slide 1
Completed by: student group 23 Gubanova E. Ya. Checked by: Turusinova I. P. Yoshkar-Ola, 2015slide 2
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img1.jpg)
slide 3
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img2.jpg)
slide 4
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img3.jpg)
slide 5
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img4.jpg)
slide 6
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img5.jpg)
Slide 7
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img6.jpg)
Slide 8
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img7.jpg)
Slide 9
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img8.jpg)
slide 10
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img9.jpg)
slide 11
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img10.jpg)
slide 12
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img11.jpg)
slide 13
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img12.jpg)
slide 14
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img13.jpg)
slide 15
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img14.jpg)
slide 16
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img15.jpg)
slide 17
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img16.jpg)
slide 18
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img17.jpg)
slide 19
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img18.jpg)
slide 20
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img19.jpg)
slide 21
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img20.jpg)
slide 22
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img21.jpg)
slide 23
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img22.jpg)
slide 24
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img23.jpg)
slide 28
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img27.jpg)
slide 29
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img28.jpg)
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img1.jpg)
The official policy of the state in the field of information security is expressed in Doctrine of information security of the Russian Federation(Order of the President dated September 9, 2000 No. Pr-1895). It expresses a set of official views on the goals, objectives, principles and main directions of ensuring the information security of the Russian Federation and serves as the basis for:
- For the formation of state policy in the field of information security of the Russian Federation
- Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support of information security of the Russian Federation
- Development of targeted programs for ensuring information security of the Russian Federation
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img2.jpg)
Information Security- this is the state of protection of the subjects of the Russian Federation in the information sphere, reflecting the totality of the balanced interests of the individual, society and the state.
At the individual level implementation of the constitutional rights of a person and a citizen to access to information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as to protect information that ensures personal security.
At the level of society we are talking about ensuring the interests of the individual in this area, strengthening democracy, creating a state of law, achieving and maintaining public consent in the spiritual renewal of Russia.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img3.jpg)
Threatened security means an action or event that can lead to the destruction, distortion or unauthorized use of computer resources, including stored, transmitted and processed information, as well as software and hardware.
Type of threats:
- accidental (or unintentional)
- deliberate
![](https://i2.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img4.jpg)
The main means of protecting computer data:
- protection of hardware components of the computer;
- protection of communication lines;
- database protection;
- protection of the computer control subsystem.
![](https://i2.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img5.jpg)
Protection system - a set of tools and techniques that protect computer components and help minimize the risk to which its resources and users may be exposed.
There are various security mechanisms:
- encryption ;
- digital (electronic) signature ;
- access control;
- ensuring data integrity;
- providing authentication;
- traffic substitution;
- routing control;
- arbitration (or examination).
Exit
![](https://i1.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img6.jpg)
Encryption (cryptographic protection) is used to implement the encryption service and is used in a number of different services.
Encryption can be :
- symmetrical– is based on using the same secret key for encryption and decryption.
- asymmetrical- is characterized by the fact that one key is used for encryption, which is publicly available, and for decryption - another, which is secret. At the same time, knowledge of the public key does not make it possible to determine The secret key.
To implement the encryption mechanism, it is necessary to organize a special service for generating keys and distributing them among network subscribers.
![](https://i1.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img7.jpg)
Mechanisms digital signature used to implement authentication and repudiation services. These mechanisms are based on asymmetric encryption algorithms and include two procedures:
- formation of the signature by the sender
- its identification (verification) by the recipient.
First procedure provides encryption of the data block or its addition with a cryptographic checksum, and in both cases the secret key of the sender is used.
Second procedure is based on the use of a public key, the knowledge of which is sufficient to identify the sender.
![](https://i1.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img8.jpg)
Mechanisms access control check the authority of network objects (programs and users) to access its resources.
When accessing a resource through a connection, control is performed both at the exchange initialization point and at end point, as well as at intermediate points.
The basis for the implementation of these mechanisms are the matrix of access rights and various options for its implementation. Mandatory lists include security labels assigned to objects that give the right to use a resource.
Another type includes lists of access rights based on object authentication and subsequent verification of its rights in special tables (access control databases) that exist for each resource.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img9.jpg)
Mechanisms integrity apply both to individual data blocks and to information flows.
Integrity is ensured by the execution of interconnected encryption and decryption procedures by the sender and recipient, followed by a comparison of cryptographic checksums.
However, to implement protection against substitution of the block as a whole, it is necessary to control the integrity of the data stream, which can be implemented, for example, by means of encryption using keys that change depending on the previous blocks. It is also possible to use more simple methods type of numbering of blocks or their addition with the so-called hallmark (mark) of time.
![](https://i2.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img10.jpg)
Mechanisms authentication provide one-way and mutual authentication.
In practice, these mechanisms are combined with encryption, digital signature, and arbitration.
![](https://i2.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img11.jpg)
Traffic substitutions , in other words, the text padding mechanism is used to implement the data stream encryption service.
They are based on the generation of fictitious blocks by network objects, their encryption and organization of transmission over network channels.
This neutralizes the possibility of obtaining information about network users by observing the external characteristics of the flows circulating in the network.
![](https://i2.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img12.jpg)
source random threats , that occur during computer operation, there may be software errors, hardware failures, incorrect actions of users, operators or system administrators etc.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img13.jpg)
Intentional threats pursue certain goals related to causing damage to users (subscribers) of the network.
Types of deliberate threats:
- Active
- Passive
![](https://i1.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img14.jpg)
Active invasions violate normal functioning computer, make unauthorized changes to information flows, stored and processed information. These threats are implemented through a targeted impact on its hardware, software and information resources.
Active attacks include:
- destruction or electronic suppression of communication lines,
- disabling the entire system connected to the network, or its operating system,
- misrepresentation of information in user databases or system structures data, etc.
The information stored in the computer memory can be selectively modified, destroyed, false data can be added to it.
Active intrusions are easy to detect, but difficult to prevent.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img15.jpg)
With a passive intrusion, the attacker only observes the passage and processing of information without intruding into information flows.
These intrusions are usually aimed at unauthorized use information resources computer without affecting its operation. Passive threat is, for example, receiving information transmitted over communication channels by listening to them.
In this case, the intruder performs an analysis of the message flow (traffic), fixes identifiers, destinations, message length, frequency and time of exchanges.
1 slide
Modern methods and means of information protection Completed by: student of group T3-09 Alexander Apetov 2012
2 slide
Information security is a set of organizational, technical and technological measures to protect information from unauthorized access, destruction, modification, disclosure and delays in access.
3 slide
Information security provides a guarantee that the following goals are achieved: confidentiality of information (property of information resources, including information related to the fact that they will not become available and will not be disclosed to unauthorized persons); the integrity of information and related processes (the immutability of information in the process of its transmission or storage); availability of information when it is needed (property of information resources, including information, which determines the possibility of their receipt and use at the request of authorized persons); accounting for all processes related to information.
4 slide
Information security consists of three components: Confidentiality, Integrity, Availability. The points of application of the information security process to the information system are: hardware, software, communication (communications). The procedures (mechanisms) of protection themselves are divided into protection of the physical level, protection of personnel, organizational level. Connectivity Hardware Software
5 slide
Security threat computer system is a potential incident (whether intentional or not) that could have an undesirable effect on the system itself, as well as on the information stored in it. An analysis of threats conducted by the agency by the National Computer Security Association in the United States revealed the following statistics:
6 slide
7 slide
A security policy is a set of measures and active actions to manage and improve security systems and technologies.
8 slide
Organizational protection organization of the regime and protection. organization of work with employees (selection and placement of personnel, including familiarization with employees, their study, training in the rules of working with confidential information, familiarization with the measures of responsibility for violation of information protection rules, etc.) organization of work with documents and documented information (development, use, accounting, execution, return, storage and destruction of documents and confidential information carriers) organization of use technical means collection, processing, accumulation and storage of confidential information; organization of work on the analysis of internal and external threats to confidential information and the development of measures to ensure its protection; organization of work on carrying out systematic control over the work of personnel with confidential information, the procedure for accounting, storage and destruction of documents and technical media.
9 slide
Technical means of information security To protect the perimeter information system created: security and fire alarm systems; systems digital video observations; access control and management systems (ACS). The protection of information from its leakage by technical communication channels is provided by the following means and measures: the use of a shielded cable and the laying of wires and cables in shielded structures; installation of high-frequency filters on communication lines; construction of shielded rooms (“capsules”); use of shielded equipment; installation of active noise systems; creation of controlled zones.
10 slide
Information security hardware Special registers for storing security details: passwords, identification codes, vultures or secrecy levels; Devices for measuring individual characteristics of a person (voice, fingerprints) in order to identify him; Schemes for interrupting the transmission of information in the communication line in order to periodically check the address of data output. Devices for information encryption (cryptographic methods). Systems uninterruptible power supply: Uninterruptible power supplies; Load redundancy; Voltage generators.
11 slide
Information protection software Means of protection against unauthorized access (NSD): Means of authorization; Mandatory access control; Selective access control; Role based access control; Journaling (also called Audit). Analysis and simulation systems information flows(CASE systems). Network Monitoring Systems: Intrusion Detection and Prevention Systems (IDS/IPS). Confidential Information Leak Prevention Systems (DLP-systems). protocol analyzers. Antivirus tools.
12 slide
Information security software Firewalls. Cryptographic tools: Encryption; Digital signature. Systems Reserve copy. Authentication systems: Password; Access key (physical or electronic); Certificate; Biometrics. Tools for analysis of protection systems: Monitoring software product.
13 slide
TYPES OF ANTI-VIRUS PROGRAMS Detectors allow you to detect files infected with one of several known viruses. Some detector programs also perform heuristic analysis files and system areas of disks, which often (but by no means always) allows you to detect new viruses that are not known to the detector program. Filters are resident programs that notify the user of all attempts by a program to write to a disk, let alone format it, as well as other suspicious actions. Doctor programs or phages not only find virus-infected files, but also “cure” them, i.e. remove the body of the virus program from the file, returning the files to the initial state. Auditors remember information about the state of files and system areas of disks, and at subsequent launches they compare their state with the original one. If inconsistencies are found, the user is informed about this. Watchmen or filters are located resident in the computer's RAM and check executable files and inserted USB drives for viruses. Vaccine programs or immunizers modify programs and disks in such a way that this does not affect the operation of programs, but the virus against which vaccination is performed considers these programs or disks already infected.
14 slide
Disadvantages of anti-virus programs None of the existing anti-virus technologies can provide complete protection against viruses. The anti-virus program takes a part of the computing resources of the system, loading CPU and HDD. This can be especially noticeable in weak computers. Antivirus programs can see a threat where there is none (false positives). Antivirus programs download updates from the Internet, thereby consuming bandwidth. Various Methods Encryption and packaging of malware make even known viruses undetectable by antivirus software. Detection of these "masked" viruses requires a powerful decompression engine that can decrypt files before they are scanned. However, in many antivirus programs this possibility is not available and, therefore, it is often impossible to detect encrypted viruses.
15 slide
Understanding a computer virus A computer virus is a special program, causing deliberate harm to the computer on which it is launched for execution, or to other computers on the network. The main function of the virus is its reproduction.
16 slide
Classification of computer viruses by habitat; on operating systems; according to the algorithm of work; destructive potential.
1. Information environment. 2. Security models. 3. Spheres software protection. 4. Organizational system of objects of protection. 5. Means of network protection. 6. Create firewalls in corporate networks TABLE OF CONTENTS
The information sphere (environment) is a field of activity associated with the creation, dissemination, transformation and consumption of information. Any information security system has its own characteristics and at the same time must meet general requirements. General requirements to the information security system are as follows: 1. The information security system should be presented as a whole. The integrity of the system will be expressed in the presence of a single goal of its functioning, information links between its elements, the hierarchy of building a subsystem for managing the information security system. 2. The information security system must ensure the security of information, media and protection of the interests of participants in information relations.
3. The information security system as a whole, methods and means of protection should be as “transparent” as possible for the user, not create additional inconveniences for the user associated with the procedures for accessing information, and at the same time be insurmountable for unauthorized access by an attacker to protected information. 4. The information security system should provide information links within the system between its elements for their coordinated functioning and communication with external environment, before which the system shows its integrity and acts as a whole.
As a standard security model, a model of three categories is often cited: Confidentiality - the state of information in which access to it is carried out only by subjects who have the right to it; · Integrity - avoiding unauthorized modification of information; · Availability - avoid temporary or permanent hiding of information from users who have received access rights. There are also other not always mandatory categories of the security model: non-repudiation or appealability - the impossibility of refusing authorship; · accountability - ensuring the identification of the subject of access and registration of his actions; reliability - the property of compliance with the intended behavior or result; Authenticity or authenticity - a property that guarantees that the subject or resource is identical to the declared.
According to Kaspersky Lab experts, the task of ensuring information security should be addressed systematically. This means that various protections (hardware, software, physical, organizational, etc.) must be applied simultaneously and under centralized control. At the same time, the components of the system must “know” about the existence of a friend, interact and provide protection from both external and internal threats. To date, there is a large arsenal of methods for ensuring information security: means of identification and authentication of users (the so-called complex 3 A); means of encrypting information stored on computers and transmitted over networks; firewalls; · virtual private networks; content filtering tools; tools for checking the integrity of the contents of disks; · funds antivirus protection; · systems of detection of vulnerabilities of networks and analyzers of network attacks.
Software and hardware methods and means of ensuring information security. The literature suggests the following classification of information security tools. [ Means of protection against unauthorized access: Means of authorization; Mandatory access control; Selective access control; Role based access control; Journaling (also called Audit). Systems for analysis and modeling of information flows (CASE-systems). Network Monitoring Systems: Intrusion Detection and Prevention Systems (IDS/IPS). Confidential Information Leak Prevention Systems (DLP-systems).
Protocol analyzers Antivirus tools Firewalls Cryptographic tools: Encryption Digital signature. Backup systems Uninterruptible power supply systems: Uninterruptible power supplies; Load redundancy; Voltage generators. Authentication systems: Password; Access key (physical or electronic); Certificate; Biometrics. Means of preventing hacking of cases and theft of equipment. Means of control of access to premises. Tools for analysis of protection systems: Antivirus.
Organizational protection of informatization objects Organizational protection is the regulation of production activities and relationships between performers on a legal basis that excludes or significantly hinders the illegal acquisition of confidential information and the manifestation of internal and external threats. Organizational protection provides: organization of security, regime, work with personnel, with documents; the use of technical security equipment and information and analytical activities to identify internal and external threats to business activities.
Means of network protection for a LAN. Classification firewalls It is customary to distinguish the following classes of protective firewalls: filtering routers; session level gateways; application layer gateways. Filter Routers Filter incoming and outgoing packets using data contained in the TCP and IP headers. To select IP packets, groups of packet header fields are used: IP address of the sender; recipient's IP address; sender port; recipient port.
Individual routers control the network interface of the router from which the packet originated. This data is used for more detailed filtering. The latter can be done different ways, terminating connections to certain ports or PCs. Filtering rules for routers are complicated. There is no possibility of validation, except for slow and laborious manual testing. Also, the disadvantages of filtering routers include cases if: internal network; complex routing rules require excellent knowledge of TCP and UDP; when a firewall is hacked, all computers on the network become defenseless or inaccessible. But filtering routers also have a number of advantages: low cost; flexible definition of filtering rules; low latency when working with packets
Creating Firewalls on Corporate Networks If you want to install a reliable corporate or local network, it is necessary to solve the following tasks: network protection from unauthorized remote access using the global Internet; protection of network configuration data from WAN visitors; separation of access to a corporate or local network from the global one and vice versa. To ensure the security of a protected network, various schemes for creating firewalls are used: A firewall in the form of a filtering router is the simplest and most common option. The router is located between the network and the Internet. For protection, data is used to analyze the addresses and ports of incoming and outgoing packets.
A firewall using a dual port gateway is a host with two network interfaces. The main filtering of data exchange is carried out between these ports. A filtering router can be installed to increase security. In this case, an internal shielded network is formed between the gateway and the router, which can be used to install an information server. Screened Gateway Firewall - High management flexibility, but not enough security. It differs by the presence of only one network interface. Packet filtering is performed in several ways: when an internal host opens access to the global network only for selected services, when all connections from internal hosts are blocked. Shielded Subnet Firewall - Two shielding routers are used to create it. The outer one is installed between the shielded subnet and the Internet, the inner one is between the shielded subnet and the internal protected network. A good option for security with significant traffic and high speed work.
Information securityInformatization process inevitably leads to integration
these environments, so the problem of information security
must be decided taking into account the totality of conditions
circulation of information, creation and use
information resources in this information environment.
The information environment is a set of conditions,
means and methods based on computer systems,
designed to create and use
information resources.
The combination of factors that pose a threat to
functioning of the information environment is called
information threats.
a set of measures to protect information
the environment of society and man.
Information Security Goals
protection of nationalinterests;
human provision and
reliable society
and complete information
legal protection
individual and society
upon receipt,
dissemination and
use
information.
Information security objects
informational resources;system for creating, distributing and
use of information resources;
information infrastructure of society
(information communications, communication networks,
data analysis and processing centers, systems and
means of information protection);
mass media;
human and state rights to receive,
dissemination and use of information;
intellectual property protection and
confidential information.
Sources of information threats
SourcesExternal
Internal
Country Policies
Loss lag
informatization
Informational
war
Backlog in
technology
Criminal
activity
Inadequate
the level of education
Other sources
Other sources
Types of information threats
Informationalthreats
Deliberate
Theft
information
Computer
viruses
Physical
impact
for equipment
Random
Mistakes
user
Mistakes
professionals
Failures and failures
equipment
Force majeure
circumstances
Computer viruses
Computer virus -this is small program, written
highly qualified programmer
capable of self-reproduction
and performing various malicious actions. Computer viruses
in terms of harmful
impact
Non-hazardous
Dangerous
Very dangerous Computer viruses
by habitat
File
Macroviruses
Boot
Network
Antivirus programs
Antivirus program (antivirus) -any program to detect
computer viruses and unwanted
(considered malicious) programs in general
and recovery of infected
(modified) by such programs
files, as well as for prevention -
prevent infection (modifications)
files or operating system
malicious code.
Information security methods
When developing methods for protecting information ininformation environment should take into account the following
important factors and conditions:
expanding the use of computers
and increasing the growth rate of the computer park;
a high degree of concentration of information in
centers of its processing and, as a consequence, the appearance
centralized databases for
for collective use;
expanding user access to global
information resources;
software complexity
computing process on a computer. Protection methods:
Restricting access to
information;
Encryption
information;
Access control to
equipment;
Legislative
measures. Every year the number
information threats
computer security
systems and methods
implementation constantly
increases. Main
the reasons here are
shortcomings of modern
information technologies
and constantly increasing
hardware complexity.
To overcome these reasons
directed efforts
numerous
software developers
and hardware methods
information protection in
computer systems.
Security policy
Security policy -is a combination of technical, software and
organizational measures aimed at protecting
information on a computer network.