The security of the database why focus on the network system

With the development of Internet, more and more companies are transferring their core business to the Internet, and various web-based database application systems have sprung up to provide various information services for network users. It can be said that the network system is the external environment and foundation of database application, the database system should play its powerful role without the support of network system, users of database system (such as remote users, distributed users) also have to access the data of the database through the network. The security of network system is the first barrier of database security, and the external intrusion starts from the intrusion network system first. Network intrusion attempts to destroy the integrity of information systems, confidentiality, or the collection of any network activity that can be trusted, with the following characteristics:

A. Geographical and temporal constraints, and attacks across national borders are as convenient as they are on the ground;

B. Attacks through the network are often mixed in a large number of normal network activities, concealment strong;

C. The means of intrusion are more covert and complex.

There are several types of threats facing the open environment of computer network system: (a) deception (masquerade); b) Replay (c) Message modification (modification of messages); d) Denial of service (deny); E Trap Gate (trapdoor); f) Trojan Horse (Trojan Horse), g) attack such as Turner Attack (tunneling Attack), application software attack, etc. These security threats are omnipresent and ubiquitous, so effective measures must be taken to ensure the safety of the system.

From the technical point of view, the network system level of security protection technology has many kinds, can be divided into firewalls, intrusion detection, cooperative intrusion detection technology.

(1) firewall. Firewall is one of the most widely used prevention techniques. As the first line of defense of the system, its main role is to monitor the access channel between the trusted and untrusted networks, to form a protective barrier between the internal and external networks, to intercept illegal access from the outside and to prevent internal information from leaking out, but it cannot block illegal operations from within the network. It is based on predetermined rules to determine whether to intercept the flow of information, but can not dynamically identify or adjust the rules adaptively, so the degree of intelligence is limited. There are three types of firewall technology: Packet filter (packet filter), Agent (proxy) and state analysis (stateful inspection). Modern firewall products are often mixed with these technologies.

(2) Intrusion detection. Intrusion detection (ids--instrusion detection System) is a kind of precaution technology developed in recent years, which combines statistical technique, rule method, network communication technology, artificial intelligence, cryptography, inference and so on. Its role is to monitor whether the network and computer systems appear to be invaded or abused by the signs. The IDs system has become an important part of the security defense system for the first time in 1987, Derothy Denning the idea of intrusion detection, and it has been developed and perfected as a standard solution to monitor and identify attacks.

The analysis technique used in intrusion detection can be divided into three categories: signature, statistic and data integrity analysis.

① Signature Analysis method. Primarily used to monitor the behavior of attacks on known weaknesses of the system. People generalize their signatures from attack patterns and write them into the IDS system code. Signature analysis is actually a template matching operation.

② statistical analysis method. Based on the theory of statistics, the action pattern observed under the normal use of system is used to judge whether an action deviates from the normal orbit.

③ data Integrity analysis method. Based on the theory of cryptography, you can verify that documents or objects have been modified by others.

The types of IDs include network-based and host-based intrusion detection systems, feature-based and non-normal intrusion monitoring systems, real-time and non-real-time intrusion detection systems, and so on.

(3) Cooperative intrusion detection technology

The independent intrusion monitoring system can not effectively monitor and respond to all kinds of intrusion activities, and in order to make up for the insufficiency of independent operation, the idea of cooperative intrusion monitoring system is put forward. In the cooperative intrusion monitoring system, IDS is based on a uniform specification, the intrusion monitoring components automatically exchange information, and through the exchange of information to get the effective intrusion monitoring, can be applied to different network environment.