Main areas of protection
Standardization of architectural principles of construction, equipment and software personal computers (PC) and a number of other reasons determine the relatively easy access of a professional to the information in a PC. If a group of people uses a personal computer, then it may be necessary to restrict access to information for various consumers.
Unauthorized access to PC information we will call familiarization, processing, copying, application of various viruses, including those destroying software products, as well as modification or destruction of information in violation of the established rules of access control.
In protecting PC information from unauthorized access, three main areas can be distinguished:
- the first focuses on preventing an intruder from accessing the computing environment and is based on special programs but technical means of user identification;
- the second is related to the protection of the computing environment and is based on the creation of special software for the protection of information;
- the third direction is associated with the use of special means of protecting PC information from unauthorized access (shielding, filtering, grounding, electromagnetic noise, attenuation of the levels of electromagnetic radiation and interference with the help of absorbing matched loads).
Software methods of information protection provide for the use of special programs to protect against unauthorized access, protect information from copying, modification and destruction.
Protection against unauthorized access includes:
- identification and authentication of subjects and objects;
- differentiation of access to computing resources and information;
- control and registration of actions with information and programs.
The identification and authentication procedure involves checking whether a given subject can be admitted to resources ( identification) and whether the subject accessing (or the object being accessed) is who he claims to be ( authentication).
Various methods are commonly used in software identification procedures. Basically, these are passwords (simple, complex, one-time) and special identifiers or checksums for hardware, programs and data. Hardware-software methods are used for authentication.
After the identification and authentication procedures are completed, the user gains access to the system, and then software protection of information is carried out at three levels: hardware, software and data.
Hardware and software protection provides for the control of access to computing resources (to individual devices, to RAM, to the operating system, to service or personal user programs, keyboard, display, printer, disk drive).
Protecting information at the data level permits the execution of only actions permitted by the regulations on data, and also ensures the protection of information during its transmission through communication channels.
Access control includes:
- selective protection of resources (refusal of user A to access database B, but permission to access database C);
- granting and denying access for all types and levels of access (administration);
- identification and documentation of any violations of access rules and attempts to violate;
- accounting and storage of information on the protection of resources and on permitted access to them.
The software methods of information protection are based on password protection. Password protection can be overcome using utilities used for software debugging and information recovery, as well as using password cracking programs. System debugging utilities allow you to bypass protection. Password cracking programs use brute-force attacks to guess the password. The time it takes to guess a password using a simple brute-force method increases exponentially as the length of the password increases.
To maintain secrecy, you must adhere to the following recommendations for choosing a password:
- the minimum password length must be at least 8-10 characters;
- the extended alphabet should be used for the password, entering symbols and signatures into it;
- you should not use standard words as a password, since there are dictionaries of typical passwords on the Internet, with the help of which the typical password set by you can be determined;
- the security system must block the login after a certain number of unsuccessful login attempts;
- the time for logging into the system should be limited to the time of the working day.
Information security software means special programs included in the KS software exclusively for performing protective functions.
The main software tools for protecting information include:
- * programs for identification and authentication of KS users;
- * programs for differentiating user access to the resources of the COP;
- * information encryption programs;
- * programs for the protection of information resources (system and application software, databases, computer tools training, etc.) from unauthorized modification, use and copying.
It should be understood that identification, in relation to ensuring the information security of the CU, is understood as the unambiguous recognition of the unique name of the CU subject. Authentication means confirmation that the presented name corresponds to the given subject (confirmation of the identity of the subject) 5.
Also, information security software includes:
- * programs for the destruction of residual information (in blocks of RAM, temporary files, etc.);
- * programs for auditing (maintaining logs) of events related to the safety of the compressor station, to ensure the possibility of recovery and proof of the fact of these events;
- * programs for simulating work with the offender (distracting him to receive allegedly confidential information);
- * programs for test control of the security of the COP, etc.
The advantages of information security software include:
- * ease of replication;
- * flexibility (the ability to customize for various conditions of use, taking into account the specifics of threats to information security of specific CS);
- * ease of use - some software tools, such as encryption, work in a "transparent" (invisible to the user) mode, while others do not require any new (compared to other programs) skills from the user;
- * almost unlimited opportunities for their development by making changes to take into account new threats to information security.
Rice. 4
Rice. 5
The disadvantages of information security software include:
- * decrease in the efficiency of the COP due to the consumption of its resources required for the functioning of protection programs;
- * lower performance (compared to performing similar functions hardware protection, such as encryption);
- * the docking of many software protection tools (and not their arrangement in the software of the CS, Fig. 4 and 5), which creates a fundamental possibility for an intruder to bypass them;
- * the possibility of malicious changes in software protection during the operation of the CS.
Operating system security
The operating system is the most important software component of any computer, therefore, the overall security of the information system largely depends on the level of implementation of the security policy in each specific OS.
Operating room family Windows systems 2000, Millenium are clones originally designed for home computing. These operating systems use protected mode privilege levels, but do not do any additional checks and do not support security descriptor systems. As a result, any application can access the entire amount of available RAM with both read and write rights. Network security measures are present, however, their implementation is not up to par. Moreover, in the version of Windows XP, a fundamental mistake was made that allowed the computer to freeze in just a few packets, which also significantly undermined the OS's reputation; in subsequent versions, many steps were taken to improve the network security of this clone6.
The generation of operating systems Windows Vista, 7 is already a much more reliable development from MicroSoft. They are truly multi-user systems that reliably protect the files of various users on the hard disk (however, data is not encrypted, and the files can be read without problems by booting from the disk of another operating system - for example, MS-DOS). These operating systems actively use the capabilities of protected mode Intel processors, and can reliably protect the data and code of the process from other programs, unless he himself wants to provide additional access to them from outside the process.
Over a long time of development, many different network attacks and security errors have been taken into account. Corrections to them were issued in the form of service packs.
Another branch of clones grows from the UNIX operating system. This OS was originally developed as a network and multi-user, and therefore immediately contained information security tools. Almost all widespread UNIX clones have come a long way of development and, as they modified, took into account all the attack methods discovered during this time. They have proven themselves enough: LINUX (S.U.S.E.), OpenBSD, FreeBSD, Sun Solaris. Naturally, everything that has been said applies to the latest versions of these operating systems. The main errors in these systems are no longer related to the kernel, which works flawlessly, but to system and application utilities. The presence of errors in them often leads to the loss of the entire safety margin of the system.
Main components:
The local security administrator is responsible for unauthorized access, verifies the user's login credentials, maintains:
Audit - checking the correctness of user actions
Account manager - database support for users of their actions and interaction with the system.
Security monitor - checks if the user has sufficient access rights to the object
Audit log - contains information about user logins, records work with files and folders.
Authentication Package - Parses system files, to ensure that they are not replaced. MSV10 is the default package.
Windows XP added:
you can assign passwords for backup copies
file replacement protection
demarcation system ... by entering a password and creating a user account. Archiving can be performed by a user who has such rights.
NTFS: control access to files and folders
In XP and 2000 - a more complete and deep differentiation of user access rights.
EFS - provides encryption and decryption of information (files and folders) to restrict access to data.
Cryptographic protection methods
Cryptography is the science of securing data. She is looking for solutions to four important security problems - confidentiality, authentication, integrity, and control of the participants in the interaction. Encryption is the transformation of data into an unreadable form using encryption-decryption keys. Encryption allows you to ensure confidentiality by keeping information secret from those to whom it is not intended.
Cryptography is engaged in the search and study of mathematical methods for transforming information (7).
Modern cryptography includes four major sections:
symmetric cryptosystems;
public key cryptosystems;
electronic signature systems;
key management.
The main directions of using cryptographic methods are the transfer of confidential information through communication channels (for example, e-mail), the authentication of transmitted messages, the storage of information (documents, databases) on media in encrypted form.
Disk encryption
An encrypted disk is a container file that can contain any other files or programs (they can be installed and run directly from this encrypted file). This disk is accessible only after entering the password for the container file - then another disk appears on the computer, recognized by the system as logical and working with which does not differ from working with any other disk. After unplugging the disk logical drive disappears, it simply becomes "invisible".
Today the most common programs for creating encrypted disks are DriveCrypt, BestCrypt and PGPdisk. Each of them is reliably protected from remote hacking.
Common features of the programs: (8)
- - all changes to the information in the container file occur first in the RAM, i.e. HDD always remains encrypted. Even if the computer freezes, the secret data remains encrypted;
- - programs can block a hidden logical drive after a certain period of time;
- - all of them are suspicious of temporary files (swap files). It is possible to encrypt all confidential information that could get into the swap file. A very effective method of hiding information stored in a swap file is to disable it altogether, while not forgetting to increase the computer's RAM;
- - physics hard disk is such that even if you overwrite some data with others, the previous record will not be completely erased. With the help of modern means of magnetic microscopy (Magnetic Force Microscopy - MFM), they can still be restored. With these programs, you can securely delete files from your hard drive without leaving any traces of their existence;
- - all three programs save confidential data in a securely encrypted form on the hard disk and provide transparent access to this data from any application program;
- - they protect encrypted container files from accidental deletion;
- - do an excellent job with Trojans and viruses.
User identification methods
Before accessing the aircraft, the user must identify himself, and the security mechanisms of the network then authenticate the user, that is, check whether the user is really who he claims to be. In accordance with the logical model of the protection mechanism, the aircraft are located on a working computer to which the user is connected through his terminal or in some other way. Therefore, identification, authentication and authorization procedures are performed at the start of a session on the local work computer.
Subsequently, when various network protocols are established and prior to gaining access to network resources, identification, authentication and authorization procedures can be reactivated on some remote desktop computers to accommodate the required resources or network services.
When a user starts working on a computing system using a terminal, the system asks for his name and identification number. In accordance with the answers of the user, the computer system makes his identification. In a network, it is more natural for interconnected entities to identify each other.
Passwords are just one way to authenticate. There are other ways:
- 1. Predefined information at the disposal of the user: password, personal identification number, agreement on the use of special encrypted phrases.
- 2. Hardware elements at the disposal of the user: keys, magnetic cards, microcircuits, etc.
- 3. Typical personal characteristics of the user: fingerprints, drawing of the retina of the eye, the size of the figure, the timbre of the voice and other more complex medical and biochemical properties.
- 4. Typical techniques and traits of user behavior in real time: features of dynamics, style of work on the keyboard, reading speed, ability to use manipulators, etc.
- 5. Habits: the use of specific computer workpieces.
- 6. User skills and knowledge due to education, culture, training, background, upbringing, habits, etc.
If someone wishes to log into a computer system through a terminal or perform a batch job, the computer system must authenticate the user. The user himself usually does not authenticate the computing system. If the authentication procedure is one-way, such a procedure is called one-way object authentication (9).
Specialized software for information security.
Specialized software tools for protecting information from unauthorized access generally have the best opportunities and characteristics than the built-in tools of the network OS. In addition to encryption programs, there are many other external security tools available. Of the most frequently mentioned, the following two systems should be noted, which make it possible to restrict information flows.
Firewalls - firewalls (literally firewall - wall of fire). Between the local and global networks, special intermediate servers are created that inspect and filter all network / transport layer traffic passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger at all. A more secure version of the method is masquerading, when all traffic outgoing from the local network is sent on behalf of the firewall server, making the local network almost invisible.
Proxy-servers (proxy - power of attorney, trusted person). All network / transport layer traffic between the local and global networks is completely prohibited - there is simply no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, with this method, calls from the global network to the local one become impossible in principle. It is also obvious that this method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java code and JavaScript).
Let's take a closer look at how the firewall works. It is a method of protecting a network from security threats from other systems and networks by centralizing and controlling network access with hardware and software. A firewall is a security barrier made up of several components (for example, a router or gateway that runs the firewall software). The firewall is configured according to the organization's internal network access control policy. All incoming and outgoing packets must go through a firewall that only allows authorized packets to pass.
A packet filtering firewall is a router or computer that is running software that is configured to reject certain types of incoming and outgoing packets. Packet filtering is carried out based on information contained in the TCP and IP headers of packets (addresses of the sender and recipient, their port numbers, etc.).
Expert-level firewall - checks the contents of received packets at three layers of the OSI model - network, session and application. To accomplish this task, special packet filtering algorithms are used to compare each packet against a known pattern of authorized packets.
The creation of a firewall is related to the solution of the problem of shielding. The formal setting of the screening problem is as follows. Let there are two sets of information systems. A screen is a means of differentiating access of clients from one set to servers from another set. The screen performs its functions by controlling all information flows between two sets of systems (Fig. 6). Controlling streams consists in filtering them, possibly performing some transformations.
At the next level of detail, the screen (semi-permeable membrane) is conveniently thought of as a sequence of filters. Each of the filters, after analyzing the data, can delay (not skip) them, and can immediately "throw" off the screen. In addition, it is allowed to transform data, transfer a portion of data to the next filter to continue the analysis, or process data on behalf of the addressee and return the result to the sender (Fig. 7).
Rice. 7
In addition to the functions of access control, the screens carry out the logging of information exchange.
Usually the screen is not symmetrical, the terms "inside" and "outside" are defined for it. In this case, the problem of shielding is formulated as protecting the inner region from a potentially hostile outer one. Thus, firewalls (FW) are most often installed to protect the corporate network of an organization with Internet access.
Shielding helps maintain the availability of back-end services by reducing or eliminating the load caused by outside activity. The vulnerability of internal security services is reduced, since the attacker initially has to overcome the screen, where the protective mechanisms are especially carefully configured. In addition, the shielding system, in contrast to the universal one, can be arranged in a simpler and, therefore, safer way.
Shielding also makes it possible to control information flows directed to the external area, which contributes to maintaining the confidentiality regime in the organization's IS.
The shielding can be partial, protecting certain information services (for example, e-mail shielding).
A bounding interface can also be thought of as a kind of escaping. An invisible object is difficult to attack, especially with a fixed set of tools. In this sense, the Web interface is naturally secure, especially when hypertext documents are generated dynamically. Each user sees only what he is supposed to see. An analogy can be drawn between dynamically generated hypertext documents and representations in relational databases, with the essential caveat that in the case of the Web, the possibilities are much wider.
The shielding role of a Web service is also clearly manifested when this service mediates (more precisely, integrates) functions when accessing other resources, such as database tables. It not only controls the flow of requests, but also hides the real organization of the data.
Architectural security aspects
It is not possible to fight the threats inherent in the network environment using universal operating systems. A generic OS is a huge program, probably containing, in addition to obvious errors, some features that can be used to illegally gain privileges. Modern technology programming does not allow making such large programs safe. In addition, an administrator dealing with a complex system is not always able to take into account all the consequences of the changes made. Finally, in a universal multi-user system, security holes are constantly created by the users themselves (weak and / or rarely changed passwords, poorly set access rights, an unattended terminal, etc.). The only promising way is associated with the development of specialized security services, which, due to their simplicity, allow formal or informal verification. The firewall is just such a tool that allows further decomposition associated with servicing various network protocols.
The firewall is located between the protected (internal) network and the external environment (external networks or other segments of the corporate network). In the first case, they talk about the external ME, in the second - about the internal one. Depending on your point of view, an external firewall can be considered the first or last (but by no means the only) line of defense. The first is when you look at the world through the eyes of an external attacker. The latter - if we strive to protect all components of the corporate network and prevent illegal actions of internal users.
A firewall is the ideal place to embed active auditing. On the one hand, both at the first and at the last defensive line, identifying suspicious activity is important in its own way. On the other hand, ME is capable of realizing an arbitrarily powerful reaction to suspicious activity, up to the severing of communication with the external environment. However, you need to be aware that connecting two security services can, in principle, create a hole conducive to availability attacks.
It is advisable to assign to the firewall the identification / authentication of external users who need access to corporate resources (with support for the concept of single sign-on to the network).
Due to the principles of defense separation, two-piece shielding is usually used to protect external connections (see Figure 8). Primary filtering (for example, blocking SNMP control protocol packets, dangerous with attacks on availability, or packets with certain IP addresses included in the "black list") is performed by the border router (see also the next section), behind which is the so-called demilitarized zone ( a network with moderate security confidence, where external information services of the organization are taken out - Web, e-mail, etc.) and the main ME that protects the internal part of the corporate network.
In theory, a firewall (especially an internal one) should be multi-protocol, but in practice the dominance of the TCP / IP protocol family is so great that support for other protocols seems to be an overkill, harmful to security (the more complex the service, the more vulnerable it is).
Rice. eight
Generally speaking, both external and internal firewalls can become a bottleneck as the volume of network traffic tends to grow rapidly. One of the approaches to solving this problem involves dividing the ME into several hardware parts and organizing specialized intermediary servers. The main firewall can roughly classify incoming traffic by type and delegate filtering to appropriate intermediaries (for example, an intermediary that analyzes HTTP traffic). Outbound traffic is first processed by an intermediary server, which can also perform functionally useful actions, such as caching pages of external Web servers, which reduces the load on the network in general and the main ME in particular.
Situations when a corporate network contains only one external channel are the exception rather than the rule. On the contrary, a typical situation is in which a corporate network consists of several geographically dispersed segments, each of which is connected to the Internet. In this case, each connection must be protected by its own screen. More precisely, we can consider that the corporate external firewall is composite, and it is required to solve the problem of consistent administration (management and audit) of all components.
The opposite of composite corporate MEs (or their components) are personal firewalls and personal shielding devices. The first are software products that are installed on personal computers and only protect them. The latter are implemented on separate devices and protect a small local area network such as a home office network.
When deploying firewalls, you should follow the principles of architectural security we have discussed earlier, first of all taking care of simplicity and manageability, the separation of defense, as well as the impossibility of transitioning to an unsafe state. In addition, not only external but also internal threats should be taken into account.
Systems for archiving and duplicating information
Organization of a reliable and efficient data archiving system is one of the most important tasks in ensuring the safety of information on the network. In small networks where one or two servers are installed, it is most often used to install the archiving system directly into free server slots. In large corporate networks, it is most preferable to organize a dedicated specialized archive server.
Such a server automatically archives information from hard disks of servers and workstations at the time specified by the administrator of the local computer network, issuing a report on the backup.
The storage of archival information of particular value should be organized in a special guarded room. Experts recommend storing duplicate archives of the most valuable data in another building, in case of fire or natural disaster. To ensure data recovery in case of failures of magnetic disks, systems disk arrays- Disk groups working as a single device that comply with the RAID (Redundant Arrays of Inexpensive Disks) standard. These arrays provide the most high speed writing / reading data, the ability to fully recover data and replace failed disks in hot mode (without turning off the rest of the array's disks).
The organization of disk arrays provides for various technical solutions implemented at several levels:
RAID level 0 allows you to easily split the data stream between two or more drives. The advantage of this solution is that I / O speed increases in proportion to the number of disks in the array.
RAID level 1 consists of organizing so-called "mirrored" disks. During data recording, the information of the main disk of the system is duplicated on the mirrored disk, and if the primary disk fails, the "mirrored" disk is immediately turned on.
RAID levels 2 and 3 provide for the creation of parallel disk arrays, when written to which data is spread across the disks at a bit level.
RAID levels 4 and 5 are a modification of level zero, in which the data stream is distributed across the disks of the array. The difference is that at level 4 a special disk is allocated for storing redundant information, and at level 5 the redundant information is distributed across all disks in the array.
Improving the reliability and data protection in the network, based on the use of redundant information, is implemented not only at the level of individual network elements, such as disk arrays, but also at the network operating system level. For example, Novell implements fault-tolerant versions of the Netware operating system - SFT (System Fault Tolerance):
- - SFT Level I. The first level provides for the creation of additional copies of FAT and Directory Entries Tables, immediate verification of each newly written data block to the file server, as well as backing up on each hard disk about 2% of the disk space.
- - SFT Level II additionally contained the ability to create "mirrored" drives, as well as duplication of disk controllers, power supplies and interface cables.
- - The SFT Level III version allows the use of duplicated servers in the local network, one of which is the "master", and the second, containing a copy of all information, comes into operation in the event of a "master" server failure.
Security analysis
The security analysis service is designed to identify vulnerabilities in order to quickly eliminate them. By itself, this service does not protect against anything, but it helps to detect (and eliminate) security gaps before an attacker can exploit them. First of all, I mean not architectural (they are difficult to eliminate), but "operational" gaps that appeared as a result of administration errors or due to inattention to updating software versions.
Security analysis systems (also called security scanners), like the active audit tools discussed above, are based on the accumulation and use of knowledge. This refers to knowing about security gaps: how to look for them, how serious they are, and how to address them.
Accordingly, the core of such systems is the base of vulnerabilities, which determines the available range of capabilities and requires almost constant updating.
In principle, gaps of a very different nature can be detected: the presence of malware (in particular, viruses), weak user passwords, poorly configured operating systems, unsafe network services, uninstalled patches, application vulnerabilities, etc. However, the most effective are network scanners (obviously due to the dominance of the TCP / IP protocol family), as well as anti-virus tools (10). We classify anti-virus protection as a security analysis tool, not counting it as a separate security service.
Scanners can identify vulnerabilities both by passive analysis, that is, by examining configuration files, used ports, etc., and by imitating the actions of an attacker. Some vulnerabilities found can be eliminated automatically (for example, disinfection of infected files), others are reported to the administrator.
The control provided by security analysis systems is reactive, lagging in nature, it does not protect against new attacks, but it should be remembered that the defense must be echeloned, and security control is quite adequate as one of the lines. It is known that the overwhelming majority of attacks are routine in nature; they are only possible because known security holes remain unresolved for years.
Software protection- This is the most common method of protecting information in computers and information networks. Usually they are used when it is difficult to use some other methods and means. User authentication is usually done by the operating system. The user is identified by his name, and the password is the means of authentication.
Software protection means a set of algorithms and programs for special purposes and general support for the operation of computers and information networks. They are aimed at: control and delimitation of access to information, exclusion of unauthorized actions with it, management of security devices, etc. Software protection tools have versatility, ease of implementation, flexibility, adaptability, the ability to customize the system, etc.
Software tools are widely used to protect against computer viruses... For protecting machines from computer viruses , prophylaxis and “cure”, antivirus programs, as well as diagnostic and prophylactic tools are used to prevent a virus from entering the computer system, treat infected files and disks, and detect and prevent suspicious actions. Antivirus software is rated for its detection accuracy and effective elimination of viruses, ease of use, cost, and network connectivity.
The most popular are programs designed to prevent infection, detect and destroy viruses. Among them are the domestic anti-virus programs DrWeb (Doctor Web) by I. Danilov and AVP (Antiviral Toolkit Pro) by E. Kaspersky. They have a user-friendly interface, tools for scanning programs, checking the system at boot, etc. Foreign anti-virus programs are also used in Russia.
There are no absolutely reliable programs that guarantee the detection and destruction of any virus. Only a multi-layered defense can provide the most complete protection against viruses. Prevention is an important element of protection against computer viruses. Antivirus programs are used simultaneously with regular data backups and preventive measures. Together, these measures can significantly reduce the likelihood of contracting the virus.
The main measures for the prevention of viruses are:
1) the use of licensed software;
2) regular use of several constantly updated antivirus programs to check not only their own storage media when transferring third-party files to them, but also any “foreign” floppy disks and disks with any information on them, incl. and reformatted;
3) the use of various protective measures when working on a computer in any information environment (for example, on the Internet). Scanning files received over the network for viruses;
4) periodic backups of the most valuable data and programs.
The most common sources of infection are computer games, acquired "unofficially" and unlicensed programs. Therefore, a reliable guarantee against viruses is the accuracy of users when choosing programs and installing them on a computer, as well as during sessions on the Internet. The likelihood of infection not from a computer network can be reduced to almost zero if you use only licensed, legal products and never let friends with unknown programs, especially games, on your computer. The most effective measure in this case is the establishment of access control, which does not allow viruses and defective programs to maliciously affect the data even if viruses penetrate into such a computer.
One of the most famous ways to protect information is its coding (encryption, cryptography). It does not save you from physical influences, but in other cases it serves as a reliable remedy.
The code is characterized by: the length- the number of characters used in encoding and structure- the order of arrangement of the symbols used to designate the classification feature.
By means of coding serves as a correspondence table. An example of such a table for translating alphanumeric information into computer codes is the ASCII code table.
The first encryption standard appeared in 1977 in the United States. The main criterion for the strength of any cipher or code is the available computing power and the time during which they can be deciphered. If this time is equal to several years, then the durability of such algorithms is sufficient for most organizations and individuals. To encrypt information, cryptographic methods of protecting it are increasingly used.
Cryptographic methods of information protection
Common cryptography techniques have been around for a long time. It is considered to be a powerful confidentiality and integrity control tool. So far, there is no alternative to cryptography methods.
The strength of the cryptoalgorithm depends on the complexity of the transformation methods. The State Technical Commission of the Russian Federation deals with the development, sale and use of data encryption tools and certification of data protection tools.
If you use 256 or more bit keys, then the level of data protection reliability will be tens and hundreds of years of supercomputer operation. For commercial applications, 40-, 44-bit keys are sufficient.
One of the important problems of information security is the organization of the protection of electronic data and electronic documents... To encode them, in order to meet the requirements for ensuring data security from unauthorized influences on them, an electronic digital signature (EDS) is used.
Electronic signature
Digital signature represents a sequence of characters. It depends on the message itself and on the secret key known only to the signer of the message.
The first domestic EDS standard appeared in 1994. The Federal Agency for Information Technologies (FAIT) deals with the use of digital signatures in Russia.
All the necessary measures to protect people, premises and data are implemented by highly qualified specialists. They form the basis of the corresponding divisions, are deputy heads of organizations, etc.
There are also technical means of protection.
Technical means of protection
Technical means of protection are used in various situations, are part of the physical means of protection and software technical systems, complexes and devices of access, video surveillance, alarm and other types of protection.
In the simplest situations, to protect personal computers from unauthorized launch and use of the data available on them, it is proposed to install devices that restrict access to them, as well as work with removable hard magnetic and magneto-optical disks, bootable CDs, flash memory, etc.
For the protection of objects in order to protect people, buildings, premises, material and technical means and information from unauthorized influences on them, active safety systems and measures are widely used. It is generally accepted to use access control systems (ACS) to protect objects. Such systems are usually automated systems and complexes formed on the basis of software and hardware.
In most cases, to protect information, restrict unauthorized access to it, to buildings, premises and other objects, you have to simultaneously use software and hardware, systems and devices.
The systems for protecting your computer from someone else's intrusion are very diverse and can be classified into groups such as:
- self-protection means provided by the general software;
- means of protection as part of a computing system;
- means of protection with a request for information;
- active protection means;
- means of passive protection, etc.
These protection groups are shown in more detail in Fig. 12.
Rice. 12. Software protection tools
The main directions of using software protection of information
The following areas of use of programs to ensure the security of confidential information can be distinguished, in particular, such as:
- protection of information from unauthorized access;
- protection of information from copying;
- protection of copy programs;
- protection of programmot viruses;
- protection of information from viruses;
- software protection of communication channels.
For each of these areas, there is a sufficient number of high-quality software products developed by professional organizations and distributed in the markets (Fig. 13).
Rice. 13.Software protections
Software protection have the following types of special programs:
Identification of hardware, files and user authentication;
Registration and control of the operation of technical means and users;
Maintenance of restricted information processing modes;
Protection of computer operating facilities and user application programs;
Destruction of information in the memory after use;
Signaling violations of the use of resources;
Supplementary protection programs for various purposes (Fig. 14).
Rice. 14. Spheres of software protection
Identification of hardware and files, carried out programmatically, is done on the basis of the analysis of the registration numbers of various components and objects of the information system and their comparison with the values of addresses and passwords stored in the memory of the control system.
To ensure the reliability of password protection, the operation of the protection system is organized in such a way that the probability of disclosure secret password and the matching of this or that file or terminal identifier was as small as possible. To do this, you need to periodically change the password, and set the number of characters in it to a sufficiently large one.
An efficient way to identify addressable elements and authenticate users is a challenge-response algorithm, according to which the security system issues a password request to the user, after which he must give a definite answer to it. Since the moments of entering a request and responding to it are unpredictable, this complicates the process of guessing the password, thereby providing higher security.
Obtaining permission to access certain resources can be carried out not only on the basis of using a secret password and subsequent authentication and identification procedures. This can be done in a more detailed way, taking into account the various features of the user operation modes, their powers, the categories of requested data and resources. This method is implemented by special programs that analyze the corresponding characteristics of users, the content of tasks, the parameters of hardware and software, memory devices, etc.
The specific data related to the request entering the security system are compared during the operation of the security programs with the data entered in the registration secret tables (matrices). These tables, as well as programs for their formation and processing, are stored in encrypted form and are under the special control of the administrator (administrators) of the information network security.
To delimit the access of individual users to a well-defined category of information, individual measures of the secrecy of these files and special control of users' access to them are applied. The secrecy stamp can be formed in the form of three-bit code words, which are stored in the file itself or in a special table. The same table records: the identifier of the user who created the file; terminal identifiers from which the file can be accessed; user IDs who are allowed to access this file, as well as their rights to use the file (reading, editing, erasing, updating, executing, etc.). It is important not to allow mutual influence of users in the process of accessing files. If, for example, several users have the right to edit the same record, then each of them must save his version of the revision (several copies of the records are made for the purpose of possible analysis and establishment of powers).
Protection of information from unauthorized access
To protect against someone else's intrusion, certain security measures are necessarily provided. The main functions that must be carried out by software are:
- identification of subjects and objects;
- delimitation (sometimes complete isolation) of access to computing resources and information;
- control and registration of actions with information and programs.
The procedure for identification and authentication involves checking whether the subject accessing (or the object being accessed) is who he claims to be. Such checks can be one-time or periodic (especially in cases of long sessions of work). Various methods are used in identification procedures:
- simple, complex or one-time passwords;
- exchange of questions and answers with the administrator;
- keys, magnetic cards, badges, tokens;
- tools for analyzing individual characteristics (voice, fingerprints, geometric parameters of hands, face);
- special identifiers or checksums for hardware, programs, data, etc.
The most common authentication method is password authentication.
Practice has shown that password protection of data is a weak link, since the password can be eavesdropped or spied on, the password can be intercepted, or even simple to guess.
To protect the password itself, certain recommendations have been developed on how to make the password reliable:
- the password must contain at least eight characters. The fewer characters a password contains, the easier it is to guess;
- do not use an obvious set of characters as a password, for example, your name, date of birth, names of loved ones or the names of your programs. It is best to use an unknown formula or quote for this purpose;
- if the cryptographic program allows, enter at least one space, non-alphabetic character or uppercase letter in the password;
- do not tell anyone your password, do not write it down. If you had to break these rules, hide the sheet in a lockable box;
- change your password more often;
- do not enter a password in a dialog establishment procedure or a macro.
Remember that the password typed on the keyboard is often stored in the auto-login command sequence.
Checksum calculations are often used to identify programs and data, however, as with password authentication, it is important to eliminate the possibility of forgery while maintaining the correct checksum. This is achieved through the use of sophisticated checksum methods based on cryptographic algorithms. It is possible to ensure data protection against counterfeiting (imitation resistance) by using various encryption methods and digital signature methods based on public key cryptographic systems.
After completing the identification and authentication procedures, the user gains access to the computer system, and information is protected at three levels:
- equipment;
- software;
- data.
Protection at the hardware and software level provides for the control of access to computing resources: individual devices, RAM, operating system, special service or personal user programs.
Information protection at the data level is aimed at:
- to protect information when accessing it while working on a PC and performing only permitted operations on them;
- to protect information during its transmission through communication channels between different computers.
Information access control allows you to answer questions:
- who can perform and what operations;
- what data is allowed to perform operations.
The object to which access is controlled can be a file, a record in a file, or a separate field of a file record, and as factors that determine the order of access, a specific event, data values, system state, user authority, history of access, and other data.
Event-driven access provides for blocking user access. For example, at certain intervals or when accessed from a certain terminal. Stateful access is based on current state computing system, control programs and security systems.
With regard to access, depending on the authority, it provides for the user's access to programs, data, equipment, depending on the provided mode. These modes can be: "read only", "read and write", "execute only", etc.
Most access controls are based on some form of access matrix view.
Another approach to building access protection tools is based on controlling information flows and dividing subjects and objects of access into confidentiality classes.
Registration tools, like access controls, are effective measures to protect against unauthorized actions. However, if access controls are designed to prevent such actions, then the task of registration is to detect actions already taken or their attempts.
In general, a complex of software and hardware tools and organized (procedural) solutions to protect information from unauthorized access (NSD) is implemented by the following actions:
- access control;
- registration and accounting;
- the use of cryptographic means;
- ensuring the integrity of information.
The following forms of access control and differentiation can be noted, which are widely used in practice.
1. Prevention of access:
- to the hard disk;
- to separate sections;
- to separate files;
- to catalogs;
- to floppy disks;
- to removable media.
2. Setting access privileges to a group of files.
3. Protection against modification:
- files;
- catalogs.
4. Protection against destruction:
- files;
- catalogs.
5. Copy Prevention:
- files;
- catalogs;
- applied programs.
6. Dimming the screen after the time set by the user.
Data protection tools are summarized in Fig. 15.
Rice. 15. Data protection means
Copy protection
Copy protection tools prevent the use of stolen copies of software and are currently the only reliable means - both protecting the copyright of programmers-developers and stimulating the development of the market. Copy protection means means that ensure that the program performs its functions only upon recognition of some unique non-copyable element. Such an element (called a key) can be a floppy disk, a certain part of a computer, or a special device connected to a PC. Copy protection is implemented by performing a number of functions that are common to all protection systems:
- identification of the environment from which the program will be launched;
- authentication of the environment from which the program is launched;
- reaction to launch from an unauthorized environment;
- registration of authorized copying;
- opposition to the study of the algorithms of the system.
The environment from which the program will be launched means either a floppy disk or a PC (if the installation takes place on a hard drive). Identifying the environment consists in naming the environment in some way in order to further authenticate it. To identify an environment means to attach to it some specially created or measured, rarely repeated and difficult to fake characteristics - identifiers. Floppy disk identification can be done in two ways.
The first is based on damaging some part of the floppy disk surface. A common way of such identification is the "laser hole". With this method, a floppy disk is burned in a certain place with a laser beam. Obviously, making exactly the same hole in the copy diskette and in the same place as on the original diskette is quite difficult.
The second method of identification is based on non-standard formatting of a floppy disk.
The reaction to launch from an unauthorized environment usually boils down to issuing a corresponding message.
Protection of information from destruction
One of the tasks of ensuring security for all cases of using a PC is to protect information from destruction that can occur during the preparation and implementation of various recovery measures (reservation, creation and updating of the insurance fund, maintaining information archives, etc.). Since the reasons for the destruction of information are very diverse (unauthorized actions, software and hardware errors, computer viruses, etc.), then taking insurance measures is mandatory for everyone who uses personal computers.
It is necessary to specially note the danger of computer viruses. Many computer users (PC) are well aware of them, and those who are not yet familiar with them will soon get acquainted. A computer virus is a small, rather complex, carefully composed and dangerous program that can multiply independently, transfer itself to disks, attach itself to other people's programs and be transmitted over information networks. A virus is usually created to disrupt the operation of a computer in various ways - from "harmless" issuing a message to erasing or destroying files.
The bulk of viruses are created by people who are hooligan programmers, mainly to amuse their vanity or to make money selling antivirus software. Antivirus is a program that detects or detects and removes viruses. Such programs are specialized or universal. What is the difference between a universal antivirus and a specialized one? The specialized one is able to fight only with already written, working viruses, and the universal one - and with not yet written.
Most antivirus programs belong to specialized ones: AIDSTEST, VDEATH, SERUM-3, ANTI-KOT, SCAN and hundreds of others. Each of them recognizes one or more specific viruses, not reacting in any way to the presence of the rest.
Universal antiviruses are designed to combat entire classes of viruses. By design, universal antiviruses can be quite different. Resident antiviruses and auditor programs are widely used.
Both those and other antivirus programs have certain capabilities - positive and negative (disadvantages) characteristics. The specialized, in their simplicity, are too narrowly specialized. With a significant variety of viruses, the same variety of antiviruses is required.
In addition to using antivirus programs to protect against viruses, organizational security measures are also widely used. To reduce the risk of viral attacks, it is possible to take certain actions, which can be reduced or expanded for each specific case. Here are some of these actions:
1. Inform all employees of the enterprise about the danger and possible damage in the event of virus attacks.
2. Do not carry out official relations with other enterprises for the exchange (receipt) of software. Prohibit employees from bringing programs "from outside" to install them in information processing systems. Only officially distributed software should be used.
3. To prohibit employees from using computer games on a PC that process confidential information.
4. For access to third-party information networks, allocate a separate special place.
5. Create an archive of copies of programs and data.
6. Periodically check by checksum or comparison with "clean" programs.
7. Install information security systems on especially important personal computers. Apply special anti-virus tools.
Software protection information - it is a system of special programs included in the software that implements information security functions.
Information is one of the most valuable resources of any company, therefore ensuring the protection of information is one of the most important and priority tasks. The security of an information system is a property that consists in the ability of a system to ensure its normal functioning, that is, to ensure the integrity and secrecy of information. To ensure the integrity and confidentiality of information, it is necessary to protect information from accidental destruction or unauthorized access to it.Integrity means the impossibility of unauthorized or accidental destruction, as well as modification of information. Under the confidentiality of information - the impossibility of leakage and unauthorized seizure of stored, transmitted or received information.
The following sources of threats to the security of information systems are known:
Anthropogenic sources caused by accidental or deliberate acts of subjects;
man-made sources leading to failures and failures of hardware and software due to outdated software and hardware or software errors;
spontaneous sources caused by natural disasters or force majeure.
In turn, anthropogenic sources of threats are divided:
On internal (influences from company employees) and external (unauthorized interference of unauthorized persons from external networks general purpose) sources;
on unintentional (accidental) and intentional actions of subjects.
There are many possible directions of information leakage and ways of unauthorized access to it in systems and networks:
Interception of information;
modification of information (the original message or document is changed or replaced by another and sent to the addressee);
substitution of authorship of information (someone can send a letter or document on your behalf);
exploiting the shortcomings of operating systems and application software;
copying data carriers and files with overcoming security measures;
illegal connection to equipment and communication lines;
masquerading as a registered user and assigning his powers;
introduction of new users;
the introduction of computer viruses and so on.
To ensure the security of information systems, information protection systems are used, which are a complex of organizational and technological measures, software and hardware tools and legal norms aimed at countering sources of threats to information security.
An integrated approach integrates threat mitigation techniques to create a systems security architecture. It should be noted that any information protection system is not completely secure. You always have to choose between the level of protection and the efficiency of information systems.
The means of protecting IP information from the actions of subjects include:
Means of protecting information from unauthorized access;
information protection in computer networks;
cryptographic protection of information;
electronic digital signature;
protection of information from computer viruses.
Means of protecting information from unauthorized access
Gaining access to the resources of the information system involves the implementation of three procedures: identification, authentication and authorization.
Identification is the assignment of unique names and codes (identifiers) to a user (object or subject of resources).
Authentication - establishing the identity of the user who submitted the identifier or verifying that the person or device that provided the identifier is indeed who it claims to be. The most common way to authenticate is to assign a password to the user and store it on the computer.
Authorization - checking the authority or checking the user's right to access specific resources and perform certain operations on them. Authorization is carried out in order to differentiate access rights to network and computer resources.
Information protection in computer networks
Local networks of enterprises are very often connected to the Internet. To protect local networks of companies, as a rule, firewalls are used - firewalls. A screen (firewall) is an access control tool that allows you to divide the network into two parts (the border runs between the local network and the Internet) and form a set of rules that determine the conditions for the passage of packets from one part to another. Screens can be implemented both in hardware and software.
Cryptographic information protection
To ensure the secrecy of information, its encryption or cryptography is used. For encryption, an algorithm or device is used that implements a specific algorithm. The encryption is controlled by a variable key code.
The encrypted information can only be retrieved using a key. Cryptography is a very effective method that increases the security of data transmission in computer networks and in the exchange of information between remote computers.
Electronic digital signature
To exclude the possibility of modifying the original message or replacing this message with another, it is necessary to transmit the message along with an electronic signature. An electronic digital signature is a sequence of characters obtained as a result of cryptographic transformation of the original message using a private key and allows you to determine the integrity of the message and its identity with the author using the public key.
In other words, a message encrypted with a private key is called an electronic digital signature. The sender transmits the unencrypted message in its original form along with a digital signature. The recipient uses the public key to decrypt the message's character set from the digital signature and compares it to the unencrypted message's character set.
With a complete match of characters, it can be argued that the received message is not modified and belongs to its author.
Information protection from computer viruses
A computer virus is a small malicious program that can independently create copies of itself and inject them into programs (executable files), documents, boot sectors of storage media and spread through communication channels.
Depending on the habitat, the main types of computer viruses are:
1. Software (infect files with the .COM and .EXE extensions) viruses.
2. Boot viruses.
3. Macroviruses.
4. Network viruses.
Information security tools
Information security means are a set of engineering, electrical, electronic, optical and other devices and devices, devices and technical systems, as well as other proprietary elements used to solve various problems of information protection, including preventing leakage and ensuring the security of the protected information.In general, the means of ensuring the protection of information in terms of preventing deliberate actions, depending on the method of implementation, can be divided into groups:
Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.) that solve information security problems with hardware. They prevent access to information, including by masking it. Hardware includes: noise generators, surge protectors, scanning radios, and many other devices that "block" potential information leakage channels or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses - lack of flexibility, relatively large volume and weight, high cost.
Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the protection system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, ability to modify and develop. Disadvantages - limited network functionality, the use of some of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware).
Mixed hardware / software implements the same functions as hardware and software separately and has intermediate properties.
Organizational means consist of organizational and technical (preparation of rooms with computers, laying of a cable system taking into account the requirements of restricting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions in the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including general organization work in a specific department.
According to the degree of distribution and availability, software tools are allocated, other tools are used in cases where an additional level of information protection is required.
Firewalls (also called firewalls or firewalls - from German Brandmauer, English firewall - "fire wall"). Special intermediate servers are created between the local and global networks, which inspect and filter all traffic of the network / transport layers passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger completely. A more secure version of the method is masquerading, when all traffic outgoing from the local network is sent on behalf of the firewall server, making the local network almost invisible.
VPN (virtual private network) allows you to transfer sensitive information over networks in which it is possible for unauthorized people to eavesdrop on traffic.
Hardware protection means include various electronic, electro-mechanical, electro-optical devices.
To date, a significant number of hardware for various purposes has been developed, but the following are most widespread:
Special registers for storing security details: passwords, identifying codes, stamps or secrecy levels;
devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him;
circuits for interrupting the transmission of information in the communication line in order to periodically check the address of the data issue;
devices for encrypting information (cryptographic methods);
modules of trusted computer boot.
To protect the perimeter of the information system, the following are created:
Security and fire alarm systems;
digital video surveillance systems;
access control and management systems (ACS).
Protection of information from its leakage by technical communication channels is ensured by the following means and measures:
Using a shielded cable and laying wires and cables in shielded structures;
installation of high-frequency filters on communication lines;
construction of shielded rooms ("capsules");
use of shielded equipment;
installation of active noise systems;
creation of controlled areas.
Information protection of information
The construction of a protection system should be based on the following basic principles:1. Systematic approach;
2. An integrated approach;
... Reasonable sufficiency of means of protection;
... Reasonable redundancy of protection means;
... Flexibility of management and application;
... Openness of algorithms and protection mechanisms;
... Ease of application of protection, means and measures;
... Unification of means of protection.
The information sphere (environment) is a sphere of activity related to the creation, distribution, transformation and consumption of information. Any information security system has its own characteristics and at the same time must meet general requirements.
The general requirements for an information security system are as follows:
1. The information security system should be presented as something whole. The integrity of the system will be expressed in the presence of a single purpose of its functioning, information links between its elements, hierarchical structure of the management subsystem of the information security system.
2. The information protection system must ensure the security of information, media and protection of the interests of participants in information relations.
3. The information protection system as a whole, methods and means of protection should be as "transparent" as possible for the user, not create big additional inconveniences for him associated with procedures for accessing information and at the same time be insurmountable for unauthorized access by an attacker to protected information.
4. The information security system must provide information links within the system between its elements for their coordinated functioning and communication with the external environment, in front of which the system manifests its integrity and acts as a whole.
Thus, ensuring the security of information, including in computer systems, requires the preservation of the following properties:
1. Integrity. The integrity of information lies in its existence in an undistorted form, not changed in relation to some of its initial state.
2. Availability. This property characterizes the ability to provide timely and unimpeded user access to the data of interest.
3. Confidentiality. This is a property indicating the need to impose restrictions on access to it for a certain range of users.
A security threat is understood as a possible danger (potential or real) of committing any act (action or inaction) directed against the object of protection (information resources), damaging the owner or user, manifested in the danger of distortion, disclosure or loss of information. The implementation of one or another security threat can be carried out in order to violate the properties that ensure the security of information.
Information security systems
To protect information, an information protection system is created, consisting of a set of bodies and (or) performers, the protection techniques they use, organized and functioning according to the rules established by legal, regulatory and regulatory documents in the field of information protection.The state information protection system is formed by:
Federal Service for Technical and Export Control (FSTEC of Russia) and its central office;
FSB, MO, SVR, Ministry of Internal Affairs, their structural divisions for information protection;
structural and cross-sectoral divisions for the protection of information of public authorities;
special centers of FSTEC of Russia;
organizations for the protection of information of public authorities;
leading and leading research, scientific and technical, design and engineering institutions;
enterprises of the defense industries, their divisions for the protection of information;
enterprises specializing in work in the field of information security;
universities, institutes for the training and retraining of specialists in the field of information security.
FSTEC of Russia is a federal executive body that implements state policy, organizes interdepartmental coordination and interaction, special and control functions in the field of state security on:
Ensuring information security in key information infrastructure systems;
countering foreign technical intelligence;
ensuring the protection of information containing state secrets, not using cryptographic methods;
prevention of information leakage through technical channels, unauthorized access to it;
prevention of special influences on information (its carriers) with the aim of obtaining it, destroying, distorting and blocking access to it.
The President of the Russian Federation is in charge of the activities of the FSTEC of Russia.
Direct management of information protection work is carried out by the heads of state authorities and their deputies.
In the body of state power, technical commissions and intersectoral councils can be created.
The leading and leading research and development organizations of public authorities develop scientific foundations and concepts, projects of normative, technical and methodological documents on information protection. They are responsible for the development and adjustment of models of foreign technical intelligence services.
Enterprises engaged in activities in the field of information security must obtain a license for this type of activity. Licenses are issued by the FSTEC of Russia, the FSB, the SVR in accordance with their competence and on the proposal of a government authority.
The organization of work on the protection of information is entrusted to the heads of organizations. For methodological guidance and control over the provision of information protection, an information protection unit can be created or a person responsible (full-time or freelance) for information security can be appointed.
The development of the ZI system is carried out by the department for technical protection of information or by those responsible for this area in cooperation with the developers and those responsible for the operation of the ICT facilities. To carry out work on the creation of a ZI system, specialized enterprises that have the appropriate licenses can be involved on a contractual basis.
Work on the creation of the ZI system is carried out in three stages.
At the first stage, a technical task is developed for the creation of an information security system:
A ban is introduced on the processing of secret (official) information at all ICT facilities until the necessary protection measures are taken;
persons responsible for organizing and carrying out work to create an information security system are appointed;
subdivisions or individual specialists directly involved in the performance of these works are determined, the timing of the commissioning of the ZI system;
analysis of possible technical channels leaks of classified information;
a list of protected objects of the ICT is being developed;
categorization of OTSS, as well as VP is carried out;
the security class of the automated systems involved in the processing of secret (service) data is determined;
determined by KZ;
the capabilities of engineering and technical personnel and other sources of threats are assessed;
substantiates the need to attract specialized enterprises to create an information protection system;
a technical assignment (TOR) for the creation of an information security system is being developed.
The development of technical projects for the installation and installation of TSOI is carried out by design organizations licensed by FSTEC.
At stage II:
A list of organizational and technical measures for the protection of ICT facilities is being developed in accordance with the requirements of the TOR;
the composition of serially produced in a protected version of ICT, certified information security means, as well as the composition of technical means subject to special research and verification, is determined; technical passports for ICT facilities and instructions for ensuring the security of information at the stage of operation of technical means are being developed.
Stage III includes:
Conducting special studies and special checks of imported OTSS, as well as imported VTSS, installed in dedicated premises;
placement and installation of technical means that are part of the ICT facilities;
development and implementation of a permissive system for access to computer equipment and automated systems involved in the processing of secret (service) information;
acceptance tests of the information protection system based on the results of its trial operation;
certification of ICT facilities according to information security requirements.
Information security technologies
Along with a positive impact on all aspects of human activity, the widespread introduction of information technology has led to the emergence of new threats to human security. This is due to the fact that the information created, stored and processed by computer technology began to determine the actions of most people and technical systems. In this regard, the possibilities of causing damage associated with theft of information have sharply increased, since it is possible to influence any system (social, biological or technical) in order to destroy it, reduce the efficiency of functioning or steal its resources (money, goods, equipment) only in in the case when information about its structure and principles of functioning is known.All types of information threats can be divided into two large groups:
Failures and malfunctions of software and hardware;
- deliberate threats that are planned in advance by attackers to cause harm.
The following main groups of causes of failures and failures in the operation of computer systems are distinguished:
Violations of the physical and logical integrity stored in the operational and external memory data structures that arise due to aging or premature wear of their carriers;
- disturbances arising in the operation of hardware due to their aging or premature wear and tear;
- violations of the physical and logical integrity of data structures stored in the operational and external memory, arising from the incorrect use of computer resources;
- violations arising in the operation of hardware due to misuse or damage, including due to improper use of software;
- unresolved errors in software, not identified during debugging and testing, as well as remaining in hardware after their development.
In addition to natural methods of identifying and timely elimination of the above reasons, the following special methods of protecting information from violations of the performance of computer systems are used:
Introduction of structural, temporary, informational and functional redundancy of computer resources;
- protection against incorrect use of computer system resources;
- identification and timely elimination of errors at the stages of development of software and hardware.
Structural redundancy of computer resources is achieved by backing up hardware components and machine storage media, organizing the replacement of failed and timely replenishment of reserve components. Structural redundancy forms the basis of other types of redundancy.
The introduction of information redundancy is performed by periodic or permanent (background) data backup on the main and backup media. The backed up data ensures the recovery of accidentally or intentionally destroyed and distorted information. To restore the operability of a computer system after the appearance of a stable failure, in addition to backing up the usual data, it is necessary to back up system information in advance, as well as prepare recovery software.
Functional redundancy of computer resources is achieved by duplicating functions or introducing additional functions into the software and hardware resources of a computer system to increase its security against failures and failures, for example, periodic testing and recovery, as well as self-testing and self-healing of computer system components.
Protection against incorrect use of information resources lies in the correct functioning of the software from the standpoint of using the resources of the computing system. The program can accurately and timely perform its functions, but incorrectly use computer resources due to the lack of all necessary functions (for example, isolating sections of RAM for the operating system and application programs, protecting system areas on external media, maintaining data integrity and consistency).
The identification and elimination of errors in the development of software and hardware is achieved through the high-quality implementation of the basic stages of development based on a systematic analysis of the concept, design and implementation of the project.
However, the main type of threats to the integrity and confidentiality of information are deliberate threats that are planned in advance by cybercriminals to cause harm.
They can be divided into two groups:
Threats, the implementation of which is carried out with the constant participation of a person;
- Threats, the implementation of which, after an attacker has developed the corresponding computer programs, is carried out by these programs without direct human participation.
The tasks for protecting against threats of each type are the same:
Prohibition of unauthorized access (NSD) to the resources of computing systems;
- impossibility of unauthorized use of computer resources when accessing;
- timely detection of the fact of unauthorized actions, elimination of their causes and consequences.
The main way to prohibit unauthorized access to the resources of computing systems is to confirm the authenticity of users and delimit their access to information resources, which includes the following steps:
Identification;
- authentication (authentication);
- determination of powers for subsequent control and delimitation of access to computer resources.
Identification is necessary to indicate to the computer system a unique identifier for the user accessing it. The identifier can be any sequence of characters and must be registered in advance with the security administrator.
During the registration process, the following information is entered:
Surname, name, patronymic (if necessary, other characteristics of the user);
- unique user identifier;
- name of the authentication procedure;
- reference information for authentication (eg password);
- restrictions on the reference information used (for example, password validity time);
- the user's authority to access computer resources.
Authentication (authentication) consists in checking the validity of the user's credentials.
Technical information protection
Engineering and technical protection (ITZ) is a set of special bodies, technical means and measures for their use in order to protect confidential information.By their functional purpose, the means of engineering and technical protection are divided into the following groups:
1) Physical means, including various means and structures, preventing the physical penetration (or access) of intruders to the objects of protection and to material carriers of confidential information and protecting personnel, material resources, finances and information from unlawful influences.
Physical means include mechanical, electromechanical, electronic, electro-optical, radio and radio engineering and other devices for prohibiting unauthorized access (entry-exit), carrying (taking out) funds and materials and other possible types of criminal actions.
These means (technical protection of information) are used to solve the following tasks:
1. protection of the territory of the enterprise and supervision over it;
2. protection of buildings, internal premises and control over them;
3. protection of equipment, products, finance and information;
4. implementation of controlled access to buildings and premises.
All physical means of protecting objects can be divided into three categories: means of prevention, means of detection and systems of elimination of threats. Burglar alarms and CCTV, for example, are threat detection tools; fences around objects are a means of preventing unauthorized entry into the territory, and reinforced doors, walls, ceilings, bars on windows and other measures serve as protection from both entry and other criminal activities. Extinguishing media are classified as threat elimination systems.
In general, according to the physical nature and functional purpose, all means of this category can be divided into the following groups:
Security and security and fire systems;
security television;
security lighting;
physical protection equipment;
hardware.
This includes devices, devices, gadgets and other technical solutions used to protect information. The main task of the hardware is to provide stable protection of information from disclosure, leakage and unauthorized access through technical means of ensuring production activities;
2) Hardware information security means are different technical devices, systems and structures (technical protection of information) designed to protect information from disclosure, leakage and unauthorized access.
The use of information security hardware allows you to solve the following tasks:
Conducting special studies of technical means for the presence of possible channels of information leakage;
identification of information leakage channels at different objects and in premises;
localization of information leakage channels;
search and detection of means of industrial espionage;
counteracting unauthorized access to sources of confidential information and other actions.
By designation, hardware is classified into detection tools, search and detailed measurement tools, active and passive countermeasures. At the same time, in terms of technical capabilities, information security tools can be general-purpose, designed for use by non-professionals in order to obtain general assessments, and professional complexes that allow a thorough search, detection and measurement of all characteristics of industrial espionage tools.
The search equipment can be subdivided into equipment for searching for information retrieval and researching channels for its leakage.
Equipment of the first type is aimed at searching and localizing the means of unauthorized attackers already introduced by attackers. Equipment of the second type is designed to detect information leakage channels. The determining factor for this kind of systems is the efficiency of the study and the reliability of the results obtained. Professional search equipment, as a rule, is very expensive and requires high qualifications of a specialist working with it. In this regard, organizations that constantly conduct appropriate surveys can afford it.
3) Software. Information security software is a system of special programs that implement information security functions.
There are the following areas of using programs to ensure the security of confidential information:
Protection of information from unauthorized access;
protection of information from copying;
protection of information from viruses;
software protection of communication channels.
Protection of information from unauthorized access
To protect against someone else's intrusion, certain security measures are necessarily provided.
The main functions that must be carried out by software are:
Identification of subjects and objects;
differentiation of access to computing resources and information;
control and registration of actions with information and programs.
The identification and authentication procedure involves checking whether the accessor is who he claims to be.
The most common identification method is password authentication. Practice has shown that password protection of data is a weak link, since the password can be eavesdropped or spied on, the password can be intercepted, or even simple to guess.
After completing the identification and authentication procedures, the user gains access to the computer system, and information is protected at three levels: hardware, software, and data.
Copy protection
Copy protection tools prevent the use of illegal copies of the software and are currently the only reliable means of protecting the copyright of developers. Copy protection means means that ensure that the program performs its functions only upon recognition of some unique non-copyable element. Such an element (called a key) can be a specific part of a computer or a special device.
Protection of information from destruction
One of the tasks of ensuring security for all cases of using a computer is to protect information from destruction.
Since the reasons for the destruction of information are very diverse (unauthorized actions, software and hardware errors, computer viruses, etc.), then protective measures are mandatory for everyone who uses a computer.
It is necessary to specially note the danger of computer viruses. A computer virus is a small, rather complex and dangerous program that can multiply independently, attach itself to other people's programs and be transmitted over information networks. A virus is usually created to disrupt the operation of a computer in various ways - from "harmless" issuing a message to erasing or destroying files. Antivirus is a program that detects and removes viruses.
4) Cryptographic means are special mathematical and algorithmic means of protecting information transmitted through communication systems and networks, stored and processed on a computer using a variety of encryption methods.
The technical protection of information by transforming it, excluding its reading by unauthorized persons, worried a person for a long time. Cryptography must provide such a level of secrecy that it is possible to reliably protect critical information from decryption by large organizations - such as the mafia, multinational corporations and large states. In the past, cryptography was only used for military purposes. However, now, with the formation information society, it becomes a tool for privacy, trust, authorization, electronic payments, corporate security and countless other important things. Why has the problem of using cryptographic methods become especially urgent at the moment? On the one hand, the use of computer networks has expanded, in particular the global Internet network, through which large volumes of information of a state, military, commercial and private nature are transmitted, which does not allow unauthorized persons to access it.
On the other hand, the emergence of new powerful computers, technologies of network and neural computing made it possible to discredit cryptographic systems, which were considered practically undetected until recently.
Cryptology (kryptos - secret, logos - science) deals with the problem of protecting information by transforming it. Cryptology is divided into two areas - cryptography and cryptanalysis. The goals of these directions are exactly the opposite. Cryptography is concerned with finding and researching mathematical methods for transforming information.
The sphere of interest of cryptanalysis is the study of the possibility of decrypting information without knowing the keys.
Modern cryptography includes 4 major sections:
Symmetric cryptosystems.
Public key cryptosystems.
Electronic signature systems.
Key management.
The main directions of using cryptographic methods are the transfer of confidential information through communication channels (for example, e-mail), the authentication of transmitted messages, the storage of information (documents, databases) on media in encrypted form.
Terminology
Cryptography makes it possible to transform information in such a way that its reading (recovery) is possible only with knowledge of the key.
As information to be encrypted and decrypted, texts based on a certain alphabet will be considered. These terms mean the following.
The alphabet is a finite set of characters used to encode information. Text is an ordered collection of alphabetical elements.
Encryption is a transformation process: the original text, which is also called plain text, is replaced by cipher text.
Decryption is the reverse process of encryption. Based on the key, the ciphertext is converted to the original one.
The key is the information necessary for unhindered encryption and decryption of texts.
The cryptographic system is a family of T [T1, T2, ..., Tk] transformations of the plain text. Members of this family are indexed, or denoted by the symbol "k"; the parameter to is the key. The key space K is the set of possible key values. Typically, a key is a sequential series of letters of the alphabet.
Cryptosystems are divided into symmetric and public key. In symmetric cryptosystems, the same key is used for both encryption and decryption.
Public key systems use two keys, public and private, which are mathematically related to each other. Information is encrypted using a public key that is available to everyone, and decrypted using a private key known only to the recipient of the message.
The terms key distribution and key management refer to the processes of an information processing system, the content of which is the compilation and distribution of keys among users.
An electronic (digital) signature is a cryptographic transformation attached to the text, which allows, when the text is received by another user, to verify the authorship and authenticity of the message.
Crypto resistance is a characteristic of a cipher that determines its resistance to decryption without knowing the key (i.e., cryptanalysis).
The effectiveness of encryption in order to protect information depends on maintaining the secret of the key and the cryptographic strength of the cipher.
The simplest criterion for such efficiency is the probability of key disclosure or the cardinality of the set of keys (M). Essentially, this is the same as cryptographic strength. To estimate it numerically, you can also use the complexity of decrypting the cipher by enumerating all the keys.
However, this criterion does not take into account other important requirements for cryptosystems:
The impossibility of disclosing or meaningfully modifying information based on an analysis of its structure;
the perfection of the used security protocols;
the minimum amount of key information used;
minimum complexity of implementation (in the number of machine operations), its cost;
high efficiency.
Expert judgment and simulation are often more effective in selecting and evaluating a cryptographic system.
In any case, the selected complex of cryptographic methods should combine both convenience, flexibility and efficiency of use, as well as reliable protection from intruders of information circulating in the IS.
This division of information protection means (technical information protection) is rather arbitrary, since in practice they very often interact and are implemented in a complex in the form of software and hardware modules with extensive use of information closure algorithms.
Organization of information protection
Organization of information protection - the content and procedure for ensuring the protection of information.Information security system - a set of bodies and / or executors, the information security technology they use, as well as objects of protection, organized and functioning according to the rules established by the relevant legal, organizational, administrative and regulatory documents for the protection of information.
Information protection measure - a set of actions for the development and / or practical application of methods and means of information protection.
Measures to control the effectiveness of information protection - a set of actions for the development and / or practical application of methods [methods] and means of control of the effectiveness of information protection.
Information security technology - means of information security, means of monitoring the effectiveness of information security, means and management systems designed to ensure information security.
Object of protection - information or information carrier or information process in respect of which it is necessary to ensure protection in accordance with the stated goal of information protection.
Information protection method - the procedure and rules for the application of certain principles and means of information protection.
Method [method] of monitoring the effectiveness of information protection - the procedure and rules for the application of certain principles and means of monitoring the effectiveness of information protection.
Monitoring the status of information protection - checking the compliance of the organization and the effectiveness of information protection with the established requirements and / or standards in the field of information protection.
Information security means - hardware, software, substance and / or material designed or used to protect information.
Information protection effectiveness control means - hardware, software, substance and / or material designed or used to control the effectiveness of information protection.
Control of the organization of information protection - checking the compliance of the state of the organization, the availability and content of documents with the requirements of legal, organizational, administrative and regulatory documents for the protection of information.
Monitoring the effectiveness of information protection - checking the compliance of the effectiveness of information protection measures with the established requirements or standards for the effectiveness of information protection.
Organizational control of the effectiveness of information protection - checking the completeness and validity of measures to protect information to the requirements of regulatory documents on information protection.
Technical control of the effectiveness of information protection - control of the effectiveness of information protection carried out using control means.
Information - information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation.
Access to information is the receipt by a subject of the opportunity to familiarize himself with information, including with the help of technical means.
Subject of access to information - subject of access: a participant in legal relations in information processes.
Note: Information processes are the processes of creating, processing, storing, protecting against internal and external threats, transferring, receiving, using and destroying information.
Information carrier - an individual, or a material object, including a physical field, in which information is displayed in the form of symbols, images, signals, technical solutions and processes.
Information owner is a subject fully exercising the powers of possession, use, disposal of information in accordance with legislative acts.
Information owner - an entity that owns and uses information and exercises the powers of disposal within the limits of the rights established by law and / or the owner of the information.
User [consumer] of information - a subject using information received from its owner, owner or intermediary in accordance with the established rights and rules of access to information or in violation of them.
Right of access to information - right of access: a set of rules for access to information established by legal documents or the owner, owner of information.
Rule of access to information - an access rule: a set of rules governing the procedure and conditions for a subject's access to information and its carriers.
Information security body - an administrative body that organizes information security.
Data protection information
If you store information on your personal computer or on an external device, make sure that it does not store important information, and if it does, then it is reliably protected.Data encryption
You hear about data encryption almost every day, but it seems that no one uses it. I asked my friends if they use data encryption and none of them encrypt data on their computers and external hard drives. And these are the people who do everything online: from ordering a taxi and ordering food to reading newspapers. The only thing you can do is encrypt your data. It's quite difficult to do it on Windows or Mac, but if you do it once, then you don't have to do anything else.
You can also use TrueCrypt to encrypt data on flash drives and external storage devices. Encryption is necessary so that if someone uses your computer, flash drive or external storage device, then no one will be able to see your files. Without knowing your password, they will not be able to log into the system and will not have access to any files and data that are stored on the disk. This brings us to the next step.
Use strong passwords
Of course, encryption won't cost anything if anyone can just turn on your computer and attack your system until they guess the correct password. Use only a strong password, which consists of a combination of numbers, symbols and letters, so it will be more difficult to guess. There are, of course, ways to work around any questions, but there are things that can help you get around this problem, more on them later.
Two-factor authentication
So, the problem of encryption and complex passwords can still be cracked as long as we send them over the internet. For example, in a cafe you use wireless internet and went to a site that does not use the SSL protocol, that is, https in the address bar, at which time a hacker can easily intercept your password over the Wi-fi network.
How can you protect yourself in such a situation? First, do not work in an unsafe wireless network or on a public Wi-fi network. This is very risky. Second, there are two authentication factors that can be used. Basically, this means that you need to create two types of information and two passwords to enter the sites and to use the services. Google has two verification systems, and that's great. Even if someone has learned your complex password from Google, they will not be able to access your data until they enter the six-digit code that comes to your smartphone.
Essentially, they need not only your password, but also a smartphone to log in. This protection reduces your chances of being hacked. LastPass also works with Google Authenticator so you don't have to worry about your passwords. You will have one password and access code, which will only be available to you. In order to enter the Facebook system, you will receive an SMS with a code on your phone, which must be entered along with your password. Now your Facebook account will be difficult to hack.
Use the Paypal system. There is a special security key there. His concept is this: you need to send an SMS with a code to enter the system. What about a Wordpress blog? It can also use Google Authenticator to protect your site from hackers. The good thing about two-factor authentication is that it's easy to use and the most secure system for protecting your data. Check your favorite sites for two factor authentication.
Secure your network
Another aspect of security is the network that you use to communicate with the outside world. Is this your home wireless network? Are you using WEP or WPA or WPA2? Are you using an insecure network in hotels, airports, or coffee shops? The first thing you want to do is close your secure network, since you spend most of your time at the computer. You want to be on the safe side and choose the highest level of security possible. Check out my previous article on Wi-Fi wireless encryption.
There are many other things that can be done:
1. turn off broadcast SSID;
2. Enabling MAC-Address Filteirng;
3. Enabling AP Isolation.
You can read about this and other types of security on the Internet. The second thing you want to do (actually maybe the first one) is change the username and password used to access your wireless router. It's great if you install WPA2 with AES, but if someone uses the IP address of your router, that is, hacks your username and password, then they can block you from your router.
Fortunately, you can always regain access to your router, but this is a very risky business because someone could log into your router and then access your network. Logging into the router will allow you to see all clients that are connected to the router and their IP addresses. Buying a new wireless router and connecting to it for the first time is not a good idea. Be sure to turn on the firewall on your router and on your computer. This will prevent various applications from entering certain ports on your computer when communicating.
Antivirus software
If a virus or malware enters your computer, then all your previous actions will be useless. Someone can control the virus and transfer your data to their server. Antivirus is a must today, as is a good habit of scanning your computer.
Information access protection
Unauthorized access is reading, changing or destroying information in the absence of the appropriate authority to do so.The main typical ways of unauthorized obtaining of information:
Theft of information carriers;
copying of information carriers with overcoming protection measures;
disguise as a registered user;
hoax (disguise as system requests);
using the shortcomings of operating systems and programming languages;
interception of electronic emissions;
interception of acoustic emissions;
remote photography;
the use of eavesdropping devices;
malicious disabling of protection mechanisms.
To protect information from unauthorized access, the following are used:
Organizational activities.
Technical means.
Software.
Cryptography.
1. Organizational activities include:
Passage mode;
storage of media and devices in a safe (floppy disks, monitor, keyboard);
restriction of access of persons to computer rooms.
2. Technical means include various hardware methods of information protection:
Filters, screens for equipment;
key to lock the keyboard;
Authentication devices - for reading fingerprints, hand shape, iris, printing speed and techniques, etc.
3. Software means of information protection consist in the development of special software that would not allow an outsider to receive information from the system.
Password access;
lock the screen and keyboard using a combination of keys;
use of BIOS password protection (basic input-output system - basic input-output system).
4. Cryptographic information protection means its encryption when entering a computer system. The essence of this protection is that a certain encryption method (key) is applied to the document, after which the document becomes unavailable for reading by conventional means. Reading a document is possible with a key or using an adequate reading method. If in the process of exchanging information for encryption and reading one key is used, then the cryptographic process is symmetric. The disadvantage is the transfer of the key along with the document. Therefore, the INTERNET uses asymmetric cryptographic systems, where not one, but two keys are used. For work, 2 keys are used: one is public (public), and the other is private (private). The keys are constructed in such a way that a message encrypted with one half can only be decrypted by the other half. By creating a key pair, the company widely distributes the public key and stores the private key securely.
Both keys represent a kind of code sequence. The public key is published on the company's server. Anyone can encode any message using the public key, and only the owner of the private key can read it after encryption.
The principle of sufficiency of protection. Many users, receiving someone else's public key, want to get and use them, studying the algorithm of the encryption mechanism and trying to establish a method for decrypting the message in order to reconstruct the private key. The principle of sufficiency is to check the number of private key combinations.
The concept of an electronic signature. With the help of an electronic signature, the client can communicate with the bank, giving orders to transfer his funds to the accounts of other persons or organizations. If you need to create electronic signature, you should use a special program (received from the bank) to create the same 2 keys: private (remains with the client) and public (transferred to the bank).
Read protection is carried out:
At the DOS level, by introducing Hidden attributes for the file;
encryption.
The record is protected:
Setting the ReadOnly property for the files (read-only);
prohibiting writing to a floppy disk by moving or breaking the lever;
by prohibiting writing through the BIOS setting - "drive not installed".
When protecting information, the problem of reliable data destruction often arises, which is due to the following reasons:
When deleted, information is not completely erased;
even after formatting a floppy disk or disk, data can be recovered using special tools for the residual magnetic field.
For reliable deletion, special utilities are used that erase data by repeatedly writing a random sequence of zeros and ones in place of the deleted data.
Cryptographic information protection
The science dealing with the issues of secure communication (ie through encrypted messages is called Cryptology (kryptos - secret, logos - science). It in turn is divided into two areas of cryptography and cryptanalysis.Cryptography is the science of creating secure communication methods, of creating strong (break-resistant) ciphers. She is looking for mathematical methods for transforming information.
Cryptanalysis - this section is devoted to the study of the possibility of reading messages without knowing the keys, that is, it is directly related to breaking ciphers. People involved in cryptanalysis and cipher research are called cryptanalysts.
A cipher is a set of reversible transformations of a set of plain texts (i.e., the original message) into a set of cipher texts, carried out in order to protect them. The specific type of transformation is determined using the encryption key. Let's define a few more concepts that need to be learned in order to feel confident. First, encryption is the process of applying a cipher to the plaintext. Second, decryption is the process of applying the cipher back to the ciphertext. And thirdly, decryption is an attempt to read the ciphertext without knowing the key, i.e. breaking a ciphertext or cipher. The difference between decryption and decryption should be emphasized here. The first action is carried out by a legitimate user who knows the key, and the second by a cryptanalyst or powerful hacker.
Cryptographic system - a family of cipher transformations and a set of keys (i.e. algorithm + keys). The description of the algorithm itself is not a cryptosystem. Only supplemented by schemes for the distribution and management of keys does it become a system. Examples of algorithms are DES descriptions, GOST 28.147-89. Supplemented with key generation algorithms, they turn into cryptosystems. As a rule, the description of the encryption algorithm already includes all the necessary parts.
Modern cryptosystems are classified as follows:
Cryptosystems can provide not only the secrecy of transmitted messages, but also their authenticity (authenticity), as well as confirmation of the user's authenticity.
Symmetric cryptosystems (with a secret key - secret key systems) - these cryptosystems are built on the basis of keeping the encryption key secret. The encryption and decryption processes use the same key. The secrecy of the key is a postulate. The main problem when using symmetric cryptosystems for communication is the difficulty of transmitting the secret key to both parties. However, these systems are fast. The disclosure of the key by an attacker threatens to disclose only the information that was encrypted with this key. American and Russian encryption standards DES and GOST 28.147-89, candidates for AES - all these algorithms are representatives of symmetric cryptosystems.
Asymmetric cryptosystems (open encryption systems - o.sh., With a public key, etc. - public key systems) - the meaning of these cryptosystems is that different transformations are used for encryption and decryption. One of them - encryption - is completely open to everyone. Others - decrypted ones - remain secret. Thus, anyone who wants to encrypt something uses an open transformation. But only the one who owns the secret transformation can decipher and read it. At the moment, in many asymmetric cryptosystems, the type of transformation is determined by the key. Those. the user has two keys - a secret and a public one. The public key is published in a public place, and anyone who wants to send a message to this user encrypts the text with the public key. Only the mentioned user with the secret key can decrypt. Thus, the problem of transferring the secret key disappears (as in symmetric systems). However, despite all their advantages, these cryptosystems are quite laborious and slow. The stability of asymmetric cryptosystems is based mainly on the algorithmic difficulty of solving a problem in a reasonable time. If an attacker manages to build such an algorithm, then the entire system and all messages encrypted using this system will be discredited. This is the main danger of asymmetric cryptosystems as opposed to symmetric ones. Examples are o.sh systems. RSA, o.sh. system Rabin, etc.
One of the basic rules of cryptography (if we consider its commercial application, since everything is somewhat different at the state level) can be expressed as follows: breaking a cipher in order to read non-public information should cost an attacker much more than this information actually costs.
Cryptography
Cryptography refers to the techniques by which the content of the written was hidden from those who should not have read the text.
Since ancient times, humanity has exchanged information by sending paper letters to each other. In ancient Veliky Novgorod, it was necessary to fold their birch bark letters with words outward - only in this way could they be transported and stored, otherwise they would unfold spontaneously due to changes in the level of humidity. It was similar to modern postcards, in which the text, as you know, is also open to prying eyes.
The sending of birch bark messages was very widespread, but it had one serious drawback - the contents of the messages were in no way protected from selfish interests or from the idle curiosity of some people. In this regard, over time, these messages began to roll up in a special way - so that the text of the message was from the inside. When this turned out to be insufficient, the letter began to be sealed with a wax, and at a later time with a wax personal seal. Such seals were almost always not so much and not only in fashion as in everyday everyday use. Usually seals were made in the form of rings with raised pictures. A great variety of them are kept in the antique section of the Hermitage.
According to some historians, seals were invented by the Chinese, although the ancient cameos of Babylon, Egypt, Greece and Rome are practically indistinguishable from seals. Wax in ancient times, and sealing wax in ours can help maintain the secrets of postal correspondence.
There are very, very few exact dates and absolutely indisputable data on cryptography in antiquity, therefore, on our website, many facts are presented through artistic analysis. However, along with the invention of ciphers, there were, of course, methods of hiding text from prying eyes. In ancient Greece, for example, for this they once shaved a slave, put an inscription on his head, and, after the hair had grown back, was sent with an assignment to the addressee.
Encryption is a way of converting open information into private information and vice versa. Applied for storage important information in unreliable sources or transmitting it through unprotected communication channels. According to GOST 28147-89, encryption is divided into the process of encryption and decryption.
Steganography is the science of covert transmission of information by keeping the very fact of transmission secret.
Unlike cryptography, which hides the contents of a secret message, steganography hides its very existence. Steganography is usually used in conjunction with cryptography techniques, thus complementing it.
Basic principles of computer steganography and its fields of application
K. Shannon gave us a general theory of cryptography, which is the basis of steganography as a science. In modern computer steganography, there are two main types of files: a message - a file that is intended to be hidden, and a container file that can be used to hide a message in it. There are two types of containers. An original container (or "Empty" container) is a container that does not contain hidden information. A Result Container (or “Filled” Container) is a container that contains hidden information. A key is understood as a secret element that determines the order of entering a message into a container.
The main provisions of modern computer steganography are as follows:
1. Hiding methods must ensure the authenticity and integrity of the file.
2. It is assumed that the enemy is fully aware of the possible steganographic methods.
3. The security of methods is based on the preservation of the main properties of an openly transmitted file by the steganographic transformation when a secret message and some information unknown to the enemy - a key - are entered into it.
4. Even if the fact of hiding a message became known to the enemy through an accomplice, extracting the secret message itself is a complex computational task.
In connection with the growing role of global computer networks, the importance of steganography is becoming more and more important.
Analysis of information sources of the Internet computer network allows us to conclude that at present steganographic systems are actively used to solve the following main tasks:
1. Protection of confidential information from unauthorized access;
2. Overcoming systems of monitoring and management of network resources;
3. Camouflage software;
4. Copyright protection for certain types of intellectual property.
Cryptographic strength (or cryptographic strength) - the ability of a cryptographic algorithm to resist possible attacks on it. The attackers of the cryptographic algorithm use cryptanalysis techniques. An algorithm is considered to be persistent if, for a successful attack, it requires unattainable computing resources from the adversary, an unattainable volume of intercepted open and encrypted messages, or such a disclosure time that after its expiration the protected information will no longer be relevant, etc.
Information protection requirements
The specific requirements for the protection of information that the owner of the information must provide are reflected in the guidance documents of the FSTEC and the FSB of Russia.The documents are also divided into a number of areas:
Protection of information when processing information constituting a state secret;
protection of confidential information (including personal data);
information protection in key systems of information infrastructure.
Specific requirements for the protection of information are defined in the guidance documents of the FSTEC of Russia.
When creating and operating state information systems (and these are all information systems of regional executive authorities), methods and methods of information protection must comply with the requirements of the FSTEC and the FSB of Russia.
Documents defining the procedure for protecting confidential information and protecting information in key information infrastructure systems are marked “For official use”. Documents on the technical protection of information, as a rule, are classified as "secret".
Information protection methods
Information protection in computer systems is ensured by the creation of an integrated protection system.The comprehensive protection system includes:
Legal protection methods;
organizational protection methods;
methods of protection against accidental threats;
methods of protection against traditional espionage and sabotage;
methods of protection against electromagnetic radiation and interference;
methods of protection against unauthorized access;
cryptographic protection methods;
methods of protection against computer viruses.
Among the methods of protection, there are also universal ones, which are basic in the creation of any protection system. These are, first of all, legal methods of information protection, which serve as the basis for the legitimate construction and use of a protection system for any purpose. Organizational methods that are used in any protection system without exception and, as a rule, provide protection against several threats can also be classified as universal methods.
Methods of protection against accidental threats are developed and implemented at the stages of design, creation, implementation and operation of computer systems.
These include:
Creation of high reliability of computer systems;
creation of fault-tolerant computer systems;
blocking erroneous operations;
optimization of the interaction of users and service personnel with the computer system;
minimization of damage from accidents and natural disasters;
duplication of information.
When protecting information in computer systems from traditional espionage and sabotage, the same means and methods of protection are used as for protecting other objects that do not use computer systems.
These include:
Creation of a security system for the facility;
organization of work with confidential information resources;
countering surveillance and eavesdropping;
protection against malicious actions of personnel.
All methods of protection against electromagnetic radiation and interference can be divided into passive and active. Passive methods provide a decrease in the level of a dangerous signal or a decrease in the information content of signals. Active protection methods are aimed at creating interference in the channels of spurious electromagnetic radiation and interference, making it difficult to receive and extract useful information from signals intercepted by an attacker. Electronic components and magnetic storage devices can be affected by powerful external electromagnetic pulses and high frequency radiation. These influences can lead to malfunction of electronic components and erase information from magnetic storage media. To block the threat of such an impact, shielding of the protected means is used.
To protect information from unauthorized access, the following are created:
System of differentiation of access to information;
system of protection against research and copying of software.
The initial information for creating an access control system is the decision of the computer system administrator to allow users to access certain information resources. Since information in computer systems is stored, processed and transmitted by files (parts of files), access to information is regulated at the file level. In databases, access can be regulated to its individual parts according to certain rules. When defining access permissions, the administrator sets the operations that the user is allowed to perform.
The following file operations are distinguished:
Reading (R);
recording;
execution of programs (E).
Write operations have two modifications:
The access subject can be given the right to write with changing the content of the file (W);
permission to append to the file without changing the old content (A).
The protection system against research and copying of software includes the following methods:
Methods that make it difficult to read the copied information;
methods preventing the use of information.
Cryptographic protection of information is understood as such a transformation of the original information, as a result of which it becomes unavailable for familiarization and use by persons who do not have the authority to do so.
According to the type of influence on the initial information, methods of cryptographic transformation of information are divided into the following groups:
Encryption;
shorthand;
coding;
compression.
Malicious programs and, above all, viruses pose a very serious threat to information in computer systems. Knowledge of the mechanisms of action of viruses, methods and means of combating them allows you to effectively organize resistance to viruses, minimize the likelihood of infection and losses from their impact.
Computer viruses are small executable or interpreted programs that propagate and reproduce themselves on computer systems. Viruses can modify or destroy software or data stored in computer systems. In the process of spreading, viruses can modify themselves.
All computer viruses are classified according to the following criteria:
By habitat;
by the method of infection;
according to the degree of danger of harmful influences;
according to the algorithm of functioning.
According to their habitat, computer viruses are divided into:
Network;
file;
bootable;
combined.
The habitat of network viruses are elements of computer networks. File viruses are located in executable files. Boot viruses are in boot sectors external storage devices. Combined viruses are found in several habitats. For example, boot-file viruses.
According to the method of infecting the habitat, computer viruses are divided into:
Resident;
non-resident.
Resident viruses, after their activation, completely or partially move from their environment to the computer's RAM. These viruses, using, as a rule, privileged modes of operation that are allowed only to the operating system, infect the environment and, when certain conditions are met, carry out a malicious function. Non-resident viruses enter the computer's RAM only for the duration of their activity, during which they perform a harmful and infectious function. Then they completely leave the RAM, remaining in the habitat.
According to the degree of danger to the user's information resources, viruses are divided into:
Harmless;
dangerous;
very dangerous.
However, such viruses do cause some damage:
They consume the resources of the computer system;
may contain errors that cause dangerous consequences for information resources;
viruses created earlier can lead to violations of the regular system operation algorithm when upgrading the operating system or hardware.
Dangerous viruses cause a significant decrease in the efficiency of a computer system, but do not lead to a violation of the integrity and confidentiality of information stored in storage devices.
Highly dangerous viruses have the following harmful effects:
Cause a violation of the confidentiality of information;
destroy information;
cause irreversible modification (including encryption) of information;
block access to information;
Lead to hardware failure
harm the health of users.
According to the algorithm of functioning, viruses are divided into:
They do not change the habitat during their distribution;
changing the habitat during their distribution.
To combat computer viruses, special anti-virus tools and methods of their application are used.
Antivirus tools perform the following tasks:
Detection of viruses in computer systems;
blocking the operation of virus programs;
elimination of the consequences of exposure to viruses.
Virus detection and blocking of virus programs is carried out by the following methods:
Scanning;
detection of changes;
heuristic analysis;
the use of resident watchmen;
vaccination programs;
hardware and software protection.
Elimination of the consequences of exposure to viruses is carried out by the following methods:
System recovery after exposure to known viruses;
system recovery after exposure to unknown viruses.
Protection of information of Russia
A distinctive feature of modernity is the transition from an industrial society to an informational one, in which information becomes the main resource. In this regard, the information sphere, which is a specific sphere of activity of subjects of public life, associated with the creation, storage, distribution, transmission, processing and use of information, is one of the most important components not only of Russia, but also of the modern society of any developing state.Penetrating into all spheres of society and the state, information acquires specific political, material and value expressions. Given the increasing role of information at the present stage, the legal regulation of public relations arising in information sphere, is a priority direction of the rule-making process in the Russian Federation (RF), the purpose of which is to ensure the information security of the state.
The Constitution of the Russian Federation is the main source of law in the field of information security in Russia.
According to the Constitution of the Russian Federation:
Everyone has the right to inviolability of private life, personal and family secrets, privacy of correspondence, telephone conversations, postal, telegraph and other messages (Article 23);
collection, storage, use and dissemination of information about the private life of a person without his consent is not allowed (Article 24);
everyone has the right to freely search, receive, transfer, produce and distribute information in any legal way, the list of information constituting a state secret is determined by federal law (Article 29);
everyone has the right to reliable information about the state of the environment (art. 42).
The fundamental legislative act in Russia that regulates relations in the information sphere (including those related to the protection of information) is the Federal Law “On Information, Informatization and Information Protection”.
The subject of regulation of this Law is social relations arising in three interrelated directions:
Formation and use of information resources;
creation and use of information technologies and means of their support;
protection of information, rights of subjects participating in information processes and informatization.
The Law provides definitions of the most important terms in the information sphere. According to Article 2 of the Law, information is information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation.
One of the significant achievements of the Law is the differentiation of information resources by access categories. According to the Law, documented information from limited access under the terms of its legal regime, it is subdivided into information classified as a state secret and confidential.
The Law contains a list of information that is prohibited from being classified as information with limited access. These are, first of all, legislative and other normative legal acts that establish the legal status of government bodies, local government bodies, organizations and public associations; documents containing information on emergency situations, ecological, demographic, sanitary-epidemiological, meteorological and other similar information; documents containing information on the activities of state authorities and local self-government bodies, on the use of budgetary funds, on the state of the economy and the needs of the population (with the exception of information classified as state secrets).
The Law also reflects issues related to the procedure for handling personal data, certification of information systems, technologies, means of their support and licensing of activities for the formation and use of information resources.
Chapter 5 of the Law "Protection of information and the rights of subjects in the field of information processes and informatization" is "basic" for Russian legislation in the field of information protection.
The main goals of information protection are:
Prevention of leakage, theft, loss, distortion and falsification of information (any information, including open information, is subject to protection);
prevention of threats to the security of the individual, society and the state (that is, information protection is one of the ways to ensure the information security of the Russian Federation);
protection of the constitutional rights of citizens to maintain personal secrecy and confidentiality of personal data available in information systems;
preservation of state secrets, confidentiality of documented information in accordance with the law.
Despite the fact that the adoption of the Federal Law "On Information, Informatization and Protection of Information" is a definite "breakthrough" in information legislation, this Law has a number of shortcomings:
The law applies only to documented information, that is, already received, objectified and recorded on a carrier.
a number of articles of the Law are of a declarative nature and do not find practical application.
the definitions of some of the terms introduced by Article 2 of the Law are not clearly and unambiguously formulated.
The priority place in the system of legislation of any state is occupied by the institution of state secrets. The reason for this is the amount of damage that can be caused to the state as a result of disclosing information constituting a state secret.
In recent years, legislation in the field of protecting state secrets has developed quite dynamically in the Russian Federation.
The legal regime of state secrets was established by the Law "On state secrets", the first in the history of the Russian state.
This Law is a special legislative act regulating relations arising in connection with the classification of information as a state secret, their declassification and protection.
According to the Law, a state secret is information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation.
Information protection means by the Law include technical, cryptographic, software and other means designed to protect information constituting a state secret, the means in which they are implemented, as well as means of monitoring the effectiveness of information protection.
In order to optimize the types of information related to confidential, the President of the Russian Federation, by his Decree No. 188, approved the List of confidential information, in which six main categories of information are identified:
Personal Information.
Secrecy of the investigation and legal proceedings.
Service secret.
Professional types of secrets (medical, notary, lawyer, etc.).
Trade secret.
Information about the essence of the invention, utility model or industrial design prior to the official publication of information about them.
Currently, none of the listed institutions is regulated at the level of a special law, which, of course, does not contribute to improving the protection of this information.
The main role in the creation of legal mechanisms for the protection of information is played by the state authorities of the Russian Federation.
The President of the Russian Federation is the "guarantor" of the Constitution of the Russian Federation, rights and freedoms (including information) of a person and a citizen, manages the activities of federal executive bodies in charge of security issues, issues decrees and orders on issues, the essence of which is information security and information protection.
The Federal Assembly - the parliament of the Russian Federation, consisting of two chambers - the Federation Council and the State Duma, is the legislative body of the Russian Federation, which forms the legislative framework in the field of information protection. In the structure of the State Duma there is a Committee on Information Policy, which organizes legislative activity in the information sphere. The Committee has developed a Concept of State Information Policy, which contains a section on information legislation. The concept was approved at a meeting of the Permanent Chamber for State Information Policy of the Political Consultative Council under the President of the Russian Federation. In addition, other committees of the State Duma are also involved in the preparation of bills aimed at improving legislation in the field of information protection.
Another body associated with normative legal regulation in the field of information protection is the Security Council of the Russian Federation formed by the President of the Russian Federation.
By Decree of the President of the Russian Federation No. 1037, in order to implement the tasks assigned to the Security Council of the Russian Federation in the field of ensuring the information security of the Russian Federation, an Interdepartmental Commission of the Security Council of the Russian Federation on information security was established, one of the tasks of which is to prepare proposals on the legal regulation of information security and information protection. In addition, the apparatus of the Security Council has prepared a draft Doctrine of Information Security of the Russian Federation in accordance with the National Security Concept of the Russian Federation.
The Interdepartmental Commission for the Protection of State Secrets, formed by Decree of the President of the Russian Federation No. 1108 in order to implement a unified state policy in the field of classifying information, as well as to coordinate the activities of state authorities to protect state secrets in in the interests of the development and implementation of state programs and regulations.
By decisions of the Interdepartmental Commission, draft decrees and orders of the President of the Russian Federation, decisions and orders of the Government of the Russian Federation may be developed.
The decisions of the Interdepartmental Commission for the Protection of State Secrets, adopted in accordance with its powers, are binding on federal government bodies, government bodies of the constituent entities of the Russian Federation, local government bodies, enterprises, institutions, organizations, officials and citizens.
The organizational and technical support for the activities of the Interdepartmental Commission is entrusted to the central office of the State Technical Commission under the President of the Russian Federation (State Technical Commission of Russia).
The State Technical Commission of Russia is one of the main bodies solving information security problems in the Russian Federation.
The legal status of the State Technical Commission of Russia is defined in the Regulations on the State Technical Commission of Russia, approved by Decree of the President of the Russian Federation No. 212, as well as in a number of other regulatory legal acts.
According to the Regulation, the State Technical Commission of Russia is a federal executive body that carries out intersectoral coordination and functional regulation of activities to ensure the protection (by non-cryptographic methods) of information containing information constituting a state or official secret from its leakage through technical channels, from unauthorized access to it, from special influencing information in order to destroy, distort and block it and to counter technical means of intelligence on the territory of the Russian Federation (hereinafter referred to as technical protection of information).
In addition, the State Technical Commission of Russia has prepared a draft Catalog "Security of Information Technologies", which will include the domestic regulatory legal framework in the field of technical protection of information, analysis of foreign regulatory documents on information security, a list of licensees of the State Technical Commission of Russia, a list of certified information security tools and many other interesting information specialists.
The main directions of improving legislation in the field of information security (including those related to information protection) are formulated in the draft Concept for improving the legal support of information security in the Russian Federation, which was developed by a working commission under the apparatus of the Security Council of the Russian Federation.
As for the improvement of the legislation of the constituent entities of the Russian Federation, it will be aimed at forming regional information security systems of the constituent entities of the Russian Federation within the framework of the unified information security system of the Russian Federation.
Thus, despite the fact that a fairly extensive regulatory legal framework in the field of information security and information protection has been formed in the Russian Federation in a fairly short time, there is currently an urgent need for its further improvement.
In conclusion, I would like to emphasize the international cooperation of the Russian Federation in the field of information security.
Taking into account historical experience, the Russian Federation considers the CIS member states as the main partners for cooperation in this area. However, the regulatory framework for information protection within the CIS is not sufficiently developed. It seems promising to carry out this cooperation in the direction of harmonizing the legislative framework of states, their national systems of standardization, licensing, certification and training in the field of information security.
As part of the practical implementation of the Agreement on the Mutual Ensuring the Safety of Interstate Secrets, signed in Minsk, the Government of the Russian Federation concluded a number of international treaties in the field of information protection (with the Republic of Kazakhstan, the Republic of Belarus and Ukraine).
Protection of information from unauthorized access
The use of computers and automated technology poses a number of challenges for managing an organization. Computers, often connected in networks, can provide access to a huge amount of a wide variety of data. Therefore, people worry about the security of information and the risks associated with automation and providing much more access to confidential, personal or other critical data. Electronic storage is even more vulnerable than paper: the data stored on it can be destroyed, copied, and discreetly altered.The number of computer crimes is on the rise - and the scale of computer abuse is also on the rise. According to US experts, the damage from computer crimes is increasing by 35 percent per year. One of the reasons is the amount of money received as a result of the crime: while the damage from an average computer crime is 560 thousand dollars, in a bank robbery it is only 19 thousand dollars.
According to the University of Minnesota in the USA, 93% of companies that lost access to their data for more than 10 days left their business, and half of them declared their insolvency immediately.
The number of employees in the organization with access to computer equipment and information technology, is constantly growing. Access to information is no longer limited to a narrow circle of people from the top management of the organization. The more people gain access to information technology and computer equipment, the more opportunities arise for the commission of computer crimes.
Anyone can be a computer criminal.
The typical computer criminal is not a young hacker who uses his phone and home computer to gain access to large computers. A typical computer criminal is an employee who is allowed access to a system of which he is a non-technical user. In the United States, computer crimes committed by employees account for 70-80 percent of the annual computer-related damage.
Signs of computer crimes:
Unauthorized use of computer time;
unauthorized attempts to access data files;
theft of computer parts;
stealing programs;
physical destruction of equipment;
destruction of data or programs;
unauthorized possession of floppy disks, tapes or printouts.
These are just the most obvious signs to look out for when detecting computer crimes. Sometimes these signs indicate that a crime has already been committed or that protective measures are not being followed. They can also indicate the presence of vulnerabilities and indicate where the security hole is. While signs can help uncover crime or abuse, safeguards can help prevent it.
Information protection is an activity to prevent the loss and leakage of protected information.
Information security refers to measures to protect information from unauthorized access, destruction, modification, disclosure and delays in access. Information security includes measures to protect the processes of data creation, input, processing and output.
Information security ensures that the following goals are achieved:
Confidentiality of critical information;
integrity of information and related processes (creation, input, processing and output);
the availability of information when it is needed;
accounting of all processes related to information.
Critical data refers to data that requires protection due to the likelihood of damage and its magnitude in the event that there is an accidental or intentional disclosure, modification, or destruction of data. Critical data also includes data that, if misused or disclosed, can adversely affect an organization's ability to meet its objectives; personal data and other data, the protection of which is required by decrees of the President of the Russian Federation, laws of the Russian Federation and other by-laws.
Any security system, in principle, can be opened. Such protection is considered effective, the cost of breaking into which is commensurate with the value of the information obtained in this case.
With regard to the means of protection against unauthorized access, seven security classes (1 - 7) of computer equipment and nine classes (1A, 1B, 1V, 1G, 1D, 2A, 2B, 3A, 3B) of automated systems are defined. For computer equipment, the lowest is class 7, and for automated systems - 3B.
There are four levels of protection for computer and information resources:
Prevention assumes that only authorized personnel have access to protected information and technology.
Detection involves the early detection of crime and abuse, even if safeguards have been circumvented.
The restriction reduces the amount of losses if a crime does occur, despite measures to prevent and detect it.
Recovery provides efficient re-creation of information with documented and validated recovery plans.
Security measures are measures imposed by management to ensure the security of information. Protection measures include the development of administrative guidance documents, the installation of hardware devices or additional software, the main purpose of which is to prevent crime and abuse.
The formation of an information security regime is a complex problem. Measures for its solution can be divided into four levels:
Legislative: laws, regulations, standards, etc .;
- administrative: general actions taken by the management of the organization;
- procedural: specific security measures dealing with people;
- software and hardware: specific technical measures.
Currently, the most detailed legislative document in Russia in the field of information security is the Criminal Code. In the section "Crimes against public security" there is a chapter "Crimes in the field computer information". It contains three articles -" Illegal access to computer information "," Creation, use and distribution of malicious programs for computers "and" Violation of the rules for the operation of computers, computer systems or their networks. "The Criminal Code guards all aspects of information security - availability, integrity, confidentiality, providing for penalties for "destruction, blocking, modification and copying of information, disruption of the operation of computers, computer systems or their networks."
Let's consider some measures of information security protection of computer systems.
User Authentication
This measure requires users to follow the logon procedures to the computer, using this as a means of identification at the beginning of work. To authenticate the identity of each user, you need to use unique passwords that are not combinations of user personal data for the user. It is necessary to put in place security measures when administering passwords and educate users about the most common mistakes that can lead to computer crime. If your computer has a built-in standard password, be sure to change it.
An even more reliable solution consists in organizing access control to the premises or to a specific computer in the network using identification plastic cards with an embedded microcircuit - the so-called microprocessor cards (smart - cards). Their reliability is primarily due to the impossibility of copying or counterfeiting in an artisanal way. Installation of a special reader for such cards is possible not only at the entrance to the premises where computers are located, but also directly at workstations and network servers.
There are also various devices for identifying a person using biometric information - by the iris of the eye, fingerprints, the size of the hand, etc.
Password protection
The following rules are useful for password protection:
You cannot share your password with anyone;
the password must be hard to guess;
to create a password, you need to use lowercase and uppercase letters, or even better, let the computer generate the password itself;
it is not recommended to use a password that is an address, a pseudonym, a relative's name, phone number or something obvious;
it is preferable to use long passwords, since they are more secure; it is best to have a password of 6 or more characters;
the password should not be displayed on the computer screen when you enter it;
passwords should not appear on printouts;
you cannot write passwords on a table, wall or terminal, it must be kept in memory;
the password needs to be changed periodically and not on schedule;
the most reliable person should be the password administrator;
it is not recommended to use the same password for all employees in the group;
when an employee leaves, it is necessary to change the password;
employees must sign for receiving passwords.
An organization dealing with critical data should develop and implement authorization procedures that determine which users should have access to certain information and applications.
The organization should establish such a procedure in which the permission of certain superiors is required to use computer resources, obtain permission to access information and applications, and obtain a password.
If information is processed on a large computing center, then it is necessary to control the physical access to computing equipment. Techniques such as magazines, locks and passes, and security may be appropriate. The information security officer must know who has the right to access rooms with computer equipment and expel unauthorized persons from there.
Precautions when working
Disable unused terminals;
close the rooms where the terminals are located;
maximize computer screens so that they are not visible from the side of doors, windows and other places that are not controlled;
install special equipment that limits the number of unsuccessful access attempts, or makes a callback to verify the identity of users using phones to access a computer;
use terminal shutdown programs after a certain period of non-use;
turn off the system during non-working hours;
use systems that allow, after a user logs on to the system, to inform him of the time of his last session and the number of unsuccessful attempts to establish a session after that. This will make the user a part of the log checking system.
Physical security
Protected computer systems need to take measures to prevent, detect and minimize damage from fire, flooding, environmental pollution, high temperatures and power surges.
Fire alarms and extinguishing systems should be checked regularly. The PC can be protected with covers so that they are not damaged by the fire extinguishing system. Flammable materials should not be stored in these rooms with computers.
Indoor temperature can be controlled by air conditioners and fans, as well as good ventilation in the room. Excessive temperature problems can occur in the racks of peripheral equipment or due to the closure of the ventilation hole in terminals or PCs, so they should be checked regularly.
It is advisable to use air filters to help clean the air of substances that can harm computers and disks. Smoking, eating and drinking near the PC should be prohibited.
Computers should be located as far away as possible from sources of large quantities of water, such as pipelines.
Protection of information carriers (original documents, tapes, cartridges, disks, printouts)
Maintain, control and check registers of information carriers;
educate users on the correct methods of cleaning and destroying information carriers;
make marks on information carriers, reflecting the level of criticality of the information they contain;
destroy media in accordance with the organization's plan;
bring all governing documents to the attention of employees;
store discs in envelopes, boxes, metal safes;
do not touch the surfaces of discs that carry information;
carefully insert discs into the computer and keep them away from sources of magnetic field and sunlight;
remove discs and tapes that are not currently being handled;
keep discs laid out on shelves in a specific order;
do not give carriers of information with critical information to unauthorized people;
discard or give away damaged disks with critical information only after demagnetizing them or a similar procedure;
destroy critical information on disks by demagnetizing or physically destroying them in accordance with the order in the organization;
Dispose of printouts and ink ribbons from printers containing critical information in accordance with organizational procedures;
secure printouts of passwords and other information that allows you to access your computer.
Choosing reliable equipment
The performance and fault tolerance of the information system largely depends on the health of the servers. If it is necessary to ensure round-the-clock uninterrupted operation of the information system, special fault-tolerant computers are used, that is, those whose failure of a separate component does not lead to a machine failure.
The reliability of information systems is also negatively affected by the presence of devices assembled from low-quality components and the use of unlicensed software. Excessive savings on staff training, the purchase of licensed software and high-quality equipment leads to a decrease in uptime and significant costs for subsequent system recovery.
Sources of uninterruptible power supply
A computer system is energy-intensive, and therefore the first condition for its functioning is an uninterrupted supply of electricity. Uninterruptible power supplies for servers and, if possible, for all local workstations should become a necessary part of the information system. It is also recommended to back up the power supply using different city substations. For a radical solution to the problem, you can install backup power lines from the organization's own generator.
Develop adequate business continuity and recovery plans
The purpose of business continuity and recovery plans is to ensure that users can continue to fulfill their most important responsibilities in the event of an information technology failure. Maintenance personnel must know how to proceed with these plans.
Business Continuity and Recovery Plans (OPPs) should be written, reviewed and communicated regularly to staff. The plan's procedures should be adequate for the level of security and criticality of the information. The NRM plan can be applied in an environment of confusion and panic, so regular training of employees should be carried out.
Backup
One of the key aspects of disaster recovery is backing up work programs and data. In local networks where several servers are installed, most often the backup system is installed directly into free server slots. In large corporate networks, preference is given to a dedicated dedicated backup server, which automatically archives information from hard disks of servers and workstations at a specific time set by the network administrator, issuing a report on the backup.
For archival information of particular value, it is recommended to provide a security room. Duplicates of the most valuable data should be stored in another building or even in another city. The latter measure makes the data invulnerable in the event of a fire or other natural disaster.
Office duplication, multiplexing and redundancy
In addition to backups, which are performed in the event of an emergency or according to a predetermined schedule, special technologies are used to ensure greater safety of data on hard disks - disk mirroring and the creation of RAID arrays, which are the combination of several hard disks. When recording, information is equally distributed between them, so that if one of the disks fails, the data on it can be restored from the contents of the rest.
Clustering technology assumes that multiple computers function as a single unit. Servers are usually clustered. One of the cluster servers can operate in hot standby mode in full readiness to start performing the functions of the main machine in the event of a failure. A continuation of the clustering technology is distributed clustering, in which several cluster servers, located at a large distance, are connected via a global network.
Distributed clusters are close to the concept of backup offices, focused on ensuring the life of an enterprise when its central premises are destroyed. Back-up offices are divided into cold ones, in which communication wiring is carried out, but there is no equipment, and hot ones, which can be a redundant computer center that receives all information from the central office, branch office, office on wheels, etc.
Reservation of communication channels
In the absence of communication with the outside world and its subdivisions, the office is paralyzed, therefore, the reservation of external and internal communication channels is of great importance. When making redundancy, it is recommended to combine different types of communication - cable lines and radio channels, overhead and underground laying of communications, etc.
As companies turn to the Internet more and more, their business becomes heavily dependent on the functioning of the Internet service provider. Network access providers sometimes experience quite serious disruptions, so it is important to store all important applications on the company's internal network and have contracts with several local providers. You should also consider in advance how to notify strategic customers about a change in email address and require the provider to take measures to ensure the prompt recovery of its services after disasters.
Data protection from interception
For any of the three main technologies for transmitting information, there is an interception technology: for cable lines - connecting to a cable, for satellite communications - using an antenna for receiving a signal from a satellite, for radio waves - radio interception. Russian security services divide communications into three classes. The first covers local networks located in the security zone, that is, areas with limited access and shielded electronic equipment and communication lines, and do not have access to communication channels outside of it. The second class includes communication channels outside the security zone, protected by organizational and technical measures, and the third - unprotected public communication channels. The use of communications of the second class significantly reduces the likelihood of data interception.
To protect information in the external communication channel, the following devices are used: scramblers to protect speech information, encryptors for broadcast communications and cryptographic tools that encrypt digital data.
Information leakage protection
Technical leakage channels:1. Visual-optical channels;
2. Acoustic channels;
3. Electromagnetic channels;
4. Material channels;
5. Electronic channels of information leakage.
Protected information is owned and protected in relation to legal documents. When carrying out measures to protect non-state information resources that are bank or commercial secrets, the requirements of regulatory documents are advisory in nature. Information protection regimes for non-state secrets are established by the owner of the data.
Actions to protect confidential data from leakage through technical channels are one of the parts of the measures at the enterprise to ensure information security. Organizational actions to protect information from leaks through technical channels are based on a number of recommendations when choosing premises where work will be carried out to preserve and process confidential information. Also, when choosing technical means of protection, you must first of all rely on certified products.
When organizing measures to protect the leakage of technical information channels at the protected object, the following stages can be considered:
Preparatory, pre-project;
STZI design;
The stage of putting into operation the protected object and the system of technical protection of information.
The first stage involves preparation for the creation of a system of technical protection of information at the protected objects.
When examining possible technical leakage flows at the facility, the following are studied:
The plan of the adjacent area to the building within a radius of 300 m.
A plan for each floor of the building with a study of the characteristics of walls, finishes, windows, doors, etc.
Schematic diagram of grounding systems for electronic objects.
The layout of the communications of the entire building, together with the ventilation system.
Power supply plan of the building showing all panels and the location of the transformer.
Plan-diagram of Telephone networks.
Schematic diagram of fire and burglar alarms with indication of all sensors.
Having learned the leakage of information as an uncontrolled exit of confidential data outside the boundaries of the circle of persons or an organization, we will consider how such a leak is implemented. At the heart of such a leak is the uncontrolled removal of confidential data by means of light, acoustic, electromagnetic or other fields or material carriers. Whatever the different reasons for the leaks, they have a lot in common. As a rule, the reasons are associated with gaps in the norms of preserving information and violations of these norms.
Information can be transmitted either by substance or by field. A person is not considered as a carrier, he is a source or subject of relations. A person takes advantage of different physical fields that create communication systems. Any such system has components: a source, a transmitter, a transmission line, a receiver and a receiver. Such systems are used every day in accordance with their intended purpose and are the official means of data exchange. Such channels provide and control for the secure exchange of information. But there are also channels that are hidden from prying eyes, and through them they can transfer data that should not be transferred to third parties.
To create a leakage channel, certain temporal, energy and spatial conditions are needed that facilitate the reception of data on the side of the attacker.
Leakage channels can be divided into:
Acoustic;
visual optical;
electromagnetic;
material.
Visual optical channels
Such channels are usually remote monitoring. Information acts as a light that comes from a source of information.
Methods of protection against visual leakage channels:
Reduce the reflective characteristics of the protected object;
arrange objects in such a way as to exclude reflection to the sides of the potential location of the attacker;
reduce the illumination of the object;
apply masking methods and others to mislead the attacker;
use barriers.
Acoustic channels
In such channels, the carrier has sound that lies in the ultra range (more than 20,000 Hz). The channel is realized through the propagation of an acoustic wave in all directions. As soon as there is an obstacle in the path of the wave, it activates the oscillatory mode of the obstacle, and the sound can be read from the obstacle. Sound propagates in different ways in different propagation media.
Protection from acoustic channels is primarily an organizational measure. They imply the implementation of architectural and planning, regime and spatial measures, as well as organizational and technical active and passive measures. Architectural and planning measures implement certain requirements at the stage of building design. Organizational and technical methods imply the implementation of sound-absorbing means. Examples are materials such as cotton wool, carpets, foam concrete, etc. They have a lot of porous gaps that lead to a lot of reflection and absorption of sound waves. They also use special hermetic acoustic panels. The value of sound absorption A is determined by the coefficients of sound absorption and the dimensions of the surface of which the sound absorption is: A = L * S. The values of the coefficients are known, for porous materials it is 0.2 - 0.8. For concrete or brick, this is 0.01 - 0.03. For example, when treating walls L = 0.03 with porous plaster L = 0.3, the sound pressure decreases by 10 dB.
Sound level meters are used to accurately determine the effectiveness of sound insulation protection. A sound level meter is a device that changes sound pressure fluctuations into readings. Electronic stethoscopes are used to assess the characteristics of the protection of buildings from leaks through vibration and acoustic channels. They listen to sound through floors, walls, heating systems, ceilings, etc. Stethoscope sensitivity in the range from 0.3 to 1.5 v / dB. At a sound level of 34 - 60 dB, such stethoscopes can listen through structures up to 1.5 m thick. If passive protective measures do not help, noise generators can be used. They are placed around the perimeter of the room in order to create their own vibration waves on the structure.
Electromagnetic channels
For such channels, the carrier has electromagnetic waves in the range of 10,000 m (frequency
There are known electromagnetic leakage channels:
With the help of design and technological measures, it is possible to localize some leakage channels using:
Weakening of inductive, electromagnetic communication between elements;
shielding of units and elements of equipment;
filtering signals in power or ground circuits.
Any electronic unit under the influence of a high-frequency electromagnetic field becomes a re-emitter, a secondary source of radiation. This is called intermodulation radiation. To protect against such a leakage channel, it is necessary to prevent the passage of high-frequency current through the microphone. It is implemented by connecting a capacitor with a capacity of 0.01 - 0.05 μF to a microphone in parallel.
Material channels
Such channels are created in a solid, gaseous or liquid state. This is often the waste of the enterprise.
Protection from such channels is a whole range of measures to control the release of confidential information in the form of industrial or production waste.
Development of information security
Ensuring the protection of information has always worried humanity. In the course of the evolution of civilization, the types of information changed, various methods and means were used to protect it.The process of development of means and methods of information protection can be divided into three relatively independent periods:
The first period is determined by the beginning of the creation of meaningful and independent means and methods of information protection and is associated with the emergence of the possibility of fixing information messages on hard media, that is, with the invention of writing. Together with the indisputable advantage of saving and moving data, the problem of keeping secret information that already exists separately from the source of confidential information arose, therefore, almost simultaneously with the birth of writing, such methods of information protection as encryption and hiding appeared.
Cryptography is the science of mathematical methods of ensuring confidentiality (the impossibility of reading information by outsiders) and authenticity (integrity and authenticity of authorship, as well as the impossibility of denial of authorship) of information. Cryptography is one of the oldest sciences, its history goes back several thousand years. In the documents of ancient civilizations, such as India, Egypt, Mesopotamia, there is information about the systems and methods of composing cipher letters. In the ancient religious books of India, it is indicated that the Buddha himself knew several dozen ways of writing, among which there were permutation ciphers (according to modern classification). One of the oldest cipher texts from Mesopotamia (2000 BC) is a clay tablet containing a recipe for making glaze in pottery, which ignored some vowels and consonants and used numbers instead of names.
At the beginning of the 19th century, cryptography was enriched by a remarkable invention. Its author is a statesman, first secretary of state, and then president of the United States, Thomas Jefferson. He called his encryption system "disk cipher". This cipher was implemented using a special device, which was later called the Jefferson cipher. The construction of the encoder can be briefly described as follows. The wooden cylinder is cut into 36 discs (in principle, the total number of discs can be different). These discs are mounted on one common axle so that they can independently rotate on it. All the letters of the English alphabet were written in random order on the side surfaces of each disc. The order of letters on each disc is different. On the surface of the cylinder, there was a line parallel to its axis. During encryption, the plaintext was divided into groups of 36 characters, then the first letter of the group was fixed by the position of the first disk along the dedicated line, the second - by the position of the second disk, etc. The ciphertext was formed by reading a sequence of letters from any line parallel to the selected one. The reverse process was carried out on a similar encoder: the resulting ciphertext was written out by turning the disks along a dedicated line, and the plaintext was searched for among lines parallel to it by reading a meaningful possible option... The Jefferson Cipher implements the previously known poly-alphabetic substitution cipher. Parts of its key are the order of the letters on each disk and the order of those disks on a common axis.
The second period (approximately from the middle of the 19th century) is characterized by the emergence of technical means of information processing and transmission of messages using electrical signals and electromagnetic fields (for example, telephone, telegraph, radio). In this regard, there were problems of protection from the so-called technical leakage channels (spurious emissions, pickups, etc.). To ensure the protection of information in the process of transmission over telephone and telegraph communication channels, methods and technical means have appeared that make it possible to encrypt messages in real time. Also during this period, the technical means of reconnaissance were actively developing, multiplying the possibilities of industrial and state espionage. Huge, ever-increasing losses of enterprises and firms contributed to scientific and technological progress in the creation of new and improvement of old means and methods of information protection.
The most intensive development of these methods falls on the period of mass informatization of society (third period). It is associated with the introduction of automated information processing systems and is measured over a period of more than 40 years. In the 60s. in the West, a large number of open publications began to appear on various aspects of information security. Such attention to this problem was primarily caused by the increasing financial losses firms and government organizations from crimes in the computer sphere.
Protection of personal information
According to Art. 3 of the Law, this is any information relating to a specific or determined on the basis of such information an individual, including his last name, first name, patronymic, year, month, date and place of birth, address, family, social, property status, education, profession , income, other information (including phone number, email address etc.).In which case your right to personal data protection is violated:
1) If the management organization in your house has posted a list of debtors, indicating the last name, first name, patronymic, address of the citizen and the amount owed;
2) If such information is posted on the Internet without your written permission;
3) If strangers call you at home, call you by name and offer services or goods (conduct a sociological survey, make spam calls, ask how you feel about Navalny, etc.) - you did not indicate your address anywhere and telephone;
4) If the newspaper published your information as an example of the results of the work on the population census;
5) In any other case when your personal information became known to third parties, if you did not provide it.
If your phone is in the phone book, the address in the directory with your permission is not a violation.
The essence of information protection
Information protection necessitates a systematic approach, i.e. here one cannot be limited to individual events. A systematic approach to information protection requires that the means and actions used to ensure information security - organizational, physical and software-technical - should be considered as a single set of interrelated complementary and interacting measures. One of the main principles of a systematic approach to information protection is the principle of "reasonable sufficiency", the essence of which is: one hundred percent protection does not exist under any circumstances, therefore, it is worth striving not to the theoretically maximum achievable level of protection, but to the minimum necessary in given specific conditions and given level of possible threat.Unauthorized access - reading, updating or destroying information in the absence of appropriate authority to do so.
The problem of unauthorized access to information has become aggravated and acquired particular importance in connection with the development of computer networks, primarily the global Internet.
To successfully protect their information, the user must have an absolutely clear idea of the possible ways of unauthorized access.
Let's list the main typical ways of unauthorized obtaining of information:
Theft of media and industrial waste;
- copying of information carriers with overcoming protection measures;
- disguise as a registered user;
- hoax (disguise for system requests);
- using the shortcomings of operating systems and programming languages;
- the use of software bookmarks and software blocks of the "Trojan horse" type;
- interception of electronic emissions;
- interception of acoustic emissions;
- remote photography;
- the use of eavesdropping devices;
- malicious disabling of protection mechanisms, etc.
To protect information from unauthorized access, the following are used: organizational measures, hardware, software, cryptography.
Organizational activities include:
Passage mode;
- storage of media and devices in a safe (floppy disks, monitor, keyboard, etc.);
- restriction of access of persons to computer rooms, etc.
Technical means include various hardware methods for protecting information:
Filters, screens for equipment;
- key to lock the keyboard;
- Authentication devices - for reading fingerprints, hand shape, iris, printing speed and techniques, etc .;
- electronic keys on microcircuits, etc.
Information security software is created as a result of the development of special software that would not allow an unauthorized person who is not familiar with this type of protection to receive information from the system.
The software includes:
Password access - setting user rights;
- lock the screen and keyboard, for example, using a keyboard shortcut in the Diskreet utility from the Norton Utilites package;
- the use of BIOS password protection tools on the BIOS itself and on the PC as a whole, etc.
A cryptographic method of protecting information means its encryption when entered into a computer system.
In practice, combined methods of protecting information from unauthorized access are usually used.
Among the network security mechanisms, the following are usually distinguished:
Encryption;
- access control;
- digital signature.
Information security objects
The object of information protection is a computer system or an automated data processing system (ASOD). Until recently, the term ASOD was used in works devoted to the protection of information in automated systems, which is increasingly being replaced by the term KS. What is meant by this term?A computer system is a complex of hardware and software designed for the automated collection, storage, processing, transmission and reception of information. Along with the term “information”, the term “data” is often used in relation to the COP. Another concept is also used - "information resources". In accordance with the law of the Russian Federation "On Information, Informatization and Information Protection", information resources are understood as individual documents and individual arrays of documents in information systems (libraries, archives, funds, data banks and other information systems).
The concept of KS is very broad and it covers the following systems:
Computers of all classes and purposes;
computing complexes and systems;
computer networks(local, regional and global).
Such a wide range of systems is united by one concept for two reasons: first, for all these systems, the main problems of information security are common; second, smaller systems are elements of larger systems. If the protection of information in any systems has its own characteristics, then they are considered separately.
The subject of protection in the COP is information. The material basis for the existence of information in the CS are electronic and electromechanical devices (subsystems), as well as computer media. With the help of input devices or data transmission systems (SPD), information enters the CS. In the system, information is stored in memory devices (memory) of various levels, converted (processed) by processors (PC) and output from the system using output devices or SPD. As machine media, paper, magnetic tapes, and various types of disks are used. Previously, paper cards and punched tapes, magnetic drums and cards were used as machine information carriers. Most types of machine storage media are removable, i.e. can be removed from the devices and used (paper) or stored (tapes, discs, paper) separately from the devices. Thus, in order to protect information (ensure information security) in the CS, it is necessary to protect devices (subsystems) and machine media from unauthorized (unauthorized) influences on them.
However, such consideration of the COP from the point of view of information protection is incomplete. Computer systems belong to the class of man-machine systems. Such systems are operated by specialists (service personnel) in the interests of users. Moreover, in recent years, users have the most direct access to the system. In some CS (for example, a PC), users perform the functions of service personnel. Service personnel and users are also carriers of information. Therefore, it is necessary to protect not only devices and media from unauthorized influences, but also service personnel and users.
When solving the problem of protecting information in the COP, it is also necessary to take into account the inconsistency of the human factor of the system. Service personnel and users can be both an object and a source of unauthorized influence on information.
The concept of "object of protection" or "object" is often interpreted in a broader sense. For concentrated CS or elements of distributed systems, the concept of "object" includes not only information resources, hardware, software, service personnel, users, but also premises, buildings, and even the territory adjacent to buildings.
One of the basic concepts of the theory of information security are the concepts of "information security" and "protected computer systems". Security (security) of information in a CS is a state of all components of a computer system, which ensures the protection of information from possible threats at the required level. Computer systems that ensure the security of information are called secure.
Information security in the CS (information security) is one of the main areas of ensuring the security of the state, industry, department, government organization or private company.
Information security is achieved by the management of an appropriate level of information security policy. The main document on the basis of which the information security policy is carried out is the information security program. This document is developed and adopted as an official guiding document by the supreme governing bodies of the state, department, organization. The document contains the goals of the information security policy and the main directions for solving the problems of information protection in the CS. Information security programs also contain general requirements and principles for building information security systems in a CS.
The information protection system in the CS is understood as a unified set of legal norms, organizational measures, technical, software and cryptographic means that ensure the security of information in the CS in accordance with the adopted security policy.
Software protection of information
Information security software is a system of special programs included in the software that implement information security functions.Information security software:
Built-in information security tools.
Antivirus program (antivirus) - a program for detecting computer viruses and treating infected files, as well as for prophylaxis - preventing the infection of files or the operating system with malicious code.
Specialized software tools for protecting information from unauthorized access have generally better capabilities and characteristics than built-in tools. In addition to encryption programs and cryptographic systems, there are many other external information security tools available.
Firewalls (also called firewalls or firewalls). Special intermediate servers are created between the local and global networks, which inspect and filter all traffic of the network / transport layers passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger completely. A more secure version of the method is masquerading, when all traffic outgoing from the local network is sent on behalf of the firewall server, making the local network almost invisible.
Proxy-servers (proxy - power of attorney, trusted person). All network / transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java code, and JavaScript).
VPN (virtual private network) allows you to transfer sensitive information over networks in which it is possible for unauthorized people to eavesdrop on traffic. Technologies used: PPTP, PPPoE, IPSec.
