cyber security

June 23, 2018

Technology definitions

Chinese name:
cyber security

English name:
Network security

definition:
The hardware, software, and data in the network system are protected from accidental or malicious destruction, alteration, and leakage, ensuring continuous and reliable operation of the system and uninterrupted network services.
Subject:
Communication Technology (a subject); cyber security (two subjects)

This content was published by the National Science and Technology Terms Examination and Approval Committee
Wikipedia card network security refers to the network system hardware, software and data in the system is protected, not accidentally or maliciously suffered damage, change, leak, the system continues to operate reliably and normally, network services are not interrupted. Network security is essentially information security on the Internet. Broadly speaking, all relevant technologies and theories concerning the confidentiality, integrity, availability, authenticity, and controllability of information on the Internet are all areas of network security research. Cyber ​​security is a comprehensive subject involving many disciplines such as computer science, network technology, communication technology, cryptography, information security technology, applied mathematics, number theory, and information theory.
First, the basic concept The specific meaning of network security will change with the "angle" changes. For example, from the perspective of users (individuals, businesses, etc.), they want information involving personal privacy or commercial interests to be protected from confidentiality, integrity, and authenticity when transmitted over the network, and to prevent eavesdropping by other people or adversaries. Impersonation, tampering, repudiation and other means infringe on the interests and privacy of users.

Second, the main characteristics of network security should have the following five characteristics:

Confidentiality: The property of information not to be disclosed to or used by unauthorized users, entities or processes.

Integrity: The characteristic that data cannot be changed without authorization. That is, the information is kept unchanged, undamaged, and lost during storage or transmission.

Availability: Features that can be accessed by authorized entities and used on demand. That is, whether the desired information can be accessed when needed. For example, denial of service in the network environment, disruption of the network, and normal operation of related systems are all attacks against availability.

Controllability: Ability to control information dissemination and content.

Examining: Providing the basis and means for the emergence of security issues
From the perspective of network operations and managers, they hope that operations such as access, reading, and writing of local network information are protected and controlled, so as to avoid “trapdoors”, viruses, illegal access, denial of service, and illegal occupation and illegal control of network resources. Wait for threats, stop and defend against cyber hacking attacks. For the security and confidentiality departments, they hope to filter and prevent illegal, harmful, or information involving state secrets, avoid leakage of confidential information, avoid harm to society, and cause huge losses to the country. From the perspective of social education and ideology, unhealthy content on the Internet will hinder social stability and human development and must be controlled.

With the rapid development of computer technology, the services processed on computers have also evolved from a single-machine-based mathematical operation and file processing to a complex intranet based on the internal business processes and office automation of a simple connected internal network. Enterprise-wide computer processing systems for enterprise extranets, the Internet, and worldwide information sharing and business processing. While the system processing capability is improved, the system's connection capability is constantly improving. However, with the increase of connectivity information and circulation capacity, security problems based on network connectivity are also increasingly prominent. The overall network security is mainly reflected in the following aspects: physical security of networks, security of network topology, security of network systems, and application systems Security and network management security.

Therefore, the problem of computer security should be the same as the fire and theft prevention problem of every household, so as to prevent it from happening. Even when you think that you yourself will be the target, the threat has already appeared. Once it happens, it is often caught off guard and causes great losses.

Third, its relationship with network performance and functionality Generally, system security and performance and functionality are a paradoxical relationship. If a system does not provide any service (disconnection) to the outside world, it is impossible for the outside world to pose a security threat. However, enterprises accessing the Internet and providing services such as online stores and e-commerce are tantamount to building an internal closed network into an open network environment. Security issues including system-level security also arise.

The construction of a network security system, on the one hand, requires authentication, encryption, monitoring, analysis, recording, etc., thereby affecting the network efficiency and reducing the flexibility of the customer's application; on the other hand, it also increases the management costs.

However, the security threat from the network is actually present. Especially when running critical services on the network, network security is the first problem to be solved.

Select appropriate technologies and products, formulate flexible network security policies, and provide flexible network service channels while ensuring network security.

The use of appropriate security system design and management plans can effectively reduce the impact of network security on network performance and reduce management costs.

All-round security system:

Similar to other security systems (such as security systems), the security system of enterprise application systems should include:

Access control: Through the access control system established for specific network segments and services, most attacks are blocked before reaching the attack target.

Check security vulnerabilities: By checking the cycle of security vulnerabilities, even if the attack can reach the attack target, most attacks can be invalidated.

Attack monitoring: Through an attack monitoring system established on specific network segments and services, most attacks can be detected in real time and corresponding actions can be taken (such as disconnecting the network connection, recording the attack process, tracking the attack source, etc.).

Encrypted communication: Active encrypted communication can make attackers unable to understand and modify sensitive information.

Authentication: A good authentication system prevents attackers from impersonating legitimate users.

Backup and recovery: A good backup and recovery mechanism can restore data and system services as quickly as possible when the attack causes a loss.

With multiple layers of defense, the attacker delays or blocks his arrival at the target after breaking the first line of defense.

Hide internal information, so that attackers can not understand the basic situation within the system.

Set up a security monitoring center to provide security system management, monitoring, canal protection and emergency services for information systems.

Fourth, network security analysis 1. Physical security analysis
The physical security of the network is a prerequisite for the security of the entire network system. In the construction of the campus network project, since the network system is a weak current project, the pressure resistance value is very low. Therefore, in the design and construction of network engineering, priority must be given to the protection of people and network equipment from electricity, fire and lightning; consider wiring systems and lighting wires, power lines, communication lines, heating pipes and hot and cold air ducts. The distance; consider the wiring system and insulated wire, naked wire and grounding and welding safety; must build lightning protection system, lightning protection system not only consider the building lightning protection, but also must consider the lightning protection of computers and other weak electricity pressure equipment. In general, the risks of physical security include: earthquakes, floods, fires and other environmental accidents; power failures; human error or mistakes; equipment theft and destruction; electromagnetic interference; line interception; high availability hardware; I design; room environment and alarm system, security awareness, etc., so we must try to avoid the physical security risk of the network.
2. Security Analysis of Network Structure
The network topology design also directly affects the security of the network system. If the external and internal networks communicate, the internal network's machine security is compromised, and it also affects many other systems on the same network. Spreading through the Internet will also affect other networks connected to Internet/Intrant. As far as the impact is concerned, it may also involve legal and financial security sensitive areas. Therefore, we need to design the public server (WEB, DNS, EMAIL, etc.) and the external network and other internal business network to conduct necessary isolation to avoid leakage of network structure information; at the same time, we must also filter external network service requests. Only normal communication packets are allowed to reach the corresponding host. Other request services should be rejected before reaching the host.
3. System security analysis
The so-called system security refers to whether the entire network operating system and network hardware platform are reliable and trustworthy. At present, I am afraid there is no absolute security operating system can choose, whether it is Microsfot's Windows NT or any other commercial UNIX operating system, its development company must have its Back-Door. Therefore, we can conclude that there is no completely secure operating system. Different users should make detailed analysis of their networks from different aspects and choose the operating system with the highest possible security. Therefore, not only the operating system and hardware platform that are as reliable as possible should be selected, but also the security configuration of the operating system. Moreover, it is necessary to strengthen the authentication of the login process (especially the authentication before reaching the server host) to ensure the validity of the user; secondly, the operation authority of the registrant should be strictly limited, and the operation performed by the registrant should be limited to the minimum range.
4. Application system security analysis
The security of application systems is related to specific applications. It involves a wide range of applications. Application system security is dynamic and constantly changing. Application security also involves the security of information. It includes many aspects.

-- The security of application systems is dynamic and constantly changing.

There are many aspects of application security. For the most widely used E-mail system on the Internet, the solutions include sendmail, Netscape Messaging Server, SoftwareCom Post.Office, Lotus Notes, Exchange Server, and SUN CIMS. Species. Its security methods involve LDAP, DES, RSA and other methods. Application systems are constantly evolving and the types of applications are constantly increasing. In terms of the security of the application system, the main consideration is to establish a secure system platform as much as possible, and continuously discover loopholes, fix loopholes, and improve system security through professional security tools.

- The security of applications involves the security of information and data.

The security of information involves the leakage of confidential information, unauthorized access, disruption of information integrity, impersonation, and disruption of system availability. In some network systems, a lot of confidential information is involved. If some important information is stolen or destroyed, its economic, social impact and political influence will be very serious. Therefore, the use of computers must be authenticated by users, communications must be authorized for important information, and transmissions must be encrypted. The use of multi-level access control and privilege control methods to achieve data security protection; encryption technology to ensure the confidentiality and integrity of information transmitted online (including administrator passwords and accounts, upload information, etc.).
5. Management of security risk analysis
Management is the most important part of security in the network. Unclear responsibilities and powers, incomplete safety management systems, and lack of operability may all cause management safety risks. When the network is attacked or the network is subjected to other security threats (such as illegal operations of internal personnel, etc.), real-time detection, monitoring, reporting, and early warning cannot be performed. At the same time, when an accident occurs, it cannot provide tracking clues and the basis for detection of hacking attacks. That is, it lacks controllability and auditability of the network. This requires us to carry out multi-level records of site visits and discover illegal intrusions.

Establishing a new network security mechanism requires a deep understanding of the network and can provide direct solutions. Therefore, the most feasible approach is to establish a sound management system and strict management. Safeguarding the safe operation of the network and making it an information network with good security, scalability and manageability has become a top priority. Once the aforementioned security risks become a reality, the resulting losses to the entire network are difficult to estimate. Therefore, the network security construction is an important part of the campus network construction process.

V. Network Security Measures 1. Security Technology Measures
Physical measures: For example, protection of key network equipment (such as switches, large computers, etc.), establishment of strict network security rules and regulations, and taking measures such as radiation protection, fire prevention, and installation of uninterrupted power supply (UPS).

Access Control: Strict authentication and control of user access to network resources. For example, user identity authentication, password encryption, update, and authentication, setting user access to directories and files, controlling network device configuration permissions, and the like.

Data encryption: Encryption is an important means of protecting data security. The role of encryption is to ensure that information cannot be read after it is intercepted. Prevent computer network viruses, install network antivirus system.

Network Isolation: There are two methods for network isolation. One is the use of isolation cards, and the other is the use of network security isolation gatekeepers.

Isolation cards are mainly used to isolate a single machine, and gatekeepers are mainly used to isolate the entire network. The difference between the two can be found in reference [1].

Other measures: Other measures include information filtering, fault tolerance, data mirroring, data backup and auditing. In recent years, many solutions have been proposed around network security issues, such as data encryption and firewall technologies. Data encryption encrypts the data transmitted in the network, and then decrypts and restores the original data after it reaches the destination. The purpose is to prevent unauthorized users from intercepting information after they are intercepted. Firewall technology controls access to the network by means of isolation and restricted access to the network.
2. Security awareness Awareness of having network security is an important prerequisite for ensuring network security. Many cyber security incidents are related to the lack of security awareness.
3. Host security inspections To ensure network security and network security, the first step is to first fully understand the system, evaluate the security of the system, and recognize its own risks, so as to quickly and accurately resolve intranet security issues. The first innovative automatic host security check tool independently developed by AnTian Laboratories completely overturns the complexity of traditional system security check and system risk assessment tool operations. A one-button operation can perform comprehensive security checks on intranet computers. And the accuracy of the security rating, and the evaluation system for a strong analysis of the disposal and repair.

VI. Network Security Cases 1. Overview With the rapid development of computer technology, information networks have become an important guarantee for social development. There is a lot of sensitive information, even state secrets. Therefore, it will inevitably attract various man-made attacks (such as information leakage, information theft, data modification, data deletion, computer viruses, etc.) from all over the world. At the same time, network entities are also subject to tests such as floods, fires, earthquakes, and electromagnetic radiation.

Computer criminal cases have also risen sharply. Computer crime has become a universal international problem. According to the report of the Federal Bureau of Investigation, computer crime is one of the largest types of crimes in commercial crimes. The average amount of each crime is 45,000 US dollars. The annual economic losses caused by computer crimes are as high as 5 billion US dollars.
2. Abroad In early 1996, according to a joint survey conducted by the Computer Security Association of San Francisco and the Federal Bureau of Investigation, 53% of companies were affected by computer viruses, and 42% of corporate computer systems were illegal in the past 12 months. used. A Pentagon research team said that the United States suffered more than 250,000 attacks in a year.

In late 1994, Russian hackers Vladimir Levi and his partners launched a series of attacks on the United States Citybank Bank from a networked computer of a small software company in St. Petersburg. They stole from Citybank Bank in New York by electronic transfer. 11 million US dollars.

On August 17, 1996, the U.S. Department of Justice’s web server was hacked, and the U.S. Department of Justice’s home page was changed to the U.S. Injustice Department, and the Minister’s photograph was replaced with Adolf Hitler. The emblem of the Ministry of Justice was replaced by a Nazi emblem and a picture of a porn girl was added as assistant to the so-called Minister of Justice. In addition, many words have been left to attack American judicial policy.

On September 18, 1996, the hacker visited the web server of the US Central Intelligence Agency and changed its home page from "Central Intelligence Agency" to "Central Stupid Office."

On December 29, 1996, the hackers invaded the U.S. Air Force's global network site and deliberately changed their home page. The air force introductions, press releases, and other content were replaced with a brief yellow video, claiming that everything the U.S. government said was Is a lie. Forcing the U.S. Department of Defense to close down more than 80 other military websites.
3. In February 1996, Chinanet, which had just opened recently, was attacked and successfully attacked.

In early 1997, an ISP in Beijing was successfully invaded by hackers and posted an article on how to use the ISP to access the Internet for free in the “hacking and decryption” forum of the “Shuimu Tsinghua” BBS station of Tsinghua University.

On April 23, 1997, a PPP user of Southwestern Bell Internet Co., Ltd. in the area of ​​Chadson, Texas, intruded into a server of the China Internet Network Information Center, deciphered the system's shutdown account and put the China Internet Information Center. The homepage was replaced by a grinning gimmick.

At the beginning of 1996, CHINANET was attacked by a graduate student from a certain university. In the fall of 1996, an ISP in Beijing and its users had some conflicts. This user attacked the ISP's server and caused the service to be interrupted for several hours.

In 2010, Google announced that it was considering exiting the Chinese market, and the announcement stated that the important reason for this decision was because Google was hacked.

VII. Types of Network Security Running system security means ensuring the security of information processing and transmission systems. It focuses on ensuring the normal operation of the system, avoiding damage and loss to the information stored, processed and transmitted by the system due to system breakdown and damage, and avoiding electromagnetic leakage, information leakage, interference with others, and interference from others.

Security of system information on the network. Including user password authentication, user access permission control, data access authority, mode control, security audit, security issue tracking, computer virus prevention, data encryption.

The dissemination of information on the network security, that is, the security of the consequences of information dissemination. Including information filtering. It focuses on preventing and controlling the consequences of the dissemination of illegal and harmful information. Avoid the loss of control over the large amount of freely transmitted information on the public network.

The security of information content on the Internet. It focuses on the confidentiality, authenticity and integrity of the protected information. To prevent attackers from using the system's security loopholes to conduct eavesdropping, impersonation, fraud, and other actions that harm legitimate users. In essence, it is to protect the interests and privacy of users.

8. Network Security Features Network security should have the following four characteristics:

Confidentiality: The property of information not to be disclosed to or used by unauthorized users, entities or processes.

Integrity: The characteristic that data cannot be changed without authorization. That is, the information is kept unchanged, undamaged, and lost during storage or transmission.

Availability: Features that can be accessed by authorized entities and used on demand. That is, whether the desired information can be accessed when needed. For example, denial of service in the network environment, disruption of the network, and normal operation of related systems are all attacks against availability.

Controllability: Ability to control information dissemination and content.

IX. Threats to cybersecurity Natural disasters, accidents, computer crimes, human behaviors, such as improper use, poor safety awareness, etc.; hackers' behavior: hackers' invasion or intrusion, such as illegal access, denial of service, computer viruses, illegal connections, etc. Internal leaks; external leaks; information loss; electronic espionage, such as traffic analysis, information theft, etc.; information warfare; network protocol flaws, such as TCP/IP protocol security issues.

There are two main types of cybersecurity threats: infiltration threats and implant threats. Infiltration threats include: counterfeit, bypass control, and authorization violations;

Implantation threats include: Trojan horses, trap doors.

Trapped door: The establishment of a "feature" in a system or system component that allows the security policy to be violated when providing specific input data.

X. Structure level of network security 1. Physical security Natural disasters (such as lightning, earthquakes, fires, etc.), physical damage (such as hard disk damage, expiration of equipment life, etc.), equipment failures (such as power outages, electromagnetic interference, etc.), accidents ACCIDENT. The solutions are: protective measures, security systems, data backup, etc.

Electromagnetic leakage, leakage of information, interference with others, interference by others, flight (such as leaving after entering the security process), leaking of traces (such as misplacement of password keys, etc.). The solution is: radiation protection, screen password, hidden destruction and so on.

Operational errors (such as deleting files, formatting the hard disk, removing the line, etc.), accidental omissions. The solution is: state detection, alarm confirmation, emergency recovery and so on.

Computer system room environment security. The characteristics are: strong controllability and large losses. Solution: Strengthen computer room management, operation management, security organization and personnel management.
2, security control
Microcomputer operating system security control. For example, if the user presses the power-on password (some microcomputer boards have a “universal password”), the read/write access to the file is controlled (such as the Unix system's file attribute control mechanism). It is mainly used to protect the information and data stored on the hard disk.

Network interface module security control. In the network environment, security control of network communication processes from other machines. Mainly include: identity authentication, customer authority setting and discrimination, audit logs, etc.

Network interconnection equipment security control. Monitor and control the transmission information and operating status of all hosts in the entire subnet. Mainly through network management software or router configuration.
3, security services
Peer Entity Authentication Service
Access Control Service
Data confidentiality service
Data integrity services
Data Source Authentication Service
Prohibit denial of service 4. Security mechanism
Encryption mechanism
Digital signature mechanism
Access control mechanism
Data integrity mechanism
Authentication mechanism
Information flow filling mechanism
Routing Control Mechanism
Notarization mechanism
11. Network Encryption Link Encryption
Node-to-node encryption
End-to-end encryption
XII. Security of TCP/IP Protocol The TCP/IP protocol data stream uses clear text transmission.

Source address spoofing or IP spoofing.

Source Routing spoofing.

RIP Attacks.

Authentication Attacks.

TCP Sequence number spoofing.

TCP SYN Flooding Attack (SYN attack).

Ease of spoofing.

XIII. Network Security Tools Scanner: A program that automatically detects the security vulnerabilities of remote or local hosts. A good scanner is equivalent to the value of a thousand passwords.

How it works: TCP port scanner, select TCP/IP ports and services (such as FTP), and record the target's answer to collect useful information about the target host (can log on anonymously, provide some kind of service). What the scanner tells us: The inherent weaknesses of the target host can be found. These weaknesses can be a key factor in destroying the target host. System administrators use scanners to help strengthen the security of the system. Hackers use it, will be detrimental to the security of the network.

Scanner properties: 1. Find a machine or a network. 2. Once a machine is found, it can find out what services are running on the machine. 3, testing which services have loopholes.

Currently popular scanners: 1, NSS network security scanner, 2, stroke super optimized TCP port detection program, can record all open ports of the specified machine. 3, SATAN security administrator's network analysis tools. 4, JAKAL. 5, XSCAN.

The generally popular network security hardware is: Intrusion Prevention Device (IPS), Intrusion Detection Device (IDS), Unified Security Gateway (UTM), and earlier security hardware and hardware firewall, but with the advent of UTM, Already slowly replaced.

XIV. Information collection tools commonly used by hackers Information collection is the first step to breaking through the network system. Hackers can use the following tools to collect the required information:
1, SNMP protocol SNMP protocol, used to refer to the routing table of non-secure routers to understand the internal details of the target organization's network topology.

The Simple Network Management Protocol SNMP (SNMP) was first proposed by the Internet Engineering Task Force (IETF) research team to solve router management problems on the Internet. SNMP was designed to be protocol neutral. So it can be used on IP, IPX, AppleTalk, OSI and other transmission protocols.
2. The TraceRoute program The TraceRoute program draws the number of networks and routers that reach the target host. The Traceroute program is a handy tool written by Van Jacobson to further explore the TCP\IP protocol. It allows us to see the routes that datagrams travel from one host to another. The Traceroute program can also be used by us. Use the IP Source Routing option to have the source host specify Send Route 3, the Whois protocol Whois protocol, an information service that provides system administrator data for all DNS domains and for each domain. (However, these data are often outdated). WHOIS agreement. The basic content is to establish a connection to the TCP port 43 of the server, send the query keyword and add a carriage return line feed, and then receive the server's query result.
4. DNS server The DNS server is the Domain Name System or Domain Name Service (Domain Name System or Domain Name Service). The domain name system assigns domain names and IP addresses to hosts on the Internet. When a user uses a domain name address, the system will automatically change the domain name address to an IP address. Domain Name Service is an Internet tool that runs the Domain Name System. The server that performs the domain name service is called a DNS server. The DNS server responds to query of the domain name service. 5 Finger protocol Finger protocol. It can provide detailed information of users on a specific host (registration name, telephone number, last registration time, etc.) ).
6. Ping utility The Ping utility can be used to determine the location of a specified host and determine if it is reachable. By using this simple tool in a scanning program, you can ping every possible host address on the network so that you can construct a list of hosts that actually reside on the network. It is used to check whether the network is open or the speed of the network connection. As an administrator or hacker who lives on the Internet, the ping command is the first DOS command that must be mastered. The principle it uses is this: The machines on the network have uniquely determined IP addresses. We give the target. IP address to send a data packet, the other party will return a packet of the same size, according to the returned data packet we can determine the existence of the target host, you can initially determine the target host operating system, etc., of course, it can also be used to determine the connection speed And packet loss rate.

Use method (under XP system)

Start - Run - CMD - OK - Enter ping 0.0.0.0 - Enter
0.0.0.0 is the IP you need.

Some firewalls will prohibit ping, so it may prompt timed out (timeout)
To judge the operating system, it is to see the returned TTL value.

15. Internet Firewall An Internet firewall is a system (or set of systems) that enhances the security of an organization's internal network. The firewall system determines which internal services are accessible to the outside world; who can access internal services and which external services can be accessed by insiders. For a firewall to work, all information coming from and going to the Internet must go through the firewall and be checked by the firewall. The firewall only allows authorized data to pass, and the firewall itself must also be able to avoid infiltration.
1. The relationship between Internet firewalls and security policies
A firewall is not just a combination of a router, bastion host, or any device that provides network security. A firewall is part of a security policy.

Security policy establishes an all-encompassing defense system that even includes: telling users their due responsibilities, company-defined network access, service access, local and remote user authentication, dial-in and dial-out, disk and data encryption, and virus protection , as well as employee training. All places that may be attacked must
The same level of security is protected.

If only a firewall system is set up and there is no comprehensive security policy, then the firewall will be useless.
2, the benefits of the firewall
Internet firewalls manage access between the Internet and the organization's internal network. Without a firewall, each node on the internal network is exposed to other hosts on the Internet and is vulnerable to attacks. This means that the security of the internal network is determined by the robustness of each host, and the security is equivalent to the weakest of them.
3, the role of Internet firewall
Internet firewalls allow network administrators to define a central “point of abrogation” to prevent illegal users, such as preventing hackers and cyber spoilers from entering the internal network. Security vulnerabilities are prohibited from entering and leaving the network, and attacks from various routes are prevented. Internet firewalls simplify security management. The security of the network is hardened on the firewall system rather than distributed to all hosts on the internal network.

The firewall can easily monitor the security of the network and generate alarms. (Note: For an internal network connected to the Internet, the important question is not whether the network will be attacked, but when it will be attacked? Who is attacking?) The network administrator must audit and record all the important information that passes through the firewall. information. If the network administrator can't respond to the alarm and review the regular record in time, the firewall is useless. In this case, the network administrator will never know if the firewall is under attack.

The Internet firewall can be used as a logical address for deploying a Network Address Translator (NAT). Therefore, the firewall can be used to alleviate the shortage of address space and eliminate the trouble of re-addressing when the organization changes the ISP.

Internet firewalls are the best place to audit and record Internet usage. The network administrator can provide the management department with the cost of the Internet connection, identify the location of potential bandwidth bottlenecks, and provide department-level billing based on the organization's accounting model.

XVI. The main manifestations of Internet security risks 1. The Internet is an open and uncontrolled network. Hackers often invade computer systems on the network, steal confidential data and embezzle privileges, or destroy important data, or prevent system functions from reaching their full potential.

2. The data transmission over the Internet is based on the TCP/IP communication protocol. These protocols lack the security measures to prevent the information in the transmission process from being stolen.

3. Most of the communication services on the Internet are supported by Unix operating systems. The obvious security vulnerabilities in Unix operating systems directly affect security services.

4. Electronic information stored, transmitted, and processed on computers has not been envelope-protected and signed and stamped like traditional mail communications. Whether the sources and whereabouts of the information is true, whether the content has been changed, and whether it is leaked, etc., are maintained by gentlemen's agreements in the service agreements supported by the application layer.

5. E-mails have the potential to be defrauded, misdirected and forged. There is a great danger of using e-mail to transmit important confidential information.

6. The spread of computer viruses through the Internet brings great harm to Internet users. Viruses can cause computer and computer network system defects, data and files to be lost. Viruses transmitted on the Internet can be transmitted via public anonymous FTP files, as well as via email and mail attachment files.

XVII. There are four main forms of network security attacks: L interruption, interception, modification and forgery.

Interruption is based on availability as an attack target. It destroys system resources and makes the network unavailable.

Interception is based on confidentiality as an attack target. Unauthorized users gain access to system resources through some means.

Modifications are based on integrity as an attack target. Unauthorized users not only gain access but also modify the data.

Falsification is based on integrity as an attack target. Unauthorized users insert fake data into normally transmitted data.

Network Security Solutions
First, the deployment of intrusion detection systems

Intrusion detection capability is an important factor to measure whether a defense system is complete and effective. A powerful and complete intrusion detection system can make up for the lack of firewall static defense. Real-time detection of various behaviors from external networks and campus networks, timely detection of all possible attack attempts, and taking corresponding measures. Specifically, the intrusion detection engine is connected to the center switch. Intrusion detection system integrates intrusion detection, network management and network monitoring functions. It can capture all data transmitted between internal and external networks in real time. It uses the built-in attack signature database to detect network intrusion using pattern matching and intelligent analysis methods. Behavior and anomalies, and record related events in the database, as a basis for network administrators' post analysis; if the situation is serious, the system can issue real-time alarms, enabling school administrators to take timely response measures.

Second, vulnerability scanning system

采用目前最先进的漏洞扫描系统定期对工作站、服务器、交换机等进行安全检查,并根据检查结果向系统管理员提供详细可靠的安全性分析报告,为提高网络安全整体水平产生重要依据。

三、网络版杀毒产品部署
在该网络防病毒方案中,我们最终要达到一个目的就是:要在整个局域网内杜绝病毒的感染、传播和发作,为了实现这一点,我们应该在整个网络内可能感染和传播病毒的地方采取相应的防病毒手段。同时为了有效、快捷地实施和管理整个网络的防病毒体系,应能实现远程安装、智能升级、远程报警、集中管理、分布查杀等多种功能。

十八.网络安全设备在网络设备和网络应用市场蓬勃发展的带动下,近年来网络安全市场迎来了高速发展期,一方面随着网络的延伸,网络规模迅速扩大,安全问题变得日益复杂,建设可管、可控、可信的网络也是进一步推进网络应用发展的前提;另一方面随着网络所承载的业务日益复杂,保证应用层安全是网络安全发展的新的方向。

随着网络技术的快速发展,原来网络威胁单点叠加式的防护手段已经难以有效抵御日趋严重的混合型安全威胁。构建一个局部安全、全局安全、智能安全的整体安全体系,为用户提供多层次、全方位的立体防护体系成为信息安全建设的新理念。在此理念下,网络安全产品将发生了一系列的变革。

结合实际应用需求,在新的网络安全理念的指引下,网络安全解决方案正向着以下几个方向来发展:

主动防御走向市场
主动防御的理念已经发展了一些年,但是从理论走向应用一直存在着多种阻碍。主动防御主要是通过分析并扫描指定程序或线程的行为,根据预先设定的规则,判定是否属于危险程序或病毒,从而进行防御或者清除操作。不过,从主动防御理念向产品发展的最重要因素就是智能化问题。由于计算机是在一系列的规则下产生的,如何发现、判断、检测威胁并主动防御,成为主动防御理念走向市场的最大阻碍。

由于主动防御可以提升安全策略的执行效率,对企业推进网络安全建设起到了积极作用,所以尽管其产品还不完善,但是随着未来几年技术的进步,以程序自动监控、程序自动分析、程序自动诊断为主要功能的主动防御型产品将与传统网络安全设备相结合。尤其是随着技术的发展,高效准确的对病毒、蠕虫、木马等恶意攻击行为的主动防御产品将逐步发展成熟并推向市场,主动防御技术走向市场将成为一种必然的趋势。

安全技术融合备受重视
随着网络技术的日新月异,网络普及率的快速提高,网络所面临的潜在威胁也越来越大,单一的防护产品早已不能满足市场的需要。发展网络安全整体解决方案已经成为必然趋势,用户对务实有效的安全整体解决方案需求愈加迫切。安全整体解决方案需要产品更加集成化、智能化、便于集中管理。未来几年开发网络安全整体解决方案将成为主要厂商差异化竞争的重要手段。

软硬结合,管理策略走入安全整体解决方案
面对规模越来越庞大和复杂的网络,仅依靠传统的网络安全设备来保证网络层的安全和畅通已经不能满足网络的可管、可控要求,因此以终端准入解决方案为代表的网络管理软件开始融合进整体的安全解决方案。终端准入解决方案通过控制用户终端安全接入网络入手,对接入用户终端强制实施用户安全策略,严格控制终端网络使用行为,为网络安全提供了有效保障,帮助用户实现更加主动的安全防护,实现高效、便捷地网络管理目标,全面推动网络整体安全体系建设的进程。[2]

十九.电子商务网络安全问题电子商务安全从整体上可分为两大部分:计算机网络安全和商务交易安全
(一)计算机网络安全的内容包括:

(1)未进行操作系统相关安全配置
不论采用什么操作系统,在缺省安装的条件下都会存在一些安全问题,只有专门针对操作系统安全性进行相关的和严格的安全配置,才能达到一定的安全程度。千万不要以为操作系统缺省安装后,再配上很强的密码系统就算作安全了。网络软件的漏洞和“后门” 是进行网络攻击的首选目标。

(2)未进行CGI程序代码审计
如果是通用的CGI问题,防范起来还稍微容易一些,但是对于网站或软件供应商专门开发的一些CGI程序,很多存在严重的CGI问题,对于电子商务站点来说,会出现恶意攻击者冒用他人账号进行网上购物等严重后果。

(3)拒绝服务(DoS,Denial of Service)攻击
随着电子商务的兴起,对网站的实时性要求越来越高,DoS或DDoS对网站的威胁越来越大。以网络瘫痪为目标的袭击效果比任何传统的恐怖主义和战争方式都来得更强烈,破坏性更大,造成危害的速度更快,范围也更广,而袭击者本身的风险却非常小,甚至可以在袭击开始前就已经消失得无影无踪,使对方没有实行报复打击的可能。今年2月美国“雅虎”、“亚马逊”受攻击事件就证明了这一点。

(4)安全产品使用不当
虽然不少网站采用了一些网络安全设备,但由于安全产品本身的问题或使用问题,这些产品并没有起到应有的作用。很多安全厂商的产品对配置人员的技术背景要求很高,超出对普通网管人员的技术要求,就算是厂家在最初给用户做了正确的安装、配置,但一旦系统改动,需要改动相关安全产品的设置时,很容易产生许多安全问题。

(5)缺少严格的网络安全管理制度
网络安全最重要的还是要思想上高度重视,网站或局域网内部的安全需要用完备的安全制度来保障。建立和实施严密的计算机网络安全制度与策略是真正实现网络安全的基础。

(二)计算机商务交易安全的内容包括:

(1)窃取信息
由于未采用加密措施,数据信息在网络上以明文形式传送,入侵者在数据包经过的网关或路由器上可以截获传送的信息。通过多次窃取和分析,可以找到信息的规律和格式,进而得到传输信息的内容,造成网上传输信息泄密。

(2)篡改信息
当入侵者掌握了信息的格式和规律后,通过各种技术手段和方法,将网络上传送的信息数据在中途修改,然后再发向目的地。这种方法并不新鲜,在路由器或网关上都可以做此类工作。

(3)假冒
由于掌握了数据的格式,并可以篡改通过的信息,攻击者可以冒充合法用户发送假冒的信息或者主动获取信息,而远端用户通常很难分辨。

(4)恶意破坏
由于攻击者可以接入网络,则可能对网络中的信息进行修改,掌握网上的机要信息,甚至可以潜入网络内部,其后果是非常严重的。

二十.电子商务网络安全问题的对策电子商务的一个重要技术特征是利用计算机技术来传输和处理商业信息。因此,电子商务安全问题的对策从整体上可分为计算机网络安全措施和商务交易安全措施两大部分。
1.计算机网络安全措施计算机网络安全措施主要包括保护网络安全、保护应用服务安全和保护系统安全三个方面,各个方面都要结合考虑安全防护的物理安全、防火墙、信息安全、Web安全、媒体安全等等。

(一)保护网络安全。

网络安全是为保护商务各方网络端系统之间通信过程的安全性。保证机密性、完整性、认证性和访问控制性是网络安全的重要因素。保护网络安全的主要措施如下:

(1)全面规划网络平台的安全策略。

(2)制定网络安全的管理措施。

(3)使用防火墙。

(4)尽可能记录网络上的一切活动。

(5)注意对网络设备的物理保护。

(6)检验网络平台系统的脆弱性。

(7)建立可靠的识别和鉴别机制。

(二)保护应用安全。

保护应用安全,主要是针对特定应用(如Web服务器、网络支付专用软件系统)所建立的安全防护措施,它独立于网络的任何其他安全防护措施。虽然有些防护措施可能是网络安全业务的一种替代或重叠,如Web浏览器和Web服务器在应用层上对网络支付结算信息包的加密,都通过IP层加密,但是许多应用还有自己的特定安全要求。

由于电子商务中的应用层对安全的要求最严格、最复杂,因此更倾向于在应用层而不是在网络层采取各种安全措施。

虽然网络层上的安全仍有其特定地位,但是人们不能完全依靠它来解决电子商务应用的安全性。应用层上的安全业务可以涉及认证、访问控制、机密性、数据完整性、不可否认性、Web安全性、EDI和网络支付等应用的安全性。

(三)保护系统安全。

保护系统安全,是指从整体电子商务系统或网络支付系统的角度进行安全防护,它与网络系统硬件平台、操作系统、各种应用软件等互相关联。涉及网络支付结算的系统安全包含下述一些措施:

(1)在安装的软件中,如浏览器软件、电子钱包软件、支付网关软件等,检查和确认未知的安全漏洞。

(2)技术与管理相结合,使系统具有最小穿透风险性。如通过诸多认证才允许连通,对所有接入数据必须进行审计,对系统用户进行严格安全管理。

(3)建立详细的安全审计日志,以便检测并跟踪入侵攻击等。
2.商务交易安全措施商务交易安全则紧紧围绕传统商务在互联网络上应用时产生的各种安全问题,在计算机网络安全的基础上,如何保障电子商务过程的顺利进行。

各种商务交易安全服务都是通过安全技术来实现的,主要包括加密技术、认证技术和电子商务安全协议等。

(一)加密技术。

加密技术是电子商务采取的基本安全措施,交易双方可根据需要在信息交换的阶段使用。加密技术分为两类,即对称加密和非对称加密。

(1)对称加密。

对称加密又称私钥加密,即信息的发送方和接收方用同一个密钥去加密和解密数据。它的最大优势是加/解密速度快,适合于对大数据量进行加密,但密钥管理困难。如果进行通信的双方能够确保专用密钥在密钥交换阶段未曾泄露,那么机密性和报文完整性就可以通过这种加密方法加密机密信息、随报文一起发送报文摘要或报文散列值来实现。

(2)非对称加密。

非对称加密又称公钥加密,使用一对密钥来分别完成加密和解密操作,其中一个公开发布(即公钥),另一个由用户自己秘密保存(即私钥)。信息交换的过程是:甲方生成一对密钥并将其中的一把作为公钥向其他交易方公开,得到该公钥的乙方使用该密钥对信息进行加密后再发送给甲方,甲方再用自己保存的私钥对加密信息进行解密。

(二)认证技术。

认证技术是用电子手段证明发送者和接收者身份及其文件完整性的技术,即确认双方的身份信息在传送或存储过程中未被篡改过。

(1)数字签名。

数字签名也称电子签名,如同出示手写签名一样,能起到电子文件认证、核准和生效的作用。其实现方式是把散列函数和公开密钥算法结合起来,发送方从报文文本中生成一个散列值,并用自己的私钥对这个散列值进行加密,形成发送方的数字签名;然后,将这个数字签名作为报文的附件和报文一起发送给报文的接收方;报文的接收方首先从接收到的原始报文中计算出散列值,接着再用发送方的公开密钥来对报文附加的数字签名进行解密;如果这两个散列值相同,那么接收方就能确认该数字签名是发送方的。数字签名机制提供了一种鉴别方法,以解决伪造、抵赖、冒充、篡改等问题。

(2)数字证书。

数字证书是一个经证书授权中心数字签名的包含公钥拥有者信息以及公钥的文件数字证书的最主要构成包括一个用户公钥,加上密钥所有者的用户身份标识符,以及被信任的第三方签名第三方一般是用户信任的证书权威机构(CA),如政府部门和金融机构。用户以安全的方式向公钥证书权威机构提交他的公钥并得到证书,然后用户就可以公开这个证书。任何需要用户公钥的人都可以得到此证书,并通过相关的信任签名来验证公钥的有效性。数字证书通过标志交易各方身份信息的一系列数据,提供了一种验证各自身份的方式,用户可以用它来识别对方的身份。

(三)电子商务的安全协议。

除上文提到的各种安全技术之外,电子商务的运行还有一套完整的安全协议。目前,比较成熟的协议有SET、SSL等。

(1)安全套接层协议SSL。

SSL协议位于传输层和应用层之间,由SSL记录协议、SSL握手协议和SSL警报协议组成的。SSL握手协议被用来在客户与服务器真正传输应用层数据之前建立安全机制。当客户与服务器第一次通信时,双方通过握手协议在版本号、密钥交换算法、数据加密算法和Hash算法上达成一致,然后互相验证对方身份,最后使用协商好的密钥交换算法产生一个只有双方知道的秘密信息,客户和服务器各自根据此秘密信息产生数据加密算法和Hash算法参数。SSL记录协议根据SSL握手协议协商的参数,对应用层送来的数据进行加密、压缩、计算消息鉴别码MAC,然后经网络传输层发送给对方。SSL警报协议用来在客户和服务器之间传递SSL出错信息。

(2)安全电子交易协议SET。

SET协议用于划分与界定电子商务活动中消费者、网上商家、交易双方银行、信用卡组织之间的权利义务关系,给定交易信息传送流程标准。SET主要由三个文件组成,分别是SET业务描述、SET程序员指南和SET协议描述。SET协议保证了电子商务系统的机密性、数据的完整性、身份的合法性。

SET协议是专为电子商务系统设计的。它位于应用层,其认证体系十分完善,能实现多方认证。在SET的实现中,消费者帐户信息对商家来说是保密的。但是SET协议十分复杂,交易数据需进行多次验证,用到多个密钥以及多次加密解密。而且在SET协议中除消费者与商家外,还有发卡行、收单行、认证中心、支付网关等其它参与者。

二一.未来网络安全趋势未来二三十年,信息战在军事决策与行动方面的作用将显著增强。在诸多决定性因素中包括以下几点:互联网、无线宽带及射频识别等新技术的广泛应用;实际战争代价高昂且不得人心,以及这样一种可能性,即许多信息技术可秘密使用,使黑客高手能够反复打进对手的计算机网络。

(1)技术对经济与社会的支配力量日益加重
在所有的领域,新的技术不断超越先前的最新技术。便携式电脑和有上网功能的手机使用户一周7天、一天24小时都可收发邮件,浏览网页。

对信息战与运作的影响:技术支配力量不断加强是网络战的根本基础。复杂且常是精微的技术增加了全世界的财富,提高了全球的效率。然而,它同时也使世界变得相对脆弱,因为,在意外情况使计算机的控制与监视陷于混乱时,维持行业和支持系统的运转就非常困难,而发生这种混乱的可能性在迅速增加。根据未来派学者约瑟夫•科茨的观点,一个常被忽视的情况是犯罪组织对信息技术的使用。"时在2015年,黑手党通过电子手段消除了得克萨斯州或内布拉斯加州一家中型银行的所有记录,然后悄悄访问了几家大型金融服务机构的网站,并发布一条简单的信息:'那是我们干的---你可能是下一个目标。我们的愿望是保护你们。'"

未来派学者斯蒂芬•斯蒂尔指出:"网络系统......不单纯是信息,而是网络文化。多层次协调一致的网络袭击将能够同时进行大(国家安全系统)、中(当地电网)、小(汽车发动)规模的破坏。"

(2)先进的通信技术正在改变我们的工作与生活方式
电信正在迅速发展,这主要是得益于电子邮件和其他形式的高技术通信。然而,"千禧世代"(1980年-2000年出生的一代---译注)在大部分情况下已不再使用电子邮件,而喜欢采用即时信息和社交网站与同伴联系。这些技术及其他新技术正在建立起几乎与现实世界中完全一样的复杂而广泛的社会。

对信息战和运作的影响:这是使信息战和运作具有其重要性的关键的两三个趋势之一。

破坏或许并不明目张胆,或者易于发现。由于生产系统对客户的直接输入日益开放,这就有可能修改电脑控制的机床的程序,以生产略微不合规格的产品---甚至自行修改规格,这样,产品的差异就永远不会受到注意。如果作这类篡改时有足够的想像力,并且谨慎地选准目标,则可以想象这些产品会顺利通过检查,但肯定通不过战场检验,从而带来不可设想的军事后果。

信息技术与商业管理顾问劳伦斯•沃格尔提醒注意云计算(第三方数据寄存和面向服务的计算)以及Web2.0的使用(社交网及交互性)。他说:"与云计算相关的网络安全影响值得注意,无论是公共的还是私人的云计算。随着更多的公司和政府采用云计算,它们也就更容易受到破坏和网络袭击。这可能导致服务及快速的重要软件应用能力受到破坏。另外,由于Facebook、博客和其他社交网在我们个人生活中广泛使用,政府组织也在寻求与其相关方联络及互动的类似能力。一旦政府允许在其网络上进行交互的和双向的联络,网络袭击的风险将随之大增。"

(3)全球经济日益融合
这方面的关键因素包括跨国公司的兴起、民族特性的弱化(比如在欧盟范围之内)、互联网的发展,以及对低工资国家的网上工作外包。

对信息战及运作的影响:互联网、私人网络、虚拟私人网络以及多种其他技术,正在将地球联成一个复杂的"信息空间"。这些近乎无限的联系一旦中断,必然会对公司甚至对国家经济造成严重破坏。但是,这更意味着它们面临受到前所未有的间谍活动和秘密袭击的风险。这是信息战及运作的又一个重要趋势。

(4)研究与发展(R&D)促进全球经济增长的作用日益增强, 美国研发费用总和30年来稳步上升。中国、日本、欧盟和俄罗斯也呈类似趋势。 对信息战及运作的影响:这一趋势促进了近数十年技术进步的速度。这是信息战发展的又一关键因素。 R&D的主要产品不是商品或技术,而是信息。即便是研究成果中最机密的部分一般也是存储在计算机里,通过企业的内联网传输,而且一般是在互联网上传送。这种可获取性为间谍提供了极好的目标---无论是工业间谍,还是军事间谍。这(5)技术变化随着新一代的发明与应用而加速
在发展极快的设计学科,大学生一年级时所学的最新知识到毕业时大多已经过时。设计与销售周期---构想、发明、创新、模仿---在不断缩短。在20世纪40年代,产品周期可持续三四十年。今天,持续三四十周已属罕见。

原因很简单:大约80%过往的科学家、工程师、技师和医生今天仍然活着---在互联网上实时交流意见。

机器智能的发展也将对网络安全产生复杂影响。据知识理论家、未来学派学者布鲁斯•拉杜克说:"知识创造是一个可由人重复的过程,也是完全可由机器或在人机互动系统中重复的过程。人工知识创造将迎来"奇点",而非人工智能,或人工基本智能(或者技术进步本身)。人工智能已经可由任何电脑实现,因为情报的定义是储存起来并可重新获取(通过人或计算机)的知识。(人工知识创造)技术最新达到者将推动整个范式转变。 [3]

(5)影响网络安全性的因素:目前我国网络安全存在几大隐患:影响网络安全性的因素主要有以下几个方面。

网络结构因素
网络基本拓扑结构有3种:星型、总线型和环型。一个单位在建立自己的内部网之前,各部门可能已建造了自己的局域网,所采用的拓扑结构也可能完全不同。在建造内部网时,为了实现异构网络间信息的通信,往往要牺牲一些安全机制的设置和实现,从而提出更高的网络开放性要求。

网络协议因素
在建造内部网时,用户为了节省开支,必然会保护原有的网络基础设施。另外,网络公司为生存的需要,对网络协议的兼容性要求越来越高,使众多厂商的协议能互联、兼容和相互通信。这在给用户和厂商带来利益的同时,也带来了安全隐患。如在一种协议下传送的有害程序能很快传遍整个网络。

地域因素由于内部网Intranet既可以是LAN也可能是WAN(内部网指的是它不是一个公用网络,而是一个专用网络),网络往往跨越城际,甚至国际。地理位置复杂,通信线路质量难以保证,这会造成信息在传输过程中的损坏和丢失,也给一些”黑客”造成可乘之机。

用户因素
企业建造自己的内部网是为了加快信息交流,更好地适应市场需求。建立之后,用户的范围必将从企业员工扩大到客户和想了解企业情况的人。用户的增加,也给网络的安全性带来了威胁,因为这里可能就有商业间谍或“黑客”

主机因素
建立内部网时,使原来的各局域网、单机互联,增加了主机的种类,如工作站、服务器,甚至小型机、大中型机。由于它们所使用的操作系统和网络操作系统不尽相同,某个操作系统出现漏洞(如某些系统有一个或几个没有口令的账户),就可能造成整个网络的大隐患。

单位安全政策
实践证明,80%的安全问题是由网络内部引起的,因此,单位对自己内部网的安全性要有高度的重视,必须制订出一套安全管理的规章制度。

人员因素
人的因素是安全问题的薄弱环节。要对用户进行必要的安全教育,选择有较高职业道德修养的人做网络管理员,制订出具体措施,提高安全意识。

其他
其他因素如自然灾害等,也是影响网络安全的因素。

(6)、网络安全的关键技术
网络安全性问题关系到未来网络应用的深入发展,它涉及安全策略、移动代码、指令保护、密码学、操作系统、软件工程和网络安全管理等内容。一般专用的内部网与公用的互联网的隔离主要使用“防火墙”技术。

“防火墙”是一种形象的说法,其实它是一种计算机硬件和软件的组合,使互联网与内部网之间建立起一个安全网关,从而保护内部网免受非法用户的侵入。

能够完成“防火墙”工作的可以是简单的隐蔽路由器,这种“防火墙”如果是一台普通的路由器则仅能起到一种隔离作用。隐蔽路由器也可以在互联网协议端口级上阻止网间或主机间通信,起到一定的过滤作用。 由于隐蔽路由器仅仅是对路由器的参数做些修改,因而也有人不把它归入“防火墙”一级的措施。

真正意义的“防火墙”有两类,一类被称为标准“防火墙”;一类叫双家网关。标准”防火墙”系统包括一个Unix工作站,该工作站的两端各有一个路由器进行缓冲。其中一个路由器的接口是外部