网络安全模型分析及具体解决方案

11.1FBI7520InternetInternet1/41.1.1……[5]70%61%1258%1245%sniffer(TrojanHorse)1.1.2……TCP/IP1.2.3.4.5.6.7.8.CIH[6]35%25%15%10%10%5%1.1.31.2()1.2.11.2.3.1.2.2IT1.2.3()()1.2.41.31.3.11.3.2TCP/IP/OS1-1IP()1.3.3Internet1.2.3.4.5.6.7.8.1.41.4.11.2.3.={.}+…+{.}4.5.1.4.21.2.IPVPNSSLSHTTP/PGP1-23.()TCP/IP4.125.6.(1-2)+=(,)1.4.3TCP/IPTCP/IP()1.51.5.11-1InternetIPTCPTCP1-1()NetEyeDMZ(DemilitarizedZone)DMZNeteyeDMZ(NetworkAddressTranslation,NAT)DMZNATInternet,InternetDMZNATInternetNATNATIP()DMZ(B)CNetEyeDEtelnetGPGPHItelnetFABVPNCDNetEyeENetEyeFGHPGPI1-31.61-3IDS[5]200141543023%45%17%4305385550%100%130%(WebCGI)2.1.2()WebWeb/DMZNATDMZDMZ(DMZ)NAT2.1.32.1.42-12-12.22.2.1(2-1)()2-12.2.22-2(3721)TCPC/S2-22-32-42-5(2-3)WEBWEB(2-4)TCP()()(2-5)2.3WEB1.CPU400128MB5MWindowsNT4.0Windows200010MB/100MB2.……33.13.1.1(3-1)3-11977(DataEncryptionStandard,DES)64(856)64DESDES1976DiffieHellman(NewDirectioninCryptography)RSA1978MIT,DSARabinElGamalSCHNORRESIGN(3-2)RSA40204864RSASSLSSL128RSA()40RSA3-2DESRSA1.DESRSADES56RSA200DES2.RSADESRSADESDES3.DESRSA4.DESRSADESRSADESRSADESRSADES3.1.2AB,AABBAAHash()(digitaldigest)(digitalfingerprint)RSAHashMD2(MessageDigestV2)MD5(MessageDigestV5)Hash(SHA,SecureHashAlgorithm)Hashxf(x)f(x)xf(x)xHash(DIC)(MDC)HashHashHashhashhashhashHashhashhash64Hash(HashmHashHash(m)H(m))1.Hashc=H(m)m2.HashmH(m)3.,cmH(m)=c4.Hashc=H(m)cmmc5.Hashmm6.m,mH(m)128M1M21024101953841024M1M2,H(M1)H(M2)M1M2H(M1)H(M2)3-3HashMD5RonRivestHash128(128160)(3-3)3-4HashHash()HashHashHash(3-4)3-5(3-5)3.1.3(CACertificateAuthority)(CA)CACACASET(SecureElectronicTransaction)CAX.5093-6CA()CACACACA()CACACA(3-6)CACA3.1.4CryptoAPI(CryptographyAPICryptoAPI)CryptoAPICryptoAPICSPCryptoAPI(CryptographicServiceProvidersCSP)RSABaseProviderRSACSPCSPCSPCryptoAPICSP()CryptoAPICSPCSPCryptoAPISET/PCTPFXCryptoAPI(3-7)CSPCSPCSPCSPCSPDLLCryptoAPICSPCSPCSPCSP()CSPDESRC4CSP(3-8)CryptoAPICryptoAPIWindowsNT4.0Windows95OSR2CryptoAPIWindows2000MicrosoftVisualC++6.03-7CryptoAPI3-8CryptoAPI(SimplifiedMessageFunctions)(Low-levelMessageFunctions)(BaseCryptographicFunctions)(CertificateEncode/DecodeFunctions)(CertificateStoreFunctions)(PKCS#7)CryptoAPI(CryptoAPICryptoAPI)CSPCSPCryptoAPICSPCSPMCSP(MicrosoftBaseCryptographicProvider)CryptoAPI(CommonCertificateFunctions)(CertificateRevocationListFunctions)(CertificateTrustListFunctions)CSPCryptoAPICryptAcquireContestCSPCSPCSP(dwProvTypepszProvider)CSPCSPCSPpszContainerCryptoAcquireContextCryptReleaseContextCryptoAPI(sessionkeys)/(Public/Pri-vateKeyPairs)CSPCryptGenKeyCryptDeriveKeyCryptExportKeyCSPCSP(exchangekeypair)(digitalsignaturekeypair)CryptoAPI/CSPCryptoAPICSP(keyBLOBs)CSPCSPCSPCSPCSPCryptoAPICryptoAPICSPCSPCSP(3-9)CryptoAPICryptoAPICryptAcquireContextCryptExportKeyCSPCryptImportKeyCSP(PrivatekeyBLOBs)3-9CryptoAPICSPMD2MD5SHA1CryptCreateHashHashCryptHashDataCryptSignHashCertGetPublicKeyCryptCreateHashCryptHashDataCryptVerifySignatureCryptoAPI/CSPCryptoAPICryptEncryptCSPCryptDecryptCryptoAPICryptGenKeyCryptGenKeyCryptDeriveKeyCyptGenKeyCryptImportKey()CSPCryptDeriveKeyCryptDeriveKeyCryptoAPI2.0(CertificateStoreFunctions)(CertificateHelperFunctions)CRLsCTLsCryptoAPIROOT()3.2C/SWindowsSocketVisualC++6.0WindowsSocketC/S3.2.1C/S/(Client/Server,C/S)TCP/IP1.2.3.4.5.1.2.……3.3.2.2Socket80(Berkeley)TCP/IPUNIXBerkeley(BerkeleySocket)UNIXBerkeleyUNIXBSDUNIXSocketSocket()()SocketSocket/SocketTCP/IP(protocolport,)(portnumber)TCP/IP(well-knownport)01024TCP/IP1632Socket()(half-association)()(association)TCP(connectID)UDP3-10SocketC/SSocket(Socket3-10)accept()connect()SocketSocketsocket()socket()3UNIXAF_UNIX,AF_INET,AF_NSDOSWindowsAF_INET3socket()socket()bind()socket()(),bind()()connect()accept()connect()accept()0accept()4socket()bind()connect()accept()socket()bind()bind()bind()connect()bind()listen()socketaccept()sbacklog5listen()bind()sbacklogaccept()send()recv()send()recv()/selelct()select()closesocket()TCP3.2.3WindowsSocketBSDUNIXSocketWindowsSocketMicrosoftWindowsWindowsSocketWINSOCK1.0WINSOCK1.1WINSOCK2.0WINSOCK3.0WindowsSocketAPIBSDUNIXSocketWindowsBerkeleySocketWindowsWindowsWindowsSocketAPI3-11WindowsSocketWindowsSocketAPIWindowsSocket3-11WindowsSocketWindowsSocketAPIWindowsVCC++BuilderWindowsWinsockWindowsWinsockC/SVCVCWindowsUNIXWinsockUNIXsocketWindowsWinsockBSDUNIXSocket1.WinsockWinsock.dllWinsockAPIWSAStartup()WindowsSocketDLLWinsockSocketWSACleanup()WindowsSocketDLL2.WinsockWindowsWindowsWindowsWSAAsyncSelect()FD_READFD_WRITEFD_CONNECTFD_ACCEPTWindows3.BSDUNIXSocketWinsockWSAAsyncGetXByY()BSDWSACancelAsyncRequest()4.BSDUNIXSocketsend()sendto()recv()recvfrom()WinsockWindows5.WindowsBSDUNIXSocketWindowsWindowsSocketSocketCPUHOOK()WindowsWindowsWinsock(WSASetBlockingHook()WSAUnhookBlockingHook())6.WinsockWSAGetLastError()WSASetLastError()BSDUNIXSocketerrnoh_errnoWinsockWSA7.WinsockWindows(Windows3.1)Win