home-Programs-Personal data processing cycle. Basic methods of information protection by technical means Organizational and technical means of information protection

Personal data processing cycle. Basic methods of information protection by technical means Organizational and technical means of information protection

Unlike legislative and administrative ones, they are designed to get rid of the human factor as much as possible. Indeed, compliance with legislative measures is conditioned only by integrity and fear of punishment. Compliance with administrative measures is monitored by people who can be deceived, bribed or intimidated. In this way, the exact execution of the established rules can be avoided. And in the case of the use of technical means of protection, a potential adversary is faced with a certain technical (mathematical, physical) problem that he needs to solve in order to gain access to information. At the same time, a simpler way should be available to the legitimate user, allowing him to work with the information provided to him without solving complex problems. Technical methods of protection include both a lock on the chest, which stores books, and storage media that self-destruct when attempting to misuse. True, such carriers are much more common in adventure films than in reality.

Applied to information security, technical methods protection are designed to provide a solution to information security problems.

Currently, in order to obtain confidential information by cybercriminals, including industrial spies, a wide variety of means and methods of penetrating objects are used, developed on the basis of the latest achievements of science and technology, using the latest technologies in the field of miniaturization in the interests of their secret use. To counter this onslaught, the security services are equipped with the necessary equipment that is not inferior in reliability and functionality intruders' equipment. Engineering and technical assurance of information security through the implementation of the necessary technical and organizational measures should exclude:

unauthorized access to information processing equipment by controlling access to production facilities;

unauthorized removal of information carriers by the personnel involved in data processing by means of the final control in the respective production facilities;

unauthorized entry of data into memory, change or erasure of information stored in memory;

unauthorized use of information processing systems and illegal acquisition of data as a result;

access to information processing systems by means of self-made devices and illegal acquisition of data;

the possibility of unauthorized transmission of data through a computer network;

uncontrolled data entry into the system;

processing of the customer's data without a corresponding indication of the latter;

unauthorized reading, modification or erasure of data in the process of their transfer or transportation of information carriers.

Methods for protecting information from most threats are based on engineering and technical measures. Engineering and technical protection is a combination of special bodies, technical means and activities that work together to perform a specific task of protecting information.

Engineering and technical protection uses the following means:

physical means;

hardware;

software;

cryptographic means.

Physical means include various engineering means and structures that prevent the physical penetration of intruders into the objects of protection and protect personnel (personal security equipment), material resources and finances, information from illegal actions.

According to the level of physical protection, all zones and production facilities can be subdivided into three groups:

carefully controlled areas with high level protection;

protected areas;

weakly protected areas.

Hardware includes devices, devices, fixtures and other technical solutions used in the interests of ensuring safety.

In the practice of any organization, a wide variety of equipment is widely used: from a telephone set to advanced automated information systems that ensure its production activities. The primary concern of hardware is robust business security.

Software-- this is special programs, software systems and information security systems in information systems for various purposes and data processing facilities.

Cryptographic means are special mathematical and algorithmic means of protecting information transmitted over communication networks, stored and processed on computers using encryption methods.

It is obvious that such a division of information systems security means is rather arbitrary, since in practice they very often interact and are implemented in a complex in the form of software and hardware implementation with the wide use of information closure algorithms.

It should be noted that the purpose of the above mechanisms can be varied. Some are designed to mitigate the risk of threats, others provide protection against these threats, and still others detect them. At the same time, for each of the mechanisms, cryptographic methods play an important role, which make it possible to create more advanced protection means.

When creating a physical security system (as well as information security in general), an analysis of threats (risks) as real (in this moment) and potential (in the future).

Based on the results of risk analysis using optimization tools, requirements are formed for the security system of a particular enterprise and facility in a particular situation. Overestimation of requirements leads to unjustified costs, underestimation - to an increase in the likelihood of threats being realized.

Information security tools is a set of engineering, electrical, electronic, optical and other devices and devices, devices and technical systems, as well as other proprietary elements used to solve various tasks of protecting information, including preventing leakage and ensuring the security of protected information.

In general, the means of ensuring the protection of information in terms of preventing deliberate actions, depending on the method of implementation, can be divided into groups:

  • Technical (hardware. These are devices of various types (mechanical, electromechanical, electronic, etc.) that solve information security problems with hardware. They either prevent physical penetration, or, if the penetration did take place, access to information, including by means of its disguise. The first part of the problem is solved by locks, window bars, security alarms, etc. The second - by noise generators, power filters, scanning radios and many other devices that "block" potential information leakage channels or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weak sides- insufficient flexibility, relatively large volume and weight, high cost.
  • Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the protection system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, the ability to modify and develop. Disadvantages - limited network functionality, the use of some of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware).
  • Mixed hardware / software implements the same functions as hardware and software separately, and has intermediate properties.
  • Organizational funds are made up of organizational and technical (preparation of rooms with computers, laying a cable system, taking into account the requirements of restricting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many diverse problems, are easy to implement, quickly react to unwanted actions in the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.

According to the degree of distribution and availability, software tools are allocated, other tools are used in cases where an additional level of information protection is required.

Information security software

  • Built-in information security
  • Antivirus program (antivirus) - a program for detecting computer viruses and disinfecting infected files, as well as for prophylaxis - preventing infection of files or operating system malicious code.
  • AhnLab from South Korea
  • ALWIL Software (avast!) - Czech Republic (free and paid versions)
  • AOL Virus Protection as part of AOL Safety and Security Center
  • ArcaVir - Poland
  • Authentium - UK
  • AVG (GriSoft) - Czech Republic (free and paid versions, including firewall)
  • Avira - Germany (free Classic version available)
  • AVZ - Russia (free); no real-time monitor
  • BitDefender - Romania
  • BullGuard - Denmark
  • ClamAV - GPL License (Free, open source source code); no real-time monitor
  • Computer Associates - USA
  • Dr.Web - Russia
  • Eset NOD32 - Slovakia
  • Fortinet - USA
  • Frisk Software - Iceland
  • F-PROT - Iceland
  • F-Secure - Finland (multi-engine product)
  • G-DATA - Germany (multi-engine product)
  • GeCAD - Romania (acquired by Microsoft in 2003)
  • IKARUS - Austria
  • H + BEDV - Germany
  • Hauri from South Korea
  • Microsoft Security Essentials - free antivirus from Microsoft
  • MicroWorld Technologies - India
  • MKS - Poland
  • MoonSecure - GPL license (free, open source), based on the ClamAV code, but has a real-time monitor
  • Norman from Norway
  • NuWave Software - Ukraine (using engines from AVG, Frisk, Lavasoft, Norman, Sunbelt)
  • Outpost - Russia (two anti-malware engines are used: anti-virus from VirusBuster and anti-spyware, formerly Tauscan, of its own design)
  • Panda Software - Spain
  • Quick Heal AntiVirus - India
  • Rising from China
  • ROSE SWE - Germany
  • Safe`n`Sec - Russia
  • Simple Antivirus - Ukraine
  • Sophos - UK
  • Spyware Doctor - Antivirus utility
  • Stiller Research
  • Sybari Software (acquired by Microsoft in early 2005)
  • Trend Micro - Japan (nominally Taiwan / US)
  • Trojan Hunter - antivirus utility
  • Universal Anti Virus - Ukraine (free)
  • VirusBuster - Hungary
  • ZoneAlarm AntiVirus - USA
  • Zillya! - Ukraine (free)
  • Kaspersky Anti-Virus - Russia
  • VirusBlokAda (VBA32) - Belarus
  • Ukrainian National Antivirus - Ukraine
  • Specialized software tools for protecting information from unauthorized access have generally better capabilities and characteristics than built-in tools. In addition to encryption programs and cryptographic systems, there are many other external security tools available. Of the most frequently mentioned solutions, the following two systems should be noted, which allow limiting and controlling information flows.
  • Firewalls (also called firewalls or firewalls - from him. Brandmauer, eng. firewall- "fire wall"). Special intermediate servers are created between the local and global networks, which inspect and filter all traffic of the network / transport layers passing through them. This allows you to dramatically reduce the threat of unauthorized access from outside to corporate networks but does not completely eliminate this hazard. A more secure form of the method is the masquerading method, when everything emanating from local network traffic is sent on behalf of the firewall server, making the local network virtually invisible.
Firewalls
Free of charge Ashampoo FireWall Free Comodo Core Force Online Armor PC Tools PeerGuardian Sygate ZoneAlarm
Proprietary Ashampoo FireWall Pro AVG Internet Security CA Personal Firewall Jetico Kaspersky Microsoft ISA Server Norton Outpost Trend Micro Windows Firewall Sunbelt WinRoute
Hardware Fortinet Cisco Juniper Check Point
FreeBSD Ipfw IPFilter
Mac OS NetBarrier X4 (eng.)
Linux Netfilter (Iptables Firestarter Iplist NuFW Shorewall)
  • Proxy-servers (proxy - power of attorney, trusted person). All network / transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java code, and JavaScript).
  • VPN (virtual private network) allows you to transmit secret information through networks where it is possible for unauthorized people to listen to traffic. Technologies used: PPTP, PPPoE, IPSec.

Information security hardware

Hardware protection means include various electronic, electro-mechanical, electro-optical devices. To date, a significant number of hardware for various purposes has been developed, but the following are most widely used:

  • special registers for storing security details: passwords, identification codes, signature stamps or secrecy levels;
  • devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him;
  • circuits for interrupting the transmission of information in the communication line in order to periodically check the address of the data output.
  • devices for encrypting information (cryptographic methods).

Technical means of information protection

To protect the perimeter of the information system, the following are being created: security and fire alarm systems; digital video surveillance systems; access control and management systems (ACS). Protection of information from its leakage by technical communication channels is provided by the following means and measures: using a shielded cable and laying wires and cables in shielded structures; installation of high-frequency filters on communication lines; construction of shielded rooms ("capsules"); use of shielded equipment; installation of active noise control systems; creation of controlled areas.

Financial vocabulary

Technical, cryptographic, software and other means designed to protect information constituting a state secret, the means in which they are implemented, as well as means of monitoring the effectiveness of information protection. EdwART. ... ... Emergency Dictionary

Information security tools- technical, cryptographic, software and other means designed to protect information constituting a state secret, the means in which they are implemented, as well as means of monitoring the effectiveness of information protection ...

To ensure the confidentiality of information, to protect the buildings of companies and firms from eavesdropping, to effectively counter industrial espionage, numerous methods and techniques are used to protect information. Many of these methods are based on the use of technical means of protecting information.

The existing technical means of protecting information for enterprises and organizations can be divided into several groups.
1) Devices for detecting and destroying unauthorized technical means of reconnaissance:
... nonlinear locators (investigate the response to the effect of an electromagnetic field);
... nonlinear locators of wire lines;
... magnetic resonance locators;
... roentgenometers;
... acoustic correlators;
... metal detectors;
... thermal imagers;
... search devices for changes in the magnetic field;
... electromagnetic radiation search devices - scanners, receivers, frequency meters, sound level meters, infrared radiation detectors, spectrum analyzers, microvoltmeter, radio emission detectors;
... search devices for changes in telephone line parameters. To identify connections to the telephone line, circuits are used - analyzers telephone lines, line status indicators based on microcircuits, parallel telephone blockers.

2) Passive means of protection of premises and equipment:
... jamming devices. Acoustic noise generators masking sound signal in rooms and communication lines (white noise with an amplitude spectrum distributed according to the normal law). Window glass modulators (make the amplitude of glass vibrations greater than that caused by a person's voice) - to prevent the interception of voice messages by special devices. Surge protectors that exclude the possibility of information leakage from power supply circuits.
... surveillance devices - open surveillance systems, secret surveillance systems;
... devices for automatic recording of telephone conversations.

3) Technical means cryptographic protection of information.

4) Special technical means of recognizing PC users.

Electronic keys of access to personal computers... The key contains a microprocessor; information unique to each user is entered into its storage device.
... fingerprint identification devices.
... voice identification devices. The individuality of the voice is influenced by both anatomical features and acquired habits of a person: the frequency range of vibration of the vocal cords, the frequency characteristics of the voice.

From the point of view of technical implementation, the most acceptable is the study of precisely the frequency characteristics. For this, special multichannel filters are used. Recognition of user commands is carried out by comparing the current data with a reference signal on each frequency channel.

The above list of technical means of protecting information is far from complete, and as modern science and technology develop, it is constantly updated, providing enterprises and organizations with additional methods and ways to protect confidential data and trade secrets.

In modern information systems (IS), information has two contradictory properties - availability and security from unauthorized access. In many cases, IS developers are faced with the problem of choosing the priority of one of these properties.

Information security is usually understood as ensuring its protection from unauthorized access. Moreover, under himself unauthorized access it is customary to understand the actions that entailed "... destruction, blocking, modification, or copying of information ..." (Criminal Code of the Russian Federation Art.272). All methods and means of protecting information can be conditionally divided into two large groups: formal and informal.

Rice. 1. Classification of methods and means of information protection

Formal methods and means

These are such means that perform their protective functions strictly formally, that is, according to a predetermined procedure and without the direct participation of a person.

Technical means

Technical means of protection are various electronic and electronic-mechanical devices that are included in the technical means of IC and perform some protection functions independently or in combination with other means.

Physical aids

Physical protection means physical and electronic devices, structural elements of buildings, fire extinguishing equipment, and a number of other means. They provide the following tasks:

  • protection of the territory and premises of the computing center from intruders;
  • protection of equipment and data carriers from damage or theft;
  • preventing the possibility of observing the work of personnel and the operation of equipment from outside the territory or through windows;
  • preventing the possibility of intercepting electromagnetic radiation from operating equipment and data transmission lines;
  • control over the work schedule of personnel;
  • organization of access to the premises of employees;
  • control over the movement of personnel in various working areas, etc.

Cryptographic methods and tools

Cryptographic methods and means are called special transformations of information, as a result of which its representation changes.

In accordance with the functions performed, cryptographic methods and tools can be divided into the following groups:

  • identification and authentication;
  • differentiation of access;
  • encryption of protected data;
  • protection of programs from unauthorized use;
  • information integrity control, etc.

Informal methods and means of information protection

Informal means are those that are realized as a result of purposeful activities of people, or regulate (directly or indirectly) this activity.

Informal means include:

Organizational means

These are organizational, technical and organizational and legal measures carried out in the process of creating and operating IP in order to ensure the protection of information. In terms of their content, all the many organizational measures can be conditionally divided into the following groups:

  • activities carried out during the creation of IP;
  • activities carried out in the course of IS operation: organization of access control, organization of automated information processing technology, organization of work in shifts, distribution of access control details (passwords, profiles, powers, etc.);
  • general measures: taking into account protection requirements in the selection and training of personnel, organizing scheduled and preventive checks of the protection mechanism, planning measures to protect information, etc.

Legislative means

These are legislative acts of the country, which regulate the rules for the use and processing of restricted information and establish measures of responsibility for violation of these rules. Five “core principles” can be formulated that underlie the system of data protection laws:

  • systems should not be created that accumulate a large amount of personal information, the activities of which would be classified;
  • there must be ways in which an individual can establish the fact of collecting personal information, find out what it is collected for, and how it will be used;
  • there must be guarantees that information obtained for one purpose will not be used for other purposes without informing the person to whom it relates to this;
  • there must be ways in which a person can correct information related to him and contained in the IP;
  • any organization that accumulates, stores and uses personal information must ensure the reliability of data storage when used appropriately and must take all measures to prevent misuse of data.

Moral - ethical standards

These norms can be either unwritten (generally accepted norms of honesty, patriotism, etc.) or written, i.e. formalized in a certain set of rules and regulations (charter).

On the other hand, all methods and means of information protection can be divided into two large groups according to the type of protected object. In the first case, the object is an information carrier, and all informal, technical and physical methods and means of information protection are used here. In the second case it comes about the information itself, and cryptographic methods are used to protect it.

The most dangerous (significant) threats to information security are:

  • violation of confidentiality (disclosure, leakage) of information constituting banking, judicial, medical and commercial secrets, as well as personal data;
  • disruption of performance (disorganization of work) of IS, blocking of information, disruption of technological processes, disruption of timely solution of problems;
  • violation of the integrity (distortion, substitution, destruction) of information, software and other IP resources, as well as falsification (forgery) of documents.

Below is a brief classification of possible channels of information leakage in IS - methods of organizing unauthorized access to information.

Indirect channels allowing unauthorized access to information without physical access to IS components:

  • the use of eavesdropping devices;
  • remote monitoring, video and photography;
  • interception electromagnetic radiation, registration of cross talk, etc.

Channels associated with access to IS elements, but not requiring changes to the system components, namely:

  • observation of information in the process of processing in order to memorize it;
  • theft of information carriers;
  • collection of industrial waste containing processed information;
  • deliberate reading of data from files of other users;
  • reading residual information, i.e. data remaining in the fields of storage devices after the execution of queries;
  • copying of information carriers;
  • deliberate use of registered users' terminals to access information;
  • disguise as a registered user by stealing passwords and other details of differentiating access to information used in IS;
  • the use of so-called "loopholes" for access to information, that is, the possibilities of bypassing the access control mechanism arising from imperfections and ambiguities of programming languages ​​and system-wide components software in IS.

Channels associated with access to IS elements and with changes in the structure of its components:

  • illegal connection of special recording equipment to system devices or to communication lines;
  • malicious modification of programs in such a way that these programs, along with the basic functions of information processing, also carry out unauthorized collection and registration of protected information;
  • malicious disabling of the protection mechanism.

1.3.3. Restricting access to information

In general, the system for protecting information from unauthorized access consists of three main processes:

  • identification;
  • authentication;
  • authorization.

At the same time, the participants in these processes are considered to be subjects - active components (users or programs) and objects - passive components (files, databases, etc.).

The task of identification, authentication and authorization systems is to define, verify and assign a set of powers of a subject when accessing an information system.

Identification the subject when accessing the IS is the process of comparing it with some stored system in some object, the characteristic of the subject - the identifier. In the future, the subject identifier is used to provide the subject with a certain level of rights and powers when using the information system.

Authentication subject is the procedure for verifying that an identifier belongs to a subject. Authentication is carried out on the basis of one or another secret element (authenticator), which both the subject and the information system have. Usually, in some object in the information system, called the account base, not the secret element itself is stored, but some information about it, on the basis of which a decision is made about the adequacy of the subject to the identifier.

Authorization subject is called the procedure for vesting him with the rights corresponding to his powers. Authorization is carried out only after the subject has successfully passed identification and authentication.

The entire identification and authentication process can be schematically represented as follows:

Rice. 2. Diagram of the identification and authentication process

2- the requirement to pass identification and authentication;

3- sending the identifier;

4- checking the availability of the received identifier in the database of accounts;

6- sending authenticators;

7- checking the correspondence of the received authenticator to the previously specified identifier using the account base.

It can be seen from the above diagram (Fig. 2) that to overcome the system of protection against unauthorized access, you can either change the work of the subject implementing the identification / authentication process, or change the content of the object - the database of accounts. In addition, it is necessary to distinguish between local and remote authentication.

With local authentication, we can assume that processes 1, 2, 3, 5, 6 take place in the protected zone, that is, the attacker does not have the ability to listen or change the transmitted information. In the case of remote authentication, one has to reckon with the fact that an attacker can take both passive and active participation in the process of sending identification / authentication information. Accordingly, such systems use special protocols that allow a subject to prove knowledge of confidential information without disclosing it (for example, an authentication protocol without disclosure).

The general scheme of information protection in IS can be represented as follows (Fig. 3):

Rice. 3. Removal of information protection in the information system

Thus, the entire information protection system in the IS can be divided into three levels. Even if an attacker manages to bypass the system of protection against unauthorized access, he will face the problem of finding the information he needs in the IS.

Semantic protection involves hiding the location of information. For these purposes, for example, a special format for recording on a medium or steganographic methods can be used, that is, hiding confidential information in container files that do not carry any significant information.

Currently, steganographic information protection methods are widely used in two most relevant areas:

  • hiding information;
  • copyright protection.

The last obstacle on the way of an attacker to confidential information is its cryptographic transformation. This transformation is called encryption. A brief classification of encryption systems is given below (Fig. 4):

Rice. 4. Classification of encryption systems

The main characteristics of any encryption system are:

  • key size;
  • the complexity of encryption / decryption of information for a legal user;
  • the complexity of "breaking" encrypted information.

It is now generally accepted that the encryption / decryption algorithm is open and well-known. Thus, only the key owned by the legal user is unknown. In many cases, it is the key that is the most vulnerable component of the information protection system against unauthorized access.

Of Microsoft's ten security laws, two are about passwords:

Law 5: "A weak password will violate the strongest security"

Law 7: "Encrypted data is protected only as much as the decryption key is."

That is why the choice, storage and change of the key in information security systems are especially essential... The key can be selected by the user independently or imposed by the system. In addition, it is customary to distinguish between three main forms of key material:

1.3.4. Technical means of information protection

In general, information protection by technical means is provided in the following options:
the source and medium of information are localized within the boundaries of the protected object and a mechanical barrier is provided from contact with an intruder or remote exposure to the fields of his technical means

  • the ratio of the energy of the carrier and the interference at the input of the receiver installed in the leakage channel is such that the attacker cannot remove information from the carrier with the quality necessary for its use;
  • an attacker cannot find the source or medium of information;
  • instead of true information, the attacker receives false information, which he accepts as true.

These options implement the following protection methods:

  • preventing the direct penetration of an attacker to the source of information with the help of engineering structures, technical means of protection;
  • hiding reliable information;
  • "slipping" false information to the attacker.

The use of engineering structures and security is the most ancient method of protecting people and material assets. The main task of technical means of protection is to prevent (prevent) direct contact of the attacker or the forces of nature with the objects of protection.

The objects of protection are understood as people and material values, as well as information carriers localized in space. Such media include paper, machine media, photographic and film films, products, materials, etc., that is, anything that has a clear size and weight. To organize the protection of such objects, such technical means of protection as burglar and fire alarms are usually used.

Information carriers in the form of electromagnetic and acoustic fields, electric current do not have clear boundaries and information hiding methods can be used to protect such information. These methods provide for such changes in the structure and energy of carriers, in which an attacker cannot, directly or with the help of technical means, extract information with a quality sufficient to use it in his own interests.

1.3.5. Information security software

These protections are designed specifically to protect computer information and are based on the use of cryptographic methods. The most common software tools are:

  • Programs for cryptographic processing (encryption / decryption) of information ("Verba" MO PNIEI www.security.ru; "Krypton" Ankad www.ancud.ru; "Secret Net" Informzashita www.infosec.ru; "Dallas Lock" Confident www. confident.ru and others);
  • Programs for protection against unauthorized access to information stored on a computer ("Sobol" Ankad www.ancud.ru and others);
  • Steganographic information processing programs ("Stegano2ET" and others);
  • Software for guaranteed destruction of information;
  • Systems of protection against unauthorized copying and use (using electronic keys, for example, the company Aladdin www.aladdin.ru and with reference to the unique properties of the information carrier "StarForce").

1.3.6. Anti-virus information protection

In general, we should talk about "malicious programs", this is how they are defined in the guidance documents of the State Technical Commission and in the existing legislative acts (for example, Article 273 of the Criminal Code of the Russian Federation "Creation, use and distribution malware for a computer "). All malware can be classified into five types:

  • Viruses- defined as chunks program code, which have the ability to generate objects with similar properties. Viruses, in turn, are classified according to their habitat (for example: boot -, macro -, etc. viruses) and by their destructive action.
  • Logic bombs- programs, the launch of which occurs only when certain conditions are met (for example: date, pressing a key combination, absence / presence of certain information, etc.).
  • Worms- programs that have the ability to spread over the network, transferring to the destination node not necessarily the entire program code at once - that is, they can "assemble" themselves from separate parts.
  • Trojans- programs that perform undocumented actions.
  • Bacteria- unlike viruses, this is an integral program that has the ability to reproduce their own kind.

At present, malicious programs practically do not exist in their "pure" form - they are all a symbiosis of the types listed above. That is, for example: a Trojan can contain a virus and, in turn, a virus can have the properties of a logic bomb. According to statistics, about 200 new malicious programs appear every day, with worms taking the lead, which is quite natural due to the rapid growth in the number of active Internet users.

It is recommended to use antivirus software packages as protection against malware (for example: DrWeb, AVP - domestic developments, or foreign ones, such as NAV, TrendMicro, Panda, etc.). The main diagnostic method for all available anti-virus systems is "signature analysis", that is, an attempt to check the received new information for the presence of a "signature" of a malicious program in it - a characteristic piece of program code. Unfortunately, this approach has two significant drawbacks:

  • Only known malware can be diagnosed, and this requires constant renewal bases of "signatures". This is exactly what one of Microsoft's security laws warns about:

Law 8: "Not Renewable antivirus program not much better than the complete absence of such a program "

  • The continuous increase in the number of new viruses leads to a significant increase in the size of the database of "signatures", which in turn causes a significant use of computer resources by the anti-virus program and, accordingly, slows down its work.

One of the known ways to improve the efficiency of diagnosing malicious programs is to use the so-called "heuristic method". In this case, an attempt is made to detect the presence of malicious programs, taking into account the known methods of their creation. However, unfortunately, if a highly qualified specialist took part in the development of the program, it is possible to detect it only after it manifests its destructive properties.

print version

Reader

Job title annotation

Workshops

Workshop title annotation

Presentations

Presentation title annotation

Whether you are an entrepreneur-businessman, public sector worker, politician, or just a private person, you should be interested in knowing how to protect yourself from the leakage of confidential information, what means you need to use for this, how to identify the channels of leakage of this information.

To create a system for protecting an object from information leakage through technical channels, it is necessary to take a number of measures. First of all, it is necessary to analyze the specific features of the location of buildings, premises in buildings, the area around them and the supplied communications. Then it is necessary to select those rooms inside which circulates confidential information and take into account the technical means used in them. Next, you should carry out the following technical measures:
- check the equipment used for compliance with the amount of spurious emissions to permissible levels;
- screen rooms with equipment or this equipment in rooms;
- rewire individual circuits, lines, cables;
- use special devices and means of passive and active protection.

It is important to emphasize that for each method of obtaining information through the technical channels of its leak, there is a method of counteraction, often more than one, that can minimize the threat. In this case, success depends on two factors: - on your competence in information security issues (or on the competence of those persons who are entrusted with this business) and on the availability of equipment necessary for protective measures. The first factor is more important than the second, since the most perfect equipment will remain a dead weight in the hands of an amateur.

In what cases is it advisable to carry out measures of protection against technical penetration? First of all, such work must be carried out proactively, without waiting for the thunder to strike. The role of an incentive can be played by information about the leakage of information discussed in a specific room by a narrow group of people, or processed on specific technical means. The impetus for action can be traces indicating the penetration of unauthorized persons into the premises of your company, or some strange phenomena associated with the equipment used (for example, suspicious noise in the phone).

When implementing a set of protective measures, do not seek to protect the entire building. The main thing is to restrict access to those places and equipment where confidential information is concentrated (not forgetting, of course, about the possibilities and methods of obtaining it remotely). In particular, the use of high-quality locks, alarms, good sound insulation of walls, doors, ceilings and floors, sound protection of ventilation ducts, holes and pipes passing through these rooms, dismantling of unnecessary wiring, as well as the use of special devices (noise generators, ZAS equipment, etc. etc.) will seriously complicate or make senseless attempts to introduce special equipment.

That is why, in order to develop and implement measures to protect information from leakage through technical channels, it is necessary to invite qualified specialists, or to train our own personnel for the relevant programs in the appropriate training centers. For brevity, let us agree that the abbreviation TSPI stands for Technical Means of Information Transmission.

Grounding TSPI

One of the most important conditions for the protection of TSPI is the correct grounding of these devices. In practice, most often it is necessary to deal with a radial grounding system, which has fewer common areas for the flow of signal and supply currents in the opposite direction (from the TSPI to outside observers).

It should be borne in mind that the grounding bus and the grounding loop should not have loops, but be made in the form of a branching tree, where the loop resistance does not exceed one ohm. This requirement is satisfied by the use of metal rods with high electrical conductivity, immersed in the ground and connected to the metal structures of the TSPI as ground electrodes. Most often these are steel pipes, vertically driven into the ground, 2-3 meters long and 35-50 mm in diameter. Pipes are good because they allow you to reach the moist layers of the earth, which have the highest conductivity and are not subject to drying out or freezing. In addition, the use of pipes is not associated with any significant excavation work.

The grounding resistance is mainly determined by the resistance to current spreading in the ground. Its value can be significantly reduced by reducing the transition resistance (between the ground electrode and the soil) by thoroughly cleaning the pipe surface from dirt and rust, pouring table salt into the hole along its entire height and compacting the soil around each pipe. Earthing switches (pipes) should be connected to each other by tires using welding. The cross-section of buses and grounding lines is recommended to take at least 24x4 mm in order to achieve mechanical strength and obtain sufficient conductivity.

Grounding mains outside the building should be laid at a depth of about 1.5 meters, and inside the building - along walls or special channels so that they can be regularly inspected. The mains are connected to the ground electrode only by welding, and the mains are connected to the TSPI with a bolted connection at one point. If several TSPIs are connected to the grounding line, they must be connected to the line in parallel (with a serial connection, disconnecting one TSPI can lead to the disconnection of all others). When arranging the grounding of TSPI, natural grounding conductors must not be used: metal structures of buildings with a connection to the ground, metal pipes laid in the ground, metal sheaths of underground cables.

Network filters

The occurrence of pickups in the power supply networks of the TSPI is most often due to the fact that they are connected to common power lines. Therefore, the mains filters perform two functions in the power supply circuits of the TSPI: protection of equipment from external impulse noise and protection from pickups created by the equipment itself. In this case, a single-phase power distribution system should be carried out by a transformer with a grounded midpoint, a three-phase system - by a high-voltage step-down transformer.

When choosing filters, it is necessary to take into account: rated values ​​of currents and voltages in power circuits, as well as permissible values ​​of voltage drop across the filter at maximum load; permissible values ​​of the reactive component of the current at the fundamental frequency of the supply voltage; required filter attenuation; mechanical characteristics of the filter (size, weight, housing type, installation method); the degree of screening of the filter from foreign fields.

The design of the filter should provide a significant reduction in the likelihood of secondary communication inside the housing between the input and output due to magnetic, electric or electromagnetic fields.

Shielding rooms

For the complete elimination of interference from TSPI in rooms, the lines of which go beyond the controlled area, it is necessary not only to suppress them in the wires extending from the source, but also to limit the scope of the electromagnetic field created by the system of its internal wiring. This problem is solved by shielding.

In theory, in terms of material cost and ease of manufacture, the advantages on the side of screens made of sheet steel... However, the use of mesh greatly simplifies ventilation and lighting issues. To resolve the issue of the screen material, it is necessary to know how many times it is required to attenuate the radiation levels of FTS. Most often it is between 10 and 30 times. Such efficiency is provided by a screen made of a single copper mesh with a cell of 2.5 mm, or of thin sheet galvanized steel with a thickness of 0.51 mm or more.
Metal sheets (or mesh panels) must be electrically firmly connected to each other along the entire perimeter, which is ensured by electric welding or soldering.

The doors of the premises must also be shielded, ensuring reliable electrical contact with the door frame around the entire perimeter at least every 10-15 mm. For this, a phosphor bronze spring comb is used, reinforcing it along the entire inner perimeter of the door frame. If there are windows in the room, they are tightened with one or two layers of copper mesh with a cell of not more than 2x2 mm, and the distance between the layers of the mesh should be at least 50 mm. Both layers must have good electrical contact with the walls of the room by means of the same comb made of phosphor bronze, or by soldering (if the mesh is not removable).

The dimensions of the shielded room are chosen based on its purpose, the availability of free space and the cost of work. Usually it is enough to have a room with an area of ​​6-8 sq. meters at a height of 2.5-3 meters.

Phone and fax protection

Like everyone electronic device, telephone and fax, as well as their communication lines radiate into the open space high levels fields in the frequency range up to 150 MHz. In order to completely suppress all types of radiation from these TSPI, it is necessary to filter out radiation in the wires of the microtelephone, in the wires extending from the device, and also to provide sufficient shielding of the internal circuit of the device. Both are possible only through significant reworking of apparatus designs and changes in their electrical parameters. In other words, it is required to protect the microphone circuit, the bell circuit and the two-wire line. telephone connection... The same applies to the problem of protecting communication lines that go beyond the premises with devices.

Generally speaking, this is a very serious problem, since such lines are almost always uncontrolled and a wide variety of information retrieval devices can be connected to them. There are two ways: first, special wires are used (shielded bifilar, trifilar, coaxial cable, shielded flat cable). Secondly, they systematically check with special equipment whether there is a fact of connection of information retrieval devices. The detection of induced signals is usually carried out at the border of the controlled area or at switching devices in distribution centers or distribution cabinets. Then either a specific connection point is determined, or (if such a determination is not possible) noise protection is arranged. But most effective method protection of information transmitted by telephone or fax - this is the use of ZAS (classified communication equipment). Abroad, these devices are called scramblers.

Protection against built-in and narrow-beam microphones

Microphones are known to convert sound into an electrical signal. Together with special amplifiers and filters, they can be used as eavesdropping devices. For this, a hidden wired communication line is created, which can only be detected by a physical search or (which is more difficult) by control measurements of signals in all wires available in the room. Radio monitoring methods that are effective for finding radio bookmarks are meaningless in this case. In addition to intercepting sound vibrations, special microphones-stethoscopes very well perceive sounds propagating along the building structures of buildings. With their help, they carry out eavesdropping through walls, doors and windows. Finally, there are a number of modifications of highly directional microphones that pick up and amplify sounds coming from only one direction, while attenuating all other sounds. These microphones take the form of a long tube, a battery of tubes, or a parabolic dish with a cone of a concentrator. They pick up the sounds of voices at distances of up to one kilometer!

To protect against narrow-beam microphones, the following measures can be recommended;
- to conduct all negotiations in rooms, isolated from neighboring rooms, with closed doors, windows and vents, closed black curtains. Walls should also be insulated from adjacent buildings;
- floors and ceilings should be isolated from unwanted proximity in the form of agents with microphones and other listening equipment;
-Do not make important conversations on the street, in squares and other open spaces, regardless of whether you are sitting or walking;
- remember that attempts to drown out the conversation with the sounds of water pouring from the tap (or from the fountain) are ineffective.

Similar publications: