1. What is a firewall? What is a bastion host? What is a DMZ?
A firewall is a system or group of systems that enforces access control policies between two networks.
A bastion host is a computer on a network that is configured with security precautions. The bastion host provides a blocking point for communication between networks. It can also be said that without a bastion host, networks will not be able to access each other.
The DMZ becomes the demilitarized zone or ceasefire zone, which is a subnet added between the internal network and the external network.
2. What is the essence of network security?
Network security is essentially information security on the Internet.
Information security is the protection of the confidentiality, integrity, and availability of information, including physical security, network system security, data security, information content security, and information infrastructure equipment security.
3. What are the categories of threats faced by computer network security? From a human perspective, what are the factors that threaten network security?
Answer: The threats faced by computer network security can be mainly divided into two categories: one is the threat to the information in the network, and the other is the threat to the equipment in the network. Considering human factors, factors affecting network security include:
(1) Human unintentional errors.
(2) Man-made malicious attacks. One is active attack and the other is passive attack.
(3) Network software vulnerabilities and “backdoors”.
4. What content does network attack and defense include respectively?
Network attacks: network scanning, monitoring, intrusion, backdoors, stealth;
Network defense: operating system security configuration, encryption technology, firewall technology, and intrusion detection technology.
5. Analyze the TCP/IP protocol and explain possible threats and defense methods at each layer.
Network layer: IP spoofing attacks, protective measures; firewall filtering, patching;
Transport layer: Application layer: mail bombs, viruses, Trojans, etc. Defense methods: authentication, virus scanning, security education, etc.
6. Please analyze the hierarchy of network security
From a hierarchical system, network security can be divided into four levels of security: physical security, logical security, operating system security and network security.
7. Please analyze the hierarchy of information security
Information security can be generally divided into five levels: secure cryptographic algorithms, security protocols, network security, system security and application security.
8. Briefly describe the principle of port scanning technology
Port scanning sends detection packets to the TCP/IP service port of the target host and records the response of the target host. By analyzing the response to determine whether the service port is open or closed, you can know the services or information provided by the port. Port scanning can monitor the operation of the local host by capturing the incoming/outgoing IP packets of the local host or server. Port scanning can only analyze the received data and help us discover some inherent weaknesses of the target host, but does not provide detailed steps to enter a system.
9. What is the principle of buffer overflow attack?
Buffer overflow attack is a systematic attack method that writes content beyond the length of the buffer of the program, causing the buffer to overflow, thus destroying the stack of the program and causing the program to execute other instructions to achieve the purpose of the attack. .
The most common method of buffer overflow attack is to cause the buffer overflow of a special program to execute a shell. Advanced commands can be executed through the permissions of the shell. If this special program has system permissions, a successful attacker can obtain a shell with shell permissions and control the program.
10. List three types of backdoor programs and explain their principles and defense methods.
(1) Start the TELNET service remotely. Defense method: Pay attention to the supervision of open services;
(2) Establish WEB and TELNET services. Defense method: Pay attention to monitoring the opened services;
(3) Let the disabled GUEST user have administrative rights. Defense method: Monitor the system registry.
11. Briefly describe the steps of a successful attack?
Hide IP - scan sites - gain system or administrator rights - plant backdoors - become invisible on the network.
12. Briefly describe the principle of SQL injection vulnerability
Use malicious SQL statements (WEB lacks identification of SQL statements) to achieve attacks on the backend database .
13. Analyze existing problems in vulnerability scanning and how to solve them
(1) There are limitations in the system configuration rule base.
If the design of the rule base is inaccurate, the accuracy of the forecast will be out of the question;
It is arranged and planned based on known security vulnerabilities, and many dangerous threats to network systems do come from unknown vulnerabilities. In this way, if the rule base is not updated in time, the forecast accuracy will be reduced accordingly;
Improvement suggestions: The system configuration rule base should be continuously expanded and corrected. This is the expansion and correction of the system vulnerability library. This will still require expert guidance and participation to achieve at present.
(2) Vulnerability database information requirements
Vulnerability library information is the main basis for judgment based on vulnerability scanning of network system vulnerability libraries. If vulnerability library
Improvement suggestions: The vulnerability database information should not only have completeness and validity, but also be simple, so that even users themselves can easily add and configure the vulnerability database, thereby achieving timely updates to the vulnerability database.
14. According to the firewall's processing method of internal and external data, what are the two categories? Their technical characteristics are discussed respectively.
According to how the protection wall handles internal and external data, it can be roughly divided into two categories: packet filtering firewalls and application proxy firewalls.
Packet filtering firewall, also known as filtering router, compares the packet header information with the rule table set by the administrator. If there is a rule that does not allow a certain packet to be sent, the router will discard it.
In the packet filtering system, filtering based on addresses and filtering based on services are also included.
Application proxy, also called application gateway, acts on the application layer. Its characteristic is that it completely "blocks" the communication flow of the network. By programming a special agent program for each application service, it can monitor and control the communication flow of the application layer.
There are some special types of proxy servers, mainly application-level and loop-level proxies, public and dedicated proxy servers, and intelligent proxy servers.
15. What is an application proxy? What are the advantages of agency services?
Application proxy, also called application gateway, acts on the application layer and is characterized by completely "blocking" the communication flow of the network. By programming a special agent program for each application service, it can monitor and control the communication flow of the application layer.
Proxy servers have the following two advantages:
(1) Proxy services allow users to "directly" access the Internet. Using proxy services, users will be classified as if they are accessing the Internet directly.
(2) Proxy services are suitable for logging because proxy services follow priority protocols and they allow logging services to be performed in a special and efficient way.
< img src="https://hnxx.oss-cn-shanghai.aliyuncs.com/official/1678694737820.png?t=0.6334725112165747" />