As we all know, as the largest information network in the world, the openness of the Internet's own protocols greatly facilitates all kinds of networked computers and broadens the resources of * * * *. However, due to the neglect of security issues in the early network protocol design and the anarchy in management and use, the security of the Internet itself has been seriously threatened gradually, and related security accidents have occurred frequently. The threats to network information security are mainly manifested in: unauthorized access, impersonating legitimate users, destroying data integrity, interfering with the normal operation of the system, spreading viruses through the network, wiretapping and so on.
This paper mainly introduces the basic knowledge about network information security: the fragility of network information security, the key technologies of network information security, common attack methods and countermeasures, and the construction of secure network. In view of these problems, this paper puts forward and expounds its own countermeasures. With the continuous development of network technology, the problem of network information security will eventually be solved.
Keywords: network information security firewall data encryption intranet
With the rapid development of computer technology, information network has become an important guarantee for social development. Information network involves government, military, culture, education and other fields. A large amount of information stored, transmitted and processed is important information such as government macro-control decision-making, commercial and economic information, bank fund transfer, stocks and securities, energy resources data and scientific research data. Many of them are sensitive information, even state secrets, so it will inevitably lead to various man-made attacks from all over the world (such as information leakage, information theft, data tampering, data deletion, computer viruses, etc.). ). Usually it is difficult to leave criminal evidence by using computer crimes, which also greatly stimulates the occurrence of computer high-tech crimes. With the sharp rise of computer crime rate, computer systems in various countries, especially network systems, are facing great threats and become one of the serious social problems.
Network information security is an important issue related to national security and sovereignty, social stability and the inheritance and development of national culture. With the acceleration of global informatization, its importance is becoming more and more important. Network information security is a comprehensive subject involving computer science, network technology, communication technology, cryptography technology, information security technology, applied mathematics, number theory, information theory and other disciplines. It mainly means that the hardware, software and data in the network system are protected from accidental or malicious reasons, and the system runs continuously and reliably without interrupting network services.
This paper analyzes the main problems existing in current network information security from the aspects of vulnerability of network information security, main technologies of network security, common methods and countermeasures of network attacks, and network security construction, and puts forward solutions to common network attacks from the technical level, hoping to gradually eliminate the hidden dangers of network information security through network security construction.
First, the vulnerability of network information security
Internet has spread all over the world 180 countries, providing diversified network and information services for hundreds of millions of users. On the Internet, in addition to the initial exchange and dissemination of written information such as emails and news forums, communication technologies such as VoIP, network fax, static and video are constantly developing and improving. In the information society, the network information system will play an increasingly important role in politics, military affairs, finance, commerce, transportation, telecommunications, culture and education. Society is increasingly dependent on network information systems. A variety of complete network information systems make secret information and wealth highly concentrated in computers. On the other hand, these network information systems all rely on computer networks to receive and process information, so as to realize the mutual connection and management control of goals. Obtaining and exchanging information through the Internet has become an important feature of modern information society. The network is gradually changing people's working style and lifestyle, and has become a theme of social development today.
However, with the development of information industry, the security of Internet and network information has also become a hot issue concerned by relevant government departments, major industries and business leaders. At present, the economic losses caused by the vulnerability of information systems in countries all over the world are increasing year by year, and the security problems are becoming more and more serious. Faced with this reality, relevant government departments and enterprises in various countries have to pay attention to network security.
Why is the Internet security problem so serious? How did these security problems arise? Comprehensive technology and management factors, we can be summarized into four aspects: the openness of the Internet, its own vulnerability, the universality of attacks, and the difficulty of management.
(1) The Internet is an open network, and TCP/IP is a common protocol.
Computer systems with various hardware and software platforms can be accessed through various media and can be accessed all over the world without restrictions. Therefore, all kinds of security threats can quickly affect every corner of the world through the Internet without geographical restrictions and platform restrictions.
(2) The security defect of the Internet itself is the root cause of the vulnerability of the Internet.
The fragility of the Internet is reflected in all aspects of design, implementation and maintenance. In the design stage, because the initial Internet was only used by a few trusted users, security threats were not fully considered in the design, and the Internet and connected computer systems also left a lot of security loopholes in the implementation stage. It is generally believed that the number of errors in software is directly proportional to the scale of software. As the network and related software become more and more complex, there are more and more security vulnerabilities. Security vulnerabilities in the maintenance phase of Internet and software systems are also important targets of security attacks. Although the system provides some security mechanisms, these security mechanisms have not played an effective role due to the technical level limitation of administrators or users and the heavy workload of maintenance and management. For example, the default installation of the system and weak passwords are one of the reasons for the success of a large number of attacks.
(c) The universality of Internet threats is another aspect of security.
With the development of the Internet, the means of attacking the Internet is becoming more and more simple and common. At present, the functions of attack tools are getting stronger and stronger, but the knowledge level of attackers is getting lower and lower, so attackers are more common.
(D) Management difficulty is also an important reason for Internet security problems.
Specific to the internal safety management of enterprises, due to the rapid business development, frequent personnel turnover, rapid technology update and other factors, it is also very complicated, and there are often phenomena such as insufficient manpower investment and unclear safety policies. Extending to different countries, although security incidents are usually borderless, security management is limited by many factors such as country, geography, politics, culture and language. Tracking cross-border security incidents is very difficult.
Second, the main technology of network security
(A) firewall technology
"Firewall" is a figurative term. In fact, it is a combination of computer hardware and software, which establishes a security gateway between the Internet and the intranet, thus protecting the intranet from illegal users. In fact, it is a barrier that separates the Internet from the intranet (usually local area network or metropolitan area network).
Technical implementation of 1. firewall
The technical realization of firewall is usually based on the so-called "packet filtering" technology, and the standard of packet filtering is usually formulated according to the security policy. In firewall products, the standard of packet filtering is generally set by the network administrator in the access control list of firewall devices. Access control is generally based on the following criteria: the source address of the packet, the destination address of the packet, the direction of the connection request (incoming or outgoing), the packet protocol (such as TCP/IP) and the type of service request (such as ftp and www).
Firewall can also be implemented by proxy server software. The early firewall mainly played the role of shielding the host and strengthening access control. Nowadays, the firewall gradually integrates the latest research results of information security technology, and generally has the functions of encryption, decryption, compression and decompression. These technologies improve the security of information on the Internet. Now, the research of firewall technology has become the leading research direction of network information security technology.
2. The characteristics of the firewall
Physically speaking, a firewall is a collection of various systems located between two networks and has the following characteristics:
(1) All packets from inside to outside and from outside to inside must pass through the firewall;
(2) Only packets allowed by the security policy can pass through the firewall;
(3) The firewall itself should have the function of preventing intrusion, and the firewall is mainly used to protect the secure network from unsafe intrusion.
3. Use of firewall
Network security is usually at the expense of openness, convenience and flexibility of network services, and the setting of firewall is no exception. On the one hand, the partition function of firewall strengthens the security of intranet, on the other hand, it hinders the communication of information system between intranet and intranet. Therefore, it is necessary to attach various information service proxy software to the firewall to proxy the information communication between the internal network and the external network, which not only increases the network management overhead, but also slows down the information transmission rate. In order to solve this problem, recently, NetScreen Technology Company of the United States introduced the third generation firewall, and its built-in special ASIC processor was used to provide hardware firewall access strategy and data encryption algorithm processing, which greatly improved the performance of the firewall.
It should be noted that not all network users need to install a firewall. Generally speaking, only enterprise networks and corporate networks that have special requirements for personal network security and need networking are recommended to use firewalls. In addition, the firewall can only block the intrusion of the external network, and the security of the internal network needs to be realized through effective control and management of the internal network.
(B) data encryption technology
1. The meaning of data encryption technology
The so-called data encryption technology is to reorganize the data by digital means, so that it is difficult for anyone except the legal receiver to recover the original "message". The purpose of this technology is to encrypt the data stream in transmission. There are two common methods: line encryption and end-to-end encryption. The former focuses on the lines without considering the source and destination, and provides security protection for confidential information by using different encryption keys on each line. The latter means that the information is encrypted by the sender through special encryption software, and the plaintext (that is, the original text) is encrypted into ciphertext (encrypted file, the content of which is some incomprehensible codes) by using some encryption technology, and then it is encapsulated in TCP/IP packets and transmitted through the Internet. Once the information reaches the destination, it will be decrypted by the receiver with the corresponding key, so that the ciphertext can be restored to readable data plaintext.
2. Commonly used data encryption technology
At present, the most commonly used encryption technologies are symmetric encryption technology and asymmetric encryption technology. Symmetric encryption technology refers to the simultaneous use of a key for encryption and decryption. Asymmetric encryption technology means that the keys used for encryption and decryption are different. It has a pair of keys, called "public key" and "private key" respectively. These two keys must be used in pairs, that is, files encrypted with the public key must be decrypted with the private key of the corresponding person, and vice versa.
3. Development status of data encryption technology
In network transmission, encryption technology is an efficient and flexible security means, which is worth popularizing in enterprise networks. At present, there are many encryption algorithms, most of which originated in the United States, but they will be restricted by American export control laws. At present, DES, an American data encryption standard, is commonly used in financial system and business circles. In recent years, the research on encryption algorithms in China mainly focuses on the analysis of cryptographic strength and practical research.
(3) Access control
1. Proof
Authentication is a kind of consistency verification, and verification is a means to establish consistency proof. Authentication mainly includes authentication basis, authentication system and security requirements. Authentication technology is the earliest security technology applied to computers, and it is still widely used now. It is the first barrier of Internet information security.
2. Access control
Access control specifies which subject has what operation rights to which object. Access control is an important aspect of network security theory, which mainly includes personnel restriction, data identification, authority control, type control and risk analysis. Access control is also one of the earliest security technologies. Generally, it is used in conjunction with identity authentication technology to give users with different identities different operating rights and realize hierarchical management of information with different security levels.
Third, common network attack methods and countermeasures
The network is full of security holes. Even if the old security holes are filled, new ones will appear constantly. Network attacks use these vulnerabilities and security flaws to attack systems and resources.
(A) the steps of network attacks
1. Hide your location
Ordinary attackers will use other people's computers to hide their real IP addresses. Sophisticated attackers will also use the 800-phone unattended transfer service to connect to the ISP, and then steal other people's accounts to surf the Internet.
2. Find the target host and analyze the target host
The attacker must first find the target host and analyze the target host. It is the IP address that can really identify the host on the Internet, and the domain name is to remember the new name of the host IP address. As long as you use the domain name and IP address, you can successfully find the target host. At this point, the attacker can easily obtain the information of which version of which operating system the target host is running, which accounts the system has, and what versions of server programs such as WWW, FTP, Telnet and SMTP by using some scanning tools, so as to make full preparations for the invasion.
3. Get the account and password, and log in to the host.
If an attacker wants to invade a host, he must first have the account and password of the host, otherwise he can't even log in. This often forces them to try to steal the account file, crack it, get the user's account and password from it, and then find the right time to enter the host. Of course, using some tools or system vulnerabilities to log in to the host is also a common method used by attackers.
Step 4 Gain control
Attackers take advantage of system vulnerabilities and use FTP, Telnet and other tools to gain control of the target host system. They will do two things: clear the records and leave the back door. He will change some system settings and put Trojan horses or other remote control programs in the system, so that he can re-enter the system in the future without being noticed. Most backdoor programs are pre-compiled, so you just need to find a way to modify the time and permissions before you can use them. Even if it is a new file, its size is exactly the same as the original file. Attackers usually use rep to deliver these files so as not to leave FTB records. After clearing the log, deleting the copied files and other means to hide its trace, the attacker will start the next step.
5. Stealing network resources and privileges
After the attacker finds the target, he will continue the next attack. Such as: downloading sensitive information; Implement economic theft such as stealing account passwords and credit card numbers; Paralyze the network.
(B) Common methods of network attacks
1. password intrusion
The so-called password intrusion refers to the use of some legitimate users' accounts and passwords to log in to the destination host and then carry out attacks. The premise of this method is that the account of a legal user on the host must be obtained first, and then the password of the legal user can be deciphered.
2. Place a Trojan horse program
Trojan horse programs can directly invade users' computers and destroy them. It is often disguised as a utility program or a game, which induces users to open email attachments with Trojan horses or download them directly from the Internet. Once users open these email attachments or execute these programs, they will stay in their computers like trojans left by soldiers outside enemy cities, and hide a program in their computer systems that can be quietly executed when windows starts. When you connect to the Internet, this program will notify the attacker to report your IP address and preset port. After receiving this information, the attacker can use this latent program to modify the parameter settings of your computer at will, copy files, and peek at the contents of your entire hard disk. So as to control your computer.
3.3 Deception technology. World Wide Web
Online users can use IE and other browsers to visit various websites, such as reading newsgroups, consulting product prices, subscribing to newspapers, e-commerce and so on. But the average user may not think of these problems: the web page being visited has been tampered with by hackers, and the information on the web page is false! For example, a hacker rewrites the URL of a web page that a user wants to browse to point to the hacker's own server. When users browse the target web page, they actually send a request to the hacker server, and the hacker can achieve the purpose of cheating.