文獻翻譯通信安全外文翻譯

文獻翻譯一般指對不同類型、不同語言的文獻所記載的信息內容進行翻譯，以達到信息互通、文獻思想交流的目的。文獻翻譯要求翻譯要注重專業、準確 文獻翻譯涵蓋許許多多的學科，每一學科都有自己的專業術語。

　　通信安全

　　我們現在已經完成了對交易工具的研究。大多數重要的技術和協議都已被涵蓋。本章的其余部分是關于如何在實踐中應用這些技術來提供網絡安全性，以及本章末尾對安全性的社會方面的一些想法。

　　在接下來的三個部分中，我們將介紹通信安全性，即如何秘密地獲取位，而不需要從源到目的地進行修改，以及如何將不需要的位保留在門外。 這些絕不是網絡中唯一的安全問題，但它們肯定是最重要的問題之一，這使它成為一個很好的起點。

　　1. IPsec

　　多年來，IETF已經知道互聯網缺乏安全性。添加這并不容易，因為一戰爆發了關于把它放在哪里。大多數安全專家認為，為了確保安全，加密和完整性檢查必須端到端（即在應用程序層中）。也就是說，源進程加密和/或完整性保護數據并將其發送到解密和/或驗證數據的目標進程。 然后可以檢測在這兩個過程之間進行的任何篡改，包括在任一操作系統內。 這種方法的問題在于它需要更改所有應用程序以使其具有安全性。 在此視圖中，下一個最佳方法是在傳輸層或應用程序層與傳輸層之間的新層中加密，使其仍然是端到端但不需要更改應用程序。

　　相反的觀點是用戶不理解安全性并且不能正確使用它并且沒有人想要以任何方式修改現有程序，因此網絡層應該在不涉及用戶的情況下認證和/或加密分組。經過多年激烈的爭斗，這種觀點贏得了足夠的支持，即定義了網絡層安全標準。部分原因是，擁有網絡層加密并不會阻止安全感知用戶正確地做到這一點，并且它確實在某種程度上幫助了安全性不知情的用戶。

　　Communication Security

　　We have now finished our study of the tools of the trade. Most of the important techniques and protocols have been covered. The rest of the chapter is about how these techniques are applied in practice to provide network security, plus some thoughts about the social aspects of security at the end of the chapter.

　　In the following three sections, we will look at communication security, that is, how to get the bits secretly and without modification from source to destination and how to keep unwanted bits outside the door. These are by no means the only security issues in networking, but they are certainly among the most important ones, making this a good place to start.

　　1. IPsec

　　IETF has known for years that security was lacking in the Internet. Adding it was not easy because a war broke out about where to put it. Most security experts believe that to be really secure, encryption and integrity checks have to be end to end (i.e., in the application layer). That is, the source process encrypts and/or integrity protects the data and sends that to the destination process where it is decrypted and/or verified. Any tampering done in between these two processes, including within either operating system, can then be detected. The trouble with this approach is that it requires changing all the applications to make them security aware. In this view, the next best approach is putting encryption in the transport layer or in a new layer between the application layer and the transport layer, making it still end to end but not requiring applications to be changed.

　　The opposite view is that users do not understand security and will not be capable of using it correctly and nobody wants to modify existing programs in any way, so the network layer should authenticate and/or encrypt packets without the users being involved. After years of pitched battles, this view won enough support that a network layer security standard was defined. In part the argument was that having network layer encryption does not prevent security-aware users from doing it right and it does help security-unaware users to some extent.