Technology definitions
Chinese name:
cyber security
English name:
Network security
definition:
The hardware, software, and data in the network system are protected from accidental or malicious destruction, alteration, and leakage, ensuring continuous and reliable operation of the system and uninterrupted network services.
Subject:
Communication Technology (a subject); cyber security (two subjects)
This content was published by the National Science and Technology Terms Examination and Approval Committee
Encyclopedia Card Network Security means that the data in the network system's hardware, software, and its systems is protected from accidental or malicious damage, changes, and leaks. The system operates continuously and reliably, and network services are not interrupted. Network security is essentially information security on the Internet. Broadly speaking, all related technologies and theories concerning the confidentiality, integrity, availability, authenticity, and controllability of information on the Internet are all areas of network security research. Network security is a comprehensive discipline involving various disciplines such as computer science, network technology, communication technology, cryptography, information security technology, applied mathematics, number theory, and information theory.
First, the basic concept The specific meaning of network security will change with the "angle" changes. For example, from the perspective of users (individuals, businesses, etc.), they want information involving personal privacy or commercial interests to be protected from confidentiality, integrity, and authenticity when transmitted over the network, and to prevent eavesdropping by other people or adversaries. Impersonation, tampering, repudiation and other means infringe on the interests and privacy of users.
Second, the main characteristics of network security should have the following five characteristics:
Confidentiality: The property of information not to be disclosed to or used by unauthorized users, entities or processes.
Integrity: The characteristic that data cannot be changed without authorization. That is, the information is kept unchanged, undamaged, and lost during storage or transmission.
Availability: Features that can be accessed by authorized entities and used on demand. That is, whether the desired information can be accessed when needed. For example, denial of service in the network environment, disruption of the network, and normal operation of related systems are all attacks against usability.
Controllability: Ability to control information dissemination and content.
Examining: Providing the basis and means for the emergence of security issues
From the perspective of network operations and managers, they hope that operations such as access, reading, and writing of local network information are protected and controlled, so as to avoid “trapdoorsâ€, viruses, illegal access, denial of service, and illegal occupation and illegal control of network resources. Waiting for threats, stopping and defending cyberhackers from attacks. For the security and confidentiality departments, they hope to filter and prevent illegal, harmful, or information involving state secrets, avoid leakage of confidential information, avoid harm to society, and cause huge losses to the country. From the perspective of social education and ideology, unhealthy content on the Internet will hinder social stability and human development and must be controlled.
With the rapid development of computer technology, the services processed on computers have also evolved from a single-machine-based mathematical operation and file processing to a complex intranet based on the internal business processes and office automation of a simple connected internal network. Enterprise-wide computer processing systems for enterprise extranets, the Internet, and worldwide information sharing and business processing. While system processing capability is improving, the system's connection capability is also constantly improving. However, as the connectivity information and the circulation capacity increase, the security problems based on network connection are also becoming increasingly prominent. The overall network security is mainly reflected in the following aspects: physical security of the network, security of network topology, security of network systems, and application systems Security and network management security.
Therefore, the problem of computer security should be the same as the fire prevention and theft prevention problem of each household. It is not even thought that when you yourself will become a target, the threat has already appeared. Once it happens, it is often caught off guard and causes great losses.
Third, its relationship with network performance and functionality Generally, system security and performance and functionality are a paradoxical relationship. If a system does not provide any service (disconnection) to the outside world, it is impossible for the outside world to pose a security threat. However, enterprises accessing the Internet and providing services such as online stores and e-commerce are tantamount to building an internally closed network into an open network environment. Security issues, including system-level security, have also arisen.
The construction of a network security system, on the one hand, requires authentication, encryption, monitoring, analysis, recording, etc., thereby affecting network efficiency and reducing the flexibility of client applications; on the other hand, it also increases management costs.
However, security threats from the network actually exist. Especially when running critical services on the network, network security is the first problem to be solved.
Select appropriate technologies and products, formulate flexible network security policies, and provide flexible network service channels while ensuring network security.
Using appropriate security system design and management plans can effectively reduce the impact of network security on network performance and reduce management costs.
All-round security system:
Similar to other security systems (such as security systems), the security system of enterprise application systems should include:
Access control: Through the access control system established for specific network segments and services, most attacks are blocked before reaching the attack target.
Check security vulnerabilities: By checking the periodicity of security vulnerabilities, even if the attack can reach the attack target, it can invalidate most of the attacks.
Attack monitoring: Through an attack monitoring system established on specific network segments and services, most attacks can be detected in real time and corresponding actions can be taken (such as disconnecting network connections, recording attack processes, and tracking attack sources).
Encrypted communication: Active encrypted communication can make attackers unable to understand and modify sensitive information.
Authentication: A good authentication system prevents attackers from impersonating legitimate users.
Backup and recovery: A good backup and recovery mechanism can restore data and system services as quickly as possible when the attack causes a loss.
With multiple layers of defense, the attacker delays or blocks his arrival at the attack target after breaking the first line of defense.
Hide internal information, so that attackers can not understand the basic situation within the system.
Set up a security monitoring center to provide security system management, monitoring, canal protection and emergency services for information systems.
Fourth, network security analysis 1. Physical security analysis
The physical security of the network is a prerequisite for the security of the entire network system. In the construction of the campus network project, since the network system is a weak current project, the pressure resistance value is very low. Therefore, in the design and construction of network engineering, priority must be given to the protection of people and network equipment from electricity, fire, and lightning. Consider wiring systems and lighting wires, power lines, communication lines, heating pipes, and hot and cold air ducts. The distance; consider the wiring system and insulated wire, naked wire and grounding and welding safety; must build lightning protection system, lightning protection system not only consider the building lightning protection, but also must consider the lightning protection of computers and other weak electrical pressure equipment. In general, the risks of physical security include: earthquakes, floods, fires and other environmental accidents; power failures; human error or mistakes; equipment theft or destruction; electromagnetic interference; interception of lines; high availability hardware; I design; room environment and alarm system, security awareness, etc., so we must try to avoid the physical security risk of the network.
2. Security Analysis of Network Structure
The network topology design also directly affects the security of the network system. If the external and internal networks communicate, the internal network's machine security is compromised, and it also affects many other systems on the same network. Spreading through the Internet will also affect other networks connected to Internet/Intrant. As far as the impact is concerned, it may also involve legal and financial security sensitive areas. Therefore, we need to design the public server (WEB, DNS, EMAIL, etc.) and the external network and other internal business network to conduct necessary isolation to avoid leakage of network structure information; at the same time, we must also filter external network service requests. Only normal communication packets are allowed to reach the corresponding host. Other request services should be rejected before reaching the host.
3. System security analysis
The so-called system security refers to whether the entire network operating system and network hardware platform are reliable and trustworthy. At present, I am afraid there is no absolute security operating system can choose, whether it is Microsfot's Windows NT or any other commercial UNIX operating system, its development company must have its Back-Door. Therefore, we can conclude that there is no completely secure operating system. Different users should make detailed analysis of their networks from different aspects and choose the operating system with the highest possible security. Therefore, not only the operating system and hardware platform that are as reliable as possible should be selected, but also the security configuration of the operating system. Moreover, it is necessary to strengthen the authentication of the login process (especially the authentication before reaching the server host) to ensure the validity of the user; secondly, the operation authority of the registrant should be strictly restricted, and the operation performed by the registrant should be limited to the minimum range.
4. Application system security analysis
The security of application systems is related to specific applications. It involves a wide range of applications. Application system security is dynamic and constantly changing. Application security also involves the security of information. It includes many aspects.
-- The security of application systems is dynamic and constantly changing.
The security of the application involves many aspects. For the most widely used E-mail system on the Internet, the solutions include sendmail, Netscape Messaging Server, SoftwareCom Post.Office, Lotus Notes, Exchange Server, and SUN CIMS. Species. Its security methods involve LDAP, DES, RSA and other methods. Application systems are constantly evolving and the types of applications are constantly increasing. In terms of the security of the application system, the main consideration is to establish a secure system platform as much as possible, and continuously discover loopholes, fix loopholes, and improve system security through professional security tools.
- The security of applications involves the security of information and data.
The security of information involves the leakage of confidential information, unauthorized access, disruption of information integrity, impersonation, and disruption of system availability. In some network systems, a lot of confidential information is involved. If some important information is stolen or destroyed, its economic, social impact and political influence will be very serious. Therefore, the use of computers must be authenticated by users, communications must be authorized for the transmission of important information, and transmissions must be encrypted. The use of multi-level access control and privilege control methods to achieve data security protection; encryption technology to ensure the confidentiality and integrity of information transmitted online (including administrator passwords and accounts, upload information, etc.).
5. Management of security risk analysis
Management is the most important part of security in the network. Unclear responsibilities and powers, incomplete safety management systems, and lack of operability may all cause management safety risks. When the network is attacked or the network is subjected to other security threats (such as illegal operations of internal personnel, etc.), real-time detection, monitoring, reporting, and early warning cannot be performed. At the same time, when an accident occurs, it cannot provide tracking clues and the basis for detection of hacking attacks. That is, it lacks controllability and scrutiny of the network. This requires us to carry out multi-level records of site visits and discover illegal intrusions.
To establish a new network security mechanism, we must deeply understand the network and provide direct solutions. Therefore, the most feasible approach is to establish a sound management system and a combination of strict management. Safeguarding the safe operation of the network and making it an information network with good security, scalability, and manageability has become a top priority. Once the aforementioned security risks become a reality, the resulting losses to the entire network are difficult to estimate. Therefore, the network security construction is an important part of the campus network construction process.
V. Network Security Measures 1. Security Technology Measures
Physical measures: For example, protection of key network equipment (such as switches, large computers, etc.), establishment of strict network security rules and regulations, and taking measures such as radiation protection, fire prevention, and installation of uninterrupted power supply (UPS).
Access Control: Strict authentication and control of user access to network resources. For example, user identity authentication, password encryption, update, and authentication, setting user access to directories and files, controlling network device configuration permissions, and the like.
Data encryption: Encryption is an important means of protecting data security. The role of encryption is to ensure that information cannot be read after it is intercepted. Prevent computer network viruses, install network antivirus system.
Network Isolation: There are two methods for network isolation. One is the use of isolation cards, and the other is the use of network security isolation gatekeepers.
Isolation cards are mainly used to isolate a single machine, and gatekeepers are mainly used to isolate the entire network. The difference between the two can be found in reference [1].
Other measures: Other measures include information filtering, fault tolerance, data mirroring, data backup and auditing. In recent years, many solutions have been proposed around network security issues, such as data encryption and firewall technologies. Data encryption encrypts the data transmitted in the network, and then decrypts and restores the original data after it reaches the destination. The purpose is to prevent unauthorized users from intercepting information after they are intercepted. Firewall technology controls access to the network by means of isolation and restricted access to the network.
2. Security awareness Awareness of having network security is an important prerequisite for ensuring network security. Many cyber security incidents are related to the lack of security awareness.
3. Host security inspections To ensure network security and network security, the first step is to first fully understand the system, evaluate the security of the system, recognize its own risks, and quickly and accurately resolve intranet security issues. The first innovative automatic host security check tool independently developed by AnTian Laboratories completely overturns the complexity of traditional system security check and system risk assessment tool operations. A one-button operation can perform comprehensive security checks on intranet computers. And the accuracy of the security rating, and the evaluation system for a strong analysis of the disposal and repair.
VI. Network Security Cases 1. Overview With the rapid development of computer technology, information networks have become an important guarantee for social development. There is a lot of sensitive information, even state secrets. Therefore, it will inevitably attract various man-made attacks (such as information leakage, information theft, data modification, data deletion, computer viruses, etc.) from all over the world. At the same time, network entities are also subject to tests such as floods, fires, earthquakes, and electromagnetic radiation.
Computer criminal cases have also risen sharply. Computer crime has become a common international problem. According to the report of the Federal Bureau of Investigation, computer crime is one of the largest types of crimes in commercial crimes. The average amount of each crime is 45,000 US dollars, and the annual economic losses caused by computer crimes are as high as 5 billion US dollars.
2. Abroad In early 1996, according to a joint survey conducted by the Computer Security Association of San Francisco and the Federal Bureau of Investigation, 53% of companies were affected by computer viruses, and 42% of corporate computer systems were illegal in the past 12 months. used. A Pentagon research team said that the United States suffered more than 250,000 attacks in a year.
In late 1994, Russian hackers Vladimir Levi and his partners launched a series of attacks from the networked computers of a small software company in St. Petersburg to the City Bank of the United States, and stole from Citybank Bank in New York by electronic transfer. 11 million US dollars.
On August 17, 1996, the U.S. Department of Justice’s web server was hacked, and the U.S. Department of Justice’s home page was changed to the “U.S. Injustice Department†and the Minister of Justice’s photograph was replaced with Adolf Hitler. The emblem of the Ministry of Justice was replaced by a Nazi emblem and a picture of a porn girl was added as an assistant to the so-called Minister of Justice. In addition, many words have been left to attack American judicial policy.
On September 18, 1996, the hacker visited the web server of the US Central Intelligence Agency and changed its home page from "Central Intelligence Agency" to "Central Stupid Office."
On December 29, 1996, the hackers invaded the U.S. Air Force's global network site and deliberately changed their home page. The air force introductions, press releases, and other content were replaced with a brief yellow video, claiming that everything the U.S. government said was Is a lie. Forcing the U.S. Department of Defense to close down more than 80 other military websites.
3. In February 1996, Chinanet, which had just opened recently, was attacked and successfully attacked.
In early 1997, an ISP in Beijing was successfully invaded by hackers and posted an article on how to use the ISP to access the Internet for free in the “hacking and decryption†forum of the “Shuimu Tsinghua†BBS station of Tsinghua University.
On April 23, 1997, a PPP user of Southwestern Bell Internet Co., Ltd. in the area of ​​Chadson, Texas, intruded into a server of the China Internet Network Information Center, deciphered the system's shutdown account and put the China Internet Information Center. The homepage was replaced by a grinning gimmick.
At the beginning of 1996, CHINANET was attacked by a graduate student from a certain university. In the fall of 1996, an ISP in Beijing and its users had some conflicts. This user attacked the ISP's server and caused the service to be interrupted for several hours.
In 2010, Google announced that it was considering exiting the Chinese market, and the announcement stated that the important reason for this decision was because Google was hacked.
VII. Types of Network Security Running system security means ensuring the security of information processing and transmission systems. It focuses on ensuring the normal operation of the system, avoiding damage and loss to the information stored, processed and transmitted by the system due to system breakdown and damage, and avoiding information leakage, interference with others and interference by others due to electromagnetic leakage.
Security of system information on the network. Including user password authentication, user access control, data access permissions, mode control, security audit, security issue tracking, computer virus prevention, data encryption.
The dissemination of information on the network security, that is, the security of the consequences of information dissemination. Including information filtering. It focuses on preventing and controlling the consequences of the dissemination of illegal and harmful information. Avoid the loss of control over the large amount of freely transmitted information on the public network.
The security of information content on the Internet. It focuses on the confidentiality, authenticity and integrity of the protected information. To prevent attackers from using the system's security loopholes to eavesdrop, impersonate, fraudulent, etc. detrimental to legitimate users. In essence, it is to protect the interests and privacy of users.
8. Network Security Features Network security should have the following four characteristics:
Confidentiality: The property that information is not disclosed to or used by unauthorized users, entities or processes.
Integrity: The characteristic that data cannot be changed without authorization. That is, the information is kept unchanged, undamaged, and lost during storage or transmission.
Availability: Features that can be accessed by authorized entities and used on demand. That is, whether the desired information can be accessed when needed. For example, denial of service in the network environment, disruption of the network, and normal operation of related systems are all attacks against availability.
Controllability: Ability to control information dissemination and content.
IX. Threats to cybersecurity Natural disasters, accidents, computer crimes, human behaviors, such as improper use, poor safety awareness, etc.; hackers' behavior: hackers intrusion or intrusion, such as illegal access, denial of service computer virus, illegal connection, etc. Internal leaks; external leaks; loss of information; electronic espionage, such as traffic analysis, information theft, etc.; information warfare; defects in network protocols, such as TCP/IP protocol security issues.
There are two main types of cybersecurity threats: infiltration threats and implant threats. Infiltration threats include: counterfeit, bypass control, and authorization violations;
Implantation threats include: Trojan horses, trap doors.
Trapped door: The establishment of a "feature" in a system or system component that allows the security policy to be violated when providing specific input data.
X. Structure level of network security 1. Physical security Natural disasters (such as lightning, earthquakes, fires, etc.), physical damage (such as hard disk damage, expiration of equipment life, etc.), equipment failures (such as power outages, electromagnetic interference, etc.), accidents ACCIDENT. The solutions are: protective measures, security systems, data backup, etc.
Electromagnetic leakage, leakage of information, interference with others, interference by others, opportunity (such as leaving after entering the security process), leaking of traces (such as misplacement of password keys, etc.). The solution is: radiation protection, screen password, hidden destruction and so on.
Operational errors (such as deleting files, formatting the hard disk, removing the line, etc.), accidental omissions. The solution is: state detection, alarm confirmation, emergency recovery and so on.
Computer system room environment security. The characteristics are: strong controllability and large losses. Solution: Strengthen computer room management, operation management, security organization and personnel management.
2, security control
Microcomputer operating system security control. For example, the password that the user starts to type (some PC motherboards have a “universal passwordâ€) controls the read and write access to the file (such as the file attribute control mechanism of the Unix system). It is mainly used to protect the information and data stored on the hard disk.
Network interface module security control. In the network environment, security control of network communication processes from other machines. Mainly include: identity authentication, customer authority setting and discrimination, audit log, etc.
Network interconnection equipment security control. Monitor and control the transmission information and operating status of all hosts in the entire subnet. Mainly through network management software or router configuration.
3, security services
Peer Entity Authentication Service
Access Control Service
Data confidentiality service
Data integrity services
Data source authentication service
Prohibit denial of service 4. Security mechanism
Encryption mechanism
Digital signature mechanism
Access control mechanism
Data integrity mechanism
Authentication mechanism
Information flow filling mechanism
Routing Control Mechanism
Notarization mechanism
11. Network Encryption Link Encryption
Node-to-node encryption
End-to-end encryption
XII. Security of TCP/IP Protocol The TCP/IP protocol data stream uses clear text transmission.
Source address spoofing or IP spoofing.
Source Routing spoofing.
RIP Attacks.
Authentication Attacks.
TCP Sequence number spoofing.
TCP SYN Flooding Attack (SYN attack).
Ease of spoofing.
XIII. Network Security Tools Scanner: A program that automatically detects the security vulnerabilities of remote or local hosts. A good scanner is equivalent to the value of a thousand passwords.
How it works: The TCP port scanner, selecting TCP/IP ports and services (such as FTP), and recording the target's answer, can collect useful information about the target host (whether it is possible to log in anonymously and provide some kind of service). What the scanner tells us: The inherent weaknesses of the target host can be found. These weaknesses can be a key factor in destroying the target host. System administrators use scanners to help strengthen the security of the system. Hackers use it, will be detrimental to the security of the network.
Scanner properties: 1. Find a machine or a network. 2. Once a machine is found, it can find out what services are running on the machine. 3, testing which services have loopholes.
Currently popular scanners: 1, NSS network security scanner, 2, stroke super optimized TCP port detection program, can record all open ports of the specified machine. 3, SATAN security administrator's network analysis tools. 4, JAKAL. 5, XSCAN.
The generally popular network security hardware is: Intrusion Prevention Device (IPS), Intrusion Detection Device (IDS), Unified Security Gateway (UTM), and earlier security hardware and hardware firewall, but with the advent of UTM, Already slowly replaced.
XIV. Information collection tools commonly used by hackers Information collection is the first step to breaking through the network system. Hackers can use the following tools to collect the required information:
1, SNMP protocol SNMP protocol, used to refer to the routing table of non-secure routers to understand the internal details of the target organization's network topology.
The Simple Network Management Protocol SNMP (SNMP) was first proposed by the Internet Engineering Task Force (IETF) research group to solve the problem of router management on the Internet. SNMP was designed to be independent of protocols. So it can be used on IP, IPX, AppleTalk, OSI and other transmission protocols.
2. The TraceRoute program The TraceRoute program draws the number of networks and routers that reach the target host. The Traceroute program is a handy tool written by Van Jacobson to further explore the TCP\IP protocol. It allows us to see the routes that datagrams travel from one host to another. The Traceroute program can also be used by us. Use the IP Source Routing option to have the source host specify Send Route 3, the Whois protocol Whois protocol, an information service that provides system administrator data for all DNS domains and for each domain. (However, these data are often outdated). WHOIS agreement. The basic content is to establish a connection to the TCP port 43 of the server, send the query keyword and add a carriage return line feed, and then receive the server's query result.
4. DNS server The DNS server is the Domain Name System or Domain Name Service (Domain Name System or Domain Name Service). The domain name system assigns domain names and IP addresses to hosts on the Internet. When a user uses a domain name address, the system will automatically change the domain name address to an IP address. Domain Name Service is an Internet tool that runs the Domain Name System. The server that performs the domain name service is called a DNS server. The DNS server responds to query of the domain name service. 5 Finger protocol Finger protocol. It can provide detailed information of users on a specific host (registration name, telephone number, last registration time, etc.) ).
6. Ping utility The Ping utility can be used to determine the location of a specified host and determine if it is reachable. By using this simple tool in a scanning program, you can ping every possible host address on the network so that you can construct a list of hosts that actually reside on the network. It is used to check whether the network is open or the speed of the network connection. As an administrator or hacker who lives on the Internet, the ping command is the first DOS command that must be mastered. The principle it uses is this: The machines on the network have uniquely determined IP addresses. We give the target. IP address to send a data packet, the other party will return a packet of the same size, according to the returned data packet we can determine the existence of the target host, you can initially determine the target host operating system, etc., of course, it can also be used to determine the connection speed And packet loss rate.
Use method (under XP system)
Start - Run - CMD - OK - Enter ping 0.0.0.0 - Enter
0.0.0.0 is the IP you need.
Some firewalls will prohibit ping, so it may prompt timed out (timeout)
To judge the operating system, it is to see the returned TTL value.
XV. Internet Firewall Internet firewalls are systems (or groups of systems) that enhance the security of the organization's internal network. The firewall system determines which internal services are accessible to the outside world; who can access internal services and which external services can be accessed by insiders. For a firewall to work, all information coming from and going to the Internet must go through the firewall and be checked by the firewall. The firewall only allows authorized data to pass, and the firewall itself must also be able to avoid infiltration.
1. The relationship between Internet firewalls and security policies
A firewall is not just a combination of a router, bastion host, or any device that provides network security. A firewall is part of a security policy.
Security policy establishes an all-encompassing defense system that even includes: telling users their due responsibilities, company-defined network access, service access, local and remote user authentication, dial-in and dial-out, disk and data encryption, and virus protection , as well as employee training. All places that may be attacked must
The same level of security is protected.
If only a firewall system is set up and there is no comprehensive security policy, then the firewall is useless.
2, the benefits of the firewall
Internet firewalls manage access between the Internet and the organization's internal network. Without a firewall, each node on the internal network is exposed to other hosts on the Internet and is vulnerable to attacks. This means that the security of the internal network is determined by the robustness of each host, and the security is equivalent to the weakest of them.
3, the role of Internet firewall
Internet firewalls allow network administrators to define a central "point of abrogation" to prevent illegal users, such as preventing hackers and cyber spoilers from entering the internal network. Security vulnerabilities are prohibited from entering and leaving the network, and attacks from various routes are prevented. Internet firewalls simplify security management. The security of the network is hardened on the firewall system rather than distributed to all hosts on the internal network.
The firewall can easily monitor the security of the network and generate alarms. (Note: For an internal network connected to the Internet, the important question is not whether the network will be attacked, but when it will be attacked? Who is attacking?) The network administrator must audit and record all the important information that passes through the firewall. information. If the network administrator can't respond to the alarm and review the regular record in time, the firewall is useless. In this case, the network administrator will never know if the firewall is under attack.
The Internet firewall can be used as a logical address for deploying a Network Address Translator (NAT). Therefore, the firewall can be used to alleviate the shortage of address space and eliminate the trouble of re-addressing when the organization changes the ISP.
Internet firewalls are the best place to audit and record Internet usage. The network administrator can provide the management department with the cost of the Internet connection, identify the location of potential bandwidth bottlenecks, and provide department-level billing based on the organization's accounting model.
XVI. The main manifestations of Internet security risks 1. The Internet is an open and uncontrolled network. Hackers often invade computer systems on the network, steal confidential data and embezzle privileges, or destroy important data, or prevent system functions from reaching their full potential.
2. The data transmission over the Internet is based on the TCP/IP communication protocol. These protocols lack the security measures to prevent the information in the transmission process from being stolen.
3. Most of the communication services on the Internet are supported by Unix operating systems. The obvious security vulnerabilities in Unix operating systems directly affect security services.
4. Electronic information stored, transmitted, and processed on computers has not been envelope-protected and signed and stamped like traditional mail communications. Whether the sources and whereabouts of the information is true, whether the content has been changed, and whether it is leaked, etc., are maintained by gentlemen's agreements in the service agreements supported by the application layer.
5. E-mails have the potential to be defrauded, misdirected and forged. There is a great danger of using e-mail to transmit important confidential information.
6. The spread of computer viruses through the Internet brings great harm to Internet users. Viruses can cause computer and computer network system defects, data and files to be lost. Viruses transmitted on the Internet can be transmitted via public anonymous FTP files, as well as via email and mail attachment files.
XVII. There are four main forms of network security attacks: L interruption, interception, modification and forgery.
Interruption is based on availability as an attack target. It destroys system resources and makes the network unavailable.
Interception is based on confidentiality as an attack target. Unauthorized users gain access to system resources through some means.
Modifications are based on integrity as an attack target. Unauthorized users not only gain access but also modify the data.
Falsification is based on integrity as an attack target. Unauthorized users insert fake data into normally transmitted data.
Network Security Solutions
First, the deployment of intrusion detection systems
Intrusion detection capability is an important factor to measure whether a defense system is complete and effective. A powerful and complete intrusion detection system can make up for the lack of a firewall's relative static defense. Real-time detection of various behaviors from external networks and campus networks, timely detection of all possible attack attempts, and taking corresponding measures. Specifically, the intrusion detection engine is connected to the center switch. Intrusion detection system integrates intrusion detection, network management and network monitoring functions. It can capture all data transmitted between internal and external networks in real time. It uses built-in attack signature database to detect intrusions on the network using pattern matching and intelligent analysis methods. Behavior and anomalies, and record related events in the database, as a basis for network administrators' post analysis; if the situation is serious, the system can issue real-time alarms so that school administrators can take timely response measures.
二ã€æ¼æ´žæ‰«æ系统
采用目å‰æœ€å…ˆè¿›çš„æ¼æ´žæ‰«æ系统定期对工作站ã€æœåŠ¡å™¨ã€äº¤æ¢æœºç‰è¿›è¡Œå®‰å…¨æ£€æŸ¥ï¼Œå¹¶æ ¹æ®æ£€æŸ¥ç»“æžœå‘系统管ç†å‘˜æ供详细å¯é 的安全性分æžæŠ¥å‘Šï¼Œä¸ºæ高网络安全整体水平产生é‡è¦ä¾æ®ã€‚
三ã€ç½‘络版æ€æ¯’产å“部署
在该网络防病毒方案ä¸ï¼Œæˆ‘们最终è¦è¾¾åˆ°ä¸€ä¸ªç›®çš„就是:è¦åœ¨æ•´ä¸ªå±€åŸŸç½‘内æœç»ç—…毒的感染ã€ä¼ æ’å’Œå‘作,为了实现这一点,我们应该在整个网络内å¯èƒ½æ„ŸæŸ“å’Œä¼ æ’病毒的地方采å–相应的防病毒手段。åŒæ—¶ä¸ºäº†æœ‰æ•ˆã€å¿«æ·åœ°å®žæ–½å’Œç®¡ç†æ•´ä¸ªç½‘络的防病毒体系,应能实现远程安装ã€æ™ºèƒ½å‡çº§ã€è¿œç¨‹æŠ¥è¦ã€é›†ä¸ç®¡ç†ã€åˆ†å¸ƒæŸ¥æ€ç‰å¤šç§åŠŸèƒ½ã€‚
åå…«.网络安全设备在网络设备和网络应用市场蓬勃å‘展的带动下,近年æ¥ç½‘络安全市场迎æ¥äº†é«˜é€Ÿå‘展期,一方é¢éšç€ç½‘络的延伸,网络规模迅速扩大,安全问题å˜å¾—日益å¤æ‚,建设å¯ç®¡ã€å¯æŽ§ã€å¯ä¿¡çš„网络也是进一æ¥æŽ¨è¿›ç½‘络应用å‘展的å‰æï¼›å¦ä¸€æ–¹é¢éšç€ç½‘络所承载的业务日益å¤æ‚,ä¿è¯åº”用层安全是网络安全å‘展的新的方å‘。
éšç€ç½‘络技术的快速å‘展,原æ¥ç½‘络å¨èƒå•ç‚¹å åŠ å¼çš„防护手段已ç»éš¾ä»¥æœ‰æ•ˆæŠµå¾¡æ—¥è¶‹ä¸¥é‡çš„æ··åˆåž‹å®‰å…¨å¨èƒã€‚构建一个局部安全ã€å…¨å±€å®‰å…¨ã€æ™ºèƒ½å®‰å…¨çš„整体安全体系,为用户æ供多层次ã€å…¨æ–¹ä½çš„立体防护体系æˆä¸ºä¿¡æ¯å®‰å…¨å»ºè®¾çš„æ–°ç†å¿µã€‚在æ¤ç†å¿µä¸‹ï¼Œç½‘络安全产å“å°†å‘生了一系列的å˜é©ã€‚
结åˆå®žé™…应用需求,在新的网络安全ç†å¿µçš„指引下,网络安全解决方案æ£å‘ç€ä»¥ä¸‹å‡ 个方å‘æ¥å‘展:
主动防御走å‘市场
主动防御的ç†å¿µå·²ç»å‘展了一些年,但是从ç†è®ºèµ°å‘应用一直å˜åœ¨ç€å¤šç§é˜»ç¢ã€‚主动防御主è¦æ˜¯é€šè¿‡åˆ†æžå¹¶æ‰«æ指定程åºæˆ–çº¿ç¨‹çš„è¡Œä¸ºï¼Œæ ¹æ®é¢„先设定的规则,判定是å¦å±žäºŽå±é™©ç¨‹åºæˆ–病毒,从而进行防御或者清除æ“作。ä¸è¿‡ï¼Œä»Žä¸»åŠ¨é˜²å¾¡ç†å¿µå‘产å“å‘展的最é‡è¦å› ç´ å°±æ˜¯æ™ºèƒ½åŒ–é—®é¢˜ã€‚ç”±äºŽè®¡ç®—æœºæ˜¯åœ¨ä¸€ç³»åˆ—çš„è§„åˆ™ä¸‹äº§ç”Ÿçš„ï¼Œå¦‚ä½•å‘现ã€åˆ¤æ–ã€æ£€æµ‹å¨èƒå¹¶ä¸»åŠ¨é˜²å¾¡ï¼Œæˆä¸ºä¸»åŠ¨é˜²å¾¡ç†å¿µèµ°å‘市场的最大阻ç¢ã€‚
由于主动防御å¯ä»¥æå‡å®‰å…¨ç–略的执行效率,对ä¼ä¸šæŽ¨è¿›ç½‘络安全建设起到了积æžä½œç”¨ï¼Œæ‰€ä»¥å°½ç®¡å…¶äº§å“还ä¸å®Œå–„,但是éšç€æœªæ¥å‡ 年技术的进æ¥ï¼Œä»¥ç¨‹åºè‡ªåŠ¨ç›‘控ã€ç¨‹åºè‡ªåŠ¨åˆ†æžã€ç¨‹åºè‡ªåŠ¨è¯Šæ–为主è¦åŠŸèƒ½çš„主动防御型产å“å°†ä¸Žä¼ ç»Ÿç½‘ç»œå®‰å…¨è®¾å¤‡ç›¸ç»“åˆã€‚尤其是éšç€æŠ€æœ¯çš„å‘展,高效准确的对病毒ã€è •è™«ã€æœ¨é©¬ç‰æ¶æ„攻击行为的主动防御产å“å°†é€æ¥å‘展æˆç†Ÿå¹¶æŽ¨å‘市场,主动防御技术走å‘市场将æˆä¸ºä¸€ç§å¿…然的趋势。
安全技术èžåˆå¤‡å—é‡è§†
éšç€ç½‘络技术的日新月异,网络普åŠçŽ‡çš„快速æ高,网络所é¢ä¸´çš„潜在å¨èƒä¹Ÿè¶Šæ¥è¶Šå¤§ï¼Œå•ä¸€çš„防护产å“æ—©å·²ä¸èƒ½æ»¡è¶³å¸‚场的需è¦ã€‚å‘展网络安全整体解决方案已ç»æˆä¸ºå¿…ç„¶è¶‹åŠ¿ï¼Œç”¨æˆ·å¯¹åŠ¡å®žæœ‰æ•ˆçš„å®‰å…¨æ•´ä½“è§£å†³æ–¹æ¡ˆéœ€æ±‚æ„ˆåŠ è¿«åˆ‡ã€‚å®‰å…¨æ•´ä½“è§£å†³æ–¹æ¡ˆéœ€è¦äº§å“æ›´åŠ é›†æˆåŒ–ã€æ™ºèƒ½åŒ–ã€ä¾¿äºŽé›†ä¸ç®¡ç†ã€‚未æ¥å‡ å¹´å¼€å‘网络安全整体解决方案将æˆä¸ºä¸»è¦åŽ‚商差异化竞争的é‡è¦æ‰‹æ®µã€‚
软硬结åˆï¼Œç®¡ç†ç–略走入安全整体解决方案
é¢å¯¹è§„模越æ¥è¶Šåºžå¤§å’Œå¤æ‚的网络,仅ä¾é ä¼ ç»Ÿçš„ç½‘ç»œå®‰å…¨è®¾å¤‡æ¥ä¿è¯ç½‘络层的安全和畅通已ç»ä¸èƒ½æ»¡è¶³ç½‘络的å¯ç®¡ã€å¯æŽ§è¦æ±‚ï¼Œå› æ¤ä»¥ç»ˆç«¯å‡†å…¥è§£å†³æ–¹æ¡ˆä¸ºä»£è¡¨çš„网络管ç†è½¯ä»¶å¼€å§‹èžåˆè¿›æ•´ä½“的安全解决方案。终端准入解决方案通过控制用户终端安全接入网络入手,对接入用户终端强制实施用户安全ç–ç•¥ï¼Œä¸¥æ ¼æŽ§åˆ¶ç»ˆç«¯ç½‘ç»œä½¿ç”¨è¡Œä¸ºï¼Œä¸ºç½‘ç»œå®‰å…¨æ供了有效ä¿éšœï¼Œå¸®åŠ©ç”¨æˆ·å®žçŽ°æ›´åŠ 主动的安全防护,实现高效ã€ä¾¿æ·åœ°ç½‘络管ç†ç›®æ ‡ï¼Œå…¨é¢æŽ¨åŠ¨ç½‘络整体安全体系建设的进程。[2]
åä¹.电å商务网络安全问题电å商务安全从整体上å¯åˆ†ä¸ºä¸¤å¤§éƒ¨åˆ†ï¼šè®¡ç®—机网络安全和商务交易安全
(一)计算机网络安全的内容包括:
(1)未进行æ“作系统相关安全é…ç½®
ä¸è®ºé‡‡ç”¨ä»€ä¹ˆæ“作系统,在缺çœå®‰è£…çš„æ¡ä»¶ä¸‹éƒ½ä¼šå˜åœ¨ä¸€äº›å®‰å…¨é—®é¢˜ï¼Œåªæœ‰ä¸“门针对æ“ä½œç³»ç»Ÿå®‰å…¨æ€§è¿›è¡Œç›¸å…³çš„å’Œä¸¥æ ¼çš„å®‰å…¨é…置,æ‰èƒ½è¾¾åˆ°ä¸€å®šçš„安全程度。åƒä¸‡ä¸è¦ä»¥ä¸ºæ“作系统缺çœå®‰è£…åŽï¼Œå†é…上很强的密ç 系统就算作安全了。网络软件的æ¼æ´žå’Œâ€œåŽé—¨â€ æ˜¯è¿›è¡Œç½‘ç»œæ”»å‡»çš„é¦–é€‰ç›®æ ‡ã€‚
(2)未进行CGI程åºä»£ç 审计
如果是通用的CGI问题,防范起æ¥è¿˜ç¨å¾®å®¹æ˜“一些,但是对于网站或软件供应商专门开å‘的一些CGI程åºï¼Œå¾ˆå¤šå˜åœ¨ä¸¥é‡çš„CGI问题,对于电å商务站点æ¥è¯´ï¼Œä¼šå‡ºçŽ°æ¶æ„攻击者冒用他人账å·è¿›è¡Œç½‘上è´ç‰©ç‰ä¸¥é‡åŽæžœã€‚
(3)拒ç»æœåŠ¡ï¼ˆDoS,Denial of Service)攻击
éšç€ç”µå商务的兴起,对网站的实时性è¦æ±‚越æ¥è¶Šé«˜ï¼ŒDoS或DDoS对网站的å¨èƒè¶Šæ¥è¶Šå¤§ã€‚ä»¥ç½‘ç»œç˜«ç—ªä¸ºç›®æ ‡çš„è¢å‡»æ•ˆæžœæ¯”ä»»ä½•ä¼ ç»Ÿçš„æ怖主义和战争方å¼éƒ½æ¥å¾—æ›´å¼ºçƒˆï¼Œç ´åæ€§æ›´å¤§ï¼Œé€ æˆå±å®³çš„速度更快,范围也更广,而è¢å‡»è€…本身的风险å´éžå¸¸å°ï¼Œç”šè‡³å¯ä»¥åœ¨è¢å‡»å¼€å§‹å‰å°±å·²ç»æ¶ˆå¤±å¾—æ— å½±æ— è¸ªï¼Œä½¿å¯¹æ–¹æ²¡æœ‰å®žè¡ŒæŠ¥å¤æ‰“击的å¯èƒ½ã€‚今年2月美国“雅虎â€ã€â€œäºšé©¬é€Šâ€å—攻击事件就è¯æ˜Žäº†è¿™ä¸€ç‚¹ã€‚
(4)安全产å“使用ä¸å½“
虽然ä¸å°‘网站采用了一些网络安全设备,但由于安全产å“本身的问题或使用问题,这些产å“并没有起到应有的作用。很多安全厂商的产å“对é…置人员的技术背景è¦æ±‚很高,超出对普通网管人员的技术è¦æ±‚,就算是厂家在最åˆç»™ç”¨æˆ·åšäº†æ£ç¡®çš„安装ã€é…置,但一旦系统改动,需è¦æ”¹åŠ¨ç›¸å…³å®‰å…¨äº§å“的设置时,很容易产生许多安全问题。
(5ï¼‰ç¼ºå°‘ä¸¥æ ¼çš„ç½‘ç»œå®‰å…¨ç®¡ç†åˆ¶åº¦
网络安全最é‡è¦çš„还是è¦æ€æƒ³ä¸Šé«˜åº¦é‡è§†ï¼Œç½‘站或局域网内部的安全需è¦ç”¨å®Œå¤‡çš„安全制度æ¥ä¿éšœã€‚建立和实施严密的计算机网络安全制度与ç–略是真æ£å®žçŽ°ç½‘络安全的基础。
(二)计算机商务交易安全的内容包括:
(1)窃å–ä¿¡æ¯
ç”±äºŽæœªé‡‡ç”¨åŠ å¯†æŽªæ–½ï¼Œæ•°æ®ä¿¡æ¯åœ¨ç½‘络上以明文形å¼ä¼ é€ï¼Œå…¥ä¾µè€…在数æ®åŒ…ç»è¿‡çš„网关或路由器上å¯ä»¥æˆªèŽ·ä¼ é€çš„ä¿¡æ¯ã€‚通过多次窃å–和分æžï¼Œå¯ä»¥æ‰¾åˆ°ä¿¡æ¯çš„è§„å¾‹å’Œæ ¼å¼ï¼Œè¿›è€Œå¾—åˆ°ä¼ è¾“ä¿¡æ¯çš„å†…å®¹ï¼Œé€ æˆç½‘ä¸Šä¼ è¾“ä¿¡æ¯æ³„密。
(2)篡改信æ¯
当入侵者掌æ¡äº†ä¿¡æ¯çš„æ ¼å¼å’Œè§„律åŽï¼Œé€šè¿‡å„ç§æŠ€æœ¯æ‰‹æ®µå’Œæ–¹æ³•ï¼Œå°†ç½‘ç»œä¸Šä¼ é€çš„ä¿¡æ¯æ•°æ®åœ¨ä¸é€”修改,然åŽå†å‘å‘目的地。这ç§æ–¹æ³•å¹¶ä¸æ–°é²œï¼Œåœ¨è·¯ç”±å™¨æˆ–网关上都å¯ä»¥åšæ¤ç±»å·¥ä½œã€‚
(3)å‡å†’
由于掌æ¡äº†æ•°æ®çš„æ ¼å¼ï¼Œå¹¶å¯ä»¥ç¯¡æ”¹é€šè¿‡çš„ä¿¡æ¯ï¼Œæ”»å‡»è€…å¯ä»¥å†’å……åˆæ³•ç”¨æˆ·å‘é€å‡å†’çš„ä¿¡æ¯æˆ–者主动获å–ä¿¡æ¯ï¼Œè€Œè¿œç«¯ç”¨æˆ·é€šå¸¸å¾ˆéš¾åˆ†è¾¨ã€‚
(4)æ¶æ„ç ´å
由于攻击者å¯ä»¥æŽ¥å…¥ç½‘络,则å¯èƒ½å¯¹ç½‘络ä¸çš„ä¿¡æ¯è¿›è¡Œä¿®æ”¹ï¼ŒæŽŒæ¡ç½‘上的机è¦ä¿¡æ¯ï¼Œç”šè‡³å¯ä»¥æ½œå…¥ç½‘络内部,其åŽæžœæ˜¯éžå¸¸ä¸¥é‡çš„。
二å.电å商务网络安全问题的对ç–电å商务的一个é‡è¦æŠ€æœ¯ç‰¹å¾æ˜¯åˆ©ç”¨è®¡ç®—机技术æ¥ä¼ 输和处ç†å•†ä¸šä¿¡æ¯ã€‚å› æ¤ï¼Œç”µå商务安全问题的对ç–从整体上å¯åˆ†ä¸ºè®¡ç®—机网络安全措施和商务交易安全措施两大部分。
1.计算机网络安全措施计算机网络安全措施主è¦åŒ…括ä¿æŠ¤ç½‘络安全ã€ä¿æŠ¤åº”用æœåŠ¡å®‰å…¨å’Œä¿æŠ¤ç³»ç»Ÿå®‰å…¨ä¸‰ä¸ªæ–¹é¢ï¼Œå„个方é¢éƒ½è¦ç»“åˆè€ƒè™‘安全防护的物ç†å®‰å…¨ã€é˜²ç«å¢™ã€ä¿¡æ¯å®‰å…¨ã€Web安全ã€åª’体安全ç‰ç‰ã€‚
(一)ä¿æŠ¤ç½‘络安全。
网络安全是为ä¿æŠ¤å•†åŠ¡å„方网络端系统之间通信过程的安全性。ä¿è¯æœºå¯†æ€§ã€å®Œæ•´æ€§ã€è®¤è¯æ€§å’Œè®¿é—®æŽ§åˆ¶æ€§æ˜¯ç½‘络安全的é‡è¦å› ç´ ã€‚ä¿æŠ¤ç½‘络安全的主è¦æŽªæ–½å¦‚下:
(1)全é¢è§„划网络平å°çš„安全ç–略。
(2)制定网络安全的管ç†æŽªæ–½ã€‚
(3)使用防ç«å¢™ã€‚
(4)尽å¯èƒ½è®°å½•ç½‘络上的一切活动。
(5)注æ„对网络设备的物ç†ä¿æŠ¤ã€‚
(6)检验网络平å°ç³»ç»Ÿçš„脆弱性。
(7)建立å¯é 的识别和鉴别机制。
(二)ä¿æŠ¤åº”用安全。
ä¿æŠ¤åº”用安全,主è¦æ˜¯é’ˆå¯¹ç‰¹å®šåº”用(如WebæœåŠ¡å™¨ã€ç½‘络支付专用软件系统)所建立的安全防护措施,它独立于网络的任何其他安全防护措施。虽然有些防护措施å¯èƒ½æ˜¯ç½‘络安全业务的一ç§æ›¿ä»£æˆ–é‡å ,如Webæµè§ˆå™¨å’ŒWebæœåŠ¡å™¨åœ¨åº”用层上对网络支付结算信æ¯åŒ…çš„åŠ å¯†ï¼Œéƒ½é€šè¿‡IPå±‚åŠ å¯†ï¼Œä½†æ˜¯è®¸å¤šåº”ç”¨è¿˜æœ‰è‡ªå·±çš„ç‰¹å®šå®‰å…¨è¦æ±‚。
由于电å商务ä¸çš„应用层对安全的è¦æ±‚æœ€ä¸¥æ ¼ã€æœ€å¤æ‚ï¼Œå› æ¤æ›´å€¾å‘于在应用层而ä¸æ˜¯åœ¨ç½‘络层采å–å„ç§å®‰å…¨æŽªæ–½ã€‚
虽然网络层上的安全ä»æœ‰å…¶ç‰¹å®šåœ°ä½ï¼Œä½†æ˜¯äººä»¬ä¸èƒ½å®Œå…¨ä¾é 它æ¥è§£å†³ç”µå商务应用的安全性。应用层上的安全业务å¯ä»¥æ¶‰åŠè®¤è¯ã€è®¿é—®æŽ§åˆ¶ã€æœºå¯†æ€§ã€æ•°æ®å®Œæ•´æ€§ã€ä¸å¯å¦è®¤æ€§ã€Web安全性ã€EDI和网络支付ç‰åº”用的安全性。
(三)ä¿æŠ¤ç³»ç»Ÿå®‰å…¨ã€‚
ä¿æŠ¤ç³»ç»Ÿå®‰å…¨ï¼Œæ˜¯æŒ‡ä»Žæ•´ä½“电å商务系统或网络支付系统的角度进行安全防护,它与网络系统硬件平å°ã€æ“作系统ã€å„ç§åº”用软件ç‰äº’相关è”。涉åŠç½‘络支付结算的系统安全包å«ä¸‹è¿°ä¸€äº›æŽªæ–½ï¼š
(1)在安装的软件ä¸ï¼Œå¦‚æµè§ˆå™¨è½¯ä»¶ã€ç”µå钱包软件ã€æ”¯ä»˜ç½‘关软件ç‰ï¼Œæ£€æŸ¥å’Œç¡®è®¤æœªçŸ¥çš„安全æ¼æ´žã€‚
(2)技术与管ç†ç›¸ç»“åˆï¼Œä½¿ç³»ç»Ÿå…·æœ‰æœ€å°ç©¿é€é£Žé™©æ€§ã€‚如通过诸多认è¯æ‰å…许连通,对所有接入数æ®å¿…é¡»è¿›è¡Œå®¡è®¡ï¼Œå¯¹ç³»ç»Ÿç”¨æˆ·è¿›è¡Œä¸¥æ ¼å®‰å…¨ç®¡ç†ã€‚
(3)建立详细的安全审计日志,以便检测并跟踪入侵攻击ç‰ã€‚
2.å•†åŠ¡äº¤æ˜“å®‰å…¨æŽªæ–½å•†åŠ¡äº¤æ˜“å®‰å…¨åˆ™ç´§ç´§å›´ç»•ä¼ ç»Ÿå•†åŠ¡åœ¨äº’è”网络上应用时产生的å„ç§å®‰å…¨é—®é¢˜ï¼Œåœ¨è®¡ç®—机网络安全的基础上,如何ä¿éšœç”µå商务过程的顺利进行。
å„ç§å•†åŠ¡äº¤æ˜“安全æœåŠ¡éƒ½æ˜¯é€šè¿‡å®‰å…¨æŠ€æœ¯æ¥å®žçŽ°çš„,主è¦åŒ…æ‹¬åŠ å¯†æŠ€æœ¯ã€è®¤è¯æŠ€æœ¯å’Œç”µå商务安全åè®®ç‰ã€‚
ï¼ˆä¸€ï¼‰åŠ å¯†æŠ€æœ¯ã€‚
åŠ å¯†æŠ€æœ¯æ˜¯ç”µå商务采å–的基本安全措施,交易åŒæ–¹å¯æ ¹æ®éœ€è¦åœ¨ä¿¡æ¯äº¤æ¢çš„é˜¶æ®µä½¿ç”¨ã€‚åŠ å¯†æŠ€æœ¯åˆ†ä¸ºä¸¤ç±»ï¼Œå³å¯¹ç§°åŠ 密和éžå¯¹ç§°åŠ 密。
(1ï¼‰å¯¹ç§°åŠ å¯†ã€‚
å¯¹ç§°åŠ å¯†åˆç§°ç§é’¥åŠ 密,å³ä¿¡æ¯çš„å‘é€æ–¹å’ŒæŽ¥æ”¶æ–¹ç”¨åŒä¸€ä¸ªå¯†é’¥åŽ»åŠ 密和解密数æ®ã€‚å®ƒçš„æœ€å¤§ä¼˜åŠ¿æ˜¯åŠ /解密速度快,适åˆäºŽå¯¹å¤§æ•°æ®é‡è¿›è¡ŒåŠ 密,但密钥管ç†å›°éš¾ã€‚如果进行通信的åŒæ–¹èƒ½å¤Ÿç¡®ä¿ä¸“用密钥在密钥交æ¢é˜¶æ®µæœªæ›¾æ³„露,那么机密性和报文完整性就å¯ä»¥é€šè¿‡è¿™ç§åŠ å¯†æ–¹æ³•åŠ å¯†æœºå¯†ä¿¡æ¯ã€éšæŠ¥æ–‡ä¸€èµ·å‘é€æŠ¥æ–‡æ‘˜è¦æˆ–报文散列值æ¥å®žçŽ°ã€‚
(2)éžå¯¹ç§°åŠ 密。
éžå¯¹ç§°åŠ 密åˆç§°å…¬é’¥åŠ 密,使用一对密钥æ¥åˆ†åˆ«å®ŒæˆåŠ 密和解密æ“作,其ä¸ä¸€ä¸ªå…¬å¼€å‘布(å³å…¬é’¥ï¼‰ï¼Œå¦ä¸€ä¸ªç”±ç”¨æˆ·è‡ªå·±ç§˜å¯†ä¿å˜ï¼ˆå³ç§é’¥ï¼‰ã€‚ä¿¡æ¯äº¤æ¢çš„过程是:甲方生æˆä¸€å¯¹å¯†é’¥å¹¶å°†å…¶ä¸çš„一把作为公钥å‘其他交易方公开,得到该公钥的乙方使用该密钥对信æ¯è¿›è¡ŒåŠ 密åŽå†å‘é€ç»™ç”²æ–¹ï¼Œç”²æ–¹å†ç”¨è‡ªå·±ä¿å˜çš„ç§é’¥å¯¹åŠ 密信æ¯è¿›è¡Œè§£å¯†ã€‚
(二)认è¯æŠ€æœ¯ã€‚
认è¯æŠ€æœ¯æ˜¯ç”¨ç”µå手段è¯æ˜Žå‘é€è€…和接收者身份åŠå…¶æ–‡ä»¶å®Œæ•´æ€§çš„技术,å³ç¡®è®¤åŒæ–¹çš„身份信æ¯åœ¨ä¼ é€æˆ–å˜å‚¨è¿‡ç¨‹ä¸æœªè¢«ç¯¡æ”¹è¿‡ã€‚
(1)数å—ç¾å。
æ•°å—ç¾å也称电åç¾å,如åŒå‡ºç¤ºæ‰‹å†™ç¾åä¸€æ ·ï¼Œèƒ½èµ·åˆ°ç”µå文件认è¯ã€æ ¸å‡†å’Œç”Ÿæ•ˆçš„作用。其实现方å¼æ˜¯æŠŠæ•£åˆ—函数和公开密钥算法结åˆèµ·æ¥ï¼Œå‘é€æ–¹ä»ŽæŠ¥æ–‡æ–‡æœ¬ä¸ç”Ÿæˆä¸€ä¸ªæ•£åˆ—值,并用自己的ç§é’¥å¯¹è¿™ä¸ªæ•£åˆ—å€¼è¿›è¡ŒåŠ å¯†ï¼Œå½¢æˆå‘é€æ–¹çš„æ•°å—ç¾å;然åŽï¼Œå°†è¿™ä¸ªæ•°å—ç¾å作为报文的附件和报文一起å‘é€ç»™æŠ¥æ–‡çš„接收方;报文的接收方首先从接收到的原始报文ä¸è®¡ç®—出散列值,接ç€å†ç”¨å‘é€æ–¹çš„公开密钥æ¥å¯¹æŠ¥æ–‡é™„åŠ çš„æ•°å—ç¾å进行解密;如果这两个散列值相åŒï¼Œé‚£ä¹ˆæŽ¥æ”¶æ–¹å°±èƒ½ç¡®è®¤è¯¥æ•°å—ç¾å是å‘é€æ–¹çš„。数å—ç¾å机制æ供了一ç§é‰´åˆ«æ–¹æ³•ï¼Œä»¥è§£å†³ä¼ªé€ ã€æŠµèµ–ã€å†’å……ã€ç¯¡æ”¹ç‰é—®é¢˜ã€‚
(2)数å—è¯ä¹¦ã€‚
æ•°å—è¯ä¹¦æ˜¯ä¸€ä¸ªç»è¯ä¹¦æŽˆæƒä¸å¿ƒæ•°å—ç¾å的包å«å…¬é’¥æ‹¥æœ‰è€…ä¿¡æ¯ä»¥åŠå…¬é’¥çš„文件数å—è¯ä¹¦çš„最主è¦æž„æˆåŒ…æ‹¬ä¸€ä¸ªç”¨æˆ·å…¬é’¥ï¼ŒåŠ ä¸Šå¯†é’¥æ‰€æœ‰è€…çš„ç”¨æˆ·èº«ä»½æ ‡è¯†ç¬¦ï¼Œä»¥åŠè¢«ä¿¡ä»»çš„第三方ç¾å第三方一般是用户信任的è¯ä¹¦æƒå¨æœºæž„(CA),如政府部门和金èžæœºæž„。用户以安全的方å¼å‘公钥è¯ä¹¦æƒå¨æœºæž„æ交他的公钥并得到è¯ä¹¦ï¼Œç„¶åŽç”¨æˆ·å°±å¯ä»¥å…¬å¼€è¿™ä¸ªè¯ä¹¦ã€‚任何需è¦ç”¨æˆ·å…¬é’¥çš„人都å¯ä»¥å¾—到æ¤è¯ä¹¦ï¼Œå¹¶é€šè¿‡ç›¸å…³çš„ä¿¡ä»»ç¾åæ¥éªŒè¯å…¬é’¥çš„有效性。数å—è¯ä¹¦é€šè¿‡æ ‡å¿—交易å„方身份信æ¯çš„一系列数æ®ï¼Œæ供了一ç§éªŒè¯å„自身份的方å¼ï¼Œç”¨æˆ·å¯ä»¥ç”¨å®ƒæ¥è¯†åˆ«å¯¹æ–¹çš„身份。
(三)电å商务的安全å议。
除上文æ到的å„ç§å®‰å…¨æŠ€æœ¯ä¹‹å¤–,电å商务的è¿è¡Œè¿˜æœ‰ä¸€å¥—完整的安全å议。目å‰ï¼Œæ¯”较æˆç†Ÿçš„å议有SETã€SSLç‰ã€‚
(1)安全套接层åè®®SSL。
SSLåè®®ä½äºŽä¼ 输层和应用层之间,由SSL记录åè®®ã€SSLæ¡æ‰‹å议和SSLè¦æŠ¥å议组æˆçš„。SSLæ¡æ‰‹å议被用æ¥åœ¨å®¢æˆ·ä¸ŽæœåŠ¡å™¨çœŸæ£ä¼ 输应用层数æ®ä¹‹å‰å»ºç«‹å®‰å…¨æœºåˆ¶ã€‚当客户与æœåŠ¡å™¨ç¬¬ä¸€æ¬¡é€šä¿¡æ—¶ï¼ŒåŒæ–¹é€šè¿‡æ¡æ‰‹å议在版本å·ã€å¯†é’¥äº¤æ¢ç®—法ã€æ•°æ®åŠ 密算法和Hash算法上达æˆä¸€è‡´ï¼Œç„¶åŽäº’相验è¯å¯¹æ–¹èº«ä»½ï¼Œæœ€åŽä½¿ç”¨å商好的密钥交æ¢ç®—法产生一个åªæœ‰åŒæ–¹çŸ¥é“的秘密信æ¯ï¼Œå®¢æˆ·å’ŒæœåŠ¡å™¨å„è‡ªæ ¹æ®æ¤ç§˜å¯†ä¿¡æ¯äº§ç”Ÿæ•°æ®åŠ 密算法和Hash算法å‚数。SSL记录åè®®æ ¹æ®SSLæ¡æ‰‹åè®®å商的å‚数,对应用层é€æ¥çš„æ•°æ®è¿›è¡ŒåŠ 密ã€åŽ‹ç¼©ã€è®¡ç®—消æ¯é‰´åˆ«ç MAC,然åŽç»ç½‘ç»œä¼ è¾“å±‚å‘é€ç»™å¯¹æ–¹ã€‚SSLè¦æŠ¥å议用æ¥åœ¨å®¢æˆ·å’ŒæœåŠ¡å™¨ä¹‹é—´ä¼ 递SSL出错信æ¯ã€‚
(2)安全电å交易åè®®SET。
SETå议用于划分与界定电å商务活动ä¸æ¶ˆè´¹è€…ã€ç½‘上商家ã€äº¤æ˜“åŒæ–¹é“¶è¡Œã€ä¿¡ç”¨å¡ç»„织之间的æƒåˆ©ä¹‰åŠ¡å…³ç³»ï¼Œç»™å®šäº¤æ˜“ä¿¡æ¯ä¼ é€æµç¨‹æ ‡å‡†ã€‚SET主è¦ç”±ä¸‰ä¸ªæ–‡ä»¶ç»„æˆï¼Œåˆ†åˆ«æ˜¯SET业务æè¿°ã€SET程åºå‘˜æŒ‡å—å’ŒSETåè®®æ述。SETåè®®ä¿è¯äº†ç”µå商务系统的机密性ã€æ•°æ®çš„完整性ã€èº«ä»½çš„åˆæ³•æ€§ã€‚
SETå议是专为电å商务系统设计的。它ä½äºŽåº”用层,其认è¯ä½“ç³»å分完善,能实现多方认è¯ã€‚在SET的实现ä¸ï¼Œæ¶ˆè´¹è€…å¸æˆ·ä¿¡æ¯å¯¹å•†å®¶æ¥è¯´æ˜¯ä¿å¯†çš„。但是SETåè®®å分å¤æ‚,交易数æ®éœ€è¿›è¡Œå¤šæ¬¡éªŒè¯ï¼Œç”¨åˆ°å¤šä¸ªå¯†é’¥ä»¥åŠå¤šæ¬¡åŠ 密解密。而且在SETåè®®ä¸é™¤æ¶ˆè´¹è€…与商家外,还有å‘å¡è¡Œã€æ”¶å•è¡Œã€è®¤è¯ä¸å¿ƒã€æ”¯ä»˜ç½‘å…³ç‰å…¶å®ƒå‚与者。
二一.未æ¥ç½‘络安全趋势未æ¥äºŒä¸‰å年,信æ¯æˆ˜åœ¨å†›äº‹å†³ç–与行动方é¢çš„ä½œç”¨å°†æ˜¾è‘—å¢žå¼ºã€‚åœ¨è¯¸å¤šå†³å®šæ€§å› ç´ ä¸åŒ…æ‹¬ä»¥ä¸‹å‡ ç‚¹ï¼šäº’è”网ã€æ— 线宽带åŠå°„频识别ç‰æ–°æŠ€æœ¯çš„广泛应用;实际战争代价高昂且ä¸å¾—人心,以åŠè¿™æ ·ä¸€ç§å¯èƒ½æ€§ï¼Œå³è®¸å¤šä¿¡æ¯æŠ€æœ¯å¯ç§˜å¯†ä½¿ç”¨ï¼Œä½¿é»‘客高手能够åå¤æ‰“进对手的计算机网络。
(1)技术对ç»æµŽä¸Žç¤¾ä¼šçš„支é…力é‡æ—¥ç›ŠåŠ é‡
在所有的领域,新的技术ä¸æ–超越先å‰çš„最新技术。便æºå¼ç”µè„‘和有上网功能的手机使用户一周7天ã€ä¸€å¤©24å°æ—¶éƒ½å¯æ”¶å‘邮件,æµè§ˆç½‘页。
对信æ¯æˆ˜ä¸Žè¿ä½œçš„å½±å“:技术支é…力é‡ä¸æ–åŠ å¼ºæ˜¯ç½‘ç»œæˆ˜çš„æ ¹æœ¬åŸºç¡€ã€‚å¤æ‚ä¸”å¸¸æ˜¯ç²¾å¾®çš„æŠ€æœ¯å¢žåŠ äº†å…¨ä¸–ç•Œçš„è´¢å¯Œï¼Œæ高了全çƒçš„效率。然而,它åŒæ—¶ä¹Ÿä½¿ä¸–ç•Œå˜å¾—ç›¸å¯¹è„†å¼±ï¼Œå› ä¸ºï¼Œåœ¨æ„外情况使计算机的控制与监视陷于混乱时,维æŒè¡Œä¸šå’Œæ”¯æŒç³»ç»Ÿçš„è¿è½¬å°±éžå¸¸å›°éš¾ï¼Œè€Œå‘生这ç§æ··ä¹±çš„å¯èƒ½æ€§åœ¨è¿…é€Ÿå¢žåŠ ã€‚æ ¹æ®æœªæ¥æ´¾å¦è€…约瑟夫•科茨的观点,一个常被忽视的情况是犯罪组织对信æ¯æŠ€æœ¯çš„使用。"时在2015年,黑手党通过电å手段消除了得克è¨æ–¯å·žæˆ–å†…å¸ƒæ‹‰æ–¯åŠ å·žä¸€å®¶ä¸åž‹é“¶è¡Œçš„所有记录,然åŽæ‚„æ‚„è®¿é—®äº†å‡ å®¶å¤§åž‹é‡‘èžæœåŠ¡æœºæž„的网站,并å‘布一æ¡ç®€å•çš„ä¿¡æ¯ï¼š'那是我们干的---ä½ å¯èƒ½æ˜¯ä¸‹ä¸€ä¸ªç›®æ ‡ã€‚我们的愿望是ä¿æŠ¤ä½ 们。'"
未æ¥æ´¾å¦è€…斯蒂芬•斯蒂尔指出:"网络系统......ä¸å•çº¯æ˜¯ä¿¡æ¯ï¼Œè€Œæ˜¯ç½‘络文化。多层次å调一致的网络è¢å‡»å°†èƒ½å¤ŸåŒæ—¶è¿›è¡Œå¤§ï¼ˆå›½å®¶å®‰å…¨ç³»ç»Ÿï¼‰ã€ä¸ï¼ˆå½“地电网)ã€å°ï¼ˆæ±½è½¦å‘åŠ¨ï¼‰è§„æ¨¡çš„ç ´å。"
(2)先进的通信技术æ£åœ¨æ”¹å˜æˆ‘们的工作与生活方å¼
电信æ£åœ¨è¿…速å‘展,这主è¦æ˜¯å¾—益于电å邮件和其他形å¼çš„高技术通信。然而,"åƒç¦§ä¸–代"(1980å¹´ï¼2000年出生的一代---译注)在大部分情况下已ä¸å†ä½¿ç”¨ç”µå邮件,而喜欢采用å³æ—¶ä¿¡æ¯å’Œç¤¾äº¤ç½‘站与åŒä¼´è”系。这些技术åŠå…¶ä»–新技术æ£åœ¨å»ºç«‹èµ·å‡ 乎与现实世界ä¸å®Œå…¨ä¸€æ ·çš„å¤æ‚而广泛的社会。
对信æ¯æˆ˜å’Œè¿ä½œçš„å½±å“:这是使信æ¯æˆ˜å’Œè¿ä½œå…·æœ‰å…¶é‡è¦æ€§çš„关键的两三个趋势之一。
ç ´å或许并ä¸æ˜Žç›®å¼ 胆,或者易于å‘现。由于生产系统对客户的直接输入日益开放,这就有å¯èƒ½ä¿®æ”¹ç”µè„‘控制的机床的程åºï¼Œä»¥ç”Ÿäº§ç•¥å¾®ä¸åˆè§„æ ¼çš„äº§å“---ç”šè‡³è‡ªè¡Œä¿®æ”¹è§„æ ¼ï¼Œè¿™æ ·ï¼Œäº§å“的差异就永远ä¸ä¼šå—到注æ„。如果作这类篡改时有足够的想åƒåŠ›ï¼Œå¹¶ä¸”è°¨æ…Žåœ°é€‰å‡†ç›®æ ‡ï¼Œåˆ™å¯ä»¥æƒ³è±¡è¿™äº›äº§å“会顺利通过检查,但肯定通ä¸è¿‡æˆ˜åœºæ£€éªŒï¼Œä»Žè€Œå¸¦æ¥ä¸å¯è®¾æƒ³çš„军事åŽæžœã€‚
ä¿¡æ¯æŠ€æœ¯ä¸Žå•†ä¸šç®¡ç†é¡¾é—®åŠ³ä¼¦æ–¯â€¢æ²ƒæ ¼å°”æ醒注æ„云计算(第三方数æ®å¯„å˜å’Œé¢å‘æœåŠ¡çš„计算)以åŠWeb2.0的使用(社交网åŠäº¤äº’性)。他说:"与云计算相关的网络安全影å“值得注æ„ï¼Œæ— è®ºæ˜¯å…¬å…±çš„è¿˜æ˜¯ç§äººçš„云计算。éšç€æ›´å¤šçš„å…¬å¸å’Œæ”¿åºœé‡‡ç”¨äº‘计算,它们也就更容易å—åˆ°ç ´å和网络è¢å‡»ã€‚è¿™å¯èƒ½å¯¼è‡´æœåŠ¡åŠå¿«é€Ÿçš„é‡è¦è½¯ä»¶åº”用能力å—åˆ°ç ´å。å¦å¤–,由于Facebookã€åšå®¢å’Œå…¶ä»–社交网在我们个人生活ä¸å¹¿æ³›ä½¿ç”¨ï¼Œæ”¿åºœç»„织也在寻求与其相关方è”络åŠäº’动的类似能力。一旦政府å…许在其网络上进行交互的和åŒå‘çš„è”络,网络è¢å‡»çš„风险将éšä¹‹å¤§å¢žã€‚"
(3)全çƒç»æµŽæ—¥ç›Šèžåˆ
这方é¢çš„å…³é”®å› ç´ åŒ…æ‹¬è·¨å›½å…¬å¸çš„å…´èµ·ã€æ°‘æ—特性的弱化(比如在欧盟范围之内)ã€äº’è”网的å‘展,以åŠå¯¹ä½Žå·¥èµ„国家的网上工作外包。
对信æ¯æˆ˜åŠè¿ä½œçš„å½±å“:互è”网ã€ç§äººç½‘络ã€è™šæ‹Ÿç§äººç½‘络以åŠå¤šç§å…¶ä»–技术,æ£åœ¨å°†åœ°çƒè”æˆä¸€ä¸ªå¤æ‚çš„"ä¿¡æ¯ç©ºé—´"ã€‚è¿™äº›è¿‘ä¹Žæ— é™çš„è”系一旦ä¸æ–,必然会对公å¸ç”šè‡³å¯¹å›½å®¶ç»æµŽé€ æˆä¸¥é‡ç ´å。但是,这更æ„味ç€å®ƒä»¬é¢ä¸´å—到å‰æ‰€æœªæœ‰çš„é—´è°æ´»åŠ¨å’Œç§˜å¯†è¢å‡»çš„风险。这是信æ¯æˆ˜åŠè¿ä½œçš„åˆä¸€ä¸ªé‡è¦è¶‹åŠ¿ã€‚
(4ï¼‰ç ”ç©¶ä¸Žå‘展(R&D)促进全çƒç»æµŽå¢žé•¿çš„作用日益增强, ç¾Žå›½ç ”å‘费用总和30å¹´æ¥ç¨³æ¥ä¸Šå‡ã€‚ä¸å›½ã€æ—¥æœ¬ã€æ¬§ç›Ÿå’Œä¿„罗斯也呈类似趋势。 对信æ¯æˆ˜åŠè¿ä½œçš„å½±å“:这一趋势促进了近数å年技术进æ¥çš„速度。这是信æ¯æˆ˜å‘展的åˆä¸€å…³é”®å› ç´ ã€‚ R&D的主è¦äº§å“ä¸æ˜¯å•†å“或技术,而是信æ¯ã€‚å³ä¾¿æ˜¯ç ”究æˆæžœä¸æœ€æœºå¯†çš„部分一般也是å˜å‚¨åœ¨è®¡ç®—机里,通过ä¼ä¸šçš„内è”ç½‘ä¼ è¾“ï¼Œè€Œä¸”ä¸€èˆ¬æ˜¯åœ¨äº’è”ç½‘ä¸Šä¼ é€ã€‚è¿™ç§å¯èŽ·å–性为间è°æ供了æžå¥½çš„ç›®æ ‡---æ— è®ºæ˜¯å·¥ä¸šé—´è°ï¼Œè¿˜æ˜¯å†›äº‹é—´è°ã€‚这(5)技术å˜åŒ–éšç€æ–°ä¸€ä»£çš„å‘æ˜Žä¸Žåº”ç”¨è€ŒåŠ é€Ÿ
在å‘展æžå¿«çš„设计å¦ç§‘,大å¦ç”Ÿä¸€å¹´çº§æ—¶æ‰€å¦çš„最新知识到毕业时大多已ç»è¿‡æ—¶ã€‚设计与销售周期---构想ã€å‘明ã€åˆ›æ–°ã€æ¨¡ä»¿---在ä¸æ–缩çŸã€‚在20世纪40年代,产å“周期å¯æŒç»ä¸‰å››å年。今天,æŒç»ä¸‰å››å周已属罕è§ã€‚
åŽŸå› å¾ˆç®€å•ï¼šå¤§çº¦80%过往的科å¦å®¶ã€å·¥ç¨‹å¸ˆã€æŠ€å¸ˆå’ŒåŒ»ç”Ÿä»Šå¤©ä»ç„¶æ´»ç€---在互è”网上实时交æµæ„è§ã€‚
机器智能的å‘展也将对网络安全产生å¤æ‚å½±å“。æ®çŸ¥è¯†ç†è®ºå®¶ã€æœªæ¥å¦æ´¾å¦è€…布é²æ–¯â€¢æ‹‰æœå…‹è¯´ï¼š"çŸ¥è¯†åˆ›é€ æ˜¯ä¸€ä¸ªå¯ç”±äººé‡å¤çš„过程,也是完全å¯ç”±æœºå™¨æˆ–在人机互动系统ä¸é‡å¤çš„è¿‡ç¨‹ã€‚äººå·¥çŸ¥è¯†åˆ›é€ å°†è¿Žæ¥"奇点",而éžäººå·¥æ™ºèƒ½ï¼Œæˆ–人工基本智能(或者技术进æ¥æœ¬èº«ï¼‰ã€‚人工智能已ç»å¯ç”±ä»»ä½•ç”µè„‘å®žçŽ°ï¼Œå› ä¸ºæƒ…æŠ¥çš„å®šä¹‰æ˜¯å‚¨å˜èµ·æ¥å¹¶å¯é‡æ–°èŽ·å–ï¼ˆé€šè¿‡äººæˆ–è®¡ç®—æœºï¼‰çš„çŸ¥è¯†ã€‚ï¼ˆäººå·¥çŸ¥è¯†åˆ›é€ ï¼‰æŠ€æœ¯æœ€æ–°è¾¾åˆ°è€…å°†æŽ¨åŠ¨æ•´ä¸ªèŒƒå¼è½¬å˜ã€‚ [3]
(5)影å“ç½‘ç»œå®‰å…¨æ€§çš„å› ç´ ï¼šç›®å‰æˆ‘国网络安全å˜åœ¨å‡ 大éšæ‚£ï¼šå½±å“ç½‘ç»œå®‰å…¨æ€§çš„å› ç´ ä¸»è¦æœ‰ä»¥ä¸‹å‡ 个方é¢ã€‚
ç½‘ç»œç»“æž„å› ç´
网络基本拓扑结构有3ç§ï¼šæ˜Ÿåž‹ã€æ€»çº¿åž‹å’ŒçŽ¯åž‹ã€‚一个å•ä½åœ¨å»ºç«‹è‡ªå·±çš„内部网之å‰ï¼Œå„部门å¯èƒ½å·²å»ºé€ 了自己的局域网,所采用的拓扑结构也å¯èƒ½å®Œå…¨ä¸åŒã€‚åœ¨å»ºé€ å†…éƒ¨ç½‘æ—¶ï¼Œä¸ºäº†å®žçŽ°å¼‚æž„ç½‘ç»œé—´ä¿¡æ¯çš„通信,往往è¦ç‰ºç‰²ä¸€äº›å®‰å…¨æœºåˆ¶çš„设置和实现,从而æ出更高的网络开放性è¦æ±‚。
网络åè®®å› ç´
åœ¨å»ºé€ å†…éƒ¨ç½‘æ—¶ï¼Œç”¨æˆ·ä¸ºäº†èŠ‚çœå¼€æ”¯ï¼Œå¿…然会ä¿æŠ¤åŽŸæœ‰çš„网络基础设施。å¦å¤–,网络公å¸ä¸ºç”Ÿå˜çš„需è¦ï¼Œå¯¹ç½‘络å议的兼容性è¦æ±‚越æ¥è¶Šé«˜ï¼Œä½¿ä¼—多厂商的å议能互è”ã€å…¼å®¹å’Œç›¸äº’通信。这在给用户和厂商带æ¥åˆ©ç›Šçš„åŒæ—¶ï¼Œä¹Ÿå¸¦æ¥äº†å®‰å…¨éšæ‚£ã€‚如在一ç§åè®®ä¸‹ä¼ é€çš„有害程åºèƒ½å¾ˆå¿«ä¼ é整个网络。
åœ°åŸŸå› ç´ ç”±äºŽå†…éƒ¨ç½‘Intranetæ—¢å¯ä»¥æ˜¯LAN也å¯èƒ½æ˜¯WAN(内部网指的是它ä¸æ˜¯ä¸€ä¸ªå…¬ç”¨ç½‘络,而是一个专用网络),网络往往跨越城际,甚至国际。地ç†ä½ç½®å¤æ‚,通信线路质é‡éš¾ä»¥ä¿è¯ï¼Œè¿™ä¼šé€ æˆä¿¡æ¯åœ¨ä¼ 输过程ä¸çš„æŸå和丢失,也给一些â€é»‘客â€é€ æˆå¯ä¹˜ä¹‹æœºã€‚
ç”¨æˆ·å› ç´
ä¼ä¸šå»ºé€ è‡ªå·±çš„å†…éƒ¨ç½‘æ˜¯ä¸ºäº†åŠ å¿«ä¿¡æ¯äº¤æµï¼Œæ›´å¥½åœ°é€‚应市场需求。建立之åŽï¼Œç”¨æˆ·çš„范围必将从ä¼ä¸šå‘˜å·¥æ‰©å¤§åˆ°å®¢æˆ·å’Œæƒ³äº†è§£ä¼ä¸šæƒ…å†µçš„äººã€‚ç”¨æˆ·çš„å¢žåŠ ï¼Œä¹Ÿç»™ç½‘ç»œçš„å®‰å…¨æ€§å¸¦æ¥äº†å¨èƒï¼Œå› 为这里å¯èƒ½å°±æœ‰å•†ä¸šé—´è°æˆ–“黑客â€
ä¸»æœºå› ç´
建立内部网时,使原æ¥çš„å„局域网ã€å•æœºäº’è”ï¼Œå¢žåŠ äº†ä¸»æœºçš„ç§ç±»ï¼Œå¦‚工作站ã€æœåŠ¡å™¨ï¼Œç”šè‡³å°åž‹æœºã€å¤§ä¸åž‹æœºã€‚由于它们所使用的æ“作系统和网络æ“作系统ä¸å°½ç›¸åŒï¼ŒæŸä¸ªæ“作系统出现æ¼æ´ž(如æŸäº›ç³»ç»Ÿæœ‰ä¸€ä¸ªæˆ–å‡ ä¸ªæ²¡æœ‰å£ä»¤çš„账户),就å¯èƒ½é€ æˆæ•´ä¸ªç½‘络的大éšæ‚£ã€‚
å•ä½å®‰å…¨æ”¿ç–
实践è¯æ˜Žï¼Œ80ï¼…çš„å®‰å…¨é—®é¢˜æ˜¯ç”±ç½‘ç»œå†…éƒ¨å¼•èµ·çš„ï¼Œå› æ¤ï¼Œå•ä½å¯¹è‡ªå·±å†…部网的安全性è¦æœ‰é«˜åº¦çš„é‡è§†ï¼Œå¿…须制订出一套安全管ç†çš„è§„ç« åˆ¶åº¦ã€‚
äººå‘˜å› ç´
äººçš„å› ç´ æ˜¯å®‰å…¨é—®é¢˜çš„è–„å¼±çŽ¯èŠ‚ã€‚è¦å¯¹ç”¨æˆ·è¿›è¡Œå¿…è¦çš„安全教育,选择有较高èŒä¸šé“德修养的人åšç½‘络管ç†å‘˜ï¼Œåˆ¶è®¢å‡ºå…·ä½“措施,æ高安全æ„识。
other
å…¶ä»–å› ç´ å¦‚è‡ªç„¶ç¾å®³ç‰ï¼Œä¹Ÿæ˜¯å½±å“ç½‘ç»œå®‰å…¨çš„å› ç´ ã€‚
(6)ã€ç½‘络安全的关键技术
网络安全性问题关系到未æ¥ç½‘络应用的深入å‘展,它涉åŠå®‰å…¨ç–ç•¥ã€ç§»åŠ¨ä»£ç ã€æŒ‡ä»¤ä¿æŠ¤ã€å¯†ç å¦ã€æ“作系统ã€è½¯ä»¶å·¥ç¨‹å’Œç½‘络安全管ç†ç‰å†…容。一般专用的内部网与公用的互è”网的隔离主è¦ä½¿ç”¨â€œé˜²ç«å¢™â€æŠ€æœ¯ã€‚
“防ç«å¢™â€æ˜¯ä¸€ç§å½¢è±¡çš„说法,其实它是一ç§è®¡ç®—机硬件和软件的组åˆï¼Œä½¿äº’è”网与内部网之间建立起一个安全网关,从而ä¿æŠ¤å†…部网å…å—éžæ³•ç”¨æˆ·çš„侵入。
能够完æˆâ€œé˜²ç«å¢™â€å·¥ä½œçš„å¯ä»¥æ˜¯ç®€å•çš„éšè”½è·¯ç”±å™¨ï¼Œè¿™ç§â€œé˜²ç«å¢™â€å¦‚果是一å°æ™®é€šçš„路由器则仅能起到一ç§éš”离作用。éšè”½è·¯ç”±å™¨ä¹Ÿå¯ä»¥åœ¨äº’è”网å议端å£çº§ä¸Šé˜»æ¢ç½‘间或主机间通信,起到一定的过滤作用。 由于éšè”½è·¯ç”±å™¨ä»…仅是对路由器的å‚æ•°åšäº›ä¿®æ”¹ï¼Œå› 而也有人ä¸æŠŠå®ƒå½’入“防ç«å¢™â€ä¸€çº§çš„措施。
真æ£æ„义的“防ç«å¢™â€æœ‰ä¸¤ç±»ï¼Œä¸€ç±»è¢«ç§°ä¸ºæ ‡å‡†â€œé˜²ç«å¢™â€ï¼›ä¸€ç±»å«åŒå®¶ç½‘å…³ã€‚æ ‡å‡†â€é˜²ç«å¢™â€ç³»ç»ŸåŒ…括一个Unix工作站,该工作站
Elevator Traction Machine,Gearless Traction Elevator,Geared Traction Elevator,Gearless Elevator Motor
MAURER TECHNOLOGIES CO., LTD. , https://www.maurer-elevator.com