Shulou(Shulou.com)06/02 Report--

The editor will share with you about the knowledge of network security. I hope you will gain a lot after reading this article. Let's discuss it together.

=

Knowledge related to network security

Five ways to steal secrets and attack

Network Footprinting: attackers collect the information of the target in advance, and usually use Whois, Finger, Nslookup, Ping and other tools to obtain some information of the target, such as domain name, IP address, network topology, relevant user information, etc., which are often the first step for hackers to do.

Scan attack (Scanning): scanning here mainly refers to port scanning, usually using various port scanning tools such as Nmap, you can get some useful information about the target computer, such as which ports are open on the machine, so you know which network services are set up. Hackers can take advantage of these server vulnerabilities to carry out further intrusions. This is often the second step done by a hacker.

Protocol stack fingerprint (Stack Fingerprinting) authentication (also known as operating system detection): hackers send detection packets to the target host. Because there are many subtle differences between the IP stack implementations of different OS vendors, each OS has its own unique response method. Hackers can often determine the OS that the target host is running. This can often be seen as part of the scanning phase.

Flow sniffing (Sniffering): by setting a host network card to promiscuous mode in a shared LAN, or by using ARP spoofing in various Lans, the host accepts all packets that pass by. Based on this principle, hackers can use a sniffer (hardware or software) to monitor the network information flow and collect information such as accounts and passwords, which is the third step of hacker intrusion.

Session hijacking (Session Hijacking): session hijacking means that in a normal communication process, the hacker participates as a third party, either injecting additional information into the data stream, or secretly changing the communication mode of both parties, that is, from direct contact to transfer by the hacker. This kind of attack can be thought of as the fourth step of hacker intrusion-- one of the real attacks.

What is a firewall? Why do I need a firewall?

Firewall is a kind of device, which is composed of software and hardware. It usually lies between the internal local area network and the Internet of an enterprise. It restricts the access of Internet users to the internal network and manages the rights of internal users to access Internet.

In other words, a firewall provides a blocking tool between an internal network that is considered secure and trusted and an external network that is considered less secure and trusted. If there is no firewall, the security heart of the entire internal network is completely dependent on each host, so all hosts must achieve a consistent high level of security, which is very difficult in practice.

The firewall is designed to run dedicated access control software devices, there are no other services, so it means relatively less defects and security vulnerabilities, which makes security management more convenient and easier to control. it also makes the internal network more secure. The principle followed by the firewall is to ensure the security of the internal network as much as possible under the condition of ensuring the smooth flow of the network, which is a static security component.

The limitations of firewalls?

Some attacks on the network can bypass the firewall

Firewalls cannot prevent attacks from internal networks.

Firewalls cannot protect the transfer of programs and files infected by the virus.

Firewalls cannot guard against entirely new network threats.

When end-to-end encryption is used, the role of the firewall is greatly limited.

Firewalls are not completely transparent to users, which may bring problems such as transmission delay, bottleneck and single point of failure.

Firewalls do not prevent data-driven attacks.

After reading this article, I believe you have a certain understanding of network security knowledge, want to know more related knowledge, welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.