Network security

Acquiring the certification isn’t going to be an easy task, but if you have the expertise help of the AZ-103 Dumps offered at the ITCertDumps, you would be able to achieve it in a single attempt.

1. Teardrop

A malformed packet attack, sending damaged IP packets to the target machine, such as overlapping Pack or excessive package load. By these means, this attack can be divided into a variety of different operating systems through the bugs in the TCP / IP protocol stack.

2. ping of death

A malformed packet attack, by changing its correctness in the final segment The combination of offset and segment length makes the system more than 65535 bytes in receiving all segments and recombinant messages, causing memory overflow, and this host will cause memory allocation errors to cause TCP / IP The stack crashes, causing a crash.

3. ICMP flood

A large number of ICMP messages sent to the target system, making it unable to request legitimate service requests A response. Sign in packet speed + enough bandwidth, this is the flood.

4. syn-flood

Attacking party A can control the broiler to send a large number of SYN messages in B but does not respond to ACK messages , Or simply forging the Source IP in the SYN message, so that B feedback SYN-ACK message stone sinking, resulting in a large number of destined semi-open connections, until the resource is exhausted, stop responding to normal connection requests.

5. smurf

smurf attack By using the ICMP response request for broadcast addresses that will set the reply address into the harmful network ( Ping) Packets to submerge the harmful host, eventually leading to all hosts of the network to respond to this ICMP response request, resulting in network blocking. More complex Smurf changes the source address to a third party, eventually leads to a third party to collapse.

6. Directory traversal attack

HTTP exists security vulnerabilities, which enables attackers to access the restricted directory.

7. Switches

VLAN jump attack, spanning tree attack, Mac table flood attack, ARP attack, VTP attack

8. Email bomb

anonymous attacks, by setting a large number of moving a large number of addresses Email, an attacker is able to exhaust the broadband of the recipient network.

9. CIHC Attack

CIH virus belongs to a file virus, but it not only destroys the guidance area and partition of the hard disk. Table, and destroy system programs in the Flashbios chip in computer system, resulting in damage to the motherboard. The CiH virus is the first case of discovery directly destroying the computer system hardware. The virus snatches on the 25th, and when seizes the data in the computer’s hard disk memory and the BIOS program in the computer, causing a dark.

10. Mancester Code

In Manchester Code, there is a hop in the middle of each bit, The intermediate hop is made both a clock signal and a data signal; from a high to low hopping representation & # 34; 1 & # 34; from low to high hopping represents & # 34; 0 & # 34 ;. There is also a differential Manchester code. Each intermediate trip is only time clock, and there is no hopping in each start, there is a hopping representation & # 34; 0 & # 34; or & # 34; 1 & # 34; Change to & # 34; 0 & # 34; No Jump is & # 34; 1 & # 34 ;. The following figure (a) is non-zero code, (b) is Manchester code, (c) is a differential Mankist code

11. ip The four sections of the address of the address of the address of the designation

IP address represent the network type, the network number, and the host bit, respectively. The IP address consists of 32-bit binary numbers, each of which represents a 10-en-numerical range between 0-255.

IP address is divided into three categories of A, B, C, and special address D, E. All 0 and all 1 reserve is not available.

Class A: ( (default subnet mask: or 0xff000000), the first byte is the network number, the last three bytes are host number . The top of the IP address is “0”, so the network number of the address is between 1 to 126. Generally used in large networks.

Class B: ( (Default subnet mask: or 0xffff0000), the first two bytes are the network number, the latter two bytes are host numbers . The top of the IP address is “10”, so the network number of the address is between 128 and 191. Generally used in medium-sized networks.

C: ( (Subnet Mask: or 0xFFFFF00), the first three bytes are the network number, the last byte is the host number. The top of this type of IP address is “110”, so the network number of the address is between 192 to 223. Generally used in small networks.

D: Yes a multicast address. The first front of this class IP address is “1110”, so the network number of the address is between 224 to 239. Generally used in multiple broadcast users.

e Class: It is a reserved address. The top of the IP address is “1111”, so the network number of the address is between 240 and 255.

12. PPTP, L2TP, IPSec Layer Tunnel package structure

(1) PPTP package structure

PPTP: Point-to-point tunnel protocol. PPTP encapsulates the PPP frame in the IP datagram for transmission. PPTP uses TCP connections to tunneling tunnel management, using a revised general routing package (GRE) package of tunnel data PPP frame. The payload of the packaged PPP frame can be encrypted, compressed, or encrypted and compressed. The figure below shows the structure of the PPTP packet containing the IP datagram.

(2) L2TP Message Package Structure

L2TP: Layer 2 Tunnel Protocol Control Messages and L2TP Data Messages are encapsulated in UDP packets.

(3) IPSec Layer Tunnel Packaging Structure

L2TP and IPSEC is called L2TP / IPSEC, L2TP / IPSec packet package is divided into two layers:

L First layer: L2TP package

PPP frame (IP datagram) uses the L2TP header and UDP header package.

The structure of the L2TP packet containing IP datagram

L second layer: IPsec package

Using IPSec package security payload (ESP) header and The end, providing message integrity and authentication IPSec authentication tail and the final IP header to encapsulate the generated L2TP message. The IP header is the source IP address and target IP address corresponding to the VPN client and the VPN server. Encrypt L2TP communication with IPSec ESP.

13. VPN

VPN, Virtual Private Network, is defined as passing a public network ( Usually the Internet) establishes a temporary, secure connection, is a safe and stable tunnel through the public network. The virtual private network is an extension of the internal network of the company, which helps off-site users, corporate branches, business partners, and suppliers to establish trusted security connections in the company’s internal network, and ensure the safety transmission of data. The VPN agent is based on the VPN-based technology.


SSL VPN refers to the use of SSL protocol (security socket protocol) to achieve remote connection A new version of VPN technology. The HTTPS protocol is used on TCP port 443. It includes: server authentication, customer authentication, data integrity on the SSL link, and data confidentiality on the SSL link. SSL achieves remote communication through relatively simple methods compared to complex IPsecvpn. Any of any installation browser can use SSL VPN because SSL is embedded in the browser, which does not need to install client software for each client like traditional IPSecvpn. SSL protects the data of the application layer, which can be specifically protected for an application. IPSec is targeted by the entire network layer and cannot be refined.

15. PPTP, L2TP, IPSEC, SSL Difference

L2TP is encapsulated using the PPP protocol, then add Additional headers are used for data on data on the internet. PPTP can only establish a single tunnel between the two end points. L2TP supports multiple tunnels between the two ends. L2TP can provide tunnel verification, and PPTP does not support tunnel verification. However, when L2TP or PPTP is used in common with IPsec, tunnel verification can be provided by IPSec.

The tunnel itself is a logical data path passed by the package data. It is not visible to the original source and destination, and the tunnel can only see the point-to-point connection in the network path. IPSec combines tunnels and data confidentiality to hide (or encapsulates) the original packet (or package) inside the new packet, the person who is eavesdropped on the network will not be able to obtain raw packet data (and the original source and goals), Safety.

Before SSL appears, the technique of IPSec, L2TP, although it can support remote access this application scenario, but these techniques have defects:

l Remote user terminals need to be installed The specified client software, leads to network deployment, maintenance is more troublesome;

L IPsec / L2TP configuration is cumbersome;

l Network management personnel cannot access corporate intranet resources for remote users Permissions make refined control.

16. SOCKS V5

SOCKS The fourth layer in the OSI model is also on the session layer, like a proxy Like the client to the server-side or server, the server or server and the server provides security services.

VPN and SOCKS type Some use differences:

(1) VPN agent is a dedicated channel, that is, when our computer connects the VPN agent, the entire computer The external transmission passes VPN, whether it is online, or on QQ, or a game, etc.

(2) SOCKS agent is usually just a specific program in a proxy computer, such as a game, or qq. When our QQ is online with the SOCKS5 agent IP, or the game is running through the SOCKS5 agent, just a specified program data is transmitted by proxy. When we are a web page, it is still through the current existing network.


DAC: Autonomous Access Control, can pass through the ACL (access control table, based on Objects and ACCL (access capabilities, subject) to implement

mac: forced access control. The subject has the following four ways to access the object: Read (RD), read (RU), write down (WD), and write down (WU). There are three models: BLP (for maintenance confidentiality, only read, write up), BIBA (for maintenance integrity, only read, write down, to ensure that high-level guests will not be low-level main body Yue Quan Tamper), the Lattice model (read down, write down)

bac: The authorization of the role controls the subject’s access to the object. There is a multi-to-many relationship between the main body and the role.

18. BLP model

BLP model focuses on data confidentiality and controlled access to confidential information. In order to determine if a specific access mode is allowed, the system needs to compare the permissions of the subject with the level of the object (Object) (more precisely, the data grade, and the combination of data separation).

BLP has three security properties:

L Simple Security Property: Specifies a given security level that cannot read higher security levels.

l * attribute: Specifies that the main body of a given security level cannot be written to any lower security level object.

L Self-Secure Properties: Use the access matrix to specify autonomous access control.

In the BLP model, users can only create contents at their own security level or higher security level (eg, secret researchers can create secrets or top secret files, but cannot create public files; Write down). Instead, users can only view contents of their own security level or lower security level (such as secret researchers can view public or secret files, but cannot view the top secret file; cannot be read). “Read, write”. The information is inflows from bottom to.

19. BIBA model

. The BIBA model solves the integrity problem of data within the system. It doesn’t care about security levels and confidentiality. The BIBA model is classified with the integrity level from flowing from any integrity level to a higher integrity level. The security model is for access control and is described as: “Read, write”. Information can only flow from top to bottom in the system.

BIBA provides this protection by 3 main rules:

L Simple integrity axiom: The main body cannot read data from a lower integrity level (called “cannot be Read “).

l * Integrity Aficient: The main body cannot write data (referred to as “cannot be written”) to a portable level of the higher integrity level.

l Call Properties: The main body cannot request (call) the service of a higher level of integrity level.

Because both are the information flow model, some are similar.

BLP Model – Confidential Model. Note: Pay attention to confidentiality, this model emphasizes that ensuring confidentiality cannot be discussed. Therefore, the higher the degree of confidentiality, the more confidentially confidentially, and it will not be read. Write aspects, high-key, write, write, confidential things, flow to a low confidential place. So he does not allow data from advanced to low streams, but allows low-level streams, low confidentiality, and has high confidentiality, and does not destroy confidentiality.

For example, 1, 2, 3, 4, level 1 is the highest secret, then 2-level person, can not read 1 data, which will destroy the principle of confidentiality. So you cannot read it up. Conversely, the 1st level is written to the Level 2 area, it will also destroy confidentiality.

BIBA model, pay attention to integrity, regardless of confidentiality issues. So just reversed. You can imagine, integrity 1, 2, 3, 4, level 1 is the highest integrity, that is, I am the highest directive, such as the highest resolution of the board, it does not need to be confidential, no one can see, but any People must not destroy my integrity, can’t modify my resolution, only my level 1 can be modified. So people with level 2 can’t write me 1 level. But level 2 can read the contents of my level 1 to generate level 2 information. At this point, the data can only be highly low, but it is forbidden from low to high.

, the two directions are just reversed because the two models are concerned about two different aspects, confidentiality and integrity. Therefore, it is not the same as the direction of the information flow.


kdc (key distribution center): Key Distribution Center

AS (Authentication Service): Certified Service Request Credential, issue TGT

TGS (Ticket Granting Service): Ticket authorization service, request TGT, issue ST

Now that you have known about the Salary of Network Security Engineer, you must be attracted to achieving it. If you wish to have it, you must have to do lots and lots of studies, unless you have a good and reliable AZ-104 Dumps provider like that of the ITCertDumps.

Leave Comment

Your email address will not be published. Required fields are marked *