Network security means that the hardware, software and data in the network system are protected from accidental or malicious reasons, and the system runs continuously and reliably without interrupting network services.
1. Overview of network security
With the rapid development of computer technology, the business processed on the computer has also developed from a single computer-based mathematical operation, file processing, internal business processing and office automation based on a simple intranet to an enterprise-level computer processing system based on a complex intranet, extranet and Internet, and information sharing and business processing have spread all over the world. While the processing capacity of the system is improving, the connection capacity of the system is also improving. However, with the improvement of connection information and circulation ability, the security problem based on network connection has become increasingly prominent. The overall network security is mainly manifested in the following aspects: network physical security, network topology security, network system security, application system security and network management security.
Therefore, computer security problems should be prevented before they happen, just like fire prevention and theft prevention in every household. Even when you don't think you will be the target, the threat has already appeared. Once it happens, it will often be caught off guard and cause huge losses.
2. Physical safety analysis
The physical security of the network is the premise of the whole network system security. In the construction of campus network engineering, because the network system belongs to weak current engineering, the withstand voltage value is very low. Therefore, in the design and construction of network engineering, priority must be given to protecting personnel and network equipment from the harm of electricity, fire and lightning; Consider the distance between the wiring system and lighting lines, power lines, communication lines, heating pipes, cold and hot air pipes; Consider the safety of wiring system, insulated wire, bare wire, grounding and welding; It is necessary to build a lightning protection system, considering not only the lightning protection of buildings, but also the lightning protection of weak current withstand voltage equipment such as computers. Generally speaking, personal safety risks mainly include environmental accidents such as earthquakes, floods and fires; Power failure; Human error or error; The equipment is stolen or destroyed; Electromagnetic interference; Line interception; High availability hardware; Dual-machine multi-redundancy design; Computer room environment and alarm system, safety awareness, etc. So try to avoid the physical security risks of the network.
3. Security analysis of network structure
The design of network topology also directly affects the security of network system. If the internal and external networks are interconnected, the machine security of the internal network will be threatened, and it will also affect many other systems on the same network. Transmission through the network will also affect other networks connected to the Internet/intranet; The impact may also involve security sensitive areas such as law and finance. Therefore, it is necessary to isolate public servers (WEB, DNS, EMAIL, etc.). ) from the external network and other internal business networks, in order to avoid the leakage of network structure information. At the same time, the service requests of the external network are filtered, and only normal communication packets are allowed to reach the corresponding host, and other requested services are rejected before reaching the host.
4. Security analysis of the system
The so-called system security refers to whether the entire network operating system and network hardware platform are reliable and trustworthy. I'm afraid there is no absolutely safe operating system to choose from. Whether it is Windows NT of Microsfot Fot Fot or any other commercial UNIX operating system, its developers must have their own back door. Therefore, we can draw the following conclusion: there is no completely secure operating system. Different users should analyze their networks in detail from different aspects and choose the most secure operating system as far as possible. Therefore, we should not only choose as reliable an operating system and hardware platform as possible, but also configure the operating system safely. Moreover, we must strengthen the authentication during the login process (especially before reaching the server host) to ensure the legitimacy of users; Secondly, the operator's operating authority should be strictly limited, and the operations he has completed should be limited to a minimum.
5. Security analysis of application system
The security of application system is related to specific applications, involving a wide range. The security of application system is dynamic and constantly changing. Application security also involves information security, which includes many aspects.
-The security of the application system is dynamic and constantly changing.
Application security involves many aspects. There are more than twenty solutions to the e-mail system widely used on the Internet, such as sendmail, Netscape Messaging Server and Software.Com Post. Office, Lotus Notes, Exchange Server and SUN CIMS. Its security means involve LDAP, DES, RSA, etc. The application system is developing constantly, and the application types are increasing. In the aspect of application system security, we mainly consider building a secure system platform as much as possible, and constantly discovering and repairing vulnerabilities through professional security tools to improve system security.
-Application security involves the security of information and data.
Ranking of the latest antivirus software in 2006
Gold medal: BitDefender
Silver Award: Kaspersky
Bronze Award: F- Safe Anti-virus
Fourth place: PC-cillin
Fifth place: ESET Nod32
Sixth place: McAfee VirusScan
Seventh place: Norton antivirus
Eighth place: AVG antivirus
Ninth place: eTrust EZ Antivirus
Tenth place: Norman virus control
Eleventh place: AntiVirusKit
Twelfth place: AVAST!
13th place: Panda Titanium
Fourteenth place: F-Prot
Information security involves the disclosure of confidential information, unauthorized access, destruction of information integrity, forgery, destruction of system availability and so on. In some network systems, a lot of confidential information is involved. If some important information is stolen or destroyed, its economic, social and political impact will be very serious. Therefore, users must be authenticated when using computers, the exchange of important information must be authorized, and the transmission must be encrypted. Multi-level access control and authority control are adopted to realize data security protection; Adopt encryption technology to ensure the confidentiality and integrity of information transmitted on the Internet (including administrator password and account, uploaded information, etc.). ).
6. Safety risk analysis of management
Management is the most important part of network security. Unclear rights and responsibilities, imperfect safety management system and lack of operability may all cause management safety risks. When the network is subjected to other security attacks or threats (such as illegal operation by insiders), it is impossible to detect, monitor, report and warn in real time. At the same time, when the accident happens, it can't provide the basis for tracking clues and cracking hacker attacks, that is, it lacks the controllability and auditability of the network. This requires us to record the visit activities of the website at multiple levels and find illegal intrusions in time.
To establish a brand-new network security mechanism, we must deeply understand the network and provide direct solutions. Therefore, the most feasible way is to combine a sound management system with strict management. Ensuring the safe operation of the network and making it an information network with good security, expansibility and manageability has become the primary task. Once the above security risks become a reality, it is difficult to estimate the losses caused to the whole network. Therefore, network security construction is an important part of campus network construction.
7. Network security measures
-Physical measures: for example, protect key network equipment (such as switches and large computers), formulate strict network security rules and regulations, and take measures such as radiation protection, fire prevention and installation of uninterruptible power supply (UPS).
-Access control: strictly authenticate and control users' access to network resources. For example, user authentication, password encryption, update and authentication, setting user access to directories and files, controlling network device configuration rights, and so on.
-Data encryption: Encryption is an important means to protect data security. The function of encryption is to ensure that the information cannot be read after being intercepted.
Prevent computer network virus and install network anti-virus system.
-Other measures: Other measures include information filtering, fault tolerance, data mirroring, data backup and audit. In recent years, many solutions have been put forward around network security issues, such as data encryption technology and firewall technology. Data encryption is to encrypt the data transmitted in the network, and then decrypt and restore it to the original data after reaching the destination to prevent illegal users from stealing information after interception. Firewall technology is to control access to the network by isolating and restricting access to the network, thus protecting network resources. Other security technologies include key management, digital signature, authentication technology, smart card technology and access control.
Network security is a comprehensive subject involving computer science, network technology, communication technology, cryptography technology, information security technology, applied mathematics, number theory, information theory and other disciplines.
Network security means that the hardware, software and data in the network system are protected from accidental or malicious reasons, and the system runs continuously and reliably without interrupting network services.
Network security is essentially information security on the network. Broadly speaking, all technologies and theories related to the confidentiality, integrity, availability, authenticity and controllability of information on the network are the research fields of network security.
The specific meaning of network security will change with the change of "angle". For example, from the perspective of users (individuals, enterprises, etc.). ), they hope that information related to personal privacy or business interests will be protected by confidentiality, integrity and authenticity when transmitted on the network, so as to prevent others or opponents from using eavesdropping, impersonation, tampering, denial and other means to infringe on users' interests and privacy. Seek extinction.
From the perspective of network operators and managers, they hope to protect and control the access, reading and writing of local network information, so as to avoid threats such as "trap door", virus, illegal access, denial of service and illegal occupation of control network resources, and to prevent and defend the attacks of network hackers.
For the security department, they hope to filter and stop illegal, harmful or state secrets, so as to avoid the disclosure of confidential information, avoid harm to society and cause great losses to the country.
From the perspective of social education and ideology, unhealthy content on the Internet will hinder social stability and human development and must be controlled.
2. It is urgent to enhance the awareness of network security.
With the rapid development of computer technology, information network has become an important guarantee for social development. Information network involves government, military, culture, education and other fields. Among them, a lot of information stored, transmitted and processed is important information such as government macro-control decision-making, commercial and economic information, bank fund transfer, stocks and securities, energy resources data, scientific research data and so on. Many of them are sensitive information, even state secrets. So it will inevitably lead to all kinds of man-made attacks from all over the world (such as information leakage, information theft, data tampering, data deletion, computer viruses, etc.). ). At the same time, network entities have to withstand the tests of floods, fires, earthquakes and electromagnetic radiation.
In recent years, computer crime cases have also risen sharply, and computer crime has become a common international problem. According to the report of the Federal Bureau of Investigation, computer crime is one of the largest types of commercial crimes, with an average amount of $45,000 per crime and an annual economic loss of $5 billion.
Computer crimes are mostly instantaneous, wide-ranging, professional and time-space separation. Usually, it is difficult for computer criminals to leave criminal evidence, which greatly stimulates the occurrence of computer high-tech crimes.
With the sharp rise of computer crime rate, computer systems in various countries, especially network systems, are facing great threats and become one of the serious social problems.
3. Network security cases
At the beginning of 1996, according to the statistics of a joint survey conducted by the San Francisco Computer Security Association and the Federal Bureau of Investigation, in the past 12 months, 53% of enterprises were attacked by computer viruses, and 42% of enterprises' computer systems were illegally used. A Pentagon research team said that the United States suffered as many as 250,000 attacks a year.
1at the end of 994, Russian hacker Vladimir? Levin and his partners launched a series of attacks on Citibank in the United States from the networked computer of a small software company in St. Petersburg, and stole 1 1 ten thousand dollars from Citibank's mainframe computer in new york through electronic transfer.
1August, 1996 17, the web server of the U.S. Department of Justice was hacked, the homepage of the U.S. Department of Justice was changed to "U.S. Injustice Department", and the photo of the Attorney General was changed to Adolf? Hitler replaced the badge of the Ministry of Justice with Nazi party emblem, and added a photo of a pornographic girl as an assistant to the so-called Minister of Justice. In addition, there are many words attacking American judicial policy.
1September, 1996 18, hackers visited the network server of the CIA and changed the homepage from "CIA" to "Central Stupid Bureau".
1February 29, 996, 65438, hackers invaded the World Wide Web website of the US Air Force and changed the homepage at will, in which the introduction and news release of the Air Force were replaced by a yellow short film, and claimed that everything said by the US government was a lie. Forcing the US Department of Defense to shut down more than 80 other military websites.
4. The case of computer Internet security in China.
1February, 996, Chinanet, which was just opened, was successfully attacked.
1At the beginning of 997, an ISP in Beijing was hacked successfully. In the "Hacking and Decryption" discussion forum in "Tsinghua, Shui Mu" in Tsinghua University, an article was posted on how to surf the Internet for free through this ISP.
1On April 23rd, 997, a PPP user of Bell Internet Company in the southwest of Chad Hudson, Texas, USA invaded the server of China Internet Information Center, deciphered the shutdown account of the system, and changed the homepage of China Internet Information Center into a smiling skull.
1at the beginning of 996, CHINANET was attacked by a graduate student of a university. 1In the autumn of 1996, an ISP in Beijing had some conflicts with its users, and the users attacked the ISP's servers, resulting in service interruption for several hours.
5. Network security in different environments and applications
Operating system security refers to ensuring the security of information processing and transmission systems. Its key point is to ensure the normal operation of the system, avoid the damage and loss of information stored, processed and transmitted by the system due to the collapse and damage of the system, and avoid information leakage, interference and interference from others due to electromagnetic leakage.
Security of network system information. Including user password authentication, user access control, data access control and mode control, security audit, security problem tracking, computer virus prevention and data encryption.
The security of network information dissemination means the security of the consequences of information dissemination. Include information filtering, etc. It focuses on preventing and controlling the consequences of illegal and harmful information dissemination. Avoid a large amount of information spreading freely out of control on the public network.
Security of network information content. It focuses on protecting the confidentiality, authenticity and integrity of information. Prevent attackers from taking advantage of the security vulnerabilities of the system to eavesdrop, impersonate, cheat and other behaviors harmful to legitimate users. Essentially, it is to protect the interests and privacy of users.
6, the characteristics of network security
Network security should have the following four characteristics:
Confidentiality: The characteristic that information is not disclosed or used by unauthorized users, entities or processes.
Integrity: the characteristics of data cannot be changed without authorization. In other words, information remains unchanged, not destroyed or lost during storage or transmission.
Availability: Functions that authorized entities can access and use as needed. That is, whether the required information can be accessed when needed. For example, denial of service in the network environment, destroying the normal operation of the network and related systems, are all attacks on usability;
Controllability: the ability to control the dissemination and content of information.
7. Major network security threats
Natural disasters and accidents;
Computer crime;
Man-made behavior, such as improper use and poor safety awareness;
"Hacker" behavior: due to the invasion or intrusion of hackers, such as illegal access, denial of service by computer viruses, illegal connection, etc.
Internal leakage;
External leakage;
Information loss;
Electronic espionage, such as information flow analysis, information theft, etc.
Information warfare;
Defects of network protocols, such as security issues of TCP/IP protocol, etc.
8, the structural level of network security
8. 1 physical security
Natural disasters (such as lightning, earthquake, fire, etc.). ), physical damage (such as hard disk damage, expiration of equipment service life, etc. ), equipment failure (such as power failure, electromagnetic interference, etc. ), accident. Solutions include: protective measures, security system, data backup, etc.
Electromagnetic leakage, information leakage, interference with others, interference by others, taking the opportunity to enter (such as leaving halfway after entering the security inspection process), and trace leakage (such as improper storage of passwords and keys). Solutions include: radiation protection, screen password, hidden destruction, etc.
Operation error (such as deleting files, formatting hard disk, deleting lines, etc.). ), accidentally omitted. Solutions include: state detection, alarm confirmation, emergency recovery, etc.
Security of computer room environment. It is characterized by strong controllability and high loss. Solution: Strengthen computer room management, operation management, safety organization and personnel management.
8.2 Safety control
Safety control of microcomputer operating system. For example, the password entered by the user when starting the computer (some microcomputer motherboards have "universal passwords"), and the access control of reading and writing files (such as the file attribute control mechanism of Unix system). Mainly used to protect the information and data stored on the hard disk.
Security control of network interface module. The network communication process from other machines is safely controlled in the network environment. It mainly includes: identity authentication, setting and discrimination of customer rights, audit log, etc.
Security control of network interconnection equipment. Monitor the transmission information and running status of all hosts in the whole subnet. Mainly through network management software or router configuration.
8.3 Security Services
Peer authentication service
Access control service
Data security service
Data integrity service
Data source point authentication service
Denial of service is prohibited
8.4 Security mechanism
Encryption mechanism
Digital signature mechanism
Access control mechanism
Data integrity mechanism
Authentication mechanism
Information flow filling mechanism
Routing control mechanism
Notarization mechanism
9. Network encryption method
Link encryption mode
Node to node encryption mode
End-to-end encryption mode
Security issues of 10 and TCP/IP protocols
TCP/IP protocol data stream is transmitted in clear text.
Source address spoofing or IP spoofing.
Source routing spoofing.
Routing information protocol attack (RIP attack).
Authentication attack.
TCP serial number spoofing.
TCP SYN flooding attack, referred to as SYN attack.
Easily deceived.
1 1, common network security tools: scanner.
Scanner: It is a program that automatically detects the security weaknesses of remote or local hosts. A good scanner is equivalent to 1000 passwords.
Working principle: TCP port scanner, which selects TCP/IP port and service (such as FTP), records the reply of the target, and can collect useful information of the target host (whether it is possible to log in anonymously and provide some services). What does the scanner tell us: it can find the internal weaknesses of the target host, which may be the key factors to destroy the target host. System administrators use scanners, which will help strengthen the security of the system. Hackers using it will be detrimental to the security of the network.
The property of the scanner: 1, looking for a machine or network. Once you find a machine, you can find the service running on it. 3. Test which services have vulnerabilities.
At present, the popular scanners are: 1, NSS network security scanner, and 2. stroke super-optimized TCP port detection program, which can record all open ports of a specified machine. 3. Satan's security administrator's network analysis tool. Jakhar XSCAN.
12, a common information collection tool for hackers.
Information collection is the first step to break through the network system. Hackers can use the following tools to collect the information they need:
SNMP protocol is used to find the routing table of unsafe routers, so as to understand the internal details of the network topology of the target organization.
TraceRoute program, get the number of networks and routers that reach the target host.
Whois protocol is an information service that can provide data of all DNS domains and system administrators responsible for each domain. (But these data are often out of date).
DNS server, which can access the IP address table of the host and its corresponding host name.
Finger protocol can provide detailed information of users on a specific host (registered name, telephone number, last registered time, etc.). ).
Ping utility, which can be used to determine the location of the specified host and whether it is reachable. By using this simple tool in the scanner, you can Ping every possible host address on the network, so that you can build a list of hosts that actually reside on the network.
13, Internet firewall
Internet firewall is such a system (or a set of systems), which can enhance the security of an organization's internal network.
The firewall system determines which internal services can be accessed by the outside world; Who outside can access which services inside?
And which external services can be accessed by insiders. In order to make the firewall effective, all the letters in and out of the internet.
All information must pass through the firewall and be checked by the firewall. The firewall only allows authorized data to pass through, and the firewall itself also
Infiltration must be avoided.
13. 1 Relationship between Internet Firewall and Security Policy
A firewall is not only a combination of a router, a fortress host or any device that provides network security, but also a part of a security policy.
The security policy has established a comprehensive defense system, which even includes: informing users of their due responsibilities, network access, service access, local and remote user authentication, dial-in and dial-out, disk and data encryption, virus protection measures, employee training, etc. All places that may be attacked must be marked.
Same security level.
Only a firewall system is set up, and there is no comprehensive security policy, so the firewall is useless.
Advantages of 13.2 firewall
Internet firewall is responsible for managing the access between the Internet and the internal network of the organization. When there is no firewall, every node on the internal network is exposed to other hosts on the Internet, which makes it vulnerable to attacks. This means that the security of the intranet is determined by the firmness of each host, and the security is equal to the weakest system.
13.3 the role of internet firewall
Internet firewall allows network administrators to define a central "bottleneck" to prevent illegal users (such as hackers and network saboteurs) from entering the internal network. Services with security vulnerabilities are prohibited from entering and leaving the network to resist attacks from various routes. Internet firewall can simplify security management, and network security is strengthened on the firewall system, not distributed on all hosts in the internal network.
It is very convenient to monitor the security of the network and generate an alarm on the firewall. Note: For an internal network connected to the Internet, the important question is not whether the network will be attacked, but when. Who is attacking? The network administrator must review and record all important information passing through the firewall. If the network administrator can't respond to the alarm in time and check the regular records, the firewall is useless. In this case, the network administrator will never know whether the firewall is under attack.
Internet firewalls can be used as logical addresses for deploying NAT (Network Address Translator). Therefore, the use of firewall can alleviate the problem of insufficient address space and eliminate the trouble of re-addressing when an organization changes its ISP.
Internet firewall is the best place to audit and record Internet usage. The network administrator can provide the cost of internet connection to the management department, find out the location of potential bandwidth bottleneck, and provide department-level billing according to the accounting model of the organization.