Abstract: With the development of computer networks, it brings resources sharing to people. At the same time, there are great security risks in data security. The TCP/IP protocol is widely used for communication in today's networks. This article analyzes computer network security issues based on TCP/IP communication protocols and explores corresponding network security measures.
I. Computer Network Security
A computer network consists of a hardware network, communication software, and an operating system. For a system, a function program on the carrier can be run only when physical devices such as hardware circuits are used as the carrier. By using routers, hubs, switches, network cables, and other network devices, users can build their own communication networks. For a small-range wireless LAN, people can use these devices to build the communication networks they need, the simplest protection method is to set commands for wireless routers to prevent illegal user intrusion. Such protection measures can be used as a communication protocol protection, currently, WPA2 encryption protocol is widely used to implement Protocol encryption. Users can access the vro only by using the key. Generally, you can refer to the driver program as part of the operating system. After registration through the registry, the corresponding network communication driver interface can be called by the communication application. Network security usually refers to the protection of hardware and software in the network system, which cannot be changed, disclosed or damaged, so that the entire network can be continuously and stably operated and complete information can be transmitted, and keep them confidential. Therefore, computer network security is designed for network hardware, communication protocols, encryption technology, and other fields.
Ii. TCP/IP protocol
Network communication protocols are essential for computing and networks. A unified protocol standard must be used to combine different network products, network protocols are organically combined in a hierarchical manner. The layer-by-layer protocols have the following features:
Protocols at different layers have clear functions and are relatively independent
The interfaces between the protocol layers are clearer, and there are fewer cross interfaces.
Easy to implement
The Open Communication System Interconnection Reference Model (OSI) adopts a layer-7 protocol architecture with low efficiency. The TCP/IP protocol is an improved model based on the OSI model and uses a layer-5 protocol architecture, the TCP/IP model architecture 1 is shown in.
Iii. TCP/IP network security analysis
(1) Physical Layer Protocol security analysis. For the physical layer, it mainly involves network signal transmission and network communication protocols. for network communication, natural disasters (lightning strikes and heavy rain) and some artificial damage will cause some damage to the network communication line, and for network signal collection, it is the configuration of the NIC control chip, the configured parameters include the communication speed and mode used for network communication. Currently, commonly used network adapters, such as CS8900A, DM9000A, and Retaltek8201, all support 10 BASE-T twisted pair Ethernet communication.
(2) data link layer protocol security analysis. The data link layer is responsible for communication between the physical layer and the network layer. The protocol layer can package data transmitted in the physical layer into data frames. The data link layer can control data traffic and detect errors in the physical layer. The security threats faced by the data link layer are the lack of encryption algorithms and Protocols transmitted by the data link layer, which are prone to hacker and other illegal intrusion.
(3) Network Layer Protocol security analysis. The network layer is used to define the communication protocol of the network operating system. It can be used to define an address and convert the address to a physical address. The main responsibility of the network layer is to group packets and use the optimal path to communicate with the network. This layer is the most complex layer in the TCP/IP protocol model. This layer is also vulnerable to hacker attacks.
(4) Transport Layer Protocol security analysis. The transport layer is mainly responsible for identifying errors and recovering normal data to ensure reliable transmission of data information. The main protocol used in this protocol layer is TCP. This protocol can be used to create end-to-end one-sentence communication. However, the data information in the transport layer mainly depends on the effective Services provided by the network layer, which is greatly affected by the network layer.
(5) Security Analysis of application layer protocols. The application layer contains a program for users to directly interact with the network. The program is vulnerable to network viruses and operating systems. illegal users can use other programs to interfere with network applications.
Iv. network security prevention measures and development direction
(1) firewall technology. Firewall technology refers to the adoption of certain security policies to isolate the two networks. By establishing a security gateway, the computer is prevented from being accessed by unauthorized users, if the two networks adopt the same security policy or are allowed to be accessed by the Access party, the two network devices can communicate with each other.
(2) intrusion detection. Intrusion detection is a part of internal network security. It is used to identify network intrusions by illegal users and can take corresponding measures through identification. The Host intrusion detection technology can be used to protect the host. This method can be used to detect logs and view the related properties of illegal intrusion. When the host is intruded, this technology is widely used in network security. Detection software can be used to implement protection at the operating system level.
(3) data encryption technology. Encryption technology is mainly used in the data encoding and decoding stages. Through specific Encoding algorithms, data can be compiled into networks with corresponding decoding algorithms for identification. Encryption technology can be used to prevent data from being intercepted on the network. Even if the data is intercepted by illegal users, it will not cause data leakage. It plays an important role in the security network and financial and commercial networks. This technology can be applied to the data link layer of TCP/IP protocol.
(4) anti-virus technology. You can use anti-virus software or professional anti-virus tools to identify viruses that intrude into your computer. When a virus intrude into your computer, you can also identify the files infected with the virus to detect and delete the virus.
(5) line isolation protection. For a physical communication network, you can use an isolation card, an isolation switch, or an isolation Nic to achieve isolation. The physical isolation technology can effectively isolate illegal intrusion signals, thus improving network security. This method can be used to isolate malicious attacks from the physical layer.
Now, the Internet of Things and cloud computing models have emerged. This is the future direction of computer networks. Iot has higher requirements on network security than Ethernet. Cloud computing uses resources in the cloud network in the form of grid computing and distributed computing to accelerate the computing speed and improve efficiency. Cloud Security uses parallel processing to send virus attacks or malicious programs detected in the cloud network to clients in the cloud network, so as to further ensure user security.
V. Summary
People's lives are inseparable from computer networks, and network security is a guarantee to make full use of computer networks. For TCP/IP-based computer network security protection, the protocol layer can be used for protection, and physical devices or anti-virus software can be used for network protection. The computer network needs to be improved with the development of computer hardware, protocols, and systems to improve the security and stability of computer communication networks.