How to set up smartphones and PCs. Informational portal
  • home
  • Interesting
  • 1 threats from leakage through technical channels. Optimum interference parameters

1 threats from leakage through technical channels. Optimum interference parameters

12.06.2019 Interesting

Protected information is proprietary and protected by legal documents. When carrying out measures to protect non-state information resources that are banking or commercial secrecy, the requirements of regulatory documents are advisory in nature. For non-state secrets, information protection regimes are established by the owner of the data.

Actions to protect confidential data from leakage through technical channels are one of the parts of the enterprise's measures to ensure information security. Organizational actions to protect information from leaks through technical channels are based on a number of recommendations when choosing premises where work will be carried out to store and process confidential information. Also, when choosing technical means of protection, it is necessary to rely primarily on certified products.

When organizing measures to protect the leakage of information to technical channels at the protected object, the following steps can be considered:

  • preparatory, pre-project
  • VSTS design
  • The stage of commissioning the protected object and the technical information security system

The first stage involves preparation for the creation of a system of technical protection of information at protected objects. When examining possible technical leakage flows at the facility, the following are studied:

  • Plan of the adjacent area to the building within a radius of 300 m.
  • Plan of each floor of the building with a study of the characteristics of walls, finishes, windows, doors, etc.
  • Plan-scheme of grounding systems for electronic objects
  • Plan-scheme of communications of the entire building, together with the ventilation system
  • Plan-scheme of the power supply of the building, indicating all the boards and the location of the transformer
  • Plan-scheme
  • Fire and security alarm plan showing all sensors

Having learned information leakage as an uncontrolled release of confidential data beyond the boundaries of a circle of individuals or an organization, we will consider how such a leakage is implemented. At the heart of such a leak is the uncontrolled removal of confidential data by means of light, acoustic, electromagnetic or other fields or material carriers. Whatever the different causes of leaks, they have a lot in common. As a rule, the reasons are connected with flaws in the norms of information preservation and violations of these norms.

Information can be transmitted either by a substance or by a field. A person is not considered as a carrier, he is a source or subject of relations. Figure 1 shows the means of transferring information. Man takes advantage of the various physical fields that communication systems create. Any such system has components: a source, a transmitter, a transmission line, a receiver, and a receiver. Such systems are used every day in accordance with their intended purpose and are the official means of data exchange. Such channels provide and control for the secure exchange of information. But there are also channels that are hidden from prying eyes, and they can transmit data that should not be transferred to third parties. Such channels are called leakage channels. Figure 2 shows a diagram of the leakage channel.

Picture 1

Drawing - 2

To create a leakage channel, certain temporal, energy and spatial conditions are needed that contribute to the reception of data on the attacker's side. Leak channels can be divided into:

  • acoustic
  • visual-optical
  • electromagnetic
  • material

Visual-optical channels

Such channels are usually remote monitoring. Information acts as light that comes from the source of information. The classification of such channels is shown in Fig.3. Methods of protection against visual channels of leakage:

  • reduce the reflective characteristics of the protected object
  • arrange objects in such a way as to exclude reflection to the side of the potential location of the attacker
  • reduce the illumination of the object
  • apply masking methods and others to mislead the attacker
  • use barriers

Drawing - 3

Acoustic channels

In such channels, the carrier has a sound that lies in the ultra range (more than 20,000 Hz). The channel is realized through the propagation of an acoustic wave in all directions. As soon as there is an obstacle in the way of the wave, it activates the oscillatory mode of the obstacle, and sound can be read from the obstacle. Sound travels differently in different propagation media. The differences are shown in Figure 4. In Fig.5. the scheme of vibrational and acoustic channels of information leakage is shown.

Drawing - 4

Drawing - 5

Protection from acoustic channels is primarily an organizational measure. They imply the implementation of architectural and planning, regime and spatial measures, as well as organizational and technical active and passive measures. Such methods are shown in Fig.6. Architectural and planning measures implement certain requirements at the design stage of buildings. Organizational and technical methods imply the implementation of sound-absorbing means. For examples, materials such as cotton wool, carpets, foam concrete, etc. They have a lot of porous gaps that lead to a lot of reflection and absorption of sound waves. Special hermetic acoustic panels are also used. The sound absorption value A is determined by the sound absorption coefficients and the dimensions of the surface of which the sound absorption is: A = Σα * S. The coefficient values ​​are known, for porous materials it is 0.2 - 0.8. For concrete or brick, this is 0.01 - 0.03. For example, when treating walls with α = 0.03 with porous plaster α = 0.3, the sound pressure is reduced by 10 dB.

Drawing - 6

Sound level meters are used to accurately determine the effectiveness of sound insulation protection. A sound level meter is a device that changes sound pressure fluctuations into readings. The scheme of work is shown in Fig.7. Electronic stethoscopes are used to evaluate the protection of buildings from leaks through vibration and acoustic channels. They listen to sound through floors, walls, heating systems, ceilings, etc. The sensitivity of the stethoscope ranges from 0.3 to 1.5 v/dB. With a sound level of 34 - 60 dB, such stethoscopes can listen through structures up to 1.5 m thick. If passive protection measures do not help, noise generators can be used. They are placed along the perimeter of the room in order to create their vibration waves on the structure.

Drawing - 7

Electromagnetic channels

For such channels, the carrier is electromagnetic waves in the range of 10,000 m (frequency< 30 Гц) до волн длиной 1 — 0,1 мм (частота 300 — 3000 Гц). Классификация электромагнитных каналов утечек информации показана на рис.8.

Drawing - 8

Known electromagnetic leakage channels:

With the help of design-technological measures, it is possible to localize some leakage channels using:

  • weakening of inductive, electromagnetic coupling between elements
  • shielding of units and equipment elements
  • signal filtering in power or ground circuits

Organizational measures to eliminate electromagnetic leakage channels are shown in Fig. 9.

Drawing - 9

Any electronic assembly under the influence of a high-frequency electromagnetic field becomes a re-radiator, a secondary source of radiation. This action is called intermodulation radiation. To protect against such a leakage path, it is necessary to prohibit the passage of high-frequency current through the microphone. It is implemented by connecting a capacitor with a capacity of 0.01 - 0.05 microfarads in parallel to the microphone.

Physical channels

Such channels are created in a solid, gaseous or liquid state. Often this is the waste of the enterprise. The classification of material channels is shown in Figure 10.

Drawing - 10

Protection from such channels is a whole range of measures to control the release of confidential information in the form of industrial or industrial waste.

conclusions

Data leakage is the uncontrolled release of information beyond physical boundaries or circle of persons. Systematic monitoring is needed to detect data leaks. The localization of leakage channels is implemented by organizational and technical means.

Protection of information from leakage through PEMIN is carried out using passive and active methods and means.

Passive methods of information protection are aimed at:

  • attenuation of side electromagnetic radiation (information signals) of OTSS at the border of the controlled zone to values ​​that ensure the impossibility of their selection by means of reconnaissance against the background of natural noise;
  • attenuation of pickups of spurious electromagnetic radiation in extraneous conductors and connecting lines that go beyond the controlled zone, to values ​​that ensure the impossibility of their selection by the reconnaissance tool against the background of natural noise;
  • exclusion or attenuation of the leakage of information signals in the power supply circuits that go beyond the controlled zone, to values ​​that ensure the impossibility of their selection by means of reconnaissance against the background of natural noise.

Active methods of information protection are aimed at:

  • the creation of masking spatial electromagnetic interference in order to reduce the signal-to-noise ratio at the border of the controlled zone to values ​​that ensure the impossibility of isolating an information signal by means of reconnaissance;
  • the creation of masking electromagnetic interference in extraneous conductors and connecting lines in order to reduce the signal-to-noise ratio at the border of the controlled zone to values ​​that ensure the impossibility of isolating an information signal by means of reconnaissance.

Let us consider in more detail the most common methods of passive and active protection against PEMIN.

Shielding of technical means

As is known from previous lectures, the operation of technical means for processing, receiving, storing and transmitting information (TSPI) creates side currents and fields that can be used by an attacker to retrieve information. Summing up, we can conclude that the following types of connection can occur between two conductive elements:

  • through an electric field;
  • through a magnetic field;
  • through an electromagnetic field;
  • through connecting wires.

The main characteristic of the field is its intensity. For electric and magnetic fields in free space, it is inversely proportional to the square of the distance from the signal source. The strength of the electromagnetic field is inversely proportional to the first power of the distance. The voltage at the end of a wire or wave line drops slowly with distance. Consequently, at a small distance from the signal source, all four types of communication take place. As the distance increases, first the electric and magnetic fields disappear, then the electromagnetic field, and at a very large distance, only communication through wires and waveguides affects.

One of the most effective passive methods of protection against PEMI is shielding. Shielding- localization of electromagnetic energy in a certain space by limiting its propagation in all possible ways.

There are three types of shielding:

  • electrostatic;
  • magnetostatic;
  • electromagnetic.

Electrostatic shielding consists in closing the electrostatic field to the surface of the metal screen and diverting electric charges to the ground (to the instrument case) using the ground loop. The latter should have a resistance of no more than 4 ohms. The use of metal screens is very effective and allows you to completely eliminate the influence of the electrostatic field. With the correct use of dielectric screens that fit snugly to the shielded element, it is possible to weaken the field of the signal source by ε times, where ε is the relative permittivity of the screen material.

The effectiveness of the screen application largely depends on the quality of the connection of the TSPI case with the screen. Here, the absence of connecting wires between the screen parts and the TSPI body is of particular importance.

The main requirements for electric screens can be formulated as follows:

  • the design of the screen must be chosen such that the lines of force of the electric field are closed on the walls of the screen, without going beyond it;
  • in the low-frequency region (at a penetration depth (δ) greater than the thickness (d), i.e. at δ > d), the efficiency of electrostatic shielding is practically determined by the quality of the electrical contact of the metal shield with the device case and depends little on the shield material and its thickness;
  • in the high frequency region (at d< δ) эффективность экрана, работающего в электромагнитном режиме, определяется его толщиной, проводимостью и магнитной проницаемостью.

When shielding magnetic fields, low-frequency magnetic fields and high-frequency ones are distinguished. used for low frequency pickups in the range from 0 to 3…10 kHz. Low-frequency magnetic fields are shunted by the screen due to the direction of field lines along the walls of the screen.

Let us consider in more detail the principle of magnetostatic shielding.

Around the element (let it be a coil) with a direct current, there is a magnetic field with a strength H 0 that must be shielded. To do this, we surround the coil with a closed screen, the magnetic permeability µ of which is greater than unity. The shield will become magnetized, creating a secondary field that will weaken the primary field outside the shield. That is, the field lines of the coil, meeting the screen, which has less magnetic resistance than air, tend to pass along the walls of the screen and reach the space outside the screen in a smaller amount. Such a screen is equally suitable for protection against the effects of a magnetic field and for protecting the external space from the influence of a magnetic field created by a source inside the screen (Figure 16.1) .


Rice. 16.1.

The main requirements for magnetostatic screens can be reduced to the following:

  • the magnetic permeability µ of the screen material should be as high as possible. For the manufacture of screens, it is desirable to use soft magnetic materials with high magnetic permeability (for example, permalloy);
  • an increase in the thickness of the screen walls leads to an increase in the screening efficiency, however, in this case, possible design restrictions on the weight and dimensions of the screen should be taken into account;
  • joints, cuts and seams in the screen should be placed parallel to the lines of magnetic induction of the magnetic field. Their number should be minimal;
  • shield grounding does not affect the effectiveness of magnetostatic shielding.

The efficiency of magnetostatic shielding increases with the use of multilayer shields.

Electromagnetic shielding applied at high frequencies. The action of such a screen is based on the fact that the high-frequency electromagnetic field is weakened by the reverse voltage eddy currents created by it. This shielding method can weaken both magnetic and electric fields, therefore it is called electromagnetic.

The simplified physical essence of electromagnetic shielding boils down to the fact that under the action of an electromagnetic energy source, charges arise on the side of the shield facing the source, and currents arise in its walls, the fields of which in the external space are opposite to the fields of the source and approximately equal to it in intensity. The two fields cancel each other out.

From the point of view of wave representations, the screening effect is manifested due to the multiple reflection of electromagnetic waves from the surface of the screen and the attenuation of the wave energy in its metal thickness. The reflection of electromagnetic energy is due to the discrepancy between the wave characteristics of the dielectric in which the screen is located and the screen material. The more this discrepancy, the more different wave resistance screen and dielectric, the more intense the partial shielding effect determined by the reflection of electromagnetic waves.

The choice of material for the screen depends on many conditions. Metal materials are selected according to the following criteria and conditions:

  • the need to achieve a certain value of the weakening of the electromagnetic field in the presence of a limitation in the size of the screen and its effect on the object of protection;
  • stability and strength of the metal as a material.

Among the most common metals for the manufacture of screens are steel, copper, aluminum, and brass. The popularity of these materials is primarily due to the relatively high shielding efficiency. Steel is also popular due to the possibility of using welding when mounting the screen.

The disadvantages of sheet metal screens include high cost, high weight, large dimensions and complexity of installation. These shortcomings are not metal mesh. They are lighter, easier to manufacture and place, cheaper. The main parameters of the mesh are its pitch, which is equal to the distance between adjacent wire centers, the radius of the wire, and the specific conductivity of the mesh material. The disadvantages of metal meshes include, first of all, high wear compared to sheet screens.

Also used for shielding. foil materials. These include electrically thin materials with a thickness of 0.01 ... 0.05 mm. Foil materials are mainly produced from diamagnetic materials - aluminum, brass, zinc.

A promising direction in the field of shielding is the use conductive paints, as they are cheap, do not require installation work, and are easy to use. Conductive paints are created on the basis of a dielectric film-forming material with the addition of conductive components, a plasticizer and a hardener. Colloidal silver, graphite, carbon black, metal oxides, powdered copper, and aluminum are used as conductive pigments.

Conductive paints are devoid of the shortcomings of sheet screens and mechanical gratings, as they are quite stable in conditions of sharp climatic changes and are easy to use.

It should be noted that not only individual TSPIs, but also premises as a whole can be shielded. In unshielded rooms, the functions of the screen are partially performed by reinforced concrete components in the walls. Windows and doors do not have them, so they are more vulnerable.

When shielding rooms, the following are used: sheet steel up to 2 mm thick, steel (copper, brass) mesh with a cell up to 2.5 mm. Doors and windows are screened in protected rooms. Windows are screened with mesh, metallized curtains, glass metallization and pasting them with conductive films. Doors are made of steel or covered with conductive materials (steel sheet, metal mesh). Particular attention is drawn to the presence of electrical contact between the conductive layers of the door and walls around the entire perimeter of the doorway. When shielding fields, the presence of gaps, slots in the screen is unacceptable. The grid cell size should be no more than 0.1 wavelength of radiation.

In a protected PC, for example, control units of a cathode ray tube are shielded, the case is made of steel or metallized from the inside, the monitor screen is covered with a conductive grounded film and (or) protected by a metal mesh.

It should be noted that in addition to the function of protecting against information leakage through PEMIN, shielding can reduce the harmful effects of electromagnetic radiation on people and the noise level during TSPI operation.

Information leakage is a major hazard for many businesses. It can occur as a result of the intent of third parties or through the negligence of employees. The intentional organization of a leak is carried out with two goals: the first of them is to cause damage to the state, society or a particular enterprise, this goal is typical for manifestations of cyberterrorism; The second goal is to gain competitive advantage.

An unintentional leak occurs most often through the negligence of employees in an organization, but can also lead to serious adverse consequences. The creation of a system for protecting information assets from loss in companies of all types should be carried out at a professional level, using modern technical means. To do this, it is necessary to have an understanding of the leakage channels and ways to block these channels, as well as the requirements for modern security systems.

Regulatory Framework

All information arrays are divided into two main groups:

  • subject to protection in accordance with federal laws;
  • subject to protection in accordance with the internal policy of the organization.

The first includes data containing state secrets and other information provided for by federal laws. This is the personal data of employees and customers protected in accordance with the Law on Personal Data. Their uncontrolled distribution can be detrimental to the individual and her safety. This group of information also includes banking secrecy, which is protected on the basis of the Law "On Banks and Banking Activity", and some others. Leakage of this information can lead to financial damage to customers, which can be shifted to the culprit in a recourse order.

When an organization works with information containing state secrets, which are, for example, in some government contracts, it is required to comply with special information protection regimes, this is provided for by the law “On State Secrets”. Compliance of the organization's security system with the requirements for working with such information is confirmed by a license issued by the FSB. It should be received by the majority of companies participating in tenders. To obtain it, the system of measures to protect against leaks will be checked for compliance with all requirements by the certification center. The procedure for issuing a license is regulated by Government Decree No. 333.

The commercial and professional secret of the organization, which is of interest to its competitors, is protected in accordance with the norms of the Civil and Labor Code and the internal regulations of the company. Most often, it is of interest to the company's competitors, who can use it in the struggle for advantages in the sales markets, but it can also have independent value for criminal gangs.

Creating a situation for theft of information or the crime itself is prosecuted in accordance with the Criminal Code, which contains Article 183 "Illegal receipt and disclosure of information constituting a commercial, tax or banking secret."

Leakage and interception of information

From the point of view of terminology, it is necessary to distinguish between information leakage and its interception. Interception is an illegal way of mastering information using technical means. Information leakage is its loss during distribution through communication channels and physical space for all types of reasons, including both interception and redirection. Deliberately created leakage of information through technical channels involves the installation of various devices on the way of its distribution that intercept it.

This term is used more often in the professional sphere; in practice, this definition refers to all types of leaks based on both human and technical factors. The illegal act of recording information containing legally protected secrets on an external medium and taking it outside the corporate space is the most common method of theft. Modern DLP systems are now tuned mainly to the dangers coming from the corporate user, and not from external intrusion.

An example of such a situation was the case when Google sued Uber for hiring a former employee of the company. The top manager illegally copied almost all the data related to the development of an unmanned vehicle under his leadership. The security system that exists in one of the largest corporations in the world could not prevent the theft of information committed by one of its top managers. At the same time, the judicial prospects for compensation for the harm caused are vague, since the company and the employee apparently did not conclude an agreement defining the mechanism for compensation for damage in this case. Uber, which became the beneficiary of the theft, was chosen as the defendant. The files may have been returned, but the information they contain could have been used to create a competitive advantage.

This case suggests that regardless of the level of the company, the risk of information loss is equally serious for everyone.

Organizations at Risk

Based on the above criteria for protected data, there are several types of business entities that are in the main risk zone of information leakage. This:

  • commercial and non-commercial, scientific and other organizations working with information constituting a state secret, for example, fulfilling a state order;
  • organizations that have information that could be necessary for criminal communities to commit terrorist acts, or that are, by their nature, the target of terrorist attacks;
  • organizations operating in the financial services market that have data on the accounts and finances of their clients, their bank card numbers;
  • organizations working with large amounts of personal data, which often fall prey to hackers and enter the open market;
  • organizations that use new technologies and know-how in their work;
  • any organizations operating in competitive markets where the available information about technologies, markets, customers, strategies, contracts will become a method to achieve an advantage in the fight for the client;
  • organizations in respect of which there are disputes about the redistribution of property, or which are the targets of raider attacks. In this case, the theft of important information may be the basis for inspections or filing lawsuits.

All of them need to use the available methods to prevent information leakage to the maximum extent, since damage in this case can be caused not only directly to a legal entity, but also to an indefinitely wide range of people. In some cases, a company may be held liable for failure to take protective measures. Each channel of information leakage should be analyzed in terms of determining its security and protected as much as possible.

Technical channels of information leakage

There are five main groups of technical methods for organizing information leakage:

  • visual, allowing you to intercept or copy information reflected in a visual form, these are documents, information displayed on a computer monitor screen;
  • acoustic, allowing you to intercept ongoing conversations or telephone conversations in the room;
  • electromagnetic, allowing to obtain data expressed in the form of radiation of electromagnetic waves, their decoding can also provide the necessary information;
  • material related to the analysis of objects, documents and waste resulting from the company's activities.

In every case where a technical leak channel is exploited by competitors, the most up-to-date methods of obtaining and processing information are used, and the very knowledge of the existence of such opportunities should help reduce the level of risk. To completely remove the danger, it is necessary to communicate with professionals who will be able to identify the most valuable data arrays that are the target for possible attacks, and offer a full range of protection tools.

Visual-optical means

If the monitor screen or part of the documents lying on the table can be seen through the office window, there is a risk of leakage. Any light stream emanating from the information source can be intercepted. To combat this method, it is necessary to use in most cases simple technical means:

  • decrease in reflective characteristics and decrease in illumination of objects;
  • installation of various barriers and disguises;
  • use of reflective glasses;
  • the location of objects so that the light from them does not fall into the zone of possible interception.

But there is also a more typical risk of leakage of species information: taking documents out of the room to photograph them, other forms of copying, screenshots of database screens containing important information, and other methods. The main measures to combat these risks relate exclusively to the administrative and organizational sphere, although there are software tools that, for example, do not make it possible to take a screen of data displayed on the monitor screen.

Acoustic channels

Information that exists in the form of sound is the most vulnerable to interception and leakage. Sound that is in the ultrarange (more than 20,000 hertz) travels easily. If there is an obstacle in its path, the sound wave will cause oscillations in it, and they will be read by special devices. This property of sound should be taken into account already at the stage of designing a building or office, where the layout of the premises by architects should be thought out in such a way as to exclude information leakage. If this method is not feasible, it is necessary to turn to technical means and use sound-reflecting materials for finishing the room, for example, porous plaster. Stethoscopes are used to assess the degree of security.

If it is not possible to achieve maximum sound absorption, noise generators can be used, which can be installed around the perimeter of the main walls of the building that are not protected from listening or in meeting rooms.

Leakage of acoustic information is also possible with the use of voice recorders during negotiations. To detect their presence, special devices are used. The installation of voice signal pickup devices on telephone sets (bugs) is practically not used now, digital traffic is intercepted in another way, including through a telephone operator or through an Internet provider. This degree of risk should also be taken into account, perhaps by creating special instructions about the confidential information that can be discussed in telephone conversations.

Electromagnetic channels and communication channels

The interception of information contained in spurious electromagnetic radiation is also dangerous. Electromagnetic waves propagating within the electromagnetic field at a short distance can also be intercepted. They may come from:

  • from telephone microphones and intercoms;
  • from the main ground and power circuits;
  • from an analog telephone line;
  • from fiber-optic communication channels;
  • from other sources.

Intercepting and decrypting them is not difficult for modern technical means.

The technologies allow you to connect PEMIN embedded devices (the term stands for “side electromagnetic radiation and interference”) directly to power circuits or install them in a monitor or computer case, while they can intercept data through internal connections to the boards:

  • displayed on the monitor screen;
  • entered from the keyboard;
  • output through wires to peripheral devices (printer);
  • recorded on a hard drive and other devices.

In this case, grounding the wires, shielding the most obvious sources of electromagnetic radiation, identifying bookmarks, or using special software and hardware to identify bookmarks will be the ways to deal with this. But information transmitted over the Internet is available for interception. Here, the fight against its theft can be carried out by both hardware and software technical means.

Physical channels

Ordinary garbage or industrial waste can be a valuable source of data. Chemical analysis of waste leaving the controlled area can provide critical information about product composition or production technology. To develop a system to combat this risk, a comprehensive solution is needed, including the use of waste processing technologies.

All of the above methods of information leakage (except material) require the territorial accessibility of the source for the thief, the area of ​​operation of a conventional device for intercepting sound or visual information does not exceed several tens of meters. The installation of embedded devices for picking up electromagnetic radiation and acoustic vibrations should require direct penetration into the object. Knowledge of its layout is also necessary, this may require the recruitment of an employee. Despite the fact that most premises are equipped with video surveillance cameras, these methods are now used in extremely rare cases.

The most serious danger is posed by modern methods of theft using the capabilities of the Internet and access with its help to data archives or voice traffic.

Ways to prevent information leakage

For effective protection against all the above methods of leakage, it is necessary to develop a system of security measures, which includes two main groups of actions and measures:

  • administrative and organizational measures;
  • technical and program measures.

Both the first and second groups of measures require mandatory consultation with professionals before their implementation, especially if the company intends to obtain a license to work with state secrets. The technical means used must be certified and approved for circulation on the territory of the Russian Federation; it is unacceptable to use either untested or prohibited ones, belonging to the category of “spyware”, in order to protect information. Information protection should be based only on legal methods of struggle.

The security system should be designed comprehensively, relying as a basis on organizational measures. All its elements should form a single complex, control over the performance of which should be entrusted to competent employees.

Protection system design principles

There are certain principles on which a comprehensive system of measures to protect confidential information from leaks should be based:

  • continuity of the system in space and time. The protection methods used should control the entire material and information perimeter around the clock, preventing the occurrence of any gaps or a decrease in the level of control;
  • multi-zone protection. Information should be ranked according to the degree of significance, and methods of different levels of impact should be used to protect it;
  • prioritization. Not all information is equally important, so the strongest protection measures should be applied to information of the highest value;
  • integration. All components of the system must interact with each other and be managed from a single center. If the company is a holding company or has several branches, it is necessary to set up information systems management from the parent company;
  • duplication. All the most important blocks and communication systems must be duplicated so that in the event of a breakthrough or destruction of one of the defense links, it will be replaced by a control one.

Building systems of this level is not always required by small trading firms, but for large companies, especially those cooperating with a government customer, it is an urgent need.

Administrative and organizational measures

The head of the company, as well as one of his deputies, in charge of the security service, should be responsible for their observance. Almost 70% of the overall degree of information security depends precisely on administrative and technical measures, since in the activities of commercial espionage services, the use of cases of bribery of employees is much more common than the use of special technical means of stealing information that requires high qualifications and disclosure of information to third parties is not directly participating in the competition.

Documentation development

All regulations of the organization dedicated to the protection of trade secrets and other information must comply with the most stringent requirements for similar documents required to obtain a license. This is due not only to the fact that they are the most developed, but also to the fact that the high-quality preparation of this type of documentation will make it possible in the future to defend the company's position in court in case of disputes about information leakage.

Work with personnel

Personnel is the weakest link in any system for protecting information from leaks. This leads to the need to pay maximum attention to working with him. For companies working with state secrets, a system for issuing permits is provided. Other organizations need to take various measures to ensure that the ability to work with sensitive data is limited. It is necessary to draw up a list of information constituting a commercial secret, and draw it up as an annex to the employment contract. When working with the information contained in the database, access systems must be developed.

All copying and external e-mail access must be restricted. All employees must be familiar with the instructions on how to work with information containing commercial secrets, and confirm this with signatures in the journals. This will allow them to be held accountable if necessary.

The access regime that exists at the facility should include not only the recording of the data of all visitors, but also cooperation only with security companies that also comply with all security requirements. The situation when an employee of a private security company is on duty at night at a facility in which employees write down their passwords for the convenience of the system administrator and leave them on the desktop can be just as dangerous as the work of a professional hacker or technical means of interception embedded in the premises.

Working with contractors

Quite often, the perpetrators of information leaks are not employees, but company counterparties. These are numerous consulting and auditing companies, firms providing services for the development and maintenance of information systems. As a rather curious, albeit controversial, example, one can cite the Ukrainian situation, where the work of a number of 1C subsidiaries was banned due to suspicions that its employees could steal confidential accounting information. The same danger is posed by cloud CRM systems that are common today, which offer cloud storage services. With a minimum level of their responsibility for the safety of the information entrusted to them, no one can guarantee that the entire database of customer phone calls recorded in the system when it is integrated with IP telephony will not become the booty of competitors at once. This risk must be assessed as very serious. When choosing between server or cloud programs, you should choose the former. According to Microsoft, the number of cyber attacks on cloud resources has increased by 300% this year

It is equally necessary to treat all counterparties who require the transfer of data constituting a trade secret to them. All contracts must contain conditions that impose liability for its disclosure. Quite often acts of valuation of property and shares, audits, consulting studies are resold to competing organizations.

Planning and technical solutions

When planning the architecture of the premises in which negotiations are held or protected information is located, all GOST requirements for protection methods must be observed. Meeting rooms should be able to pass the necessary certification, all modern shielding methods, sound-absorbing materials should be used, and noise generators should be used.

Technical means and systems to prevent leaks

To protect information from leakage or theft, it is necessary to apply a wide range of hardware and technical measures. Modern technical means are divided into four groups:

  • engineering;
  • hardware;
  • software;
  • cryptographic.

Engineering

This category of protective equipment is used as part of the implementation of planning and architectural solutions. They are devices that physically block the possibility of unauthorized persons from entering protected objects, video surveillance systems, alarms, electronic locks and other similar technical devices.

Hardware

These include measuring devices, analyzers, technical devices that allow you to determine the location of embedded devices, everything that allows you to identify existing information leakage channels, evaluate their performance, identify significant characteristics and role in a situation with a possible or occurred loss of information. Among them are field indicators, radio frequency meters, non-linear locators, equipment for testing analog telephone lines. To detect voice recorders, detectors are used that detect spurious electromagnetic radiation, and video camera detectors work on the same principle.

Software

This is the most significant group, since with its help it is possible to avoid the penetration of unauthorized persons into information networks, block hacker attacks, and prevent the interception of information. Among them, it is necessary to note special programs that provide system protection of information. These are DLP systems and SIEM systems, which are most often used to create mechanisms for complex information security. DLP (Data Leak Prevention, data leakage prevention systems) provide complete protection against the loss of confidential information. Today, they are configured mainly to work with threats inside the perimeter, that is, coming from users of the corporate network, and not from hackers. The systems apply a wide range of techniques to identify points of loss or transformation of information and are able to block any unauthorized entry or transmission of data, automatically checking all channels of their transmission. They analyze the user's mail traffic, the contents of local folders, messages in instant messengers, and if they detect an attempt to forward data, they block it.

(Security Information and Event Management) manage information flows and events in the network, while an event is any situation that can affect the network and its security. When it occurs, the system independently proposes a solution to eliminate the threat.

Software hardware can solve individual problems, and can also provide comprehensive security for computer networks.

Cryptographic

The complex application of the entire range of protection methods can be redundant, therefore, in order to organize information protection systems in a particular company, you need to create your own project, which will be optimal from a resource point of view.

Khorev Anatoly Anatolievich,
doctor of technical sciences, professor,
Moscow State Institute of Electronic Technology
(Technical University), Moscow

Technical channels for the leakage of information processed by computer technology.

7. Terminology in the field of information security: a Handbook. M.: VNII Standard, 1993. -110 p.

8. Technical protection of information. Basic terms and definitions: recommendations for standardization R 50.1.056-2005: approved. By order of Rostekhregulirovanie dated December 29, 2005 No. 479-st. - Input. 2006-06-01. - M.: Standartinform, 2006. - 16 p.

9. Khorev A.A. Technical protection of information: textbook. allowance for university students. In 3 vols. Vol. 1. Technical channels of information leakage. M.: SPC "Analytics", 2008. - 436 p.

10. Anti terror equipment: catalog.- Germany: PKI Electronic Intelligence, 2008. - 116 rubles. + http://www.pki-electronic.com

11. Computer Keyboard Monitoring: product range.- Italy, Torino, B.E.A. S.r.l., 2007. -R. 35-37.

12. KeyDevil Keylogger. [Electronic resource]. - Access mode: http://www.keydevil.com/secure-purchase.html.

13. Kuhn Markus G. Compromising emanations: eavesdropping risks of computer displays.[Electronic resource]. - Access mode: http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-577.html .

14. security and surveillance products.[Electronic resource]. - Access mode: http://endoacustica.com/index_en.htm.

15. Wireless controlled keylogger.[Electronic resource]. - Access mode:

The stability of the receipt of information, implicit, hidden from the owner, the form of retrieval of information processed by technical means, led to unrelenting interest in the leakage channel arising from spurious electromagnetic radiation and interference (PEMIN) accompanying the operation of this equipment.

The characteristics of leakage channels are given below, the methodology and methods for protecting information from leakage at the expense of PEMIN are described. Ways of implementation and characteristics of modern active means of protection - noise generators are considered, recommendations for their use are given.

Characteristics of the information leakage channel due to PEMIN

The frequency range of spurious electromagnetic radiation that accompanies informative signals extends from units of kilohertz to gigahertz and higher and is determined by the clock frequency of the information processing tool (IDP) used. So, for a standard computer monitor, information interception is possible at frequencies up to the 50th harmonic of the clock frequency, and the radiation level, which is up to tens of dB in the near zone, makes it possible to receive signals at a distance of up to several hundred meters.

In addition to electromagnetic radiation, quasi-static informational electric and magnetic fields are present around information processing facilities, causing pickups on closely spaced cables, telephone wires, fire and security alarm lines, power grids, etc. The intensity of the fields in the frequency range from units of kilohertz to tens of megahertz is such that signals can be received outside the controlled zone (SC) with direct connection to these transmission lines.

Methodology for protecting information from leakage due to PEMIN

Depending on the environment for the dissemination of informative signals, two possible channels of leakage are considered: due to PEMIN itself and communication.

According to the method of formation, four types of leakage channels are classified:

The channel of electromagnetic radiation (EMR), formed by the fields that arise during the passage of information through the SRI circuits;

Channel of random antennas (RA), arising due to induced EMF in conductive communications, galvanically not connected with the IRS and having an exit from the controlled zone (SC);

Channel of outgoing communications galvanically connected to the SDI;

The channel of non-uniform current consumption (NDC), which is formed due to the amplitude modulation of the current by the operation of the elements of the IDS during information processing.

The EMP channel is characterized by the size of the EMP zone - the distance between the IDS and the antenna interception equipment, beyond which effective reception is impossible due to a natural decrease in the level of the emitted signal.

The channel of random antennas is characterized by the size of their area for lumped random antennas (CRA) and distributed random antennas (RSA). Lumped random antennas include any technical means that go beyond the controlled area. Distributed random antennas include wires, cables, structural elements of a building, etc. The distance between the SOI and SA, at which effective interception is impossible, determines the size of the SA zone.

The outgoing communication channel is characterized by the maximum permissible value of the ratio of the powers of the informative signal and the normalized interference, at which effective reception is impossible.

The NPT channel is characterized by the maximum allowable value of the ratio of the magnitude of the change in the current coming from the source during information processing to the average value of the current consumption. If the specified ratio does not exceed the limit value, effective reception on the NTP channel is not possible. At present, taking into account the practical absence of low-speed devices in the SVT (the frequency range of this channel is taken from 0 to 30 Hz), this channel is of little relevance.

Taking into account the above, it is possible to formulate a criterion for the protection of the IMS from leakage through the PEMI and pickups: IMS is considered protected if:

The radius of the zone of electromagnetic radiation does not exceed the minimum allowable distance from the IS to the boundary of the short circuit;

The ratio of the powers of the informative signal of the normalized interference in all SA does not exceed the maximum permissible value at the SC boundary;

The ratio of the powers of the informative signal of the normalized interference in all outgoing communications at the boundary of the short circuit does not exceed the maximum allowable value;

The ratio of the magnitude of the change in the “processing” current to the average value of the current consumption from the mains at the border of the short circuit does not exceed the maximum allowable value.

The main tasks and principles of the protection of SVT

The following methods and measures are used to protect the information signals of the SVT from possible information leakage:

Organizational;

Technical.

Technical information security measures in the SVT include measures and means that affect either the level of PEMIN or the level of electromagnetic noise. For example, electromagnetic shielding is an effective way to protect information, but it requires significant economic costs and regular monitoring of shielding effectiveness. In addition, full electromagnetic shielding introduces discomfort to the work of maintenance personnel.

Improvement of the SVT can significantly reduce the level of information radiation, but they cannot be completely eliminated. In modern conditions, the refinement of SVT technology is reduced to the selection of SVT components, since there are no own developments of EVT tools in the Russian Federation and the PC is assembled from foreign components. When selecting components at assembly companies (red assembly), attention is drawn to the motherboard, the design of the system unit case (case), video card (video controller), display type, etc.

Active radio masking, noise - the use of broadband noise generators.

Noise generators can be hardware and object. The main task of air noise is to raise the level of electromagnetic noise and thereby prevent the radio interception of SVT information signals. The barrage noise interference intensity indicators (noise with a normal distribution law of instantaneous amplitude values) is the noise zone R w. The technical means of SVT will be protected if R w > R 2 .

Methodology for conducting special studies of technical means of EWT

Basic requirements for measurement conditions.

Identification of dangerous signals from the total set of signals and measurement of their level is carried out with specially organized test modes of technical means (TS), in which the duration and amplitude of information pulses remain the same as in the operating mode, but a periodic pulse sequence in the form of bursts is used. This requirement is due to the fact that in the accepted methodology for calculating the results of MI, the values ​​of the summation bandwidth of the frequency components and the clock frequency of information pulses must be constant. Otherwise, the calculation of the results becomes impossible.

In addition, the cyclic repetition of the same “packets” of information makes it much easier to identify and measure the values ​​of “dangerous” signals against the background of noise and interference.

Signal detection is carried out from all sides of the technical means. The signal is measured in the peak (quasi-peak) mode from the direction of maximum radiation, where a dangerous signal is detected. To detect test signals and identify them from the total set of received signals, such features are used as the coincidence of the frequencies of the detected harmonics and the intervals between them with the calculated values, the period and duration of the bursts, the change in the shape of the signal at the receiver output when the parameters of the test signal change, etc. P.

When taking measurements, you must:

To study the technical description and schematic diagrams of the vehicle;

To study the possible modes of operation of the vehicle;

Prepare measuring equipment for work.

Measurement of the parameters of spurious electromagnetic radiation and interference of the vehicle is carried out in all modes of its operation. Grounding and power supply of the vehicle must be carried out in accordance with the operating rules of this vehicle. Before starting measurements, the vehicles are checked for operability in accordance with the operating instructions.

The room in which the parameters of the dangerous signal field are measured must have room dimensions of at least 6x6m (36 m 2);

Near the measured technical means (closer than 2.5 m), which is installed in the middle of the room, there should not be bulky metal objects (safes, cabinets, etc.) that can distort the TEM image;

The flooring of the room can be either wooden (parquet) or metal;

The laws of field decay in the certified room must correspond to the standard field weakening function within 2 ... 2.5 m from the vehicle in the direction of the measuring antenna installation.

The technical device is installed on a swivel pedestal, 0.8...1.0 m high, power is supplied to the vehicle through an anti-jamming filter of the FP type or another type, attenuation of at least 40.. .60 dB.

This equation of the zone is solved by the graphic-analytical method or on a PC.

Organization of PC protection from unauthorized access

At present, due to the rapid development of computer technology and the emergence of new information technologies, a new direction for obtaining categorized information has emerged, closely related to computer crime and unauthorized access (UAS) to restricted information. The development of local and global computer networks has led to the need to close unauthorized access to information stored in automated systems.

The goals of information protection are: prevention of damage that may occur as a result of the loss (theft, loss, distortion, forgery) of information in any of its manifestations.

Any modern enterprise cannot successfully function today without creating a reliable system for protecting its information, which includes not only organizational and regulatory measures, but also technical software and hardware, organization of information security control during its processing, storage and transmission in automated systems (AS).

The practice of organizing the protection of information from unauthorized access during its processing and storage in automated systems should take into account the following principles and rules for ensuring information security:

1. Compliance of the level of information security with legislative provisions and regulatory requirements for the protection of information subject to protection under current legislation, incl. selection of the AS security class in accordance with the characteristics of information processing (processing technology, specific operating conditions of the AS) and the level of its confidentiality.

2. Identification of confidential (protected) information and its documentation in the form of a list of information subject to protection, its timely adjustment.

3. The most important decisions on information security should be made by the management of the enterprise or the owner of the AU.

4. Determination of the procedure for establishing the level of user permissions, as well as the circle of persons to whom this right is granted (information security administrators).

5. Establishment and registration of access control rules

(PRD), i.e. a set of rules governing the access rights of access subjects to access objects.

6. Establishing the personal responsibility of users for maintaining the level of security of the AS when processing information subject to protection.

7. Ensuring the physical protection of the facility on which the protected NPP is located (territory, buildings, premises, storage of information carriers), by establishing appropriate posts, technical means of protection or by any other means that prevent or significantly hinder the theft of computer equipment (SVT), information carriers, as well as NSD to SVT and communication lines.

8. Organization of the information security service (responsible persons, information security administrator), which performs accounting, storage and issuance of information media, passwords, keys, maintenance of service information of the information security facility of the NSD (generation of passwords, keys, maintenance of access control rules), acceptance of new software included in the AS funds, as well as control over the course of the technological process of processing confidential information, etc.

9. Systematic and operational control of the level of security of protected information in accordance with the applicable guidance documents on information security, incl. checking the protective functions of information security tools.

Information security tools must have a certificate certifying their compliance with information security requirements.

An analysis of the experience of work related to the processing and storage of information using computer technology made it possible to draw conclusions and summarize the list of possible threats to information. Conventionally, they can be divided into three types:

Violation of confidentiality of information;

Violation of the integrity of information;

Violation of the availability of information.

Proceeding from this, a system for protecting automated systems and PCs from unauthorized access is being built.

Building a protection system

The construction of a protection system based on a hardware-software complex of information protection tools from unauthorized access and its interaction with the PC hardware and software is generally shown in Fig. 4.13.

Rice. 4.13. Construction of a protection system based on a software and hardware complex

Information protection using the hardware and software of the UA protection complex is based on the processing of events that occur when application programs or system software (SW) access PC resources. In this case, the means of the complex intercept the corresponding software and/or hardware interrupts (requests for performing operations to the hardware and/or software resources of the PC). In the event of a controlled event (interrupt request), the request is analyzed and, depending on the compliance of the access subject (its application task) authority set by the DRP security administrator, either allow or prohibit the processing of these interrupts.

In the general case, the protection system consists of the actual means of protection against unauthorized loading of the OS and the means of restricting access to information resources, which can be conditionally represented as four interacting information protection subsystems (Fig. 4.14).

Access control subsystem

The access control subsystem is designed for protection. PC from unauthorized users, managing access to access objects and organizing their sharing by registered users in accordance with the established rules for access control.

Unauthorized users are understood as all persons who are not registered in the system (who do not have a personal identifier registered in a particular PC). DC protection


Rice. 4.14. The information protection subsystems of front users are provided with identification procedures (comparison of the presented identifier with the list registered on the PC) and authentication (authentication), which is usually carried out by entering a password of a certain length. To identify users in protection systems against unauthorized access, personal identifiers of the Touch Memory (Ibutton) DS 199X type are most often used, which are distinguished by high reliability, uniqueness, high-speed memory, ease of use, acceptable weight and size characteristics and low price.

Two principles of managing access to protected resources can be implemented in protection systems against UA: discretionary and mandated.

Discretionary access control principle. Each registered user is assigned access rights based on the principle of assigning specified access characteristics to each “subject-object” pair, which are prescribed in the DRP. When a user requests access, an unambiguous interpretation of the established DRPs is provided and, depending on the user's authority level, the requested type of access is allowed or denied.

This access control option allows for any user of the system to create an isolated software environment (IPS), i.e. limit its ability to run programs by specifying as allowed to run only those programs that are really necessary for the user to perform his official duties. Thus, the user will not be able to run programs that are not included in this list.

Mandatory principle of access control. The principle of managing access to PC resources (hardware and software),

based on a comparison of the level of confidentiality assigned to each resource, and the authority of a specific registered user to access PC resources with a given level of confidentiality.

To organize mandatory access control, a certain level of access to confidential information is set for each user of the system, and a so-called confidentiality label is assigned to each resource (directories, files, hardware).

At the same time, access differentiation to confidential directories and files is carried out by comparing the user's access level and the resource's sensitivity label and making a decision on granting or not granting access to the resource.

Subsystem of registration and accounting

The registration and accounting subsystem is intended for registration in the system log, which is a special file placed on the hard disk of the PC, of ​​various events occurring during the operation of the PC. When logging events in the system log, the following are recorded:

Date and time of the event;

The name and identifier of the user performing the logged action;

User actions (information about the user entering / exiting the system, program launches, UA events, changing permissions, etc.). Access to the system log is possible only for the IS administrator (supervisor). Events recorded in the system log are determined by the administrator of the information security facility.

This subsystem also implements a mechanism for zeroing the freed memory areas.

Integrity Subsystem

The integrity subsystem is designed to exclude unauthorized modifications (both accidental and malicious) of the software and hardware environment of the PC, including the software of the complex and the information being processed, while protecting the PC from the introduction of software tabs and viruses. In software and hardware systems of information security systems (PAKSZI) from NSD, this is usually implemented:

Checking unique identifiers of PC hardware parts;

Checking the integrity of system files assigned for control, including PAXZI NSD files, user programs and data;

Control access to the operating system directly, bypassing DOS interrupts;

Exclusion of the possibility of using a PC without a hardware controller of the complex;

A mechanism for creating a closed software environment that prohibits the launch of imported programs that exclude unauthorized access to the OS.

When checking the integrity of the PC software environment, the checksum of the files is calculated and compared with the reference (control) value stored in a special data area. These data are entered during user registration and may change during the operation of the PC. Anti-tamper protection systems use a complex algorithm for calculating checksums - calculating the value of their hash functions, which excludes the fact that a file modification is not detected.

Cryptographic protection subsystem

The cryptographic protection subsystem is designed to enhance the protection of user information stored on a PC hard disk or removable media. The cryptographic information protection subsystem allows the user to encrypt / decrypt his data using individual keys, usually stored in a personal TM-identifier.

The composition of a typical complex of protection against unauthorized access

The composition of a typical complex for protecting a PC from unauthorized access includes hardware and software. Hardware includes a hardware controller, an information puller, and personal user identifiers.

The hardware controller (Fig. 4.15) is a board (ISA / PCI) installed in one of the expansion slots of the PC motherboard. The hardware controller contains a ROM with software, a connector for an information reader, and additional devices.


Rice. 4.15. Hardware controller "Sobol"

As additional devices on the hardware controller, relays for blocking the loading of external devices (FDD, CD-ROM, SCSI, ZIP, etc.) can be installed; hardware random number generator; nonvolatile memory.

An information reader is a device designed to read information from a personal identifier presented by the user. Most often, in complexes of protection against unauthorized access, readers of information from personal identifiers of the Touch Memory (Ibutton) DS199X type, which are contact devices, are used.

As information readers, contact and contactless smart card readers (Smart Card Readers) can be used, as well as biometric information readers that allow you to identify the user by his biometric characteristics (fingerprint, personal signature, etc.).

A personal user identifier is a hardware device that has unique, non-copyable characteristics. Most often, in systems of protection against unauthorized access, identifiers of the Touch-Memory type (Ibutton) are used, which are an electronic circuit equipped with a battery and having a unique identification number 64 bits long, which is formed technologically. The term of operation of the electronic identifier, declared by the manufacturer, is about 10 years.

In addition to TM-identifiers, UA protection systems use Smart Card-type identifiers (“Smart Card”).

A smart card is a plastic card (Fig. 4.16.), with a microcircuit built into it, containing a non-volatile rewritable memory.

Some systems of protection against unauthorized access allow the use of biometric features of the user (personal signature, fingerprint, etc.) as an identifier. The composition of the software of a typical information security system (IPS) from NSD is shown in fig. 4.17.

All software of the UA protection complex can be conditionally divided into three groups.

System protection programs - programs that perform the functions of protecting and restricting access to information. Also, using this group of programs, the protection system is configured and controlled during operation.

A special bootloader is a program that provides trusted booting of the underlying OS.

Security driver ("security monitor") - a resident program that controls the authority and restricts access to information and hardware resources during the user's work on the AS (PC).

Installation programs - a set of programs available only to the administrator of the information security system for managing the operation of the information protection system. This set of programs allows you to carry out the regular process of installing and removing the information protection system.

Programs of the identification/authentication system are a set of programs for the formation and analysis of individual user characteristics used in the identification/authentication. This group also includes programs for creating and managing a database of system users.

Training program - in general, it is a program for the accumulation and analysis of the user's individual characteristics (alphanumeric combination of a personal password, personal signature, fingerprints) and the development of an individual characteristic, which is recorded in the database.

Rice. 4.17. The composition of the software of a typical information security system

The user base contains unique numbers of user identifiers registered in the system, as well as service information (user rights, time limits, confidentiality labels, etc.).

The identification program manages the process of user identification: issues a request to present an identifier, reads information from a personal identifier, and searches for a user in the user database. If the user is registered in the system, it generates a request to the database of individual user characteristics.

The database of individual characteristics contains the individual characteristics of all users registered in the system, and makes a selection of the required characteristics at the request of the identification program.

Technological programs are auxiliary tools for ensuring the safe functioning of the protection system, available only to the administrator of the protection system.

Station recovery programs are designed to restore station performance in the event of hardware or software failures. This group of programs allows you to restore the user's original working environment (which existed before the installation of the protection system), as well as to restore the health of the hardware and software of the protection system.

An important feature of the station recovery programs is the ability to remove the protection system in an abnormal way, i.e. without using the installer, as a result of which the storage and accounting of this group of programs must be done with particular care.

The syslog program is designed to register in the system log (special file) all events that occur in the protection system at the time of the user's work. The program allows you to generate samples from the system log according to various criteria (all UA events, all user logon events, etc.) for further analysis.

Dynamics of the work of the complex of protection against unauthorized access

The following mechanisms are used to implement the functions of the UA protection complex:

1. A mechanism for protecting against unauthorized OS loading, including user identification by a unique identifier and authentication of the identity of the owner of the presented identifier.

2. Screen and keyboard locking mechanism in cases where certain threats to information security can be implemented.

3. A mechanism for monitoring the integrity of critical programs and data from the point of view of information security (a mechanism for protecting against unauthorized modifications).

4. The mechanism for creating functionally closed information systems by creating an isolated software environment;

5. A mechanism for restricting access to AS resources, determined by access attributes that are set by the system administrator in accordance with each pair of “access subject and access object” during user registration.

6. The mechanism for registering control events and NSD events that occur during the work of users.

7. Additional protection mechanisms.

At the stage of installation of the protection complex against unauthorized access, the hardware controller is installed in a free slot of the PC motherboard and the software is installed on the hard disk.

Setting up the complex consists in setting the rights of access control and user registration. When a user is registered by the security system administrator, his access rights are determined: lists of executable programs and modules that are allowed to run for this user.

At the installation stage, lists of files are also formed, the integrity of which will be checked when the PC is started by this user. The calculated values ​​of the hash functions (checksums) of these files are stored in special memory areas (in some systems they are stored in the memory of a personal TM-identifier).

The mechanism of protection against unauthorized loading of the OS is implemented by carrying out procedures for identifying, authenticating and monitoring the integrity of protected files before loading the operating system. This is provided by a ROM installed on the hardware controller board, which receives control during the so-called ROM-SCAN procedure. The essence of this procedure is as follows: during the initial start, after checking the main hardware, the BIOS of the computer starts searching for external ROMs in the range from C800:0000 to EOOO.OOOO in 2K increments. A sign of the presence of a ROM is the presence of the word AA55H in the first word of the checked interval. If this sign is detected, then the next byte contains the length of the ROM in pages of 512 bytes.Then the checksum of the entire ROM is calculated, and if it is correct, the procedure located in the ROM with an offset will be called.This procedure is usually used when initializing hardware devices.

In most UA protection systems, this procedure is designed to implement the process of user identification and authentication. In case of an error (denial of access), the procedure does not return; further loading of the PC will not be performed.

When the hardware controller is installed and the software of the anti-tamper protection system is installed, the PC is loaded in the following order:

1. The computer BIOS performs the standard POST procedure (checking the main computer equipment) and upon its completion proceeds to the ROM-SCAN procedure, during which control is intercepted by the hardware controller of the anti-tampering system.

2. The process of user identification is carried out, for which an invitation to present your personal identifier is displayed on the PC monitor (in some security systems, simultaneously with the invitation, a countdown is started, which allows you to limit the time of the identification attempt).

3. If the user presents an identifier, the information is read. If the identifier is not presented, access to the system is blocked.

4. If the presented identifier is not registered in the system, then an access denied message is displayed and a return to P.2 occurs.

5. If the presented identifier is registered in the system, the system switches to the authentication mode. In most systems of protection against unauthorized access, a personal password is used for authentication.

6. If the password is entered incorrectly, a return to P.2 occurs.

7. If the password is entered correctly, the hardware controller transfers control to the PC and the regular process of loading the OS is performed.

In addition, many systems allow you to limit the number of "invalid" inputs by reloading in the event of a given number of failures.

The stability of the identification/authentication procedure is highly dependent on the personal identifiers used and the user authentication algorithms. If a TM-identifier is used as an identifier, and the authentication procedure is the input of a personal password, its resistance to hacking will depend on the length of the password.

During the implementation of control procedures (identification and authentication of the user, integrity check), the driver of the anti-tamper protection system blocks the keyboard and OS loading. When the information reader is touched, the presented TM-identifier is searched in the list of identifiers registered on the PC. Typically, the list is stored on drive C. If the presented TM-identifier is found in the list, then in some systems of protection against unauthorized access, the integrity of the files is monitored in accordance with the list compiled for the given user.

In this case, when checking the list of user files for integrity, the hash function of the checksum of these files is calculated and compared with the reference (control) value read from the presented personal TM identifier. To carry out the authentication procedure, a password entry mode is provided in a hidden form - in the form of special characters (for example, the symbol - "*"). This prevents the possibility of disclosing an individual password and using a lost (stolen) TM identifier.

With a positive result of the above control procedures, the OS is loaded. If the identifier presented by the user is not registered in the list or if the integrity of the protected files is violated, the OS will not be loaded. Administrator intervention is required to continue.

Thus, the control procedures: identification, authentication and integrity checks are carried out before the OS is loaded. In any other case, i.e. if this user does not have rights to work with this PC, the OS is not loaded.

When executing the configuration files CONFIG.SYS and AUTOEXEC.BAT, the keyboard is locked and loading

"security monitor" of the anti-UAS protection system, which controls the use by the user of only the resources allowed to him.

The integrity control mechanism is implemented by comparing two vectors for one data array: a reference (control) one, developed in advance at the stage of user registration, and the current one, i.e. generated immediately prior to testing.

The reference (control) vector is generated on the basis of the hash functions (checksum) of protected files and is stored in a special file or identifier. In case of authorized modification of protected files, the procedure for overwriting a new value of the hash functions (checksum) of the modified files is carried out.

The mechanism for creating an isolated software environment is implemented using the resident part of the “security monitor” of the UA protection system. During the operation of the UA protection system, the resident part of the “security monitor” checks the files of all drivers loaded from the CONFIG.SYS file and provides operational control over the integrity of executable files before transferring control to them. This provides protection against software viruses and bookmarks. In case of a positive outcome of the check, control is transferred to the OS to load the file for execution. If the test fails, the program does not start.

The access control mechanism is implemented using the resident part of the “security monitor” of the UA protection system, which intercepts the processing of OS functions (basically, this is an interrupt int 21, as well as int 25/26, and int 13). The meaning of this resident module is that when a request is received from the user program, for example, to delete a file, it first checks whether the user has such permissions.

If there is such authority, control is transferred to a normal OS handler to execute the operation. If there are no such permissions, an exit with an error is simulated.

Access control rules are established by assigning access attributes to access objects. A set attribute means that the operation specified by the attribute can be performed on the object.

The set attributes define the most important part of the user's DRP.

The efficiency of the protection system largely depends on the correct choice and installation of attributes. In this regard, the administrator of the security system must clearly understand what and how the choice of attributes assigned to objects to which the user has access depends. At a minimum, it is necessary to study the principle of access control using attributes, as well as the features of the software tools that will be used by the user during work.

The software of protection systems against unauthorized access allows for each subject-object pair to determine (part of the specified access characteristics or all):

for disks:

Availability and visibility of the logical drive;

Creating and deleting files;

File visibility;

Execution of tasks;

Inheritance by subdirectories of the attributes of the root directory (with the extension of inheritance rights only to the next level or to all the following levels);

for directories:

Availability (go to this directory);

Visibility;

Inheritance of directory attributes by subdirectories (with inheritance rights extending only to the next level or to all subsequent levels);

for directory content:

Creating and deleting subdirectories;

Renaming files and subdirectories;

Opening files for reading and writing;

Creating and deleting files;

File visibility;

for tasks:

Execution.

The mechanism for registering control and UA events contains means of selective familiarization with registration information, and also allows you to register all access attempts and actions of selected users when they work on a PC with an installed UA protection system. In most tamper protection systems, the administrator has the ability to select the level of detail of logged events for each user.

Registration is carried out in the following order:

For each user, the system administrator sets the log verbosity level.

For any level of detail, the log reflects user registration parameters, access to devices, launching tasks, attempts to violate the DRP, changes to the DRP.

For the medium level of detail, the log additionally reflects all attempts to access protected drives, directories, and individual files, as well as attempts to change some system settings.

For a high level of detail, the log additionally reflects all attempts to access the contents of protected directories.

For selected users, the journal reflects all changes to the DRP.

In addition, there is a mechanism for forced registration of access to some objects.

In general, the system log contains the following information:

1. Date and exact time of event registration.

2. The subject of access.

3. Type of operation.

4. Access object. The access object can be a file, directory, disk. If the event is a change in access rights, then updated DRPs are displayed.

5. The result of the event.

6. Current task - a program that is running on the station at the time of the event registration.

Additional protection mechanisms against unauthorized access to the PC

Additional protection mechanisms from UA to PC (AS) allow you to increase the level of protection of information resources, relative to the basic level achieved when using the standard functions of the protection system. To increase the level of protection of information resources, it is advisable to use the following protection mechanisms:

Limitation of the "lifetime" of the password and its minimum length, excluding the possibility of its quick selection in case the user loses his personal identifier;

Using "time restrictions" for users to log in to the system by setting for each user a time interval by day of the week in which work is allowed;

Setting the screen saver control parameters - blanking the screen after a predetermined time interval (if the operator did not perform any actions during the specified interval). The opportunity to continue working is provided only after re-identification upon presentation of a personal user ID (or password);

Setting for each user restrictions on the output of protected information to alienated media (external magnetic media, ports of printers and communication devices, etc.);

Periodic verification of the integrity of system files, including files of the software part of the protection system, as well as user programs and data;

Control of access to the operating system directly, bypassing OS interrupts, to exclude the possibility of debugging and development programs, as well as "virus" programs;

Exclusion of the possibility of using a PC in the absence of a hardware controller of the protection system, in order to exclude the possibility of loading the operating system by users with the protection system removed;

Use of mechanisms for creating an isolated software environment that prohibits the launch of executable files from external media or embedded in the OS, as well as excluding unauthorized entry of unregistered users into the OS;

Indication of attempts of unauthorized access to the PC and protected resources in real time by giving sound, visual or other signals.

Control questions for independent work 1. What are the organizational measures that need to be taken to protect the object.

2. What is the purpose of the search activities?

3. Name passive and active methods of technical protection.

4. List the methods for protecting speech information.

5. What is the difference between soundproofing and vibroacoustic protection of a room?

6. How are sound recording devices and radio microphones neutralized?

7. Give the characteristics of protection devices for the terminal equipment of low-current lines.

8. List ways to protect subscriber telephone lines.

^9. What is the main purpose of escaping?

h 10. List the basic requirements for grounding devices.

11. Compare the protective properties of network noise suppression filters and noise generators in the power supply network. Specify the areas of application of these products.

12. What are the technical measures to protect information in the SVT.

13. List the main criteria for the security of SVT.

14. The procedure and features of conducting special studies of technical means of EVT.

15. What is the essence of the graphical method for calculating the radius of the zone And (I 2)?

16. The main purpose of complexes of protection against unauthorized access.

17. What is a personal identifier? What types of identifiers are used in protection systems against unauthorized access, name the main properties of the identifier.

18. What procedures are performed by the UA protection system until the OS is loaded?

19. What happens during the authentication process. What types of authentication processes are used in UA protection systems?

20. What determines the strength of the identification/authentication process?

21. What is meant by the definition of the right to restrict access?

22. What is meant by the object of access?

23. How is the mandated principle of access control implemented?

24. What subsystems are included in the means of access control?

25. What hardware resources are included in the standard composition of the system of protection against unauthorized access?

26. What parameters are registered in the system log during the user's work. What is the syslog for?

27. What systems of protection against unauthorized access can be used in the AU processing information constituting a state secret?

Top Related Articles

Formatting characters and paragraphs in MS Word What is paragraph formatting
Formatting characters and paragraphs in MS Word What is paragraph formatting
The file system performs a function
The file system performs a function
The history of the creation of CRT - CRT monitors with a slit mask (Slot Mask)
The history of the creation of CRT - CRT monitors with a slit mask (Slot Mask)
Categories:
© 2022 bumotors.ru. How to set up smartphones and PCs. Informational portal.