The following are three papers related to network security that I have brought to you. I hope you are satisfied. Welcome to read!!!
A brief discussion of network security paper 1:
1. Overview of network security
Network security refers to the protection of information and resources on the network from being Use by unauthorized users. There are many contents in network security design, such as reasonable security policies and security mechanisms. Network security technologies include access control and passwords, encryption, digital signatures, packet filtering, and firewalls. Network security, especially information security, emphasizes the integrity, availability and confidentiality of information or data in the network. Integrity refers to protecting information from modification or destruction by unauthorized users. Availability refers to the avoidance of denial of authorized access or denial of service. Confidentiality refers to protecting information from being disclosed to unauthorized users.
Network security products have the following characteristics: first, network security comes from the diversification of security strategies and technologies; second, network security mechanisms and technologies must continue to change; third, the establishment of network security with Chinese characteristics The system requires the support of national policies and regulations and joint research and development by the group. Security and anti-security are like two contradictory aspects, always rising upwards, so the security industry will also be an industry that continues to develop with the development of new technologies in the future.
2. Threat factors to network security
The current threats to the network mainly include the following aspects:
First, unauthorized access, that is, without prior access Agree to use network or computer resources.
Second, information is omitted or lost, that is, sensitive data is leaked or lost intentionally or unintentionally.
Third, destroying data integrity, that is, illegally stealing the right to use data, deleting, modifying, inserting or resending certain important information to obtain a response that is beneficial to the attacker; malicious Add or modify data to interfere with the normal use of users.
3. Network security technology
(1) Firewall
Network firewall technology is a technology used to strengthen access control between networks and prevent external network users from Special network interconnection equipment that illegally enters the internal network through the external network, accesses internal network resources, and protects the internal network operating environment. It checks the data packets transmitted between two or more networks according to certain security policies according to the link mode to determine whether the communication between the networks is allowed and monitors the operating status of the network. According to the different technologies used by firewalls, we can divide them into three basic types: packet filtering type, network address translation-NAT, and proxy type.
1. Packet filtering type. Packet filtering products are the primary products of firewalls, and their technical basis is packet transmission technology in the network. Data on the network is transmitted in units of "packets". The data is divided into packets of a certain size. Each packet will contain some specific information, such as the source address, destination address, and TCP/UDP source of the data. port and destination port, etc. The firewall reads the address information in the data packets to determine whether these "packets" come from a trustworthy and safe site. Once a data packet from a dangerous site is found, the firewall will reject the data. System administrators can also flexibly formulate judgment rules based on actual conditions. The advantage of packet filtering technology is that it is simple and practical, with low implementation cost. When the application environment is relatively simple, it can ensure the security of the system to a certain extent at a relatively small cost. However, the shortcomings of packet filtering technology are also obvious. Packet filtering technology is a security technology based entirely on the network layer. It can only be judged based on network information such as the source, destination, and port of the data packet. It cannot identify malicious intrusions based on the application layer, such as malicious Java applets and emails. Comes with viruses. Experienced hackers can easily forge IP addresses and deceive packet filtering firewalls.
2. Network address translation-NAT. Network Address Translation is a standard for converting IP addresses to temporary, external, registered IP addresses. It allows an internal network with a private IP address to access the Internet. It also means that users are not required to obtain a registered IP address for every machine on their network. When the internal network accesses the external network through the secure network card, a mapping record will be generated. The system maps the outgoing source address and source port to a camouflaged address and port, allowing the camouflaged address and port to connect to the external network through the non-secure network card, thus hiding the real internal network address from the outside. When the external network accesses the internal network through a non-secure network card, it does not know the connection status of the internal network, but only requests access through an open IP address and port. The OLM firewall determines whether the access is safe based on predefined mapping rules. When the rules are met, the firewall considers the access to be safe, can accept the access request, and can also map the connection request to different internal computers. When the rules are not met, the firewall considers the access to be unsafe and cannot be accepted, and the firewall will block external connection requests. The process of network address translation is transparent to users and does not require users to set it up. Users only need to perform regular operations.
3. Agency type. Proxy firewalls can also be called proxy servers. Their security is higher than that of packet filtering products, and they have begun to develop towards the application layer.
The proxy server is located between the client and the server, completely blocking the data exchange between the two. From the client's point of view, the proxy server is equivalent to a real server; and from the server's point of view, the proxy server is a real client. When the client needs to use data on the server, it first sends a data request to the proxy server. The proxy server then requests data from the server based on this request, and then the proxy server transmits the data to the client. Since there is no direct data channel between the external system and the internal server, it is difficult for external malicious intrusions to harm the internal network system of the enterprise.
The advantage of proxy firewall is that it has high security, can detect and scan the application layer, and is very effective in dealing with intrusions and viruses based on the application layer. Its disadvantage is that it has a great impact on the overall performance of the system, and the proxy server must be set one by one for all application types that may be generated by the client, which greatly increases the complexity of system management.
(2) Encryption technology
Data encryption technology is also used in conjunction with firewalls. At present, in addition to strengthening the security protection of data from a legal and management perspective, various countries are also taking technical measures in terms of software and hardware to promote the continuous development of data encryption technology and physical prevention technology. According to different functions, data encryption technology is divided into four types: data transmission, data storage, data integrity identification and key management technology. Data transmission encryption technology is to encrypt the data stream during transmission. Commonly used methods are line encryption and end-to-end encryption. The purpose of data storage encryption technology is to prevent data loss in the storage link, which can be divided into ciphertext storage and access control. Two kinds. The former is generally achieved through encryption algorithm conversion, additional passwords, encryption modules, etc.; the latter is to review and restrict user qualifications and limits to prevent illegal users from accessing data or legitimate users from accessing data beyond their authority. The purpose of data integrity authentication technology is to verify the identity of the person involved in the transmission, access, and processing of information and related data content to meet confidentiality requirements. It generally includes the authentication of passwords, keys, identities, data, etc. The system passes this verification Verify whether the characteristic values ??entered by the object comply with the preset parameters. Achieve data security protection. Key management technology is for the convenience of data use, and is often the main object of confidentiality and theft. Key media include magnetic cards, tapes, disks, semiconductor memories, etc. Key management technology includes confidentiality measures in each link such as key generation, distribution, storage, replacement and destruction.
(3) PKI technology
PKI (Publie Key Infrastucture) technology is an infrastructure that uses public key theory and technology to provide security services. PKI technology is the core of information security technology and the key and basic technology of e-commerce. Due to the lack of physical contact in e-commerce, e-government, e-transactions and other activities conducted through the Internet, it is crucial to verify trust relationships electronically. PKI technology happens to be a cryptographic technology suitable for e-commerce, e-government, and electronic affairs. It can effectively solve security issues such as confidentiality, authenticity, integrity, non-repudiation, and access control in e-commerce applications. A practical PKI system should be secure, easy to use, flexible and economical. It must fully consider interoperability and scalability. It is an organic combination of functional modules such as certification authority (CA), registration authority (RA), policy management, key and certificate management, key backup and recovery, and revocation system.
1. Certification agency. CA (Certification Authorty) is such an authoritative entity that ensures trust. Its main responsibility is to issue certificates and verify the authenticity of user identities. A network user's electronic identity certificate-certificate issued by a CA. Anyone who trusts the CA should also trust the user who holds the certificate in accordance with the third-party trust principle. The CA must also take a series of corresponding measures to prevent electronic certificates from being forged or tampered with.
2. Registration agency. RA (Registration Authorty) is the interface between users and CA. The accuracy of the user identification it obtains is the basis for CA to issue certificates. RA must support not only face-to-face registration, but also remote registration. To ensure the security and flexibility of the entire PKI system, it is necessary to design and implement a networked, secure and easy-to-operate RA system.
3. Strategy management. In the PKI system, it is very important to formulate and implement scientific security policy management. These security policies must adapt to different needs and be integrated into the system implementation of CA and RA through CA and RA technology. At the same time, these strategies should comply with the requirements of cryptography and system security, scientifically apply the theories of cryptography and network security, and have good scalability and interoperability.
4. Key backup and recovery. In order to ensure data security, it is very important to regularly update keys and recover accidentally damaged keys. Designing and implementing a sound key management solution to ensure safe key backup, update, and recovery is also related to the entire PKI. Important factors for system robustness, security, and availability.
5. Certificate management and revocation system.
A certificate is an electronic medium used to prove the identity of the certificate holder. It is used to bind the identity of the certificate holder and its corresponding public key. Typically, this binding is valid throughout the lifetime of the issued certificate. However, sometimes there will be a situation where an issued certificate is no longer valid, which requires certificate revocation. The reasons for certificate revocation are various, which may include a series of reasons such as work changes to doubts about the key. The implementation of the certificate revocation system is to use a periodic release mechanism to revoke certificates or use an online query mechanism to query revoked certificates at any time.
(4) Network anti-virus technology
In the network environment, computer viruses have immeasurable threats and destructive power. The prevention of computer viruses is an important step in the construction of network security. of a link. Network anti-virus technology includes three technologies: virus prevention, virus detection and disinfection.
Anti-virus technology, that is, through its own resident system memory, it gives priority to obtain control of the system, monitors and determines whether there are viruses in the system, and then prevents computer viruses from entering the computer system and damaging the system. Such technologies include encrypted executable programs, boot sector protection, system monitoring and read-write control.
Virus detection technology is a technology that judges the characteristics of computer viruses, such as self-checking, keywords, changes in file length, etc.
Disinfection technology is to develop software that can delete virus programs and restore original text through the analysis of computer viruses.
The specific implementation methods of network anti-virus technology include frequent scanning and monitoring of files in network servers; using anti-virus chips on workstations and setting access permissions for network directories and files.
4. Research status and trends of security technology
my country’s information network security research has gone through two stages: communication confidentiality and data protection, and is entering the network information security research stage. It has been developed Developed firewalls, security routers, security gateways, hacker intrusion detection, system vulnerability scanning software, etc. For our country, the development trend of network security will be to gradually develop the ability to independently develop network equipment, independently develop key chips, adopt its own operating system and database, and use domestic network management software. The key to my country's computer security is to have independent intellectual property rights and key technologies, and fundamentally get rid of dependence on foreign technology.
Network security technology will become a key technology for the development of information networks in the 21st century. After humans enter the information society in the 21st century, information, an important strategic resource for social development, needs the strong guarantee of network security technology to form a the driving force of social development. The research and product development of information network security technology in our country is still in its infancy, and there is still a lot of work that needs to be done to research, develop and explore in order to embark on a joint development path of industry, academia and research with Chinese characteristics and catch up with or surpass that of developed countries. level, in order to ensure the security of our country's information network and promote the rapid development of our national economy.
Brief discussion on network security paper 2:
As a medium for disseminating information, the Internet is established to provide people with convenient and fast access to resources. For people to use the network easily, its complexity cannot be too high, so there cannot be too much consideration for security on the network. Therefore, many problems such as hackers have existed since the creation of the network and have not been effectively solved. The reason why the network is easy to be invaded is due to the nature of the network itself. If the security of the network is not taken seriously, personal information will be leaked and the computer will be inconvenient to use. In the worst case, it will cause great losses to the company or individuals. Illegal intrusion resulted in the leakage of confidential information, financial statements, and various information being arbitrarily modified, causing heavy losses to the unit and company. Malicious attacks by hackers paralyze the network, invalidate data, and bring the entire network to a standstill. The losses caused are greater than the losses caused by hacking into accounts. Therefore, as a network user, it is necessary to understand the attack methods of network intruders to protect the security of your computer.
The attack methods of network intruders can be roughly divided into the following categories:
(1) Social attacks. This is the simplest, most insidious, and most easily overlooked method. The intruder steals the password without the user's awareness and enters the network system with a legitimate identity.
(2) Denial of service. The goal is to prevent your users from using the system and provide an opportunity for intrusion.
(3) Physical attack. Use various means to gain access to the system's physical interface or modify your machine's network.
(4) Forced attack. Intruders carefully test and retest passwords again and again.
(5) Predict attacks. Assist in attacking based on the system and user information.
(6) Attack by exploiting operating system and software flaws.
In response to the above intruder behavior, computer software developers have adopted some solutions, such as:
(1) Account management and login: According to different situations of users, the same The accounts are divided into the same group, and the permissions of the group are determined according to the principle of least privilege, rather than managed by a single account. Use configuration file script files, etc., to set up the user's working environment. According to the user's working environment, try to fix the user in a fixed location to log in, and use other hardware settings to verify the machine.
To prevent illegal users from intruding from other places, a login script can be set up to perform multi-factor authentication on user identities and determine the number of logins. Encrypt transmitted information to prevent accounts from being intercepted and deciphered.
(2) Access control: Ensure that only correct users can access specific data. Although other people are legal users, they cannot access due to permission restrictions. Place shared resources and sensitive resources on different servers, separate them with firewalls, and impose different permissions to allow different users to access different resources.
(3) Connection integrity: Maintain the correct connection of users, prevent incorrect user connections, and ensure the security and confidentiality of cables and all related hardware. Use the login log to record the login situation for query, check for illegal intruders, and summarize and report the intruder situation.
(4) Backup and recovery: Regularly perform normal, copy, differential, incremental and other backups of resources to prevent accidental data loss.
Of course, the above methods are set up for the majority of computer users and cannot completely keep intruders out. Every ordinary individual who uses a computer should have a general understanding of these functions on his or her computer and use these functions to protect his or her computer. For example, when we log in to the website to use email, download information, or QQ video chat, we must enter our account number and password. To prevent theft, we should not be afraid of trouble and develop the habit of changing it regularly, and try not to use our own name, birthday, or password. Use more special words, preferably randomly generated (the computer will display the security strength to help you compare). Use different passwords for different websites to prevent them from being deciphered by hackers. As long as it involves entering an account and password, try to surf the Internet at work and at home instead of going to Internet cafes; browse regular websites and do not easily install and run software downloaded from unknown websites (especially unreliable FTP sites) and software from unknown sources. Some programs may be Trojan horses. Once you install these programs, they will change your system or connect to a remote server without your knowledge. This way, hackers can easily gain access to your computer. Do not easily open attachments in emails, let alone emails from strangers you are not familiar with. Always be vigilant and do not easily believe that emails sent by acquaintances must not have hacker programs. Do not Publish or leave your email address freely on the Internet, go to a forwarding station to apply for a forwarding mailbox, because it is the only one that is not afraid of being bombed. Email attachments must be scanned with anti-virus software and professional Trojan removal tools first. use. When using chat software, it is best to set it to hide the user to prevent people with ulterior motives from using some special software to view your IP address, and try not to talk to strangers. Use mobile hard drives, USB flash drives, etc. to back up frequently to prevent data loss; buy genuine anti-virus software and perform regular computer anti-virus. Vulnerabilities are found in the kernels of many commonly used programs and operating systems. Some vulnerabilities make it easy for intruders to enter your system. These vulnerabilities will spread among hackers very quickly. Therefore, users must take precautions. Software developers will publish patches so that users can remedy these vulnerabilities. In short, paying attention to computer security is to protect ourselves.
Brief discussion on network security paper three:
An important reason for today's extremely high social efficiency is the use of computer networks. While enjoying high efficiency, it is also increasingly dependent on the network. This also makes our requirements for network security higher and higher.
The International Organization for Standardization defines "computer network security" as: the technical and managerial security protection established and adopted for data processing systems. Protect computer hardware and software data from being damaged, altered and leaked due to accidental and human-made malice. This is the so-called physical security and logical security. If your computer is not functioning properly on the network, there is likely a security breach. In view of the different causes of vulnerabilities, we will briefly discuss them below.
Generally speaking, computer security risks are divided into two categories: man-made and non-man-made. For example, the security risks of the operating system itself are non-human factors. Although we cannot avoid safety hazards caused by non-human factors, human factors may sometimes bring us greater threats. "Hacker" is the most typical term describing network security problems caused by human factors.
The following is a brief discussion of several common network security issues, response strategies and related technologies:
(1) Network security issues
Network environment Due to the rapidity, large scale, concentrated activity of user groups, and limitations of the stability and scalability of the network system itself, security issues may arise. At the same time, security issues arising from communication protocols will also be encountered. At present, the most commonly used communication protocol in LAN is mainly TCP/IP protocol.
1. Security issues of TCP/IP protocol
In a network environment where TCP/IP protocol is widely used, the mutual communication between heterogeneous networks creates its openness. This also means that the TCP/IP protocol itself has security risks. Since TCP serves as the transport layer protocol for a large number of important applications, its security issues will bring serious consequences to the network.
2. Security issues of network equipment such as routers
Communication between the inside and outside of the network must rely on the router, a key device, because all network attacks also pass through this device. Sometimes the attack exploits design flaws in the router itself, and sometimes it's carried out directly by tampering with the router's settings.
3. Security issues of network structure
Generally, users use inter-network technical support when communicating on the network, while hosts belonging to different networks communicate with each other. In the case of network storms, the data transmitted to each other will be forwarded repeatedly by multiple machines. In this "open" environment, "hackers" can detect any node in the communication network and intercept corresponding unencrypted data packets. For example, common ones include cracking network emails.
(2) Network security response strategy issues
1. Establish a network access module and a network permission control module to provide the first layer of access control for the network and propose security measures for illegal network operations protective measures.
2. Implement the file information encryption system and establish a network-based intelligent log system to do a good job in data management so that the log system has comprehensive data recording functions and automatic classification and retrieval capabilities.
3. Establish a backup and recovery mechanism to avoid trouble or losses caused by damage to some hardware devices or abnormalities in the operating system.
4. Establish a network security management system, strengthen network security management, and specify relevant rules and regulations.
5. Segment the network and divide it into VLANs to isolate illegal users and sensitive network resources from each other and overcome Ethernet broadcast problems.
(3) Network security related technologies
Network security technology is a very complex system engineering. The guarantee of network security comes from the diversification and rapid updating of security policies and technologies. Technically speaking, network security consists of multiple security components such as secure operating systems, secure application systems, anti-virus, firewalls, intrusion detection, network monitoring, information auditing, communication encryption, disaster recovery, and security scanning. A separate Components cannot ensure the security of information networks. At present, mature network security technologies mainly include: firewall technology, anti-virus technology, data encryption technology, etc.
1. Firewall technology
The so-called "firewall" is a system built around the protected network using appropriate technologies to separate the protected network from the external network. It is the first security barrier between the internal network and the external network. When choosing a firewall, although we cannot consider the rationality of its design, we can choose a product that has passed the testing of multiple authoritative certification agencies to ensure its security. Current firewall products include packet filtering routers, application layer gateways (proxy servers), shielded host firewalls, etc. The most commonly used ones are proxy servers.
2. Anti-virus technology
At present, the number one enemy of data security is computer viruses. It has the characteristics of spreadability, concealment, destructiveness and latent nature. Our commonly used anti-virus software includes Destroyer Online Anti-Virus Software, Trend Online Anti-Virus Software, Kaspersky Online Anti-Virus Software, etc. Network anti-virus software mainly focuses on network anti-virus. Once a virus invades the network or infects other resources from the network, the network anti-virus software will immediately detect and delete it.
3. Access control and data encryption technology
Access control: Strictly authenticate and control users' permissions to access network resources. For example, perform user identity authentication, encrypt, update and authenticate passwords, set permissions for users to access directories and files, control permissions for network device configuration, etc.
Data encryption: Encryption is an important means to protect data security. Encryption technology can be divided into symmetric key cryptography and asymmetric key cryptography. Asymmetric key cryptography technology is widely used and can be used for data encryption, identity authentication, access control, digital signatures, data integrity verification, copyright protection, etc.
In addition, we must also establish our own online behavior management system to control P2P, BT and other downloads, guard against malicious code and spyware; control and manage the use of instant messaging tools and their attachment management; guard against websites Or a brand is attacked by phishing or malicious code and issue a warning; provide security vulnerability and risk analysis of web servers, provide timely database updates, etc.
In short, network security is a comprehensive subject, involving many aspects such as technology, management, and use, including not only the security issues of the information system itself, but also physical and logical technical measures. Therefore, computer network security is not only a good network security design solution that can solve all problems, it must also be guaranteed by a good network security organization and management system. Only by relying on anti-virus software, firewalls, vulnerability detection and other equipment for protection while focusing on building people's security awareness, and with the help of security managers, can we truly enjoy the convenience brought by the network.