《計算機科學(xué)導(dǎo)論》課件Unit-13-Security_第1頁
《計算機科學(xué)導(dǎo)論》課件Unit-13-Security_第2頁
《計算機科學(xué)導(dǎo)論》課件Unit-13-Security_第3頁
《計算機科學(xué)導(dǎo)論》課件Unit-13-Security_第4頁
《計算機科學(xué)導(dǎo)論》課件Unit-13-Security_第5頁
已閱讀5頁,還剩93頁未讀 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領(lǐng)

文檔簡介

Unit13SecurityUnit13213-1SecurityGoals13-2SecurityThreats13-3SecurityServices13-4Cryptography13-5KeyTerms13-6Summary13-7PracticeSetOUTLINE213-1SecurityGoalsOUTLINE3UnderstandQuantumcryptographyandSteganographyList

SecurityServicesAfterreadingthischapter,youaresupposedto

beableto:OBJECTIVESUnderstandSymmetric-KeyCryptographyandAsymmetric-KeyCryptographyUnderstandtheconceptoftheInformationSecurity.Understand

SecurityThreatsDescribethesecuritygoalsandtheCIAtraid3UnderstandQuantumcryptograp4InformationSecurityCIAtraid13-1SecurityGoals413-1SecurityGoalsInformationsecurity【信息安全】istheprocessofprotectingsensitiveinformation

fromunauthorizedaccess,modification,inspection,recording,use,disclosure,destruction,ordisruption,toensureitsavailability【可用性】,confidentiality【機密性】,andintegrity【完整性】Thetraditionalinformationsecurityprinciplesareconfidentiality,

integrity

andavailability,alsoknownasthe

CIAtriad【CIA三元組】InformationSecurityInformationsecurity【信息安全】isConfidentiality

Ininformationsecurity,confidentialityensuresthatinformationisnotmadeavailableordisclosedtounauthorizedparties.Integrity

Ininformationsecurity,dataintegrity【數(shù)據(jù)完整性】definestheleveloftrustyoucanhaveintheinformation.Thismeansthatdatacanbemodifiedonlybyappropriatemechanisms.Availability

Ininformationsecurity,availabilitymeansthatappropriateinformationmustbe

availabletoauthorizeduserswhenitisneeded.CIAtraidCIAtraid7MalwareSecurityAttacksOtherSecurityThreats13-2SecurityThreats713-2SecurityThreatsMalware【惡意軟件】,shortformalicioussoftware,isanysoftwarethatisharmfultoacomputeruser.Malwareincludescomputer

viruses【病毒】,

worms【蠕蟲】,

Trojanhorses【特洛伊木馬】,bots,spyware【間諜軟件】,adware,bugs,ransomware【勒索軟件】,rootkit,andothermaliciousprograms.MalwareMalwareAvirusisaprogramthatiscapableofembeddingacopyofitselfintoanotherprogram.Awormissimilartovirusinthatitusesanetworktoreplicatecopiesofitselfontoothercomputers.MalwareMalwareATrojanhorse,commonlyknownasaTrojan,isaprogramthatappearstobehelpful,butactuallycausesproblemsonthecomputeronwhichitisexecuting.Spywareissoftwarethataidsingatheringinformationaboutapersonororganizationwithouttheirknowledge.MalwareMalwarepasswordguessingattack【密碼猜測攻擊】Inthisattack,passwordguessingisperformedbyrepeatedlytryingtologintoasystemorapplicationusingdifferentpasswords.phishingattack【釣魚攻擊】Inthisattack,usersmayreceiveadeceptiveemailsentbytheattacker,oftencontaininglinkstomaliciouswebsites.SecurityAttacksSecurityAttacksspoofing【電子欺騙】

Spoofingisatechniqueinwhichoneperson,programoranaddresssuccessfullymasqueradesasanotherbyfalsifyingthedatawiththepurposeofunauthorizedaccess.bufferoverflowattack【緩存溢出】

Inbufferoverflowattack,aprogramattemptstoputmoredatainabufferthanitcanhold,resultinginoverrunningthebuffer’sboundaryandoverwritingtheadjacentmemorylocations.SecurityAttacksSecurityAttacksdenialofservice(DoS)【拒絕服務(wù)攻擊】

Adenialofservice(DoS)attackisdesignedtomakeamachineornetworkresourceessentiallyuselesstoitsintendedusersbyfloodingitwithlargequantitiesofexternalcommunicationrequestsoruselesstrafficthatkeepthewebsitetoobusytoservicethelegitimateusersthataretryingtoaccessit.SecurityAttacksSecurityAttacksCloudSecurityThreatsThekeyconcerninthecloudthatholdsbackcloudmigrationforsomeITdepartmentsisthesecurityoftheirdata.MobileSecurityThreatsMobilesecurity

threatsincludebothphysicalandsoftware-basedthreatsthatcancompromisethedataon

smartphones,

tablets

andsimilar

mobiledevices.Mobilesecuritythreatsincludeeverythingfrommobileformsof

malware

and

spyware

tothepotentialforunauthorizedaccesstoadevice’sdata,particularlyinthecaseofaccidentallossortheftofthedevice.OtherSecurityThreatsOtherSecurityThreatsIoTSecurityThreatsSomeofthesecurityissuesinIoTdevicesare:useofweakpasswordsonIoTdevices;insecurewebinterfaces;floodingattacks;blackholes;exhaustionofbattery;lackofdataencryptiontechniques【數(shù)據(jù)加密技術(shù)】;cloudcontrolinterfaces;jamming;tampering/forging,insufficientauthorization;sniffingnetworktraffic;andinadequatesoftwareprotectionetc.OtherSecurityThreatsOtherSecurityThreats16AccessControlAntivirusSoftware13-3SecurityServices1613-3SecurityServicesOnceprovidingyourusernameandpassword,youareperforminguserauthentication【用戶認證】.Meanwhile,theusernameandpasswordmakeuptheauthenticationcredentials【認證證書】.Authenticationistheactofverifyingsomeone’sidentity.Inthefollowingsection,fourgeneraltypesofauthenticationcredentialswillbeintroduced:username【用戶名】andpassword【密碼】CAPTCHA【驗證碼】smartcards【智能卡】fingerprintanalysis【指紋分析】AccessControlAccessControlApasswordisasecretword,phrase,orastringofcharactersthatmustbeusedforuserauthenticationtoproveidentityandallowaccesstoaresource.AccessControlApasswordisasecretword,pACAPTCHAisachallenge-responsetestmostoftenplacedwithinwebpagestoverifyusersashuman.Forexample,humanscanreadtextorfiguresfromdistortedpicturesastheoneshowninabovefigure,butcurrentcomputerprogramscan't.AccessControlACAPTCHAisachallenge-respoAsmartcardistamper-resistantcardthathasembeddedintegratedcircuits.Thecardcanbeprogrammedtoself-destructifabadguytriestogainaccesstotheinformationstoredonit.AccessControlAsmartcardistamper-resistaFingerprintanalysiscomparesascannedfingerprinttoastoredcopyoftheauthorizeduser'sfingerprint.Itisconsideredamuchstrongerlevelofverificationthanusernameandpassword,andhasbecomemuchmorepopularinrecentyears.AccessControlFingerprintanalysiscomparesAntivirussoftware【殺毒軟件】iscomputersoftwaredesignedtodetectandremovemaliciouscodeorsoftware.Traditionalantivirussoftwareusessignaturestoidentifymalware.AntivirusSoftwareAntivirussoftware【殺毒軟件】iscoSomemoresophisticatedantivirussoftwareusesheuristicanalysis【啟發(fā)式分析】topotentialmaliciouscode.Antivirussoftwarehassomedrawbacks,suchasitcanimpactacomputer'sperformance.What'smore,asantivirussoftwareitselfusuallyrunsatthehighlytrustedkernelleveloftheoperatingsystem,itcreatesapotentialavenueofattack.AntivirusSoftwareAntivirusSoftwareAntivirusSoftwareComparisonof

variousantivirussoftwaresAntivirusSoftwaresPerformanceCharacteristicAntivirusBilityPopularityRisingFullinterception【全面監(jiān)控】,Quickresponse【快速響應(yīng)】Startoverbeforesystemprogram,Occupyalotofresources☆☆☆☆☆☆NortonTwo-wayfirewall【雙向防火墻】,Heuristictechnology【啟發(fā)式技術(shù)】Comprehensiveinformationsafeguardsystem,Intelligentvirusanalysistechnology,Self-protectiveechanism☆☆☆☆☆☆☆☆☆A(yù)ntivirusSoftwareComparisonoAntivirusSoftwareComparisonof

variousantivirussoftwaresAntivirusSoftwaresPerformanceCharacteristicAntivirusBilityPopularityKasperskyHeuristicanalysis【啟發(fā)式分析】,Antispammechanism【反垃圾機制】Runinbackgroundmode,Requirecomputerwithhighstandardconfiguration☆☆☆☆☆☆☆☆☆☆KingsoftHeuristictechnology,Codeanalysis【代碼分析】Real-timemonitoring,Checkforvirusesoncompressedfile【壓縮文件】☆☆☆☆☆☆☆☆A(yù)ntivirusSoftwareComparisonoAntivirusSoftwareComparisonof

variousantivirussoftwaresAntivirusSoftwaresPerformanceCharacteristicAntivirusBilityPopularity360SecurityFixweaknessesinsystems,Privacyprotection,Cleantraces【清理痕跡】360Trojanfirewall,360heuristicengine,QVMengine☆☆☆☆☆☆☆☆☆A(yù)viraAntiVirAntiVir【病毒防護】,AntiSpyware【間諜軟件防護】,AntiRootkit【惡意軟件防護】,AntiPhishing【鏈接掃描】Easytoinstall,Occupylittleresources,☆☆☆☆☆☆☆☆A(yù)ntivirusSoftwareComparisonoAntivirusSoftwareComparisonof

variousantivirussoftwaresAntivirusSoftwaresPerformanceCharacteristicAntivirusBilityPopularityAVG(Grisoft)EmailScanner【郵件掃描】,CommunityprotectionNetwork,Real-TimeOutbreakDetectionAdvancedartificialintelligenceonPC,Instantlyconvertseverynewthreat☆☆☆☆☆☆☆A(yù)ntivirusSoftwareComparisonoSecurityinformationandeventmanagement(SIEM)systemcombinessecurityinformationmanagement(SIM)andsecurityeventmanagement(SEM).ASEMsystemsupportsreal-timeanalysisandcorrelatesevents,whichcanhelpthesecurityanalysttotakedefensiveactions.ASIMsystemcollectsdata(suchaseventlogs,systemlogs,transactionrecords)intoacentralizedloggingrepositoryfortrendanalysisandprovidesautomatedreportingforcomplianceandcentralizedreporting.Securityinformationandeventmanagementsupportsreal-timeanalysisandcorrelatesevents,whichcanhelpthesecurityanalysttotakedefensiveactions

SecurityinformationandeventAsecurityoperationscenter(SOC)isacentralizedunitwhereenterpriseinformationsystemslikewebsites,databases,datacenters,servers,networks,applications,desktops,andotherendpointsaremonitored,assessed,anddefended.CloudSOC:Itmonitorscloudserviceusewithinanorganization,enablessecurityoforganization’scloudapps,andauditapplicationlogsviaSIEMsystems,forexample,IBMRadar,HPArcSight,andsoon.Securityoperationscentersupportsreal-timeanalysisandcorrelatesevents,whichcanhelpthesecurityanalysttotakedefensiveactions

Asecurityoperationscenter(30Symmetric-KeyCryptographyAsymmetric-KeyCryptographyHushFunctionsComparisonofMethodsOtherCryptographyMethods13-4Cryptography3013-4CryptographyCryptographyisanimportantcomponentofachievingsecuritygoals.Carefulimplementationofcryptographyinapplications,alongwithwell-designedandcorrectlydeployedsoftware,goodpoliciesandprocedures,andphysicalsecurity,canresultinrealsecurity.Inthissection,wewilldiscussimportantcryptographyconceptsaswellassomeofthecurrentcryptographyapproaches.CryptographyCryptographyisanimportantcSymmetric-keycryptography【對稱密鑰加密】issometimescalled

private-key【私有密鑰加密】,secret-key,single-key,shared-key,orone-keycryptography.Itusesthesamecryptographickeysforbothencryptionofplaintextanddecryption【解密】ofciphertext【密文】.(Incryptography,encryptionistheprocessofconvertingoriginalformofmessage,referredtoasplaintextintoaformwhosemeaningisnotobvious,calledciphertext.Ontheotherhand,decryptionisthereverseprocess.)Itrequiresthatbothpartieshaveaccesstothesharedsecretkey.Symmetric-key

CryptographySymmetric-keycryptography【對稱密Symmetric-keycryptography【對稱密鑰加密】issometimescalled

private-key【私有密鑰加密】,secret-key,single-key,shared-key,orone-keycryptography.Itusesthesamecryptographickeysforbothencryptionofplaintextanddecryption【解密】ofciphertext【密文】.(Incryptography,encryptionistheprocessofconvertingoriginalformofmessage,referredtoasplaintextintoaformwhosemeaningisnotobvious,calledciphertext.Ontheotherhand,decryptionisthereverseprocess.)Symmetric-key

CryptographySymmetric-keycryptography【對稱密Itrequiresthatbothpartieshaveaccesstothesharedsecretkey.Herewepresent3symmetric-keyencryptionalgorithms:DataEncryptionStandard(DES)【數(shù)據(jù)加密標準】TripleDESAdvancedEncryptionStandard(AES)【高級加密標準】Symmetric-key

CryptographySymmetric-keyCryptographyDataEncryptionStandard(DES)

isapredominantsymmetric-keyalgorithmthatwasadoptedin1977bytheNationalInstituteofStandardsandTechnology(NIST)【美國國家標準技術(shù)研究所】.DESisa64-bitblockcipher,usinga56-bitkeytocustomizetransformation.Therewasatime,DESwasprobablyAmerica'smostwidelyusedsymmetricencryptionalgorithm,notonlyinthefinancialarea,butalsoinotherindustriesaswell.However,today,DESisquitevulnerabletobruteforce【暴力攻擊】attack(tryingeverypossiblekeyconsecutively).Symmetric-key

CryptographyDataEncryptionStandard(DES)TripleDESappliesthe

DEScipheralgorithmthreetimesandusesadifferentkeyforatleastoneofthethreepasses

achievingahigherlevelofsecurity.AdvancedEncryptionStandard(AES)wasadoptedasareplacementforDESin2001.AESsupportskeylengthsof128-bit,192-bitor256-bit,makingitexponentiallystrongerthanthe56-bitkeysizeofDES.Symmetric-key

CryptographySymmetric-keyCryptographyAsymmetrickeycryptography【非對稱密鑰加密】issometimescalledpublic-keyencryption【公鑰加密】.Inasymmetrickeycryptography,eachuserhasapairofkeysthatarerelatedmathematically.Itisacomplexrelationshipthatamessageencryptedwithonekeycanbedecryptedonlywiththecorrespondingpartnerkey.What'smore,onekeyisdesignedasthepublickey,whichcanbefreelydistributed,andtheotherkeyistheprivatekey.Herewepresenttworepresentativeasymmetricencryptionalgorithms,namely,RSA(Rivest-Shamir-Adleman)andECC【橢圓加密算法】(Ellipticcurvecryptography).Asymmetric-key

CryptographyAsymmetrickeycryptography【非RSAisthemostinfluentialpublic-keycryptosystemsandiswidelyusedforsecuredatatransmission.ThemathematicalpropertiesoftheRSAalgorithmarebasedonasimplenumbertheory:Multiplyingtwolargeprimenumbers【質(zhì)數(shù)】isveryeasy,butitisextremelydifficulttofactor【分解因子】theirlargeproducts.Butwiththerapiddevelopmentofdistributedcomputing【分布式計算】andquantumcomputertheory【量子計算機理論】,thesecurityofRSAencryptionhasbeenchallenged.Asymmetric-key

CryptographyRSAisthemostinfluentialpuECCisanothermathematicalapproachtobuildapublickeycryptosystemandwasoriginallyproposedbyKoblitzandMillerin1985.Asanewencryptionmethod,ellipticcurveencryption(ECC)algorithmhasbecomeamainstreamapplicationgraduallyine-commerce,smartcards,securedatabase,andsoon.Asymmetric-key

CryptographyAsymmetric-keyCryptographyHashfunctions【散列函數(shù)】,alsocalledone-wayencryption【單向加密】ormessagedigests【信息摘要】,arealgorithmsthatusenokey.Instead,afixed-lengthhashvalueiscomputedbasedupontheplaintext.Hashalgorithms【哈希算法】areusedtoverifythatthecontentsofthefilehavenotbeenmodifiedbyavirusoranintruder.HushFunctionsHashfunctions【散列函數(shù)】,alsocalHashalgorithmsarewidelyusedtoday.ThemostcommononeisMD5(MessageDigestAlgorithm)【消息摘要算法第五版】andSHA-1(SecureHashAlgorithm1)【安全散列算法1】MD5isawidelyusedcryptographichashfunctionusedforverificationofdataintegritythroughthecreationofa128-bit(16-byte)hashvalue.Thisfunctionensuresthattheinformationtransmissioniscompleteandconsistent.SHA-1isacryptographichashfunction,designedbyNSA(NationalSecurityAgency),alongwithNIST(NationalInstituteofStandardsandTechnology)andwasaUSFederalInformationProcessingStandard.SHA-1hasahighersecurity,androbustnessthanMD5.HushFunctionsHashalgorithmsarewidelyuseComparisonofMethodsComparisonofMethodsOtherCryptographyMethodsQuantumcryptographyQuantumcryptography【量子密碼學(xué)】isthescienceofexistingknowledgeofphysicsandquantummechanicstoperformcryptographictasksinasecurecryptosystem.Ittransmitsasequenceofrandombitsonanopticalnetworkandalsoverifiesifthissequencewasinterceptedornot.Thesecuritymodelofquantumcryptographyreliesmoreonlawsofquantumphysics,ratherthanmathematics.Thepracticallimitationofquantumcryptographyisitsnecessaryrequirementofopticalchannelbetweenthesenderandthereceiver.OtherCryptographyMethodsQuanOtherCryptographyMethodsSteganographySteganography【隱寫術(shù)】isthescienceofconcealinginformation.Generally,thehiddenmessagesappeartobesomethingelse:images,articles,shoppinglists,orsomeothercovertext.Insteganography,notonlythecontentsofthemessageareconcealedbutalsothefactthatasecretmessageisbeingsent.OtherCryptographyMethodsSteg4513-5KeytermsInformationsecurityCIAtriadMalwareviruswormTrojanhorseSpywarepasswordguessingattackphishingattackphishingattackbufferoverflowattackdenialofserviceMD5CAPTCHAsmartcards4513-5KeytermsInformationse4613-5KeytermsfingerprintanalysisusernamandpasswordAntivirussoftwareCryptographySymmetric-KeyCryptographyAsymmetric-KeyCryptographytripleDESAESDESRSAECCHushFunctionsQuantumcryptographySteganographySHA-14613-5Keytermsfingerprintan4713-6SummaryWementionedtheCIAtriad:confidentiality,integrityandavailability.Avirusisaprogramthatembedsacopyofitselfandinsertsthosecopiesintootherprograms.Awormisatypeofvirusthatusesanetworktocopyitselfontoothercomputers.Cryptographyisthestudyofmathematicallyencodinganddecodingmessages.Symmetric-keycryptographyusesthesamecryptographickeysforbothencryptionofplaintextanddecryptionofciphertext.4713-6SummaryWementionedthe4813-6SummaryInasymmetrickeycryptography,eachuserhasapairofkeysthatarerelatedmathematically.Hashfunctions,alsocalledone-wayencryptionormessagedigests,arealgorithmsthatusenokey.Quantumcryptographyisthescienceofexistingknowledgeofphysicsandquantummechanicstoperformcryptographictasksinasecurecryptosystem.Steganographyisthescienceofconcealinginformation.4813-6Summary4913-7PracticeSetREVIEWQUESTIONSMULTIPLE-CHOICEQUESTIONSEXERCISESPleaseSubmityourcompletedhomework:forCivilEngineering,Elite[ei'li:t;?'li:t]andSelectedStudents(mustcompletealltaught&numberedpracticesets,所有練習(xí)題都要做) to….forFinanceandEnvironmentalEngineeringstudents(mustcompletealltaught&numberedpracticesets,所有練習(xí)題都要做);ForeignStudents(completetaughtoddnumberedPracticeSetsonly(say,1,3,5,…),butyouarewelcometodoallsets) to….4913-7PracticeSetREVIEWQUES

Unit13SecurityUnit135113-1SecurityGoals13-2SecurityThreats13-3SecurityServices13-4Cryptography13-5KeyTerms13-6Summary13-7PracticeSetOUTLINE213-1SecurityGoalsOUTLINE52UnderstandQuantumcryptographyandSteganographyList

SecurityServicesAfterreadingthischapter,youaresupposedto

beableto:OBJECTIVESUnderstandSymmetric-KeyCryptographyandAsymmetric-KeyCryptographyUnderstandtheconceptoftheInformationSecurity.Understand

SecurityThreatsDescribethesecuritygoalsandtheCIAtraid3UnderstandQuantumcryptograp53InformationSecurityCIAtraid13-1SecurityGoals413-1SecurityGoalsInformationsecurity【信息安全】istheprocessofprotectingsensitiveinformation

fromunauthorizedaccess,modification,inspection,recording,use,disclosure,destruction,ordisruption,toensureitsavailability【可用性】,confidentiality【機密性】,andintegrity【完整性】Thetraditionalinformationsecurityprinciplesareconfidentiality,

integrity

andavailability,alsoknownasthe

CIAtriad【CIA三元組】InformationSecurityInformationsecurity【信息安全】isConfidentiality

Ininformationsecurity,confidentialityensuresthatinformationisnotmadeavailableordisclosedtounauthorizedparties.Integrity

Ininformationsecurity,dataintegrity【數(shù)據(jù)完整性】definestheleveloftrustyoucanhaveintheinformation.Thismeansthatdatacanbemodifiedonlybyappropriatemechanisms.Availability

Ininformationsecurity,availabilitymeansthatappropriateinformationmustbe

availabletoauthorizeduserswhenitisneeded.CIAtraidCIAtraid56MalwareSecurityAttacksOtherSecurityThreats13-2SecurityThreats713-2SecurityThreatsMalware【惡意軟件】,shortformalicioussoftware,isanysoftwarethatisharmfultoacomputeruser.Malwareincludescomputer

viruses【病毒】,

worms【蠕蟲】,

Trojanhorses【特洛伊木馬】,bots,spyware【間諜軟件】,adware,bugs,ransomware【勒索軟件】,rootkit,andothermaliciousprograms.MalwareMalwareAvirusisaprogramthatiscapableofembeddingacopyofitselfintoanotherprogram.Awormissimilartovirusinthatitusesanetworktoreplicatecopiesofitselfontoothercomputers.MalwareMalwareATrojanhorse,commonlyknownasaTrojan,isaprogramthatappearstobehelpful,butactuallycausesproblemsonthecomputeronwhichitisexecuting.Spywareissoftwarethataidsingatheringinformationaboutapersonororganizationwithouttheirknowledge.MalwareMalwarepasswordguessingattack【密碼猜測攻擊】Inthisattack,passwordguessingisperformedbyrepeatedlytryingtologintoasystemorapplicationusingdifferentpasswords.phishingattack【釣魚攻擊】Inthisattack,usersmayreceiveadeceptiveemailsentbytheattacker,oftencontaininglinkstomaliciouswebsites.SecurityAttacksSecurityAttacksspoofing【電子欺騙】

Spoofingisatechniqueinwhichoneperson,programoranaddresssuccessfullymasqueradesasanotherbyfalsifyingthedatawiththepurposeofunauthorizedaccess.bufferoverflowattack【緩存溢出】

Inbufferoverflowattack,aprogramattemptstoputmoredatainabufferthanitcanhold,resultinginoverrunningthebuffer’sboundaryandoverwritingtheadjacentmemorylocations.SecurityAttacksSecurityAttacksdenialofservice(DoS)【拒絕服務(wù)攻擊】

Adenialofservice(DoS)attackisdesignedtomakeamachineornetworkresourceessentiallyuselesstoitsintendedusersbyfloodingitwithlargequantitiesofexternalcommunicationrequestsoruselesstrafficthatkeepthewebsitetoobusytoservicethelegitimateusersthataretryingtoaccessit.SecurityAttacksSecurityAttacksCloudSecurityThreatsThekeyconcerninthecloudthatholdsbackcloudmigrationforsomeITdepartmentsisthesecurityoftheirdata.MobileSecurityThreatsMobilesecurity

threatsincludebothphysicalandsoftware-basedthreatsthatcancompromisethedataon

smartphones,

tablets

andsimilar

mobiledevices.Mobilesecuritythreatsincludeeverythingfrommobileformsof

malware

and

spyware

tothepotentialforunauthorizedaccesstoadevice’sdata,particularlyinthecaseofaccidentallossortheftofthedevice.OtherSecurityThreatsOtherSecurityThreatsIoTSecurityThreatsSomeofthesecurityissuesinIoTdevicesare:useofweakpasswordsonIoTdevices;insecurewebinterfaces;floodingattacks;blackholes;exhaustionofbattery;lackofdataencryptiontechniques【數(shù)據(jù)加密技術(shù)】;cloudcontrolinterfaces;jamming;tampering/forging,insufficientauthorization;sniffingnetworktraffic;andinadequatesoftwareprotectionetc.OtherSecurityThreatsOtherSecurityThreats65AccessControlAntivirusSoftware13-3SecurityServices1613-3SecurityServicesOnceprovidingyourusernameandpassword,youareperforminguserauthentication【用戶認證】.Meanwhile,theusernameandpasswordmakeuptheauthenticationcredentials【認證證書】.Authenticationistheactofverifyingsomeone’sidentity.Inthefollowingsection,fourgeneraltypesofauthenticationcredentialswillbeintroduced:username【用戶名】andpassword【密碼】CAPTCHA【驗證碼】smartcards【智能卡】fingerprintanalysis【指紋分析】AccessControlAccessControlApasswordisasecretword,phrase,orastringofcharactersthatmustbeusedforuserauthenticationtoproveidentityandallowaccesstoaresource.AccessControlApasswordisasecretword,pACAPTCHAisachallenge-responsetestmostoftenplacedwithinwebpagestoverifyusersashuman.Forexample,humanscanreadtextorfiguresfromdistortedpicturesastheoneshowninabovefigure,butcurrentcomputerprogramscan't.AccessControlACAPTCHAisachallenge-respoAsmartcardistamper-resistantcardthathasembeddedintegratedcircuits.Thecardcanbeprogrammedtoself-destructifabadguytriestogainaccesstotheinformationstoredonit.AccessControlAsmartcardistamper-resistaFingerprintanalysiscomparesascannedfingerprinttoastoredcopyoftheauthorizeduser'sfingerprint.Itisconsideredamuchstrongerlevelofverificationthanusernameandpassword,andhasbecomemuchmorepopularinrecentyears.AccessControlFingerprintanalysiscomparesAntivirussoftware【殺毒軟件】iscomputersoftwaredesignedtodetectandremovemaliciouscodeorsoftware.Traditionalantivirussoftwareusessignaturestoidentifymalware.AntivirusSoftwareAntivirussoftware【殺毒軟件】iscoSomemoresophisticatedantivirussoftwareusesheuristicanalysis【啟發(fā)式分析】topotentialmaliciouscode.Antivirussoftwarehassomedrawbacks,suchasitcanimpactacomputer'sperformance.What'smore,asantivirussoftwareitselfusuallyrunsatthehighlytrustedkernelleveloftheoperatingsystem,itcreatesapotentialavenueofattack.AntivirusSoftwareAntivirusSoftwareAntivirusSoftwareComparisonof

variousantivirussoftwaresAntivirusSoftwaresPerformanceCharacteristicAntivirusBilityPopularityRisingFullinterception【全面監(jiān)控】,Quickresponse【快速響應(yīng)】Startoverbeforesystemprogram,Occupyalotofresources☆☆☆☆☆☆NortonTwo-wayfirewall【雙向防火墻】,Heuristictechnology【啟發(fā)式技術(shù)】Comprehensiveinformationsafeguardsystem,Intelligentvirusanalysistechnology,Self-protectiveechanism☆☆☆☆☆☆☆☆☆A(yù)ntivirusSoftwareComparisonoAntivirusSoftwareComparisonof

variousantivirussoftwaresAntivirusSoftwaresPerformanceCharacteristicAntivirusBilityPopularityKasperskyHeuristicanalysis【啟發(fā)式分析】,Antispammechanism【反垃圾機制】Runinbackgroundmode,Requirecomputerwithhighstandardconfiguration☆☆☆☆☆☆☆☆☆☆KingsoftHeuristictechnology,Codeanalysis【代碼分析】Real-timemonitoring,Checkforvirusesoncompressedfile【壓縮文件】☆☆☆☆☆☆☆☆A(yù)ntivirusSoftwareComparisonoAntivirusSoftwareComparisonof

variousantivirussoftwaresAntivirusSoftwaresPerformanceCharacteristicAntivirusBilityPopularity360SecurityFixweaknessesinsystems,Privacyprotection,Cleantraces【清理痕跡】360Trojanfirewall,360heuristicengine,QVMengine☆☆☆☆☆☆☆☆☆A(yù)viraAntiVirAntiVir【病毒防護】,AntiSpyware【間諜軟件防護】,AntiRootkit【惡意軟件防護】,AntiPhishing【鏈接掃描】Easytoinstall,Occupylittleresources,☆☆☆☆☆☆☆☆A(yù)ntivirusSoftwareComparisonoAntivirusSoftwareComparisonof

variousantivirussoftwaresAntivirusSoftwaresPerformanceCharacteristicAntivirusBilityPopularityAVG(Grisoft)EmailScanner【郵件掃描】,Communityprotecti

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論