Abstract:
The third chapter network security
through self-learning of the third chapter, I learned:
1. Network Security: involving all relevant network information confidentiality, integrity, availability, authenticity, controllability, review of technology research and theory, are network security.
2. Network security involves: computer science, network technology, communication technology, cryptography, information security technology, applied mathematics, number theory, information theory and other comprehensive field. Network security including network security hardware resources and information resources.
3. The concept of network management: general term supervision, organization and control network communications services, and information processing necessary for various activities.
4. Network security features:
Reliability: reliability performance in hardware, software reliability, human reliability, environmental reliability and so on. Relatively straightforward and common hardware reliability. Reliability refers to the software within the specified time, the probability of successful operation of the program. Reliability refers to the probability of staff who successfully complete the job or task. Reliability staff play an important role in the overall reliability of the system.
Availability: refers to the network information access features may be authorized entity needs to use and press. Ensure the availability of network information service allows authorized users when needed or entity.
Confidentiality: Confidentiality refers to the network information is not disclosed to the user, unauthorized entities or processes, or for the characteristics of their use.
Integrity: Integrity is the characteristic of the network unauthorized information can not be changed, i.e., the network information is not accidentally or deliberately deleted or stored in the transmission process, modify forgery, etc.
Control: the content information and the dissemination has control
auditability
5. common network topologies:
bus: fault diagnosis is difficult, fault isolation is difficult, the terminal must be intelligent
star: the need for large and difficult to install the cable, is hard to expand, too much dependence on the central node , prone to bottlenecks
Ring: the failed node will cause failure of the entire network fault diagnosis is difficult, not easy to reconfigure the network, affecting access protocol.
Tree: too much reliance on the root node.
6.OSI seven layer model:
Application layer: accessing a Web Service Interface
presentation layer: providing data format conversion services, such as encryption and decryption.
Session layer: establish end-Fi and access authentication and session management.
Transport Layer: provides a logical communication between application processes common applications: TCP / UDP / process, port.
Network layer: create a logical link between a transmission node data and forwarding data packets.
Data Link Layer: establishing a logical communication link between the communicating entities.
Physical Layer: providing the original bitstream transmitted via the data terminal. Eg: cable, repeaters, optical fiber.
7.OSI security architecture:
Physical Layer: set the connection password.
Data Link Layer: setting PPP authentication, the switch port priority, the MAC geological safety, the BPDU guard, fast ports.
Network layer: routing protocol validation set, extended access lists, firewalls and so on.
Transport Layer: FTP password is provided, the transmission key and the like.
Session layer / presentation layer: public key cryptography, private key cryptography should be set in the two layers.
Application Layer: setting NBAR, an application layer firewall.
8. five related security services:
authentication services: the communication peer entity authentication and data sources
Access Control: To prevent data exchange between various network systems and unauthorized access or interception by leakage, provide confidentiality protection. While it is possible to observe the flow of information will be able to derive information situation prevention.
Data confidentiality service: deterrents.
Data integrity services: for illegal entity to exchange data modification, insert, delete, and data loss during the data exchange,
repudiation services: sending side for preventing the transmission data after the transmission and reception side denies the closing after receipt of the data to deny or falsify data behavior.
9.TCP / IP four-layer model:
Application layer: also contains the application layer, presentation layer, session layer,
transport layer,
network layer
network interface layer
10, a network layer protocol:
the IP protocol: the core, the network layer is also an important protocol.
APR: a network address of the computer
11, the transport layer protocol: the TCP / the UDP
12 is, application layer protocols: the HTTP / the HTTPS
13 is, secure encapsulation protocol:
the IPSec: the network layer, all network channels are encrypted.
SSL protocol: is carried out between two points some applications.
S-HTTP: support the end to end secure transmission.
S / MIME: Secure Multipurpose Internet Mail Extensions
14. Wireless LAN security issues
security threats exist mainly in WLAN eavesdrop, intercept or modify the transmission of data, denial of service, a computer virus.
The wireless LAN security protocols
WEP (Wired Equivalent Privacy)
WPA (the Wi-Fi network security access)
WPA2: WPA2 support higher security encryption standard AES, IEEE 802.11i achieve the mandatory element, RC4 substituted AES.
WAPI (WLAN Authentication and Privacy Infrastructure)
16. The common external threats:
System and application software security vulnerabilities
security policy
backdoor Trojans and
viruses and malicious websites trap
hackers
safety consciousness
security issues misconduct user network caused by internal staff
17. Vulnerability: refers to a computer system or network hardware, software, protocol design and defects in terms of security policy, it is a direct consequence of the illegal or unauthorized user to gain access, thereby undermining the network system.
18. The network security vulnerability:
the vulnerability of the operating system
vulnerabilities as long as the operating system from the lack of its architecture, is reflected in the following aspects:
(1) dynamic link
(2) creation process
(3) blank password and the RPC
(. 4) super-user
computer system itself vulnerability
electromagnetic leakage
accessible data
weakness communication systems and communication protocols
vulnerability database system
vulnerable network storage medium
further, the vulnerability of the network system is also reflected in difficulty confidentiality resistance, and the effect of residual magnetic media information such as poly nature.
19. coping from the national strategic level network security risks
introduced network security strategy, improve top-level design
build online identity system, create a trusted network space
to enhance the core technology R & D capabilities, the formation of self-control of network security industry ecosystem
to strengthen the network offensive and defensive capabilities, Construction of both offensive and defensive security defense system
to deepen international cooperation, gradually increase the right international voice network security
20. respond to cyber security risks from the technical aspects of security
1. Authentication Technology
(1) Biometrics
(2) password authentication
(3) token authentication
2. Access control technology
(1) Access control of three elements: subject, object and control strategies
Host S: refers to the proposed access to resources in particular request, an operation is the initiator of the operation
object O: refers to the entity to access the resource
control policy a: is a collection of related subject object access rules, i.e. a set of attributes
(2) access control functions and the principle
of access control content:
certification, control strategy, security audit
(3) types of access control
discretionary access control, mandatory access control, role based access control of
(4) integrated access control policy
network access control
privileges network control
user perspective: special user, general users, audit user
directory level security control
attribute security control
network server security control
network monitoring and control of the locking
security control nodes and network ports
(5) access control applications
3. the intrusion detection
definition (1) intrusion detection system
(2) conventional intrusion detection
anomaly detection, feature detection, file integrity checking
4. monitoring audit techniques
(1) network security audit The basic concept
(2) network security audit method: audit log, audit hosts, network auditing
5. honeypots
(1) real honeypot system
(2) pseudo honeypot system
21. The safety supervision and inspection
(1) Information Security Management case
(2) technical protection case
(3) emergency work
(4) safety education and training case
(5) security issues rectification
22. The security configuration management
(1) asset management
(2) resource management
(3) service Catalog management
(4) service requests, service changes, workflow
(5) monitoring and management
Chapter VII of the third quarter of Things security
through self-learning Chapter VII of the third quarter, I learned:
hierarchical structure and features 1. of things:
things three parts: data-aware part, network transmission part, intelligent processing section.
Things system is divided into three layers: i.e. perception layer, network layer, application layer.
Things should have the following three capabilities: a comprehensive perception, reliable delivery, intelligent processing.
2. Typical applications for the Internet of Things
with the physical world applications of cognitive ability
in a pan on the basis of network convergence in the application
-based integrated information application services targeted applications
3. Things security issues and features
of Things devices such as sensors and consumption objects, designed and equipped with large-scale and the number of instruction far beyond the traditional Internet-connected devices, and also has an unprecedented potential link between these devices.
Things device with other devices can be unpredictable, establishing a connection in a dynamic manner.
Things deployments include the same or similar set of equipment, this consistency expand the potential impact of a security vulnerability through a large number of devices with the same characteristics.
Things configure the device using high-tech equipment to get longer life than the general equipment, these devices are configured to the environment makes it impossible or very difficult to reconfigure or upgrade, resulting in relative safety mechanisms are not adequate equipment life to deal with the consequences of the development of security threats.
Things device is not designed with any upgrade capability, or upgrade process cumbersome and impractical, so that they are always exposed to network security threats among.
Things operate the device in a certain way, the user has precise data streams inner workings of the process plant have little or no visibility into actual user think things device is performing certain functions, but in fact it is possible to collect user data exceed expectations.
Things such as environmental sensor device, although embedded into the environment, but difficult to notice the user device and the operating state of the monitor. Therefore, the user may not know that the sensor has a security vulnerability exists in their own surroundings, such security vulnerabilities often exist for a long time will be noticed and corrected.
4. The security challenges facing the Internet of Things
disposal criteria and indicators, regulations, shared responsibility, cost and security trade-offs of obsolete equipment, scalability, data confidentiality, authentication and access control
security attacks 5. Things faced
perception layer for data transmission to attack the main attack certification, permission attack, attack the integrity of silently.
The physical layer typically comprises Attack occupying each node to communicate with communication channels between nodes communicating hinder obstruction denial of service attacks, and extracting the physical node embodiment of sensitive information node tampering tampering attacks.
Link layer including denial of service attacks started simultaneously attack conflict plurality of nodes transmit data at the same channel frequency, and the number of requests sent repeated many times, resulting in excessive consumption of a communication resource exhaustion attacks transmission communication channel aborted.
The network layer comprises a spoofing attack, wormhole attack, flooding attack and the Hello acknowledgment of formula flooding attacks. In addition, also includes a homing attack by the cluster head node and the network have administrative privileges implemented and select target node implementation choices malicious intent forwarding attacks.
Application layer attacks primarily implemented using the data conversion between different protocols to create a huge signal transmission line blocking denial of service attacks by sensing the layer node to the base station.
6. The industrial control system architecture of
the key components of an industrial control system: a controller configuration programming components, data acquisition and supervisory control means, human-machine interface, a distributed process control system.
The network part of the industrial control systems involved: enterprise resource network, process control and monitoring network, network control system
7. Industrial network security situation and security
vulnerabilities is difficult to timely processing of industrial control system security risk
Industrial control system communication protocol lacks sufficient security considerations early in the design. Proprietary industrial control communication protocols or conventions usually emphasize the timeliness and availability of communication only in the design, lack of consideration for the safety of the general lack of sufficient strength of authentication, encryption, authorization and other security measures.
There is not enough security policy and management systems, a lack of staff security awareness, lack of illegal operations, the ability to audit unauthorized access behavior.
Industrial control systems directly exposed on the Internet, the new face of APT attacks, the lack of effective measures to deal with the increasing security risks.
System Architecture lack of basic security system connected to the lack of external risk assessment and security measures. .
External threats faced by industrial control systems 8. security issues:
connect via dial-up access RTU, using the vendor's internal resources to carry out attacks, using the communication component control department, the use of enterprise VPN, obtain access to database
9. Security of Industrial Control Systems
Industrial system infrastructure protection methods: loss of leak protection, host security management, data security management
protection methods based on the master system security baseline: baseline establishment, operation monitoring, implementation of defense