Network Security: An Overview of Network Information Security
Network information security is a comprehensive subject involving computer science, network technology, communication technology, cryptography technology, information security technology, applied mathematics, number theory, information theory and other disciplines.
It mainly means that the hardware and software of the network system and the data in the system are protected from being damaged, changed, or leaked due to accidental or malicious reasons, the system runs continuously and reliably, and the network service is not interrupted.
directory :
Overview of network information security:
Basic attributes of network information security:
Basic functions of network information security:
Basic technical requirements for network information security 1 .
Basic technical requirements for network information security 2 .
Network information security management 1.
Network information security management 2.
Network information security management 3.
Network information security laws and regulations 1 .
Network information security laws and regulations 2 .
Network information security laws and regulations 3 .
Overview of network information security:
(1) Current status of network development: Networking, digitalization, and intelligence are the main features of the information society, and the era of Internet of Everything has come.
(2) Network information security in a narrow sense refers specifically to the fact that each component of a network information system meets the requirements of security attributes, namely confidentiality, integrity, availability, non-repudiation, and controllability.
(3) Network information security in a broad sense is a big security involving national security, urban security, economic security, social security, production security, and personal security.
(4) Focusing on network security issues, the content, concepts, methods, and duration of ensuring network information security are constantly evolving, and the new changes are manifested in three aspects:
★ 保证内容从单维度向多维度转变,保障的维度包含网络空间域、物理空间域、社会空间域;
★ 网络信息安全保障措施从单一性(技术) 向综合性(法律、政策、技术、管理、产业、教育)转变:
★ 保证时间维度要求涵盖网络系统的整个生命周期,保障响应速度要求不断缩短,网络信息安全
没有战时、平时之分,而是时时刻刻;(5) Twelve aspects of network information security:
★ 网络强依赖性及网络安全关联风险凸显:
★ 网络信息产品供应链与安全质量风险;
★ 网络信息产品技术同质性与技术滥用风险:
★ 网络安全建设与管理发展不平衡、不充分风险:
★ 网络数据安全风险;
★ 高级持续威胁风险;
★ 恶意代码风险;
★ 软件代码和安全漏洞风险:
★ 人员的网络安全意识风险;
★ 网络信息技术复杂性和运营安全风险;
★ 网络地下黑产经济风险;
★ 网络间谍与网络战风险;Basic attributes of network information security:
Confidentiality: It means that network information is not leaked to unauthorized users, entities or programs, and can prevent unauthorized persons from obtaining information.
Integrity: Refers to the characteristics that network information or systems cannot be changed without authorization.
Availability: refers to the characteristics that legally licensed users can obtain network information or services in a timely manner.
Non-repudiation: refers to the characteristics that prevent relevant users of network information systems from denying their activities.
Controllability: refers to the attribute that the responsible subject of the network information system has the ability to manage and control it, and can effectively grasp and control the system according to the authorization rules, so that the administrator can effectively control the behavior of the system and the use of information, which is in line with the requirements of the system operation. Target.
其他特性:
★ 真实性:是指网络空间信息与实际物理空间、社会空间的客观事实保持一致性.
★ 时效性:是指网络空间信息、服务及系统能够满足时间约束要求.
★ 合规性:是指网络信息、服务及系统符合法律法规政策、标准规范等要求.
★ 公平性:是指网络信息系统相关主体处于同等地位处理相关任务,任何一方不占据优势的特性要求.
★ 可靠性:是指网络信息系统在规定条件及时间下,能够有效完成预定的系统功能的特性.
★ 可生存性:是指网络信息系统在安全受损的情形下,提供最小化、必要的服务功能,能够支撑业务
继续运行的安全特性.
★ 隐私性:是指有关个人的敏感信息不对外公开的安全属性.Basic functions of network information security:
(1) Network information security objectives can be divided into macroscopic network security objectives and microscopic network security objectives:
★ 宏观的网络安全目标是指网络信息系统满足国家安全需求特性,符合国家法律法规政策要求,如
网络主权、网络合规等.
★ 微观的网络安全目标则指网络信息系统的具体安全要求.(2) The specific goal of network security is to ensure that network information and related information systems are free from network security threats, that the relevant protection objects meet the basic attribute requirements of network security, that user network behaviors comply with the requirements of national laws and regulations, and that the network information system can support the continuous operation of business security , data security is effectively protected.
(3) Basic functions of network information security : To achieve the basic goals of network information security, the network should have basic functions such as defense, monitoring, emergency response and recovery:
★ 防御:是指采取各种手段和措施,使得网络系统具备阻止、抵御各种已知网络安全威胁的功能
★ 监测:是指采取各种手段和措施检测、发现各种已知或未知的网络安全威胁的功能
★ 应急:是指采取各种手段和措施针对网络系统中的突然事件,具备及时响应和处置网络攻击的功能
★ 恢复:是指采取各种手段和措施,针对已经发生的网络灾害事件,具备恢复网络系统运行的功能.Basic technical requirements for network information security 1 .
(1) Physical environment security : refers to the overall security of all hardware that supports the network system operation, including the environment, equipment and record characteristics. It is the basic guarantee for the security, reliability and uninterrupted operation of the network system. Physical security requirements mainly include environmental Security, equipment security, storage media security.
(2) Network information security certification : It is the premise and basis for realizing network resource access control, and is an important technical method to effectively protect network management objects. The role of network authentication is to identify the authenticity of the identity of network resource visitors and prevent users from accessing network resources with fake identities.
(3) Network information access control : It is a key technical method to effectively protect network management objects from threats. There are two main goals: ★ Restrict illegal users from obtaining or using network resources ★ Prevent legal users from abusing their rights and accessing network resources beyond their authority
(4) Network security and confidentiality : the purpose is to prevent unauthorized users from accessing online information or network equipment
(5) Network information security vulnerability scanning : Intruders usually use some programs to detect security loopholes in the network system, and then use corresponding techniques to attack through the discovered security loopholes. Therefore, the network system needs to be equipped with a vulnerability or vulnerability scanning system to monitor whether there are security vulnerabilities in the network, so that network security administrators can formulate appropriate vulnerability management methods according to the vulnerability detection report.
Basic technical requirements for network information security 2 .
(1) Malicious code protection: Malicious codes can enter personal computers or servers through online file downloads, emails, web pages, file sharing and other transmission methods. Preventing malicious code is an essential security requirement for network systems.
(2) Network information content security: refers to the information and data carried by relevant network information systems complying with the requirements of laws and regulations, and preventing the spread of bad information and spam information. The main technologies include spam filtering, IP address/URL filtering, natural language analysis and processing, etc. .
(3) Network information security monitoring and early warning : The role of network security monitoring is to discover the intrusion activities of the integrated network system and check the effectiveness of security protection measures, so as to report to the network security administrator in time and take effective measures against intruders to prevent harm Proliferate and adjust security policies.
(4) Network information security emergency response : Network information security incidents will inevitably occur, and some measures must be taken to ensure that the normal operation of the network system can be restored in case of an accident. At the same time, electronic evidence collection is carried out for cyber attacks to combat cybercrime activities.
Network information security management 1.
(1) Network information security management refers to taking appropriate security measures for network assets to ensure the availability, integrity, controllability and non-repudiation of network assets, etc. Management is subject to human and natural factors that cause network interruption, information leakage or destruction.
(2) Network information security management objects mainly include network equipment, network communication protocols, network operating systems, network services, and secure network management, including the sum of all software and hardware that support network system operation.
(3) Network information security management involves physical security, network communication security, operating system security, network service security, network operation security, and personnel security.
(4) The goal of network information security management is to ensure network operation security and information security through appropriate security precautions, and to meet the security requirements for online business development.
(5) Network security management methods mainly include risk management, hierarchical protection, defense in depth, hierarchical protection, emergency response, and PDCA methods, etc.
Network information security management 2.
(1) Avoid risks: Separate the internal network from the external network through physical isolation devices to avoid attacks from the external network.
(2) Transfer risk: purchase a commercial insurance plan or outsource security.
(3) Reduce threats: Install anti-virus software packages to prevent virus attacks.
(4) Eliminate vulnerable points: patch the operating system or strengthen the security awareness of staff.
(5) Reduce the impact of threats: adopt multiple communication lines for backup or formulate emergency plans.
(6) Risk monitoring: regularly conduct risk analysis on the security status of the network system, and monitor potential threats.
(7) Network information security management generally follows the following workflow:
(1)确定网络信息安全管理对象。
(2)评估网络信息安全管理对象的价值。
(3)识别网络信息安全管理对象的威胁。
(4)识别网络信息安全管理对象的脆弱性。
(5)确定网络信息安全管理对象的风险级别
(6)制定网络信息安全防范体系及防范措施
(7)实施和落实网络信息安全管理防范措施。
(8)运行/维护网络信息安全管理设备、配置Network information security management 3.
The support provided by the network information security management system in the life cycle:
Network information security laws and regulations 1 .
(1) Network information security management assessment refers to the evaluation of network information security management capabilities and whether the management work complies with the norms. Common network information security management assessments include network information security level protection assessment, information security management system certification (ISMS), system security engineering capability maturity model (SSE-CMM), etc.
(2) Network information security laws and policy documents : mainly include national security, network security strategy, network security protection system, password management, technical products, domain name service, data protection, security assessment and other aspects.
(3) The "Network Security Law of the People's Republic of China" was passed by the 24th meeting of the Standing Committee of the Twelfth National People's Congress of the People's Republic of China on November 7, 2016, and will come into force on June 1, 2017 .
(4) The Encryption Law of the People's Republic of China will come into effect on January 1, 2020 .
(5) Take technical measures to monitor and record network operation status and network security incidents, and keep relevant network logs for no less than six months in accordance with regulations .
Network information security laws and regulations 2 .
(1) The main work of network security level protection can be summarized as grading, filing, construction rectification, level evaluation, operation and maintenance
(2) The grading work is to confirm the grading object, determine the appropriate level, and pass the expert review and review by the competent department;
(3) The filing work is to prepare the filing materials according to the management regulations of grade protection, and go to the local public security organ for filing and review;
(4) Construction rectification work refers to the gap analysis of the actual situation of the current protected objects according to the corresponding grade requirements, rectification of the protected objects according to the non-conforming items combined with industry requirements, and the construction of safety technology and management systems that meet the grade requirements.
(5) Grade evaluation work means that the grade protection evaluation agency evaluates the graded protection objects according to the corresponding grade requirements, and issues the corresponding grade protection evaluation certificate.
(6) Operation and maintenance work refers to the supervision and management of the safety-related matters of the protected objects by the level protection operator in accordance with the requirements of the corresponding level.
(7) China Network Security Review Technology and Certification Center (CCRC, formerly China Information Security Certification Center) is a specialized agency responsible for implementing network security review and certification.
(8) Domain name service is a basic network service , which mainly refers to activities such as operation and management of domain name root servers, operation and management of top-level domain names, domain name registration, and domain name resolution. When a network and information security incident occurs in the domain name system, it shall be reported to the telecommunications management agency within 24 hours. Domain name is the basic component and important identity of government websites.
Network information security laws and regulations 3 .
(1) The National Computer Network Emergency Response Technology Coordination Center (CNCERT or CNCERT/CC) is the leading unit in China's computer network emergency response system and a national emergency center . The main responsibilities are: in accordance with the policy of "active prevention, timely discovery, rapid response, and full recovery", carry out the prevention, discovery, early warning, and coordinated disposal of Internet network security incidents, maintain public Internet security, and ensure the security of key information infrastructure. safe operation.
(2) The sources of network information security technology information mainly include network security conferences, network security journals, network security websites, and network security terms.
(3) The four top academic conferences in the field of network information security are: S&P, CCS, NDSS, USENIX Security.
(4) Network information security terminology is an important way to acquire network security knowledge and technology. Common network security terms can be divided into basic technology, risk assessment technology, protection technology, detection technology, response recovery technology, and evaluation technology wait.
(5) Cryptography is commonly used in basic technical terms , such as encryption, decryption, asymmetric encryption, public key encryption, public key, etc.
(6) Risk assessment technical terms include denial of service, distributed denial of service, webpage tampering, webpage phishing, webpage hanging horse, domain name hijacking, routing hijacking, spam, malicious code, Trojan horse, network worm, botnet, etc.
(7) Terms of protection technology include access control, firewall, intrusion detection system, etc.
(8) Detection technology terms include intrusion detection, vulnerability scanning, etc.
(9) Response and recovery technical terms include emergency response, disaster recovery, backup, etc.
(10) The technical terms of evaluation include black-box testing, white-box testing, gray-box testing, penetration testing, and fuzz testing.
Study Books: Information Security Engineer...