Traditional Culture Encyclopedia - Traditional stories - What are the six basic aspects of network information security? Explain their meanings briefly respectively.
What are the six basic aspects of network information security? Explain their meanings briefly respectively.
Network attack and defense (firewall, VPN, honeypot honeynet, remote access, Trojan horse, etc. );
Virus attack and defense (file virus, macro virus, script virus, worm virus, mail virus, etc. );
Disaster recovery backup (file recovery, raid application, dual-machine hot standby, etc.). );
Biometrics (fingerprint recognition, facial recognition and thermal sensing, etc.). ).
Some Thoughts on Network Information Security (I) Search Engine Information
People who have never used a search engine now really can't be regarded as people who play the Internet. Search engine has become an irreplaceable tool in people's daily surfing, so I won't go into details. What the author expresses is that the first thing to worry about in protecting network information is the search engine. Baidu immediately knows whether search engines such as 360 Comprehensive Search, sogou and Soso will actively eliminate users' information, because we all know that as long as some information is searched on it, the search engines will display it. If you don't protect it from this aspect, where does the so-called network information protection come from? So this is also the issue that the author is most concerned about. Whether search engines really hide this information, just like when searching for some people, will prompt "according to relevant laws, regulations and policies, some search results are not displayed", which is worth pondering.
(2) Website registration database
There are many places where user information needs to be registered on the Internet, such as large portals, large forums, Weibo, SNS communities, IM tools and so on. There is a lot of user information in these places. As the owner of these resources, what should be done and how to restrict them? There must be more than one place for users to leave information. So how to judge the information leaker and how to evaluate it? Are all places to consider.
Another point is what information users think can be leaked and what S can't. As far as these websites need to be registered, the registration requirements of each website are different. Some people need an e-mail address, while others need a phone number. The mailbox is something that can be registered at will, but the phone number is not. So what is the protection here? How to stipulate. We all know that Sina Weibo needs an ID number and name to register now. The author also estimates that Sina can establish a database channel with official ID information management, which is a good thing, but it also causes some problems. The internet is free. If the network uses the real identity, the mystery of the network itself will disappear, and many functions of the network will lose some meaning, such as anonymous comments and anonymous reports, which will all change because of the real name. Therefore, it is best to protect information without the intervention of a third party, and it is customary to have an independent department in full control.
(3) means of collecting information
There are many ways to collect information on the Internet, such as surveys and activities, one is surveys or activities, and the other is collecting user databases. How to stipulate these methods and whether to stipulate that some information cannot be included in the scope are all issues worthy of consideration. There are many scammers on the Internet who use these banners. I believe many people suffer from them, and I have also been cheated. Many people are just like the author's psychology at that time: full of anger, but later comfort themselves. After getting used to things, I don't feel anything. When information disclosure becomes a habit, it is the most dangerous time, which is why everyone is afraid of "human flesh search". Once searched, my life will be greatly affected.
Internet person Huang Jialang believes that, in the final analysis, the security of network information still lies in people, and people's hearts are right, then things are right; Without the relevant interest chain, there won't be so many people who dig their brains to do these things.
What are the basic attributes of information security? What are the basic attributes of network information security? Try to give a concrete example analysis.
The basic attributes of network information security are integrity, availability, confidentiality, controllability and non-repudiation.
Specific examples:
Integrity: E-mail will not be deleted, modified or forged during transmission.
Availability: Web services can prevent denial of service attacks.
Confidentiality: the disclosure of password information of network management account will lead to the loss of control of network equipment.
Controllability: Managers can control the behavior of network users and the dissemination of online information.
Undeniability: Through network audit, visitors' activities in the network can be recorded.
Information security includes data security and _ _ _ _ security. Information security includes data security and network security.
While gaining information value gain in the era of big data, enterprises are also accumulating risks. First, hackers steal secrets, and virus Trojans invade enterprise information security; When big data is uploaded, downloaded and exchanged in the cloud system, it is easy to be attacked by hackers and viruses. Once "big data" is invaded and leaked, it will have a serious impact on the brand, reputation, research and development, sales and other aspects of the enterprise and bring immeasurable losses.
Secondly, internal employees illegally steal enterprise data or lose data due to negligence. "It is difficult to guard against domestic thieves at night" is a common embarrassment in enterprise information security at present, because employees in enterprises inevitably need to contact the core data or internal secrets of enterprises in the course of their work, and many of them deliberately copy, intercept or even disclose valuable information and data with ulterior motives. Once a leak happens inside the enterprise, the information security of the enterprise is threatened, and its destructive power will far exceed that of the outside.
According to authoritative statistics, in 20 13 years, 8 1% of enterprise information security leaks occurred inside the system (internal personnel neglected to leak information or stole secrets actively), and the total number of information leakage cases caused by external hacker attacks, system vulnerabilities and virus infections was only 12%, while the leakage loss caused by internal systems was caused by hacker attacks/kloc-0.
Therefore, many enterprises and * * * institutions, especially tax authorities, will deploy UniBDP data leakage prevention system, network access control system and other network security management systems, mainly because such management systems can monitor the security status and access equipment of each computer terminal, monitor the access behavior and dissemination of important sensitive data, and record the operation process of employees and analyze security incidents to ensure their data security and network security.
Therefore, according to the survey data and the analysis of the market trend of information security products, we can see that information security mainly includes data security and network security.
For the network system, information security includes what security and what security of information.
Information security includes data security and-security? Is filling in the blanks a network? It's been so long, I almost forgot.
Information security includes data security and what security information security includes data security and network security.
Network information security is an important issue related to national security, social stability and the inheritance and development of national culture. With the acceleration of global informatization, its importance is becoming more and more important. Network information security is a comprehensive subject involving computer science, network technology, communication technology, cryptography technology, information security technology, applied mathematics, number theory, information theory and other disciplines. It mainly means that the hardware, software and data in the network system are protected from accidental or malicious reasons, and the system runs continuously and reliably without interrupting network services.
Features:
Network information security function to ensure information security, the most fundamental thing is to ensure that the basic functions of information security play a role. Therefore, there are five characteristics of information security.
1. complete
It refers to the characteristics that information can not be modified, destroyed or lost during transmission, exchange, storage and processing, that is, it can be generated, stored and transmitted correctly, which is the most basic security feature.
2. Confidentiality
It refers to the characteristic that information will not be leaked to unauthorized individuals, entities or processes or provided for their use according to given requirements, that is, it prevents useful information from being leaked to unauthorized individuals or entities and emphasizes the characteristic that useful information is only used by authorized objects.
3. Effectiveness
Refers to the characteristics that network information can be correctly accessed by authorized entities, and can be used normally or resumed under abnormal conditions as needed, that is, the required information can be correctly accessed when the system is running, and it can be quickly restored and put into use when the system is attacked or destroyed. Availability is a measure of the user-oriented security performance of network information system.
4. Non-repudiation
Refers to the communication between the two parties in the process of information interaction, convinced that the information provided by the participants themselves and participants is true, that is, it is impossible for all participants to deny or deny their true identity, as well as the authenticity of the information provided and the completed operations and commitments.
5. controllability
It refers to the characteristics that the information dissemination and specific content circulating in the network system can be effectively controlled, that is, any information in the network system should be controllable within a certain transmission range and storage space. In addition to the conventional monitoring of communication sites and communication contents, the most typical hosting strategies, such as passwords, must be strictly controlled and implemented when the encryption algorithm is managed by a third party.
Information security mainly includes the following five aspects: the need to ensure confidentiality, authenticity, integrity, unauthorized copying and the security of parasitic systems. Information security itself contains a wide range, including how to prevent the disclosure of secrets of commercial enterprises, prevent teenagers from browsing bad information, and disclose personal information. The information security system under the network environment is the key to ensure information security, including computer security operating system, various security protocols, security mechanisms (digital signature, message authentication, data encryption, etc. ), and even security systems, such as UniNAC and DLP. As long as there are security loopholes, global security may be threatened. Information security refers to the protection of information systems (including hardware, software, data, personnel, physical environment and its infrastructure) from being damaged, changed or leaked by accidents or malicious reasons, the system runs continuously and reliably, and the information service is uninterrupted, so as to finally realize business continuity.
Information security discipline can be divided into two levels: narrow security and broad security. Security in a narrow sense is the field of computer security based on cryptography, and the early information security major in China usually takes this as a benchmark, supplemented by computer technology, communication network technology and programming. Information security in a broad sense is a comprehensive subject. From traditional computer security to information security, it is not only a change of name, but also an extension of security development. Safety is not a purely technical issue, but a product of the combination of management, technology, law and other issues. This major trains senior information security professionals who can engage in computer, communication, e-commerce, e-government and e-finance.
2. What two aspects of human resource management information security include system security and data security?
What aspects does information security include? What are the information security technologies? Explain separately. Overview of Information Security Information security mainly involves three aspects: the security of information transmission, the security of information storage and the audit of information content transmitted by network. Authentication is the process of verifying the subject in the network, and there are usually three methods to verify the identity of the subject. One is secrets that only the subject knows, such as passwords and keys; Second, the items carried by the subject, such as smart cards and token cards; Third, only the subject has unique features or abilities, such as fingerprints, voices, retinas or signatures. Password mechanism: Password is a code agreed by both parties, assuming that only users and systems know it. Passwords are sometimes selected by users and sometimes assigned by the system. Usually, users first enter some logo information, such as user name and ID number, and then the system will ask the user to enter a password. If the password matches the password in the user file, the user can enter the access. There are many kinds of passwords, such as one-time passwords. The system generates a one-time password list. You must use X the first time, Y the second time, Z the third time, and so on. There are also time-based passwords, that is, the correct password for access changes with time, and this change is based on time and a secret user key. So the password changes every minute, and it's harder to guess. Smart card: Access requires not only a password, but also a physical smart card. Check whether you are allowed to touch the system before you are allowed to enter the system. A smart card is the size of a credit card and usually consists of a microprocessor, a memory and input/output devices. The microprocessor can calculate the unique number (ID) of the card and the encrypted form of other data. The ID ensures the authenticity of the card and the cardholder can access the system. In order to prevent smart cards from being lost or stolen, many systems need smart cards and PIN. If you only have a card and don't know the PIN code, you can't get into the system. Smart card is superior to the traditional password method for authentication, but it is inconvenient to carry and the cost of opening an account is high. Subject feature identification: The method of personal feature identification has high security. At present, the existing equipment includes: retina scanner, voice verification equipment and hand recognizer. The purpose of data transmission encryption technology of data transmission security system is to encrypt the data stream in transmission to prevent it from being eavesdropped, leaked, tampered and destroyed on communication lines. If the communication levels of encryption are distinguished, encryption can be realized at three different communication levels, namely link encryption (encryption below OSI network layer), node encryption and end-to-end encryption (encryption before transmission and encryption above OSI network layer). Commonly used are link encryption and end-to-end encryption. Link encryption focuses on communication links, regardless of source and destination, and provides security protection for confidential information by using different encryption keys in each link. Link encryption is node-oriented, transparent to network high-level subjects, and encrypts high-level protocol information (address, error detection, frame header and frame tail), so data is ciphertext in transmission, but it must be decrypted at the central node to get routing information. End-to-end encryption means that information is automatically encrypted by the sender, encapsulated in TCP/IP packets, and then passed through the Internet as unreadable and unrecognizable data. Once the information reaches its destination, it will be automatically reassembled and decrypted into readable data. End-to-end encryption is an advanced subject facing the network. It does not encrypt the information of the lower protocol, and the protocol information is transmitted in plain text, so the user data does not need to be decrypted at the central node. Data integrity authentication technology At present, for dynamically transmitted information, many protocols mostly ensure the integrity of information by receiving errors, retransmitting and discarding subsequent data packets. However, hacker attacks can change the internal contents of data packets, so effective measures should be taken to control the integrity. Message authentication: Similar to CRC control in the data link layer, the message name field (or domain) is combined into a constraint value through certain operations, which is called the message integrity check vector ICV(Integrated Check Vector). Then it is encapsulated with the data for encryption. In the transmission process, because the intruder cannot decrypt the message, it is impossible to modify the data and calculate the new ICV at the same time. In this way, the receiver can decrypt and calculate the ICV after receiving the data. If it is different from the ICV in plaintext, the message is considered invalid. Checksum: One of the simplest and easiest integrity control methods is to use checksums to calculate the checksum value of this file and compare it with the last calculated value. If they are equal, the document has not changed; If they are not equal, it means that the document may have been changed by unconscious behavior. The checksum method can check for errors, but it cannot protect data. Encrypted checksum: divide the file into small files, calculate the CRC check value of each block, and then add these CRC values as checksum. As long as the appropriate algorithm is used, this integrity control mechanism is difficult to break. However, this mechanism has a large amount of calculation and high cost, and it is only suitable for the situation with high integrity protection. MIC (Message Integrity Code): A simple one-way hash function is used to calculate the message digest, which is sent to the receiver together with the information. The receiver recalculates the digest and compares it to verify the integrity of the information during transmission. The characteristic of this hash function is that no two different inputs can produce two identical outputs. Therefore, modified files cannot have the same hash value. One-way hash function can be implemented efficiently in different systems. Undeniable technology includes proof of origin and destination. The common method is digital signature, and a certain data exchange protocol is adopted, so that both parties can meet two conditions: the receiver can identify the identity claimed by the sender, and the sender cannot deny the fact that he sent the data in the future. For example, the communication parties adopt public key system, the sender encrypts information with the public key of the receiver and his own private key, and the receiver can read it only after decrypting it with his own private key and the public key of the sender, and so does the receipt of the receiver. In addition, the methods to prevent non-repudiation include: using the token of trusted third party, using time stamp, using online third party, combining digital signature and time stamp, etc. In order to ensure the security of data transmission, data transmission encryption technology, data integrity authentication technology and undeniable technology need to be adopted. Therefore, in order to save investment, simplify system configuration and facilitate management and use, it is necessary to choose integrated safety technical measures and equipment. The equipment should be able to provide encryption service for the host or key server of large-scale network system, provide secure digital signature and automatic key distribution function for application system, support a variety of one-way hash functions and check code algorithms, and realize the identification of data integrity. The information stored by data storage security system in computer information system mainly includes pure data information and various functional file information. For the security protection of pure data information, database information protection is the most typical. Terminal security is very important for the protection of various functional files. Database security: to provide security protection for data and resources managed by the database system, which generally includes the following points. First, physical integrity can protect data from physical damage, such as power failure and fire. ; The second is logical integrity, which can maintain the structure of the database, for example, the modification of one field will not affect other fields; Third, the integrity of elements, that is, the data contained in each element is accurate; Fourth, data encryption; Fifth, user authentication, to ensure that each user is correctly identified, to avoid illegal user intrusion; 6. Accessibility means that users can generally access the database and all authorized data; Auditability, which can track who has accessed the database. To realize the security protection of the database, one option is to protect the database system, that is, to follow a complete set of system security policies from the design, implementation, use and management of the system; The second is to build a security module based on the functions provided by the existing database system in order to enhance the security of the existing database system. Terminal security: it mainly solves the security protection problem of microcomputer information, and its general security functions are as follows. Authentication based on password or (and) password algorithm to prevent illegal use of the machine; Autonomous and compulsory access control to prevent illegal access to files; Multi-level authority management to prevent unauthorized operation; Security management of storage devices to prevent illegal floppy disk copying and hard disk startup; Encrypted storage of data and program codes to prevent information from being stolen; Anti-virus, anti-virus attack; Strict audit tracking makes it easy to trace the liability accident. The information content audit system conducts real-time content audit of information entering and leaving the internal network to prevent or track possible leakage. Therefore, in order to meet the requirements of the state secrecy law, in some important or confidential networks, we should
- Previous article:OTT TV system
- Next article:Chen Tao Capital: Driverless driving is welcoming the second wave of investment opportunities.
- Related articles
- Linseed oil and linseed oil are both linseed oil. Why is the price difference so big?
- Mermaid body illustration-how to introduce mermaid illustration poster
- How much is an electric stair climbing artifact for carrying cement sand?
- Ranking of Engineering Universities in China
- Traditional paper maker
- How to evaluate Li Yugang's singing level from a professional perspective?
- Are there any advantages of working in the Internet IT industry?
- What kinds of online media are there?
- Want to decorate the living room into a study, how to design the best?
- The origin of Tomb-Sweeping Day? Why did Tomb-Sweeping Day sweep the grave?