Network Security

  • Combination of low-cost powerful computing and high-performance networks is a two-edged sword:

    • Many powerful new services and applications are enabled
    • But computer systems and networks become highly susceptible(敏感) to a wide variety of security threats
    • Openness vs Security
  • Network security involves countermeasures(对策) to protect computer systems from intruders(入侵者)
    • Firewalls, security protocols, security practices, etc.

Eavesdropping

  • Information transmitted over network can be observed and recorded by eavesdroppers (using a packet sniffer)
  • Information can be replayed(重播) in attempts to access server
  • Requirements: privacy, authentication(认证), non-repudiation(否认)

Client Imposter

  • client imposter(冒名顶替者)

  • Imposters attempt to gain unauthorized(未经授权的) access to server
    • Ex. bank account or database of personal records
    • For example, in IP spoofing(戏弄) imposter sends packets with false source IP address
  • Requirements: privacy, authentication

Server Imposter

  • An imposter impersonates(模拟) a legitimate(合法的) server to gain sensitive information from a client

    • E.g. bank account number and associated user password
  • Requirements: privacy, authentication, non-repudiation

Denial of Service (DoS) Attack

  • Attacker can flood a server with requests, overloading the server resources (er. TCP Three-way handshake)

    • Results in denial of service to legitimate clients
  • Distributed denial of service attack on a server involves coordinated attack from multiple (usually hijacked) computers
  • Requirement: availability

TCP SYN Flood

  • The attacker sends a repeated same packet, to every port on the target server over using a fake IP address.
  • The server will send back ack continunously, prevents other client sending syn.

Man-in-the-Middle Attack

  • An imposter manages to place itself as man in the middle

    • convincing the server that it is legitimate client
    • convincing legitimate client that it is legitimate server
    • gathering sensitive information and possibly hijacking(劫持) session
  • Requirements: integrity, authentication

Malicious Code

  • A client becomes infected with malicious code
  • Virus: code that when executed, inserts itself in other programs
  • Worms: code that installs copies of itself in other machines attached to a network
  • Requirements: privacy, integrity, availability

Security Requirements

Security threats motivate requirements:

  • Privacy: information should be readable only by intended recipient(接受者)
  • Integrity: recipient can confirm that a message has not been altered during transmission
  • Authentication: it is possible to verify that sender or receiver is who he claims to be
  • Non-repudiation*(不可抵赖性): sender cannot deny having sent a given message.
  • Availability: of information and services

Countermeasures

  • Secure communication channels

    • Encryption
    • Cryptographic checksums and hashes (加密校验和和散列)
    • Authentication
    • Digital Signatures
  • Secure borders
    • Firewalls
    • Virus checking
    • Intrusion detection(入侵检测)
    • Authentication
    • Access Control (访问控制)

Network Security Threats的更多相关文章

  1. android9.0适配HTTPS:not permitted by network security policy'

    app功能接口正常,其他手机运行OK,但是在Android9.0的手机上报错 CLEARTEXT communication to 192.168.1.xx not permitted by netw ...

  2. Android版本28使用http请求报错not permitted by network security policy

    Android版本28使用http请求报错not permitted by network security policy android模拟器调试登录的时候报错 CLEARTEXT communic ...

  3. 《Network Security A Decision and Game Theoretic Approach》阅读笔记

    网络安全问题的背景 网络安全研究的内容包括很多方面,作者形象比喻为盲人摸象,不同领域的网络安全专家对网络安全的认识是不同的. For researchers in the field of crypt ...

  4. Azure PowerShell (13) 批量设置Azure ARM Network Security Group (NSG)

    <Windows Azure Platform 系列文章目录> 刚刚在帮助一个合作伙伴研究需求,他们的虚拟机全面的网络安全组(Network Security Group, NSG)会经常 ...

  5. Network Security Services If you want to add support for SSL, S/MIME, or other Internet security standards to your application, you can use Network Security Services (NSS) to implement all your securi

    Network Security Services | MDN https://developer.mozilla.org/zh-CN/docs/NSS 网络安全服务 (NSS) 是一组旨在支持支持安 ...

  6. Network Security final project---War Game

    项目介绍: 为自己的网段设置防火墙并尝试攻击其他组 网络结构: 每组有3个机器,包含一个gateway和两个workstation,其中gateway是可以连接到其他组的gateway,但是无法连接到 ...

  7. Mozilla Network Security Services拒绝服务漏洞

    解决办法: 运行 yum update nss yum update nss

  8. Python Network Security Programming-1

    UNIX口令破解1.程序运行需求: 其中dictionary.txt文件为破解口令的字典文件,passwords.txt文件为临时存放UNIX系统密码的文件 2.程序源码: import crypt ...

  9. Big Data Security Part One: Introducing PacketPig

    Series Introduction Packetloop CTO Michael Baker (@cloudjunky) made a big splash when he presented ‘ ...

随机推荐

  1. Android SDK Manager国内更新代理

    在Android SDK Manager Setting 窗口设置HTTP Proxy server和HTTP Proxy Port这个2个参数,分别设置为: HTTP Proxy server:mi ...

  2. linux 配置tomcat运行远程监控(JMX)

    在实际使用中,我们经常要监控tomcat的运行性能.需要配置相应的参数提供远程连接来监控tomcat服务器的性能.本文详细介绍如何一步一步的配置tomcat相应参数.允许远程连接监控. 工具/原料 v ...

  3. 安装Odoo9出现的could not execute command &quot;lessc&quot;问题

    解决方案: apt-get install node-less

  4. 理解NSAttributedString

    An NSAttributedString object manages character strings and associated sets of attributes (for exampl ...

  5. mongo常用命令

    1.由于mongo没有关系型数据库常用,一些基础的命令容易忘记 db.table.update( { "_id" : xxx } , { $set : { "field1 ...

  6. css居中的几种方式

    居中分水平和垂直两种,使用的频度也算是很高,下面分情况来讨论一下几种常用的实现方式. 欢迎指正文中的错误,同时如果有学习到新的方式也会更新在后面,也方便以后温故知新. 1.margin 这种方式只能实 ...

  7. Android窗口管理服务WindowManagerService对输入法窗口(Input Method Window)的管理分析

    文章转载至CSDN社区罗升阳的安卓之旅,原文地址:http://blog.csdn.net/luoshengyang/article/details/8526644 在Android系统中,输入法窗口 ...

  8. zookeeper工作机制

    Zookeeper Zookeeper概念简介: Zookeeper是为用户的分布式应用程序提供协调服务的 zookeeper是为别的分布式程序服务的 Zookeeper本身就是一个分布式程序(只要有 ...

  9. 使用 Scrapy 爬取股票代码

    个人博客: https://mypython.me 源码地址: https://github.com/geeeeeeeek/scrapy_stock 抓取工具:scrapy scrapy 介绍 Scr ...

  10. bootstrap使用基础

    1.为了适应跨屏浏览,Bootstrap为单元格预定义了4种class ,分别对应于手机.ipad.笔记本电脑.台式机. <div class="row"> <d ...