计算机网络安全体系结构.ppt

计算机网络 安全体系结构 内容 1. 安全服务 2. 安全机制 3. 安全服务与安全机制的关系 4. 安全管理 5. 安全保护等级 Services, Mechanisms, Attacks need systematic way to define requirements consider three aspects of information security: security attack security mechanism security service consider in reverse order OSI安全体系结构 ITU-T推荐方案X.800 ISO 7498-2 RFC 2401 考虑信息安全的三个方面： 安全服务 安全机制 安全攻击 OSI Security Architecture ITU-T X.800 Security Architecture for OSI defines a systematic way of defining and providing security requirements for us it provides a useful, if abstract, overview of concepts we will study OSI安全体系结构 ITU-T X.800安全体系结构 确定了一个定义和提供安全需要的系统的方法 1. Security Service is something that enhances the security of the data processing systems and the information transfers of an organization intended to counter security attacks make use of one or more security mechanisms to provide the service replicate functions normally associated with physical documents eg have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 安全服务 安全服务RFC2828定义： 一种由系统提供的对系统资源进行特殊保护的处理或通信服务。 X.800将这些服务分为五类共十四个特定服务。 安全服务 X.800 ：a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers RFC 2828 : a processing or communication service provided by a system to give a specific kind of protection to system resources X.800 defines it in 5 major categories： 安全服务（X.800） 鉴别-assurance that the communicating entity is the one claimed 防止第三方主动攻击 访问控制 - prevention of the unauthorized use of a resource 防止越权 数据必威体育官网网址性 –protection of data from unauthorized disclosure 防止被动攻击 数据完整性 - assurance that data received is as sent by an authorized entity 防止主动攻击 不可否认性 - protection against denial by one of the parties in a communication防止通信双方 Authentication 鉴别：确保一个通信是可信的。它与保证通信的真实性有关。 鉴别服务涉及：对等实体鉴别 数据来源鉴别 assurance that the communicating entity is the one claimed 防止第三方主动攻击