Network Security

  • Combination of low-cost powerful computing and high-performance networks is a two-edged sword:

    • Many powerful new services and applications are enabled
    • But computer systems and networks become highly susceptible(敏感) to a wide variety of security threats
    • Openness vs Security
  • Network security involves countermeasures(对策) to protect computer systems from intruders(入侵者)
    • Firewalls, security protocols, security practices, etc.

Eavesdropping

  • Information transmitted over network can be observed and recorded by eavesdroppers (using a packet sniffer)
  • Information can be replayed(重播) in attempts to access server
  • Requirements: privacy, authentication(认证), non-repudiation(否认)

Client Imposter

  • client imposter(冒名顶替者)

  • Imposters attempt to gain unauthorized(未经授权的) access to server
    • Ex. bank account or database of personal records
    • For example, in IP spoofing(戏弄) imposter sends packets with false source IP address
  • Requirements: privacy, authentication

Server Imposter

  • An imposter impersonates(模拟) a legitimate(合法的) server to gain sensitive information from a client

    • E.g. bank account number and associated user password
  • Requirements: privacy, authentication, non-repudiation

Denial of Service (DoS) Attack

  • Attacker can flood a server with requests, overloading the server resources (er. TCP Three-way handshake)

    • Results in denial of service to legitimate clients
  • Distributed denial of service attack on a server involves coordinated attack from multiple (usually hijacked) computers
  • Requirement: availability

TCP SYN Flood

  • The attacker sends a repeated same packet, to every port on the target server over using a fake IP address.
  • The server will send back ack continunously, prevents other client sending syn.

Man-in-the-Middle Attack

  • An imposter manages to place itself as man in the middle

    • convincing the server that it is legitimate client
    • convincing legitimate client that it is legitimate server
    • gathering sensitive information and possibly hijacking(劫持) session
  • Requirements: integrity, authentication

Malicious Code

  • A client becomes infected with malicious code
  • Virus: code that when executed, inserts itself in other programs
  • Worms: code that installs copies of itself in other machines attached to a network
  • Requirements: privacy, integrity, availability

Security Requirements

Security threats motivate requirements:

  • Privacy: information should be readable only by intended recipient(接受者)
  • Integrity: recipient can confirm that a message has not been altered during transmission
  • Authentication: it is possible to verify that sender or receiver is who he claims to be
  • Non-repudiation*(不可抵赖性): sender cannot deny having sent a given message.
  • Availability: of information and services

Countermeasures

  • Secure communication channels

    • Encryption
    • Cryptographic checksums and hashes (加密校验和和散列)
    • Authentication
    • Digital Signatures
  • Secure borders
    • Firewalls
    • Virus checking
    • Intrusion detection(入侵检测)
    • Authentication
    • Access Control (访问控制)

Network Security Threats的更多相关文章

  1. android9.0适配HTTPS:not permitted by network security policy'

    app功能接口正常,其他手机运行OK,但是在Android9.0的手机上报错 CLEARTEXT communication to 192.168.1.xx not permitted by netw ...

  2. Android版本28使用http请求报错not permitted by network security policy

    Android版本28使用http请求报错not permitted by network security policy android模拟器调试登录的时候报错 CLEARTEXT communic ...

  3. 《Network Security A Decision and Game Theoretic Approach》阅读笔记

    网络安全问题的背景 网络安全研究的内容包括很多方面,作者形象比喻为盲人摸象,不同领域的网络安全专家对网络安全的认识是不同的. For researchers in the field of crypt ...

  4. Azure PowerShell (13) 批量设置Azure ARM Network Security Group (NSG)

    <Windows Azure Platform 系列文章目录> 刚刚在帮助一个合作伙伴研究需求,他们的虚拟机全面的网络安全组(Network Security Group, NSG)会经常 ...

  5. Network Security Services If you want to add support for SSL, S/MIME, or other Internet security standards to your application, you can use Network Security Services (NSS) to implement all your securi

    Network Security Services | MDN https://developer.mozilla.org/zh-CN/docs/NSS 网络安全服务 (NSS) 是一组旨在支持支持安 ...

  6. Firewall & Network Security

    Firewall & Network Security 防火墙 & 网络安全 NAT Gateway VPC Virtual Private Cloud refs https://en ...

  7. 网络安全服务(Network Security Services, NSS

    网络安全服务(Network Security Services, NSS)是一套为网络安全服务而设计的库 支持支持安全的客户端和 服务器应用程序.使用NSS构建的应用程序可以支持SSL v2 和v3 ...

  8. Network Security final project---War Game

    项目介绍: 为自己的网段设置防火墙并尝试攻击其他组 网络结构: 每组有3个机器,包含一个gateway和两个workstation,其中gateway是可以连接到其他组的gateway,但是无法连接到 ...

  9. Mozilla Network Security Services拒绝服务漏洞

    解决办法: 运行 yum update nss yum update nss

随机推荐

  1. ECMA6所有知识点大概笔记

    ECMAScript和JavaScript的关系是,前者是后者的规格,后者是前者的一种实现 初学者一开始学习JavaScript,其实就是在学3.0版的语法. -------------------- ...

  2. SSIS 使用OLEDB/ADO NET Source 数据流source控件 连接Oracle失败

    在做数据提取的时候发现一个非常奇怪的问题. Oracle客户端是安装正确并且Toad可以正常运行的,但是在新建OLEDB/ADO NET Source 数据流source控件连接Oracle的时候一直 ...

  3. ArcEngine交互画线

    代码 Code highlighting produced by Actipro CodeHighlighter (freeware)http://www.CodeHighlighter.com/-- ...

  4. 微信小程序现实问题之低素质客户需求问题

    ·微信小程序已经在市场摸爬滚打很久了,但是真正是否可用以及是否真正满足客户需求,市场是否真正到了火热的程度,值得怀疑. 根据本人从事小程序开发的经验,短时间内,小程序市场依然会不温不火,而此时客户的满 ...

  5. 天诛进阶之D算法 #3700

    http://mp.weixin.qq.com/s/ngn98BxAOLxXPlLU8sWH_g 天诛进阶之D算法 #3700 2015-11-24 yevon_ou 水库论坛 天诛进阶之D算法 #3 ...

  6. tpcc-mysql安装测试与使用生成对比图

    1:下载tpcc-mysql的压缩包,从下面的网站进行下载 https://github.com/Percona-Lab/tpcc-mysql 也可直接从叶总博客直接下载: http://imysql ...

  7. 关于微信公账号H5 API 调用的坑 BUG

    页面A已经配置过,如果是单页面跳转,则页面B可以共享当前的SDK配置(至少菜单是这样的) 刷新页面,原先的菜单仍然会保持原样,只是调用SDK已经失效了,需要重新配置,重新配置后,菜单仍然会保持原样(如 ...

  8. 在Java中如何进行BASE64编码和解码

    在Java中如何进行BASE64编码和解码 //在Java中如何进行BASE64编码和解码 package me.xzh.study.sun.misc.BASE64; import sun.misc. ...

  9. Win7系统托盘解决出现CH图标的方法

    中文环境下,使用的英文键盘应该是“中文(简体)-美式键盘",这个输入法虽然是用来打英文的,但是归到中文类的,对应就是CH 如果因为某些不知明原因,增加了"美式键盘"等其他 ...

  10. 查看Oracle表中的指定记录在数据文件中的位置

    查看Oracle表中的指定记录位置select rowid,user_id from sshr.xx_user where user_id=3010586 select rowid,       db ...