The book of “information Security Principles and applications” which I bought on the Internet has not yet arrived, I found an e-book of “Cryptography and network security”, which is well written. I plan to finish reading the first chapter of introduction and the second chapter of number theory today and tomorrow

1. Computer network security concept

The three core elements of computer security are integrity (data can only be modified with a specific authorization method), confidentiality (ensuring that data is not compromised), and availability (the system works quickly and does not deny access to authorized users).

1.1 OSI Security Architecture:

  • Security attacks:
    • Active security attack: hijack traffic + modify traffic.
    • Passive security attacks: hijacking traffic
  • Security mechanism: Mainly encrypts data to prevent cracking
    • Data encryption, digital signature (decryption algorithm is defined at the end of the data), traffic filling, notarization (encryption and decryption by a third party), routing control (select a specific physical line), access control (set access permission to resources)
  • Security service: prevention plan against attack
    • Certification: Ensures that both parties are the entities they claim to be
    • Data confidentiality: prevents passive attacks and traffic analysis. These include connection confidentiality (protecting all user data in a single connection), connectionless confidentiality (protecting all user data in a single data block), and traffic confidentiality (preventing traffic from being hijacked to obtain important information).
    • Data integrity: including connection with recovery function integrity (detection of all user data in a connection operation and integrity, can restore data), to restore the connection integrity (provide the testing data of the operation log, but not restore), connectionless integrity (testing under the connectionless data block).
    • Non-repudiation: prevent the communication parties from rejecting the other party and verify whether the other party is true.

1.2 Network security Model:

Here is my flowchart:

1.3 Attack surface and attack tree

The attack surface mainly refers to a series of exploitable system vulnerabilities, such as web port scanning penetration, SQL injection, and code injection to some files, etc.

Attack tree is a set of feasible attack methods based on different attacks, which is organized into a tree structure by exploiting vulnerabilities, and attacks are carried out from nodes at all levels.

1.4 Safety design criteria

  • Economics of the mechanism: Keep the code as simple and short as possible.
  • Permission separation: Different roles have different permissions for operands
  • Fail-safe default, open design, complete monitoring, modularity, isolation, etc

Conclusion:

You have a general understanding of which parts the attacker is attacking from, and corresponding preventive measures such as data encryption, authentication, non-repudiation, and data integrity. Tomorrow I will start to learn the basis of number theory to better understand encryption algorithms.

Reference links:

Blog.csdn.net/zourzh123/a…