网络安全研究及在网络工程中的实践
摘要
近年来,随着计算机及计算机网络技术的发展,电子化办公已经成为各行各业广为采用的办公方式。电子化办公的普及,进一步引导计算机网络系统的发展,小型企业具有办公局域网,大中型企业构建了跨越地域的城域网,甚至有的企业网络已经遍布全球。
网络系统的扩张,随之而来的各种威胁也在不断加剧,记得Blaster类型的病毒在8分钟之内就感染整个世界。网络防御系统捕捉到的恶意行为越来越危险,恶意软件已经涉及犯罪的愈来愈多。现在的大多数恶意软件都用来窃取机密信息、发送垃圾邮件、冒充身份网上窃取资料等。并且,恶意软件变得更难移除、隐蔽性更好、诡计更深。综上,对网络安全的威胁主要表现在:非授权访问,冒充合法用户,破坏数据完整性,干扰系统正常运行,利用网络传播病毒,线路窃听等方面。
有幸的是,我们可以采用的防范方案也越来越多,系统补丁更加容易获得。比如Windows补丁在实时更新,Linux套件有自动的补丁工具,几乎每一个成熟的应用程序都有自动的升级功能。防范黑客和恶意软件方面,管理员管理水平越来越高。终端用户安全防范意识也提高了,他们大多数不会去点击收到的不明电子邮件附件。
本文论述了在实际项目工程中,我们如何将这些安全措施应用到实践,分析了威胁产生的原因,提出了应对的方法,同时对提出的方法的原理进行祥解,并最终阐明如何应用。
Along with the technological development of computer and network system, electronic office system is widely used from all walks of life in recent years. With the wide application of electronic office system, the network system develops more quickly. The small businesses have LANs. The large and medium-sized enterprises build MANs, even WANs across the globe.
With the widely development of network system, various threat to the network system security become more and more heavily. Some people maybe remember yet, the virus such as Blaster has infected the network system over the world only in 8 minutes. The malicious acts caught by the network defensive system become more dangerous. Some malicious software have involved crimes. Now, the malicious software can be used to filch secret information, send junk e-mails, personate somebody else illegally, and so on. They become more difficulty to remove, hide more deeply, contain more tricks. Above all, the threat to the network system security have manifested mainly in authenticated access, personate somebody else illegally, destroy the integrality of data, disturb the normal running of system, spread virus over the network, eavesdrop via communication circuit, and so on.
Fortunately, more and more solutions can be chosen by us to resolve the threat, more and more packs for the system can be got. The windows systems have real time update, the linux systems have automatic update tools, almost every software applications can update themselves by supplied tools. The network managers have more methods to defend the hacks.
In the network system project, we have got these safety precautions. We should not only know these theories but also how to apply them to practice.
网络系统的扩张,随之而来的各种威胁也在不断加剧,记得Blaster类型的病毒在8分钟之内就感染整个世界。网络防御系统捕捉到的恶意行为越来越危险,恶意软件已经涉及犯罪的愈来愈多。现在的大多数恶意软件都用来窃取机密信息、发送垃圾邮件、冒充身份网上窃取资料等。并且,恶意软件变得更难移除、隐蔽性更好、诡计更深。综上,对网络安全的威胁主要表现在:非授权访问,冒充合法用户,破坏数据完整性,干扰系统正常运行,利用网络传播病毒,线路窃听等方面。
有幸的是,我们可以采用的防范方案也越来越多,系统补丁更加容易获得。比如Windows补丁在实时更新,Linux套件有自动的补丁工具,几乎每一个成熟的应用程序都有自动的升级功能。防范黑客和恶意软件方面,管理员管理水平越来越高。终端用户安全防范意识也提高了,他们大多数不会去点击收到的不明电子邮件附件。
本文论述了在实际项目工程中,我们如何将这些安全措施应用到实践,分析了威胁产生的原因,提出了应对的方法,同时对提出的方法的原理进行祥解,并最终阐明如何应用。
Along with the technological development of computer and network system, electronic office system is widely used from all walks of life in recent years. With the wide application of electronic office system, the network system develops more quickly. The small businesses have LANs. The large and medium-sized enterprises build MANs, even WANs across the globe.
With the widely development of network system, various threat to the network system security become more and more heavily. Some people maybe remember yet, the virus such as Blaster has infected the network system over the world only in 8 minutes. The malicious acts caught by the network defensive system become more dangerous. Some malicious software have involved crimes. Now, the malicious software can be used to filch secret information, send junk e-mails, personate somebody else illegally, and so on. They become more difficulty to remove, hide more deeply, contain more tricks. Above all, the threat to the network system security have manifested mainly in authenticated access, personate somebody else illegally, destroy the integrality of data, disturb the normal running of system, spread virus over the network, eavesdrop via communication circuit, and so on.
Fortunately, more and more solutions can be chosen by us to resolve the threat, more and more packs for the system can be got. The windows systems have real time update, the linux systems have automatic update tools, almost every software applications can update themselves by supplied tools. The network managers have more methods to defend the hacks.
In the network system project, we have got these safety precautions. We should not only know these theories but also how to apply them to practice.
引文
[1]Michael Wenstrom.管理Cisco网络安全,北京:人民邮电出版社,2002
[2]National Security Agency. Router Security Configuration Guide, 2001
[3]张基温,信息系统安全原理,北京:中国水利水电出版社,2005
[4]殷伟,计算机安全与病毒防治,合肥:安徽科学技术出版社,2004
[5]陈爱民,计算机的安全与保密,北京:电子工业出版社,2002
[6]张世永,网络安全原理与应用,北京:科学出版社,2004
[7]陈明,信息安全技术,北京:清华大学出版社,2007
[8]潘瑜,计算机网络安全技术,北京:科学出版社,2006
[9]王宝会,计算机信息安全教程,北京:电子工业出版社,2006
[10]戚文静,刘学,网络安全原理与应用,北京:中国水利水电出版社,2005
[11]张宝剑,计算机安全与防护技术,北京:机械工业出版社,2003
[12]蔡立军,计算机网络安全技术,北京:中国水利水电出版社,2002
[13]邵波,王其和,计算机网络安全技术及应用,北京:电子工业出版社,2005
[14]王达,网管员必读:网络安全,北京:电子工业出版社,2005
[15]卿斯汉,操作系统安全,北京:清华大学出版社,2004
[16]傅建明,彭国军,计算机病毒分析与对抗,武汉:武汉大学出版社,2004
[17]李伟,网络安全实用技术标准教程,北京:清华大学出版社,2005
[18]罗斌,郭峥嵘,网络安全设计标准教程,北京:清华大学出版社,2005
[19]赵泉,网络安全与电子商务,北京:清华大学出版社,2005
[2]National Security Agency. Router Security Configuration Guide, 2001
[3]张基温,信息系统安全原理,北京:中国水利水电出版社,2005
[4]殷伟,计算机安全与病毒防治,合肥:安徽科学技术出版社,2004
[5]陈爱民,计算机的安全与保密,北京:电子工业出版社,2002
[6]张世永,网络安全原理与应用,北京:科学出版社,2004
[7]陈明,信息安全技术,北京:清华大学出版社,2007
[8]潘瑜,计算机网络安全技术,北京:科学出版社,2006
[9]王宝会,计算机信息安全教程,北京:电子工业出版社,2006
[10]戚文静,刘学,网络安全原理与应用,北京:中国水利水电出版社,2005
[11]张宝剑,计算机安全与防护技术,北京:机械工业出版社,2003
[12]蔡立军,计算机网络安全技术,北京:中国水利水电出版社,2002
[13]邵波,王其和,计算机网络安全技术及应用,北京:电子工业出版社,2005
[14]王达,网管员必读:网络安全,北京:电子工业出版社,2005
[15]卿斯汉,操作系统安全,北京:清华大学出版社,2004
[16]傅建明,彭国军,计算机病毒分析与对抗,武汉:武汉大学出版社,2004
[17]李伟,网络安全实用技术标准教程,北京:清华大学出版社,2005
[18]罗斌,郭峥嵘,网络安全设计标准教程,北京:清华大学出版社,2005
[19]赵泉,网络安全与电子商务,北京:清华大学出版社,2005