admin管理员组文章数量:1567045
2024年1月13日发(作者:)
百度文库 - 让每个人平等地提升自我
1
A vulnerability is a weakness that a person can eXploit to accomplish something that is not
authorized or intended as legitimate use of a network or system.
一个漏洞是一个软弱,一个人要有所成就,能利用未被授权或打算作为合法使用网络或系统。
When a vulnerability is exploited to compromise the security of systems or information on those
systems,the result is a security incident,Vulnerabilities may be caused by engineering or design
errors,or faulty implementation.
当一个漏洞是利用妥协的安全系统或信息在这些系统中,其结果是一个安全漏洞事件,可能是由于工程或设计错误,或错误的实现。
Why the Internet Is Vulnerable(为什么互联网是脆弱)
2
Many early network protocols that now form part of the Internet infrastructure were designe
without security in mind.
许多早期的网络协议,现在互联网基础设施的组成部分是不安全的理念,设计。
Without a fundamentally secwre infrastructure,network defense becomes more diffcult.
没有从根本上安全的基础设施、网络防御变得更加困难。
Furthermore, the Internet is an extremely dynamic environment, in terms of both topology and
emerging technology。
此外,互联网是一个极端地动态环境的要求,包括拓扑和新兴技术。
3
Because of the interent opnness of the Internet and the original design of the protocols,Internet
attacks in general are quick,,easy, inexpensive。and may be hard to detect or trace。An attacker
does not have to be phsically present to carry out the attack.
由于互联网的营销公开和原设计的协议、网络攻击通常是快速,简单,便宜,而且可能很难检测或跟踪一个攻击者不必一股脑的礼物进行攻击。
In fact,many attacks can be launched readily from anywhere in the word, and the location of the
attacker can easily be hidden.
事实上,许多攻击可以启动容易从任何地方在词的位置,攻击者可以很容易的被隐藏。
Nor is it always necessary to“break in”to a site (gain privileges on it ) to compromise
confidentiality,integrity,or availability of its information on service.
也不是一定要“打破”网站(获得特权)妥协的保密性,完整性或可用性的信息服务。
4
Even so,many sites place unwarranted trust in the Internet.
即便如此,许多网站在互联网的地方毫无根据的信任。
It is common for sites to be unaware of the risks or unconcerned about the amount of trust they
place in the Intemet.
这是常见的网站不知道或不关心的风险量的信任他们的地方在因特网。
They may not be aware of what can happen to their information and systems.
他们可能还不知道会发生什么,他们的信息和系统。
They may believe that their site will not be a target or that precautions they have taken are
sufficient.
他们可能认为,他们的网站将不是一个目标,或者他们已经采取足够的预防措施。
Because the technology is constantly changing and intruders are constantly developing new tools
and techniques,solutions do not remain effective indefinitely.
因为技术是不断变化的,不断发展新的入侵者是工具和技术,解决方案不能无限期地保持有效。
5
Since much of the traffic on the Internet is not encrypted,confidentiality and integrity are diffcult
to achieve.
因为大部分的交通网络是不加密的,保密性和完整性都难实现。
This situation undermines not only annlications (such as financial applications that are
network-based ) but also more fundamental mechanisms such as authentication and
non-repudiation.
这种情况不仅annlications破坏(如金融应用程序,这些应用程序是基于网络的),但也更根本的机制,比如身份验证和不可抵赖性。
1
百度文库 - 让每个人平等地提升自我
As a result, sites may be affected by a security compromise at another site over which they have no
control .
因此,网站可能会受到安全妥协在另一个网站而失去控制。
An example of this is a packet sniffer that is installed at one site but allows the intruder to gather
information about other domains (possibly in other counties).
一个例子是一个数据包嗅探器,安装在一个站点上但允许入侵者收集信息关于其他域(可能在其他国家)。
6
Another factor that contributes to the vulnerability of the Internet is the rapid growth and use of
the netword,accompanied by rapid deployment of network services involving complex applications.
另一个因素导致的脆弱性是互联网快速发展和使用网络,伴随着快速部署的网络服务涉及复杂的应用程序。
Often,these services are not designed, configured,or maintained securely.
通常,这些服务不是设计、配置或维护安全。
In the rush to yet new products to market developers do not adequately ensure that they do not
repeat previous mistakes or introduce new vulnerabilities
在急于然而新产品市场开发人员不充分确保他们不重复以前的错误或引入新的漏洞
7Compounding the problem, operating system security is rarely a purchase criterion.
让问题更加复杂的是,操作系统安全是很少购买标准。
Commercial operating system vendors often report that sales are driven by customer demand for
performance,price,easy of use,maintenance,and support.
商业操作系统供应商经常报告,销售是由客户要求的性能、价格、容易使用、维护和支持。
As a result ,off-the-shelf operating systems are shipped in an easy-to-use but insecure
configuration that allow sits to use the system soon after installation.
因此,现成的操作系统是在一个易于使用的但不安全的运来配置,允许坐使用系统安装后不久。
These host/sites are often not fully configured from a security perspective before connecting.
这些主机/网站常常没有完全配置之前从安全角度连接。
This lack of secure configuration makes them vulnerable to attacks,which sometimes occur within
minutes of connection.
这种缺乏安全的配置使他们容易受到攻击,这有时发生后几分钟内连接。
8Finally, the explosive growth of the Intemet has expanded the need for well-trained and
experienced people to engineer and manage the network in a secure manner.
最后,爆炸性增长的互联网已扩大需要训练有素、经验丰富的人,工程师和管理网络安全的方式。
Because the need for network security experts far exceeds the supply,inexperienced people are
called upon secure systems,opening windows of opportunity for the intruder community.
因为需要网络安全专家供不应求,没有经验的人呼吁安全的系统,开放的机会窗口为入侵者社区。
Type of Technical Vulnerabilities 技术漏洞的类型
9The following taxonomy is useful in understanding the technical cause behind successful
intrusion techniques,and helps experts identify general solutions for addressing each type of
problem.
以下分类是有用的在理解技术原因成功入侵技术,并帮助专家识别通用于解决每种类型的问题。
Flaws in Software or Protocol
缺陷在软件或协议
10Protocols define the rules and conventions for computers to communicate on a network.
协议定义了规则和惯例来进行计算机通信网络。
If a protocol has a fundamental deign flaw,it is vulnerable to exploitation no matter how well it is
implemented.
如果一个协议有一个基本的设计缺陷,它是容易受到剥削无论它如何被实现。
An example of this is the Network file System (NFS),which allows systems to share files.
2
百度文库 - 让每个人平等地提升自我
一个例子是网络文件系统(NFS),它允许系统共享文件。
This protocol does not include a provision for authentication; that is,there is no way of verifying
that a person logging in really is whom he or she claims to be.
这个协议不包括提供认证;那就是,没有办法验证登录,一个人真的是被他或她声称是。
NFS servers are targets for the intruder community.
NFS服务器目标社区的入侵者。
11When software is designed or specified,often security is left out of the initial description and is
later "added on" to the system.
当软件被设计或指定,通常安全是排除在最初的描述和后来的“添加”到系统。
Because the additional components were not part of the original design,the software may not
behave as planned and unexpected vulnerabilities may be present.
因为额外的组件是属于原始设计,软件可能不像计划和意想不到的可能出现的漏洞。
Weaknesses in How Protocols and Software Are Implemented
弱点在协议和软件如何实现
12 Even when a protocol is well designed,it can be vulnerable because of the way it is
implemented.
甚至当一个协议是良好设计的,它可以是脆弱的,因为它是如何实现的。
For example,a protocol for electronic mail may be implemented in a way that permits intruders to
connect to the mail port of the victim’s machine and fool the machine into performing a task not
intended by the service..
例如,一个协议,电子邮件可能实施的方式,允许入侵者连接到邮件港口受害者的机器和傻瓜机器到执行任务不能由服务. .
If intruders supply certain data for the “To:”field instead of a correct E-mail address,they may be
able to fool the machine into sending them user and password information or granting them access
to the victim's machine with privileges to read protected files or run programs on the system.
如果入侵者提供某些数据的“:”字段,而不是一个正确的电子邮件地址,他们也许能够愚弄机进入发送用户和密码信息或向他们授予访问权限的受害者的机读文件或运行程序保护系统上。
This tune of vulnerability enables intruders to attack the victim’s machine from remote sites without
access to an account on the victim’s system.
这首曲子的脆弱性使入侵者攻击受害者的机器从远程站点没有获得一个帐户在受害者的系统。
This tune of attack often is just a first step leading to the exploitation of flaws in system or
application software.
这首曲子的攻击往往只是第一步导致缺陷的开发系统或应用程序软件。
13Software may he vulnerable because of flaws that were not identified before the software was
type of vulnerability has a wide range of subclasses,which intruders often exploit
using their oen attack readers who are familiar with software desgin,the following
examples of subclasses are inciuded:
软件可能他脆弱,是因为缺陷,没有明确的软件发布之前。这种类型的漏洞已经广泛的子类,入侵者经常利用他们的厄恩攻击工具。让读者熟悉软件设计,下面的例子包括子类:
race conditions in file access
在文件访问竞争条件
non-existent checking of data content and size
不存在的检查数据内容和大小
non-existent checking for success or failure
不存在检查成功或失败
inability to adapt to resource exhaustion
无法适应资源枯竭
incomplete checking of operating environment
不完整的检查的操作环境
3
百度文库 - 让每个人平等地提升自我
inappropriate use of system calls
不恰当的使用系统调用
re-use of software modules for purposes other than their intended ones
重用软件模块以外的任何其他目的的预期
14By exaloiting program weaknesses,intruders at a remote site can gail access to a victim’s
利用程序弱点,入侵者在远程站点可以盖尔访问受害者的系统。即使根据事实推断获得一个非特权用户帐户在受害者的系统他们常常可以获得更多,授权权限。
system.
Even if thev have access to a non-privileged user account on the victim’s system they can
often gain additional,authorized nrivileges.
Weaknesses in system and Network Configurations(弱点在系统和网络配置)
15 Vulnerabilities in the category of system and network configurations are not caused by
problem inherent in protocols or software programs.
Rether, the vulnerabilities are a result of the
way these components are set up and ts may be delivered with default settings that
intruders can administrators and users many neglect to change the default settings,or they may simply set up their system to operate in a way that leaves the network vulnerable.
在类别的系统漏洞和网络配置并不是引起问题中固有的协议或软件程序。美商动脉,漏洞是由于这些组件设置和使用。产品可能被交付与默认设置,入侵者可以利用。系统管理员和用户许多忽视改变默认设置,或者他们可能仅仅建立他们的系统来操作,因此网络脆弱。
16
An example of a faulty configuration that has been exploited is anonymous File Transfer
Protocol (FTP)
configuration guidelines for this service stress the need to ensure
that the passward file,archive tree,and ancillary software are separate from the rest of the
opearting system,and that the ouerating system cannot be reached from this staing
sites misconfigure their anonymous FTP archives,unauthorized users can get authentication
information and use it to compromise the system.
一个错误的配置的一个例子,已经被剥削是匿名文件传输协议(FTP)服务。安全配置指南对于这个服务压力需要确保密码文件,归档的树,和辅助软件独立于其他操作系统,让操作系统不能达到从这个避免区域。当网站错误地配置他们的匿名FTP档案,未经授权的用户可以获得身份验证信息,并使用它来妥协系统。
4
版权声明:本文标题:信息管理专业英语翻译 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dianzi/1705159241a125780.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论