Computer Network Technology and Application
Chapter 25 Fundamentals of Network Security
Chapter 25 Fundamentals of Network Security (4)
(2) Tamron Backup Master
This is a Windows-based, multi-functional, efficient and stable professional data backup software, suitable for enterprise users.Utilize the existing software and hardware resources of the enterprise to build a powerful, efficient, stable, and unattended data security backup environment, and complete 7/24 uninterrupted data backup, which can effectively guarantee the security of enterprise data.
Tamron Backup Master series software can support backup functions, including full backup, incremental backup, differential backup, compressed backup, synchronous backup, mirror backup, overwrite backup, index backup, and supports real-time backup and scheduled backup.
The system also supports storage media, including disks, arrays, array cabinets, USB devices, 1394 devices, network storage devices, optical storage devices and remote FTP servers.
系列软件向用户提供了数十种国际标准的加密技术,包括DES、3DES、BLOWFISH、TWOFISH、ICE、ICE2、CAST128、CAST256、THINICE、RC2、RC4、RC5、RC6、RIJNDAEL、SERPENT、TEA、MARS等加密标准;支持的散列算法包括MD4、MD5、SHA1、SHA256、SHA384、SHA512、Haval、RipeMD128、RipeMD160、Tiger等。目前,该系列软件包括“2008系列高级智能企业版”、“网络黄金企业版”、“广域网星球版”等。
5. Recovery software
(1) EaseUS Data Recovery Wizard
This is the first domestic self-developed data recovery software, and it is a powerful and cost-effective data recovery software.
Under the Windows operating system, this software can provide FAT12, FAT16, FAT32, VFAT, NTFS, NTFS5 file system data recovery, support IDE, ATA, SATA, SCSI, USB, IEEE1394 hard disk, floppy disk, digital camera, digital video camera and USB type of storage media; with delete recovery, format recovery, advanced recovery functions, can perform data recovery for different situations of data loss, effectively recover deleted, formatted files and files lost due to partition abnormalities.
(2) EasyRecovery
It is a hard disk data recovery tool, including multiple versions, capable of recovering lost data and rebuilding file systems.
EasyRecovery mainly rebuilds the file partition table in the memory, so that the data can be safely transferred to other drives.
Support recovering data from hard disks damaged by viruses or formatted; can restore hard disks larger than 8.4GB; support long file names; support lost boot records, BIOS parameter data blocks, partition tables, FAT in damaged hard disks Table, boot area recovery.
【chapter summary】
This chapter mainly introduces the security issues in the Internet, and introduces network security methods, such as information encryption technology and firewall technology; and introduces the means of network attacks and methods of preventing attacks, and briefly introduces the methods of data backup.
【Difficulties in this chapter】
(1) Packet filtering principle.
(2) Key encryption principle.
(3) The setting of the software firewall.
Exercise 7
[-]. Multiple choice questions
1. The main threats existing in the Internet include () and so on.
A. forgery
B. Stealing secrets
c. attack
D. All of the above
2. The data() service can guarantee information flow, individual information or specified fields in the information, and ensure that the information received by the receiver is consistent with the information sent by the sender.
A. Certification
B. Integrity
C. Encryption
D.Access control
3. When a network is compromised, a course of action is usually taken.If it is found that illegal intruders may cause serious damage to network resources, it is more appropriate for network administrators to adopt ( ) methods.
A. Tracking method
B. Change password
C. Protection method
D. Modify access rights
4. The intrusion detection system is a system that identifies the malicious use of ( ).
A. Router
B. Internet resources
C. User password
D. User password
5. There are many ways of network virus infection, the most frequent one is ().
A. Network communication
B. Demo software
C. System maintenance disk
D. User personal floppy disk
Two, short answer questions
1. Why are packet filtering routers and bastion hosts often used in combination in the actual firewall system configuration?
2. Why must the backup and recovery function of data in the network be considered?
3. What are the advantages of asymmetric encryption.
4. Try to use the Ping command and write down the function of this command that you understand.
Experiment [-]: Learn to use simple network security techniques
【Purpose】
(1) Learn how to deny access.
(2) Learn how to use IIS to configure the Web server.
【Experimental content】
(1) Deny access to this computer from the network.
(2) Install the IIS accessories.
(3) Set up a Web site.
[class hours] 2
【Experimental Requirements】
(1) Master the installation method of IIS.
(2) Master the configuration method of the Web server.
【Experimental conditions】
A computer with WindowsXP/VISTA operating system installed.
【Experimental steps】
1. Deny access to this computer from the network
Preventing computers from other networks from accessing this computer is the first step in avoiding hacker attacks.
(1) Open "Control Panel" → "Administrative Tools" → "Local Security Policy".
(2) Select "Local Policies" → "User Rights Assignment" → "Access this computer from the network" and delete "Everyone".
2. Set permissions to access shared folders from the network
(1) Share folders with other users on the network.
①Open My Documents in Windows Explorer.
②Click the folder you want to share.
③In the file and folder task options, click "Share this folder".
④ In the Properties dialog box, select the "Share this folder on the network" radio button.
⑤In the "Shared Name" text box, enter a new name for the folder, and click "OK".
Tip: The sharing feature does not apply to Documents and Settings, ProgramFiles, and Windows system folders.
(2) Permissions
File and folder permissions can be set, viewed, modified or deleted.
① Open Windows Explorer, and click the "View" menu, remove the selection of "Use Simple Folder Sharing", and click "Apply" and "OK".
Tip: If you use simple settings, you cannot set permissions.
② Right-click the file or folder to set permissions.
③ Select "Properties" in the shortcut menu that appears, and click the "Security" tab.
④If you need to add a group or user not displayed in the "Group or User Name" list, click "Add", enter the name of the group or user you want to set permissions, and click "OK".Or click "Advanced" to find the username.
⑤ To modify or delete permissions for an existing group or user, click the group or user name and perform any of the following operations:
To allow or deny a certain permission, select the Allow or Deny check box in the Permissions list.
To delete a group or user from the Group or User Name list box, click Delete.
Description:
In the Windows XP Professional system, the Everyone group is no longer included in anonymous login.
File and folder permissions can only be set on drives formatted with the NTFS file system. The FAT file system does not have this function.
Only the owner of the file or folder, or a user with administrative privileges granted by the owner of the file or folder, has the ability to modify certain permissions.
A group or user with the "Full Control" permission on a specific folder can arbitrarily delete files or subfolders from that folder, regardless of whether the corresponding file or folder is protected by permissions.
If the permissions check box for a group or user is disabled, or the Delete button is disabled, it means that the permissions for the file or folder are inherited from the parent folder.
By default, when adding a new group or user, the group or user will have "Read & Execute", "View Folder Contents", and "Read" permissions.
3. Management port
By default, Windows has many ports open, and network viruses and hackers can connect to computers through these ports.Sometimes these ports need to be closed in order to make the system more secure.The main ports include:
面向TCP协议的135、139、445、593、1025端口。
Ports 135, 137, 138, and 445 for the UDP protocol.
The backdoor ports of some popular viruses, such as ports 2745, 3127, and 6129 for the TCP protocol.
Remote service access port 3389.
In this experiment, these network ports are closed under the WindowsXP system environment.
(1) Create a security policy
①Click "Start" → "Control Panel" → "Administrative Tools", double-click to open "Local Security Policy", select "IP Security Policy, On Local Computer", right-click the mouse on the blank position in the right pane, and a shortcut menu will pop up , choose Create IP Security Policy, and the wizard will pop up.
②Click the "Next" button, name the new security policy, and then click "Next" to display the "Security Communication Request" dialog box, clear the "Activate Default Corresponding Rules" option, and click "Finish".
(2) Configure security policies
① Right-click the IP security policy, in the "Properties" dialog box, remove the "Use Add Wizard" option, and click the "Add" button to add a new rule.
②In the "New Rule Properties" dialog box, click "Add", and the IP filter list window will pop up.
③ In the list, first remove the "Use Add Wizard" option, and then click the "Add" button to add a new filter.
④ Enter the "Filter Properties" dialog box, in the "Addressing" option, select "Any IP Address" for the source address, and "My IP Address" for the target address.
⑤ Click the "Protocol" tab, select "TCP" in the drop-down list of "Select Protocol Type", enter "135" in the text box under "To this port", and click "OK".
Added a filter to shield the TCP135 (RPC) port, which can prevent external computers from connecting to the set computer through port 135.
⑥In the "New Rule Properties" dialog box, select "New IP Filter List", click its single selection button to activate this rule.
⑦Click the "Filter Action" tab, remove the "Use Add Wizard" option, click "Add", add the "Block" action, and in the "Security Measures" tab of the "New Filter Action Properties", select " block, click OK.
⑧ Enter the "New Rule Properties" dialog box, select "New Filter Action", activate this rule, and click "Close".
⑨Go back to the "New IP Security Policy Properties" dialog box, select "New IP Filter List", and click "OK".
⑩In the "Local Security Policy" window, right-click the newly added IP security policy and click "Assign".
After restarting the computer, the above network ports were closed.
【Questions and Thoughts】
(1)可以继续设置过滤TCP协议的137、139、445、593端口,以及UDP协议135、139、445端口,建立相应的过滤器。简述这些端口的作用是什么?
(2) Briefly describe which other ports are dangerous.
(3) After setting the port, it is found that some services cannot be realized, what should be done to restore the original service?
(End of this chapter)
(2) Tamron Backup Master
This is a Windows-based, multi-functional, efficient and stable professional data backup software, suitable for enterprise users.Utilize the existing software and hardware resources of the enterprise to build a powerful, efficient, stable, and unattended data security backup environment, and complete 7/24 uninterrupted data backup, which can effectively guarantee the security of enterprise data.
Tamron Backup Master series software can support backup functions, including full backup, incremental backup, differential backup, compressed backup, synchronous backup, mirror backup, overwrite backup, index backup, and supports real-time backup and scheduled backup.
The system also supports storage media, including disks, arrays, array cabinets, USB devices, 1394 devices, network storage devices, optical storage devices and remote FTP servers.
系列软件向用户提供了数十种国际标准的加密技术,包括DES、3DES、BLOWFISH、TWOFISH、ICE、ICE2、CAST128、CAST256、THINICE、RC2、RC4、RC5、RC6、RIJNDAEL、SERPENT、TEA、MARS等加密标准;支持的散列算法包括MD4、MD5、SHA1、SHA256、SHA384、SHA512、Haval、RipeMD128、RipeMD160、Tiger等。目前,该系列软件包括“2008系列高级智能企业版”、“网络黄金企业版”、“广域网星球版”等。
5. Recovery software
(1) EaseUS Data Recovery Wizard
This is the first domestic self-developed data recovery software, and it is a powerful and cost-effective data recovery software.
Under the Windows operating system, this software can provide FAT12, FAT16, FAT32, VFAT, NTFS, NTFS5 file system data recovery, support IDE, ATA, SATA, SCSI, USB, IEEE1394 hard disk, floppy disk, digital camera, digital video camera and USB type of storage media; with delete recovery, format recovery, advanced recovery functions, can perform data recovery for different situations of data loss, effectively recover deleted, formatted files and files lost due to partition abnormalities.
(2) EasyRecovery
It is a hard disk data recovery tool, including multiple versions, capable of recovering lost data and rebuilding file systems.
EasyRecovery mainly rebuilds the file partition table in the memory, so that the data can be safely transferred to other drives.
Support recovering data from hard disks damaged by viruses or formatted; can restore hard disks larger than 8.4GB; support long file names; support lost boot records, BIOS parameter data blocks, partition tables, FAT in damaged hard disks Table, boot area recovery.
【chapter summary】
This chapter mainly introduces the security issues in the Internet, and introduces network security methods, such as information encryption technology and firewall technology; and introduces the means of network attacks and methods of preventing attacks, and briefly introduces the methods of data backup.
【Difficulties in this chapter】
(1) Packet filtering principle.
(2) Key encryption principle.
(3) The setting of the software firewall.
Exercise 7
[-]. Multiple choice questions
1. The main threats existing in the Internet include () and so on.
A. forgery
B. Stealing secrets
c. attack
D. All of the above
2. The data() service can guarantee information flow, individual information or specified fields in the information, and ensure that the information received by the receiver is consistent with the information sent by the sender.
A. Certification
B. Integrity
C. Encryption
D.Access control
3. When a network is compromised, a course of action is usually taken.If it is found that illegal intruders may cause serious damage to network resources, it is more appropriate for network administrators to adopt ( ) methods.
A. Tracking method
B. Change password
C. Protection method
D. Modify access rights
4. The intrusion detection system is a system that identifies the malicious use of ( ).
A. Router
B. Internet resources
C. User password
D. User password
5. There are many ways of network virus infection, the most frequent one is ().
A. Network communication
B. Demo software
C. System maintenance disk
D. User personal floppy disk
Two, short answer questions
1. Why are packet filtering routers and bastion hosts often used in combination in the actual firewall system configuration?
2. Why must the backup and recovery function of data in the network be considered?
3. What are the advantages of asymmetric encryption.
4. Try to use the Ping command and write down the function of this command that you understand.
Experiment [-]: Learn to use simple network security techniques
【Purpose】
(1) Learn how to deny access.
(2) Learn how to use IIS to configure the Web server.
【Experimental content】
(1) Deny access to this computer from the network.
(2) Install the IIS accessories.
(3) Set up a Web site.
[class hours] 2
【Experimental Requirements】
(1) Master the installation method of IIS.
(2) Master the configuration method of the Web server.
【Experimental conditions】
A computer with WindowsXP/VISTA operating system installed.
【Experimental steps】
1. Deny access to this computer from the network
Preventing computers from other networks from accessing this computer is the first step in avoiding hacker attacks.
(1) Open "Control Panel" → "Administrative Tools" → "Local Security Policy".
(2) Select "Local Policies" → "User Rights Assignment" → "Access this computer from the network" and delete "Everyone".
2. Set permissions to access shared folders from the network
(1) Share folders with other users on the network.
①Open My Documents in Windows Explorer.
②Click the folder you want to share.
③In the file and folder task options, click "Share this folder".
④ In the Properties dialog box, select the "Share this folder on the network" radio button.
⑤In the "Shared Name" text box, enter a new name for the folder, and click "OK".
Tip: The sharing feature does not apply to Documents and Settings, ProgramFiles, and Windows system folders.
(2) Permissions
File and folder permissions can be set, viewed, modified or deleted.
① Open Windows Explorer, and click the "View" menu, remove the selection of "Use Simple Folder Sharing", and click "Apply" and "OK".
Tip: If you use simple settings, you cannot set permissions.
② Right-click the file or folder to set permissions.
③ Select "Properties" in the shortcut menu that appears, and click the "Security" tab.
④If you need to add a group or user not displayed in the "Group or User Name" list, click "Add", enter the name of the group or user you want to set permissions, and click "OK".Or click "Advanced" to find the username.
⑤ To modify or delete permissions for an existing group or user, click the group or user name and perform any of the following operations:
To allow or deny a certain permission, select the Allow or Deny check box in the Permissions list.
To delete a group or user from the Group or User Name list box, click Delete.
Description:
In the Windows XP Professional system, the Everyone group is no longer included in anonymous login.
File and folder permissions can only be set on drives formatted with the NTFS file system. The FAT file system does not have this function.
Only the owner of the file or folder, or a user with administrative privileges granted by the owner of the file or folder, has the ability to modify certain permissions.
A group or user with the "Full Control" permission on a specific folder can arbitrarily delete files or subfolders from that folder, regardless of whether the corresponding file or folder is protected by permissions.
If the permissions check box for a group or user is disabled, or the Delete button is disabled, it means that the permissions for the file or folder are inherited from the parent folder.
By default, when adding a new group or user, the group or user will have "Read & Execute", "View Folder Contents", and "Read" permissions.
3. Management port
By default, Windows has many ports open, and network viruses and hackers can connect to computers through these ports.Sometimes these ports need to be closed in order to make the system more secure.The main ports include:
面向TCP协议的135、139、445、593、1025端口。
Ports 135, 137, 138, and 445 for the UDP protocol.
The backdoor ports of some popular viruses, such as ports 2745, 3127, and 6129 for the TCP protocol.
Remote service access port 3389.
In this experiment, these network ports are closed under the WindowsXP system environment.
(1) Create a security policy
①Click "Start" → "Control Panel" → "Administrative Tools", double-click to open "Local Security Policy", select "IP Security Policy, On Local Computer", right-click the mouse on the blank position in the right pane, and a shortcut menu will pop up , choose Create IP Security Policy, and the wizard will pop up.
②Click the "Next" button, name the new security policy, and then click "Next" to display the "Security Communication Request" dialog box, clear the "Activate Default Corresponding Rules" option, and click "Finish".
(2) Configure security policies
① Right-click the IP security policy, in the "Properties" dialog box, remove the "Use Add Wizard" option, and click the "Add" button to add a new rule.
②In the "New Rule Properties" dialog box, click "Add", and the IP filter list window will pop up.
③ In the list, first remove the "Use Add Wizard" option, and then click the "Add" button to add a new filter.
④ Enter the "Filter Properties" dialog box, in the "Addressing" option, select "Any IP Address" for the source address, and "My IP Address" for the target address.
⑤ Click the "Protocol" tab, select "TCP" in the drop-down list of "Select Protocol Type", enter "135" in the text box under "To this port", and click "OK".
Added a filter to shield the TCP135 (RPC) port, which can prevent external computers from connecting to the set computer through port 135.
⑥In the "New Rule Properties" dialog box, select "New IP Filter List", click its single selection button to activate this rule.
⑦Click the "Filter Action" tab, remove the "Use Add Wizard" option, click "Add", add the "Block" action, and in the "Security Measures" tab of the "New Filter Action Properties", select " block, click OK.
⑧ Enter the "New Rule Properties" dialog box, select "New Filter Action", activate this rule, and click "Close".
⑨Go back to the "New IP Security Policy Properties" dialog box, select "New IP Filter List", and click "OK".
⑩In the "Local Security Policy" window, right-click the newly added IP security policy and click "Assign".
After restarting the computer, the above network ports were closed.
【Questions and Thoughts】
(1)可以继续设置过滤TCP协议的137、139、445、593端口,以及UDP协议135、139、445端口,建立相应的过滤器。简述这些端口的作用是什么?
(2) Briefly describe which other ports are dangerous.
(3) After setting the port, it is found that some services cannot be realized, what should be done to restore the original service?
(End of this chapter)
Tap the screen to use advanced tools
Tip: You can use left and right keyboard keys to browse between chapters.
You'll Also Like
-
All Beast Tamers: My beasts are all mythical!
Chapter 385 17 hours ago -
Everyone has a golden finger, and I can copy
Chapter 379 17 hours ago -
Pokémon: Rise of the Orange League
Chapter 294 17 hours ago -
Zhan Shen: Mental illness? Please call me the God of Mystery!
Chapter 227 17 hours ago -
Senior sister, please let me go. I still have seven fiancées.
Chapter 552 1 days ago -
I am in Naruto, and the system asks me to entrust the elves to someone?
Chapter 628 1 days ago -
As a blacksmith, it's not too much to wear a set of divine equipment.
Chapter 171 1 days ago -
Treasure Appraisal: I Can See the Future
Chapter 1419 1 days ago -
Immortality cultivation starts with planting techniques
Chapter 556 1 days ago -
The Lord of Ghost
Chapter 217 1 days ago
