文獻翻譯通信安全外文翻譯

文獻翻譯一般指對不同類(lèi)型、不同語(yǔ)言的文獻所記載的信息內容進(jìn)行翻譯，以達到信息互通、文獻思想交流的目的。文獻翻譯要求翻譯要注重專(zhuān)業(yè)、準確 文獻翻譯涵蓋許許多多的學(xué)科，每一學(xué)科都有自己的專(zhuān)業(yè)術(shù)語(yǔ)。

　　通信安全

　　我們現在已經(jīng)完成了對交易工具的研究。大多數重要的技術(shù)和協(xié)議都已被涵蓋。本章的其余部分是關(guān)于如何在實(shí)踐中應用這些技術(shù)來(lái)提供網(wǎng)絡(luò )安全性，以及本章末尾對安全性的社會(huì )方面的一些想法。

　　在接下來(lái)的三個(gè)部分中，我們將介紹通信安全性，即如何秘密地獲取位，而不需要從源到目的地進(jìn)行修改，以及如何將不需要的位保留在門(mén)外。 這些絕不是網(wǎng)絡(luò )中唯一的安全問(wèn)題，但它們肯定是最重要的問(wèn)題之一，這使它成為一個(gè)很好的起點(diǎn)。

　　1. IPsec

　　多年來(lái)，IETF已經(jīng)知道互聯(lián)網(wǎng)缺乏安全性。添加這并不容易，因為一戰爆發(fā)了關(guān)于把它放在哪里。大多數安全專(zhuān)家認為，為了確保安全，加密和完整性檢查必須端到端（即在應用程序層中）。也就是說(shuō)，源進(jìn)程加密和/或完整性保護數據并將其發(fā)送到解密和/或驗證數據的目標進(jìn)程。 然后可以檢測在這兩個(gè)過(guò)程之間進(jìn)行的任何篡改，包括在任一操作系統內。 這種方法的問(wèn)題在于它需要更改所有應用程序以使其具有安全性。 在此視圖中，下一個(gè)最佳方法是在傳輸層或應用程序層與傳輸層之間的新層中加密，使其仍然是端到端但不需要更改應用程序。

　　相反的觀(guān)點(diǎn)是用戶(hù)不理解安全性并且不能正確使用它并且沒(méi)有人想要以任何方式修改現有程序，因此網(wǎng)絡(luò )層應該在不涉及用戶(hù)的情況下認證和/或加密分組。經(jīng)過(guò)多年激烈的爭斗，這種觀(guān)點(diǎn)贏(yíng)得了足夠的支持，即定義了網(wǎng)絡(luò )層安全標準。部分原因是，擁有網(wǎng)絡(luò )層加密并不會(huì )阻止安全感知用戶(hù)正確地做到這一點(diǎn)，并且它確實(shí)在某種程度上幫助了安全性不知情的用戶(hù)。

　　Communication Security

　　We have now finished our study of the tools of the trade. Most of the important techniques and protocols have been covered. The rest of the chapter is about how these techniques are applied in practice to provide network security, plus some thoughts about the social aspects of security at the end of the chapter.

　　In the following three sections, we will look at communication security, that is, how to get the bits secretly and without modification from source to destination and how to keep unwanted bits outside the door. These are by no means the only security issues in networking, but they are certainly among the most important ones, making this a good place to start.

　　1. IPsec

　　IETF has known for years that security was lacking in the Internet. Adding it was not easy because a war broke out about where to put it. Most security experts believe that to be really secure, encryption and integrity checks have to be end to end (i.e., in the application layer). That is, the source process encrypts and/or integrity protects the data and sends that to the destination process where it is decrypted and/or verified. Any tampering done in between these two processes, including within either operating system, can then be detected. The trouble with this approach is that it requires changing all the applications to make them security aware. In this view, the next best approach is putting encryption in the transport layer or in a new layer between the application layer and the transport layer, making it still end to end but not requiring applications to be changed.

　　The opposite view is that users do not understand security and will not be capable of using it correctly and nobody wants to modify existing programs in any way, so the network layer should authenticate and/or encrypt packets without the users being involved. After years of pitched battles, this view won enough support that a network layer security standard was defined. In part the argument was that having network layer encryption does not prevent security-aware users from doing it right and it does help security-unaware users to some extent.