畢業(yè)設(shè)計(jì)論文外文翻譯

江西理工大學(xué)應(yīng)用科學(xué)學(xué)院畢業(yè)設(shè)計(jì)(論文)外文資料翻譯系：信息工程系專業(yè)：網(wǎng)絡(luò)工程班級(jí)：081姓名：學(xué)號(hào)：附件：1.外文資料翻譯譯文；2.外文原文。指導(dǎo)教師評(píng)語(yǔ)：署名：年月日注：請(qǐng)將該封面與附件裝訂成冊(cè)。附件1外文資料翻譯譯文：\o"淺析"淺析網(wǎng)絡(luò)安全技術(shù)過(guò)去兩個(gè)世紀(jì)中，工業(yè)技術(shù)代表了一個(gè)國(guó)家軍事實(shí)力和經(jīng)濟(jì)實(shí)力。飛速發(fā)展今天，對(duì)信息技術(shù)掌握是在二十一世紀(jì)增強(qiáng)綜合國(guó)力關(guān)鍵。伴隨計(jì)算機(jī)技術(shù)發(fā)展，在計(jì)算機(jī)上處理業(yè)務(wù)已由基于單機(jī)數(shù)學(xué)運(yùn)算、文件處理，基于簡(jiǎn)單連結(jié)內(nèi)部網(wǎng)絡(luò)內(nèi)部業(yè)務(wù)處理、辦公自動(dòng)化等發(fā)展到基于企業(yè)復(fù)雜內(nèi)部網(wǎng)、企業(yè)外部網(wǎng)?、全球互聯(lián)網(wǎng)企業(yè)級(jí)計(jì)算機(jī)處理系統(tǒng)和世界范圍內(nèi)信息共享和業(yè)務(wù)處理。在信息處理能力提升同時(shí)，系統(tǒng)連結(jié)能力也在不停提升。但在連結(jié)信息能力、流通能力提升同時(shí)，基于網(wǎng)絡(luò)連接安全問(wèn)題也日益突出。本文主要從以下幾個(gè)方面進(jìn)行探討：網(wǎng)絡(luò)在開放同時(shí)存在安全問(wèn)題Internet開放性以及其余方面原因造成了網(wǎng)絡(luò)環(huán)境下計(jì)算機(jī)系統(tǒng)存在很多安全問(wèn)題。為了處理這些安全問(wèn)題，各種安全機(jī)制、策略和工具被研究和應(yīng)用。然而，即使在使用了現(xiàn)有安全工具和機(jī)制情況下，網(wǎng)絡(luò)安全依然存在很大隱患，這些安全隱患主要能夠歸結(jié)為以下幾點(diǎn)：安全機(jī)制局限每一個(gè)安全機(jī)制都有一定應(yīng)用范圍和應(yīng)用環(huán)境。防火墻是一個(gè)有效安全工具，它能夠隱蔽內(nèi)部網(wǎng)絡(luò)結(jié)構(gòu)，限制外部網(wǎng)絡(luò)到內(nèi)部網(wǎng)絡(luò)訪問(wèn)。不過(guò)對(duì)于內(nèi)部網(wǎng)絡(luò)之間訪問(wèn)，防火墻往往是無(wú)能為力。所以，對(duì)于內(nèi)部網(wǎng)絡(luò)到內(nèi)部網(wǎng)絡(luò)之間入侵行為和內(nèi)外勾結(jié)入侵行為，防火墻是極難發(fā)覺(jué)和防范。安全管理機(jī)制建立慣用安全管理機(jī)制有：口令管理;各種密鑰生成、分發(fā)與管理;全網(wǎng)統(tǒng)一管理員身份判別與授權(quán);建立全系統(tǒng)安全評(píng)定體系;建立安全審計(jì)制度;建立系統(tǒng)及數(shù)據(jù)備份制度;建立安全事件/安全報(bào)警反應(yīng)機(jī)制和處理預(yù)案;建立專門安全問(wèn)題小組和快速響應(yīng)體系運(yùn)作等。為了增強(qiáng)系統(tǒng)防災(zāi)救災(zāi)能力,還應(yīng)制訂災(zāi)難性事故應(yīng)急計(jì)劃,如緊急行動(dòng)方案,資源(硬件,軟件,數(shù)據(jù)等)備份及操作計(jì)劃,系統(tǒng)恢復(fù)和檢測(cè)方法等。安全工具影響安全工具使用效果受到人為原因影響。一個(gè)安全工具能不能實(shí)現(xiàn)期望效果，在很大程度上取決于使用者，包含系統(tǒng)管理者和普通用戶，不正當(dāng)使用就會(huì)產(chǎn)生不安全原因。比如，NT在進(jìn)行合理設(shè)置后能夠達(dá)成C2級(jí)安全性，但極少有些人能夠?qū)T本身安全策略進(jìn)行合理設(shè)置。即使在這方面，能夠經(jīng)過(guò)靜態(tài)掃描工具來(lái)檢測(cè)系統(tǒng)是否進(jìn)行了合理設(shè)置，不過(guò)這些掃描工具基本上也只是基于一個(gè)缺省系統(tǒng)安全策略進(jìn)行比較，針對(duì)詳細(xì)應(yīng)用環(huán)境和專門應(yīng)用需求就極難判斷設(shè)置正確性。系統(tǒng)在安全方面問(wèn)題系統(tǒng)后門是傳統(tǒng)安全工具難于考慮到地方。防火墻極難考慮到這類安全問(wèn)題，多數(shù)情況下，這類入侵行為能夠堂而皇之經(jīng)過(guò)防火墻而極難被覺(jué)察；比如說(shuō)，眾所周知ASP源碼問(wèn)題，這個(gè)問(wèn)題在IIS服務(wù)器4.0以前一直存在，它是IIS服務(wù)設(shè)計(jì)者留下一個(gè)后門，任何人都能夠使用瀏覽器從網(wǎng)絡(luò)上方便地調(diào)出ASP程序源碼，從而能夠搜集系統(tǒng)信息，進(jìn)而對(duì)系統(tǒng)進(jìn)行攻擊。對(duì)于這類入侵行為，防火墻是無(wú)法覺(jué)察，因?yàn)閷?duì)于防火墻來(lái)說(shuō)，該入侵行為訪問(wèn)過(guò)程和正常Web訪問(wèn)是相同，唯一區(qū)分是入侵訪問(wèn)在請(qǐng)求鏈接中多加了一個(gè)后綴。只要有程序，就可能存在BUG只要有程序，就可能存在BUG。甚至連安全工具本身也可能存在安全漏洞。幾乎天天都有新BUG被發(fā)覺(jué)和公布出來(lái)，程序設(shè)計(jì)者在修改已知BUG同時(shí)又可能使它產(chǎn)生了新BUG。系統(tǒng)BUG經(jīng)常被黑客利用，而且這種攻擊通常不會(huì)產(chǎn)生日志，幾乎無(wú)據(jù)可查。比如說(shuō)現(xiàn)在很多程序都存在內(nèi)存溢出BUG，而安全工具對(duì)于利用這些BUG攻擊幾乎無(wú)法防范。黑客攻擊力度幾乎天天都有不一樣系統(tǒng)安全問(wèn)題出現(xiàn)。黑客攻擊伎倆在不停地更新，而安全工具更新速度遠(yuǎn)遠(yuǎn)落后于攻擊伎倆更新速度，絕大多數(shù)情況需要人為參加才能發(fā)覺(jué)以前未知安全問(wèn)題，這就使得它們對(duì)新出現(xiàn)安全問(wèn)題總是反應(yīng)太慢。當(dāng)安全工具剛發(fā)覺(jué)并努力更正某方面安全問(wèn)題時(shí)，其余安全問(wèn)題又出現(xiàn)了。所以，黑客總是能夠使用先進(jìn)、安全工具無(wú)法發(fā)覺(jué)伎倆進(jìn)行攻擊。網(wǎng)絡(luò)系統(tǒng)漏洞，造成黑客在網(wǎng)上任意暢行依照Warroon?Research調(diào)查，1997年世界排名前一千企業(yè)幾乎都曾被黑客闖進(jìn)。據(jù)美國(guó)FBI統(tǒng)計(jì)，美國(guó)每年因網(wǎng)絡(luò)安全造成損失高達(dá)75億美元。Ernst和Young匯報(bào)，因?yàn)樾畔踩桓`或?yàn)E用，幾乎80%大型企業(yè)遭受損失在最近一次黑客大規(guī)模攻擊行動(dòng)中，雅虎網(wǎng)站網(wǎng)絡(luò)停頓運(yùn)行3小時(shí)，令其損失了幾百萬(wàn)美金交易。而據(jù)統(tǒng)計(jì)在這整個(gè)行動(dòng)中美國(guó)經(jīng)濟(jì)共損失了十多億美金。因?yàn)闃I(yè)界人心惶惶，亞馬遜(A)、AOL、雅虎(Yahoo!)、eBay股價(jià)均告下挫，以科技股為主那斯達(dá)克指數(shù)(Nasdaq)打破過(guò)去連續(xù)三天創(chuàng)下新高升勢(shì)，下挫了六十三點(diǎn)，杜瓊斯工業(yè)平均指數(shù)周三收市時(shí)也跌了二百五十八點(diǎn)?？吹竭@些令人震驚事件，不禁讓人們發(fā)出疑問(wèn)：“網(wǎng)絡(luò)還安全嗎？”據(jù)不完全統(tǒng)計(jì)，現(xiàn)在，我國(guó)網(wǎng)站所受到黑客攻擊，即使還不能與美國(guó)情況相提并論，不過(guò)我國(guó)用戶數(shù)目、用戶規(guī)模已經(jīng)達(dá)成了突飛猛進(jìn)階段，以下事實(shí)也不能不讓我們深思：1993年底，中科院高能所就發(fā)覺(jué)有“黑客”侵入現(xiàn)象，某用戶權(quán)限被升級(jí)為超級(jí)權(quán)限，當(dāng)系統(tǒng)管理員跟蹤時(shí)，被其報(bào)復(fù)。1994年，美國(guó)一位14歲小孩經(jīng)過(guò)互聯(lián)網(wǎng)闖進(jìn)中科院網(wǎng)絡(luò)中心和清華主機(jī)，并向我方系統(tǒng)管理員提出警告。1996年，高能所再次遭到“黑客”入侵，私自在高能所主機(jī)上建立了幾十個(gè)帳戶，經(jīng)追蹤發(fā)覺(jué)是國(guó)內(nèi)某撥號(hào)上網(wǎng)用戶。同期，國(guó)內(nèi)某ISP發(fā)覺(jué)“黑客”侵入其主服務(wù)器并刪改其帳號(hào)管理文件，造成數(shù)百人無(wú)法正常使用。1997年，中科院網(wǎng)絡(luò)中心主頁(yè)面被“黑客”用魔鬼圖替換。進(jìn)入1998年，黑客入侵活動(dòng)日益猖獗，國(guó)內(nèi)各大網(wǎng)絡(luò)幾乎都不一樣程度地遭到黑客攻擊：2月，廣州視聆通被黑客數(shù)次入侵，造成4小時(shí)系統(tǒng)失控；4月，貴州信息港被黑客入侵，主頁(yè)被一幅淫穢圖片替換；5月，大連ChinaNET節(jié)點(diǎn)被入侵，用戶口令被盜；6月，上海熱線被侵入，多臺(tái)服務(wù)器管理員口令被盜，數(shù)百個(gè)用戶和工作人員賬號(hào)和密碼被竊??；7月，江西169網(wǎng)被黑客攻擊，造成該網(wǎng)3天內(nèi)中止網(wǎng)絡(luò)運(yùn)行2次達(dá)30個(gè)小時(shí)，工程驗(yàn)收推遲20天；同期，上海某證券系統(tǒng)被黑客入侵；8月，印尼事件激起中國(guó)黑客集體入侵印尼網(wǎng)點(diǎn)，造成印尼多個(gè)網(wǎng)站癱瘓，但與此同時(shí)，中國(guó)部分站點(diǎn)遭到印尼黑客報(bào)復(fù)；同期，西安某銀行系統(tǒng)被黑客入侵后，提走80.6萬(wàn)元現(xiàn)金。9月，揚(yáng)州某銀行被黑客攻擊，利用虛存帳號(hào)提走26萬(wàn)元現(xiàn)金。10月，福建省圖書館主頁(yè)被黑客替換。6月18歲少年黑客攻擊兩千家網(wǎng)站，只為炫耀水平。5月陜西省地震局網(wǎng)站遭黑客短時(shí)攻擊，并在網(wǎng)站首頁(yè)惡意公布“網(wǎng)站出現(xiàn)重大安全漏洞”虛假信息。9月北大網(wǎng)站遭黑客攻擊，假冒校長(zhǎng)抨擊大學(xué)教育。網(wǎng)絡(luò)安全體系探討現(xiàn)階段為確保網(wǎng)絡(luò)正常工作慣用方法以下：網(wǎng)絡(luò)病毒防范在網(wǎng)絡(luò)環(huán)境下，病毒傳輸擴(kuò)散快，僅用單機(jī)防病毒產(chǎn)品已經(jīng)極難徹底去除網(wǎng)絡(luò)病毒，必須有適合于局域網(wǎng)全方位防病毒產(chǎn)品。校園網(wǎng)絡(luò)是內(nèi)部局域網(wǎng)，就需要一個(gè)基于服務(wù)器操作系統(tǒng)平臺(tái)防病毒軟件和針對(duì)各種桌面操作系統(tǒng)防病毒軟件。假如與互聯(lián)網(wǎng)相連，就需要網(wǎng)關(guān)防病毒軟件，加強(qiáng)上網(wǎng)計(jì)算機(jī)安全。假如在網(wǎng)絡(luò)內(nèi)部使用電子郵件進(jìn)行信息交換，還需要一套基于郵件服務(wù)器平臺(tái)郵件防病毒軟件，識(shí)別出隱藏在電子郵件和附件中病毒。所以最好使用全方位防病毒產(chǎn)品，針對(duì)網(wǎng)絡(luò)中全部可能病毒攻擊點(diǎn)設(shè)置對(duì)應(yīng)防病毒軟件，經(jīng)過(guò)全方位、多層次防病毒系統(tǒng)配置，經(jīng)過(guò)定時(shí)或不定時(shí)自動(dòng)升級(jí)，使網(wǎng)絡(luò)免受病毒侵襲。利用防火墻利用防火墻，在網(wǎng)絡(luò)通訊時(shí)執(zhí)行一個(gè)訪問(wèn)控制尺度，允許防火墻同意訪問(wèn)人與數(shù)據(jù)進(jìn)入自己內(nèi)部網(wǎng)絡(luò)，同時(shí)將不允許用戶與數(shù)據(jù)拒之門外，最大程度地阻止網(wǎng)絡(luò)中黑客來(lái)訪問(wèn)自己網(wǎng)絡(luò)，預(yù)防他們隨意更改、移動(dòng)甚至刪除網(wǎng)絡(luò)上主要信息。防火墻是一個(gè)行之有效且應(yīng)用廣泛網(wǎng)絡(luò)安全機(jī)制，預(yù)防Internet上不安全原因蔓延到局域網(wǎng)內(nèi)部，所以，防火墻是網(wǎng)絡(luò)安全主要一環(huán)。即使防火墻是現(xiàn)在保護(hù)網(wǎng)絡(luò)免遭黑客攻擊有效伎倆，但也有顯著不足：無(wú)法防范經(jīng)過(guò)防火墻以外其它路徑攻擊，不能預(yù)防來(lái)自內(nèi)部變節(jié)者和不經(jīng)心用戶們帶來(lái)威脅，也不能完全預(yù)防傳送已感染病毒軟件或文件，以及無(wú)法防范數(shù)據(jù)驅(qū)動(dòng)型攻擊。采取入侵檢測(cè)系統(tǒng)入侵檢測(cè)技術(shù)是為確保計(jì)算機(jī)系統(tǒng)安全而設(shè)計(jì)與配置一個(gè)能夠及時(shí)發(fā)覺(jué)并匯報(bào)系統(tǒng)中未授權(quán)或異?，F(xiàn)象技術(shù)，是一個(gè)用于檢測(cè)計(jì)算機(jī)網(wǎng)絡(luò)中違反安全策略行為技術(shù)。在入侵檢測(cè)系統(tǒng)中利用審計(jì)統(tǒng)計(jì)，入侵檢測(cè)系統(tǒng)能夠識(shí)別出任何不希望有活動(dòng)，從而達(dá)成限制這些活動(dòng)，以保護(hù)系統(tǒng)安全。在校園網(wǎng)絡(luò)中采取入侵檢測(cè)技術(shù)，最好采取混合入侵檢測(cè)，在網(wǎng)絡(luò)中同時(shí)采取基于網(wǎng)絡(luò)和基于主機(jī)入侵檢測(cè)系統(tǒng)，則會(huì)構(gòu)架成一套完整立體主動(dòng)防御體系。Web、Email、BBS安全監(jiān)測(cè)系統(tǒng)在網(wǎng)絡(luò)www服務(wù)器、Email服務(wù)器等中使用網(wǎng)絡(luò)安全監(jiān)測(cè)系統(tǒng)，實(shí)時(shí)跟蹤、監(jiān)視網(wǎng)絡(luò)，截獲Internet網(wǎng)上傳輸內(nèi)容，并將其還原成完整www、Email、FTP、Telnet應(yīng)用內(nèi)容，建立保留對(duì)應(yīng)統(tǒng)計(jì)數(shù)據(jù)庫(kù)。及時(shí)發(fā)覺(jué)在網(wǎng)絡(luò)上傳輸非法內(nèi)容，及時(shí)向上級(jí)安全網(wǎng)管中心匯報(bào)，采取方法。漏洞掃描系統(tǒng)處理網(wǎng)絡(luò)層安全問(wèn)題，首先要清楚網(wǎng)絡(luò)中存在哪些安全隱患、脆弱點(diǎn)。面對(duì)大型網(wǎng)絡(luò)復(fù)雜性和不停改變情況，僅僅依靠網(wǎng)絡(luò)管理員技術(shù)和經(jīng)驗(yàn)尋找安全漏洞、做出風(fēng)險(xiǎn)評(píng)定，顯然是不現(xiàn)實(shí)。處理方案是，尋找一個(gè)能查找網(wǎng)絡(luò)安全漏洞、評(píng)定并提出修改提議網(wǎng)絡(luò)安全掃描工具，利用優(yōu)化系統(tǒng)配置和打補(bǔ)丁等各種方式最大可能地填補(bǔ)最新安全漏洞和消除安全隱患。在要求安全程度不高情況下，能夠利用各種黑客工具，對(duì)網(wǎng)絡(luò)模擬攻擊從而暴露出網(wǎng)絡(luò)漏洞。IP盜用問(wèn)題處理，在路由器上捆綁IP和MAC地址當(dāng)某個(gè)IP經(jīng)過(guò)路由器訪問(wèn)Internet時(shí)，路由器要檢驗(yàn)發(fā)出這個(gè)IP廣播包工作站MAC是否與路由器上MAC地址表相符，假如相符就放行。不然不允許經(jīng)過(guò)路由器，同時(shí)給發(fā)出這個(gè)IP廣播包工作站返回一個(gè)警告信息。利用網(wǎng)絡(luò)監(jiān)聽維護(hù)子網(wǎng)系統(tǒng)安全對(duì)于網(wǎng)絡(luò)外部入侵能夠經(jīng)過(guò)安裝防火墻來(lái)處理，不過(guò)對(duì)于網(wǎng)絡(luò)內(nèi)部侵襲則無(wú)能為力。在這種情況下，我們能夠采取對(duì)各個(gè)子網(wǎng)做一個(gè)具備一定功效審計(jì)文件，為管理人員分析自己網(wǎng)絡(luò)運(yùn)作狀態(tài)提供依據(jù)。設(shè)計(jì)一個(gè)子網(wǎng)專用監(jiān)聽程序。該軟件主要功效為長(zhǎng)久監(jiān)聽子網(wǎng)絡(luò)內(nèi)計(jì)算機(jī)間相互聯(lián)絡(luò)情況，為系統(tǒng)中各個(gè)服務(wù)器審計(jì)文件提供備份。總之，網(wǎng)絡(luò)安全是一個(gè)系統(tǒng)工程，不能僅僅依靠防火墻等單個(gè)系統(tǒng)，而需要仔細(xì)考慮系統(tǒng)安全需求，并將各種安全技術(shù)，如密碼技術(shù)等結(jié)合在?一起，才能生成一個(gè)高效、通用、安全網(wǎng)絡(luò)系統(tǒng)。我國(guó)信息網(wǎng)絡(luò)安全技術(shù)研究和產(chǎn)品開發(fā)仍處于起步階段，仍有大量工作需要我們?nèi)パ芯俊㈤_發(fā)和探索，以走出有中國(guó)特色產(chǎn)學(xué)研聯(lián)合發(fā)展之路，趕上或超出發(fā)達(dá)國(guó)家水平，以此確保我國(guó)信息網(wǎng)絡(luò)安全，推進(jìn)我國(guó)國(guó)民經(jīng)濟(jì)高速發(fā)展。參考文獻(xiàn)[1]盧開澄：《計(jì)算機(jī)密碼學(xué)—計(jì)算機(jī)網(wǎng)絡(luò)中數(shù)據(jù)預(yù)安全》（清華大學(xué)出版社.1）[2]余建斌：《黑客攻擊伎倆及用戶對(duì)策》（北京人民郵電出版社.6）[3]蔡立軍：《計(jì)算機(jī)網(wǎng)絡(luò)安全技術(shù)》（中國(guó)水利水電出版社.9）[4]鄧文淵、陳惠貞、陳俊榮：《ASP與\o"網(wǎng)絡(luò)"網(wǎng)絡(luò)數(shù)據(jù)庫(kù)\o"技術(shù)"技術(shù)》（中國(guó)鐵道出版社.4）[5]劉遠(yuǎn)生：《計(jì)算機(jī)網(wǎng)絡(luò)安全》（清華大學(xué)出版社.8）[6]袁德明：《計(jì)算機(jī)網(wǎng)絡(luò)安全》（電子工業(yè)出版社.6）外文原文：BriefanalysisnetworksecuritytechnologyInthepasttwocenturies,industrialtechnologyrepresentsacountry'smilitaryandeconomicstrength.Today,therapiddevelopmentofinformationtechnologyinthetwenty-firstcenturyhaveenhancedoverallnationalstrengthofthekey.Withthedevelopmentofcomputertechnologyinthecomputerbusinesshasbeenbasedonasinglemathematicalcomputing,documentprocessing,basedonasimplelinktotheinternalnetworkofinternalbusinessprocesses,suchasofficeautomationtothedevelopmentofenterprisesbasedonthecomplexityoftheintranet,extranet,TheglobalInternetenterprise-classcomputersystemsanddealingwiththeworldofbusinessandinformation-sharingdeal.Intheinformationprocessingcapacity,theabilitytolinkthesystemhasbeenimproved.Butthelinkintheinformationcapacity,theabilitytoimprovecirculationatthesametime,Web-basedconnectionsarealsobecomingmoreprominentsecurityissues.Thisarticlefromthefollowingareastoexplore:First,inanopennetworkatthesametimetherearesecurityissues.Internet'sopennessaswellasotherfactorsledtothenetworkenvironment,thecomputersystemisriddledwithsecurityproblems.Inordertoaddressthesesecurityissues,avarietyofsafetymechanisms,strategiesandtoolsforresearchandapplicationhavebeen.However,evenintheuseofexistingtoolsandmechanismsforsecurity,networksecurityisstillagreatdangerthatthesepotentialsafetyproblemscanbeattributedmainlytothefollowing:thelimitationsofsecurityEachsecuritymechanismmusthavethescopeoftheapplicationandapplicationenvironment.Firewallisaneffectivesecuritytool,whichcanbeconcealedwithinthestructureofthenetworktolimitexternalnetworkaccesstointernalnetworks.Butthevisitbetweentheinternalnetwork,thefirewallisoftenpowerless.Therefore,theinternalnetworktotheinternalnetworkbetweentheinvasionandtheinvasionofcollusion,itisverydifficulttofindafirewallandguardagainst.securitymanagementmechanismCommonsafetymanagementmechanism:themanagementofpasswords;avarietyofkeygeneration,distributionandmanagement;reunificationoftheentirenetworkadministratorauthenticationandauthorization;theestablishmentofasystem-wideassessmentofthesecuritysystem;theestablishmentofthesecurityauditsystem;theestablishmentofsystemsanddataBackupsystem;theestablishmentofsecurityincidents/securityalarmandresponsemechanismtodealwithplans;theestablishmentofspecializedteamsandthesafetyoftheoperationoftherapidresponsesystem,andsoon.Inordertostrengthenthesystemfordisasterpreventionandresponsecapability,butalsotodevelopcontingencyplansforcatastrophicaccidents,suchasanemergencyactionplanresources(hardware,software,data,etc.)tobackupandoperationalplans,systemsandtheresumptionoftestingmethods.theimpactofsecuritytoolsSecuritytoolsbytheeffectsofman-madefactors.Asecuritytooltoachievethedesiredeffect,toalargeextentdependsontheusers,includingsystemadministratorsandordinaryusers,improperusewillgenerateinsecurity.Forexample,NTinareasonablesettingcanbeachievedaftertheC2levelofsecurity,butveryfewpeopleabletoNT'sownsecuritypolicyforsettingreasonable.Inthisregard,though,canstillscanningtooltodetectwhetherthesystemwassetupreasonable,butthescantoolisbasicallyjustasystembasedonadefaultsecuritypolicycomparison,forspecificapplicationenvironmentsandspecializedapplicationsItwillbeverydifficulttojudgethecorrectnessofsettings.systemintheareaofsecurityproblemsThesystemistheback-traditionalsecuritytoolsdifficulttotakeintoaccount.Firewallisdifficulttotakeintoaccountthetypeofsecurityissues,inmostcases,theseintrusionscanlegitimatelythroughthefirewallanddifficulttodetect;Forexample,thewell-knownASPsourceissueintheIISServer4.0hasbeenpreviouslyexist,itisIISservicesofadesignerleftthebackdoor,noonecanusethebrowserfromthenetworktofacilitatethetransferoftheASPprogramsourcecode,whichcancollectinformationsystems,whichattackthesystem.Forthistypeofinvasion,thefirewallcannotbeperceivedasafirewallforexample,theactofinvasionandthenormalcourseofthevisitofthevisitwassimilartotheWeb,theonlydifferenceisthattheinvasionofthevisittolinktherequesttoaddasuffix.AslongasthereareproceduresthatmayexistontheBUGAslongasthereareproceduresthatmayexistontheBUG.Eventhesecuritytoolsalsopossiblesecurityloopholes.AlmosteverydayanewBUGwasfoundandpublished,intheprocesstoamendthedesignerknownforBUGatthesametime,itmayhavehadanewBUG.BUGsystem,hackersoftenuse,andthisattackdoesnotnormallyhavealog,almostnodataareavailable.Forexample,manyprogramstheexistenceofthememoryoverflowBUG,andsafeuseofthesetoolsforBUG'salmostimpossibletoguardagainstattacks.hackingeffortsAlmosteveryday,adifferentsystemsecurityproblems.Meanshackersareconstantlyupdated,andsecuritytoolstoupdatetheratelaggedfarbehindtheattacksmeanstheupdaterate,thevastmajorityofcasespeopleneedtobeabletoparticipateinthediscoveryofpreviouslyunknownsecurityissues,makingtheirimpactonemergingsecurityThequestionisalwaystooslowinresponding.Whenthesecuritytoolstodetectandcorrectjustasafetyissue,othersecurityissueshaveemerged.Asaresult,hackerscanalwaysuseadvancedsecuritytoolscannotfindthemeanstocarryoutattacks.Second,thenetwork'svulnerabilityhasledtoarbitraryhackersontheInternetHangAccordingtotheWarroon?Researchsurvey,in1997theworld'stop1000companieshavebeenalmosthackersbrokeinto.AccordingtoFBIstatisticsoftheUnitedStates,theUnitedStateseachyearasaresultofnetworksecuritycausedbythelossofupto7,500,000,000U.S.dollars.ErnstandYoungreport,duetotheftormisuseofinformationsecurity,almost80%oflargeenterprisessufferedlossesInarecentlarge-scalehackerattacks,theYahooWebsitetostoprunning3hours,sothelossofmillionsofdollarsoftransactions.Accordingtostatistics,andinthiswholeoperation,theU.S.economyhaslostatotalofoveronebillionU.S.dollars.Asthepanicoftheindustry,Amazon(A),AOL,Yahoo(Yahoo!),EBaysharesweredown,technology-dominatedNasdaqstockindex(Nasdaq)overthepastthreeconsecutivedaystobreaktherecordTherally,a63-pointdrop,theDowJonesIndustrialAverageclosedWednesday,alsofell258points.Toseetheseshockingevents,sothatpeoplecannothelpbutissuedadoubt:"Networksecurityhas?"Accordingtoincompletestatistics,atpresent,ourwebsitebythehackers,althoughnotonaparwiththeUnitedStates,China,butthenumberofcustomers,thesizeofusershasreachedthestageofrapidprogress,thefactthatwecannotletfoodforthought:Bytheendof1993,theHighEnergyInstitute,ChineseAcademyofScienceshavefounda"hacker"intrusion,auser'spermissionhasbeenupgradedtoasuper-powers,whenthesystemadministratortotrack,washisrevenge.In1994,theUnitedStates,a14-year-oldchildrenviatheInternetintoChineseAcademyofSciencesNetworkCenterofTsinghuaUniversityandhosttooursystemadministratorwarned.In1996,theHighEnergyInstitutehasonceagainbeena"hacker"invasion,intheprivateHighEnergyInstitutehostsdozensofaccountssetup,thetrackisfoundinadial-upusers.Overthesameperiod,domesticISPfounda"hacker"invasionofitsmainserveranddeletetheaccountofitsdocumentmanagement,resultinginhundredsofpeoplecannotuse.In1997,theChineseAcademyofSciencesToenterin1998,thehackingactivityisontheincrease,almostallmajornetworkshavemetwithvaryingdegreesofhackerattacks:InFebruary,GuangzhouShiLingtonginvasionbyhackersseveraltimes,resultingin4hoursthesystemoutofcontrol;InApril,Guizhouporthacking,hometobereplacedbyanobscenepicture;May,DalianChinaNETnodeinvasion,userpasswordsstolen;InJune,theShanghaihotlinehasbeeninvaded,theserveradministratorpasswordwasstolen,hundredsofcustomersandstaffofthestolenaccountnumberandpassword;July,Jiangxiwas169networkhackerattacks,resultinginthenetwithin3daystorun2ndnetworkinterruptedfor30hours,projectacceptancetopostponefor20days;thesameperiod,theShanghaiSecuritiesofasystemtohacking;August,IndonesianChinesehackerscollectiveeventsamongIndonesia'sinvasionoutlets,resultinginanumberofsitesIndonesiaparalyzed,butatthesametime,ChinawasIndonesia'spartofthesitehackerretaliation;thesameperiod,Xi'an,abankingsystemtohacking,goto806,000yuanincash.September,Yangzhouwasabankhackerattacks,theuseofvirtual-to-depositaccountstotake260,000yuanincash.InOctober,theFujianProvincialLibraryhomepagewasreplacedbyhackers.June18-year-oldjuvenilehackingWebsite,onlytoshowoffthelevel.MayWebsiteinShaanxiBeijingThird,NetworkSecuritySystemAtthisstageinordertoensurenormalworkofthenetworkcommonlyusedmethodisasfollows:networktopreventvirusInthenetworkenvironment,therapidspreadofthevirus,onlystand-aloneanti-virusproductshavebeenverydifficulttocompletelyclearthevirus,network,localareanetworkmustbesuitableforall-roundanti-virusproducts.CampusNetworkistheinternallocalareanetworkrequiresaserver-basedoperatingsystemplatformofanti-virussoftwareandoperatingsystemsforavarietyofdesktopanti-virussoftware.IfconnectedtotheInternetandwillrequirethegatewayanti-virussoftwaretoenhancethesecurityofonlinecomputers.Ifyouusee-mailnetworkfortheexchangeofinformationneededbasedonamailserverplatformfore-mailanti-virussoftware,identifyhiddeninthee-mailandattachmentsforviruses.Therefore,theuseofthebestall-roundanti-virusproductsfornetworksofallpossiblepointsofvirusattacktosetthecorrespondinganti-virussoftwarethroughtheall-round,multi-levelanti-virussystemconfiguration,regularoradhocbasisthroughanautomaticupgrade,sothatNetworkfromviruses.useafirewallTheuseoffirewalls,networkcommunications,whentheimplementationofanaccesscontrolmeasure,agreedwiththefirewalltoallowaccessofpeopletoenterdatawiththeirowninternalnetworkandatthesametimewillnotallowtheuserdataandthedoor,tomaximizethenetworktopreventhackerstoVisittheirnetworks,topreventthemfromchange,orevenmobilenetworktodeleteimportantinformation.Firewallisawell-establishedandwidelyusednetworksecuritymechanismstopreventinsecurityontheInternetspreadtotheinternalLAN,sothatthefirewallisanimportantnetworksecurity.Whilethefirewallistoprotectnetworksfromhackersattackedaneffectivemeans,buttherearelessobvious:outsidethefirewallcannotpreventtheadoptionofothermeansofattack,cannotpreventdefectorsfromwithinandnotattentivetothethreatposedbytheuser,Cannotcompletelypreventthetransmissionofthevirushasinfectedsoftwareorfiles,andcannotpreventdata-drivenattacks.IntrusionDetectionSystemIntrusionDetectionTechnologyistoguaranteethesecurityofcomputersystemsdesignedandconfiguredinatimelymannertoasystemtodetectandreportunauthorizedorunusualtechnology,isacomputernetworkfordetectingviolationsofsecuritypolicyintheactoftechnology.IntrusionDetectionSystemintheuseofauditrecords,intrusiondetectionsystemtoidentifyanyhopethatsomeactivitiesinordertolimitthereachoftheseactivitiesinordertoprotectthesecurityofthesystem.Onthecampusnetworkusingintrusiondetectiontechnology,thebesthybridintrusiondetection,atthesametimeinthenetwork-basednetworkandhost-basedintrusiondetectionsystemwillbeacompletethree-dimensionalframeworkintotheactivedefensesystem.Web,Email,BBSsafetymonitoringsystemWwwinthenetworkserver,Emailserver,suchastheuseofnetworksecuritymonitoringsystem,real-timetrackingandsurveillancenetworks,interceptedon-lineInternettransmission,andrestoretheintegrityofthewww,Email,FTP,Telnetapplication,setuptopreservethecorrespondingThedatabaserecords.Foundinatimelymanneronthenetworktransmissionofillegalcontent,thehigherthesecuritynetworkinatimelymannertothecenterofthereportandtakemeasures.vulnerabilityscanningsystemNetworklayertoaddresssecurityissues,firstofalltomakeitclearwhatnetworksecurity,vulnerabilitypoints.Inthefaceoflarge-scalenetworkcomplexityandchangingcircumstances,onlynetworkadministratorsrelyontheskillsandexperiencetofindsecurityholes,makingariskassessmentisunrealistic.Solutionistofindanetworktofindvulnerabilities,andtosuggestamendmentstotheassessmentofnetworksecurityscanningtoolstooptimizetheuseofthesystemconfigurationandpatchinginvariousways,suchasthemostlikelytomakeupforthelatestsecurityloopholesandeliminatehiddendangers.Inthelowlevelofsecurityrequirements,usingavarietyofhackertools,networksimulationinordertoattackexposedthevulnerabilityofthenetwork.IPtheftproblemintherouter'sIPandMACaddressbindingWhenanIProuter,accessthroughtheInternet,theroutercheckssenttotheIPpacketradiostationoftheMACwiththeMACaddressoftherouteronthetableinlinewith,ifreleasedonline.Otherwisenotallowed