加载中…
个人资料
蜀山剑侠endurer
蜀山剑侠endurer
  • 博客等级:
  • 博客积分:0
  • 博客访问:219,842
  • 关注人气:22
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
相关博文
推荐博文
谁看过这篇博文
加载中…
正文 字体大小:

译>我讨论安全的原因

(2008-07-20 23:13:38)
标签:

it

安全

专家

威胁

垃圾邮件

病毒

拒绝服务攻击

The reason I talk about security
我讨论安全的原因

Author: Chad Perrin

作者:Chad Perrin


翻译:endurer,2008-07-20 第1版


Category: Security

类别:安全


Tags: Security, Chad Perrin

标签:安全,Chad Perrin

英文出处:http://blogs.techrepublic.com.com/security/?p=505&tag=nl.e101

导读:

Security isn’t just for professionals any longer — it’s important for everyone to maintain a basic level of security awareness. Find out why.

IT安全再不仅仅是专家们的事情了——它对保持基本级别的安全意识的每一人都是重要的。让我们一起来找出原因罢。

《endurer注:1。any longer:(不)再》


IT Security isn’t just for the security professionals any longer.
IT安全再不仅仅是专家们的事情了

Actually, it never was just for professionals. The fact that everyone should be paying attention to security is just increasingly obvious these days. Gone are the days when there is any excuse for saying things like, “I don’t have anything on my computer anyone wants.” It is increasingly obvious that, if nothing else, there are people out there who want your computer’s ability to send out spam and malware as part of a distributed botnet, sucking up your CPU clock cycles in the process.

实际上,它从来不仅仅是针对专家的。事实上,每个人都应该关注现在越来越明显的安全问题。能够以“我的电脑中没有什么其他人想要的东西”之类的话为借口的日子已经一去不复返了。越来越明显的情况是,如果没有别的,在这个过程中,有人会想占有您的计算机的能力来发送垃圾邮件和作为一个分布式僵尸网络的组成部分的恶意软件,榨取您的CPU时钟周期。

《endurer注:1。excuse for:原谅
2。out there:向那边,到战场》

It takes only the most rudimentary familiarity with the security threats on the Internet these days to be aware of that fact. Unfortunately, a great many people lack even that rudimentary level of security awareness. That’s one reason I talk about security so much: there are a lot of people out there who aren’t even aware they need any computer security knowledge at all. I hope to be able to help educate them.

如今只要对现在的互联网上的安全威胁有最起码的熟悉就会知道这一事实。不幸的是,很多人甚至缺乏这种最基本的安全意识。我谈论安全这么多的一个原因是:有很多人身在其中却完全不知道他们需要一些电脑安全知识。我希望能帮助教育他们。

I spend a lot of time trying to help educate those a step or two up from that level, too. Obviously, just getting everyone interested in security isn’t the sum total of my reasoning for my evangelical zeal. Weak spots in security knowledge exist at pretty much every level of awareness among those whose main professional focus is not security (and, to tell the truth, among many security professionals as well). There are a lot of widely-held incorrect assumptions that are at best distracting, and can be directly damaging. What you don’t know can hurt you. Though I obviously cannot address every single security myth and shortcoming, I hope to be able to help people see past the limited patterns of thought that lead them into making security mistakes — by addressing the underlying principles of good security practice.

我花了大量的时间尝试帮助教育起步者或者更进一步者。显然,仅仅使每个人对安全产生兴趣并非是我传教热情的全部原因。安全知识的薄弱点几乎存在于那些主要专业重点不是安全的人士的每一个认识水平中(并且,说真的,其中也包括许多安全专业人士) 。有很多广为采用的不正确的假定正在被分布,并且可以直接造成损害。你所不知道的可能伤害你。虽然我显然不能讨论每一个单一安全神话和缺点,但我希望能够帮助人们看到在过去的受局限的、导致他们犯安全错误的思考模式——通过讨论下面的良好安全做法的原则。

《endurer注:1。pretty much:几乎
2。at best:充其量,至多》

Even that isn’t enough to explain why I expend so much effort trying to help others improve their security knowledge, however. There is also, for instance, the fact that IT professionals of all stripes need to be aware of the security impacts of their own areas of expertise, and how to ensure that their work contributes to better security, rather than detracting from it. Programmers need to learn to think like security professionals, to some extent, so that their influence on the architecture of the software they develop will tend toward greater security; network administrators and architects need to learn such skills to ensure that their implementations of networking technologies will not create terrible security debacles waiting to happen; Web developers need to think like a security professional, with all the practical paranoia that entails, so that they will realize the ways publicly accessible Web applications and services can be abused and twisted to nefarious ends, and plan accordingly.

然而,即使这也不足以解释为何我会如此卖力地尝试帮助他人提高安全知识。此外,例如,事实上,各行各业的IT专业人员需要注意影响他们自己所属领域的安全,并如何确保他们的工作有助于更好的安全性,而非贬低它。在一定程度上,程序员需要学会像安全专家那样思考,从而影响他们所开发的的软件结构,将倾向于更大的安全;网络管理员和建筑师需要学习这种技能,以确保其实施的网络技术将不会产生定时的可怕安全事故。网页开发者需要像安全专家那样思考,利用所有必需的实际揣测,从而察觉到可公开访问的Web应用程序和服务可以被滥用和扭曲到相应的违法目的、计划的途径。

《endurer注:1。all stripes:各行各业》

All of this is more superficial than the ultimate need I feel for spreading security awareness as widely throughout the population as possible. The lynchpin for my entire desire to evangelize on behalf of security awareness and good security practice is the simple fact that anyone’s security problems impact everybody, with only extremely rare exceptions.

较之最终的需要,所有这一切更是肤浅,我感到要尽可能广泛地向公众传播安全意识。我传教安全意识和良好的安全习惯传的整个愿望的关键是一个简单的事实,即任何人的安全问题影响每一个人,鲜有例外。

Spam, viruses, and denial of service attacks are problems with which everybody on the Internet has to deal, one way or another. It wouldn’t be such a big problem if it wasn’t for all the home computers infected and recruited into botnet armies.

垃圾邮件,病毒,和拒绝服务攻击是每个上互联网的人都要以某种形式处理的问题。如果它不是针对性所有被感染和加入傀儡网络的家用电脑,就不会是这样一个大问题。

《endurer注:1。one way or another:以某种形式》

Illicit and unconscionable activities such as child-pornography peddling create problems for society as a whole, and pretty much everyone in it. Stopping it means, among other things, shutting down the distributions channels — which, in many cases, means securing systems that have been hijacked to provide a “safe” means of distribution on someone else’s server without that person’s knowledge.

不法的和不合理的活动,诸如,儿童色情贩卖,造成了对社会整体,并且几乎每个人都牵涉在内的问题。其中,停止它意味着,关闭散布渠道——在某些情况下,这意味着要加强系统安全,该系统被劫持用提供一个“安全”手段来在所有者不知道的情况下在其服务器上进行散布。

《endurer注:1。among other things:其中(尤其,格外)》

Anyone whose life is impacted by identity fraud knows how destructive that kind of intrusion into one’s life can be. So long as there are e-commerce sites out there whose Web pages are vulnerable to cross-site scripting attacks, we’re at risk of having our personally identifying information and private access data intercepted. To guard against that, we need to ensure that people do not create such opportunities for malicious security crackers to take advantage of poorly designed Web applications.

任何受身份欺诈干扰的人都知道各类个人生活侵扰具有怎样的破坏性。因此,只要有电子商务网站,该网站的网页有跨站点脚本攻击漏洞,我们就处于个人身份信息和私人访问数据被截获的危险中。要防范这些,我们需要确保人们不会创造这样的机会,让恶意安全侵入者们(crackers)利用设计不良的Web应用程序。

While I certainly want you to be safe from malicious security crackers and vandals for your own sake, that’s really only a secondary concern for me. My primary concern is simple, and selfish:

尽管我确实想让你们为了自己的利益而避免恶意安全侵入者们(crackers)和破坏者,但这对我而言真的只是次要问题,我的首要问题是简单,和自私的:

《endurer注:1。for sb.'s own sake:出于对某人本身的兴趣;for one's own sake:为了自己的利益
2。be safe from:免受》

I don’t like being affected by spam, the social impact of many criminal activities facilitated by unauthorized access to others’ IT systems, and living in fear of being a target of identity fraud. I don’t like any of the other negative effects that spin off from various security issues people experience every single day, due in large part to their own ignorance, either. In short, I don’t want the mess created by your lack of good security practice to get all over my life.

我不喜欢被骚扰,这些骚扰来自于垃圾软件,一些为未经授权访问他人的IT系统所促进的犯罪活动的社会影响,并且为成为身份欺诈的目标而提心吊胆地生活。我不喜欢任何其他的消极影响,这些影响源自各种安全问题给人们的体验,要么是在很大程度上应归咎于他们自己的无知。简而言之,我不希望您由于缺乏良好的安全实践而一塌糊涂,重蹈我的覆辙。

《endurer注:1。social impact:社会冲击
2。in fear of:为...提心吊胆
3。spin off:作为副产品等而生产(摆脱)
4。every single day:每一天
5。get over:从(疾病、失望等)中恢复过来,克服(困难等);从...中恢复过来》

So . . . learn something new about security today; keep an open mind, so that you will not find ourself rejecting important security concerns based on thinking made rigid by corporate marketing campaigns; keep yourself and your data safe. While you’re at it, help others do the same, for your own sake.

所以……学习一些与现在的安全相关的新知识;保持开放思维,这样你将不会发现自己为企业营销活动所羁绊而拒绝基于思考的重要安全观念;保持你自身和数据安全。当您在IT行业时,为了你自己,请同样帮助他人。

0

阅读 评论 收藏 转载 喜欢 打印举报/Report
  • 评论加载中,请稍候...
发评论

    发评论

    以上网友发言只代表其个人观点,不代表新浪网的观点或立场。

      

    新浪BLOG意见反馈留言板 电话:4000520066 提示音后按1键(按当地市话标准计费) 欢迎批评指正

    新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

    新浪公司 版权所有