Different people often refer to a certain period as "XX era" from different angles to emphasize something or something.
The important influence of people on society. The network mentioned here refers to the use of computers and other telecommunications equipment as user terminals and modern
Integrated telecommunication network is a transmission link, with switching equipment and processing equipment as nodes and various information as loads.
. This kind of network has a great influence on the economy, politics, culture, military affairs and people's lives in contemporary society.
Ring, so more and more people think that our society has entered the "network age".
From the following data and examples, we can see that the network has a great influence on society:
There are more than 500 million netizens in the world, more than 45 million in China, and there are photos outside the network.
When the number of private network users.
More than 45,000 kinds of computer viruses have been found in the world, resulting in annual economic losses of more than $65,438 +0.6 trillion.
On September 2nd, 2002, China Youth Daily reported two articles on the Internet. There is an article saying that Miss Zhang was in Lijiang, Yunnan on August 24th.
The bus I took fell into the valley, and Miss Zhang suffered a compression fracture of the third lumbar vertebra. If she is not treated in time, she may be disabled for life, which is a distant thing.
A friend in Shenzhen asked for help on the Internet and got the special chartered flight of Civil Aviation, so that the patient was transferred to the Second Affiliated Hospital of Zhongshan, Guangzhou on 26th, 27th.
On the 24 th, the operation was carried out in time, and the network won her rescue time; The other is about the capital from July 23rd 1 1: 15 to 12: 30.
The international airport was "paralyzed" due to network failure, which delayed 60 flights and more than 6,000 passengers' flights, and mentioned July 5.
A serious accident in which Shenzhen Stock Exchange was shut down for several hours due to network failure.
In the network era, the network has brought unprecedented opportunities and challenges to society. The normal operation of the network brings to the society
Great progress and wealth have been made, and the insecurity of the network will also cause unexpected disasters and losses. The network is accelerating.
Only by expanding coverage, accelerating penetration into various fields and accelerating the change of traditional rules can network security be improved.
Sex, seeking advantages and avoiding disadvantages, can keep up with the pace of the Internet age.
Main viewpoints of network security
The goal of network security
Ensure the physical security of the network, physically protect the network and prevent the network from being destroyed.
Ensure the logical security of the network, that is, use logical isolation to ensure the confidentiality and integrity of information.
Integrity, availability, controllability and authenticity (authorization
Icity) and undeniable. Confidentiality ensures that information will not be interpreted by unauthorized persons; end
Integrity ensures that information will not be added, deleted, tampered with or destroyed; Availability guarantee information is really for authorizing users to operate normally;
Controllability ensures that the network and information can be safely monitored; Authenticity ensures that the received information is indeed sent by the sender.
Not fake; Non-repudiation ensures that the sender cannot deny the information he sent to the receiver, and can obtain evidence through digital evidence.
Evidence preservation is convenient for notaries and arbitrators to intervene and manage the network according to law.
To ensure the safety of network management, we should first choose trustworthy people, and secondly, there should be enough people in management departments and managers.
Adequate safety knowledge, formulate corresponding laws, regulations and systems, strengthen administrative management, and put prevention first.
Security is not absolute.
Safety is a concept closely related to risk, and it is safe only within a certain risk range, not absolute.
The safety of.
Network enjoyment and network threat are a pair of symbionts. The higher the openness and enjoyment of the network, the more threats the network faces.
The higher. In other words, the higher the availability of the network, the lower the security of the network. It is inevitable that there are security holes in the network.
Network attacks are inevitable, just to reduce the probability of being breached as much as possible.
Network information warfare has emerged.
Network information warfare refers to a military struggle for the control of network information, with the aim of paralyzing enemy command.
Automation system.
The operational forms of network information warfare include command and control warfare, electronic warfare, intelligence warfare, psychological warfare, hacker warfare and so on.
199 1 in the gulf war, the us military used computer viruses in actual combat for the first time and won, and the network information war began.
First applied to war; Since then, in the wars in Kosovo, Yugoslavia and Chechnya, Russia, 200 1 both used Chinese and American warplanes.
The plane collision incident was a hacker war between China and the United States triggered by the fuse. It happened in the "9. 1 1" terrorist attack in the United States in 20065438.
The shadow of network information warfare.
Many military experts have been studying all aspects of network information warfare, and even regard network information attack as modern.
Killer of war. It can be imagined that in the near future, the emergence of cyber warfare troops and even cyber troops in the military establishment is complete.
It's possible.
Cryptography is the core and basic technology of network information security.
The main function of a password is to make the classified information public, so that those classified information can be made public.
* * * Storage, transmission and exchange in the network.
Cryptography can be used for information encryption, information authentication, digital signature, authorization control, encryption tunnel and key management.
On the other hand, the person who intercepts the information cannot decipher it with the available computing resources at this stage.
The secret is in the key, which is the basic creed of cryptographers. Interceptors can intercept ciphertext, but as long as they can't get it off.
To the point, it should be impossible to decipher.
Encryption has strict procedures and mathematical algorithms, while decoding depends on rich experience, extensive association and appropriate skills.
Yes There is no unbreakable password in the world, but it is often restricted by material resources, financial resources, time and conditions.
Only smart people will win.
Simple encryption can only paralyze oneself and facilitate the enemy. It is best not to encrypt.
Network security cannot be done once and for all.
Network security and network threats are a pair of contradictions, which change and develop in the dynamic and advance in the struggle.
Network security measures are not omnipotent, but without network security measures, it is absolutely impossible.
The focus of network security is to improve the durability of the network, allow some illegal intrusions, and allow some components to be destroyed and allowed.
Although some components are unreliable, the network can still allocate resources reasonably and reorganize resources structurally, and still complete its main tasks.
.
Network security should be constantly improved by using the latest technological achievements in regular evaluation, and it cannot be done once and for all.
Network security investment
The network security industry includes two parts: security equipment and security services. Security devices include firewall, antivirus software and encryption.
Encoder, access control, security authentication, construction of encryption tunnel, etc. Security services include security consultation and security risk assessment.
, project implementation, overall solution, safety training, after-sales technical support, product upgrade, etc.
International investment in the network security industry accounts for about 10%- 15% of the network industry, including security equipment and security services.
The investment ratio is close to 1: 1, and the investment ratio of security services will increase with time. Experts don't expect
There will be "online 1 10", "online police" and "online emergency team" in the near future.
Be a rational user of network security
Rational users should abide by laws and regulations and implement relevant network security technical standards and norms; Listen to expert consultation
Discuss and formulate a security plan coordinated with network development; Carefully select and master the real performance indicators of products; Pay attention to the latest technology
Operation, dynamic adjustment of safety scheme, do a good job in safety emergency measures.
Basic countermeasures of network security
Establishing network security architecture
Network security architecture is a theoretical basis, which can make the outline of network security construction open-minded, orderly and comprehensive.
Considerate and relatively perfect.
Some foreign government departments, research institutions and companies have put forward some models of network security architecture.
On this basis, Mr. Zhan proposed a model suitable for China's national conditions, namely WPDRRC (Early Warning, Protection, Detection, Response and Recovery).
And counterattack). Early warning refers to predicting the possible attacks on the network, evaluating the risks faced, and providing basis for security decision-making; protect
Protection refers to taking different levels of protection according to different levels of safety requirements; Detection refers to the dynamic and real-time discovery of networks.
The nature and extent of the threat; Response refers to timely handling of incidents that endanger safety and reducing harm.
To the minimum; Recovery refers to the use of fault tolerance, redundancy, replacement, repair, consistency assurance and other technologies to quickly restore the network.
Normal work; Counterattack refers to the ability to obtain criminal evidence and the means of attack.
Isolation between private network and internet
On August 5, 2002, the State Information Office issued a document requesting that "e-government network consists of government intranet and extranet.
The two networks are organically isolated, and the external network of government affairs is logically isolated from the Internet. "Other departments and units have similar.
Requirements.
Physical isolation means that there is no data flow between two networks, and there is no storage and channel to enjoy. physics
The implementation scheme of isolation includes: terminal switching scheme supporting dual host and single terminal; Physical isolator with dual disks and dual network cards.
Case; Isolation network card scheme with dual-network isolation function; The external network uses independent hard disk, and the internal network uses server-side unification.
Storage isolation scheme; Later, there appeared a scheme of dual mainboards and single CPU, which was isolated by hardware architecture. user
You can flexibly design your own physical isolation scheme, but it still can't resist unintentional negligence and intentional attacks from inside.
Logical isolation means that only legal data exchange is allowed between two networks, and illegal data flow is not allowed to enter the private network.
Net. Logical isolation can be achieved by using firewalls, gateways, etc. For example, the campus network and the Internet are connected with each other through a firewall to prevent
Firewalls can keep pornographic, horrible and cult propaganda information on the Internet out of the campus network. But the firewall is external.
In the absence of defense, there are still a lot of blind spots in the label discrimination ability of the firewall, and there are often loopholes in the firewall itself, which makes the attacker take advantage of it.
If there is a gap and the filtering rules of the firewall are not properly defined, there will be a "fish that slips through the net". If the firewall can't adapt to the new situation,
The immediate upgrade of security threats will also exist in name only.
In addition, it should be pointed out that in order to close the network safely, it is because of choking and abandoning food; For security reasons, it is physically isolated from the external network.
It will turn the intranet into an "information island" and greatly reduce the efficiency of use; Adopt a relatively perfect security scheme to build an intranet.
Secure interconnection with external networks (including the Internet) allows private network users to enjoy the rich resources of the Internet, which is the network.
Network development is the last word of "Dayu harnessing water"
Firewall technology
A firewall is a communication between a private network and the Internet, or between a part of the Internet and the rest, according to certain rules.
A system in which the exchange of information is conditionally controlled (including isolation) to prevent unwanted communication between networks.
Firewall can be implemented by hardware, software or a combination of hardware and software. Firewalls can be divided according to applications.
Enterprise firewall and personal firewall can be divided into packet filtering type, application gateway type and working mode according to technical principles.
Bridge mode and routing mode.
Firewall can strengthen access control, and provide information filtering, special proxy of application layer and log analysis and statistics for private network.
Report, and perform the functions of "key password+firewall one-time password" two-factor authentication for users.
The intervention of firewall should not affect the efficiency of the network too much, and it should be able to stop or catch illegal intruders in normal work.
In particular, once the firewall is breached, it should be able to restart and resume normal working conditions, so as to minimize the damage to the network.
Lower limit.
Access control technology
Access control is a method to determine which network resources (such as memory, I/O, CPU, data).
Libraries, etc. What kind of authorization, what kind of access (such as reading, writing, running, etc.). ) mechanism.
Access control can be divided into identity access control, content access control, rule access control, environment access control and data access control.
Labels and other types.
Common access control technologies include passwords, permission tags, security tags, access control lists and matrices, and access persistence.
Time limit, etc.
Access control must follow the principle of least privilege, that is, users have no access privileges other than legal access authorization.
Yes, make sure to effectively prevent network losses caused by ultra-authorized access.
It is worth pointing out that the intensity of access control is not very high, and it will not be absolutely safe, such as password one.
Generally, they are short and have features that some people know, so they are easier to guess or be broken.
Execution disable bit
A computer virus is an aggressive program that can modify other programs or insert its own copy into other programs.
To infect computer networks, viruses usually have destructive effects and spread rapidly through online information exchange.
Step 1: Destroy the perfection of online information.
Computer virus has the characteristics of unauthorized implementation, good concealment, strong infectivity, latent and destructive.
Sexual transmission is widespread, triggered conditionally, and new viruses emerge one after another.
The harm of computer virus is varied. Virus programs will consume resources and slow down the network speed; Viruses can interfere and change.
Changing the image or sound of the user terminal makes the user unable to work normally: some viruses can also destroy files, memory and software.
And hardware, so that part of the network is paralyzed; Some viruses will set up a remote shared area on the hard disk to form a back door, which will open the door for hackers.
The door of convenience.
Anti-virus technology includes four aspects: virus detection, automatic alarm and interception; Virus removal (killing)
Poison), clean and thorough, does not harm the network; Network repair, according to the relevant clues to rescue the lost data, so that the network
The network returns to normal work; Virus prevention (immunization) usually uses software patches to constantly make up for network vulnerabilities, thus making up for them.
At the same time, anti-virus software should be upgraded in time to maintain its sufficient "lethality".
There are many kinds of network viruses, and their classification methods are also varied. According to the algorithm of virus classification, there are associated viruses (the earliest one)
Viruses), "worm" viruses (such as Morris virus 1998), parasitic viruses (newly discovered viruses are basically
This is the case), such as ghost virus, armored virus, fraud virus, slow-acting virus, slight injury virus, phage virus, anti-virus.
Anti-virus and comprehensive virus, etc. ; What is easy for the majority of netizens to understand can be divided into Internet virus and electricity according to the application situation.
Sub-mail virus, macro virus, Windows virus, DOS virus, hacker program and other application viruses. This road is one foot high.
The magic is one foot high and one foot high. Only the "brave+smart+tough" side can win the battle against the virus.
Intrusion detection technology
Intrusion detection is considered as a new generation of network security technology after firewall and information encryption. Intrusion detection refers to
On a certain network segment (for example, in a firewall), find the network connection with intrusion characteristics as soon as possible, and immediately alarm and disconnect.
Disconnect or other disposal.
Intrusion detection is different from the intrusion characteristics of firewall monitoring. The firewall monitors the structural characteristics of the data stream, such as
Source address, destination address, port number, etc. These characteristics will definitely be shown in a specific position in the data stream; And intrusion detection
It is usually beneficial to monitor the attack characteristics contained in the data content, such as the appearance of a large number of continuous Nop padding codes in the data stream.
Slow down; The attacker that overflows the vulnerability in the middle area changes the content of the data stream. But there are still some entries.
Intrusion will not lead to attack feature strings in data streams, but an abnormal group behavior pattern, which must be divided.
Through comprehensive analysis, we can find the cloth intrusion detection system.
The difficulty of intrusion detection is that the sum of detection time and response time must be less than attack time.
With the improvement of computer speed, the time is often in the microsecond or even nanosecond level; There are thousands of attack characteristics, including known and
If there are unknowns, the algorithm of intrusion detection should be improved accordingly: the network broadband is getting bigger and bigger, and the online data traffic is already huge.
Massive, detecting such a huge data stream is really "looking for a needle in a haystack"; Intrusion detection should find and capture illegal intrusions in time.
It is a high-tech war to protect the characteristics, prevent the destruction of evidence and fight back.
Virtual secure private network (VPN)
VPN refers to a service provider connecting multiple user subnets into a private network by using a public network (such as the Internet). VPN is
Logical network, not physical network, not only has the rich resources of public network, but also has the security and flexibility of private network.
Make love.
At present, public networks are all based on IP network protocols. In order to solve the security problem of IP data stream, IETF (Internet worker)
Process Working Group) formulated Ipsec(IP Security Standard). Ipsec adopts two security mechanisms: one is AH(IP Authentication Header).
), perform strong password verification on IP data, and further provide data integrity authentication and source authentication; The other is ESP(IP data
Encapsulate security payload), which provides data integrity and confidentiality by encrypting IP data. ESP is divided into tunnel encryption.
(that is, completely encrypt the entire IP data) and the IP data payload encryption method.
Ipsec is an end-to-end security mechanism. Ipsec works at the third layer of the Internet protocol, namely the Internet protocol layer, because
This TCP protocol (transmission control protocol) located in the fourth layer can work on Ipsec without any change.
Other network security countermeasures
In addition to the above measures, network security should also take the following countermeasures:
Password algorithm with appropriate intensity, password is always the cornerstone of network security and the core of all security countermeasures;
Adopt a secure operating system;
Using electromagnetic protection measures, on the one hand, we should prevent the electromagnetic leakage and emission of useful information, on the other hand, we should take anti-electromagnetic measures.
Interference transmission mode;
Take lightning protection measures;
Take appropriate physical protection measures;
Strengthen administrative management, improve rules and regulations, strictly select and employ people, and involve laws and networks.
Concluding remarks
The network is a vast world for us to gallop, and the network exit and IP address delimit the network territory for us. Cyberworld
The forest is full of all kinds of useful resources, but there are also many "traps", and a war without smoke is going on.
Fight. "Save yourself and destroy the enemy" is our basic principle. In order to realize network security, we must keep learning.
Keep up with the pace of network development; Listen to and respect the advice of experts and make safety decisions carefully; Comprehensive use of multiple safety pairs
Policies to ensure moderate network security; Dynamically improve safety countermeasures; Strive to occupy the commanding heights of security.