What threats to information security exist. Types and sources of information security threats

Natural and man-made threats

The development of new information technologies and universal computerization have led to the fact that information security not only becomes mandatory, it is also one of the characteristics of information systems. There is a fairly broad class of information processing systems in the development of which the security factor plays a primary role (for example, banking information systems).

Under IP security refers to the security of a system from accidental or intentional interference in the normal process of its functioning, from attempts to steal (unauthorized acquisition) of information, modification or physical destruction of its components. In other words, this is the ability to counteract various disturbing influences on the IS.

Information security is at risk refers to events or actions that can lead to distortion, unauthorized use or even destruction of the information resources of the managed system, as well as software and hardware.

Information security threats are divided into two main types - natural and artificial threats.. Let's dwell on natural threats and try to identify the main ones . To natural threats include fires, floods, hurricanes, lightning strikes and other natural disasters and phenomena that are beyond human control. The most common of these threats are fires. To ensure information security, a necessary condition is to equip the premises in which the system elements are located (digital storage media, servers, archives, etc.) with fire sensors, appoint those responsible for fire safety and have fire extinguishing equipment available. Compliance with all these rules will minimize the threat of information loss from fire.

If premises with valuable information storage media are located in close proximity to bodies of water, then they are subject to the threat of information loss due to flooding. The only thing that can be done in this situation is to eliminate the storage of storage media on the first floors of the building, which are prone to flooding.

Another natural threat is lightning. Very often, when lightning strikes, network cards, electrical substations and other devices fail. Large organizations and enterprises, such as banks, suffer especially significant losses when network equipment fails. To avoid such problems, the connecting network cables must be shielded (a shielded network cable is resistant to electromagnetic interference) and the cable shield must be grounded. To prevent lightning from entering electrical substations, a grounded lightning rod should be installed, and computers and servers should be equipped with uninterruptible power supplies.

The next type of threats are artificial threats, which in turn are divided into unintentional and intentional threats. Unintentional threats- these are actions that people commit due to carelessness, ignorance, inattention or out of curiosity. This type of threat includes the installation of software products that are not included in the list of necessary ones for work, and can subsequently cause unstable operation of the system and loss of information. This also includes other “experiments” that were not malicious, and the people who performed them were not aware of the consequences. Unfortunately, this type of threat is very difficult to control; not only must the personnel be qualified, it is necessary that each person is aware of the risk that arises from his unauthorized actions.

Deliberate threats- threats associated with malicious intent of deliberate physical destruction, subsequently failure of the system. Intentional threats include internal and external attacks. Contrary to popular belief, large companies often suffer multi-million dollar losses not from hacker attacks, but through the fault of their own employees. Modern history knows a lot of examples of deliberate internal threats to information - these are the tricks of competing organizations that introduce or recruit agents for the subsequent disorganization of a competitor, the revenge of employees who are dissatisfied with their salaries or status in the company, and so on. In order for the risk of such cases to be minimal, it is necessary that each employee of the organization meets the so-called “reliability status.”

To external intentional threats include threats of hacker attacks. If the information system is connected to the global Internet, then to prevent hacker attacks it is necessary to use a firewall (the so-called firewall), which can be either built into the equipment or implemented in software.

A person who attempts to disrupt an information system or gain unauthorized access to information is usually called a cracker, and sometimes a “computer pirate” (hacker).

In their illegal actions aimed at mastering other people's secrets, hackers strive to find sources of confidential information that would provide them with the most reliable information in maximum volumes with minimal costs for obtaining it. With the help of various kinds of tricks and a variety of techniques and means, paths and approaches to such sources are selected. In this case, the source of information means a material object that has certain information that is of specific interest to attackers or competitors.

The main threats to information security and normal functioning of information systems include:

Leakage of confidential information;

Compromise of information;

Unauthorized use of information resources;

Incorrect use of information resources;

Unauthorized exchange of information between subscribers;

Refusal of information;

Violation of information services;

Illegal use of privileges.

Leakage of confidential information- this is the uncontrolled release of confidential information outside the IP or the circle of persons to whom it was entrusted through service or became known in the course of work. This leak may be due to:

Disclosure of confidential information;

Transfer of information through various, mainly technical, channels;

Unauthorized access to confidential information in various ways.

Disclosure of information by its owner or holder is the intentional or careless actions of officials and users to whom the relevant information was entrusted in the prescribed manner through their service or work, which led to the familiarization with it of persons who were not allowed to have access to this information.

Uncontrolled loss of confidential information through visual-optical, acoustic, electromagnetic and other channels is possible.

Unauthorized access- is the unlawful deliberate acquisition of confidential information by a person who does not have the right to access protected information.

The most common ways of unauthorized access to information are:

Interception of electronic radiation;

Use of listening devices (bookmarks);

Remote photography;

Interception of acoustic radiation and restoration of printer text;

Copying storage media by overcoming security measures

Masking as a registered user;

Masking as system requests;

Use of software traps;

Exploiting the shortcomings of programming languages ​​and operating systems;

Illegal connection to equipment and communication lines of specially designed hardware that provides access to information;

Malicious failure of protection mechanisms;

Decryption of encrypted information by special programs;

Information infections.

The listed methods of unauthorized access require quite a lot of technical knowledge and appropriate hardware or software development on the part of the attacker. For example, technical leakage channels are used - these are physical paths from the source of confidential information to the attacker, through which it is possible to obtain protected information. The cause of leakage channels is design and technological imperfections in circuit solutions or operational wear of elements. All this allows hackers to create converters operating on certain physical principles, forming an information transmission channel inherent in these principles - a leakage channel.

However, there are also quite primitive ways of unauthorized access:

Theft of storage media and documentary waste;

Initiative cooperation;

Inclination towards cooperation on the part of the burglar;

Torturing;

Eavesdropping;

Observation and other ways.

Any means of leaking confidential information can lead to significant material and moral damage both for the organization where the information system operates and for its users.

There is and is constantly being developed a huge variety of malicious programs, the purpose of which is to damage information in the database and computer software. The large number of varieties of these programs does not allow us to develop permanent and reliable means of protection against them.

And information security in the broadest sense is a set of means of protecting information from accidental or intentional influence. Regardless of what underlies the impact: natural factors or artificial causes, the owner of the information suffers losses.

Information Security Principles

• Integrity information data means the ability of information to retain its original form and structure both during storage and after repeated transmission. Only the owner or user with legal access to the data has the right to make changes, delete or supplement information.
• Confidentiality - a characteristic that indicates the need to limit access to information resources for a certain circle of people. In the process of actions and operations, information becomes available only to users who are included in information systems and have successfully completed identification.
• Availability information resources means that information that is freely available must be provided to full users of the resources in a timely and unhindered manner.
• Credibility indicates that the information belongs to a trusted person or owner, who at the same time acts as a source of information.

Ensuring and supporting information security includes a set of diverse measures that prevent, monitor and eliminate unauthorized access by third parties. Information security measures are also aimed at protecting against damage, distortion, blocking or copying of information. It is important that all tasks are solved simultaneously; only then is complete, reliable protection ensured.

The main questions about the information method of protection are especially acute when hacking or theft with distortion of information will entail a number of serious consequences and financial damages.

The logical chain of information transformation created using modeling looks like this:

THREATENING SOURCE ⇒ SYSTEM VULNERABILITY FACTOR ⇒ ACTION ( SECURITY THREAT) ⇒ ATTACK ⇒ CONSEQUENCES

Types of information security threats

An information threat is the potential impact or impact on an automated system with subsequent harm to someone's needs.

Today there are more than 100 positions and types of threats to the information system. It is important to analyze all risks using different diagnostic techniques. Based on the analyzed indicators and their detail, it is possible to competently build a system of protection against threats in the information space.

Threats to information security do not manifest themselves, but through possible interaction with the weakest links in the security system, that is, through vulnerability factors. The threat leads to disruption of systems on a specific host object.

The main vulnerabilities arise due to the following factors:

• Imperfection of software, hardware platform;
• Different characteristics of the structure of automated systems in the information flow;
• Some of the systems’ functioning processes are defective;
• Inaccuracy of information exchange protocols and interface;
• Difficult operating conditions and information location.

Most often, threat sources are launched with the aim of obtaining illegal benefits due to damage to information. But it is also possible that threats may occur accidentally due to the insufficient degree of protection and the massive effect of the threatening factor.

There is a division of vulnerabilities into classes, they can be:

• objective;
• random;
• subjective.

If you eliminate or at least mitigate the impact of vulnerabilities, you can avoid a full-fledged threat aimed at the information storage system.

Objective vulnerabilities

This type directly depends on the technical design of the equipment at the facility requiring protection and its characteristics. It is impossible to completely get rid of these factors, but their partial elimination is achieved using engineering techniques in the following ways:

1. Related to technical means of radiation:

• electromagnetic techniques (side effects of radiation and signals from cable lines, elements of technical equipment);
• sound options (acoustic or with the addition of vibration signals);
• electrical (slippage of signals into the electrical network chains, due to interference on lines and conductors, due to uneven current distribution).

2. Activated:

• malware, illegal programs, technological exits from programs, which are united by the term “software bookmarks”;
• equipment bookmarks are factors that are implemented directly into telephone lines, electrical networks, or simply into premises.

3. Those that are created by the characteristics of the object under protection:

• location of the object (visibility and absence of a controlled zone around the information object, the presence of vibration or sound-reflecting elements around the object, the presence of remote elements of the object);
• organization of information exchange channels (use of radio channels, lease of frequencies or use of universal networks).

4. Those that depend on the characteristics of the carrier elements:

• parts with electroacoustic modifications (transformers, telephone devices, microphones and loudspeakers, inductors);
• things subject to the influence of the electromagnetic field (media, microcircuits and other elements).

Random vulnerabilities

These factors depend on unforeseen circumstances and environmental features of the information environment. They are almost impossible to predict in the information space, but it is important to be prepared to quickly eliminate them. Such problems can be resolved by conducting an engineering investigation and retaliating against the threat to information security:

1. Failures and failures of systems:

• due to malfunction of technical means at different levels of information processing and storage (including those responsible for the operation of the system and for controlling access to it);
• malfunctions and obsolescence of individual elements (demagnetization of storage media such as floppy disks, cables, connecting lines and microcircuits);
• failures of various software that support all links in the chain of information storage and processing (antiviruses, application and service programs);
• interruptions in the operation of auxiliary equipment of information systems (problems at the power transmission level).

2. Factors that weaken information security:

• damage to communications such as water supply or electricity supply, as well as ventilation and sewerage;
• malfunctions in the operation of enclosing devices (fences, floors in the building, equipment housings where information is stored).

Subjective vulnerabilities

This subtype in most cases is the result of incorrect actions by employees at the level of developing information storage and protection systems. Therefore, eliminating such factors is possible using techniques using hardware and software:

1. Inaccuracies and gross errors that violate information security:

• at the stage of loading finished software or preliminary development of algorithms, as well as at the time of its use (possibly during daily operation, during data entry);
• at the stage of managing programs and information systems (difficulties in the process of learning to work with the system, setting up services on an individual basis, during manipulations with information flows);
• while using technical equipment (at the stage of turning it on or off, operating devices for transmitting or receiving information).

2. Disturbances in the operation of systems in the information space:

• personal data protection regime (the problem is created by dismissed employees or existing employees during non-working hours; they gain unauthorized access to the system);
• safety and security mode (while gaining access to the facility or technical devices);
• while working with technical devices (impairments in energy saving or equipment provision are possible);
• while working with data (transforming information, storing it, searching and destroying data, eliminating defects and inaccuracies).

Vulnerability ranking

Each vulnerability must be taken into account and assessed by specialists. Therefore, it is important to determine the criteria for assessing the risk of a threat and the likelihood of failure or bypassing information security. Indicators are calculated using ranking. Among all the criteria, there are three main ones:

• Availability is a criterion that takes into account how convenient it is for a threat source to exploit a certain type of vulnerability to violate information security. The indicator includes technical data of the information carrier (such as the dimensions of the equipment, its complexity and cost, as well as the possibility of using non-specialized systems and devices to hack information systems).

• Fatality- a characteristic that assesses the depth of influence of a vulnerability on the ability of programmers to cope with the consequences of the created threat to information systems. If we evaluate only objective vulnerabilities, then their information content is determined - the ability to transmit a useful signal with confidential data to another location without deforming it.
• Quantity- characteristics of counting the details of the information storage and implementation system, which are inherent in any type of vulnerability in the system.

Each indicator can be calculated as the arithmetic average of the coefficients of individual vulnerabilities. A formula is used to assess the degree of danger. The maximum score for the totality of vulnerabilities is 125, and this number is in the denominator. And the numerator includes the product of CD, CF and KK.

To find out information about the degree of system protection accurately, you need to involve an analytical department with experts. They will assess all vulnerabilities and draw up an information map using a five-point system. One corresponds to the minimum possibility of influencing information security and its circumvention, and five corresponds to the maximum level of influence and, accordingly, danger. The results of all analyzes are summarized in one table, the degree of influence is divided into classes for the convenience of calculating the vulnerability coefficient of the system.

What sources threaten information security?

If we describe the classification of threats that bypass information security protection, we can distinguish several classes. The concept of classes is necessary, because it simplifies and systematizes all factors without exception. The basis includes parameters such as:

1. Rank of intentionality of interference in the information security system:

• the threat caused by personnel negligence in the information dimension;
• a threat initiated by scammers, and they do it for personal gain.

2. Appearance Characteristics:

• information security threat that is man-made and artificial;
• natural threatening factors beyond the control of information security systems and caused by natural disasters.

3. Classification of the immediate cause of the threat. The culprit could be:

• a person who discloses confidential information by bribing company employees;
• a natural factor that comes in the form of a catastrophe or local disaster;
• software using specialized devices or the introduction of malicious code into technical equipment, which disrupts the functioning of the system;
• accidental deletion of data, authorized software and hardware funds, failure of the operating system.

4. The degree of activity of threats on information resources:

• at the time of data processing in the information space (action of mailings from virus utilities);
• at the time of receiving new information;
• regardless of the activity of the information storage system (in the event of breaking ciphers or cryptoprotection of information data).

There is another classification of sources of information security threats. It is based on other parameters and is also taken into account during the analysis of a system malfunction or hacking. Several indicators are taken into account.

Classification of threat sources

At the same time, we should not forget about such threats as accidental and intentional. Research has proven that in systems, data is regularly subjected to different reactions at all stages of the information processing and storage cycle, as well as during the operation of the system.

Factors such as:

• equipment malfunctions;
• periodic noise and background in communication channels due to the influence of external factors (channel capacity and bandwidth are taken into account);
• inaccuracies in the software;
• errors in the work of employees or other employees in the system;
• specifics of the functioning of the Ethernet environment;
• force majeure during natural disasters or frequent power outages.

Errors in the functioning of software occur most often, and as a result, a threat appears. All programs are developed by people, so human error and errors cannot be eliminated. Workstations, routers, servers are built on the work of people. The higher the complexity of the program, the greater the possibility of discovering errors in it and detecting vulnerabilities that lead to information security threats.

Some of these errors do not lead to undesirable results, for example, shutdown of the server, unauthorized use of resources, or system inoperability. Such platforms, where information was stolen, can become a platform for further attacks and pose a threat to information security.

To ensure the security of information in this case, you need to use updates. You can install them using packages produced by the developers. Installing unauthorized or unlicensed programs can only make the situation worse. There are also likely problems not only at the software level, but also in general related to protecting the security of information on the network.

A deliberate threat to information security is associated with the unlawful actions of a criminal. An information criminal can be a company employee, a visitor to an information resource, competitors or hired persons. There may be several reasons for committing a crime: monetary motives, dissatisfaction with the operation of the system and its safety, the desire to assert oneself.

It is possible to simulate the actions of an attacker in advance, especially if you know his goal and motives for his actions:

• A person has information about the functioning of the system, its data and parameters.
• The fraudster's skill and knowledge allow him to operate at the level of a developer.
• The criminal is able to choose the most vulnerable place in the system and freely penetrate the information and become a threat to it.
• An interested party can be anyone, either an employee or an outside attacker.

For example, for bank employees, we can identify the following intentional threats that can be realized during activities in the institution:

• Familiarization of enterprise employees with information that is inaccessible to them.
• Personal data of people who do not work in this bank.
• Software bookmarks with threats to the information system.
• Copying software and data without prior permission for personal use.
• Theft of printed information.
• Theft of electronic media.
• Deliberate removal of information in order to hide facts.
• Carrying out a local attack on an information system.
• Refusals of possible remote access control or denial of the fact of receiving data.
• Deleting banking data from the archive without authorization.
• Unauthorized correction of bank reports by a person not preparing the report.
• Changing the messages that pass along the communication paths.
• Unauthorized destruction of data that was damaged due to a virus attack.

Information Security Digest

Specific examples of violations of information security and data access

Unauthorized access is one of the most “popular” methods of computer crime. That is, a person who makes unauthorized access to a person’s information violates the rules that are fixed in the security policy. With such access, they openly take advantage of errors in the security system and penetrate to the core of information. Incorrect settings and settings of security methods also increase the possibility of unauthorized access. Access and threat to information security are carried out both by local methods and by special hardware installations.

With access, a fraudster can not only gain access to information and copy it, but also make changes and delete data. This is done using:

• interception of indirect electromagnetic radiation from equipment or its elements, from communication channels, power supplies or grounding grids;
• technological control panels;
• local data access lines (terminals of system administrators or employees);
• firewalls;
• error detection methods.

From the variety of access methods and threats to information, the main crimes can be roughly identified:

• Password interception;
• "Masquerade";
• Illegal use of privileges.

Password interception- a common access technique that most employees and those involved in information security have encountered. This fraud is possible with the participation of special programs that simulate a window on the monitor screen for entering a name and password. The entered data falls into the hands of an attacker, and then a message appears on the display indicating that the system is not operating properly. Then the authorization window may pop up again, after which the data again falls into the hands of the information interceptor, and thus full access to the system is ensured, and it is possible to make your own changes. There are other methods for intercepting passwords, so it is worth using password encryption during transmission, and this can be done using special programs or RSA.

The “Masquerade” method of threatening information is in many ways a continuation of the previous technique. The essence is actions in the information system on behalf of another person in the company’s network. There are the following possibilities for implementing the plans of attackers in the system:

• Transmitting false data in the system on behalf of another person.
• Getting into the information system using the data of another employee and further performing actions (with preliminary interception of the password).

“Masquerade” is especially dangerous in banking systems, where manipulations with payments lead the company to a loss, and blame and responsibility are placed on another person. In addition, bank clients suffer.

Illegal use of privileges- the name of the type of information theft and undermining the security of an information system speaks for itself. It is administrators who are endowed with the maximum list of actions; these people become victims of attackers. When using this tactic, a continuation of the “masquerade” occurs when an employee or a third party gains access to the system on behalf of the administrator and performs illegal manipulations bypassing the information security system.

But there is a nuance: in this version of the crime, you need to intercept the list of privileges from the system first. This can also happen due to the fault of the administrator himself. To do this, you need to find an error in the security system and penetrate it unauthorized.

Threats to information security can occur at a deliberate level during data transportation. This is relevant for telecommunications systems and information networks. Intentional infringement should not be confused with authorized modifications of information. The latter option is carried out by persons who have the authority and reasonable tasks requiring the changes. Violations lead to system rupture or complete data deletion.

There is also an information security threat that violates data confidentiality and secrecy. All information is received by a third party, that is, an outsider without access rights. Violation of confidentiality of information always occurs when unauthorized access to the system is obtained.

A threat to information security can disrupt the performance of a company or an individual employee. These are situations in which access to information or resources for obtaining it is blocked. One employee intentionally or accidentally creates a blocking situation, and the second at this time stumbles upon the blocking and receives a denial of service. For example, a failure is possible during channel or packet switching, and a threat also arises during the transmission of information via satellite systems. They are classified as primary or immediate options because their creation leads to a direct impact on the data under protection.

There are the following types of main threats to information security on a local scale:

• Computer viruses that violate information security. They have an impact on the information system of one computer or network of PCs after they enter the program and reproduce independently. Viruses can stop the operation of the system, but mostly they act locally;
• “Worms” are modifications of virus programs that lead the information system to a state of blocking and overload. The software activates and replicates itself every time the computer boots. Memory and communication channels are overloaded;
• "Trojan horses"- programs that are installed on a computer under the guise of useful software. But in reality, they copy personal files, transfer them to the attacker, and destroy useful information.

Even a computer's security system poses a number of security threats. Therefore, programmers need to consider the threat of inspecting security system parameters. Sometimes harmless network adapters can become a threat. It is important to first establish the parameters of the protection system, its characteristics and provide possible ways to bypass it. After a thorough analysis, you can understand which systems require the greatest degree of security (focus on vulnerabilities).

Disclosure of security system parameters is considered an indirect security threat. The fact is that disclosing the parameters will not allow the fraudster to implement his plan and copy the information or make changes to it. The attacker will only understand what principles should be followed and how to implement a direct threat to the protection of information security.

At large enterprises, methods that protect information security should be managed by a special company security service. Its employees must look for ways to influence information and eliminate all kinds of breakthroughs by attackers. A security policy is developed in accordance with local regulations, which is important to strictly observe. It is worth paying attention to eliminating the human factor, as well as maintaining in good working order all technical means related to information security.

Damage caused

The extent and manifestations of damage may vary:

• Moral and material damage, caused to individuals whose information was stolen.
• Financial damage caused by a fraudster in connection with the costs of restoring information systems.
• Material costs related to the inability to complete work due to changes in the information security system.
• Moral damage related to the business reputation of the company or resulting in disruption of relationships at the global level.

The person who committed the offense (gained unauthorized access to information, or security systems were hacked) has the possibility of causing damage. Also, damage can be caused regardless of the subject possessing the information, but as a result of external factors and influences (man-made disasters, natural disasters). In the first case, the guilt falls on the subject, and the crime is determined and punishment is imposed through judicial proceedings. Possible action:

• with criminal intent (direct or indirect);
• through negligence (without intentionally causing harm).

Responsibility for an offense in relation to information systems is chosen in accordance with the current legislation of the country, in particular, according to the criminal code in the first case. If a crime is committed through negligence and the damage is small, then the situation is considered by civil, administrative or arbitration law.

Damage to the information space is considered to be unfavorable consequences for the owner (in this case, information) associated with the loss of tangible property. Consequences arise as a result of the offense. Damage to information systems can be expressed in the form of a decrease in profit or loss of profit, which is regarded as lost profit.

The main thing is to go to court in time and find out the elements of the crime. Damage must be classified according to legal acts and proven in court proceedings, and it is also important to identify the extent of the actions of individuals, the amount of their punishment based on the law. Such crimes and security are most often dealt with by the cyber police or the country's security service, depending on the scope and significance of the interference in the information.

This stage is considered the most relevant today and is required by any enterprise. It is necessary to protect not only the PC, but also all technical devices that come into contact with information. All data can become a weapon in the hands of attackers, so the confidentiality of modern IT systems must be at the highest level.

Delays for the party attacking information security are possible only due to the passage of the security system. There are no absolute ways to protect yourself from threats, so the information security system always needs to be improved, since fraudsters will also improve their techniques. A universal method has not yet been invented that suits everyone and provides 100% protection. It is important to stop intruders from infiltrating at an early level.

In the modern society of information technology and the storage of huge databases on electronic media, issues of ensuring the security of information and types of information threats are not without idleness. Accidental and intentional actions of natural or artificial origin that can cause damage to the owner or user of information are the topic of this article.

Principles of ensuring security in the information sphere

The main principles of information security, the system for ensuring its safety and integrity are:

• Integrity of information data. This principle implies that information maintains content and structure as it is transmitted and stored. The right to create, change or destroy data is reserved only for users with the appropriate access status.
• Data privacy. It is understood that access to the data array has a clearly limited circle of users authorized in this system, thereby providing protection against unauthorized access to information.
• Availability of the data set. In accordance with this principle, authorized users receive timely and unhindered access to it.
• Reliability of information. This principle is expressed in the fact that information strictly belongs only to the subject from whom it was received and who is its source.

Security Challenges

Information security issues come to the fore when disruptions and errors in a computer system can lead to serious consequences. And the tasks of an information security system mean multifaceted and comprehensive measures. These include preventing misuse, damage, distortion, copying and blocking of information. This includes monitoring and preventing unauthorized access by persons without the appropriate level of authorization, preventing information leakage and all possible threats to its integrity and confidentiality. With the modern development of databases, security issues are becoming important not only for small and private users, but also for financial institutions and large corporations.

Classification of types of information security threats

By “threat” in this context we mean potentially possible actions, phenomena and processes that can lead to undesirable consequences or impacts on the operating system or information stored in it. In the modern world, a fairly large number of such information threats are known, the types of which are classified based on one of the criteria.

So, according to the nature of occurrence, they distinguish:

• Natural threats. These are those that arose as a result of physical influences or natural phenomena.
• Man-made threats. This type of information threat includes everything that is associated with human actions.

In accordance with the degree of intentionality, threats are divided into accidental and intentional.

Depending on the direct source of the threat to information security, it can be natural (for example, natural phenomena), human (violation of confidentiality of information by disclosing it), software and hardware. The latter type, in turn, can be divided into authorized (errors in the operation of operating systems) and unauthorized (website hacking and virus infection) threats.

Classification by source distance

Depending on the location of the source, there are 3 main types of information threats:

• Threats from a source outside the computer operating system. For example, interception of information at the time of its transmission through communication channels.
• Threats whose source is within the controlled operating system. For example, data theft or information leakage.
• Threats that arise within the system itself. For example, incorrect transfer or copying of a resource.

Other classifications

Regardless of the remoteness of the source, the type of information threat can be passive (the impact does not entail changes in the data structure) and active (the impact changes the structure of the data, the content of the computer system).

In addition, information threats may appear during the stages of access to a computer and be detected after authorized access (for example, unauthorized use of data).

Depending on their location, threats can be of 3 types: those that arise at the stage of accessing information located on external memory devices, in RAM, and in that which circulates along communication lines.

Some threats (for example, information theft) do not depend on system activity, others (viruses) are detected solely during data processing.

Unintentional (natural) threats

The mechanisms for implementing this type of information threat have been studied quite well, as have the methods for preventing them.

Accidents and natural (natural) phenomena pose a particular danger to computer systems. As a result of such impact, information becomes inaccessible (in whole or in part), it can be distorted or completely destroyed. An information security system cannot completely eliminate or prevent such threats.

Another danger is mistakes made when developing a computer system. For example, incorrect operating algorithms, incorrect software. These are the types of errors that are often used by attackers.

Another type of unintentional, but significant types of information security threats is the incompetence, negligence or inattention of users. In 65% of cases of weakened information security of systems, it was violations of functional responsibilities by users that led to loss, violations of confidentiality and integrity of information.

Deliberate information threats

This type of threat is characterized by a dynamic nature and the constant addition of new types and methods of targeted actions by violators.

In this area, attackers use special programs:

• Viruses are small programs that independently copy and spread throughout the system.
• Worms are utilities that are activated every time the computer boots. Like viruses, they are copied and independently spread in the system, which leads to its overload and blocking of work.
• Trojan horses are malicious programs hidden under useful applications. They can send information files to the attacker and destroy the system software.

But malware is not the only deliberate intrusion tool. Numerous methods of espionage are also used - wiretapping, theft of programs and security attributes, hacking and theft of documents. Password interception is most often done using special programs.

Industrial espionage

Statistics from the FBI and the Computer Security Institute (USA) indicate that 50% of intrusions are carried out by employees of companies or enterprises themselves. In addition to them, the subjects of such information threats include competing companies, creditors, buying and selling companies, as well as criminal elements.

Hackers and techno-rats are of particular concern. These are qualified users and programmers who hack websites and computer networks for profit or for sport.

How to protect information?

Despite the constant growth and dynamic development of various types of information threats, there are still methods of protection.

• Physical protection is the first stage of information security. This includes restricting access for unauthorized users and a access system, especially for access to the server department.
• The basic level of information protection includes programs that block computer viruses and anti-virus programs, systems for filtering correspondence of a dubious nature.
• Protection against DDoS attacks offered by software developers.
• Creating backup copies stored on other external media or in the so-called “cloud”.
• Disaster and data recovery plan. This method is important for large companies that want to protect themselves and reduce downtime in the event of a failure.
• Encryption of data when transmitting it using electronic media.

Information protection requires an integrated approach. And the more methods are used, the more effective the protection against unauthorized access, threats of destruction or damage to data, as well as theft will be.

A few facts to make you think

In 2016, 26% of banks experienced DDoS attacks.

One of the largest personal data leaks occurred in July 2017 at the Equifax credit history bureau (USA). The data of 143 million people and 209 thousand credit card numbers fell into the hands of attackers.

“Whoever owns the information owns the world.” This statement has not lost its relevance, especially when it comes to competition. Thus, in 2010, the presentation of the iPhone 4 was disrupted due to the fact that one of the employees forgot the prototype of the smartphone in a bar, and the student who found it sold the prototype to journalists. As a result, an exclusive review of the smartphone was published in the media several months before its official presentation.

Introduction

Information security threats. Classification of information security threats

Threats to information security in the CS

The main ways to obtain NSD information

Malware

Protection against unauthorized access

Virtual Private Networks

Firewall

Comprehensive protection

Conclusion

Introduction

Thanks to the rapid development of computer technology and computerization, the storage, processing and transmission of information in a computer environment have become an integral part of most activities due to convenience and speed, but, unfortunately, not reliability. Information, as a value, is very often the target of attackers. Therefore, ensuring reliable protection against information threats is a pressing topic.

The purpose of the work is a detailed examination of possible threats to a computer system and methods of protection against security threats.

Information security threats. Classification of information security threats

Before considering threats to information security, we should consider what the normal functioning of information systems (IS) is. Taken together, the normal functioning of an IS is a system that can timely and reliably present the requested information to the user without any threats. In case of any malfunction of the system and/or damage to the original information, you should pay attention to the means of protecting the computer system (CS).

To ensure reliable information security, it is paramount to analyze all factors that pose a threat to information security.

A threat to information security of a computer system is usually understood as a possible event (action) that can negatively impact the system and the information stored and processed in it. The list of possible threats today is quite large, so they are usually classified according to the following criteria:

By nature of occurrence:

natural threats

· artificial security threats

According to the degree of intentionality of manifestation:

· random

· deliberate

From direct source:

· natural environment

· Human

· authorized software and hardware

· unauthorized software and hardware

By position of the threat source:

outside the controlled area of ​​the CS (data interception)

within the controlled zone of the compressor station

According to the degree of impact on the CS:

· passive threats

· active threats

By stages of access to CS resources:

· threats that may appear at the stage of access to CS resources

· threats that appear after access is granted

According to the current location of information in the CS:

· threat of access to information on external storage devices

· threat of access to information in RAM (unauthorized access to memory)

· threat of access to information circulating in communication lines (through illegal connection)

By method of access to CS resources: threats that use a direct standard path to access resources using illegally obtained passwords or through unauthorized use of legitimate users’ terminals, threats that use a hidden non-standard path to access CS resources by bypassing existing security measures.

According to the degree of dependence on the activity of the CS:

· threats that appear regardless of the activity of the CS

· threats that appear only during data processing

unauthorized access security information

Threats to information security in the CS

Errors in the development of computer systems, software and hardware are a weak link that can become a starting point for an attack by attackers. The most common violation is perhaps unauthorized access (UNA). The causes of NSD may be:

· various security configuration errors;

Electronic lock

Due to the fact that the electronic lock operates in its own trusted software environment and implements all access control measures in it, the chances of an attacker gaining access to the system are reduced to zero

Before this hardware can function, it must first be installed and configured accordingly. The setup itself is assigned to the administrator (or other responsible person) and is divided into the following stages:

Creating a "white list", i.e. list of users who have access to the system. For each user, a key medium is generated (floppy disk, iButton electronic tablet or smart card), which is subsequently used for user authentication. The list of users is saved in the lock's non-volatile memory.

2. Formation of a list of files, the integrity of which is controlled by a lock before loading the computer’s operating system. Important operating system files are subject to control, for example the following:

§ Windows system libraries;

§ executable modules of the applications used;

§ Microsoft Word document templates, etc.

Monitoring the integrity of files is the calculation of their reference checksum, for example, hashing according to the GOST R 34.11-94 algorithm (Russian cryptographic standard for calculating a hash function), storing the calculated values ​​in the non-volatile memory of the lock and subsequent calculation of the actual checksums of the files and comparison with the reference ones.

In normal operation, the electronic lock receives control from the BIOS of the protected computer after the latter is turned on. At this stage, all actions to control access to the computer are performed:

The lock prompts the user for a medium containing key information necessary for his authentication. If key information in the required format is not provided or if the user identified by the provided information is not included in the list of users of the protected computer, the lock blocks the computer from loading.

If the user authentication is successful, the lock calculates the checksums of the files contained in the controlled list and compares the received checksums with the reference ones. If the integrity of at least one file from the list is damaged, the computer will be blocked from booting. To be able to continue working on this computer, it is necessary that the problem be resolved by the Administrator, who must find out the reason for the change in the controlled file and, depending on the situation, take one of the following actions to allow further work with the protected computer:

§ restore the original file;

§ remove a file from the list of controlled ones.

2. If all checks are successful, the lock returns control to the computer to load the standard operating system.

Actions to control access to the system

Because the above steps occur before the computer's operating system loads, the lock typically loads its own operating system (residing in its nonvolatile memory - typically MS-DOS or a similar, less resource-intensive OS) that performs user authentication and file integrity checks . This also makes sense from a security point of view - the lock’s own operating system is not subject to any external influences, which prevents an attacker from influencing the control processes described above.

There are a number of problems when using electronic locks, in particular:

The BIOS of some modern computers can be configured in such a way that control during boot is not transferred to the lock's BIOS. To counteract such settings, the lock must be able to block the computer from booting (for example, by closing the Reset contacts) if the lock does not receive control within a certain period of time after turning on the power.

2. An attacker can simply pull the lock out of the computer. However, there are a number of countermeasures:

· Various organizational and technical measures: sealing the computer case, ensuring that users do not have physical access to the computer system unit, etc.

· There are electronic locks that can lock the computer system case from the inside with a special lock at the command of the administrator - in this case, the lock cannot be removed without significant damage to the computer.

· Quite often, electronic locks are structurally combined with a hardware encryptor. In this case, the recommended security measure is to use a lock in conjunction with a software tool for transparent (automatic) encryption of the computer's logical drives. In this case, encryption keys can be derived from the keys used to authenticate users in an electronic lock, or separate keys, but stored on the same media as the user’s keys for logging into the computer. Such a comprehensive protection tool will not require the user to perform any additional actions, but will also not allow an attacker to gain access to information even if the electronic lock hardware is removed.

Protection against unauthorized access over the network

The most effective methods of protecting against unauthorized access over computer networks are virtual private networks (VPN - Virtual Private Network) and firewalling.

Virtual Private Networks

Virtual private networks automatically protect the integrity and confidentiality of messages transmitted over various public networks, primarily the Internet. In fact, a VPN is a collection of networks with VPN agents installed on the outer perimeter.

A set of networks with VPN agents installed on the external perimeter.

An agent is a program (or software and hardware complex) that actually ensures the protection of transmitted information by performing the operations described below.

Before sending any IP packet to the network, the VPN agent does the following:

Information about its addressee is extracted from the IP packet header. According to this information, based on the security policy of a given VPN agent, protection algorithms (if the VPN agent supports several algorithms) and cryptographic keys with which the given packet will be protected are selected. If the VPN agent's security policy does not provide for sending an IP packet to a given recipient or an IP packet with these characteristics, sending the IP packet is blocked.

2. Using the selected integrity protection algorithm, an electronic digital signature (EDS), an imitation prefix or a similar checksum is generated and added to the IP packet.

The IP packet is encrypted using the selected encryption algorithm.

Using the established packet encapsulation algorithm, the encrypted IP packet is placed into an IP packet ready for transmission, the header of which, instead of the original information about the recipient and the sender, contains information about the recipient's VPN agent and the sender's VPN agent, respectively. Those. Network address translation is performed.

The packet is sent to the destination VPN agent. If necessary, it is split and the resulting packets are sent one by one.

When receiving an IP packet, the VPN agent does the following:

From the header of an IP packet, information about its sender is extracted. If the sender is not allowed (according to the security policy) or is unknown (for example, when receiving a packet with a deliberately or accidentally corrupted header), the packet is not processed and is discarded.

2. According to the security policy, protection algorithms for this package and keys are selected, with the help of which the package will be decrypted and its integrity checked.

The information (encapsulated) part of the packet is isolated and decrypted.

The integrity of the package is monitored based on the selected algorithm. If an integrity violation is detected, the packet is discarded.

The packet is sent to the destination (over the internal network) according to the information in its original header.

The VPN agent can be located directly on the protected computer. In this case, it protects the information exchange of only the computer on which it is installed, but the principles of its operation described above remain unchanged.

The basic rule for building a VPN is that communication between a secure LAN and an open network should be carried out only through VPN agents. There should absolutely not be any communication methods that bypass the protective barrier in the form of a VPN agent. Those. a protected perimeter must be defined, communication with which can only be carried out through an appropriate means of protection.

A security policy is a set of rules according to which secure communication channels are established between VPN subscribers. Such channels are usually called tunnels, the analogy with which is seen in the following:

All information transmitted within one tunnel is protected from both unauthorized viewing and modification.

2. Encapsulation of IP packets makes it possible to hide the topology of the internal LAN: from the Internet, the exchange of information between two protected LANs is visible as an exchange of information only between their VPN agents, since all internal IP addresses in IP packets transmitted over the Internet in this case do not appear .

The rules for creating tunnels are formed depending on various characteristics of IP packets, for example, the IPSec (Security Architecture for IP) protocol, which is the main protocol used in the construction of most VPNs, establishes the following set of input data by which tunneling parameters are selected and a decision is made when filtering a specific IP packet:

Source IP address. This can be not only a single IP address, but also a subnet address or a range of addresses.

2. Destination IP address. There may also be a range of addresses specified explicitly, using a subnet mask or wildcard.

User ID (sender or recipient).

Transport layer protocol (TCP/UDP).

The port number from or to which the packet was sent.

Firewall

A firewall is a software or hardware-software tool that protects local networks and individual computers from unauthorized access from external networks by filtering the two-way flow of messages when exchanging information. In fact, a firewall is a “stripped-down” VPN agent that does not encrypt packets or control their integrity, but in some cases has a number of additional functions, the most common of which are the following:

Antivirus scanning;

2. monitoring the correctness of packets;

Monitoring the correctness of connections (for example, establishment, use and termination of TCP sessions);

Content control.

Firewalls that do not have the functions described above and only perform packet filtering are called packet filters.

By analogy with VPN agents, there are also personal firewalls that protect only the computer on which they are installed.

Firewalls are also located on the perimeter of protected networks and filter network traffic according to the configured security policy.

Comprehensive protection

An electronic lock can be developed based on a hardware encoder. In this case, you get one device that performs the functions of encryption, random number generation and protection against unauthorized access. Such an encryptor can be the security center of the entire computer; on its basis, you can build a fully functional cryptographic data protection system, providing, for example, the following capabilities:

Protecting your computer from physical access.

2. Protecting your computer from unauthorized access via the network and organizing a VPN.

On-demand file encryption.

Automatic encryption of computer logical drives.

Calculation/verification of digital signature.

Protecting email messages.

An example of organizing comprehensive protection

Conclusion

Information, as a value, is the object of constant attacks from attackers, because, as Nathan Rothschild said, Who owns the information, owns the world. There are many ways to gain unauthorized access to information and this list is constantly growing. In this regard, methods of protecting information do not provide a 100% guarantee that attackers will not be able to take possession of or damage it. Thus, it is almost impossible to predict how an attacker will act in the future, and timely response, threat analysis and verification of protection systems will help reduce the chances of information leakage, which, in general, justifies the relevance of the topic.

| Information Security

Lessons 6 - 8
Information Security

After studying this topic, you will learn:

What are the main goals and objectives of information security;
- what are information threats and how do they manifest themselves?
- what is the source of information threats;
- what methods exist to protect information from information threats.

Main goals and objectives of information security

Throughout the history of the development of civilization, reliable and complete information has always been a sought-after and expensive commodity. Modern society is characterized by an exponentially increasing amount of information that a person must perceive and process in the process of his activities.

How to protect information and make it possible to use it for its intended purpose and on time? The solution to this issue has been and still remains one of the most pressing tasks. The large-scale development of the informatization process has further aggravated this problem, since it is necessary to take into account not only the conditions of the traditional human environment, but also the environment that has appeared thanks to the widespread introduction of computer systems in various spheres of human activity.

The process of informatization inevitably leads to the integration of these environments, so the problem of information security must be solved, taking into account the entire set of conditions for the circulation of information, the creation and use of information resources in this new integrated environment, which is called the “information environment.”

The information environment is a set of conditions, tools and methods based on computer systems designed for the creation and use of information resources.

The set of factors that pose a danger to the functioning of the information environment is called information threats. Specific results of the impact of these threats can be: disappearance of information, modification of information, familiarization with information by unauthorized persons, etc.

Illegal impacts on the information environment can harm the interests of individuals and society, therefore one of the tasks of informatization is to ensure information security. The information environment must be protected from information threats, that is, not only the protection of information, but also the information security of the individual himself and the entire society.

Information security is a set of measures to protect the information environment of society and people.

The main goals of ensuring information security of society are:

♦ protection of national interests;
♦ providing individuals and society with reliable and complete information;
♦ legal protection of individuals and society when receiving, distributing and using information.

Objects that should be provided with information security include:

♦ information resources;
♦ system for creating, distributing and using information resources;
♦ information infrastructure of society (information communications, communication networks, data analysis and processing centers, systems and means of information protection);
♦ media;
♦ human and state rights to receive, disseminate and use information;
♦ protection of intellectual property and confidential information.

Information threats

Sources of information threats to individuals and society can be external and internal factors (Fig. 1.1).

Rice. 1.1. Sources of the main information threats for Russia

The sources of the main external threats to Russia include:

♦ country policies that prevent access to global advances in information technology;
♦ “information war”, disrupting the functioning of the information environment in the country;
♦ criminal activity directed against national interests.

The sources of the main internal threats for Russia include:

♦ lagging behind the leading countries of the world in terms of information technology;
♦ technological lag of the electronics industry in the production of information and telecommunications equipment;
♦ a decrease in the level of education of citizens, which prevents them from working in the information environment.

Information threats to information security can be divided into intentional (unauthorized access) and accidental (Fig. 1.2).

Rice. 1.2. Main types of information threats

Intentional threats are often called unauthorized access, attack, attack. These threats are associated with human actions, the reasons for which can be: self-affirmation of one’s abilities (hackers), dissatisfaction with one’s life situation, material interest, entertainment, etc. The list of deliberate influences on information can be very diverse and is determined by the capabilities and imagination of those who is going to implement them. Here are some possible intentional threats that are typical for computer systems:

♦ theft of information: unauthorized access to documents and files (viewing and copying data), theft of computers and storage media, destruction of information;
♦ distribution of computer viruses;
♦ physical impact on the equipment: making changes to the equipment, connecting to communication channels, damaging or destroying media, deliberate exposure to a magnetic field.

Intentional threats in computer systems can be carried out through information access channels:

♦ employee computer workstation;
♦ computer workstation for the computer system administrator;
♦ external storage media (disks, tapes, paper);
♦ external communication channels.

The most serious threat comes from computer viruses. Every day up to 300 new viruses appear. Viruses do not respect national borders, spreading throughout the world in a matter of hours. The damage caused by computer viruses can be varied, ranging from extraneous messages appearing on the monitor screen to the theft and deletion of information located on the infected computer. Moreover, these can be both system files of the operating environment, and office, accounting and other documents that are of certain value to the user. Financial damage from viruses in 2003, according to preliminary estimates, reached $12 billion.

Among malware, a special place is occupied by Trojan horses, which can be installed and launched on his computer unnoticed by the owner. Various versions of Trojan horses make it possible to view the contents of the screen, intercept commands entered from the keyboard, steal and change passwords and files, etc.

The Internet is increasingly being cited as the cause of information “sabotage.” This is due to the expansion of the range of services and electronic transactions carried out via the Internet. Increasingly, computer viruses come along with e-mail, free programs, and computer games. In 2003, two global epidemics occurred, the largest in the history of the Internet. It is noteworthy that the cause of the epidemics was not classic email worms, but their network modifications - worms that spread in the form of network data packets. They have become leaders in the ranking of malware. The share of “network worms” in the total mass of similar programs that appeared, for example, in 2003, exceeds 85%, the share of viruses is 9.84%, Trojan programs accounted for 4.87%.

Recently, network attacks have begun to appear among the common computer threats. Attacks by attackers are aimed at disabling certain nodes of a computer network. These attacks are called “denial of service”. Disabling some network nodes even for a limited time can lead to very serious consequences. For example, a failure to service a bank's payment system server will lead to the inability to make payments and, as a consequence, to large direct and indirect financial losses.

Random threats manifest themselves in the fact that information in the process of input, storage, processing, output and transmission is subject to various influences. The random factors that determine such impacts are associated with both unforeseen situations (force majeure circumstances) and the human factor (errors, negligence, negligence when working with information). So, for example, in computer systems the causes of random influences can be:

♦ computer user errors;
♦ errors of professional information system developers: algorithmic, software, structural;
♦ equipment failures and malfunctions, including interference and signal distortion on communication lines;
♦ force majeure (accident, fire, flood and other so-called force majeure).

Information security for various users of computer systems

The solution to the problem of information security is largely determined by the tasks that the user solves as a specialist in a particular field. Let's explain this with examples. Let's define several types of activities, for example:

♦ solving applied problems, which reflect the specifics of the activity of a particular specialist user;
♦ solving management problems, which is typical for any company;
♦ provision of information services in a specialized company, for example, an information center, library, etc.;
♦ commercial activities;
♦ banking activities.

Let's imagine these areas of activity in the form of a pyramid (Fig. 1.3). The size of each sector of the pyramid reflects the degree of mass consumption of information. It corresponds to the number of stakeholders (information consumers) who will need the result of the relevant information activity. The decrease in the volume of the sector as we move from the base of the pyramid to the top reflects the decrease in the degree of importance of information for the company and all stakeholders. Let us explain this as we consider each of the listed activities.

Rice. 1.3. Importance of information security
for various specialists from the company’s position and interested parties

When solving applied problems, the user works with personal information, sometimes using Internet resources as a source of information. Such a user, as a rule, is faced with the task of protecting his personal information. The information stored on his personal computer is the result of his intellectual activity, perhaps many years of research or collection. It has a significant degree of importance directly for the user.

When solving management problems, information systems play an important role, the implementation of which is unthinkable without a computer base. With the help of computers, organizational and administrative activities are carried out, personnel information is compiled and stored, and accounting is maintained. In this case, computers are an auxiliary tool that facilitates the work of employees. For external activities, network technologies are also used to exchange the necessary information. At the same time, to ensure the protection of information in the most important documents, they additionally use regular mail when sending them. The problem of information loss or distortion often affects individual employees, which can affect the success of their career. Thus, the management personnel in such a company are faced mainly with the task of ensuring the completeness of management documents.

For companies providing information services, such as Internet service providers or telecom operators, the most important task is to ensure the availability and trouble-free operation of information systems. The company’s rating and subscribers’ trust in it depend on this. It is necessary to invest money both in equipment (to ensure uninterrupted and stable communications), and in backup systems and means of detecting attacks that disrupt the availability of systems.

For the commercial activities of companies operating in conditions of fierce competition, the most important task is to prevent information leakage and maintain its confidentiality. This is due to the financial risks of companies in various transactions. Here, saving funds allocated for security can lead to large losses.

In banking, it is necessary to solve the problems of safety, confidentiality, and operational security, but the first priority is to ensure the integrity of information (for example, so that it is impossible to make unauthorized changes to processed payment orders).

Information security methods

When developing methods for protecting information in the information environment, the following important factors and conditions should be taken into account:

♦ expanding the areas of computer use and increasing the growth rate of the computer park (that is, the problem of information security should be solved at the level of technical means);
♦ a high degree of concentration of information in its processing centers and, as a consequence, the emergence of centralized databases intended for collective use;
♦ expanding user access to global information resources (modern data processing systems can serve an unlimited number of subscribers located hundreds and thousands of kilometers away);
♦ complication of software for the computing process on a computer.

In such operating modes, the computer’s memory can simultaneously contain programs and data sets of different users, which makes it important to preserve information from unwanted influences and protect it physically.

Traditional methods of protection against intentional information threats include: restricting access to information, encryption (cryptography) of information, control of access to equipment, and legislative measures. Let's look at these methods.

Restriction of access to information is carried out at two levels:

♦ at the level of the human environment, that is, by creating an artificial barrier around the protected object: issuing special passes to admitted persons, installing a security alarm or video surveillance system;
♦ at the level of protection of computer systems, for example, by dividing information circulating in a computer system into parts and organizing access to it for persons in accordance with their functional responsibilities. When protected at the software level, each user has a password that allows him to have access only to the information to which he is authorized.

Encryption (cryptography) of information consists of transforming (coding) words, letters, syllables, numbers using special algorithms. To get acquainted with encrypted information, the reverse process is needed - decoding. Encryption provides a significant increase in the security of data transmission over the network, as well as data stored on remote devices.

Access control to equipment means that all equipment is closed and sensors are installed at access points that are triggered when the equipment is opened. Such measures allow you to avoid, for example, connecting third-party devices, changing operating modes of the computer system, downloading third-party programs, etc.

Legislative measures consist of the implementation of laws, regulations, and instructions existing in the country regulating the legal liability of officials - users and service personnel for leakage, loss or modification of information entrusted to them.

When choosing information security methods for a specific computer network, a thorough analysis of all possible methods of unauthorized access to information is necessary. Based on the results of the analysis, measures are planned to ensure the necessary protection, that is, a security policy is developed.

Security policy is a set of technical, software and organizational measures aimed at protecting information on a computer network.

Let's consider some methods of protecting computer systems from intentional information threats, focusing on the diagram presented in Fig. 1.2.

Protection against information theft is usually carried out using special software. Unauthorized copying and distribution of programs and valuable computer information is theft of intellectual property. Protected programs are subject to preliminary processing that puts the executable code of the program in a state that prevents its execution on “foreign” computers (file encryption, insertion of password protection, checking the computer based on its unique characteristics, etc.). Another example of protection: to prevent unauthorized access to information on a local network, an access control system is introduced at both the hardware and software levels. An electronic key can be used as a hardware access control device, which can be connected, for example, to a printer connector.

To protect against computer viruses, “immune-resistant” software (analyzer programs) are used, which provide access control, self-monitoring and self-healing. Antivirus tools are the most common means of protecting information.

For physical protection of computer systems, special equipment is used to identify industrial espionage devices, to exclude the recording or retransmission of computer emissions, as well as speech and other information-carrying signals. This allows you to prevent the leakage of informative electromagnetic signals outside the protected area. The most effective means of protecting information in communication channels is the use of special protocols and cryptography (encryption).

To protect information from random information threats, for example, in computer systems, means are used to increase the reliability of equipment:

♦ increasing the reliability of electronic and mechanical components and elements;
♦ structural redundancy - duplication or tripling of elements, devices, subsystems;
♦ functional control with failure diagnostics, that is, detection of failures, malfunctions and software errors and elimination of their influence on the information processing process, as well as indicating the location of the failed element.

Every year the number of threats to the information security of computer systems and methods for their implementation are constantly increasing. The main reasons here are the shortcomings of modern information technologies and the ever-increasing complexity of the hardware. The efforts of numerous developers of software and hardware methods for protecting information in computer systems are aimed at overcoming these reasons.

Test questions and assignments

Tasks

1. Describe the information environment for the listed objects and indicate possible information threats for it:

a) school;
b) library;
c) your family;
d) supermarket;
e) cinema;
e) any other medium of your choice.

2. Using the Internet, write an abstract and make a report on methods and means of protecting information for the non-computer human environment.

3. List the most important factors and conditions that should be taken into account when developing methods for protecting information in the information environment. Illustrate your answer with a specific example of the information environment proposed in paragraph 1.

Control questions

1. What is the information environment?

2. How information security manifests itself:

a) person;
b) countries;
c) computer;
d) local network?

3. Which objects should be provided with information security?

4. What is an information threat?

5. What external information threats should be taken into account when developing information security measures in Russia?

6. What internal information threats should be taken into account when developing information security measures in Russia?

7. What deliberate information threats do you know? Give examples.

8. What random information threats do you know? Give examples.

9. What is the main goal of information security when solving user applications?

10. What is the main goal of information security when solving management problems?

11. What is the main goal of information security of a company specializing in the provision of information services?

12. What is the main purpose of information security in business?

13. What is the main goal of information security in banking?

14. What is a security policy?

15. What methods of protecting information from intentional information threats do you know?

16. What methods of protecting information from random information threats do you know?