Tutorial on information and analytical work. Information: collection, protection, analysis
|Protection of information objects|
|Types of threats to information objects|
The general classification of threats to an automated information system of an object is as follows:
Threats to the confidentiality of data and programs. Implemented when unauthorized access to data (for example, to information about the state of accounts of bank customers), programs or communication channels.
Information processed on computers or transmitted over local data networks can be removed through technical leak channels. At the same time, equipment is used to analyze electromagnetic radiation arising from the operation of a computer.
Such information acquisition is a complex technical task and requires the involvement of qualified specialists. With the help of the receiver, made on the basis of a standard TV, you can intercept the information displayed on the screens of computer displays from a distance of a thousand meters or more. Certain information about the operation of a computer system is retrieved even when monitoring the process of exchanging messages without access to their content.
Threats to the integrity of data, programs, equipment. The integrity of data and programs is violated when unauthorized destruction, addition of unnecessary elements and modification of records on the state of accounts, changing the order of data arrangement, formation of falsified payment documents in response to legitimate requests, with active retransmission of messages with their delay.
Unauthorized modification of system security information may result in unauthorized actions (incorrect routing or loss of transmitted data) or distortion of the meaning of transmitted messages. The integrity of the equipment is violated if it is damaged, stolen or unlawfully altered operating algorithms.
Threats to data availability. Arise in the case when an object (user or process) does not get access to services or resources lawfully allocated to it. This threat is realized by the seizure of all resources, the blocking of communication lines by an unauthorized entity as a result of the transmission of its information on them or the exclusion of the necessary system information.
This threat can lead to unreliability or poor quality of service in the system and, therefore, will potentially affect the accuracy and timeliness of delivery of payment documents.
- Threats of failure to perform transactions. Arise in the case when a legal user sends or receives payment documents, and then denies it, to disclaim responsibility.
The vulnerability assessment of an automated information system and the construction of an impact model involve the study of all options for implementing the above threats and identifying the consequences to which they lead.
Threats may be due to:
- natural factors (natural disasters - fire, flood, hurricane, lightning, and other causes);
- human factors, which in turn are divided into:
passive threats (threats caused by an accidental, unintentional activity). These are threats associated with errors in the process of preparing, processing and transmitting information (scientific and technical, commercial, monetary and financial documentation); with unfocused “brain drain”, knowledge, information (for example, in connection with migration of the population, going to other countries for family reunification, etc.);
active threats (threats caused by deliberate, deliberate actions of people). These are threats associated with the transfer, distortion and destruction of scientific discoveries, inventions, production secrets, new technologies for mercenary and other antisocial motives (documentation, drawings, descriptions of discoveries and inventions, and other materials); viewing and transferring various documentation, viewing "garbage"; eavesdropping and transfer of official and other scientific, technical and commercial conversations; with purposeful “brain drain”, knowledge, information (for example, in connection with obtaining other citizenship for mercenary motives);
- man-machine and machine factors, subdivided into:
passive threats. These are threats associated with errors in the process of designing, developing and manufacturing systems and their components (buildings, structures, rooms, computers, communications, operating systems, application programs, etc.); with errors in the operation of the equipment due to poor quality of its manufacture; with errors in the process of preparing and processing information (errors of programmers and users due to insufficient qualifications and poor-quality service, errors of operators during the preparation, input and output of data, correction and processing of information);
active threats. These are threats associated with unauthorized access to the resources of an automated information system (making technical changes to computer equipment and communications equipment, connecting to computer equipment and communication channels, stealing various types of media: floppy disks, descriptions, printouts and other materials data, printouts, view "garbage"); non-contact threats (collection of electromagnetic radiation, interception of signals induced in circuits (conductive communications), visual-optical methods for extracting information, eavesdropping on official and scientific-technical conversations, etc.).
The main typical ways of information leakage and unauthorized access to automated information systems, including through telecommunication channels, are the following:
interception of electronic radiations;
forced electromagnetic irradiation (illumination) of communication lines in order to obtain parasitic modulation of the carrier;
the use of listening devices (bookmarks);
intercepting acoustic emissions and recovering printer text;
theft of media and industrial waste;
reading data in arrays of other users;
reading the residual information in the system memory after the execution of authorized requests;
copying media with overcoming protection measures;
disguise as a registered user;
hoax (masking for system requests);
illegal connection to equipment and communication lines;
malicious damage of defense mechanisms;
use of "software traps".
Possible channels of intentional unauthorized access to information in the absence of protection in an automated information system can be:
Regular channels of access to information (user terminals, means of displaying and documenting information, information carriers, software downloads, external communication channels) in case of their illegal use;
process consoles and controls;
internal installation of equipment;
communication lines between hardware;
spurious electromagnetic radiation carrying information;
side-crosstalk on power supply circuits, equipment grounding, auxiliary and extraneous communications located near the computer system.
Methods of impact of threats on information security objects are divided into information, software and mathematical, physical, radio electronic and organizational and legal.
Information methods include:
violation of targeting and timeliness of information exchange, illegal collection and use of information;
unauthorized access to information resources;
information manipulation (misinformation, hiding or distortion of information);
illegal copying of data in information systems;
violation of information processing technology.
Mathematical software methods include:
introduction of computer viruses;
installation of software and hardware embedded devices;
destruction or modification of data in automated information systems.
Physical modes include:
the destruction or destruction of information processing and communication facilities;
destruction, destruction or theft of computer or other original media;
theft of software or hardware keys and means of cryptographic protection of information;
delivery of "infected" components of automated information systems.
Electronic methods are:
interception of information in technical channels of its possible leakage;
introduction of electronic devices for intercepting information in technical equipment and premises;
interception, decryption and imposition of false information in data networks and communication lines;
impact on password-key systems;
electronic suppression of communication lines and control systems.
Organizational and legal methods include:
failure to comply with legal requirements and delays in the adoption of the necessary legal regulations in the information sphere;
unauthorized restriction of access to documents containing important information for citizens and organizations.
Security threats to software. Ensuring the security of automated information systems depends on the security of the software used in them and, in particular, the following types of programs:
regular user programs;
special programs designed to breach the security of the system;
a variety of system utilities and commercial applications that have a high professional level of development and nevertheless can contain some flaws that allow the invaders to attack the system.
Programs can cause two types of problems: first, they can intercept and modify data as a result of actions by a user who does not have access to this data, and secondly, by using omissions in protecting computer systems, they can either provide access to the system for users not authorized to do so, or block access to the system of legitimate users.
The higher the level of training of a programmer, the more implicit (even for him) the mistakes made by him become, and the more carefully and reliably he is able to hide the deliberate mechanisms designed to compromise the security of the system.
Programs can also be targeted for the following reasons:
In the modern world, programs can be a commodity that brings considerable profit, especially to those who are the first to start replicating the program for commercial purposes and issue copyrights to it.
Programs can also become the object of an attack, with the aim of modifying these programs in some way, which would allow in the future to attack other objects of the system. Especially often the object of attacks of this kind are programs that implement the functions of system protection.
Consider several types of programs and techniques that are most often used to attack programs and data. These techniques are denoted by a single term - “software traps”. These include “software hatches”, “Trojan horses”, “logic bombs”, “salami” attacks, covert channels, denials of service and computer viruses.
Hatches in the programs. The use of hatches for penetration into the program is one of the simplest and most frequently used methods of violating the security of automated information systems.
Luke is called the possibility of working with this software that is not described in the documentation for the software product. The essence of using hatches is that when a user performs some actions not described in the documentation, he gets access to the capabilities and data that are normally closed for him (in particular, access to the privileged mode).
Hatches are most often the result of forgetfulness developers. As a hatch, a temporary mechanism for direct access to parts of the product, created to facilitate the debugging process and not removed after it has been completed, can be used. Hatches can also be formed as a result of the often practiced technology of developing software products from the top down: their role will be left for any reason in the finished product "stubs" - groups of teams that imitate or simply indicate the location of the connection of future subprograms.
Finally, another common source of hatches is the so-called “unspecified input” - input of “meaningless” information, abracadabra in response to requests from the system. The reaction of an insufficiently well written program to an unspecified input may be, at best, unpredictable (when, when you re-enter the same incorrect command, the program reacts differently each time); much worse, if the program, as a result of the same “indefinite” input, performs some repetitive actions, this allows the potential invader to plan their actions for breaching security.
Undefined input is a private implementation of an interrupt. That is, in the general case, the invader can intentionally go on to create in the system some non-standard situation that would allow him to perform the necessary actions. For example, it can artificially cause a program that is running in privileged mode to crash in order to take control, remaining in that privileged mode.
The fight against the possibility of interruption, ultimately, results in the need to envisage, when developing programs, a set of mechanisms forming the so-called “protection against a fool”. The meaning of this protection is to ensure that any probability of processing unspecified input and various non-standard situations (in particular, errors) is cut off, and thus prevent the security of a computer system from being compromised even in the event of incorrect operation of the program.
Thus, the hatch (s) may be present in the program due to the fact that the programmer:
forgot to remove it;
deliberately left it in the program to ensure testing or performing the rest of the debugging;
deliberately left it in the program in order to facilitate the final assembly of the final software product;
deliberately left it in the program in order to have a hidden means of access to the program after it became part of the final product.
Luke is the first step to attack the system, the ability to penetrate the computer system bypassing the defense mechanisms.
Trojan Horses. There are programs that implement, in addition to the functions described in the documentation, and some other functions, not described in the documentation. Such programs are called "Trojan horses."
The probability of detecting a Trojan horse is the higher, the more obvious the results of its actions (for example, deleting files or changing their protection). More complex Trojan horses can mask the traces of their activities (for example, returning file protection to its original state).
"Logic bombs". "Logic bomb" is usually called a program or even a piece of code in a program that implements a certain function when a certain condition is met. This condition may be, for example, the occurrence of a specific date or the discovery of a file with a specific name.
“Exploding”, “logical bomb” implements a function unexpected and, as a rule, undesirable for the user (for example, deletes some data or destroys some system structures). "Logic Bomb" is one of the favorite ways to revenge programmers on companies that have fired or offended them.
Attack "salami". Attack "salami" has become a real scourge of banking computer systems. In banking systems, thousands of transactions are made every day related to non-cash payments, transfers of sums, deductions, etc.
When processing invoices, whole units (rubles, cents) are used, and when calculating interest, fractional sums are often obtained. Typically, values greater than half a ruble (cent) are rounded to the whole ruble (cent), and values less than half a ruble (cent) are simply discarded. When attacking "salami", these nonessential values are not removed, but gradually accumulate on a certain special account.
As practice shows, the amount made literally from nothing, for a couple of years of operation of a “cunning” program, on average, a bank can amount to thousands of dollars. Attacks "salami" is difficult enough to recognize, if the attacker does not begin to accumulate large amounts on one account.
Hidden channels. Hidden channels are programs that transmit information to persons who, under normal circumstances, should not receive this information.
In those systems where the processing of critical information is carried out, the programmer should not have access to the data processed by the program after the start of operation of this program.
From the fact of having some proprietary information, you can extract considerable benefits, even if you simply sold this information (for example, the list of clients) to a competing firm. A sufficiently qualified programmer can always find a way to conceal the transfer of information; however, a program designed to create the most innocuous reports may be a bit more complicated than the task requires.
For hidden information transfer, you can successfully use various format elements of “innocuous” reports, for example, different line lengths, gaps between lines, the presence or absence of service headers, controlled output of insignificant numbers in output values, the number of spaces or other characters in certain places of the report dd
If the invader has the ability to access the computer while the program of interest is working, the hidden channel can be sending critical information to a specially created in-memory array of data.
Hidden channels are most applicable in situations where the invader is not even interested in the content of the information, but, let's say, the fact of its existence (for example, the presence in the bank of a current account with a specific number).
Denial of service. Most security breaches are designed to gain access to data that is not allowed by the system under normal conditions. However, it is no less interesting for the invaders to access the management of the computer system itself or to change its quality characteristics, for example, to obtain a certain resource (processor, input / output device) for exclusive use or to provoke a clinch situation for several processes.
This may be required in order to explicitly use a computer system for its own purposes (at least for the free solution of its tasks) or simply to block the system, making it inaccessible to other users. This type of breach of security is called “denial of service” or “denial of benefits.” “Denial of service” is extremely dangerous for real-time systems — systems that control certain technological processes, perform various kinds of synchronization, etc.
Computer viruses. Computer viruses are the quintessence of all sorts of security breaches. One of the most frequent and favorite ways of spreading viruses is the Trojan horse method. From the "logical bomb" viruses differ only in the ability to multiply and ensure their launch, so many viruses can be considered a special form of "logical bombs".
To attack the system, viruses actively use various "hatches". Viruses can implement a variety of dirty tricks, including the attack "salami". In addition, the success of an attack of one type often reduces the “immunity” of the system, creates a favorable environment for the success of attacks of other types. Invaders know this and actively use this circumstance.
Of course, in their pure form, the techniques described above are quite rare. More often during the attack, separate elements of different techniques are used.
Threats to information in computer networks. Networks of computers have many advantages over the totality of separately working computers, including the following: the division of system resources, increasing the reliability of the system, load distribution among network nodes and extensibility by adding new nodes.
However, when using computer networks, there are serious problems of ensuring information security. It may be noted the following of them.
Sharing shared resources. Due to the sharing of a large number of resources by different network users, possibly located at a great distance from each other, the risk of unauthorized access is greatly increased, since it can be made easier and less noticeable on the network.
Expansion of the zone of control. The administrator or operator of a particular system or subnet must monitor the activities of users who are beyond his reach.
The combination of various software and hardware. Connecting multiple systems to a network increases the vulnerability of the entire system as a whole, since each information system is configured to fulfill its specific security requirements, which may be incompatible with those of other systems.
Unknown parameter. Easy network extensibility leads to the fact that it is sometimes difficult to determine the network boundaries, since the same node can be accessible to users of different networks. Moreover, for many of them it is not always possible to determine exactly how many users have access to a particular network node and who they are.
A lot of attack points. In networks, the same data set or message can be transmitted through several intermediate nodes, each of which is a potential source of threat. In addition, many modern networks can be accessed using dial-up lines and a modem, which greatly increases the number of possible attack points.
The complexity of managing and controlling access to the system. Many attacks on a network can be carried out without gaining physical access to a specific node — using a network from remote points.
In this case, the identification of the offender can be very difficult. In addition, the attack time may be too short to take adequate measures.
On the one hand, the network is a single system with uniform rules for processing information, and on the other, a set of separate systems, each of which has its own rules for processing information. Therefore, taking into account the duality of the nature of the network, an attack on the network can be carried out from two levels: upper and lower (their combination is also possible).
With a top-level attack on a network, an attacker uses the properties of a network to infiltrate another node and perform certain unauthorized actions. With a lower level of attack on a network, an attacker uses the properties of network protocols to violate the confidentiality or integrity of individual messages or the flow as a whole.
Disruption of the message flow can lead to information leakage and even loss of control over the network.
There are passive and active threats of the lower level, specific to networks.
Passive threats (violation of the confidentiality of data circulating on the network) are viewing and / or recording data transmitted over communication lines. These include:
chart analysis — an attacker can view the headers of packets circulating in the network and, based on the service information contained in them, make conclusions about the senders and recipients of the packet and the transmission conditions (time of departure, message class, security category, message length, traffic volume, etc. .).
Active threats (violation of the integrity or availability of resources and network components) - unauthorized use of devices that have access to the network to modify individual messages or message flow. These include:
failure of messaging services - an attacker can destroy or delay individual messages or the entire message flow;
"Masquerade" - an attacker can assign someone else's identifier to his node or relay station and receive or send messages on behalf of someone else;
Introduction of network viruses - transmission over the network of a virus body with its subsequent activation by a user of a remote or local node;
message stream modification — an attacker can selectively destroy, modify, delay, reorder, and duplicate messages, as well as insert fake messages.
Threats to commercial information. In the conditions of informatization, such methods of unauthorized access to confidential information as copying, fake, destruction are also of particular danger.
Copying. When unauthorized access to confidential information is copied: documents containing information of interest to the attacker; technical media; information processed in automated information systems. The following copying methods are used: photocopying, photocopying, thermocopying, photocopying and electronic copying.
Fake In a competitive environment, forgery, modification, and imitation become large-scale. The attackers forge trust documents, allowing to obtain certain information, letters, accounts, accounting and financial documentation; forge keys, passes, passwords, ciphers, etc. In automated information systems, for example, malicious acts such as falsification (the recipient's subscriber fakes the received message, passing it off as valid in his own interests), disguise (the - the sender is disguised as another subscriber in order to obtain his protected information).
Destruction. Of particular danger is the destruction of information in automated databases and knowledge bases. Information on magnetic media is destroyed with the help of compact magnets and programmatically (“logical bombs”). A significant place in crimes against automated information systems is occupied by sabotage, explosions, destruction, disabling of connecting cables, air-conditioning systems.
Methods and means of security
The methods of ensuring the protection of information are the following: obstacle, access control, masking, regulation, coercion and inducement.
An obstacle is a method of physically blocking the path of an attacker to the protected information (to equipment, information carriers, etc.).
Access control is a method of protecting information by regulating the use of all resources of an organization’s (company’s) automated information system. Access control includes the following security features:
identification of users, personnel and information system resources (assignment of a personal identifier to each object);
authentication (authentication) of the object or subject according to the identifier presented to them;
verification of authority (verification of compliance of the day of the week, time of day, requested resources and procedures with the established regulations);
permission and the creation of working conditions within the established regulations;
registration (recording) of appeals to protected resources;
response (alarm, shutdown, delayed work, denial of request) in case of unauthorized actions.
Masking is a method of protecting information in an automated information system by its cryptographic closure.
Regulation is a method of protecting information that creates conditions for the automated processing, storage and transmission of information under which the possibility of unauthorized access to it would be reduced to a minimum.
Coercion is a method of protecting information in which users and system personnel are forced to follow the rules for processing, transmitting and using protected information under threat of material, administrative or criminal liability.
Motivation is a method of protecting information that encourages users and system personnel not to violate established rules by adhering to established moral and ethical standards.
The above methods of ensuring the information security of an organization (company) are implemented in practice by using various protection mechanisms, for the creation of which the following fixed assets are used: physical, hardware, software, hardware-software, cryptographic, organizational, legislative, and moral-ethical.
Physical protection means are intended for external protection of the territory of objects, protection of components of an automated information system of an enterprise and are implemented as autonomous devices and systems.
Along with traditional mechanical systems, with the dominant human participation, universal • automated electronic systems of physical protection are being developed and implemented, designed to protect territories, protect premises, organize access control, and organize surveillance; fire alarm systems; systems to prevent theft of carriers.
The elemental base of such systems consists of various sensors, the signals from which are processed by microprocessors, electronic intelligent keys, devices for determining the biometric characteristics of a person, etc.
For the organization of the protection of the equipment included in the automated information system of the enterprise, and movable media (floppy disks, magnetic tapes, prints) are used:
various locks (mechanical, with code set, microprocessor controlled, radio-controlled), which are installed on the entrance doors, shutters, safes, cabinets, devices and blocks of the system;
microswitches, fixing the opening or closing of doors and windows;
inertial sensors, which can be connected using the lighting network, telephone wires and wiring of television antennas;
special foil stickers that are stuck on all documents, devices, components and blocks of the system to prevent their removal from the premises. Whenever an attempt is made to move an object with a sticker out of the room, a special installation (analogous to a detector of metal objects) placed near the exit gives an alarm signal;
special safes and metal cabinets for installing individual elements of an automated information system (file server, printer, etc.) and movable media in them.
To neutralize the leakage of information on the electromagnetic channels using shielding and absorbing materials and products. Wherein:
shielding of working premises where components of an automated information system are installed is carried out by covering walls, floor and ceiling with metallized wallpaper, conductive enamel and plaster, wire nets or foil, installing enclosures made of conductive bricks, multi-layer steel, aluminum sheets or special plastic sheets;
Metallic blinds and glass with conductive layer are used to protect windows;
all openings are covered with a metal grid connected to the grounding bus or wall shielding;
on the ventilation ducts mounted limit magnetic traps that prevent the propagation of radio waves.
To protect against interference on the electrical circuits of the nodes and blocks of the automated information system use:
shielded cable for intra-rack, intra-block, inter-block and outdoor installation;
shielded elastic connectors (connectors), surge suppression filters of electromagnetic radiation;
wires, lugs, chokes, capacitors and other interference suppressing radio and electrical products;
on plumbing, heating, gas and other metal pipes are placed separating dielectric inserts that carry out the opening of the electromagnetic circuit.
To monitor the power supply, electronic trackers are used - devices that are installed at the places where the AC voltage is introduced. If the power cord is cut, broken or blown, the encoded message triggers an alarm or activates a television camera to record events later.
For the detection of embedded "bugs" is considered the most effective X-ray examination. However, the implementation of this method is associated with great organizational and technical difficulties.
The use of special noise generators to protect against theft of information from computers by removing its radiation from display screens has an adverse effect on the human body, which leads to rapid baldness, loss of appetite, headaches, nausea. That is why they are rarely used in practice.
Hardware protection means various electronic, electromechanical, and other devices that are directly integrated into the blocks of an automated information system or designed as independent devices and interface with these blocks.
They are intended for the internal protection of the structural elements of computer equipment and systems: terminals, processors, peripheral equipment, communication lines, etc.
The main functions of hardware protection:
prohibition of unauthorized (unauthorized) external access (remote user, intruder) to a working automated information system;
prohibition of unauthorized internal access to individual files or databases of the information system, possible as a result of accidental or deliberate actions of the staff;
protection of active and passive (archived) files and databases associated with non-maintenance or shutdown of an automated information system;
software integrity protection.
These tasks are implemented by information security hardware using the access control method (identification, authentication and verification of authorities of system subjects, registration and response).
To work with particularly valuable information of the organization (company) computer manufacturers can produce individual disks with unique physical characteristics that do not allow reading information. In this case, the cost of a computer may increase several times.
Software protection tools are designed to perform logical and intelligent protection functions and are included either in the software of an automated information system or in the composition of tools, complexes and systems of control equipment.
Software protection of information is the most common type of protection, possessing the following positive properties: versatility, flexibility, ease of implementation, the ability to change and development. This circumstance makes them at the same time the most vulnerable elements of the protection of the enterprise information system.
Currently, a large number of operating systems, database management systems, network packages and application packages, including various information security tools, have been created.
With the help of software protection tools, the following information security tasks are solved:
control of loading and logging into the system using personal identifiers (name, code, password, etc.);
differentiation and control of access of subjects to resources and components of the system, external resources;
isolation of the programs of the process performed in the interests of a specific subject from other subjects (ensuring the work of each user in an individual environment);
management of confidential information flows in order to prevent recording on data carriers of an inappropriate level (neck) of secrecy;
protection of information from computer viruses;
erasing residual confidential information in unlocked after completing requests for fields of computer memory;
erasing residual confidential information on magnetic disks, issuing protocols on the results of erasing;
ensuring the integrity of information by introducing data redundancy;
automatic control over the work of users of the system based on the results of logging and the preparation of reports on the data of records in the system log.
Currently, a number of operating systems initially contain built-in locking "reuse". For other types of operating systems, there are quite a few commercial programs, not to mention the special security packages that implement similar functions.
The use of redundant data is aimed at preventing the appearance of random errors in the data and identifying unauthorized modifications. This may be the use of checksums, control of data on even-odd, robust coding, etc.
It is often practiced to store signatures of important objects of the system in some protected place. For example, for a file, a combination of the protection byte of the file with its name, length, and last modified date can be used as a signature. Whenever a file is accessed or in case of suspicion, the current characteristics of the file are compared with the standard.
The auditable property of the access control system means the possibility of reconstructing events or procedures. Means of ensuring auditable must find out what actually happened. Here we are talking about documenting executable procedures, maintaining logs, as well as the use of clear and unambiguous methods of identification and verification.
It should be noted that the task of access control while ensuring the integrity of resources reliably solves only the encryption of information.