Comprehensive analysis of network security defenses 해시게임
1 Introduction
The functions of modern computer systems are becoming more and more complex,
and the network system is becoming more and more powerful,
which is having a huge and far-reaching impact on society.
Networks are vulnerable to hackers, malware, and other nefarious attacks, making security a growing concern.
For the military automatic command network and C3I system,
the security and confidentiality of its online information are particularly important.
Therefore, it is necessary to improve the defense capability of the computer network and strengthen the security measures of the network,
otherwise, the network will be useless and even endanger national security.
Whether in the local area network or in the wide area network,
there are vulnerabilities and potential threats from many factors,
such as natural and man-made. Therefore,
the defense measures of the network should be able to comprehensively target various threats and vulnerabilities,
so as to ensure confidentiality,
integrity and availability of network information.
Threats to computer network security
There are many factors that affect computer network security.
Some factors may be intentional or unintentional;
they may be artificial or non-human.
To sum up, the threats to network security mainly have four aspects:
(1) Entity. Comprehensive analysis of network security defenses
Physical destruction is a “hard kill” threat to computer network security.
There are mainly three types of electromagnetic attack, force destruction, and fire strike.
(2) Unintentional mistakes
For example, security loopholes caused by improper security configuration of operators,
poor user security awareness, careless selection of user passwords,
and users’ random lending of their accounts to others or sharing with others will all pose a threat to network security.
(3) Hacking Comprehensive analysis of network security defenses
This is the greatest threat to computer networks.
Such attacks can be divided into two types: one is a network attack,
which selectively destroys the validity and integrity of the other party’s information in various ways;
the other is network reconnaissance, which does not affect the normal operation of the network.
To intercept, steal, and decipher to obtain the other party’s important confidential information.
These two kinds of attacks can cause great harm to the computer network.
(4) Vulnerabilities and “backdoors” of network software
Network software cannot be 100% bug-free and bug-free,
however, these bugs and bugs are precisely the preferred targets of hackers.
In 1999 and early 2000, there were many hacking incidents,
If you check this security checklist carefully,
there is a good chance that data thieves will turn their attention to easier targets.
Data thieves aren’t always black-hat hackers hiding in a dark room and typing on keyboards like in The Matrix:
Some data center employees are troublemakers and technically capable of tricking “leaders” into their Often also responsible.
So how do you deal with it?
Whether you’re responsible for just one computer of your own or manage a fleet of hundreds or thousands of PCs,
PCs are vulnerable to a wide variety of threats, including:
P2P client program
insecure wireless network
Phishing
Spyware
Virus
unsafe work-from-home environment
social engineering
This article teaches you how to stop these threats.
Say no to P2P file sharing Comprehensive analysis of network security defenses
Peer-to-peer file transfer clients like Gnutella, BitTorrent, Kazaa,
and LimeWire are almost virus-like as an easy way to share music and video files with other media lovers.
Sadly, they are also able to share sensitive corporate and personal data with strangers around the neighborhood, across the country,
Several recent investigations into the use of P2P file sharing by banks and the federal government have shown how easily such programs,
and around the world.
originally written for shared media,
can access classified and secret information.
Dartmouth University’s Tuck School of Business conducted a survey on the use of P2P file sharing among the top 30 banks in the United States,
and found that P2P file sharing searched for lyrics or video file names in songs,
and found various Types of matching information, including company name, address, and more.
An investigation by security firm Tiversa found more than 200 classified documents were found after just two or three hours of searching using the P2P client LimeWire.
Why is a P2P file sharing so potentially dangerous? Depending on the client program,
P2P file sharing usually happens by file type, not by folder.
Therefore, after a P2P search, music or video files placed in the same folder as confidential information will expose the contents of the entire folder to the front.
To make matters worse, some P2P clients make it easy for people to share entire drives,
rather than just specific folders.
Today, P2P clients are everywhere,
including children’s PCs or other home PCs,
and even corporate PCs.
To stop the threat P2P file sharing poses to the work environment,
companies should implement security configurations that block P2P clients.
If you’re working remotely, encrypt your work folders and make sure you never install a P2P client to monitor your work folders.
Also, keep an eye on the dynamics of P2P.
Protect unsecured wireless networks
Wireless networks are easy to set up — especially insecure wireless networks.
Your office may have a wireless network secured with WPA or WPA2 encryption and a Radius authentication server;
if you use an unsecured wireless network at home or in a public place,
you risk exposing sensitive information.
So, what kinds of threats are there?
If a restaurant or other retail store uses an unsecured wireless network for point-of-sale systems,
a “wireless eavesdropper” (wardriver) parked in a parking lot can obtain the credit card number on a business credit card and sell it, or use them without authorization for crazy shopping.
Free wireless hotspots are popping up in restaurants and cafes.
If the tethering on your laptop isn’t blocked by a firewall,
other surfers can steal your data while you eat.
Home wireless networks are doubly insecure: they may be insecure (lack of WPA or WPA2 encryption),
and they may use standard service set identifiers (SSIDs) or workgroup names;
this makes it easy for an intruder to Go to the network and access any shared folder on the system.
The problem is multifaceted, and so are the solutions.
It’s hard to tell if a retailer’s point-of-sale system is secure,
but any public hotspot is inherently insecure.
Windows Vista’s firewall can automatically block access to shared resources on public networks such as wireless hotspots.
However, Windows XP SP2’s firewall requires you to select the “no exceptions open” (no exceptions) setting to protect shared resources when you use a public network.
If your email client doesn’t provide a secure login mechanism,
don’t use that client in a public hotspot.
Instead, establish a secure connection for email,
file transfer, remote desktop, and other applications by establishing a secure HTTP (HTTPS) or virtual private network (XXXX) connection to your host computer,
or using Secure remote access services like GoToMyPC.
Anyone working from home should have a secure wireless network.
If your company’s telecommuters lack networking skills,
help them configure the network for security.
If your staff is more familiar with supporting specific routers,
make a list of recommended routers.
If you or your employees use xxx connections,
consider recommending or requiring a router that supports multiple xxx connections.
With this kind of router, multiple ××× connections can be pulled out of the house at the same time. Remember: XXXX connections have end-to-end security, even on public networks.
Block Phishing and Social Engineering.
Phishing is the use of official-looking emails to warn users of potentially serious consequences for their credit card,
bank, or PayPal accounts, tricking users into sending them to fake websites designed to steal their identities. Such tactics are commonplace these days,
but there have never been as many means of prevention.
Microsoft’s latest browser, Internet Explorer 7,
and rival Mozilla’s latest Firefox 2.0 both include anti-phishing features that compare URLs with known phishing sites and provide reporting tools that flag suspected phishers.
If you’re running an older version of IE or Firefox, it’s time to upgrade to the latest version.
To further improve security,
However, you don’t need high tech to help stop phishing — just a little common sense can do wonders.
Do not click on links provided by banks or other institutions; log in manually, not automatically.
If you’re in doubt about an email or any link on a website,
remember this: Move your mouse over the link and you’ll discover the link’s true destination.
Phishing is just the latest in the use of the oldest hacking technique:
social engineering.
To stop hackers from impersonating a “help desk” or “network provider,”
verify the identity of someone with access to sensitive information,
such as calling the employee’s supervisor or asking a question with a predetermined answer.
What is SMS bombing (the SMS interface is brushed)
SMS bombing is generally based on the WEB method (the principle based on the client-side method is similar),
and consists of two modules, including: a front-end Web page,
which provides a form for entering the victim’s mobile phone number;
a background attack page (such as PHP),
Using the dynamic SMS URL found from various websites and the attacker’s mobile phone number entered in the front end,
an HTTP request is sent, and a dynamic SMS is sent to the user for each request.
- The victim receives a large number of text messages that are not requested by themselves,
resulting in the inability to use mobile operator services normally.
- The short message interface is brushed usually means that the dynamic short message-sending interface of the website
is collected by such short message bombing tools as one of the sending methods.
The specific working principle is as follows:
(1) The malicious attacker enters the mobile phone number of the attacker on the front-end page;
(2) The background server of the SMS bombing tool combines the mobile phone number with the URL collected from the Internet
that can send dynamic text messages without authentication to form a URL request for sending dynamic text messages;
(3) Through the background request page,
forged user requests are sent to different business servers;
(4) After receiving the request,
the service server sends a dynamic short message to the mobile phone of the attacked user.