What is internet security?
Internet security is a comprehensive discipline involving computer science, network technology, communication technology, cryptographic technology, information security technology, applied mathematics, number theory, information theory and other disciplines. Internet security is essentially the security of information on the Internet. Broadly speaking, all relevant technologies and theories related to the confidentiality, integrity, availability, authenticity, and controllability of information on the Internet are the research fields of network security.
Internet security background
"Internet" refers to a global information system, an interactive platform that can communicate with each other, communicate with each other, and participate in each other. Therefore, Internet security issues should be prevented in the same way as fire prevention and theft issues in every household. When you don't even think that you will become the target, the threat has already appeared. Once it happens, it is often caught off guard, causing great losses.
Network security issues are not only related to the original structure of the Internet, but also related to the personal computer as the main terminal device. First, according to the classic "end-to-end" principle, the design of the Internet should try to keep the data transmission process as simple as possible, and place the authentication of data in the terminal rather than the transmission process. The Internet's unique TCP/IP protocol divides data into several data packets, which can only be reassembled when transmitted to the terminal device to become complete information. In this process, the operator cannot know the content of the data packet. Secondly, personal computers and operating systems as terminals enable users to write viruses and malicious programs, which can easily spread throughout the Internet. Since the emergence of the world's first worm "Morris" in 1988, various viruses, Trojan horses and network attacks have emerged in an endless stream, seriously threatening the prosperity of the Internet and the security of user data. In particular, the creation of network viruses has gradually become a profitable industry, and network security has basically become a normal issue accompanying the proliferation of the Internet, and it has become more and more serious. Third, as Internet services and applications become more diverse and complex, market competition becomes more fierce. Many software programs that have not been reviewed by security often have certain flaws and loopholes, so that viruses and malicious programs have various opportunities to invade individuals. computer. Users will download and use various software, but they lack sufficient vigilance and technical ability to protect themselves, nor can they judge software quality and safety risks.
Since the Internet was initially an anonymous and open system that transcended national borders, it was necessary to start with the endpoints of information circulation in order to address its weaknesses without fundamentally changing its original structure. In reality, there are at least the following options: First of all, in order to protect the country’s network users from foreign attacks, it can control the export of the country’s network connected to the network of other countries, and set up an intrusion detection system on the exit channel. Check for suspicious packets. But doing so is subject to the restrictions of the country’s communications and speech laws. Secondly, Internet backbones and access operators (hereinafter collectively referred to as ISPs) implement security protection level by level, which violates the "end-to-end" principle and may be questioned by the public and regulated by the state. Of course, the state can also enact laws to require them to assume security responsibilities. Third, in the same way, Internet content and application service providers (hereinafter collectively referred to as ICP) will also take security measures in order to ensure the security of transactions and services and protect user information from attack and infringement, and the state can also impose legal responsibilities. Finally, the user chooses to install security software on the computer terminal to protect local personal data. In different countries, the above four measures can be applied in a comprehensive manner, or they can focus on certain endpoints. In addition, no matter who implements the protection, the required security system can be provided by the state uniformly or by a specialized security software company. Since the cost of copying and distributing software products is zero, the software providers' early R&D investment and later technical updates have become key issues. Compared with the manufacturing and use of weapons in the pre-Internet era, the technical threshold for launching cyber attacks has been greatly reduced, and the boundary between cyber warfare targeting the country and general cyber attacks has been blurred. The rules and tactics of war no longer apply. In the face of uncertain cyber attacks, the state cannot assume the defense of the entire cyberspace like providing traditional public goods, but can only focus on the security of national infrastructure and government information equipment; At the same time, a large number of enterprises and individual users in the society are responsible for their own security, and install security software to take private relief. This can not only reduce unnecessary national fiscal expenditures, but also produce better security software services through market competition. Providing unique products for different types of cyber threats is an efficient resource allocation method. If a country adopts a traditional defense concept and believes that Internet security is part of the national information sovereignty security, then the structure will inevitably require the adoption of control of export channels, so as to maximize the prevention of virus invasion at the first pass, but the cost is extremely high. These measures belong to Lawrence Lessig's behavior of regulating cyberspace through code, which is more effective than simply prohibiting legislation.
Main threat
Network attacks
1. Active attack: The deliberate behavior that contains the information that the attacker needs to access.
2. Passive attack. The main purpose is to collect information rather than to access it, and legitimate users of the data are unaware of this activity.
Passive attacks include:
1. Eavesdropping. Including keystrokes, network monitoring, illegal access to data, and obtaining password files.
2. Deception. Including obtaining passwords, malicious code, and network deception.
3. Denial of service. Including causing abnormality, resource exhaustion, and deception.
4. Data-driven attacks: including buffer overflow, format string attacks, input verification attacks, synchronization vulnerability attacks, and trust vulnerability attacks.
Trojan Horse
Trojan horse viruses usually invade the computer when downloading and installing some unsafe software and browsing some unsafe websites. It is recommended that you do not browse unsafe websites and do not install unsafe software.
Pseudo base station
"Pseudo base station" is a fake base station. The device is a high-tech instrument, generally composed of a host computer and a laptop. It can search for mobile phone cards centered on it and within a certain radius through related equipment such as SMS group senders and SMS senders. Information, by pretending to be the base station of the operator, arbitrarily fraudulently using other people's mobile phone number to forcibly send short messages such as fraud and advertising to the user's mobile phone.
APT attack
APT (Advanced Persistent Threat) -------- Advanced persistent threat. The use of advanced attack methods to carry out long-term continuous network attacks on specific targets. The principle of APT attack is more advanced and advanced than other forms of attack. Its advanced nature is mainly reflected in the fact that APT needs to accurately collect the business process and target system of the attacker before launching an attack. In this collection process, this attack will actively explore the vulnerabilities of the trusted system and application of the attacked object, use these vulnerabilities to build the network required by the attacker, and use the 0day vulnerability to attack.
wireless network
With the explosive growth of mobile devices, various laptops, netbooks, smart phones, and tablet computers will quickly integrate into people's daily lives in 2011. For example, wireless network security issues provided by public places such as coffee shops and hotels will also become the focus of attention. Hackers can easily invade personal mobile devices through public wireless networks and obtain private information.
More Internet Security Courses: Alibaba Cloud University-Developer Class