Types of information protection, scope of their coverage.

Classification of information security methods. Universal methods of information protection, areas of their application. Areas of application of organizational, cryptographic and engineering methods of information protection.

Concept and classification of information security tools. Purpose of software, cryptographic and technical means of protection.

Under the guise of ZI is meant a relatively isolated area of ​​information security, including its inherent methods, means and measures to ensure information security.

Legal protection– a type of protection that includes a set of rules established and protected by the state regulating the protection of information.

Legal protection of information regulates:

1) determines the type of secret; the composition of information that relates and can be classified as each type of secret, except commercial; and the procedure for classifying information as various types of secrets;

3) establishes the rights and obligations of owners of protected information;

4) establishes the basic rules (standards) for working with protected information, except for that constituting a commercial secret;

5) establishes criminal, administrative and material liability for an illegal attempt on protected information, as well as its loss and disclosure as a result of which negative consequences have occurred or could have occurred for the owner or possessor of the information.

Some of these issues should be regulated only by law, the other part by laws and by-laws.

Organizational information security– this is a type of protection that includes a set of organizational and administrative documents, organizational methods and measures that regulate and ensure the organization, technology and control of information protection.

Organizational information protection is the most important type of information protection, this is due to the fact that it is multifunctional and, unlike other types of protection, is able to autonomously (independently) provide separate areas of protection, and at the same time accompany other types of protection, since not one of them can provide one or another direction of protection without implementing the necessary organizational measures.

In relation to areas of activity, five areas of application of organizational protection can be distinguished:

1. Ensuring compliance with established legal standards for information protection. This direction is carried out by regulating the activities of the enterprise and its employees, which allows, obliges or forces them to comply with the requirements of legal standards for information protection. For this purpose, legal norms are either laid down (transferred) into the regulatory documents of the enterprise regulating the organization and technology of work, employee relations, conditions for hiring and dismissing employees, labor regulations, etc., or are transformed in special regulatory documents on information protection. At the same time, one does not exclude the other: some issues may be reflected in general documents, some in special documents.

2. Ensuring the implementation of cryptographic, software, hardware and engineering information protection. This direction is carried out through the development of normative, methodological, organizational and technical documents, as well as carrying out the necessary organizational measures to ensure the implementation and operation of methods and means of these types of protection.

3. Ensuring the protection of individual areas independently only through organizational methods and measures. It allows you to solve the following issues only through organizational methods:

Determination of protected information media;

Establishing the scope of circulation of protected information;

Ensuring a differentiated approach to information protection (features of protecting secrets, specifics of information protection);

Establishing the circle of persons allowed to access protected information;

Ensuring compliance with the rules for working with information by its users;

Prevention of the use of protected information during open work and events, including when preparing materials for the media, demonstrations at open exhibitions, speaking at open events, conducting unclassified office work, and so on.

4. Providing protection for certain areas in combination with other types of protection. This direction allows, in combination with other types of protection:

Identify sources, types and methods of destabilizing influence on information;

Determine the reasons, circumstances and conditions for the implementation of a destabilizing effect on information;

Identify channels and methods of unauthorized access to protected information;

Determine information security methods;

Establish a procedure for handling protected information;

Install a system for accessing protected information;

Ensure the protection of information: during its production, processing and storage; during its transmission via communication lines and during physical transmission to third-party organizations; when users work with it; during closed conferences, meetings, seminars, exhibitions; during a closed educational process and the defense of a dissertation; when implementing international cooperation; in case of emergency situations.

5. This direction represents the unification into a single system of all types, methods and means of information security. It is implemented through the development and implementation of regulatory and methodological documents on the organization of local systems and comprehensive information protection, organizational support for the functioning of systems, as well as by ensuring control over the reliability of systems.

The basis cryptographic protection information is made up of cryptography, which stands for secret writing, a system for changing information in order to make it incomprehensible to uninitiated persons, therefore cryptographic information protection is defined as a type of protection carried out by transforming (closing) information using encryption, coding or other special methods.

The goals of cryptography have changed throughout history. At first it served more to ensure secrecy, to prevent unauthorized disclosure of information transmitted through military and diplomatic communications. With the advent of the information age, the need to use cryptography in the private sector emerged. The amount of confidential information is enormous - medical records, legal, financial documents. Recent advances in cryptography have made it possible to use it not only to ensure the authenticity and integrity of information. To maintain the secrecy of a message, in addition to cryptographic methods, physical protection and steganography are used. As practice has shown, the most effective information protection is provided based on cryptographic methods and, as a rule, in combination with other methods. An important concept in cryptography is strength - this is the ability to resist attempts by a cryptanalyst well armed with modern technology and knowledge to decipher an intercepted message, reveal cipher keys, or violate the integrity and/or authenticity of information.

Modern cryptographic protection is implemented by a combination of mathematical, software, organizational methods and tools. It is used not only and not so much to cover information during its storage and processing, but during its transmission, both in traditional ways, and especially through radio and cable communication channels.

Software and hardware information protection– a type of information protection, including special protection programs that operate autonomously or are implemented in information processing software or technical information protection devices.

There are no software and hardware methods for protecting information; therefore, information protection is carried out only by information security tools.

Informatization of many areas of society (defense, politics, finance and banking, environmentally hazardous industries, healthcare and others) leads to the use of computing tools when carrying out work related to the processing and storage of confidential information and requiring guaranteed reliability of the results and the information being processed. Mainframe computers and software are most often used as computing tools. This forces us to develop and apply additional information security tools when creating secure automated systems and secure information technologies.

Thus, software and hardware protection is designed to protect information technologies and technical means of information processing.

Judging by the growing number of publications and companies professionally involved in protecting information in computer systems, great importance is attached to solving this problem. One of the most obvious reasons for a security system breach is intentional unauthorized access (UNA) to confidential information by illegal users and subsequent unwanted manipulations with this information.

Data protection– this is a set of measures taken to prevent leakage, theft, loss, unauthorized destruction, distortion, modification (counterfeiting), unauthorized copying, blocking of information, etc. Since the loss of information can occur for purely technical, objective and unintentional reasons, this definition also includes measures related to increasing the reliability of the server due to failures or malfunctions of hard drives, deficiencies in the software used, etc.

Classification of information security tools

Means of ensuring information security in terms of preventing intentional actions, depending on the method of implementation, can be divided into groups:

1. Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.), which use hardware to solve information security problems. They either prevent physical penetration, or, if penetration does occur, access to information, including through its masking. The first part of the problem is solved by locks, bars on windows, security alarms, etc. The second part is solved by noise generators, surge protectors, scanning radios and many other devices that “block” potential channels of information leakage or allow them to be detected. Advantages technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weak sides– insufficient flexibility, relatively large volume and weight, high cost.

2. Software include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the security system, etc. Benefits of software– versatility, flexibility, reliability, ease of installation, ability to be modified and developed. Flaws– limited functionality of the network, use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware).

3. Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties.

4. Organizational means consist of organizational and technical (preparing premises with computers, laying a cable system, taking into account the requirements for limiting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). Advantages organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Flaws– high dependence on subjective factors, including the general organization of work in a particular department.

Software tools are distinguished according to the degree of distribution and availability, so they are discussed in more detail below. Other means are used in cases where it is necessary to provide an additional level of information protection.

Encryption data protection is a type of information security software and is of particular importance in practice as the only reliable protection of information transmitted over long serial lines from leakage. Encryption forms the last, almost insurmountable “line” of protection against unauthorized access. The term "encryption" is often used in connection with the more general concept of cryptography. Cryptography includes methods and means of ensuring information confidentiality (including through encryption) and authentication. Confidentiality– protection of information from familiarization with its contents by persons who do not have the right to access it. In its turn authentication is the establishment of the authenticity of various aspects of information interaction: communication session, parties (identification), content (imitation protection) and source (attribution using a digital signature).

Classic data encryption algorithms

The following "classic" encryption methods are available:

Substitution (simple - single-alphabetic, multi-alphabetic single-loop, multi-alphabetic multi-loop);

Permutation (simple, complicated);

Gamma (mixing with short, long or unlimited mask).

Substitution involves the use of an alternative alphabet (or several) instead of the original one. In the case of a simple substitution for characters of the English alphabet, you can propose, for example, the following replacement (see Table 1).

Table 1. Example of replacing characters during substitution

Then the word "cache" is encrypted as "usuxk".

Rearrangement potentially provides greater decryption resistance than substitution and is performed using a digital key or equivalent keyword, as shown in the following example (see Table 2). The digital key consists of non-repeating numbers, and the corresponding keyword consists of non-repeating symbols. The source text (plain text) is written line by line under the key. The encrypted message (cipher text) is written out in columns in the order prescribed by the digits of the key or in the order in which the individual characters of the keyword are located.

Table 2. Example of using simple permutation

For the example under consideration, the encrypted message will look like this: AIHHORTTPHPαEααα…SSCEα.

Gumming(mixing with mask) is based on bitwise addition modulo 2 (according to EXCLUSIVE OR logic) of the original message with a pre-selected binary sequence (mask). A compact representation of the mask can be numbers in the decimal number system or some text (in this case, internal character codes are considered - for English text, the ASCII table). In Fig. Figure 1 shows how the original character "A" when added to the mask 0110 10012 becomes the character "(" in the encrypted message.

Rice. 1 Example of using gamma

The listed "classical" encryption methods (substitution, permutation and gamma) are linear in the sense that the length of the encrypted message is equal to the length of the original text. Maybe nonlinear transformation type of substitution instead of original characters (or entire words, phrases, sentences) of pre-selected combinations of characters of a different length. Information protection is also effective by cutting and spreading method, when the original data is divided into blocks, each of which does not contain useful information, and these blocks are stored and transmitted independently of each other. For text information, the selection of data for such blocks can be done in groups that include a fixed number of bits, less than the number of bits per character in the encoding table. Recently, the so-called computer steganography(from the Greek words steganos - secret, mystery and graphy - record), which is the hiding of a message or file in another message or file. For example, you can hide an encrypted audio or video file in a large information or image file. The volume of the container file must be at least eight times larger than the volume of the original file. Examples of common programs that implement computer steganography are S – Tools (for Windows’95/NT OS). and Steganos for Windows’95. The actual encryption of information is carried out using standard or non-standard algorithms.

Standard encryption methods (national or international), to increase the degree of resistance to decryption, implement several stages (steps) of encryption, each of which uses different “classical” encryption methods in accordance with the selected key (or keys). There are two fundamentally different groups of standard encryption methods:

Encryption using the same keys (ciphers) during encryption and decryption (symmetric encryption or private-key systems);

Encryption using public keys for encryption and private keys for decryption (asymmetric encryption or public-key systems).

Information security software

Built-in information security tools in network operating systems are available, but they cannot always completely solve problems that arise in practice. For example, the network operating systems NetWare 3.x, 4.x allow for reliable “in-depth” data protection from hardware failures and damage. Novell's SFT (System Fault Tolerance) system includes three main levels:

SFT Level I provides, in particular, for the creation of additional copies of FAT and Directory Entries Tables, immediate verification of each data block newly written to the file server, as well as reservation of about 2% of the disk capacity on each hard drive. When a failure is detected, the data is redirected to a reserved area of ​​the disk, and the failed block is marked as “bad” and is not used in the future.

SFT Level II contains additional capabilities for creating "mirror" disks, as well as duplicating disk controllers, power supplies and interface cables.

SFT Level III allows you to use duplicate servers on a local network, one of which is the “master”, and the second, containing a copy of all information, comes into operation if the “main” server fails.

The system for controlling and restricting access rights in NetWare networks (protection against unauthorized access) also contains several levels:

Initial access level (includes the user name and password, a system of accounting restrictions - such as explicit permission or prohibition of work, allowable time for working on the network, hard disk space occupied by the personal files of a given user, etc.);

Level of user rights (restrictions on the performance of individual operations and/or on the work of a given user, as a member of a department, in certain parts of the network file system);

Level of directory and file attributes (restrictions on the performance of individual operations, including deleting, editing or creating, coming from the file system and affecting all users trying to work with these directories or files);

File server console level (locking the file server keyboard during the absence of the network administrator until he enters a special password).

Specialized software protecting information from unauthorized access have generally better capabilities and characteristics than built-in network OS tools. In addition to encryption programs and cryptographic systems, there are many other external information security tools available. Of the most frequently mentioned solutions, the following two systems should be noted that allow limiting and controlling information flows.

1. Firewalls - firewalls (literally firewall - fire wall). Special intermediate servers are created between the local and global networks, which inspect and filter all network/transport level traffic passing through them. This allows you to dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger completely. A more secure version of the method is the masquerading method, when all traffic originating from the local network is sent on behalf of the firewall server, making the local network almost invisible.

2. Proxy-servers (proxy – power of attorney, trusted person). All network/transport level traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java and JavaScript code).

Protecting information on the network rice. 9.1. can be improved through the use of special noise generators that mask side electromagnetic radiation and interference, noise suppression network filters, power supply noise devices, scramblers (telephone conversation scramblers), cell phone jammers, etc. The radical solution is to switch to fiber-optic connections, which are free from the influence of electromagnetic fields and make it possible to detect the fact of an unauthorized connection.

In general, the means of ensuring information security in terms of preventing intentional actions, depending on the method of implementation, can be divided into groups:

1. Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.), which use hardware to solve information security problems. They either prevent physical penetration, or, if penetration does occur, access to information, including through its masking. The first part of the problem is solved by locks, window bars, security alarms, etc. The second is the noise generators mentioned above, surge protectors, scanning radios and many other devices that “block” potential channels of information leakage or allow them to be detected. The advantages of technical means are associated with their reliability, independence from subjective factors, and high resistance to modification. Weaknesses: insufficient flexibility, relatively large volume and weight, high cost.

2. Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the security system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, ability to modify and development. Disadvantages - limited network functionality, use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware).

3. Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties.

4. Organizational means consist of organizational and technical (preparing premises with computers, laying a cable system, taking into account the requirements for limiting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular department.

Software tools are distinguished according to the degree of distribution and availability, so they are discussed in more detail below (see “Standard encryption methods and cryptographic systems” and “Information security software”). Other means are used in cases where it is necessary to provide an additional level of information protection.

Encryption data protection is a type of information security software and is of particular importance in practice as the only reliable protection of information transmitted over long serial lines from leakage. Encryption forms the last, almost insurmountable “line” of protection against unauthorized access. The term "encryption" is often used in connection with the more general concept of cryptography. Cryptography includes methods and means of ensuring information confidentiality (including through encryption) and authentication. Confidentiality– protection of information from familiarization with its contents by persons who do not have the right to access it. In its turn authentication is the establishment of the authenticity of various aspects of information interaction: communication session, parties (identification), content (imitation protection) and source (attribution using a digital signature).

The number of encryption programs used is limited, and some of them are de facto or de jure standards. However, even if the encryption algorithm is not a secret, it is extremely difficult to decrypt (decrypt) without knowing the private key. This property in modern encryption programs is ensured in the process of multi-stage transformation of the original open information (plain text in English literature) using a key (or two keys - one each for encryption and decryption). Ultimately, any complex encryption method (algorithm) is a combination of relatively simple methods.

Specialized information security software against unauthorized access, they generally have better capabilities and characteristics than built-in network OS tools. In addition to encryption programs and cryptographic systems, there are many other external information security tools available. Of the most frequently mentioned solutions, the following two systems should be noted that allow limiting and controlling information flows.

1. Firewalls - firewalls (literally firewall - fire wall). Special intermediate servers are created between the local and global networks, which inspect and filter all network/transport level traffic passing through them. This allows you to dramatically reduce the threat of unauthorized access from outside to corporate networks, but does not eliminate this danger completely. A more secure version of the method is the masquerading method, when all traffic originating from the local network is sent on behalf of the firewall server, making the local network almost invisible.

2. Proxy-servers (proxy – power of attorney, trusted person). All network/transport level traffic between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local one become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level (viruses, Java and JavaScript code).

Firewall or firewall- a set of hardware or software that monitors and filters network packets passing through it at various levels OSI models in accordance with given rules.

The main purpose of a firewall is to protect computer networks or individual nodes from unauthorized access. Also, firewalls are often called filters, since their main task is not to let through (filter) packets that do not meet the criteria defined in the configuration.

Other name: Firewall (German Brandmauer) - a term borrowed from German, which is an analogue of English firewall in its original meaning (a wall that separates adjacent buildings, preventing the spread fire). It is interesting that in the field of computer technology in German the word “ firewall».

A suite of network security products called Check Point FireWall-1 provides access control on the Internet, Intranet, Extranet, as well as remote access with advanced functions authorization and authentication of users. FireWall-1 allows network address translation (NAT) And scan data streams for the presence of inappropriate information and viruses. A wide range of basic and service functions makes it possible to implement an integrated network and information security solution that fully meets the modern requirements of any organization, both large and small. The suite of products, called Check Point's "Open Platform for Secure Enterprise Collaboration," is based on the concept of unifying information security technologies around a single means of representing enterprise information security in the form of a single, comprehensive security policy. This approach allows for closer integration of products from other manufacturers based on FireWall-1. This provides centralized monitoring, management and configuration of these systems. Only FireWall-1 allows an organization to create a single, integrated security policy that would apply to multiple firewalls and be managed from any point in the enterprise network chosen for this purpose. The product also has a lot of additional features, such as managing access lists of hardware routers,

With thousands of installations in organizations around the world, Check Point FireWall-1 is the most widespread and best-tested firewall product available today.

Based on stateful packet inspection technology, an industry-leading network traffic control technology developed and patented by Check Point, FireWall-1 provides the highest level of security. This method ensures the collection of information from data packets, both communication and application levels, which is achieved by storing and accumulating it in special context tables that are dynamically updated. This approach provides complete control even over the application level without the need to introduce a separate intermediary application ( proxy) for each protected network service.

Thus, the user gains in performance and has the opportunity to flexibly expand the system, quickly and reliably protect new applications and protocols, without resorting to the development of intermediary applications.

Check Point FireWall-1 comes with support for hundreds of predefined network services, protocols and applications. In addition to existing services and protocols, FireWall-1 allows you to quickly and efficiently create your own protocol handlers using the built-in high-level language INSPECT. The INSPECT virtual machine forms the basis of Check Point FireWall-1 technology.

Check Point FireWall-1 uses a distributed client-server architecture, which provides unique opportunities for system expansion, as well as centralized management of the deployed complex.

Product components support Windows 95, Windows NT, UNIX, routers, switches, remote access devices (through OPSEC partners of Check Point) and cross-platform interoperability provide industry-leading flexibility and ease of deployment.

Check Point FireWall-1's patented stateful inspection provides the highest possible level of control and security. FireWall-1 controls connections at layers 3 to 7 of the OSI network model, while proxy intermediaries can only control layers 5 to 7.

Thus, Check Point FireWall-1 has unique information about the contents of network packets, connections and applications. This aggregate data about connection state, application context, network topology, along with security policy rules, is used to provide enterprise-wide security policy. Additional protection is provided to the computer itself with FireWall-1, since this software intercepts, analyzes, takes the necessary actions in relation to all connections and only then passes these information packets into the operating system of the gateway computer, which saves the operating system from unauthorized access.

Check Point's implementation of stateful inspection technology uses dynamic tables to store information about the context of connections, both active and pre-existing. The contents of these tables are checked when processing a connection attempt. This approach provides excellent performance and ensures that the connection is processed with the latest communication status information. State tables are located in the operating system kernel and cannot be corrupted or overwritten, like files on disk. If the system is rebooted, FireWall-1 begins to form new tables, which prevents the ability to operate with damaged data. Clearing tables is equivalent to completely denying connections, which ensures network security in such cases.

Information today is an important resource, the loss of which is fraught with unpleasant consequences. The loss of confidential company data carries the threat of financial losses, since the information obtained can be used by competitors or attackers. To prevent such undesirable situations, all modern companies and institutions use information security methods.

Information systems (IS) security is a whole course that all programmers and specialists in the field of IS development take. However, knowing the types of information threats and protection technologies is necessary for everyone who works with classified data.

Types of information threats

The main type of information threat, against which an entire technology is created at every enterprise, is unauthorized access by attackers to data. Attackers plan criminal actions in advance, which can be carried out through direct access to devices or through a remote attack using programs specially designed to steal information.

In addition to the actions of hackers, companies often face situations of information loss due to disruption of software and hardware.

In this case, secret materials do not fall into the hands of attackers, but they are lost and cannot be restored, or they take too long to recover. Failures in computer systems can occur for the following reasons:

• Loss of information due to damage to storage media – hard drives;
• Errors in the operation of software;
• Hardware malfunction due to damage or wear.

Modern methods of information protection

Data protection technologies are based on the use of modern methods that prevent information leakage and loss. Today there are six main methods of protection:

• Let;
• Disguise;
• Regulation;
• Control;
• Compulsion;
• Inducement.

All of these methods are aimed at building an effective technology that eliminates losses due to negligence and successfully repels various types of threats. An obstacle is a method of physical protection of information systems, thanks to which attackers are not able to enter the protected area.

Masking is a method of protecting information that involves converting data into a form that is not suitable for perception by unauthorized persons. Deciphering requires knowledge of the principle.

Management – ​​methods of protecting information in which all components of the information system are controlled.

Regulation is the most important method of protecting information systems, which involves the introduction of special instructions according to which all manipulations with protected data must be carried out.

Coercion – methods of information protection that are closely related to regulation, involving the introduction of a set of measures in which employees are forced to comply with established rules. If methods of influencing workers are used in which they follow instructions for ethical and personal reasons, then we are talking about motivation.

The video shows a detailed lecture on information security:

Information systems protection means

Methods of protecting information require the use of a certain set of tools. To prevent the loss and leakage of secret information, the following means are used:

• Physical;
• Software and hardware;
• Organizational;
• Legislative;
• Psychological.

Physical information security measures prevent unauthorized persons from accessing the protected area. The main and oldest means of physical obstruction is the installation of strong doors, reliable locks, and bars on windows. To enhance information security, checkpoints are used where access control is carried out by people (guards) or special systems. In order to prevent information loss, it is also advisable to install a fire protection system. Physical means are used to protect data on both paper and electronic media.

Software and hardware are an indispensable component for ensuring the security of modern information systems.

Hardware is represented by devices that are built into equipment for processing information. Software tools – programs that repel hacker attacks. Also included in the category of software are software packages that perform the restoration of lost information. Using a complex of equipment and programs, information is backed up to prevent losses.

Organizational means are associated with several methods of protection: regulation, management, coercion. Organizational means include the development of job descriptions, conversations with employees, and a set of punishment and reward measures. With the effective use of organizational tools, enterprise employees are well aware of the technology of working with protected information, clearly perform their duties and are responsible for the provision of false information, leakage or loss of data.

Legislative measures are a set of regulations that regulate the activities of people who have access to protected information and determine the extent of responsibility for the loss or theft of classified information.

Psychological means are a set of measures to create personal interest among employees in the safety and authenticity of information. To create personal interest among staff, managers use different types of incentives. Psychological means also include building a corporate culture in which each employee feels like an important part of the system and is interested in the success of the enterprise.

Protection of transmitted electronic data

To ensure the security of information systems, methods of encryption and protection of electronic documents are actively used today. These technologies allow for remote data transfer and remote authentication.

Methods of protecting information by encryption (cryptographic) are based on changing information using secret keys of a special type. The technology of cryptography of electronic data is based on transformation algorithms, replacement methods, and matrix algebra. The strength of the encryption depends on how complex the conversion algorithm was. Encrypted information is reliably protected from any threats other than physical ones.

Electronic digital signature (EDS) is a parameter of an electronic document that serves to confirm its authenticity. An electronic digital signature replaces the signature of an official on a paper document and has the same legal force. The digital signature serves to identify its owner and confirm the absence of unauthorized transformations. The use of digital signatures not only ensures the protection of information, but also helps reduce the cost of document flow technology and reduces the time it takes to move documents when preparing reports.

Information systems security classes

The protection technology used and the degree of its effectiveness determine the security class of the information system. International standards distinguish 7 systems security classes, which are combined into 4 levels:

• D – zero safety level;
• C – random access systems;
• B – systems with forced access;
• A – systems with verifiable safety.

Level D corresponds to systems in which protection technology is poorly developed. In such a situation, any unauthorized person has the opportunity to gain access to information.

Using underdeveloped security technology can lead to loss or loss of information.

Level C has the following classes – C1 and C2. Security class C1 involves separation of data and users. A certain group of users has access only to certain data; authentication is required to obtain information - verifying the authenticity of the user by asking for a password. With safety class C1, the system has hardware and software protection. Systems with class C2 are supplemented with measures to guarantee user responsibility: an access log is created and maintained.

Level B includes security technologies that have Level C classes, plus a few extra ones. Class B1 requires a security policy, a trusted computing base to manage security labels, and enforced access control. In class B1, specialists carefully analyze and test the source code and architecture.

Safety class B2 is typical for many modern systems and assumes:

• Providing security labels to all system resources;
• Registration of events that are associated with the organization of secret memory exchange channels;
• Structuring the trusted computing base into well-defined modules;
• Formal security policy;
• High system resistance to external attacks.

Class B3 assumes, in addition to class B1, notifying the administrator about attempts to violate security policy, analyzing the appearance of secret channels, having mechanisms for data recovery after a hardware failure or.

Level A includes one, the highest security class - A. This class includes systems that have been tested and received confirmation of compliance with formal top-level specifications.

The video shows a detailed lecture on information system security:

In the first part of “Fundamentals of Information Security,” we examined the main types of threats to information security. In order for us to begin choosing information security tools, it is necessary to consider in more detail what can be classified as information.

Information and its classification

Information can be classified into several types and, depending on the category of access to it, is divided into publicly available information, as well as information to which access is limited - confidential data and state secrets.

Information, depending on the order of its provision or distribution, is divided into information:

1. Freely redistributable
2. Provided by agreement of persons involved in relevant relationships
3. Which, in accordance with federal laws to be provided or distributed
4. Distribution, which in the Russian Federation limited or prohibited

1. Mass- contains trivial information and operates with a set of concepts understandable to most of society.
2. Special- contains a specific set of concepts that may not be understandable to the bulk of society, but are necessary and understandable within the narrow social group where this information is used.
3. Secret- access to which is provided to a narrow circle of people and through closed (secure) channels.
4. Personal (private)- a set of information about a person that determines social status and types of social interactions.

According to the law of the Russian Federation of July 21, 1993 N 5485-1 (as amended on 03/08/2015) “On state secrets” article 5. “List of information constituting state secrets” applies:

1. Information in the military field.
2. Information in the field of economics, science and technology.
3. Information in the field of foreign policy and economics.
4. Information in the field of intelligence, counterintelligence and operational-search activities, as well as in the field of countering terrorism and in the field of ensuring the safety of persons in respect of whom a decision has been made to apply state protection measures.

Confidential data– this is information to which access is limited in accordance with state laws and regulations that companies establish independently. The following types of confidential data can be distinguished:

• Personal confidential data: Information about facts, events and circumstances of a citizen’s private life, allowing his identity to be identified (personal data), with the exception of information that is subject to dissemination in the media in cases established by federal laws. The only exception is information that is disseminated in the media.
• Service confidential data: Official information, access to which is limited by government authorities in accordance with the Civil Code of the Russian Federation and federal laws (official secrets).
• Judicial confidential data: On state protection of judges, officials of law enforcement and regulatory authorities. On state protection of victims, witnesses and other participants in criminal proceedings. Information contained in the personal files of convicted persons, as well as information on the forced execution of judicial acts, acts of other bodies and officials, except for information that is publicly available in accordance with Federal Law of October 2, 2007 N 229-FZ “On Enforcement Proceedings” .
• Commercial Confidential Data: all types of information that is related to commerce (profit) and access to which is limited by law or information about the essence of an invention, utility model or industrial design before the official publication of information about them by the enterprise (secret developments, production technologies, etc.).
• Professional Confidential Data: Information related to professional activities, access to which is limited in accordance with the Constitution of the Russian Federation and federal laws (medical, notarial, attorney-client confidentiality, confidentiality of correspondence, telephone conversations, postal items, telegraphic or other messages, and so on)

Personal Information

The operator of personal data is- state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

Processing of personal data- any action (operation) or set of actions (operations) performed using automation tools or without the use of such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

The right to process personal data is enshrined in regulations on government bodies, federal laws, and licenses for working with personal data issued by Roskomnadzor or FSTEC.

Companies that professionally work with personal data of a wide range of people, for example, virtual server hosting companies or telecom operators, must enter the register, which is maintained by Roskomnadzor.

For example, our hosting of virtual servers VPS.HOUSE operates within the framework of the legislation of the Russian Federation and in accordance with licenses of the Federal Service for Supervision of Communications, Information Technologies and Mass Communications No. 139322 dated December 25, 2015 (Telematic communication services) and No. 139323 dated December 25 .2015 (Communication services for data transmission, with the exception of communication services for data transmission for the purpose of transmitting voice information).

Based on this, any site that has a user registration form in which information related to personal data is indicated and subsequently processed is a personal data operator.

Taking into account article 7 of the law No. 152-FZ“On Personal Data”, operators and other persons who have access to personal data are obliged not to disclose to third parties or distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law. Accordingly, any operator of personal data is obliged to ensure the necessary security and confidentiality of this information.

In order to ensure the security and confidentiality of information, it is necessary to determine what types of information media there are, access to which can be open and closed. Accordingly, methods and means of protection are also selected depending on the type of media.

Main storage media:

• Print and electronic media, social networks, other Internet resources;
• Employees of the organization who have access to information based on their friendly, family, and professional connections;
• Communication means that transmit or store information: telephones, automatic telephone exchanges, other telecommunications equipment;
• Documents of all types: personal, official, state;
• Software as an independent information object, especially if its version was modified specifically for a specific company;
• Electronic storage media that processes data automatically.

Classification of information security tools

In accordance with the federal law of July 27, 2006 No. 149-FZ(as amended on July 29, 2017) “On information, information technologies and information protection”, article 7, clause 1 and clause 4:

1. Information protection represents adoption of legal, organizational and technical measures, aimed at:

• Security protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions in relation to such information;
• Compliance confidentiality of restricted access information;
• Implementation rights to access information.

• Prevention unauthorized access to information and (or) transfer of it to persons who do not have the right to access information;
• Timely detection facts of unauthorized access to information;
• Warning the possibility of adverse consequences of violating the order of access to information;
• Non-admission impact on technical means of information processing, as a result of which their functioning is disrupted;
• Possibility of immediate recovery information modified or destroyed due to unauthorized access to it;
• Constant control ensuring the level of information security;
• Finding on the territory of the Russian Federation, databases of information, with the use of which the collection, recording, systematization, accumulation, storage, clarification (updating, changing), and retrieval of personal data of citizens of the Russian Federation are carried out (clause 7 introduced by the Federal Law of July 21, 2014 No. 242-FZ).

1. Legal level ensures compliance with government standards in the field of information protection and includes copyright, decrees, patents and job descriptions.
   A well-built security system does not violate user rights and data processing standards.
2. Organizational level allows you to create regulations for how users work with confidential information, select personnel, and organize work with documentation and data carriers.
   The rules for how users work with confidential information are called access control rules. The rules are established by the company's management together with the security service and the supplier who implements the security system. The goal is to create conditions for access to information resources for each user, for example, the right to read, edit, or transfer a confidential document.
   Access control rules are developed at the organizational level and implemented at the stage of work with the technical component of the system.
3. Technical level conventionally divided into physical, hardware, software and mathematical (cryptographic).

Information security tools

Informal means of information security

Legal basis ( legislative means) information security is provided by the state. Information protection is regulated by international conventions, the Constitution, federal laws “On Information, Information Technologies and Information Protection”, laws of the Russian Federation “On Security”, “On Communications”, “On State Secrets” and various by-laws.

Also, some of the listed laws were cited and discussed by us above as the legal basis for information security. Failure to comply with these laws entails threats to information security that can lead to significant consequences, which in turn are punishable under these laws, up to and including criminal liability.

The state will also determine the extent of responsibility for violating the provisions of legislation in the field of information security. For example, Chapter 28 “Crimes in the field of computer information” in the Criminal Code of the Russian Federation includes three articles:

• Article 272 “Illegal access to computer information”;
• Article 273 “Creation, use and distribution of malicious computer programs”;
• Article 274 “Violation of the rules for operating means of storing, processing or transmitting computer information and information and telecommunication networks.”

To reduce the impact of these aspects, a set of organizational, legal and organizational and technical measures is required that would eliminate or minimize the possibility of threats to confidential information.

In this administrative and organizational activity for information protection, there is scope for creativity for security officers.

These include architectural and planning solutions that make it possible to protect meeting rooms and management offices from eavesdropping, and the establishment of different levels of access to information.

From the point of view of regulating the activities of personnel, it will be important to formalize a system of requests for access to the Internet, external e-mail, and other resources. A separate element will be the receipt of an electronic digital signature to enhance the security of financial and other information that is transmitted to government agencies via e-mail.

Towards moral and ethical means can be attributed to the moral norms or ethical rules that have developed in society or a given team, compliance with which contributes to the protection of information, and violation of them is equated to non-compliance with the rules of behavior in society or the team. These norms are not mandatory, like legally approved norms; however, their non-compliance leads to a decline in the authority and prestige of a person or organization.

Formal information security measures

Physical means of information protection– these are any mechanical, electrical and electronic mechanisms that operate independently of information systems and create obstacles to access to them.

Locks, including electronic ones, screens, and blinds are designed to create obstacles to the contact of destabilizing factors with systems. The group is supplemented by security systems, for example, video cameras, video recorders, sensors that detect movement or excess levels of electromagnetic radiation in the area where technical means are located to obtain information.

Hardware information security– these are any electrical, electronic, optical, laser and other devices that are built into information and telecommunication systems: special computers, employee monitoring systems, server protection and corporate networks. They prevent access to information, including by masking it.

Hardware includes: noise generators, surge protectors, scanning radios and many other devices that “block” potential information leakage channels or allow them to be detected.

Information security software– these are simple and complex programs designed to solve problems related to ensuring information security.

Examples of complex solutions are DLP systems and SIEM systems.

DLP systems(“Data Leak Prevention” literally means “preventing data leakage”), respectively, serve to prevent leakage, reformat information and redirect information flows.

SIEM systems(“Security Information and Event Management”, which means “Event and Information Security Management”) provide real-time analysis of security events (alarms) emanating from network devices and applications. SIEM is represented by applications, devices or services, and is also used to log data and generate reports for interoperability with other business data.

Software tools are demanding on the power of hardware devices, and during installation it is necessary to provide additional reserves.

Mathematical (cryptographic)– implementation of cryptographic and stenographic methods of data protection for secure transmission over a corporate or global network.

Cryptography is considered one of the most reliable methods of data protection, because it protects the information itself, and not access to it. Cryptographically converted information has an increased degree of security.

The introduction of cryptographic information protection means involves the creation of a hardware and software complex, the architecture and composition of which is determined based on the needs of a specific customer, legal requirements, assigned tasks and the necessary methods and encryption algorithms.

This may include encryption software components (crypto providers), VPN organization tools, identification tools, tools for generating and verifying keys and electronic digital signatures.

Encryption tools can support GOST encryption algorithms and provide the necessary classes of cryptographic protection depending on the required degree of protection, regulatory framework and compatibility requirements with other systems, including external systems. At the same time, encryption tools provide protection for the entire set of information components, including files, directories with files, physical and virtual storage media, entire servers and data storage systems.

In conclusion of the second part, having briefly examined the main methods and means of protecting information, as well as the classification of information, we can say the following: The long-known thesis is once again confirmed that ensuring information security is a whole set of measures that includes all aspects of protection information, the creation and provision of which must be approached most carefully and seriously.

The “Golden Rule” must be strictly observed and under no circumstances should it be violated - this is an integrated approach.

For a more visual representation of information security measures, precisely as an indivisible set of measures, they are presented below in Figure 2, each of the bricks of which represents the protection of information in a certain segment; remove one of the bricks and a security threat will arise.

Figure 2. Classification of information security tools.