数学专业英语论文
-
数学专业英语论文
Security of Computer Network System
------------------------------------------
---------------------------------------------
课程:数学专业英语
Security of Computer
Network System
Abstract:
This paper
discussed the secure and dependable problem
about the computer network system. On
some aspects: the importance of
network
security, basic theory, function, and the method
of solving a
1
problem, etc. Good views for solving
the problem are put forward. It
strengthens people’s
consciou
sness on network security.
Key
words:
Computer
network
Virtual
private
network
Encryption
techniques
Firewall
Introduction:
Along
with
the
computer
network
technology
development,
the network security and the
reliability have become the question of
common
interest
by
all
users.
The
people
all
hoped
their
own
network
system
can move reliably, not external
intruder disturbance and destruction.
Therefore
solves
the
network
security
and
the
reliable
problem
carefully,
is a guarantee
the network normal
operat
ion’
s premise and
safeguard.
First,
the
importance
of
the
network
security.
With
the
informationization
developing
fast
today,
the
computer
network
obtained
the
widespread
application,
but
along
with
the
network
information
transmission
capacity
growing
faster,
some
organizations
and
departments
benefit
the
speedup
with
the
service
operation
in
the
network,
while,
the
data has also suffered
to extent attack and destruction. The aggressor
may
intercept
the
information
in
the
network,
steals
the
user’s
password,
the
database
information;
also
may
tamper
with
the
database
content,
the
forge
user’s
status,
denies
own
signature.
And
what
is
more,
the
aggressor may delete the database
content, the destroy node, releases
computer virus and so on. This cause
data security and own benefit have
received the serious threat.
According
to
American
FBI
(US
Federal
Bureau
of
Investigation)
investigation, the network security
creates the economic loss surpasses
17,000,000,000
dollars
every
year.75%
corporation
report
finance
loss
is
because
the
computer
system
security
problem
creates.
More
than
50%
safe
threat come from inside. But only 59%
loss could be possible estimate.
In
China, the economic loss amount in view of
financial domain and the
bank,
negotiable
securities
computer
system
security
problems
creates
has
reached as high as several hundred
million Yuan, also sometimes occurs
in
view of other profession network security threat.
Thus
it
can
be
seen,
regardless
of
is
the
mean
attack,
or
unconscious
disoperation,
will
all
be
able
to
bring
the
inestimable
loss
to
the
system.
Therefore, the computer network must
have the enough strong security
measure.
Regardless
of
is
in
the
local
area
network
or
in
WAN,
the
network
security measure should be Omni-
directional in view of each kind of
different threat and the vulnerability,
so that it can guarantee the
network
information’s secrecy, the integrity and the
usability.
2
Second, network
security rationale. International Standardization
Organization (ISO) once suggested the
computer security the definition
was:
“The
computer
system
must
protect
its
hardware,
the
data
not
accidentally
or
reveals
intentionally,
the
change
and
the
destruction.”
In
order
to
help
the
computer
user
discrimination
and
the
solution
computer network security problem, the
American Department of Defense
announced
“the
orange
peel
book”
(orange
book,
official
name
is
“credible
computer
system
standard
appraisal
criterion”), has
carried
on
the
stipulation
to
the
multiuser
computer
system
security
rank
division.
The
orange peel book from low to high divides into the
computer
security four kinds of seven
levels: D1, C1, C2, B1, B2, B3,
all,D1
level does not have the lowest safety margin rank,
C1 and the C2
level
has
the
lowest
safety
margin
rank,
B1
and
the
B2
level
has
the
medium
safekeeping of
security ability rank, B3 and A1 belongs to the
highest
security rating.
In the network concrete design process,
it should act according to
each
technology
standard,
the
equipment
type,
the
performance
requirement
as well as the funds which in the
network overall plan proposed and so
on,
the
overall
evaluation
determines
one
quite
reasonably,
the
performance
high
network
security
rank,
thus
realization
network
security
and reliability.
Third, the network security
should have function. In order to adapt
the
information
technology
development
well,
the
computer
network
application system must have following
function:
(1)
Access
control:
Through
to
the
specific
webpage,
the
service
establishment
access
control
system,
in
arrives
the
overwhelming
majority
attack
impediment
in
front
of
the
attack
goal.
(2)
Inspects
the
security
loophole:
Through
to
security
loophole
cyclical
inspection, even if attacks may get the attack
goal,
also
may
cause
the
overwhelming
majority
attack
to
be
invalid.
(3)
Attack
monitoring:
Through
to
specific
webpage,
service
establishment
attack
monitoring
system,
but
real-
time
examines
the
overwhelming majority attack, and adopts the
response the
motion (for example
separation network connection, recording
attack process, pursuit attack source
and so on).
(4)
Encryption
communication:
Encrypts
on
own
initiative
the
communication, may enable the aggressor
to understand, the
revision sensitive
information.
3
(5)
Authentication: The good authentication
system may prevent the
aggressor
pretends the validated user.
(6)
Backup
and
restoration:
The
good
backup
and
restores
the
mechanism,
may causes the
losses when the attack, as soon as possible
restores the data and the system
service.
(7)
Multi-layered defense: The aggressor
after breaks through the
first
defense
line
delays
or
blocks
it
to
reach
the
attack
goal.
(8)
Sets up the
safe monitoring center: Provides the security
system
management, the monitoring, the
protection and the emergency
case
service for the information system.
Fourth, the network system safety
comprehensive solution measures.
If
want to realize
the network
security
function, we should
carry on the
Omni-
directional guarding to the network system, and
thus formulate the
quite reasonable
network security architecture. Below on the
network
system security problem,
proposes some guard measure.
Physics
safe
may
divide
into
two
aspects: One
is
the
artificial
harm
to the network; the
other is the network to the users. Most common
thing
is the constructor who did not
understand to the buried cable clearly,
thus lead to the destruction of
electric cable, this kind of situation
may
through
standing
symbolized
the
sign
guards
against;
Has
not
used
the
structurized
wiring
the
network
to
be
able
to
appear
the
user
frequently
to the electric cable
damage, this needs to use the structurized wiring
to
install
the
network
as
far
as
possible;
Artificial
or
natural
disaster
influence, when to consider the plan.
The access control
security, the access control distinguishes and
confirms
the
user,
limits
the
user
in
the
already
activity
and
the
resources
scope
which
is
authorized.
The
network
access
control
safe
may
consider from following several
aspects.
(1)
password: The network security system
most outer layer defense
line
is
network
user's
registering,
in
the
registration
process,
the system would
inspect the user to register the name and the
password validity, only then the
legitimate user can enter the
system.
(2)
The
network
resources’
host,
the
attribute
and
the
visit
jurisdiction:
The
network
resources
mainly
include
the
resources
which
shared
files,
the
shared
printer,
network
users
and
so
on,
that all
the network users can use. The resources were the
host
to manifest the different user to
the resources subordinate
relations,
such
as
builder,
modifier
and
group
member
and
so
on.
The
resources
attribute
expressed
itself
deposit
and
withdrawal
characteristics,
as can read by who, write or the execution and
4
so on. The
visit jurisdiction mainly manifests in the user to
the network resources available degree
in using assigns the
network resources
to be the host, the attribute and the visit
jurisdiction
may
effectively
in
the
application
cascade
control
network system security.
(3)
Network
security
surveillance:
The
network
surveillance
is
generally called for “the network
management”, its function
mainly is
carries on the dynamic surveillance to the entire
network movement and handles each kind
of event promptly. May
understand
simply
through
the
network
surveillance
discovers
and
solves
in
the
network
security
problem,
such
as
the
localization
network
fault
point,
seizes
the
IP
embezzler,
the
control
network
visit scope and so on.
(4)
Audit and
track: Network audit and track which is including
the
network aspect, resources use,
network breakdown and system
keeping.
It
composed
generally
by
two
parts:
One,
the
recording
event,
soon
each
kind
of
event
entirely
records
in
the
document;
Two,
carries
on
the
analysis
and
the
statistics
to
the
recording,
thus discovers
the question to be at.
The
data
transmission
security,
the
transmission
safety
requirements
protect the
information which is transmitting, prevented
passively and
encroaches on own
initiative. We may take the following measure to
the
data transmission:
(1)
Encryption
and digital signature: The digital signature which
is
the data receiver confirms the data
transmission truly and
unmistakable,
it
mainly
realizes
through
the
encryption
algorithm and the confirmation
agreement.
(2)
Firewall: Firewall is a security
measure which is widespread use
on
the
Internet,
it
may
establish
in
different
network
or
between
a
series
of
part
combination.
It
can
through
the
monitor,
the limit, the
change surmounts the firewall’s data stream,
it
examines
the
information
inside
and
outside
as
far
as
possible,
so
that
realizes
the
network
safekeeping
of
security.
(3)
User Name/Password Authentication: This
authentication is the
most
commonly
used,
it
uses
in
the
operating
system
registering,
telnet
(long-distance
registers)
rlogin
(long-distance
registers)
and
so
on,
but
this
kind
of
authentication
way
process does not encrypt, namely
password is monitored easily
and
deciphered.
(4)
Use
abstract
algorithm
authentication:
Radius
(long-distance
digit dialing authentication
agreement), OSPF (opening route
agreement), SNMP Security Protocol and
so on, these all use
sharing
Security
Key (key),
in
addition
the
abstract
algorithm
(MD5)
carries
on
the
authentication,
but
the
abstract
algorithm
5