Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008




НазваниеУчебно-методическое пособие Для студентов, аспирантов Таганрог 2008
страница7/16
Дата06.09.2012
Размер1.67 Mb.
ТипУчебно-методическое пособие
1   2   3   4   5   6   7   8   9   10   ...   16







  1. Match the lines.

    1. assurance a) host

    2. trial b) analysis

    3. covert c) cipher

    4. estimate d) text

    5. vulnerability e) measures

    6. carrier f) encipherment

    7. integrity g) aids

    8. automated h) protection

    9. communicating i) communication

    10. null j) the risk




  1. Put the verbs in brackets in the correct form Active or Passive.


1. Back in the 90-s, Anti-virus researchers first (fight back) by creating special detection routines designed to catch each polymorphic virus, one by one.

  1. By hand, line by line, they (write) special programs.

  2. W.F.Friedman’s monograph «The index of Coincidence and its Application in Cryptography» (appear) in 1918.

  3. US Army and Navy (work) entirely in secret, when their specialists (begin) making fundamental advances in cryptography.

  4. H.Feistel, who earlier (worked) on identification friend or foe devices for the Air Force, (change) the sphere of his scientific interests.

  5. The earliest ciphers (involve) only vowel substitution.

  6. French cryptographer of the 16th century B. de Vigenere (produce) a more sophisticated autokey cipher, but for the last 400 years people (attach) his name to a weaker cipher.

  7. Ch.Wheatstone (initiate) the usage of electromagnets in electric generators.

  8. The US government (make) network intrusions but detection and enforcement are very difficult.

  9. The rule of coding (can, express) by the code table.

  10. Codes, in which all combinations (have) identical length, (name) uniform.

  11. There are the cases when the information (transfer) not only from onе subscriber to another, but also in the opposite direction.

  12. Memory cards (not process) the information.

  13. Message-digest algorithms (develop) in 1989 – 1991.

  14. The global network Internet (take) a significant place for the last 50 years.

  15. The traditional cryptosystems (design) so that they (accept) only identical keys which (use) for encryption and decryption.

  16. H.Yardley (organize) and (direct) the US government’s breaking of the codes during the First World War.

  17. Cryptographic key (can/hide) within the user’s biometric template.

  18. If a photon pulse (measure) in the wrong basis, a random result (get).




  1. Give definitions of the following terms.

Availability, hill climbing algorithm, plaintext, optional authentication of the client, reduce risk, semagram, ciphertext-only solution.


  1. Translate into Russian.

  1. Part 2 of the CC, security functional requirements, establishes a set of functional components as a standard way of expressing the functional requirements for TOEs.

  2. Unauthorised access to the database can be carried out in a form of passive attacks (e.g. monitoring of network).

  3. As time went on more and more cultures were finding situations where cryptography was a necessary part of the transaction.

  4. This protection profile specifies security requirements for database management systems and organizations where there are requirements for protection of the confidentiality, integrity and availability of information stored in the database.




  1. Translate into English.




  1. Термин «угроза» обозначает события, которые могут иметь неблагоприятные последствия.

  2. Управление информационными рисками – сложный процесс, требующий постоянного анализа рисков.

  3. Вопросы безопасности должны быть неотъемлемой частью разработки компьютерных приложений.

  4. Хорошо спланированная и выполненная оценка риска должна эффективно определять и измерять последствия широкого спектра угроз.

  5. Количественная и качественная метрические схемы, применяемые для измерения элементов риска, были впервые разработаны Национальным бюро стандартов.


Communication


Role play. Work over the role you’ve chosen. Be ready to take part in the conference.


International Conference on Computer Security and Privacy.

Chairman. Study the topics and summaries of the reports. Think of the agenda, your comments and possible questions.

Secretary. Be ready to make notes of the reports, questions and answers.

Members of the conference. Be ready to present your report using diagrams and hand-out. Take part in the discussion of the reports.

Journalists. Study the topics and summaries of the reports. Listen to the presentation of the reports. Be ready to ask questions.


Writing

Write an abstract of your report.


Unit 7. MEANS AND METHODS FOR THE INFORMATION

PROTECTION IN THE GLOBAL NETWORK INTERNET


Vocabulary


What do the following terms and word combinations mean?

Unauthorized user, information safety assurance, integrity, confidentiality, availability, penetration, embedding of a program, intrusion, smart-attack.


Texts

Pre-reading task.

Dwell on the role and the sphere of application of Internet in the life of the modern society.


Text 1. The information protection in the global network internet.

The global network INTERNET takes a significant place in a life of the modern society. Nowadays the INTERNET covers many spheres of activities, in particular, such branches as information technologies, commercial operations, information interchange, bank business, education etc. The access of organization to the global network INTERNET essentially increases its functioning effectiveness and opens a set of new opportunities. On the other hand, the organization should provide the creation of information resources protecting system to prevent an access of unauthorized users, who may use, modify or destroy important information. Regardless of its specifics, the information protecting system for global networks is part of general security complex that directed on information safety assurance. The information protection is the complex of means directed on information safety assuring. In practice it should include maintenance of integrity, availability, confidentiality of the information and resources used for data input, saving, processing and transfer. The complex character of this problem emphasizes that for its solution the combination of legislative, organizational and software-hardware measures should be realized.

The main threats to the information safety in the INTERNET.

The unauthorized access (UAA) in the INTERNET can be performed, in particular, using the following actions:

– penetration into network with the purpose of reading the confidential information;

– penetration into network with the purpose of updating or destroying the existing information;

– embedding of the programs - viruses, which will disorganize the network functions or perform the all the above mentioned actions;

– destroying of the INTERNET-servers functioning or local computers connected to the INTERNET.

All these actions can be realized separately or in any combination.

Let's list some examples of the unauthorized intrusions in the INTERNET: smart attacks of the INTERNET-viruses, the Troyan programs that assemble the secured information from WEB-pages, destroy the servers functioning etc.

The protection from unauthorized access in the INTERNET.

Every information protecting mean is directed to the certain type of safety threats, and realizes the protection against specific types of the unauthorized access. There are program and hardware protecting tools.

The software protecting tools are program complexes intended to reveal and to prevent the possible UAA threats. The examples of software protection tools are: firewalls, cryptographic program means, authenticating means, means for the vulnerable network components definition and protection.

The hardware tools are the set of hardware means intended to the data enciphering and to the protection from viruses. The examples of hardware tools are: cryptographic electronic boards and hardware complexes-anti-viruses.

Nowadays the simple approaches to the protection system organization are the most widespread, such as the systems for protection from the unauthorized users’ access. These systems are rather reliable however they do not offer the required flexibility. They are based on the various tools for protection assurance, for example, the tools that permit the data transfer only to those users who possess the certain addresses of network protocol IP, tools that deny the direct users access to the INTERNET resources and local networks. The shortcomings of this approach consist in narrowness of the solved problem: to prevent access of the unauthorized users to the various local networks. The similar protection is used for access prevention of the certain users of the local network (for example, corporate network of the enterprise) to the all INTERNET resources, except for electronic mail. The principle of this protection method is the following: the protection of the local information and decreasing of external channels traffic. However users and providers of the INTERNET services are more concerned in maintaining of general safety of network, in particular, the confidentiality of the information of the sender and receiver, and the absolute reliance is necessary for the providers and users that on the other end of the communication channel is the legal user.


Answer the questions.

What types of information threats in Internet do you know? What are the most widespread means for information protection? What are the demerits of using Internet?

Text 2. The protocol SLL and its extension PCT.

Read the text and write its summary.

Today the various mechanisms for the solution of the wide spectrum of problems of information safety maintenance in the INTERNET are developed. The most known and the most advanced information protecting mean is protocol Secure Socket Layer (SSL) offered by Netscape. The wide distribution of it is caused the SSL realization by the other large corporations such as the IBM, Microsoft and Spyglass. They have embedded this protocol in the applications using for systems based on architecture the client-server.

The version SSL 2.0 takes into account two most important aspects of information protection in the network: authentication and enciphering. Authentication is necessary for confirmation of the fact that the user is legal. It usually needs for the user only to input the identifier (network "name") and password. However during authenticating process the intruder can "overhear" on the communication channel and intercept the user’s password and identifier. The mechanism of enciphering of the password and identifier before their sending via network is used for its prevention. The mechanism SSL and the authenticating methods of types PAP or CHAP used in many remoted access systems are mainly similar.

The protection from UAA is necessary not only for user identificating data, but also for electronic mail or for confidential files loaded from FTP-server. In the SSL for these purposes is realizing the enciphering that allows to ensure the safety practically to all information, transferred between user and server.

Protocol SSL is not absolutely perfect. Some doubts concerning reliability of used enciphering mechanism are expressed. In order to correct this situation, the Microsoft has offered the extension of the protocol SSL that named PCT (Private Communications Technology). It is expected, that this new protocol will be embedded into the structure of the universal system "Information Server" for access in the INTERNET, created by Microsoft. The additional key specially intended for authentication is proposed in the PCT. Besides that the Microsoft is going to develop more proof algorithm for random numbers generation. This generator, intended for creating of enciphering key, is considered as one weaker item in the protocol SSL safety. It is mentioned, that protocol SSL even supplied with PCT options, is not capable to solve a problem of absolute safety of the information. The systems of general protection, the similar to the combination SSL and PCT only prevent an opportunity of viewing of transferring messages and data contents that may happened on communication lines. However they are not quite suitable for restriction or protection from access to the information sources.

There are several groups of the INTERNET users, whose requirements are out of the frameworks of standard confidentiality. For example one of such large and influential groups is governmental structures. The absolutely reliable authentication is especially important for these structures. The critical importance for them has the guarantee that the users and information services are really legal. The system Fortezza is mechanism guaranteeing the increased information security level and more preferable to these users of the INTERNET.

The system Fortezza for the information protection in the INTERNET

Let us present the some details of the system Fortezza functioning. It is not enough for the users authentication assurance the only their names and passwords, because these parameters may be easily found out. Likewise in the SSL and PCT, in the system Fortezza the total information enciphering also is performing. However, unlike the SLL and PCT, where key length is only 40 bits, here is used key length, as the minimum, 56 bits that corresponds to the standard DBS (Data Encryption Standard). Enciphering algorithm that used in technology Fortezza is known as SKIPJACK. This algorithm meets the Escrowed Encryption Key Standard. SKIPJACK is the block code with the 8 bytes block size and based on symmetric keys (for enciphering and deciphering the same key is using). The enciphering algorithm SKIPJACK in system Fortezza is performed on the specialized cryptographic microprocessor CAPSTONE realized o RISC-technology. Such microprocessors perform the same functions, as microprocessors CLIPPER that used for realization of the algorithm SKIP JACK in the voice (telephone) communication devices.

For the integrity control of the transmitting messages, maintenance of authenticity and impossibility of the authorship denying the technology Fortezza realized the Digital Signature Algorithm (DSA) and hash algorithm Secure Hash Algorithm (SHA-1), corresponded to the standard NITS Digital Signature Standard (DSS).

After the calculation of message hash-function, the 20-byte hash-block is transforming using the algorithm DSA to the 40 bytes length message digital signature. It is necessary to highlight an option DSA to support an information exchange between the users of various network "domains", which can be based on different procedures of keys distribution and certification. At the moment of the technology Fortezza creation there were no governmental or industrial standards of time labels for the digital signature. The additional procedure of the hash-function calculation based on the message hash-block and current time received from a reliable source (for example, crypto-card Fortezza) is applied to "binding" the messages to the time of their creation. It is necessary to notice, that the values P, Q and G used by the algorithm DSA for the signature calculation along with using of the time labels, are common for all systems Fortezza and these numbers are saved in memory by the Fortezza supplier. Because the check of the digital signature in case of the time label using is based on the necessity to synchronize the time sources, and on the calculation of the message delivery time and also because of a number of the other complications, the using of the time labels in technology Fortezza is not obligatory.


Vocabulary tasks

Give as many word combinations as possible and translate them.

Access

System


Form different parts of speech and translate them.

Protect


Give your definitions to the following terms.

Smart attack, flexibility of a system, proof algorithm, shortcoming


Make the word combinations.

1. increase a) safety assurance

2. penetration b) algorithm

3. information c) of an organization

4. reveal d) into account

5. protecting e) security complex

6. access f) effectiveness

7. take g)threats

8. required h) into network

9. general i) tools

10. proof j) flexibility


Complete the text using the terms and word combinations given below.

Change, run together, operating system, to malfunction, floppy discs, follow, to attach themselves

Virus is a self-duplicating computer program that interferes with a computer’s hardware or …. Like any other computer program, a virus must be located in the computer’s memory, and the computer must then … the virus’s instructions. These instructions are called the payload of the virus. The payload may destroy or … data files, display an irrelevant or unwanted message, or cause the operating system ….

Infection is much more frequent in PCs than in professional mainframe systems because programs on PCs are exchanged primarily by means of … , e-mail or over unregulated computer networks.

Some viruses have the ability … to legitimate programs. This attachment may occur when the legitimate program is created, opened or modified. The virus is … with the program.


Translate into Russian the following passage.

Hosts attached to a network - particularly the worldwide Internet - are exposed to a wider range of security threats than are unconnected hosts. Network security reduces the risks of connecting to a network. But by nature, network access and computer security work at cross-purposes. A network is a data highway designed to increase access to computer systems, while security is designed to control access. Providing network security is a balancing act between open access and security.

The highway analogy is very appropriate. Like a highway, the network provides equal access for all - welcome visitors as well as unwelcome intruders. At home, you provide security for your possessions by locking your house, not by blocking the streets. Likewise, network security generally means providing adequate security on individual host computers, not providing security directly on the network.

In very small towns, where people know each other, doors are often left unlocked. But in big cities, doors have deadbolts and chains. In the last decade, the Internet has grown from a small town of a few thousand users to a big city of millions of users. Just as the anonymity of a big city turns neighbors into strangers, the growth of the Internet has reduced the level of trust between network neighbors. The ever-increasing need for computer security is an unfortunate side effect. Growth, however, is not all bad. In the same way that a big city offers more choices and more services, the expanded network provides increased services. For most of us, security consciousness is a small price to pay for network access.

Network break-ins have increased as the network has grown and become more impersonal, but it is easy to exaggerate the extent of these security breaches. Over-reacting to the threat of break-ins may hinder the way you use the network.

Common sense is the most appropriate tool that can be used to establish your security policy. Elaborate security schemes and mechanisms are impressive, and they do have their place, yet there is little point in investing money and time on an elaborate implementation scheme if the simple controls are forgotten.


Translate into English the following passage.


Система распознавания атак должна обеспечивать реализацию следующих функций:

  • обнаружение подготовки к атаке;

  • сборка пакетов;

  • выявление типовых атак на основе базы сигнатур атак;

  • выявление атак; отсутствующих в базе сигнатур, при помощи использования нейронной сети для анализа сетевого трафика;

  • автоматическое осуществление ответной реакции системы в случае обнаружения атаки.

Средства моделирования атак также разрабатываются на основе архитектуры захвата пакетов WinPcap. Программная реализация средств моделирования атак должна предоставлять возможность генерирования трафика с заданными пользователем характеристиками и эмулировать установку и поддержку соединения с целевым хостом.


Grammar


The Gerund.

Употребление. Герундий – неличная форма глагола, имеющая признаки как существительного, так и глагола и выражающая действие, как процесс. Самостоятельно вне контекста на русский язык не переводится, так как в русском языке аналогичных форм нет. Герундий, в зависимости от его функции в предложении, переводится отглагольным существительным, инфинитивом, деепричастием или целым предложением (чаще придаточным). Обороты с герундием широко используются в научно-технической литературе.

Образование. Герундий образуется путем прибавления окончания – ing к основе глагола и выражает отвлеченное понятие о действии, не указывая на число, лицо и наклонение.

Герундий в функции подлежащего может переводиться существительным или инфинитивом.

Using virtual environments has considerably widened the range of training possibilities. Использование виртуальной реальности существенно расширило возможности обучения.

Measuring temperatures is necessary in many experiments. Измерять температуру необходимо при многих опытах.

Именная часть составного именного сказуемого переводится существительным или инфинитивом.

One more fact is worth mentioning. Стоит упомянуть ещё один факт.

I can't help being surprised at their success. - He могу не удивляться их успеху.


Герундий в функции дополнения переводится существительным, придаточным предложением, инфинитивом.

Most memory training systems involve associating the things you want to remember with something you already have safely stored in your head. Большинство систем, тренирующих память, включают процесс ассоциирования вещей, которые вы хотите запомнить, с чем-то, что вы уже надежно запомнили.

Герундий в функции дополнения употребляется:

– после глаголов, выражающих предпочтение like, love, hate, enjoy, prefer и других и после глаголов, выражающих начало, конец и продолжение действия start, begin, continue, finish и других. Нужно иметь в виду, что после них может употребляться и инфинитив, без особого изменения значения высказывания;

– после глаголов stop, regret, remember, forget, mean, go on может употребляться и герундий, и инфинитив, но значение высказывания при этом меняется, что, соответственно отразится и на переводе.

Stop+ герундий – обозначает прекращенное действие.

They stopped discussing the news. Они перестали обсуждать новости.

Stop+ инфинитив - выступает в функции обстоятельства цели.

They stopped to discuss the news. Они остановились, чтобы обсудить новости.

Герундий в функции предложного дополнения переводится существительным или придаточным предложением.

There are many stories about dolphins saving sailors from drowning. Существует много историй о том, как дельфины спасали тонущих моряков от гибели.

The present project aims at promoting an active role of the astronomers. Данный проект нацелен на формирование активной роли астрономов.

There’s a common interest in developing in Naples a laboratory for measurements. Все заинтересованы в открытии в Неаполе лаборатории для измерений.

Всегда употребляется герундий после следующих глаголов: to be capable of, to depend on, to consist in, to result in, to be interested in, to feel like, to look like, to prevent from, to accuse of, to reply on, to approve of, to insist on, to agree to, to be tired of, to think of, to complain of, to rely on, to speak of, to suspect of to look forward. It looks like raining. Похоже на дождь. They insisted on prolonging the negotiations. Они настаивали на продолжении переговоров.

В функции определения герундий обычно употребляется с предлогами "of", "for", "in". Переводится существительным с предлогом или неопределенной формой глагола, а также существительным в родительном падеже.

After his illness he had no chance of passing the examinations. После болезни у него не было никакой возможности сдать экзамены.

Let's hope that they will reject any and every excuse for delaying negotiations. Будем надеяться, что они отклонят любые предлоги приостановки переговоров.

The difficulties in designing these devices led to the development of a new technological method. Трудности в разработке данных приборов привели к развитию нового технологического метода.

Герундий в функции обстоятельства употребляется с предлогами и переводится существительным с соответствующим предлогом или деепричастием.

After detecting. После обнаружения. Before using. Перед использованием.

For demonstrating. Для демонстрации. From damaging. От разрушения.

In transmitting. При передаче, передавая (развернутость процесса).

On achieving. По достижении, (завершенность процесса).

Without increasing. Без увеличения, не увеличивая.

By measuring. Путем (при помощи) измерения.

A system can be realized by making a superconducting tunnel junction. Можно реализовать систему, обеспечив сверхпроводящее туннельное соединение.

On being heated to a sufficient temperature any body becomes a source of light. Любое тело, нагретое до нужной температуры, становится источником света.

In leaving the metal surface the electrons can produce considerable currents. Покидая поверхность металла, электроны могут создать значительный ток.

After/On making a lot of experiments Faradey discovered the electromagnetic induction. Проделав множество экспериментов, Фарадей открыл электромагнитную индукцию.


The Complex Gerundial Constructions.

Употребление. Сочетание герундия с предшествующим ему притяжательным местоимением или существительным в притяжательном или общем падеже называется сложным герундиальным оборотом. Такой оборот обычно переводится придаточным предложением, вводными словами «то, что», «того, что», «о том, что».

Существительное или местоимение, стоящее перед герундием, становится в русском языке подлежащим придаточного предложения, а герундий – сказуемым.

The man's coming so early surprised us. To, что этот человек пришел так рано, нас удивило.

I never doubted his working in this field of science. Я никогда не сомневался в том, что он работает в этой области науки.

Scientists' working together and their sharing ideas with one another is of great advantage for science. To, что ученые работают вместе и делятся своими идеями друг с другом, приносит большую пользу науке.

Если существительное, к которому относится действие, выраженное герундием, является неодушевленным, то оно ставится перед герундием в общем падеже, поскольку в притяжательном падеже неодушевленное существительное употребляться не может.

They insist on this experiment being made once more. Они настаивают на том, чтобы эксперимент был сделан еще раз.

We looked forward to the contract being signed. Мы с нетерпением I ожидали подписания контракта.


Grammar tasks


Test A. Translate the sentences into Russian.

I'm sure we should go on making the experiment. As well as devising the Playfair cipher Charles Wheatstone invented the Wheatstone bridge. One starts performing the encryption by locating the two letters from the plaintext into matrix. The other approach to concealing plaintext structure in the ciphertext involves using several different substitutional ciphers. It is the periodicity of the repeating key which leads to the weakness in this method. Decryption is simply the reverse of the encryption process using the same secret key. When decrypting a route cipher, the receiver simply enters the ciphertext into the agreed- upon matrix. For encrypting elements of a plaintext made up of more than a single letter only digraphs (two successive letters ) have ever been used.


Test B. Find the gerund and the Complex Gerundial Constructions. Translate the sentences into Russian.

They announced that no one had chance of cracking the cipher. Wheatstone's inventing the cipher made development of substitution ciphers. They insisted on the encryption being made. It may be easier to remember this as the plaintext letters being at two corners of a rectangle. He succeeded in cryptoanalyzing running-key ciphers. The Greeks being the inventors of the first transpositional cipher wrote the first work "On the Defence of Fortifications". The first European manual on cryptography, consisting of a compilation of ciphers, was produced by Gabriele de Lavinde of Parma. Herbert Yardley organized and directed the US government's breaking of the codes during and after the First World War.


Test C. Translate the sentences into English.

1. Я не намерен здесь больше оставаться.

2. Извините за беспокойство.

3. Думаю, он способен справиться с этой работой.

4. Я всегда интересовался проблемой защиты от несанкционированного доступа в Интернете.

5. Проект имеет целью разработку политики безопасности Интернет.

6. Спасибо за помощь.

7. Вибрируя в одном направлении, фотоны поляризуются.

8. Мы знаем, что Томко предложил разрабатывать повторяющиеся ключи на основе биометрических данных.


Communication

You’re going to have a job interview. Think and discuss the items of your resume, your the strengths and weaknesses. Discuss your chances to get the job you apply for.


Writing. Resume.


George Amalfi

5001 Lampe Avenue

Consdale, IL 6033(504)347-8432

OBJECTIVE: Commercial Loan Officer


WORK EXPERIENCE: Commercial Credit Analyst
Biggs Bank, Carnsdale, IL


1999-present Analyze and structure commercial loan packages

Develop new business

Manage and trine junior loan officers

Work with domestic clients


EDUCATION: MBA, France

Grandell University, Chicago, IL


June 2000 GPA 3.59


June 1996 BS Business Administration

University of Wisconsin,

Madison WI

GPA 3.59


COURSEWORK: Financial management of banking institutions

Money and banking

Quantitative business methods

Marketing management

International business

HONORS: Crandell University Fellowship


FOREIGN LANGUAGE: Fluent in German


INTERESTS: Triathlete training

Photography


REFERENCES: Available on request


Chronological resume. George’s resume has details about his work experience and coursework that will strengthen his application for the position.


TIMOTHY CHU


309 Fleury Street

St.Paul, MN

38276(022)262353 (day time) (336)47436 (evening)


EDUCATION


June 1988 BS, Management, University of Minnesota

GPA 3.38


OBJECTIVE

Management trainee


SKILLS

Managerial: Planned fundraising activities for nonprofit

corporation

Supervised a staff of six clerical workers

Organized and facilitated clerical planning group to improve work

Organized and conducted aid workshops

Technical: Handled managerial accounts for small company

Estimated data patterns using diverse

forecasting methods

Have experience with cost benefit analysis

Рrogram in MINITAB an BASIC


Analytical: Conducted research project on recidivism

rate among mentally ill in St.Paul

Communication: Implemented project to improve communication between management and clerical staff

Implemented project to improve communication between management and clerical staff

Created system to improve data collection for reports to managemen


PERSONAL

Willing to relocate


References on request


Functional resume. Timothy’s skills have been derived primarily from clerical positions and from volunteer work. As he is looking for a position as a management trainee, he puts his managerial skills first.


ARTHUR TOWNE


478 Coy Drive

Hanes, NH 32456

(303)230-1296


JOB OBJECTIVE Computer programmer/Analyst


QUALIFICATION BS, Management Information Systems

2 years’ full-time programming experience


EXPERIENCE Programmer, Computerland

Boston MA

Designed an integrate sales order/purchase order system

Designed and implemented accounts receivable system and utilities to work with point-of-sale software. Also worked in sales, customer support, and technical service (1997- 1999).


EDUCATION BS, Computer Science,

Boston Collage.

Mathematics minor (June 1999)

COMPUTER SKILLS

Have worked on IBM PC/XT, IMSAI

8080, Northstar Horizon,

HP-2000F, CDC Cyber 170 720-2

Familiar with UNIX, PC-DOS, Primos,

CP/M, NOS.


COURSEWORK

Information systems

Administrations

Management Information systems

Technical Writing

Business Calculus


MEMBERSHIP Data Processing Management


REFERENCES On request


Combination form resumes. This resume combines skills with chronological information. Arthur puts his academic and professional qualifications at the beginning of the resume of the resume and deemphasizes dares. He includes a computer skills section that will be useful for an employer interested in hiring a programmer or analyst.


Additional vocabulary

  1. take a significant place – занимать важное место

  2. an access of organization – доступ организации

  3. increase functioning effectiveness – увеличить эффективность работы

  4. general security complex – комплекс общей безопасности

  5. program and hardware protecting tools – средства защиты программного и аппаратного обеспечения

  6. reveal and prevent possible UAA threats – выявлять и предотвращать возможные угрозы несанкционированного доступа

  7. vulnerable network components definition and protection – определение и защита уязвимых компонентов сети

  8. offer the required flexibility – обеспечить необходимую гибкость

  9. shortcomings of an approach – недостатки подхода

  10. take into account – принимать во внимание

  11. enciphering - криптографическая защита, шифрование

  12. proof algorithm for random numbers generation – надежный алгоритм для получения случайных чисел



Unit 8. INTRANET SECURITY


Vocabulary


What do these terms and words combinations mean?

Repository, misconception, implement a security policy, reusable password, one-time password, remote intranet access, security breach, security outsourcing, internal risk, external risk, data theft, digital certificate, digital signature, Secure Sockets Layer, intranet publishing guideline, reactive, proactive, variable-size input, fixed-size string, collision-free.


Texts

Pre-reading task.

Comment on the reasons of building intranets.


Text 1. Intranet Security

Intranets: An Emerging Business Resource. Intranets are revolutionizing the way organizations function. Internal Web servers have moved from being a repository for simple shared content to encompassing applications that interact with legacy systems. Unfortunately, these advantages also bring critical risks if the intranet is not properly secured. CTR's new report, Intranet Security, is designed to help information systems (IS) managers and other information security personnel work together to build secure corporate intranets. The report discusses the misconception that intranets are intrinsically more secure than Internet applications and explains why businesses must evaluate their risk level before implementing a security policy. Specific security tools and the future of intranets are also examined in detail.

Intranet Security: Internal and External Risks. CTR's Intranet Security report evaluates the internal and external risks related to intranets, including: data theft, viruses, Web server vandalism, client security, and reusable passwords. Reusable passwords act as the doorway for intruders in 72% of attacks. The report addresses the need for strong authentication methods, such as one-time passwords (OTP) and digital certificates. The report also explores the risks associated with providing remote intranet access. Virtual private networks (VPN's) provide a means to securely connect remote offices to the intranet. The technology behind VPN's is examined, as well as the cost of providing access using VPN's versus leased lines. Because intranets are typically open to the entire company, the majority of security breaches are committed internally. The report discusses this issue and offers valuable information on how to protect your organization against internal security breaches.

Intranet Security Solutions. Intranet Security offers an in-depth discussion of available intranet security products and technologies. Perhaps the most well-known measure for securing intranets is the use of firewalls. The report compares the different types of firewall products, describes the capabilities and limitations of firewalls, and offers a set of guidelines for successfully operating firewalls. Another key technology for securing intranets is encryption. The report assesses the need for encryption and offers an overview of important encryption concepts and technologies such as public key encryption, digital signatures, and the Secure Sockets Layer (SSL).

Developing an Intranet Security Policy. Developing an intranet security policy is the most important measure that organizations can take to improve their security. While existing security policies may address computing and network issues, intranet policies must cover such areas as intranet publishing guidelines and employee use of the Internet. CTR's new report provides specific steps for putting together an effective intranet security policy, including conducting a corporate audit, monitoring computer and Internet use, and educating intranet users. Information on how to respond to security incidents and advice on hiring security staff is also included.

Future Trends in Intranet Security. Intranet Security includes a discussion of trends in the intranet security market, including all-in-one solutions, increased use of security outsourcing, and predictions that intranet security breaches will increase in the short-term as many organizations are reactive rather than proactive in implementing intranet security. One important, and very popular, trend in corporate intranets involves making intranets available to third parties. Extended intranets, called extranets, allow customers and business partners’ access to the intranet. This connection enables the use of technologies such as E-commerce. Intranets offer strategic advantages to businesses by creating a centralized knowledge base, enabling collaboration, and providing a standard interface to information across all hardware platforms. As intranets grow into trusted resources, relied on by employees and customers alike, the need to protect them becomes paramount. This new report from CTR includes the tools and information necessary to help ensure the protection and success of your corporate intranet.


Answer the questions.

What is the role of Intranets as business resource? What is the risk of Intranet Security? What are the ways and perspectives of developing an Intranet Security Policy?

1   2   3   4   5   6   7   8   9   10   ...   16

Похожие:

Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие по формированию компетенции в грамматике (английский язык)
Пособие для самостоятельной работы студентов 3 – 4 курсов (бакалавриат). – Таганрог: Изд-во тти, 2008. – 100 с
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconВведение в профессию комплект методического обеспечения учебно-методическое пособие
Учебно-методическое пособие предназначено для преподавателей, студентов, аспирантов
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconСоциология Учебно-методическое пособие для студентов Казань 2010 удк 005 101 1701841 ббк 60 5 (Я 7) Печатается по решению предметно-проблемного совета гуманитарных и социально-экономических дисциплин
Учебно-методическое пособие предназначено для студентов дневной и заочной формы обучения, преподавателей и аспирантов
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие по курсу «Рентгенографический анализ» Казань, 2010
Методическое пособие предназначено для студентов и аспирантов геологического факультета
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие Ярославль, 2009 Скопин А. А., Разработка и технологии производства рекламного продукта: Учебно-методическое пособие. Ярославль, «Ремдер», 2009 118 с
Учебное пособие предназначено для студентов, аспирантов, преподавателей. Актуальность рассматриваемых вопросов делает пособие привлекательным...
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие для аспирантов
Английский язык для аспирантов = English for Post-Graduates / Учеб метод пособие для аспирантов / Авт сост.: О. И. Васючкова, Н....
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие по курсу Технико-экономическое проектирование для студентов специальности 22. 01
Учебно – методическое пособие по курсу “Технико-экономическое проектирование”. Сост. Ю. В. Брусницын, А. Н. Гармаш. Таганрог, трту,...
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие Казань 2008 федеральное агентство по образованию государственное образовательное учреждение высшего профессионального образования
Полевая археологическая практика Казанского государственного университета: Учебно-методическое пособие для студентов, обучающихся...
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconМетодическое пособие для аспирантов и студентов всех форм обучения Иркутск 2008
Методическое пособие предназначено для аспирантов и студентов всех специальностей и форм обучения. В нем разъясняются важные узловые...
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconМетодическое пособие для аспирантов и студентов всех форм обучения Иркутск 2008
Методическое пособие предназначено для аспирантов и студентов всех специальностей и форм обучения. В нем разъясняются важные узловые...
Разместите кнопку на своём сайте:
Библиотека


База данных защищена авторским правом ©lib.znate.ru 2014
обратиться к администрации
Библиотека
Главная страница