Introduction to Network Security - Basics of Network Security

Language 2023-07-15 16:15:19 views: null

1. Introduction to Network Security

Four Attributes of Information Security (Basic Objectives of Information Security)

  • Confidentiality: information will not be disclosed to unauthorized users
  • Integrity: Guaranteeing data consistency
  • Availability: legitimate users will not be denied service
  • Legal Use: Will not be used by unauthorized users or in an unauthorized manner

2. Network Security Threats and Protective Measures

1. Sources of security threats

Four Basic Security Threats

  • Information Disclosure: Information is disclosed to an unauthorized person. This threat comes from information detection attacks such as eavesdropping and wiring.
  • Integrity violation: The consistency of data is compromised through unauthorized addition, deletion, modification or destruction
  • Denial of Service: The unconditional blocking of access to information or resources. Attackers make illegal and unsuccessful access attempts to the system to cause excessive load on the system, resulting in system resources that are unavailable to legitimate users.
  • Illegal use: A resource is used by an unauthorized person or in a sub-authorized manner. An attacker breaks into a computer system and uses it as a starting point for theft of telecommunications services, or as a "bridgehead" to other systems

The main realizable threats include infiltration threats and implant threats.

The main infiltration threats are

  • counterfeit
  • bypass control
  • authorized infringement

The main implant threats are

  • trojan horse
  • Trapdoor: The trapdoor setting of computer operation refers to the secret entrance into the program, which allows people who know the trapdoor to gain access without going through the usual security check access process.

potential threat

  • tapping
  • Traffic Analysis
  • Information leakage caused by improper operation
  • Information leakage caused by media waste

2. Computer virus prevention technology

Worm: It is a vicious computer virus that spreads through the network. It is a computer virus that uses harmful codes to attack victim hosts on the Internet, replicates itself on the victim host, and then attacks other victim hosts.
Behavioral characteristics of worms:

  • self reproduction
  • Exploiting software vulnerabilities
  • cause network congestion
  • consume system resources
  • leave a security risk

Flood attack is the most commonly used DOS attack to enter

Macro viruses usually infect documents rather than executable code segments.

Four stages of a typical virus life cycle

  • dormant stage
  • propagation stage
  • trigger phase
  • execution phase

where the sleep phase is optional

The components of a computer virus: boot module , infection module , performance module

Computer virus characteristics:

  • parasitic
  • contagious
  • Concealment
  • latent
  • Triggerability
  • destructive

The difference between Trojans and viruses: Trojans are not contagious, viruses are contagious , Trojans are mainly stolen passwords and other information, and viruses affect the use of computers in different degrees and ranges, and the scope of Trojans is all people who use this Trojan horse The data when using the computer will not be transmitted to other machines, but the virus can be transmitted to other machines along with floppy disks, U disks, emails and other transmission methods or media.

When the trigger condition is met and then the program triggers an unauthorized action, the malware is a logic bomb

The three main mechanisms by which malware spreads include

  • Content of infection
  • exploit
  • social engineering

3. Safety protection measures

  • physical security
  • personnel safety
  • management security
  • media safety
  • radiation safety
  • life cycle control

seven

3. Network Security Policy

1. Different levels

  • security policy target
  • Institutional Security Policy
  • System Security Policy

2. Access control strategy

  • Identity-Based Policies: Allow or deny access to clearly distinguished individuals or groups.
  • Task-based policy: A variant of identity-based policy, it assigns tasks to each individual and uses authorization rules based on these tasks.
  • Multi-level policy: It is a policy based on general rules based on the level of information sensitivity and the level of staff permission.

4. Classification of Security Attacks

Passive-aggressive and active-aggressive .

Passive attacks are characterized by eavesdropping and monitoring of transmitted information. (Eavesdropping attacks, traffic analysis)

Active attacks refer to attacks such as maliciously tampering with data streams or forging data streams.

Classification of active attacks:

  • Masquerade attack: masquerading as another entity
  • Replay attack: send the obtained message again
  • Message tampering: the attacker modifies or delays the obtained message
  • Denial of service attack: prevent or prohibit users from using network services or managing communication devices normally

 

What is the difference between active-aggressive and passive-aggressive?
Answer: The difference: the operation and state of the system will not change during passive attack, so passive attack mainly threatens the confidentiality of information . Active attacks are intended to tamper or forge information, and can also change the state and operation of the system, so active attacks mainly threaten the integrity, availability, and authenticity of information .

V. Open Systems Interconnection (OSI) Security Architecture

X.800  (ie ISO Security Framework) defines a systematic approach to assessment and analysis. Define the security service: In order to ensure sufficient security of the system or data transmission, develop the system service of the system communication protocol.

Five security services of X.800:

  • Authentication: To ensure that two entities are trusted, two special authentication services are defined: Peer Entity Authentication and Data Source Authentication
  • Access Control: Limit and control access to hosts and applications through communication connections.
  • Data Confidentiality: Protects transmitted data from passive attacks.
  • Data integrity: detection of active attacks, with and without recovery
  • Non-repudiation: Prevent any communication entity from denying the whole or part of the communication process

Five universal security mechanisms of X.800: trusted functionality, security flags, time detection, security audit trail, and security recovery.

Eight specific security mechanisms of X.800: encryption, digital signature, access control, data integrity, authentication exchange, traffic filling, routing control, and notarization.

6. Network security model

1. Six functional entities of the network security model

  • sender of the message (source)
  • Receiver of the message (sink)
  • safe transformation
  • information channel
  • trusted third party
  • attacker.

2. PPDR security model

(1) Policy (Security Policy)    

The core of the PPDR security model describes which resources of the system need to be protected and how to achieve protection.

(2) Protection

Repair system vulnerabilities, correctly design, develop and install systems;

Regularly detect and discover possible system vulnerabilities;

Educate users and operators on the proper use of the system;

Access control, monitoring to prevent malicious threats   

Encryption mechanism, digital signature mechanism, access control mechanism, authentication mechanism, information hiding, firewall technology, etc.

(3) Detection    

Detection is the basis for dynamic response and enhanced protection, and it is also a powerful tool for enforcing security policies. New threats and weaknesses are discovered through continuous detection and monitoring of networks and systems, and effective responses are made in a timely manner through circular feedback.

Intrusion detection, system vulnerability mechanism, data integrity mechanism, attack detection, etc.

(4) Response    

It has the most important position in the security system, and it is the most effective way to solve potential security problems. In a sense, the security problem is to solve the problem of emergency response and exception handling.

Emergency strategy, emergency mechanism, emergency means, intrusion process analysis, security status assessment, etc.

7. Computer network architecture

Guess you like

Origin blog.csdn.net/dexi113/article/details/131396141
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com