16th Q & A basics of cybersecurity

Q: What is network security?

A: network security means that the hardware, software, and data in the network system are protected and shall not be damaged, changed, or disclosed by accident or malicious reasons, the system can operate continuously, reliably, and normally without interrupting network services.

Q: What is a computer virus?

A: computer virus refers to a computer virusProgramA group of computer commands or programs that disrupt computer functions or data, affect computer usage, and are capable of self-replication.Code.

Q: What is a trojan?

A: A Trojan is a malicious remote control software. Trojans are generally divided into clients and servers ). The client is the console of various commands used locally, and the server is to run for others. Only computers running on the server can be fully controlled. Trojans do not infect files like viruses.

Q: What is a firewall? How does it ensure network security?

A: Using firewall is a way to ensure network security. A firewall is a combination of components set between different networks (such as trusted enterprise intranets and untrusted public networks) or network security domains. It is the only portal for information between different networks or network security domains. It can control inbound and outbound network information flows according to the enterprise's security policies (allow, deny, and monitor, it also has strong anti-attack capabilities. It is an infrastructure that provides information security services to achieve network and information security.

Q: What is a backdoor? Why is there a backdoor?

A: A backdoor is a way to obtain access to a program or system by bypassing security control. In the software development stage, programmers often create backdoors in the software to modify defects in the program. If the backdoor is known by others or is not deleted before the software is released, it becomes a security risk.

Q: What is intrusion detection?

A: intrusion detection is a supplement to the firewall. It helps the system deal with network attacks and expands the security management capabilities of System Administrators (including security auditing, monitoring, attack identification, and response ), improve the integrity of the information security infrastructure. It collects information from several key points in the computer network system, analyzes the information, and checks whether there are any violations of security policies and signs of attacks on the network.

Q: What is data packet monitoring? What does it do?

A: Packet monitoring can be considered an equivalent of listening to a telephone line in a computer network. When someone is "listening" on the network, they are actually reading and interpreting packets transmitted over the network. If you need to send an email or request to download a webpage from a computer on the internet, these operations will make the data pass through many computers between you and the data destination. The computer that transmits the information can view the data you sent, and the data packet monitoring tool allows someone to intercept the data and view it.

Q: What is NIDs?

A: NIDS is short for network intrusion detection system, which is a network intrusion detection system. It is mainly used to detect hacker or cracker intrusion through the network. There are two NIDs running modes: one is to run on the target host to monitor its own communication information, the other is to run on a single machine to monitor the communication information of all network devices, such as the hub and router.

Q: What is a SYN packet?

A: The first packet of a TCP connection is a very small data packet. SYN attacks include a large number of such packages, which appear to come from websites that do not actually exist, so they cannot be effectively processed.

Q: What does encryption mean?

A: encryption technology is the most common security and confidentiality method. It turns important data into garbled (encrypted) transmission by technical means, and restores (decrypts) data by the same or different means after arriving at the destination ).

Encryption technology includes two elements:AlgorithmAnd key. An algorithm is a process that combines common or understandable information with a string of numbers (KEYS) to generate incomprehensible ciphertext data, A key is an algorithm used to encode and decrypt data. In terms of security and confidentiality, appropriate key encryption technology and management mechanisms can be used to ensure the security of network information and communication.

Q: What is a worm?

A: The Worm Virus (worm) originated from the first virus that spreads over the network. In 1988, 22-year-old Cornell University graduate student Robert Morris sent a virus specially designed to attack UNIX system defects called "worm" over a network. Worms paralyze 6000 systems, with an estimated loss of $2 million to $60 million. Due to the birth of this worm, a computer emergency team (CERT) was also set up on the Internet ). The family of worms has grown to thousands, and most of these worms are from hackers.

Q: What is an operating system virus? What harm does it cause?

A: This virus uses its own program to join the operating system or replace some of the operating systems for work. It is highly destructive and can paralyze the entire system. In addition, because the operating system is infected, the virus replaces the legal program module of the operating system with its own program segment during running. According to the characteristics of the virus and the status and role of the valid program module in the OS to be replaced, as well as the replacement mode of the virus to replace the OS, destroys the operating system. At the same time, the virus is also highly infectious to files in the system.

Q: What does the Morris worm mean? What are its features?

A: It was written by route Morris, a first-year graduate student at the University of Cornell. This program has only 99 lines. Taking advantage of the disadvantages of the UNIX system, you can use the finger command to query the online user name list, crack the user password, copy and spread the source program using the mail system, and compile and generate the code.

The initial network worm was designed to "wander" between computers without causing any harm when the network is idle. When a machine is overloaded, the program can "borrow resources" from the idle computer to achieve load balancing of the network. Instead of "taking resources", the Morris worm "consumes all resources ".

Q: What is DDoS? What will it cause?

A: DDoS is also a distributed denial of service attack. It uses the same method as a common Denial-of-Service attack, but there are multiple sources of attacks. Generally, attackers use the downloaded tool to penetrate unprotected hosts. After obtaining proper access permissions for the host, attackers install software services or processes (hereinafter referred to as proxies) on the host ). These agents stay asleep until they get instructions from their master end and initiate a Denial-of-Service attack on the specified target. With the widespread use of highly risky hacking tools, distributed denial-of-service attacks can simultaneously launch thousands of attacks against a single target. The power of a single Denial of Service attack may not affect sites with wider bandwidth, and thousands of attacks distributed around the world will have fatal consequences.

Q: What is ARP attack in a lan?

A: The basic function of ARP is to query the MAC address of the target device through the IP address of the target device to ensure communication.

Based on ARP, hackers continuously send fraudulent ARP packets to their computers. The packets contain MAC addresses that are repeated with the current device, so that when the other party responds to the packets, due to a simple duplicate address error, network communication fails. Generally, ARP attacks may occur on computers:

1. the dialog box "XXX segment hardware address of the Local Machine conflicts with xxx segment address in the network" is displayed.

2. The computer cannot access the Internet normally and the network is interrupted.

Because This attack uses arp request packets for "spoofing", the firewall will mistakenly think it is a normal request packet and will not intercept it. Therefore, common firewalls are difficult to defend against such attacks.

Q: What is a spoofing attack? What attack methods does it have?

A: The main technologies of network spoofing include Honeypot, distributed Honeypot, and spoofing space. The main methods include IP spoofing, ARP spoofing, DNS spoofing, Web spoofing, email spoofing, and source route spoofing, illegal communication with other hosts using fake identities or sending fake packets, which can cause an error on the attacked host) and address spoofing (including forging the source address and forging the intermediate site.