What hackers must know

Q: What is network security?

A: Network security refers to the network system hardware, software and its system of data is protected, not because of accidental or malicious causes of damage, change, leakage, the system can be run reliably and normally, network services are not interrupted.

Q: What is a computer virus?

A: Computer virus (computer Virus) refers to the computer program that the user inserted in the destruction of the computer function or destroy the data, affecting the use of the computer and can be self-replicating a set of computer instructions or program code.

Q: What is a Trojan horse?

A: Trojan Horse is a kind of remote control software with malicious nature. Trojans are generally divided into client and server side (server). The client is the console for the various commands that are used locally, and the server side is for others to run, and only the computer running the server can be fully controlled. Trojans do not infect files like viruses do.

Q: What is a firewall? How does it secure the network?

A: Using a firewall (Firewall) is a way to secure your network. A firewall is a combination of components that are set up between different networks, such as trusted enterprise intranets and untrusted public networks, or network security domains. It is the unique gateway between different network or network security domain, can control (allow, deny, monitor) the information flow of the network according to the enterprise's security policy, and it has strong anti-attack ability. It is an infrastructure that provides information security services for network and information security.

Q: What is the back door? Why is there a backdoor?

A: Backdoor (back Door) refers to a method that bypasses security controls and obtains access to programs or systems. In the software development phase, programmers often create backdoors within the software to modify defects in the program. If the backdoor is known by someone else, or is not deleted before the software is released, it becomes a security risk.

Q: What is intrusion detection??

A: intrusion detection is a reasonable complement to the firewall, help the system to deal with network attacks, expand the system administrator's security management capabilities (including security audit, monitoring, attack identification and response), improve the integrity of the information security infrastructure. It collects information from a number of key points in a computer network system, analyzes this information, checks the network for violations of security policies and signs of attack

Q: What is packet monitoring?

A: Packet monitoring can be thought of as an equivalent of a eavesdropping telephone line in a computer network. When someone is " listening " to the network, they are actually reading and interpreting the packets that are sent over the network. If you need to send an email or request to download a webpage on the internet via the computer, these actions will make the data pass through you and the data destination among the many computers. The computers that pass the information can see the data you send, and the packet monitoring tool allows someone to intercept the data and view it.

Q: What is NIDs?

A: NIDS is the abbreviation of network intrusion Detection system, which is an intrusion detection systems, mainly used to detect the intrusion behavior of hacker or cracker through the network. The NIDs operates in two ways: by running on the target host to monitor its own communication information, and by running on a separate machine to monitor communication information for all network devices, such as the hub and router.

Q: What is a SYN packet?

A: The first packet of a TCP connection, a very small packet. SYN attacks include a large number of such packages that cannot be processed effectively because they appear to come from a site that does not actually exist.

Q: What is encryption technology?

A: Encryption is the most commonly used security method, using technical means to turn important data into garbled (encrypted) transmission, to the destination and then use the same or different means to restore (decryption).

Encryption technology consists of two elements: Algorithms and keys. The algorithm is to combine ordinary information or understandable information with a string of numbers (keys) to produce an incomprehensible cipher, which is an algorithm used to encode and decrypt data. In the security secrecy, the information communication security of the network can be ensured by proper key encryption technology and management mechanism.

Q: What is worm?

A: Worms originate from the first virus that spreads over the network. In 1988, Robert Morris, a 22-year-old Cornell University graduate student, sent a network of viruses called " worms "to attack Unix system bugs. The worm caused 6,000 systems to crash, with an estimated loss of $2 million to $60 million. Due to the birth of this worm, a computer Emergency response Team (CERT) has been set up on the Internet. Now the worm family has grown to thousands of species, and the vast majority of these worms are from hackers.

Q: What is an operating system virus? What harm does it have?

A: This virus will use its own program to join the operating system or replace some operating systems to work, it is very destructive, will cause the entire system to be paralyzed. And because infected with the operating system, the virus at run time, will use its own program fragments to replace the operating system's legitimate program module. According to the characteristics of the virus itself and the role of the legitimate program module in the operating system, and the replacement of the operating system, the virus destroys the operating system. At the same time, the virus on the system of file infection is also very strong.

Q: What does the Morris worm mean?

A: It was written by Roth Morris, a first-year graduate student at Cornell University in the United States. This program only 99 lines, take advantage of the shortcomings of the UNIX system, using the finger command to check the online user list, and then decipher the user password, with the mail system to copy, propagate its own source program, and then compile the generated code.

The original network worm was designed to " wander " between computers without any damage when the network was idle. When the machine is overloaded, the program can " Borrow resources " from the idle computer to achieve the load balance of the network. The Morris worm is not "borrowing resources", but " exhausting all resources".

Q: What is DDoS? What consequences will it cause?

A: DDoS is also a distributed denial of service attack. It uses the same method as an ordinary denial of service attack, but the source of the attack is multiple. Typically an attacker uses a downloaded tool to penetrate an unprotected host, and when the appropriate access rights are obtained for that host, the attacker installs the software's service or process (the proxy) on the host. These agents stay asleep until the command is received from their host and a denial of service attack is initiated against the specified target. With the widespread spread of powerful hacker tools, distributed denial of service attacks can launch thousands of attacks against a target at the same time. The power of a single denial-of-service attack may have no effect on a wide-bandwidth site, and thousands of of attacks across the globe can have fatal consequences.

Q: What is the ARP attack inside the LAN?

A: The basic function of the ARP protocol is to use the IP address of the target device to query the MAC address of the target device to ensure the communication.

Based on this work characteristic of ARP protocol, hackers send a fraudulent ARP packet to the other computer, and the packet contains the MAC address duplicated with the current device, so that the other party can not perform normal network communication because of simple address repetition error when responding to the message. In general, there are two symptoms of a computer that is subject to ARP attacks:

1. The dialog box of " XXX segment hardware address conflicts with XXX segment address in network " is always popped up.

2. The computer does not normally surf the internet, and the symptoms of network interruption occur.

Because this attack is " spoofed " by the ARP request message, the firewall will mistakenly assume that it is a normal request packet and not intercept it. So it's hard for a common firewall to withstand this attack.

Q: What is a spoofing attack? What are the attack patterns?

A: Network spoofing technology is mainly: honeypot and distributed honeypot, deception space technology. The main ways are: IP spoofing, ARP spoofing, DNS spoofing, Web spoofing, e-mail spoofing, source routing spoofing (by specifying a route, legitimate communication with other hosts by a fake identity or sending misrepresents text, causing an error action on the attacked host), address spoofing (including spoofed source addresses and forged intermediate sites), and so on.

Hacker essential Knowledge (GO)