Analysis: Will hackers talk to your computer?

A few days ago, I was shocked by the news that hackers instantly turned tens of thousands of computers into "bots. The system prompts "svchost.exe application error". No matter you click "OK" or "cancel", the system may be disconnected or crashed. No anti-virus software can be used, except for fixing the system.
It is said that the infected computer, like the characters infected by Smith in the matrix of hackers, immediately becomes another Smith agent, turning around and starting to take the initiative to attack other computers in the LAN. A hacker organization even claims that "scanning a day and a night can capture tens of thousands of" bots ".

As a result, some people put it down to Microsoft's "black screen", saying that a large number of users shut down the system to avoid black screens, and did not promptly use third-party tools to patch and fix system vulnerabilities, so that hackers could have the opportunity to take advantage of them. I do not agree with this view. The source of all evil is "money". You use piracy to save money. Microsoft uses black screens to make money. Hackers use bots to make money ".

Hacker is a computer expert who is enthusiastic about computer technology, especially program designers. More than 10 years ago, my computer-born sister admired hackers. At that time, hackers followed the principle of "no malicious damage to any system ." Hackers are keen on playing pranks and prove that they are very good.

However, today, some computers with poor conduct are stepping into this network "black" society, and some are enjoying a peek and exchange various Trojan intrusion techniques; some sell bots (computers controlled by hackers) to others; some make easy-to-understand tutorials and teach people to "Capture chickens ". With the naked temptation of money, the Internet Society is so shocking. Data shows that the "black" economic chain is already up to billions of dollars.

"In principle, every computer connected to the network may be hacked ." Qu Chengyi, a well-known security expert in China, once said this. After my analysis, I felt like the following is true: first, hackers are required in the virus and anti-virus industry chain, and thieves are not excluded. Second, online banking is developing, online transactions are rising, and money is too attractive. Third, the code is compiled by people. It is impossible to be a dingtalk. There must be vulnerabilities that allow hackers to drill down ......

The virus killer mode that everyone is familiar with now is usually to wait until hackers and Viruses enter the computer terminal and then take remedial measures. Therefore, anti-virus software is labeled as "expired medicine ". Do we have to live in the black terror forever on the Internet?

In fact, we can also "vaccinate" computer networks and implant the "immune" function into the network-hardware-based network management and Virus Defense, you can manage network security by controlling vrouters, vswitches, and other network devices to prevent hackers from accessing your computer to the maximum extent.

Network vendors refer to it as "active defense" or "self-defense" networks. HP networks are working, Cisco is working, and Huawei is working. Unfortunately, these high-tech terms make it difficult for non-professionals to understand them.

According to a friend who works on the HP Network, determine whether the "active defense" network built by your company has three points: first, whether access control can be done well; second, whether the network structure is reasonable; Article 3: whether there is a smart edge driven by policy to ensure network security and optimization. All of this requires a comprehensive test process (ProCurve NAC 800 has a comprehensive test process ).

Taking the HP Network NIM solution as an example, NIM can remotely map suspicious traffic to IDS, IPS, and UTM devices for further analysis, provides administrators with the ability to prevent multiple types of malicious attacks, as well as a wide range of attack mitigation and attacker tracking functions. The system can also gain an in-depth understanding of internal network threat activities, helping managers greatly improve network availability. Traditionally, devices such as IDS are only responsible for single-link detection. NIM can spread IDS and other functions across the network to the ports of each switch. From this perspective, we can think that NIM makes the exchange devices in the network have the security detection capability.

Network security has indeed become a major problem for national economy and livelihood. Don't forget that hackers looking at your computer may cause a serious fault if they neglect your computer.

Professional knowledge tips: security technical means

Physical measures: for example, to protect key network equipment (such as switches and large computers), develop strict network security rules and regulations, adopt anti-radiation, fire prevention, and install uninterruptible power supply (UPS).

Access Control: strictly Authenticate and control the user's access to network resources. For example, perform user identity authentication, encrypt, update, and authenticate passwords, Set User Access Directory and file permissions, and control network device configuration permissions.

Data Encryption: encryption is an important means to protect data security. Encryption ensures that information cannot be understood after being intercepted. Install the network anti-virus system to prevent computer network viruses.

Other measures: Information Filtering, fault tolerance, data mirroring, data backup, and auditing.