Shulou(Shulou.com)06/02 Report--

What is network security?

Network security means that the hardware and software of the network system and the data in the system are protected from being destroyed, changed or leaked because of accidental or malicious reasons, the system can run continuously and reliably and normally, and the network service is not interrupted.

What is a computer virus?

Computer virus (Computer Virus) refers to a group of computer instructions or program codes that programmers insert in computer programs that destroy computer functions or destroy data, affect computer use and can replicate themselves.

What is *?

* * is a malicious remote control software. * is generally divided into client (client) and server (server). The client side is the console of various commands used locally, while the server side is for others to run, and only the computer that has run the server side can be completely controlled. * does not infect files like a virus.

What is a firewall? How does it ensure network security?

Using a firewall (Firewall) is a way to ensure network security. A firewall is a combination of components set between different networks (such as trusted intranets and untrusted public networks) or network security domains. It is the only entry and exit of information between different networks or network security domains, can control (allow, deny, monitor) the information flow in and out of the network according to the enterprise's security policy, and has a strong anti-* ability. It is the infrastructure to provide information security services and realize network and information security.

What is the back door? Why is there a back door?

A Back Door is a way to gain access to a program or system by bypassing security controls. During the development phase of the software, programmers often create backdoors within the software so that they can modify defects in the program. If the back door is known to others, or if it is not deleted before the software is released, then it becomes a security hazard.

What do you mean by * detection?

* Detection is a reasonable supplement to the firewall to help the system deal with the network * *, expand the security management capabilities of system administrators (including security audit, monitoring, attack identification and response), and improve the integrity of the information security infrastructure. It collects information from several key points in the computer network system, analyzes the information, and checks the network for signs of security violations and attacks.

What is packet monitoring? What does it do?

Packet monitoring can be regarded as the equivalent of an eavesdropping telephone line in a computer network. When someone is "listening" to the network, they are actually reading and interpreting the packets sent over the network. If you need to send an email or request to download a web page through a computer on the Internet, these actions will allow the data to pass through many computers between you and the data destination. The computer through which these messages are transmitted can see the data you send, and the packet monitoring tool allows someone to intercept the data and view it.

What is NIDS?

NIDS is the abbreviation of Network Intrusion Detection System, that is, the network detection system, which is mainly used to detect the * * behavior of Hacker or Cracker over the network. NIDS operates in two ways, one is to run on the target host to monitor its own communication information, and the other is to run on a separate machine to monitor the communication information of all network devices, such as Hub and router.

What is a SYN bag?

The first packet connected by TCP, a very small packet. SYN*** includes a large number of such packages, which cannot be processed effectively because they appear to be from sites that don't actually exist.

What does encryption technology mean?

Encryption technology is the most commonly used means of security, the use of technical means to transfer important data into garbled (encryption), and then restore (decrypt) with the same or different means after arriving at the destination.

Encryption technology includes two elements: algorithm and key. An algorithm is a step of combining ordinary information or understandable information with a series of numbers (keys) to produce incomprehensible ciphertext. The key is an algorithm used to encode and decrypt data. In security and secrecy, the security of network information communication can be ensured by appropriate key encryption technology and management mechanism.

What is a worm?

The worm virus (Worm) originates from the first virus that spreads on the network. In 1988, Robert, a 22-year-old graduate student at Cornell University. Robert Morris sent a virus called Worm specifically for UNIX system flaws over the network. The worm paralyzed 6000 systems at an estimated cost of $2 million to $60 million. As a result of the birth of this worm, a special computer emergency response team (CERT) was set up on the Internet. Now the worm family has grown to tens of thousands, and most of these worms are written by the government.

What is an operating system virus? What harm does it do?

This virus will use its own programs to join the operating system or replace part of the operating system to work, has a strong destructive power, will lead to the paralysis of the entire system. And because of the infection of the operating system, the virus will replace the legal program module of the operating system with its own program fragments when running. According to the characteristics of the virus and the status and function of the legal program module in the replaced operating system in the operating system, as well as the way in which the virus replaces the operating system, the operating system is destroyed. At the same time, the virus is also very infectious to the files in the system.

What is the Morris worm? What are its characteristics?

It was written by Roth, a freshman graduate student at Cornell University in the United States. Maurice. This program has only 99 lines and takes advantage of the shortcomings in the Unix system. Use the Finger command to check the list of online users, then decipher the user password, copy and spread its own source program with the Mail system, and then compile and generate the code.

The original design of the network worm was that when the network was idle, programs "wandered" between computers without causing any damage. When a machine is overloaded, the program can "borrow resources" from idle computers to achieve network load balancing. The Morris worm is not "borrowing resources", but "exhausting all resources".

What is DDoS? What will be the consequences of it?

DDoS means distributed denial of service *. It uses the same method as a normal denial of service, but originates from multiple sources. Usually * users use downloaded tools * unprotected hosts. After obtaining appropriate access to the host, * users install software services or processes in the host (hereinafter referred to as agents). These agents remain asleep until they receive instructions from their master to initiate a denial of service to the specified target. With the widespread use of highly harmful * tools, distributed denial of service * * can launch thousands of * against a single target at the same time. The power of a single denial of service may not affect wide-bandwidth sites, while thousands of people around the world can have fatal consequences.

What is the ARP*** inside the LAN?

The basic function of ARP protocol is to query the MAC address of the target device through the IP address of the target device to ensure the communication.

Based on this working characteristic of ARP protocol, * * continuously sends fraudulent ARP packets to the other computer, and the packets contain Mac addresses repeated with the current device, so that when the other party responds to the message, the normal network communication cannot be carried out due to simple address repetition errors. In general, there are two phenomena that occur on computers subject to ARP***:

1. Keep popping up the dialog box of "the local XXX segment hardware address conflicts with the XXX segment address in the network".

two。 The computer can not access the Internet normally, resulting in the symptoms of network interruption.

Because this kind of request packet is "spoofed" by using ARP request message, the firewall will mistake it for normal request packet and will not intercept it. Therefore, it is difficult for ordinary firewalls to resist this kind of *.

What is cheating? What are the ways of it?

The main technologies of network deception are: HONEYPOT and distributed HONEYPOT, deception space technology and so on. The main ways are: IP spoofing, ARP spoofing, DNS spoofing, Web spoofing, email spoofing, source route spoofing (by specifying a route, legally communicating with other hosts under a fake identity or sending fake messages, causing the wrong actions of the host), address spoofing (including forged source addresses and forged intermediate sites), and so on.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.