• 博客等级:
  • 博客积分:0
  • 博客访问:219,842
  • 关注人气:22
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
正文 字体大小:


(2008-07-20 23:13:38)








The reason I talk about security

Author: Chad Perrin

作者:Chad Perrin

翻译:endurer,2008-07-20 第1版

Category: Security


Tags: Security, Chad Perrin

标签:安全,Chad Perrin



Security isn’t just for professionals any longer — it’s important for everyone to maintain a basic level of security awareness. Find out why.


《endurer注:1。any longer:(不)再》

IT Security isn’t just for the security professionals any longer.

Actually, it never was just for professionals. The fact that everyone should be paying attention to security is just increasingly obvious these days. Gone are the days when there is any excuse for saying things like, “I don’t have anything on my computer anyone wants.” It is increasingly obvious that, if nothing else, there are people out there who want your computer’s ability to send out spam and malware as part of a distributed botnet, sucking up your CPU clock cycles in the process.


《endurer注:1。excuse for:原谅
2。out there:向那边,到战场》

It takes only the most rudimentary familiarity with the security threats on the Internet these days to be aware of that fact. Unfortunately, a great many people lack even that rudimentary level of security awareness. That’s one reason I talk about security so much: there are a lot of people out there who aren’t even aware they need any computer security knowledge at all. I hope to be able to help educate them.


I spend a lot of time trying to help educate those a step or two up from that level, too. Obviously, just getting everyone interested in security isn’t the sum total of my reasoning for my evangelical zeal. Weak spots in security knowledge exist at pretty much every level of awareness among those whose main professional focus is not security (and, to tell the truth, among many security professionals as well). There are a lot of widely-held incorrect assumptions that are at best distracting, and can be directly damaging. What you don’t know can hurt you. Though I obviously cannot address every single security myth and shortcoming, I hope to be able to help people see past the limited patterns of thought that lead them into making security mistakes — by addressing the underlying principles of good security practice.

我花了大量的时间尝试帮助教育起步者或者更进一步者。显然,仅仅使每个人对安全产生兴趣并非是我传教热情的全部原因。安全知识的薄弱点几乎存在于那些主要专业重点不是安全的人士的每一个认识水平中(并且,说真的,其中也包括许多安全专业人士) 。有很多广为采用的不正确的假定正在被分布,并且可以直接造成损害。你所不知道的可能伤害你。虽然我显然不能讨论每一个单一安全神话和缺点,但我希望能够帮助人们看到在过去的受局限的、导致他们犯安全错误的思考模式——通过讨论下面的良好安全做法的原则。

《endurer注:1。pretty much:几乎
2。at best:充其量,至多》

Even that isn’t enough to explain why I expend so much effort trying to help others improve their security knowledge, however. There is also, for instance, the fact that IT professionals of all stripes need to be aware of the security impacts of their own areas of expertise, and how to ensure that their work contributes to better security, rather than detracting from it. Programmers need to learn to think like security professionals, to some extent, so that their influence on the architecture of the software they develop will tend toward greater security; network administrators and architects need to learn such skills to ensure that their implementations of networking technologies will not create terrible security debacles waiting to happen; Web developers need to think like a security professional, with all the practical paranoia that entails, so that they will realize the ways publicly accessible Web applications and services can be abused and twisted to nefarious ends, and plan accordingly.


《endurer注:1。all stripes:各行各业》

All of this is more superficial than the ultimate need I feel for spreading security awareness as widely throughout the population as possible. The lynchpin for my entire desire to evangelize on behalf of security awareness and good security practice is the simple fact that anyone’s security problems impact everybody, with only extremely rare exceptions.


Spam, viruses, and denial of service attacks are problems with which everybody on the Internet has to deal, one way or another. It wouldn’t be such a big problem if it wasn’t for all the home computers infected and recruited into botnet armies.


《endurer注:1。one way or another:以某种形式》

Illicit and unconscionable activities such as child-pornography peddling create problems for society as a whole, and pretty much everyone in it. Stopping it means, among other things, shutting down the distributions channels — which, in many cases, means securing systems that have been hijacked to provide a “safe” means of distribution on someone else’s server without that person’s knowledge.


《endurer注:1。among other things:其中(尤其,格外)》

Anyone whose life is impacted by identity fraud knows how destructive that kind of intrusion into one’s life can be. So long as there are e-commerce sites out there whose Web pages are vulnerable to cross-site scripting attacks, we’re at risk of having our personally identifying information and private access data intercepted. To guard against that, we need to ensure that people do not create such opportunities for malicious security crackers to take advantage of poorly designed Web applications.


While I certainly want you to be safe from malicious security crackers and vandals for your own sake, that’s really only a secondary concern for me. My primary concern is simple, and selfish:


《endurer注:1。for sb.'s own sake:出于对某人本身的兴趣;for one's own sake:为了自己的利益
2。be safe from:免受》

I don’t like being affected by spam, the social impact of many criminal activities facilitated by unauthorized access to others’ IT systems, and living in fear of being a target of identity fraud. I don’t like any of the other negative effects that spin off from various security issues people experience every single day, due in large part to their own ignorance, either. In short, I don’t want the mess created by your lack of good security practice to get all over my life.


《endurer注:1。social impact:社会冲击
2。in fear of:为...提心吊胆
3。spin off:作为副产品等而生产(摆脱)
4。every single day:每一天
5。get over:从(疾病、失望等)中恢复过来,克服(困难等);从...中恢复过来》

So . . . learn something new about security today; keep an open mind, so that you will not find ourself rejecting important security concerns based on thinking made rigid by corporate marketing campaigns; keep yourself and your data safe. While you’re at it, help others do the same, for your own sake.



阅读 评论 收藏 转载 喜欢 打印举报/Report
  • 评论加载中,请稍候...




    新浪BLOG意见反馈留言板 电话:4000520066 提示音后按1键(按当地市话标准计费) 欢迎批评指正

    新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

    新浪公司 版权所有