Cyber Security refers to the protection of network system hardware, software and data in the system from damage, alteration, or leakage due to accidental or malicious reasons . The system can run continuously, reliably and normally , and network services cannot be compromised . Interrupt . (cyber: ['saɪbə], computer (network))
concept
Network security usually refers to the security of computer networks. In fact, it can also refer to the security of computer communication networks . A computer communication network is a system that interconnects several computers with independent functions through communication equipment and transmission media, and with the support of communication software, realizes the transmission and exchange of information between computers. Computer network refers to a system that uses communication means to connect a number of independent computer systems, terminal equipment and data equipment that are relatively scattered geographically for the purpose of sharing resources, and exchanges data under the control of protocols . The fundamental purpose of computer networks is resource sharing, and communication networks are the way to realize network resource sharing. Therefore, computer networks are safe, and the corresponding computer communication networks must also be safe, and should be able to realize information exchange and resource sharing for network users. In the following, network security refers to both computer network security and computer communication network security.
The basic meaning of safety: there is no objective threat and no subjective fear. That is, the object does not worry about its normal state being affected. Network security can be defined as: a network system is free from any threats and infringements and can normally realize resource sharing functions. In order for the network to realize the resource sharing function normally, we must first ensure that the network hardware and software can operate normally, and then ensure the security of data information exchange. As can be seen from the previous two sections, the abuse of resource sharing has led to network security problems. Therefore, the technical approach to network security is to implement restricted sharing.
relative concept
From the perspective of users (individuals or enterprises), they hope to:
(1) Personal information transmitted on the Internet (such as bank account numbers and Internet login passwords, etc.) cannot be discovered by others. This is the user's requirement for the confidentiality of information transmitted on the Internet .
(2) The information transmitted on the network has not been tampered with by others. This is the user's requirement for the integrity of the information transmitted on the network .
(3) The source of information sent on the network is real and not fake. This is the user’s identity authentication requirement for the communicating parties.
(4) The information sender acknowledges the information sent or a certain operation completed. This is an undeniable request made by the user to the information sender.
From the perspective of network operations and managers, they hope that the local information network will operate normally, provide services normally, and be free from attacks from outside the network. There will be no threats such as computer viruses, illegal access, denial of service, illegal occupation of network resources, and illegal control. . From the perspective of the security and confidentiality department, it hopes to filter and prevent illegal, harmful, and information involving national security or business secrets, to avoid leaking information about national security or business secrets through the Internet, and to avoid causing harm to society. , causing economic losses to the enterprise . From the perspective of social education and ideology, the spread of unhealthy content should be avoided and a positive online culture should be correctly guided .
Narrow interpretation
Network security has different interpretations in different application environments. For an operating system in the network, network security refers to the security of information processing and transmission. It includes the safe and reliable operation of hardware systems, the security of operating systems and application software, the security of database systems, and the protection of electromagnetic information leakage. Network security in a narrow sense focuses on the security of network transmission.
Broad interpretation
The security of network transmission is closely related to the content of the transmitted information. The security of information content is information security, including the confidentiality, authenticity and integrity of information.
Network security in a broad sense refers to the protection of network system hardware, software and information in the system . It includes the continuous, reliable and normal operation of the system, the uninterrupted network services, and the fact that the information in the system is not destroyed, changed or leaked due to accidental or malicious behavior.
The information security requirements refer to the fact that when communication networks provide people with information queries and network services, they ensure that the information of service objects is not subject to threats such as interception, theft, and tampering, so as to meet people's most basic security needs (such as confidentiality, availability, etc. ) characteristics. Network security focuses on the security of network transmission, while information security focuses on the security of the information itself. It can be seen that this is related to the object it protects.
Since the network is the carrier of information transmission, information security and network security are intrinsically linked. All information on the Internet must be closely related to network security. The meaning of information security includes not only the security of online information, but also the security of offline information. The network security we are talking about now mainly refers to network-oriented information security, or the security of online information.
Development status
With the rapid development of computer technology, information network has become an important guarantee for social development. A lot of it is sensitive information, even state secrets. Therefore, it will inevitably attract various man-made attacks from all over the world (such as information leakage, information theft, data tampering, data deletion, computer viruses, etc.). At the same time, network entities also have to withstand tests such as floods, fires, earthquakes, and electromagnetic radiation.
foreign
On February 4, 2012, the hacker group Anonymous released a 17-minute recording of a work call between the FBI and the Metropolitan Police in the United Kingdom on January 17. The main content was that the two parties discussed how to find evidence and arrest Anonymous, LulzSec, Antisec , CSL Security and other black hat hackers, in which sensitive content involving underage hackers is obscured.
The FBI has confirmed the authenticity of the call recording, and security researchers have begun to address vulnerabilities in the teleconferencing system.
On February 13, 2012, it was said that a series of government websites were attacked by the Anonymous organization, and the CIA official website was hacked for nine hours on Friday. This organization had previously intercepted a confidential telephone conversation between the London police and the FBI and subsequently uploaded it to the Internet.
domestic
In 2010, Google issued an announcement stating that it would consider withdrawing from the Chinese market. The announcement stated that an important reason for this decision was that Google was attacked by hackers.
On December 21, 2011, CSDN, a well-known domestic programmer website, was attacked by hackers. A large number of user databases were published on the Internet, and more than 6 million plain-text registered mailboxes were forced to go naked.
According to news on the afternoon of December 29, 2011, following the leakage of CSDN and Tianya community user data, the Internet industry is panicking. In the e-commerce field where user data is the most important, news of loopholes and user leaks are constantly coming out. Vulnerability reports The platform Wuyun released a vulnerability report yesterday saying that a large number of Alipay users were leaked and used for online marketing. The total amount leaked reached 15 million to 25 million. The leak time is unknown. It only contains the payment user's account number and no password. Companies that have been involved include JD.com, Alipay and Dangdang. JD.com and Alipay deny information leakage, while Dangdang said it has reported the case to the local police.
In the next two to three decades, the role of information warfare in military decision-making and operations will be significantly enhanced. Among the many decisive factors are the widespread use of new technologies such as the Internet, wireless broadband and radio frequency identification; the high cost and unpopularity of actual war; and the possibility that many information technologies can be used clandestinely to enable expert hackers to Able to repeatedly break into an opponent's computer network.
According to reports from NetEase, China Sou and other media, in order to safeguard national network security and protect the legitimate interests of Chinese users, my country is about to launch a network security review system. This system stipulates that important information technology products and services used by systems related to national security and public safety interests should pass network security review. The focus of the review is on the safety and controllability of the product, aiming to prevent product providers from taking advantage of the convenience of providing products to illegally control, interfere with, and interrupt user systems, and illegally collect, store, process and utilize user-related information. Products and services that do not meet safety requirements will not be used in China.
In February 2021, the selection of China's major cybersecurity events in 2020 was announced.
Increased technological dominance
In all fields, new technologies continue to surpass the previous state-of-the-art. Laptop computers and Internet-enabled mobile phones allow users to send and receive emails and browse the web 24 hours a day, 7 days a week.
Impact on information warfare and operations: The continuous strengthening of technological dominance is the fundamental basis of cyber warfare. Complex and often subtle technologies have increased the world's wealth and increased global efficiency. However, it also makes the world relatively fragile, because it is very difficult to maintain industry and support systems when unexpected events disrupt computer control and surveillance, and the likelihood of such disruptions is rapidly increasing. According to futurist scholar Joseph Coates, “An often overlooked aspect is the use of information technology by criminal organizations.” In 2015, the Mafia electronically eliminated a medium-sized company in Texas or Nebraska. All of the bank's records, then quietly visited the websites of several large financial services institutions and posted a simple message: "That's us - you could be the next target. Our desire is to protect you."
Futurist scholar Stephen Steele pointed out: "Cyber systems... are not simply information, but network culture. Multi-level coordinated cyber attacks will be able to simultaneously carry out large (national security systems), medium (local power grids), small Destruction on (car start) scale.”
communication technology lifestyle
Telecommunications are growing rapidly, largely due to email and other forms of high-tech communication. However, the "millennial generation" (the generation born between 1980 and 2000 - translation annotation) in most cases no longer uses email, preferring to use instant messaging and social networking sites to connect with peers. These and other new technologies are creating complex and widespread societies that are almost exactly like those in the real world.
Impact on Information Warfare and Operations: This is one of two or three trends that are key to giving Information Warfare and Operations their importance.
The damage may not be blatant, or it may be easy to spot. As production systems become increasingly open to direct input from customers, it becomes possible to modify the programs of computer-controlled machine tools to produce slightly off-spec products—or even modify the specifications themselves so that the product differences are never noticed. If you have enough imagination when making such tampering and carefully select the target, you can imagine that these products will successfully pass the inspection, but they will definitely fail the battlefield test, which will bring unimaginable military consequences.
Information technology and business management consultant Lawrence Vogel draws attention to cloud computing (third-party data hosting and service-oriented computing) and the use of Web 2.0 (social networking and interactivity). He said: "The cybersecurity implications associated with cloud computing, whether public or private, are worth noting. As more companies and governments adopt cloud computing, they become more vulnerable to breaches and cyberattacks. This may Resulting in the disruption of services and fast critical software application capabilities. In addition, as Facebook, blogs and other social networks are widely used in our personal lives, government organizations are also seeking similar capabilities to connect and interact with their stakeholders. Once the government allows With interactive and two-way communication on the Internet, the risk of cyberattacks will greatly increase."
The global economy is increasingly integrated
Key factors in this include the rise of multinational corporations, the weakening of national identity (for example, within the European Union), the development of the Internet, and the outsourcing of online work to low-wage countries.
Impact on information warfare and operations: The Internet, private networks, virtual private networks, and a variety of other technologies are connecting the earth into a complex "information space." A disruption in these near-infinite connections would inevitably wreak havoc on companies and even national economies.
research and development
(R&D) plays an increasingly important role in promoting global economic growth, and the total R&D expenditures in the United States have increased steadily over the past 30 years. Similar trends are seen in China, Japan, the European Union and Russia. Impact on information warfare and operations: This trend has contributed to the rate of technological advancement in recent decades. This is another key factor in the development of information warfare. The main product of R&D is not goods or technology, but information. Even the most confidential aspects of research results are typically stored on computers, transmitted through corporate intranets, and often over the Internet . This accessibility provides excellent targets for spies—whether industrial or military. Technological change accelerates with new generations of inventions and applications.
In the fast-developing design discipline, most of the latest knowledge that college students learn in their first year is outdated by the time they graduate. The design and sales cycle—idea, invent, innovate, imitate—is constantly shortening. In the 1940s, product cycles could last thirty or forty years. Today, lasting thirty or forty weeks is rare.
The reason is simple: about 80% of the scientists, engineers, technicians and doctors of the past are still alive today - exchanging ideas in real time on the Internet.
The development of machine intelligence will also have complex implications for cybersecurity. According to knowledge theorist and futurist scholar Bruce LaDuke: "Knowledge creation is a process that can be repeated by humans, and it is also a process that can be completely repeated by machines or in human-computer interaction systems." Artificial knowledge creation will usher in "wonders" point” rather than artificial intelligence, or artificial basic intelligence (or technological progress itself). Artificial intelligence can already be implemented by any computer, because intelligence is defined as knowledge that is stored and can be retrieved (either by a person or a computer). The latest adopters of (artificial knowledge creation) technology will drive an entire paradigm shift.
Security risks
1. The Internet is an open, uncontrolled network. Hackers often invade computer systems on the network, steal confidential data and privileges, destroy important data, or prevent system functions from fully functioning until they become paralyzed.
2. Data transmission on the Internet is based on TCP/IP communication protocols. These protocols lack security measures to prevent the information during transmission from being stolen.
3. Most communication services on the Internet are supported by the Unix operating system. The obvious security vulnerabilities in the Unix operating system will directly affect security services.
4. Electronic information stored, transmitted, and processed on computers does not yet have the envelope protection and signature sealing that traditional mail communications do. Whether the source and destination of the information are true, whether the content has been altered, whether it has been leaked, etc. are maintained by a gentleman's agreement in the service agreement supported by the application layer.
5. Emails can be read, misdirected, and forged. There are great dangers in using email to transmit important confidential information.
6. The spread of computer viruses through the Internet brings great harm to Internet users. Viruses can paralyze computers and computer network systems and cause data and file loss. Viruses can be spread on the Internet through public anonymous FTP file transfers, or through emails and email attachments.
Attack form
There are four main ways to interrupt, intercept, modify and forge.
1) Interruption targets availability, destroying system resources and making the network unavailable.
2) Interception uses confidentiality as the attack target, and unauthorized users gain access to system resources through some means.
3) Modification takes integrity as the attack target. Unauthorized users not only gain access but also modify the data.
4) Forgery targets integrity, and unauthorized users insert forged data into normally transmitted data.
solution
1. Intrusion detection system deployment
Intrusion detection capability is an important factor in measuring whether a defense system is complete and effective. A powerful and complete intrusion detection system can make up for the shortcomings of firewalls in relatively static defense . Conduct real-time detection of various behaviors from the external network and the campus network, promptly discover various possible attack attempts, and take corresponding measures. Specifically, the intrusion detection engine is connected to the central switch. The intrusion detection system integrates intrusion detection, network management and network monitoring functions. It can capture all data transmitted between internal and external networks in real time. It uses the built-in attack signature library and uses pattern matching and intelligent analysis methods to detect intrusions on the network. Behaviors and abnormal phenomena, and record relevant events in the database as a basis for network administrators’ subsequent analysis; if the situation is serious, the system can issue real-time alarms so that school administrators can take timely response measures.
2. Vulnerability scanning system
The most advanced vulnerability scanning system is used to regularly conduct security inspections on workstations, servers, switches, etc., and detailed and reliable security analysis reports are provided to system administrators based on the inspection results, which provides an important basis for improving the overall level of network security.
3.Deployment of online anti-virus products
In this network anti-virus program, we ultimately have to achieve one goal: to prevent virus infection, spread and outbreak in the entire local area network. In order to achieve this, we should take corresponding measures in places where viruses may be infected and spread throughout the network. anti-virus measures. At the same time, in order to effectively and quickly implement and manage the anti-virus system of the entire network, it should be able to realize remote installation, intelligent upgrade, remote alarm, centralized management, distributed killing and other functions.
Network information classification
Network communication has the characteristics of joint operation of the entire network. As far as communication is concerned, it consists of five major parts: transmission and exchange, network standards, protocols and coding, communication terminals, communication sources, and personnel. These five major parts will be subject to serious threats and attacks, and will become attack points for networks and information. In the network, ensuring information security is the core of network security. Information in the network can be divided into two categories: user information and network information.
User Info
In the network, user information mainly refers to user-oriented voice, data, images, text and various media library information. It generally includes the following types:
1) General public information: such as normal mass media information, public propaganda information, mass entertainment information, advertising information and other information that can be disclosed.
2) Personal privacy information: For example, if it is civilian information that is purely personal privacy, the legitimate rights and interests of users should be protected.
3) Intellectual property protection information: According to the scope of protection stipulated in Article 2 of the internationally signed "Convention Establishing the World Intellectual Property Organization", it should be protected by relevant laws.
4) Business information: including e-commerce, electronic finance, securities and taxation information. This kind of information contains a large amount of property and property and is an important target for criminal attacks. Necessary measures should be taken for security precautions.
5) Bad information: It mainly includes bad information involving politics, culture and ethics, and also includes boring or useless information called "information garbage". Certain measures should be taken to filter or remove this kind of information, and crack down on criminals and criminals in accordance with the law. criminal gang.
6) Offensive information: It involves various man-made malicious attack information, such as domestic and foreign "hacker" attacks, attacks by internal and external personnel, computer crimes and computer virus information. This kind of targeted attack information is very harmful, so security precautions should be focused on.
7) Confidential information: In accordance with relevant national regulations, determine the different confidentiality levels of information, such as secret level, confidential level and top secret level. This kind of information involves secret information in politics, economy, military, culture, diplomacy and other aspects. It is the focus of information security and effective measures must be taken to provide special protection.
Internet Information
In the network, network information is different from user information. It is information oriented to network operation . Network information is private information within the network. It only provides limited maintenance, control, detection and operation-level information to communications maintenance and management personnel, and its core parts are still not allowed to be accessed at will . In particular, it should be pointed out that the current threats and attacks on the network are not only to obtain important user confidential information and obtain maximum benefits, but also to directly target the network itself. In addition to attacks on network hardware, they can also attack network information. In severe cases, they can paralyze the network and even endanger national security. Network information mainly includes the following types:
1) Communication program information: Due to the complexity of the program and the diversity of programming, and it often exists in a form that is difficult for people to understand, it is easy to leave hidden defects, viruses, covert channels and implants in the communication program. attack information .
2) Operating system information: In complex large-scale communication equipment, a specialized operating system is often used as the interface program module between its hardware and software applications. It is the core control software of the communication system. Due to the incomplete security of some operating systems, potential intrusions may occur, such as illegal access, chaotic access control, incomplete intermediaries, and operating system defects.
3) Database information: In the database, there are both sensitive data and non-sensitive data. It is necessary to consider both security and openness and resource sharing. Therefore, the security of the database must not only protect the confidentiality of the data, but also ensure the integrity and availability of the data, that is, protect the physical and logical integrity of the data and the integrity of the elements under any circumstances. , including after catastrophic accidents, effective access can be provided.
4) Communication protocol information: A protocol is a series of orderly steps taken by two or more communication participants (including people, processes or entities) to complete a certain function, allowing the communication participants to complete the communication contact in a coordinated manner and achieve Mutual agreement for interconnection. Communication protocols are pre-designed, mutually agreed upon, unambiguous and complete. Many related protocols have been developed in various types of networks. For example, in confidential communication, encryption alone cannot guarantee the confidentiality of information. Only by encrypting correctly and ensuring the security of the protocol can the confidentiality of information be achieved. However, the incompleteness of the protocol will give attackers an opportunity to take advantage of it and cause serious consequences.
5) Signaling information of telecommunications network: In the network, the destruction of signaling information can lead to large-scale paralysis of the network. For the reliability and availability of the signaling network, the entire network should take necessary redundancy measures, as well as effective scheduling, management, and reorganization measures to ensure the integrity of the signaling information and prevent human or non-human tampering and destruction. Prevent active attacks and virus attacks on signaling information.
6) Timing information of digital synchronization network: my country's digital synchronization network adopts a fully synchronized network controlled by a distributed multi-regional reference clock (LPR). The LPR system consists of a rubidium clock plus two global positioning systems (GPS), or an integrated timing supply system BITS plus GPS. National first-class standard clocks (PRCs) were established in Beijing, Wuhan and Lanzhou, using cesium clock group timing as the backup benchmark and GPS as the main benchmark. In order to prevent GPS from failing or reducing reference accuracy during extraordinary periods, centralized detection, monitoring, maintenance and management should be strengthened to ensure the safe operation of the digital synchronization network.
7) Network management information: The network management system is a comprehensive management system involving network maintenance, operation and management information. It integrates highly automated information collection, transmission, processing and storage, and integrates performance management, fault management, configuration management, billing management and security management. It is of great significance for maximizing the use of network resources and ensuring network security. . Security management mainly includes system security management, security service management, security mechanism management, security event processing management, security audit management and security recovery management.
Main features
In the literature of the US National Information Infrastructure (NII), five attributes of security are clearly given: confidentiality, integrity, availability, controllability and non-repudiation. These five attributes apply to a wide range of areas such as education, entertainment, medical care, transportation, national security, power supply, and communications in the national information infrastructure.
Confidentiality
Cyber security solutions
The property that information is not disclosed to, or exploited by, unauthorized users, entities, or processes.
Confidentiality means that information in the network cannot be obtained and used by unauthorized entities (including users and processes, etc.). This information includes not only state secrets , but also business secrets and work secrets of enterprises and social groups , as well as personal information . When people apply the network, they naturally require the network to provide confidentiality services, and the confidential information includes both the information transmitted in the network and the information stored in the computer system. Just like telephone calls can be eavesdropped, information transmitted over the Internet can also be eavesdropped. The solution is to encrypt the transmitted information . The confidentiality of stored information is mainly achieved through access control, and different users have different permissions for different data.
integrity
Data cannot be changed without authorization. That is, the information remains unmodified, destroyed and lost during storage or transmission. Data integrity refers to ensuring that data and information on a computer system are in a complete and undamaged state, which means that the data will not be changed or lost due to intentional or unintentional events. In addition to the fact that the data itself cannot be destroyed, the integrity of the data also requires that the source of the data is correct and credible. That is to say, it is necessary to first verify that the data is authentic and credible, and then verify whether the data has been destroyed. The main factor that affects data integrity is deliberate destruction by humans, as well as damage to data caused by equipment failures, natural disasters and other factors.
Availability
Availability refers to the expected ability to use information or resources, that is, the characteristics that authorize entities or users to access and use the information as required. Simply put, it is to ensure that information can be used by authorized persons when needed and to prevent system denial of service due to subjective and objective factors. For example, denial of service in a network environment, damage to the normal operation of the network and related systems, etc. are all attacks on availability. Internet worms rely on large-scale replication and spread on the network, taking up a lot of CPU processing time, causing the system to become slower and slower, until the network collapses and users' normal data requests cannot be processed. This is a typical "denial of service" attack. Of course, data unavailability may also be caused by software defects, such as Microsoft Windows where defects are always discovered.
Controllability
Controllability refers to people’s ability to control the dissemination path, scope and content of information, that is, not allowing harmful content to be transmitted through the public network, so that information is under the effective control of legitimate users.
non-repudiation
Non-repudiation is also called non-repudiation. In the process of information exchange, the true identity of the participants must be ensured, that is, no participant can deny or repudiate the completed operations and commitments. Simply put, the party sending the information cannot deny sending the information, and the recipient of the information cannot deny receiving the information. The use of information source evidence can prevent the sender from denying that the information has been sent, and the use of receipt evidence can prevent the receiver from denying that it has received the information afterwards. Data signature technology is one of the important means to solve non-repudiation.
Market size
According to an international network security research report, the global network security market is expected to reach US$95.6 billion (approximately RMB 595.13 billion) in 2014, and in the next five years, the annual compound growth rate will reach 10.3%. By 2019, this data It is expected to hit US$155.74 billion (approximately RMB 969.51 billion). Among them, by 2019, the global wireless network security market will reach US$15.55 billion (approximately RMB 96.93 billion), with a compound annual growth rate of approximately 12.94%.
From an industry perspective, aerospace, defense and other fields will continue to be the main driving force in the cybersecurity market. In terms of regional revenue, North America will be the largest market. At the same time, the Asia-Pacific, Middle East and Africa regions are expected to show greater growth rates at certain times.
The report points out that the rapid popularity of cloud services, wireless communications, the increase in cybercrime in the public utility industry and the introduction of strict government regulatory measures are the main factors for the development of this market. As a result, the number of approved cybersecurity solutions will continue to increase in the future to protect against and combat advanced and sophisticated threats created by professional adversaries.
Additionally, cloud service providers and vertical industries such as energy, oil and gas will increase investment in cybersecurity solutions as cybercrimes gradually grow leading to the loss of financial assets and potentially harming the country's infrastructure and economy.
security analysis
The network analysis system is a network management solution that allows network managers to prescribe targeted remedies for various network security problems. It detects, analyzes and diagnoses all data transmitted in the network, helping users eliminate network accidents and avoid security risks. Improve network performance and increase network availability value.
physical security
The physical security of the network is the prerequisite for the security of the entire network system. In the construction of campus network projects, since the network system is a weak current project, the withstand voltage value is very low. Therefore, in the design and construction of network projects, priority must be given to protecting people and network equipment from electricity, fire, and lightning strikes; consider the relationship between the wiring system and lighting wires, power wires, communication lines, heating ducts, and hot and cold air ducts. distance between each other; consider the safety of the wiring system and insulated wires, bare wires, grounding and welding; a lightning protection system must be constructed. The lightning protection system not only considers the lightning protection of the building, but also considers the lightning protection of computers and other weak current and voltage-resistant equipment. Generally speaking, physical security risks mainly include environmental accidents such as earthquakes, floods, and fires; power failure; human operating errors or mistakes; equipment theft or destruction; electromagnetic interference; line interception; high-availability hardware; dual-machine multi-redundancy. The computer room environment and alarm system, security awareness, etc. should be paid attention to, and at the same time, we should try to avoid the physical security risks of the network.
Network structure
Network topology design also directly affects the security of the network system. When communicating between external and internal networks, the security of machines on the internal network is compromised, as well as affecting many other systems on the same network. Spreading through the network will also affect other networks connected to the Internet/Intranet; the impact may also involve security-sensitive fields such as law and finance. Therefore, when we design, it is necessary to isolate the public servers (WEB, DNS, EMAIL, etc.) from the external network and other internal business networks to avoid the leakage of network structure information; at the same time, we must also filter service requests from the external network. Only normal communication data packets are allowed to reach the corresponding host, and other request services should be rejected before reaching the host.
system security
The so-called system security refers to whether the entire network operating system and network hardware platform are reliable and trustworthy. I'm afraid there is no absolutely safe operating system to choose from. Whether it is Microsoft's Windows NT or any other commercial UNIX operating system, its developer must have its Back-Door. Therefore, we can conclude that there is no completely secure operating system. Different users should conduct detailed analysis of their networks from different aspects and choose an operating system with the highest possible security. Therefore, it is not only necessary to select the most reliable operating system and hardware platform possible, but also to configure the operating system safely. Moreover, the authentication of the login process must be strengthened (especially the authentication before reaching the server host) to ensure the legitimacy of the user; secondly, the operation permissions of the login should be strictly limited, and the operations completed by them should be limited to the minimum scope.
Application system security
The security of application systems is related to specific applications and covers a wide range of areas. The security of application systems is dynamic and constantly changing. Application security also involves information security, which includes many aspects.
——The security of application systems is dynamic and constantly changing.
Application security involves many aspects. Taking the most widely used email system on the Internet, its solutions include sendmail, Netscape Messaging Server, SoftwareCom Post.Office, Lotus Notes, Exchange Server, SUN CIMS, etc., and there are no less than 20 kinds of solutions. . Its security methods involve various methods such as LDAP, DES, and RSA. Application systems are constantly developing and application types are constantly increasing. Regarding the security of application systems, the main consideration is to establish as safe a system platform as possible, and to continuously discover and patch loopholes through professional security tools to improve system security.
——Application security involves the security of information and data.
Information security involves leakage of confidential information, unauthorized access, destruction of information integrity, counterfeiting, damage to system availability, etc. In some network systems, a lot of confidential information is involved. If some important information is stolen or destroyed, its economic, social and political impacts will be serious. Therefore, users must be authenticated when using computers, communication of important information must be authorized, and transmission must be encrypted. Use multi-level access control and permission control methods to achieve data security protection; use encryption technology to ensure the confidentiality and integrity of information transmitted online (including administrator passwords and accounts, uploaded information, etc.).
Manage risk
Management is the most important part of network security. Unclear responsibilities and rights, incomplete safety management systems and lack of operability may cause management safety risks. When an attack occurs on the network or the network is subject to other security threats (such as illegal operations by insiders, etc.), real-time detection, monitoring, reporting, and early warning cannot be performed. At the same time, when an accident occurs, it is impossible to provide tracking clues for hacker attacks and evidence for solving the case, that is, there is a lack of controllability and reviewability of the network. This requires us to conduct multi-level records of site access activities and detect illegal intrusions in a timely manner.
To establish a new network security mechanism, we must have a deep understanding of the network and be able to provide direct solutions. Therefore, the most feasible approach is to formulate a sound management system and combine it with strict management. It has become the top priority to ensure the safe operation of the network and make it an information network with good security, scalability and easy management. Once the above security risks become a reality, the damage to the entire network will be inestimable.
Main types
There are different types of network security due to different environments and applications. There are mainly the following types:
(1) System security
Operating system security means ensuring the security of information processing and transmission systems. It focuses on keeping the system functioning properly. Avoid damage and loss to messages stored, processed and transmitted by the system due to system crashes and damage. Avoid information leakage due to electromagnetic leakage, interfering with others or being interfered by others.
(2) Network information security
Security of system information on the network. Including user password authentication, user access rights control, data access rights and method control, security audit, security issue tracking, computer virus prevention, data encryption, etc.
(3) Information dissemination security
The security of information dissemination on the Internet refers to the security of the consequences of information dissemination, including information filtering, etc. It focuses on preventing and controlling the consequences of the dissemination of illegal and harmful information, and preventing the information that is freely transmitted on public networks from getting out of control.
(4) Information content security
Security of information content on the Internet. It focuses on protecting the confidentiality, authenticity and integrity of information. Prevent attackers from exploiting system security vulnerabilities to conduct eavesdropping, impersonation, fraud, and other behaviors that are detrimental to legitimate users. Its essence is to protect the interests and privacy of users.
Influencing factors
Natural disasters and accidents; computer crimes; human behavior, such as improper use, poor security awareness, etc.; "hacker" behavior: due to intrusion or intrusion by hackers, such as illegal access, denial of service computer viruses, illegal connections, etc.; internal leaks; external Leakage; information loss; electronic espionage, such as information traffic analysis, information theft, etc.; defects in network protocols, such as TCP/IP protocol security issues, etc.
Network security threats mainly include two categories: penetration threats and implantation threats .
-
Infiltration threats mainly include: counterfeiting, bypass control, and authorization infringement;
-
Implanted threats mainly include: Trojan horses and trap doors.
At present, there are several major hidden dangers in my country's network security. The factors affecting network security mainly include the following aspects.
(1) Network structural factors
There are three basic network topologies: star, bus and ring. Before a unit establishes its own intranet, each department may have built its own local area network, and the topology may be completely different. When building an intranet, in order to achieve information communication between heterogeneous networks, it is often necessary to sacrifice the setting and implementation of some security mechanisms, thus raising higher network openness requirements.
(2) Network protocol factors
When building an intranet, users will inevitably protect the original network infrastructure in order to save money. In addition, in order to survive, network companies have increasingly higher requirements for the compatibility of network protocols, so that the protocols of many manufacturers can be interconnected, compatible and communicate with each other. While this brings benefits to users and manufacturers, it also brings security risks. For example, harmful programs transmitted under one protocol can quickly spread throughout the entire network.
(3) Regional factors
Since an intranet can be either a LAN or a WAN (an intranet means that it is not a public network, but a private network), the network often spans intercity and even international. The geographical location is complex and the quality of communication lines is difficult to guarantee. This will cause damage and loss of information during transmission, and also create opportunities for some "hackers".
(4) User factors
Enterprises build their own intranets to speed up information exchange and better adapt to market needs. After establishment, the scope of users will definitely expand from corporate employees to customers and people who want to know about the company. The increase in users also poses a threat to the security of the network, because there may be commercial spies or "hackers" here.
(5) Host factors
When establishing an intranet, the original local area networks and stand-alone computers are interconnected, and the types of hosts are increased, such as workstations, servers, and even minicomputers, large and medium-sized computers. Since the operating systems and network operating systems they use are different, a vulnerability in a certain operating system (for example, some systems have one or several accounts without passwords) may cause major hidden dangers to the entire network.
(6) Unit safety policy
Practice has proven that 80% of security problems are caused within the network. Therefore, units must attach great importance to the security of their own intranets and must formulate a set of rules and regulations for security management.
(7) Personnel factors
The human factor is the weak link in security issues. It is necessary to provide necessary security education to users, select people with high professional ethics as network administrators, and formulate specific measures to improve security awareness.
(8) Others
Other factors, such as natural disasters, are also factors that affect network security.
Technical principles
Network security issues are related to the in-depth development of future network applications. It involves security policies, mobile codes, instruction protection, cryptography, operating systems, software engineering, and network security management. Generally, "firewall" technology is mainly used to isolate the private intranet from the public Internet.
"Firewall" is a figurative term. In fact, it is a combination of computer hardware and software that establishes a security gateway between the Internet and the intranet, thereby protecting the intranet from intrusion by illegal users.
What can complete the "firewall" work can be a simple hidden router. If this "firewall" is an ordinary router, it can only play an isolation role. Covert routers can also block inter-network or inter-host communication at the Internet protocol port level, playing a certain filtering role. Since the hidden router only makes some modifications to the parameters of the router, some people do not classify it as a "firewall" level measure.
There are two types of "firewalls" in the true sense. One is called a standard "firewall"; the other is called a dual-home gateway. A standard "firewall" system consists of a Unix workstation buffered by a router on either end. One router's interface is to the outside world, the public network, while the other is connected to the internal network. Standard "firewalls" use specialized software, require a high level of management, and have a certain delay in information transmission. The dual-home gateway is an expansion of the standard "firewall". Dual-home gateway is also called a bastion host or application layer gateway. It is a single system, but it can complete all the functions of a standard "firewall" at the same time. The advantage is that it can run more complex applications while preventing any direct connection between the Internet and internal systems, ensuring that packets cannot directly reach the internal network from the external network and vice versa.
With the advancement of "firewall" technology, two "firewall" configurations have evolved based on dual-home gateways, one is a hidden host gateway, and the other is a hidden smart gateway (hidden subnet). Covert host gateways may currently be a common "firewall" configuration. As the name suggests, this configuration hides the router on the one hand and installs a bastion host between the Internet and the intranet on the other. The bastion host is installed on the intranet. Through the configuration of the router, the bastion host becomes the only system for communication between the intranet and the Internet. Currently, the “firewall” with the most complex technology and the highest security level is the hidden intelligent gateway. The so-called hidden smart gateway hides the gateway behind the public system. It is the only system that Internet users can see. All Internet functions are performed through this protection software hidden behind the public system. Generally speaking, this kind of "firewall" is the least likely to be breached.
Security technology used in conjunction with "firewalls" is also data encryption technology. Data encryption technology is one of the main technical means used to improve the security and confidentiality of information systems and data and prevent secret data from being destroyed by the outside. With the development of information technology, network security and information confidentiality have attracted increasing attention. In addition to strengthening data security protection from a legal and management perspective, countries have also taken technical measures in both software and hardware to promote the continuous development of data encryption technology and physical prevention technology. According to different functions, data encryption technology is mainly divided into four types: data transmission, data storage, data integrity identification and key management technology.
Another technology closely related to data encryption technology is smart card technology. The so-called smart card is a medium of keys, generally like a credit card, held by an authorized user and given a password or password by the user. This password is the same as the password registered on the internal network server. When passwords and identity features are used together, the confidentiality performance of smart cards is quite effective.
These network security and data protection precautions have certain limits, and the safer they are, the more reliable they are. Therefore, when looking at whether an intranet is safe, we must not only consider its means, but more importantly, the various measures taken on the network, including not only physical precautions, but also other "soft" factors such as personnel quality, comprehensive Evaluate and conclude whether it is safe.
Precaution
Cyber security measures
Computer network security measures mainly include three aspects: protecting network security, protecting application service security, and protecting system security. Each aspect must consider physical security, firewalls, information security, Web security, media security, etc. for security protection.
(1) Protect network security.
Network security is to protect the security of the communication process between network-side systems of business parties. Ensuring confidentiality, integrity, authentication and access control are important factors in network security. The main measures to protect network security are as follows:
(1) Comprehensively plan the security strategy of the network platform.
(2) Develop network security management measures.
(3) Use a firewall.
(4) Record all activities on the Internet as much as possible.
(5) Pay attention to the physical protection of network equipment.
(6) Test the vulnerability of the network platform system.
(7) Establish a reliable identification and identification mechanism.
(2) Protect application security.
Protecting application security is mainly a security protection measure established for specific applications (such as Web servers and online payment-specific software systems). It is independent of any other security protection measures on the network. Although some protective measures may be a substitute or overlap of network security services, such as the encryption of network payment and settlement information packets by web browsers and web servers at the application layer, which are encrypted through the IP layer, many applications also have their own specific Security requirements.
Since the application layer in e-commerce has the most stringent and complex security requirements, it is more likely to adopt various security measures at the application layer rather than at the network layer.
Although security at the network layer still has its specific place, people cannot rely solely on it to solve the security of e-commerce applications. Security services at the application layer can involve the security of applications such as authentication, access control, confidentiality, data integrity, non-repudiation, Web security, EDI and network payment.
(3) Protect system security.
Protecting system security refers to security protection from the perspective of the overall e-commerce system or online payment system. It is interrelated with the network system hardware platform, operating system, various application software, etc. System security involving online payment and settlement includes the following measures:
(1) Check and confirm unknown security vulnerabilities in installed software, such as browser software, e-wallet software, payment gateway software, etc.
(2) The combination of technology and management ensures that the system has minimal penetration risk. Connection is allowed only after passing multiple authentications, all access data must be audited, and system users must be strictly security managed.
(3) Establish detailed security audit logs to detect and track intrusion attacks, etc.
Business measures
Business transaction security closely focuses on various security issues that arise when traditional commerce is applied on the Internet. On the basis of computer network security, how to ensure the smooth progress of the e-commerce process.
Various business transaction security services are implemented through security technology, mainly including encryption technology, authentication technology and e-commerce security protocols.
(1) Encryption technology.
Encryption technology is a basic security measure adopted in e-commerce, and both parties to the transaction can use it during the information exchange stage as needed. Encryption technology is divided into two categories, namely symmetric encryption and asymmetric encryption.
(1) Symmetric encryption.
Symmetric encryption, also known as private key encryption, means that the sender and receiver of information use the same key to encrypt and decrypt data. Its biggest advantage is that it has fast encryption/decryption speed and is suitable for encrypting large amounts of data, but key management is difficult. Confidentiality and message integrity can be achieved by encrypting confidential information and sending a message digest or message hash with the message if the communicating parties can ensure that the private key has not been compromised during the key exchange phase. value to achieve.
(2) Asymmetric encryption.
Asymmetric encryption, also known as public key encryption, uses a pair of keys to complete encryption and decryption operations respectively, one of which is publicly released (i.e., the public key), and the other is kept secretly by the user (i.e., the private key). The process of information exchange is: Party A generates a pair of keys and discloses one of them as a public key to other trading parties. Party B, who obtains the public key, uses the key to encrypt the information and then sends it to Party A. The party then uses its own private key to decrypt the encrypted information.
(2) Certification technology.
Authentication technology is a technology that uses electronic means to prove the identity of the sender and receiver and the integrity of their files, that is, to confirm that the identity information of both parties has not been tampered with during transmission or storage.
(1) Digital signature.
Digital signatures, also called electronic signatures, can authenticate, approve and validate electronic documents just like presenting a handwritten signature. The implementation method is to combine the hash function and the public key algorithm. The sender generates a hash value from the message text and encrypts the hash value with its own private key to form the sender's digital signature; then , send this digital signature as an attachment to the message together with the message to the recipient of the message; the recipient of the message first calculates the hash value from the received original message, and then uses the sender’s public secret key to decrypt the digital signature attached to the message; if the two hash values are the same, the receiver can confirm that the digital signature belongs to the sender. The digital signature mechanism provides an identification method to solve problems such as forgery, denial, impersonation, and tampering.
(2) Digital certificate.
A digital certificate is a file containing public key owner information and a public key digitally signed by a certificate authority. The main components of a digital certificate include a user public key, plus the user identity identifier of the key owner, and a trusted Third-party signing Third parties are generally certificate authorities (CAs) trusted by users, such as government departments and financial institutions. The user submits his public key to a public key certificate authority in a secure manner and obtains a certificate, and then the user can make the certificate public. Anyone who needs the user's public key can obtain this certificate and verify the validity of the public key through the associated trust signature. Digital certificates provide a way to verify the identity of each party through a series of data that marks the identity information of the parties to the transaction. Users can use it to identify the identity of the other party.
(3) Security protocols for e-commerce.
In addition to the various security technologies mentioned above, there is also a complete set of security protocols for the operation of e-commerce. More mature protocols include SET, SSL, etc.
(1) Secure Socket Layer Protocol SSL.
The SSL protocol is located between the transport layer and the application layer and consists of the SSL record protocol, the SSL handshake protocol and the SSL alert protocol. The SSL handshake protocol is used to establish a security mechanism before the client and server actually transmit application layer data. When the client and the server communicate for the first time, the two parties reach an agreement on the version number, key exchange algorithm, data encryption algorithm and Hash algorithm through the handshake protocol, then verify each other's identity, and finally use the negotiated key exchange algorithm to generate a Only the two parties know the secret information. The client and the server each generate data encryption algorithm and Hash algorithm parameters based on this secret information. The SSL record protocol encrypts, compresses, and calculates the message authentication code MAC based on the parameters negotiated by the SSL handshake protocol, and then sends it to the other party through the network transport layer. The SSL alert protocol is used to communicate SSL error messages between clients and servers.
(2) Secure electronic transaction protocol SET.
The SET protocol is used to divide and define the rights and obligations between consumers, online merchants, banks and credit card organizations in e-commerce activities, and to provide transaction information transmission process standards. SET mainly consists of three files, namely SET business description, SET programmer's guide and SET protocol description. The SET protocol ensures the confidentiality of the e-commerce system, data integrity, and identity legitimacy.
The SET protocol is specially designed for e-commerce systems. It is located at the application layer, and its certification system is very complete and can achieve multi-party certification. In SET's implementation, consumer account information is kept confidential from merchants. However, the SET protocol is very complex. Transaction data requires multiple verifications, multiple keys, and multiple encryption and decryption. Moreover, in the SET protocol, in addition to consumers and merchants, there are other participants such as card issuers, acquirers, certification centers, and payment gateways.
safety technology
1) Physical measures: For example, protect key network equipment (such as switches, mainframe computers, etc.), formulate strict network security rules and regulations, and take measures such as radiation protection, fire prevention, and the installation of uninterruptible power supplies (UPS).
2) Access control: Strictly authenticate and control users' permissions to access network resources. For example, perform user identity authentication, encrypt, update and authenticate passwords, set permissions for users to access directories and files, control permissions for network device configuration, etc.
3) Data encryption: Encryption is an important means to protect data security. The function of encryption is to ensure that people cannot understand the meaning of information after it is intercepted. To prevent computer network viruses, install a network anti-virus system.
4) Network isolation: There are two ways of network isolation, one is achieved by using isolation card, and the other is achieved by using network security isolation gate.
5) The isolation card is mainly used to isolate a single machine, and the gatekeeper is mainly used to isolate the entire network.
6) Other measures: Other measures include information filtering, fault tolerance, data mirroring, data backup and auditing, etc. Many solutions have been proposed around network security issues, such as data encryption technology and firewall technology. Data encryption is to encrypt the data transmitted in the network, and then decrypt it and restore it to the original data after reaching the destination. The purpose is to prevent illegal users from intercepting and stealing the information. Firewall technology controls network access by isolating the network and restricting access.
precautionary awareness
Having network security awareness is an important prerequisite for ensuring network security. The occurrence of many network security incidents is related to the lack of security awareness.
1. Host security check
To ensure network security and build network security, the first step is to comprehensively understand the system, evaluate system security, and recognize your own risks, so as to quickly and accurately solve intranet security problems. The first domestic innovative automatic host security inspection tool independently developed by Antiy Laboratories completely subverts the cumbersome operation of traditional system confidentiality inspection and system risk assessment tools. It can conduct a comprehensive security and confidentiality inspection of intranet computers with one click. and accurate security level determination, and conduct powerful analysis, processing and repair of the evaluation system.
2. Host physical security
The physical security environment in which the server runs is very important and many people overlook this. The physical environment mainly refers to the facility conditions of the server hosting computer room, including the ventilation system, power supply system, lightning protection and fire protection system, as well as the temperature and humidity conditions of the computer room, etc. These factors affect the life of the server and the security of all data. I don't want to discuss these factors here because you will make your own decision when choosing an IDC.
What is emphasized here is that some computer rooms provide special cabinets to store servers, while some computer rooms only provide racks. The so-called cabinet is an iron cabinet similar to the cabinets at home. There are doors on the front and back, and there are trailers, power supplies, fans, etc. for the servers. The door is locked after the server is put in. Only the manager of the computer room has the key to open it. The rack is an open iron frame. When the server is put on the rack, you only need to insert it into the rack. There is a big difference in the physical security of servers between these two environments. It is obvious that servers placed in cabinets are much safer.
If your servers are placed in an open rack, that means anyone can access them. If others can easily access your hardware, what security is there?
If your server can only be placed in an open rack computer room, then you can do this:
(1) Bind the power supply to the slot with tape to prevent others from accidentally touching your power supply.
(2) After installing the system, restart the server and unplug the keyboard and mouse during the restart process. In this way, after the system starts, the ordinary keyboard and mouse will not work after being connected (except USB mouse and keyboard).
(3) Establish a good relationship with the personnel on duty in the computer room, and do not offend the maintenance personnel of other companies in the computer room. By doing this, your server will be at least a little more secure.
main products
Driven by the booming development of the network equipment and network application markets, the network security market has ushered in a period of rapid development. On the one hand, with the extension of the network, the scale of the network has expanded rapidly, and security issues have become increasingly complex. The construction of manageable, controllable, A trusted network is also a prerequisite for further promoting the development of network applications; on the other hand, as the services carried by the network become increasingly complex, ensuring application layer security is a new direction for the development of network security.
With the rapid development of network technology, the original single-point and superimposed protection methods against network threats are no longer able to effectively defend against increasingly serious hybrid security threats. Building an overall security system with local security, global security, and intelligent security to provide users with a multi-level, all-round three-dimensional protection system has become a new concept in information security construction. Under this concept, network security products will undergo a series of changes.
Combined with actual application needs and under the guidance of new network security concepts, network security solutions are developing in the following directions:
1. Active defense goes to market
The concept of active defense has been developed for some years, but there have been various obstacles in moving from theory to application. Active defense mainly analyzes and scans the behavior of specified programs or threads, and determines whether it is a dangerous program or virus based on preset rules, so as to perform defense or removal operations. However, the most important factor in developing from active defense concepts to products is the issue of intelligence. Since computers are created under a series of rules, how to discover, judge, detect threats and proactively defend them has become the biggest obstacle for the active defense concept to enter the market.
Since active defense can improve the execution efficiency of security policies and play a positive role in promoting network security construction for enterprises, although its products are not yet perfect, with the advancement of technology in the next few years, automatic program monitoring, automatic program analysis, and program Active defense products with automatic diagnosis as their main function will be combined with traditional network security equipment. Especially with the development of technology, active defense products that can effectively and accurately deal with malicious attacks such as viruses, worms, and Trojans will gradually mature and be introduced to the market. It will become an inevitable trend for active defense technology to enter the market.
2. Security technology integration attracts much attention
With the rapid development of network technology and the rapid increase in network penetration, the potential threats faced by the network are also increasing. A single protection product can no longer meet the needs of the market. The development of overall network security solutions has become an inevitable trend, and users have increasingly urgent needs for pragmatic and effective overall security solutions. Overall security solutions require products to be more integrated, intelligent, and easy to manage centrally. In the next few years, the development of overall network security solutions will become an important means of differentiated competition for major manufacturers. Combining software and hardware, management strategies are integrated into an overall security solution.
Facing increasingly larger and more complex networks, relying solely on traditional network security equipment to ensure the security and smoothness of the network layer can no longer meet the manageability and controllability requirements of the network. Therefore, the network represented by terminal access solutions Management software is beginning to integrate into overall security solutions. The terminal access solution starts by controlling the safe access of user terminals to the network, enforces user security policies on access user terminals, and strictly controls terminal network usage behavior, providing effective guarantee for network security and helping users achieve more proactive security protection. Achieve efficient and convenient network management goals and comprehensively promote the construction of the overall network security system.
3. Data security protection system
The data security protection system is a product independently developed by Guangdong Southern Information Security Industry Base Company based on the national important information system security level protection standards and regulations, as well as the company's digital intellectual property protection needs. It is designed with the organic combination of comprehensive data file security policy, encryption and decryption technology, and mandatory access control to implement different security levels of control over various data assets on the information media, effectively preventing leakage and theft of confidential information.
Relevant regulations and ethics
Information security laws and regulations
In order to promote and standardize the management of information construction and protect the healthy and orderly development of information construction, our government has formulated a series of laws and regulations based on the actual situation of information construction.
In March 1997, the Fifth Session of the Eighth National People's Congress of the People's Republic of China revised the Criminal Law of the People's Republic of China. The specific embodiments of the crime of illegal intrusion into computer information systems and the crime of damaging computer information systems are clearly stipulated.
In February 1994, the State Council promulgated the "Computer Information System Security Protection Regulations of the People's Republic of China", which mainly include the concept of computer information systems, the content of security protection, information system security authorities and security protection systems, etc.
In February 1996, the State Council promulgated the "Interim Regulations of the People's Republic of China on the Management of Computer Information Networks", which reflects the country's principles of overall planning, unified standards, hierarchical management, and promotion of development for international networking.
In December 1997, the State Council promulgated the "Measures for the Administration of Security Protection of International Networking of Computer Information Networks of the People's Republic of China" to strengthen the security protection of international networking.
In June 1991, the State Council promulgated the "Regulations of the People's Republic of China on the Protection of Computer Software" to strengthen the protection of software copyrights.
In June 2017, the State Council promulgated the "Cybersecurity Law of the People's Republic of China", which is my country's first basic law that comprehensively regulates cyberspace security management issues.
On November 20, 2019, the Cyberspace Administration of China publicly solicited public opinions on the "Management Measures for the Release of Cybersecurity Threat Information (Draft for Comment)" to regulate the release of cybersecurity threat information.
On June 1, 2020, the "Cybersecurity Review Measures" jointly issued by 12 departments including the Cyberspace Administration of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, and the Ministry of Public Security will be implemented from June 1.
In January 2022, 13 departments including the Cyberspace Administration of China revised and issued the "Cybersecurity Review Measures" (hereinafter referred to as the "Measures"), including situations where network platform operators carry out data processing activities that affect or may affect national security into network security review , and clarified that network platform operators who have personal information of more than 1 million users before listing abroad must apply for a network security review to the Cybersecurity Review Office.
Internet ethics
Computer network is a "double-edged sword". It brings great convenience to our work, study and life, and people can get a lot of knowledge and wealth from it. However, if used incorrectly, it can also cause harm to young people, mainly reflected in Internet rumors, Internet fraud, Internet crimes, etc. So, what exactly should you do when surfing the Internet? What not to do? Please see the following examples:
Case 1: A Shanxi netizen spread rumors about an earthquake and spread them widely on social media. He was detained administratively for 5 days.
Case 2: Li from Wuhan wrote the "Panda Burning Incense" virus and spread it online, earning huge amounts of money. Li was convicted of "destroying computer information systems" and sentenced to 4 years in prison. According to the National Youth Internet Civilization Convention and the Internet Security Law, specific online behaviors and Internet ethics are clearly stipulated.
(1) These can be done
① Report behaviors that endanger network security to the cybersecurity, telecommunications, public security and other departments.
② If it is discovered that a network operator collects and uses personal information in violation of laws, administrative regulations or the agreement between the two parties, it has the right to require the network operator to delete its personal information; if it is discovered that the personal information collected and stored by the network operator is incorrect, The right to require network operators to make corrections.
(2) These cannot be done
① You must not endanger network security, and you must not use the Internet to endanger national security, honor and interests, incite subversion of national power, overthrow the socialist system, incite secession, undermine national unity, promote terrorism, extremism, promote ethnic hatred and ethnic discrimination, Activities such as spreading violent, obscene and pornographic information, fabricating and disseminating false information to disrupt economic and social order, and infringing on others' reputation, privacy, intellectual property rights and other legitimate rights and interests.
② Do not steal or obtain personal information through other illegal means, and do not illegally sell or illegally provide personal information to others.
③ Websites or communication groups that are used to commit fraud, teach criminal methods, produce or sell prohibited items, controlled items, and other illegal and criminal activities are not allowed. You are not allowed to use the Internet to publish information related to committing fraud, making or selling prohibited items, controlled items, and other illegal activities. Information on criminal activity.
④ You are not allowed to engage in activities that endanger network security, such as illegally intruding into other people's networks, interfering with the normal functions of other people's networks, stealing network data, etc.; You are not allowed to provide information specifically designed to engage in activities that endanger network security, such as intruding into the network, interfering with normal network functions and protective measures, stealing network data, etc. Programs and tools; if you know that others are engaged in activities that endanger network security, you are not allowed to provide them with technical support, advertising promotion, payment and settlement and other assistance.
⑤ The electronic information sent and the application software provided must not be installed with malicious programs, and must not contain information that is prohibited from being released or transmitted by laws and administrative regulations.
Reprinted from: Baidu Encyclopedia-Verification