1. The concept of network security
Network security Definition: The network system hardware, software and data are protected, not accidental and malicious reasons to be damaged, changed and leaked, the system can be continuously normal operation, network services will not terminate
1> network security mainly involves 3 aspects:
Hardware security: That is, to ensure the security of network equipment, such as the network of servers, switches, routers and other equipment security.
Software and data security: to ensure that important data in the network is not stolen and destroyed, the software can run normally, not destroyed.
System normal operation: To ensure the normal operation of the system, the system can not be paralyzed and downtime.
2> Characteristics of network security
Confidentiality: Prevents unauthorized users from accessing data
Integrity: Data is not modified during storage and transmission
Availability: Data is available at all times
Controllability: Data is controllable in the process of transmission
Scalability: Administrators are able to track user action behavior
3> threat of network security
Non-authorized access: unauthorized access to related data
Information disclosure or loss: information leaked or lost during transmission
Corrupted data integrity: Data was modified during transmission
Denial of service attack: by sending a large number of packets to the server, consuming the resources of the server, making the server unable to provide services
Using network to spread computer virus
2. Common methods of network attack
Port scans, security exploits, password intrusions, trojan programs, email attacks, Dos attacks
1> Port scan:
Port scanning lets you know which services and ports are opened by the scanned computer to discover its weaknesses, can be scanned manually, or scanned using port scanning software
2> port scanning software
Superscan (Integrated scanner)
Main function:
Detecting whether the host is online
Mutual conversion between IP address and host name
Probing the services running by a target host over a TCP connection
Scans the specified range of host ports.
Portscanner (graphical scanner software)
Relatively fast, but with a relatively simple function
X-scan (no need to install green software, support Chinese)
Multi-threaded approach to the specified IP address segment (or stand-alone) for security vulnerability detection
Support plug-in function, provide graphical and command line operation, scanning more comprehensive.
3> security vulnerability attack
A security vulnerability is a flaw in the implementation and security policies of hardware, software, and protocols, and the presence of vulnerabilities can enable an attacker to access or destroy a system without authorization.
Security vulnerability Attack instance:
(1) Windows2000 Chinese Input Method vulnerability refers to the original version of Windows2000, the user installed the Chinese input method, you can easily enter the Windows2000 system, access to administrator rights, can perform what operation, is very serious loophole. Later, Microsoft introduced the corresponding patch to make up for the flaw.
(2) Windows Remote Desktop Vulnerability is a denial of service vulnerability in Microsoft's Remote Desktop Protocol (RDP protocol) that allows a remote attacker to send a specially crafted RDP message to the affected system to cause the system to stop responding. In addition, the vulnerability could cause an attacker to gain account information for remote desktops and help further attack.
(3) Buffer overflow is a very common and very dangerous loophole, which is widely existed in various systems and application software. This vulnerability can lead to program failure, system downtime, system restart, and other consequences. A buffer overflow is an overflow that occurs when the number of bits of data that is populated in a buffer exceeds the capacity of the easing area itself. When an overflow occurs, the overflow data is overwritten on the legitimate data. Attackers sometimes intentionally write extra long data into the buffer, which can affect the operation of the shadow system in a slow-condition overflow attack.
(4) There are many vulnerabilities in IIS. For example, an FTP server stack Overflow vulnerability. When an FTP server allows unauthorized users to log in and create a long and specially crafted directory, it can trigger the vulnerability by allowing hackers to execute programs or block attacks.
(5) SQL vulnerabilities: such as SQL injection vulnerabilities, so that clients can submit special code to the database server to collect information about the program and services to obtain the desired information.
4> password intrusion
Password intrusion refers to the behavior of the target host to execute the attack after illegally acquiring the password of some legitimate users.
How to get passwords illegally:
Get password over network listening
Get the password through brute force
Use management error to get password
5> Trojan Horse Program
It is hidden inside the system and starts with system startup, connecting and controlling the infected computer without the user's knowledge
The Trojan is made up of two parts: the server side and the client
Common Trojan Program:
BO2000
Ice
Gray Pigeon
6> e-mail attack
Attackers use mail bomb software or CGI programs to send a large amount of repetitive, unwanted spam messages to the destination mailbox, which causes the destination mailbox to explode and be unusable
The manifestation of an e-mail attack:
Mail bombs
Mail spoofing
7>. Dos attack
DOS is called a denial of service attack, it sends a large number of packets to the host in a short time, consumes the host resources, causes system overload or system paralysis, denies the normal user access
Type of denial of service attack:
An attacker issues a connection request from a forged, non-existent IP address
The attacker occupies all available sessions and blocks normal user connections
An attacker instilling a large number of errors or specially structured packets into the receiver
Examples of Dos attacks
Tear attack
Pingofdeath
Smurf attack
Syn Overflow
DDoS distributed denial of service attack