1 A vulnerability is a weakness that a person can eXploit to accomplish something that is not
authorized or intended as legitimate u of a network or system.
一个漏洞是一个软弱,一个人要有所成就,能利用未被授权或打算作为合法使用网络或系统。
When a vulnerability is exploited to compromi the curity of systems or information on tho systems,the result is a curity incident,Vulnerabilities may be caud by engineering or design errors,or faulty implementation.
当一个漏洞是利用妥协的安全系统或信息在这些系统中,其结果是一个安全漏洞事件,可能是由于工程或设计错误,或错误的实现。
Why the Internet Is Vulnerable(为什么互联网是脆弱)
2 Many early network protocols that now form part of the Internet infrastructure were designe without curity in mind.
许多早期的网络协议,现在互联网基础设施的组成部分是不安全的理念,设计。
Without a fundamentally cwre infrastructure,network defen becomes more diffcult.
没有从根本上安全的基础设施、网络防御变得更加困难。
green tea bitchFurthermore, the Internet is an extremely dynamic environment, in terms of both topology and emerging technology。
此外,互联网是一个极端地动态环境的要求,包括拓扑和新兴技术。
3 Becau of the interent opnness of the Internet and the original design of the protocols,Internet attacks in general are quick,,easy, inexpensive。and may be hard to detect or trace。An attacker does not have to be phsically prent to carry out the attack.
由于互联网的营销公开和原设计的协议、网络攻击通常是快速,简单,便宜,而且可能很难检测或跟踪一个攻击者不必一股脑的礼物进行攻击。
pissIn fact,many attacks can be launched readily from anywhere in the word, and the location of the attacker can easily be hidden.
事实上,许多攻击可以启动容易从任何地方在词的位置,攻击者可以很容易的被隐藏。
Nor is it always necessary to“break in”to a site (gain privileges on it ) to compromi confidentiality,integrity,or availability of its information on rvice.
也不是一定要“打破”网站(获得特权)英语教师培训妥协的保密性,完整性或可用性的信息服务。
4 Even so,many sites place unwarranted trust in the Internet.
即便如此,许多网站在互联网的地方毫无根据的信任。
It is common for sites to be unaware of the risks or unconcerned about the amount of trust they place in the Intemet. with all my heart
这是常见的网站不知道或不关心的风险量的信任他们的地方在因特网。
They may not be aware of what can happen to their information and systems.
他们可能还不知道会发生什么,他们的信息和系统。
They may believe that their site will not be a target or that precautions they have taken are sufficient.
他们可能认为,他们的网站将不是一个目标,或者他们已经采取足够的预防措施。
Becau the technology is constantly changing and intruders are constantly developing new tools and techniques,solutions do not remain effective indefinitely.
因为技术是不断变化的,不断发展新的入侵者是工具和技术,解决方案不能无限期地保持有效。
5 Since much of the traffic on the Internet is not encrypted,confidentiality and integrity are diffcult to achieve.
因为大部分的交通网络是不加密的edp,保密性和完整性都难实现。
This situation undermines not only annlications (such as financial applications that are ne
twork-bad ) but also more fundamental mechanisms such as authentication and non-repudiation.
这种情况不仅annlications破坏(如金融应用程序格莱美2011获奖名单,这些应用程序是基于网络的),但也更根本的机制,比如身份验证和不可抵赖性。
As a result, sites may be affected by a curity compromi at another site over which they have no control .
因此,网站可能会受到安全妥协在另一个网站而失去控制。
An example of this is a packet sniffer that is installed at one site but allows the intruder to gather information about other domains (possibly in other counties).
一个例子是一个数据包嗅探器,安装在一个站点上但允许入侵者收集信息关于其他域(可能在其他国家)。
6 Another factor that contributes to the vulnerability of the Internet is the rapid growth and
u of the netword,accompanied by rapid deployment of network rvices involving complex applications.
另一个因素导致的脆弱性是互联网快速发展和使用网络,伴随着快速部署的网络服务涉及复杂的应用程序。
Often,the rvices are not designed, configured,or maintained curely.
通常,这些服务不是设计、配置或维护安全。
In the rush to yet new products to market developers do not adequately ensure that they do not repeat previous mistakes or introduce new vulnerabilities
在急于然而新产品市场开发人员不充分确保他们不重复以前的错误或引入新的漏洞
7Compounding the problem, operating system curity is rarely a purcha criterion.
让问题更加复杂的是,操作系统安全是很少购买标准。
Commercial operating system vendors often report that sales are driven by customer demand for performance,price,easy of u,maintenance,and support.
商业操作系统供应商经常报告,销售是由客户要求的性能、价格、容易使用、维护和支持。 believeinyourlf>ret
As a result ,off-the-shelf operating systems are shipped in an easy-to-u but incure configuration that allow sits to u the system soon after installation.
因此,现成的操作系统是在一个易于使用的但不安全的运来配置,允许坐使用系统安装后不久。
The host/sites are often not fully configured from a curity perspective before connecting.
这些主机/南昌会计网站常常没有完全配置之前从安全角度连接。
proforma invoice
This lack of cure configuration makes them vulnerable to attacks,which sometimes occur within minutes of connection.
这种缺乏安全的配置使他们容易受到攻击,这有时发生后几分钟内连接。
