计算机网络安全 第一章 (英文)
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Computer Security: Principles and Practice P i i l d P ti Chapter 1 ––Overview
Chapter 1
William Stallings and Lawrie
Brown
Lecture slides by Lawrie Brown L t lid b L i B
Please classify each of the following as a violation of (A) confidentiality, (B) integrity, (C) availability, or (D) non integrity, (C) availability, or (D) non--g y,()y,()repudiation:
(a)
A copies B’s homework. (b)
A crashes B’s operating system. (c)
A changes the amount on B’s check from 100 to 10001000. (d)
A forges B’s signature on a land acquisition contract
A i t th d i Bjt bli hi
(e) A registers the domain name
and refuses to let the publishing house buy or use
the domain name the domain name.
Please classify each of the following as a violation of (A) confidentiality, (B) integrity, (C)
i l ti f(A)fid ti lit(B)i t it(C) availability, or (D) non--repudiation: availability, or (D) non
●(a) A copies B’s homework. [1 point] confidentiality
●(b) A crashes B’s operating system. [1 point]
availability
il bilit
●(c) A changes the amount on B’s check from 100 to
1000. [1 point] integrity
1000[1point]integrity
●(d) A forges B’s signature on a land acquisition
contract. [1 point] non--repudiation
non
contract. [1 point] non
contract[1point]non-
●(e) A registers the domain name
and refuses to let the publishing house buy or use the and refuses to let the publishing house buy or use the
domain name. [1 point] availability
Overview
Computer Security
Threats attacks and assets
Threats , attacks and assets
Security functional requirements
A security architecture for open system Computer security strategy
Computer security strategy
Outline
p
The focus of this chapter is on three fundamental questions:
1.What assets do we need to protect?
2.How are those assets threatened?
2How are those assets
3.What can we do to counter those threats?
NIST NIST 成立于1901年,原名美国国家标准局(NBS ),月经美国总统批准改为1988年8月,经美国总统批准改为美国国家标准与技术研究院(NIST )。
NIST 4个研究所:国家计量研究所、国家工程研究所、下设个研究所:国家计量研究所、国家程研究所、材料科学和工程研究所、计算机科学技术研究所。所下设中心,中心下分组,组下设实验室。计算机科学技术研究所负责发展联邦信息处理标准参与 计算机科学技术研究所负责发展联邦信息处理标准,参与发展商用ADP 标准,开展关于自动数据处理、计算机及有关系统的研究工作。在制定联邦自动数据处理政策方面向白宫管理和预算办公室以及国会总审计局提供科学和技术咨询。在计算机科学和技术方面向政府其它机构提供咨询
和技术帮助为完成各项具体任务保持计算机科学和技和技术帮助。为完成各项具体任务,保持计算机科学和技术的能力,该所设有程序科学与技术和计算机两个中心。
Computer Security
Computer Security Computer Security:
protection afforded to an automated protection afforded to an automated information system in order to attain the applicable objectives of preserving the applicable objectives of preserving the
and availability
availability of
integrity, and confidentiality, integrity,
information system resources
information system resources.. information system resources
(includes hardware, software, firmware,
information/data, and telecommunications). information/data, and