Q: What is cybersecurity?
Answer: Network security refers to the protection of the hardware, software and data in the network system and the data in the system, and is not destroyed, changed or leaked due to accidental or malicious reasons. The system can operate continuously, reliably and normally, and the network services will not be interrupted.
Q: What is a computer virus?
Answer: Computer Virus refers to a set of computer instructions or program codes inserted by the compiler in a computer program that destroys computer functions or data, affects the use of the computer, and can copy itself.
Q: What is a *?
Answer: * is a remote control software with malicious nature. *s are generally divided into client and server. The client is a console for various commands used locally, while the server side needs to be run for others. Only computers that have been running on the server side can be completely controlled. *s will not infect files like viruses.
Q: What is a firewall? How does it ensure network security?
A: Using a firewall is a way to ensure network security. A firewall is a combination of a series of components set up between different networks (such as trusted intranets and untrusted public networks) or network security domains. It is the only entrance and exit of information between different networks or network security domains. It can control (allow, reject, monitor) information flow into and out of the network according to the enterprise's security policies, and has strong resistance to attacks. It is an infrastructure that provides information security services and realizes network and information security.
Q: What is a backdoor? Why does a backdoor exist?
Answer: Back Door refers to a method of obtaining access to a program or system bypassing security control. During the software development stage, programmers often create backdoors within the software so that they can modify defects in the program. If the backdoor is known by others, or it is not deleted before the software is released, it becomes a security risk.
Q: What is intrusion detection?
Answer: Intrusion detection is a reasonable supplement to the firewall, helping the system deal with network attacks, expanding the security management capabilities of system administrators (including security auditing, surveillance, offensive identification and response), and improving the integrity of the information security infrastructure. It collects information from several key points in the computer network system and analyzes this information to check whether there are any violations of security policies and signs of attack in the network.
Q: What is packet monitoring? What is its function?
A: Packet monitoring can be considered as the equivalent of a wiretap telephone line in a computer network. When someone is "listening" to the network, they are actually reading and interpreting packets delivered on the network. If you need to send an email or request a web page on the Internet through a computer, these operations will make the data pass through many computers between you and the data destination. The computer that passes through this information can see the data you send, and the packet monitoring tool allows someone to intercept the data and view it.
Q: What is NIDS?
Answer: NIDS is the abbreviation of Network Intrusion Detection System, which is the network intrusion detection system. It is mainly used to detect intrusion behaviors carried out by Hacker or Cracker through the network. There are two ways to run NIDS. One is to run on the target host to monitor its own communication information, and the other is to run on a separate machine to monitor the communication information of all network devices, such as Hubs and routers.
Q: What is SYN package?
Answer: The first packet connected to TCP is a very small data packet. SYN attacks include a large number of such packets that cannot be processed effectively because they appear to come from sites that do not actually exist.
Q: What does encryption technology mean?
Answer: Encryption technology is the most commonly used security and confidentiality method. It uses technical means to turn important data into garbled (encrypted) and transmit it. After reaching the destination, it is restored (decrypted) by the same or different means.
Encryption technology includes two elements: algorithm and key. An algorithm is a step of combining ordinary information or understandable information with a string of numbers (keys) to generate incomprehensible ciphertexts. The key is an algorithm used to encode and decrypt data. In security and confidentiality, appropriate key encryption technology and management mechanisms can be used to ensure the security of the information and communication of the network.
Q: What is a worm virus?
A: Worm originates from the first virus that spreads on the Internet. In 1988, 22-year-old Cornell graduate student Robert Morris sent a virus called Worm via the network, specifically designed to attack UNIX system flaws. The worms caused 6,000 systems to be paralyzed, with an estimated loss of between $2 million and $60 million. Due to the birth of this worm, a computer emergency team (CERT) was also specially established online. Now the worm virus family has grown to thousands of species, and most of these tens of millions of species of worm viruses are from hackers.
Q: What is an operating system virus? What are its hazards?
Answer: This virus will use its own programs to add the operating system or replace some operating systems for work, which has strong destructive power and will cause the entire system to be paralyzed. Moreover, due to infection with the operating system, this virus will replace the legal program module of the operating system with its own program fragments when it runs. The operating system is destroyed based on the characteristics of the virus itself and the status and role of the legal program modules in the replaced operating system in the operating system, as well as the replacement method of the virus replacing the operating system. At the same time, this virus is also very infectious to files in the system.
Q: What does the Morris worm mean? What are its characteristics?
A: It is written by Rotter Morris, a first-year graduate student at Cornell University in the United States. This program has only 99 lines. It takes advantage of the shortcomings of Unix system. Use the Finger command to check the online user list, then decipher the user password, copy and propagate its own source program with the Mail system, and then compile and generate code.
The original network worm was designed to "roam" between computers when the network was idle without any damage. When a machine is overloaded, the program can "borrow resources" from an idle computer to achieve load balancing of the network. The Morris worm is not "borrowing resources", but "exhausting all resources".
Q: What is DDoS? What consequences will it cause?
Answer: DDoS is a distributed denial of service attack. It uses the same method as a normal denial of service attack, but the attack originates from multiple sources. Usually, an attacker uses the downloaded tool to penetrate an unprotected host. When the host is obtained appropriate access, the attacker installs the software service or process (hereinafter referred to as the proxy) in the host. These agents stay asleep until they get instructions from their master to launch a denial of service attack on the specified target. With the widespread spread of hacker tools with extremely dangerous power, distributed denial of service attacks can launch thousands of attacks on a target at the same time. The power of a single denial of service attack may have no effect on broader bandwidth sites, and thousands of attacks distributed around the world will have fatal consequences.
Q: What does ARP attack within a LAN refer to?
Answer: The basic function of the ARP protocol is to query the MAC address of the target device through the IP address of the target device to ensure the progress of communication.
Based on this working feature of the ARP protocol, the hacker continuously sends fraudulent ARP packets to the other party's computer, and the packet contains a Mac address that is repeated with the current device, so that the other party cannot conduct normal network communication due to a simple address duplication error when responding to the message. Generally speaking, computers attacked by ARP will have two phenomena:
1. The dialog box "The hardware address of the XXX segment of the machine conflicts with the XXX segment address in the network" is constantly popping up.
2. The computer cannot access the Internet normally, and symptoms of network interruption occur.
Because this kind of attack uses ARP request packets to "spoof", the firewall will mistakenly think it is a normal request packet and will not intercept it. Therefore, ordinary firewalls are difficult to withstand such attacks.
Q: What is a deception attack? What are its attack methods?
Answer: The main technologies of online spoofing include: HONEYPOT and distributed HONEYPOT, spoofing space technology, etc. The main methods include: IP spoofing, ARP spoofing, DNS spoofing, Web spoofing, email spoofing, source routing spoofing (by specifying a route, legally communicating with other hosts with fake identities or sending fake messages, causing the attacked host to have wrong actions), address spoofing (including forging source addresses and forging intermediate sites), etc. Article entry: csh Editor in charge: csh
Answer: Network security refers to the protection of the hardware, software and data in the network system and the data in the system, and is not destroyed, changed or leaked due to accidental or malicious reasons. The system can operate continuously, reliably and normally, and the network services will not be interrupted.
Q: What is a computer virus?
Answer: Computer Virus refers to a set of computer instructions or program codes inserted by the compiler in a computer program that destroys computer functions or data, affects the use of the computer, and can copy itself.
Q: What is a *?
Answer: * is a remote control software with malicious nature. *s are generally divided into client and server. The client is a console for various commands used locally, while the server side needs to be run for others. Only computers that have been running on the server side can be completely controlled. *s will not infect files like viruses.
Q: What is a firewall? How does it ensure network security?
A: Using a firewall is a way to ensure network security. A firewall is a combination of a series of components set up between different networks (such as trusted intranets and untrusted public networks) or network security domains. It is the only entrance and exit of information between different networks or network security domains. It can control (allow, reject, monitor) information flow into and out of the network according to the enterprise's security policies, and has strong resistance to attacks. It is an infrastructure that provides information security services and realizes network and information security.
Q: What is a backdoor? Why does a backdoor exist?
Answer: Back Door refers to a method of obtaining access to a program or system bypassing security control. During the software development stage, programmers often create backdoors within the software so that they can modify defects in the program. If the backdoor is known by others, or it is not deleted before the software is released, it becomes a security risk.
Q: What is intrusion detection?
Answer: Intrusion detection is a reasonable supplement to the firewall, helping the system deal with network attacks, expanding the security management capabilities of system administrators (including security auditing, surveillance, offensive identification and response), and improving the integrity of the information security infrastructure. It collects information from several key points in the computer network system and analyzes this information to check whether there are any violations of security policies and signs of attack in the network.
Q: What is packet monitoring? What is its function?
A: Packet monitoring can be considered as the equivalent of a wiretap telephone line in a computer network. When someone is "listening" to the network, they are actually reading and interpreting packets delivered on the network. If you need to send an email or request a web page on the Internet through a computer, these operations will make the data pass through many computers between you and the data destination. The computer that passes through this information can see the data you send, and the packet monitoring tool allows someone to intercept the data and view it.
Q: What is NIDS?
Answer: NIDS is the abbreviation of Network Intrusion Detection System, which is the network intrusion detection system. It is mainly used to detect intrusion behaviors carried out by Hacker or Cracker through the network. There are two ways to run NIDS. One is to run on the target host to monitor its own communication information, and the other is to run on a separate machine to monitor the communication information of all network devices, such as Hubs and routers.
Q: What is SYN package?
Answer: The first packet connected to TCP is a very small data packet. SYN attacks include a large number of such packets that cannot be processed effectively because they appear to come from sites that do not actually exist.
Q: What does encryption technology mean?
Answer: Encryption technology is the most commonly used security and confidentiality method. It uses technical means to turn important data into garbled (encrypted) and transmit it. After reaching the destination, it is restored (decrypted) by the same or different means.
Encryption technology includes two elements: algorithm and key. An algorithm is a step of combining ordinary information or understandable information with a string of numbers (keys) to generate incomprehensible ciphertexts. The key is an algorithm used to encode and decrypt data. In security and confidentiality, appropriate key encryption technology and management mechanisms can be used to ensure the security of the information and communication of the network.
Q: What is a worm virus?
A: Worm originates from the first virus that spreads on the Internet. In 1988, 22-year-old Cornell graduate student Robert Morris sent a virus called Worm via the network, specifically designed to attack UNIX system flaws. The worms caused 6,000 systems to be paralyzed, with an estimated loss of between $2 million and $60 million. Due to the birth of this worm, a computer emergency team (CERT) was also specially established online. Now the worm virus family has grown to thousands of species, and most of these tens of millions of species of worm viruses are from hackers.
Q: What is an operating system virus? What are its hazards?
Answer: This virus will use its own programs to add the operating system or replace some operating systems for work, which has strong destructive power and will cause the entire system to be paralyzed. Moreover, due to infection with the operating system, this virus will replace the legal program module of the operating system with its own program fragments when it runs. The operating system is destroyed based on the characteristics of the virus itself and the status and role of the legal program modules in the replaced operating system in the operating system, as well as the replacement method of the virus replacing the operating system. At the same time, this virus is also very infectious to files in the system.
Q: What does the Morris worm mean? What are its characteristics?
A: It is written by Rotter Morris, a first-year graduate student at Cornell University in the United States. This program has only 99 lines. It takes advantage of the shortcomings of Unix system. Use the Finger command to check the online user list, then decipher the user password, copy and propagate its own source program with the Mail system, and then compile and generate code.
The original network worm was designed to "roam" between computers when the network was idle without any damage. When a machine is overloaded, the program can "borrow resources" from an idle computer to achieve load balancing of the network. The Morris worm is not "borrowing resources", but "exhausting all resources".
Q: What is DDoS? What consequences will it cause?
Answer: DDoS is a distributed denial of service attack. It uses the same method as a normal denial of service attack, but the attack originates from multiple sources. Usually, an attacker uses the downloaded tool to penetrate an unprotected host. When the host is obtained appropriate access, the attacker installs the software service or process (hereinafter referred to as the proxy) in the host. These agents stay asleep until they get instructions from their master to launch a denial of service attack on the specified target. With the widespread spread of hacker tools with extremely dangerous power, distributed denial of service attacks can launch thousands of attacks on a target at the same time. The power of a single denial of service attack may have no effect on broader bandwidth sites, and thousands of attacks distributed around the world will have fatal consequences.
Q: What does ARP attack within a LAN refer to?
Answer: The basic function of the ARP protocol is to query the MAC address of the target device through the IP address of the target device to ensure the progress of communication.
Based on this working feature of the ARP protocol, the hacker continuously sends fraudulent ARP packets to the other party's computer, and the packet contains a Mac address that is repeated with the current device, so that the other party cannot conduct normal network communication due to a simple address duplication error when responding to the message. Generally speaking, computers attacked by ARP will have two phenomena:
1. The dialog box "The hardware address of the XXX segment of the machine conflicts with the XXX segment address in the network" is constantly popping up.
2. The computer cannot access the Internet normally, and symptoms of network interruption occur.
Because this kind of attack uses ARP request packets to "spoof", the firewall will mistakenly think it is a normal request packet and will not intercept it. Therefore, ordinary firewalls are difficult to withstand such attacks.
Q: What is a deception attack? What are its attack methods?
Answer: The main technologies of online spoofing include: HONEYPOT and distributed HONEYPOT, spoofing space technology, etc. The main methods include: IP spoofing, ARP spoofing, DNS spoofing, Web spoofing, email spoofing, source routing spoofing (by specifying a route, legally communicating with other hosts with fake identities or sending fake messages, causing the attacked host to have wrong actions), address spoofing (including forging source addresses and forging intermediate sites), etc. Article entry: csh Editor in charge: csh