10.2 Some Approaches to Defense10.2.1Basic Security MeasuresAll computer systems need a set of basic security measures. Whether the system is a simple personal computer in your home or a major computer network such as the Internet, it is necessary to protect the hardware and software from theft, destruction, and malicious acts of vandalism. security measures can be as simple as locking the door or as advanced as applying virtually unbreakable encryption techniques to data .Let’s break the basic security ,surveillance, passwords, auditing, access rights, standard systems attacks, and viruses.External security of a computer system or a computer network consists of protecting the equipment from physical damage. Example of physical damage include fire, flood, earthquakes, power sarges, and vandalism. Common sense damage prevention techniques are usually enough in many cases of external security. Rooms containing computer equipment should always be locked. Unauthorized persons should not be allowed into rooms containing computing equipment. Cabling, and the devices that cables plug into, should not be exposed if at all possible.If the equipment needs to be in the open for public access, the equipment should be locked down. Many kinds of anti-theft devices exist for locking cabinets, locking cables to cabinets, locking down keyboards, and locking peripheral devices. For example, one manufacturer makes a device that transmits a wireless signal to a pager should a computer cabinet be opened. The person carrying the pager will know immediately which cabinet is being opened so that security can be sent to the appropriate location.It is also fairly common knowledge not to place expensive computer systems in the basements of buildings. Basements can flood and are flood and are often high humidity locations. Rooms with a large number of external windows are also not advisable. Windows can let in sunshine, which can increase the temperature of a room. Computer equipment typically heats up a windowless room. With the addition of sunlight, the increase in temperature may strain the capacity of any existing air conditioning equipment. As temperatures rise, the life expectancy of computer circuits decreases. Also, external windows can increase the probability of vandalism.To prevent electrical damage to computing equipment, high-quality surge protectors should be used on all devices that require electrical current. The electrical circuits that provide power to devices should be large enough to adequately support the device without placing a strain on the electrical system. Electrical circuits that power up and down causing power fluctuation, such as large motors, should be on circuits separate from the computer devices. Finally, devices that are susceptible to damage from static electricity discharges should be properly grounded.Operational securityOperational security of a computer network involves deciding, and then limiting, who can use the system and when they can use the system, Consider, for example, a large corporation in which there are many levels of employees with varying job descriptions. Employees who do not normally come in contact with sensitive data areas should not have access to sensitive data. For example if an employee simple performs data operations more than likely he or she should not be allowed access to payroll database, but more than likely do not need access to information regarding corporate research programs. A manager of an area would probably have access to muchinformation in his or her department, but his or her access to information in other departments would likely be limited. Finally top-level executive often have access to a wide range of information within a company. However, many companies even limit information access to top-level management.Local area network and database systems provide much flexibly in assigning access tights to individuals or groups of individuals, as you will see shortly. Computer network specialist, along with database administrators and someone at the top levels of management such as the Chief Information Officer(CIO), often decide how to break the company into information access groups, decide who is in each group, and determine what access rights each group has. As you might recall some network operating systems, such as Novell’s Net-Ware and Windows NT, are very good application for creating workgroups and assigning rights.It is also possible to limit access to a system by the time of day or the day of the week. If the primary activity in one part of your business is accessing personnel records, and this activity is only performed during working hours by employee in the personnel or human resources department, then it might be reasonable to disable access to personnel records after working hours, such as from 5:30 p.m. until 7:00 a.m. the next morning. Likewise, the network administrator could also deny access to this system on weekends.It may also be wise to limit remote access to a system during certain times of the day or week. With appropriate limits set, someone dialing in at 2:30 a.m. to transfer funds from one account to another may signal an illegal activity. If all corporate fund transfers can only occur during typical business hours, this restriction would be reasonable to place on dial-in activity.SurveillanceAlthough many individual feel surveillance is an intrusion into an individual’s privacy, many network administrators feel it is a good deterrent to computer vandalism and theft. The proper placement of video cameras in key locations can both deter criminals and be used to identify criminals in the event of vandalism or theft.There are, however, other forms of surveillance in addition to capturing live action with a video camera. For example, placing a transmitter in each computer that sends a signal to a pager if the computer cabinet is opened, is a wireless from of surveillance. Using a form of surveillance called intrusion detection ,many companies electronically monitor data flow and system requests into and out of a system. If unusual activity is noticed, protective action can be taken immediately. Intrusion detection is a growing field of study in network security. Companies that accept merchandise orders using the telephone often monitor each telephone call. Companies claim this form of surveillance can improve the quality of customer service and help settle future disputes.Passwords and ID systemsAlmost every system that stores sensitive or confidential data requires an authorized user to enter a password, personal Identification Number, or some other form of ID before gaining access to the system. Typically, this password or ID is something either remembered by the user or a physical feature of a user, such as a fingerprint. Technology in this area is improving rapidly as companies try to incorporate systems that are less vulnerable to fraud.Perhaps the most common form of protection from unauthorized use of a computer system is the password. Anyone accessing a computer system, banking system, or a long distance telephonesystem is required to enter a passwords are:(1)Online computer accounts;(2)Computer network and main frame computer access at work and school;(3)Long distance telephone credit card use;(4)Twenty-four hour automatic banking services;(5)Access to retirement accounts and banking services;(6)Access to e-mail and voicemail systems; and access to Internet web sites at which acustomer profile is created and stored for future transactions.Although the password is the most common form of identification, it is also one of the weakest. Too often passwords become known, or “misplaced” and fall into the wrong hands.Occasionally a password is written on paper, and the paper is discovered by the wrong people. More often, however, the password is too simple and someone else guesses it.Standard rules that an individual should follow when creating or changing a password include;(1)Change your password often;(2)Pick a good password by using at least eight characters, mixing upper and lowercase if the computer system is case sensitive, and mixing letters with numbers.(3)Don’t choose passwords that are similar to first or last names, pet names , car names,or other choices that can be easily guessed.(4)Don’t share your password with others; doing so invites trouble and misuse.Some computer systems generate random passwords that are very difficult to guess, but are also hard to remember. Often , the user who is given a randomly generated password either changes it to something simpler, making it easier to guess, or writes it down on a piece of paper, defeating the whole purpose of a secret password. Some systems also disallow obvious passwords or already used passwords, thus requiring the user to be creative and select a password that is difficult to guess.A common fallacy among computer system users is that the internal operating system file that stores the login Ids and passwords is susceptible to intrusion. Interestingly, most computer systems store passwords in an encrusted form for which there is no known decryption. How then does the system know when you have entered the correct password? When a user enters his or her login ID and password, the password is encrypted and compared with the entry in the encrypted password file. If the two encrypted passwords match, the login is allowed. Anyone who gets access to this encrypted password file will discover only unreadable text. This encrypted technique explains why . when you forget your password , a computer operator cannot simply read a file and tell you what it is. The computer operator can only reset the password to something new.Since there are so many weaknesses to the password, other forms of identification have emerged. Biometric techniques that scan something about the user, such as voiceprints, eyeprints, and faceprints, appear to be the wave of the future. For example, England has a large database of earprints. Research shows that no two ears are the same, thus an earprint is useful in helping to identify an individual. Fingerprints have long been used to distinguish one individual from another. Now, desktop devices the size of a computer mouse exists can scan a thumbprint and allow or disallow access to a computer system. Likewise, systems exist that can record and digitize your voice. The digital voice pattern is compared to a stored sample and the software determines if the match is close enough for validation. Although retina scans have been portrayed in movies andexist in the real world as security techniques, another eye feature that is unique among all individuals is the iris, or the colored portion of the eye. Some new security devices use the iris, to identify people who are allowed to access a system. Other research has been aimed at digitizing the features of the entire face and comparing this digital representation with a stored image. Companies that manufacture twenty-four hour automatic teller machines are interested in replacing the credit card-sized automatic teller machines(ATM) card and corresponding PIN with something that cannot be stolen, such as a fingerprint, face-print, or eye-print.AuditingAuditing a computer system is often a good deterrent to crime and is useful in apprehending a criminal after a crime has occurred. Computer auditing usually involves software program that monitors every transaction within a system. As each transaction occurs, it is recorded into an electronic log along with the date, time, and owner with the transaction. If an inappropriate transaction is suspected , the electronic log is scanned and the appropriate information is retrieved. In a classic computer crime case that was thwarted because of auditing, a New York man discovered that invoices for an amount under $500 that were sent to local government agencies would be routinely paid without requesting further details. It wasn’t until many months later that a lawyer examining the computer audit trail of payments noticed the pattern of checks under $500 sent to the same individual.Many good computer programs that can audit all transactions on computer system are available. The price paid to purchase, install, and support an audit program can be well worth it if the program can help catch a person performing unaurborized transactions.Access RightsModern computer systems and computer networks allow multiple users to access resources orsuch as files, tapes, printers, and other peripheral devices. Many times, however, the various resources are not supported to be shared, or they should be shared only by a select group. If resource sharing is to be restricted , then a user or network administrator should set the appropriate access rights for a particular resource. Most access rights have two parameters: who and how. The who parameter lists who has access rights to the resource. Typical examples of who include the owner, a select group of users, and the entire user population. The how parameter can specify how a user may access the resource. Typical examples include read, write, edit, execute, append (add date to the end) , and print. For example, a user may create a file an allow all users to access the file, but only with read access rights. The usual system defaults grant the owner of the file full read, write, and execute access so that the user can modify or delete the file at any time. The network administrator can assign supervisor, read, write, create, erase, modify, file scan, and access control rights to a particular user.Modern network operating systems allow network administrators to create workgroups. These workgroups are defined by the network administrator and can contain any form of user grouping as desired. For example, one workgroup might consist of all the employees from marketing and engineering that are currently working on a particular project. Once the workgroup is defined, it is then possible to assign a unique set of access right for this workgroup.Guarding Against VirusesA computer virus is a small program that attaches itself to another program or computer file and when loaded or executed causes programs with a computer. These problems can consist of deleting and corrupting date and program files, or altering operating system components so that computer operation gram is impaired or even halted. A computer that has been invaded by virus program is said to be infected. Since a virus is a computer program it has a binary pattern that is recognizable. Early model virus scanners from the 1980s looked for the unique bit pattern of the virus. More recent virus scanners watch for the actions of virus, such as unusual file changes or directory activity. Some common types of virus include.(1) Parasitic virus: The most common type of virus, a parasitic virus attaches itself to files and then replicates itself once it is in the horst computer’s memory.(2) Boot sector virus: A boost sector virus is stored on a floppy disk. When the disk is loaded into a new machine, the virus moves from the disk into the host system.(3) Stealth virus: A stealth virus hides itself from antivirus software by assuming a binary from that is not detectable by a virus scanner that is looking for unique binary patterns.(4) Polymorphic virus: This virus mutate with every infection, thus making them difficult to locate.(5) Macro virus: Macro are found in spreadsheets and word processing documents. A macro virus is one that hides within an application’s macro and is activated when the macro is executed.A worm is similar to the computer virus. A computer worm is a special type of virus that manages to store itself in a location that can cause the most damage to the resident computer system. Worms usually replicate themselves by transferring from computer to computer via e-mail. Typically a virus or a worm is transported in a Trojan horse. In computer terminology of Trojan horse is a destructive piece of code that hides inside a harmless looking piece of code, such as an e-mail or an application macro.To guard against virus, you can purchase antivirus software that typically checks all of your files periodically and can remove any viruses that are found. As files and e-mail are downloaded and as applications are opened, you may get a message warning of a new virus. To provide effective protection against virus attacks, you need to use antivirus software that includes signaturebased scanning, terminate-stay-resident monitoring, and multi-level generic scanning.The signature-based scanner works by recognizing the unique pattern of a virus. All viruses have a unique bit pattern, much like a strand of DNA. Antivirus product developers and virus researchers catalog the known viruses and their signatures. Signature-based scanners then use these catalog listings to search for viruses on a user’s computer system. Because new viruses are created daily, it is necessary for a user to update the known virus catalog frequently. This up dating is usually accomplished by downloading new virus information from the internet.Stealth viruses and polymorphic virus are designed to elude the detection of signature-based scanners. For these types of viruses, a second antivirus technique is necessary terminate-and-stay resident antivirus software runs in the background while a application that a user is executing runs in the foreground. Terminate-and-stay resident programs can provide a combination of protective services, including real-time monitoring of disk drivers and files, intelligent analysis of virus-like behavior, and stealth and polymorphic virus detection. An advantage of terminate-and-stay-resident antivirus software is its automatic nature a user does not have to activate the software each time a new life is opened or downloaded. One disadvantage of this software is that an always-running virus checker consumes memory and processing resources.And additional disadvantage is that this type of antivirus software can create false alarms. After a number of false alarms, users often disable the terminate-and-stay resident antivirus software.The third antivirus technique that is used to assist scanners and terminate-and-stay resident software is multi-level generic scanning. The technique is a combination of antivirus technique including intelligent checksum analysis and expert system virus analysis. Intelligent checksum analysis and applies a checksum to a file and data set at two major times in a file’s lifetime at the beginning when a file is new (or in a known safe stage) and at a later time after the life has existed for a while. Much like cyclic checksum, the checksum from the file when new is compared with the later checksum to determine if the volves a serious of proprietary algorithms that perform millions of tests on your software then assigns a number of points to the software in question based on the results of these tests, and indicates a virus if a certain point score is achieved.毕业论文之英译汉部分选自计算机专业英语（10.2.1 基本安全措施）所有的计算机系统都需要一套基本安全措施。