The 21st century is an era of informationization. Due to the rapid development of science and technology, the Internet has become an indispensable part of people's lives and work. The network is rapidly spreading around the world, and information transmission is mainly realized through the network. Its security has been greatly challenged, such as stealing users' accounts, passwords and materials, invading databases, tampering with database contents, falsifying user identities, and manufacturing computer viruses. In the interests of the Internet, the interests of network users have been seriously threatened and damaged. Cybersecurity issues are increasingly receiving worldwide attention. Information security refers to the protection of the confidentiality, integrity and availability of information. Security is the foundation on which the network depends. Only when security is guaranteed can the various functions of the network be continuously developed and improved. There are many factors affecting security, both active and passive. This article mainly introduces several major commonly used technologies for network security.
1 encryption technology
Encryption technology, which is one of the main technical means used to improve the security and confidentiality of information systems and data, and to prevent secret data from being stolen, intercepted or destroyed by external parties. Encryption is a way to confuse information. There are two main types of encryption: private key encryption and public key encryption. Private key encryption is also known as symmetric key encryption because the key used to encrypt information is the key used to decrypt the information. Private key encryption provides further compactness of information, and it does not provide authentication because anyone using the key can create, encrypt, and send a valid message. This encryption method is fast and easy to implement in hardware and software. DES is an algorithm for encrypting binary data. The weakness of the DES algorithm is that it does not provide sufficient security because its key capacity is only 56 people. For this reason, a triple DES or 3DES system was later proposed, which uses two different keys to perform two or three times of encryption on the data block, which is three times larger than the normal encryption. Its strength is approximately equal to the key strength of l12 bits; public key encryption uses two keys, one for encrypting information and the other for decrypting information.
For example, the RSA algorithm can be used for both data encryption and digital signature. The theoretical basis of RSA is that it is relatively difficult to find two large prime numbers, and it is extremely difficult to solve their multiplication integrals. In the RSA algorithm, two keys, an encryption key PK, and a decryption key SK are included, and the encryption key is public. The advantage of the RSA algorithm is that the key space is large, and the disadvantage is that the encryption speed is slow. If RSA and DES are used in combination, it just makes up for the shortcomings of RSA. That is, DES is used for plaintext encryption, and RSA is used for encryption of DES keys. Data encryption technology usually uses a key to encrypt data, which involves the management of a key, because the key used for encryption with encryption software is usually not a few of our usual passwords, at most ten A few digits or letters, in general, the key is 64bit, and some are up to 128bit. We generally cannot use the brain to remember these keys, only in a safe place. Key storage media usually include: magnetic cards, magnetic tapes, magnetic disks, semiconductor memories, etc., but these may be damaged or lost, so the current mainstream encryption software uses third-party authentication or random keys to make up for people's memories. The shortcomings are still like PGP encryption software, but now the WIN2K system and some other encryption software are slowly moving in this direction.
2 firewall technology
A firewall is a combination of computer hardware and software that creates a security gateway between the Internet and the intranet to protect the intranet from unauthorized users. It is actually a barrier separating the Internet from the intranet. . If the firewall is divided into two ways, it is divided into hardware firewall and software firewall. The hardware firewall is the combination of hardware and software to achieve the purpose of isolating internal and external networks. The price is more expensive, but the effect is better; software The firewall is achieved through pure software, and the price is very cheap, but such a firewall can only restrict the access of some illegal users to the intranet through certain rules. Depending on the technology used by the firewall, we can divide it into four basic types: packet filtering, NAT (network address translation), application proxy type and state, and dynamic detection firewall. Packet filtering firewall.
The first generation of firewalls and the most basic form of firewalls check each passed network packet, either discarded or released, depending on the set of rules established. In essence, the packet filtering firewall is multiple-accessible, indicating that it has two or more network adapters or interfaces. The packet filtering firewall checks each of the packets and looks at the basic information (source address and destination address, port number, protocol, etc.) available in the packet. This information is then compared to the established rules. If a blocking telnet connection has been established and the destination port of the packet is 23, then the packet will be discarded. If the pass-through web connection is allowed and the destination port is 80, the package will be released. Combinations of multiple complex rules are also possible. If a web connection is allowed, but only for a particular server, both the destination port and the destination address must match the rules before the packet can pass. Application proxy firewall. The application proxy firewall does not actually allow direct communication between the networks it connects to. Instead, it accepts communications from specific user applications on the internal network and then establishes a separate connection to the public network server. Users inside the network do not communicate directly with external servers, so the server cannot directly access any part of the intranet. Also, if the agent code is not installed for a particular application, this service will not be supported and no connection can be established. This type of setup rejects any connection that is not explicitly configured, providing additional security and control. Some common applications that proxy firewalls usually support are: HTTP, HTTPS/SSL, SMTP, POP3, IMAP, NNTP, TELNET, FrP, IRC, and so on. NAT. Network address translation. When it comes to the topic of firewalls, it is important to mention that there is a router, although technically it is not a firewall at all.
The Network Address Translation (NAT) protocol translates multiple addresses of the internal network to a public address and sends it to the Internet. NAT is often used in small offices, home networks, etc. Multiple users share a single IP address and provide some security mechanisms for Intenet connections. When an internal user communicates with a public host, NAT keeps track of which user made the request, modifies the outgoing packet, so that the packet appears to be from a single public IP address and then opens the connection. Once the connection is established, the communication that flows back and forth between the internal computer and the web site is transparent. When an unsolicited transit connection is sent from the public network, NAT has a set of rules to decide how to handle it. Without pre-defined rules, NAT simply drops all unsolicited transit connections, just as the packet filtering firewall does. Status, dynamic detection of the firewall. State, dynamic detection firewall is a new generation of products, it can actively and real-time detection of each layer of data, based on the analysis of these data, it can effectively determine the illegal intrusion in each layer. At the same time, this kind of firewall also has distributed detectors. These detectors are installed in various application servers and nodes of other networks. They can not only monitor attacks from outside the network, but also have strong internal damage. Preventive effect.
3 smart card technology
Smart card technology is another technology that is closely related to data encryption technology. A smart card is a medium of a key, generally like a credit card, held by an authorized user and given a password or password by the user. This password is the same as the password registered on the internal web server. When the password is used together with the identity feature, the security performance of the smart card is still quite effective. This kind of technology is more common and used more widely, such as our commonly used IC card, bank card, smart door lock card and so on.
4 Conclusion
The security protection provided by existing security technologies is relative. We can't hope that with such security measures, we can guarantee that the network is safe, and there are certain limits for any network security and data protection precautions. Whether an internal network is safe, not only depends on its means, but more importantly, it depends on the comprehensiveness of the various measures taken on the network. This means that not only physical defense but also personnel are included in the means adopted. The quality of the other "soft" factors, a comprehensive assessment, to draw conclusions on whether it is safe. After understanding the security risks of the network, we must improve our security awareness. Active defense is the trend of technology development in the security field. The network security active defense technology is to enhance and protect the security of the local network, and timely discover ongoing network attacks, predict and identify unknown attacks.
(Text / Shaanxi Urban Economic School, Ren Zhipeng)
Napkin Paper,Serviette Napkin,Bathroom Tissue Paper,Premier Tissue Paper
DONGGUAN YEE HUP TRADING CO,.LTD , https://www.yeehupack.com