信息管理专业英语翻译

admin管理员组

文章数量:1567045

2024年1月13日发(作者：)

百度文库 - 让每个人平等地提升自我

1

A vulnerability is a weakness that a person can eXploit to accomplish something that is not

authorized or intended as legitimate use of a network or system.

一个漏洞是一个软弱,一个人要有所成就,能利用未被授权或打算作为合法使用网络或系统。

When a vulnerability is exploited to compromise the security of systems or information on those

systems，the result is a security incident,Vulnerabilities may be caused by engineering or design

errors，or faulty implementation.

当一个漏洞是利用妥协的安全系统或信息在这些系统中,其结果是一个安全漏洞事件,可能是由于工程或设计错误,或错误的实现。

Why the Internet Is Vulnerable（为什么互联网是脆弱）

2

Many early network protocols that now form part of the Internet infrastructure were designe

without security in mind.

许多早期的网络协议,现在互联网基础设施的组成部分是不安全的理念,设计。

Without a fundamentally secwre infrastructure，network defense becomes more diffcult.

没有从根本上安全的基础设施、网络防御变得更加困难。

Furthermore, the Internet is an extremely dynamic environment, in terms of both topology and

emerging technology。

此外,互联网是一个极端地动态环境的要求,包括拓扑和新兴技术。

3

Because of the interent opnness of the Internet and the original design of the protocols,Internet

attacks in general are quick,,easy, inexpensive。and may be hard to detect or trace。An attacker

does not have to be phsically present to carry out the attack.

由于互联网的营销公开和原设计的协议、网络攻击通常是快速,简单,便宜,而且可能很难检测或跟踪一个攻击者不必一股脑的礼物进行攻击。

In fact,many attacks can be launched readily from anywhere in the word, and the location of the

attacker can easily be hidden.

事实上,许多攻击可以启动容易从任何地方在词的位置,攻击者可以很容易的被隐藏。

Nor is it always necessary to“break in”to a site (gain privileges on it ) to compromise

confidentiality,integrity,or availability of its information on service.

也不是一定要“打破”网站(获得特权)妥协的保密性,完整性或可用性的信息服务。

4

Even so,many sites place unwarranted trust in the Internet.

即便如此,许多网站在互联网的地方毫无根据的信任。

It is common for sites to be unaware of the risks or unconcerned about the amount of trust they

place in the Intemet.

这是常见的网站不知道或不关心的风险量的信任他们的地方在因特网。

They may not be aware of what can happen to their information and systems.

他们可能还不知道会发生什么,他们的信息和系统。

They may believe that their site will not be a target or that precautions they have taken are

sufficient.

他们可能认为,他们的网站将不是一个目标,或者他们已经采取足够的预防措施。

Because the technology is constantly changing and intruders are constantly developing new tools

and techniques，solutions do not remain effective indefinitely.

因为技术是不断变化的,不断发展新的入侵者是工具和技术,解决方案不能无限期地保持有效。

5

Since much of the traffic on the Internet is not encrypted,confidentiality and integrity are diffcult

to achieve.

因为大部分的交通网络是不加密的,保密性和完整性都难实现。

This situation undermines not only annlications (such as financial applications that are

network-based ) but also more fundamental mechanisms such as authentication and

non-repudiation.

这种情况不仅annlications破坏(如金融应用程序,这些应用程序是基于网络的),但也更根本的机制,比如身份验证和不可抵赖性。

1

百度文库 - 让每个人平等地提升自我

As a result, sites may be affected by a security compromise at another site over which they have no

control .

因此,网站可能会受到安全妥协在另一个网站而失去控制。

An example of this is a packet sniffer that is installed at one site but allows the intruder to gather

information about other domains (possibly in other counties).

一个例子是一个数据包嗅探器,安装在一个站点上但允许入侵者收集信息关于其他域(可能在其他国家)。

6

Another factor that contributes to the vulnerability of the Internet is the rapid growth and use of

the netword,accompanied by rapid deployment of network services involving complex applications.

另一个因素导致的脆弱性是互联网快速发展和使用网络,伴随着快速部署的网络服务涉及复杂的应用程序。

Often,these services are not designed, configured,or maintained securely.

通常,这些服务不是设计、配置或维护安全。

In the rush to yet new products to market developers do not adequately ensure that they do not

repeat previous mistakes or introduce new vulnerabilities

在急于然而新产品市场开发人员不充分确保他们不重复以前的错误或引入新的漏洞

7Compounding the problem, operating system security is rarely a purchase criterion.

让问题更加复杂的是,操作系统安全是很少购买标准。

Commercial operating system vendors often report that sales are driven by customer demand for

performance,price,easy of use,maintenance,and support.

商业操作系统供应商经常报告,销售是由客户要求的性能、价格、容易使用、维护和支持。

As a result ,off-the-shelf operating systems are shipped in an easy-to-use but insecure

configuration that allow sits to use the system soon after installation.

因此,现成的操作系统是在一个易于使用的但不安全的运来配置,允许坐使用系统安装后不久。

These host/sites are often not fully configured from a security perspective before connecting.

这些主机/网站常常没有完全配置之前从安全角度连接。

This lack of secure configuration makes them vulnerable to attacks,which sometimes occur within

minutes of connection.

这种缺乏安全的配置使他们容易受到攻击,这有时发生后几分钟内连接。

8Finally, the explosive growth of the Intemet has expanded the need for well-trained and

experienced people to engineer and manage the network in a secure manner.

最后,爆炸性增长的互联网已扩大需要训练有素、经验丰富的人,工程师和管理网络安全的方式。

Because the need for network security experts far exceeds the supply,inexperienced people are

called upon secure systems,opening windows of opportunity for the intruder community.

因为需要网络安全专家供不应求,没有经验的人呼吁安全的系统,开放的机会窗口为入侵者社区。

Type of Technical Vulnerabilities 技术漏洞的类型

9The following taxonomy is useful in understanding the technical cause behind successful

intrusion techniques,and helps experts identify general solutions for addressing each type of

problem.

以下分类是有用的在理解技术原因成功入侵技术,并帮助专家识别通用于解决每种类型的问题。

Flaws in Software or Protocol

缺陷在软件或协议

10Protocols define the rules and conventions for computers to communicate on a network.

协议定义了规则和惯例来进行计算机通信网络。

If a protocol has a fundamental deign flaw,it is vulnerable to exploitation no matter how well it is

implemented.

如果一个协议有一个基本的设计缺陷,它是容易受到剥削无论它如何被实现。

An example of this is the Network file System (NFS),which allows systems to share files.

2

百度文库 - 让每个人平等地提升自我

一个例子是网络文件系统(NFS),它允许系统共享文件。

This protocol does not include a provision for authentication; that is，there is no way of verifying

that a person logging in really is whom he or she claims to be.

这个协议不包括提供认证;那就是,没有办法验证登录,一个人真的是被他或她声称是。

NFS servers are targets for the intruder community.

NFS服务器目标社区的入侵者。

11When software is designed or specified,often security is left out of the initial description and is

later "added on" to the system.

当软件被设计或指定,通常安全是排除在最初的描述和后来的“添加”到系统。

Because the additional components were not part of the original design,the software may not

behave as planned and unexpected vulnerabilities may be present.

因为额外的组件是属于原始设计,软件可能不像计划和意想不到的可能出现的漏洞。

Weaknesses in How Protocols and Software Are Implemented

弱点在协议和软件如何实现

12 Even when a protocol is well designed，it can be vulnerable because of the way it is

implemented.

甚至当一个协议是良好设计的,它可以是脆弱的,因为它是如何实现的。

For example,a protocol for electronic mail may be implemented in a way that permits intruders to

connect to the mail port of the victim’s machine and fool the machine into performing a task not

intended by the service..

例如,一个协议,电子邮件可能实施的方式,允许入侵者连接到邮件港口受害者的机器和傻瓜机器到执行任务不能由服务. .

If intruders supply certain data for the “To:”field instead of a correct E-mail address,they may be

able to fool the machine into sending them user and password information or granting them access

to the victim's machine with privileges to read protected files or run programs on the system.

如果入侵者提供某些数据的“:”字段,而不是一个正确的电子邮件地址,他们也许能够愚弄机进入发送用户和密码信息或向他们授予访问权限的受害者的机读文件或运行程序保护系统上。

This tune of vulnerability enables intruders to attack the victim’s machine from remote sites without

access to an account on the victim’s system.

这首曲子的脆弱性使入侵者攻击受害者的机器从远程站点没有获得一个帐户在受害者的系统。

This tune of attack often is just a first step leading to the exploitation of flaws in system or

application software.

这首曲子的攻击往往只是第一步导致缺陷的开发系统或应用程序软件。

13Software may he vulnerable because of flaws that were not identified before the software was

type of vulnerability has a wide range of subclasses,which intruders often exploit

using their oen attack readers who are familiar with software desgin,the following

examples of subclasses are inciuded:

软件可能他脆弱,是因为缺陷,没有明确的软件发布之前。这种类型的漏洞已经广泛的子类,入侵者经常利用他们的厄恩攻击工具。让读者熟悉软件设计,下面的例子包括子类:

race conditions in file access

在文件访问竞争条件

non-existent checking of data content and size

不存在的检查数据内容和大小

non-existent checking for success or failure

不存在检查成功或失败

inability to adapt to resource exhaustion

无法适应资源枯竭

incomplete checking of operating environment

不完整的检查的操作环境

3

百度文库 - 让每个人平等地提升自我

inappropriate use of system calls

不恰当的使用系统调用

re-use of software modules for purposes other than their intended ones

重用软件模块以外的任何其他目的的预期

14By exaloiting program weaknesses，intruders at a remote site can gail access to a victim’s

利用程序弱点,入侵者在远程站点可以盖尔访问受害者的系统。即使根据事实推断获得一个非特权用户帐户在受害者的系统他们常常可以获得更多,授权权限。

system.

Even if thev have access to a non-privileged user account on the victim’s system they can

often gain additional,authorized nrivileges.

Weaknesses in system and Network Configurations（弱点在系统和网络配置）

15 Vulnerabilities in the category of system and network configurations are not caused by

problem inherent in protocols or software programs.

Rether, the vulnerabilities are a result of the

way these components are set up and ts may be delivered with default settings that

intruders can administrators and users many neglect to change the default settings，or they may simply set up their system to operate in a way that leaves the network vulnerable.

在类别的系统漏洞和网络配置并不是引起问题中固有的协议或软件程序。美商动脉,漏洞是由于这些组件设置和使用。产品可能被交付与默认设置,入侵者可以利用。系统管理员和用户许多忽视改变默认设置,或者他们可能仅仅建立他们的系统来操作,因此网络脆弱。

16

An example of a faulty configuration that has been exploited is anonymous File Transfer

Protocol (FTP)

configuration guidelines for this service stress the need to ensure

that the passward file,archive tree,and ancillary software are separate from the rest of the

opearting system,and that the ouerating system cannot be reached from this staing

sites misconfigure their anonymous FTP archives,unauthorized users can get authentication

information and use it to compromise the system.

一个错误的配置的一个例子,已经被剥削是匿名文件传输协议(FTP)服务。安全配置指南对于这个服务压力需要确保密码文件,归档的树,和辅助软件独立于其他操作系统,让操作系统不能达到从这个避免区域。当网站错误地配置他们的匿名FTP档案,未经授权的用户可以获得身份验证信息,并使用它来妥协系统。

4

本文标签： 系统入侵者可能