Shulou(Shulou.com)06/01 Report--

① physical layer

There are not many security measures on the physical layer. If a potential one has access to physical media, such as wire theft

By listening and probing, all transmitted messages can be copied. The only effective protection method is to use techniques such as encryption and traffic filling.

These techniques can effectively prevent the use of detectors to obtain information.

The network topology reflects the composition of the network. Safety management personnel should protect it. The most commonly used

One way to get into the network is to install a packet detector on a host within the enterprise. It can remember the physical medium.

An electronic signal that transmits data qualitatively.

② network layer

A technique called IP spoofing is often used to replace the source IP address with an incorrect IP address. Receive

The host cannot determine that the source IP address is incorrect, so the upper layer protocol must perform some checks to prevent this spoofing.

One of the most famous types of cheating using IP is Smurf. This is to send a large number of remote hosts

After a series of ping request commands, replace the source IP address with the IP address of the desired destination host. All

All the remote computers respond to these ping requests, but the reply to the destination address is not the IP of the responder.

Address, but the IP address of the target host, which will be flooded with a large number of ICMP packets and will not work effectively. Smurf

It's a denial of service.

ICMP is used in the IP layer to check for errors and queries. For example, when you ping a host to determine whether it is running, it is produced.

An ICMP message was born. The remote host will respond to the ping request with its ICMP message. This communication process occurs in the

It's normal in most networks. However, the ICMP message * remote network or host is used. Such as using ICMP to

Consume bandwidth to effectively destroy the site. So far, Microsoft's site does not respond to ping because Microsoft has filtered

All ICMP requests. Some companies now filter ICMP traffic on their firewalls.

③ transport layer * *

The transport layer controls the transmission of data streams between hosts. There are two protocols in the transport layer, namely, Transmission Control Protocol (TCP).

And user Datagram Protocol (UDP).

(1) TCP

TCP is a connection-oriented protocol that ensures reliable data transmission. TCP protocol is used for most Internet services.

Such as HTTP, FTP and SMTP. The most common transport layer security technology is secure socket layer protocol SSL. By Netscape

Designed by the communication company, the structure is divided into two layers, as shown in figure 2-1.

SSL negotiation layer: the two parties agree on the encryption algorithm and identity authentication through the protocol layer.

SSL recording layer: the upper data is segmented, compressed and encrypted, and then transmitted by TCP.

For the management of SSL exchange process, the negotiation layer supports it through three protocols. The protocol stack of SSL is shown in figure 2-2.

As shown.

SSL authenticates identity by public key and transmits a large amount of data by symmetric key. Through consultation between the two parties

SSL can support a variety of authentication, encryption, and authentication algorithms. The corresponding protocol functions of the two levels are as follows:

SSL recording protocol: it segments, compresses, authenticates and encrypts the information provided by the application. In SSL

Handshake protocol is used to negotiate the process of data authentication and data encryption. SSLv3 supports data authentication with MD5 and SHA and data encryption with DES.

④ application layer

In the application layer, there are about 1800000 applications that can be used on top of TCP/IP. Protect every application on the network

Ordering is unlikely, and it is an effective way to allow only some special applications to communicate over the network.

1. Simple Mail transfer Protocol (SMTP)

Passing the SMTP protocol will destroy the Email server. SMTP servers are usually treated in different ways

. For example, a large amount of Email information is often sent to the SMTP server so that the server cannot handle legitimate users.

Email traffic, making the SMTP server unavailable, causing a denial of service to legitimate Email users.

At present, many viruses spread through e-mail or their attachments. Therefore, the SMTP server should be able to scan all mail

Piece of information.

2. File transfer Protocol (FTP)

FTP is used to send and receive files after establishing a TCP/IP connection. FTP consists of a server and a client, almost every

Every TCP/IP host has a built-in FTP client, and most servers have a FTP server program.

FTP uses two ports to communicate. Use the TCP21 port to control the establishment of the connection, and control the connection port throughout the FTP

Remain open in the session to send control information and client commands between the client and the server. Data connection establishment makes

Use a short temporary port. A data connection is established each time a file is transferred between the client and the server.

Some FTP servers do not need to authenticate the client; when authentication is required, all usernames and passwords are

Transmitted in clear text. One of the damage is to find a FTP server that allows anonymous connections and has write access, and then upload

Incorrect information fills up the entire hard disk space, causing the operating system to fail to function properly. You can also make log files

There is no room to log other events in an attempt to access the operating system or other services without being checked by log files

To.

3. Hypertext transfer Protocol (HTTP)

HTTP is the most widely used protocol on the Internet. HTTP uses port 80 to control the connection and a temporary port

When transferring data, HTTP has two obvious security problems, namely, the client browsing application and the external HTTP server.

Use the program. The HTTP client uses a browser to access and receive Web pages returned from the server. If you download a destructive Active X control or Java Applets. These programs are executed on the user's computer and contain some type of code, which may be a virus or Trojan. The best way to protect against this damage is to warn users not to download unchecked applications.

In order to expand and expand the functionality of the Web server, some extended applications are added to the HTTP server. Such as

Java, CGI, AST and so on. These programs have some security vulnerabilities that can be compromised once the Web server starts executing code.

4. Telnet Protocol (Telnet)

Telnet is used for remote terminal access and can be used to manage UNIX machines. First consider the security of Telnet

The factor is that it allows remote users to log in. Second, Telnet sends all usernames and passwords in clear text. Have classics

It can hijack a Telnet session.

5. Simple Network Management Protocol (SNMP)

SNMP allows administrators to check status and sometimes modify the configuration of the SNMP agent. The manager collects all the information from

The trap sent by the SNMP agent and query the information directly from these agents. SNMP transmits all the information through ports 161and 162of UDP.

The valid authentication provided by SNMP is the group name. If the manager and the agent have the same group name and permission

All SNMP lookups will be allowed within the IP address field of If one gets the group name, he will be able to query and fix it.

Change all nodes on the network that use SNMP. Another security problem is that all information is transmitted in clear text. One

You can get this information by connecting to any location on the network using SNMP Manager. Current SNMP v3 version

The application of this will be able to solve the above problems.

6. Domain name system (DNS)

DNS uses port 53 of UDP when resolving domain name requests. However, the TCP is used for zone transfer

Port 53. Regional transmission refers to the following two situations:

(1) the client requests regional transmission from the DNS server using the nslookup command.

(2) the slave domain name server requests a zone file from the master server.

You can have a DNS server and get its zone file. The result is that you can know this area.

The IP address and computer name of all systems in the domain.

To protect the DNS server is to put the server behind the firewall, and then configure the firewall to prevent all zone passes

Input, you can also configure the system to accept only the regional transmission of specific hosts.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.