Security threats from the network are real, especially when running critical services on the network, network security is the first problem to be solved. The following is the column of the blackboard report for studying abroad. I have compiled the content of the network security blackboard report for you for your reference. I hope it will be helpful to you. Please click to view more details. Network Security Blackboard Content 1 Network Security Blackboard Content 2 Network Security Blackboard Content 3 Network Security Preventive Measures
Computer network security measures mainly include three aspects: protecting network security, protecting application service security, and protecting system security. , all aspects of security protection must be considered in combination with physical security, firewalls, information security, Web security, media security, etc.
(1) Protect network security.
Network security is to protect the security of the communication process between network end systems of business parties. Ensuring confidentiality, integrity, authentication and access control are important factors in network security. The main measures to protect network security are as follows:
(1) Comprehensively plan the security strategy of the network platform.
(2) Develop network security management measures.
(3) Use a firewall.
(4) Record all activities on the network as much as possible.
(5) Pay attention to the physical protection of network equipment.
(6) Test the vulnerability of the network platform system.
(7) Establish a reliable identification and identification mechanism.
(2) Protect application security.
Protection Application security is mainly a security protection measure established for specific applications (such as Web servers and online payment software systems). It is independent of any other security protection measures on the network. Although some protective measures may be a substitute or overlap of network security services, such as the encryption of network payment and settlement information packets by web browsers and web servers at the application layer, which are encrypted through the IP layer, many applications also have their own specific Security requirements.
Since the application layer in e-commerce has the most stringent and complex security requirements, it is more inclined to adopt various security measures at the application layer rather than at the network layer.
Although security at the network layer still has its specific place, people cannot rely entirely on it to solve the security of e-commerce applications. Security services on the application layer can involve the security of applications such as authentication, access control, confidentiality, data integrity, non-repudiation, Web security, EDI and network payment.
(3) Protect system security.
Protecting system security refers to security protection from the perspective of the overall e-commerce system or online payment system. It is interrelated with the network system hardware platform, operating system, various application software, etc. System security involving online payment and settlement includes the following measures:
(1) Check and confirm unknown security vulnerabilities in installed software, such as browser software, e-wallet software, payment gateway software, etc. .
(2) The combination of technology and management ensures that the system has minimal penetration risk. Connection is only allowed after passing multiple authentications, all access data must be audited, and system users must be strictly security managed.
(3) Establish detailed security audit logs to detect and track intrusion attacks. Preventive Measures for Commercial Transactions
Commercial transaction security closely focuses on various security issues that arise when traditional commerce is applied on the Internet. On the basis of computer network security, how to ensure the smooth progress of the e-commerce process.
Various business transaction security services are implemented through security technology, which mainly includes encryption technology, authentication technology and e-commerce security protocols.
(1) Encryption technology.
Encryption technology is a basic security measure adopted in e-commerce. Both parties to the transaction can use it during the information exchange stage as needed. Encryption technology is divided into two categories, namely symmetric encryption and asymmetric encryption.
(1) Symmetric encryption.
Symmetric encryption is also called private key encryption, that is, the sender and receiver of information use the same key to encrypt and decrypt data.
Its biggest advantage is that it has fast encryption/decryption speed and is suitable for encrypting large amounts of data, but key management is difficult. Confidentiality and message integrity can be achieved by encrypting confidential information and sending a message digest or message hash with the message if the communicating parties can ensure that the private key has not been compromised during the key exchange phase. value to achieve.
(2)Asymmetric encryption.
Asymmetric encryption, also known as public key encryption, uses a pair of keys to complete encryption and decryption operations respectively. One of them is published publicly (i.e., the public key), and the other is kept secretly by the user (i.e., the private key). ). The process of information exchange is: Party A generates a pair of keys and discloses one of them as a public key to other trading parties. Party B, who obtains the public key, uses the key to encrypt the information and then sends it to Party A. The party then uses its own private key to decrypt the encrypted information.
(2) Authentication technology.
Authentication technology is a technology that uses electronic means to prove the identity of the sender and receiver and the integrity of their files, that is, to confirm that the identity information of both parties has not been tampered with during transmission or storage.
(1)Digital signature.
Digital signatures are also called electronic signatures. Just like presenting a handwritten signature, they can authenticate, approve and validate electronic documents. The implementation method is to combine the hash function and the public key algorithm. The sender generates a hash value from the message text and encrypts the hash value with its own private key to form the sender's digital signature; then , send this digital signature as an attachment to the message together with the message to the recipient of the message; the recipient of the message first calculates the hash value from the received original message, and then uses the sender’s public secret key to decrypt the digital signature attached to the message; if the two hash values ??are the same, the receiver can confirm that the digital signature belongs to the sender. The digital signature mechanism provides an identification method to solve problems such as forgery, denial, impersonation, and tampering.
(2)Digital certificate.
A digital certificate is a file containing public key owner information and a public key digitally signed by a certificate authority. The main components of a digital certificate include a user public key, plus the user identity of the key owner. Identifier, and trusted third-party signature The third party is generally a certificate authority (CA) trusted by users, such as government departments and financial institutions. The user submits his public key to the public key certificate authority in a secure manner and obtains a certificate, and then the user can make the certificate public. Anyone who needs the user's public key can obtain this certificate and verify the validity of the public key through the associated trust signature. Digital certificates provide a way to verify the identity of each party through a series of data that marks the identity information of the parties to the transaction, and users can use it to identify the other party's identity.
(3) Security protocols for e-commerce.
In addition to the various security technologies mentioned above, there is also a complete set of security protocols for the operation of e-commerce. More mature protocols include SET, SSL, etc.
(1) Secure Socket Layer Protocol SSL.
The SSL protocol is located between the transport layer and the application layer, and consists of the SSL record protocol, the SSL handshake protocol and the SSL alert protocol. The SSL handshake protocol is used to establish a security mechanism before the client and server actually transmit application layer data. When the client and the server communicate for the first time, the two parties reach an agreement on the version number, key exchange algorithm, data encryption algorithm and Hash algorithm through the handshake protocol, then verify each other's identity, and finally use the negotiated key exchange algorithm to generate a Only the two parties know the secret information. The client and the server each generate data encryption algorithm and Hash algorithm parameters based on this secret information. The SSL record protocol encrypts, compresses, and calculates the message authentication code MAC based on the parameters negotiated by the SSL handshake protocol, and then sends it to the other party via the network transport layer. The SSL alert protocol is used to communicate SSL error messages between clients and servers.
(2) Secure electronic transaction protocol SET.
The SET protocol is used to divide and define the rights and obligations between consumers, online merchants, banks and credit card organizations in e-commerce activities, and provides transaction information transmission process standards.
SET mainly consists of three files, namely SET business description, SET programmer's guide and SET protocol description. The SET protocol ensures the confidentiality of the e-commerce system, data integrity, and identity legitimacy.
The SET protocol is specially designed for e-commerce systems. It is located at the application layer, and its certification system is very complete and can achieve multi-party certification. In SET's implementation, consumer account information is kept confidential from the merchant. However, the SET protocol is very complex. Transaction data requires multiple verifications, multiple keys, and multiple encryption and decryption. Moreover, in the SET protocol, in addition to consumers and merchants, there are other participants such as card issuers, acquirers, certification centers, and payment gateways. Encryption prevention methods
Link encryption methods
Security technical means
Physical measures: For example, protect key network equipment (such as switches, mainframe computers, etc.), and formulate Strict network security rules and regulations, taking measures such as radiation protection, fire protection and the installation of uninterruptible power supplies (UPS).
Access control: Strictly authenticate and control users’ permissions to access network resources. For example, perform user identity authentication, encrypt, update and authenticate passwords, set permissions for users to access directories and files, control permissions for network device configuration, etc.
Data encryption: Encryption is an important means to protect data security. The function of encryption is to ensure that people cannot understand the meaning of information after it is intercepted. To prevent computer network viruses, install a network anti-virus system.
Network isolation: There are two ways of network isolation, one is achieved by using isolation card, and the other is achieved by using network security isolation gatekeeper.
The isolation card is mainly used to isolate a single machine, and the gatekeeper is mainly used to isolate the entire network. The difference between the two can be found in the reference material.
Other measures: Other measures include information filtering, fault tolerance, data mirroring, data backup and auditing, etc. Many solutions have been proposed around network security issues, such as data encryption technology and firewall technology. Data encryption is to encrypt the data transmitted in the network, and then decrypt it to restore it to the original data after reaching the destination. The purpose is to prevent illegal users from intercepting and stealing information. Firewall technology controls network access by isolating the network and restricting access.
Security awareness
Having network security awareness is an important prerequisite for ensuring network security. The occurrence of many network security incidents is related to the lack of security awareness.
Host security check
To ensure network security and build network security, the first step is to fully understand the system, evaluate system security, recognize your own risks, and quickly , accurately solve intranet security issues. The first innovative automatic host security inspection tool in China independently developed by Antiy Laboratories completely subverts the cumbersome operation of traditional system confidentiality inspection and system risk assessment tools. It allows a comprehensive security and confidentiality inspection of intranet computers with one click. and accurate security level determination, and conduct powerful analysis, processing and repair of the evaluation system.
Host physical security
The physical security environment in which the server runs is very important, and many people ignore this. The physical environment mainly refers to the facility conditions of the server hosting computer room, including the ventilation system, power supply system, lightning protection and fire protection system, as well as the temperature and humidity conditions of the computer room, etc. These factors affect the life of the server and the security of all data. I won't discuss these factors here because you will make your own decision when choosing an IDC.
What is emphasized here is that some computer rooms provide special cabinets to store servers, while some computer rooms only provide racks. The so-called cabinet is an iron cabinet similar to the cabinets at home. There are doors on the front and back, and there are trailers, power supplies, fans, etc. for the servers. The door is locked after the server is put in. Only the manager of the computer room has the key to open it. The rack is an open iron frame. When the server is put on the rack, you only need to insert it into the rack. There is a big difference in the physical security of the server between these two environments. It is obvious that the server placed in the cabinet is much safer.
If your servers are placed in an open rack, that means anyone can access them.
If others can easily access your hardware, what security is there?
If your server can only be placed in an open rack computer room, then you can do this:
(1) Bind the power supply to the slot with tape to prevent others from accidentally touching your power supply;
(2) After installing the system, restart the server. During the restart process Unplug the keyboard and mouse, so that after the system starts, the ordinary keyboard and mouse will not work after being connected (except USB mouse and keyboard)
(3) Have a good relationship with the personnel on duty in the computer room, Don't offend the maintenance personnel of other companies in the computer room. By doing this, your server will be at least a little more secure.