Current location - Quotes Website - Personality signature - Computer Network Security Problems and Solutions
Computer Network Security Problems and Solutions
The first question:

Step 1. The client sends its own identity information to KDC, and KDC obtains TGT (Bill Granting Ticket) from the Bill Granting Service, and encrypts TGT back to the client with the key between the client and KDC before the agreement starts.

Step two. The client uses the TGT obtained before to request tickets for other services from KDC, thus passing the authentication of other services.

Part 2 can be divided into the following five steps.

1. The client sends the TGT and service information (service name, etc.) obtained before. ) to KDC, and the ticket granting service of KDC will generate a session key between the client and the service, so that the service can authenticate the client. Then, KDC packages this session key together with the user name, user address (IP), service name, expiration date and time stamp into a ticket (which is ultimately used by the service to authenticate the client) and sends it to the service. However, the Kerberos protocol does not send the ticket directly to the service, but forwards it to the service through the client. So there is a second step.

2. At this time, KDC forwards the ticket to the customer. Because this ticket is for the service, the client can't see it, so before the protocol starts, KDC encrypts this ticket with the key between KDC and the service, and then sends it to the client. Meanwhile, in order to share the secret (the session key created by KDC in the first step) between the client and the service, KDC encrypts the session key with the key between the client and it, and returns it to the client together with the encrypted ticket.

3. In order to complete the delivery of the bill, the client forwards the bill just received to the service. Because the client does not know the key between KDC and the service, it cannot change the information in the ticket. At the same time, the client decrypts the received session key, then encapsulates its user name and user address (IP) into an Authenticator, encrypts it with the session key and sends it to the service.

4. After receiving the ticket, the service decrypts the information in the ticket with the key between it and KDC, thus obtaining the session key, user name, user address (IP), service name and expiration date. Then the session key is used to decrypt the authenticator to get the user name, and the user address (IP) is compared with the decrypted user name and IP in the previous ticket to verify the identity of the client.

5. If the service returns a result, return it to the client.

The second question:

RSA has the characteristics of high security, high encryption speed and high precision.

The implementation process of digital signature is described as follows:

The file sent by (1) is encrypted with SHA code to generate 128 digits.

(2) The sender re-encrypts the abstract with his own private key to form a digital signature.

(3) Send the original text and the encrypted abstract to the other party at the same time.

(4) The other party decrypts the digest with the sender's public key and encrypts the received file with SHA code to generate another digest.

(5) Comparing the decrypted digest with the digest generated by re-encryption of the received file at the receiving end. If the two are consistent, it means that the information has not been destroyed or tampered with during transmission. Otherwise, otherwise.

Supplementary question 1:

subdivide

Divided into 8 subnets, the n power of 2 >; =8 n=3, you only need to borrow at least 3 digits.

The subnet mask is 255.255.255.224.

Network segment distribution

202.202.202.00000000 202.202.202.0/27

202.202.202.00 100000 202.202.202.32/27

202.202.202.0 1000000 202.202.202.64/27

202.202.202. 10000000 202.202.202. 128/27

202.202.202.0 1 100000 202.202.202.96/27

202.202.202. 10 100000 202.202.202. 160/27

202.202.202. 1 1000000 202.202.202. 192/27

202.202.202. 1 1 100000 202.202.202.224/27

A.202.202.202.0/27 IP address range that can be allocated to the network segment 202.202.202.1/27-202.202.202.30/27.

B.202.202.202.32/27 IP address range that can be allocated to 202.202.202.33/27-202.202.202.62/27 network segment.

C.202.202.202.64/27 IP address range that can be allocated to 202.202.202.65/27-202.202.202.95/27 network segment.

D.202.202.202.96/27 IP address range that can be allocated to the network segment 202.202.202.97/27-202.202.202.126/27.

E.202.202.202. 128/27 The range of IP addresses that can be assigned to network segments is 202.202.202.129/27-2002.202.202.158/27.

F.202.202.202. 160/27 The range of IP addresses that can be assigned to network segments is 202.202.202.161/27-2002.202.202./kloc-0.

G.202.202.202. 196/27 IP address range that can be allocated to network segments 202.202.202.197/27-202.202.222/27.

IP address range that can be assigned to the h.202.202.202.224/27 network segment 202.202.202.225/27-202.202.202.254/27.

I'm too tired to do anything.

Shenglan pre-sales engineer