Network Security Learning （ One ）

Basic attributes of network security

People have three basic needs for network security

confidentiality （Confidentiality）、 integrity （Integrity）、 Usability （Availability）.

confidentiality

Confidentiality not only includes the confidentiality of information content , It also includes the confidentiality of information status , Such as in military war , Even if you can't crack the other party's encrypted message , However, some important conclusions can be inferred from the sudden increase of communication traffic . For example, the enemy may carry out a large number of military activities next , Or military deployment .

integrity

Integrity refers to the characteristics of information that cannot be changed without authorization . That is, information will not be accidentally or deliberately deleted during storage or transmission 、 modify 、 forge 、 Disorder 、 replay 、 Insert broken and missing features such as . Typical cases of threats to integrity are those where the source of the threat manipulates user accounts and tampers with information , Such as changing bank accounts , In this way, even if the user's information is not stolen , No longer accurate .

Usability

Availability refers to the feature that information can be accessed by authorized entities and used on demand .

Evolution history of network security

Communication security phase

The main security issues are eavesdropping and analysis .

Computer security

20 century 70 years , The US National Bureau of standards published the data encryption standard (DES)、 Us department of defense (DoD) Working face 《 Evaluation criteria for trusted computer systems 》(TCSEC)

Information system security

20 century 90 After year , Information system security has become the core content of network security . At this stage, in addition to emphasizing confidentiality 、 integrity 、 Usability , People also pay attention to “ Non repudiation ”.
1993 year 6 month , The United States government, together with Canada and the European community, drafted a single general guideline （CC standard ） And push it to international standards . To develop CC The purpose of the standard is to establish a general security evaluation criterion for information security products and systems that can be accepted by all countries .
In the United States TCSEC、 Europe's ITSEC、 Canadian CTCPEC、 In the United States FC And other information security guidelines , from 6 A country 7 Fang （ National security administration and National Institute of technical standards 、 Add 、 Britain 、 Law 、 Virtue 、 Lotus ） They put forward “ General guidelines for information technology security evaluation (The Common Criteriafor Information Technology security Evaluation,cC ) ”, abbreviation CC standard , It integrates the existing information security norms and Standards , Formed a more comprehensive framework .

Cyberspace Security

Get into 21 century , The Internet has gradually become Jihai 、 lu 、 empty 、 The fifth largest human living space after days . Cyberspace Security has attracted great attention from all countries , Developed countries generally regard it as the basis of national security , Rise to the height of national security to understand and treat . Only from the traditional confidentiality 、 integrity 、 Usability is obviously not enough , We need to pay more attention to politics at the national level 、 economic 、 Culture 、 Military and other influences .