What is the prospect of network security?

Hello! See if these help you! Besides, it will help you read carefully.

Introduction: the development trend and present situation of safety management

1, network security status

The wide application of computer network is a revolution in the information society today. The development and popularization of network applications such as e-commerce and e-government not only bring great convenience to our lives, but also create great wealth. With the deepening of the global information wave represented by the Internet, the application of information network technology is becoming more and more popular and extensive, and the application level is deepening, and the application field is gradually expanding from traditional and small business systems to large and key business systems.

At the same time, computer networks are also facing more and more security threats. The well-known hacking activities of network users are increasing at the rate of 10 every year. Network attacks such as webpage modification, illegal entry into the host, sending fake emails, entering the banking system to steal transfer funds, and stealing information are one after another. Computer viruses, Trojan horses, denial-of-service attacks, e-commerce intrusions and theft have all caused various hazards, including tampering with and stealing confidential data, modifying or vilifying website pages, and network paralysis. The problem of network and information security has become increasingly prominent, which has become a major event affecting national security, social stability and people's lives. Developing network security technology corresponding to the existing network technology to ensure the safe, orderly and effective operation of the network is one of the keys to ensure the efficient and orderly application of the Internet.

2. Existing network security technologies

Computer network is a complete combination of various network applications based on network recognizable network protocols, and both protocols and applications may have problems. Network security issues include the design of protocols used in the network, the software implementation of protocols and applications, and of course, network security issues, such as human factors and system management errors. The following table schematically illustrates these network security issues.

Problem type, problem point and problem description

Ignore the security of protocol design. When reaching an agreement, functionality is usually emphasized first, and security is not considered until the last minute.

Other basic protocol problems An agreement based on other non-solid basic protocols will have many problems even if it is perfected.

Process problems When designing the protocol, various possible process problems were not fully considered, which led to improper handling by the system when the situation occurred.

The wrong design of the protocol makes the system service easy to fail or be attacked.

The software design is wrong. The protocol planning is correct, but the design of the protocol or the designer's cognition of the protocol is wrong, which leads to various security loopholes.

Bad programming habits lead to many security vulnerabilities, including common unchecked data length, insufficient fault tolerance of input data, undetected possible errors, wrong application environment assumptions, improper module references, and insufficient undetected resources.

The operator's operation errors are strictly perfect, but the operators have not been well trained or operated according to the manual, which leads to various security loopholes and hidden dangers.

The system maintains the default value. Unsafe software or unscientific preset settings of the operating system cause the system to be in an unsafe state under the default settings. Vulnerable to viruses, worms, Trojan horses, etc.

The unpatched system software and various patches of the operating system were not repaired in time.

Internal security problems are not enough to prevent various attacks initiated by trust systems and networks. The unsafe system in the trust field has become a springboard for the system in the distrust field to attack the trust field.

In view of the various network security problems shown in the above table, network security vendors all over the world are trying to develop various security technologies to prevent these problems, including access control technology, identity identification and authentication technology, cryptography technology, integrity control technology, audit and recovery technology, firewall system, computer virus protection, operating system security, database system security and anti-denial protocol. Various network security software, including firewall, intrusion detection (IDS), antivirus software, CA system, encryption algorithm, etc. , has been launched one after another. These technologies and security systems (software) provide certain security precautions for the network system, and solve some network security problems to some extent.

3. Defects of existing network security technology.

All kinds of existing network security technologies are designed for one or several aspects of network security problems, which can only solve one or several aspects of network security problems to a certain extent, and cannot prevent and solve other problems, let alone provide systematic and effective protection for the whole network. For example, identity authentication and access control technology can only solve the problem of confirming the identity of network users, but can't prevent the security of information transmitted between confirmed users, while computer virus prevention technology can only prevent computer viruses from harming the network and system, but can't identify and confirm the identity of users on the network.

Among the existing network security technologies, firewall technology can solve some network security problems to some extent. Firewall products mainly include packet filtering firewall, state detection packet filtering firewall and application layer proxy firewall, but firewall products all have limitations. Its biggest limitation is that the firewall itself cannot guarantee the security of the data it allows to publish. At the same time, the firewall still has some weaknesses: first, it can't defend against attacks from the inside: the attackers from the inside of the network launch attacks without going through the firewall, but the firewall only isolates the hosts on the intranet and the Internet, monitors the communication between the intranet and the Internet, and does not check the situation of the intranet, so there is nothing to do with the internal attacks; Second, there is no defense against attacks that bypass the firewall: fundamentally, the firewall is a passive defense, and you can only wait for datagrams that pass through it. If the data cannot pass through the firewall for some reason, the firewall will not take any measures; Third, it can't defend against brand-new threats: firewalls can only defend against known threats, but people find that there are new intrusion methods in trusted services, and trusted services become untrustworthy; Fourth, the firewall can't defend against data-driven attacks: although the firewall will scan and analyze all the transmitted information, this scanning and analysis is mostly aimed at IP address and port number or protocol content, not data details. In this way, data-driven attacks, such as viruses, can be attached to things like emails, enter your system and launch attacks.

Intrusion detection technology also has limitations. Its biggest limitation is serious omission and false alarm. It cannot be called a reliable safety tool, but a reference tool.

Before there are more effective security products, more users choose and rely on products like firewalls to protect their network security. However, correspondingly, new OS vulnerabilities and network layer attacks emerge one after another, and more and more incidents break through firewalls and attack computer networks. Therefore, developing a more perfect network security system to effectively protect the network system has become the common demand and goal of network security vendors and users.

4 development trend:

In recent years, China's network security technology has developed rapidly. On the one hand, it benefits from the extensive attention of the central and local governments. On the other hand, due to the increasingly prominent network security problems, network security enterprises keep up with the latest security technology and constantly introduce security products that meet the needs of users and have the characteristics of the times, further promoting the development of network security technology.

From a technical point of view, the main problems faced by network security products in the development process are: in the past, people mainly cared about the protection of systems and network foundations, but now people pay more attention to the security protection at the application level. Security protection has risen from the bottom or simple data level to the application level, and penetrated into the relevance of business behavior and the semantic category of information content. More and more security technologies are combined with applications.

4. 1, the limitations of network security technology at this stage

When it comes to network security technology, we must mention the three main streams of network security technology-firewall technology, intrusion detection technology and anti-virus technology.

Any user, when facing the security problem at the beginning, will often consider this "old three kinds". It can be said that these three network security technologies have played an indispensable role in the whole network security construction, but the traditional security "old three" or security products based on them are facing many new problems.

First of all, from the user's point of view, although the firewall is installed in the system, it is impossible to avoid the invasion of worms, spam, virus spread and denial of service.

Secondly, the single product of intrusion detection without large-scale deployment has inherent shortcomings in early warning, and there is still a lot of room for accurate positioning and overall management.

Thirdly, although many users have installed anti-virus products on stand-alone computers and terminals, the security of the intranet is not only an anti-virus problem, but also includes the implementation of security policies, external illegal intrusion, patch management, compliance management and so on.

Therefore, although the "old three" has made great achievements and still plays an important role, users have gradually felt its shortcomings. Secondly, from the overall technical framework of network security, network security technology is also facing great problems. The "old three samples" are basically aimed at the security of data, single system, software and hardware, and the program itself. The security of application layer needs to focus on the "content" of information semantic category and the "behavior" of network virtual world.

4.2, technology development trend analysis

Development trend of firewall technology

In the era of mixed attacks, a single-function firewall can no longer meet the needs of business, but has multiple security functions. Based on the technology of application protocol layer defense, low false alarm rate detection, high reliability and high performance platform and unified component management, the advantages will be more and more manifested, and UTM(unifiedtreatmanagement) technology came into being.

From the definition of the concept, UTM not only puts forward the form of specific products, but also covers a more profound logical category. From the first half of the definition, the multi-functional security gateway, integrated security gateway and integrated security device proposed by many manufacturers all conform to the concept of UTM; From the second half, the concept of UTM also reflects the deep understanding of security management and the in-depth study of the usability and linkage ability of security products after years of development in the information security industry.

The function of UTM is shown in figure 1. Because UTM equipment is a series safety equipment, UTM equipment must have good performance and high reliability. At the same time, under the unified product management platform, UTM integrates many product functions such as firewall, VPN, gateway anti-virus, IPS, denial of service attack and so on. , to achieve various defense functions. Therefore, the evolution to UTM will be the development trend of firewall. UTM equipment shall have the following characteristics.

(1) network security protocol layer defense. As a simple 2-4 layer protection, firewall mainly protects and controls static information such as IP and ports, but the real security can't just stay at the bottom. We need to build a higher, stronger and more reliable wall. In addition to the traditional access control, it is also necessary to comprehensively detect and control external threats such as spam, denial of service and hacker attacks, and realize the protection of seven-layer protocols, not limited to the second to fourth layers.

(2) Reduce the false alarm rate through classified detection technology. Once the false alarm rate of gateway devices in series is too high, it will bring disastrous consequences to users. The concept of IPS was put forward in 1990s, but at present, the deployment of IPS in the world is very limited, and an important issue affecting its deployment is the false alarm rate. Classification detection technology can greatly reduce the false alarm rate. According to different attacks, different detection technologies are adopted, such as anti-denial of service attack, anti-worm and hacker attack, anti-spam attack, anti-illegal SMS attack and so on. So as to significantly reduce the false positive rate.

(3) Supported by high reliability and high performance hardware platform.

(4) Integrated and unified management. Because UTM devices integrate multiple functions, there must be a platform that can be controlled and managed uniformly, so that users can manage it effectively. In this way, the equipment platform can be standardized and extensible, and users can manage components on a unified platform. At the same time, integrated management can also eliminate information islands caused by the inability of information products to communicate with each other, thus better protecting users' network security when dealing with various attack threats.

Second, the main problems facing network security

1. Network construction units, managers and technicians lack safety awareness and cannot take active safety measures to prevent them, so they are completely in a passive position.

2. The relevant personnel of organizations and departments are not clear about the current situation of network security, do not know or do not know the hidden dangers of the network, thus losing the opportunity to defend against attacks.

3. The computer network security of organizations and departments has not formed a complete and organized framework, and its defects give attackers an opportunity.

4. The computer network of organizations and departments has not established a perfect management system, which leads to the failure of the safety system and safety control measures to fully and effectively play their roles. There are security omissions in business activities, which cause unnecessary information leakage and give attackers the opportunity to collect sensitive information.

5. Network security managers and technicians lack the necessary professional security knowledge, unable to configure and manage the network safely, unable to find existing and possible security problems in time, and unable to actively, orderly and effectively respond to unexpected security incidents.

Three network security solutions

The process of realizing network security is complicated. This complex process needs strict and effective management to ensure the effectiveness of the whole process, ensure that safety control measures can effectively play their effectiveness, and ensure the realization of expected safety goals. Therefore, establishing an organization's security management system is the core of network security. Network security architecture should be constructed from the perspective of system engineering, and all security measures and processes of organizations and departments should be integrated into an organic whole through management means. The security architecture consists of many static security control measures and dynamic security analysis processes.

1. Security requirements analysis "Know yourself and know yourself, and you will win every battle". Only by knowing your own security requirements can you build a suitable security architecture, thus effectively ensuring the security of the network system.

2. Security risk management Security risk management is to evaluate the security threats and business security requirements existing in the results of security requirements analysis, so that organizations and departments can achieve maximum security with acceptable investment. Risk assessment provides a direct basis for organizations and departments to formulate security policies and establish security architecture.

3. Formulate security strategies According to the security needs of organizations and departments and the conclusions of risk assessment, formulate computer network security strategies of organizations and departments.

4. Regular safety audit The main task of safety audit is to audit whether the organization's safety policy has been effectively and correctly implemented. Secondly, because network security is a dynamic process, the configuration of computer networks in organizations and departments may change frequently, so the security requirements of organizations and departments will also change, and the security policies of organizations need to be adjusted accordingly. In order to reflect the changes of safety policies and control measures in time, it is necessary to conduct regular safety audits.

5. The external support of computer network security is inseparable from the necessary external support. With the support of professional security service organizations, the network security system will be more perfect, and updated security information can be obtained to provide security early warning for computer network security.

6. Computer network security management Security management is an important part of computer network security and a basic part of computer network security architecture. Proper management of activities, standardization of various business activities of the organization and orderly operation of the network are important conditions for obtaining security.

Four summaries

People pay more and more attention to the security of computer network. Network security is not only a technical problem, but also a security management problem. It is necessary to comprehensively consider safety factors and formulate reasonable objectives, technical schemes and relevant supporting laws and regulations. There is no absolutely safe network system in the world With the further development of computer network technology, network security protection technology will inevitably develop with the development of network applications.