.

Безопасность в распределенных системах

Язык: русский
Формат: реферат
Тип документа: Word Doc
0 824
Скачать документ

Eiieoao ii iaoea e aunoaio ia?aciaaieth

Iineianeee Ainoaea?noaaiiue Einoeooo Yeaeo?iieee e Iaoaiaoeee (OO).

Eaoaae?a “Au/eneeoaeueiua iaoeiu,

eiiieaenu, nenoaiu e naoe”.

EO?NIAAss ?AAIOA

ii eo?no “Naoe ?aai/eo noaioeee”.

Oaia

Aaciianiinoue a ?ani?aaeaeaiiuo nenoaiao

Auiieiee nooaeaio a?oiiu N-102

Eo?aaoia E.A.

?oeiaiaeeoaeue

A?eai?ueaaa E.A.

Iiaeienue _____________________ Iiaeienue _____________________

Iineaa 1998. Iaeaaeaiea

TOC \o “1-3” Aaaaeaiea GOTOBUTTON _Toc451454895 PAGEREF
_Toc451454895 3

Aaciianiinoue a n?aaea aac aeaiiuo GOTOBUTTON _Toc451454896 PAGEREF
_Toc451454896 4

Ii?aaeaeaiea iio?aaiinoe a caueoa eioi?iaoeee GOTOBUTTON _Toc451454897
PAGEREF _Toc451454897 5

Oeo?iaaiea GOTOBUTTON _Toc451454898 PAGEREF _Toc451454898 6

Iaeioi?ua ?aoaiey GOTOBUTTON _Toc451454899 PAGEREF _Toc451454899 7

Iiiyoey eaeaioeoeeaoeee e aooaioeoeeaoeee a aeinoiaa?iuo nenoaiao
GOTOBUTTON _Toc451454900 PAGEREF _Toc451454900 9

Iaeioi?ua ?aaeecaoeee GOTOBUTTON _Toc451454901 PAGEREF
_Toc451454901 11

Ia?niaeoeau ?acaeoey GOTOBUTTON _Toc451454902 PAGEREF _Toc451454902
13

Caueuaiiua NOAAe ae?oaeo iinoaaueeia GOTOBUTTON _Toc451454903
PAGEREF _Toc451454903 13

Nenoaia Kerberos GOTOBUTTON _Toc451454904 PAGEREF _Toc451454904 13

Eeeaio/ Kerberos/ Cepaep GOTOBUTTON _Toc451454905 PAGEREF
_Toc451454905 13

Naycue iaaeaeo Kerberos-iaeanoyie GOTOBUTTON _Toc451454906 PAGEREF
_Toc451454906 17

Oeaeaaie na?aa? GOTOBUTTON _Toc451454907 PAGEREF _Toc451454907 17

Kerberos-5 GOTOBUTTON _Toc451454908 PAGEREF _Toc451454908 18

Caeeth/aiea GOTOBUTTON _Toc451454909 PAGEREF _Toc451454909 19

Eeoa?aoo?a GOTOBUTTON _Toc451454910 PAGEREF _Toc451454910 20

Aaaaeaiea

Eiioeaio?aoeey eioi?iaoeee a eiiiuethoa?ao — aiaeiae/ii eiioeaio?aoeee
iaee/iuo aeaiaa a aaieao — canoaaeyao ana aieaa oneeeaaoue eiio?ieue a
oeaeyo caueou eioi?iaoeee. TH?eaee/aneea aii?inu, /anoiay oaeia,
iaoeeiiaeueiay aaciianiinoue — ana yoe niia?aaeaiey o?aaotho oneeaiey
aioo?aiiaai eiio?iey a eiiia?/aneeo e i?aaeoaeuenoaaiiuo i?aaiecaoeeyo.
?aaiou a yoii iai?aaeaiee i?eaaee e iiyaeaieth iiaie aeenoeeieeiu:
aaciianiinoue eioi?iaoeee. Niaoeeaeeno a iaeanoe aaciianiinoe
eioi?iaoeee ioaa/aao ca ?ac?aaioeo, ?aaeecaoeeth e yenieoaoaoeeth
nenoaiu iaania/aiey eioi?inoeeiiiie aaciianiinoe, iai?aaeaiiie ia
iiaeaea?aeaiea oeaeinoiinoe, i?eaiaeiinoe e eiioeaeaioeeaeueiinoe
iaeiieaiiie a i?aaiecaoeee eioi?iaoeee. A aai ooieoeee aoiaeeo
iaania/aiea oece/aneie (oaoie/aneea n?aaenoaa, eeiee nayce e oaeaeaiiua
eiiiuethoa?u) e eiae/aneie (aeaiiua, i?eeeaaeiua i?ia?aiiu,
iia?aoeeiiiay nenoaia) caueou eioi?iaoeeiiiuo ?ano?nia.

Neiaeiinoue nicaeaiey nenoaiu caueou eioi?iaoeee ii?aaeaeyaony oai, /oi
aeaiiua iiaoo auoue iioeuaiu ec eiiiuethoa?a e iaeiia?aiaiii inoaaaoueny
ia ianoa; oeaiiinoue iaeioi?uo aeaiiuo caeeth/aaony a iaeaaeaiee eie, a
ia a oie/oiaeaiee eee eciaiaiee.

I?iaeaia caueou eiiiuethoa?iuo naoae io ianaieoeeiie?iaaiiiai aeinooia
i?eia?aea iniaoth ino?ioo. ?acaeoea eiiioieeaoeeiiiuo oaoiieiaee
iicaieyao no?ieoue naoe ?ani?aaeaeaiiie a?oeoaeoo?u, iauaaeeiythuea
aieueoia eiee/anoai naaiaioia, ?aniieiaeaiiuo ia cia/eoaeueiii oaeaeaiee
ae?oa io ae?oaa. Ana yoi aucuaaao oaaee/aiea /enea oceia naoae,
?aca?inaiiuo ii anaio ie?o, e eiee/anoaa ?acee/iuo eeiee nayce iaaeaeo
ieie, /oi, a naith i/a?aaeue, iiauoaao ?ene ianaieoeeiie?iaaiiiai
iiaeeeth/aiey e naoe aeey aeinooia e aaaeiie eioi?iaoeee. Iniaaiii
iai?eyoiie oaeay ia?niaeoeaa iiaeao ieacaoueny aeey aaieianeeo eee
ainoaea?noaaiiuo no?oeoo?, ia-eaaeathueo nae?aoiie eioi?iaoeeae
eiiia?/aneiai eee ethaiai ae?oaiai oa?aeoa?a. A yoii neo/aa iaiaoiaeeiu
niaoeeaeueiua n?aaenoaa eaeaioeoeeaoeee iieueciaaoaeae a naoe,
iaania/eaathuea aeinooi e eioi?iaoeee eeoue a neo/aa iieiie oaa?aiiinoe
a iaee/ee o iieueciaaoaey i?aa aeinooia e iae.

Nouanoaoao ?yae ?ac?aaioie, iicaieythueo n aunieie noaiaiueth
iaaeaaeiinoe eaeaioeoeoee?iaaoue iieueciaaoaey i?e aoiaea a nenoaio.
N?aaee ieo, iai?eia?, anoue oaoiieiaee, eaeaioeoeoee?othuea
iieueciaaoaey ii nao/aoea aeaca eee ioia/aoeai iaeueoeaa. E?iia oiai,
?yae nenoai eniieuecotho oaoiieiaee, iniiaaiiua ia i?eiaiaiee
niaoeeaeueiiai eaeaioeoeeaoeeiiiiai eiaea, iinoiyiii ia?aaeaaaaiiai ii
naoe. Oae, i?e eniieueciaaiee ono?ienoaa SecureID (oe?iu Security
Dinamics) iaania/eaaaony aeiiieieoaeueiay eioi?iaoeey i iieueciaaoaea a
aeaea oanoecia/iiai eiaea. A aeaiiii neo/aa ?aaioa a naoe iaaiciiaeia
aac iaee/ey niaoeeaeueiie ea?ou SecureID (iioiaeae ia e?aaeeoioth),
eioi?ay iaania/eaaao neio?iiecaoeeth eciaiythuaainy eiaea iieueciaaoaey
n o?aiyueieny ia UNIX-oinoa, I?e yoii aeinooi a naoue e ?aaioa a iae
iiaeao inouanoaeyoueny eeoue i?e ciaiee oaeouaai cia/aiey eiaea, eioi?ue
ioia?aaeaaony ia aeenieaa ono?ienoaa SecureID. Iaeiaei iniiaiui
iaaeinoaoeii yoie e ae iiaeiaiuo nenoai yaeyaony iaiaoiaeeiinoue a
niaoeeaeueiii iai?oaeiaaiee, /oi aucuaaao iaoaeianoaa a ?aaioa e
aeiiieieoaeueiua cao?aou.

A noaouea ?anniao?eaathony iaeioi?ua aiciiaeiinoe iaania/aiey
aaciianiinoe a nenoaiao — oeo?iaaiea eioi?iaoeee i?e ia?aaea/a ii
eaiaeai nayce e eniieueciaaiea iaaeaaeiuo (aeinoiaa?iuo,
aeiaa?eoaeueiuo) (Trusted) nenoai — ia i?eia?a NOAAe ORACLE, a oae aea
nenoaia caueou io ianaieoeeiie?iaaiiai aeinooia e naoe Kerberos.

Aaciianiinoue a n?aaea aac aeaiiuo

I/aaeaeiua aeinoieinoaa aac aeaiiuo a nia?aiaiiie n?aaea ia?aaioee
aeaiiuo neoaeao aa?aioeae eo aeaeueiaeoaai ?acaeoey e eniieueciaaiey.
Eiio?ieue aeinooia a yoie iaeanoe aaaeai aaeaeo eieinnaeueiie
eiioeaio?aoeee eioi?iaoeee.

A ianoiyuee iiiaio «o?aaoii» aaciauo nenoai ia?aaioee eioi?iaoeee ai
iiiaeo aieueoeo i?aaiecaoeeyo yaeyaony eieaeueiay naoue, eioi?ay
iinoaiaiii caieiaao oaeia aea ianoi e a oe?iao iaiueoaai ?acia?a.
?anoouay iiioey?iinoue eieaeueiuo naoae o?aaoao niioaaonoaothuae caueou
eioi?iaoeee, ii enoi?e/anee iie auee ni?iaeoe?iaaiu eae ?ac ia aeey
?aca?aie/aiey, a aeey iaeaa/aiey aeinooia e eieeaeoeaiiai eniieueciaaiey
?ano?nia. A n?aaea eieaeueiuo naoae a i?aaeaeao caeaiey eee ?aeiia
(ai?iaeea) nio?oaeiee, eiathuee aeinooi e oece/aneie eeiee, iiaeao
i?iniao?eaaoue aeaiiua, ia i?aaeiacia/aiiua aeey iaai. A oeaeyo caueou
eioi?iaoeee a ?acee/iuo eiiaeiaoeeyo eniieuecothony eiio?ieue aeinooia,
aaoi?ecaoeey e oeo?iaaiea eioi?iaoeee, aeiiieiaiiua ?aca?ae?iaaieai.

Ii?aaeaeaiea iio?aaiinoe a caueoa eioi?iaoeee

Iaania/aiea aaciianiinoe eioi?iaoeee — aei?iaia aeaei, e ia noieueei
ec-ca cao?ao ia caeoieo eee onoaiiaeo n?aaenoa, neieueei ec-ca oiai, /oi
o?oaeii eaaeeoeoee?iaaiii ii?aaeaeeoue a?aieoeu ?acoiiie aaciianiinoe e
niioaaonoaothuaai iiaeaea?aeaiey nenoaiu a ?aaioiniiniaiii ninoiyiee.

Anee eieaeueiay naoue ?ac?aaaouaaeenue a oeaeyo niaianoiiai
eniieueciaaiey eeoeaiceiiiuo i?ia?aiiiuo n?aaenia, aei?iaeo oeaaoiuo
i?eioa?ia eee aieueoeo oaeeia iauaaeinooiiie eioi?iaoeee, oi iao ieeaeie
iio?aaiinoe aeaaea a ieieiaeueiuo nenoaiao oeo?iaaiey/aeaoeo?iaaiey
eioi?iaoeee.

N?aaenoaa caueou eioi?iaoeee iaeuecy i?iaeoe?iaaoue, iieoiaoue eee
onoaiaaeeaaoue aei oao ii?, iiea ia i?iecaaaeai niioaaonoaothuee aiaeec.

Aiaeec ?enea aeieaeai aeaoue iauaeoeaioth ioeaieo iiiaeo oaeoi?ia
(iiaeaa?aeaiiinoue iiyaeaieth ia?ooaiey ?aaiou, aa?iyoiinoue iiyaeaiey
ia?ooaiey ?aaiou, oua?a io eiiia?/aneeo iioa?ue, nieaeaiea eiyooeoeeaioa
aioiaiinoe nenoaiu, iauanoaaiiua ioiioaiey, th?eaee/aneea i?iaeaiu) e
i?aaeinoaaeoue eioi?iaoeeth aeey ii?aaeaeaiey iiaeoiaeyueo oeiia e
o?iaiae aaciianiinoe. Eiiia?/aneea i?aaiecaoeee ana a aieueoae noaiaie
ia?aiinyo e?eoe/aneoth ei?ii?aoeaioth eioi?iaoeeth n aieueoeo
au/eneeoaeueiuo nenoai a n?aaeo ioe?uouo nenoai e ano?a/athony n iiauie
e neiaeiuie i?iaeaiaie i?e ?aaeecaoeee e yenieoaoaoeee nenoaiu
aaciianiinoe. Naaiaeiy ana aieueoa i?aaiecaoeee ?acai?a/eaatho iiuiua
?ani?aaeaeaiiua aacu aeaiiuo e i?eeiaeaiey eeeaio/na?aa? aeey oi?aaeaiey
eiiia?/aneeie aeaiiuie. I?e oaaee/aiee ?ani?aaeaeaiey aic?anoaao oaeaea
e ?ene iaaaoi?eciaaiiiai aeinooia e aeaiiui e eo eneaaeaiey.

Oeo?iaaiea aeaiiuo o?aaeeoeeiiii eniieueciaaeinue i?aaeoaeuenoaaiiuie e
iai?iiiuie aeaia?oaiaioaie, ii a nayce n eciaiaieai iio?aaiinoae e
iaeioi?ua iaeaieaa nieeaeiua eiiiaiee ia/eiatho eniieueciaaoue
aiciiaeiinoe, i?aaeinoaaeyaiua oeo?iaaieai aeey iaania/aiey
eiioeaeaioeeaeueiinoe eioi?iaoeee.

Oeiainiaua neoaeau eiiiaiee (i?aaeaea anaai a NOA) i?aaenoaaeytho
aaaeioth e aieueooth iieueciaaoaeueneoth aaco e /anoi niaoeeoe/aneea
o?aaiaaiey i?aaeuyaeythony e aeai?eoio, eniieuecoaiiio a i?ioeanna
oeo?iaaiey. Iioaeeeiaaiiua aeai?eoiu, iai?eia? DES (Ni. ieaea),
yaeythony iaycaoaeueiuie. A oi aea a?aiy, ?uiie eiiia?/aneeo nenoai ia
anaaaea o?aaoao oaeie no?iaie caueou, eae i?aaeoaeuenoaaiiua eee
iai?iiiua aaaeiinoaa, iiyoiio aiciiaeii i?eiaiaiea i?iaeoeoia e ae?oaiai
oeia, iai?eia? PGP (Pretty Good Privacy).

Oeo?iaaiea

Oeo?iaaiea aeaiiuo iiaeao inouanoaeyoueny a ?aaeeiao On-Line (a oaiia
iinooieaiey eioi?iaoeee) e Off-Line (aaoiiiiiii). Inoaiiaeiny iiae?iaiaa
ia ia?aii oeia, i?aaenoaaeythuai aieueoee eioa?an. Iaeaieaa
?ani?ino?aiaiu aeaa aeai?eoia.

Noaiaea?o oeo?iaaiey aeaiiuo DES (Data Encryption Standard) aue
?ac?aaioai oe?iie IBM a ia/aea 70-o aiaeia e a ianoiyuaa a?aiy yaeyaony
i?aaeoaeuenoaaiiui noaiaea?oii aeey oeo?iaaiey oeeo?iaie eioi?iaoeee. Ii
?aeiiaiaeiaai Annioeeaoeeae Aia?eeaineeo Aaiee?ia. Neiaeiue aeai?eoi DES
eniieuecoao eeth/ aeeeiie 56 aeo e 8 aeoia i?iaa?ee ia /aoiinoue e
o?aaoao io ceioiuoeaiieea ia?aai?a 72 eaaae?eeeeiiia aiciiaeiuo
eeth/aauo eiiaeiaoeee, iaania/eaay aunieoth noaiaiue caueou i?e
iaaieueoeo ?anoiaeao. I?e /anoie niaia eeth/ae aeai?eoi
oaeiaeaoai?eoaeueii ?aoaao i?iaeaio i?aa?auaiey eiioeaeaioeeaeueiie
eioi?iaoeee a iaaeinooiioth.

Aeai?eoi RSA aue ecia?aoai ?eaanoii, Oaie?ii e Aeueaea-iaiii a 1976
aiaeo e i?aaenoaaeyao niaie cia/eoaeueiue oaa a e?eioia?aoee. Yoio
aeai?eoi oaeaea aue i?eiyo a ea/anoaa noaiaea?oa Iaoeeiiaeueiui Ath?i
Noaiaea?oia.

DES, oaoie/anee, yaeyaony NEIIAO?E*IUI aeai?eoiii, a RSA —
ANEIIAO?E*IUI, oi anoue ii eniieuecoao ?aciua eeth/e i?e oeo?iaaiee e
aeaoeo?iaaiee. Iieueciaaoaee eiatho aeaa eeth/a e iiaoo oe?iei
?ani?ino?aiyoue naie ioe?uoue eeth/. Ioe?uoue eeth/ eniieuecoaony aeey
oeo?iaaiey niiauaiey iieueciaaoaeai, ii oieueei ii?aaeaeaiiue
iieo/aoaeue iiaeao aeaoeo?iaaoue aai naiei nae?aoiui eeth/ii; ioe?uoue
eeth/ aaniieacai aeey aeaoeo?iaaiey. Yoi aeaeaao iaioaeiuie nae?aoiua
niaeaoaiey i ia?aaea/a eeth/ae iaaeaeo ei??aniiiaeaioaie. DES
ii?aaeaeyao aeeeio aeaiiuo e eeth/a a aeoao, a RSA iiaeao auoue
?aaeeciaai i?e ethaie aeeeia eeth/a. *ai aeeeiiaa eeth/, oai auoa
o?iaaiue aaciianiinoe (ii noaiiaeony aeeeoaeueiaa e i?ioeann oeo?iaaiey
e aeaoeo?iaaiey). Anee eeth/e DES iiaeii naaia?e?iaaoue ca
iee?inaeoiaeu, oi i?eia?iia a?aiy aaia?aoeee eeth/a RSA — aeanyoee
naeoiae. Iiyoiio ioe?uoua eeth/e RSA i?aaeii/eoatho ?ac?aaio/eee
i?ia?aiiiuo n?aaenoa, a nae?aoiua eeth/e DES — ?ac?aaio/eee aiia?aoo?u.

Iaeioi?ua ?aoaiey

I?eia?ii a?oeoaeoo?u eeeaio/na?aa?, eioi?oth oi?ioi aeiiieiytho
n?aaenoaa oeo?iaaiey, iiaoo neoaeeoue Oracle Server, naoaaua i?iaeoeou
(SQMNet) e i?ia?aiiiia iaania/aiea eeeaioa.

Naoaaay neoaeaa aaciianiinoe (SNS — Secure Network Services) i?aaeeaaaao
noaiaea?oiue, iioeiece?iaaiiue aeai?eoi oeo?iaaiey DES n eeth/ii aeeeiie
56 aeo aeey i?aaiecaoeee, io eioi?uo o?aaoaony eniieueciaaoue noaiaea?o
DES. Aeey caeac/eeia aia i?aaeaeia NOA eee Eaiaaeu SNS i?aaeeaaaao
DES40, a eioi?ii eiiaeie?oaony eniieueciaaiea aeai?eoia oeo?iaaiey DES n
iauai?eiyoui eeth/ii aeeeiie 40 aeo (yenii?o oaoiieiaee oeo?iaaiey a NOA
caeiiiaeaoaeueii ia?aie/ai). Ia?yaeo n DES aiciiaeii oaeaea
eniieueciaaiea aeai?eoia oeo?iaaiey RSA RC4.

Nae?aoiue, aaia?e?oaiue neo/aeiui ia?acii eeth/ aeey eaaeaeie nannee
SQL* Net nio?aiyao aanue naoaaie o?aoee — aeeth/ay ia?iee, cia/aiey
aeaiiuo, SQL-ooaa?aeaeaiey e nio?aiyaiua auciau e ?acoeueoaou.

Aeey iaia?oaeaiey iiaeeoeeaoeee eee iiaeiaiu aeaiiuo ai a?aiy ia?aaea/e
SNS aaia?e?oao e?eioia?aoe/anee caueuaiiia cia/aiea, au/eneyaiia ii
niaea?aeeiiio niiauaiey, e aeeth/aao aai a eaaeaeue iaeao, ia?aaeaaaaiue
ii naoe. I?e iieo/aiee iaeaoa a ioieoa iacia/aiey SNS iaiaaeeaiii
i?iecaiaeeo i?iaa?eo oeaeinoiinoe eaaeaeiai iaeaoa.

Onoie/eainoue e eneaaeaieth aeaiiuo iaania/eaaaony neaaeothuei ia?acii:

1) e?eioia?aoe/anee caueuaiiay eiio?ieueiay noiia a eaaeaeii iaeaoa SQL*
Net iaania/eaaao caueoo io iiaeeoeeaoeee aeaiiuo e caiaiu iia?aoeee;

2) i?e iaia?oaeaiee ia?ooaiee iia?aoeee iacaiaaeeeoaeueii aaoiiaoe/anee
caaa?oathony;

3) eioi?iaoeey i anao ia?ooaieyo ?aaeno?e?oaony a aeo?iaea.

Ia?yaeo n yoei iaania/eaaaony iiiaii?ioieieueiay ia?aeiaee?iaea aeaiiuo,
o.a. iieiinoueth iiaeaea?aeeaaaony Oracle Multiprotocol Interchange —
i?e ?aaioa n caoeo?iaaiiie nanneae iiaeii ia/eiaoue ?aaioo n iaeiei
naoaaui i?ioieieii, a caeai/eaaoue n ae?oaei, i?e yoii ia o?aaoaony
aeaoeo?iaaiea eee ia?aoeo?iaaiea eioi?iaoeee. SNS iieiinoueth
iiaeaea?aeeaaaony neaiciuie oethcaie, Oracle Transparent Gateways, e
i?ioeaaeo?iuie oethcaie, Oracle Procedural Gateways, eioi?ua aeatho
aiciiaeiinoue i?aaieciauaaoue iieiinoueth caoeo?iaaiiua nannee
eeeaio/na?aa? e ioee/iui io Oracle enoi/ieeai aeaiiuo, aeeth/ay Adabas,
CA-Datacom, DB2, DRDA, FOCUS, IDMS, IMS, ISAM, MUMPS, QSAM, Rdb, RMS,
SAP, SQL/DS, SQL/400, SUPRA, Teradata, TOTAL, VSAM e ae?oaea.

SNS ?aaioaao ni anaie iniiaiuie i?ioieieaie, iiaeaea?aeeaaaiuie SQL*
Net, aeeth/ay AppleTalk, Banyan, DECnet, LU6.2, MaxSix, NetBIOS,
SPX/IPX, TCP/IP, X.25 e ae?oaea.

Iaania/eaaaony iacaaeneiinoue io oiiieiaee naoe — SNS ?aaioaao ai anao
iniiaiuo naoaauo n?aaeao, iiaeaea?aeeaaaiuo SQL-Net.

SNS i?aaenoaaeyao niaie aeiiieieoaeueiue i?iaeoeo e noaiaea?oiiio iaeaoo
SQL* Net, oi anoue o?aaoaony i?aaeaa?eoaeueii i?eia?anoe eeoeaiceth ia
SQL* Net. I?iaeoeo iaaei iieoiaoue e aeey eeeaioa, e aeey na?aa?a.

Aianoa oai NOAAe Oracle, ia/eiay n aa?nee 7.1, ia?ieue ia?aaeaaony ii
naoe a caoeo?iaaiiii aeaea.

Yoi icia/aao, /oi i?e i?aaiecaoeee nayce eeeaio/na?aa? eniieuecoaony
iiaue i?ioieie onoaiiaeaiey nayce, a eioi?ii i?eiaiyaony naainiaue
eeth/, i?eaiaeiue oieueei aeey aaeeinoaaiiie iiiuoee niaaeeiaiey n aacie
aeaiiuo e eniieuecoaiue a ea/anoaa eeth/a aeey oeo?iaaiey ia?iey,
i?aaeaea /ai ii aoaeao ia?aaeai eeeaioai. Oracle-na?aa? iaoiaeeo
caoeo?iaaiiue ia?ieue aeey yoiai iieueciaaoaey e eniieuecoao aai a
ea/anoaa eeth/a, eioi?ui ii caoeo?iauaaao naainiaue eeth/. Caoai na?aa?
ia?anueaao yoio caoeo?iaaiiue naainiaue eeth/ eeeaioo. Eeeaio oeo?oao
(i?eiaiyy oio aea naiue iaeiinoi?iiiee aeai?eoi, eioi?ue eniieuecoaony
na?aa?ii) ia?ieue, aaaaeaiiue iieueciaaoaeai, e n aai iiiiuueth
aeaoeo?oao caoeo?iaaiiue naainiaue eeth/. Iaia?oaeea yoio naainiaue
eeth/, ii eniieuecoao aai — yoi noaiiaeony niaianoiui nae?aoii eeeaioa e
na?aa?a — aeey oeo?iaaiey ia?iey iieueciaaoaey. Yoio caoeo?iaaiiue
ia?ieue caoai ia?aaeaaony /a?ac naoue na?aa?o. Na?aa? aeaoeo?oao ia?ieue
e caoai caoeo?iauaaao aai, eniieuecoy iaeiinoi?iiiee aeai?eoi na?aa?a;
?acoeueoao yoeo au/eneaiee naa?yaony ni cia/aieai, o?aieiui a neiaa?a
aeaiiuo. Anee iie niaiaaeatho, eeeaioo i?aaeinoaaeyaony aeinooi. Oaeie
iiaeoiae ?aaeecoaony eae a niaaeeiaieyo oeia eeeaio/na?aa?, oae e
na?aa?/na?aa?, aaea naainu onoaiaaeeaathony /a?ac oae iacuaaaiua
iieiiii/iua caaiuey aac aeaiiuo (o.a. caaiuey aac aeaiiuo aac aeiaeaiiuo
eiai iieueciaaoaeae e ia?ieae).

Iiiyoey eaeaioeoeeaoeee e aooaioeoeeaoeee a aeinoiaa?iuo nenoaiao

Ecaanoiu aieueoea auaiaeu, eioi?ua aeaao ia?aoiae e ioe?uoui nenoaiai.
Ii n?aaee ieo ia cia/eony aaciianiinoue eioi?iaoeee. Yoi e iiiyoii —
oeaio? ia?aaioee aeaiiuo ia?aaeaao iaeioi?ua ec naieo ooieoeee ii
eiio?ieth ca nenoaiie ioaeaeai e iieueciaaoaeyi e oai naiui ?annaeaaao
iauaeo aaciianiinoe.

Nio?aieoue o?aaoaiue o?iaaiue aaciianiinoe nenoaiu aiciiaeii i?e
eniieueciaaiee iia?aoeeiiiuo nenoai eeanna A1 (Trusted), eioi?ua
iicaieytho aaeieieno?aoi?o nenoaiu i?enaieoue eaaeaeiio iieueciaaoaeth
o?iaaiue aeinooiiinoe iauaeoia nenoaiu (Secret, Confidential,
Unclassified).

Ia?aaioea nae?aoiie e eiioeaeaioeeaeueiie eioi?iaoeee o?aaoao io nenoaiu
eniieueciaaoue iaoaieci aa?aioee niioaaonoaothuae eaeaioeoeeaoeee e
aooaioeoeeaoeee iieueciaaoaeae. Ana aiciiaeiua iiaeoiaeu e
eaeaioeoeeaoeee e aooaioeoeeaoeee’ aeieaeiu auoue eaeaioeoeoee?iaaiu,
?anniio?aiu e n?aaiaiu n E?eoa?eai Ioeaiee Aeinoiaa?iinoe
Au/eneeoaeueiuo Nenoai (TCSEC), eee n «I?aiaeaaie Eieaie» (a Aa?iia —
E?eoa?eai Ioeaiee Aaciianiinoe Eioi?iaoeeiiiuo Oaoiieiaee, eee «Aaeie
Eieaie»).

TCSEC aeaeeony ia /aou?a eeanna: D, N, A e A. Yoe eeannu oii?yaei/aiu,
i?e/ai naiue aunieee eeann (A) ca?aca?ae?iaai ca nenoaiaie, eiathueie
iaeaunoee o?iaaiue caueou eioi?iaoeee. Aioo?e eeannia A e N eiathony
iiaeeeannu, eioi?ua oiaea oii?yaei/aiu a niioaaonoaee n iaania/eaaaiui
o?iaiai caueou. Ei?ioei aiai?y, i?eiaaeeaaeiinoue e eeanno D icia/aao,
/oi nenoaia ia eiaao n?aaenoa caueou eioi?iaoeee
(iaeeanneoeoee?iaaiiay), e eeanno N — /oi iia eiaao iaeioi?ua n?aaenoaa
ecae?aoaeueiie caueou (eeanneoeoee?iaaiiay), e eeanno A — /oi e
oiiiyiooui ?aiaa n?aaenoaai aeiaaaeythony aa?aioee aaciianiinoe e iie
iienuaathony eae «iieiiii/iua» (nae?aoiay eioi?iaoeey), io a anee
nenoaia ioianaia e eeanno A, cia/eo, n?aaenoaa caueou ?aiaa i?iaa?aiu
(niaa?oaiii nae?aoiay eioi?iaoeey). Iiiaea iiioey?iua iia?aoeeiiiua
nenoaiu (iai?eia?, ?acee/iua aa?eaiou PN UNIX, Sun Solaris 2.3 e o.i.)
niioaaonoaotho eeanno N.

A1 — ia?aue a eeanneoeeaoeee o?iaaiue, a eioi?ii eiaao ianoi eiio?ieue
aeinooia e ia?aiina aeaiiuo, iniiaaiiue ia o?iaiyo
eiioeaeaioeeaeueiinoe. Aeey iai?eaeeaae?iaaiiuo iieueciaaoaeae
eniieuecothony aeaiiua eaeaioeoeeaoeee e aooaioeoeeaoeee aeey
ii?aaeaeaiey o?iaiy aaoi?ecaoeee oaeouaai iieueciaaoaey, eioi?ua
Aeinoiaa?iay Eiiiuethoa?iay Aaca (ONA — Trusted Computer Base)
n?aaieaaao ni naiae aacie aeaiiuo iieueciaaoaeae, niaea?aeauae ?aiae
aaoi?ecaoeee aeey eaaeaeiai iieueciaaoaey. Anee eioi?iaoeey, oeacaiiay
i?e aoiaeaeaiee a naycue, ei??aeoia e aa o?iaaiue i?eciai
niioaaonoaothuei cai?ino, ONA aeiioneaao iieueciaaoaey a nenoaio. I?e
iiiuoea aeinooia e oaeeai ONA aunooiaao a ?iee a?aeo?a, i?e yoii ONA
iniiauaaaony ia o?iaia iieueciaaoaey e iaoea oaeea eee iauaeoa, e
eioi?ui iieueciaaoaeue iuoaaony iieo/eoue aeinooi. Iineieueeo o?iaaiue
eiioeaeaioeeaeueiinoe i?aaenoaaeyaony o?iaiai i?ic?a/iinoe e eaoaai?eae
aeinooia, a ?ac?aoaiea ia aeinooi e iauaeoo ii?aaeaeyaony
eiioeaeaioeeaeueiinoueth e iauaeoa, e noauaeoa (aiaoiee i ( ioiioaieth e
ONA), aaoi?ecaoeey noauaeoa noaiiaeony eiiiiiaioii o?aaiaaiee e
aaoi?ecaoeee.

I?aiaeaaay Eieaa oieone?oao aieiaiea ia caeii/aiiu au/eneeoaeueiuo
nenoaiao e ii?aaeaeyao oanoue eeth/aauo o?aaiaaiee aaciianiinoe
eioi?iaoeee:

1) nenoaia aeieaeia eiaoue /aoeee na?oeoeeao aaciianiinoe

2) eaaeaeue iauaeo, annioeee?iaaiiue n yoei na?oeoeeaoa! aeieaeai eiaoue
iaoeo eiio?iey aeinooia;

3) eiaeeaeaeoaeueiua iieueciaaoaee aeieaeiu auoue eaeaioeoeoee?iaaiu;

4) nenoaia aeieaeia iiaeaea?aeeaaoue niaieoiiinoue naaaeaiee
iaeaieeaathueony ni a?aiaiai e eniieuecoaiuo aeey oi?iuai i?iaa?ee
n?aaenoa caueou;

5) nenoaia aeieaeia auoue ioe?uoa aeey iacaaeneiie ioeaiee aaciianiinoe
eioi?iaoeee;

6) nenoaia aeieaeia auoue iinoiyiii caueuaia io eciaiaiaiee
eiioeao?aoeee eee eaeeo-eeai ae?oaeo eciaiaiee.

Ni a?aiaie auionea I?aiaeaaie eieae auei iioaeeeiaaii iiiaeanoai ae?oaeo
aeieoiaioia n ?acee/iuie oeaaoaie iaeiaeae. Yoa «?aaeoaeiay na?ey»
ioaaouaaao aii?inu Eioa?i?aoaoeee Aeinoiaa?iuo Naoae (Trusted Network
Interpretation), Eioa?i?aoaoeee Aeinoiaa?iuo Aac Aeaiiuo (Trusted
DataBase Interpretation), ?oeiaiaenoaa ii ia?ieyi, ?oeiaiaenoai ii
ecae?aoaeueiiio eiio?ieth aeinooia e Ia?a/aiue Ioeaiaiiuo N?aaenoa.

Iaeioi?ua ?aaeecaoeee

Ei?ii?aoeey Oracle ?ac?aaioaea ?aeyoeeiiioth NOAAe n iaania/aieai
iiiaio?iaiaaie caueou eioi?iaoeee (Multi-Level Security — MLS) — Trusted
ORACLE7, iaeaaeathuoth, a oii /enea, e anaie noaiaea?oiuie
aiciiaeiinoyie ORACLE7.

A i?ioeii eiiiaiee, eioi?ua aeaeaee caueoeoue nae?aoioth eee
eiioeaeaioeeaeueioth eioi?iaoeeth, auioaeaeaiu auee eniieueciaaoue aeey
yoeo oeaeae niaoeeaeueiia eee auaeaeaiiia iai?oaeiaaiea. N iiyaeaieai
oaeeo i?iaeoeoia, eae Trusted ORACLE7, yoa iaiaoiaeeiinoue ioiaea.
Trusted ORACLE7 iicaieyao ?aciauaoue aaaeioth aeey eiieo?aioia
eioi?iaoeeth a aaca aeaiiuo, a eioi?ie o?aieony iauay eioi?iaoeey, aac
anyeiai ?enea, /oi eaeie-oi iieueciaaoaeue neo/aeii eee i?aaeiaia?aiii
iieo/eo aeinooi e nae?aoiie eee eiioeaeaioeeaeueiie eioi?iaoeee.

Trusted ORACLE7 ooieoeeiie?oao n eniieueciaaieai aeaoo iaai?ia i?aaee:
Ecae?aoaeueiia Oi?aaeaiea Aeinooiii (DAC — Discretionary Access Control)
e Iieiiii/iia Oi?aaeaiea Aeinooiii (MAC — Mandatory Access Control).
Eniieueciaaiea DAC ia?aie/eaaaony oaeeie iauaeoaie aac aeaiiuo, eae
oaaeeoeu, aeaeu, iineaaeiaaoaeueiinoe e o?aieiua i?ioeaaeo?u, iniiaaiiua
ia eaeaioeoeeaoeee iieueciaaoaeae, e a?oiiiaua annioeeaoeee. Nicaeaoaeue
iauaeoia aac aeaiiuo — iai?eia?, oaaeeoe — iiaeao i?aaeinoaaeyoue
aeinooi ae?oaiio iieueciaaoaeth.

MAC i?aaenoaaeyao niaie oaa aia?aae ii n?aaiaieth n DAC e iiia/aao
niaea?aeaiea iauaeoia aac aeaiiuo. MAC ia?aie/eaaao aeinooi e iauaeoo
iooai n?aaiaiey oae iacuaaaiie iaoee iauaeoa n o?iaiai aaoi?ecaoeee
iieueciaaoaey. Iiieii iaoie MAC Trusted ORACLE7 iiia/aao oaeea yeaiaiou
iauaeoia, eae no?iee e oaaeeoeu. A ?acoeueoaoa yoiai naienoaa aeaaea i?e
oneiaee, /oi DAC iuoaaony aeaoue iieueciaaoaeth aeinooi e iiia/aiiiio
iauaeoo, aio aoaeao ?ac?aoai aeinooi, oieueei anee aai o?iaaiue
aaoi?ecaoeee aoaeao ia ieaea, /ai o?iaaiue aaoi?ecaoeee eioi?iaoeee, e
eioi?ie iuoaaony iieo/eoue aeinooi iieueciaaoaeue.

Ia?aoeoa aieiaiea, /oi Trusted ORACLE7 aeieaeia ooieoeeiie?iaaoue iaae
IN n iiiaio?iaiaaie caueoie eioi?iaoeee, /oiau iaania/eoue o?iaie caueou
eioi?iaoeee, caeiaeaiiua a iae i?e i?iaeoe?iaaiee. Iaiai iaaeaeo
nenoaiaie n iiiaio?iaiaaie caueoie (iaoi/iie), a oaeaea iaaeaeo nenoaiie
n iiiaio?iaiaaie caueoie e iau/iie nenoaiie, ia eniieuecothuae iaoee,
aiciiaeai oieueei iin?aaenoaii iaoi/iiai naoaaiai i?ioieiea. Oaeea
i?ioieieu ia?aaeatho a aeiiieiaiea e ae?oaei ao?eaooai caueou
eioi?iaoeee, iiaeiaii eaeaioeoeeaoi?ai iieueciaaoaeae eee a?oii, iaoee
iaeaoia, eioi?ua iau/ii ii?iaeaeathony ec iaoie ia?aaeathuaai i?ioeanna.
Aieueoeinoai iaueo iaoi/iuo i?ioieieia yaeythony aa?eaioaie i?ioieiea
MaxSix, i?aaenoaaeythuaai niaie niaieoiiinoue naoaauo i?ioieieia caueou
eioi?iaoeee e i?ia?aiiiuo eioa?oaenia, oai?aoe/anee ni?iaeoe?iaaiiiai
aeey iiaeaea?aeee naoae OSI e TCP/IP, oioy a ianoiyuaa a?aiy eiathony
oieueei ?aaeecaoeee MaxSix. I?ioieieu MaxSix niioaaonoaotho RIPCO, CIPCO
e DNSIX. Aieueoeinoai iinoaaueeia ?aai/eo noaioeee MLS n ?aaeeiii
?acaeaeaiey ia Naeoeee (CMW — Compartamented Mode Workstation)
?aaeeciaaee i?ioieieu MaxSix a naieo caueuaiiuo IN. MaxSix iaania/eaaao
ia oieueei neoaeau ?annoaaeaiey iaoie e o?aineyoeee, ii e aeiioneaao
aaeeinoaaiioth ca?aiaa ii?aaeaeaiioth iaoeo MLS.

Oaeei ia?acii, iiia/aiiue na?aa? a aeaenoaeoaeueiinoe aeaenoaoao eae
noi?iae; aiaeiae/ii, AAe Trusted ORACLE7 ia yoii na?aa?a ?aaioaao eae
noi?iae na?aa?a NOAAe.

Eae e iau/iua i?ioieieu, SQL* Net iiaeaea?aeeaaao yoe iaoi/iua i?ioieieu
iin?aaenoaii i?ioieieueiuo aaeaioa?ia; iai?eia?, eiathony ?aaeecaoeee
aaeaioa?ia i?ioieieia SQL* Net aeey TNET oe?iu Sun, MaxSix oe?iu DEC e
MaxSix oe?iu HP. Ia noaioeeyo, aaea iiiaio?iaiaaay n?aaea niaaeeiyaony n
iaiaoi/iie n?aaeie, ia iaeiie noi?iia niaaeeiaiey (iiiaio?iaiaaie)
?aaioaao aaeaioa? SQL* Net aeey aa?eaioa MaxSix, a ia ae?oaie — aaeaioa?
SQL* Net aeey i?ioieiea TCP/IP (iaiaoi/iay n?aaea).

Ana i?iaeoeou ei?ii?aoeee Oracle Developer 2000, Designer 2000 e ae?.
iiaoo eniieueciaaoueny n Trusted ORACLE7.

Ia?niaeoeau ?acaeoey

N iiyaeaieai Oracle RDBMS aa?nee 7.2 ?ac?aaio/eee i?eeiaeaiee niiaoo
iinoaaeyoue eiae PL/SQL a naa?iooii (Wrapped) oi?iaoa. ?ac?aaio/ee,
eioi?ue ieaie?oao ?ani?ino?aiyoue i?eeiaeaiey ia PL/SQL, aieueoa ia
aeieaeai ioi?aaeyoue enoiaeiue eiae PL/SQL. Ne?uoea enoiaeiiai eiaea
iaeaa/aao caueoo eioaeeaeooaeueiie nianoaaiiinoe e oiaiueoaao aiciiaeiua
ceioiio?aaeaiey eee eneaaeaiey i?eeiaeaiee.

Caueuaiiua NOAAe ae?oaeo iinoaaueeia

Informix iinoaaeyao OnLine/Secure 5.0, eioi?ue, iiaeiaii ae?oaei
eiieo?e?othuei i?iaeoeoai a aeaiiie iaeanoe, i?aaenoaaeyao niaie
?aeyoeeiiioth NOAAe, iaania/eaathuoth iiiaio?iaiaaoth caueoo eioi?iaoeee
a AAe e ?aaioathuoth n eniieueciaaieai aeaoo iaai?ia i?aaee DAC e MAC.

Aiaeiae/iua iaoaieciu iiaeaea?aeeaaao Sybase a i?iaeoeoa Secure SQL
Server Version 10.0.

Nenoaia Kerberos

Nenoaia Kerberos (ii-?onnee — Oea?aa?), ?ac?aaioaiiay o/anoieeaie
i?iaeoa Athena, iaania/eaaao caueoo naoe io ianaieoeeiie?iaaiiiai
aeinooia, aace?oynue eneeth/eoaeueii ia i?ia?aiiiuo ?aoaieyo, e
i?aaeiieaaaao iiiaie?aoioth oeo?iaaiea ia?aaeaaaaiie ii naoe
oi?aaeythuae eioi?iaoeee. Kerberos iaania/eaaao eaeaioeoeeaoeeth
iieueciaaoaeae naoe e na?aa?ia, ia iniiauaaynue ia naoaauo aae?anao e
iniaaiiinoyo iia?aoeeiiiuo nenoai ?aai/eo noaioeee iieueciaaoaeae, ia
o?aaoy oece/aneie caueou eioi?iaoeee ia anao iaoeiao naoe e enoiaey ec
i?aaeiieiaeaiey, /oi iaeaou a naoe iiaoo auoue eaaei i?i/eoaiu e i?e
aeaeaiee eciaiaiu.

Eeeaio/ Kerberos/ Cepaep

Kerberos eiaao no?oeoo?o oeia eeeaio/na?aa? e ninoieo ec eeeaioneeo
/anoae, onoaiiaeaiiuo ia ana iaoeiu naoe (?aai/ea noaioeee
iieueciaaoaeae e na?aa?u), e Kerberos-na?aa?a (eee na?aa?ia),
?aniieaaathuaainy ia eaeii-eeai (ia iaycaoaeueii auaeaeaiiii)
eiiiuethoa?a. Kerberos-na?aa?, a naith i/a?aaeue, aeaeeony ia aeaa
?aaiii?aaiua /anoe:

na?aa? eaeaioeoeeaoeee (authentication server) e na?aa? auaea/e
?ac?aoaiee (ticket granting server). Neaaeoao ioiaoeoue, /oi nouanoaoao
a o?aoee na?aa? Kerberos, eioi?ue, iaeiaei, ia o/anoaoao a
eaeaioeoeeaoeee iieueciaaoaeae, a i?aaeiacia/ai aeey aaeieieno?aoeaiuo
oeaeae. Iaeanoue aeaenoaey Kerberos (realm) ?ani?ino?aiyaony ia oio
o/anoie naoe, ana iieueciaaoaee eioi?iai ca?aaeno?e?iaaiu iiae naieie
eiaiaie e ia?ieyie a aaca Kerberos-na?aa?a e aaea ana na?aa?u iaeaaeatho
iauei eiaeiaui eeth/ii n eaeaioeoeeaoeeiiiie /anoueth Kerberos. Yoa
iaeanoue ia iaycaoaeueii aeieaeia auoue o/anoeii eieaeueiie naoe,
iineieueeo Kerberos ia iaeeaaeuaaao ia?aie/aiey ia oei eniieuecoaiuo
eiiioieeaoeee (i niiniaa aeinooia ec iaeanoe aeaenoaey iaeiiai
Kerberos-na?aa?a a iaeanoue aeaenoaey ae?oaiai aoaeao neacaii /ooue
ieaea).

Oi?iuaiii iiaeaeue ?aaiou Kerberos iiaeii iienaoue neaaeothuei
ia?acii. Iieueciaaoaeue (Kerberos-eeeaio), aeaeay iieo/eoue aeinooi e
?ano?no naoe, iai?aaeyao cai?in eaeaioeoeeaoeeiiiiio na?aa?o Kerberos.
Iineaaeiee eaeaioeoeoee?oao iieueciaaoaey n iiiiuueth aai eiaie e ia?iey
e auaeaao ?ac?aoaiea ia aeinooi e na?aa?o auaea/e ?ac?aoaiee, eioi?ue, a
naith i/a?aaeue, aeaao «aeia?i» ia eniieueciaaiea iaiaoiaeeiuo ?ano?nia
naoe. Iaeiaei aeaiiay iiaeaeue ia ioaa/aao ia aii?in i iaaeaaeiinoe
caueou eioi?iaoeee, iineieueeo, n iaeiie noi?iiu, iieueciaaoaeue ia
iiaeao iinueaoue eaeaioeoeeaoeeiiiiio na?aa?o naie ia?ieue ii naoe, a n
ae?oaie — ?ac?aoaiea ia aeinooi e ianeoaeeaaieth a naoe ia iiaeao auoue
iineaii iieueciaaoaeth a aeaea iau/iiai niiauaiey. A iaieo neo/ayo
eioi?iaoeey iiaeao auoue ia?aoaa/aia e eniieueciaaia aeey
ianaieoeeiie?iaaiiiai aeinooia a naoue. Aeey oiai, /oiau ecaaaeaoue
iiaeiaiuo iai?eyoiinoae Kerberos, i?eiaiyao neiaeioth nenoaio
iiiaie?aoiiai oeo?iaaiey i?e ia?aaea/a ethaie oi?aaeythuae eioi?iaoeee a
naoe.

Aeinooi iieueciaaoaeae e naoaaui na?aa?ai, oaeeai, i?eeiaeaieyi,
i?eioa?ai e o.ae. inouanoaeyaony ii neaaeothuae noaia.

Eeeaio (iiae eioi?ui a aeaeueiaeoai aoaeao iiieiaoueny eeeaioneay /anoue
Kerberos, onoaiiaeaiiay ia ?aai/ae noaioeee iieueciaaoaey) iai?aaeyao
cai?in eaeaioeoeeaoeeiiiiio na?aa?o ia auaea/o «?ac?aoaiey ia iieo/aiea
?ac?aoaiey» (ticket-granting ticket), eioi?ia aeano aiciiaeiinoue
ia?aoeoueny e na?aa?o auaea/e ?ac?aoaiee. Eaeaioeoeeaoeeiiiue na?aa?
aae?anoaony e aaca aeaiiuo, o?aiyuae eioi?iaoeeth i anao iieueciaaoaeyo,
e ia iniiaaiee niaea?aeauaainy a cai?ina eiaie iieueciaaoaey ii?aaeaeyao
aai ia?ieue. Caoai eeeaioo ionueaaony «?ac?aoaiea ia iieo/aiea
?ac?aoaiey» e niaoeeaeueiue eiae naaina (session key), eioi?ua
oeo?othony n iiiiuueth ia?iey iieueciaaoaey eae eeth/a. I?e iieo/aiee
yoie eioi?iaoeee iieueciaaoaeue ia aai ?aai/ae noaioeee aeieaeai aaanoe
naie ia?ieue, e anee ii niaiaaeaao n o?aiyueieny a aaca
Kerberos-na?aa?a, «?ac?aoaiea ia iieo/aiea ?ac?aoaiey» e eiae naaina
aoaeoo oniaoii ?anoeo?iaaiu. Oaeei ia?acii ?aoaaony i?iaeaia n caueoie
ia?iey — a aeaiiii neo/aa ii ia ia?aaeaaony ii naoe.

Iinea oiai eae eeeaio ca?aaeno?e?iaaeny n iiiiuueth eaeaioeoeeaoeeiiiiai
na?aa?a Kerberos, ii ioi?aaeyao cai?in na?aa?o auaea/e ?ac?aoaiee ia
iieo/aiea aeinooia e o?aaoaiui ?ano?nai naoe. Yoio cai?in (eee
«?ac?aoaiey ia iieo/aiea ?ac?aoaiey») niaea?aeeo eiy iieueciaaoaey, aai
naoaaie aae?an, ioiaoeo a?aiaie, n?ie aeecie yoiai ?ac?aoaiey e eiae
naaina. «?ac?aoaiea ia iieo/aiea ?ac?aoaiey» caoeo?iauaaaony aeaa ?aca:
nia/aea n iiiiuueth niaoeeaeueiiai eiaea, eioi?ue ecaanoai oieueei
eaeaioeoeeaoeeiiiiio na?aa?o e na?aa?o auaea/e ?ac?aoaiee, a caoai, eae
oaea auei neacaii, n iiiiuueth ia?iey iieueciaaoaey. Yoi i?aaeioa?auaao
ia oieueei aiciiaeiinoue eniieueciaaiey yoiai ?ac?aoaiey i?e aai
ia?aoaaoa, ii e aeaeaao aai iaaeinooiiui naiiio iieueciaaoaeth. Aeey
oiai /oiau na?aa? auaea/e ?ac?aoaiee aeae eeeaioo aeinooi e o?aaoaiui
?ano?nai, iaaeinoaoi/ii oieueei «?ac?aoaiey ia iieo/aiea ?ac?aoaiey».
Aianoa n iei eeeaio iinueaao oae iacuaaaiue aooaioeeaoi?
(authenticator), caoeo?iauaaaiue n iiiiuueth eiaea naaina e niaea?aeauee
eiy iieueciaaoaey, aai naoaaie aae?an e aua iaeio ioiaoeo a?aiaie.

Na?aa? auaea/e ?ac?aoaiee ?anoeo?iauaaao iieo/aiiia io eeeaioa
«?ac?aoaiea ia iieo/aiea ?ac?aoaiey», i?iaa?yao, ia enoae ee n?ie aai
«aiaeiinoe», a caoai n?aaieaaao eiy iieueciaaoaey e aai naoaaie aae?an,
iaoiaeyueany a ?ac?aoaiee, n aeaiiuie, eioi?ua oeacaiu a caaieiaea
iaeaoa i?eoaaeoaai niiauaiey. Iaeiaei ia yoii i?iaa?ee ia
caeai/eaathony. Na?aa? auaea/e ?ac?aoaiee ?anoeo?iauaaao aooaioeeaoi? n
iiiiuueth eiaea naaina e aua ?ac n?aaieaaao eiy iieueciaaoaey e aai
naoaaie aae?an n i?aaeuaeoueie aeaoiy cia/aieyie, e oieueei a neo/aa
iieiaeeoaeueiiai ?acoeueoaoa iiaeao auoue oaa?ai iaeiiaoe, /oi eeeaio
eiaiii oio, ca eiai naay auaeaao. Iineieueeo aooaioeeaoi? eniieuecoaony
aeey eaeaioeoeeaoeee eeeaioa anaai iaeei ?ac e oieueei a oa/aiea
ii?aaeaeaiiiai ia?eiaea a?aiaie, noaiiaeony i?aeoe/anee iaaiciiaeiui
iaeiia?aiaiiue ia?aoaao «?ac?aoaiey ia iieo/aiea ?ac?aoaiey» e
aooaioeeaoi?a aeey iineaaeothueo iiiuoie ianaieoeeiie?iaaiiiai aeinooia
e ?ano?nai naoe. Eaaeaeue ?ac, i?e iaiaoiaeeiinoe aeinooia e na?aa?o
naoe, eeeaio iinueaao «?ac?aoaiea ia iieo/aiea ?ac?aoaiey» iiiai?aciaiai
eniieueciaaiey e iiaue aooaioeeaoi?.

Iinea oniaoiie eaeaioeoeeaoeee eeeaioa a ea/anoaa enoi/ieea cai?ina
na?aa? auaea/e ?ac?aoaiee ionueaao iieueciaaoaeth ?ac?aoaiea ia aeinooi
e ?ano?nai naoe (eioi?ia iiaeao eniieueciaaoueny iiiaie?aoii a oa/aiea
iaeioi?iai ia?eiaea a?aiaie) e iiaue eiae naaina. Yoi ?ac?aoaiea
caoeo?iaaii n iiiiuueth eiaea, ecaanoiiai oieueei na?aa?o auaea/e
?ac?aoaiee e na?aa?o, e eioi?iio o?aaoao aeinooia eeeaio, e niaea?aeeo
aioo?e naay eiieth iiaiai eiaea naaina. Ana niiauaiea (?ac?aoaiea e
iiaue eiae naaina) caoeo?iaaii n iiiiuueth noa?iai eiaea naaina, iiyoiio
?anoeo?iaaoue aai iiaeao oieueei eeeaio. Iinea ?anoeo?iaee eeeaio
iinueaao oeaeaaiio na?aa?o, ?ano?nu eioi?iai ioaeiu iieueciaaoaeth,
?ac?aoaiea ia aeinooi e aooaioeeaoi?, caoeo?iaaiiua n iiiiuueth iiaiai
eiaea naaina.

Aeey iaania/aiey aua aieaa aunieiai o?iaiy caueou, eeeaio, a naith
i/a?aaeue, iiaeao iio?aaiaaoue eaeaioeoeeaoeee oeaeaaiai na?aa?a, /oiau
iaaciianeoueny io aiciiaeiiai ia?aoaaoa eioi?iaoeee, aeathuae i?aai ia
aeinooi e ?ano?nai naoe. A yoii neo/aa ii o?aaoao io na?aa?a aunueee
cia/aiey ioiaoee a?aiaie, oaaee/aiiiai ia aaeeieoeo e caoeo?iaaiiiai n
iiiiuueth eiaea naaina. Na?aa? ecaeaeaao eiieth eiaea naaina,
o?aiyuothny aioo?e ?ac?aoaiey ia aeinooi e na?aa?o, eniieuecoao aai aeey
?anoeo?iaee aooaioeeaoi?a, i?eaaaeyao e ioiaoea a?aiaie aaeeieoeo,
caoeo?iauaaao iieo/aiioth eioi?iaoeeth n iiiiuueth eiaea naaina e
ionueaao aa eeeaioo.

?anoeo?iaea yoiai niiauaiey iicaieyao eeeaioo eaeaioeoeoee?iaaoue
na?aa?. Eniieueciaaiea a ea/anoaa eiaea ioiaoee a?aiaie iaania/eaaao
oaa?aiiinoue a oii, /oi i?eoaaeoee eeeaioo ioaao io na?aa?a ia yaeyaony
iiaoi?ii ioaaoa ia eaeie-eeai i?aaeuaeouee cai?in.

Oaia?ue eeeaio e na?aa? aioiau e ia?aaea/a iaiaoiaeeiie eioi?iaoeee n
aeieaeiie noaiaiueth caueou. Eeeaio ia?auaaony n cai?inaie e oeaeaaiio
na?aa?o, eniieuecoy iieo/aiiia ?ac?aoaiea. Iineaaeothuea niiauaiey
caoeo?iauaathony n iiiiuueth eiaea naaina.

Aieaa neiaeiie yaeyaony neooaoeey, eiaaea eeeaioo iaiaoiaeeii aeaoue
na?aa?o i?aai iieueciaaoueny eaeeie-eeai ?ano?naie io aai eiaie. A
ea/anoaa i?eia?a iiaeii i?eaanoe neooaoeeth, eiaaea eeeaio iinueaao
cai?in na?aa?o ia/aoe, eioi?iio caoai iaiaoiaeeii iieo/eoue aeinooi e
oaeeai iieueciaaoaey, ?aniieiaeaiiui ia oaee-na?aa?a. E?iia oiai, i?e
aoiaea a oaeaeaiioth nenoaio iieueciaaoaeth iaiaoiaeeii, /oiau ana
eaeaioeoeeaoeeiiiua i?ioeaaeo?u auiieiyeenue oae aea, eae e n eieaeueiie
iaoeiu. Yoa i?iaeaia ?aoaaony onoaiiaeie niaoeeaeueiuo oeaaia a
«?ac?aoaiee ia iieo/aiea ?ac?aoaiey» (aeathueo iaeii?aciaia ?ac?aoaiea
ia aeinooi e na?aa?o io eiaie eeeaioa aeey ia?aiai i?eia?a e
iaania/eaathueo iinoiyiioth ?aaioo a yoii ?aaeeia aeey aoi?iai).
Iineieueeo, eae auei neacaii auoa, ?ac?aoaiey no?iai i?eaycaiu e
naoaaiio aae?ano iaeaaeathuae eie noaioeee, oi i?e iaee/ee iiaeiaiuo
oeaaia na?aa? auaea/e ?ac?aoaiee aeieaeai oeacaoue a ?ac?aoaiee naoaaie
aae?an oiai na?aa?a, eioi?iio ia?aaeathony iieiiii/ey ia aeaenoaey io
eiaie eeeaioa.

Neaaeoao ioiaoeoue oaeaea, /oi aeey anao iienaiiuo auoa i?ioeaaeo?
eaeaioeoeeaoeee iaiaoiaeeii iaania/eoue aeinooi e aaca aeaiiuo Kerberos
oieueei aeey /oaiey. Ii eiiaaea o?aaoaony eciaiyoue aaco, iai?eia?, a
neo/aa eciaiaiey eeth/ae eee aeiaaaeaiey iiauo iieueciaaoaeae. Oiaaea
eniieuecoaony o?aoee na?aa? Kerberos — aaeieieno?aoeaiue (Kerberos
Administration Server). He aaeaaaynue a iiae?iaiinoe aai ?aaiou,
neaaeoao ioiaoeoue, /oi aai ?aaeecaoeee iiaoo neeueii ioee/aoueny (oae,
aiciiaeii aaaeaiea ianeieueeeo eiiee aacu iaeiia?aiaiii).

Naycue iaaeaeo Kerberos-iaeanoyie

Eae oaea auei neacaii auoa, i?e eniieueciaaiee Kerberos-na?aa?ia naoue
aeaeeony ia iaeanoe aeaenoaey Kerberos. Noaia aeinooia eeeaioa,
iaoiaeyuaainy a iaeanoe aeaenoaey iaeiiai Kerberos-na?aa?a, e ?ano?nai
naoe, ?aniieiaeaiiui a iaeanoe aeaenoaey ae?oaiai Kerberos,
inouanoaeyaony neaaeothuei ia?acii.

Oeaeaaie na?aa?

Iaa Kerberos-na?aa?a aeieaeiu auoue iaithaeii ca?aaeno?e?iaaiu, oi anoue
ciaoue iauea nae?aoiua eeth/e e, neaaeiaaoaeueii, eiaoue aeinooi e aacai
iieueciaaoaeae ae?oa ae?oaa. Iaiai yoeie eeth/aie iaaeaeo
Kerberos-na?aa?aie (aeey ?aaiou a eaaeaeii iai?aaeaiee eniieuecoaony
naie eeth/) iicai-eyao ca?aaeno?e?iaaoue na?aa? auaea/e ?ac?aoaiee
eaaeaeie iaeanoe eae eeeaioa a ae?oaie iaeanoe. Iinea yoiai eeeaio,
o?aaothuee aeinooia e ?ano?nai, iaoiaeyueiny a iaeanoe aeaenoaey
ae?oaiai Kerberos-na?aa?a, iiaeao iieo/eoue ?ac?aoaiea io na?aa?a
auaea/e ?ac?aoaiee naiaai Kerberos ii iienaiiiio auoa aeai?eoio. Yoi
?ac?aoaiea, a naith i/a?aaeue, aeaao i?aai aeinooia e na?aa?o auaea/e
?ac?aoaiee ae?oaiai Kerberos-na?aa?a e niaea?aeeo a naaa ioiaoeo i oii,
a eaeie Kerberos-iaeanoe ca?aaeno?e?iaai iieueciaaoaeue. Oaeaeaiiue
na?aa? auaea/e ?ac?aoaiee eniieuecoao iaeei ec iaueo nae?aoiuo eeth/ae
aeey ?anoeo?iaee yoiai ?ac?aoaiey (eioi?ue, anoanoaaiii, ioee/aaony io
eeth/a, eniieuecoaiiai a i?aaeaeao yoie iaeanoe) e i?e oniaoiie
?anoeo?iaea iiaeao auoue oaa?ai, /oi ?ac?aoaiea auaeaii eeeaioo
niioaaonoaothuae Kerberos-iaeanoe. Iieo/aiiia ?ac?aoaiea ia aeinooi e
?ano?nai naoe i?aaeuyaeyaony oeaeaaiio na?aa?o aeey iieo/aiey
niioaaonoaothueo oneoa.

Neaaeoao, iaeiaei, o/eouaaoue, /oi aieueoia /enei Kerberos-na?aa?ia a
naoe aaaeao e oaaee/aieth eiee/anoaa ia?aaeaaaaiie eaeaioeoeeaoeeiiiie
eioi?iaoeee i?e nayce iaaeaeo ?aciuie Kerberos-iaeanoyie. I?e yoii
oaaee/eaaaony iaa?ocea ia naoue e ia naie Kerberos-na?aa?u. Iiyoiio
aieaa yooaeoeaiui neaaeoao n/eoaoue iaee/ea a aieueoie naoe anaai
ianeieueeeo Kerberos-na?aa?ia n aieueoeie iaeanoyie aeaenoaey, iaaeaee
eniieueciaaiea iiiaeanoaa Kerberos-na?aa?ia. Oay, Kerberos-nenoaia,
onoaiiaeaiiay eiiiaieae Digital Equipment aeey aieueoie aaieianeie naoe,
iauaaeeiythuae ioaeaeaiey a Iueth-Ei?ea, Ia?eaea e ?eia, eiaao anaai
iaeei Kerberos-na?aa?. I?e yoii, ianiio?y ia iaee/ea a naoe aeiaaeueiuo
eiiioieeaoeee, ?aaioa Kerberos-nenoaiu i?aeoe/anee ia io?aceeanue ia
i?iecaiaeeoaeueiinoe naoe.

Kerberos-5

E ianoiyuaio a?aiaie Kerberos auaea?aeae oaea /aou?a iiaeeoeeaoeee, ec
eioi?uo /aoaa?oay iieo/eea iaeaieueoaa ?ani?ino?aiaiea. Iaaeaaii a?oiia,
i?iaeieaeathuay ?aaioo iaae Kerberos, iioaeeeiaaea niaoeeoeeaoeeth iyoie
aa?nee nenoaiu, iniiaiua iniaaiiinoe eioi?ie io?aaeaiu a noaiaea?oa RFC
1510. Yoa iiaeeoeeaoeey Kerberos eiaao ?yae iiauo naienoa, ec eioi?uo
iiaeii auaeaeeoue neaaeothuea.

Oaea ?anniio?aiiue ?aiaa iaoaieci ia?aaea/e iieiiii/ee na?aa?o ia
aeaenoaey io eiaie eeeaioa, cia/eoaeueii iaeaa/athuee eaeaioeoeeaoeeth a
naoe a ?yaea neiaeiuo neo/aaa, yaeyaony iiaiaaaaeaieai iyoie aa?nee.

Iyoay aa?ney iaania/eaaao aieaa oi?iuaiioth eaeaioeoeeaoeeth
iieueciaaoaeae a oaeaeaiiuo Kerberos-iaeanoyo, n nie?auaiiui /eneii
ia?aaea/ nae?aoiuo eeth/ae iaaeaeo yoeie iaeanoyie. Aeaiiia naienoai, a
naith i/a?aaeue, aace?oaony ia iaoaiecia ia?aaea/e iieiiii/ee.

Anee a i?aaeuaeoueo aa?neyo Kerberos aeey oeo?iaaiey eniieueciaaeny
eneeth/eoaeueii aeai?eoi DES (Data Encryption Standard — Noaiaea?o
Oeo?iaaiey Aeaiiuo), iaaeaaeiinoue eioi?iai aucuaaea iaeioi?ua niiiaiey,
oi a aeaiiie aa?nee aiciiaeii eniieueciaaiea ?acee/iuo aeai?eoiia
oeo?iaaiey, ioee/iuo io DES.

Caeeth/aiea

Iiiaea i?iecaiaeeoaee naoaaiai e oaeaeiiioieeaoeeiiiiai iai?oaeiaaiey
iaania/eaatho iiaeaea?aeeo ?aaiou n Kerberos a naieo ono?ienoaao.

Neaaeoao, iaeiaei, ioiaoeoue, /oi eniieueciaaiea Kerberos ia yaeyaony
?aoaieai anao i?iaeai, naycaiiuo n iiiuoeaie ianaieoeeiie?iaaiiiai
aeinooia a naoue (iai?eia?, ii aanneeai, anee eoi-eeai ociae ia?ieue
iieueciaaoaey), iiyoiio aai iaee/ea ia eneeth/aao ae?oaeo noaiaea?oiuo
n?aaenoa iiaeaea?aeaiey niioaaonoaothuaai o?iaiy nae?aoiinoe a naoe.

Ie iaeia eiiiuethoa?iay nenoaia caueou eioi?iaoeee ia yaeyaony
aaniethoii aaciianiie. Iaeiaei aaeaeaaoiua ia?u caueou cia/eoaeueii
cao?oaeiytho aeinooi e nenoaia e nieaeatho yooaeoeaiinoue oneeee
ceioiuoeaiieea (ioiioaiea n?aaeieo cao?ao ia aceii caueou nenoaiu e
iaeeaeaaiuo ?acoeueoaoia) oae, /oi i?iieeiiaaiea a nenoaio noaiiaeony
iaoeaeaniia?aciui. Eeth/aaui yeaiaioii a nenoaia aaciianiinoe yaeyaony
aaeieieno?aoi? nenoaiu. Eaeea au n?aaenoaa au ie i?eia?aoaee, ea/anoai
caueou aoaeao caaenaoue io niiniaiinoae e oneeee yoiai /aeiaaea.

Eeoa?aoo?a

Aeuey/aiei A.E. “Oai?ey nenoai aaciianiinoe aeaiiuo”, III “Enoie”, I.-
1995a.

Information Security Service DATAPRO International,

McGraw-HTl, Inc.

ORACLE7 Server Concepts Manual. P/N 6693-70.

Trusted ORACLE7 Server Administrator’s Guide. P/N d610-70.

Trusted ORACLE7 Technical Overview. P/N Al 4774.

Computer Security and Evaluations Criteria White Paper. P/NA12944.

SQL* Net v. 4 Administrator’s Guide. P/N 6545-20

Multiprotocol Interchange Administrator’s Guide. P/N 6544-10.

AEo?iaeu (?3-10) “Naoe” ca 1998 aiae.

AEo?iae “Ioe?uoua nenoaiu” ca 1997-1998 aiaeu.

Aaciianiinoue ?ani?aaeaeaiiuo naoae

?aaioa nooaeaioa a?oiiu N-102 Eo?aaoiaa E.A PAGE \* MERGEFORMAT 4 /
NUMPAGES \* MERGEFORMAT 20

Нашли опечатку? Выделите и нажмите CTRL+Enter

Похожие документы
Обсуждение

Оставить комментарий

avatar
  Подписаться  
Уведомление о
Заказать реферат
UkrReferat.com. Всі права захищені. 2000-2019