《通用學(xué)術(shù)英語(yǔ)》是一本于2016年9月2日高等教育出版社出版的圖書,作者是呂燕彬。以下是小編整理的通用學(xué)術(shù)英語(yǔ)課文翻譯,歡迎閱讀。
【課文】
How do computer hackers get into computers
It seems like a direct question, but the implications are complex and the answer is not simple. If you answer it casually, then the hacker enters the target computer system using the weakness. But to provide more details, let's start at the beginning.
The word "hacker" is controversial in meaning and interpretation. Some people say that hackers (open circuit) is a good man, they just push the boundaries of knowledge, and not for any damage (at least not intentionally), and crackers (smash) is really bad.
This argument has little effect, and if it is for the purposes of this discussion, the term "unauthorised user" (UU) is sufficient. The term includes all different types of people, from those involved in organized crime to those who are inside, who break through the authority granted in the system.
Now let's talk about what it means to "get into" the computer. This can mean something stored on a computer system.
Get the processing power of the system, or capture the information exchanged between the system. Each attack requires a different skill set, with different vulnerabilities.
So what are "unauthorised users" using? Weaknesses exist in every system, and there are two weaknesses:
Known and unknown. Known weaknesses usually exist because of the need for certain abilities. For example, for a business process, you need different people to use a system, and you have a known weakness: the user. Another example of a known weakness is the ability to communicate through the Internet. In order to have this ability, you have to open a path to the unknown and the untrusted entity. The unknown weakness is what the owner or operator of the system does not know, may be the result of shoddy engineering, or the unintended consequences of some of the required capabilities.
By definition, weaknesses can be exploited. These weaknesses can be low-level password protection, or it can be left to the computer to make use of the office visitors. As long as you sit at a receptionist's desk and use his computer to get the information you need, more than one technology is being used. Low-level code (for example, the user name "Joe Smith", the password is "Joe Smith") is close to the rich resources of a computer: password cracking program can be easily in a few minutes to confirm the word in the dictionary, name, or common phrases. By replacing letters with Numbers, these passwords are more complex. For example, replacing the letter O with 0 does not make the task more complicated. When an unauthorized user USES a valid user name - password combination, the entry system is simply logged in.
If the target system is well protected (through the technical control, such as a firewall or security software, control and management, clear policies and processes, for example), and remote into hard, unauthorized users may use low technology, these policies may include bribery authorized users, in the cleaning company do temporary workers, or to find information in the dump.
If the target system is not well protected, then unauthorized users can access it using technology.
Users who are not authorized to use technical means must first determine the specifications of the target system. For unauthorised users, there is no benefit to using technology that attacks Microsoft's weaknesses if the target system is a Macintosh. They have to know what the target system is, how it is configured, and what networking capabilities it has. Once you know these parameters (they can be obtained remotely from multiple methods), they can take advantage of the known vulnerabilities of these configurations. For common configurations, you can use the first set of attacks to make the task simple.
People who use these pre-set attacks are sometimes derided as "script kiddies". A skilled person can remotely determine the configuration of the target system, one of which is the ability to pass through the hypertext transfer protocol. People close to the web site send configuration information, such as the type of browser being used, to the requested address. Once the system is configured, you can choose the means.
Another type of attack is targeting a specific vulnerability, without any specific target to launch an attack - it
Like a shotgun attack, the aim is to attack as many potential targets as possible. The attack took a first step. But the results and effectiveness of any given target are less predictable.
It should be noted that the unauthorised access to its ultimate purpose is different from the motivation of the entrant, for example, if he
Want to collect a lot of zombies, but don't want to attack at the service, that his purpose is to make client secretly installed on the computer as much as possible, a effective way to do this is through the use of the so-called Trojan horse program, it is in the user without knowing or not install malicious programs, some of the more recent large-scale attacks, some of the more recent large-scale attacks, there are such a stance as the attack types of elements.
It is a multi-step process to protect yourself from attacks, with the goal of limiting and managing the weaknesses of the system (it is not likely to be complete
Eliminate these weaknesses. First, make sure you have the operating system and application of the latest patches - these patches often repair can take advantage of weaknesses, make sure your password is complicated enough: include letters, Numbers, and symbols, and meaningless.
Also, consider hardware firewalls and limit the flow of data to and from the Internet. When you really need a few carefully selected ports, such as email and web traffic, make sure your anti-virus software is the latest, check whether there is a new virus definitions (if you are using Windows, ideally you should upgrade virus definition) every day. Finally, back up your data so that if the bad situation does happen, at least you can recover the important things.
【翻譯】
電腦黑客如何進(jìn)入電腦
這好像是一個(gè)直接的問(wèn)題,但是內(nèi)涵很復(fù)雜,答案絕不簡(jiǎn)單,如果隨便地回答,那么黑客通過(guò)利用弱點(diǎn)進(jìn)入目標(biāo)電腦系統(tǒng)。但是為了提供更多細(xì)節(jié),我們還是從頭說(shuō)起。
“hacker” 這個(gè)詞在意義和解釋上都很有爭(zhēng)議。有些人說(shuō)hackers(開路人) 是好人,他們只是推動(dòng)了知識(shí)的邊界,并沒(méi)造成什么傷害(至少不是故意的),而crackers (打砸者)是真正的壞蛋。
這種爭(zhēng)論沒(méi)有什么效果,如果是為了這種討論的目的,術(shù)語(yǔ)“未授權(quán)的使用者”(UU)就足夠用了。這個(gè)術(shù)語(yǔ)包含了所有不同類型的人,從那些參與有組織犯罪行為的人到那些內(nèi)部人士,他們突破了在系統(tǒng)中被授予的權(quán)限。
接下來(lái)我們探討一下“進(jìn)入”電腦意味著什么。這可以指獲得電腦系統(tǒng)儲(chǔ)存的內(nèi)容,
獲得系統(tǒng)的處理能力,或者捕獲系統(tǒng)之間交流的信息。每種攻擊都需要不同的技巧,以不同的弱點(diǎn)為目標(biāo)。
那么“未授權(quán)的使用者”利用的是什么?弱點(diǎn)存在于每個(gè)系統(tǒng)中,并且有兩種弱點(diǎn):
已知的和未知的。已知的弱點(diǎn)通常因?yàn)樾枰承┠芰Χ嬖凇1热纾瑸榱四硞€(gè)商業(yè)過(guò)程,你需要不同的人使用一個(gè)系統(tǒng),你就有一個(gè)已知的弱點(diǎn):使用者。另一個(gè)已知弱點(diǎn)的例子是通過(guò)互聯(lián)網(wǎng)交流的能力,為了具備這個(gè)能力,你要給未知和不被信任的實(shí)體開通一條路徑。未知的弱點(diǎn)是系統(tǒng)的擁有者或操作者所不了解的,可能是劣質(zhì)工程的結(jié)果,或者是某些被需要的能力產(chǎn)生的非故意的結(jié)果。
按照定義,弱點(diǎn)可能被利用。這些弱點(diǎn)可以是低級(jí)的密碼保護(hù),也可以是讓電腦開著,讓辦公室的訪客可以利用。只要坐在接待員的桌前,用他的電腦獲得需要的信息,就有超過(guò)一種技術(shù)被利用。低級(jí)的密碼(比如,用戶名“Joe Smith”, 密碼也是“Joe Smith”)也是接近電腦的豐富的來(lái)源:密碼破譯程序可以很容易在幾分鐘內(nèi)確認(rèn)字典中的單詞、姓名,甚至常見短語(yǔ)。通過(guò)用數(shù)字代替字母,使這些密碼更復(fù)雜。比如用0來(lái)代替字母O,并不會(huì)使任務(wù)更復(fù)雜。當(dāng)未獲授權(quán)的使用者使用有效的用戶名—密碼組合,進(jìn)入系統(tǒng)就是簡(jiǎn)單的.登錄了。
假如目標(biāo)系統(tǒng)被很好地保護(hù)(通過(guò)技術(shù)控制,比如防火墻或安全軟件,還有管理控制,比如明確的政策和過(guò)程),并且遠(yuǎn)程難以進(jìn)入,未獲授權(quán)的使用者可能會(huì)使用低技術(shù)的攻擊,這些策略可能包括賄賂獲授權(quán)的使用者,在清潔公司做臨時(shí)工,或者在垃圾堆里翻找信息。
如果目標(biāo)系統(tǒng)沒(méi)有得到很好的保護(hù),那么未獲授權(quán)的使用者可以使用技術(shù)手段進(jìn)入。
為了使用技術(shù)手段未獲授權(quán)的使用者必須先決定目標(biāo)系統(tǒng)的規(guī)格。對(duì)未獲授權(quán)使用者來(lái)說(shuō),如果目標(biāo)系統(tǒng)是Macintosh, 使用攻擊微軟弱點(diǎn)的技術(shù)手段沒(méi)有任何好處。他們必須知道目標(biāo)系統(tǒng)是什么,它是怎樣配置的,它有哪種聯(lián)網(wǎng)能力。一旦知道了這些參數(shù)(它們可以通過(guò)多種方法遠(yuǎn)程獲得),他們就可以利用這些配置的已知弱點(diǎn)。對(duì)于常見的配置可以利用先設(shè)置好的攻擊方式,這樣能讓這次任務(wù)很簡(jiǎn)單。
使用這些預(yù)先設(shè)置的攻擊能力的人有時(shí)被嘲笑為“腳本小子”。 技術(shù)熟練的人可以遠(yuǎn)程決定目標(biāo)系統(tǒng)的配置,其中一個(gè)辦法是通過(guò)超文本傳輸協(xié)議內(nèi)在的能力。接近固有網(wǎng)站的人把配置信息,比如正在被使用的瀏覽器類型,發(fā)送到發(fā)出請(qǐng)求的地址。一旦系統(tǒng)配置已知,就可以選擇手段。
另一種攻擊類型是針對(duì)特定的弱點(diǎn)預(yù)設(shè)好,沒(méi)有任何特定的目標(biāo)就發(fā)起攻擊——它
就像獵*一樣猛烈攻擊,目的是盡可能多地攻擊潛在目標(biāo)。這種攻擊略去了第一步。但是對(duì)于任何給定的目標(biāo)其結(jié)果和有效性都不太好預(yù)測(cè)。
應(yīng)該注意到未獲授權(quán)的進(jìn)入其最終目的因?yàn)檫M(jìn)入者的動(dòng)機(jī)而有不同,比如,如果他
想收集很多僵尸電腦,而又不想在服務(wù)時(shí)進(jìn)行攻擊,那他的目的就是把客戶程序偷偷安裝到盡量多的電腦上,這樣做的一種有效方式就是通過(guò)使用所謂的特洛伊木馬程序,它是在用戶不知情或不同意的情況下安裝惡意程序,有些更近期發(fā)生的大規(guī)模網(wǎng)絡(luò)攻擊,有些更近期發(fā)生的大規(guī)模網(wǎng)絡(luò)攻擊,有這樣的姿態(tài)作為攻擊類型的要素。
保護(hù)好自己不受攻擊是多步的過(guò)程,目的是限制和管理系統(tǒng)的弱點(diǎn)(并不可能完全
消除這些弱點(diǎn))。首先,保證你有操作系統(tǒng)和應(yīng)用程序的最新補(bǔ)丁——這些補(bǔ)丁通常會(huì)修補(bǔ)可以利用的弱點(diǎn),保證你的密碼夠復(fù)雜:包括字母、數(shù)字和象征符號(hào),并且毫無(wú)意義。
同時(shí),要考慮硬件防火墻,并且限制往來(lái)因特網(wǎng)的數(shù)據(jù)流。在你真正需要的幾個(gè)精心挑選的端口上,比如email 和網(wǎng)絡(luò)交通,保證你的反病毒軟件是最新的,經(jīng)常檢查是否有新的病毒定義(如果你正在使用Windows 系統(tǒng),理想狀態(tài)下你應(yīng)該每天升級(jí)病毒定義)。最后,備份你的數(shù)據(jù),那樣如果不好的情況真的發(fā)生,至少你可以恢復(fù)重要的東西。
【通用學(xué)術(shù)英語(yǔ)課文翻譯】相關(guān)文章:
本文來(lái)源:http://www.nvnqwx.com/wenxue/qita/1888034.htm