The key technology of network security
Since network security is very important, and the security network problem has evolved to this day, the technology has become more and more mature. Compared with the past, today's network security has been greatly improved, but all this is inseparable from the key technologies behind it. When there is a series of powerful technologies as the support, it can be said that the problem of network security is easily solved. For the key technologies of network security, the most important ones are virtual network technology, firewall technology, virus protection technology, intrusion detection technology, security scanning technology, digital signature technology, etc. The following is a brief introduction to these key technologies and explores the secrets behind their strong support for network security.
Virtual network technology
The virtual network technology is mainly based on the LAN switching technology (ATM and Ethernet switching) developed in recent years. The switching technology develops the traditional broadcast-based local area network technology into a connection-oriented technology. Therefore, the network management system has the ability to limit the scope of LAN communication without the need for expensive router network layer communication can cross the router, so the attack can be launched from a distance. The implementation of IP protocol suite by various manufacturers is imperfect. There are relatively more security vulnerabilities found at the network layer, such as IP sweep, teardrop, sync-flood, IP spoofing attacks, etc.
Network firewall technology is a special network interconnection device used to strengthen access control between networks, prevent external network users from entering the internal network through the external network by illegal means, access internal network resources, and protect the operating environment of the internal network. Data packets transmitted between multiple networks, such as links, are checked according to certain security policies to determine whether communication between networks is allowed, and to monitor network operation status. Firewall products mainly include bastion hosts, packet filtering routers, application layer gateways (proxy servers) and circuit layer gateways, shielded host firewalls, and dual-homed hosts.
The firewall is at the bottom of the 5-layer network security system and belongs to the category of network layer security technology. At this layer, the question that the enterprise puts forward to the security system is: whether all IPs can access the enterprise's internal network system, if the answer is If it is "Yes", it means that the enterprise intranet has not taken corresponding preventive measures at the network layer to control the centralized security management of system access. However, enterprises can use Firewall to prevent attackers from obtaining useful information for attacking network systems, such as Finger. and DNS. Firewall can record and count network traffic through Firewall, provide statistics about network usage, and Firewall can provide statistics to determine possible attacks and detections.
Virus protection technology
Viruses have always been one of the main problems of information system security. Due to the extensive interconnection of the network, the transmission route and speed of the virus are greatly accelerated. The main technologies of virus protection are as follows: (1) Prevent the spread of the virus. Install virus filtering software on firewalls, proxy servers, SMTP servers, web servers, and groupware servers. Install virus monitoring software on your desktop PC. (2) Check and remove viruses. Use antivirus software to check for and remove viruses. (3) Upgrade of virus database. The virus database should be continuously updated and distributed to the desktop system. (4) Install Java and ActiveX control scanning software on firewalls, proxy servers and PCs, and prohibit downloading and installation of unauthorized controls.
Intrusion Detection Technology
Using intrusion detection technology firewall technology, after careful configuration, can usually provide secure network protection between internal and external networks, reducing network security risks. However, just using firewalls and network security is not enough: (1) Intruders can look for backdoors that may be opened behind the firewalls. (2) The intruder may be inside the firewall. (3) Due to the limitation of performance, anti-flame usually cannot provide real-time intrusion detection capability.
Intrusion detection system is a new type of network security technology that has emerged in recent years. The purpose is to provide real-time intrusion detection and take corresponding protection measures, such as recording evidence for tracking and recovery, disconnecting network connections, etc. The reason why the real-time intrusion detection capability is important is that it can deal with attacks from the internal network, and secondly, it can shorten the time of hacker intrusion.
The host-based security monitoring system has the following characteristics: (1) Accurate, it can accurately judge intrusion events. (2) Advanced, which can judge the intrusion events of the application layer. (3) Immediate response to intrusion time. (4) According to the characteristics of different operating systems. www.asmag.com.cn 31 (5) Occupy the precious resources of the host. The main points of choosing an intrusion monitoring system are: (1) Protocol analysis and detection capabilities. (2) Decoding efficiency (speed). (3) The completeness of its own security. (4) Accuracy and integrity, anti-spoofing ability. (5) Mode update speed.
Security Scanning Technology
In network security technology, another important technology is security scanning technology. Security scanning technology cooperates with firewall and security monitoring system to provide a network with high security. Network-based security scanning mainly scans and configures the security vulnerabilities of servers, routers, bridges, converters, access servers, firewalls and other equipment in the network, and can set up simulated attacks to test the defense capability of the system. Usually such scanners are limited in scope (IP address or router hop count).
The main performance of network security scanning should consider the following aspects: (1) Speed. Security scanning within a network is time-consuming. (2) Network topology. Through the graphical interface of GUI, one step or certain area of equipment can be iteratively selected. (3) The number of vulnerabilities that can be found. (4) Whether to support customizable attack methods. Often powerful tools are provided to construct specific attack methods. Because there are differences in the implementation of the same protocol between servers and other devices in the network, the pre-made scanning methods cannot meet the needs of customers. (5) Report, the scanner should be able to give a clear security vulnerability report. (6) Update cycle. Manufacturers that provide this product should update the newly discovered Anson vulnerability scanning feature as soon as possible, and give corresponding improvement suggestions.
Authentication and digital signature technology
Authentication technology mainly solves the identity recognition of both parties in the process of network communication. Digital signature is a specific technology in identity authentication technology. At the same time, digital signature can also be used to realize the non-repudiation requirement in the communication process. Authentication technology will be applied to the following aspects in the enterprise network: (1) Router authentication, authentication between routers and switches. (2) Operating system certification. Authentication of the user by the operating system. (3) Authentication between the network management system to the network management equipment. (4) Authentication between VPN gateway devices. (5) Authentication between the dial-up access server and the client. (6) Authentication between the application server (such as Web Server) and the client. (7) Authentication of both parties in e-mail communication.
The future trend of network security
With the continuous development of information technology and its application scope, information security issues are becoming more and more complex, and it is difficult to detect and protect information security threats by a single security device. Therefore, traditional models such as independent protection by a single security device and independent construction of security devices outside the network can no longer meet the new security protection requirements. Network devices such as switches and wireless products are integrated and coordinated with security devices for security protection of the entire network. Systematic security has become an inevitable trend in the development of network security.
At present, security equipment has become one of the basic components of network construction, and more and more users are beginning to choose the system-wide security construction scheme for the entire network, rather than the traditional network security construction scheme consisting of security equipment alone. For network equipment and network security products of different manufacturers, if they are integrated to provide added value that cannot be provided by independent deployment and achieve the effect of "1+1>2", additional targeted adaptation development is required to increase the Construction costs; and for comprehensive manufacturers that have both network equipment and network security products, their network integration solutions do not need to be customized and developed, which has a natural cost advantage.
Therefore, the development of network-wide systematic security will further enhance the market competitiveness of "network + security" comprehensive manufacturers, and is expected to gradually expand their market share.