数学专业英语论文.docx

数学专业英语论文数学专业英语论文 Security of Computer Network System - 课程：数学专业英语 Security of Computer Network System Abstract: This paper discussed the secure and dependable problem about the computer network system. On some aspects: the importance of network security, basic theory, function, and the method of solving a 1 problem, etc. Good views for solving the problem are put forward. It strengthens peoples consciousness on network security. Key words: Computer network Virtual private network Encryption techniques Firewall Introduction: Along with the computer network technology development, the network security and the reliability have become the question of common interest by all users. The people all hoped their own network system can move reliably, not external intruder disturbance and destruction. Therefore solves the network security and the reliable problem carefully, is a guarantee the network normal operations premise and safeguard. First, the importance of the network security. With the informationization developing fast today, the computer network obtained the widespread application, but along with the network information transmission capacity growing faster, some organizations and departments benefit the speedup with the service operation in the network, while, the data has also suffered to extent attack and destruction. The aggressor may intercept the information in the network, steals the users password, the database information; also may tamper with the database content, the forge users status, denies own signature. And what is more, the aggressor may delete the database content, the destroy node, releases computer virus and so on. This cause data security and own benefit have received the serious threat. According to American FBI (US Federal Bureau of Investigation) investigation, the network security creates the economic loss surpasses 17,000,000,000 dollars every year.75% corporation report finance loss is because the computer system security problem creates. More than 50% safe threat come from inside. But only 59% loss could be possible estimate. In China, the economic loss amount in view of financial domain and the bank, negotiable securities computer system security problems creates has reached as high as several hundred million Yuan, also sometimes occurs in view of other profession network security threat. Thus it can be seen, regardless of is the mean attack, or unconscious disoperation, will all be able to bring the inestimable loss to the system. Therefore, the computer network must have the enough strong security measure. Regardless of is in the local area network or in WAN, the network security measure should be Omni-directional in view of each kind of different threat and the vulnerability, so that it can guarantee the network informations secrecy, the integrity and the usability. 2 Second, network security rationale. International Standardization Organization (ISO) once suggested the computer security the definition was: “The computer system must protect its hardware, the data not accidentally or reveals intentionally, the change and the destruction.” In order to help the computer user discrimination and the solution computer network security problem, the American Department of Defense announced “the orange peel book” (orange book, official name is “credible computer system standard appraisal criterion”), has carried on the stipulation to the multiuser computer system security rank division. The orange peel book from low to high divides into the computer security four kinds of seven levels: D1, C1, C2, B1, B2, B3, A1.Above all,D1 level does not have the lowest safety margin rank, C1 and the C2 level has the lowest safety margin rank, B1 and the B2 level has the medium safekeeping of security ability rank, B3 and A1 belongs to the highest security rating. In the network concrete design process, it should act according to each technology standard, the equipment type, the performance requirement as well as the funds which in the network overall plan proposed and so on, the overall evaluation determines one quite reasonably, the performance high network security rank, thus realization network security and reliability. Third, the network security should have function. In order to adapt the information technology development well, the computer network application system must have following function: (1) Access control: Through to the specific webpage, the service establishment access control system, in arrives the overwhelming majority attack impediment in front of the attack goal. (2) Inspects the security loophole: Through to security loophole cyclical inspection, even if attacks may get the attack goal, also may cause the overwhelming majority attack to be invalid. (3) Attack monitoring: Through to specific webpage, service establishment attack monitoring system, but real-time examines the overwhelming majority attack, and adopts the response the motion (for example separation network connection, recording attack process, pursuit attack source and so on). (4) Encryption communication: Encrypts on own initiative the communication, may enable the aggressor to understand, the revision sensitive information. 3 (5) Authentication: The good authentication system may prevent the aggressor pretends the validated user. (6) Backup and restoration: The good backup and restores the mechanism, may causes the losses when the attack, as soon as possible restores the data and the system service. (7) Multi-layered defense: The aggressor after breaks through the first defense line delays or blocks it to reach the attack goal. (8) Sets up the safe monitoring center: Provides the security system management, the monitoring, the protection and the emergency case service for the information system. Fourth, the network system safety comprehensive solution measures. If want to realize the network security function, we should carry on the Omni-directional guarding to the network system, and thus formulate the quite reasonable network security architecture. Below on the network system security problem, proposes some guard measure. Physics safe may divide into two aspects: One is the artificial harm to the network; the other is the network to the users. Most common thing is the constructor who did not understand to the buried cable clearly, thus lead to the destruction of electric cable, this kind of situation may through standing symbolized the sign guards against; Has not used the structurized wiring the network to be able to appear the user frequently to the electric cable damage, this needs to use the structurized wiring to install the network as far as possible; Artificial or natural disaster influence, when to consider the plan. The access control security, the access control distinguishes and confirms the user, limits the user in the already activity and the resources scope which is authorized. The network access control safe may consider from following several aspects. (1) password: The network security system most outer layer defense line is network user's registering, in the registration process, the system would inspect the user to register the name and the password validity, only then the legitimate user can enter the system. (2) The network resources host, the attribute and the visit jurisdiction: The network resources mainly include the resources which shared files, the shared printer, network users and so on, that all the network users can use. The resources were the host to manifest the different user to the resources subordinate relations, such as builder, modifier and group member and so on. The resources attribute expressed itself deposit and withdrawal characteristics, as can read by who, write or the execution and 4 so on. The visit jurisdiction mainly manifests in the user to the network resources available degree in using assigns the network resources to be the host, the attribute and the visit jurisdiction may effectively in the application cascade control network system security. (3) Network security surveillance: The network surveillance is generally called for “the network management”, its function mainly is carries on the dynamic surveillance to the entire network movement and handles each kind of event promptly. May understand simply through the network surveillance discovers and solves in the network security problem, such as the localization network fault point, seizes the IP embezzler, the control network visit scope and so on. (4) Audit and track: Network audit and track which is including the network aspect, resources use, network breakdown and system keeping. It composed generally by two parts: One, the recording event, soon each kind of event entirely records in the document; Two, carries on the analysis and the statistics to the recording, thus discovers the question to be at. The data transmission security, the transmission safety requirements protect the information which is transmitting, prevented passively and encroaches on own initiative. We may take the following measure to the data transmission: (1) Encryption and digital signature: The digital signature which is the data receiver confirms the data transmission truly and unmistakable, it mainly realizes through the encryption algorithm and the confirmation agreement. (2) Firewall: Firewall is a security measure which is widespread use on the Internet, it may establish in different network or between a series of part combination. It can through the monitor, the limit, the change surmounts the firewalls data stream, it examines the information inside and outside as far as possible, so that realizes the network safekeeping of security. (3) User Name/Password Authentication: This authentication is the most commonly used, it uses in the operating system registering, telnet (long-distance registers) rlogin (long-distance registers) and so on, but this kind of authentication way process does not encrypt, namely password is monitored easily and deciphered. (4) Use abstract algorithm authentication: Radius (long-distance digit dialing authentication agreement), OSPF (opening route agreement), SNMP Security Protocol and so on, these all use sharing Security Key (key), in addition the abstract algorithm (MD5) carries on the authentication, but the abstract algorithm 5 is an irreversible process, therefore, in the authentication process, cannot calculate sharing by the abstract information security key, therefore the sensitive information cannot transmit in the network. In the market mainly uses the abstract algorithm mainly has MD5 and SHA-1. (5) Based on PKI authentication: Uses PKI (public key system) to carry on the authentication and the encryption. This method safety rate is high, the synthesis used the abstract algorithm, has encrypted asymmetrically, symmetrical technologies and so on encryption, digital signature, well security and highly effective union. This authentication method applies at present in the email, the application server visit, the customer authentication, the firewall Domains and so on authentication. This kind of authentication method safety rate is very high, but involves to the quite arduous certificate management duty. (6) Hypothesized private network (VPN) technology: The VPN technology mainly provides on the public network the security bidirectional communication uses the transparent decipherment scheme to guarantee the data the integrity and the secrecy. Summary: Generally speaking, the security problem which transmits regarding the computer network, we must have to achieve following points. First, we should strictly limit the system information and the resources which the surfer user visits; this function may through the visit on the server to establish the Net Screen firewall to realize. Second, we should strengthen to the user's status authentication, and we can use RADIUS which is the special-purpose identification authentication server. At the same time, it may realize to manage the users account; On the other hand, uses the encryption in the identification authentication process the method, avoids the user password revelation the possibility. Third, uses the encryption technology in the data transmission process, prevented the data illegal is stolen. One method is uses PGP for Business Security to encrypt to the data. Another method uses the VPN technology which the Net Screen firewall provides.VPN while provides between the net data encryption, also has provided in view of the single plane user's encryption client side software, and namely uses the software encryption the technology to guarantee the data transmission the security. Reference: 1 Cai Wandong, Computer network technology. Xian University press, 1988. 2 Du Feilong, Internet principle and application, people's posts and telecommunications press, 1997. 3 Hu Daoyuan, Information network system integration technology, the Qinghua University press, 1995. 6 4 Yang mingfu, Computer network, electronics industry press, 1998.5. 5 Yuan Baozong, Internet and application, Jilin University press, 2000. 6 Sui Hongjian and so on, Computer network and correspondence, Beijing University press, 1996. 7 Zhou tianming and so on, TCP/IP network theorem and application, Qinghua University press, 1993. 8 Chinese Journal of Computers, 1998-2001. 9 Network newspaper, 1997-2001. 计算机网络安全浅析 摘要：针对计算机网络系统存在的安全性和可靠性问题，本文从网络安全的重要性、理论基础、具备功能以及解决措施等方面提出一些见解，并且进行了详细阐述，以使广大用户在计算机网络方面增强安全防范意识。 7 关键词：计算机网络 虚拟专用网技术 加密技术 防火墙 引言：随着计算机网络技术的发展，网络的安全性和可靠性已成为不同使用层次的用户共同关心的问题。人们都希望自己的网络系统能够更加可靠地运行，不受外来入侵者干扰和破坏。所以解决好网络的安全性和可靠性问题，是保证网络正常运行的前提和保障。 一、网络安全的重要性。在信息化飞速发展的今天，计算机网络得到了广泛应用，但随着网络之间的信息传输量的急剧增长，一些机构和部门在得益于网络加快业务运作的同时，其上网的数据也遭到了不同程度的攻击和破坏。攻击者可以窃听网络上的信息，窃取用户的口令、数据库的信息；还可以篡改数据库内容，伪造用户身份，否认自己的签名。更有甚者，攻击者可以删除数据库内容，摧毁网络节点，释放计算机病毒等等。这致使数据的安全性和自身的利益受到了严重的威胁。 根据美国FBI的调查，美国每年因为网络安全造成的经济损失超过170亿美元。75%的公司报告财政损失是由于计算机系统的安全问题造成的。超过50%的安全威胁来自内部。而仅有59%的损失可以定量估算。在中国，针对银行、证券等金融领域的计算机系统的安全问题所造成的经济损失金额已高达数亿元，针对其他行业的网络安全威胁也时有发生。 由此可见，无论是有意的攻击，还是无意的误操作，都将会给系统带来不可估量的损失。所以，计算机网络必须有足够强的安全措施。无论是在局域网还是在广域网中，网络的安全措施应是能全方位地针对各种不同的威胁和脆弱性，这样才能确保网络信息的保密性、完整性和可用性。 二、网络安全的理论基础。国际标准化组织曾建议计算机安全的定义为：“计算机系统要保护其硬件、数据不被偶然或故意地泄露、更改和破坏。”为了帮助计算机用户区分和解决计算机网络安全问题，美国国防部公布了“桔皮书”，对多用户计算机系统安全级别的划分进行了规定。 桔皮书将计算机安全由低到高分为四类七级：D1、C1、C2、B1、B2、B3、A1。其中D1级是不具备最低安全限度的等级，C1和C2级是具备最低安全限度的等级，B1和B2级是具有中等安全保护能力的等级，B3和A1属于最高安全等级。 在网络的具体设计过程中，应根据网络总体规划中提出的各项技术规范、设备类型、性能要求以及经费等，综合考虑来确定一个比较合理、性能较高的网络安全级别，从而实现网络的安全性和可靠性。 三、网络安全应具备的功能。为了能更好地适应信息技术的发展，计算机网络应用系统必须具备以下功能： 访问控制：通过对特定网段、服务建立的访问控制体系，将绝大多数攻击阻止在到达攻击目标之前。 检查安全漏洞：通过对安全漏洞的周期检查，即使攻击可到达攻击目标，也可使绝大多数攻击无效。 攻击监控：通过对特定网段、服务建立的攻击监控体系，可实时检测出绝大多数攻击，并采取响应的行动。 加密通讯：主动地加密通讯，可使攻击者不能了解、修改敏感信息。 认证：良好的