Network Security Manual <3>

Article Title: Network Security Manual 3. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
4. Other networks
　　
　　
　　
(1) remote job Logon)
The remote job entry system provides a set of programs and corresponding hardware, allowing UNIX systems to communicate with JES on IBM hosts. you can use the send and usend commands to access volume E. the send command is a common job provider of ipve. It will provide files to JES, just as these job files are "punched cards" read from card readers. the usend command is used to transfer files between UNIX systems that use the ipve system. It creates a "job" (a virtualized stacked card ), and provide the job to JES in the same way as the send command. the control card in the stacked job card tells the JES where the data is transferred (here, the data is a file being transferred ). the destination of file transfer is UNIX, but JES considers it a "Row printer ". the ipve system usually communicates with JES at a rate of 9600 bits per second. the syntax of a typical usend command is as follows:
Usend-d system-u login file (s)
System is another UNIX system name mounted to ibm jes, login is the login name of the receiving user on another system, and file (s) is the file that the user wants to transmit.
Several security questions about ipve:
. RJE transfers the file to the rje directory in the HOME directory of the recipient. this directory must be writable to other people and executable. This means that the files stored in the "rje" directory are easy to check, move, and modify. however, if the permission for this directory is 733, other users cannot use the ls column directory to find files of interest. the created file is readable to the owner, group, or others. Therefore, the security files transmitted through the ipve network are readable on the system. why are these problems different from the UCP and/usr/uucppublic directories? * UCP regularly clears the content in the/usr/spool/uucppublic directory. The old files a few days ago or a few weeks ago will be deleted. Generally, you will remove your files from the uucppublic directory, in this case, files are not deleted, but the files in the "cmde" directory are not cleared. Therefore, some users never move their files to other directories.
* The uucppublic directory is a public directory. Before storing important information, you must encrypt it. however, it is easy for users to forget that their javase directory is actually a public directory and often forgets to encrypt important files.
. The usend command creates a file in a directory that can be written by another user and overwrites the file that can be written by another user .. the javase service subroutine is used to execute some functions rather than performing file transfer. the ipve system also executes remote commands like UUCP. Most systems running ipve use remote commands to send emails. because the transfer rate of ipve is usually higher than that of UUCP. unfortunately, javase does not have the ability to restrict executable commands and accessible files like UUCP. A good experience is to connect to a group of systems in the same JES, and think that these systems are on the same system.
　　
　　
　　
(2) NSC Network System
The NSC (network systems corporation) wide channel network is a high-speed local area network (LAN ). NSC can connect thousands of systems with a maximum distance of 5000 feet, with a transmission rate of up to 50 MBIT/S. NSC can also connect different systems through communications such as microwave or satellite lines.
UNIX users can use the nusend command to access the NSC wide channel. the syntax of the nusend command is the same as that of the usend command. In most cases, apart from using the-c option to send files that are not accessible to others, the usage of nusend is the same as that of usend. In other words, if the-c option is not available, the file is readable, and all directories listed in the file path name are searchable to others, the considerations about the security of ipve discussed earlier are also suitable for NSC networks.
You can view the NSC record file to see if NSC is executing any commands that should not be executed. record files are stored in the/usr/nsc/log directory. the following command prints all the commands executed by NSC on the system (except rmail ):
Grep execute/usr/nsc/log/LOGFILE | grep-v rmail
　　
　　
　　
5. Communication Security
There are two ways to provide secure communication: the first is to ensure the physical security of the transmission media, even if no one can connect their own passwords or "eavesdropping" on the transmission media ", the second method is to encrypt important data.
　　
　　
　　
(1) physical security
If all systems are locked in the same room, and all networks connected to the system and terminals connected to the system are locked in the same room, the communication is as secure as the system (assuming there is no MODEM ). however, a problem occurs when the system's communication lines are locked out. although the technology required to extract information from a network communication line is several orders of magnitude higher than the technology used to obtain data from a terminal communication line, the above problems also occur on the network connection.
The physical security of communication can be achieved through a simple (but expensive) high-tech pressurized cable. this technology was developed several years ago for the US national telephone system. the communication cable is sealed in plastic, buried in the ground, and pressurized at both ends of the line. an invigilator with an alarm is connected online to measure the pressure.
If the pressure drops, it means the cable may be broken, and the repair personnel will be dispatched to find and fix the problematic cable.
The cable pressurization technology provides secure communication lines. instead of laying cables underground, cables are laid in the whole building, and each inch of cables are exposed. if anyone tries to cut the cable, the invigilator starts an alarm and notifies the security personnel that the cable has been damaged. if anyone successfully connects their own communication lines to the cable, the security personnel should regularly check the total length of the cable and should be able to find the cable splicing position. pressurized cables are shielded in corrugated aluminum steel foreskin, so there is almost no electromagnetic emission. If you want to use electromagnetic induction to steal the secret, it is necessary to use a large number of visible equipment. in this way, the terminal does not need to be locked in the office, but the terminal head of the security cable is locked in a box in the office.
Another method to increase physical security of external terminals is to disconnect the terminals at five o'clock P.M. every day when all users go home. in this way, if someone wants to access the system illegally, they will have to try to obtain the terminal access right in the daytime when people come and go back, you may have to try to intrude into the computer room at five o'clock P.M. (if there are operators or security personnel in the computer room after, the attempt to intrude into the computer room will not succeed ).
Fiber optic communication lines were once considered not to be eavesdropped, and their disconnections can be detected immediately. The transmission of splicing lines will be unbearable. the optical fiber has no electromagnetic radiation, so it cannot use magnetic induction for password theft. unfortunately, the maximum length of the optical fiber is limited. The optical fiber system longer than this length must regularly zoom in (copy) the signal. in this case, the signal needs to be converted into an electric pulse, and then restored to an optical pulse, and then transmitted through another line. the device (replicaset) That completes this operation is a weak security link in the optical fiber communication system, because the signal may be intercepted by a wire. there are two ways to solve this problem: Do not use fiber-optic lines to communicate between systems with a distance greater than the maximum length limit (currently, the network coverage is about 100 km ), or enhance the safety of the replicator (using pressurized cables, alarm systems, guards ).
　　
　　
　　
(2) Encryption
Encryption can also improve the physical security of terminal and network communication. There are three methods to encrypt data transmission :. link encryption: encryption is performed between nodes in the network. encryption is performed between nodes and decrypted after being transmitted to the node. Different Nodes use different passwords .. node encryption: similar to link encryption, the difference is that when data is transmitted between nodes
Format transfer, but uses special encryption hardware for decryption and re-encryption. This dedicated hardware is usually rotated in a safe deposit box.
. Encryption at the beginning and end: encrypts the data that enters the network, and then decrypts the data after it is transmitted from the network. the network itself does not know that the data being transmitted is encrypted. the advantage of this method is that each user on the Network (usually one user on each machine) can have different encryption keywords, and the network itself does not need to add any specialized encryption devices. the disadvantage is that each system must have an encryption device and corresponding software (manage encryption keywords ). or each system must complete the encryption work by itself.
(When the data transmission rate is calculated in bytes/Second, the computing workload of the encryption task is large ).
Terminal Data encryption is a special case. In this case, the link encryption method is the same as the first and last encryption method. Both the terminal and computer are nodes and termination endpoints.
Communication Data Encryption is often different from file encryption. The encryption method should not reduce the data transmission speed. lost or distorted data should not lead to the loss of more data bits, that is, the decryption process should be able to repair bad data, the entire file or login cannot be incorrectly decrypted due to bad data. for a login session, one byte must be encrypted at a time, especially in the case of a UNIX system, the system needs to encrypt one byte at a time to return the word to the user. in the network, each chain may need different encryption keywords, which raises the issue of managing, allocating, and replacing encryption keywords.
Generally, DES transmits data by block in the form of a proxy password, which cannot meet many of the above requirements. DES uses another encryption method to encrypt one or one byte at a time to form a password stream. the password stream has the characteristics of self-synchronization. Errors and data loss in the sent Password text will only affect a short segment of the final plaintext (64-bit ). this is called password feedback. in this method, DES is used as a virtual random number generator to generate a series of random numbers used for plaintext. each n-bit of the plaintext is different from the encrypted output number of a DESn. The value of n is 1-64, the input of DES encryption is a 64-bit value based on the Password text transmitted in the front.
When the value of n is 1, the encryption method is self-synchronous: After one bit is wrong or one bit is lost, the 64-bit Password text cannot be correctly decrypted, because the incorrect encryption value will be moved to the end of DES input. however, once the correct 64-bit password is received, the decryption continues correctly because the DES encryption and decryption inputs are synchronized.
The initial input of DES is called a seed. It is a random number simultaneously recognized by the transmitter and receiver. generally, the seed is selected by one party and sent to the other before encryption. encryption keywords cannot be transmitted over the network in plaintext format. When the encryption system powers up, encryption keywords are written on both sides, and the encryption keywords remain unchanged during many stages, you can select a phase keyword encrypted by the primary keyword and send it to the other end of the data transmission. When the phase ends, the phase keyword will no longer be used. the main keywords are invisible to users. The system administrator regularly changes the key management method, which is usually determined by the hardware used. if the encrypted hardware has the corresponding device, it is irrelevant to use the seed or primary keyword.
　　
　　
　　
(3) user Identity Authentication
Password is only one way to identify a user. There are actually many methods that can be used to identify the user .. call back modem: the device that maintains the valid user table and corresponding phone number of the system. when a user calls the system by dialing, the call back modem obtains the user's login account header, suspends, and then calls the user's terminal. the advantage of this method is that only the phone number stored in MODEM is restricted to system users, so that illegal intruders cannot call the system and log on from their homes, the disadvantage of this method is that it limits the user's flexibility and still requires a password, because the MODEM cannot uniquely identify the user from where the user sends the call.
. Mark Recognition: the mark is the physical implementation of the password. Many mark recognition systems use some form of card (such as a credit card with a magnetic stripe on the back), which contains an encoded random number. the card is read by the reader connected to the terminal. You do not need to enter the password again. to increase security, some systems require reading cards and typing passwords. some card encoding methods make the encoding difficult to copy. the advantage of tag recognition is that the tag can be random and must be longer than the password. the disadvantage is that each user must carry