How the owner can protect. Basic concepts of information protection and information security. Information security tools

Modern methods of processing, transmitting and storing information have contributed to the emergence of threats associated with the possibility of loss, distortion and disclosure of data addressed to or belonging to end users. Therefore, ensuring information security of computer systems and networks is one of the leading areas of IT development.

Let's consider the basic concepts of information protection and information security of computer systems and networks, taking into account the definitions of GOST R 50922-96.

Data protection - This is an activity to prevent leakage of protected information, unauthorized and unintentional impacts on protected information.

Object of protection - information, storage medium or information process that needs to be protected in accordance with the intended purpose of protecting the information.

The purpose of information protection is this is the desired outcome of information security. The purpose of information protection may be to prevent damage to the owner, possessor, or user of information as a result of possible information leakage and/or unauthorized and unintentional impact on information.

Efficiency of information protection - the degree to which the results of information protection correspond to the intended purpose.

Protecting information from leakage - activities to prevent the uncontrolled dissemination of protected information from its disclosure, unauthorized access (NAA) to protected information and the receipt of protected information by intruders.

Protection of information from disclosure - activities to prevent unauthorized distribution of protected information to an uncontrolled number of information recipients.

Protection of information from unauthorized access - activities to prevent the receipt of protected information by an interested subject in violation of the rights or rules of access to protected information established by legal documents or the owner or owner of the information. An interested party that carries out customs control over protected information may be the state, entity, a group of individuals, including a public organization, a separate individual.

Information security system - a set of bodies and/or performers, the information protection technology they use, as well as protection objects, organized and functioning according to the rules established by the relevant legal, organizational, administrative and regulatory documents on information protection.

Under information security understand the security of information from illegal access, transformation and destruction, as well as the security of information resources from influences aimed at disrupting their performance. The nature of these influences can be very diverse.

These include intruder attempts, personnel errors, failure of hardware and software, natural disasters (earthquake, hurricane, fire), etc.

Modern automated system(AS) information processing is a complex system consisting of a large number of components of varying degrees of autonomy that are interconnected and exchange data. Almost every component can be exposed to external influences or fail. Speaker components can be divided into the following groups:

• hardware - computers and their components (processors, monitors, terminals, peripheral devices - disk drives, printers, controllers, cables, communication lines, etc.);
• software - purchased programs, source, object, load modules; OS and system programs (compilers, linkers, etc.), utilities, diagnostic programs, etc.;
• data - stored temporarily and permanently, on magnetic media, printed, archives, system logs, etc.;
• staff - service personnel and users.

One of the features of ensuring information security in the AS is that such abstract concepts as information, objects and subjects of the system correspond to physical representations in the computer environment:

• for presenting information - computer storage media in the form of external devices of computer systems (terminals, printing devices, various storage devices, lines and communication channels), RAM, files, records, etc.;
• system objects - passive system components that store, receive, or transmit information. Access to an object means access to the information contained in it;
• subjects of the system - active components of a system that can cause a flow of information from an object to a subject or a change in the state of the system. Subjects can be users, active programs, and processes.

Information security of computer systems is achieved by ensuring the confidentiality, integrity and RELIABILITY of the processed data, as well as the availability and integrity of the information components and resources of the system. Listed above basic properties of information need a more complete interpretation.

Data privacy - it is the status given to data and determines the degree of protection it requires. Confidential data may include, for example, the following: personal information of users; accounts (names and passwords); credit card information; development data and various internal documents; accounting information. Confidential information should only be known to approved and verified (authorized) system subjects (users, processes, programs). For other subjects of the system, this information should be unknown.

Establishing gradations of importance of protecting protected information (object of protection) is called categorization of protected information.

Under integrity of information refers to the property of information to retain its structure and/or content during transmission and storage. The integrity of information is ensured if the data in the system does not differ semantically from the data in the source documents, i.e., if they have not been accidentally or intentionally distorted or destroyed. Ensuring data integrity is one of the complex tasks of information security.

Reliability of information - property of information, expressed in strict belonging to the subject who is its source, or to the subject from whom this information was received.

Legal significance of information means that the document that carries the information has legal force.

Data availability. The user can work with data only if he has access to it.

Access to the information - obtaining the opportunity for the subject to familiarize himself with the information, including using technical means. Subject of access to information - participant in legal relations in information processes.

Efficiency of access to information - is the ability of information or some information resource to be made available to the end user in accordance with his operational needs.

Owner of the information - a subject that fully exercises the powers of ownership, use, and disposal of information in accordance with legislative acts.

Owner of the information - a subject that owns and uses information and exercises the powers of disposal within the limits of the rights established by law and/or the owner of the information.

User (consumer) information - a subject using information received from its owner, holder or intermediary in accordance with established rights and rules for access to information or in violation of them.

Right of access to information - a set of rules for access to information established by legal documents or by the owner or possessor of information.

Information access rule - a set of rules regulating the procedure and conditions for a subject’s access to information and its media.

A distinction is made between authorized and unauthorized access to information.

Authorized access to information is access to information that does not violate the established rules of access control. Access control rules serve to regulate access rights to system components.

Unauthorized access to information - violation of established access control rules. A person or process that carries out access control to information is a violator of the rules of access control. NSD is the most common type of computer violation.

Responsible for protecting the computer system from unauthorized access to information is security administrator.

Availability of information also means component availability or resource computer system, i.e. the property of a component or resource to be accessible to legitimate subjects of the system. A sample list of resources that may be available includes: printers, servers, workstations, user data, any critical data required for operation.

Resource Integrity or system component - this is the property of a resource or component to be unchanged in the semantic sense when the system operates under conditions of random or intentional distortions or destructive influences.

Access to information and system resources is associated with a group of important concepts such as identification, authentication, and authorization. Each subject of the system (network) is associated with some information (number, string of characters) identifying the subject. This information is identifier subject of the system (network). The entity having the registered ID is legal (legal) subject. Subject identification - This is a procedure for recognizing a subject by his identifier. Identification is performed when a subject attempts to log into a system (network). The next step in the interaction of the system with the subject is the authentication of the subject. Subject Authentication - this is the authentication of a subject with a given identifier. The authentication procedure determines whether the subject is who he claims to be. After identifying and authenticating the subject, an authorization procedure is performed. Subject authorization - This is the procedure for providing a legitimate entity that has successfully passed identification and authentication with appropriate powers and available system (network) resources.

Under security threat AS are understood possible actions that can directly or indirectly harm its safety. Security Damage implies a violation of the security status of information contained and processed in the system (network). The concept of vulnerability of a computer system (network) is closely related to the concept of a security threat. Computer system vulnerability - it is an inherent unfortunate property of the system that can lead to the threat being realized. Attack on a computer system is the search and/or use by an attacker of one or another system vulnerability. In other words, an attack is the implementation of a security threat.

Countering security threats is the goal of protecting computer systems and networks.

Secure system - it is a system with protections that successfully and effectively counter security threats.

Information protection method - procedure and rules for applying certain principles and means of information protection.

Information security tool - technical, software tool, substance and/or material intended or used to protect information

Set of protective equipment(KSZ) - a set of software and hardware created and supported to ensure the information security of a system (network). The security system is created and maintained in accordance with the security policy adopted by the organization.

Information security technology - information protection means, means of monitoring the effectiveness of information protection, management tools and systems designed to ensure information protection.

Corporate networks refer to distributed automated systems (AS) that process information. Ensuring the safety of the system involves organizing counteraction to any unauthorized intrusion into the operation of the system, as well as attempts to modify, steal, disable or destroy its components, i.e., protecting all components of the system - hardware, software (software), data and personnel . A specific approach to the problem of ensuring security is based on the security policy developed for the AS.

Security policy - This is a set of norms, rules and practical recommendations that regulate the operation of means of protecting a computer system from a given set of threats. More detailed information about the types of security policy and the process of its development is provided in Chapter. 3.

Integrity means the impossibility of unauthorized or accidental destruction, as well as modification of information. Confidentiality of information means the impossibility of leakage and unauthorized acquisition of stored, transmitted or received information.

The following sources of threats to the security of information systems are known:

Anthropogenic sources caused by accidental or intentional actions of actors;
man-made sources leading to failures and malfunctions of hardware and software due to outdated software and hardware or software errors;
natural sources caused by natural disasters or force majeure.

In turn, anthropogenic sources of threats are divided into:

On internal (impact from company employees) and external (unauthorized interference by outsiders from external general-purpose networks) sources;
on unintentional (accidental) and intentional actions of subjects.

There are many possible directions of information leakage and ways of unauthorized access to it in systems and networks:

Interception of information;
modification of information (the original message or document is changed or replaced by another and sent to the addressee);
substitution of information authorship (someone may send a letter or document on your behalf);
exploitation of deficiencies in operating systems and application software;
copying storage media and files bypassing security measures;
illegal connection to equipment and communication lines;
masquerading as a registered user and appropriating his powers;
introduction of new users;
introduction of computer viruses and so on.

To ensure the security of information systems, information security systems are used, which represent a set of organizational and technological measures, software and hardware, and legal norms aimed at countering sources of threats to information security.

With an integrated approach, threat countermeasures are integrated to create a systems security architecture. It should be noted that any information security system is not completely safe. You always have to choose between the level of protection and the efficiency of information systems.

The means of protecting IP information from the actions of subjects include:

Means of protecting information from unauthorized access;
protection of information in computer networks;
cryptographic information protection;
electronic digital signature;
protecting information from computer viruses.

Means of protecting information from unauthorized access

Gaining access to information system resources involves performing three procedures: identification, authentication and authorization.

Identification - assigning unique names and codes (identifiers) to the user (object or subject of resources).

Authentication - establishing the identity of the user who provided the identifier or verifying that the person or device providing the identifier is actually who it claims to be. The most common method of authentication is to assign the user a password and store it on the computer.

Authorization is a check of authority or verification of a user's right to access specific resources and perform certain operations on them. Authorization is carried out to differentiate access rights to network and computer resources.

Protection of information in computer networks

Local enterprise networks are very often connected to the Internet. To protect local networks of companies, as a rule, firewalls are used. A firewall is a means of access control that allows you to divide a network into two parts (the border runs between the local network and the Internet) and create a set of rules that determine the conditions for the passage of packets from one part to the other. Screens can be implemented either in hardware or software.

Cryptographic information protection

To ensure the secrecy of information, encryption or cryptography is used. Encryption uses an algorithm or device that implements a specific algorithm. Encryption is controlled using a changing key code.

Encrypted information can only be retrieved using a key. Cryptography is very effective method, which increases the security of data transmission on computer networks and when exchanging information between remote computers.

Electronic digital signature

To exclude the possibility of modification of the original message or substitution of this message for others, it is necessary to transmit the message along with an electronic signature. An electronic digital signature is a sequence of characters obtained as a result of cryptographic transformation of the original message using a private key and allowing one to determine the integrity of the message and its authorship using a public key.

In other words, a message encrypted using a private key is called an electronic digital signature. The sender transmits the unencrypted message in its original form along with a digital signature. The recipient uses the public key to decrypt the message's character set from the digital signature and compares it with the unencrypted message's character set.

If the characters completely match, we can say that the received message has not been modified and belongs to its author.

Protecting information from computer viruses

A computer virus is a small malicious program that can independently create copies of itself and embed them in programs (executable files), documents, boot sectors of storage media and spread through communication channels.

Depending on the environment, the main types of computer viruses are:

1. Software viruses (affect files with the extension .COM and .EXE) viruses.
2. Boot viruses.
3. Macroviruses.
4. Network viruses.

Information security tools

In general, the means of ensuring information security in terms of preventing intentional actions, depending on the method of implementation, can be divided into groups:

Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.), which use hardware to solve information security problems. They prevent access to information, including by masking it. Hardware includes: noise generators, network filters, scanning radios and many other devices that “block” potential channels of information leakage or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses: insufficient flexibility, relatively large volume and weight, high cost.
Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the security system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, ability to modify and develop. Disadvantages - limited network functionality, use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware).
Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties.
Organizational means consist of organizational and technical (preparing premises with computers, laying a cable system, taking into account the requirements for limiting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including general organization work in a specific department.

Software tools are distinguished according to the degree of distribution and availability; other tools are used in cases where it is necessary to provide an additional level of information protection.

Firewalls (also called firewalls or firewalls - from German Brandmauer, English firewall - “fire wall”). Special intermediate servers are created between the local and global networks, which inspect and filter all network/transport level traffic passing through them. This allows you to dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger completely. A more secure version of the method is the masquerading method, when all traffic originating from the local network is sent on behalf of the firewall server, making the local network practically invisible.
A VPN (virtual private network) allows you to transmit sensitive information over networks where unauthorized people can eavesdrop on the traffic.

Hardware protection includes various electronic, electronic-mechanical, and electro-optical devices.

To date, a significant number of hardware devices for various purposes have been developed, but the most widespread are the following:

Special registers for storing security details: passwords, identification codes, classifications or security levels;
devices for measuring individual characteristics of a person (voice, fingerprints) for the purpose of identification;
circuits for interrupting the transmission of information in the communication line for the purpose of periodically checking the data output address;
devices for encrypting information (cryptographic methods);
trusted computer boot modules.

To protect the perimeter of the information system, the following are created:

Security and fire alarm systems;
digital video surveillance systems;
access control and management systems (ACS).

Protection of information from leakage through technical communication channels is ensured by the following means and measures:

Using shielded cable and laying wires and cables in shielded structures;
installation of high-frequency filters on communication lines;
construction of shielded rooms (“capsules”);
use of shielded equipment;
installation of active noise systems;
creation of controlled zones.

Information security of information

1. Systematic approach;
2.Complexity of the approach;
. Reasonable sufficiency of protective equipment;
. Reasonable redundancy of protective equipment;
. Flexibility of control and application;
. Openness of algorithms and protection mechanisms;
. Ease of application of protection, means and measures;
. Unification of protective equipment.

The information sphere (environment) is a field of activity associated with the creation, distribution, transformation and consumption of information. Any information security system has its own characteristics and at the same time must meet general requirements.

The general requirements for the information security system are the following:

1. The information security system must be presented as a whole. The integrity of the system will be expressed in the presence of a single goal for its functioning, information connections between its elements, and the hierarchy of the construction of the subsystem for managing the information security system.
2. The information security system must ensure the security of information, media and the protection of the interests of participants in information relations.
3. The information security system as a whole, methods and means of protection should be as “transparent” as possible for the user, not create large additional inconveniences associated with access procedures to information and at the same time be insurmountable to unauthorized access by an attacker to the protected information.
4. The information security system must provide information connections within the system between its elements for their coordinated functioning and communication with the external environment, before which the system manifests its integrity and acts as a single whole.

Thus, ensuring the security of information, including in computer systems, requires maintaining the following properties:

1. Integrity. The integrity of information lies in its existence in an undistorted form, not changed in relation to some of its original state.
2. Availability. This is a property that characterizes the ability to provide timely and unhindered user access to the data they are interested in.
3. Confidentiality. This is a property that indicates the need to introduce restrictions on access to it by a certain circle of users.

Security threat means possible danger(potential or actual) commission of any act (action or inaction) directed against the object of protection (information resources), causing damage to the owner or user, manifested in the danger of distortion, disclosure or loss of information. The implementation of a particular security threat can be carried out with the aim of violating the properties that ensure the security of information.

Information security systems

The state information protection system is formed by:

Federal Service for Technical and Export Control (FSTEC of Russia) and its central office;
FSB, MO, SVR, Ministry of Internal Affairs, their structural units on information protection;
structural and intersectoral divisions for information protection of public authorities;
special centers of FSTEC of Russia;
organizations for the protection of information of public authorities;
parent and leading research, scientific and technical, design and engineering institutions;
enterprises of defense industries, their information security divisions;
enterprises specializing in work in the field of information security;
universities, institutes for training and retraining specialists in the field of information security.

FSTEC of Russia is a federal executive body that implements state policy, organizes interdepartmental coordination and interaction, special and control functions in the field of state security on the following issues:

Ensuring information security in key information infrastructure systems;
countering foreign technical intelligence;
ensuring the protection of information containing state secrets using non-cryptographic methods;
preventing information leakage through technical channels and unauthorized access to it;
preventing special impacts on information (its media) for the purpose of obtaining it, destroying it, distorting it and blocking access to it.

The activities of the FSTEC of Russia are managed by the President of the Russian Federation.

Direct management of information protection work is carried out by the heads of government bodies and their deputies.

Technical commissions and intersectoral councils may be created within a government body.

Headquarters and leading research institutes of public authorities are developing scientific basis and concepts, draft regulatory, technical and methodological documents on information security. They are entrusted with the development and adjustment of foreign technical intelligence models.

Enterprises engaged in activities in the field of information security must obtain a license for this type of activity. Licenses are issued by the FSTEC of Russia, the FSB, and the SVR in accordance with their competence and upon the recommendation of a government authority.

Organization of information protection work is entrusted to the heads of organizations. For methodological guidance and control over ensuring information security, an information protection unit can be created or a person responsible (full-time or freelance) for information security can be appointed.

The development of the information protection system is carried out by the technical information protection department or the person responsible for this area in collaboration with developers and those responsible for the operation of ICT facilities. To carry out work on creating a RI system, specialized enterprises with appropriate licenses can be involved on a contractual basis.

Work on the creation of the RI system is carried out in three stages.

At stage I, technical specifications for the creation of information protection systems are developed:

A ban is introduced on the processing of secret (official) information at all TSOI facilities until the necessary protection measures are taken;
those responsible for organizing and carrying out work to create an information security system are appointed;
the divisions or individual specialists directly involved in carrying out the specified work are determined, the timing of the commissioning of the information protection system is determined;
an analysis of possible technical channels for leaking classified information is carried out;
a list of protected ICT objects is being developed;
categorization of OTSS, as well as VP, is carried out;
the security class of automated systems involved in the processing of secret (service) data is determined;
short circuit is determined;
the capabilities of technical and technical equipment and other sources of threats are assessed;
the need to attract specialized enterprises to create an information security system is substantiated;
technical specifications (TOR) for the creation of information protection systems are being developed.

Development technical projects for installation and assembly of TSIO is carried out by design organizations licensed by FSTEC.

At stage II:

A list of organizational and technical measures is being developed to protect ICT facilities in accordance with the requirements of the technical specifications;
the composition of mass-produced protected information security devices and certified information security equipment is determined, as well as the composition of technical equipment subject to special research and testing; technical passports are being developed for ICT facilities and instructions for ensuring information security at the stage of operation of technical equipment.

At stage III the following are carried out:

Conducting special research and special inspection of imported OTSS, as well as imported HTSS installed in designated premises;
placement and installation of technical equipment included in the TSOI facilities;
development and implementation of a permitting system for access to computer facilities and automated systems involved in the processing of secret (official) information;
acceptance testing of the information security system based on the results of its trial operation;
certification of TSOI objects according to information security requirements.

Information security technologies

All types of information threats can be divided into two large groups:

Failures and malfunctions of software and hardware;
- deliberate threats, planned in advance by attackers to cause harm.

The following main groups of causes of failures and failures in the operation of computer systems are distinguished:

Violations of the physical and logical integrity of data structures stored in RAM and external memory, arising due to aging or premature wear of their media;
- disturbances that occur in the operation of hardware due to their aging or premature wear;
- violations of the physical and logical integrity of data structures stored in RAM and external memory, arising due to incorrect use of computer resources;
- disturbances arising in the operation of hardware due to misuse or damage, including due to incorrect use of software;
- unresolved errors in software that were not identified during debugging and testing, as well as those remaining in hardware after their development.

In addition to natural ways to identify and timely eliminate the above reasons, the following special methods are used to protect information from malfunctions of computer systems:

Introducing structural, temporary, information and functional redundancy of computer resources;
- protection against incorrect use of computer system resources;
- identification and timely elimination of errors at the stages of software and hardware development.

Structural redundancy of computer resources is achieved by reserving hardware components and machine storage media, organizing the replacement of failed ones and timely replenishment of backup components. Structural redundancy forms the basis of other types of redundancy.

Information redundancy is introduced by periodic or constant (background) data backup on primary and backup media. Backed up data ensures the recovery of accidentally or intentionally destroyed and corrupted information. To restore the functionality of a computer system after a permanent failure occurs, in addition to backing up regular data, system information should also be backed up in advance, as well as recovery software should be prepared.

Functional redundancy of computer resources is achieved by duplicating functions or introducing additional functions into the software and hardware resources of a computer system to increase its protection from failures and failures, for example, periodic testing and recovery, as well as self-testing and self-healing of computer system components.

Protection against incorrect use of information resources lies in the correct functioning of the software from the perspective of using computer system resources. The program can perform its functions clearly and in a timely manner, but use computer resources incorrectly due to the lack of all necessary functions (for example, isolating sections of RAM for operating system and application programs, protecting system areas on external media, maintaining data integrity and consistency).

Identification and elimination of errors in the development of software and hardware is achieved through high-quality implementation of the basic stages of development based on system analysis concept, design and implementation of the project.

However, the main type of threats to the integrity and confidentiality of information are deliberate threats that are planned in advance by attackers to cause harm.

They can be divided into two groups:

Threats, the implementation of which is carried out with the constant participation of a person;
- threats, the implementation of which, after the attacker has developed the appropriate computer programs, is carried out by these programs without direct human participation.

The tasks for protecting against threats of each type are the same:

Prohibition of unauthorized access (UNA) to computer system resources;
- impossibility of unauthorized use of computer resources when accessing;
- timely detection of unauthorized actions, elimination of their causes and consequences.

The main way to prohibit unauthorized access to computer system resources is to confirm the authenticity of users and limit their access to information resources, which includes the following steps:

Identification;
- establishing authenticity (authentication);
- determination of powers for subsequent control and delimitation of access to computer resources.

Identification is necessary to indicate to the computer system a unique identifier of the user accessing it. The ID can be any sequence of characters and must be registered with the security administrator in advance.

During the registration process, the following information is entered:

Last name, first name, patronymic (if necessary, other user characteristics);
- unique user identifier;
- name of the authentication procedure;
- reference information for authentication (for example, password);
- restrictions on the reference information used (for example, password validity period);
- user authority to access computer resources.

Establishing authenticity (authentication) is to verify the authenticity of the user's authority.

Technical information protection

According to their functional purpose, engineering and technical protection means are divided into the following groups:

1) Physical means, including various means and structures that prevent physical penetration (or access) of attackers to protected objects and to material media of confidential information and protect personnel, material resources, finances and information from illegal influences.

Physical means include mechanical, electromechanical, electronic, electro-optical, radio and radio engineering and other devices to prohibit unauthorized access (entry-exit), carrying (removal) of funds and materials and other possible types of criminal acts.

These tools (technical information security) are used to solve the following problems:

1. protection of the enterprise territory and surveillance of it;
2. security of buildings, internal premises and control over them;
3. protection of equipment, products, finances and information;
4. implementation of controlled access to buildings and premises.

All physical means object protection can be divided into three categories: prevention tools, detection tools and threat elimination systems. Security alarms and CCTV, for example, are threat detection tools; fences around objects are a means of preventing unauthorized entry into the territory, and reinforced doors, walls, ceilings, bars on windows and other measures serve as protection against intrusion and other criminal activities. Fire extinguishing equipment refers to threat elimination systems.

In general terms, according to their physical nature and functional purpose, all products in this category can be divided into the following groups:

Security and fire protection systems;
CCTV;
security lighting;
means of physical protection;
hardware.

This includes instruments, devices, devices and other technical solutions used in the interests of information security. The main task of hardware is to ensure strong protection of information from disclosure, leakage and unauthorized access through technical means of supporting production activities;

2) Hardware information security means various technical devices, systems and structures (technical information security) designed to protect information from disclosure, leakage and unauthorized access.

The use of hardware information security allows you to solve the following problems:

Conducting special studies of technical equipment for possible channels of information leakage;
identifying channels of information leakage at different facilities and premises;
localization of information leakage channels;
search and detection of industrial espionage means;
countering unauthorized access (unauthorized access) to sources of confidential information and other actions.

According to their purpose, hardware is classified into detection means, search and detailed measurement means, active and passive countermeasures. At the same time, according to the technical capabilities, information security tools can be general purpose, designed for use by non-professionals in order to obtain overall ratings, and professional complexes that allow for a thorough search, detection and measurement of all characteristics of industrial espionage means.

Search equipment can be divided into equipment for searching for means of retrieving information and investigating channels for its leakage.

The first type of equipment is aimed at searching for and localizing illegal access control tools already introduced by attackers. The second type of equipment is intended to detect information leakage channels. The decisive factors for this type of system are the efficiency of the research and the reliability of the results obtained. Professional search equipment is usually very expensive and requires highly qualified specialists working with it. In this regard, organizations that constantly conduct relevant surveys can afford it.

3) Software tools. Software information protection is a system of special programs that implement information protection functions.

The following areas of use of programs to ensure the security of confidential information are distinguished:

Protection of information from unauthorized access;
protection of information from copying;
protecting information from viruses;
software protection of communication channels.

Protection of information from unauthorized access

To protect against foreign intrusion, certain security measures are required.

The main functions that must be performed by software are:

Identification of subjects and objects;
restriction of access to computing resources and information;
control and registration of actions with information and programs.

The identification and authentication procedure involves checking whether the person making access is who he claims to be.

The most common identification method is password identification. Practice has shown that password protection of data is a weak link, since the password can be eavesdropped or spied on, the password can be intercepted, or even simply guessed.

After completing identification and authentication procedures, the user gains access to the computer system, and information protection is carried out at three levels: hardware, software and data.

Copy protection

Copy protection prevents the use of illegal copies of software and is currently the only reliable means of protecting the copyright of developers. Copy protection means are means that ensure that a program performs its functions only when a unique, non-copyable element is identified. Such an element (called a key) can be a specific part of the computer or a special device.

Protecting information from destruction

One of the security tasks for all cases of computer use is to protect information from destruction.

Since the causes of information destruction are very diverse (unauthorized actions, software and hardware errors, computer viruses, etc.), protective measures are mandatory for everyone who uses a computer.

It is necessary to specifically note the danger of computer viruses. A computer virus is a small, quite complex and dangerous program that can independently reproduce, attach itself to other people’s programs and be transmitted over information networks. A virus is usually created to disrupt the operation of a computer different ways- from the “harmless” issuance of a message to erasing and destroying files. Antivirus is a program that detects and removes viruses.

4) Cryptographic tools are special mathematical and algorithmic means of protecting information transmitted over communication systems and networks, stored and processed on a computer using a variety of encryption methods.

The technical protection of information by transforming it so that it cannot be read by unauthorized persons has been of concern to people since ancient times. Cryptography must provide such a level of secrecy that critical information can be reliably protected from decryption by large organizations - such as the mafia, multinational corporations and large states. Cryptography in the past was used only for military purposes. However, now, with the emergence of the information society, it is becoming a tool for ensuring confidentiality, trust, authorization, electronic payments, corporate security and countless other important things. Why has the problem of using cryptographic methods become particularly relevant at the moment? On the one hand, the use of computer networks has expanded, in particular the global Internet, through which large volumes of information of a state, military, commercial and private nature are transmitted, preventing unauthorized persons from accessing it.

On the other hand, the emergence of new powerful computers, network and neural computing technologies has made it possible to discredit cryptographic systems, which until recently were considered practically undetectable.

Cryptology (kryptos - secret, logos - science) deals with the problem of protecting information by transforming it. Cryptology is divided into two areas - cryptography and cryptanalysis. The goals of these directions are directly opposite. Cryptography deals with the search and study of mathematical methods for converting information.

The area of ​​interest of cryptanalysis is the study of the possibility of decrypting information without knowing the keys.

Modern cryptography includes 4 major sections:

Symmetric cryptosystems.
Public key cryptosystems.
Electronic signature systems.
Key management.

The main areas of use of cryptographic methods are the transfer of confidential information through communication channels (for example, e-mail), establishing the authenticity of transmitted messages, storing information (documents, databases) on media in encrypted form.

Terminology

Cryptography makes it possible to transform information in such a way that its reading (recovery) is possible only if the key is known.

Texts based on a certain alphabet will be considered as information to be encrypted and decrypted. These terms mean the following.

An alphabet is a finite set of signs used to encode information. Text is an ordered set of alphabetic elements.

Encryption is a transformation process: the original text, also called plaintext, is replaced by ciphertext.

Decryption is the reverse process of encryption. Based on the key, the ciphertext is converted to the original one.

The key is the information necessary for the smooth encryption and decryption of texts.

The cryptographic system is a family of T [T1, T2, ..., Tk] plaintext transformations. Members of this family are indexed, or designated by the symbol "k"; parameter k is the key. The key space K is the set of possible key values. Usually the key is a sequential series of letters of the alphabet.

Cryptosystems are divided into symmetric and public key. In symmetric cryptosystems, the same key is used for both encryption and decryption.

Public key systems use two keys, a public key and a private key, that are mathematically related to each other. Information is encrypted using a public key, which is available to everyone, and decrypted using a private key, known only to the recipient of the message.

The terms key distribution and key management refer to the processes of an information processing system, the content of which is the compilation and distribution of keys between users.

An electronic (digital) signature is a cryptographic transformation attached to the text, which allows, when the text is received by another user, to verify the authorship and authenticity of the message.

Cryptographic strength is a characteristic of a cipher that determines its resistance to decryption without knowing the key (i.e., cryptanalysis).

The effectiveness of encryption to protect information depends on maintaining the secrecy of the key and the cryptographic strength of the cipher.

The simplest criterion for such efficiency is the probability of revealing the key or the power of the set of keys (M). Essentially, this is the same as cryptographic strength. To estimate it numerically, you can also use the complexity of solving the cipher by trying all the keys.

However, this criterion does not take into account other important requirements for cryptosystems:

Inability to disclose or meaningfully modify information based on analysis of its structure;
perfection of the security protocols used;
the minimum amount of key information used;
minimum complexity of implementation (in the number of machine operations), its cost;
high efficiency.

It is often more effective to use expert judgment and simulation when selecting and evaluating a cryptographic system.

In any case, the selected set of cryptographic methods must combine both convenience, flexibility and efficiency of use, and reliable protection from intruders circulating information in the IS.

This division of information security means (technical information security) is quite arbitrary, since in practice they very often interact and are implemented in a complex in the form of software and hardware modules with the widespread use of information closure algorithms.

Organization of information security

Information protection system is a set of bodies and/or performers, the information protection technology they use, as well as protection objects organized and functioning according to the rules established by the relevant legal, organizational, administrative and regulatory documents on information protection.

An information protection event is a set of actions to develop and/or practical application methods and means of information protection.

An event to monitor the effectiveness of information protection is a set of actions for the development and/or practical application of methods [methods] and means of monitoring the effectiveness of information protection.

Information security technology - means of information security, means of monitoring the effectiveness of information security, management tools and systems designed to ensure information security.

Object of protection - information or information carrier or information process in respect of which it is necessary to ensure protection in accordance with the stated purpose of information protection.

The method of protecting information is the procedure and rules for applying certain principles and means of protecting information.

Method [method] of monitoring the effectiveness of information protection - the procedure and rules for applying certain principles and means of monitoring the effectiveness of information protection.

Monitoring the state of information security - checking the compliance of the organization and the effectiveness of information security with established requirements and/or standards in the field of information security.

Information security tool is a technical, software tool, substance and/or material intended or used to protect information.

A means of monitoring the effectiveness of information protection is a technical, software tool, substance and/or material intended or used to monitor the effectiveness of information protection.

Control of the organization of information protection - checking the compliance of the state of the organization, the availability and content of documents with the requirements of legal, organizational, administrative and regulatory documents on information protection.

Monitoring the effectiveness of information protection - checking the compliance of the effectiveness of information protection measures with established requirements or standards for the effectiveness of information protection.

Organizational control of the effectiveness of information protection - checking the completeness and validity of information protection measures according to the requirements of regulatory documents on information protection.

Technical control of the effectiveness of information protection - control of the effectiveness of information protection carried out using control means.

Information - information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation.

Access to information - the subject obtaining the opportunity to familiarize himself with information, including using technical means.

Subject of access to information - subject of access: participant in legal relations in information processes.

Note: Information processes are the processes of creation, processing, storage, protection from internal and external threats, transmission, receipt, use and destruction of information.

An information carrier is an individual or a material object, including a physical field, in which information is reflected in the form of symbols, images, signals, technical solutions and processes.

The owner of information is a subject who fully exercises the powers of ownership, use, and disposal of information in accordance with legislative acts.

The owner of information is the subject who owns and uses information and exercises the powers of disposal within the limits of the rights established by law and/or the owner of the information.

User [consumer] of information is a subject who uses information received from its owner, possessor or intermediary in accordance with established rights and rules for access to information or in violation of them.

Right of access to information - right of access: a set of rules for access to information established by legal documents or by the owner, holder of information.

Rule of access to information - access rule: a set of rules regulating the procedure and conditions for a subject’s access to information and its media.

Information protection authority is an administrative body that organizes information protection.

Data Protection

Data encryption

You hear about data encryption almost every day, but it seems like no one uses it. I asked my friends if they use data encryption and none of them encrypt the data on their computers or external hard drives. And these are the people who do everything online: from ordering a taxi and ordering food to reading newspapers. The only thing you can do is encrypt the data. This is quite difficult to do on Windows or Mac, but if you do it once, you won't have to do anything else.

You can also use TrueCrypt to encrypt data on flash drives and external storage devices. Encryption is necessary so that if someone uses your computer, flash drive or external device to store information, no one will be able to view your files. Without knowing your password, they will not be able to log in and will not have access to any files and data stored on the disk. This brings us to the next step.

Use strong passwords

Of course, encryption won't cost anything if anyone can just turn on your computer and attack your system until they figure out the right password. Use only a strong password that consists of a combination of numbers, symbols and letters, as this will make it more difficult to guess. There are, of course, ways to get around any issues, but there are things that will help you get around this problem, more on them later.

Two-factor authentication

So, the problem is encryption and complex passwords can still be hacked while we send them over the internet. For example, in a cafe you use wireless Internet and go to a site that does not use the SSL protocol, that is, https in the address bar, at this time a hacker can easily intercept your password via a Wi-fi network.

How can you protect yourself in such a situation? First, don't work on an unsecured wireless network or public Wi-Fi network. It's very risky. Secondly, two authentication factors can be used. Basically this means that you need to create two types of information and two passwords to log into sites and use services. Google has two verification systems, which is great. Even if someone learned your complex Google password, they won't be able to access your data until they enter the six-digit code sent to your smartphone.

Essentially, in order to log in, they will need not only your password, but also your smartphone. This type of protection reduces your chances of being hacked. LastPass also works with Google Authenticator so you don't have to worry about your passwords. You will have one password and access code that will only be available to you. In order to log into Facebook, you will receive an SMS on your phone with a code that you must enter along with your password. Now your Facebook account will be difficult to hack.

Use Paypal. There is a special security key there. Its concept is this: you need to send an SMS with a code to log into the system. What about a Wordpress blog? It can also use Google Authenticator to protect your site from hackers. The good thing about two-factor authentication is that it is easy to use and is the most reliable system for protecting your data. Check your favorite sites to make sure they have two factor authentication.

Secure your network

Another aspect of security is the network you use to communicate with the outside world. Is this your home wireless network? Are you using WEP or WPA or WPA2? Do you use an insecure network in hotels, airports or cafes? The first thing you want to do is close your secure network since you spend most of your time on your computer. Do you want to protect yourself and choose as much as possible? high degree security. Check out my previous article which talks about Wi-Fi encryption.

There are many other things that can be done:

1. disable SSID broadcasting;
2. Enable MAC Address Filteirng;
3. Enable AP Isolation.

You can read about this and other types of security on the Internet. The second thing you want to do (actually, it might be the first thing) is change the username and password that is used to access your wireless router. It's great if you install WPA2 with AES, but if someone uses your router's IP address, that is, hacks your username and password, then they can block you from your own router.

Fortunately, you can always regain access to your router, but this is a very risky endeavor because someone could log into your router and then gain access to your network. Logging into the router will allow you to see all the clients that are connected to the router and their IP addresses. Buying a new wireless router and connecting to it for the first time is not a good idea. Be sure to turn on the firewall on your router and computer. This will prevent different applications from reaching certain ports on your computer when communicating.

Antivirus software

If a virus or malware gets onto your computer, then all your previous actions will be useless. Someone can control the virus and transfer your data to their server. Today, antivirus is a necessity, as is a good habit of inspecting your computer.

Information access protection

The main typical ways to obtain unauthorized information:

Theft of storage media;
copying storage media by overcoming security measures;
disguise as a registered user;
hoax (disguise as system requests);
exploiting the shortcomings of operating systems and programming languages;
interception of electronic radiation;
interception of acoustic radiation;
remote photography;
use of listening devices;
malicious disabling of protection mechanisms.

To protect information from unauthorized access, the following are used:

Organizational events.
Technical means.
Software.
Cryptography.

1. Organizational activities include:

Access mode;
storage of media and devices in a safe (floppy disks, monitor, keyboard);
restricting access of persons to computer rooms.

2. Technical means include various hardware methods for protecting information:

Filters, screens for equipment;
key to lock the keyboard;
authentication devices - for reading fingerprints, hand shape, iris, typing speed and techniques, etc.

3. Information security software consists of developing special software that would not allow an unauthorized person to obtain information from the system.

Password access;
lock the screen and keyboard using a key combination;
use of BIOS password protection (basic input-output system - basic input-output system).

4. A cryptographic method of protecting information means encrypting it when entering it into a computer system. The essence of this protection is that a certain encryption method (key) is applied to the document, after which the document becomes unreadable by ordinary means. Reading a document is possible if you have a key or use an adequate reading method. If the exchange of information uses the same key for encryption and reading, then the cryptographic process is symmetric. The disadvantage is that the key is transferred along with the document. Therefore, the INTERNET uses asymmetric cryptographic systems, where not one, but two keys are used. For work, 2 keys are used: one is open (public), and the other is closed (private). The keys are constructed in such a way that a message encrypted by one half can only be decrypted by the other half. By creating a key pair, the company distributes the public key widely and stores the private key securely.

Both keys represent a certain code sequence. The public key is published on the company server. Anyone can encrypt any message using the public key, and after encoding, only the owner of the private key can read it.

The principle of sufficiency of protection. Many users, having received someone else's public key, want to obtain and use them, studying the algorithm of the encryption mechanism and trying to establish a method for decrypting the message in order to reconstruct the private key. The principle of sufficiency is to check the number of combinations of a private key.

The concept of an electronic signature. Using an electronic signature, the client can communicate with the bank, giving orders to transfer his funds to the accounts of other persons or organizations. If you need to create an electronic signature, you should use a special program (received from the bank) to create the same 2 keys: private (remains with the client) and public (transferred to the bank).

Read protection is provided:

At the DOS level, the introduction of Hidden attributes for the file;
encryption.

The recording is protected:

Setting the ReadOnly property for files (read-only);
prohibiting writing to a floppy disk by moving or breaking off the lever;
prohibiting writing through the BIOS setting - “floppy drive not installed.”

When protecting information, the problem of reliable data destruction often arises, which is due to the following reasons:

When deleting, information is not completely erased;
Even after formatting a floppy disk or disk, data can be recovered using special means based on the residual magnetic field.

For secure deletion, special utilities are used that erase data by repeatedly writing a random sequence of zeros and ones in place of the deleted data.

Cryptographic information protection

Cryptography is the science of creating secure communication methods and creating strong (break-resistant) ciphers. She is searching for mathematical methods for converting information.

Cryptanalysis - this section is devoted to the study of the possibility of reading messages without knowing the keys, i.e. it is directly related to breaking ciphers. People involved in cryptanalysis and the study of ciphers are called cryptanalysts.

A cipher is a set of reversible transformations of a set of plaintexts (i.e., the original message) into a set of ciphertexts, carried out for the purpose of protecting them. The specific type of transformation is determined using the encryption key. Let's define a few more concepts that need to be learned in order to feel confident. First, encryption is the process of applying a cipher to plaintext. Secondly, decryption is the process of applying a cipher back to the ciphertext. And thirdly, decryption is an attempt to read the encrypted text without knowing the key, i.e. breaking a ciphertext or cipher. The difference between decryption and decryption should be emphasized here. The first action is carried out by a legitimate user who knows the key, and the second by a cryptanalyst or a powerful hacker.

A cryptographic system is a family of cipher transformations and a set of keys (i.e. algorithm + keys). The description of the algorithm itself is not a cryptosystem. Only when supplemented with key distribution and management schemes does it become a system. Examples of algorithms - descriptions of DES, GOST 28.147-89. Supplemented with key generation algorithms, they turn into cryptosystems. Typically, the description of the encryption algorithm already includes all the necessary parts.

Modern cryptosystems are classified as follows:

Cryptosystems can ensure not only the secrecy of transmitted messages, but also their authenticity (authenticity), as well as confirmation of the user’s authenticity.

Symmetric cryptosystems (with a secret key - secret key systems) - these cryptosystems are built on the basis of keeping the encryption key secret. The encryption and decryption processes use the same key. The secrecy of the key is a postulate. The main problem when using symmetric cryptosystems for communication is the difficulty of transmitting the secret key to both parties. However, these systems have high performance. Disclosure of a key by an attacker threatens to reveal only the information that was encrypted on this key. American and Russian encryption standards DES and GOST 28.147-89, candidates for AES - all these algorithms are representatives of symmetric cryptosystems.

Asymmetric cryptosystems (open encryption systems - o.sh., with a public key, etc. - public key systems) - the meaning of these cryptosystems is that different transformations are used for encryption and decryption. One of them - encryption - is absolutely open to everyone. The other - decrypted - remains secret. Thus, anyone who wants to encrypt anything uses an open transform. But only those who own the secret transformation can decipher and read it. Currently, in many asymmetric cryptosystems, the type of transformation is determined by the key. Those. The user has two keys - private and public. The public key is published in a public place, and anyone who wants to send a message to this user encrypts the text with the public key. Only the named user with the secret key can decrypt it. Thus, the problem of transmitting the secret key disappears (as in symmetric systems). However, despite all their advantages, these cryptosystems are quite labor-intensive and slow. The strength of asymmetric cryptosystems is based mainly on the algorithmic difficulty of solving any problem in an acceptable time. If an attacker manages to construct such an algorithm, then the entire system and all messages encrypted using this system will be discredited. This is the main danger of asymmetric cryptosystems, as opposed to symmetric ones. Examples - o.sh. systems RSA, O.S. system Rabin, etc.

One of the basic rules of cryptography (if we consider its commercial application, since at the state level everything is somewhat different) can be expressed as follows: breaking a cipher in order to read private information should cost an attacker much more than this information actually costs.

Secret writing

Secret writing refers to techniques by which the content of what was written was hidden from those who were not supposed to read the text.

Since ancient times, humanity has exchanged information by sending paper letters to each other. In Ancient Veliky Novgorod, it was necessary to roll up your birch bark letters with the words outward - only in this way could they be transported and stored, otherwise they would unfold spontaneously due to changes in humidity levels. It was similar to modern postcards, in which the text, as we know, is also open to prying eyes.

The sending of birch bark messages was very widespread, but had one serious drawback - the contents of the messages were in no way protected from selfish interests or the idle curiosity of some people. In this regard, over time, these messages began to be rolled up in a special way - so that the text of the message appeared from the inside. When this turned out to be insufficient, the letter began to be sealed with wax, and at a later time with a wax personal seal. Such seals have almost always been not only in fashion, but in everyday use. Typically, seals were made in the form of rings with raised pictures. The Hermitage's antique department houses a great many of them.

According to some historians, seals were invented by the Chinese, although the ancient cameos of Babylon, Egypt, Greece and Rome are practically no different from seals. Wax in ancient times, and sealing wax in ours, can help maintain the secrets of postal correspondence.

Very, very few exact dates and absolutely indisputable data about secret writing in ancient times have been preserved, so on our website many facts are presented through artistic analysis. However, along with the invention of ciphers, there were, of course, ways to hide text from prying eyes. IN ancient Greece, for example, for this purpose they once shaved a slave, put an inscription on his head, and, after the hair grew back, sent him on an errand to the addressee.

Encryption is a method of converting open information into private information and vice versa. It is used to store important information in unreliable sources or transmit it over unsecured communication channels. According to GOST 28147-89, encryption is divided into the process of encrypting and decrypting.

Steganography is the science of hidden transmission of information by keeping the very fact of transmission secret.

Unlike cryptography, which hides the contents of a secret message, steganography hides its very existence. Steganography is usually used in conjunction with cryptography methods, thus complementing it.

Basic principles of computer steganography and its areas of application

K. Shannon gave us a general theory of secret writing, which is the basis of steganography as a science. In modern computer steganography, there are two main types of files: a message, a file that is intended to be hidden, and a container file, which can be used to hide a message in it. There are two types of containers. The original container (or “Empty” container) is a container that does not contain hidden information. A result container (or “Filled” container) is a container that contains hidden information. The key is a secret element that determines the order in which the message is entered into the container.

The main provisions of modern computer steganography are the following:

1. Hiding methods must ensure the authenticity and integrity of the file.
2. It is assumed that the adversary is fully aware of the possible steganographic methods.
3. The security of the methods is based on the preservation, through steganographic transformation, of the basic properties of an openly transmitted file when a secret message and some information - a key - are entered into it.
4. Even if the fact of hiding a message became known to the enemy through an accomplice, retrieving the secret message itself is a complex computational problem.

Due to the increasing role of global computer networks, the importance of steganography is becoming increasingly important.

Analysis of information sources on the Internet computer network allows us to conclude that currently steganographic systems are actively used to solve the following main problems:

1. Protection of confidential information from unauthorized access;
2. Overcoming systems for monitoring and managing network resources;
3. Camouflage software;
4. Copyright protection for certain types of intellectual property.

Cryptographic strength (or cryptographic strength) is the ability of a cryptographic algorithm to withstand possible attacks on it. Attackers of the cryptographic algorithm use cryptanalysis techniques. An algorithm is considered resistant if, for a successful attack, it requires from the enemy unattainable computing resources, an unattainable volume of intercepted open and encrypted messages, or such a disclosure time that after its expiration the protected information will no longer be relevant, etc.

Information protection requirements

Documents are also divided into a number of areas:

Protection of information when processing information constituting state secrets;
protection of confidential information (including personal data);
protection of information in key information infrastructure systems.

Specific requirements for information protection are defined in the governing documents of the FSTEC of Russia.

When creating and operating state information systems (and these are all information systems of regional executive authorities), methods and means of protecting information must comply with the requirements of the FSTEC and the FSB of Russia.

Documents defining the procedure for protecting confidential information and protecting information in key information infrastructure systems are marked “For official use.” Documents on technical information protection, as a rule, are classified as “secret”.

Information security methods

The comprehensive protection system includes:

Legal methods of protection;
organizational methods of protection;
methods of protection against random threats;
methods of protection against traditional espionage and sabotage;
methods of protection against electromagnetic radiation and interference;
methods of protection against unauthorized access;
cryptographic protection methods;
methods of protection against computer viruses.

Among the protection methods there are also universal ones, which are basic when creating any protection system. These are, first of all, legal methods of information protection, which serve as the basis for the legitimate construction and use of a security system for any purpose. Universal methods also include organizational methods that are used in any protection system without exception and, as a rule, provide protection against several threats.

Methods of protection against random threats are developed and implemented at the stages of design, creation, implementation and operation of computer systems.

These include:

Creation of high reliability of computer systems;
creation of fault-tolerant computer systems;
blocking erroneous operations;
optimizing the interaction of users and service personnel with the computer system;
minimizing damage from accidents and natural disasters;
duplication of information.

When protecting information in computer systems from traditional espionage and sabotage, the same means and methods of protection are used as for protecting other objects that do not use computer systems.

These include:

Creation of a security system for the facility;
organization of work with confidential information resources;
countering surveillance and eavesdropping;
protection from malicious actions of personnel.

All methods of protection against electromagnetic radiation and interference can be divided into passive and active. Passive methods reduce the level of a dangerous signal or reduce the information content of signals. Active defense methods are aimed at creating interference in the channels of side electromagnetic radiation and interference, making it difficult to receive and extract useful information from signals intercepted by an attacker. Electronic components and magnetic storage devices can be affected by powerful external electromagnetic pulses and high-frequency radiation. These impacts can lead to malfunction of electronic components and erase information from magnetic storage media. To block the threat of such influence, shielding of protected means is used.

To protect information from unauthorized access, the following are created:

System for restricting access to information;
system of protection against research and copying of software.

The initial information for creating an access control system is the decision of the computer system administrator to allow users to access certain information resources. Since information in computer systems is stored, processed and transmitted in files (parts of files), access to information is regulated at the file level. In databases, access to its individual parts can be regulated according to certain rules. When defining access permissions, the administrator sets the operations that a user is allowed to perform.

The following operations with files are distinguished:

Reading (R);
recording;
execution of programs (E).

Write operations have two modifications:

The access subject may be given the right to write to change the contents of the file (W);
permission to add to the file without changing the old content (A).

The system of protection against research and copying of software includes the following methods:

Methods that make it difficult to read copied information;
methods that prevent the use of information.

Cryptographic protection of information is understood as such a transformation of source information, as a result of which it becomes inaccessible for review and use by persons who do not have the authority to do so.

Based on the type of impact on the original information, methods of cryptographic transformation of information are divided into the following groups:

Encryption;
shorthand;
coding;
compression.

Malicious programs and, above all, viruses pose a very serious danger to information in computer systems. Knowledge of the mechanisms of action of viruses, methods and means of combating them allows you to effectively organize counteraction to viruses, minimize the likelihood of infection and losses from their influence.

Computer viruses are small executable or interpreted programs that have the ability to spread and self-replicate in computer systems. Viruses can modify or destroy software or data stored on computer systems. Viruses can modify themselves as they spread.

All computer viruses are classified according to the following criteria:

By habitat;
by method of infection;
according to the degree of danger of harmful effects;
according to the functioning algorithm.

Based on their habitat, computer viruses are divided into:

Network;
file;
boot;
combined.

The habitat of network viruses is elements of computer networks. File viruses are located in executable files. Boot viruses are found in the boot sectors of external storage devices. Combination viruses reside in multiple habitats. For example, boot-file viruses.

Based on the method of infecting the environment, computer viruses are divided into:

Resident;
non-resident.

Resident viruses, after their activation, move completely or partially from their habitat to the computer’s RAM. These viruses, using, as a rule, privileged modes of operation that are allowed only to the operating system, infect the environment and, when certain conditions are met, implement a harmful function. Non-resident viruses enter the computer's RAM only for the duration of their activity, during which they perform a pest and infection function. Then they completely leave the working memory, remaining in the habitat.

According to the degree of danger to the user’s information resources, viruses are divided into:

Harmless;
dangerous;
very dangerous.

However, such viruses still cause some damage:

Consume computer system resources;
may contain errors that cause dangerous consequences for information resources;
Viruses created earlier can lead to violations of the standard algorithm of system operation when upgrading the operating system or hardware.

Dangerous viruses cause a significant reduction in the efficiency of a computer system, but do not lead to a violation of the integrity and confidentiality of information stored in storage devices.

Very dangerous viruses have the following harmful effects:

Cause a violation of confidentiality of information;
destroy information;
cause irreversible modification (including encryption) of information;
block access to information;
lead to hardware failure;
harm the health of users.

According to their functioning algorithm, viruses are divided into:

Do not change the habitat during their spread;
changing the environment as they spread.

To combat computer viruses, special antivirus tools and methods of their application are used.

Antivirus tools perform the following tasks:

Virus detection in computer systems;
blocking the operation of virus programs;
eliminating the effects of viruses.

Detection of viruses and blocking of virus programs is carried out using the following methods:

Scanning;
change detection;
heuristic analysis;
use of resident guards;
vaccination programs;
hardware and software protection.

Elimination of the consequences of exposure to viruses is carried out using the following methods:

System recovery after exposure to known viruses;
restoring the system after exposure to unknown viruses.

Protection of Russian information

Penetrating into all spheres of activity of society and the state, information acquires specific political, material and cost expressions. Taking into account the strengthening role of information at the present stage, the legal regulation of social relations arising in information sphere, is a priority direction of the rulemaking process in Russian Federation(RF), the purpose of which is to ensure the information security of the state.

The Constitution of the Russian Federation is the main source of law in the field of information security in Russia.

According to the Constitution of the Russian Federation:

Everyone has the right to privacy, personal and family secrets, to confidentiality of correspondence, telephone conversations, postal, telegraph and other messages (Article 23);
collection, storage, use and dissemination of information about the private life of a person without his consent is not allowed (Article 24);
everyone has the right to freely seek, receive, transmit, produce and disseminate information in any legal way; the list of information constituting a state secret is determined by federal law (Article 29);
everyone has the right to reliable information about their condition environment(Article 42).

The fundamental legislative act in Russia regulating relations in the information sphere (including those related to information protection) is the Federal Law “On Information, Informatization and Information Protection.”

The subject of regulation of this Law is social relations arising in three interrelated directions:

Formation and use of information resources;
creation and use of information technologies and means of supporting them;
protection of information, rights of subjects participating in information processes and informatization.

The Law provides definitions of the most important terms in the information sphere. According to Article 2 of the Law, information is information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation.

One of the significant achievements of the Law is the differentiation of information resources by access categories. According to the Law, documented information with limited access under the terms of its legal regime is divided into information classified as state secret and confidential.

The Law provides a list of information that is prohibited from being classified as restricted information. These are, first of all, legislative and other normative legal acts establishing the legal status of government bodies, local governments, organizations and public associations; documents containing information about emergency situations, environmental, demographic, sanitary-epidemiological, meteorological and other similar information; documents containing information on the activities of state authorities and local governments, on the use of budget funds, on the state of the economy and the needs of the population (with the exception of information classified as state secrets).

The Law also reflects issues related to the procedure for handling personal data, certification of information systems, technologies, means of supporting them, and licensing of activities for the formation and use of information resources.

Chapter 5 of the Law “Protection of information and rights of subjects in the field of information processes and informatization” is “basic” for Russian legislation in the field of information protection.

The main goals of information protection are:

Prevention of leakage, theft, loss, distortion and falsification of information (any information, including open information, is subject to protection);
preventing threats to the security of individuals, society and the state (that is, information protection is one of the ways to ensure the information security of the Russian Federation);
protection of the constitutional rights of citizens to maintain personal secrets and confidentiality of personal data available in information systems;
maintaining state secrets and confidentiality of documented information in accordance with the law.

Despite the fact that acceptance Federal Law“On information, informatization and information protection” is a definite “breakthrough” in information legislation; this Law has a number of shortcomings:

The law applies only to documented information, that is, to information that has already been received, objectified and recorded on a medium.
a number of articles of the Law are of a declarative nature and do not find practical application.
the definitions of some terms introduced by Article 2 of the Law are not formulated clearly and unambiguously.

The institution of state secrets occupies a priority place in the legislative system of any state. The reason for this is the amount of damage that can be caused to the state as a result of the disclosure of information constituting a state secret.

In recent years, legislation in the field of protection of state secrets has developed quite dynamically in the Russian Federation.

The legal regime of state secrets was established for the first time in history Russian state Law “On State Secrets”.

This Law is a special legislative act regulating relations arising in connection with the classification of information as state secrets, their declassification and protection.

According to the Law, state secret is information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational investigative activities, the dissemination of which could harm the security of the Russian Federation.

The law includes technical, cryptographic, software and other means intended to protect information constituting a state secret, the means in which they are implemented, as well as means of monitoring the effectiveness of information protection.

In order to optimize the types of information classified as confidential, the President of the Russian Federation, by his Decree No. 188, approved the List of Confidential Information, which identifies six main categories of information:

Personal Information.
The secrecy of investigation and legal proceedings.
Official secret.
Professional types of secrets (medical, notarial, lawyer, etc.).
Trade secret.
Information about the essence of the invention, utility model or industrial design before the official publication of information about them.

Currently, none of the listed institutions is regulated at the level of a special law, which, naturally, does not contribute to improving the protection of this information.

The main role in the creation of legal mechanisms for the protection of information is played by government authorities of the Russian Federation.

The President of the Russian Federation is the “guarantor” of the Constitution of the Russian Federation, the rights and freedoms (including information) of man and citizen, directs the activities of federal executive bodies in charge of security issues, issues decrees and orders on issues the essence of which is information security and information protection.

The Federal Assembly - the parliament of the Russian Federation, consisting of two chambers - the Federation Council and the State Duma, is the legislative body of the Russian Federation, forming the legislative framework in the field of information protection. The structure of the State Duma has a Committee on Information Policy, which organizes legislative activity in the information sphere. The Committee has developed the Concept of State Information Policy, which contains a section devoted to information legislation. The concept was approved at a meeting of the Permanent Chamber for State Information Policy of the Political Advisory Council under the President of the Russian Federation. In addition, other committees of the State Duma also participate in the preparation of bills aimed at improving legislation in the field of information protection.

Another body related to legal regulation in the field of information protection is the Security Council of the Russian Federation, formed by the President of the Russian Federation.

By Decree of the President of the Russian Federation No. 1037, in order to implement the tasks assigned to the Security Council of the Russian Federation in the field of ensuring information security of the Russian Federation, the Interdepartmental Commission of the Security Council of the Russian Federation on information security was created, one of the tasks of which is to prepare proposals for regulatory legal regulation issues of information security and information protection. In addition, the apparatus of the Security Council, in accordance with the Concept national security The Russian Federation has prepared a draft Information Security Doctrine of the Russian Federation.

A special role in the process of forming the regulatory legal framework in the field of information protection is played by the Interdepartmental Commission for the Protection of State Secrets, formed by Decree of the President of the Russian Federation No. 1108 in order to implement a unified state policy in the field of classifying information, as well as coordinating the activities of government bodies to protect state secrets in interests of development and implementation of government programs and regulations.

Based on the decisions of the Interdepartmental Commission, draft decrees and orders of the President of the Russian Federation, decrees and orders of the Government of the Russian Federation can be developed.

Decisions of the Interdepartmental Commission for the Protection of State Secrets, adopted in accordance with its powers, are binding on federal government bodies, government bodies of constituent entities of the Russian Federation, local government bodies, enterprises, institutions, organizations, officials and citizens.

Organizational and technical support for the activities of the Interdepartmental Commission is entrusted to the central apparatus of the State Technical Commission under the President of the Russian Federation (State Technical Commission of Russia).

The State Technical Commission of Russia is one of the main bodies solving problems of information protection in the Russian Federation.

The legal status of the State Technical Commission of Russia is defined in the Regulations on the State Technical Commission of Russia, approved by Decree of the President of the Russian Federation No. 212, as well as a number of other regulatory legal acts.

According to the Regulations, the State Technical Commission of Russia is a federal executive body that carries out intersectoral coordination and functional regulation of activities to ensure the protection (by non-cryptographic methods) of information containing information constituting state or official secrets from its leakage through technical channels, from unauthorized access to it, from special influences on information for the purpose of its destruction, distortion and blocking and to counteract technical means of intelligence on the territory of the Russian Federation (hereinafter referred to as technical protection of information).

In addition, the State Technical Commission of Russia has prepared a draft Catalog “Security of Information Technologies”, which will include the domestic regulatory legal framework in the field of technical information security, an analysis of foreign regulatory documents on information security, a list of licensees of the State Technical Commission of Russia, a list of certified information security means and many other interesting things. information specialists.

The main directions for improving legislation in the field of information security (including those related to information protection) are formulated in the draft Concept for improving the legal support for information security of the Russian Federation, which was developed by a working commission under the apparatus of the Security Council of the Russian Federation.

As for improving the legislation of the constituent entities of the Russian Federation, it will be aimed at forming within the framework unified system ensuring information security of the Russian Federation of regional systems for ensuring information security of the constituent entities of the Russian Federation.

Thus, despite the fact that in the Russian Federation there is quite a a short time A fairly extensive regulatory legal framework has been formed in the field of information security and information protection; currently there is an urgent need for its further improvement.

In conclusion, I would like to emphasize the international cooperation of the Russian Federation in the field of information security.

Taking into account historical experience, the Russian Federation considers the CIS member states as the main partners for cooperation in this area. However, the regulatory framework on information protection issues within the CIS is not sufficiently developed. It seems promising to carry out this cooperation in the direction of harmonization legislative framework states, their national systems of standardization, licensing, certification and training in the field of information security.

As part of the practical implementation of the Agreement on mutual ensuring the safety of interstate secrets, signed in Minsk, the Government of the Russian Federation concluded a number of international agreements in the field of information protection (with the Republic of Kazakhstan, the Republic of Belarus and Ukraine).

Protection of information from unauthorized access

The number of computer crimes is growing, and the scale of computer abuse is also increasing. According to US experts, the damage from computer crimes is increasing by 35 percent per year. One reason is the amount of money generated by the crime: while the average computer crime costs $560,000, a bank robbery costs only $19,000.

According to the University of Minnesota, 93% of companies that lost access to their data for more than 10 days went out of business, and half of them declared insolvency immediately.

The number of employees in an organization with access to computer equipment and information technology is constantly growing. Access to information is no longer limited to only a small circle of people at the top of the organization. How more people gains access to information technology and computer equipment, the more opportunities there are to commit computer crimes.

Anyone can be a computer criminal.

The typical computer criminal is not a young hacker using the phone and home computer to gain access to large computers. The typical computer criminal is an employee who is allowed access to a system of which he is a non-technical user. In the United States, white-collar computer crimes account for 70-80 percent of annual computer-related losses.

Signs of computer crimes:

Unauthorized use of computer time;
unauthorized attempts to access data files;
theft of computer parts;
software theft;
physical destruction of equipment;
destruction of data or programs;
unauthorized possession of floppy disks, tapes or printouts.

These are just the most obvious signs that you should pay attention to when identifying computer crimes. Sometimes these signs indicate that a crime has already been committed, or that protective measures are not being followed. They may also indicate the presence vulnerabilities and indicate where the security gap is. While signs can help identify crime or abuse, protective measures can help prevent it.

Information protection is the activity of preventing the loss and leakage of protected information.

Information security refers to measures to protect information from unauthorized access, destruction, modification, disclosure and delays in access. Information security includes measures to protect the processes of data creation, input, processing and output.

Information security ensures that the following goals are achieved:

Confidentiality of critical information;
integrity of information and related processes (creation, input, processing and output);
availability of information when needed;
accounting of all processes related to information.

Critical data refers to data that requires protection due to the likelihood of damage and its magnitude in the event that accidental or intentional disclosure, modification, or destruction of the data occurs. Critical data also includes data that, if misused or disclosed, could negatively impact the organization's ability to accomplish its missions; personal data and other data, the protection of which is required by decrees of the President of the Russian Federation, laws of the Russian Federation and other by-laws.

Any security system, in principle, can be hacked. Protection is considered effective if the cost of hacking is commensurate with the value of the information obtained.

With regard to means of protection against unauthorized access, seven security classes (1 - 7) of computer equipment and nine classes (1A, 1B, 1B, 1G, 1D, 2A, 2B, 3A, 3B) of automated systems are defined. For computer equipment, the lowest is class 7, and for automated systems - 3B.

There are four levels of protection for computer and information resources:

Prevention assumes that only authorized personnel have access to protected information and technology.

Detection involves the early detection of crimes and abuses, even if security mechanisms have been bypassed.

The restriction reduces the amount of losses if a crime does occur, despite measures to prevent and detect it.

Recovery ensures that information is effectively reconstructed with documented and verified recovery plans.

Security controls are measures put in place by management to ensure the security of information. Protection measures include the development of administrative guidelines, installation of hardware devices or additional programs, the main purpose of which is to prevent crime and abuse.

Formation of an information security regime is a complex problem. Measures to solve it can be divided into four levels:

Legislative: laws, regulations, standards, etc.;
- administrative: general actions taken by the organization’s management;
- procedural: specific security measures dealing with people;
- software and hardware: specific technical measures.

Currently, the most detailed legislative document in Russia in the field of information security is the Criminal Code. In the section “Crimes against public safety” there is a chapter “Crimes in the field of computer information”. It contains three articles - “Illegal access to computer information”, “Creation, use and distribution of malicious computer programs” and “Violation of the rules for operating computers, computer systems or their networks”. The Criminal Code guards all aspects of information security - availability, integrity, confidentiality, providing penalties for "destruction, blocking, modification and copying of information, disruption of the operation of a computer, computer system or their network."

Let's consider some measures to protect the information security of computer systems.

User Authentication

This measure requires users to complete computer logon procedures as a means of identification when starting work. To authenticate the identity of each user, unique passwords, which are not combinations of user personal data, must be used for the user. It is necessary to implement security measures when administering passwords, and to familiarize users with the most common mistakes that allow a computer crime to be committed. If your computer has a built-in standard password, it must be changed.

An even more reliable solution is to organize access control to premises or to a specific computer on the network using identification plastic cards with a built-in microcircuit - the so-called microprocessor cards (smart cards). Their reliability is due primarily to the impossibility of copying or counterfeiting using a homemade method. Installation of a special reader for such cards is possible not only at the entrance to the premises where computers are located, but also directly at workstations and network servers.

There are also various devices for identifying a person using biometric information - iris, fingerprints, hand size, etc.

Password protection

The following rules are useful for password protection:

You cannot share your password with anyone;
the password must be difficult to guess;
to create a password you need to use lowercase and capital letters, or better yet, let the computer generate the password itself;
It is not recommended to use a password that is an address, an alias, the name of a relative, telephone number or anything obvious;
It is preferable to use long passwords, as they are more secure; it is best that the password consists of 6 or more characters;
the password should not be displayed on the computer screen when you enter it;
passwords must not appear on printouts;
You cannot write passwords on a table, wall or terminal, they must be kept in memory;
The password must be changed periodically and not on a schedule;
the most reliable person should be in the position of password administrator;
It is not recommended to use the same password for all employees in the group;
when an employee leaves, the password must be changed;
employees must sign for passwords.

An organization that handles critical data must have authorization procedures in place that determine which users should have access to which information and applications.

The organization must establish a procedure in which the permission of certain superiors is required to use computer resources, obtain permission to access information and applications, and obtain a password.

If information is processed in a large computer center, then it is necessary to control physical access to computer equipment. Methods such as logs, locks and passes, and security guards may be appropriate. The person responsible for information security must know who has the right to access the premises with computer equipment and expel unauthorized persons from there.

Precautions during operation

Disable unused terminals;
close the rooms where the terminals are located;
rotate computer screens so that they are not visible from doors, windows and other places that are not controlled;
install special equipment that limits the number of unsuccessful access attempts, or makes a call back to verify the identity of users using phones to access the computer;
use programs to shut down the terminal after a certain period of non-use;
turn off the system during non-working hours;
use systems that allow, after a user has logged in, to notify him of the time of his last session and the number of unsuccessful attempts to establish a session after that. This will make the user an integral part of the log inspection system.

Physical Security

Protected computer systems must take steps to prevent, detect, and minimize damage from fire, flood, pollution, heat, and power surges.

Fire alarms and fire extinguishing systems should be checked regularly. PCs can be protected with covers so that they are not damaged by the fire extinguishing system. Combustible materials should not be stored in these computer rooms.

The room temperature can be controlled by air conditioners and fans, as well as good ventilation in the room. Problems with excessive high temperature may occur in peripheral equipment racks or due to blocked ventilation holes in terminals or PCs, so regular inspection is necessary.

It is advisable to use air filters, which will help clean the air from substances that can harm computers and disks. Smoking, eating and drinking near the PC should be prohibited.

Computers should be located as far as possible from sources of large amounts of water, such as pipelines.

Protection of storage media (original documents, tapes, cartridges, disks, printouts)

Maintain, monitor and check registers of storage media;
train users in the correct methods of cleaning and destroying storage media;
make marks on storage media that reflect the level of criticality of the information contained in them;
destroy storage media in accordance with the organization's plan;
communicate all governing documents to employees;
store discs in envelopes, boxes, metal safes;
do not touch the surfaces of disks carrying information;
carefully insert discs into the computer and keep them away from sources magnetic field and sunlight;
remove disks and tapes that are not currently being worked with;
store discs arranged on shelves in a certain order;
do not give media containing critical information to unauthorized people;
discard or give away damaged disks with critical information only after they have been degaussed or a similar procedure;
destroy critical information on disks by demagnetizing them or physically destroying them in accordance with the order of the organization;
destroy printouts and ink ribbons from printers containing critical information in accordance with organizational procedures;
ensure the security of printouts of passwords and other information that allows you to access your computer.

Choosing reliable equipment

The performance and fault tolerance of an information system largely depends on the performance of the servers. If it is necessary to ensure round-the-clock uninterrupted operation of the information system, special fault-tolerant computers are used, i.e., those whose failure of an individual component does not lead to a machine failure.

The reliability of information systems is negatively affected by the presence of devices assembled from low-quality components and the use of unlicensed software. Excessive savings on personnel training, purchasing licensed software and high-quality equipment leads to a decrease in uptime and significant costs for subsequent system restoration.

Uninterruptible power supplies

A computer system is energy-intensive, and therefore the first condition for its functioning is an uninterrupted supply of electricity. A necessary part of the information system should be uninterruptible power supplies for servers, and, if possible, for all local workstations. It is also recommended to duplicate the power supply using various city substations. To radically solve the problem, you can install backup power lines from the organization’s own generator.

Developing adequate business continuity and recovery plans

The purpose of business continuity and recovery plans is to ensure that users can continue to perform their most essential responsibilities in the event of an information technology disruption. Maintenance personnel must know how to proceed with these plans.

Business continuity and recovery plans (CRPs) should be written, reviewed and regularly communicated to employees. The plan's procedures must be adequate to the level of security and criticality of the information. The NRT plan can be used in times of confusion and panic, so staff should be trained regularly.

Backup

One of the key points to ensure system recovery in the event of a disaster is backup of working programs and data. In local networks where several servers are installed, most often the backup system is installed directly into the free slots of the servers. In large corporate networks, preference is given to a dedicated specialized archiving server, which automatically archives information from the hard drives of servers and workstations at a certain time set by the network administrator, issuing a report on the backup performed.

For archival information of particular value, it is recommended to provide a security room. It is better to store duplicates of the most valuable data in another building or even in another city. The latter measure makes the data invulnerable in the event of a fire or other natural disaster.

Duplication, multiplexing and redundancy of offices

In addition to backup, which is carried out in the event of an emergency or according to a pre-set schedule, special technologies are used to ensure greater safety of data on hard drives - disk mirroring and the creation of RAID arrays, which are a combination of several hard drives. When recording, information is distributed equally between them, so that if one of the disks fails, the data on it can be restored using the contents of the others.

Clustering technology involves multiple computers functioning as a single unit. As a rule, servers are clustered. One of the cluster servers can operate in hot standby mode, fully ready to begin performing the functions of the main machine in the event of its failure. A continuation of clustering technology is distributed clustering, in which several cluster servers separated over a long distance are united through a global network.

Distributed clusters are close to the concept of backup offices, focused on ensuring the life of an enterprise in the event of the destruction of its central premises. Backup offices are divided into cold ones, in which communication wiring has been carried out, but there is no equipment, and hot ones, which can be a backup computer center that receives all information from the central office, a branch office, an office on wheels, etc.

Reservation of communication channels

In the absence of communication with the outside world and its departments, the office becomes paralyzed, because great importance has redundancy for external and internal channels communications. When making reservations, it is recommended to combine different types of communications - cable lines and radio channels, overhead and underground laying of communications, etc.

As companies turn more and more to the Internet, their business becomes increasingly dependent on the functioning of the Internet provider. Network access providers sometimes have quite serious accidents, so it is important to store all important applications on the company's internal network and have contracts with several local providers. You should also think in advance about how to notify strategic clients about a change in email address and require the provider to take measures to ensure prompt restoration of its services after disasters.

Data protection from interception

For any of the three main technologies for transmitting information, there is an interception technology: for cable lines - connecting to a cable, for satellite communications - using an antenna to receive a signal from a satellite, for radio waves - radio interception. Russian security services divide communications into three classes. The first covers local networks located in a security zone, that is, areas with limited access and shielded electronic equipment and communication lines, and without access to communication channels outside it. The second class includes communication channels outside the security zone, protected by organizational and technical measures, and the third class includes unprotected public communication channels. The use of second-class communications significantly reduces the likelihood of data interception.

To protect information in an external communication channel, the following devices are used: scramblers for protecting voice information, encryptors for broadcast communications and cryptographic tools that provide encryption of digital data.

Protection against information leakage

1. Visual optical channels;
2. Acoustic channels;
3. Electromagnetic channels;
4. Material channels;
5. Electronic channels of information leakage.

Protected information is proprietary and is protected relatively legal documents. When carrying out measures to protect non-state information resources that are bank secrets or commercial ones, the requirements of regulatory documents are advisory in nature. For non-state secrets, information protection regimes are established by the owner of the data.

Actions to protect confidential data from leakage through technical channels are one of the parts of the enterprise's measures to ensure information security. Organizational actions to protect information from leaks through technical channels are based on a number of recommendations when choosing premises where work will be carried out to store and process confidential information. Also, when choosing technical means of protection, you must rely primarily on certified products.

When organizing measures to protect leaks to technical information channels at a protected object, the following steps can be considered:

Preparatory, pre-project;
Design of information technology;
The stage of commissioning the protected object and the technical information security system.

The first stage involves preparation for the creation of a technical information security system at protected objects.

When inspecting possible technical leakage streams at a facility, the following are studied:

Plan of the adjacent area to the building within a radius of 300 m.
Plan of each floor of the building with a study of the characteristics of walls, finishes, windows, doors, etc.
Plan diagram of grounding systems for electronic objects.
Communication plan for the entire building, along with the ventilation system.
Plan diagram of the building's power supply indicating all switchboards and the location of the transformer.
Layout of telephone networks.
Fire and security alarm plan showing all sensors.

Having recognized an information leak as the uncontrolled release of confidential data beyond the boundaries of a circle of individuals or an organization, let’s consider how exactly such a leak occurs. The basis of such a leak is the uncontrolled removal of confidential data through light, acoustic, electromagnetic or other fields or material media. Whatever the different reasons for leaks, they have a lot in common. As a rule, the reasons are associated with failures in the standards for storing information and violations of these standards.

Information can be transmitted either by matter or by field. A person is not considered as a carrier, he is the source or subject of relationships. Man takes advantage of different physical fields that create communication systems. Any such system has components: source, transmitter, transmission line, receiver and receiver. Such systems are used every day in accordance with their intended purpose and are by official means data exchange. Such channels provide and control for the purpose of secure exchange of information. But there are also channels that are hidden from prying eyes, and through them they can transmit data that should not be transferred to third parties.

To create a leakage channel, certain temporal, energy and spatial conditions are required that facilitate the reception of data on the attacker’s side.

Leakage channels can be divided into:

Acoustic;
visual-optical;
electromagnetic;
material.

Visual optical channels

Such channels are usually remote surveillance. Information acts as light that emanates from the source of information.

Methods of protection against visual leakage channels:

Reduce the reflective characteristics of the protected object;
position objects in such a way as to prevent reflection in the direction of the potential location of an attacker;
reduce the illumination of the object;
use masking and other methods to mislead the attacker;
use barriers.

Acoustic channels

In such channels, the carrier is sound that lies in the ultra range (more than 20,000 Hz). The channel is realized by propagating an acoustic wave in all directions. As soon as there is an obstacle in the path of the wave, it will engage the oscillatory mode of the obstacle, and sound can be read from the obstacle. Sound travels differently in different propagation media.

Protection from acoustic channels is primarily an organizational measure. They imply the implementation of architectural, planning, regime and spatial measures, as well as organizational and technical active and passive measures. Architectural and planning measures implement certain requirements at the design stage of buildings. Organizational and technical methods involve the implementation of sound-absorbing means. Examples include materials such as cotton wool, carpets, foam concrete, etc. They have a lot of porous spaces that lead to a lot of reflection and absorption of sound waves. Special sealed acoustic panels are also used. The magnitude of sound absorption A is determined by the sound absorption coefficients and the size of the surface of which sound absorption is: A = L * S. The values ​​of the coefficients are known, for porous materials it is 0.2 - 0.8. For concrete or brick it is 0.01 - 0.03. For example, when treating walls L = 0.03 with porous plaster L = 0.3, the sound pressure decreases by 10 dB.

To accurately determine the effectiveness of sound insulation protection, sound level meters are used. A sound level meter is a device that changes sound pressure fluctuations into readings. Electronic stethoscopes are used to evaluate the protection of buildings from leaks through vibration and acoustic channels. They listen to sound through floors, walls, heating systems, ceilings, etc. The sensitivity of the stethoscope ranges from 0.3 to 1.5 v/dB. At a sound level of 34 - 60 dB, such stethoscopes can listen through structures up to 1.5 m thick. If passive protective measures do not help, noise generators can be used. They are placed around the perimeter of the room to create their own vibration waves on the structure.

Electromagnetic channels

For such channels the carrier is electromagnetic waves in the range of 10,000 m (frequency
Known electromagnetic leakage channels:

With the help of design and technological measures, it is possible to localize some leakage channels using:

Weakening of inductive, electromagnetic coupling between elements;
shielding of components and equipment elements;
filtering signals in power or grounding circuits.

Any electronic unit under the influence of a high-frequency electromagnetic field becomes a re-emitter, a secondary source of radiation. This effect is called intermodulation radiation. To protect against such a leakage channel, it is necessary to prevent the passage of high-frequency current through the microphone. It is implemented by connecting a capacitor with a capacity of 0.01 - 0.05 μF in parallel to the microphone.

Material channels

Such channels are created in a solid, gaseous or liquid state. Often this is waste from the enterprise.

Protection against such channels is a whole range of measures to control the release of confidential information in the form of industrial or industrial waste.

Development of information security

The process of development of means and methods of information security can be divided into three relatively independent periods:

The first period is determined by the beginning of the creation of meaningful and independent means and methods of information protection and is associated with the emergence of the possibility of recording information messages on hard media, that is, with the invention of writing. Along with the undeniable advantage of saving and moving data, the problem of keeping confidential information that already existed separately from the source arose, therefore, almost simultaneously with the birth of writing, methods of information protection such as encryption and hiding arose.

Cryptography is the science of mathematical methods of ensuring confidentiality (impossibility of reading information by outsiders) and authenticity (integrity and authenticity of authorship, as well as the impossibility of refusing authorship) of information. Cryptography is one of the oldest sciences; its history goes back several thousand years. In the documents of ancient civilizations such as India, Egypt, Mesopotamia, there is information about systems and methods for composing encrypted letters. The ancient religious books of India indicate that the Buddha himself knew several dozen ways of writing, among which there were permutation ciphers (according to the modern classification). One of the oldest cipher texts from Mesopotamia (2000 BC) is a clay tablet containing a recipe for making glaze in pottery, which ignored some vowels and consonants and used numbers instead of names.

At the beginning of the 19th century, cryptography was enriched with a remarkable invention. Its author is statesman, first Secretary of State and later US President Thomas Jefferson. He called his encryption system a “disk cipher.” This cipher was implemented using a special device, which was later called the Jefferson cipher. The design of the encoder can be briefly described as follows. A wooden cylinder is cut into 36 disks (in principle, the total number of disks may be different). These disks are mounted on one common axis so that they can rotate independently on it. All the letters of the English alphabet were written out in random order on the side surfaces of each disk. The order of letters on each disk is different. A line parallel to its axis stood out on the surface of the cylinder. When encrypting, the plaintext was divided into groups of 36 characters, then the first letter of the group was fixed by the position of the first disk along the selected line, the second - by the position of the second disk, etc. The cipher text was formed by reading a sequence of letters from any line parallel to the selected one. The reverse process was carried out on a similar encryptor: the resulting ciphertext was written out by rotating the disks along a dedicated line, and the plaintext was found among lines parallel to it by reading a meaningful possible option. The Jefferson cipher implements the previously known polyalphabetic substitution cipher. Parts of its key are the order of the letters on each disk and the order of those disks on a common axis.

The second period (from about the middle of the 19th century) is characterized by the emergence of technical means of processing information and transmitting messages using electrical signals and electromagnetic fields (for example, telephone, telegraph, radio). In this regard, problems of protection against the so-called technical leakage channels (side radiation, interference, etc.) arose. To ensure the protection of information during transmission via telephone and telegraph communication channels, methods and technical means have appeared that allow encrypting messages in real time. Also during this period, technical intelligence means were actively developing, greatly increasing the possibilities of industrial and state espionage. Huge, ever-increasing losses of enterprises and firms contributed to scientific and technological progress in creating new and improving old means and methods of information protection.

The most intensive development of these methods occurs during the period of mass informatization of society (third period). It is associated with the introduction of automated information processing systems and is measured over a period of more than 40 years. In the 60s began to appear in the West a large number of open publications on various aspects of information security. Such attention to this problem was primarily caused by the increasing financial losses of companies and government organizations from crimes in the computer sphere.

Protection of personal information

In which case is your right to personal data protection violated:

1) If the management organization in your house has posted a list of debtors, indicating the last name, first name, patronymic, address of the citizen and the amount of debt;
2) If such information is posted on the Internet without your written permission;
3) If strangers call you at home, call you by name and offer services or goods (conduct sociological survey, make a spam call, ask how you feel about Navalny, etc.) - while you did not indicate your address and telephone number anywhere;
4) If your information is published in the newspaper as an example of the results of the census work;
5) In any other case when third parties become aware of your personal information, if you did not provide it.

If your phone number is in the phone book, the address in the directory with your permission is not a violation.

The essence of information protection

Unauthorized access - reading, updating or destroying information without the appropriate authority to do so.

The problem of unauthorized access to information has intensified and acquired particular significance in connection with the development of computer networks, primarily the global Internet.

To successfully protect your information, the user must have an absolutely clear understanding of possible ways unauthorized access.

We list the main typical ways of obtaining information without permission:

Theft of storage media and industrial waste;
- copying storage media with overcoming security measures;
- disguise as a registered user;
- hoax (disguise as system requests);
- exploitation of shortcomings of operating systems and programming languages;
- use of software bookmarks and software blocks of the “Trojan horse” type;
- interception of electronic radiation;
- interception of acoustic radiation;
- remote photography;
- use of listening devices;
- malicious disabling of protection mechanisms, etc.

To protect information from unauthorized access, the following are used: organizational measures, technical means, software, cryptography.

Organizational events include:

Access mode;
- storage of media and devices in a safe (floppy disks, monitor, keyboard, etc.);
- restricting access of persons to computer rooms, etc.

Technical means include various hardware methods for protecting information:

Filters, screens for equipment;
- key to lock the keyboard;
- authentication devices - for reading fingerprints, hand shape, iris, typing speed and techniques, etc.;
- electronic keys on microcircuits, etc.

Information security software is created as a result of the development of special software that would not allow an outsider who is not familiar with this type of protection to obtain information from the system.

Software tools include:

Password access—setting user permissions;
- lock the screen and keyboard, for example, using a key combination in the Diskreet utility from the Norton Utilites package;
- use of BIOS password protection tools on the BIOS itself and on the PC as a whole, etc.

A cryptographic method of protecting information means encrypting it when entered into a computer system.

In practice, combined methods of protecting information from unauthorized access are usually used.

Among the network security mechanisms, the following main ones are usually distinguished:

Encryption;
- access control;
- digital signature.

Information protection objects

A computer system is a set of hardware and software designed for automated collection, storage, processing, transmission and receipt of information. Along with the term “information” in relation to CS, the term “data” is often used. Another concept is also used - “information resources”. In accordance with the Law of the Russian Federation “On Information, Informatization and Information Protection,” information resources are understood as individual documents and individual arrays of documents in information systems (libraries, archives, funds, data banks and other information systems).

The concept of CS is very broad and it covers the following systems:

Computers of all classes and purposes;
computing complexes and systems;
computer networks (local, regional and global).

Such a wide range of systems is united by one concept for two reasons: firstly, for all these systems the main problems of information security are common; secondly, smaller systems are elements of larger systems. If information protection in any systems has its own characteristics, then they are considered separately.

The subject of protection in the Constitutional Court is information. The material basis for the existence of information in a computer system is electronic and electromechanical devices (subsystems), as well as computer media. With the help of input devices or data transmission systems (DTS), information enters the CS. In the system, information is stored in storage devices (storage) at various levels, converted (processed) by processors (PCs) and output from the system using output devices or SPDs. Paper, magnetic tapes, and disks of various types are used as machine media. Previously, paper punched cards and punched tapes, magnetic drums and cards were used as computer storage media. Most types of computer storage media are removable, i.e. can be removed from devices and used (paper) or stored (tape, disk, paper) separately from devices. Thus, to protect information (ensure information security) in a computer system, it is necessary to protect devices (subsystems) and computer media from unauthorized (unauthorized) influences on them.

However, such consideration of the Constitutional Court from the point of view of information protection is incomplete. Computer systems belong to the class of human-machine systems. Such systems are operated by specialists (service personnel) in the interests of users. Moreover, in recent years, users have the most direct access to the system. In some computer systems (for example, personal computers), users perform the functions of maintenance personnel. Operating personnel and users are also carriers of information. Therefore, it is necessary to protect not only devices and media from unauthorized influences, but also operating personnel and users.

When solving the problem of information security in a computer system, it is also necessary to take into account the inconsistency of the human factor of the system. Operating personnel and users can be both the object and the source of unauthorized influence on information.

The concept of “object of protection” or “object” is often interpreted in a broader sense. For concentrated CS or elements of distributed systems, the concept of “object” includes not only information resources, hardware, software, maintenance personnel, users, but also premises, buildings, and even the territory adjacent to buildings.

One of the basic concepts of information security theory is the concepts of “information security” and “protected CS”. Security (security) of information in a computer system is a state of all components of a computer system that ensures protection of information from possible threats at the required level. Computer systems that ensure information security are called secure.

Information security in the CS (information security) is one of the main areas of ensuring the security of the state, industry, department, government organization or private company.

Information security is achieved by management of an appropriate level of information security policy. The main document on the basis of which the information security policy is carried out is the information security program. This document is developed and adopted as an official governing document by the highest government bodies of the state, department, or organization. The document provides the goals of the information security policy and the main directions for solving information security problems in the CC. Information security programs also contain general requirements and principles for constructing information security systems in the CS.

The information security system in the CS is understood as a unified set of legal norms, organizational measures, technical, software and cryptographic tools that ensure the security of information in the CS in accordance with the adopted security policy.

Software information protection

Information security software:

Built-in information security tools.

Antivirus program (antivirus) is a program for detecting computer viruses and treating infected files, as well as for prevention - preventing infection of files or the operating system with malicious code.

Specialized software tools for protecting information from unauthorized access generally have better capabilities and characteristics than built-in tools. In addition to encryption programs and cryptographic systems, there are many other external information security tools available.

Firewalls (also called firewalls or firewalls). Special intermediate servers are created between the local and global networks, which inspect and filter all network/transport level traffic passing through them. This allows you to dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger completely. A more secure version of the method is the masquerading method, when all traffic originating from the local network is sent on behalf of the firewall server, making the local network practically invisible.

Proxy-servers (proxy - power of attorney, trusted person). All network/transport layer traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java and JavaScript code).

A VPN (virtual private network) allows you to transmit sensitive information over networks where unauthorized people can eavesdrop on the traffic. Technologies used: PPTP, PPPoE, IPSec.

Information in relation to the task of its protection, this is information about persons, objects, facts, events, phenomena or processes, regardless of the form of their presentation. Depending on the form of presentation, information can be divided into speech, telecommunication and documented.

Information is divided into open and restricted access. To information limited access include state secrets and confidential information.

In accordance with Russian legislation, to confidential information The following information applies:

official secret (medical, lawyer, secret of court and investigation, etc.);

trade secret;

personal data (information about facts, events and circumstances of a citizen’s life that allow his or her identity to be identified).

Information is one of the objects of civil rights, including the rights of property, possession and use. Owner information resources, systems and technologies is a subject with the authority to own, use and dispose of these objects. Owner information resources, systems and technologies is a subject with the authority to own and use these objects. Under user information we will understand the subject who accesses the information system to obtain the information he needs and uses it.

Protected information refers to information that is proprietary and subject to protection in accordance with the requirements of legal documents or requirements established by the owner of the information.

However, not all information is subject to protection, but only that which has a price. The information that becomes valuable is the possession of which will allow its existing and potential owner to receive any benefit: moral, material, political, etc.

The value of information is a criterion when making any decision about its protection and for choosing a method of protection. In monetary terms, the costs of protecting information should not exceed possible losses.

The following division of information by level of importance is accepted:

1) vital irreplaceable information, the presence of which is necessary for the functioning of the organization;

2) important information- information that can be replaced or restored, but the restoration process is very difficult and associated with high costs;

3) helpful information - information that is difficult to recover, but the organization can function effectively without it;

4) irrelevant information- information that is no longer needed by the organization.

The above division of information by level of importance is consistent with the principle of dividing information by level of secrecy.

Privacy level- this is an administrative or legislative measure corresponding to the extent of a person’s responsibility for the leak or loss of specific secret information, regulated by a special document, taking into account state, military-strategic, commercial, official or private interests. Such information may be state, military, commercial, official or personal secret.

Information protection are called activities to prevent leakage of protected information, unauthorized and unintentional impacts on protected information.

Under leakage understand the uncontrolled dissemination of protected information through its disclosure and unauthorized access to it. Disclosure– this is the provision of protected information to an uncontrolled number of recipients of information (for example, publication of information on an open website on the Internet or in the open press).

Unauthorized access– receipt of protected information by an interested subject in violation of the rules of access to it.

Unauthorized influence on protected information - impact in violation of the rules for changing it (for example, deliberate introduction of malicious program code into protected information resources or deliberate substitution of an electronic document).

Unintended Impact on protected information is the impact on it due to user errors, failure of hardware and software, natural phenomena and other untargeted influences (for example, destruction of documents as a result of failure of the drive on the hard magnetic disk of a computer).

Purpose of information protection– prevention of damage to the owner, possessor or user of information.

Under efficiency of information protection understand the extent to which the results of information protection correspond to the intended purpose.

Object of protection there may be information, its medium or information process that needs to be protected in accordance with the intended purpose.

Information security– the state of information, technical means and technology for processing it, characterized by the properties of confidentiality, integrity and availability of information when processed by technical means. Thus, the main characteristics of protected information are integrity, confidentiality and availability.

Information integrity– a property of information, technical means and technology for its processing, characterized by the ability to withstand unauthorized or unintentional destruction and distortion of information. Integrity is part of a broader characteristic of information - its reliability, which, in addition to integrity, also includes the completeness and accuracy of displaying the subject area.

Confidentiality of information– a property of information, technical means and technology for its processing, characterized by the ability of information to be kept secret from subjects who do not have the authority to familiarize themselves with it.

Confidentiality is a subjective characteristic of information associated with the objective need to protect the legitimate interests of some subjects from others.

Availability of information– a property of information, technical means and technology for processing it, characterized by the ability to provide unimpeded access to information to subjects who have the appropriate authority to do so. Denial of service is a state of an information system in which access to some of its resources is blocked.

Information security breach– loss of properties characterizing the security of information when processed by technical means.

Information security threat– accidental or intentional human activity or physical phenomenon that may lead to a violation of information security.

Source of information security threat– any individual, material object or phenomenon that creates a threat to the security of information when processed by technical means.

Information leak– loss of information confidentiality properties.

Unauthorized access to information (UAI)– access to information when it is processed by technical means without permission, using the capabilities of these technical means.

Distortion of information– any intentional or accidental change in information during its processing by technical means, changing the content of this information.

Destruction of information– an action as a result of which information ceases to physically exist in the technical means of its processing.

Hardware bookmark– an electronic device that is built-in or connected to elements of technical means of information processing in order to violate the security of information when it is processed by technical means.

Security policy is a set of documented norms, rules and practices governing the management, protection and distribution of restricted information.

Data protection - This is the use of various means and methods, the use of measures and the implementation of activities in order to ensure a system of reliability of transmitted, stored and processed information.

Information protection includes:

ensuring the physical integrity of information, eliminating distortion or destruction of information elements;

preventing the substitution of information elements while maintaining its integrity;

denial of unauthorized access to information to persons or processes that do not have the appropriate authority to do so;

gaining confidence that the information resources transmitted by the owner will be used only in accordance with the terms agreed upon by the parties.

Processes to violate the reliability of information are divided into accidental and malicious (intentional). Sources random destructive processes are unintentional, erroneous actions of people, technical failures. Malicious violations arise as a result of deliberate actions of people.

The problem of information security in electronic data processing systems arose almost simultaneously with their creation. It was caused by specific facts of malicious actions over information.

The importance of the problem of providing reliable information is confirmed by the costs of protective measures. To ensure a reliable protection system, significant material and financial costs are required. Before building a protection system, an optimization model must be developed that allows achieving maximum results with a given or minimum expenditure of resources. Calculating the costs that are necessary to provide the required level of information security should begin with identifying several facts: a complete list of threats to information, the potential danger to information of each threat, the amount of costs required to neutralize each threat.

If in the first decades of active use of PCs the main danger was posed by hackers who connected to computers mainly through the telephone network, then in the last decade the violation of the reliability of information has progressed through programs, computer viruses, and the global Internet.

There are many ways of unauthorized access to information, including:

viewing;

copying and substitution of data;

entering false programs and messages as a result of connecting to communication channels;

reading the remaining information on its media;

reception of electromagnetic radiation and wave signals;

use of special programs.

To combat all these methods of unauthorized access, it is necessary to develop, create and implement a multi-stage, continuous and managed information security architecture. It's not just confidential information that needs to be protected. The object of protection is usually affected by a certain combination of destabilizing factors. Moreover, the type and level of influence of some factors may not depend on the type and level of others.

A situation is possible when the type and level of interaction of existing factors significantly depends on the influence of others that explicitly or covertly enhance such influences. In this case, both independent and interdependent means should be used in terms of the effectiveness of protection. In order to provide enough high level data security, a compromise must be found between the cost of protective measures, the inconvenience of using protective measures and the importance of the information being protected. Based on a detailed analysis of numerous interacting factors, a reasonable and effective solution can be found to balance protection measures against specific hazards.

Object of protection – This is the system component in which the protected information is located. Element of protection is a collection of data that may contain information necessary for protection.

When operating computer systems, the following may occur:

equipment failures and malfunctions;

system and system technical errors;

software errors;

human errors when working with a computer.

Unauthorized access to information is possible during computer maintenance in the process of reading information on computer and other media. Illegal access to information is divided into passive and active. At passive familiarization with information, there is no violation of information resources and the violator can only disclose the contents of messages. When active unauthorized access to information, it is possible to selectively change, destroy the order of messages, redirect messages, delay and create fake messages.

To ensure security, various measures are carried out, which are united by the concept of “information security system”.

Information security system – This is a set of organizational (administrative) and technological measures, software and hardware, legal, moral and ethical standards that are used to prevent the threat of violators in order to minimize possible damage to users and owners of the system.

Organizational and administrative means of protection is called regulation of access to information and computing resources, as well as functional processes data processing systems. These protections are used to make it difficult or impossible for security threats to occur. The most typical organizational and administrative means are:

Allowing only verified officials to process and transmit protected information;

Storage of information media that represent a certain secret, as well as registration logs in safes inaccessible to unauthorized persons;

Accounting for the use and destruction of documents (media) with protected information;

Division of access to information and computing resources of officials in accordance with their functional responsibilities.

Technical means of protection are used to create some physically closed environment around the object and protection elements. In this case, such measures are used as:

Limitation of electromagnetic radiation through shielding of rooms in which information processing is carried out;

Implementation of power supply to equipment that processes valuable information from an autonomous power source or a general power supply network through special network filters.

Software tools and methods of protection are more active than others used to protect information on PCs and computer networks. They implement security functions such as delineation and control of access to resources; registration and study of ongoing processes; preventing possible destructive impacts on resources; cryptographic information protection.

Under technological means of information security refers to a number of activities that are organically integrated into the technological processes of data conversion. They also include:

creating archival copies of media;

manual or automatic saving of processed files in external computer memory;

automatic registration of user access to various resources;

development of special instructions for the implementation of all technological procedures, etc.

Legal And moral and ethical measures and remedies include laws, regulations, regulating rules, and standards of behavior in force in the country, the observance of which contributes to the protection of information.

Identification is the assignment of a unique name or image to a particular object or subject. Authentication – this is the establishment of the authenticity of an object or subject, i.e., checking whether the object (subject) is who it claims to be.

The ultimate goal of the identification and authentication procedures for an object (subject) is to admit it to restricted information in the event positive check or refusal of admission if the test result is negative.

Objects of identification and authentication include: people (users, operators); technical means (monitors, workstations, subscriber stations); documents (manual, printouts); magnetic storage media; information on the monitor screen.

The most common authentication methods include assigning a password to a person or other name and storing the value on a computer system. Password is a set of symbols that defines an object (subject).

A password as a security feature can be used to identify and authenticate the terminal from which the user is logging in, as well as to de-identify the computer from the user.

Given the importance of a password as a means of increasing the security of information from unauthorized use, the following precautions must be observed:

1) do not store passwords on the computer system in an unencrypted place;

2) do not print or display passwords in clear text on the user’s terminal;

3) do not use your name or the names of relatives, as well as personal information (date of birth, home or office telephone number, street name) as a password;

4) do not use real words from an encyclopedia or explanatory dictionary;

5) use long passwords;

6) use a mixture of upper and lower case keyboard characters;

7) use combinations of the two simple words, connected by special characters (for example, +,=,<);

8) use non-existent new words (absurd or even delusional);

9) change your password as often as possible.

To identify users, systems that are complex in terms of technical implementation can be used, which ensure the authentication of the user based on the analysis of his individual parameters: fingerprints, hand line drawing, iris, voice timbre. The most widely used are physical identification methods that use password code carriers. Such carriers can be passes in checkpoint systems; plastic cards with the owner’s name, code, signature; plastic cards with a magnetic stripe that can be read by a special reader; plastic cards containing a built-in microcircuit; optical memory cards.

One of the most intensively developed areas for ensuring information security is the identification and determination of the authenticity of documents based on an electronic digital signature. When transmitting information via communication channels, fax equipment is used, but in this case the recipient does not receive the original, but only a copy of the document with a copy of the signature, which during the transmission process can be copied again to use a false document.

Electronic digital signature is an encryption method using cryptographic transformation and is a password that depends on the sender, recipient and content of the transmitted message. To prevent reuse of the signature, it must be changed from message to message.

The most effective means of increasing security is cryptographic transformation. To improve security, do one of the following:

1) data transmission in computer networks;

2) transfer of data stored in remote memory devices;

3) transfer of information during exchange between remote objects.

Protecting information using the cryptographic transformation method consists of bringing it to an implicit form through the transformation of the component parts of information (letters, numbers, syllables, words) using special algorithms or hardware and key codes. Key is a mutable part of a cryptographic system that is kept secret and determines which of the possible encryption transformations is performed in a given case.

To change (encrypt) a certain algorithm or device is used that implements a given algorithm. Algorithms may be known to a wide range of people. The encryption process is controlled using a periodically changing key code, which ensures an original representation of information each time if the same algorithm or device is used. With a known key, you can decrypt the text relatively quickly, simply and reliably. Without knowing the key, this procedure can become almost impossible even when using a computer.

The following necessary requirements are imposed on cryptographic transformation methods:

1) it must be sufficiently resistant to attempts to reveal the original text by using the encrypted one;

2) key exchange should not be difficult to remember;

3) the costs of protective transformations should be made acceptable at a given level of information security;

4) errors in encryption should not cause obvious loss of information;

5) the size of the ciphertext should not exceed the size of the original text.

Methods intended for protective transformations are divided into four main groups: permutations, substitutions (substitutions), additive and combined methods.

Methods permutations and substitutions (substitutions) are characterized by short keys, and the reliability of protection is determined by the complexity of the conversion algorithms. For additive methods, on the contrary, are characterized by simple algorithms and long keys. Combined methods are more reliable. They most often combine the advantages of the components used.

The four cryptographic transformation methods mentioned are classified as symmetric encryption methods. One key is used for both encryption and decryption.

The main methods of cryptographic transformation are the permutation and substitution methods. Basis of the method permutations consists of breaking the original text into blocks, and then writing these blocks and reading the ciphertext along different paths of the geometric figure.

Encryption method replacements is that the characters of the source text (block), written in one alphabet, are replaced by characters of another alphabet in accordance with the conversion key used.

The combination of these methods led to the formation of the method derivative cipher which has strong cryptographic capabilities. The method algorithm is implemented both in hardware and software, but is designed to be implemented using special-purpose electronic devices, which makes it possible to achieve high performance and simplified organization of information processing. The industrial production of equipment for cryptographic encryption, established in some Western countries, can dramatically increase the level of security of commercial information when stored and electronically exchanged in computer systems.

Computer virus - This is a specially written program that is capable of spontaneously attaching to other programs (infecting them), creating copies of itself and introducing them into files, system areas of the computer and other computers connected to it in order to disrupt the normal operation of programs, damage files and directories, as well as create various interference when working on a computer.

The appearance of viruses on a computer is determined by the following observable signs:

decreased computer performance;

impossibility and slowdown of OS loading;

increasing the number of files on disk;

changing file sizes;

periodic appearance of inappropriate messages on the monitor screen;

reduction in the volume of free OP;

a sharp increase in hard disk access time;

destruction of the file structure;

The disk drive warning light comes on when it is not being accessed.

The main routes for infecting computers with viruses are usually removable disks (floppy disks and CD-ROMs) and computer networks. Infection of a computer's hard drive can occur if the computer is booted from a floppy disk containing a virus.

Based on the type of habitat viruses have, they are classified into boot, file, system, network and file-boot (multifunctional).

Boot viruses are embedded in the boot sector of the disk or in the sector that contains the system disk boot program.

File viruses are placed mainly in executable files with the extension .COM and .EXE.

System viruses are embedded in system modules and peripheral device drivers, file allocation tables, and partition tables.

Network viruses are located on computer networks, and file-boot - infect boot sectors of disks and application program files.

Along the path of infection of the environment, viruses are divided into resident and non-resident.

Resident viruses when a computer is infected, they leave their resident part in the operating system, which, after infection, intercepts the OS's calls to other infection objects, infiltrates them and carries out its destructive actions, which can lead to shutdown or reboot of the computer. Non-resident viruses do not infect the computer’s operating system and are active for a limited time.

The structural features of viruses affect their manifestation and functioning.

Logic bomb is a program that is built into a large software package. It is harmless until a certain event occurs, after which its logical mechanism is implemented.

Mutant programs self-reproducing, creating copies that are clearly different from the original.

Invisible viruses or stealth viruses, intercept OS calls to infected files and disk sectors and substitute uninfected objects in their place. When accessing files, these viruses use rather original algorithms that allow them to “deceive” resident anti-virus monitors.

Macro viruses use the capabilities of macro languages ​​that are built into office data processing programs (text editors, spreadsheets).

Based on the degree of impact on the resources of computer systems and networks, or on the basis of destructive capabilities, viruses are divided into harmless, non-dangerous, dangerous and destructive viruses.

Harmless viruses do not have a pathological effect on the operation of the computer. Non-dangerous viruses do not destroy files, but reduce free disk memory and display graphic effects on the screen. Dangerous viruses often cause significant disruption to computer operation. Destructive viruses may lead to erasure of information, complete or partial disruption of application programs. It is important to keep in mind that any file that is capable of downloading and executing program code is a potential place where a virus could be placed.

The widespread use of computer viruses has led to the development of anti-virus programs that can detect and destroy viruses and “treat” affected resources.

The basis of most antivirus programs is the principle of searching for virus signatures. Virus signature refers to some unique characteristic of a virus program that indicates the presence of a virus in a computer system. Most often, antivirus programs include a periodically updated database of virus signatures. An antivirus program examines and analyzes a computer system and makes comparisons, looking for a match with signatures in a database. If the program finds a match, it tries to clean the detected virus.

According to the way they work, antivirus programs can be divided into filters, auditors, doctors, detectors, vaccines, etc.

Filter programs – these are “watchmen” who are constantly in the OP. They are resident and intercept all requests to the OS to perform suspicious actions, i.e. operations that use viruses to reproduce and damage information and software resources on the computer, including reformatting the hard drive. Among them are attempts to change file attributes, correct executable COM or EXE files, and write to boot sectors of the disk.

With each request for such an action, a message appears on the computer screen indicating what action is requested and what program will perform it. In this case, the user must either allow or deny its execution. The constant presence of “guard” programs in the OP significantly reduces its volume, which is the main disadvantage of these programs. In addition, filter programs are not able to “clean” files or disks. This function is performed by other antivirus programs, for example AVP, Norton Antivirus for Windows, Thunder Byte Professional, McAfee Virus Scan.

Auditor programs are a reliable means of protection against viruses. They remember the initial state of programs, directories and system areas of the disk, provided that the computer has not yet been infected with a virus. Subsequently, the program periodically compares the current state with the original one. If inconsistencies are detected (file length, modification date, file cyclic control code), a message about this appears on the computer screen. Among the audit programs we can highlight the Adinf program and its add-on in the form of the Adinf cure Module.

Doctor program is capable of not only detecting, but also “cleaning” infected programs or disks. At the same time, it destroys the infected programs of the virus body. Programs of this type can be divided into phages and polyphages. Phages – These are programs that are used to search for viruses of a certain type. Polyphages designed to detect and destroy a large number of different viruses. In our country, the most commonly used polyphages are MS Antivirus, Aidstest, Doctor Web. They are continuously updated to combat emerging new viruses.

Detector programs capable of detecting files infected with one or more viruses known to program developers.

Vaccine programs or immunizers, belong to the class of resident programs. They modify programs and disks in such a way that this does not affect their operation. However, the virus against which the vaccination is carried out considers them already infected and does not invade them. Currently, many anti-virus programs have been developed that are widely recognized and are constantly being updated with new tools to combat viruses.

The Doctor Web polyphage program is used to combat polymorphic viruses that appeared relatively recently. In heuristic analysis mode, this program effectively identifies files infected with new, unknown viruses. Using Doctor Web to control floppy disks and files received over the network, you can almost certainly avoid system infection.

When using the Windows NT operating system, there are problems with protection against viruses created specifically for this environment. A new type of infection has also appeared - macro viruses, which are “implanted” into documents prepared by the Word word processor and Excel spreadsheets. The most common antivirus programs include AntiViral Toolkit Pro (AVP32), Norton Antivirus for Windows, Thunder Byte Professional, McAfee Virus Scan. These programs operate in scanner program mode and carry out anti-virus monitoring of OS, folders and disks. In addition, they contain algorithms for recognizing new types of viruses and allow files and disks to be disinfected during the scanning process.

AntiViral Toolkit Pro (AVP32) is a 32-bit application that runs on Windows NT. It has a convenient user interface, a help system, a flexible system of user-selectable settings, and recognizes more than 7 thousand different viruses. This program identifies (detects) and removes polymorphic viruses, mutant viruses and invisible viruses, as well as macro viruses that infect a Word document and Excel tables, Access objects - “Trojan horses”.

An important feature of this program is the ability to monitor all file operations in the background and detect viruses before the system is actually infected, as well as detect viruses inside archives in ZIP, ARJ, ZHA, RAR formats.

The AllMicro Antivirus program interface is simple. It does not require the user to have additional knowledge about the product. When working with this program, click the Start (Scan) button, after which it will begin checking or scanning the OP, boot and system sectors of the hard drive, and then all files, including archived and packaged ones.

During initial boot, Vscan 95 checks the computer's memory, boot sectors of the system disk, and all files in the root directory. The other two programs in the package (McAfee Vshield, Vscan) are Windows applications. The first, after Windows boots, is used to monitor newly connected disks, control executable programs and copied files, and the second is used for additional checking of memory, disks and files. McAfee VirusScan can detect macro viruses in MS Word files.

In the process of development of local computer networks, e-mail and the Internet and the introduction of the Windows NT network operating system, developers of anti-virus programs have prepared and supplied to the market such programs as Mail Checker, which allows you to check incoming and outgoing e-mail, and AntiViral Toolkit Pro for Novell NetWare (AVPN ), used to detect, cure, delete and move virus-infected files to a special directory. The AVPN program is used as an anti-virus scanner and filter that constantly monitors files stored on the server. He is able to remove, move and “heal” affected objects; scan packaged and archived files; identify unknown viruses using a heuristic mechanism; check remote servers in scanner mode; disconnect the infected station from the network. The AVPN program can be easily configured to scan files of various types and has a convenient scheme for replenishing the anti-virus database.

Software products are important objects of protection for a number of reasons:

1) they are a product of the intellectual work of highly qualified specialists, or even groups of several dozen or even hundreds of people;

2) the design of these products involves the consumption of significant material and labor resources and is based on the use of expensive computer equipment and high technology;

3) restoring damaged software requires significant labor costs, and the use of simple computing equipment is fraught with negative results for organizations or individuals.

Protection of software products has the following goals:

restriction of unauthorized access of certain categories of users to work with them;

exclusion of deliberate damage to programs in order to disrupt the normal course of data processing;

preventing deliberate modification of the program with the aim of damaging the reputation of the software manufacturer;

preventing unauthorized replication (copying) of programs;

exclusion of unauthorized study of the content, structure and mechanism of the program.

Software products should be protected from unauthorized influences of various objects: humans, technical equipment, specialized programs, and the environment. Impact on a software product is possible through theft or physical destruction of documentation for the program or the computer media itself, as well as by disrupting the functionality of the software.

Technical means (equipment) through a connection to a computer or transmission medium can read, decrypt programs, as well as physically destroy them.

Virus infection can be accomplished using specialized programs, viral infection of a software product, its unauthorized copying, or unauthorized study of its content.

The environment due to abnormal phenomena (increased electromagnetic radiation, fire, floods) can cause physical destruction of the software product.

The simplest and most accessible way to protect software products is to restrict access to them using:

password protection of programs when they are launched;

key floppy disk;

a special technical device (electronic key) connected to the computer input/output port.

In order to avoid unauthorized copying of programs, special software protection tools must:

identify the environment from which the program is launched;

keep records of the number of authorized installations or copies completed;

counteract (even to the point of self-destruction) the study of algorithms and programs of the system.

For software products, effective protective measures are:

1) identification of the environment from which the program is launched;

2) entering a record of the number of completed authorized installations or copies;

3) counteracting non-standard formatting of the launch floppy disk;

4) fixing the location of the program on the hard drive;

5) binding to an electronic key inserted into the I/O port;

6) binding to the BIOS number.

When protecting software products, it is necessary to use legal methods. Among them are licensing agreements and contracts, patent protection, copyright, technological and industrial secrecy.

The most common cases that pose a threat to data are accidental data erasure, software failure and hardware failures. One of the first recommendations to the user is to back up data.

For magnetic disks there is such a parameter as the average time between failures. It can be expressed in years, so backup is necessary.

When working on a computer, data sometimes cannot be read due to a failure of the hard drive control board. By replacing the controller board and rebooting the computer, you can resume the interrupted work.

In order to ensure the safety of data, it is necessary to create backup copies. The use of copying as a method of ensuring data security requires the selection of a software product, procedure (full, partial or selective copying) and backup frequency. Depending on the significance of the information, a double backup is sometimes made. Testing your backups should not be neglected either. Data must also be protected if the computer is operating on a small network, when users use shared resources of the file server.

Security methods include:

use of file and directory attributes such as “hidden”, “read-only”;

saving important data on floppy disks;

storing data in password-protected archive files;

inclusion of regular scanning for computer viruses in the security program.

There are three main ways to use antivirus programs:

1) search for a virus during initial boot, when the antivirus program launch command is included in AUTOEXEC.bat;

2) launching a virus program manually;

3) visual preview of each downloaded file.

A pragmatic method for ensuring the security of information on an offline computer is password protection. After turning on the computer and running the CM08 installation program, the user can enter information twice, which becomes the password. Further protection at the CMOS level locks the entire computer if the correct password is not entered.

In cases where using a password is undesirable during initial boot, some keyboard models can be locked using the physical keys supplied with the computer.

The ability to protect some files is provided when the user works with office packages (word processors, spreadsheets, DBMS) and executes the command to save files (Save as...). If in this case you click on the Options button, then in the dialog box that opens you can set a password that limits the ability to work with this document. In order to restore the original form of the data protected in this way, the same password must be entered. The user may forget or, having written it down on paper, simply lose the password, then even greater troubles may arise than when working without password protection.

There are quite a variety of methods for protecting computers that operate autonomously or as part of a small network, at home or in the office. When choosing a strategy for protecting information on a computer, you need to find a compromise between the value of the protected data, the costs of providing protection, and the inconvenience that the protection system imposes on working with data.

Online environments are vulnerable to data security. An example of interactive environments is any of the systems with communication capabilities, such as e-mail, computer networks, and the Internet.

Email represents any type of communication used by computers and modems. Some of the most vulnerable places in email include the sender's outbox and the recipient's inbox. Each of the email software packages allows you to archive incoming and outgoing messages to any other address, which can lead to abuse by attackers.

E-mail, when ensuring the transfer of messages, can cause significant harm to the recipient of the messages. Other safety techniques should be used to prevent unwanted consequences, including:

You should not immediately launch programs received by email, especially attachments. You need to save the file on disk, scan it with an antivirus program and only then run it;

It is prohibited to disclose your password and personal data, even if the sender offers the recipient something very tempting;

When opening received MS Office files (in Word, Excel), you should, if possible, not use macros;

It is important to try to use proven as well as newer versions of email programs.

One of the important problems for Internet users is the problem of data security on the network itself. The user connects to resources through the provider. In order to protect information from hooligan elements, unqualified users and criminals, the Internet system uses a system of authority, or access control. Each data file (or other computer resources) has a set of attributes that indicate that the file can be viewed by anyone, but only the owner has the right to change it. Another problem is that no one other than the owner can view the file, even though the names of these information resources are visible. Typically, the user seeks to protect his information in some way, but it must be remembered that system administrators can overcome security systems. In this case, various methods of encrypting information using keys developed by the user come to the rescue.

One of the problems of working on the Internet is the restriction of access of certain categories of users to information resources (children and schoolchildren). This can be done using special software products - firewalls (Net Nanny, Surf-Watch, Cyber ​​Patrol). They are based on the principle of filtering by keywords, fixed lists of WWW service locations that contain material undesirable for children. Programs of a similar type that record Internet sessions and deny access to certain places on the network can be installed in offices and other institutions to prevent employees from wasting time for personal interests.

The Internet is a system in which numerous users have their own Web servers containing advertising or reference information on Web pages. Competitors can spoil the content. To avoid troubles in such situations, you can regularly view Web pages. If information is damaged, it must be restored using previously prepared copies of files. It is important to keep in mind that providers are required to ensure the security of information on servers by systematically reviewing event logs and updating software if security problems are detected.

BASIC CONCEPTS AND FEATURES OF PROTECTED INFORMATION.

Information is one of the main products of modern information societies and one of the most important types of goods in the domestic and international markets.

Owner protected information - a legal or natural person who, at his own discretion, owns, uses and disposes of the information belonging to him.

Owner protected information - a legal or natural person who has the authority to own, use and dispose of this information under an agreement with the owner, by force of law or a decision of administrative bodies.

Each state has and protects its own informational resources. These resources can be divided into the following three groups:

Information is open, there are no restrictions on its distribution and use.

Patented information- is protected by domestic legislation or international agreements as an object of intellectual property.

Information "closed" its owner, possessor and protected them with the help of proven mechanisms for protecting state, commercial or other protected secrets.

The third group usually includes information that is unknown to other persons, which cannot be patented or is not intentionally patented by its owner in order to avoid or reduce the risk of this information being taken over by rivals and competitors.

They protect and protect, as a rule, not all or not all information, but the most important, valuable for its owner. Limiting the dissemination of such information brings him some benefit or profit, the ability to effectively solve the problems facing him.

Protected information includes:

secret information(information containing state secrets);

confidential information(information containing commercial, personal, judicial-investigative, official, industrial and professional secrets (Fig. 6)).

Thus, protected information means information the use and distribution of which is subject to restrictions by its owner.

A mystery can be considered as an objective (the mystery of the Universe, for example) and a subjective category. In the second case, a secret means something that needs to be hidden from others.

Secret in the field of information security- this is a subjective category when information about some events, phenomena, objects is hidden for one reason or another by the owner, the owner of the information from outsiders.

Protected information must bring certain benefits to its owner and justify the effort and resources expended on its protection.

One of the main features of protected information is the restrictions imposed by the owner of the information on its distribution and use.

Protected information, unlike open information, has its own characteristics. Protected information is characterized by a continuously repeating set of information processes, which leads to an increase in the amount of such information. New information is being created containing information that is subject to classification. Therefore, such information is immediately included in the arrays of protected information upon its creation. The production of new information is usually accompanied by the consumption of existing protected information.

The circulation of protected information occurs in a certain area limited by security measures - scientific and production, managerial, commercial, etc.

Secret information has a certain genetic property: if this information is the basis for the creation of new information (documents, products, etc.), then the information created on this basis is, as a rule, secret.

With regard to confidential information, including commercial secrets, this cannot be said unequivocally.

The emergence of new protected information is the result of the activities of the subject - the owner of the information or persons authorized by him who have classified the information. After this, she seems to be alienated from the subject - the author. The peculiarity of such alienation is that this secret or confidential information dictates to everyone who comes across it the rules for handling it, the level of protective measures for themselves, etc.

Information security level determined by the classification of secrecy or confidentiality.

Vulnerability of protected information lies in the possibility of “borrowing” it without violating the physical integrity of the carrier.

In this case it happens information leak. The owner may not know about this.

Dissemination of open information happens randomly. Dissemination of protected information produced deterministically (the possible number of consumers is determined in advance).

CONCEPTUAL MODEL OF INFORMATION SECURITY

THE CONCEPTS OF “INFORMATION”, ITS “SOURCES AND MEDIA”.

An integral part of any field of science, including the developing theoretical foundations of comprehensive information security, are certain concepts. Naturally, one of the main concepts in this subject area is “information”, which can be classified as abstract categories and primary concepts, and in its form of manifestation is a material and energy category.

There are many definitions of the concept “information”: from the most general, philosophical (information is a reflection of the material world), to the most narrow, practical (information is all information that is the object of storage, transmission and transformation).

Until the mid-20s. XX century information really meant “messages and information” transmitted by people orally, written or otherwise. From the middle of the 20th century. information turns into a general scientific concept, including the exchange of information between people, man and machine, machine and machine; exchange of signals in the animal and plant world; transfer of characteristics from cell to cell, from organism to organism (genetic information). This is one of the basic concepts of cybernetics.

In connection with the development of communications and telecommunications, computing technology and their use for processing and transmitting information, the need arose to measure its quantitative characteristics. K. Shannon and W. Weaver proposed probabilistic methods for determining the amount of information transmitted. The concept of “entropy of information” appeared as a measure of its uncertainty.

N. Wiener proposed that the “information vision” of cybernetics be considered the science of control in living organisms and technical systems. Information has come to be understood as not just information, but only those that are new and useful for making decisions that ensure the achievement of management goals.

For many years now, the semantic theory of information has been developing, which studies the meaning contained in information, its usefulness and value for the consumer.

From the point of view of the information security process, it is important for us to present this concept in a more materialistic plane, which allows us to direct security actions to a specific object. Therefore, let us dwell on the following definition.

Information is information about objects, objects, phenomena, processes (regardless of the form of their presentation), displayed in the human mind or on any medium for subsequent perception by a person.

The use of this term usually presupposes the occurrence of a material-energy signal perceived sensory or at the instrumental level. The existence of such a signal presupposes the presence of an information carrier. When organizing the protection of classified information, attention is constantly drawn to the need to protect carriers of secret and confidential information, and since such information is inseparable from them, it cannot exist outside of the carrier. And only by gaining access to the media, an attacker can obtain information of interest (and protected by the owner). In this case, the information carrier becomes a source for this attacker.

Obviously, the concept of “source” is understood as some object that has certain information, to which persons interested in it have gained access one-time or repeatedly. The source is associated with some recipient (subject) who has one or another ability to access information. The source in this pair acts as a passive side, and the recipient-subject is the active one.

The seemingly simplest operation of transforming an information carrier into its source, which we ourselves perform hundreds and thousands of times every day, acquires a special meaning when obtaining protected information. The carrier of secret and confidential information is under constant protection, access to it is strictly regulated. Therefore, an opponent can only gain access to such information against the will of its owner. Such illegal, unauthorized access always carries the risk of failure of the operation. If you think about it, the main goal of information protection ultimately comes down to preventing an opponent from gaining access to the protected information medium.

However, in information security activities, situations constantly arise when you cannot “put a lock” on information carriers, you cannot lock them in a safe, especially in the process of their use, and also when they are people, various types of radiation, serving as a “product” of the activity of technical systems , communication channels, radiation from low-current devices, etc. Therefore, all these media are potential sources of information. It is these that the opponent seeks to gain access to, paving the way to the information of interest to him.

Thus, from the point of view of ensuring information security, the concept of “carrier” must be understood as some object that has certain information that can be obtained (received) one-time or repeatedly by persons interested in it. The carrier is associated with some recipient (subject) who has one or another ability to access information. Then, by a carrier of confidential information we will understand an object that has certain protected information that is of interest to attackers. Considering information from the point of view of displaying it on some or in some material (physical) objects that can preserve it for a long time in a relatively unchanged form or transfer it from one place to another, the media of protected information can be classified as follows:

Tangible media (documents, books, products, substances and materials);

Radiations and fields (electromagnetic, thermal, radiation and other radiation, hydroacoustic, seismic and other fields);

Human.

INDICATORS FOR EVALUATING INFORMATION

We must consider information from the point of view of the tasks and problems of informatization, that is, on the one hand, as an information resource of society necessary for information support of social activities and everyday life of people, and on the other hand, as specific raw materials that must be extracted and processed using specific technologies. .

In order for information to effectively fulfill its role in the process of activity, it is necessary to be able to assess its significance for the effectiveness of the corresponding activity, bearing in mind that in the conditions of the information society it is the object and product of labor.

Thus, to evaluate information, two types of indicators are needed:

1) characterizing information as an object of labor in the process of information support of tasks being solved;

2) characterizing information as a providing resource in the process of solving various problems.

Indicators of the first type should characterize information as an object of labor on which certain procedures are carried out in the process of processing it in order to provide information for the tasks being solved. For OI, these indicators are of great importance for two reasons that determine the main types of characteristics of this type of indicator.

1. In the systems under consideration, information messages go through many stages of processing: representation of information in symbolic form (in various forms of electrical signals), signal conversion (analog to discrete form), data encryption and all inverse transformations. Consequently, the main characteristic of information can be the method of its transformation.

2. At all sections of technological processing routes there are potential opportunities for the manifestation of a large number of destabilizing factors that can have a negative impact on information. Therefore, an important characteristic should be the degree of protection of information from the influence of destabilizing factors.

Indicators of the second type are pragmatic in nature, their content is determined by the role, significance, importance of information in the process of solving problems, as well as the amount and content of information available at the time of solving the corresponding problem. Moreover, what is important here is not just the amount of information in absolute terms, but its sufficiency (completeness) for information support of the tasks being solved and adequacy, that is, compliance with the current state of those objects or processes to which the information being assessed relates. In addition, the purity of information is important, that is, the absence of unnecessary data or noise among the necessary information. Finally, for the effectiveness of problem solving, the form of information presentation is of no small importance from the point of view of ease of perception and use in the process of solving problems. Thus, the second type of indicators includes the following.

1. Importance of information. This is a generalized indicator that characterizes the significance of information from the point of view of the tasks for which it is used.

In this case, it is necessary to determine both the importance of the tasks themselves for the activity being provided, and the degree of importance of information for the effective solution of the corresponding task.

This approach is used, for example, by Academician I. A. Lazarev, who defines that one of the components of the concept of “information security” is achieving the required quality of information to solve the most important problems of ensuring the security of the state, the individual, and society.

To quantify the importance of information, two criteria are used: the level of losses in the event of unwanted changes in information during processing under the influence of destabilizing factors and the level of costs for restoring damaged information.

Then the information importance coefficient Kvi can be represented as a functional dependence on Rpi - the amount of losses when the quality of information is violated and Rcv - the value of the cost of restoring its quality.

For information processed and transmitted in the government communications system, there are the following categories of importance: special importance, top secret, secret, confidential - characterized by the amount of damage to the country.

2. Completeness of information. This is an indicator characterizing the degree of sufficiency of information to solve relevant problems. The completeness of information is assessed relative to a well-defined task or group of tasks. Therefore, in order to be able to determine the indicator of information completeness, it is necessary for each task or group of tasks to compile in advance a list of information that is necessary to solve them. To present such information, it is convenient to use the so-called object-characteristic tables (OCT), each of which is a two-dimensional matrix with a list of names of objects, processes or phenomena included in the circle of interests of the corresponding task given in the rows, and in the columns - the names of their characteristics (parameters) ), the values ​​of which are necessary to solve the problem. The set of all tables necessary to ensure the solution of all problems can be called the information cadastre of the object.

The coefficient of information completeness in some OCT can be expressed as follows:

where d is the element located in the z"th row and yy"th column; t - number of OXT lines; n - number of columns.

3. Adequacy of information. The adequacy of information is understood as the degree of correspondence to the actual state of the realities that the information being assessed reflects. In general, adequacy is determined by two parameters: the objectivity of generating information about an object, process or phenomenon and the duration of the time interval between the moment of generating information and the current moment, that is, until the moment of assessing its adequacy.

To assess the adequacy of the second parameter, the so-called law of information aging, known in information theory, is quite suitable (Fig. 2.3).

The indicator under consideration is widely used in cryptography when assessing the strength of encryption of transmitted information. For example, encryption equipment is equipment of guaranteed strength if the period of time before the enemy decrypts the intercepted message is such a value that by this moment the significance of the information as a result of its aging is close to zero, that is, the adequacy coefficient is close to zero.

4. Relevance of information. Relevance is an indicator of information that characterizes its compliance with the needs of the problem being solved. To quantitatively express this indicator, the so-called relevance coefficient (CR) is usually used, which determines the ratio of the volume of relevant information to the total volume of analyzed information. Difficulties in the practical use of this coefficient are associated with the quantitative expression of the amount of information.

There are many approaches to defining the concept of “amount of information”. For example, in the field of document management, this refers to the number of documents processed. In the field of information signal processing, this concept is related to the concept of “entropy”.

5. Information tolerance. This is an indicator characterizing the ease of perception and use of information in the process of solving a problem. This concept is very broad, largely vague and subjective. Thus, for a telephone communication system, it can characterize the intelligibility of voice messages transmitted over communication channels.

Indicators of the first and second types are inextricably linked. Thus, from the point of view of ensuring the information security of an object, the level of importance of information determines the required degree of its protection.

Assessing the quality of information according to the considered indicators allows you to analyze its potential value and, based on this, determine the necessary protection measures, that is, make the information protected.

CLASSIFICATION OF PROTECTED INFORMATION.

Information can be classified according to three main characteristics:

by ownership (ownership);

by types of secrecy and degree of secrecy (confidentiality);

Classification of protected information by ownership:

information that is a state or official secret, other types of protected information, including information that is a commercial secret. The owner of the protected information is the state and its structures;

information constituting a trade secret. The owner of the protected information is an enterprise, partnership, joint stock company, etc.;

party secret. State and commercial secrets cannot be excluded. Owner - public organizations;

information about citizens of the state: confidentiality of correspondence, telephone and telegraph conversations, medical confidentiality, etc. Preservation is guaranteed by the state. Personal secrets are their own business. The state is not responsible for the safety of personal secrets.

Classification of protected information by degree of secrecy (confidentiality):

of special importance (especially important) - OV;

top secret (strictly confidential) - SS;

secret (confidential) - C;

for official use (not for printing, sent to the list) - chipboard;

unclassified (open).

It should be noted that the higher the degree of secrecy of information determined by its owner, the higher the level of its protection, the more expensive it becomes, and the narrower the circle of people who become acquainted with this information.

Classification of protected information by content:

political;

economic;

intelligence and counterintelligence;

scientific and technical;

technological;

business and commercial.

CLASSIFICATION OF CARRIERS OF PROTECTED INFORMATION.

Information carriers are called material objects, including physical fields in which information is reflected in the form of symbols, images, signals, technical solutions and processes, thereby creating the opportunity for its accumulation, storage, transmission and use.

The same media is used to record both classified and unclassified information. As a rule, carriers of secret and confidential information are protected by the owner of this information.

Protected information media can be classified as follows:

documentation;

products (items);

substances and materials;

electromagnetic, thermal, radiation and other radiation;

hydroacoustic, seismic and other fields;

geometric shapes of buildings, their sizes, etc.

A person acts as a carrier of protected information. A person, as a keeper of secret and confidential information, has the ability (in addition to receiving information from the outside) to generate new information, including secret information, to assess the importance of the information in his memory, and to rank consumers of protected information.

At the same time, a person can take the path of deliberately not keeping secret information entrusted to him: commit high treason or spill secrets to his friends and relatives.

Let us briefly consider each of the above information carriers.

Document - information recorded on a tangible medium with details that allow its identification.

The form of the document as an information carrier: paper, film and photographic film, magnetic tapes, disks, etc. Information on the medium can be in the form of text, drawings, formulas, graphs, maps, etc.

The document that carries the protected information indicates the degree of confidentiality of the information (secrecy classification). Therefore, the consumer can know who and how to handle this information. The level of protection is determined by the importance of the protected information contained in the documents.

The weak properties of a document as a carrier of protected information are the following:

An unscrupulous consumer can use the information for his own purposes (if it is not encrypted);

The document may be lost (stolen, destroyed, damaged).

Products(items) as carriers of protected information: classified samples and complexes of military and other equipment; equipment; functional systems, units, devices included in complexes or samples; component elements - assembly units and parts that do not have independent or operational significance and are intended to perform the corresponding functions as part of equipment and weapons.

Materials and substances: structural and operational materials, semi-finished products, raw materials, fuel, etc., used in the manufacture and operation of equipment and its elements. For example, heat-resistant coatings on spacecraft. DI. Mendeleev unraveled the secret of making smokeless gunpowder based on the types of raw materials used by the manufacturer.

Substances that can carry information about a sensitive facility include waste from sensitive enterprises (water, air, precipitation on the ground around the facility, etc.).

Electromagnetic radiation of various frequencies carry information from the source of information (radio transmitter, emitter) to the receiver and are a “product” of the operation of radio engineering and other systems and, therefore, carry information about these systems. The emissions in question can carry confidential and secret information that can be intercepted and decoded by an opponent or competitor.

STATE SECRET

State secret - This is information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which could harm the security of the Russian Federation (Law of the Russian Federation “On State Secrets”).

This definition specifies the categories of information that are protected by the state, and that the dissemination of this information could harm the interests of state security.

The model for determining state secrets usually includes the following essential features:

Objects, phenomena, events, areas of activity that constitute state secrets.

The enemy (real or potential) from whom state secrets are mainly protected.

Indications in the law, list, instructions of information constituting a state secret.

Damage caused to defense, foreign policy, economy, scientific and technological progress of the country, etc. in the event of a leak of information constituting a state secret.

What information can be classified as a state secret is defined in Decree of the President of the Russian Federation of November 30, 1995 No. 1203. This includes information (we will only indicate sections): in the military field; in foreign policy and foreign economic activity; in the field of economics, science and technology; in the field of intelligence, counterintelligence and operational investigative activities.

Information cannot be classified as a state secret:

if its leak (disclosure, etc.) does not entail damage to the national security of the country;

in violation of applicable laws;

if concealing information would violate the constitutional and legislative rights of citizens;

to conceal activities that damage the environment and threaten the life and health of citizens (Article 7 of the Law of the Russian Federation “On State Secrets”).

Sign of state secret is the degree of secrecy of information attributed to it: of special importance; top secret; secret. These marks are affixed to documents or products (their packaging or accompanying documents). The information contained under these stamps is a state secret.

What criteria are used to classify information, firstly, as a state secret, and secondly, as one or another degree of secrecy? The answer to this question is given by the “Rules for classifying information constituting a state secret to various degrees of secrecy”, specified in Decree of the Government of the Russian Federation No. 870 of September 4, 1995.

Information of special importance information should be included, the dissemination of which could harm the interests of the Russian Federation in one or more areas of activity.

Top secret information information should be included, the dissemination of which could harm the interests of the Ministry (department) or sectors of the Russian economy in one or more areas of activity.

To confidential information All other information should be considered a state secret. Damage may be caused to the interests of an enterprise, institution or organization.

From these definitions one can see a relatively high degree of uncertainty in the characteristics characterizing one or another degree of secrecy of information constituting a state secret. Therefore, there is always room for the voluntary or involuntary introduction of a subjective factor into the process of classifying information.

Depending on the type, content, and extent of damage, groups of certain types of damage can be distinguished in the event of a leak (or possible leak) of information constituting a state secret.

Political damage may occur when there is a leak of information of a political and foreign policy nature, about the intelligence activities of state intelligence services, etc.

Economic damage can occur when information of any content is leaked: political, military, scientific and technical, etc. Economic losses from information leakage can be direct and indirect. Direct losses may occur due to the leak of information about weapons systems, the country's defense, which as a result have practically lost or lost their effectiveness and require large expenses for their replacement or readjustment. Indirect losses more often expressed in the form of the amount of lost profits: failure of negotiations with foreign companies on profitable deals; loss of priority in scientific research.

Moral damage, as a rule, of a non-property nature comes from a leak of information that caused or initiated an illegal
to the state a propaganda campaign that undermines the country’s reputation,
leading, for example, to the expulsion of our diplomatic
swearing, etc.

TRADE SECRET.

trade secret- this is information protected by an enterprise (firm, bank, etc.) in the field of production, new technologies, organizational, commercial and other activities, which has actual or potential commercial value for the enterprise due to its unknownness to other persons, disclosure (leakage, disclosure) which may harm the interests of the enterprise.

Signs of a trade secret enterprise is information that:

is the property of the enterprise, does not contain information that is the property of the state (information constituting a state secret) and does not belong to other enterprises and organizations;

reflects the technological, commercial, financial and other aspects of the enterprise’s activities;

has actual or potential economic value, consumer value due to its unknownness to other persons, which enables the enterprise to produce products and goods that are in demand on the market, to enter into equal, mutually beneficial transactions with other enterprises, firms, to find new clients, buyers of its products;

is the subject of attacks by other persons (legal or physical), since there is no free access to this information on legal grounds;

protected by the enterprise.

Decree of the Government of the Russian Federation dated December 5, 1991 No. 35 announced a list of information that cannot constitute a trade secret:

constituent documents;

documents giving the right to engage in entrepreneurial activity;

information on established reporting forms;

documents on solvency;

information on the number and composition of employees;

information about environmental pollution, etc.

The effect of the resolution does not apply to information classified as a trade secret in accordance with international treaties, as well as to information about the activities of an enterprise that constitutes a state secret.

Commercial information can be ranked according to its importance for the enterprise in order to regulate its dissemination among those working at the enterprise, indicate the users of this information, the level of its protection, etc.

The following system for indicating the degree of importance can be proposed:

trade secret - strictly confidential (KT - SK);

trade secret - confidential (CT - K);

trade secret (CT).