DNS—Domain Name Servers 域名服务Computer Emergency Response Team (CERT)计算机应急响应小组The Department of Defense (DoD)国防部
The IATF is based on the concept of an information infrastructure.An information infrastructure comprises communications networks, computers, databases, management, applications, and consumer electronics and can exist at the global, national, or local level.The global information infrastructure is not controlled or owned by a single organization—“ownership” is distributed among corporate, academic, and government entities as well as by individuals.The Internet is an example of a global information infrastructure as is the global telecommunications network.Most organizations that communicate externally rely upon this global system in conducting their operations using a combination of global, virtual networks, dedicated networks, Wide Area Networks (WAN), and customized information systems.
IATF 建立在信息基础设施的概念上。信息基础设施包括通讯网络、计算机、数据库、管理、应用和消耗性电子器件。它可以建立在全球、国家或本地的级别上。全球信息基础设施不受某个机构的控制或归其所有。它的“所有权”分布于公司、院校、政府机构以及个人。Internet 就是一个全球信息基础设施。也是全球通讯网络。大多数对外联络通信的机构都依靠这个全球系统利用全球、虚拟网络、专用网、宽带网络(WAN)所定义的信息系统相结合来处理他们的商业。
To accomplish their various miions and to protect their critical functions, all organizations—both government and private sector—have public and private information they need to safeguard.The miion or busine environment determines how, and to what extent, specific information is protected.What is publicly releasable to one organization may be private to another, and vice versa.The Federal Government uses specific categories for some of its private information under the heading of “claified information.”In general, the government recognizes four claification levels: unclaified, confidential, secret, and top secret.Within the claification levels, there may be subcategories specific to individual communities.Three of the claification categories—confidential, secret, and top secret—addre private information.The fourth level of claification covers both private information (such as sensitive or Privacy Act Information) and public information.
为完成各种任务和保护关键功能,包括政府部门与专有机构在内的所有机构都有其需要保护的公共和秘密信息。任务或商业环境决定了保护具体信息的方式与程度。被允许以公开方式发送给某个机构的信息对另一个机构而言可能具有保密性,反之亦然。联邦政府以“带密级的信息”为标题依据其专用分类标准规定了一些联邦政府专用信息的密级。一般地,这些密级按照秘密程度由低到高的次序分为以下4 种:无密级、保密、机密与绝密。在各级别中可能有用于特定团体的子级别。保密、机密与绝密这三个密级均指的是秘密信息,另一密级则包括一些专有信息(如:敏感信息或隐私法案所规定的信息)和一些公共信息。
Local Computing Environments.;Enclave Boundaries (around the local computing environments).;Networks and Infrastructures.;Supporting Infrastructures.
本地的计算环境; 区域边界(本地计算环境的外缘); 网络和基础设施; 支持性基础设施。
The local user computing environment typically contains servers, clients, and the applications installed on them.Applications include, but are not limited to, those that provide services such as scheduling or time management, printing, word proceing, or directories.
局域用户计算环境如图1-4 所示。它包括服务器、客户以及其上所安装的应用程序。这些应用程序能够提供包括(但不仅限于)调度(或时间管理)、打印、字处理或目录在内的一些服务。
A collection of local computing devices interconnected via Local Area Networks (LAN), governed by a single security policy, regardle of physical location is considered an “enclave.”As discued above, because security policies are unique to the type, or level, of information being proceed, a single physical facility may have more than one enclave present.Local and remote elements that acce resources within an enclave must satisfy the policy of that enclave.
A single enclave may span a number of geographically separate locations with connectivity via commercially purchased point-to-point communications (e.g., T-1, T-3, Integrated Services Digital Network [ISDN]) along with WAN connectivity such as the Internet.
“区域”指的是通过局域网相互连接、采用单一安全策略并且不考虑物理位置的本地计算设备的集合。如上所述,由于安全策略独立于所处理信息类型或级别。单一物理设备可能位于不同的区域之内。本地和远程元素在访问某个区域内的资源时必须满足该区域的安全策略要求。
The two areas addreed in the IATF are key management infrastructure (KMI), which includes Public Key Infrastructures (PKI), and detect and respond infrastructures.
IATF 所讨论的两个范围分别是:密钥管理基础设施(KMI),其中包括公钥基础设施(PKI);检测与响应基础设施。
The Department of Defense (DoD) has led the way in defining a strategy called Defense-in-Depth, to achieve an effective IA posture.The underlying principles of this strategy are applicable to any information system or network, regardle of organization.Eentially, organizations addre IA needs with people executing operations supported by technology.
Defense-in-Depth and the IATF:
Information infrastructures are complicated systems with multiple points of vulnerability.To addre this, the IATF has adopted the use of multiple IA technology solutions within the fundamental principle of the Defense-in-Depth strategy, that is, using layers of IA technology solutions to establish an adequate IA posture.Thus, if one protection mechanism is succefully penetrated, others behind it offer additional protection.Adopting a strategy of layered protections does not imply that IA mechanisms are needed at every poible point in the network architecture.By implementing appropriate levels of protection in key areas, an effective set of safeguards can be tailored according to each organization’s unique needs.Further, a layered strategy permits application of lower-aurance solutions when appropriate, which may be lower in cost.This approach permits the judicious application of higher-aurance solutions at critical areas, (e.g., network boundaries).
Defense in Multiple Places.Given that adversaries can attack a target from multiple points using insiders or outsiders, an organization must deploy protection mechanisms at multiple locations to resist all methods of attack.
多处设防—假定对手可以通过内部人员和外部人员从多点向目标攻击,组织必须在多点布置保护机制以便对抗所有的攻击方法。
Information Systems Security Engineering (ISSE) is the art and science of discovering users’ information protection needs and then designing and making information systems, with economy and elegance, so they can safely resist the forces to which they may be subjected.This chapter describes an ISSE proce for discovering and addreing users’ information protection needs.The ISSE proce should be an integral part of systems engineering (SE) and should support certification and accreditation (C&A) procees, such as the Department of Defense (DoD) Information Technology Security Certification and Accreditation Proce (DITSCAP).The ISSE proce provides the basis for the background information, technology aements, and guidance contained in the remainder of the Information Aurance Technical Framework (IATF) document and ensures that security solutions are effective and efficient.
信息系统安全工程(ISSE)是发掘用户信息保护需求,然后以经济、精确和简明的方法来设计和制造信息系统的一门技巧和科学,这些需求可能安全地抵抗所遭受的各种攻击。本章描述发掘和阐明用户信息保护需求的ISSE 过程。ISSE 过程是系统工程(SE)的一个主要部分并且支持诸如国防部信息技术安全认证和认可过程(DITSCAP)那样的认证和认可(C&A)过程。ISSE 提供包含在信息保障技术框架(IATF)文挡的剩余部分中的背景信息、技术评估以及指南的基础。同时保证安全解决方案是有效的和效率高的。
Potential Adversaries:Malicious:Nation States、Hackers、Terrorists/ Cyberterrorists、Organized Crime、Other Criminal Elements、International Pre、Industrial Competitors、Disgruntled Employees、Nonmalicious:Carele or Poorly Trained Employees
From an information system standpoint, these motivations can expre themselves in three basic goals: acce to information, modification or destruction of information or system procees, or denial of acce to information.
从信息系统方面看,这些动机具有三个基本目标:存取信息、修改或破坏信息或系统处理和拒绝访问信息。
Claes of Attack:Paive Attacks、Active Attacks、Close-In Attacks、Insider Attacks、Distribution Attacks
攻击分类:被动攻击、主动攻击、临近攻击、内部人员攻击、分发攻击
The IATF guidance incorporates five primary security services areas: acce control, confidentiality, integrity, availability, and nonrepudiation.The division of network security principles into standard security service categories is convenient for this description.The categories presented below roughly coincide with the “basic security services” identified in the 1990 Recommendation X.800, “Security Architecture for Open Systems Interconnection for Consultative Committee for International Telephone and Telegraph (CCITT) Applications” (which is technically aligned with International Organization for Standardization [ISO] 7498-2, “Information Proceing Systems Open Systems Interconnection, Basic Reference Model,” Part 2: Security Architecture), and more recently, the ISO/International Engineering Consortium (IEC) 10181 series, Parts 1-7.
IATF 包括五种主要安全服务:访问控制、保密性、完整性、可用性和不可否认性。将网络安全原则分为标准的安全服务便于这部分的描述。下面提出的分类大致遵循“基本安全服务”,定义在1990 年建议书x.800、“为开放系统互联、国际电话和电报咨询委员会制定的安全体系结构”、以及最近的国际标准化组织(ISO)/国际工程协会(iec)1018 集,1-7 部分。
Acce Control
In the context of network security, acce control means limiting acce to networked resources (hardware and software) and data (stored and communicated).The goal of acce control is to prevent the unauthorized use of these resources and the unauthorized disclosure or modification of data.Acce control also includes resource control, for example, preventing logon to local workstation equipment or limiting use of dial-in modems.For the purposes of this discuion, network acce control is not concerned with denying physical acce (e.g., via locked rooms or tamperproof equipment).
访问控制
在网络安全环境中,访问控制意味着限制对网络资源(软件和硬件)和数据(存储的和通信的)的访问。访问控制的目标是阻止未授权使用资源和未授权公开或修改数据。访问控制还包括“资源控制”,例如,阻止登陆到本地工作站或限制使用拨入调制解调器。为便于讨论,网络访问控制不涉及拒绝物理访问(如给房间加锁和给设备加上防损设施)。访问控制运用于基于身份(identity)和/或授权(authorization)的实体。身份可能代表一个真实用户、具有自身身份的一次处理(如进行远程访问连接的一段程序)或者由单一身份代表的一组用户(如给予规则的访问控制)。
I&A.Establishing the identities of entities with some level of aurance (an authenticated identity).
Authorization.Determining the acce rights of an entity, also with some level of aurance.
Decision.Comparing the rights (authorization) of an authenticated identity with the characteristics of a requested action to determine whether the request should be granted.
Enforcement.Enforcement may involve a single decision to grant or deny or may entail periodic or continuous enforcement functions (continuous authentication).
识别与认证(I&A):建立带有一定保障级别的实体身份(认证的身份);
授权:决定实体的访问权,也带有一定保障级别;
决策:将一个认证身份的权利(授权)同请示行为的特征相比较,目的是确定请求是否应被批准;
执行:执行包括对批准、拒绝或需要阶段/连续执行功能(连续认证)的决策。
Confidentiality
The confidentiality security service is defined as preventing unauthorized disclosure of data (both stored and communicated).This definition is similar to, and actually a subset of, the description of acce control in Section 4.3.1.In fact, it can be argued that providing acce control also provides confidentiality, or conversely, that providing confidentiality is a type of acce control.We include in the definition of “information,” data that is not traditional user data (examples are network management data, routing tables, paword files, and IP addrees on data packets).Confidentiality services will prevent disclosure of data in storage, transiting a local network, or flowing over a public Internet.One subset of confidentiality is “anonymity,” a service that prevents disclosure of information that leads to the identification of the end user.
保密性
保密性安全服务被定义为防止数据(包括存储的和通信中的)的未授权公开。此定义与4.3.1 节对访问控制的描述类似(实际上是访问控制的子集)。实际上可以认为访问控制可提供保密生;或反过来,认为保密性是访问控制的一种类型。我们包含在“信息”定义之中的数据,并非传统意义上的用户数据一(如网络管理数据、路由表口令文件、数据包的IP 地址)。保密性服务防止数据在存储、局域网中传输和流经公共互连网时泄露。匿名是保密性的一个子集,匿名服务防止因消息泄露而导致端用户身份被识别。
The provision of the confidentiality security service depends on a number of variables:Location(s) of the Data that Needs Protection.、Type of Data that Needs Protection、Amounts or Parts of User Data that Need Protection.、Value of Data that Needs Protection.、Data Protection.、Data Separation.、Traffic Flow Protection.
对提供保密性安全服务的要求取决下面几个变化因素:需保护数据的位置、需保护数据的类型、需保护的用户数据的不同数量或部分、需保护数据的价值、数据保护、数据隔离、通信流保护
Integrity
The integrity security service includes the following methods: prevention of unauthorized modification of data (both stored and communicated), detection and notification of unauthorized modification of data, and recording of all changes to data.Modification of both stored and communicated data may include changes, insertions, deletions, or duplications.Additional potential modifications that may result when data is exposed to communications channels include sequence changes and replay.
完整性
完整性安全服务包括下列的一种或多种:防止未授权修改数据(存储的和传输的);检测和通知未授权数据修改并将所有数据更改记入日志。对存储的和传输中的数据进行的修改包括变动、插入、删除、复制等。另一种潜在的修改可能在数据进入传输信道时发生,包括序列号改变和重置。
CryptoAPI.The Microsoft Cryptographic API provides services that enable application developers to add cryptography to their Win32 applications.Applications can use the functions in CryptoAPI without knowing anything about the underlying implementation, in much the same way that an application can use a graphics library without knowing anything about the particular graphics hardware configuration.
加密API 微软件包加密API 可提供服务,使应用开发商为他们的win32 应用程序加密。应用程序可以在不知道任何底层实施的情形下,使用加密API 中的功能。同样,应用程序可以在不知道任何特殊图形硬件配置情况下,使用图形库。
File Encryptors.These provide confidentiality and integrity for individual files, provide a means of authenticating a file’s source, and allow the exchange of encrypted files between computers.File encryptors typically implement a graphical user interface (GUI) that allows users to choose files to be encrypted or decrypted.This protects individual files but does not protect all of the files on the drive.
文件加密器 它为个体文件提供保密性和完整性,提供识别文件源的方法,允许加密文件在计算机之间交换。文件加密器代表性的应用是实现图形用户接口GUI,GUI允许用户选择文件被加密或解密。文件加密器保护单个文件,但不能保护驱动器中的所有文件。
Intrusion and Penetration Detection.Intrusion detection and response systems can protect either a network or individual client platforms.Effective intrusion detection systems detect both insider and outsider attacks.In general, intrusion detection systems are intended to protect against and respond to situations in which the available countermeasures have been penetrated, either through allowed usage or the exploitation of vulnerabilities that are unknown or have not been patched.The objective of these systems is to detect malicious and unintended data and actions (e.g., altered data, malicious executables, requests that permit unintended resource acce, and unintended use of intended services).Once the intrusion is detected, an appropriate response is initiated (e.g., disconnect attacker; notify operator; respond automatically to halt or leen the attack; trace attack to proper source; and counter the attack, if appropriate).Intrusion detection mechanisms operating at the transport layer can view the contents of transport packets (e.g., TCP packets) and are able to detect more sophisticated attacks than are mechanisms that operate at the network layer.Intrusion detection mechanisms operating at the network layer can view the contents of network packets (e.g., IP packets) and are thus only able to detect attacks that are manifested at the network layer (e.g., port scans).入侵和渗透检测 入侵检测和响应系统能够保护网络和个体客户平台。有效的入侵检测系统可以同时检测内部和外部威胁。通常,入侵检测系统试图避免有用对策被渗透(以及对渗透做出反应)。这种保护和反应或者通过许可使用,或者通过开拓未知的或未被修补的缺陷来实现。这些系统的目的是检测恶意和非预期的数据和行为(如变更数据、恶意执行、允许非预期资源访问的请求和非预期使用服务)。一旦入侵被检测到,会引发某种响应(如断开攻击者连接、通知操作员、自动停止或减轻攻击、跟踪攻击来源或适当地反攻击)。运行在传输层的入侵检测机制可以浏览传输包的内容(如TCP 包),并且比运行在网络层的检测机制能检测到更老练的攻击。运行在网络层的入侵检测机制能够浏览网络包的内容(如IP 包),它只能侦听出现在网络层的攻击(如端口扫描)。
Internet Protocol Security (IPSec).IPSec is the security framework standardized by the IETF as the primary network layer protection mechanism.IPSec consists of two parts: an authentication header (AH), whose purpose is to bind the data content of IP frames to the identity of the originator, and an encapsulating security payload (ESP), for privacy.The AH is intended for use when integrity of information is required but privacy is not.ESP is intended for use where data confidentiality is required.ESP defines two methods (or modes) of encapsulating information.Tunnel mode, when used at an enclave boundary, aggregates traffic flow from site to site and thereby hides end-system identification.Transport mode leaves end-system identification in
the clear and is most advantageous when implemented at the end system.
IPSEC Ipsec 是被IETF 标准化为主要网络层保护机制的安全框架。Ipsec 由两部分组成:一个认证头AH,其目的是将IP 包中的数据内容同发送方身份以及私有封装安全有效载荷(ESP)相绑定。当要求消息的完整性而不需要私用性时,可以使用AH。当要求数据的保密性时也可以使用ESP。ESP 定义了两种封装消息的方法(或模式)。用在区域边界的隧道模式,它聚合点到点的通信流从而隐藏端系统识别。传输模式不会阻碍端系统识别,在端系统实施时最有优势。
Internet Key Exchange (IKE) Protocol.IKE was developed by the IETF as a standard for security attribute negotiation in an IP network.It provides a framework for creating security aociations between endpoints on an IP network, as well as the methodology to complete the key exchange.IKE is based upon the Internet Security Aociation Key Management Protocol (ISAKMP) with Oakley extensions.The structure of ISAKMP is sufficiently flexible and extensible to allow inclusion of future security mechanisms and their aociated algorithms and can be tailored to other networking technologies.
互联网密钥交换协议(IKE) IKE 是IP 网络中作为安全属性协商的标准而由IETF开发的。它为IP 网络中端系统之间产生安全联盟提供一个框架,同时也为完成密钥交换提供一套方法。IKE 是基于OAKLEY 扩展的互联网安全联合协会密码管理协议(ISAKMP)的。ISAKMP 的结构非常灵活,可加以扩展以允许包含未来的安全机制及其相关算法,同时,ISAKMP 还可用于其它连网技术。
Media Encryptors.Media encryptors protect the confidentiality and integrity of the contents of data storage media.They can also perform a role in maintaining the integrity of the workstation by verifying the Basic Input/Output System (BIOS) and ensuring that configuration and program files are not modified.Media encryptors need to leave some system files unencrypted so that the computer can boot from the hard drive.Most of these files can have their integrity protected by a cryptographic checksum; this will not prevent a tamper attack but will alert the user that the data has been altered.However, some system files contain data that changes when the computer is booted; these files cannot be protected.With the exception of some system files, media encryptors encrypt the entire contents of the drive.
介质加密器 媒体加密器保护数据存储介质内容的保密性和完整性。通过校验基本输出输入系统(BIOS)和确保配置和程序文件不被修改,媒体加密器可起到维护工作站完整性的作用。媒体加密器允许一些系统文件不被加密,以便计算机能从硬盘引导。
SSL.SSL exists just above the transport layer and provides security independent of application protocol, although its initial implementation was meant to secure the Hypertext Transfer Protocol (HTTP).This effort has migrated to the IETF as the Transport Layer Security (TLS) protocol, which provides data encryption, server authentication, meage integrity, and optional client authentication for a TCP/IP connection.TLS negotiates the invocation of cryptographic algorithms (from a fixed set) and protects all application layer data.
SSL—SSL 恰好位于传输层之上,虽然其最初实施是为了保护超文本传输协议(HTTP),SSL 却可提供独立于应用协议的安全性。IETF 将这种努力(提供独立于应用协议的安全性)实现为传输层安全协议(TLS)。TLS 协议提供数据加密、服务器认证、消息完整性和为TCP/IP 连接提供可选客户认证。它协商加密算法(从固定的组中)的调用,保护所有应用层数据。
Trusted Computing Base (TCB).A trusted computer system is a system that employs sufficient hardware and software aurance measures to allow its use for simultaneous proceing of a range of sensitive or claified information.Such a system is often achieved by employing a TCB.A TCB is the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy.A TCB consists of one or more components that together enforce a unified security policy acro a product or system.The TCB’s ability to correctly enforce a unified security policy depends solely on the mechanisms within the TCB and on system administration personnel’s correct input of parameters (e.g., a user’s clearance level) related to the security policy.
可信计算基TCB(Trusted Computing Base)一被信赖的计算机系统使用足够的硬件和软件保障手段以允许同时处理一批敏感或秘密信息。这样的系统通常可通过实施TCB 来实现。TCB 是计算机系统内保护机制的全体,包括硬件、固件和软件,这些组件结合起来共同负责增强安全策略。TCB 由一个或多个组件构成。它们共同增强产品或系统的统一安全策略。TCB 正确增强统一策略的能力仅依赖于TCB 内部机制,以及系统管理员对安全策略相关参数(如一个用户的许可级别)的正确输入。
Virus Detectors.Virus detectors can be used to protect a network or an individual client.A virus can be considered a special form of intrusion involving the claic Trojan horse attack with the ability to reproduce and spread.The virus is normally considered to be limited to the authorizations of the user who is executing the code, but viruses may also exploit flaws in the network that allow them to cause a serious privilege state harm.
病毒检测器—病毒检测器可用来保护网络或个人客户。病毒可被看成具有复制和传播能力的特殊形式的攻击,包括传统特洛伊木马攻击。通常认为病毒会被限制在用户(正在执行代码的用户)认证的范围之内。但是,病毒也可以开拓网络中的缺陷,从而允许自身产生更严重的权限状态损害。
