Network security related knowledge
Five ways to steal secret attacks
Footprinting: The attacker collects the target's information in advance and usually uses tools such as Whois, Finger, Nslookup, and Ping to obtain some of the target's information, such as domain name, IP address, network topology, related user information, etc. These are often the first steps for hackers to invade;
Scanning: Scanning here mainly refers to port scanning. Nmap and other port scanning tools are usually used to obtain some useful information about the target computer. Information, such as which ports are opened on the machine, will know which network services are opened. Hackers can exploit these server-side vulnerabilities to conduct further intrusions. This is often the second step in a hacker's intrusion.
Protocol stack fingerprinting (Stack Fingerprinting) identification (also called operating system detection): Hackers send detection packets to the target host. Since there are many subtle differences between the IP protocol stack implementations of different OS manufacturers, each OS Each has its own unique response method, and hackers are often able to determine the OS the target host is running. This can often be seen as part of the scanning phase.
Information flow sniffing (Sniffering): By setting a host's network card to promiscuous mode in a shared LAN, or using ARP spoofing in various LANs, the host will accept all passing data packets. Based on this principle, hackers can use a sniffer (hardware or software) to monitor network information flow and collect information such as account numbers and passwords. This is the third step of hacking.
Session Hijacking: The so-called session hijacking means that during a normal communication process, a hacker participates as a third party, or injects additional information into the data stream, or inserts the information of both parties into the process. The communication model secretly changes, that is, from direct contact to being relayed by hackers. This attack method can be considered as the fourth step of hacking - one of the real attacks.
What is a firewall? Why do you need a firewall?
A firewall is a device, which is a combination of software and hardware equipment. It is usually located between an enterprise's internal LAN and the Internet. It restricts Internet users' access to the internal network and manages internal user access. Internet permissions.
In other words, a firewall provides a blocking tool between an internal network that is considered safe and trusted and an external network that is considered less secure and trustworthy. If there is no firewall, the security of the entire internal network completely depends on each host. Therefore, all hosts must achieve a consistent high level of security, which is very difficult in actual operation.
The firewall is designed as a device running dedicated access control software and has no other services, so it means there are relatively few defects and security holes, which makes security management more convenient. Ease of control will also make internal networks more secure. The principle followed by the firewall is to ensure the security of the internal network as much as possible while ensuring the smooth flow of the network. It is a static security component.
What are the limitations of firewalls?
Some attacks on the network can bypass the firewall
Firewalls cannot prevent attacks from the internal network.
Firewalls cannot protect the transmission of virus-infected programs and files.
Firewalls cannot protect against new online threats.
When using end-to-end encryption, the role of the firewall will be greatly limited.
Firewalls are not completely transparent to users and may cause problems such as transmission delays, bottlenecks, and single points of failure.
Firewalls cannot protect against data-driven attacks.
The above is the detailed content of Network security related knowledge. For more information, please follow other related articles on the PHP Chinese website!