Областное государственное бюджетное образовательное учреждение
Среднего профессионального образования
Томский индустриальный техникум
Сборник практических работ
по учебной дисциплине
Специальность СПО: 090905 «Организация и технология защиты информации»
Разработчик: Илюшникова Е.А.
Томск – 2015г
Практическая работа 1. «Защита информации»……………………...…...….4
Практическая работа 2. «Вирусы» ……………………………………………8
Практическая работа 3. «Преимущества и недостатки интернета»………..12
Практическая работа 4. «Возможности интернета»…………………………15
Практическая работа 5. «Уровни защиты информации»……………..…….18
Список используемой литературы ……………………………………..……22
В современном образовательном процессе особая роль отведена практическому применению полученных знаний. Практические работы - неотъемлемая часть процесса обучения и на уроках иностранного языка. Выполнение практических работ предоставляет возможность применить теоретические знания на практике, отработать все виды деятельности на уроке, такие, например, как чтение, письмо, устная речь. Практические работы также способствуют воспитанию у обучающихся трудолюбия и развитию самостоятельности.
Необходимость создания сборника практических работ для данной специальности обусловлена стремлением систематизировать и расширить знания студентов по лексике и грамматике. В современном обществе востребованы глубокие знания английского языка в области перевода, устной и письменной речи, что делает проблему изучения грамматического строя языка и расширению словарного запаса в профессиональном направлении все более актуальной и насущной. Данный курс призван развивать и совершенствовать речемыслительную активность учащихся, мотивированность и самостоятельность их высказываний, и поэтому соответствует существующему социальному заказу.
Сборник практических работ адресован студентам среднего уровня и может использоваться как на уроках английского языка, так и при самостоятельном изучении. Предполагается, что по окончании изучения данного комплекса заданий студенты будут способны переносить теоретические знания по данным темам на практику, т. е. выполнять различные лексико-грамматические тесты, грамотно переводить тексты различной тематики, грамотно излагать мысли и обмениваться информацией в связи с ситуацией.
Сборник состоит из 5 объемных практических работ, темы которых взяты из учебной программы по данной специальности. Также автором разработаны критерии оценивания практических работ. Практические работы на уроках могут выполняться на этапе проверки и контроля, в ходе изучения нового материала и его закрепления.
Практическая работа 1
Read and translate the text
Basic Principles of Information Protection
Many examples of systems requiring protection of information are encountered every day: airline seat reservation systems, credit bureau data banks; law enforcement information systems; time-sharing service bureaus; on-line medical information systems; and government social service data processing systems. These examples span a wide range of needs for organizational and personal privacy. All have in common controlled sharing of information among multiple users. All, therefore,
require some plan to ensure that the computer system helps implement the correct authority structure. Of course, in some applications no special provisions in the computer system are necessary. It may be, for instance, that an externally administered code of ethics or a lack of knowledge about computers adequately protects the stored information. Although there are situations in which the computer need provide no aids to ensure protection of information, often it is appropriate to have the computer enforce a desired authority structure. The words ‘privacy’, ‘security’, and ‘protection’ are frequently used in connection with information-storing systems. Not all authors use these terms in the same way. Here are the definitions commonly encountered in computer science literature. The term ‘privacy’ denotes
a socially defined ability of an individual (or organization) to determine whether, when, and to whom personal (or organizational) information is to be released. The term ‘security’ describes techniques that control that may use or modify the computer or the information contained in it. Security specialists have found it useful to place potential security violations in three categories.
1. Unauthorized information release: an unauthorized person is able to read and take advantage of information stored in the computer. This category of concern sometimes extends to ‘traffic analysis’, in which the intruder observes only the patterns of information use and from those patterns can infer some information content. It also includes unauthorized use of a proprietary program.
2. Unauthorized information modification: an unauthorized person is able to make changes in stored information – a form of sabotage. Note that this kind of violation does not require that the intruder see the information he has changed.
3. Unauthorized denial of use: an intruder can prevent an authorized user from referring to or modifying information, even though the intruder may not be able to refer to or modify the information. Causing a system ‘crash’, disrupting a scheduling algorithm, or firing a bullet into a computer are examples of denial of use. This is another form of sabotage.
The term ‘unauthorized’ in the three categories listed above means that release, modification, or denial of use occurs contrary to the desire of the person who controls the information, possibly even contrary to the constraints supposedly enforced by the system. The biggest complication in a general-purpose remote-accessed computer system is that the ‘intruder’ in these definitions may be an otherwise legitimate user of the computer system. Examples of security techniques sometimes applied to computer systems are the following:
1) labeling files with lists of authorized users;
2) verifying the identity of a prospective user by demanding a password;
3) shielding the computer to prevent interception and subsequent interpretation of electromagnetic radiation;
4) enciphering information sent over telephone lines;
5) locking the room containing the computer;
6) controlling who is allowed to make changes to the computer sys-
tem (both its hardware and software);
7) using redundant circuits or programmed cross-checks that maintain security in the face of hardware or software failures;
8) certifying that the hardware and software are actually implemented as intended.
It is apparent that a wide range of considerations are pertinent to the engineering of security of information. Historically, the literature of computer systems has more narrowly defined the term protection to be just those security techniques that
control the access of executing programs to stored information. An example of a protection technique is labeling of computer-stored files with lists of authorized users. Similarly, the term authentication is used for those security techniques that verify the identity of a person (or other external agent) making a request of a computer system. An example of an authentication technique is demanding a password. This paper concentrates on protection and authentication mechanisms, with only occasional reference to the other equally necessary security mechanisms. One should recognize that concentration on protection and authentication mechanisms provides a narrow view of information security, and that a narrow view is dangerous. The objective of a secure system is to prevent all unauthorized use of information, a negative kind of requirement. It is hard to prove that this negative requirement has been achieved, for one must demonstrate that every possible threat has been anticipated.
1. Give the Russian equivalents to the following words and word combinations:
to encounter; to span a wide range of needs for; multiple users; special provisions; to ensure protection; to enforce smth; techniques; potential security violations; to take
advantage of; to disrupt a scheduling algorithm; the intruder; legitimate user; shielding; to encipher information; redundant circuits; to certify; possible threat; to anticipate.
2. Provide definitions in the context of protecting information in computers:
(Check them with the Glossary given at the end.)
3. Answer the questions to the text and perform the tasks:
1. Give your own examples of systems requiring protection of information.
2. What is the main difference between the notions protection and security?
3. Span the needs for organizational and personal privacy.
4. What are the three categories of the potential security violations? Describe them.
5. Why can release, modification, or denial of use occur contrary to the desire of the person?
6. Give examples of security techniques sometimes applied to computer systems.
7. What are the other definitions of the terms protection and authentication?
8. Why are these terms considered to provide a narrow view of information security?
4. Discuss the basic principles of information protection
1. Use the correct tense form.
This story happened to Mr. Brow n who (was living, lived, had lived) in the suburbs of one of the towns in England. One evening he (walked, was being walked, was walking) home from the railway station. The road (had been, was, being) dark and lonely. Suddenly he heard someone (was approaching, approached, approaching) him from behind and thought he (being followed, was being followed, was followed). Mr. Brown (was, had been, being) terribly frightened and started (run, ran, running). The footsteps still followed him. The man ran into an old cemetery and threw himself on the grass near one of the graves. Lying there Mr. Brown thought, ‘If he (came, was coming, comes) here there (will be, is, was) no doubt he (wanted, wants, will want) to
rob me’. The man behind really came there too. Mr. Brown wondered what he (wants, wanted, will want) and why he (is following, had followed, was following) him.
The stranger said that he (was going, went, had gone) to Mr. Robertson's and he had been told that Mr. Brown (was living, lived, had lived) next door to the Robertsons. That's why he decided to follow him. And the stranger thought it was a sort of exercise Mr. Brown (was using, used, is using) to do in the evenings.
2. Put the questions to the following sentences.
1. The weather was stormy yesterday. (What?)
2. A lot of hamburgers are eaten in the USA. (How many?)
3. Ann has just come back from London. (When?)
4. He had to borrow some money. (Why?)
5. They have been quarrelling since morning. (How long?)
6. Stephen and Paul lead an adventurous life. (Who?)
7. We used to go to the theatre on Friday nights. (Where?)
8. Dick won't be able to join us tomorrow. (Why?)
9. She speaks English very well. (How?)
3. Andrea is giving a talk to her class at the language school about her first few weeks in Britain. Complete what she says. Put the verbs in brackets into the correct tense.
I (arrive) about eight weeks ago. I (not be) to Britain before, so I (not know) what to expect. My friends Vince and Sue (meet) me at the airport. They (wait) for me when I (come) out of the arrivals gate. I (be) very pleased to see them. You see, my cousin Carmen (come) to stay with Sue the summer before last, but there (not be) anyone to meet her at the airport, because Sue (have) an accident. Anyway, as I said, I (be)
here for about two months now. I (learn) a lot of English in that time and I (do) a lot of things. I (be) to London a Few times and last weekend I (go) to Oxford to see Sue. While Sue (show) me some of the colleges. I (see) some people from my town in Argentina. They (arrive) in England the day before. We (be) all so surprised. We (can't) believe it.
4. Supply some, any, no for the following sentences.
1. If you have ... news, call me back.
2. She helped borrow ... more money.
3. There is hardly ... place in this house where we can talk alone.
4. ... boy at the school had ever taken a scholarship to the university.
5. It meant real hardship to my mother unless I earned ... money at once.
6. My mother hoped that perhaps the school had ... funds to give me a grant.
7. It was unlikely that ... of the guests would take particular notice of it.
8. They understood each other without ... words.
9. ‘Let's go back home. It's already late’. ‘I'd rather stay out a little longer’. ‘I suppose we've got to go home ... time’.
10. There isn't ... boot-polish in this tin.
11. You have ... fine flowers in your garden.
12. Go and ask him for ... more paper, I haven't ... in my desk.
13. Later we had ... tea.
14. He wants ... more pudding. You can take it away.
15. There are ... matches left. We must buy ... .
16. I wouldn't go to his concert. He is ... pianist.
17. ... time ago I read his story in a magazine.
18. I don't think there is ... milk left in the jug.
19. ... student can answer the question.
Практическая работа 2
Read and translate the text
Does Anti-Virus Software Still Matter?
Using a computer without an anti-virus program? That’s like driving without a seatbelt – or jumping out of a plane without a parachute, right? As users become more knowledgeable about safe computing practices, and as anti-virus solutions vendors ratchet up the general level of hacker hysteria, many people are reconsidering their system security options. Some computer users complain about the cost of anti-virus
solutions, while others are more concerned about the technology's impact on their machines. It's certainly no secret that anti-virus tools place a big strain on processor and memory resources and are capable of slowing older machines to a crawl. A growing number of computer users are thinking about giving anti-virus software the old heave-ho.
A New Vista.
Anti-virus software skeptics got a big boost last year when Microsoft co-president Jim Allchin stated that Windows Vista's new security features are so strong that anti-virus software is no longer required. In fact, he boldly claimed that he would have no problem letting his seven-year-old son use a Vista computer without any antivirus software installed. Allchin based his belief on Vista's formidable security arsenal. The operating system's new anti-virus features include the User Account Control, which defaults users to a non administrator status. Without
administrative rights, users can't accidentally (or deliberately) modify system settings, malware can't alter system security settings or disable anti-virus software (should it be installed), and users can't compromise the information of other users on shared computers. Microsoft also has made significant security improvements to Internet
Explorer, including a new Protected Mode that can reduce the impact of malware by restricting where files can be saved without the user's consent. Additionally, Vista can clean many worms, viruses and root kits, helping ensure the operating system's integrity and the privacy of users' data. Vista's Windows Defender helps protect host computers against pop-ups, slow performance and security threats caused by spyware and other unwanted software. Defender features Real-Time Protection, a monitoring
system that recommends actions against detected spyware, and a streamlined interface that minimizes interruptions. Still, Microsoft is backing away from any claim that add-on anti-virus software isn't necessary for full system protection. In fact, the company offers its own anti-virus service in the form of Windows Live OneCare.
The service, aimed at home users and small businesses, features an anti-virus program, a firewall, a backup-and-restore utility, a tune-up utility and integrated functionality with Windows Defender for malware protection. Most major independent anti-virus vendors also serve the Vista market, claiming their solutions fill gaps left open by Microsoft.
When it comes to non-Vista computers, the need for virus protection varies in accordance with the type of system being used. XP users, for instance, will certainly benefit from anti-virus software, since the older operating system lacks most of Vista's built-in safeguards. Many Linux users, on the other hand, feel perfectly safe running their machines without any antivirus protection. It's not that Linux features some kind of virus-proof shield; it's simply that there are so few Linux users (at least in соmparison to Windows users) that most hackers can't be bothered to create Linux malware. Many Macintosh users also eschew the need for anti-virus solutions. Like their Linux counterparts, they hope that safe computing practices, combined with their systems' low profile (when compared to Windows), will keep their machines safe – or at least safe enough. So does anti-virus software still matter? Well, to quote Clint
Eastwood as ‘Dirty Harry’ Callahan: ‘You've got to ask yourself a question: Do I feel lucky?’
1. Give the Russian equivalents to the following words and word combinations:
to get a big boost; to place a strain; to clean worms; operating system integrity; formidable security arsenal; spyware; pop up; to ratchet up; to alter settings; built-in
safeguards; to be bothered to do something.
2. Are the statements true or false?
1. Vista possesses a formidable security arsenal.
2. Without administrative rights, users can't accidentally (or deliberately) modify system settings; malware can't alter system security settings or disable antivirus
software (should it be installed).
3. Microsoft also has made few security improvements to Internet Explorer.
4. A new Protected Mode can't reduce the impact of malware by restricting where files can be saved without the user's consent.
5. Defender features Real-Time Protection, a monitoring system that recommends actions against detected spyware, and a streamlined interface that minimizes interruptions.
6. When it comes to non-Vista computers, the need for virus protection is immense.
7. Many Linux users feel perfectly safe running their machines with very strong anti-virus protection.
8. Many Macintosh users also feel the need for anti-virus solutions.
9. XP users certainly benefit from anti-virus software.
10. Windows Live OneCare aimed at home users and small businesses, features an anti-virus program, a firewall, a backup-and-restore utility, a tune-up utility and integrated functionality with Windows Defender for malware protection.
3. Answer the questions to the text.
1. How dangerous is it to use a computer without an anti-virus program?
2. Why are many people reconsidering their system security options?
3. What does Vista security arsenal include?
4. What is User Account Control designed for?
5. What can Protected Mode do?
6. What are the functions of Vista Windows Defender?
7. What does Windows Live One Care feature?
8. What are non-Vista systems?
4. Discuss the security features of Vista and non-Vista systems.
1. Use the required form of the adjective in the following sentences.
1. He was the (amusing) lad you ever met. 2. He's a far (intelligent)
person than my brother. 3. She was the (practical) of the family. 4.
When they told me I was cured and could go, I can tell you I was
(afraid) than glad. 5. I wanted to ask you both what you thought of my
(late) films if you saw them. 6. He is (talkative) than his sister.
2. Translate the following into English.
1. Чем меньше ты будешь говорить, тем лучше.
2. К сожалению, я не смог прийти так рано, как обещал.
3. Чем больше человек имеет, тем больше ему хочется.
4. Я не так молод, как вы.
5. Погода меняется к лучшему.
3. Change the active form into the passive one.
1. They gave up the search after three hours. 2. They ought to have pointed that out to me at the very beginning. 3. No one brought up that question at the meeting.
4. Somebody should look into the matter. 5. It was clear that toe parents had brought toe child up well. 6. We had to put off our visit until later. 7. I was shocked to hear that someone had broken into your house. 8. Don't speak until someone speaks to you. 9. His bank manager turned down his request for a loan. 10. You must account for every penny you spent. 11. Someone hasn't stuck this toe stamp on very firmly.
12. Events will bear out the truth of what I'm saying. 13. An official held us up at the Customs for half an hour. 14. How can we bring about to the desired result? 15. He hates people making fun of him.
4. Complete the sentences using the Passive Voice.
1. The new washing machines (turn out) at thе rate of fifty a day.
2. When her husband died, she naturally assumed that she (provide for).
3. We've had to move into a hotel while (lie house we've just bought (do up).
4. The employee was assured of his (take on) again as soon as work was available.
5. Richard always (tell off) for careless mistakes nowadays.
6. The agreement had to (draw up) in the presence of two witnesses.
7. Some Heads of Government now fear that negotiations (break off) before a settlement is reached.
8. The chairman of thе board of directors assured shareholder that the matter of the deficiency (look into) by the time the next meeting was held.
9. He felt he (let down) badly by his best friend.
10. The search party had little idea where to start looking the climber's tracks (blot out) by a recent snowstorm.
5. Use the Passive Voice in the following sentences.
1. (Everyone) knows this fact very well.
2. (They) opened the theatre only last month.
3. (People) will soon forget it.
4. (You) must write the answers in ink.
5. (Someone) has taken two of my books.
6. (We) have already filled the vacancy.
7. What should (one) do in such case?
8. Did (they) say anything interesting?
9. Did (no one) ever make the situation clear to you?
10. (One) should keep milk in a refrigerator.
11. I don't think (anyone) can do it. 12. (You) must finish the work by 7.
13. (They) are now manufacturing this type of computer in many countries.
14. (No one) could possibly have known the secret.
Практическая работа 3
«Преимущества и недостатки интернета»
Read and translate the text
Data Theft: How Big a Problem?
Data theft is, quite simply, the unauthorized copying or removal of confidential information from a business or other large enterprise. It can
take the form of ID-related theft or the theft of a company’s proprietary
information or intellectual property.
ID-related data theft occurs when customer records are stolen or illegally copied. The information stolen typically includes customers’ names, addresses, phone numbers, usernames, passwords and PINs, account and credit card numbers, and, in some instances, Social Security numbers. When transmitted or sold to lower-level criminals, this information can be used to commit all manner of identity fraud. A single data theft can affect large numbers of individual victims.
Non-ID data theft occurs when an employee makes one or more copies of a company’s confidential information, and then uses that information either for his own personal use or transmits that information to a competitor for the competitor’s use. However it’s done, this is a theft of the business’ intellectual property, every bit as harmful as a theft of money or equipment. A company’s confidential
information includes its employee records, contracts with other firms, financial reports, marketing plans, new product specifications, and so on. Imagine you’re a competitor who gets hold of a company’s plans for an upcoming product launch; with knowledge beforehand, you can create your own counter-launch to blunt the impact of the other company’s new product. A little inside information can be extremely valuable — and damaging for the company from which it was stolen.
Data theft can be a virtual theft (hacking into a company’s systems and ransmitting stolen data over the Internet) or, more often, a physical theft (stealing the data tapes or discs). In many ways, it’s easier for a thief to physically steal a company’s data than it is to hack into the company’s network for the same purpose. Most companies give a lot of attention to Internet-based security, but less attention is typically paid to the individuals who have physical access to the same information.
One would expect data theft to be somewhat widespread. And it probably is — if we truly knew all the numbers. The problem with trying to size the data theft issue is twofold. First, many companies do not report data theft to the police or do not publicize such thefts; they’re trying to avoid bad publicity. And even when data theft is reported, the dollar impact of such theft is difficult to ascertain. Whichever number is correct, that’s a lot of stolen data. Add to that the immeasurable cost of intellectual property data theft, and you get a sense of the size of the problem — it’s big and it’s getting bigger. Unfortunately, there’s little you as an individual can do to prevent data theft; the onus is all on the company holding the data. You could reduce your risk by limiting the number of companies with which you
do business, but that may not be practical. Being alert is your only defense against this type of large-scale theft.
Task 1. Give definitions to the following word combinations.
Data theft, ID-related data theft, non-ID data theft, virtual theft,
physical theft, company’s confidential information.
A. Translate the following words with negative prefixes.
Unauthorized, illegally, immeasurable, unfortunately.
B. Make the words negative with the help of prefixes and translate
un- reliable, able, pleasant, intentionally, likely, suspecting, wanted,
in- visible, dependent, accurate, compatible, adequate, appropriate;
im- possible, perfect, proper, mobile;
ir- regular, rational, resistible, responsible;
mis- lead, understand, pronounce, print, direction;
anti- virus, spyware, glare;
dis- continue, appear, connect, advantage, agreement.
Task 3. Find in the text English equivalents for the following word
Интеллектуальная собственность; в некоторых случаях;
информация может быть чрезвычайно ценной; во многом; с той же
целью; уделять большое внимание; меньше внимания уделяется;
это довольно широко распространено; пытаться избежать дурной
славы; проблема в два раза серьезнее; во-первых; трудно
установить; к сожалению; предотвратить кражу информации; вся
ответственность лежит на компании; быть осторожным.
Task 4. Answer the questions.
1. Why is it easier for a thief to physically steal a company’s data
than to hack into the company’s network?
2. How widespread is the data theft problem?
3. How do thieves steal corporate data?
4. What happens to the stolen data?
5. What can you do to prevent data theft?
Task 5. Speak about the data theft problem.
Task 6. Translate the following sentences paying attention to the
words in bold type.
1. The malicious code problem will continue to grow as the Internet grows.
2. As cyber criminals get smarter and smarter, staying one step ahead of emerging security threats is getting harder and harder.
3. As you might guess from the name, the decryption key is
different from the encryption key.
4. The threat has grown to the point where using a password as the sole form of authentication provides you with almost no protection at all.
5. Most folks devise simple passwords, such as the names of their pets or the names of their favorite sports teams.
6. As a result, phishing has become big business, and very profitable for attackers with little fear of being caught for their crimes.
7. While new security technologies and products are developed in order to meet the changing needs, the bad guys are coming up with new technologies and strategies as well. As has been said many times, there is no silver bullet in the security world.
8. Over time, the threats have grown in both number and complexity, while the timeframe for response has been shortened dramatically.
9. Failure is the only thing one can achieve without effort.
Практическая работа 4
Read and translate the text
In the past decade we have witnessed phenomenal growth in the capabilities of information management systems. National security implications of these apabilities are only now beginning to be understood by national leadership. There is no doubt IW is a concept the modern military officer should be familiar with, for advancements in computer technology have significant potential to dramatically
change the face of military command and control. Information warfare is an orchestrated effort to achieve victory by subverting or neutralizing an enemy command and control (C2) system, while protecting use of C2 systems to coordinate the actions of friendly forces. A successful IW campaign seizes initiative from an enemy commander; the IW campaign allows allied forces to operate at a much higher tempo than an enemy can react to. The concept of an “OODA Loop” is often used to illustrate information warfare. OODA stands for the steps in a commander’s decision making cycle — Observe, Orient, Decide and Act. Based on the premise that information is a strategic asset, a portion of IW
doctrine seeks to disrupt or deny access to information in order to seize initiative from an adversary. The other half of IW doctrine seeks to maintain the integrity of our information gathering and distribution infrastructure.
Applying Information Warfare. Most modern political and military C2 systems are based on high speed communications and computers. It follows that this information infrastructure, also known as an “infosphere”, will be the arena in which information warfare is waged. Any system or person who participates in the C2 process will be a potential target in an IW campaign. An IW campaign will focus against the enemy infosphere. It will be necessary to isolate, identify and analyze each element of an enemy infosphere in order to determine portions which can affect the OODA
loop’s size. Once these areas of the enemy infosphere are identified, an attack against critical nodes would deny access to information, destroy the information, or render it useless to the adversary forces. Even more damaging, information warriors could alter data in a network, causing the adversary to use false information in his decision making process and follow a game plan of the friendly commander’s design.
Fighting the Information War .One development with implications for the military is the appearance of “hackers” and “phreakers” — persons who gain unauthorized access to computer and telephone systems, respectively. A computer network or telephone system is designed to transmit
information. Much of that information will form an excellent intelligence picture of an adversary. Computer networks can be monitored through telephone modems, peripheral equipment, power lines, human agents and other means. If a system can be monitored remotely, it might also be accessed remotely. A program could be
installed to record and relay computer access codes to a remote location. Employing computers as a weapon system will introduce a new glossary of terminology. Computer war fighting weapons can be divided into four categories: software, hardware, electromagnetic systems and other assets. Software consists of programs designed to collect information on, inhibit, alter, deny use of, or destroy the enemy infosphere. The examples of software warfighting assets have exotic, computer hacker names: “knowbot”, “demons”, “sniffers”, “viruses”, “Trojan horses”, “worms” or “logic bombs”.
A KNOWBOT (knowledge robot) is a program which moves from
machine to machine, possibly cloning itself. KNOWBOTs can communicate with one another, with various servers in a network, and with users. The KNOWBOT could even be programmed to relocate or erase itself to prevent discovery of espionage activity. KNOWBOTs could seek out, alter or destroy critical nodes of an enemy C2 system.
DEMON.A program which, when introduced into a system, records all commands entered into the system. Similar to the demon is the “sniffer”. A sniffer records the first 128 bits of data on a given program. Logon information and passwords are usually contained in this portion of any data stream. Because they merely read and record data, such programs are very difficult to detect.
VIRUS. A program which, upon introduction, attaches itself to resident files or tables on a machine or network. The virus spreads itself to other files as it comes into contact with them. It may reproduce without doing any actual damage, or it may erase files via the file allocation table.
TRAP DOOR.A back door into a system, written in by a programmer
to bypass future security codes.
TROJAN HORSE. A code which remains hidden within a computer system or network until it emerges to perform a desired function. A Trojan Horse can authorize access to the system, alter, deny or destroy data, or slow down system function.
WORM. A nuisance file which grows within an information storage
system. It can alter files, take up memory space, or displace and overwrite valuable information.
LOGIC BOMB.This instruction remains dormant until a predetermined condition occurs. Logic bombs are usually undetectable before they are activated. The logic bomb can alter, deny or destroy data and inhibit system function.
HARDWARE. The primary purpose of a hardware asset is to bring software assets into contact with an enemy computer system. Any piece of equipment connected to a computer, be it a fiberoptic or telephone cable, facsimile machine or printer, is capable of transmitting information to that computer. Therefore it is a potential avenue for gaining access to the infosphere.
ELECTROMAGNETIC SYSTEMS. Any mechanisms using the electromagnetic spectrum to subvert, disrupt or destroy enemy command and control are electromagnetic systems. Electromagnetic pulse simply shorts-out electronic equipment.
OTHER ASSETS. This catch-all category makes an important point. Information warfare is not limited to electronic systems. Simply put, non-computer assets can compliment use of computer hardware and software assets, or can act unilaterally. Their goal is to achieve the desired effect upon the enemy C2 network in pursuit of strategic, operational or tactical objectives. Successful employment of IW assets
could theoretically end a war before the first shot is fired.
IW doctrine has significant implications for modern military theory. IW will focus on preventing the enemy soldier from talking to his commander. Without coordinated action, an enemy force becomes an unwieldy mob, and a battle devolves to a crowd-control issue. In the not too distant future, computer weapon systems will conduct “software strikes” against the enemy infosphere to disrupt command and control. Targets will be chosen for military, political or economic significance. IW opens new doors throughout the spectrum of conflict to achieve
tactical, operational and strategic objectives. Information warfare is a concept which is only now beginning to make its way through governmental and military circles. The technology currently exists with which to conduct an IW campaign.
National leaders must reflect on the implications of this new technology in order to develop coherent policy and rules of engagement.
Answer the questions.
1. What does the text acquaint us with?
2. What is the concept of an “OODA Loop”?
3. How can the IW campaign be characterized?
4. What is a potential target of the IW campaign?
5. What are the main parts of IW doctrine?
6. What is predicted to be the most wide-spread fighting the IW?
7. How many categories can computer warfighting weapons be
divided into? What are they?
Task 3.Render the text using the given phrases.
The text is devoted to ...
The introductory part is concerned with ...
It is shown that ...
The problems of ... are outlined.
The author stresses the importance of ...
Special attention is paid to ...
There are critical reviews on ...
Recommendations for ... are presented.
Conclusions regarding ... are made.
Практическая работа 5
«Уровни защиты информации»
Read and translate the text in written form
Functional Levels of Information Protection
Many different designs have been proposed and mechanisms implemented for protecting information in computer systems. One reason for differences among protection schemes is their different functional properties – the kinds of access control that can be expressed naturally and enforced. It is convenient to divide protection schemes according to their functional properties. A rough categorization is the following.
a) Unprotected systems: Some systems have no provision for preventing a determined user from having access to every piece of information stored in the system.
b) All-or-nothing systems: These are systems that provide isolation of users, sometimes moderated by total sharing of some pieces of information. If only isolation is provided, the user of such a system might just as well be using his own private computer, as far as protection and sharing of information are concerned. More commonly, such systems also have public libraries to which every user may have access. In some cases the public library mechanism may be extended to accept user contributions, but still on the basis that all users have equal access.
c) Controlled sharing: Significantly more complex machinery is required to control explicitly who may access each data item stored in the system. For example, such a system might provide each file with a list of authorized users and allow an owner to distinguish several common patterns of use, such as reading, writing, or executing the contents of the file as a program.
d) User-programmed sharing controls: A user may want to restrict access to a file in a way not provided in the standard facilities for controlling sharing. For such cases, and a myriad of others, a general escape is to provide for user-defined protected objects
and subsystems. A protected subsystem is a collection of programs and data with the property that only the programs of the subsystem have direct access to the data (that is, the protected objects). Access to those programs is limited to calling specified entry points. Thus the programs of the subsystem completely control the operations performed on the data.
e) Putting strings on information: The foregoing three levels have
been concerned with establishing conditions for the release of information to an executing program. The fourth level of capability is to maintain some control over the user of the information even after it has been released. Such control is desired,
for example, in releasing income information to a tax advisor; constraints should prevent him from passing the information on to a firm which prepares mailing lists. The printed labels on classified military information declaring a document to be
‘Top Secret’ are another example of a constraint on information after its release to a person authorized to receive it. There is a consideration that cuts across all levels of functional capability: the dynamics of use. This term refers to how one establishes and changes the specification of who may access what. At any of the levels it is relatively easy to envision (and design) systems that statically express a particular protection in-
tent. But the need to change access authorization dynamically and the
need for such changes to be requested by executing programs introduces much complexity into protection systems. In many cases, it is not necessary to meet the protection needs of the person responsible for the inform
ation stored in the computer entirely through computer-aided enforcement. External mechanisms such as contracts, ignorance, or barbed wire fences may provide some of the required functional capability. This discussion, however, is focused on the internal mechanisms.
Task 1. Speak about the functional levels of Information Protection
Task 2. Make up 10 questions to the text in written form
Критерии оценивания практических работ
Критериями оценки результатов практических работ обучающихся являются:
-уровень усвоения учебного материала
-умение обучающегося использовать теоретические знания при выполнении практических задач
- обоснованность и четкость изложения ответа
- оформление материала в соответствии с требованиями
Критерии оценивания устных работ
Отметка «5» ставится в том случае, если общение осуществилось, высказывания обучающихся соответствовали поставленной коммуникативной, задаче и при этом их устная речь полностью соответствовала нормам иностранного языка в пределах программных требований для данного курса.
Отметка «4» ставится в том случае, если общение осуществилось, высказывания обучающихся соответствовали поставленной коммуникативной задаче и при этом обучающиеся выразили свои мысли на иностранном языке с незначительными отклонениями от языковых норм, а в остальном их устная речь соответствовала нормам иностранного языка в пределах программных требований для данного курса.
Отметка «3» ставится в том случае, если общение осуществилось, высказывания обучающихся соответствовали поставленной коммуникативной задаче и при этом обучающиеся выразили свои мысли на иностранном языке с отклонениями от языковых норм, не мешающими, однако, понять содержание сказанного.
Отметка «2» ставится в том случае, если общение не осуществилось или высказывания обучающихся не соответствовали поставленной коммуникативной задаче, обучающиеся слабо усвоили пройденный материал и выразили свои мысли на иностранном языке с такими отклонениями от языковых норм, которые не позволяют понять содержание большей части сказанного.
Критерии оценивания чтения
Отметка «5» ставится в том случае, если коммуникативная задача решена и при этом обучающиеся полностью поняли и осмыслили содержание прочитанного иноязычного текста в объёме, предусмотренном заданием, чтение обучающихся соответствовало программным требованиям для данного курса.
Отметка «4 ставится в том случае, если коммуникативная задача решена и при этом обучающиеся полностью поняли и осмыслили содержание прочитанного иноязычного текста за исключением деталей и частностей, не влияющих на понимание этого текста, в объёме, предусмотренном заданием, чтение обучающихся соответствовало программным требованиям для данного класса.
Отметка «3» ставится в том случае, если коммуникативная задача решена и при этом обучающиеся поняли, осмыслили главную идею прочитанного иноязычного текста в объёме, предусмотренном заданием, чтение обучающихся в основном соответствует программным требованиям для данного класса.
Отметка «2»ставится в том случае, если коммуникативная задача не решена, обучающиеся не поняли прочитанного иноязычного текста в объёме, предусмотренном заданием, чтение обучающихся соответствовало программным требованиям для данного класса
Критерии оценивания выполнения грамматических, лексических упражнений и др. письменных работ
Отметка «5» Задания выполнены на 90-100%
Отметка «4» Задания выполнены на 75-89%
Отметка «3» Задания выполнены на 50-74%
Отметка «2» Задания выполнены менее чем на 50%
Список используемой литературы
1. Большой англо-русский политехнический словарь: В 2 т. / Сост.: С.М. Баринов, А.Б. Борковский, В.А Владимиров и др. М.: РУССО, 2006.
2. Современный англо –русский словарь по вычислительной технике/ Сост. С.Б. Орлов. М.: РадиоСофт, 2000.
3. Gary McGraw (Reliable Software Technologies) and Greg Morrisett (Cornell University). Attacking Malicious Code: A Report to the Infosec Research Council, 2000.
4. Dobromir Todorov. Mechanics of User Identification: Fundamentals of Identity Management. New York: Auerbach Publications, 2008.
5. Ken Dunham. On Malicious Code. Information Systems Security. May/June 2004.
6. Harold F.Tipton,Michi Krause. Information Security Management Handbook. 6thed., V. 2. N.Y.: Auerbach Publications, 2008.
7. Blaise Cronin and Holly Crawford . Information Warfare: Its Application in Military and Civillian Contexts. School of Library and Information Science. Indiana University. Bloomington, USA, 2006.
8. George A. Crawford. Information Warfare: New Roles for Information Systems in Military Operations, 2008
|Подраздел||Другие методич. материалы|
Свидетельство о публикации данного материала автор может скачать в разделе «Достижения» своего сайта.