信息安全英文演讲

TYPICAL SYMPTOMS
– File deletion – File corruption 文件损坏 – Visual effects – Pop-Ups 弹出窗口 – Erratic (and unwanted) behavior 不稳定（和不必要的）的行为 – Computer crashes 死机
———HQ YUNNAN UNIVERSITY
Main contents
1 2 3 4
Basic concepts and principles Security issues and threatens Security policy and technology Popular fallacies and strategies
Examples
• • • • • • • • Computer viruses Network Worms 网络蠕虫 PopPop-Ups 插入式网络广告 Trojan Horses 特洛伊木马 Spam 垃圾电子邮件 Password Grabbers 密码采集卡 Password Crackers 密码破解 Hijacked Home Pages 劫持主页
MORE ON THE HORSE…….
A Trojan Horse exploits computer ports letting its “friends” enter, and
• A computer program
Tells a computer what to do and how
to do it.
Computer viruses, network worms, Trojan Horse
These are computer programs.
DIFFERENCES
Three core principles:
confidentiality, integrity and availability. 1. Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. 2. Integrity means that data cannot be modified undetectably. 3. Availability: For any information system to serve its purpose, the information must be available when it is needed.
Information security
We know, information security is so important in our life. Then, it is necessary to know what is information security, and how to guarantee it .
• (5) tapping(窃听): Using a variety of possible legal or illegal means to steal system information resources and sensitive information. • • (6) business flow analysis(业务流分析): longterm monitoring of the system by using the statistical method, which found valuable information and laws. • (7) Passing: deception through communications system to impersonate a legitimate user of illegal users. Most hackers are using fake attack.
2. Security problems and threatens
• Major 百度文库roblems
• cyber attacks and attack detection, prevention issues 网络攻击与攻击检测、防范问题 • security vulnerabilities and security countermeasures problem 安全漏洞与安全对策问题 • Information Security issues • security problems within the system 系统内部安全防范问题 • problem防病毒问题 • data backup and recovery issues, disaster recovery issues 数据备份与恢复问题、 灾难时恢复问题
AND A FEW MORE REASONS
Market share(占有率) is more important than security Interface(界面) design is more important than security New feature designs are more important than security Ease of use is more important than security
Why Do We Have This Problem?
• Software companies rush products to the consumer market (“No program should go online before its time…”) Recycling old code reduces development time, but perpetuates(永存) old flaws(缺陷).
Security classification for information
• The type of information security classification labels selected and used will depend on the nature of the organisation, look the following examples: • 1.In the business sector, labels such as: Public, Sensitive, Private, Confidential(保密). • 2.In the government sector, labels such as: Unclassified, Sensitive But Unclassified, Restricted(限制), Confidential(机密), Secret, Top Secret(绝密) and their non-English equivalents. • 3.In cross-sectoral formations(跨部门的单位), the Traffic Light Protocol, which consists of: White, Green, Amber(黄色) and Red.
1) Computer Virus: •Needs a host file •Copies itself •Executable 2) Network Worm: •No host (self-contained) •Copies itself •Executable 3) Trojan Horse: • No host (self-contained) •Does not copy itself •Imposter Program
DID YOU KNOW?
• In 1980 a computer cracked a 3character password within one minute. • In 1999 a team of computers cracked a 56-character password 56within one day. (一天之内破获56个字符的密码) 一天之内破获56个字符的密码 个字符的密码) • In 2004 a computer virus infected 1 million computers within one hour.
1. Basic concepts and principles
• Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
• Security threatens
• (1) Information disclosure: information is leaked or disclosed to a non-authorized entities. • (2) damage to the integrity of information: data is carried out unauthorized deletion, modification or destruction and loss. • (3) denial of service: information or other resources on the legal access is unconditionally blocked. • (4) unlawful use of (unauthorized access): a resource is a non-authorized persons, or unauthorized use.
Three phases
• We learn information security through three phases: • ——data security (emphasis on secure communications) • ——network and information security era (emphasis on network environment) • —— the current era of information assurance (emphasis it can not be passive protection, the need for protection - detection - reaction restore, four links).
• (8) Trojan horse(特洛伊木马): an aware of the software contains no harmful block, when it is executed, will destroy the user's security. This application is called Trojan horse. • (9) Computer virus: A computer system is running against infection and functions to achieve the program. • (10) Physical invasion(物理侵入): to bypass the physical control of the intruder to gain access to the system. • …………