信息安全原理与实践第二版课后思考题解析(英文版)

1) Initially the hacker is a skilled writing and debugging of computer programming skills, and the use of these techniques to obtain illegal or unauthorized network or file access, invasion of Intranet for the people. With a variety of powerful hacking tools are widely spread, the computer technology to understand very few people can also implement of hacker attack behavior, so the network system hacking attacks significantly increased the likelihood of.2) Active attack can cause network system status and service change. Active attacks include attempting to stop or break protection mechanism, introduce malicious code, theft or tamper with the information. Active attack may cause data disclosure and dissemination, or cause a denial of service and data tampering, including most of the unauthorized user attempts to abnormal means and the normal means of access to the remote host.3) General complete attack process is to hide themselves, hiding yourself after the attack detection, detection of target machines with various properties, and have been attack condition; then take corresponding attack methods were destroyed, achieve his goal after the attacker will remove their behavior in the target system log.4) General complete attack process is to hide themselves, hiding yourself after the attack detection, detection of target machines with various properties, and have been attack condition; then take corresponding attack methods were destroyed, achieve his goal after the attacker will remove their behavior in the target system log.5) Denial of service attack, is through illegal monopoly target system services, ultimately trying to prevent legitimate users target to provide network services. Denial of service attack is the most common attack through the resulting in a large number of flows to the victim network packet, the network consume all available bandwidth.6) Modern cryptography is one of the basic principles are: all secrets are present and the key. The implication is that, in the design of encryption system, always assume the cipher algorithm is disclosed, really need to keep it secret. This is because the cipher algorithm is easier to reveal the relative key.7) Symmetric cipher password required to achieve through the security code channel by sender to receiver. The password system 's advantages are: high safety, fast encryption speed. The shortcoming is: with the expansion of network scale, key management becomes a difficulty;cannot solve the message confirmation problems; lack of automatic detection of key leakage ability.8) Cryptographic protocol has the following characteristics: agreement from first to last is a sequential process, every step must be performed, in the former step without prior to implementation, the following steps are not possible; protocol requires at least two participants; the protocol must be able to complete a certain task; protocol must meet certain security requirements.9) As a result of cryptography for communication to provide strong security, the attacker has turned to loopholes in the system. Loopholes in the system is a software system, network protocols such as in the preparation of safe flaw, the attacker can use these flaw carries on the attack to the system. For this type of attack, there are a variety of different coping techniques, and cryptography has to a certain extent, can play a role in.10) Public key cryptography is also known as asymmetric key cipher. Using public key cryptography each user separately has two key: encryption keys and decryption key, both of them are not the same, and the encryption key decryption keys on the computer is not feasible. Each user's encryption key are open (and hence, also known as the public key encryption key ).11) If the Internet and are accessed through the firewall, then the firewall, can record various visits, and provides information about network utilization value statistics. If a firewall in suspicious activity occurred when the alarm, it also provides the firewall and network are affected by the trial or attack details.12) The present firewall values are provided on external network user attack protection, from the internal network users to attack to rely on internal network host system by. The firewall can't forbid apostates or company spy sensitive data is copied to a floppy disk or PCMCIA card, and took them out of the company.13) The firewall can prevent data driven attack. If the user is graspinga program on the local operation, the program is likely to include a malicious code. With the Java, JavaScript and ActiveX controls a large number of use, this problem becomes more and more sharp.14) Packet filtering technology, as the name suggests is in proper position on the network data packets carried out selectively by, selectionbasis, namely system within a set of filter rules ( often referred to as the access control list -- Access Control List ), only to meet the data packet filtering rules to be forwarded to the corresponding network interface, the remaining data package is removed from the data stream.15) D ifferent types of firewalls are able to provide identification and authentication functions, the network user is usually considered credible, outside the network of users in access network resources are usually certified. Password authentication from the technical point of view, is not a very strong authentication, password based attack is a common attack, firewall, other filter access authentication method: one time password, the password based on time and challenge response scheme.16) I ntrusion detection is the rational supplement of the firewall, the help system against network attack, expanded the safe management of system administrator ( including safe audit, surveillance, attack recognition and response), improve the integrity of the information security foundation structure. It is thought to be behind a firewall second security gate, without affecting the performance of network condition on the network can be detected, thereby providing for internal attacks, external attack and wrong operation real time protection.17) I ntrusion detection, Intrusion Detection, is on the intrusion behavior found, through the computer network or computer systems in a number of key point of collecting and analyzing the information, found from the network or system of violating security policy behavior and signs of attack.18) The IDS system 's two major functions: real-time detection and safety audit. Real time detection of real-time monitoring, analysis of the network of all data packets, and real-time processing of the captured data packets; security audit based on IDS system records the network time for statistical analysis, found that the abnormal phenomenon, that the security state of the system, find out the evidence required.19) Most of the traditional intrusion detection system ( IDS ) take based on network or host based approach to identify and avoid attack. In either case, the product will be looking for" the attack flag", i.e. a malicious or questionable intent to attack mode. When the IDS in the network to find these patterns, it is based on the network. And when the IDS in a record file for the attack when the mark, which is based on host.20) Based on sentence due to IDS (HIDS) using data is the main source of audit log, system log, application logs and network connection data, these data have the success / failure event information, so it can becompared based on network IDS more accurately determine whether the attack was successful.21) IEFE based on IP draft definition VPN: using IP mechanism simulation of a private network, through private tunnel in public data network technology in simulation of a point-to-point line technology. Virtual private network is to rely on the ISP ( Internet service provider ) and other network service provider, in a public network for data communication network technology.22) VPN also made up of 3 components, different VPN connection using a tunnel as a transmission channel, the tunnel is built in a public network or a private network on the basis of, such as Internet or Intranet, users no longer need to have special long-distance data line.23) Security is one of the important features of the special network. Because VPN directly built on the public network, the realization of a simple, convenient and flexible, but at the same time, the security problem is more prominent. The enterprise must make sure that the VPN transmitted data are not the attacker snoops and tamper with, and to prevent the illegal user from cyber source or private information access. ExtranetVPN enterprise network expansion to partners and customers, for the safety of a higher demand.24) VPN requires the enterprise of its network management functions from the local area network seamlessly extends to the public network, or even customers and partners, although can be some minor network management task to the service provider to complete, enterprises still need to accomplish many tasks of network management, so, the VPN system should support the user management. The VPN management including safety management, equipment management, configuration management, access control list management, QoS management, to achieve reduced network risk, with high scalability, economy, high reliability target.25) VPN through the public network to establish links, so it is necessary to use encryption to prevent eavesdropping, protection of corporate data security. Common encryption algorithm including DES,3DES etc.. DES key length of 56 bits, easily deciphered, 3DES uses three encryption of increased safety.26) Computer virus epidemic began in November 2, 1988. The United States Cornell University 23 years of graduate Lott Maurice produced a worm, and putting it on the Internet to the United States, resulting in the computer network of more than 6000 computers were infected, manynetworked computers to shutdown, the direct economic losses of $96000000.27) A computer virus is a small program, able to replicate themselves, will own the virus code attached to other procedures, through the execution of other programs, for the propagation of the virus program, have a certain latency, when conditions are ripe, they are all sorts of sabotage, the effects of computer use.28) Now popular virus is composed of that deliberately prepared, most viruses can be found on the author information and the origin of information, through the analysis of large volumes of data statistics, virus author main condition and objective is: some talented programmer to show and prove their ability, due to the dissatisfaction of boss, for the curious, in retaliation, in order to congratulate and courtship, in order to get control of the password, to prevent software to get paid for the trap.29) Hybrid virus is not a simple file type virus and boot viruses simply added together, there is a conversion process, which is the most key. Generally take the gimmick: files for viruses when performing the virus writes the boot area, it is easy to understand.30) The computer virus is an objective existence, objective existence has its characteristics, computer virus is no exception. Essentially, a computer virus is a program code, although it may well hidden, but also left many traces. Through to these traces of discrimination, we can find the computer virus in the presence of.。

Review Questions第一章1.Which characteristics of a multiterminal system make it different from a computer network?A processing power of multiterminal systems remained fully centralized, whilecomputer networks have a distributed processing power.一个多端系统处理能力仍然完全集中，而计算机网络具有分布式处理能力。

2.When were the first important results achieved in the field of joining computers using long-haul links?In the late 60s在60年代后期3.What is ARPANET?A.A network of supercomputers belonging to military organizations and research institutes in the United StatesB.An international scientific research networkC.The technology of creating WANsA is correct4.When did the first network operating systems appear?In the late 60s60年代后期5.In what order did the events listed here take place?A.The invention of WebB.The development of standard LAN technologiesC.The start of voice transmission in digital form through telephone networksThe invention of World Wide Web互联网的诞生6.Which of the events stimulated LAN development?Appearance of large-scale integrated circuits (LSI devices) resulted in invention of microcomputers which in its turn stimulated a research activity in the area of local computer networks (LANs). The adoption of personal computers was a powerful incentive for the development of LANs.大规模集成电路（LSI器件出现）导致这反过来刺激了研究活动在本地计算机网络（LAN）的微型计算机的发明。

信息管理专业英语第⼆版参考答案Unit 1【Ex1.】根据课⽂容，回答以下问题。

1．In human terms and in the broadest sense, information is anything that you are capable of perceiving.2．It includes written communications, spoken communications, photographs, art, music, and nearly anything that is perceptible.3．If we consider information in the sense of all stimuli as information, then we can’t really find organization in all cases. 4．No.5．Traditionally, in libraries, information was contained in books, periodicals, newspapers, and other types of recorded media. People access it through a library’s catalog and with the assistance of indexes, in the case of periodical and newspaper articles.6．Computerized “information systems”.7．The problem for most researchers is that they have yet to discover the organizing principles that are designed to help them find the information they need.8．For library materials, the organizing principle is a detailed subject classification system available for searching in an online “catalog”.9．The one thing common to all of these access systems is organization.10．No, it isn’t.【Ex2.】根据给出的汉语词义和规定的词类写出相应的英语单词。

《信息安全原理与技术》第2版部分习题与参考答案选择题1.如果m表示明文,c表示密文,E代表加密变换,D代表解密变换,则下列表达式中描述加密过程的是( A )A、c=E(m)B、c=D(m)C、m=E(c)D、m=D(c)2.将获得的信息再次发送以在非授权情况下进行传输，这属于（D ）A 窃听B篡改C 伪装D 重放3. DES加密过程用以下形式交换，其中正确的是( B )A、L i-1=R i-1R i-1=L i-1⊕f(R i,K i) i=1,2,3, (16)B、L i=R i-1R i=L i-1⊕f(R i-1,K i) i=1,2,3, (16)C、L i-1=R i+1 R i=L i+1⊕f(R i-1,K i) i=1,2,3, (16)D、L i-1=R i-1R i=L i+1⊕f(R i-1,K i) i=0,1,2,3, (15)4. 在不知道密钥的情况下，通过获取密文而恢复明文的方法是。

（ C ）A、密钥管理B、数据加密解密算法C、密码分析D、密码编码5. RSA属于（ B ）A、传统密码体制B、非对称密码体制C、现代密码体制D、对称密码体制6.下面哪个加密算法被选为AES( B )A MARSB RijndaelC TwofishD E27. AES中输入密钥扩展为44个字所组成的数组，每一轮有4个字的密钥，这里一个字的位数是（ C ）A、8B、16C、32D、648. DES中子密钥的位数是（ B ）A、32B、48C、56D、649. 如果使用两密钥的Triple-DES，则下面正确的是（A ）A C = E K1[D K2[E K1[P]]]BC = E K1[E K2[E K1[P]]]C C = E K3[D K2[E K1[P]]] D C = E K1[D K2[D K1[P]]]答案：ADBCB BCBA1. DES中如果S盒输入为110011，则对应输入位置为（ B ）A、第2行第9列B、第4行第10列C、第3行第10列D、第3行第11列2. 密码编码学的目的是（ A ）A．伪装信息B．破译加密消息C．窃取信息 D．密码分析3. 每次加密一位或者一个字节是（ B ）A、离散密码B、流密码C、随机密码D、分组密码4. 在下列密码体制中，加密密钥k1 解密密钥k2 是相同的。

计算机网络安全第二版课后答案【篇一：计算机网络安全教程第2版__亲自整理最全课后答案】txt>一、选择题1. 狭义上说的信息安全，只是从自然科学的角度介绍信息安全的研究内容。

2. 信息安全从总体上可以分成5个层次，密码技术是信息安全中研究的关键点。

3. 信息安全的目标cia指的是机密性，完整性，可用性。

4. 1999年10月经过国家质量技术监督局批准发布的《计算机信息系统安全保护等级划分准则》将计算机安全保护划分为以下5个级别。

二、填空题1. 信息保障的核心思想是对系统或者数据的4个方面的要求：保护（protect），检测（detect），反应（react），恢复（restore）。

2. tcg目的是在计算和通信系统中广泛使用基于硬件安全模块支持下的可信计算平台trusted computing platform，以提高整体的安全性。

3. 从1998年到2006年，平均年增长幅度达50％左右，使这些安全事件的主要因素是系统和网络安全脆弱性（vulnerability）层出不穷，这些安全威胁事件给internet带来巨大的经济损失。

4. b2级，又叫结构保护（structured protection）级别，它要求计算机系统中所有的对象都要加上标签，而且给设备（磁盘、磁带和终端）分配单个或者多个安全级别。

5. 从系统安全的角度可以把网络安全的研究内容分成两大体系：攻击和防御。

三、简答题1. 网络攻击和防御分别包括哪些内容？答：①攻击技术：网络扫描，网络监听，网络入侵，网络后门，网络隐身②防御技术：安全操作系统和操作系统的安全配置，加密技术，防火墙技术，入侵检测，网络安全协议。

2. 从层次上，网络安全可以分成哪几层？每层有什么特点？答：从层次体系上，可以将网络安全分为4个层次上的安全：（1）物理安全特点：防火，防盗，防静电，防雷击和防电磁泄露。

（2）逻辑安全特点：计算机的逻辑安全需要用口令、文件许可等方法实现。

Unite 1Section A: 1、artificial intelligence 人工智能2、paper-tape reader 纸带阅读器3、Optical computer 光学计算机4、Neural network 神经网络5、Instruction set 指令集6、Parallel processing 并行处理器7、Difference engine差分机8、Versatile logical element 多用途逻辑元件9、Silicon substrate 硅衬底10、Vaccum tube 真空管11、数据的存储与管理the storage and management of data12、超大规模集成电路large-scale integrated circuit13、中央处理器central processing unit14、个人计算机personal computer15、模拟计算机analog computer16、数字计算机digital computer17、通用计算机general purpose computer18、处理器芯片processor chip19、操作指令operating instructions20、输入设备input devicesSection B1、artificial neural network 人工智能神经网络2、Computer architecture 计算机体系结构3、Robust computer program 健壮的计算机程序4、Human-computer interface 人机接口5、Knowledge representation 知识代表6、数值分析numerical analysis7、程序设计环境programming environment8、数据结构data structure9、存储和检索信息store and retrieve information10、虚拟现实virtual realityUnit 2Section A：1、function key 功能键2、V oice recognition module 声音识别调制器3、Touch-sensitive region 触敏扫描仪4、Address bus 地址总线5、Flatbed scanner 平板扫描仪6、Dot-matrix printer 矩阵式打印机7、Parallel connection 并行连接8、Cathode ray tube 阴极射线管9、Video game 电子游戏10、Audio signal 音频信号11、操作系统operating system12、液晶显示liquid crystal display13、喷墨打印机inkjet printer14、数据总线data bus15、串行连接serial connection16、易失性存储器volatile memory17、激光打印机laser printer18、磁盘存储器floppy disc19、基本输入输出系统basic input/output system20、视频显示器video displaySection B:1、interrupt handler 中断处理程序2、Virtual memory 虚拟内存3、Context switch 上下文转换4、Main memory 主存5、Bit pattern 位模式6、外围设备peripheral device7、进程表process table8、时间片time slice9、图形用户界面graphics user interface10、海量存储器mass storageUnit 3Section A:1、storage register 存储寄存器2、Function statement 函数语句3、Program statement 程序语句4、Object-oriented language 面向对象语言5、Assembly language 汇编语言6、Intermediate language 中间语言7、Relational language 关系语言8、Artificial language 人工语言9、Data declaration 数据声明10、SQL 结构化查询语言11、可执行程序executable program12、程序模块program module13、条件语句conditional statement14、赋值语句assignment statement15、逻辑语言logic statement16、机器语言machine language17、函数式语言functional language18、程序设计语言programming language19、运行计算机程序run a omputer program20、计算机程序员computer programmerSection B1、native code 本机代码2、Header file 头文件3、Multithreaded program 多线程程序4、Java-enabled browser 支持Java的浏览器5、Mallicious code6、机器码machine code7、汇编码assembly code8、特洛伊木马程序trojan9、软件包software package10、类层次class hierarchyUnit 4Section A1、inference engine 推理机2、System call 系统调用3、Compiled language 编译执行的语言4、Parellel computing 并行计算5、Pattern matching 模式匹配6、Memory location 存储单元7、Interpreter program 解释程序8、Library routine 库程序9、Intermediate program 中间程序10、Source file 源文件11、解释执行的语言interpreted language12、设备驱动程序device driver13、源程序source program14、调试程序debugger15、目标代码object code16、应用程序application program17、实用程序utility program18、逻辑程序logic program19、黑盒ink cartridge20、程序的存储与执行storage and execution of program Section B1、Messaging model 通信模式2、Common language runtime 通用语言运行时刻（环境）3、Hierarchical namespace 分层的名称空间4、Development community 开发社区5、CORBA 公共对象请求代理体系结构6、基本组件basic components7、元数据标记metadata token8、虚拟机VM virtual machine9、集成开发环境IDE（intergrated development environment）10、简单对象访问协议SOAP(simple object access protocol) Unit 5Section A1、system specification 系统规范2、Unit testing 单元测试3、Software life cycle 软件的生命周期4、System validation process 系统验证过程5、Evolutionary development process 进化发展过程6、Simple linear model 简单线性模型7、Program unit 程序单元8、Throwaway prototype 一次性使用原型9、Text formatting 文本格式10、System evolution 系统演变11、系统设计范例paradigm for system design12、需求分析与定义Requirements analysis and definition13、探索式编程方法exploratory programming approach14、系统文件编制system documentation15、瀑布模型waterfall model16、系统集成system integration17、商用现成软件commercial off-the-shelf software18、基于组件的软件工程component-based software engineering19、软件维护工具software maintenance tool20、软件复用software reuseSection B1、check box 复选框2、Structured design 结构化设计3、Building block 构建模块4、Database schema 数据库模式5、Radio button 单选按钮6、系统建模技术system modeling techniques7、模型驱动开发MDD(model-driven development)8、数据流程图data flow diagram9、下拉式菜单drop-down10、滚动条scroll barUnit 6Section A1、end user 终端用户2、Atomic operation 原子操作3、Database administrator 数据库管理员4、Relational database model 关系数据库模型5、Local data 本地数据6、Object-oriented database 面向对象的数据库7、Database management system 数据库管理系统8、Entity-relationship model 实体关系模型9、Distributed database 分布式数据库10、Flat file 展开文件11、二维表two-dimensional table12、数据属性data attributes13、数据库对象database object14、存储设备storage device15、数据类型data type16、数据插入与删除insertion and deletion17、层次数据库模型hierarchical18、数据库体系结构database architecture19、关系数据库管理系统ralational database management system20、全局控制总线global control busSection B1、nonvolatile storage system 易失性存储系统2、Equitment malfunction 设备故障3、Wound-wait protocol 损伤等待协议4、Exclusive lock 排它锁5、Database integrity 数据库完整性6、共享锁shared lock7、数据库实现database implementation8、级联回滚cascading rollback9、数据项data item10、分时操作系统time sharing operating system ;Unit 7Section A1、microwave radio 微波无线电2、digital television 数字电视3、DSL 数字用户线路4、analog transmission 模拟传输5、on-screen pointer 屏幕上的指针6、computer terminal 计算机终端7、radio telephone 无线电话8、cellular telephone 蜂窝电话，移动电话，手机9、decentralized network 分散型网络10、wire-based internal network 基于导线的内部网络，有线内部网11、光缆fiber-optic cable12、传真机fax machine13、线通信wireless communications14、点对点通信point-to-point communications15、调制电脉冲modulated electrical impulse16、通信卫星communication(s) satellite17、电报电键telegraph key18、传输媒体transmission medium (或media)19、无绳电话cordless telephone20、金属导体metal conductorSection B1、bit map 位图2、parallel port 并行端口3、direct memory access (DMA) 直接存储器存取4、universal serial bus 通用串行总线5、general-purpose register 通用寄存器6、电路板circuit board7、串行通信serial communication8、数码照相机digital camera9、存储映射输入/输出memory-mapped I/O10、有线电视cable televisionUnit 8Section A1、file server 文件服务器2、carrier sense 载波检测3、Protocol suite 协议族4、Peer-to-peer model 点对点模型5、bus topology network 总线拓扑网络6、inter-machine cooperation 计算机间合作7、Ethernet protocol collection 以太网协作集8、Proprietary network 专有网络9、utility package 实用软件包10、star network 星形网络11、局域网local area network (LAN)12、令牌环token ring13、无线网络wireless network14、封闭式网络closed network15、环形拓扑网络ring topology16、客户/服务机模型client/server model17、网络应用程序network application18、进程间通信interprocess communication19、打印服务机printer server20、广域网wide area networkSection B1、routing path 路由选择通路2、dual-ring topology 双环形拓扑结构3、extended star topology 扩展星形拓扑结构4、backbone network 基干网，骨干网5、mesh topology网络拓扑结构6、同轴电缆coaxial cable7、逻辑拓扑结构logical topology8、无冲突连网环境collision-free networking environment9、树形拓扑结构tree topology10、目的地节点destination nodeUnit 9Section A1、cell phone 蜂窝电话，移动电话，手机2、IP address 网际协议地址，IP地址3、autonomous system 自主系统4、dial-up connection 拨号连接5、network identifier 网络标识符6、binary notation 二进制记数法7、mnemonic name 助记名，缩写名8、Internet-wide directory system 因特网范围的目录系统9、name server 名称服务器10、Internet infrastructure 因特网基础结构11、助记地址mnemonic address12、网吧cyber cafe13、宽带因特网访问broadband Internet access14、顶级域名top-level domain (TLD)15、因特网编址Internet addressing16、点分十进制记数法dotted decimal notation17、因特网服务提供商Internet service provider (ISP)18、专用因特网连接dedicated Internet connection19、主机地址host address20、硬件与软件支持hardware and software support Section B1、incoming message 来报，到来的报文2、application layer 应用层3、utility software 实用软件4、sequence number （顺）序号，序列号5、remote login capabilities 远程登录能力6、端口号port number7、软件例程software routine8、传输层transport layer9、文件传送协议FTP（File Transfer Protocol）10、万维网浏览器Web browserUnit 10Section A1、mailing list 邮件发送清单，邮件列表2、proprietary software 专有软件3、cc line 抄送行4、bcc line 密送行5、forwarded e-mail messages 转发的电子邮件6、e-mail convention 电子邮件常规7、click on an icon 点击图标8、confidential document 密件，秘密文件9、classified information 密级信息10、recovered e-mail message 恢复的电子邮件11、常用情感符commonly used emoticon12、已删除电子邮件deleted e-mail13、电子系统electronic system14、附件行Attachments line15、版权法copyright law16、电子邮件网规e-mail netiquette17、信息高速公路information superhighway18、签名文件signature file19、电子数据表程序spreadsheet program20、文字处理软件word processorSection B1、web-authoring software 网络写作软件2、template generator 模版生成程序3、navigation page 导航页面4、corporate logo 公司标识5、splash page 醒目页面，过渡页6、导航条navigation bar7、节点页面node page8、网站地图site map9、可用性测试usability testing10、图形交换格式gif（Graphics Interchange Format）Unit 11Section A1、customized marketing strategy 定制的营销策略2、B2G transaction 企业对政府交易3、mobile telephone 移动电话4、dot-com bust 网络不景气5、smart card 智能卡，灵巧卡6、digital piracy 数字盗版7、dot-com boom 网络繁荣8、C2C transaction 消费者对消费者交易9、Web auction site 拍卖网站10、fingerprint reader 指纹读取器11、射频识别装置radio-frequency identification (RFID) device12、电子数据交换electronic data interchange (EDI)13、库存管理技术inventory management technology14、知识产权intellectual property15、条形码bar code16、货币兑换currency conversion17、电子图书electronic book18、视网膜扫描仪retina scanner19、个人数字助理personal digital assistant (PDA)20、企业对企业电子商务B2B electronic commerceSection B1、software suite 软件套件2、text box 文本框3、virtual checkout counter 虚拟付款台4、static catalog 静态目录5、browser session 浏览器会话期6、动态目录dynamic catalog7、购物车软件shopping cart software8、供应链supply chain9、企业资源计划软件enterprise resource planning (ERP) software10、税率tax rateUnit 12Section A1、encryption program 加密程序2、deletion command 删除命令3、authorized user 授权的用户4、backup copy 备份5、voltage surge 电压浪涌6、circuit breaker 断路器7、electronic component 电子元件（或部件）8、data-entry error 数据输入错误9、electronic break-in 电子入侵10、power line 电力线，输电线11、检测程序detection program12、电源power source13、破坏性计算机程序destructive computer program14、计算机病毒computer virus15、软件侵权software piracy16、硬盘驱动器hard-disk drive17、病毒检查程序virus checker18、主存储器primary storage19、电子公告板electronic bulletin board20、浪涌电压保护器surge protectorSection B1、phishing attack 网络钓鱼攻击2、graphics card 显（示）卡3、heuristic analysis 试探性分析4、infected file 被感染文件5、virus dictionary 病毒字典6、数据捕获data capture7、恶意软件malicious software8、病毒特征代码virus signature9、防病毒软件antivirus software10、内存驻留程序memory-resident program。

第一章Computer system overview(操作系统概述)I. Pre-reading Questions1.What is a digital computer?The digital computer is a digital system that performs various computational tasks. The word “digital”implies that theinformation in the computer is represented by variables that take a limited number of discrete values. These values are processed internally by components that can maintain a limited number of discrete states. Digital computer is also called electronic computer or computer.2.Are there any differences between the binary number system and the common decimal number system?The decimal digits has ten digits: 0,1,2,…, and 9. The binary number system has two digits: 0 and 1. The binary numbers use a base 2. The decimal digits use a base 10.3.How many types of computers do you know? Name at least four of them. Computers are usually classified into four broad categories: microcomputers, minicomputers, mainframe computers and supercomputers.II Fill in the following blanks.1.Application software is designed to accomplish real-world tasks in fields.2. An 8-bit signed integer can have any value between -128 and 1273. System software controls the computer and enables it to run the hardware and applications software.4. A computer system consists of hardware system and software system .5. List four types of computers: microcomputers, minicomputers , mainframe computers,and supercomputers .III True or False.1. The software system is the physical equipment that you can see and touch. 1.F2. Typically, a data value is set to zero to represent FALSE and 1 value forTRUE. 2. F3. In the earliest general-purpose computer, most input and output media were magnetic disks. 3. F4. Supercomputers are largest, fastest, and most expensive computer available.4.T5. A computer system consists of hardware system and software system. 5. T IV Matching terms.1、(b) CPU The processing unit is at the heart of a computer.2、(c) bit A unit of information conveyed by a single binary digit.3、(a) integrated circuit (IC)A complete electronic circuit that packages transistors and other electronic components on a small silicon chip.4、(d) ASCII A system for encoding characters as binary digits.V Translating Terms.(1) coding techniques 编码技术(2) application software 应用软件(3) floating point data 浮点数据(4) timesharing 分时，分时技术(5) storage capacities 存储容量VI Choose the best one of the four answers given to fill in each blank.This chapter introduces digital computer, data types, the evolution of computers, and types of computers. 1 is known to all, it’s hard to find a field in 2 computers are not being used. Digital computer, also called electronic computer or computer, is a digital system that 3 various computational tasks. Digital computers use the 4 number system, which has two digits: 0 and 1.By usingvarious coding 5 , groups of bits can be made to represent not only binary numbers 6 other discrete symbols, such as decimal digits or letters of the alphabet. A computer system consists of hardware system and software system. Programs tell the hardware what to do. 7 software is designed to accomplish real-world tasks in fields such as accounting, entertainment, and engineering. Computers are usually 8 into four broad categories: microcomputers, minicomputers, mainframe computers, and supercomputers. It’s hard to give a 9 definition to each type because computer speeds and storage 10 change rapidly.1. A. As B. It C. As it D. That2. A. what B. which C. where D. when3. A. performs B. carries C. makes D. integrates4. A. decimal B. binary C. Arabian D. American5. A. technique B. Technology C. techniques D. technologies6. A. instead of B. rather than C. but also D. as well7. A. Application B. System C. Word D. Excel8. A. put B. made C. conducted D. classified9. A. precious B. progress C. proceeding D. precise10. A. capacities B. capable C. capabilities D. capacity1.A2. B3. A4. B5. C6. C7. A8. D9. D 1 0.CVII. Translate the following into English.1.By using various coding techniques, groups of bits can be made to represent not only binary numbers but also other discrete symbols.通过应用各种编码技术。

PT Activity: Configure a Network for Secure Operation Addressing TableLearning Objectives•Secure the routers with strong passwords, password encryption and a login banner.•Secure the console and VTY lines with passwords.•Configure local AAA authentication.•Configure SSH server.•Configure router for syslog.•Configure router for NTP.•Secure the router against login attacks.•Configure CBAC and ZPF firewalls.•Secure network switches.Introductionbinatio.o.securit.measure.tha.wer.introduc e.i.th.course.Thes.measure.ar.liste.i.th.objectives.work. ar.interconnecte.vi.th.R.route.whic.represent.th.ISP.Yo.wil.configur.variou.securit.feature.o.tpan.B.No.al.securit.feature.wil.b.configure.o.R.an.R3.The following preconfigurations have been made:•Hostnames on all devices•IP addresses on all devices•R2 console password: ciscoconpa55•R2 password on VTY lines: ciscovtypa55•R2 enable password: ciscoenpa55•Static routing•Syslog services on PC-B•DNS lookup has been disabled•IP default gateways for all switchesTask 1: Test Connectivity and Verify ConfigurationsSte.1.Verif.I.addresses.Verify 核实, 查证Ste.2.Verif.routin.tables.Ste.3.Tes.connectivity.（连通性）From PC-A, ping PC-C at IP address 192.168.3.5.Task 2: Secure the RoutersSte.1.Se.minimum（最小值..passwor.lengt.o.1.character.o.route.R.an.R3.Ste.2.Configure（安装.a.enabl.secre.passwor.o.route.R.an.R3.Use an enable secret password of ciscoenpa55.Ste.3.Encryp.plaintex.passwords.（将明文译成密码）此命令将配置文件中的当前和将来的所有明文密码加密为密文Ste.4.Configur.th.consol.line.o.R.an.R3.Configur..consol.passwor.of ciscoconpa55 an.enabl.login（进入系统，登陆）.Se.the exec-timeout t.log（记录.ou.after 5 minute.o.inactivity（静止）man.entry.（进入）Ste.5.Configur.vt.line.o.R1.Configur..vt.lin.passwor.of ciscovtypa55 an.enabl.login.Se.the exec-timeout t.lo.ou.after 5 minute.o.inactivity.Se.th.logi.authentication（认证.th.default（系统默认值ter.Note（注意）: The vty lines on R3 will be configured（配置） for SSH in a later task.（工作）Ste.6.Configur.logi.banner（登陆提示banner, 旗帜, 标语.o.R.an.R3.Configure a warning（警告） to unauthorized（非法的） users with a message-of-the-day (MOTD) banner that says: “No Unauthorized Access!”.Task 3: Configure Local Authentication on R1 and R3e.database.（数据库）Create a local user account（账户） of Admin01 with a secret password of Admin01pa55.Privilege（特权）用此用户名登陆的用户访问特权级别为15（详见书29页）Ste.2.Enabl.AA.services.Ste.3.Implement（实施, 执行in.th.loca.database.（本地数据库）Create the default login authentication method list using local authentication with no backup （备份）method.（详见p47）Task 4: Configure NTPSte.1.Enabl.NT.authenticatio.o.PC-A.O.PC-A.choos.the Config tab.an.the.the NTP button（按钮）.Select On fo.NT.service. Enable authenticatio.an.enter（进入..Ke.of 1 an..passwor.of ciscontppa55.Ste.2.Configur.R.a.a.NT.Client.（客户）Configur.NT.authenticatio.Key 1 wit..passwor.of ciscontppa55.Configur.R.t.synchronize（同步in.Key 1.Ste.3.Configur.router.t.updat.hardware（硬件.clock.Configure routers to periodically（定期地） update the hardware clock with the time learned from NTP.Task 5: Configure R1 as Syslog ClientSte.1.Configur.R.t.timestamp（时间戳.lo.messages.Configure timestamp service for logging on the routers.Ste.2.Configur.R.t.lo.message.t.th.syslo.server.Configure the routers to identify (识别)the remote（远程） host（主机） (syslog server) that will receive（接受） logging messages.You should see a console message similar（相似的） to the following:SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.6 port 514 started - CLI initiatedSte.3.Check（检查.fo.syslo.message.o.PC-B.O.R1.exi.confi.mode（模式.t.generate（使形成..syslo.message.Ope.th.syslo.serve.o.PC-.t.vie.th.messag.sen.fro.R1.Yo.shoul.se..messag.simila.t.th.followin.o.th.syslo.server:%SYS-5-CONFIG_I: Configured from console by consoleTask 6: Secure Router Against9（反对） Login Attacks（攻击）Ste.1.Lo.unsuccessfu.logi.attempts（攻击.t.R1.Ste.2.Telnet(远程登陆)t.R.fro.PC-A.Telne.fro.PC-.t.R.an.provide(提供ername Admin01 an.password Admin01pa55.Th.Telne.shoul.b.successful.Ste.3.Telne.t.R.fro.PC-.an.chec.syslo.message.o.th.syslo.server.ernam.of baduser an.an.password .Chec.th.syslo.serve.o.PC-B.Yo.shoul.se.a.erro.messag.simila.t.th.followin.tha.i.generate.b.th.faile.logi.attempt.SEC_LOGIN-4-LOGIN_FAILED:Login failed [user:baduser] [Source:192.168.1.5] [localport:23] [Reason:Invalid login] at 15:01:23 UTC Wed June 17 2009Task 7: Configure SSH on R3Ste.1.Configur..domain（域名.name.Configure a domain name of on R3.Ste.2.Configur.th.incoming（引入的.vt.line.o.R3.Use the local user accounts for mandatory（强制的） login and validation（生效） and accept only SSH connections（连接）.Ste.3.Configur.RS.encryption（加密.ke.pair（秘钥对.fo.R3.An.existing（当前的.RS.ke.pair.shoul.b.erased（清除.o.th.router.I.ther.ar.n.key.currently （当前.configure..messag.wil.b.displayed（显示的.indicating（表明，指示.this.Configur.th.RS.key.wit..modulus（系数.o.1024.Ste.4.Configur.SS.timeouts(超时设定.an.authenticatio.parameters.（参数）Set the SSH timeout to 90 seconds, the number of authentication retries（重试次数） to 2, and the version（版本） to 2.Task 8: Configure CBAC on R1.I.ACL.Create an IP ACL named OUT-IN to block （阻止）all traffic originating（起源） from the outside network.Apply （应用）the access list to incoming traffic on interface Serial 0/0/0.Ste.2.Confir.tha.traffi.entering（进入.interfac.Seria.0/0/.i.dropped.man.prompt, ping PC-C.Th.ICM.echo（重复.replies（回答.ar.blocked（禁止.b.th.ACL.Ste.3.Creat.a.inspection（检查.rul.t.inspect（检查.ICMP.Telne.an.HTT.traffic.Create an inspection rule named IN-OUT-IN to inspect ICMP, Telnet and HTTP traffic.Ste.4.Appl.th.inspec.rul.t.th.outsid.interface.Apply the IN-OUT-IN inspection rule to the interface where traffic exits（出口） to outside networks.Ste.5.Tes.operation（操作.o.th.inspectio.rule.man.prompt, ping PC-C.Th.ICM.ech.replie.shoul.b.inspecte.an.allowe.through. Task 9: Configure ZPF on R3Ste.1.Tes.connectivity.（连通性）Verify that the internal（内部的） host can access external resources.（使用外部资源）From PC-C, test connectivity with ping and Telnet to R2; all should be successful.Fro.R2 ping t.PC-C.Th.ping.shoul.b.allowed.Ste.2.Creat.th.firewal.zones.Create an internal zone named IN-ZONE.Create an external zone named OUT-ZONE.Ste.3.Creat.a.AC.tha.defines（规定.interna.traffic.Create an extended（扩展的）, numbered ACL that permits all IP protocols（协议） from the 192.168.3.0/24 source network to any destination.（目的地） Use 101 for the ACL number.Ste.4.Creat..clas.ma.referencing(引用.th.interna.traffi.ACL.Create a class map named IN-NET-CLASS-MAP to match（匹配） ACL 101.（详见p92）Ste.5.Specif.firewal.policies.（指定防火墙策略）Create a policy（策略） map named IN-2-OUT-PMAP to determine（决定） what to do with matched traffic.Specify a class type of inspect and reference class map IN-NET-CLASS-MAP.Specify the action of inspect for this policy mapYou should see the following console message:%N.specifi.protoco.configure.i.clas.IN-NET-CLASS-MA.fo.inspection.Al.protocol.wil.b.inspected.”Exit to the global config prompt.（全局配置模式）Ste.6.Appl.firewal.policies.d IN-2-OUT-ZPAIR.Specif.th.sourc.an.destinatio.zone.tha.wer.create.earlier.Attach（附加） a policy map and actions to the zone pair referencing the policy map previously created, IN-2-OUT-PMAP.Exit to the global config prompt and assign（分配） the internal and external interfaces to the security zones.Ste.7.Tes.firewal.functionality.（功能）Verify that the internal host can still access external resources.From PC-C, test connectivity with ping and Telnet to R2; all should be successful.Fro.R2 ping t.PC-C.Th.ping.shoul.no.b.blocked.Task 10: Secure the SwitchesSte.1.Configur.a.enabl.secre.passwor.o.al.switches.Use an enable secret password of ciscoenpa55.Ste.2.Encryp.plaintex.passwords.（将明文译成密码）Ste.3.Configur.th.consol.line.o.al.switches.Configur..consol.passwor.of ciscoconpa55 an.enabl.login.Se.the exec-timeout t.lo.ou.after 5 man.ent ry.Ste.4.Configur.vt.line.o.al.switches.Configur..vt.lin.passwor.of ciscovtypa55 an.enabl.login.Se.the exec-timeout t.lo.ou.after 5 minute.o.inactivity.Se.th.basi.logi.parameter.Ste.5.Secur.trun.ports（端口.o.S.an.S2.Configure port Fa0/1 on S1 as a trunk port.Configure port Fa0/1 on S2 as a trunk port.Verify that S1 port Fa0/1 is in trunking mode.Set the native VLAN（本征VLAN） on S1 and S2 trunk ports to an unused（不用的）VLAN 99.Set the trunk ports on S1 and S2 so that they do not negotiate（转让） by turning off the generation of DTP frames.（防止DTP数据帧产生）Enable storm（风暴） control for broadcasts on the S1 and S2 trunk ports with a 50 percent rising suppression level.Ste.6.Secur.acces.ports.Disable trunking on S1, S2 and S3 access ports.Enable PortFast on S1, S2, and S3 access ports.（详见P127）Enable BPDU guard（监视） on the switch ports previously（先前） configured as access only..th.sticky（粘连.option.Re-enabl.eac.acces.por.t.whic.por.securit.wa.applied.Disable any ports not being used on each switch.（关闭未使用的端口）Task 11: VerificationSte.1.Tes.SS.configuration.Attempt to connect to R3 via Telnet from PC-C.From PC-C, enter the command to connect to R3 via Telnet at IP address 192.168.3.1. This connection should fail, since R3 has been configured to accept only SSH connections on the virtual terminal lines.From PC-C, enter the ssh –l Admin01 192.168.3.1 command to connect to R3 via SSH. When prompted for the password, enter the password Admin01pa55 configured for the local administrator.Use the show ip ssh command to see the configured settings.Ste.2.Verif.timestamps.NT.statu.fo.R.an.PC-A.Ste.3.Tes.CBA.firewal.o.R1.Ping from PC-A to R2 at 10.2.2.2 (should succeed)Telnet from PC-A to R2 10.2.2.2 (should succeed)Ping from R2 to PC-A at 192.168.1.3 (should fail)Ste.4.Tes.ZP.firewal.o.R3.Ping from PC-C to R2 at 10.2.2.2 (should succeed)Telnet from PC-C to R2 at 10.2.2.2 (should succeed)Ping from R2 to PC-C at 192.168.3.5 (should fail)Telnet from R2 to R3 at 10.2.2.1 (should fail – only SSH is allowed)Ste.5.Verif.por.security..the sho.run comman.t.confir.tha.S.ha.adde..stick.MA.addres.fo.Fa0/18.Thi.shoul.b. e.Selec.PC-B.G.t.the Config tab.Selec.FastEtherne.unde.the Interface section.Edi.th.MA.addres.field. This should cause a port security violation and S2 should shut down port Fa0/18.Us.the sho.interfac.Fa0/18 comman.t.vie.th.statu.o.th.port.Th.por.shoul.b.i.th.err-disable.state.O.PC-B.g.t.the Config tab.Selec.FastEtherne.unde.the Interface section.Chang.th.MA.addres.t.an othe.address.From interface configuration mode on switch S2 for Fa0/18, use the no switchport port-security mac-address sticky address command to remove the original PC-B learned address.Shutdown and then re-enable the Fa0/18 interface.On S2, use the show run command to confirm that the port comes up and that the new MAC address has been learned.Note.I.i.i.desire.t.reconnec.th.P.wit.th.origina.MA.address.yo.ca.simpl.chang.th.MA.addr mand.o.por.Fa0/18.I.t h.P.o..NI.i.bein.replace.an.wil.hav..ne.MA.address.yo.mus.firs.remov.th.ol.learne.addres s.Ste.6.Chec.results.Your completion percentage should be 100%. Click Check Results to see feedback and verification of which required components have been completed.Al.content.ar.Copyrigh..1992–rmatio n.。

计算机专业英语课后答案（清华⼤学出版社第⼆版）第⼀章Computer system overview(操作系统概述)I. Pre-reading Questions1.What is a digital computer?The digital computer is a digital system that performs various computational tasks. The word “digital”implies that theinformation in the computer is represented by variables that take a limited number of discrete values. These values are processed internally by components that can maintain a limited number of discrete states. Digital computer is also called electronic computer or computer.2.Are there any differences between the binary number system and the common decimal number system?The decimal digits has ten digits: 0,1,2,,, and 9. The binary number system has two digits: 0 and 1. The binary numbers use a base 2. The decimal digits use a base 10.3.How many types of computers do you know? Name at least four of them. Computers are usually classified into four broad categories: microcomputers, minicomputers, mainframe computers and supercomputers.II Fill in the following blanks.1.Application software is designed to accomplish real-world tasks in fields.2. An 8-bit signed integer can have any value between -128 and 1273. System software controls the computer and enables it to run the hardware and applications software.4. A computer system consists of hardware system and software system .5. List four types of computers: microcomputers, minicomputers , mainframe computers,and s upercomputers .III True or False.1. The software system is the physical equipment that you can see and touch. 1.F2. Typically, a data value is set to zero to represent FALSE and 1 value forTRUE. 2.F3. In the earliest general-purpose computer, most input and output media were magnetic disks. 3. F4.T4. Supercomputers are largest, fastest, and most expensive computer available.5. A computer system consists of hardware system and software system. 5. T IV Matching terms.1、(b) CPUThe processing unit is at the heart of a computer.2、(c) bit A unit of information conveyed by a single binary digit.3、(a) integrated circuit (IC)A complete electronic circuit that packages transistors and other electronic components on a small silicon chip.4、(d) ASCII A system for encoding characters as binary digits.V Translating Terms.(1) coding techniques 编码技术(2) application software 应⽤软件(3) floating point data 浮点数据(4) timesharing 分时，分时技术(5) storage capacities 存储容量VI Choose the best one of the four answers given to fill in each blank.This chapter introduces digital computer, data types, the evolution of computers, and types of computers. 1 is known to all, it’s hard to find a field in 2 computers are not being used. Digital computer, also called electronic computer or computer, is a digital system that 3 various computational tasks. Digital computers use the 4 number system, which has two digits: 0 and 1.By usingvarious coding 5 , groups of bits can be made to represent not only binary numbers 6 other discrete symbols, such as decimal digits or letters of the alphabet. A computer system consists of hardware system and software system. Programs tell the hardware what to do. 7 software is designed to accomplishreal-world tasks in fields such as accounting, entertainment, and engineering. Computers are usually 8 into four broad categories: microcomputers, minicomputers, mainframe computers, and supercomputers. It’s hard to give a 9 definition to each type because computer speeds and storage 10 change rapidly.1. A. As B. It C. As it D. That2. A. what B. which C. where D. when3. A. performs B. carries C. makes D. integrates4. A. decimal B. binary C. Arabian D. American5. A. technique B. Technology C. techniques D. technologies6. A. instead of B. rather than C. but also D. as well7. A. Application B. System C. Word D. Excel8. A. put B. made C. conducted D. classified9. A. precious B. progress C. proceeding D. precise10. A. capacities B. capable C. capabilities D. capacity1.A2. B3. A4. B5. C6. C7. A8. D9. D 1 0.CVII. Translate the following into English.1.By using various coding techniques, groups of bits can be made to represent not only binary numbers but also other discrete symbols.通过应⽤各种编码技术。

《信息安全原理与技术》习题参考答案郭亚军，宋建华，李莉，董慧慧清华大学出版社第1章1.1 主动攻击和被动攻击是区别是什么？答：被动攻击时系统的操作和状态不会改变，因此被动攻击主要威胁信息的保密性。

主动攻击则意在篡改或者伪造信息、也可以是改变系统的状态和操作，因此主动攻击主要威胁信息的完整性、可用性和真实性。

1.2 列出一些主动攻击和被动攻击的例子。

答：常见的主动攻击：重放、拒绝服务、篡改、伪装等等。

常见的被动攻击：消息内容的泄漏、流量分析等等。

1.3 列出并简单定义安全机制的种类。

答：安全机制是阻止安全攻击及恢复系统的机制，常见的安全机制包括：加密机制：加密是提供数据保护最常用的方法，加密能够提供数据的保密性，并能对其他安全机制起作用或对它们进行补充。

数字签名机制：数字签名主要用来解决通信双方发生否认、伪造、篡改和冒充等问题。

访问控制机制：访问控制机制是按照事先制定的规则确定主体对客体的访问是否合法，防止未经授权的用户非法访问系统资源。

数据完整性机制：用于保证数据单元完整性的各种机制。

认证交换机制：以交换信息的方式来确认对方身份的机制。

流量填充机制：指在数据流中填充一些额外数据，用于防止流量分析的机制。

路由控制机制：发送信息者可以选择特殊安全的线路发送信息。

公证机制：在两个或多个实体间进行通信时，数据的完整性、来源、时间和目的地等内容都由公证机制来保证。

1.4 安全服务模型主要由几个部分组成，它们之间存在什么关系。

答：安全服务是加强数据处理系统和信息传输的安全性的一种服务，是指信息系统为其应用提供的某些功能或者辅助业务。

安全服务模型主要由三个部分组成：支撑服务，预防服务和恢复相关的服务。

支撑服务是其他服务的基础，预防服务能够阻止安全漏洞的发生，检测与恢复服务主要是关于安全漏洞的检测，以及采取行动恢复或者降低这些安全漏洞产生的影响。

1.5 说明安全目标、安全要求、安全服务以及安全机制之间的关系。

答：见图1.4，全部安全需求的实现才能达到安全目标，安全需求和安全服务是多对多的关系，不同的安全服务的联合能够实现不同的安全需求，一个安全服务可能是多个安全需求的组成要素。

《信息安全工程》各章节习题解答第1章习题1、思考：当无法使用信息系统或信息，尤其是丧失保密性，完整性，可用性，不可否认性时，可能会带来那些问题？解答提示：机密性也被称为保密性，是指信息不被泄漏给非授权的用戸、实体、进程，或被其利用的特性。

机密性确保只有那些被授予特泄权限的人才能够访问到信息。

完整性是指信息未经授权不能进行更改的特性，即信息在存储或传输过程中保持不被偶然或蓄意地删除、修改、伪造、乱序、重放、插入等破坏和丢失的特性。

可用性是信息可被授权实体访问并按需求使用的特性，即用户在需要时就可以取用所需的信息。

不可否认性又称拒绝否认性、抗抵赖性，指网络通信双方在信息交互过程中，确信参与者本身和所提供的信息貞•实同一性，即所有参与者不可否认或抵赖本人的真实身份，以及提供信息的原样性和完成的操作与承诺。

可以看岀，这些特性都是信息安全的基本属性以及基本目标，如果丧失了这些属性，那就谈不上什么安全了，整个信息系统或者信息没有任何的安全防护能力，从而导致信息安全事件的发生。

2、什么是信息安全工程？为什么需要信息安全工程？解答提示：信息安全工程是采用工程的概念、原理、技术和方法，来研究、开发、实施与维护信息系统安全的过程，是将经过时间考验证明是正确的工程实践流程、管理技术和当前能够得到的最好的技术方法相结合的过程。

信息安全工程是信息安全保障的重要组成部分, 针对目前信息化建设过程中'‘重技术，轻管理”、“重应用，轻安全”、“重要素、轻过程”、" 先建设，后安全“等问题，强调信息安全建设必须同信息化建设''同步规划、同步实施”，解决信息系统生命周期的“过程安全”问题，因此需要信息安全工程。

3、信息安全体系模型是什么？试比较不同的信息安全体系模型。

解答提示：信息安全体系模型是信息安全体系建设的基础，能够为信息安全的解决方案和工程实施提供依拯和参照。

就像建造一座大厦需要事先设计蓝图一样,进行信息安全建设，也需要一个实施依据，这就是整体上考虑的信息安全体系。

信息安全技术复习资料第一章1.对于信息的功能特征，它的____基本功能_____在于维持和强化世界的有序性动态性。

2.对于信息的功能特征，它的____社会功能____表现为维系社会的生存、促进人类文明的进步和自身的发展。

3.信息技术主要分为感测与识别技术、__信息传递技术__、信息处理与再生技术、信息的施用技术等四大类。

4.信息系统是指基于计算机技术和网络通信技术的系统，是人、____规程_________、数据库、硬件和软件等各种设备、工具的有机集合。

5.在信息安全领域，重点关注的是与____信息处理生活周期________相关的各个环节。

6.信息化社会发展三要素是物质、能源和____信息________。

7.信息安全的基本目标应该是保护信息的机密性、____完整性________、可用性、可控性和不可抵赖性。

8.____机密性________指保证信息不被非授权访问，即使非授权用户得到信息也无法知晓信息的内容，因而不能使用。

9.____完整性________指维护信息的一致性，即在信息生成、传输、存储和使用过程中不应发生人为或非人为的非授权篡改。

10._____可用性_______指授权用户在需要时能不受其他因素的影响，方便地使用所需信息。

这一目标是对信息系统的总体可靠性要求。

11.____可控性________指信息在整个生命周期内都可由合法拥有者加以安全的控制。

12.____不可抵赖性________指保障用户无法在事后否认曾经对信息进行的生成、签发、接收等行为。

13.PDRR模型，即“信息保障”模型，作为信息安全的目标，是由信息的____保护____、信息使用中的___检测____、信息受影响或攻击时的____响应____和受损后的___恢复____组成的。

14.当前信息安全的整体解决方案是PDRR模型和___安全管理_________的整合应用。

1.DoS破坏了信息的（C）。

A.保密性B.完整性C.可用性D.可控性2.用户收到了一封可疑的电子邮件，要求用户提供银行账户及密码，这是属于何种攻击手段？（B）A.缓冲区溢出攻击B.钓鱼攻击C.后门攻击D.DDoS攻击3.在网络安全中，中断指攻击者破坏网络系统的资源，使之变成无效的或无用的，这是对（A）的攻击。