Source: www.e-works.net.cn Wang Yam
Editor's key data is increasingly becoming important wealth of business, understanding the basic technical knowledge of cyber security, is beneficial to people from all walks of life. Because network security can be said to be related to corporate destiny - confidential information is likely to cause a company to decline in competition; at the same time, it can be said to be a "national project" - any system of the company is "breakthrough" It is possible to cause the company to be confidential. Of course, technology and management are complementary. This series of lectures will force the two to explain the two, providing readers with a set of enterprise information security knowledge systems involving public key cryptosystem, identity authentication, access control, security standards and norms.
Today, CSO (Chief Security Office, Chief Security Officer) has been adopted by more and more institutions; CISSP (CERTIFIED Information System Security Professional, Information System Security Certified Professionals) certification has also been favored by various enterprises and institutions . This marks that network information security has gradually paid attention to corporate leaders, and has become an important issue that is not ignored.
For most companies, network security is not their core competitiveness; but as an information-based enterprise, network information security is not ignored during daily online business. Because every modern company is concerned, a stable network architecture, a secure information platform is largely a key factor in their business success.
How to "crack attack"
If you want to "defensive", you must first recognize how your opponent "attack" and understands the security threat. Enterprise network security has two biggest threats, they are virus invasion and hacker intrusion - it is inevitable that the computer is inevitably not "邂逅" computer virus, and the popularity of computer networks provides a foundation for hackers.
The virus invaded that there is almost computer, there is a possibility of computer viruses. Computer viruses are typically hidden within file or program code, and the opportunity is allowed to be self-replicated, and can be propagated through many means of the network, disk, disc. It is because the speed of computer virus spread is quite fast, the influence is high, so its hazard is best to pay attention. Different of the "toxicity" of the virus, the light will only joke to display several warning information on the victim machine, which is possible to destroy or endanger personal computers and even enterprise network security.
Anti-virus software is one of the best ways to deal with the virus. However, if there is no "sense of worriedness", it is easy to fall into the misunderstanding of "blind from anti-virus software". According to the latest statistics: about eighty-percent of nearly a thousand companies surveyed as a network version; these enterprise network security awareness is very weak, and more than 80% of computers have been invaded by viruses. Therefore, there is no need to enhance prevention in awareness, and the correctness of the operation is also stressed; it is important to develop a collective anti-vicious awareness, deploy a unified anti-virus strategy, efficient, timely invasion of viruses.
The hacker invasion With more and more reports of hackers, companies have to realize the presence of hackers. In general, hackers commonly used invaders can be divided into two.
DEO, DOS, DENIAL-OF-service attack This kind of attack can generally make a single computer or the entire network, and hacker uses this kind of attack mode. It is to prevent legal network users to use the service or destroy normal business. activity. For example, by breaking the connection between the two computers, the user will prevent the user from being accessed; by sending a large amount of information to the enterprise, the legal network communication is blocked, but it is not only destroyed the network architecture itself, but also destroying the entire enterprise.
Illegal invasion illegal intrusion refers to a hacker's security vulnerability access to the enterprise's internal network or data resources, engaged in deletion, copying, or even destroying data. Regardless of the person who is invading, and what kind of relationship with the company, this invasion may cause the company to shut work, increase the clearance cost or the data is stolen, causing the unbearable loss. In addition, illegal intrusion has a potential impact on the brand image of the company, customer reliability, market share and even share price. In the future, hacker invasion will have the potential of corporate killer, and companies have to prevent caution. From the technical level analysis, try illegally invading hackers, or deciphering the intercepted user account and password by guessing procedures, so as to enter the system; or use the vulnerability of some service processes provided by the server to obtain useful Information enters the system; or uses the network and the system itself or the weak linkage and security vulnerability caused by an error to obtain electron cartridges to obtain further useful information; or obtain the user password, invading the system through the vulnerability of the system application.
It can be seen from the above invasion, and it is inevitable that hacker invasion is inevitable. Enterprises can do how to reduce the level of harm. In addition to using firewall, data encryption, and with public key cryptosystems, companies that require high security factors can fully utilize common intrusion behavior characteristics published by the network - through analysis of these data, companies can form their own Safety strategies, efforts to reduce risks to the extent that the company can accept and manage.
Technology should be combined with management
Technology and management is not isolated. For an informationized enterprise, network information security is not only a technical issue, but also a management issue. Shortly in many viruses or security vulnerabilities, online usually have corresponding anti-virus or software patches, but why will Nimda, Redcode's viruses ravage around the world? Why does the Microsoft Homepage Top Tools and a variety of kills Nimda, Redcode tools can't stop these viruses? The final analysis is because many users (including enterprise-class users) have not developed habits of active maintenance system security, but also lack a good management mechanism. To ensure the first step in system security, you must first pay attention to safety management, don't "sit":
Risk assessment requires companies to know which systems have been networked. What are the weaknesses of corporate networks, these weaknesses have the specific risks of business operations, and these risks have an impact on the company's overall.
Safety plans usually include the establishment of a company's security policy to master the basic technologies needed to ensure safety, and plan a solution that the enterprise should take during a particular safety accident.
Planning all security policies must be supported by a complete management control architecture, the most important elements are to establish a complete security solution.
It can be said that the information security of the company is a whole problem. It is necessary to develop the overall management strategy of advancing with the temporary management, and practically implement these strategies to improve enterprise information system security. the goal of.
Other common network attack methods
Malicious scan: This method is to scan a specific machine using the scanning tool (software), and find the vulnerability and then initiate the corresponding attack.
Password crack: This way is to first take the password file on the other machine, and then try to use the password crack tool to get the password. In addition to password cracking attacks, attackers may also obtain passwords by guess or network eavesdropping.
Network eavesdropping: This method is to obtain the required information directly or indirectly to get a specific packet on the network.
Data tampering: This approach is intercepted and modifying a specific packet on the network to destroy the integrity of the target data.
Address spoof: This method is the IP address of the attacker to disguise the IP of the target machine to get the trust of the other party.
