↓↓↓↓↓ Click to get "Network Security" related content ↓↓↓↓↓
★? Summary of Cyber Security Publicity Week ★
★ Learning experience of network security education ★
★ Teaching plan of network security knowledge theme class meeting ★
★★★★ A complete collection of network security knowledge ★★★
Basic knowledge of network security
1. What is a firewall? What is a fortress host? What is DMZ?
A firewall is a system or a group of systems that implement access control policies between two networks.
The fortress host is a computer with security precautions on the network. The fortress host provides a blocking point for communication between networks. In other words, without the fortress host, the networks will not be able to access each other.
DMZ becomes a demilitarized zone or ceasefire zone, which is a subnet added between the internal network and the external network.
2. What is the essence of network security?
Network security is essentially information security on the network.
Information security is the protection of confidentiality, integrity and availability of information, including physical security, network system security, data security, information content security and information infrastructure equipment security.
3. What are the threats to computer network security? From the human point of view, what are the factors that threaten network security?
A: The threats to computer network security can be mainly divided into two categories: one is the threat to information in the network, and the other is the threat to equipment in the network. Considering human factors, factors affecting network security include:
(1) Unintentional human error.
(2) Man-made malicious attacks. One is active attack, and the other is passive attack.
(3) Network software vulnerabilities and "back doors".
4. What are the contents of network attack and defense?
Network attacks: network scanning, monitoring, intrusion, back door, stealth;
Network defense: operating system security configuration, encryption technology, firewall technology, intrusion detection technology.
5. Analyze the TCP/IP protocol, and explain the possible threats and defense methods at each layer.
Network layer: IP spoofing attack, protective measures; Firewall filtering and repair;
Transport layer: application layer: mail bombs, viruses, trojans, etc. And defense methods: authentication, virus scanning, safety education, etc.
6. Please analyze the level of network security.
From the perspective of hierarchy, network security can be divided into four levels: physical security, logical security, operating system security and network security.
7. Please analyze the hierarchy of information security.
Information security can generally be divided into five levels: security cryptographic algorithm, security protocol, network security, system security and application security.
8. Briefly describe the principle of port scanning technology.
Port scanning sends probe packets to the TCP/IP service port of the target host and records the correspondence of the target host. By analyzing the corresponding relationship to judge whether the service port is open or closed, we can know the service or information provided by the port. Port scanning can monitor the operation of local hosts by capturing incoming/outgoing IP packets of local hosts or servers. Port scanning can only analyze the received data, help us find some inherent weaknesses of the target host, and does not provide detailed steps to enter a system.
9. What is the principle of buffer overflow attack?
Buffer overflow attack is a systematic attack means. By writing the content beyond its length into the buffer of the program, the buffer overflows, thus destroying the stack of the program and making the program execute other instructions, thus achieving the purpose of attack.
The most common method of buffer overflow attack is to execute the shell by overflowing the buffer of special programs, and advanced commands can be executed through the permissions of the shell. If this special program has system permission, a successful attacker can get a shell with shell permission and control the program.
10, list three backdoor programs, and explain their principles and defense methods.
(1) Open the TELNET service remotely. Defense methods: pay attention to the monitoring of opening services;
(2) Establish WEB and TELNET services. Defense methods: pay attention to the monitoring of start-up services;
(3) Let the disabled guest users have management rights. Defense method: Monitor the system registry.
1 1. Briefly describe a successful attack. What are the steps?
Hide IP- scan step by step-gain system or administrator rights-implant back door-become invisible in the network.
12. Briefly describe the principle of SQL injection vulnerability.
Using malicious SQL statements (WEB lacks the authentication of SQL statements) to attack the background database.
13. Analyze the problems existing in vulnerability scanning and how to solve them.
(1) The problem of system configuration rule base has limitations.
If the design of rule base is not accurate, the accuracy of prediction is impossible;
It is arranged and planned according to known security vulnerabilities, and many dangerous threats to the network system do come from unknown vulnerabilities, so if the rule base is not updated in time, the prediction accuracy will be reduced accordingly;
Suggestions for improvement: The system configuration rule base should be continuously expanded and modified, that is, the expansion and modification of the system vulnerability base, which still needs the guidance and participation of experts.
(2) Information requirements of vulnerability database
Vulnerability database information is the main judgment basis of vulnerability scanning based on network system vulnerability database. If the vulnerability library
Suggestion: The vulnerability database information should be not only complete and effective, but also simple, so that even users can easily add and configure the vulnerability database, thus realizing the timely update of the vulnerability database.
14, according to the method of firewall processing internal and external data can be divided into two categories? Their technical characteristics are discussed respectively.
According to the processing method of internal and external traffic data of the protective wall, it can be roughly divided into two categories: packet filtering firewall and application proxy firewall.
Packet filtering firewall, also known as filtering router, compares the packet header information with the rule table set by the administrator. If there are rules that do not allow sending packets, the router will discard them.
In the packet filtering system, it includes address filtering and service filtering.
Application proxy, also called application gateway, acts on the application layer. Its characteristic is to completely "block" the communication traffic of the network and monitor the communication traffic of the application layer by writing a special proxy program for each application service.
There are some special types of proxy servers, including application-level and cycle-level proxies, public and private proxy servers and intelligent proxy servers.
15. What is an application proxy? What are the advantages of agency service?
Application proxy, also called application gateway, acts on the application layer, and its characteristic is to completely "block" the communication traffic of the network. By writing a special agent program for each application service, the communication flow of the application layer can be monitored and controlled.
Proxy servers have the following two advantages:
(1) Proxy service allows users to access the Internet "directly". Using proxy services, users will be divided into users who directly access the Internet.
(2) Proxy services are suitable for logging, because proxy services follow the priority agreement, and they allow logging services to be carried out in a special and effective way.
The most comprehensive summary of computer network security knowledge in history
I. Security Threats Faced by Computer Networks Communication on computer networks faces the following four threats:
Interception-eavesdropping on other people's communication content from the Internet.
Interrupt-intentionally interrupt the communication of others on the network.
Tampering-deliberately tampering with messages transmitted on the network.
Forgery-Forged information is spread on the Internet. Attacks that intercept information are called passive attacks, and attacks that change information and refuse users to use resources are called active attacks.
Second, passive attack and active attack passive attack
The attacker only observes and analyzes a certain protocol data unit PDU, and does not interfere with the information flow.
Active attack
Refers to the attacker's handling of the PDU passed in the connection, such as:
Change message flow
Denial of message service
Fake connection initialization
Third, the goal of computer network communication security
(1) Prevent message content from being separated;
(2) prevent traffic analysis;
(3) detect that changed message flow;
(4) detecting that the message service is rejected;
(5) Detecting forged initialization connection.
Fourth, malicious programs (rogue programs)
Computer virus-a program that can "infect" other programs. "Infection" is achieved by modifying other programs to copy itself or its variants.
Computer worm-a program that sends itself from one node to another through the communication function of the network and starts to run.
Trojan horse-a program performs more functions than it claims.
Logic bomb-a program that performs other special functions when the running environment meets certain conditions.
Five, the content of computer network security
secret
Design of security protocol
access control
Six, public key cryptosystem
Public-key cryptosystem uses different encryption keys and decryption keys, which is computationally infeasible to derive decryption keys from known encryption keys.
1, public key and private key:
In a public key cryptosystem, the encryption key (public key) PK (public key) is public information, while the decryption key (private key or secret key) SK (secret key) needs to be kept secret.
The encryption algorithm E(Encrypt) and the decryption algorithm d are also disclosed.
Although the key SK is determined by the public key PK, it cannot be calculated from PK.
Tips:
PK and SK pairs can be easily generated on the computer.
It is practically impossible to deduce SK from known PK, that is, it is "computationally impossible" to go from PK to SK.
Both encryption and decryption algorithms are public.
Seven, digital signature 1, digital signature must ensure the following three points:
(1) message authentication-the receiver can verify the sender's signature on the message;
(2) the integrity of the message-the sender can't deny the signature of the message afterwards;
(3) Undeniable-the receiver cannot forge the signature of the message.
At present, there are many ways to realize various digital signatures. But using public key algorithm is easier to implement.
2. Realization of digital signature:
Because no one can own A's private key except A, no one can generate this ciphertext except A. Therefore, B thinks that the message _ _ was signed by A. ..
If A denies sending a message to B, B can display plaintext and corresponding ciphertext to a third party. It's easy for a third party to prove that A did send _ _ to B with A's public key.
On the other hand, if B forges _ _ as _ _', B can't show the corresponding ciphertext in front of a third party. This proves that B forged the news.
Eight, identification
In the field of information security, encryption is an important measure to deal with passive attacks, while authentication is needed to deal with tampering and forgery in active attacks.
Message authentication enables the receiver of communication to verify the authenticity of the received message (sender and message content, sending time, sequence, etc.). ).
Message authentication can be achieved by using encryption. But in network applications, many messages do not need to be encrypted. The receiver should be able to identify the authenticity of the message in a very simple way.
Identification means
1 message authentication (using MD (message digest) algorithm combined with digital signature)
2 entity identification
9. Transport layer security protocol 1, SSL (Secure Sockets Layer)
SSL can encrypt and authenticate data transmitted between clients and servers on the World Wide Web.
SSL negotiates the encryption algorithm and key to be used, as well as the authentication between the client and the server at the contact stage.
After the contact phase is completed, all the transmitted data use the session key agreed in the contact phase.
SSL is not only supported by all common browsers and Web servers, but also the basis of transport layer security protocol TLS.
1. 1 SSL location
Three functions of 1.2 SSL:
(1) SSL server authentication allows users to verify the identity of the server. Browsers with SS L function maintain a table containing some trusted CAs and their public keys.
(2) Encrypting SSL session All data that the client interacts with the server is encrypted at the sender and decrypted at the receiver.
(3) SSL client authentication allows the server to confirm the identity of the client.
2. Secure Electronic Transaction Set (Secure Electronic Transaction)
The main features of SET are:
(1) SET is designed to encrypt payment-related messages.
(2) SET agreement involves three parties, namely customers, merchants and commercial banks. All the sensitive information that the three parties interact with is encrypted.
(3) SET requires all three parties to have certificates. In the SET transaction, the merchant can't see the credit card number transmitted by the customer to the commercial bank.
X.firewall
Firewall is a system composed of software and hardware, and it is a specially programmed router to realize the access control strategy between two networks. The access control policy is formulated by the unit that uses the firewall, so as to meet the needs of the unit to the greatest extent.
The network inside the firewall is called "trusted network" and the external Internet is called "untrusted network".
Firewall can be used to solve the security problems of intranet and extranet.
The position of firewall in the Internet
1, the function of firewall
Firewalls have two functions: blocking and allowing.
"Blocking" refers to preventing certain types of traffic from passing through the firewall (from the external network to the internal network and vice versa).
The function of "allowing" is just the opposite of "preventing".
Firewalls must be able to identify various types of traffic. However, in most cases, the main function of a firewall is to "block".
2, the classification of firewall technology
(1) Network-level firewall-used to prevent illegal intrusion of the whole network. Belonging to this category are packet filtering and authorization servers. The former checks all the information flowing into this network, and then rejects the data that does not meet a set of pre-established standards, while the latter checks whether the user's login is legal.
(2) Application-level firewall-access control starts from the application. Usually, application gateways or proxy servers are used to distinguish between various applications. For example, only applications that access the World Wide Web can be allowed, while FTP applications can be blocked.
What is network security knowledge?
What is network security?
Network security means that the hardware and software of the network system and the data in the system are protected, which will not be destroyed, changed or leaked due to accidents or malicious reasons. The system can run continuously, reliably and normally, and the network service will not be interrupted.
What is a computer virus?
Computer virus refers to a set of computer instructions or program codes inserted into a computer program by a compiler, which destroys computer functions or data, affects the use of the computer and can replicate itself.
What is a Trojan horse?
Trojan horse is a malicious remote control software. Trojans are generally divided into client and server. The client is the console of various commands used locally, and the server is run by others. Only the computer that has run the server can fully control it. Trojans don't infect files like viruses.
What is a firewall? How does it ensure network security?
Using functional firewall is a way to ensure network security. Firewall refers to the combination of a series of components set between different networks (such as trusted intranet and untrusted public network) or network security domains. It is the only entrance and exit of information between different networks or network security domains. It can control (allow, deny and monitor) the information flow in and out of the network according to the enterprise's security policy, and has strong anti-attack ability. It is the infrastructure to provide information security service and realize network and information security.
What is the back door? Why is there a back door?
Backdoor refers to a method to gain access to a program or system by bypassing security control. In the development stage of software, programmers often create backdoors in software so that they can modify the defects in the program. If the back door is known by others, or it is not deleted before the software is released, it becomes a security risk.
What is intrusion detection?
Intrusion detection is a reasonable supplement to firewall, which helps the system to cope with network attacks, expands the security management ability of system administrators (including security audit, monitoring, attack identification and response), and improves the integrity of information security infrastructure. It collects information from several key points in the computer network system, analyzes the information, and checks whether there are violations of security policies and signs of being attacked in the network.
What is packet monitoring? What does it do?
Packet monitoring can be regarded as equivalent to eavesdropping on telephone lines in computer networks. When someone "listens" to the network, they are actually reading and interpreting the packets transmitted on the network. If you need to send an e-mail or request a webpage through a computer on the Internet, all passing computers can see the data you sent, and the packet monitoring tool allows someone to intercept the data and view it.
Articles related to the basic knowledge of network security:
★ Encyclopedia of basic knowledge of network security
★ Network security: summary of basic knowledge points of network security.
★ Encyclopedia of Basic Computer Network Skills
★ Basic knowledge of network security
★ Network Security: What basic knowledge do you need to learn network security?
★ Basic knowledge of LAN security protection
★ Complete computer network knowledge
★ Basic knowledge of computer network security
★ Information network security management
★ Complete collection of basic knowledge of system security
var _ HMT = _ HMT | |[]; (function(){ var hm = document . createelement(" script "); hm.src = "/hm.js? fff 14745 ACA 9358 ff 875 ff 9 ACA 1296 B3 "; var s = document . getelementsbytagname(" script ")[0]; s.parentNode.insertBefore(hm,s); })();