With the development of computer, people are more and more aware of the importance of network. Through the network, computers scattered everywhere are connected by the network. As a part of the network, many computers are connected together to form a local area network, in which programs, files and other resources can be shared among them; You can also let multiple computers share the same hardware through the network, such as printers and modems. At the same time, we can also send and receive faxes by computer through the network, which is convenient, fast and economical.

2 1 century, computers all over the world will be connected through the internet, and the connotation of information security will be fundamentally changed. Not only has it changed from a general defense to a very common defense, but it has also changed from a specialized field to ubiquitous. When mankind enters the information society and network society in the 2nd/kloc-0th century, China will establish a complete network security system, especially one with China characteristics in policy and law.

A country's information security system actually includes national laws and policies, as well as the development platform of technology and market. When building an information defense system, China should focus on developing its own unique security products. The ultimate way for China to truly solve the network security problem is to develop the national security industry and promote the overall improvement of network security technology in China.

Network security products have the following characteristics: first, network security comes from the diversification of security strategies and technologies, and it is not safe to adopt unified technologies and strategies; Second, the security mechanism and technology of the network should be constantly changing; Thirdly, with the extension of the network in society, there are more and more means to enter the network. Therefore, network security technology is a very complicated system engineering. Therefore, the establishment of a network security system with China characteristics needs the support of national policies and regulations and the joint research and development of the Group. Security and anti-security are like two contradictory aspects, always rising upwards, so the future security industry will also develop with the development of new technologies.

Information security is an important issue facing national development. For this problem, we haven't considered it from the system planning, and developed it from the technology, industry and policy. The government should not only see that the development of information security is a part of China's high-tech industry, but also see that the policy of developing security industry is an important part of the information security system, and even see that it will play a very important role in the future development of electronic information technology in China. Chapter II Current Situation of Network Security

2. Challenges facing network security

The possible challenges of network security

The amount of spam will increase.

A recent report by Message Labs, an e-mail security service provider, predicted that in 2003, the growth rate of global spam will exceed that of normal e-mail, and the average capacity of each spam will be much larger than that of normal e-mail. This undoubtedly increases the workload and difficulty of successfully attacking spam. Companies that have not installed any anti-spam software at present may have to take precautions early, otherwise their employees will have to press the "delete button" on the keyboard every day in the future. In addition, anti-spam software should be constantly upgraded, because at present, spammers are already implementing guerrilla tactics of "shooting one gun for another place".

Instant messaging tools are still vulnerable to spam attacks.

In the past, instant messaging tools were less disturbed by spam, but now the situation has changed a lot. Spammers will collect a large number of network addresses through various means, and then send messages to users in instant messaging to induce them to visit some illegal charging websites. What's more troublesome is that some manufacturers selling legal products are also using this boring means to get netizens hooked. At present, there is no software on the market to prevent instant messaging from interfering with information, which is undoubtedly a business opportunity for software companies.

Hardware with built-in protection software is in a dilemma.

Now people pay more attention to network security than before. One of the manifestations of this awareness is that many hardware devices have built-in protection software before leaving the factory. Although this practice appeared several years ago, it is expected to become a trend in the next few years. However, this hardware product with self-protection function is encountering an embarrassment, that is, while some people welcome this product, some people oppose it. On the bright side, this hardware product is easier to install and the overall price is relatively low. But it also has its own shortcomings: if enterprise users need more specialized software services, this product will not have a large range of flexibility.

Redefine the scope of network security maintenance for enterprise users.

At present, it is very common for employees of major enterprises to log in to their company's network system through broadband access at home. The appearance of this new working mode has also brought new problems to network security, that is, the network security maintenance scope of enterprise users needs to be redefined. Because they are all remote loggers, they are not within the "sphere of influence" of traditional enterprise network security maintenance. In addition, due to the increasingly serious attacks from the network, many enterprise users have to install a series of network security software such as firewall, anti-intrusion system and anti-virus software on each PC in their own network system. This has also changed the previous concept of enterprise users on the scope of network security maintenance.

Personal credit information.

Personal credit information occupies an important position in the daily life of the public. In the past, cyber criminals only stole individual users' credit card accounts through the Internet, but with the improvement of the means of stealing personal credit information online, it is expected that this crime will develop to the extent of stealing personal credit information from the American public in 2003. For example, cybercriminals can take a look at your bank deposit account number, social insurance account number, and your recent whereabouts. If this criminal trend cannot be effectively curbed, it will undoubtedly bring great negative impact on the daily life of the American public.

3. The current situation of the virus

With the increasing popularity of the Internet, our daily life is constantly networked, but at the same time, network viruses are constantly raging and threatening. In the past six months, Internet security has been threatened, and the problem of hacker worm invasion has become more and more serious, and it has the trend of flooding.

In August, 2003, the shock wave worm spewed out only 26 days after the Windows security vulnerability was exposed, which caused a loss of up to $2 billion to computer users all over the world in eight days, whether it was enterprise system or home computer users.

According to the latest Symantec Internet security threat report, in the first half of 2003, more than 994 new Win32 viruses and worms were discovered, more than double the 445 in the same period of 2002. At present, the total number of Win32 viruses is about 4000. In the same period of 200 1, only 308 new Win32 viruses were found.

This report is the most complete and comprehensive threat trend analysis put forward by Symantec from June 65438+1 October1to June 3 1 this year. Respondents came from 500 users of security management services around the world, and the data were detected by 20,000 DeepSight threat management system detectors.

Roland Wilschen, senior regional director of Symantec, said at the news briefing that although Microsoft has a huge user market share, it also has a large number of loopholes, and it is expected that it will become a virus target.

He pointed out that the reason why open source codes such as Linux are not attacked by too many viruses and worms is entirely because there are too few users, so that virus makers simply don't pay attention to it. For example, he said that the robbers certainly knew that they were targeting banks with a lot of cash, so he believed that with the increase of users using Linux platform, there would be viruses and worms targeting Linux.

However, he does not agree that the cooperative spirit of the open source community will be able to effectively resist any threat. He said that as long as the source code is exposed, it is possible to find out its security loopholes, and there are not all good people in the world, and there are many malicious people.

Instant messaging virus quadrupled.

Symantec's Internet security threat report pointed out that in the first half of 2003, the number of viruses and worms spread by IM software (IM) such as instant messaging and ICQ and peer-to-peer network (P2P) increased by 400% compared with 2002. Among the top 50 viruses and worms, 65,438+09 malicious codes are spread by instant messaging and P2P. It is understood that both IM and P2P are caused by insufficient network security protection measures, but this is not the main reason, mainly because of their popularity and users' ignorance.

According to the report, the company discovered 1432 security vulnerabilities in the first half of this year, an increase of 12% compared with 1276 security vulnerabilities in the same period last year. 80% of them can be controlled remotely, so serious attacks can be carried out through the network, so Symantec lists such remotely controllable vulnerabilities as medium to high serious risks. In addition, in the first half of this year, moderately serious vulnerabilities increased by 2 1%, highly serious vulnerabilities increased by 6%, but low serious vulnerabilities decreased by 1 1%.

As for the loopholes of integer errors, there is also an increasing trend. This year 19 cases increased from 3 cases in the same period last year 16 cases. In the first half of this year, Microsoft's Internet browser had 12 vulnerabilities, and Microsoft's Internet information server also had many vulnerabilities. Symantec thinks it will be the target of more attacks. Nimda Code Red Team has attacked before.

The report shows that 64% of the attacks are aimed at new software security vulnerabilities (less than the discovery period of 1 year), which shows that virus makers are responding to vulnerabilities faster and faster. Take the Blaster shock wave as an example. It appeared only 26 days after the Windows security vulnerability was discovered.

The threat speed and frequency of well-known viruses and worms have also increased a lot. In the first half of this year, the number of well-known threats increased by 20% compared with the same period of last year, and 60% of malicious codes were well-known viruses. The Slammer worm, which caused global paralysis in just a few hours in June 5438+ 10, was aimed at the security vulnerability discovered in July 2002. In addition, attacks on confidential information have also increased by 50% compared with the first half of last year. Bugbear.b is a worm that locks banks.

Hacker virus characteristics

Symantec's Internet security threat report also shows interesting data, such as the trend of decreasing weekend attacks, which is the same as that of the same period last year.

Even so, the weekend two days add up to about 20%, which may be because the attacker will think that no one goes to work on the weekend and is not well prepared. Symantec said that this means that network security monitoring cannot be relaxed because of weekend breaks.

The report also compares the different trends of worm attacks and non-worm attacks during the weekend. Non-worm attacks tend to decline over the weekend, while worm attacks remain at the usual level. No matter what day the worm is, there are many factors that can affect its spread speed. For example, few people turn on computers on weekends, which does have some influence on the spread of worms.

The report also shows that the peak of virus attacks on the Internet is between 1 pm and 10 pm GMT. Even so, the time difference between countries and the attack peak time in different countries will be slightly different. For example, the peak hours of attacks in Washington are 8 am and 5 pm, while in Japan it is 10 and 7 pm.

The threat speed and frequency of well-known viruses and worms have also increased a lot. In the first half of this year, the number of well-known threats increased by 20% compared with the same period of last year, and 60% of malicious codes were well-known viruses. The Slammer worm, which caused global paralysis in just a few hours in June 5438+ 10, was aimed at the security vulnerability discovered in July 2002. In addition, attacks on confidential information have also increased by 50% compared with the first half of last year. Bugbear.b is a worm that locks banks. Management loopholes-if two servers have the same user/password, server A is invaded, and server B is not spared; Software vulnerabilities-such as Netscape EnterPrise Server service commonly used on Sun system, you can see all files in the Web directory by entering a path; For example, as long as many programs receive some abnormal or long data and parameters, it will lead to buffer overflow; Structural vulnerabilities-for example, in an important network segment, hackers can monitor the data of network communication traffic due to unreasonable settings of switches and hubs; Another example is that the deployment of security products such as firewalls is unreasonable, and the relevant security mechanisms cannot play a role, paralyzing technical managers and causing hacker attacks; Trust loopholes-for example, the system trusts a foreign partner's machine too much. Once this partner's machine is hacked, the security of this system will be seriously threatened;

To sum up, if a hacker wants to successfully invade the system, he must analyze various technical factors, management factors and personnel factors related to the target system.

Therefore, the following conclusions are drawn:

A, there is no absolutely safe system in the world; B, threats and attacks on the network are man-made, and the contest between system defense and attack is nothing more than a contest between people; C, a specific system has certain security conditions, and under a specific environment, it is easy to defend but difficult to attack under the maintenance of specific personnel; D, the software and hardware within the network system are constantly developing and changing with the needs of the application; External threats and new attack methods of network system emerge one after another, new vulnerabilities appear constantly, attack methods are refurbished, and the external security conditions of network system are constantly changing with time.

In short, network security is relative, relative to people, relative to systems and applications, relative to time. 4. Security defense system

3. 1.2

Modern information systems are supported and interconnected by networks. In order to protect the information system from hackers and viruses, the key is to establish a security defense system, from information confidentiality (ensuring that information is not leaked by unauthorized people) to information integrity (preventing information from being tampered with by unauthorized people and ensuring that real information reaches the real destination without distortion) and information availability (ensuring that information and information systems are really used by authorized users, Prevent the system from refusing service or being used by opponents due to computer viruses or other human factors), the controllability of information (realizing the security monitoring and management of information and information systems), and the non-repudiation of information (ensuring that information actors cannot deny their actions).

Security defense system is a systematic project, including technology, management, legislation and other aspects. For convenience, we simplify it to a structure represented by a three-dimensional frame. Its constituent elements are security characteristics, system units and the structural hierarchy of open interconnection reference model.

The dimension of security features describes the security service and security mechanism of computer information system, including identity authentication, access control, data confidentiality, data integrity, denial prevention, audit management, availability and reliability. Computer information systems with different security policies or at different levels of security protection may have different security characteristics. System unit dimension includes all components of computer information system, as well as the physical and management environment for using and managing information system. The hierarchical dimension of open system interconnection structure describes the hierarchical structure of hierarchical computer information system.

Frame is a three-dimensional space, which breaks through the old mode of single function consideration and is planned from the top. It contains all safety-related elements such as physics, regulations and personnel, and takes into account all kinds of laws, regulations, rules and systems related to system safety and personnel management.

In addition, from the perspective of information warfare, passive defense is not enough, and both attack and defense should be paid equal attention. It is very necessary to detect vulnerabilities, emergency response and rapid recovery on the basis of protection.

At present, all countries in the world are stepping up efforts to strengthen the information security defense system. From June 2000 1 to May 2003, the United States implemented the National Plan for the Protection of Information Systems (V 1.0), which fundamentally improved the ability to prevent the invasion and destruction of information systems. China urgently needs to strengthen the information security guarantee system and establish our army's information security strategy and defense system. This is not only the need of the times, but also the need of national security strategy and military development. It is also the need of realistic struggle and an urgent historical task before people. 5 encryption technology

Cryptography theory and technology mainly includes two parts, namely, mathematics-based cryptography theory and technology (including public key cryptography, block cryptography, sequence cryptography, authentication code, digital signature, hash function, identity identification, key management, PKI technology, etc.). ) and non-mathematical cryptography theory and technology (including information invisibility, quantum cryptography, biometrics theory and technology).

Since 1976 put forward the idea of public key cryptography, a variety of public key cryptography systems have been proposed internationally, but there are two popular ones at present: one is based on factorization of large integers, and the most typical one is RSA；; The other is based on discrete logarithm problems, such as ElGamal public key cryptosystem and elliptic curve public key cryptosystem. The ability to decompose large integers is getting stronger and stronger, which poses a certain threat to the security of RSA. At present, RSA with a module length of 768 bits is not secure. In general, it is recommended to use a module length of 1024. It is estimated that the module length of 1280 bits will be selected to ensure the safety for 20 years. Increasing the module length will bring difficulties to implementation. The public key cryptosystem based on discrete logarithm problem, under the existing technology, has a module length of 5 12 bits, which can ensure its security. Especially, the calculation of discrete logarithm on elliptic curve is more difficult than that on finite field. At present, it only needs the length of 160 bit module, which is suitable for the realization of smart cards, so it has attracted extensive attention of scholars at home and abroad. The international standard IEEEP 1363 for elliptic curve public key cryptography has been formulated, and some companies such as RSA claim to have developed elliptic curve public key cryptography that meets this standard. Chinese scholars have also put forward some public key cryptography, and done some work in the rapid implementation of public key cryptography, such as RSA and elliptic curve public key cryptography. The fast implementation of public key cryptography is a hot topic in public key cryptography research, including algorithm optimization and program optimization. Another issue that people are concerned about is the security demonstration of elliptic curve public key cryptography.

Public key cryptography is mainly used for digital signature and key distribution. Of course, both digital signature and key distribution have their own research systems, forming their own theoretical framework. At present, the research content of digital signature is very rich, including ordinary signature and special signature. Special signatures include blind signature, proxy signature, group signature, undeniable signature, fair blind signature, threshold signature and signature with message recovery function. It is closely related to the specific application environment. Obviously, the application of digital signature involves legal issues. The federal government of the United States has formulated its own digital signature standard (DSS) based on the discrete logarithm problem over a finite field, and some states have also formulated digital signature laws. France was the first country to promulgate the digital signature law, and other countries are also implementing it. In terms of key management, there are some big moves in the world, such as the theory and technology of key escrow proposed by the United States in 1993, the X.509 standard formulated by the International Organization for Standardization (which has been developed to the third edition), and the Kerboros protocol formulated by the Massachusetts Institute of Technology (which has been developed to the fifth edition). , has a great influence. Another very important technology in key management is secret sharing technology, which is a technology to divide secrets to prevent them from being too concentrated. Since Shamir put forward this idea in 1979, the theory and technology of secret sharing have been developed and applied unprecedentedly, especially its application is still very concerned. Chinese scholars have also done some follow-up research in these areas, published many papers, and implemented some CAs according to the X.509 standard. But I haven't heard of any department planning to formulate a digital signature law. At present, people are concerned about the specific application of digital signature and key distribution and the in-depth study of potential channels.

Authentication code is a relatively theoretical research topic. Since the late 1980s, great progress has been made in its structure and bounds estimation, and the research work of China scholars in this field is also excellent and influential. At present, the theory in this field is relatively mature, and it is difficult to make a breakthrough. In addition, the application of authentication code is very limited, almost staying in theoretical research, and it is no longer a research hotspot in cryptography.

Hash function is mainly used to check the integrity of digital signature and improve the validity of digital signature. At present, many schemes have been put forward, each with its own advantages. The United States has formulated the Hash standard -SHA- 1 to match its digital signature standard. Due to technical reasons, the United States is currently preparing to update its Hash standard, and Europe is also formulating Hash standard, which will inevitably lead to the research of Hash function, especially practical technology becoming a hot spot.

Information exchange encryption technology is divided into two categories: symmetric encryption and asymmetric encryption.

1. symmetric encryption technology

In symmetric encryption technology, information encryption and decryption use the same key, that is, a key opens a lock. This encryption method can simplify the encryption process, and both sides of information exchange do not need to study and exchange special encryption algorithms with each other. If the private key is not leaked in the exchange phase, confidentiality and message integrity can be guaranteed. Symmetric encryption technology also has some disadvantages. If a party has n exchange objects, then he must maintain n private keys. Another problem of symmetric encryption is that both parties share a private key, and any information of both parties is encrypted with this key and transmitted to the other party. For example, triple DES is a variant of DES (Data Encryption Standard). This method uses two independent 56 keys to encrypt information for three times, so that the effective key length reaches 1 12 bits.

2. Asymmetric encryption/public key encryption

In an asymmetric encryption system, the key is decomposed into a pair (that is, a public key and a private key). Any one of this pair of keys can be disclosed to others in a non-confidential way as a public key (encryption key), while the other key can be saved as a private key (decryption key). The public key is used for encryption and the private key is used for decryption. The private key can only be held by the exchanger who generated the key. The public key can be widely distributed, but it only corresponds to the exchange party that generates the key. Asymmetric encryption can establish secure communication without exchanging keys in advance, and is widely used in information exchange fields such as identity authentication and digital signature. Asymmetric encryption system is generally based on some known mathematical problems, which is the inevitable result of the development of computer complexity theory. The most representative is RSA public key cryptosystem.

3.RSA algorithm

RSA algorithm is the first perfect public key cryptosystem proposed by Rivest, Shamir and Adleman in 1977, and its security is based on the difficulty of large integer decomposition. In RSA system, the basic fact is used: up to now, no effective algorithm can be found to decompose the product of two prime numbers. The description of RSA algorithm is as follows:

Public key: n=pq(p and Q are two different big prime numbers, and P and Q must be kept secret).