With the development of cloud technology, all major banks, large and small enterprises and governments are using cloud technology frequently. In these fields, security is obviously a very important factor. As a place for data storage, virtual machine is facing the threat of constant intrusion from hackers. What is the host security?
Host security specifically refers to ensuring the confidentiality, integrity and availability of the host in data storage and processing. It includes the self security of hardware, firmware and system software, as well as a series of additional security technologies and security management measures, so as to establish a complete host security protection environment.
Host security research direction
The host security mainly studies the security problems of Windows, Linux and micros systems. The host security direction needs to solve how to ensure the security of computers and servers. As we all know, once the server is invaded by hackers, the enterprise faces four security risks:
- Business is interrupted: databases and files are tampered with or deleted, resulting in inaccessible services and system paralysis.
- Data theft: hackers steal enterprise data and sell it publicly, and customer privacy data is leaked, causing damage to the enterprise brand and loss of customers.
- Encrypted blackmail: After hacking into the server, the hacker encrypts the data and extorts money from the enterprise by implanting irreversible encryption blackmail software.
- The server is unstable: hackers run mining programs in the server and gain economic benefits through DDoS Trojan programs, consuming a large number of system resources, resulting in the server being unable to provide normal services.
Host network security architecture
Host network security is a security system built around the protected host. The elements it considers are IP address port number protocol, even MAC address and other network characteristics, user resource permissions, and access time and other operating system characteristics. And through the comprehensive consideration of these characteristics to achieve user network access fine-grained control.
In addition, considering the security during network transmission, the host network security system also includes secure transmission with users and adjacent servers, as well as authentication services to prevent identity fraud.
What are the key technologies of host network security?
The host network security system involves too many technologies. Here are four common ones.
1. Intrusion detection
Human intrusion detection is an important part of host network security. It can realize the complex information system security management, collect information from the target information system and network resources, and analyze the human intrusion signals from the outside and inside of the network to respond to the attack in real time.
Intrusion detection systems are generally divided into host based and network-based.
The main feature of host based intrusion detection is to use host sensors to monitor the information of the system. The advantage of this technology is that it can be used for monitoring in a distributed encryption and switching environment to link specific problems with specific users. The disadvantage is that it increases the burden of the system.
In the host network security architecture, host based intrusion detection technology is used to protect hosts. It can monitor suspicious connections in real time, check system logs to monitor illegal access and typical applications. It can also judge the intrusion events of the application layer according to the characteristics of different operating systems. Monitor the process results of system qualitative file attribute sensitive data attacks. It can accurately judge the intrusion event, and quickly respond to the intrusion event. Combined with the packet filtering function module on the host, it can cut off the network connection from the suspicious address.
The main feature of network-based intrusion detection is the information collected by the network monitoring sensor monitoring packet listener. It can not review the content of encrypted data flow, and is not not effective enough for high-speed networks.
2. Access control
In general, access control is to provide a set of methods to identify, organize, and host all the functions in the system, organize, identify, and host all the data, and then provide a simple and unique interface, one end of which is the application system, and the other is the permission engine.
The permission engine only answers: who has the permission to implement an action (movement, calculation) on a resource. There are only three returned results: Yes, No, and Permission Engine Exception.
Access control is a technology that both computer system and non computer system need to use.
Access control is a technology that restricts users’ access to certain information items or the use of certain control functions according to their identities and their belonging definition groups. Access control is usually used by system administrators to control users’ access to servers, directories, files and other network resources. The principle of UniNAC network access control system is based on this technology.
3. Encrypted transmission
Encryption transmission technology is a very effective network security technology, which can prevent important information from being intercepted and stolen on the network.
Encrypted transmission is to encode and decode information for security purposes. The basic process of data encryption is to translate readable information (clear text) into ciphertext (or password) in code form. The reverse process of encryption is decryption.
4. Identity authentication
User identity authentication is an important line of defense to protect the host system, and its failure may lead to the failure of the entire system.
Identity authentication is the process of determining whether someone or something is worthy of its name or valid. The basic idea of authentication is to achieve the purpose of authentication by verifying the authenticity and validity of one or more parameters of the addresser.
The main purposes of authentication are source identification and information integrity verification. A safe and feasible authentication system should be based on cryptography. User identity authentication can identify legal users and illegal users, thus preventing illegal users from accessing the system.
Future development of host security
Host security is an important branch in the field of network security. In the face of the endless and unpredictable hacker attacks, traditional prevention and defense strategies have become impractical.
First, the positioning of attackers and defenders determines the great disparity in strength. The traditional detection technologies based on alarm or existing threat characteristics (firewall, IPS, anti-virus, sandbox and other passive defense means) increase this disparity.
It is understood that many enterprises that have been attacked by hackers have already built a security defense system, but due to the shortcomings of their own detection system in dealing with unknown threats, they can not find or prevent threats in time to minimize losses.
The specific deficiencies are as follows:
Single detection technology: signature based detection technology can not detect unknown threats, and can not locate lost hosts.
Lack of continuous detection: it can only detect periodically, and cannot cover the full life cycle of threats.
Linkage failure: each security detection product works independently, and the attack alarm information is fragmented, so linkage failure occurs.
Secondly, compared with the past, the current security attack defense confrontation is more intense, and the effect of simple prevention and blocking is not good, so more efforts should be made in detection and response. Enterprise organizations should build a new security protection system that integrates defense, detection, response and prevention under the assumption that they have been attacked. It can be seen from the rules of the network exercise in June 2019 that the system is not required to be free from intrusion, but the rapid response capability after intrusion is emphasized.
Finally, with the rapid development of Internet cloud computing, the trend of multi cloud and cloud native has gradually become the mainstream. In the face of new architectures such as multi cloud and cloud native, new architectures are also emerging. How the original host security products adapt to the new architecture has also become a topic that enterprises have to consider.
In order to adapt to the continuous evolution of the external environment, the host security protection software is also constantly updated and iterated, and a series of host security products in subdivided fields have been derived.