Information security knowledge 99

This article is recommended for favorites and future reference at any time

Q1

Q: What is network security?

A: network security means that the hardware, software, and data in the network system are protected and shall not be damaged, changed, or disclosed by accident or malicious reasons, the system can operate continuously, reliably, and normally without interrupting network services.

Q2

Q: What is a computer virus?

A: Computer Virus refers to a group of Computer commands or program code inserted by the compiler in a Computer program that destroys Computer functions or data, affects Computer usage, and can be self-copied.

Q3

Q: What is a trojan?

A: A Trojan is a malicious remote control software. Trojans are generally divided into clients and servers ). The client is the console of various commands used locally, and the server is to run for others. Only computers running on the server can be fully controlled. Trojans do not infect files like viruses.

Q4

Q: What is a Java malicious code?

A: A Java applet is a small program embedded in an HTML webpage that is executed when users browse the webpage. It was originally used by Web developers to create interactive Web pages with richer functions. However, malicious attackers use Java malicious program code as a weapon to attack users' systems, such as modifying the registry and running DOS commands. You can set the browser security to "high" to disable these applets.

Q5

Q: What is ActiveX malicious code?

A: ActiveX malicious code is an aggressive program code generated on the webpage using ActiveX control items. ActiveX Control item is a component embedded in Web pages. It allows Web developers to create interactive dynamic Web pages with richer functions. It is started when users browse the Web pages. However, if the webpage is embedded with ActiveX malicious control code, the attack program will also run automatically. We can restrict the running of ActiveX control items by setting security in IE.

Q6

Q: What is a malicious webpage? What harm does it cause?

A: webpage malicious code is a virus in a broad sense, but it is different from traditional viruses. Malicious webpage code is not contagious, but it is extremely destructive and deceptive. Every online user may encounter it and there is no good way to identify it. Most of the malicious web pages are on personal websites. They have a relatively small number of accessed pages, which are generally not contagious and are not as harmful as email viruses. When a user is attacked by a malicious webpage, the Registry is modified, the default IE homepage is modified, the system file is lost, and other webpages cannot be browsed normally.

Q7

Q: What is blacksoft often used in network security?

A: blacksoft is a software with network attacks. These software is usually written for a specific operating system or application, and malicious attacks are carried out on the computer through operating system and application vulnerabilities to steal privacy and delete and modify data.

Q8

Q: What is macro virus?

A: macros are a tool designed by software designers to prevent repeated operations when using software. It uses simple syntax to write common actions into macros. During work, you can directly use the prepared macros to automatically run a specific task without repeating the same action. To make it easier for people to use it, Word defines a file format and suffixes the document and the macros required by the document. the dot file is different from the previous software's separate storage of data and macros. This is because macro-infected files are both in the form of macro and data. Because the portability of documents is extremely high, if macros are assigned to different work platforms as they can be executed, it is similar to computer viruses.

Q9

Q: What is a firewall? How does it ensure network security?

A: Using Firewall is a way to ensure network security. A firewall is a combination of components set between different networks (such as trusted enterprise intranets and untrusted public networks) or network security domains. It is the only portal for information between different networks or network security domains. It can control inbound and outbound network information flows according to the enterprise's security policies (allow, deny, and monitor, it also has strong anti-attack capabilities. It is an infrastructure that provides information security services to achieve network and information security.

Q10

Q: What is Cookies? What security risks does it cause?

A: HTML is a non-memory Protocol. That is to say, the user is currently browsing the home page and has no memory or knowledge of it. In fact, we may want the browser to remember some information, but do not want users to see it. This requirement cannot be solved by HTML itself, so we introduced the concept of Cookies. When you access a website, Cookies are automatically stored in your IE. It contains various activities, personal data, browsing habits, consumption habits, and even credit records for users to visit the website. The user cannot see this information. When the browser sends a GET request to other home pages of the website, this cookie information will also be sent to the home page for use, in this way, the HTML memory is implemented to a certain extent. This should have been accessible only from websites with the original Cookies, but can be obtained by malicious users by some illegal means. To protect personal privacy, you can restrict the use of Cookies in Internet Explorer settings.

Q11

Q: What is IP scanning?

A: IP scanning refers to using some specific tools to scan users on the network and obtain the IP addresses of the other users. IP scanning is usually a prelude to network attacks. Therefore, preventing others from scanning IP addresses on their computers is an important means to prevent network attacks.

Q12

Q: What is port scanning? What does it do?

A: Port Scan refers to a group of Port Scan messages sent by someone with ulterior motives to intrude into a computer, and understand the type of computer network services it provides (these network services are related to the port number ). Port scanning is a preferred method for computer decryption. Attackers can use it to learn where to find attack vulnerabilities. Essentially, port scanning includes sending messages to each port and sending only one message at a time. The received response type indicates whether the port is being used and the vulnerability can be explored.

Q13

Q: I heard that all kinds of software have vulnerabilities. What is a vulnerability?

A: Vulnerabilities (bugs) refer to various defects in the operating system and application software.

Q14

Q: What is a backdoor? Why is there a backdoor?

A: A backdoor is a way to obtain access to a program or system by bypassing security control. In the software development stage, programmers often create backdoors in the software to modify defects in the program. If the backdoor is known by others or is not deleted before the software is released, it becomes a security risk.

Q15

Q: What is intrusion detection?

A: intrusion detection is a supplement to the firewall. It helps the system deal with network attacks and expands the security management capabilities of System Administrators (including security auditing, monitoring, attack identification, and response ), improve the integrity of the information security infrastructure. It collects information from several key points in the computer network system and analyzes the information to check whether there are any violations of security policies and signs of attacks on the network.

Q16

Q: What is a network listener?

A: Network listening is a common method for hackers. When a hacker successfully logs on to a host on the network and obtains the permissions of the super user on the host, he or she often needs to expand the result and attempt to log on or obtain control of other hosts on the network. Network listening is the simplest and most effective method. It can easily obtain information that is hard to obtain using other methods. On the network, gateways, routers, and firewalls are the most effective devices. These devices are usually operated by network administrators.

Q17

Q: What is a security zone? What does it do?

A: In Windows NT and Windows 95/98, when you use a network or access a Web site that is considered trusted, the "Security Zone" provides protection for your computer and privacy, instead of receiving a warning repeatedly. Internet Explorer provides different levels of security based on the security region of the specified Web site. For example, you may trust websites in the company's Intranet and want to allow all types of activity content to run here. You may not trust websites on the Internet, so you can specify them to the "untrusted" area to prevent activity content from running and prevent code downloading to your computer.

Q18

Q: What is data packet monitoring? What does it do?

A: Packet monitoring can be considered an equivalent of listening to a telephone line in a computer network. When someone is "listening" on the network, they are actually reading and interpreting packets transmitted over the network. If you need to send an email or request to download a webpage from a computer on the internet, these operations will make the data pass through many computers between you and the data destination. The computer that transmits the information can view the data you sent, and the data packet monitoring tool allows someone to intercept the data and view it.

Q19

Q: What is a sniffer and what is its function?

A: Sniff is an English form of sniffer. It can be understood as a computer-installed eavesdropping device. It can be used to snoop a large amount of information produced by a computer on the network. A simple explanation is that a telephone eavesdropping device can be used to intercept the content of a communication between two parties, while a computer network sniffer can intercept the data sent and received by computer programs on the network.

Q20

Q: What is a local attack? How does it happen?

A: When we share a folder locally, whether or not we set it as hidden or password-based access, it may be accessed by unauthorized means. Such illegal data deletion, file theft, and other attacks are called local attacks.

Q21

Q: What is remote attack? What is the target of the attack?

A: remote attacks target computers that cannot be controlled by attackers. It can also be said that remote attacks are a specialized attack on computers other than the attacker's own computer (whether the attacked computer and the attacker are located in the same location or thousands of miles away ). "Remote computer" is the most accurate definition: "a remote computer is such a machine. It is not a platform on which you are working, it is a computer that can be accessed through the Internet or any other network media using a protocol ".

Q22

Q: What is a buffer overflow attack?

A: The buffer overflow attack is a means of system attacks. By writing content beyond its length to the buffer zone of the program, the buffer overflow is caused and the stack of the program is damaged, to achieve the purpose of the attack. According to statistics, buffer overflow attacks account for more than 80% of all system attacks. The cause of buffer overflow is that the program did not carefully check user input parameters.

Q23

Q: What is a spoofing attack? What attack methods does it have?

A: The main technologies of network spoofing are: HONEYPOT and points.