计算机网络安全与管理：第一章 网络安全概述.pptVIP

网络访问安全模型 危害的分类： 由黑客引起的危害 由程序引起的危害： 截获或篡改数据 禁止合法用户使用 对于该访问安全模型的使用需要我们： 选择恰当的门卫函数验证用户 提供相应的安全控制以保证仅有获授权用户能够访问被指派的资源 可信计算机系统有助于该模型的实现 本章小结 网络安全所面临的威胁 网络安全的相关重要概念 X.800标准 安全攻击，安全机制，安全服务 网络安全访问模型。 * Adversary (threat agent) - An entity that attacks, or is a threat to, a system. Attack -An assault on system security that derives from an intelligent threat; a deliberate attempt to evade security services and violate security policy of a system. Countermeasure - An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering andreporting it so that corrective action can be taken. Risk - An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. Security Policy - A set of rules and practices that specify how a system or org provides security services to protect sensitive and critical system resources. System Resource (Asset) - Data; a service provided by a system; a system capability; an item of system equipment; a facility that houses system operations and equipment. Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. Vulnerability - Flaw or weakness in a systems design, implementation, or operation and management that could be exploited to violate the systems security policy. * Data Confidentiality Data Integrity Authentication Access Control Non-Repudiation * ISO 7498-2中的八类安全机制 加密机制（Encryption ）； 数字签名机制（Digital Signature Mechanisms）； 访问控制机制（Access Control Mechanisms）； 数据完整性机制（Data Integrity Mechanisms）； 鉴别交换机制（Authentication Mechanisms ）； 通信业务填充机制（Traffic Padding Mechanisms）； 路由控制机制（Routing Control Mechanisms）； 公证机制（Notarization Mechanisms）。 计算机网络安全与管理 第一章 概述 课程说明 课程总课时为48学时 成绩构成： 期末考试 70% 平时作业+考勤 30% 参考资料 《计算机网络安全与管理》李卫 清华大学出版社 《密码编