Has risk management reached a new level of importance in the information age? Why?
What are the two purposes of risk management?
What does the risk assessment process examine?
What does the risk assessment process include?
Task 19. Translate the following sentences, paying attention to the functions of It, One, That:
1. There is a well-known quote that says, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards—and even then I have my doubts”.
2. One very common example of an identification and authentication transaction can be found in the use of payment cards that require a personal identification number (PIN).
3. Some of the identification and authentication methods that we use in daily life are particularly fragile and depend largely on the honesty and diligence of those involved in the transaction.
4. The widespread use of static passwords in authentication constitutes a serious vulnerability, one that attackers and malicious code often exploit to install rootkits in systems.
5. I have always hesitated to give advice, for how can one advise another how to act unless one knows that other as well as one knows oneself?
6. One of the most crucial factors to realize when we are working with identification is that an unsubstantiated claim of identity is not reliable information on its own.
7. Although this is a weak method of verification, it is a commonly used one, identity cards
8. One of the chief weaknesses of symmetric key cryptography lies in the use of one key.
9. Cryptography has existed, in one form or another, for most of recorded history.
10. A threat is something that has the potential to cause us harm.
11. Vulnerabilities are weaknesses that can be used to harm us.
12. One of the large drawbacks to this method is that many signature-based systems rely solely on their signature database in order to detect attacks.
UNIT 2
Task 1.Read and translate the text using Essential Vocabulary:
Text 2A. Rootkits: The Ultimate Malware Threat
Essential Vocabulary
accomplish v – выполнять, совершать
comprise v – включать, содержать
crude adj – грубый
evidence n – признак, свидетельство, доказательство
forefront n – передний план, важнейшее место
malware n – вредоносное ПО
proficient adj – умелый, искусный
|
|
|
subvert v – разрушать, подрывать
superficially adv - внешне
threat n – опасность, угроза
ultimate adj – основной
vulnerability n – уязвимость
Information security professionals are constantly concerned about a wide variety of security-related threats. Some of these threats pose considerably higher levels of risk than others and thus require more resources to counter. Furthermore, risks and their potential impact change over time. Fifteen years ago, for example, risks resulting from the activity of external attackers were one of the most serious. Attackers often launched brute force password guessing attacks, or if they were more sophisticated, password cracking attacks using dictionary-based password cracking tools that are by today's standards rather crude. Fifteen years ago, damage and disruption due to virus and worm infections also comprised one of the most serious types of security risks. Things have changed considerably since then; certain types of malicious code ("malware") other than viruses and worms have moved to the forefront of risks that organizations currently face. Rootkits in particular now represent what might safely be called the ultimate malware threat.
What exactly is a rootkit? The term "rootkit" refers to a type of Trojan horse program that if installed on a victim system changes systems' operating system software such that: 1) evidence of attackers' activities (including any changes to the systems that have been made in installing the rootkit) is hidden and 2) attackers can gain remote backdoor access to the systems at will. Rootkits replace normal programs and system libraries that are part of the operating system on victim machines with versions that superficially appear to be normal, but that in reality subvert the security of the machine and cause malicious functions to be executed.
Rootkits almost without exception run with superuser privileges, the full set of system privileges intended only for system administrators and system programmers so that they can readily perform virtually any task at will. In UNIX and Linux, this translates to root-level privileges; in Windows, this means Administrator- and SYSTEM-level privileges. Without superuser privileges, rootkits would not be very effective in accomplishing the malicious functions they support. It is important to realize, however, that attackers need to gain superuser-level access before installing and running rootkits. Rootkits are not exploit tools that raise the privilege level of those who install them. Attackers must thus first exploit one or more vulnerabilities independently of the functionality of any rootkit to gain superuser privileges on victim systems if they are going be able to install and run a rootkit on these systems.
|
|
|
Additionally, the majority of rootkits are "persistent," whereas others are not. Persistent rootkits stay installed regardless of how many times the systems on which they are installed are booted. Non-persistent rootkits (also called "memory-resident" rootkits) reside only in memory; no file in the compromised system contains their code. They thus remain on a victim system only until the next time the system boots, at which time they are deleted.
Information security professionals need to put the problem of rootkits in proper perspective. Rootkits were first discovered in 1994; even at that time they were remarkably proficient in hiding themselves and creating backdoor access mechanisms. Since that time, rootkits have improved immensely to the point that many of them are now almost impossible to detect. Some of them are in reality "all-in-one" malware - a complete arsenal of weapons for attackers. Additionally, many current rootkits capture sensitive information and are capable of being part of gigantic botnets that can create massive damage and disruption.
Task 2.Translate the following word combinations:
Information security professionals, security-related threats; brute force password guessing attacks; password cracking attacks; dictionary-based password cracking tools; certain types of malicious code; evidence of attackers’ activities; backdoor access mechanisms.
Task 3.Find in the text English equivalents for the following word combinations:
|
|
|
Выдвигать на передний план; представлять собой более серьезную опасность; термин обозначает; получить доступ к системе; по своему желанию; за редким исключением; независимо от того сколько раз система загружается; почти невозможно обнаружить; захватить важную информацию.
Task 4.Make adverbs from the following adjectives and translate them:
Additional, actual, active, general, constant, current, considerable, exact, extreme, superficial, safe, ready, virtual, independent, remarkable, immense, invariable, original, previous, poor, remote.
Task 5. Answer the questions:
Дата добавления: 2018-04-15; просмотров: 251; Мы поможем в написании вашей работы! |
Мы поможем в написании ваших работ!