Reviews 

Software and hardware for information security. Software tools for protecting information in KS What software methods for protecting information exist?

Information security software are special programs and software packages designed to protect information in an information system.

Software tools include programs for user identification, access control, removal of residual (working) information such as temporary files, test control of the security system, and others. The advantages of software are versatility, flexibility, reliability, ease of installation, ability to be modified and developed.

Disadvantages - use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware).

To software protection tools software relate:

· built-in information security tools are tools that implement authorization and authentication of users (login to the system using a password), differentiation of access rights, software copy protection, correct data entry in accordance with a given format, and so on.

In addition, this group of tools includes built-in tools operating system to protect against the influence of the work of one program on the work of another program when the computer is operating in multi-program mode, when several programs can simultaneously be in the execution stage in its memory, alternately receiving control as a result of interrupts that occur. In each of these programs, failures (errors) are possible, which may affect the performance of functions by other programs. The operating system handles interrupts and manages multiprogramming mode. Therefore, the operating system must protect itself and other programs from such influence, using, for example, a memory protection mechanism and distribution of program execution in privileged or user mode;

· security system management.

In order to create an optimal set of software and hardware for information security, it is necessary to go through the following stages:

· identification of information and technical resources to be protected;

· identifying the full range of potential threats and information leakage channels;

· conducting an assessment of the vulnerability and risks of information in the presence of a variety of threats and leakage channels;

· determination of requirements for the protection system;

· selection of information security tools and their characteristics;

· implementation and organization of the use of selected measures, methods and means of protection;

· monitoring integrity and managing the security system.

Information today is expensive and must be protected. Information is owned and used by all people without exception. Each person decides for himself what information he needs to receive and what information should not be available to others. To prevent the loss of information, various methods of technical protection are being developed, which are used at all stages of working with it, protecting it from damage and external influences.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Basic information about the work

Template version 1.1

Nizhny Novgorod branch

Type of work Electronic written pre-defense

Name of the discipline

Subject

Software tools for protecting information in networks

I've done the work

Ipatov Alexander Sergeevich

Contract No. 09200080602012

Introduction

1. Basic principles of the theory information security

1.1 Information security. Basic definitions

1.2 Information security threats

1.3 Building systems to protect against threats of information confidentiality violations

1.3.1 Protection system model

1.3.2 Organizational and security measures

1.3.3 Identification and authentication

1.3.4 Access control

1.3.5 Cryptographic methods for ensuring information confidentiality

1.3.6 External perimeter protection methods

1.3.7 Recording and auditing

1.4 Building protection systems against integrity threats

1.4.1 Integrity principles

1.4.2 Cryptographic methods to ensure information integrity

1.5 Building protection systems against accessibility threats

2. Information security software in the CS

2.1 Security at the operating system level

2.2 Cryptographic protection methods

2.3 Disk encryption

2.4 Specialized information security software

2.5 Architectural security considerations

2.6 Archiving and duplication systems

2.7 Security analysis

Conclusion

Glossary

List of sources used

List of abbreviations

Introduction

Progress has given humanity a great many achievements, but the same progress has also given rise to a lot of problems. The human mind, solving some problems, inevitably encounters other, new ones. An eternal problem is information security. At various stages of its development, humanity solved this problem with the specificity inherent in a given era. The invention of the computer and the further rapid development of information technology in the second half of the 20th century made the problem of information security as relevant and acute as informatization is relevant today for the entire society.

Even Julius Caesar decided to protect valuable information during the transfer process. He invented the Caesar cipher. This cipher made it possible to send messages that no one could read if intercepted.

This concept was developed during the Second World War. Germany used a machine called Enigma to encrypt messages sent to military units.

Of course, the way we protect information is constantly changing, as our society and technology change. Appearance and wide use computers has led to the fact that most people and organizations began to store information in in electronic format. There is a need to protect such information.

In the early 70s. 20th century David Bell and Leonard La Padula developed a security model for operations performed on a computer. This model was based on the government's concept of information classification levels (unclassified, confidential, classified, top secret) and clearance levels. If a person (subject) had a clearance level higher than the classification level of the file (object), then he was granted access to the file, otherwise access was denied. This concept was implemented in the Trusted Computing System Evaluation Criteria (TCSEC) standard 5200.28, developed in 1983 by the US Department of Defense. Because of the color of the cover, it was called "The Orange Book".

The Orange Book defined functional and warranty requirements for each section. The system had to meet these requirements in order to meet a certain level of certification.

Complying with the assurance requirements for most security certifications was time consuming and costly. As a result, very few systems have been certified higher than level C2 (in fact, only one system has ever been certified to level A1 - Honeywell SCOMP) Cole E. A Guide to Protecting Against Hackers. - M.: Williams Publishing House, 2002 - P. 25.

In developing other criteria, attempts have been made to separate functional and assurance requirements. These developments were included in the German Green Book in 1989, the Canadian Criteria in 1990, the Information Technology Security Evaluation Criteria (ITSEC) in 1991, and the Federal Criteria (known as the Common Criteria). " General criteria") in 1992. Each standard offered its own way of certifying the security of computer systems.

GOST 28147-89 -- Soviet and Russian standard symmetric encryption, introduced in 1990, is also a CIS standard. Full name - “GOST 28147-89 Information processing systems. Cryptographic protection. Cryptographic conversion algorithm." Block cipher algorithm. When using the gamma encryption method, it can perform the functions of a stream cipher algorithm.

According to some information, A. Vinokurov. Encryption algorithm GOST 28147-89, its use and implementation for computers Intel platforms x86 (http://www.enlight.ru), the history of this cipher is much older. The algorithm, which later formed the basis of the standard, was born, presumably, in the bowels of the Eighth Main Directorate of the KGB of the USSR (now within the structure of the FSB), most likely, in one of the closed research institutes subordinate to it, probably back in the 1970s as part of projects to create software and hardware implementations of the cipher for various computer platforms.

Since the publication of GOST, it was marked with the restrictive stamp “For official use”, and formally the cipher was declared “fully open” only in May 1994. The history of the creation of the cipher and the criteria of the developers have not been published as of 2010.

One of the problems associated with system security assessment criteria was a lack of understanding of networking mechanisms. When computers are combined, new security problems are added to the old ones. The Orange Book did not address the problems that arise when connecting computers into a common network, so in 1987 TNI (Trusted Network Interpretation), or the Red Book, appeared. The “Red Book” retains all the security requirements from the “Orange Book” and makes an attempt to address the network space and create a network security concept. Unfortunately, the Red Book also linked functionality with warranty. Only a few systems have been evaluated by TNI, and none have been commercially successful.

These days the problems have become even more serious. Organizations began to use wireless networks, the emergence of which the Red Book could not have foreseen. For wireless networks The Red Book certificate is considered obsolete.

Computer systems and network technologies are developing too quickly. Accordingly, new ways to protect information are also rapidly emerging. Therefore, the topic of my qualification work “Information security software in networks” is very relevant.

The object of the study is information transmitted over telecommunication networks.

The subject of the study is information security of networks.

The main goal of the qualifying work is to study and analyze information security software in networks. To achieve this goal, it is necessary to solve a number of problems:

Consider security threats and their classification;

Describe methods and means of protecting information on the network, their classification and application features;

Reveal the capabilities of physical, hardware and software means of protecting information in computer networks (CN), identify their advantages and disadvantages.

1. Basic provisions of the theory of information security

1.1 Information security. Basic definitions

The term “information” is defined by different sciences different ways. So, for example, in philosophy, information is considered as the property of material objects and processes to preserve and generate a certain state, which in various material and energy forms can be transferred from one object to another. In cybernetics, information is usually called a measure of uncertainty elimination. In the future, by information we will understand everything that can be represented in the symbols of a finite (for example, binary) alphabet.

This definition may seem somewhat unusual. At the same time, it follows naturally from the basic architectural principles of modern computing. Indeed, we are limited to issues of information security of automated systems - and everything that is processed using modern computer technology is represented in binary form. Tsirlov V.L. Fundamentals of information security of automated systems - “Phoenix”, 2008 - P. 8

The subject of our consideration is automated systems. By automated information processing system (AS) we will understand a set of the following objects:

1. Computer equipment;

2. Software;

3. Communication channels;

4. Information on various media;

5. Personnel and users of the system.

Information security of the AS is considered as a state of the system in which:

1. The system is able to withstand the destabilizing effects of internal and external threats.

2. The functioning and the very fact of the system’s existence do not create threats to the external environment and to the elements of the system itself.

In practice, information security is usually considered as a combination of the following three basic properties of protected information:

? confidentiality, meaning that only legal users can access information;

? integrity, ensuring that, firstly, the protected information can only be changed by legal and authorized users, and secondly, the information is internally consistent and (if this property applicable) reflects the real state of affairs;

? accessibility, guaranteeing unhindered access to protected information for legitimate users.

Activities aimed at ensuring information security are commonly called information protection.

Methods for ensuring information security (Appendix A) are very diverse.

Services network security are mechanisms for protecting information processed in distributed computing systems and networks.

Engineering and technical methods aim to ensure the protection of information from leakage through technical channels - for example, by intercepting electromagnetic radiation or speech information. Legal and organizational methods of information protection create a regulatory framework for organizing various types of activities related to ensuring information security.

Theoretical methods of ensuring information security, in turn, solve two main problems. The first of them is the formalization of various types of processes related to ensuring information security. For example, formal access control models make it possible to strictly describe all possible information flows in the system - and therefore guarantee the fulfillment of the required security properties. This directly leads to the second task - a strict substantiation of the correctness and adequacy of the functioning of information security systems when analyzing their security. This problem arises, for example, when certifying automated systems according to information security requirements.

1.2 Information security threats

When formulating the definition of AS information security, we mentioned the concept of threat. Let's look at it in a little more detail.

Note that in general, a threat is usually understood as a potentially possible event, action, process or phenomenon that could lead to damage to someone’s interests. In turn, a threat to the information security of an automated system is the possibility of influencing the information processed in the AS, leading to a violation of the confidentiality, integrity or availability of this information, as well as the possibility of influencing the AS components, leading to their loss, destruction or malfunction.

Threats can be classified according to many criteria. Here are the most common of them. Tsirlov V.L. Fundamentals of information security of automated systems - "Phoenix", 2008 - P. 10

1. Based on the nature of their occurrence, it is customary to distinguish between natural and artificial threats.

Natural threats are usually called threats that arise as a result of the impact on the AS of objective physical processes or natural phenomena that do not depend on humans. In turn, artificial threats are caused by the human factor.

Examples of natural hazards include fires, floods, tsunamis, earthquakes, etc. An unpleasant feature of such threats is the extreme difficulty or even impossibility of predicting them.

2. According to the degree of intentionality, accidental and deliberate threats are distinguished.

Accidental threats are caused by negligence or unintentional errors of personnel. Intentional threats usually result from targeted activity by an attacker.

Examples of accidental threats include unintentional entry of erroneous data and unintentional damage to equipment. An example of an intentional threat is the penetration of an attacker into a protected area in violation of established physical access rules.

3. Depending on the source of the threat, it is customary to distinguish:

- Threats originating from the natural environment. Examples of such threats are fires, floods and other natural disasters.

- Threats that originate from humans. An example of such a threat could be the introduction of agents into the ranks of AS personnel by a competing organization.

- Threats that originate from authorized software and hardware. An example of such a threat is the incompetent use of system utilities.

- Threats originating from unauthorized software and hardware. Such threats include, for example, the introduction of keyloggers into the system.

4. Based on the position of the threat source, the following are distinguished:

- Threats whose source is located outside the controlled area. Examples of such threats are the interception of spurious electromagnetic radiation (PEMIN) or the interception of data transmitted over communication channels; remote photo and video shooting;

interception of acoustic information using directional microphones.

- Threats whose source is located within the controlled area.

Examples of such threats include the use of listening devices or theft of media containing confidential information.

5. According to the degree of impact on the AS, passive and active threats are distinguished. Passive threats, when implemented, do not make any changes in the composition and structure of the AS.

The implementation of active threats, on the contrary, disrupts the structure of the automated system.

An example of a passive threat would be unauthorized copying of data files.

6. According to the method of accessing AS resources, they are distinguished:

- Threats using standard access. An example of such a threat is unauthorized acquisition of a password through bribery, blackmail, threats or physical violence against the rightful owner.

- Threats that use a non-standard access path. An example of such a threat is the use of undeclared capabilities of security measures.

The criteria for classifying threats can be continued, but in practice the following basic classification of threats is most often used, based on the three previously introduced basic properties of protected information:

1. Threats of violation of confidentiality of information, as a result of which the information becomes available to an entity that does not have the authority to familiarize itself with it.

2. Threats of violation of the integrity of information, which include any malicious distortion of information processed using the AS.

3. Threats of disruption of information availability that arise in cases where access to some AS resource is blocked for legal users.

Note that real threats Information security cannot always be strictly classified into one of the listed categories. For example, the threat of theft of storage media can, under certain conditions, be classified into all three categories.

Note that listing the threats specific to a particular automated system is an important stage in the analysis of AS vulnerabilities, carried out, for example, as part of an information security audit, and creates the basis for subsequent risk analysis. There are two main methods for listing threats:

1. Construction of arbitrary lists of threats. Possible threats are identified by experts and recorded in a random and unstructured manner.

This approach is characterized by incompleteness and inconsistency of the results obtained.

2. Construction of threat trees. Threats are described as one or more trees. Threat detailing is carried out from top to bottom, and ultimately each leaf of the tree provides a description of a specific threat. Logical connections can be organized between subtrees if necessary.

Let us consider as an example the threat tree of blocking access to network application(Appendix B).

As we can see, blocking access to an application can occur either as a result of a DoS attack on the network interface, or as a result of the computer shutting down. In turn, shutdown of a computer can occur either as a result of an attacker's unauthorized physical access to the computer, or as a result of the attacker using a vulnerability that implements a buffer overflow attack.

1.3 Building systems to protect against threats of information confidentiality violations

1.3.1 Protection system model

When building systems to protect against threats of violation of confidentiality of information in automated systems, an integrated approach is used. (Appendix B).

As can be seen from the above diagram, primary protection is carried out through implemented organizational measures and mechanisms for controlling physical access to the AS. Subsequently, at the stage of logical access control, protection is carried out using various network security services. In all cases, a set of engineering and technical means of protecting information must be deployed in parallel, blocking the possibility of leakage through technical channels.

Let us dwell in more detail on each of the subsystems involved in the implementation of protection.

1.3.2 Organizational and security measures

These mechanisms generally include:

- deployment of a system for controlling and delineating physical access to elements of the automated system.

- creation of a security and physical security service.

- organizing mechanisms to control the movement of employees and visitors (using video surveillance systems, proximity cards, etc.);

- development and implementation of regulations, job descriptions and similar regulatory documents;

- regulation of the procedure for working with media containing confidential information.

Without affecting the logic of the operation of the AS, these measures, when implemented correctly and adequately, are an extremely effective protection mechanism and are vital for ensuring the safety of any real system.

1.3.3 Identification and authentication

Let us recall that identification is usually understood as assigning unique identifiers to access subjects and comparing such identifiers with a list of possible ones. In turn, authentication is understood as verifying that the access subject owns the identifier presented by him and confirming its authenticity.

Thus, the task of identification is to answer the question “who is this?”, and authentication is “is it really him?”

The variety of authentication methods currently in use can be divided into 4 large groups:

1. Methods based on knowledge of some secret information.

A classic example of such methods is password protection, when the user is asked to enter a password - a certain sequence of characters - as a means of authentication. These authentication methods are the most common.

2. Methods based on the use of a unique object. Such an item can be a smart card, token, electronic key etc.

3. Methods based on the use of human biometric characteristics. In practice, one or more of the following biometric characteristics are most often used:

- fingerprints;

- drawing of the retina or iris of the eye;

- thermal drawing of the hand;

- photograph or thermal drawing of a face;

- handwriting (painting);

- voice.

The most widely used scanners are fingerprint scanners and retinal and iris scanners.

4. Methods based on information associated with the user.

An example of such information is the user's coordinates determined using GPS. This approach is unlikely to be used as a sole authentication mechanism, but is quite acceptable as one of several shared mechanisms.

Widespread practice sharing several of the mechanisms listed above - in such cases they talk about multi-factor authentication.

Features of password authentication systems

With all the variety of existing authentication mechanisms, the most common of them remains password protection. There are several reasons for this, of which we note the following:

- Relative ease of implementation. Indeed, implementing a password protection mechanism usually does not require additional hardware.

- Traditionality. Password protection mechanisms are familiar to most users of automated systems and do not cause psychological rejection - unlike, for example, retinal image scanners.

At the same time, password protection systems are characterized by a paradox that complicates their effective implementation: strong passwords are not very suitable for human use.

Indeed, password strength increases as it becomes more complex; but the more complex the password, the more difficult it is to remember, and the user is tempted to write down an inconvenient password, which creates additional channels for discrediting it.

Let us dwell in more detail on the main threats to the security of password systems. In general, a password can be obtained by an attacker in one of three main ways:

1. By exploiting the weaknesses of the human factor. Methods for obtaining passwords here can be very different: spying, eavesdropping, blackmail, threats, and finally, using someone else’s accounts with the permission of their rightful owners.

2. By selection. The following methods are used:

- Complete overkill. This method allows you to guess any password, regardless of its complexity, however, for a strong password, the time required for this attack should significantly exceed the attacker’s allowable time resources.

- Selection according to the dictionary. A significant portion of passwords used in practice are meaningful words or expressions. There are dictionaries of the most common passwords, which in many cases allow you to do without brute force.

Selection using user information. This intelligent password selection method is based on the fact that if the system security policy provides for users to independently assign passwords, then in the vast majority of cases a certain password will be selected personal information, associated with the AC user. And although such information can be anything from your mother-in-law’s birthday to your favorite dog’s nickname, having information about the user allows you to check the most common options (birthdays, children’s names, etc.).

3. By taking advantage of shortcomings in the implementation of password systems. Such implementation flaws include exploitable vulnerabilities of network services that implement certain components of the password protection system, or undeclared capabilities of the corresponding software or hardware.

When building a password protection system, it is necessary to take into account the specifics of the AS and be guided by the results of the risk analysis performed. At the same time, the following practical recommendations can be given:

- Setting a minimum password length. Obviously, the regulation of the minimum allowable password length makes it difficult for an attacker to guess the password through brute force.

- Increased power of the password alphabet. By increasing the power (which is achieved, for example, through the mandatory use of special characters), it is also possible to complicate the exhaustive search.

- Checking and rejecting passwords using a dictionary. This mechanism makes it difficult to guess passwords using a dictionary by rejecting passwords that are obviously easy to guess.

- Setting the maximum password validity period. Password expiration limits the amount of time an attacker can spend trying to guess the password. Thus, shortening the password validity period reduces the likelihood of successful password guessing.

- Setting the minimum password validity period. This mechanism prevents the user from attempting to immediately change New Password to the previous one.

- Rejection based on the password history log. The mechanism prevents the reuse of passwords - possibly previously compromised ones.

- Limit the number of password entry attempts. The corresponding mechanism makes interactive password guessing difficult.

- Forced password change when the user first logs into the system. If the initial generation of passwords for all users is carried out by the administrator, the user may be asked to change the initial password upon first login - in this case, the new password will not be known to the administrator.

- Delay when entering an incorrect password. The mechanism prevents interactive password guessing.

- Prohibition on user selection of a password and automatic password generation. This mechanism allows you to guarantee the strength of the generated passwords - however, do not forget that in this case users will inevitably have problems remembering passwords.

Assessing the strength of password systems Tsirlov V.L. Fundamentals of information security of automated systems - "Phoenix", 2008 - P. 16

Let's evaluate the elementary relationships between the main parameters of password systems. Let us introduce the following notation:

- A - power of the password alphabet;

- L - password length;

- S=AL - password space power;

- V - speed of password selection;

- T - password validity period;

- P - probability of password guessing during its validity period.

Obviously, the following relationship is valid:

Typically, the password guessing speed V and the password validity period T can be considered known. In this case, by setting permissible value probability P of guessing a password during its validity period, we can determine the required power of the password space S.

Note that reducing the password guessing speed V reduces the probability of password guessing. From this, in particular, it follows that if passwords are selected by calculating a hash function and comparing the result with a given value, then the use of a slow hash function will ensure greater strength of the password system.

Password storage methods

In general, there are three possible mechanisms for storing passwords in the AS:

1. Open. Of course, this option is not optimal, since it automatically creates many channels for leaking password information. The real need to store passwords in clear text is extremely rare, and usually such a solution is a consequence of the incompetence of the developer.

2. As a hash value. This mechanism is convenient for checking passwords, since hash values ​​are uniquely associated with the password, but are not themselves of interest to an attacker.

3. Encrypted. Passwords can be encrypted using some cryptographic algorithm, and the encryption key can be stored:

- on one of the permanent elements of the system;

- on some media (electronic key, smart card, etc.) presented during system initialization;

- the key can be generated from some other AS security parameters - for example, from the administrator password when initializing the system.

Transferring passwords over the network

The most common implementation options are:

1. Transmitting passwords in clear text. The approach is extremely vulnerable, since passwords can be intercepted in communication channels. Despite this, many network protocols used in practice (for example, FTP) require the transmission of passwords in clear text.

2. Passing passwords in the form of hash values ​​is sometimes encountered in practice, but usually does not make sense - password hashes can be intercepted and retransmitted by an attacker over a communication channel.

3. Transmitting passwords in encrypted form is in most cases the most reasonable and justified option.

1.3.4 Access control

Access control is generally understood as establishing the powers of subjects to further control the authorized use of resources available in the system. It is customary to distinguish two main methods of access control: discretionary and mandatory.

Discretionary is the delimitation of access between named subjects and named objects.

Obviously, instead of an access matrix, lists of permissions can be used: for example, each user can be associated with a list of resources available to him with the corresponding rights, or each resource can be associated with a list of users indicating their rights to access a given resource.

Mandatory access control is usually implemented as access control based on security levels. The permissions of each user are set in accordance with the maximum level of privacy to which he is admitted. In this case, all AS resources must be classified according to privacy levels.

The fundamental difference between discretionary and mandatory access control is as follows: if in the case of discretionary access control, the rights to access a resource for users are determined by its owner, then in the case of mandatory access control, privacy levels are set externally, and the owner of the resource cannot influence them. The term “mandatory” itself is an unsuccessful translation of the word mandatory - “obligatory”. Thus, mandatory access control should be understood as forced.

1.3.5 Cryptographic methods for ensuring information confidentiality

To ensure information confidentiality, the following cryptographic primitives are used:

1. Symmetric cryptosystems.

In symmetric cryptosystems, the same shared secret key is used to encrypt and decrypt information, which the interacting parties previously exchange over some secure channel.

Examples of symmetric cryptosystems include the domestic algorithm GOST 28147-89, as well as the international standards DES and AES, which replaced it.

2. Asymmetric cryptosystems.

Asymmetric cryptosystems are characterized by the fact that they use different keys to encrypt and decrypt information. Encryption key ( public key) can be made public so that anyone can encrypt a message for some recipient.

The recipient, being the sole owner of the decryption key (secret key), will be the only one who can decrypt the messages encrypted for him.

Examples of asymmetric cryptosystems are RSA and the ElGamal scheme.

Symmetric and asymmetric cryptosystems, as well as various combinations thereof, are used in AS primarily to encrypt data on various media and to encrypt traffic.

protection information network threat

1.3.6 External perimeter protection methods

The external perimeter protection subsystem of an automated system usually includes two main mechanisms: firewall tools and intrusion detection tools. Solving related problems, these mechanisms are often implemented within the framework of one product and function as a single whole. At the same time, each of the mechanisms is self-sufficient and deserves separate consideration.

Firewall http://www.infotecs.ru

The firewall (FW) performs the functions of delimiting information flows at the border of the protected automated system. This allows:

- increase the security of objects in the internal environment by ignoring unauthorized requests from the external environment;

- control information flows to the external environment;

- ensure registration of processes information exchange.

Information flows are controlled by filtering information, i.e. analyzing it according to a set of criteria and making a decision on distribution to or from the AS.

Depending on the principles of operation, several classes are distinguished firewalls. The main classification feature is the level of the ISO/OSI model at which the ME operates.

1. Packet filters.

The simplest class of firewalls operating on the network and transport levels ISO/OSI models. Packet filtering is usually carried out according to the following criteria:

- source IP address;

- recipient IP address;

- source port;

- recipient port;

- specific header parameters network packets.

Filtering is implemented by comparing the listed parameters of network packet headers with a base of filtering rules.

2. Session level gateways

These firewalls operate at the session level of the ISO/OSI model. Unlike packet filters, they can control the validity of a communication session by analyzing the parameters of session layer protocols.

3. Application level gateways

Firewalls of this class allow you to filter specific types of commands or sets of data in application-level protocols. For this, proxy services are used - special-purpose programs that manage traffic through a firewall for certain high-level protocols (http, ftp, telnet, etc.).

The procedure for using proxy services is shown in Appendix D.

If without using proxy services network connection is established between interacting parties A and B directly, then in the case of using a proxy service, an intermediary appears - a proxy server, which independently interacts with the second participant in the information exchange. This scheme allows you to control the admissibility of using individual high-level protocol commands, as well as filter data received by the proxy server from the outside; in this case, the proxy server, based on established policies, can decide on the possibility or impossibility of transmitting this data to client A.

4. Expert level firewalls.

The most complex firewalls, combining elements of all three of the above categories. Instead of proxy services, such screens use algorithms for recognizing and processing data at the application level.

Most firewalls currently in use are classified as expert firewalls. The most well-known and widespread firewalls are CISCO PIX and CheckPoint FireWall-1.

Intrusion detection systems

Intrusion detection is the process of identifying unauthorized access (or attempted unauthorized access) to automated system resources. An intrusion detection system (IDS) in general is a software and hardware complex that solves this problem.

There are two main categories of IDS systems:

1. Network level IDS.

In such systems, the sensor operates on a host dedicated for these purposes in a protected network segment. Usually network adapter This host operates in promiscuous mode, which allows you to analyze all network traffic passing through the segment.

2. Host level IDS.

If the sensor operates at the host level, the following information can be used for analysis:

- records standard means operating system logging;

- information about the resources used;

- profiles of expected user behavior.

Each type of IDS has its own advantages and disadvantages. Network-level IDSs do not reduce overall system performance, but host-level IDSs are more effective at identifying attacks and allowing you to analyze activity associated with an individual host. In practice, it is advisable to use systems that combine both described approaches.

There are developments aimed at using methods in IDS systems artificial intelligence. It is worth noting that currently commercial products do not contain such mechanisms.

1.3.7 Recording and auditing activeaudit .narod.ru

The logging and audit subsystem is a mandatory component of any AS. Logging, or logging, is an information security system's accountability mechanism that records all security-related events. In turn, an audit is an analysis of logged information with the aim of promptly identifying and preventing violations of the information security regime. Host-level intrusion detection systems can be thought of as active audit systems.

Purpose of the registration and audit mechanism:

- ensuring the accountability of users and administrators;

- ensuring the possibility of reconstructing the sequence of events (which may be necessary, for example, when investigating incidents related to information security);

- detection of attempts to violate information security;

- providing information for identification and analysis technical problems, not related to safety.

The logged data is placed in a registration log, which is a chronologically ordered set of records of the results of the activities of AS subjects, sufficient to restore, view and analyze the sequence of actions in order to control the final result.

Since system logs are the main source of information for subsequent audits and detection of security violations, the issue of protecting system logs from unauthorized modification should be given the utmost attention. The logging system must be designed in such a way that no user (including administrators!) can arbitrarily modify system log entries.

No less important is the question of how system logs are stored. Since log files are stored on some type of media, the problem of overflowing the maximum permissible size of the system log inevitably arises. In this case, the system’s reaction may be different, for example:

- the system may be blocked until the problem with available disk space is resolved;

- the oldest system log entries can be automatically deleted;

- the system can continue to function by temporarily suspending the logging of information.

Of course, the latter option is unacceptable in most cases, and the procedure for storing system logs should be clearly regulated in the organization's security policy.

1.4 Building protection systems against integrity threats

1.4.1 Integrity principles

Most mechanisms that protect information from threats of confidentiality violations contribute to one degree or another to ensure the integrity of information. In this section we will dwell in more detail on the mechanisms specific to the integrity subsystem. Let us first formulate the basic principles of ensuring integrity formulated by Clark and Wilson:

1. Correctness of transactions.

The principle requires ensuring the impossibility of arbitrary modification of data by the user. Data must be modified only in such a way that its integrity is maintained.

2. User authentication.

Changes to data can only be made by users who are authenticated to perform the appropriate actions.

3. Minimize privileges.

Processes must be granted those and only those privileges in the system that are minimally sufficient for their execution.

4. Separation of duties.

Critical or irreversible operations require the participation of multiple independent users.

In practice, separation of duties can be implemented either purely by organizational methods or by using cryptographic secret sharing schemes.

5. Audit of events that occurred.

This principle requires the creation of a user accountability mechanism that allows tracking moments of violation of the integrity of information.

6. Objective control.

It is necessary to implement the operational allocation of data, the integrity control of which is justified.

Indeed, in most cases, strictly monitoring the integrity of all data present in the system is impractical, if only for performance reasons: integrity monitoring is an extremely resource-intensive operation.

7. Management of transfer of privileges.

The procedure for transferring privileges must fully comply with the organizational structure of the enterprise.

The listed principles allow us to formulate general structure protection systems against integrity threats (Appendix D).

As can be seen from Appendix E, cryptographic mechanisms for ensuring integrity are fundamentally new in comparison with the services used to build a system for protecting against threats of confidentiality violations.

Note that mechanisms for ensuring transaction correctness can also include cryptographic primitives in the seed.

1.4.2 Cryptographic methods to ensure information integrity

When building protection systems against threats to information integrity violations, the following cryptographic primitives are used:

- digital signatures;

- cryptographic hash functions;

- authentication codes.

Digital signatures

A digital signature is a mechanism for confirming the authenticity and integrity of digital documents. In many ways, it is an analogue of a handwritten signature - in particular, it is subject to almost similar requirements:

1. A digital signature must make it possible to prove that it was the rightful author, and no one else, who consciously signed the document.

2. The digital signature must be an integral part of the document.

It should be impossible to separate a signature from a document and use it to sign other documents.

3. The digital signature must ensure that the signed document cannot be changed (including by the author himself!).

4. The fact of signing a document must be legally provable. It must be impossible to deny authorship of a signed document.

In the simplest case, a mechanism similar to an asymmetric cryptosystem can be used to implement a digital signature. The difference will be that for encryption (which in this case is signing), a secret key will be used, and for decryption, which plays the role of verifying the signature, a well-known public key will be used.

The procedure for using a digital signature in this case will be as follows:

1. The document is encrypted with the signer's private key, and the encrypted copy is distributed along with the original document as a digital signature.

2. The recipient, using the signer's public public key, decrypts the signature, compares it with the original and verifies that the signature is correct.

It is easy to verify that this implementation digital signature fully satisfies all the above requirements, but at the same time has a fundamental drawback: volume transmitted message increases at least twofold. The use of hash functions allows you to get rid of this drawback.

Cryptographic hash functions

A function of the form y=f(x) is called cryptographic hash function, if it satisfies the following properties:

1. The input of a hash function can be a sequence of data of arbitrary length, but the result (called a hash or digest) has a fixed length.

2. The value of y from the given value of x is calculated in polynomial time, and the value of x from the given value of y in almost all cases is impossible to calculate.

3. It is computationally impossible to find two input hash values ​​that produce identical hashes.

4. When calculating the hash, all the information in the input sequence is used.

5. The description of the function is open and publicly available.

Let's show how hash functions can be used in digital signature schemes. If you sign not the message itself, but its hash, you can significantly reduce the amount of transmitted data.

By signing its hash instead of the original message, we transmit the result along with the original message. The recipient decrypts the signature and compares the resulting result with the hash of the message. If there is a match, it is concluded that the signature is correct.

2 . Information security software in CS

Information security software means special programs included in the CS software exclusively to perform protective functions.

The main software tools for information security include:

* identification and authentication programs for CS users;

* programs for restricting user access to CS resources;

* information encryption programs;

* programs for protecting information resources (system and application software, databases, computer training tools, etc.) from unauthorized modification, use and copying.

It must be understood that by identification, in relation to ensuring the information security of a computer system, we mean the unambiguous recognition of the unique name of the subject of the computer system. Authentication means confirming that the name presented matches to this subject(confirmation of the authenticity of the subject) 8 Biyachuev T.A. Security of corporate networks. Tutorial/ ed. L.G. Osovetsky - St. Petersburg: St. Petersburg State University ITMO, 2004, p. 64. .

Information security software also includes:

* programs for destroying residual information (in blocks of RAM, temporary files, etc.);

* audit programs (maintaining logs) of events related to the safety of the CS to ensure the possibility of recovery and proof of the fact of the occurrence of these events;

* programs for simulating work with a violator (distracting him to obtain supposedly confidential information);

* test control programs for CS security, etc.

The advantages of information security software include:

* ease of replication;

* flexibility (the ability to customize for various application conditions, taking into account the specifics of threats to the information security of specific CS);

* ease of use - some software tools, for example encryption, operate in a “transparent” (invisible to the user) mode, while others do not require any new (compared to other programs) skills from the user;

* virtually unlimited possibilities for their development by making changes to take into account new threats to information security.

The disadvantages of information security software include:

* reducing the effectiveness of the CS due to the consumption of its resources required for the functioning of protection programs;

* lower performance (compared to hardware security tools that perform similar functions, such as encryption);

* the docking of many software protection tools (and not their embeddedness in the CS software, Fig. 4 and 5), which creates a fundamental possibility for an intruder to bypass them;

* the possibility of malicious changes in software protection during the operation of the CS.

2 .1 Security at the operating system level

The operating system is the most important software component of any computer, therefore, the overall security largely depends on the level of implementation of the security policy in each specific OS. information system.

The MS-DOS operating system is the real-mode OS of the Intel microprocessor, and therefore there can be no talk of separation random access memory between processes. All resident programs and the main program share the same RAM space. There is no file protection; it is difficult to say anything definite about network security, since at that stage of software development, drivers for network interaction were developed not by MicroSoft, but by third-party developers.

Operating room family Windows systems 95, 98, Millenium - these are clones, initially aimed at working on home computers. These operating systems use protected mode privilege levels, but do not do any additional checks or support security descriptor systems. As a result, any application can access the entire amount of available RAM with both read and write rights. Network security measures are present, however, their implementation is not up to par. Moreover, in Windows versions 95, a fundamental mistake was made that made it possible to remotely cause the computer to freeze in just a few packets, which also significantly undermined the reputation of the OS; in subsequent versions many steps were taken to improve the network security of this clone Zima V., Moldovyan A., Moldovyan N. Global security network technologies. Series "Master". - St. Petersburg: BHV-Petersburg, 2001, p. 124. .

The generation of operating systems Windows NT, 2000 is already a much more reliable development of MicroSoft. They are truly multi-user systems that reliably protect files different users on the hard drive (however, data encryption is still not performed and the files can be read without problems by booting from the disk of another operating system - for example, MS-DOS). These operating systems actively use the capabilities of protected mode Intel processors, and can reliably protect the data and process code from other programs, unless he himself does not want to provide access to them additional access from outside the process.

Over a long period of development, many different network attacks and security system errors. Corrections for them were released in the form of service packs.

Similar documents

    Study of basic methods of protection against threats to confidentiality, integrity and availability of information. Encryption of files that are confidential property. Using a digital signature, hashing documents. Protection against network attacks on the Internet.

    course work, added 12/13/2015

    Classification of information by significance. Categories of confidentiality and integrity of protected information. The concept of information security, sources of information threats. Areas of information protection. Software cryptographic methods of protection.

    course work, added 04/21/2015

    The concept of protecting intentional threats to the integrity of information in computer networks. Characteristics of information security threats: compromise, disruption of service. Characteristics of NPO Mekhinstrument LLC, the main methods and methods of information security.

    thesis, added 06/16/2012

    Problems of information security in information and telecommunication networks. Study of information threats and ways of their impact on information security objects. Enterprise information security concepts. Cryptographic methods of information protection.

    thesis, added 03/08/2013

    The need to protect information. Types of IP security threats. The main directions of hardware protection used in automated information technologies. Cryptographic transformations: encryption and encoding. Direct channels of data leakage.

    course work, added 05/22/2015

    The concept of information security, concept and classification, types of threats. Characteristics of means and methods of protecting information from random threats and threats of unauthorized intervention. Cryptographic methods of information protection and firewalls.

    course work, added 10/30/2009

    Types of intentional threats to information security. Methods and means of information security. Methods and means of ensuring information security. Cryptographic methods of information protection. Comprehensive means of protection.

    abstract, added 01/17/2004

    Development of new information technologies and universal computerization. Information Security. Classification of intentional threats to information security. Methods and means of information security. Cryptographic methods of information protection.

    course work, added 03/17/2004

    The concept of ensuring information security at Neurosoft LLC; development of a comprehensive protection system. Information objects of the company, the degree of their confidentiality, reliability, integrity; identification of sources of threats and risks, selection of means of protection.

    course work, added 05/23/2013

    Main types of threats to the security of economic information systems. Impact malware. Encryption as the main method of protecting information. Legal basis for ensuring information security. The essence of cryptographic methods.

Security software– This is the most common method of protecting information on computers and information networks. They are usually used when it is difficult to use some other methods and means. User authentication is usually done by the operating system. The user is identified by his name, and the password is used as a means of authentication.

Software protection tools represent a complex of algorithms and special-purpose programs and general provision operation of computers and information networks. They are aimed at: control and delimitation of access to information, exclusion of unauthorized actions with it, management security devices and so on. Software protection tools are universal, easy to implement, flexible, adaptable, system customizable, etc.

Software tools are widely used to protect against computer viruses. For protecting machines from computer viruses , prevention and “treatment”, antivirus programs are used, as well as diagnostic and preventive tools to prevent the virus from entering computer system, disinfect infected files and disks, detect and prevent suspicious activities. Antivirus programs are rated based on their accuracy in detecting and effectively eliminating viruses, ease of use, cost, and ability to work on the network.

The most popular programs are those designed to prevent infection, detect and destroy viruses. Among them are domestic anti-virus programs DrWeb (Doctor Web) by I. Danilov and AVP (Antiviral Toolkit Pro) by E. Kaspersky. They have a user-friendly interface, tools for scanning programs, checking the system at boot, etc. Foreign anti-virus programs are also used in Russia.

There are no absolutely reliable programs that guarantee the detection and destruction of any virus. Only multi-level defense can provide the most complete protection against viruses. An important element of protection against computer viruses is prevention. Anti-virus programs are used simultaneously with regular data backup and preventive measures. Together, these measures can significantly reduce the likelihood of contracting the virus.



The main measures to prevent viruses are:

1) use of licensed software;

2) regular use of several constantly updated antivirus programs to check not only your own storage media when transferring third-party files to them, but also any “foreign” floppy disks and disks with any information on them, incl. and reformatted;

3) the use of various protective equipment when working on a computer in any information environment (for example, on the Internet). Checking files received over the network for viruses;

4) periodic backup the most valuable data and programs.

The most common sources of infection are computer games, acquired “unofficially” and unlicensed programs. Therefore, a reliable guarantee against viruses is the accuracy of users when choosing programs and installing them on the computer, as well as during Internet sessions. The likelihood of infection is not computer network can be reduced to almost zero if you use only licensed, legal products and never let friends with unknown programs, especially games, onto your computer. The most effective measure in this case is to establish access control that prevents viruses and defective programs from harmfully affecting data even if viruses penetrate such a computer.

One of the most known methods protection of information is its coding (encryption, cryptography). It does not save you from physical influences, but in other cases it serves as a reliable remedy.

The code is characterized by: length– the number of characters used in coding and structure– the order of arrangement of symbols used to indicate the classification attribute.

Coding tool serves as a correspondence table. An example of such a table for translating alphanumeric information into computer codes is code table ASCII

The first encryption standard appeared in 1977 in the USA. The main criterion for the strength of any cipher or code is the available computing power and the time during which it can be decrypted. If this time is several years, then the durability of such algorithms is sufficient for most organizations and individuals. To encrypt information, cryptographic methods of protecting it are increasingly used.

Cryptographic methods of information protection

General cryptography methods have been around for a long time. It is considered a powerful means of ensuring confidentiality and monitoring the integrity of information. There is no alternative to cryptography methods yet.

The strength of the cryptoalgorithm depends on the complexity of the conversion methods. The State Technical Commission of the Russian Federation deals with the development, sale and use of data encryption tools and certification of data protection means.

If you use 256 or more bit keys, the level of data protection reliability will be tens or hundreds of years of operation of a supercomputer. For commercial use, 40- and 44-bit keys are sufficient.

One of the important problems of information security is the organization of the protection of electronic data and electronic documents. To encode them, in order to meet the requirements for ensuring data security from unauthorized influences on them, an electronic digital signature (EDS) is used.

Electronic signature

Digital signature represents a sequence of characters. It depends on the message itself and on the secret key, known only to the signer of this message.

First domestic standard EDS appeared in 1994. The Federal Agency for Digital Signatures in Russia deals with issues of using digital signatures information technology(FAIT).

Highly qualified specialists are involved in implementing all necessary measures to protect people, premises and data. They form the basis of the relevant departments, are deputy heads of organizations, etc.

There are also technical means protection.

Technical means of protection

Technical means of protection are used in various situations, they are part of physical means of protection and software technical systems, complexes and access devices, video surveillance, alarms and other types of protection.

In the simplest situations for protection personal computers to prevent unauthorized launch and use of the data on them, it is proposed to install devices that restrict access to them, as well as work with removable hard magnetic and magneto-optical disks, self-booting CDs, flash memory, etc.

To protect objects in order to protect people, buildings, premises, material and technical means and information from unauthorized influences on them, active security systems and measures are widely used. It is generally accepted to use access control systems (ACS) to protect objects. Similar systems Usually they are automated systems and complexes formed on the basis of software and hardware.

In most cases, to protect information and limit unauthorized access to it, to buildings, premises and other objects, it is necessary to simultaneously use software and hardware, systems and devices.

Information security tools- this is a set of engineering, electrical, electronic, optical and other devices and devices, instruments and technical systems, as well as other material elements used to solve various problems of information protection, including preventing leaks and ensuring the security of protected information.

In general, the means of ensuring information security in terms of preventing intentional actions, depending on the method of implementation, can be divided into groups:

  • Technical (hardware. These are devices of various types (mechanical, electromechanical, electronic, etc.), which use hardware to solve information security problems. They either prevent physical penetration, or, if penetration does occur, access to information, including through its masking. The first part of the problem is solved by locks, bars on windows, security alarms, etc. The second part is solved by noise generators, network filters, scanning radios and many other devices that “block” potential channels of information leakage or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses - insufficient flexibility, relatively large volume and weight, high cost.
  • Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the security system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, ability to modify and develop. Disadvantages - limited network functionality, use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware).
  • Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties.
  • Organizational means consist of organizational and technical (preparing premises with computers, laying a cable system, taking into account the requirements for limiting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.

Software tools are distinguished according to the degree of distribution and availability; other tools are used in cases where it is necessary to provide an additional level of information protection.

Information security software

  • Built-in information security
  • Antivirus program (antivirus) is a program for detecting computer viruses and treating infected files, as well as for prevention - preventing infection of files or the operating system with malicious code.
  • AhnLab - South Korea
  • ALWIL Software (avast!) - Czech Republic (free and paid versions)
  • AOL Virus Protection as part of AOL Safety and Security Center
  • ArcaVir - Poland
  • Authentium - UK
  • AVG (GriSoft) - Czech Republic (free and paid versions, including firewall)
  • Avira - Germany (available free version Classic)
  • AVZ - Russia (free); no real-time monitor
  • BitDefender - Romania
  • BullGuard - Denmark
  • ClamAV - GPL Licensed (Free, Open Source) source code); no real-time monitor
  • Computer Associates - USA
  • Dr.Web - Russia
  • Eset NOD32 - Slovakia
  • Fortinet - USA
  • Frisk Software - Iceland
  • F-PROT - Iceland
  • F-Secure - Finland (multi-engine product)
  • G-DATA - Germany (multi-engine product)
  • GeCAD - Romania (company purchased by Microsoft in 2003)
  • IKARUS - Austria
  • H+BEDV - Germany
  • Hauri - South Korea
  • Microsoft Security Essentials - free antivirus from Microsoft
  • MicroWorld Technologies - India
  • MKS - Poland
  • MoonSecure - GPL licensed (free, open source), based on the ClamAV code, but has a real-time monitor
  • Norman - Norway
  • NuWave Software - Ukraine (uses engines from AVG, Frisk, Lavasoft, Norman, Sunbelt)
  • Outpost - Russia (two antimalware engines are used: antivirus from VirusBuster and antispyware, formerly Tauscan, of our own design)
  • Panda Software - Spain
  • Quick Heal AntiVirus - India
  • Rising - China
  • ROSE SWE - Germany
  • Safe`n`Sec - Russia
  • Simple Antivirus - Ukraine
  • Sophos - UK
  • Spyware Doctor - antivirus utility
  • Stiller Research
  • Sybari Software (company purchased by Microsoft in early 2005)
  • Trend Micro - Japan (nominally Taiwan/USA)
  • Trojan Hunter - antivirus utility
  • Universal Anti Virus - Ukraine (free)
  • VirusBuster - Hungary
  • ZoneAlarm AntiVirus - USA
  • Zillya! - Ukraine (free)
  • Kaspersky Anti-Virus - Russia
  • VirusBlokAda (VBA32) - Belarus
  • Ukrainian National Antivirus - Ukraine
  • Specialized software tools for protecting information from unauthorized access generally have better capabilities and characteristics than built-in tools. In addition to encryption programs and cryptographic systems, there are many other external information security tools available. Of the most frequently mentioned solutions, the following two systems should be noted that allow you to limit and control information flows.
  • Firewalls (also called firewalls or firewalls - from it. Brandmauer, English firewall- “fire wall”). Special intermediate servers are created between the local and global networks, which inspect and filter all network/transport level traffic passing through them. This allows you to dramatically reduce the threat of unauthorized access from outside corporate networks, but does not eliminate this danger completely. A more secure version of the method is the masquerading method, when all traffic originating from the local network is sent on behalf of the firewall server, making the local network practically invisible.
Firewalls
Free Ashampoo FireWall Free Comodo Core Force Online Armor PC Tools PeerGuardian Sygate ZoneAlarm
Proprietary Ashampoo FireWall Pro AVG Internet Security CA Personal Firewall Jetico Kaspersky Microsoft ISA Server Norton Outpost Trend Micro Windows Firewall Sunbelt WinRoute
Hardware Fortinet Cisco Juniper Check Point
FreeBSD Ipfw IPFilter
Mac OS NetBarrier X4
Linux Netfilter (Iptables Firestarter Iplist NuFW Shorewall)
  • Proxy-servers (proxy - power of attorney, trusted person). All network/transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, appeals from global network to local ones become impossible in principle. This method does not provide sufficient protection against attacks over high levels- for example, at the application level (viruses, Java and JavaScript code).
  • VPN (virtual private network) allows you to transfer secret information through networks where it is possible to eavesdrop on traffic strangers. Technologies used: PPTP, PPPoE, IPSec.

Hardware information security

Hardware protection includes various electronic, electronic-mechanical, and electro-optical devices. To date, a significant number of hardware devices for various purposes have been developed, but the most widespread are the following:

  • special registers for storing security details: passwords, identification codes, stamps or security levels;
  • devices for measuring individual characteristics of a person (voice, fingerprints) for the purpose of identification;
  • circuits for interrupting the transmission of information on a communication line for the purpose of periodically checking the data output address.
  • devices for encrypting information (cryptographic methods).

Technical means of information security

To protect the perimeter of the information system, security and fire alarm; systems digital video observations; access control and management systems (ACS). Protecting information from leakage technical channels communications are ensured by the following means and measures: the use of shielded cables and the laying of wires and cables in shielded structures; installation of high-frequency filters on communication lines; construction of shielded rooms (“capsules”); use of shielded equipment; installation active systems noise; creation of controlled zones.

Financial Dictionary

Technical, cryptographic, software and other means designed to protect information constituting state secrets, the means in which they are implemented, as well as means of monitoring the effectiveness of information protection. EdwART.... ... Dictionary of emergency situations

Information security tools- technical, cryptographic, software and other means designed to protect information constituting state secrets, the means in which they are implemented, as well as means of monitoring the effectiveness of information protection...

Systems for protecting a computer from foreign intrusion are very diverse and can be classified into groups such as:

  • - self-protection means provided by the general software;
  • - protective equipment as part of the computer system;
  • - means of protection with a request for information;
  • - active protection means;
  • - means of passive protection, etc.

The following areas of using programs to ensure the security of confidential information can be distinguished, in particular:

  • - protection of information from unauthorized access;
  • - protection of information from copying;
  • - protection of programs from copying;
  • - protection of programs from viruses;
  • - protecting information from viruses;
  • - software protection communication channels.

For each of these areas there is a sufficient number of high-quality software products developed by professional organizations and distributed on the markets.

Software protection tools have the following types of special programs:

identification of hardware, files and user authentication;

registration and control of the operation of technical equipment and users;

servicing restricted information processing modes;

protection operating funds PC and application programs users;

destruction of information in storage after use;

signaling violations of resource use;

auxiliary protection programs for various purposes

Identification of hardware and files, carried out programmatically, is done on the basis of analyzing the registration numbers of various components and objects of the information system and comparing them with the values ​​of addresses and passwords stored in the control system memory.

To ensure reliable protection using passwords, the operation of the security system is organized in such a way that the probability of disclosure secret password and establishing correspondence to one or another file or terminal identifier was as small as possible. To do this, you need to periodically change the password, and set the number of characters in it to be quite large.

An effective way to identify addressable elements and authenticate users is a challenge-response algorithm, according to which the security system prompts the user for a password, after which he must give a specific answer to it. Since the moments of entering a request and answering it are unpredictable, this makes it difficult to guess the password, thereby ensuring higher reliability of protection.

Obtaining permission to access certain resources can be achieved not only through the use of a secret password and subsequent authentication and identification procedures. This can be done in a more detailed way, taking into account various

features of user operating modes, their powers, categories of requested data and resources. This method is implemented special programs, analyzing the relevant characteristics of users, the content of tasks, parameters of hardware and software, memory devices, etc.

Specific data related to the request entering the security system is compared during the operation of the security programs with the data entered in the registration secret tables (matrices). These tables, as well as programs for their formation and processing, are stored in encrypted form and are under the special control of the information network security administrator(s).

To differentiate the access of individual users to a very specific category of information, individual measures of secrecy of these files and special control of user access to them are applied. The security classification can be formed in the form of three-digit code words, which are stored in the file itself or in a special table. The same table records the identifier of the user who created this file, the identifiers of the terminals from which the file can be accessed, the identifiers of users who are allowed access to this file, as well as their rights to use the file (reading, editing, erasing, updating, executing, etc.). It is important to prevent user interference when accessing files. If, for example, several users have the right to edit the same record, then each of them needs to save exactly his version of the edit (several copies of the records are made for the purpose of possible analysis and establishment of authority).