elementary introduction information security
One, foreword
At present, the information security incidents happen frequently, pay treasure, ctrip has got infected, more terrorist, polish aviation ground operation system was black, information security problem has been more and more serious, literally said, information security of power off as nuclear weapons, can easily destroy a country, imagine that one day we found it to the bank the money didn't, the plane can't take off, hair don't work on the train that won't be power grid, the communication interrupt, etc., of our life become? Therefore, information security has been a battleground of national life and death,
Second, what is information security
However, what is information security? Information security includes what content? How to do information security? Most people don't know, I feel it's too tall, too far from us, this is mainly because we don't know, for information security and few comprehensive colloquially said what is information security,
Generally speaking, contains the information security attack and prevent two opposites, is what, what,
From the perspective of "attack", attackers want to do? Nothing more than two aspects: the damage and theft, "damage" is the attacker to be the attacker's network system, computer system for the good of illegal destruction is unable to provide normal service, or tamper with the information system may cheat to obtain illegal interests, "steal" called from was the attacker's computer system, network system access to get information without permission, "destruction" and "steal", to be the attacker will suffer the huge loss, even is destructive,
Tapping naturally proof, from the viewpoint of "prevention", information security is to prevent the attacker's "destruction" and "steal", to make the attacker: into do not come, take not to walk, can't open, technically the basically contains all information security protection content,
Light also can't guarantee information security from the technology, also need a perfect management system and resolutely carried out, therefore, information security protection includes two aspects of technology and management, technology is a tool, management is the main body, only two aspects both to protect the security of information,
In general, information security is refers to the protection of computer information system and information system of data from damage, leakage, ensure the normal operation of the system, safeguard the legitimate interests of the users, mainly for "proof" of party,
Three, how to do information security
According to the understanding of information security, to do information security, need from multiple level fluctuation kongfu, multi-pronged,
1. Let the attacker "not to"
"Into" is the most understanding of the information security, as the name suggests, is to make the attacker not, won't damage your system, and data, this is the most common information security technology, is the most peripheral defense information essence, it protected object is mainly the system itself, such as: network systems, operating systems, database systems, service systems, such as
To give an example of how the attacker to destruction of the system, generally from two aspects of destruction,
1) damage to network system
Is through the network connection between the computer system, if the network has been destroyed, will not be able to exchange data between computer systems, business cannot be carried out normally,
This is similar to the damage to the road in life, for example, the attacker sends a large number of illegal packet in the network, the communication load is too large, thus paralysis communication, like deliberately into a large number of cars on the highway, non-motor vehicles, artificially created, so that the normal order was damaged in transit, or, the attacker deliberately modify the routing information communication, make the normal information cannot reach the right place, like a highway signs, navigation information has been modified or destroyed, let a person can't find the right way, what's more, simply destroys the communication lines, such as direct blow up the highway, make communication interrupt directly,
From a technical perspective, the DDOS attacks, DNS attack, ARP attack, physical damage, and so on are all this kind of attack damage, the destruction of the damaged area generally is very wide, but there will be no damage to computer data itself,
2) damage to computer system for
This is the direct damage to computer system itself, such damage is usually use computer viruses, trojans, backdoors or use of the computer system itself loopholes, illegal access to the computer system for damage, the damage caused by the consequences include: computer files are destroyed, the data is stolen, service program was damaged and information been tampered with, the computer system being illegally control, etc., for example, computer viruses and trojans are the vast majority of ordinary users often face threats, is also the most direct experience of the masses of users to information security,
In the face of this two kinds of threats, the defensive side the most direct approach is to make the attacker "not to" : let the illegal data into the network, computer viruses, Trojan program into the system, can effectively discover and after infection for finding and killing, plug the hole system for intruders can't unauthorized access to computer systems,
In order to make the attacker "not to", a large number of security products on the market to protect system: network firewall, intrusion detection system, the bastion host, antivirus software, system patch, etc., to resist various attacks on networks and systems, respectively, at the same time, in order to deal with in the network, the system in case of any damage, many system design for design all kinds of redundancy backup, each link of protection, is destroyed in a system, can continue to use the redundant backup system for service, the influence of the damage to a minimum,
"Not to" is the basic information security defense, protection of network and system, is a problem of all computer applications have to be faced,

2. Let the attacker "take don't walk"
Let the attacker can't "into" information security defense for average users most cases have enough, but did not go far enough for many fields, such as military, political, financial, communications, transportation and so on application, therefore, on the basis of "not to" defense, needs to make "take don't walk" the system of defense,
"Take don't walk" the protection of the object is mainly in the system information data, typically in the defense of the system, its goal is to prevent a computer system information in the data away from being illegally system, also is to prevent the intruder "steal",
"Not to" defense possible loopholes (including technology gaps and loopholes in management), it is difficult to be absolutely safe, the intruder is possible breakthrough "not to" deployed defense circle into the system, if not protected, an intruder can steal information data in the system, therefore, requires the deployment of a higher level of protection system to protect information data from stealing, let the invaders into the system also "take don't walk" information data,
"Take don't walk" on the defensive, usually based on system authentication, the use of control on the system permissions, let a person with a permission to operate the protected data, these permissions include:
1) enter the system permissions,
2) access to the protected data,
3) copy data access,
4) use storage medium,
5) use of communication equipment,
6) as well as some other access control,
Evaluation in the system, the identification is an important link, how to identify and to identify the user's identity is a key technology, the current commonly used is the certificate system and the PKI technology, they are asymmetric encryption to decrypt the basis of technology, the current commonly used is the RSA algorithm and elliptic curve algorithm, RSA algorithm after decades of development, the application is very extensive, but with the development of technology, it is gradually withdraw from the historical stage, is safer, more efficient elliptic curve algorithm is step by step, become the new standard,
Defense technology for ordinary users, the direct use of the opportunity is not much, but in many special fields such as finance, government, military, and so on, it is a indispensable information security protection technology, the typical application of protective products are the end products,

3. Let the attacker can't open ""
From the front you can see, "take don't walk" information security is primarily a system of inward and outward oriented information security protection, once appear, loopholes in management rules, and there is still huge risk of information leakage, and whether it is "not" or "not go", all cannot do the whole life cycle of data security and protection, therefore, you need a higher level of information security protection, that is "can't open" information security protection,
"Can't open" protection information data is the object itself, the goal is to make the invaders even break through the "not to" and "not go" protective take the information data, also can't get to the data of the real information, and prevent the intruder "steal", this kind of information protection technology is carried out on the information data encryption, data in the process of transmission and storage are at greater risk of being stolen, so in the process data needs to be encrypted, can only be solve when using the real data,
A wide range of data encryption technology should be divided into two kinds of symmetric and asymmetric, commonly used symmetric encryption algorithm AES, DES, RSA asymmetric algorithms, elliptic curve algorithm, the characteristics of the symmetric algorithm is encryption and decryption keys are the same, the efficiency of encryption to decrypt higher than asymmetric algorithms; Rather than symmetric algorithms is the feature of encryption and decryption key, but low efficiency than symmetric encryption, asymmetric keys can be divided into public and private keys, two public key can be public, anyone can get, but only, the owner of the private key is public to the private, in practice, is usually symmetric and asymmetric algorithms used in combination, due to the symmetric encryption efficiency is high, thus can be used to encrypt the data, rather than a symmetric algorithm of encryption and decryption key, is advantageous for the key management, which can be used to encrypt symmetric key algorithm, when a piece of data encryption for first randomly generated a symmetric key algorithm, is used to encrypt data, then use asymmetric keys of asymmetric public-key encryption algorithm; Decrypt data, use first private key to decrypt the symmetric key, then use the symmetric key decryption get clear data, in this process, the public key can open who all can be used to encrypt the data, and only the owner of the private key can decrypt the data, so as long as keep the private key can guarantee the security of the data,

4. Perfect the management system of
Not in addition to technical "to", "don't walk", "solution don't open" the three levels of protection, on the management also need to have a set of perfect management system, and runs through the whole system, it is a good technology, if maintenance and use does not reach the designated position, still there are security holes, and the harm is fatal, complete failure can make the whole security system, a sound management system, on the system, the construction, maintenance, operation, patrol, equipped with standard on disaster preparedness system; Applications used in the system, the data is used, permissions distribution with management approach; On the responsibility for maintenance personnel, the use of personnel to set clear responsibilities, to set up the log audit and accountability system, conclusion is probably the following ten categories:
1) the construction specification,
2) daily maintenance and management way,
3) operation specification,
4) patrol system,
5) contingency plans,
6) use system,
7) data management information system,
8) management duties and responsibilities,
9) use rights management,
10) log management,
According to different industry, the requirement of information security, at the request of the management system will be different, for example, in some special areas, in addition to these ten class system, there will be more detailed management system, and detailed degree could be accurate to a file in the system of management, and in general of small, low security level requirement, may be completely don't need so much of the system, but, no matter what industry, as long as it is hope to build perfect management system, this is should be considered,
Perfect system again, if you don't perform or not, it is a dead letter, therefore, the rationality of the system, operability and firmly implement, this is the key to the success of the evaluation system,
In general, information security is from communication network, computer systems, access control, data protection, system management and so on several aspects to build a Great Wall to protect the safety of information, generally summarized as into do not come, take not to walk, solution doesn't open three technology level and a management level, to build a reliable information security of the Great Wall, the four levels are indispensable, for now the domestic have overall consideration from the four levels of structure to build a set of complete overall safety system of the enterprise is not much, the ability of this aspect is still very weak,
Four, the negative impact of information security
Of course, information security is not as perfect as possible, the more the more perfect information security also can bring negative effects, those responsible for the influence displays in:
1) information security system more perfect, the system of the higher input costs,
2) information security system more perfect, the lower the system efficiency,
3) information security management more perfect, the greater the maintenance workload,
4) information security is more perfect, daily use, the more trouble, the lower the work efficiency,
5) information security is more perfect, the higher the regulatory costs,
Therefore, clear its own position, to determine the information security requirements, design reasonable information security system, formulate reasonable, operational management system, information security system, management system and its own position to match, this is the key to information security,
Five, the information security event analysis
For recent several information security incidents, to analyze their security system where out of the question, in May 2015, pay treasure to the large-scale access failure, cell phones and computers in many provinces and cities pay treasure to users of the country pay treasure can't login, balance error, finally find the communication line is the cause of all the physical damage, confirm the four levels, is "not to" protection problems, although in a few hours later resumed service, as for the current domestic technology level is quite good, but as one of the top Internet companies in China, basically represents the highest form of civil enterprises, we think the ideal situation is that even if appears on a communications link failure also can automatically switch to the backup line the road, in an instant basic feel failure, let the user want to know if it is a war, a few hours is enough to destroy a country,
In March 2014, ctrip user credit card information has been leaked serious accident happened, later said because developers opened the so-called debugging, the accident exposed the short version of what information safe? nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull