Network security is essentially the information security on the network.
Technical aspects are mainly focused on the prevention of external illegal users of the announcement and management is focused on internal human factors management
1, Confidentiality: Information security, that is, information can not be disclosed to non-authorized users.
2, Integrity: The data is not authorized to change the characteristics.
3. Availability: Features that can be accessed by authorized entities and used on demand.
Network security includes physical security , logical Security , operating system security , and networking security .
Threats to network security: 1, password trap 2, crack password 3, algorithm considerations 4, Edit password 5, cable Connection threat (not a physical threat)
What are the unwanted programs? 1, virus 2, Code bomb 3, Trojan Horse 4, update or download
What do network security mechanisms include? 1, the encryption mechanism 2, the access control mechanism 3, the data integrity mechanism 4, the digital signature mechanism 5, the Exchange authentication mechanism
What are the security issues that the digital signature mechanism mainly solves? 1. Denial: The sender does not acknowledge that the document was sent by him 2, forged: Someone has forged a document, but claims that someone sent it. 3, impersonating: Impersonate someone else's identity to send files on the Internet. 4, Tampering: The recipient of unauthorized tampering with the contents of the file.
China computer Information System security level is 5 levels, the highest level is the access authentication protection level.
What are the concepts and differences between vulnerabilities? Vulnerabilities are flaws in hardware, software, or policies that result from poorly designed designs. The vulnerability is unpredictable.
The concept and difference of the backdoor? The backdoor is a universal access password intentionally set by the hardware and software manufacturer in the program for unauthorized access. The back door was deliberately set up by humans.
/etc/passwd password file/etc/shadow affect the password file belongs to the main group other R4 W2 X1
ftp: File Transfer Protocol, the ability to use this protocol to transfer files on a network is called FTP.
A partial security vulnerability in UNIX system, no login IME Vulnerability .
The main function of Active Directory is to authenticate user identity. Windows2000 user authentication uses the Kerberos V5 protocol, the greatest benefit of which is the ability to implement a single registration.
Security Network access features include 1, patch automatic Update, for users to offload 2, the system comes with Internet Connection Firewall 3, closed backdoor does not include the perfect user management.
What are the security policies of windowsxp? 1, general Security protection: When using the system, you still need to install anti-virus software, upgrade the system, prohibit ping. 2, prohibit Remote Assistance, shielding unused ports: On the WindowsXP has a feature called Remote Assistance, which allows users to use the computer in the event of difficulty, the MSN friends to send a Remote Assistance invitation to help the group to solve their own problems. 3, prohibit Terminal Services remote control: Terminal Services is opened by default, that is, if someone knows a user login ID on the computer, and know the computer IP, he can fully control the computer. 4, close the Messenger service. : The Messenger service is a communication component of Microsoft integrated in the WindowsXP system, which is also opened by default. 5, to prevent the IPC default share: Windwosxp after the default installation allows any user through the empty user connection (ipc$) to get all the system account and share list, which is intended to facilitate local area network users to share resources and files, but any one remote user can take advantage of this empty connection to get a list of users. 6, reasonable management administrator:windowsxp the system will automatically create a user named Administrator after installation, he has the highest administrative rights on the computer by default, and many users do not set a password at all when they install it.
S-http is a security-enhanced version of the Hypertext Transfer Protocol used on the web. It is the application layer protocol.
1, the simplest hacker invasion: tcp| IP Sequence Number predictive attack 2, TCP protocol hijacking intrusion 3, sniffing intrusion 4, TCP ACK Storm
IP-level security includes functional domains: Authentication and confidentiality
Class A address: 0.0.0.0-126.255.255.255 Subnet Mask: 255.0.0.0
Class B Address: 128.0.0.0-191.255.255.255 Subnet Mask: 255.255.0.0
Class C Address: 192.0.0.0-223.255.255.255 Subnet Mask: 255.255.255.0
IP Address misappropriation method analysis (not including router isolation): 1, static modification of IP address 2, paired modified Ip-mac address 3, dynamic modification of IP address.
For IP address theft, network security experts use a variety of prevention technology? 1, switch control: The most thorough way to solve the IP address is to use the switch to control, that is, in the tcp| IP the second layer of control 2, router isolation: the use of router isolation method Its main basis is the MAC address as the Ethernet card address the world only can not change. 3, Firewall and proxy server: the use of firewall and proxy server combination, but also can better solve the problem of IP address theft.
A key concept that exists in IP authentication and secrecy mechanisms is the security association
ESP (Sealed Security Payload): ESP supports the confidentiality and data integrity of IP packets. According to user requirements, this mechanism can be used to encrypt the segments of the transport layer, or to encrypt the entire IP packet. The former is called transfer mode ESP, which is called tunnel mode esp.
The ESP in transfer mode is used to encrypt data carried by IP
Tunnel mode ESP is used to encrypt the entire IP packet
What are the network security guidelines? 1, prevent Trojan Horse Security Guideline 2, upgrade the system regularly 3, install Firewall 4, prohibit file sharing.
Web Server is the most exposed server on the Internet
A Web browser is an application that is installed on your hard disk to read Web information on the client.
The HTTP session process consists of four steps: connection, request, reply, shutdown, (not including transport)
On the physical CGI is an executable program that runs on the Web server side
What are some of the types of web security risks that can be broken down into? 1, the Web server information is deciphered 2, the Web files are unauthorized personal access 3, the information is intercepted 4, the system of the bug 5, the program written in CGI script
A security policy is a set of rules and decisions that a person or organization sets for security
Security mechanism is a means or technology to implement security policy
Security of the Web server the most insured measure? 1, the server contains confidential data to convert to NTFS format 2, antivirus program must imply that update 3, while the server and desktop computer installed anti-virus software 4, the good way to protect the network is to limit the user to log on to the network rights 5, access to any data on the network must be logged in with a password.
Cookie:cookie is a simple text file that is stored in a client computer that is associated with a particular Web document and that a user browsing a Web page can store information about the user.
What is the main behavior of malicious code embedded in a Web page or in a downloaded file? 1, wantonly tamper with the title of IE browser. 2, wantonly tamper with the default homepage 3 of IE browser, prohibit Internet option, prevent the pop-up of IE right-click menu or the right-click menu to become gray can not be used, the function of the network is blocked off. 4, prohibit any operation of the system core registry.
A means of web spoofing? 1, e-mail spoofing 2, IP spoofing
Protection against IP spoofing can you take a step? 1, in the local network to add a restriction on the external router, as long as the router set a not allowed to claim to the internal network with the foreign packet through. 2. Note the router connected to the external network to see if it supports the internal interface. 3, through the monitoring of the package to check IP spoofing. 4, install a filtering router to restrict access to the external interface, prohibit with internal resource address package through.
Data Encryption is the conversion of data and information (plaintext) into an unrecognizable form of ciphertext, so that people who should not understand the data and information are not recognized and understood.
A practical cryptosystem must satisfy the following principles: 1, the mutual transformation between plaintext and ciphertext is reversible transformation, and there exists only a reversible transformation with no error, so the mathematical expression D (E (M)) =m must be 2, each cryptographic function and each decryption function can be effectively calculated. 3, the decoder obtains the ciphertext, will not be able to decipher in the effective time the lost K or the clear text p. 4, the password system is a necessary condition for security: Exhaustive key search is not feasible, that is, the key space is very large.
Cryptographic algorithms that require secrecy to achieve security are called restricted algorithms
The role of Data encryption:1, Confidentiality 2, authentication 3, Integrity 4, non-repudiation
Traditional encryption techniques are inherently encrypted using instead of passwords and replacement passwords.
What are some of the simple alternatives to passwords? 1. Shift password 2, multiplier password 3, affine password
Multi-table instead of password use multiple mappings from clear text letters to ciphertext to hide the single-letter frequency distribution
Each mapping is simply a one-to-one mapping in the password, and the Virginia and Beaufort passwords are examples of multiple-table substitution ciphers
The substitution password encryption method does not hide the characters in the original clear text, all he does is to break the order of characters in the clear text according to a certain key, thus achieving the secret effect.
Example: Set plaintext HelloWorld, key is 2357641098, encrypted ciphertext is LLWROOEHDL
Key features of a password at a time? 1. The same key cannot be used to encrypt different plaintext. 2. The length of the key cannot be less than the length of the plaintext, that is, the same key cannot be used to encrypt different parts of the plaintext. 3, so once a secret is the only system capable of providing complete confidentiality.
The disadvantages of symmetric secret technology: 1, unable to achieve digital signature 2, key saving difficulty 3, Key distribution complex
When communicating both sides of a communication using symmetric encryption technology, a key must be contracted, and the process of the contract key is called the distribution key.
The security of symmetric encryption technology relies on the following two factors: 1, the encryption algorithm must be strong enough 2, the security of the encryption method depends on the secret of the key, not the secret of the algorithm.
The biggest problem with symmetric encryption systems is that the distribution and management of keys is complex and expensive.
The allocation and preservation of keys is a big problem. Symmetric encryption algorithm Another drawback is that you do not have to implement a digital signature.
What are the advantages and disadvantages of public key cryptography? 1, Public key algorithm key allocation and management is very simple 2, public key encryption system can also be easily implemented digital signature. 3, the calculation is very complex, his security is higher, but his implementation speed is far less than the symmetric key encryption system.
Symmetric encryption Technology-des algorithm (with 16 iterations)
Des effective Length: Valid key length is only 56 bits (entire 64 bits)
Other symmetric encryption technology 1, IDEA (International Data encryption algorithm) 2, AES (Advanced Data Encryption Standard) 3, RC5
belongs to the public key algorithm: RSA IECC (elliptic curve encryption algorithm)
RSA security relies on the difficulty of decomposing large numbers
Common Message digest algorithms: SHA, MD5, DSA, HMAC
How does the digital signature work, and how to ensure the authenticity of the message and the reliability of the source?
data compression reduces the amount of storage space the data occupies on the storage medium by reducing the redundancy of the data, while the data backup achieves the purpose of protecting the data by increasing the redundancy of the data.
Types of data backup: 1, full backup 2, incremental backup 3, system backup
Data backup plan: Determine the data will be subject to security threats.
Disk Copy Tool Ghost feature data backup
RAID (independent redundant disk array) RAID technology is a large-capacity, fast-response, high-reliability storage subsystem composed of several small hard drives plus a combination of controllers.
The advantages of RAID: 1, high rate 2, can provide fault-tolerant function.
RAID0 non-redundant, non-verified disk array (RAID0 not suitable for mission-critical environments with high reliability requirements, but ideally suited for video production and editing or image editing)
RAID1 mirrored disk array (operating mode belongs to mirror 1)
Characteristics of the virus: 1, infectious 2, destructive 3, concealment 4, latent 5, unpredictability
Type of infection: 1, System-guided virus 2, file-type virus 3, compound virus 4, macro virus
Complex virus: a computer virus with a parasitic mode of guided virus and file type virus is called compound virus
Virus structure: 1, the boot Part 2, the infection Part 3, the manifestation part: is the virus between the most difference part.
What are the characteristics and removal steps of the network virus? 1, the mode of transmission more than 2, the speed of transmission 3, the removal of the difficulty of 4, diffuse surface of 5, destructive strong
Network server-based real-time scanning virus protection technology generally has the following functions? 1, scanning range of 2, real-time online scanning 3, server scan selection 4, automatic reporting and Virus archive 5, workstation Scan 6, the user-opened Virus feature interface.
The degree of safety depends on the cask theory
The most important feature of a virus firewall is real-time
A macro virus is a computer virus that is sent to a macro that exists in a document or template. Once such a document is opened, the macro is executed, and the macro virus is activated, transferred to the computer, and resides on the Normal template.
Word macro virus Features: 1, the data file mode of transmission, concealment good, spread fast, difficult to kill. 2. Making macro viruses and variants on prototype viruses is very convenient. 3, the likelihood of destruction is extremely 4, the macro virus compatibility is not high
CIH virus: A vicious virus that destroys the hardware of a computer system
Ai virus: Is a worm that is propagated through the Microsoft Outlook e-mail system, with the subject of "I Love You", with an attachment (Love-letter-for-you.txt.vbs)
Hackers: Refers to the use of communications software, through the network of illegal access to other people's computer systems, to obtain or tamper with various data, endanger information security intruders or intrusion behavior.
The trend of Hacker's heartbeat? 1, the organization enlargement 2, the action Open 3, the case frequent 4, the situation complication
Attacking other target systems with the resources of the compromised machine is a common way for hackers to hide their tracks .
The attacker first determines the target to be reached before a complete attack is made.
The implementation phase of the attack does Paul have some work to do? 1, access to rights 2, expand the rights 3, the aftermath of work
The average hacker will enter the system more than once after hacking into the system. To make it easier to enter the system next time, hackers often set up backdoors.
Port Scan:
Trojan Horse: By hiding in the computer system a program that will run at startup, the server/client runs in such a way as to control the computer on the Internet.
E-mail attacks are mainly manifested in two ways: 1, email bombing and email Snowball 2, email spoofing
4 Modes of network card: 1 broadcast mode: Network card can accept the broadcast information in Networks 2, multicast mode: can accept multicast Data 3, Normal mode: Only the destination network card can accept the data 4, Promiscuous mode: Can receive all the data through it, regardless of whether the data is passed to it.
A listener to complete the three things: 1, network card open promiscuous Mode 2, capture packet 3, analysis packet
How can I prevent it from being monitored? 1, tracking scanning process 2, reasonable division of the network segment 3, communication data encryption 4, find monitoring host 5, flood test
How do I prevent a scan attack? 1, identify the required port, do not open any redundant port 2, to terminate all unnecessary services on the system 3, apply all the latest system patch 4, the adoption of strict firewall rules 5, high security requirements of the system can also consider the installation of intrusion detection system.
Common attack forms of hackers? 1, buffer overflow 2, denial of service 3, Trojan Horse
Introduction to some Dos attack methods? 1, mail bombs: One of the simplest Dos attacks, it is a short time to a user to send a large number of e-mail, thus consuming a lot of hard disk space. Blocking network bandwidth 2, Flood:flood is a method of Dos attack, the computer with high bandwidth can send a large amount of e-mail, thus consuming a lot of hard disk space, blocking network bandwidth 3, DDos (Distributed denial of service), a special DOS-based denial of service attack, is a distributed, collaborative large-scale attack, mainly aimed at the relatively large site 4, Smurf: A simple and effective Dos attack.
The classification of Trojans: 1, remote control Trojan 2, send a password-type Trojan 3, broken Trojan 4, FTP-type Trojan
Trojan attack Process: 1, the Trojan's spread and camouflage: through e-mail, through the software download, through the interactive script, through the system vulnerability, means (modify icon, error display, bundle files, self-destruction) 2, Trojan run 3, Trojan remote control
Intrusion detection technology: A network security technology that proactively protects itself from attack and can help the system deal with cyber attacks.
Common methods of intrusion detection: 1, Statistical Method 2, expert system 3, State Transfer analysis 4, pattern matching 5, soft computing method
The advantages and disadvantages of packet filtering firewall: 1, the price is low, a filter router can help protect the entire Network 2, packet filtering to the user transparent 3, the impact on the network performance is very small 4, the filter router speed, high efficiency disadvantage: 1, the configuration difficulty 2, for a specific service open port is dangerous, may be used for other transmissions. 3, he does not have the user's use record, thus cannot find the hacker's attack record from the access record.
A proxy server is also often referred to as an application-level firewall
Advantages of the Proxy server: 1, you can specify the control of the connection 2, by restricting the outgoing request of certain protocols, to reduce unnecessary services in the network. 3. Most proxy firewalls can record all connections, including address and duration.
The most basic performance of a firewall? 1, stability 2, flexibility 3, advanced 4, high efficiency and reliability 5, scalability
The simplest way to install a firewall is to use a programmable router as a packet filter
State licensing system for operating Internet Information Services and filing system for non-operating Internet Information Services
The main manifestations of harmful information in the network are: 1. Harmful information in the political field 2, harmful information in the field of ethics 3, harmful information in the field of information Transmission 4 computer virus
BBS (Electronic Bulletin): refers to the internet on the electronic bulletin board, electronic whiteboard, electronic forum, network chat rooms, message boards and other interactive forms for the Internet users to provide information to release the conditions of behavior.
This article is from the "8432943" blog, please be sure to keep this source http://8442943.blog.51cto.com/8432943/1751808
Safety Knowledge points