計(jì)算機(jī)外文翻譯--淺析網(wǎng)絡(luò)安全的技術(shù)

1、<p>　　江西理工大學(xué)應(yīng)用科學(xué)學(xué)院</p><p>　　畢業(yè)設(shè)計(jì)(論文)外文資料翻譯</p><p>　　系 ： 信息工程系 </p><p>　　專 業(yè)： 網(wǎng)絡(luò)工程 </p><p>　　班 級： 081 </p&g

2、t;<p>　　姓 名： </p><p>　　學(xué) 號： </p><p>　　附 件： 1.外文資料翻譯譯文；2.外文原文。 </p><p>　　注：請將該封面與附件裝訂成冊。</p><p>　　附件1 外文資料翻

3、譯譯文：</p><p><b>　　淺析網(wǎng)絡(luò)安全的技術(shù)</b></p><p>　　過去兩個(gè)世紀(jì)中，工業(yè)技術(shù)代表了一個(gè)國家的軍事實(shí)力和經(jīng)濟(jì)實(shí)力。飛速發(fā)展的今天，對信息技術(shù)的掌握是在二十一世紀(jì)增強(qiáng)綜合國力的關(guān)鍵。</p><p>　　隨著計(jì)算機(jī)技術(shù)的發(fā)展，在計(jì)算機(jī)上處理業(yè)務(wù)已由基于單機(jī)的數(shù)學(xué)運(yùn)算、文件處理，基于簡單連結(jié)的內(nèi)部網(wǎng)絡(luò)的內(nèi)部業(yè)務(wù)處理、

4、辦公自動(dòng)化等發(fā)展到基于企業(yè)復(fù)雜的內(nèi)部網(wǎng)、企業(yè)外部網(wǎng)?、全球互聯(lián)網(wǎng)的企業(yè)級計(jì)算機(jī)處理系統(tǒng)和世界范圍內(nèi)的信息共享和業(yè)務(wù)處理。在信息處理能力提高的同時(shí)，系統(tǒng)的連結(jié)能力也在不斷的提高。但在連結(jié)信息能力、流通能力提高的同時(shí)，基于網(wǎng)絡(luò)連接的安全問題也日益突出。本文主要從以下幾個(gè)方面進(jìn)行探討：</p><p>　　網(wǎng)絡(luò)在開放的同時(shí)存在的安全問題</p><p>　　Internet的開放性以及其他方面因

5、素導(dǎo)致了網(wǎng)絡(luò)環(huán)境下的計(jì)算機(jī)系統(tǒng)存在很多安全問題。為了解決這些安全問題，各種安全機(jī)制、策略和工具被研究和應(yīng)用。然而，即使在使用了現(xiàn)有的安全工具和機(jī)制的情況下，網(wǎng)絡(luò)的安全仍然存在很大隱患，這些安全隱患主要可以歸結(jié)為以下幾點(diǎn)：</p><p><b>　　安全機(jī)制的局限</b></p><p>　　每一種安全機(jī)制都有一定的應(yīng)用范圍和應(yīng)用環(huán)境。防火墻是一種有效的安全工具，它可

6、以隱蔽內(nèi)部網(wǎng)絡(luò)結(jié)構(gòu)，限制外部網(wǎng)絡(luò)到內(nèi)部網(wǎng)絡(luò)的訪問。但是對于內(nèi)部網(wǎng)絡(luò)之間的訪問，防火墻往往是無能為力的。因此，對于內(nèi)部網(wǎng)絡(luò)到內(nèi)部網(wǎng)絡(luò)之間的入侵行為和內(nèi)外勾結(jié)的入侵行為，防火墻是很難發(fā)覺和防范的。</p><p><b>　　安全管理機(jī)制的建立</b></p><p>　　常用的安全管理機(jī)制有：口令管理;各種密鑰的生成、分發(fā)與管理;全網(wǎng)統(tǒng)一的管理員身份鑒別與授權(quán);建立全系

7、統(tǒng)的安全評估體系;建立安全審計(jì)制度;建立系統(tǒng)及數(shù)據(jù)的備份制度;建立安全事件/安全報(bào)警反應(yīng)機(jī)制和處理預(yù)案;建立專門的安全問題小組和快速響應(yīng)體系的運(yùn)作等。</p><p>　　為了增強(qiáng)系統(tǒng)的防災(zāi)救災(zāi)能力,還應(yīng)制定災(zāi)難性事故的應(yīng)急計(jì)劃,如緊急行動(dòng)方案,資源(硬件,軟件,數(shù)據(jù)等)備份及操作計(jì)劃,系統(tǒng)恢復(fù)和檢測方法等。</p><p><b>　　安全工具的影響</b><

8、/p><p>　　安全工具的使用效果受到人為因素的影響。一個(gè)安全工具能不能實(shí)現(xiàn)期望的效果，在很大程度上取決于使用者，包括系統(tǒng)管理者和普通用戶，不正當(dāng)?shù)氖褂镁蜁?huì)產(chǎn)生不安全因素。例如，NT在進(jìn)行合理的設(shè)置后可以達(dá)到C2級的安全性，但很少有人能夠?qū)T本身的安全策略進(jìn)行合理的設(shè)置。雖然在這方面，可以通過靜態(tài)掃描工具來檢測系統(tǒng)是否進(jìn)行了合理的設(shè)置，但是這些掃描工具基本上也只是基于一種缺省的系統(tǒng)安全策略進(jìn)行比較，針對具體的應(yīng)用

9、環(huán)境和專門的應(yīng)用需求就很難判斷設(shè)置的正確性。</p><p>　　系統(tǒng)在安全方面的問題</p><p>　　系統(tǒng)的后門是傳統(tǒng)安全工具難于考慮到的地方。防火墻很難考慮到這類安全問題，多數(shù)情況下，這類入侵行為可以堂而皇之經(jīng)過防火墻而很難被察覺；比如說，眾所周知的ASP源碼問題，這個(gè)問題在IIS服務(wù)器4.0以前一直存在，它是IIS服務(wù)的設(shè)計(jì)者留下的一個(gè)后門，任何人都可以使用瀏覽器從網(wǎng)絡(luò)上方便地調(diào)

10、出ASP程序的源碼，從而可以收集系統(tǒng)信息，進(jìn)而對系統(tǒng)進(jìn)行攻擊。對于這類入侵行為，防火墻是無法察覺的，因?yàn)閷τ诜阑饓碚f，該入侵行為的訪問過程和正常的Web訪問是相似的，唯一區(qū)別是入侵訪問在請求鏈接中多加了一個(gè)后綴。</p><p>　　只要有程序，就可能存在BUG</p><p>　　只要有程序，就可能存在BUG。甚至連安全工具本身也可能存在安全的漏洞。幾乎每天都有新的BUG被發(fā)現(xiàn)和公布出

11、來，程序設(shè)計(jì)者在修改已知的BUG的同時(shí)又可能使它產(chǎn)生了新的BUG。系統(tǒng)的BUG經(jīng)常被黑客利用，而且這種攻擊通常不會(huì)產(chǎn)生日志，幾乎無據(jù)可查。比如說現(xiàn)在很多程序都存在內(nèi)存溢出的BUG，而安全工具對于利用這些BUG的攻擊幾乎無法防范。</p><p><b>　　黑客攻擊的力度</b></p><p>　　幾乎每天都有不同系統(tǒng)安全問題出現(xiàn)。黑客的攻擊手段在不斷地更新，而安全

12、工具的更新速度遠(yuǎn)遠(yuǎn)落后于攻擊手段的更新速度，絕大多數(shù)情況需要人為的參與才能發(fā)現(xiàn)以前未知的安全問題，這就使得它們對新出現(xiàn)的安全問題總是反應(yīng)太慢。當(dāng)安全工具剛發(fā)現(xiàn)并努力更正某方面的安全問題時(shí)，其他的安全問題又出現(xiàn)了。因此，黑客總是可以使用先進(jìn)的、安全工具無法發(fā)現(xiàn)的手段進(jìn)行攻擊。</p><p>　　網(wǎng)絡(luò)系統(tǒng)的漏洞，導(dǎo)致黑客在網(wǎng)上任意暢行</p><p>　　根據(jù)Warroon?Research

13、的調(diào)查，1997年世界排名前一千的公司幾乎都曾被黑客闖入。</p><p>　　據(jù)美國FBI統(tǒng)計(jì)，美國每年因網(wǎng)絡(luò)安全造成的損失高達(dá)75億美元。</p><p>　　Ernst和Young報(bào)告，由于信息安全被竊或?yàn)E用，幾乎80%的大型企業(yè)遭受損失</p><p>　　在最近一次黑客大規(guī)模的攻擊行動(dòng)中，雅虎網(wǎng)站的網(wǎng)絡(luò)停止運(yùn)行3小時(shí)，令其損失了幾百萬美金的交易。而據(jù)統(tǒng)計(jì)在

14、這整個(gè)行動(dòng)中美國經(jīng)濟(jì)共損失了十多億美金。由于業(yè)界人心惶惶，亞馬遜(Amazon.com)、AOL、雅虎(Yahoo!)、eBay的股價(jià)均告下挫，以科技股為主的那斯達(dá)克指數(shù)(Nasdaq)打破過去連續(xù)三天創(chuàng)下新高的升勢，下挫了六十三點(diǎn)，杜瓊斯工業(yè)平均指數(shù)周三收市時(shí)也跌了二百五十八點(diǎn)?？吹竭@些令人震驚的事件，不禁讓人們發(fā)出疑問：“網(wǎng)絡(luò)還安全嗎？”</p><p>　　據(jù)不完全統(tǒng)計(jì)，目前，我國網(wǎng)站所受到黑客的攻擊，雖然

15、還不能與美國的情況相提并論，但是我國的用戶數(shù)目、用戶規(guī)模已經(jīng)達(dá)到了突飛猛進(jìn)的階段，以下事實(shí)也不能不讓我們深思：</p><p>　　1993年底，中科院高能所就發(fā)現(xiàn)有“黑客”侵入現(xiàn)象，某用戶的權(quán)限被升級為超級權(quán)限，當(dāng)系統(tǒng)管理員跟蹤時(shí)，被其報(bào)復(fù)。</p><p>　　1994年，美國一位14歲的小孩通過互聯(lián)網(wǎng)闖入中科院網(wǎng)絡(luò)中心和清華的主機(jī)，并向我方系統(tǒng)管理員提出警告。</p>

16、<p>　　1996年，高能所再次遭到“黑客”入侵，私自在高能所主機(jī)上建立了幾十個(gè)帳戶，經(jīng)追蹤發(fā)現(xiàn)是國內(nèi)某撥號上網(wǎng)的用戶。</p><p>　　同期，國內(nèi)某ISP發(fā)現(xiàn)“黑客”侵入其主服務(wù)器并刪改其帳號管理文件，造成數(shù)百人無法正常使用。</p><p>　　1997年，中科院網(wǎng)絡(luò)中心的主頁面被“黑客”用魔鬼圖替換。</p><p>　　進(jìn)入1998年，黑客入

17、侵活動(dòng)日益猖獗，國內(nèi)各大網(wǎng)絡(luò)幾乎都不同程度地遭到黑客的攻擊：</p><p>　　2月，廣州視聆通被黑客多次入侵，造成4小時(shí)的系統(tǒng)失控；</p><p>　　4月，貴州信息港被黑客入侵，主頁被一幅淫穢圖片替換；</p><p>　　5月，大連ChinaNET節(jié)點(diǎn)被入侵，用戶口令被盜；</p><p>　　6月，上海熱線被侵入，多臺服務(wù)器的管理

18、員口令被盜，數(shù)百個(gè)用戶和工作人員的賬號和密碼被竊?。?lt;/p><p>　　7月，江西169網(wǎng)被黑客攻擊，造成該網(wǎng)3天內(nèi)中斷網(wǎng)絡(luò)運(yùn)行2次達(dá)30個(gè)小時(shí)，工程驗(yàn)收推遲20天；同期，上海某證券系統(tǒng)被黑客入侵；</p><p>　　8月，印尼事件激起中國黑客集體入侵印尼網(wǎng)點(diǎn)，造成印尼多個(gè)網(wǎng)站癱瘓，但與此同時(shí)，中國的部分站點(diǎn)遭到印尼黑客的報(bào)復(fù)；同期，西安某銀行系統(tǒng)被黑客入侵后，提走80.6萬元現(xiàn)金。&

19、lt;/p><p>　　9月，揚(yáng)州某銀行被黑客攻擊，利用虛存帳號提走26萬元現(xiàn)金。</p><p>　　10月，福建省圖書館主頁被黑客替換。</p><p>　　2007年6月18歲少年黑客攻擊兩千家網(wǎng)站，只為炫耀水平。</p><p>　　2008年5月陜西省地震局網(wǎng)站遭黑客短時(shí)攻擊，并在網(wǎng)站首頁惡意發(fā)布“網(wǎng)站出現(xiàn)重大安全漏洞”的虛假信息。&l

20、t;/p><p>　　2008年9月北大網(wǎng)站遭黑客攻擊，假冒校長抨擊大學(xué)教育。</p><p><b>　　網(wǎng)絡(luò)安全體系的探討</b></p><p>　　現(xiàn)階段為保證網(wǎng)絡(luò)正常工作常用的方法如下：</p><p><b>　　網(wǎng)絡(luò)病毒的防范</b></p><p>　　在網(wǎng)絡(luò)環(huán)境

21、下，病毒傳播擴(kuò)散快，僅用單機(jī)防病毒產(chǎn)品已經(jīng)很難徹底清除網(wǎng)絡(luò)病毒，必須有適合于局域網(wǎng)的全方位防病毒產(chǎn)品。校園網(wǎng)絡(luò)是內(nèi)部局域網(wǎng)，就需要一個(gè)基于服務(wù)器操作系統(tǒng)平臺的防病毒軟件和針對各種桌面操作系統(tǒng)的防病毒軟件。如果與互聯(lián)網(wǎng)相連，就需要網(wǎng)關(guān)的防病毒軟件，加強(qiáng)上網(wǎng)計(jì)算機(jī)的安全。如果在網(wǎng)絡(luò)內(nèi)部使用電子郵件進(jìn)行信息交換，還需要一套基于郵件服務(wù)器平臺的郵件防病毒軟件，識別出隱藏在電子郵件和附件中的病毒。所以最好使用全方位的防病毒產(chǎn)品，針對網(wǎng)絡(luò)中所有可能

22、的病毒攻擊點(diǎn)設(shè)置對應(yīng)的防病毒軟件，通過全方位、多層次的防病毒系統(tǒng)的配置，通過定期或不定期的自動(dòng)升級，使網(wǎng)絡(luò)免受病毒的侵襲。</p><p><b>　　運(yùn)用防火墻</b></p><p>　　利用防火墻，在網(wǎng)絡(luò)通訊時(shí)執(zhí)行一種訪問控制尺度，允許防火墻同意訪問的人與數(shù)據(jù)進(jìn)入自己的內(nèi)部網(wǎng)絡(luò)，同時(shí)將不允許的用戶與數(shù)據(jù)拒之門外，最大限度地阻止網(wǎng)絡(luò)中的黑客來訪問自己的網(wǎng)絡(luò)，防止他

23、們隨意更改、移動(dòng)甚至刪除網(wǎng)絡(luò)上的重要信息。防火墻是一種行之有效且應(yīng)用廣泛的網(wǎng)絡(luò)安全機(jī)制，防止Internet上的不安全因素蔓延到局域網(wǎng)內(nèi)部，所以，防火墻是網(wǎng)絡(luò)安全的重要一環(huán)。雖然防火墻是目前保護(hù)網(wǎng)絡(luò)免遭黑客襲擊的有效手段，但也有明顯不足：無法防范通過防火墻以外的其它途徑的攻擊，不能防止來自內(nèi)部變節(jié)者和不經(jīng)心的用戶們帶來的威脅，也不能完全防止傳送已感染病毒的軟件或文件，以及無法防范數(shù)據(jù)驅(qū)動(dòng)型的攻擊。</p><p>

24、;<b>　　采用入侵檢測系統(tǒng)</b></p><p>　　入侵檢測技術(shù)是為保證計(jì)算機(jī)系統(tǒng)的安全而設(shè)計(jì)與配置的一種能夠及時(shí)發(fā)現(xiàn)并報(bào)告系統(tǒng)中未授權(quán)或異?，F(xiàn)象的技術(shù)，是一種用于檢測計(jì)算機(jī)網(wǎng)絡(luò)中違反安全策略行為的技術(shù)。在入侵檢測系統(tǒng)中利用審計(jì)記錄，入侵檢測系統(tǒng)能夠識別出任何不希望有的活動(dòng)，從而達(dá)到限制這些活動(dòng)，以保護(hù)系統(tǒng)的安全。在校園網(wǎng)絡(luò)中采用入侵檢測技術(shù)，最好采用混合入侵檢測，在網(wǎng)絡(luò)中同時(shí)采用基

25、于網(wǎng)絡(luò)和基于主機(jī)的入侵檢測系統(tǒng)，則會(huì)構(gòu)架成一套完整立體的主動(dòng)防御體系。</p><p>　　Web、Email、BBS的安全監(jiān)測系統(tǒng)</p><p>　　在網(wǎng)絡(luò)的www服務(wù)器、Email服務(wù)器等中使用網(wǎng)絡(luò)安全監(jiān)測系統(tǒng)，實(shí)時(shí)跟蹤、監(jiān)視網(wǎng)絡(luò)，截獲Internet網(wǎng)上傳輸?shù)膬?nèi)容，并將其還原成完整的www、Email、FTP、Telnet應(yīng)用的內(nèi)容，建立保存相應(yīng)記錄的數(shù)據(jù)庫。及時(shí)發(fā)現(xiàn)在網(wǎng)絡(luò)上傳輸?shù)?/p>

26、非法內(nèi)容，及時(shí)向上級安全網(wǎng)管中心報(bào)告，采取措施。</p><p><b>　　漏洞掃描系統(tǒng)</b></p><p>　　解決網(wǎng)絡(luò)層安全問題，首先要清楚網(wǎng)絡(luò)中存在哪些安全隱患、脆弱點(diǎn)。面對大型網(wǎng)絡(luò)的復(fù)雜性和不斷變化的情況，僅僅依靠網(wǎng)絡(luò)管理員的技術(shù)和經(jīng)驗(yàn)尋找安全漏洞、做出風(fēng)險(xiǎn)評估，顯然是不現(xiàn)實(shí)的。解決的方案是，尋找一種能查找網(wǎng)絡(luò)安全漏洞、評估并提出修改建議的網(wǎng)絡(luò)安全掃描工

27、具，利用優(yōu)化系統(tǒng)配置和打補(bǔ)丁等各種方式最大可能地彌補(bǔ)最新的安全漏洞和消除安全隱患。在要求安全程度不高的情況下，可以利用各種黑客工具，對網(wǎng)絡(luò)模擬攻擊從而暴露出網(wǎng)絡(luò)的漏洞。</p><p>　　IP盜用問題的解決，在路由器上捆綁IP和MAC地址</p><p>　　當(dāng)某個(gè)IP通過路由器訪問Internet時(shí)，路由器要檢查發(fā)出這個(gè)IP廣播包的工作站的MAC是否與路由器上的MAC地址表相符，如果相

28、符就放行。否則不允許通過路由器，同時(shí)給發(fā)出這個(gè)IP廣播包的工作站返回一個(gè)警告信息。</p><p>　　利用網(wǎng)絡(luò)監(jiān)聽維護(hù)子網(wǎng)系統(tǒng)安全</p><p>　　對于網(wǎng)絡(luò)外部的入侵可以通過安裝防火墻來解決，但是對于網(wǎng)絡(luò)內(nèi)部的侵襲則無能為力。在這種情況下，我們可以采用對各個(gè)子網(wǎng)做一個(gè)具有一定功能的審計(jì)文件，為管理人員分析自己的網(wǎng)絡(luò)運(yùn)作狀態(tài)提供依據(jù)。設(shè)計(jì)一個(gè)子網(wǎng)專用的監(jiān)聽程序。該軟件的主要功能為長期監(jiān)

29、聽子網(wǎng)絡(luò)內(nèi)計(jì)算機(jī)間相互聯(lián)系的情況，為系統(tǒng)中各個(gè)服務(wù)器的審計(jì)文件提供備份。</p><p>　　總之，網(wǎng)絡(luò)安全是一個(gè)系統(tǒng)的工程，不能僅僅依靠防火墻等單個(gè)的系統(tǒng)，而需要仔細(xì)考慮系統(tǒng)的安全需求，并將各種安全技術(shù)，如密碼技術(shù)等結(jié)合在?一起，才能生成一個(gè)高效、通用、安全的網(wǎng)絡(luò)系統(tǒng)。我國信息網(wǎng)絡(luò)安全技術(shù)的研究和產(chǎn)品開發(fā)仍處于起步階段，仍有大量的工作需要我們?nèi)パ芯俊㈤_發(fā)和探索，以走出有中國特色的產(chǎn)學(xué)研聯(lián)合發(fā)展之路，趕上或超過發(fā)

30、達(dá)國家的水平，以此保證我國信息網(wǎng)絡(luò)的安全，推動(dòng)我國國民經(jīng)濟(jì)的高速發(fā)展。</p><p><b>　　參 考 文 獻(xiàn)</b></p><p>　　[1]盧開澄：《計(jì)算機(jī)密碼學(xué)—計(jì)算機(jī)網(wǎng)絡(luò)中的數(shù)據(jù)預(yù)安全》（清華大學(xué)出版社2004.1）</p><p>　　[2]余建斌：《黑客的攻擊手段及用戶對策》（北京人民郵電出版社2004.6）</p>

31、;<p>　　[3]蔡立軍：《計(jì)算機(jī)網(wǎng)絡(luò)安全技術(shù)》（中國水利水電出版社2005.9）</p><p>　　[4]鄧文淵、陳惠貞、陳俊榮：《ASP與網(wǎng)絡(luò)數(shù)據(jù)庫技術(shù)》（中國鐵道出版社2007.4）</p><p>　　[5]劉遠(yuǎn)生：《計(jì)算機(jī)網(wǎng)絡(luò)安全》（清華大學(xué)出版社2006.8）</p><p>　　[6]袁德明：《計(jì)算機(jī)網(wǎng)絡(luò)安全》（電子工業(yè)出版社2007

32、.6）</p><p><b>　　外文原文：</b></p><p>　　Brief analysis network security technology</p><p>　　In the past two centuries, industrial technology represents a country's milita

33、ry and economic strength. Today, the rapid development of information technology in the twenty-first century have enhanced overall national strength of the key. </p><p>　　With the development of computer tec

34、hnology in the computer business has been based on a single mathematical computing, document processing, based on a simple link to the internal network of internal business processes, such as office automation to the dev

35、elopment of enterprises based on the complexity of the intranet, extranet , The global Internet enterprise-class computer systems and dealing with the world of business and information-sharing deal. In the information pr

36、ocessing capacity, the a</p><p>　　First, in an open network at the same time there are security issues .</p><p>　　Internet's openness as well as other factors led to the network environment,

37、 the computer system is riddled with security problems. In order to address these security issues, a variety of safety mechanisms, strategies and tools for research and application have been. However, even in the use of

38、existing tools and mechanisms for security, network security is still a great danger that these potential safety problems can be attributed mainly to the following: </p><p>　　the limitations of security</

39、p><p>　　Each security mechanism must have the scope of the application and application environment. Firewall is an effective security tool, which can be concealed within the structure of the network to limit ex

40、ternal network access to internal networks. But the visit between the internal network, the firewall is often powerless. Therefore, the internal network to the internal network between the invasion and the invasion of co

41、llusion, it is very difficult to find a firewall and guard against. </p><p>　　security management mechanism </p><p>　　Common safety management mechanism: the management of passwords; a variety o

42、f key generation, distribution and management; reunification of the entire network administrator authentication and authorization; the establishment of a system-wide assessment of the security system; the establishment o

43、f the security audit system; the establishment of systems and data Backup system; the establishment of security incidents / security alarm and response mechanism to deal with plans; the establishment of s</p><

44、p>　　In order to strengthen the system for disaster prevention and response capability, but also to develop contingency plans for catastrophic accidents, such as an emergency action plan resources (hardware, software,

45、data, etc.) to back up and operational plans, systems and the resumption of testing methods.</p><p>　　the impact of security tools </p><p>　　Security tools by the effects of man-made factors. A

46、security tool to achieve the desired effect, to a large extent depends on the users, including system administrators and ordinary users, improper use will generate insecurity. For example, NT in a reasonable setting can

47、be achieved after the C2 level of security, but very few people able to NT's own security policy for setting reasonable. In this regard, though, can still scanning tool to detect whether the system was set up reasona

48、ble, but th</p><p>　　system in the area of security problems </p><p>　　The system is the back-traditional security tools difficult to take into account. Firewall is difficult to take into accoun

49、t the type of security issues, in most cases, these intrusions can legitimately through the firewall and difficult to detect; For example, the well-known ASP source issue in the IIS Server 4.0 has been previously exist,

50、it is IIS services of a designer left the back door, no one can use the browser from the network to facilitate the transfer of the ASP program source code, w</p><p>　　As long as there are procedures that may

51、 exist on the BUG </p><p>　　As long as there are procedures that may exist on the BUG. Even the security tools also possible security loopholes. Almost every day a new BUG was found and published, in the pro

52、cess to amend the designer known for BUG at the same time, it may have had a new BUG. BUG system, hackers often use, and this attack does not normally have a log, almost no data are available. For example, many programs

53、the existence of the memory overflow BUG, and safe use of these tools for BUG's almost impossible to </p><p>　　hacking efforts </p><p>　　Almost every day, a different system security problem

54、s. Means hackers are constantly updated, and security tools to update the rate lagged far behind the attacks means the update rate, the vast majority of cases people need to be able to participate in the discovery of pre

55、viously unknown security issues, making their impact on emerging security The question is always too slow in responding. When the security tools to detect and correct just a safety issue, other security issues have emerg

56、ed. As </p><p>　　Second, the network's vulnerability has led to arbitrary hackers on the Internet Hang </p><p>　　According to the Warroon? Research survey, in 1997 the world's top 1000 c

57、ompanies have been almost hackers broke into. </p><p>　　According to FBI statistics of the United States, the United States each year as a result of network security caused by the loss of up to 7,500,000,000

58、 U.S. dollars. </p><p>　　Ernst and Young report, due to theft or misuse of information security, almost 80% of large enterprises suffered losses </p><p>　　In a recent large-scale hacker attacks,

59、 the Yahoo Web site to stop running 3 hours, so the loss of millions of dollars of transactions. According to statistics, and in this whole operation, the U.S. economy has lost a total of over one billion U.S. dollars. A

60、s the panic of the industry, Amazon (Amazon.com), AOL, Yahoo (Yahoo!), EBay shares were down, technology-dominated Nasdaq stock index (Nasdaq) over the past three consecutive days to break the record The rally, a 63-poin

61、t drop, the Dow Jones</p><p>　　By the end of 1993, the High Energy Institute, Chinese Academy of Sciences have found a "hacker" intrusion, a user's permission has been upgraded to a super-power

62、s, when the system administrator to track, was his revenge. </p><p>　　In 1994, the United States, a 14-year-old children via the Internet into Chinese Academy of Sciences Network Center of Tsinghua Universit

63、y and host to our system administrator warned. </p><p>　　In 1996, the High Energy Institute has once again been a "hacker" invasion, in the private High Energy Institute hosts dozens of accounts se

64、t up, the track is found in a dial-up users. </p><p>　　Over the same period, domestic ISP found a "hacker" invasion of its main server and delete the account of its document management, resulting i

65、n hundreds of people can not use. </p><p>　　In 1997, the Chinese Academy of Sciences Network Center of the page was a "hacker" with plans to replace the devil. </p><p>　　To enter in 19

66、98, the hacking activity is on the increase, almost all major networks have met with varying degrees of hacker attacks: </p><p>　　In February, Guangzhou Shi Lingtong invasion by hackers several times, result

67、ing in 4 hours the system out of control; </p><p>　　In April, Guizhou port hacking, home to be replaced by an obscene picture; </p><p>　　May, Dalian ChinaNET node invasion, user passwords stolen

68、; </p><p>　　In June, the Shanghai hotline has been invaded, the server administrator password was stolen, hundreds of customers and staff of the stolen account number and password; </p><p>　　Jul

69、y, Jiangxi was 169 network hacker attacks, resulting in the net within 3 days to run 2nd network interrupted for 30 hours, project acceptance to postpone for 20 days; the same period, the Shanghai Securities of a system

70、to hacking; </p><p>　　August, Indonesian Chinese hackers collective events among Indonesia's invasion outlets, resulting in a number of sites Indonesia paralyzed, but at the same time, China was Indonesi

71、a's part of the site hacker retaliation; the same period, Xi'an, a banking system to hacking, go to 806,000 yuan in cash. </p><p>　　September, Yangzhou was a bank hacker attacks, the use of virtual-t

72、o-deposit accounts to take 260,000 yuan in cash. </p><p>　　In October, the Fujian Provincial Library home page was replaced by hackers. </p><p>　　June 2007 18-year-old juvenile hacking Web site

73、2000, only to show off the level. </p><p>　　May 2008 Web site in Shaanxi Province have been short-time hacker attacks and malicious Web page publication "a major security hole site" false informati

74、on. </p><p>　　Beijing University in September 2008 Web site were attacked by hackers, the fake president of the University attack. </p><p>　　Third, Network Security System </p><p>　

75、　At this stage in order to ensure normal work of the network commonly used method is as follows: </p><p>　　network to prevent virus </p><p>　　In the network environment, the rapid spread of the

76、virus, only stand-alone anti-virus products have been very difficult to completely clear the virus, network, local area network must be suitable for all-round anti-virus products. Campus Network is the internal local are

77、a network requires a server-based operating system platform of anti-virus software and operating systems for a variety of desktop anti-virus software. If connected to the Internet and will require the gateway anti-virus

78、software</p><p>　　use a firewall </p><p>　　The use of firewalls, network communications, when the implementation of an access control measure, agreed with the firewall to allow access of people

79、to enter data with their own internal network and at the same time will not allow the user data and the door, to maximize the network to prevent hackers to Visit their networks, to prevent them from change, or even mobil

80、e network to delete important information. Firewall is a well-established and widely used network security mechanisms to prevent </p><p>　　Intrusion Detection System </p><p>　　Intrusion Detectio

81、n Technology is to guarantee the security of computer systems designed and configured in a timely manner to a system to detect and report unauthorized or unusual technology, is a computer network for detecting violations

82、 of security policy in the act of technology. Intrusion Detection System in the use of audit records, intrusion detection system to identify any hope that some activities in order to limit the reach of these activities i

83、n order to protect the security of the sys</p><p>　　Web, Email, BBS safety monitoring system </p><p>　　Www in the network server, Email server, such as the use of network security monitoring sys

84、tem, real-time tracking and surveillance networks, intercepted on-line Internet transmission, and restore the integrity of the www, Email, FTP, Telnet application, set up to preserve the corresponding The database record

85、s. Found in a timely manner on the network transmission of illegal content, the higher the security network in a timely manner to the center of the report and take measures. </p><p>　　vulnerability scanning

86、system </p><p>　　Network layer to address security issues, first of all to make it clear what network security, vulnerability points. In the face of large-scale network complexity and changing circumstances,

87、 only network administrators rely on the skills and experience to find security holes, making a risk assessment is unrealistic. Solution is to find a network to find vulnerabilities, and to suggest amendments to the asse

88、ssment of network security scanning tools to optimize the use of the system configuration </p><p>　　IP theft problem in the router's IP and MAC address binding </p><p>　　When an IP router, a

89、ccess through the Internet, the router checks sent to the IP packet radio station of the MAC with the MAC address of the router on the table in line with, if released on line. Otherwise not allowed through the router and

90、 at the same time to the issue of the IP packet radio station to return a warning message. </p><p>　　the use of network-monitoring system to safeguard security </p><p>　　The external network int

91、rusion by installing a firewall can be resolved, but the internal network attacks do nothing about it. In this case, we can take on a different subnet has a function of the audit documents for the management of its own a

92、nalysis of the network provide the basis for the operation of state. Design a sub-network of dedicated monitoring procedures. The main functions of the software to monitor the long-term sub-network of interconnected comp

93、uters, the system for all of the aud</p><p>　　In short, is a network security system works, not just rely on a single firewall system, and the need to carefully consider the security needs, and a variety of

94、security technologies, such as technology, combined with the password? Together in order to generate a high-performance, GM , A network security system. China's information network security technology research and pr

95、oduct development is still in its infancy, there are still a lot of work we need to research, development and exploration, </p><p>　　References</p><p>　　[1] Lu Kai-cheng: "Cryptography comp

96、uter - a computer network in the pre-data security" (University Press 2004.1) </p><p>　　[2] Yu Jianbin: "hacker attacks and the means of the user response" (Beijing People's Posts and Tel

97、ecommunications Publishing House 2004.6) </p><p>　　[3] Jun Cai: "Computer Network Security Technology" (China Water Conservancy and Hydropower Press 2005.9) </p><p>　　[4] Deng Wenyua

98、n, Chen Huizhen, Chun-Jung Chen: "ASP network and database technology" (China Railway Press 2007.4) </p><p>　　[5] Liu Yuansheng: "Computer network security" (Tsinghua University Press 2