Unauthorized access to information is unplanned access, processing, copying, use of various viruses, including those that destroy software products, as well as modification or destruction of information in violation of established access control rules.
Therefore, in turn, protecting information from unauthorized access is intended to prevent an attacker from gaining access to the information carrier. There are three main areas in protecting computer and network information from unauthorized access:
– focuses on preventing the intruder from accessing the computing environment and is based on special technical means ah user identification;
– is associated with the protection of the computing environment and is based on the creation of special software;
– associated with the use of special means of protecting computer information from unauthorized access.
It should be borne in mind that to solve each problem, both different technologies and different means are used. Requirements for protective equipment, their characteristics, the functions they perform and their classification, as well as terms and definitions for protection against unauthorized access are given in the governing documents of the State Technical Commission:
– “Automated systems. Protection against unauthorized access to information. Classification of AS and requirements for information protection";
– “Computer technology. Protection against unauthorized access to information. Indicators of security against unauthorized access to information";
- "Protection against unauthorized access to information. Terms and Definitions". Technical means that implement protection functions can be divided into:
o built-in;
o external.
The built-in means of protecting a personal computer and software (Fig. 3.12) include password protection means for the BIOS, operating system, and DBMS. These tools can be frankly weak - BIOS with a supervisor password, Win95/98 password protection, but they can also be much more robust - BIOS without supervisor passwords, password protection Windows protection NT, ORACLE DBMS. Using the strengths of these tools can significantly strengthen the information protection system against unauthorized access.
External tools are designed to replace built-in tools in order to enhance protection, or supplement them with missing functions.
These include:
– trusted boot hardware;
– hardware and software systems for dividing user access rights;
– means of enhanced authentication of network connections.
Trusted boot hardware is a product, sometimes called an “electronic lock,” whose function is to securely identify the user as well as verify the integrity of the computer software. Typically this is a personal computer expansion card, with the necessary software recorded either in the card's Flash memory or on the computer's hard drive.
The principle of their operation is simple. During the boot process, the BIOS and anti-SD protection boards start. It requests the user ID and compares it with the one stored in the card's Flash memory. The ID can additionally be protected with a password. Then the built-in operating system of the board or computer starts (most often this is a variant of MS-DOS), after which the software integrity check program starts. As a rule, system areas of the boot disk, boot files, and files specified by the user for scanning are scanned. The check is carried out either on the basis of the simulated insertion of the GOST 28147-89 algorithm, or on the basis of the hashing function of the GOST R 34.11-34 algorithm or another algorithm. The test result is compared with that stored in the card's Flash memory. If, as a result of comparison when checking the identifier or system integrity, a difference with the standard is revealed, the board will block further work and display a corresponding message on the screen. If the checks give a positive result, then the board transfers control to the personal computer for further loading of the operating system.
All identification and integrity verification processes are recorded in a log. The advantages of devices of this class are their high reliability, simplicity and low price. If there is no multi-user work on the computer, the protection functions of this tool are usually sufficient.
Hardware and software complexes for dividing access rights are used when several users work on one computer, if the task arises of dividing their rights to access each other’s data. The solution to this problem is based on: 01 prohibiting users from running certain applications and processes; Q Allowing users and the applications they launch only a certain type of action with data.
The implementation of prohibitions and permissions is achieved in various ways. As a rule, when the operating system starts, the program to protect against unauthorized access starts. It is present in the computer's memory as a resident module and controls user actions to launch applications and access data. All user actions are recorded in a log that is accessible only to the security administrator. Means of this class are usually understood as means of protection against unauthorized access. They are hardware-software complexes consisting of a hardware part - a trusted computer boot board, which now additionally checks the integrity of the software of the anti-tampering system itself on the hard drive, and a software part - the administrator program, a resident module. These programs are located in a special directory and are accessible only to the administrator. These systems can also be used in a single-user system to restrict the user from installing and running programs that he does not need for his work.
Means of enhanced authentication of network connections are used when the operation of workstations as part of a network imposes requirements to protect the resources of the workstation from the threat of unauthorized entry into the workstation from the network and modification of either information or software, as well as the launch of an unauthorized process. Protection against tampering on the network side is achieved by means of enhanced authentication network connections. This technology is called virtual private network technology.
One of the main tasks of protection against unauthorized access is to ensure reliable user identification (Fig. 3.13) and the ability to verify the authenticity of any network user who can be uniquely identified by the fact that he:
- represents itself.
What does the user know? Your name and password. Password identification schemes are based on this knowledge. The disadvantage of these schemes is that he needs to remember complex passwords, which very often does not happen: either the password is chosen weak, or it is simply written down in a notebook, on a piece of paper, etc. In the case of using only password protection, appropriate measures are taken to ensure that management creates passwords, their storage, to monitor the expiration of their use and timely removal. Using cryptographic locking of passwords can largely solve this problem and make it difficult for an attacker to defeat the authentication mechanism.
What can the user have? Of course, a special key is a unique identifier, such as, for example, a touch memory tablet (I-button), e-token, smart card, or a cryptographic key on which its entry in the user database is encrypted. Such a system is the most stable, however, it requires the user to always have an identifier with him, which is most often attached to the key fob and is either often forgotten at home or lost. It would be correct if the administrator issues identifiers in the morning and writes about this in the journal and accepts them back for storage in the evening, again making an entry in the journal.
What is a user? These are the characteristics that are unique to this user, only to him, and provide biometric identification. An identifier can be a fingerprint, a pattern of the iris, a palm print, etc. Currently, this is the most promising direction in the development of identification tools. They are reliable and at the same time do not require the user to have additional knowledge or permanent ownership of anything. With the development of technology and the cost of these funds becomes available to every organization.
Guaranteed verification of the user's identity is the task of various identification and authentication mechanisms.
Each user (group of users) of the network is assigned a certain distinctive feature - an identifier and it is compared with the approved list. However, only the declared identifier on the network cannot provide protection against unauthorized connections without verifying the user's identity.
The process of verifying a user's identity is called authentication. It occurs with the help of a special distinctive feature presented by the user - an authenticator that is unique to him. The effectiveness of authentication is determined primarily by the distinctive characteristics of each user.
Specific identification and authentication mechanisms in the network can be implemented based on the following information security tools and procedures:
– passwords;
- technical means;
– biometric tools;
– cryptography with unique keys for each user.
The question of the applicability of a particular means is decided depending on the identified threats and the technical characteristics of the protected object. It cannot be stated unequivocally that the use of hardware that uses cryptography will give the system greater reliability than the use of software.
Analyzing the security of an information object and identifying threats to its security is an extremely complex procedure. An equally complex procedure is the selection of technologies and means of protection to eliminate identified threats. It is better to entrust the solution of these problems to specialists with extensive experience.
Unauthorized access (UA) is the deliberate unlawful acquisition of confidential information by a person who does not have the right to access protected information. The most common ND paths to information are:
- use of listening devices;
- remote photography;
- theft of storage media and documentary waste;
- reading residual information in system memory after executing authorized requests;
- illegal connection to equipment and communication lines of specially designed hardware that provides access to information;
- malicious disabling of protection mechanisms;
- copying storage media by overcoming security measures;
- disguise as a registered user;
- decryption of encrypted information;
- information infections, etc.
Some of the listed ND methods require quite a lot of technical knowledge and appropriate hardware or software development, others are quite primitive. Regardless of the route, an information leak can cause significant damage to the organization and users.
Most of the listed technical ways of ND are amenable to reliable locking with a properly designed and implemented security system. However, often the damage is caused not because of “malicious intent”, but because of simple user errors who accidentally damage or delete vital data.
Despite the significant difference in the amount of material damage caused, it should be noted that the problem of information protection is relevant not only for legal entities. Any user can encounter it, both at work and at home. In this regard, all users need to be aware of their responsibility and comply with the basic rules for processing, transferring and using information.
Defense mechanisms aimed at solving the problem of ND regarding information include:
- access control - methods of protecting information by regulating the use of all resources of the information system;
- registration and accounting - maintaining logs and statistics of access to protected resources;
- the use of various encryption mechanisms (cryptographic information closure) - these protection methods are widely used when processing and storing information on magnetic media, as well as its transmission over long-distance communication channels;
- legislative measures - determined by the legislative acts of the country, which regulate the rules for the use, processing and transmission of restricted access information and establish penalties for violating these rules;
- physical measures - include various engineering devices and structures that prevent physical
penetration of attackers into protected objects and protecting personnel, material resources, and information from illegal actions.
Access Control
Three general mechanisms for controlling access to data can be distinguished: user identification, direct (physical) data protection, and support for user access rights to data with the ability to transfer it.
User identification defines the scale of access to different databases or parts of databases (relationships or attributes). This is essentially an information table of ranks. Physical data protection is more of an organizational matter, although some issues may relate directly to the data, such as its coding. And finally, the means of supporting and transferring access rights must strictly define the nature of differentiated communication with data.
Protection method using software passwords. According to this method, implemented by software, the procedure for communicating between the user and the PC is structured in such a way that access to the operating system or certain files is prohibited until a password is entered. The password is kept confidential by the user and is changed periodically to prevent unauthorized use.
The password method is the simplest and cheapest, but does not provide reliable protection. It is no secret that a password can be spied or guessed using trial and error or special programs, and access to data can be gained. Moreover, the main vulnerability of the password method is that users often choose very simple and easy to remember (and thereby solve) passwords that do not change for a long time, and often remain the same even when the user changes. Despite these disadvantages, the use of the password method in many cases should be considered rational even if other hardware and software protection methods are available. Typically, the software password method is combined with other software methods that define restrictions on types and objects of access.
The problem of protecting information from unauthorized access has become especially acute with the widespread spread of local and, especially, global computer networks. In this regard, in addition to access control, a necessary element of information protection in computer networks is the delimitation of user powers.
In computer networks, when organizing access control and delineating user powers, built-in tools of network operating systems (OS) are most often used. The use of secure operating systems is one of the most important conditions for building modern information systems. For example, UNIX allows a file owner to grant read-only or write-only permissions to other users for each of their files. The most widespread operating system in our country is Windows NT, which provides more and more opportunities for building a network that is truly protected from unauthorized access to information. NetWare OS in addition to standard means access restrictions, such as a password system and delimitation of powers, has a number of new features that provide first-class data protection, and provides the ability to encrypt data according to the “ public key"(RSA algorithm) with the formation electronic signature for packets transmitted over the network.
At the same time, such a security system still has a weak point: the access level and the ability to log into the system are determined by a password. To eliminate the possibility of unauthorized entry into a computer network, a combined approach has recently been used - password + user identification using a personal “key”. A plastic card (magnetic or with a built-in microcircuit - smart-card) or various devices for personal identification using biometric information - iris or fingerprints, hand size, etc.
Plastic cards with a magnetic stripe can be easily counterfeited. A higher degree of reliability is provided by smart cards - the so-called microprocessor cards (MP-cards). Their reliability is primarily due to the impossibility of copying or counterfeiting using a homemade method. In addition, during the production of cards, a unique code is entered into each chip, which cannot be duplicated. When a card is issued to a user, one or more passwords are written on it, known only to its owner. For some types of MP cards, an attempt at unauthorized use ends with its automatic “closing”. To restore the functionality of such a card, it must be presented to the appropriate authority. In addition, MP card-receipt technology provides encryption of the data recorded on it in accordance with the DES standard. Installation of a special MP card reader is possible not only at the entrance to the premises where computers are located, but also directly at workstations and network servers.
This approach is much more secure than using passwords, because if the password is stolen, the user may not know about it, but if the card is missing, action can be taken immediately.
Smart access control cards allow you to implement, in particular, functions such as entry control, access to personal computer devices, access to programs, files and commands. In addition, it is also possible to carry out control functions, in particular, registration of attempts to violate access to resources, use of prohibited utilities, programs, DOS commands.
As enterprises expand their activities, staff numbers grow and new branches appear, there is a need for remote users (or groups of users) to access the computing and information resources of the company's main office. Most often, cable lines (regular telephone or leased) and radio channels are used to organize remote access. In this regard, protecting information transmitted via remote access channels requires a special approach.
In particular, remote access bridges and routers use packet segmentation - dividing them and transmitting them in parallel along two lines - which makes it impossible to “intercept” data when a “hacker” illegally connects to one of the lines. In addition, the compression procedure of transmitted packets used during data transmission guarantees the impossibility of decrypting the “intercepted” data. In addition, bridges and remote access routers can be programmed so that remote users will be limited in access to certain resources of the main terminal network.
The automatic callback method can provide greater security against unauthorized access to the system than simple software passwords. IN in this case the user does not need to remember passwords and ensure their secrecy. The idea behind a callback system is quite simple. Users remote from the central database cannot directly access it. First they gain access to special program, which is provided with the corresponding identification codes. After this, the connection is terminated and the identification codes are checked. If the code sent over the communication channel is correct, the user is called back while simultaneously recording the date, time and phone number. The disadvantage of the method under consideration is the low exchange speed - the average delay time can be tens of seconds.
Data encryption method
Translated from Greek, the word cryptography means secret writing. This is one of the most effective methods of protection. It can be especially useful for complicating unauthorized access procedures, even if conventional security measures have been bypassed. Unlike the methods discussed above, cryptography does not hide transmitted messages, but transforms them into a form that is inaccessible to understanding by persons who do not have access rights to them, ensuring the integrity and authenticity of information in the process of information interaction.
Information ready for transmission is encrypted using some encryption algorithm and an encryption key. As a result of these actions, it is converted into a ciphergram, i.e. a closed text or graphic image, and in this form is transmitted over the communication channel. The resulting encrypted output cannot be understood by anyone except the key owner.
A cipher is usually understood as a family of invertible transformations, each of which is determined by some parameter called a key, as well as the order of application of this transformation, called encryption mode. Typically the key is some alphabetic or numeric sequence.
Each transformation is uniquely determined by a key and described by some encryption algorithm. For example, an encryption algorithm may provide for replacing each letter of the alphabet with a number, and the key may be the order of the numbers of the letters of this alphabet. For encrypted data exchange to be successful, the sender and recipient need to know the correct key and keep it secret.
The same algorithm can be used for encryption in different modes. Each encryption mode has both its advantages and disadvantages. Therefore, the choice of mode depends on the specific situation. When decrypting, a cryptographic algorithm is used, which general case may differ from the algorithm used for encryption, therefore, the corresponding keys may also differ. A pair of encryption and decryption algorithms is called a cryptosystem (cipher system), and the devices that implement them are called cipher technology.
There are symmetric and asymmetric cryptosystems. Symmetric cryptosystems use the same encryption and decryption private key. In asymmetric cryptosystems, the keys for encryption and decryption are different, with one of them being private and the other being open (public).
There are quite a few different algorithms for cryptographic information protection, for example DES, RSA, GOST 28147-89, etc. The choice of encryption method depends on the characteristics of the transmitted information, its volume and the required transmission speed, as well as the capabilities of the owners (the cost of the used technical devices, operational reliability, etc.).
Data encryption has traditionally been used by government and defense departments, but as needs change, some of the most established companies are beginning to embrace the power that encryption provides to ensure information privacy. Corporate financial services (primarily in the US) represent an important and large user base, and often have specific requirements for the algorithm used in the encryption process.
roving. The DES (Data Encryption Standard) data encryption standard was developed by IBM in the early 1970s. and is currently the government standard for encrypting digital information. It is recommended by the American Bankers Association. The complex DES algorithm uses a 56-bit key and 8 parity bits and requires an attacker to try 72 quadrillion possible key combinations, providing high security at low cost. When keys are changed frequently, the algorithm satisfactorily solves the problem of making confidential information inaccessible. At the same time, the commercial system market does not always require such strict security as government or defense agencies, so other types of products, such as PGP (Pretty Good Privacy), can be used. Data encryption can be carried out in On-line (at the rate of information receipt) and Off-line (autonomous) modes.
The RSA algorithm was invented by R.L. Rivest, A. Shamir and L. Aldeman in 1978 and represents a significant step in cryptography. This algorithm has also been adopted as a standard by the National Bureau of Standards.
DES is technically a symmetric algorithm, while RSA is an asymmetric algorithm - it is a shared system in which each user has two keys, with only one secret. The public key is used to encrypt a message by the user, but only the specified recipient can decrypt it with their private key; the public key is useless for this. This makes secret key transfer agreements between correspondents unnecessary. DES specifies the length of the data and key in bits, while RSA can be implemented with any key length. The longer the key, the higher the level of security (but the encryption and decryption process also takes longer). If DES keys can be generated in microseconds, then the approximate time for generating an RSA key is tens of seconds. That's why developers prefer RSA public keys software, and DES secret keys are provided by the hardware developers.
When exchanging electronic documentation, a situation may arise where one of the parties refuses its obligations (refusal of authorship), as well as falsification of messages received from the sender (attribution of authorship). The main mechanism for solving this problem is the creation of an analogue of a handwritten signature - an electronic digital signature (DS). There are two main requirements for the CPU: high complexity of falsification and ease of verification.
Both symmetric and asymmetric cipher systems can be used to create CPUs. In the first case, the message itself encrypted with a secret key can serve as a signature. But after each check, the secret key becomes known. To get out of this situation, it is necessary to introduce a third party - an intermediary, who is trusted by any parties, who re-encrypts messages from the key of one of the subscribers to the key of another.
Asymmetric cipher systems have all the properties required by a CPU. There are two possible approaches to constructing a CPU.
- 1. Converting the message into a form from which you can reconstruct the message itself and, thereby, verify the correctness of the signature itself.
- 2. The signature is calculated and transmitted along with the original message.
Thus, for different ciphers, the task of decryption - decrypting a message if the key is unknown - has different complexity. The level of complexity of this task determines the main property of the cipher - the ability to resist the enemy’s attempts to seize the protected information. In this regard, they talk about the cryptographic strength of a cipher, distinguishing between more strong and less strong ciphers. The characteristics of the most popular encryption methods are given in Table. 10.1.
Table 10.1. Characteristics of the most common encryption methods
Access to information - familiarization with information, its processing, in particular, copying, modification or destruction of information. Unauthorized access to information (UAI) - access to information that violates the rules of access control using standard means provided by computer technology or automated systems.
In protecting PC information from unauthorized access, three main directions can be distinguished: the first focuses on preventing the intruder from accessing the computing environment and is based on special technical means of user identification; the second is related to the protection of the computing environment and various software methods are used to protect information; the third direction is related to the use of special means of protecting PC information from unauthorized access.
Biometric systems include identification systems: (page of the textbook by N.D. Ugrinovich, grade 11): by fingerprints; by fingerprints; according to speech characteristics; according to speech characteristics; along the iris of the eye; along the iris of the eye; by facial image; by facial image; according to the geometry of the palm of the hand. according to the geometry of the palm of the hand.
Standard software protection tools: a) means of protecting computing resources using password identification; b) the use of various methods of information encryption; c) means of protection against copying of commercial software products; d) protection against computer viruses.
A) passwords can be set: in BIOS program(the computer does not start loading the OS if correct password(p. 44, Fig. 1.15), but problems will arise if the user forgets the password); in the BIOS program (the computer does not start loading the OS if the correct password is not entered (p. 44, Fig. 1.15), but problems will arise if the user forgets the password); when loading the operating system (each user must enter their password when loading the OS (p. 44, Fig. 1.16)); when loading the operating system (each user must enter their password when loading the OS (p. 44, Fig. 1.16)); a password can be set for each disk, folder or file (certain access rights can be set for them, and the rights can be different for different users - command “ General access and security" in the context menu)) a password can be set for each disk, folder or file (certain access rights can be set for them, and the rights can be different for different users - the "Sharing and security" command in the context menu))
B) the use of various encryption methods The most reliable protection against unauthorized access to transmitted information through local networks and to PC software products is the use of various encryption methods (cryptographic methods of information protection). This method protection is implemented in the form of programs or software packages that expand the capabilities of the standard operating system.
The four main groups of character encryption are: substitution - characters of the encrypted text are replaced by characters of the same or another alphabet in accordance with a predetermined rule; substitution - characters of the encrypted text are replaced by characters of the same or another alphabet in accordance with a predetermined rule; permutation - the characters of the encrypted text are rearranged according to a certain rule within a given block of transmitted text; permutation - the characters of the encrypted text are rearranged according to a certain rule within a given block of transmitted text; analytical transformation - the encrypted text is transformed according to some analytical rule; analytical transformation - the encrypted text is transformed according to some analytical rule; combined transformation - the source text is encrypted using two or more encryption methods. combined transformation - the source text is encrypted using two or more encryption methods.
C) means of protection against copying of commercial software products; installation of a conditional mark or characteristic that was inherent in this medium, not to be reproduced by any means of copying; installation of a conventional mark or characteristic that was inherent in this medium, not to be reproduced by any means of copying; the disk has a number of unique characteristics inherent only to one disk, and these characteristics are lost when copied to another disk (that is, when the disk can be easily copied and its contents distributed, but the start will only take place if the original disk is available); the disk has a number of unique characteristics inherent only to one disk, and these characteristics are lost when copied to another disk (that is, when the disk can be easily copied and its contents distributed, but the start will only take place if the original disk is available); a unique code (key) for installing licensed software. a unique code (key) for installing licensed software.
Electronic keys(HASP or Sentinel) connect to almost all computer ports: from LPT to USB, as well as ISA and PCI slots, if the need arises. The basis of HASP keys is a specialized custom-made microcircuit that has a unique operating algorithm for each key.
Civil Code of the Russian Federation Article 150: classifies confidential information as intangible benefits; Article 11 Part 1: provides for judicial protection of civil rights. The protection of violated or disputed civil rights, according to this article, is carried out in accordance with the jurisdiction of cases established by procedural legislation, by a court, arbitration court or arbitration tribunal; Article 12: methods for protecting civil rights are defined, most of which can be used in connection with the protection of confidential information.
Criminal Code of the Russian Federation Art. 137: provides for liability for offenses related to violation of the right to protection of confidential information. It defines liability (punishable by a fine or correctional labor) for violating the secrecy of correspondence, telephone conversations, postal, telegraph or other messages; Article 138: provides that the same act, committed by a person using his official position or special technical means intended for secretly obtaining information, is punishable by a fine or deprivation of the right to hold certain positions or engage in certain activities.
The AP Code article provides for liability for violation of information protection rules. Thus, violation of the conditions stipulated by the license to carry out activities in the field of information protection (with the exception of information constituting a state secret) entails the imposition of an administrative fine; The article establishes that the disclosure of information, access to which is limited by federal law, by a person who has gained access to such information in connection with the performance of official or professional duties, entails the imposition of an administrative fine.
When considering issues related to obtaining information stored and processed in computer systems, the main methods of unauthorized access were assumed to be the following:
Overcoming software security measures;
Unauthorized copying of information;
Interception of information in communication channels;
Using software bookmarks;
Using hardware bookmarks;
Interception of side electromagnetic radiation and tips (PEMIN).
When considering protection methods, we will not separate them according to the methods listed above, since in many cases the same methods turn out to be an effective means of preventing various types of unauthorized access.
The main methods of protection are the following:
Authentication of users at the stage of registering their credentials;
Physical protection of computer systems;
Identification of software and hardware bookmarks;
Encoding information.
These (and other) methods in various combinations are implemented in software and hardware-software protection systems computer information from unauthorized access. Some of these systems will be described below.
Naturally, to protect computer information, the entire range of organizational and technical measures must be applied, including physical security of the territory, the introduction of access control, the implementation of linear and spatial noise, identification of embedded devices, etc. But they are typical for any information systems, so here they are separately will not be considered.
Authentication of users at the stage of registering their credentials. Limiting user access to computing resources involves the use of concepts such as identification and authentication.
Identification is the assignment of an individual image, name or number to a subject (person) or object (computer, disk, etc.) by which it will be identified in the system.
Authentication - checking the authenticity of an object or subject based on its identification characteristics.
Authentication may be performed by a person, a hardware device, or a computer system program. IN automated devices authentication identifiers are usually used:
individual physiological signs: fingerprint (Fig. 185), contour of the palm (Fig. 189), retinal image, etc.
Rice. 185. Appearance fingerprint authentication devices
Rice. 186. External view of the palm password authentication device;
special identifier devices (Toys Metogu), made in the form of key fobs - “tablets”, plastic magnetic cards, etc., identified using special information reading devices (see Fig. 187).
Rice. 187. Reader installed on a computer
Each of these features has its own advantages and disadvantages. For example, passwords are often trivial and easy to guess, and users usually write them down in notepads; individual physiological signs of a person may change (for example, a cut on a finger); The identifier device may be lost or stolen by the user. Therefore, currently in authentication systems they are trying to integrate different types identification features: password - handprint, password - magnetic card, etc.
As a result of authentication, the user's authority is determined for access to computer system resources (files, databases, memory segments) and for the types of operations performed (read, write, execute, etc.).
Authentication is a fundamentally necessary process inherent in all information security systems; its role especially increases with remote access to the network.
Physical protection of computer systems involves the use of devices that would prevent access to information without violating the physical integrity of the personal computer.
In a number of cases, it is fundamental to use measures that exclude secret (including regular) access to a computer for the purpose of copying or modifying information. Physical protection means are ideally suited to solve this problem.
1. Sealing the system unit and other elements of the computer system with special seals or the seal of the head of the security service.
Sealing the system unit helps prevent uncontrolled unauthorized access to information on the hard drive (bypassing installed system protection) by removing the disk and connecting it to another computer. In addition, this procedure allows you to eliminate the risk of hardware bookmarks in your computer, of course, if you took care to check for their absence before sealing your computer. After checking, do not be lazy to seal all other components, including patch cables, since modern technologies allow you to set bookmarks in them as well.
2. Installation of special inserts in the “pocket” of the flexible drive, equipped with a lock with a key.
This measure can be used as a means of protection against secret copying of information, against computer infection by viruses and software bookmarks.
3. The use of special locks that block the computer keyboard. This effective remedy protecting information from possible intentional modification, as well as from infection computer viruses and installing software bookmarks.
4. Organization of storage of magnetic and optical storage media in safes or in special lockable diskettes. Allows you to exclude the secret copying of information from these media, its modification, infection with computer viruses, and the introduction of software bookmarks.
Identification of software and hardware bookmarks. Eliminating software bookmarks in personal computer a task close in its essence to the task of fighting computer viruses. The fact is that currently there is no clear classification of programs with potentially dangerous impacts. So, for example, programs like “ Trojan horse", logic bombs, viruses and some others.
By “Trojan horse” we mean programs designed to solve some secret problems, but disguised as “noble” software products. A classic example of “Trojans” are programs identified in some programs for supporting financial transactions of local banking networks. These programs performed the operation of crediting amounts equivalent to “half a penny” to the account of its owners. Such amounts arising from bank transfer transactions must be rounded up, so their disappearance went unnoticed. The theft was discovered only thanks to rapid growth personal accounts of employees responsible for the software. The unprecedented growth was due to a huge number of conversion operations. Trojan horse programs also include the software bookmarks discussed above.
As a rule, logic bombs are programs that carry out their destructive actions when certain conditions are met, for example, if the thirteenth day of the month falls on Friday, April 26 comes, etc.
Viruses, as noted above, are programs capable of “reproducing” and performing negative actions.
The conditionality of such a classification can be said on the basis that the example with a bookmark program in the financial system of a bank can also be classified as a logic bomb, since the event of crediting “half a penny” to a personal account occurred as a result of the fulfillment of a condition - a fractional balance as a result transactions involving a sum of money. The “Friday the Thirteenth” logic bomb is nothing more than a virus, since it has the ability to infect other programs. And in general, bookmark programs can be embedded in a computer not only as a result of their direct inclusion in the text of specific software products, but also, like a virus, by indicating a specific address for future placement and entry points.
From the above it follows that in order to protect your computer from software bookmarks, you must comply with all the requirements set out when considering issues of combating computer viruses. In addition, it is necessary to prevent uncontrolled access to your computing resources by unauthorized persons, which can be ensured, among other things, through the use of the physical protection means already discussed.
As for the issues of combating software bookmarks - password interceptors, the following measures should be noted.
1. Requirements for protection against registration system simulators:
System process, which receives the user’s name and password upon registration, must have its own desktop, inaccessible to other software products;
Entering user identification (for example, a password) must be done using key combinations that are not available to others application programs;
The time for authentication should be limited (approximately 30 s), which will make it possible to identify simulator programs based on the fact that the registration window remains on the monitor screen for a long time.
2. Conditions that provide protection from filter-type password interception programs:
Prevent switching keyboard layouts while entering a password;
Provide access to the configuration options for chains of program modules and to the modules themselves involved in working with the user password only to the system administrator.
3. Protection against penetration of substituents of the authentication system software modules does not provide for any specific recommendations, but can only be implemented on the basis of a permanent, well-thought-out policy of the head of the security service and system administrator; Some consolation here can be the low probability of your competitors using substitute programs due to the complexity of their practical implementation.
The operating system most fully meets all the stated requirements for protection against software bookmarks - password interceptors. Windows system NT and partly UNIX.
Only organizations licensed by the Federal Agency for Government Communications and Information for this type of activity can professionally identify hardware bookmarks. These organizations have appropriate equipment, techniques and trained personnel. It is only possible to reveal primitive hardware to the female using a handicraft method. If you are experiencing certain financial difficulties and cannot afford to conclude an appropriate agreement, then at least take measures to physically protect your computer.
Encoding information provides the most high level protection against unauthorized access. The simplest type of encoding can be considered the usual compression of data using archiving programs, but since it can only be protected from an unqualified user, then archiving can be considered as independent method there should be no protection. However, such encoding makes it possible to increase the cryptographic strength of other methods when used together.
Without touching on the main coding methods, we will consider only examples of hardware and software information security systems in which coding is one of the equal elements along with other security methods.
Hardware and software complex "Accord". It consists of a single-board controller that plugs into an available computer slot, a contact authentication device, software and DS199x Touch Memory personal identifiers in a tablet form. The contact device (information extractor) is installed on the front panel of the computer, and authentication is carried out by touching the “pill” (identifier) to the extractor. The authentication process occurs before the operating system boots. Co-
Data storage is provided as additional function and is carried out using additional software.
Software and hardware complex “Dallas LockZ.1”. Provides ample opportunities to protect information, including: ensures user registration before loading the operating system and only upon presentation of a personal electronic Touch Memory card and entering a password; implements automatic and forced blocking of the computer with blanking of the monitor screen during the absence of the registered user; carries out guaranteed erasure of files when they are deleted; performs noise-resistant encoding of files.
Software system information protection "Cobra". Authenticates users using a password and differentiates their powers. Allows you to work in transparent encryption mode. Provides a high degree of information protection in personal computers.
Software protection system "Snow-1.0". Designed to control and restrict access to information stored on a personal computer, as well as protect the information resources of a local computer network workstation. "Snow-1.0" includes a certified information coding system "Rime", built using the standard GOST 28147-89 cryptographic data conversion algorithm.
An example of a system that only encodes information is the Krypton-ZM device.
We remind you that this subsection discussed protection methods that are unique to computer networks. However, complete protection of information in computing facilities is impossible without the comprehensive application of all the above-described organizational and technical measures.
If your company's work involves performing government order, then most likely you will not be able to do without obtaining a license to work with state secrets, and therefore checking the equipment for possible embedded “bookmarks” and for the presence and danger of technical channels for information leakage. However, if there is no such need, then in some cases you can do it yourself, since the cost of such work is still quite high.
Recently, with the development information technologies Cases of computer crimes have become more frequent.
Computer crimes are crimes committed using computer information. In this case, computer information is the subject and/or means of committing a crime.
Criminal are the following types of actions:
1. Unlawful access to legally protected computer information.
2. Creation, use and distribution of malicious computer programs or computer media with such programs.
3. Violation of the rules for operating computers, computer systems or their networks.
Legal protection of programs and databases
Protection of intellectual rights, as well as property rights, extends to all types of computer programs that can be expressed in any language and in any form, including source text in a programming language and machine code. However, legal protection does not extend to the ideas and principles underlying the program, including the ideas and principles of the interface and algorithm. Legal protection of computer programs and databases was introduced in full for the first time in Russian Federation The Law “On the Legal Protection of Programs for Electronic Computers and Databases,” which came into force in 1992.
Protection against unauthorized access to information
Passwords are used to protect against unauthorized access to data stored on a computer. The computer allows access to its resources only to those users who are registered and have entered the correct password. Each specific user may be allowed access only to certain information resources. In this case, all unauthorized access attempts can be recorded.
What happens when there is unauthorized access to information.
Reasons for unauthorized access to information
1. configuration errors of access rights (firewalls, restrictions on the number of queries to databases),
3. errors in software,
4.abuse of official powers (theft backup copies, copying information to external media with the right to access information),
5. listening to communication channels when using unsecured connections within a LAN,
6. use keyloggers, viruses and Trojans on employee computers.
Consequences of unauthorized access to information
1. leakage of personal data (company employees and partner organizations),
2. leak of trade secrets and know-how,
3. leak of official correspondence,
4. leak of state secrets,
5. complete or partial disruption of the company’s security system.
Software and hardware methods and means of ensuring information security
The literature offers the following classification of information security tools.
1. Means of protection against unauthorized access (NSD):
3. Mandatory access control;
4. Selective access control;
5.Password-based access control;
6. Journaling (also called Auditing).
7.Analysis and modeling systems information flows(CASE systems).
8.Network monitoring systems:
9.Intrusion detection and prevention systems (IDS/IPS).
10.Systems for preventing leaks of confidential information (DLP systems).
11.Protocol analyzers.
12.Antivirus agents.
13.Firewalls.
14. Cryptographic means: Encryption; Digital signature.
15.Systems Reserve copy.
16.Systems uninterruptible power supply: Uninterruptible power supplies;
17. Load backup;
18. Voltage generators.
19. Authentication systems: Password;
20.Access key (physical or electronic);
21. Certificate - an electronic or printed document issued by a certification center confirming the ownership of the owner of a public key or any attributes;
22.Biometrics - a system for recognizing people by one or more characteristic physical and behavioral traits.
23.Means to prevent break-ins and equipment theft.
24.Means for controlling access to premises.
25. Tools for analyzing security systems: Monitoring software.
Maximum information protection can only be achieved using a combination of several methods.