Security Problems in the TCP&IP Protocol Suite

I.J. Wireless and Microwave Technologies,2011, 3, 21-28Published Online June 2011 in MECS ()DOI: 10.5815/ijwmt.2011.03.04Available online at /ijwmtA Scalable Simulation Method for Network AttackJinsong Wang a, Wenchao Dou b, Kai Shi ca,b,c Tianjin Key Lab of Intelligent Computing & Novel Software Technology, Key Laboratory of ComputerVision and System, Ministry of Education, Tianjin, ChinaAbstractIn order to found a scalable platform for attack resistance test, this paper proposed a simulation method for network attack. We designed a modular framework and using XML to describe the test cases. We also realizedboth stateful and stateless attacks by Socket programming and Jpcap packet forging method. Experiment results showed that the system has good scalability and provides a template-based testing circuit.Index Terms: transportation network; computer network; reliability; strategy© 2011 Published by MECS Publisher. Selection and/or peer review under responsibility of the Research Association of Modern Education and Computer Science1.IntroductionWith the rapid development of network technology, the number of network security threats grows more quickly. As the members of the network interconnection use network protocols and network protocol itself is ahighly complex set, also some programmers do not have rigorous programming habit, attacks against network protocols continue happens. In 2006 alone, US-CERT [1] (U.S. Computer Emergency Response Team) had reported 60 million information security incidents. In which 2453 are database security vulnerabilities, and about1,000 vulnerabilities are related with network protocol; CSI/FBI also reported [2] that in the 597 companies surveyed, 66% of them are using penetration testing techniques and automated tools, hoping to find security vulnerabilities as soon as possible; in 2007, widely deployed Cisco routers in network infrastructure had repeatedly found serious flaws, such as Secunia Advisory: SA23867 [3], CNNVD (China National Vulnerability Database) -200701-136 [4], etc. The attacker can forge network packets directly against network protocol of remote device, these attacks are often a direct threat to the security of the entire internet. As one of the main objectives in network protocol design and implementation process, reliability and security demand are increasedto a new level, developing vulnerabilities mining tools of network protocols is urgently needed.At present, the researchers made a number of related researchs on attack simulation method. SUN Chang-hua[5] analysed DDoS (Distributed Denial of Service) and made a classification for it; GUO Er-wang [6] realized a variety of buffer overflow attacks. These researches mainly focused on attack theory and single type attacks butdid not form an intuitive, specific, extendible attack model.Foundation Item:A National 863 Project(2007AA01Z450); a Key Projects in the Science & Technology Pillar Program of Tianjin(08ZCKFGX00600); and an Information Technology Project of Tianjin(091052012)In order to provide a better security strategy by studying the principles of attack methods, this paper proposed an attack simulation based testing method and achieved a modular network attack testing system with good scalability, provided a reference for improving network security mechanisms.2.Attack Resistance TestIn network security test, a commonly used approach is by simulating network attack to make early detection of network security problems and take appropriate measures to reduce the possibility of malicious intrusion; this process is called ART (Attack Resistance Test).According to the process of attack-side against DUT (Device Under Test) and the relevance among packets' context, an attack process can be divided into two types of stateful and stateless. In a stateful attack process, the attacker tries to send a packet and look forward to getting the response from a DUT, it will not send the next packet until gets the response. After sending the next packet it still has to wait for the corresponding response from the DUT. After one or more packets’ interactions, the system will be introduced into a particular state. Only at this time, the packet sent from the attack-side will have attack effect and we can see whether the DUT has been tested to make the right response or trigger vulnerability, as shown in Fig. 1(a) below. In a stateless attack process, the attack-side forges packets to flood a DUT and never looking forward to getting the response from the DUT, each input is independent, we can see the status of DUT at any time and whether the attack triggers vulnerability. Fig. 1(b) shows the case of stateless attacks that did not forge source IP address.(a) Stateful attack (b)Stateless attackFig 1. A ttack process3.Frame DesignOur framework of the testing system is as shown in Fig. 2. The system includes a control desk, a policy editor tool, some test cases and an attack simulator.Fig 2. S ystem framework3.1.Control DeskThe attack-side: A tester uses the attack simulator and policies returned from the policy editor tool to send assembled packets to a DUT (a computer or a network device) for attack resistance test. In this process, the tester can use sniffer tools such as Sniffer Pro or Wireshark installed in the control desk to view and analysis the interactive data between the attack-side and the DUT. For example：1)For remote attacks, we can monitor returned packets or search whether there is a “The Connection Closed By Remote” like obvious error message.2)For local tests, if the response from a target device does not meet the RFC (requests for comments) standard, the device is in abnormal state. We can use Syslog, SNMP (Simple Network Management Protocol) to detect the DUT's serious disorders of hardware and software, such as system crash, restart, dead system process or output segment errors, etc [7].3.2.Policy Editor ToolThe policy editor tool is the core of an ART (Attack Resistance Test) and in vulnerability mining. It is responsible for selecting and parsing one or more attacks from test cases. These attacks may include two types of stateful and stateless or just one type. The interface design of policy editor tool is as shown in Fig. 3.Fig 3. I nterface design of policy editor tool3.3.Test CasesIn order to realize good scalability in our framework, the system uses XML language which has the advantage of flexible data structure description to describe test cases. The XML description can overcome the difficulty of complex parameters in both stateful and stateless test cases, but in order to achieve a complex attack resistance test and build reasonable testing data, tester still need to know norms and standards of each protocol. For system description, there is a corresponding XML type file for each attack, which describes the corresponding characteristics of a specific attack, including attack description, protocol used, field values and other information; for system implementation, we use java DOM (Document Object Model) to parse XML files to obtain fieldinformation of test cases. Furthermore, this system can call the corresponding function to generate random value and add it to the appropriate field according to the type and range of field value.3.4.Attack SimulatorThe attack simulator is installed in the control desk, by editing the parameters: source IP address, destination IP address, source MAC address, destination MAC address, destination port and testing duration, combined with field values returned from policy editor tool to realize specific network attack simulation and display some response of DUT. The interface design of attack simulator is as shown in Fig. 4.Fig 4. I nterface design of attack simulatorThe complete process of attack simulation is as shown in Fig. 5.Fig 5. T he complete process of attack simulationWe will give a detailed description of the realization of stateful and stateless attacks in the next section.4.Impelemetation4.1.Socket programming to realize stateful attackThe stateful attack is also called application-based attack, it requires the interactive data between the attacker and the DUT must according to context. The typical approach is to establish a connection at first by a TCP three-way handshake process.From the perspective of network security, according to the TCP/IP requirements, the use of TCP protocol for communication need to provide two sequence numbers to ensure synchronous connection and secure communication, it is very difficult to forge sequence number, that is the reason why this article does not use Jpcap to forge packets but use real IP address to ensure the connection synchronized.A stateful attack is based on the context of the interaction process with the logic of concrete chronological and input accuracy. Therefore, the attacker sent a packet needs to wait until it receives DUT's response, based on which the attacker sends a next packet. Thus, it is required a RTT (Round-Trip Time) which changes according to different testing environment. In order to achieve proper interaction and minimize waiting time more than RTT, system defines the "time" attribute in XML files of stateful attacks which value represents how many milliseconds to wait between two packets sent from attacker. A typical test case is shown in Fig. 6.Fig 6. f tp_buffer_overflow_129According to the description of above test case, the specific testing process is described as follows:First, through a three-way handshake with the FTP server (DUT) to establish a connection, then the attacker sends the value of "sentence1" (Expressed by "A", 129 bytes) to input user name, after waiting for 400 milliseconds, sends the value of "sentence3" (Expressed by "A", 129 bytes) for password confirmation, followed again the attacker uses available port for three-way handshake with the FTP server, repeat this process. The logic of this test case is whether the attack-side received the response "331 User name okay, need password" within 400 milliseconds after attacker sent user name string. The meaning is mining buffer overflow vulnerability from FTP server.The system also implements a http GET flood, using long format string (eg “%n%n%n%n%n%n”) to fill up http Method content, and random length format string to fill up http Method for fuzz testing, etc. It is usually identified with special characters to distinguish data from different upper layer protocols. For example, it must fill each request field with "\r\n" at the end when the upper layer uses http protocol.Table I shows the main implementation in java code.Table 1Java main code for realizing stateful attack4.2. Jpcap programming to realize stateless attackJpcap is a java class library which allows java applications to capture or send packets. In order to provide a public interface to achieve platform independence, Jpcap calls winpcap in windows platform and libpcap in unix platform. The most important class for Jpcap to forge packet is JpcapSender, it is used to send the constructed packets.According to different protocols the packets used, in Jpcap library, the hierarchy of main packet classes is as shown in Fig.7.Fig 7. T he hierarchy of main packet classes described in JpcapStateless attack also known as network-based attack, the interaction between attack-side and DUT does not according to context, each test case need only describe the fields of a packet and then flooding it, and each field can be forged or set random values. A typical example of SYN Flood, using XML to describe the fields of the packet is as shown in Fig. 8.Fig 8. S YN Flood described by XMLThis test case uses TCP as transport layer protocol, uses IP as network layer protocol for forwarding packets, runtime meaning of field value is described in Table II below.Table 2Runtime meaning of field valueThe significance of this test case is to use random source IP addresses flooding request DUT and generate a large amount of semi-connections to occupy DUT's resources.For the experiment in LAN environment, we use this test case to attack port 139 of DUT with CPU Pentium4 2.40GHz, Memory 512MB, causing DUT's CPU occupancy rate maintains over 98% most of the attack duration.In the XML description, the system supports a variety of input forms for each characteristic field: one can specify a fixed value, a function similar to “randomIP” or a variable similar to “toIP” submitted by the attacker. The meaning of all fields can refer to Jpcap document [8].In stateless test cases, the system includes some typical attacks, such as ARP flooding, fuzz testing for all fields of the ARP protocol, all kinds of ICMP reports flooding, land attack, port scanning, and UDP flood.In the process of select attacks, although you can choose as many test cases for attack resistance test, but if some threats in selected attacks are conflict with the rest of the selected attacks, or excessive number of selectedthreats, this will cause large quantities consumption of network resources and thus affect the overall testingperformance. In practice, according to our testing results, the best way is to select one type of stateful or stateless attacks in different test plans and limit the number of test cases selected no more than 20 for each test.5.ConclusionBased on the theory of stateful and stateless attacks, this paper developed instances of socket programming based stateful attack and Jpcap programming based stateless attack, also introduced several test cases with XML description, the significance is to provide a referable implementation that can simulate network attacks for attack resistance test. In this method, the testing system uses XML language to describe the interface of test cases, tester can create or modify XML documents according to their own requirements to integrate the latest attack library. Furthermore, the tester can also define a function for generating random values to fuzz test a field of a protocol. Through practical use, experiments show that the attack simulator has good scalability and attack effect. In the future, we will test more attack types and try to support more network protocols in the simulator. AcknowledgmentThis work was supported in part by a National 863 Project (No. 2007AA01Z450), a Key Project in the Science & Technology Pillar Program of Tianjin (No. 08ZCKFGX00600), and an Information Technology Project of Tianjin (No. 091052012).References[1]US-CERT Vulnerability Notes. /.[2]L. Gordon, P. Loeb, W. Lucyshyn and R. Richardson. 2005 CSI/FBI Computer Crime and Security Survey. Computer Security Institute. 2005.[3]Secunia Advisory. Cisco IOS Multiple Vulnerabilities. (2009207215). /advisories/23867.[4]China Information Security Evaluation Center. China National Vulnerability Database. (2009210218). .[5]SUN Chang-hua, LIU Bin, “Survey on New Solutions Against Distributed Denial of Service Attacks”, ACTA ELECTRONICA SINICA, 2009, 37(7) (in Chinese).[6]GUO Er-wang, XIA Nai, “A Generic Testbed for Security Enhancement Tools”, Computer Engineering and Applications, 2006.30(in Chinese).[7]ZHANG Bao-feng, ZHANG Chong-bin, XU Yuan, “Network protocol vulnerability discovery based on fuzzy testing”, J Tsinghua Univ (Sci & Tech), 2009, 49(S2) (in Chinese).[8]Keita Fujii. Jpcap a Java library for capturing and sending network packets.[2007-10-19]. /kfujii/jpcap/doc/.。

关于黑客的英语阅读理解一、阅读理解Hackers: The Good, the Bad and the MysteriousIn the digital age, the term "hacker" is often associated with illegal activities and security threats. However, not all hackers are malicious. There are different types of hackers with diverse motives and actions.White - hat hackers are the "good guys" in the hacking world. They use their skills to find security vulnerabilities inputer systems, networks, or software applications. Their intention is not to cause harm but to help organizations improve their security. For example, manypanies hire white - hat hackers as ethical security consultants. These hackers will perform penetration testing, which is a legal and authorized attempt to break into a system to identify weak points. By doing so, they can provide valuable information to thepany on how to strengthen their defenses.On the other hand, black - hat hackers are the ones we usually fear. They break into systems with malicious intent. This can include stealing sensitive information such as personal data, financial information, or corporate secrets. They might also disrupt services by launching denial - of - service (DoS) attacks, which overload a server with requests and make it unavailable to legitimate users. Black - hat hackers often operate for financial gain, revenge, or just for the thrill of causing chaos.Then there are grey - hat hackers. These hackers are in a sort of middle ground. They may find security flaws in systems without permission, but instead of using them for evil purposes immediately, they might disclose the flaws to the system owners, sometimes asking for a reward. Their actions are not entirely legal or ethical, as they do violate the privacy of the system in the process of finding the flaws.The skills that hackers use can be quiteplex. They are proficient in programming languages, network protocols, and operating systems. For instance, knowledge of languages like Python and C can help them write scripts to exploit vulnerabilities. Understanding network protocols such as TCP/IP allows them to analyze how data is transmitted across networks and find potential entry points.In conclusion, the world of hackers is aplex one. While we need to be vigilant against black - hat hackers, we should also recognize the value that white - hat hackers bring in enhancing security. And the grey - hat hackers remind us that the line between ethical and unethical behavior in the digital realm can be somewhat blurred.Questions:1. What is the main difference between white - hat hackers and black - hat hackers?2. What is penetration testing?3. Why do black - hat hackers break into systems?4. What are grey - hat hackers' characteristics?5. Why are programming languages and network protocols important for hackers?Answers:1. White - hat hackers use their skills to find security vulnerabilities to help organizations improve security, while black - hat hackers break into systems with malicious intent, such as stealing information or causing disruptions.2. Penetration testing is a legal and authorized attempt by white - hat hackers to break into a system to identify weak points.3. Black - hat hackers break into systems for financial gain, revenge, or the thrill of causing chaos.4. Grey - hat hackers find security flaws without permission and may disclose them to system owners, sometimes asking for a reward. Their actions are not entirely legal or ethical.5. Programming languages help them write scripts to exploit vulnerabilities, and network protocols allow them to analyze data transmission across networks and find potential entry points.二、英语释义1. Hacker: A person who usesputers to gain unauthorized access to data or systems. (一个使用计算机未经授权访问数据或系统的人)2. Vulnerability: A weakness or flaw in aputer system or network that can be exploited by attackers. (计算机系统或网络中可被攻击者利用的弱点或缺陷)3. Penetration testing: The process of testing aputer system, network, or application to find security weaknesses by attempting to break into it in a legal and authorized way. (以合法和授权的方式试图侵入计算机系统、网络或应用程序以发现安全弱点的过程)4. Denial - of - service (DoS) attack: An attack where a large number of requests are sent to a server, overloading it and making it unavailable to legitimate users. (向服务器发送大量请求，使其过载并无法为合法用户提供服务的攻击)5. Ethical: Morally right or conforming to accepted standards of behavior. (道德上正确或符合公认的行为标准)三、短语1. be associated with: 与……有关联- His name is often be associated with great inventions. (他的名字经常与伟大的发明联系在一起。

AbstractThe rapid development of the Internet brought great convenience to people's life, but at the same time, the Internet is faced with an unprecedented threat. Therefore, how to use effective and feasible ways to keep the danger of the Internet within the acceptable range attracts more and more attention. And how to implement prevention strategies depends first and foremost on the security of the current system. Therefore, the risk assessment in the independent elements of the network security ,including firewall, vulnerability scanning, intrusion detection and anti-virus, is essential.Firewall is a more mature current network security technology. Its security relates directly to the users' vital interests. As for the independent elements of network security ---the firewall technology, through the analysis of the log file on the firewall, the design of mathematical model and prototype software, the points system, and the judgement of the system's security level, we can achieve the network security risk assessment of the destination network, and provide scientific evidence for the improvement of the system's security.Key Words：Network Security，F irewall，P revention Strategy，ContentChinese abstract................................................... .. (Ⅰ)English abstract (Ⅱ)Content (1)1.Introduction (4)1.1Research background (4)1.2Research purposes (4)1.3Thesis structure (6)work Security (7)2.1Network security problem (7)2.1.1 Main threats to network security (7)2.1.2Factors affecting network security (8)2.2Measures of network security (8)2.2.1Perfecting legislation of computer safty (9)2.2.2 Key technologies for network security (9)2.3Proper measures for network management (10)3.Summery of Firewall (12)3.1Firewall concept (12)3.1.1 Traditional firewall introduction (13)3.1.2 Intelligent firewall introduction (14)3.2Firewall functions (15)3.2.1 The major functions (15)3.2.2 Intrusion detection (16)3.2.3 Virtual private network (18)3.2.4 Other functions (18)3.3.Firewall principles and classification (18)3.3.1Packet filter (18)3.3.2Application level proxy (19)3.3.3Proxy service (20)3.3.4Hybrid firewall (21)3.4.Packet-filtering Technologies (21)3.4.1Table structure (22)3.4.2Traditional packet filtering (23)3.4.3Dynamic packet filetering (25)3.4.4Deep packet inspection (26)3.4.5Flow filtration technology (27)4.Firewall Configurations (30)4.1Hardware connection and impletation (30)4.2 Feature set (31)4.3Configuration and implementation (31)5.The Development Trend of Firewall (34)5.1Firewall technologies (34)5.2Firewall architectures (35)4.3Firewall system management (36)5.Conclusion (37)6.Bibliography (38)7.Acknowlegements (40)1.Introduction1.1Research backgroundWith the proliferation and development, and purticularly the extensive use of the Internet, computer application develops into a greater extent and depth. Meanwhile, we have to notice that although the network has many powerful functions, it is also vulerable to the attacks. According to FBI statistics, the annual economical loss resulted by network security is up to 7.5 billion dollars in the United States, and a computer intrusion through Internet occurs every 20 seconds in the world. In China, hacker attacks and the damage caused by computer viruses also resulted in great economical loss. While utilizing the advantages of the network, we should never neglect the network security. So, how to build a safe network system deserves our attention and research.1.2Research purposesThe firewall technologies have emerged in recent years and served as solutions to the security problems of the personalnetwork in the Internet age. Firewall has strong practicability and pertinence. It provides complete solutions to the network security for the personal users, and it can effectively control the PC users to send and receive information on the Internet. Based on personal needs, the users can setup parameters to control the information communication between their computers and the Internet and stop the attacks from the malicious information. Such as ICMPnood attack,chat-room bomb, Trojan decoding the message and changing the email passwords. Besides, firewall can record other system's attempted visit to the local system in a real-time mode, so that when connecting to the Internet, the computer can avoid the attacks from the Internet and the security threat of information leakage.Firewall can protect us from hacker attacks in a real-time mode when we surf on the Internet. We can create firewall rules according to our needs, in order to control all the connections from the Internet to PC and from PC to the Internet and prevent the intrusion. Firewall can effectively stop different malicious attacks and protect the information. The information leakage prevention can assure us of safe Internet surfing and check the spread of the email viruses. Email content inspection can monitor the email system in a real-time mode and stop all malicious actions upon the hardwares.Personal firewall refers to that on the stand-alone Windows system, we take some safety prevention measures to protect the host. Personal firewall is a small security protect software and is stand-alone operating-system-oriented . It filters the message of TCP, UDP, and ICMP under certain rules, monitor the network information flow and system process, and prevent the malicious attacks. In the current market, most firewalls are gateway firewalls. Although they have many powerful functions, these firewalls, based on the hypothesis that the network is safe and reliable and all the threats is from the outside Internet, can only prevent the threats from the outside Internet and cannot stop the threats within the network, Therefore, it is hard to achieve safe communication within the Local-Area Network of an organization, and to resolve the security problems of the dial-up network users' computer. And most personal users are placed in a network without security protection while surfing on the Internet.The personal network users mainly use Windows operating system, but the Windows operating system, purticularly the WindowsXP system, has low security. Various Windows loopholes have been announced continuously, and host attacks have been rising.The attacks are generally realized though the security loopholes of the operating system and the communicationprotocols. For example, the fake IP packages cheat the both sides of communication：sending a great number of data packets to the host to exhaust the source in the host, and blue screen. Therefor, it is neccessry to develop effective personal firewalls to protect the safe communication of the host.1.3Thesis structureThe arrangement of the next chapters should be as follows:2.Analysis of network security problems; the major threats to the network security; the factors affecting network security; and the key technologies for network security protection.3. Presentations of the firewall technologies, like the firewall design principles and functions as well as packet filter technology.4. Take the F100 firewall of H3C H3C for example to introduce the methods of firewall configuration.5. Elaberating the trend of firewall development.work Security2.1Network security problemsSecurity is a mechanism by which only the authorized person has the right to use the related resoureces. The definition of computer security in China is that the computer hardware, software, and data are protected and will no be destroyed, changed or exposed due toany accidental or malicious reasons and the system can work normally all the time.Technologically, computer security can be divided into three catagories.1. Physical security. It ensures the safety of the hardwares and softwares.2. Operating environment security. It can garantee that the computer can work continously in good environment.3. Information securtiy. It ensures that the information will not be illegally read, changed or divulged.With the development of the network, the computer security issue is extended to the computer network.2.1.1The major threats to the network securtiyIt is generally recognized that the major security threats to the computer network system mainly comes from the computer viruses, hacker attacks and denial of service attacks.1.The computer viruses. At present, the number of active viruses is up to 14.000. The computer viruses invade the network and damage the network resourses. As a result, the network cannot work properly and even collapse.2.Hacker attacks. Hacker attacks means that hackers enter thenetwork and use the resourses illegally, for example, illegal activities through covert channel; using anonymous user access to launch attacks; obtaining the net users' account and password through network monitoring; illegally obtaining the transmitted data on the Internet; and breaking through the firewalls.3.Denial of service attack, for example, mail bomb. Mail bomb refers to that the user receives a large number of useless emails in a short time, which affects the normal business operation, and even leads to the system shutdown and network collapse in severe cases.Specifically, the security threats of the network system mainly represents as follows: identity theft, unauthorized access, data interception, denial of service, viruses and malicious attacks, and impersonating legitimate users.2.1.2The factors affecting network security1Single computer safetyThe factors affecting the single computer safety include model selection while you purchase the computer, the computer operating environment (voltage, humidity, dust prevention, strong electromagnetic field, and natural disasters), and the computer operation.work securityThe factors affecting network security includes node safety, data safety (saving and transmission of the data) , and the file safety.2.2 Measures of network securityNetwork information security is a complicated system, involving several aspects, A complete network information security system should include at least three classes of measures.The first is the external soft environment, like legal policies, regulations, and security education. The second is the technologies, such as information encryption, storing and transmission, identity anthentification, firewalls, and network viruses prevention. The third is the management, including technological and social measures. The major measures are providing capability to change the security policies in the real-time mode, monitoring the organization's security status in a real-time mode, carrying on the vulnerability check of the current security system to prevent potential threats. The three classes of measures are dispensible. Because the leagal policies are the cornerstone of security, technologies the guarantee of security and management and auditing the defense line of security.2.2.1Perfecting legislation of computer safetyOur country has worked out a series of rules and regulationsabout network security management. But at present, legislation concerning this field is far from meeting the needs of increasing development. On the basis of foreign and domestic evaluation of legislation against computer crimes, we should perfect our computer crime legislation in order to provide a powerful guarantee for the healthy and orderly development of the computer information network in our country.2.2.2 Key technologies for network security1. Data encryptionEncryption is the process of transforming plaintext into ciphertext, so that the unauthorized people cannot understand it. There are two major encryption types, namely, private key and public key encryptions.2.AuthentificationAuthentification of valid users can prevent the invalid users from obtaining the access to the organization information system. Besides, this mechanism can also keep the valid users away from the information they are not authorized to view.3.Firewall technologiesFirewall is the internal network barrier to block the influence from the outside insecurity factors, and its function is to avoid the outside network users' unauthorized access. Currently, the majorfirewall technologies include packet filter, application gateway, and screened subnet. However, firewall technologies have their shortcomings in network security and defence. For example, firewall cannot prevent the internal attacks, cannot replace the anti-virus softwares, and is hard to prevent the attacks from the Rebound Port Trojan Horse.4.Detecting systemIntrusion detection is a hotspot of the research on network security, and it is an active preventative technology, providing a real-time protection against internal intrusion, external intrusion and wrong operation, and stopping the attacks before the network system gets damaged.With the development of the time, the intrusion detection technology will move toward the following three directions, namely, distributed intrusion detection, intelligent intrusion detection, and all-embracing security solutions.5.Anti-virus techniquesWith the development of the computer technologies, computer viruses become increasingly complicated and advanced. Computer virus prevention is not just a product, a strategy, or a system. Instead, it is a comprehensive system integrating hardwares, softwares, network, and the interconnections andinterfaces between them.6.File system securityIn the network operating system, permission is a key concept, because access control is achieved in two ways, locally and remotely. While building the file permission, we must first implement New Technology File System, NTFS, in Windows 2000. In NTFS, you can use Windows Explorer to specify the users' level of permission. You need to know the permissions that can be assigned, and that some rules in the daily activities treat permissions. Windows 2000 operating system allows to build complicated file and file folder permissions, by which you can realize the necessary access control.2.3 Proper measures for network management1. Strengthen the net users and relevant personnels' security awareness, professional ethics, enterprise, the responsibility education and relevant technical training.2. Build the perfect security management system and regulations to encourage and monitor the administrators and operators.3 The management measures should be standard, and scientific.3. Summery of FirewallWith the rapid development of the Internet, network application involves more and more fields and the important and sensitive data on the network is increasing, however, due to hacker attacks and network viruses, network security problems becomes increasing serious. Therefore, protecting the network resource from unauthorized access and preventing the spread and infection of viruses are of great importance. Currently, firewall remains the effective means to safeguard local networks. Firewall technologies contains packet filter and application proxy, among which the former was firstly developed and has been widely used.3.1.Firewall conceptFirewall is a barrier between the protected network and the outside network to prevent the unpredictable and potential destructive intrusion. Firewall refers to the combinations of a series of components and the only entrance and exit of information between different networks (like the reliable organization intranet and the unreliable public network) or security domains. According to the security policies of this organization, firewall can control (permit, refuse, and monitor) the information flow entering or exiting the network, and itself has a relatively strong attack power. Firewall, providing information security service , is the infrastructure for achieving network and information safety. Logically, firewall is aseparator, a limiter, and a analyzer, effectively monitoring all activities between the Internet and the internal network, and ensure the safety of the later.3.1.1 Traditional firewall introductionThe current firewall technologies have gone through five development stages, both technologically and on the process of product development. Figure1 shows firewall's simple history of development.The first-generation firewallThe first generation of firewall almost came into being at the same time with routers. It adopted packet filter technology.The second and third-generation firewallIn 1989, Dave Presotto and Howard Trickey from Bell Laboratory developed the second generation of firewall, calling the circuit level firewall. And meanwhile they put forward the initial structure of the third-generation firewall, the application level ( the proxy) firewall.The fourth-generation firewallIn1992, Bob Braden from USC information college developed the fourth-generation firewall based on the dynamic packet filter technology. In 1994, an Israeli company called CheckPoint firstly built this technology into commercial products.The fifth-generation firewallIn 1998, NAI company came up with an Adaptive Proxy technology, which was applied into its product, Gauntlet Firewall for NT.This firewall, granting brand-new meaning to the proxy firewall, can be called the fifth generation of firewalls.But the traditional firewalls did not resolve the major security problems in the current network. The present three major network security problems include network attacks represented by DDOS, virus spread represented by Worm, and content control represented by junk e-mails. The three main security problems account for over 90% of the network safety problems. However, the traditional firewalls can do nothing about the three problems for the following three reasons.The first reason is the limitation of computing power. The traditional firewall is based at the cost of high-intensity inspection.The higher the intensity of the inspection is, the greater cost the computer has to bear. The second reason is that the access control mechanism of the traditional firewall is a simple filter mechanism. It is a simple filter with certain criterias, has no intelligent functions, and could not detect the complex attacks. The last reason is that the traditional firewalls cannot differentiate the good behaviour from the malicious ones, This determines that the traditional firewalls cannot handle the malicious attacks.Now the firewall is moving toward the directions of distribution and intelligence, among which the later can settle the earlier problems very well.。

石油化工自动化AUTOMATION IN PETRO-CHEMICAL INDUSTRY 第57卷第3期2021年5月Vol. 57, No. 3May , 2021智能工厂工业控制系统 安全体系构建和思考王伟,苏耀东(中国石化股份有限公司齐鲁分公司，山东淄博255000)扌摘要：如何确保智能工厂工业控制系统的安全稳定运行，实现控制系统安全防护的高效性、智能性、及时性和可追溯性，已成为智能工厂建设过程中需要解决的重要问题之一。

介绍了工业控制系统安全背景、智能工厂工业控制系统的安全网络架构、全 生命周期安全管理和一体化安全监控平台等，阐述了构建智能工厂工业控制系统安全体系的方法和建议,为落实工控网络安全防护要求提供了参考。

关键词：智能工厂;工控安全;监控平台;工业防火墙中图分类号：TP273文献标志码：B文章编号：1007 - 7324(2021)03 -0001 - 05Construction and Thinking of Security System of Industrial Control System in Intelligent FactoryWang Wei, Su Yaodong(Sinopec, Qilu Branch , Zibo, 255434, China)Abstracts : How to ensure the sale and stable operation of the industrial control system in the intelligent factory ，and to realize high efficiency ，intelligence ，timeliness and traceability of the safety protection of the control system ， have become one of the important problems to be solved in the construction of mtelligent factory. The security background of industrial control system ，security network architecture of industrial control system in intelligent factory ， the whole lfe cycle security management and integrated security monitoring platform are introduced. The methods and suggestions on constructing the safety system of industrial control system in intelligent factory are expounded. Reference for implementing the safety protection requirements of industrial control network is provided.Key words : intelligent factory ； industrial control safety ； monitoring platform ； industrial frewal在智能工厂的建设过程中，需要从控制系统 采集海量的实时数据，如何确保数据的安全性、有 效性、稳定性，如何构建智能工厂工业控制系统安全体系，如何确保智能工厂建设中工业控制系统 的安全稳定运行，保证控制系统运行质量,实现该 系统安全防护的高效性、智能性、及时性和可追溯性，是需要解决的一个重要课题。

Chapter 3 Transport Layer1.One of the main duties of the transport layer is to provide ____________ communication.A) node-to-nodeB) host-to-hostC) process-to-processD) None of the choices are correct2.A client program normally uses ____________ port number. A server program normally uses __________ port number.A) a well-known; an ephemeralB) an ephemeral; a well-knownC) a private; a well-knownD) None of the choices are correct3.A socket address is a combination of __________.A) A MAC address and a logical addressB) A MAC address and a port numberC) a user-specific address and a logical addressD) None of the choices are correct4.______________ means accepting items from more than one source. ______________ means delivering items to more than one source.A) Demultiplexing; MultiplexingB) Multiplexing; DemultiplexingC) Encapsulation; DecapsulationD) Pulling; Pushing5.________ means the producer delivers the items when they are produced. _______ means the consumer takes the items when it is ready to do so.A) Pushing; pullingB) Pulling; pushingC) Forwarding; acceptingD) None of the choices are correct6.In the stop-and-wait protocol, the maximum send window size is ______ and the maximum receive window size is _______ where m is the number of bits in the sequence.A) 1; 1B) 2m; – 1C) 1; 2mD) 2m; 2m7.In the Go-Back-N protocol, the maximum send window size is ______ and the maximum receivewindow size is _______, where m is related to the number of bits in the sequence. number.A) 1; 1B) 1; 2mC) 2m – 1; 1D) 2m – 1; 2m – 18.In the selective-repeat protocol, the maximum send window size is ______ and the maximum receive window size is _______, where m is the number of bits in the sequence.A) 1; 1B) 1; 2m – 1C) 2m – 1; 1D) 2m – 1; 2m – 19.UDP is a ________________ transport protocol.A) connectionless, reliableB) connection-oriented, unreliableC) connectionless, unreliableD) None of the choices are correct10.UDP is an acronym for _______.A) User Delivery ProtocolB) User Datagram ProcedureC) User Datagram ProtocolD) None of the choices are correct11.At the transport layer, to define the processes, we need two identifiers called ____________.A) logical addressesB) physical addressesC) port addressesD) None of the choices are correct12.The ports ranging from 0 to 1,023 are called the ___________ ports. The ports ranging from 1,024 to 49,151 are called ___________ ports. The ports ranging from 49,152 to 65,535 are called the ___________ ports.A) well-known; registered; dynamic or privateB) registered; dynamic or private; well-knownC) private or dynamic; well-known; registeredD) private or dynamic; registered; well-known13.UDP and TCP are two protocols at the ___________ layer.A) data linkB) networkC) transportD) application14.Which of the following functions are performed by UDP?A) process-to-process communicationB) host-to-host communicationC) node-to-node communicationD) None of the choices are correct15.A port number is _______ bits long.A) 8B) 16C) 32D) 6416.Which of the following does UDP provide?A) flow controlB) connection-oriented deliveryC) error controlD) None of the choices are correct17.The source port number on the UDP user datagram header defines _______.A) the sending computerB) the receiving computerC) the process running on the sending computerD) None of the choices are correct18.To use the services of UDP, we need ________ socket addresses.A) fourB) twoC) threeD) None of the choices are correct19.UDP packets are called __________ .A) user datagramsB) segmentsC) framesD) None of the choices are correct20.UDP packets have a fixed-size header of _______ bytes.A) 16B) 8C) 40D) 3221.TCP is a __________ protocol.A) byte-orientedB) message-orientedC) block-orientedD) None of the choices are correct22.TCP groups a number of bytes together into a packet called a ___________.A) user datagramB) segmentC) datagramD) None of the choices are correct23.TCP is a(n) ___________ protocol.A) connection-orientedB) connectionlessC) both connection-oriented and connectionlessD) None of the choices are correct24.TCP is a(n) _______ transport protocol.A) unreliableB) best-effort deliveryC) reliableD) None of the choices are correct25.TCP uses _________________ to check the safe and sound arrival of data.A) an acknowledgment mechanismB) out-of-band signalingC) the services of another protocolD) None of the choices are correct26.The bytes of data being transferred in each connection are numbered by TCP. The numbering starts with a __________________.A) 0B) 1C) randomly generated numberD) None of the choices are correct27.In TCP, the sequence number for each segment is the number of the _______ byte (virtual byte) carried in that segment.A) firstB) lastC) middleD) None of the choices are correct28.Communication in TCP is ___________.A) simplexB) half-duplexC) full-duplexD) None of the choices are correct29.In TCP, the value of the acknowledgment field in a sent segment defines the sequence number related to the ______ byte a party expects to receive next.A) firstB) lastC) nextD) None of the choices are correct30.The inclusion of the checksum in the TCP segment is ________.A) optionalB) mandatoryC) depends on the type of dataD) None of the choices are correct31.In TCP, a SYN segment consumes _____ sequence number(s).A) noB) oneC) twoD) None of the choices are correct32.In TCP, a SYN + ACK segment consumes _____ sequence numbers.A) noB) threeC) twoD) one33.In TCP, an ACK segment, if carrying no data, consumes ______ sequence number(s).A) noB) oneC) twoD) None of the choices are correct34.The connection establishment procedure in TCP is susceptible to a serious security problem called the _________ attack.A) ACK floodingB) FIN floodingC) SYN floodingD) None of the choices are correct35.The SYN flooding attack belongs to a group of security attacks known as a _____ attack.A) denial of serviceB) replayC) man-in-the middleD) None of the choices are correct36.In TCP, a FIN segment consumes ____ sequence numbers if it does not carry data.A) twoB) threeC) noD) one37.In TCP, a FIN + ACK segment consumes _____ sequence number(s) if it does not carry data.A) twoB) threeC) oneD) no38.In TCP, one end can stop sending data while still receiving data. This is called a ______ termination.A) half-closeB) half-openC) full-closeD) None of the choices are correct39.TCP sliding windows are __________ oriented.A) packetB) segmentC) byteD) None of the choices are correct40.In TCP, the size of the send window is the ________ of rwnd and cwnd.A) maximumB) sum ofC) minimumD) None of the choices are correct41.In TCP, the window should not be _________.A) openedB) closedC) shrunkD) slide42.In TCP, the receiver can temporarily shut down the window; the sender, however, can always send a segment of _____ byte(s) after the window is shut down.A) tenB) zeroC) oneD) None of the choices are correct43.A serious problem can arise in the sliding window operation when either the sending application program creates data slowly or the receiving application program consumes data slowly, or both. This problem is called the ______.A) silly window syndromeB) unexpected syndromeC) window bugD) None of the choices are correct44.Nagle's algorithm can solve the silly window syndrome created by the _________.A) senderB) receiverC) both sender and receiverD) None of the choices are correct45.Clark's solution can solve the silly window syndrome created by the _________.A) senderB) receiverC) both sender and receiverD) None of the choices are correct46.Delayed acknowledgment can solve the silly window syndrome created by the _________.A) senderB) receiverC) both sender and receiverD) None of the choices are correct47.In TCP, an ACK segments that carry no data consumes _______ sequence number(s).A) noB) oneC) twoD) None of the choices are correct48.In modern implementations of TCP, a retransmission occurs if the retransmission timer expires or ________ duplicate ACK segments have arrived.A) oneB) twoC) threeD) None of the choices are correct49.In TCP, ________ retransmission timer is set for an ACK segment.A) oneB) a previousC) noD) None of the choices are correct50.In TCP, there can be ______ RTT measurement(s) in progress at any time.A) twoB) only oneC) severalD) None of the choices are correct51.We need to multiply the header length field by _______ to find the total number of bytes in the TCP header.A) 2B) 4C) 6D) None of the choices are correct52.In TCP, urgent data requires the urgent pointer field as well as the URG bit (to be set) in the _______ field.A) controlB) offsetC) sequence numberD) None of the choices are correct53.In TCP, if the ACK value is 200, then byte _______ has been received successfully.A) 199B) 200C) 201D) None of the choices are correct54.In TCP, the _______ timer prevents a long idle connection between two TCPs.A) retransmissionB) persistenceC) keepaliveD) None of the choices are correct55.In TCP, the _______ timer is needed to handle the zero window-size advertisement.A) retransmissionB) persistenceC) keepaliveD) None of the choices are correct56.In TCP, Karn's algorithm is used in calculations by the _______ timer.A) retransmissionB) persistenceC) keepaliveD) None of the choices are correct57.In TCP, a special segment called a probe is sent by a sending TCP when the _______ timer goes off.A) transmissionB) persistenceC) keepaliveD) None of the choices are correct58.__________ control refers to the mechanisms and techniques to keep the load below the capacity.A) flowB) errorC) congestionD) None of the choices are correct59.In TCP's ________ algorithm the size of the congestion window increases exponentially until it reaches a threshold.A) congestion avoidanceB) congestion detectionC) slow startD) None of the choices are correct60.In TCP's __________ algorithm the size of the congestion window increases additively until congestion is detected.A) congestion avoidanceB) congestion detectionC) slow startD) None of the choices are correct61.________ treats the two signs of congestion detections, timeout and three duplicate ACKs, in the same way.A) Taho TCPB) Reno TCPC) new Reno TCPD) None of the choices are correct62.In ______ TCP, when the connection is established, TCP starts the slow start algorithms and sets the ssthresh variable to a pre-agreed value (normally 64 or 128 kilobytes) and the cwnd variable to 1 MSS.A) Taho TCPB) Reno TCPC) new Reno TCPD) None of the choices are correct63.The ___________ added a new state to the congestion control FSM, called the fast recovery state.A) Taho TCPB) Reno TCPC) new Reno TCPD) None of the choices are correct64.The ___________ treated the two signals of congestion, timeout and arrival of three duplicate ACKs, differently.A) Taho TCPB) Reno TCPC) new Reno TCPD) None of the choices are correct65.The __________ state in Reno TCP is a state somehow between the slow start and the congestion avoidance states.A) congestion avoidanceB) congestion detectionC) slow recoveryD) None of the choices are correct66.In the Reno TCP, when TCP enters the fast recovery, if duplicate ACKs continue to come, TCP ____________________________________.A) stays in this state, but the cwnd grows additivelyB) stays in this state, but the cwnd grows exponentiallyC) moves to slow start stateD) moves to the congestion avoidance state but deflate the size of the cwnd to ssthresh value67.In the Reno TCP, when TCP enters the fast recovery, if a timeout occurs, TCP ____________________________________.A) stays in this state, but the cwnd grows additivelyB) stays in this state, but the cwnd grows exponentiallyC) moves to slow start stateD) moves to the congestion avoidance state but deflate the size of the cwnd to ssthresh value68.In the Reno TCP, when TCP enters the fast recovery, if a new (non duplicate) ACK arrives TCP.____________________________________.A) stays in this state, but the cwnd grows additivelyB) stays in this state, but the cwnd grows exponentiallyC) moves to slow start stateD) moves to the congestion avoidance state but deflate the size of the cwnd to ssthresh value69.A later version of TCP, called ______ TCP, made an extra optimization on the _______ TCP.A) New Reno; RenoB) New Taho; TahoC) New Reno; TahoD) New Taho; Reno70.In the slow start algorithm, the size of the congestion window grows ______________ until ___________________.A) exponentially; it reaches a thresholdB) exponentially; congestion is detectedC) additively; it reaches a thresholdD) additively; congestion is detected71.In the congestion avoidance algorithm, the size of the congestion window grows ______________ congestion is detected.A) exponentially; it reaches a thresholdB) exponentially; congestion is detectedC) additively; it reaches a thresholdD) additively; congestion is detected72.The congestion window size, after it passes the initial slow start state, follows a saw tooth pattern called _________________________________.A) exponential increase, additive decreaseB) additive increase, exponential decreaseC) multiplicative increase, additive decreaseD) additive increase, multiplicative decreaseCBDBA ACDCC CACAB DCBAB ABACA CACCB BDACA DCACC CCAAB BACCB BAACB ABCCA AABBD BCDAA DD.。

系统集成项目管理工程师试题库+答案一、单选题（共100题，每题1分，共100分）1.（）不属于项目可行性研究报告的内容。

A、项目建设方案B、项目建设必要性C、变更管理计划D、项目实施进度正确答案：C2.在大数据相关技术中，（）是一个分布的、面向列的开源数据库，是一个适合于非结构化数据存储的数据库。

A、HBaseB、MapReduceC、ChukwaD、HDFS正确答案：A3.项目管理计划是说明项目将如何执行、监督和控制的文件。

以下选项中（）不属于项目管理计划的内容。

A、干系人登记册B、所使用的项目管理过程C、如何监督和控制变更D、为项目选择的生命模型周期正确答案：A4.In china, the security protection level ofinformation system vs divided into （）levels.A、3B、4C、6D、5正确答案：D5.根据《关于信息安全等级保护改造的实施意见》的规定，信息系统受到破损后，会对社会秩序和公共利益造成较大的损害，或者对国家安全造成损害，该信息系统应实施（）的信息安全保护A、第一级B、第四级C、第三级D、第二级正确答案：C6.识别干系人是项目（）的活动。

A、计划过程组B、监督和控制过程组C、启动过程组D、执行过程组正确答案：C7.关于项目整体管理的描述，不正确的是（）。

A、项目经理通过干系人的汇报获取项目需求B、整体管理是一项综合性和全面性工作C、整体管理最终是为了实规项目目标的综合最优D、整体管理涉及相互竞争的项目各分目标之间的集成正确答案：A8.用于检查项目的绩效随时间的变化情况，以确定绩效是正在改善还是正在恶化（）。

A、故障树分析B、分组方法C、根本原因分析D、趋势分析正确答案：D9.在制定进度计划时，可以采用多种工具与技术，如，关键路径法，资源平衡技术，资源平滑技术等，在以下叙述中，不正确的是（）。

A、随着项目的开展，关键路径法也可能也随着不断变化B、资源平滑技术往往会改变项目关键路径，导致项目进度延迟C、项目的关键路径法可能有一条或多条D、资源平衡技术往往会导致关键路径延长正确答案：B10.某项目计划工期60天。

Named Data Networking(NDN)Beichuan ZhangThe University Of ArizonaEvolution of Communication Networks1Evolution of Communication Abstractions2Telephony: build a pathIP: connect to a serverNDN: retrieve a contentThe mismatch that NDN addressesApplication semantics and connectivity reality vs. network architecture•Application support with complicated middleware •Mobility •Security•ManagementThe network architecture is already causing problems, and will be more so in the emerging areas: •The very large, e.g., big data sciences•The very small, .e.g., Internet of Things (IoT)3IP: Delivering packets to endpointsSource Address Destination Address 4NDN: Retrieving Named DataContent Name Content Name5It makes no difference how and where the data is retrieved,e.g., through a link, from memory, locally computed, or any combination of these.Address IndependenceIP addresses were assumed to be abundant, unique,and fixed, but not any more.•Address exhaustion•NAT (public vs. private, v6 vs. v4)•Mobility support•Address managementUsing application-generated names as network layer identifiers eliminates the above problems.6 Location IndependenceContent can be supplied by anyone from anywhere, as long as the name matches and the signature verifies. •Fault tolerance•Load balancing•Mobility support7Content Distribution Example36.7MViewsIP needs large infrastructureand complicated technicalsolutions.8 Content Distribution Example36.7MViewsNDN’s multicast and cachingare native and built-in.9Data-centric SecurityIn NDN, Data are required to carry signatures•Integrity•ProvenanceSecure the content, not the container nor the channel. Force app developers to think about security from the beginning.10 NDN is a new communication abstractionFrom point-to-point conversations to distributedcontent production, dissemination, and consumption.E.g.,•Transport•Forwarding strategy•Security•Name-based forwardingA superset of what IP provides, and matches that of applications.11The NDN ProjectBrief Background•Started in 2010 as an NSF-sponsored Future InternetArchitecture project.•Currently a team of 8 universities led by Lixia Zhang(UCLA) and Van Jacobson.•A growing research community of Information-CentricNetworking (ICN) across US, Europe, and Asia. •Increasing interests from the industry, including Cisco,Huawei, Samsung, Intel, Panasonic, Verisign, Toyota. •NDN Consortium created in August 2014 to facilitatelong-term technology development.•Annual NDN Community meetings.12 Application-driven Arch DevelopmentVehicleNetworkingDistributedStorageVideoStreamingVehicular NetworkConferencingBuilding Management13Smart HomeMobile HealthBig-data ScienceRunning CodeNDN Platform Release•NFD: the NDN forwarder.•Libraries and language wrappers, supporting C/C++,Java, Python, Javascript.•Core applications.Runs on Linux, Mac, Windows, Android, OpenWRT, Raspberry Pi, etc.Source code available at /named-data Open source license, contributions are welcome.14NDN TestbedDeployable now as an overlay (TCP, UDP) or on Layer 2.27 nodes across 4 continents and growing.15Growing CommunityNDN Consortium•Created in August 2014 to facilitate long-termtechnology development.•Currently 17 academic members and 10 industrialmembers.NDN Community Meeting•Annual meeting to exchange ideas and results.•August 2014 (87 participants from 31 institutions) •September 2015 (99 participants from 49 institutions)16Hype Cycle of Net/Comm Tech17SDNNDNFor More InformationNDN project website/18。