Why do we need information security software. Information security software and hardware

02.07.2020 Windows Phone

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Basic job data

Template version 1.1

Branch Nizhny Novgorod

Type of work Electronic written pre-defense

Name of discipline WRC

Topic

Software tools for protecting information in networks

I've done the work

Ipatov Alexander Sergeevich

Contract No. 09200080602012

Introduction

1. The main provisions of the theory of information security

1.1 Information security. Basic definitions

1.2 Information security threats

1.3 Building systems of protection against threats of violation of confidentiality of information

1.3.1 Protection system model

1.3.2 Organizational and physical security measures

1.3.3 Identification and authentication

1.3.4 Access control

1.3.5 Cryptographic Confidentiality Techniques

1.3.6 Methods for protecting the outer perimeter

1.3.7 Logging and Auditing

1.4 Construction of systems of protection against threats of violation of integrity

1.4.1 Integrity principles

1.4.2 Cryptographic Methods for Ensuring Information Integrity

1.5 Building protection systems against threats of accessibility violations

2. Software tools for protecting information in the COP

2.1 Security at the operating system level

2.2 Cryptographic security techniques

2.3 Disk encryption

2.4 Specialized software for information protection

2.5 Architectural security aspects

2.6 Systems for archiving and duplicating information

2.7 Security analysis

Conclusion

Glossary

List of sources used

List of abbreviations

Introduction

Progress has given humanity a great many achievements, but the same progress has given rise to a lot of problems. The human mind, while solving some problems, inevitably collides with others, new ones. The eternal problem is the protection of information. At various stages of its development, mankind solved this problem with a characteristic characteristic of this era. The invention of the computer and the further rapid development of information technologies in the second half of the 20th century made the problem of information protection as urgent and acute as information technology is relevant for the whole society today.

Julius Caesar made the decision to protect valuable information during the transfer. He invented the Caesar cipher. This cipher made it possible to send messages that no one could read if intercepted.

This concept was developed during the Second World War. Germany used a machine called Enigma to encrypt messages sent to military units.

Of course, the way information is protected is constantly changing, as is our society and technology. The advent and widespread use of computers led to the fact that most people and organizations began to store information in electronic form. There was a need to protect such information.

In the early 70s. In the 20th century, David Bell and Leonard La Padula developed a security model for computer-based operations. This model was based on the government's concept of information classification levels (unclassified, confidential, secret, top secret) and clearance levels. If a person (subject) had a level of access higher than the level of the file (object) according to the classification, then he received access to the file, otherwise access was denied. This concept was implemented in the standard 5200.28 "Trusted Computing System Evaluation Criteria" (TCSEC), developed in 1983 by the US Department of Defense. Because of the color of the cover, it was named "The Orange Book".

The Orange Book has defined functional and warranty requirements for each section. The system had to meet these requirements in order to meet a certain level of certification.

The assurance requirements for most safety certifications were time consuming and costly. As a result, very few systems have been certified higher than C2 (in fact, only one system has ever been certified A1 - Honeywell SCOMP) Cole E. Anti-Hacker Guidelines. - M .: Publishing house "Williams", 2002 - P. 25.

In drawing up other criteria, attempts have been made to separate functional and assurance requirements. These developments were included in the German Green Book in 1989, the Canada Criteria in 1990, the Information Technology Security Evaluation Criteria (ITSEC) in 1991 and the Federal Criteria (known as the Common Criteria - General Criteria) in 1992. Each standard offered a different way of certifying the security of computer systems.

GOST 28147-89 - Soviet and Russian standard for symmetric encryption, introduced in 1990, is also a CIS standard. The full name is “GOST 28147-89 Information processing systems. Cryptographic protection. Algorithm for cryptographic transformation ". Block cipher algorithm. When using the encryption method with gamma, it can perform the functions of a stream cipher algorithm.

According to some information A. Vinokurov. Encryption algorithm GOST 28147-89, its use and implementation for computers of the Intel x86 platform (http://www.enlight.ru), the history of this cipher is much older. The algorithm, which later became the basis of the standard, was born, presumably, in the depths of the Eighth Main Directorate of the KGB of the USSR (now in the structure of the FSB), most likely in one of the closed research institutes subordinate to it, probably back in the 1970s as part of projects to create software and hardware implementations of the cipher for various computer platforms.

From the moment the GOST was published, it had a restrictive stamp “For official use”, and formally the code was declared “fully open” only in May 1994. The history of the creation of the cipher and the criteria for the developers as of 2010 have not been published.

One of the problems associated with the criteria for assessing the security of systems was the lack of understanding of the mechanisms of working in the network. Connecting computers adds new ones to old security problems. The Orange Book did not address the problems of connecting computers to a common network, so in 1987 TNI (Trusted Network Interpretation), or "Red Book", appeared. The Red Book contains all the security requirements from the Orange Book, an attempt is made to address network space and create a network security concept. Unfortunately, the "Red Book" also associated functionality with warranty. Few systems have been evaluated by TNI, and none have been commercially successful.

The problems are even worse these days. Organizations began to use wireless networks that the Red Book could not foresee. For wireless networks, the Red Book certificate is considered obsolete.

Computer systems and networking technologies are evolving too quickly. Accordingly, new ways of protecting information are also rapidly emerging. Therefore, the topic of my qualification work "Software means of protecting information in networks" is very relevant.

The object of the research is information transmitted over telecommunication networks.

The subject of the research is information security of networks.

The main purpose of the qualification work is the study and analysis of software tools for protecting information in networks. To achieve this goal, it is necessary to solve a number of tasks:

Consider security threats and their classification;

To characterize the methods and means of protecting information in the network, their classification and application features;

To reveal the possibilities of physical, hardware and software means of information protection in computer networks (CS), to reveal their advantages and disadvantages.

1. The main provisions of the theory of information security

1.1 Information security. Basic definitions

The term "information" is defined in different ways by different sciences. So, for example, in philosophy, information is considered as a property of material objects and processes to preserve and generate a certain state, which in various material-energy forms can be transferred from one object to another. In cybernetics, information is commonly referred to as a measure for eliminating uncertainty. In what follows, we will understand by information everything that can be represented in the symbols of a finite (for example, binary) alphabet.

This definition may seem somewhat unusual. At the same time, it naturally follows from the basic architectural principles of modern computing. Indeed, we restrict ourselves to the issues of information security of automated systems - and everything that is processed with the help of modern computer technology is represented in binary form. Fundamentals of information security of automated systems - "Phoenix", 2008 - P. 8

The subject of our consideration is automated systems. By an automated information processing system (AS) we mean a set of the following objects:

1. Computer facilities;

2. Software;

3. Communication channels;

4. Information on various media;

5. Personnel and users of the system.

Information security of a nuclear power plant is considered as a state of the system in which:

1. The system is able to withstand the destabilizing effects of internal and external threats.

2. The functioning and the very fact of the existence of the system do not create threats to the external environment and to the elements of the system itself.

In practice, information security is usually considered as a combination of the following three basic properties of protected information:

? confidentiality, which means that only legal users can get access to information;

? integrity, ensuring that, firstly, the protected information can be changed only by legitimate and authorized users, and secondly, the information is internally consistent and (if this property is applicable) reflects the real state of affairs;

? accessibility, which guarantees unhindered access to protected information for legitimate users.

Activities aimed at ensuring information security are commonly called information security.

Information security methods (Appendix A) are very diverse.

Network security services are mechanisms for protecting information processed in distributed computing systems and networks.

Engineering and technical methods aim to ensure the protection of information from leakage through technical channels - for example, by intercepting electromagnetic radiation or speech information. Legal and organizational methods for protecting information create a regulatory framework for organizing various activities related to ensuring information security.

Theoretical methods of ensuring information security, in turn, solve two main problems. The first of them is the formalization of various kinds of processes related to ensuring information security. So, for example, formal access control models make it possible to strictly describe all possible information flows in the system - and, therefore, to guarantee the fulfillment of the required security properties. From this, the second task immediately follows - a rigorous substantiation of the correctness and adequacy of the functioning of information security systems when analyzing their security. Such a task arises, for example, when certifying automated systems for information security requirements.

1.2 Information security threats

When formulating the definition of the information security of the nuclear power plant, we mentioned the concept of threat. Let's dwell on it in more detail.

Note that, in the general case, it is customary to understand a threat as a potential event, action, process or phenomenon that can lead to damage to someone's interests. In turn, a threat to the information security of an automated system is the ability to implement an impact on the information processed in the AU, leading to a violation of the confidentiality, integrity or availability of this information, as well as the possibility of influencing the AU components, leading to their loss, destruction or malfunction.

Threats can be classified according to many criteria. Here are the most common ones. Tsirlov V.L. Fundamentals of information security of automated systems - "Phoenix", 2008 - P. 10

1. By the nature of occurrence, it is customary to distinguish natural and artificial threats.

It is customary to call the threats natural as a result of the impact on the speaker of objective physical processes or natural disasters that do not depend on a person. In turn, artificial threats are caused by the human factor.

Examples of natural hazards include fires, floods, tsunamis, earthquakes, etc. An unpleasant feature of such threats is that they are extremely difficult or even impossible to predict.

2. According to the degree of intentionality, random and intentional threats are distinguished.

Accidental threats can be caused by negligence or unintentional personnel error. Intentional threats are usually the result of targeted attacker activity.

Examples of accidental threats include inadvertent entry of erroneous data, unintentional damage to equipment. An example of a deliberate threat is an intruder entering a protected area in violation of the established rules of physical access.

3. Depending on the source of the threat, it is customary to distinguish:

- Threats from the natural environment. Examples of such threats are fires, floods and other natural disasters.

- Threats originating from humans. An example of such a threat is the introduction of agents into the ranks of plant personnel by a competing organization.

- Threats from authorized firmware. An example of such a threat is the incompetent use of system utilities.

- Threats originating from unauthorized software and hardware. Such threats include, for example, the introduction of keyloggers into the system.

4. According to the position of the source of the threat, the following are distinguished:

- Threats originating outside the controlled area. Examples of such threats are interception of spurious electromagnetic radiation (PEMIN) or interception of data transmitted over communication channels; remote photo and video filming;

interception of acoustic information using directional microphones.

- Threats, the source of which is located within the controlled area.

Examples of such threats include the use of eavesdropping devices or theft of media containing confidential information.

5. According to the degree of impact on nuclear power plants, passive and active threats are distinguished. Passive threats during implementation do not carry out any changes in the composition and structure of the nuclear power plant.

On the other hand, the implementation of active threats violates the structure of the automated system.

An example of a passive threat is the unauthorized copying of data files.

6. According to the method of access to the resources of the AU, the following are distinguished:

- Threats using standard access. An example of such a threat is the unauthorized receipt of a password by bribery, blackmail, threats or physical violence against the rightful owner.

- Threats using a non-standard access path. An example of such a threat is the use of undeclared capabilities of means of protection.

The criteria for classifying threats can be continued, but in practice the following basic classification of threats is most often used, based on the three basic properties of protected information introduced earlier:

1. Threats of violation of the confidentiality of information, as a result of the implementation of which information becomes available to an entity that does not have the authority to familiarize itself with it.

2. Threats of violation of the integrity of information, which include any malicious distortion of information processed using the AU.

3. Threats of violation of the availability of information arising in cases when access to a certain AS resource for legal users is blocked.

Note that real threats to information security can not always be strictly attributed to one of the listed categories. So, for example, the threat of theft of information carriers can, under certain conditions, be attributed to all three categories.

Note that the enumeration of threats characteristic of a particular automated system is an important stage in the analysis of AS vulnerabilities, carried out, for example, as part of an information security audit, and creates a basis for subsequent risk analysis. There are two main methods of listing threats:

1. Building arbitrary lists of threats. Potential threats are identified using an expert method and recorded in a random and unstructured manner.

This approach is characterized by the incompleteness and inconsistency of the results obtained.

2. Building threat trees. Threats are described as one or more trees. Threats are detailed from top to bottom, and ultimately each leaf of the tree gives a description of a specific threat. Logical links can be organized between subtrees if necessary.

Let us consider as an example a tree of threats to block access to a network application (Appendix B).

As you can see, blocking access to an application can occur either as a result of a DoS attack on a network interface, or as a result of a computer shutdown. In turn, computer shutdown can occur either as a result of unauthorized physical access to the computer by an attacker, or as a result of an attacker exploiting a buffer overflow vulnerability.

1.3 Building systems of protection against threats of violation of confidentiality of information

1.3.1 Protection system model

When building systems of protection against threats of violation of confidentiality of information in automated systems, an integrated approach is used. (Appendix B).

As can be seen from the above diagram, the primary protection is carried out due to the implemented organizational measures and mechanisms for controlling physical access to the NPP. Further, at the stage of logical access control, protection is carried out using various network security services. In all cases, in parallel, a complex of engineering and technical means of information protection should be deployed, blocking the possibility of leakage through technical channels.

Let us dwell in more detail on each of the subsystems involved in the implementation of protection.

1.3.2 Organizational and physical security measures

These mechanisms generally provide for:

- deployment of a control system and delineation of physical access to the elements of the automated system.

- creation of a security and physical security service.

- organization of mechanisms to control the movement of employees and visitors (using video surveillance systems, proximity cards, etc.);

- development and implementation of regulations, job descriptions and similar regulatory documents;

- regulation of the procedure for working with media containing confidential information.

Without affecting the logic of the functioning of the AU, these measures, if they are correctly and adequately implemented, are an extremely effective protection mechanism and are vital to ensure the safety of any real system.

1.3.3 Identification and authentication

Recall that identification is usually understood as assigning unique identifiers to access subjects and comparing such identifiers with a list of possible ones. In turn, authentication is understood as checking that the access subject belongs to the identifier presented to him and confirming its authenticity.

Thus, the task of identification is to answer the question "who is this?", And of authentication - "is it really him?"

The multitude of currently used authentication methods can be divided into 4 large groups:

1. Methods based on knowledge of some classified information.

A classic example of such methods is password protection, when, as a means of authentication, the user is prompted to enter a password - a certain sequence of characters. These authentication methods are the most common.

2. Methods based on the use of a unique item. A smart card, token, electronic key, etc. can be used as such an item.

3. Methods based on the use of human biometric characteristics. In practice, one or more of the following biometric characteristics are most commonly used:

- fingerprints;

- drawing of the retina or iris of the eye;

- thermal drawing of the hand;

- photograph or thermal drawing of the face;

- handwriting (painting);

- voice.

The most widespread are scanners of fingerprints and drawings of the retina and iris of the eye.

4. Methods based on information associated with the user.

An example of such information is the user's GPS coordinates. This approach is unlikely to be used as the only authentication mechanism, but it is perfectly valid as one of several shared mechanisms.

It is widespread practice to share several of the mechanisms listed above - in such cases, they speak of multifactor authentication.

Features of password authentication systems

With all the variety of existing authentication mechanisms, the most common of them remains password protection. There are several reasons for this, of which we note the following:

- Relative ease of implementation. Indeed, the implementation of a password protection mechanism usually does not require the involvement of additional hardware.

- Tradition. Password protection mechanisms are familiar to most users of automated systems and do not cause psychological rejection - unlike, for example, retinal scanners.

At the same time, a paradox is characteristic of password protection systems that complicates their effective implementation: strong passwords are not very suitable for human use.

Indeed, password strength arises as it gets more complex; however, the more complex the password, the more difficult it is to remember, and the user is tempted to write down an inconvenient password, which creates additional channels for discrediting it.

Let's dwell in more detail on the main threats to the security of password systems. In general, a password can be obtained by an attacker in one of three main ways:

1. By exploiting the weaknesses of the human factor. The methods of obtaining passwords here can be very different: peeping, eavesdropping, blackmail, threats, and finally, the use of someone else's accounts with the permission of their legitimate owners.

2. By selection. In this case, the following methods are used:

- Full search. This method allows you to guess any password, regardless of its complexity; however, for a strong password, the time required for this attack should significantly exceed the admissible time resources of the attacker.

- Selection by dictionary. A significant part of the passwords used in practice are meaningful words or expressions. There are dictionaries for the most common passwords, which in many cases make it possible to avoid brute-force attacks.

Selection using user information. This intelligent method of guessing passwords is based on the fact that if the security policy of the system provides for the independent assignment of passwords by users, then in the overwhelming majority of cases, some personal information associated with the AU user will be selected as the password. And although anything can be chosen as such information, from the mother-in-law's birthday to the nickname of your favorite dog, the presence of information about the user allows you to check the most common options (birthdays, names of children, etc.).

3. Through the use of shortcomings in the implementation of password systems. Such implementation flaws include exploitable vulnerabilities in network services that implement certain components of the password protection system, or undeclared capabilities of the corresponding software or hardware.

When building a password protection system, it is necessary to take into account the specifics of the AU and be guided by the results of the risk analysis performed. At the same time, the following practical recommendations can be made:

- Setting the minimum password length. It is obvious that the regulation of the minimum allowable password length makes it difficult for an attacker to implement brute-force password guessing.

- Increased power of the password alphabet. By increasing the power (which is achieved, for example, by the mandatory use of special characters), you can also complicate the full search.

- Checking and rejecting passwords using a dictionary. This mechanism makes it difficult to guess passwords using a dictionary due to rejection of obviously easy to guess passwords.

- Setting the maximum password expiration date. Password expiration limits the amount of time an attacker can spend guessing the password. Thus, shortening the password's validity period reduces the likelihood of successful password guessing.

- Setting the minimum password expiration date. This mechanism prevents the user from immediately changing the new password to the previous one.

- Culling according to the password history log. The mechanism prevents the reuse of passwords - possibly previously compromised.

- Limiting the number of password attempts. This mechanism makes it difficult to guess passwords interactively.

- Forced change of the password when the user first logs in to the system. If the administrator is responsible for the initial generation of passwords for all users, the user may be prompted to change the initial password at the first login to the system - in this case, the new password will not be known to the administrator.

- Delay in entering wrong password. The mechanism prevents interactive password guessing.

- Prohibition of user selection of a password and automatic password generation. This mechanism allows you to guarantee the strength of the generated passwords - however, do not forget that in this case users will inevitably have problems remembering passwords.

Evaluation of the security of password systems V.L. Tsirlov. Fundamentals of information security of automated systems - "Phoenix", 2008 - P. 16

Let us estimate the elementary relationships between the main parameters of password systems. Let us introduce the following notation:

- A - power of the password alphabet;

- L - password length;

- S = AL - power of the password space;

- V - speed of password guessing;

- T - password expiration date;

- P - the probability of a password guessing during its validity period.

Obviously, the following relationship is true:

Usually, the brute-force attack speed V and the password age T can be considered known. In this case, by setting the admissible value of the probability P of guessing a password during its validity period, one can determine the required cardinality of the password space S.

Note that decreasing the rate of guessing passwords V decreases the likelihood of a password guessing. From this, in particular, it follows that if the password selection is carried out by calculating a hash function and comparing the result with a given value, then the use of a slow hash function will provide a greater strength of the password system.

Password storage methods

In general, there are three possible mechanisms for storing passwords in an AS:

1. In open form. Of course, this option is not optimal, since it automatically creates many channels of password information leakage. The real need to store passwords in clear text is extremely rare, and usually such a decision is a consequence of the incompetence of the developer.

2. As a hash value. This mechanism is convenient for checking passwords, since hash values are uniquely associated with a password, but at the same time they themselves are not of interest to an attacker.

3. Encrypted. Passwords can be encrypted using some kind of cryptographic algorithm, whereby the encryption key can be stored:

- on one of the permanent elements of the system;

- on some medium (electronic key, smart card, etc.) presented during system initialization;

- the key can be generated from some other AC security parameters - for example, from the administrator password during system initialization.

Transferring passwords over the network

The most common implementation options are:

1. Transfer of passwords in clear text. The approach is extremely vulnerable, since passwords can be intercepted in communication channels. Despite this, many network protocols used in practice (for example, FTP) assume the transfer of passwords in cleartext.

2. The transmission of passwords in the form of hash values is sometimes encountered in practice, but usually it does not make sense - password hashes can be intercepted and re-transmitted by an attacker through a communication channel.

3. Transferring passwords in encrypted form is the most reasonable and justified option for the most part.

1.3.4 Access control

Under the differentiation of access, it is customary to understand the establishment of the powers of subjects for the next control of the authorized use of resources available in the system. It is customary to distinguish two main methods of access control: discretionary and mandatory.

Discretionary is the definition of access control between named subjects and named objects.

Obviously, instead of an access matrix, you can use lists of permissions: for example, each user can be associated with a list of resources available to him with the corresponding rights, or each resource can be associated with a list of users indicating their rights to access this resource.

Mandatory access control is usually implemented as access control based on secrecy levels. The authority of each user is set in accordance with the maximum level of secrecy to which he is allowed. In this case, all the resources of the AU must be classified according to the levels of secrecy.

The fundamental difference between discretionary and mandatory access control is as follows: if, in the case of discretionary access control, the right to access a resource for users is determined by its owner, then in the case of mandatory access control, the privacy levels are set from outside, and the resource owner cannot influence them. The term "mandatory" itself is an unfortunate translation of the word mandatory - "obligatory". Thus, mandatory access control should be understood as compulsory.

1.3.5 Cryptographic Confidentiality Techniques

In order to ensure the confidentiality of information, the following cryptographic primitives are used:

1. Symmetric cryptosystems.

In symmetric cryptosystems, for encryption and decryption of information, the same shared secret key is used, which the interacting parties are previously exchanged over a certain secure channel.

As examples of symmetric cryptosystems, one can cite the domestic GOST 28147-89 algorithm, as well as the international DES standards and the AES that replaced it.

2. Asymmetric cryptosystems.

Asymmetric cryptosystems are characterized by the fact that they use different keys to encrypt and decrypt information. The encryption key (public key) can be made public so that anyone can encrypt a message for some recipient.

The recipient, being the only owner of the decryption key (secret key), will be the only one who can decrypt messages encrypted for him.

Examples of asymmetric cryptosystems are RSA and ElGamal's scheme.

Symmetric and asymmetric cryptosystems, as well as their various combinations, are used in the AU primarily for encrypting data on various media and for encrypting traffic.

protection information network threat

1.3.6 Methods for protecting the outer perimeter

The subsystem for protecting the external perimeter of an automated system usually includes two main mechanisms: firewalling and intrusion detection tools. Solving related problems, these mechanisms are often implemented within a single product and function as a whole. At the same time, each of the mechanisms is self-sufficient and deserves separate consideration.

Firewalling http://www.infotecs.ru

The firewall (ME) performs the functions of delimiting information flows at the border of the protected automated system. This allows:

- improve the security of objects in the internal environment by ignoring unauthorized requests from the external environment;

- control information flows to the external environment;

- to ensure the registration of information exchange processes.

Information flows are controlled by filtering information, i.e. analyzing it according to a set of criteria and making a decision on the distribution to the AU or from the AU.

Depending on the principles of operation, there are several classes of firewalls. The main classification feature is the level of the ISO / OSI model at which the ME operates.

1. Packet filters.

The simplest class of firewalls operating at the network and transport layers of the ISO / OSI model. Packet filtering is usually done according to the following criteria:

- source IP address;

- the recipient's IP address;

- source port;

- recipient port;

- specific parameters of the headers of network packets.

Filtering is implemented by comparing the listed parameters of the headers of network packets with the base of filtering rules.

2. Session-level gateways

These firewalls operate at the session layer of the ISO / OSI model. Unlike packet filters, they can check the validity of a session by analyzing the parameters of the session-layer protocols.

3. Application level gateways

Firewalls of this class allow you to filter certain types of commands or data sets in application-level protocols. For this, proxy services are used - special-purpose programs that control traffic through the firewall for certain high-level protocols (http, ftp, telnet, etc.).

The order of using proxy services is shown in Appendix D.

If, without using proxy services, a network connection is established between the interacting parties A and B directly, then in the case of using a proxy service, an intermediary appears - a proxy server that independently interacts with the second participant in the information exchange. This scheme allows you to control the admissibility of using individual commands of high-level protocols, as well as filter data received by the proxy server from the outside; in this case, the proxy server, based on the established policies, can make a decision on the possibility or impossibility of transferring this data to client A.

4. Expert-level firewalls.

The most sophisticated firewalls, combining elements of all three of the above categories. Instead of proxy services, such screens use algorithms for recognizing and processing data at the application level.

Most of the currently used firewalls are in the expert category. The most famous and widespread ME are CISCO PIX and CheckPoint FireWall-1.

Intrusion detection systems

Intrusion detection is the process of identifying unauthorized access (or attempted unauthorized access) to the resources of an automated system. An Intrusion Detection System (IDS) is generally a hardware and software system that solves this problem.

There are two main categories of IDS systems:

1. IDS network layer.

In such systems, the sensor operates on a dedicated host in the protected network segment. Typically, the network adapter of a given host operates in promiscuous mode, which allows analysis of all network traffic passing through the segment.

2. Host-level IDS.

In case the sensor operates at the host level, the following information can be used for analysis:

- records of standard means of logging of the operating system;

- information about the resources used;

- profiles of expected user behavior.

Each type of IDS has its own advantages and disadvantages. Network-level IDSs do not degrade overall system performance, but host-level IDSs are more effective in detecting attacks and analyzing activity associated with an individual host. In practice, it is advisable to use systems that combine both described approaches.

There are developments aimed at using artificial intelligence methods in IDS systems. It is worth noting that currently commercial products do not contain such mechanisms.

1.3.7 Logging and Auditing activeaudit .narod.ru

The logging and auditing subsystem is an obligatory component of any AS. Logging, or registration, is an accountability mechanism for the information security management system that records all security-related events. In turn, an audit is an analysis of the information being logged in order to promptly identify and prevent violations of the information security regime. Host-level intrusion detection systems can be thought of as active auditing systems.

Purpose of the registration and audit mechanism:

- ensuring accountability of users and administrators;

- ensuring the possibility of reconstructing the sequence of events (which is necessary, for example, when investigating incidents related to information security);

- detection of attempts to violate information security;

- providing information to identify and analyze non-safety technical problems.

The logged data are placed in the logbook, which is a chronologically ordered set of records of the results of the activities of the subjects of the nuclear power plant, sufficient for restoration, viewing and analysis of the sequence of actions in order to control the final result.

Since syslogs are the main source of information for subsequent auditing and detection of security breaches, the utmost attention must be paid to protecting syslogs from unauthorized modification. The logging system should be designed so that no user (including administrators!) Can arbitrarily modify the system log entries.

Equally important is the question of the order in which the system logs are stored. Since the log files are stored on one or another medium, the problem of overflowing the maximum allowable size of the system log inevitably arises. In this case, the reaction of the system can be different, for example:

- the system may be blocked until the problem with the available disk space is resolved;

- the oldest system log entries can be automatically deleted;

- the system can continue functioning by temporarily suspending information logging.

Of course, the latter option is in most cases unacceptable, and the order of storing system logs should be clearly regulated in the organization's security policy.

1.4 Construction of systems of protection against threats of violation of integrity

1.4.1 Integrity principles

Most mechanisms that protect information from threats to confidentiality, to one degree or another, contribute to ensuring the integrity of information. In this section, we will dwell in more detail on mechanisms specific to the integrity assurance subsystem. Let's start by formulating the main principles of ensuring integrity, formulated by Clark and Wilson:

1. Correctness of transactions.

The principle requires ensuring the impossibility of arbitrary data modification by the user. The data must be modified only in such a way as to ensure the preservation of their integrity.

2. User authentication.

Data can only be changed by users who are authenticated to perform the corresponding actions.

3. Minimization of privileges.

Processes should be endowed with those and only those privileges in the AS that are minimum sufficient for their execution.

4. Separation of duties.

Critical or irreversible operations require the involvement of multiple independent users.

In practice, separation of duties can be implemented either solely by organizational methods or using cryptographic secret sharing schemes.

5. Audit of past events.

This principle requires the creation of a user accountability mechanism that allows you to track the moments of violation of the integrity of information.

6. Objective control.

It is necessary to implement online data extraction, the integrity control of which is justified.

Indeed, in most cases it is impractical to strictly control the integrity of all data present in the system, if only for performance reasons: integrity control is an extremely resource-intensive operation.

7. Management of transfer of privileges.

The procedure for transferring privileges should be fully consistent with the organizational structure of the enterprise.

The listed principles make it possible to form a general structure of the protection system against threats of integrity violation (Appendix E).

As can be seen from Appendix D, cryptographic mechanisms for ensuring integrity are fundamentally new in comparison with the services used to build a system of protection against threats of confidentiality.

Note that mechanisms for ensuring the correctness of transactions can also include cryptographic primitives in the seed.

1.4.2 Cryptographic Methods for Ensuring Information Integrity

The following cryptographic primitives are used in the construction of protection systems against threats to the integrity of information:

- digital signatures;

- cryptographic hash functions;

- authentication codes.

Digital signatures

A digital signature is a mechanism for confirming the authenticity and integrity of digital documents. In many ways, it is analogous to a handwritten signature - in particular, almost the same requirements are imposed on it:

1. The digital signature must be able to prove that it was the legitimate author, and no one else, who knowingly signed the document.

2. The digital signature must be an integral part of the document.

It should be impossible to separate the signature from the document and use it to sign other documents.

3. The digital signature must ensure the impossibility of changing the signed document (including for the author himself!).

4. The fact of signing the document must be legally provable. It should be impossible to refuse the authorship of the signed document.

In the simplest case, a mechanism similar to an asymmetric cryptosystem can be used to implement a digital signature. The difference is that the secret key will be used for encryption (which in this case is the signature), and the public key will be used for decryption, which acts as a signature verification.

The procedure for using a digital signature in this case will be as follows:

1. The document is encrypted with the signer's private key, and the encrypted copy is distributed along with the original document as a digital signature.

2. The recipient, using the signer's public key, decrypts the signature, compares it with the original and makes sure that the signature is correct.

It is easy to make sure that this digital signature implementation fully meets all the above requirements, but at the same time has a fundamental drawback: the volume of the transmitted message increases at least twice. The use of hash functions allows you to get rid of this disadvantage.

Cryptographic hash functions

A function of the form y = f (x) is called a cryptographic hash function if it satisfies the following properties:

1. The input of a hash function can receive a data sequence of arbitrary length, while the result (called a hash, or digest) has a fixed length.

2. The value of y from the existing value of x is calculated in polynomial time, and the value of x from the existing value of y is almost impossible to calculate in almost all cases.

3. It is computationally impossible to find two input hash values that yield identical hashes.

4. When calculating the hash, all information in the input sequence is used.

5. The description of the function is open and publicly available.

Let's show how hash functions can be used in digital signature schemes. If you sign not the message itself, but its hash, then you can significantly reduce the amount of transmitted data.

By signing its hash instead of the original message, we transmit the result along with the original message. The recipient decrypts the signature and compares the result with the hash of the message. If there is a match, it is concluded that the signature is correct.

2 . Software tools for protecting information in the COP

Information security software means special programs included in the KS software exclusively for performing protective functions.

The main software tools for protecting information include:

* programs for identification and authentication of KS users;

* programs for differentiating user access to the resources of the COP;

* information encryption programs;

* programs for the protection of information resources (system and application software, databases, computer teaching aids, etc.) from unauthorized changes, use and copying.

It should be understood that identification, in relation to ensuring the information security of the CU, is understood as the unambiguous recognition of the unique name of the CU subject. Authentication means confirmation that the presented name corresponds to the given subject (confirmation of the subject's authenticity) 8 Biyachuev T.A. Security of corporate networks. Textbook / ed. L.G. Osovetskiy - SPb .: SPbGU ITMO, 2004, p. 64.

Also, information security software includes:

* programs for the destruction of residual information (in blocks of RAM, temporary files, etc.);

* programs for auditing (maintaining logs) of events related to the safety of the compressor station, to ensure the possibility of recovery and proof of the fact of these events;

* programs for simulating work with an offender (distracting him to receive allegedly confidential information);

* programs for test control of the security of the KS, etc.

The advantages of information security software include:

* ease of replication;

* flexibility (the ability to customize for various conditions of use, taking into account the specifics of threats to information security of specific CS);

* ease of use - some software tools, for example encryption, work in a "transparent" (invisible to the user) mode, while others do not require any new (compared to other programs) skills from the user;

* almost unlimited opportunities for their development by making changes to take into account new threats to information security.

The disadvantages of information security software include:

* decrease in the efficiency of the COP due to the consumption of its resources required for the functioning of protection programs;

* lower performance (compared to performing similar functions hardware protection, such as encryption);

* the docking of many software protection tools (and not their built-in in the software of the CS, Fig. 4 and 5), which creates a fundamental possibility for an intruder to bypass them;

* the possibility of malicious changes in software protection during the operation of the CS.

2 .1 Operating system security

The operating system is the most important software component of any computer, therefore, the overall security of the information system largely depends on the level of implementation of the security policy in each specific OS.

The MS-DOS operating system is the real-mode operating system of the Intel microprocessor, and therefore there can be no talk about the division of RAM between processes. All TSRs and the main program share a common RAM space. There is no file protection, it is difficult to say anything definite about network security, since at that stage of software development, drivers for network communication were not developed by MicroSoft, but by third-party developers.

The family of operating systems Windows 95, 98, Millenium are clones, initially aimed at work in home computers. These operating systems use protected mode privilege levels, but do not do any additional checks and do not support security descriptor systems. As a result, any application can access the entire amount of available RAM with both read and write rights. Network security measures are present, however, their implementation is not up to par. Moreover, in the version of Windows 95, a fundamental error was made, allowing remotely literally in a few packets to lead to a "freeze" of the computer, which also significantly undermined the reputation of the OS, in subsequent versions many steps were taken to improve the network security of this clone. Zim V., Moldovyan A., Moldovyan N. Security of global network technologies. Series "Master". - SPb .: BHV-Petersburg, 2001, p. 124.

The generation of Windows NT 2000 operating systems is already a much more reliable development from MicroSoft. They are truly multi-user systems that reliably protect the files of various users on the hard disk (however, data is not encrypted, and the files can be read without any problems by booting from the disk of another operating system - for example, MS-DOS). These operating systems actively use the protected mode capabilities of Intel processors, and can reliably protect data and process code from other programs, unless the process itself wants to provide additional access to them from outside the process.

Over a long time of development, many different network attacks and security errors have been taken into account. Corrections to them were issued in the form of service packs.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Introduction

1. Means of information protection

2. Hardware information security

2.1 Tasks of information security hardware

2.2 Types of information security hardware

3. Information security software

3.1 Means of archiving information

3.2 Antivirus programs

3.3 Cryptographic tools

3.4 User identification and authentication

3.5 Protection of information in the COP from unauthorized access

3.6 Other information security software

Conclusion

List of sources used

BBeating

With the development and complication of means, methods and forms of automation of information processing processes, the vulnerability of information protection increases.

The main factors contributing to the increase in this vulnerability are:

· A sharp increase in the amount of information accumulated, stored and processed using computers and other automation tools;

· Concentration in common databases of information for various purposes and various accessories;

· A sharp expansion of the circle of users who have direct access to the resources of the computing system and the data located in it;

· Complication of modes of functioning of technical means of computing systems: widespread introduction of multi-program mode, as well as modes of time sharing and real time;

· Automation of machine-to-machine information exchange, including over long distances.

In these conditions, there are two types of vulnerability: on the one hand, the possibility of destruction or distortion of information (i.e. violation of its physical integrity), and on the other, the possibility of unauthorized use of information (i.e. the risk of leakage of restricted information).

The main potential channels of information leakage are:

· Direct theft of media and documents;

· Memorization or copying of information;

· Unauthorized connection to equipment and communication lines or illegal use of "legal" (ie registered) equipment of the system (most often user terminals).

1. Information security tools

Information security means are a set of engineering, electrical, electronic, optical and other devices and devices, instruments and technical systems, as well as other proprietary elements used to solve various problems of information protection, including preventing leakage and ensuring the security of the protected information.

In general, the means of ensuring the protection of information in terms of preventing deliberate actions, depending on the method of implementation, can be divided into groups:

· Hardware(technical means. These are devices of various types (mechanical, electromechanical, electronic, etc.) that solve information security problems with hardware. They either prevent physical penetration, or, if the penetration did take place, access to information, including by means of its disguise. The first part of the problem is solved by locks, window bars, guards, security alarms, etc. The second - by noise generators, power filters, scanning radios and many other devices that "block" potential information leakage channels or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses - lack of flexibility, relatively large volume and weight, high cost.

· Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the protection system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, the ability to modify and develop. Disadvantages - limited network functionality, the use of some of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware).

· Mixed hardware / software implements the same functions as hardware and software separately, and has intermediate properties.

· Organizational funds are made up of organizational and technical (preparation of rooms with computers, laying a cable system, taking into account the requirements of restricting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many diverse problems, are easy to implement, quickly react to unwanted actions in the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.

According to the degree of distribution and availability, software tools are allocated, other tools are used in cases where an additional level of information protection is required.

2. Information security hardware

Hardware protection means include various electronic, electro-mechanical, electro-optical devices. To date, a significant number of hardware for various purposes has been developed, but the following are most widely used:

· Special registers for storing security details: passwords, identifying codes, stamps or secrecy levels;

· Devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him;

· Circuits for interrupting the transmission of information in the communication line in order to periodically check the address of the data delivery.

· Devices for information encryption (cryptographic methods).

To protect the perimeter of the information system, the following are created:

· Security and fire alarm systems;

· Digital video surveillance systems;

· Control and management systems for access.

Protection of information from its leakage by technical communication channels is provided by the following means and measures:

· Use of shielded cable and laying of wires and cables in shielded structures;

· Installation of high-frequency filters on communication lines;

· Construction of shielded rooms ("capsules");

· Use of shielded equipment;

· Installation of active systems of noise;

· Creation of controlled areas.

2.1 Taskshardwareprotection informations

The use of information security hardware allows you to solve the following tasks:

· Carrying out special studies of technical means for the presence of possible channels of information leakage;

· Identification of channels of information leakage at different objects and in premises;

· Localization of information leakage channels;

· Search and detection of means of industrial espionage;

· Counteracting unauthorized access to sources of confidential information and other actions.

By designation, hardware is classified into detection tools, search and detailed measurement tools, active and passive countermeasures. At the same time, in terms of those capabilities, information security tools can be common to values calculated for use by non-professionals in order to obtain general assessments, and professional complexes that allow a thorough search, detection and measurement of all characteristics of industrial espionage tools.

Search equipment can be subdivided into equipment for retrieving information retrieval and researching channels of its leakage.

Equipment of the first type is aimed at finding and localizing the means of unauthorized attackers that have already been introduced by attackers. Equipment of the second type is designed to detect information leakage channels. The determining factor for this kind of systems is the efficiency of the study and the reliability of the results obtained.

Professional search equipment, as a rule, is very expensive and requires high qualifications of a specialist working with it. In this regard, organizations that constantly conduct appropriate surveys can afford it. So if you need to conduct a full examination, there is a direct road to them.

Of course, this does not mean that you have to stop using search tools yourself. But the available search tools are quite simple and allow you to carry out preventive measures in the interval between serious search surveys.

2.2 Types of information security hardware

Dedicated storage area network (SAN)(Storage Area Network) provides data with guaranteed bandwidth, eliminates the emergence of a single point of failure of the system, allows almost unlimited scaling both from the side of servers and from the side of information resources. In addition to the popular Fiber Channel technology, iSCSI devices have been increasingly used to implement storage networks.

Disk storage are distinguished by the highest speed of data access due to the distribution of read / write requests across multiple disk drives. The use of redundant components and algorithms in RAID arrays prevents system shutdown due to the failure of any element - thus increasing availability. Availability, one of the information quality indicators, determines the proportion of time during which information is ready for use, and is expressed as a percentage: for example, 99.999% ("five nines") means that the information system is not allowed to be idle for any reason during the year. more than 5 minutes. Today's storage solutions are a successful combination of large capacity, high speed and affordable cost. Serial ATA and SATA 2.

Tape drives(tape drives, autoloaders and libraries) are still considered the most economical and popular backup solution. They were originally designed for data storage, provide almost unlimited capacity (by adding cartridges), provide high reliability, have a low storage cost, allow you to organize rotation of any complexity and depth, data archiving, and evacuation of media to a secure location outside the main office. Since its inception, magnetic tapes have gone through five generations of development, in practice have proven their advantage and are rightfully a fundamental element of the backup practice.

In addition to the technologies discussed, one should also mention the provision of physical data protection (delimitation and control of access to premises, video surveillance, burglar and fire alarms), the organization of uninterrupted power supply to equipment.

Let's take a look at some examples of hardware.

1) eToken- Electronic key eToken is a personal means of authorization, authentication and secure storage of data, hardware supporting the work with digital certificates and electronic digital signature (EDS). eToken is available in USB dongle, smart card, or dongle form factors. The eToken NG-OTP model has a built-in one-time password generator. EToken NG-FLASH has a built-in flash memory module up to 4 GB. The eToken PASS model contains only one-time password generator. The eToken PRO (Java) model implements in hardware the generation of EDS keys and the generation of EDS. Additionally, eTokens can have built-in contactless radio tags (RFID tags), which makes it possible to use eToken also for access to premises.

EToken models should be used to authenticate users and store key information in automated systems that process confidential information up to and including security class 1G. They are recommended carriers of key information for certified cryptographic information protection tools (CryptoPro CSP, Crypto-COM, Domain-K, Verba-OW, etc.)

2) EToken NG-FLASH USB Combo Dongle - one of the information security solutions from Aladdin. It combines the functionality of a smart card with the ability to store large amounts of user data in an embedded module. It combines the functionality of a smart card with the ability to store large user data in an integrated flash memory module. eToken NG-FLASH also provides the ability to boot the computer's operating system and run custom applications from flash memory.

Possible modifications:

By the volume of the built-in flash-memory module: 512 MB; 1, 2 and 4 GB;

Certified version (FSTEC of Russia);

By the presence of a built-in radio tag;

By body color.

3. Information security software

Software means are objective forms of representation of a set of data and commands intended for the functioning of computers and computer devices in order to obtain a certain result, as well as materials prepared and recorded on a physical medium obtained in the course of their development, and audiovisual displays generated by them.

Data protection means that function as part of software are called software. Among them, the following can be distinguished and considered in more detail:

· Means of data archiving;

· Anti-virus programs;

· Cryptographic means;

· Means of identification and authentication of users;

· Means of access control;

· Logging and auditing.

Examples of combinations of the above measures include:

· Protection of databases;

· Protection of operating systems;

· Protection of information when working in computer networks.

3 .1 Information archiving tools

Sometimes backup copies of information have to be performed with a general limited resources for storing data, for example, for owners of personal computers. In these cases, software archiving is used. Archiving is the merging of several files and even directories into a single file - archive, while reducing the total volume of the original files by eliminating redundancy, but without loss of information, that is, with the ability to accurately restore the original files. The majority of archiving tools are based on the use of compression algorithms proposed in the 80s. Abraham Lempel and Jacob Ziv. The following archive formats are best known and popular:

· ZIP, ARJ for DOS and Windows operating systems;

· TAR for the Unix operating system;

· Cross-platform JAR format (Java ARchive);

· RAR (the popularity of this format is growing all the time, since programs have been developed that allow it to be used in DOS, Windows and Unix operating systems).

The user only needs to choose a suitable program for himself that provides work with the selected format, by assessing its characteristics - speed, compression ratio, compatibility with a large number of formats, user-friendliness of the interface, choice of operating system, etc. The list of such programs is very long - PKZIP, PKUNZIP, ARJ, RAR, WinZip, WinArj, ZipMagic, WinRar and many others. Most of these programs do not need to be specially purchased as they are offered as Shareware or Freeware. It is also very important to establish a regular schedule for such data archiving work, or to carry it out after a major update of data.

3 .2 Antivirus software

E These are programs designed to protect information from viruses. Inexperienced users usually think that a computer virus is a specially written small program that can "attribute" itself to other programs (that is, "infect" them), as well as perform various unwanted actions on the computer. Specialists in computer virology determine that a mandatory (necessary) property of a computer virus is the ability to create its own duplicates (not necessarily the same as the original) and embed them in computer networks and / or files, computer system areas and other executable objects. At the same time, duplicates retain the ability for further distribution. It should be noted that this condition is not sufficient, i.e. final. That is why there is still no exact definition of the virus, and it is unlikely that one will appear in the foreseeable future. Consequently, there is no definite law by which “good” files can be distinguished from “viruses”. Moreover, sometimes even for a specific file it is quite difficult to determine whether it is a virus or not.

Computer viruses are a particular problem. This is a separate class of programs aimed at disrupting the system and corrupting data. A number of varieties are distinguished among viruses. Some of them are constantly in the computer's memory, some produce destructive actions with one-time "blows".

There is also a whole class of programs that outwardly are quite decent, but in fact spoil the system. Such programs are called "Trojan horses". One of the main properties of computer viruses is the ability to "multiply" - ie. self-propagation within a computer and a computer network.

Since then, as various office software tools have been able to work with specially written programs for them (for example, you can write applications for Microsoft Office in the Visual Basic language), a new type of malicious programs has appeared - MacroViruses. Viruses of this type are distributed along with regular document files, and are contained within them as regular subroutines.

Taking into account the powerful development of communication means and the sharply increased volumes of data exchange, the problem of protecting against viruses is becoming very urgent. In fact, with every document received, for example, by e-mail, a macro virus can be received, and every program that is launched can (theoretically) infect a computer and render the system inoperable.

Therefore, among security systems, the most important direction is the fight against viruses. There are a number of tools specifically designed for this task. Some of them run in scan mode and scan the contents of hard drives and computer memory for viruses. Some of them must be constantly running and be in the computer's memory. In doing so, they try to keep track of all running tasks.

In the Kazakhstan software market, the most popular was the AVP package developed by the Kaspersky Anti-Virus Systems Laboratory. This is a universal product that has versions for a variety of operating systems. There are also the following types: Acronis AntiVirus, AhnLab Internet Security, AOL Virus Protection, ArcaVir, Ashampoo AntiMalware, Avast !, Avira AntiVir, A-square anti-malware, BitDefender, CA Antivirus, Clam Antivirus, Command Anti-Malware, Comodo Antivirus, Dr.Web, eScan Antivirus, F-Secure Anti-Virus, G-DATA Antivirus, Graugon Antivirus, IKARUS virus.utilities, Kaspersky Anti-Virus, McAfee VirusScan, Microsoft Security Essentials, Moon Secure AV, Multicore antivirus, NOD32, Norman Virus Control, Norton AntiVirus, Outpost Antivirus, Panda, etc.

Methods for detecting and removing computer viruses.

Methods for countering computer viruses can be divided into several groups:

· Prevention of viral infection and reduction of the expected damage from such infection;

· Methods of using anti-virus programs, including neutralization and removal of a known virus;

Ways to detect and remove an unknown virus:

· Prevention of computer infection;

· Recovery of damaged objects;

· Antivirus programs.

Prevention of computer infection.

One of the main methods of fighting viruses is, as in medicine, timely prevention. Computer prevention involves adherence to a small number of rules, which can significantly reduce the likelihood of a virus infection and loss of any data.

In order to determine the basic rules of computer hygiene, it is necessary to find out the main ways of penetration of the virus into the computer and computer networks.

The main source of viruses today is the global Internet. The greatest number of virus infections occurs when exchanging messages in Word formats. The user of an editor infected with a macro virus, without suspecting it, sends infected letters to recipients, who in turn send new infected letters, etc. Conclusions - contact with suspicious sources of information should be avoided and only legal (licensed) software products should be used.

Recovery of damaged objects

In most cases of virus infection, the procedure for restoring infected files and disks boils down to running a suitable antivirus that can neutralize the system. If the virus is unknown to any antivirus, then it is enough to send the infected file to the antivirus manufacturers and after a while (usually - several days or weeks) receive a cure - "update" against the virus. If time does not wait, then you will have to neutralize the virus yourself. Most users need to have backups of their information.

The main breeding ground for the massive spread of a virus in a computer is:

· Weak security of the operating system (OS);

· Availability of varied and fairly complete documentation on OC and hardware used by the authors of viruses;

· Wide distribution of this OS and this "hardware".

3 .3 Cryptographic means

cryptographic archiving antivirus computer

Data encryption mechanisms to ensure the information security of society is the cryptographic protection of information by means of cryptographic encryption.

Cryptographic methods of information protection are used for processing, storing and transmitting information on media and over communication networks. Cryptographic protection of information when transmitting data over long distances is the only reliable encryption method.

Cryptography is the science that studies and describes the information security model of data. Cryptography opens up solutions to many network information security problems: authentication, confidentiality, integrity, and control of interacting participants.

The term "Encryption" means the transformation of data into a form that is not readable for humans and software systems without an encryption-decryption key. Cryptographic information security methods provide information security means, therefore it is part of the information security concept.

Cryptographic information protection (confidentiality)

The goals of information protection ultimately boil down to ensuring the confidentiality of information and protecting information in computer systems in the process of transferring information over the network between users of the system.

Protection of confidential information based on cryptographic protection of information encrypts data using a family of reversible transformations, each of which is described by a parameter called a "key" and an order that determines the order in which each transform is applied.

The most important component of the cryptographic method of protecting information is the key, which is responsible for the choice of transformation and the order of its execution. A key is a certain sequence of characters that sets up the encryption and decryption algorithm of the cryptographic information protection system. Each such transformation is uniquely determined by a key that defines a cryptographic algorithm that ensures the protection of information and information security of the information system.

One and the same cryptographic information protection algorithm can operate in different modes, each of which has certain advantages and disadvantages that affect the reliability of information security.

Fundamentals of Information Security Cryptography (Data Integrity)

Information protection in local networks and information protection technologies, along with confidentiality, are obliged to ensure the integrity of information storage. That is, the protection of information in local networks must transfer data in such a way that the data remains unchanged during transmission and storage.

In order for information security of information to ensure the integrity of storage and transmission of data, it is necessary to develop tools that detect any distortions of the original data, for which redundancy is added to the original information.

Information security with cryptography solves the issue of integrity by adding some kind of checksum or check combination to calculate the integrity of the data. So, again, the information security model is cryptographic - key-dependent. According to an assessment of information security based on cryptography, the dependence of the ability to read data on a private key is the most reliable tool and is even used in state information security systems.

As a rule, an audit of information security of an enterprise, for example, information security of banks, pays special attention to the likelihood of successfully imposing distorted information, and cryptographic protection of information makes it possible to reduce this probability to a negligible level. Such an information security service calls this probability a measure of the strength of the cipher, or the ability of encrypted data to resist an attack by a hacker.

3 .4 User identification and authentication

Before accessing the resources of the computer system, the user must go through the process of presenting to the computer system, which includes two stages:

* identification - the user tells the system at its request his name (identifier);

* authentication - the user confirms the identification by entering into the system unique information about himself that is not known to other users (for example, a password).

To carry out the procedures for identifying and authenticating a user, you need:

* the presence of an appropriate subject (module) of authentication;

* the presence of an authenticating object that stores unique information for user authentication.

There are two forms of representation of objects that authenticate a user:

* external authenticating object that does not belong to the system;

* an internal object belonging to the system, into which information from an external object is transferred.

External objects can be technically implemented on various storage media - magnetic disks, plastic cards, etc. Naturally, the external and internal forms of presentation of the authenticating object should be semantically identical.

3 .5 Protection of information in the COP from unauthorized access

For unauthorized access, the attacker does not use any hardware or software that is not part of the COP. He performs unauthorized access using:

* knowledge about the COP and the ability to work with it;

* information about the information security system;

* failures, failures of hardware and software;

* mistakes, negligence of service personnel and users.

To protect information from unauthorized access, a system for differentiating access to information is being created. It is possible to obtain unauthorized access to information in the presence of an access control system only in the event of failures and failures of the COP, as well as using weaknesses in the integrated information security system. To exploit security weaknesses, an attacker must be aware of them.

One of the ways to obtain information about the shortcomings of the protection system is to study the protection mechanisms. An attacker can test the protection system by direct contact with it. In this case, there is a high probability that the protection system will detect attempts to test it. As a result, additional security measures can be taken by the security service.

A different approach is much more attractive to an attacker. First, a copy of the security system software or technical security means is obtained, and then they are examined in laboratory conditions. In addition, the creation of unrecorded copies on removable media is one of the most common and convenient ways of stealing information. In this way, unauthorized duplication of programs is carried out. Covertly obtaining a technical means of protection for research is much more difficult than software, and such a threat is blocked by means and methods that ensure the integrity of the technical structure of the CS. To block unauthorized research and copying of information, the COP uses a set of means and measures of protection, which are combined into a system of protection against research and copying of information. Thus, a system for differentiating access to information and a system for protecting information can be considered as subsystems of a system for protecting against unauthorized access to information.

3 .6 Other programsvarious means of information protection

Firewalls(also called firewalls or firewalls - from it. Brandmauer, English firewall - "fire wall"). Special intermediate servers are created between the local and global networks, which inspect and filter all traffic of the network / transport layers passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not completely eliminate this danger. A more secure version of the method is masquerading, when all traffic outgoing from the local network is sent on behalf of the firewall server, making the local network practically invisible.

Firewalls

Proxy-servers(proxy - power of attorney, trustee). All network / transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java code, and JavaScript).

VPN(virtual private network) allows you to transmit secret information through networks where it is possible for unauthorized people to listen to traffic. Technologies used: PPTP, PPPoE, IPSec.

Conclusion

The main conclusions about the ways of using the above means, methods and measures of protection are as follows:

1. The greatest effect is achieved when all the tools, methods and measures used are combined into a single, holistic mechanism for protecting information.

2. The protection mechanism should be designed in parallel with the creation of data processing systems, starting from the moment the general concept of building the system is developed.

3. The functioning of the protection mechanism should be planned and ensured along with the planning and maintenance of the main processes of automated information processing.

4. It is necessary to carry out constant monitoring of the functioning of the protection mechanism.

WITHlist of used sources

1. "Software and hardware means of ensuring information security of computer networks", V.V. Platonov, 2006

2. “Artificial intelligence. Book 3. Software and Hardware ", V.N. Zakharova, V.F. Horoshevskaya.

3.www.wikipedia.ru

5.www.intuit.ru

Posted on Allbest.ru

Information protection methods.

Three areas of work on information protection can be distinguished: theoretical research, development of security means, and justification of ways to use security means in automated systems.

In theoretical terms, the main attention is paid to the study of information vulnerability in electronic information processing systems, the phenomenon and analysis of information leakage channels, the substantiation of the principles of information protection in large automated systems and the development of methods for assessing the reliability of protection.

To date, many different tools, methods, measures and measures have been developed to protect information accumulated, stored and processed in automated systems. This includes hardware and software, cryptographic closure of information, physical measures, organized events, legislative measures. Sometimes all these means of protection are divided into technical and non-technical, moreover, hardware and software and cryptographic information closure are classified as technical, and the rest of those listed above are non-technical.

a) hardware protection methods.

Special registers for storing security details: passwords, identification codes, signature stamps or secrecy levels,

Code generators designed to automatically generate a device identification code,

Devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him,

Special secrecy bits, the value of which determines the secrecy level of information stored in the memory to which these bits belong,

Circuits for interrupting the transmission of information in the communication line for the purpose of periodically checking the data delivery address.

A special and most widespread group of hardware protection means are devices for encrypting information (cryptographic methods).

b) software protection methods.

Protection software includes special programs that are designed to perform protection functions and are included in the software of data processing systems. Software protection is the most common type of protection, which is facilitated by such positive properties of this tool as versatility, flexibility, ease of implementation, almost unlimited possibilities for change and development, etc. By their functional purpose, they can be divided into the following groups:

Identification of technical means (terminals, devices for group control of input-output, computers, information carriers), tasks and users,

Determination of the rights of technical means (days and hours of work allowed for the use of the task) and users,

Monitoring the operation of technical equipment and users,

Registration of the work of technical means and users when processing information of limited use,

Destruction of information in the memory after use,

Alarms in case of unauthorized actions,

Auxiliary programs for various purposes: monitoring the operation of the protection mechanism, affixing a secrecy stamp on issued documents.

c) backup.

Backing up information consists in storing a copy of programs on a medium: streamer, floppy media, optical disks, hard disks. On these media, copies of programs can be in normal (uncompressed) or archived form. Backups are carried out to save programs from damage (both intentional and accidental), and to store rarely used files.

With the modern development of computer technology, the requirements for storage devices on the local network are growing much faster than the possibilities. Along with the geometric growth in the capacity of disk subsystems, tape copying programs have to read and write ever large amounts of data during the time allotted for backups. More importantly, backup software must learn to manage large numbers of files in this way so that it is not too difficult for users to retrieve individual files.

Most of the most popular modern backup programs provide, in one form or another, a database of backed up files and some information about which tape the last backed up copies are on. Much less common is the possibility of integration (or at least coexistence) with the technology of structured, or hierarchical storage of information (HSM, Hierarchical Storage Management).

HSM helps increase the available hard disk space on a server by moving static files (which have not been accessed recently) to less expensive alternative storage devices such as optical drives or tape drives. HSM leaves a zero-length dummy file on the hard disk to notify that the real file has been migrated. In this case, if the user needs a previous version of the file, the HSM software can quickly retrieve it from magnetic tape or optical drive.

d) cryptographic encryption of information.

Cryptographic closure (encryption) of information consists in such a transformation of the protected information in which it is impossible to determine the content of the closed data by its appearance. Specialists pay special attention to cryptographic protection, considering it the most reliable, and for information transmitted over a long-distance communication line, it is the only means of protecting information from theft.

The main directions of work on the considered aspect of protection can be formulated as follows:

The choice of rational encryption systems for secure information closure,

Justification of ways to implement encryption systems in automated systems,

Development of rules for the use of cryptographic protection methods in the process of functioning of automated systems,

Evaluation of the effectiveness of cryptographic protection.

A number of requirements are imposed on ciphers designed to close information in computers and automated systems, including: sufficient strength (reliability of closure), ease of encryption and decryption from the method of intramachine presentation of information, insensitivity to small encryption errors, the possibility of intramachine processing of encrypted information, insignificant redundancy of information due to encryption and a number of others. To one degree or another, these requirements are met by some types of replacement, permutation, gamma ciphers, as well as ciphers based on analytical transformations of the encrypted data.

Replacement ciphering (sometimes the term "substitution" is used) means that the characters of the encrypted text are replaced with characters of another or the same alphabet in accordance with a predetermined replacement scheme.

Permutation encryption means that the characters of the encrypted text are rearranged according to some rule within a certain block of this text. With a sufficient block length within which the permutation is carried out, and a complex and non-repetitive permutation order, it is possible to achieve encryption strength sufficient for practical applications in automated systems.

Gamma ciphering consists in the fact that the characters of the encrypted text are added to the characters of some random sequence, called the gamma. The strength of the encryption is mainly determined by the size (length) of the non-repeating part of the gamut. Since with the help of a computer it is possible to generate an almost infinite range, this method is considered one of the main methods for encrypting information in automated systems. True, this raises a number of organizational and technical difficulties, which, however, are not insurmountable.

Encryption by analytical transformation means that the encrypted text is transformed according to some analytical rule (formula). You can, for example, use the rule of multiplying a matrix by a vector, and the matrix being multiplied is the encryption key (therefore, its size and content must be kept secret), and the symbols of the vector being multiplied are sequentially the symbols of the encrypted text.

Combined ciphers are especially effective when text is sequentially encrypted by two or more encryption systems (for example, substitution and gamma, permutation and gamma). It is believed that the strength of the encryption is higher than the total strength in composite ciphers.

Each of the considered encryption systems can be implemented in an automated system either by software or using special equipment. Software implementation is more flexible and cheaper than hardware implementation. However, hardware encryption is generally several times more efficient. This circumstance is of decisive importance in the case of large volumes of closed information.

e) physical protection measures.

The next class in the arsenal of information security tools is physical measures. These are various devices and structures, as well as measures that make it difficult or impossible for potential intruders to enter the places where it is possible to have access to the protected information. The most common measures are:

Physical isolation of structures in which the automated system equipment is installed from other structures,

Fencing the territory of computing centers with fences at such distances that are sufficient to exclude effective registration of electromagnetic radiation, and the organization of systematic control of these territories,

Organization of checkpoints at the entrances to the premises of computing centers or equipped with entrance doors with special locks that allow regulating access to the premises,

Organization of a security alarm system.

f) organizational measures for the protection of information.

The next class of information protection measures are organizational measures. These are such normative legal acts that regulate the processes of functioning of the data processing system, the use of its devices and resources, as well as the relationship between users and systems in such a way that unauthorized access to information becomes impossible or significantly hampered. Organizational measures play an important role in creating a reliable mechanism for protecting information. The reasons organizational actions play an increased role in the security mechanism is that the potential for unauthorized use of information is largely driven by non-technical aspects: malicious actions, negligence or negligence of users or personnel of data processing systems. The impact of these aspects is almost impossible to avoid or localize using the above discussed hardware and software, cryptographic information closure and physical protection measures. This requires a set of organizational, organizational, technical and organizational and legal measures, which would exclude the possibility of a risk of information leakage in this way.

The main activities in this combination are the following:

Measures carried out in the design, construction and equipment of computing centers (CC),

Measures carried out in the selection and training of the CC personnel (checking those hired, creating conditions under which the personnel would not want to lose their jobs, familiarizing themselves with the measures of responsibility for violation of the protection rules),

Organization of reliable access control,

Organization of storage and use of documents and media: determination of rules for issuance, keeping logs of issuance and use,

Control of changes in mathematical and software,

Organization of preparation and control of users' work,

One of the most important organizational measures is the maintenance in the computer center of a special full-time information protection service, the number and composition of which would ensure the creation of a reliable protection system and its regular operation.

Conclusion.

The main conclusions about the ways of using the above means, methods and measures of protection are as follows:

The greatest effect is achieved when all the tools, methods and measures used are combined into a single, holistic mechanism for protecting information.

The protection mechanism should be designed in parallel with the creation of data processing systems, starting from the moment the general concept of building the system is developed.

The functioning of the protection mechanism should be planned and ensured along with the planning and provision of the main processes of automated information processing.

It is necessary to constantly monitor the functioning of the protection mechanism.

The main directions of protection

The standardness of the architectural principles of construction, hardware and software of personal computers (PCs) and a number of other reasons determine the relatively easy access of a professional to information in a PC. If a group of people uses a personal computer, then it may be necessary to restrict access to information for various consumers.

Unauthorized access to PC information we will call familiarization, processing, copying, application of various viruses, including those destroying software products, as well as modification or destruction of information in violation of the established rules of access control.

In protecting PC information from unauthorized access, three main areas can be distinguished:

- the first focuses on preventing the intruder from accessing the computing environment and is based on special software and hardware for user identification;

- the second is related to the protection of the computing environment and is based on the creation of special software for the protection of information;

- the third direction is associated with the use of special means of protecting PC information from unauthorized access (shielding, filtering, grounding, electromagnetic noise, attenuation of the levels of electromagnetic radiation and interference with the help of absorbing matched loads).

Software methods of information protection provide for the use of special programs to protect against unauthorized access, protect information from copying, modification and destruction.

Protection against unauthorized access includes:

- identification and authentication of subjects and objects;

- differentiation of access to computing resources and information;

- control and registration of actions with information and programs.

The identification and authentication procedure involves checking whether a given subject can be admitted to resources ( identification) and whether the subject accessing (or the object being accessed) is who he claims to be ( authentication).

Various methods are commonly used in software identification procedures. Basically, these are passwords (simple, complex, one-time) and special identifiers or checksums for hardware, programs and data. Hardware-software methods are used for authentication.

After the identification and authentication procedures are completed, the user gains access to the system and then software protection of information is carried out at three levels: hardware, software and data.

Hardware and software protection provides for access control to computing resources (to individual devices, to RAM, to the operating system, to service or personal user programs, keyboard, display, printer, disk drive).

Protecting information at the data level permits the execution of only actions permitted by the regulations on data, and also ensures the protection of information during its transmission through communication channels.

Access control includes:

- selective protection of resources (refusal of user A to access database B, but permission to access database C);

- granting and denying access for all types and levels of access (administration);

- identification and documentation of any violations of access rules and attempts to violate;

- accounting and storage of information on the protection of resources and on permitted access to them.

The software methods of information protection are based on password protection. Password protection can be overcome using utilities used for software debugging and information recovery, as well as using password cracking programs. System debugging utilities allow you to bypass protection. Password cracking programs use brute-force attacks to guess the password. The time it takes to guess a password using a simple brute-force method increases exponentially as the length of the password increases.

To maintain secrecy, you must adhere to the following recommendations for choosing a password:

- the minimum password length must be at least 8-10 characters;

- the extended alphabet should be used for the password, entering symbols and signatures into it;

- you should not use standard words as a password, since there are dictionaries of typical passwords on the Internet, with the help of which the typical password set by you can be determined;

- the security system must block the login after a certain number of unsuccessful login attempts;

- the time for logging into the system should be limited to the time of the working day.

Software means are objective forms of presenting a set of data and commands intended for the functioning of computers and computer devices in order to obtain a certain result, as well as materials prepared and recorded on a physical medium obtained in the course of their development, and audiovisual displays generated by them. These include:

Software (a set of control and processing programs). Compound:

System programs (operating systems, maintenance programs);

Application programs (programs that are designed to solve problems of a certain type, for example, text editors, anti-virus programs, DBMS, etc.);

Instrumental programs (programming systems consisting of programming languages: Turbo C, Microsoft Basic, etc. and translators - a set of programs that provide automatic translation from algorithmic and symbolic languages into machine codes);

Machine information of the owner, proprietor, user.

I carry out such detailing in order to later more clearly understand the essence of the issue under consideration, in order to more clearly highlight the methods of committing computer crimes, objects and weapons of criminal encroachment, as well as to eliminate disagreements about the terminology of computer technology. After a detailed consideration of the main components that together represent the content of the concept of a computer crime, we can proceed to the consideration of issues related to the main elements of the forensic characteristics of computer crimes.

Identification of technical means (terminals, devices for group control of input-output, computers, information carriers), tasks and users;

Determination of the rights of technical means (days and hours of work allowed for the use of the task) and users;

Control over the operation of technical means and users;

Registration of the work of technical means and users when processing information of limited use;

Destruction of information in the memory after use;

Alarms for unauthorized actions;

Auxiliary programs for various purposes: monitoring the operation of the protection mechanism, affixing a secrecy stamp on issued documents.

Antivirus protection

Information security is one of the most important parameters of any computer system. To provide it, a large number of software and hardware have been created. Some of them are engaged in encryption of information, some are in the delimitation of access to data. Computer viruses are a particular problem. This is a separate class of programs aimed at disrupting the system and corrupting data. A number of varieties are distinguished among viruses. Some of them are constantly in the computer's memory, some produce destructive actions with one-time "blows". There is also a whole class of programs that outwardly are quite decent, but in fact spoil the system. Such programs are called "Trojan horses". One of the main properties of computer viruses is the ability to "multiply" - ie. self-propagation within a computer and a computer network.

Since then, as various office software tools have been able to work with specially written programs for them (for example, for Microsoft Office you can write applications in the Visual Basic language), a new type of malicious programs has appeared - the so-called. Macro viruses. Viruses of this type are distributed along with regular document files, and are contained within them as regular subroutines.

Not so long ago (this spring) an epidemic of the Win95.CIH virus and its many subspecies swept through. This virus destroyed the contents of the computer's BIOS, making it impossible to work. Often we even had to throw away motherboards damaged by this virus.

In the Russian software market, the most popular was the AVP package developed by the Kaspersky Anti-Virus Systems Laboratory. This is a universal product that has versions for a variety of operating systems.

Kaspersky Anti-Virus (AVP) uses all modern types of anti-virus protection: anti-virus scanners, monitors, behavioral blockers and change auditors. Various versions of the product support all popular operating systems, mail gateways, firewalls, web servers. The system allows you to control all possible ways of viruses penetrating the user's computer, including the Internet, e-mail and mobile storage media. Kaspersky Anti-Virus management tools allow you to automate the most important operations for centralized installation and management, both on a local computer and in the case of comprehensive protection of an enterprise network. Kaspersky Lab offers three ready-made anti-virus protection solutions designed for the main categories of users. First, anti-virus protection for home users (one license for one computer). Secondly, anti-virus protection for small businesses (up to 50 workstations in the network). Thirdly, anti-virus protection for corporate users (more than 50 workstations in the network). The times are irrevocably gone when, in order to be completely sure of safety from "infection", it was enough not to use "random" floppies and run the Aidstest utility on a machine once or twice a week R, which checks the computer hard drive for suspicious objects. First, the range of areas in which these objects may appear has expanded. E-mail with attached "harmful" files, macro viruses in office (mostly Microsoft Office) documents, "Trojan horses" - all of this appeared relatively recently. Secondly, the approach of periodic revisions of the hard disk and archives has ceased to justify itself - such checks would have to be carried out too often, and they would take up too many system resources.

Outdated security systems have been replaced by a new generation capable of tracking and neutralizing the "threat" in all critical areas - from e-mail to copying files between drives. At the same time, modern antiviruses organize real-time protection, which means that they are constantly in memory and analyze the information being processed.

One of the most well-known and widely used anti-virus protection packages is AVP from Kaspersky Lab. This package comes in many different variations. Each of them is designed to solve a specific range of security problems, and has a number of specific properties.

The protection systems distributed by Kaspersky Lab are divided into three main categories, depending on the types of tasks they solve. These are protection for small businesses, protection for home users, and protection for corporate customers.

AntiViral Toolkit Pro includes programs that allow you to protect workstations controlled by various OS - AVP scanners for DOS, Windows 95/98 / NT, Linux, AVP monitors for Windows 95/98 / NT, Linux, file servers - AVP monitor and scanner for Novell Netware, monitor and scanner for NT server, WEB server - AVP Inspector disk auditor for Windows, Microsoft Exchange mail servers - AVP for Microsoft Exchange and gateways.

AntiViral Toolkit Pro includes scanners and monitor programs. Monitors allow you to organize the more complete control required in the most critical areas of the network.

In Windows 95/98 / NT networks, AntiViral Toolkit Pro allows for centralized administration of the entire logical network from the administrator's workstation using the AVP Network Control Center software package.

The AVP concept makes it easy and regular to update anti-virus programs by replacing the anti-virus databases - a set of files with the .AVC extension, which currently allow more than 50,000 viruses to be detected and removed. Updates to the anti-virus databases are released and are available from the Kaspersky Lab server every day. At the moment, the AntiViral Toolkit Pro (AVP) antivirus software package has one of the largest anti-virus databases in the world.

Similar information.