Chapter 9 Information System Security and Social Responsibility 9.1 Summary of Information Security 9.1.l Definition of Information Security Information security refers to any measures to prevent unauthorized access to data, or to prevent the occurrence of information leakage, destruction, loss and other problems, so as to keep data away from danger and avoid the state or characteristics of threats. Information security hasand three characteristics: confidentiality, integrity availability. 9.1.2 Threats to Information Security The Composition of Hardware Facilities for Constituting Networks •Computer •network equipment •Transmission medium •Input and Output Equipment The Composition of Software Facilities Constituting Networks operating system •Network Communication Protocol •Application software •Network Management Software 9.1.3 Information System Security Countermeasure The formulation of information security countermeasures should follow: Choosing Advanced Network Security Technology Strict safety management Follow integrity and consistency Adhere to Dynamics Minimizing Authorization Implementing comprehensive defense Establishment of control points Weak links in monitoring Failure protection 9.2 Computer Virus and Its Prevention 9.2.1 Definition of Computer Virus Computer virus refers to a group of computer instructions or program codes that are programmed or inserted in a computer program to destroy the functions or data of the computer, affect the use of the computer and can be self-replicated. Computer viruses are destructive, infectious, latent, invisible, triggerable and unpredictable 9.2.2 Classification of Computer Viruses Guided virus File viruses Multi-Partite Virus Polymorphic/Mutation Virus Macro Virus 9.2.3 Prevention and Control of Computer Virus The prevention and cure of computer virus includes two aspects: Prevention Anti-Virus 9.3 Network Security Technology Summary of 9.3.1 Network Security The Concept of Network Security Three levels of computer network security Safety Technology Evaluation Criteria Five levels of network security The Concept of Network Security From the narrow point of view of protection, computer network security means that computer and its network system resources and information resources are not threatened and endangered by natural and man-made harmful factors. Generally speaking, all relevant technologies and theories concerning the confidentiality, integrity, availability, authenticity and controllability of information on computer networks are the research fields of computer network security.field Three levels of computer network security Safety legislation security management Safety technical measures Safety Technology Evaluation Criteria There are three safety technology evaluation criteria: Security Technical Standards for OSI Security Architecture The Security of National Computer Security Center (NCSC) Full technical standard Other important safety technical standards Five levels of network security User Layer Security Application Layer Security Security of Operating System Layer Data Link Layer Security Network Layer Security 9.3.2 Network Hackers The term "hacker" originates from Hacker in English. It means computer experts, especially programmers, who are enthusiastic about computer technology. They are responsible for checking the integrity and security of network systems. They are usually very proficient in computer hardware and software and have the ability to analyze systems through innovative methods. But now Hacker and racker are confused, and people usually call hackers the people who invade computer systems. 9.3.3 Security Attacks Common ways of attack are: Eavesdropping and snooping Service rejection counterfeit Data hijacking 9.3.4 Strategies to Prevent Hacker Attacks Strategies to prevent hacker attacks include: encryption Authentication Access Control Strategy audit Intrusion detection Other safety precautions 9.4 Data Encryption and Digital Signature 9.4.1 Data Encryption Technology There are two types of encryption technology used in network applications: Make a plan and complete a work acco rding to the steps and requirements of the plan, the result may be more satisfactory. The plan plays a ro le of supervisio n and s upervision, preventing and correcting deviations in the implementatio n pro cess. Without the planned work, we can not do it in accordanc e with normal a