《计算机专业英语第10章.ppt》由会员分享,可在线阅读,更多相关《计算机专业英语第10章.ppt(34页珍藏版)》请在金锄头文库上搜索。
1、Computer English Chapter 10 Computer and Network SecurityChapter 10 Computer and Network SecurityKey points: useful terms and definitions of computer securityDifficult points: distinguish between four kinds of computer security breaches2计算机专业英语Chapter 10 Computer and Network SecurityRequirements:1.
2、Principle of easiest penetration 2. The kinds of computer security breaches 3. What is firewall4. 了解科技论文标题的写法了解科技论文标题的写法 3计算机专业英语Chapter 10 Computer and Network SecurityNew Words & Expressions:breach breach 破坏,缺口破坏,缺口 involve involve 包含,涉及,也可不译包含,涉及,也可不译depositor depositor 寄托者寄托者vulnerability vulner
3、ability 弱点,攻击弱点,攻击perimeter perimeter 周围,周边周围,周边 penetrate penetrate vtvt. . 攻破,攻击攻破,攻击Exposure Exposure 曝光,揭露曝光,揭露threat n. threat n. 威胁,恐吓威胁,恐吓asset asset 资产资产interruption interruption 中断,打断中断,打断interception interception 截取截取modification modification 修改修改fabricate v. fabricate v. 伪造伪造tamper v. tam
4、per v. 篡改篡改spurious adj. spurious adj. 假的假的 10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches Abbreviations: 4计算机专业英语Chapter 10 Computer and Network Security 10.1.1 入侵计算机的特点入侵计算机的特点Principle of Easiest Penetration. An intruder must be expected to use any available means of pe
5、netration. This will not necessarily be the most obvious means, nor will it necessarily be the one against which the most solid defense has been installed. 最最容容易易攻攻破破原原理理。入入侵侵者者必必定定要要使使用用一一种种可可以以攻攻破破的的方方法法,这这种种方方法法既既不不可能是最常用的,也不可能是针对已经采取了最可靠的防范措施的方法。可能是最常用的,也不可能是针对已经采取了最可靠的防范措施的方法。This principle say
6、s that computer security specialists must consider all possible means of penetration, because strengthening one may just make another means more appealing to intruders. We now consider what these means of penetration are.这这一一原原理理说说明明计计算算机机安安全全专专家家必必须须考考虑虑所所有有可可能能的的攻攻击击方方法法。由由于于你你加加强强了了某某一一方方面面,入入侵侵者
7、者可可能能会会想想出出另另外外的的对对付付方方法法。我我们们现现在在就就说说明明这这些些攻攻击的方法是什么。击的方法是什么。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches5计算机专业英语Chapter 10 Computer and Network Security10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches10.1.2 KINDS OF SECURITY BREACHESIn security
8、, an exposure is a form of possible loss or harm in a computing system; examples of exposures are unauthorized disclosure of data, modification of data, or denial of legitimate access to computing . A vulnerability is a weakness in the security system that might be exploited to cause loss or harm. 在
9、在计计算算机机系系统统中中,暴暴露露是是一一种种使使安安全全完完全全丧丧失失或或受受到到伤伤害害的的一一种种形形式式;暴暴露露的的例例子子是是非非授授权权的的数数据据公公开开、数数据据修修改改或或拒拒绝绝合合法法的的访访问问计计算算机机。脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害。脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害。6计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHESA human who exploits a vulnerability perpe
10、trates an attack on the system. Threats to computing systems are circumstances that have the potential to cause loss or harm; human attacks are examples of threats, as are natural disasters, inadvertent human errors, and internal hardware or software flaws. Finally, a control is a protective measure
11、-an action, a device, a procedure, or a technique-that reduces a vulnerability. 人人可可利利用用脆脆弱弱性性对对系系统统进进行行罪罪恶恶的的攻攻击击。对对计计算算机机系系统统的的威威胁胁是是引引起起安安全全丧丧失失或或伤伤害害的的环环境境;人人们们的的攻攻击击是是威威胁胁的的例例子子,如如自自然然灾灾害害,人人们们非非故故意意错错误误和和硬硬件件或或软软件件缺缺陷陷等等。最最后后,控控制制是是一一种种保保护护性性措措施施控控制制可以是一种动作,一个设备,一个过程或一种技术可以是一种动作,一个设备,一个过程或一种技术
12、减少了脆弱性。减少了脆弱性。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches7计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHES The major assets of computing systems are hardware, software, and data. There are four kinds of threats to the security of a comput
13、ing system: interruption, interception, modification, and fabrication. The four threats all exploit vulnerabilities of the assets in computing systems. These four threats are shown in Fig.10-1.计计算算机机系系统统的的主主要要资资源源是是硬硬件件、软软件件和和数数据据。有有四四种种对对计计算算机机安安全全的的威威胁胁:中中断断,截截取取,篡篡改改和和伪伪造造。这这四四种种威威胁胁都都利利用用了了计计算算机
14、系统资源的脆弱性,图机系统资源的脆弱性,图10-110-1表示这四种威胁。表示这四种威胁。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches8计算机专业英语Chapter 10 Computer and Network SecurityFig.10-1 Four classes of System Security FailuresFour classes of System Security Failures9计算机专业英语Chapter 10 Computer and Network Secur
15、ity10.1.2 KINDS OF SECURITY BREACHES(1)In an interruption, an asset of the system becomes lost or unavailable or unusable. An example is malicious destruction of a hardware device, erasure of a program or data file, or failure of an operating system file manager so that it cannot find a particular d
16、isk file. (2)(2)(1)(1)在在中中断断情情况况下下,系系统统资资源源开开始始丢丢失失,不不可可用用或或不不能能用用。例例如如,蓄蓄意意破破坏坏硬硬件件设设备备,抹抹除除程程序序或或数数据据文文件件或或造造成成操操作作系统的文件管理程序故障,以致不能找到某一磁盘文件。系统的文件管理程序故障,以致不能找到某一磁盘文件。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches10计算机专业英语Chapter 10 Computer and Network Security10.1.2 KIND
17、S OF SECURITY BREACHES(2) An interception means that some unauthorized party has gained access to an asset. The outside party can be a person, a program, or a computing system. Examples of this type of failure are illicit copying of program or data files, or wiretapping to obtain data in a network.
18、While a loss may be discovered fairly quickly, a silent interceptor may leave no traces by which the interception can be readily detected. (2)(2)截截取取是是指指某某一一非非特特许许用用户户掌掌握握了了访访问问资资源源的的权权利利。外外界界用用户户可可以以是是一一个个人人、一一个个程程序序或或一一个个计计算算机机系系统统。这这种种威威胁胁的的例例子子如如程程序序或或数数据据文文件件的的非非法法拷拷贝贝,或或私私自自接接线线入入网网去去获获取取数数据据。
19、数数据据丢丢失失可可能能会会很很快快被被发发现现,但很可能截取者并不留下任何容易检测的痕迹但很可能截取者并不留下任何容易检测的痕迹。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches11计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHES(3) If an unauthorized party not only accesses but tampers with an asset, the f
20、ailure becomes a modification. For example, someone might modify the values in a database, alter a program so that it performs an additional computation, or modify data being transmitted electronically. It is even possible for hardware to be modified. Some cases of modification can be detected with
21、simple measures, while other more subtle changes may be almost impossible to detect . (3)(3)如果非授权用户不仅可以访问计算机资源,而且可以篡改资源,则威如果非授权用户不仅可以访问计算机资源,而且可以篡改资源,则威胁就成为胁就成为修改修改了。例如,某人可以修改数据库中的值,了。例如,某人可以修改数据库中的值,更换一个程序,更换一个程序,以便完成另外的计算,或修改正在传送的数据,以便完成另外的计算,或修改正在传送的数据, 甚至还甚至还 可能修改硬件。可能修改硬件。某些情况下可以用简单的测量手段检测某些情况下
22、可以用简单的测量手段检测出所做的修改,但某些微妙的出所做的修改,但某些微妙的修改是不可能检测出来的。修改是不可能检测出来的。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches12计算机专业英语Chapter 10 Computer and Network Security10.1.2 KINDS OF SECURITY BREACHES(4) Finally, an unauthorized party might fabricate counterfeit objects for a comput
23、ing system. The intruder may wish to add spurious transactions to a network communication system. or add records to an existing data base . Sometimes these additions can be detected as forgeries, but if skillfully done, they are virtually indistinguishable from the real thing. (4)(4)最最后后,非非授授权权用用户户可
24、可以以伪伪造造计计算算机机系系统统的的一一些些对对象象。入入侵侵者者妄妄图图向向网网络络通通信信系系统统加加入入一一个个假假的的事事务务处处理理业业务务,或或向向现现有有的的数数据据库库加加入入记记录录。有有时时,这这些些增增加加的的数数据据可可以以作作为为伪伪造造品品检检测测出出来来,但如果做得很巧妙,这些数据实际上无法与真正的数据分开。但如果做得很巧妙,这些数据实际上无法与真正的数据分开。10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches13计算机专业英语Chapter 10 Computer
25、and Network Security10.1 Characteristics of Computer Intrusion and Kinds of Security Breaches10.1.2 KINDS OF SECURITY BREACHESThese four classes of interference with computer activity-interruption, interception, modification, and fabrication-can describe the kinds of exposures possible2. 这这四四种种对对计计算
26、算机机工工作作的的干干扰扰中中断断,截截取取,修修改改或或伪伪造造表明了可能出现的几种威胁类型。表明了可能出现的几种威胁类型。 14计算机专业英语Chapter 10 Computer and Network Security New Words & Expressions:cryptography n. 密码学密码学encryption 加密加密 cipher n. 密码(钥),加密程序密码(钥),加密程序decrypt v. 解密解密transit 通行(过),运输通行(过),运输plaintext n. 明文明文cyphertext n. 密文密文scheme n. 计划,方案计划,方案
27、secret-key 秘钥秘钥public-key 公钥公钥symmetric adj. 对称的对称的data integrity 数据完整性数据完整性session key 会话密钥会话密钥crack v. 解开,裂开解开,裂开hacker 黑客,计算机窃贼黑客,计算机窃贼encode v. 编码编码triple-encryption 三重加密三重加密built-in 内在内在(固有固有)的,的,state-of-the-art 最新的最新的proliferate v. 增生增生,扩散扩散 10.2 Modern Cryptography- Data EncryptionAbbreviati
28、ons :DES (Data Encryption System) 数据加密系统数据加密系统DCE ( Distributed Computing Environment) 分布式计算环境分布式计算环境15计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography- Data EncryptionIf the receiver of the encrypted data wants to read the original data, the receiver must convert it back to t
29、he original through a process called decryption. Decryption is the inverse of the encryption process. In order to perform the decryption, the receiver must be in possession of a special piece of data called the key.如如果果接接收收到到加加密密数数据据的的人人要要看看原原来来的的数数据据,就就必必须须把把数数据据转转换换为为原原来来的的形形式式,这这个个过过程程称称为为解解密密。解解
30、密密是是加加密密过过程程的的逆逆过过程程。为为了了进进行行解解密密,接接收者必须有称为密钥的特殊数据。收者必须有称为密钥的特殊数据。The two main competing cryptography schemes are known as the secret-key (symmetric) system and the public-key (asymmetric) system. The secret-key system uses a single, wholly secret sequence both to encrypt and to decrypt messages. Th
31、e public-key system uses a pair of mathematically related sequences, one each for encryption and decryption 1.现现在在有有两两种种主主要要的的、相相互互竞竞争争的的密密码码术术:秘秘钥钥(对对称称)和和公公钥钥(不不对对称称)系系统统。秘秘钥钥系系统统采采用用单单一一的的绝绝密密序序列列,对对报报文文进进行行加加密密和和解解密密。公公钥钥系系统统采用一对数学上相关的序列,一个用于加密,另一个用于解密。采用一对数学上相关的序列,一个用于加密,另一个用于解密。16计算机专业英语Chapte
32、r 10 Computer and Network Security10.2 Modern Cryptography- Data EncryptionSecret-key encryptionOne of the most popular secret-key encryption schemes is IBMs Data Encryption System (DES), which became the U.S. federal standard in 1997. the standard form uses a 56-bit key to encrypt 64-bit data block
33、s.The following is a notation for relating plaintext, ciphertext, and keys. We will use C=E k (P) to mean that the encryption of the plaintext P using key k gives the ciphertext C. similarly, P=D k (C) represents of decryption of C to get the plaintext again. It then follows that D k ( E k (P)=P密钥加密
34、密钥加密IBMIBM的的数数据据加加密密系系统统( (DES)DES)是是最最流流行行的的密密钥钥加加密密方方案案之之一一。19771977年年,该该方方案案成成为美国联邦标准。该标准形式采用为美国联邦标准。该标准形式采用5656位的密钥对位的密钥对6464位的数据块进行加密。位的数据块进行加密。下下面面是是有有关关明明文文、密密文文和和密密钥钥关关系系的的表表示示法法。我我们们用用C=EC=E k k (P)(P)表表示示用用密密钥钥K K对对明明文文P P加加密密,得得到到密密文文C C。类类似似的的,P=DP=D k k (C)(C)代代表表对对C C解解密密得得到到明明文文。因因而而遵
35、循:遵循:D D k k (E(E k k (P)=P (P)=P17计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography- Data EncryptionDES has been studied by many of the worlds leading cryptographers, but no weaknesses have been uncovered. To crack a DES-encrypted message a hacker or commercial spy would need
36、to try 255 possible keys. This type of search would need days of computer time on the worlds fastest supercomputers. Even then, the message may not be cracked if the plaintext is not easily understood 2.为为了了打打开开一一个个DESDES加加密密的的报报文文,黑黑客客或或商商业业间间谍谍需需要要试试验验255255种种可可能能的的密密钥钥,这这种种搜搜索索在在世世界界上上最最快快的的巨巨型型机
37、机上上也也需需好好几几天天的的计计算算机机时时间间。如如果果未未加加密密的的“明明文文”是是不不易易理理解解的的,即即使使算算出出报报文文也也可能解不开。可能解不开。18计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography- Data EncryptionDevelopers using DES can improve security by changing the keys frequently, using temporary session keys, or using triple-encryp
38、tion DES. With triple DES, each 64-bit block is encrypted under three different DES keys. Recent research has confirmed that triple-DES is indeed more secure than single-DES. The User Data Masking Encryption Facility is an export-grade algorithm substituted for DES in several IBM products, such as t
39、he Distributed Computing Environment (DCE) 3.使使用用DESDES的的开开发发人人员员可可以以通通过过频频繁繁更更改改密密钥钥,使使用用临临时时的的会会话话密密钥钥或或使使用用三三重重加加密密DESDES来来提提高高安安全全性性。使使用用三三重重DESDES时时,每每个个6464位位数数据据块块用用三三种种不不同同的的DESDES密密钥钥加加密密。最最新新研研究究已已确确认认三三重重DESDES确实比单重确实比单重DESDES更安全。更安全。19计算机专业英语Chapter 10 Computer and Network Security10.2 M
40、odern Cryptography- Data EncryptionPublic-key encryptionThe key distribution problem has always been the weak link in the secret-key systems. Since the encryption key and decryption key are the same( or easily derived from one another) and the key has to be distributed to all users of the system, it
41、 seemd as if there was an inherent built-in problem: keys had to be protected from theft, but they also had to be distributed, so they could not just be locked up in a bank vault.公钥加密公钥加密密密钥钥的的分分布布问问题题在在秘秘钥钥系系统统中中一一直直是是一一个个薄薄弱弱环环节节。因因为为加加密密密密钥钥和和解解密密密密钥钥是是相相同同的的(或或彼彼此此容容易易推推出出来来)并并且且这这个个密密钥钥必必须须分分配配
42、给给该该秘秘钥钥系系统统的的所所有有用用户户,这这好好像像是是存存在在一一个个固固有有的的内内部部问问题题,必必须须保保护护密密钥钥不不被被偷偷窃窃,但但又又必必须须分分布布出出去去,所所以以它们不可能只是锁在银行的地下室里。它们不可能只是锁在银行的地下室里。20计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography- Data EncryptionEncryption can be used to protect data in transit as well as data in storage. So
43、me vendors provide hardware encryption devices that can be used to encrypt and decrypt data. There are also software encryption packages which are available either commercially or as free software.加加密密可可以以用用来来保保护护传传输输中中的的数数据据和和存存储储器器中中的的数数据据。一一些些厂厂家家提提供供硬硬件件加加密密设设备备,用用来来加加密密和和解解密密数数据据。也也可可买买到到软软件件加加
44、密密程程序序包或作为自由软件免费获得。包或作为自由软件免费获得。Encryption can be defined as the process of tasking information that exists in some readable form (plaintext) and converting it into a form (ciphertext) so that it cannot be understood by others. 加加密密可可以以定定义义为为把把现现有有的的、以以某某种种可可读读形形式式(明明文文)的的信信息息转转换换成其他人不能理解的形式(密文)的过程。
45、成其他人不能理解的形式(密文)的过程。21计算机专业英语Chapter 10 Computer and Network Security10.2 Modern Cryptography- Data EncryptionIn public key cryptosystem, the encryption and decryption keys were different, and plaintext encrypted with the public key can only be deciphered with the private key from the same pair. Conv
46、ersely, plaintext encrypted with the private key can be decrypted only with the public key4 ( it is used in electronic signatures). The notations for these are as follows.C=E k (P) , P=D k1(C)=D k1 (E k (P) orC=D k1 (P), P=E k (C)=E k (D k1 (P)在在公公钥钥秘秘钥钥系系统统中中,加加密密和和解解密密密密钥钥是是不不同同的的。并并且且用用公公开开密密钥钥加加
47、密密的的明明文文只只能能用用同同一一对对密密钥钥中中的的秘秘密密密密钥钥解解密密。相相反反,用用私私有有密密钥钥加加密密的的明明文文只只能能用用公公开开密密钥钥解解密密(它用于电子签名)。这些关系的表示法如下:(它用于电子签名)。这些关系的表示法如下:( (见上式)见上式)Here k is a public key and k1 is private key( or secret key). Users can make their public keys freely available or place them at a key distribution center for othe
48、rs to access. However, the private key must be kept safe. In public-key systems there is no need to find a safe channel for communicating a shared secret key.这这里里K K是是公公开开密密钥钥,K1K1是是私私有有密密钥钥(或或秘秘密密密密钥钥)。用用户户可可以以让让他他们们的的公公开开密密钥钥自自由由地地使使用用,或或把把它它们们放放在在密密钥钥分分配配中中心心供供其其他他人人存存取取。然然而而,私私有有密密钥钥必必须须安安全全的的保存
49、。在公开密钥系统,无需找一条传送共享的私有密钥的安全通道。保存。在公开密钥系统,无需找一条传送共享的私有密钥的安全通道。22计算机专业英语Chapter 10 Computer and Network Security10.3 How Firewalls WorkNew Words & Expressions firewall n. 防火墙防火墙 offensive adj. 无理的,攻击性的无理的,攻击性的hacker n. 黑客黑客 filter v. 过滤,滤过,渗入过滤,滤过,渗入private 私有的,秘密地私有的,秘密地 packet n. 小包,信息包小包,信息包employee
50、 n. 职员,雇工职员,雇工telnet n. 远程登录远程登录traffic n. 流量流量 proxy n. 代理代理retrieve v, 检索检索match n.比较,匹配,符合比较,匹配,符合customizable 可定制的可定制的 block n. 妨碍,阻碍妨碍,阻碍port n. 端口端口 bug n. 故障,(程序)错误故障,(程序)错误unsolicited adj.主动提供的主动提供的 junk n.垃圾,无用数据垃圾,无用数据spam n. 垃圾邮件垃圾邮件 counter v. 还击,驳回还击,驳回session n. 会话会话 inundate v. 淹没淹没ma
51、cro 计计宏指令,宏功能宏指令,宏功能 viruse n. 病毒病毒23计算机专业英语Chapter 10 Computer and Network Security10.3 How Firewalls WorkAbbreviations HTTP (Hypertext Transfer Protocol) 超文本传输协议超文本传输协议FTP (File Transfer Protocol) 文件传输协议文件传输协议SMTP (Simple Mail Transfer Protocol) 简单邮件传送协议简单邮件传送协议ICMP (Internet Control Message Proto
52、col) 网际控制报文协议网际控制报文协议 A small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers. 一一个个小小型型家家庭庭网网有有着着与与大大公公司司的的网网络络相相同同的的安安全全问问题题。防防火火墙墙可可以以保保护你的家庭网和家庭免遭恶意
53、网站和潜在黑客的攻击。护你的家庭网和家庭免遭恶意网站和潜在黑客的攻击。 24计算机专业英语Chapter 10 Computer and Network Security10.3 How Firewalls Work Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, thats why its called a firewall. Its job is similar to a physical firewall that keeps a fire fr
54、om spreading from one area to the next. 实实质质上上,防防火火墙墙就就是是一一个个屏屏障障,保保护护私私有有财财产产不不受受破破坏坏。事事实实上上,这这就就是是它它被被称称为为防防火火墙墙的的原原因因。它它的的作作用用类类似似于于一一堵堵防防止止火火灾灾从从一一处处蔓蔓延延到到另一处的实实在在的防火墙。另一处的实实在在的防火墙。What it does A firewall is simply a program or hardware device that filters the information coming through the Inte
55、rnet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.防火墙做什么防火墙做什么 一一个个防防火火墙墙就就是是一一个个程程序序或或者者一一台台硬硬件件设设备备,用用于于过过滤滤通通过过InternetInternet连连接接进进入入你你的的专专用用网网或或计计算算机机系系统统中中的的信信息息。如如果果一一个个输输入入的的信信息息包包被被过过滤滤器器做
56、了标记,它就不允许通过。做了标记,它就不允许通过。25计算机专业英语Chapter 10 Computer and Network Security10.3 How Firewalls WorkFirewalls use one or more of three methods to control traffic flowing in and out of the network:(1) Packet filtering: Packets (small chunks of data) are analyzed against a set of filters. Packets that ma
57、ke it through the filters are sent to the requesting system and all others are discarded.(2) Proxy service: Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.防火墙使用下列三种方法之一或几种来控制进出网络的通信:防火墙使用下列三种方法之一或几种来控制进出网络的通信:(1 1)数数据据包包过过滤滤:数数据据包包(小小
58、块块数数据据)由由一一组组过过滤滤器器进进行行分分析析。能能通通过过过滤器的数据包被发送到发出请求的系统,其它的被丢弃。过滤器的数据包被发送到发出请求的系统,其它的被丢弃。(2 2)代代理理服服务务:来来自自InternetInternet的的信信息息通通过过防防火火墙墙进进行行检检索索,然然后后发发送送到到提出请求的系统,反之亦然。提出请求的系统,反之亦然。26计算机专业英语Chapter 10 Computer and Network Security(3) Stateful inspection: A newer method that doesnt examine the conten
59、ts of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the compar
60、ison yields a reasonable match, the information is allowed through. Otherwise it is discarded.(3 3)状状态态检检查查:一一种种更更新新的的方方法法,并并不不检检查查每每个个数数据据包包的的内内容容,而而是是将将数数据据包包的的某某个个关关键键部部分分与与一一个个可可信信的的信信息息数数据据库库比比较较。从从防防火火墙墙内内部部传传输输到到外外部部的的信信息息可可根根据据特特别别规规定定的的特特性性进进行行监监控控,然然后后将将输输入入信信息息与与这这些些特特性性相相比比较较,若若生生成成一一个个合
61、合理理的的匹匹配配,则则信信息息允允许许通通过过,否否则则就就丢丢弃。弃。10.3 How Firewalls Work27计算机专业英语Chapter 10 Computer and Network SecurityThe level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that
62、 defeats the purpose of having an Internet connection. But a common rule of thumb3 is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get thr
63、ough. For most of us, it is probably better to work with the defaults provides by the firewall developer unless there is a specific reason to change it.你你所所设设定定的的安安全全级级别别将将决决定定这这些些威威胁胁有有多多少少能能够够被被你你的的防防火火墙墙所所阻阻止止。最最高高安安全全级级别别就就是是阻阻断断一一切切。很很显显然然,这这就就失失去去了了进进行行InternetInternet连连接接的的意意义义。但但通通常常的的经经验验做做
64、法法是是阻阻断断一一切切,然然后后,开开始始选选择择你你将将允允许许什什么么类类型型的的通通信信。你你还还可可以以限限制制通通过过防防火火墙墙的的通通信信,以以便便只只有有几几种种信信息息通通过过,如如电电子子邮邮件件。对对我我们们大大多多数数人人来来说说,除除非非有有特特殊殊的的理理由由要要改改变变它它,否否则则最最好好在在防防火火墙墙开开发商提供的默认条件下工作。发商提供的默认条件下工作。10.3 How Firewalls Work28计算机专业英语Chapter 10 Computer and Network SecurityOne of the best things about a
65、 firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal4 for businesses, most home networks will probably not be threatened in this manner.从从安安全全的的角角度度来来看看,防防火火墙墙的的一一个个优优点点就就是是它它能能阻阻止止任任何何外外来来人人登登录录到到专
66、专用用网网中中的的一一台台计计算算机机上上,这这对对企企业业很很重重要要,大大多多数数家家庭庭网网在在这种方式下可以不受威胁。这种方式下可以不受威胁。10.3 How Firewalls Work29计算机专业英语Chapter 10 Computer and Network Security学学术术文文章章的的标标题题主主要要有有三三种种结结构构:名名词词性性词词组组( (包包括括动动名名词词) ),介介词词词词组组,名名词词词词组组+ +介介词词词词组组。间间或或也也用用一一个个疑疑问问句句作作标标题题( (多多用用在在人人文文社社会会科科学学领领域域) ),但一般不用陈述句或动词词组作标
67、题。,但一般不用陈述句或动词词组作标题。一、名词性词组一、名词性词组名名词词性性词词组组由由名名词词及及其其修修饰饰语语构构成成。名名词词的的修修饰饰语语可可以以是是形形容容词词、介介词词短短语语,有有时时也也可可以以是是另另一一个个名名词词。名名词词修修饰饰名名词词时时,往往往往可可以以缩缩短短标标题题的的长长度。以下各标题分别由两个名词词组构成。例如:度。以下各标题分别由两个名词词组构成。例如:Latent demand and the browsing shopper (名词词组名词词组+名词词组名词词组)Cost and productivity (名词名词+名词名词)科技论文标题的写
68、法科技论文标题的写法 30计算机专业英语Chapter 10 Computer and Network Security科技论文标题的写法科技论文标题的写法二、介词词组二、介词词组介介词词词词组组由由介介词词十十名名词词或或名名词词词词组组构构成成。如如果果整整个个标标题题就就是是一一个个介介词词词词组的话,一般这个介词是组的话,一般这个介词是“onon”,意思是意思是“对对的研究的研究”。例如:。例如:From Knowledge Engineering to Knowledge Management(介介词词组词词组+介词词组介词词组)On the correlation between
69、working memory capacity and performance on intelligence tests31计算机专业英语Chapter 10 Computer and Network Security科技论文标题的写法科技论文标题的写法三、名词三、名词/名词词组名词词组+介词词组介词词组这是标题中用得最多的结构。例如:这是标题中用得最多的结构。例如:Simulation of Controlled Financial Statements Simulation of Controlled Financial Statements (名词名词+介词词组介词词组)The The
70、 impact impact of of internal internal marketing marketing activities activities on on external external marketing marketing outcomes (outcomes (名词名词+介词词组介词词组+介词词组介词词组) )Diversity in the Future Work Force (名词名词+介词词组介词词组)Models of Sustaining Human and Natural Development (名词名词+介词词组介词词组) 标标题题中中的的介介词词词
71、词组组一一般般用用来来修修饰饰名名词词或或名名词词词词组组,从从而而限限定定某某研研究究课课题题的的范范围围。这这种种结结构构与与中中文文的的“的的”字字结结构构相相似似,区区别别是是中中文文标标题题中中修修饰饰语语在在前前,中中心心词词在在后后。英英文文正正好好相相反反,名名词词在在前前,而而作作为为修修饰饰语语的的介介词词短短语语在在后。例如:后。例如:Progress on Fuel Cell and its Materials (燃料电池及其材料进展燃料电池及其材料进展)32计算机专业英语Chapter 10 Computer and Network Security科技论文标题的写法
72、科技论文标题的写法四、其他形式四、其他形式对对于于值值得得争争议议的的问问题题,偶偶尔尔可可用用疑疑问问句句作作为为论论文文的的标标题题,以以点点明明整整个个论论文文讨论的焦点。例如讨论的焦点。例如:Is B2B e-commerce ready for prime time?Can ERP Meet Your eBusiness Needs?33计算机专业英语Chapter 10 Computer and Network Security科技论文标题的写法科技论文标题的写法有有的的标标题题由由两两部部分分组组成成,用用冒冒号号(:)隔隔开开。一一般般来来说说,冒冒号号前前面面一一部部分分是是
73、研研究究的的对对象象、内内容容或或课课题题,比比较较笼笼统统,冒冒号号后后面面具具体体说说明明研研究究重重点点或或研研究究方方法。这种结构可再分为三种模式。法。这种结构可再分为三种模式。模式模式1 研究课题:具体内容。例如研究课题:具体内容。例如:Microelectronic Assembly and Packaging Technology:Barriers and NeedsThe Computer Dictionary Project: an update模式模式2 研究课题:方法性质。例如研究课题:方法性质。例如:B2B E-Commerce: A Quick IntroductionThe Use of Technology in Higher Education Programs: a National Survey模式模式 3 研究课题:问题焦点。例如研究课题:问题焦点。例如:Caring about connections: gender and computing34计算机专业英语
