Comprehensive interpretation and introduction of Windows network security and common attack methods

originally I was to visit the forum, but saw a bit in front of the same network security peers, left the traces, sent a relatively good article, I thought that since we come to this trip, can not seem worse than others. So I also wrote this piece is not a mature small article, hope you mutual encouragement of the ha.
1. The concept of cyber security
the definition of network security: the hardware, software and data of the network system are protected, and the system can run continuously and the network service will not be terminated because of accidental and malicious reasons.
1>: Network security is mainly related to 3 aspects.
hardware security: that is, to ensure the security of network equipment, such as the network of servers, switches, routers and other equipment security.
software and data security: to ensure that important data in the network is not stolen and destroyed, the software can operate normally without being destroyed.
System normal operation: To ensure the normal operation of the system, the system can not be paralyzed and downtime.
2>: Characteristics of network security
confidentiality: Prevent unauthorized users from accessing data
Integrity: Data is not modified during storage and transfer
Availability: Data is available at all times
Controllability : Data can be controlled during transmission
Accessibility: Administrators are able to track user action behavior
3>: Threats to cyber security
Unauthorized access : Access to relevant data without authorization
Information Disclosure or loss: information is leaked or lost during transmission
destroys data integrity: data is modified during transmission
denial of Service attacks: by sending a large number of packets to the server, consuming the server's resources and making the server unavailable for service.
use the network to spread computer viruses.
2. Common Network attack Modes
port scanning, security vulnerability attacks, password intrusion, trojan programs, email attacks, Dos attacks.
1> port scan:
port scanning allows you to know which services and ports are being opened by the scanned computer in order to discover their weaknesses, can be scanned manually, or scanned using port scanning software.
2> port scanning software
SuperScan (Integrated scanner)
main functions:
detect if the host is online
Mutual conversions between IP addresses and host names
probing services running by a target host over a TCP connection
scans the host port for the specified range.
Portscanner (graphical scanner software)
relatively fast, but with a single function
X-scan (no need to install green software, support Chinese)
a multi-threaded approach to security vulnerability detection for a specified IP address segment (or stand-alone)
support Plug-in function, provide graphical and command-line operation mode, scan is more comprehensive.
3>. Security vulnerability Attack
security vulnerabilities are hardware, software, protocols in specific implementation and security policy shortcomings, the existence of security vulnerabilities can enable an attacker to access or destroy the system without authorization
examples of security vulnerability attacks:
(1) Windows2000 Chinese Input Method Vulnerability refers to the initial version of the Windows2000, the user installed the Chinese input method, it is easy to enter the Windows2000 system, access to administrator rights, can do what to do, is a very serious vulnerability. Later, Microsoft introduced the corresponding patch to compensate for the vulnerability.
(2) The Windows Remote Desktop vulnerability is a denial of service vulnerability in Microsoft's Remote Desktop Protocol (RDP protocol) that could allow a remote attacker to send a specially crafted RDP message to an affected system to cause the system to stop responding. In addition, the vulnerability could allow an attacker to obtain account information from the Remote Desktop for further attacks.
(3) buffer overflow is a very common, very dangerous loophole, widely exist in various system and application software. This vulnerability could result in program failure, system downtime, system restart, and so on. The so-called buffer overflow means that when the number of data bits filled into the buffer exceeds the capacity of the slow zone itself, there will be an overflow of buffers. When an overflow occurs, the overflow data is overwritten with the legitimate data. Attackers sometimes intentionally write extra-long data into the buffer to allow for a slow-zone overflow attack that can affect the shadow system's normal operation.
(4) There are many vulnerabilities in IIS. For example, an FTP server stack Overflow vulnerability. When an FTP server allows unauthorized users to log in and create a long, specially crafted directory, the vulnerability can be triggered to allow hackers to execute programs or block attacks.
(5) SQL Vulnerability: for example, SQL injection vulnerability, so that the client can submit special code to the database server, so as to collect program and service information, so as to obtain the desired information.
4>. Password Intrusion
password intrusion refers to the behavior of the login target host after illegally acquiring the password of some legitimate users
how to illegally obtain a password:
get passwords through network snooping
get a password by brute force
use management errors to get passwords
5> Trojan Horse program
It hides inside the system, starts with the system, and connects and controls the infected computer without the user's knowledge
The Trojan consists of two parts: the server side and the client
Common Trojan programs:
BO2000
Glacier
Grey Dove
6> e-mail attack
attackers use mail bomb software or CGI programs to send a large amount of repetitive, useless spam messages to the destination mailbox, making the destination mailbox explode and unusable
the manifestation of e-mail attacks:
Mail Bomb
Mail Spoofing
7>. Dos attacks
DOS is all called denial-of-service attacks, it sends a large number of packets to the host in a short time, consumes the host resources, causes system overload or system paralysis, denies normal user access
types of Denial of service attacks:
An attacker makes a connection request from a forged, nonexistent IP address
An attacker consumes all available sessions and prevents normal users from connecting
An attacker instilling a large number of malformed or specially structured packets to the receiver
examples of Dos attacks
Tear drops attack
Pingofdeath
Smurf Attack
syn Overflow
DDoS distributed denial of service attack

Comprehensive interpretation and introduction of Windows network security and common attack methods