Two Security Threats Faced by Computer Networks
Passive attack: intercept, observe, and analyze a certain protocol data PUD, also known as traffic analysis
Active attack: Tampering: Deliberately tampering with packets transmitted on the network
Malicious programs: viruses, worms, Trojan horses, logic bombs, backdoor intrusion covers, rogue software
Denial of service DoS: Send a large number of packets to the specified server, causing the server to fail to work normally
The goals of computer network security:
Confidentiality, endpoint authentication, information integrity, operational security (access control)
Data Encryption Model
Plaintext X, encryption algorithm E, ciphertext Y
Decryption algorithm D, decryption key K
Two Types of Cryptosystems
Symmetric Key Cryptosystem
The encryption key uses the same cryptosystem as the decryption key
DEX (Data Encryption Standard), the confidentiality of DES depends on the confidentiality of the key, and the algorithm is public
public key cryptography
use different encryption and decryption keys
The main reasons are: key distribution problem, demand for digital signature
RSA encryption, in the public key cryptosystem, the encryption key (public key) PK is public, while the decryption key (private key) needs to be kept secret, both encryption algorithm E and decryption algorithm D are public
1. The key pair generator generates a pair of receiver B’s keys, public key PKb and private key SKb, and the encryption key used by sender A is receiver B’s public key. The decryption key used by B is B's private key
2. The sender A uses B's public key PKb to encrypt the plaintext X through E operation, obtains the ciphertext B and sends it
B uses his own private key to decrypt through the decryption algorithm D and restore the ciphertext
3. Known PKb cannot deduce SKb
4. The public key can encrypt but not decrypt
5. The sequence of D operation and E operation does not affect the result
digital signature
Guaranteed functions
1. The receiver can verify the sender's signature on the message
2. The receiver is sure that the received data is exactly the same as that sent by the sender and has not been tampered with (the integrity of the message)
3. The sender cannot deny the message signature afterwards (non-repudiation)
identify
message authentication
cryptographic hash function
The input length of the hash function can be very long
Different hash values must correspond to different inputs
Cryptographic hash functions are one-way functions
MD5 and SHA-1
MD5: 1. Add any length of message to the end of the message according to the remainder (64 bits) of the calculation
2. Fill 1~512 bits between the message and the remainder, the first bit of filling is 1, and the following is 0
3. Divide the appended and filled message into 512-bit data blocks, and each 512-bit message data is further divided into 4 and 128-bit data blocks, which are sent to different hash functions for 4 calculations. Complicated operations are performed on 32-bit small data blocks in each round until the final MD5 digest code (128 bits) is calculated
Message authentication code:
entity identification
key distribution
Key distribution is divided into off-network distribution (physical media), on-network distribution (automatic distribution through the network)
firewall
The network inside the firewall is called "trusted network", and the network outside the firewall is called "untrusted network"
Packet filter: A router with packet filtering function, which is used to forward or discard packets entering and leaving the internal network according to filtering rules. (Generally, it can be blocked according to the port. For example, if a news network uses port 119, blocking port 119 will make it impossible to use the network)
Application gateway (proxy server): plays the role of relay at the application layer, and the data entering and leaving the network will pass through the application gateway, which can realize filtering and high-level user identification based on application layer data
Intrusion Detection IDS: When it is detected that it can be grouped, it will send a warning to the administrator or perform blocking
Generally divided into: Signature-based intrusion detection: compare the database of known attack signatures (ineffective for unknown attacks)
Abnormality-based intrusion detection: Compared with normal network traffic, report any discrepancies (easy to false positives)