Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall
To protect your network from attack, you must have in-depth, detailed understanding of the attack method, attack principle, attack process, only in order to be more effective and more targeted for active protection. The following is an analysis of the characteristics of the attack method to investigate how to detect and defend the attack behavior.
The core problem of anti-attack technology is how to intercept all network information. There are two main ways to get information, one is to obtain all the network information through the network interception, which is not only the inevitable way to attack, but also the necessary way to carry out the attack; the other is to discover the intrusion behavior and the potential security vulnerabilities of the system by analyzing the system logs of the operating system and the application.
The main mode of attack
Attacks on the network are diverse, generally speaking, the attack is always taking advantage of "system configuration Defects", "Operating system security vulnerabilities" or "Communication protocol security vulnerabilities". So far, more than 2000 attacks have been discovered, of which there is already a corresponding solution to the vast majority of attacks, which may be divided into the following categories:
(i) Denial of service attacks: In general, denial of service attacks can cause the target to stop some or all of the services by overloading the critical resources of the target (usually a workstation or critical server). Currently known denial of service attacks have hundreds of kinds, it is the most basic means of intrusion attacks, but also one of the most difficult to deal with the attack, a typical example of SYN flood attack, Ping flood attack, land attack, WinNuke attack.
(ii) Unauthorized access attempts: an attempt by an attacker to read, write, or execute a protected file, including attempts to obtain protected access.
(iii) Pre-detection attacks: During successive unauthorized access attempts, attackers typically use this attack attempt to gain information within the network and around the network, typically including Satan scans, port scans, and IP halfway scans.
(iv) Suspicious activity: it is usually defined as "standard" network communications outside the scope of activities, can also refer to the network do not want to have activities, such as IP Unknown Kyoto and duplicate IP address events.
(v) Protocol decoding: Protocol decoding can be used in any of these unwanted methods, the network or security administrator needs to decode the work, and obtain the corresponding results, the decoded protocol information may indicate the expected activities, such as FTU user and Portmapper proxy decoding methods. Article source http://www.niubiseo.cn, forwarding need to attach links, pro!