How to learn

Have learning goals.

Have a study plan.

Have the right attitude.

Strong self-study ability.

learning target

1. Identify your development direction (What are you going to do now or in the future, programmer? Security expert? Internet hackers, etc. )

2. What is your current level and ability?

Can operate windows2000 simply.

You can simply configure some services of windows2000.

Able to skillfully configure various services of Windows2000.

Proficient in configuring win2000 and various network devices.

You can simply operate one or more operating systems in Linux, UNIX, HP-UNIX and Solaris.

You can configure cicso, Huawei, 3com, Lucent and other network devices.

Can simply write C/C++, Delphi, Java, PB, VB, Perl.

You can simply write Asp, Php, Cgi and scripts, shell scripts.

You must learn not to trust and respect all kinds of abilities.

Don't waste time on people who put on airs.

Respect others' abilities,

You will enjoy the pleasure of improving your ability.

After knowing your own level and ability, you must start your own goals.

Security expert.

Hackers.

-Senior programmer

Hackers build networks instead of destroying them, and saboteurs are hackers;

Hackers have the technology of invasion, but they maintain the network, so they are similar to security experts;

Because you know how to invade and you know how to maintain it.

Because you know how to maintain, you need to know how to invade.

This is the connection between hackers and security experts.

However, they all grew up on the basis of programming!

Let's start our study plan!

learning plan

With a study plan, you can study more effectively.

Safety learning plan

We don't expect to be proficient in win98, nor do we explain how to use win98 and how to be proficient. Our starting point is win2000 s.

However, this is the minimum standard of our training, and it is also very important for you to have a certain understanding of English.

Most basic

A. I will install win2000, knowing that there are two partition formats when installing, NTFS and FAT32 and their differences, and knowing win2.

000 can partition, format hard disk, customize installation and customize some components you need to install when installing.

If you have a network card, you can directly join the learning point in the domain: NTFS and FAT32 partition the functions of different components.

Definition of domain

B. know how to open it, how to close it, and know the purpose of cancellation.

C. Understand the files and settings of win2000, the functions of main directories under WINNT and System32 programs.

M file

D. Understand the definition of each component in the management tool.

E. learn to use the command prompt command (dos)

F. know that various options in computer management are unreasonable.

G. understand the powerful network management function of win2000.

H. can operate win2000 very skillfully.

I. Understand the difference between IP address, subnet mask, gateway and MAC.

advanced

A. configure IIS and understand the function of each option.

B. Configure DNS and DHCP.

C. configure the primary control domain and the secondary domain.

D. Configure DFS

E. configuring routing and remote access

F. configure security policy IPSEC

G. configuring services (services)

H. configuring disk management and disk allocation

1. Configure RAID(0, 1, 0+ 1, 5)

J. Installation and simple configuration of router

K. Installation and simple configuration of switches

Common VPN, VLAN and NAT configurations.

Meter (short for meter) configures a general enterprise firewall.

Noun (abbreviation of Noun) configures common enterprise-level antivirus software.

elder

What we have learned before is part of the basic knowledge of anyone who wants to become a network security expert and hacker.

Did you do it?

If you do, you can find a very good job!

Configure load balancing

Configure Win2000+IIS+Exchange+MSSQL+Server-U+Load Balancing +ASP(PHP. CGI)+ checkpoint (ISA

Server)

Configure a three-layer switching network.

Configure various complex network environments.

Can plan a very complete network scheme.

You can form a large enterprise network by yourself.

Can quickly solve all kinds of difficult problems in the network.

end

You have learned everything above. You are already a senior talent and the goal of our VIP training!

You can find a very good job.

Don't worry about not buying roses for your girlfriend anymore!

Security:

Guide reading

System security service (system)

Firewall system (firewall)

Intrusion detection (IDS)

CertifiCAtion (ca)

Website monitoring and recovery (website)

Secure e-commerce

Secure e-mail (e-mail)

Security office automation (OA)

Internet access and monitoring (A & amp； c)

Virus prevention (virus)

Virtual local area network (VPN)

System security service

System security management

System security assessment

System security reinforcement

System security maintenance

Safety skill learning

System security management

Information system security strategy

Information system administrator's safety manual

Information system user safety manual

Emergency handling flow

System security assessment

1, overall security analysis of the system

Analyze the user's network topology and find out the security risks in its structure and network configuration.

By investigating the location of user information equipment, the equipment is physically safe.

Analyze the management and use process of user information system, so as to manage and use the system safely.

2, the host system security detection

Through the security scan of the host, the common security vulnerabilities of the system are found.

For a specific system, use special tools for security scanning.

According to the experience, the vulnerability of the system is comprehensively analyzed.

Give the system security vulnerability report.

Point out the causes and dangers of various security vulnerabilities.

Give suggestions to fix security vulnerabilities.

3, network equipment safety inspection

Through the security scanning of the network, the security vulnerabilities of network devices can be found.

According to the experience, the vulnerability of network equipment is comprehensively analyzed.

Make a report on the security vulnerabilities of network equipment.

Point out the causes and risks of various security vulnerabilities.

Give suggestions to fix security vulnerabilities.

Safety reinforcement

Make the latest security patches for user systems.

Fix security vulnerabilities in systems and networks for users.

Remove unnecessary services and application systems for users.

Set user access policy for user system.

Set file and directory access policies for user systems.

Carry out corresponding security treatment for user system applications.

Security system maintenance

Firewall system maintenance and security log analysis

IDS system maintenance and security log analysis

VPN system maintenance, security log analysis

Authentication system maintenance, security log analysis

Server, host system, security log analysis

Maintenance and log analysis of other safety facilities

Safety skills training

Basic knowledge of network security

Demonstration of network attack means and preventive measures

Principle and use of firewall

Principle and application of virtual private network

Principle and use of vulnerability scanning tool

The Principle and Use of Intrusion Detection System

The Principle and Use of Identity Authentication System

Principle and use of anti-virus products

Safety training for system administrators

General user safety training

Firewall system

Definition of firewall

Classification of firewall

Packet filtering firewall

Application gateway firewall

State detection firewall

General enterprise firewall configuration

Firewall configuration of government agencies

Configuration of security gateway for classified network

High availability and load balan firewall system

High speed firewall system

Definition of firewall

Devices used to connect networks with different trust levels.

Used to control the communication between networks according to the established security rules.

Classification of firewall

Packet filter (packet filter)

Application gateway.

State check (state check)

Packet filtering firewall

Packet filtering technology

Mainly implemented on the router, filtering according to user-defined content (such as IP address and port number). Packet filtering in network

Packet inspection at the network layer is application-independent.

Good point of view.

Good performance and scalability.

disadvantage?

Because packet filtering technology is insensitive to application, it can't understand the meaning of specific communication, and its security is poor.

Application gateway firewall

Application of gateway technology

The second generation firewall technology has greatly improved the application inspection, which can monitor all application layers and correspond at the same time.

The meaning of "content information" is introduced in the decision-making process of firewall policy.

superiority

The security is relatively high.

disadvantage?

1. This method must establish two connections for each request, one from the client to the firewall system and the other from.

Firewall system to the server, which will seriously affect performance.

2. The firewall gateway will be exposed to attackers.

3. Each agent needs an independent application process or daemon to handle it, which is extensible and supported.

There is a problem with the new application.

Detection state firewall

It belongs to the third generation firewall technology, which overcomes the shortcomings of the above two methods and introduces the complete seven-layer monitoring ability of OSI. At the same time,

It can also maintain the client/server architecture, that is, it is transparent to user access.

A firewall can protect and restrict other users' access to the firewall gateway itself.

Stateful inspection technology intercepts packets at the network layer and submits them to INSPECT Engine, through which you can

All the state-related information of the application layer needed for security decision-making is extracted from the data packet and divided into dimensions in the dynamic state table.

Save this information to provide a prediction of the possibility of subsequent connections. This method can provide high security, high performance, scalability and high scalability.

Shrinking solution.

Intrusion detection system

Typical problems encountered in dealing with attacks

Ways and means to solve the invasion

Network-based intrusion detection

Host-based intrusion detection

Typical configuration of intrusion detection system

Problems encountered in dealing with attacks

:: Insufficient information.

I don't know what's going on online

Unable to determine whether the system has been invaded.

The information is inaccurate.

Small number of personnel

There are not enough people to maintain management.

Lack of standardized processing procedures

How did you react when you found the attack?

What should we do next?

Ways and means to solve the invasion

Adopt intrusion real-time intrusion monitoring system (IDS)

Real-time monitoring of events in systems and networks.

Be able to respond immediately when an invasion occurs.

Record the intrusion in detail and follow up.

Host-based intrusion detection

The software module is installed on the host computer containing important data.

Monitor the log of the operating system to find out the characteristics of the attack.

Monitor all processes and users on the host where the agent resides.

Monitor violent login attacks, attempts to change or bypass security settings, and abuse of rights.

When a new log is generated, in order to reduce the impact on the CPU, the agent is temporarily interrupted.

Network-based intrusion detection

The software is installed on a special host and placed on a key network segment.

Set the network card of the configuration software host to promiscuous mode, so that the host can accept all packets on the network segment.

Analyze the packet to determine whether there is a hacker attack.

Monitor all data on the network segment.

There is no impact on network traffic.

Denial of service attacks, unauthorized access attempts and preemptive attacks can be detected.

Can and other attacks.

Identity authentication system

User identity authentication method

Security levels of different authentication methods

Common methods of user authentication

A solution to the problem

At present, mature two-factor authentication methods

User authentication

Something you know.

Password, ID number, birthday

Some things you have.

Magnetic cards, smart cards, tokens, keys

Something unique to you.

Fingerprint, voice, retina

The password is not secure.

There are too many tools to crack passwords.

Most passwords are transmitted in clear text in the network.

When the network is offline, you can snoop the password.

Passwords and files have been transferred from PC and server.

Easy-to-remember passwords are easy to guess, while hard-to-guess passwords are too hard to remember.

solution

Use mixed tools: such as IC card +PIN.

Website monitoring and recovery system

Typical Web server application

Security problems existing in Web server

Website security solution

Typical web server application

Internet-> Router->; Firewall-> Uniform Resource Locator(URL)

|

|

Internal network

Everything is behind the firewall.

Security problems existing in Web server

The illegal tampering of web pages is the biggest headache for website content providers. After the firewall is adopted, the leakage of the Web server itself

This vulnerability has become a major problem for website hackers.

Web application servers (such as IIS and Apache) have a large number of security vulnerabilities. )

There are a lot of potential vulnerabilities in CGI, ASP and PHP applications developed by users themselves.

Website security

Adopt Web server monitor and recovery system.

The system provides real-time monitoring of the contents of the website files, and immediately reports to the police and automatically recovers after it is found to be changed.

E-commerce security system

Typical e-commerce application

Security issues in e-commerce

Security solution of e-commerce

Real-time data exchange system

Typical e-commerce application

Internet-> Firewall -> web server

|| |

|| |

Intranet (database)

Security issues in e-commerce

1, Web server side

Web application servers (such as IIS and Apache) have a large number of security vulnerabilities. User-developed CGI, ASP, PH

There are potential loopholes in the application of P.

Hackers attack Web servers through these vulnerabilities, which can illegally tamper with web pages, causing adverse effects and shaking e-commerce.

The confidence of users.

You can even get a lot of sensitive information on the Web server, such as the user's credit card number and the account used to connect to the internal database.

Number and password.

You can attack the internal database by controlling the Web server.

Security issues in e-commerce

2.SSL protocol

SSL encryption strength is low. Because the default encryption module of the browser only supports 40-bit low-intensity encryption, even when browsing.

Installing a higher-level encryption module in the server cannot achieve high strength because the WEB server does not provide support for advanced SSL links.

Degree SSL encrypted link.

Unable to solve the user signature in e-commerce. SSL link establishes a secure channel between WEB server and user browser.

Only the information in the secure channel can be guaranteed not to be eavesdropped or tampered with, and the information sent by the user can not be trusted without signature.

The validity and undeniability of information is exactly the problem that e-commerce must solve.

Security solution of e-commerce

WEB server is divided into two parts: general content WEB server and transaction WEB server.

The WEB server of general content is placed in the DMZ area and protected by the website monitoring and recovery system to prevent the homepage from being illegally accessed.

The law has changed.

The transaction WEB server is placed in the intranet and connected with the DMZ area through a physically separated real-time data exchange system.

Lian.

Install SSL proxy on client and server to obtain a high-strength encrypted channel with 128 bits.

Real-time data exchange system

Physically separate the external Web server from the internal application Web server.

The external Web server is used to store general information, and the internal Web server is used to store sensitive information and communicate with internal data.

Library connection.

External user transfer module vulnerability.

You can directly obtain the system management authority.

The general phenomenon after buffer overflow is:

Microsoft Windows 2000[ Version 5.00.2 195]

(c) Copyright 1985-2000 Microsoft Corporation.

c:win ntsystem 32 & gt；

Web service vulnerability

For example:

Unicode vulnerabilities traverse the disk and execute programs.

The secondary coding vulnerability traverses the disk and executes the program.

. HTR vulnerability view source code

Sniffing monitoring

For example:

For network monitoring

For mail monitoring

Tools such as sinffer and iris

Deception attack

For example:

Use arp spoofing attack

Camouflage deception

Common viruses, such as mail viruses.

Change the file name or even the icon to trick the other party into executing it.

Social engineering

For example:

QQ Chat Temptation

Email information

telephone

lure

Denial of service

For example:

Denial of service attack

Ddos attack

Use the springboard

Use your own broiler as a springboard to attack other machines.

My computer-> Springboard (broiler)-> target

Router vulnerability

For example:

Original password

Program vulnerability

firewall

Use deception to attack the firewall, resulting in the failure of the firewall function.

Utilize the module vulnerability of firewall

unix/linux

Netware Linux UNIX solais Solaris HP-UNIX AIX, etc.

These are not explained at present.

Proficient in hacking tools

You must have a set of hacking tools that you can fully master.

Such as port scanning Nscan, bluescanport.

Monitoring tool: Synfair iris

Telnet tool: nc

Scanning tools: sss, nmap, LANguard.

Back door tools: radmin, winshell

Password cracking: lc4

Remote management: pcanywhere

Can use all kinds of classic hacking tools.

saw log

After you invade the machine, you should completely remove it when you leave.

The marks I left on that machine.

E.g. gap

Del C:WINNTsystem32LogFiles*。 *

Del C:WINNTsystem32*。 log

Del C:WINNTsystem32*。 Textfile (textfile)

Del C:WINNT*. log

Del c:winnt*。 Textfile (textfile)

If you don't clear the log

When the administrator of the target machine finds your evidence.

You can stay in the wall for a while.

hacker

When you have mastered this completely.

You become a little hacker.

elder

Write your own hacking tools.

Found a system vulnerability

Advanced hacker

At present, you are enough to be a senior hacker.

A real hacker

Proficient in various network protocols

Proficient in operating system

Proficient in programming technology

Proficient in safety protection

Don't destroy it.

Challenge technical problems

end

If you want to learn these well, it's not what others give you, but your own efforts and self-study!

Others can only guide you, how to do it, and only tell you the method.

What you really carry out is yourself, and you work hard for it day and night.