Network Security and IP Security Network Security
cyber security
It refers to the protection received by the hardware, software and data in the network system.
The basic properties of protection are: confidentiality, authentication , integrity and availability;
Basic characteristics: relativity, timeliness, relevance, uncertainty, complexity and importance.
The main research areas in this direction are:
How intruders attack networks,
How to protect your network from attacks,
Design network architecture to be immune to attacks.
Because the Internet was originally designed with little regard for security, network security needs to be considered at all levels of the network.
Cyber security threats
There are mainly attacks such as eavesdropping, insertion, impersonation (forged source IP), hijacking and taking over connections and denial of service. The specific methods are as follows:
**Mapping (scanning):** Determine the open ports and running services of the host, use the tool nmap;
**Countermeasures:** Record network configuration and analyze and identify suspicious activities.
**Packet sniffing:** With the help of broadcast media, the network card interface accepts and records all passing packet frames in promiscuous mode, using the tool wireshark;
**Countermeasures: **The hosts in the organization run software and periodically monitor whether the network interface is working in promiscuous mode and does not use broadcast media.
**IP spoofing:** Generate the original IP and set the source IP to another address;
**Countermeasures:** Ingress filtering, the router does not forward IP packets with invalid source IP addresses (the source IP does not belong to the connected network).
**Denial of Service:** Flooding the receiver and exhausting bandwidth and other resources through malicious flooding of packets and other means:
**Countermeasures: **Filter flood packets, which may cause wrong killings and trace back to the source, making it difficult to deal with reflection attacks.
Authentication
This part must prove that the message does come from the claimed sender, and also verify that the message has not been tampered with during transmission, and that the time, sequence, etc. have not been tampered with to prevent denial.
cryptographic hash function
This function has the characteristics of open algorithm and fast calculation. Many-to-one mapping produces fixed-length output. Different messages produce the same hash value. It is one-way irreversible and resistant to strong/weak collisions.
Commonly used algorithms are:
md5, outputs a 128-bit hash value, which is not secure enough;
sha1, the input message length is <2 raised to the 64th power, the hash value is 160 bits, which is slower but more secure.
Message authentication
The general idea is to combine the message and message digest into an extended message.
Message authentication code Mac, message m+authentication key s+password hash function h->extended message (m, h(m+s)),
After receiving it, compare the hash values of m+s. This method cannot solve the denial problem.
digital signature
There is verifiability, non-forgeability and non-repudiation.
IP security
Virtual Private NetworkVPN
Initially, private network PN was used to ensure security, and dedicated network equipment was used to build a network dedicated to serving specific organizations. This method of realizing a secure network was too costly, so virtual private networks emerged.
VPN enables remote users to securely connect to the headquarters through a secure channel established on the public network. It does not actually monopolize the resources of the public network. It is a safe and stable tunnel that logically passes through the public network.
**Requires implementation: **Data confidentiality protection, data integrity authentication, data source identity authentication, replay attack prevention and access control.
Key technologies: tunnel technology, data encryption , identity authentication, key management, access control, of which tunnel technology is the core technology.
tunnel technology
Tunnel technology provides a secure point-to-point data transmission channel through the Internet. It is essentially an encapsulation using a tunnel protocol.
The technology has three layers, passenger protocol, encapsulation protocol and bearer protocol;
Common protocols in the second layer include pptp point-to-point tunneling protocol and l2tp protocol, which are mainly used for remote clients to access the LAN;
The third layer protocol is IPsec, which is used for gateway-to-gateway and gateway-to-host.
Specific implementation technologies include:
IPsec is the most secure and widely used, ssl has the advantages of high-level protocols, and l2tp is the best technology for remote access VPN.
IPsec
Providing confidentiality, integrity, source authentication, and anti-replay services, the sending and receiving of IPsec datagrams are completed by the end system.
Two protocols that provide IPsec services:
Authentication header ah: IP data header protocol number 51, provides source authentication and data integrity verification, but does not provide confidentiality;
Encapsulated security header esp: IP data header protocol number 50, provides source authentication, data integrity and confidentiality services, and is more widely used than ah.
web application security
Active attack: tampering with c/s information or site information, difficult to detect and easy to detect; Passive attack: monitoring or information volume analysis, difficult to detect and easy to detect. Based on the application layer, security services are developed with specific applications;
Based on the transport layer: SSL or TLS, transparent to the application, and the application layer data will be encrypted; Based on the network layer: IPsec implements an end-to-end security mechanism, a universal solution, and various applications can use the security mechanism provided by IPsec.
Wireless LAN security
Wep wired equivalent confidentiality, using symmetric key encryption, self-synchronization (each group is individually encrypted);
The encryption implementation process is as follows:
Calculate the data integrity check value icv, which is attached to the last four digits of the data. Each end has a 104-bit shared secret key. The sending end generates a 24-bit initial vector and attaches it to the secret key. The sending end appends an 8-bit keyid and a 128-bit secret key. The key is input to the pseudo-random number generator to generate a secret key stream, and the rc4 algorithm is used to encrypt the data + icv.
Decryption process: Extract iv iv and the shared secret key and input them into the pseudo-random number generator to obtain the secret key stream byte-by-byte XOR decrypt d and icv Use icv to verify integrity
crack
Vulnerability: A 24-bit IV per frame causes the reused IV to be transmitted in plaintext. The reused IV is susceptible to detection attacks . It is induced to encrypt known plaintext, and the k key sequence can be decrypted the next time it is reused. 802:1i improved security. Provides key distribution using an AP-independent authentication server
Summarize
This part belongs to the expanded content of security, so this time I will only give a general understanding and know that there are these protocols and methods to deal with security threats at each layer.
What knowledge do you need to learn to get started with the basics of network security?
Cybersecurity learning route
This is an overview of the learning route outline for network security from basic to advanced. Friends, please remember to click and add it to your collection!
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-v19T846c-1677167179814) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)] Edit
Stage One: Basic Introduction
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-sRoDZu4K-1677167179814) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Introduction to Cyber Security
Penetration Testing Basics
Network basics
Operating system basics
Web security basics
Database basics
Programming basics
CTF basics
After completing this stage, you can earn an annual salary of 15w+
Stage 2: Technical advancement (at this point you are considered a beginner)
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-il25GFVz-1677167179815) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Weak passwords and password blasting
XSS vulnerability
CSRF vulnerability
SSRF vulnerability
XXE vulnerability
SQL injection
Arbitrary file manipulation vulnerability
Business logic vulnerability
The annual salary after studying at this stage is 25w+
Stage three: high-level promotion
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-ITOSD3Gz-1677167179816) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Deserialization vulnerability
RCE
Comprehensive shooting range practical project
Intranet penetration
Traffic Analysis
Log analysis
Malicious code analysis
Emergency Response
Practical training
After completing this stage, you can earn an annual salary of 30w+
Phase 4: Blue Team Course
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-SKCwwld2-1677167179818) (data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==)]
Blue Team Basics
Blue team advanced
This section focuses on the defense of the blue team, the network security engineers who are more easily understood by everyone.
With both offense and defense, the annual salary income can reach 400,000+
Stage 5: Interview Guide & Stage 6: Upgraded Content
You need the network security supporting videos, source codes and more network security related books & interview questions corresponding to the above roadmap.