cyber security

Technology definitions

Chinese name:
cyber security

English name:
Network security

The hardware, software, and data in the network system are protected from accidental or malicious destruction, alteration, and leakage, ensuring continuous and reliable operation of the system and uninterrupted network services.
Communication Technology (a subject); cyber security (two subjects)

This content was published by the National Science and Technology Terms Examination and Approval Committee
Wikipedia card network security refers to the network system hardware, software and data in the system is protected, not accidentally or maliciously suffered damage, change, leak, the system continues to operate reliably and normally, network services are not interrupted. Network security is essentially information security on the Internet. Broadly speaking, all relevant technologies and theories concerning the confidentiality, integrity, availability, authenticity, and controllability of information on the Internet are all areas of network security research. Cyber ​​security is a comprehensive subject involving many disciplines such as computer science, network technology, communication technology, cryptography, information security technology, applied mathematics, number theory, and information theory.
First, the basic concept The specific meaning of network security will change with the "angle" changes. For example, from the perspective of users (individuals, businesses, etc.), they want information involving personal privacy or commercial interests to be protected from confidentiality, integrity, and authenticity when transmitted over the network, and to prevent eavesdropping by other people or adversaries. Impersonation, tampering, repudiation and other means infringe on the interests and privacy of users.

Second, the main characteristics of network security should have the following five characteristics:

Confidentiality: The property of information not to be disclosed to or used by unauthorized users, entities or processes.

Integrity: The characteristic that data cannot be changed without authorization. That is, the information is kept unchanged, undamaged, and lost during storage or transmission.

Availability: Features that can be accessed by authorized entities and used on demand. That is, whether the desired information can be accessed when needed. For example, denial of service in the network environment, disruption of the network, and normal operation of related systems are all attacks against availability.

Controllability: Ability to control information dissemination and content.

Examining: Providing the basis and means for the emergence of security issues
From the perspective of network operations and managers, they hope that operations such as access, reading, and writing of local network information are protected and controlled, so as to avoid “trapdoors”, viruses, illegal access, denial of service, and illegal occupation and illegal control of network resources. Wait for threats, stop and defend against cyber hacking attacks. For the security and confidentiality departments, they hope to filter and prevent illegal, harmful, or information involving state secrets, avoid leakage of confidential information, avoid harm to society, and cause huge losses to the country. From the perspective of social education and ideology, unhealthy content on the Internet will hinder social stability and human development and must be controlled.

With the rapid development of computer technology, the services processed on computers have also evolved from a single-machine-based mathematical operation and file processing to a complex intranet based on the internal business processes and office automation of a simple connected internal network. Enterprise-wide computer processing systems for enterprise extranets, the Internet, and worldwide information sharing and business processing. While the system processing capability is improved, the system's connection capability is constantly improving. However, with the increase of connectivity information and circulation capacity, security problems based on network connectivity are also increasingly prominent. The overall network security is mainly reflected in the following aspects: physical security of networks, security of network topology, security of network systems, and application systems Security and network management security.

Therefore, the problem of computer security should be the same as the fire and theft prevention problem of every household, so as to prevent it from happening. Even when you think that you yourself will be the target, the threat has already appeared. Once it happens, it is often caught off guard and causes great losses.

Third, its relationship with network performance and functionality Generally, system security and performance and functionality are a paradoxical relationship. If a system does not provide any service (disconnection) to the outside world, it is impossible for the outside world to pose a security threat. However, enterprises accessing the Internet and providing services such as online stores and e-commerce are tantamount to building an internal closed network into an open network environment. Security issues including system-level security also arise.

The construction of a network security system, on the one hand, requires authentication, encryption, monitoring, analysis, recording, etc., thereby affecting the network efficiency and reducing the flexibility of the customer's application; on the other hand, it also increases the management costs.

However, the security threat from the network is actually present. Especially when running critical services on the network, network security is the first problem to be solved.

Select appropriate technologies and products, formulate flexible network security policies, and provide flexible network service channels while ensuring network security.

The use of appropriate security system design and management plans can effectively reduce the impact of network security on network performance and reduce management costs.

All-round security system:

Similar to other security systems (such as security systems), the security system of enterprise application systems should include:

Access control: Through the access control system established for specific network segments and services, most attacks are blocked before reaching the attack target.

Check security vulnerabilities: By checking the cycle of security vulnerabilities, even if the attack can reach the attack target, most attacks can be invalidated.

Attack monitoring: Through an attack monitoring system established on specific network segments and services, most attacks can be detected in real time and corresponding actions can be taken (such as disconnecting the network connection, recording the attack process, tracking the attack source, etc.).

Encrypted communication: Active encrypted communication can make attackers unable to understand and modify sensitive information.

Authentication: A good authentication system prevents attackers from impersonating legitimate users.

Backup and recovery: A good backup and recovery mechanism can restore data and system services as quickly as possible when the attack causes a loss.

With multiple layers of defense, the attacker delays or blocks his arrival at the target after breaking the first line of defense.

Hide internal information, so that attackers can not understand the basic situation within the system.

Set up a security monitoring center to provide security system management, monitoring, canal protection and emergency services for information systems.

Fourth, network security analysis 1. Physical security analysis
The physical security of the network is a prerequisite for the security of the entire network system. In the construction of the campus network project, since the network system is a weak current project, the pressure resistance value is very low. Therefore, in the design and construction of network engineering, priority must be given to the protection of people and network equipment from electricity, fire and lightning; consider wiring systems and lighting wires, power lines, communication lines, heating pipes and hot and cold air ducts. The distance; consider the wiring system and insulated wire, naked wire and grounding and welding safety; must build lightning protection system, lightning protection system not only consider the building lightning protection, but also must consider the lightning protection of computers and other weak electricity pressure equipment. In general, the risks of physical security include: earthquakes, floods, fires and other environmental accidents; power failures; human error or mistakes; equipment theft and destruction; electromagnetic interference; line interception; high availability hardware; I design; room environment and alarm system, security awareness, etc., so we must try to avoid the physical security risk of the network.
2. Security Analysis of Network Structure
The network topology design also directly affects the security of the network system. If the external and internal networks communicate, the internal network's machine security is compromised, and it also affects many other systems on the same network. Spreading through the Internet will also affect other networks connected to Internet/Intrant. As far as the impact is concerned, it may also involve legal and financial security sensitive areas. Therefore, we need to design the public server (WEB, DNS, EMAIL, etc.) and the external network and other internal business network to conduct necessary isolation to avoid leakage of network structure information; at the same time, we must also filter external network service requests. Only normal communication packets are allowed to reach the corresponding host. Other request services should be rejected before reaching the host.
3. System security analysis
The so-called system security refers to whether the entire network operating system and network hardware platform are reliable and trustworthy. At present, I am afraid there is no absolute security operating system can choose, whether it is Microsfot's Windows NT or any other commercial UNIX operating system, its development company must have its Back-Door. Therefore, we can conclude that there is no completely secure operating system. Different users should make detailed analysis of their networks from different aspects and choose the operating system with the highest possible security. Therefore, not only the operating system and hardware platform that are as reliable as possible should be selected, but also the security configuration of the operating system. Moreover, it is necessary to strengthen the authentication of the login process (especially the authentication before reaching the server host) to ensure the validity of the user; secondly, the operation authority of the registrant should be strictly limited, and the operation performed by the registrant should be limited to the minimum range.
4. Application system security analysis
The security of application systems is related to specific applications. It involves a wide range of applications. Application system security is dynamic and constantly changing. Application security also involves the security of information. It includes many aspects.

-- The security of application systems is dynamic and constantly changing.

There are many aspects of application security. For the most widely used E-mail system on the Internet, the solutions include sendmail, Netscape Messaging Server, SoftwareCom Post.Office, Lotus Notes, Exchange Server, and SUN CIMS. Species. Its security methods involve LDAP, DES, RSA and other methods. Application systems are constantly evolving and the types of applications are constantly increasing. In terms of the security of the application system, the main consideration is to establish a secure system platform as much as possible, and continuously discover loopholes, fix loopholes, and improve system security through professional security tools.

- The security of applications involves the security of information and data.

The security of information involves the leakage of confidential information, unauthorized access, disruption of information integrity, impersonation, and disruption of system availability. In some network systems, a lot of confidential information is involved. If some important information is stolen or destroyed, its economic, social impact and political influence will be very serious. Therefore, the use of computers must be authenticated by users, communications must be authorized for important information, and transmissions must be encrypted. The use of multi-level access control and privilege control methods to achieve data security protection; encryption technology to ensure the confidentiality and integrity of information transmitted online (including administrator passwords and accounts, upload information, etc.).
5. Management of security risk analysis
Management is the most important part of security in the network. Unclear responsibilities and powers, incomplete safety management systems, and lack of operability may all cause management safety risks. When the network is attacked or the network is subjected to other security threats (such as illegal operations of internal personnel, etc.), real-time detection, monitoring, reporting, and early warning cannot be performed. At the same time, when an accident occurs, it cannot provide tracking clues and the basis for detection of hacking attacks. That is, it lacks controllability and auditability of the network. This requires us to carry out multi-level records of site visits and discover illegal intrusions.

Establishing a new network security mechanism requires a deep understanding of the network and can provide direct solutions. Therefore, the most feasible approach is to establish a sound management system and strict management. Safeguarding the safe operation of the network and making it an information network with good security, scalability and manageability has become a top priority. Once the aforementioned security risks become a reality, the resulting losses to the entire network are difficult to estimate. Therefore, the network security construction is an important part of the campus network construction process.

V. Network Security Measures 1. Security Technology Measures
Physical measures: For example, protection of key network equipment (such as switches, large computers, etc.), establishment of strict network security rules and regulations, and taking measures such as radiation protection, fire prevention, and installation of uninterrupted power supply (UPS).

Access Control: Strict authentication and control of user access to network resources. For example, user identity authentication, password encryption, update, and authentication, setting user access to directories and files, controlling network device configuration permissions, and the like.

Data encryption: Encryption is an important means of protecting data security. The role of encryption is to ensure that information cannot be read after it is intercepted. Prevent computer network viruses, install network antivirus system.

Network Isolation: There are two methods for network isolation. One is the use of isolation cards, and the other is the use of network security isolation gatekeepers.

Isolation cards are mainly used to isolate a single machine, and gatekeepers are mainly used to isolate the entire network. The difference between the two can be found in reference [1].

Other measures: Other measures include information filtering, fault tolerance, data mirroring, data backup and auditing. In recent years, many solutions have been proposed around network security issues, such as data encryption and firewall technologies. Data encryption encrypts the data transmitted in the network, and then decrypts and restores the original data after it reaches the destination. The purpose is to prevent unauthorized users from intercepting information after they are intercepted. Firewall technology controls access to the network by means of isolation and restricted access to the network.
2. Security awareness Awareness of having network security is an important prerequisite for ensuring network security. Many cyber security incidents are related to the lack of security awareness.
3. Host security inspections To ensure network security and network security, the first step is to first fully understand the system, evaluate the security of the system, and recognize its own risks, so as to quickly and accurately resolve intranet security issues. The first innovative automatic host security check tool independently developed by AnTian Laboratories completely overturns the complexity of traditional system security check and system risk assessment tool operations. A one-button operation can perform comprehensive security checks on intranet computers. And the accuracy of the security rating, and the evaluation system for a strong analysis of the disposal and repair.

VI. Network Security Cases 1. Overview With the rapid development of computer technology, information networks have become an important guarantee for social development. There is a lot of sensitive information, even state secrets. Therefore, it will inevitably attract various man-made attacks (such as information leakage, information theft, data modification, data deletion, computer viruses, etc.) from all over the world. At the same time, network entities are also subject to tests such as floods, fires, earthquakes, and electromagnetic radiation.

Computer criminal cases have also risen sharply. Computer crime has become a universal international problem. According to the report of the Federal Bureau of Investigation, computer crime is one of the largest types of crimes in commercial crimes. The average amount of each crime is 45,000 US dollars. The annual economic losses caused by computer crimes are as high as 5 billion US dollars.
2. Abroad In early 1996, according to a joint survey conducted by the Computer Security Association of San Francisco and the Federal Bureau of Investigation, 53% of companies were affected by computer viruses, and 42% of corporate computer systems were illegal in the past 12 months. used. A Pentagon research team said that the United States suffered more than 250,000 attacks in a year.

In late 1994, Russian hackers Vladimir Levi and his partners launched a series of attacks on the United States Citybank Bank from a networked computer of a small software company in St. Petersburg. They stole from Citybank Bank in New York by electronic transfer. 11 million US dollars.

On August 17, 1996, the U.S. Department of Justice’s web server was hacked, and the U.S. Department of Justice’s home page was changed to the U.S. Injustice Department, and the Minister’s photograph was replaced with Adolf Hitler. The emblem of the Ministry of Justice was replaced by a Nazi emblem and a picture of a porn girl was added as assistant to the so-called Minister of Justice. In addition, many words have been left to attack American judicial policy.

On September 18, 1996, the hacker visited the web server of the US Central Intelligence Agency and changed its home page from "Central Intelligence Agency" to "Central Stupid Office."

On December 29, 1996, the hackers invaded the U.S. Air Force's global network site and deliberately changed their home page. The air force introductions, press releases, and other content were replaced with a brief yellow video, claiming that everything the U.S. government said was Is a lie. Forcing the U.S. Department of Defense to close down more than 80 other military websites.
3. In February 1996, Chinanet, which had just opened recently, was attacked and successfully attacked.

In early 1997, an ISP in Beijing was successfully invaded by hackers and posted an article on how to use the ISP to access the Internet for free in the “hacking and decryption” forum of the “Shuimu Tsinghua” BBS station of Tsinghua University.

On April 23, 1997, a PPP user of Southwestern Bell Internet Co., Ltd. in the area of ​​Chadson, Texas, intruded into a server of the China Internet Network Information Center, deciphered the system's shutdown account and put the China Internet Information Center. The homepage was replaced by a grinning gimmick.

At the beginning of 1996, CHINANET was attacked by a graduate student from a certain university. In the fall of 1996, an ISP in Beijing and its users had some conflicts. This user attacked the ISP's server and caused the service to be interrupted for several hours.

In 2010, Google announced that it was considering exiting the Chinese market, and the announcement stated that the important reason for this decision was because Google was hacked.

VII. Types of Network Security Running system security means ensuring the security of information processing and transmission systems. It focuses on ensuring the normal operation of the system, avoiding damage and loss to the information stored, processed and transmitted by the system due to system breakdown and damage, and avoiding electromagnetic leakage, information leakage, interference with others, and interference from others.

Security of system information on the network. Including user password authentication, user access permission control, data access authority, mode control, security audit, security issue tracking, computer virus prevention, data encryption.

The dissemination of information on the network security, that is, the security of the consequences of information dissemination. Including information filtering. It focuses on preventing and controlling the consequences of the dissemination of illegal and harmful information. Avoid the loss of control over the large amount of freely transmitted information on the public network.

The security of information content on the Internet. It focuses on the confidentiality, authenticity and integrity of the protected information. To prevent attackers from using the system's security loopholes to conduct eavesdropping, impersonation, fraud, and other actions that harm legitimate users. In essence, it is to protect the interests and privacy of users.

8. Network Security Features Network security should have the following four characteristics:

Confidentiality: The property of information not to be disclosed to or used by unauthorized users, entities or processes.

Integrity: The characteristic that data cannot be changed without authorization. That is, the information is kept unchanged, undamaged, and lost during storage or transmission.

Availability: Features that can be accessed by authorized entities and used on demand. That is, whether the desired information can be accessed when needed. For example, denial of service in the network environment, disruption of the network, and normal operation of related systems are all attacks against availability.

Controllability: Ability to control information dissemination and content.

IX. Threats to cybersecurity Natural disasters, accidents, computer crimes, human behaviors, such as improper use, poor safety awareness, etc.; hackers' behavior: hackers' invasion or intrusion, such as illegal access, denial of service, computer viruses, illegal connections, etc. Internal leaks; external leaks; information loss; electronic espionage, such as traffic analysis, information theft, etc.; information warfare; network protocol flaws, such as TCP/IP protocol security issues.

There are two main types of cybersecurity threats: infiltration threats and implant threats. Infiltration threats include: counterfeit, bypass control, and authorization violations;

Implantation threats include: Trojan horses, trap doors.

Trapped door: The establishment of a "feature" in a system or system component that allows the security policy to be violated when providing specific input data.

X. Structure level of network security 1. Physical security Natural disasters (such as lightning, earthquakes, fires, etc.), physical damage (such as hard disk damage, expiration of equipment life, etc.), equipment failures (such as power outages, electromagnetic interference, etc.), accidents ACCIDENT. The solutions are: protective measures, security systems, data backup, etc.

Electromagnetic leakage, leakage of information, interference with others, interference by others, flight (such as leaving after entering the security process), leaking of traces (such as misplacement of password keys, etc.). The solution is: radiation protection, screen password, hidden destruction and so on.

Operational errors (such as deleting files, formatting the hard disk, removing the line, etc.), accidental omissions. The solution is: state detection, alarm confirmation, emergency recovery and so on.

Computer system room environment security. The characteristics are: strong controllability and large losses. Solution: Strengthen computer room management, operation management, security organization and personnel management.
2, security control
Microcomputer operating system security control. For example, if the user presses the power-on password (some microcomputer boards have a “universal password”), the read/write access to the file is controlled (such as the Unix system's file attribute control mechanism). It is mainly used to protect the information and data stored on the hard disk.

Network interface module security control. In the network environment, security control of network communication processes from other machines. Mainly include: identity authentication, customer authority setting and discrimination, audit logs, etc.

Network interconnection equipment security control. Monitor and control the transmission information and operating status of all hosts in the entire subnet. Mainly through network management software or router configuration.
3, security services
Peer Entity Authentication Service
Access Control Service
Data confidentiality service
Data integrity services
Data Source Authentication Service
Prohibit denial of service 4. Security mechanism
Encryption mechanism
Digital signature mechanism
Access control mechanism
Data integrity mechanism
Authentication mechanism
Information flow filling mechanism
Routing Control Mechanism
Notarization mechanism
11. Network Encryption Link Encryption
Node-to-node encryption
End-to-end encryption
XII. Security of TCP/IP Protocol The TCP/IP protocol data stream uses clear text transmission.

Source address spoofing or IP spoofing.

Source Routing spoofing.

RIP Attacks.

Authentication Attacks.

TCP Sequence number spoofing.

TCP SYN Flooding Attack (SYN attack).

Ease of spoofing.

XIII. Network Security Tools Scanner: A program that automatically detects the security vulnerabilities of remote or local hosts. A good scanner is equivalent to the value of a thousand passwords.

How it works: TCP port scanner, select TCP/IP ports and services (such as FTP), and record the target's answer to collect useful information about the target host (can log on anonymously, provide some kind of service). What the scanner tells us: The inherent weaknesses of the target host can be found. These weaknesses can be a key factor in destroying the target host. System administrators use scanners to help strengthen the security of the system. Hackers use it, will be detrimental to the security of the network.

Scanner properties: 1. Find a machine or a network. 2. Once a machine is found, it can find out what services are running on the machine. 3, testing which services have loopholes.

Currently popular scanners: 1, NSS network security scanner, 2, stroke super optimized TCP port detection program, can record all open ports of the specified machine. 3, SATAN security administrator's network analysis tools. 4, JAKAL. 5, XSCAN.

The generally popular network security hardware is: Intrusion Prevention Device (IPS), Intrusion Detection Device (IDS), Unified Security Gateway (UTM), and earlier security hardware and hardware firewall, but with the advent of UTM, Already slowly replaced.

XIV. Information collection tools commonly used by hackers Information collection is the first step to breaking through the network system. Hackers can use the following tools to collect the required information:
1, SNMP protocol SNMP protocol, used to refer to the routing table of non-secure routers to understand the internal details of the target organization's network topology.

The Simple Network Management Protocol SNMP (SNMP) was first proposed by the Internet Engineering Task Force (IETF) research team to solve router management problems on the Internet. SNMP was designed to be protocol neutral. So it can be used on IP, IPX, AppleTalk, OSI and other transmission protocols.
2. The TraceRoute program The TraceRoute program draws the number of networks and routers that reach the target host. The Traceroute program is a handy tool written by Van Jacobson to further explore the TCP\IP protocol. It allows us to see the routes that datagrams travel from one host to another. The Traceroute program can also be used by us. Use the IP Source Routing option to have the source host specify Send Route 3, the Whois protocol Whois protocol, an information service that provides system administrator data for all DNS domains and for each domain. (However, these data are often outdated). WHOIS agreement. The basic content is to establish a connection to the TCP port 43 of the server, send the query keyword and add a carriage return line feed, and then receive the server's query result.
4. DNS server The DNS server is the Domain Name System or Domain Name Service (Domain Name System or Domain Name Service). The domain name system assigns domain names and IP addresses to hosts on the Internet. When a user uses a domain name address, the system will automatically change the domain name address to an IP address. Domain Name Service is an Internet tool that runs the Domain Name System. The server that performs the domain name service is called a DNS server. The DNS server responds to query of the domain name service. 5 Finger protocol Finger protocol. It can provide detailed information of users on a specific host (registration name, telephone number, last registration time, etc.) ).
6. Ping utility The Ping utility can be used to determine the location of a specified host and determine if it is reachable. By using this simple tool in a scanning program, you can ping every possible host address on the network so that you can construct a list of hosts that actually reside on the network. It is used to check whether the network is open or the speed of the network connection. As an administrator or hacker who lives on the Internet, the ping command is the first DOS command that must be mastered. The principle it uses is this: The machines on the network have uniquely determined IP addresses. We give the target. IP address to send a data packet, the other party will return a packet of the same size, according to the returned data packet we can determine the existence of the target host, you can initially determine the target host operating system, etc., of course, it can also be used to determine the connection speed And packet loss rate.

Use method (under XP system)

Start - Run - CMD - OK - Enter ping - Enter is the IP you need.

Some firewalls will prohibit ping, so it may prompt timed out (timeout)
To judge the operating system, it is to see the returned TTL value.

15. Internet Firewall An Internet firewall is a system (or set of systems) that enhances the security of an organization's internal network. The firewall system determines which internal services are accessible to the outside world; who can access internal services and which external services can be accessed by insiders. For a firewall to work, all information coming from and going to the Internet must go through the firewall and be checked by the firewall. The firewall only allows authorized data to pass, and the firewall itself must also be able to avoid infiltration.
1. The relationship between Internet firewalls and security policies
A firewall is not just a combination of a router, bastion host, or any device that provides network security. A firewall is part of a security policy.

Security policy establishes an all-encompassing defense system that even includes: telling users their due responsibilities, company-defined network access, service access, local and remote user authentication, dial-in and dial-out, disk and data encryption, and virus protection , as well as employee training. All places that may be attacked must
The same level of security is protected.

If only a firewall system is set up and there is no comprehensive security policy, then the firewall will be useless.
2, the benefits of the firewall
Internet firewalls manage access between the Internet and the organization's internal network. Without a firewall, each node on the internal network is exposed to other hosts on the Internet and is vulnerable to attacks. This means that the security of the internal network is determined by the robustness of each host, and the security is equivalent to the weakest of them.
3, the role of Internet firewall
Internet firewalls allow network administrators to define a central “point of abrogation” to prevent illegal users, such as preventing hackers and cyber spoilers from entering the internal network. Security vulnerabilities are prohibited from entering and leaving the network, and attacks from various routes are prevented. Internet firewalls simplify security management. The security of the network is hardened on the firewall system rather than distributed to all hosts on the internal network.

The firewall can easily monitor the security of the network and generate alarms. (Note: For an internal network connected to the Internet, the important question is not whether the network will be attacked, but when it will be attacked? Who is attacking?) The network administrator must audit and record all the important information that passes through the firewall. information. If the network administrator can't respond to the alarm and review the regular record in time, the firewall is useless. In this case, the network administrator will never know if the firewall is under attack.

The Internet firewall can be used as a logical address for deploying a Network Address Translator (NAT). Therefore, the firewall can be used to alleviate the shortage of address space and eliminate the trouble of re-addressing when the organization changes the ISP.

Internet firewalls are the best place to audit and record Internet usage. The network administrator can provide the management department with the cost of the Internet connection, identify the location of potential bandwidth bottlenecks, and provide department-level billing based on the organization's accounting model.

XVI. The main manifestations of Internet security risks 1. The Internet is an open and uncontrolled network. Hackers often invade computer systems on the network, steal confidential data and embezzle privileges, or destroy important data, or prevent system functions from reaching their full potential.

2. The data transmission over the Internet is based on the TCP/IP communication protocol. These protocols lack the security measures to prevent the information in the transmission process from being stolen.

3. Most of the communication services on the Internet are supported by Unix operating systems. The obvious security vulnerabilities in Unix operating systems directly affect security services.

4. Electronic information stored, transmitted, and processed on computers has not been envelope-protected and signed and stamped like traditional mail communications. Whether the sources and whereabouts of the information is true, whether the content has been changed, and whether it is leaked, etc., are maintained by gentlemen's agreements in the service agreements supported by the application layer.

5. E-mails have the potential to be defrauded, misdirected and forged. There is a great danger of using e-mail to transmit important confidential information.

6. The spread of computer viruses through the Internet brings great harm to Internet users. Viruses can cause computer and computer network system defects, data and files to be lost. Viruses transmitted on the Internet can be transmitted via public anonymous FTP files, as well as via email and mail attachment files.

XVII. There are four main forms of network security attacks: L interruption, interception, modification and forgery.

Interruption is based on availability as an attack target. It destroys system resources and makes the network unavailable.

Interception is based on confidentiality as an attack target. Unauthorized users gain access to system resources through some means.

Modifications are based on integrity as an attack target. Unauthorized users not only gain access but also modify the data.

Falsification is based on integrity as an attack target. Unauthorized users insert fake data into normally transmitted data.

Network Security Solutions
First, the deployment of intrusion detection systems

Intrusion detection capability is an important factor to measure whether a defense system is complete and effective. A powerful and complete intrusion detection system can make up for the lack of firewall static defense. Real-time detection of various behaviors from external networks and campus networks, timely detection of all possible attack attempts, and taking corresponding measures. Specifically, the intrusion detection engine is connected to the center switch. Intrusion detection system integrates intrusion detection, network management and network monitoring functions. It can capture all data transmitted between internal and external networks in real time. It uses the built-in attack signature database to detect network intrusion using pattern matching and intelligent analysis methods. Behavior and anomalies, and record related events in the database, as a basis for network administrators' post analysis; if the situation is serious, the system can issue real-time alarms, enabling school administrators to take timely response measures.

Second, vulnerability scanning system











不论采用什么操作系统,在缺省安装的条件下都会存在一些安全问题,只有专门针对操作系统安全性进行相关的和严格的安全配置,才能达到一定的安全程度。千万不要以为操作系统缺省安装后,再配上很强的密码系统就算作安全了。网络软件的漏洞和“后门” 是进行网络攻击的首选目标。


(3)拒绝服务(DoS,Denial of Service)攻击

























































(4)研究与发展(R&D)促进全球经济增长的作用日益增强, 美国研发费用总和30年来稳步上升。中国、日本、欧盟和俄罗斯也呈类似趋势。 对信息战及运作的影响:这一趋势促进了近数十年技术进步的速度。这是信息战发展的又一关键因素。 R&D的主要产品不是商品或技术,而是信息。即便是研究成果中最机密的部分一般也是存储在计算机里,通过企业的内联网传输,而且一般是在互联网上传送。这种可获取性为间谍提供了极好的目标---无论是工业间谍,还是军事间谍。这(5)技术变化随着新一代的发明与应用而加速


机器智能的发展也将对网络安全产生复杂影响。据知识理论家、未来学派学者布鲁斯•拉杜克说:"知识创造是一个可由人重复的过程,也是完全可由机器或在人机互动系统中重复的过程。人工知识创造将迎来"奇点",而非人工智能,或人工基本智能(或者技术进步本身)。人工智能已经可由任何电脑实现,因为情报的定义是储存起来并可重新获取(通过人或计算机)的知识。(人工知识创造)技术最新达到者将推动整个范式转变。 [3]












能够完成“防火墙”工作的可以是简单的隐蔽路由器,这种“防火墙”如果是一台普通的路由器则仅能起到一种隔离作用。隐蔽路由器也可以在互联网协议端口级上阻止网间或主机间通信,起到一定的过滤作用。 由于隐蔽路由器仅仅是对路由器的参数做些修改,因而也有人不把它归入“防火墙”一级的措施。