Menu
Is free
registration
home  /  Advice/ Software and technical means of protection. Information security tools Information security software

Software and technical means of protection. Information security tools Information security software

Information protection in computer systems has a number of specific features associated with the fact that information is not rigidly connected to the carrier, can be easily and quickly copied and transmitted through communication channels. A very large number of information threats are known that can be implemented by both external and internal intruders. Problems arising with the security of information transmission when working in computer networks can be divided into three main types: - interception of information - the integrity of information is preserved, but its confidentiality is violated; - information modification - the original message is changed or completely replaced by another and sent to the addressee; - substitution of authorship of information. This problem can have serious consequences. For example, someone can send an email on your behalf (this type of deception is commonly called spoofing), or a Web server can pretend to be an online store, accept orders, credit card numbers, but not send any items. Studies of the practice of functioning of data processing systems and computer systems have shown that there are many possible directions of information leakage and ways of unauthorized access in systems and networks. Among them:

    Reading residual information in the system memory after executing authorized requests;

    Copying information carriers and information files with overcoming security measures;

    Disguise as a registered user;

    Disguise as a system request;

    Using software traps;

    Using the flaws of the operating system;

    Illegal connection to equipment and communication lines;

    Malicious disabling of protection mechanisms;

    The introduction and use of computer viruses.

Ensuring the security of information in the aircraft and in autonomously operating personal computers is achieved by a complex of organizational, organizational, technical, technical and software measures. Organizational measures to protect information include:

    Restricting access to premises where information is prepared and processed;

    Only verified officials are allowed to process and transmit confidential information;

    Storage of electronic media and registration logs in safes closed for unauthorized access;

    Exclusion of viewing by unauthorized persons the content of processed materials through the display, printer, etc .;

    Use of cryptographic codes when transmitting valuable information through communication channels;

    Destruction of ink ribbons, paper and other materials containing fragments of valuable information.

  1. Cryptographic information protection.

TO Riptographic methods of information protection are special methods of encryption, encoding or other transformation of information, as a result of which its content becomes inaccessible without the presentation of the cryptogram key and reverse transformation. The cryptographic method of protection is undoubtedly the most reliable method of protection, since the information itself is protected directly, and not access to it (for example, an encrypted file cannot be read even if the medium is stolen). This protection method is implemented in the form of programs or software packages.

Modern cryptography includes four major sections:

    Symmetric cryptosystems... In symmetric cryptosystems, the same key is used for both encryption and decryption. (Encryption is a transformation process: the original text, which is also called plain text, is replaced by cipher text, decryption is the reverse process to encryption. Based on the key, the cipher text is converted into the original);

    Public key cryptosystems... Public key systems use two keys, public and private, which are mathematically related to each other. Information is encrypted using a public key, which is available to everyone, and decrypted using a private key known only to the recipient of the message. (The key is information necessary for unhindered encryption and decryption of texts.);

    Electronic signature... Electronic signature system. is called its cryptographic transformation attached to the text, which allows, when the text is received by another user, to verify the authorship and authenticity of the message.

    Key management... This is the process of an information processing system, the content of which is the compilation and distribution of keys between users.

O The main directions of using cryptographic methods are the transfer of confidential information through communication channels (for example, e-mail), the authentication of transmitted messages, the storage of information (documents, databases) on media in an encrypted form.

Information security software means special programs included in the KS software exclusively for performing protective functions.

The main software tools for protecting information include:

  • * programs for identification and authentication of KS users;
  • * programs for differentiating user access to the resources of the COP;
  • * information encryption programs;
  • * programs for the protection of information resources (system and application software, databases, computer teaching aids, etc.) from unauthorized changes, use and copying.

It should be understood that identification, in relation to ensuring the information security of the CU, is understood as the unambiguous recognition of the unique name of the CU subject. Authentication means confirmation that the presented name corresponds to the given subject (confirmation of the identity of the subject) 5.

Also, information security software includes:

  • * programs for the destruction of residual information (in blocks of RAM, temporary files, etc.);
  • * programs for auditing (maintaining logs) of events related to the safety of the compressor station, to ensure the possibility of recovery and proof of the fact of these events;
  • * programs for simulating work with an offender (distracting him to receive allegedly confidential information);
  • * programs for test control of the security of the KS, etc.

The advantages of information security software include:

  • * ease of replication;
  • * flexibility (the ability to customize for various conditions of use, taking into account the specifics of threats to information security of specific CS);
  • * ease of use - some software tools, for example encryption, work in a "transparent" (invisible to the user) mode, while others do not require any new (compared to other programs) skills from the user;
  • * almost unlimited opportunities for their development by making changes to take into account new threats to information security.

Rice. 4

Rice. 5

The disadvantages of information security software include:

  • * decrease in the efficiency of the COP due to the consumption of its resources required for the functioning of protection programs;
  • * lower performance (compared to performing similar functions hardware protection, such as encryption);
  • * the docking of many software protection tools (and not their arrangement in the software of the CS, Fig. 4 and 5), which creates a fundamental possibility for an intruder to bypass them;
  • * the possibility of malicious changes in software protection during the operation of the CS.

Operating system security

The operating system is the most important software component of any computer, therefore, the overall security of the information system largely depends on the level of implementation of the security policy in each specific OS.

The family of operating systems Windows 2000, Millenium are clones, originally oriented to work in home computers. These operating systems use protected mode privilege levels, but do not do any additional checks and do not support security descriptor systems. As a result, any application can access the entire amount of available RAM with both read and write rights. Network security measures are present, however, their implementation is not up to par. Moreover, in the version of Windows XP, a fundamental mistake was made that allowed the computer to freeze in just a few packets remotely, which also significantly undermined the OS's reputation; in subsequent versions, many steps were taken to improve the network security of this clone6.

The generation of operating systems Windows Vista, 7 is already a much more reliable development from MicroSoft. They are truly multi-user systems that reliably protect the files of various users on the hard disk (however, data is not encrypted, and the files can be read without problems by booting from the disk of another operating system - for example, MS-DOS). These operating systems actively use the protected mode capabilities of Intel processors, and can reliably protect data and process code from other programs, unless the process itself wants to provide additional access to them from outside the process.

Over a long time of development, many different network attacks and security errors have been taken into account. Corrections to them were issued in the form of service packs.

Another branch of clones grows from the UNIX operating system. This OS was originally developed as a network and multiuser, and therefore immediately contained information security tools. Almost all widespread UNIX clones have come a long way of development and, as they modified, took into account all the attack methods discovered during this time. They have proven themselves enough: LINUX (S.U.S.E.), OpenBSD, FreeBSD, Sun Solaris. Naturally, everything that has been said applies to the latest versions of these operating systems. The main errors in these systems are no longer related to the kernel, which works flawlessly, but to system and application utilities. The presence of errors in them often leads to the loss of the entire safety margin of the system.

Main components:

The local security administrator is responsible for unauthorized access, verifies the user's login credentials, maintains:

Audit - checking the correctness of user actions

Account Manager - database support for users of their actions and interaction with the system.

Security monitor - checks if the user has sufficient access rights to the object

Audit log - contains information about user logins, records work with files and folders.

Authentication Package - analyzes system files to ensure that they have not been replaced. MSV10 is the default package.

Windows XP has been updated with:

you can assign passwords for backup copies

file replacement protection

demarcation system ... by entering a password and creating a user account. Archiving can be performed by a user who has such rights.

NTFS: control access to files and folders

In XP and 2000 - more complete and deep differentiation of user access rights.

EFS - provides encryption and decryption of information (files and folders) to restrict access to data.

Cryptographic protection methods

Cryptography is the science of securing data. She is looking for solutions to four important security problems - confidentiality, authentication, integrity, and control of the participants in the interaction. Encryption is the transformation of data into an unreadable form using encryption-decryption keys. Encryption allows you to ensure confidentiality by keeping information secret from those to whom it is not intended.

Cryptography is engaged in the search and study of mathematical methods for transforming information (7).

Modern cryptography includes four major sections:

symmetric cryptosystems;

public key cryptosystems;

electronic signature systems;

key management.

The main directions of using cryptographic methods are the transfer of confidential information through communication channels (for example, e-mail), the authentication of transmitted messages, the storage of information (documents, databases) on media in encrypted form.

Disk encryption

An encrypted disk is a container file that can contain any other files or programs (they can be installed and run directly from this encrypted file). This disk is accessible only after entering the password for the container file - then another disk appears on the computer, recognized by the system as logical and working with which does not differ from working with any other disk. After disconnecting the disk, the logical disk disappears, it simply becomes "invisible".

Today the most common programs for creating encrypted disks are DriveCrypt, BestCrypt and PGPdisk. Each of them is reliably protected from remote hacking.

Common features of the programs: (8)

  • - all changes to the information in the container file occur first in the RAM, i.e. the hard drive remains encrypted at all times. Even if the computer freezes, the secret data remains encrypted;
  • - programs can block a hidden logical drive after a certain period of time;
  • - all of them are suspicious of temporary files (swap files). It is possible to encrypt all confidential information that could get into the swap file. A very effective method of hiding information stored in a swap file is to disable it altogether, while not forgetting to increase the computer's RAM;
  • - the physics of the hard disk is such that even if you overwrite some data with others, the previous record will not be completely erased. With the help of modern means of magnetic microscopy (Magnetic Force Microscopy - MFM), they can still be restored. With these programs, you can reliably delete files from your hard drive without leaving any traces of their existence;
  • - all three programs save confidential data in a securely encrypted form on the hard disk and provide transparent access to this data from any application program;
  • - they protect encrypted container files from accidental deletion;
  • - do an excellent job with Trojans and viruses.

User identification methods

Before accessing the aircraft, the user must identify himself, and the network security mechanisms then authenticate the user, that is, they check whether the user is really who he claims to be. In accordance with the logical model of the protection mechanism, the aircraft are located on a working computer to which the user is connected through his terminal or in some other way. Therefore, identification, authentication and authorization procedures are performed at the start of a session on the local work computer.

Subsequently, when various network protocols are installed and prior to gaining access to network resources, identification, authentication and authorization procedures can be re-activated on some remote desktop computers to accommodate the required resources or network services.

When a user starts working on a computing system using a terminal, the system asks for his name and identification number. In accordance with the answers of the user, the computer system makes his identification. In a network, it is more natural for interconnected entities to identify each other.

Passwords are just one way to authenticate. There are other ways:

  • 1. Predefined information at the disposal of the user: password, personal identification number, agreement on the use of special encrypted phrases.
  • 2. Elements of hardware at the disposal of the user: keys, magnetic cards, microcircuits, etc.
  • 3. Typical personal characteristics of the user: fingerprints, drawing of the retina, size of the figure, timbre of voice and other more complex medical and biochemical properties.
  • 4. Typical techniques and features of user behavior in real time: features of dynamics, style of work on the keyboard, reading speed, ability to use manipulators, etc.
  • 5. Habits: the use of specific computer templates.
  • 6. User skills and knowledge due to education, culture, training, background, upbringing, habits, etc.

If someone wishes to log into a computer system through a terminal or perform a batch job, the computer system must authenticate the user. The user himself usually does not authenticate the computing system. If the authentication procedure is one-way, such a procedure is called one-way object authentication (9).

Specialized software for information security.

Specialized software tools for protecting information from unauthorized access have, on the whole, better capabilities and characteristics than the built-in tools of a network operating system. In addition to encryption programs, there are many other external security tools available. Of the most frequently mentioned, the following two systems should be noted, which make it possible to restrict information flows.

Firewalls - firewalls (literally firewall - wall of fire). Between the local and global networks, special intermediate servers are created that inspect and filter all network / transport layer traffic passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger at all. A more secure version of the method is masquerading, when all traffic outgoing from the local network is sent on behalf of the firewall server, making the local network practically invisible.

Proxy-servers (proxy - power of attorney, trusted person). All network / transport layer traffic between the local and global networks is completely prohibited - there is simply no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, with this method, calls from the global network to the local one become impossible in principle. It is also obvious that this method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java code and JavaScript).

Let's take a closer look at how the firewall works. It is a method of protecting a network from security threats from other systems and networks by centralizing and controlling network access through hardware and software. A firewall is a security barrier made up of several components (for example, a router or gateway that runs the firewall software). The firewall is configured according to the organization's internal network access control policy. All incoming and outgoing packets must go through a firewall that only allows authorized packets to pass.

A packet filtering firewall is a router or computer that is running software that is configured to reject certain types of incoming and outgoing packets. Packet filtering is carried out based on the information contained in the TCP and IP headers of packets (addresses of the sender and recipient, their port numbers, etc.).

Expert-level firewall - checks the contents of received packets at three layers of the OSI model - network, session and application. To accomplish this task, special packet filtering algorithms are used to compare each packet against a known pattern of authorized packets.

The creation of a firewall is related to the solution of the problem of shielding. The formal setting of the screening problem is as follows. Let there are two sets of information systems. A screen is a means of differentiating access of clients from one set to servers from another set. The screen performs its functions by controlling all information flows between two sets of systems (Fig. 6). Controlling streams consists in filtering them, possibly performing some transformations.

At the next level of detail, the screen (semi-permeable membrane) is conveniently thought of as a sequence of filters. Each of the filters, after analyzing the data, can delay (not skip) them, and can immediately "throw" off the screen. In addition, it is allowed to transform data, transfer a portion of data to the next filter to continue the analysis, or process data on behalf of the addressee and return the result to the sender (Fig. 7).


Rice. 7

In addition to the functions of access control, the screens record the exchange of information.

Usually the screen is not symmetrical, the terms "inside" and "outside" are defined for it. In this case, the problem of shielding is formulated as protecting the inner area from the potentially hostile outer one. So, firewalls (FW) are most often installed to protect the corporate network of an organization with Internet access.

Shielding helps maintain the availability of back-end services by reducing or eliminating the load caused by outside activity. The vulnerability of internal security services is reduced because the attacker initially has to overcome a screen where defense mechanisms are particularly carefully configured. In addition, the shielding system, in contrast to the universal one, can be arranged in a simpler and, therefore, safer way.

Shielding also makes it possible to control information flows directed to the external area, which contributes to maintaining the confidentiality regime in the organization's IS.

The shielding can be partial, protecting certain information services (for example, e-mail shielding).

A bounding interface can also be thought of as a kind of escaping. An invisible object is difficult to attack, especially with a fixed set of means. In this sense, the Web interface is naturally secure, especially when hypertext documents are generated dynamically. Each user sees only what he is supposed to see. An analogy can be drawn between dynamically generated hypertext documents and representations in relational databases, with the essential caveat that in the case of the Web, the possibilities are much wider.

The shielding role of a Web service is also clearly manifested when this service mediates (more precisely, integrates) functions when accessing other resources, such as database tables. It not only controls the flow of requests, but also hides the real organization of the data.

Architectural security aspects

It is not possible to fight the threats inherent in the network environment using universal operating systems. A generic OS is a huge program, probably containing, in addition to obvious errors, some features that can be used to illegally gain privileges. Modern programming technology does not allow making such large programs safe. In addition, an administrator dealing with a complex system is not always able to take into account all the consequences of the changes made. Finally, in a universal multi-user system, security holes are constantly created by the users themselves (weak and / or rarely changed passwords, poorly set access rights, an unattended terminal, etc.). The only promising way is associated with the development of specialized security services, which, due to their simplicity, allow formal or informal verification. The firewall is just such a tool that allows further decomposition associated with servicing various network protocols.

The firewall is located between the protected (internal) network and the external environment (external networks or other segments of the corporate network). In the first case, they talk about the external ME, in the second - about the internal. Depending on your point of view, an external firewall can be considered the first or last (but by no means the only) line of defense. The first is when you look at the world through the eyes of an external attacker. The latter - if we strive to protect all components of the corporate network and prevent illegal actions of internal users.

A firewall is the ideal place to embed active auditing. On the one hand, both at the first and at the last defensive line, identifying suspicious activity is important in its own way. On the other hand, ME is capable of realizing an arbitrarily powerful reaction to suspicious activity, up to the severing of communication with the external environment. However, you need to be aware that connecting two security services can, in principle, create a hole conducive to availability attacks.

It is advisable to assign to the firewall the identification / authentication of external users who need access to corporate resources (with support for the concept of single sign-on to the network).

Due to the principles of defense separation, two-piece shielding is usually used to protect external connections (see Figure 8). Primary filtering (for example, blocking SNMP control protocol packets, dangerous with attacks on availability, or packets with certain IP addresses included in the "black list") is carried out by the border router (see also the next section), behind which is the so-called demilitarized zone ( a network with moderate security trust, where external information services of the organization are taken - Web, e-mail, etc.) and the main ME that protects the internal part of the corporate network.

In theory, a firewall (especially an internal one) should be multi-protocol, but in practice the dominance of the TCP / IP protocol family is so great that support for other protocols seems to be an overkill, harmful to security (the more complex the service, the more vulnerable it is).


Rice. eight

Generally speaking, both external and internal firewalls can become a bottleneck as the volume of network traffic tends to grow rapidly. One of the approaches to solving this problem involves dividing the ME into several hardware parts and organizing specialized intermediary servers. The main firewall can roughly classify incoming traffic by type and delegate filtering to appropriate intermediaries (for example, an intermediary that analyzes HTTP traffic). Outbound traffic is first processed by an intermediary server, which can also perform functionally useful actions, such as caching pages of external Web servers, which reduces the load on the network in general and the main FW in particular.

Situations when a corporate network contains only one external channel are the exception rather than the rule. In contrast, a typical situation is in which a corporate network consists of several geographically dispersed segments, each of which is connected to the Internet. In this case, each connection must be protected by its own screen. More precisely, we can assume that the corporate external firewall is composite, and it is required to solve the problem of consistent administration (management and audit) of all components.

The opposite of composite corporate MEs (or their components) are personal firewalls and personal shielding devices. The first are software products that are installed on personal computers and only protect them. The latter are implemented on separate devices and protect a small local area network such as a home office network.

When deploying firewalls, one should observe the principles of architectural security discussed earlier, first of all, taking care of simplicity and manageability, the separation of defense, as well as the impossibility of transitioning to an unsafe state. In addition, not only external but also internal threats should be taken into account.

Systems for archiving and duplicating information

The organization of a reliable and efficient data archiving system is one of the most important tasks to ensure the safety of information on the network. In small networks where one or two servers are installed, it is most often used to install the archiving system directly into free server slots. In large corporate networks, it is most preferable to organize a dedicated dedicated archive server.

Such a server automatically archives information from hard disks of servers and workstations at the time specified by the administrator of the local computer network, issuing a report on the backup.

The storage of archival information of particular value should be organized in a special guarded room. Experts recommend storing duplicate archives of the most valuable data in another building, in case of fire or natural disaster. To ensure data recovery in case of failures of magnetic disks, disk array systems are most often used - groups of disks operating as a single device that comply with the RAID (Redundant Arrays of Inexpensive Disks) standard. These arrays provide the fastest write / read data rates, the ability to fully recover data and replace failed drives in a hot mode (without turning off the rest of the drives in the array).

The organization of disk arrays provides for various technical solutions implemented at several levels:

RAID level 0 allows you to easily split the data stream between two or more drives. The advantage of this solution is that I / O speed increases in proportion to the number of disks in the array.

RAID level 1 consists of organizing so-called "mirrored" disks. During data recording, the information on the main disk of the system is duplicated on the mirrored disk, and if the main disk fails, the "mirrored" disk is immediately turned on.

RAID levels 2 and 3 provide for the creation of parallel disk arrays, when written to which data is spread across the disks at a bit level.

RAID levels 4 and 5 are a modification of the zero level, in which the data stream is distributed across the disks of the array. The difference is that at level 4 a special disk is allocated for storing redundant information, and at level 5 the redundant information is distributed across all disks in the array.

Improving the reliability and data protection in the network, based on the use of redundant information, is implemented not only at the level of individual network elements, such as disk arrays, but also at the network operating system level. For example, Novell implements fault-tolerant versions of the Netware operating system - SFT (System Fault Tolerance):

  • - SFT Level I. The first level provides for the creation of additional copies of FAT and Directory Entries Tables, immediate verification of each newly written data block to the file server, as well as backing up on each hard disk about 2% of the disk space.
  • - SFT Level II additionally contained the ability to create "mirrored" drives, as well as duplication of disk controllers, power supplies and interface cables.
  • - The SFT Level III version allows the use of duplicated servers in the local network, one of which is the "master", and the second, containing a copy of all information, comes into operation if the "master" server fails.

Security analysis

The security analysis service is designed to identify vulnerabilities in order to quickly eliminate them. By itself, this service does not protect against anything, but it helps to detect (and eliminate) security gaps before an attacker can exploit them. First of all, I mean not architectural (they are difficult to eliminate), but "operational" gaps that appeared as a result of administration errors or due to inattention to updating software versions.

Security analysis systems (also called security scanners), like the active audit tools discussed above, are based on the accumulation and use of knowledge. This refers to knowing about security gaps: how to look for them, how serious they are, and how to address them.

Accordingly, the core of such systems is the base of vulnerabilities, which determines the available range of capabilities and requires almost constant updating.

In principle, gaps of a very different nature can be detected: the presence of malware (in particular, viruses), weak user passwords, poorly configured operating systems, unsafe network services, uninstalled patches, application vulnerabilities, etc. However, the most effective are network scanners (obviously due to the dominance of the TCP / IP protocol family), as well as anti-virus tools (10). We classify anti-virus protection as a security analysis tool, not counting it as a separate security service.

Scanners can identify vulnerabilities both by passive analysis, that is, by examining configuration files, used ports, etc., and by imitating the actions of an attacker. Some vulnerabilities found can be eliminated automatically (for example, disinfection of infected files), others are reported to the administrator.

The control provided by security analysis systems is reactive, lagging in nature, it does not protect against new attacks, but it should be remembered that the defense must be echeloned, and security control is quite adequate as one of the lines. It is known that the vast majority of attacks are routine in nature; they are only possible because known security holes remain unresolved for years.

Data protection in computer networks is becoming one of the most pressing problems in modern computer science. To date, three basic principles of information security have been formulated, which should ensure:

Data integrity - protection against failures leading to loss of information, as well as unauthorized creation or destruction of data;

Confidentiality of information and, at the same time,

It should also be noted that certain areas of activity (banking and financial institutions, information networks, government systems, defense and special structures) require special data security measures and place increased demands on the reliability of information systems.

When considering the problems of data protection in the network, first of all, the question arises about the classification of failures and access violations that can lead to the destruction or unwanted modification of data. Among these potential "threats" are:

1. Hardware failures:

Cabling system failures;

Power outages;

Disk system crashes;

Failures of data archiving systems;

Crashes of servers, workstations, network cards, etc .;

2. Loss of information due to incorrect software operation:

Loss or change of data in case of software errors;

Losses when the system is infected with computer viruses;

3. Losses associated with unauthorized access:

Unauthorized copying, destruction or falsification of information;

Familiarization with confidential information constituting a secret of unauthorized persons;

4. Loss of information associated with incorrect storage of archived data.

5. Errors of service personnel and users.

Accidental destruction or alteration of data;

Incorrect use of software and hardware, leading to the destruction or alteration of data.

Depending on the possible types of network disruptions, numerous types of information protection are grouped into three main classes:

Physical protection equipment, including cable system protection, power supply systems, archiving facilities, disk arrays, etc.

Security software, including: anti-virus programs, systems of differentiation of powers, software access control.

Administrative safeguards, including controlling access to premises, developing a firm's security strategy, contingency plans, etc.

It should be noted that such a division is rather arbitrary, since modern technologies are developing in the direction of a combination of software and hardware protection means.

Systems for archiving and duplicating information

The organization of a reliable and efficient data archiving system is one of the most important tasks to ensure the safety of information on the network. In small networks where one or two servers are installed, it is most often used to install the archiving system directly into free server slots. In large corporate networks, it is most preferable to organize a dedicated dedicated archive server.

Such a server automatically archives information from hard disks of servers and workstations at the time specified by the administrator of the local computer network, issuing a report on the backup. This provides control over the entire archiving process from the administrator's console, for example, you can specify specific volumes, directories, or individual files that need to be archived.

It is also possible to organize automatic archiving upon the occurrence of an event ("event driven backup"), for example, when receiving information that there is little free space left on the hard disk of a server or workstation, or when one of the "mirror" drives on a file server.

To ensure data recovery in case of failures of magnetic disks, disk array systems are most often used - groups of disks operating as a single device that comply with the RAID (Redundant Arrays of Inexpensive Disks) standard.

Protection from computer viruses

Today, in addition to the thousands of already known viruses, 100-150 new strains appear every month. The most common methods of protecting against viruses to this day are various antivirus programs.

However, in recent years, a combination of software and hardware protection methods has been increasingly used as a promising approach to protecting against computer viruses. Among the hardware devices of this kind, one can note special anti-virus cards that are inserted into standard computer expansion slots.

Protection against unauthorized access

The problem of protecting information from unauthorized access has become especially acute with the widespread use of local and, especially, global computer networks. It should also be noted that often the damage is caused not because of "malicious intent", but because of elementary user errors that accidentally spoil or delete vital data. In this regard, in addition to access control, a necessary element of information protection in computer networks is the differentiation of user rights.

In computer networks, when organizing access control and differentiation of user rights, the built-in tools of network operating systems are most often used.

There are many possible directions of information leakage and unauthorized access routes in systems and networks. Among them:

reading residual information in the system memory after executing authorized requests;

· Copying of information carriers and information files with overcoming protection measures;

· Disguise as a registered user;

· Disguise under the request of the system;

· Use of software traps;

· Exploiting the flaws of the operating system;

· Illegal connection to equipment and communication lines;

· Malicious disabling of protection mechanisms;

· Introduction and use of computer viruses.

Information security is achieved by a complex of organizational, organizational, technical, technical and software measures.

Organizational measures information protection include:

· Restriction of access to premises where information is prepared and processed;

· Admission to the processing and transfer of confidential information only verified officials;

· Storage of magnetic carriers and registration logs in safes closed for unauthorized access;

· Exclusion of viewing by unauthorized persons the content of processed materials through the display, printer, etc .;

· Use of cryptographic codes when transmitting valuable information through communication channels;

· Destruction of ink ribbons, paper and other materials containing fragments of valuable information.

Organizational and technical measures information protection include:

· Power supply of equipment that processes valuable information from an independent power source or through special power filters;

· Installation of coded locks on the doors of premises;

· Use for displaying information during input-output of liquid crystal or plasma displays, and for obtaining hard copies - inkjet printers and thermal printers, since the display gives such high-frequency electromagnetic radiation that the image from its screen can be received at a distance of several hundred kilometers;

· Destruction of information when writing off or sending a computer for repair;

· Installation of the keyboard and printers on soft gaskets in order to reduce the possibility of acquiring information by an acoustic method;

· Limitation of electromagnetic radiation by shielding rooms where information is processed with sheets of metal or special plastic.

Technical means information protection is a system for protecting territories and premises by shielding machine rooms and organizing access control systems. Protection of information in networks and computing facilities with the help of technical means is implemented on the basis of organizing access to memory using:

· Access control to various levels of computer memory;

· Blocking data and entering keys;

Allocation of control bits for records for identification purposes, etc.

Software architecture information protection includes:

· Security control, including control of registration of entry into the system, fixation in the system log, control of user actions;

· Reaction (including sound) to violation of the protection system of access control to network resources;

· Control of access credentials;

· Formal security control of operating systems (basic system-wide and network);

· Control of protection algorithms;

· Verification and confirmation of the correct functioning of the hardware and software.

To reliably protect information and identify cases of unauthorized actions, the system is registered: special diaries and protocols are created in which all actions related to the protection of information in the system are recorded. Special programs are also used to test the protection system. Periodically or at randomly selected points in time, they check the functionality of the hardware and software protection.

A separate group of measures to ensure the safety of information and identify unauthorized inquiries includes programs for detecting violations in real time. The programs of this group generate a special signal when registering actions that can lead to illegal actions in relation to the protected information. The signal may contain information about the nature of the violation, the place of its occurrence and other characteristics. In addition, programs can deny access to protected information or simulate such an operating mode (for example, instant loading of input-output devices), which will identify the intruder and detain him by the appropriate service.

One of the most common methods of protection is to explicitly indicate the secrecy of the information being displayed. This requirement is implemented using appropriate software tools.

By equipping the server or network workstations, for example, with a smart card reader and special software, you can significantly increase the level of protection against unauthorized access. In this case, to access the computer, the user must insert a smart card into the reader and enter his personal code.

Access control smart cards allow you to realize, in particular, such functions as control of the entrance, access to devices of a personal computer, access to programs, files and commands.

In bridges and routers of remote access, packet segmentation is used - their separation and transmission in parallel over two lines - which makes it impossible to "intercept" data when a "hacker" illegally connects to one of the lines. In addition, the procedure of compressing the transmitted packets used during data transmission guarantees the impossibility of decrypting the "intercepted" data. In addition, remote access bridges and routers can be programmed so that remote users are restricted from accessing certain resources on the main office network.

Security mechanisms

1. Cryptography.

To ensure secrecy, encryption, or cryptography, is used, which allows data to be transformed into an encrypted form, from which the original information can be extracted only if a key is available.

Encryption is based on two basic concepts: an algorithm and a key. An algorithm is a way to encode the original text, resulting in an encrypted message. An encrypted message can only be interpreted with a key.

All elements of protection systems are divided into two categories - durable and easily replaceable. Permanent elements are those elements that relate to the development of protection systems and require the intervention of specialists or developers to change. Easily replaceable elements include system elements that are designed for arbitrary modification or modification according to a predetermined rule based on randomly selected initial parameters. Easily replaceable items include, for example, key, password, identification, etc.

The secrecy of information is ensured by the introduction of special keys (codes) into the algorithms. There are two significant advantages to using a key for encryption. First, you can use one algorithm with different keys to send messages to different recipients. Secondly, if the secret of the key is violated, it can be easily replaced without changing the encryption algorithm. Thus, the security of encryption systems depends on the secrecy of the key used, and not on the secrecy of the encryption algorithm.

It is important to note that the increasing productivity of technology leads to a decrease in the time it takes to break keys, and security systems have to use longer keys, which, in turn, leads to an increase in encryption costs.

Since such an important place in encryption systems is given to the secrecy of the key, the main problem of such systems is the generation and transmission of the key.

There are two main encryption schemes: symmetric encryption (also sometimes called traditional or secret key encryption) and public key encryption (sometimes called asymmetric encryption).

With symmetric encryption, the sender and receiver have the same key (secret) with which they can encrypt and decrypt data.

Electronic signature

With the help of an electronic signature, the recipient can verify that the message received by him was sent not by a third party, but by a sender who has certain rights. Electronic signatures are created by encrypting the checksum and additional information using the sender's private key. Thus, anyone can decrypt the signature using the public key, but only the owner of the private key can correctly create the signature. To protect against interception and reuse, the signature includes a unique number - a sequence number.

Authentication

Authentication is one of the most important components of securing information on a network. Before a user is given the right to receive a particular resource, it is necessary to make sure that he is really who he claims to be.

When a request for using a resource is received on behalf of any user, the server providing this resource transfers control to the authentication server. After receiving a positive response from the authentication server, the user is provided with the requested resource.

Authentication uses, as a rule, the principle called “what he knows” - the user knows a secret word that he sends to the authentication server in response to his request. One of the authentication schemes is to use standard passwords. Password - entered by him at the beginning of a session of interaction with the network, and sometimes at the end of the session (in especially critical cases, the password for a normal exit from the network may differ from the input one). This scheme is the most vulnerable from a security point of view - the password can be intercepted and used by another person.

The most commonly used schemes are one-time passwords. Even if intercepted, this password will be useless at the next registration, and getting the next password from the previous one is extremely difficult. To generate one-time passwords, both software and hardware generators are used, which are devices inserted into a computer slot. Knowledge of the secret word is necessary for the user to activate this device.

Protecting networks

In recent years, corporate networks are increasingly included in the Internet, or even use it as their basis. Firewalls are used to protect corporate information networks. Firewalls are a system or combination of systems that allows you to divide a network into two or more parts and enforce a set of rules that determine the conditions for packets to pass from one part to another. As a rule, this boundary is drawn between the local network of the enterprise and the INTERNETOM, although it can also be drawn internally. However, it is not profitable to protect individual computers, so they usually protect the entire network. The firewall allows all traffic to pass through itself and for each passing packet makes a decision - to let it through or to drop it. A set of rules is defined for the firewall to make these decisions.

A firewall can be implemented both in hardware (that is, as a separate physical device), or as a special program running on a computer.

Typically, changes are made to the operating system that the firewall is running to improve the protection of the firewall itself. These changes affect both the OS kernel and the corresponding configuration files. The firewall itself is not allowed to have user sections, and therefore potential holes - only the admin section.

Some firewalls only work in single user mode, and many have a code integrity check system.

A firewall usually has several different components, including filters or shields, that block some of the traffic from passing through.

All firewalls can be classified into two types:

· Packet filters, which filter IP packets by means of filtering routers;

· Application-level servers that block access to certain services on the network.

Thus, a firewall can be defined as a collection of components or a system that sits between two networks and has the following properties:

· All traffic from the internal network to the external and from the external network to the internal must go through this system;

· Only traffic defined by the local protection strategy can pass through this system;

In the first part of the "Fundamentals of Information Security" we examined the main types of threats to information security. In order for us to start choosing the means of protecting information, it is necessary to consider in more detail what can be attributed to the concept of information.

Information and its classification

There are many definitions and classifications of "Information". The shortest and at the same time capacious definition is given in the federal law of July 27, 2006 No. 149-FZ(as amended on July 29, 2017), article 2: Information is information (messages, data), regardless of the form of their presentation. "

Information can be classified into several types and, depending on the category of access to it, is subdivided into publicly available information, as well as information, access to which is limited - confidential data and state secrets.

Information, depending on the procedure for its provision or distribution, is subdivided into information:

  1. Freely redistributable
  2. Provided by agreement of persons involved in the relevant relationship
  3. Which in accordance with federal laws to be made available or distributed
  4. Distribution, which in the Russian Federation limited or prohibited
Appointment information is of the following types:
  1. Mass- contains trivial information and operates with a set of concepts that are understood by most of the society.
  2. Special- contains a specific set of concepts that may not be understood by the bulk of society, but are necessary and understandable within the narrow social group where this information is used.
  3. Secret- access to which is provided to a narrow circle of people and through closed (protected) channels.
  4. Personal (private)- a set of information about a person, which determines the social status and types of social interactions.
Information protection means must be applied directly to information to which access is limited - this is state secrets and confidential data.

According to the law of the Russian Federation of July 21, 1993 N 5485-1 (as amended on 03/08/2015) "On state secrets" Article 5. "List of information constituting a state secret" refers to:

  1. Information in the military field.
  2. Information in the field of economics, science and technology.
  3. Information in the field of foreign policy and economics.
  4. Information in the field of intelligence, counterintelligence and operational-search activities, as well as in the field of countering terrorism and in the field of ensuring the security of persons in respect of whom a decision has been made to apply state protection measures.
The list of information that may constitute confidential information is contained in presidential decree of March 6, 1997 №188 (as amended on July 13, 2015) “On approval of the list of confidential information”.

Confidential data- this is information, access to which is limited in accordance with the laws of the state and the norms that the company sets independently. The following types of confidential data can be distinguished:

  • Personal confidential data: Information about the facts, events and circumstances of the private life of a citizen, allowing his identity (personal data) to be identified, with the exception of information subject to dissemination in the media in cases established by federal laws. The only exception is information that is disseminated in the media.
  • Service confidential data: Official information, access to which is limited by state authorities in accordance with the Civil Code of the Russian Federation and federal laws (official secret).
  • Forensic confidential data: On the state protection of judges, officials of law enforcement and regulatory bodies. On state protection of victims, witnesses and other participants in criminal proceedings. Information contained in the personal files of convicts, as well as information on the compulsory execution of judicial acts, acts of other bodies and officials, except for information that is publicly available in accordance with Federal Law No. 229-FZ of October 2, 2007 "On Enforcement Proceedings" ...
  • Commercial confidential data: all types of information related to commerce (profit) and access to which is limited by law or information about the essence of an invention, utility model or industrial design prior to the official publication of information about them by the enterprise (secret developments, production technologies, etc.).
  • Professional confidential data: Information related to professional activities, access to which is limited in accordance with the Constitution of the Russian Federation and federal laws (medical, notarial, attorney's secrets, secrecy of correspondence, telephone conversations, mailings, telegraph or other messages, and so on)


Figure 1. Classification of types of information.

Personal Information

Separately, it is worth paying attention and considering personal data. According to the federal law of 27.07.2006 No. 152-FZ(as amended on July 29, 2017) "On personal data", article 4: Personal Information Is any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).

The operator of personal data is- a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

Personal data processing- any action (operation) or a set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

The rights to process personal data are enshrined in the regulations on state bodies, federal laws, licenses for working with personal data issued by Roskomnadzor or FSTEC.

Companies that professionally work with personal data of a wide range of people, for example, hosting companies of virtual servers or telecom operators, must enter the register, which is maintained by Roskomnadzor.

For example, our hosting of virtual servers VPS.HOUSE operates within the framework of the legislation of the Russian Federation and in accordance with the licenses of the Federal Service for Supervision of Communications, Information Technology and Mass Media No. 139322 dated December 25, 2015 (Telematic communication services) and No. 139323 dated December 25 .2015 (Communication services for data transmission, excluding communication services for data transmission for the purpose of transmitting voice information).

Based on this, any site that has a user registration form, in which information related to personal data is indicated and subsequently processed, is the operator of personal data.

Taking into account article 7 of the law No. 152-FZ"On personal data", operators and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law. Accordingly, any operator of personal data is obliged to ensure the necessary security and confidentiality of this information.

In order to ensure the security and confidentiality of information, it is necessary to determine what media are available, access to which is open and closed. Accordingly, methods and means of protection are also selected depending on the type of media.

Main storage media:

  • Print and electronic media, social networks, other resources on the Internet;
  • Employees of the organization who have access to information on the basis of their friendships, family, professional ties;
  • Communication facilities that transmit or store information: telephones, automatic telephone exchanges, other telecommunication equipment;
  • Documents of all types: personal, official, government;
  • Software as an independent information object, especially if its version has been modified specifically for a specific company;
  • Electronic storage media that process data in an automatic manner.
Having determined what information is subject to protection, information carriers and possible damage during its disclosure, you can choose the necessary protection means.

Information security classification


In accordance with the federal law of July 27, 2006 No. 149-FZ(as amended on July 29, 2017) "On information, information technology and information protection", Article 7, Clause 1. and Clause 4:

1. Protection of information represents taking legal, organizational and technical measures, aimed at:

  • Security protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions in relation to such information;
  • Compliance confidentiality of restricted information;
  • Implementation the right to access information.
4. Information holder, information system operator in cases established by the legislation of the Russian Federation, are obliged to provide:
  • Prevention unauthorized access to information and (or) transfer of it to persons who do not have the right to access information;
  • Timely detection facts of unauthorized access to information;
  • A warning the possibility of adverse consequences of violation of the procedure for access to information;
  • Avoiding impact on technical means of information processing, as a result of which their functioning is disrupted;
  • Possibility of immediate recovery information modified or destroyed due to unauthorized access to it;
  • Constant control ensuring the level of information security;
  • Finding on the territory of the Russian Federation of information databases with the use of which the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation are carried out (clause 7 was introduced by the Federal Law of July 21, 2014 No. 242-FZ).
Based on the law No. 149-FZ information protection can also be divided into several levels:
  1. Legal level ensures compliance with government data protection standards and includes copyright, ordinances, patents and job descriptions.
    A well-built security system does not violate user rights and data processing standards.
  2. Organizational level allows you to create regulations for the work of users with confidential information, select personnel, organize work with documentation and data carriers.
    The rules for the work of users with confidential information are called access control rules. The rules are established by the company's management in conjunction with the security service and the supplier who implements the security system. The goal is to create conditions for access to information resources for each user, for example, the right to read, edit, transfer a confidential document.
    Access control rules are developed at the organizational level and implemented at the stage of work with the technical component of the system.
  3. Technical level conventionally divided into physical, hardware, software and mathematical (cryptographic).

Information security tools

Information security tools it is customary to divide into normative (informal) and technical (formal).

Informal means of information protection

By informal means of protecting information- are regulatory (legislative), administrative (organizational) and moral and ethical means, which can be attributed: documents, rules, events.

Legal basis ( legislative means) information security is provided by the state. Information protection is regulated by international conventions, the Constitution, federal laws "On information, information technology and information protection", the laws of the Russian Federation "On security", "On communications", "On state secrets" and various bylaws.

Also, some of the listed laws were given and discussed by us above, as the legal basis for information security. Failure to comply with these laws entails threats to information security, which can lead to significant consequences, which in turn is punishable in accordance with these laws to the point of criminal liability.

The state will also determine the measure of responsibility for violation of the provisions of legislation in the field of information security. For example, chapter 28 "Crimes in the field of computer information" in the Criminal Code of the Russian Federation includes three articles:

  • Article 272 “Illegal Access to Computer Information”;
  • Article 273 "Creation, use and distribution of malicious computer programs";
  • Article 274 "Violation of the rules for the operation of storage, processing or transmission of computer information and information and telecommunication networks."
Administrative (organizational) events play an essential role in creating a reliable mechanism for protecting information. Since the possibility of unauthorized use of confidential information is largely determined not by technical aspects, but by malicious actions. For example, negligence, negligence and negligence of users or security personnel.

To reduce the impact of these aspects, a set of organizational, legal and organizational and technical measures is required that would exclude or minimize the possibility of threats to confidential information.

In this administrative and organizational activity for the protection of information for security officers, there is scope for creativity.

These are architectural and planning solutions that help protect meeting rooms and management offices from eavesdropping, and the establishment of various levels of access to information.

From the point of view of regulating the activities of personnel, it will be important to formulate a system of requests for access to the Internet, external e-mail, and other resources. A separate element will be the receipt of an electronic digital signature to enhance the security of financial and other information that is transmitted to government agencies via e-mail.

Towards moral and ethical means can be attributed to the prevailing in society or a given collective moral standards or ethical rules, the observance of which contributes to the protection of information, and their violation is equated with non-compliance with the rules of conduct in society or a collective. These norms are not mandatory, as are legally approved norms, however, their non-observance leads to a drop in the authority, prestige of a person or organization.

Formal means of protecting information

Formal remedies Are special hardware and software that can be divided into physical, hardware, software and cryptographic.

Physical means of information protection Are any mechanical, electrical and electronic mechanisms that function independently of information systems and create barriers to access to them.

Locks, including electronic ones, screens, blinds are designed to create obstacles for the contact of destabilizing factors with systems. The group is supplemented by means of security systems, for example, video cameras, video recorders, sensors that detect movement or excess of the level of electromagnetic radiation in the area of ​​the location of technical means for removing information.

Information security hardware- these are any electrical, electronic, optical, laser and other devices that are built into information and telecommunication systems: special computers, employee control systems, protection of servers and corporate networks. They prevent access to information, including by masking it.

Hardware includes: noise generators, surge protectors, scanning radios, and many other devices that "block" potential information leakage channels or allow them to be detected.

Information security software Are simple and complex programs designed to solve problems related to information security.

DLP systems and SIEM systems are examples of complex solutions.

DLP systems("Data Leak Prevention" literally means "data leakage prevention") respectively serve to prevent leakage, reformat information and redirect information flows.

SIEM systems("Security Information and Event Management", which means "Event Management and Information Security") provide real-time analysis of security events (alarms) emanating from network devices and applications. SIEM is represented by applications, instruments or services, and is also used for data logging and reporting for compatibility with other business data.

Software is demanding on the power of hardware devices, and additional reserves must be provided during installation.

Mathematical (cryptographic)- implementation of cryptographic and verbatim data protection methods for secure transmission over a corporate or global network.

Cryptography is considered one of the most reliable ways to protect data, because it protects the information itself, and not access to it. Cryptographically transformed information has an increased degree of protection.

The introduction of cryptographic information protection means provides for the creation of a software and hardware complex, the architecture and composition of which is determined based on the needs of a particular customer, legislative requirements, tasks and necessary methods, and encryption algorithms.

This may include encryption software components (encryption providers), VPN organization tools, credentials, key generation and verification tools, and electronic digital signatures.

Encryption tools can support GOST encryption algorithms and provide the necessary classes of crypto protection, depending on the required degree of protection, regulatory framework and requirements for compatibility with other, including external systems. At the same time, encryption tools provide protection for the entire set of information components, including files, directories with files, physical and virtual media, servers and data storage systems as a whole.

In conclusion of the second part, having briefly considered the main methods and means of protecting information, as well as the classification of information, we can say the following: About the fact that once again the well-known thesis is confirmed that ensuring information security is a whole complex of measures that includes all aspects of protection information, the creation and provision of which must be approached most carefully and seriously.

The Golden Rule must be strictly observed and under no circumstances should it be violated - this is an integrated approach.

For a more visual representation of information protection means, namely as an indivisible set of measures, are presented below in Figure 2, each of the building blocks of which is information protection in a certain segment, remove one of the bricks and a security threat will arise.


Figure 2. Classification of information security tools.

Information security software are special programs and software systems designed to protect information in an information system.

The software includes programs for user identification, access control, removal of residual (working) information such as temporary files, test control of the security system, and others. The advantages of the software are versatility, flexibility, reliability, ease of installation, the ability to modify and develop.

Disadvantages - the use of part of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware).

Software protection software includes:

· Built-in information security tools are tools that implement authorization and authentication of users (logging into the system using a password), differentiation of access rights, software protection from copying, correct data entry in accordance with the specified format, and so on.

In addition, this group of tools includes the built-in tools of the operating system to protect against the influence of one program on the operation of another program when the computer is operating in multiprogram mode, when several programs can be simultaneously running in its memory, alternately receiving control as a result of interrupts. ... In each of these programs, failures (errors) are likely, which can affect the performance of functions by other programs. The operating system handles interrupts and multiprogramming. Therefore, the operating system must protect itself and other programs from such influence, using, for example, a memory protection mechanism and distribution of program execution in privileged or user mode;

· Management of the protection system.

In order to form the optimal complex of software and hardware means of information protection, it is necessary to go through the following stages:

· Determination of information and technical resources to be protected;

· Identification of the full set of potential threats and channels of information leakage;

· Assessing the vulnerability and risks of information in the presence of a variety of threats and channels of leakage;

· Definition of requirements for the protection system;

· Carrying out the choice of information protection means and their characteristics;

· Implementation and organization of the use of the selected measures, methods and means of protection;

· Implementation of integrity control and management of the protection system.

Information is expensive today and needs to be protected. Information is owned and used by all people, without exception. Each person decides for himself what information he needs to receive, what information should not be available to others. To prevent the loss of information, various methods of its technical protection are being developed, which are used at all stages of working with it, protecting it from damage and external influences.