提纲2009年版三级网络技术复习提纲—第七章 服务器操作系统（2009 edition three level network technology review outline - Chapter seventh server operating system）

2009年版三级网络技术复习提纲—第七章服务器操作系统2009edition three level network technology review outline -

Chapter seventh server operating system

The 2009 edition of three network technology review outline -Chapter seventh server operating system.Txt

The seventh chapter is the analysis of network management andnetwork security: this part is the key, the general 6multiple-choice questions and fill in 2~3, about 10-12.Pay attention to the problem:

1, the five functions of network management: configurationmanagement, faul t management, performance management,accounting management and security management, and the role ofmanagement.

2, the level of information security, A1 security standards inthe United States Department of defense is the highest levelof security.

3, the basic elements of network security: confidentiality,integrity, availability and legitimacy, and the correspondingfour basic threat, and the threat can realize the commonknowledge into threats and threats into.

4, security is a concrete manifestation of security threats,interruption, interception, modification and fabrication.5, the introduction of the related knowledge of encryption

technology.

The principle of digital signature and authenticationtechnology in 6, and the difference between it and messageauthentication.

7, the firewall can only prevent violations of external netsintranet.

1, network management includes five functions: configurationmanagement, faul t management, performance management,accounting management and security management.

Configuration management is responsible for networkestablishment, service deployment and configuration datamaintenance function: list management, resource provisioning,service provisioning;

Fault management general steps: find fault, judge fault, faultisolation, fault recording, fault repair; at present is:detection, isolation and correction of fault;

Billing management goal is to use the tracking of individualand group users of the cyber source, charge a reasonable feefor the.

Performance management aims to maintain the quality of serviceand network efficiency. Performance management includingperformance testing, performance analysis, performancemanagement and control function.

Safety management goal is in accordance with certain controlstrategies for cyber source access, ensure that importantinformation will not be unauthorized user access, and preventnetwork by malicious or unintentional attacks.

The target and the network administrator 2, network managementresponsibilities:

Target: A, reduce downtime, shorten the response time andimprove the utilization rate of equipment; B, reduce operatingcosts, improve efficiency; C, reduce or eliminate the networkbottleneck; D, make the network more easy to use, safe andreliable; e network.

Responsibilities: planning, construction, maintenance,expansion, optimization and troubleshooting. Not including thepreparation of applications, it is the programmer' sresponsibility.

3, a manager/agent model : management is essentially a set ofapplications running on the computer operating system,management information collection, from the agency forprocessing, to obtain valuable management information, toachieve the purpose of management. Agent is located in manageddevices, it comes from the management commands or informationrequests into the device specific instruction, completemanagement instructions, or return its equipment information.Between the manager and agent information exchange can bedivided into two types: the agent management operations frommanagers; from agents to managers of the event notification.

4, network management protocol

(1) the concept is: information between network manager andagent specification.

(2) the network management protocol is a high-level networkapplication protocol, it is based on the physical network andcommunication protocol based on network management serviceplatform.

Network management protocol includes: simple networkmanagement protocol SNMP, common management informationservice / protocol CMIS/CMIP (telecommunication managementnetwork commonly used)

The management node is generally workstation class computerapplication oriented, with strong processing ability. Theproxy node can be any type of network node. SNMP is anapplication layer protocol, it uses the service transport layerand network layer to its peer layer information transmission;SNMP uses round robin monitoring method. CMIP has theadvantages of high safety, strong function, not only can be usedfor data transmission management, can also perform certaintasks.

5, information security includes 3 aspects: physical security,security control, security service,

To achieve authenticity, confidentiality, integrity andavailability of the target;

6, the information security level:

(1) the United States Department of defense Orange BookStandards (_STD) : D1 (standard level computer system withoutverification, such as DOS, Windows3.X, users of Windows95 (notin the working group in Apple, System7.X) ; C1 providesindependent safety protection, it makes users and dataseparation, to meet the needs of independent. The minimumsecurity level C2 level required for handling of sensitiveinformation, further restrict the user to execute commands oraccess to certain file permissions, but also the authenticationlevel, such as UNIX, XENIX, Novell, NetWare system version 3or higher, Windows NT; B1 is the first need a lot of accesscontrol support level. The level of security are confidential,secret level. The B2 level of all objects in a computer systemto add tags, and to the security level distribution equipment.B3 requires the user workstation or terminal through trustedway to connect to the network system, and the level of securitysystem to protect the hardware store, security key componentsof B3 system must understand the access to all of the objectto the subject. The highest level of security A1, show that thesystem provides the most comprehensive security) .

(2) the computer information security level in China: selfprotection, guidance, supervision and protection levelprotection, mandatory protection level, the control level ofprotection.

8, network security

(1) objective: transmission security storage security and

information; the basic elements of the realization ofinformation confidentiality, integrity, availability andlegitimacy.

(2) security threats is the damage caused by a person, thing,thing or concept of a resource of confidentiality, integrity,availability or legitimacy.

(3) security threats are divided into two types of intentionaland accidental. Intentional threats can be divided into twotypes of passive and active.

Basic threat: information disclosure or loss -confidentiality,data integrity, integrity, availability, non - denial ofservice access legitimacy;

Infiltration of threat: counterfeiting, bypass control,authorization assault;

Implant threat: Troy Trojan, trapdoor;

The potential threat of eavesdropping, traffic analysis,personnel negligence, cleaning media.

(4) security attacks: from unauthorized entities have accessto resources, confidentiality of the attack; modification isunauthorized entities not only get access, but alsoaltered theresources of the integrity of the attack; interruption isdestroyed or become the system resources can not be used, isthe availability of the attack; it is unauthorized entitiesinto the fake object to the system, is on the legitimacy of the

attack.

(5) active attack and passive attack:

The characteristics of passive attacks is to monitor or monitor.The aim is to obtainthe information beingtransmitted. Passiveattacks: disclosure of information content and trafficanalysis etc. .

Active attack involves modifying the data stream or create thewrong data flow, it includes camouflage, replay, modifyinformation, denial of service, distributed denial of service.From the perspective of network protocol, the attack methodscan be summarized as: service attack and non attack service.Service attack is for a specific network services (such asE-mail (Telnet, FTP, mail bomb) , HTTP attacks) . Non serviceattack is not for a specific application service, but the lowlayer network layer protocol based on the. Non service attackby agreement or protocol when the operating systemvulnerabilities to achieve the purpose of attack, is a moreeffective means of attack, such as source routing attacks andNetXBay spoofing, etc. .

(9) safety strategy: the majesty of the law, advancedtechnology, strict management (10) safety managementprinciples: the principle of people is responsible for alimited term, the principle, the principle of separation ofduties

9, encryption technology

(1) several related concepts: called plaintext messages needto be hidden. The plaintext is transformed into another hiddenform called ciphertext,

This transformation is called encryption, the reverse processof encryption of plaintext is called decryption; a set of rulesfor encryption is called the encryption algorithm, a set ofrules by the cipher decryption called decryption algorithm;encryption algorithm and decryption algorithm is usuallycarried out in a group under the control of the key, theencryption algorithm used by the key as the encryption key,using the decryption key is called the decryption key encodingis used; password encryption, cryptanalysis (exhaustiveanalysis, to try all possible half) is used to decrypt, is acategory of cryptography.

(4) classification system password:

According to the plaintext into ciphertext operation type isdivided into: substitution or replacement of the password andthe password.

According to the number of keys is divided into: symmetriccryptography and asymmetric cryptography.

(5) the data encryption technology can be divided into 3categories: symmetric encryption, asymmetric encryption andnon reversible encryption.

Symmetric encryption for data encryption or decryption using

a single key, also known as single key encryption, passwordencryption, or conventional secret key encryption algorithm,such as DES.

Asymmetric encryption algorithm is characterized by two keys,only two collocation use to complete the encryption anddecryption process. Another usage of asymmetric encryption iscalled a"digital signature" is the commonly used RSA algorithmand digital signature algorithm DSA.

Irreversible encryption algorithm is a one-way hash algorithm,feature is encryption process does not require a key, and theencrypted data cannot be decrypted, only the same input datathrough the irreversible algorithm to the same encrypted datathe same.

(6) encryption scheme is that the two situations of safety:One is to decipher the ciphertext encrypted information exceedsthe cost of the value; two is valid to decipher the confidentialinformation over time.

(7) part of the symmetric encryption system model: encryptionalgorithm, encryption key, plaintext, ciphertext anddecryption algorithm.

Symmetric encryption is also called conventional encryption,single key encryption, secret key encryption, there are twosecurity requirements: need a strong encryption algorithm; thesender and recipient must be in a safe way to obtain a copy ofthe secret key, must ensure the security of the key. Its