毁网络节点，释放计算机病毒等等。这致使数据的安全性和自身的利益受到了严重的威胁。根据美国FBI（美国联邦调查局）的调查，美国每年因为网络安全造成的经济损失超过170亿美元。75%的公司报告财政损失是由于计算机系统的安全问题造成的。超过50%的安全威胁来自内部。而仅有59%的损失可以定量估算。在中国，针对银行、证券等金融领域的计算机系统的安全问题所造成的经济损失金额已高达数亿元，针对其他行业的网络安全威胁也时有发生。由此可见，无论是有意的攻击，还是无意的误操作，都将会给系统带来不可估量的损失。所以，计算机网络必须有足够强的安全措施。无论是在局域网还是在广域网中，网络的安全措施应是能全方位地针对各种不同的威胁和脆弱性，这样才能确保网络信息的保密性、完整性和可用性。二、网络安全的理论基础。国际标准化组织（ISO）曾建议计算机安全的定义为：“计算机系统要保护其硬件、数据不被偶然或故意地泄露、更改和破坏。”为了帮助计算机用户区分和解决计算机网络安全问题，美国国防部公布了“桔皮书”（orangebook，正式名称为“可信计算机系统标准评估准则”），对多用户计算机系统安全级别的划分进行了规定。桔皮书将计算机安全由低到高分为四类七级：D1、C1、C2、B1、B2、B3、A1。其中D1级是不具备最低安全限度的等级，C1和C2级是具备最低安全限度的等级，B1和B2级是具有中等安全保护能力的等级，B3和A1属于最高安全等级。在网络的具体设计过程中，应根据网络总体规划中提出的各项技术规范、设备类型、性能要求以及经费等，综合考虑来确定一个比较合理、性能较高的网络安全级别，从而实现网络的安全性和可靠性。三、网络安全应具备的功能。为了能更好地适应信息技术的发展，计算机网络应用系统必须具备以下功能：（1）访问控制：通过对特定网段、服务建立的访问控制体系，将绝大多数攻击阻止在到达攻击目标之前。（2）检查安全漏洞：通过对安全漏洞的周期检查，即使攻击可到达攻击目标，也可使绝大多数攻击无效。（3）攻击监控：通过对特定网段、服务建立的攻击监控体系，可实时检测出绝大多数攻击，并采取响应的行动（如断开网络连接、记录攻击过程、跟踪攻击源等）。（4）加密通讯：主动地加密通讯，可使攻击者不能了解、修改敏感信息。（5）认证：良好的认证体系可防止攻击者假冒合法用户。（6）备份和恢复：良好的备份和恢复机制，可在攻击造成损失时，尽快地恢复数据和系统服务。SecurityofComputerNetworkSystemAbstract:Thispaperdiscussedthesecureanddependableproblemaboutthecomputernetworksystem.Onsomeaspects:theimportanceofnetworksecurity,basictheory,function,andthemethodofsolvingaproblem,etc.Goodviewsforsolvingtheproblemareputforward.Itstrengthenspeople’sconsciousnessonnetworksecurity.Keywords:ComputernetworkVirtualprivatenetworkEncryptiontechniquesFirewallIntroduction:Alongwiththecomputernetworktechnologydevelopment,thenetworksecurityandthereliabilityhavebecomethequestionofcommoninterestbyallusers.Thepeopleallhopedtheirownnetworksystemcanmovereliably,notexternalintruderdisturbanceanddestruction.Thereforesolvesthenetworksecurityandthereliableproblemcarefully,isaguaranteethenetworknormaloperation’spremiseandsafeguard.First,theimportanceofthenetworksecurity.Withtheinformationizationdevelopingfasttoday,thecomputernetworkobtainedthewidespreadapplication,butalongwiththenetworkinformationtransmissioncapacitygrowingfaster,someorganizationsanddepartmentsbenefitthespeedupwiththeserviceoperationinthenetwork,while,thedatahasalsosufferedtoextentattackanddestruction.Theaggressormayintercepttheinformationinthenetwork,stealstheuser’spassword,thedatabaseinformation;alsomaytamperwiththedatabasecontent,theforgeuser’sstatus,deniesownsignature.Andwhatismore,theaggressormaydeletethedatabasecontent,thedestroynode,releasescomputervirusandsoon.Thiscausedatasecurityandownbenefithavereceivedtheseriousthreat.AccordingtoAmericanFBI(USFederalBureauofInvestigation)investigation,thenetworksecuritycreatestheeconomiclosssurpasses17,000,000,000dollarseveryyear.75%corporationreportfinancelossisbecausethecomputersystemsecurityproblemcreates.Morethan50%safethreatcomefrominside.Butonly59%losscouldbepossibleestimate.InChina,theeconomiclossamountinviewoffinancialdomainandthebank,negotiablesecuritiescomputersystemsecurityproblemscreateshasreachedashighasseveralhundredmillionYuan,alsosometimesoccursinviewofotherprofessionnetworksecuritythreat.Thusitcanbeseen,regardlessofisthemeanattack,orunconsciousdisoperation,willallbeabletobringtheinestimablelosstothesystem.Therefore,thecomputernetworkmusthavetheenoughstrongsecuritymeasure.RegardlessofisinthelocalareanetworkorinWAN,thenetworksecuritymeasureshouldbeOmni-directionalinviewofeachkindofdifferentthreatandthevulnerability,sothatitcanguaranteethenetworkinformation’ssecrecy,theintegrityandtheusability.Second,networksecurityrationale.InternationalStandardizationOrganization(ISO)oncesuggestedthecomputersecuritythedefinitionwas:“Thecomputersystemmustprotectitshardware,thedatanotaccidentallyorrevealsintentionally,thechangeandthedestruction.”Inordertohelpthecomputeruserdiscriminationandthesolutioncomputernetworksecurityproblem,theAmericanDepartmentofDefenseannounced“theorangepeelbook”(orangebook,officialnameis“crediblecomputersystemstandardappraisalcriterion”),hascarriedonthestipulationtothemultiusercomputersystemsecurityrankdivision.Theorangepeelbookfromlowtohighdividesintothecomputersecurityfourkindsofsevenlevels:D1,C1,C2,B1,B2,B3,A1.Aboveall,D1leveldoesnothavethelowestsafetymarginrank,C1andtheC2levelhasthelowestsafetymarginrank,B1andtheB2levelhasthemediumsafekeepingofsecurityabilityrank,B3andA1belongstothehighestsecurityrating.Inthenetworkconcretedesignprocess,itshouldactaccordingtoeachtechnologystandard,theequipmenttype,theperformancerequirementaswellasthefundswhichinthenetworkoverallplanproposedandsoon,theoverallevaluationdeterminesonequitereasonably,theperformancehighnetworksecurityrank,thusrealizationnetworksecurityandreliability.Third,thenetworksecurityshouldhavefunction.Inordertoadapttheinformationtechnologydevelopmentwell,thecomputernetworkapplicationsystemmusthavefollowingfunction:Accesscontrol:Throughtothespecificwebpage,theserviceestablishmentaccesscontrolsystem,inarrivestheoverwhelmingmajorityattackimpedimentinfrontoftheattackgoal.Inspectsthesecurityloophole:Throughtosecurityloopholecyclicalinspection,evenifattacksmaygettheattackgoal,alsomaycausetheoverwhelmingmajorityattacktobeinvalid.Attackmonitoring:Throughtospecificwebpage,serviceestablishmentattackmonitoringsystem,butreal-timeexaminestheoverwhelmingmajorityattack,andadoptstheresponsethemotion(forexampleseparationnetworkconnection,recordingattackprocess,pursuitattacksourceandsoon).Encryptioncommunication:Encryptsonowninitiativethecommunication,mayenabletheaggressortounderstand,therevisionsensitiveinformation.Authentication:Thegoodauthenticationsystemmaypreventtheaggressorpretendsthevalidateduser.Backupandrestoration:Thegoodbackupandrestoresthemechanism,maycausesthelosseswhentheattack,assoonaspossiblerestoresthedataandthesystemservice.Multi-layereddefense:Theaggressorafterbreaksthroughthefirstdefenselinedelaysorblocksittoreachtheattackgoal.Setsupthesafemonitoringcenter:Providesthesecuritysystemmanagement,themonitoring,theprotectionandtheemergencycaseservicefortheinformationsystem.Fourth,thenetworksystemsafetycomprehensivesolutionmeasures.Ifwanttorealizethenetworksecurityfunction,weshouldcarryontheOmni-directionalguardingtothenetworksystem,andthusformulatethequitereasonablenetworksecurityarchitecture.Belowonthenetworksystemsecurityproblem,proposessomeguardmeasure.Physicssafemaydivideintotwoaspects:Oneistheartificialharmtothenetwork;theotheristhenetworktotheusers.Mostcommonthingistheconstructorwhodidnotunderstandtotheburiedcableclearly,thusleadtothedestructionofelectriccable,thiskindofsituationmaythroughstandingsymbolizedthesignguardsagainst;Hasnotusedthestructurizedwiringthenetworktobeabletoappeartheuserfrequentlytotheelectriccabledamage,thisneedstousethestructurizedwiringtoinstallthenetworkasfaraspossible;Artificialornaturaldisasterinfluence,whentoconsidertheplan.Theaccesscontrolsecurity,theaccesscontroldistinguishesandconfirmstheuser,limitstheuserinthealreadyactivityandtheresourcesscopewhichisauthorized.Thenetworkaccesscontrolsafemayconsiderfromfollowingseveralaspects.password:Thenetworksecuritysystemmostouterlayerdefenselineisnetworkuser'sregistering,intheregistrationprocess,thesystemwouldinspecttheusertoregisterthenameandthepasswordvalidity,onlythenthelegitimateusercanenterthesystem.Thenetworkresources’host,theattributeandthevisitjurisdiction:Thenetworkresourcesmainlyincludetheresourceswhichsharedfiles,thesharedprinter,networkusersandsoon,thatallthenetworkuserscanuse.Theresourceswerethehosttomanifestthedifferentusertotheresourcessubordinaterelations,suchasbuilder,modifierandgroupmemberandsoon.Theresourcesattributeexpresseditselfdepositandwithdrawalcharacteristics,ascanreadbywho,writeortheexecutionandsoon.Thevisitjurisdictionmainlymanifestsintheusertothenetworkresourcesavailabledegreeinusingassignsthenetworkresourcestobethehost,theattributeandthevisitjurisdictionmayeffectivelyintheapplicationcascadecontrolnetworksystemsecurity.Networksecuritysurveillance:Thenetworksurveillanceisgenerallycalledfor“thenetworkmanagement”,itsfunctionmainlyiscarriesonthedynamicsurveillancetotheentirenetworkmovementandhandleseachkindofeventpromptly.Mayunderstandsimplythroughthenetworksurveillancediscoversandsolvesinthenetworksecurityproblem,suchasthelocalizationnetworkfaultpoint,seizestheIPembezzler,thecontrolnetworkvisitscopeandsoon.Auditandtrack:Networkauditandtrackwhichisincludingthenetworkaspect,resourcesuse,networkbreakdownandsystemkeeping.Itcomposedgenerallybytwoparts:One,therecordingevent,sooneachkindofevententirelyrecordsinthedocument;Two,carriesontheanalysisandthestatisticstotherecording,thusdiscoversthequestiontobeat.Thedatatransmissionsecurity,thetransmissionsafetyrequirementsprotecttheinformationwhichistransmitting,preventedpassivelyandencroachesonowninitiative.Wemaytakethefollowingmeasuretothedatatransmission:Encryptionanddigitalsignature:Thedigitalsignaturewhichisthedatareceiverconfirmsthedatatransmissiontrulyandunmistakable,itmainlyrealizesthroughtheencryptionalgorithmandtheconfirmationagreement.Firewall:FirewallisasecuritymeasurewhichiswidespreaduseontheInternet,itmayestablishindifferentnetworkorbetweenaseriesofpartcombination.Itcanthroughthemonitor,thelimit,thechangesurmountsthefirewall’sdatastream,itexaminestheinformationinsideandoutsideasfaraspossible,sothatrealizesthenetworksafekeepingofsecurity.UserName/PasswordAuthentication:Thisauthenticationisthemostcommonlyused,itusesintheoperatingsystemregistering,telnet(long-distanceregisters)rlogin(long-distanceregisters)andsoon,butthiskindofauthenticationwayprocessdoesnotencrypt,namelypasswordismonitoredeasilyanddeciphered.Useabstractalgorithmauthentication:Radius(long-distancedigitdialingauthenticationagreement),OSPF(openingrouteagreement),SNMPSecurityProtocolandsoon,theseallusesharingSecurityKey(key),inadditiontheabstractalgorithm(MD5)carriesontheauthentication,buttheabstractalgorithmisanirreversibleprocess,therefore,intheauthenticationprocess,cannotcalculatesharingbytheabstractinformationsecuritykey,thereforethesensitiveinformationcannottransmitinthenetwork.InthemarketmainlyusestheabstractalgorithmmainlyhasMD5andSHA-1.BasedonPKIauthentication:UsesPKI(publickeysystem)tocarryontheauthenticationandtheencryption.Thismethodsafetyrateishigh,thesynthesisusedtheabstractalgorithm,hasencryptedasymmetrically,symmetricaltechnologiesandsoonencryption,digitalsignature,wellsecurityandhighlyeffectiveunion.Thisauthenticationmethodappliesatpresentintheemail,theapplicationservervisit,thecustomerauthentication,thefirewallDomainsandsoonauthentication.Thiskindofauthenticationmethodsafetyrateisveryhigh,butinvolvestothequitearduouscertificatemanagementduty.Hypothesizedprivatenetwork(VPN)technology:TheVPNtechnologymainlyprovidesonthepublicnetworkthesecuritybidirectionalcommunicationusesthetransparentdeciphermentschemetoguaranteethedatatheintegrityandthesecrecy.Summary:Generallyspeaking,thesecurityproblemwhichtransmitsregardingthecomputernetwork,wemusthavetoachievefollowingpoints.First,weshouldstrictlylimitthesysteminformationandtheresourceswhichthesurferuservisits;thisfunctionmaythroughthevisitontheservertoestablishtheNetScreenfirewalltorealize.Second,weshouldstrengthentotheuser'sstatusauthentication,andwecanuseRADIUSw