Computer Science. The English Language Perspective - Беликова (1176925), страница 27
Текст из файла (страница 27)
Целостность (ее защищенность от разрушения инесанкционированного изменения);3.Конфиденциальность(защитаотнесанкционированного прочтения).4. Give the summary of the text using the key terms.TYPES OF INCIDENTSRead the following words and word combinations and usethem for understanding and translation of the text:threat - угрозаviolation - нарушениеdisruption - прерываниеusurpation — захват, неправомерное присвоениеubiquitous - повсеместныйsnooping - перехватwiretapping — перехват при подключении к линии связиman-in-the-middle attack — атака через посредникаrecipient - получательintermediary - посредникmasquerading — выдача себя за другое лицоspoofing - подменаto lure - заманиватьrepudiation - опровержениеpending - отложенныйprobe - зонд159packet sniffer — перехватчик пакетовdowntime — нерабочее время, простойThreatsA threat is a potential violation of security.
The violation neednot actually occur for there to be a threat. The fact that theviolation might occur means that those actions that could causeit to occur must be guarded against (or prepared for). Thoseactions are called attacks.Threats can be divided into four broad classes: disclosure, orunauthorized access to information; deception, or acceptance offalse data; disruption, or interruption or prevention of correctoperation; and usurpation, or unauthorized control of somepart of a system.
These four broad classes encompass manycommon threats. Since the threats are ubiquitous, anintroductory discussion of each one will present issues thatrecur throughout the study of computer security.Snooping, the unauthorized interception of information, is aform of disclosure. It is passive, suggesting simply that someentity is listening to (or reading) communications or browsingthrough files or system information.
Wiretapping, or passivewiretapping, is a form of snooping in which a network ismonitored.Modification or alteration, an unauthorized change ofinformation. Active wiretapping is a form of modification inwhich data moving across a network is altered; the term"active" distinguishes it from snooping ("passive" wiretapping).An example is the man-in-the-middle attack, in which anintruder reads messages from the sender and sends (possiblymodified) versions to the recipient, in hopes that the recipientand sender will not realize the presence of the intermediary.Masquerading or spoofing, an impersonation of one entity byanother. It lures a victim into believing that the entity withwhich it is communicating is a different entity. This may be apassive attack (in which the user does not attempt toauthenticate the recipient, but merely accesses it), but it is160usually an active attack (in which the masquerader issuesresponses to mislead the user about its identity).
It is often usedto usurp control of a system by an attacker impersonating anauthorized manager or controller.Repudiation of origin, a false denial that an entity sent (orcreated) something. Suppose a customer sends a letter to avendor agreeing to pay a large amount of money for a product.The vendor ships the product and then demands payment. Thecustomer denies having ordered the product and by law istherefore entitled to keep the unsolicited shipment withoutpayment. The customer has repudiated the origin of the letter.If the vendor cannot prove that the letter came from thecustomer, the attack succeeds.Delay, a temporary inhibition of a service.
Typically, deliveryof a message or service requires some time t; if an attacker canforce the delivery to take more than time t, the attacker hassuccessfully delayed delivery. This requires manipulation ofsystem control structures, such as network components orserver components, and hence is a form of usurpation.Denial-of-serviceThe goal of denial-of-service attacks is not to gain unauthorizedaccess to machines or data, but to prevent legitimate users of aservice from using it.
A denial-of-service attack can come inmany forms. Attackers may "flood" a network with largevolumes of data or deliberately consume a scarce or limitedresource, such as process control blocks or pending networkconnections. They may also disrupt physical components of thenetwork or manipulate data in transit, including encrypteddata.AttacksAn attempt to breach system security may not be deliberate; itmay be the product of environmental characteristics rather thanspecific actions of an attacker. Incidents can be broadlyclassified into several kinds: the probe, scan, accountcompromise, root compromise, packet sniffer, denial of service,161exploitation of trust, malicious code, and Internet infrastructureattacks.ProbeA probe is characterized by unusual attempts to gain access to asystem or to discover information about the system.
Probing isthe electronic equivalent of testing doorknobs to find anunlocked door for easy entry. Probes are sometimes followedby a more serious security event, but they are often the result ofcuriosity or confusion.ScanA scan is simply a large number of probes done using anautomated tool.
Scans can sometimes be the result of amisconfiguration or other error, but they are often a prelude toa more directed attack on systems that the intruder has found tobe vulnerable.Account compromiseAn account compromise is the unauthorized use of a computeraccount by someone other than the account owner, withoutinvolving system-level or root-level privileges (privileges asystem administrator or network manager has). An accountcompromise might expose the victim to serious data loss, datatheft, or theft of services.Root compromiseA root compromise is similar to an account compromise, exceptthat the account that has been compromised has specialprivileges on the system. Intruders who succeed in a rootcompromise can do just about anything on the victim’s system,including run their own programs, change how the systemworks, and hide traces of their intrusion.Packet snifferA packet sniffer is a program that captures data frominformation packets as they travel over the network.
That datamay include user names, passwords, and proprietaryinformation that travels over the network in clear text. Withperhaps hundreds or thousands of passwords captured by thesniffer, intruders can launch widespread attacks on systems.162Exploitation of trustComputers on networks often have trust relationships with oneanother. For example, before executing some commands, thecomputer checks a set of files that specify which othercomputers on the network are permitted to use thosecommands.
If attackers can forge their identity, appearing to beusing the trusted computer, they may be able to gainunauthorized access to other computers.Malicious codeMalicious code is a general term for programs that, whenexecuted, would cause undesired results on a system. Users ofthe system usually are not aware of the program until theydiscover the damage. Malicious code includes Trojan horses,viruses, and worms.
Trojan horses and viruses are usuallyhidden in legitimate programs or files that attackers havealtered to do more than what is expected. Worms are selfreplicating programs that spread with no human interventionafter they are started. Viruses are also self-replicating programs,but usually require some action on the part of the user tospread inadvertently to other programs or systems. These sortsof programs can lead to serious data loss, downtime, denial-ofservice, and other types of security incidents.Internet infrastructure attacksThese rare but serious attacks involve key components of theInternet infrastructure rather than specific systems on theInternet. Examples are network name servers, network accessproviders, and large archive sites on which many users depend.Widespread automated attacks can also threaten theinfrastructure.
Infrastructure attacks affect a large portion of theInternet and can seriously hinder the day-to-day operation ofmany sites.163Assignments1. Translate the sentences from the texts into Russian inwriting paying attention to the underlined words andphrases:1. The fact that the violation might occur means that thoseactions that could cause it to occur must be guardedagainst (or prepared for).2. Threats can be divided into four broad classes:disclosure, or unauthorized access to information;deception, or acceptance of false data; disruption, orinterruption or prevention of correct operation; andusurpation, or unauthorized control of some part of asystem.3.
Active wiretapping is a form of modification in whichdata moving across a network is altered; the term"active" distinguishes it from snooping ("passive"wiretapping).4. Masquerading or spoofing is often used to usurp controlof a system by an attacker impersonating an authorizedmanager or controller.5. Attackers may "flood" a network with large volumes ofdata or deliberately consume a scarce or limitedresource, such as process control blocks or pendingnetwork connections.6. Scans can sometimes be the result of a misconfigurationor other error, but they are often a prelude to a moredirected attack on systems that the intruder has found tobe vulnerable.7.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
