Tcp ip protocol application security

Why do we need to exit IPv6? A large part of the reason is not only the lack of IP addresses. It can improve network security. The fourth version of the Internet protocol based on the tcp ip protocol family does have many security problems. So here we will make an analysis to see where these security risks are hidden.

The main trend of the IP layer is the lack of effective security authentication and confidentiality mechanisms. The main factor is the IP address issue. The TCP/IP protocol uses IP addresses as the unique identifier of a network node. Many TCP/IP Services, including the R command, NFS, and X Window in the Berkeley, authenticate and authorize users based on IP addresses. Currently, the TCP/IP network security mechanism mainly includes Packet Filtering based on IP addresses (Packet Filtering) and Authentication) technology, its validity is reflected in the ability to judge the authenticity and security of data based on the source IP address in the IP package. However, there are many problems with IP addresses. The biggest drawback of the Protocol is the lack of protection for IP addresses and the lack of authentication mechanisms and confidentiality measures for the authenticity of source IP addresses in the IP package. This is the root cause of the overall tcp ip protocol insecurity.
Because UDP is based on the IP protocol, TCP packet segmentation and UDP Packet encapsulation are transmitted over the network in the IP packet, so it also faces security threats encountered by the IP layer. Now people have been trying to solve the problem, but what is still unavoidable is the "three-way handshake" mechanism attack based on the TCP connection.

File Transfer Protocol for the TCP/IP protocol family

The persistent cause of FTP is that it can transmit platform-independent data over the Internet. It is based on a client/server architecture. FTP will be transmitted through two Channel ports), one transmission data TCP port 20), and the other transmission control information TCP port 21 ). On the control channel, both clients and servers exchange commands for initiating data transmission. An FTP connection consists of four steps: User Authentication → establishing a control channel → establishing a data channel → closing the connection. FTP connection Control uses TCP Transmission Control Protocol and Transmission Control Protocol), which ensures reliable data Transmission. Therefore, FTP does not need to care about packet loss and data error detection during data transmission.

Anonymous FTP is widely used on the Internet, and the low security level is frequently visited by hackers. Anonymous FTP is true and anonymous. It does not record who requested the information, who downloaded the file, and what was uploaded. It may be a Trojan ). FTP has a fatal Security defect. FTP uses a standard user name and password for identity authentication and lacks effective access permission control mechanisms, both the password and password are transmitted in plain text.

Web Services of the TCP/IP protocol family

The Web server is located at the front end of the host infrastructure and is directly connected to the Internet. It is responsible for receiving requests from clients, creating dynamic Web pages, and responding to request data. Initially, the WWW Service only provided static HTML pages. to change people's desire for network interaction requests, the CGI program was introduced, which made the homepage active. The CGI program can receive user input information. Generally, the user transmits the input information to the CGI program through a table, and then the CGI program can perform some processing according to user requirements, generally, an HTML file is generated and sent back to the user. Many CGI programs have security vulnerabilities, which are easily exploited by hackers to do illegal things. Many people may not understand the security vulnerabilities in the CGI software package when writing CGI programs, and in most cases, they will not re-compile all the parts of the program, but will modify it as appropriate, in this way, many CGI programs inevitably have the same security vulnerabilities. Many SQL Server developers do not start with the security protection foundation when writing the code. This will not ensure the security of your developed code, as a result, the operation of the application cannot be controlled within the required minimum permissions.

Improve network reliability with the TCP/IP protocol family

The disadvantages of IPv4 are ignored by many security technologies, which are inevitably replaced by the next-generation technology IPv6. IPsec security protocol is a later Protocol developed 3-1), while Network Address Translation solves the problem of IP Address shortage, but increases security risks, this makes it difficult to implement real end-to-end security applications. The two basic components of end-to-end security-authentication and encryption are the integration components of IPv6 protocol. In IPv4, they are only additional components. Therefore, IPv6 Security is easier and more consistent.

In the current network environment, especially in the campus network, because there is no NAT address translation problem, IPSec has the basic features that allow the deployment of trusted computing infrastructure. IPSec packet Verification ensures the data integrity of the entire IP header, the next layer of protocol such as TCP, UPD, or ICMP) header, and the data load of the data packet. Huaxia Network Management ofAdmin. Com

In addition, the one-way Hash algorithm for data packets is used to provide the checksum. The communication initiator calculates the checksum and attaches it to the data packet before sending it. The responder calculates the checksum for the data packet after receiving it. If the checksum calculated by the responder exactly matches the checksum included in the data packet, it indicates that the data packet has not been modified during transmission. The one-way computing feature of the checksum indicates that the value cannot be modified during transmission, which ensures the credibility of the end-to-end data transmission process.