The first 8 chapters, network security technology
Test sites 1 , a computer virus
Test method [analysis]
This test method is the basic test sites by the virus name prefix judge what kind of virus, understand the hazards arising from different types of virus
Points [analysis]
1 , there is a common virus prefix Trojan (Trojan), Hack (hackers, viruses), WORM (worms), Macro (macro virus), Script (script viruses), win32 (system virus)
| Type virus |
feature |
harm |
| File type |
Infection DOS under the COM , EXE file |
With DOS disappearance has gradually disappeared, becoming more damaging small |
| Guided |
Boot DOS system, the virus is triggered |
With DOS disappearance has gradually disappeared, becoming more damaging small |
| Macro viruses |
For O ffi ce of a virus, by the O ffi ce written in macro language |
Infection only O ffi ce document, which the Word document-based |
| VB foot of this virus |
By IE activating browser |
Users will be infected when browsing the web, Clear easier |
| worm |
Some use of e-mail attachments to send out some advantage with the operating system vulnerabilities to attack |
Destroy files, resulting in data loss, so that the system can not function properly, it is the greatest danger of the virus |
| Trojans |
Usually a virus carried by satellite |
To seize control of the computer |
| Hacker program |
The use of a tool system vulnerabilities invasion |
It would normally be carried by a computer virus to sabotage |
Remarks [coaching]
Memory of knowledge, we can understand
Test sites 2 , symmetric encryption
Test method [analysis]
This test method is basically the test center know in common symmetric encryption algorithm
Points [analysis]
1 , is a symmetric encryption process using the same secret key to encrypt and decrypt the data
2 , common algorithms DES , 3DES , IDEA , AES
. 3 , the DES key length of 56 is bit, 3DES key length of 112 bit, IDEA key length of 128 bit, the AES key lengths are 128 , 192 ,
256 Wei three kinds
Remarks [coaching]
Conceptual knowledge, we can understand
Test sites 3 , asymmetric encryption
Test method [analysis]
This test center is to understand the basic test method common non-symmetric encryption algorithm, to understand the principle of asymmetric encryption process
Points [analysis]
1 , asymmetric encryption is to use different keys in the encryption process and the decryption
2 , common non-symmetric encryption algorithm has the RAS (often test), the ECC , a Rabin et
3 , encryption, the sender using the recipient's public key to encrypt. Decryption, the receiver uses its own private key to decrypt
Remarks [coaching]
Conceptual knowledge, need to know
Test sites 4 , the digital signature
Test method [analysis]
This test center to test the basic method is to understand the role of the digital signature process and the principle of
Points [analysis]
1 , the digital signature is based on public key system (asymmetric encryption system) of
2 , a digital signature features are: message authentication, non-repudiation, (together and hash algorithm) to ensure the integrity of the message
3 , the sender of the message signed with its private key, the recipient receives the message with the sender's public key to verify the signature
4 , because it is based on public key system, so you need to know which to use a digital signature algorithm is an asymmetric encryption algorithm
Remarks [coaching]
Conceptual knowledge, need to know
Test sites 5 , hashing
Test method [analysis]
This test center to test the basic method is to understand the common hash algorithm
Points [analysis]
1 , hashing and digital signatures are combined to guarantee data integrity
2 , the common message digest (hash) algorithm is as follows: the MD5 : generating 128 -bit output of the SHA (Secure Hash Algorithm): generating 160. bit output 3 , message digest algorithms are not encryption algorithm
Remarks [coaching]
Conceptual knowledge, we can understand
Test sites 6 , firewall technology
Test method [analysis]
This test center to test the basic law is the concept of a firewall, working principle and deployment
Points [analysis]
1 , the most basic function is to isolate the firewall network, through the network is divided into different areas, develop control access between different areas of policy to control data flow transmitted between areas of varying degrees of trust.
2 , the firewall is not used for anti-virus
3 , the test is often based on packet filtering firewall quintuple filtering data packets, i.e. the source quintuple destination IP address, source and destination ports and protocol type
4 , generally divided firewall . 3 regions, trusted region (region network), the DMZ region untrusted region (region outside the network). Which in DMZ discharge area set for external network access server equipment
5 , the firewall is deployed generally 2 kinds of transparent routing deployment and deployment. Routing deployment can be understood as a router with firewall features. Transparent deployment in the original network deployment to ensure the case of the same, the firewall apparatus to the intermediate switches and routers, this method does not require the deployment of the configuration interface the IP .
Remarks [coaching]
Morning exam involving occasionally, more often in the afternoon exam exam, you need to focus on
Test sites 7 , the intrusion detection system
Test method [analysis]
This test method is the basic test sites to understand the concept, and deployment of intrusion detection systems and intrusion prevention systems
Points [analysis]
1 , IDS devices (intrusion detection system) in accordance with certain security strategy, the health network, system monitor and found that as much as possible a variety of attack attempts, aggressive behavior or attack the results in order to ensure the confidentiality of the network system resources, integrity and availability. Usually in conjunction with firewalls
2 , the IDS devices typically hung in the mirror next to the switch port, the destination ports can be monitored to obtain the required traffic data
3 , with the discovery and continuous improvement of network security vulnerabilities of network attack techniques, the traditional firewall technology plus the traditional IDS technology, has been unable to cope with a number of security threats. In this case, the IPS technology emerges, the IPS technology depth perception and the detected data traffic flows, malicious packets discarded to block attacks, abuse limiting packets to protect the network bandwidth resources
. 4 , the IPS devices generally need to be placed in a protected network (typically the network region) in front of
Remarks [coaching]
Exam occasionally involved, need to do a basic understanding