Monthly Archives: August 2010

常用认证中心 (CA)


CA三巨头: VeriSign, GeoTrust, Thawte  –都很贵,但会提供一些Trial Version



KeyPairGenerator, KeyFactory, KeyStore


KeyGenerator    — 用于生成Symmertric Key

KeyPairGenerator   –用于生成Public/Private Key对

SecretKeyFactory — 把代表对称密钥的byte[] 变回 Key对象

KeyFactory  — 把代表非对称密钥的byte[] 变回 Key对象

KeyStore  —  in-memory collection of keys and certificates

Network Security Essentials — Notes10. Firewall

Firewall’s Goals

  1. All traffic must pass through the wall

  2. Only authorized traffic is allowed to pass

  3. Immune to penetration


  1.Service Control    — "This IP is blocked"

  2.Direction Control  — "Currently we only allow outside traffic"

  3.User Control       — "You are not allowed to get in"

  4.Behavior Control   — "You can’t send spams to me"

Types of Firewall

   1.Packet-filtering Router — Filtering based on info in TCP/IP headers, including

      a.Source IP

      b.Destin IP

      c.TCP Port number

      d.IP Protocol Field

      e.Rooter’s Interface  (Interface for inside traffic or for outside traffic)

   2.Application-level Gateway = Proxy, inspecting application-level messages

      a.Advantage: More secure than packeting-filter

      b.Disadvantage: Too much additional overhead

   3.Curcuit-level Gateway 

Network Security Essentials — Notes9. DDOS

1.Distributed DoS: Attacker recrits a number of hosts to simulataneouly or coordinately launch an attack upon the target

2. What is it?

  a. Classification of DDOS in terms of resource type:

   i. Attack the host (SYN attack e.g.)

   ii. Attack the network (ICMP EHCO attack e.g.)


  b. SYN flood attack

    i.Zombie sends a TCP/IP SYN packet with an errorneous return IP address

   ii.Server then tries to establish a TCP connection with a wrong IP

  iii.Server will keep waiting since the "client" will never response

   iv.The server will soon be not able to accept more TCP/IP connections

  c.Attack: Use up server’s disk space by sending emails, or generate errors to increase log file, or sending files to FTP

  d.ICMP ECHO Attack => Will take down the server’s router

    Two models:

      i. Zombie sends "ICMP ECHO" to server with spoofed IP address  –> Server will then try to reply –> its router will be flooded

     ii. Zombine sends "ICMP EHCO" to a middle layer of computers with the server’s IP as the source IP  => This millde layer of coumptuters (Called Reflector) will then reply echoes to the Server => server’s router will be flooded

3. How to get Zombines?

   Vulnerability Scan => Zombine Software Implantation

Network Security Essentials — Notes8. Malicious Software

Malicious Software: Virus, Worm, Tojon ….

1.Division of Malicious Software


  a.Division Method #1

     i. Software that needs a host program, viruses, logic bombs, backdoors e.g.

    ii. Software that is independent, worms, zombie programs e.g.

  b.Division Method #2

     i. Software that replicates, such as viruses and worms

    ii. Software that doesn’t replicate, such as logic bombs, backdoors, zombine programs

2.Backdoor: A secret entry point into a prgram. For example, backdoors set by programmers to debug and test programs

3.Logic Bomb: "explode" when certain conditions are met. Explosion includes alter data, delete data and so on

4.Trojan Horse: Implant in a victim system which enable the attacker’s access to the system

5.Zombie(肉鸡): Secretly taking over another computer and using it to launch attacks that are difficult to trace to the attacker. It’s often used for DDOS attack.

6.Virus: "Infecting" other programs by modifying them. It will execute and replicate when the host program is run. Host problem can be executable binary program or MS Word Micro/Email.

7. Worms: Replicating and send copies across network.

   The entwork vehicle includes

        a. sending copy of self via EMAIL

        b. EXECUTING self in a REMOTE machine

        c. REMOTE LOGIN and then copy self.


  a. Model:

       Detecting -> Identifying virus -> Remove virus from host program

    or Detecting -> Remove infected files -> Reload a clean backup version

  b.Detecting Methods

      i.Detecting known virus by scanning the virus’es signature

     ii.Scanning code fragments that are often associated with viruses

    iii.Checking the lenght of the file


      v.Residing in memory and detect unusual actions of programs, such as deleting a file or formating a disk.