Some time ago, I compiled an article “Network Security Level Protection: Basic Network Security Level Protection Technology” according to relevant national standards. In this article, item 7 talks about cryptography. Hierarchical protection of cryptography. In the “Information Security Graded Protection Commercial Cryptography Technical Requirements” user guide, several factors that need to be tested in the use of cryptographic technology in hierarchical protection are given.
details as follows:
Factors to consider when using cryptographic techniques in hierarchical protection:
Protection capability: It should meet the basic technical requirements for a given level of information security protection.
Operating environment: It should be compatible with the operating environment of the protected information system, including infrastructure and personnel quality.
Operational Impact: The impact on the intended operation of the information system, including processes, performance, etc., should be minimized. Implementation costs: Construction/operation/maintenance costs should be balanced against the benefits achieved.
Overall coordination: The integrated security technologies and products should be coordinated from the overall perspective of the organization’s information security system, including if an organization has information systems with different security levels, when lower-level information systems can be used without additional cost. When the security mechanism provided for the higher-level information system can be directly utilized without affecting the security mechanism provided by the higher-level information system, it is necessary to choose to share the higher-level security mechanism instead of building a lower-level security mechanism.
Implementing hierarchical protection of information systems requires a large number of cryptographic techniques, and many security requirements can only be met by using cryptographic techniques. Therefore, how to scientifically and rationally apply cryptographic techniques to meet the security protection requirements for information systems has become the key work content of implementing hierarchical protection. , which directly affects the comprehensive promotion of information security level protection. As a specific sensitive technology, cryptography requires scientific and reasonable cryptographic system design and rigorous and standardized cryptographic system integration. Correct use is critical.
First of all, cryptography has very strong advantages. Because many security options in hierarchical protection require the use of cryptography, the importance of cryptography is self-evident. When we talk about cryptography, we often consider its advantages first. Here, we excerpt the advantages of cryptography for your reference!
Solid theoretical foundation: Mathematics is the theoretical support of cryptography, which determines its solid theoretical foundation.
Long-term practice test: Cryptography has a long history and is a time-tested technology.
Economical approach: Computer systems that are good at computing provide the best cost-effective implementation platform for cryptography.
Effective operation mechanism: The rigorous password operation and management system provides a good guarantee for the effective use of password technology.
Convenient usage: The concise password usage interface provides great convenience for password users.
We return to cryptography, and cryptography can directly or indirectly provide support for evaluation requirements involving identity authenticity, non-repudiation of behavior, confidentiality and integrity of content and other evaluation requirements. The cryptographic techniques commonly used in our work mainly include encryption, check character system, message authentication code, password verification function, hash function, digital signature, dynamic password, digital certificate and trusted timestamp. Cryptography supports the implementation of security requirements through the following cryptographic services:
Confidentiality Services: Prevent unauthorized disclosure of data by encrypting and decrypting data. Data includes stored data, transmitted data and traffic information.
Integrity Services: Prevent unauthorized modification of data by detecting, notifying, logging, and recovering data modifications. Data modification includes value change/replacement, insertion, deletion/loss, duplication/duplication, sequence change/dislocation, etc.
Authenticity service: Prevent identity fraud and forgery by identifying and identifying the identity of the active subject.
Non-repudiation service: By providing behavioral evidence, the activity subject is prevented from denying its behavior. Evidence content includes behavior subject, behavior method, behavior content and behavior time.
Of course, it is not easy to master or understand cryptographic technology, but as a network security practitioner, you need at least some basic knowledge in this area, so that you can cooperate or participate in the project process, and everyone has a common technical language , which will help us to carry out our own work and also help Party A’s overall project progress. In addition, if you have an understanding of the baseline situation of the use of commercial passwords in the work of hierarchical protection, you can refer to the “Guidelines for High Risk Judgment of Information System Password Application Mind Map” compiled by me two days ago, and of course you can also directly refer to the “Information System Password Application” High Risk Determination Guidelines.
In the later stage, I will sort out the implementation of the relevant password technology required for the third level of hierarchical protection, and I look forward to discussing and learning with you. Some knowledge is forever new, so the big system may be reconstructed, knowledge may be updated, and eventually some basic concepts or contents remain unchanged, whether it is Muay Thai, boxing or Tai Chi, the moves can be different, and the movements can be It’s different. When it comes to people, it’s still the body plus two fists and two feet, and one punch and one kick are sent out. It’s just that different people have different strengths and different skills.
To repeat the old words, I reiterate that my vulgar opinions are purely for the purpose of chatting with others, and I hope that the Fang family will criticize and correct them, discuss together, and jointly solve the objections and problems in mutual cooperation.
The Links: MSG100U43 7MBP150RA120-05 GETCOMPONENT