Several key technologies of network security based on security

Source: Internet
Author: User
Keywords Security firewall network security
1. Firewall Technology "Firewall" is a kind of image, in fact it is a combination of computer hardware and software, so that the Internet and the intranet to establish a security gateway (Scurity Gateway), while protecting the intranet from the intrusion of illegal users. The so-called firewall is a barrier that separates the Internet from the intranet. Firewalls are available in two categories, standard firewalls, and two-home gateways. The standard firewall system includes a UNIX workstation that buffers each router at each end of the workstation. One of the routers interfaces is the external world, the public network, and the other connects the intranet. Standard firewalls use specialized software and require a higher level of management, and there is a certain delay in information transmission. The double gateway (dual home gateway) is a standard firewall extension, also known as the Fortress Host (Bation host) or Application layer Gateway (Applications layer Gateway), it is a single system, but it can complete all the functions of the standard firewall. The advantage is that it can run more complex applications while preventing any direct frontier between the Internet and the internal system, ensuring that packets cannot reach the internal network directly from the external network, and vice versa. With the progress of firewall technology, the two-home gateway has evolved two kinds of firewall configuration, one is covert host Gateway, the other is hidden intelligent gateway (hidden subnet). A hidden host gateway is the current common firewall configuration. As the name suggests, this configuration on the one hand to covert routers, on the other hand, the Internet and the intranet to install a bastion host. The bastion host is installed on the intranet, which makes the bastion host the only system to communicate with the Internet through the configuration of the router. The most complex and secure-level firewall at the moment is the hidden intelligent Gateway, which hides the gateway behind the public system and makes it vulnerable to direct attacks. The Hidden Intelligent gateway provides almost transparent access to the Internet service while preventing unauthorized access to the private network by an externally authorized visitor. Generally speaking, this kind of firewall is the least easy to be destroyed. 2. Data encryption technology and firewall with the use of security technology and data encryption technology is to improve information systems and data security and confidentiality, to prevent the secret data from the external analysis of the main technical means used. With the development of information technology, the network security and information secrecy have aroused people's concern. At present, in addition to strengthening the security of data from the legal and administrative aspects, we take measures in both software and hardware to promote the development of data encryption technology and physical prevention technology. According to different functions, data encryption technology is divided into four kinds, such as data transmission, storage, data integrality identification and key management technology. (1) The purpose of data transmission encryption is to encrypt the transmission stream, which is commonly used in line encryption and End-to-end encryption. The former focuses on the circuit without regard to the source and the letter-bedis to provide security protection by using different encryption keys for classified information through each line. The latter means that the information is automatically encrypted by the sender and entered into the TCP/IP packet back, then as unreadable and unrecognized data across the Internet, when the information once arrived at the destination, will be automatically reorganized, decrypted, become readable data. (2) The data storage encryption technology is to prevent the data on the storage link on the compromised, can be divided into ciphertext storage and access control two kinds. The former is usually through encryption algorithm conversion, additional password, encryption module and other methods to achieve, the latter is the user qualification, the limits of the review and restrictions to prevent illegal users access to data or legitimate users unauthorized access to data. (3) The purpose of data integrity authentication is to transmit the intervention information, access and processing of the identity of the person and the relevant data content to verify, to achieve the requirements of confidentiality, generally including passwords, keys, identity, data and other items of the identification, the system through the comparison of the validation of the object input of the characteristics of the parameters to meet the pre-set parameter, To achieve security protection of data. (4) Key management technology in order to facilitate the use of data, data encryption in many cases focused on the application of the key, so the key is often the main object of secrecy and cyber. The media of the key are: Magnetic card, tape, disk, semiconductor memory, etc. Key management techniques include the creation of key, the allocation of storage, replacement and destruction of the security measures on all aspects. 3. Another technology closely related to the technology of smart cards and data encryption is the smart card technology. A smart card is a medium for a key, usually like a credit card, held by an authorized user and assigned to it by the user with a password or cipher word. This password is consistent with the password registered on the Internal network server. When passwords and identity features are used together, the confidentiality of smart cards can be quite effective. Network security and data protection to achieve a number of preventive measures have a certain limit, not the more secure the more reliable. Therefore, to see whether an intranet is safe not only to examine its means, but more importantly to the network to take various measures, including not only physical prevention, as well as the quality of personnel and other "soft" factors, to carry out a comprehensive assessment, so as to obtain the safety of the conclusion. Responsible Editor: Snowflake (TEL: (010) 68476636-8008) give force (0 votes) to the (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title of the party (0 votes) passing (0 votes) in the original: several key technologies of network security based on security return to network security home

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.