1. HTTPS protocol
1. HTTPS is a secure hypertext protocol, which can ensure the security of communication. Banks can provide online services through HTTPS, and users can manage their account information through a browser. It is a secure version of HTTP, that is, adding SSL layer under HTTP, HTTPS The security foundation is SSL, so the detailed content of encryption requires SSL, and the default port of SSL is 443
2. POP Post Office Protocol: Users receive mail
3. SNMP Simple Network Management Protocol for network management
4. HTTP Hypertext Transfer Protocol, many web servers use HTTP, but it is an insecure protocol
2. Email Agreement
Email protocols include SMTP, POP3, and IMAP4, all of which belong to the TCP/IP protocol suite. By default, connections are established through TCP ports 25, 110, and 143, respectively.
1. SMTP Protocol
The full name of SMTP is "Simple Mail Transfer Protocol", which is the Simple Mail Transfer Protocol. It is a set of specifications for transferring mail from a source address to a destination address, and it controls how mail is relayed. The SMTP protocol belongs to the TCP/IP protocol family, which helps each computer find the next destination when sending or relaying letters. An SMTP server is an outgoing mail server that follows the SMTP protocol. SMTP authentication, simply put, requires that you have to provide an account name and password before you can log in to the SMTP server, which makes it impossible for spammers to take advantage. The purpose of adding SMTP authentication is to protect users from spam. SMTP has become the de facto standard for E-Mail transmission.
2.POP Protocol The
POP Post Office Protocol is responsible for retrieving e-mails from the mail server. It asks the mail server to do one of the following: retrieve the mail from the mail server and delete the mail from the server; retrieve the mail from the mail server but not delete it; do not retrieve the mail, just ask if new mail arrives. The POP protocol supports the Multi-User Internet Mail Extension, which allows users to attach binary files, such as word processing files and spreadsheet files, to e-mail, which in fact allows the transfer of files of any format, including pictures and sound files. When the user reads the mail, POP orders all the mail information to be downloaded to the user's computer immediately and not kept on the server.
3.POP3 (Post Office Protocol 3) is the third version of the Post Office Protocol, and is the first offline protocol standard for Internet e-mail.
4.IMAP protocol
Internet Information Access Protocol (IMAP) is a new protocol that is superior to POP. Like POP, IMAP can download mail, delete mail from the server, or ask for new mail, but IMAP overcomes some of the shortcomings of POP. For example, it can determine how the client requests the mail server to submit received mail, requesting the mail server to download only selected mail instead of all mail. The client can read the title of the mail message and the sender's name before deciding whether to download the mail. Through the user's client e-mail program, IMAP enables users to create and manage mail folders or mailboxes on the server, delete mail, and query part or all of a letter, all without transferring mail from the server Download to the user's personal computer.
Common mail clients that support IMAP are: ThunderMail, Foxmail, Microsoft Outlook, etc.
5.PGP Secure Email Protocol:
(1) Sign the content of the email through a hash algorithm to ensure that the content of the letter cannot be modified
(2) Use public key and private key technology to ensure the confidentiality and non-repudiation of the content of the email, confirm the identity of the sender, and prevent unauthorized persons from reading the email
(3) The public keys of the sender and the recipient are stored in a public place, and the authority of the public key can be signed and authenticated by a third party. In the PGP system, trust is a direct relationship between the two parties.
3. Fragmented knowledge points
1. Needham-Schroeder protocol is an authentication protocol based on shared secret key
4. VPN technology
1. VPN: Virtual Private Network is a technology that uses a public network to establish a private network through tunneling technology.
2. VPN technology mainly includes:
(1) Tunnel technology
(2) Encryption and decryption technology
(3) Key management technology
(4) Identity authentication technology
3. VPN protocol at the link layer:
(1) L2TP protocol
(2) PPTP protocol
4. Transport layer VPN protocol: TLS protocol
5. The network layer VPN protocol is: IPSec protocol
5. CA and digital signature
1. A digital certificate can verify the identity of an entity, which can only be achieved on the premise that the digital certificate itself has a message
2. Verifying the validity of a digital certificate is achieved by verifying the signature of the CA that issued the certificate. For example, a website has applied for a digital certificate from the CA. When a user logs in to the website, the validity of the digital certificate can be confirmed by verifying the signature of the CA. sex
3. Example: A communicates with B, A attaches a digital signature to the message sent, and B uses A's public key to verify the authenticity of the message after receiving the message
4. Digital signature technology (Digital Signature) is a typical application of asymmetric encryption algorithm. The principle is: the sender of the data source encrypts the data with its own private key to complete the legal signature of the data, and the receiver of the data uses the sender's private key to encrypt the data. The public key is used to interpret the received digital signature, and the interpretation result is used to verify the integrity of the data to confirm the validity of the signature.
5. The certificate chain service (cross-certification) is an implementation mechanism for a CA to expand its trust scope or recognized scope. The certificates issued by different certification centers can easily achieve mutual trust through the certificate chain and thus achieve mutual access.
6. Encryption algorithm
1.DES is a shared secret key algorithm and a symmetric secret key system. The same secret key is used for encryption and decryption.
2. DES usually selects a 64-bit (bit) database, uses a 56-bit key, and implements multiple replacement and displacement operations internally to achieve the purpose of encryption
3. MD5 and SHA belong to digest algorithms: the American symmetric cipher data encryption standard, which means that a one-way hash function calculates an input message of any length to obtain a fixed-bit output called message digest. The algorithm is irreversible. Find out. It is difficult to have two different messages with the same message digest
4. Diffie-Hellman is the key exchange algorithm
5. AES Advanced Encryption Standard: It is a block encryption standard adopted by the United States to replace the original DES encryption algorithm
6. In the public key system, the data sent by A to B should be encrypted with the public key of B. In the public key cryptosystem, the encryption key is public, while the decryption key needs to be kept secret. , the cipher pair generator generates a pair of secret keys for receiver B: the encryption key and the decryption key. The encryption key used by sender A is the public key of receiver B, the public key is made public, and the encryption key used by B is The decryption key is the recipient's private key, which is kept secret from others
7. Network attacks
A network attack is an act of stealing the resources or privileges of other computers on the network by means of the network, and destroying its security or availability. Network attacks are divided into active attacks and passive attacks:
1. Passive attack: network eavesdropping, intercepting and analyzing data packets, stealing important information from it, passive attacks are difficult to detect, mainly for prevention, the current method is encrypted data transmission, under the blessing of cryptography and security protocols, there are currently 5 types of security services:
(1) Identity authentication
(2) Access control
(3) Data confidentiality
(4) Data integrity
(5) Data non-repudiation
2. Active attack: stealing, tampering, counterfeiting and destruction, dictionary password guessing, IP address spoofing and denial of service attacks are all active attacks, a good identity authentication system (data encryption, data integrity verification, digital signature and Access control and other security mechanisms) can prevent active attacks, but it is difficult to prevent them. The current method to deal with active attacks is to detect and restore the damage in time. There are many practical tools at present, and the following attack methods are common:
(1) Get the password
(2) Placing Trojan horse programs
(3) www's deception technology
(4) Email attack
(5) Attack other nodes through one node
(6) Network monitoring
(7) Find system loopholes
(8) Use account to attack
(9) Stealing privileges
3. Example: The company faces cyber attacks from multiple sources, install a user authentication system to prevent internal company attacks
8. Kerberos authentication
1. Kerberos authentication is an identity authentication system that uses a symmetric key encryption algorithm to implement an identity authentication system through a trusted third-party key distribution center
2. Kerberos authentication, the client side needs to submit its own credentials to the server side to prove its identity, the credentials are specially generated by KDC for the communication between the client and the server side in a certain stage
3. Kerberos authentication, the credentials include the identity information of the client and the server and the temporary encryption key used by both parties in the next stage, as well as the identity authenticator information that proves that the client has the session key
4. The role of identity authentication information is to prevent attackers from using the same credentials again in the future. Timestamps can be added to packets to prevent replay attacks
9. Computer virus
1. A computer virus is a program that attaches itself to a host for the purpose of further multiplying and spreading. From individuals to large organizations, anyone with the right skills can create a computer virus, and it can infect computers, smartphones, tablets, and even smart cars. The term "computer virus" is often mistakenly used as an umbrella term to refer to any suspicious program, plug-in or code that infects software, computers and files. The misuse of this phrase may be due to the fact that computer viruses are more commonly seen in TV shows and movies. In fact, the correct general term for such programs should be malware, and computer viruses are only one type. Other types of malware include spyware, worms, and Trojan horses.
2. A computer virus is a type of malicious software that is installed on a device and propagates. Some viruses are designed to steal or destroy data, while others are designed to destabilize or even make a program or system unusable. Still others may just be made by programmers for fun, such as displaying images or text messages after turning on the computer or opening an application.
3. Strictly speaking, if the malware that infects the host is not designed to multiply and spread, then technically it is not classified as a computer virus, no matter how dangerous it is.
4. Computer viruses are usually classified according to their goals and functions, rather than their creation process and coding style, and the same computer virus may also be classified into multiple categories. Here are some examples of common computer viruses:
(1) Browser hijacking virus: This type of computer virus infects the victim's web browser and is often used to tamper with the victim's home page, steal data, and display advertisements.
(2) Boot sector virus: In addition to the boot sector of the hard drive, this type of virus also affects the disk used to help the system boot.
(3) Email viruses: These types of viruses are designed to multiply by attaching themselves to emails, generating emails using the victim's address book, or infecting email applications with the intent of stealing data.
(4) Macro Viruses: Macro computer viruses are encoded in a macro language so that they can be attached to documents and activated as soon as the file to which they are attached is opened.
(5) Polymorphic virus: A computer virus that can alter itself to evade detection by security systems and antivirus programs.
(6) Resident viruses: Resident viruses will continue to run in the background after infecting the operating system, thereby negatively affecting system and application performance.
(7) Non-resident virus: This type of virus will close itself after performing the task.
5. While many computer viruses can hide well on your device, there are several obvious behaviors that can indicate that you may have been infected with a virus, such as a noticeable system slowdown, mysterious changes to system and application settings, Notifications to services and apps you don't own, installing browser extensions or plug-ins without your permission, and being unable to surf the Internet or open certain programs, etc.
6. It is important to employ multiple strategies to keep your computer and other smart devices safe from viruses and other forms of malware, here are some ways to protect your computer from viruses:
(1) Keep the operating system and applications up to date: This will make it harder for viruses to infect your computer equipment.
(2) Only connect to trusted internet connections: This also protects you from other types of attacks, such as ARP spoofing.
(3) Avoid suspicious attachments: Never open email attachments from unknown senders, as these attachments may contain malware and other viruses.
(4) Download files only from official websites and trusted sources: Downloading files from unfamiliar websites is always risky. No matter how legitimate a download may seem, if it's not from a trusted source, avoid it.
(5) Install anti-virus software: High-quality anti-virus software can help users remove viruses from their computers and prevent virus infection.
6. The "Panda Burning Incense" virus that is currently popular on the Internet is a worm-type virus that infects files such as exe, com, pif, htm and sap, and can also delete gho backup files. All exe executable files on the infected computer become Panda holding three incense sticks
7. The virus prefix refers to a type of virus, which is used to distinguish the racial classification of the virus
(1) Trojan horse virus: the prefix is Trojan, the Trojan horse virus can realize remote attacks on remote computers through the network, and can remotely control computers
(2) Worm virus: the prefix is Worm
(3) Macro virus: the prefix is Macro
8. Virus name refers to the family characteristics of a virus, which is used to distinguish and identify the virus family. For example, the family name of the famous CIH virus is unified CIH, and the family name of the Sasser worm is Sasser, etc.
9. Virus suffix refers to the variant characteristics of a virus, which is used to distinguish a variant of a specific family of viruses, generally expressed in English letters, such as Worm.Sasser.b is the variant B of the Sasser worm, called "Shockwave B variant"
10. Phishing Websites
1. Phishing website is a kind of network fraud, which means that criminals use various means to counterfeit the URL address and page content of the real website, or use the loopholes in the server program of the real website to insert dangerous HTML code into some web pages of the website , in turn to defraud the user's account password and other information
2. Phishing websites can spread URLs through Email
11. Security Threats
1. Various security threats should be prevented in network management. Security threats are divided into primary and secondary security threats. The main security threats are:
(1) Tampering with management information: Implementing unauthorized management operations by altering SNMP messages in transit
(2) Impersonate a legitimate user: an unauthorized user pretends to be an authorized user
2. Minor security threats are:
(1) Message leakage: information exchanged between SNMP engines is overheard by a third party
(2) Modifying the message flow: Since the SNMP protocol is usually based on a connectionless transmission service, the threat of reordering the message flow, delaying or replaying the message may appear. illegal management operations
3. Threats that cannot be prevented are:
(1) Denial of service: Because in many cases denial of service and network failure are indistinguishable, they can be handled by network management protocols, and the security system does not have to take measures
(2) Communication analysis: a third party analyzes the communication rules between management entities to obtain management information
12. Packet Filtering Firewall
1. Routing table: used to specify routing rules and data forwarding paths
2. ARP table: used to realize the conversion between the IP address and the physical address MAC of the network device
3.NAT: The technology of mapping one address to another address domain, and the NAT table records these mapping records
4. Filtering rules are used to formulate a series of security policies for internal and external network access and data transmission
13. IPSec VPN Security Technology
1. IPSec VPN includes authentication header AH and encapsulation security payload ESP
(1) AH is mainly used to provide multiple functions of identity authentication, data integrity protection, and anti-replay attack
(2) ESP can provide data encryption, data source identity authentication, data integrity protection, and anti-replay attack functions.
(3) IPSec VPN can provide transmission mode and tunnel mode, but no intrusion detection function
(4) The secret key used in the IPSec encryption and authentication process is generated and distributed by the IKE (Internet Key Exchange Protocol) mechanism. IKE solves the problem of securely establishing or updating a shared secret key in an insecure network environment.
14. The functions of the PKI CA certification center are:
