Table of contents
1. Classification of computer networks
3. Network equipment (emphasis)
4. Network transmission medium
5.TCP/IP protocol cluster (emphasis)
2. Application proxy gateway firewall
3. State inspection technology firewall
9. Intrusion detection and defense
10. Classification of security
11. Classification of cyber attacks
1. Classification of computer networks
Computer network can be divided into wide area network, local area network and metropolitan area network according to the communication distance.
1) Local area network LAN refers to a network system with limited transmission distance, high transmission speed, and the purpose of sharing network resources.
2) Metropolitan area network MAN is a large-scale high-speed network between the local area network and the wide area network, generally covering multiple nearby units and cities.
3) Wide area network WAN , also known as remote network, refers to a data communication network with wide coverage, relatively low transmission rate, and data communication as the main purpose.
2. Topology of the network
The topology of the network refers to the geometric ordering of communication lines and nodes in the network, which is used to represent the structural appearance of the entire network and reflect the structural relationship between nodes. Commonly used network topologies include bus, star, ring, tree and distributed structures.
1. Bus structure
There is only one two-way path in the bus topology, which is convenient for broadcasting information transmission; the bus topology belongs to distributed control and does not require a central processing unit, so the structure is relatively simple; the addition, deletion, and change of nodes are easier, and the changes Does not affect the normal operation of the network, the system expansion performance is good: the interface of the node usually adopts passive lines, the system reliability is high; the equipment is less, the price is low, and the installation and use are convenient; High quality requirements. When the load is heavy, the utilization rate of the line is low. The information delay time on the Internet is uncertain, and it is difficult to isolate and detect faults.
2. Star structure
In a star structure, a central switching unit is used to connect radially to each node in the network. The central unit uses circuit switching to establish a dedicated path between the two nodes that wish to communicate. The nodes are usually connected to the central unit by twisted pair wires. It is characterized by easy maintenance and management, flexible reconfiguration; easy fault isolation and detection: short network delay time, each node is directly connected to the central switching unit, and communication between nodes must be converted by the central unit: poor network sharing ability; line utilization Low, the central unit is heavily loaded.
3. Ring structure
The information transmission line of the ring structure forms a closed ring, and each node is connected to the network through a repeater, and each repeater is connected end to end. Information is transmitted point-by-point along the ring in one direction. Its characteristic is that the flow direction of information in the ring network is fixed, there is only one path between two nodes, and the path control is simple; there is a bypass device, once a node fails, the system will automatically bypass, and the reliability is high; the information must be serialized Through multiple nodes, when there are too many nodes in the network, the transmission efficiency is low, and the system response speed is slow; due to the closed loop, it is difficult to expand.
4. Tree structure
The tree structure is an extended form of the bus structure, and the transmission medium is an unenclosed branch cable. As shown in Figure 5-2(d), it is mainly used in a hierarchical structure composed of multiple networks. Its characteristics are the same as that of the bus network.
5. Distributed structure
The distributed structure has no strict point arrangement rules and shapes, and there are multiple lines connecting each node, as shown in Figure 5-2 (e), which is characterized by the high reliability of the distributed network. When a line fails , will not affect the work of the entire system; resource sharing is convenient, and the network response time is short; because the node is connected to multiple nodes, the routing selection and flow control of the node are difficult, and the management software is complicated; the hardware cost is high.
The network topology used by the WAN and the LAN is different. The WAN uses a distributed or tree structure, while the LAN often uses a bus, ring, star or tree structure.
3. Network equipment (emphasis)
| physical equipment | OSI model | unit of data transmitted | The main function |
|---|---|---|---|
| repeater | physical layer | bit (bit stream) | Realize the interconnection of LAN segments, used to extend the length of LAN segments |
| hub | physical layer | bit (bit stream) | Multiplexer |
| bridge | data link layer | frame | Connect two different network segments, filter and forward frames |
| Layer 2 switch | data link layer | frame | Multi-port bridge, data forwarding of frames according to physical address |
| Layer 3 switch | Data Link Layer/Network Layer | frame/packet | On the basis of the layer 2 switch, some functions of the network layer are added |
| router | Network layer | data pack | Connect different subnets, perform routing and packet exchange of data according to IP addresses |
| gateway | application layer | message | Perform protocol conversion to enable communication between different types of network systems |
4. Network transmission medium
Twisted pair wire (now the most common transmission medium), coaxial cable, fiber optics, microwave, infrared and laser, satellite communications
5.TCP/IP protocol cluster (emphasis)
| ISO/OSI reference model | TCP/IP model | TCP/IP protocol | |
|---|---|---|---|
| application layer | application layer | FTP (File Transfer Protocol): Data 20, Control 21 Telnet (remote login protocol): 23 SMTP (Simple Mail Transfer Protocol): 25 HTTP (Hypertext Transfer Protocol): 80 POP3:110 |
DHCP (Dynamic Host Configuration Protocol): 67 SNMP (Simple Network Management Protocol): 161,162 DNS (Domain Name Resolution): 53 |
| presentation layer | |||
| session layer | |||
| transport layer | transport layer | TCP (Transmission Control Protocol) (reliable, connection-oriented, low-speed) |
UDP (User Datagram Protocol) (unreliable, connectionless, high-speed) |
| Network layer | Internet layer (IP layer) | IP: Provides connectionless, unreliable services ICMP (Internet Control Message Protocol): dedicated to sending error messages ARP (Address Resolution Protocol): translates IP addresses into physical addresses RARP (Reverse Address Protocol Resolution): Converts physical addresses to IP addresses |
|
| data link layer | network interface layer | IEEE 802.3、FDDI、IEEE 802.5、ARCnet、PPP | |
| physical layer | |||
The functions of the Internet layer protocol ICMP are: notifying network failures, notifying network congestion, and assisting in troubleshooting
TCP: retransmission + three-way handshake, generally used in occasions where the amount of transmitted data is relatively small and requires high reliability
UDP: Display UDP messages to the application layer
6. Internet address
The domain name is usually the hostname or address where the user is located. Usually, a complete and general hierarchical host domain name consists of the following four parts: computer host name. local name. group name. top-level domain name.
| Example: www.hust.edu.cn |
| www is the host name of the computer, hust is the local name, edu is the main name, and cn is the highest-level domain name |
URL format: protocol://host.domain name[:port number]/path/filename
| Example: http://210.42.87.56:80/ducement/admin/a1/index.html |
| http is the protocol, 210.42.87.56 is the host domain name, 80 is the port number, reducement/admin/a1 is the path, index.html is the file name |
https是一种通过计算机网络进行安全通信的传输协议,经由http进行通信,利用SSL/TLS建立全信道,加密数据包。https使用的主要目的是提供对网站服务器器的身份认证,同时保存交换数据的隐私与完整性。
7.Internet服务
域名服务,远程登录服务,电子邮件服务,www服务
8.防火墙技术
防火墙技术经历了包过滤,应用代理网关和状态检测技术三个发展阶段。
1.包过滤防火墙
包过滤器处在网络层和数据链路层(即 TCP 和层)之间。通过检查模块,防火墙能够拦截和检查所有出站和进站的数据,它首先打开包,取出包头,根据包头的信息确定该包是否符合包过滤规则,并进行记录。对于不符合规则的包,应进行报警并丢弃该包。
过滤型的防火墙通常直接转发报文,它对用户完全透明,速度较快。其优点是防火墙对每条传入和传出网络的包实行低水平控制;每个I 包的字段都被检查,例如源地址、目的地址协议和端口等;防火墙可以识别和丢弃带欺骗性源 IP 地址的包;包过滤防火墙是两个网络之间访问的唯一来源:包过滤通常被包含在路由器数据包中,所以不需要额外的系统来处理这个特征。缺点是不能防范黑客攻击,因为网管不可能区分出可信网络与不可信网络的界限;不支持应用层协议,因为它不识别数据包中的应用层协议,访问控制粒度太粗糙:不能处理新的安全威胁。
2.应用代理网关防火墙
应用代理网关防火墙彻底隔断内网与外网的直接通信,内网用户对外网的访问变成防火墙对外网的访问,然后再由防火墙转发给内网用户。所有通信都必须经应用层代理软件转发,访问者任何时候都不能与服务器建立直接的 TCP 连接,应用层的协议会话过程必须符合代理的安全策略要求。应用代理网关的优点是可以检查应用层、传输层和网络层的协议特征,对数据包的检测能力比较强。缺点是难以配置;处理速度非常慢。
3.状态检测技术防火墙
状态检测技术防火墙结合了代理防火墙的安全性和包过滤防火墙的高速度等优点,在不损失安全性的基础上,提高了代理防火墙的性能。状态检测防火墙摒弃了包过滤防火墙仅考查数据包的 IP 地址等几个参数而不关心数据包连接状态变化的缺点,在防火墙的核心部分建立状态连接表,并将进出网络的数据当成一个个的会话,利用状态表跟踪每一个会话状态。状态监测对每一个包的检查不仅根据规则表,更考虑了数据包是否符合会话所处的状态,因此提供了完整的对传输层的控制能力,同时也改进了流量处理速度。因为它采用了一系列优化技术,使防火墙性能大幅度提升,能应用在各类网络环境中,尤其是在一些规则复杂的大型网络上。
9.入侵检测与防御
入侵检测系统 (Intrusion Detection System,IDS)作为防火墙之后的第二道安全屏障,I 主要功能包括对用户和系统行为的监测与分析、系统安全漏洞的检查和扫描、重要文件的完整性评估、已知攻击行为的识别、异常行为模式的统计分析、操作系统的审计跟踪,以及违反安全策略的用户行为的检测等。入侵检测通过实时地监控入侵事件,在造成系统损坏或数据丢失之前阻止入侵者进一步的行动,使系统能尽可能的保持正常工作。与此同时,IDS 还需要收集有关入侵的技术资料,用于改进和增强系统抵抗入侵的能力。
入侵防御系统(IPS)是在入侵检测系统的基础上发展起来的,入侵防御系统不仅能够检测到网络中的攻击行为,同时主动的对攻击行为能够发出响应,对攻击进行防御。
10.安全的分类
物理安全:场地安全,机房安全
网络安全:防火墙
系统安全:主要指操作系统的安全
应用安全:与应用系统相关的安全
11.网络攻击的分类
1)主动攻击:会导致某些数据流被篡改或者产生虚假的数据流。这类攻击可分为篡改消息、伪照消息、重放和拒绝服务(DDOS攻击)
2)被动攻击:攻击者并不对数据信息做任何修改,也不产生虚假的数据流。通常包括窃听,流量分析等。
12.其它
1)默认网关的IP地址和本机地址属于同一个网络号,网络号相同属于同一子网
2)主机号全为1称为广播地址;主机号全为0称为网络地址
3)URL默认使用http协议
4)安全级别由高到低:受限站点、可信站点、本地Internet、Internet
5)服务器首先查询本地缓存,主机首先查询本机host文件,本地DNS缓存,本地DNS服务器
13 IP地址
| 地址类 | 子网掩码位 | 子网掩码 |
|---|---|---|
| A类 | 11111111 00000000 00000000 00000000 | 255.0.0.0 |
| B类 | 11111111 11111111 00000000 00000000 | 255.255.0.0 |
| C类 | 11111111 11111111 11111111 00000000 | 255.255.255.0 |
子网掩码的格式与IP地址相同,所有对应网络号的部分用1填上,所有对应主机号的部分用0填上。