Data Communication Computer Network 简明教程
Computer Network Security
在互联网的初期,其使用仅限于军方和大学,用于研究和开发目的。后来,当所有网络合并在一起并形成互联网时,数据用于通过公共传输网络传输。普通人可能会发送可能高度敏感的数据,例如其银行凭证、用户名和密码、个人文件、在线购物详情或机密文件。
During initial days of internet, its use was limited to military and universities for research and development purpose. Later when all networks merged together and formed internet, the data useds to travel through public transit network.Common people may send the data that can be highly sensitive such as their bank credentials, username and passwords, personal documents, online shopping details, or confidential documents.
所有安全威胁都是故意的,即仅在故意触发时才会发生。安全威胁可分为以下几类:
All security threats are intentional i.e. they occur only if intentionally triggered. Security threats can be divided into the following categories:
-
Interruption
中断是一种安全威胁,该威胁会攻击资源的可用性。例如,用户无法访问其网络服务器或网络服务器被劫持。
Interruption is a security threat in which availability of resources is attacked. For example, a user is unable to access its web-server or the web-server is hijacked.
-
Privacy-Breach
在此威胁中,用户的隐私受到损害。未经授权的人员正在访问或拦截原始经过身份验证的用户发送或接收的数据。
In this threat, the privacy of a user is compromised. Someone, who is not the authorized person is accessing or intercepting data sent or received by the original authenticated user.
-
Integrity
此类型的威胁包括通信原始背景中的任何变更或修改。攻击者拦截并接收发送者发送的数据,然后攻击者修改或生成虚假数据并发送给接收者。接收者接收数据时假设数据是由原始发送者发送的。
This type of threat includes any alteration or modification in the original context of communication. The attacker intercepts and receives the data sent by the sender and the attacker then either modifies or generates false data and sends to the receiver. The receiver receives the data assuming that it is being sent by the original Sender.
-
Authenticity
当攻击者或安全违规者冒充真人的身份并访问资源或与其他真正用户进行通信时,就会发生此威胁。
This threat occurs when an attacker or a security violator, poses as a genuine person and accesses the resources or communicates with other genuine users.
当今世界中没有一种技术可以提供 100% 的安全性。但是,可以采取措施来保护数据在不安全的网络或互联网中传输时的安全。使用最广泛的技术是密码术。
No technique in the present world can provide 100% security. But steps can be taken to secure data while it travels in unsecured network or internet. The most widely used technique is Cryptography.
密码术是一种加密明文数据的技术,使得难以理解和解释数据。目前有几种可用的密码算法,如下所述:
Cryptography is a technique to encrypt the plain-text data which makes it difficult to understand and interpret. There are several cryptographic algorithms available present day as described below:
-
Secret Key
-
Public Key
-
Message Digest
Secret Key Encryption
发送者和接收者都有一个密钥。此密钥用于在发送方端加密数据。在加密数据后,它将被发送到公有域,发送给接收者。因为接收者知道并拥有密钥,所以加密的数据包可以轻松解密。
Both sender and receiver have one secret key. This secret key is used to encrypt the data at sender’s end. After the data is encrypted, it is sent on the public domain to the receiver. Because the receiver knows and has the Secret Key, the encrypted data packets can easily be decrypted.
密钥加密的一个示例是数据加密标准 (DES)。在密钥加密中,网络中每个主机都需要一个单独的密钥,这使得管理变得很困难。
Example of secret key encryption is Data Encryption Standard (DES). In Secret Key encryption, it is required to have a separate key for each host on the network making it difficult to manage.
Public Key Encryption
在此加密系统中,每个用户都有自己的密钥,并且不在共享域中。密钥永远不会在公有域中显示。除了密钥之外,每个用户都有自己的公开密钥。公钥始终是公开的,由发送者用于加密数据。当用户收到加密数据时,他们可以通过自己的密钥轻松对其进行解密。
In this encryption system, every user has its own Secret Key and it is not in the shared domain. The secret key is never revealed on public domain. Along with secret key, every user has its own but public key. Public key is always made public and is used by Senders to encrypt the data. When the user receives the encrypted data, he can easily decrypt it by using its own Secret Key.
公钥加密的一个示例是 Rivest-Shamir-Adleman (RSA)。
Example of public key encryption is Rivest-Shamir-Adleman (RSA).
Message Digest
在此方法中,不发送实际数据,而是计算散列值并发送。另一端用户计算自己的散列值,并与刚刚接收的散列值进行比较。如果两个散列值匹配,则接受,否则拒绝。
In this method, actual data is not sent, instead a hash value is calculated and sent. The other end user, computes its own hash value and compares with the one just received.If both hash values are matched, then it is accepted otherwise rejected.
消息摘要的示例是 MD5 hash。它主要用于身份验证,其中用户密码与保存在服务器上的密码进行交叉核对。
Example of Message Digest is MD5 hashing. It is mostly used in authentication where user password is cross checked with the one saved on the server.