Network security is a comprehensive subject involving computer science, information theory and other disciplines. Basic knowledge of network security:
I. Introduction
When it comes to network security, people generally regard it as a branch of information security. Information security is a broader concept: measures taken to prevent unauthorized use, misuse, tampering or refusal to use knowledge, facts, data or capabilities. To put it bluntly, information security is to protect sensitive and important information from illegal access and acquisition, and further do illegal things. Network security is reflected in the information security problem in the independent interconnection environment of multiple computers, mainly including the security of independent computers, the security of interconnection (equipment, communication links, network software, network protocols) and the security of various network applications and services. The following are some typical network security problems that can be solved:
1.IP security: The main attack means are passive network eavesdropping, active IP spoofing (message forgery and tampering) and routing attack (man-in-the-middle attack);
2.DNS security: This should be familiar to everyone. Modify the mapping table of DNS to mislead users' access traffic;
3.DoS attack: Denial of service attacks launched by a single attack source mainly occupy network resources and force the target to collapse. Now, DDoS, a distributed denial of service attack initiated by multiple attack sources, is more popular.
The three basic attributes of network security: confidentiality, integrity and availability, in fact, auditability can also be added. Confidentiality, also known as secrecy, mainly refers to controlling the outflow of information, that is, ensuring that information and information are not obtained and used by unauthorized people, and the main preventive measure is cryptography; Integrity refers to the reliability of information, that is, information will not be forged or tampered with, and the main preventive measures are verification and authentication technology; Availability is to ensure that the system can be used normally. According to the TCP/IP or OSI model of the network, network security measures are usually divided into different levels. For example, the data link layer is responsible for establishing point-to-point communication, the network layer is responsible for routing, and the transport layer is responsible for establishing end-to-end communication channels.
The earliest security problems occurred on the computer platform, and then gradually entered the network level. In computer security, the subject mainly controls the access rights of the object, and the network contains more complex security issues. Nowadays, the development of network applications is in full swing, and e-government, e-commerce and e-finance are developing rapidly, which all pose challenges to dealing with security threats.
The application of cryptography in the field of network security is mainly confidentiality and identity authentication. In symmetric cryptosystems such as DES and asymmetric cryptosystems such as RSA, the general practice is that RSA protects the DES key, and DES is responsible for the actual transmission of information. Because DES is fast, RSA occupies more computing resources than RSA.
Second, risk analysis.
The main task of risk analysis is to identify the assets that need to be protected and their potential threats. The first step is to determine the assets, including physical resources (workstations, servers and various devices, etc.). ), knowledge resources (database, financial information, etc. ) and time and reputation resources. The second step is to analyze the potential attack sources, such as internal employees and external enemies. The third step is to specify a compromise security policy for the above analysis, because security measures are usually inversely proportional to system performance. Risk is defined as vulnerability+threat, and vulnerability refers to the way an attacker can achieve an attack. Threat refers to the specific behavior of realizing an attack, both of which are indispensable for risk.
Security policies can be divided into many types, such as:
1. Information strategy: such as identifying sensitive information, classifying information, marking/storing/transmitting/destroying sensitive information;
2. System and network security policies: user identification and authentication, access control, auditing, network connection, encryption, etc.
3. Computer user strategy: computer ownership, information ownership, computer licensing rights, etc.
4. Internet usage strategy: mail strategy (distinguishing and filtering internal mail and external mail);
5. User management process: new employee process, employee transfer process and employee resignation process;
6. System management procedures: software update, vulnerability scanning, policy check, login check, daily monitoring, etc.
7. Accident response procedures: response, authorization, testing of documents and procedures;
8. Configuration management procedures: initial state of the system, change control procedures. Network information security service.
Network information security service can be divided into: confidential * *, complete * *, available * *, auditable * *. Privacy * * is mainly realized by encrypting files with cryptography technology, and integrity * * is mainly realized by verification code/hash technology, which can be guaranteed by * * main disaster backup. Identity authentication in the network environment, of course, still depends on cryptography, one can use cryptographic technology, and the other depends on physical authentication, such as ID card. In fact, it is safer to realize multi-factor authentication, and there is not only one way. Digital signature can be used to ensure the integrity of information, such as RSA can be used for digital signature:
If A sends information M to B, first encrypt M with its own key (private key), and then encrypt M with B's public key for the second time. After sending a B, B decrypts it once with its own private key, and then decrypts it with A's public key.
Kerberos uses symmetric cryptographic algorithm to realize authentication service through trusted third-party key distribution center, which has become the de facto standard in the industry. Fourth, security architecture.
When designing a security architecture, we should pay attention to the following key issues: subject and object, trusted computing foundation (TCB), security boundary, benchmark monitor and security kernel, security domain, minimum privilege, resource isolation and layering, data hiding and abstraction, etc. In fact, these contents are the principles of operating system security design. The network system mainly relies on the OSI model and provides five types of security services:
1. authentication: authentication of peer entity and primary authentication of data;
2. Access control;
3. Data confidentiality;
4. Data integrity;
5. Anti-denial, it should be noted here that neither the sender nor the receiver can deny it;
Security mechanism of OSI security architecture;
1. Specific security mechanisms: encryption mechanism, digital signature mechanism, access control mechanism, data integrity mechanism, authentication exchange mechanism, communication service filling mechanism, routing control mechanism and notarization mechanism;
2. Universal security mechanism: trusted function, security marking, event detection, security audit and tracking, and security recovery;
Hope to help you, network technology, communication technology.