Cybersecurity knowledge

Cybersecurity knowledge

1. Basic knowledge of network

1. What is included in a basic computer network system

Computer network operating system, computer hardware, computer software, computer equipment including switch routers and other connecting equipment and network protocols

2. What is a computer network

A collection of interconnected autonomous computers for the purpose of sharing resources

3. The TCP/IP four-layer model mainly used in Internet applications

From bottom to top, there are network interface layer, network layer, transport layer and application layer

4. The network level of the international standard is the OSI seven-layer reference model

From bottom to top, there are physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer

5. What is the deep web

The network where information cannot be found by traditional search engines

6. What is the dark web

A collection of resources that are stored in a network database that cannot be accessed through hyperlinks but need to be accessed through dynamic web technology

7. What is a surface network

The network where the information that can be searched by us with traditional search engines such as Google, Baidu, etc.

8. The role of the IP protocol

Send the packet to the target host

2. Agreement basis

1. The role of TCP protocol

Connection-oriented transport layer protocol

2. The role of the IP protocol

Send the packet to the target host

3. What is Hypertext Transfer Protocol HTTP?

The main format of the protocol used by the browser to communicate with the client is HTML

4. What is the file transfer protocol FTP

During the transmission process, you can choose between binary or text transmission. Two TCP connections will be established. One is used to send the transmission request and the other is used for the data connection used in the actual transmission.

5. The role of ICMP protocol

Once an abnormality occurs during the sending of IP data packets and the destination address of the opposite end cannot be reached, the sending end needs to be notified that an abnormality has occurred.

6. What is the email protocol SMTP protocol

You can send voice, image, text and even change the text size and color

7. What is the Simple Network Management Protocol SNMP

A standard protocol specially designed to manage network nodes in IP networks, including server workstations, routers, switches, and HUBS, etc.

8. The role of ARP protocol

A protocol that resolves the physical address, that is, the MAC address, from the IP address of the packet data packet

9. What is the remote login protocol in X Window System

X protocol

10. What is the Simple Network Management Protocol SNMP

A standard protocol specially designed to manage network nodes in IP networks, including server workstations, routers, switches, and HUBS, etc.

11. What is the remote login protocol in the BSD UNIX system

r command in rlogin

12. What is the remote login protocol TELNET and SSH

Remote login refers to the process in which users use commands to make their computer temporarily become an emulation terminal of the remote host

3. Cyber ​​attack technology

1. Denial of Service (Denial of Service, DoS for short)

Take advantage of a weakness in the transmission protocol or a vulnerability in the system or a vulnerability in the service to launch a large-scale attack on the target system, and consume the available system resources, bandwidth resources, etc. or cause it with massive data packets exceeding the target processing capacity The program buffer overflow error makes it unable to process normal requests from legitimate users. As a result, normal services cannot be provided, and eventually network services are paralyzed, or even system crashes

2. What are the consequences of DoS (Deny of Service) often referred to as denial of service?

This behavior will cause the normal use or management of communication equipment to be unconditionally interrupted. Usually destroy the entire network to reduce performance and interrupt service

3. What is filtering

Directly discard the suspicious messages that flow from the external network to the internal network without allowing them to enter the internal network. Such as firewall technology

4. What is testing

A method for judging or evaluating suspicious messages in the intranet. To a certain extent, it can also play a role in preventing attacks

5. What are the measures to prevent passive attacks?

Specific measures include the use of virtual private network V** technology, the use of encryption technology to protect information, and the use of switched network equipment, etc.

6. What are the main technical means to counter active attacks?

Filtering and detection

7. Man-in-Middle Attack

The attacker is in the middle of the communication link between the normal client and the server to eavesdrop or tamper with the communication data

8. What is passive attack?

The attacker does not make any changes to the data information, but intercepts or eavesdrops on the information or related data of the authorized user without the consent and approval of the authorized user

9. SQL injection attacks

Because the developer did not filter the input boundary or insufficiently filter when building the code. The behavior that causes the attacker to attack the back-end database through the injection point

10. What is a traffic analysis attack

Although the attacker cannot obtain the true content of the message from the intercepted message, the attacker can also determine the location of the communicating parties, the number of communications and the length of the message by observing the pattern of these datagrams to obtain relevant sensitive information.

11. Client-side Attack

The act of attacking client applications (such as browsers, mail receiving programs, word processing programs, etc.) by an attacker

12. What is a long-range attack?

The attacker's behavior of attacking the victim through the network can also be specifically divided into server-side attacks, client-side attacks, and man-in-the-middle attacks.

13. What does tampering with the message mean?

Some parts of a legitimate message are changed or deleted without authorization, or the message is delayed, changed order, etc.

14. What is meant by a server-side attack?

The attacker's behavior of attacking various network services (such as Web service, FTP service, Telnet service, etc.) of the victim's host

15. What is forgery?

An entity (person or system) sends out data information containing the identity information of other entities and pretends to be other entities in order to deceively obtain the rights and privileges of some legitimate users

16. What is the principle of wiretapping

The data transmission on the local area network is based on the broadcast mode, and the eavesdropper can fully grasp the entire content of the communication.

17. What are the specific measures for testing?

Including automatic auditing, intrusion detection and integrity recovery, etc.

18. What are local attacks?

The attacker can physically touch the victim's host and attack the host

19. What is an active attack

Modification of the victim’s message or denial of the user’s use of resources. Attack methods include tampering with the message, forging the message, and denial of service, etc.

20. What is the passive attack method?

Attack methods such as eavesdropping and traffic analysis

2. Cybersecurity incidents

1. Consequences of Linux system vulnerability CVE-2016-4484

Using this vulnerability, an attacker can gain root privileges of the system by pressing the Enter key 70 times continuously. And destroy Linux boxes

2. What is OpenSSL?

Is a powerful secure socket layer cryptographic library, including the main cryptographic algorithms, commonly used key and certificate packaging management functions, and SSL protocol

3. What is the cause of the vicious event that led to the unfortunate death of 18-year-old Xu Yuyu

Personal information leakage

4. What virus attacks suddenly broke out around the world on May 12, 2017

Wannacry Ransomware

5. Give examples of what important targets the blackmail worm has attacked

Including the British Medical System, the express company FedEx, the Russian Ministry of the Interior, the Russian Telecom Company, and Telefónica

6. Criminals use the purchased ID card household registration information

Open a bank card or third-party payment account

7. In 2016, OpenSSL revealed the consequences of a water prison vulnerability

The vulnerability affects some services and websites that use HTTPS. Using this vulnerability, an attacker can monitor encrypted traffic and read encrypted information such as passwords, credit card account numbers, trade secrets, and financial data.

8. What is the application field of the OpenSSL protocol

Widely used by important network services such as online banking, online payment, e-commerce websites, portal websites, emails, etc.

9. What is IoT-Reaper

A new type of large-scale botnet attack based on IoT. This technology can exploit the vulnerabilities of IoT devices to gain full access to the target device.

10. Consequences of Mirai botnet attacks

Paralyzed half of the U.S. network

Reference: Cyber ​​Security Knowledge-Cloud + Community-Tencent Cloud