2019-2020-1 semester 20,192,410 "Cyberspace Security Introduction," the ninth week of learning summary

Others 2019-11-26 22:49:25 views: null

Chapter 1 Cyberspace Security Overview

  Information is like water, electricity and oil, as are relevant to all industries and for all, a basic resource.

1.1 network security work and life

Common network security issues 1.1.1 life

  • Account password stolen
  • Credit card stolen brush

Common network security issues 1.1.2 Work

  • Network device threats
  • Operating system threats
  • Application threats

1.2 cyberspace a basic understanding of security

Introduction to Cyberspace Security

  •   定义一:ISO/IEC 27032:2012——《Information Technology-Securitytechniques-Guidelines for cybersecurity》:“the Cyberspace”is defined as“the complexenvironment rsuting from the interaction of people,software and services on the Internet by means of technology devices and network connectted to it,which does not exist in any physical form.
      Cybersecurity is“preservation of confidentiality,integrity and avilability of information in the Cyberspace.
  •   定义2: mu (国际电联)一-The cleieon。 best paticsasurancesafeguards. guidelines, risk managementapp mnongie bu”poe te oyher ciromen snd ogiain nduser's assets.Organization and user's assets includeconeted computing devics, psronne,ifastnture apitioe, srice. lemanietes sems, and the talty oftransmitted and/or stred information in the cyber environment.Cybersecurity strives toensure the ataiment and maintenance of the security properties of the organization and user'sassets against relevant security risks in the cyber environment. The general security objectivescomprise the following: availability; integrity, which may include authenticity and non-repudiation; and confidentiality.
  •   定义3:荷兰安全与司法部一Cyber security is freedom from danger or damage due tothe dsruption, breakdown, or misuse of ICT. The danger or damage resuting from disruption,breakdown or misuse may consist of lmitations to the ailability or rliabilit of ICT, breachesof the cofintiliy of ifrmation sored on ICT media, or damage to the itegrty of that information.

1.3 cyberspace security technology architecture

  • Physical Security : This paper introduces the concept of physical security, physical and environmental security physical security equipment and so on.
  • Network security : This paper introduces network and protocol security, network security and management, to identify and respond to cyber security risks and so on.
  • System Security : focuses on operating system security, virtualization, security and mobile terminal security and so on.
  • Application Security : introduces malicious code, database security, middleware, security and Web security content.
  • Data security : data security focuses on the category of the confidentiality of data, data storage, data backup and recovery technology and content technology.
  • Advanced computing security issues in the context of big data : Big Data focuses on security, cloud security and security of things and so on.
  • Public opinion analysis : describes the content of the concept of public opinion, public opinion of network analysis methods both public opinion analysis application technology.
  • Privacy : describes individual user's privacy protection, privacy protection of data mining, cloud and privacy protection and privacy protection field block chain content field of things.
  • Cryptography and Applications : This paper introduces the contents of cryptographic algorithms, public key infrastructure, virtual private network and privilege management infrastructure.
  • Cyberspace combat : The content of social engineering and cyberspace actual case columns and so on.
  • Cyberspace Security Governance : The content information security regulations and policies, information security standards and corporate security stress testing and implementation methods.

1.4 opportunities and challenges facing the security of cyberspace

1.4.1 significant development opportunities for security of cyberspace

  • New channels of information dissemination
  • Production and life of the new space
  • The new engine of economic development
  • Cultural prosperity of the new carrier
  • The new platform social governance
  • New exchanges and cooperation ties
  • National sovereignty frontier

1.4.2 The challenges facing the security of cyberspace

  • Internet penetration endanger political security
  • Network attacks threaten economic security
  • Harmful cultural erosion information security
  • Terrorist and criminal networks undermine Social Security
  • ICN space in the ascendant
  • Cyberspace opportunities and challenges

Chapter 2 Physical Security

2.1 Physical Security Overview

2.1.1 Physical Security definition

  In cyberspace security systems, physical security information system is to ensure a secure physical environment, has a comprehensive technical controls on access to information systems personnel, and fully take into account the threats to the system may result in spontaneous event and avoid them .

2.1.2 Physical Security of range

  • Environmental Security : security refers to the protection of the environment where the system, such as regional protection and disaster protection.
  • Safety and security equipment Media : including anti-theft device, preventing ruined, anti-electromagnetic information leakage radiation to prevent interception line, anti-electromagnetic interference and power protection, safety, and hardware, including safety and security of the data medium itself medium.

2.2 Physical security environment

  • Physical locations
  • Physical access control
  • Anti-theft and anti-sabotage
  • Lightning
  • Fireproof
  • Waterproof and moisture-proof
  • anti-static
  • Temperature and humidity control
  • electricity supply
  • Electromagnetic protection

2.3 Physical Security Equipment

2.3.1 Security Hardware

  • PC network physical security isolation card
  • Physical Security Isolator
  • Physical isolation network gateway

2.3.2 chip security

  In fact, the security chip can be described as a Trusted Platform Module (the TPM), which is an independent key generation, encryption and decryption means, independent of the internal processor and the storage unit may store the key features and data, the computer provide encryption and secure authentication services. Carried out by the security chip encryption key is stored in hardware, the stolen data can not be decrypted storage, thereby protecting user privacy and data security.
  Security chip with proprietary software can perform the following functions:

  • Storage, password management functions
  • encryption
  • Encrypted partition the hard drive

Chapter 6 Data Security

6.1 Data Security Overview

  The main cause of data breaches include: cyber attacks by hackers, Trojans, viruses, theft, lost or stolen, improper use and management. That is, data from creation, storage, access, transmission, use to destroy the whole life-cycle management process will encounter the threat.

6.2 Data Security category

6.2.1 Data Security elements

  • Data confidentiality (Confidentiality)
  • Data integrity (Integri)
  • Data availability (dostępność)

6.2.2 Data Security composition

  • The data itself
  • Data security protection
  • Security of data processing
  • Data storage security

6.3 Data confidentiality

6.3.1 Data Encryption

Encryption fundamental role include:

  • Prevent uninvited guests to view confidential data files.
  • Prevent confidential data from being leaked or tampered with.
  • Prevent privileged users (system administrator) to view the private data file.

  • The intruder can not easily find a particular file system. Specific encryption method:

  • Symmetric encryption

  • Asymmetric encryption
  • Hash (hash) algorithm

6.3.2 DLP

  DLP (Data Leakage (Los) Prevention , Data Loss Prevention) is to achieve prevention and control by identifying the content of the data. The scope of protection includes protection terminal and network protection. Mainly audit network protection, control-oriented, in addition to the terminal protective auditing and control, the host should comprise conventional control, access control and encryption capabilities.
  Basically, DLP is actually a complex. The final effect achieved is intelligent discovery, intelligent encryption, intelligent control, intelligent audit, which is a set of data loss prevention solutions, from another point of view to ensure data confidentiality.

6.4 Data Storage Technology

6.4.1 Data storage medium

1. Magnetic Media

  • Tape (Tape Driver)
  • hard disk
    • SSD (Solid State Disk, the IDE the Flash Disk)
      . 1) to read and write speed
      2) low power consumption, noise, anti-vibration, low-calorie, small size, a large operating temperature range. Since the absence of mechanical moving parts inside, mechanical failure does not occur, nor shot collision, impact, vibration.
    • Replaceable hard disk
    • Hybrid hard drive
  • Optical Media
  • The semiconductor memory

Data storage scheme 6.4.2

1.DAS applies to the following environment:

  • Small networks
  • Geographically dispersed network
  • Special application server

Weaknesses:
inefficient and inconvenient for data protection.
2.NAS
  independent of the server, the network individually for the development of a data storage file server to connect to the storage device, a self-forming network. Thus, the data is no longer affiliated store server, but as an independent network node exists in the network, shared by all the network users.
  NAS storage system for those who access and share vast amounts of data in an enterprise environment file system provides an efficient, cost-effective superior solutions. Integrated data management needs and reduce overhead, and centralized network file server and storage environment, including hardware and software to ensure reliable data access and high availability of data.
  Since the exchange between the application server and the NAS storage system is a file, and a SAN or DAS infrastructure, servers and storage devices exchange data block, the NAS storage system suitable for file storage products, not suitable database application. Office automation system, the tax industry, advertising design industry, the education sector have often used this scheme.
NAS advantages as follows:
1) true plug
2) simple storage deployment
3) position of the storage device is very flexible.
Easy 4) management and low cost.
3. SAN
  19 years, it introduced the 1BM ESCON Enteprie System Comctio server in S390) technique which is based on optical media, the maximum transmission rate of a connection method to the server to access memory 17MHBS. On this basis, further introduced a more powerful ESCON Direter (FC SWitch), constructed a primitive SAN system. SAN (Storage Area Network, Storage Area Network) storage memory is implemented in the network, P should be a tendency of the server computer system network architecture. SAN technology support Fiber Channel (Fiber Chamel.FC technology. It is ANSI standard network and a channel I / O interface established .FC integrated support HIPPI, IPISCSI, IP, ATM, and other high-level protocols, the advantage of the network communication protocols and transmission equipment physically isolated from medium, so that multiple protocols may be transmitted simultaneously on the same physical connection.
  SAN hardware infrastructure is fiber channel, fiber channel SAN constructed from the following three components:
  1) storage and backup devices: including tape, disk and optical disk libraries.
  2) A Fiber Channel network connection member: a bridge between the host bus adapter cards, drivers, cable, hubs, switches, Fiber Channel and SCSI.
  3) application and management software include: backup software, storage resource management software, and storage management software.
  Currently, most of the difficulties encountered by enterprises in terms of storage solutions mainly derived from data and applications tightly coupled system produced by structural constraints, as well as the current small computer system interface (SCSI) standard limit. Because SAN ease of integration, data availability and improve network performance, reduce management jobs, it is considered to be the future of enterprise-class storage solutions. As can be seen, SAN is mainly used to store a large amount of the work environment, such as ISP, bank, etc., and has a wide range of applications.
  Based on the above description, we can summarize the advantages of SAN are as follows:
  1) network deployment easier.
  2) High-performance storage. Because the SAN using fiber channel technology, it has a higher memory bandwidth, storage performance improved significantly. SAN using fiber channel full duplex serial data transmission principle, transfer rate up 1062.5Mb / s.
  3) good scalability. Since the SAN uses a network structure, stronger expansion ability. Optical interface provides a connection distance of 10m, which makes physical separation, not on the local storage room becomes very easy.
  In reality, the coexistence of these three above-mentioned storage, complement each other, so as to satisfy the enterprise information applications.
  It should be noted that, in the above-mentioned several schemes are used in a RAID technology. So, then I explain in detail RAID.
  RAID (Redundant Arrays of Independent Disks) refers to an array having a redundancy made of independent disks. A disk array of a large capacity of the disk by a number of combinations of disks made cheaper to provide data generated using the individual disks to enhance the effect of addition of the entire disk system performance. With this technology, the data can be cut into many sections, respectively stored on each drive.
  The disk array also uses parity check (Parity Check) concept, when set to any of a hard disk failure, can still be read out; during data reconstruction, the data is re-calculated after inserting the new hard disk.
  Disk array has three styles: one external disk array cabinets, the second is inscribed disk array card, the third is to use simulation software.
  1) external disk array cabinet: commonly used on large servers with hot-swappable (Hot Swap) properties, higher prices of such products.
  2) inscribed disk array card: inexpensive, but requires skilled installation technology, for use in the art. Such hardware arrays provide online expansion, dynamically modify the array level, automatic data recovery, drive roaming, a cache function. Array card using a dedicated processing unit to operate.
  3) using the software emulation mode: refers to the multiple disks on a common interface card connector disposed through the disk management function of the network operating system to provide their own logical drive, consisting of an array. For example, Windows or Linux systems, UNIX systems can be achieved under the RAID management system, commonly known as soft RAID. This can also provide RAID data redundancy, but the performance of the disk subsystem will be reduced, and some reduced amplitude is relatively large (up 30%), and therefore slow down the speed of the machine, not suitable for large data traffic server.

6.5 Data Storage Security

6.5.1 Data storage security definition

Data storage security is the database system is running outside of readability.

6.5.2 Data storage security measures

  • The problem.
  • Day of the year on the user's behavior is detected.
  • It should be based on application requirements, strict access control.
  • To protect all corporate information.
  • Therefore, enterprises should formulate technical policy to use the device according to clear policies.
  • We had to deal with policy data.

6.6 Data Backup

6.6.1 The concept of data backup

Data backup is operational errors or system failure of the system to prevent loss of data, and all or part of the set of copy data from the host application to the hard disk array or other storage medium of the process.

6.6.2 Data backup mode

  • Regular tape backup
  • database backup
  • Network Data
  • Remote mirroring
  • A normal backup
  • Differential backup
  • Incremental Backup

6.6.3 The main backup technology

  • LAN backup
  • LAN-Free backup
  • Server-Less backup

6.7 Data Recovery Technology

  Data Recovery (Data recovery) refers to a technique by means saved on a computer hard drive is lost, the server hard drive, tape library storage, removable hard disk, U disk rescue equipment and data reduction techniques.

Principle 6.7.1 Data Recovery

  When the hard disk to save the file is saved by the cluster, which is stored in clusters recorded in the file allocation table. When the hard disk file deletion, the cluster is marked as unused, before re-written, the last deleted content is actually still in the cluster, so just find the cluster, you can restore the file contents.
  From a physical point of view, when you save the data, the disc becomes uneven. When you delete a file, and not all of uneven medium smooth, but to erase its address, so the operating system can not find the file. Subsequent write data in this place, the data information of uneven overwrite the original. So, data recovery principle is: if the data is not overwritten, we can use the software, addressing and addressing by way of the operating system, re-find data that has not been covered and put together as a single file. If several small places is covered, it can be used to correct the error checking bits. If you have full coverage, it can no longer be recovered.

6.7.2 types of data recovery

  • Logical failure data recovery
  • Data recovery hardware failure
  • RAID disk array data recovery

Data recovery method common devices 6.7.3

  • Hard drive data recovery
  • U disk data recovery

Chapter 9 Privacy

The field of security in cyberspace definition of privacy 9.1

  • Personally identifiable data
  • Network activity data
  • Location data

9.2 loss of privacy hazards

  • Loss of privacy personal life will bring trouble.
  • Also be easily upgraded to illegal violations against individuals.
  • Also lead to more serious criminal activity.
  • Disclosure of private data will also become the material of hacker attacks.

9.3 Individual user privacy

9.3.1 faced the threat of private information

  • User privacy by stealing account
  • Privacy by inducing collect input
  • Extracting the terminal device privacy
  • Get privacy by hackers

9.3.2 Privacy protection methods

  • Strengthen privacy protection awareness
  • Improve the ability to protect account information
  • Learn about common methods of identity theft, master defensive approach

Privacy 9.4 data mining

  Field of data mining is focused on privacy protection to prevent confidential information from being leaked in the original record in the premise of ensuring data mining tasks normally performed. In the field of data mining, privacy information is divided into two categories:

  • Original records containing private information
  • Original records containing sensitive knowledge

  Privacy in data mining have different implementations can be divided into three categories:
- based on data distortion technology - based data encryption technology - based technical limitations issued

9.5 Cloud computing in the field of privacy protection

  • Data generation stage
  • Data transfer phase
  • Data use phase
  • Data sharing stage
  • Data storage stage
  • Data archiving stage
  • Data Destruction stage

Privacy protection in the field of Internet of Things 9.6

  • Location-based privacy threats
  • Based on data privacy threats

9.6.1 Things position privacy protection methods

  • Location-based services privacy protection technology heuristic measure of privacy
  • Location-based services privacy protection technology probability of speculation
  • Location-based services privacy protection of privacy of information retrieval technology

Things 9.6.2 Data Privacy Protection Method

  • Anonymous methods
  • Encryption method
  • Routing Protocol Method

9.7 block chain skilled in the privacy protection method

  • To the center
  • Robustness
  • Transparency
  • Block chain needs privacy protection
    • Not allowed to get un-trusted node block chain transaction information
    • The new node allows non-trading to get information, but can not be linked to the transaction and the identity of the user.
    • Allow non-trusted node to obtain transaction information, and participate in verification, but do not know the details of the transaction.
  • Block chain technology to protect privacy

Advanced computing security issues under Chapter 7 of large data background

7.1 Big Data security

7.1.1 The concept of Big Data

  • The definition of big data
    one kind of large scale in the acquisition, storage, management, analysis far beyond traditional data collection capabilities of database software tools, with vast amounts of data size, low-speed data transfer, a variety of data types and values of the density of four major feature.
  • Features of Big Data
    • Volume: Mass
    • Variety: diversity
    • Velocity: Slow
    • Veracity: Authenticity
  • Classification of big data
    • Big personal data
    • Enterprise Big Data
    • Government Big Data

    Way of thinking and the use value of big data 7.1.2

  • Predictive Value of Big Data
  • Social Value of Big Data
  • Thinking big data

7.1.3 security challenges in the context of big data

  • Big data increases the risk of loss of privacy
  • Big data for advanced persistent threat (APT) has facilitated
    • Big data enables APT attackers collect target information and vulnerability information more convenient
    • Big data allow an attacker to more easily attack
    • Access control more difficult large data

problem

Principle three data storage solutions and some of them professional terms

Guess you like

Origin www.cnblogs.com/dkyspurs/p/11938749.html
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com