理解和应用安全概念-3.可用性

Availability means authorized subjects are granted timely and uninterrupted access to objects. Often, availability protection controls support sufficient bandwidth and timeliness of processing as deemed necessary by the organization or situation. Availability includes efficient uninterrupted access to objects and prevention of denial-of-service (DoS) attacks. Availability also implies that the supporting infrastructure—including network services, communications, and access control mechanisms—is functional and allows authorized users to gain authorized access. 

可用性是指授权主体被授予对象的及时和不间断的访问。通常，可用性保护控制支持组织或情况认为必要的足够的带宽和及时的处理。可用性包括对对象的有效不间断访问和防止拒绝服务（DoS）攻击。可用性还意味着支持性基础设施--包括网络服务、通信和访问控制机制--是功能性的，允许授权用户获得授权访问。

For availability to be maintained on a system, controls must be in place to ensure authorized access and an acceptable level of performance, to quickly handle interruptions, provide for redundancy, maintain reliable backups, and prevent data loss or destruction. 

为了维持一个系统的可用性，必须有控制措施，以确保授权访问和可接受的性能水平，快速处理中断，提供冗余，保持可靠的备份，并防止数据丢失或破坏。

There are numerous threats to availability. These include device failure,software errors, and environmental issues (heat, static electricity, flooding, power loss, and soon). Some forms of attack focus on the violation of availability, including DoS attacks, object destruction, and communication interruptions.

可用性有许多威胁。这些威胁包括设备故障、软件错误和环境问题（热、静电、洪水、断电等等）。一些攻击形式集中于对可用性的侵犯，包括DoS攻击、对象破坏和通信中断。

Many availability breaches are caused by human error, oversight, or ineptitude. They can also occur because of an oversight in a security policy or a misconfigured security control. 

许多可用性漏洞是由人为错误、疏忽或无能造成的。它们也可能因为安全政策的疏忽或安全控制的错误配置而发生。

Numerous counter measures can ensure availability against possible threats.These include designing intermediary delivery systems properly, using access controls effectively,monitoring performance and network traffic, using firewalls and routers to prevent DoS attacks, implementing redundancy for critical systems, and maintaining and testing backup systems. Most security policies, as well as business continuity planning (BCP), focus on the use of fault to lerance features at the various levels of access/storage/security (that is, disk,server, or site) with the goal of eliminating single points of failure to maintain availability of critical systems. 

众多的对策可以确保对可能的威胁的可用性。这些措施包括适当地设计中间交付系统，有效地使用访问控制，监控性能和网络流量，使用防火墙和路由器来防止DoS攻击，为关键系统实施冗余，维护和测试备份系统。大多数安全政策以及业务连续性计划（BCP）都集中于在访问/存储/安全的各个层面（即磁盘、服务器或站点）使用容错功能，目的是消除单点故障以保持关键系统的可用性。

Availability depends on both integrity and confidentiality. Without integrity and confidentiality,availability cannot be maintained. Concepts, conditions, and aspects of availability include the following:

•  Usability: The state of being easy to use or learn or being able to be understood and controlled by a subject

•  Accessibility: Theassurance that the widest range of subjects can interact with a resource regardless of their capabilities or limitations

• Timeliness: Being prompt, on time,within a reasonable time frame, or providing lowlatency response

  
  

可用性取决于完整性和保密性。没有完整性和保密性，可用性就无法维持。可用性的概念、条件和层面包括：

• 可用性，易于使用或学习的状态，或能够被主体理解和控制的状态。

• 可访问性，保证最广泛的主体能够与资源进行互动，无论其能力或限制如何。

• 及时性，迅速、准时、在合理的时间范围内，或提供低延迟的回应.

  
  

小结

可用性：经过授权的主体被及时准许和不间断地访问客体。可用性提供了经过授权的主体能够访问数据、客体和资源的高级别保证。可用性包括有效地不间断地访问客体和阻止拒绝服务（Denial Of Services，DoS）攻击。基础结构的正常运作。

维护可用性的措施：确保被授权的访问和可接受的性能等级、快速处理中断、提供冗余度、维持可靠的备份以及避免数据丢失或破坏。

• 独立磁盘冗余阵列（RAID）

• 群集

• 负载均衡

• 冗余数据和但原先

• 软件和数据备份

• 磁盘映射

• Co-location和异地备用设施

• 回滚功能

• 故障切换配置

• 破坏可用性的因素：

• 设备故障

• 软件错误

• 环境问题

• DoS攻击

• 客体损坏

• 通信中断

原文始发于微信公众号（网络安全等保测评）：理解和应用安全概念-3.可用性