版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報或認(rèn)領(lǐng)
文檔簡介
1、 外文資料及中文譯文院系名稱 信息科學(xué)與技術(shù)學(xué)院 學(xué)生姓名 學(xué)生學(xué)號 _ 200503013098 專業(yè)班級 _ 計科03- 7 指導(dǎo)教師 外文資料出處:計算機世界報 第03期 c20a lan may be created based on a peering or a client-server. small lans are of ten created based on a simple peering relationship. users may share resources and communicate with one another on a peer network,
2、but no single computer controls a peer network, and peer network users do not typically centralize files on one machine. as a rule, peer networks tend to lack organization and adequate security controls.the client-server architecture is usually used for sever controls network access and network reso
3、urces. clients request resources from the server, and the server provides resources to clients. servers may range in complexity from mainframes to pcs. clients may range in complexity from pcs to display to terminals (dts). client-server networks provide strong central security, centralized file org
4、anization and storage, and centralized data preservation. compared to a peer network, a client-server network requires more centralized and specialized administration.along with the rapid scientific and technological development, computer use in production as a proportion growing, increasingly play
5、a decisive role in the ministry, the office has computers, greatly facilitate the departments work, another demand gradually reveal themselves. that is the single transmission of information between. computer networks should be established as soon as possible on the agenda. establish computer networ
6、ks main purpose is to realize a resource sharing that all network users can enjoy the computer systems of all or part of the resources.lan are currently used to broadcast the technical basis for ethernet, any two nodes of communication between the data packet is not only these two nodes by the card
7、receipt, were also at the same ethernet to the nodes of a network card by the interception, as long as hackers access to the ethernet nodes for an interception, can capture the ethernet in the data packet and all its packet analysis solution, thereby stealing critical information, this is the ethern
8、et inherent security risks. in fact, many on the internet free of the hacking tools are put ethernet interception as the most fundamental means. a firewall is a network device that enforces security policy for network traffic. the term originates from firewall, a fireproof wall used as a barrier to
9、prevent the spread of fire. an internet firewall creates a barrier between separate networks by imposing a point of control that traffic needs to pass before it can reach a different network. a firewall may limit the exposure of hosts to malicious network traffic, e.g., remote adversaries attempting
10、 to exploit security holes in vulnerable applications, by preventing certain packets from entering networks protected by the firewall.when inspecting a network packet, a firewall decides if it should drop or forward the packet. the decision is based on a firewalls security policy and its internal st
11、ate. before forwarding a packet, a firewall may modify the packets content. packet inspection may occur at several different layers: (1)the link layer provides physical addressing of devices on the same network. firewalls operating on the link layer usually drop packets based on the media access con
12、trol (mac) addresses of communicating hosts. (2)the network layer contains the internet protocol (ip) headers that support addressing across networks so that hosts not on the same physical network can communicate with each other. (3)the transport layer provides data flows between hosts. on the inter
13、net, the transmission control protocol (tcp) and the user datagram protocol (udp) are used for this purpose. most firewalls operate at the network and transport layer. tcp provides reliable data flow between hosts. udp is a much simpler but unreliable transport protocol. (4)the application layer con
14、tains application specific protocols like the hypertext transfer protocol (http). inspection of application specific protocols can be computationally expensive because more data needs to be inspected and more states are required. a firewall is a piece of software or hardware that helps screen out ha
15、ckers, viruses, and worms that try to reach your computer over the internet. if you are a home user or small-business user, using a firewall is the most effective and important first step you can take to help protect your computer. it is important to have a firewall and antivirus software turned on
16、before you connect to the internet. if your computer is not protected when you connect to the internet, hackers can gain access to personal information on your computer. they can install code on your computer that destroys files or causes malfunctions. they can also use your computer to cause proble
17、ms on other home and business computers connected to the internet. a firewall helps to screen out many kinds of malicious internet traffic before it reaches your system. some firewalls can also help to prevent other people from using your computer to attack other computers without your knowledge. us
18、ing a firewall is important no matter how you connect to the internet dial-up modem, cable modem, or digital subscriber line (dsl or adsl). the firewall product main bastion of the mainframe, packet-filtering router, application layer gateway (proxy), and circuit gateway, shielding mainframe firewal
19、ls, and other mainframe-type places. although the firewall is to protect the network from hacker attacks effective means, but there are clearly inadequate: unable to prevent outside the firewall through other means of attack, not prevent defection from within and not attentive to the customers who b
20、rought the threat, able to completely prevent transmission of the virus has infected software or documents, and can not prevent data-driven attacks. since 1986 digital companies in the united states to install the internet world, a commercial fire wall system, the concept of a firewall after firewal
21、l technology has made rapid development. dozens of domestic and foreign companies launched the function of the firewall is not the same product range. 5 firewall at the network layer security system at the bottom of belonging to the network layer security technology areas. in this layer, the busines
22、s-to-security system raised of the question: whether all the ip can visit to the enterprises internal network? if the answer is yes, is illustrated in internal network has no network layer take preventive measures. as the internal network and external public network between the first barrier firewal
23、l is the first by the peoples attention to the network security products in one. although theoretically, firewall network security at the bottom, the network responsible for the security authentication and transmission, but with network security technology development and application of the network
24、changes, modern technology has gradually firewall to the network layer other than the safety level, not only to complete the traditional firewall filtering tasks, but also for the various networks to provide the corresponding security services. in addition there is many other firewall products are m
25、oving towards data security and user authentication, anti-virus and hacker intrusion direction. smes in the specific network environment, in addition to hiv and the birthright of transmissibility, enforceability, and conventional destructive virus in common, but also have some other features: 1. fas
26、ter rate of infection the spread of the virus must be some means for the complete closure of the single case; the virus is not from one computer to another computer transmission of. but the simple enterprise network environment, the spread of the virus can fully use the media, simple and rapid adopt
27、ion of the internal network, the virus can spread rapidly, for example: common in the 100 m office network, as long as one is exposed workstations, can be in the tens of seconds to the same network of several hundred computers infected all. 2. wide spread infection of a particular lan client taiwan,
28、 and the client can also further infection of other network client (including servers) infected with the virus and the client can further infection more client (including a computer outside the lan) so many cross-infection, the virus spread in the network, in addition to speed, its spread is quite a
29、mazing. 3. dissemination in the form of complex and diverse network forms of transmission of the virus before we have already done a presentation here would not elaborate on the but with computer viruses innovation, i believe there will be even more we can not predict the form of dissemination. 4. d
30、ifficult to eradicate single of computer viruses can sometimes through anti-virus and virus deleted documents to resolve. if that does not work, such as low-level disk formatting can measure the complete removal of the virus. network, as long as they have a workstation could not cleanse, the whole n
31、etwork can be re-infected with the virus, have just completed a work of the anti-virus workstations, it may be another virus internet workstations are infected. therefore, to deal with the single form of anti-virus, the lan will be more pronounced, felt helpless. 5. devastating smes office network i
32、s mainly for enterprise services. virus attacks, the network will not only affect their normal work, and even more frightening is that it would collapse the network, damage to the computer network, so that work was ruined. 6. sexual sparks it can be described as the hidden nature of the virus on the
33、 network extension, the network conditions for the virus to stimulate the diversification, it is the internal clock, the date and user name, it can also be a network of communication and so on. an hiv virus in accordance with the procedures designers, at the request of a workstation outbreak and spr
34、ead to the entire network. 7. potential in the network, once infected with the virus, even if the virus has been eliminated, the potential danger is enormous. according to the companys network statistics, the virus has been removed, 85% of the 30 days will be re-infection. enterprises still using si
35、ngle version of anti-virus software virus defense at the same time, virus has in various forms through the lan to spread quickly, and they attacked the client, server, and gateway, almost all pervasive. it is not exaggerating to say, we can easily make the entire lan gridlock, should we really have
36、to sit until death?although the prospect of using virus technology to simplify the task of delivering patches and software updates is tempting, the dangers can outweigh the benefits when the process is too automated. for example, the improved windows update feature in windows xp now allows patches a
37、nd updates to be downloaded automatically, although installation is still at the users discretion. trojan horses, worms, and other malicious code forms have proven to be incredibly successful at paralyzing e-mail systems and internet providers. it is therefore only logical to conceive of ways to use
38、 them for productive purposes, much as the bible exhorts its readers to beat their swords into plowshares and their spears into pruning hooks. granted, it would be wonderful if it administrators could distribute patches and software updates to desktops and servers as quickly as an e-mail virus can s
39、pread from one machine to the next. but is such a magic wand really a good idea? well, maybe not exactly. after all, unlike the human immune system, which produces defenses, or antibodies, automatically, the computer must wait for a human to analyze samples of a computer virus, prepare antidotes and
40、 vaccines for that specific situation, and only then apply the cure. this observation alone would seem to discredit the idea of a “digital immune system” that the security community has tossed around during the past few years, but theres an even more important point to consider. similar to the way t
41、hat autoimmune diseases turn the body s own defenses against itself, so could one turn a viruslike software delivery system against its own computers. although it would be difficult to monkey with the digital certificates that would conceivably be used to identify trusted patches, its not impossible
42、 to subvert the certificate issuing system.viruses, worms, and trojan horses are programs created by hackers that use the internet to infect vulnerable computers. viruses and worms can replicate themselves from computer to computer, while trojan horses enter a computer by hiding inside an apparently
43、 legitimate program, such as a screen saver. destructive viruses, worms, and trojan horses can erase information from your hard disk or completely disable your computer. others dont cause direct damage, but worsen your computers performance and stability.antivirus programs scan email and other files
44、 on your computer for viruses, worms, and trojan horses. if one is found, the antivirus program either quarantines (isolates) it or deletes it entirely before it damages your computer and files.because new viruses are identified every day, its important to select an antivirus program with an automat
45、ic update capability. when the antivirus software is updated, it adds new viruses to its list of viruses to check for, helping to protect your computer from new attacks. if the list of viruses is out of date, your computer is vulnerable to new threats. updates usually require an annual subscription
46、fee. keep the subscription current to receive regular updates.tips for using email and the web safely:(1)use caution when opening email attachments. email attachments (files attached to email messages) are a primary source of virus infection. never open an attachment from someone you dont know. if y
47、ou know the sender but were not expecting an attachment, verify that the sender actually sent the attachment before you open it. see when to trust an email message and avoiding email viruses.(2)guard your personal information carefully. if a website asks for a credit card number, bank information, o
48、r other personal information, make sure that you trust the website and verify that its transaction system is secure. (3)use the phishing filter in internet explorer. phishing is the practice of creating fraudulent email messages and websites in order to trick computer users into revealing personal o
49、r financial information. the fraudulent email message or website appears to be from a trusted source, such as a bank, credit card company, or reputable online merchant. the phishing filter helps detect phishing websites to protect you from scams.(4)be careful when clicking hyperlinks in email messag
50、es. hyperlinks (links that open websites when you click them) are often used as part of phishing and spy ware scams, but they can also transmit viruses. (5)only install add-ons from websites that you trust. web browser add-ons, including activex controls, allow web pages to display things like toolb
51、ars, stock tickers, video, and animation. however, add-ons can also install spy ware or other malicious software. if a website asks you to install an add-on, make sure that you trust it before doing so. 中文譯文局域網(wǎng)可以基于對等式網(wǎng)絡(luò)中,用戶可以彼此共享資源和進(jìn)行交流,但沒有一臺計算機對整個網(wǎng)絡(luò)進(jìn)行控制,對等式網(wǎng)絡(luò)的用戶一般也不將文件集中在一臺機器上,通常對等網(wǎng)絡(luò)往往缺少組織性和足夠的安全控制
52、??蛻魴C-服務(wù)器結(jié)構(gòu)經(jīng)常用于大型局域網(wǎng)或?qū)Π踩砸蠛芨叩木钟蚓W(wǎng)中。在客戶機服務(wù)網(wǎng)絡(luò)中,服務(wù)器控制網(wǎng)絡(luò)的訪問和網(wǎng)絡(luò)的資源??蛻魴C向服務(wù)器請求資源,服務(wù)器向客戶機提供資源,從類型機到pc機,服務(wù)器的復(fù)雜程度各不相同。從pc機到顯示終端(dts),客戶機的復(fù)雜程度也不相同??蛻魴C服務(wù)器網(wǎng)絡(luò)提供強大的中央安全控制,集中對文件進(jìn)行組織和存儲,并集中對數(shù)據(jù)進(jìn)行保護(hù)。與對等網(wǎng)絡(luò)相比,客戶機服務(wù)器網(wǎng)絡(luò)需要更多的集中管理和專門管理。目前局域網(wǎng)上都是采用以廣播為技術(shù)基礎(chǔ)的以太網(wǎng),任何兩個節(jié)點之間的通信數(shù)據(jù)包不僅被這兩個節(jié)點的網(wǎng)卡所接收,也同時被處于同一以太網(wǎng)上的任一節(jié)點的網(wǎng)卡所截取,黑客只要接入以太網(wǎng)上的任一節(jié)
53、點進(jìn)行偵聽,就可以捕獲發(fā)生在這個以太網(wǎng)上的所有數(shù)據(jù)包并對其進(jìn)行解包分析,從而竊取關(guān)鍵信息,這就是以太網(wǎng)所固有的安全隱患。事實上,internet上的很多免費的黑客工具都是把以太網(wǎng)偵聽作為其最基本的手段。防火墻是一種網(wǎng)絡(luò)設(shè)備,為網(wǎng)絡(luò)的交通執(zhí)行安全政策。這一術(shù)語來源于防火墻,防火墻作為防止火勢蔓延的一道屏障。一個互聯(lián)網(wǎng)防火墻造成障礙之間的單獨網(wǎng)絡(luò)設(shè)定點,控制交通需求,以通過才能達(dá)到不同網(wǎng)絡(luò)。防火墻可以限制暴露主機惡意網(wǎng)絡(luò)流量,例如,遠(yuǎn)程對手企圖利用安全漏洞易受申請防止某些數(shù)據(jù)包進(jìn)入網(wǎng)絡(luò)保護(hù)的防火墻。當(dāng)考察了網(wǎng)絡(luò)數(shù)據(jù)包時,防火墻決定是否應(yīng)該減少或轉(zhuǎn)發(fā)數(shù)據(jù)包,這項決定是基于防火墻的安全策略及其內(nèi)部狀態(tài)
54、。在轉(zhuǎn)發(fā)包以前,防火墻可以修改數(shù)據(jù)包的內(nèi)容。包檢查可能發(fā)生在幾個不同的層次:(1)鏈路層在同一網(wǎng)絡(luò)提供物理處理設(shè)備。防火墻運行在鏈路層,往往使得包難于與體訪問控制(mac)地址的主機溝通。(2)網(wǎng)絡(luò)層包含的互聯(lián)網(wǎng)協(xié)議(ip)報頭,支持解決跨網(wǎng)絡(luò),使主機不在相同的物理網(wǎng)絡(luò)上也與對方溝通。(3)運輸層提供了數(shù)據(jù)流之間的主機。在因特網(wǎng)上傳輸控制協(xié)議(tcp)和用戶數(shù)據(jù)報協(xié)議(udp協(xié)議)是用于這一目的。大多數(shù)防火墻運行在網(wǎng)絡(luò)和傳輸層。tcp協(xié)議在主機之間提供可靠的數(shù)據(jù)流,udp協(xié)議是一個非常簡單,但不可靠的傳輸協(xié)議。(4)應(yīng)用層包含應(yīng)用特定的協(xié)議,像超文本傳輸協(xié)議(http),可以統(tǒng)計昂貴的特定應(yīng)用
55、協(xié)議的檢查,因為更多的數(shù)據(jù)需要加以檢查,并有更多的國家所需。防火墻是一個軟件或硬件,有助于篩選出黑客,病毒與蠕蟲,設(shè)法讓你的電腦接入因特網(wǎng)。如果你是一位家庭用戶或小型企業(yè)用戶,使用防火墻是最有效和最重要的第一步,它可以幫助您保護(hù)計算機。它是重要的,是有一個防火墻和防毒軟體開啟,然后連接到互聯(lián)網(wǎng)上的。 如果你的電腦是沒有保障,當(dāng)您連接到互聯(lián)網(wǎng),黑客在您的計算機上可獲取個人資料。他們可以安裝程序碼輸入電腦,銷毀檔案或?qū)е鹿收?。其他家用和商用電腦連接上互聯(lián)網(wǎng),他們也可以使您的電腦造成問題。在到達(dá)你的系統(tǒng)之前,防火墻有助于篩選出多種惡意網(wǎng)絡(luò)流量。沒有你的知識,部分防火墻也能防止其他人使用你的電腦攻擊其
56、他電腦。使用防火墻重要的是你是怎樣連接到互聯(lián)網(wǎng)撥號調(diào)制解調(diào)器,電纜調(diào)制解調(diào)器,或數(shù)字訂戶線路(dsl或adsl的)。目前的防火墻產(chǎn)品主要有堡壘主機、包過濾路由器、應(yīng)用層網(wǎng)關(guān)(代理服務(wù)器)以及電路層網(wǎng)關(guān)、屏蔽主機防火墻、雙宿主機等類型。雖然防火墻是目前保護(hù)網(wǎng)絡(luò)免遭黑客襲擊的有效手段,但也有明顯不足:無法防范通過防火墻以外的其它途徑的攻擊,不能防止來自內(nèi)部變節(jié)者和不經(jīng)心的用戶們帶來的威脅,也不能完全防止傳送已感染病毒的軟件或文件,以及無法防范數(shù)據(jù)驅(qū)動型的攻擊。自從1986年美國digital公司在internet上安裝了全球第一個商用防火墻系統(tǒng),提出了防火墻概念后,防火墻技術(shù)得到了飛速的發(fā)展。國內(nèi)
57、外已有數(shù)十家公司推出了功能各不相同的防火墻產(chǎn)品系列。防火墻處于5層網(wǎng)絡(luò)安全體系中的最底層,屬于網(wǎng)絡(luò)層安全技術(shù)范疇。在這一層上,企業(yè)對安全系統(tǒng)提出的問題是:所有的ip是否都能訪問到企業(yè)的內(nèi)部網(wǎng)絡(luò)系統(tǒng)?如果答案是“是”,則說明企業(yè)內(nèi)部網(wǎng)還沒有在網(wǎng)絡(luò)層采取相應(yīng)的防范措施。作為內(nèi)部網(wǎng)絡(luò)與外部公共網(wǎng)絡(luò)之間的第一道屏障,防火墻是最先受到人們重視的網(wǎng)絡(luò)安全產(chǎn)品之一。雖然從理論上看,防火墻處于網(wǎng)絡(luò)安全的最底層,負(fù)責(zé)網(wǎng)絡(luò)間的安全認(rèn)證與傳輸,但隨著網(wǎng)絡(luò)安全技術(shù)的整體發(fā)展和網(wǎng)絡(luò)應(yīng)用的不斷變化,現(xiàn)代防火墻技術(shù)已經(jīng)逐步走向網(wǎng)絡(luò)層之外的其他安全層次,不僅要完成傳統(tǒng)防火墻的過濾任務(wù),同時還能為各種網(wǎng)絡(luò)應(yīng)用提供相應(yīng)的安全服務(wù)
58、。另外還有多種防火墻產(chǎn)品正朝著數(shù)據(jù)安全與用戶認(rèn)證、防止病毒與黑客侵入等方向發(fā)展。在中小型企業(yè)網(wǎng)絡(luò)的特定環(huán)境下,病毒除了與生俱來的可傳播性、可執(zhí)行性、破壞性等常規(guī)病毒的共性外,還具有一些其他的特點:1、感染速度快病毒的傳播必須要一定的途徑,在完全封閉的單機情況下,病毒是無法從一臺計算機傳給另一臺計算機的。不過在企業(yè)簡單的網(wǎng)絡(luò)環(huán)境下,病毒的傳播可以利用充分的介質(zhì),通過簡單而快速的內(nèi)部網(wǎng)絡(luò),病毒可以迅速地傳播,舉個例子:在常見的100m辦公網(wǎng)絡(luò)內(nèi),只要有一臺工作站染毒,就可在幾十秒鐘內(nèi)將同一網(wǎng)絡(luò)中的數(shù)百臺計算機全部感染。2、擴(kuò)散面廣病毒感染了局域網(wǎng)中某一臺客戶機,而客戶機又可以進(jìn)一步感染網(wǎng)絡(luò)中的其他客戶機(也包括服務(wù)器),而感染了病毒的客戶機又可以更進(jìn)一步的感染更多客戶機(也包括了局域網(wǎng)以外的計算機)如此反復(fù)交叉感染
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 酒店管理工作中的服務(wù)創(chuàng)新
- 河北省廊坊市 2024~2025學(xué)年度高三第一學(xué)期期末考試地理含答案
- 2024學(xué)年曲靖市宣威一中高一數(shù)學(xué)上學(xué)期期末考試卷附答案解析
- 貝殼二手房合同錯別字
- 拼多多競業(yè)就職協(xié)議
- 二零二五年度勞動合同轉(zhuǎn)移至新公司員工工作調(diào)整與支持合同3篇
- Unit 3 Sports and fitness Reading for Writing 說課稿 -2024-2025學(xué)年高中英語人教版(2019)必修第一冊
- 上海-實驗九-2023-2024學(xué)年高中信息技術(shù)選擇性必修1(滬科版2019)-說課稿-實現(xiàn)查找指定商品-查找算法的應(yīng)用及數(shù)據(jù)結(jié)構(gòu)的選擇
- 二零二五年度廣告投放與媒體代理協(xié)議3篇
- Unit4 January is the first monthlesson21說課(說課稿)-2024-2025學(xué)年人教精通版英語六年級上冊
- 高中生物必修一知識點總結(jié)(必修1)
- 《風(fēng)力發(fā)電技術(shù)》課件-第三章 機組運行與維護(hù)
- 物料報廢回收合同范本
- 科研機構(gòu)成果轉(zhuǎn)化困境與對策
- 選礦廠建設(shè)課件
- DB32T4065-2021建筑幕墻工程技術(shù)標(biāo)準(zhǔn)
- 中國超重肥胖醫(yī)學(xué)營養(yǎng)治療指南
- 現(xiàn)代營銷學(xué)原理課件
- 《5G無線網(wǎng)絡(luò)規(guī)劃與優(yōu)化》 課件 第1、2章 5G網(wǎng)絡(luò)概述、5G關(guān)鍵技術(shù)
- 屈原【六幕話劇】郭沫若
- 拒絕早戀主題班會 課件(34張)2023-2024學(xué)年主題班會
評論
0/150
提交評論