1.3. Network Security Concept

1.3.1. Network Security Definition

A general definition of network security means that the hardware, software and data in the network information system are protected from accidental or malicious destruction, alteration, and leakage, and the system can run continuously, reliably, and normally without interruption of services. Simply put, network security is the ability to identify and eliminate unsafe factors in a network environment.

Network security has different interpretations in different environments and applications, such as the security of system operation, the security of system information content, and the security of information communication and dissemination.

The basic requirements of network security include reliability, availability, confidentiality, integrity, non-repudiation, controllability, reviewability, authenticity, etc. The three most basic elements are Confidentiality, Integrity, and Availability.

Confidentiality is the property of not leaking useful information to unauthorized users. It can be achieved through technologies such as information encryption, identity authentication, access control, and secure communication protocols. Information encryption is the most basic means to prevent illegal information leakage. It mainly emphasizes the feature that useful information is only used by authorized objects.

Integrity refers to the characteristic of keeping the information from being destroyed or modified, not lost, and the information cannot be changed without authorization during the process of information transmission, exchange, storage and processing, and it is also the most basic security feature.

Availability refers to the characteristic that an information resource can be accessed by authorized entities as required, used normally, or can be restored to use under abnormal circumstances. The required information is correctly accessed when the system is running, and when the system is accidentally attacked or destroyed, it can be quickly recovered and put into use. It is a measure of the user-oriented security performance of the network information system to ensure the provision of services for users.

The main body of network security is to protect the security of data and communication on the network. Data security refers to software and hardware protection measures to prevent unauthorized leakage, transfer, modification and destruction of data. Communication security is a communication protection measure. , requiring the adoption of confidentiality security, transmission security, radiation security and other measures in communication.

1.3.2. System Vulnerability

The information system itself is fragile, and the hardware resources, communication resources, software and information resources of the information system may be damaged, changed, leaked and function failure due to foreseeable or unforeseen or even malicious reasons, thus making the system In an abnormal state, even collapsed and paralyzed.

The vulnerability of hardware resources is mainly manifested in physical security problems, which are mostly due to design, and the method of using software programs is not effective.

The vulnerability of software comes from the problems left over in the design and implementation of software engineering, such as negligence in design, logical confusion in internal design, and failure to comply with information system security principles for design.