信息安全管理:网络安全
![]()
php?url=0Dyd3c4Zbb" alt="信息安全管理:网络安全" />
![信息安全管理:网络安全]()
6小时前来源:cnblogs
本章分出来专门来谈谈网络安全,当然还是比较泛泛地谈一下网络安全的特征,常见网络安全的漏洞,和网络安全控制的办法。在参考的过程中应该结合 信息安全管理(2):什么叫作信息安全?信息安全的原则和要求一起阅读和理解。因为网络安全本来就是前一章节的一部分。
这文内容只记录了碎片笔记,以后有时间再来补充。应该说具体内容下次会在计算机网络或者是分布式网络里详述。第一部分的网络的定义和特征,第二部分的TCP/IP不需要看,只是用来做笔记的。
1 网络的定义和特征1.1 网络的定义(根本懒得说。。你们自己wiki吧)
网络的用处 What is a network… Devices in a network… LAN, WAN and Internetworks What do networks do for you… Sharing resources Use/share applications 1.2 网络的特征 Characteristics of networksAnonymity
Automation Distance Opaqueness Routing diversity1.3 Network Topology2 TCP/IP Protocols… Open Systems ANSI , IETF, ISO, IAB 2.1 ISO OSI Reference Model - 7 Layers Application:End user processes like FTP, e-mail, etc. Presentation:Format, Encrypt data to send across network Session:Establishes, manages and terminates connections between applications Transport:End-to-end error recovery, flow control, priority services Network:Switching, Routing, Addressing, internetworking, error handling, congestion control and packet sequencing Data-link:Encoding, decoding data packets into bits. Media Access Control Sub-layer : Data access/transmit permissions. Logical Link Sub-layer : Frame synchronisation, flow control, error checking. Physical: Conveys the bit stream (electrical, light, radio)All People Seem To Need Data ProtectionPeople Do Not Trust Sales People AlwaysISO-OSI七层结构
TCP/IP
2.2 相关协议 Application layer FTP, Telnet, DNS, DHCP, TFTP,RPC,NFS, SNMP.. Transport layer TCP, UDP Internet Layer IP, ICMP, ARP, bootp… Organisations / entities : ICANN, IETF, IAB, IRTF, ISOC, W3C Other Protocols IPX/SPX ATM DECnet IEEE 802.11 AppleTalk USB SNA 3 网络的安全隐患3.1 网络不安全的原因What makes network vulnerable
Anonymity Multiplicity of points of attack Resource sharing Complexity of system Uncertain perimeter Unknown path Protocol flaws / protocol implementation flaws 3.2 网络攻击的动机Motivations of network attacks
Challenge Fame Organised Crime Ideology Espionage / Intelligence 4 网络安全的威胁Threats in Networks
4.1 侦察Reconnaissance
Port Scan Social Engineering Intelligence gathering O/S and Application fingerprinting IRC Chat rooms Available documentation and tools Protocol flaws / protocol implementation flaws 4.2 网络传输过程中的威胁Threats in Transit
Eavesdropping / Packet sniffing Media tapping (Cable, Microwave, Satellite, Optical fibre, Wireless) 4.3 网络冒充Impersonation
Password guessing Avoiding authentication Non-existent authentication Well-known authentication Masquerading Session hijacking Man-in-the-middle 4.4 信息私密性威胁Message Confidentiality Threats
Mis-delivery Exposure in various devices in the path Traffic Flow analysis sometimes the knowledge of existence of messagecan be as important as message content 4.5 信息完整性威胁Message Integrity Threats
Falsification Noise Protocol failures / misconfigurations 4.6 基于操作系统的威胁Operating System based Threats
Buffer-Overflow Virus , Trojans, rootkits Password 4.7 基于应用程序的威胁Application based Threats
Web-site defacement DNS cache poisoning XSS (Cross-site Scripting) Active-code / Mobile-code Cookie harvesting Scripting 4.8 拒绝服务Denial of service
Syn Flooding Ping of death Smurf Teardrop Traffic re-direction Distributed Denial of Service Bots and Botnets Script Kiddies 5 网络安全控制Network Security Controls
5.1 弱点和威胁分析Vulnerability and Threat assessment
5.2 网络结构控制Network Architecture
Network segmentation Architect for availability Avoid SPOF (single points of failure) Encryption Link encryption End-to-end encryption Secure Virtual Private Networks Public Key Infrastructure and Certificates SSL and SSH 5.3 增强加密系统Strong Authentication
One Time Password Challenge Response authentication Kerberos 5.4 防火墙设置Firewalls
Packet Filters Stateful Packet Filters Application proxies Diodes Firewall on end-points 5.5 入侵检查和防御系统Intrusion Detection / Prevention Systems
Network based / host based Signature based Heuristics based / protocol anomaly based Stealth mode 5.6 使用政策和规程Policies and Procedures
Enterprise-wide Information Security Policy Procedures Buy-in (from Executives and employees) Review, enhancement and modification 5.7 其他网络控制方式