foreword
Information security definitely does not refer to a single thing. The boundaries of modern information security are extended with the expansion and extension of modern information technology. At the same time, intruders and intrusion methods are also increasing, which makes it impossible for security protection to rely on the "barrel short board" model to find the weakest point for reinforcement to ensure security.
Then, we need to use a systematic and comprehensive model to conceive the entire system related to security, and be able to dynamically adjust the corresponding strategies according to different scenarios, so as to effectively deal with different challenges. In this section of the textbook, we will focus on the following three issues, and strive to describe the overall situation of individuals facing information security in a panoramic manner, introduce various elements related to security, and the interrelationships between the elements, so as to establish a knowledge base for the following. Base.
1. What needs protection?
2. What links need to be passed through the circulation between users and the Internet for the content that needs to be protected? What are the different characteristics of each link?
3. Who is the "enemy"?
Network and computer security protection model Figure 1
1. What needs protection?
To ensure information security, first of all, it should be clear what content needs to be protected. Here, according to different characteristics, we divide the content that needs to be protected into four types: accounts, files, information flow, and user behavior habits, which are introduced separately below.
(1) With the improvement of network conditions for various accounts
, if storing data on the network (instead of a local hard disk) is a more convenient and reliable choice for data storage, then, for sharing and collaborative work, Network storage is an inevitable choice.
In this case, the change in user behavior is: In the past, people's attention was "What directory is my file stored on C drive or D drive?" Now it becomes "What website is my file stored on? Username and What is the password?" Such a change in operational behavior brought about by the transfer of data storage locations also makes accounts (including user names and passwords), the key that opens the door to people's various information, more important and indispensable property that also requires careful protection.
Accounts include both computer accounts and various network application accounts, such as:
1. Email;
2. Currency: PayPal, Alipay, etc.;
3. Social: Twitter, Facebook, etc.;
4. Various online applications and tools;
5. Purchase an account for domain name hosting space, etc.
(2) Files
Although all files can be stored on the network, in this way, the security of the account is protected, and the security of the files is also protected. But in reality, it may be due to network speed, operating habits, or some work (such as graphics editing, video editing, etc.), or a large number of files must be stored on the local hard disk. Then, the file security mentioned here mainly refers to various types of files that are stored on the computer and edited or received by the user.
These files can be divided into the following categories:
1. Text editing: Generally, various text files with extensions such as DOC, PDF, PPT, and TXT;
2. Data classes, generally Excel table files with an extension of XLS, text tables with an extension of CSV, etc.;
3. Photo pictures, generally files with extensions: JPG, PNG, GIF;
4. In addition, if you have installed some management software and entered data into it, or established a database on the local computer, such as MySQL, MSSQL, etc., although they do not save the data in a certain file, the software itself stores the data. The user's data, therefore, is also a file type that needs to be protected.
(3) Information flow
Accounts and files are relatively tangible information, and there is also a relatively intangible information flow. For example, the user’s communication with others through text, voice or video may also be illegally intercepted. Such real-time information can also leak some information. valuable information, so safety precautions are also required in the corresponding operations.
(4)
In addition to the above three categories of user behavior, there is another user browsing behavior that seems to be unrelated to security, which will expose the user's network and actual personal information, such as frequently visited websites, work and rest time, social relations, shopping habits, etc. . These seemingly trivial information can often reveal important information if the overall correlation analysis is carried out. If the interested person detects this information, they can make arrangements and designs that are not conducive to the user according to the user's behavior and habits. Therefore, user behavior data is also becoming more and more important.
The above is when considering information security, the first thing that needs to be clear, that is, what we need to protect.
Next, I will introduce the content that needs to be protected, and what links will involve security issues in the process of transmission from users to the Internet.
Second, the division of different security links
As shown in the previous figure, from the user to the Internet, information must be connected and transmitted through different links such as files, application software, operating systems, computer hardware, local area networks, and GFW. In different links, there are different security features and different protection points, which are introduced separately below.
(1) Network link
After the user data leaves the user's computer, it has to go through different paths to reach the Internet, but these paths are invisible to most users. For the sake of simplicity, we call all the intermediate links from the user's computer to the Internet as network links. Different network links can be summarized into the following five parts:
1. GFW, the Great Firewall;
2. Public network, including: China Telecom, China Unicom, China Mobile, China Railcom;
3. Private network, including: company network, unit network, Internet cafe, etc.;
4. Open networks, including public WIFI networks such as hotels, coffee houses, bookstores, and waiting for flights/buses;
5. Home network, including: various devices connected to the home network.
In the above list, 3, 4, 5 are the general ways people log into the network, then 3, 4, 5 will connect to 2; then 2 will connect to 1, and finally 1 will connect to the Internet.
In the process of network connection, there will be different listeners in different links: on private networks and open networks, network administrators may monitor; on home networks, because they are directly connected to public networks, network operators may monitor; on public networks, Some operators monitor for their own interests;
The monitoring from the network link is generally invisible to the user and cannot be intervened, so the security measures that the user can use are relatively simple.
(2) Hardware equipment
refers to security issues directly related to hardware. Including security issues of computers, tablets, smartphones, mobile storage devices, wireless routers at home, etc. Risks involving hardware, such as leakage caused by the use of a computer equipped with a USB keylogger; leakage during computer maintenance; information leakage caused by the transfer or sale of lost, stolen and obsolete computers; leakage of mobile storage devices, etc.
Security breaches of hardware devices are often related to people the user comes into contact with in real life, such as computer repairers, people who buy, steal or rob your computer.
(3) Operating
system The security of the operating system is the basic environment for all functions of the computer. The security problems mainly come from the loopholes in the system that are not patched in time or the loss or destruction of information caused by the destruction of malicious software.
(4) Application software
Application software is directly attached to the operating system and is the provider of various functions of the computer. Application software includes: browser, MSOffice, graphics processing software, some tool software (such as compression software, video player, etc.). The security of the application software directly affects the security of the operating system.
Operating systems and application software have the same sources of risk, including the following:
1. Malware carried when installing pirated operating systems;
2. Infected with a virus when using a removable storage device;
3. Install some bad programs with malware or viruses;
4. Downloading malicious software or viruses while browsing malicious websites;
5. Download the malware or virus in the email attachment.
The above has introduced the different characteristics of each link of information flow. The following describes what kind of intruders are there in these links; where and how they will invade.
3. Who is the "enemy"?
Potential enemies come from many sources, they have different purposes and different methods of stealing information. Only with a full understanding of the intruder can we better design targeted preventive measures.
(1) You know, some GV departments, or APP makers, Baidu and the like.
(2) Network operators
Network operators mainly refer to companies such as China Unicom, China Mobile, and China Railcom, who manage the basic "public network". They can profit from stealing information. For example, they will inject some codes to collect user information or add advertisements into the managed devices. These behaviors for personal gain will also increase the risk of user information.
(3) Network administrators
Network administrators refer to network administrators who maintain the equipment of companies, institutions, units or Internet cafes. Their motivation to steal information may be personal interest, or it may be arranged by their employers. With the help of some specialized software, they can take screenshots of user screens at any time or at regular intervals to observe user behavior.
In the previous "Network and Computer Security Model Diagram", their role mainly occurs in the "private network".
(4) Malicious hackers
refer to those who use technology to steal information on the Internet. Some of them aim to disrupt the network order, while others aim to spy on political or business information. Some of these are individual actions and some are organizational actions. They generally look for and discover system loopholes or software bugs through the Internet to steal user information.
(5) Little
thieves refer to new types of thieves who directly steal information for profit. They may temporarily set up free Wi-Fi in some densely populated public places. When unsuspecting users use it, they can obtain the user's private information with the purpose of stealing the user's online property or more valuable information. In the previous "Network and Computer Security Model Diagram", their role takes place in the "Open Network".
(6) Maintenance worker
refers to a person who steals information from the computer sent by the user for maintenance. A typical example is: a user's computer is faulty and sent for repair, and the repairer browses the personal information on the user's computer by the way. They may just be curious, and when they find enough interesting or valuable information, they may download it locally or publish it directly on the Internet. If the computer is handed over to such a repairman, it is undoubtedly very dangerous.
(VII) Potential opponents
Potential opponents are divided into two types, one is people who are familiar with you and steal your information for the purpose of competition or revenge. This type of person has the opportunity to start with your hardware or software because they are familiar with you; another possibility is your business competitor or adversary, they are not very familiar with your personal information (or know some), they may not necessarily have access to your computer, but based on some of your information, they can help steal your information through the Internet or by looking for hackers.
(8) Malware producers and operators
There are many malware producers and operators in China. They will promote the software in a bad way and win profits in a bad way, thereby directly or indirectly destroying the security of the user's system.
The above basically includes various factors that affect information security faced by a user.