5.5 NETWORK SECURITY

keywords:
network security 网络安全
virtus 病毒
unaithorised access 非授权访问
firewall 防火墙
sector 自举
macro vitus 宏病毒
floppy disk 软盘
download 下载卸载
identication识别验证鉴定
authentication 验证
password 密码
filter 过滤
block 封锁
NFS 网络文件系统
gateway 网关
relay service 中继业务
packet filtering 分组过滤
circuit gateway 电路网关
application level gateway 应用级网关
screening touter 屏蔽路由器
bastion host 堡垒主机
dual homed gateway 双宿主网关
screen host gateway 屏蔽主机网关
screened subnet 屏蔽子网

So far in this chapter;s we’ve looked at the benefits and possibilities that computer networks provide, unfortunatly, there is a dark side to this rosy picture. because of the prolific nature of computers and networks today, an apportunity exists for criminals to commit acts that are not in the public interest, sunch acts run the gamut from stealing money to intentionally destorying corporate date to stalking children over the internet, this issues that are very important with regards to network security computer virtus, unauthorized access and firewall -are discussed next.
1.network virtuses.
1) what are viruses
A virus or more formally, a computer virus is a computer program that is able to make a copy of iteself without you knowing that is happening, a virus may copy itself from one part of your hard disk to another, or it may copy itself one computer to another
most virtuses do more than copies of themselves. some of them cause real damages, say, by deleting files on your hard disk. others are merely annoying, they may display a message on your monitor or cause something strange to happen as you are working, all virtuses are malevolent in that they do their work without your knowing that is happening, and they can cause problems merely by spreading uncontrillably.

2)types of virtus
Although thousands of virtus roam machines and networks all over the word, most have common traits that can be categorized in to one of the following grouos:
.Boot sector virtuses.
.file infector virtuses.
.macro virtues.

3)how do you get a virtus,
most virtus today are transmitted through the internet, the macro virtus is the fastest spreading virtus because it is usually transferred machine to machine via e-mail attachments , however, virtus can also be transmitted floppy disks, file transfers, and web downloads, in addition, macro virtuses all open files of a specific application.
Therefore, if you machine .if your machine has a microsoft word macro virtus, it will infect all word documents that are open on your machine, if you save those infected file to a floppy disk. you will transfer the infection along with the file when you copy it to another hard drive. or open it on another machine using the same application,

in addation, using the web to download files to another common way to get a virtus. sites that allow users to share information over the internet. sunch as napster and guntella. are a potential breeding ground for computer virtuses, much like real word virtuses breed in high traffic areas sunch as malls and schools.

2.unauthorized access
Unauthorized access the use of a computer, network, or network resource without permission is a very important network security issue, to prevent unauthorized access. some types of identification procedure must be used. these vary some type of personal characteristic. sunch as a fingerprint.
some of the most secure access control systems address both identification and authentication, identification involves vertifying that the person’s name or other identifying feature is listed as an authorized user, authenticatio refer to determing whether or not the person is actually who he or she claims to be,

3.firewalls
the purpose of a network firewall is to provide a shell around the network which will protect the systems connected to the network from virous threats.

A firewall can reduce risks to network systems by filtering out inherently insecure network services, network file system services bu blocking all nfs traffic to or from the network, this protects the individual hosts while still allowing the service, which is useful in a lan inviromentm, on the internetal network. instead what is needed is a way fliter access to the network while still allowing users access to the outside world , a typical network firewall can be sepicted as show in fig

in this comfiguartion, the internet network is separated from external networks by a firewall gateway,in the case of a firewall gateway. it also provides a filtering service which network. there are three basic techniques used for firewalls:packet filtering, circuit gateway, and application gateways. often, more than one of these is used to provide the complete firewall services.

there are serveral configuration schemes of firewall in the partical application of internetwork secuity, they usually use the following terminologies.
.screening router. it can be a commercial router or a host-based router with some kind of packet filtering capability.
.bastion host- it is a system identified by the firewall admistrator as a critical strong point in the network security.
.Dual homed gateway it is possibly the most common firewall configuration this is implemented using a isolated using screening toutes. which may implement varying levels of filtering.
.Application level gataway. it is also called a proxy gateway and usually operates at a user level rather than the lower protocol level common to the other firewall trchniques.