Classification of software protection tools. Classification of information security methods. What are the information dangers?

Means of ensuring information security in terms of preventing intentional actions, depending on the method of implementation, can be divided into groups:

1. Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.), which use hardware to solve information security problems. They either prevent physical penetration, or, if penetration does occur, access to information, including through its masking. The first part of the problem is solved by locks, bars on windows, security alarms, etc. The second part is solved by noise generators, surge protectors, scanning radios and many other devices that “block” potential channels of information leakage or allow them to be detected. Advantages technical means associated with their reliability, independence from subjective factors, and high resistance to modification. Weak sides – insufficient flexibility, relatively large volume and weight, high cost.

2. Software include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the security system, etc. Advantages software – versatility, flexibility, reliability, ease of installation, ability to be modified and developed. Flaws– limited functionality of the network, use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware).

3. Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties.

4. Organizational means consist of organizational and technical (preparing premises with computers, laying a cable system, taking into account the requirements for limiting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). Advantages organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Flaws– high dependence on subjective factors, including the general organization of work in a particular department.

Software tools are distinguished according to the degree of distribution and availability, so they are discussed in more detail below. Other means are used in cases where it is necessary to provide an additional level of information protection.

Encryption data is a type of information security software and is of particular importance in practice as the only reliable protection information transmitted over long serial lines from leakage. Encryption forms the last, almost insurmountable “line” of protection against unauthorized access. The term "encryption" is often used in connection with more general concept cryptography Cryptography includes methods and means of ensuring information confidentiality (including through encryption) and authentication. Confidentiality– protection of information from familiarization with its contents by persons who do not have the right to access it. In its turn authentication is the establishment of the authenticity of various aspects of information interaction: communication session, parties (identification), content (imitation protection) and source (attribution using a digital signature).

Literature

• Odom W. Computer networks. First step = Computer Networking: First-step / Per. V. Gusev. - St. Petersburg: “Williams”, 2006. - 432 p. - (First step). - 3,000 copies. - ISBN 5-8459-0881-7.
• Tanenbaum E, Weatherall D. Computer networks. - Peter, 2012. - 960 p.

Federal Agency for Education

Technical Institute (branch) of a state educational institution of higher professional education

« North- Eastern Federal University named after M.K. Ammosova"

ABSTRACT

IN COMPUTER SCIENCE

Topic: Computer networks

Completed by: Konstantinov Keskill

Checked by: Soboleva N.I.

Appendix 1 to Regulations on the system of certification of information security means according to security requirements for information constituting state secrets (certification system SZI-GT), approved by order FSB of the Russian Federation dated November 13, 1999 No. 564 “On approval of provisions on the system of certification of information security means according to security requirements for information constituting state secrets and on its marks of conformity”

Types of information security tools,

subject to certification

in the SZI-GT certification system

1. Technical means of information security, including means of monitoring the effectiveness of information security measures taken:

1.1. Means of protecting information from interception of optical signals (images) in the visible, infrared and ultraviolet wavelengths.

1.2. Means of protecting information from interception of acoustic signals propagating in air, water, and solid media.

1.3. Means of protecting information from the interception of electromagnetic signals, including the interception of spurious electromagnetic radiation and interference (PEMIN) arising during the operation of technical means of recording, storing, processing and documenting information.

1.4. Means of protecting information from interception of electrical signals arising in conductive communications:

At the expense of PEMIN during the operation of technical means of recording, storing, processing and documenting information;

Due to the effect of electroacoustic signal conversion by auxiliary technical means and systems.

1.5. Means of protecting information from radiation reconnaissance activities to obtain information due to changes in the natural radiation background of the environment that occurs during the operation of the protected object.

1.6. Means of protecting information from chemical reconnaissance activities to obtain information due to changes in the chemical composition of the environment that arise during the functioning of the protected object.

1.7. Means of protecting information from the possibility of obtaining information by magnetometric reconnaissance due to changes in the local structure of the Earth's magnetic field arising as a result of the activity of the protected object.

1.8 Technical means of detecting and identifying special technical means intended for secretly obtaining information, installed in the structures of buildings and objects (premises, vehicles), engineering and technical communications, interior, in household appliances, in technical means of recording, storing, processing and documenting information, communication systems and in open areas.

2. Protected hardware and systems, including:

2.1. Means of scrambling, masking or encrypting telematic information transmitted over communication channels.

2.2. Equipment for transmitting video information over an optical channel.

3. Technical means of protecting special operational and technical measures (special technical means intended for secretly obtaining information).

4. Technical means of protecting information from unauthorized access (NSD):

4.1. Protective equipment, including:

Locks (mechanical, electromechanical, electronic);

Fillings;

Single use locks;

Protective adhesive tapes;

Security and holographic labels;

Special protective packaging;

Electrical sensors of various types;

Television security and control systems;

Laser systems;

Optical and infrared systems;

Identification devices;

Plastic identification cards;

Fencing;

Means for detecting an intruder or disruptive influence;

Special means for transporting and storing physical storage media (streamer cassettes, magnetic and optical discs and so on.)

4.2. Special means of protection against document forgery based on optical-chemical technologies, including:

Means of protecting documents from photocopying;

Means of protecting documents from forgery (substitution) using chemical identification agents;

Means of protecting information using secret writing.

4.3. Special pyrotechnic means for transportation, storage and emergency destruction of physical media (paper, photographic film, audio and video cassettes, laser discs).

5. Software tools for protecting information from unauthorized access and software bookmarks:

5.1. Programs that provide access control to information.

5.2. Programs for identification and authentication of terminals and users based on various criteria (password, additional code word, biometric data, etc.), including programs for increasing the reliability of identification (authentication).

5.3. Programs for checking the functioning of the information security system and monitoring the integrity of the means of protection against unauthorized access.

5.4. Protection programs for various auxiliary purposes, including anti-virus programs.

5.5. Programs for protecting PC operating systems (modular software interpretation, etc.).

5.6. Programs for monitoring the integrity of system-wide and application software.

5.7. Programs that signal violation of resource use.

5.8. Programs for destroying residual information in storage devices (RAM, video memory, etc.) after completing its use.

5.9. Programs for monitoring and restoring file data structure.

5.10. Programs for simulating the operation of the system or blocking it when cases of unauthorized access are detected.

5.11. Programs for determining the facts of unauthorized access and signaling (transmitting messages) about their detection.

6. Secure software for information processing:

6.1. Application packages for automated workstations (AWS).

6.2. Computer network databases.

6.3. Software automated systems control system (ACS).

6.4. Software tools for identifying the manufacturer of a software (information) product, including tools for identifying copyright.

7. Software and hardware information security tools:

7.1 Software and hardware to protect information from unauthorized copying, including:

Data storage media protection tools;

Means for preventing copying of software installed on a PC.

7.2. Software and hardware tools for cryptographic and stenographic protection of information (including means of masking information) when stored on data carriers and when transmitted over communication channels.

7.3. Software and hardware means of interrupting the operation of the user’s program if he violates access rules, including:

Forced termination of the program;

Locking the computer.

7.4. Software and hardware tools for erasing data, including:

Erasing residual information arising during the processing of classified data in random access memory and on magnetic media;

Reliable erasure of outdated information from magnetic media.

7.5. Software and hardware for issuing an alarm when attempting unauthorized access to information, including:

Means for recording incorrect user requests to protected information;

Means of organizing control over the actions of PC users.

7.6. Software and hardware tools for detecting and localizing the actions of software and software and hardware bookmarks.

8. Special means of protection against personal identification:

8.1. Means of protection against phonographic examination of speech signals.

8.2. Means of protection against fingerprint examination.

9. Software and hardware protection against unauthorized access to systems of operational investigative measures (SORM) on communication lines:

9.1. In wired communication systems.

9.2. IN cellular systems communications.

Information, in relation to the task of protecting it, is understood as information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation. Depending on the form of presentation, information can be divided into speech, telecommunication and documented.

Under information security the state of security is understood information system, including the information itself and the infrastructure that supports it. An information system is in a state of security if its confidentiality, availability and integrity are ensured.

Confidentiality(confidentiality) is a guarantee that secret data will be accessible only to those users who are allowed this access; such users are called legal, or authorized.

Availability Availability is a guarantee that authorized users will always have access to data.

Integrity Integrity is a guarantee that data is kept at its correct values ​​by preventing unauthorized users from altering, modifying, destroying, or creating data in any way.

Security requirements may vary depending on the purpose of the information system, the nature of the data used and the type of possible threats. It is difficult to imagine a system for which the properties of integrity and availability would not be important, but the property of confidentiality is not always required. For example, if you publish information on the Internet on a web server and the goal is to make it accessible to the widest possible range of people, privacy is not required. However, integrity and availability requirements remain relevant.

Indeed, if special measures are not taken to ensure system integrity, an attacker can change the data on your server and thereby cause damage to the enterprise. A criminal can, for example, make changes to a price list posted on a web server, which will negatively affect the competitiveness of an enterprise, or corrupt codes freely distributed by a company software product, which will certainly affect its business reputation.

No less important in in this example is also ensuring data availability. Having spent considerable money on creating and maintaining a server on the Internet, an enterprise has the right to count on a return: an increase in the number of clients, the number of sales, etc.

However, there is a possibility that an attacker will launch an attack, as a result of which the data placed on the server will become inaccessible to those for whom it was intended. An example of such malicious actions is “bombarding” a server with packets, each of which, in accordance with the logic of the corresponding protocol, causes the server to time out, which ultimately makes it unavailable for all other requests.

The concepts of confidentiality, availability and integrity can be defined not only in relation to information, but also to other resources computer network, such as external devices or applications. Thus, the confidentiality property in relation to, for example, a printing device can be interpreted in such a way that those and only those users who are allowed this access have access to the device, and they can perform only those operations with the device that are defined for them.

The availability property of a device means that it is ready to operate whenever the need arises. And the property of integrity can be defined as the property of immutability of the parameters of a given device.

Legality of use network devices is important not only insofar as it affects data security. Devices can provide various services (printing texts, sending faxes, Internet access, Email etc.), the illegal consumption of which, causing material damage to the enterprise, is also a violation of system security.

Information security refers to activities aimed at preventing the leakage of protected information, unauthorized and unintentional impacts on protected information.

The purpose of information protection (its desired result) is to prevent damage to the owner, possessor or user of the information. The effectiveness of information protection is understood as the degree to which the results of information protection correspond to the intended purpose. The object of protection may be information, its carrier or information process, in respect of which it is necessary to ensure protection in accordance with the stated purpose.

Legislative measures to protect information processing processes consist of the implementation of existing laws in the country or the introduction of new laws, regulations, decrees and instructions regulating the legal liability of officials - users and technical staff - for leakage, loss or modification of information entrusted to them that is subject to protection , including for attempts to perform similar actions outside of their authority, as well as the liability of unauthorized persons for attempting deliberate unauthorized access to equipment and information. Melnikov V.P. Information security and information protection. Ed. Center "Academy", 2008. -- 336 p.

The purpose of legislative measures is to prevent and deter potential violators.

Methods and means of organizational information protection include organizational, technical and organizational and legal measures carried out in the process of creating and operating computer systems to ensure information protection. These activities should be carried out during the construction or renovation of premises in which computer systems will be located; system design, installation and adjustment of its hardware and software; testing and checking the performance of computer systems.

Basic properties of methods and means of organizational protection:

ensuring complete or partial blocking of a significant part of information leakage channels (for example, theft or copying of information carriers); combining all used in computer systems means into a holistic information protection mechanism. Methods and means of organizational information protection include:

limitation physical access to computer systems objects and implementation of security measures;

restriction of access to information resources and computer system processes (setting access control rules, encrypting information during its storage and transmission, detecting and destroying hardware and software bookmarks);

backup copying of the most important document arrays from the point of view of loss;

Engineering and technical means of information security mean physical objects, mechanical, electrical and electronic devices, structural elements of buildings, fire extinguishing means and other means that ensure:

protection of the territory and premises of computer systems from intruders;

protection of computer system hardware and storage media from theft;

preventing the possibility of remote (from outside the protected area) video surveillance (eavesdropping) of the work of personnel and the functioning of technical means of computer systems;

organizing access to the premises of employees’ computer systems;

control over the operating mode of computer systems personnel;

control over the movement of computer systems employees in various production areas;

fire protection of computer systems premises;

minimizing material damage from information loss resulting from natural disasters and man-made accidents.

The most important integral part Engineering and technical means of information security are technical means of security that form the first line of protection of computer systems and are a necessary but insufficient condition for maintaining the confidentiality and integrity of information in a computer system.

Hardware information security includes electronic and electronic-mechanical devices that are included in the technical means of computer systems and perform (independently or in conjunction with software) some support functions information security. The criterion for classifying a device as hardware rather than engineering means of protection is the mandatory inclusion of computer systems in the technical means.

Information security software means special programs, included in the software of computer systems solely to perform protective functions.

Since potential threats to information security are very diverse, information security goals can only be achieved by creating integrated system information protection, which is understood as a set of methods and means united for a single purpose and ensuring the necessary efficiency of information protection in computer systems.

The main methods of protection against unauthorized access to information in computer systems are authentication, authorization (determining the subject's access rights to an object with confidential information) and information encryption. Khorev P. B. Methods and means of information protection in computer systems. Publishing house "Academy" 2005, p.256

Consider the main methods of SI.

1) Access control is a way to protect information by regulating the use of all system resources (hardware, software, database elements). The data processing system must regulate the days of the week and time of day on which users and system personnel are allowed to work. A list of system resources to which access is permitted and the order of access to them must also be determined. It is necessary to have a list of persons who have the right to use technical means, programs and functional tasks, etc. Access control includes following functions protection: identification of users, personnel and system resources; verification of authority, which consists in checking the compliance of the day of the week, time of day, as well as the requested resources and procedures with the established regulations; permission and creation of working conditions within the established regulations; registration (logging) of requests to protected resources; response (delay of work, failure, shutdown, alarm) in case of attempts of unauthorized actions.

2) Masking is a method of protecting information by cryptographicly closing it.

3) Regulation – consists in the development and implementation in the process of functioning of data processing systems, sets of measures that create such conditions automated processing and storage of protected information, in which the possibility of unauthorized access would be minimized.

4) Coercion – users and personnel of the data exchange system are forced to comply with the rules for the processing and use of protected information under the threat of material, administrative or criminal liability.

The considered SI methods are implemented using various means of protection. They are distinguished: technical, programmatic, organizational, legislative and moral and ethical.

Technical means are means that are implemented in the form of electrical, electromechanical and electronic devices. The entire set of technical means is usually divided into hardware and physical.

Hardware security means devices that are built directly into the equipment of data processing systems or devices that interface with the equipment via a standard interface.

Physical – such means that are implemented in the form of autonomous devices or systems (electronic-mechanical equipment burglar alarm and video surveillance, locks on doors, bars on windows, etc.).

Security software consists of programs specifically designed to perform functions related to security information.

Organizational means of protection are organizational technical and organizational legal measures carried out in the process of creating and operating systems to ensure information protection. Organizational measures cover all structural elements of data processing systems at all stages of their life cycle: construction of premises, system design, installation and adjustment of equipment, testing and inspection, operation.

Legislative remedies include legislative acts that regulate the rules for the use and processing of restricted access information and establish penalties for violating these rules.

Moral and ethical means of protection include all kinds of norms that have developed traditionally or are emerging as they spread computing facilities. These norms are for the most part not mandatory, like legislative measures, however, failure to comply with them can lead to the loss of authority and prestige of a person or organization.

All considered means of protection are divided into formal and informal. The first include means that perform protective functions strictly according to a predetermined procedure and without direct human participation. Informal means include those that are either determined by the purposeful activities of people or regulate (directly or indirectly) this activity.

Data protection– this is a set of measures taken to prevent leakage, theft, loss, unauthorized destruction, distortion, modification (counterfeiting), unauthorized copying, blocking of information, etc. Since the loss of information can occur for purely technical, objective and unintentional reasons, this definition also includes measures related to increasing the reliability of the server due to failures or malfunctions of hard drives, deficiencies in the used software etc.

It should be noted that along with the term "data protection"(applied to computer networks) is widely used, usually in a closely related sense, the term "computer security".

Transition from work to personal computers to work on the network makes it more difficult information protection the following reasons:

1. a large number of users on the network and their variable composition. Security at the user name and password level is not sufficient to prevent unauthorized persons from entering the network;
2. significant length of the network and the presence of many potential channels of penetration into the network;
3. already noted shortcomings in hardware and software, which are often not discovered at the pre-sale stage, called beta testing, and during operation. Including built-in tools that are imperfect information protection even in such well-known and “powerful” network operating systems as Windows NT or NetWare.

The severity of the problem associated with the large length of the network for one of its segments on a coaxial cable is illustrated in Fig. 9.1. There are many physical places and channels for unauthorized access to information on the network. Every device on a network is a potential source of electromagnetic radiation due to the associated fields, especially at high frequencies, are shielded imperfectly. The grounding system, together with the cable system and power supply network, can serve as a channel for accessing information on the network, including in areas outside the controlled access zone and therefore especially vulnerable. In addition to electromagnetic radiation, non-contact electromagnetic effects on the cable system pose a potential threat. Of course, if you use wired connections like coaxial cables or twisted pairs, often called copper cables, it is also possible to directly physical connection to the cable system. If passwords for logging into the network become known or are guessed, unauthorized login to the network from a file server or from one of the workstations becomes possible. Finally, information can leak through channels outside the network:

• storage media storage,
• elements of building structures and windows of premises that form leakage channels confidential information due to the so-called microphone effect,
• telephone, radio, and other wired and wireless channels (including mobile communication channels).

Rice. 9.1.

Any additional connections to other segments or Internet connections create new problems. Attacks on local network through an Internet connection in order to gain access to confidential information have recently become widespread due to the disadvantages of the built-in system information protection in TCP/IP protocols. Network attacks over the Internet can be classified as follows:

• Packet sniffer (sniffer – in this case in the sense of filtering) – application program which uses network card, operating in promiscuous mode (in this mode, all packets received over physical channels are network adapter sent to the application for processing).
• IP spoofing (spoof - deception, hoax) - occurs when a hacker, inside or outside a corporation, impersonates an authorized user.
• Denial of Service (DoS). A DoS attack makes a network unavailable for normal use by exceeding the permissible limits of network operation, operating system or applications.
• Password attacks are an attempt to guess the password of a legitimate user to log into a network.
• Man-in-the-Middle attacks – direct access to packets transmitted over the network.
• Application level attacks.
• Network intelligence is the collection of network information using publicly available data and applications.
• Abuse of trust within the network.
• Unauthorized access (UNA), which cannot be considered a separate type of attack, since most network attacks carried out to gain unauthorized access.
• Viruses and Trojan horse applications.

Classification of information security tools

Data protection in the network in Fig. 9.1. can be improved through the use of special noise generators that mask side electromagnetic radiation and interference, noise suppression network filters, power supply noise devices, scramblers (encoders) telephone conversations), work suppressors cell phones etc. The radical solution is to switch to fiber-optic connections, which are free from the influence of electromagnetic fields and make it possible to detect the fact of an unauthorized connection.

In general, the means of support information protection In terms of preventing intentional actions, depending on the method of implementation, they can be divided into groups:

1. Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.) that solve problems using hardware information protection. They either prevent physical penetration, or, if penetration does occur, access to information, including through its masking. The first part of the problem is solved by locks, bars on windows, security alarms, etc. The second part is solved by the noise generators mentioned above, surge protectors, scanning radios and many other devices that “block” potential information leakage channels or allowing them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses: insufficient flexibility, relatively large volume and weight, high cost.
2. Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the security system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, ability to be modified and developed. Disadvantages - limited network functionality, use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware).
3. Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties.
4. Organizational means consist of organizational and technical (preparing premises with computers, laying a cable system, taking into account the requirements for limiting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.