Shulou(Shulou.com)06/01 Report--

Chapter 1-introduction to Security

I. Overview of Information Security

A complete information system includes a variety of underlying hardware devices, operating systems, applications, network services, etc., as well as users who use or manage the system

Therefore, information security must be omni-directional and multi-angle, and the weakness of any link may lead to the vulnerability of the whole information system.

(1) basic classification of safety

1. Physical security

The objects considered for physical security are mainly all kinds of hardware devices, computer room environment and other material carriers, which can also be understood as hardware security.

The hardware facility is the basic condition for carrying and realizing the functions of the information system, so the physical security is also the most direct and primitive object.

[common measures to enhance physical security]

Storage location, equipment redundancy, hardware settings, personnel management

2. System security

The object of the system security consideration is mainly the operating system, including windows/Linux/Unix, IOS of routing switching equipment, etc.

Operating system undertakes the core task of coordinating hardware resources such as CPU, memory and disk storage, and providing users with application environment and services, so it is the core object in information security.

[common measures to enhance system security]

System (software vulnerabilities), account and rights management, software service management

System cleaning and backup, failover (isolation)

3. Network security

The object of network security consideration is mainly network-oriented access control.

Various routing switching devices, servers, workstations, etc., are not isolated individuals, but provide services through the network.

When physical security is excluded, in fact, more than 90% of the security risks and security risks come from the network.

[common measures to strengthen network security]

Port filtering, remote management, camouflage technology, encrypted transmission

Application system protection, firewall policy, * detection

4. Data security

The objects that are considered for data security are mainly electronic data, including text, pictures, reports, databases and other document information that need to be kept secret.

Of course, the protection level of data security depends on the needs of users, for the more important and sensitive data, the more powerful protection and authorization measures should be taken.

[common measures to enhance data security]

Data backup, data encryption, access control, personnel management

(2) Safety assessment standard

The information security assessment mainly includes the following work:

Clarify the current safety situation, determine the safety risks, and provide guidance for the construction of the safety system of enterprises.

1. TCSEC, trusted computer security evaluation standard

The full name is Trusted Computer System Evaluation Criteria, which is the first formal standard for computer system security assessment. It was officially released by the US Department of Defense in December 1985, also known as Orange Book.

[four security levels of TCSEC]

Class D, unprotected: the lowest security, not suitable for use in the user environment

Class C, autonomous protection level: provides basic protection for sensitive data in a multi-user environment by separating users from data resources

Category B, mandatory protection level: mandatory access control policy is enabled and all unauthorized access is denied

Class A, verification protection level: the security is the highest. The designer of the information system must analyze, implement and maintain the system according to a formal specification.

2. ISO/IFC 15408, GB/T 18336-2008, Information Technology Security Evaluation criteria

Officially released by ISO (International StandardizationOrganization, International Organization for Standardization) in December 1999, it is the first international computer security assessment standard.

[criteria for classification of computer information system security protection]

The first level, user independent protection level.

The second level, system audit protection level

The third level, security mark protection level

The fourth level, structured protection level

Level 5, access authentication protection level

3. GB/T 202xx-2006, GB/T 209xx-2007, GB/T 210xx-2007 series

In the field of domestic safety assessment, based on the national standards GB/T 17859-1999 and GB/T 18336-2001, a series of detailed guidelines have been issued one after another.

Second, common security risks

(1) introduction of * methods

1. Exploit vulnerabilities

Through a specific operation process, or using a special vulnerability program, take advantage of the vulnerabilities in the existing operating system and application software to invade the victim system or obtain special permissions.

* overflow * * is also a kind of vulnerability exploitation, which can cause the victim system to crash by submitting data that exceeds the expected length to the program, combined with a specific * code.

Z. SQL injection is a typical exploit of web page code vulnerabilities.

2. Violent cracking

Z. is mostly used in the field of passwords, that is, it is verified repeatedly with different password combinations until the correct password is found.

Brute force cracking is also known as "password exhaustion", and all password sets used to try are called "password dictionaries".

3. * implant

By implanting and enabling * programs in the victim's system, it can steal sensitive information without the user's knowledge, or provide access to remote access.

A program is like an electronic spy lurking in a computer, which is usually disguised as a legitimate system file and has strong concealment and deception.

The most commonly used * are "Internet Silver Bandit, QQ Terminator, Glacier, Shangxin, Guangwai Girl, Internet Theft" and so on.

4. Viruses and malicious programs

The main purpose of a virus or malicious program is to destroy, not to steal information.

Virus programs have the ability to replicate and infect themselves, and may be transmitted through e-mails, pictures, videos, software, CDs, etc.

Common viruses such as "CIH virus, millennium bug, shock wave, code red, panda burning incense", etc.

5. System scanning

Z scan is not really * *, but more like a prelude to *. It refers to the process of using tools to detect target networks or hosts.

Z. scan can obtain the target's system type, software version and port opening, and find out the helped or potential vulnerabilities.

Common scanning tools such as "PortScan, X-Scan, streamer, Nessus", etc.

6. Dos (denial of service)

The full name is Denial of Service, and the name comes from the result of *. It refers to the situation in which the target system crashes, loses response and fails to provide services or access resources in any way.

The more common way of using "Dos***" is flood, such as "Syn Flood, Ping Flood". By sending a large number of TCP requests to the target, Syn Flood has exhausted the other party's connection resources, thus unable to provide normal services.

The more powerful DDos***, is Distributed Denialof Service (distributed denial of Service). The method of * in this way is no longer a single host, but is large-scale in number, and may be thousands of hosts (usually called "broilers") distributed in different networks and locations.

7. Phishing

Phishing refers to victims visiting bogus websites to collect sensitive information such as user names, passwords, credit card information, etc.

In terms of appearance, the fake website is almost exactly the same as the real bank website, and the domain name of the website is also similar.

8. ARP deception, middleman *

The * * object is the ARP cache table of the target host, which is mainly aimed at the local area network environment, and interferes with communication by sending the wrong IP/MAC address mapping table.

III. Malicious programs * examples

Eliminate malicious programs

Delete the file C:\ Windows\ System32\ rundll32.bat

Run the gpedit.msc Group Policy Editor

# user configuration-> Administrative templates-> system, set "prevent access to the registry tool" to "disabled"

# user configuration-> Administrative templates-- > Windows components-- > Internet Explorer, set "disable changing home page settings" to "disabled"

Edit the registry and delete the boot key "ctfmom"

Reopen the Internet Explorer browser and fix the home page settings

4. The method of setting IPsec encryption

Open the console, select "File" for mmc →→, add snap-in →→, add IP security policy →→, create IP security policy →→ customize protocol encryption according to environmental requirements

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.