Information security software and hardware. Hardware and software for information security of the enterprise Software protection includes

Under information security software understand special programs included in the KS software exclusively for performing protective functions.

The main software tools for protecting information include:

Programs for identification and authentication of users of the COP;

Programs for delimiting user access to the resources of the COP;

Information encryption programs;

Programs for the protection of information resources (system and application software, databases, computer teaching aids, etc.) from unauthorized modification, use and copying.

Note that under identification, in relation to providing information security KS, understand the unambiguous recognition of the unique name of the subject of the KS. Authentication means confirmation that the presented name corresponds to the given subject (confirmation of the authenticity of the subject).

Examples of auxiliary software for information protection:

Programs for the destruction of residual information (in blocks of RAM, temporary files, etc.);

Audit programs (maintaining logs) of events related to the safety of the compressor station to ensure the possibility of recovery and proof of the fact of these events;

Programs for simulating work with an offender (distracting him to receive allegedly confidential information);

Test programs for monitoring the security of the CS, etc.

The advantages of information security software include:

Ease of replication;

Flexibility (the ability to customize for various conditions of use, taking into account the specifics of threats to information security of specific CS);

Ease of use - some software tools, for example encryption, work in a "transparent" (invisible to the user) mode, while others do not require any new (compared to other programs) skills from the user;

Almost unlimited opportunities for their development by making changes to take into account new threats to information security.

Rice. 1.1 An example of a docked security software

Rice. 1.2. An example of built-in information security software

The disadvantages of information security software include:

Reducing the efficiency of the COP due to the Consumption of its resources required for the functioning of protection programs;

Poor performance (compared to hardware protections that perform similar functions, such as encryption);

The docking of many software protection tools (and not their embeddedness in the CS software, Fig. 1.1 and 1.2), which creates a fundamental possibility for an intruder to bypass them;

Possibility of malicious change of software protection means during the operation of the CS.

2.2.4 "User Authentication"

User authentication based on passwords and handshake model

When choosing passwords, users of the COP should be guided by two, in fact, mutually exclusive rules - passwords should be difficult to guess and easy to remember (since the password should never be written down anywhere, since in this case it will be necessary to additionally solve the problem of protecting the password carrier).

The difficulty of guessing a password is determined, first of all, by the cardinality of the set of characters used when choosing a password. (N), and the minimum possible password length (To). In this case, the number of different passwords can be estimated from below as C p = N k. For example, if the set of password characters form lowercase Latin letters, and the minimum password length is 3, then C p = 26 3 = 17576 (which is quite a bit for software selection). If the set of password characters consists of lowercase and uppercase Latin letters, as well as numbers, and the minimum password length is 6, then C p = 62 6 = 56800235584.

The complexity of the passwords chosen by the users of the CS should be set by the administrator when implementing the security policy established for the given system. Other account policy settings when using password authentication should be:

Maximum password validity period (any secret cannot be kept secret forever);

Mismatch of the password with the logical username under which it is registered in the COP;

Non-repeatability of passwords for one user.

The requirement for non-repeatable passwords can be implemented in two ways. First, you can set the minimum password validity period (otherwise, a user who is forced to change his password after the expiration date will be able to immediately change the password to the old one). Secondly, you can maintain a list of passwords already used by a given user (the maximum length of the list can be set by the administrator).

Unfortunately, it is almost impossible to ensure the real uniqueness of each new user-selected password using the above measures. The user can, without violating the established restrictions, select the passwords "Al", "A2", ... where A1 is the first user password that meets the complexity requirements.

An acceptable degree of password complexity and their real uniqueness can be ensured by assigning passwords to all users by the administrator of the COP while simultaneously prohibiting the user from changing the password. To generate passwords, the administrator can use a software generator that allows you to create passwords of varying complexity.

However, with this method of assigning passwords, problems arise associated with the need to create a secure channel to transfer the password from the administrator to the user, the difficulty of verifying that the user does not save the selected password only in his memory, and the potential ability of the administrator, knowing passwords all users, abuse of their powers. Therefore, it is most expedient for the user to select a password based on the rules set by the administrator with the ability to set a new password by the administrator in case he has forgotten his password.

Another aspect of the KS user account policy should be the determination of the system's resistance to attempts to guess passwords.

The following rules may apply:

Limiting the number of login attempts;

Hiding the logical name of the last logged in user (knowing the logical name can help the intruder to guess or guess his password);

Records all login attempts (successful and unsuccessful) in the audit log.

The system's reaction to an unsuccessful user login attempt can be:

Blocking the account under which the login attempt is made when the maximum possible number of attempts is exceeded (for a specified time or until the administrator manually unlocks the block);

A progressive increase in the time delay before the user is given the next login attempt.

When entering or changing a user's password for the first time, two classic rules usually apply:

The characters of the entered password are not displayed on the screen (the same rule applies to the user entering the password when he logs in to the system);

To confirm that the password has been entered correctly (taking into account the first rule), this entry is repeated twice.

To store passwords, they can be pre-encrypted or hashed.

Password encryption has two disadvantages:

Since it is necessary to use a key during encryption, it is required to ensure its secure storage in the CS (knowledge of the password encryption key will allow it to be decrypted and unauthorized access to information is carried out);

There is a danger of decrypting any password and getting it in clear text.

Hashing is an irreversible transformation and knowledge of the hash value of the password will not give an intruder the opportunity to obtain it in clear text (he can only try to guess the password with a known hashing function). Therefore, it is much more secure to store passwords in a hashed form. The disadvantage is that there is not even a theoretical possibility to recover a password forgotten by a user.

Second example is authentication based on handshake models... When registering in the COP, the user is offered a set of small images (for example, icons), among which he must select a given number of pictures. The next time he logs into the system, he is presented with a different set of images, some of which he saw during registration. For correct authentication, the user must mark the pictures that he chose during registration.

Advantages of handshake-based authentication over password authentication:

No confidential information is transferred between the user and the system, which must be kept secret, I

Each subsequent user logon session is different from the previous one, so even long-term monitoring of these sessions will not give anything to an intruder.

The disadvantages of authentication based on the "handshake" model include the longer duration of this procedure compared to password authentication.

Authentication of users by their biometric characteristics

The main biometric characteristics of KS users that can be used for their authentication include:

Fingerprints;

Geometric shape of the hand;

Iris pattern;

Drawing of the retina of the eye;

Geometric shape and size of the face;

The geometric shape and size of the ear, etc.

The most common are software and hardware for user authentication based on their fingerprints. To read these prints, keyboards and mice equipped with special scanners are usually used. The presence of large enough data banks with fingerprints) of citizens is the main reason for the fairly widespread use of such authentication means in government agencies, as well as in large commercial organizations. The disadvantage of such tools is the potential for using users' fingerprints to control their privacy.

If, for objective reasons (for example, due to the pollution of the premises in which the authentication is carried out) it is impossible to obtain a clear fingerprint, then authentication based on the geometric shape of the user's hand can be used. In this case, the scanners can be installed on the wall of the room.

The most reliable (but also the most expensive) are the means of user authentication based on the characteristics of the eye (iris pattern or retinal pattern). The probability of recurrence of these signs is estimated at 10 -78.

The cheapest (but also the least reliable) means of authentication are based on the geometric shape and size of the user's face or on the timbre of his voice. This makes it possible to use these tools for authentication when users remotely access the CS.

The main advantages of user authentication based on their biometric characteristics;

The difficulty of falsifying these signs;

High reliability of authentication due to the uniqueness of such features;

Inseparability of biometric features from the user's personality.

To compare user authentication based on certain biometric characteristics, estimates of the probabilities of errors of the first and second kind are used. The probability of an error of the first kind (denial of access to the COP to a legal user) is 10 -6 ... 10 -3. The probability of an error of the second kind (admission to work in the CS of an unregistered user) in modern biometric authentication systems is 10 -5 ... 10 -2.

A common disadvantage of the means for authenticating CS users in terms of their biometric characteristics is their higher cost compared to other means of authentication, which is primarily due to the need to purchase additional hardware. Authentication methods based on the peculiarities of the user's handwriting and mouse signature do not require the use of special equipment.

User authentication by their keyboard handwriting and mouse signature

S.P. Rastorguev was one of the first to propose the idea of user authentication based on the peculiarities of their work with the keyboard and mouse. When developing a mathematical model of authentication based on the keyboard handwriting of users, it was assumed that the time intervals between pressing the adjacent characters of a key phrase and between pressing specific key combinations in it obey the normal distribution law. The essence of this authentication method is to test the hypothesis about the equality of the distribution centers of two normal general populations (obtained when setting up the system for the characteristics of the user and during his authentication).

Let's consider the option of user authentication by a set of a passphrase (the same in the configuration and authentication modes).

The procedure for tuning to the characteristics of the user registered in the CS:

1) user selection of a key phrase (its characters should be evenly spaced across the keyboard);

2) typing a key phrase several times;

3) elimination of gross errors (according to a special algorithm);

4) calculation and storage of estimates of mathematical expectations, variances and numbers, observations for time intervals between sets of each pair of adjacent characters of the key phrase.

The authenticity of authentication based on the user's keyboard handwriting is lower than when using his biometric characteristics.

However, this method of authentication also has its advantages:

The ability to hide the fact of using additional user authentication, if the passphrase entered by the user is used as a passphrase;

The possibility of implementing this method only with the help of software (reducing the cost of authentication tools).

Now let's look at an authentication method based on mouse painting(with the help of this manipulator, of course, it is impossible to complete the real painting of the user, so this painting will be quite a simple stroke). Let's call the painting line the broken line obtained by connecting the points from the beginning of the painting to its completion (the adjacent points should not have the same coordinates). We calculate the length of the painting line as the sum of the lengths of the segments connecting the points of the painting.

Like authentication based on keyboard handwriting, the authenticity of a user by typing it with a mouse is confirmed primarily by the pace of his work with this input device.

The advantages of authenticating users by typing them with a mouse, like using keyboard handwriting, include the possibility of implementing this method only with the help of software; to the disadvantages - less authenticity of authentication in comparison with the use of biometric characteristics of the user, as well as the need for a fairly confident mastery of the user with the skills of working with the mouse.

A common feature of authentication methods based on keyboard handwriting and mouse painting is the instability of their characteristics for the same user, which can be caused by:

1) natural changes associated with an improvement in the user's skills in working with the keyboard and mouse, or, conversely, with their deterioration due to aging of the body;

2) changes associated with the abnormal physical or emotional state of the user.

Changes in user characteristics caused by reasons of the first kind are not abrupt, therefore, they can be neutralized by changing the reference characteristics after each successful user authentication.

Changes in user characteristics caused by reasons of the second kind can be abrupt and lead to rejection of his attempt to enter the COP. However, this feature of authentication based on keyboard handwriting and mouse painting can also be an advantage when it comes to users of military, energy and financial CS.

A promising direction in the development of authentication methods for CU users based on their personal characteristics can be confirmation of the user's authenticity based on his knowledge and skills that characterize the level of education and culture.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Introduction

1. Means of information protection

2. Hardware information security

2.1 Tasks of information security hardware

2.2 Types of information security hardware

3. Information security software

3.1 Means of archiving information

3.2 Antivirus programs

3.3 Cryptographic tools

3.4 User identification and authentication

3.5 Protection of information in the COP from unauthorized access

3.6 Other information security software

Conclusion

List of sources used

BBeating

With the development and complication of means, methods and forms of automation of information processing processes, the vulnerability of information protection increases.

The main factors contributing to the increase in this vulnerability are:

· A sharp increase in the amount of information accumulated, stored and processed using computers and other automation tools;

· Concentration in common databases of information for various purposes and various accessories;

· A sharp expansion of the circle of users who have direct access to the resources of the computing system and the data located in it;

· Complication of modes of functioning of technical means of computing systems: widespread introduction of multi-program mode, as well as modes of time sharing and real time;

· Automation of machine-to-machine information exchange, including over long distances.

Under these conditions, there are two types of vulnerability: on the one hand, the possibility of destruction or distortion of information (i.e. violation of its physical integrity), and on the other hand, the possibility of unauthorized use of information (i.e. the risk of leakage of restricted information).

The main potential channels of information leakage are:

· Direct theft of media and documents;

· Memorization or copying of information;

· Unauthorized connection to equipment and communication lines or illegal use of "legal" (ie registered) equipment of the system (most often user terminals).

1. Information security tools

Information security means are a set of engineering, electrical, electronic, optical and other devices and devices, instruments and technical systems, as well as other proprietary elements used to solve various problems of information protection, including preventing leakage and ensuring the security of the protected information.

In general, the means of ensuring the protection of information in terms of preventing deliberate actions, depending on the method of implementation, can be divided into groups:

· Hardware(technical means. These are devices of various types (mechanical, electromechanical, electronic, etc.) that solve information security problems with hardware. They either prevent physical penetration, or, if the penetration did take place, access to information, including by means of its disguise. The first part of the problem is solved by locks, window bars, guards, security alarms, etc. The second - by noise generators, power filters, scanning radios and many other devices that "block" potential information leakage channels or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses - lack of flexibility, relatively large volume and weight, high cost.

· Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the protection system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, the ability to modify and develop. Disadvantages - limited network functionality, the use of some of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware).

· Mixed hardware / software implements the same functions as hardware and software separately, and has intermediate properties.

· Organizational funds are made up of organizational and technical (preparation of rooms with computers, laying a cable system, taking into account the requirements of restricting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many diverse problems, are easy to implement, quickly react to unwanted actions in the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.

According to the degree of distribution and availability, software tools are allocated, other tools are used in cases where an additional level of information protection is required.

2. Information security hardware

Hardware protection means include various electronic, electro-mechanical, electro-optical devices. To date, a significant number of hardware for various purposes has been developed, but the following are most widely used:

· Special registers for storing security details: passwords, identifying codes, stamps or secrecy levels;

· Devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him;

· Circuits for interrupting the transmission of information in the communication line in order to periodically check the address of the data delivery.

· Devices for information encryption (cryptographic methods).

To protect the perimeter of the information system, the following are created:

· Security and fire alarm systems;

· Digital video surveillance systems;

· Control and management systems for access.

Protection of information from its leakage by technical communication channels is provided by the following means and measures:

· Use of shielded cable and laying of wires and cables in shielded structures;

· Installation of high-frequency filters on communication lines;

· Construction of shielded rooms ("capsules");

· Use of shielded equipment;

· Installation of active systems of noise;

· Creation of controlled areas.

2.1 Taskshardwareprotection informations

The use of information security hardware allows you to solve the following tasks:

· Carrying out special studies of technical means for the presence of possible channels of information leakage;

· Identification of channels of information leakage at different objects and in premises;

· Localization of information leakage channels;

· Search and detection of means of industrial espionage;

· Counteracting unauthorized access to sources of confidential information and other actions.

By designation, hardware is classified into detection tools, search and detailed measurement tools, active and passive countermeasures. At the same time, in terms of those capabilities, information security tools can be common to values calculated for use by non-professionals in order to obtain general assessments, and professional complexes that allow a thorough search, detection and measurement of all characteristics of industrial espionage tools.

Search equipment can be subdivided into equipment for retrieving information retrieval and researching channels of its leakage.

Professional search equipment, as a rule, is very expensive and requires high qualifications of a specialist working with it. In this regard, organizations that constantly conduct appropriate surveys can afford it. So if you need to conduct a full examination, there is a direct road to them.

Of course, this does not mean that you have to stop using search tools yourself. But the available search tools are quite simple and allow you to carry out preventive measures in the interval between serious search surveys.

2.2 Types of information security hardware

Dedicated storage area network (SAN)(Storage Area Network) provides data with guaranteed bandwidth, eliminates the emergence of a single point of failure of the system, allows almost unlimited scaling both from the side of servers and from the side of information resources. In addition to the popular Fiber Channel technology, iSCSI devices have been increasingly used to implement storage networks.

Disk storage are distinguished by the highest speed of data access due to the distribution of read / write requests across multiple disk drives. The use of redundant components and algorithms in RAID arrays prevents system shutdown due to the failure of any element - thus increasing availability. Availability, one of the information quality indicators, determines the proportion of time during which the information is ready for use, and is expressed as a percentage: for example, 99.999% ("five nines") means that a downtime of the information system for any reason is not allowed during the year. more than 5 minutes. Today's storage solutions are a successful combination of large capacity, high speed and affordable cost. Serial ATA and SATA 2.

Tape drives(tape drives, autoloaders and libraries) are still considered the most cost-effective and popular backup solution. They were originally designed for data storage, provide almost unlimited capacity (by adding cartridges), provide high reliability, have a low storage cost, allow you to organize rotation of any complexity and depth, data archiving, evacuation of media to a secure location outside the main office. Since its inception, magnetic tapes have gone through five generations of development, in practice have proven their advantage and are rightfully a fundamental element of the backup practice.

In addition to the technologies discussed, one should also mention the provision of physical data protection (delimitation and control of access to premises, video surveillance, burglar and fire alarms), the organization of uninterrupted power supply to equipment.

Let's take a look at some examples of hardware.

1) eToken- Electronic key eToken is a personal means of authorization, authentication and secure storage of data, hardware supporting the work with digital certificates and electronic digital signature (EDS). eToken is available in USB dongle, smart card, or dongle form factors. The eToken NG-OTP model has a built-in one-time password generator. EToken NG-FLASH has a built-in flash memory module up to 4 GB. The eToken PASS model contains only one-time password generator. The eToken PRO (Java) model implements in hardware the generation of EDS keys and the generation of EDS. Additionally, eToken can have built-in contactless radio tags (RFID tags), which allows the use of eToken also for access to premises.

EToken models should be used to authenticate users and store key information in automated systems that process confidential information up to and including security class 1G. They are recommended carriers of key information for certified cryptographic information protection tools (CryptoPro CSP, Crypto-COM, Domain-K, Verba-OW, etc.)

2) EToken NG-FLASH USB Combo Dongle - one of the information security solutions from Aladdin. It combines the functionality of a smart card with the ability to store large amounts of user data in an embedded module. It combines the functionality of a smart card with the ability to store large user data in an integrated flash memory module. eToken NG-FLASH also provides download capability operating system computer and launch custom applications from flash memory.

Possible modifications:

By the volume of the built-in flash-memory module: 512 MB; 1, 2 and 4 GB;

Certified version (FSTEC of Russia);

By the presence of a built-in radio tag;

By body color.

3. Information security software

Software means are objective forms of presenting a set of data and commands intended for the functioning of computers and computer devices in order to obtain a certain result, as well as materials prepared and recorded on a physical medium obtained in the course of their development, and the audiovisual displays generated by them.

Data protection means that function as part of software are called software. Among them, the following can be distinguished and considered in more detail:

· Means of data archiving;

· Anti-virus programs;

· Cryptographic means;

· Means of identification and authentication of users;

· Means of access control;

· Logging and auditing.

Examples of combinations of the above measures include:

· Protection of databases;

· Protection of operating systems;

· Protection of information when working in computer networks.

3 .1 Information archiving tools

Sometimes backup copies of information have to be performed with a general limited resources for storing data, for example, for owners of personal computers. In these cases, software archiving is used. Archiving is the merging of several files and even directories into a single file - archive, while reducing the total volume of the original files by eliminating redundancy, but without loss of information, that is, with the ability to accurately restore the original files. The majority of archiving tools are based on the use of compression algorithms proposed in the 80s. Abraham Lempel and Jacob Ziv. The most famous and popular are the following archive formats:

· ZIP, ARJ for DOS and Windows operating systems;

· TAR for the Unix operating system;

Cross-platform JAR format(Java ARchive);

· RAR (the popularity of this format is growing all the time, since programs have been developed that allow it to be used in DOS, Windows and Unix operating systems).

The user only needs to choose for himself a suitable program that provides work with the selected format, by assessing its characteristics - speed, compression ratio, compatibility with a large number of formats, user-friendliness of the interface, choice of operating system, etc. The list of such programs is very long - PKZIP, PKUNZIP, ARJ, RAR, WinZip, WinArj, ZipMagic, WinRar and many others. Most of these programs do not need to be specially purchased as they are offered as Shareware or Freeware. It is also very important to establish a regular schedule for such data archiving work, or to carry it out after a major update of data.

3 .2 Antivirus software

NS These are programs designed to protect information from viruses. Inexperienced users usually think that a computer virus is a specially written small program that can "attribute" itself to other programs (that is, "infect" them), as well as perform various unwanted actions on the computer. Specialists in computer virology determine that a mandatory (necessary) property computer virus is the ability to create your own duplicates (not necessarily the same as the original) and embed them in computer networks and / or files, computer system areas and other executable objects. At the same time, duplicates retain the ability for further distribution. It should be noted that this condition is not sufficient, i.e. final. That is why there is still no exact definition of the virus, and it is unlikely that one will appear in the foreseeable future. Consequently, there is no definite law by which “good” files can be distinguished from “viruses”. Moreover, sometimes even for a specific file it is quite difficult to determine whether it is a virus or not.

Computer viruses are a particular problem. This is a separate class of programs aimed at disrupting the system and corrupting data. A number of varieties are distinguished among viruses. Some of them are constantly in the computer's memory, some produce destructive actions with one-time "blows".

There is also a whole class of programs that outwardly are quite decent, but in fact spoil the system. Such programs are called "Trojan horses". One of the main properties of computer viruses is the ability to "multiply" - ie. self-propagation within a computer and a computer network.

Since then, as various office software tools have received the opportunity to work with specially written programs for them (for example, for Microsoft Office, you can write applications in the Visual Basic language), a new kind has appeared malware- MacroViruses. Viruses of this type are distributed along with regular document files, and are contained within them as regular subroutines.

Taking into account the powerful development of communication means and the sharply increased volumes of data exchange, the problem of protecting against viruses is becoming very urgent. In fact, with every document received, for example, by e-mail, a macro virus can be received, and every program that is launched can (theoretically) infect a computer and render the system inoperable.

Therefore, among security systems, the most important direction is the fight against viruses. There are a number of tools specifically designed for this task. Some of them run in scan mode and view the content hard drives and the computer's RAM for viruses. Some, however, must be constantly running and located in the computer's memory. In doing so, they try to keep track of all running tasks.

In the Kazakhstan software market, the most popular was the AVP package developed by the Kaspersky Anti-Virus Systems Laboratory. This is a versatile product that has versions for a variety of operating systems. There are also the following types: Acronis AntiVirus, AhnLab Internet Security, AOL Virus Protection, ArcaVir, Ashampoo AntiMalware, Avast !, Avira AntiVir, A-square anti-malware, BitDefender, CA Antivirus, Clam Antivirus, Command Anti-Malware, Comodo Antivirus, Dr.Web, eScan Antivirus, F-Secure Anti-Virus, G-DATA Antivirus, Graugon Antivirus, IKARUS virus.utilities, Kaspersky Anti-Virus, McAfee VirusScan, Microsoft Security Essentials, Moon Secure AV, Multicore antivirus, NOD32, Norman Virus Control, Norton AntiVirus, Outpost Antivirus, Panda, etc.

Methods for detecting and removing computer viruses.

Methods for countering computer viruses can be divided into several groups:

· Prevention of viral infection and reduction of the expected damage from such infection;

· Methods of using anti-virus programs, including neutralization and removal of a known virus;

Ways to detect and remove an unknown virus:

· Prevention of computer infection;

· Recovery of damaged objects;

· Antivirus programs.

Prevention of computer infection.

One of the main methods of fighting viruses is, as in medicine, timely prevention. Computer prevention involves adherence to a small number of rules, which can significantly reduce the likelihood of a virus infection and loss of any data.

In order to determine the basic rules of computer hygiene, it is necessary to find out the main ways of penetration of the virus into the computer and computer networks.

The main source of viruses today is the global Internet. The greatest number of virus infections occurs when exchanging messages in Word formats. The user of an editor infected with a macro virus, without suspecting it, sends infected letters to recipients, who in turn send new infected letters, etc. Conclusions - contact with suspicious sources of information should be avoided and only legal (licensed) software products should be used.

Recovery of damaged objects

In most cases of virus infection, the procedure for restoring infected files and disks boils down to running a suitable antivirus that can neutralize the system. If the virus is unknown to any antivirus, then it is enough to send the infected file to the antivirus manufacturers and after a while (usually - several days or weeks) get a cure - "update" against the virus. If time does not wait, then you will have to neutralize the virus yourself. Most users need to have backups of their information.

The main breeding ground for the massive spread of a virus in a computer is:

· Weak security of the operating system (OS);

· Availability of varied and fairly complete documentation on OC and hardware used by the authors of viruses;

· Wide distribution of this OS and this "hardware".

3 .3 Cryptographic means

cryptographic archiving antivirus computer

Data encryption mechanisms to ensure the information security of society is the cryptographic protection of information by means of cryptographic encryption.

Cryptographic methods of information protection are used for processing, storing and transmitting information on media and over communication networks. Cryptographic protection of information when transmitting data over long distances is the only reliable encryption method.

Cryptography is the science that studies and describes the information security model of data. Cryptography opens up solutions to many network information security problems: authentication, confidentiality, integrity, and control of interacting participants.

The term "Encryption" means the transformation of data into a form that is not readable for humans and software systems without an encryption-decryption key. Cryptographic information security methods provide information security means, therefore it is part of the information security concept.

Cryptographic information protection (confidentiality)

The goals of information protection ultimately boil down to ensuring the confidentiality of information and protecting information in computer systems in the process of transferring information over the network between users of the system.

Protection of confidential information based on cryptographic protection of information encrypts data using a family of reversible transformations, each of which is described by a parameter called a "key" and an order that determines the order in which each transformation is applied.

The most important component of the cryptographic method of protecting information is the key, which is responsible for the choice of transformation and the order of its execution. A key is a certain sequence of characters that sets up the encryption and decryption algorithm of the cryptographic information protection system. Each such transformation is uniquely determined by a key that defines a cryptographic algorithm that ensures the protection of information and information security of the information system.

The same cryptographic information protection algorithm can work in different modes, each of which has certain advantages and disadvantages that affect the reliability of information security.

Fundamentals of Information Security Cryptography (Data Integrity)

Information protection in local networks and information protection technologies, along with confidentiality, are obliged to ensure the integrity of information storage. That is, the protection of information in local networks must transfer data in such a way that the data remains unchanged during transmission and storage.

In order for information security of information to ensure the integrity of storage and transmission of data, it is necessary to develop tools that detect any distortions of the original data, for which redundancy is added to the original information.

Information security with cryptography solves the issue of integrity by adding some kind of checksum or check combination to calculate the integrity of the data. So, again, the information security model is cryptographic - key-dependent. According to an assessment of information security based on cryptography, the dependence of the ability to read data on a private key is the most reliable tool and is even used in state information security systems.

As a rule, an audit of information security of an enterprise, for example, information security of banks, pays special attention to the likelihood of successfully imposing distorted information, and cryptographic protection of information makes it possible to reduce this probability to a negligible level. Such an information security service calls this probability a measure of the strength of the cipher, or the ability of encrypted data to resist an attack by a hacker.

3 .4 User identification and authentication

Before accessing the resources of the computer system, the user must go through the process of presenting to the computer system, which includes two stages:

* identification - the user tells the system at its request his name (identifier);

* authentication - the user confirms the identification by entering into the system unique information about himself that is not known to other users (for example, a password).

To carry out the procedures for identifying and authenticating a user, you need:

* the presence of an appropriate subject (module) of authentication;

* the presence of an authenticating object that stores unique information for user authentication.

There are two forms of representation of objects that authenticate a user:

* external authenticating object that does not belong to the system;

* an internal object belonging to the system, into which information from an external object is transferred.

External objects can be technically implemented on various storage media - magnetic disks, plastic cards, etc. Naturally, the external and internal forms of presentation of the authenticating object should be semantically identical.

3 .5 Protection of information in the COP from unauthorized access

For unauthorized access, the attacker does not use any hardware or software that is not part of the COP. He performs unauthorized access using:

* knowledge about the COP and the ability to work with it;

* information about the information security system;

* failures, failures of hardware and software;

* mistakes, negligence of service personnel and users.

To protect information from unauthorized access, a system for differentiating access to information is being created. It is possible to obtain unauthorized access to information in the presence of an access control system only in the event of failures and failures of the COP, as well as using weaknesses in the integrated information security system. To exploit security weaknesses, an attacker must be aware of them.

One of the ways to obtain information about the shortcomings of the protection system is to study the protection mechanisms. An attacker can test the protection system by direct contact with it. In this case, there is a high probability that the protection system will detect attempts to test it. As a result, additional security measures can be taken by the security service.

A different approach is much more attractive to an attacker. First, a copy of the security system software or technical security means is obtained, and then they are examined in laboratory conditions. In addition, the creation of unrecorded copies on removable media is one of the most common and convenient ways of stealing information. In this way, unauthorized duplication of programs is carried out. Covertly obtaining a technical means of protection for research is much more difficult than software, and such a threat is blocked by means and methods that ensure the integrity of the technical structure of the CS. To block unauthorized research and copying of information, the COP uses a set of means and measures of protection, which are combined into a system of protection against research and copying of information. Thus, a system for differentiating access to information and a system for protecting information can be considered as subsystems of a system for protecting against unauthorized access to information.

3 .6 Other programsvarious means of information protection

Firewalls(also called firewalls or firewalls - from it. Brandmauer, English firewall - "fire wall"). Special intermediate servers are created between the local and global networks, which inspect and filter all traffic of the network / transport layers passing through them. This allows you to dramatically reduce the threat of unauthorized access from outside to corporate networks but does not completely eliminate this hazard. A more secure version of the method is masquerading, when all traffic outgoing from the local network is sent on behalf of the firewall server, making the local network practically invisible.

Firewalls

Proxy-servers(proxy - power of attorney, trustee). All network / transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java code, and JavaScript).

VPN(virtual private network) allows you to transmit secret information through networks where it is possible for unauthorized people to listen to traffic. Technologies used: PPTP, PPPoE, IPSec.

Conclusion

The main conclusions about the ways of using the above means, methods and measures of protection are as follows:

1. The greatest effect is achieved when all the tools, methods and measures used are combined into a single, holistic mechanism for protecting information.

2. The protection mechanism should be designed in parallel with the creation of data processing systems, starting from the moment the general concept of building the system is developed.

3. The functioning of the protection mechanism should be planned and ensured along with the planning and maintenance of the main processes of automated information processing.

4. It is necessary to carry out constant monitoring of the functioning of the protection mechanism.

WITHlist of used sources

1. "Software and hardware means of ensuring information security of computer networks", V.V. Platonov, 2006

2. “Artificial intelligence. Book 3. Software and Hardware ", V.N. Zakharova, V.F. Horoshevskaya.

3.www.wikipedia.ru

5.www.intuit.ru

Posted on Allbest.ru

Information security tools

In general, the means of ensuring the protection of information in terms of preventing deliberate actions, depending on the method of implementation, can be divided into groups:

Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.) that solve information security problems with hardware. They prevent access to information, including by masking it. Hardware includes: noise generators, surge protectors, scanning radios, and many other devices that "block" potential information leakage channels or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses - lack of flexibility, relatively large volume and weight, high cost.
Software tools include programs for user identification, access control, encryption of information, deletion of residual (working) information such as temporary files, test control of the protection system, etc. The advantages of software are versatility, flexibility, reliability, ease of installation, the ability to modify and develop. Disadvantages - limited network functionality, the use of some of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware).
Mixed hardware / software implements the same functions as hardware and software separately and has intermediate properties.
Organizational means consist of organizational and technical (preparation of rooms with computers, laying of a cable system, taking into account the requirements of restricting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many diverse problems, are easy to implement, quickly react to unwanted actions in the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.

According to the degree of distribution and availability, software tools are allocated, other tools are used in cases where an additional level of information protection is required.

Firewalls (also called firewalls or firewalls - from it. Brandmauer, English firewall - "fire wall"). Special intermediate servers are created between the local and global networks, which inspect and filter all traffic of the network / transport layers passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not completely eliminate this danger. A more secure version of the method is masquerading, when all traffic outgoing from the local network is sent on behalf of the firewall server, making the local network practically invisible.
VPN (virtual private network) allows you to transfer sensitive information over networks in which it is possible for unauthorized people to eavesdrop on the traffic.

Hardware protection means include various electronic, electro-mechanical, electro-optical devices.

To date, a significant number of hardware for various purposes has been developed, but the following are most widely used:

Special registers for storing security details: passwords, identification codes, signature stamps or secrecy levels;
devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him;
circuits for interrupting the transmission of information in the communication line for the purpose of periodically checking the address for issuing data;
devices for encrypting information (cryptographic methods);
trusted computer boot modules.

To protect the perimeter of the information system, the following are created:

Security and fire alarm systems;
digital video surveillance systems;
access control and management systems (ACS).

Protection of information from its leakage by technical communication channels is provided by the following means and measures:

Using a shielded cable and laying wires and cables in shielded structures;
installation of high-frequency filters on communication lines;
construction of shielded rooms ("capsules");
use of shielded equipment;
installation of active noise control systems;
creation of controlled areas.

Information protection of information

The construction of a protection system should be based on the following basic principles:

1. Systematic approach;
2. An integrated approach;
... Reasonable sufficiency of means of protection;
... Reasonable redundancy of protection means;
... Flexibility of management and application;
... Openness of algorithms and protection mechanisms;
... Ease of application of protection, means and measures;
... Unification of means of protection.

The information sphere (environment) is a sphere of activity related to the creation, distribution, transformation and consumption of information. Any information security system has its own characteristics and at the same time must meet general requirements.

The general requirements for an information security system are as follows:

1. The information security system should be presented as something whole. The integrity of the system will be expressed in the presence of a single purpose of its functioning, information connections between its elements, hierarchical structure of the management subsystem of the information security system.
2. The information protection system must ensure the security of information, media and protection of the interests of participants in information relations.
3. The information protection system as a whole, methods and means of protection should be as "transparent" as possible for the user, not create big additional inconveniences for him associated with procedures for accessing information and at the same time be insurmountable for unauthorized access by an attacker to protected information.
4. The information protection system must provide information links within the system between its elements for their coordinated functioning and communication with the external environment, in front of which the system manifests its integrity and acts as a whole.

Thus, ensuring the security of information, including in computer systems, requires the preservation of the following properties:

1. Integrity. The integrity of information lies in its existence in an undistorted form, not changed in relation to some of its initial state.
2. Availability. This property characterizes the ability to provide timely and unimpeded user access to the data of interest.
3. Confidentiality. This is a property indicating the need to impose restrictions on access to it for a certain range of users.

A security threat is understood as a possible danger (potential or real) of the commission of any act (action or inaction) directed against the object of protection (information resources), damaging the owner or user, manifested in the danger of distortion, disclosure or loss of information. The implementation of one or another security threat can be carried out in order to violate the properties that ensure the security of information.

Information security systems

To protect information, an information protection system is created, consisting of a set of bodies and (or) performers, the protection techniques they use, organized and functioning according to the rules established by legal, regulatory and regulatory documents in the field of information protection.

The state information protection system is formed by:

Federal Service for Technical and Export Control (FSTEC of Russia) and its central office;
FSB, MO, SVR, Ministry of Internal Affairs, their structural divisions for information protection;
structural and intersectoral divisions for the protection of information of public authorities;
special centers of FSTEC of Russia;
organizations for the protection of information of public authorities;
leading and leading research, scientific and technical, design and engineering institutions;
enterprises of the defense industries, their divisions for the protection of information;
enterprises specializing in work in the field of information security;
universities, institutes for the training and retraining of specialists in the field of information security.

FSTEC of Russia is a federal executive body that implements state policy, organizes interdepartmental coordination and interaction, special and control functions in the field of state security on:

Ensuring information security in key information infrastructure systems;
counteraction to foreign technical intelligence services;
ensuring the protection of information containing state secrets, not using cryptographic methods;
prevention of information leakage through technical channels, unauthorized access to it;
prevention of special influences on information (its carriers) with the aim of obtaining it, destroying, distorting and blocking access to it.

The President of the Russian Federation is in charge of the activities of the FSTEC of Russia.

Direct management of information protection work is carried out by the heads of state authorities and their deputies.

In the body of state power, technical commissions and intersectoral councils can be created.

The leading and leading research and development organizations of public authorities develop scientific foundations and concepts, projects of normative, technical and methodological documents on information protection. They are responsible for the development and adjustment of models of foreign technical intelligence services.

Enterprises engaged in activities in the field of information security must obtain a license for this type of activity. Licenses are issued by the FSTEC of Russia, the FSB, the SVR in accordance with their competence and on the proposal of a government authority.

The organization of work on the protection of information is entrusted to the heads of organizations. For methodological guidance and control over ensuring the protection of information, an information protection unit can be created or a person responsible (staff or freelance) for information security can be appointed.

The development of the ZI system is carried out by the department for technical protection of information or by those responsible for this area in cooperation with the developers and those responsible for the operation of the ICT facilities. To carry out work on the creation of a ZI system, specialized enterprises that have the appropriate licenses can be involved on a contractual basis.

Work on the creation of the ZI system is carried out in three stages.

At the first stage, the terms of reference for the creation of an information security system is being developed:

A ban is introduced on the processing of secret (service) information at all ICT facilities until the necessary protection measures are taken;
those responsible for organizing and carrying out work on the creation of an information security system are appointed;
subdivisions or individual specialists directly involved in carrying out the specified work are determined, the timing of the commissioning of the ZI system;
analysis of possible technical channels of leakage of classified information is carried out;
a list of protected objects of the ICT is being developed;
categorization of OTSS is carried out, as well as VP;
the security class of the automated systems involved in the processing of secret (service) data is determined;
determined by KZ;
the capabilities of engineering and technical personnel and other sources of threats are assessed;
substantiates the need to attract specialized enterprises to create an information protection system;
a technical assignment (TOR) for the creation of an information security system is being developed.

Development of technical projects for the installation and installation of TSOI is carried out by design organizations licensed by FSTEC.

At stage II:

A list of organizational and technical measures is being developed to protect ICT facilities in accordance with the requirements of the TOR;
the composition of serially produced in a protected version of ICT, certified information security means, as well as the composition of technical means subject to special research and verification, is determined; technical passports for ICT facilities and instructions for ensuring information security at the stage of operation of technical means are being developed.

Stage III includes:

Conducting special studies and special checks of imported OTSS, as well as imported VTSS installed in dedicated premises;
placement and installation of technical means that are part of the ICT facilities;
development and implementation of a permissive system for access to computer technology and automated systems involved in the processing of secret (service) information;
acceptance tests of the information protection system based on the results of its trial operation;
certification of ICT facilities according to information security requirements.

Information security technologies

Along with a positive impact on all aspects of human activity, the widespread introduction of information technology has led to the emergence of new threats to human security. This is due to the fact that the information created, stored and processed by computer technology began to determine the actions of most people and technical systems. In this regard, the possibilities of causing damage associated with theft of information have sharply increased, since it is possible to influence any system (social, biological or technical) in order to destroy it, reduce the efficiency of functioning or steal its resources (money, goods, equipment) only in in the case when information about its structure and principles of operation is known.

All types of information threats can be divided into two large groups:

Failures and malfunctions of software and hardware;
- deliberate threats that are planned in advance by attackers to cause harm.

The following main groups of causes of failures and failures in the operation of computer systems are distinguished:

Violations of the physical and logical integrity of data structures stored in operational and external memory, arising from aging or premature wear of their carriers;
- disturbances arising in the operation of hardware due to their aging or premature wear and tear;
- violations of the physical and logical integrity of data structures stored in the operational and external memory, arising from the incorrect use of computer resources;
- violations arising in the operation of hardware due to misuse or damage, including due to improper use of software;
- unresolved errors in software, not identified during debugging and testing, as well as remaining in hardware after their development.

In addition to natural methods for identifying and timely elimination of the above reasons, the following special methods of protecting information from violations of the performance of computer systems are used:

Introduction of structural, temporary, informational and functional redundancy of computer resources;
- protection against incorrect use of computer system resources;
- identification and timely elimination of errors at the stages of development of software and hardware.

Structural redundancy of computer resources is achieved by backing up hardware components and machine storage media, organizing the replacement of failed and timely replenishment of reserve components. Structural redundancy forms the basis of other types of redundancy.

The introduction of information redundancy is performed by periodic or permanent (background) data backup on the main and backup media. The backed up data provides the recovery of accidentally or intentionally destroyed and distorted information. To restore the operability of a computer system after the appearance of a stable failure, in addition to backing up the usual data, it is necessary to back up system information in advance, as well as prepare recovery software.

Functional redundancy of computer resources is achieved by duplicating functions or introducing additional functions into the software and hardware resources of a computing system to increase its security against failures and failures, for example, periodic testing and recovery, as well as self-testing and self-healing of computer system components.

Protection against incorrect use of information resources lies in the correct functioning of the software from the standpoint of using the resources of a computing system. The program can accurately and timely perform its functions, but it is incorrect to use computer resources due to the lack of all necessary functions (for example, isolating sections of RAM for the operating system and application programs, protecting system areas on external media, maintaining data integrity and consistency).

The identification and elimination of errors in the development of software and hardware is achieved through the high-quality implementation of the basic stages of development based on a systematic analysis of the concept, design and implementation of the project.

However, the main type of threats to the integrity and confidentiality of information are deliberate threats that are planned in advance by cybercriminals to cause harm.

They can be divided into two groups:

Threats, the implementation of which is carried out with the constant participation of a person;
- Threats, the implementation of which, after an attacker has developed the corresponding computer programs, is carried out by these programs without direct human participation.

The tasks for protecting against threats of each type are the same:

Prohibition of unauthorized access (NSD) to the resources of computing systems;
- impossibility of unauthorized use of computer resources when accessing;
- timely detection of the fact of unauthorized actions, elimination of their causes and consequences.

The main way to prohibit unauthorized access to the resources of computing systems is to confirm the authenticity of users and delimit their access to information resources, which includes the following steps:

Identification;
- authentication (authentication);
- determination of powers for subsequent control and delimitation of access to computer resources.

Identification is necessary to provide the computer system with a unique identifier for the user accessing it. The identifier can be any sequence of characters and must be registered in advance with the security administrator.

During the registration process, the following information is entered:

Last name, first name, patronymic (if necessary, other characteristics of the user);
- unique user identifier;
- name of the authentication procedure;
- reference information for authentication (eg password);
- restrictions on the reference information used (for example, password validity time);
- the user's authority to access computer resources.

Authentication (authentication) consists in checking the validity of the user's credentials.

Technical information protection

Engineering and technical protection (ITZ) is a set of special bodies, technical means and measures for their use in order to protect confidential information.

By their functional purpose, the means of engineering and technical protection are divided into the following groups:

1) Physical means, including various means and structures, preventing the physical penetration (or access) of intruders to the objects of protection and to material carriers of confidential information and protecting personnel, material resources, finances and information from unlawful influences.

Physical means include mechanical, electromechanical, electronic, electro-optical, radio and radio engineering and other devices for prohibiting unauthorized access (entry-exit), carrying (taking out) funds and materials and other possible types of criminal actions.

These tools (technical protection of information) are used to solve the following tasks:

1. protection of the territory of the enterprise and supervision over it;
2. protection of buildings, internal premises and control over them;
3. security of equipment, products, finance and information;
4. implementation of controlled access to buildings and premises.

All physical means of protecting objects can be divided into three categories: means of prevention, means of detection and systems of elimination of threats. Burglar alarms and CCTV, for example, are threat detection tools; fences around objects are a means of preventing unauthorized entry into the territory, and reinforced doors, walls, ceilings, bars on windows and other measures serve as protection from both entry and other criminal acts. Extinguishing media are classified as threat elimination systems.

In general, according to the physical nature and functional purpose, all means of this category can be divided into the following groups:

Security and security and fire systems;
security television;
security lighting;
physical protection equipment;
hardware.

This includes devices, devices, fixtures and other technical solutions used in the interests of protecting information. The main task of the hardware is to ensure stable protection of information from disclosure, leakage and unauthorized access through technical means of ensuring production activities;

2) Hardware information security means various technical devices, systems and structures (technical information protection) designed to protect information from disclosure, leakage and unauthorized access.

The use of information security hardware allows you to solve the following tasks:

Conducting special studies of technical means for the presence of possible channels of information leakage;
identification of information leakage channels at various facilities and premises;
localization of information leakage channels;
search and detection of means of industrial espionage;
counteracting unauthorized access to sources of confidential information and other actions.

By designation, hardware is classified into detection tools, search and detailed measurement tools, active and passive countermeasures. At the same time, in terms of technical capabilities, information security tools can be general-purpose, designed for use by non-professionals in order to obtain general assessments, and professional complexes that allow a thorough search, detection and measurement of all characteristics of industrial espionage tools.

Search equipment can be subdivided into equipment for retrieving information retrieval and researching channels of its leakage.

Equipment of the first type is aimed at finding and localizing the means of unauthorized attackers that have already been introduced by attackers. Equipment of the second type is designed to detect information leakage channels. The determining factor for this kind of systems is the efficiency of the study and the reliability of the results obtained. Professional search equipment, as a rule, is very expensive and requires high qualifications of a specialist working with it. In this regard, organizations that constantly conduct appropriate surveys can afford it.

3) Software tools. Information security software is a system of special programs that implement information security functions.

There are the following areas of using programs to ensure the security of confidential information:

Protection of information from unauthorized access;
protection of information from copying;
protection of information from viruses;
software protection of communication channels.

Protection of information from unauthorized access

To protect against intrusion, certain security measures are necessarily provided.

The main functions that must be performed by software are:

Identification of subjects and objects;
differentiation of access to computing resources and information;
control and registration of actions with information and programs.

The identification and authentication procedure involves checking whether the accessor is who he claims to be.

The most common identification method is password authentication. Practice has shown that password protection of data is a weak link, since the password can be eavesdropped or spied on, the password can be intercepted, or even simple to guess.

After completing the identification and authentication procedures, the user gains access to the computer system, and information is protected at three levels: hardware, software, and data.

Copy protection

Copy protection tools prevent the use of illegal copies of the software and are currently the only reliable means of protecting the copyright of developers. Copy protection means means that ensure that the program performs its functions only upon recognition of some unique non-copyable element. Such an element (called a key) can be a specific part of a computer or a special device.

Protection of information from destruction

One of the tasks of ensuring security for all cases of using a computer is to protect information from destruction.

Since the reasons for the destruction of information are very diverse (unauthorized actions, software and hardware errors, computer viruses, etc.), then protective measures are mandatory for everyone who uses a computer.

The danger of computer viruses should be specially noted. A computer virus is a small, rather complex and dangerous program that can multiply independently, attach itself to other people's programs and be transmitted over information networks. A virus is usually created to disrupt your computer different ways- from the "harmless" issue of any message to erasing, destroying files. Antivirus is a program that detects and removes viruses.

4) Cryptographic means are special mathematical and algorithmic means of protecting information transmitted through communication systems and networks, stored and processed on a computer using a variety of encryption methods.

The technical protection of information by transforming it, excluding its reading by unauthorized persons, worried a person for a long time. Cryptography must provide such a level of secrecy that it is possible to reliably protect critical information from decryption by large organizations such as the mafia, multinational corporations and large states. In the past, cryptography was only used for military purposes. However, now, with the emergence of the information society, it becomes a tool for ensuring confidentiality, trust, authorization, electronic payments, corporate security and countless other important things. Why has the problem of using cryptographic methods become especially urgent at the moment? On the one hand, the use of computer networks has expanded, in particular the global Internet network, through which large volumes of information of a state, military, commercial and private nature are transmitted, which does not allow unauthorized persons to access it.

On the other hand, the emergence of new powerful computers, technologies of network and neural computing made it possible to discredit cryptographic systems, which were considered practically undetectable until recently.

Cryptology (kryptos - secret, logos - science) deals with the problem of protecting information by transforming it. Cryptology is divided into two areas - cryptography and cryptanalysis. The goals of these directions are exactly the opposite. Cryptography is concerned with finding and researching mathematical methods for transforming information.

The sphere of interest of cryptanalysis is the study of the possibility of decrypting information without knowing the keys.

Modern cryptography includes 4 major sections:

Symmetric cryptosystems.
Public key cryptosystems.
Electronic signature systems.
Key management.

The main directions of using cryptographic methods are the transfer of confidential information through communication channels (for example, e-mail), the authentication of transmitted messages, the storage of information (documents, databases) on media in encrypted form.

Terminology

Cryptography makes it possible to transform information in such a way that its reading (recovery) is possible only with knowledge of the key.

As information subject to encryption and decryption, texts based on a certain alphabet will be considered. These terms mean the following.

The alphabet is a finite set of characters used to encode information. Text is an ordered collection of alphabetical elements.

Encryption is a transformation process: the original text, which is also called plain text, is replaced by cipher text.

Decryption is the reverse process of encryption. Based on the key, the cipher text is converted to the original one.

The key is the information necessary for unhindered encryption and decryption of texts.

The cryptographic system is a family of T [T1, T2, ..., Tk] transformations of the plain text. Members of this family are indexed, or denoted by the symbol "k"; the parameter to is the key. The key space K is the set of possible key values. Typically, a key is a sequential series of letters of the alphabet.

Cryptosystems are divided into symmetric and public key. In symmetric cryptosystems, the same key is used for both encryption and decryption.

Public key systems use two keys, public and private, which are mathematically related to each other. Information is encrypted using a public key that is available to everyone, and decrypted using a private key known only to the recipient of the message.

The terms key distribution and key management refer to the processes of an information processing system, the content of which is the compilation and distribution of keys among users.

An electronic (digital) signature is a cryptographic transformation attached to the text, which allows, when the text is received by another user, to verify the authorship and authenticity of the message.

Crypto resistance is a characteristic of a cipher that determines its resistance to decryption without knowing the key (i.e., cryptanalysis).

The effectiveness of encryption in order to protect information depends on maintaining the secret of the key and the cryptographic strength of the cipher.

The simplest criterion for such efficiency is the probability of key disclosure or the cardinality of the set of keys (M). Essentially, this is the same as cryptographic strength. To estimate it numerically, you can also use the complexity of decrypting the cipher by enumerating all the keys.

However, this criterion does not take into account other important requirements for cryptosystems:

The impossibility of disclosing or meaningfully modifying information based on an analysis of its structure;
the perfection of the used security protocols;
the minimum amount of key information used;
minimum complexity of implementation (in the number of machine operations), its cost;
high efficiency.

Expert judgment and simulation are often more effective in selecting and evaluating a cryptographic system.

In any case, the selected complex of cryptographic methods should combine both convenience, flexibility and efficiency of use, as well as reliable protection of information circulating in the IS from intruders.

This division of information security means (technical information protection) is rather arbitrary, since in practice they very often interact and are implemented in a complex in the form of software and hardware modules with extensive use of information closure algorithms.

Organization of information protection

Organization of information protection - the content and procedure for ensuring the protection of information.

Information security system - a set of bodies and / or executors, the information security technology they use, as well as objects of protection, organized and functioning according to the rules established by the relevant legal, organizational, administrative and regulatory documents for the protection of information.

Information protection measure - a set of actions for the development and / or practical application of methods and means of information protection.

Measures to control the effectiveness of information protection - a set of actions for the development and / or practical application of methods [methods] and means of control of the effectiveness of information protection.

Information security technology - means of information security, means of monitoring the effectiveness of information security, means and management systems designed to ensure information security.

Object of protection - information or information carrier or information process in respect of which it is necessary to ensure protection in accordance with the stated goal of information protection.

Information protection method - the procedure and rules for the application of certain principles and means of information protection.

Method [method] of monitoring the effectiveness of information protection - the procedure and rules for the application of certain principles and means of monitoring the effectiveness of information protection.

Monitoring the status of information protection - checking the compliance of the organization and the effectiveness of information protection with the established requirements and / or standards in the field of information protection.

Information security means - hardware, software, substance and / or material designed or used to protect information.

Information protection effectiveness control means - hardware, software, substance and / or material designed or used to control the effectiveness of information protection.

Control of the organization of information protection - checking the compliance of the state of the organization, the availability and content of documents with the requirements of legal, organizational, administrative and regulatory documents for the protection of information.

Monitoring the effectiveness of information protection - checking the compliance of the effectiveness of information protection measures with the established requirements or standards for the effectiveness of information protection.

Organizational control of the effectiveness of information protection - checking the completeness and validity of measures to protect information to the requirements of regulatory documents on information protection.

Technical control of the effectiveness of information protection - control of the effectiveness of information protection carried out using control means.

Information - information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation.

Access to information is the receipt by a subject of the opportunity to familiarize himself with information, including with the help of technical means.

Subject of access to information - subject of access: a participant in legal relations in information processes.

Note: Information processes are the processes of creating, processing, storing, protecting against internal and external threats, transferring, receiving, using and destroying information.

Information carrier - an individual, or a material object, including a physical field, in which information is displayed in the form of symbols, images, signals, technical solutions and processes.

Information owner is a subject fully exercising the powers of possession, use, disposal of information in accordance with legislative acts.

Information owner - an entity that owns and uses information and exercises the powers of disposal within the limits of the rights established by law and / or the owner of the information.

User [consumer] of information - a subject using information received from its owner, owner or intermediary in accordance with the established rights and rules of access to information or in violation of them.

Right of access to information - right of access: a set of rules for access to information established by legal documents or the owner, owner of information.

Rule of access to information - an access rule: a set of rules governing the procedure and conditions for a subject's access to information and its carriers.

Information security body - an administrative body that organizes information security.

Data protection information

If you store information on your personal computer or on an external device, make sure that it does not store important information, and if it does, it is reliably protected.

Data encryption

You hear about data encryption almost every day, but it seems that no one uses it. I asked my friends if they use data encryption and none of them encrypt data on their computers and external hard drives. And these are the people who do everything online: from ordering a taxi and ordering food to reading newspapers. The only thing you can do is encrypt your data. It's quite difficult to do it on Windows or Mac, but if you do it once, then you don't have to do anything else.

You can also use TrueCrypt to encrypt data on flash drives and external storage devices. Encryption is necessary so that if someone uses your computer, flash drive or external storage device, then no one will be able to see your files. Without knowing your password, they will not be able to log into the system and will not have access to any files and data that are stored on the disk. This brings us to the next step.

Use strong passwords

Of course, encryption won't cost anything if anyone can just turn on your computer and attack your system until they guess the correct password. Use only a strong password, which consists of a combination of numbers, symbols and letters, so it will be more difficult to guess. There are, of course, ways to work around any questions, but there are things that can help you get around this problem, more on them later.

Two-factor authentication

So, the problem of encryption and complex passwords can still be cracked as long as we send them over the internet. For example, in a cafe, you use wireless Internet and go to a site that does not use the SSL protocol, that is, https in the address bar, at which time a hacker can easily intercept your password through the Wi-fi network.

How can you protect yourself in such a situation? First, don't work on an insecure wireless network or public Wi-fi. This is very risky. Second, there are two authentication factors that can be used. Basically, this means that you need to create two types of information and two passwords to enter the sites and to use the services. Google has two verification systems, and that's great. Even if someone has learned your complex password from Google, they will not be able to access your data until they enter the six-digit code that comes to your smartphone.

Essentially, they need not only your password, but also a smartphone to log in. This protection reduces your chances of being hacked. LastPass also works with Google Authenticator so you don't have to worry about your passwords. You will have one password and access code, which will only be available to you. In order to enter the Facebook system, you will receive an SMS with a code on your phone, which must be entered along with your password. Now your Facebook account will be difficult to hack.

Use Paypal system. There is a special security key there. His concept is this: you need to send an SMS with a code to enter the system. What about a Wordpress blog? It can also use Google Authenticator to protect your site from hackers. The good thing about two-factor authentication is that it's easy to use and the most secure system for protecting your data. Check your favorite sites for two factor authentication.

Secure your network

Another aspect of security is the network that you use to communicate with the outside world. Is this your home wireless network? Are you using WEP or WPA or WPA2? Are you using an insecure network in hotels, airports, or coffee shops? The first thing you want to do is close your secure network, since you spend most of your time at the computer. You want to protect yourself and choose the highest possible security level. Check out my previous article on Wi-Fi wireless encryption.

There are many other things that can be done:

1. turn off broadcast SSID;
2. Enabling MAC-Address Filteirng;
3. Enabling AP Isolation.

You can read about this and other types of security on the Internet. The second thing you want to do (actually maybe the first) is change the username and password used to access your wireless router. It's great if you install WPA2 with AES, but if someone uses the IP address of your router, that is, hacks your username and password, then they can block you from your router.

Fortunately, you can always regain access to your router, but this is a very risky business because someone could log into your router and then access your network. Logging into the router will allow you to see all clients that are connected to the router and their IP addresses. Buying a new wireless router and connecting to it for the first time is not a good idea. Be sure to turn on the firewall on your router and on your computer. This will prevent various applications from entering certain ports on your computer when communicating.

Antivirus software

If a virus or malware gets on your computer, then all your previous actions will be useless. Someone can control the virus and transfer your data to their server. Antivirus is a must today, as is a good habit of scanning your computer.

Information access protection

Unauthorized access is reading, changing or destroying information in the absence of the appropriate authority to do so.

The main typical ways of unauthorized obtaining of information:

Theft of information carriers;
copying of information carriers with overcoming protection measures;
disguise as a registered user;
hoax (disguise as system requests);
exploiting the shortcomings of operating systems and programming languages;
interception of electronic emissions;
interception of acoustic emissions;
remote photography;
the use of eavesdropping devices;
malicious disabling of protection mechanisms.

To protect information from unauthorized access, the following are used:

Organizational activities.
Technical means.
Software.
Cryptography.

1. Organizational activities include:

Access mode;
storage of media and devices in a safe (floppy disks, monitor, keyboard);
restriction of access of persons to computer rooms.

2. Technical means include various hardware methods of information protection:

Filters, screens for equipment;
key to lock the keyboard;
authentication devices - for reading fingerprints, hand shape, iris, printing speed and techniques, etc.

3. Software means of information protection consist in the development of special software that would not allow an outsider to receive information from the system.

Password access;
lock the screen and keyboard using a combination of keys;
use of BIOS password protection (basic input-output system).

4. A cryptographic method of information protection means its encryption when entering a computer system. The essence of this protection is that a certain encryption method (key) is applied to the document, after which the document becomes unavailable for reading by conventional means. Reading a document is possible with a key or using an adequate reading method. If in the process of exchanging information for encryption and reading one key is used, then the cryptographic process is symmetric. The disadvantage is the transfer of the key along with the document. Therefore, in INTERNET, asymmetric cryptographic systems are used, where not one, but two keys are used. For work, 2 keys are used: one is public (public), and the other is private (private). The keys are constructed in such a way that a message encrypted with one half can only be decrypted by the other half. By creating a key pair, the company widely distributes the public key and stores the private key securely.

Both keys represent a kind of code sequence. The public key is published on the company's server. Anyone can encode any message using the public key, and only the owner of the private key can read it after encryption.

The principle of sufficiency of protection. Many users, receiving someone else's public key, want to get and use it, studying the algorithm of the encryption mechanism and trying to establish a method for decrypting the message in order to reconstruct the private key. The principle of sufficiency is to check the number of private key combinations.

The concept of an electronic signature. With the help of an electronic signature, the client can communicate with the bank, giving orders to transfer his funds to the accounts of other persons or organizations. If you need to create an electronic signature, you should use a special program (received from the bank) to create the same 2 keys: private (remains with the client) and public (transferred to the bank).

Read protection is carried out:

At the DOS level, by introducing Hidden attributes for the file;
encryption.

Protection of that record is carried out:

Setting the ReadOnly property for the files (read-only);
prohibiting writing to a floppy disk by moving or breaking the lever;
prohibition of writing through the BIOS setting - "drive not installed".

When protecting information, the problem of reliable data destruction often arises, which is due to the following reasons:

When deleted, information is not completely erased;
even after formatting a floppy disk or disk, data can be recovered using special tools for the residual magnetic field.

For reliable deletion, special utilities are used that erase data by repeatedly writing a random sequence of zeros and ones in place of the deleted data.

Cryptographic information protection

The science dealing with the issues of secure communication (ie through encrypted messages is called Cryptology (kryptos - secret, logos - science). It, in turn, is divided into two areas of cryptography and cryptanalysis.

Cryptography is the science of creating secure communication methods, of creating strong (break-resistant) ciphers. She is looking for mathematical methods for transforming information.

Cryptanalysis - this section is devoted to the study of the possibility of reading messages without knowing the keys, that is, it is directly related to breaking ciphers. People involved in cryptanalysis and cipher research are called cryptanalysts.

A cipher is a set of reversible transformations of a set of plain texts (i.e., the original message) into a set of cipher texts, carried out in order to protect them. The specific type of transformation is determined using the encryption key. Let's define a few more concepts that need to be learned in order to feel confident. First, encryption is the process of applying a cipher to the plaintext. Second, decryption is the process of applying the cipher back to the ciphertext. And thirdly, decryption is an attempt to read the ciphertext without knowing the key, i.e. breaking a ciphertext or cipher. The difference between decryption and decryption should be emphasized here. The first action is performed by a legitimate user who knows the key, and the second is performed by a cryptanalyst or powerful hacker.

Cryptographic system - a family of cipher transformations and a set of keys (i.e. algorithm + keys). The description of the algorithm itself is not a cryptosystem. Only supplemented by schemes for the distribution and management of keys does it become a system. Examples of algorithms are DES descriptions, GOST 28.147-89. Supplemented with key generation algorithms, they turn into cryptosystems. As a rule, the description of the encryption algorithm already includes all the necessary parts.

Modern cryptosystems are classified as follows:

Cryptosystems can provide not only the secrecy of transmitted messages, but also their authenticity (authenticity), as well as confirmation of the user's authenticity.

Symmetric cryptosystems (with a secret key - secret key systems) - these cryptosystems are built on the basis of keeping the encryption key secret. The encryption and decryption processes use the same key. The secrecy of the key is a postulate. The main problem when using symmetric cryptosystems for communication is the difficulty of transmitting the secret key to both parties. However, these systems are fast. The disclosure of a key by an attacker threatens to disclose only the information that was encrypted with this key. American and Russian encryption standards DES and GOST 28.147-89, candidates for AES - all these algorithms are representatives of symmetric cryptosystems.

Asymmetric cryptosystems (open encryption systems - o.sh., With a public key, etc. - public key systems) - the meaning of these cryptosystems is that different transformations are used for encryption and decryption. One of them - encryption - is completely open to everyone. Others - decrypted ones - remain secret. Thus, anyone who wants to encrypt something uses an open transformation. But only the one who owns the secret transformation can decipher and read it. At the moment, in many asymmetric cryptosystems, the type of transformation is determined by the key. Those. the user has two keys - a secret and a public one. The public key is published in a public place, and anyone who wants to send a message to this user encrypts the text with the public key. Only the mentioned user with the secret key can decrypt. Thus, the problem of transferring a secret key disappears (as in symmetric systems). However, despite all their advantages, these cryptosystems are quite laborious and slow. The stability of asymmetric cryptosystems is based mainly on the algorithmic difficulty of solving a problem in a reasonable time. If an attacker manages to build such an algorithm, then the entire system and all messages encrypted using this system will be discredited. This is the main danger of asymmetric cryptosystems as opposed to symmetric ones. Examples are o.sh systems. RSA, o.sh. system Rabin, etc.

One of the basic rules of cryptography (if we consider its commercial application, since everything is somewhat different at the state level) can be expressed as follows: breaking a cipher in order to read non-public information should cost an attacker much more expensive than this information actually costs.

Cryptography

Cryptography refers to the techniques by which the content of the written was hidden from those who should not have read the text.

Since ancient times, humanity has exchanged information by sending paper letters to each other. In ancient Veliky Novgorod, it was necessary to roll up your birch bark letters with words outward - only in this way could they be transported and stored, otherwise they would unfold spontaneously due to a change in the level of humidity. It was similar to modern postcards, in which the text, as you know, is also open to prying eyes.

The sending of birch bark messages was very widespread, but it had one serious drawback - the contents of the messages were in no way protected from selfish interests or from the idle curiosity of some people. In this regard, over time, these messages began to be rolled up in a special way - so that the text of the message was from the inside. When this turned out to be insufficient, the letter began to be sealed with a wax, and at a later time with a wax personal seal. Such seals were almost always not so much and not only in fashion as in everyday everyday use. Usually seals were made in the form of rings with raised pictures. A great variety of them are kept in the antique section of the Hermitage.

According to some historians, seals were invented by the Chinese, although the ancient cameos of Babylon, Egypt, Greece and Rome are practically indistinguishable from seals. Wax in ancient times, and sealing wax in ours can help maintain the secrets of postal correspondence.

There are very, very few exact dates and absolutely indisputable data about cryptography in antiquity, therefore, on our website, many facts are presented through artistic analysis. However, along with the invention of ciphers, there were, of course, methods of hiding text from prying eyes. In ancient Greece, for example, for this they once shaved a slave, put an inscription on his head, and, after the hair had grown back, was sent with an assignment to the addressee.

Encryption is a way of converting open information into private information and vice versa. It is used to store important information in unreliable sources or transmit it through unprotected communication channels. According to GOST 28147-89, encryption is divided into the process of encryption and decryption.

Steganography is the science of covert transmission of information by keeping the very fact of transmission secret.

Unlike cryptography, which hides the contents of a secret message, steganography hides its very existence. Steganography is usually used in conjunction with cryptography techniques, thus complementing it.

Basic principles of computer steganography and its fields of application

K. Shannon gave us a general theory of cryptography, which is the basis of steganography as a science. In modern computer steganography, there are two main types of files: a message - a file that is intended to be hidden, and a container file that can be used to hide a message in it. Moreover, containers are of two types. An original container (or "Empty" container) is a container that does not contain hidden information. A result container (or “Filled” container) is a container that contains hidden information. A key is understood as a secret element that determines the order of entering a message into a container.

The main provisions of modern computer steganography are as follows:

1. Hiding methods must ensure the authenticity and integrity of the file.
2. It is assumed that the enemy is fully aware of the possible steganographic methods.
3. The safety of methods is based on the preservation of the main properties of an openly transmitted file by the steganographic transformation when a secret message and some information unknown to the enemy - a key - are entered into it.
4. Even if the fact of hiding a message became known to the enemy through an accomplice, extracting the secret message itself is a complex computational task.

In connection with the increasing role of global computer networks, the importance of steganography is becoming more and more important.

Analysis of information sources of the computer network Internet allows us to conclude that at present steganographic systems are actively used to solve the following main tasks:

1. Protection of confidential information from unauthorized access;
2. Overcoming the monitoring and management systems of network resources;
3. Camouflage software;
4. Copyright protection for certain types of intellectual property.

Cryptographic strength (or cryptographic strength) - the ability of a cryptographic algorithm to resist possible attacks on it. Attackers of a cryptographic algorithm use cryptanalysis techniques. An algorithm is considered to be persistent if for a successful attack it requires unattainable computing resources from the adversary, an unattainable volume of intercepted open and encrypted messages, or such a disclosure time that after its expiration the protected information will no longer be relevant, etc.

Information protection requirements

The specific requirements for the protection of information that the owner of the information must provide are reflected in the guidance documents of the FSTEC and the FSB of Russia.

The documents are also divided into a number of areas:

Protection of information when processing information constituting a state secret;
protection of confidential information (including personal data);
information protection in key information infrastructure systems.

Specific requirements for the protection of information are defined in the guidance documents of the FSTEC of Russia.

When creating and operating state information systems (and these are all information systems of regional executive authorities), methods and methods of protecting information must comply with the requirements of the FSTEC and the FSB of Russia.

Documents defining the procedure for protecting confidential information and protecting information in key information infrastructure systems are marked “For official use”. Documents on the technical protection of information, as a rule, are classified as "secret".

Information security methods

Information protection in computer systems is ensured by the creation of an integrated protection system.

The comprehensive protection system includes:

Legal protection methods;
organizational protection methods;
methods of protection against accidental threats;
methods of protection against traditional espionage and sabotage;
methods of protection against electromagnetic radiation and interference;
methods of protection against unauthorized access;
cryptographic protection methods;
methods of protection against computer viruses.

Among the methods of protection, there are also universal ones, which are basic in the creation of any protection system. These are, first of all, legal methods of information protection, which serve as the basis for the legitimate construction and use of a protection system for any purpose. Organizational methods that are used in any protection system without exception and, as a rule, provide protection against several threats can also be classified as universal methods.

Methods of protection against accidental threats are developed and implemented at the stages of design, creation, implementation and operation of computer systems.

These include:

Creation of high reliability of computer systems;
creation of fault-tolerant computer systems;
blocking erroneous operations;
optimization of the interaction of users and service personnel with the computer system;
minimization of damage from accidents and natural disasters;
duplication of information.

When protecting information in computer systems from traditional espionage and sabotage, the same means and methods of protection are used as for protecting other objects that do not use computer systems.

These include:

Creation of a security system for the facility;
organization of work with confidential information resources;
countering surveillance and eavesdropping;
protection against malicious actions of personnel.

All methods of protection against electromagnetic radiation and interference can be divided into passive and active. Passive methods provide a decrease in the level of a dangerous signal or a decrease in the information content of signals. Active protection methods are aimed at creating interference in the channels of spurious electromagnetic radiation and interference, making it difficult to receive and extract useful information from signals intercepted by an attacker. Electronic components and magnetic storage devices can be affected by powerful external electromagnetic pulses and high frequency radiation. These influences can lead to malfunction of electronic components and erase information from magnetic storage media. To block the threat of such an impact, shielding of the protected means is used.

To protect information from unauthorized access, the following are created:

System of differentiation of access to information;
system of protection against research and copying of software.

The initial information for creating an access control system is the decision of the computer system administrator to allow users to access certain information resources. Since information in computer systems is stored, processed and transmitted by files (parts of files), access to information is regulated at the file level. In databases, access can be regulated to its individual parts according to certain rules. When defining access permissions, the administrator sets the operations that the user is allowed to perform.

There are the following file operations:

Reading (R);
recording;
execution of programs (E).

Write operations have two modifications:

The access subject may be given the right to write with changing the content of the file (W);
permission to append to the file without changing the old content (A).

The protection system against research and copying of software includes the following methods:

Methods that make it difficult to read the copied information;
methods preventing the use of information.

Cryptographic protection of information is understood as such a transformation of the original information, as a result of which it becomes unavailable for familiarization and use by persons who do not have the authority to do so.

According to the type of influence on the initial information, methods of cryptographic transformation of information are divided into the following groups:

Encryption;
shorthand;
coding;
compression.

Malicious programs and, above all, viruses pose a very serious threat to information in computer systems. Knowledge of the mechanisms of action of viruses, methods and means of combating them allows you to effectively organize resistance to viruses, minimize the likelihood of infection and losses from their impact.

Computer viruses are small executable or interpreted programs that propagate and reproduce themselves on computer systems. Viruses can modify or destroy software or data stored in computer systems. Viruses can modify themselves as they spread.

All computer viruses are classified according to the following criteria:

By habitat;
by the method of infection;
according to the degree of danger of harmful influences;
according to the algorithm of functioning.

According to their habitat, computer viruses are divided into:

Network;
file;
bootable;
combined.

The habitat of network viruses are elements of computer networks. File viruses are located in executable files. Boot viruses are located in the boot sectors of external storage devices. Combined viruses are found in several habitats. For example, boot-file viruses.

According to the method of infecting the habitat, computer viruses are divided into:

Resident;
non-resident.

Resident viruses, after their activation, completely or partially move from their habitat to RAM computer. These viruses, using, as a rule, privileged modes of operation that are allowed only to the operating system, infect the environment and, when certain conditions are met, carry out a malicious function. Non-resident viruses enter the computer's RAM only for the duration of their activity, during which they perform a harmful and infectious function. Then they completely leave the RAM, remaining in the habitat.

According to the degree of danger to the user's information resources, viruses are divided into:

Harmless;
dangerous;
very dangerous.

However, such viruses do cause some damage:

They consume the resources of the computer system;
may contain errors causing dangerous consequences for information resources;
viruses created earlier can lead to violations of the regular system operation algorithm when upgrading the operating system or hardware.

Dangerous viruses cause a significant decrease in the efficiency of a computer system, but do not lead to a violation of the integrity and confidentiality of information stored in storage devices.

Very dangerous viruses have the following harmful effects:

Cause a violation of the confidentiality of information;
destroy information;
cause irreversible modification (including encryption) of information;
block access to information;
Lead to hardware failure
harm the health of users.

According to the algorithm of functioning, viruses are divided into:

They do not change the habitat during their distribution;
changing the habitat when they spread.

To combat computer viruses, special anti-virus tools and methods of their application are used.

Antivirus tools perform the following tasks:

Detection of viruses in computer systems;
blocking the operation of virus programs;
elimination of the consequences of exposure to viruses.

Virus detection and blocking of virus programs is carried out by the following methods:

Scanning;
detection of changes;
heuristic analysis;
the use of resident watchmen;
vaccination programs;
hardware and software protection.

Elimination of the consequences of exposure to viruses is carried out by the following methods:

System recovery after exposure to known viruses;
system recovery after exposure to unknown viruses.

Protection of information of Russia

A distinctive feature of modernity is the transition from an industrial society to an information society, in which information becomes the main resource. In this regard, the information sphere, which is a specific sphere of activity of subjects of public life, associated with the creation, storage, distribution, transmission, processing and use of information, is one of the most important components not only of Russia, but also of the modern society of any developing state.

Penetrating into all spheres of society and the state, information acquires specific political, material and value expressions. Given the increasing role of information on the present stage, legal regulation of public relations arising in the information sphere is a priority direction of the rule-making process in the Russian Federation (RF), the purpose of which is to ensure the information security of the state.

The Constitution of the Russian Federation is the main source of law in the field of information security in Russia.

According to the Constitution of the Russian Federation:

Everyone has the right to inviolability of private life, personal and family secrets, privacy of correspondence, telephone conversations, postal, telegraph and other messages (Article 23);
collection, storage, use and dissemination of information about the private life of a person without his consent is not allowed (Article 24);
everyone has the right to freely search, receive, transfer, produce and distribute information in any legal way, the list of information constituting a state secret is determined by federal law (Article 29);
everyone has the right to reliable information about the state of the environment (art. 42).

The main legislative act in Russia that regulates relations in the information sphere (including those related to the protection of information) is the Federal Law “On Information, Informatization and Information Protection”.

The subject of regulation of this Law is social relations arising in three interrelated directions:

Formation and use of information resources;
creation and use of information technologies and means of their support;
protection of information, rights of subjects participating in information processes and informatization.

The Law provides definitions of the most important terms in the information sphere. According to Article 2 of the Law, information is information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation.

One of the significant achievements of the Law is the differentiation of information resources by access categories. According to the Law, documented information from limited access under the terms of its legal regime, it is subdivided into information classified as a state secret and confidential.

The Law contains a list of information that is prohibited from being classified as information with limited access. These are, first of all, legislative and other normative legal acts that establish the legal status of government bodies, local government bodies, organizations and public associations; documents containing information on emergency situations, environmental, demographic, sanitary-epidemiological, meteorological and other similar information; documents containing information on the activities of state authorities and local self-government bodies, on the use of budgetary funds, on the state of the economy and the needs of the population (with the exception of information classified as state secrets).

The Law also reflects issues related to the procedure for handling personal data, certification of information systems, technologies, means of their support and licensing of activities for the formation and use of information resources.

Chapter 5 of the Law "Protection of information and the rights of subjects in the field of information processes and informatization" is "basic" for Russian legislation in the field of information protection.

The main goals of information protection are:

Prevention of leakage, theft, loss, distortion and falsification of information (any information, including open information, is subject to protection);
prevention of threats to the security of the individual, society and the state (that is, information protection is one of the ways to ensure the information security of the Russian Federation);
protection of the constitutional rights of citizens to maintain personal secrecy and confidentiality of personal data available in information systems;
preservation of state secrets, confidentiality of documented information in accordance with the law.

Despite the fact that the adoption of the Federal Law "On Information, Informatization and Protection of Information" is a definite "breakthrough" in information legislation, this Law has a number of shortcomings:

The law applies only to documented information, that is, already received, objectified and recorded on a medium.
a number of articles of the Law are declarative in nature and do not find practical application.
the definitions of some terms introduced by Article 2 of the Law are not clearly and unambiguously formulated.

The priority place in the system of legislation of any state is occupied by the institution of state secrets. The reason for this is the amount of damage that can be caused to the state as a result of the disclosure of information constituting a state secret.

In recent years, legislation in the field of protecting state secrets has developed quite dynamically in the Russian Federation.

The legal regime of state secrets was established by the Law "On state secrets", the first in the history of the Russian state.

This Law is a special legislative act regulating relations arising in connection with the classification of information as state secrets, their declassification and protection.

According to the Law, a state secret is information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation.

Information protection means by the Law include technical, cryptographic, software and other means designed to protect information constituting a state secret, the means in which they are implemented, as well as means of monitoring the effectiveness of information protection.

In order to optimize the types of information related to confidential, the President of the Russian Federation, by his Decree No. 188, approved the List of confidential information, in which six main categories of information are distinguished:

Personal Information.
Secrecy of the investigation and legal proceedings.
Service secret.
Professional types of secrets (medical, notary, lawyer, etc.).
Trade secret.
Information about the essence of the invention, utility model or industrial design prior to the official publication of information about them.

Currently, none of the listed institutions is regulated at the level of a special law, which, of course, does not contribute to improving the protection of this information.

The main role in the creation of legal mechanisms for the protection of information is played by the state authorities of the Russian Federation.

The President of the Russian Federation is the "guarantor" of the Constitution of the Russian Federation, rights and freedoms (including information) of a person and a citizen, manages the activities of federal executive bodies in charge of security issues, issues decrees and orders on issues, the essence of which is information security and information protection.

The Federal Assembly - the parliament of the Russian Federation, consisting of two chambers - the Federation Council and the State Duma, is the legislative body of the Russian Federation, which forms the legislative framework in the field of information protection. In the structure of the State Duma there is a Committee on Information Policy, which organizes legislative activity in the information sphere. The Committee has developed a Concept of State Information Policy, which contains a section on information legislation. The concept was approved at a meeting of the Permanent Chamber for State Information Policy of the Political Consultative Council under the President of the Russian Federation. In addition, other committees of the State Duma are also involved in the preparation of bills aimed at improving legislation in the field of information protection.

Another body associated with normative legal regulation in the field of information protection is the Security Council of the Russian Federation formed by the President of the Russian Federation.

By Decree of the President of the Russian Federation No. 1037, in order to implement the tasks assigned to the Security Council of the Russian Federation in the field of ensuring the information security of the Russian Federation, an Interdepartmental Commission of the Security Council of the Russian Federation on information security was established, one of the tasks of which is to prepare proposals on the legal regulation of information security and information protection. In addition, the Security Council apparatus in accordance with the National Security Concept of the Russian Federation has prepared a draft Doctrine of Information Security of the Russian Federation.

The Interdepartmental Commission for the Protection of State Secrets, established by Decree of the President of the Russian Federation No. 1108 in order to implement a unified state policy in the field of classifying information, as well as to coordinate the activities of state authorities to protect state secrets in in the interests of the development and implementation of state programs and regulations.

By decisions of the Interdepartmental Commission, draft decrees and orders of the President of the Russian Federation, decisions and orders of the Government of the Russian Federation may be developed.

The decisions of the Interdepartmental Commission for the Protection of State Secrets, adopted in accordance with its powers, are binding on federal government bodies, government bodies of the constituent entities of the Russian Federation, local government bodies, enterprises, institutions, organizations, officials and citizens.

The organizational and technical support for the activities of the Interdepartmental Commission is entrusted to the central office of the State Technical Commission under the President of the Russian Federation (State Technical Commission of Russia).

The State Technical Commission of Russia is one of the main bodies solving information security problems in the Russian Federation.

The legal status of the State Technical Commission of Russia is defined in the Regulations on the State Technical Commission of Russia, approved by Decree of the President of the Russian Federation No. 212, as well as in a number of other regulatory legal acts.

According to the Regulation, the State Technical Commission of Russia is a federal executive body that carries out cross-sectoral coordination and functional regulation of activities to ensure the protection (by non-cryptographic methods) of information containing information constituting a state or official secret from its leakage through technical channels, from unauthorized access to it, from special influences on information in order to destroy, distort and block and to counter technical means of intelligence on the territory of the Russian Federation (hereinafter referred to as - technical protection of information).

In addition, the State Technical Commission of Russia has prepared a draft Catalog "Security of Information Technologies", which will include the domestic regulatory legal framework in the field of technical protection of information, an analysis of foreign regulatory documents on information security, a list of licensees of the State Technical Commission of Russia, a list of certified information security tools and many other interesting information specialists.

The main directions of improving legislation in the field of information security (including those related to information protection) are formulated in the draft Concept for improving the legal support of information security in the Russian Federation, which was developed by a working commission under the apparatus of the Security Council of the Russian Federation.

As for the improvement of the legislation of the constituent entities of the Russian Federation, it will be aimed at forming regional information security systems of the constituent entities of the Russian Federation within the framework of the unified information security system of the Russian Federation.

Thus, despite the fact that in the Russian Federation in a fairly short time a fairly extensive regulatory legal framework in the field of information security and information protection has been formed, there is currently an urgent need for its further improvement.

In conclusion, I would like to emphasize the international cooperation of the Russian Federation in the field of information security.

Taking into account historical experience, the Russian Federation considers the CIS member states as the main partners for cooperation in this area. However, the regulatory framework for information protection within the CIS is not sufficiently developed. It seems promising to carry out this cooperation in the direction of harmonizing the legislative framework of states, their national systems of standardization, licensing, certification and training in the field of information security.

As part of the practical implementation of the Agreement on the mutual provision of the safety of interstate secrets, signed in Minsk, the Government of the Russian Federation concluded a number of international treaties in the field of information protection (with the Republic of Kazakhstan, the Republic of Belarus and Ukraine).

Protection of information from unauthorized access

The use of computers and automated technology poses a number of challenges for managing an organization. Computers, often connected in networks, can provide access to a huge amount of a wide variety of data. Therefore, people worry about the security of information and the risks associated with automation and providing much more access to confidential, personal or other critical data. Electronic storage is even more vulnerable than paper: the data stored on it can be destroyed, copied, and discreetly altered.

The number of computer crimes is on the rise - and the scale of computer abuse is also on the rise. According to US experts, the damage from computer crimes is increasing by 35 percent per year. One of the reasons is the amount of money received as a result of the crime: while the damage from an average computer crime is 560 thousand dollars, in a bank robbery it is only 19 thousand dollars.

According to the University of Minnesota in the USA, 93% of companies that lost access to their data for more than 10 days left their business, and half of them declared their insolvency immediately.

The number of employees in the organization with access to computer equipment and information technology is constantly growing. Access to information is no longer limited to a narrow circle of people from the top management of the organization. The more people gain access to information technology and computer equipment, the more opportunities arise for the commission of computer crimes.

Anyone can be a computer criminal.

The typical computer criminal is not a young hacker using a telephone and home computer to gain access to large computers. A typical computer criminal is an employee who is allowed access to a system of which he is a non-technical user. In the United States, computer crimes committed by employees account for 70-80 percent of the annual computer-related damage.

Signs of computer crimes:

Unauthorized use of computer time;
unauthorized attempts to access data files;
theft of computer parts;
stealing programs;
physical destruction of equipment;
destruction of data or programs;
unauthorized possession of floppy disks, tapes or printouts.

These are just the most obvious signs to look out for when detecting computer crimes. Sometimes these signs indicate that a crime has already been committed, or that protective measures are not being followed. They can also indicate the presence of vulnerabilities and indicate where the security gap lies. While signs can help uncover crime or abuse, safeguards can help prevent it.

Information protection is an activity to prevent the loss and leakage of protected information.

Information security refers to measures to protect information from unauthorized access, destruction, modification, disclosure and delays in access. Information security includes measures to protect the processes of data creation, input, processing and output.

Information security ensures that the following goals are achieved:

Confidentiality of critical information;
integrity of information and related processes (creation, input, processing and output);
the availability of information when it is needed;
accounting of all processes associated with information.

Critical data refers to data that requires protection due to the likelihood of damage and its magnitude in the event that accidental or intentional disclosure, modification, or destruction of data occurs. Critical data also includes data that, if misused or disclosed, can adversely affect an organization's ability to meet its objectives; personal data and other data, the protection of which is required by decrees of the President of the Russian Federation, laws of the Russian Federation and other by-laws.

Any security system, in principle, can be opened. Such protection is considered effective, the cost of breaking into which is commensurate with the value of the information obtained in this case.

With regard to the means of protection against unauthorized access, seven security classes (1 - 7) of computer equipment and nine classes (1A, 1B, 1B, 1G, 1D, 2A, 2B, 3A, 3B) of automated systems are defined. For computer technology, the lowest is class 7, and for automated systems - 3B.

There are four levels of protection for computer and information resources:

Prevention assumes that only authorized personnel have access to protected information and technology.

Detection involves the early detection of crime and abuse, even if safeguards have been circumvented.

The limitation reduces the amount of losses if a crime does occur, despite measures to prevent and detect it.

Recovery provides efficient re-creation of information with documented and verified recovery plans.

Security measures are measures imposed by management to ensure the security of information. Safeguards include the development of administrative guidelines, the installation of hardware devices, or additional programs, the main purpose of which is to prevent crime and abuse.

The formation of an information security regime is a complex problem. Measures for its solution can be divided into four levels:

Legislative: laws, regulations, standards, etc .;
- administrative: general actions taken by the management of the organization;
- procedural: specific security measures dealing with people;
- software and hardware: specific technical measures.

Currently, the most detailed legislative document in Russia in the field of information security is the Criminal Code. In the Crimes Against Public Security section, there is a chapter on Computer Crimes. It contains three articles - "Unlawful access to computer information", "Creation, use and distribution of malicious programs for computers" and "Violation of the rules for operating computers, computer systems or their networks." The Criminal Code guards all aspects of information security - accessibility, integrity, confidentiality, providing for penalties for "destruction, blocking, modification and copying of information, disruption of computers, computer systems or their networks."

Let's consider some measures of information security protection of computer systems.

User Authentication

This measure requires users to follow the logon procedures to the computer, using this as a means of identification at the start of work. To authenticate the identity of each user, you need to use unique passwords that are not combinations of user personal data for the user. It is necessary to put in place security measures when administering passwords and educate users about the most common mistakes that can lead to computer crime. If your computer has a built-in standard password, be sure to change it.

An even more reliable solution consists in organizing access control to the premises or to a specific computer in the network using identification plastic cards with an embedded microcircuit - the so-called microprocessor cards (smart - cards). Their reliability is primarily due to the impossibility of copying or counterfeiting in an artisanal way. Installation of a special reader for such cards is possible not only at the entrance to the premises where computers are located, but also directly at workstations and network servers.

There are also various devices for identifying a person using biometric information - by the iris of the eye, fingerprints, the size of the hand, etc.

Password protection

The following rules are useful for password protection:

You cannot share your password with anyone;
the password must be hard to guess;
to create a password, you need to use uppercase and lowercase letters, or even better, let the computer generate the password itself;
it is not recommended to use a password that is an address, alias, name of a relative, phone number or something obvious;
it is preferable to use long passwords, since they are more secure; it is best to have a password of 6 or more characters;
the password should not be displayed on the computer screen when you enter it;
passwords should not appear on printouts;
you cannot write passwords on a table, wall or terminal, it must be kept in memory;
the password needs to be changed periodically and not on schedule;
the most reliable person should be the password administrator;
it is not recommended to use the same password for all employees in a group;
when an employee leaves, it is necessary to change the password;
employees must sign for receiving passwords.

An organization dealing with critical data should develop and implement authorization procedures that determine which users should have access to certain information and applications.

The organization should establish such a procedure in which the permission of certain superiors is required to use computer resources, obtain permission to access information and applications, and obtain a password.

If information is processed on a large computing center, then it is necessary to control the physical access to computing equipment. Techniques such as magazines, locks and passes, and security may be appropriate. The information security officer must know who has the right to access the premises with computer equipment and drive out strangers from there.

Precautions when working

Disable unused terminals;
close the rooms where the terminals are located;
maximize computer screens so that they are not visible from the side of doors, windows and other places that are not controlled;
install special equipment that limits the number of unsuccessful access attempts, or makes a callback to verify the identity of users using phones to access a computer;
use terminal shutdown programs after a certain period of non-use;
turn off the system during non-working hours;
use systems that allow, after a user logs on to the system, to inform him of the time of his last session and the number of unsuccessful attempts to establish a session after that. This will make the user an integral part of the log checking system.

Physical security

Protected computer systems need to take measures to prevent, detect and minimize damage from fire, flooding, environmental pollution, high temperatures and power surges.

Fire alarms and extinguishing systems should be checked regularly. The PC can be protected with covers so that they are not damaged by the fire extinguishing system. Flammable materials should not be stored in these rooms with computers.

Indoor temperature can be controlled by air conditioners and fans, as well as good indoor ventilation. Excessive temperature problems can occur in peripheral equipment racks or due to the closure of a ventilation hole in terminals or PCs, so they should be checked regularly.

It is advisable to use air filters to help clean the air of substances that can harm computers and disks. Smoking, eating and drinking near the PC should be prohibited.

Computers should be located as far away as possible from sources of large quantities of water, such as pipelines.

Protection of information carriers (original documents, tapes, cartridges, discs, printouts)

Maintain, control and check registers of information carriers;
educate users on the correct methods for cleaning and destroying information carriers;
make marks on information carriers, reflecting the level of criticality of the information they contain;
destroy media in accordance with the organization's plan;
bring all governing documents to the attention of employees;
store discs in envelopes, boxes, metal safes;
do not touch the surfaces of discs carrying information;
carefully insert discs into the computer and keep them away from sources magnetic field and sunlight;
remove discs and tapes that are not currently being handled;
store discs laid out on shelves in a specific order;
do not give carriers of information with critical information to unauthorized people;
throw away or give away damaged disks with critical information only after demagnetizing them or a similar procedure;
destroy critical information on disks by demagnetizing or physically destroying them in accordance with the order in the organization;
Dispose of printouts and ink ribbons from printers containing critical information in accordance with organizational procedures;
secure printouts of passwords and other information that allows you to access your computer.

Choosing reliable equipment

The performance and fault tolerance of the information system largely depends on the health of the servers. If it is necessary to ensure round-the-clock uninterrupted operation of the information system, special fault-tolerant computers are used, that is, those whose failure of a separate component does not lead to a machine failure.

The reliability of information systems is also negatively affected by the presence of devices assembled from low-quality components and the use of unlicensed software. Excessive savings on personnel training, the purchase of licensed software and high-quality equipment leads to a decrease in uptime and significant costs for subsequent system recovery.

Sources of uninterruptible power supply

A computer system is energy-intensive, and therefore the first condition for its functioning is an uninterrupted supply of electricity. Uninterruptible power supplies for servers, and, if possible, for all local workstations should become a necessary part of the information system. It is also recommended to back up the power supply using different city substations. For a radical solution to the problem, you can install backup power lines from the organization's own generator.

Develop adequate business continuity and recovery plans

The purpose of business continuity and recovery plans is to ensure that users can continue to fulfill their most important responsibilities in the event that information technology fails. Maintenance personnel must know how to proceed with these plans.

Business Continuity and Recovery Plans (OOPs) should be written, reviewed and communicated regularly to staff. The plan's procedures should be adequate for the level of security and criticality of the information. The NRM plan can be applied in an environment of confusion and panic, so staff training should be done regularly.

Backup

One of key points, providing system recovery in case of a disaster, is a backup of working programs and data. In local networks where several servers are installed, most often the backup system is installed directly into free server slots. In large corporate networks, preference is given to a dedicated dedicated backup server, which automatically archives information from hard drives of servers and workstations at a specific time set by the network administrator, issuing a report on the backup.

For archival information of particular value, it is recommended to provide a security room. Duplicates of the most valuable data should be stored in another building or even in another city. The latter measure makes the data invulnerable in the event of a fire or other natural disaster.

Office duplication, multiplexing and redundancy

In addition to backups, which are performed in the event of an emergency or according to a predetermined schedule, special technologies are used for greater safety of data on hard disks - disk mirroring and the creation of RAID arrays, which are the combination of several hard disks. When recording, information is equally distributed between them, so that if one of the disks fails, the data on it can be restored from the contents of the rest.

Clustering technology assumes that multiple computers function as a single unit. Servers are usually clustered. One of the cluster servers can operate in hot standby mode in full readiness to start performing the functions of the main machine in the event of its failure. The continuation of the clustering technology is distributed clustering, in which several cluster servers, located at a large distance, are connected via a global network.

Distributed clusters are close to the concept of backup offices, focused on ensuring the life of an enterprise when its central premises are destroyed. Reserve offices are divided into cold ones, in which communication wiring is carried out, but there is no equipment, and hot ones, which can be a redundant computing center that receives all information from the central office, a branch office, an office on wheels, etc.

Reservation of communication channels

In the absence of communication with the outside world and its divisions, the office is paralyzed, therefore, it is of great importance to reserve external and internal channels communication. When making redundancy, it is recommended to combine different types of communication - cable lines and radio channels, overhead and underground laying of communications, etc.

As companies turn to the Internet more and more, their business becomes heavily dependent on the functioning of the Internet service provider. Network access providers sometimes experience quite serious disruptions, so it is important to store all important applications on the company's internal network and have contracts with several local providers. You should also consider in advance how to notify strategic customers about a change in email address and require the provider to take measures to ensure the prompt recovery of its services after disasters.

Data protection from interception

For any of the three main technologies for transmitting information, there is an interception technology: for cable lines - connecting to a cable, for satellite communications - using an antenna for receiving a signal from a satellite, for radio waves - radio interception. Russian security services divide communications into three classes. The first covers local networks located in the security zone, that is, areas with limited access and shielded electronic equipment and communication lines, and which do not have access to communication channels outside of it. The second class includes communication channels outside the security zone, protected by organizational and technical measures, and the third - unprotected public communication channels. The use of communications of the second class significantly reduces the likelihood of data interception.

To protect information in an external communication channel, the following devices are used: scramblers to protect speech information, encryptors for broadcast communications and cryptographic tools that encrypt digital data.

Information leakage protection

Technical leakage channels:

1. Visual-optical channels;
2. Acoustic channels;
3. Electromagnetic channels;
4. Material channels;
5. Electronic channels of information leakage.

Protected information is owned and protected against legal documents. When carrying out measures to protect non-state information resources that are bank or commercial secrets, the requirements of regulatory documents are advisory in nature. Information protection regimes for non-state secrets are established by the owner of the data.

Actions to protect confidential data from leakage through technical channels are one of the parts of measures at the enterprise to ensure information security. Organizational actions to protect information from leaks through technical channels are based on a number of recommendations when choosing premises where work will be carried out to preserve and process confidential information. Also, when choosing technical means of protection, you must first of all rely on certified products.

When organizing measures to protect the leakage of technical information channels at the protected object, the following stages can be considered:

Preparatory, pre-project;
STZI design;
The stage of putting into operation the protected object and the system of technical protection of information.

The first stage involves preparation for the creation of a system of technical protection of information at protected objects.

When examining possible technical leakage flows at the facility, the following are studied:

The plan of the adjacent area to the building within a radius of 300 m.
A plan for each floor of the building with a study of the characteristics of walls, finishes, windows, doors, etc.
Schematic diagram of grounding systems for electronic objects.
The layout of the communications of the entire building, together with the ventilation system.
Power supply plan of the building showing all panels and the location of the transformer.
Plan-diagram of Telephone networks.
Schematic diagram of fire and burglar alarms with indication of all sensors.

Having learned the leakage of information as an uncontrolled exit of confidential data outside the boundaries of the circle of persons or organization, let us consider how such a leak is implemented. At the heart of such a leak is the uncontrolled removal of confidential data by means of light, acoustic, electromagnetic or other fields or material carriers. Whatever the different reasons for the leaks, they have a lot in common. As a rule, the reasons are associated with gaps in the norms of preserving information and violations of these norms.

Information can be transmitted either by substance or by field. A person is not considered as a carrier, he is a source or subject of relations. A person takes advantage of different physical fields that create communication systems. Any such system has components: a source, a transmitter, a transmission line, a receiver and a receiver. Such systems are used every day in accordance with their intended purpose and are the official means of data exchange. Such channels provide and control for the secure exchange of information. But there are also channels that are hidden from prying eyes, and through them they can transfer data that should not be transferred to third parties.

To create a leakage channel, certain temporal, energetic and spatial conditions are needed that facilitate the reception of data on the side of the attacker.

Leakage channels can be divided into:

Acoustic;
visual optical;
electromagnetic;
material.

Visual optical channels

These channels are usually remote monitoring. Information acts as a light that comes from a source of information.

Methods of protection against visual leakage channels:

Reduce the reflective characteristics of the protected object;
arrange objects in such a way as to exclude reflection to the sides of the potential location of the attacker;
reduce the illumination of the object;
apply masking methods and others to mislead the attacker;
use barriers.

Acoustic channels

In such channels, the carrier has sound that lies in the ultra range (more than 20,000 Hz). The channel is realized through the propagation of an acoustic wave in all directions. As soon as there is an obstacle in the path of the wave, it activates the oscillatory mode of the obstacle, and the sound can be read from the obstacle. Sound propagates in different ways in different propagation media.

Protection from acoustic channels is primarily an organizational measure. They imply the implementation of architectural and planning, regime and spatial measures, as well as organizational and technical active and passive measures. Architectural and planning measures implement certain requirements at the stage of building design. Organizational and technical methods imply the implementation of sound-absorbing means. Examples are materials such as cotton wool, carpets, foam concrete, etc. They have a lot of porous gaps that lead to a lot of reflection and absorption of sound waves. They also use special hermetic acoustic panels. The value of sound absorption A is determined by the coefficients of sound absorption and the dimensions of the surface of which the sound absorption is: A = L * S. The values of the coefficients are known, for porous materials it is 0.2 - 0.8. For concrete or brick, this is 0.01 - 0.03. For example, when treating walls L = 0.03 with porous plaster L = 0.3, the sound pressure decreases by 10 dB.

Sound level meters are used to accurately determine the effectiveness of sound insulation protection. A sound level meter is a device that changes sound pressure fluctuations into readings. Electronic stethoscopes are used to assess the characteristics of the protection of buildings from leaks through vibration and acoustic channels. They listen to sound through floors, walls, heating systems, ceilings, etc. Stethoscope sensitivity in the range from 0.3 to 1.5 v / dB. At a sound level of 34 - 60 dB, such stethoscopes can listen through structures up to 1.5 m thick. If passive protection measures do not help, noise generators can be used. They are placed around the perimeter of the room in order to create their own vibration waves on the structure.

Electromagnetic channels

For such channels, the carrier has electromagnetic waves in the range of 10,000 m (frequency
There are known electromagnetic leakage channels:

With the help of design and technological measures, it is possible to localize some leakage channels using:

Weakening of inductive, electromagnetic communication between elements;
shielding of units and elements of equipment;
filtering signals in power or ground circuits.

Any electronic unit under the influence of a high-frequency electromagnetic field becomes a re-emitter, a secondary source of radiation. This is called intermodulation radiation. To protect against such a leakage channel, it is necessary to prevent the passage of high-frequency current through the microphone. It is realized by connecting a capacitor with a capacity of 0.01 - 0.05 μF to a microphone in parallel.

Material channels

Such channels are created in a solid, gaseous or liquid state. This is often the waste of the enterprise.

Protection from such channels is a whole range of measures to control the release of confidential information in the form of industrial or production waste.

Development of information security

Ensuring the protection of information has always worried humanity. In the course of the evolution of civilization, the types of information changed, various methods and means were used to protect it.

The process of development of means and methods of information protection can be divided into three relatively independent periods:

The first period is determined by the beginning of the creation of meaningful and independent means and methods of information protection and is associated with the emergence of the possibility of fixing information messages on hard media, that is, with the invention of writing. Together with the indisputable advantage of saving and moving data, the problem of keeping secret information that already exists separately from the source of confidential information arose, therefore, almost simultaneously with the birth of writing, such methods of information protection as encryption and hiding appeared.

Cryptography is the science of mathematical methods of ensuring confidentiality (the impossibility of reading information by outsiders) and authenticity (integrity and authenticity of authorship, as well as the impossibility of denial of authorship) of information. Cryptography is one of the oldest sciences, its history goes back several thousand years. In the documents of ancient civilizations, such as India, Egypt, Mesopotamia, there is information about the systems and methods of composing cipher letters. In the ancient religious books of India, it is indicated that the Buddha himself knew several dozen ways of writing, among which there were permutation ciphers (according to modern classification). One of the oldest cipher texts from Mesopotamia (2000 BC) is a clay tablet containing a recipe for making glaze in pottery, which ignored some vowels and consonants and used numbers instead of names.

At the beginning of the 19th century, cryptography was enriched by a remarkable invention. Its author is a statesman, first secretary of state, and then president of the United States, Thomas Jefferson. He called his encryption system "disk cipher". This cipher was implemented using a special device, which was later called the Jefferson cipher. The construction of the encoder can be briefly described as follows. The wooden cylinder is cut into 36 discs (in principle, the total number of discs can be different). These discs are mounted on one common axle so that they can independently rotate on it. All the letters of the English alphabet were written in random order on the side surfaces of each disc. The order of letters on each disc is different. On the surface of the cylinder, there was a line parallel to its axis. During encryption, the plain text was divided into groups of 36 characters, then the first letter of the group was fixed by the position of the first disk along the dedicated line, the second - by the position of the second disk, etc. The cipher text was formed by reading a sequence of letters from any line parallel to the selected one. The reverse process was carried out on a similar encoder: the obtained ciphertext was written out by turning the discs along a dedicated line, and the plaintext was found among the lines parallel to it by reading a meaningful possible option. The Jefferson Cipher implements the previously known poly-alphabetic substitution cipher. Parts of its key are the order of the letters on each disk and the order of those disks on a common axis.

The second period (approximately from the middle of the 19th century) is characterized by the emergence of technical means of information processing and transmission of messages using electrical signals and electromagnetic fields (for example, telephone, telegraph, radio). In this regard, there were problems of protection from the so-called technical leakage channels (spurious emissions, pickups, etc.). To ensure the protection of information in the process of transmission over telephone and telegraph communication channels, methods and technical means have appeared that make it possible to encrypt messages in real time. Also during this period, the technical means of intelligence were actively developing, which greatly increased the possibilities of industrial and state espionage. Huge, ever-increasing losses of enterprises and firms contributed to scientific and technological progress in the creation of new and improvement of old means and methods of information protection.

The most intensive development of these methods falls on the period of mass informatization of society (third period). It is associated with the introduction of automated information processing systems and is measured over a period of more than 40 years. In the 60s. in the West, a large number of open publications began to appear on various aspects of information security. Such attention to this problem was primarily caused by the increasing financial losses of firms and government organizations from crimes in the computer sphere.

Protection of personal information

According to Art. 3 of the Law, this is any information relating to a specific or determined on the basis of such information an individual, including his last name, first name, patronymic, year, month, date and place of birth, address, family, social, property status, education, profession , income, other information (including phone number, email address etc.).

When your right to personal data protection is violated:

1) If the management organization in your house has posted a list of debtors, indicating the last name, first name, patronymic, address of the citizen and the amount owed;
2) If such information is posted on the Internet without your written permission;
3) If strangers call you at home, call you by name and offer services or goods (conduct a sociological survey, make spam calls, ask how you feel about Navalny, etc.) - you did not indicate your address anywhere and telephone;
4) If your information is published in the newspaper as an example of the results of the work on the population census;
5) In any other case, when third parties became aware of your personal information if you did not provide it.

If your phone number is in the phone book, the address in the directory with your permission is not a violation.

The essence of information protection

Information protection necessitates a systematic approach, i.e. here one cannot be limited to individual events. A systematic approach to information protection requires that the means and actions used to ensure information security - organizational, physical and software-technical - are considered as a single set of interrelated, complementary and interacting measures. One of the main principles of a systematic approach to information protection is the principle of "reasonable sufficiency", the essence of which is: one hundred percent protection does not exist under any circumstances, therefore, it is worth striving not to the theoretically maximum achievable level of protection, but to the minimum necessary in these specific conditions and given the level of possible threat.

Unauthorized access - reading, updating or destroying information in the absence of appropriate authority to do so.

The problem of unauthorized access to information has become aggravated and acquired particular importance in connection with the development of computer networks, primarily the global Internet.

To successfully protect their information, the user must have an absolutely clear idea of the possible ways of unauthorized access.

Let's list the main typical ways of unauthorized obtaining of information:

Theft of media and industrial waste;
- copying of information carriers with overcoming protection measures;
- disguise as a registered user;
- hoax (disguise for system requests);
- using the shortcomings of operating systems and programming languages;
- the use of software bookmarks and software blocks of the "Trojan horse" type;
- interception of electronic emissions;
- interception of acoustic emissions;
- remote photography;
- the use of eavesdropping devices;
- malicious disabling of protection mechanisms, etc.

To protect information from unauthorized access, the following are used: organizational measures, hardware, software, cryptography.

Organizational activities include:

Access mode;
- storage of media and devices in a safe (floppy disks, monitor, keyboard, etc.);
- restriction of access of persons to computer rooms, etc.

Technical means include various hardware methods for protecting information:

Filters, screens for equipment;
- key to lock the keyboard;
- Authentication devices - for reading fingerprints, hand shape, iris, printing speed and techniques, etc .;
- electronic keys on microcircuits, etc.

Information security software is created as a result of the development of special software that would not allow an outsider who is not familiar with this type of protection to receive information from the system.

The software includes:

Password access - setting user rights;
- lock the screen and keyboard, for example, using a key combination in the Diskreet utility from the Norton Utilites package;
- the use of BIOS password protection tools on the BIOS itself and on the PC as a whole, etc.

Cryptographic information protection means its encryption when entered into a computer system.

In practice, combined methods of protecting information from unauthorized access are usually used.

Among the network security mechanisms, the following are usually distinguished:

Encryption;
- access control;
- digital signature.

Information security objects

The object of information protection is a computer system or an automated data processing system (ASOD). Until recently, the term ASOD was used in works devoted to the protection of information in automated systems, which is increasingly being replaced by the term KS. What is meant by this term?

A computer system is a complex of hardware and software designed for the automated collection, storage, processing, transmission and reception of information. Along with the term “information”, the term “data” is often used in relation to the COP. Another concept is also used - "information resources". In accordance with the law of the Russian Federation "On Information, Informatization and Protection of Information", information resources are understood as individual documents and individual arrays of documents in information systems (libraries, archives, funds, data banks and other information systems).

The concept of KS is very broad and it covers the following systems:

Computers of all classes and purposes;
computing complexes and systems;
computer networks (local, regional and global).

Such a wide range of systems is united by one concept for two reasons: first, for all these systems, the main problems of information security are common; second, smaller systems are elements of larger systems. If the protection of information in any systems has its own characteristics, then they are considered separately.

The subject of protection in the COP is information. The material basis for the existence of information in the CS are electronic and electromechanical devices (subsystems), as well as machine media. With the help of input devices or data transmission systems (SPD), information enters the CS. In the system, information is stored in memory devices (memory) of various levels, converted (processed) by processors (PC) and output from the system using output devices or SPD. Paper, magnetic tapes, and various types of disks are used as machine media. Previously, paper cards and punched tapes, magnetic drums and cards were used as machine information carriers. Most types of machine storage media are removable, i.e. can be removed from the devices and used (paper) or stored (tapes, discs, paper) separately from the devices. Thus, in order to protect information (ensure information security) in the CS, it is necessary to protect devices (subsystems) and machine media from unauthorized (unauthorized) influences on them.

However, such consideration of the COP from the point of view of information protection is incomplete. Computer systems belong to the class of man-machine systems. Such systems are operated by specialists (service personnel) in the interests of users. Moreover, in recent years, users have the most direct access to the system. In some CS (for example, a PC), users perform the functions of service personnel. Service personnel and users are also carriers of information. Therefore, it is necessary to protect not only devices and media from unauthorized influences, but also service personnel and users.

When solving the problem of protecting information in the COP, it is also necessary to take into account the inconsistency of the human factor of the system. Service personnel and users can be both an object and a source of unauthorized influence on information.

The concept of "object of protection" or "object" is often interpreted in a broader sense. For concentrated CS or elements of distributed systems, the concept of "object" includes not only information resources, hardware, software, service personnel, users, but also premises, buildings, and even the territory adjacent to buildings.

One of the basic concepts of the theory of information security are the concepts of "information security" and "protected computer systems". Security (security) of information in a computer system is such a state of all components of a computer system, in which information is protected from possible threats at the required level. Computer systems that ensure the security of information are called secure.

Information security in the CS (information security) is one of the main areas of ensuring the security of the state, industry, department, government organization or private company.

Information security is achieved by the management of an appropriate level of information security policy. The main document on the basis of which the information security policy is carried out is the information security program. This document is developed and adopted as an official guiding document by the supreme governing bodies of the state, department, organization. The document contains the goals of the information security policy and the main directions for solving the problems of information protection in the CS. Information security programs also contain general requirements and principles for building information security systems in a CS.

The information protection system in the CS is understood as a unified set of legal norms, organizational measures, technical, software and cryptographic means that ensure the security of information in the CS in accordance with the adopted security policy.

Software protection of information

Information security software is a system of special programs included in the software that implement information security functions.

Information security software:

Built-in information security tools.

Antivirus program (antivirus) - a program for detecting computer viruses and disinfecting infected files, as well as for prophylaxis - preventing the infection of files or the operating system with malicious code.

Specialized software tools for protecting information from unauthorized access have generally better capabilities and characteristics than built-in tools. In addition to encryption programs and cryptographic systems, there are many other external security tools available.

Firewalls (also called firewalls or firewalls). Special intermediate servers are created between the local and global networks, which inspect and filter all traffic of the network / transport layers passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not completely eliminate this danger. A more secure version of the method is masquerading, when all traffic outgoing from the local network is sent on behalf of the firewall server, making the local network practically invisible.

Proxy-servers (proxy - power of attorney, trusted person). All network / transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java code, and JavaScript).

VPN (virtual private network) allows you to transfer sensitive information over networks in which it is possible for unauthorized people to eavesdrop on the traffic. Technologies used: PPTP, PPPoE, IPSec.

The main directions of protection

The standardness of the architectural principles of construction, hardware and software of personal computers (PCs) and a number of other reasons determine the relatively easy access of a professional to information in a PC. If a group of people uses a personal computer, then it may be necessary to restrict access to information for various consumers.

Unauthorized access to PC information we will call familiarization, processing, copying, application of various viruses, including those destroying software products, as well as modification or destruction of information in violation of the established rules of access control.

In protecting PC information from unauthorized access, three main areas can be distinguished:

- the first focuses on preventing the intruder from accessing the computing environment and is based on special software and hardware for user identification;

- the second is related to the protection of the computing environment and is based on the creation of special software for the protection of information;

- the third direction is associated with the use of special means of protecting PC information from unauthorized access (shielding, filtering, grounding, electromagnetic noise, attenuation of the levels of electromagnetic radiation and interference with the help of absorbing matched loads).

Software methods of information protection provide for the use of special programs to protect against unauthorized access, protect information from copying, modification and destruction.

Protection against unauthorized access includes:

- identification and authentication of subjects and objects;

- differentiation of access to computing resources and information;

- control and registration of actions with information and programs.

The identification and authentication procedure involves checking whether a given subject can be admitted to resources ( identification) and whether the subject accessing (or the object being accessed) is who he claims to be ( authentication).

V program procedures identification usually uses a variety of methods. Basically, these are passwords (simple, complex, one-time) and special identifiers or checksums for hardware, programs and data. Hardware-software methods are used for authentication.

After the identification and authentication procedures are completed, the user gains access to the system and then software protection of information is carried out at three levels: hardware, software and data.

Hardware and software protection provides for access control to computing resources (to individual devices, to RAM, to the operating system, to service or personal user programs, keyboard, display, printer, disk drive).

Protecting information at the data level permits the execution of only actions permitted by the regulations on data, and also ensures the protection of information during its transmission through communication channels.

Access control includes:

- selective protection of resources (refusal of user A to access database B, but permission to access database C);

- granting and denying access for all types and levels of access (administration);

- identification and documentation of any violations of access rules and attempts to violate;

- accounting and storage of information on the protection of resources and on permitted access to them.

At the heart of program methods information protection lies password protection. Password protection can be overcome using utilities used for software debugging and information recovery, as well as using password cracking programs. System debugging utilities allow you to bypass protection. Password cracking programs use brute-force attacks to guess the password. The time it takes to guess a password using a simple brute-force method increases exponentially as the length of the password increases.

To maintain secrecy, you must adhere to the following recommendations for choosing a password:

- the minimum password length must be at least 8-10 characters;

- the extended alphabet should be used for the password, entering symbols and signatures into it;

- you should not use standard words as a password, since there are dictionaries of typical passwords on the Internet, with the help of which the typical password set by you can be determined;

- the security system must block the login after a certain number of unsuccessful login attempts;

- the time for logging into the system should be limited to the time of the working day.

Data protection means that function as part of software are called software. Among them, the following can be distinguished and considered in more detail:

· Means of data archiving;

· Anti-virus programs;

· Cryptographic means;

· Means of identification and authentication of users;

· Means of access control;

· Logging and auditing.

Examples of combinations of the above measures include:

· Protection of databases;

· Protection of operating systems;

· Protection of information when working in computer networks.

3.1 Means of archiving information

· ZIP, ARJ for DOS and Windows operating systems;

· TAR for the Unix operating system;

· Cross-platform JAR format (Java ARchive);

· RAR (the popularity of this format is growing all the time, since programs have been developed that allow it to be used in DOS, Windows and Unix operating systems).

3.2 Antivirus programs

NS These are programs designed to protect information from viruses. Inexperienced users usually think that a computer virus is a specially written small program that can "attribute" itself to other programs (that is, "infect" them), as well as perform various unwanted actions on the computer. Specialists in computer virology determine that a mandatory (necessary) property of a computer virus is the ability to create its own duplicates (not necessarily the same as the original) and embed them in computer networks and / or files, computer system areas and other executable objects. At the same time, duplicates retain the ability for further distribution. It should be noted that this condition is not sufficient, i.e. final. That is why there is still no exact definition of the virus, and it is unlikely that one will appear in the foreseeable future. Consequently, there is no definite law by which “good” files can be distinguished from “viruses”. Moreover, sometimes even for a specific file it is quite difficult to determine whether it is a virus or not.

Since the time when various office software tools were able to work with programs written specifically for them (for example, applications in the Visual Basic language can be written for Microsoft Office), a new type of malicious programs has appeared - MacroViruses. Viruses of this type are distributed along with regular document files, and are contained within them as regular subroutines.

Therefore, among security systems, the most important direction is the fight against viruses. There are a number of tools specifically designed for this task. Some of them run in scan mode and scan the contents of hard drives and computer memory for viruses. Some, however, must be constantly running and located in the computer's memory. In doing so, they try to keep track of all running tasks.

Methods for detecting and removing computer viruses.

Methods for countering computer viruses can be divided into several groups:

· Prevention of viral infection and reduction of the expected damage from such infection;

· Methods of using anti-virus programs, including neutralization and removal of a known virus;

Ways to detect and remove an unknown virus:

· Prevention of computer infection;

· Recovery of damaged objects;

· Antivirus programs.

Prevention of computer infection.

In order to determine the basic rules of computer hygiene, it is necessary to find out the main ways of penetration of the virus into the computer and computer networks.

Recovery of damaged objects

The main breeding ground for the massive spread of a virus in a computer is:

· Weak security of the operating system (OS);

· Availability of varied and fairly complete documentation on OC and hardware used by the authors of viruses;

· Wide distribution of this OS and this "hardware".

Information security software and hardware. Hardware and software for information security of the enterprise Software protection includes

Send your good work in the knowledge base is simple. Use the form below

2.2 Types of information security hardware

Similar documents

Information security tools

Information protection of information

Information security systems

Information security technologies

Technical information protection

Organization of information protection

Data protection information

Information access protection

Cryptographic information protection

Information protection requirements

Information security methods

Protection of information of Russia

Protection of information from unauthorized access

Information leakage protection

Development of information security

Protection of personal information

The essence of information protection

Information security objects

Software protection of information

3.1 Means of archiving information

3.2 Antivirus programs