對(duì)信息安全問(wèn)題的探討

對(duì)信息安全問(wèn)題的探討Theinformationsecurityproblems提要：當(dāng)今世界已進(jìn)入了信息化時(shí)代，信息化和信息產(chǎn)業(yè)發(fā)展水平已成為衡量一個(gè)國(guó)家綜合國(guó)力的重要標(biāo)準(zhǔn)。黨的十七大明確提出了一條“以信息化帶動(dòng)工業(yè)化，以工業(yè)化促進(jìn)信息化”的具有中國(guó)特色的信息化道路。信息資源隨之成為社會(huì)資源的重要組成部分，但由于信息資源不同于其他資源的特殊性質(zhì)，如何保證信息的安全性和保密性成為我國(guó)信息化建設(shè)過(guò)程中需要解決的重要題。Abstract:intoday'sworldhasenteredtheinformationage,informationtechnologyandinformationindustrydevelopmentlevelhasbecometheimportantmeasureofanationalcomprehensivenationalstrength.Theparty'scongressexplicitlyputforwarda"informationizationtodriveindustrializationandindustrializationpromotesinformatization"informatizationroadwithChinesecharacteristics.Informationresourcesthenbecomeanimportantpartofsocialresources,butduetothespecialnatureofinformationresourcesaredifferentfromotherresources,howtoensurethesecurityandprivacyofinformationhasbecomeanimportantproblemneedtobesolvedintheprocessofinformatizationconstructioninChina.關(guān)鍵詞：信息化；信息資源；信息安全Keywords:informationtechnology;Informationresources;Informationsecurity一、 信息化的內(nèi)涵、信息資源的性質(zhì)及信息的安全問(wèn)題。Thenatureofthea,theconnotationofinformatization,informationresourcesandinformationsecurityissues.“信息化”一詞最早是由日本學(xué)者于20世紀(jì)六十年代末提出來(lái)的。經(jīng)過(guò)40多年的發(fā)展，信息化已成為各國(guó)社會(huì)發(fā)展的主題。Theword"information"wasfirstbytheJapanesescholarsinthelate60softhe20thcentury.After40yearsofdevelopment,theinformationizationhasbecomethethemeofsocialdevelopment.信息作為一種特殊資源與其他資源相比具有其特殊的性質(zhì)，主要表現(xiàn)在知識(shí)性、中介性、可轉(zhuǎn)化性、可再生性和無(wú)限應(yīng)用性。由于其特殊性質(zhì)造成信息資源存在可能被篡改、偽造、竊取以及截取等安全隱患，造成信息的丟失、泄密，甚至造成病毒的傳播，從而導(dǎo)致信息系統(tǒng)的不安全性，給國(guó)家的信息化建設(shè)帶來(lái)不利影響。因此，如何保證信息安全成為亟須解決的重要問(wèn)題。Informationasakindofspecialresourcescomparedwithotherresourceshasitsspecialproperties,mainshowisinknowledge,intermediary,conversion,renewableandunlimitedapplicability.Informationresourcesduetoitsspecialnaturetheremayhavebeentamperedwith,forge,stealandinterceptionofsafehiddentrouble,causeinformationloss,leaks,evencausethespreadofthevirus,leadingtoinformationsystemsecurity,detrimentaltothestateofinformatizationconstruction.Therefore,howtoguaranteeinformationsecurityhasbecomeanimportantproblembesolved.信息安全包括以下內(nèi)容：真實(shí)性，保證信息的來(lái)源真實(shí)可靠；機(jī)密性，信息即使被截獲也無(wú)法理解其內(nèi)容；完整性，信息的內(nèi)容不會(huì)被篡改或破壞；可用性，能夠按照用戶需要提供可用信息；可控性，對(duì)信息的傳播及內(nèi)容具有控制能力；不可抵賴性，用戶對(duì)其行為不能進(jìn)行否認(rèn)；可審查性，對(duì)出現(xiàn)的網(wǎng)絡(luò)安全問(wèn)題提供調(diào)查的依據(jù)和手段。與傳統(tǒng)的安全問(wèn)題相比，基于網(wǎng)絡(luò)的信息安全有一些新的特點(diǎn)：Informationsecurityincludesthefollowingcontent:authenticity,ensurethatthesourceoftheinformationaretrueandcorrect;Confidentialityofinformationevenhijackedcannotunderstanditscontent;Integrity,thecontentoftheinformationwillnotbetamperedwithordamaged;Availability,canaccordingtouserneedstoprovideavailableinformation;Controllabilityofthespreadofinformationandcontenthasthecontrol;Non-repudiation,userbehaviorcannotbedenied;Toreview,providingthebasisoftheinvestigationtothenetworksecurityproblemandmeans.Comparedwiththetraditionalsecurityproblems,somenewcharacteristics:basedonthenetworkinformationsecurity一是由于信息基礎(chǔ)設(shè)施的固有特點(diǎn)導(dǎo)致的信息安全的脆弱性。由于因特網(wǎng)與生俱來(lái)的開(kāi)放性特點(diǎn)，從網(wǎng)絡(luò)架到協(xié)議以及操作系統(tǒng)等都具有開(kāi)放性的特點(diǎn)，通過(guò)網(wǎng)絡(luò)主體之間的聯(lián)系是匿名的、開(kāi)放的，而不是封閉的、保密的。這種先天的技術(shù)弱點(diǎn)導(dǎo)致網(wǎng)絡(luò)易受攻擊。Oneisduetotheintrinsiccharacteristicsoftheinformationinfrastructureofinformationsecurityvulnerability.CharacteristicsduetotheinherentopennessoftheInternet,fromthenetworktotheagreementandtheoperatingsystemandsoonallhasthecharacteristicsofopenness,throughthenetworkandtheconnectionbetweenthemainbodyisanonymous,open,notclosed,confidential.Theinnatetechnicalweaknessesinnetworkvulnerabletoattack.二是信息安全問(wèn)題的易擴(kuò)散性。信息安全問(wèn)題會(huì)隨著信息網(wǎng)絡(luò)基礎(chǔ)設(shè)施的建設(shè)與因特網(wǎng)的普及而迅速擴(kuò)大。由于因特網(wǎng)的龐大系統(tǒng)，造成了病毒極易滋生和傳播，從而導(dǎo)致信息危害。Itistoeasydiffusivityintheinformationsecurityproblem.InformationsecurityproblemswiththeinformationnetworkinfrastructureconstructionandthepopularizationoftheInternetandisexpandingfast.DuetothehugesystemofInternet,easytobreedandspreadthevirus,leadingtoinformation.三是信息安全中的智能性、隱蔽性特點(diǎn)。傳統(tǒng)的安全問(wèn)題更多的是使用物理手段造成的破壞行為，而網(wǎng)絡(luò)環(huán)境下的安全問(wèn)題常常表現(xiàn)為一種技術(shù)對(duì)抗，對(duì)信息的破壞、竊取等都是通過(guò)技術(shù)手段實(shí)現(xiàn)的。而且這樣的破壞甚至攻擊也是“無(wú)形”的，不受時(shí)間和地點(diǎn)的約束，犯罪行為實(shí)施后對(duì)機(jī)器硬件的信息載體可以不受任何損失，甚至不留任何痕跡，給偵破和定罪帶來(lái)困難。Threeisintelligent,characteristicsofconcealmentofinformationsecurity.Traditionalsecurityissuesmoredamagebehavior,istheuseofphysicalmethodandunderthenetworkenvironmentsafetyisoftenseenasakindoftechnology,tothedestructionoftheinformation,stealing,etc.Throughtechnicalmeans.Andsuchdestructionevenattackis"invisible",notboundbytimeandplace,crimeafterimplementationofmachinehardwareinformationcarrierisprotectedfromanyloss,evenwithoutleavinganytrace,tosolvedifficultandconviction.信息安全威脅主要來(lái)源于自然災(zāi)害、意外事故；計(jì)算機(jī)犯罪；人為錯(cuò)誤，比如使用不當(dāng)，安全意識(shí)差等；“黑客”行為；內(nèi)部泄密；外部泄密；信息丟失；電子諜報(bào)，比如信息流量分析、信息竊取等；信息戰(zhàn)；網(wǎng)絡(luò)協(xié)議自身缺陷，等等。Informationsecuritythreatsmainlycomesfromnaturaldisasters,accidents;Computercrime;Humanerror,suchasimproperuse,poorsafetyawareness;"Hackers"behavior;Internalleaks;Externalleaks;Lossofinformation;Electronicespionage,suchasinformationflowanalysis,informationtheft,etc.;Informationwarfare;Networkprotocolitselfdefects,andsoon.二、 我國(guó)信息化中的信息安全問(wèn)題theinformationsecurityproblemofinformatizationinourcountry.近年來(lái)，隨著國(guó)家宏觀管理和支持力度的加強(qiáng)、信息安全技術(shù)產(chǎn)業(yè)化工作的繼續(xù)進(jìn)行、對(duì)國(guó)際信息安全事務(wù)的積極參與以及關(guān)于信息安全的法律建設(shè)環(huán)境日益完善等因素，我國(guó)在信息安全管理上的進(jìn)展是迅速的。但是，由于我國(guó)的信息化建設(shè)起步較晚，相關(guān)體系不完善，法律法規(guī)不健全等諸多因素，我國(guó)的信息化仍然存在不安全問(wèn)題。Inrecentyears,withthestrengtheningofnationalmacromanagementandsupport,informationsecuritytechnology//industrializationtocontinueworking,toactivelyparticipateintheinternationalinformationsecurityaffairs,andabouttheinformationsecurityofenvironmentalfactorssuchasincreasinglyperfectinglegalconstruction,progressininformationsecuritymanagementinChinaisrapid.But,becauseoftheinformationizationconstructionofourcountrystartslate,therelevantsystemisnotperfect,lawsandregulationsisnotsoundandsoonmanyfactors,ourcountry'sinformatizationstillunsafeproblems.1、 信息與網(wǎng)絡(luò)安全的防護(hù)能力較弱。我國(guó)的信息化建設(shè)發(fā)展迅速，各個(gè)企業(yè)紛紛設(shè)立自己的網(wǎng)站，特別是“政府上網(wǎng)工程”全面啟動(dòng)后，各級(jí)政府已陸續(xù)設(shè)立了自己的網(wǎng)站，但是由于許多網(wǎng)站沒(méi)有防火墻設(shè)備、安全審計(jì)系統(tǒng)、入侵監(jiān)測(cè)系統(tǒng)等防護(hù)設(shè)備，整個(gè)系統(tǒng)存在著相當(dāng)大的信息安全隱患。美國(guó)互聯(lián)網(wǎng)安全公司賽門(mén)鐵克公司2007年發(fā)表的報(bào)告稱(chēng)，在網(wǎng)絡(luò)黑客攻擊的國(guó)家中，中國(guó)是最大的受害國(guó)。Informationandnetworksecurityprotectionabilityisweak.Theinformationizationconstructionofourcountryisdevelopingrapidly,variouscompaniessetuptheirownwebsites,especiallyafter"governmentwebproject"comprehensivestart,governmentsatalllevelshavebeensetuptheirownwebsites,butduetomanywebsiteswithoutfirewallequipment,securityaudit,intrusionmonitoringsystemandotherprotectiveequipment,theentiresystemthereisaconsiderableinformationsecurityhiddendanger.UsInternetsecuritycompanysymanteccorporationin2007,accordingtoareportpublishedinthenetworkhackerattacksofthecountries,Chinaisthebiggestvictim.2、 對(duì)引進(jìn)的國(guó)外設(shè)備和軟件缺乏有效的管理和技術(shù)改造。由于我國(guó)信息技術(shù)水平的限制，很多單位和部門(mén)直接引進(jìn)國(guó)外的信息設(shè)備，并不對(duì)其進(jìn)行必要的監(jiān)測(cè)和改造，從而給他人入侵系統(tǒng)或監(jiān)聽(tīng)信息等非法操作提供了可乘之機(jī)。Theintroductionofforeignequipmentandsoftwareislackofeffectivemanagementandtechnicalinnovation.BecauseofthelimitationofChina'sinformationtechnologyleveldirectlyimportedmanyunitsanddepartmentsofinformationequipment,isnotnecessarytomonitorandtransformation,togiveotherstoinvadeorillegaloperationsuchasmonitoringinformationsystemprovidesachinkinthewall.3、我國(guó)基礎(chǔ)信息產(chǎn)業(yè)薄弱，核心技術(shù)嚴(yán)重依賴國(guó)外，缺乏自主創(chuàng)新產(chǎn)品，尤其是信息安全產(chǎn)品。我國(guó)信息網(wǎng)絡(luò)所使用的網(wǎng)管設(shè)備和軟件基本上來(lái)自國(guó)外，這使我國(guó)的網(wǎng)絡(luò)安全性能大大減弱，被認(rèn)為是易窺視和易打擊的“玻璃網(wǎng)”。由于缺乏自主技術(shù)，我國(guó)的網(wǎng)絡(luò)處于被竊聽(tīng)、干擾、監(jiān)視和欺詐等多種信息安全威脅中，網(wǎng)絡(luò)安全處于極脆弱的狀態(tài)。Weakfoundationoftheinformationindustryinourcountry,thecoretechnologyreliesheavilyonforeigncountries,thelackofindependentinnovationproducts,particularlyintheinformationsecurityproducts.China'sinformationnetworknetworkequipmentandsoftwareusedbybasicallyfromabroad,whichmadeourcountrynetworksecurityperformancegreatlyreduced,isconsideredtobeeasytopeepandhittheglassnetwork.Duetolackoftechnology,China'snetworkismonitoredbyeavesdropping,interference,andfraud,andotherinformationsecuritythreatsinnetworksecurityisinastateofextremelyfragile.4、信息犯罪在我國(guó)有快速發(fā)展趨勢(shì)。除了境外黑客對(duì)我國(guó)信息網(wǎng)絡(luò)進(jìn)行攻擊，國(guó)內(nèi)也有部分人利用系統(tǒng)漏洞進(jìn)行網(wǎng)絡(luò)犯罪，例如傳播病毒、竊取他人網(wǎng)絡(luò)銀行賬號(hào)密碼等。Informationcrimeinourcountryhasarapiddevelopmenttrend.Inadditiontooutsidethehackerattacksoninformationnetworksinourcountry,thedomesticsomepeoplealsousesystemvulnerabilitytocybercrime,suchastransmission,stealothersonlinebankaccountpasswords,etc.5、在研究開(kāi)發(fā)、產(chǎn)業(yè)發(fā)展、人才培養(yǎng)、隊(duì)伍建設(shè)等方面與迅速發(fā)展的形勢(shì)極不適應(yīng)。Inresearchanddevelopment,industrydevelopment,personneltraining,teambuilding,etc,andishighlyadaptedtothesituationofrapiddevelopment.造成以上問(wèn)題的相關(guān)因素在于：首先，我國(guó)的經(jīng)濟(jì)基礎(chǔ)薄弱，在信息產(chǎn)業(yè)上的投入還是不足，尤其是在核心和關(guān)鍵技術(shù)及安全產(chǎn)品的開(kāi)發(fā)生產(chǎn)上缺乏有力的資金支持和自主創(chuàng)新意識(shí)。其次，全民信息安全意識(shí)淡薄，警惕性不高。大多數(shù)計(jì)算機(jī)用戶都曾被病毒感染過(guò)，并且病毒的重復(fù)感染率相當(dāng)高。Causedaboveproblemrelatedfactorsliesin:first,weakeconomicfoundation,inourcountryininformationindustryinvestmentisinsufficient,especiallyinthecoreandthekeytechnologyandsecurityproductdevelopmentandproductionofthelackofstrongfinancialsupportandinnovationconsciousness.Second,thenationalinformationsecurityconsciousness,vigilanceisnothigh.Mostcomputerusershavebeenvirusinfection,andrepeatedvirusinfectionrateisquitehigh.除此之外，我國(guó)目前信息技術(shù)領(lǐng)域的不安全局面，也與西方發(fā)達(dá)國(guó)家對(duì)我國(guó)的技術(shù)輸出進(jìn)行控制有關(guān)。Inaddition,atpresentsafetysituationinthefieldofinformationtechnologyinourcountry,alsowiththewesterndevelopedcountriesforthetechnologytocontroltheoutputofourcountry.三、相關(guān)解決措施therelatedsolutionmeasures.針對(duì)我國(guó)信息安全存在的問(wèn)題，要實(shí)現(xiàn)信息安全不但要靠先進(jìn)的技術(shù)，還要有嚴(yán)格的法律法規(guī)和信息安全教育。Inviewoftheproblemofinformationsecurityinourcountry,torealizeinformationsecuritynotonlydependsonadvancedtechnology,butalsohavestrictlaws,regulationsandinformationsecurityeducation.1、加強(qiáng)全民信息安全教育，提高警惕性。從小做起，從己做起，有效利用各種信息安全防護(hù)設(shè)備，保證個(gè)人的信息安全，提高整個(gè)系統(tǒng)的安全防護(hù)能力，從而促進(jìn)整個(gè)系統(tǒng)的信息安全。Strengthennationalinformationsecurityeducation,improvethevigilance.Startsmall,startsfromoneself,effectiveuseofallkindsofinformationsecurityprotectionequipment,ensurepersonalinformationsecurity,improvethewholesystemsafetyprotectionability,toenhancetheinformationsecurityofthewholesystem.2、 發(fā)展有自主知識(shí)產(chǎn)權(quán)的信息安全產(chǎn)業(yè)，加大信息產(chǎn)業(yè)投入。增強(qiáng)自主創(chuàng)新意識(shí)，加大核心技術(shù)的研發(fā)，尤其是信息安全產(chǎn)品，減小對(duì)國(guó)外產(chǎn)品的依賴程度。Developmentwithindependentintellectualpropertyrightsininformationsecurityindustry,increaseinvestmentininformationindustry.Strengthentheconsciousnessofindependentinnovation,increasethecoretechnologyresearchanddevelopment,especiallytheinformationsecurityproduct,reducethedegreeofdependenceonforeignproducts.3、 創(chuàng)造良好的信息化安全支撐環(huán)境。完善我國(guó)信息安全的法規(guī)體系，制定相關(guān)的法律法規(guī)，例如信息安全法、數(shù)字簽名法、電子信息犯罪法、電子信息出版法、電子信息知識(shí)產(chǎn)權(quán)保護(hù)法、電子信息個(gè)人隱私法、電子信息進(jìn)出境法等，加大對(duì)網(wǎng)絡(luò)犯罪和信息犯罪的打擊力度，對(duì)其進(jìn)行嚴(yán)厲的懲處。Creatinggoodinformationsecuritysupportenvironment.Consummatesourcountryinformationsecuritysystemoflawsandregulations,formulaterelevantlawsandregulations,suchasinformationsecurity,digitalsignatures,electronicinformationlaws,electronicpublicationslawofintellectualpropertyprotection,electronicinformation,electronicinformationprivacy,inboundandoutboundmeansofelectronicinformation,suchasincreaseofnetworkcrimeandcrimecrackdown,informationontheseverepunishment.4、 高度重視信息安全基礎(chǔ)研究和人才的培養(yǎng)。為了在高技術(shù)環(huán)境下發(fā)展自主知識(shí)產(chǎn)權(quán)的信息安全產(chǎn)業(yè)，應(yīng)大力培養(yǎng)信息安全專(zhuān)業(yè)人才，建立信息安全人才培養(yǎng)體系。Attachesgreatimportancetobasicresearchandtalentcultivationofinformationsecurity.Inordertodevelopindependentintellectualpropertyrightsinhigh-techenvironmentofinformationsecurityindustry,shouldvigorouslydevelopinformationsecurityprofessionals,setupinformationsecuritypersonneltrainingsystem.5、 加強(qiáng)國(guó)際防范，創(chuàng)造良好的安全外部環(huán)境。由于網(wǎng)絡(luò)與生俱有的開(kāi)放性、交互性和分散性等特征，產(chǎn)生了許多安全問(wèn)題，要保證信息安