Key Technologies of network security

Source: Internet
Author: User
Tags firewall
1. Firewall technology

"Firewall" is a kind of image, in fact, it is a combination of computer hardware and software, so that the Internet and the intranet to establish a security gateway (Scurity Gateway), while protecting the intranet from the intrusion of illegal users. The so-called firewall is a barrier that separates the Internet from the intranet.

Firewalls are available in two categories, standard firewalls, and two-home gateways. The standard firewall system includes a UNIX workstation that buffers each router at each end of the workstation. One of the routers interfaces is the external world, the public network, and the other connects the intranet. Standard firewalls use specialized software and require a higher level of management, and there is a certain delay in information transmission. The double gateway (dual home gateway) is a standard firewall extension, also known as the Fortress Host (Bation host) or Application layer Gateway (Applications layer Gateway), it is a single system, but it can complete all the functions of the standard firewall. The advantage is that it can run more complex applications while preventing any direct frontier between the Internet and the internal system, ensuring that packets cannot reach the internal network directly from the external network, and vice versa.

With the progress of firewall technology, the two-home gateway has evolved two kinds of firewall configuration, one is covert host Gateway, the other is hidden intelligent gateway (hidden subnet). A hidden host gateway is a common firewall configuration at the moment. As the name suggests, this configuration on the one hand to covert routers, on the other hand, the Internet and the intranet to install a bastion host. The bastion host is installed on the intranet, which makes the bastion host the only system to communicate with the Internet through the configuration of the router. The most complex and secure-level firewall at the moment is the hidden intelligent Gateway, which hides the gateway behind the public system and makes it vulnerable to direct attacks. The Hidden Intelligent gateway provides almost transparent access to the Internet service while preventing unauthorized access to the private network by an externally authorized visitor. Generally speaking, this kind of firewall is the most not easy to be destroyed.

2. Data encryption Technology

The security technology used in conjunction with the firewall and data encryption technology is one of the main technical means to improve the security and confidentiality of information system and data, and to prevent the secret data from being broken by the outside. With the development of information technology, the network security and information secrecy are becoming more and more concerned by people. At present, in addition to strengthening the security of data from the legal and administrative aspects, we take measures in both software and hardware to promote the development of data encryption technology and physical prevention technology. According to different functions, data encryption technology is divided into four kinds, such as data transmission, storage, data integrality identification and key management technology.

(1) Data transmission encryption technology

The purpose is to encrypt the data stream in the transmission, the common policy is line encryption and end-end encryption. The former focuses on the circuit and does not consider the source and the host, is to the confidential information through each line using different encryption key to provide security protection. The latter means that the information is automatically encrypted by the sender and entered into the TCP/IP packet back, then as unreadable and unrecognized data across the Internet, when the information once arrived at the destination, will be automatically reorganized, decrypted, become readable data.

(2) Data storage encryption technology

The purpose is to prevent the data on the storage link compromised, can be divided into ciphertext storage and access control two kinds. The former is usually through encryption algorithm conversion, additional password, encryption module and other methods to achieve, the latter is the user qualification, the limits of the review and restrictions to prevent illegal users access to data or legitimate users unauthorized access to data.

(3) Data Integrity Identification technology

The purpose is to transfer the information involved, access, processing of the identity and related data content to verify, to achieve the requirements of confidentiality, generally including passwords, keys, identity, data and other items of identification, the system through the comparison of the validation of the object input of the characteristics of the parameters to meet the pre-set parameter, to achieve data security protection.

(4) Key Management technology

For the convenience of data use, data encryption is the key application in many situations, so the key is often the main object of secrecy and spy. The media of the key are: Magnetic card, tape, disk, semiconductor memory and so on. Key management techniques include the creation of key, the allocation of storage, replacement and destruction of the security measures on all aspects.

3. Smart card Technology

Another technology that is closely related to data encryption is smart card technology. A smart card is a medium for a key, usually like a credit card, held by an authorized user and assigned to it by the user with a password or cipher word. This password is consistent with the password registered on the Internal network server. When passwords and identity features are used together, the confidentiality of smart cards can be quite effective.

Network security and data protection to achieve a number of preventive measures have a certain limit, not the more secure the more reliable. Therefore, to see whether an intranet is safe not only to examine its means, but more importantly to the network to take various measures, including not only physical prevention, as well as the quality of personnel and other "soft" factors, to carry out a comprehensive assessment, so as to obtain the safety of the conclusion.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.