网络安全核心技术:从攻击识别到防御实战
网络安全核心技术:从攻击识别到防御实战
ZlionWelcome to the world of Network Security! This post covers core attack types, defense technologies, and practical tools to secure your network. For deeper learning, check OWASP Documentation or join discussions on Stack Exchange Security.
Network Security Core Topics
- Common Network Attacks & Identification
Understanding typical attacks is the first step to defense. Below are high-risk attack types and their identification methods.
1.1 SQL Injection (SQLi)
An attack that inserts malicious SQL code into input fields to manipulate databases.
Example: A login form accepting ‘ OR ‘1’=’1 as username/password bypasses authentication.
Identification:
Scan a target URL for SQLi vulnerabilities
sqlmap -u “http://example.com/login?username=test&password=test“ –dbs
Check for unusual input characters (‘, “, ;, UNION) in request logs.
Use tools like sqlmap to detect vulnerabilities:
1.2 Cross-Site Scripting (XSS)
Injects malicious scripts into web pages viewed by others, stealing cookies or session data.
Types: Stored XSS (scripts saved in databases)、Reflected XSS (scripts in URL parameters).
Identification:
Test input fields with to see if scripts execute.
Use Burp Suite to intercept and analyze requests/responses.
1.3 Man-in-the-Middle (MITM)
Intercepts communication between two parties (e.g., Wi-Fi eavesdropping).
Identification:
Capture traffic on Wi-Fi interface (wlan0)
wireshark -i wlan0 -f “tcp port 80” # Filter HTTP traffic
Check for unexpected SSL certificate changes (browser warnings).
Monitor network traffic with Wireshark for unencrypted data:
More info: OWASP Top 10 Vulnerabilities
2. Key Defense Technologies
2.1 Firewall Configuration
A firewall filters incoming/outgoing network traffic based on rules.
Example: UFW (Uncomplicated Firewall) Setup
Install UFW (Ubuntu)
sudo apt install ufw
Basic rules: Allow SSH, HTTP, HTTPS; deny all others
sudo ufw allow 22/tcp # Allow SSH (port 22)
sudo ufw allow 80/tcp # Allow HTTP (port 80)
sudo ufw allow 443/tcp # Allow HTTPS (port 443)
sudo ufw default deny incoming
sudo ufw default allow outgoing
Enable UFW and check status
sudo ufw enable
sudo ufw status verbose
2.2 Encryption: Protect Data in Transit/Storage
Transit Encryption (TLS/SSL): Use Let’s Encrypt to get free SSL certificates:
Install Certbot
sudo apt install certbot python3-certbot-nginx
Get and configure SSL for Nginx
sudo certbot –nginx -d example.com
Storage Encryption: Use LUKS for disk encryption (Linux):
Encrypt a disk partition (/dev/sdb1)
sudo cryptsetup luksFormat /dev/sdb1
Open the encrypted partition
sudo cryptsetup open /dev/sdb1 encrypted_disk
Format and mount
sudo mkfs.ext4 /dev/mapper/encrypted_disk
sudo mount /dev/mapper/encrypted_disk /mnt/secure
2.3 Intrusion Detection/Prevention System (IDS/IPS)
Snort (Open-Source IDS): Monitor network for malicious activity:
Install Snort (Ubuntu)
sudo apt install snort
Configure Snort to monitor eth0 interface
sudo snort -i eth0 -c /etc/snort/snort.conf -A console
More info: Linux Firewall Guide
3. Practical Security Scanning
3.1 Vulnerability Scanning with Nmap
Nmap is a powerful tool for network discovery and port scanning.
Scan a target IP (192.168.1.100) for open ports and service versions
nmap -sV -p 1-1000 192.168.1.100
Detect OS version
nmap -O 192.168.1.100
Run a quick scan (faster, less detailed)
nmap -T4 -F 192.168.1.100
3.2 Web Application Scanning with Nikto
Nikto scans web servers for vulnerabilities (e.g., outdated software, misconfigurations):
Install Nikto
sudo apt install nikto
Scan a web server
nikto -h http://example.com -p 80,443
- Security Best Practices
Regular Updates: Keep OS, software, and firmware updated to patch vulnerabilities.
Update Ubuntu system
sudo apt update && sudo apt upgrade -y
Strong Authentication: Use 2FA (Two-Factor Authentication) for all critical accounts; avoid weak passwords.
Least Privilege Principle: Grant users/services only the permissions needed (e.g., avoid running apps as root).
Log Monitoring: Use tools like ELK Stack to centralize and analyze logs for suspicious activity.
More info: NIST Cybersecurity Framework
