Рабочая тетрадь для практических работ по дисциплине «Иностранный язык (английский)» в разделе «Профессионально-направленный модуль» для специальности 10.02.03 Информационная безопасность автоматизированных систем (ЗИ)
учебно-методический материал по английскому языку

РАБОЧАЯ

ТЕТРАДЬ

ДЛЯ ПРАКТИЧЕСКИХ РАБОТ ПО ДИСЦИПЛИНЕ

«ИНОСТРАННЫЙ ЯЗЫК(АНГЛИЙСКИЙ)» В РАЗДЕЛЕ

«ПРОФЕССИОНАЛЬНО-НАПРАВЛЕННЫЙ МОДУЛЬ»

ДЛЯ СПЕЦИАЛЬНОСТИ 10.02.03 ИНФОРМАЦИОННАЯ БЕЗОПАСНОСТЬ АВТОМАТИЗИРОВАННЫХ СИСТЕМ (ЗИ)

Коровкина Татьяна Владимировна

Содержание

Введение

Рабочая тетрадь предназначена для практических работ по дисциплине «Иностранный язык» в разделе «Профессионально-направленный модуль» для специальности 10.02.03 Информационная безопасность автоматизированных систем (ЗИ). Основное назначение рабочей тетради – закрепить и активизировать языковой и речевой материал раздела «Профессионально-направленный модуль», автоматизировать лексико-грамматические навыки при работе с профессионально-ориентированными текстами. Тексты сопровождаются методически грамотно построенным комплексом упражнений, помогающим обучаемым совершенствовать навыки и умения самостоятельной работы с текстом. Лексические упражнения нацелены на быстрое и качественное запоминание профессиональных терминов, используемых по специальности 10.02.03 Информационная безопасность автоматизированных систем (ЗИ)», на базе профессионально-ориентированных текстов.

Рабочая тетрадь состоит из шести уроков (Units) и двух приложений (Appendix 1), (Appendix 2).  Материал учебного пособия направлен на формирование профессионально-ориентированной коммуникативной компетенции студентов по направлению их будущей деятельности в области информационной безопасности. В основу каждого урока положен принцип развития речевой деятельности: чтения и устной речи. задания на закрепление лексики раздела, тексты с заданиями на выборочное и просмотровое чтение, работа по систематизации и освоению той части английской грамматики, которая характерна для научно-технической литературы. Все англоязычные тексты, используемые в пособии, взяты из оригинальной литературы: стандартов, научных статей, руководств пользователя информационными системами. Они сокращены, но не адаптированы. Разноуровневые упражнения к текстам направлены на формирование умений ознакомительного и изучающего чтения, а также профессионально-ориентированной коммуникативной компетенции. Основные темы текстов, которые представлены в пособии, это – методы и средства обеспечения безопасности информационных технологий, критерии оценки безопасности, в части функциональных требований и требований доверия, анализ рисков и управление безопасностью, криптографические методы и методы криптоанализа, способы и методы защиты информации в глобальных сетях и интрасетях. Приложение (Appendix 1) включают словарь профессиональных терминов и глоссарий, в приложении (Appendix 2) содержится краткий алгоритм реферирования текста по специальности.

Широкий спектр разнообразных практических заданий, организующих самостоятельную работу, требует от обучающихся творческого отношения при их выполнении (наличие заданий повышенной трудности), позволяет реализовать личностно-ориентированный подход при работе с обучающимися в разным уровнем подготовки и с разными интересами. Задания моделируют ситуации или используют реальные ситуации в целях анализа данного случая, поиска альтернативных решений и принятия оптимального решения проблем.

В тетрадь включены задания, готовящие обучающихся к объективному контролю и самоконтролю в процессе изучения английского языка.

Рабочая тетрадь соответствует уровню подготовки студентов по дисциплине «Иностранный язык (английский)» в разделе «Профессионально-направленный модуль» для специальности 10.02.03 Информационная безопасность автоматизированных систем (ЗИ)

Методические указания по изучению дисциплины.

В соответствии с ФГОС по дисциплине Иностранный язык (английский) для специальности 10.02.03 Информационная безопасность автоматизированных систем (ЗИ) студент должен:

Требования к результатам освоения дисциплины

Студент по итогам изучения курса должен обладать рядом компетенций: осуществлять поиск и использование информации, необходимой для эффективного выполнения профессиональных задач, профессионального и личностного развития (ОК4); использовать информационно-коммуникационные технологии в профессиональной деятельности (ОК5); работать в коллективе и в команде, эффективно общаться с коллегами, руководством, потребителями (ОК6); брать на себя ответственность за работу членов команды (подчиненных), результат выполнения заданий (ОК7); самостоятельно определять задачи профессионального и личностного развития, заниматься самообразованием, осознанно планировать повышение квалификации (ОК8); ориентироваться в условиях частой смены технологий в профессиональной деятельности (ОК9).

В результате изучения дисциплины студент должен

-знать: лексический (1200-1400 лексических единиц) и грамматический минимум, необходимый для чтения и перевода (со словарем) иностранных текстов профессиональной направленности.

-уметь: -общаться (устно и письменно) на иностранном языке на профессиональные и повседневные темы; переводить (со словарем) иностранные тексты профессиональной направленности; самостоятельно совершенствовать устную и письменную речь, пополнять словарный запас.

-владеть: практическими навыками устной и письменной речевой деятельности на иностранном языке в процессе профессиональной деятельности.

- демонстрировать: способность и готовность: применять полученные знания на практике

Структура практических занятий UNIT 1 – UNIT 3 включает в себя:

1. Texts. Тексты из оригинальных источников, раскрывающие фундаментальные понятия изобразительного искусства и рассказывающие об основных направлениях в искусстве и дизайне.
2. Exercises. Предтекстовые задания, облегчающие понимание текста; задания на проверку понимания содержания, стимулирующие развитие навыков на базе проблематики прочитанных текстов. Благодаря используемой системе упражнений данное пособие позволяет обучить студентов комплексу умений и навыков анализа смыслового содержания и логико-коммуникативной организации текста, необходимых как для полноты понимания читаемого, так и для его адекватного использования в речевой деятельности. Упражнения, направленные на обучение пониманию специальных материалов и использованию их в практической деятельности, прорабатывают основные проблемные области словообразования.
3. В конце каждого раздела имеются задания, которые могут использоваться либо для выполнения домашних заданий, либо выступать в качестве заданий для повторения пройденного материала во время занятий (Rrevision Task).
4. Если обучающийся в своей работе сталкивается с термином, требующим перевода или толкования, и не обнаруживает его в настоящем рабочей тетради, огромное количество профессиональных переводчиков, работающих на сайте www.proz.com, помогут решить любые языковые проблемы.
5. Приложение 1. (Appendix 1). Содержит языковой комментарий (Глоссарий), представляющий собой словарь с наиболее частотной лексикой и выражениями, встречающимися в сфере дизайнерской работы. Содержит лингвистический комментарий, объясняющий смысл основных профессиональных терминов.
6. Приложение 2. (Appendix21). содержится краткий алгоритм реферирования текста по специальности.

UNIT 1. LOCAL AREA NETWORKS. ЛОКАЛЬНЫЕ СЕТИ.

TEXT 1. A Brief History of Local Area Nets (LANs).

Pre-reading assignment 

Exercise 1. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart. Study the table of borrowings from Greek and Latin origin.

2. Put the sentences into the plural.

3. Translate the sentences into English.

Exercise 4. Read and translate the text using a dictionary.

A local area network is a system, which allows microcomputers to share information and recourses within a limited, local area generally less than one mile from the server to a workstation. In other words, LAN is a communication network used by a single organization. Although it is only with the arrival of the microcomputer, that companies have been able to implement LANs, the concept itself is not new.

 The first computers in the 1950s were mainframes. Large, expensive, and reserved for very few select users, these monsters occupied entire buildings. Costing hundreds of thousands of dollars, these large computers were not able to run the newer, more sophisticated business programs that were coming out for IBM PCs and their compatibles. By the mid-1980s, thousands of employees began bringing their own personal computers to work in order to use the new business software written for PCs. As employers began exchanging floppy disks and keeping their own databases, companies met serious problems with maintaining the integrity of their data.

LANs offered a solution to such problems. LANs represent a logical development and evolution of computer technology. A network consists of two main elements - the physical structure that links the equipment, and the software that allows communication. The physical distribution of nodes is a network topology, while the rules, which determine the formats by which the information may be exchanged, are known as protocols. The first LANs were relatively primitive. Faced with a serious shortage of software designed for more than one user, the first LANs used file locking, which allowed only one user at a time to use a program.

Gradually, however, the software industry has become more sophisticated, today's LANs offer power, complex accounting and productivity programs to several users at the same time. Each microcomputer attached to the network retains its ability to work as an independent personal computer running its own software.

Types of physical configuration for LANs

There are different ways a local area network can operate. Keep in mind that the form of the LAN does not limit the media of transmission. One of the oldest types of network is the star, which uses the same approach to sending and receiving messages as a telephone system. It means that all messages in a LAN star topology must go through a central computer that controls the flow of data. It is easy to add new workstations to the LAN and allow the network administrator to give certain nodes higher status than others. The major weakness of the star architecture is that the entire LAN fails if anything happens to the central computer.

 Another major network topology is the bus. In many such networks, the workstations check whether a message is coming down the highway before sending their message. Because all workstations share the same bus, all messages pass other workstations on the way to their destination. Many low-cost LANs use bus architecture. Advantage of the bus topology is that the failure of a single workstation does not cripple the rest of the network.

 However, too many messages can slow down the network speed. A ring topology consists of several nodes joined together to form a circle where all workstations must have equal access to the network. In a token ring LAN, a data packet, known as a token is sent from the transmitting workstation through the network. The token contains the address of the sender and the address of the node to receive the message. If the monitoring node fails, the network remains operative. The network may withstand the failure of various workstations. Additional ring networks can be linked together through bridges that switch data from one ring to another.

 To provide some level of uniformity among network vendors, the International Standards Organization has developed Open Systems Interconnection standards. Different computers networked together need to know in what form they will receive information. The Open Systems Interconnection standards consist of a seven- layer model that ensures efficient communication within a LAN and among different networks.

Vocabulary and Grammar Exercise 

Exercise 5. Find in the text English equivalents for the Russian words:

Exercise 6. Match the concepts with their descriptions:

Exercise 7. Fill in each gap with the words from the given table:

History of LAN

The increasing (1) ____ and use of computers in universities and research labs in the late 1960s generated the need to (2) ___ high-speed interconnections between computer systems.

A number of experimental and early commercial LAN (3) ____ were developed in the 1970s. Cambridge Ring was developed at Cambridge (4) ___ starting in 1974. Ethernet was developed at Xerox PARC between 1973 and 1974.

The development and (5) ____ of personal computers using the CP/M operating system in the late 1970s, and later DOS-based systems starting in 1981, meant that many (6) ___ grew to dozens or even hundreds of computers.

 The concept was marred by proliferation of incompatible physical layer and network (7) ____ implementations, and a plethora of methods of sharing resources. Typically, each (8) ___ would have its own type of network card, cabling, protocol, and network operating system. A solution appeared with the advent of Novell NetWare which (9) ___ even-handed support for dozens of competing card and cable types, and a much more sophisticated operating system than most of its competitors. NetWare dominated the personal computer LAN business from early after its introduction in 1983 until the mid-1990s when (10) ___ introduced Windows NT.

Exercise 8. Chose the right variant and underline it.

1. The money (is, are) on the desk.
2. Where (is, are) the money? Where did you put (it, them)! I can’t find (it, them).
3. - He is making a lot of money.

-And what does he do with (it, them)?

4. What (is, are) the news?
5. The news (is, are) very good.
6.  I have got very good news for you. Where (do, does) it come

from?

7.  There (is, are) no news.
8.  His progress in French (is, are) not surprising. His wife is a teacher of French.
9.  This information (come, comes) from the journal.
10.  I often followed his advice. (It was, they were) good.
11.  There (is, are) no news at the moment.
12.  His knowledge of accounting (is, are) very good.

Exercise 9. Translate the sentences into Russian paying attention to the “either…or”.

1. You can either use this method or that one.

______________________________________________________________________

______________________________________________________________________

2. When there is a crisis, they either do nothing of do something useless.

______________________________________________________________________

______________________________________________________________________

3. You can use either a diskette or a disk.

______________________________________________________________________

______________________________________________________________________

4. You must answer either yes or no.

 ______________________________________________________________________

5. You can either walk or take a lift.

______________________________________________________________________

Task for Revision

Exercise 10. Find key words and sentences in each paragraph of the text Summarize the main idea of the text. Write the abstracting on the text.

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Exercise 11. Answer the following questions according to the information given in the text: 

1. What is a LAN?

___________________________________________________________________________________________________________________________________________

2. When did office workers begin bringing personal computers to their workplaces?

______________________________________________________________________________________________________________________________________

3. What does a network consist of?

________________________________________________________________________________________________________________________________________

4. What is a network topology?

_____________________________________________________________________________________________________________________________________

5. What can modern LANs offer to a user?

___________________________________________________________________________________________________________________________________________

6. Does the form of the LAN limit the media of transmission?

__________________________________________________________________________________________________________________________________________

7. What is the oldest type of the net connection?

_____________________________________________________________________________________________________________________________________________

8. What does a ring topology consist of?

________________________________________________________________________________________________________________________________________

9. What is the main function of the International Standards Organization?

________________________________________________________________________________________________________________________________________

10. What net is it easier to administrate and why?

_____________________________________________________________________________________________________________________________________

UNIT 2. NETWORKS AND TELECOMMUNICATIONS. СЕТИ И ТЕЛЕКОММУНИКАЦИИ.

TEXT 1. The Networking.

Pre-reading assignment 

Exercise 1. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart.

Exercise 2. Translate the following statements into Russian paying attention to the forms of the Participles (Participle I, Participle II).

Exercise 3. Read and translate the text using a dictionary.

The term internetworking refers to linking individual LANs together to form a single internetwork. This internetwork is sometimes called an enterprise network because it interconnects all of the computer networks throughout the entire enterprise.  

There are three major types of devices used for internetworking: bridges, routers, and switches.  

Bridges and routers are both special kinds of devices used for internetworking LANs that is, linking different LANs or LAN segments together. Many organizations have LANs located at sites that are geographically distant from each other. Routers were originally designed to allow users to connect these remote LANs across a wide area network, but bridges can also be used for this purpose. By placing routers or bridges on LANs at two distant sites and connecting them with a telecommunications link, a user on one of the LANs can access resources on the other LAN as if those resources were local.

Bridges and routers link adjacent LANs. Local bridges and routers were first used to extend the area a network could cover by allowing users to connect two adjacent LANs to maintain performance by reducing the number of users per segment. Both Ethernet and Token Ring specify limits on maximum distances between workstations and hubs, hubs and hubs, and a maximum number of stations that can be connected to a single LAN. To provide network connectivity for more people, or extend it to cover a larger area, it is sometimes necessary to link two different LANs or LAN segments. Bridges and routers can both provide this function.

Today, however, these internetworking devices are also increasingly used to segment LANs to maintain performance by reducing the number of users per segment. When users on a single LAN begin to experience slower response times, the culprit is often congestion: too much traffic on the LAN. One method users are employing to deal with this is to break large LANs with many users into smaller LANs, each with fewer users. Adding new network users may require the organization to create new LANs to accommodate them. Implementing new applications on an existing LAN can create so much incremental traffic that the organization may need to break the LAN into smaller LANs segments to maintain acceptable performance levels.

In all of these cases, it is still critical that users on one LAN be able to reach resources on other LANs within the organization. But the LANs must be connected in such a way that packets are filtered, so that only those packets that need to pass from one LAN to another are forwarded across the link. This keeps the packets sent between two stations on any one LAN from crossing over onto the other LANs and thereby congesting them. A general rule of thumb suggests that 80 percent of the packets transmitted on a typical workgroup or department LAN are destined for stations on that LAN. Both bridges and routers can be used to segment LANs.

Bridges are the simpler, and often less expensive, type of device. Bridges filter packets between LANs by making a simple forward/don't forward decision on each packet they receive from any of the networks they are connected to. Filtering is done based on the destination address of the packet. If a packet's destination is a station on the same segment where it originated, it is not forwarded. If it is destined for a station on another LAN, it is connected to a different bridge port and forwarded to that port. Many bridges today filter and forward packets with very little delay, making them good for large traffic volumes.

Routers are more complex internetworking devices and are also typically more expensive than bridges. They use Network Layer Protocol Information within each packet to route it from one LAN to another. This means that a router must be able to recognize all of the different Network Layer Protocols that may be used on the networks it is linking together. This is where the term multiprotocol router comes from a device that can route using many different protocols. Routers communicate with each other and share information that allows them to determine the best route through a complex internetwork that links many LANs.

Switches are another type of device used to link several separate LANs and provide packet filtering between them. A LAN switch is a device with multiple ports, each of which can support a single end station or an entire Ethernet or Token Ring LAN. With a different LAN connected to each of the switch's ports, it can switch packets between LANs as needed. In effect, it acts like a very fast multiport bridge packets are filtered by the switch based on the destination address.

Switches are used to increase performance on an organization's network by segmenting large networks into many smaller, less congested LANs, while still providing necessary interconnectivity between them. Switches increase network performance by providing each port with dedicated bandwidth, without requiring users to change any existing equipment, such as NICs, hubs, wiring, or any routers or bridges that are currently in place. Switches can also support numerous transmissions simultaneously.

Deploying technology called dedicated LANs is another advantage of using switches. Each port on a Fast Ethernet switch supports a dedicated 100 Mbps Ethernet LAN. Usually, these LANs comprise multiple stations linked to a 100BASE-TX hub, but it is also possible to connect a single high-performance station, such as a server, to a switch port (Fig.1).

Fig. 1. LAN Switch

Using LAN switches allows a network designer to create several small network segments. These smaller segments mean that fewer stations are competing for bandwidth, thereby diminishing network congestion.

In this case, that one station has an uncontested 100 Mbps Fast Ethernet LAN all to itself. Packets forwarded over it from other ports on the switch will never produce any collisions because there are no other stations on the LAN at that port.

As was noted earlier, LAN switching is a relatively new technology. Today's switching devices switch relatively large, variable-length LAN packets between different local area networks. ATM is another type of switching technology that switches small, fixed-length cells containing data. ATM networks can be run at much higher data rates than today's LANs. Eventually, they will be used to carry voice, video, and multimedia traffic, as well as computer-generated data over both short and long distances. ATM will be one of the dominant enterprise networking technologies of the future, and many companies are beginning to develop strategies to incorporate ATM in their existing LANs and LAN internet works.  

Vocabulary and Grammar Exercise 

Exercise 4. Find in the text English equivalents for the Russian words:

Exercise 5. Match the English words (1 – 8) with their English definitions (a - h):

Exercise 6. Fill in each gap with the words from the given table:

Setting Up a Basic LAN

1. Gather your network hardware. To create a LAN, you'll need (1) ___ or switch, which will act as (2) ___ of your network. These devices route information to the correct computers. A router will automatically handle assigning IP addresses to each device on the network, and is necessary if you intend to share your internet connection with all the connected devices. It is highly recommended that you build your network with a router, even if you're not sharing an internet connection. (3) ___ switch is like a simpler version of a router. It will allow connected devices to talk to each other, but will not automatically assign IP addresses and will not share an internet connection. Switches are best used to expand the number of LAN ports available on the network, as they can be connected to the router.

2. Set up your router. You don't need to do much to set up a router for a basic LAN. Just plug it into a power source, preferably close to your modem if you plan on sharing (4) ____ connection through it.

3. Connect your modem to your router (if necessary). If you're sharing the internet connection from your modem, connect the modem to the WAN/INTERNET port on the router. This is usually a different color from the other ports.

4. Connect your switch to your router (if necessary). If you're using a switch to expand the number of ports available on the router, plug an Ethernet cable into any LAN port on the router and any LAN port on the switch. This will (5) ___ the network to the rest of the LAN ports on the switch.

5. Connect your computers to open LAN ports. Use Ethernet cables (6) ___ each computer to an open LAN port on your router or switch. It doesn't matter what order the ports are connected in. Ethernet cables cannot reliably (7) ___ data at lengths larger than 100m (328 ft).

6. Setup one PC as a DHCP server if you're just using a switch. If you're only using a switch as your network hub, setting up one computer as a DHCP (Dynamic Host Configuration Protocol) server will allow all of the connected computers to easily obtain IP (8) ____. You can quickly create a DHCP server on one of your computers by installing a third-party (9) ___. The rest of the computers on the network will obtain IP addresses automatically once the server is running, as long as they are set to do so.

7. Verify the network connection on each computer. After each computer (10) ___an IP address, they'll be able to talk to each other on the network. If you're using a router to share your internet connection, each computer will be able (11) ___ the internet.

8. Set up file and printer sharing. Once your network is (12) ____, you won't see anything on other computers unless that computer has shared files. You can (13) ___ files, folders, drives, printers, and other devices as shared so that anyone on the network, or just specific users, can access them.

Exercise 7. Match the words in Column A with the synonyms in Column B.

Exercise 8. Study the difference between the verbs of action (denote facts) and modal verbs (denote possibilities). Translate the groups of sentences into Russian.

Task for Revision

Exercise 9. Find key words and sentences in each paragraph of the text Summarize the main idea of the text. Write the abstracting on the text.

__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Exercise 10. Answer the following questions according to the information given in the text: 

1. What are the similarities and differences between a router and a bridge?

_____________________________________________________________________________________________________________________________________________________________________________________________________________________

2. What are switches used for?

_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

TEXT 2. Peer-to-peer versus a client-server.

Pre-reading assignment 

Exercise 1. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart.

Exercise 2. Complete the gaps in this summary of the text using passive forms of the verbs:

The problem of operating systems unreliability and insecurity (1) ______ in the text. Current operating systems (2) _____ unreliable and insecure due to two characteristics: they are huge and they have very poor fault isolation. Fortunately, the situation is not hopeless. More reliable operating systems (3) ______ by researchers. There are four different approaches to the problem solving. In the Nooks approach, each driver (4) ______ in a software jacket to carefully control its interactions with the rest of the operating system, but it leaves all the drivers in the kernel. In the paravirtual machine approach the drivers (5) ______ to one or more machines distinct from the main one. Both of these approaches (6) _______ to improve the reliability of existing operating systems. In two other approaches legacy operating systems (7) ______ with more reliable and secure ones. The multiserver approach runs each driver and operating system component in a separate user process. Finally, in the most radical approach, a type-safe language, a single address space, and formal contracts (8) ______ to carefully limit what each module can do. Thus, microkernels (9) _____ in three of the four research projects, but it (10) __ not _____ which of these approaches (11) ____ widely ______.

Exercise 3. Read and translate the text using a dictionary.

Every network, regardless of whether it is “peer-to-peer” or “client – server” based requires some form of special software in order to control the flow of information between the users being networked. A Network Operating System, or "NOS", is installed on each computer requiring network access. The NOS monitors, and at times controls, the exchange and flow of files, email, and other network information.  

Network Operating Systems are classified according to whether they are peer-to-peer or client-server Network Operating Systems. A Peer-to-peer capable network operating system, such as Windows 95, Windows 98 and Windows for Workgroups are usually the best choices for home and small office networks. They do an excellent job of sharing applications, data, printers, and other local resources across a handful of computers. Client-Server network operating systems, such as Windows NT and Novel NetWare are better for larger scale organizations that require fast network access for video, publishing, multimedia, spreadsheet, database, and accounting operations. However, with the recent decreases in hardware costs, don't shy away from a client-server installation in your home or home-office if you feel that faster network access for such things as streaming video, video and web page publishing and database operations would make life easier for you.  

Peer-to-Peer Networks:  

Peer-to-peer networks allow you to connect two or more computers in order to pool their resources. Individual resources such as disk drives, CD-ROM drives, scanners and even printers are transformed into shared resources that are accessible from each of the computers.

Unlike client-server networks, where network information is stored on a centralized file server computer and then made available to large groups of workstation computers, the information stored over a peer-to-peer network is stored locally on each individual computer. Since peer-to-peer computers have their own hard disk drives that are accessible and sometimes shared by all of the computers on the peer-to-peer network, each computer acts as both a client (or node) and a server (information storage). Although not capable of handling the same rate of information flow that a client-server network would, all three computers can communicate directly with each other and share each other's resources.

A peer-to-peer network can be built with either 10BaseT cabling and a hub (as above) or with a thin coax backbone (10Base2). 10BaseT is best for small workgroups of 16 or fewer computers that are not separated by long distances, or for workgroups that have one or more portable computers that may be disconnected from the network from time to time.

Once the networking hardware has been installed, a peer-to-peer network software package must be installed on each of the computers. This software package allows information to be transferred back and forth between the computers, hard disks, and other devices connected to the computers or to the network when users request it. Windows 95 and Windows 98 both have networking software built into the operating system and you can add other forms of peer-to-peer network operating software such as Artisoft LANtastic, and NetWare Lite. Frankly though, if you already have Windows 95 or Windows 98 (including Windows 98 Second Edition), there's really no need for additional networking software unless you have a software package that requires it.

Most network operating system software (such as Windows 95 and Windows 98) allows each peer-to-peer computer to determine which resources will be available for use by all other users of the remaining computers on the network. Specific hard and floppy disk drives, directories, files, printers, and all other resources can be attached or detached from the network via software. When one computers disk has been configured so that it is being shared, it will usually appear as a new or additional drive to the other computer users. As an example, if user A has an A and C drive on his computer, and user B configures his entire C drive so that it is shared, user A can map to the user B's C drive and have an A, C, and D drive (user A's D drive is actually user B's C drive). Directories operate in a similar fashion. If user A has an A & C drive, and user B configures his "C:\WINDOWS" and "C:\DOS" directories as sharable, user A can map to those directories and then have an A, C, D, and E drive (user A's D is user B's C:\WINDOWS, and E is user B's C:\DOS). Did you get all of that?

Because drives can be easily shared between peer-to-peer computers, data only needs to be stored on one computer, not two or three. As an example, let's say that three computers have Microsoft Word installed. Instead of saving documents and other data on all three machines, you can save all of the documents on one computer.

The advantages of peer-to-peer over client-server NOSs include:  

•        No need for a network administrator.  

•        Network is fast and inexpensive to setup and maintain.  

•        Each computer can make backup copies of its data to other computers for security.  

•        Peer-to-peer is, by far the easiest type of network to build for either home or office use.  

Client-Server Networks:

In a client-server environment like Windows NT or Novell NetWare, files are stored on a centralized, high speed file server PC that is made available to client PCs. Network access speeds are usually faster than those found on peer-to -peer networks, which is reasonable given the vast numbers of clients that this architecture can support. Nearly all network services like printing and electronic mail are routed through the file server, which allows networking tasks to be tracked. Inefficient network segments can be reworked to make them faster, and users' activities can be closely monitored. Public data and applications are stored on the file server, where they are run from client PCs' locations, which makes upgrading software a simple task. Network administrators can simply upgrade the applications stored on the file server, rather than having to physically upgrade each client PC.  

 The primary applications and files used by each of the clients are stored in a common location on the file server. File servers are often set up so that each user on the network has access to his or her "own" directory, along with a range of "public" or shared directories where applications and data are stored. If the clients want to communicate with each other, they must do so through the file server. A message from one client to another client is first sent to the file server, where it is then routed to its destination by the server. It becomes obvious then, that if you were to have tens or hundreds of client computers, a file server would be the only way to manage the often complex and most times simultaneous operations and transactions that large networks with many clients would generate.

Vocabulary and Grammar Exercise 

Exercise 4. Find in the text English equivalents for the Russian words:

Exercise 5. Make these statements T (true) or F (false) according to the information in the text:

1. The NOS is the "brain" of the entire network, acting as the command center and enabling the network hardware and software to function as one cohesive system.  
2. Client-server NOS can be useful at home and small offices as well as in large organizations.
3. The information stored over a client-server network is stored locally on each individual computer.
4. Network access speed on client-server network is faster than on peer-to-peer networks.
5. In a client-server network resources and data security are controlled through the server.

Exercise 6. Match the concepts “Client-Server” (C) and “Peer-to-Peer” (P) with the key criteria which denotes these concepts.

Exercise 7. Fill in each gap with the words from the given table:

Working on (1) _____ for long you may have heard (2) ____ Client-Server and Peer-to-Peer. These two are the common network (3) ___ that we use in our day-to-day life. The Client-Server network model (4) ___ on information sharing whereas, the Peer-to-Peer network model focuses on connectivity to the (5) _____ computers.

The (6) ____ difference between Client-Server and Peer-to-Peer network is that there is a dedicated server and (7) ___ clients in the client-server network model whereas, in peer-to-peer each (8) ___ can act as both server and client. In the client-server model, the server (9) __ services to the client.

The main (10) ___ between the Client-Server and Peer-to-Peer network model is that in Client-Server model, the data management (11) ___ whereas, in Peer-to-Peer each user has its own data and (12) ____.

Exercise 8. Use the right form of the verbs.

1. Listen to him, please. He (1) (speaks, is speaking) Chinese.
2. She often (2) (speaks, is speaking) French when she (3) (travels, is travelling) in France.
3. Mary is in the office now. She is very busy. She (4) (works, is working) on the computer.
4. What foreign languages (5) (does your friend learn, is your friend learning) now?
5. What (6) (do you read, are you reading) now?
6. The family (7) (owns, is owning) a big house in the country.
7. Most of the students (8) (were listening, listened) to the teacher but Mary (9) (was reading, read) a history book. She (10) (hated, was hating) math.
8. These people never (11) (owned, were owning) a house. They always (12) (lived, were living) in apartments.
9. Everyone (13) (was reading, read) quietly when the door (14) (was opening, opened) and a policeman came in.

Task for Revision

Exercise 9. Find key words and sentences in each paragraph of the text Summarize the main idea of the text. Write the abstracting on the text.

__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Exercise 10. Answer the following questions according to the information given in the text: 

1. What network operating systems are referred to “peer-to-peer” and “client-server” NOSs?

____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

2. What types of NOS are used in small offices and large organizations?

What are switches used for?

____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

3. Where is network information stored in “peer-to-peer” and “client-server” NOSs?

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

UNIT 3. THE SYSTEMS OF ARTIFICIAL INTELLIGENCE. СИСТЕМЫ ИСКУССТВЕННОГО ИНТЕЛЛЕКТА.

TEXT 1. OCR Technology.

Pre-reading assignment 

Exercise 1. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart.

Exercise 2. Read and translate the text using a dictionary.

Optical character recognition or optical character reader (OCR) is the mechanical or electronic conversion of images of typed, handwritten or printed text into machine-encoded text, whether from a scanned document, a photo of a document, a scene-photo (for example the text on signs and billboards in a landscape photo) or from subtitle text superimposed on an image (for example from a television broadcast).

Widely used as a form of information entry from printed paper data records – whether passport documents, invoices, bank statements, computerized receipts, business cards, mail, printouts of static-data, or any suitable documentation – it is a common method of digitizing printed texts so that they can be electronically edited, searched, stored more compactly, displayed on-line, and used in machine processes such as cognitive computing, machine translation, (extracted) text-to-speech, key data and text mining. OCR is a field of research in pattern recognition, artificial intelligence and computer vision.

Early versions needed to be trained with images of each character, and worked on one font at a time. Advanced systems capable of producing a high degree of recognition accuracy for most fonts are now common, and with support for a variety of digital image file format inputs. Some systems are capable of reproducing formatted output that closely approximates the original page including images, columns, and other non-textual components.

Optical Character Recognition (OCR) – used extensively throughout business and government – examines scanned bitmap images of machine-printed text and translates the characters into ASCII text files that can be edited. For instance, paper checks contain number series written in machine print designed to minimize recognition errors. These codes contain bank routing numbers, the holder’s account numbers and other information required to process paper transactions. Machine print conversion is largely a solved problem in this application, as OCR software was included in the first commercial systems that automated machine print text recognition.

Optical Character Recognition (OCR) systems recognize only machine print. Using pattern-matching technology, OCR translates the shapes and patterns of machine-made characters into corresponding computer codes. Though most advanced systems are able to recognize multiple fonts, they can process only standard fonts such as Times Roman and Arial. Once all characters in a given word are recognized, the word is compared against a vocabulary of potential answers for the final result.  

Character recognition then segments lines of text or words into separate characters that are recognized by the makeup of their component shapes. Machine printed letters are evenly spaced across, and up-and-down, a given page, allowing the OCR system to read the text one character at a time. Segmentation into single characters represents a critical recognition failure point for forms processing organizations, because OCR recognition technology requires high-quality images with excellent contrast, character and clarity.  Any text that is less than perfect will cause even the most sophisticated OCR systems to return significant reductions in accuracy when processing degraded images. For example, when characters break apart due to poor image quality, or if multiple characters merge due to blurred or dark backgrounds between them, recognition accuracy may be reduced by as much as 20 percent.

The most commonly accepted OCR accuracy measurement is represented by the percentage of characters correctly read on a given page of text, and systems vary widely, achieving 95 to 99 percent accuracy. But accuracy rates at anything below 100 percent can translate into huge productivity losses. An entire application or verification process could be compromised if even 5 percent of the data is either entered incorrectly or misread. Therefore, OCR systems must have the ability to ‘proofread’ results, mark characters the system does not recognize, and send rejected text to human operators for manual processing. Needless to say, such human intervention increases costs and delays.

Intelligent Character Recognition (ICR) converts hand printed characters to their machine print (ASCII) equivalents, representing a significant step forward in technology when compared to older OCR systems that only read machine print. The ability to recognize handprint significantly broadens the range of applications that benefit from automated ICR solutions, saving time and increasing accuracy to levels not attainable by OCR or human intervention.  

ICR software is based on the science of neural networks that behave like the human brain when processing information. Because ICR can handle variations in character shape, the term 'intelligent' is combined with 'character recognition' to describe handprint recognition.  

Principles of ICR Technology  

Hand printed characters are created by humans, so understanding and interpreting the patterns of human writing is far more complicated than converting simple machine print, because no two people ever write identical characters. Factors such as mood, environment, or stress all conspire to create variations in character writing, causing individuals to form characters differently each time they write or fill out a form. Variations will even appear within the same word, depending on where a character appears. Also, keep in mind that hand printed characters are never evenly spaced across the page, making it difficult for recognition systems to reliably segment words into their component characters. Like OCR engines, ICR engines execute recognition character-by-character and start by segmenting words into their component characters. Because ICR technology recognizes separate words or word combinations, such as form fields, letters cannot be written sloppily or stuck together.  

Intelligent Recognition technology

The basic principle of Parascript® Intelligent Recognition states that handwriting, when reduced to its most basic components, is essentially motion, or a series of movements, made by a writing instrument. According to this theory, any handwriting can be described using elements of a special description language. The eight elements that make up the trajectories of all cursive letters (Figure 1 below) form a ring that illustrates the possible transitions of neighbor elements.  

Figure 2 - An example of the letter ‘d’ described using motion theory. The order of elements in the letter description follows the trajectory of a pen. Horizontal lines show the vertical position on the image associated with each element in the letter description.  

Both OCR and ICR deliver high accuracy when analyzing constrained text (OCR with machine print and ICR with handprint) but are ineffective when dealing with cursive, where letters are linked together, and may be poorly written or even illegible. Consider a situation where the symbol segmentation of an image is ambiguous. In Figure 3 below, an OCR/ICR recognition system could determine that the first symbol is a ‘d’ or a combination of a ‘c’ and an ‘l’. Depending on the segmentation, the reading result produced by a letter-based recognition technology may be completely different: ‘clear’ in the first case and ‘dear’ in the second.  

As accurate character segmentation is critical, Intelligent Recognition can often recognize poor-quality text that would be impossible for OCR and ICR systems to recognize. Intelligent Recognition dynamically uses context in a process similar to the one humans employ when reading and interpreting text to compensate for the inherent ambiguity of human handwriting. The context is used during the recognition process rather than after recognition, when results might already have been misinterpreted, thus improving the accuracy of results. Again, going back to Figure 3, it is not clear if the first symbol is a‘d’ or a combination of a ‘c’ and an ‘l’.

The dynamic vocabularies contained in Intelligent Recognition systems do not analyze and store all possible hypotheses of segmentation. If the dynamic vocabulary does not contain a combination of ‘c’ and an ‘l’ at the beginning of the word, the only possible segmentation solution is ‘d’. The dynamic usage of context eliminates all impossible combinations from the solution set, enabling the evaluation of results ‘on the fly’ during the recognition process. Dynamic context, therefore, provides the highest possible recognition accuracy, because it eliminates the impossible results in real time, during the recognition process.  

Intelligent Recognition technology often recognizes text that is considered to be of poor quality or even completely unacceptable for OCR and ICR technologies, therefore further improving the recognition rates when compared to other systems. Working with high quality machine print, OCR provides recognition accuracy of nearly 100 percent (99.9 %), a level of accuracy acceptable for many forms processing applications. ICR cannot guarantee the same levels of accuracy that OCR systems deliver on machine print due to the inherent problems of reading handprint spacing variations, diversity of human writing styles, etc. Instead, state of the art ICR systems provide the same recognition accuracy for a certain part of the data stream, while the data that cannot be reliably read continue to be sent for visual verification. The following mechanism is used by ICRs to ensure the accuracy required by the application. The stream of images is divided into two parts: those that were recognized reliably with a required accuracy (accepted), and those for which the system does not guarantee the required accuracy (rejected).

Intelligent Recognition further improves recognition rates and accuracy when compared to traditional machine print (OCR) and handprint (ICR) engines through field recognition and cross-validation of results.

Intelligent Recognition recognizes a field not a character, and consequently a whole field is either accepted or rejected. Conversely, in the case of a rejected field Intelligent Recognition technology additionally provides information about unreliable characters. Second, the reject mechanism is tuned so thoroughly that it allows accuracy up to 0.1% for the texts of low quality.  

Computing power alone is not able to deliver high recognition results without a human-like recognition approach. Intelligent Recognition employs the most advanced methods of single character recognition while using sophisticated algorithms to cross-validate results during the recognition process.  

Intelligent Recognition advances the state of recognition technology, exploiting the strengths and capabilities of its predecessors – OCR and ICR systems, while eliminating their inherent limitations. Intelligent Recognition technology delivers highly accurate machine print, handprint and cursive recognition results, helps eliminate laborious human data entry and has become a proven solution for a broad range of the most demanding applications for government posts, commercial mailers, banks, financial institutions and data processing centers.

Vocabulary and Grammar Exercise

Exercise 3. Find in the text English equivalents for the Russian words:

Exercise 4. Match the terms in Table A with the statements in Table B:

Exercise 5. Fill in each gap with the words from the given table:

Intelligent Recognition technology

Intelligent Recognition technology often (1) ___ text that is considered to be of (2) ___ quality or even completely unacceptable for OCR and ICR (3) ___, therefore further improving the recognition (4) ____ when compared to other systems. Working with high quality machine (5) ___, OCR provides recognition (6) ___ of nearly 100 percent (99.9 %), a level of accuracy acceptable for many forms processing (7) ___. ICR cannot guarantee the same levels of accuracy that OCR systems (8) __ on machine print due to the (9) ___ problems of reading handprint spacing variations, diversity of (10) ___ writing styles, etc. Instead, state of the art ICR systems (11) ___ the same recognition accuracy for a certain part of the data stream, while the (12) ___ that cannot be reliably read continue to be sent for visual verification. The following mechanism is used by ICRs to ensure the accuracy required by the application. The stream of images is divided into two parts: those that were recognized reliably with a required accuracy (accepted), and those for which the system does not guarantee the (13) ____ accuracy (rejected).

Exercise 6. Match the collocating words (1 - 11) and (a - k) to make word combinations as they go together in the text.

Exercise 7.  Match the two halves of the sentences:

Expert Systems are an area of AI that explores how to computerize the expertise of a human expert.

Exercise 8. Translate the sentences into Russian. Pay attention to the Comparative pattern “the more... the better” (“чем (больше)... тем (лучше)”)

Task for Revision

Exercise 9. Find key words and sentences in each paragraph of the text Summarize the main idea of the text. Write the abstracting on the text.

__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Exercise 10. Answer the following questions according to the information given in the text: 

1. What is the difference between OCR, ICR and Intelligent Recognition?

____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

2. Why isn’t OCR just enough? ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

3. Why is it so difficult to automatically recognize handwriting?  

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

UNIT 4. AN OVERVIEW OF COMPUTER SECURITY. ОБЗОР КОМПЬЮТЕРНОЙ БЕЗОПАСНОСТИ. 

TEXT 1. The Basic Components.

Pre-reading assignment  

Exercise 1. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart.

Exercise 2. Read and translate the text using a dictionary.

Computer security rests on confidentiality, integrity, and availability. The interpretations of these three aspects vary, as do the contexts in which they arise. The interpretation of an aspect in a given environment is dictated by the needs of the individuals, customs, and laws of the particular organization.

Confidentiality

Confidentiality is the concealment of information or resources. The need for keeping information secret arises from the use of computers in institutions with sensitive information such as government and industry. For example, military and civilian institutions in the government often restrict access to information to those who need that information. The first formal work in computer security was motivated by the military’s attempt to implement controls to enforce a “need to know” principle. This principle also applies to industrial firms, which keep their proprietary designs secure lest their competitors try to steal the designs. As a further example, all types of institutions keep some types of personnel records secret.

 Access control mechanisms support confidentiality. One access control mechanism for preserving confidentiality is cryptography, which transforms data to make it incomprehensible. A cryptographic key controls access to the untransformed data, but then the cryptographic key itself becomes another datum to be protected.

EXAMPLE: Enciphering an income tax return will prevent anyone without the key from reading the taxable income on the return. If the owner needs to see the return, it must be deciphered. Only the possessor of the cryptographic key can enter it into a deciphering program. However, if someone else can read the key when it is entered into the program and has access to the enciphered return, the confidentiality of the tax return has been compromised.

 Other system-dependent mechanisms can prevent information from being illicitly accessed. Data protected only by these controls can be read when the controls fail or are bypassed. Then the controls’ advantage is offset by a corresponding disadvantage. They can protect the secrecy of data more completely than cryptography, but if they fail or are evaded, the data becomes visible.

Confidentiality also applies to the existence of data, which is sometimes more revealing than the data itself. The precise number of people who distrust a politician may be less important than knowing that such a poll was taken by the politician’s staff. How a particular government agency harassed citizens in its country may be less important than knowing that such harassment occurred? Access control mechanisms sometimes conceal the mere existence of data, lest the existence itself reveal information that should be protected.

 Resource hiding is another important aspect of confidentiality. Organizations often wish to conceal their network configuration as well as what systems they are using; organizations may not wish others to know about specific equipment (because it could be used without authorization or in inappropriate ways); and a company renting time from a service provider may not want others to know what resources it is using. Access control mechanisms provide these capabilities as well.

All the mechanisms that enforce confidentiality require supporting services from the system. The assumption is that the security services can rely on the kernel, and other agents, to supply correct data. Thus, assumptions and trust underlie confidentiality mechanisms.

Integrity

Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change. Integrity includes data integrity (the content of the information) and origin integrity (the source of the data, often called authentication). The source of the information may bear on its accuracy and credibility and on the trust that people place in the information. This dichotomy illustrates the principle that the aspect of integrity known as credibility is central to the proper functioning of a system. We will return to this issue when discussing malicious logic.

EXAMPLE: A newspaper may print information obtained from a leak at the White House but attribute it to the wrong source. The information is printed as received (preserving data integrity), but its source is incorrect (corrupting origin integrity).

 Integrity mechanisms fall into two classes: prevention mechanisms and detection mechanisms.

Prevention mechanisms seek to maintain the integrity of the data by blocking any unauthorized attempts to change the data or any attempts to change the data in unauthorized ways. The distinction between these two types of attempts is important. The former occurs when a user tries to change data which she has no authority to change. The latter occurs when a user authorized to make certain changes in the data tries to change the data in other ways. For example, suppose an accounting system is on a computer. Someone breaks into the system and tries to modify the accounting data. Then an unauthorized user has tried to violate the integrity of the accounting database. But if an accountant hired by the firm to maintain its books tries to embezzle money by sending it overseas and hiding the transactions, a user (the accountant) has tried to change data (the accounting data) in unauthorized ways (by not entering the transfer of funds to a Swiss bank account). Adequate authentication and access controls will generally stop the break-in from the outside, but preventing the second type of attempt requires very different controls.

 Detection mechanisms do not try to prevent violations of integrity; they simply report that the data’s integrity is no longer trustworthy. Detection mechanisms may analyze system events (user or system actions) to detect problems or (more commonly) may analyze the data itself to see if required or expected constraints still hold. The mechanisms may report the actual cause of the integrity violation (a specific part of a file was altered), or they may simply report that the file is now corrupt.

Working with integrity is very different than working with confidentiality. With confidentiality, the data is either compromised or it is not, but integrity includes both the correctness and the trustworthiness of the data. The origin of the data (how and from whom it was obtained), how well the data was protected before it arrived at the current machine, and how well the data is protected on the current machine all affect the integrity of the data. Thus, evaluating integrity is often very difficult, because it relies on assumptions about the source of the data and about trust in that source—two underpinnings of security that are often overlooked.

 Availability

Availability refers to the ability to use information or resources. Availability is an important aspect of reliability as well as of system design because an unavailable system is at least as bad as no system at all. The aspect of availability that is relevant to security is that someone may deliberately arrange to deny access to data or to a service by making it unavailable or unusable. System designs usually assume a statistical model to analyze expected patterns of use, and mechanisms ensure availability when that statistical model holds. Someone may be able to manipulate use (or parameters that control use, such as network traffic) so that the assumptions of the statistical model are no longer valid. This means that the mechanisms for keeping the resource or data available are working in an environment for which they were not designed. As a result, they will often fail.

EXAMPLE: Suppose Anne has compromised a bank’s secondary system server, which supplies bank account balances. When anyone else asks that server for information, Anne can supply any information she desires. Merchants validate checks by contacting the bank’s primary balance server. If a merchant gets no response, the secondary server will be asked to supply the data. Anne’s colleague prevents merchants from contacting the primary balance server, so all merchant queries go to the secondary server. Anne will never have a check turned down, regardless of her actual account balance. Notice that if the bank had only one server (the primary one) and that server were unavailable, this scheme would not work. The merchant would be unable to validate the check.

Attempts to block availability, called denial of service (DoS) attacks, can be the most difficult to detect, because the analyst must determine if the unusual access patterns are attributable to deliberate manipulation of resources or of environment. Complicating this determination is the nature of statistical models. Even if the model accurately describes the environment, atypical events simply contribute to the nature of the statistics. A deliberate attempt to make a resource unavailable may look like, or be, an atypical event. In some environments, it may not even appear atypical.

Vocabulary Exercise 

Exercise 3. Find in the text English equivalents for the Russian words:

Text 2. Threats

Exercise 4. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart.

Exercise 5. Read and translate the text using a dictionary.

A threat is a potential violation of security. The violation need not actually occur for there to be a threat. The fact that the violation might occur means that those actions that could cause it to occur must be guarded against (or prepared for). Those actions are called attacks. Those who execute such actions, or cause them to be executed, are called attackers.

The three security services—confidentiality, integrity, and availability— counter threats to the security of a system. divides threats into four broad classes: disclosure, or unauthorized access to information; deception, or acceptance of false data; disruption, or interruption or prevention of correct operation; and usurpation, or unauthorized control of some part of a system. These four broad classes encompass many common threats. Because the threats are ubiquitous, an introductory discussion of each one will present issues that recur throughout the study of computer security.

Snooping or eavesdropping, the unauthorized interception of information, is a form of disclosure. It is passive, suggesting simply that some entity is listening to (or reading) communications or browsing through files or system information. Passive wiretapping, is a form of snooping in which a network is monitored. (It is called “wiretapping” because of the “wires” that compose the network, although the term is used even if no physical wiring is involved.)

Confidentiality services seek to counter this threat.

Modification or alteration, an unauthorized change of information, covers three classes of threats. The goal may be deception, in which some entity relies on the modified data to determine which action to take, or in which incorrect information is accepted as correct and is released. If the modified data controls the operation of the system, the threats of disruption and usurpation arise. Unlike snooping, modification is active; it results from an entity changing information. Active wiretapping is a form of modification in which data moving across a network is altered, new data injected, or parts of the data deleted; the term “active” distinguishes it from snooping (“passive” wiretapping). An example is the man-in-the-middle attack, in which an intruder reads messages from the sender and sends (possibly modified) versions to the recipient, in hopes that the recipient and sender will not realize the presence of the intermediary. Integrity services seek to counter this threat.

Masquerading or spoofing, an impersonation of one entity by another, is a form of both deception and usurpation. It lures a victim into believing that the entity with which it is communicating is a different entity. For example, if a user tries to log into a computer across the Internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. Similarly, if a user tries to read a web page, but an attacker has arranged for the user to be given a different page, another spoof has taken place. This may be a passive attack (in which the user simply accesses the web page), but it is usually an active attack (in which the attacker issues responses dynamically to mislead the user about the web page). Although masquerading is primarily deception, it is often used to usurp control of a system by an attacker impersonating an authorized manager or controller. Integrity services (called “authentication services” in this context) seek to counter this threat.

Some forms of masquerading may be allowed. Delegation occurs when one entity authorizes a second entity to perform functions on its behalf. The distinctions between delegation and masquerading are important. If Susan delegates to Thomas the authority to act on her behalf, she is giving permission for him to perform specific actions as though she were performing them herself. All parties are aware of the delegation. Thomas will not pretend to be Susan; rather, he will say, “I am Thomas and I have authority to do this on Susan’s behalf.” If asked, Susan will verify this. On the other hand, in a masquerade, Thomas will pretend to be Susan. No other parties (including Susan) will be aware of the masquerade, and Thomas will say, “I am Susan.” Should anyone discover that he or she is dealing with Thomas and ask Susan about it, she will deny that she authorized Thomas to act on her behalf. Even though masquerading is a violation of security, delegation is not.

Repudiation of origin, a false denial that an entity sent (or created) something, is a form of deception. For example, suppose a customer sends a letter to a vendor agreeing to pay a large amount of money for a product. The vendor ships the product and then demands payment. The customer denies having ordered the product and, according to a law in the customer’s state, is therefore entitled to keep the unsolicited shipment without payment. The customer has repudiated the origin of the letter. If the vendor cannot prove that the letter came from the customer, the attack succeeds. A variant of this is denial by a user that he created specific information or entities such as files. Integrity mechanisms try to cope with this threat.

Denial of receipt, a false denial that an entity received some information or message, is a form of deception. Suppose a customer orders an expensive product, but the vendor demands payment before shipment. The customer pays, and the vendor ships the product. The customer then asks the vendor when he will receive the product. If the customer has already received the product, the question constitutes a denial of receipt attack. The vendor can defend against this attack only by proving that the customer did, despite his denials, receive the product. Integrity and availability mechanisms attempt to guard against these attacks.

Delay, a temporary inhibition of a service, is a form of usurpation, although it can play a supporting role in deception. Typically, delivery of a message or service requires some time t; if an attacker can force the delivery to take more than time t, the attacker has successfully delayed delivery. This requires manipulation of system control structures, such as network components or server components, and hence is a form of usurpation. If an entity is waiting for an authorization message that is delayed, it may query a secondary server for the authorization. Even though the attacker may be unable to masquerade as the primary server, she might be able to masquerade as that secondary server and supply incorrect information. Availability mechanisms can often thwart this threat.

Denial of service, a long-term inhibition of service, is a form of usurpation, although it is often used with other mechanisms to deceive. The attacker prevents a server from providing a service. The denial may occur at the source (by preventing the server from obtaining the resources needed to perform its function), at the destination (by blocking the communications from the server), or along the intermediate path (by discarding messages from either the client or the server, or both). Denial of service poses the same threat as an infinite delay. Availability mechanisms seek to counter this threat.  

Denial of service or delay may result from direct attacks or from problems unrelated to security. From our point of view, the cause and result are important; the intention underlying them is not. If delay or denial of service compromises system security, or is part of a sequence of events leading to the compromise of a system, then we view it as an attempt to breach system security. But the attempt may not be deliberate; indeed, it may be a user error, or the product of environmental characteristics, rather than specific actions of an attacker.

Policy and Mechanism

Critical to our study of security is the distinction between policy and mechanism:

 A security policy is a statement of what is, and what is not, allowed.

A security mechanism is a method, tool, or procedure for enforcing a security policy.

Mechanisms can be non-technical, such as requiring proof of identity before changing a password; in fact, policies often require some procedural mechanisms that technology cannot enforce.

As an example, suppose a university’s computer science laboratory has a policy that prohibits any student from copying another student’s homework files. The computer system provides mechanisms for preventing others from reading a user’s files. Anna fails to use these mechanisms to protect her homework files, and Bill copies them. A breach of security has occurred, because Bill has violated the security policy. Anna’s failure to protect her files does not authorize Bill to copy them.

In this example, Anna could easily have protected her files. In other environments, such protection may not be easy. For example, the Internet provides only the most rudimentary security mechanisms, which are not adequate to protect information sent over that network. Nevertheless, acts such as the recording of passwords and other sensitive information violate an implicit security policy of most sites (specifically, that passwords are a user’s confidential property and cannot be recorded by anyone).

Policies may be presented mathematically, as a list of allowed (secure) and disallowed (non-secure) states. For our purposes, we will assume that any given policy provides an axiomatic description of secure states and non-secure states. In practice, policies are rarely so precise; they normally describe in English, or some other natural language, what users and staff are allowed to do. The ambiguity inherent in such a description leads to states that are not classified as “allowed” or “disallowed.” For example, consider the homework policy discussed previously. If someone looks through another user’s directory without copying homework files, is that a violation of security? The answer depends on site custom, rules, regulations, and laws, all of which are outside our focus and may change over time.

When two different sites communicate or cooperate, the entity they compose has a security policy based on the security policies of the two entities. If those policies are inconsistent, either or both sites must decide what the security policy for the combined site should be. The inconsistency often manifests itself as a security breach. For example, if proprietary documents were given to a university, the policy of confidentiality in the corporation would conflict with the more open policies of most universities. The university and the company must develop a mutual security policy that meets both their needs in order to produce a consistent policy. When the two sites communicate through an independent third party, such as an Internet service provider, the complexity of the situation grows rapidly.

Goals of Security

Given a security policy’s specification of “secure” and “non-secure” actions, security mechanisms can prevent the attack, detect the attack, or recover from the attack. The strategies may be used together or separately.

Prevention means that an attack will fail. For example, if one attempts to break into a host over the Internet and that host is not connected to the Internet, the attack has been prevented. Typically, prevention involves implementation of mechanisms that restrict users to specific actions and that are trusted to be implemented in a correct, unalterable way, so that an attacker cannot defeat the mechanism by changing it. Preventative mechanisms often are very cumbersome and interfere with system use to the point that they hinder normal use of the system. But some simple preventative mechanisms, such as passwords (which aim to prevent unauthorized users from accessing the system), have become widely accepted. Prevention mechanisms can prevent compromise of parts of the system; once in place, the resource protected by the mechanism need not be monitored for security problems, at least in theory.

Detection indicates the effectiveness of preventative measures, and is especially useful when an attack cannot be prevented. Detection mechanisms accept that an attack will occur; the goal is to determine that an attack is under way, or has occurred, and report it. The attack may be monitored, however, to provide data about its nature, severity, and results. Typical detection mechanisms monitor various aspects of the system, looking for actions or information indicating an attack. A good example of such a mechanism is one that gives a warning when a user enters an incorrect password three times. The login may continue, but an error message in a system log reports the unusually high number of mistyped passwords.

Detection mechanisms do not prevent compromise of parts of the system, which is a serious drawback. The resource protected by the detection mechanism is continuously or periodically monitored for security problems.

Recovery has two forms. The first is to stop an attack and to assess and repair any damage caused by that attack. As an example, if the attacker deletes a file, one recovery mechanism would be to restore the file from backup media. In practice, recovery is far more complex, because the nature of each attack is unique. Thus, the type and extent of any damage can be difficult to characterize completely. Moreover, the attacker may return, so recovery involves identification and fixing of the vulnerabilities used by the attacker to enter the system. In some cases, retaliation (by attacking the attacker’s system or taking legal steps to hold the attacker accountable) is part of recovery. In all these cases, the system’s functioning is inhibited by the attack. By definition, recovery requires resumption of correct operation.

In a second form of recovery, the system continues to function correctly while an attack is under way. This type of recovery is quite difficult to implement because of the complexity of computer systems. It draws on techniques of fault tolerance as well as techniques of security and is typically used in safety-critical systems. It differs from the first form of recovery, because at no point does the system function incorrectly. However, the system may disable nonessential functionality. Of course, this type of recovery is often implemented in a weaker form whereby the system detects incorrect functioning automatically and then corrects (or attempts to correct) the error.

Vocabulary and Grammar Exercise 

Exercise 6. Find in the text English equivalents for the Russian words:

Exercise 7. Classify each of the following as a violation of confidentiality, of integrity, of availability, or of some combination thereof. Click in the right column:

Exercise 8. Policy restricts the use of electronic mail on a particular system to faculty and staff. Students cannot send or receive electronic mail on that host. Classify the following mechanisms as secure (s), precise(p), or broad (b):

Exercise 9. Fill in each gap with the words from the given table:

Assumptions and Trust (Допущения и доверие)

How do we determine if a policy correctly describes the required level and type of security for the site? This question lies at the heart of all security, computer and otherwise. Security rests on assumptions specific to the type of security required and the (1) ___ in which it is to be employed.

EXAMPLE: A bank’s (2) ___ may state that officers of the bank are authorized (3) ___ money among accounts. If a bank officer puts $100,000 in his account, has the bank’s security been violated? Given the (4) ____ policy statement, no, because the officer was authorized to move the money. In the “real world,” that action would constitute (5) ____, something any bank would consider a security (6) ___.

The second (7) ___ says that the security policy can be enforced by security mechanisms. These mechanisms are either secure, precise, or broad. Let P be the set of all possible states. Let Q be the set of secure states (as specified by the security policy). Let the security mechanisms restrict the system to some set of states R (thus, R ⊆ P).

A security (8) ___ is secure if R ⊆ Q; it is precise if R = Q; and it is broad if there are states r such that r ∈ R and r ∉ Q.  Ideally, the union of all security mechanisms active on a system would produce a single precise mechanism (that is, R = Q). In practice, security mechanisms are broad; they allow the system to enter non-secure states. Trusting that mechanisms work requires several assumptions:

• Each mechanism is designed to implement one or more parts of the security policy.

• The union of the mechanisms implements all aspects of the security policy.

• The mechanisms are (9) ___.

• The mechanisms are implemented, installed, and administered correctly.

Exercise 10. Make the parts of the text in right order:

People Problems

Exercise 11. Put each prepositional phrase (a – h) in its correct space in the sentences (1 – 8):

1. All our sports activities are organized __________ a fully qualified instructor.

2. __________ rain, the party will be held in the conservatory.

3. ___________ your instructions, we have rearranged the meeting for later        in the schedule.

4. ____________ language skills, a resort representative must have good interpersonal (межличностные) skills.

5. ___________ the current economic situation, we can expect fewer visitors this year.

6. The hotel has had some bad reviews but _________ sales, it has been very popular.

7.  We are _________ negotiating a new contract with our tour operator.

8.  I enclose a cheque _________ our accommodation.

Task for Revision

Exercise 12. Find key words and sentences in each paragraph of the text 1 and text 2. Summarize the main idea of the text. Write the abstracting on the text.

Text 1

__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Text 2

__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Exercise 13. The aphorism “security through obscurity” suggests that hiding information provides some level of security. Give an example of a situation in which hiding information does not add appreciably to the security of a system. Then give an example of a situation in which it does.

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

Exercise 14. Use the Hacker’s Dictionary at http://www.outpost9.com/reference/jargon/jargon_toc.html. Give definitions of the given Hacker terms:

Hacker terms:

UNIT 5. INTRODUCTION TO COMPUTER SECURITY. ВВЕДЕНИЕ В КОМПЬЮТЕРНУЮ БЕЗОПАСНОСТЬ. 

TEXT 1. Identifying Types of Threats.

Pre-reading assignment  

Exercise 1. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart.

Exercise 2. Read and translate the text using a dictionary.

Identifying your threats is a key part of risk assessment. Some threats are common to all networks; others are more likely with specific types of networks. Various sources have divided threats into different categories based on specific criteria. Most attacks can be categorized as one of seven broad classes:

 Malware: This is a generic term for software that has a malicious purpose. It includes virus attacks, worms, adware, Trojan horses, and spyware. This is the most prevalent danger to your system.

 Security breaches: This group of attacks includes any attempt to gain unauthorized access to your system. This includes cracking passwords, elevating privileges, breaking into a server…all the things you probably associate with the term hacking.

 DoS attacks: These are designed to prevent legitimate access to your system. And this includes distributed denial of service (DDoS).

Web attacks: This is any attack that attempts to breach your website. Two of the most common such attacks are SQL injection and cross-site scripting.

Session hijacking: These attacks are rather advanced and involve an attacker attempting to take over a session.

Insider threats: These are breaches based on someone who has access to your network misusing his access to steal data or compromise security.

DNS poisoning: This type of attack seeks to compromise a DNS server so that users can be redirected to malicious websites, including phishing websites. There are other attacks, such as social engineering. The forgoing list is just an attempt to provide a broad categorization of attack types. This section offers a broad description of each type of attack.

Malware

Malware is a generic term for software that has a malicious purpose. Trojan horses and viruses are the most widely encountered. One could also include rootkits, but these usually spread as viruses and are regarded as simply a specific type of virus.

According to Symantec (makers of Norton antivirus and other software products), a virus is “a small program that replicates and hides itself inside other programs, usually without your knowledge” (Symantec, 2003). While this definition is a bit old, it still applies. The key characteristic of a computer virus is that it self-replicates. A computer virus is similar to a biological virus; both are designed to replicate and spread. The most common method for spreading a virus is using the victim’s email account to spread the virus to everyone in his address book. Some viruses don’t actually harm the system itself, but all of them cause network slowdowns due to the heavy network traffic caused by the virus replication.

The Trojan horse gets its name from an ancient tale. The city of Troy was besieged for an extended period of time. The attackers could not gain entrance, so they constructed a huge wooden horse and one night left it in front of the gates of Troy. The next morning the residents of Troy saw the horse and assumed it to be a gift, so they rolled the wooden horse into the city. Unbeknownst to them, several soldiers where hidden inside the horse. That evening the soldiers left the horse, opened the city gates, and let their fellow attackers into the city. An electronic Trojan horse works the same way, appearing to be benign software but secretly downloading a virus or some other type of malware onto your computer from within.

Another category of malware currently on the rise is spyware. Spyware is simply software that literally spies on what you do on your computer. Spyware can be as simple as a cookie—a text file that your browser creates and stores on your hard drive—that a website you have visited downloads to your machine and uses to recognize you when you return to the site. However, that flat file can then be read by the website or by other websites. Any data that the file saves can be retrieved by any website, so your entire Internet browsing history can be tracked. Spyware may also consist of software that takes periodic screenshots of the activity on your computer and sends those to the attacker.

Another form of spyware, called a key logger, records all of your keystrokes. Some key loggers also take periodic screenshots of your computer. Data is then either stored for later retrieval by the person who installed the key logger or is sent immediately back via email. We will discuss specific types of key loggers later in this book.

 A logic bomb is software that lays dormant until some specific condition is met. That condition is usually a date and time. When the condition is met, the software does some malicious act such as delete files, alter system configuration, or perhaps release a virus.

Compromising System Security

This activity is what is commonly referred to as hacking, though that is not the term hackers themselves use. Any attack that is designed to breach your security, either via some operating system flaw or any other means, can be classified as cracking.

Essentially any technique to bypass security, crack passwords, breach Wi-Fi, or in any way actually gain access to the target network fits into this category. That makes this a very broad category indeed.

 However, not all breaches involve technical exploits. In fact, some of the most successful breaches are entirely nontechnical. Social engineering is a technique for breaching a system’s security by exploiting human nature rather than technology. This was the path that the famous hacker Kevin Mitnick most often used. Social engineering uses standard con techniques to get users to give up the information needed to gain access to a target system. The way this method works is rather simple: The perpetrator gets preliminary information about a target organization and leverages it to obtain additional information from the system’s users.

Following is an example of social engineering in action. Armed with the name of a system administrator, you might call someone in the business’s accounting department and claim to be one of the company’s technical support personnel. Mentioning the system administrator’s name would help validate that claim, allowing you to ask questions in an attempt to ascertain more details about the system’s specifications. A savvy intruder might even get the accounting person to say a username and password. As you can see, this method is based on how well the prospective intruder can manipulate people and actually has little to do with computer skills.

 The growing popularity of wireless networks gave rise to new kinds of attacks. One such activity is war-driving. This type of attack is an offshoot of war-dialing. With war-dialing, a hacker sets up a computer to call phone numbers in sequence until another computer answers to try to gain entry to its system. War-driving is much the same concept, applied to locating vulnerable wireless networks. In this scenario, the hacker simply drives around trying to locate wireless networks. Many people forget that their wireless network signal often extends as much as 100 feet (thus, past walls). At the 2004 DefCon convention for hackers, there was a war-driving contest where contestants drove around the city trying to locate as many vulnerable wireless networks as they could (BlackBeetle, 2004). These sorts of contests are now common at various hacking conventions.

 Recent technological innovations have introduced new variations of war driving/dialing. Now we have war flying. The attacker uses a small private drone equipped with Wi-Fi sniffing and cracking software, flies the drone in the area of interest, and attempts to gain access to wireless networks.

 Of course, Wi-Fi hacking is only one sort of breach. Password cracking tools are now commonly available on the Internet. There are also exploits of software vulnerabilities that allow one to gain access to the target computer.

 DoS Attacks

 In a DoS, the attacker does not actually access the system. Rather, this person simply blocks access from legitimate users (CERT, 2003). One common way to prevent legitimate service is to flood the targeted system with so many false connection requests that the system cannot respond to legitimate requests. DoS is a very common attack because it is so easy.

 In recent years there has been a proliferation of DoS tools available on the Internet. One of the most common such tools is the Low Orbit Ion Cannon (LOIC). Because these tools can be downloaded for free from the Internet, anyone can execute a DoS attack, even without technical skill. We also have variations, such as the DDoS attack. This uses multiple machines to attack the target. Given that many modern websites are hosted in network clusters or even in clouds, it is very difficult for a single attacking machine to generate enough traffic to take down a web server. But a network of hundreds or even thousands of computers certainly can.

Web Attacks

By their nature, web servers have to allow communications. Oftentimes, websites allow users to interact with the website. Any part of a website that allows for user interaction is also a potential point for attempting a web-based attack. SQL injections involve entering SQL (Structured Query Language) commands into login forms (username and password text fields) in an attempt to trick the server into executing those commands. The most common purpose is to force the server to log the attacker on, even though the attacker does not have a legitimate username and password. While SQL injection is just one type of web attack, it is the most common.

SQL Injection

SQL injection is still quite common, though it has been known for many years. Unfortunately, not enough web developers take the appropriate steps to remediate the vulnerabilities that make this attack possible. Given the prevalence of this attack, it warrants a bit more detailed description.

 Consider one of the simplest forms of SQL injection, used to bypass login screens. The website was developed in some web programming language, such as PHP or ASP.NET. The database is most likely a basic relational database such as Oracle, SQL Server, MySQL, or PostGres. SQL is used to communicate with the database, so we need to put SQL statements into the web page that was written into some programming language. That will allow us to query the database and see if the username and password are valid.

 SQL is relatively easy to understand; in fact, it looks a lot like English. There are commands like SELECT to get data, INSERT to put data in, and UPDATE to change data. In order to log in to a website, the web page has to query a database table to see if that username and password are correct. The tragedy of this attack is that it is so easy to prevent. If the web programmer would simply filter all input prior to processing it, then this type of SQL injection would be impossible. That means that before any user input is processed, the web page programming code looks through that code for common SQL injection symbols, scripting symbols, and similar items. It is true that each year fewer and fewer websites are susceptible to this. However, while writing this chapter there was a report that the Joomla Content Management System, used by many web developers, was susceptible to SQL injection.

Cross-Site Scripting

This attack is closely related to SQL injection. It involves entering data other than what was intended, and it depends on the web programmer not filtering input. The perpetrator finds some area of a website that allows users to type in text that other users will see and then instead injects client-side script into those fields.

Session Hijacking

Session hijacking can be rather complex to perform. For that reason, it is not a very common form of attack. Simply put, the attacker monitors an authenticated session between the client machine and the server and takes that session over.

A 1985 paper written by Robert T. Morris titled “A Weakness in the 4.2BSD Unix TCP/IP Software” defined the original session hijacking.

 By predicting the initial sequence number, Morris was able to spoof the identity of a trusted client to a server. This is much harder to do today.

 In addition to flags (syn, ack, syn-ack), the packet header will contain the sequence number that is intended to be used by the client to reconstitute the data sent over the stream in the correct order.

The Morris attack and several other session hijacking attacks require the attacker to be connected to the network and to simultaneously knock the legitimate user offline and then pretend to be that user. As you can probably imagine, it is a complex attack.

Insider Threats

Insider threats are a type of security breach. However, they present such a significant issue that we will deal with them separately. An insider threat is simply when someone inside your organization either misuses his access to data or accesses data he is not authorized to access. The most obvious case is that of Edward Snowden. In 2009 Edward Snowden was working as a contractor for Dell, which manages computer systems for several U.S. government agencies. In March 2012 he was assigned to an NSA location in Hawaii.

While there he convinced several people at that location to provide him with their login and password, under the pretense of performing network administrative duties. Some sources dispute whether or not this is the specific method he used, but it is the one most widely reported. Whatever method he used, he accessed and downloaded thousands of documents that he was not authorized to access.

Again, ignoring the political issues and the content of the documents, our focus is on the security issues. Clearly there were inadequate security controls in place to detect Edward Snowden’s activities and to prevent him from disclosing confidential documents. While your organization may not have the high profile that the NSA has, any organization is susceptible to insider threats. Theft of trade secrets by insiders is a common business concern and has been the focus of many lawsuits against former employees. While Edward Snowden is an obvious example of insider threats, that is only one example. A common scenario is when someone who has legitimate access to some particular source of data chooses either to access data he is not authorized to access or to use the data in a manner other than how he has been authorized. Here are a few examples:

 A hospital employee who accesses patient records to use the data to steal a patient’s identity, or someone with no access at all who accesses records.

 A salesperson who takes the list of contacts with him before leaving the company.

 This is actually a much greater problem than many people appreciate. Within an organization, information security is often laxer than it should be. Most people are more concerned with external security than internal security, so it is often rather easy to access data within an organization. The most common method is to simply log in with someone else’s password. That enables the perpetrator to access whatever resources and data to which that other person has been granted access. Unfortunately, many people use weak passwords or, worse, they write their password somewhere on their desk. Some users even share passwords. For example, suppose a sales manager is out sick but wants to check to see if a client has emailed her. So she calls her assistant and gives him her login so he can check her email. This sort of behavior should be strictly prohibited by company security policies, but it still occurs. The problem is that now two people have the sales manager’s login. Either one could use it or reveal it to someone else (accidentally or on purpose). So there is a greater chance of someone using that manager’s login to access data he has not been authorized to access.

DNS Poisoning

Most of your communication on the Internet will involve DNS, or Domain Name Service. DNS is what translates the domain names you and I understand (like www.ChuckEasttom.com) into IP addresses that computers and routers understand. DNS poisoning uses one of several techniques to compromise that process and redirect traffic to an illicit site, often for the purpose of stealing personal information.

Here is one scenario whereby an attacker might execute a DNS poisoning attack:

First the attacker creates a phishing website. It spoofs a bank that we will call ABC Bank. The attacker wants to lure users there so he can steal their passwords and use those on the real bank website. Since many users are too smart to click on links, he will use DNS poisoning to trick them.

The attacker creates his own DNS server. (Actually, this part is relatively easy.) Then he puts two records in that DNS server. The first is for the ABC Bank website, pointing to his fake site rather than the real bank site. The second entry is for a domain that does not exist. The attacker can search domain registries until he finds one that does not exist. For illustration purposes, we will refer to this as XYZ domain.

Then the attacker sends a request to a DNS server on the target network. That request purports to be from any IP address within the target network and is requesting the DNS server resolve the XYZ domain.

 Obviously the DNS server does not have an entry for the XYZ domain since it does not exist. So it begins to propagate the request up its chain of command eventually to its service provider DNS server. At any point in that process the attacker sends a flood of spoofed responses claiming to be from a DNS server that the target server is trying to request records from but are actually coming from his DNS server and offering the IP address for XYZ domain. At that point the hacker’s DNS server offers to do a zone transfer, exchanging all information with the target server. That information includes the spoofed address for ABC Bank. Now the target DNS server has an entry for ABC Bank that points to the hacker’s website rather than the real ABC Bank website. Should users on that network type in the URL for ABC Bank, their own DNS server will direct them to the hacker’s site.

This attack, like so many, depends on vulnerabilities in the target system. A properly configured DNS server should never perform a zone transfer with any DNS server that is not already authenticated in the domain. However, the unfortunate fact is that there are plenty of DNS servers that are not properly configured.

New Attacks

Many of the threats discussed in the first two editions of this book are still plaguing network security. Malware, DoS, and other such attacks are just as common today as they were 5 years ago or even 10 years ago.

One new phenomenon is doxing, which is the process of finding personal information about an individual and broadcasting it, often via the Internet. This can be any personal information about any person. However, it is most often used against public figures. While writing this book, the director of the CIA was the target of doxing.

 Hacking of medical devices is also a new attack. Hacker Barnaby Jack first revealed a vulnerability in an insulin pump that could allow an attacker to take control of the pump and cause it to dispense the entire reservoir of insulin in a single does, thus killing the patient. To date there are no confirmed incidents of this having actually been done, but it is disturbing nonetheless. Similar security flaws have been found in pacemakers.

In July 2015 it was revealed that Jeep vehicles could be hacked and shut down during normal operation. 6 This means that a hacker could cause the Jeep to stop in the middle of heavy, high-speed traffic. This has the potential to cause a serious automobile accident.

All of these attacks show a common theme. As our lives become more interconnected with technology, there are new vulnerabilities. Some of these vulnerabilities are not merely endangering data and computer systems, but potentially endangering lives.

Vocabulary and Grammar Exercise 

Exercise 3. Find in the text English equivalents for the Russian words:

TEXT 2. Basic Security Terminology

Pre-reading assignment  

Exercise 4. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart.

Exercise 5. Read and translate the text using a dictionary.

The world of computer security takes its vocabulary from both the professional security community and the hacker community.

Hacker Slang

You probably have heard the term hacker used in movies and in news broadcasts. Most people use it to describe any person who breaks into a computer system. In the hacking community, however, a hacker is an expert on a particular system or systems, a person who simply wants to learn more about the system. Hackers feel that looking at a system’s flaws is the best way to learn about that system. For example, someone well versed in the Linux operating system who works to understand that system by learning its weaknesses and flaws would be a hacker.

This process does often mean seeing if a flaw can be exploited to gain access to a system. This “exploiting” part of the process is where hackers differentiate themselves into three groups:

A white hat hacker, upon finding some flaw in a system, will report the flaw to the vendor of that system. For example, if a white hat hacker were to discover some flaw in Red Hat Linux, he would then email the Red Hat company (probably anonymously) and explain exactly what the flaw is and how it was exploited. White hat hackers are often hired specifically by companies to do penetration tests. The EC Council even has a certification test for white hat hackers: the Certified Ethical Hacker test.

A black hat hacker is the person normally depicted in the media. Once she gains access to a system, her goal is to cause some type of harm. She might steal data, erase files, or deface websites. Black hat hackers are sometimes referred to as crackers.

A gray hat hacker is normally a law-abiding citizen, but in some cases will venture into illegal activities.

 Regardless of how hackers view themselves, intruding on any system is illegal. This means that technically speaking all hackers, regardless of the color of the metaphorical hat they may wear, are in violation of the law. However, many people feel that white hat hackers actually perform a service by finding flaws and informing vendors before those flaws are exploited by less ethically inclined individuals.

Script Kiddies

A hacker is an expert in a given system. As with any profession, it includes its share of frauds. So what is the term for someone who calls himself a hacker but lacks the expertise? The most common term for this sort of person is script kiddy (Raymond, 1993). Yes, that is an older resource, but the term still means the same thing. The name comes from the fact that the Internet is full of utilities and scripts that one can download to perform some hacking tasks. Many of these tools have an easy-to-use graphical user interface that allows someone with very little if any skill to operate the tool. A classic example is the Low Earth Orbit Ion Cannon tool for executing a DoS attack. Someone who downloads such a tool without really understanding the target system is considered a script kiddy. A significant number of the people you are likely to encounter who call themselves hackers are, in reality, mere script kiddies.

Ethical Hacking: Penetration Testers

When and why would someone give permission to another party to hack his system? The most common answer is in order to assess system vulnerabilities. This used to be called a sneaker, but now the term penetration tester is far more widely used. Whatever the term, the person legally breaks into a system in order to assess security deficiencies, such as portrayed in the 1992 film Sneakers, starring Robert Redford, Dan Aykroyd, and Sidney Poitier. More and more companies are soliciting the services of such individuals or firms to assess their vulnerabilities.

Anyone hired to assess the vulnerabilities of a system should be both technically proficient and ethical. Run a criminal background check, and avoid those people with problem pasts. There are plenty of legitimate security professionals available who know and understand hacker skills but have never committed security crimes. If you take the argument that hiring convicted hackers means hiring talented people to its logical conclusion, you could surmise that obviously those in question are not as good at hacking as they would like to think because they were caught.

Most importantly, giving a person with a criminal background access to your systems is on par with hiring a person with multiple DWI convictions to be your driver. In both cases, you are inviting problems and perhaps assuming significant civil liabilities. Also, some review of their qualifications is clearly in order. Just as there are people who claim to be highly skilled hackers yet are not, there are those who will claim to be skilled penetration testers yet lack the skills truly needed. You would not want to inadvertently hire a script kiddy who thinks she is a penetration tester. Such a person might then pronounce your system quite sound when, in fact, it was simply a lack of skills that prevented the script kiddy from successfully breaching your security.

Phreaking

 One specialty type of hacking involves breaking into telephone systems. This subspecialty of hacking is referred to as phreaking. The New Hacker’s Dictionary actually defines phreaking as “the action of using mischievous and mostly illegal ways in order to not pay for some sort of telecommunications bill, order, transfer, or other service” (Raymond, 2003). Phreaking requires a rather significant knowledge of telecommunications, and many phreakers have some professional experience working for a phone company or other telecommunications business. Often this type of activity is dependent upon specific technology required to compromise phone systems more than simply knowing certain techniques.

Professional Terms

Most hacker terminology, as you may have noticed, is concerned with the activity (phreaking) or the person performing the activity (penetration tester). In contrast, security professional terminology describes defensive barrier devices, procedures, and policies. This is quite logical because hacking is an offensive activity centered on attackers and attack methodologies, whereas security is a defensive activity concerning itself with defensive barriers and procedures.

Security Devices

The most basic security device is the firewall. A firewall is a barrier between a network and the outside world. Sometimes a firewall takes the form of a standalone server, sometimes a router, and sometimes software running on a machine. Whatever its physical form, a firewall filters traffic entering and exiting the network. A proxy server is often used with a firewall to hide the internal network’s IP address and present a single IP address (its own) to the outside world.

Firewalls and proxy servers guard the perimeter by analyzing traffic (at least inbound and in many cases outbound as well) and blocking traffic that has been disallowed by the administrator. These two safeguards are often augmented by an intrusion detection system (IDS). An IDS simply monitors traffic, looking for suspicious activity that might indicate an attempted intrusion.

Security Activities

In addition to devices, we have activities. Authentication is the most basic security activity. It is merely the process of determining if the credentials given by a user or another system (such as a username and password) are authorized to access the network resource in question. When you log in with your username and password, the system will attempt to authenticate that username and password. If it is authenticated, you will be granted access. Another crucial safeguard is auditing, which is the process of reviewing logs, records, and procedures to determine if these items meet standards.

Vocabulary and Grammar Exercise 

Exercise 6. Find in the text English equivalents for the Russian words:

Exercise 7. Choose the right answer to the given questions:

Exercise 8. Make the word combinations matching words (1 – 8) with the words (a – h):

Exercise 9. Fill in each gap with the words from the given table:

Security Activities

In addition to devices, we have activities. (1) ___ is the most basic security activity. It is merely the process of determining if the credentials given by a user or another system (such as a username and password) are authorized (2) ___ the network resource in question. When you (3) ___in with your username and password, the system will attempt to authenticate that username and password. If it is authenticated, you will be (4) ___ access.

Another crucial safeguard is (5) _____, which is the process of reviewing logs, records, and procedures to determine if these items meet standards.

The security and (6) ____ terms that we have just covered are only an introduction to computer security terminology, but they provide an excellent starting point that will help you prepare for learning more about computer security.

Exercise 10. Put the verbs in brackets in the correct form, Active or Passive Voice:

1. The curves (show) in figure 4. - ___________________________________________

2. Our analysis (suggest) the spheres of practical application of our technique. - ______________________________________________________________________

3. Our ongoing work (focus) on the use of other biometric measurements. - ________________________________________________________________________

4. W.F.Friedman’s monograph «The Index of Coincidence and its Application in Cryptography» (appear) in 1918. -______________________________________________

5. These systems (share) an unmatched reputation for operating 24 hours a day, 365 a year, nonstop. -_______________________________________________________________

6. Back in the 90-s, Anti-virus researchers first (fight back) by creating special detection routines designed to catch each polymorphic virus, one by one. -_________________________________________________________________________

7.  By hand, line by line, they (write) special programs. -_____________________________________________________________________________

8. US Army and Navy (work) entirely in secret, when their specialists (begin) making fundamental advances in cryptography. ________________________________________________________________________

Task for Revision

Exercise 11. Find key words and sentences in each paragraph of the text 1 and text 2. Summarize the main idea of the text. Write the abstracting on the text.

Text 1

__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Text 2

__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Exercise 12.  Using some website resource, such as www.f-secure.com, look up recent computer virus outbreaks. Write down how many outbreaks there have been in the past 30 days, 90 days, and 1 year. 4. Are virus attacks increasing in frequency?

_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ 

Exercise 12.  Case Study. Decide the given case.

In this case study we will consider a network administrator for a small, family-oriented video store. The store is not part of a chain of stores and has a very limited security budget. It has five machines for employees to use to check out movies and one server on which to keep centralized records. That server is in the manager’s office. The administrator takes the following security precautions:

1. Each machine is upgraded to Windows 7, with the personal firewall turned on.

2. Antivirus software was installed on all machines.

3. A tape backup is added to the server, and tapes are kept in a file cabinet in the manager’s

office.

4. Internet access to employee machines is removed.

Now consider these questions:

1. What did these actions accomplish?

___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

2. What additional actions might you recommend?

_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

UNIT 6. METHODS OF CRYPTOGRAPHY. МЕТОДЫ КРИПТОГРАФИИ

TEXT 1. Cryptographic Algorithms and Protocols.

Pre-reading assignment  

Exercise 1. Study the meanings of the key-word son the theme in Appendix 1and learn them by heart.

Exercise 2. Read and translate the text using a dictionary.

Cryptography is the science of devising methods that allow information to be sent in a secure form in such a way that the only person able to retrieve this information is the intended recipient.

The basic principle is this: a message being sent is known as plaintext. The message is then coded using a cryptographic algorithm. This process is called encryption.  An encrypted message is known as ciphertext, and is turned back into plaintext by the process of decryption.

It must be assumed that any eavesdropper has access to all communications between the sender and the recipient. A method of encryption is only secure if even with this complete access, the eavesdropper is still unable to recover the original plaintext from the ciphertext.

In the last few decades cryptographic algorithms, being mathematical by nature, have become sufficiently advanced that they can only be handled by computers. This in effect means that plaintext is binary in form, and can therefore be anything; a picture, a voice, an e-mail or even a video - it makes no difference, a string of binary can represent any of these.

Where possible, use cryptographic techniques to authenticate information and keep the information private (but don't assume that simple encryption automatically authenticates as well). Generally you'll need to use a suite of available tools to secure your application.

Cryptographic protocols and algorithms are difficult to get right, so do not create your own. Instead, where you can, use protocols and algorithms that are widely-used, heavily analyzed, and accepted as secure. When you must create anything, give the approach wide public review and make sure that professional security analysts examine it for problems. In particular, do not create your own encryption algorithms unless you are an expert in cryptology, know what you're doing, and plan to spend years in professional review of the algorithm.

In general, avoid all patented algorithms - in most cases there's an unpatented approach that is at least as good or better technically, and by doing so you avoid a large number of legal problems.

Often, your software should provide a way to reject ``too small'' keys, and let the user set what ``too small'' is. For RSA keys, 512 bits is too small for use. There is increasing evidence that 1024 bits for RSA keys is not enough either; Bernstein has suggested techniques that simplify brute-forcing RSA, and other work based on it (such as Shamir and Tromer's "Factoring Large Numbers with the TWIRL device") now suggests that 1024 bit keys can be broken in a year by a $10 Million device. You may want to make 2048 bits the minimum for RSA if you really want a secure system, and you should certainly do so if you plan to use those keys after 2015.

When you need a security protocol, try to use standard-conforming protocols such as IPSec, SSL (soon to be TLS), SSH, S/MIME, OpenPGP/GnuPG/PGP, and Kerberos. Each has advantages and disadvantages; many of them overlap somewhat in functionality, but each tends to be used in different areas:

• Internet Protocol Security (IPSec). IPSec provides encryption and/or authentication at the IP packet level. However, IPSec is often used in a way that only guarantees authenticity of two communicating hosts, not of the users. As a practical matter, IPSec usually requires low-level support from the operating system (which not all implement) and an additional keyring server that must be configured. Since IPSec can be used as a "tunnel" to secure packets belonging to multiple users and multiple hosts, it is especially useful for building a Virtual Private Network (VPN) and connecting a remote machine. As of this time, it is much less often used to secure communication from individual clients to servers. Note that if you use IPSec, don't use the encryption mode without the authentication, because the authentication also acts as integrity protection.
• Secure Socket Layer (SSL) / TLS. SSL/TLS works over TCP and tunnels other protocols using TCP, adding encryption, authentication of the server, and optional authentication of the client (but authenticating clients using SSL/TLS requires that clients have configured X.509 client certificates, something rarely done). SSL version 3 is widely used; TLS is a later adjustment to SSL that strengthens its security and improves its flexibility. SSL/TLS is the primary method for protecting http (web) transactions. A widely used OSS/FS implementation of SSL (as well as other capabilities) is OpenSSL.
• OpenPGP and S/MIME. There are two competing, essentially incompatible standards for securing email: OpenPGP and S/MIME. OpenPHP is based on the PGP application; an OSS/FS implementation is GNU Privacy Guard from http://www.gnupg.org/. Currently, their certificates are often not interchangeable.
• SSH. SSH is the primary method of securing ``remote terminals'' over an internet, and it also includes methods for tunelling X Windows sessions. However, it's been extended to support single sign-on and general secure tunelling for TCP streams, so it's often used for securing other data streams too (such as CVS accesses). The most popular implementation of SSH is OpenSSH http://www.openssh.com/, which is OSS/FS. Typical uses of SSH allows the client to authenticate that the server is truly the server, and then the user enters a password to authenticate the user (the password is encrypted and sent to the other system for verification). Current versions of SSH can store private keys, allowing users to not enter the password each time. To prevent man-in-the-middle attacks, SSH records keying information about servers it talks to; that means that typical use of SSH is vulnerable to a man-in-the-middle attack during the very first connection, but it can detect problems afterwards. In contrast, SSL generally uses a certificate authority, which eliminates the first connection problem but requires special setup (and payment!) to the certificate authority.
• Kerberos. Kerberos is a protocol for single sign-on and authenticating users against a central authentication and key distribution server. Kerberos works by giving authenticated users "tickets", granting them access to various services on the network. When clients then contact servers, the servers can verify the tickets. Kerberos is a primary method for securing and supporting authentication on a LAN, and for establishing shared secrets (thus, it needs to be used with other algorithms for the actual protection of communication). Note that to use Kerberos, both the client and server have to include code to use it.  

Many of these protocols allow you to select a number of different algorithms, so you'll still need to pick reasonable defaults for algorithms (e.g., for encryption).

Vocabulary and Grammar Exercise 

Exercise 3. Find in the text English equivalents for the Russian words:

Exercise 4. Match the following words (1 -6) with their synonyms (a – f):

Exercise 5. Match the following words (1 -8) with their Russian equivalents: (a – h):

Exercise 6. Which of the following statements are True (T) or False (F):

Exercise 7. Make the word combinations matching words (1 – 8) with the words (a – h):

Exercise 8. Fill in each gap with the words from the given table:

For symmetric-key encryption (e.g., for bulk encryption), don't use (1) ___ less than 90 bits if you want the information to stay secret through 2016 (add another bit for every additional 18 months of security). For encrypting worthless data, the old DES (Data Encryption Standard) algorithm has some value, but with modern (2) ___ it's too easy to break DES's 56-bit key using (3) ____. If you're using DES, don't just use the ASCII (American Standard Code for Information Interchange) text key as the key - parity is in the least (not most) significant bit, so most DES algorithms will (4) ___. using a key value well-known to adversaries; instead, create a hash of the key and set the parity bits correctly (and pay attention to error reports from your encryption routine). So-called ``exportable'' encryption algorithms only have effective key lengths of 40 bits, and are essentially worthless; in 1996 an attacker could spend $10,000 (5) ___ such keys in twelve minutes or use idle computer time to break them in a few days, with the time-to-break halving every 18 months in either case.

Exercise 9. Translate into Russian the following paragraph:

Serpent is an AES (Advanced Encryption Standard) submission by Ross Anderson, Eli Biham, and Lars Knudsen. Its authors combined the design principles of DES (The Data Encryption Standard) with the recent development of bit slicing techniques to create a very secure and very fast algorithm. While bit slicing is generally used to encrypt multiple blocks in parallel, the designers of Serpent have embraced the technique of bit slicing and incorporated it into the design of the algorithm itself. Serpent uses 128 bit blocks and 256 bit keys. Like DES, Serpent includes an initial and final permutation of no cryptographic significance; these permutations are used to optimize the data before encryption. Serpent was released at the 5th International Workshop on Fast Software Encryption. Serpent 1 resists both linear and differential attacks.

___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

Exercise 10. Put the verbs in the brackets into a suitable form:

1. Don’t phone between 8.00 and 14.00. We (make) a presentation.
2. By the time he (arrive) at the office the work already (start).
3. According to the timetable the bus (arrive) at 8.
4. Chris (come) an hour later.  
5. We (meet) at the airport tomorrow.
6. Our consumers (hope) the results of the risk assessment (obtain) soon.
7. C.E. Shannon (develop) a method for symbolic analysis of switching systems and networks in the late 1930-s.
8. He (work) at Bell laboratories when he (publish) a paper on information theory.
9. He and his IBM colleagues (contribute) to the early research in this field. Rochester (take part) in the MIT artificial Intelligence Project.
10. When we (come), the professor (deliver) the lecture.