Chapter 1
1. Security Definition(p. 2)
(1). Computer Security(電腦安全)
generic name for the collection of tools designed to protect data
and to thwart hackers
所有設計用來保護資料及阻礙hacker的工具統稱。
(2). Network Security(網路安全)
measures to protect data during their transmission
有關資料傳輸安全性的方法。
(3). Internet Security(網際網路安全)
measures to protect data during their transmission over a collection
of interconnected networks
有關網際網路上資料傳輸安全性的方法。
2.Security services, mechanisms, attacks
(1). Security services(安全服務) (p. 4)
a). Enhances the security of the data processing systems and the
information transfers of an organization.
加強資料傳輸以及資料處理系統的安全性。
b). Make use of one or more security mechanisms to provide the
service
使用一個或多個安全機制來提供services
c). Replicate functions normally associated with physical
documents
可想成是一些與實質文件相關的重複函式集合。
(2). Security Mechanisms(安全機制) (p. 6)
A mechanism that is designed to detect, prevent, or recover from a
security attack
偵測、預防、或者復原安全攻擊的機制。
(3). Security Attacks(安全攻擊) (p. 6)
Any action that compromises the security of information owned by
an organization
任何危害組織安全資訊的動作。
3. X.800 standard(p. 7)
Defines a systematic way of defining and providing security requirements.
(1). Security services(p. 7)
A service provided by a protocol layer of communicating open systems,
which ensures adequate security of the systems or of data transfers.
Category: Table 1.4 (p. 9)
a). Authentication(驗證)
Assurance that the communicating entity is the one claimed
確認連結溝通的兩方身分。
Two specific authentication:
I). Peer entity authentication
辨別雙方身份。
II).Data origin authentication
收到資料時確認sender的身分。
b). Access Control(存取控制)
Prevention of the unauthorized use of a resource
預防未經驗證的存取。
c). Data Confidentiality(資料機密)
Protection of data from unauthorized disclosure
對未經驗證的公開資料的保護。
d). Data Integrity(資料完整性)
Assurance that data received is as sent by an authorized entity
確認資料是由以驗證的sender送出。
e). Non-Repudiation(不可否認)
Protection against denial by one of the parties in a communication
資料的不可否認性。
(2). Security Mechanisms
Table 1.5, 1.6 (p. 12, 13)
(3). Security Attacks
a). Passive attacks
Eavesdropping on, or monitoring of, transmissions to obtain message
contents, or monitor traffic flows.
偷聽或監控message的行為。
b). Active attacks
Modification of data stream to masquerade of one entity as some
other, replay previous messages, modify messages, or denial of
service
修改、發送錯誤的資料流,或者阻斷服務的行為。
4. Models for network security
Fighre 1.1 (p. 15)
Four basic tasks:
a). Design a algorithm.
b). Generate the secret information.(use key)
c). Develop methods for the distribution.
d). Specify a protocol.
5. Models for Accessk security
Fighre 1.2 (p. 16)
Requires:
a). Select appropriate gatekeeper functions to identify users
b). Implement security controls to ensure only authorised users
access designated information or resources
留言列表
文章集錦 (3)