1. 1 the development of network security
1. 1. 1 the concept of network security
1. 1.2 network security requirements2
1. 1.3 Network security development trend 3
1.2 security threats and protection 4
1.2. 1 security threat 4
1.2.2 Safety protection measures 5
1.3 network security policy 9
1.3. 1 Functions of Security Policy 9
1.3.2 Types of security policies
1.3.3 Use of security policy
1.4 Types and common forms of security attacks 1 1
1.4. 1 network attack summary 1 1
1.4.2 Active attack 12
1.4.3 passive attack 13
1.5 network security architecture 13
1.5. 1 network architecture 13
OSI security architecture 1.5.2+05
1.5.3 security services and mechanisms 16
1.6 summary 17
Chapter II Security of Network Protocols 19
2. 1 basic protocol
2. 1. 1IP protocol20
2. 1.2TCP and UDP22
2. 1.3ARP and ICMP24
2. 1.4 routing protocol and domain name system 26
2.2 Application Protocol 28
2.2. 1SMTP and POP328
2. 2. 2 ime and IMAP43 1
Network address translation 34
RPC based protocol 37
2.2.5VoIP39
2.2.6 Remote Login Protocol 4 1
2.3 Next Generation Internet IPv642
2. 3. 1 IPv6 overview 42
IPv6 security 44
2.4 Summary 45
Chapter 3 Fundamentals of Cryptography 46
3. 1 classical cryptography 46
3. 1. 1 Introduction to Classical Cryptography 46
3. 1.2 Security of Classical Cryptography 47
3.2 Basic concepts of stream cipher 47
3.2. 1 stream cipher principle and classification 48
Key stream generation algorithm 48
3.2.3 stream cipher algorithm 49
3.3 Basic Concepts of Symmetric Cryptosystem 50
3.4 Data Encryption Standard 53
3.4. 1DES overview 54
DES analysis 56
3. 4. 3 Overview of Environmental Assessment System 56
3.4.4AES analysis 57
3.5 Other important block cipher algorithms 59
3. 5. 1 concept 59
3.5.2RC559
3.6 Public Key Cryptosystem 60
3.6. 1RSA password 6 1
Elliptic Curve Cryptography
3.7 Message Authentication and Hash Function 63
Hash function and data integrity 63
3.7.2 Security of Hash Function 64
3.7.3 Message authentication code 64
3.7.4 Hash function and its application in cryptography 65
3.7.5MD4 and MD566
3.7.6SHA67
3.7.7 Comparison of Shasha with MD4 and MD5 68
3.8 Digital Signature 68
3.8. 1 Basic concept of digital signature
3.8.2DSS signature standard 69
3.8.3 Other digital signature standards 70
3.8.4 Digital signature application 7 1
3.9 Summary 7 1
Chapter 4 Certification 72
4. 1 certification overview 72
Password-based authentication 74
4. 1.2 Address-based authentication 76
4. 1.3 password authentication protocol 77
4. 1.4 dynamic authentication 80
4.2 Biological authentication 8 1
4.2. 1 fingerprint authentication 82
4.2.2 Voice authentication 82
4.2.3 Iris authentication 82
4.3 Zero-knowledge certification 82
4.3. 1 zero knowledge proof protocol 83
4.3.2 Parallel zero-knowledge proof 85
4.3.3 Non-interactive zero-knowledge proof 85
4.3.4 Application of Zero-knowledge Proof in Identity Authentication 86
4.4 Authentication Protocol Application 87
4.4. 1Kerberos authentication 87
4. 4. 2 sl and TSL93
4.4.3 Two-factor authentication 97
4.5 Summary 99
Chapter V Data Security and Key Management 100
5. 1 data confidentiality guarantee measures 100
5. 1. 1 link encryption 100
5. 1.2 end-to-end encryption 10 1
5. 1.3 combination of link encryption and end-to-end encryption 102
5.2 Hardware Encryption and Software Encryption 103
Hardware encryption 103
Software encryption 103
5.2.3 Performance Analysis of Hardware Encryption and Software Encryption 104
5.3 Encryption of stored data 104
5.4 Basic concepts of key management 106
5.4. 1 key management 106
Key type 106
5.4.3 Key Generation 106
5.4.4 Key Distribution 107
5.5 Key Protection and Control 109
5.5. 1 key protection and storage 109
5.5.2 Backup key 109
5.5.3 Life cycle control of key 1 10
5.6 Key keeping 1 12
5.6. 1 Basic principles of key escrow 1 12
5.6.2 Key escrow application 1 13
5.7 Summary 1 13
Chapter 6 Public Key Infrastructure 1 14
6. 1PKI foundation 1 14
6. Network security requirements of1.1PKI 1 15
6. 1.2 certification authority and digital certificate 1 16
6. 1.3 public key infrastructure component 1 17
6. 1.4 Role of authorization 1 19
6.2PKI service and implementation 12 1
6.2. 1 key life cycle management 12 1
6.2.2 Certificate Lifecycle Management 123
6.2.3 Deploying PKI Services 127
6.3PKI architecture 130
6.3. 1 public key infrastructure architecture 130
6.3.2PKI entity 132
6.3.3PKIX certificate verification 133
6.4 PMI overview of rights management infrastructure 133
6.5 Attribute Permission and Permission Management 136
6.5. 1 attribute permissions 136
6.5.2 Authority management 137
6.6 Establish security application based on PMI 138.
6.6. 1PMI application structure 138
6.6.2 Application mode 139
6.6.3 Establish access control system 140.
Access control process 140
6.7 Summary 140
Chapter VII Firewall Technology 14 1
7. 1 firewall overview 14 1
7.2 firewall technology 143
7.2. 1 packet filtering technology 143
7.2.2 Application of Gateway Technology 144
7.2.3 Condition detection firewall 144
7.2.4 Circuit-level Gateway 145
Air gap firewall 145
Proxy server technology 146
7.3 firewall 147 architecture
7.3. 1 dual host architecture 147
7.3.2 Blocking host architecture 147
7.3.3 Blocking subnet architecture 148
7.4 Mainframe Fort 149
7.5 packet filtering 150
7.5. 1 packet filtering function 150
7.5.2 The application of packet filtering is 150.
7.5.3 Formulation Strategy of Filtering Rule 152
7.6 Condition Detection Packet Filtering 153
7.7 firewall application example 157
7.7. Performance characteristics of1Rising Firewall 157
7.7.2 Application environment and language support 158
7.7.3 Firewall Settings 158
7.8 firewall 164 thinking about other issues
7.9 Summary 165
Chapter 8 Intrusion Detection System 166
8. Overview of1IDS166
8. Basic concepts of1.1IDS166
Basic structure of 8. 1.2IDS 167
8.2IDS system classification 168
8.2. 1 Host-based id 168
8.2.2 IDS 170 based on network
8.2.3 Distributed Intrusion Detection System 172
8.3IDS detection mode 173
8.3. 1 Behavior-based detection
Knowledge-based detection 174
8.3.3 Other intrusion detection technologies 175
8.4 the application of ids176
8.4. 1IDS settings 176
8.4.2IDS deployment 177
8.4.3 Alarm Policy Settings 180
8.4.4 How to build IDS 180 based on network?
8.5 the development direction of ids182
8.6 Summary 185
Chapter 9 Virtual Private Network 186
9. Overview of1VPN186
9. 1. 1VPN basic concept 186
9. Types of1.2 VPN188
Advantages and disadvantages of 9. 1.3VPN 189
9.2VPN network security technology 190
9.2. 1 cryptography 190
9.2.2 Key management technologies 19 1
9.2.3 Tunnel technology 19 1
9.2.4 Authentication Technology 192
9.3 tunnel protocol and VPN implementation 192
9.3. 1 Basic concept of tunnel protocol
9.3.2L2FP 194
9.3 PPTP 194
9.3.4L2TP 195
9.4VPN configuration and implementation 198
VPN Settings in 9. 4. 1 Windows 198
9.4.2 VPN settings in Linux 201
9.5 Layer 3 Tunnel Protocol 203
9.6 Summary 204
Chapter 10 malicious code and computer virus prevention 206
10. 1 malicious code 206
10. 1. 1 the concept of malicious code 206
10. 1.2 malicious code type 206
Computer virus 2 10
10.2. 1 computer virus concept 2 10
10.2.2 composition of computer virus
10.3 preventive measures 2 12
10.3. 1 virus prevention technology 2 12
10.3.2 virus prevention deployment 2 15
10.3.3 virus prevention and management 2 15
10.3.4 antivirus software 2 15
10.4 Summary 2 16
1 1 wireless network security 2 18 chapter
1 1. 1 wireless network protocol 2 18
11.1.1802.11standard 2 18
1 1. 1.2 homerf 22 1
1 1. 1.3 irda 222
1 1. 1.4 Bluetooth technology 223
1 1.2 wireless network security 223
Securities11.2.1802.11.254436
11.2.2 security of WEP224
Security of Bluetooth technology 226
1 1.3 security threats faced by wireless networks 228
1 1.4 security threat solution 23 1
1 1.4. 1 Adopt appropriate security policies 23 1.
11.4.2802.1x authentication protocol 233
1 1 . 4 . 3802 . 1 1 i235
1 1 . 4 . 4 API 237
1 1.5 wireless network security application example 239
1 1.6 Summary 242