文獻(xiàn)翻譯一般指對(duì)不同類型、不同語(yǔ)言的文獻(xiàn)所記載的信息內(nèi)容進(jìn)行翻譯,以達(dá)到信息互通、文獻(xiàn)思想交流的目的。文獻(xiàn)翻譯要求翻譯要注重專業(yè)、準(zhǔn)確 文獻(xiàn)翻譯涵蓋許許多多的學(xué)科,每一學(xué)科都有自己的專業(yè)術(shù)語(yǔ)。
通信安全
我們現(xiàn)在已經(jīng)完成了對(duì)交易工具的研究。大多數(shù)重要的技術(shù)和協(xié)議都已被涵蓋。本章的其余部分是關(guān)于如何在實(shí)踐中應(yīng)用這些技術(shù)來(lái)提供網(wǎng)絡(luò)安全性,以及本章末尾對(duì)安全性的社會(huì)方面的一些想法。
在接下來(lái)的三個(gè)部分中,我們將介紹通信安全性,即如何秘密地獲取位,而不需要從源到目的地進(jìn)行修改,以及如何將不需要的位保留在門外。 這些絕不是網(wǎng)絡(luò)中唯一的安全問題,但它們肯定是最重要的問題之一,這使它成為一個(gè)很好的起點(diǎn)。
1. IPsec
多年來(lái),IETF已經(jīng)知道互聯(lián)網(wǎng)缺乏安全性。添加這并不容易,因?yàn)橐粦?zhàn)爆發(fā)了關(guān)于把它放在哪里。大多數(shù)安全專家認(rèn)為,為了確保安全,加密和完整性檢查必須端到端(即在應(yīng)用程序?qū)又校?。也就是說(shuō),源進(jìn)程加密和/或完整性保護(hù)數(shù)據(jù)并將其發(fā)送到解密和/或驗(yàn)證數(shù)據(jù)的目標(biāo)進(jìn)程。 然后可以檢測(cè)在這兩個(gè)過(guò)程之間進(jìn)行的任何篡改,包括在任一操作系統(tǒng)內(nèi)。 這種方法的問題在于它需要更改所有應(yīng)用程序以使其具有安全性。 在此視圖中,下一個(gè)最佳方法是在傳輸層或應(yīng)用程序?qū)优c傳輸層之間的新層中加密,使其仍然是端到端但不需要更改應(yīng)用程序。
相反的觀點(diǎn)是用戶不理解安全性并且不能正確使用它并且沒有人想要以任何方式修改現(xiàn)有程序,因此網(wǎng)絡(luò)層應(yīng)該在不涉及用戶的情況下認(rèn)證和/或加密分組。經(jīng)過(guò)多年激烈的爭(zhēng)斗,這種觀點(diǎn)贏得了足夠的支持,即定義了網(wǎng)絡(luò)層安全標(biāo)準(zhǔn)。部分原因是,擁有網(wǎng)絡(luò)層加密并不會(huì)阻止安全感知用戶正確地做到這一點(diǎn),并且它確實(shí)在某種程度上幫助了安全性不知情的用戶。
Communication Security
We have now finished our study of the tools of the trade. Most of the important techniques and protocols have been covered. The rest of the chapter is about how these techniques are applied in practice to provide network security, plus some thoughts about the social aspects of security at the end of the chapter.
In the following three sections, we will look at communication security, that is, how to get the bits secretly and without modification from source to destination and how to keep unwanted bits outside the door. These are by no means the only security issues in networking, but they are certainly among the most important ones, making this a good place to start.
1. IPsec
IETF has known for years that security was lacking in the Internet. Adding it was not easy because a war broke out about where to put it. Most security experts believe that to be really secure, encryption and integrity checks have to be end to end (i.e., in the application layer). That is, the source process encrypts and/or integrity protects the data and sends that to the destination process where it is decrypted and/or verified. Any tampering done in between these two processes, including within either operating system, can then be detected. The trouble with this approach is that it requires changing all the applications to make them security aware. In this view, the next best approach is putting encryption in the transport layer or in a new layer between the application layer and the transport layer, making it still end to end but not requiring applications to be changed.
The opposite view is that users do not understand security and will not be capable of using it correctly and nobody wants to modify existing programs in any way, so the network layer should authenticate and/or encrypt packets without the users being involved. After years of pitched battles, this view won enough support that a network layer security standard was defined. In part the argument was that having network layer encryption does not prevent security-aware users from doing it right and it does help security-unaware users to some extent.