information security

honggarae 10/02/2022 993

Securityissues

1.Personalinformationisnotcollectedinastandardizedmanner

Atthisstage,althoughthelifestyleissimpleandfast,therearemanythingsbehindit.Informationsecurityrisks.Forexample,fraudulentphonecalls,collegestudents’“nakedloans”issues,promotionalinformation,andhumanfleshsearchinformationallhaveanimpactonpersonalinformationsecurity.Criminalsstealpersonalinformationthroughvarioussoftwareorprograms,andusetheinformationforprofit,whichseriouslyaffectsthesafetyofcitizens'livesandproperty.Suchproblemsaremostlyconcentratedindailylife,suchasunauthorized,excessiveorillegalcollection.Inadditiontothegovernmentandapprovedcompanies,therearealsosomeunapprovedbusinessesorindividualsthatillegallycollectpersonalinformation,andevensomeinvestigativeagencieshaveestablishedinvestigativecompaniesandwantonlypeddledpersonalinformation.Theabove-mentionedproblemshavegreatlyaffectedthesecurityofpersonalinformationandseriouslyviolatedtheprivacyrightsofcitizens.

2.Citizenslacksufficientawarenessofinformationprotection

ThewantondisseminationofpersonalinformationontheInternetandtheendlesssupplyoftelemarketinghaveoccurredfromtimetotime.Fromtheperspectiveofitsrootcause,thisisnotthesameasThelackofcitizens'awarenessofinformationprotectioniscloselyrelated.Therelativelyweakprotectionawarenessofcitizensatthelevelofpersonalinformationcreatesconditionsforinformationtheft.Forexample,youneedtofillinrelevantinformationwhenyoujustclickonthewebsite,andsomewebsitesevenrequireinformationsuchastheIDnumber.Manycitizensdonotrealizethattheabovebehaviorisaninfringementofinformationsecurity.Inaddition,somewebsitesopenlyleakedorsoldrelevantinformationbasedonthecharacteristicsofweakcivicawareness.Furthermore,thereisariskthattheinformationwillbeusedinviolationofregulationswhenfillingoutleafletsandothermaterialscasuallyindailylife.

3.Inadequatesupervisionbyrelevantdepartments

Whenthegovernmentadoptssupervisionandprotectionmeasuresforpersonalinformation,theremaybeproblemswithblurredboundaries,whicharemainlyrelatedtothevaguemanagementconceptandlackofmechanisms.Somelocalgovernmentshavenotsetupspecializedsupervisorydepartmentsbasedonpersonalinformation,causingproblemssuchasunclearresponsibilitiesandlowmanagementefficiency.Inaddition,bigdataneedstobenetwork-based,withmanynetworkusersandcomplicatedinformation.Therefore,itisdifficultforthegovernmenttoachieverefinedmanagement.Inaddition,theregulationsandregulationsrelatedtonetworkinformationmanagementarenotsystematic,makingitdifficultforthegovernmenttoproperlysupervisepersonalinformation.

Detection

Website

Websitesecuritytesting,alsoknownaswebsitesecurityassessment,websitevulnerabilitytesting,websecuritytesting,etc.Itscansthewebsiteforvulnerabilitiesthroughtechnicalmeans,detectswhethertherearevulnerabilitiesinthewebpage,whetherthewebpageislinkedtoahorse,whetherthewebpagehasbeentamperedwith,whetherthereisafraudulentwebsite,etc.,andremindsthewebmastertorepairandstrengthenintimetoensurethesafeoperationofthewebsite.

1.Injectionattack:DetectwhethertherearevulnerabilitiessuchasSQLinjection,SSIinjection,Ldapinjection,Xpathinjection,etc.intheWebsite.Ifthevulnerabilityexists,theattackerwillperformtheinjectionpointInjectionattackscaneasilyobtainthebackgroundmanagementauthorityofthewebsite,andeventhemanagementauthorityofthewebsiteserver.

2.XSScross-sitescripting:DetectwhetherthereareXSScross-sitescriptingvulnerabilitiesintheWebsite.Ifthevulnerabilityexists,thesitemaybeattackedbyCookiespoofing,webpagehanginghorses,etc.

3.WebpageTrojanHorse:TodetectwhethertheWebsitehasbeenillegallyimplantedbyhackersormaliciousattackerswithTrojanhorseprograms.

4.BufferoverflowDetectswhetherthereisabufferoverflowvulnerabilityintheWebsiteserverandserversoftware.Ifthereis,anattackercanusethisvulnerabilitytoobtainthemanagementofthewebsiteorserverPermissions.

5.Uploadvulnerability:CheckwhetherthereisanuploadvulnerabilityintheuploadfunctionofaWebsite.Ifthisvulnerabilityexists,anattackercandirectlyusethevulnerabilitytouploadaTrojanhorsetoobtainWebShell.

6.Sourcecodeleakage:DetectwhetherthereisasourcecodedisclosurevulnerabilityintheWebnetwork.Ifthisvulnerabilityexists,theattackercandirectlydownloadthesourcecodeofthewebsite.

7.Leakageofhiddendirectories:DetectwhethercertainhiddendirectoriesoftheWebsitehavealeakvulnerability.Ifthisvulnerabilityexists,theattackercanunderstandtheentirestructureofthesite.

8.Databaseleakage:Detectwhetherawebsiteisleakingadatabasevulnerability.Ifthisvulnerabilityexists,anattackercanillegallydownloadthewebsitedatabasethroughmethodssuchasviolatingthedatabase.

9.Weakpasswords:Checkwhethertheback-endmanagementusersoftheWebsiteandthefront-endusersuseweakpasswords.

10.Leakageofmanagementaddress:DetectwhetherthereisamanagementaddressleakagefunctionforaWebsite.Ifthisvulnerabilityexists,anattackercaneasilyobtaintheback-endmanagementaddressofthewebsite.

Network

1.Structuralsecurityandnetworksegmentation

ThebusinessprocessingcapacityofnetworkequipmenthasredundantspacetomeetbusinessPeakperiodneeds:Accordingtothecharacteristicsoftheorganization'sbusiness,onthebasisofmeetingtheneedsofthepeakperiod,thenetworkbandwidthshouldbereasonablydesigned.

2.Networkaccesscontrol

Dataisnotallowedtopassthroughwithgeneralprotocols.

3.Dial-upaccesscontrol

Theremotedial-upaccessfunction(suchasremotedial-upusersormobileVPNusers)isnotopen.

4.Networksecurityaudit

Recordthedateandtimeofeventssuchasnetworkequipmentoperatingstatus,networktraffic,userbehavior,users,eventtypes,Whethertheeventwassuccessful,andotherinformationrelatedtotheaudit.

5.Boundaryintegritycheck

Abletochecktheunauthorizeddevice'sprivateconnectiontotheinternalnetwork,determinethelocationaccurately,andmakeitEffectiveblocking;abletochecktheprivateconnectionofinternalnetworkuserstoexternalnetworks,accuratelydeterminethelocation,andeffectivelyblockit.

6.Networkintrusionprevention

Monitorthefollowingattacksatthenetworkboundary:portscanning,bruteforceattacks,Trojanhorsebackdoorattacks,denialofserviceattacks,bufferingZoneoverflowattacks,IPfragmentattacks,networkwormattacksandotherintrusionevents;whenanintrusioneventisdetected,recordtheintrusionsourceIP,attacktype,attackpurpose,attacktime,etc.,andprovideanalarmwhenaseriousintrusioneventoccurs(suchasSeveralmethodssuchasreal-timescreenprompts,E-mailalarms,andsoundalarmscanbeadopted)andcorrespondingactionscanbetakenautomatically.

7.Maliciouscodeprevention

Detectandremovemaliciouscodeatthenetworkboundary;maintaintheupgradeofthemaliciouscodelibraryandtheupdateofthedetectionsystem.

8.Networkequipmentprotection

Identifyuserswhologintonetworkequipment;restricttheloginaddressofnetworkequipmentadministrators;mainnetworkequipmentChoosetwoormorecombinationsofauthenticationtechnologiesforthesameusertoperformidentityauthentication.

Host

1.Identityauthentication

Identifyandauthenticateuserswhologintotheoperatingsystemanddatabasesystem.

2,AutonomousAccessControl

Controlthesubject'saccesstotheobjectaccordingtothesecuritypolicy.

3.Mandatoryaccesscontrol

Importantinformationresourcesandallsubjectsaccessingimportantinformationresourcesshouldbesetwithsensitivemarks;thecoverageofmandatoryaccesscontrolshouldincludeAllsubjectsandobjectsdirectlyrelatedtoimportantinformationresourcesandtheoperationsbetweenthem;thegranularityofmandatoryaccesscontrolshouldreachtheuserlevelofthesubjectandthefile,databasetable/record,andfieldleveloftheobject.

4.Trustedpath

Whenthesystemauthenticatestheuser,asecureinformationtransmissionpathcanbeestablishedbetweenthesystemandtheuser.

5.Securityaudit

Theauditscopecoverseveryoperatingsystemuseranddatabaseuserontheserverandimportantclients;theauditcontentincludesthesystemImportantsafety-relatedincidents.

6.Remaininginformationprotection

EnsurethatthestoragespacewheretheauthenticationinformationoftheoperatingsystemanddatabasemanagementsystemusersislocatedisreleasedorredistributedtootherusersItiscompletelyclearedbefore,regardlessofwhethertheinformationisstoredontheharddiskorinthememory;toensurethestoragespacewhereresourcessuchasfiles,directories,anddatabaserecordsinthesystemarelocated.

Beabletodetecttheintrusionofimportantservers,recordthesourceIPoftheintrusion,thetypeofattack,thepurposeoftheattack,andthetimeoftheattack,andprovideanalarmwhenaseriousintrusioneventoccurs;Theintegrityoftheprogramisdetected,andrecoverymeasuresaretakenwhentheintegrityisdetected;theoperatingsystemfollowstheprincipleofminimuminstallation,onlyinstallstherequiredcomponentsandapplications,andkeepsthesystempatchesupdatedintimebysettinguptheupgradeserver,etc..

8.Maliciouscodeprevention

Installanti-malwaresoftware,andupdatetheanti-malwaresoftwareversionandmaliciouscodelibraryintime;hostanti-malwareproductsHaveamaliciouscodelibrarydifferentfromnetworkanti-malwarecodeproducts;supportunifiedmanagementofanti-malwarecode.

9.Resourcecontrol

Restrictterminalloginbysettingterminalaccessmode,networkaddressrangeandotherconditions;setloginterminaloperationaccordingtosecuritypolicyTimeoutlock;monitorimportantservers,includingmonitoringtheuseoftheserver'sCPU,harddisk,memory,networkandotherresources;limitthemaximumorminimumuseofsystemresourcesbyasingleuser;whentheservicelevelofthesystemisreducedtoapredeterminedminimumWhenthevalueisset,itcanbedetectedandalarmed.

Database

Databaseinformationsecuritydetectionisverysystematicandcomprehensive.Itrequiresacompletesecuritymechanismtoensurethesmoothdevelopmentoftherelatedinformation,andtodiscovertheproblemsinthedatabaseinformationintime.Intheapplicationofcomputernetworksystem,itisnecessarytoattachgreatimportancetotheconstructionofdatabaseinformationsecuritydetectionsecuritymechanism.

SecurityHazards

Informationsecuritythreatsinthenetworkenvironmentinclude:

1.Impersonation:referstoanillegaluserwhointrudesintothesystemandentersinformationsuchasaccountnumbersTheactofimpersonatingalegitimateusertostealinformation;

2.Identitytheft:referstoalegitimateuserbeinginterceptedbyotherillegalusersinthenormalcommunicationprocess;

3.Datatheft:referstoillegalTheuserinterceptsthedataofthecommunicationnetwork;

4.Denial:Referstothecommunicationpartynotadmittingtoparticipateinaneventafterparticipatinginanevent;

5.Denialofservice:ReferstothelegitimateuserinWhenalegitimateapplicationwassubmitted,theservicewasrejectedordelayed;

6,wrongrouting;

7,unauthorizedaccess.

Securityindicators

1.Confidentiality

Undertheapplicationofencryptiontechnology,thenetworkinformationsystemcandeleteandselectuserswhoapplyforaccess,allowingpermissionOfusersaccessnetworkinformation,butdenyaccessapplicationsfromuserswithoutpermission.

2.Integrity

Undertheinfluenceofmultipleinformationtechnologiessuchasencryptionandhashfunctions,thenetworkinformationsystemcaneffectivelyblockillegalandspaminformationandimprovethesecurityoftheentiresystem.

3.Availability

Theavailabilityofnetworkinformationresourcesisnotonlytoprovideenduserswithvaluableinformationresources,butalsotoquicklyrestoreinformationresourceswhenthesystemisdamagedtomeettheneedsofusers.Usagerequirements.

4.Authorization

Beforeaccessingnetworkinformationresources,endusersneedtoobtainsystemauthorizationfirst.Authorizationcanclarifytheuser'sauthority,whichdetermineswhethertheusercanaccessthenetworkinformationsystem,andistheprerequisitefortheusertofurthermanipulatevariousinformationdata.

5.Authentication

Underthecurrenttechnicalconditions,theauthenticationmethodsthatpeoplecanacceptaremainly:oneisphysicalauthentication,theotherisdatasourceauthentication.Thereasonfortheauthenticationbeforetheuseraccessesthenetworkinformationsystemistomaketheauthorizeduserandtheauthorizeduserthesameobject.

6.Non-repudiation

Non-repudiationinthefieldofnetworkinformationsystems,insimpleterms,anyuserwillleavecertaintracesinthesystemwhenusingnetworkinformationresources.Theoperatingusercannotdenyhisvariousoperationsonthenetwork,andtheentireoperationprocesscanbeeffectivelyrecorded.Doingsocandealwithsituationswherecriminalsdenytheirownillegalactivities,improvethesecurityoftheentirenetworkinformationsystem,andcreateabetternetworkenvironment.

Protectionstrategy

1.Databasemanagementsecurityprecautions

VarioustypesofcomputernetworkdatabasescausedbyhumanfactorsoftenappearinthespecificcomputernetworkdatabasesecuritymanagementThehiddendangerofsecurityhascausedagreatadverseeffectonthesecurityofthedatabase.Forexample,duetoimproperhumanoperations,harmfulprogramsmaybeleftinthecomputernetworkdatabase.Theseprogramsgreatlyaffectthesafeoperationofthecomputersystemandmayevencausehugeeconomiclossestousers.Basedonthis,moderncomputerusersandmanagersshouldbeabletotakeeffectivecontrolandpreventivemeasuresbasedondifferentriskfactors,trulyattachimportancetosecuritymanagementprotectionfromtheconsciousness,andstrengthenthesecuritymanagementofcomputernetworkdatabases.

2.Strengthentheawarenessofsecurityprotection

Everyoneoftenusesvarioususerlogininformationindailylife,suchasonlinebankingaccounts,Weibo,WeChat,andAlipay.TheseTheuseofinformationisinevitable,butatthesametimethisinformationhasalsobecomeatargetoftheftbycriminals,attemptingtostealuserinformation,logintotheuser'sterminal,andstealthedatainformationorfundsintheuseraccount.What'smoreseriousisthattheaccountsofmanyusersinthecurrentsocietyarerelated.Onceoneaccountissuccessfullystolen,thetheftofotheraccountsiseasyandbringsgreatereconomiclossestousers.Therefore,usersmustbevigilantatalltimes,improvetheirownsecurityawareness,refusetodownloadunknownsoftware,prohibitclickingonunknownwebsites,increasethesecuritylevelofaccountpasswords,prohibitmultipleaccountsfromusingthesamepassword,etc.,tostrengthentheirownsecurityprotectioncapabilities.

3.Scientificuseofdataencryptiontechnology

Forthesecuritymanagementofcomputernetworkdatabases,dataencryptiontechnologyisaneffectivemeans,whichcanavoidandcontrolcomputersystemstotheutmostextentBybeinginvadedbyviruses,itprotectstheinformationsecurityofcomputernetworkdatabasesandprotectsthevitalinterestsofrelevantusers.Thecharacteristicsofdataencryptiontechnologyareconcealmentandsecurity,whichspecificallyreferstotheuseofsomelanguageprogramstocompletetheencryptionoperationofcomputingdatabasesordata.Currently,themostwidelyusedcomputerdataencryptiontechnologiesonthemarketmainlyincludeconfidentialcommunication,anti-copytechnology,andcomputerkeys.Theseencryptiontechnologieshavetheirownadvantagesanddisadvantages,andhaveimportantpracticalsignificanceforprotectinguserinformationanddata.Therefore,inthedailysecuritymanagementofcomputernetworkdatabases,itisnecessarytoadoptscientificandadvanceddataencryptiontechnology.Inadditiontogreatlyreducingvirusesandotherprogramsinvadingtheuser’simportantdatainformation,itcanalsobeusedaftertheuser’sdatainformationisinvaded.Stillhavetheabilitytoprotectdataandinformationfromleakageproblems.Itshouldbenotedthatthecomputersystemcontainshugeamountsofdataandinformation,anditisobviouslyunrealistictoencryptandprotecteachitemofdata.Thisrequirestheuseofhierarchicaldivisionmethodandreasonableencryptionprocessingaccordingtotheimportanceofdifferentinformationtoensurethatimportantdataandinformationwillnotbeencrypted.Destroyedandstolen.

4.Improvehardwarequality

Thefactorsthataffectcomputernetworkinformationsecurityarenotonlysoftwarequality,butalsohardwarequality,andtherearecertaindifferencesbetweenthetwo.ThehardwaresystemisconsideringsecurityOnthebasisofperformance,wemustalsopayattentiontotheservicelifeofthehardware.Asanimportantcomponentofthecomputer,hardwarehasthecharacteristicthatitsperformancewillgraduallydecreaseastheusetimeincreases.Usersshouldpayattentiontothispointandstrengthendailymaintenanceandrepair..Forexample,ifthebestservicelifeofaharddiskistwoyears,trynottouseitformorethanfouryears.

5.Improvingthenaturalenvironment

Improvingthenaturalenvironmentreferstoimprovingthecomputer'suseenvironmentsuchasdust,humidity,andtemperature.Specifically,itistoregularlycleanthesurfacedustofthecomputerindailyusetoensurethatitworksinacleanenvironment,whichcaneffectivelyavoidcomputerhardwareaging;itisbestnottousethecomputerinanexcessivelyhightemperatureandhumidenvironment,andpayattentiontothecomputer’sExternalmaintenance.

6.Installfirewallandanti-virussoftware

Firewallcaneffectivelycontrolcomputernetworkaccessrights.Byinstallingfirewall,networksecuritycanbeautomaticallyanalyzedandillegalwebsiteaccesscanbeblocked.,Filteringthemessagesthatmayhaveproblems,toacertainextentenhancesthesystem’sresistanceandimprovesthesecurityindexofthenetworksystem.Atthesametime,itisnecessarytoinstallanti-virussoftware,whichcaninterceptandinterruptvirusesinthesystem,whichisofgreatbenefittoimprovingcomputernetworksecurity.

7.Strengthentheapplicationofcomputerintrusiondetectiontechnology

Intrusiondetectionismainlyanoperatingsystemfordatatransmissionsecuritydetection.ThroughtheuseofIDS(IntrusionDetectionSystem)intrusiondetectionsystem,youcanDiscovertheabnormalphenomenonbetweenthecomputerandthenetworkintime,andgivetheuserareminderintheformofanalarm.Inordertobetterplaytheroleofintrusiondetectiontechnology,theuseofthistechnologyisusuallysupplementedbyaseriesoftechnologiessuchaspasswordcrackingtechnologyanddataanalysistechnologytoensurecomputernetworksecurity.

8.Othermeasures

Measurestoprovideprotectionforcomputernetworksecurityalsoincludeimprovingaccountsecuritymanagementawareness,strengtheningtheapplicationofnetworkmonitoringtechnology,strengtheningcomputernetworkpasswordsettings,andinstallingsystemsVulnerabilitypatches,etc.

Securitydefensetechnology

1.Intrusiondetectiontechnology

Whenusingcomputersoftwaretostudyorwork,mostuserswillfaceimproperprogramdesignorimproperconfigurationTheproblem,iftheuserfailstosolvetheseproblemsintime,itwillmakeiteasierforotherstoinvadetheirowncomputersystem.Forexample,hackerscanuseprogramloopholestoinvadeotherpeople'scomputers,stealordamageinformationresources,andcauseacertaindegreeofeconomiclosstoothers.Therefore,theusermustdealwithitintimewhenthereisabugintheprogram,andtheproblemcanbesolvedbyinstallingabugpatch.Inaddition,intrusiondetectiontechnologyisalsowillingtomoreeffectivelyguaranteethesecurityofcomputernetworkinformation.Thistechnologyisacombinationofcommunicationtechnology,cryptographictechnologyandothertechnologies.Byusingintrusiondetectiontechnologyreasonably,userscanlearnaboutvarioussecuritythreatsincomputersinatimelymanner.,Andtakecertainmeasurestodealwithit.

2.Firewallandvirusprotectiontechnology

Firewallisanimportanttechnologythatcaneffectivelyprotectcomputersecurity.Itiscomposedofsoftwareandhardwareequipmentandisblockedbyestablishingadetectionandmonitoringsystem.Intrusionfromexternalnetworks.Theusercanusethefirewalltoeffectivelycontroltheaccessofexternalfactorstothecomputersystemtoensuretheconfidentiality,stabilityandsecurityofthecomputer.Virusprotectiontechnologyreferstosecuritydefensebyinstallinganti-virussoftwareandupdatingthesoftwareintime,suchasKingsoftInternetSecurity,360SecurityProtectionCenter,andComputerSecurityManager.Themainfunctionofvirusprotectiontechnologyistomonitorthecomputersysteminrealtime,preventvirusesfrominvadingthecomputersystemandcauseharmtoit,interceptandeliminatethevirus,andrealizethesecurityprotectionofthesystem.Inaddition,usersshouldalsoactivelylearntheknowledgeofcomputersecurityprotection,andtrynottochooseunfamiliarwebsiteswhendownloadingresourcesontheInternet.Ifdownloadingisnecessary,thedownloadedresourcesmustbedisinfectedtoensurethattheresourcesarenotNegativeimpactonthesafeoperationofthecomputer.

3.Digitalsignatureandbiometrictechnology

Digitalsignaturetechnologyismainlyaimedate-commerce.Thistechnologyeffectivelyensurestheconfidentialityandsecurityoftheinformationdisseminationprocess,andalsoItcanpreventthecomputerfrombeingmaliciouslyattackedorattacked.Biometricsreferstodeterminingwhethertograntapplicationrightsbyidentifyingthecharacteristicsofthehumanbody,whichmainlyincludesfingerprints,retina,voice,andsoon.ThistechnologyhasdecisivepertinenceandcanensurethesecurityofcomputerInternetinformationtothegreatestextent.Nowadays,fingerprintrecognitiontechnologyisthemostwidelyused.Thistechnologyisalsostableandsimpleonthebasisofsecurityandconfidentiality,bringingpeopleAgreatconvenience.

4.Informationencryptionprocessingandaccesscontroltechnology

Informationencryptiontechnologymeansthatuserscanencryptfilesthatneedtobeprotected,setcomplexpasswordswithacertaindegreeofdifficulty,andkeepinmindThepasswordguaranteesitsvalidity.Inaddition,usersshouldalsoconductregularoverhaulandmaintenanceofcomputerequipment,strengthennetworksecurityprotection,andconductreal-timemonitoringofcomputersystemstopreventnetworkintrusionsandrisks,therebyensuringthesafeandstableoperationofcomputers.Accesscontroltechnologyreferstothesettingofaccessrightstocertaininformationthroughusercustomization,ortheuseofcontrolfunctionstoachieveaccessrestrictions.Thistechnologycanprotectuserinformationandavoidillegalaccess.

5.Securityprotectiontechnology

Includesnetworkprotectiontechnology(firewall,UTM,intrusiondetectionanddefense,etc.);applicationprotectiontechnology(suchasapplicationprograminterfacesecuritytechnology,etc.);systemprotectiontechnology(Suchasanti-tampering,systembackupandrecoverytechnology,etc.),topreventexternalnetworkusersfromillegallyenteringtheinternalnetwork,accessinginternalresources,andprotectingtheinternalnetworkoperatingenvironment.

6.Securityauditingtechnology

Includeslogauditingandbehaviorauditing,throughlogauditingtoassistadministratorsinviewingnetworklogsafterbeingattacked,soastoevaluatetherationalityofnetworkconfigurationandsecuritystrategiesTheeffectivenessofthetracinganalysisofsecurityattacks,andcanprovidemeansforreal-timedefense.Byauditingthenetworkbehaviorofemployeesorusers,confirmthecomplianceofthebehaviorandensurethecomplianceofinformationandnetworkusage.

7.Securitydetectionandmonitoringtechnology

Thetrafficintheinformationsystemandtheapplicationcontentaredetectedattwotosevenlevels,andmoderatelysupervisedandcontrolledtoavoidtheabuseandjunkofnetworktrafficDisseminationofinformationandharmfulinformation.

8.Decryptionandencryptiontechnology

Encryptionanddecryptionofinformationdataduringthetransmissionorstorageprocessoftheinformationsystem.

9.Identityauthenticationtechnology

Technologyusedtodeterminethelegitimacyoftheidentityofusersordevicesthataccessorinterveneinaninformationsystem.Typicalmethodsincludeusernamesandpasswords,identityrecognition,andPKIcertificatesAndbiometricauthentication.

Encryptiontechnology

Overview

Cryptographyusesencryptiontechnologytoprocesstheinformationtobetransmittedtopreventotherillegalpersonsfromstealingandtamperingwiththedata,andthestrengthofencryptionIthasalottodowiththeselectedencryptiontechnologyandkeylength.

Developmenthistory

Thesecurityofthefirststagedatamainlydependsontheconfidentialityofthealgorithm;thesecondstagemainlydependsontheconfidentialityofthekey;thethirdstagedataencryptionhasachievedgreatAchievement,supportkeylesstransmissionbetweencommunicationparties.

1.Symmetricencryption

Alsoknownasprivatekeyencryption,thesenderandreceiverofinformationusethesamekeytoencryptanddecryptdata.Itsbiggestadvantageisfastencryption/decryptionspeed,suitableforencryptinglargeamountsofdata,butkeymanagementisdifficult.Ifthecommunicatingpartiescanensurethattheprivatekeyhasnotbeenleakedduringthekeyexchangephase,thenconfidentialityandmessageintegritycanbeencryptedthroughthisencryptionmethod,andthemessagedigestormessagehashcanbesentalongwiththemessage.Valuetoachieve.Thecharacteristicsofsymmetricencryptionareasfollows:(1)Thecipheralgorithmideaof​​symmetricencryptionissubstitutionandsubstitution,andthecalculationisfast;(2)TheencryptionanddecryptionkeysofsymmetricencryptionGenerallythesameoritiseasyforthecommunicatingpartiestoderiveeachother;

(3)Thekeyisprivate,andthetwocommunicatingpartiesmustpassthekeybeforecommunicating;

(4)ThenumberofcommunicatingpartiesInmanycases,themanagementofkeysisverydifficult;

(5)TheFeistelstructureisageneralstructureforsymmetricencryption,whichcombinesthebasicideasofdiffusionandconfusion.Confusionisusedtocoveruptherelationshipbetweenplaintextandciphertext,makingthestatisticalrelationshipbetweenthekeyandtheciphertextascomplicatedaspossible,sothattheattackercannotinferthekeyfromtheciphertext.Diffusionreferstothestatisticalcharacteristicsoftheplaintext.Spreadintotheciphertext,sothateachbitoftheplaintextaffectsthevalueofmultiplebitsoftheciphertext.

2.Asymmetricencryption

Alsoknownaspublickeyencryption,apairofkeysisusedtocompletetheencryptionanddecryptionoperationsrespectively,oneofwhichispubliclyreleased(thatis,thepublickey),andtheotherItiskeptsecretbytheuserhimself(thatis,theprivatekey).Theprocessofinformationexchangeis:PartyAgeneratesapairofkeysanddisclosesoneofthemasapublickeytoothertransactionparties.PartyBwhoobtainsthepublickeyusesthekeytoencrypttheinformationbeforesendingittoPartyA.Thepartythenusesitsownprivatekeytodecrypttheencryptedinformation.Thecharacteristicsofasymmetricencryptionareasfollows:

(1)Asymmetricencryptionisalsocalled"publickeyalgorithm",andthekeyisdividedintoapublickeyandaprivatekey;

(2)Asymmetricencryptionusesaone-waytrapdoorfunction,whichiseasytoevaluateinonedirection.Ifthereversetransformationisrequired,itneedstorelyona"trapdoor",otherwiseitisdifficulttoimplement;

(3)AsymmetricencryptedcommunicationThereisnoneedforkeycommunicationbetweenthetwoparties;

(4)Keymanagementisrelativelyeasy;

(5)Bothhaveapairofkeys.Thesenderusesthereceiver'spublickeytoencrypttheinformationandthentransmitsit,andthereceiverneedstouseitsownprivatekeytodecrypttheinformation.

Goalsandprinciples

Goals

Allinformationsecuritytechnologiesaredesignedtoachievecertainsecuritygoals,andtheircoreincludesconfidentiality,integrity,availability,Fivesecuritygoalsofcontrollabilityandnon-repudiation.

Confidentiality(Confidentiality)referstopreventingunauthorizedsubjectsfromreadinginformation.Itisacharacteristicofinformationsecuritysinceitsbirth,anditisalsooneofthemainresearchcontentsofinformationsecurity.Moregenerallyspeaking,itmeansthatunauthorizeduserscannotobtainsensitiveinformation.Forpaperdocumentinformation,weonlyneedtoprotectthefilefromunauthorizedaccess.Fortheinformationinthecomputerandnetworkenvironment,itisnotonlynecessarytopreventunauthorizedpersonsfromreadingtheinformation.Itisalsonecessarytopreventtheauthorizedpersonfrompassingtheinformationaccessedtotheunauthorizedperson,sothattheinformationisleaked.

Integrity(Integrity)referstothepreventionofunauthorizedtamperingofinformation.Itistoprotecttheinformationtomaintaintheoriginalstate,sothattheinformationmaintainsitsauthenticity.Ifthisinformationisdeliberatelymodified,inserted,deleted,etc.,theformationoffalseinformationwillbringseriousconsequences.

Availability(Availability)referstotheabilityofauthorizedsubjectstogetservicesintimewhentheyneedinformation.Usabilityisanewrequirementforinformationsecurityintheinformationsecurityprotectionstage,anditisalsoaninformationsecurityrequirementthatmustbemetinthenetworkedspace.

Controllability(Controlability)referstotheimplementationofsecuritymonitoringandmanagementofinformationandinformationsystemstopreventillegaluseofinformationandinformationsystems.

Non-repudiation(Non-repudiation)meansthatinthenetworkenvironment,thetwopartiesofinformationexchangecannotdenythebehaviorofsendingorreceivinginformationduringtheexchange.

Theconfidentiality,integrityandavailabilityofinformationsecuritymainlyemphasizethecontrolofunauthorizedsubjects.Andhowtocontroltheimproperbehavioroftheauthorizedsubject?Thecontrollabilityandnon-repudiationofinformationsecurityispreciselythroughthecontrolofauthorizedsubjectstoachieveeffectivesupplementstoconfidentiality,integrityandavailability.Itmainlyemphasizesthatauthorizeduserscanonlycarryoutlegalaccesswithinthescopeofauthorization,andtheirConductsupervisionandreviewofbehavior.

Inadditiontothefivefeaturesofinformationsecuritymentionedabove,therearealsoauditabilityandauthenticityofinformationsecurity.Theauditabilityofinformationsecuritymeansthattheactorsoftheinformationsystemcannotdenytheirinformationprocessingbehavior.Comparedwiththeidentifiablebehaviorintheprocessofnon-repudiationinformationexchange,themeaningofauditabilityisbroader.Thevisibilityandauthenticationofinformationsecuritymeansthatthereceiveroftheinformationcandeterminetheidentityofthesenderoftheinformation.Itisalsoaconceptrelatedtonon-repudiation.

Principles

Inordertoachievethegoalofinformationsecurity,theuseofvariousinformationsecuritytechnologiesmustcomplywithsomebasicprinciples.

Theprincipleofminimization.Protectedsensitiveinformationcanonlybesharedwithinacertainrange.Securitysubjectswhoperformtheirjobresponsibilitiesandfunctionsarerequiredtomeettheneedsoftheworkunderthepremisethatlawsandrelatedsecuritypoliciesallow.Onlybeinggrantedappropriatepermissionstoaccessinformationiscalledtheprincipleofminimization.The"righttoknow"ofsensitiveinformationmustberestricted,whichisarestrictiveopeningunderthepremiseof"meetingworkneeds."Theprincipleofminimizationcanbesubdividedintotheprinciplesofneedtoknowandneedtouse.

Theprincipleofchecksandbalancesofpowers.Intheinformationsystem,allpermissionsshouldbeappropriatelydivided,sothateachauthorizedsubjectcanonlyhaveapartofthepermissions,sothattheycanrestrictandsuperviseeachother,andjointlyensurethesecurityoftheinformationsystem.Iftheauthorityassignedbyanauthorizedsubjectistoolargeandthereisnosupervisionandrestriction,itwillimplythesecurityrisksof"abuseofpower"and"all-in-onetalk".

Theprincipleofsecurityisolation.Isolationandcontrolarethebasicmethodstoachieveinformationsecurity,andisolationisthebasisforcontrol.Abasicstrategyofinformationsecurityistoseparatethesubjectandtheobjectoftheinformation,andimplementthesubject'saccesstotheobjectunderthepremiseofcontrollabilityandsafetyinaccordancewithacertainsecuritystrategy.

Onthebasisofthesebasicprinciples,peoplealsosummarizedsomeimplementationprinciplesintheproductionpracticeprocess.Theyaretheconcreteembodimentandextensionofthebasicprinciples.Including:theprincipleofoverallprotection,theprincipleofwhoisinchargeofwhoisresponsible,theprincipleofhierarchicalprotectionofappropriateprotection,theprincipleofdivisionalprotection,theprincipleofdynamicprotection,theprincipleofmulti-levelprotection,theprincipleofdeepprotectionandtheprincipleofinformationflow,etc.

Developmenttrendsandchallenges

1.Newdata,newapplications,newnetworksandnewcalculationshavebecomethedirectionandhotspotofinformationsecurityforaperiodoftimetobringnewchallengestothefuture

TherapiddevelopmentofnewnetworkssuchastheInternetofThingsandthemobileInternethasbroughtgreaterchallengestoinformationsecurity.TheInternetofThingswillbeappliedinmanyfieldssuchassmartgrid,smarttransportation,smartlogistics,financeandserviceindustry,nationaldefenseandmilitary.ThebusinessauthenticationmechanismandencryptionmechanismintheInternetofThingsarethetwomostimportantlinksinsecurity,andtheyarealsotheweaklinksintheinformationsecurityindustrytoensureinformationsecurity.TherapiddevelopmentofthemobileInternethasbroughtaboutanincreasingsecurityriskofprivateinformationstoredinmobileterminals.

2.Traditionalnetworksecuritytechnologycannolongermeetthedevelopmentofanewgenerationofinformationsecurityindustry.Theneedsofenterprisesforinformationsecurityareconstantlychanging.

TraditionalinformationSecuritypaysmoreattentiontodefenseandemergencyresponsecapabilities.However,withtheemergenceofcloudsecurityservices,thetraditionalsecurityindustrythatprovidessecurityservicesbasedonsoftwareandhardwarehasbeguntochange.UnderthenewsituationoftheriseofmobileInternetandcloudcomputing,simplifyingclientconfigurationandmaintenancecostshasbecomeanewnetworksecurityrequirementforenterprisesandanewchallengefacingthedevelopmentoftheinformationsecurityindustry.

3.Inthefuture,thegeneraltrendofthedevelopmentoftheinformationsecurityindustryistomovefromtraditionalsecuritytointegratedandopensecurity

WiththedevelopmentoftheInternet,thetraditionalThenetworkboundarynolongerexists,bringinghugechangestofutureInternetapplicationsandservices,andalsobringingnewchallengestoinformationsecurity.ConvergenceandopennessisoneofthecharacteristicsofthedevelopmentoftheInternet.Asaresult,networksecurityisdevelopinginthedirectionofdistribution,scale,complexity,andindirection.Theinformationsecurityindustrywillalsoexploreanddevelopinalargesecurityenvironmentthatisconvergedandopen.

TheMatrix

OnSeptember10,2021,ForeignMinistrySpokespersonZhaoLijianpresidedoveraregularpressconference.Areporteraskedquestions.SeveralmembersoftheEnergyandCommerceCommitteeoftheUSHouseofRepresentativeswrotetoUSSecretaryofTransportationButtigiegonthe9th,expressingconcernabouttheUSgovernment’sdecisiontoapproveHuawei’spurchaseofautomotivechips,sayingthattheywereworriedthatHuaweiwouldcollectAmericancitizensandtransportationinfrastructure.Information,doyouhaveanycommentonthis?"SomepoliticiansintheUnitedStatesareshoutingandcatchingthieves."ZhaoLijianpointedoutthattheChinesepeopleareveryangrywiththispractice.

ZhaoLijiansaidthatwhenitcomestostealingandcollectinginformation,theUnitedStatesistheworldchampion.Globaleavesdroppingscandalssuchas"PrismGate"provethattheUnitedStatesistheworld'snumberone"Matrix",anditisnottheUnitedStatesbutothercountriesthatshouldbeworried.

Chinesecompanieshavealwaysmaintainedagoodrecordininformationsecurity.Huaweihaslongopenlyannouncedtotheworldthatitiswillingtosignabackdoor-freeagreementandiswillingtoestablishanetworksecurityassessmentcenterinanycountrytoacceptforeigntesting.MayIask,canUScompaniesdaretodolikeHuawei?

Latest: Optic nerve

Next: Distinguished Professor