Computer Network Technology and Application
Chapter 24 Fundamentals of Network Security
Chapter 24 Fundamentals of Network Security (3)
⑥ Allow TCP-based queries from the DNS resolver host to internal DNS servers, including responses to those queries.
⑦Allow zone transfers between DNS advertiser hosts and internal DNS server hosts.
⑧Allow outgoing mail from internal SMTP mail server to outbound SMTP host.
⑨ Allow incoming mail from the inbound SMTP host to the internal SMTP mail server.
⑩ Allow communications from backends on the VPN server to reach internal hosts and allow responses back to the VPN server.
Allow authentication traffic to reach the RADUIS server on the internal network and allow responses back to the VPN server.
All outbound web access from internal clients goes through the proxy server and responses go back to the client etc.
5. Limitations of firewalls
Although the firewall can protect the security network from external hackers' attacks, its purpose is only to improve the security of the network, and it is impossible to guarantee the absolute security of the network.In fact, there are still some security threats that firewalls cannot prevent, such as attacks that do not pass through the firewall.For example, if dialing out from within a protected network is allowed, some users may form a direct connection to the Internet.In addition, it is very difficult for a firewall to prevent attacks from within the network and the threat of viruses.
6. Examples of firewall usage
In order to further understand the role of the firewall, the following takes a software firewall - Kingsoft Internet Security as an example to explain how to set security parameters.
(1) Application purpose
This setting is mainly to prohibit some software from accessing the Internet.
① Open Kingsoft Netguard and click "Apply Rules".
②Take "Internet" as an example, click "Allow", and select "Allow/Ban/Ask" in the pop-up list.
Tip: You should choose to allow software such as firewall, anti-virus, voice, chat, etc.; you should choose to prohibit some software used on this machine.
(2) Guidelines
① Open Kingsoft Internet Dart, open the "Tools" menu, and click "Comprehensive Settings".
② Select "Trojan Horse Firewall" and select "Enable".
③Choose "Regional Level Settings", click "Internet", "Custom Level", and a custom rule window will appear.
④Double-click the rule name, such as "Allow others to use the Ping command...", a window for modifying the rule will pop up.
⑤ You can use the same method to set other rules, click "Confirm" and save after setting.
Tips: Try not to allow others to access your computer; keep your contact with the outside world, for example, "Allow yourself to access external HTTP...", if this item is blocked, you will not be able to access the Web site.
(3) Port protection
When you find that the firewall keeps alarming and there is an attempted attack on a certain port, you can try to close this port.
Methods as below:
① Open Kingsoft Internet Dart, open the "Tools" menu, and click "Comprehensive Settings".
②Click "Advanced" and select "Enable TCP/UDP Port Filtering".
③Click "Add" to set the parameters of the port.
Description:
①The port number is the port where the attack was discovered.
②The protocol is the data transmission method adopted by the attack, TCP or UDP.
③ There are two types: local or remote, indicating the source of the attack.
④The most important thing is the operation, of course, the attack from this port must be prohibited.
⑤ Some ports cannot be banned.
7.2.4 Intrusion Detection System
An intrusion detection system (Intrusion Detection System, IDS) is a combination of software and hardware for intrusion detection.
1. Intrusion detection technology
(1) Content and function of intrusion detection
Intrusion detection is "the detection of a break-in or attempted break-in to a system by manipulating behavioral, security log or audit data, or other information available on the network", including deterrence, detection, response, damage assessment, Attack prediction and prosecution support, among other things.
Intrusion detection technology is a technology designed and configured to ensure the security of computer systems, which can detect and report unauthorized or abnormal phenomena in the system in time, and is a technology used to detect violations of security policies in computer networks.
(2) Classification of intrusion detection
According to detection objects, intrusion detection can be divided into:
① Host-based detection: The data analyzed by the system are event logs of computer operating systems, event logs of application programs, system calls, port calls, and security audit records.The host-type intrusion detection system uses an agent (agent) to realize the protection of the host system, and the agent is a small executable program running on the target host.
② Network-based detection: The data analyzed by the system is the data packets on the network.The network-based intrusion detection system is responsible for protecting the entire network segment. The network-based intrusion detection system consists of sensors (sensors) throughout the network. The sensor is a computer used to detect data packets on the network.
③Hybrid detection: both network-based and host-based intrusion detection systems have deficiencies, which will result in an incomplete defense system. The combination of network-based and host-based hybrid intrusion detection systems can discover attack information in the network, Anomalies can also be found from the system logs.
2. Detection system model
The idea and method of security engineering risk management should be used to deal with network security issues, and network security should be dealt with as a whole project.Make a comprehensive assessment of the concerned network from management, network structure, encrypted channel, firewall, virus protection, and intrusion detection, and then propose a feasible comprehensive solution.
3. Intrusion detection software
(1) NetWatch Network Monitoring and Intrusion Detection System Professional Edition
This software can monitor the enterprise network in real time, automatically or manually cut off the network connection, isolate and block the network host, prevent ARP spoofing, realize the intrusion detection function, and support the interaction of the firewall.
(2) Firewall software
Software companies at home and abroad have developed some software that specifically detects certain types of intrusions.At present, almost all firewall software has intrusion detection function, such as Rising Kaka, Kingsoft Internet Security, etc.These software require users to set rules.See the example in the Firewall section.
7.2.5 Backup and recovery technology
This book thinks that the most important thing in backup is data backup, so it mainly introduces data backup technology and related content.
At present, online banking, digital equipment, customer information and other information are more and more closely related to people's work and life, and have become an indispensable part, and people have an increasingly important understanding of the importance of data.The protection of important data is becoming more and more important, and backup data has become a method of data protection.
Backup is a means, the purpose of backup is to prevent data disasters, shorten downtime, and ensure data security; the ultimate purpose of backup is recovery.From the perspective of backup strategies, the current main backup strategies can be divided into full backup, incremental backup, differential backup and cumulative backup strategies.
1. Backup method
(1) Full backup
The way this is done is to copy all files on a given computer or filesystem, regardless of whether it has been changed.
If there is no change to the data between backups, then all backup data is the same.Back up all selected files and folders, and do not rely on the file's save attribute to determine which files to back up.If the files that change every day are only 10MB, but it takes 100GB of space for backup every night, it is definitely not a good way.
(2) Incremental backup
Incremental backup only backs up part of the data that has been added or changed since the last backup.Incremental backup can be divided into multiple levels, and each increment is derived from the changed part after the previous backup.
(3) Differential backup
A differential backup backs up only the parts of the data that have changed since the last full backup.If there are only two backups, the contents of the incremental and differential backups are the same.
(4) Accumulated backup
The cumulative backup adopts the management method of the database, records and accumulates the changes at each time point, and backs up the changed value to the corresponding array, and this backup method can restore to the specified time point.
It is worth noting that several strategies are usually used in combination, such as full backup, or full backup plus incremental backup, or full backup plus differential backup, or full backup plus cumulative backup.
2. Backup technology
(1) Backup for data
Copy the data to be stored directly, or convert the data into a mirror image and save it in the computer.Backup software such as Ghost, CDs and mobile hard drives also fall into this category.The modes adopted are divided into two types: file-by-file and mirror image.One is to directly copy the file, and the other is to compress the file into a mirror image for storage.The advantage is that it is convenient and easy to use, and it is the most commonly used by the majority of users; the disadvantage is that the security is very low and it is easy to make mistakes.It backs up the data. If the file itself has an error, it will not be restored, so the backup will be useless.
(2) Track backup technology
This is a technology that directly scans the magnetic tracks of the disk, and directly records the changes of the magnetic tracks.The advantage is that it is very accurate, because it directly records the changes of the magnetic track, so the error rate is extremely low, almost zero. Professional storage devices such as NAS use this kind of backup technology, and it is also the most widely used backup technology for small and medium-sized enterprises.
3. Mainstream storage backup equipment
(1) Disk array
The disk array connects multiple dedicated hard disks or ordinary hard disks of the same type, capacity, interface and even brand into an array, and reads and writes disk data in a fast, accurate and safe way, and can provide data backup and track backup. technology.The advantage is that it has high reliability, safety, and stability; the disadvantage is that it is expensive and requires professional maintenance and management.
(2) File server
It is a server that is responsible for file management, uploading, downloading, shared backup, etc., and uses direct data backup to store and backup data files directly on the hard disk.The advantage is that it is easy to operate and easy to use; the disadvantage is that it needs to face many security problems such as misoperation, virus infringement, and network attack.
(3) CD Tower
It consists of several or more than a dozen CDROM drives connected in parallel. The read and write operations of a certain CD-ROM drive are controlled by software, so that it can automatically read information according to the requirements, copy the data directly to the CD-ROM, and perform data backup.The advantage is that the data can be saved according to the needs, and the saved data is portable; the disadvantage is that the capacity of the disc is limited, the cost of purchasing the disc is high, the life of the recorder is short, manual operation, and the disc is easy to lose and damage.
(4) NAS
Connect the hard disks to form an array to form a small disk array cabinet.Connect with a computer or server through a network cable and perform data transmission; manage the array through a browser; easy to use, reliable and safe, and more suitable for data backup of important data of small and medium-sized enterprises such as finance, customers, design, and personnel.Mid-level and high-level NAS adopt the magnetic track backup method to ensure high accuracy of data, and can support differential backup without wasting capacity.NAS, which is widely used by IBM, HP, and domestic small and medium-sized enterprises, is Canada's "free escape".
4. Common backup software
(1) One-key GHOST
It is a boot disk released simultaneously in four versions (hard disk version, CD-ROM version, U-disk version, and floppy disk version) initiated by "DOS Home", which is suitable for various systems and can be used independently or in cooperation with each other.The main functions include one-key backup of C disk, one-key recovery of C disk, Chinese wizard, GHOST, DOS toolbox, etc.
Software application: After the system is installed and the commonly used software is installed and debugged, use this software to create a backup of the C drive.
When a problem occurs in the system, it is suitable for individual users to use the backup to restore the system.Currently, all versions of this software are free.
(End of this chapter)
⑥ Allow TCP-based queries from the DNS resolver host to internal DNS servers, including responses to those queries.
⑦Allow zone transfers between DNS advertiser hosts and internal DNS server hosts.
⑧Allow outgoing mail from internal SMTP mail server to outbound SMTP host.
⑨ Allow incoming mail from the inbound SMTP host to the internal SMTP mail server.
⑩ Allow communications from backends on the VPN server to reach internal hosts and allow responses back to the VPN server.
Allow authentication traffic to reach the RADUIS server on the internal network and allow responses back to the VPN server.
All outbound web access from internal clients goes through the proxy server and responses go back to the client etc.
5. Limitations of firewalls
Although the firewall can protect the security network from external hackers' attacks, its purpose is only to improve the security of the network, and it is impossible to guarantee the absolute security of the network.In fact, there are still some security threats that firewalls cannot prevent, such as attacks that do not pass through the firewall.For example, if dialing out from within a protected network is allowed, some users may form a direct connection to the Internet.In addition, it is very difficult for a firewall to prevent attacks from within the network and the threat of viruses.
6. Examples of firewall usage
In order to further understand the role of the firewall, the following takes a software firewall - Kingsoft Internet Security as an example to explain how to set security parameters.
(1) Application purpose
This setting is mainly to prohibit some software from accessing the Internet.
① Open Kingsoft Netguard and click "Apply Rules".
②Take "Internet" as an example, click "Allow", and select "Allow/Ban/Ask" in the pop-up list.
Tip: You should choose to allow software such as firewall, anti-virus, voice, chat, etc.; you should choose to prohibit some software used on this machine.
(2) Guidelines
① Open Kingsoft Internet Dart, open the "Tools" menu, and click "Comprehensive Settings".
② Select "Trojan Horse Firewall" and select "Enable".
③Choose "Regional Level Settings", click "Internet", "Custom Level", and a custom rule window will appear.
④Double-click the rule name, such as "Allow others to use the Ping command...", a window for modifying the rule will pop up.
⑤ You can use the same method to set other rules, click "Confirm" and save after setting.
Tips: Try not to allow others to access your computer; keep your contact with the outside world, for example, "Allow yourself to access external HTTP...", if this item is blocked, you will not be able to access the Web site.
(3) Port protection
When you find that the firewall keeps alarming and there is an attempted attack on a certain port, you can try to close this port.
Methods as below:
① Open Kingsoft Internet Dart, open the "Tools" menu, and click "Comprehensive Settings".
②Click "Advanced" and select "Enable TCP/UDP Port Filtering".
③Click "Add" to set the parameters of the port.
Description:
①The port number is the port where the attack was discovered.
②The protocol is the data transmission method adopted by the attack, TCP or UDP.
③ There are two types: local or remote, indicating the source of the attack.
④The most important thing is the operation, of course, the attack from this port must be prohibited.
⑤ Some ports cannot be banned.
7.2.4 Intrusion Detection System
An intrusion detection system (Intrusion Detection System, IDS) is a combination of software and hardware for intrusion detection.
1. Intrusion detection technology
(1) Content and function of intrusion detection
Intrusion detection is "the detection of a break-in or attempted break-in to a system by manipulating behavioral, security log or audit data, or other information available on the network", including deterrence, detection, response, damage assessment, Attack prediction and prosecution support, among other things.
Intrusion detection technology is a technology designed and configured to ensure the security of computer systems, which can detect and report unauthorized or abnormal phenomena in the system in time, and is a technology used to detect violations of security policies in computer networks.
(2) Classification of intrusion detection
According to detection objects, intrusion detection can be divided into:
① Host-based detection: The data analyzed by the system are event logs of computer operating systems, event logs of application programs, system calls, port calls, and security audit records.The host-type intrusion detection system uses an agent (agent) to realize the protection of the host system, and the agent is a small executable program running on the target host.
② Network-based detection: The data analyzed by the system is the data packets on the network.The network-based intrusion detection system is responsible for protecting the entire network segment. The network-based intrusion detection system consists of sensors (sensors) throughout the network. The sensor is a computer used to detect data packets on the network.
③Hybrid detection: both network-based and host-based intrusion detection systems have deficiencies, which will result in an incomplete defense system. The combination of network-based and host-based hybrid intrusion detection systems can discover attack information in the network, Anomalies can also be found from the system logs.
2. Detection system model
The idea and method of security engineering risk management should be used to deal with network security issues, and network security should be dealt with as a whole project.Make a comprehensive assessment of the concerned network from management, network structure, encrypted channel, firewall, virus protection, and intrusion detection, and then propose a feasible comprehensive solution.
3. Intrusion detection software
(1) NetWatch Network Monitoring and Intrusion Detection System Professional Edition
This software can monitor the enterprise network in real time, automatically or manually cut off the network connection, isolate and block the network host, prevent ARP spoofing, realize the intrusion detection function, and support the interaction of the firewall.
(2) Firewall software
Software companies at home and abroad have developed some software that specifically detects certain types of intrusions.At present, almost all firewall software has intrusion detection function, such as Rising Kaka, Kingsoft Internet Security, etc.These software require users to set rules.See the example in the Firewall section.
7.2.5 Backup and recovery technology
This book thinks that the most important thing in backup is data backup, so it mainly introduces data backup technology and related content.
At present, online banking, digital equipment, customer information and other information are more and more closely related to people's work and life, and have become an indispensable part, and people have an increasingly important understanding of the importance of data.The protection of important data is becoming more and more important, and backup data has become a method of data protection.
Backup is a means, the purpose of backup is to prevent data disasters, shorten downtime, and ensure data security; the ultimate purpose of backup is recovery.From the perspective of backup strategies, the current main backup strategies can be divided into full backup, incremental backup, differential backup and cumulative backup strategies.
1. Backup method
(1) Full backup
The way this is done is to copy all files on a given computer or filesystem, regardless of whether it has been changed.
If there is no change to the data between backups, then all backup data is the same.Back up all selected files and folders, and do not rely on the file's save attribute to determine which files to back up.If the files that change every day are only 10MB, but it takes 100GB of space for backup every night, it is definitely not a good way.
(2) Incremental backup
Incremental backup only backs up part of the data that has been added or changed since the last backup.Incremental backup can be divided into multiple levels, and each increment is derived from the changed part after the previous backup.
(3) Differential backup
A differential backup backs up only the parts of the data that have changed since the last full backup.If there are only two backups, the contents of the incremental and differential backups are the same.
(4) Accumulated backup
The cumulative backup adopts the management method of the database, records and accumulates the changes at each time point, and backs up the changed value to the corresponding array, and this backup method can restore to the specified time point.
It is worth noting that several strategies are usually used in combination, such as full backup, or full backup plus incremental backup, or full backup plus differential backup, or full backup plus cumulative backup.
2. Backup technology
(1) Backup for data
Copy the data to be stored directly, or convert the data into a mirror image and save it in the computer.Backup software such as Ghost, CDs and mobile hard drives also fall into this category.The modes adopted are divided into two types: file-by-file and mirror image.One is to directly copy the file, and the other is to compress the file into a mirror image for storage.The advantage is that it is convenient and easy to use, and it is the most commonly used by the majority of users; the disadvantage is that the security is very low and it is easy to make mistakes.It backs up the data. If the file itself has an error, it will not be restored, so the backup will be useless.
(2) Track backup technology
This is a technology that directly scans the magnetic tracks of the disk, and directly records the changes of the magnetic tracks.The advantage is that it is very accurate, because it directly records the changes of the magnetic track, so the error rate is extremely low, almost zero. Professional storage devices such as NAS use this kind of backup technology, and it is also the most widely used backup technology for small and medium-sized enterprises.
3. Mainstream storage backup equipment
(1) Disk array
The disk array connects multiple dedicated hard disks or ordinary hard disks of the same type, capacity, interface and even brand into an array, and reads and writes disk data in a fast, accurate and safe way, and can provide data backup and track backup. technology.The advantage is that it has high reliability, safety, and stability; the disadvantage is that it is expensive and requires professional maintenance and management.
(2) File server
It is a server that is responsible for file management, uploading, downloading, shared backup, etc., and uses direct data backup to store and backup data files directly on the hard disk.The advantage is that it is easy to operate and easy to use; the disadvantage is that it needs to face many security problems such as misoperation, virus infringement, and network attack.
(3) CD Tower
It consists of several or more than a dozen CDROM drives connected in parallel. The read and write operations of a certain CD-ROM drive are controlled by software, so that it can automatically read information according to the requirements, copy the data directly to the CD-ROM, and perform data backup.The advantage is that the data can be saved according to the needs, and the saved data is portable; the disadvantage is that the capacity of the disc is limited, the cost of purchasing the disc is high, the life of the recorder is short, manual operation, and the disc is easy to lose and damage.
(4) NAS
Connect the hard disks to form an array to form a small disk array cabinet.Connect with a computer or server through a network cable and perform data transmission; manage the array through a browser; easy to use, reliable and safe, and more suitable for data backup of important data of small and medium-sized enterprises such as finance, customers, design, and personnel.Mid-level and high-level NAS adopt the magnetic track backup method to ensure high accuracy of data, and can support differential backup without wasting capacity.NAS, which is widely used by IBM, HP, and domestic small and medium-sized enterprises, is Canada's "free escape".
4. Common backup software
(1) One-key GHOST
It is a boot disk released simultaneously in four versions (hard disk version, CD-ROM version, U-disk version, and floppy disk version) initiated by "DOS Home", which is suitable for various systems and can be used independently or in cooperation with each other.The main functions include one-key backup of C disk, one-key recovery of C disk, Chinese wizard, GHOST, DOS toolbox, etc.
Software application: After the system is installed and the commonly used software is installed and debugged, use this software to create a backup of the C drive.
When a problem occurs in the system, it is suitable for individual users to use the backup to restore the system.Currently, all versions of this software are free.
(End of this chapter)
Tap the screen to use advanced tools
Tip: You can use left and right keyboard keys to browse between chapters.
You'll Also Like
-
Taiping Order
Chapter 567 1 days ago -
There's a ghost inside me
Chapter 1331 1 days ago -
Conan: Beika Town in the White Eyes
Chapter 123 1 days ago -
Cang Yuantu: I turn into ice and take charge of killing
Chapter 110 1 days ago -
Iron Man on the pitch
Chapter 303 1 days ago -
I can only say this game is very simple
Chapter 402 2 days ago -
The End of the World: I built the Supreme Shelter one year in advance
Chapter 197 2 days ago -
Miss Witch, it's time to clean up the entries
Chapter 218 2 days ago -
Fusion is the noblest form of summoning!
Chapter 403 2 days ago -
My family is super strong
Chapter 590 2 days ago
