Want to be at least 16 questions to understand the security tutorial

Q: What is network security?
A: Network security refers to the network system hardware, software and its system data is protected, not accidental or malicious reasons to be destroyed, change, leakage, the system can be continuously @@ 正常 operation, network services are not interrupted.
Q: What is a computer virus?
A: Computer virus (Computer Virus) refers to a set of computer instructions or program codes that are inserted by the creator in a computer program to disrupt the computer's function or destroy the data, affect the computer's use, and reproduce itself.
Q: What is a Trojan horse?
A: Trojan Horse is a kind of remote control software with malicious nature. Trojans are generally divided into clients (client) and server-side (server-based). The client is the console of the various commands that are used locally, and the server side is run for others, and only the computers running the server side can be fully controlled. Trojans do not infect files like viruses do.
Q: What is a firewall? How does it ensure that the network is secure?
A: Using a firewall (Firewall) is a way to ensure network security. A firewall is a combination of components set up between different networks, such as trusted enterprise intranets and untrusted public networks, or a network security domain. It is the only access to information between different network or network security domains, which can control (permit, reject, monitor) the traffic flow of the network according to the security policy of the enterprise, and has strong ability of resisting attack. It is the infrastructure that provides information security services and realizes network and information security.
Q: What is the back door? Why is there a back door?
A: Backdoor (back Door) is a way to get access to programs or systems by bypassing security controls. In the software development phase, programmers often create a backdoor inside the software so that bugs in the program can be modified. If the back door is known to others, or is not removed before the software is released, it becomes a security risk.
Q: What does intrusion detection mean? ﹖
A: intrusion detection is a reasonable complement of firewalls, help the system to deal with network attacks, extend the security management capabilities of system administrators (including security audits, monitoring, attack identification and response), improve the integrity of the information security infrastructure. It collects information from a number of key points in the computer network system and analyzes the information to see if there are any violations of security policies and signs of attack.
Q: What does packet monitoring mean?
A: Packet monitoring can be considered an equivalent of tapping telephone lines in the computer network. When someone is "listening" to a network, they are actually reading and interpreting packets sent over the network. If you need to send an email or request to download a webpage on the Internet, these operations will make the data pass through many computers between you and the data destination. The computers that pass the message can see the data you send, and the packet monitoring tool allows someone to intercept the data and view it.
Q: What is NIDs?
A: NIDs is the abbreviation of network intrusion detection system, namely network intrusion detection systems, mainly used to detect hacker or cracker intrusion behavior over the network. The NIDs operates in two ways, running on the target host to monitor its own communication information, and running on a separate machine to monitor communication information for all network devices, such as hub and router.
Q: What is a SYN package?
A: The first packet of a TCP connection, a very small packet. SYN attacks include a large number of such packages that cannot be processed effectively because they appear to come from sites that do not actually exist.
Q: What does encryption mean?
A: Encryption technology is the most commonly used security methods, the use of technical means to the important data into garbled (encrypted) transmission, arrived at the destination and then use the same or different means to restore (decryption).
Cryptography consists of two elements: an algorithm and a key. An algorithm is an algorithm that combines ordinary information or understandable information with a string of numbers (keys) to produce incomprehensible ciphertext, a key that is used to encode and decrypt data. In the security secrecy, the information communication security of the network can be ensured by appropriate key encryption technology and management mechanism.
Q: What is a worm?
A: Worm comes from the first virus that spreads over the network. In 1988, Robert Morris, a 22-Year-old graduate student at Cornell University, sent a virus specifically designed to attack Unix system flaws, known as Worm (Robert Morris). The worm caused 6,000 systems to be paralyzed, with an estimated loss of 2 million to 60 million dollars. Due to the birth of the worm, a Computer Emergency response Team (CERT) was set up online. Now the worm family has grown to tens of thousands, and the millions of worms are mostly from hackers.
Q: What is an operating system virus? What's the harm of it?
A: The virus will use its own program to join the operating system or replace part of the operating system to work, is very destructive, can cause the entire system paralysis. And because of the infection of the operating system, the virus will use its own program fragments to replace the operating system's legitimate program modules when running. The operating system is destroyed according to the characteristics of the virus and the status and function of the legitimate program module in the operating system, and the substitution mode of the virus instead of the operating system. At the same time, the virus is also very strong in the system of file infection.
Q: What does the Morris worm mean?
A: It was written by Roth Morris, a first-year graduate student at Cornell University in the United States. This program only 99 lines, using the shortcomings of the UNIX system, using finger command to check the list of online users, and then decipher the user password, with mail system copy, spread its own source program, and then compile the generated code.
The original web worm was designed to "wander" between computers without causing any damage when the network was idle. When a machine is overloaded, the program can "borrow resources" from the idle computer to achieve Network Load balancing. The Morris worm is not "borrowing resources," but "exhausting all resources."
Q: What is DDoS? What consequences will it cause?
A: DDoS is also a distributed denial of service attack. It uses the same approach as an ordinary denial of service attack, but the source of the attack is multiple. Typically, an attacker uses a downloaded tool to penetrate an unprotected host, and after obtaining the appropriate access rights for that host, the attacker installs the software's services or processes (hereinafter referred to as proxies) in the host. These agents remain asleep until they get instructions from their main control to initiate a denial-of-service attack on the specified target. With the widespread use of powerful hacker tools, distributed denial of service attacks can launch thousands of simultaneous attacks on one target. The power of a single denial-of-service attack may have no effect on a wide-bandwidth site, while thousands of of attacks across the globe can have fatal consequences.
Q: What is the ARP attack inside the LAN?
A: The basic function of the ARP protocol is to inquire the MAC address of the target device through the IP address of the target device, so as to ensure the communication.
Based on the ARP protocol of this work characteristics, hackers to the other computer to send a fraudulent nature of the ARP packet, the packet contains a duplicate of the current device MAC address, so that the other in response to the message, due to a simple address repeat error caused by the normal network communication. In general, there are two symptoms of a computer that is attacked by an ARP attack:
1. The dialog box that pops up "XXX segment of this machine is on the address of the XXX section of the network and the address of the section in the net."
2. The computer can not be normal Internet, the symptoms of network interruption.
Because this attack is to use ARP Request message "deceive", so the firewall will be mistaken for the normal request packet, do not intercept. So it's hard for ordinary firewalls to withstand this attack.
Q: What is a deception attack and what is its attack mode?
A: The technology of network deception mainly includes: honeypot and distributed honeypot, deception space technology and so on. The main methods are: IP spoofing, ARP spoofing, DNS spoofing, Web spoofing, e-mail spoofing, source routing spoofing (by specifying a route, legally communicating with other hosts with a fake identity or sending false text, causing an attack host to act incorrectly), address spoofing (including forgery of the source address and forgery of intermediate sites), etc.