1.1 What is the OSI security architecture?
1.1 什麽是OSI安全體系結構?
The OSI Security Architecture is a framework that provides a systematic way of definingthe requirements for security and characterizing the approaches to satisfying thoserequirements. The document defines security attacks, mechanisms, and services, and therelationships among these categories.
OSI安全體系結構是壹個架構,它為規定安全的要求和表征滿足那些要求的途徑提供了系統的方式。該文件定義了安全攻擊、安全機理和安全服務,以及這些範疇之間的關系。
1.2 What is the difference between passive and active security threats?
1.2 被動安全威脅和主動安全威脅之間的差別是什麽?
Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.
被動威脅必須與竊聽、或監控、傳輸發生關系。
電子郵件、文件的傳送以及用戶/服務器的交流都是可進行監控的傳輸的例子。主動攻擊包括對被傳輸的數據加以修改,以及試圖獲得對計算機系統未經授權的訪問。
1.3 List and briefly define categories of passive and active security attacks.
Passive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service.
1.3 列出和簡要定義被動安全攻擊和主動安全攻擊的範疇。
被動攻擊:信息內容和流量分析的泄露。
主動攻擊:信息的偽裝、重放、修改,以及拒絕接受服務。
1、 What is called secret key?
1 密鑰是什麽?
The secret key is also input to the algorithm. The exact substitutions and transformations performed by the algorithm depend on the key.
密鑰也被輸入算法。由算法進行的準確的取代和變換取決於密鑰。
2、(page.56) What is the key distribution center?
2.(第56頁)什麽事密鑰分發中心?
The key distribution center determines which systems are allowed to communicate with each other. When permission is granted for two systems to establish a connection, the key distribution center provides a one-time session key for that connection.
密鑰分發中心決定允許哪些系統相互進行通信。當授予兩個系統以建立連接的權限時,密鑰分發中心就為該連接提供壹枚壹次性會話的鑰匙。
3、What services are provided by IPSec?
3. IPSec提供些什麽服務?
1.Access control
1 訪問控制
2.Connectionless integrity
2無連接完整性
3.Data origin authentication
3 數據源認證
4.Rejection of replayed packets(a form of partial sequence integrity)
4 拒絕重放數據包(部分序列完整性的壹種形式)
5.Confidentiality(encryption) 6.Limited traffic flow confidentiality
5 置信度(加密)
6 有限業務流的置信度
4、What is a replay attack?
4. 什麽事重放攻擊?
A replay attack is one in which an attacker obtains a copy of an authenticated packet and later transmits it to the intended destination.The receipt of duplicate, authenticated IP packets may disrupt service in some way or may have some other undesired consequence.The Sequence Number field is designed to thwart such attacks.First,we discus sequence numbergeneration by the sender,and then we look at how it is processed by the recipient.
重放攻擊是攻擊者獲得壹份未經認證的數據包拷貝,而且其後將它傳輸到壹個故意的目的地的攻擊。接收副本的、未經認證的IP數據包可能以某種方式使服務瓦解,或者可能發生某種別的不希望的後果。我們通過設計序號字段來阻擾這樣的攻擊。首先,我們討論由發送者發生序列號,然後我們再考慮它如何被用戶所處理。