2009年版三级网络技术复习提纲—第七章服务器操作系统2009edition three level network technology review outline -
Chapter seventh server operating system
The 2009 edition of three network technology review outline -Chapter seventh server operating system.Txt
The seventh chapter is the analysis of network management andnetwork security: this part is the key, the general 6multiple-choice questions and fill in 2~3, about 10-12.Pay attention to the problem:
1, the five functions of network management: configurationmanagement, faul t management, performance management,accounting management and security management, and the role ofmanagement.
2, the level of information security, A1 security standards inthe United States Department of defense is the highest levelof security.
3, the basic elements of network security: confidentiality,integrity, availability and legitimacy, and the correspondingfour basic threat, and the threat can realize the commonknowledge into threats and threats into.
4, security is a concrete manifestation of security threats,interruption, interception, modification and fabrication.5, the introduction of the related knowledge of encryption
technology.
The principle of digital signature and authenticationtechnology in 6, and the difference between it and messageauthentication.
7, the firewall can only prevent violations of external netsintranet.
1, network management includes five functions: configurationmanagement, faul t management, performance management,accounting management and security management.
Configuration management is responsible for networkestablishment, service deployment and configuration datamaintenance function: list management, resource provisioning,service provisioning;
Fault management general steps: find fault, judge fault, faultisolation, fault recording, fault repair; at present is:detection, isolation and correction of fault;
Billing management goal is to use the tracking of individualand group users of the cyber source, charge a reasonable feefor the.
Performance management aims to maintain the quality of serviceand network efficiency. Performance management includingperformance testing, performance analysis, performancemanagement and control function.
Safety management goal is in accordance with certain controlstrategies for cyber source access, ensure that importantinformation will not be unauthorized user access, and preventnetwork by malicious or unintentional attacks.
The target and the network administrator 2, network managementresponsibilities:
Target: A, reduce downtime, shorten the response time andimprove the utilization rate of equipment; B, reduce operatingcosts, improve efficiency; C, reduce or eliminate the networkbottleneck; D, make the network more easy to use, safe andreliable; e network.
Responsibilities: planning, construction, maintenance,expansion, optimization and troubleshooting. Not including thepreparation of applications, it is the programmer' sresponsibility.
3, a manager/agent model : management is essentially a set ofapplications running on the computer operating system,management information collection, from the agency forprocessing, to obtain valuable management information, toachieve the purpose of management. Agent is located in manageddevices, it comes from the management commands or informationrequests into the device specific instruction, completemanagement instructions, or return its equipment information.Between the manager and agent information exchange can bedivided into two types: the agent management operations frommanagers; from agents to managers of the event notification.
4, network management protocol
(1) the concept is: information between network manager andagent specification.
(2) the network management protocol is a high-level networkapplication protocol, it is based on the physical network andcommunication protocol based on network management serviceplatform.
Network management protocol includes: simple networkmanagement protocol SNMP, common management informationservice / protocol CMIS/CMIP (telecommunication managementnetwork commonly used)
The management node is generally workstation class computerapplication oriented, with strong processing ability. Theproxy node can be any type of network node. SNMP is anapplication layer protocol, it uses the service transport layerand network layer to its peer layer information transmission;SNMP uses round robin monitoring method. CMIP has theadvantages of high safety, strong function, not only can be usedfor data transmission management, can also perform certaintasks.
5, information security includes 3 aspects: physical security,security control, security service,
To achieve authenticity, confidentiality, integrity andavailability of the target;
6, the information security level:
(1) the United States Department of defense Orange BookStandards (_STD) : D1 (standard level computer system withoutverification, such as DOS, Windows3.X, users of Windows95 (notin the working group in Apple, System7.X) ; C1 providesindependent safety protection, it makes users and dataseparation, to meet the needs of independent. The minimumsecurity level C2 level required for handling of sensitiveinformation, further restrict the user to execute commands oraccess to certain file permissions, but also the authenticationlevel, such as UNIX, XENIX, Novell, NetWare system version 3or higher, Windows NT; B1 is the first need a lot of accesscontrol support level. The level of security are confidential,secret level. The B2 level of all objects in a computer systemto add tags, and to the security level distribution equipment.B3 requires the user workstation or terminal through trustedway to connect to the network system, and the level of securitysystem to protect the hardware store, security key componentsof B3 system must understand the access to all of the objectto the subject. The highest level of security A1, show that thesystem provides the most comprehensive security) .
(2) the computer information security level in China: selfprotection, guidance, supervision and protection levelprotection, mandatory protection level, the control level ofprotection.
8, network security
(1) objective: transmission security storage security and
information; the basic elements of the realization ofinformation confidentiality, integrity, availability andlegitimacy.
(2) security threats is the damage caused by a person, thing,thing or concept of a resource of confidentiality, integrity,availability or legitimacy.
(3) security threats are divided into two types of intentionaland accidental. Intentional threats can be divided into twotypes of passive and active.
Basic threat: information disclosure or loss -confidentiality,data integrity, integrity, availability, non - denial ofservice access legitimacy;
Infiltration of threat: counterfeiting, bypass control,authorization assault;
Implant threat: Troy Trojan, trapdoor;
The potential threat of eavesdropping, traffic analysis,personnel negligence, cleaning media.
(4) security attacks: from unauthorized entities have accessto resources, confidentiality of the attack; modification isunauthorized entities not only get access, but alsoaltered theresources of the integrity of the attack; interruption isdestroyed or become the system resources can not be used, isthe availability of the attack; it is unauthorized entitiesinto the fake object to the system, is on the legitimacy of the
attack.
(5) active attack and passive attack:
The characteristics of passive attacks is to monitor or monitor.The aim is to obtainthe information beingtransmitted. Passiveattacks: disclosure of information content and trafficanalysis etc. .
Active attack involves modifying the data stream or create thewrong data flow, it includes camouflage, replay, modifyinformation, denial of service, distributed denial of service.From the perspective of network protocol, the attack methodscan be summarized as: service attack and non attack service.Service attack is for a specific network services (such asE-mail (Telnet, FTP, mail bomb) , HTTP attacks) . Non serviceattack is not for a specific application service, but the lowlayer network layer protocol based on the. Non service attackby agreement or protocol when the operating systemvulnerabilities to achieve the purpose of attack, is a moreeffective means of attack, such as source routing attacks andNetXBay spoofing, etc. .
(9) safety strategy: the majesty of the law, advancedtechnology, strict management (10) safety managementprinciples: the principle of people is responsible for alimited term, the principle, the principle of separation ofduties
9, encryption technology
(1) several related concepts: called plaintext messages needto be hidden. The plaintext is transformed into another hiddenform called ciphertext,
This transformation is called encryption, the reverse processof encryption of plaintext is called decryption; a set of rulesfor encryption is called the encryption algorithm, a set ofrules by the cipher decryption called decryption algorithm;encryption algorithm and decryption algorithm is usuallycarried out in a group under the control of the key, theencryption algorithm used by the key as the encryption key,using the decryption key is called the decryption key encodingis used; password encryption, cryptanalysis (exhaustiveanalysis, to try all possible half) is used to decrypt, is acategory of cryptography.
(4) classification system password:
According to the plaintext into ciphertext operation type isdivided into: substitution or replacement of the password andthe password.
According to the number of keys is divided into: symmetriccryptography and asymmetric cryptography.
(5) the data encryption technology can be divided into 3categories: symmetric encryption, asymmetric encryption andnon reversible encryption.
Symmetric encryption for data encryption or decryption using
a single key, also known as single key encryption, passwordencryption, or conventional secret key encryption algorithm,such as DES.
Asymmetric encryption algorithm is characterized by two keys,only two collocation use to complete the encryption anddecryption process. Another usage of asymmetric encryption iscalled a"digital signature" is the commonly used RSA algorithmand digital signature algorithm DSA.
Irreversible encryption algorithm is a one-way hash algorithm,feature is encryption process does not require a key, and theencrypted data cannot be decrypted, only the same input datathrough the irreversible algorithm to the same encrypted datathe same.
(6) encryption scheme is that the two situations of safety:One is to decipher the ciphertext encrypted information exceedsthe cost of the value; two is valid to decipher the confidentialinformation over time.
(7) part of the symmetric encryption system model: encryptionalgorithm, encryption key, plaintext, ciphertext anddecryption algorithm.
Symmetric encryption is also called conventional encryption,single key encryption, secret key encryption, there are twosecurity requirements: need a strong encryption algorithm; thesender and recipient must be in a safe way to obtain a copy ofthe secret key, must ensure the security of the key. Its
部落曾经在去年分享过一次Boomer.host的信息,商家自述始于2018年,提供基于OpenVZ架构的VPS主机,配置不高价格较低。最近,主机商又在LET发了几款特价年付主机促销,最低每年仅4.95美元起,有独立IPv4+IPv6,开设在德克萨斯州休斯顿机房。下面列出几款VPS主机配置信息。CPU:1core内存:512MB硬盘:5G SSD流量:500GB/500Mbps架构:KVMIP/面板...
月付/年付优惠码:zji 下物理服务器/VDS/虚拟主机空间订单八折终身优惠(长期有效)一、ZJI官网点击直达ZJI官方网站二、特惠香港日本服务器香港大埔:http://hkdb.speedtest.zji.net/香港葵湾:http://hkkw.speedtest.zji.net/日本大阪:http://jpsk.speedtest.zji.net/日本大阪一型 ...
乌云数据主营高性价比国内外云服务器,物理机,本着机器为主服务为辅的运营理念,将客户的体验放在第一位,提供性价比最高的云服务器,帮助各位站长上云,同时我们深知新人站长的不易,特此提供永久免费虚拟主机,已提供两年之久,帮助了上万名站长从零上云官网:https://wuvps.cn迎国庆豪礼一多款机型史上最低价,续费不加价 尽在wuvps.cn香港cera机房,香港沙田机房,超低延迟CN2线路地区CPU...