The wide application of computer network has had an important impact on the development of economy, culture, education and science and technology, and many important information and resources are related to the network. Objectively, almost no network can be free from security troubles. According to the statistics made by FinancialTimes, a network is invaded every 20 seconds on average, and security is the foundation of network development. Especially in the field of information security industry, its inherent sensitivity and particularity directly affect national security interests and economic interests. Therefore, under the irreversible situation of networking and informatization, how to minimize or avoid the economic losses caused by information leakage and destruction is a subject of great strategic significance that needs to be properly solved.
2 network security threats
The threats faced by computer networks mainly include threats to information in the network and threats to devices in the network. There are many factors that affect the computer network, and the threats it faces come from many aspects, mainly including:
① Human error: such as security loopholes caused by improper security configuration of operators, poor security awareness of users, careless password selection of users, and users lending or sharing their accounts with others at will will all pose a threat to network security;
② Interception of information: Interception of information through channels to obtain confidential information, or analysis of information flow, communication frequency and length to obtain useful information, which does not destroy the information content and is not easy to be discovered. This way is the most commonly used and effective way in past military confrontation, political confrontation and current economic confrontation.
(3) Internal theft and destruction: refers to internal or system personnel stealing secrets, leaking or changing information through the network, and destroying the information system. According to the investigation conducted by the Federal Bureau of Investigation in September, 1997, 70% of the attacks were launched from inside, and only 30% came from outside.
(4) Hacking: Hackers have become the bane of network security. In recent years, especially on February 7-9, 2000, eight top websites in the United States, such as Yahoo and Amazon, suffered from electronic attacks from unknown sources one after another, which led to the interruption of the service system, and the utilization rate of the whole Internet decreased by 20% in two days. The direct losses caused by this attack to these websites reached $6543.8+$200 million, and the indirect economic losses reached $6543.8+$0 billion.
⑤ Technical defects: Due to the limitation of cognitive ability and technical development, technical defects will inevitably be left in the process of software and hardware design, which may cause network security risks. Secondly, most network software and hardware products are imported. For example, 90% of the world's microcomputers are equipped with Microsoft's Windows operating system, and many network hackers enter the network through the loopholes and back doors of Microsoft's operating system. Reports in this regard often appear in newspapers;
⑥ Virus: The first virus (worm virus) reported by 1988 invaded the US military Internet, causing 8,500 computers to be infected and 6,500 computers to be shut down, resulting in direct economic losses of nearly $654.38 billion. Since then, such incidents have occurred one after another. From the "Red Line" in 2006.5438+0 to the outbreak of viruses such as shock wave and shock wave this year, the infection mode of computer virus has changed from passive transmission of single computer to active transmission of network, which not only brings network destruction, but also causes information leakage on the Internet, especially on private networks, virus infection has become a serious threat to network security. In addition, threats to network security also include force majeure factors such as natural disasters.
The above threats to the security of computer networks are often manifested as follows: ① eavesdropping: attackers obtain sensitive information by monitoring network data; (2) Retransmission: The attacker obtains part or all of the information first and then sends it to the receiver later; ③ Forgery: The attacker sends forged information to the receiver; (4) Tampering: The attacker modifies, deletes and inserts the communication information between legitimate users, and then sends it to the receiver; (5) Denial of service attack: the supplier slows down or even paralyzes the system response by some means, and organizes legitimate users to obtain services; 6. Behavior denial: the communication subject denies the behavior that has happened; ⑦ Unauthorized access: using network or computer resources without prior consent; (8) Spreading viruses: Spreading computer viruses through the network is very destructive and it is difficult for users to guard against it.
The minimum set of network security objectives is as follows: ① Identity authenticity: it can identify the authenticity of communication entity identity; (2) Information confidentiality: ensure that confidential information will not be disclosed to unauthorized individuals or entities; ③ Information integrity: ensure data consistency and prevent data from being established, modified or destroyed by unauthorized users or entities; (4) Service availability: ensure that legitimate users' use of information and resources will not be improperly rejected; ⑤ Undeniable: Establish an effective responsibility mechanism to prevent entities from denying their actions; ⑥ System controllability: It can control the way people or entities use resources; ⑦ Under the condition of meeting the safety requirements, the system should be simple to operate and convenient to maintain; ⑧ Auditability: Provide basis and means for investigating emerging network security issues.
Three main network security technologies
In order to ensure the security of network information, the following security technologies are commonly used in practical applications.
3. 1 virus prevention technology
Computer virus is actually a kind of functional program that can infect and invade computer system in the process of running. After the virus penetrates into the system or violates the authorization, attackers usually implant programs such as Trojan horses or logic bombs into the system to provide convenient conditions for attacking the system and network in the future. The current anti-virus software is facing the challenge of the Internet. At present, 13 ~ 50 kinds of new viruses appear every day in the world, 60% of which are spread through the internet. In order to effectively protect the information resources of enterprises, anti-virus software needs to support all internet protocols and e-mail systems that enterprises may use, and adapt to and keep up with the ever-changing pace of the times. In these respects, some foreign anti-virus software, such as Norton, McAfee and Panda Guardian, are ahead. However, most domestic anti-virus software is mainly single-machine anti-virus. Although some manufacturers have launched online antivirus products, the scope of protection is still narrow. Domestic antivirus manufacturers should strengthen the protection on gateways or mail servers as soon as possible. Only by effectively cutting off the entrance of the virus can we avoid the economic losses caused by the outbreak of the virus to enterprises and users.
3.2 Firewall technology
Firewall technology is a method to strengthen network security by isolating network topology and service type. The object it protects is the network block with clear closed boundary in the network, and the object it guards against is the security threat from the outside of the protected network block. At present, there are mainly the following firewall products: ① Packet filtering firewall: generally installed on the router, which filters the IP source address, IP destination address, encapsulation protocol (such as TCP/IP) and port number of packets flowing through the firewall according to the access control list set by the network administrator. ② Proxy firewall: Packet filtering technology can prevent unauthorized access by blocking IP addresses. But it is not suitable for companies to control internal personnel to access the external network. For enterprises with this demand, proxy server technology can be used to realize it. ProxyServer usually consists of a server program and a client program, and the client program is connected with a proxy server, so that only the proxy server can be seen from the external network without any internal resources. Therefore, proxy server technology is more reliable than single packet filtering technology, and all access records will be recorded in detail. The disadvantage is that users are not allowed to access the network directly, which will lead to the slow access of legitimate users to information. In addition, it should be noted that not all Internet applications support proxy server technology. ③ State monitoring firewall: After monitoring the relevant data through the detection module (a software engine that can realize network security policy on the gateway), extract some data (namely state information) from it and dynamically save it as a reference for future security decisions. The detection module can support a variety of protocols and applications, and can easily extend applications and services. After adopting the state monitor technology, before the user's access reaches the gateway operating system, the state monitor should extract the relevant data of the access request and analyze it in combination with the network configuration and security regulations, so as to make a decision on accepting, rejecting, authenticating or encrypting the communication. Once the access violates the above security regulations, the security alarm will deny the access and report the network status to the system administrator. But its configuration is very complicated, and it will slow down the transmission speed of network information.
3.3 Encryption technology
The network security system based on data encryption is characterized in that all data streams (including user data) in the network system are protected by reliable encryption of network data, which fundamentally solves the two major requirements of network security (namely, the availability of network services and the integrity of information) without making any special requirements for the network environment. The advantage of network system using encryption technology is that it not only does not need the support of special network topology, but also does not require the security degree of network path in the process of data transmission, thus truly realizing the end-to-end security guarantee in the process of network communication. It is predicted that in the next 3 ~ 5 years, the network security system with encryption technology will hopefully become the main way to realize network security. According to the symmetry of encryption key and decryption key, encryption technology can be divided into symmetric encryption, asymmetric encryption and irreversible encryption. In network transmission, encryption technology is an efficient and flexible security means. However, because most data encryption algorithms originated in the United States and are restricted by American export control laws, they cannot be widely used on the Internet, which limits the application of network security solutions based on encryption technology.
3.4 Intrusion detection technology
Intrusion detection technology is mainly divided into two types: ① Abnormal intrusion detection refers to the intrusion that can be detected according to abnormal behavior and the use of computer resources. Abnormal intrusion detection attempts to describe acceptable behavior characteristics in a quantitative way to distinguish abnormal and potential intrusion behaviors. The problem of abnormal intrusion is to construct an abnormal activity set and find a subset of intrusion activities from it. Abnormal intrusion detection method depends on the establishment of abnormal model, and different models constitute different detection methods. Anomaly detection is a detection technology that predicts the change of user behavior by observing the deviation of a set of measured values, and then makes decisions. ② Misuse intrusion detection: it refers to detecting intrusion by using the vulnerability attack methods of known systems and application software. The main assumption of misuse intrusion detection is that there are attacks that can be accurately coded in some way. By capturing the attacks and rearranging them, it can be confirmed that the intrusion activity is a variant of the intrusion method based on the same weakness. Misuse intrusion detection refers to detection through pattern matching according to predefined intrusion patterns and observed intrusions. Intrusion patterns explain the characteristics, conditions, arrangements and relationships of events that lead to security vulnerabilities or other misuse. An incomplete pattern may indicate that someone is trying to invade.
3.5 Network security scanning technology
Network security scanning technology mainly includes: ① port scanning technology: port scanning sends probe packets to the Tcp/Ip service port of the target host and records the response of the target host. By analyzing the response to determine whether the service port is open or closed, we can know the service or information provided by the port. Port scanning can also monitor the operation of the local host by capturing the incoming and outgoing Ip packets of the local host or server. It can only analyze the received data and help us find some inherent weaknesses of the target host, but can't provide detailed steps to enter a system. (2) Vulnerability scanning technology: Vulnerability scanning mainly checks whether there are vulnerabilities in the target host in the following two ways: after port scanning, learn the ports opened by the target host and the network services on the ports, and match these related information with the vulnerability database provided by the network vulnerability scanning system to see if there are any vulnerabilities that meet the matching conditions; By simulating the hacker's attack method, the target host system is scanned for offensive security vulnerabilities, such as testing weak passwords. If the simulated attack is successful, it means that the target host system has security vulnerabilities.
In addition to the above-mentioned network security technologies, there are also some widely used security technologies, such as authentication, access control and security protocols.