Information security technology - (1) Introduction

1. Basic concepts of information security

The ability of information systems to withstand unexpected events or malicious actions that would compromise the availability, confidentiality, integrity, non-repudiation, authenticity and accountability of the data stored, processed or transmitted or the services provided by these systems. control .

• Confidentiality : The characteristic that ensures that information can be used by authorized persons without being leaked to unauthorized persons; that is, unauthorized persons cannot see or understand the information. For example, if you are paying for something on Taobao, you don’t want to reveal your ID card and bank card password.
• Integrity : refers to the characteristics of information that during the process of transmission, exchange, storage and processing, the information is not damaged or modified, is not lost, and the information cannot be changed without authorization.
• Non-repudiation : refers to the characteristic that ensures that information actors cannot deny their actions. For example, avoid not paying after buying something online.
• Authenticity : The characteristic of judging the source of information and being able to identify information from forged sources. If the source of the email is not a forged email.
• Controllability : The characteristic by which authorized entities can control information systems and the use of information.
• Availability : Ensure that information and information systems are available to authorized persons at any time, and avoid denial of service to authorized persons and abuse by unauthorized persons.

2. The development history of information security

3. Information security threats and needs

3.1 Information security threats:

It refers to the possible harm caused by factors such as persons, objects, events, methods or concepts to the safe use of an information resource or system.

3.2 Information security threat subdivisions

1. information leakage
   • Eavesdropping
     Thousands of MikroTik routers are used as network eavesdropping tools. Researchers from Qihoo 360 Network Laboratory, a Chinese network security team, have discovered network security vulnerabilities in 370,000 MikroTik routers. 7,500 of them have been maliciously turned on the Socks4 proxy function, allowing hackers to target them since mid-July. Eavesdropping on data traffic through MikroTik routers.
   • When intercepting
     WIFI with a password, the WIFI password will generate a temporary session key. This temporary session key can be used to encrypt the session content. For example, when browsing the web, use a password-protected WIFI. After connecting, the web traffic you browse is encrypted, so it is safer. There are many problems with open WIFI without a password, so try not to use it. Passwordless WIFI in public places has the following security risks:
     1. Generally, there is no online recording function and real-name Internet access. Once a cybercrime occurs, the perpetrator cannot be found, only the WiFi provider; 2.
     Various management ports are not closed , it is easy for hackers to enter the main router, tamper with DSN server information, and hijack the router;
     3. If the free WIFI is maliciously set up by hackers, personal information and passwords on the mobile phone can be stolen in a very short time (including online banking passwords, stock trading account passwords, credit card password, etc.).
   • Side-channel attack
     is an attack mode that uses information signals (such as power consumption, electromagnetic radiation, computer hardware running sound) inadvertently released by computers to decipher: for example, hackers can use the electromagnetic signals generated by computer displays or hard drives to Radiation, to read the screen you display and the file information in the disk; or monitor your computer by using computer components to consume different amounts of power when executing certain programs; or, just by tapping the keyboard You can know your account number and password just by clicking.
2. Tampering
   Phishing websites are fake websites that deceive users. The pages of "phishing websites" are basically the same as the real website interface, deceiving consumers or stealing the account and password information submitted by visitors. Phishing websites generally have only one or a few pages, and are slightly different from real websites. Phishing websites are the most common form of fraud on the Internet. They are usually websites disguised as banks and e-commerce, and steal private information such as bank account numbers and passwords submitted by users.
3. replay
   • What is a replay attack?
     Repeated session requests are replay attacks. It may be because the user repeatedly initiated the request, or it may be because the request was obtained by the attacker and then resent to the server.
   • The harm of replay attacks is
     that the request is obtained by the attacker and resent to the authentication server to achieve the purpose of passing the authentication.
   • Defense against replay attacks
     Timestamp verification. When requesting, add the client's current timestamp and sign it at the same time (the signature is to prevent the session from being hijacked and the timestamp being modified). The server will judge the request timestamp. If it exceeds 5 minutes, it will be considered a replay attack and the request will be invalid.
   • Fake
     1.Ctrl+alt+delete custom account login, the user name Administrator can directly log in to the super account, and then delete the user account, and the computer will be controlled;
     2. It is recommended to disable the default administrator account in the Windows system, or disable remote control permissions ;
     3. The Guest account on the Windows system must be disabled, and network sharing must be
     authenticated by user name and password;
     4. For accounts used daily, it is recommended to create an account yourself, and the password should meet the complexity requirements (more than 8 digits, including Uppercase and lowercase letters, numbers, try to be as irregular and random as possible).
4. Deny
   the B2B field. When companies sign electronic contracts and electronic customs declaration fields, if the electronic stamp (a string of passwords) is deciphered, the contract will be revised and a new electronic stamp will be generated.
5. Unauthorized use.
   I forgot to lock the phone screen and was hit by someone else.

4. Information security technology system

4.1 Core basic security technology

1. Cryptographic technology
   Design and analysis technology of cryptographic algorithms and cryptographic protocols
2. Information Hiding Technology
   In order to prevent movie piracy, every blockbuster imported from Hollywood has "hidden secrets". When introducing blockbusters into the country, the "video watermark" technology approved by Hollywood must be used. This watermark is invisible to the naked eye and cannot be deleted or modified. Copyright parties can trace the source of pirated films based on the watermark.

4.2 Security infrastructure technology

1. Identification and authentication technology
   • Identify and authenticate entities
   • Authorization and access control
     In order for legitimate users to use the information system normally, authenticated users need to be granted corresponding operating permissions. This process is called authorization.
2. Infrastructure security technology
   • Host system security technology
     Security protection technology for operating systems and database systems.
     
     1. The process Svchost.exe is actually a service host. It itself cannot provide any services to users, but it can be used to run the dynamic link library DLL file to start the corresponding service. The Svchost.exe process can start multiple services at the same time.
     2. Since the Svchost process can start various services, viruses and Trojans often disguise themselves as system DLL files, causing Svchost to call them, thereby entering the memory to run, infect and control the computer.
     3. The normal Svchost file should exist in the "c:\Windows\system32" directory. If you find that its execution path is in another directory, it may be infected with a virus or Trojan horse and should be detected and processed immediately.
   • Network system security technology
3. Apply security technology
   • Network and system attack technology
   • Network and system security protection and emergency response technology
     1. Firewall
     2. Emergency recovery
     3. Intrusion detection IDS
     4. Honeypot technology: Honeypot technology is essentially a technology that deceives attackers by arranging some hosts as bait , network services or information, inducing the attacker to attack them, so that the attack behavior can be captured and analyzed, the tools and methods used by the attacker can be understood, the attack intention and motivation can be speculated, and the defender can clearly understand what they are doing. Face the security threats and enhance the security protection capabilities of the actual system through technical and management means.
   • Security audit and responsibility identification technology
   • Malicious code detection and prevention technology
   • content security technology
4. Support security technology
   • The information security assurance technical framework
     defines the process of information security assurance for a system, as well as the security requirements for the hardware and software components in the system. Following these requirements can implement in-depth defense of the information infrastructure.
   • Information security evaluation and management technology

5. Information security model in network environment