- 1. Concepts related to information security
- 2. Information encryption, decryption and commonly used algorithms
- 3. Information system security
1. Concepts related to information security
1. Properties
秘密性: The attribute that prevents information from being known to unauthorized persons完整性: Information is correct, authentic, untampered, and intact.可用性: Attributes where information can be used normally at any time
2. Four security levels※
设备安全: Including three aspects (equipment stability - the probability of no failure; equipment reliability - the probability of performing tasks normally; equipment availability - the probability of being able to be used normally at any time);数据安全: Including confidentiality, integrity and availability. Data security is traditional information security;内容安全: Politically healthy, in compliance with national laws and regulations, and in compliance with ethical norms. In a broad sense, it also includes content confidentiality, intellectual property protection, information hiding, and privacy protection, etc.;行为安全: Data security is essentially a static security, while behavioral security is a dynamic security. Including (secrecy of behavior; integrity of behavior; controllability of behavior).
3. Information security protection level※
It is divided into five levels:
Level 1: After the information system is damaged, it will cause damage to the legitimate rights and interests of citizens, legal persons and other organizations, but will not damage national security, social order and public interests. Units that operate and use first-level information systems should protect them in accordance with relevant national management regulations and technical standards.
Level 2: After the information system is damaged, it will cause serious damage to the legitimate rights and interests of citizens, legal persons and other organizations, or cause damage to social order and public interests, but will not damage national security. Second-level information system operators and users should protect them in accordance with relevant national management regulations and technical standards. The national information security supervision department provides guidance on the information security level protection of this level of information system.
Level 3: After the information system is damaged, it will cause serious damage to social order and public interests, or cause damage to national security. Units that operate and use third-level information systems should protect them in accordance with relevant national management regulations and technical standards. The national information security supervision department shall supervise and inspect the information security level protection work of this level of information system.
Level 4: After the information system is damaged, it will cause particularly serious damage to social order and public interests, or cause serious damage to national security. Units that operate and use the fourth-level information system shall carry out protection in accordance with relevant national management regulations, technical standards and specialized business needs. The national information security supervision department shall conduct mandatory supervision and inspection of the information security level protection work of this level of information system.
Level 5: After the information system is damaged, it will cause particularly serious damage to national security. Level 5 information system operators and users should be protected in accordance with national management regulations, technical standards and special business security needs. The state designates specialized departments to conduct special supervision and inspection of the information security level protection of this level of information systems.
Mnemonic:
Level 1, harms enterprises and citizens, but not the country and society;
Level 2, seriously harms enterprises and citizens or harms society, but does not harm the country; Level 3, seriously harms society or harms the country; Level 4
, seriously harms society or the country;※※※
Level 1, which seriously endangers society or the country;
Level 5, which seriously endangers the country.
4. Level of security protection capability※
The "Guidelines for Classification of Computer Information System Security Protection Levels" stipulates five levels of computer system security protection capabilities:
The first level is 用户自主保护级, this level is suitable for ordinary intranet users;
The second level is 系统审计保护级, this level is suitable for non-important units that conduct business activities through intranet or international network and need to keep confidential 第一、二级对应一般系统;.
The third level 安全标记保护级is applicable to local state agencies at all levels, financial institutions, postal and telecommunications, energy and water supply departments, transportation, large industrial, commercial and information technology enterprises, key project construction and other units;
The fourth level 结构化保护级is applicable to central-level state agencies, radio and television departments, important material reserve units, social emergency service departments, cutting-edge technology enterprise groups, national key scientific research institutions, national defense construction and other departments 第三、四级对应重要系统;
The fifth level 访问验证保护级is applicable to key national defense departments and units that require special isolation of computer information systems according to law. 第五级对应极端重要系统.
Mnemonic: Visit by the main review “agency” (autonomous-audit-mark-structure-visit)
2. Information encryption, decryption and commonly used algorithms
1. Symmetric encryption
Encryption and decryption use the same key.
Advantages: fast encryption and decryption; simple key management; suitable for one-to-one transmission.
Disadvantages: low encryption strength; not suitable for one-to-many encryption transmission
. Common algorithms include: SDBI, IDEA, RC4, DES , 3DES, AES, Kerberos
2. Asymmetric encryption
Encryption and decryption use different keys
. Advantages: high security, safe system; good algorithm flexibility.
Disadvantages: slow encryption and decryption speed (relatively); complex key management.
Common algorithms: RSA, ECC (improving RSA security, compared with Higher security, small key size, flexible algorithm)
3. Hash function
Map any length of message M into a fixed-length Hash code. The purpose of the Hash function is to generate the "fingerprint" of a file, message or other data block - a Hash code. Hash code is also called message digest, which is a function of all message bits. It has error detection capability, that is, changing any one or more bits of the message will cause the hash code to change.
During the authentication process, the sender attaches the Hash code to the message to be sent and sends it to the receiver, and the receiver authenticates the message by recalculating the Hash code. The Hash function can provide confidentiality, message authentication and digital signature functions.
4. Digital signature
Only the sender of the message can generate a string of numbers that cannot be forged by others. This string of numbers is also an effective proof of the authenticity of the message sent by the sender of the message.
Digital signatures are 非对称密钥加密技术the application of digital digest technology. Digital signatures can also verify data integrity.
A perfect digital signature system should meet the following three conditions:
(1) The signer cannot deny his signature afterwards;
(2) No one else can forge the signature;
(3) If the two parties have a dispute about the authenticity of the signature, they can Verify the authenticity of the signature by verifying it before an impartial arbiter (certifiable by a third party). Digital signatures and data encryption can be achieved simultaneously using RSA cryptography.
5. Certification
Also known as identification and confirmation, it is a process of verifying whether something is worthy of its name or valid (whether the identity is legitimate).
The difference between authentication and encryption is that encryption is used to ensure the confidentiality of data and prevent passive attacks by opponents, such as interception, eavesdropping, etc.; while authentication is used to ensure the authenticity of the sender and recipient of the message and the integrity of the message. Prevent opponents from active attacks, such as impersonation, tampering, replay, etc. Authentication is often the first line of security protection in many application systems, so it is extremely important.
The difference between certification and digital signature:
(1) Authentication is always based on some confidential data shared by both sender and receiver to certify the authenticity of the object being authenticated; while the data used to verify the signature in digital signatures is public.
(2) Authentication allows the sending and receiving parties to verify each other's authenticity and does not allow third parties to verify; while digital signatures allow both the sending and receiving parties and a third party to verify.
(3) Digital signatures cannot be repudiated by the sender, cannot be forged by the recipient, and have the ability to resolve disputes before a notary; certification does not necessarily have this.
3. Information system security
Information system security mainly includes computer equipment security, network security, operating system security, database system security and application system security.
1. Computer Equipment Security
It mainly includes several key factors such as the integrity, confidentiality, non-repudiation, availability, auditability, and reliability of computer entities and their information.
Main contents include:
(1) Physical security: It is to protect computer network equipment, facilities and other media from environmental accidents (such as earthquakes, floods, fires, etc.) (such as electromagnetic pollution, etc.) and from operational errors or mistakes and various computer crimes. of destruction. Physical security is the prerequisite for the security of the entire computer information system
(2) Equipment security: anti-theft and anti-destruction of equipment, prevention of electromagnetic information leakage, prevention of line interception, anti-electromagnetic interference and protection of power supply
(3) Storage media security: the medium itself and the medium Security of data stored on the Internet
(4) Reliability technology: Generally implemented by fault-tolerant systems, fault-tolerance mainly relies on redundant design to achieve
2. Cybersecurity
As the main carrier of information collection, storage, distribution, transmission and application, the security of the network plays a vital and even decisive role in the security of the entire information.
Common network threats include:
(1) Network eavesdropping
(2) Password attacks
(3) Denial of service attacks (Dos): Find ways to stop the target machine from serving
(4) Vulnerability attacks
(5) Botnets
(6) Network Phishing
(7) Network spoofing, mainly including ARP spoofing, DNS spoofing, IP spoofing, Web spoofing, Email spoofing, etc.
(8) Website security threats, mainly including SQL injection attacks, cross-site attacks, side note attacks, etc.
Network security defense technology:
(1) Firewall: The network access behavior involved in the policy can be effectively managed, but outside the policy it cannot be controlled. (Like community security)
(2) Intrusion detection and prevention: Intrusion detection system IDS (find signs, send alarm, passive) and intrusion prevention system IPS (pre-interception, active)
(3) VPN (Virtual Private Network, virtual Private network): Technology to establish a dedicated, secure data communication channel in the public network
(4) Security scanning
(5) Network honeypot technology: "trap" trap
3. Operating system security
The operating system is located above the hardware and below other software. It is the most basic software of the computer system. The security of the operating system is a necessary condition for the security of the computer system software. Without the basic security provided by the operating system, the security of the information system has no basis. .
Security threats to operating systems are divided according to behavioral methods, and there are usually four types:
(1) 切断, which is a threat to usability. System resources are damaged or become unavailable or unusable, such as destroying the hard disk, cutting off communication lines, or disabling file management.
(2) 截取, which is a threat to confidentiality. Unauthorized users, programs or computer systems gain access to a resource, such as stealing data and illegally copying files and programs on the network.
(3) 篡改, which is an attack on integrity. Unauthorized users not only gain access to a resource, but also tamper with it, such as modifying values in data files and modifying the content of messages being transmitted on the network.
(4) 伪造, which is a threat to legitimacy. Unauthorized users insert forged objects into the system, such as illegal users adding forged messages to the network or adding records to current files.
According to the manifestation of security threats, the security threats faced by the operating system include the following types:
(1) Computer viruses.
(2) Logic bomb.
(3)Trojan horse.
(4) Back door. A backdoor refers to a piece of illegal code embedded in an operating system that an infiltrator can use to break into the system. Backdoors are installed just for penetration. For backdoors in operating systems or mechanisms that provide backdoors, the way to completely prevent them is not to use the operating system, but to adopt a self-developed operating system.
(5) Covert passage. Covert channels can be defined as non-public information leakage paths in the system that are not controlled by security policies, violate security policies, and are non-public.
4. Database security
A database system is a platform for storing, managing, using and maintaining data. Database security mainly refers to the security of database management systems, and its security issues can be considered as security issues for data used for storage rather than transmission.
Generally speaking, database security involves the following issues:
(1)Integrity of the physical database. Ensure that the data in the database system is not destroyed by various natural or physical factors, such as earthquakes, floods, fires, thefts, power problems or equipment failures, etc.
(2) The integrity of the logical database. Provide guarantees for the structural characteristics of the database, ensuring that the database system structure, database schema and database data are not illegally modified, and that transaction processing and operations comply with various integrity constraints of the database.
(3) Elemental safety. Ensure that various storage elements of the database meet confidentiality, integrity, availability and other constraints.
(4)Auditability. Record all things and operations in the database, keep detailed audit and log records, and provide post-event tracing, analysis and evidence collection tools.
(5)Access control. Ensure that only authorized users or authorized programs can access the data elements they are allowed to access, while ensuring that different control policies are used for different user restrictions and allow flexible settings.
(6) Identity authentication. Do not allow an unauthorized user to operate on the database.
(7) Availability. The database system can provide high-quality data access services to authorized users at any time, allowing users to maximize access to the data they are allowed to access.
(8) Reasoning control. The inference control mechanism must ensure that users cannot deduce secret, unauthorized access information and statistical information from publicly released and authorized access information and statistical information.
(9)Multi-level protection. According to the requirements of the application, the data can be divided into sets of different confidentiality levels, different fields in the same record can be divided into different confidentiality levels, and different values of the same field can be divided into different security levels to achieve data classification. Division and level access required by users according to corresponding level security policies.
In order to solve the above security goals, database security has adopted a series of technical methods, including:
Database access control technology, database encryption technology, multi-level security database technology, database inference control issues and database backup and recovery, etc.
5. Application system security
Application system security is based on computer equipment security, network security and database security. At the same time, effective anti-virus, anti-tampering and version checking and auditing are adopted to ensure the legality and integrity of the system's own execution programs and configuration files, which are extremely important security assurance measures.
The main threats facing the web include:
- Vulnerabilities in trusted sites;
- Browser and browser plug-in vulnerabilities;
- End-user security policies are inadequate;
- Mobile storage devices carrying malware;
- Phishing;
- botnet;
- Trojans with keyloggers, etc.;
Web threat protection technologies mainly include:
- Web access control technology
Access control is the main strategy for Web site security prevention and protection. Its main task is to ensure that network resources are not accessed by illegal visitors. Accessing a Web site requires identification and verification of user names and passwords, and checking of default restrictions on user accounts. As long as any of these levels is not passed, the user will not be able to access a certain site.
Web servers generally provide access control methods: through IP address, subnet or domain name; through user name/password; through public key encryption system PKI (CA authentication) and other access control methods. - Single Sign-On (SSO) technology
Single sign-on provides centralized and unified identity authentication for application systems to achieve "one login, multiple access". The single sign-on system uses encryption and digital signature technology based on digital certificates, user identity authentication and authorization control functions based on unified policies, and implements centralized and unified management and identity authentication for users. - Web page anti-tampering technology
Web page anti-tampering technology includes time polling technology (authenticity and fake comparison), core embedded technology (watermark and outflow integrity check), event trigger technology (validity check when modified), file filtering driver technology (underlying driver, millisecond-level replication), etc. - Web content security
Content security management is divided into three types of software: email filtering, web filtering, and anti-spyware. These three software not only play a decisive role in promoting the development of the content security market, but also play an important role in ensuring the security of the Internet. effect.
Score is 3-6 points, common test points: security level, data signature and authentication, firewall and intrusion, security threats, integration of informatization and informatization, e-government, Internet +