Cyber Security main problem

by Cyber Security April. 03,2023
Cyber Security main problem

main problem

Security risks

1. The Internet is an open and uncontrolled network. Hackers often invade the computer systems in the network, or steal confidential data and embezzle privileges, or destroy important data, or make the system functions inadequate or even paralyzed.

2. Internet data transmission is carried out based on the TCP/IP communication protocol. These protocols lack security measures to prevent information from being stolen during transmission.

3. Most communication services on the Internet are supported by the Unix operating system. The obvious security vulnerabilities in the Unix operating system will directly affect the security services.

4. The electronic information stored, transmitted and processed on the computer has not been enveloped, signed and sealed like traditional mail communications. Whether the source and destination of the information is true, whether the content has been changed, and whether it is leaked, etc., are maintained by the gentleman's agreement in the service agreement supported by the application layer.

5. E-mails may be disassembled, mistakenly cast, and forged. There is a great danger in using e-mail to transmit important and confidential information.

6. The spread of computer viruses through the Internet brings great harm to Internet users. Viruses can paralyze computers and computer network systems, and lose data and files. The spread of viruses on the Internet can be through public anonymous FTP file transfer, or through emails and attached files to emails.

Attack form

There are four main ways of interruption, interception, modification and forgery.

Interruption is based on availability. It destroys system resources and makes the network unavailable.

Interception is based on confidentiality as the target of attack, and unauthorized users gain access to system resources through some means.

Modification is based on integrity as the target of attack. Unauthorized users not only gain access but also modify the data.

Forgery is based on integrity as the target of attack. Unauthorized users insert forged data into normally transmitted data.

solution

1. Intrusion detection system deployment

Intrusion detection capability is an important factor to measure whether a defense system is complete and effective. A powerful and complete intrusion detection system can make up for the relatively static defense of firewalls. Real-time detection of various behaviors from external networks and campus networks, timely detection of various possible attack attempts, and corresponding measures. Specifically, the intrusion detection engine is connected to the central switch. The intrusion detection system integrates intrusion detection, network management and network monitoring functions. It can capture all data transmitted between the internal and external networks in real time. It uses the built-in attack signature database and uses pattern matching and intelligent analysis methods to detect intrusions on the network. Behaviors and abnormal phenomena, and record related events in the database, as the basis for the network administrator’s subsequent analysis; if the situation is serious, the system can issue a real-time alarm so that the school administrator can take timely countermeasures.

2. Vulnerability Scanning System

The most advanced vulnerability scanning system is used to conduct regular security inspections on workstations, servers, switches, etc., and provide system administrators with detailed and reliable security analysis reports based on the inspection results, which is an important basis for improving the overall level of network security.

3. Network version of anti-virus product deployment

In this network anti-virus program, we finally have to achieve one goal: to prevent virus infection, spread and outbreak in the entire local area network. In order to achieve this, we should take corresponding measures in the places where the virus may be infected and spread in the entire network. Anti-virus means. At the same time, in order to effectively and quickly implement and manage the entire network's anti-virus system, it should be able to realize multiple functions such as remote installation, intelligent upgrade, remote alarm, centralized management, and distributed detection and killing.