1. Security threats faced by computer networks
Threats to communications on computer networks can be divided into two broad categories, passive attacks (such as interception) and active attacks. Active attack methods include tampering (changing message flow), denial of service, fake initialization, malicious programs (viruses, worms, Trojan horses, logic bombs, backdoor intrusion, rogue software), etc.
2. Computer network security
Computer network security mainly includes the following contents: confidentiality, endpoint identification, information integrity, operational security and access control.
3. Data encryption model
Cryptography is the design of cryptographic systems, while cryptanalysis is the technique of deriving plaintext or keys from ciphertexts when the key is unknown. The combination of cryptography and cryptanalysis is cryptography.
If no matter how many ciphertexts the interceptor obtains, the corresponding plaintext cannot be uniquely determined, then this cryptographic system is called unconditionally secure (or theoretically unbreakable). Without any restrictions, almost all practical cryptosystems are breakable. A cryptosystem is said to be secure on a computer if the passwords in a cryptosystem cannot be deciphered by available computing resources within a certain period of time.
4. Two types of password systems
Ⅰ. Symmetric key cryptosystem
A symmetric key cryptosystem is a cryptosystem in which both the encryption key and the decryption key use the same key (such as Data Encryption Standard DES and Advanced Encryption Standard AES). The confidentiality of this encryption depends only on keeping the key secret, while the algorithm is public.
Ⅱ. Public key cryptosystem
Public key cryptography (also known as public key cryptography) uses different encryption keys and decryption keys. The encryption key (ie, public key) is open to the public, while the decryption key (ie, private key or secret key) needs to be kept secret. Both the encryption algorithm and the decryption algorithm are also public. Currently the most famous public key cryptosystem is the RSA system, which is based on the large number decomposition problem in number theory.
The security of any encryption method depends on the length of the key and the amount of calculation required to break the ciphertext, not simply on the encryption system (public key cryptosystem or traditional encryption system).
5. Digital signature
The digital signature must ensure that the following three functions can be realized. ①Message authentication, that is, the receiver can verify the signature of the sender on the message. ②The integrity of the message, that is, the receiver is sure that the received data is exactly the same as that sent by the sender and has not been tampered with. ③ Non-repudiation, that is, the sender cannot deny the signature of the message afterwards.
6. Identification
Authentication is to verify that the other party of the communication is indeed the one you want to communicate with, not other impostors. Authentication and authorization are different concepts.
Message Digest MD used to be a common method for identifying leopard prints. Later, there was a more secure SHA-1, but currently the most secure are SHA-2 and SHA-3.
7. Key distribution
Key management includes the generation, distribution, injection, verification and use of keys. Key distribution (or key distribution) is the biggest problem in key management. Keys must be distributed through the most secure channels. The key distribution center KDC is a commonly used key distribution method.
CA is an entity that issues digital certificates and is also a trusted third party. The CA binds the public key with its corresponding entity (human or machine) and writes it into the certificate, and digitally signs the certificate. Anyone can obtain the public key of the CA from a trusted place to verify the authenticity of the digital certificate. In order to issue digital certificates conveniently, the root CA can have the following multi-level intermediate CAs, which are responsible for issuing digital certificates to users. This forms the chain of trust and the chain of certificates.
8. Network layer security protocol
The IPsec protocol suite can be used at the network layer, and IPsec includes the authentication header protocol AH and the encapsulation security payload protocol ESP. The AH protocol provides source authentication and data integrity, but not confidentiality. The ESP protocol provides source authentication, data integrity and confidentiality. IPsec supports both IPv4 and IPv6. In IPv6, both AH and ESP are part of the extension header. IPsec datagrams work in two ways: transport mode and tunnel mode.
9. Transport Layer Security Protocol
Security protocols such as the transport layer used to be SSL (Secure Sockets Layer) and TLS (Transport Layer Security). But SSL has been phased out. The latest version currently in use is TLS 1.3. TLS not only authenticates the security of the server, but also encrypts all session records between the browser and the server, and ensures the integrity of the transmitted messages.
10. Application layer security protocol
PGP is a complete e-mail security software package, including technologies such as encryption, authentication, electronic signature and compression. PGP does not use new concepts, but uses some existing encryption algorithms (such as RSA public key encryption algorithm or SHA message digest algorithm) comprehensively.
11. Firewall and intrusion detection
Ⅰ. Firewall
As an access control technology, the firewall strictly controls the packets entering and leaving the network boundary and prohibits any unnecessary communication, thereby reducing the occurrence of potential intrusions and minimizing the security risks caused by such security threats.
A firewall is a specially programmed router installed between a network point and the rest of the network for the purpose of enforcing access control policies. The network inside the firewall is called a trusted network, and the network outside the firewall is called an untrusted network. There are two functions of the firewall: one is to block (the main one), and the other is to allow.
Firewall technology is divided into ① network-level firewalls, which are used to prevent illegal intrusions from outside on the entire network (group filtering and authorization servers belong to this category). ②Application-level firewalls are used for access control (using application gateways or proxy servers to distinguish various applications).
Ⅱ. Intrusion detection
Since the firewall cannot prevent all intrusions, as the second line of defense of the system, the intrusion detection system IDS finds network activities suspected of intrusions through in-depth analysis and detection of packets entering the network, and sends an alarm to take further corresponding measures. The intrusion detection system (IDS) is to detect the intrusion in time when the intrusion has already started, but before causing more harm or causing greater harm, so as to stop the intrusion as soon as possible and minimize the harm.
Note: The important knowledge points of this series (computer network) have been summarized. Chapter 8 and Chapter 9 are self-study. The above knowledge points are summarized in the book "Computer Network/Edited by Xie Xiren.—8th Edition.—Beijing: Electronic Industry Press, 2021.6", for reference only!
Computer Network--Chapter 6 Summary of Application Layer Knowledge Points
Computer Network--Chapter 5 Summary of Transport Layer Knowledge Points
Computer Network--Chapter 4 Summary of Network Layer Knowledge Points
Computer Network--Chapter 3 Summary of Data Link Layer Knowledge Points
Computer Network--Chapter 2 Summary of Physical Layer Knowledge Points
Computer Network--Chapter 1 Overview Summary of Knowledge Points