Network Security Note 1

I. Basic network security knowledge

1. network security means that the hardware and software of the network system and the data in the system are protected, and the system runs reliably and normally without accidental or malicious reasons.

2. Five features of Network Security: 1) Confidentiality 2) Integrity 3) Availability 4) controllability 5) Non-Repudiation

3. Security Threats: 1) physical threats 2) Transmission Line threats 3) Identity Authentication threats 4) System Vulnerability threats 5) Harmful program threats

4. Services related to network security: 1) Identity Authentication 2) Access Control 3) Data Confidentiality 4) Data Integrity 5) undeniable

5. Five threats to network communication: 1) Interception (eavesdropping) 2) tampering 3) Forgery 4) Interruption 5) dial-up Internet access
Interception is a passive attack, and others are active attacks.

Ii. Data encryption mechanism

1. Password technology is the core technology of information security.

2. Traditional password technology: 1) password replacement 2) Change Password

3. modern cryptographic system: 1) symmetric key cryptography system 2) public key cryptography system (asymmetric key cryptography system) 3) hybrid key cryptography system

4. symmetric key cryptography: The keys used during encryption and decryption are the same. The main algorithm is des. The key is confidential.

5. public Key and password system: the encryption key is public and called a public key (PK). The decryption key is not public and is called a private key (SK ), the private key is determined by the public key, but the public key cannot be released. The main algorithm standard is RSA. Encryption operations and encryption operations can be reversed.

6. symmetric cryptography is applicable to Big Data Encryption, public key systems are slow, not big data encryption, and key distribution.

Iii. Digital Signature)

1. Digital signatures ensure the following three points: 1) Verifiable 2) tamper-resistant and forged 3) undeniable

2. Concept of Message Authentication: Many network applications do not need to transmit encrypted plaintext, but the recipient must be able to identify the authenticity of the message. Message Digest is widely used.

3. Message Digest algorithm: it is a one-way hash function to prevent malicious tampering of packets. It is unidirectional and cannot be inferred from the message digest.

4. message authentication code (MAC): a function of message and key.

5. Widely used message digest algorithms: MD5 and Sha. Sha message digest is longer than MD5, but safer than MD5.

Iv. identity authentication and key distribution

1. Key Distribution Center (kdc): generates a distribution key for both parties.

2. symmetric key-based authentication

3. Public Key Authentication and Key Distribution

4. Public Key Infrastructure (PKI)

5. Certificate Authority (CA)

5. Firewall

1. Firewall: a firewall consists of software and hardware. It is a specially programmed router used to execute control policies between two networks.

2. Basic components: Packet Filtering Firewall and application-level gateway

3. packet filtering Firewall: filters out non-conforming data packets based on packet filtering information.

4. Status detection Firewall

5. Application and Gateway: Multi-Point HOST: a host with multiple Nic interfaces is called a gateway. An application-level gateway is equivalent to a wall.

6. application proxy: The application proxy is another form of application gateway, which is equivalent to the buffer.

Vi. network security technology

1. IP layer security technology: IPSec System

2. Transport Layer Security Technology: Secure Socket Layer Protocol (Secure Socket Layer, SSL)

3. Application Layer Security Technology: Secure Email, secure e-commerce, WWW Standard

See: http://wenku.baidu.com/view/aa0917f34693daef5ef73da6.html ###