Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without.

Slides:



Advertisements
Similar presentations
Copyright © All Rights Reserved. 《小飞侠考试改卷系统》下载地址: 一线信息技术教师的烦恼 学生拨掉网线或禁 用网卡或乱改 IP , 或用软件终止电子 教室客户端 … 学生人数太多, 无法识别,难以.
Advertisements

智能楼宇酒店 GPON 与 LSW 技术选型场景分析. 1 楼宇型酒店接入网络面临挑战 多业务、高带宽  无线上网、电话、电视、视频监控、视频会议、信息发布 等业务独立部署,布线复杂,维护困难  多业务相互融合、高清业务的普及,对网络带宽提出了更 高的要求 楼层高,垂直布线难  双胶线有效传输距离短,高层楼宇需要部署中继设备.
全光酒店一房一线解决方案 一房一终端,一线三波、一线多能. 1 Content 方案效果 客户关键需求理解 全光酒店解决方案
无线酒店解决方案 -- 指尖上的酒店服务. 1 Content 方案效果 客户关键需求理解 无线酒店解决方案
酒店客房 PAD 融合业务方案技术分析. 1 项目背景 客户 ( 龙城花园酒店 / 喜达屋瑞吉酒店 ) 希望 华为提供创新的酒店方案,能够帮助酒店提 升行业内的知名度。如黄龙饭店效果。 酒店 ISV( 日顺等 ) 无法提供整体酒店解决方 案,需要与华为合作,提供有竞争力方案。 我司酒店解决方案缺少创新应用,行业内.
配色参考方案: 建议同一页面内 不超过四种颜色, 以下是 13 组配色 方案,同一页面 内只选择一组使 用。(仅供参考) 客户或者合作 伙伴的标志放 在右上角. 英文标题 :32-35pt 颜色 : R153 G0 B0 内部使用字体 : FrutigerNext LT.
晏宏斌工程师 2014 年 9 月 “ 宽带网络校校通 ” 校园网建设要点和基础维护方法. – 中小学校园网络建设要点 – 常见网络故障处理基本方法 目 录目 录.
Copyright © by ARTCOM PT All rights reserved. 大众媒体与医患关系 山东大学口腔医学院 郭春晓.
中国粮油国际有限公司(0506,HK) 二零零六年业绩公布 二零零七年四月十九日.
一张图读懂 中国乳制品行业现状及 发展趋势和前景.
泛舆情管理平台 ——助力媒体业务创新 新模式 新格局 创新盈利增长点 2/26/2017 1:59 AM 屈伟: 创始人,总裁
中国银行业前置端操作系统移植研究.
Copyright © 2011 All rights reserved.
动态网站开发 【HTTP与网络基础】 李博杰
拒绝服务攻击 DoS 攻击 LAND Teardrop, SYN flood ICMP : smurf
项目四:Internet基础与接入方法 第八章 应用服务器安装配置
第6章:计算机网络基础 网考小组.
课程名称 培训目标 学完本课程后,您应该能: 区分AP技术 描述CAPWAP隧道协议 华为技术有限公司 版权所有 未经许可不得扩散.
昆山华东信息科技有限公司 Copyright © 2009 ECI Corporation, All Rights Reserved
主耶穌阿, 多謝你愛我們, 並為我們釘在十架上。我承認我有軟弱的時候, 很多時得罪了你, 求你的寶血洗淨我們的罪, 接受我們作你的兒女。求你作我們生命的主。求主的聖靈在我們心中繼續工作, 幫助我們更認識你。求主堅固我們的信心, 使我們一生能跟隨你。 求你憐憫受戰爭影響的平民, 幫助他們身心得到飽足。主啊!
那些老生常談的事情... 遊戲橘子數位科技 集團人力資源總監 張文杰 2009/11/13.
This work is licensed under aCreative Commons Attribution-NonCommercial-ShareAlike License. Your use of this aterial constitutes acceptance of that license.
中国(成都)斯宝特房地产营销策划有限公司 2007年5月22日
生命本是一个完整的过程, 但这个过程, 我们画得不圆。
1. 设定愿景,确定业务场景 Microsoft Corporation
《计算机网络技术》 课程整体设计介绍.
计算机网络安全技术实验 启动虚拟机、GIF、measpoilt、.
第9周 DHCP的安装与配置 计算机网络基础.
数据转发过程.
第一章 網路攻防概述.
第十三章 以全球市場行銷策略談科技管理與創新-以三星電子全球布局為例
计算机系统安全 第10章 常用攻击手段.
从数铁轨的男孩到帆船运动员 —— 从一个业内外行的视角看产险精算师的发展定位
四川省集体林权流转平台 中国西部林权交易网
读秀学术搜索 读秀的图书搜索. 能够为我们解决一个 什么问题? 是什么东西? 读秀 1. 读秀知识库是以 170 万种中文图书、 6 亿页 全文资料为基础的超大型数据库。 2. 为读者提供深入到图书内容章节和全文的精 度检索,全面立体的多面检索,部分文献的 原文试读,以及参考咨询服务,是一个真正.
認識電腦程式著作及合法使用電腦軟體之說明
学习目标: 1)理解包和包过滤 2)理解包过滤的方法 3)设置特殊的包过滤规则
實驗8 ICMP協定分析 實驗目的 明瞭ICMP(Internet Control Message Protocol;網際網路控制訊息協定)的工作原理 解析ICMP協定下封包資料傳送的格式。
ARP攻擊&防治 演講學生: 陳柏任 指導教授:梁明章.
教师:陈有为 TCP/IP与Internet(A) 教师:陈有为
第3讲 网络安全协议基础 此为封面页,需列出课程编码、课程名称和课程开发室名称。
TCP和UDP基本原理.
網路服務 家庭和小型企業網路 – 第六章.
第 2 章 TCP / IP 簡介.
第十讲 TCP协议 协议概述 报文段格式 差错控制 流控和拥塞控制 TCP连接管理 TCP性能问题 TCP软件设计 2018/12/7
考试题型 填空题(30) 选择题(20) 名词解释(10) 问答题(24) 计算题(16) 附加题(30) 成绩核算:
网络系统集成技术 访问控制列表 Access Control List 第七章.
第4章 OSI傳輸層.
網路安全期末報告 Arp Spoofing A 謝靜芳 指導教授︰梁明章教授.
第十三章 TCP/IP 與 Internet 網路連結技術
iSoftStone Information Service Corporation
基于DHCP的 校园网准入及无感知方案研究 作者 王道佳 马严 黄小红 北京邮电大学网络技术研究院.
網路建構實習課 從防火牆到封包分析 3/25.
可愛的鍬形蟲 五年四班2.
Source: Journal of Network and Computer Applications, Vol. 125, No
網路安全管理 期末報告 A 許之青 24/04/2019.
NAT技术讲座 主讲:周旭 大唐电信科技股份有限公司光通信分公司 数据通信部.
大豆有望继续跨年度牛市行情 各位领导,各位同仁,大家下午好,我是浙商期货的徐文杰,今天下午我们团队将要讲的题目是 大豆有望展开跨年度牛市行情
4/30/2019 7:40 AM 約翰福音 15:9;17:20-23 加拉太書 6:1-2 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
DoS、DDoS網路攻擊 A 沈惇鈺 指導教授:梁明章.
5/5/2019 7:06 PM 两跨框架梁截面配筋图的绘制 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may.
科学架设和优化校园组网结构 提升内部网络访问和管理水平
5/15/2019 姓名: 公司名称: 云赛空间BP模板 Now let’s take a look at who we are, what we’re doing and why we’re doing it in China... This is an image of a technology.
IP Layer Basics, Firewall, VPN, and NAT
致新科技(8081.TW) 2016年第4季法人說明會 報告人 總經理: 吳錦川 2017 年 2 月17 日.
網際網路原理 網際網路源起與發展歷史 1968 ARPANET 1973 TCP/IP協定 1976 乙太網路,促成LAN的發展 … DNS
IP Layer Basics & Firewall
Bob Combs Lead Program Manager Microsoft Corporation
客家獅中的青獅(文的)和 黃獅(武的) 青獅(比較溫和;美濃才有) 黃獅(比較凶;內埔.萬巒才有).
Presentation transcript:

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. 1.TCP/IP 协议基础 2.TCP/IP 协议安全 3. 常见网络攻击方式 目录

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. TCP/IP 协议栈 - IPV4 安全隐患 1 缺乏数据源验证 机制 缺乏机密性 保障机制 缺乏完整性验 证机制 23

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. TCP/IP 协议栈常见安全风险 漏洞、缓冲区溢出攻击 WEB 应用的攻击、病毒及木马、 …… TCP 欺骗、 TCP 拒绝服务、 UDP 拒绝服务 端口扫描、 …… IP 欺骗、 Smurf 攻击、 ICMP 攻击 地址扫描、 …… MAC 欺骗、 MAC 泛洪、 ARP 欺骗 …… 设备破坏、线路侦听 应用层 传输层 网络层 链路层 物理层

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  物理设备破坏  指攻击者直接破坏网络的各种物理设施,比如服务器 设施,或者网络的传输通信设施等  设备破坏攻击的目的主要是为了中断网络服务  设备破坏攻击防范  主要靠非技术方面的因素,比如建造坚固的机房,指 定严格的安全管理制度,对于需要铺设在外部环境中 的通信电缆等,采用各种加强保护措施及安全管理措 施 设备破坏

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  物理层网络设备  集线器  中继器  无线网络  对线路侦听的防范  对于网络中使用集线器,中继器之类的,有条件的话置换设备为交 换机等  对于无线网络,使用强的认证及加密机制,这样窃听者即使能获取 到传输信号,也很难把原始信息还原出来 线路侦听 侦听者

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  MAC 欺骗是一种非常直观的攻击,攻击者将自己的 MAC 地址更 改为受信任系统的地址。  对于 MAC 攻击的防范措施  在交换机上配置静态条目,将特定的 MAC 地址始终与特定的端口绑 定 MAC 欺骗 F0-DE-F1-33-7F-DA 我也是 :F0-DE-F1-33-7F-DA E0 E1 仿冒者

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  MAC 泛洪攻击利用了:  交换机的 MAC 学习机制  MAC 表项的数目限制  交换机的转发机制  MAC 泛洪攻击的预防  配置静态 MAC 转发表  配置端口的 MAC 学习数目限制 MAC 泛洪 攻击者

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  当 A 与 B 需要通讯时:  A 发送 ARP Request 询问 B 的 MAC 地址  B 发送 ARP Reply 告诉 A 自己的 MAC 地址 ARP 欺骗 A B Hacker

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  节点间的信任关系有时会根据 IP 地址来建立  攻击者使用相同的 IP 地址可以模仿网络上合法主机,访问关键 信息 IP 欺骗攻击( IP Spoofing ) B: A: Sniffer request sniffered 攻瘫

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. Smurf 攻击 Victim: Attacker controls this host ICMP Echo request, src= dest = ICMP Echo replies

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. ICMP 重定向和不可达攻击 Many ICMP Redirect 受害主机 Attacker controls this host Many ICMP dest unreachable flood to x, src= 网关收到不 到数据包 Attacker controls this host 为什么收不 到数据包?

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  攻击者运用 ICMP 报文探测目标地址,或者使用 TCP/UDP 报文对 一定地址发起连接,通过判断是否有应答报文,以确定哪些目 标系统确实存活着并且连接在目标网络上。 IP 地址扫描攻击 攻击者

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. TCP 欺骗 主机 A 主机 B SYNseqack spoofed packet from C to A SYNseqack ACK 1 seqack spoofed packet from B to A 拒绝服务攻击 from C to B A 信任 B 攻击主机 C 非授权连接

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  SYN 报文是 TCP 连接的第一个报文,攻击者通过大量发送 SYN 报文, 造成大量未完全建立的 TCP 连接,占用被攻击者的资源。 TCP 拒绝服务 —— SYN Flood 攻 击 攻击者 Server Syn

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  攻击者通过向服务器发送大量的 UDP 报文,占用服务器的链路带宽, 导致服务器负担过重而不能正常向外提供服务。 UDP 拒绝服务 ——UDP Flood 攻击 UDP 攻击者 Server

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  Port Scan 攻击通常使用一些软件,向大范围的主机的一系列 TCP/UDP 端口发起连接,根据应答报文判断主机是否使用这些 端口提供服务。 端口扫描攻击防范 攻击者 Port Scan

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  攻击软件系统的行为中,最常见的一种方法  可以从本地实施,也可以从远端实施  利用软件系统(操作系统,网络服务,程序 库)实现中对内存操作的缺陷,以高操作权 限运行攻击代码  漏洞与操作系统和体系结构相关,需要攻击 者有较高的知识 / 技巧 缓冲区溢出攻击 Stack Data Code

Copyright©2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.  常见的攻击  对客户端的  含有恶意代码的网页,利用浏览器的漏洞,威胁本地系统  对 Web 服务器的  利用 Apache/IIS… 的漏洞  利用 CGI 实现语言 (PHP/ASP/Perl...) 和实现流程的漏洞  通过 Web 服务器,入侵数据库 针对 WEB 应用的攻击