Life and work of network security
Common network security issues in life
· Account password stolen
Credit can be stolen brushes
Common network security problems at work
· Threats faced by network equipment
router
· Operating system free gift threat
There are loopholes in the operating system itself
Hackers possibility of using illegal means to obtain the operating system privileges, the system is unlawful or damage.
· Threats facing applications
Work safety and enterprise users and applications are closely related.
Basic understanding of cyberspace security
Cyberspace is a common computer virtual information space
Cyberspace is now with the collection of all information systems of the future, is the interaction between the information environment of human existence, people and the environment environment, the increasingly close interaction. Therefore, in cyberspace there is this more prominent security issues. On the one hand is the IT industry with unprecedented prosperity, on the other hand is an event jeopardize information security continue to occur.
Cyberspace security technology architecture
Opportunities and challenges facing the security of cyberspace
Major opportunity cyberspace safe development of our country
· New channels of information dissemination
· Production of new space living
· The new engine of economic development
· Cultural prosperity of the new carrier
· The new platform of social governance
· New exchanges and cooperation ties
Physical Security
No physical security, information lost carrier, cyberspace does not arise.
Physical Security Overview
Physical security is defined
Physical security is to ensure that information systems have a safe physical environment, has a comprehensive technical controls on access to information systems personnel, and fully take into account the threat of natural events on the system and may cause them to circumvent.
Physical security range
·environment safety
· Equipment Safety and security media
Physical security environment
To ensure the security of information systems, reliable, entities must ensure that the system is in a safe environment.
1, physical locations
2, physical access control
Physical access control means provided between the physical protection of unauthorized persons and protected control information sources.
3, anti-theft and anti-sabotage
4, lightning
5, arson
6, fire and moisture
7, anti-static
8, temperature and humidity control
9, power supply
10, electromagnetic radiation leakage conduction leakage protection
Physical security equipment
Security Hardware
1, PC network security physical isolation card
Works PC network physical security isolation card is physically separated from the user's hard disk into a common area (outside the network) and security area (within the network). Security isolation card mounted between the motherboard and hard drive, the hard disk is controlled by hardware read and write operations, the use of relay control between the converter and the network partitions connected, any time two partitions share data do not exist, between the internal and external networks guarantee isolation.
2, the network security is physical isolation
Network security is used to achieve a single physical isolation Shuangwang physical isolation and data isolation.
3, the physical isolation network gateway
Since no physical connection for communication between two separate isolation gateway host system weakness connected, logical connection information transmission instruction information transmission protocol.
Gatekeeper isolated from the house, blocking all possible connections have potential supply.
Chip security
· Storage, password management functions
·encryption
· The encrypted partition the hard drive
Data Security
Data Security category
Data security elements
Data security is the legitimate holder of the protection and use of these data can be obtained at any time require the confidentiality of data, pure raw data has not been changed is illegal. We Confidentiality Integrity Availability commonly used as a data security factors, referred to CIA
Data Security composition
1, the data itself
2, data security protection
3, data processing security
4, data storage security
Data confidentiality
data encryption
· Symmetric encryption: encryption and decryption using the same key.
Asymmetric encryption: encryption and decryption to be jointly carried out by a pair of keys
· Hash (hash) algorithm: generally used in identity authentication is required to confirm or not to consider the environment to restore encrypted data. Commonly used hash algorithm SHA algorithm and MD5 algorithm
DLP
Data leakage protection mainly comprises a network terminal and a protective guard.
Data Storage Technology
And data storage media
1, magnetic medium
· Drive: typically composed of a tape drive and tape drives
·hard disk
SSD: SSD is a solid state electronic storage hard disk array chip made of a control unit and a control unit.
1) Reading and writing speed
2) low power consumption, noise, anti-vibration, low-calorie, small size, wide working range.
Replaceable hard disk
2.5 inch having good seismic performance, smaller size, lighter weight.
3.5 inches in the earthquake has been no special design.
Hybrid hard drive: the magnetic hard disc and a flash memory integrated with a hard disk.
· Optical Media
Optical media is somewhat low cost per MB is almost indestructible.
· Semiconductor memory
A bipolar transistor and the MOS memory transistor memory
With a memory to ah are: memory speed, high storage density, the logic circuit readily interfaces.
Data storage solutions
Plug-in system solutions are mainly divided into three
· Direct Attached Storage
· Network Attached Storage
· Storage Area Network
1,
The main adaptation: a small network of geographically dispersed network of special application server
2, IN
It is independent of the server, the network data is stored separately for the development of a storage device connected to the file server from a network form.
NAS storage systems that access and share vast amounts of file system data large enterprise environments to provide a high-level, excellent performance and low cost solutions.
Suitable for file storage, and dismay and database applications.
· NAS is a separate storage nodes exist in the network, regardless of the user's operating system platform, truly plug and play.
· MAS not rely on a common operating system, instead of using a user-oriented operating system designed specifically for a simplified data storage.
· Very flexible storage location
· Easy management and low cost
3、SAN
composition
And backup storage devices: including tape, disk and tube Jukebox
Fiber Channel network connection member: a bridge between the host bus adapter cards, drivers, light, hubs, switches, Fiber Channel and SCSI.
And application software
SAN advantages
· Easy network deployment
High-speed storage performance
· Good scalability
`RAID technology
EAID refers to an array having a redundancy made of independent disks.
Disk array has three styles: one external disk array cabinets, but inscribed disk array card, the third is to use simulation software.
Data storage security
Data storage security definition
Data storage security is the database system is running outside of readability. For example, once the database is stolen, even without the original system programs, you can still write programs to steal another database to view or modify.
Data storage security measures
How to find a balance between security and operational costs.
Dislocation is often considered the most important security threats storage enterprise storage environments face the class.
Ensure data storage security measures:
First, to determine where the problem lies, secondly, the annual all-weather detection of the user's behavior, then, according to the actual application requirements, strict access control.
To protect all corporate information. When using removable storage devices and DVD easily controlled and so on, will make large amounts of data under threat.
Enterprises should formulate technical policy to use the device according to clear policies.
At the same time, but also a data processing policy.
The ultimate goal of storage security is to ensure the integrity of the data, not damaged, not stolen.
data backup
The concept of data backup
Data backup is operational errors or system failure of the system to prevent loss of data, and all or part of the application data set from the main clause assigned disk array or other storage media to the process.
Traditional cold backup. However, this approach can only prevent operational errors such as human error, and its recovery time is very long.
Way of data backup
1, regular tape backup
2, database backup
In this manner it is to create a copy of the primary database on the primary database where the production phase was separated backup machine.
3, network data
4, remote mirroring
The mirror disk to look away from the production machine and high-speed Fiber Channel disk control lines.
5, the normal backup
The advantage is comprehensive and complete.
But take up a lot of backup space
6, differential backup
Differential backup is increasing or modified since the last backup data is backed up normal
7, an incremental backup
Incremental backup is over data that has changed after the last backup backup, not necessarily for the last normal backup.
The main backup technology
1, LAN backup
Traditional backup needs to be installed on each main clause This machine tape backup, the backup strategy using LAN, the data amount is not large, it can centralized backup.
2, LAN-Free backup
When a large amount of data to be backed up and the backup window tight, readily clogging the network, such as SAN environment, which is a LAN-Free backup storage networks may be employed.
3, Server-Less backup
If the backup process can be completed within a SAN, without large amounts of data through the server, the backup operation can greatly reduce the impact on the production system. SAN Server-Less backup is one such technology.
Data recovery techniques
The loss on the device stored in computer hard drives, servers hard disk, tape library storage, removable hard disk, U disk and other data reduction techniques and rescue.
Principle of data recovery
When the hard disk to save the file is saved on the hard disk by the cluster, and the cluster is stored in which is recorded in the file allocation table. When the hard disk file is deleted, all the content is not all clear, but in the file allocation table to save the cluster marks the file location is not in use, since you can write files to direct these are marked as unused clusters. Only write the new file in the same cluster, the file will be completely destroyed.
The type of data recovery
1. The logical failure data recovery
Can not enter the operating system, files can not be read, the file can not be associated application to open, file missing, partition loss, garbled display.
2, hardware failure data recovery
Circuit Fault firmware damage to the head and the disk motor failure Injury
3, disk array RAID Data Recovery
Failure to exclude the hardware and software, then analyzed array order, block size and other parameters
Data recovery method common devices
1, hard drive data recovery
First diagnosis, find the point of failure. Repair hard drive failure, and then return to other software failure, success will eventually recover the data.
2, U disk data recovery
Replacement body can be opened, loading, positioning method for data recovery. You can then use the U disk data recovery tool to recover.
privacy protection
The field of security in cyberspace definition of privacy
· Personally identifiable data
· Network activity data
· Location Data
Loss of privacy hazards
Personal life will bring trouble
Easily upgraded to an unlawful infringement of personal
Fortunately, loss of privacy lead to more serious criminal activity
Disclosure of private data will also become the material of hacker attacks
Individual user privacy protection
Facing the threat of private information
User privacy by stealing account
By inducing Enter your search privacy
Extracting the terminal device privacy
Privacy protection methods
Strengthen privacy protection awareness
Improve the ability to protect account information
password
Learn about common methods of identity theft, master defensive approach
1, to collect the target user's personal information.
2, for the case of the password difficult to guess, hackers can use social library information inquiry account password publicly available online.
3, find the user password later, you can log on related sites Heke, obtain private information.
Privacy data mining
1, the original records containing private information
2, the original records containing sensitive knowledge
Data protection methods:
1, add noise, distortion data exchange technology is based on technology
2, data encryption techniques based secure multiparty computation
3, as the case may publish data conditionally released technical limitations.
1、
An attacker can not find the real raw data
After eczema rushed Board remained unchanged certain properties
2、
Used for distributed application environment. Vertical division and a horizontal division of the data pattern of data patterns.
3、
Generalization identification data to data interpolation noise suppressing decomposition subsampling
Privacy in the cloud
Data life cycle:
Data generation stage
Data transfer phase
Data use phase
Data sharing stage
Data storage stage
Data archiving stage
Data Destruction stage
Privacy protection in the field of Internet of Things
Location-based privacy threats
The location of each node and provide a variety of things in the privacy of location-based services is the position facing the leakage problem,
Based on the disclosure of private data structures
The main secret information is leaked signans networked data acquisition, processing and transmission process.
Things position privacy protection methods
Location services privacy protection technology based on heuristic measure of privacy. Essence of this technology is to avoid the real position of the user data supplied by the fire location information submitted untrue
Location services privacy protection technology based on speculation that way. The technology is essentially a location privacy protection by inhibiting the release of some location information
Location services privacy protection technology based on the privacy of information retrieval. This technique is essentially a means of intermediate means, the position of the user's request into multiple fragments, then request a multi-wheel position requested by the intermediate means to reset unknown providers.
Things data privacy protection methods
1, an anonymous method
2, an encryption method
3, the method Router Protocol
Privacy protection in the field of regional chain
Features: decentralized, robustness, transparency
Area claimed chain means
1. does not allow non-trusted node to obtain regional chain transaction information
2. Allow the area to get un-trusted node chain transaction information, but can not be linked to the transaction and the identity of the user.
3. Allow untrusted nodes obtain transaction information, participate in verification, but do not know the details of the transaction.
problem
1, there is no distinction between good physical PC network security isolation cards, network security physical isolation and physical isolation network gateway
2, the storage classification is very vague
3, RAID technology