<> Basic concepts of network security
<> Introduction to network security
With the development of Internet , The rich information resources of network bring great convenience to users , But it also brings security problems . The essence of network security is to ensure the information security attribute on the network . Information security refers to the hardware of information system , Data in software and its system is protected , It's a computer science , network technique , A comprehensive discipline of communication and cryptography .
Network security includes physical security , Three levels of data information security and network transmission security .
Five basic elements of network information security ：
<> Network security strategy and protection system
Network security protection policy refers to the rules that must be followed to ensure a certain level of security protection .
Realize network security , Generally, three kinds of measures are taken ：
1. Information security technology
2. Network security management
3. Network security and law
The current designated network security policy mainly includes five aspects ：
1. Physical security policy
2. Access control policy
3. Firewall policy
4. Information encryption policy
5. Network security management strategy
Network security system is a legal system of network security , Network security management system and network security technology system .
<> Data encryption technology
Password technology is the first thing we think about when we talk about information security , It is to study the transformation of the transmitted information to prevent the third party from stealing the information , Is the core of network security . Here are some common cryptography techniques
<> Classical encryption algorithm
1. Code encryption
An example of this algorithm can be seen ：
Plaintext ： Grandma's yellow dog cubs in three days
ciphertext ： Three days later, the county cabinet went out of the city to clean up
This method is simple and easy to use , But it can only convey the message of foreknowledge , Reuse is not safe .
2. Substitution encryption
This method is to make a rule , Replace each letter in clear text with another , A replacement encryptor is usually required . The famous Caesar shift code in history is this method , Use the first letter after each letter in the alphabet 3 Bit substitution .
This method is more widely used than code encryption , But it's easy to find the law after using it many times .
3. Transposition encryption
This method does not hide clear text characters , Is to reorder the characters . for example ：
secret key ：6972430815
Plaintext ： Small Zhao take go black skin package hand over to Plum
0 1 2 3 4 5 6 7 8 9
ciphertext ： package Plum Zhao take black go Small to look for skin
6 9 7 2 4 3 0 8 1 5
4. One time cipherbook encryption
This method is based on a random key （key） Compose plaintext , And only once . This method 1882 By Frank · Miller （Frank Miller） find , And still in use today .
When encrypting , Shift or exclusive or calculate the letters in the message according to the numbers in the cipherbook , To encrypt messages . The only way to decrypt is to have the same passbook , Shift letters according to codebook , Or another exclusive or calculation .
Here is an example of bitwise XOR encryption and decryption ：
Encryption process clear text and password bitwise XOR
Bitwise XOR of ciphertext and password in decryption process
One time password Book encryption can only be used once , It must be at least as long as the encrypted file .
Traditional encryption methods have many limitations , So people came up with other encryption algorithms .
<> Symmetric encryption algorithm
The characteristic of symmetric encryption algorithm is that encryption and decryption use the same set of keys , That is, the encryption and decryption keys are symmetric , The security of symmetric encryption is determined by encryption algorithm and key length . Common encryption algorithms include AES,DES,3DES and IDEA wait . At present, the most used symmetric encryption algorithm is DES and 3DES, Used in individual systems IDEA,RC5 And other algorithms .
DES Algorithm encryption and decryption can use the same algorithm , But the order of the two keys is opposite , System security depends on the security of the key .
3DES In the algorithm , Use two or three keys to encrypt a packet three times , No decipherment has been found except the exhaustive method DES A shortcut to .
<> Asymmetric encryption algorithm
The characteristic of asymmetric encryption algorithm is that encryption and decryption use two different keys , That is, the encryption and decryption keys are asymmetric , Also known as public key cryptosystem PKC. Different from symmetric algorithm , Asymmetric cryptography algorithm will randomly generate two keys according to the digital relationship , A public key used to encrypt plaintext , A private key used to decrypt ciphertext . This method has high security , Key is easy to keep , But the amount of calculation is large , Slow encryption and decryption . The most common is RSA algorithm .
RSA Is the most famous double key cryptosystem , Can be used to encrypt data , It can also be used for digital signature .
RSA algorithm ： Sender wants to communicate , Using asymmetric encryption algorithm to generate a pair of keys , Public key and private key , The receiver encrypts the sender's public key when it receives it , Messages encrypted by the sender's public key can only be decrypted by the sender's own private key .
In the actual system , only need RSA In exchange DES secret key , But with DES To encrypt principal information .
In terms of hardware implementation ,RSA than DES Slow reduction 1000 times , In terms of software implementation ,RSA than DES Slow reduction 100 times .