网络安全 Cybersecurity

Grade 2 ( 5-7岁 ) 要掌握的程度

Connecting devices to a network or the Internet provides great benefit, care must be taken to use authentication measures, such as strong passwords, to protect devices and information from unauthorized access.

Authentication is the ability to verify the identity of a person or entity. Usernames and passwords, such as those on computing devices or Wi-Fi networks, provide a way of authenticating a user’s identity. Because computers make guessing weak passwords easy, strong passwords have characteristics that make them more time-intensive to break.

Crosscutting Concepts: Privacy and Security; Communication and Coordination Connection Within Framework: K–2.Impacts of Computing.Safety, Law, and Ethics

将设备连接到网络(包括互联网)带来了巨大好处, 但是同时, 为了保证连接到网络的设备和数据不被非法访问, 我们必须使用一些认证措施, 比如设置密码登陆, 并且需要提高密码的强度.

“认证措施”是用来检查访问者或者访问设备是否获得了授权. 比如说, 在登录到计算机设备或者 wifi 网络之前, 会要求提供用户名和密码, 来检验用户身份.

需要注意的是, 现代计算机的计算速度非常快, 这使得暴力破解密码变得可能, 强度低的密码非常容易被破解, 所以我们应该设置强度更高的密码, 来提高被暴力破解的时间成本.

Grade 5 ( 8-11岁 ) 要掌握的程度

Information can be protected using various security measures. These measures can be physical and/or digital.

An offline backup of data is useful in case of an online security breach. A variety of software applications can monitor and address viruses and malware and alert users to their presence. Security measures can be applied to a network or individual devices on a network. Confidentiality refers to the protection of information from disclosure to unauthorized individuals, systems, or entities.

Crosscutting Concept: Privacy and Security Connection Within Framework: 3–5.Impacts of Computing.Safety, Law, and Ethics

我们可以使用多种安全措施来保护我们的数据, 包括物理措施和软件措施.

• 物理措施: 比如, 考虑到网络安全漏洞带来的问题, 把数据备份到移动硬盘是个有效的安全措施
• 软件措施: 比如说, 有专门的应用程序用来扫描和处理病毒以及恶意软件, 并会提醒用户注意到这些危险因素的存在

这些安全措施可以应用到网络或者网络上的个别设备 “保密性”是指保护信息不暴露给没有获取授权的个人、计算机系统、实体.

Grade 8 ( 11-14岁 ) 要掌握的程度

The information sent and received across networks can be protected from unauthorized access and modification in a variety of ways, such as encryption to maintain its confidentiality and restricted access to maintain its integrity. Security measures to safeguard online information proactively address the threat of breaches to personal and private data.

The integrity of information involves ensuring its consistency, accuracy, and trustworthiness. For example, HTTPS (Hypertext Transfer Protocol Secure) is an example of a security measure to protect data transmissions. It provides a more secure browser connection than HTTP (Hypertext Transfer Protocol) because it encrypts data being sent between websites. At this level, understanding the difference between HTTP and HTTPS, but not how the technologies work, is important.

Crosscutting Concept: Privacy and Security Connection Within Framework: 6–8.Impacts of Computing.Safety, Law, and Ethics

通过网络发送和接收数据时, 我们可以通过各种手段来防止未经授权的访问和篡改, 比如使用数据加密来保持数据的保密性(使其不容易破解)、使用访问限制来保持数据的完整性(使其不被随意访问).

我们需要综合运用这些安全措施, 来主动应对网络数据面临的安全威胁.

信息的"完整性"是指保证信息的一致性、准确性、可信性. 比如说, 我们访问网站时, 需要在前面输入https://xxx.com, 这里的 HTTPS(Hypertext Transfer Protocol Secure / 超文本传输安全协议) 就是保护数据传输安全的措施之一, 它提供了比原来的 HTTP (Hypertext Transfer Protocol / 超文本传输协议) 更安全网络连接, 因为它对网站之间发送的数据进行了加密.

对于这个阶段的学生, 只需要了解 HTTP 和 HTTPS 之间的区别, 但是不要求了解这些技术的细节.

Grade 12 ( 14-18岁 ) 要掌握的程度

Network security depends on a combination of hardware, software, and practices that control access to data and systems. The needs of users and the sensitivity of data determine the level of security implemented.

Security measures may include physical security tokens, two-factor authentication, and biometric verification, but every security measure involves tradeoffs between the accessibility and security of the system. Potential security problems, such as denial-of-service attacks, ransomware, viruses, worms, spyware, and phishing, exemplify why sensitive data should be securely stored and transmitted. The timely and reliable access to data and information services by authorized users, referred to as availability, is ensured through adequate bandwidth, backups, and other measures.

Crosscutting Concepts: Privacy and Security; System Relationships; HumanComputer Interaction Connection Within Framework: 9–12.Algorithms and Programming.Algorithms

网络安全同时取决于控制数据和系统访问的硬件设置以及软件安全措施, 而用户对数据安全的需求以及对数据重要性的敏感, 决定了采用哪一种级别的数据安全措施.

安全措施包括安全令牌(比如银行的U盾、软件的机械狗)、双因素认证^[1]、生物识别验证. 但是, 每种安全措施都需要进行可用性和安全性之间的权衡.

我们可能遭遇各种各样的安全问题, 包括拒绝服务型攻击^[2]、勒索软件、病毒、蠕虫、间谍软件、网络钓鱼. 数据安全的威胁如此众多和广泛, 这就是为什么敏感数据应该被安全存储和传输的原因.

所谓“可用性”是指被授权的用户可以对数据和信息服务即时地、可靠地访问. 要保障用户的可用性, 可以通过提升带宽、数据备份和其他措施来保证.

---

1. "双因素认证"就是要求同时拥有2个因素, 才能通过验证, 这2个因素包括“你所知道”以及“你所能拥有”的. 比如在ATM上取款的银行卡, 就是一个双因素认证的例子吗, 只有知道取款密码, 并且同时拥有银行卡, 同时满足这2个要素, 才能使用通过认证 ↩︎

2. "拒绝服务攻击( DoS / Denial of Service )": 这种攻击就类似 Windows 电脑的"资源管理器"显示 CPU 或者内存资源的占用达到 100% 时, 电脑开始卡顿死机无法响应操作一样. "拒绝服务攻击"正是指攻击者使用各种办法让目标服务器的资源耗尽, 导致死机, 停止服务. 其中, 最常用的攻击手段是利用一大批已经被控制的电脑作为"僵尸", 向目标服务器发起密集访问, 消耗目标服务器的带宽资源和系统资源 ↩︎