返回 历史论文 首页
Research on Computer Network Security and Prevention Strategy

  Abstract: With the development and popularization of the computer network, the security problem has increasingly become the focus of common concern. The computer network safety problems mainly include: protocol design issues, awareness, management system and technical operation. Hackers on the computer network attack techniques: Deceptive attack, masquerade attacks, vulnerability attack, covert attack and technical attack. Accordingly, we should take the corresponding safety countermeasures: strengthen network security education, using the network protection technology, detection technology and anti-virus technology. This paper mainly analyzes the defects and the security problems of computer network, discusses about the maintenance of computer network security and the way for computer network attack technology defense strategy.
  Keywords: Computer network; network security; technology prevention; safety strategy
  0 Introductions
  Computer network technology has become an indispensable part of modern life, its application changed the traditional way of life and works, greatly improves the work efficiency, which is a great change in history of mankind. However, the computer network technology also hidden loopholes and many security problems bring us convenient at the same time, some lawless elements through computer network fraud, cyber crimes have occurred from time to time, these problems will bring great threat to human life. So we need a computer network environment, which use the advanced computer network technology to build a safe, reliable.
  1 Unsafe factors existing in computer network
  Computer network security problems ensure that the information safety in the network environment of storage, transmission, process. The safety of computer network provides the guarantee for the realization of network efficient, fast operation and transportation. Therefore, research on the calculation of network security technology is first to clear understanding to the unsafe factors existing in computer network are main problems in recent years, integrated computer network security appears, on the unsafe factors in network system existence mainly conclude the following aspects.
  1.1 The security of operating system
  At present, most of the operating system of computer application has many loopholes, because the operating system is designed by people, it is very difficult to achieve the perfect. But the operating system is the basic safeguard for a computer information security, if the operating system can not basis security role, and other security measures can not be achieved due to the defensive effect, such as firewall, if the firewall is installed in the operating system the existence of loopholes, the firewall is likely to be loopholes in the system to ignore, don't play to resist external disturbance function. Therefore, the unsafe factors of the operating system itself generate a threat to the security of computer network.   1.2 Firewall security
  Now due to the design of computer products are not perfect, so all users install firewall on the market itself there are many unsafe factors, such as the most common problem of firewall products in the application is the "single point of failure" and the "bottleneck" problem. Firewall as the first line of defense to defense against unauthorized intrusion into the computer, which itself is safe, the configuration is consistent with the standards, for the normal software is rejected, and these are the problems to be solved security firewall.
  1.3 Virus attack
  In a computer network, virus spread and transform in new development stage, we can not fundamentally eliminate it, can't count on the defense system against its existing for a long time. Therefore, if we truly want to resist the invasion of computer virus, requires the installation of the operating system security and efficient detection and prevention system.
  1.4 Application of network protocol
  Network protocol called TCP/IP protocol, mainly used in large-scale network systems, because the TCP/IP network protocol is not designed for communication security design, so it has many unsafe factors from network threats, such as loss of data, authentication etc.. Therefore, the system flaw of TCP/IP protocol is a very serious problem in computer network security.
  2 Attack techniques of hackers on the computer network
  Because of the Internet itself without time and geographical restrictions, so hackers can be an easy job to all levels of network intrusion. At present, the hackers on the computer network attack techniques have five methods.
  2.1 Deceptive attack
  Because the computer network is designed to share resources that determine its open characteristics, it easy causes data tampering and deletion, low data security. Such as "phishing" is a deceptive attack tactics, fishing tool is by sending spam claiming deceptive from some institutions, intention luring the addressee is sensitive information, such as a user name, password attacks, account ID, ATMPIN code or credit card details. The most commonly used technique is sensitive data as some real website to deceive users. "Phishing" in the past to large or well-known Web site, but due to the large and famous website rapid response, security features and provides enhanced, so, hackers are increasingly targeting smaller sites.
  2.2 Masquerade attacks
  Hackers often use computer software to camouflage IP packet, put their own play into the host address trust, conversation and the target host, once pretending to be successful, you can come straight to the point, and carry out attacks in the target host is unknown circumstances; hackers also forged IP address, routing entries, DNS analytic address, so that by the attack server unable to distinguish between these requests or unable to respond to these requests, thereby causing buffer blocking or crash; hackers can also through the LAN IP address of a machine set as the network address, resulting in data packets in the network can not be normal forwarding and make a network paralysis.   2.3 Vulnerability attack
  Talked about earlier, security protocol design problem, using the computer network awareness, management system and technical operation, that may create loopholes, such as boundary conditions, a function pointer and other software design improper or lack of restraint, resulting in the address space error; software system without treatment for certain types of packets or request in operation, abnormal etc.. The hacker is by these loopholes gap, the operating system of certain service open port engine buffer overflow attack.
  2.4 Covert attack
  Covert attack is carried out by means of Trojan virus. Trojan horse is a hacker tools based on remote control, the attack is hidden, often the user not aware. Once the hackers will Trojan program successfully implanted into the target host, computer hackers have become the control of the puppet master, and hackers became super user. Trojan program can be used to collect important information in the system, such as the password, account number, password. Hackers can also remote control host attack on other hosts, such as DDOS attacks are among the puppet master received the order to attack, at the same time to the target to send a large number of the service request packet.
  2.5 Technical attack
  Technical attacks are that hackers use sniffer and scan attack. Sniffer is a technology that use computer network interface intercepted the destination data of other computers. Network sniffer illegally obtained important information of user name, password by passively listening to network communication, data analysis. Passive and non interfering its threat to the network security from the network, to information leakage and not easy to be found. While scanning be aimed as vulnerabilities, traversal search behavior on network. Because of the existence of loopholes, useful information so scanning tools can often concealed detecting other host, as a prelude to the next attack.
  3 Security strategy of computer network
  According to the common security problems in computer networks and hackers on the computer network attack techniques, we must take corresponding safety measures.
  3.1 To improve the network security education
  Computer network security is a process, involving management, technology and application the three aspects. Specific operators at all levels is people, and people is the weakest link in network security, so we have to strengthen the safety technology training network, strengthen the safety consciousness, improve the overall quality of the three aspects of personnel. First, strengthen the network knowledge training; make the relevant personnel to master certain network knowledge, master the IP address configuration, data sharing and other basic knowledge of the network, set up the good habit of using computer. Secondly, to strengthen the safety and technical training make relevant personnel to master the safety technique, to guarantee the data safe and reliable information. Thirdly, strengthen security awareness training, let the staff know the importance of the three aspects of information security, information security assurance data is the common responsibility of all staff.   3.2 Application of network protection technology
  The starting point of network protection technology is first divided into clear the edge of the network, and then checks the information by using various control methods through on the network boundary; stop does not conform to the provisions of the information, in order to prevent hackers on the internet. Network protection technology mainly has: (1) Firewall. A firewall is a kind of used to strengthen the network access control, external network users to prevent illegally through the external network access to the internal network, access to internal cyber source, with special network interconnection equipment to protect the internal network operating environment. We used a packet filtering firewall technology, state detection technology, application gateway technology. Packet filtering technology implementation selecting the packet in the network layer; state detection technology is the state detection mechanism for connectivity, will belong to the same connected all the package as a whole data flow, a link state table, by rule table and state table together with, each in the table the connection status factors are identified, it is relative to the packet filtering technology, more flexibility and security; application gateway technology using a running special "communication data security check" software workstation connected to the protected network and other network, aimed at specific details hidden protection network, host and data protection, though firewall is an effective means to protect network security at present, but could not prevent the firewall other than the way the attacks, not prevent defections from within and without the threat of heart of the user, can not completely prevent transmission of the virus has infected software or documents, also cannot guard against data-driven attacks.
  (2) The anti wall. Antivirus wall is located at the entrance to the network, network security equipment for filtering the network transmission of the virus. The firewall can legally connected on the network data flow analysis, and the virus data sent from allowing the connected computer flow but incapable of action, because it cannot recognize the legitimate data whether the presence of virus in the package. Antivirus wall is to overcome the firewall flaw, it uses the signature of virus in the gateway, prevent network worms (Word) and corpse network (BOT) expansion.
  (3) Virtual Private Network (VPN). VPN is a virtual sub networks that take physical distribution in different locations of the network connection through the public network to logical network. It can help different users and internal network and establish a secure connection and credible, and to ensure the security of data transmission. In order to ensure the information security, VPN technology uses the authentication, access control, confidentiality and other measures, to prevent information leakage, tampering and copying.   3.3 The network detection technology
  Network detection technology is protected by monitoring the situation and the activities of the system to identify the computer system and network system attack, including the detection of illegal intruders' malicious attacks or testing, and beyond the internal legal privileges of the user's illegal activities.
  (1) Intrusion detection: Intrusion detection analyze them, to find whether there is a breach of security strategy and the signs of attack based on the number of key points to collect information of computer network or computer system, and, and the system for safety and prevention. Intrusion detection system consists of intrusion detection software and hardware, the main functions are: first, the detection and analysis of user and system activities; second, check the system configuration and operating system log; third, find bugs and statistical analysis of abnormal behavior.
  (2) Intrusion prevention. Intrusion prevention system is a kind of intrusion active protection system. It is a new technology of network security based on intrusion detection systems found on. If the network was what attack passively detect intrusion detection system can only, and block the attack ability is limited, so, intrusion prevention system to detect attack attempts in the network of import and export office, will automatically attack packets lost or take measures to block the attack source. You can think of intrusion prevention system is the firewall and intrusion detection system, but is not to say that the intrusion prevention system can replace the firewall and intrusion detection system.
  (3) Vulnerability scanning. Vulnerability scanning technology is an important active security technology. It is mainly to check whether the target host loopholes through the following two ways. First, know the target host open ports on the network services in the port scanning, match these related information and network vulnerability scanning system vulnerability database, see if there are loopholes satisfy matching conditions; second, by simulating the hacker attacks, the target host system for aggressive security vulnerability scanning, such as test weak password, if a simulated attack success, indicates that the target host system security vulnerabilities.
  3.4 The use of anti virus technology
  A computer virus can cause the computer failure, destruction of documents and data, to seize the system cyber source, infect other programs, to plug the network or the system paralysis. Especially, threatening and destructive computer virus is more incalculable in the network environment. Therefore, to guard against the computer virus is an important link in the construction of network security. In the anti virus technology is the use of anti-virus software frequently scanning and monitoring on the file server, or on a workstation with anti-virus chip and the network directory and file permissions.   4 Conclusions
  The development of computer network, there are many unsafe factors in bringing convenience to people, because the computer network involves more and more widely, for the safety of computer network technology and strategy of prevention are increasingly high requirements, in order to ensure the sustainable development of the computer network, we must take effective measures to eliminate potential safety problems, completes the network detection and prevention measures of using computer network security technology advanced, and the use of multiple security technology, computer network environment to create a safe, efficient.
  Reference
  [1]Mao Zhiyong. Application of BP neural network in computer network security evaluation [J]. information technology, 2008 (06)
  [2] Zhou zhong. The Application of neural network technology in network security [J]. science and technology to become rich the wizard, 2010 (32)
  [3]Bian Yunsheng. Computer network security protection technology research [J]. computer knowledge and technology, 2011, (31)
  [4] Yang. Analysis of the causes of the problems of computer network security and prevention technology of hardware [J]. computer knowledge and technology, 2012, (2)
  [5] Teng Jiao. Thinking about the safety protection of computer network [J]. Journal of Xianning University, 2012, (8)


【相关论文推荐】
  • Research on Computer Network Security and Protection
  • The Study on Network Security Strategy based on Security Evaluation
  • Cloud computing and network security research
  • Security of Computer Network and Measures of Defense
  • Analysis of China's energy security and economic strategy research
  • Analysis and Solutions on Computer Network Security of China's Commercial Banks
  • Computer network security evaluation based on Fuzzy Analytic Hierarchy Process technology
  • Research on the Wide-area Mal-operation Prevention in Power Network based on the GPRS
  • Research on the Teaching Strategy of the MOOCs Class Based on the Characteristics of Network Learning Behavior