ВУЗ: Не указан
Категория: Не указан
Дисциплина: Не указана
Добавлен: 05.05.2024
Просмотров: 235
Скачиваний: 0
ВНИМАНИЕ! Если данный файл нарушает Ваши авторские права, то обязательно сообщите нам.
Вариант 2 для направления подготовки 10.03.01 Информационная безопасность
-
Прочитайте и письменно переведите текст на русский язык.
IP MOBILITY
Communication devices have changed as much as the techniques people use to communicate. Previous changes to communicating involved adopting newer computers and connecting to networks. Voice communication generally occurred using telephones. For many years, telephones did little more than support voice communication. Over the past several years, personal communication devices and mobile phones have become very powerful. Use of cell phones exploded in the 1990s as people began to use them to extend their mobility. Today’s mobile phones, smartphones, and PDAs have grown to match the power and flexibility of many small computers. A PDA is a lightweight, handheld, usually stylus-driven computer used as a personal organizer, with calendar, address book, and the like. Software publishers have responded with many programs targeted for the portable device market. Tablets, smartphones, and netbooks have emerged to fill a need for lightweight portable devices. A growing number of people carry these devices instead of larger laptops for everyday use.
One of the big trends affecting organizations of all sizes is the growing use of personal communication devices. As users came to rely on their personal devices, employees came to expect to keep connectivity while at work. Organizations able to permit the devices still had to employ some control over the use of these devices through policy. This policy popularly became known as Bring Your Own Device (BYOD). Organizations with such a policy can allow their employees and contractors to use their own personally chosen and personally procured devices to connect to the network at their office. This practice often replaces the need for the organization to procure limited model options and issue them to employees for individual use. Some advisers will support the “business sense” of such a move as it relates to lower purchase price, lower operational costs, and supportability of users and applications, but others recognize that BYOD opens the door to considerable security issues.
Users want small devices that are multifunctional and connected. In the past decade, laptops got smaller, lighter, and more powerful. They became powerful enough to match the performance of many desktop computers. Users began to rely on their laptops and enjoy the mobility of taking work away from their desks. They also enjoyed being able to leave their offices and still be connected to email and a growing number of office applications. The user community began to expect mobility and freedom from desktop computers. Computer manufacturers began to offer smaller and lighter laptops to appeal to a growing desire to be connected everywhere without having to carry a heavy device around. The smartphone and PDA manufacturers paid attention as well. They began to make their devices faster and more powerful—more computer-like. One of the leaders in increasing market share among business users was BlackBerry. The first BlackBerry device was released in 1999. It allowed users to use a single device to make phone calls, access email, and manage schedules. Users could also run some applications and perform some of their work without a laptop. Apple followed with its iOS products, starting with the popular iPhone ®. The first iPhone was released in 2007. The first Android phone, the T-Mobile G1 TM, using the brand-new Android operating system, was released in 2008. With these three heavy hitters in the market, the race was on to win the most mobile users.
There are many uses for mobile devices and applications. Some of the earliest applications were really just lightweight web apps. Users connected to the web server using a lightweight browser on their mobile device. Later smartphones and PDAs supported native applications that did not require continuous network connections. Some applications must be connected at all times, but others do not need to be. One example is an application that stores employee timesheet information on a central server. The mobile device must connect to a network to synchronize data with the server but does not need to maintain a constant connection. Applications that do not require continuous network connection make it possible to work with mobile data aboard, for example, an aircraft or other remote location. One of the earliest uses of mobile devices was to take work away from the workplace. Mobile workers quickly became the drivers for migrating applications to mobile devices. General applications that help manage email and schedules were among the first to be made available. Medical professionals quickly realized the advantages of mobile computing to meet their specific needs.
(English for Computer Science Students: учеб. пособие / Сост. Т. В. Смирнова, М. В. Юдельсон; науч. ред. Н. А. Дударева)
II. Задайте к каждому абзацу 3 специальных вопроса.
III. Найдите абзац, в котором выражена основная идея текста.
IV. Напишите краткий план текста на английском языке.
Вариант 3 для направления подготовки 10.03.01 Информационная безопасность
-
Прочитайте и письменно переведите текст на русский язык.
LEGAL AND REGULATORY ISSUES
The deployment of IoT devices on the public open Internet introduces some immediateconcerns from a regulatory and legal perspective. Some of these concerns have never existed before. With regulatory compliance throughout the United States now in full effect for many vertical industries, how are users and businesses to deploy IoT-centric devices and solutions in a compliant manner? This poses an interesting question for those vertical industries under a compliance law such as HIPAA for healthcare, FERPA for higher education, FISMA for the federal government, the Federal Financial Institutions Examination Council (FFIEC) for banking and finance, and PCI DSS v3.1.1 as a standard to follow for secure credit card transaction processing.
With regulatory compliance, we are concerned about properly handling sensitive data and ensuring its confidentiality. Sensitive data are uniquely defined for users and individuals under these compliance laws. But what about IoT device data? IoT devices use the Internet to communicate. Depending on where the server or IoT application resides, your IoT data are traversing physical networks and crossing state boundaries. That means your private data are subject to the privacy laws of the state you live in as well as the state that the IoT hosting company resides in. It is this movement of data that can quickly cause a legal issue. If the IoT data are classified to be private data or sensitive data protected under regulatory compliance, that IoT vendor or solutions provider is required to adhere to security control requirements and data protection laws as needed. This cross-border data movement is not new to the Internet. What is new is that IoT devices can share and communicate your IoT device data to other systems and applications without your authorization or knowledge. This complicates the privacy issue because the data can cross state borders without your knowledge or approval at times.
Who is collecting your IoT device data? Who is collecting your behavior patterns throughout your IoT devices? What is the collector doing with your IoT device and behavior data? This is a brand-new legal and privacy issue with IoT data discrimination. The data collected from your IoT devices tell a specific story about you and your use of that IoT device. These data can be used for good things as well as used against you in a discriminating manner. Depending on the third-party right-to-use clauses, IoT vendors and ASPs may be using your data or metadata in a manner that may be discriminatory toward you. These can even include data about where you travel or eat and what you do for entertainment. Metadata can be accumulated and sold to other companies seeking demographic marketing data about you and your spending habits. How valuable is this information to the other company? Does the IoT or device-tracking application vendor have the right to sell your metadata information? When engaging globally with other individuals from other countries, which laws apply to that person’s privacy such that security controls may or may not be required?
Finally, what about IoT device liability? What if your IoT device is used for healthcare monitoring and alerts/alarms, but there is a malfunction? If someone is injured or killed as a result of a faulty IoT device, does the limitation of liability come from the IoT device manufacturer, the ASP, or whom? Manufacturers have no way of knowing how that IoT device will be used by the owner. What if that device is used to commit or aid in a crime or robbery? If a hacker can compromise a home IoT security system and video camera system and then rob that house while the owners are away, who is liable for this actual robbery and loss of possessions? What if an IoT device is used to compromise access to other IT systems, applications, and data using the vulnerable IoT device as a launch pad? These examples demonstrate the potential liabilities that may occur using IoT devices in the real world. Current liability laws and protection may or may not address IoT devices connected to the public
Internet. How can we stay ahead of this legal and regulatory compliance curve? This is not an easy task. Assessing legal implications of IoT devices and their implementations must address privacy rights of individuals first. This must be followed by an understanding of what is acceptable and unacceptable from a liability perspective for businesses involved in IoT device manufacturing or solutions.
(English for Computer Science Students: учеб. пособие / Сост. Т. В. Смирнова, М. В. Юдельсон; науч. ред. Н. А. Дударева)
II. Задайте к каждому абзацу 3 специальных вопроса.
III. Найдите абзац, в котором выражена основная идея текста.
IV. Напишите краткий план текста на английском языке.
Вариант 4 для направления подготовки 10.03.01 Информационная безопасность
-
Прочитайте и письменно переведите текст на русский язык.
DENIAL OF SERVICE ATTACKS
Denial of service (DoS) attacks result in downtime or inability of a user to access a system. DoS attacks impact the availability tenet of information systems security. A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks. This excessive activity makes the system unavailable to perform legitimate operations. When a disk fills up, the system locks an account out, a computer crashes, or a CPU slows down, the result is denial of service—hence the name. DoS attacks generally originate from a single computer. Once you detect a DoS attack, you can stop it easily. Two common types of DoS attacks are as follows:
• Logic attacks—Logic attacks use software flaws to crash or seriously hinder the performance of remote servers. You can prevent many of these attacks by installing the latest patches to keep your software up to date.
• Flooding attacks—Flooding attacks overwhelm the victim computer’s CPU, memory, or network resources by sending large numbers of useless requests to the machine.
One of the best defenses against DoS attacks is to use intrusion prevention system (IPS) software or devices to detect and stop the attack. Intrusion detection system (IDS) software and devices can also detect DoS attacks and alert you when such attacks are in progress. Without a defense against DoS attacks, they can quickly overwhelm servers, desktops, and network hardware, slowing computing in your organization to a grinding halt. In some cases, these attacks can cripple an entire infrastructure.
Most DoS attacks target weaknesses in the overall system architecture rather than a software bug or security flaw. Attackers can launch DoS attacks using common Internet protocols such as TCP and Internet Control Message Protocol (ICMP). A DoS attack launched through one of these protocols can bring down one or more network servers or devices by flooding it with useless packets and providing false information about the status of network services. This is known as a packet flood.
One popular technique for launching a packet flood is a SYN flood. SYN is a TCP control bit used to initialize TCP/IP communication with another device. Normally, to establish communication, the host receiving the SYN bit immediately responds (with both the SYN and ACK bits) and awaits a confirmation. In a SYN flood, the attacker sends a large number of packets requesting connections to the victim computer; however, the ACK bit is never received. The victim computer records each request and reserves a place for the connection in a local table in memory. The victim computer then sends a confirmation back to the attacker, but the attacker never acknowledges the confirmation. All these reserved bits of memory are small, but as they accrue, the amount eventually fills the victim’s connections table to capacity until it runs out of memory for other operations. In the meantime, no legitimate users can connect to the victim computer, because the SYN flood has filled the connection table. The victim computer will remain unavailable until the connection requests time out.
Another popular technique is smurfing. The smurf attack uses a directed broadcast to create a flood of network traffic for the victim computer. Both internal attackers and external attackers can launch DoS attacks. However, most attacks come from anonymous outsiders. Network intrusion detection (IDS/IPS) is usually effective at detecting these attacks. Security personnel routinely take aggressive steps to ensure that attackers cannot use their systems for malicious purposes. In addition, some web content providers and network device manufacturers now include new rules designed to prevent DoS attacks in their default configuration tables. Preventing attackers from gaining access to your computers is a full-time effort, but it’s one that is worth the expense.
