What Is Physical Information Security?
There are two aspects to network security: On the one hand, it includes physical security, which refers to the protection of tangible items such as communications, computer equipment and related facilities in the network system, so that they are not wet by rain. Another aspect includes what we usually call logical security. Including information integrity, confidentiality and availability. Both physical security and logical security are very important. In the absence of protection on either side, network security will be affected. Therefore, reasonable arrangements must be made for security protection, taking care of both aspects. [1]
- The concept of information security has gone through a long historical period in the twentieth century and has been deepened since the 1990s. In the 21st century, with the continuous development of information technology, information security issues have become increasingly prominent. How to ensure the security of information systems has become a concern of the whole society. The international research on information security started earlier and invested heavily. It has achieved many results and has been promoted and applied. China already has a number of research institutions and high-tech companies specializing in basic research, technology development and technical services of information security, which has formed the embryonic form of China's information security industry. The development of information security.
- 1. Personal information has not been collected properly
- At this stage, although lifestyles are simple and fast, there are many hidden dangers of information security behind them. For example, fraudulent phone calls, college students' "naked loans", sales information, and human flesh search information all affect the security of personal information. Criminals use various software or programs to steal personal information and use the information to make a profit, which seriously affects the lives of citizens and property. Most of these problems are concentrated in daily life, such as powerlessness, excessive or illegal collection. In addition to the government and approved enterprises, there are also some unauthorized businesses or individuals who illegally collect personal information, and even some investigative agencies have established investigative companies and wantonly tout personal information. The above problems have greatly affected the security of personal information and seriously violated citizens' right to privacy. [3]
- Information security threats in the network environment are: [1]
- 1. Confidentiality
- With the application of encryption technology, the network information system can delete users who apply for access, allow authorized users to access network information, and reject access requests from unauthorized users. [6]
- 1,
- 1.Intrusion detection technology
- When using computer software to study or work, most users will face problems of improper program design or configuration. If the user fails to solve these problems in a timely manner, others will be more easily invaded into their computer systems. For example, hackers can use program loopholes to invade others' computers, steal or damage information resources, and cause some degree of economic loss to others. Therefore, when a program vulnerability occurs, the user must handle it in time, and the problem can be solved by installing a vulnerability patch. In addition, intrusion detection technology is also willing to more effectively guarantee the security of computer network information. This technology is a combination of communications technology, cryptography, and other technologies. Reasonable use of intrusion detection technology allows users to understand various security threats in the computer in a timely manner. And take certain measures to deal with it. [8]
Information security goals
- All information security technologies are designed to achieve certain security goals. The core includes five security goals: confidentiality, integrity, availability, controllability and non-repudiation. [11]
- Confidentiality refers to preventing unauthorized subjects from reading the information. It is a characteristic that information security has since its birth, and it is also one of the main research contents of information security. More generally, it means that unauthorized users cannot access sensitive information. For paper document information, we only need to protect the file from being accessed by unauthorized persons. And the information in the computer and network environment, not only to prevent unauthorized reading of the information. It is also necessary to prevent authorizers from passing the information they access to unauthorized persons, so that the information is leaked. [11]
- Integrity refers to protecting information from unauthorized tampering. It protects the information from its original state and keeps it authentic. If such information is intentionally modified, inserted, deleted, etc., the formation of false information will have serious consequences. [11]
- Availability (Availability) refers to the ability of authorized entities to obtain services in a timely manner when they need information. Availability is a new requirement for information security in the information security protection phase, and it is also an information security requirement that must be met in a networked space. [11]
- Controllability (Controlability) refers to the implementation of security monitoring and management of information and information systems to prevent illegal use of information and information systems.
- Non-repudiation means that in a network environment, both parties to an information exchange cannot deny their behavior of sending or receiving information during the exchange. [11]
- The confidentiality, integrity, and availability of information security primarily emphasizes control over unauthorized subjects. And how to control the unauthorized acts of authorized subjects? The controllability and non-repudiation of information security is precisely through the control of authorized subjects to achieve an effective supplement to confidentiality, integrity and availability, mainly emphasizing that authorized users can only Conduct legitimate visits within the scope of authorization, and monitor and review their actions. [11]
- In addition to the above five characteristics of information security, there are auditability and authentication of information security. The auditability of information security means that the actors of the information system cannot deny their information processing behavior. Compared with the identifiability of behavior in the process of non-repudiation of information exchange, the meaning of auditability is broader. The visible authentication of information security means that the receiver of the information can determine the identity of the sender of the information. It is also a concept related to non-repudiation. [11]
Information security principles
- In order to achieve the goal of information security, the use of various information security technologies must adhere to some basic principles.
- Minimization principle. Protected sensitive information can only be shared to a certain extent. Security principals who perform their job duties and functions must meet the needs of the work as permitted by laws and related security policies. They are only granted appropriate permissions to access information, called the principle of minimization. Sensitive information. "The right to know" must be restricted, which is a kind of restrictive opening under the premise of "meeting the needs of the work." The principle of minimization can be subdivided into need to know and need. Principles. [11]
- Decentralization principle. In an information system, all rights should be appropriately divided so that each authorized subject can only have a part of them, so that they restrict each other and monitor each other, and jointly ensure the security of the information system. If an authorized subject assigns too much authority and no one supervises or restricts it, it will imply security risks of "abuse of power" and "one word and one word". [11]
- Safe isolation principle. Isolation and control are the basic methods for achieving information security, and isolation is the basis for control. A basic strategy for information security is to separate the subject of the information from the object, and implement subject access to the object under the premise of controllability and security in accordance with a certain security policy. [11]
- On the basis of these basic principles, people also summarize some implementation principles in the production practice process. They are the concrete embodiment and extension of the basic principles. Including: the principle of overall protection, the principle of who is in charge, the principle of appropriate protection, the principle of hierarchical protection, the principle of protection by different domains, the principle of dynamic protection, the principle of multi-level protection, the principle of deep protection, and the principle of information flow. [11]