What is the knowledge about network security? . . .

What is network security?

Network security means that the hardware, software and data in the network system are protected from being destroyed, altered, or leaked due to accidental or malicious reasons, and the system can operate continuously, reliably and normally, Network services are not interrupted.

What is a computer virus?

Computer virus refers to a set of computer instructions or program codes inserted by the programmer into a computer program that destroy computer functions or destroy data, affect the use of the computer, and are capable of self-replication.

What is a Trojan horse?

Trojan horse is a kind of remote control software with malicious nature. Trojans are generally divided into client-side and server-side. The client is the console for various commands used locally, and the server is run by others. Only computers that have run the server can be fully controlled. Trojans do not infect files like viruses do.

What is a firewall? How does it ensure network security?

Using a functional firewall is one way to ensure network security. A firewall refers to a combination of a series of components set between different networks (such as a trusted corporate intranet and an untrusted public network) or network security domains. It is the only entrance and exit for information between different networks or network security domains. It can control (allow, deny, monitor) the information flow in and out of the network according to the enterprise's security policy, and it has strong anti-attack capabilities. It is the infrastructure that provides information security services and realizes network and information security.

What is a backdoor? Why do backdoors exist?

A backdoor is a method of bypassing security controls to gain access to a program or system. During the development stage of software, programmers often create backdoors in the software so that flaws in the program can be modified. If a backdoor becomes known to others or is not removed before the software is released, it becomes a security risk.

What is intrusion detection?

Intrusion detection is a reasonable supplement to the firewall, helping the system to deal with network attacks, expanding the security management capabilities of system administrators (including security auditing, monitoring, attack identification and response), and improving the integrity of the information security infrastructure. . It collects information from several key points in the computer network system, analyzes the information, and checks whether there are any violations of security policies and signs of attacks in the network.

What is packet monitoring? What does it do?

Packet monitoring can be thought of as the computer network equivalent of a tapped phone line. When someone is "listening" to a network, they are actually reading and interpreting the packets being sent over the network. If you need to send an email or request a web page from a computer on the Internet, the data you send can be seen by the computer that the information is passing through, and packet monitoring tools allow someone to intercept the data and view it.

What is NIDS?

NIDS is the abbreviation of Network Intrusion Detection System, which is mainly used to detect the intrusion behavior of HACKER and CRACKER through the network. There are two ways to run NIDS, one is to run on the target host to monitor its own communication information, and the other is to run on a separate machine to monitor the communication information of all network devices, such as HUBs and routers.

What is a SYN packet?

The first packet of the TCP connection, a very small data packet. SYN attacks include a large number of such packets, which cannot be effectively processed because they appear to come from sites that do not actually exist.

What is encryption technology?

Encryption technology is the most commonly used security and confidentiality method. It uses technical means to turn important data into garbled code (encrypted) for transmission, and then uses the same or different means to restore (decrypt) it after reaching the destination.

Encryption technology includes two elements: algorithm and key. An algorithm is a step that combines ordinary information or understandable information with a string of numbers (a key) to produce incomprehensible ciphertext. The key is an algorithm used to encode and decrypt data.

In security and confidentiality, the security of network information communication can be ensured through appropriate key encryption technology and management mechanisms.

What is a worm?

A worm originates from a virus that spreads on the Internet. In 1988, Robert Morris, a 22-year-old graduate student at Cornell University, sent a virus called "worm" through the Internet that was specifically designed to attack defects in UNIX systems. The worm caused 6,000 system paralysis and an estimated loss of 2 million to 2 million. $60 million. Due to the birth of this worm, a computer emergency team was set up online. Nowadays, the worm virus family has grown to tens of thousands of species, and most of these tens of millions of worm viruses are created by hackers.

What is an operating system virus?

This virus will use its own program to join the operating system to work. It is very destructive and can cause the entire system to paralyze. And because it has infected the operating system, this virus will replace the legitimate program modules of the operating system with its own program fragments when it is running. The operating system is destroyed based on the characteristics of the virus itself, the status and role of the legal program module in the operating system being replaced, and the way in which the virus replaces the operating system. At the same time, this virus is also highly infective to files in the system.

What is the Morris worm?

It was written by Robert Morris, a first-year graduate student at Cornell University in the United States. This program only has 99 lines. It takes advantage of the shortcomings of the UNIX system and uses the finger command to check the list of online users, then deciphers the user password, uses the MAIL system to copy and spread its own source program, and then compiles and generates the code.

The original network worm was designed to "wander" between computers when the network is idle without causing any damage. When a machine is overloaded, the program can "borrow resources" from idle computers to achieve load balancing on the network. The Morris worm does not "borrow resources" but "exhausts all resources."

What is DDoS?

DDoS is also a distributed denial of service attack. It uses the same method as a normal denial of service attack, but the attack originates from multiple sources. Usually attackers use downloaded tools to penetrate unprotected hosts. After obtaining appropriate access rights to the host, the attacker installs software services or processes (hereinafter referred to as agents) on the host. These agents remain asleep until instructed by their master to launch a denial-of-service attack on a specified target. With the widespread use of highly harmful hacking tools, distributed denial-of-service attacks can launch thousands of attacks against a target simultaneously. The power of a single denial-of-service attack may have no impact on a site with wider bandwidth, but thousands of attacks distributed around the world can have fatal consequences.

What does an ARP attack within a LAN mean?

Because this attack uses ARP request packets to "spoof", the firewall will mistake it for a normal request packet and will not intercept it. Therefore, it is difficult for ordinary firewalls to resist this attack.

What is a spoofing attack?

Network deception technologies mainly include: HONEYPOT and distributed HONEYPOT, deception space technology, etc. The main methods are: IP spoofing, ARP spoofing, DNS spoofing, WEB spoofing, email spoofing, source route spoofing (by specifying a route, pretending to be a fake identity to communicate legally with other hosts or sending fake messages, causing the attacked host to take incorrect actions. ), address spoofing (including forged source addresses and forged intermediate sites), etc.