您现在的位置:学赛首页 > IT英语 > 应用系统 > 正文
入侵计算机的特点和安全漏洞种类(中英文对照)[1]
http://www.educity.cn 作者:IT英语 来源:希赛教育 2008年3月28日 发表评论 进入社区

  Principle of Easiest Penetration. An intruder must be expected to use any available means of penetration. This will not necessarily be the most obvious means, nor will it necessarily be the one against which the most solid defense has been installed.

  最容易攻破原理。入侵者必定要使用一种可以攻破的方法,这种方法既不可能是最常用的,也不可能是针对已经采取了最可靠的防范措施的方法。

  This principle says that computer security specialists must consider all possible means of penetration, because strengthening one may just make another means more appealing to intruders. We now consider what these means of penetration are.

  这一原理说明计算机安全专家必须考虑所有可能的攻击方法。由于你加强了某一方面,入侵者可能会想出另外的对付方法。我们现在就说明这些攻击的方法是什么。

  In security, an exposure is a form of possible loss or harm in a computing system; examples of exposures are unauthorized disclosure of data, modification of data, or denial of legitimate access to computing . A vulnerability is a weakness in the security system that might be exploited to cause loss or harm.

  在计算机系统中,暴露是一种使安全完全丧失或受到伤害的一种形式;暴露的例子是非授权的数据公开、数据修改或拒绝合法的访问计算机。脆弱性是安全系统中的薄弱环节,它可能引起安全的丧失或伤害。

  A human who exploits a vulnerability perpetrates an attack on the system. Threats to computing systems are circumstances that have the potential to cause loss or harm; human attacks are examples of threats, as are natural disasters, inadvertent human errors, and internal hardware or software flaws. Finally, a control is a protective measure-an action, a device, a procedure, or a technique-that reduces a vulnerability.

  人可利用脆弱性对系统进行罪恶的攻击。对计算机系统的威胁是引起安全丧失或伤害的环境;人们的攻击是威胁的例子,如自然灾害,人们非故意错误和硬件或软件缺陷等。最后,控制是一种保护性措施——控制可以是一种动作,一个设备,一个过程或一种技术——减少了脆弱性。

  The major assets of computing systems are hardware, software, and data. There are four kinds of threats to the security of a computing system: interruption, interception, modification, and fabrication. The four threats all exploit vulnerabilities of the assets in computing systems. These four threats are shown in Fig.10-1.

  计算机系统的主要资源是硬件、软件和数据。有四种对计算机安全的威胁:中断,截取,篡改和伪造。这四种威胁都利用了计算机系统资源的脆弱性,图10-1表示这四种威胁。

  Fig.10-1 Four classes of System Security Failures

  (1)In an interruption, an asset of the system becomes lost or unavailable or unusable. An example is malicious destruction of a hardware device, erasure of a program or data file, or failure of an operating system file manager so that it cannot find a particular disk file.

  (1)在中断情况下,系统资源开始丢失,不可用或不能用。例如,蓄意破坏硬件设备,抹除程序或数据文件或造成操作系统的文件管理程序故障,以致不能找到某一磁盘文件。

[1]  [2]  

】【收藏到我的学赛】 【发表评论】【进入社区