Computer network security involves many factors, such as communication security, computer system security, storage security, physical security, personnel security and so on. The following is what I compiled, I hope you can get some insights from it!

Article 1 Computer network security

How to construct a closed logical environment in the open computer network physical environment to meet the actual needs of countries, groups and individuals has become a realistic problem that must be considered. In order to overcome these security problems and make the use of computer networks safer, computer network security came into being.

Keyword encryption technology; Firewall technology; Network security strategy

0. overview

Network system security involves communication security, computer system security, storage security, physical security, personnel security and many other factors, which is the sum of technical security, structural security and management security related to people, network and environment.

1. Threats to computing networks

The main reasons for network security defects are: the fragility of TCP/IP, the insecurity of network structure, the vulnerability to eavesdropping and the lack of security awareness.

2. Computer network security strategy

2. 1 physical security policy

Suppression and prevention of electromagnetic leakage, that is, TEMPEST technology, is a major issue of physical security strategy.

2.2 access control strategy

Access control is the main strategy of network security prevention and protection, and its main task is to ensure that network resources are not illegally used and accessed.

2.2. 1 network access control

Network access control provides the first layer of access control for network access. It controls which users can log on to the server and get network resources, and controls when users are allowed to access the network and at which workstation they are allowed to access the network.

2.2.2 Network access control

Network access control is a security protection measure against illegal network operations. Users and user groups are given certain rights.

2.2.3 Directory-level security control

The network should allow users to control their access to directories, files and devices. There are generally eight kinds of access permissions for directories and files: system administrator permission * * * supervisor * * *, read permission * * * read permission * * *, write permission * * * write permission * * *, create permission * * *, delete permission * * * erase permission * *, and modify permission * *.

2.2.4 Attribute security control

When using files, directories and network devices, the network system administrator should specify the access attributes of files, directories, etc. Properties can usually control the following permissions: writing data to files, copying files, deleting directories or files, viewing directories and files, executing files, hiding files, * * sharing, system properties, etc.

2.2.5 network server security control

The security control of network server includes setting a password to lock the server console to prevent illegal users from modifying, deleting important information or destroying data; You can set the time limit for server login and the time interval for illegal visitor detection and shutdown.

2.2.6 Monitoring and locking control

Network administrators should monitor the network, and servers should record users' access to network resources. For illegal network access, the server should give an alarm in the form of graphics, text or sound to attract the attention of network administrators.

2.2.7 Security control of network ports and nodes

The ports of servers in the network are often protected by automatic callback devices and silent modems, and the identity of nodes is identified by encryption.

3. Information encryption strategy

The basic process of data encryption is to process the original plaintext file or data according to some algorithm, making it an unreadable code, usually called "ciphertext", so that its original content can be displayed after inputting the corresponding key. In this way, the data can be protected from being stolen and read by illegal personnel. The reverse process of this process is decryption, that is, the process of converting encoded information into its original data.

Encryption technology is usually divided into three categories: symmetry, asymmetry and single item.

Symmetric encryption means that encryption and decryption use the same key, which is usually called "session key". This encryption technology is widely used at present.

Asymmetric encryption means that encryption and decryption do not use the same key. There are usually two keys, called "public key" and "private key", which must be used in pairs, otherwise the encrypted file cannot be opened.

Single item encryption is also called hash encryption. This kind of encryption uses hash algorithm to convert some information with different lengths into 128 bits of garbled code, which is called hash value.

4. Firewall technology

Network firewall technology is a special network interconnection equipment, which is used to strengthen the access control between networks, prevent external users from illegally entering the internal network through the external network, access the internal network resources, and protect the internal network operating environment.

4. 1 classification of firewall

According to the different technologies adopted by firewalls, we can divide them into four basic types: packet filtering, network address translation ――NAT, proxy and monitoring.

4.2 Packet Filtering Types

Packet filtering product is the primary product of firewall, and its technical basis is packet transmission technology in the network.

4.3 Network Address Translation NAT

Network address translation is a standard for converting IP addresses into temporary, external and registered IP addresses. It allows internal networks with private IP addresses to access the Internet.

4.4 Agent Type

Proxy firewall can also be called proxy server, which is more secure than packet filtering products and has begun to develop to the application layer. The proxy server is located between the client and the server, which completely blocks the data exchange between them.

4.5 Monitoring types

Monitoring firewall is a new generation product, and this technology has actually surpassed the original definition of firewall. The monitoring firewall can actively monitor the data at all levels in real time. Based on the analysis of these data, monitoring the firewall can effectively judge the illegal intrusion at all levels.

5. Precautionary measures for computer network security

5. 1 Whether the structural design of the network system is reasonable is the key to the implementation of network security.

Because the LAN adopts broadcast-based Ethernet, the communication packets between any two nodes are also captured by the network card of any node on the same Ethernet. The application of network segmentation technology will eliminate network hidden dangers from the source, and replacing * * * shared hubs with switching hubs will be another way to eliminate hidden dangers.

5.2 Strengthening computer management is the guarantee of network system security.

* * *1* * Strengthen facility management to ensure the physical security of computer network system. Establish and improve the safety management system to prevent illegal users from entering the computer control room and all kinds of illegal acts; ***2*** Strengthen access control and supervise the normal operation of computer network system. ***3*** Establish the access control module of the network. Network access control is a security protection measure against illegal network operations. ***4*** Create an attribute security service module. Attribute security control can associate a given attribute with files, directories and network devices of a network server. ***5*** Create a network server security configuration module. ***6*** Establish a file information encryption system. ***7*** Establish a network intelligent log system. ***8*** Establish a perfect backup and recovery mechanism.

With the development of computer technology and communication technology, computer network will increasingly become an important means of information exchange in industry, agriculture and national defense, and penetrate into all fields of social life. Therefore, it will be very important to recognize the vulnerability and potential threats of the network and adopt strong security strategies to ensure the security of the network. I believe that in the next decade, network security technology will definitely make greater progress.

refer to

[1] Zhu. Firewall and network packets [M]. Electronic industry press.

[2] Editorial Board of Information Management Series. Network security management [M]. Renmin University of China Press.

[3] Zhang Hongqi. Information network security [M]. Tsinghua University Publishing House.

[4] Zhang Qianli, Chen Guangying. New network security technology. People's Posts and Telecommunications Press.

[5] Tang Ziying et al. Computer Network. xidian university Publishing House.

[6] Peng Minde. Computer network course. Tsinghua University Publishing House, 67 ~ 88.

[7] Zhang Wei. Network security. Machinery Industry Press, 99.

This is Xiang Yan. Computer network security learning guidance and problem solving. Tsinghua University Publishing House,101~112.

[9] Yuan Jinsheng, Wu Yannong. Fundamentals of computer network security second edition. People's Posts and Telecommunications Press, 2003: 78 ~ 92.

Yin Wei. Computer Security and Virus Prevention Anhui Science and Technology Press, 2003: 372 ~ 382.

Click the next page, and more >>& gt.