With the advent of the era of network economy and network society, the network will enter an omnipresent and omnipotent situation. Economic, cultural, military and social activities will strongly rely on the network. As an important national infrastructure, the security and reliability of the network will become the focus of common concern of all countries in the world. However, the original nature of the Internet, which is cross-border, incapable, undefended and lack of legal binding force, has brought opportunities and great risks to all countries. In order to make Internet/Intranet develop healthily in China, we must pay attention to these risks and conflicts.

Keywords: network security information security measures

Information is not only a kind of resource, but also a kind of wealth. With the advent of the era of knowledge economy, protecting the security of important information has become a common concern of the whole society. According to statistics, about 20% users on the Internet have been hacked. Although hackers are so rampant, network security has not attracted enough attention. More users think that the problem of network security is far away from them, which can be seen from more than 40% users, especially LAN users, who have not installed a firewall. Especially from the harm caused by network virus to network system and network security in recent times, the hidden danger of network security is very serious and has to be paid enough attention to by everyone. This article talks about network security and preventive measures.

Network is not only a place for information sharing, but also the most prominent place for information security risks.

With the rapid development of national economy informatization, people's demand for network information security is more and more urgent, especially since the Internet has been widely used, the security of information systems has involved many major issues such as national sovereignty. According to statistics, 32% of the incidents were committed by internal hackers. In addition, according to a survey by the National Computer Security Association (NCSA), nearly half of the recent virus infection cases of enterprises came from e-mails on the Internet.

At present, most institutions and colleges in China have established intranets within them, and they are connected with the Internet all over the world through e-mail, gateways and firewalls. Files in the network are easily infected by viruses. After these files are executed, they will soon affect the whole network, resulting in data loss and even network paralysis. Recently, two viruses, Redcode and nimda, spread at a fast speed and a wide range, which is beyond the expectation of network practitioners. The harm caused is very shocking, and most systems are seriously disturbed, which affects normal teaching and training.

On the internet, the destructive power of computer hackers is very great: from breaking into the intranet to illegally browsing information; In addition, software and confidential documents stored on the Internet have been destroyed and tampered with. They spy on business intelligence, steal huge sums of money, sabotage communications and command, and steal military secrets. Therefore, when sending and receiving emails or files online, we should pay special attention to whether there are computer hackers hiding in the dark.

Hacking skills mainly include: cracking passwords and passwords, making and spreading computer viruses, making logical bombs, breaking through network firewalls, using recording facilities to steal radio wave information radiated by monitors and so on. There are many tools used by hackers on the Internet. At present, more than a dozen hacker programs such as BO(BACKORIFICE), NETBUS, NETSPY and BACKDOOR have been discovered. For example, Rootkin software has Trojan horse, network sensitivity and trajectory tracking functions.

Hackers' attack methods mainly include: hunting for access lines, hunting for passwords, forcibly breaking in, cleaning up disks, changing and establishing UAF (User Authorization File) records, stealing extra rights, introducing Trojan software to cover up real intentions, introducing command processes or "worm" programs to parasitize privileged users, using a contact as a gateway (agent) to connect other nodes, and breaking through network firewalls through hidden channels.

Hackers often use the following attack methods on the network: using the default accounts provided by UNIX operating system, such as Telnetdaemon, FTPdaemon and Remoteexecdaemon, and constantly improving their attack ability by using the information collected by the command finger and Rusers; Use Sendmail；; Use Debug, Wizard, Pipe and pseudonym to attack; Use FTP attack without password access; Attack with NFS; Attacking through WindowsNT port 135; And use XWindows to attack.

Denial of service is a destructive attack. This attack was first triggered by an "e-mail bomb". When users are attacked by it, they will receive a large number of emails in a short time, which will make the network system unable to work normally, and in serious cases, it will lead to system collapse and network paralysis. The later "information bomb" was even more destructive. Once the information bomb explodes, it will cause the network system to collapse.

With the enrichment and improvement of tools and software, the attack methods of hackers are constantly being refurbished. Because the hacker program can be implanted into the computer system without being discovered, once the computer is infiltrated by the hacker program, the hacker can cooperate with it from the inside out, making it very easy to attack. According to the statistics of an organization specializing in Internet security monitoring, 80% of network attacks have not been discovered by network administrators. Although you can't stop the hacker's attack, you can use various effective methods to track down the saboteur. Therefore, preventing hackers from invading as soon as possible has become a top priority in the computer field.

1, binding vulnerability

The first of the top ten vulnerabilities is the BIND vulnerability. Some systems install and run BIND by default, and such systems are vulnerable to attacks even if they do not provide DNS services.

counter-measure

It is suggested to implement packet filtering and firewall, and carefully check the binding software; Ensure that unprivileged users run in chroot () environment; Prohibit external partition transmission; Check the partition mapping, confirm that it has been patched, and establish a log; Modify BIND so that it will not provide partition transport to untrusted hosts.

2. Vulnerable Universal Gateway Interface Program

The second of the top ten vulnerabilities is vulnerable CGI programs and extensions on Web servers. Intruders can easily use vulnerabilities in CGI programs to modify web pages, steal credit card information, and even establish a back door for the next intrusion.