In order to make the network information run in a good environment, it is very important to strengthen the network information security.

In order to construct network security measures and ensure network security, it is necessary to comprehensively analyze the vulnerability and threats of the network.

On the basis of introducing the vulnerability and threat of network security, this paper briefly expounds the technical countermeasures of network security.

Keywords: technical countermeasures of network security vulnerability threat

First, the fragility of network security.

Because of the extensive network distribution, the openness of network architecture, the * * * enjoyment of information resources and the * * * availability of communication channels, computer networks, especially internet networks, have many serious vulnerabilities.

1. An unguarded network has many loopholes and backdoors.

System vulnerabilities left a back door for viruses. There are more or less loopholes and backdoors in multiple ports, various softwares and even some security products of the computer, so the security cannot be reliably guaranteed.

2. Electromagnetic radiation

Electromagnetic radiation shows two vulnerabilities of the network: on the one hand, the electromagnetic radiation generated by electronic and electrical equipment around the network and the interference radiation source that deliberately tries to destroy data transmission; On the other hand, the leakage of electromagnetic radiation generated by terminals, printers or other electronic devices in the network can be received and recovered.

4. Cross interference

The function of crosstalk is to generate transmission noise, which will cause serious damage to the signals transmitted on the network.

5. Hardware failure

Hardware failure will cause software system interruption and communication interruption, resulting in huge losses.

6. Software failure

Communication network software package contains a large number of parts to manage system security. If these software programs are destroyed, then this system is an extremely unsafe network system.

7. Human factors

People inside the system steal confidential data or destroy system resources, or even directly destroy the network system.

8. Network size

The bigger the network, the more vulnerable its security is.

9. Network physical environment

This vulnerability comes from natural disasters.

10. Communication system

In general communication systems, it is relatively simple to obtain access rights, and opportunities always exist.

Once the information is sent from the generation storage device, it will become the content of the other party's analysis and research.

Second, network security threats.

The threats faced by the network can be roughly divided into two types: one is the threat to the information in the network; The second is the threat to the equipment in the network.

There are many reasons for these two threats: man-made and non-man-made, malicious and non-malicious, internal and external attacks, etc. To sum up, there are three main types:

1. Unintentional human error

Such as security loopholes caused by improper security configuration of operators, poor security awareness of users, careless password selection of users, and users lending their accounts to others or sharing them with others at will all pose a threat to network security.

2. Manmade malicious attacks

This is the biggest threat to the computer network, and both hacker attacks and computer crimes fall into this category.

This kind of attack is divided into the following two types: one is active attack, which selectively destroys the validity and integrity of information through various ways; The other is passive attack, which intercepts, steals and deciphers important confidential information without affecting the normal work of the network.

Both attacks will do great harm to computer networks and lead to the disclosure of confidential data.

3. Vulnerabilities and backdoors of network software

Network software can't be 100% defect-free and bug-free.

These loopholes and defects are the first choice for hacker attacks. Hackers break into the network because of imperfect security measures.

In addition, the back door of software is set by the designers and programmers of software companies for their own convenience, which is generally unknown to outsiders, but once the back door is opened, the consequences will be unimaginable.

Third, the technical countermeasures of network security

Once an unguarded network is attacked maliciously, it will mean a disaster.

Be prepared for danger in times of peace, plan ahead, overcome fragility, contain threats and nip in the bud.

Network security is the sum of all measures to deal with threats, overcome loopholes and protect network resources.

In view of the security threats from different aspects, different security countermeasures need to be taken.

Take comprehensive measures from the aspects of law, system, management and technology to complement each other and achieve better safety effect.

Technical measures are the most direct barrier. At present, the common and effective technical countermeasures for network security are as follows:

1. encryption

The main purpose of encryption is to prevent unauthorized information disclosure.

There are three common methods of network encryption: link encryption, endpoint encryption and node encryption.

The purpose of link encryption is to protect the security of link information between network nodes; The purpose of endpoint encryption is to protect data from source users to destination users; The purpose of node encryption is to protect the transmission link between source node and destination node.

The process of information encryption is realized by various encryption algorithms. There are many kinds of encryption algorithms, which can be divided into conventional encryption algorithms and public key encryption algorithms according to whether the sender and the receiver have the same key. However, in practical application, people usually combine conventional encryption algorithm with public key encryption algorithm, which can not only realize encryption, but also realize digital signature, authentication and other functions, and can effectively resist interception, illegal access, destruction of information integrity, impersonation, denial, repetition and so on.

Therefore, cryptography is the core technology of information network security.

2. Digital signature

Digital signature mechanism provides an authentication method to solve security problems such as forgery, denial, counterfeiting and tampering.

Digital signature adopts a data exchange protocol, which makes the sender and receiver of data meet two conditions: the receiver can identify the identity claimed by the sender; The sender cannot deny the fact that he will send data in the future.

Data signature generally adopts asymmetric encryption technology, and the sender encrypts the whole plaintext to get a value as the signature.

The receiver uses the sender's public key signature to decrypt. If the result is clear and the signature is valid, it proves that the other province is true.

identify

The purpose of authentication is to verify the identity of users or information.

A unique identification of an entity's declared identity, which is used to verify its access request or ensure that information comes from or reaches the specified source and destination.

Authentication technology can verify the integrity of messages and effectively resist threats such as counterfeiting, illegal access and replay.

According to different authentication objects, authentication technology can be divided into message source authentication and mutual authentication between communication parties.

There are many methods of identification; Verify the integrity of the message using the authentication code; Use passwords, keys and access control mechanisms to identify users and prevent counterfeiting and illegal access; The best authentication method today is digital signature.

Using one-way digital signature, message source authentication, access identity authentication and message integrity authentication can be realized.

4. Access control

Access control is the main countermeasure of network security prevention and protection, its purpose is to prevent illegal access, and access control is to take various measures to ensure that system resources are not illegally accessed and used.

It is generally realized by centralized control based on resources, filtering management based on source address and destination address, and network visa technology.

5. Firewall

Firewall technology is an application security technology based on modern communication network technology and information security technology, which is more and more used in the interconnection environment of private network and public network.

The first barrier between large-scale network system and Internet is firewall.

Firewall can effectively manage network security by controlling and monitoring the information exchange and access behavior between networks. Its basic functions are: filtering data in and out of the network; Manage access behavior inside and outside the network: block some prohibited behaviors; Record the information content and activities passing through the firewall; Detect network attacks and issue alerts.

With the development of computer technology and communication technology, computer network will increasingly become an important means of information exchange in industry, agriculture and national defense, and penetrate into all fields of social life.

Therefore, it is very important to recognize the vulnerability and potential threats of the network and take strong security countermeasures to ensure the security of the network.

References:

Zhang Shiyong. Principle and application of network security. Beijing Science Press 2003.

[2] Cui. National defense information security strategy. Beijing: Jincheng Press, 2000.

Simulation and application of network security risk assessment II

With the popularization and application of the Internet, the problem of network security has become increasingly prominent. While adopting a series of network security prevention technologies, such as firewall technology, intrusion detection and defense technology, proxy technology, information encryption technology and physical prevention technology, people begin to adopt the method of network security risk assessment to help solve network security problems.

In order to improve the accuracy of network security risk assessment, an assessment model based on support vector machine is proposed. Through simulation analysis, it is concluded that the model is feasible and has certain application value.

Keywords network security risk assessment simulation

Today is the information age, and the application of computer network has penetrated into all fields of society, bringing unprecedented convenience to people's work and life.

At the same time, however, network security issues are becoming increasingly prominent. How to ensure the security of network operation through a series of practical and effective security technologies and strategies has become an important problem we are facing.

Network security risk assessment technology has attracted much attention in the field of information security, but so far it still depends on the ability and experience of personnel, lacking autonomy and effectiveness, and the assessment accuracy is low.

A network security risk assessment model is established based on support vector mechanism, which combines qualitative analysis with quantitative analysis, and comprehensively evaluates the network security risk through comprehensive numerical analysis method, providing a basis for network security management.

1 Construction of Network Security Risk Assessment Model

The quality of network security risk model directly affects the evaluation results. Based on support vector machine and combined kernel function with good generalization ability and learning ability, each index feature of information system samples is mapped to a high-dimensional feature space to form an optimal classification hyperplane, and a two-level classification evaluation model of network information security risks is constructed.

The combined kernel function is expressed as:

K(x，y)=d 1Kpoly(x，y)+d2KRBF(x，y) d 1+d2= 1

Kpoly is a polynomial kernel function and KRBF is a radial basis kernel function.

The combined kernel function can highlight the local information near the test point and keep the global information far away from the test point.

In this paper, d=2 and d=4 polynomials with good extrapolation ability are mainly selected.

On the other hand, when %l= 1, the kernel function is not strong, and when %l=0.5, the kernel function is strong, so the combination of support vector machines d=2 and %l=0.5 is selected to test the combined kernel function.

2 simulation study

2. 1 data set and experimental platform

Before constructing the network security risk assessment model, it is necessary to determine the assessment indicators that can reflect the security attributes and network risk level of the assessed object on the basis of in-depth understanding and induction of the influencing factors of network security. According to the three elements of network security, assets (communication services, computing services, information and data, equipment and facilities), threats (information tampering, information and resource destruction, information theft and transfer, information leakage, information loss and network service interruption) and vulnerabilities (vulnerabilities in threat model, design specification, implementation, operation and configuration) are determined as network security risk assessment indicators, and a complete network security is constructed from three aspects: network layer, transport layer and physical layer.

The selected network security risk assessment indicators are divided into five levels: negligible risk, acceptable risk, marginal risk, unacceptable sharing and catastrophe risk.

After that, the network assessment level is established, and the network security risk assessment level is set to four levels: safe, basic safe, unsafe and very unsafe.

After the evaluation index is determined, the sample data set is constructed, that is, the training sample set and the test sample set.

In order to verify the feasibility and effectiveness of the model, an experimental network is constructed based on the effective network experimental environment used in the previous research, and the access control strategy of each node in the experimental network is designed. Node A is a PC in the external network, representing visiting users outside the target network. Node B network information server, whose WWW service is open to A, and whose Rsh service can monitor the data flow of local WWW service; Node C is a database, and the WWW service of Node B can read and write information to it. Node D is a management machine, which can manage Node B； through Rsh service and Snmp service; Node E is a personal computer, and the administrator can read and write information to the database of Node C. ..

2.2 the realization of network security risk assessment model

Divide the data into training data and test data. If each training data can be expressed as 1? 6-dimensional line vector, namely:

Rm=[Am，0，Am， 1，Am，2，…Am， 15]

Then, the security performance index matrix of the whole network information system is:

Rm=[R0，R 1，R2，…Rm- 1]

Taking these M project safety performance index matrices as training data sets, the binary classification evaluation model is trained by using the training data sets, and nonlinear transformation is carried out to make the training data linearly separable. Through training and learning, the support vector is found, the optimal classification hyperplane is constructed, and the model decision function is obtained. Then, set the minimum error precision and the maximum training times. When the training accuracy is less than the predetermined target error, or the number of network iterations reaches the maximum number of iterations, stop training and save the network.

The principal component analysis method, that is, "standardization of index data-calculation of covariance matrix-solution of eigenvalue and U value-determination of principal component", is used to reduce the dimension of the index, eliminate redundant information, extract less comprehensive indicators to reflect the original index information as much as possible, and improve the evaluation accuracy.

In practice, the first five principal components can represent 16 index systems.

Input the index value after principal component analysis into the trained model, evaluate the network to be evaluated, and judge the network security level according to the network output level value.

2.3 Experimental results and analysis

After testing the test sample set with the trained network, the test results are obtained.

The results show that the two-level classification evaluation model based on support vector machine can correctly evaluate the security level of the network, and the evaluation accuracy is as high as 100%. The result is closer to reality, and the evaluation result is completely acceptable.

Even so, in daily management, it is still necessary to strengthen maintenance and adopt appropriate network security technologies to prevent hacker attacks and virus attacks and ensure the normal operation of the network.

3 Conclusion

In a word, network security risk assessment technology is one of the effective measures to solve the network security risk problem.

A two-level classification evaluation model based on support vector machine is proposed. Through simulation analysis, it is concluded that the model is feasible and effective in quantitative assessment of network security risks.

In the future, we should also consider the influence of existing security measures and security management factors on network security, and further improve the evaluation model and related evaluation methods by using network data to achieve the purpose of improving the evaluation effect.

refer to

[1] Bu Shan, Zhang Youdong. Computer security technology [M]. Higher Education Press, 2005, 10.

[2] Zhang Qianli. New Technology of Network Security [M]. People's Posts and Telecommunications Publishing House, 2003.

[3] Feng Dengguo. Principle and technology of network security [M]. Science and technology press, 2003, 9.