Channel of leakage of protected information. Protection against espionage in fiber-optic lines and communication systems

The competitiveness of organizations in many sectors of the economy directly depends on the safety of their trade secrets - customer base, business strategies and purchase prices. However, the amount of confidential information in Lately is growing by leaps and bounds, and it becomes difficult to choose the means of protection against information leakage.

Architecturally, the choice of tools for solving this problem is determined by the answers to the following questions:

• What information needs to be protected (customer data, customer contacts, purchase prices, personal data)?
• From whom should the information be protected (intruder model)?
• What segment of the infrastructure needs to be protected - where, in the first approximation, is the protected information located (office, factory, store, mobile devices)?

The article sequentially describes the methodology for analyzing and preparing answers to the above questions - developing the architecture of the information leakage protection system.

What information needs to be protected?

The standard answer of an information security specialist to the question “what needs to be protected” will contain three aspects - confidential information, sensitive data, and commercial secrets. However, it is necessary to clarify that in each specific case the answer to this question is determined by what information the company considers to be of high value. For some company, this may be a customer base, for another - geo-location information, and, probably, for all enterprises, this is information related to their financial activities.

Moreover, any enterprise is a set of business units and service services, whose managers can help the information security specialist understand what is valuable for the enterprise, what specific information. For example, for a power grid company, from the point of view of the financial service, it is necessary to protect the structure of the prime cost of the tariff, and from the point of view of personnel, information on compensation (salaries and bonuses), as well as the resume base.

After the formation of a common vision of what will be classified as valuable data, it is necessary to proceed to the classification of the existing data set at the enterprise. To reduce labor intensity and improve the quality of this stage of work, automation tools widely presented on the market allow Data class Classification Application (or "spider", "crawler") - Digital Guardian, Forcepoint, Varonis IDU Classification Framework, Titus, Classifier360 and others. These solutions provide search and classification of an enterprise data array according to specified criteria and are often used as one of the elements of a complex of information leakage protection tools.

The main principles of data classification are:

• content analysis of the contents of files for keywords (numbers credit cards, contract numbers, geolocation data, etc.);
• contextual analysis (sender of the letter, date of creation and author of the document, etc.);
• custom data classification, when the assignment of labels to the data to be protected is done manually.

This data structure must be recorded in the internal documents of the enterprise - describe the levels of confidentiality of sensitive information (a list of confidential information) and determine the methodology for working with this information - develop security policies information security, regulations for working with confidential information.

A key element that ensures the effectiveness of protecting an enterprise from information leaks is informing employees about the composition of confidential information and the rules for working with it. One of the largest investment funds with assets over a billion dollars has lost control of confidential financial reporting, simply without communicating the security rules to the key employee: the security department thought that HR was teaching the rules for working with confidential information, and that the security department was teaching HR. Meanwhile, the employee took the hard drive home. Nobody would have found out about this incident, it was found out only during the audit of the effectiveness of the company's IT functions.

A modern approach to the task of training and monitoring the knowledge of employees is to use specialized programs raising user awareness (for example, such solutions are available from UBS companies, Kaspersky Lab, Angara Technologies Group, etc.). Training and control of the knowledge of the company's employees are carried out interactively, in the format of video lessons and tests, as well as quizzes and quests - for users with high level access to information.

From whom do you need to protect information?

External intruder

The basic approach to protection from an external intruder is the creation of a secure enterprise perimeter, both informational and physical. The technical means of prime necessity are an access control system (ACS) and a video surveillance system, which is irreplaceable tool in the investigation of incidents.

Particular attention should be paid to the correct destruction of paper documents. Oddly enough, not all companies use shredders at the workplace of employees: one large company conducted mandatory training and testing on the storage and transfer of confidential information, introduced information security regulations, followed the policy “ clean table"And" closed boxes ". However, cardboard boxes were used as a document shredding system and sent to industrial shredders once a week. Thus, during the periods of filling the boxes, one could find valuable documents of any kind in them: contracts, invoices, confidential letters, etc.

The main components of the information-protected perimeter of the enterprise are the availability of funds network protection and vulnerability management.

Russian enterprises use three main type of network protection:

• Firewalls, or rather NGFW or UTM solutions ( Check point NGTP, Palo Alto NGFW, Fortinet FortiGate, etc.). Modern firewalls already have minimal DLP engines that allow detecting leaks using customized templates.
• Web traffic control function - as a separate gateway or as part of NGFW (Blue Coat SG, McAfee WGW, Cisco WSA, Check Point NGTP, Palo Alto NGFW, Fortinet FortiGate, etc.). In particular, it would be helpful to prohibit the use of Google services(Disk, Gmail), mail.ru, yandex.ru, at least for uploading files. In particular, it is necessary to monitor user actions on the Internet, to limit the amount of uploaded information.
• If the company uses corporate portal for storing confidential documents, it makes sense to pay attention to solutions of the Web Application Firewall (WAF) class (for example, such solutions are available from companies: Imperva, F5 Networks, A10 Networks, Positive Technologies, Security Code, etc.).

Vulnerability management is a process that is extremely important for building a secure infrastructure: the recent events with the WannaCry virus and, especially, with the Petya virus (in fact, it exploits the same vulnerability) have unambiguously reminded of this. Yes, protection against ransomware viruses is closer to the realm of data loss protection solutions than information theft. However, for example, the process of managing software updates (Patch Management), in general, will make it difficult to fundamentally penetrate the information perimeter of the enterprise, regardless of its purpose.

Insider intruder

Defending against an insider is a highly relevant and multifaceted topic, which has hundreds of articles and studies. In this publication, we note that for effective protection from the leakage of information important for the enterprise, it is necessary to develop a model of an internal information security intruder, taking into account at least the following parameters: does the intruder have legitimate access to data, what rights he has (limited or privileged), the type of access to data - only from the corporate network or also from outside from which devices access is possible (personal computer, mobile devices), the nature of the actions (intentional or unintentional).

Among the promising means of protection against an internal intruder are not so much the well-known DLPs as modern tools of behavioral and event analysis - UEBA (User and Entity Behavioral Analysis), SIEM (Security Incidents and Event Monitoring).

In one of the top 50 commercial banks (with international capital), desperate to find an affordable solution, the information security service replaced DLP with a complex of SIEM, NGFW and endpoint protection tools.

Which segment of the infrastructure needs to be protected?

Like any changing "living" entity, data has its own life cycle and your way in the infrastructure, namely:

• storage and processing of data in a data center or cloud data center;
• storage and processing of data on personal computer user, transfer between the data center and the user's computer;
• storage and processing on the user's mobile device, transferring to the user's mobile device.

Data protection in the data center

There can be no question of any protection if there are no basic measures to control access to data center resources. This can be done using the following basic tools:

• Microsegmentation of the server segment and granular differentiation of access to it - the SDN concepts or the more relevant TrustSec now, the implementation of the internal NGFW (including virtual implementations) will help here.
• Authentication when accessing resources, preferably two-factor (RSA, JaCarta, Rutoken, etc.).
• User authorization to access corporate resources: here you can consider global systems IDM and SSO are systems for granting rights to users depending on their assigned roles, with transparent "inheritance" of credentials between information systems... These systems allow, among other things, to reduce the number of errors caused by the "human factor", when the user is assigned more rights than he needs, or errors associated with untimely removal of revoked rights.

Upon reaching a certain level of "maturity", it is possible to use solutions at the application level:

• Realization of the concept of Virtual Data Room (VDR) is a structured data storage with the implementation of granular access to document containers or directly to the documents themselves. Typically, the user interface is a web portal with virtual office from where the user accesses the document. The most famous implementation options are - Microsoft SharePoint, Google Docs portal.
• Database Activity Monitoring and Prevention (DAM / DAMP) is a system for auditing and controlling actions with a database, in fact, controlling queries to the database. The system allows you to track, and in the case of DAMP, block illegal requests to the database. Thus, it is possible to control whether the user does not receive access to the database that is not required for his work, whether he performs a regular request for records that he does not need in his work. This system allows you to control privileged users of the database, monitor for leaks or block their data downloads.
• Database Encryption is a more secure option from an illegitimate user in terms of data storage than DAM (P). In this case, the records in the database are stored encrypted, work with them is performed through the transformation interface, and therefore the theft of data by an illegitimate user will not allow him to read them. Encryption options: the entire database, dedicated database tables, dedicated records. The downside of this kind of protection is the direct impact on the performance of the database.
• Unstructured Data Management (UDM) is a data management solution for file storages, portals and other unstructured sources. Sometimes, when using UDM, the user does not work directly with the data, but gets access through the interface of the UDM system. In other cases, the UDM searches for confidential information, organizes the management of confidential information in accordance with corporate security policy, and helps to understand "who ate from my bowl" in difficult conflict situations.

Security in business processes

The control of information flows and movement of information during storage, processing and transmission of information by users is of particular difficulty in implementation. Users do not always comply with information security rules (or even completely ignore them), document flow rules (stamps, tags and other marking mechanisms), and also want services and equipment to work without delays. To fulfill the listed requirements, enterprises use three classes of specialized technologies (sets of technologies):

• Data Leak Prevention (DLP), and DLP acts rather not as a product, but as a set of solutions. It is necessary to control leaks along the entire route of data between the user's computer, over all data transmission channels - this is mail, and the web, and external devices storage. It is also necessary to control the absence of prohibited programs on the user's computer, for example, encryption programs, or external USB modem connections. DLP systems can track leaks through the corporate channel by monitoring keywords, document tags, and document metadata. Leaks via the web channel are monitored in the same way with mandatory disclosure of SSL traffic (integration with a web gateway is required). The DLP system must have agent software that monitors the movement of files on the user's file system. Sometimes a DLP system is installed in a "silent monitoring" mode, invisible to the user. In this case, the user who decided to take the data of interest from the enterprise is easier to find, since he, as a rule, uses simple means for his own purposes.
• Without using an integrated approach to ensuring information security, the implementation of a DLP system may not bring the expected results. For example, if users have the ability to copy information to USB drives or transfer encrypted archives via e-mail, then the leak of documents, even with the implemented DLP system, will not be detected. This is precisely the situation that developed during a pilot project for the implementation of a DLP system at one of the retailers of the retail network.
• Information Rights Management (IRM) / Digital Rights Management (DRM) solutions containerize each protected document individually. Thus, information about access rights, document encryption keys is tied directly to the document itself. Therefore, even if the document falls into the wrong hands, it will not be opened and read. From the point of view of document protection, this solution fulfills its task in almost any variant of its theft. The disadvantage of such solutions is the complexity of their implementation, both technical (requirements for users' computers, accessibility of authorization servers) and organizational (it is necessary to train employees to work with the system, the correct assignment of rights, it is required to support the system).
• For mobile users with a high level of access to valuable documents, it is best to use full encryption of the laptop file system - Full Disk Encryption (FDE). Then a laptop forgotten at the airport will not be a "disaster" for the company. There were reports in the press that the National Aeronautics and Space Administration (NASA) had already lost 4 laptops with data on space programs and tens of thousands of employees.

Protection against leaks when working with privileged users is primarily a Privileged User Management (PUM) solution that proxies the work of a privileged user with a target system. Within the framework of the system operation, it is possible to control the commands entered by the user, block prohibited actions and record literally by video filming all the actions performed by the user. Also, in order to control and limit the powers of privileged users, the above is used. DRM solution or masking data in the database.

Mobile computing security

In 2017, one cannot fail to mention another important context for working with valuable documents - mobile phones and tablets. The issues of secure publication of data on the Internet and storage of data on users' devices come to the fore. Let's list the main solutions that are successfully applied by Russian business in this context:

• SSL portals - many manufacturers of NGFW or Web-GW gateways offer the implementation of software modules - web portals that implement, firstly, SSL encryption, secondly, user authentication and authorization when connecting, logging user actions, and, what is most important in this case is the implementation of a mobile client for working with the portal and documents received through it. Implementation options include both solutions that only protect data in transit, and solutions with minimal data protection also when stored on the device, including containerization and denial of access to files of external mobile applications, user authentication when accessing documents and, in some cases, encryption container with data (Check Point Capsule).
• Solutions of the Mobile Device Management (MDM) class: if the work with valuable documents is available from users' mobile devices and the company uses the BYOD (Bring Your Own Device) concept, then the implementation of an MDM system seems to be very relevant.

conclusions

Leakage of valuable information entails not only financial, but also reputational losses for the company, which are often not possible to assess in monetary terms. Therefore, the implementation of solutions to protect against information leaks at an enterprise requires not only an integrated approach and careful technical study, but also a strategic vision and support from the company's management. If a company is going to occupy the leading places in the market and is working with an eye to long-term development, it should think about protecting its secrets.

However, protection may not be worth the guarded secrets, or even completely useless if it is carried out haphazardly, without careful planning of a system to protect against leakage of confidential information of the enterprise.

The subsystem of engineering and technical protection of information from leakage is designed to reduce to acceptable values the magnitude of the risk (probability) of unauthorized dissemination of information from a source located inside the controlled area to the attacker. To achieve this goal, the system must have mechanisms (forces and means) for detecting and neutralizing threats of eavesdropping, surveillance, interception and information leakage through a material channel.

In accordance with the classification of methods of engineering and technical protection of information considered in the second section, the basis for the functioning of the system of engineering and technical protection of information from leakage is made up of methods of spatial, temporal, structural and energy hiding.

To ensure spatial concealment, the system must have hidden locations for information sources, known only to people who directly work with it. A very limited circle of people has access to the premises in which secret documents are kept. The heads of private structures often use caches in the form of a safe built into the wall and covered with a painting and even a separate room with a camouflaged door to store especially valuable documents.

To implement temporary concealment, the protection system must have a mechanism for determining the time of occurrence of a threat. In general, this time can be predicted, but with big mistake... But in some cases it is determined with sufficient accuracy. Such cases include time:

§ flying over the object of protection of the reconnaissance spacecraft;

§ operation of a radio-electronic device or electrical device as a source of dangerous signals;

§ being in the designated room of the visitor.

The ability to accurately determine the location of the reconnaissance spacecraft (SC) in outer space makes it possible to organize effective temporary secrecy of the protected object. This time is calculated by the parameters of the launched spacecraft orbit special service, which informs interested organizations about the schedule of its flight. Switching on a radio-electronic device that has not passed a special check and electrical appliance poses a potential threat speech information in the room in which the tool or device is installed. Therefore, conversations on closed issues with untested or unprotected radio electronic means and devices turned on are prohibited. Also, the arrival of a visitor to the allocated room should be considered as the emergence of a threat of information leakage. Therefore, in his presence, conversations and the display of tools and materials that are not related to the subject of the issues solved with the visitor are excluded. In order to avoid leakage of information through visitors, negotiations with them, except for cases when it becomes necessary in the discussion to demonstrate the work of funds, are held in a special dedicated room for negotiations,

located at a minimum distance from the checkpoint.

Structural and energetic concealment means differ significantly depending on the threats. Therefore, in the general case, it is advisable to divide the subsystem of engineering and technical protection against information leakage into complexes, each of which combines the forces and means of preventing one of the threats of information leakage (Fig. 19.7).

Chapter 1.

1. CLASSIFICATION AND BRIEF DESCRIPTION
TECHNICAL CHANNELS OF INFORMATION LEAKAGE

1.1. GENERAL CHARACTERISTICS OF TECHNICAL LEAKAGE CHANNEL

Under the technical channel of information leakage (TKUI) they understand the totality of the reconnaissance object, the technical reconnaissance tool (TSR), with the help of which information about this object is obtained, and the physical environment in which the information signal propagates. In fact, TKUI means method of obtaining reconnaissance information using TCP about the object. Moreover, under intelligence information usually means information or a set of data about objects of exploration, regardless of the form of their presentation.
Signals are material carriers of information. By their physical nature, signals can be electrical, electromagnetic, acoustic, etc. That is, signals, as a rule, are electromagnetic, mechanical and other types of oscillations (waves), and the information is contained in their changing parameters.
Depending on their nature, signals propagate in specific physical environments. In the general case, the propagation medium can be gas (air), liquid (water) and solid media. For example, airspace, building structures, connecting lines and conductive elements, soil (earth), etc.
The technical means of reconnaissance are used to receive and measure the parameters of signals.
This manual examines portable reconnaissance equipment used to intercept information processed in technical means, acoustic (speech) information, as well as covert surveillance and shooting equipment.

1.2. CLASSIFICATION AND CHARACTERISTICS OF TECHNICAL LEAKAGE CHANNELS,
PROCESSED FRUIT

Under technical means of receiving, processing, storing and transmitting information (TSPI) understand technical means that directly process confidential information. Such means include: electronic computing equipment, modeled automatic telephone exchanges, operational command and loud-speaking communication systems, sound reinforcement systems, sound accompaniment and sound recording, etc. ...
When identifying technical channels of information leakage, an electronic device must be considered as a system that includes the main (stationary) equipment, terminal devices, connecting lines (a set of wires and cables laid between individual electronic devices and their elements), distribution and switching devices, power supply systems, grounding systems.
Separate technical means or a group of technical means intended for the processing of confidential information, together with the premises in which they are located, constitute object of TSPI... TSPI objects are also understood as dedicated premises intended for holding closed events.
Along with the TSPI, technical means and systems are installed in the premises that are not directly involved in the processing of confidential information, but are used in conjunction with the TSPI and are located in the electrical zone. magnetic field created by them. Such technical means and systems are called auxiliary technical means and systems (VTSS)... These include: technical means of open telephone, loudspeaker communication, fire and burglar alarm, electrical, radio, clock, electrical appliances, etc. ...
As a channel of information leakage, the most interesting are VTSS, which go beyond controlled area (KZ), those. an area in which the appearance of persons and Vehicle that do not have permanent or temporary passes.
In addition to the connecting lines of TSPI and VTSS, wires and cables, which are not related to them, but pass through the rooms where the technical means are installed, as well as metal pipes of heating systems, water supply and other conductive metal structures, can go outside the controlled area. Such wires, cables and conductive elements are called by extraneous conductors.
Depending on the physical nature of the occurrence information signals, as well as the medium of their distribution and methods of interception, technical channels of information leakage can be divided into electromagnetic, electrical and parametric(Figure 1.1).

1.2.1. Electromagnetic channels of information leakage

TO electromagnetic include channels of information leakage arising from various types of side electromagnetic radiation(EMR) TSPI:
· Radiation of the elements of TSPI;
· Radiation at the frequencies of operation of high-frequency (HF) generators TSPI;
· Radiation at frequencies of self-excitation of low-frequency amplifiers (ULF) RTSPI.

1.2.2. Electrical channels of information leakage

The reasons for the emergence of electrical channels of information leakage can be:
· Guidance of electromagnetic radiation of TSPI on the connecting lines of VTSS and foreign conductors that go beyond the controlled area;
· Infiltration of information signals in the power supply circuit of the TSPI;
· Leakage of information signals in the grounding circuit of the TSPI.
Inductions of electromagnetic radiation TSPI arise when the elements of the TSPI (including their connecting lines) emit information signals, as well as in the presence of galvanic connection of the connecting lines of the TSPI and foreign conductors or VTSS lines. The level of the induced signals largely depends on the power of the emitted signals, the distance to the conductors, as well as the length of the joint run of the connecting lines of the RTD and foreign conductors.
The space around the TSPI, within which an information signal is induced on random antennas above the permissible (normalized) level, is called (dangerous) zone 1 .
A random antenna is a BTCC circuit or foreign conductors capable of receiving spurious electromagnetic radiation.
Random antennas can be lumped and distributed. Lumped random antenna is a compact technical means, for example telephone set, loudspeaker of the broadcasting network, etc. TO distributed random antennas include random antennas with distributed parameters: cables, wires, metal pipes and other conductive communications.
Leakage of information signals in the power supply circuit possible if there is a magnetic connection between the output transformer of the amplifier (for example, ULF) and the transformer of the rectifier device. In addition, the currents of the amplified information signals are closed through the power supply, creating a voltage drop across its internal resistance, which, with insufficient attenuation in the filter of the rectifier device, can be detected in the power supply line. The information signal can penetrate into the power supply circuits also as a result of the fact that the average value of the consumed current in the final stages of the amplifiers depends to a greater or lesser extent on the amplitude of the information signal, which creates an uneven load on the rectifier and leads to a change in the consumed current according to the law of the information signal.
Leakage of information signals in the ground circuit ... In addition to grounding conductors, which are used for direct connection of the RTD with the ground loop, various conductors that extend beyond the controlled area can have a galvanic connection to the ground. These include the neutral wire of the power supply network, screens (metal sheaths) of connecting cables, metal pipes of heating and water supply systems, metal fittings of reinforced concrete structures, etc. All these conductors, together with the grounding device, form a branched grounding system, to which information signals can be induced. In addition, an electromagnetic field appears in the ground around the grounding device, which is also a source of information.
Interception of information signals through electrical leakage channels is possible by direct connection to the VTSS connecting lines and extraneous conductors passing through the premises where the TSPI are installed, as well as to their power supply and grounding systems. For these purposes, special means of radio and electronic reconnaissance are used, as well as special measuring equipment.
Diagrams of electrical channels of information leakage are shown in Fig. 1.3 and 1.4.

Removing information using hardware bookmarks ... V last years there have been more cases of retrieving information processed in the TSPI, by installing in them electronic devices interception of information - embedded devices.
Electronic devices for intercepting information installed in the RTSPI are sometimes called hardware bookmarks... They are mini-transmitters, the radiation of which is modulated by an information signal. Most often, bookmarks are installed in foreign-made TSPI, however, their installation is also possible in domestic means.
The information intercepted with the help of embedded devices is either directly transmitted over the radio channel, or is first recorded on a special storage device, and only then, on command, it is transmitted to the object that requested it. A diagram of an information leakage channel using embedded devices is shown in Fig. 1.5.

1.2.3. Parametric channel of information leakage

Interception of information processed in technical means is also possible by means of their “ high-frequency irradiation”. When the irradiating electromagnetic field interacts with the elements of the TSPI, the re-emission of the electromagnetic field occurs. In some cases, this secondary radiation is modulated by an information signal. When retrieving information, to eliminate the mutual influence of the irradiating and re-emitted signals, their time or frequency isolation can be used. For example, pulsed signals can be used to irradiate the DRT.
When re-emitted, the parameters of the signals change. Therefore, this channel of information leakage is often called parametric.
To intercept information on this channel special high-frequency generators with antennas with narrow radiation patterns and special radio receivers are needed. The diagram of the parametric channel of information leakage is shown in Fig. 1.6.

Protection of information from leakage through technical channels is achieved by design and architectural solutions, organizational and technical measures, as well as the identification of portable electronic devices for intercepting information (we will focus on this later).

An organizational event is an information protection event that does not require the use of specially developed technical means.

The main organizational and security measures include:

• - involvement in the work on the protection of information of organizations that have a license for activities in the field of information protection, issued by the relevant authorities;
• - categorization and attestation of the objects of the TSPI and the premises allocated for holding closed events (hereinafter referred to as the allocated premises) to meet the requirements for ensuring the protection of information when working with information of the appropriate degree of secrecy;
• - use of certified TSPI and VTSS at the facility;
• - establishment of a controlled area around the facility;
• - involvement of organizations licensed to operate in the field of information security for the relevant items in construction work, reconstruction of TPTS facilities, installation of equipment;
• - organization of control and restriction of access to the objects of the consumer goods and to the allocated premises;
• - the introduction of territorial, frequency, energy, spatial and temporal restrictions in the modes of use of technical means subject to protection;
• - disconnection for the period of closed events of technical means with elements that act as electroacoustic transducers from communication lines, etc.

A technical event is an information protection event involving the use of special technical means, as well as the implementation of technical solutions.

Technical measures are aimed at closing the channels of information leakage by weakening the level of information signals or reducing the signal-to-noise ratio in places where portable reconnaissance means or their sensors are possible to values ​​that ensure the impossibility of isolating an information signal by means of reconnaissance, and are carried out using active and passive means.

Technical measures using passive means include

Control and restriction of access to the objects of the retail trade and to the allocated premises:

Installation of technical means and systems of restriction and control of access at the objects of TSPI and in dedicated premises.

Localization of radiation:

• - shielding of TSPI and their connecting lines;
• - grounding of TSPI and screens of their connecting lines;
• - soundproofing of the allocated premises.

Decoupling information signals:

• - installation of special protective equipment in auxiliary technical means and systems that have a "microphone effect" and have an exit outside the controlled area;
• - installation of special dielectric inserts in the braids of power cables, pipes for heating systems, water supply, sewerage, which go beyond the controlled area;
• - installation of stand-alone or stabilized power supplies TSPI;
• - installation of guaranteed power supply devices TSPI;
• - installation of noise suppression filters of the FP type in the power supply circuits of the TSPI, as well as in the lines of the lighting and socket networks of dedicated rooms.

Activities using active funds include:

Spatial noise:

• - spatial electromagnetic noise with the use of noise generators or the creation of sighting interference (when detecting and determining the radiation frequency of the embedded device or side electromagnetic radiation of the TSPI) using means of creating sighting interference;
• - creation of acoustic and vibration noise using acoustic noise generators;
• - suppression of voice recorders in the recording mode using voice recorder jammers.

Linear noise:

• - linear noise of power supply lines;
• - Linear noise of extraneous conductors and connecting lines of VTSS that go beyond the controlled area.

Destruction of embedded devices:

Destruction of embedded devices connected to the line, using special pulse generators (burners "bugs").

The identification of portable electronic devices for intercepting information (embedded devices) is carried out by conducting special examinations, as well as special checks of the objects of the TSPI and the allocated premises.

Special examinations of the objects of technical and industrial equipment and the allocated premises are carried out by means of their visual inspection without the use of technical means.

A special check is carried out using technical means:

Identification of embedded devices using passive means:

• - installation in dedicated rooms of means and systems for detecting laser irradiation (illumination) of window panes;
• - installation of stationary detectors of voice recorders in dedicated rooms;
• - search for embedded devices using field indicators, interceptors, frequency meters, scanner receivers and software and hardware control systems;
• - organization of radio monitoring (permanently or at the time of confidential events) and spurious electromagnetic radiation from TSPI.

Identification of embedded devices using active funds:

• - special check of the allocated premises using non-linear locators;
• - a special check of the allocated premises, TSPI and auxiliary technical means using X-ray systems.

Protection of information processed by technical means is carried out using passive and active methods and means.

Passive information protection methods are aimed at:

• - attenuation of spurious electromagnetic radiation (information signals) of the TSPI at the border of the controlled area to values ​​that ensure the impossibility of their isolation by means of reconnaissance against the background of natural noise;
• - attenuation of the pickup of spurious electromagnetic radiation (information signals) of TSPI in extraneous conductors and connecting lines of VTSS, going beyond the controlled area, to values ​​that ensure the impossibility of their isolation by means of reconnaissance against the background of natural noise;
• - exclusion (weakening) of infiltration of information signals of TSPI in the power supply circuit, going beyond the controlled area, to values ​​that ensure the impossibility of their isolation by means of reconnaissance against the background of natural noise.

Active methods of information protection are aimed at:

• - creation of masking spatial electromagnetic interference in order to reduce the signal-to-noise ratio at the border of the controlled area to values ​​that make it impossible for the reconnaissance tool to select the information signal of the TSPI;
• - creation of masking electromagnetic interference in extraneous conductors and connecting lines of VTSS in order to reduce the signal-to-noise ratio at the border of the controlled area to values ​​that ensure the impossibility of identifying the information signal of the TSPI by means of reconnaissance.

Attenuation of side electromagnetic radiation of RTSI and their pickup in extraneous conductors is carried out by shielding and grounding RTSPI and their connecting lines.

The elimination (attenuation) of the leakage of information signals of TSPI in the power supply circuit is achieved by filtering information signals. To create masking electromagnetic interference, spatial and linear noise systems are used.

Shielding of technical means. The functioning of any technical means of information is associated with the flow of electric currents of various frequencies through its current-carrying elements and the formation of a potential difference between various points of its electrical circuit, which generate magnetic and electric fields called side electromagnetic radiation.

Nodes and elements of electronic equipment, in which there are high voltages and small currents flow, create electromagnetic fields in the near zone with a predominance of the electrical component. The predominant influence of electric fields on the elements of electronic equipment is also observed in those cases when these elements are insensitive to the magnetic component of the electromagnetic field.

Units and elements of electronic equipment, in which large currents flow and small voltage drops occur, create electromagnetic fields in the near field with a predominance of the magnetic component. The predominant influence of magnetic fields on the equipment is also observed if the device in question is insensitive to the electrical component or it is much less magnetic due to the properties of the emitter.

Alternating electric and magnetic fields are also created in the space surrounding the connecting lines (wires, cables) of the TSPI.

Spurious electromagnetic radiation of TSPI is the cause of the emergence of electromagnetic and parametric channels of information leakage, and can also be the cause of the induction of information signals in extraneous current-carrying lines and structures. Therefore, much attention is paid to reducing the level of spurious electromagnetic radiation.

An effective method for reducing the level of TEMIs is shielding their sources. The following shielding methods are distinguished:

• - electrostatic;
• - magnetostatic;
• - electromagnetic.

Electrostatic and magnetostatic shielding are based on closure by a screen (which has a high electrical conductivity in the first case, and magnetic conductivity in the second), respectively, of electric and magnetic fields.

Electrostatic shielding essentially boils down to closing the electrostatic field to the surface of the metal shield and venting electric charges on the ground (on the body of the device). Grounding the electrostatic shield is a necessary element when implementing electrostatic shielding. The use of metal screens allows you to completely eliminate the influence of the electrostatic field. When using dielectric screens tightly adjacent to the shielded element, it is possible to weaken the field of the pickup source by a factor of E, where E is the relative dielectric constant of the screen material.

The main task of shielding electric fields is to reduce the coupling capacity between the shielded structural elements. Consequently, the shielding efficiency is mainly determined by the ratio of the coupling capacities between the source and the pickup receptor before and after the installation of the grounded shield. Therefore, any action that leads to a decrease in the communication capacity increases the efficiency of the shielding.

The shielding effect of the metal sheet essentially depends on the quality of the connection between the screen and the device body and the parts of the screen with each other. It is especially important that there are no connecting wires between the parts of the screen and the case. At meter and shorter wavelengths, connecting conductors several centimeters long can drastically degrade shielding performance. For even more short waves decimeter and centimeter ranges, connecting conductors and busbars between shields are not permitted. To obtain a high efficiency of screening of an electric field, it is necessary to use a direct continuous connection of separate parts of the screen with each other.

In a metal screen, narrow slits and holes, the dimensions of which are small in comparison with the wavelength, practically do not worsen the screening of the electric field.

Shielding efficiency decreases with increasing frequency.

The main requirements for electrical screens can be formulated as follows

• - the design of the screen should be chosen such that the lines of force of the electric field are closed on the walls of the screen, without going beyond its limits;
• - in the low-frequency region (at a penetration depth (?) greater than the thickness (d), i.e. at?> d), the efficiency of electrostatic shielding is practically determined by the quality of the electrical contact of the metal shield with the device case and depends little on the shield material and its thickness;
• - in the high-frequency region (at d

Magnetostatic shielding is used when it is necessary to suppress interference on low frequencies from 0 to 3 ... 10 kHz.

The main requirements for magnetostatic screens can be summarized as follows:

• - the magnetic permeability of the screen material should be as high as possible. For the manufacture of screens, it is desirable to use soft magnetic materials with high magnetic permeability (for example, permalloy);
• - an increase in the thickness of the walls of the screen leads to an increase in the efficiency of the screening, however, in this case, possible design restrictions on the weight and dimensions of the screen should be taken into account;
• - joints, cuts and seams in the screen should be placed parallel to the lines of the magnetic induction of the magnetic field. Their number should be minimal;
• - grounding of the shield does not affect the effectiveness of the magnetostatic shielding.

The effectiveness of magnetostatic shielding increases with the use of multilayer shields.

Shielding of a high-frequency magnetic field is based on the use of magnetic induction, which creates alternating induction eddy currents (Foucault currents) in the screen. The magnetic field of these currents inside the screen will be directed towards the exciting field, and outside it - in the same direction as the exciting field. The resulting field is weakened inside the screen and reinforced outside it. Eddy currents in the screen are distributed unevenly over its cross section (thickness). This is caused by the phenomenon of the surface effect, the essence of which is that the alternating magnetic field weakens as it penetrates deep into the metal, since the inner layers are screened by eddy currents circulating in the surface layers.

Due to the surface effect, the eddy current density and the strength of the alternating magnetic field decrease exponentially as we go deeper into the metal. In sources of electromagnetic fields and interference, filtering is carried out in order to prevent the spread of unwanted electromagnetic waves outside the device - a source of a dangerous signal. Filtration in devices - receptors of electromagnetic fields and pickups should exclude their effect on the receptor.

Isolation transformers and noise suppression filters are used to filter the signals in the power supply circuits of the TSPI.

Isolation transformers. Such transformers must provide isolation of the primary and secondary circuits according to the pick-up signals, which means that pick-ups appearing in the primary winding circuit must not penetrate into the secondary circuit of the transformer. The penetration of pickups into the secondary winding is due to the presence of unwanted resistive and capacitive communication circuits between the windings.

To reduce the coupling of windings according to pick-up signals, it is often used inner shield, made in the form of a grounded spacer or foil laid between the primary and secondary windings. With this screen, the pickup acting in the primary winding is shorted to ground. However, the electrostatic field around the shield can also cause interference to enter the secondary circuit.

Isolation transformers are used to solve a number of tasks)