slide 1

Completed by: student group 23 Gubanova E. Ya. Checked by: Turusinova I. P. Yoshkar-Ola, 2015

slide 2

Content Unauthorized access Information security tools Biometric security systems Anti-malware methods Data backup and recovery Hacker tools and protection against them Conclusion

slide 3

Unauthorized access Unauthorized access - actions that violate the established order of access or the rules of differentiation, access to programs and data, which is received by subscribers who have not been registered and do not have the right to familiarize themselves or work with these resources. Access control is implemented to prevent unauthorized access.

slide 4

Password protection Passwords are used to protect programs and data stored on your computer from unauthorized access. The computer allows access to its resources only to those users who are registered and have entered the correct password. Each specific user may be allowed access only to certain information resources. In this case, all unauthorized access attempts can be logged.

slide 5

Password protection Password protection is used when the operating system is loaded Password login can be set in the program BIOS Setup, the computer will not start loading the operating system unless the correct password is entered. It is not easy to overcome such protection. From unauthorized access can be protected: drives folders files local computer Certain access rights can be set for them: full access the ability to make changes only read write, etc.

slide 6

Information protection is an activity aimed at preventing information leakage, unauthorized and unintentional influences on information.

Slide 7

Slide 8

Information security tools Information security tools are a set of engineering, electronic, and other devices and devices used to solve various problems of information security, including preventing leakage and ensuring the security of protected information. Information security tools are divided into: Technical (hardware) tools Software Organizational means

Slide 9

Technical (hardware) means These are devices of various types, which solve the problems of information protection with hardware. They prevent physical penetration, access to information, including through its disguise. The first part of the task is solved by locks, bars on windows, security alarms, etc. The second part is noise generators, network filters, scanning radios and many other devices that "block" potential channels of information leakage or allow them to be detected.

slide 10

Software tools Software tools include programs for user identification, access control, information encryption, deletion of residual information such as temporary files, test control of the protection system, etc.

slide 11

Organizational means Organizational means consist of organizational and technical (preparation of premises with computers, laying of a cable system, taking into account the requirements of restricting access to it, etc.) and organizational and legal.

slide 12

Biometric security systems Biometric identification systems are used to protect against unauthorized access to information. The characteristics used in these systems are inalienable qualities of a person's personality and therefore cannot be lost and forged. Biometric information security systems include identification systems: by fingerprints; according to the characteristics of speech; on the iris of the eye; according to the image of the face; according to the geometry of the palm of the hand.

slide 13

Fingerprint identification Optical fingerprint scanners are installed on laptops, mice, keyboards, flash drives, and are also used as separate external devices and terminals (for example, at airports and banks). If the fingerprint pattern does not match the pattern of the user admitted to the information, then access to the information is impossible.

slide 14

Identification by speech characteristics Identification of a person by voice is one of the traditional methods of recognition, interest in this method is also associated with forecasts for the introduction of voice interfaces into operating systems. Voice identification is contactless and there are systems for restricting access to information based on frequency analysis of speech.

slide 15

Iris identification To identify the iris, special scanners connected to a computer are used. The iris of the eye is a unique biometric characteristic for each person. The eye image is extracted from the face image and a special barcode mask is superimposed on it. The result is a matrix, individual for each person.

slide 16

Facial Identification Facial recognition technologies are often used to identify a person. Recognition of a person occurs at a distance. Identification features take into account the shape of the face, its color, as well as the color of the hair. Important features include also the coordinates of facial points in places corresponding to a change in contrast (eyebrows, eyes, nose, ears, mouth and oval). Currently, the issuance of new international passports begins, in the microchip of which a digital photograph of the owner is stored.

slide 17

Identification by the palm of the hand In biometrics, for identification purposes, the simple geometry of the hand is used - the size and shape, as well as some information signs on the back of the hand (images on the folds between the phalanges of the fingers, patterns of the location of blood vessels). Fingerprint identification scanners are installed at some airports, banks and nuclear power plants.

slide 18

Other methods of identification use of habitoscopy (3D image of the face) - Nvisage - developed by Cambridge Neurodynamics EyeDentify's ICAM 2001 device - measures the properties of the retina - eSign - a program for identifying a digital signature identification by the structure and relative position of the blood vessels of the hand integrated system"One-on-one Facial Recognition"

slide 19

Digital (electronic) signature eSign is a signature identification program that uses a special digital pen and an electronic notepad to register a signature. During the registration process, eSign remembers not only the image of the signature itself, but also the dynamics of the movement of the pen. eSign analyzes whole line parameters, including general features of the handwriting of a particular person.

slide 20

A malicious program is a malicious program, that is, a program created with malicious intent or malicious intent. Antiviruses are used to protect against malware. The reason for the penetration of viruses on computers protected by an antivirus can be: the antivirus was disabled by the user; anti-virus databases were too old; weak protection settings were set; the virus used infection technology against which the antivirus had no means of protection; the virus entered the computer before the antivirus was installed, and was able to neutralize the antivirus tool; This was new virus, for which anti-virus databases have not yet been released Anti-malware methods

slide 21

Antivirus programs Modern antivirus programs provide comprehensive protection of programs and data on the computer from all types of malicious programs and methods of their penetration into the computer: Internet, local network, Email, removable media information. The principle of operation of anti-virus programs is based on scanning files, boot sectors discs and random access memory and search for known and new malware in them.

slide 22

Anti-virus programs The anti-virus monitor starts automatically when the operating system starts. Its main task is to provide maximum protection from malware with minimal slowdown of the computer. Antivirus scanner is launched according to a pre-selected schedule or at an arbitrary moment by the user. The anti-virus scanner searches for malware in RAM, as well as on hard and network drives computer.

slide 23

Backup and Restore of Data Backup is the process of creating a copy of data on media designed to restore data to its original or new location in the event of damage or destruction. Data recovery is the procedure for extracting information from a storage device when it cannot be read in the usual way.

slide 24

Hacker tools and protection against them Network attacks on remote servers are implemented using special programs that send numerous requests to them. This causes the server to freeze if the resources of the attacked server are insufficient to process all incoming requests. Some hacker tools implement fatal network attacks. Such utilities use vulnerabilities in operating systems and applications and send specially crafted requests to attacked computers on the network. As a result, a special kind of network request causes critical error in the attacked application, and the system stops working. Defence from hacker attacks Network Worms and Trojans Protection computer networks or individual computers from unauthorized access can be carried out using inter firewall. The firewall allows you to: block hacker DoS attacks by not allowing network packets from certain servers to reach the protected computer prevent network worms from penetrating the protected computer prevent Trojan programs from sending confidential information about the user and the computer.

slide 28

Types and methods of information protection From deliberate distortion, vandalism ( computer viruses) General methods of information security; preventive measures; use of anti-virus programs From unauthorized (illegal) access to information (its use, modification, distribution) Encryption; password protection; "electronic locks"; set of administrative and law enforcement measures Type of protection Method of protection

slide 29

I would like to hope that the system of information protection being created in the country and the formation of a set of measures for its implementation will not lead to irreversible consequences on the path of information and intellectual integration with the whole world that is emerging in Russia. Conclusion Information today is expensive and must be protected. Mass application personal computers, unfortunately, turned out to be associated with the emergence of self-reproducing virus programs that prevent the normal operation of the computer, destroy the file structure of disks and damage the information stored in the computer.

The official policy of the state in the field of information security is expressed in Doctrine of information security of the Russian Federation(Order of the President dated September 9, 2000 No. Pr-1895). It expresses a set of official views on the goals, objectives, principles and main directions of ensuring the information security of the Russian Federation and serves as the basis for:

  • For the formation of state policy in the field of information security of the Russian Federation
  • Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support of information security of the Russian Federation
  • Development of targeted programs for ensuring information security of the Russian Federation

Information Security- this is the state of protection of the subjects of the Russian Federation in the information sphere, reflecting the totality of the balanced interests of the individual, society and the state.

At the individual level implementation of the constitutional rights of a person and a citizen to access to information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as to protect information that ensures personal security.

At the level of society we are talking about ensuring the interests of the individual in this area, strengthening democracy, creating a state of law, achieving and maintaining public consent in the spiritual renewal of Russia.


Threatened security means an action or event that can lead to the destruction, distortion or unauthorized use of computer resources, including stored, transmitted and processed information, as well as software and hardware.

Type of threats:

  • accidental (or unintentional)
  • deliberate

The main means of protecting computer data:

  • protection of hardware components of the computer;
  • protection of communication lines;
  • database protection;
  • protection of the computer control subsystem.

Protection system - a set of tools and techniques that protect computer components and help minimize the risk to which its resources and users may be exposed.

There are various security mechanisms:

  • encryption ;
  • digital (electronic) signature ;
  • access control;
  • ensuring data integrity;
  • providing authentication;
  • traffic substitution;
  • routing control;
  • arbitration (or examination).

Exit


Encryption (cryptographic protection) is used to implement the encryption service and is used in a number of different services.

Encryption can be :

  • symmetrical– is based on using the same secret key for encryption and decryption.
  • asymmetrical- is characterized by the fact that one key is used for encryption, which is publicly available, and for decryption - another, which is secret. At the same time, knowledge of the public key does not make it possible to determine The secret key.

To implement the encryption mechanism, it is necessary to organize a special service for generating keys and distributing them among network subscribers.


Mechanisms digital signature used to implement authentication and repudiation services. These mechanisms are based on asymmetric encryption algorithms and include two procedures:

  • formation of the signature by the sender
  • its identification (verification) by the recipient.

First procedure provides encryption of the data block or its addition with a cryptographic checksum, and in both cases the secret key of the sender is used.

Second procedure is based on the use of a public key, the knowledge of which is sufficient to identify the sender.


Mechanisms access control check the authority of network objects (programs and users) to access its resources.

When accessing a resource through a connection, control is performed both at the exchange initialization point and at end point, as well as at intermediate points.

The basis for the implementation of these mechanisms are the matrix of access rights and various options for its implementation. Mandatory lists include security labels assigned to objects that give the right to use a resource.

Another type includes lists of access rights based on object authentication and subsequent verification of its rights in special tables (access control databases) that exist for each resource.


Mechanisms integrity apply both to individual data blocks and to information flows.

Integrity is ensured by the execution of interconnected encryption and decryption procedures by the sender and recipient, followed by a comparison of cryptographic checksums.

However, to implement protection against substitution of the block as a whole, it is necessary to control the integrity of the data stream, which can be implemented, for example, by means of encryption using keys that change depending on the previous blocks. It is also possible to use more simple methods type of numbering of blocks or their addition with the so-called hallmark (mark) of time.


Mechanisms authentication provide one-way and mutual authentication.

In practice, these mechanisms are combined with encryption, digital signature, and arbitration.


Traffic substitutions , in other words, the text padding mechanism is used to implement the data stream encryption service.

They are based on the generation of fictitious blocks by network objects, their encryption and organization of transmission over network channels.

This neutralizes the possibility of obtaining information about network users by observing the external characteristics of the flows circulating in the network.


source random threats , that occur during computer operation, there may be software errors, hardware failures, incorrect actions of users, operators or system administrators etc.


Intentional threats pursue certain goals related to causing damage to users (subscribers) of the network.

Types of deliberate threats:

  • Active
  • Passive

Active invasions violate normal functioning computer, make unauthorized changes to information flows, stored and processed information. These threats are implemented through a targeted impact on its hardware, software and information resources.

Active attacks include:

  • destruction or electronic suppression of communication lines,
  • disabling the entire system connected to the network, or its operating system,
  • misrepresentation of information in user databases or system structures data, etc.

The information stored in the computer memory can be selectively modified, destroyed, false data can be added to it.

Active intrusions are easy to detect, but difficult to prevent.


With a passive intrusion, the attacker only observes the passage and processing of information without intruding into information flows.

These intrusions are usually aimed at unauthorized use information resources computer without affecting its operation. Passive threat is, for example, receiving information transmitted over communication channels by listening to them.

In this case, the intruder performs an analysis of the message flow (traffic), fixes identifiers, destinations, message length, frequency and time of exchanges.

1 slide

Modern methods and means of information protection Completed by: student of group T3-09 Alexander Apetov 2012

2 slide

Information security is a set of organizational, technical and technological measures to protect information from unauthorized access, destruction, modification, disclosure and delays in access.

3 slide

Information security provides a guarantee that the following goals are achieved: confidentiality of information (property of information resources, including information related to the fact that they will not become available and will not be disclosed to unauthorized persons); the integrity of information and related processes (the immutability of information in the process of its transmission or storage); availability of information when it is needed (property of information resources, including information, which determines the possibility of their receipt and use at the request of authorized persons); accounting for all processes related to information.

4 slide

Information security consists of three components: Confidentiality, Integrity, Availability. The points of application of the information security process to the information system are: hardware, software, communication (communications). The procedures (mechanisms) of protection themselves are divided into protection of the physical level, protection of personnel, organizational level. Connectivity Hardware Software

5 slide

Security threat computer system is a potential incident (whether intentional or not) that could have an undesirable effect on the system itself, as well as on the information stored in it. An analysis of threats conducted by the agency by the National Computer Security Association in the United States revealed the following statistics:

6 slide

7 slide

A security policy is a set of measures and active actions to manage and improve security systems and technologies.

8 slide

Organizational protection organization of the regime and protection. organization of work with employees (selection and placement of personnel, including familiarization with employees, their study, training in the rules of working with confidential information, familiarization with the measures of responsibility for violation of information protection rules, etc.) organization of work with documents and documented information (development, use, accounting, execution, return, storage and destruction of documents and confidential information carriers) organization of use technical means collection, processing, accumulation and storage of confidential information; organization of work on the analysis of internal and external threats to confidential information and the development of measures to ensure its protection; organization of work on carrying out systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.

9 slide

Technical means of information security To protect the perimeter information system created: security and fire alarm systems; systems digital video observations; access control and management systems (ACS). The protection of information from its leakage by technical communication channels is provided by the following means and measures: the use of a shielded cable and the laying of wires and cables in shielded structures; installation of high-frequency filters on communication lines; construction of shielded rooms (“capsules”); use of shielded equipment; installation of active noise systems; creation of controlled zones.

10 slide

Information security hardware Special registers for storing security details: passwords, identification codes, vultures or secrecy levels; Devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him; Schemes for interrupting the transmission of information in the communication line in order to periodically check the address of data output. Devices for information encryption (cryptographic methods). Systems uninterruptible power supply: Uninterruptible power supplies; Load redundancy; Voltage generators.

11 slide

Information protection software Means of protection against unauthorized access (NSD): Means of authorization; Mandatory access control; Selective access control; Role based access control; Journaling (also called Audit). Analysis and simulation systems information flows(CASE systems). Network Monitoring Systems: Intrusion Detection and Prevention Systems (IDS/IPS). Confidential Information Leak Prevention Systems (DLP-systems). protocol analyzers. Antivirus tools.

12 slide

Information security software Firewalls. Cryptographic tools: Encryption; Digital signature. Systems Reserve copy. Authentication systems: Password; Access key (physical or electronic); Certificate; Biometrics. Tools for analysis of protection systems: Monitoring software product.

13 slide

TYPES OF ANTI-VIRUS PROGRAMS Detectors allow you to detect files infected with one of several known viruses. Some detector programs also perform heuristic analysis files and system areas of disks, which often (but by no means always) allows you to detect new viruses that are not known to the detector program. Filters are resident programs that notify the user of all attempts by a program to write to a disk, let alone format it, as well as other suspicious actions. Doctor programs or phages not only find virus-infected files, but also “cure” them, i.e. remove the body of the virus program from the file, returning the files to the initial state. Auditors remember information about the state of files and system areas of disks, and at subsequent launches they compare their state with the original one. If inconsistencies are found, the user is informed about this. Watchmen or filters are located resident in the computer's RAM and check executable files and inserted USB drives for viruses. Vaccine programs or immunizers modify programs and disks in such a way that this does not affect the operation of programs, but the virus against which vaccination is performed considers these programs or disks already infected.

14 slide

Disadvantages of anti-virus programs None of the existing anti-virus technologies can provide complete protection against viruses. The anti-virus program takes a part of the computing resources of the system, loading CPU and HDD. This can be especially noticeable in weak computers. Antivirus programs can see a threat where there is none (false positives). Antivirus programs download updates from the Internet, thereby consuming bandwidth. Various Methods Encryption and packaging of malware make even known viruses undetectable by antivirus software. Detection of these "masked" viruses requires a powerful decompression engine that can decrypt files before they are scanned. However, in many antivirus programs this possibility is not available and, therefore, it is often impossible to detect encrypted viruses.

15 slide

Understanding a computer virus A computer virus is a special program, causing deliberate harm to the computer on which it is launched for execution, or to other computers on the network. The main function of the virus is its reproduction.

16 slide

Classification of computer viruses by habitat; on operating systems; according to the algorithm of work; destructive potential.

1. Information environment. 2. Security models. 3. Spheres software protection. 4. Organizational system of objects of protection. 5. Means of network protection. 6. Create firewalls in corporate networks TABLE OF CONTENTS

The information sphere (environment) is a field of activity associated with the creation, dissemination, transformation and consumption of information. Any information security system has its own characteristics and at the same time must meet general requirements. General requirements to the information security system are as follows: 1. The information security system should be presented as a whole. The integrity of the system will be expressed in the presence of a single goal of its functioning, information links between its elements, the hierarchy of building a subsystem for managing the information security system. 2. The information security system must ensure the security of information, media and protection of the interests of participants in information relations.

3. The information security system as a whole, methods and means of protection should be as “transparent” as possible for the user, not create additional inconveniences for the user associated with the procedures for accessing information, and at the same time be insurmountable for unauthorized access by an attacker to protected information. 4. The information security system should provide information links within the system between its elements for their coordinated functioning and communication with external environment, before which the system shows its integrity and acts as a whole.

As a standard security model, a model of three categories is often cited: Confidentiality - the state of information in which access to it is carried out only by subjects who have the right to it; · Integrity - avoiding unauthorized modification of information; · Availability - avoid temporary or permanent hiding of information from users who have received access rights. There are also other not always mandatory categories of the security model: non-repudiation or appealability - the impossibility of refusing authorship; · accountability - ensuring the identification of the subject of access and registration of his actions; reliability - the property of compliance with the intended behavior or result; Authenticity or authenticity - a property that guarantees that the subject or resource is identical to the declared.

According to Kaspersky Lab experts, the task of ensuring information security should be addressed systematically. This means that various protections (hardware, software, physical, organizational, etc.) must be applied simultaneously and under centralized control. At the same time, the components of the system must “know” about the existence of a friend, interact and provide protection from both external and internal threats. To date, there is a large arsenal of methods for ensuring information security: means of identification and authentication of users (the so-called complex 3 A); means of encrypting information stored on computers and transmitted over networks; firewalls; · virtual private networks; content filtering tools; tools for checking the integrity of the contents of disks; · funds antivirus protection; · systems of detection of vulnerabilities of networks and analyzers of network attacks.

Software and hardware methods and means of ensuring information security. The literature suggests the following classification of information security tools. [ Means of protection against unauthorized access: Means of authorization; Mandatory access control; Selective access control; Role based access control; Journaling (also called Audit). Systems for analysis and modeling of information flows (CASE-systems). Network Monitoring Systems: Intrusion Detection and Prevention Systems (IDS/IPS). Confidential Information Leak Prevention Systems (DLP-systems).

Protocol analyzers Antivirus tools Firewalls Cryptographic tools: Encryption Digital signature. Backup systems Uninterruptible power supply systems: Uninterruptible power supplies; Load redundancy; Voltage generators. Authentication systems: Password; Access key (physical or electronic); Certificate; Biometrics. Means of preventing hacking of cases and theft of equipment. Means of control of access to premises. Tools for analysis of protection systems: Antivirus.

Organizational protection of informatization objects Organizational protection is the regulation of production activities and relationships between performers on a legal basis that excludes or significantly hinders the illegal acquisition of confidential information and the manifestation of internal and external threats. Organizational protection provides: organization of security, regime, work with personnel, with documents; the use of technical security equipment and information and analytical activities to identify internal and external threats to business activities.

Means of network protection for a LAN. Classification firewalls It is customary to distinguish the following classes of protective firewalls: filtering routers; session level gateways; application layer gateways. Filter Routers Filter incoming and outgoing packets using data contained in the TCP and IP headers. To select IP packets, groups of packet header fields are used: IP address of the sender; recipient's IP address; sender port; recipient port.

Individual routers control the network interface of the router from which the packet originated. This data is used for more detailed filtering. The latter can be done different ways, terminating connections to certain ports or PCs. Filtering rules for routers are complicated. There is no possibility of validation, except for slow and laborious manual testing. Also, the disadvantages of filtering routers include cases if: internal network; complex routing rules require excellent knowledge of TCP and UDP; when a firewall is hacked, all computers on the network become defenseless or inaccessible. But filtering routers also have a number of advantages: low cost; flexible definition of filtering rules; low latency when working with packets

Creating Firewalls on Corporate Networks If you want to install a reliable corporate or local network, it is necessary to solve the following tasks: network protection from unauthorized remote access using the global Internet; protection of network configuration data from WAN visitors; separation of access to a corporate or local network from the global one and vice versa. To ensure the security of a protected network, various schemes for creating firewalls are used: A firewall in the form of a filtering router is the simplest and most common option. The router is located between the network and the Internet. For protection, data is used to analyze the addresses and ports of incoming and outgoing packets.

A firewall using a dual port gateway is a host with two network interfaces. The main filtering of data exchange is carried out between these ports. A filtering router can be installed to increase security. In this case, an internal shielded network is formed between the gateway and the router, which can be used to install an information server. Screened Gateway Firewall - High management flexibility, but not enough security. It differs by the presence of only one network interface. Packet filtering is performed in several ways: when an internal host opens access to the global network only for selected services, when all connections from internal hosts are blocked. Shielded Subnet Firewall - Two shielding routers are used to create it. The outer one is installed between the shielded subnet and the Internet, the inner one is between the shielded subnet and the internal protected network. A good option for security with significant traffic and high speed work.

Information securityInformatization process inevitably leads to integration
these environments, so the problem of information security
must be decided taking into account the totality of conditions
circulation of information, creation and use
information resources in this information environment.
The information environment is a set of conditions,
means and methods based on computer systems,
designed to create and use
information resources.
The combination of factors that pose a threat to
functioning of the information environment is called
information threats.

Information Security -
a set of measures to protect information
the environment of society and man.

Information Security Goals

protection of national
interests;
human provision and
reliable society
and complete information
legal protection
individual and society
upon receipt,
dissemination and
use
information.

Information security objects

informational resources;
system for creating, distributing and
use of information resources;
information infrastructure of society
(information communications, communication networks,
data analysis and processing centers, systems and
means of information protection);
mass media;
human and state rights to receive,
dissemination and use of information;
intellectual property protection and
confidential information.

Sources of information threats

Sources
External
Internal
Country Policies
Loss lag
informatization
Informational
war
Backlog in
technology
Criminal
activity
Inadequate
the level of education
Other sources
Other sources

Types of information threats

Informational
threats
Deliberate
Theft
information
Computer
viruses
Physical
impact
for equipment
Random
Mistakes
user
Mistakes
professionals
Failures and failures
equipment
Force majeure
circumstances

Computer viruses

Computer virus -
this is small program, written
highly qualified programmer
capable of self-reproduction
and performing various malicious actions.

Computer viruses
in terms of harmful
impact
Non-hazardous
Dangerous
Very dangerous

Computer viruses
by habitat
File
Macroviruses
Boot
Network

Antivirus programs

Antivirus program (antivirus) -
any program to detect
computer viruses and unwanted
(considered malicious) programs in general
and recovery of infected
(modified) by such programs
files, as well as for prevention -
prevent infection (modifications)
files or operating system
malicious code.

Information security methods

When developing methods for protecting information in
information environment should take into account the following
important factors and conditions:
expanding the use of computers
and increasing the growth rate of the computer park;
a high degree of concentration of information in
centers of its processing and, as a consequence, the appearance
centralized databases for
for collective use;
expanding user access to global
information resources;
software complexity
computing process on a computer.

Protection methods:
Restricting access to
information;
Encryption
information;
Access control to
equipment;
Legislative
measures.

Every year the number
information threats
computer security
systems and methods
implementation constantly
increases. Main
the reasons here are
shortcomings of modern
information technologies
and constantly increasing
hardware complexity.
To overcome these reasons
directed efforts
numerous
software developers
and hardware methods
information protection in
computer systems.

Security policy

Security policy -
is a combination of technical, software and
organizational measures aimed at protecting
information on a computer network.