Current location - Plastic Surgery and Aesthetics Network - Plastic surgery and beauty - What are the common forms that endanger information security _ What are the characteristics of information security?
What are the common forms that endanger information security _ What are the characteristics of information security?
The threats to information security mainly come from the following three aspects:

I. Technical safety risk factors

1) The security protection of basic information networks and important information systems is weak.

National important information system and information basic network are the focus of information security protection in China and the foundation of social development. China's basic network mainly includes Internet, telecommunication network, radio and television network, and important information systems include railways, governments, banks, securities, electric power, civil aviation, petroleum and other national key infrastructure related to the national economy and people's livelihood. Although we have made some achievements in information security protection in these fields, our security protection ability is still not strong. Mainly manifested in:

① insufficient attention and investment. Insufficient investment in information security infrastructure, lack of effective maintenance and maintenance system, and unsynchronized design and construction.

② The security system is not perfect, and the overall security is still fragile.

(3) There is a lack of independent products in key areas, and high-end products are heavily dependent on foreign countries, which has invisibly buried security risks. China's computer products are mostly foreign brands, which are technically controlled by others. If the back door is implanted in advance, it will be difficult to find out and the loss will be incalculable.

2) The hidden danger of leaking secrets is serious.

With the increase of data accumulated by enterprises and individuals, the loss caused by data loss is immeasurable, and the confidentiality, integrity and availability may be threatened at will. Under the background of globalization, the struggle between stealing secrets and anti-stealing secrets is becoming more and more fierce, especially in the field of information security, security work is facing more and more new problems and becoming more and more complicated. In the information age, there are more and more ways to leak information. The development of new technologies such as Internet leak, mobile phone leak, electromagnetic wave leak and mobile storage media leak also brings new challenges to information security.

Second, man-made malicious attacks.

Compared with physical entities, hardware systems and natural disasters, well-designed man-made attacks pose the greatest threat. Human factors are the most complex and active, which cannot be protected by static methods, laws and regulations, and are the biggest threat to information security. Man-made malicious attacks can be divided into active attacks and passive attacks. The purpose of active attack is to tamper with the content of information in the system and destroy the validity and integrity of information in various ways. The purpose of passive attack is to intercept and steal information without affecting the normal use of the network. In a word, both active attacks and passive attacks bring huge losses to information security. Attackers often use Trojan horses, hackers' backdoors, web scripts, spam and so on.

Third, information security management is weak.

Facing the complicated and severe information security management situation, it has gradually become a consensus to take targeted technical, management and legal measures to build a three-dimensional and all-round information security management system according to the sources and levels of information security risks. Like security issues such as counter-terrorism, environmental protection and food safety, information security is global, sudden and diffuse. The globality, interconnectedness, information resources and data sharing of information and network technology make it extremely vulnerable to attacks. The unpredictability of attacks and the chain spread of harm greatly enhance the harm caused by information security problems. Information security management has been attached importance by more and more countries. Compared with developed countries, the research on information security management in China started late and the basic research is weak. The core of the research only stays in the promulgation of information security laws and regulations, the formulation of information security risk assessment standards and some implementation rules of information security management, and the applied research and cutting-edge research are not strong. These studies have not fundamentally changed the current situation that our management foundation is weak and there are many loopholes.

But according to their nature, these threats can basically be summarized as follows:

(1) Information leakage: Protected information is leaked or disclosed to unauthorized entities.

(2) Destruction of information integrity: data is added, deleted, modified or destroyed without authorization and suffers losses.

(3) Denial of service: The legal access of information users to information or other resources is unconditionally blocked.

(4) Illegal use (unauthorized access): Resources are used by unauthorized persons or in an unauthorized way.

(5) Eavesdropping: stealing information resources and sensitive information in the system by all possible legal or illegal means. For example, monitoring the signals transmitted in communication lines, or intercepting useful information by using the electromagnetic leakage generated by communication equipment in the working process.

(6) Business flow analysis: By monitoring the system for a long time, the parameters such as communication frequency, communication information flow direction, and total communication volume change are studied by statistical analysis methods, and valuable information and rules are found.

(7) Impersonation: By deceiving communication systems or users, illegal users can impersonate legitimate users, or users with less authority can impersonate users with greater authority. Most of the hackers we usually talk about use fake attacks.

(8) Bypass control: The attacker takes advantage of the security flaws or loopholes in the system to gain unauthorized rights or privileges. For example, attackers discovered some system "features" that should have been kept secret, but they were exposed. With these "characteristics", attackers can bypass the defenders of the defense line and invade the system.

(9) Authorization infringement: A person who is authorized to use a system or resource for a certain purpose uses this right for other unauthorized purposes, which is also called "internal attack".

(10) Denial: This is an attack from users, covering a wide range, such as denying a message you have published, forging the other party's letter, etc.

(1 1) Computer virus: This is a program that can realize the functions of infection and infringement during the operation of a computer system, and its behavior is similar to that of a virus, so it is called a computer virus.

(12) The information security laws and regulations are not perfect. Because the current laws and regulations restricting information operation are still not perfect and there are many loopholes, many people play the edge of the law, which gives information thieves and information destroyers an opportunity.