The information security engineer is an intermediate certification in the soft exam, and the difficulty is not bad. If you start learning today, you will definitely have time
About the Author:
- An ordinary freshman student of cyberspace security in Jilin Normal University
- Obtained three certifications from Huawei, Ali and Tencent in 2022
- A poor worker at the Jishixin Internet Center
- The youngest outstanding developer of Huawei MindSpore so far
- Distinguished lecturer of a security team
- IK&N Team Captain
Note: My article has a strong personal color, don't spray it if you don't like it
Chapter One:
When it comes to Xinan engineers, I have been preparing since October last year, and every time I read the laws and regulations in the first chapter, I have a headache to death
Later, when I figured it out, let’s jump right in and pick the key points. Anyway, there are so many high-level things behind, so he won’t be able to hold on to a law.
The first knowledge point we need to remember is the basic attributes of network information security.
They are:
- confidentiality
- integrity
- availability
- controllability
- non-repudiation
Let me use an analogy to help you understand.
Let’s start with the first one: confidentiality
So what is confidentiality, isn't it just confidentiality? Confidential, what do you mean, you don't deserve to know, I will beat you to death without telling you
It is equivalent to : if you have not obtained the authorization, I will not give you the secret (information)
integrity
I have a mecha, he is very complete, even if there is a person who wants to harm me, sneak into the mecha without my permission, and want to modify my braking program, so that I can go crazy (no).
Then can he achieve it? Certainly not, why, because I didn’t authorize him, he doesn’t have the key to start the program, let alone modify the program, he can’t even get in
This is the integrity that cannot be changed without authorization
availability
Then talk about the mech I just said, how can I judge that it is usable? First of all, everyone must think of it: it can fire laser cannons and kill countless enemies
But at the very least, if he cannot receive intelligence on the battlefield, how can he kill the enemy?
It's like sealing the eyes and ears of a person with high martial arts skills, no matter how strong you are, there is nothing you can do.
Let’s talk about this mecha: Without the ability to receive information, this mecha is not even as good as rotten iron
Therefore, usability emphasizes timely access to network information and services
controllability
Let's say, if one day, Grandpa suddenly goes crazy
45 Degrees Observation Sky: I don't care anymore about what will happen to this world
(I don't care what happens in this world anymore - Obito)
i will wipe out all humans
Will headquarters agree? Certainly not
At this time, they transmit the termination signal directly to my mech, leaving me alone to mourn (555)
The headquarters is my main body in charge, and I am equivalent to a network information system
The responsible subject has the ability to manage and control the network information system
non-repudiation
Then I said, yesterday, I drove the mecha and stole the pig from the old Wang’s house at the entrance of the village.
Lao Wang came to me the next day: He said he wanted to see my mecha driving record, but after seeing it, it was broken, and he was cheated by his own mecha.
This driving record is the embodiment of non-repudiation: preventing users from denying their activities
paragraph summary
So among these five, three are relatively important, namely the three elements of information security :
Confidentiality, Availability, Integrity
Why are controllability and non-repudiation not important?
We thought: Are the first three beneficial to me, while the last two are to limit myself.
Just kidding, handy shorthand
Basic functions of network security
(I'm such a genius, this mech example is so appropriate)
Then he said: If someone bombards me with lasers, then the test is the defense ability of my mecha
Suppose the opponent is very awesome and my mech is pierced. At this moment, a protective cover suddenly appears to wrap me up. This is the emergency measure of the mecha.
Let's say it's pierced, I can't stay in the protective cover all the time, hurry up, start the automatic recovery program
During the recovery process, I suddenly discovered, nnd, no wonder he was able to penetrate, while firing the laser cannon, he also fired a metal worm, which was eroding the mecha, thanks to my monitoring .
Be serious, let's talk about this
Four functions:
Defense is to enable the network to prevent and resist various network security threats
Monitoring, using various measures to detect and discover various known/unknown network security threats
Emergency response, with the function of responding to and handling network attacks in a timely manner
Recovery, in the face of disasters that have occurred, has the function of restoring the operation of the network system
State Secret Classification:
Every time I see a portfolio in a TV series, it says top secret, very awesome.
But in fact there are only three kinds of state secrets
- secret
- confidential
- top secret
There are also three types of passwords derived from this:
Common Password: Protect Confidentiality, Secret
Core Cryptography: Protect Top Secret, Confidential, and Secret Level Information
Commercial password: can be used by dogs