| In recent years, the military network has a rapid development, it enable our army information combat level to obtain the unprecedented enhancement, for enhanced our country national defense strength to lay the strong foundation, the network degree already became the army modernization the important symbol. However, took the new thing, the network is impossible to be problem-free, surely must experience from immaturely to the mature development perfect process. Looks over the international military stage, the network fights gradually steps onto the war stage from the books, and presented the important situation, the military command automation also gives the military network the security to bring the huge challenge day by day. But looked from the overall that, current, our army network overall level is not high. Network talented person short, the network resources has not been able fully to develop, the network function nf not yet effectively displays, the network security faces the situation is extremely stern, may say, in our army network advancement question is various. List on network system the security problem, already became has restricted our army information development a bottleneck, from this safe security question which brought, has already created the certain not good consequence, among, most was prominent was the current universal existence "a machine double net" the question, namely in some armed forces local area network user, use identical computer, both on armed force net and on Internet, moreover this machine often also was the disposition quite high type, this has provided the extremely good platform for the malicious aggressor, carried on DDOS for it to lay down a smooth channel, Therefore should cause us highly to take.Distributional refuses to serve the attack (DDoS) is the present hacker frequently uses the attack method which but guards against with difficulty. The high speed widespread connection network the user brought for the armed force in has been convenient, also was the DDoS attack has created the extremely advantageous condition. Now between the military special line backbone pitch point connection all is take G as a rank, between the city territory net may achieve 2.5G the connection, this causes the attack to be allowed initiates from a farther place or the city territory net, aggressor's puppet machine position may distribute in a greater scope, chose is more nimble. Speaking of the present technology, the DDoS defense still was the question which very difficult completely to solve, but its harm greatly is estimates with difficulty, especially in the armed force the local area network user says, lightly creates the army motion delaying, the heavy piece possibly creates the campaign combat the unfavorable situation. However in the armed force with user complex, the network has covered the regiment, the low end user guards against consciousness in the use process quite to be light, this has provided the very good attack platform for the malicious destroyer.This article based on to the above network system security hidden danger understanding, has first analyzed the DDoS harm and its to the armed force in the local area network threat, through implements the entire process to general DDoS the introduction and SYN the Flood-DDoS example theoretical analysis, thoroughly has promulgated the DDoS principle. In fact, the hacker therefore can smoothly implement DDoS, most main was fully uses in the network to have the loophole main engine weakness, turned them a puppet machine, could start the large-scale attack afterwards, therefore we usually had to take the oneself main engine loophole prompt patching, strengthened opens the port the management control, the prompt closure is possibly attacked the source invasion the port, did not have to become the DDoS aggressor's use tool; Through to DDoS attack tool "Tribe Flood Network 2,000 (TFN2K) the" programming technology analysis, explained the DDoS software structure, namely the host controls on the end main engine the customer end and carries on the main engine in the proxy the daemon process respective code and the function. Next, in line with to this unit and the armed force net overall situation security principle, emphatically enhances in the army local area network in the emphasis validated user's vigilance, and unifies oneself in this unit automation workstation work practice, unifies experience which the predecessor summarizes with army related rule stipulation, elaborated guards against DDoS some essential methods, has analyzed the port control and the port programming in guards against on DDoS the application, the recommendation introduced in the ice shield anti-DDoS firewall technical performance and the main characteristic and the establishment individual pointed matters needing attention, hoped has the inspiration to the army local area network user, and frequently grasps the network security the life, Guarantees the unit restricted data, the data security, establishes in the safe unobstructed armed force the network environment.The army network and Internet are same, its itself security and the reliability also are a comprehensive question, moreover in the reality network also has each kind of serious attack loophole, the sole DDoS defense technology cannot satisfy the army direction network security the need, carries on the effective defense to it not only to rely on each kind of technical method realization, more importantly the full display army supervisory work superiority, establishes the perfect each management method, earnestly implements "Army Automation Work Rule" and "Chinese People's Liberation Army Information security Rule", strengthens the personnel education and the personnel responsibility education, manages the good network equipment, Completes the safe guard work from the attack source. In the final analysis, human's factor in the network security is the most primary factor, in the unit needs to pay great attention to the network talented person's raise, unceasingly raises the guard consciousness, can synthesize the utilization method, decides can be safe, stably for the creation, in the highly effective armed force the local area network environment plays the obvious role, hands down for correct on reaches provides the reliable network safeguard. |
