Final review of information and network security (based on the key points given by the teacher)

The final chapter Key points sorted out by the teacher

1.1 Advantages and disadvantages of symmetric cryptosystem

advantage ： Algorithm disclosure 、 A small amount of calculation 、 Fast encryption 、 High encryption efficiency .

shortcoming ： How to securely transfer keys （ If the key is intercepted on the network GG）、 The number of keys needed for multi person distribution will increase rapidly .

1.2 AES The encryption process of the algorithm

To be improved ..

1.3 DES The encryption process of the algorithm

To be improved ..

1.4 The running process of public key cryptosystem model

1. The sender A Find the receiver B The public key
2. A Using public key encryption algorithm B Encrypt plaintext with your public key
3. A Send ciphertext to via insecure channel B
4. B After receiving the ciphertext, decrypt the ciphertext with your own private key to restore the plaintext

1.5 The main functions of intrusion detection system

1. Monitor and analyze user and system activities
2. Check system configuration and vulnerabilities
3. Evaluate the integrity of key resources and data files of the system
4. Identify known attacks
5. Statistical analysis of abnormal behavior
6. Operating system log management , And identify user activities that violate security policies

1.6 The encryption process of a data encryption system

A password （ encryption ） The system consists of plaintext 、 Ciphertext 、 encryption algorithm 、 Decryption algorithm 、 The key consists of five parts .

• Plaintext M： The original information as encrypted input , That is, the original form of the message
• Ciphertext C： The result of encrypted transformation of plaintext , That is, the form of the message after being encrypted
• secret key K： Is the parameter involved in password transformation
• encryption algorithm E： Is a transformation function that transforms plaintext into ciphertext , The corresponding transformation process is called encryption , That is, the process of coding
• Decryption algorithm D： Is the transformation function that restores the ciphertext to plaintext , The corresponding transformation process is called decryption

The encryption process is plaintext M Encrypted algorithm E（ Some encryption algorithms require a key K As a parameter ） After transformation, we get the ciphertext C.

1.7 intrusion detection system IDS Signal analysis methods and their advantages and disadvantages

• Pattern matching ： Compare the collected information with the known database of network intrusion and system misuse patterns .
  1. advantage ： accuracy 、 Efficient
  2. shortcoming ： Need to keep updating , Unable to detect an attack that has not occurred
• Statistical analysis ： First, create a statistical description for the system object , Count some measurement properties in normal use . Any observation outside the normal range , It is considered that an invasion has occurred .
  1. advantage ： Unknown and more complex intrusions can be detected
  2. shortcoming ： False positives 、 High underreporting rate
• Integrity analysis ： Integrity analysis focuses on whether a file or object has been changed , Strong encryption mechanisms are usually used （ Such as Hash function ） To identify small changes .
  1. advantage ： Can detect any changes to files or objects caused by the attack
  2. shortcoming ： Unable to respond in real time , Can only be analyzed afterwards

1.8 What is an attack 、 Common attack methods

attack ： Only when the intrusion is completely completed , And the behavior that the intruder has entered the target network is called attack . But a more positive view is ： All actions that may damage a network are called attacks . That is, from the moment when an intruder starts working on the target plane , The attack begins .

Common means

1. Password intrusion
2. Backdoor software means
3. Monitoring method
4. E-mail technology
5. Electronic deception
6. DoS attack （ Denial of service attacks ）

1.9 Basic measures for network security protection

Install firewall 、 Set access control 、 Using data encryption 、 Strengthen intrusion detection 、 Blocking the route of transmission 、 Improve the quality of personnel

1.10 Common password attack techniques

Weak password 、 Dictionary attack 、 Blast 、 Trojans steal

1.11 Commonly used DoS Attack methods

• TCP SYN Flood attack （ Flooding attacks learned in Computer Networks , utilize TCP defects , Send a lot of fake TCP Connection request , Instead, it is an attack method of resource exhaustion ）
• IP Deceptive attack （ Use IP cheating , Force the server to reset the connection of legitimate users , Affect the connection of legitimate users .）
• Bandwidth attack （）

1.12 The working principle and process of intrusion detection system

1. information gathering

   Location ： Several different key points in computer network system （ Different network segments and different hosts ） To collect information .

   （1） Expand the detection range

   （2）“ Uniformity ” testing

   ​ Content ： Including systems 、 The Internet 、 Status and behavior of data and user activities

   ​ quality ： Information correctness and reliability

   Intrusion detection information source

   System and network log files ： The use of system and network log file information is a necessary condition for intrusion detection .

   Undesired changes in directories and files ： Restrict access to or modify system log files under normal circumstances .

   Unexpected behavior in program execution

   Intrusion information in physical form

   （1） Unauthorized connection to network hardware

   （2） Authorized access to physical resources

2. Data analysis

   • Pattern matching ： Compare the collected information with the known database of network intrusion and system misuse patterns .
     1. advantage ： accuracy 、 Efficient
     2. shortcoming ： Need to keep updating , Unable to detect an attack that has not occurred
   • Statistical analysis ： First, create a statistical description for the system object , Count some measurement properties in normal use . Any observation outside the normal range , It is considered that an invasion has occurred .
     1. advantage ： Unknown and more complex intrusions can be detected
     2. shortcoming ： False positives 、 High underreporting rate
   • Integrity analysis ： Integrity analysis focuses on whether a file or object has been changed , Strong encryption mechanisms are usually used （ Such as Hash function ） To identify small changes .
     1. advantage ： Can detect any changes to files or objects caused by the attack
     2. shortcoming ： Unable to respond in real time , Can only be analyzed afterwards

1.13 intrusion detection system IDS Common response processing

• Warning and event reporting .
• Terminate the process , Force user to exit .
• Cut off the Internet connection , Modify firewall settings .
• Disaster assessment , Automatic recovery .
• Find and locate attackers .

1.14 Characteristics of computer virus

• Cannot be run as a stand-alone executable
• Copy yourself
• Activate the virus by executing the host program
• Cross platform

1.15 Common network virus prevention measures

1. anti-virus software
2. Don't browse irregular websites
3. Cultivate a conscious awareness of information security
4. use Windows Update The function is patched in the whole system

1.16 The characteristics and main research contents of information hiding

• Robustness

  The effect of camouflaged objects on hidden information “ Compatibility ”

• Non detectability

  Good statistical properties , Unable to determine whether there is hidden information

• transparency

  The target data has not changed significantly

• Security

  The hiding algorithm has strong anti attack ability

• Self recovery

  A small amount of data information , Recover hidden information

1.17 Characteristics and application of digital watermarking technology

characteristic

• Security

  Difficult to tamper with or falsify ; Low false detection rate ; The digital watermark changes with the content .

• Concealment

  Imperceptible , Do not reduce the use value .

• Robustness

  After going through a variety of unintentional or intentional signal processing processes , The digital watermark can still maintain partial integrity and be accurately identified .

• Watermark capacity

  Sufficient watermark capacity , That is, the amount of watermark information that the carrier can embed without deformation .

application

• copyright protection
• Digital fingerprinting
• Certification and integrity verification
• Content identity and hidden identity
• Use control
• Content protection

1.18 Performance evaluation of digital watermarking

• Imperceptibility
• Damage to the carrier
• Subjective evaluation
• objective evaluation
• Watermark capacity 、 Imperceptibility 、 The balance between robustness

1.19 Functions and functions of firewall

• Network security barrier

• Strengthen network security strategy

  Based on the following four technologies

  1. Service control —— Determine the types of network services that can be accessed . The firewall can be in IP Address and TCP Filter traffic based on port number .
  2. Direction control —— Determine the direction in which specific service requests flow through the firewall .
  3. User control —— Access to a service is controlled according to which user tries to access the service .
  4. behavior control —— Control how specific services are used .

• Monitor and audit network access and access

• Prevent internal information leakage

• Protect Intranet Security

1.20 What are the advantages of Distributed Firewalls

• Applicable to server hosting （ Big data center ）
• Enhanced system security （ Intrusion detection ）
• Eliminate structural bottlenecks , Improved system performance （ A single access point ）
• Expand with the system （ Distributed features ）
• It is more widely used and supports VPN signal communication

1.21 VPN The key technology

• Tunneling Protocol
• Certification Technology
• Encryption technology
• Key exchange and management