Introduction to Windows network security and interpretation of common network attack methods

1. The concept of network security

Network security Definition: The network system hardware, software and data are protected, not accidental and malicious reasons to be damaged, changed and leaked, the system can be continuously normal operation, network services will not terminate

1> network security mainly involves 3 aspects:

Hardware security: That is, to ensure the security of network equipment, such as the network of servers, switches, routers and other equipment security.

Software and data security: to ensure that important data in the network is not stolen and destroyed, the software can run normally, not destroyed.

System normal operation: To ensure the normal operation of the system, the system can not be paralyzed and downtime.

2> Characteristics of network security

Confidentiality: Prevents unauthorized users from accessing data

Integrity: Data is not modified during storage and transmission

Availability: Data is available at all times

Controllability: Data is controllable in the process of transmission

Scalability: Administrators are able to track user action behavior

3> threat of network security

Non-authorized access: unauthorized access to related data

Information disclosure or loss: information leaked or lost during transmission

Corrupted data integrity: Data was modified during transmission

Denial of service attack: by sending a large number of packets to the server, consuming the resources of the server, making the server unable to provide services

Using network to spread computer virus

2. Common methods of network attack

Port scans, security exploits, password intrusions, trojan programs, email attacks, Dos attacks

1> Port scan:

Port scanning lets you know which services and ports are opened by the scanned computer to discover its weaknesses, can be scanned manually, or scanned using port scanning software

2> port scanning software

Superscan (Integrated scanner)

Main function:

Detecting whether the host is online

Mutual conversion between IP address and host name

Probing the services running by a target host over a TCP connection

Scans the specified range of host ports.

Portscanner (graphical scanner software)

Relatively fast, but with a relatively simple function

X-scan (no need to install green software, support Chinese)

Multi-threaded approach to the specified IP address segment (or stand-alone) for security vulnerability detection

Support plug-in function, provide graphical and command line operation, scanning more comprehensive.

3> security vulnerability attack

A security vulnerability is a flaw in the implementation and security policies of hardware, software, and protocols, and the presence of vulnerabilities can enable an attacker to access or destroy a system without authorization.

Security vulnerability Attack instance:

(1) Windows2000 Chinese Input Method vulnerability refers to the original version of Windows2000, the user installed the Chinese input method, you can easily enter the Windows2000 system, access to administrator rights, can perform what operation, is very serious loophole. Later, Microsoft introduced the corresponding patch to make up for the flaw.

(2) Windows Remote Desktop Vulnerability is a denial of service vulnerability in Microsoft's Remote Desktop Protocol (RDP protocol) that allows a remote attacker to send a specially crafted RDP message to the affected system to cause the system to stop responding. In addition, the vulnerability could cause an attacker to gain account information for remote desktops and help further attack.

(3) Buffer overflow is a very common and very dangerous loophole, which is widely existed in various systems and application software. This vulnerability can lead to program failure, system downtime, system restart, and other consequences. A buffer overflow is an overflow that occurs when the number of bits of data that is populated in a buffer exceeds the capacity of the easing area itself. When an overflow occurs, the overflow data is overwritten on the legitimate data. Attackers sometimes intentionally write extra long data into the buffer, which can affect the operation of the shadow system in a slow-condition overflow attack.

(4) There are many vulnerabilities in IIS. For example, an FTP server stack Overflow vulnerability. When an FTP server allows unauthorized users to log in and create a long and specially crafted directory, it can trigger the vulnerability by allowing hackers to execute programs or block attacks.

(5) SQL vulnerabilities: such as SQL injection vulnerabilities, so that clients can submit special code to the database server to collect information about the program and services to obtain the desired information.

4> password intrusion

Password intrusion refers to the behavior of the target host to execute the attack after illegally acquiring the password of some legitimate users.

How to get passwords illegally:

Get password over network listening

Get the password through brute force

Use management error to get password

5> Trojan Horse Program

It is hidden inside the system and starts with system startup, connecting and controlling the infected computer without the user's knowledge

The Trojan is made up of two parts: the server side and the client

Common Trojan Program:

BO2000

Ice

Gray Pigeon

6> e-mail attack

Attackers use mail bomb software or CGI programs to send a large amount of repetitive, unwanted spam messages to the destination mailbox, which causes the destination mailbox to explode and be unusable

The manifestation of an e-mail attack:

Mail bombs

Mail spoofing

7>. Dos attack

DOS is called a denial of service attack, it sends a large number of packets to the host in a short time, consumes the host resources, causes system overload or system paralysis, denies the normal user access

Type of denial of service attack:

An attacker issues a connection request from a forged, non-existent IP address

The attacker occupies all available sessions and blocks normal user connections

An attacker instilling a large number of errors or specially structured packets into the receiver

Examples of Dos attacks

Tear attack

Pingofdeath

Smurf attack

Syn Overflow

DDoS distributed denial of service attack