Hardware protection of information systems. Information protection. Basic functionality of the secure information system model

Submitting your good work to the knowledge base is easy. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Introduction

1. Information security measures

2. Hardware information security

2.1 Objectives of information security hardware

2.2 Types of information security hardware

3. Information security software

3.1 Information archiving tools

3.2 Antivirus programs

3.3 Cryptographic means

3.4 User identification and authentication

3.5 Protection of information in the CS from unauthorized access

3.6 Other information security software

Conclusion

List of sources used

Vveating

As the means, methods and forms of automation of information processing processes develop and become more complex, the vulnerability of information security increases.

The main factors contributing to this vulnerability are:

· A sharp increase in the volume of information accumulated, stored and processed using computers and other automation tools;

· Concentration of information for various purposes and various accessories in unified databases;

· A sharp expansion of the circle of users who have direct access to the resources of the computer system and the data located in it;

· Increasing complexity of operating modes of technical means of computer systems: widespread introduction of multi-program mode, as well as time-sharing and real-time modes;

· Automation of machine-to-machine information exchange, including over long distances.

Under these conditions, two types of vulnerability arise: on the one hand, the possibility of destruction or distortion of information (i.e., violation of its physical integrity), and on the other, the possibility of unauthorized use of information (i.e., the danger of leakage of restricted information).

The main potential channels for information leakage are:

· Direct theft of media and documents;

· Memorizing or copying information;

· Unauthorized connection to equipment and communication lines or illegal use of “legitimate” (i.e. registered) system equipment (most often user terminals).

1. Information security tools

Information security means are a set of engineering, electrical, electronic, optical and other devices and devices, instruments and technical systems, as well as other material elements used to solve various problems of information protection, including preventing leaks and ensuring the security of the protected information.

In general, the means of ensuring information security in terms of preventing intentional actions, depending on the method of implementation, can be divided into groups:

· Hardware(technical) means. These are devices of various types (mechanical, electromechanical, electronic, etc.), which use hardware to solve information security problems. They either prevent physical penetration, or, if penetration does occur, access to information, including through its masking. The first part of the problem is solved by locks, bars on windows, watchmen, security alarms, etc. The second part is solved by noise generators, network filters, scanning radios and many other devices that “block” potential channels of information leakage or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses: insufficient flexibility, relatively large volume and weight, high cost.

· Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the security system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, ability to be modified and developed. Disadvantages - limited functionality of the network, use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware).

· Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties.

· Organizational means consist of organizational and technical (preparing premises with computers, laying a cable system, taking into account the requirements for limiting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Disadvantages: high dependence on subjective factors, including the general organization of work in a particular department.

Software tools are distinguished according to the degree of distribution and availability; other tools are used in cases where it is necessary to provide an additional level of information protection.

2. Hardware information security

Hardware protection includes various electronic, electronic-mechanical, and electro-optical devices. To date, a significant number of hardware devices for various purposes have been developed, but the most widespread are the following:

· special registers for storing security details: passwords, identification codes, stamps or security levels;

· devices for measuring individual characteristics of a person (voice, fingerprints) for the purpose of his identification;

· circuits for interrupting the transmission of information in the communication line for the purpose of periodically checking the data output address.

· devices for encrypting information (cryptographic methods).

To protect the perimeter of the information system, the following are created:

· security and fire alarm systems;

· digital video surveillance systems;

· access control and management systems.

Protection of information from leakage through technical communication channels is ensured by the following means and measures:

· using shielded cables and laying wires and cables in shielded structures;

· installation of high-frequency filters on communication lines;

· construction of shielded rooms (“capsules”);

· use of shielded equipment;

· installation of active noise systems;

· creation of controlled zones.

2.1 Taskshardwareinformation protectionrations

The use of hardware information security allows you to solve the following problems:

· Conducting special studies of technical means for the presence of possible channels of information leakage;

· identification of information leakage channels at different objects and premises;

· localization of information leakage channels;

· search and detection of industrial espionage means;

· countering unauthorized access (unauthorized access) to sources of confidential information and other actions.

According to their purpose, hardware is classified into detection means, search and detailed measurement means, active and passive countermeasures. At the same time, according to the capabilities of information security tools, there can be general values designed for use by non-professionals in order to obtain general assessments, and professional complexes that allow for a thorough search, detection and measurement of all the characteristics of industrial espionage tools.

Search equipment can be divided into equipment for searching for means of retrieving information and investigating channels for its leakage.

The first type of equipment is aimed at searching for and localizing illegal access control tools already introduced by attackers. The second type of equipment is intended to detect information leakage channels. The decisive factors for this type of system are the efficiency of the research and the reliability of the results obtained.

Professional search equipment is usually very expensive and requires highly qualified specialists working with it. In this regard, organizations that constantly conduct relevant surveys can afford it. So if you need to conduct a full examination, there is a direct route to them.

Of course, this does not mean that you should stop using search tools yourself. But the available search tools are quite simple and make it possible to carry out preventive measures in the interval between serious search examinations.

2.2 Types of information security hardware

Dedicated storage network SAN(Storage Area Network) provides guaranteed data bandwidth, eliminates the occurrence of a single point of system failure, and allows for virtually unlimited scaling from both servers and information resources. To implement storage networks, along with the popular Fiber Channel technology, iSCSI devices have recently been increasingly used.

Disk storage are distinguished by the highest speed of data access due to the distribution of read/write requests among several disk drives. The use of redundant components and algorithms in RAID arrays prevents the system from stopping due to the failure of any element - this increases availability. Availability, one of the indicators of information quality, determines the proportion of time during which information is ready for use, and is expressed as a percentage: for example, 99.999% (“five nines”) means that downtime of the information system for any reason is allowed during the year. more than 5 minutes. A successful combination of high capacity, high speed and reasonable cost are currently solutions using storage devices Serial ATA And SATA 2.

Tape drives(streamers, autoloaders and libraries) are still considered the most cost-effective and popular backup solution. They were originally created for data storage, provide virtually unlimited capacity (due to the addition of cartridges), provide high reliability, have a low storage cost, allow you to organize rotation of any complexity and depth, data archiving, and evacuation of media to a protected location outside the main office. Since its inception, magnetic tapes have gone through five generations of development, have proven their advantage in practice and are rightfully a fundamental element of backup practice.

In addition to the technologies discussed, we should also mention the provision of physical data protection (delimitation and control of access to premises, video surveillance, security and fire alarms), and the organization of uninterrupted power supply to equipment.

Let's look at hardware examples.

1) eToken- Electronic key eToken - a personal means of authorization, authentication and secure data storage, which hardware supports working with digital certificates and electronic digital signatures (EDS). eToken is available in the form factors of a USB key, smart card or key fob. The eToken NG-OTP model has a built-in one-time password generator. The eToken NG-FLASH model has a built-in flash memory module with a capacity of up to 4 GB. The eToken PASS model contains only a one-time password generator. The eToken PRO (Java) model implements in hardware the generation of digital signature keys and the formation of digital signatures. Additionally, eTokens can have built-in contactless radio tags (RFID tags), which allows the eToken to also be used for access to premises.

eToken models should be used to authenticate users and store key information in automated systems that process confidential information up to security class 1G inclusive. They are recommended carriers of key information for certified CIPF (CryptoPro CSP, Crypto-COM, Domain-K, Verba-OW, etc.)

2) Combo USB key eToken NG-FLASH - one of the solutions in the field of information security from Aladdin. It combines the functionality of a smart card with the ability to store large amounts of user data in a built-in module. It combines the functionality of a smart card with the ability to store large user data in a built-in flash memory module. eToken NG-FLASH also provides the ability to boot a computer's operating system and launch user applications from flash memory.

Possible modifications:

By volume of the built-in flash memory module: 512 MB; 1, 2 and 4 GB;

Certified version (FSTEC of Russia);

By the presence of a built-in radio tag;

By body color.

3. Information security software

Software tools are objective forms of representing a set of data and commands intended for the operation of computers and computer devices in order to obtain a certain result, as well as materials prepared and recorded on a physical medium obtained during their development, and the audiovisual displays generated by them

Data protection tools that operate as part of software are called software. Among them, the following can be highlighted and considered in more detail:

· data archiving tools;

· antivirus programs;

· cryptographic means;

· means of identification and authentication of users;

· access control tools;

· logging and auditing.

Examples of combinations of the above measures include:

· database protection;

· protection of operating systems;

· protection of information when working in computer networks.

3 .1 Information archiving tools

Sometimes backup copies of information have to be performed when there are generally limited resources for storing data, for example, owners of personal computers. In these cases, software archiving is used. Archiving is the merging of several files and even directories into a single file - an archive, while simultaneously reducing the total volume of source files by eliminating redundancy, but without loss of information, i.e. with the ability to accurately restore source files. Most archiving tools are based on the use of compression algorithms proposed in the 80s. Abraham Lempel and Jacob Ziv. The most well-known and popular archive formats are:

· ZIP, ARJ for DOS and Windows operating systems;

· TAR for the Unix operating system;

· cross-platform JAR format (Java ARchive);

· RAR (the popularity of this format is growing all the time, as programs have been developed that allow it to be used in the DOS, Windows and Unix operating systems).

The user should only choose for himself a suitable program that ensures work with the selected format by assessing its characteristics - speed, compression ratio, compatibility with a large number of formats, user-friendliness of the interface, choice of operating system, etc. The list of such programs is very large - PKZIP, PKUNZIP, ARJ, RAR, WinZip, WinArj, ZipMagic, WinRar and many others. Most of these programs do not need to be purchased specifically, since they are offered as shareware or freeware. It is also very important to establish a regular schedule for performing such data archiving work or to perform it after a major data update.

3 .2 Antivirus programs

E These are programs designed to protect information from viruses. Inexperienced users usually believe that a computer virus is a specially written small program that can “attribute” itself to other programs (i.e., “infect” them), as well as perform various unwanted actions on the computer. Specialists in computer virology determine that a mandatory (necessary) property of a computer virus is the ability to create its own duplicates (not necessarily identical to the original) and introduce them into computer networks and/or files, system areas of the computer and other executable objects. At the same time, duplicates retain the ability to further spread. It should be noted that this condition is not sufficient, i.e. final. That is why there is still no exact definition of the virus, and it is unlikely to appear in the foreseeable future. Consequently, there is no precisely defined law by which “good” files can be distinguished from “viruses”. Moreover, sometimes even for a specific file it is quite difficult to determine whether it is a virus or not.

Computer viruses pose a particular problem. This is a separate class of programs aimed at disrupting the system and damaging data. Among viruses, there are a number of varieties. Some of them are constantly in the computer's memory, some produce destructive actions with one-time “blows”.

There is also a whole class of programs that look quite decent on the outside, but actually spoil the system. Such programs are called "Trojan horses". One of the main properties of computer viruses is the ability to “reproduce” - i.e. self-distribution within a computer and computer network.

Since various office application software have been able to work with programs specially written for them (for example, for Microsoft Office you can write applications in Visual Basic), a new type of malware has appeared - MacroViruses. Viruses of this type are distributed along with ordinary document files, and are contained within them as ordinary routines.

Taking into account the powerful development of communication tools and the sharply increased volumes of data exchange, the problem of virus protection becomes very urgent. Practically, with every document received, for example, by e-mail, a macro virus can be received, and every running program can (theoretically) infect the computer and make the system inoperable.

Therefore, among security systems, the most important area is the fight against viruses. There are a number of tools specifically designed to solve this problem. Some of them run in scanning mode and scan the contents of the computer's hard drives and RAM for viruses. Some must be constantly running and located in the computer's memory. At the same time, they try to monitor all ongoing tasks.

In the Kazakh software market, the AVP package developed by the Kaspersky Anti-Virus Systems Laboratory has gained the greatest popularity. This is a universal product that has versions for a wide variety of operating systems. There are also the following types: Acronis AntiVirus, AhnLab Internet Security, AOL Virus Protection, ArcaVir, Ashampoo AntiMalware, Avast!, Avira AntiVir, A-square anti-malware, BitDefender, CA Antivirus, Clam Antivirus, Command Anti-Malware, Comodo Antivirus, Dr.Web, eScan Antivirus, F-Secure Anti-Virus, G-DATA Antivirus, Graugon Antivirus, IKARUS virus.utilities, Kaspersky Anti-Virus, McAfee VirusScan, Microsoft Security Essentials, Moon Secure AV, Multicore antivirus, NOD32, Norman Virus Control, Norton AntiVirus, Outpost Antivirus, Panda, etc.

Methods for detecting and removing computer viruses.

Methods to counteract computer viruses can be divided into several groups:

· prevention of viral infection and reduction of expected damage from such infection;

· methods of using anti-virus programs, including neutralization and removal of known viruses;

Methods for detecting and removing an unknown virus:

· Prevention of computer infection;

· Restoration of affected objects;

· Antivirus programs.

Preventing computer infection.

One of the main methods of combating viruses is, as in medicine, timely prevention. Computer prevention involves following a small number of rules, which can significantly reduce the likelihood of getting a virus and losing any data.

In order to determine the basic rules of computer hygiene, it is necessary to find out the main ways a virus penetrates a computer and computer networks.

The main source of viruses today is the global Internet. The largest number of virus infections occurs when exchanging letters in Word formats. The user of an editor infected with a macro virus, without knowing it, sends infected letters to recipients, who in turn send new infected letters, etc. Conclusions - you should avoid contact with suspicious sources of information and use only legitimate (licensed) software products.

Restoring affected objects

In most cases of virus infection, the procedure for restoring infected files and disks comes down to running a suitable antivirus that can neutralize the system. If the virus is unknown to any antivirus, then it is enough to send the infected file to antivirus manufacturers and after some time (usually several days or weeks) receive a cure - “update” against the virus. If time does not wait, then you will have to neutralize the virus yourself. For most users, it is necessary to have backups of their information.

The main breeding ground for the mass spread of a virus in a computer is:

· weak security of the operating system (OS);

· availability of varied and fairly complete documentation on the OS and hardware used by virus authors;

· widespread distribution of this OS and this hardware.

3 .3 Cryptographic means

cryptographic archiving antivirus computer

Mechanisms for encrypting data to ensure information security of society is cryptographic protection of information through cryptographic encryption.

Cryptographic methods of information protection are used for processing, storing and transmitting information on media and over communication networks. Cryptographic protection of information when transmitting data over long distances is the only reliable method of encryption.

Cryptography is a science that studies and describes the information security model of data. Cryptography provides solutions to many network information security problems: authentication, confidentiality, integrity and control of interacting participants.

The term “Encryption” means converting data into a form that is unreadable for humans and software systems without an encryption-decryption key. Cryptographic methods of information security provide means of information security, so it is part of the concept of information security.

Cryptographic information protection (confidentiality)

The goals of information protection ultimately come down to ensuring the confidentiality of information and protecting information in computer systems during the transfer of information over the network between system users.

Privacy protection, based on cryptographic information security, encrypts data using a family of reversible transformations, each of which is described by a parameter called a “key” and an order that determines the order in which each transformation is applied.

The most important component of the cryptographic method of information protection is the key, which is responsible for selecting the transformation and the order of its execution. A key is a certain sequence of symbols that configures the encryption and decryption algorithm of a cryptographic information protection system. Each such transformation is uniquely determined by a key that defines a cryptographic algorithm that ensures information protection and information security of the information system.

The same cryptographic information protection algorithm can operate in different modes, each of which has certain advantages and disadvantages that affect the reliability of information security.

Fundamentals of Information Security Cryptography (Data Integrity)

Information protection in local networks and information protection technologies, along with confidentiality, must also ensure the integrity of information storage. That is, information protection in local networks must transmit data in such a way that the data remains unchanged during transmission and storage.

In order for information security to ensure the integrity of data storage and transmission, it is necessary to develop tools that detect any distortions in the source data, for which redundancy is added to the source information.

Information security with cryptography addresses the issue of integrity by adding some kind of checksum or verification combination to calculate the integrity of the data. Thus, again the information security model is cryptographic - key dependent. According to information security assessments based on cryptography, the dependence of the ability to read data on the secret key is the most reliable tool and is even used in state information security systems.

As a rule, an audit of the information security of an enterprise, for example, the information security of banks, pays special attention to the probability of successfully imposing distorted information, and cryptographic information protection allows us to reduce this probability to a negligibly small level. Such an information security service calls this probability a measure of the limit strength of the cipher, or the ability of encrypted data to withstand an attack by a cracker.

3 .4 User Identification and Authentication

Before gaining access to the resources of a computer system, the user must go through a process of presentation to the computer system, which includes two stages:

* identification - the user tells the system, upon its request, his name (identifier);

* authentication - the user confirms identification by entering into the system unique information about himself that is not known to other users (for example, a password).

To carry out user identification and authentication procedures, the following is required:

* presence of an appropriate authentication subject (module);

* the presence of an authenticating object that stores unique information for user authentication.

There are two forms of representing objects that authenticate the user:

* external authenticating object that does not belong to the system;

* an internal object belonging to the system into which information is transferred from an external object.

External objects can be technically implemented on various storage media - magnetic disks, plastic cards, etc. Naturally, the external and internal forms of representation of the authenticating object must be semantically identical.

3 .5 Protection of information in the CS from unauthorized access

To carry out unauthorized access, the attacker does not use any hardware or software that is not part of the CS. He performs unauthorized access using:

* knowledge about the CS and the ability to work with it;

* information about the information security system;

* failures, failures of hardware and software;

* errors, negligence of service personnel and users.

To protect information from unauthorized access, a system for restricting access to information is being created. Gaining unauthorized access to information in the presence of an access control system is possible only in the event of failures and failures of the computer system, as well as using weaknesses in the comprehensive information security system. To exploit weaknesses in a security system, an attacker must be aware of them.

One of the ways to obtain information about the shortcomings of the protection system is to study the protection mechanisms. An attacker can test the security system by directly contacting it. In this case, there is a high probability that the security system will detect attempts to test it. As a result, the security service may take additional protective measures.

A different approach is much more attractive to an attacker. First, a copy of the security system software or technical security device is obtained, and then they are examined in laboratory conditions. In addition, creating unaccounted copies on removable storage media is one of the most common and convenient ways to steal information. This method allows for unauthorized replication of programs. It is much more difficult to secretly obtain a technical means of protection for research than a software one, and such a threat is blocked by means and methods that ensure the integrity of the technical structure of the CS. To block unauthorized research and copying of CS information, a set of means and protection measures is used, which are combined into a system of protection against research and copying of information. Thus, the system for restricting access to information and the system for protecting information can be considered as subsystems of the system for protecting against unauthorized access to information.

3 .6 Other programsMany information security tools

Firewalls(also called firewalls or firewalls - from German Brandmauer, English firewall - “fire wall”). Special intermediate servers are created between the local and global networks, which inspect and filter all network/transport level traffic passing through them. This allows you to dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger completely. A more secure version of the method is masquerading, when all traffic originating from the local network is sent on behalf of the firewall server, making the local network practically invisible.

Firewalls

Proxy servers(proxy - power of attorney, trusted person). All network/transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java and JavaScript code).

VPN(virtual private network) allows you to transmit secret information through networks where it is possible for unauthorized people to eavesdrop on traffic. Technologies used: PPTP, PPPoE, IPSec.

Conclusion

The main conclusions about the methods of using the means, methods and measures of protection discussed above boil down to the following:

1. The greatest effect is achieved when all the means, methods and measures used are combined into a single, holistic information protection mechanism.

2. The protection mechanism should be designed in parallel with the creation of data processing systems, starting from the moment the general design of the system is developed.

3. The functioning of the protection mechanism must be planned and ensured along with the planning and provision of basic automated information processing processes.

4. It is necessary to constantly monitor the functioning of the protection mechanism.

WITHlist of sources used

1. “Software and hardware for ensuring information security of computer networks”, V.V. Platonov, 2006

2. “Artificial intelligence. Book 3. Software and hardware”, V.N. Zakharova, V.F. Khoroshevskaya.

3. www.wikipedia.ru

5. www.intuit.ru

Posted on Allbest.ru

Protection methods

Existing methods and information security tools computer systems (CS) can be divided into four main groups:

methods and means of organizational and legal protection of information;
methods and means of engineering and technical protection of information;
cryptographic methods and means of information security;
software and hardware methods and means of information security.

Methods and means of organizational and legal protection of information

Methods and means of organizational information protection include organizational, technical and organizational and legal measures carried out in the process of creating and operating a computer system to ensure information protection. These activities should be carried out during the construction or renovation of premises in which the compressor station will be located; system design, installation and adjustment of its hardware and software; testing and checking the performance of the CS.

At this level of information protection, international treaties, state regulations, state standards and local regulations of a specific organization are considered.

Methods and means of engineering protection

Engineering and technical means of information security mean physical objects, mechanical, electrical and electronic devices, structural elements of buildings, fire extinguishing means and other means that ensure:

protection of the territory and premises of the compressor station from intruders;
protection of CS hardware and storage media from theft;
preventing the possibility of remote (from outside the protected area) video surveillance (eavesdropping) of the work of personnel and the functioning of technical means of the CS;
preventing the possibility of intercepting PEMIN (stray electromagnetic radiation and interference) caused by operating technical means of the CS and data transmission lines;
organizing access to the premises of the compressor station for employees;
control over the work schedule of the CS personnel;
control over the movement of CS employees in various production areas;
fire protection of compressor station premises;
minimizing material damage from information loss resulting from natural disasters and man-made accidents.

The most important component of engineering and technical means of protecting information are technical means of security, which form the first line of protection of the CS and are a necessary but insufficient condition for maintaining the confidentiality and integrity of information in the CS.

Cryptographic protection methods and encryption

Encryption is the primary means of ensuring confidentiality. So, in the case of ensuring the confidentiality of data on the local computer, encryption of this data is used, and in the case of network interaction, encrypted data transmission channels are used.

The science of protecting information using encryption is called cryptography(cryptography in translation means mysterious writing or secret writing).

Cryptography is used:

to protect the confidentiality of information transmitted over open communication channels;
to authenticate (confirm the authenticity) of the transmitted information;
to protect confidential information when stored on open media;
to ensure the integrity of information (protecting information from unauthorized changes) when transmitted over open communication channels or stored on open media;
to ensure the indisputability of information transmitted over the network (preventing possible denial of the fact of sending a message);
to protect software and other information resources from unauthorized use and copying.

Software and hardware-software methods and means of ensuring information security

Hardware information security includes electronic and electronic-mechanical devices that are included in the technical means of the computer system and perform (independently or in conjunction with software) some functions of ensuring information security. The criterion for classifying a device as a hardware rather than an engineering means of protection is its mandatory inclusion in the composition of the technical means of the CS.

To the main hardware information protection include:

devices for entering user identifying information (magnetic and plastic cards, fingerprints, etc.);
devices for encrypting information;
devices to prevent unauthorized activation of workstations and servers (electronic locks and interlocks).

Examples of auxiliary information security hardware:

devices for destroying information on magnetic media;
alarm devices about attempts of unauthorized actions by CS users, etc.

Information security software means special programs included in the CS software exclusively to perform protective functions. To the main software information protection include:

programs for identification and authentication of CS users;
programs for restricting user access to CS resources;
information encryption programs;
programs for protecting information resources (system and application software, databases, computer training tools, etc.) from unauthorized modification, use and copying.

Note that identification, in relation to ensuring the information security of a computer system, is understood as the unambiguous recognition of the unique name of the subject of the computer system. Authentication means confirming that the name presented corresponds to a given subject (confirming the identity of the subject).

Examples supporting software information protection:

programs for destroying residual information (in blocks of RAM, temporary files, etc.);
audit programs (keeping logs) of events related to the safety of the CS to ensure the possibility of recovery and proof of the fact of the occurrence of these events;
programs for simulating work with a violator (distracting him to obtain supposedly confidential information);
test control programs for CS security, etc.

Results

Since potential security threats information is very diverse, the goals of information protection can be achieved only by creating a comprehensive information protection system, which is understood as a set of methods and means united for a single purpose and ensuring the necessary efficiency of information protection in the CS.

Abstract

Student Belevtsev D.V. Faculty of Physics and Mathematics “OiTZI”

Stavropol State University

Stavropol 2004

Since the late 80s and early 90s, problems related to information security have worried both specialists in the field of computer security and numerous ordinary users of personal computers. This is due to the profound changes brought by computer technology to our lives. The approach to the concept of “information” has changed. This term is now more used to refer to a special product that can be bought, sold, exchanged for something else, etc. Moreover, the cost of such a product often exceeds tens or even hundreds of times the cost of the computer technology itself within which it operates. Naturally, there is a need to protect information from unauthorized access, theft, destruction and other criminal acts. However, most users do not realize that they are constantly risking their safety and personal secrets. And only a few protect their data in any way. Computer users regularly leave even data such as tax and banking information, business correspondence and spreadsheets completely unprotected. The problems become much more complicated when you start working or playing online, as it is much easier for a hacker to obtain or destroy information on your computer at this time.

Information protection

A sharp increase in the volume of information accumulated, stored and processed using computers and other automation tools;

Concentration of information for various purposes and various accessories in unified databases;

A sharp expansion of the circle of users who have direct access to the resources of the computer system and the data located in it;

Increasing complexity of operating modes of technical means of computer systems: widespread introduction of multi-program mode, as well as time-sharing and real-time modes;

Automation of machine-to-machine information exchange, including over long distances.

The main potential channels for information leakage are:

Direct theft of media and documents;

Memorizing or copying information;

Unauthorized connection to equipment and communication lines or illegal use of “legitimate” (i.e. registered) system equipment (most often user terminals).

Hardware is the technical means used to process data. These include: Personal computer (a set of technical means designed for automatic processing of information in the process of solving computational and information problems).

Peripheral equipment (a set of external computer devices that are not under the direct control of the central processor).

Physical media of computer information.

Special registers for storing security details: passwords, identification codes, classifications or security levels;

Code generators designed to automatically generate a device identification code;

Devices for measuring individual characteristics of a person (voice, fingerprints) for the purpose of identification;

Special privacy bits, the value of which determines the level of privacy of information stored in the memory to which these bits belong;

Schemes for interrupting the transmission of information in a communication line for the purpose of periodically checking the data output address. A special and most widespread group of hardware security devices are devices for encrypting information (cryptographic methods).

2.1 Information security software

Software (a set of control and processing programs). Compound:

System programs (operating systems, maintenance programs);

Application programs (programs that are designed to solve problems of a certain type, for example text editors, anti-virus programs, DBMS, etc.);

Instrumental programs (programming systems consisting of programming languages: Turbo C, Microsoft Basic, etc. and translators - a set of programs that provide automatic translation from algorithmic and symbolic languages into machine codes);

Machine information of the owner, owner, user.

I carry out such detailing in order to later more clearly understand the essence of the issue under consideration, in order to more clearly highlight the methods of committing computer crimes, objects and instruments of criminal assault, as well as to eliminate disagreements regarding the terminology of computer equipment. After a detailed examination of the main components that together represent the content of the concept of computer crime, we can move on to consideration of issues related to the main elements of the forensic characteristics of computer crimes.

Security software includes special programs that are designed to perform security functions and are included in the software of data processing systems. Software protection is the most common type of protection, which is facilitated by such positive properties of this tool as versatility, flexibility, ease of implementation, almost unlimited possibilities for change and development, etc. According to their functional purpose, they can be divided into the following groups:

Identification of technical means (terminals, group input-output control devices, computers, storage media), tasks and users;

Determining the rights of technical means (days and hours of operation, tasks allowed for use) and users;

Monitoring the operation of technical equipment and users;

Registration of the operation of technical means and users when processing information of limited use;

Destruction of information in storage after use;

Alarms for unauthorized actions;

Auxiliary programs for various purposes: monitoring the operation of the security mechanism, affixing a secrecy stamp to issued documents.

2.2 Anti-virus protection

Information security is one of the most important parameters of any computer system. To ensure this, a large number of software and hardware tools have been created. Some of them are engaged in encrypting information, and some are engaged in restricting access to data. Computer viruses pose a particular problem. This is a separate class of programs aimed at disrupting the system and damaging data. Among viruses, there are a number of varieties. Some of them are constantly in the computer's memory, some produce destructive actions with one-time “blows”. There is also a whole class of programs that look quite decent on the outside, but actually spoil the system. Such programs are called "Trojan horses". One of the main properties of computer viruses is the ability to “reproduce” - i.e. self-distribution within a computer and computer network.

Since various office application software have been able to work with programs specially written for them (for example, for Microsoft Office you can write applications in Visual Basic), a new type of malware has appeared - the so-called. MacroViruses. Viruses of this type are distributed along with ordinary document files, and are contained within them as ordinary routines.

Not so long ago (this spring) there was an epidemic of the Win95.CIH virus and its numerous subspecies. This virus destroyed the contents of the computer's BIOS, making it impossible to function. Often we even had to throw away motherboards damaged by this virus.

On the Russian software market, the AVP package developed by the Kaspersky Anti-Virus Systems Laboratory has gained the greatest popularity. This is a universal product that has versions for a wide variety of operating systems.

Kaspersky Anti-Virus (AVP) uses all modern types of anti-virus protection: anti-virus scanners, monitors, behavioral blockers and change auditors. Various versions of the product support all popular operating systems, mail gateways, firewalls, and web servers. The system allows you to control all possible ways of viruses entering the user’s computer, including the Internet, email and mobile storage media. Kaspersky Anti-Virus management tools allow you to automate the most important operations for centralized installation and management, both on a local computer and in the case of comprehensive protection of an enterprise network. Kaspersky Lab offers three ready-made anti-virus protection solutions designed for the main categories of users. Firstly, anti-virus protection for home users (one license for one computer). Secondly, anti-virus protection for small businesses (up to 50 workstations on the network). Thirdly, anti-virus protection for corporate users (over 50 workstations on the network). Gone are the days when, to be completely sure of safety from “infection”, it was enough not to use “random” floppy disks and run the Aidstest utility on the machine once or twice a week R, which scans your computer's hard drive for suspicious objects. Firstly, the range of areas in which these objects may end up has expanded. E-mail with attached “harmful” files, macro viruses in office (mostly Microsoft Office) documents, “Trojan horses” - all this appeared relatively recently. Secondly, the approach of periodic audits of the hard drive and archives has ceased to justify itself - such checks would have to be carried out too often, and they would take up too many system resources.

Outdated security systems have been replaced by a new generation capable of tracking and neutralizing the “threat” in all critical areas - from email to copying files between disks. At the same time, modern antiviruses organize constant protection - this means that they are constantly in memory and analyze the information being processed.

One of the most well-known and widely used antivirus protection packages is AVP from Kaspersky Lab. This package comes in many different variants. Each of them is designed to solve a specific range of security problems and has a number of specific properties.

Protection systems distributed by Kaspersky Lab are divided into three main categories, depending on the types of tasks they solve. These include protection for small businesses, protection for home users and protection for corporate clients.

AntiViral Toolkit Pro includes programs that allow you to protect workstations managed by various operating systems - AVP scanners for DOS, Windows 95/98/NT, Linux, AVP monitors for Windows 95/98/NT, Linux, file servers - AVP monitor and scanner for Novell Netware, monitor and scanner for NT server, WEB server - disk inspector AVP Inspector for Windows, Microsoft Exchange mail servers - AVP for Microsoft Exchange and gateways.

AntiViral Toolkit Pro includes scanner programs and monitor programs. Monitors allow you to organize more complete control necessary in the most critical areas of the network.

In Windows 95/98/NT networks, AntiViral Toolkit Pro allows, using the AVP Network Control Center software package, centralized administration of the entire logical network from the administrator’s workstation.

The AVP concept allows you to easily and regularly update antivirus programs by replacing antivirus databases - a set of files with the .AVC extension, which today allow you to detect and remove more than 50,000 viruses. Updates to anti-virus databases are released and available from the Kaspersky Lab server daily. Currently, the AntiViral Toolkit Pro (AVP) antivirus software package has one of the largest antivirus databases in the world.

2.3 Hardware is the basis for building protection systems against unauthorized access to information

The development and production of modern means of protection against unauthorized access (NSD) to information at OKB CAD was preceded by research and development work in this area. Most developers at the initial stage were focused on creating only software that implements protection functions in automated systems, which cannot guarantee reliable protection of automated systems from unauthorized access to information. For example, checking the integrity of the software environment, carried out by some other program located on the same media with the objects being checked, cannot guarantee the correctness of the procedures performed. It is necessary to ensure the integrity of the integrity check program itself, and only then implement its control procedures. Thus, this led to the realization of the need to use hardware with built-in procedures for monitoring the integrity of programs and data, identification and authentication, registration and accounting in information protection systems against unauthorized access.

In the 90s, employees of OKB SAPR developed a methodology for using hardware protection, which was recognized as a necessary basis for constructing systems for protecting against unauthorized access to information. The main ideas of this approach are as follows:

An integrated approach to solving issues of information protection in automated systems (AS) from unauthorized access. Recognition of the multiplicative paradigm of protection, and, as a consequence, equal attention to the reliability of the implementation of control procedures at all stages of NPP operation;

- “materialistic” solution to the “main issue” of information security: “what comes first - hard or soft?”;

Consistent rejection of software control methods as obviously unreliable and transfer of the most critical control procedures to the hardware level;

The maximum possible separation of conditionally constant and conditionally variable elements of control operations;

Construction of means of protecting information from unauthorized access (ISI NSD), as independent as possible from the operating and file systems used in the AS. This is the implementation of identification / authentication procedures, monitoring the integrity of hardware and software of the AS before loading the operating system, administration, etc.

The above principles of hardware protection were implemented in a hardware and software complex for protecting information from unauthorized access - the hardware trusted boot module - "Accord-AMDZ". This complex provides trusted boot mode in various operating environments: MS DOS, Windows 3.x, Windows 9.x, Windows NT/2000/XP, OS/2, Unix, Linux.

The main operating principle of Accord-AMDZ is the implementation of procedures that implement the basic functions of the information security system before loading the operating system. Procedures for user identification/authentication, monitoring the integrity of hardware and software, administration, blocking the loading of the operating system from external storage media are located in the internal memory of the microcontroller of the Accord board. Thus, the user does not have the ability to change procedures that affect the functionality of the information security system. The non-volatile memory of the Accord controller stores information about users’ personal data, data for monitoring the integrity of software and hardware, a log of registration and accounting of system events and user actions. This data can only be changed by an authorized information security administrator, since access to non-volatile memory is completely determined by the operating logic of the software located in the microcontroller of the board.

The NSD IDS of the "Accord" family are implemented on the basis of the "Accord-4.5" controller (for PCs with an ISA bus interface) and its functional analogue for the PCI bus interface - "Accord-5".

OKB SAPR PCI devices are legal and have their own identifier provided by the association of developers of these devices: Vendor ID 1795.

For organizations using industrial computers with a RS/104 bus interface, the Accord-RS104 SZI NSD software and hardware complex may be of interest. This complex has been tested under harsh operating conditions (increased vibration, wide temperature range, high humidity, etc.). It can be used in specialized computers used in on-board equipment (ground, air, sea and industrial systems), in measuring equipment, in communication devices, in mobile systems, including for military purposes.

The most knowledge-intensive development of OKB SAPR is the Accord-SB security coprocessor, which integrates all the necessary tools for implementing comprehensive information protection against unauthorized access. The Accord-SB/2 security coprocessor controller has a high-performance microprocessor and a hardware accelerator for mathematical functions. Access to the functions of this processor is determined by the controller's firmware.

Using the programming library (SDK) of the Accord-SB/2 security coprocessor controller, the developer can use this complex as a multifunctional device. In particular, in addition to tasks of protecting information from unauthorized access, it can be used to transmit confidential information over open communication channels in encrypted form with high speed data processing and transmission, disk encryption, generation and verification of digital signatures, protection of electronic documents using security codes authentication (ACA), and also as a firewall.

The requirements for hardware IPS and the principles of hardware protection implemented in the NSD IPS of the Accord family have already become a de facto standard and are used by all major developers of security equipment operating in the Russian IPS market.

The use of strong hardware support in the Accord family of information security systems NSD has made it possible to reach a new level in the development of information security tools. As is known, to build automated systems according to security classes 1D–1A, it is necessary to establish rules for restricting access to its information resources. To implement the functions of limiting user access to information resources and creating an isolated software environment (ISE), OKB SAPR programmers have developed special software that supports all types of Accord controllers, including work with a random number sensor. These are such NSD IPS complexes as “Accord-1.95” (MS DOS, Windows 9x), “Accord-1.95-00” (Windows 9x), “Accord-NT/2000” (Windows NT/2000/XP).

A feature of the Accord-1.95-00 and Accord-NT/2000 complexes is that in these versions, in addition to the discretionary one, the mandatory principle of access of subjects to information resources is implemented. Special software that implements access control functions allows the information security administrator to describe any consistent security policy based on the most complete set of attributes (more than 15 attributes for access to files and directories) and confidentiality labels of objects (files) and processes (programs), with through which they are processed.

The next stage was the development of the fundamentals of protecting local computer networks using software and hardware protection tools against unauthorized access to information. To fully protect the local computer network, OKB SAPR offers comprehensive technology:

Installation on workstations of the Accord AMDZ information security system with Accord-1.95, Accord-1.95-00, Accord-NT/2000 software;

Installation of an integrity monitoring subsystem on each file server;

Installation of a distributed audit and management subsystem;

Installation of an enhanced authentication subsystem.

Management of the above subsystems in local computer networks is provided using an automated workstation of the security administrator (AWS). This technology allows the information security administrator to uniquely identify authorized users and registered workstations on the network; monitor tasks performed by users in real time; in case of unauthorized actions, block the workstations from which such actions were carried out; administer remotely. Of particular interest is the enhanced authentication subsystem, the essence of which is an additional mechanism for verifying the authenticity of workstations. The authentication procedure is performed not only at the time the station is connected, but also at intervals set by the administrator. The subsystem prevents both the substitution of a local station or server, and the connection of illegal stations/servers to the LAN. Enhanced authentication on a LAN is based on the use of mathematical methods that make it possible to uniquely identify participants in a dialogue.

As you know, it is impossible to solve all issues of information processing in an automated system only by means of protection from unauthorized access to protected information. Therefore, it is also necessary to provide legal evidence of the authenticity of electronic documents. OKB SAPR specialists have proposed and implemented a new way - the development of a controlled technology for processing electronic documents in computer systems - a technology for protecting electronic documents using security authentication codes (SAC). This technology is already used in banking payment systems in order to prevent attempts by attackers to introduce fictitious or modify processed electronic banking documents, as well as to organize end-to-end control during the passage of electronic documents at all prescribed stages of their existence (creation, processing, transfer, storage, final settlement) . This is ensured by installing a ZKA on the document. As a result, an electronic document at each stage of processing has two security checks, the first of which allows you to authorize and control its integrity at the previous stage of processing, and the second is its individual characteristic at the current one.

Technological protection of electronic document management is implemented by all types of controllers of the Accord family. In addition, to implement this technology when using other NSD information security systems, OKB CAD has developed effective devices: an authentication code setting unit (BUKA), a SHIPKA product (Encryption, Authentication, Signature, Authentication Codes).

“SHIPKA” contains a microprocessor with built-in software, a hardware random number sensor, connects through the existing interface - the USB bus - and can perform the following operations:

Encryption according to GOST 28147-89;

Hashing according to GOST R 34.11-94;

Formation and verification of electronic digital signature in accordance with GOST R 34.10-94;

Development and verification of security authentication codes.

The latest modification of the product has a protected electronic disk with a capacity of 16 MB, 32, 64 or 128 MB for recording user information.

Any information security system is a set of organizational and technical measures, which includes a set of legal norms, organizational measures and software and hardware protection tools aimed at countering threats to the information object in order to minimize possible damage to users and owners of the system. Without organizational measures and the presence of a clear organizational and administrative system at the informatization site, the effectiveness of any technical information security system is reduced.

Therefore, OKB SAPR pays great attention to the development of regulatory, technical and methodological documentation, sets of organizational and administrative documents on the policy of protecting information objects in accordance with the current legislation of the Russian Federation. Together with the Federal State Unitary Enterprise "All-Russian Scientific Research Institute for Problems of Computer Technology and Information Technology" (VNIIPVTI), it actively participates in scientific work in the field of information security, primarily in the development of:

Conceptual and theoretical foundations of electronic document protection;

Theories of application of software and hardware protection against unauthorized access to information;

Information security management in local and corporate computer networks for various purposes.

Currently, OKB SAPR is a recognized developer and manufacturer of software and hardware for protecting information from unauthorized access, advanced methods of information security management and secure electronic document management technologies based on them.

OKB SAPR is a licensee of the FSB, the State Technical Commission of Russia and FAPSI, has a production of means of protecting information from unauthorized access certified by the State Technical Commission of Russia and a wide dealer network in most regions of the Russian Federation, and is actively working to train specialists in the field of information security.

Recently, interest in modern hardware cryptographic information protection (ACCI) has increased. This is due, first of all, to the simplicity and efficiency of their implementation. To do this, it is enough for subscribers on the transmitting and receiving sides to have ASKZI equipment and a set of key documents to guarantee the confidentiality of information circulating in automated control systems (ACS).

Modern ASKZI are built on a modular principle, which makes it possible to complete the structure of ASKZI at the customer’s choice.

1. Structure of ASKZI

When developing modern ASKZI, it is necessary to take into account a large number of factors that influence the efficiency of their development, which complicates the finding of analytical estimates for the choice of a general criterion for the optimality of their structure.

Modern ASKZI as an element of an automated control system is subject to increased requirements for safety, reliability and speed of processing information circulating in the system.

Security is ensured by guaranteed encryption strength and compliance with special requirements, the choice of which is determined by cryptographic standards.

The reliability and speed of information processing depend on the composition of the chosen structure. ASKZI includes a number of functionally connected nodes and blocks that ensure the specified reliability and speed. These include:

Input devices intended for entering information;

Information conversion devices designed to transfer information from input devices to output devices in encrypted, decrypted or clear form;

Output devices designed to display information on appropriate media.

2. ASKZI model

To find a general criterion for assessing the optimality of the structure of a modern ASKZ, it is enough to consider the main chain of information flow: input adapters, input devices consisting of a keyboard, transmitter or photo reader, encoder, conversion device and output device. The remaining nodes and blocks do not have a significant impact on the flow of information.

From the methodology of the systems approach it is known that the mathematical description of a complex system, to which ASKZI belongs, is carried out by hierarchically breaking it down into elementary components. At the same time, generalized criteria of lower levels should always be included in mathematical models of higher levels as particular levels. Consequently, the same concept in relation to a lower level can act as a generalized criterion, and in relation to a higher level - as a particular criterion.

The output subsystem is the terminal device of ASKZI, that is, it is at the highest level of the hierarchy and includes display, printing and perforation devices. Consequently, at this level the target will be the speed of processing incoming cryptograms. Then, as a generalized criterion, it is advisable to choose the processing time of a stream of cryptograms for one cycle of operation of modern ASKZI, which does not exceed a given time interval and is determined by the need to make management decisions.

The information processing subsystem is located at the second level of the hierarchy and includes printing and perforation paths, an encoder and a system for controlling and distributing information flow.

The main directions of work on this aspect of protection can be formulated as follows:

Selection of rational encryption systems to securely hide information;

Justification of ways to implement encryption systems in automated systems;

Development of rules for the use of cryptographic protection methods during the operation of automated systems;

Assessing the effectiveness of cryptographic protection.

A number of requirements are imposed on ciphers intended for closing information in computers and automated systems, including: sufficient strength (reliability of closure), ease of encryption and decryption depending on the method of in-machine presentation of information, insensitivity to small encryption errors, the possibility of in-machine processing of encrypted information, slight redundancy of information due to encryption and a number of others. To one degree or another, these requirements are met by certain types of substitution, permutation, gamma ciphers, as well as ciphers based on analytical transformations of encrypted data.

Substitution encryption (sometimes the term "substitution" is used) involves replacing the characters of the encrypted text with characters of a different or the same alphabet in accordance with a predetermined replacement scheme.

Transposition encryption means that the characters of the encrypted text are rearranged according to some rule within a certain block of this text. With a sufficient length of the block within which the permutation is carried out, and a complex and non-repeating order of the permutation, encryption strength sufficient for practical applications in automated systems can be achieved.

Gamma encryption consists of adding the symbols of the encrypted text with the symbols of some random sequence called gamma. The strength of encryption is determined mainly by the size (length) of the non-repeating part of the gamut. Since with the help of a computer it is possible to generate an almost infinite range, this method is considered one of the main ones for encrypting information in automated systems. True, in this case a number of organizational and technical difficulties arise, which, however, are not insurmountable.

Analytical transformation encryption means that the encrypted text is transformed according to some analytical rule (formula). You can, for example, use the rule of multiplying a matrix by a vector, and the multiplied matrix is the encryption key (therefore its size and content must be kept secret), and the symbols of the multiplied vector sequentially serve as the symbols of the encrypted text.

Particularly effective are combination ciphers, when the text is sequentially encrypted by two or more encryption systems (for example, substitution and gamma, permutation and gamma). It is believed that in this case the encryption strength exceeds the total strength in composite ciphers.

Each of the encryption systems discussed can be implemented in an automated system either programmatically or using special equipment. Software implementation is more flexible and cheaper than hardware implementation. However, hardware encryption is generally several times more productive. This circumstance is of decisive importance for large volumes of confidential information.

Operating system security hardware is traditionally understood as a set of tools and methods used to solve the following problems:

Managing computer RAM and virtual memory;

Distribution of processor time between tasks in a multitasking operating system;

Synchronizing the execution of parallel tasks in a multitasking operating system;

Ensuring shared access of tasks to operating system resources.

The listed tasks are largely solved using hardware-implemented functions of processors and other computer components. However, as a rule, software is also used to solve these problems, and therefore the terms “hardware protection” and “hardware protection” are not entirely correct. However, since these terms are actually generally accepted, we will use them.

The lack of standard protection tools in the first operating systems to protect personal computers (PCs) gave rise to the problem of creating additional tools. The relevance of this problem has not diminished with the advent of more powerful operating systems with developed security subsystems. The fact is that most systems are still not able to protect data that “goes beyond its limits,” for example, when using network information exchange or when trying to access disk drives by loading an alternative, unprotected OS.

The main conclusions about the methods of using the means, methods and measures of protection discussed above boil down to the following:

The greatest effect is achieved when all the means, methods and measures used are combined into a single, holistic mechanism for protecting information.

The protection mechanism should be designed in parallel with the creation of data processing systems, starting from the moment the overall design of the system is developed.

The functioning of the protection mechanism must be planned and ensured along with the planning and provision of basic automated information processing processes.

It is necessary to constantly monitor the functioning of the protection mechanism.

References

Internet: www.legaladvise.ru

www.confident.ru

www.kasperski.ru

Proskurin V.G. and others. Software and hardware for information security. Protection in operating systems. –M.: Radio and communication, 2000.

Software and hardware for information security. Protection of programs and data / P.Yu. Belkin, O.O. Mikhalsky, A.S. Pershakov et al. - M.: Radio and Communications, 1999.

Khisamov F.G. Makarov Yu.P. Optimization of hardware for cryptographic information protection // Security systems. - 2004. – February-March No. 1 (55). –p.108.

Hardware protection methods include different devices based on the principle of operation and technical designs that implement protection against disclosure, leakage and unauthorized access to information sources. Such tools are used for the following tasks:

Detecting data leak lines in different rooms and objects
Implementation of special statistical studies of technical methods of ensuring activities for the presence of leak lines
Localization of data leak lines
Counteraction to non-compliance with data sources
search and detection of traces of espionage

Hardware can be classified by functionality into detection, measurement, search, passive and active countermeasures. Also, funds can be divided by ease of use. Device developers are trying to increasingly simplify the principle of working with a device for ordinary users. For example, a group of electromagnetic radiation indicators of the IP type, which have a wide range of incoming signals and low sensitivity. Or a complex for identifying and locating radio bookmarks, which are designed to detect and locate radio transmitters, telephone bookmarks or network transmitters. Or a complex Delta implements:

automatic location of microphones in a certain room
Accurate detection of any commercially available radio microphones and other emitting transmitters.

Search hardware can be divided into methods for collecting data and examining leak lines. Devices of the first type are configured to localize and search for already implemented NSD tools, and the second type is configured to identify data leakage lines. To use professional search equipment you need a highly qualified user. As in any other field of technology, the versatility of the device leads to a reduction in its individual parameters. From another point of view, there are many different data leak lines due to their physical nature. But large enterprises can afford expensive professional equipment and qualified employees for these issues. And naturally, such hardware will work better in real conditions, that is, identify leak channels. But this does not mean that you should not use simple, cheap search tools. Such tools are easy to use and will perform just as well in highly specialized tasks.

Hardware can be applied to individual parts of the computer, to the processor, RAM, external memory, input/output controllers, terminals, etc. To protect processors, code backup is implemented - this is the creation of additional bits in machine instructions and reserve bits in processor registers. To protect RAM, access restrictions to boundaries and fields are implemented. To indicate the level of confidentiality of programs or information, additional confidentiality bits are used with the help of which programs and information are encoded. Data in RAM requires protection from unauthorized access. From reading the remaining information after processing it in RAM, an erasing circuit is used. This circuit writes a different sequence of characters throughout the entire memory block. To identify the terminal, a certain code generator is used, which is hardwired into the terminal equipment, and it is checked when connected.

Hardware data protection methods are various technical devices and structures that protect information from leakage, disclosure and unauthorized access.

Software protection mechanisms

Systems for protecting a workstation from intrusion by an attacker vary greatly and are classified:

Protection methods in the computing system itself
Personal protection methods that are described by the software
Protection methods with data request
Active/passive protection methods

Details about this classification can be seen in Fig. 1.

Figure - 1

Directions for implementing software information protection

Directions that are used to implement information security:

copy protection
protection against NSD
virus protection
communication line protection

For each of the areas, you can use many high-quality software products that are on the market. Also, the Software may have different functionality:

Monitoring the operation and registration of users and technical equipment
Identification of existing hardware, users and files
Protection of computer operating resources and user programs
Services for various data processing modes
Destruction of data after its use in system elements
Alarm in case of violations
Additional programs for other purposes

The areas of software protection are divided into Data Protection (preserving integrity/confidentiality) and Program Protection (implementation of the quality of information processing, which is a trade secret, most vulnerable to an attacker). Identification of files and hardware is implemented programmatically; the algorithm is based on an inspection of the registration numbers of various system components. An excellent method for identifying addressable elements is a request-response type algorithm. To differentiate the requests of different users for different categories of information, individual means of secrecy of resources and personal control of access to them by users are used. If, for example, the same file can be edited by different users, then several options are saved for further analysis.

Protection of information from unauthorized access

To implement intrusion protection, you need to implement the following basic software functions:

Identification of objects and subjects
Registration and control of actions with programs and actions
Restricting access to system resources

Identification procedures involve checking whether the subject who is trying to gain access to resources is who he claims to be. Such checks may be periodic or one-time. For identification, the following methods are often used in such procedures:

complex, simple or one-time passwords;
badges, keys, tokens;
special identifiers for equipment, data, programs;
methods for analyzing individual characteristics (voice, fingers, hands, faces).

Practice shows that password protection is a weak link, since in practice it can be eavesdropped or spied on or guessed. To create a complex password, you can read these guidelines. The object to which access is carefully controlled can be a record in a file, the file itself, or a single field in a file record. Typically, many access control tools draw data from the access matrix. You can also approach access control based on the control of information channels and the division of objects and access subjects into classes. A set of software and hardware solutions for data security from digital data is implemented by the following actions:

accounting and registration
access control
sale of funds

You can also note the forms of access control:

Access Prevention:
to removable storage media
modification protection:
- catalogs
- files
Setting access privileges to a group of files
Copy Prevention:
- catalogs
- files
- user programs
Protection from destruction:
- files
- catalogs
Screen dims after a while.

General means of protection against NSD are shown in Fig. 2.

Figure - 2

Copy protection

Copy protection methods prevent the sale of stolen copies of programs. Copy protection methods mean tools that implement program functions only if there is a unique non-copyable element. This may be a part of a computer or application program. Protection is implemented by the following functions:

identifying the environment where the program runs
authentication of the environment where the program runs
Reaction to starting a program from an unauthorized environment
Registration of authorized copying

Protecting information from deletion

Data deletion can be carried out during a number of activities such as recovery, backup, updates, etc. Since the events are very diverse, it is difficult to fit them into the rules. It could also be a virus or a human factor. And although there is a countermeasure against the virus, these are antiviruses. But there are few counteractions to human actions. To reduce the risks from this, there are a number of actions:

Inform all users about the damage to the enterprise if such a threat is realized.
Prohibit receiving/opening software products that are external to the information system.
Also run games on those PCs where confidential information is processed.
Implement archiving of copies of data and programs.
Verify checksums of data and programs.
Implement information security.

To prevent the above threats, there are various ways to protect information. In addition to natural ways to identify and timely eliminate causes, the following special methods are used to protect information from malfunctions of computer systems:

introducing structural, temporal information and functional redundancy of computer resources;

protection against incorrect use of computer system resources;

identification and timely elimination of errors at the stage of software and hardware development.

Structural redundancy of computer resources is achieved through redundancy of hardware components and machine media. Organizing the replacement of failed components and timely replenishment of reserve components. Structural redundancy forms the basis. Information redundancy is introduced through periodic or continuous background data backup. On primary and backup media. Data backup ensures the restoration of accidental or intentional destruction or distortion of information. To restore the functionality of a computer network after a permanent failure occurs, in addition to backing up regular data, therefore, back up system information in advance. Functional redundancy of computer resources is achieved by duplicating functions or introducing additional functions into software and hardware resources. For example, periodic testing and recovery, self-testing and self-healing of system components.

Protection from incorrect use of computer system resources, contained in the correct functioning of the software from the standpoint of using computer system resources, the program can clearly and timely perform its functions, but not use computer resources correctly. For example, isolating sections of RAM for the operating system of application programs and protecting system areas on external media.

Identification and elimination of errors in the development of software and hardware is achieved through high-quality implementation of the basic stages of development based on a system analysis of the design concept and implementation of the project. However, the main type of threats to the integrity and confidentiality of information is intentional threats. They can be divided into 2 groups:

threats that are realized with constant human participation;

after the attacker develops the appropriate computer programs, it is executed by these programs without human intervention.

The tasks for protecting against threats of each type are the same:

prohibition of unauthorized access to resources;

impossibility of unauthorized use of resources when accessing;

timely detection of unauthorized access. Elimination of their causes and consequences.

2.2 Hardware information security

Information security means - a set of engineering, electrical, electronic, optical and other devices and devices, instruments and technical systems, as well as other material elements used to solve various problems of information protection, including preventing leaks and ensuring the security of protected information .

Means of ensuring information security in terms of preventing intentional actions, depending on the method of implementation, can be divided into groups:

hardware;

software;

mixed hardware and software;

organizational means;

data encryption;

confidentiality.

Let's take a closer look at information security hardware.

Hardware – technical means used for data processing.

special registers for storing security details: passwords, identification codes, classifications or security levels;

code generators designed to automatically generate a device identification code;

devices for measuring individual characteristics of a person (voice, fingerprints) for the purpose of identification;

special privacy bits, the value of which determines the level of privacy of information stored in the memory to which these bits belong.

Circuits for interrupting the transmission of information in a communication line for the purpose of periodically checking the data output address. A special and most widely used group of hardware security devices are devices for encrypting information (cryptographic methods). In the simplest case, network cards and a cable are enough to operate the network. If you need to create a fairly complex network, you will need special network equipment.

Operating system security hardware is traditionally understood as a set of tools and methods used to solve the following problems:

management of computer RAM and virtual memory;

distribution of processor time between tasks in a multitasking operating system;

synchronizing the execution of parallel tasks in a multitasking operating system;

ensuring shared access of tasks to operating system resources.

The listed tasks are largely solved using hardware-implemented functions of processors and other computer components. However, as a rule, software tools are also used to solve these problems, and therefore the terms “hardware protection” and “hardware protection” are not entirely correct. However, since these terms are actually generally accepted, we will use them.

Hardware cryptographic protection devices are, in fact, the same PGP, only implemented at the hardware level. Typically, such devices are boards, modules, and even separate systems that perform various encryption algorithms on the fly. The keys in this case are also “hard”: most often they are smart cards or TouchMemory (iButton) identifiers. Keys are loaded into devices directly, bypassing the memory and system bus of the computer (the reader is mounted into the device itself), which eliminates the possibility of their interception. These self-sufficient encryptors are used both to encode data within closed systems and to transmit information over open communication channels. In particular, the KRYPTON-LOCK protection system, produced by the Zelenograd company ANKAD, works on this principle. This card, installed in a PCI slot, allows you to distribute computer resources at a low level depending on the value of the key entered before the motherboard loads the BIOS. It is the key that is entered that determines the entire system configuration - which disks or disk partitions will be accessible, which OS will boot, what communication channels will be at our disposal, and so on. Another example of cryptographic hardware is the GRIM-DISK system, which protects information stored on a hard drive with an IDE interface. The encoder board together with the drive is placed in a removable container (only the interface circuits are assembled on a separate board installed in the PCI slot). This reduces the likelihood of information being intercepted over the air or otherwise. In addition, if necessary, the protected device can be easily removed from the car and stored in the safe. The iButton key reader is built into the container with the device. After turning on the computer, access to the disk or any partition of the disk can only be obtained by loading the key into the encryption device.

Protection of information from leakage through electromagnetic radiation channels. Even competent configuration and use of additional software and hardware, including identification tools and the encryption systems mentioned above, are not able to completely protect us from the unauthorized distribution of important information. There is a data leakage channel that many people are not even aware of. The operation of any electronic devices is accompanied by electromagnetic radiation. And computer technology is no exception: even at a very significant distance from electronics, it will not be difficult for a well-trained specialist using modern technical means to intercept the interference generated by your equipment and isolate a useful signal from them. The source of electromagnetic radiation (EMR), as a rule, is the computers themselves, active elements of local networks and cables. It follows from this that properly executed grounding can be considered a type of “iron” information security system. The next step is shielding the premises, installing active network equipment in shielded cabinets and using special, completely radio-sealed computers (with cases made of special materials that absorb electromagnetic radiation, and additional protective shields). In addition, in such complexes it is mandatory to use network filters and use double shielded cables. Of course, in this case you will have to forget about radio keyboard-mouse sets, wireless network adapters and other radio interfaces. If the data being processed is top-secret, in addition to complete radio sealing, noise generators are also used. These electronic devices mask stray emissions from computers and peripheral equipment, creating radio interference over a wide range of frequencies. There are generators that can not only emit such noise into the air, but also add it to the power supply network to prevent information leakage through ordinary network sockets, sometimes used as a communication channel.

By going online and organizing access to its servers, an institution actually opens up some resources of its own network to the whole world, thereby making it accessible to unauthorized penetration. To protect against this threat, special systems are usually installed between an organization’s internal network and the Internet - hardware and software firewalls (firewalls). In the simplest case, a filtering router can serve as a firewall. However, to create highly reliable networks, this measure is not enough, and then it is necessary to use the method of physically separating networks into open (for Internet access) and closed (corporate). This solution has two serious drawbacks. Firstly, employees whose work requires access to both networks have to install a second PC at their workplace. As a result, the desktop turns into the operator's console of the flight control center or air traffic controller. Secondly, and this is the main thing, you have to build two networks, and this means considerable additional financial costs and difficulties in ensuring protection from EMI (after all, the cables of both networks have to be routed through common communications). If you have to put up with the second problem, then eliminating the first drawback is quite simple: since a person is not able to work on two separate computers at the same time, it is necessary to organize a special automated workstation (AWS), which assumes the session nature of work on both networks. Such a workstation is a regular computer equipped with an access control device (ACD), which has a network switch located on the front panel of the system unit. It is to the access device that the computer’s hard drives are connected. Each work session is controlled by its own operating system, loaded from a separate hard drive. Access to drives that are not involved in the current session is completely blocked when switching between networks.

There is no more reliable data protection than its complete destruction. But destroying digital information is not so easy. In addition, there are times when you need to get rid of it instantly. The first problem can be solved by thoroughly destroying the carrier. This is precisely why various recyclers have been invented. Some of them work exactly like office shredders (paper shredders), mechanically shredding floppy disks, magnetic and electronic cards, CDs and DVDs. Others are special ovens in which any media, including hard drives, is destroyed under the influence of high temperatures or ionizing radiation. Thus, electric arc and electric induction installations can heat the carrier to a temperature of 1000-1200 K (approximately 730-930 °C), and in combination with chemical action, for example using self-propagating high-temperature synthesis (SHS), rapid heating is provided up to 3000 K. After If the media is exposed to such temperatures, it is impossible to restore the information on it. To automatically destroy data, special modules are used, which can be built into the system unit or executed as an external device with information storage devices installed in it. The command to completely destroy data for such devices is usually given remotely from a special key fob or from any sensors that can easily monitor both the intrusion into the premises and unauthorized access to the device, its movement or an attempt to turn off the power. Information in such cases is destroyed in one of two ways:

physical destruction of the drive (usually by chemical means)

erasing information in service areas of disks.

You can restore the functionality of drives after the destruction of service areas using special equipment, but the data will be lost forever. Such devices are available in various versions - for servers, desktop systems and laptops. There are also special modifications developed for the Ministry of Defense: these are completely autonomous systems with increased protection and an absolute guarantee of operation. The biggest drawback of such systems is the impossibility of absolute insurance against accidental operation. You can imagine what the effect will be if, for example, a citizen performing maintenance opens the system unit or disconnects the monitor cable, forgetting to lock the security device.