Give the summary of the text using the key terms. Read the following words and word combinations and use them for understanding and translation of the text:

 

IMPROVING SECURITY

 

Read the following words and word combinations and use them for understanding and translation of the text:

 

vulnerability- уязвимость

vigilance- бдительность

dissemination- распределение

to retrieve information– извлекать информацию

encryption- шифрование

decryption- дешифровка

patch— исправление уязвимости

alert- тревога

log— журнал регистрации событий

to install- устанавливать

gateway- шлюз

paging— страничная организация памяти

plaintext— незашифрованный текст

ciphertext— зашифрованный текст

confidentiality- секретность

checksum— контрольная сумма

 

In the face of the vulnerabilities and incident trends discussed above, a robust defense requires a flexible strategy that allows adaptation to the changing environment, well-defined policies and procedures, the use of robust tools, and constant vigilance.

Security policy

Factors that contribute to the success of a security policy include management commitment, technological support for enforcing the policy, effective dissemination of the policy, and the security awareness of all users. Management assigns responsibility for security, provides training for security personnel, and allocates funds to security. Technological support for the security policy moves some responsibility for enforcement from individuals to technology. The result is an automatic and consistent enforcement of policies, such as those for access and authentication.

Security-related procedures

Procedures are specific steps to follow that are based on the computer security policy. Procedures address such topics as retrieving programs from the network, connecting to the site’s system from home or while traveling, using encryption, authentication for issuing accounts, configuration, and monitoring.

Security practices

System administration practices play a key role in network security. Checklists and general advice on good security practices are readily available. Below are examples of commonly recommended practices:

· Ensure all accounts have a password and that the passwords are difficult to guess. A one-time password system is preferable.

· Use tools such as MD5 checksums, a strong cryptographic technique, to ensure the integrity of system software on a regular basis.

· Use secure programming techniques when writing software.

· Be vigilant in network use and configuration, making changes as vulnerabilities become known.

· Regularly check with vendors for the latest available fixes, and keep systems current with upgrades and patches.

· Regularly check online security archives, such as those maintained by incident response teams, for security alerts and technical advice.

· Audit systems and networks, and regularly check logs. Many sites that suffer computer security incidents report that insufficient audit data is collected, so detecting and tracing an intrusion is difficult.

Security technology

A variety of technologies have been developed to help organizations secure their systems and information against intruders. These technologies help protect systems and information against attacks, detect unusual or suspicious activities, and respond to events that affect security.

One-time passwords. Intruders often install packet sniffers to capture passwords as they traverse networks during remote login processes. Therefore, all passwords should at least be encrypted as they traverse networks. A better solution is to use one-time passwords. These passwords are never repeated and are valid only for a specific user during the period that each is displayed. In addition, users are often limited to one successful use of any given password. One-time password technologies significantly reduce unauthorized entry at gateways requiring an initial password.

Firewalls. Intruders often attempt to gain access to networked systems by pretending to initiate connections from trusted hosts. They squash the emissions of the genuine host using a denial-of-service attack and then attempt to connect to a target system using the address of the genuine host. To counter these address-spoofing attacks and enforce limitations on authorized connections into the organization’s network, it is necessary to filter all incoming and outgoing network traffic. Because firewalls are typically the first line of defense against intruders, their configuration must be carefully implemented and tested before connections are established between internal networks and the Internet.

Monitoring Tools. Continuous monitoring of network activity is required if a site is to maintain confidence in the security of its network and data resources. Network monitors may be installed at strategic locations to collect and examine information continuously that may indicate suspicious activity. It is possible to have automatic notifications alert system administrators when the monitor detects anomalous readings, such as a burst of activity that may indicate a denial-of-service attempt. Such notifications may use a variety of channels, including electronic mail and mobile paging. Sophisticated systems capable of reacting to questionable network activity may be implemented to disconnect and block suspect connections, limit or disable affected services, isolate affected systems, and collect evidence for subsequent analysis.

Cryptography

One of the primary reasons that intruders can be successful is that most of the information they acquire from a system is in a form that they can read and comprehend. One solution to this problem is, through the use of cryptography, to prevent intruders from being able to use the information that they capture.

Encryption is the process of translating information from its original form (called plaintext) into an encoded, incomprehensible form (called ciphertext). Decryption refers to the process of taking ciphertext and translating it back into plaintext. Any type of data may be encrypted, including digitized images and sounds.

Cryptography secures information by protecting its confidentiality. Cryptography can also be used to protect information about the integrity and authenticity of data. For example, checksums are often used to verify the integrity of a block of information. Cryptographic checksums (also called message digests) help prevent undetected modification of information by encrypting the checksum in a way that makes the checksum unique.

The authenticity of data can be protected in a similar way. For example, to transmit information to a colleague by email, the sender first encrypts the information to protect its confidentiality and then attaches an encrypted digital signature to the message. When the colleague receives the message, he or she checks the origin of the message by using a key to verify the sender’s digital signature and decrypts the information using the corresponding decryption key.

 

 

Notes:

MD5sum –программа, позволяющая вычислять значения хеш-сумм (контрольных сумм) файлов по алгоритму MD5.

 

 

Assignments

 

1. Translate the sentences from the texts into Russian in writing paying attention to the underlined words and phrases:

 

1. In the face of the vulnerabilities and incident trends, a robust defenserequires a flexible strategy that allows adaptation to the changing environment, well-defined policies and procedures, the use of robust tools, and constant vigilance.

2. Factors that contribute to the success of a security policy include management commitment, technological support for enforcing the policy, effective dissemination of the policy, and the security awareness of all users.

3. Procedures address such topics as retrieving programs from the network, connecting to the site’s system from home or while traveling, using encryption, authentication for issuing accounts, configuration, and monitoring.

4. Intruders often install packet sniffers to capture passwords as theytraverse networks during remote login processes.

5. They squash the emissions of the genuine hostusing a denial-of-service attack and then attempt to connect to a target system using the address of the genuine host. To counter these address-spoofing attacksand enforce limitations on authorized connections into the organization’s network, it is necessary to filter all incoming and outgoing network traffic.

6. Sophisticated systems capable of reacting to questionable network activity may be implemented to disconnect and block suspect connections, limit or disable affected services, isolate affected systems, and collect evidence for subsequent analysis.

7. When the colleague receives the message, he or she checks the origin of the message by using a keyto verify the sender’s digital signature and decrypts the information using the corresponding decryption key.

 

2. Answer the following questions:

 

1. How can management contribute to the development of the security policy?

2. What are good security practices for the users?

3. What are the advantages of a one-time password?

4. How can the authenticity of data be protected?

5. What is a checksum for?

 

3. Translate into English:

 

Меры по защите.

1)Установите файрволл (firewall).2) Установите анти­вирусное и антишпионское ПО. Антивирусное ПО должно запускаться автоматически при загрузке Windows и рабо­тать постоянно, проверяя запускаемые вами программы в фоновом режиме. Обязательно проверяйте на вирусы пе­ред первым запуском любые программы, которые вы где-либо скачиваете или покупаете. 3) Не устанавливайте или удалите лишние ненужные службы Windows, которые не используете. Это ограничит возможности хакеров по дос­тупу к вашему компьютеру. 4) Не открывайте подозритель­ные письма странного происхождения, не поддавайтесь на содержащиеся в них сомнительные предложения лёгкого заработка, не высылайте никому пароли от ваших аккаун­тов, не открывайте прикреплённые к письмам подозри­тельные файлы и не переходите по содержащимся в них подозрительным ссылкам. 5) Не используйте простые па­роли. Не используйте один и тот же пароль на все случаи жизни. 6) Будьте осторожны при выходе в Интернет из мест общего пользования (например, Интернет-кафе), а также при использовании прокси-серверов. Пароли, который вы вводите, в этом случае, с большей вероятностью могут быть украдены. 7) При использовании электронных платёжных систем типа webmoney или Яндекс-деньги, работа с ними через веб-интерфейс является менее безопасной, чем если вы скачаете и установите специальную программу (webmoney keeper).