1、计算机专业文献翻译计算机系统10.2 Some Approaches to Defense10.2.1Basic Security MeasuresAll computer systems need a set of basic security measures. Whether the system is a simple personal computer in your home or a major computer network such as the Internet, it is necessary to protect the hardware and software f
2、rom theft, destruction, and malicious acts of vandalism. security measures can be as simple as locking the door or as advanced as applying virtually unbreakable encryption techniques to data .Lets break the basic security ,surveillance, passwords, auditing, access rights, standard systems attacks, a
3、nd viruses.External security of a computer system or a computer network consists of protecting the equipment from physical damage. Example of physical damage include fire, flood, earthquakes, power sarges, and vandalism. Common sense damage prevention techniques are usually enough in many cases of e
4、xternal security. Rooms containing computer equipment should always be locked. Unauthorized persons should not be allowed into rooms containing computing equipment. Cabling, and the devices that cables plug into, should not be exposed if at all possible.If the equipment needs to be in the open for p
5、ublic access, the equipment should be locked down. Many kinds of anti-theft devices exist for locking cabinets, locking cables to cabinets, locking down keyboards, and locking peripheral devices. For example, one manufacturer makes a device that transmits a wireless signal to a pager should a comput
6、er cabinet be opened. The person carrying the pager will know immediately which cabinet is being opened so that security can be sent to the appropriate location.It is also fairly common knowledge not to place expensive computer systems in the basements of buildings. Basements can flood and are flood
7、 and are often high humidity locations. Rooms with a large number of external windows are also not advisable. Windows can let in sunshine, which can increase the temperature of a room. Computer equipment typically heats up a windowless room. With the addition of sunlight, the increase in temperature
8、 may strain the capacity of any existing air conditioning equipment. As temperatures rise, the life expectancy of computer circuits decreases. Also, external windows can increase the probability of vandalism.To prevent electrical damage to computing equipment, high-quality surge protectors should be
9、 used on all devices that require electrical current. The electrical circuits that provide power to devices should be large enough to adequately support the device without placing a strain on the electrical system. Electrical circuits that power up and down causing power fluctuation, such as large m
10、otors, should be on circuits separate from the computer devices. Finally, devices that are susceptible to damage from static electricity discharges should be properly grounded.Operational security Operational security of a computer network involves deciding, and then limiting, who can use the system
11、 and when they can use the system, Consider, for example, a large corporation in which there are many levels of employees with varying job descriptions. Employees who do not normally come in contact with sensitive data areas should not have access to sensitive data. For example if an employee simple
12、 performs data operations more than likely he or she should not be allowed access to payroll database, but more than likely do not need access to information regarding corporate research programs. A manager of an area would probably have access to much information in his or her department, but his o
13、r her access to information in other departments would likely be limited. Finally top-level executive often have access to a wide range of information within a company. However, many companies even limit information access to top-level management.Local area network and database systems provide much
14、flexibly in assigning access tights to individuals or groups of individuals, as you will see shortly. Computer network specialist, along with database administrators and someone at the top levels of management such as the Chief Information Officer(CIO), often decide how to break the company into inf
15、ormation access groups, decide who is in each group, and determine what access rights each group has. As you might recall some network operating systems, such as Novells Net-Ware and Windows NT, are very good application for creating workgroups and assigning rights.It is also possible to limit acces
16、s to a system by the time of day or the day of the week. If the primary activity in one part of your business is accessing personnel records, and this activity is only performed during working hours by employee in the personnel or human resources department, then it might be reasonable to disable ac
17、cess to personnel records after working hours, such as from 5:30 p.m. until 7:00 a.m. the next morning. Likewise, the network administrator could also deny access to this system on weekends.It may also be wise to limit remote access to a system during certain times of the day or week. With appropria
18、te limits set, someone dialing in at 2:30 a.m. to transfer funds from one account to another may signal an illegal activity. If all corporate fund transfers can only occur during typical business hours, this restriction would be reasonable to place on dial-in activity.Surveillance Although many indi
19、vidual feel surveillance is an intrusion into an individuals privacy, many network administrators feel it is a good deterrent to computer vandalism and theft. The proper placement of video cameras in key locations can both deter criminals and be used to identify criminals in the event of vandalism o
20、r theft.There are, however, other forms of surveillance in addition to capturing live action with a video camera. For example, placing a transmitter in each computer that sends a signal to a pager if the computer cabinet is opened, is a wireless from of surveillance. Using a form of surveillance cal
21、led intrusion detection ,many companies electronically monitor data flow and system requests into and out of a system. If unusual activity is noticed, protective action can be taken immediately. Intrusion detection is a growing field of study in network security. Companies that accept merchandise or
22、ders using the telephone often monitor each telephone call. Companies claim this form of surveillance can improve the quality of customer service and help settle future disputes.Passwords and ID systems Almost every system that stores sensitive or confidential data requires an authorized user to ent
23、er a password, personal Identification Number, or some other form of ID before gaining access to the system. Typically, this password or ID is something either remembered by the user or a physical feature of a user, such as a fingerprint. Technology in this area is improving rapidly as companies try
24、 to incorporate systems that are less vulnerable to fraud.Perhaps the most common form of protection from unauthorized use of a computer system is the password. Anyone accessing a computer system, banking system, or a long distance telephone system is required to enter a passwords are:(1) Online com
25、puter accounts;(2) Computer network and main frame computer access at work and school;(3) Long distance telephone credit card use;(4) Twenty-four hour automatic banking services;(5) Access to retirement accounts and banking services;(6) Access to e-mail and voicemail systems; and access to Internet
26、web sites at which a customer profile is created and stored for future transactions.Although the password is the most common form of identification, it is also one of the weakest. Too often passwords become known, or “misplaced” and fall into the wrong hands. Occasionally a password is written on pa
27、per, and the paper is discovered by the wrong people. More often, however, the password is too simple and someone else guesses it. Standard rules that an individual should follow when creating or changing a password include;(1) Change your password often;(2) Pick a good password by using at least ei
28、ght characters, mixing upper and lower case if the computer system is case sensitive, and mixing letters with numbers.(3) Dont choose passwords that are similar to first or last names, pet names , car names, or other choices that can be easily guessed.(4) Dont share your password with others; doing
29、so invites trouble and misuse. Some computer systems generate random passwords that are very difficult to guess, but are also hard to remember. Often , the user who is given a randomly generated password either changes it to something simpler, making it easier to guess, or writes it down on a piece
30、of paper, defeating the whole purpose of a secret password. Some systems also disallow obvious passwords or already used passwords, thus requiring the user to be creative and select a password that is difficult to guess.A common fallacy among computer system users is that the internal operating syst
31、em file that stores the login Ids and passwords is susceptible to intrusion. Interestingly, most computer systems store passwords in an encrusted form for which there is no known decryption. How then does the system know when you have entered the correct password? When a user enters his or her login
32、 ID and password, the password is encrypted and compared with the entry in the encrypted password file. If the two encrypted passwords match, the login is allowed. Anyone who gets access to this encrypted password file will discover only unreadable text. This encrypted technique explains why . when
33、you forget your password , a computer operator cannot simply read a file and tell you what it is. The computer operator can only reset the password to something new.Since there are so many weaknesses to the password, other forms of identification have emerged. Biometric techniques that scan something about the user, such as voice