<> Network security notes

<> one , Basic knowledge

01, computer network : Is to use communication lines to connect different geographical locations , Computers and communication devices with independent functions are connected together , A computer system for resource sharing and information transmission .
02, Common computer networks :

* PAN:Personal Area Network, Personal area network
* LAN:Local Area Network, LAN
* MAN:Metropolitan Area Network, Metropolitan area network
* WAN:Wide Area Network, Wide area network
03, information system : It can collect information , transmission , storage , machining , Computer application system used and maintained , Such as student management system .
04, information safety : It refers to the protection of computer hardware in the information system , The software and data will not be damaged due to accidental or malicious reasons , change , leak , Ensure the continuous, reliable and normal operation of the system , Uninterrupted information service .

05, computer virus : It refers to the information compiled or inserted into a computer program , Destroy computer functions or data , Affect computer use , A set of computer instructions or program code that can replicate itself . Computer viruses are parasitic , Concealment and infectivity .

06, Trojan horse : Is a specific program used to illegally collect information or control another computer , There are usually two parts: client and server , The computer implanted with Trojan horse is the server-side part . Trojans are usually disguised as packages , Compressed file , picture , Video screen and other forms , Through web page , mail , Instant messaging and other channels induce users to download and install , If the user opens such Trojan horse program , The user's computer or intelligent terminal and other devices will be controlled by the person who implanted the Trojan horse , Causing data files to be stolen or modified , Hazards such as theft of electronic account funds .
07, intrusion : It refers to the unauthorized access to the computer network or system , Usually malicious access to information , The act of processing information or destroying a system .
08, hacker : Generally refers to familiarity IT technology , A person who is keen to invade networks or computer systems to steal data and information .
09, attack : It refers to the use of loopholes and security defects in the network or computer system to destroy it , leakage , The act of altering or disabling .

10, loophole : Refers to the hardware of the network or information system , Software , Weaknesses or defects in the specific implementation of the protocol or security strategy . The vulnerability may come from defects in the design of application software or operating system or errors in coding , It may also come from the design defects or unreasonable logical process processing of the business in the process of interactive processing .
11, back door : A method of obtaining access to a program by bypassing its security , It is intended to stay in the computer system , A way for some special users to control a computer system in some special way .
12, The difference between a backdoor and a vulnerability is : Vulnerability is an unintentional act , The back door is deliberately created by programmers in the process of software development .
13, firewall : It is a method to isolate the intranet from the extranet , Access control technology to protect intranet from intrusion of illegal users . Firewall can be implemented by software , It can also be implemented in hardware .
14, patch : Refers to a small program that fixes vulnerabilities for defects exposed in the use of the software system .
15, password : A technique used to protect data or information ( Symbol system ). The basic function of cryptosystem is to realize the confidentiality service of information .

16, encryption : It changes the expression form of the original information data with a special algorithm , Will be normal ( Recognizable ) The process of transforming information into unrecognizable information . The purpose of encryption is to make unauthorized users unable to understand the content of the encrypted information even if they obtain it .
17, decrypt : Is the inverse of encryption . Recover the encrypted information into recognizable information through some algorithm , Enable authorized users to understand the original information data .

18, digital signature : It is generated by the sender of the information through the signature algorithm , A digital string used to prove the authenticity of the message sent by the message sender . Digital signature is generally realized by cryptographic technology , It has the same legal effect as ordinary physical signature .

19, digital watermarking : It is a method of embedding identification information into digital carrier , Used to confirm the carrier owner , A technique for determining whether a carrier has been tampered with or transmitted secret information . The embedded identification information is also called digital watermark , Digital carrier includes multimedia , file , Software, etc , When the digital watermark is embedded into the digital carrier , It shall not affect the use value of the original carrier .
20, Safety is classified according to equal protection :( Each share 50%)

* technology : Technology is divided into physics , network , host , application , Data security and backup recovery .
* Administration : Safety management system , Safety management organization , Personnel safety management , System construction management , System operation and maintenance management .
21, Noun interpretation :

* CISE: Registered information security engineer
* CISO: Registered information security manager
* CISA: Registered Information Security Auditor