Network security means that the hardware, software and data in the network system are protected from damage, alteration or leakage due to accidental or malicious reasons, and that the system operates continuously, reliably and normally. Network services are not interrupted. Let me take you to see the basic knowledge of network security. I hope it can help everyone!

↓↓↓Click to get "network security" related content↓↓↓

★? Summary of Cyber ??Security Publicity Week Activities★

★ Learning experience of cyber security education★

★ Lesson Plans for Cyber ??Security Knowledge Theme Class Meetings★

★★ A complete collection of network security knowledge★★

Basic knowledge of network security

1. What is a firewall? What is a bastion host? What is a DMZ?

A firewall is a system or group of systems that enforces access control policies between two networks.

A bastion host is a computer on a network that is configured with security precautions. The bastion host provides a blocking point for communication between networks. It can also be said that without a bastion host, there will be no communication between networks. visit each other.

DMZ becomes the demilitarized zone or ceasefire zone, which is a subnet added between the internal network and the external network.

2. What is the essence of network security?

Network security is essentially information security on the network.

Information security is the protection of the confidentiality, integrity, and availability of information, including physical security, network system security, data security, information content security, and information infrastructure equipment security.

3. What are the categories of threats faced by computer network security? From a human perspective, what are the factors that threaten network security?

Answer: What are the threats faced by computer network security? Threats can be mainly divided into two categories: one is the threat to information in the network, and the other is the threat to the equipment in the network. Considering human factors, factors affecting network security include:

(1) Unintentional human errors.

(2) Man-made malicious attacks. One is active attack and the other is passive attack.

(3) Network software vulnerabilities and "backdoors".

4. What does network attack and defense include?

Network attack: network scanning, monitoring, intrusion, backdoor, stealth;

Network defense: Operation System security configuration, encryption technology, firewall technology, and intrusion detection technology.

5. Analyze the TCP/IP protocol and explain possible threats and defense methods at each layer.

Network layer: IP spoofing attacks, protection measures; firewall filtering, patching;

Transport layer: Application layer: email bombs, viruses, Trojans, etc., defense methods: authentication, viruses Scanning, safety education, etc.

6. Please analyze the hierarchical system of network security

From the hierarchical system, network security can be divided into four levels of security: physical security, logical security, operating system security and Internet security.

7. Please analyze the hierarchy of information security

Information security can be divided into five levels: secure cryptographic algorithms, security protocols, network security, system security and application security. .

8. Briefly describe the principle of port scanning technology

Port scanning sends detection packets to the TCP/IP service port of the target host and records the response of the target host. By analyzing the response to determine whether the service port is open or closed, you can know the services or information provided by the port. Port scanning can monitor local host operations by capturing incoming/outgoing IP packets from the local host or server.

Port scanning can only analyze the received data and help us discover some inherent weaknesses of the target host, but does not provide detailed steps to enter a system.

9. What is the principle of buffer overflow attack?

Buffer overflow attack is a systematic attack method. By writing content beyond the length of the buffer of the program, Cause buffer overflow, thereby destroying the program's stack, causing the program to switch to executing other instructions to achieve the purpose of attack.

The most common method of buffer overflow attack is to cause the buffer overflow of a special program to execute a shell. Advanced commands can be executed through the permissions of the shell. If this special program has system permissions, the successful attacker can obtain a shell with shell permissions and control the program.

10. List three types of backdoor programs and explain their principles and defense methods.

(1) Start the TELNET service remotely. Defense method: Pay attention to monitoring the opened services;

(2) Establish WEB and TELNET services. Defense method: Pay attention to the monitoring of opened services;

(3) Let the disabled GUEST user have administrative rights. Defense method: Monitor the system registry.

11. Briefly describe how a successful attack can be divided into several steps?

Hide IP - scan sites - obtain system or administrator rights - plant backdoors - in the network Invisible.

12. Briefly describe the principle of SQL injection vulnerability

Use malicious SQL statements (WEB lacks identification of SQL statements) to achieve attacks on the backend database.

13. Analyze the problems in vulnerability scanning and how to solve them

(1) There are limitations in the system configuration rule base problem

If the design of the rule base is inaccurate, The accuracy of the forecast is out of the question;

It is arranged and planned based on known security vulnerabilities, and many dangerous threats to network systems do come from unknown vulnerabilities. In this way, if the rules If the library is not updated in time, the forecast accuracy will be reduced accordingly;

Improvement suggestions: The system configuration rule library should be continuously expanded and corrected. This is the expansion and correction of the system vulnerability library, which is currently Opening will still require expert guidance and involvement to achieve.

(2) Vulnerability database information requirements

Vulnerability database information is the main basis for judgment based on vulnerability scanning of network system vulnerability databases. If the vulnerability library

is improved, suggestions: The vulnerability library information should not only have completeness and validity, but also be simple, so that even users themselves can easily add and configure the vulnerability library to achieve Timely updates of vulnerability libraries.

14. According to the firewall's processing methods of internal and external data, what are the two categories? Discuss their technical characteristics respectively.

According to how the protection wall handles internal and external data, it can be roughly divided into two categories: packet filtering firewalls and application proxy firewalls.

Packet filtering firewall is also called filtering router. It compares the packet header information with the rule table set by the administrator. If there is a rule that does not allow a certain packet to be sent, the router will discard it.

In the packet filtering system, it also includes filtering based on address and filtering based on service.

Application proxy, also called application gateway, acts on the application layer. Its characteristic is that it completely "blocks" the communication flow of the network. It implements monitoring and control by programming a special agent program for each application service. The role of application layer communication flow.

There are some special types of proxy servers, mainly application-level and loop-level proxies, public and dedicated proxy servers, and intelligent proxy servers.

15. What is an application proxy? What are the advantages of proxy services?

Application proxy, also called application gateway, acts on the application layer and is characterized by completely "blocking" the network. By programming a special agent program for each application service, the function of monitoring and controlling the application layer communication flow is realized.

Proxy servers have the following two advantages:

(1) Proxy services allow users to "directly" access the Internet. Using proxy services, users will be classified as directly accessing the Internet.

(2) Proxy services are suitable for logging because proxy services follow priority protocols and they allow logging services to be performed in a special and efficient way.

The most comprehensive summary of computer network security knowledge in history

1. Security threats faced by computer networks Communication on computer networks faces the following four threats:

Interception - Eavesdropping on other people's communications over the network.

Interruption – Intentionally interrupting another person’s communications on the network.

Tampering - Deliberately tampering with messages transmitted on the network.

Forgery – Forged information is sent over a network. Attacks that intercept information are called passive attacks, while attacks that alter information and deny users access to resources are called active attacks.

2. Passive attack and active attack Passive attack

The attacker only observes and analyzes a certain protocol data unit PDU without interfering with the information flow.

Active attack

Refers to the attacker performing various processing on the PDU passing through a connection, such as:

Changing the message flow

Deny message service

Forge connection initialization

3. Goals of computer network communication security

(1) Prevent the analysis of message content;

(2) Prevent traffic analysis;

(3) Detect changes in message flow;

(4) Detect denial of message service;

(5) Detect forged initialization connections.

4. Malicious program (rogue program)

Computer virus - a program that "infects" other programs. "Infection" means copying itself or its variants by modifying other programs. Go in and get it done.

Computer worm - a program that sends itself from one node to another through the communication capabilities of the network and starts a running program.

Trojan Horse – A program that performs more functions than it claims to do.

Logic bomb - a program that performs other special functions when the running environment meets certain conditions.

5. Contents of computer network security

Confidentiality

Design of security protocols

Access control

6. Public key cryptography

Public key cryptography uses different encryption keys and decryption keys. It is a "computationally infeasible derivation of the decryption key from a known encryption key." "Cryptosystem.

1. Public key and private key:

In the public key cryptography system, the encryption key (public key) PK (Public Key) is public information, and the decryption key (That is, the private key or secret key) SK (Secret Key) needs to be kept confidential.

Encryption algorithm E (Encrypt) and decryption algorithm D are also public.

Although the secret key SK is determined by the public key PK, SK cannot be calculated based on PK.

tips:

It is easy to generate pairs of PK and SK on the computer.

It is practically impossible to derive SK from a known PK, i.e. it is "computational impossible" to go from PK to SK.

Encryption and decryption algorithms are public.

7. Digital signature 1. Digital signature must ensure the following three points:

(1) Message authentication - the receiver can verify the sender's signature on the message;

p>

(2) Integrity of the message - the sender cannot deny the signature of the message afterwards;

(3) Non-repudiation - the receiver cannot forge the signature of the message.

There are many ways to implement various digital signatures. But it is easier to implement using public key algorithms.

2. Implementation of digital signature:

Because no one else except A can have A’s private key, no one except A can generate this ciphertext. Therefore, B believes that the message __ was signed by A and sent.

If A wants to deny sending a message to B, B can present the plaintext and corresponding ciphertext to the third party. A third party can easily use A's public key to verify that A indeed sent __ to B.

On the contrary, if B forges __ into __‘, B cannot present the corresponding ciphertext in front of a third party. This proves that B forged the message.

8. Authentication

In the field of information security, an important measure to deal with passive attacks is encryption, while authentication is required to deal with tampering and forgery in active attacks.

Message authentication enables the recipient of communication to verify the authenticity of the received message (sender and message content, sending time, sequence, etc.).

The purpose of message authentication can be achieved by using encryption. But in network applications, many messages do not need to be encrypted. The receiver should be able to use a very simple method to identify the authenticity of the message.

Means of authentication

1 Message authentication (using message digest MD (Message Digest) algorithm combined with digital signature)

2 Entity authentication

9. Transport Layer Security Protocol 1. Secure Socket Layer SSL (Secure Socket Layer)

SSL can encrypt and authenticate data transmitted between the World Wide Web client and server.

SSL negotiates the encryption algorithm and key to be used during the contact phase, as well as the authentication between client and server.

After the contact phase is complete, all data transferred uses the session key agreed upon during the contact phase.

SSL is not only supported by all commonly used browsers and World Wide Web servers, but is also the basis for the Transport Layer Security protocol TLS (Transport Layer Security).

1.1 The location of SSL

1.2 The three functions of SSL:

(1) SSL server authentication allows users to verify the identity of the server. SSL-enabled browsers maintain a table of trusted certificate authorities (CAs) and their public keys.

(2) Encrypted SSL session All data exchanged between the client and the server are encrypted on the sender and decrypted on the receiver.

(3) SSL client authentication allows the server to verify the client's identity.

2. Secure Electronic Transaction SET (Secure Electronic Transaction)

The main features of SET are:

(1) SET is designed for payment-related reports. The text is encrypted.

(2) The SET agreement involves three parties, namely customers, merchants and commercial banks. All sensitive information exchanged between these three parties is encrypted.

(3) SET requires all three parties to have certificates. In a SET transaction, the merchant cannot see the credit card number that the customer transmits to the commercial bank.

10. Firewall (firewall)

A firewall is a system composed of software and hardware. It is a specially programmed router used to implement access control between two networks. Strategy. Access control policies are formulated by the organization using the firewall to best suit the needs of the organization.

The network inside the firewall is called the "trusted network", while the external Internet is called the "untrusted network".

Firewalls can be used to address security issues within intranets and extranets.

The position of the firewall in the interconnected network

1. Functions of the firewall

The firewall has two functions: blocking and allowing.

To "block" is to prevent a certain type of traffic from passing through the firewall (from the external network to the internal network, or vice versa).

"Allow" is the opposite of "Block".

Firewalls must be able to identify various types of traffic. But in most cases the primary function of a firewall is to "block".

2. Classification of firewall technology

(1) Network-level firewall - used to prevent illegal external intrusions on the entire network. Falling into this category are packet filtering and authorization servers. The former checks all information flowing into the network and then rejects data that does not meet a predetermined set of criteria, while the latter checks whether the user's login is legitimate.

(2) Application-level firewall - access control from the application program. Application gateways or proxy servers are often used to differentiate between various applications. For example, you can only allow applications that access the World Wide Web, but block FTP applications.

What is the knowledge of network security?

What is network security?

Network security refers to the protection of the hardware, software and data in the network system. It will not be damaged, changed, or leaked due to accidental or malicious reasons. The system can run continuously, reliably and normally, and network services will not be interrupted.

What is a computer virus?

A computer virus refers to a set of computer instructions inserted by the programmer into a computer program that destroy computer functions or destroy data, affect the use of the computer, and are capable of self-replication. or program code.

What is a Trojan?

A Trojan is a malicious remote control software. Trojans are generally divided into client-side and server-side. The client is the console for various commands used locally, and the server is run by others. Only computers that have run the server can be fully controlled. Trojans do not infect files like viruses do.

What is a firewall? How does it ensure network security?

Using a functional firewall is one way to ensure network security. A firewall refers to a combination of a series of components set up between different networks (such as a trusted corporate intranet and an untrusted public network) or network security domains. It is the only entrance and exit for information between different networks or network security domains. It can control (allow, deny, monitor) the information flow in and out of the network according to the enterprise's security policy, and it has strong anti-attack capabilities. It is the infrastructure that provides information security services and realizes network and information security.

What is a backdoor? Why do backdoors exist?

A backdoor is a method of bypassing security controls to gain access to a program or system. During the development phase of software, programmers often create backdoors in the software so that flaws in the program can be modified.

If a backdoor becomes known to others or is not removed before the software is released, it becomes a security risk.

What is intrusion detection?

Intrusion detection is a reasonable supplement to the firewall, helping the system to deal with network attacks and expanding the security management capabilities of system administrators (including security auditing, monitoring, and attack identification and response) to improve the integrity of the information security infrastructure. It collects information from several key points in the computer network system, analyzes the information, and checks whether there are any violations of security policies and signs of attacks in the network.

What is packet monitoring? What does it do?

Packet monitoring can be considered the computer network equivalent of a wiretapped phone line. When someone is "listening" to a network, they are actually reading and interpreting the packets being sent over the network. If you need to send an email or request a web page from a computer on the Internet, the data you send can be seen by the computer that the information is passing through, and packet monitoring tools allow someone to intercept the data and view it.

Related articles on basic knowledge of network security:

★ Complete collection of basic knowledge of network security

★ Network Security: Summary of basic knowledge points of network security

★ Comprehensive collection of basic computer network skills

★ Basic knowledge of network security

★ Network security: What is needed to learn network security Basic knowledge?

★ Comprehensive knowledge of local area network security and prevention

★ Comprehensive knowledge of computer network

★ Basic knowledge of computer network security

★ Information network security management

★ Complete basic knowledge of system security var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "/ hm.js?fff14745aca9358ff875ff9aca1296b3"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();