The development of computer network technology and the influence that use pair of mankind life style are greater and greater. Receive repeatedly through Internet net almost the world assumes office He Yitai computer. Accordingly, the concept of traditional safe region also had produced profound change, border becomes ambiguous, network system manager also cannot be satisfied at observing safe border again; Also no longer confidence protects sensitive information no risk at all. More and more evidence show the security of computer information system is very flimsy. The safe problem of the information system that is based on the computer, network has become very serious problem.
One, access control and attack to detect: Stand sentry with patrol
The classical method that assures information system safety is “ accesses control ” or “ visit controls ” , this kind of method is in classical and the most important step that implements systematic safety strategy is in modern safe theory. But up to now, the degree of the safe system that the form that software project technology has not reached A2 class place to ask is generated or proves a system, assure any system 100 percent impossibly so (especially rock-bottom system) in nonexistent safe flaw. And, no matter be in theoretic still be in practice, try complete fill the safe flaw of a system is impossible, practical without a kind still also method solves lawful user to be in the problem that differentiate ” through “ identity or the privilege abuses after ” of “ identity attestation. Make an example, classical safe system resembles a city, when identity attestation seems to go into town like checking travel permit, emphasize a dot to depend on be on guard spy interfuse; But this kind of measure the safety to city still is far insufficient.
Attack detects the complement that serves as other and classical method and strengthen, it is last indispensable line of defence in any security system; It is OK that attack detects the aggressor in cent discovers onlinely for passive, blame and discovering computer network system real time, onlinely two kinds of methods. From inbreak illegally in great quantities or computer theft case can see clearly, the “ of the mainest defense line of all of computer science department accesses control ” or “ visit controls ” , in a lot of circumstances either those who prevent to the outside inbreaks illegally and prevent in-house user to atttack is absolutely impeccable protective screen. The ground or crustily abuse a privilege and the case that atttacks a success in great quantities is caused. Attack detects the technology is similar to public security patrol, note overweight technically discovery is suspicious-looking person, the aggressor of information system passed the identity inspection of city gate very likely, perhaps climb jumped over a city wall and in interfuse city; Want to enhance the safe strength of information system further at this moment, add a group with respect to need a patrol, be in charge of technically checking the personnel with furtive in the city doubtful operation.
Previous12 3 4 5 Next