1. Multiple choice questions
(1) The SSL protocol is a protocol for encrypted transmission between ( ).
A. Physical layer and network layer B. Network layer and system layer
C. Transport layer and application layer D. Physical layer and data layer
(2) The encryption security mechanism provides ( ) of the data.
A. Reliability and security B. Confidentiality and controllability
C. Integrity and Security D. Confidentiality and Integrity
(3) The management of certification information by non-repudiation services is closely related to specific service items and notarization mechanisms, and is usually built on the ( ) layer.
A. Physical layer B. Network layer
C. Transport layer D. Application layer
(4) The network security services that can be provided at the physical layer, link layer, network layer, transport layer and application layer are ( ).
A. Authentication service B. Data confidentiality service
C. Data Integrity Services D. Access Control Services
(5) Since the transport layer can provide real end-to-end connections, it is most suitable to provide ( ) security services.
A. Data Confidentiality B. Data Integrity
C. Access control service D. Authentication service
Answer: (1) C (2) D (3) D (4) B (5) B
2. Fill in the blank
(1) The application layer security is decomposed into , , and security, which are operated and managed by various protocols.
Answer : (1) Network layer, operating system, database, TCP/IP
(2) The Secure Sockets Layer (SSL) protocol provides the security of network information for both parties during network transmission.
Harmony consists of two layers.
(2) Confidentiality, reliability, SSL record protocol, SSL handshake protocol
(3) The seven-layer protocols of the OSI/RM open system interconnection reference model are , , , ,
、 、 。
Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer
(4) ISO stipulates , , , , five levels of security services for OSI.
Object authentication, access control, data confidentiality, data integrity, non-repudiation
(5) A VPN connection consists of , , and three parts. An efficient and successful VPN has four characteristics : , , .
Client, Tunnel, Server, Security, Quality of Service, Scalability and Flexibility, Manageability
Answer : (1) Network layer, operating system, database, TCP/IP
(2) Confidentiality, reliability, SSL record protocol, SSL handshake protocol
(3) Physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer
(4) Object authentication, access control, data confidentiality, data integrity, and non-repudiation
(5) Clients, tunnels, servers, security guarantees, quality of service guarantees, scalability and flexibility, and manageability
3. Short answer questions
( 1 ) What is the corresponding relationship between the four-layer protocol of TCP/IP and the seven-layer protocol of the OSI reference model?
The protocol currently used by the Internet is the TCP/IP protocol. The TCP/IP protocol is a protocol family with a four-layer structure. The four-layer protocols are: physical network interface layer protocol, Internet layer protocol, transport layer protocol, and application layer protocol. The corresponding relationship between the 4-layer protocol of the TCP/IP group and the 7-layer protocol of the OSI reference model and commonly used protocols is shown in the figure below.
( 2 ) Briefly describe the basic features of the IPV6 protocol and the difference with the IP header format of IPV4 ?
The data of all protocols of TCP/IP are transmitted in the form of IP datagrams, and the TCP/IP protocol cluster has two IP versions: IPv4 and IPv6.
The IP address of IPv4 is the 32-bit address of the only designated host in the TCP/IP network, and an IP packet header occupies 20 bytes, including the IP version number, length, service type, and other configuration information and control fields. IPv4 did not consider security at the beginning of the design, and the IP packet itself does not have any security features.
IPv6 simplifies the IP header, and its datagram is more flexible. At the same time, IPv6 also increases the design of security. Compared with the IPv4 protocol, the IPv6 protocol has many important improvements, and has the following basic features :
(1) Extended address space: IPv6 expands the IP address of IPv4 from 32 bits to 128 bits, which enables the scale of the network to be fully expanded, connects all possible devices and equipment, and uses a unique global network address.
(2) Simplify the header: IPv4 has many domains and options. Since the length of the header is not fixed, it is not conducive to efficient processing and expansion. For this actual situation, IPv6 redesigns the header, which consists of a simplified fixed-length basic header and multiple optional extended headers. This not only speeds up the routing speed, but also flexibly supports multiple applications, and facilitates the expansion of new applications in the future. The basic headers of IPv4 and IPv6 are shown in Figure 2-8 and Figure 2-9.
Figure 2-8 IP header of IPV4
Figure 2-9 IPV6 basic header
(3) Better support for QoS (Quality of Service): The transmission information flow for the upper-layer special application can be identified by the flow label, which is convenient for special processing.
(4) Improve routing performance: Hierarchical address allocation facilitates route aggregation, thereby reducing the number of entries in the routing table, and the simplified IP packet header also reduces the processing load of the router.
(5) Embedded security mechanism: It is required to enforce IPSec, which provides the ability to support data source authentication, integrity and confidentiality, and can resist replay attacks at the same time. The security mechanism embedded in IPv6 is mainly implemented by the following two extension headers: Authentication Header ( AH ) and Encapsulation Security Payload ( ESP ).
- The authentication header AH can realize the following three functions: protection of data integrity (that is, not to be illegally tampered with); data source authentication (that is, prevention of source address counterfeiting) and anti-replay (Replay) attack.
- Both AH and ESP have two usage modes: transport mode and tunnel mode. Transport mode applies only to host implementations, and only provides protection for upper-layer protocols, not IP headers. Tunnel mode (a method of implicitly encapsulating data packets into a tunnel protocol to transmit data, which will be introduced in 2.4.2) can be used for hosts or security gateways. In the tunnel mode, the inner IP header carries the final source and destination addresses, while the outer IP header may contain different IP addresses, such as the security gateway address.
- The encapsulating security payload ESP adds support for data confidentiality on the basis of the security functions implemented by AH.
( 3 ) Summarize the implementation of IPSec ?
There are two implementations of IPSec : transport mode and tunnel mode, both of which can be used to protect communications.
(1) The transport mode is used between two hosts to protect the transport layer protocol header and achieve end-to-end security. When the data packet is transmitted from the transport layer to the network layer, AH and ESP will intercept it, and an IPSec header needs to be inserted between the IP header and the upper layer protocol. When applying AH and ESP to the transport mode at the same time, ESP should be applied first, and then AH should be applied. As shown in Figure 2-14.
Figure 2-14 is used in the transfer mode between hosts to achieve end-to-end security
(2) Tunnel mode
Tunnel mode is used between a host and a router or between two routers to protect the entire IP data packet. Encapsulate the entire IP packet (called the inner IP header), then add an IP header (called the outer IP header), and insert an IPSec header between the outer and inner IP headers. As shown in Figure 2-15.
Figure 2-15 Tunnel mode between a host and a router or between two routers
( 4 ) Briefly describe the commonly used network commands and their respective functions in network security detection and management information? ( Briefly describe the functions and uses of the ping command, ipconfig command, netstat command, net command and at command.)
1) ping command
The function of the ping command is to check the IP-level connection with another TCP/IP host by sending ICMP packets. Network administrators often use this command to check the connectivity and reachability of the network. At the same time, the receipt of reply messages will be displayed together with the number of round trips.
- If you only use the ping command without parameters, the window will display help information for the command and its various parameters.
- The grammatical format of using the ping command is: ping the computer name or IP address of the other party
2) ipconfig command
The function of the ipconfig command is to display all TCP/IP network configuration information, refresh the Dynamic Host Configuration Protocol DHCP (Dynamic Host Configuration Protocol) and Domain Name System DNS settings.
- Using ipconfig without arguments displays the IP addresses, subnet masks, and default gateways of all adapters.
- Use the "ipconfig /all command" to view all complete TCP/IP configuration information. For a network card that can automatically obtain an IP address, you can use the "ipconfig /renew command" to update the DHCP configuration.
3) netstat command
The function of the netstat command is to display active connections, ports the computer listens to, Ethernet statistics, IP routing tables, IPv4 statistics (IP, ICMP, TCP, and UDP protocols).
Use the "netstat -an" command to view current active connections and open ports, which is the easiest way for network administrators to check whether the network has been invaded.
4) net command
The function of the net command is to view the user list on the computer, add and delete users, establish a connection with the other computer, start or stop a certain network service, etc.
Use net user to view the user list on the computer, and use "net user username and password" to change the password for a certain user.
5) at command
The function of the At command is to create a scheduled task and set the execution time after establishing a trusted connection with the other party.
( 5 ) Briefly describe the structure of the secure socket layer protocol SSL and the protocol functions realized?
1) The transport layer security technology designed by Netscape Communications Company is Secure Sockets Layer (Secure Sockets Layer, SSL), and the SSL structure is shown in Figure 2-1.
Figure 2-1 SSL structure diagram
Figure 2-2 SSL protocol stack
Among them, the SSL negotiation layer is used by both parties to agree on the encryption algorithm and perform identity authentication through this layer; the SSL record layer segments, compresses and encrypts the data in the upper layer, and finally transmits it by TCP.
2) For the management of the SSL exchange process, the negotiation layer provides support through three protocols, and the SSL protocol stack is shown in Figure 2-2.
SSL uses the public key method for identity authentication, and uses the symmetric key method for mass data transmission. Through negotiation between the two parties, SSL can support various identity authentication, encryption, and verification algorithms. The protocol functions corresponding to the two levels are:
- The SSL record protocol performs segmentation, compression, data authentication and encryption on the information provided by the application;
- The handshake protocol in the SSL negotiation layer is used to negotiate the process of data authentication and data encryption. SSLv3 supports data authentication with MD5 and SHA and data encryption with the data encryption standard DSE (Data Encryption Standard).
( 6 ) Briefly describe the security issues of wireless networks and the basic technologies to ensure security?
1. Wireless network security issues
The data transmission of the wireless network uses microwaves for radiation propagation. Therefore, all wireless terminals can receive wireless signals as long as they are within the coverage of the Access Point (AP), and the AP cannot direct the wireless signal to a specific receiving device. Therefore, the issue of wireless security and confidentiality is particularly prominent.
2. Basic technology of wireless security
(1) Access control - using ESSID and MAC restrictions to prevent illegal wireless devices from invading
(2) Data encryption - security solution based on WEP
(3) A new generation of wireless security technology - IEEE802.11i
(4) TKIP- a new generation of encryption technology TKIP is based on the RC4 encryption algorithm like WEP
(5) AES- is a symmetric block encryption technology that provides higher encryption performance than the RC4 algorithm in WEP/TKIP
(6) Port access control technology (IEEE802.1x) and Extensible Authentication Protocol (EAP)
(7) WPA (WiFi Protected Access) specification - WPA is a wireless security technology that can replace WEP
( 7 ) Briefly describe the commonly used network services and the default ports for providing services.
1) Simple Mail Transfer Protocol ( SMTP ) , to realize Email service
2) File Transfer Protocol ( FTP )
FTP is used to send and receive files after establishing a TCP/IP connection. FTP communicates with two ports, uses TCP21 port control to establish a connection, keeps the connection port open throughout the FTP session, and is used to send control information and client commands between the client and the server. Data connections are established using a short-lived ephemeral port. A data connection is established each time a file is transferred between the client and server.
3) Hypertext Transfer Protocol ( HTTP )
HTTP is the most widely used protocol on the Internet. HTTP uses port 80 for control connections and an ephemeral port for data transfer.
4) Remote login protocol ( Telnet )
The function of Telnet is to perform remote terminal login access and manage UNIX devices. Allowing remote users to log in is the main factor of Telnet security issues. In addition, Telnet sends all user names and passwords in clear text, which may give hackers an opportunity to commit crimes remotely by using a Telnet session.
5) Simple Network Management Protocol ( SNMP )
SNMP allows administrators to check the status of network operation and modify the configuration of SNMP agents. Administrators can also collect any content sent by SNMP agents and get query information directly from these agents. SNMP can transmit all information through ports 161 and 162 of UDP, and it is also easy to be impersonated and used by hackers.
6) Domain Name System ( DNS )
The computer network uses DNS port 53 when resolving domain name requests, and TCP port 53 when performing zone transfers. The zone transfer refers to the following two situations:
( 8 ) What are the basic types of security services?
- Object Authentication Security Service
- Access Control Security Services
- Data Confidentiality Security Services
- Data Integrity Security Services
- Anti-repudiation security service