【School】 strengthen weak Thoughts on Computer Network Security.

<br> Abstract: With the rapid development of computer technology, network, network security has become the focus of research. .Analysis of the main computer network security risks and attacks the main, from the perspective of management and technology to enhance computer network security made specific recommendations. .<BR> Keywords: computer networks; security; management; technical <BR> <BR> 1 main computer network security risks <BR> <BR> 1.1 computer network software and hardware technology is not perfect because of human cognitive and <BR> .the limitations of technology, hardware and software in the design process will inevitably leave all sorts of technical defects, the resulting information security risks. .Such as the Internet as the world's most widely used information network, while the openness of their agreement greatly facilitate a variety of computer network, broaden the sharing of resources, but TCP / IP protocol developed at the beginning of the path not taken into account the security of communications, lack of .The basic security protocol, no encryption, authentication and other functions, often sending the message contains the source address, destination address and port number and other information. .Which leads to remote users on the network to read and write system files, do the roots and non-root owned files generated by transmission network security vulnerabilities. .<BR> 1.2 computer network security system is not well established within the system <BR> computer network security threats, including the following aspects: ① computer systems and communication lines vulnerability. .② system software and hardware design, configuration and improper use. .③ security leaks caused by human factors, such as network management of computer room operations passwords inadvertently leaked, intentionally or unintentionally leak, change the network configuration and log information, confidential fileson the disk being used, delete the temporary files were not timely .theft, and so on. .<BR> 1.3 physical information leakage caused by electromagnetic radiation subsidiary <BR> computer electronic equipment when working through the ground, power lines, signal lines of electromagnetic radiated signal or harmonics, generate electromagnetic radiation. .Electromagnetic radiation can destroy objects in the data transmission network, the source of this radiation has two main aspects, first network around the electromagnetic radiation generated by electronic equipment and data transmission and premeditated attempt to destroy the interference of radiation sources; the second is a network of terminals, .printer or other electronic equipment in the work of the radiation leak. .These electromagnetic signals in the near or far down can be received, after extraction treatment, restored the original message, resulting in information disclosure. .<BR> 1.4 <BR> network security system is not perfect security needs within the network with complete security system to protect, manage the security system failure is the failure of network systems is very important. .Inappropriate or network administrator to configure the network upgrade is not timely application of security vulnerabilities caused by use of weak password, feel free to use common networking sites to download the software, set up dial-up server inside the firewall are not strictly limited to the account authentication, user security awareness .strong, will be free to lend your account to others or sharing with others, will make the network at risk. .<BR> <BR> 2 major computer network attack computer network <BR> <BR> form of attack, there are six forms. .① internal theft and destruction. .Intentional or unintentional insider leaks, changes in the destruction of information or network system. .② intercept information. .An attacker could take the line or by electromagnetic radiation in the range of ways to install interception devices, interception of confidential information, or through the flow of information and direction, communication parameters such as frequency and length of the analysis, the introduction of useful information. .It does not destroy the contents of transmitted information, so difficult to detect. .③ unauthorized access. .Refers to the unauthorized use of network resources or the unauthorized use of network resources, including unauthorized users access to the network or system to conduct illegal operations and legitimate users to operate an unauthorized manner. .④ TCP / IP protocols on some of the insecurity. .The widely used TCP / IP protocol is vulnerable. .Such as the IP layer protocol, there are many security flaws. .IP address can be software settings, resulting in two types of address spoofing the address counterfeiting and security risks; IP protocol supports source routing approach, that source can send packets to the destination specified in the middle of the routing node, which provides a source routing attack conditions. .⑤ viruses. .Network virus is mainly spread through a number of application servers to the virus, crowded the limited network bandwidth, may bring down the network. .Virus may also undermine the group server, so that these servers flooded with spam, resulting in data performance. .⑥ other network attacks. .An attacker could undermine the availability of network systems, so that legitimate users can not normally access the network resources, denial of service or even destroy the system, undermining the integrity of system information, and may pretend to host legitimate users cheat, cheat the system footprint, and so on. .<BR> 3 to enhance computer network security countermeasures <BR> <BR> 3.1 to enhance network security and management education with <BR> room staff, hardware, software, data and network security issues and other aspects, the safety education .improve staff security concepts and sense of responsibility; enhance business and technology training to improve skills; education staff strictly abide by the rules and the confidentiality provisions to prevent human accidents. .Meanwhile, to protect the transmission line security. .For transmission lines, protective measures should be open or buried underground, and require from various sources to reduce data errors caused by a variety of radiation; cable laying metal conduit should be used to reduce the variety of electromagnetic radiation caused by leakage and .interference on the transmission line. .To regularly check the connection to detect whether there is wiretapping, foreign company or vandalism. .<BR> 3.2 <BR> network using network encryption technology to protect the information encrypted data within the network, files, password, and control information to protect data transmitted over the Internet. .There are three types of encrypted data transmission: ① link encryption. .Between nodes in the network encryption, encrypted transmission between nodes of information sent to the node decryption, different nodes use different passwords. .② node encryption. .Link encryption with a similar, differing only when the data transmission between nodes, do not clearly transfer format, but with a special encryption hardware to decrypt and re-encryption, such dedicated hardware is usually placed in a secure safe. .③ end to end encryption. .Entering the network data encryption, and then wait for data from the network to send out and then decrypt. .Many network encryption technology, in practice, people usually based on a variety of encryption algorithms used together, so you can more effectively enhance the network's complete. .Network Security Network encryption is one of the most effective technology. .Either deal with malware attacks, and can prevent unauthorized user access. .<BR> 3.3 <BR> enhance computer network access control network security access control and protection is the main strategy, its main task is to ensure that network resources from unauthorized use and is access, but also maintaining network security, protection of network resources .important tool. .Network access control technologies include access control, network access control, directory-level security control, security control attributes, the network server security control, network monitoring and lock control, network security control port and node. .According to the level of network security, network space environment is different, the flexibility to set the type and number of access control. .<BR> 3.4 <BR> using firewall technology is the use of firewall technology to solve the primary means of network security issues. .Firewall technology is based on modern communication networks and information technology applied on the basis of safety technology, more and more used in private network and public network interconnection environment. .A firewall is a network access control policy between the implementation of the system, through monitoring, limit, change the flow of data across the firewall, as much as possible within the network for external shielding, structure and operating conditions. .With checks to prevent the flow of information and allowing the flow of information through the management mechanism in two, and itself has a strong anti-attack capability. .Logically, a firewall is a separator, limiter and analyzer, can effectively monitor the internal network and the Internet between any of the activities to ensure the security of the internal network. .Firewall applications can be maximum protection for the normal operation of the network, it can play to improve internal network security, enhanced network security policy to prevent the leakage of internal information, network anti-virus, message encryption, storage, communication, licensing, certification and other important role. .<BR> <BR> Reference <BR> [1]  Wu Yu Feng, Liu Quan, Li Fangmin, network security password in the technology and its application [J]. Vacuum Electronics, 2004. <BR> [2]  Yang .meaning first, network security theory and technology [M]. Beijing: People Post Press, 2003. <BR> [3]  Lee to study poetry, computer system security technology [M]. Wuhan: Huazhong University Press, 2003. <BR .> <BR> <BR>.