Windows Network Security
1. Concept of Network Security
Definition of Network Security: hardware, software, and data of the network system are protected, and the system can run normally continuously without being damaged, changed, or leaked due to accidental or malicious reasons, the network service will not be terminated.
1>. network security mainly involves three aspects:
Hardware security: Ensure the security of network devices, such as servers, switches, routers, and other devices in the network.
Software and data security: ensures that important data in the network is not stolen or damaged, and that the software can run normally without being damaged.
Normal system operation: ensure that the system runs normally and the system cannot be paralyzed or shut down.
2>. Network Security Features
Confidentiality: prevents unauthorized users from accessing data
Integrity: data is not modified during storage and transmission.
Availability: data is available at any time
Controllability: data is controllable during transmission.
Reviewability: Administrators can track user operations
3>. Network Security Threats
Unauthorized access: unauthorized access to relevant data
Information leakage or loss: information leakage or loss during transmission
Damage Data Integrity: data is modified during transmission
Denial of Service Attack: by sending a large number of packets to the server, the server consumes resources and the server cannot provide services.
Spread Computer viruses over networks
2. Common network attack methods
Port scanning, security vulnerability attacks, password intrusion, trojan programs, email attacks, Dos Attacks
1>. Port Scan:
Through port scanning, you can know which services and ports are open to the computer to detect vulnerabilities. You can scan them manually or by using port scanning software.
2>. Port Scanning Software
SuperScan (Integrated scanner)
Main functions:
Check whether the host is online
Mutual conversion between IP addresses and host names
Test the services running on the target host through TCP Connection
Scan the host port in the specified range.
PortScanner (graphical scanner software)
Relatively fast, but with a single function
X-Scan (no installation of green software, Chinese supported)
Uses multiple threads to detect security vulnerabilities in specified IP address segments (or standalone)
Supports plug-in functions, provides graphical and command line operations, and Comprehensive scanning.
3>. Security Vulnerability attacks
Security Vulnerabilities are defects in hardware, software, and protocols and exist in security policies. They allow attackers to access or damage the system without authorization.
Security Vulnerability attack instance:
(1) The Chinese Input Method vulnerability in Windows 2000 means that in the original version of Windows 2000, you must install the Chinese Input Method to easily access the Windows 2000 System and obtain administrator privileges, what operations can be performed is a very serious vulnerability. Later, Microsoft launched a patch to fix the vulnerability.
(2) Windows Remote Desktop Vulnerability refers to a DoS vulnerability in Microsoft's Remote Desktop Protocol (RDP). Remote attackers can send specially crafted RDP messages to the affected system, causing the system to stop responding. In addition, this vulnerability may also allow attackers to obtain the account information of Remote Desktop and facilitate further attacks.
(3) buffer overflow is a very common and dangerous vulnerability, which is widely used in various systems and application software. This vulnerability can cause program running failure, system downtime, system restart, and other consequences. Cache overflow refers to a buffer overflow when the number of data digits filled in the buffer exceeds the capacity of the slow-state zone. When an overflow occurs, the overflow data overwrites the valid data. Attackers may intentionally write ultra-long data into the buffer zone to launch a buffer overflow attack, affecting the normal operation of the system.
(4) There are many IIS vulnerabilities. For example, the FTP Server Stack Overflow Vulnerability. When the FTP server allows unauthorized users to log on and create a long and special directory, this vulnerability may be triggered to allow hackers to execute programs or conduct blocking attacks.
(5) SQL vulnerabilities: for example, the SQL injection vulnerability allows the client to submit special code to the database server to collect program and service information and obtain the desired information.
4>. Password intrusion
Password intrusion is an attack that occurs when you log on to the target host after illegally obtaining the passwords of some valid users.
Illegal password acquisition method:
Obtain a password through a network listener
Obtain password through brute force cracking
Use management errors to get passwords
5>. Trojan program
It is hidden inside the system and started as the system starts. without the user's knowledge, it connects to and controls the infected computer.
A Trojan consists of two parts: the server side and the client side.
Common trojans:
BO2000
Glaciers
Gray pigeon
6>. Email attack
Attackers use the email bomb software or CGI program to send a large number of duplicate and useless spam emails to the target mailbox, making the target mailbox unusable.
Email attack forms:
Email bomb
Email Spoofing
7>. Dos Attacks
Dos is called a denial of service attack. It sends a large number of packets to the host in a short time, consuming host resources, resulting in system overload or system paralysis, and rejecting normal user access.
Type of DoS Attacks:
Attackers send connection requests from forged and non-existing IP addresses.
Attackers occupy all available sessions and prevent normal user connection.
Attackers inject a large number of erroneous or specially structured data packets into the receiver.
Dos attack example
Tear-down attacks
Ping of Death
Smurf attack
SYN Overflow
DDoS Distributed Denial of Service Attack