2019-2020-1 semester 20,192,426 "Cyberspace Security Introduction," the ninth week of learning summary

Others 2019-12-04 22:52:48 views: null

Chapter Network Security

3.1 Overview of network security and management

3.1.1 Network security concept

1. Broadly speaking, all related network information confidentiality, integrity, availability, authenticity, controllability, research and theoretical review of related technology, are network security.
2. Network security including network security hardware resources and information resources.

Network hardware resources include a communication line, a communication device (router, switches, etc.), and other hosts.
Information resources include maintaining network service allows Hee system software and application software, and user information in the data storage and transmission network.

3.1.2 The concept of network management

1. Network management is a generic term for a variety of supervised activities, organize and control network communications services, and information necessary for the processing.
2. Network management technology is accompanied by the development of computer, networking and communications technology and development, the two complement each other.
3. classified from the network management category can be divided for network equipment management and for behavior management.

3.1.3 network security features

In general, to protect the network security and management technology or means reliability, availability, confidentiality, integrity, controllability, review of the network that is has the characteristics of network security.

  • Reliability : network information system and can be completed within a predetermined time characteristic of a predetermined function under predetermined conditions. Mainly in terms of hardware reliability, software reliability, human reliability, environmental reliability.
  • Availability : network information access features can be authorized entity needs to use and press. Usually with the normal use of the system than the whole time and working time is measured.
  • Confidentiality : the network information is not disclosed to the user, unauthorized entities or processes, or for the characteristics of their use.
  • Integrity : the network information can not be changed without authorization characteristics, i.e., the network information held in the storage or transmission process is not accidentally or deliberately deleted, modified, forged, scrambled, playback, and insertion loss characteristics and other damage.
  • Controllability : has the ability to control the dissemination of information and content.
  • Auditability : Based on the time and means of providing security problems.

3.1.4 common network topologies

1. Network topology : network configuration mode, shows that the geometric logically connected to the respective nodes in geographically dispersed. Network topology determines the transmission method works networks and network information.
2. there is a common network topology bus, star, ring and tree and so on. In practical applications, usually in the form of their wholly or partially mixed, rather than with a single topology.

  • Bus topology: all network workstations or network devices connected to the same physical medium, then each device is directly connected to the trunk cable.
    The presence of structural safety defect: difficult to fault diagnosis, fault isolation difficulties, the terminal must be intelligent.
  • Star topology: the central node and the central node connected to the respective sites of the composition by point to point link. Often referred to as a central node device adapter, concentrator or a repeater.
    The presence of structural safety defects: a large demand for cable and installation difficulties, expansion difficulties, dependence on the central node is too large, prone to "bottleneck" phenomenon.
  • Ring topology: some of the relay and is connected by a relay point to point links form a closed loop.
    The structural safety defect exists: the failed node will cause failure of the entire network fault diagnosis is difficult, not easy to reconfigure the network, affecting access protocol.
  • Tree topology: From the bus topology evolved, shaped like an inverted tree. Usually a coaxial cable as the transmission medium, and the use of broadband transmission technologies.
    The presence of structural safety flaw: too much reliance on the root node.

3.2 network security infrastructure

3.2.1 OSI seven-layer model and security architecture

1.OSI reference model called the OSI reference model, which is by the International Organization for Standardization (ISO) and the International Telegraph and Telephone Consultative Committee (CCITT) developed jointly.
2. Composition seven layer model
OSI reference model from top to bottom are a physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer.
3.OSI operating principle of the protocol
package : the transmitting side, the operation data from the upper layer to the lower layer package, every layer of this layer is added to the data header in the data base of the upper layer and the lower layer processing before being passed.
Unpacking : At the receiving end, the data unit in the header of each layer is removed, transferred to the upper layer need to be processed until after the user sees the application content layer analysis.

Seven layer model established primarily to solve the compatibility problem encountered when heterogeneous network interconnection. Its biggest advantage is to distinguish between services, interfaces and protocols clearly distinguish these three concepts, but also the different functional modules from different networks to share responsibilities.

4.OSI security architecture
OSI security architecture is built according to the OSI seven-layer protocol model, that is, the OSI security architecture is the OSI seven layer corresponding to, for example:

  • Physical Layer: set the connection password.
  • Data Link Layer: PPP authentication setting, the priority of the switch port, MAC address security, the BPDU guard, fast ports.
  • Network layer: routing protocol validation set, extended access lists, firewalls and so on.
  • Transport Layer: FTP password is provided, the transmission key and the like.
  • Session Layer & Presentation Layer: public key cryptography, private key cryptography should be set in the two layers.
  • Application Layer: setting NBAR, an application layer firewall.

The five security-related services: authentication (identification) service, service access control, data confidentiality service, data integrity service and anti-repudiation services.

3.2.2 TCP / IP protocol

In the OSI model the IP network layer and the transport layer TCP protocol components.
1. The network layer protocol

  • IP protocol
  • ARP protocol: a computer network address (IP address 32) into a physical address (MAC address 48).

2. Transport Protocol

  • TCP: Use three-way handshake to establish a connection, a connection is disconnected.
  • UDP

3. The application layer protocol
HTTP, HTTPS, FTP, SMTP, Telent, DNS, POP3 , etc., in the practical application of these protocols to use the application proxy.
4. Encapsulating Security Protocol

  • The IPSec : encryption-based protocol that provides security for IPv4 and IPv6 protocol that uses AH (Authentication header) and ESP (Encapsulating Security Payload) protocol to implement its security, ISAKMP / Oakley is SKIP key exchange and management, and security negotiation.
  • SSL protocol (Secure Sockets Layer): transmitting information for protecting the network
  • An information security communication protocol is Hypertext Transfer Protocol HTTP binding designed: S-HTTP
  • S / MIME: full name of the Secure Multipurpose Internet Mail Extensions

3.2.3 Wireless Network Security

1. WLAN Security: eavesdropping, intercepting or modifying the transmission data, denial of service.
2. Wireless LAN security protocol:

  • WEP (Wired Equivalent Privacy)
  • WPA (Wi-Fi network security access)
  • WPA2
  • WAPI (WLAN security solutions China has independent intellectual property rights)

3.WPI decapsulation process:

  • Analyzing the data packet sequence number is valid, invalid data is discarded
  • Data packets using a decryption key and sequence number. MDSU of MIC data packets and decrypt the ciphertext decryption algorithm in OFB mode through the work to recover the MSDU plaintext data and MIC
  • Using the integrity check key and data packet sequence number, check data integrity check algorithm locally calculated by a CBC-MAC mode of work, if the integrity check code MIC calculated different value resulting in the packet, the data is discarded
  • After encapsulation solution MSDU plaintext recombinant processes and delivers to the upper layer

3.3 identify network security risks

3.3.1 threat

Common external threats: System and application software security vulnerabilities, security policies, and backdoor Trojans, viruses, and malicious Web sites trap, hackers, safety consciousness, bad behavior of the user inside the network staff due to security concerns.

3.3.2 Vulnerability

1. The operating system vulnerability: Dynamic Link, to create a process, empty password and RPC, super user.
2. The vulnerability of the computer system itself: hardware and software failures.
3. electromagnetic leakage
4. Data accessibility
weakness The communication system and communication protocols
vulnerability database system 6.
vulnerable network storage medium 7.

3.4 deal with network security risks

3.4.1 respond from the national strategic level

1. The introduction of network security strategy, improve top-level design.
2. Construction of network identity system, create a trusted network space.
3. enhance the core technology R & D capabilities, the formation of self-control of network security industry ecosystem.
4. To strengthen the network offensive and defensive capabilities, build offensive and defensive security defense system.
5. deepen international cooperation, gradually increase the international right to speak cyberspace.

3.4.2 to deal with the technical aspects of security

1. Authentication Technology

  • Biometrics
  • Password authentication
  • Token Authentication

2. Access Control Technology

  • Access Control (Access Control) refers to the system limit means that the user identity and policy group belongs to a pre-defined usage data resource capacity.
  • Three elements: the host, object and control strategy
  • Functions and principles of access control: authentication, policy control, security audit
  • Type: discretionary access control, mandatory access control, policy-based access control and integrated access control and other roles.
  • Comprehensive access control policy: network access control, network access control, directory-level security controls, property security control, security control network server, network monitoring and locking control, security control network ports and nodes
  • Application access control

3. Intrusion Detection Technology

  • Intrusion Detection System is a real-time network monitoring, detection, suspicious data and to take timely initiatives of network equipment.
  • Intrusion detection technique used: anomaly detection, feature detection, file integrity checking.

4. Monitoring audit techniques

  • Network security audit approach: audit log, host audit, network audit

The honeypot
by application platform, honeypot honeypot system is divided into real, pseudo honeypot system.
According to the purpose of the deployment, the honeypot is divided into product and research honeypot honeypot.
In accordance with the level of interaction honeypot is divided into low-interaction honeypot, high-interaction honeypots.

Common network management technology 3.4.3

1. The daily operation and maintenance inspection
2. Vulnerability Scan
3. Application Code Review
4. System Security Hardening
5. Level Security Evaluation
6. safety supervision and inspection

  • Information Security Management case
  • Technical protection case
  • Emergency work
  • Safety education and training situation
  • Safety rectification

7. Emergency Response disposal
8. Security Configuration Management

  • asset Management
  • Resource Management
  • Server Directory Management
  • Request for service
  • Monitoring and management

summary

By analyzing common network topology, combined with the contents of the OSI model and protocol, introduces the threat and potential vulnerability of the network system, and put forward countermeasures from network technology and network management levels. In particular, he gave a detailed account authentication technology, access control, intrusion detection, monitoring and auditing technology honeypot technology.

Advanced computing security issues under Chapter VII of the big data background

Things Security 7.3

7.3.1 Overview of Things

1. Things goal is to help us to achieve interoperability of the physical world and the online world, mankind has "full awareness, a thorough analytical skills and wisdom of processing power" of the physical world.
2. The level of the architecture and features of things

  • Things roughly divided into three parts: a data sensing part, a transmission part of the network, intelligent processing section.
  • Things system is divided into perception layer, network layer, application layer three-layer structure.
  • Things should have: a comprehensive perception, reliable delivery, can only handle three abilities.

3. Things Typical application areas:

  • Have the cognitive ability of Applied Physics of the world
  • Ubiquitous network convergence in the application on the basis of
  • Based integrated information application services targeted applications

7.3.2 security features and architecture of the Internet of Things

1. The security features of things
2. physical security challenges faced by network:

  • Criteria and indicators
  • Regulation
  • Shared responsibility
  • Cost and security trade-offs
  • Disposal of obsolete equipment
  • Scalability
  • Data confidentiality, authentication and access control

3. Things security architecture

  • Things facing security attacks
  • Security controls of things

7.3.3 industrial control systems and their security

Industrial Control System (ICS) is a general term for several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (the DCS), the process control system (PCS), a programmable logic controller.
Wherein the industrial control system 1.
2. The industrial control system architecture

  • The key components of the industrial control system comprising: a controller configuration programming components, data acquisition and supervisory control assembly man-machine interface and the distributed process control system.
  • The network portion of industrial control systems covered include: enterprise resource network, process control and network monitoring and control system network.

3. Industrial Control Systems Security

  • Industrial control network security situation and security issues
    • Loopholes in the system is difficult to timely processing of industrial control system security risk
    • Industrial control system communication protocol lacks sufficient security considerations early in the design
    • There is not enough security policy and management system
    • Industrial control systems directly exposed on the Internet
    • System Architecture lack of basic security
  • Security of Industrial Control Systems
    • Loss of leak protection
    • Host Security Management
    • Data Security Management
    • Establish baseline
    • Operation monitoring
    • Implementation of defense

Guess you like

Origin www.cnblogs.com/chw123/p/11986082.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com