Network Security Threats
Network Security
- Combination of low-cost powerful computing and high-performance networks is a two-edged sword:
- Many powerful new services and applications are enabled
- But computer systems and networks become highly susceptible(敏感) to a wide variety of security threats
- Openness vs Security
- Network security involves countermeasures(对策) to protect computer systems from intruders(入侵者)
- Firewalls, security protocols, security practices, etc.
Eavesdropping
- Information transmitted over network can be observed and recorded by eavesdroppers (using a packet sniffer)
- Information can be replayed(重播) in attempts to access server
- Requirements: privacy, authentication(认证), non-repudiation(否认)
Client Imposter
client imposter(冒名顶替者)
- Imposters attempt to gain unauthorized(未经授权的) access to server
- Ex. bank account or database of personal records
- For example, in IP spoofing(戏弄) imposter sends packets with false source IP address
Requirements: privacy, authentication
Server Imposter
- An imposter impersonates(模拟) a legitimate(合法的) server to gain sensitive information from a client
- E.g. bank account number and associated user password
- Requirements: privacy, authentication, non-repudiation
Denial of Service (DoS) Attack
- Attacker can flood a server with requests, overloading the server resources (er. TCP Three-way handshake)
- Results in denial of service to legitimate clients
- Distributed denial of service attack on a server involves coordinated attack from multiple (usually hijacked) computers
- Requirement: availability
TCP SYN Flood
- The attacker sends a repeated same packet, to every port on the target server over using a fake IP address.
- The server will send back ack continunously, prevents other client sending syn.
Man-in-the-Middle Attack
- An imposter manages to place itself as man in the middle
- convincing the server that it is legitimate client
- convincing legitimate client that it is legitimate server
- gathering sensitive information and possibly hijacking(劫持) session
- Requirements: integrity, authentication
Malicious Code
- A client becomes infected with malicious code
- Virus: code that when executed, inserts itself in other programs
- Worms: code that installs copies of itself in other machines attached to a network
- Requirements: privacy, integrity, availability
Security Requirements
Security threats motivate requirements:
- Privacy: information should be readable only by intended recipient(接受者)
- Integrity: recipient can confirm that a message has not been altered during transmission
- Authentication: it is possible to verify that sender or receiver is who he claims to be
- Non-repudiation*(不可抵赖性): sender cannot deny having sent a given message.
- Availability: of information and services
Countermeasures
- Secure communication channels
- Encryption
- Cryptographic checksums and hashes (加密校验和和散列)
- Authentication
- Digital Signatures
- Secure borders
- Firewalls
- Virus checking
- Intrusion detection(入侵检测)
- Authentication
- Access Control (访问控制)
Network Security Threats的更多相关文章
- android9.0适配HTTPS:not permitted by network security policy'
app功能接口正常,其他手机运行OK,但是在Android9.0的手机上报错 CLEARTEXT communication to 192.168.1.xx not permitted by netw ...
- Android版本28使用http请求报错not permitted by network security policy
Android版本28使用http请求报错not permitted by network security policy android模拟器调试登录的时候报错 CLEARTEXT communic ...
- 《Network Security A Decision and Game Theoretic Approach》阅读笔记
网络安全问题的背景 网络安全研究的内容包括很多方面,作者形象比喻为盲人摸象,不同领域的网络安全专家对网络安全的认识是不同的. For researchers in the field of crypt ...
- Azure PowerShell (13) 批量设置Azure ARM Network Security Group (NSG)
<Windows Azure Platform 系列文章目录> 刚刚在帮助一个合作伙伴研究需求,他们的虚拟机全面的网络安全组(Network Security Group, NSG)会经常 ...
- Network Security Services If you want to add support for SSL, S/MIME, or other Internet security standards to your application, you can use Network Security Services (NSS) to implement all your securi
Network Security Services | MDN https://developer.mozilla.org/zh-CN/docs/NSS 网络安全服务 (NSS) 是一组旨在支持支持安 ...
- Firewall & Network Security
Firewall & Network Security 防火墙 & 网络安全 NAT Gateway VPC Virtual Private Cloud refs https://en ...
- 网络安全服务(Network Security Services, NSS
网络安全服务(Network Security Services, NSS)是一套为网络安全服务而设计的库 支持支持安全的客户端和 服务器应用程序.使用NSS构建的应用程序可以支持SSL v2 和v3 ...
- Network Security final project---War Game
项目介绍: 为自己的网段设置防火墙并尝试攻击其他组 网络结构: 每组有3个机器,包含一个gateway和两个workstation,其中gateway是可以连接到其他组的gateway,但是无法连接到 ...
- Mozilla Network Security Services拒绝服务漏洞
解决办法: 运行 yum update nss yum update nss
随机推荐
- ECMA6所有知识点大概笔记
ECMAScript和JavaScript的关系是,前者是后者的规格,后者是前者的一种实现 初学者一开始学习JavaScript,其实就是在学3.0版的语法. -------------------- ...
- SSIS 使用OLEDB/ADO NET Source 数据流source控件 连接Oracle失败
在做数据提取的时候发现一个非常奇怪的问题. Oracle客户端是安装正确并且Toad可以正常运行的,但是在新建OLEDB/ADO NET Source 数据流source控件连接Oracle的时候一直 ...
- ArcEngine交互画线
代码 Code highlighting produced by Actipro CodeHighlighter (freeware)http://www.CodeHighlighter.com/-- ...
- 微信小程序现实问题之低素质客户需求问题
·微信小程序已经在市场摸爬滚打很久了,但是真正是否可用以及是否真正满足客户需求,市场是否真正到了火热的程度,值得怀疑. 根据本人从事小程序开发的经验,短时间内,小程序市场依然会不温不火,而此时客户的满 ...
- 天诛进阶之D算法 #3700
http://mp.weixin.qq.com/s/ngn98BxAOLxXPlLU8sWH_g 天诛进阶之D算法 #3700 2015-11-24 yevon_ou 水库论坛 天诛进阶之D算法 #3 ...
- tpcc-mysql安装测试与使用生成对比图
1:下载tpcc-mysql的压缩包,从下面的网站进行下载 https://github.com/Percona-Lab/tpcc-mysql 也可直接从叶总博客直接下载: http://imysql ...
- 关于微信公账号H5 API 调用的坑 BUG
页面A已经配置过,如果是单页面跳转,则页面B可以共享当前的SDK配置(至少菜单是这样的) 刷新页面,原先的菜单仍然会保持原样,只是调用SDK已经失效了,需要重新配置,重新配置后,菜单仍然会保持原样(如 ...
- 在Java中如何进行BASE64编码和解码
在Java中如何进行BASE64编码和解码 //在Java中如何进行BASE64编码和解码 package me.xzh.study.sun.misc.BASE64; import sun.misc. ...
- Win7系统托盘解决出现CH图标的方法
中文环境下,使用的英文键盘应该是“中文(简体)-美式键盘",这个输入法虽然是用来打英文的,但是归到中文类的,对应就是CH 如果因为某些不知明原因,增加了"美式键盘"等其他 ...
- 查看Oracle表中的指定记录在数据文件中的位置
查看Oracle表中的指定记录位置select rowid,user_id from sshr.xx_user where user_id=3010586 select rowid, db ...