计算机网络技术基础论文

.计算机网络技术基础论文1.网络安全的含义网络安全从其本质上来讲就是网络上信息的安全.它涉及的领域相当广泛。这是因为.在目前的公用通信网络中存在着各种各样的安全漏洞和威胁。从广义的角度来说：凡是涉及到网络上信息的保密性、完整性、可用性、真实性和可控性的相关技术和理论都是网络安全索要研究的领域。下面给出网络安全的一个通用定义：网络安全是指网络系统的硬件、软件及其系统中的数据受到保护，不受偶然的或者恶意的原因而遭到破坏、更改、泄露，系统连续可靠正常地运行.防止和控制非法、有害的信息、进行传播后的后果，本质上是维护道德、法规或国家利益网络上信息内容的安全.即我们讨论的狭义的“信息安全”。它侧重于保护信息、的保密性、真实性和完整性，避免攻击者利用系统的安全漏洞进行窃听、冒充等有损于合法用户的行为.本质上是保护用户的利益和隐私 网络安全与其所保护的信息对象有关.其含义是通过各种计算机、网络、密码技术和信息安全技术，保护在公用通信网中传输、交换和存储的信息的机密性、完整性和真实性.并对信息的传播即内容具有控制能力。网络安全的结构层次包括：物理安全、安全控制和安全服务。2.计算机网络安全机制分析安全性机制是操作系统、软硬件功能部件、管理程序以及它们的任意组合.为一个信息系统的任意部件检测和防止被动与主动威胁的方法。安全机制与安全性服务有关，机制是用于实现服务的程序，OSI定义的安全性机制有加密、数字签名、鉴别、访问控制、通信量填充、路由控制、公证等。安全性服务和安全性机制有一定的对应关系，例如：机密性服务可以通过加密、通信量填充和路由控制来实现。另外，加密不仅可以是机密性服务的成分.而且还可以是完整性和鉴别服务的成分。各种安全机制中.加密有着最广泛的应用.并且可以提供最大程度的安全性。加密机制的主要应用是防止对机密性、完整性和鉴别的破坏。数字签名是一种用于鉴别的重要技术 数字签名可以用于鉴别服务，也可以用于完整性服务和无拒绝服务。当数字签名用于无拒绝服务时，它是和公证一起使用的 公证是通过可信任的第三方来验证(鉴别)消息的。对于网络终端用户来说.最通常的安全性经历是通过使用口令来实现访问控制。口令是一个字符串，用来对身份进行鉴别。在获得对数据的访问权之前.通常要求用户提交一个口令，以满足安全性要求。问卷与口令有很近的亲缘关系.它也是鉴定身份的方法。3.采取的应对措施3.1信息加密信息加密技术是一种主动的信息安全防范措施.是保证网络信息安全的核心技术 信息加密技术的原理是利用一定的加密算法.将明文转换成为不可以直接读取的密文.对非法用户获取和理解原始数据起到了很好的阻止作用，确保了数据的保密性。明文转化为密文的过程我们称之为加密，密文还原成为明文的过程我们称之为解密，加密、解密使用的可变参数就叫做密钥。信息加密技术通常分为两类：一类是对称加密技术。另一类是非对称加密技术。3.2数字签名为防止他人对传输的文件进行破坏以及确定发信人的身份.我们采取了数字签名这一手段。数字签名在电子商务中起着至关重要的作用，它具备他人不能伪造，签字方不能抵赖，在公证人面前能验证真伪等特点。3.3数字证书数字证书是互联网通讯中标志通讯各方身份的一系列数据.它为网络提供了一种验证身份的方式。由权威机构CA来负责签发、认证、管理证书。此技术可以用来验证识别用户身份。3.4数字摘要又称数字指纹、SHA (secure Hash Mgorithm)或MD5(MDStandards for Message Digest).它是使用单向Hash函数加密算法对任意长度报文进行加密.摘要成一串128比特的密文.这段密文我们称为数字摘要 它是一个唯一对应一段数据的值。3.5数字信封数字信封就是信息发送端用接收端的公钥.把一个对称通信密钥进行加密.形成的数据称为数字信封 只有指定的接收方才可以用自己的私钥打开数字信封，获取对称密钥，解读通讯信息。4.结语网络安全的重要性已经有目共睹.特别是随着全球信息、基础设施和各个国家的信息基础逐渐形成.信息电子化己经成为现代社会的一个重要特征。信息本身就是时间、就是财富、就是生命、就是生产力。因此.各国开始利用电子空间的无国界性和信息、战来实现其以前军事、文化、经济侵略所达不到的战略目的。随着计算机技术的高速发展.攻击网络的技术的不断更新.单一的安全防护策略则是不安全的，网络安全将是一个系统的概念 未来的计算机网络安全防护策略方向应该是安全措施高度综合集成的。在我国，计算机网络安全技术的研发正处于起步阶段。各种技术需要我们不断的去探索，争取赶上发达国家的水平.保障我国计算机网络信息的安全，推进信息全球化的进程。Computer network security and to guard againstAbstract: When mankind entered the 21st century information society, the network society of the time, China will establish a complete set of network security system, especially from the policy and law to establish Chinas own characteristics, network security system.Key words: computer; network; security; preventIn the information age, information can help groups or individuals so that they benefit from, the same information can also be used to pose a threat to them, caused damage. Therefore network security, including the composition of network hardware, software and network transmission of information security, so that they do not because of accidental or malicious destruction of the attacks, network security not only the technical aspects, but also management issues, both complement each other, are indispensable.First, the concept of computer network securityInternational Organization for Standardization of computer security is defined as: To establish a data processing system and the adoption of technology and management of security protection, the protection of computer hardware, software, data is not due to accidental and malicious destruction of reasons, change and leakage. The above definition of computer security includes physical security and logical security of both the contents of the contents of the logic of security could be understood as we often say that the information security, information refers to the confidentiality, integrity and availability of protection, and network security Information security is the meaning of the extension, that network security is a network of information confidentiality, integrity and availability protection. Computer network security as the specific meaning of the user changes, the user is different on the network security awareness and requirements will be different. From the ordinary users point of view, could only hope that personal privacy or confidential information transmission on the network be protected against eavesdropping, tampering and forgery; and network provider in addition to care about these network information security, we must also consider how to deal with sudden natural disasters, such as military strikes against the destruction of network hardware, as well as unusual in the network how to restore network communications, and maintain the continuity of network communications.In essence, the network security, including the composition of network hardware, software and network transmission of information security, so that they do not because of accidental or malicious attacks on the destruction of both the technical aspects of network security issues, there are management issues, the two sides complement each other, are indispensable. Man-made network intrusion and attacks makes network security is facing new challenges.Second, computer network security status quoComputer network security is the network hardware, software and data systems are protected from accidental or malicious destruction of reasons, alteration, disclosure, the system continuous, reliable, normal operation of network services without disruption. Computer and network technology has the complexity and diversity, makes computer and network security has become a need to continue to update and improve the area. At present, hackers method has been more than the type of computer virus, and many attacks are fatal. In the Internet network, because the Internet does not have the time and geographical constraints, whenever there is a means to generate new attacks, we can in a week around the world, these attacks means the use of network and system vulnerabilities to attack computer systems and resulting in network paralysis. Worms, backdoor (Back-doors), Rootkits, DOS (DenialofServices) and Sniffer (network monitor) is a familiar means of several hacker attacks. However, none of these attacks means they reflect the astonishing power of today become worse. These types of attacks means the new variant, with previous attacks appeared methods, more intelligent, targeted against Internet-based protocols and operating system level. From the Web process control procedures to the kernel-level Rootlets. Hackers practices escalating renovation, to the users ability to guard against information security challenge.Third, computer network security precautions1, to strengthen the internal network management and the use of safety awareness among staff, many computer systems commonly used passwords to control access to system resources, which is anti-virus process, the most vulnerable and the most economical methods. Network administrator and terminal operator privileges in accordance with their responsibilities, choose a different password for the application data legitimate operation, to prevent unauthorized users to access the data and the use of network resources.On the network, software installation and management is crucial, it is not only related to network maintenance and management efficiency and quality, but also to the network security. A good antivirus software can be easily installed within minutes to the organization each NT server can also be downloaded and spread to all the purpose of the machine by the network administrator set up and manage to focus, it will work with the operating system and other security is closely linked to become a part of network security management, and automatically provide the best network virus defensive measures. When the computer virus on-line resources applications attack, such as the virus exists in the information-sharing network of media, it is necessary to the security at the gateway, on the network front-end for antivirus.2, network firewall technologyIs a kind of used to strengthen the network access control to prevent the external network users to illegal means to enter the external network through the internal network, access internal network resources and protect the internal network operating environment special for Network Interconnection Devices. It is between two or more networks such as packet transmission link in accordance with a certain degree of security strategy to implement the inspection, to determine whether the network communication between are allowed to, and monitor the network running. Although the firewall is to protect the network from an effective means of hacking, but there are obviously inadequate: through the firewall can not protect against outside attack other means, can not prevent defectors from the inside and inadvertent threats posed by users, but also can not completely prevent the transmission of the virus have been infected with the software or documents, and can not protect against data-driven attacks.3, security encryption technologyEncryption technology for the global e-commerce to provide a guarantee, so that Internet-based electronic trading system has become possible, thus improving the symmetric encryption and asymmetric encryption technology is still the mainstream of the 21st century. Symmetric encryption to the conventional password-based technology, computing encryption and decryption operations use the same key. Asymmetric encryption, encryption key that is different from the decryption key, encryption keys are made public, anyone can use, only the decryption key to decrypt people know.4, the network host operating system security and physical security measuresNetwork firewall as the first line of defense and can not fully protect the internal network, must be combined with other measures to improve the safety of the system level. After the firewall is based on the network host operating system security and physical security measures. In accordance with the level from low to high, namely, the physical security of the host system, the core operating system security, system security, application services security and file system security; At the same time, host security checks and bug fixes, as well as a backup safety system as a supplementary safety measures. These constitute the entire network system, the second line of defense, the main part of a breakthrough to prevent the firewall as well as attacks from within. System backup is the last line of defense network system, used to attack after the System Restore. The firewall and host security measures is the overall system security by auditing, intrusion detection and response processor constitute the overall safety inspection and response measures. It from the network system firewall, network host or even directly from the network link layer on the extraction of network status information, as input to the intrusion detection subsystem. Intrusion Detection System in accordance with certain rules to determine whether there is any