What Are the Different Types of Computer Security Risks?
Computer network security refers to the use of network management controls and technical measures to ensure that in a network environment, the confidentiality, integrity and usability of data are protected. Computer network security includes two aspects, namely physical security and logical security. Physical security refers to the physical protection of system equipment and related facilities from damage and loss. Logical security includes the integrity, confidentiality, and availability of information.
Computer network security
(Popular meaning)
- Computer network security includes not only the networking hardware and software for managing and controlling the network, but also shared resources and fast network services. Therefore, the definition of network security should consider all aspects involved in computer network. Refer to ISO
- There are many factors that constitute unsafe computer information, including human factors, natural factors, and occasional factors. Among them, the human factor means that some criminals use the loopholes in the computer network or sneak into computer rooms to steal computer system resources, illegally obtain important data, tamper with system data, damage hardware equipment, and compile computer viruses. Human factors are the biggest threat to computer information network security.
- The Internet is a network that is open to the whole world. Any unit or individual can easily transmit and obtain various information on the Internet. The open, shared, and international characteristics of the Internet pose challenges to computer network security. The insecurity of the Internet includes the following:
- There are some inherent weaknesses (fragility) in the computer network itself. Unauthorized users can use these vulnerabilities to gain illegal access to the network system. Such illegal access can threaten the integrity of the data in the system and damage the information. Instead of continuing to use it, what is more serious is that valuable information is stolen without leaving any traces.
- The vulnerability of the network system is mainly manifested in the following aspects:
- 1. Vulnerability of the operating system
- The network operating system architecture is inherently insecure, as follows:
- · Dynamic connection. In order to meet the needs of system integration and system expansion, the operating system adopts a dynamic connection structure, and system services and I / O operations can be upgraded and dynamically connected in a patch manner. Although this method provides convenience for manufacturers and users, it also provides hackers with the convenience of intrusion (vulnerabilities). This dynamic connection is also a hotbed for computer viruses.
- Create processes. The operating system can create processes, and these processes can be created and activated on remote nodes. More seriously, the created process can continue to create other processes. In this way, if a hacker remotely attaches a "spy" program to a legitimate user, especially a super user, in a patched manner, he can get rid of the detection of system processes and job monitoring programs.
- -Null passwords and RPCs. The passwordless entry reserved by the operating system for easy maintenance and the remote procedure call (RPC) service provided are both channels for hackers to enter the system.
- ·root. Another security flaw in the operating system is the existence of a superuser. If an intruder gets a superuser password, the entire system will be completely controlled by the intruder.
- 2. The vulnerability of the computer system itself
- Computer system hardware and software failures can affect the normal operation of the system, and in severe cases the system will stop working. The hardware failure of the system usually includes hardware failure, power failure, chip motherboard failure, driver failure, etc .; the software failure of the system usually includes operating system failure, application software failure, and driver failure.
- 3.Electromagnetic leakage
- Network ports, transmission lines, and various processors in computer networks can cause electromagnetic information radiation due to poor or unshielded shielding, which can cause useful information and even confidential information to leak.
- 4. Data accessibility
- Users entering the system can easily copy the system data without leaving any traces; under certain conditions, network users can access all the data in the system and copy, delete or destroy it.
- 5. Weaknesses of communication systems and communication protocols
- The communication lines of the network system are very vulnerable to various threats. Illegal users can physically damage the lines, wire tapping, and access the internal information of the system through unprotected external lines.
- The communication protocols TCP / IP and FTP, E-mail, NFS, WWW and other application protocols have security vulnerabilities. Anonymous services such as FTP waste system resources; E-mail lurks with electronic bombs and viruses that threaten Internet security; used in WWW Common Gateway Interface (CGI) programs, Java Applet programs, and SSI can all become tools for hackers; hackers can use Sock, TCP prediction, or remote access direct scanning to attack the firewall.
- 6. Vulnerability of the database system
- Because the management of the database by the database management system is based on the concept of hierarchical management, the security of the DBMS must be matched with the security of the operating system, which is undoubtedly a congenital deficiency.
- Hackers can log in or use database data forcibly through visiting tools, which may cause huge losses; data encryption often conflicts with the functions of the DBMS or affects the operating efficiency of the database.
- Since the application in the server / browser (B / S) structure directly operates the database, some defects of the network application using the B / S structure may threaten the security of the database.
- There are a large number of security vulnerabilities in international databases such as Oracle, sql server, mysql, and db2. Taking Oracle as an example, there are more than 2,000 database vulnerabilities announced by CVE alone. At the same time, when we use the database, there are patches that are not upgraded and permissions Promotion, buffer overflow, etc.
- Threats to network systems mainly come from external human influences and natural environment impacts. They include threats to network equipment and threats to information on the network. The main manifestations of these threats are: illegally authorized access, impersonation of legitimate users, virus damage, wire eavesdropping, hacking, interference with the normal operation of the system, modification or deletion of data, etc. These threats can be broadly divided into two categories: unintentional threats and intentional threats.
- Unintentional threat
- An unintentional threat is a breach of the security, reliability, or integrity of a system without premeditated circumstances. Unintentional threats are mainly caused by accidental factors, such as malfunction of software and hardware, human misoperation, power failure and natural disasters.
- Man-made errors include: human misoperation, mismanagement, system information loss, equipment theft, fire, flood, security loopholes left by improper security settings, user passwords accidentally exposed, and information resource sharing settings improperly. Illegal user access, etc.
- Threats from natural disasters such as earthquakes, storms, mudslides, floods, lightning strikes, pests and rodents, high temperatures, and various types of pollution.
- 2. Intentional threat
- An intentional threat is actually a "human attack." Due to the vulnerability of the network itself, some people or organizations always try to use the network system to achieve a certain purpose, such as "spy" engaged in industrial, commercial, or military intelligence gathering. They are most sensitive to the network information in the corresponding field. Interested, they pose a major threat to the security of network systems.
- The scope of an attacker's attack on the system can range from casually browsing information to using special techniques to attack the system in order to obtain targeted information. These attacks can be divided into passive attacks and active attacks.
- Passive attack refers to the fact that an attacker only obtains the content of the information by listening to the information flow on the network line, or obtains the characteristics of the length and transmission frequency of the information in order to carry out an information flow analysis attack. Passive attacks do not interfere with the normal flow of information, such as passive wire tapping or unauthorized reading of information. Passive attacks undermine the confidentiality of information.
- Active attack refers to an attacker performing various illegal processing on the information in transmission or stored information, and selectively changing, inserting, delaying, deleting, or copying this information. Common methods for active attacks are: tampering with programs and data, impersonating legitimate users to invade the system, damaging software and data, interrupting the normal operation of the system, spreading computer viruses, and exhausting system service resources and causing denial of service. Active attacks are more destructive, and they directly threaten the reliability of network systems, the confidentiality, integrity, and availability of information.
- Passive attacks are not easy to detect because it does not affect the normal transmission of information, and it is not easy for both sending and receiving parties to detect. However, passive attacks are easy to prevent. As long as the transmitted information is encrypted using encryption technology, even if the information is stolen, the illegal receiver cannot identify the content of the information.
- Active attacks are easier to detect, but harder to prevent. Because the normally transmitted information is tampered or forged, the receiver can easily detect it based on experience and rules. In addition to encryption technology, authentication technology and other protection mechanisms and measures must be used to effectively prevent active attacks.
- There are four specific types of passive and active attacks:
- Stealing: unauthorized access to information resources. This is a threat to the confidentiality of the information, such as capturing data transmitted over the wire by wiring.
- · Interruption: The attacker interrupts the normal transmission of information, so that the receiver cannot receive the information, and the normal information becomes useless or unavailable. This is a threat to the availability of information, such as destroying storage media, cutting communication lines, and violating file management systems Wait.
- Tampering: An attacker has unauthorized access to information resources and tampered with the information. This is a threat to the integrity of information, such as modifying data in files, changing program functions, modifying the content of transmitted messages, and so on.
- Forgery: The attacker added fake content to the system. This is also a threat to data integrity, such as sending false information to network users, inserting fake records in files, and so on. [2]
- (1) Use virtual network technology to prevent intrusion methods based on network monitoring.
- (2) Use firewall technology to protect the network from hackers.
- (3) Use virus protection technology to prevent, check and kill viruses.
- (4) Use intrusion detection technology to provide real-time intrusion detection and take corresponding protection measures.
- (5) Security scanning technology provides strong support for finding network security vulnerabilities.
- (6) Adopt authentication and digital signature technology. Authentication technology is used to resolve the identity recognition of both parties in the network communication process, and digital signature technology is used to implement the non-repudiation requirements in the communication process.
- (7) Adopt VPN technology. We refer to a private network implemented using a public network as a virtual private network VPN.
- (8) Use the security technology of the application system to ensure the security of application platforms such as e-mail and operating systems.
- The operating system is an environment that enables your programs or other application systems to run normally on it as supporting software. The operating system provides many management functions, mainly software and hardware resources for the management system. The insecurity of the operating system software itself and the flaws left by the inadequate system development and design all leave hidden dangers to network security.
- 1) Defects in the operating system architecture. The operating system itself has memory management, CPU management, and management of peripherals. Each management involves some modules or programs. If there are problems in these programs, such as memory management problems, one of the external networks comes over and just connects to one. With defective modules, it may happen that the computer system will crash as a result. Therefore, some hackers often attack imperfect operating systems, causing computer systems, especially server systems, to be immediately paralyzed.
- 2) The operating system supports transferring files, loading or installing programs on the network, including
- Computer system hardware and communication facilities are vulnerable to the impact of the natural environment, such as: various natural disasters (such as earthquakes, mudslides, floods, storms, building damage, etc.) pose a threat to computer networks. There are also occasional factors, such as power failures, equipment malfunctions, and certain loopholes left in the software development process, which also pose serious threats to computer networks. In addition, poor management, inadequate rules and regulations, low levels of security management, operational errors, and misconduct will all threaten computer information security.
- Information data security status
- With the development of computer network technology, the threats to network security are increasing. The complexity and diversity of various application systems have led to endless system vulnerabilities. Virus Trojans and malicious code are raging online. Hackers invade and tamper with the security incidents of websites. occur. As a core part of the network, Windows servers are in the relatively open environment of the Internet. More and more server attacks, server intrusions, server security vulnerabilities, and hidden business espionage threaten the security of Windows server databases. For example, Verizon Business's annual computer damage report mentioned that in recent data loss cases, database damage accounted for 30%, and in the statistics of database intrusion, database intrusion has reached 75%. Not only that, successful attacks against database systems Often, hackers will obtain the management authority of the system they are in, which will bring greater damage and leakage to the information and property of the entire system.
- Through inductive analysis of tens of thousands of information risks, there are three main situations that cause information risks:
- 1) External risks: Trojan horses and malicious code are raging on the Internet, outsiders use hacking techniques, outsourcing service personnel to use special identities, and other methods to invade database systems, stealing important corporate information data or customer information to the outside world.
- 2) Internal risks: The negligence of internal personnel (network management, maintenance, maintenance personnel, and service personnel) leads to the leakage of corporate information and data, or some malicious employees secretly bring the company's core confidentiality or customer profile information out of the company to the market in order to seek private gain. Touting, and even independent portals to compete with the old owner.
- 3) Accidental risks: Due to the lack of effective technical means to control the enterprise server, information leakage incidents such as accidental loss and being taken away by others often cause huge losses.
- Pangu Data Security Server was born
- Pangu Data Security Server-As a data risk mitigation expert, Pangu Technology Research, based on the "isolated mobile operating system" developed for many years, has established an independent "database" in the enterprise to address the fundamental vulnerabilities of enterprise information and data security. "Safe environment", through a full range of external defense, internal control, eliminate accidental leakage, and ensure the security of corporate information and property.
- Through all-round external defense (Internet trojans and malicious code are raging online, outsiders use hacking technology, outsourcing service personnel to use special identities and other methods to invade database systems, and steal important corporate information or customer information to the outside world), Internal control (internal personnel (network management, maintenance, maintenance personnel, service personnel) cannot transfer the data in the database or take it out through U disk, mobile hard disk, etc .; the data files that are allowed to be transferred out are encrypted,), eliminating accidents Risks (accidental loss, taken away by relevant personnel), database security, and corporate information and property security.
- Pangu's three major mitigation measures: an independent "database security environment" (solving the root cause), authentication and authorization, full control, illegal operation, and automatic protection. Pangu uses the rule of subtractionthe traditional security protection uses the accumulation method, that is, the operating system + anti-virus software + firewall + encryption software + security software ... It is impossible to achieve all traditional security measures on the market, reducing the use of various types of security protection software. Investment, greatly improve efficiency and save costs, comprehensively and completely solve the hidden dangers of data security, and protect the security of corporate information assets.
- The architecture applies system engineering viewpoints and methods to analyze network security, and determines a reasonable network security architecture according to the formulated security policies.
- To be a professional, you first need to be able to express, be able to express, dare to express, but no one is a natural speaker, what should I do? practice! Just enter the exhibition style competition, let students practice! Each student and each group must bravely express themselves; there are class committee elections, knowledge contests; promotion to the second semester, a speech contest organized by the school, and another improvement in eloquence, resume competitions, and exercise of thinking skills !!