三、安全策略的组成及实现1、安全策略的配置开放式网络环境下用户的合法利益通常受到两种方式的侵害:主动攻击和被动攻击.主动攻击包括对用户信息的篡改、删除、伪造;对用户身份的冒充、对合法用户访问的阻止;被动攻击包括对用户信息的窃取,对信息流量的分析等.安全策略是根据用户对安全的需求所采取的具体保护方式,还常包括如下几项:(1)身份认证:检验用户的身份是否合法,防止身份冒充,对用户实施访问控制. Third, the composition and implementation of security strategy 1, the configuration of security policy Users in the open network environment, the legitimate interests of the two ways usually are infringed: active attacks and passive attacks, including user information tampering, deletion, forgery; Pretend to user identity, blocking of legitimate users access; Passive attacks include the theft of user information, the analysis of information flow, etc. Security policy is based on the specific security needs of users to take the specific protection, but also often include the following Item: (1) Identity Authentication: Verify that the user’s identity is legal, prevent identity from posing, and implement user access control.