1 A vulnerability is a weakness that a person can eXploit to accomplish something that is not authorized or intended as legitimate use of a network or system.一个漏洞是一个软弱,一个人要有所成就,能利用未被授权或打算作为合法使用网络或系统。

When a vulnerability is exploited to compromise the security of systems or information on those systems，the result is a security incident,Vulnerabilities may be caused by engineering or design errors，or faulty implementation.当一个漏洞是利用妥协的安全系统或信息在这些系统中,其结果是一个安全漏洞事件,可能是由于工程或设计错误,或错误的实现。

Why the Internet Is Vulnerable（为什么互联网是脆弱）2 Many early network protocols that now form part of the Internet infrastructure were designe without security in mind.许多早期的网络协议,现在互联网基础设施的组成部分是不安全的理念,设计。

Without a fundamentally secwre infrastructure，network defense becomes more diffcult.没有从根本上安全的基础设施、网络防御变得更加困难。

Furthermore, the Internet is an extremely dynamic environment, in terms of both topology and emerging technology。

,包括拓扑和新兴技术。

and may be hard to detect or trace。

An attacker does not have to be phsically present to carry out the attack.由于互联网的营销公开和原设计的协议、网络攻击通常是快速,简单,便宜,而且可能很难检测或跟踪一个攻击者不必一股脑的礼物进行攻击。

In fact,many attacks can be launched readily from anywhere in the word, and the location of the attacker can easily be hidden.事实上,许多攻击可以启动容易从任何地方在词的位置,攻击者可以很容易的被隐藏。

Nor is it always necessary to“break in”to a site (gain privileges on it ) to compromise confidentiality,integrity,or availability of its information on service.”网站(获得特权)妥协的保密性,完整性或可用性的信息服务。

It is common for sites to be unaware of the risks or unconcerned about the amount of trust they place in the Intemet.这是常见的网站不知道或不关心的风险量的信任他们的地方在因特网。

They may not be aware of what can happen to their information and systems.他们可能还不知道会发生什么,他们的信息和系统。

They may believe that their site will not be a target or that precautions they have taken are sufficient.他们可能认为,他们的网站将不是一个目标,或者他们已经采取足够的预防措施。

Because the technology is constantly changing and intruders are constantly developing new tools and techniques，solutions do not remain effective indefinitely.因为技术是不断变化的,不断发展新的入侵者是工具和技术,解决方案不能无限期地保持有效。

5 Since much of the traffic on the Internet is not encrypted,confidentiality and integrity are diffcult to achieve.因为大部分的交通网络是不加密的,保密性和完整性都难实现。

This situation undermines not only annlications (such as financial applications that arenetwork-based ) but also more fundamental mechanisms such as authentication andnon-repudiation.这种情况不仅annlications破坏(如金融应用程序,这些应用程序是基于网络的),但也更根本的机制,比如身份验证和不可抵赖性。

As a result, sites may be affected by a security compromise at another site over which they have no control .因此,网站可能会受到安全妥协在另一个网站而失去控制。

An example of this is a packet sniffer that is installed at one site but allows the intruder to gather information about other domains (possibly in other counties).一个例子是一个数据包嗅探器,安装在一个站点上但允许入侵者收集信息关于其他域(可能在其他国家)。

6 Another factor that contributes to the vulnerability of the Internet is the rapid growth and use of the netword,accompanied by rapid deployment of network services involving complex applications. 另一个因素导致的脆弱性是互联网快速发展和使用网络,伴随着快速部署的网络服务涉及复杂的应用程序。

Often,these services are not designed, configured,or maintained securely.通常,这些服务不是设计、配置或维护安全。

In the rush to yet new products to market developers do not adequately ensure that they do not repeat previous mistakes or introduce new vulnerabilities在急于然而新产品市场开发人员不充分确保他们不重复以前的错误或引入新的漏洞7Compounding the problem, operating system security is rarely a purchase criterion.让问题更加复杂的是,操作系统安全是很少购买标准。

Commercial operating system vendors often report that sales are driven by customer demand for performance,price,easy of use,maintenance,and support.商业操作系统供应商经常报告,销售是由客户要求的性能、价格、容易使用、维护和支持。

As a result ,off-the-shelf operating systems are shipped in an easy-to-use but insecure configuration that allow sits to use the system soon after installation.因此,现成的操作系统是在一个易于使用的但不安全的运来配置,允许坐使用系统安装后不久。

These host/sites are often not fully configured from a security perspective before connecting.这些主机/网站常常没有完全配置之前从安全角度连接。

This lack of secure configuration makes them vulnerable to attacks,which sometimes occur within minutes of connection.这种缺乏安全的配置使他们容易受到攻击,这有时发生后几分钟内连接。

8Finally, the explosive growth of the Intemet has expanded the need for well-trained and experienced people to engineer and manage the network in a secure manner.最后,爆炸性增长的互联网已扩大需要训练有素、经验丰富的人,工程师和管理网络安全的方式。

Because the need for network security experts far exceeds the supply,inexperienced people are called upon secure systems,opening windows of opportunity for the intruder community.因为需要网络安全专家供不应求,没有经验的人呼吁安全的系统,开放的机会窗口为入侵者社区。