Chapter 1 Introduction 1

Main threats to computer networks

1. 1. 1 computer network entities are threatened 1

1. 1.2 computer network system is threatened 2

There are many factors that cause computer information insecurity, including human factors, natural factors and accidental factors. Among them, human factors refer to some lawless elements taking advantage of loopholes in computer networks, or sneaking into computer rooms, stealing computer system resources, illegally obtaining important data, tampering with system data, destroying hardware equipment, and compiling computer viruses. Human factors are the biggest threat to computer information network security.

1. 1.3 Threat of Malicious Programs 2

1. 1.4 potential opponents and motives of computer network threats 3

1.2 computer network insecurity factor 4

1.2. 1 Main factors of insecurity 4

Internet is an open network to the whole world, and any unit or individual can conveniently transmit and obtain all kinds of information online. The characteristics of Internet, such as openness, entertainment and internationality, pose a challenge to computer network security. The insecurity of the internet mainly includes the following points: most networks have no technical constraints on users' use, and users can surf the internet freely, publish and obtain all kinds of information.

Countermeasures to prevent the harm of spyware

1, publicly installed spyware

For those publicly installed spyware, you don't need to spend too much time studying it, because you can easily uninstall it, and you can know their great functions. In other words, for these publicly installed spyware, you have many measures to protect your privacy from infringement. For example, never check personal emails on the office computer. Spyware installed in public places is generally legal, and they have specific users and uses.

Companies and universities: They may use spyware to monitor employees' computer and network usage.

Parents: They may use spyware to monitor home computers and network usage. Protect their children from harmful information. Many parents hope that spyware can help them.

Government: They may use spyware to monitor the network for public safety or information warfare.

2. Secret invasion of spyware

The real danger comes from spyware that sneaks into your computer, because you don't know what he really wants. All spyware installations exploit two weaknesses. One is the application software of PC, and the other is yourself.

Due to the complexity of modern computer software, there are various loopholes in many existing application software and operating systems. Spyware can exploit these vulnerabilities to invade your computer. Theoretically, you can't stop this invasion. When you surf the internet, a small picture may bring you terrible spyware. In addition to patching your operating system, it is also an effective way to reduce this intrusion by avoiding unsafe or unfamiliar websites as much as possible.

Obviously, this kind of intrusion method using application software vulnerabilities requires a high level of technology. Most spyware is invaded by simple fraud. For example, they provide you with a software that can remove spyware for free. Their real purpose is to remove the original spyware from your computer and replace it with theirs.

If you are used to downloading free software online, there may be a lot of spyware in your computer.

So we have two ways to deal with these secret spyware: try not to go to unfamiliar or unsafe websites and try not to download free software from the Internet.

This secret intrusion also has its specific user groups and uses. On how to prevent the harm of spyware

1.2.2 Main reasons for insecurity 6

1.3 The concept of computer network security 7

Computer network security refers to the use of network management control and technical measures to ensure the confidentiality, integrity and availability of data are protected in the network environment. Computer network security includes two aspects, namely physical security and logical security. Physical security refers to the physical protection of system equipment and related facilities to prevent damage and loss. Logical security includes the integrity, confidentiality and availability of information.

1.3. 1 computer network security definition 8

1.3.2 computer network security goal 8

1.3.3 computer network security level 10

1.3.4 computer network security related content 10

1.4 computer network security architecture 1 1

1.4. 1 network security model 1 1

1.4.2OSI security architecture +0 1

1.4.3P2DR model 14

1.4.4 network security technology

Network security technology refers to the technical means to solve the problems such as how to effectively carry out intervention control and how to ensure the security of data transmission, which mainly includes physical security analysis technology, network structure security analysis technology, system security analysis technology, management security analysis technology and other security services and security mechanism strategies.

2 1 century, computers all over the world will be connected together through the internet, and the connotation of information security has undergone fundamental changes. It has not only changed from general defense to very common defense, but also changed from special field to omnipresence. When mankind enters the information society and network society in the 2nd/kloc-0th century, China will establish a complete network security system, especially in terms of policies and laws, China.

A country's information security system actually includes national laws and policies, as well as the development platform of technology and market. When building an information defense system, China should focus on developing its own unique security products. The ultimate way for China to truly solve the network security problem is to develop the national security industry and promote the overall improvement of network security technology in China.

Network security products have the following characteristics: first, network security comes from the diversification of security strategies and technologies, and it is not safe to adopt unified technologies and strategies; Second, the security mechanism and technology of the network should be constantly changing; Third, with the extension of the network in all aspects of society, there are more and more means to enter the network. Therefore, network security technology is a very complicated system engineering. The establishment of a network security system with China characteristics requires the support of national policies and regulations and the joint research and development of the Group. Security and anti-security are like two contradictory aspects, always rising, so the security industry will also be an industry that will continue to develop with the development of new technologies in the future.

The protection technology of network security products is the key to the security protection of network security equipment. Unsafe devices can not only protect the protected network, but also become a platform for intruders to further invade once they are invaded.

Information security is an important issue facing national development. For this problem, we have not considered from the systematic planning, but developed from the aspects of technology, industry and policy. The government should not only see that the development of information security is a part of China's high-tech industry, but also see that the policy of developing security industry is an important part of the information security guarantee system, and even see that it will play a very important role in the future development of electronic information technology in China.

1.5 computer network security management 18

1.5. 1 network security management laws and regulations 18

1.5.2 computer network security assessment standard 18

1.5.3 network security management measures 18

1.6 development trend of computer network security technology 18

1.6. 1 network security threat development trend 19

Development of Main Practical Technologies of Network Security

1.7 Summary 20

1.8 Exercise 2 1

Chapter 2 Personal safety 22

2. 1 computer room safety technology and standards 22

2. 1. 1 computer room safety technology 22

2. 1.2 technical standard for computer room safety 29

2.2 Communication Line Safety 30

2.3 equipment safety 3 1

2.3. 1 Maintenance and management of hardware equipment

2.3.2 electromagnetic compatibility and electromagnetic radiation protection 3 1

2.3.3 Security Management of Information Storage Media 33

2.4 Safety of power supply system 33

2.5 Summary 36

2.6 Exercise 36

Chapter 3 Information Encryption and PKI38

3. 1 encryption overview 38

The development of cryptography 38

Cryptography is gradually developed in the practice of the struggle between encoding and decoding, and with the application of advanced science and technology, it has become a comprehensive frontier technology science. It is closely related to linguistics, mathematics, electronics, acoustics, information theory and computer science. Its actual research results, especially the encryption and decoding methods used by governments all over the world, are highly confidential.

The law of secret conversion is called cryptosystem. The parameter indicating this conversion is called the key. They are an important part of cryptography. The basic types of cryptographic systems can be divided into four types: confusion-changing the position of plaintext letters or numbers into ciphertext according to prescribed figures and lines; Substitution-replacing plaintext letters or numbers with ciphertext by one or more substitution tables; Codebook-change plaintext into ciphertext by replacing some phrases and words with pre-programmed alphanumeric cipher sets; Scrambling-a series of finite elements are used as random numbers, which are combined with plaintext sequences according to the specified algorithm to form ciphertext. The above four cryptographic systems can be used separately or mixed to compile various practical passwords with high complexity.

Since 1970s, some scholars have proposed public key system, that is, using the mathematical principle of one-way function to realize the separation of encryption and decryption keys. The encryption key is public and the decryption key is confidential. This new cryptosystem has attracted extensive attention and discussion in the field of cryptography.

Based on the laws of characters and passwords, under certain conditions, by analyzing the intercepted ciphertext, plaintext can be obtained, and the password can be restored, that is, the password can be cracked. Deciphering passwords with different strengths requires different conditions, even very different.

3. 1.2 Basic concepts of cryptography 40

Cryptography is a technical science that studies cryptographic encoding and decoding. Studying the objective law of password change and applying it to compiling passwords to keep communication secrets is called coding; The act of obtaining communication information by deciphering passwords is called deciphering and cryptography.

Cryptography is a technical science that studies cryptographic encoding and decoding. Studying the objective law of password change and applying it to compiling passwords to keep communication secrets is called coding; The application of deciphering codes to obtain communication information is called deciphering. General cryptography.

Cryptography (in Western European languages, it comes from the Greek words kryptós "hiding" and gráphein "writing") is a subject that studies how to secretly transmit information. In modern times, especially the mathematical research on information and its transmission is often regarded as a branch of mathematics and computer science, and it is also closely related to information theory. Ron Rivest, a famous cryptographer, explained: "Cryptography is about how to communicate in the presence of enemies", which is equivalent to seeing the similarities and differences between cryptography and pure mathematics from the perspective of self-engineering. Cryptography is the core of information security and other related issues, such as authentication and access control. The main purpose of cryptography is to hide the meaning of information, not the existence of information. Cryptography also promotes computer science, especially technologies used in computer and network security, such as access control and information confidentiality. Cryptography has been applied in daily life, including ATM chip cards, computer users' access passwords, e-commerce and so on.

Cryptography is an important secret means for communication parties to convert special information according to agreed rules. According to these laws, changing plaintext into ciphertext is called encryption transformation; Turning ciphertext into plaintext is called decryption transformation. In the early days, passwords only changed the encryption and decryption of characters or numbers. With the development of communication technology, voice, image and data can be encrypted and decrypted.

3. 1.3 classification of encryption system 40

3.2 Encryption Algorithm 43

3.2. 1 classical encryption algorithm 43

3.2.2 Single Key Encryption Algorithm 44

3.2.3 Double key encryption algorithm 5 1

3.3 Information Encryption Technology Application 53

3.3. 1 Link Encryption 54

Node encryption 54

End to end encryption 55

3.4 Authentication Technology 56

3.4. 1 hierarchical model of authentication technology 56

3.4.2 Requirements and modes of certification system 56

3.4.3 Digital signature technology 57

3.4.4 Identity authentication technology 57

3.4.5 Message authentication technology 59

3.4.6 Digital Signature and Message Authentication 6 1

3.5 Public Key Infrastructure (PKI)6 1

3.5. Basic concepts of1pki62

3.5.2PKI Composition of PKI authentication technology 63

3.5.3 Characteristics of PKI 70

3.6 Introduction to Common Encryption Software 70

6. 1PGP70

3.6.2GnuPG74

3.7 Summary 77

3.8 Exercise 78

Chapter 4 Firewall Technology 79

4. 1 overview 79

4. 1. 1 The concept of firewall 79

4. 1.2 firewall function 79

4. Limitations of1.3 Firewall 8 1

4.2 Firewall Architecture 82

4.2. 1 dual host architecture 82

4.2.2 Shielded Host Architecture 83

Shielded subnet architecture 84

4.2.4 Combination form of firewall architecture

4.3 firewall technology 86

4.3. 1 packet filtering technology 86

4.3.2 Agency service technology 92

4.3.3 State detection technology 96

4.3.4NAT technology 97

4.4 Firewall Security Protection Technology 99

4.4. 1 Prevent firewall identification from being obtained 99

4.4.2 Prevent scanning through firewall 10 1

4.4.3 Overcoming the weakness of fragile packet filtering 103

4.4.4 Overcoming the Vulnerability of Application Agent 104

4.5 firewall application example 105

4.5. 1 network guard firewall 3000 system composition 105

4.5.2 Topology Diagram of Typical Application of Network Guard Firewall 3000 105

4.5.3 Typical Application Configuration Example 106

4.6 Personal firewall 1 1 1

4.6. 1 Personal Firewall Overview11/

4.6.2 Main functions of personal firewall 1 12

4.6.3 Characteristics of Personal Firewall 1 13

4.6.4 Introduction of Mainstream Personal Firewall 1 13

4.7 Development trend and trend of firewall 1 18

4.8 Summary 120

4.9 Exercise 12 1

Chapter 5 Intrusion Detection Technology 122

5. 1 Overview of Intrusion Detection 122

5. 1. 1 intrusion detection principle 123

5. 1.2 system structure 123

5. 1.3 system classification 124

5.2 technical realization of intrusion detection 127

5.2. 1 intrusion detection analysis model 127

5.2.2 Misuse Detection 128

5.2.3 Anomaly detection 13 1

5.2.4 Other detection technologies 135

5.3 Distributed Intrusion Detection 138

5.3. 1 Advantages of Distributed Intrusion Detection

5.3.2 Technical Difficulties of Distributed Intrusion Detection 139

5.3.3 Status of Distributed Intrusion Detection 140

5.4 intrusion detection system standard 14 1

IETF/IDWG 142

5.4.2CIDF 144

5.5 Example of Intrusion Detection System 145

Brief introduction of snort 146

The architecture of snort 146

5.5.2 Installation and use of snort148

5.5.2 Safety protection of snort151

5.6 Summary 152

5.7 Exercise 153

Chapter VI Operating System and Database Security Technology 154

6. 1 access control technology 154

6. 1. 1 authentication, audit and access control 154

6. 1.2 Traditional access control technology 156

6. 1.3 new access control technology 158

6. 1.4 Implementation technology of access control 160

6. 1.5 security access rule management (authorization) 162

6.2 operating system security technology 163

6.2. 1 operating system security standard 163

6.2.2 General methods of operating system security protection 165

Operating system resource protection technology 166

6.2.4 Security model of operating system 168

6.3UNIX/Linux system security technology 17 1

6.3. 1UNIX/Linux security basics 17 1

6.3.2UNIX/Linux security mechanism 172

6.3.3UNIX/Linux security measures 173

6.4Windows2000/XP System Security Technology 175

6.4. 1Windows2000/XP Security Basis 175

6.4.2Windows2000/XP Security Mechanism 177

6.4.3Windows2000/XP Security Measures 179

6.5 Overview of Database Security 186

6.5. 1 Basic concepts of database security

6.5.2 Introduction to Database Management System 187

6.5.3 Defects and threats of database system 188

6.6 database security mechanism 189

6.6. 1 hierarchical distribution of database security 189

6.6.2 Security Database Management System Architecture 189

6.6.3 database security mechanism 19 1

6. 6. 4 Oracle 196 security mechanism

6.7 database security technology 197

6.8 Summary 198

6.9 exercise 198

Chapter VII Network Security Detection and Evaluation Technology 200 pages

7. 1 network security vulnerabilities 200

7. 1. 1 network security vulnerability threat 200

7. 1.2 network security vulnerability classification 20 1

7.2 Network security vulnerability detection technology 203

7.2. 1 port scanning technology 203

7.2.2 Operating System Detection Technology 204

7.2.3 Security Vulnerability Detection Technology 205

7.3 Network Security Assessment Criteria 206

7.3. 1 Establishment of network security assessment standards 206

7.3.2 Composition of TCSEC, ITSEC and CC 209

7.4 Network Security Assessment Method 2 13

7. 4. 1 Network security assessment model (CEM) based on common assessment method 213

7.4.2 Comprehensive evaluation model of network security based on index analysis 2 15

7.4.3 Network security assessment model based on fuzzy assessment 220

7.5 Introduction of Network Security Detection and Evaluation System 22 1

7 . 5 . 1 internet scanner 22 1

Nice 225

7.6 Summary 23 1

7.7 Exercise 23 1

The eighth chapter computer virus and malicious code prevention technology 232

8. 1 computer virus overview 232

8. 1. 1 definition of computer virus 232

8. 1.2 A Brief History of Computer Viruses 233

8. 1.3 characteristics of computer virus 234

8. 1.4 The harm of computer virus 235

8.2 Working principle and classification of computer viruses 237

8.2. 1 Working principle of computer virus 237

8.2.2 Computer Virus Classification 24 1

8.2.3 Virus Case Analysis 244

8.3 Computer Virus Detection and Prevention 248

8.3. 1 computer virus detection 248

8.3.2 computer virus prevention 25 1

8.3.3 Development direction and trend of computer virus 253

8.4 Malicious Code 255

8.4. 1 Characteristics and classification of malicious code 255

8.4.2 Key Technologies of Malicious Code

Network worm 258

8. 4. 4 Toolkit technology 259

8.4.5 Prevention of Malicious Code 26 1

8.5 Summary 262

8.6 Exercise 263

Chapter 9 Data Backup Technology 264

9. 1 Overview of data backup 264

The main reasons of data invalidation in version 9. 1. 1.2. 46638.6666666666 1

9. 1.2 Backup and related concepts 266

9. 1.3 Misunderstanding of Backup 267

9. 1.4 Select the ideal backup media 267

9. 1.5 backup technology and backup method 268

9.2 Data Backup Scheme 269

9.2. 1 backup to disk 269

9.2.2 Dual-machine backup 276

Network backup 280

9.3 data backup and data recovery strategy 283

9.3. 1 data backup strategy 283

9.3.2 Disaster recovery strategy

9.4 Introduction to Backup Software 286

9.4. 1NortonGhost286

Second copy 288

9.5 Summary 290

9.6 Exercise 29 1

Chapter 10 Network Security Solution 292

10. 1 network security architecture 292

10. 1. 1 Basic Issues of Network Information Security 36538

10. 1.2 Basic principles of network security design 294

10.2 network security solution 295

10.2. 1 Basic concept of network security scheme 295

10.2.2 Hierarchical division of network security solution 296

10.2.3 network security solution framework 297

10.3 network security solution design 299

10.3. 1 network system status 299

10.3.2 security requirements analysis 299

Network security solution 302

10.4 single-user network security solution 304

10.4. 1 Security threats faced by stand-alone users 3004

10.4.2 single-user network security solution 305

10.5 internal network security management system 306

10.6 Summary 308

10.7 Exercise 308

Appendix 309

Appendix a rainbow series 309

Appendix B Safety Risk Analysis List 3 10

Reference 3 16

……