Some of the network security related to some network security is used to use some queries. Please use
Add a website:
IT168 Terminology
UID
User Identification's abbreviation. In NFS, UID (also spelling UID) is the user ID of the file owner.
Vulnerability
Vulnerabilities are security defects in the system, and vulnerabilities can lead to invaders to acquire information and cause incorrect access.
virus
Virus is a software that can infect your system and hide themselves in existing programs, systems, or documents. Once the infected item is performed, the virus code is activated and sent it to other programs in the system. Infected projects are replicated to other items.
VPN
Virtual Network (VPN) is a private network configured in public networks. Public operators have established many VPNs for many years. These VPNs are a dedicated internal or external network for customers, but it is actually shared with other customers. Many VPNs have been constructed based on X.25, Switch 56, Frame Relay and ATM. The current trend is to build a VPN on the Internet. VPN uses access control and encryption to protect privacy in the public environment.
Windows NT registry vulnerability
This type of vulnerability allows attackers to remotely access the Registry of the Windows NT machine. You can check Windows NT Remote Access Service (RAS), Local Security Authority (LSA), automatic login, can change registry file association, DCOM permissions, IP forwarding, and multiple lost patches.
Windows NT User Vulnerability
This type of vulnerability allows users to retrieve the Windows NT user account and password by checking the guess password, lost password, password history, unsafe policies, logout settings, and lock settings to retrieve the Windows NT user account and password to achieve the purpose of accessing the system.
SYN package
The first package of TCP connects, a very small packet. SYN Attacks include a large number of bags, since these packs look from the actual site that does not exist, it cannot be effectively processed. Every machine spoof bag takes a few seconds to try to give up to provide a normal response.
File virus
Most files, such as Friday the 13th (Black Friday) virus in thousands of known viruses. The infection mechanism of the file virus is: attaching itself to other files, the host file is primarily an executable of Exe or COM extension. Such viruses can modify the host code, insert their own code into any location of the file, disturb the normal execution of the program at a moment, to make the virus code before being first executed before the legitimate program.
SYS
Used for authentication security levels such as Admin, or Sadmind.
At this security level, the server receives the initial user and group identification information from the client system, and uses them to verify check. There is no check to determine the user's UID represents the same user on the server system. That is to say, assuming that Administrator has enabled UID and GID in all systems in the network. To check to determine that the user has permission to execute the request.
TCP / IP
Transmission Control Protocol / Internet Protocol. A communication protocol for internal network systems developed by the US Department of Defense. It is actually a UNIX standard, as an Internet protocol, and is widely supported by all platforms. It is also a common speed method, refers to a collection of transfer and application protocols running on IP.
The TCP section of TCP / IP provides a transfer function to ensure that all bytes sent can be properly received at the other end. The IP section of TCP / IP provides a routing mechanism. TCP / IP is a routable protocol, which means that the transmitted information contains the address of the target network and the target station. TCP / IP messages can be sent to multiple networks within the company or worldwide, so you can use it in the Internet. root
A computer account with unrestricted access, you can perform any action on your computer.
SSL
The Secure Sockets Layer is a leading security protocol on the Internet. When the SSL session begins, the web browser sends the public key to the web server so that the server can safely send a private key to the browser. During the session, the browser and server are encrypted with private key. SSL is developed by Netscape, SSL may be incorporated into a new protocol in TRANSACTION LAYER Security (TLS) with the protocol and verification methods proposed by IETF.
SSH
SSH (Secure Shell) is a program for logging in to other computers from the network, executing commands on the remote machine, and moving files from one computer to another computer. It provides strong authentication and secure communication for unsafe channels. It listens the connection of port 22.
SSHSSH can completely replace rlogin, RSH, RCP and RDIST. In many cases, the program can replace Telnet.
Spoofing
The send address of the counterfeit transmission information is illegally entered the security system. Pretty or fake another user's IP address typically deprive the power of the user using the IP address.
SNMP
Simple Network Management Agreement (Simple Network Management Protocol is widely used in network monitoring and control protocols. The data is issued from the SNMP agent, and the agent reports an activity of each network device (hub, router, bridge, etc.) to the workstation console that monitors the entire network. The information returned by the agent is included in the MIB (Management Information Base), and the MIB is a data structure that is defined from the device and controlled (open, off, etc.). SNMP originated from UNIX, which is now widely used on all major platforms.
Sniffeng
Capture information for other machines on the network. Sniffing is an attack form of an attacker.
For example, you can configure the machine in the Ethernet network to receive all packages, regardless of the destination in its header. The intruder is easily attacked by all the machines in the network because they often transmit accounts and password information in a clear way.
Shadow password
Contains files with user names and encrypted passwords. Prevent users from reading other users passwords, but programs that need to be legally accessible can access the shadow password file.
In UNIX systems, the Shadow password solution replaces an asterisk (*) or meaningless character in the password file box.
Safe area
In Windows NT and Windows 95/98, when you use a network or access, the Security Zone provides protection for your computer and privacy without repeated warnings. The company "Administrator" feature allows companies to set up automatic boundaries, so users don't have to make security decisions based on the basis of an example.
The Internet Explorer 4.x provides different levels of security based on the security area of the specified Web site. For example, you are likely to trust the site in your company intranet, so you're likely to allow all types of activity content to run here. You may feel less trusted in the Internet in the Internet, so you can specify them to the "untrusted" area to prevent activities from running and prevent the code from downloading to your computer.
For more information on "Safety Zone", see "Security Zone Delivery Capacity and Protection" of the Internet Explorer function overview, the URL is: http://www.microsoft.com/ie/ie40/FE...s / SEC-ZONES.HTM
scanning
Scan Running Scan Policy, performs an inspection of weaknesses and vulnerabilities in the detection system.
RFC
RFC (Remarks Request) is a publicly published document that describes the specifications of the proposed technology. Internet Engineering Task Force (IETF) and other standard groups use RFC. RFC can be obtained from many sources, including
http://www.yahoo.com/computers_and_...standards/rfcs/
Buffer overflow
Buffer overflow refers to the length of the transmitted parameters exceeds the range defined by a function. This function does not have the length of the calibration parameter less than or equal to its definition. Then, the entire parameter (too long) is then copied into a storage area that is very short, thereby causing a part of the storage area of the function to be covered, usually changing the parameter stack / call stack.
buffer
It is used to save a sector storage area before or during processing.
Strong attack vulnerability
This type of vulnerability allows an attacker to enter the system through many times to enter the system, and the common method is to log in by using various possible services. This approach is based on whether the user does not change their password, or uses a fragile password, and the final power attack will crack these passwords.
back door
Sometimes it is also known as the door. A secret method for obtaining access to programs or online services. It is built by the developer of the program, which can be specially accessed by it. For example, a back door built into an operating system may allow any computer that is running the operating system to perform unrestricted access.
Auscert
Australian Computer Emergency Response Team (Auscert), located in Australia, solving computer accidents and prevention of computer accidents and prevention of a single service for computer communities. Auscert's aim is to reduce the possibility of safety attacks, reduce the direct cost of the organization, minimize the security risks caused by successful attacks.
Auscert is a member of the Incident Response and Security Teams (First) Forum, and Cert Coordination Center (CCC) and other international Incident Response Teams (IRTS) and Australian Federal Police are closely linked.
Auscert provides anonymous FTP service, URL:
ftp://ftp.Auscert.org.au/pub/. Here, the past SERT and AUSCERT Advisories, and other computer security information. Auscert also supports World Wide Web services, the URL:
http://www.auscert.org.au/
Anonymous FTP
Use FTP on other computers without having to have the ability to have an account or password on it. At this point you are logged in anonymous. Therefore, this way to store or retrieve files from other computers is called anonymous FTP
Alerter service
A Windows NT service that notifies the selected user and computer, a management warning has occurred on a computer. Call by "Server" service and other service. Need a Messenger service.
Admind or Sadmind
A distributed system management daemon for performing security tasks when administered through the network. SUNOS 5.4 and lower versions use admin, while SunOS 5.5 and later use SadMind.
After receiving a request at any time, the daemon is automatically run through inetd, or can run from the command line. Before following this request, the daemon must first go to the server to identify the client. When the client is verified, the daemon uses this identity to allow authorization. ADMIND default security level is SYS. You can use a safer DES security level, first determined that all servers in the domain have been properly set to use the DES security level, and then specify -s 2 options when calling the daemon.
Access Control List (ACL)
A range of values related to files, directories, or other resources define the permissions to access them and / or groups.
AAA
Identification, Authorization, and Accounting, AUTHENTICATION, AUTHORIZATION, and ACCOUNTING, the "Triple A" network security service is a Cisco protocol that provides the main framework for establishing access control on a router or access server.
Dictionary attack
A mandatory method refers to the use of common terms or words lists. For example, an attacker discovers that the password may be a list of names using a traditional dictionary, so use two sources to attack the fragile password.
DES
Data Encryption Standard is a NIST standard security key encryption method, with a key used to 56 bits. The foundation of DES is IBM algorithm, U.S. National Security Agency (NSA) further developed. It uses a block password algorithm, dividing it into a plurality of 64-bit blocks prior to encrypted text. There are several DES encryption algorithms. The most common mode is to "or" each Ming piece is "or" each.
The DES algorithm is very fast, and the range of use is also very wide. The key can be stored safely and can be used again. Alternatively, the key can be randomly generated by each session, in which case the new key is sent to the recipient at the recipient using a common key encryption algorithm (eg, RSA).
An attacker uses DOS attacks to include the following reasons:
Restart to activate the newly installed Trojan horse.
The attacker wants to override the attack traces, or hide the CPU activity through a random crash.
The possible cause of administrators use DOS attacks is:
Make sure that their computer has no vulnerability after installed the latest patches.
Termination of a computer that cannot be accessed, such as running a process of losing control and causing a problem.
Reject service
Refusal Services (DOS) is an attack behavior that means that the system invaders have severely restricted or collapsed by sending a large amount of information, which contain too long data segments, error header information, or excess service requests.
The daemon pronunciation is similar to 'Demon'. Refers to the UNIX program running in the background, it will perform the corresponding operation when it is required. The daemon function is similar to the extension of the operating system, usually an automatic process, initialization at startup. A typical daemon has a deinterliner, email processing, or schedule program that runs other processes at a specified time. This word is derived from Greek myth, meaning "Guardian Spirit".
Common vulnerabilities and weaknesses (CVE)
"Common Vulnerabilities and Weaknotes (CVE)" databases by Mitre Corporation
Http://www.cve.mitre.org) Maintenance and Revision.
Cps
Cipheet is not readable in the current format. Cipheet is generated during encryption and is used for secure data transmission.
Cgi
Commons Gateway Interface is a small program written in a scripting language (such as Perl) for implementing communication between HTML pages and other programs on Web Server. For example, a CGI script that sends a search keyword entered in the web page to the database. You can also format the search results to an HTML page and return to the user. Chap
Challenge Handshake Authentication Protocol is a dynamically encrypted access control protocol for the user ID and password. The login program on the user gets a key from the CHAP server, which will encrypt it before sending the username and password.
Digital certificate
Also known as "DIGITAL ID", certificate is equal to a digital ID card. It is released by authentication authority (CA), such as Verisign, Inc., is released after verifying a owner's public key. The certificate is a public key for digital signature by CA. The certificate is sent through encrypted mail to prove that the sender is indeed consistent with its claim.
Range inspection
Scope inspection, also called parameter authentication, is a technique for preventing invalid parameters from operating. When performing parameter authentication, it may be activated using invalid parameters to activate this function by the user (possibly remote users, or anonymous users), resulting in denial of service, data loss, or more serious security issues. Getmin Exploit for Windows NT is a good example, which destroys verification by using the defects in the Win32 API parameter verification (especially the lack of verification).
Range errors can cause multiple overflows, such as exceeding matrix index or memory addresses, or when you enter a constant, there is no data. However, some languages do not think of overflow as an error. In many examples of many C, mathematical overflow results in reduced results - for example, if m is the maximum integer value, and S is the smallest, then m 1 => s.
Before executing the requested operation in a complex system, a range error may occur if user permissions are not taken into account. That is to say, the FTP server does not check the write permission before allowing the user to rename, (such as the FTP RNFR vulnerability in Wu-ftpd), in a sense, the scope check error. Another example is that a function in Win32 allows them to write to the memory in the system without checking the caller's permissions. (GetMIN Vulnerability) Buffer overflow is also related to the scope check.
PWL file
Windows 95, Windows for Workgroups, and password cache files on the Microsoft Client for DOS computers. Contains passwords that have recently or frequently access the system. Since remote attackers can often access PWL files, and their password is weak, it is considered a risk.
Public key
The disclosure portion of the two parts of the public key encryption system, such as RSA. Only owners know the content of the private part.
Private key
A private portion of the two parts of the public key encryption system, such as RSA. The private key is confidential and does not transmit through network.
PPTP
Pin-point packet encapsulation protocol encapsulates other protocols that transmit information on IP networks. For example, it can be used to send a NetWare IPX / SPX package on the Internet. Its RSA encryption mode is very useful when you create a virtual private network (VPN) in the public Internet. Remote users can support the PPTP ISP from any server to access the company's network.
PPP
Point-to-point protocol is a data link protocol that provides dial-up access through a string line. It can run on a full-duplex link including POTS, ISDN, and high-speed circuits (T1, T3, etc.). The Internet Engineering Task Force (IETF) was developed in 1991, which has been widely used in Internet access to become a higher level agreement. PPP package protocol for dedicated NetWork Control Protocol; for example, IPCP (IP on PPP) and IPXCP (IPX on PPP). The network adapter driver can be replaced with this protocol to log in to the network like at home. PPP can hang up the phone redial when the call is very low.
PPP also provides password protection with Password Verification Protocol (PAP) and a more stringent competitive handshake confirmation protocol (CHAP).
port
The path to the computer. The serial port and parallel port of a personal computer are external slots for plugging communication lines, modems, and printers. During programming, the port can be a symbolic interface or from an application or utility.
Each server application has allocated a port number to send data to the appropriate service.
Modify the software to run in a different computer environment. "Send the program to Windows NT" means that the programmer modifies the application to make it run under Windows NT.
Clear text
Ordinary unencrypted text can be read with a text editor and a word handler.
Ping bomb
Continuous ping another user, mainly through IRC, trying to kick the user down or make the machine crash.
Abbreviation for PingPacket Internet Groper. A network utility that determines if a specific IP address is active. This program is sent to a specific IP address and wait for a response, test and debug the network.
KeyServ
KeyServ Service Stores all personal keys for network services that log in to users using integrated security, such as secure NFS and NIS .
Kerberos
MassAchusetts Institute of Technology (MIT) A security system for verifying users is developed. It establishes authentication when logging in and is always through the session. It does not provide verification of service or database.
Ftp
File Transfer Protocol (FTP) allows users of a host to access another host or file transfer through TCP / IP networks. It provides functions such as logging in to the network, lists directory, replication files. The FTP operation can be implemented by means of typing commands at the command prompt, or by running the FTP program on the graphical interface (such as Windows). FTP transmission can also be typed in the browser
FTP: // At the beginning of the URL implementation.
Firewall
For network security hardware or software. The firewall can be implemented by a router with a filter packet, or can be combined by multiple routers, proxy servers, and other devices. Firewalls are usually used to separate the company's public servers and internal networks, so that the relevant users can access the Internet. Sometimes the firewall is also safe for internal network segments. For example: Human resource subnets and R & D or financial subnet is isolated to prevent unauthorized access from internal.
False positive
The false positivity occurs in the following: The system classifies a possible invasion, and it is a legal operation.
Leak
The leaks occurred in the following: The actual invasion has occurred, but the system system allows it to pass as non-intrusion.
Exploit
An example of a security vulnerability or a safe vulnerability. Exploit refers to a way to try to find all the vulnerabilities in the system. ISS products such as System Scanner and Internet Scanner may run Exploit on the system during the scan.
EXCEPTION
One situation, usually refers to errors, causing programs, operating systems, or microprocessors to control the service program. In the event of an error, the system will be terminated by UNIX emergency errors, kernel exceptions or Windows NT blue screen cranes. encryption
Data is encoded for security purposes.
Distributed denial service tool
A new refusal service (DOS) attack is more powerful than all DOS attacks that have occurred on the Internet. Deny Service Attack is drowning with a mass of traffic. This DOS attack uses a series of hazardous systems to launch distributed submerged attacks for individual goals. This kind of attack has proven to be very successful and difficult to prevent.
PASSWORD file
In UNIX environments, / etc / passwd file typically includes user information and corresponding encryption passwords. In addition to using the password command, all users who have the password files are read-only. The current UNIX system minimizes the possibility of obtaining the attacker with the possibility of obtaining the attacker by storing the password into the Trusted Computing Base (TCB) or shadow password file.
Windows 95 system stores a network or dialing password with a .pwl password list file. The content of the password list file is weak, and the password information can be obtained after being crackled.
lie in
Http://support.microsoft.com/suppor... Microsoft Knowledge Base Article Q14055 "Microsoft Windows 95 Password List Security Issue" recommended you to use mspwlupd.exe to enhance security patch upgrade or disable password Cache to achieve the highest security.
lie in
Http://support.microsoft.com/suppor...s/q132/8/07.asp Microsoft Knowledge base article Q132807 "Enhanced Encryption for Windows 95 Password Cache" describes the case of MSPWLUPD.EXE patches. Patch file is located
http://support.microsoft.com/downlo.../mspwlupd.exe (326304 bytes).
Password skill description
Change passwords often ----- The longer the password you use, the greater the danger of loss password.
Use a good password ----- Do not use people, locations, or others to indicate your name to make a password.
Don't expose your password ----- Your password is the same value as the protection of the information.
Check your data ----- If someone has already tampered with your file, immediately report.
Don't make the terminal in a stateless state ----- When you leave, you always log out or lock your terminal.
Reports to computers suspicious abuse ----- No matter whether you are for you, abuse or misuse computer resources can only be delayed to complete the task on time.
password
A term or phrase used to check security for system or data unauthentication access. When you select a password, consider these tips.
PAP
The Password Authentication Protocol (PAP) is the basic access control protocol used to log in to the network. The username and password table are stored on the server. When the user logs in, the PAP sends a username and password to the server for verification. The CHAP also provides the same function, but the username and password are encrypted before sending.
operating system
Run the main control program for the computer. The operating system is the first program that is loaded, and its main part, called the kernel, has been residing in memory. It can be provided by computer vendors or by third parties.
The operating system is an important component of a computer system due to the standard of running the application on the system. All programs must work together with the operating system.
The main difference between the operating system and the network operating system is its multi-user performance. If the operating system such as DOS and Windows 95 is a single user, it is used by a single user in a desktop computer. Windows NT and UNIX are network operating systems that are used to manage multiple user requests at the same time. Netbus
Netbus is a rear door program for Windows 95 and Windows NT. According to Netbus web pages, an attacker can do the following:
Turn the CD-ROM on / off.
Show images of BMP / JPG format.
Switch the mouse button.
Start the application.
Play. WAV audio file.
Control the mouse.
Show different types of messages.
Close Windows.
download file.
Go to the URL target on the Internet.
Mono and send hyster.
Capture screen image.
Increase or decrease the volume.
Record the sound with a microphone.
upload files.
Each time you press the button, the sound of the tap is issued.
If NetBus is found, it should be removed immediately.
NetBIOS
Network Basic Input / Output System is a network protocol for PC LAN. NetBIOS is usually used in a network segment or company, but if there is no other protocol, it will not be able to implement data transfer through the router. Generally, the NetBIOS address is the name of the computer, thereby simplifying the network and the task of addressing from the user.
NetBIOS provides sessions and transmits services (4th and 5th floors of OSI models), but does not provide standard formats through network transmission. Different implementations of NetBIOS have been officially integrated into NetBeui for all Windows operating systems that support networking.
LDAP
Lightweight Directory Access Protocol. A protocol that uses a web browser and an email program that is compatible with LDAP to access the online directory service. Some people may want LDAP to provide a general method of searching email addresses on the Internet, eventually bringing a global white page.
LDAP is defined in Internet Engineering Task Force (IETF) to drive the use of the X.500 directory. LDAP is a relatively simple protocol that is used to update and search for directory based on TCP / IP run. For simple Internet clients, LDAP previous "Directory Access Protocol (DAP)" is too complicated.
The LDAP directory entry is a collection of properties with names. Identification name (DN). DN clearly specified is a project. The properties of each item include a type and one or more. These types are usually a string that contributes to memory, such as CN means a common name, or Mail refers to an email address. The value depends on the type.
The LDAP directory item is arranged in a grade structure, which reflects political, geographic, and / or organizational boundaries. The top of the tree appeared on behalf of the country, followed by a representative or national organization, and then a representative of the nation, organizational unit, printer, and documentation.
LAND Attack LAND Attack is an attack on a machine using the same source and destination host and port. As a result, the machine has a machine that has a vulnerability crashes.
KDC
Key Distribution Centers (KDCS) Releases Kerberos ticket. Each KDC contains a copy of the Kerberos database. The primary KDC contains the main copy of the database, which is copied from KDC in a fixed interval. All database changes (such as password changes) act on the primary KDC. Provide Kerberos ticket licenses from KDC, but there is no database access. This allows customers to continue to get tickets when the primary KDC is not available.
Prefix scan attack
Hackers and attackers can use the military dialing (WAR-Dialer) to scan the modulated mediator line, which bypass the network firewall, can be used as the back door of the brochure system, the tiry thing is the company spent a lot of security software. Money money, to the end, it is still open to various attacks, whose reasons are covered for forgetting all modems that protect it .... Trojan horse
Trojan Ma is a seemingly legitimate process, in fact, unhanective activities during its runtime. The program can be used to find password information, making the system more vulnerabilities, or simply damages the program and hard disk data.
Guided virus
The guided virus resides in system memory, and the machine is allowed to infect each disk accessed until the machine restarts. Such viruses are resident in memory, so we can use the chkdsk command to view system memory and observe whether the total amount of normal memory has reduced thousand bytes to determine if the system is infected with a virus.
Partitioned virus
The partitioned virus transfers the partition of the hard disk to another sector, and then uses its own virus code instead of the original partition information table to invade the hard drive. When reading and writing, such viruses can be transmitted from the partition information table to the guiding sector of the floppy disk.
hacker
It is the translation of English Hacker. There are a group of people who have a batch of network technologies on the Internet, including network genius, often use some vulnerabilities on the Internet, and try to enter the computer system of others. Some people are just for a full view, or purely interested in personal interests, these people usually do not cause some harm. But there are also some people who have poor motives to invade others computer systems, usually peep confidential information, or smash their computer systems. Part of this part we call it "hacker" on the Internet
CiH virus
It is one of the most sophisticated viruses found so far. It not only destroyed the drive zone and partition table of the hard disk, but also destroys the system program in the Flashbios chip in the computer system, causing the motherboard to damage. The CiH virus is the first case of discovery directly destroying the computer system hardware.
Deceive virus
When it is activated, it hides its modifications to file or boot records, which is done by monitoring system functions, this system function is used to read files or sectors from storage media, and camouflage This function is called. This means that the infected files and sectors read seem to be the same as that is not infected. Therefore, the modifications made by the virus may not be detected by the anti-virus program. However, in order to achieve this, when the anti-virus program is executed, it must reside in memory, so through this, it can be detected by the anti-virus program.
Computer worm
It is a self-contained program (or a set of programs) that propagates its own function copy or some part of it in other computer systems (usually through network connections). The worm does not need to attach it to the host program. There are two types of worms --- host worms and network worms.
The main computer worm is completely included in the computer they run, and the connection using the network only copies themselves to other computers, the main computer worm will terminate him after the copy of its own copy is added to another host. (So at any given moment, only one worm is running) This worm is sometimes called "hare".
The network worm consists of many parts. And each part runs on different machines (possibly different actions) and uses the network to achieve some communication purposes. It is only one of those purposes from one machine to another machine. The network worm has a main segment, which matches the work of other segments, sometimes called "octopus".
CERT
Computer Emergency ResponseAm is organized by the US federal government to study computers and network security organizations, which offer newly discovered computers and network security issues, and provide some solutions.
Remote attack
The remote attack is an attack. Its attack object is a computer that an attacker is still uncontrollable; it can also be said that a remote attack is a computer specifically attacking an attacker's own computer (regardless of the attacked computer and attacker located in the same The subnet is still a thousand miles away). The "Remote Computer" The most exact definition of this noun is: "A remote computer is such a machine, it is not the platform you are working, but it can be used with an agreement through the Internet or any other network media. computer". Ghost virus
The ghost virus (also called a multi-shaped virus) is such a virus: it produces a copy of itself, but the operation available is to hope that the virus scanning program will not detect all the viruses.
Macro virus
It is a computer virus stored in a macro in a document or template. Once this document is opened, the macros will be executed, so the macro virus is activated, goes on the computer, and resides on the Normal template. Since then, all automatically saved documents will "infect" this macro virus, and if other users open the document of the infected virus, the macro virus will move to his computer.
Invisible virus
The invisible virus will be attached to the file or boot sector, but when the host software is detected, it is normal. After the invisible virus is running, he hides in memory and then plays with its ghost trick. In the memory of viral monitoring and intercepting the DOS call of the system. If the system wants to open a poison file, the virus will immediately "rush" to detoxify the file, allowing DOS to open this document, everything is normal. After the DOS closes the file, the virus is reversed and re-infected.
Variant virus
Such viruses include a plus pruning program that helps viruses avoid inspections; there is another decryption process to make the virus to recover during episodes. Variant viruses can infect various host software. Such viruses are mostly file viruses, but variant viruses in the infected guiding area have also been found.
Compound virus
Such viruses combine the most harsh characteristics of file viruses and guided viruses, which can infect any host software modules. Traditional guided viruses are only propagated by floppy disks of the infected virus, while the composite virus can be freely infected as a file virus, and the virus program can be written to the boot sector and partition information table. Therefore, such viruses are especially difficult to remove. For example, Tequlia is a composite virus.
ASP
Active Server Pages, server-side script write environments, use it to create and run dynamic, interactive web server applications. Use ASP to combine HTML pages, scripting commands, and ActiveX components to create an interactive web page and web-based power-based applications.
The ASP script is a file that is written in a text format that is composed of a script that is mixed with a standard HTML page in a series of specific symphony (currently supporting VBScript and JScript two scripting languages). When the client's end user uses the web browser to access an ASP script-based app, the web browser will send an HTTP request to the Web server. Web server analysis, judging that the request is an application of the ASP script, and automatically calls the ASP script to interpret the ASP script through the ISAPI interface. ASP.DLL will get the specified ASP script file from the file system or internal buffer, then draw a grammar analysis and explain it. The final processing result will form the content of the HTML format, return to the web browser by the web server 'original path', and the web browser forms the final result in the client. This completes a complete ASP script call. Several organic ASP script calls form a complete ASP scripting application.
Deception space technology
It is to significantly increase the workload of the intruder by increasing search space, thereby achieving the purpose of safety protection. With the multi-homed capability of your computer system, you can implement a host with a number of IP addresses on a computer that has only one Ethernet card, and each IP address also has its own MAC address. This technology can be used to establish a deception that fills a large number of address spaces and it costs extremely. In fact, there is now a research institution to bind more than 4,000 IP addresses on a PC running Linux. This means using the network system consisting of 16 computers to cover the spoof of the entire B address space. Although there is a lot of different deception, it is actually realized on a computer. Network spoof
That is to make the invader believe that there is a valuable, available security weakness, and some attackable resources (of course these resources are forged or not important), and lead intruders to these errors. It can significantly increase the workload, intruder complexity, and uncertainty of intruders, so that the intruder does not know whether its offense works or succeed. Moreover, it allows the guardian to track the behavior of intruders, and the security vulnerabilities that may exist before the invaders.
Web spoofing is generally implemented by technological means such as hidden and install error information. The former includes hidden services, multi-path, and maintenance security status information confidentiality, the latter includes redirect routing, fake fake information, and set loop. In combination of these technical methods, the earliest network spoof is Honey POT technology, which places a small amount of attractive goals (we call Honey Pot) to the place where intruders is easily discovered to induce invaders.
Refusal service attack
It continues to interfere with the network service system, change its normal operating process, and execute the unrelated program to slow the system response or even paralysis, affect the use of normal users, and even make legal users to be rejected and cannot enter the computer network system or cannot get the corresponding service. Using network propagation viruses: propagating computer viruses over the network, its destructive is much higher than standing systems, and users are difficult to prevent.
Destroy data integrity
The use of illegal means to steal the use of data, delete, modify, insert or react to certain important information to achieve the response of the attacker; maliciously add, modify the data to interfere with the normal use of the user.
Information leakage or loss
It means that sensitive data is intentionally or unintentionally leaked or lost, which typically includes information that is lost or leaked in transmission (such as the 'hacker' uses electromagnetic leaks or shifts to intercept confidential information, or through the flow of information Analysis of parameters such as traffic, communication frequency, and length, to introduce useful information, such as user passwords, accounts, etc. Important information.), Information is lost or leak in the storage medium, and sensitive information such as hidden tunnels is established.
Unauthorized access
There is no previous consent, using network or computer resources as unauthorized access, if you intentionally avoid system access control mechanism, non-normal use of network devices and resources, or expand permissions, and access information. It has the following forms: counterfeit, identity attack, illegal users enter the network system for illegal operation, legal users operate in unauthorized ways.
cyber security
It is an important issue for the stability of national security and sovereignty, social stability, national culture inheritance. Its importance is increasingly important as global informationization has become more and more important. "The door is the national door", the security problem is unfortunate.
Network security is a comprehensive discipline involving computer science, network technology, communication technology, cryptographic technology, information security technology, application mathematics, number theory, informationism and other disciplines.
Network security refers to the hardware, software, and the data in the software and its system being protected, not subject to accidental or malicious reasons, and the system is continuously reliable, and the network service is not interrupted.
Network security is in nature is the information security on the network. For broad sense, the related technologies and theories related to the confidentiality, integrity, availability, authenticity, and controllability of information on the network are the research areas of network security. The specific meaning of network security will vary with the "angle" change. For example, from the perspective of users (individuals, enterprises, etc.), they want information involving personal privacy or commercial interests to be protected by confidentiality, integrity, and authenticity, avoiding other people or opponents using eavesdropping, Pretending, tampering, and reputation and other means to infringe the interests of users.
From the perspective of network operations and managers, they want to protect and control their access, read and write, etc., to avoid "trap", viruses, illegal access, refusal service and network resources illegal occupation and illegal control. Waiting for threats, stopping and defensing online hackers.
Mail bomb
The E-mail bomb originally refers to the way to destroy the email address. The general email capacity is below 5,6m. It usually sends and receives the email. The transfer software will feel that the capacity is not enough. If the email address is hundreds, thousands or even Tens of thousands of emails are occupied, this is the total capacity of email exceeding the total capacity of the email address, so that the mailbox super load is collapsed. [Kaboom3] [Upyours4] [Avalanche v2.8] is a common type of mail bomb.
PGP
Pretty Good Privacy is a mail encryption software based on the RSA moblock encryption system. It can be used to keep your email to prevent non-authorized reading, it can also add digital signatures to your email to make the recipient can confirm that the email is you sent. It lets you communicate safely with people you have never seen before, no need for any confidential channels in advance to deliver a key. It uses: prudent key management, a hybrid algorithm for RSA and traditional encryption, used for digital signature messaging algorithms, encrypted compression, etc., there is a good human machine engineering design. It has a powerful speed. And its source code is free.
Network virus
The virus in the network is benign, does not make any damage, only affects the normal operation of the system, but more viruses are vicious, will attack, and the phenomenon of the episode, some formatting hard drives, some delete system files, some Destroy the database. Therefore, it is necessary to treat it as soon as the virus, this is even more such that it is much more destructive to the network than standing users, and the loss is not too much.
Netstat
The NetStat command is used to query the subsystem related to a type of information. Printing routing tables, active connections, streams being used, and other information.
TTRACEROUTE / Tracert command
The TraceRoute / Tracert command is used to track the route to the target machine, using the TIME-TO-Live (TTL) domain of the IP packet, which causes an ICMP TIME_EXCEEDED response before the packet reaches the remote host.
ARP command
The ARP command displays and modifies the address conversion table of Internet to Ethernet. This table is generally maintained by the Address Translation Protocol (ARP). When only one hostname is used as a parameter, ARP displays the current ARP entry of this host. If this host is not in the current ARP table, the ARP will display a description information.
Telnet
Telnet is used for remote login of the Internet. It allows users to sit in another computer that enters the Internet with another computer that enters the network through the Internet, so that they can connect to each other. This connection can happen in the same room or It is a computer that has been internetrated in the world. It is used to being connected to the computer, and the computer serving a service on the network is called a server (Servers), and the machine is called a client (Customer) Once connected, the client can enjoy all services provided by the server. Users can run the usual interaction process (registration into, execute commands), or enter a lot of special servers such as looking for book indexing. Online different hosts Various services can be used. IPSeciP Security Tools - IPSec uses network communication encryption technology. Although the head and tail information of the packet cannot be encrypted (eg the source / destination IP address, port number, CRC check value, etc.), but packet data can be encrypted. Since the encryption process occurs in the IP layer, the security encryption of network protocols can be performed without changing protocols such as POP / WWW. It can also be used to implement a secure connection between local area networks (via the Internet).
Remote Line Remote Line is an incredible tool that allows you to transcend time and space generally use the remote computer system. With the remote connection, the sharing of computer soft hardware resources has become very efficient. For a metaphor, you can connect to the super computer located in somewhere (assuming you have access to access), do the analog operation When the result is rapidly generated, you can transfer the data to another graphical simulation workstation, which produces an entity analog map. In this example, you have used a super computer and a graphic processing workstation, and your hands are really touched, it is likely to be a personal computer (PC) in the laboratory, but the other two computers may I don't know where it is! Yes, you don't need to know, through the Internet's remote connection tool, you only need to know where you want the CPU time, and the application software. The remote network can be applied to the environment across the time and space, of course, also applies to the office area network, and a computer simulates a terminal for another computer and connects to the other party.
MySQL is a real multi-user, multi-threaded SQL database server. MySQL is an implementation of a client / server structure that consists of a server daemon MySQLD and a lot of different client programs and libraries. Due to its openness and stability of its source, it is now widely used as a backend database in the perfect combination of its source code.
Strobe (Super Optimization TCP Port Detector) Strobe is a TCP port scanner that records all open ports of the specified machine. The Strobe runs fast (whose author claims to scan the entire country). The main feature of Strobe is that it can quickly identify what services are running on the specified machine. The main shortcoming of Strobe is that such information is very limited. One Strobe attack can be provided to a rough guide to "intruder", telling what service can be attacked. However, Strobe makes up this shortage with an extended command option.
Email Bomb English is E-mail Bomb, which is a hacker commonly used attack method. The common situation is that when someone or a company has caused a hacker's dissatisfaction, this hacker will pass this The means to launch an offense to vent your anger. This kind of attack method can be described as simple as other attack methods. Oh, it's a smile, transfer to the topic. The email bomb is essentially the send address is unknown, the capacity is very favored. A malicious email with garbled or humane words, can also be called a large-capacity mail garbage. Since everyone's mail mailbox is limited, when the huge email garbage arrives in the mailbox, it will squeeze the mailbox, Normal emails are rushing. At the same time, since it occupies a large number of network resources, often causes a network pluck, making a large number of users do not work properly. So the harm of the mail bomb is quite large.
NNS (Network Security Scanner) Writes with Perl, working in SunOS4.1.3 for the following regular scan sendmail, tftp, anonymous ftp, hosts.equive, Xhost enhanced scan Apple Talk, NovellLlan Administration Network acquired a list or report of the specified domain ! The scanner scanner is a program that automatically detects remote or local host security weaknesses. By using the scanner you can discover all the TCP ports of the remote server, all of which are available! And their software versions! This allows us to indirectly or intuitively understand the security issues that the remote host exists. The scanner can be used by selecting a different port of remote TCP / IP, and records the response given by the target. In this way, many useful information about the target host can be collected (such as: whether it can be used anonymous! Writable ftp directory, is it possible to use Telnet, httpd is run with root or Nobady!)
Internet Protocity (IPSecurity) IPsec is a long-term direction of the security network is a kit based on password-based protection services and security protocols. Because it does not need to change the application or protocol, you can easily deploy IPsec for existing networks. IPSec provides machine-level authentication and data encryption for VPN connections using the L2TP protocol. The IPSec is negotiated between the computer and its remote tunnel servers before the L2TP connection creation of the password and the data.
Safety Rules Safety Rules is to set the best security status of the system to your computer, the Internet's internal protocol settings.
Network intrusion has skilled in writing and debugging computer programs, and uses these techniques to access illegal or unauthorized networks or file access, invading the banks entering the company's internal network. The unauthorized access to the computer is called CRACKING, and Hacking refers to the use of the master's master of computer technology. Over time, media promotion has led to the meaning of Hacking into intrusion. Now Hacker is called synonyms such as Linus Torvalds, Tim Berners-Lee (Father of Modern WWW) and theft network information.
ARP displays and modifies the "Address Resolution Protocol" (ARP) to the Ethernet IP or token Ring Physical Address Translation Table. This command is only available after the TCP / IP protocol is installed.
Sniffer is an apparatus capable of capturing a network message. The just use of the sniffer is to analyze the traffic of the network to find out potential problems in the network concerned. For example, suppose a certain section of the network is not very good, the sender is relatively slow, and we don't know where the problem is, and you can use the sniffer to make an accurate problem judgment. The sniffer has a lot of differences in functions and design. Some can only analyze a protocol, while others may be able to analyze hundreds of protocols.
The UUCP system UUCP system is a set of programs, completing the command between file transfer, execution system, and maintains the statistics of the system usage, protect security .uUCP is the most widely used network utility system for UNIX systems, which is two reasons: 1. UUCP is the only standard network system available in various UNIX versions. Second, uucp is the cheapest network system. Just only need a cable to connect two systems, and then create uucp. If you need to be hundreds Or two of the two systems far from thousands of kilometers require two modems with dialing functions.
Sniffit is a famous network port detector that you can configure it runs in the background to detect user input / output information on which TCP / IP ports. The most common function is that an attacker can use it to detect data transfer on your 23 (Telnet) and 110 (POP3) ports to easily get your login password and Mail account password, Sniffit is basically the destroyed Tools, but since you want to know how to enhance your site's security, you should first know the various tools used by the intruders.
Smurf (Directed Broadcast). Broadcast information can be sent to machines in the entire network through a certain means (by broadcast addresses or other mechanisms). When a machine uses a broadcast address to send an ICMP Echo request package (for example, ping), some systems will respond to an ICMP ECHO response package, that is, send a package will receive a lot of response packages. The Smurf attack is to use this principle. Of course, it also needs a fake source address. That is to say, the source address is sent to the address to attack the host. The destination address is a broadcast address package, which makes many system responders to send a lot of information to the attack host (because his address is attacked by attacker). The way to send a bag using the network to lead a large number of responses to the 'amplifier', which can be obtained on www.netscan.org website, and some incompetent and irresponsible websites still have a lot of this vulnerability.
There are many ways to attack DOS attack DOS. The most basic DOS attack is to take advantage of excessive service resources using reasonable service requests, causing service overload to respond to other requests. These service resources include network bandwidth, file system space capacity, open process or inward connection. This kind of attack will lead to the lack of resources, regardless of how fast the computer's processing speed, how large memory capacity, how fast the interconnection network is unable to avoid the consequences of this attack. Because anything has a limit, it can always find a method to make the requested value greater than this limit, so it will lack the service resources provided, like the need to meet the needs. Never think that he has a wide enough bandwidth will have a high-efficiency website, and the service attack will make all resources very small.
Primitive password
In order to solve many problems of the fixed password, security experts have proposed a password system for OTP: One Time Password to protect critical computing resources. The main idea of OTP is to add uncertainties during the login process, so that the information transmitted during each login is different to enhance the security of the login process. For example: login password = MD5 (username password time), the system receives an verification after the login password is used to verify the legality of the user.
Hacker program
It is a app for applying hacker attacks, and they are relatively simple, and some have strong features. A robust hacker program typically has two parts: both servers and clients. The server part of the hacker program is actually a spyware, and the client part of the hacker program is a console that hacked the attack. Use viral principles and send emails, provide free software, etc., quietly install the server into the user's computer. When implementing hackers, there is a client to perform an outer shape with a remote installed server to achieve the purpose of attack. With the hacker program, there is a hacker attack. Since the entire attack process has been programmed, it does not require superb operation skills, it does not require a deep professional computer software knowledge, only some of the most basic computer knowledge can be implemented, so it is very harmful Big. More famous hackers have bo, yai, and "reject service" attack tools.
Domain Name System (DNS)
Is the foundation of other services on the Internet, e-mail is the most important service on the Internet. But the DNS and E-mail systems are also the largest local security vulnerabilities on the Internet, and DNS is the basis for other services on the Internet. It processes the request of the DNS client: translate the name into an IP address; translate the IP address into a name; and other published information (such as MX records) of a particular host. The following describes two security issues that DNS use industries are known and give appropriate solutions.
Cookie Spoof Now there are many community networks to use cookie technology to avoid multiple input passwords (as THE9 and VR), so as long as the server is submitted to the user's cookie to rewrite the purpose of deception service. . According to the browser's convention, only Cookies from the same domain can read and write, and the cookie is just a browser, there is no impact on the communication protocol, so there is a variety of ways for cookie deception:
1. Skip the browser, rewrite the communication data directly
2, modify the browser, let the browser can read or read free domain name cookies from the local
3, use the signature script, let the browser can read or write any domain name cookie from the local area (security issues)
4, deceive the browser, let the browser get a false domain name
Buffer overflow
Buffer overflow vulnerability refers to the content of the length of the buffer, resulting in the overflow of the buffer, so that the program's stack is destroyed to perform other instructions to achieve the purpose of attack.
DOS attack
This is an abbreviation of Denial of Service, a very deadly (and low-level) attack concept. DOS is generally used for some purposes, the average person will use it to display its own ability and skill, although this attack method does hardly do something skill. I think the only reason for DOS is because it can be used for spoofing purposes: When a system in the local network is paralyzed, you can change your own address into the already 电 电 电 电 电 电 电 电 电 电 电 电 电 电 电 电 电 电Passwords and other important information.
ISO security architecture standard
In terms of security architecture, ISO has developed international standard ISO7498-2-1989 "Information processing system open system interconnect basic reference model Part 2 Safety System". This standard describes the basic reference model for the Open System Interconnection (OSI), which has established a framework for coordinated development. Its mission is to provide a general description of security services and related mechanisms, which is determined that the location of these services and mechanisms can be provided inside the reference model.
Joint Public Code (CC)
The purpose of CC is to combine existing security guidelines into a unified standard. The plan began in 1993 and launched the first edition in 1996, but there is still no implementation. The CC combines the main features of FC and ITSEC, which emphasizes the separation of security features and security, and divides the functional demand into 93 people, and will be divided into 7 29 families.
US Federal Guidelines (FC) Safety Standards
This standard refers to CTCPEC and TCSEC, its purpose is to provide TCSec upgrade versions, while protecting existing investments, but FC has a lot of defects, is a transition standard, which is later developed into joint public guidelines.
Canadian CTCPEC safety standard
This standard divides security requirements into 4 levels: confidentiality, integrity, reliability, and illustrative.
European ITSec ITSec Security Standard
Unlike TCSEC, it does not link confidentiality to computer functions, but only describes technical security requirements, and confidential as a security enhancement. In addition, TCSec uses confidentiality as a safe point, while ITSec uses integrity, availability and confidentiality as an equally important factor. ITSEC defines 7 security levels from E0 (unsatisfied) to E6 (formal verification), for each system, security functions can be defined separately. Itsec predefined 10 functions, of which the top five were very similar to C1 to B3 in the orange book.
US TCSec (Orange Leader) Safety Standard
This standard is developed by the US Department of Defense. It will be securely divided into 4 aspects: security policies, indicative, security, and documentation. There is a detailed description in the Rainbow Series standard. This standard is divided into seven security levels above the above four aspects, from low to high to D, C1, C2, B1, B2, B3, and A.
Smart card technology
The smart card is a media of the key, usually like a credit card, and is held by the authorized household and is assigned to it with it with it. This password is consistent with the password registered on the internal network server. When the password is commonly used in conjunction with the identity feature, the confidentiality of the smart card is quite effective.
Data encryption technology
Data encryption technology is mainly divided into data transmission, data storage, data integrity, and four types of key management technology.
SSN
Security Server Network (SSN). In order to adapt to more and more users provide services to server protection, the fourth-generation firewall uses separately protected policies to protect the external server. It uses a network card to process the external server as a separate network, and the external server is part of the internal network and is completely isolated from the internal gateway. This is the security service network (SSN) technology, which can be managed separately from the host on the SSN, or can also be managed from internal networks via FTP, Telnet. SSN's method is much better than traditional "separator (DMZ)" method, because there is firewall protection between SSN and the external network, there is also a firewall protection between SSN and internal network, once SS is destroyed, internal The network will still be under the protection of firewalls.
Host authentication
Host authentication is to mark the IP address to allow or disable one client. Once a user logs in to X Server, a program called Xhost is used to control clients from that IP to allow connection. But most hosts support multiple client users, so it is impossible to control a client, allowing him to do not do it.
Identity certification technology
For users who have access to the headquarters from the outside, the risk of data transmission by using the public telephone network must be more strictly controlled. One common practice is to use identity authentication technology to verify the identity of the dial user and record the complete login log. More commonly used identity authentication techniques, Cisco proposed ACACS and industry standard RADIUS.
Encryption Technology
The basic idea of encrypted network security technology is not to rely on the security of data channels in the network to implement the security of network systems, but to ensure the security and reliability of the network through encryption of network data. Data encryption technology can be divided into three types, namely, symmetrical encryption, asymmetric encryption, and irreversible encryption.
SMTP protocol
SMTP-Simple Mail Transfer Protocol is a protocol defined by a mail transmission, which is a TCP service-based application protocol defined by RFC0821. The command specified by the SMPT protocol is made in a clear text.
Tripwire
TripWire is a very useful tool for verifying file integrity. You can define which files / directories need to be verified, but the default settings can meet most of the requirements, it runs in four models: Database Generation mode, Database update Mode, file integrity check, interactive database update. When the database is initialized, it generates a database file for the various information of existing files. In case your system file or various profiles are accidentally changed, replace, delete, it will be based on the original database every day. Existing files have been compared which files have been changed, and you can determine whether there is an accident event such as system intrusion based on Email's results.
Logcheck
Logcheck is a tool for automatically checking system security intrusion events and abnormal activity records, which analyzes all kinds of Linux log files, like / var / log / messages, / var / log / secure, / var / log / maillog, etc. Then generate a problem with security issues to automatically send email to the administrator. You can set it based on hour, or use crones to move. The homepage of the Logcheck Tool
http://www.psionic.com/abacus/logcheck/
NMAP
NMAP is a tool for port scanning a relatively large network, which detects which TCP / IP ports of the server are currently in an open state. You can run it to make sure that unsafe port numbers that should not be opened. NMAP homepage
http://www.insecure.org/nmap/index.html
TTYSNOOP
TTYSNOOP is a program that redirects all input / output to another terminal. DDOS
DDOS (Distributed Refused Service), this is a distributed, collaborative mass attack, mainly aiming at a relatively large site, like commercial companies, search engines and government departments. If an attacker enters many systems, you must leave a client program. Both the pre-packaged denial of the hackercharge icon Trinoo / Tribal Flood, StacheLDraht, and MSTREAM can remotely control, allowing hackers to organize organizational attacks.
Sudo
Sudo is a system administrator used to allow some users to run some / all system commands as root. An obvious use is to enhance the security of the site. If you need to do some daily work every day, you often do some of the fixed several root identities can be executed, so it is very suitable for you.
TCP SYN Attack
When a TCP connection starts, the sender's machine is to send a SYN request. The reception machine receives this request to return ACK. The sender's machine receives a response to send an ACK confirmation. The TCP SYN attack is to fill in a non-reachable IP address in the SYN frame, so the recipient computer responds to the ACK signal to a computer that does not exist, which will never receive the response ACK signal. The attacker uses this attack method, which continues to establish a SYN connection with your server, but does not return the ACK signal, which makes the server have hundreds, and even thousands of open connections have been maintained, and the system resources.
infection
The infection of the virus is an important sign of viral performance. In the infection, the virus replicates a self-copy to the infectious object.
The virus manifestation is one of the main purposes of the virus. Sometimes it is displayed on the screen, sometimes it is to destroy system data. It can be said that anywhere can be triggered, and it is within its performance range.
Virus trigger
Once the computer virus is activated, it immediately occurs, the condition triggered is diversified, which may be an internal clock, the date, the user identifier, or the system once communication, etc.
Virus activation
It means that the virus is loaded into the memory, and the trigger condition is set. Once the trigger condition is mature, the virus begins to function - self-copying into the infection object, perform various damage activities.
Vector
Virus-infected media is determined by the environment where the environment may be a computer network, or may be a movable storage medium, such as a soft disk, and the like.
Source of infection
The virus is always attached to some storage price, such as a floppy disk, a hard disk, and the like constitute a source of infection.
computer virus
It is not our familiar biological virus. The computer virus is a program that can execute code. However, computer viruses are like bioavity, there is a unique replication capability. Computer viruses can spread soon as biological viruses, and often difficult to eradicate. They can attach themselves on various types of documents. When the file is copied or transmitted from one user to another, they spread together with the file.
Data Drive Attack
A hacker or an attacker puts some destructive data to transfer to the Internet host in normal data, and the data-driven attack occurs when the data is activated. For example, modify the host in the host with security, leave the next time it is easier to enter the back door of the system.
Message attack
Hackers or attackers sometimes attack with redirect messages. Redirect messages can change the router, and the router recommends the host to the other "better" path according to these messages. Hackers or attackers use redirected packets to turn the connection to a hacker or attacker control, or forward all messages through their controlled host.
Electric pollution attack
According to relevant information, there is 90% of the error, crash, chip damage, etc. from "electric pollution". The reason is that the (1) current will be interfered with factors such as electromagnetic, radio during the conductive process, resulting in an error in the executable file or data file; (2) Sometimes due to sudden return, cause a short time The voltage has risen sharply, and there is a surge in surge. This type of electric surge will cause a failure of equipment components, so malicious attackers can use "electric pollution" means damage or destroy firewall. Social engineering attack
Social engineering attacks are sometimes called system administrators' mistakes. Hackers or attackers are close to the company's internal staff, get useful information, especially the system management personnel mistakes (such as the WWW server system configuration error), expand the permissions of ordinary users, and also give hackers or attackers.
ATM firewall
So far, the discriminator of the ATM firewall system has split into two major camps. One party is only required to identify the mechanism when establishing a call; the other party believes that although the transmission speed involved is high, it is entirely possible to encrypt the ATM cell level. The recently formed ATM security team is developing the final standard of the ATM security mechanism.
After the firewall era
The post-firewall ERA: The firewall system will continue to cover all the networks, which is difficult to make a clear thing. When the computer becomes increasing, the transmission bandwidth is increasing, and people can see this time, that is, the composition of the computer system will have sufficient computing power to protect themselves with powerful authentication and encryption mechanisms, to that time, each time A single system will have its own firewall.
Status monitoring technology
This is the third generation of network security technology. The monitoring module of the Status Monitoring Service does not affect the normal work of network security, the method of extracting relevant data is implemented to monitor all levels of network communication, and make a basis for security decisions. The monitoring module supports a variety of network protocols and application protocols that can easily achieve application and service expansion. Status Monitoring Services can monitor RPC (Remote Procedure Call) and UDP (User Datasheet) port information, and the package filtering and proxy service cannot be done.
IP tunneling attack
The IP tunneling is a program that generates an IP tunnel that can generate through the anti-wall at port 80. If people use Internet loading programs (for example, after using the Internet Loading Realistic Gate Gate), you may introduce Trojan horses that generate IP tunnels (similar to the practical gateways used in the firewall), resulting in unlimited IP prevention between the Internet and internal networks. IP tunneling is a firewall attack technology that hackers has implemented in actual attacks.
Attack Based on Fort Host WEB Server
Hackers can imagine that the Fort Host WEB server is converted into systems that avoid external routers within the firewall. It can also be used to launch an attack on the next level of protection, observe or destroy network traffic within the firewall network, or completely bypass the firewall in the case of only one router in the firewall. This firewall technology has been widely used and proves to be effective.
Attack based on additional information
Attacks based on additional information is a more advanced attack method, which transmits internal information to the attacker using port 80 (HTTP port). This attack can be implemented through a firewall because the firewall allows HTTP to pass and have a complete security approach to determine the difference between HTTP packets and non-HTTP messages. At present, there is a hacker to use this attack to deal with firewall technology, although it is not very wide.
IP segmentation attack
The data packet segmentation usually uses only network portions that only support the maximum IP packet length. Once sent, the single segment is not immediately re-assembled, but routes them to the final destination, only placed them in one piece to give the original IP packet. In addition to the IP header, all of each packet is a ID number and a grouping compensation value. Borrow to clearly identify each segment and its order. Therefore, the segmented packet is a threat to the packet filtering firewall system, and they are based on the TCP port number, because only the first segment is labeled with TCP port numbers, and there is no TCP number The segmentation cannot be filtered out. TCP serial number attack
TCP serial number attack is one of the most effective and risky methods bypassing the firewall system based on packet filtering methods. With this security vulnerability in the Internet protocol, you can access management dependent on any security system analyzing the IP send address. This attack is based on the three-step handshake sequence (Three-Step Handshake Sequence) used in establishing TCP. It assumes that the IP address spoofed by the previously described can be sent from the outside to the internal computer system.
IP address spoof
Breakthrough firewall systems The most common way is the Internet address spoof, which is also the basis for other series of attack methods. The hacker or invader uses the forged IP sending address to generate false data packets, and subjected to packet filters from the internal station, this type of attack is very dangerous. The packet involved is truly internal or external packets that are packaged. It seems that there is a loss of signs of the interior. As long as the system finds that the send address is within its own range, it treats the packet to treat and make it pass.
Format string attack
Formatted string vulnerabilities are caused by many other security vulnerabilities due to lazyness of programmers. When you are reading this article, maybe some programmer is writing code, his task is: printing an output a string or copying this string into a buffer.
LKMS
LKMS is the available kernel module (LOADABLE KERNEL MODULES). These modules are originally Linux systems to extend his feature. The advantages of using LKMS are: they can be loaded and do not need to recompile the kernel. Due to these advantages, they often use special equipment (or file systems), such as sound cards.
First tail encryption
Encrypt the data that enters the network, then the data is transmitted from the network, then decrypts. The network itself does not know that the data being transmitted is encrypted data. This method is the advantage of each user (usually each One user of a machine can have different encrypted keywords, and the network itself does not need to add any specialized encryption devices. Disadvantages are that each system must have a encryption device and corresponding software (management encrypted keyword). Or each The system must complete the encryption work yourself (when the data transfer rate is calculated according to the unit of megabit / second, the amount of calculation of the encryption task is very large).
Node encryption
Similar to link encryption, different only when data is transmitted between nodes, without coding format transmission, but use special encrypted hardware to decrypt and re-encryption, this dedicated hardware is typically rotated in a safety safe.
Link encryption
Encryption between network nodes, transfer encryption between nodes, decrypt, different nodes, with different passwords.
Pam
(Pluggable Authentication Modules) is a shared library that provides a wide range of strict controls for system management, which is not a tool. He provides a front-end function library (an API) to confirm the user's application. The PAM library can be configured with a separate file /etc/pam.conf, or by configuring a set of configuration files under /etc/pam.d/. Make things easier for users to be the core objective of PAM. PAM can be configured to provide a single or complete login process, enabled access to a plurality of services. For example, the FTP program has traditionally relying on the / etc / passwd mechanism to confirm that a user who wants to start FTP meetings. The system configures the PAM sends the FTP confirmation request to the PAM API, and the latter replys according to the set rules in Pam.conf or related files. System administrators can set PAM to enable one or more authentication mechanisms to 'insert' to the PAM API. The advantage of PAM is its flexibility, and system administrators can carefully adjust the entire authentication scheme without worrying about destroying applications. Su and newgrp commands
(1) Su command: You can log in to the system without having to log out of the account, as another user work. It will start a new shell and set the valid and actual UID and GID to another. Therefore Strictly keep the root password. (2) NewGRP command: Similar to SU, it is used to modify the currently located.
umask command
UMASK Sets the user file and directory file to create a default shield value. If you put this command into the .profile file, you can control the access license of the user's follow-up file. TheUMASK command is opposite to the chmod command, it tells What access licenses are not given when you create a file.
DES authentication system
The security of the DES authentication system is based on the sender's encoding capabilities for the current time. It enables the recipient to test and control your own clock. The clock tag also uses the DES code. Such mechanisms have two things to work. Must: the sender and the receiver must agree on what is current time; senders and recipients must use the same coding keyword. If the network has time synchronous mechanism, the time synchronization between the client server will be executed . If there is no such mechanism, the time tag will calculate according to the time of the server. To calculate the time, the client must ask the time before starting the RPC call, then calculate the time difference between you and the server. When calculating the time tag, this difference will calibrate the customer clock. Once the client and server clock Synchronize, the server began to reject the client's request, and the DES authentication system will make them time synchronization.
All kinds of network services in the UNIX authentication mechanism are built on the UNIX authentication mechanism, and the certificate section contains station name, user number, group number, and the same set of access sequences, and the core-counter device is blank. This system has two problems: First, the most prominent problem is that the verifier is empty, which makes it very easy to fake a certificate. If all system administrators in the network can trust, there will be no problem. But in many networks (Especially in college), it is unsafe. And NFS makes up for the deficiencies of the UNIX authentication system for the Internet address of the workstation that issues a MOUNT request as the HostName domain, and makes it only follow the privileged Internet The request. But this way to ensure that the system security is still not enough, because NFS still does not recognize the user number ID. Another problem is that UNIX authentication system is only available for UNIX systems, but it is necessary to use UNIX system in a network. It is unrealistic. Because NFS can run on the machine of the MS-DOS and VMS systems, the UNIX authentication system is unable to run in these operating systems, such as the MS-DOS system even without the concept of a user number. It can be seen that there should be such an authentication system: it has an operating system certificate and uses a checker. This is like the DES authentication system.
RPC
Remote Process Call (RPC) authentication, RPC is the core of network security. It is necessary to understand how this must be clear about how the authentication mechanism in RPC is. RPC's authentication mechanism is port open, ie, various authentication systems can be inserted. The current SUN OS has two identification systems: UNIX and DES, the former is old, the function is also weak. The latter is the new system to introduce this section. There are two words for the RPC authentication mechanism. Important: Credentials and Verify. Like the ID card, the certificate is to identify a person's name, address, date of birth, etc .; and the verifier is a photo of the ID card, and it is possible to hold this photo. Some of the other person is checked. In the RPC mechanism, this is true: customer processes should issue certificates and verification information when the RPC request is requested. The server is only returned to the checker information, because the customer is a certificate of the service that is known to the service. SHUTDOWN command
With the shutdown command, the shutdown shell program sends a warning to notify all users to leave the system, after the "given deadline time", terminate the process, disassemble the file system, enter the single user mode or shutdown state. Once enter the single user mode, All getTys stop running, users can no longer log in. After entering the shutdown state. Shutdown can only run from the system console from the user logged in as root. So any Shutdown runs only to write ROOT .
nCheck command
Used to check the file system, only one disk partition name is used as a parameter, will list the I node number and the corresponding file name .I The same file is the chain file. Note: The list of list files listed and the mount command The first domain will not be listed in front of the file. Because it is inspected inside the file system, nCheck does not know the directory of the file system installation point. You can also use this command to search all the SUID in the file system and SGID programs and device files, use the -s option to complete this feature.
Secure program
System administrators should make a program to periodically check all system files in the system, including checking device files and suid, sgid programs, especially paying attention to check SUID, SGID programs, check / etc / passwd and / etc / group files, looking for a long time Sign in's account and verify the important files modified.
Computer virus attack
A computer virus is a code segment that copies its own copy to a larger program. It just executes when the program starts running, then copy it itself, and affects other programs in replication. Virus can pass through the firewall, which can reside in the E-mail message transmitted to the network internal host.
Packet filtering technology
The safety of the package filter firewall is based on the verification of the IP address of the package. On the Internet, all information is transmitted in the form of a package, and the packet contains the IP address of the sender and the IP address of the receiver. The filtered firewall reads out the sender IP address, the receiver IP address, TCP port, TCP link state, and other information, and filter the packet according to the pre-set filtering principle. Information packages that do not meet the ip addresses will be filtered out by the firewall to ensure the security of the network system. This is a network-based security technology that is unobstructed for applying the hacker behavior of the application layer.
Finger
You can use Finger to get detailed information for all users on the host (such as user registration name, phone number, last registration time, and who have no reading emails, etc.).
RSA
The Rivest-Shamir-Adleman Publication Key Algorithm, the public key algorithm is first invented by Diffie and Hellman, the University of Stanford, USA, in 1976, first invented by two people in Stanford, USA (thesis "NEW DIRECTION IN CRYPTOGRAPHY ' ). However, the most popular RSA is developed by MIT Professor Ronald L.Rivest, Adi Shamir, and Leonard M.Adleman in 1977, which are made from the first letters of the name of three mathematicians. Public key encryption algorithm is also known as an asymmetric key algorithm, with two pairs of keys: a public key and a dedicated key. Users must guarantee the security of the dedicated key; the public key can be released. The public key and the dedicated key are closely related, and the information encrypted with the public key can only decrypt with a dedicated key, and vice versa. Since the public key algorithm does not require an online key server, the key allocation protocol is simple, so key management is greatly simplified. In addition to encryption, public key systems can also provide digital signatures. Satan
SATAN is a program that checks the system exit whether there is a security problem, which automatically searches, analyzes and provides security reports. This software from an external analysis system is generally referred to as a scanner, because the SATAN function is powerful and provides an expandable framework, so it is very popular on the Internet. Another feature of it is that it works through a web browser, and users only need to specify the host to search for the searcher, and SATAN can automatically collect as many target information as possible.
COPS
It is a program that is run by the system administrator and checks the internal settings of the system. It checks for the problem of known UNIX, such as checking if there is no password in the system, whether there is an illegal setuid program, and whether there is a system vulnerability that has been reported on the Internet, there is a problem with software, etc. System administrators can use COPS to check the system's configuration.
IP address broadcast
This broadcast can span the router, but this is also a major form of broadcasting the storm (such as broadcast address 202.120.127.255).
ARP / RARP broadcast
It is a mechanism for acquiring the MAC address of the target IP address. Believer belongs to the broadcast on the TCP / IP network layer. This broadcast can spread across the bridge, but cannot span the router.
SR
It is a multi-port IP router; the proxy server is an agent representing the internal users of the network, which is actually a gateway on an application layer. When the user uses TCP / IP applications, provide legal identity and authorization information to Proxy, proxy is connected to the host, and relays the IP packet between two communication points. The process of IP packet processing is transparent to the user. The advantage of SR is simple, low cost; the disadvantage is that it is difficult to accurately set pack filters, lack user-level licenses, and router suppliers are committed to solving this problem and propose standardized user-level authorization agreement RADIUS. The advantage of Proxy is that there is a user-level authorization; the disadvantage is that all applications must establish an application layer condition, which will seriously affect the deployment of the new application.
Application level gateway
Application Level Gateway: It is established on the web application layer. The protocol filtering and forwarding function are established. It uses the specified data filtering logic for a specific network application service protocol, and performs the necessary analysis, registration, and statistics for the packet while filtering. The actual application gateway is usually installed on a dedicated workstation system.
Firewall technology
Firewall technology is the establishment of application safety technology based on modern communication network technology and information security technology, increasingly applied to the interconnected environment of private networks and public networks, especially in accessing the Internet network.
NAT
Network Address Translation is a standard for converting internal IP addresses to temporary, external, registered IP addresses. It allows internal networks with private IP addresses to access the Internet. It also means that users do not need to get registered IP addresses for each machine in their network. Pointer protection
The compiler generates a program pointer integrity check. The pointer protection is a promotion of stack protection for this situation. Check the legality before being called by placing additional bytes after all code pointers. If the test fails, the execution of the alarm signal and the exit program will be issued, just like the behavior in stack protection.
Purify
Is the tool used by the C program to see the tool used by the memory rather than a dedicated security tool. PURIFY uses "Target Code Insert" technology to check all memory access. By connecting to the PURIFY connection tool, the code can be executed when the array is executed to ensure its legality. The loss caused by this will drop 3-5 times.
Stack protection
It is a compiler technology for providing program pointer integrity checks, and is implemented by checking the return address in the functional record. Stack protection as a small patch of GCC, in each function, joined the function to establish and destroy the code. The joined function creation code actually returns some additional bytes after the function returns the function in the stack, as shown in Figure 2. When the function returns, first check whether this additional byte is changed. If an attack of the buffer overflow occurs, then this attack is easy to detect before the function returns.
