Several key technologies of Network Security

1. Firewall Technology

"Firewall" is an image. In fact, it is a combination of computer hardware and software that enables a scurity gateway between the Internet and the Intranet ), while protecting the Intranet from illegal user intrusion. The so-called Firewall is a barrier that separates the Internet from the Intranet. There are two types of firewalls: Standard firewalls and dual gateway. The standard firewall system includes a unix workstation. each end of the workstation is buffered by a router. One router interface is the external world, that is, the public network; the other is connected to the Intranet. The standard Firewall uses specialized software and requires a high level of management, and there is a certain delay in information transmission. Dual home gateway is an extension of the Standard firewall, also known as the bation host or Application layer gateway. It is a single system, however, all functions of the Standard firewall can be completed simultaneously. Its advantage is that it can run more complex applications and prevent any direct frontier between the Internet and internal systems. It can ensure that data packets cannot directly reach the internal network from the external network, and vice versa.

With the advancement of the firewall technology, two firewall configurations have evolved based on the two gateways. One is the hidden host gateway and the other is the hidden smart Gateway (hidden subnet ). The hidden host gateway is a common firewall configuration. As the name suggests, this configuration hides the router, and installs a bastion host between the Internet and the Intranet. The bastion host is installed on the Intranet and configured with a vro to make it the only system for communication between the Intranet and the Internet. Currently, the most complex technology and the most secure firewall is the hidden smart gateway, which hides the gateway in the public system to prevent direct attacks. Concealed smart gateways provide almost transparent access to Internet services and prevent unauthorized access to private networks. Generally, such firewalls are the least vulnerable to damage.

2. Data Encryption technology

The security technology used in combination with the firewall, as well as data encryption technology, is one of the main technical means used to improve the security and confidentiality of information systems and data and prevent secret data from being broken by external analysis. With the development of information technology, network security and information confidentiality have aroused increasing attention. At present, apart from strengthening data security protection in terms of law and management, countries have taken technical measures in both software and hardware, it promotes the continuous development of data encryption and physical defense technologies. Based on different functions, data encryption technology is mainly divided into four types: data transmission, data storage, data integrity identification, and key management technology.

(1) Data Transmission encryption technology

The purpose is to encrypt data streams in transmission. Common Guidelines include line encryption and end-to-end encryption. The former focuses on the online path without considering the source and sink. It provides security protection for the confidential information through different lines using different encryption keys. The latter means that the information is automatically encrypted by the sender, and enters the TCP/IP packet encapsulation, and then passes through the Internet as unreadable and unidentifiable data. Once the information reaches the destination, it is automatically reorganized and decrypted to become readable data.

2) data storage encryption technology

The object is to prevent data loss during the storage process. It can be divided into two types: ciphertext storage and access control. The former is generally implemented through encryption algorithm conversion, additional passwords, encryption modules, and other methods; the latter is to review and restrict user qualifications and restrictions, prevent Unauthorized users from accessing data or unauthorized users from accessing data.

(3) Data Integrity Identification Technology

The purpose is to verify the identity and relevant data content of the person involved in the transfer, access and processing of information to meet the confidentiality requirements, generally, it includes password, key, identity, data and other items identification. The system verifies whether the feature value entered by the object meets the preset parameters by comparing and verifying, to achieve data security protection.

(4) Key Management Technology

For the convenience of data usage, data encryption is used as a key application in many cases. Therefore, keys are usually the main objects of confidentiality and password theft. Key media include: magnetic cards, tapes, disks, and semiconductor storage. Key management technologies include key generation, distribution, storage, replacement, and destruction.

3. Smart Card Technology

Another technology closely related to data encryption is smart card technology. A smart card is a media set of keys. Generally, like a credit card, it is held by an authorized user and is granted with a password or password. The password is the same as the password registered on the internal network server. When passwords and identity features are used together, the security of smart cards is still quite effective in terms of network security and data protection to a certain extent. The more secure, the more reliable the smart card is. Therefore, when looking at whether an intranet is secure, we should not only examine its means, but more importantly, the various measures taken for the network, not only physical defense, there are other "soft" factors such as the quality of personnel to conduct a comprehensive assessment, so as to draw a conclusion on whether it is safe.