Fundamentals of information and computer security. Software and hardware level of protection

The classification of protection measures can be presented in the form of three Levels.

Legislative level. The Criminal Code of the Russian Federation has Chapter 28. Crimes in the field of computer information. It contains the following three articles:

Article 272. Illegal access to computer information;

Article 273. Creation, use and distribution of malicious computer programs;

Article 274. Violation of the rules for operating computers, computer systems or their networks.

Administrative and procedural levels. At the administrative and procedural levels, a security policy and a set of procedures are formed that determine the actions of personnel in normal and critical situations. This level is recorded in guidelines issued by the State Technical Commission of the Russian Federation and FAPSI.

Software and hardware level. This level includes software and hardware that make up information security technology. These include user identification, access control, cryptography, shielding, and much more.

And if the legislative and administrative levels of protection do not depend on a specific user computer equipment, then each user can and should organize a software and hardware level of information protection on his or her computer.

1.3. Software and hardware level of protection

We will not consider the existing complex software and hardware cryptographic systems that limit access to information through ciphers, as well as secret writing programs that can “dissolve” confidential materials in voluminous graphic and sound files. The use of such programs can only be justified in exceptional cases.

An ordinary user, like you and me, as a rule, is not a professional encryptor or programmer, so we are interested in “improvised” information security tools. Let's look at information security tools and try to assess their reliability. After all, knowledge weak points protection can save us from many troubles.

The first thing a personal computer user usually does is set two passwords: one password in the BIOS settings and the other on the screen saver. Protection at the BIOS level will require you to enter a password when you boot the computer, and protection on the screen saver will block access to information after a certain period of time that you specify has passed when the computer is inactive.

Setting a password at the BIOS level is a rather delicate process that requires certain skills in working with computer settings, so it is advisable to set it with a colleague who has sufficient experience in such activities. Setting a password for the screen saver is not so difficult, and the user can set it himself.

To set a password for the screensaver, you must perform the following steps: click the Start button, select Settings and Control Panel, double-click the Screen icon and in the Display Properties window that opens, select the Screensaver tab. Set the screensaver type, set the time interval (assuming 1 minute), check the Password checkbox and click the Change button.

In the Change Password window that opens, enter the screen saver password, then enter it again to confirm and click OK.

If you decide to remove the password for the screensaver yourself, then follow all the above procedures, only in the Change Password window you should not type anything, but simply click on the OK button. The password will be removed.

The first way is to use one of the loopholes often provided by motherboard manufacturers, the so-called “universal password for forgetful people.” An ordinary user, which we are, as a rule, does not know it.

You can use the second method of hacking the secrecy: remove the computer casing, remove the lithium battery for about 20...30 minutes system board, then insert it back. After this operation, the BIOS will 99% forget all passwords and user settings. By the way, if you yourself have forgotten your password, which happens quite often in practice, then you can use this method.

The third way for an outsider to find out our protected information is to remove the hard drive from the computer and connect it to another computer as a second device. And then you can read and copy other people’s secrets without any problems. With a certain skill, this procedure takes 15...20 minutes.

So, during your long absence, try to simply prevent unauthorized persons from entering the room where the computer is located.

Software and hardware measures aimed at control computer equipment, programs and stored data form the last but not least important frontier of information security. At this level, not only positive, but also Negative consequences rapid progress of information technology. Firstly, additional opportunities appear not only for information security specialists, but also for attackers. Secondly, information systems are constantly being modernized, rebuilt, and insufficiently tested components (primarily software) are added to them, which makes it difficult to comply with the security regime.

Central to the software and hardware level is the concept of a security service. These services for public sector institutions and companies include:

• identification and authentication;
• access control;
• logging and auditing;
• encryption;
• integrity control;
• shielding;
• security analysis;
• ensuring fault tolerance;
• ensuring safe recovery;
• tunneling;
• control.

Currently, increasing the level of information security of state-owned enterprises can be achieved through the introduction of modern security technologies, characterized by increasing functionality, versatility and the ability to be ported to any platform. In area technical protection information resources, we can distinguish three main areas in which Russian state-owned enterprises operate:

• protection internal network;
• protection of access to the Internet and international information exchange;
• protection of interaction with remote units.

At the same time, we remember that government agencies and government organizations use only information security tools certified by FSTEC or the FSB of the Russian Federation. To protect internal resources, most federal and regional government agencies use user authentication and authorization mechanisms built into operating systems. Some departments have special certified systems for protecting against unauthorized access and electronic locks, such as “Labyrinth-M”, “Accord”, SecretNet. As a rule, secret information protection keys “CryptoPro” or long-known and still known ones are installed as encryption means popular systems family "Verba".

To protect workstations and internal network servers from malicious programs (viruses, worms, Trojan horses), the vast majority of government organizations use anti-virus software software. Most often these are Russian Kaspersky Anti-Virus or Dr.Web. However, there are also solutions from Trend Micro, Symantec, McAfee, Eset.

The network is divided into segments with different information security requirements using MAC and IP address filtering mechanisms on the active network equipment and VLAN mechanisms. Very rarely are security policy control systems used that compare the current settings of protective mechanisms and subsystems with reference values ​​(Cisco, Uryadnik).

In order to protect the network perimeter, government agencies usually use various certified firewalls. These are mainly solutions from Cisco, Aladdin and Check Point. But there are also products from other manufacturers, in particular, Novell Border Manager, Microsoft ISA Server, SSPT-1 and SSPT-1M from the Central Research Institute of RTK, Zastava from Elvis-Plus.

Attack detection and prevention systems (so-called HIPS) have so far been implemented in very few government organizations. Typically, solutions from Symantec, S.N. are found here. Safe'n'Software and Cisco. Federal government agencies provide protection against spam and abuse on the Internet various systems monitoring Email and web traffic, such as eSafe Gateway, MAILsweeper, WEBsweeper and Websense.

In communication channels with remote units, only Russian systems cryptographic information protection and VPN - Zastava, VipNet or Continent.

11. Legal framework for organizational protection. Sources of law in the field of information security. Types regulatory documents. Examples of domestic and foreign legislative documents.

IN Russian Federation Regulatory legal acts in the field of information security include:

· Acts of federal legislation:

· International treaties of the Russian Federation;

· Constitution of the Russian Federation;

· Laws federal level(including federal constitutional laws, codes);

· Decrees of the President of the Russian Federation;

· Decrees of the Government of the Russian Federation;

· Regulatory legal acts of federal ministries and departments;

· Regulatory legal acts of constituent entities of the Russian Federation, local governments, etc.

Regulatory and methodological documents include

1. Methodological documents of government bodies of Russia:

· Doctrine of information security of the Russian Federation;

· Guiding documents of FSTEC (State Technical Commission of Russia);

· FSB orders;

2. Information security standards, of which the following are distinguished:

· International standards;

· State (national) standards of the Russian Federation;

· Methodological instructions.

Types of regulatory documents:

· Regulatory legal acts: Laws of the Russian Federation (On Security), Federal laws(About personal data, About information and information technology, On electronic digital signature), Decree of the President of the Russian Federation (On approval of the list of confidential information), Government Decree (On certification of information security means, On licensing);

· Regulatory, methodological and methodological documents: Doctrine, Orders of FSTEC, Regulations on certification of protective equipment according to safety requirements, Regulations on certification of objects, Model provisions, Guiding documents, Methods (security assessment), Regulatory and methodological document;

· Standards: GOST, RD, SanPin (Hygienic requirements for video display terminals), SNiP (noise protection).

Example of foreign legislative documents:

USA

As of today, the United States is the jurisdiction with the largest number documents in the System (more than 12,000 documents).

The database includes documents from two main American federal legal sources: the US Code (USC) and the Code of Federal Regulations (CFR). The first is a systematic set of federal statutory legislation and consists of 52 sections devoted to the regulation of certain legal branches or institutions.

The System includes three sections of the US Code: Title 26 - US Internal Revenue Code, Title 12 - Banks and Banking, and Title 15 - Commerce and Trade, which includes legislation. regulating activities in the securities market. The Code of Laws is reissued by Congress every 6 years and published by the US Code Service. Unlike most publicly available sources, the WBL system provides not only the text of these documents, but also the history of all amendments made to them, as well as notes and the most significant judicial precedents in this area.

The System also includes by-laws issued by federal executive authorities and included in the Code of Federal Regulation. They are published in the Federal Register - the body National Administration for archives affairs.

12. Development of a security policy. Basic provisions of information security. Application area. Goals and objectives of ensuring information security. Distribution of roles and responsibilities. General responsibilities.

Development.

First, it is necessary to conduct an audit of the company’s information processes to identify critical important information which needs to be protected. An audit of information processes should end with determining the list of confidential information of the enterprise, the areas where this information is accessed, the persons allowed to access it, as well as the consequences of loss (distortion) of this information. After implementing this stage, it becomes clear what to protect, where to protect and from whom: after all, in the overwhelming majority of incidents, the violators will be - willingly or unwillingly - the company employees themselves. And nothing can be done about it: you have to take it for granted. Various security threats can be assigned a probability value for their occurrence. By multiplying the probability of a threat being realized by the damage caused by this implementation, we obtain the risk of the threat. After this, you should begin to develop a security policy.

Security policy is a “top” level document, which should indicate:

· persons responsible for the safety of the company;

· powers and responsibilities of departments and services regarding security;

· organizing the admission of new employees and their dismissal;

rules for limiting employee access to information resources;

· organization access control, registration of employees and visitors;

· use of software and hardware protection tools;

· other general requirements.

The costs of ensuring information security should not be greater than the amount of potential damage from its loss. Risk analysis carried out at the audit stage allows us to rank them by magnitude and protect, first of all, not only the most vulnerable areas, but also those areas that process the most valuable information. The ISO 17799 standard allows you to obtain a quantitative assessment of integrated safety:

Developing a security policy involves a number of preliminary steps:

· assessment of the personal (subjective) attitude towards the risks of the enterprise of its owners and managers responsible for the functioning and performance of the enterprise as a whole or individual areas of its activity;

· analysis of potentially vulnerable information objects;

· identifying threats to significant information objects (information, information systems, information processing processes) and assessing the corresponding risks.

When developing security policies at all levels, you must adhere to the following basic rules:

· Security policies at lower levels must be fully subordinated to the corresponding policies top level, and current legislation and requirements of government agencies.

· The text of the security policy should contain only clear and unambiguous language that does not allow for double interpretation.

· The text of the security policy must be understandable to those employees to whom it is addressed.

The general information security policy life cycle includes a number of basic steps.

· Conducting a preliminary study of the state of information security.

· The actual development of a security policy.

· Implementation of developed security policies.

· Analysis of compliance with the requirements of the implemented security policy and formulation of requirements for its further improvement (return to the first stage, at new cycle improvement).

Organizational Security Policy(English) organizational security policies) - a set of security guidelines, rules, procedures and practices that govern the management, protection and distribution of valuable information.

In the general case, such a set of rules represents a certain functionality software product, which is necessary for its use in a specific organization. If we approach security policy more formally, then it is a set of certain requirements for the functionality of the security system, enshrined in departmental documents.

The security policy depends on:

• from a specific information processing technology;
• from the technical and software;
• from the location of the organization;

The protection of a large information system cannot be solved without well-developed information security documentation - Security Policy helps

· make sure that nothing important is overlooked;

· establish clear safety rules.

Only a comprehensive and economically feasible protection system will be effective, and the information system itself in this case will be secure.

The security policy document should describe the goals and objectives of information security, as well as valuable company assets that require protection. Information security goals, as a rule, is to ensure the confidentiality, integrity and availability of information assets, as well as ensuring the continuity of the company's business.

Information security objectives are all the actions that need to be performed to achieve the goals. In particular, it is necessary to solve such problems as analysis and management information risks, investigation of information security incidents, development and implementation of business continuity plans, advanced training of company employees in the field of information security, etc.

3) Safety requirement reuse objects contradicts:
encapsulation +
inheritance
polymorphism

4) Let us assume that the semantics of programs is taken into account when delimiting access. In this case, on game program The following restrictions may be imposed:
prohibition on reading any files except configuration ones
prohibition on changing any files except configuration ones +
ban on establishing network connections

5) The need for an object-oriented approach to information security is a consequence of the fact that:
it's a simple way to put a scientific spin on information security
object-oriented approach is a universal means of dealing with the complexity of modern information systems +
In information security, from the very beginning, the concepts of object and subject appear

6) The facets that allow structuring the means of achieving information security include:
integrity measures
administrative measures +
administrative measures

2Containers in component object frameworks provide:
general context of interaction with other components and with the environment +
means for preserving components
components transport mechanisms

Duplicate messages are a threat:
accessibility
privacy
integrity +

Melissa attacks accessibility:
e-commerce systems
geographic information systems
email systems +

Select malware, which opened a new stage in the development of this area:
Melissa +
Bubble Boy
I LOVE YOU

The most dangerous sources of insider threats are:
incompetent managers +
offended employees
curious administrators

5. Among the following, highlight main reason the existence of numerous threats to information security:
miscalculations in the administration of information systems
the need for constant modification of information systems
complexity of modern information systems +

Aggressive resource consumption is a threat to: Availability, Confidentiality, Integrity

Melissa is:
bomb
virus +
worm

The most common errors used to plant bombs are:
no checks for return codes
buffer overflow +
transaction integrity violation

The danger window appears when:
means of exploiting the vulnerability become known
it becomes possible to exploit the vulnerability +
new P is installed

Among the following, highlight Trojan programs:
I LOVE YOU
Back Orifice +
Netbus +

1. The Criminal Code of the Russian Federation does not provide for punishment for:
creation, use and distribution of malware
maintaining personal correspondence at the production technical base +
violation of the rules of operation of a computer, computer system or their network

In the bill "On improving information security" (USA, 2001) Special attention addressed to: easing restrictions on the export of cryptocurrencies
development of electronic authentication tools +
creating a public key infrastructure

4. The definition of information protection means given in the Law “On State Secrets” includes:
means of detecting malicious activity
means of ensuring fault tolerance
means of monitoring the effectiveness of information protection +

1. Security level B, according to the Orange Book, is characterized by:
forced access control +
verifiable security

3. The classes of security assurance requirements of the “General Criteria” include:
development +
protection profile assessment +
certification

4. According to the Orange Book, the security policy includes the following elements:
security perimeter
security labels +
security certificates

1. Security level A, according to the Orange Book, is characterized by:
random access control
forced access control
verifiable security +

decision to form or revise comprehensive program security +

ensuring the confidentiality of email messages

4. Top-level security program objectives include:
risk management +
determination of those responsible for information services
determination of penalties for violations of security policy

5. As part of the lower level security program, the following are carried out:
strategic planning
daily administration +
tracking security weaknesses +

"1. The security policy is based on:
general ideas about the organization's IP
studying the policies of related organizations
risk analysis +

2. Top-level security policy objectives include:
formulation of administrative decisions on the most important aspects of the implementation of the security program +
selecting user authentication methods
providing a basis for compliance with laws and regulations +

1. Risk is a function of:

1. Risk is a function of: the amount of possible damage, the number of vulnerabilities in the organization’s authorized capital system

3. The stages of risk management include: identification of assets + liquidation of liabilities, selection of analyzed objects +

4. The first step in threat analysis is: threat identification + threat authentication threat elimination

Identifying those responsible for risk analysis; measuring risks; selecting effective protective equipment;

5. Risk management includes the following activities: identifying those responsible for risk analysis; measuring risks; selecting effective protective equipment;

6. Risk assessment allows you to answer the following questions: what does the organization risk by using the information system? What are the risks for users of the information system? What are the risks for system administrators?

1. The classes of measures at the procedural level include: maintaining performance + maintaining physical fitness physical protection +

2. The principles of personnel management include: minimizing privileges + minimizing wages maximizing wages

3. The stages of the recovery planning process include: identifying critical functions of the organization + determining a list of possible accidents + conducting test accidents

5. The areas of daily activity at the procedural level include: situational management configuration management optimal management

1. Logging and auditing can be used to: prevent information security violations + detect violations + restore the information security regime

2. Indicate the most significant features of modern Russian IS from a security point of view: low throughput most communication channels are difficult to administer user computers lack of a sufficient set of cryptographic hardware and software products

Application of the most advanced technical solutions application of simple, proven solutions + combination of simple and complex protective equipment

Development and implementation of a unified security policy + unification of hardware and software platforms, minimizing the number of applications used

1. Shielding can be used to: prevent information security violations detect violations localize the consequences of violations

3. The basic principles of architectural safety include: adherence to recognized standards; application non-standard solutions, unknown to attackers - a variety of protective equipment

3. The basic principles of architectural security include: strengthening the weakest link + strengthening the most likely target of attack layering of defense +

5. To ensure information security network configurations you should be guided by the following principles: using your own communication lines ensuring confidentiality and integrity in network interactions + full analysis of network traffic

Access control + management of information systems and their components media management

To ensure information security of network configurations, one should be guided by the following principles: encryption of all information separation of static and dynamic data formation of composite services according to the content principle +

1. Integrity monitoring can be used to: prevent information security violations detect violations + localize the consequences of violations

4. Universal security services include: tools for creating virtual local networks shielding + logging and auditing +

Cardiogram of the subject + pension insurance card number result of the one-time password generator +

2. Authentication based on a password transmitted over the network in encrypted form is bad because it does not provide protection against: replay interception+ accessibility attacks+

Role+ role holder role user

4. When using the version of the Kerberos authentication server described in the course: no encryption is used - symmetric encryption is used, asymmetric + encryption is used

5. When using the approach to access control in the object environment described in the course, inheritance: always taken into account sometimes not taken into account +

1. The following can be used as an authenticator in a network environment: year of birth of the subject, last name of the subject, secret cryptographic key+

3. Role-based access control uses the following object-oriented approach: encapsulation inheritance + polymorphism

4. Kerberos authentication server: does not protect against availability attacks + partially protects against availability attacks - completely protects against availability attacks

5. When using the approach to access control in an object environment described in the course, access control rules are specified in the form of: a matrix of subjects/objects - predicates over objects, access lists to object methods

3. The basic concepts of role-based access control include: object + subject method

5. When using the approach to access control in the object environment described in the course, access to: object interfaces, object methods (taking into account the values ​​of the actual call parameters) object classes is limited

5. When using the approach to access control described in the course in the object environment, access to: object interfaces + object methods (taking into account the values ​​of the actual call parameters) + object classes is limited

Logging and auditing, encryption, integrity control:

The signature method of detecting attacks is good because it: raises few false alarms+ is able to detect unknown attacks is easy to configure and operate+

3. The digital certificate contains: user public key + user private key user name +

4. The implementation of logging and auditing has the following main goals: detection of attempts at information security violations + prevention of attempts at information security violations, prevention of attacks on availability

2. The threshold method of detecting attacks is good because it: raises few false alarms; is able to detect unknown attacks; is easy to set up and operate +

4. The implementation of logging and auditing has the following main goals: ensuring the accountability of administrators to users ensuring the accountability of users and administrators + providing information to identify and analyze problems

2. The statistical method of identifying attacks is good because it: raises few false alarms; is able to detect unknown attacks; is easy to set up and operate;

4. The implementation of logging and auditing has the following main goals: ensuring the accountability of administrators to users ensuring the accountability of users and administrators + providing information to identify and analyze problems +

5. Cryptography is necessary to implement the following security services: security control integrity control + access control

4. The implementation of logging and auditing has the following main goals: ensuring the possibility of reproducing the sequence of events, ensuring the possibility of reconstructing the sequence of events + preventing attempts to reproduce the sequence of events

1. Logging alone cannot provide non-repudiation because: logging information is typically low-level in nature, and non-repudiation relates to actions application level registration information has a specific format, incomprehensible to man registration information is too large+

5. Cryptography is necessary to implement the following security services: identification, shielding, authentication+

1. Logging alone cannot provide non-repudiation because: registration information may be dispersed throughout to different services And different components distributed IS+, the integrity of registration information may be violated, the confidentiality of registration information must be maintained, and non-repudiation verification will violate confidentiality

Identification and authentication, access control

1. The following can be used as an authenticator in a network environment:
subject's cardiogram+
pension insurance card number
the result of the one-time password generator+

2. Authentication based on a password transmitted over the network in encrypted form is bad because it does not provide protection against:
interception
playback+
accessibility attacks+

3. The basic concepts of role-based access control include:
role+
role player
role user

4. When using the version of the Kerberos authentication server described in the course:
encryption is not used -
symmetric encryption is used
asymmetric encryption is used

5. When using the approach to access control in the object environment described in the course, inheritance is always taken into account
sometimes taken into account
not taken into account+

1. The following can be used as an authenticator in a network environment:
subject's year of birth
subject's surname
secret cryptographic key+

3. Role-based access control uses the following object-oriented approach:
encapsulation
inheritance+
polymorphism

4. Kerberos Authentication Server:
does not protect against availability attacks+
partially protects against availability attacks
fully protects against availability attacks

3. The basic concepts of role-based access control include:
object+
subject
method

5. When using the approach to access control described in the course in the object environment, access to:
object interfaces +
object methods (taking into account the values ​​of the actual call parameters) +
object classes

Basic software and hardware measures:

2. Indicate the most significant features of modern Russian IS from a security point of view:
low bandwidth of most communication channels +
complexity of administering user computers
lack of a sufficient set of cryptographic hardware and software products+

3. The basic principles of architectural security include:
application of the most advanced technical solutions
application of simple, proven solutions+
combination of simple and complex protective equipment

5. To ensure information security of network configurations, the following principles should be followed:
development and implementation of a unified security policy+
unification of hardware and software platforms
minimizing the number of applications used

3. The basic principles of architectural security include:
adherence to recognized standards +
use of non-standard solutions unknown to attackers -
variety of protective equipment+

5. To ensure information security of network configurations, one should be guided by the following principles: encryption of all information; separation of static and dynamic data; formation of composite services according to the content principle +

3. The basic principles of architectural security include:
strengthening the weakest link+
strengthening the most likely target of attack
echelon of defense+

5. To ensure information security of network configurations, the following principles should be followed:
use of own communication lines
ensuring confidentiality and integrity in network interactions+ p
Complete network traffic analysis

4. Universal security services include:
access control+
management of information systems and their components
media management

To ensure information security of network configurations, the following principles should be followed:
encryption of all information
separation of static and dynamic data
formation of composite services according to the content principle +

4. Universal security services include:
tools for building virtual local networks
shielding + logging and auditing +

Procedural level of information security

1. The classes of procedural level measures include:
maintaining performance+
keeping fit
physical protection+

2. The principles of personnel management include:
minimizing privileges + minimizing wages
salary maximization

3. Steps in the recovery planning process include:
identifying critical organizational functions+
determining a list of possible accidents + conducting test accidents

4. The areas of physical protection include:
physical protection of users -
protection of supporting infrastructure+
protection against data interception+

5. Day-to-day activities at the procedural level include:
situational management
configuration management
optimal control-

Management of risks

1. Risk is a function of:
amount of possible damage +
number of vulnerabilities in the system
authorized capital of the organization

3. The stages of risk management include:
asset identification+
liquidation of liabilities
selection of analyzed objects+

4. The first step in threat analysis is:
threat identification+
threat authentication
elimination of threats

5. Risk management includes the following activities:
identifying those responsible for risk analysis
risk measurement selection of effective protective equipment

5. Risk management includes the following activities:
determination of those responsible for risk analysis -
risk measurement +
selection of effective protective equipment+

6. Risk assessment allows you to answer the following questions:
What does an organization risk by using an information system? +
What are the risks for users of the information system? +
What are the risks for system administrators?

Lecture 6.
Basic software and hardware measures
(security services)
1

Literature

V.A. Galatenko "Fundamentals
information security",
EBook
2

Central to the software and hardware level is the concept
security service.
3

Basic concepts of software and hardware level of information security

Ancillary services include
security (we have already encountered
them when considering standards and
specifications in the field of information security); among
them us first of all will be
interested in universal
high-level, allowing
use by various
main and auxiliary
services.
4

Basic concepts of software and hardware level of information security

Next we will look at the following services:
;
access control;
logging and auditing;
encryption;
integrity control;
shielding;
security analysis;
ensuring fault tolerance;
ensuring safe recovery;
tunneling;
control.
5

Basic concepts of software and hardware level of information security

To classify services
security and determining their place in the general
architecture security measures can be
divided into the following types:
preventive, preventing violations
Information Security;
measures to detect violations;
localizing, narrowing the area of ​​influence
violations;
measures to identify the violator;
measures to restore the security regime.
6

Basic concepts of software and hardware level of information security

Most security services fall into
number of preventive ones, and this is certainly
Right. Audit and integrity control
can help detect violations;
active audit also allows
program a reaction to a violation with
for the purpose of localization and/or tracking.
Direction of services
fault tolerance and secure
recovery is obvious. Finally,
management plays an infrastructural role,
serving all aspects of IP.
7

Identification and Authentication

Identification allows the subject
(user, process, current
on behalf of a specific user,
or other hardware and software
component) name yourself (tell your
Name).
8

Identification and Authentication

Through authentication, the second
the party makes sure that the subject
really who he thinks he is
issues. As a synonym for the word "
authentication" is sometimes used
the phrase "authentication".
9

10. Authentication

Authentication - verification procedure
authenticity, for example:
user authentication by
comparing the password he entered with the password,
saved in the user database;
electronic authentication confirmation
letters by checking the digital signature
letters using the sender's public key;
examination checksum file on
compliance with the amount declared by the author
this file.
10

11. Authorization

Authorization - provision
a specific person or group of people
rights to perform certain
actions; as well as the verification process
(confirmation) of these rights upon
attempting to perform these actions.
You can often hear the expression that
some person is “authorized” for
performing this operation is
means that he has the right to it.
11

12. Authorization

Authorization should not be confused with authentication:
authentication is a verification procedure
legality of the user or data, e.g.
checking the compliance of the entered
user password to account password in
database, or digital signature verification
letters using an encryption key, or verification
file checksum for compliance
stated by the author of this file.
Authorization performs access control
legal users to system resources
after successfully passing them
authentication. Often procedures
authentication and authorization are combined.
12

13. Identification and authentication

Authentication is one-way
(usually the client proves his
authenticity to the server) and two-way (
mutual). One way example
authentication - login procedure
user into the system.
13

14. Password authentication

The main advantage of a password
authentication – simplicity and
familiarity. Passwords have long been built into
operating systems and other services.
At correct use passwords
can provide acceptable for
many organizations level
security. However, according to
the totality of their characteristics should
recognize as the weakest remedy
authentication.
14

15. Password authentication

The following measures can significantly increase
reliability of password protection:
imposing technical restrictions (the password must
not too short, it must contain letters,
numbers, punctuation marks, etc.);
management of password expiration dates, their periodic
change;
restricting access to the password file;
limiting the number of failed login attempts
(this will make it difficult to use the “brute force method”);
user training;
using software password generators (such
the program, based on simple rules, can
generate only euphonious and, therefore,
memorable passwords).
15

16. One-time passwords

The passwords discussed above can be
call it reusable; their disclosure
allows the attacker to act
on behalf of a legal user.
A much stronger remedy
resistant to passive
network eavesdropping are
one-time passwords.
16

17. Kerberos Authentication Server

Kerberos is a software product
developed in the mid-1980s in
Massachusetts Institute of Technology
Institute and has since undergone a series of
fundamental changes. Client
Kerberos components are present in
most modern
operating systems.
17

18. Identification/authentication using biometrics

Biometrics is a collection of
automated identification methods
and/or authenticating people based on their
physiological and behavioral
characteristics. Among the physiological
characteristics belong to features
fingerprints, retina and cornea,
geometry of the hand and face, etc. To behavioral
characteristics include signature dynamics
(manual), style of working with the keyboard. At the junction
physiology and behavior are analyzed
voice features and speech recognition.
18

19. Identification/authentication using biometrics

In general, working with biometrics
data is organized as follows
way. First it is created and
characteristics database supported
potential users. For this
biometric characteristics
user are removed, processed,
and the result of the processing (called
biometric template) is entered into
database (source data such as
finger scan result or
corneas are usually not stored).
19

20. Identification/authentication using biometrics

But the main danger is that
any hole for biometrics
turns out to be fatal. Passwords, for all
their unreliability, in extreme cases it is possible
change. Lost authentication card
You can cancel the card and get a new one.
You cannot change your finger, eye or voice.
If biometric data turns out to be
compromised, you will have to at least
carry out significant modernization
the entire system.
20

21.

Access control models
21

22. Goals and scope

The purpose of access control is
restriction of operations that can
hold by legitimate user
(registered in the system).
Access control specifies that
specifically the user has the right
to do in the system, as well as what
operations are allowed to be performed
applications running from
username.
22

23. Goals and scope

Thus access control
designed to prevent
user actions that can
harm the system, for example
violate the security of the system.
23

24. Terms used

Access
Access by a subject to an object for specific operations.
An object
Container of information in the system
Subject
The entity that defines the user when working in
system
User
A person performing actions in the system or
application acting on his behalf.
24

25. General description

Access control is the definition
subject's ability to operate
over the object. In general
described by the following diagram:
25

26. General description

From a traditional point of view, controls
access allows you to specify and
control the actions that subjects
(users and processes) can perform
objects (information and other
computer resources). In this section
this is about logical control access,
which, unlike the physical, is realized
by software. Boolean
access control is the main mechanism
multi-user systems designed
ensure confidentiality and integrity
objects and, to some extent, their
availability (by prohibiting service
unauthorized users).
26

27. General description

Objective: Provide access control to
production information.
Access to computer systems and
data needs to be controlled
based on production requirements
(business).
Such control must take into account the rules
dissemination of information and
access restrictions adopted in
organizations.
27

28. General description

Production management requirements
access to systems must be determined
and document it.
Access control rules and access rights
per user or group
users must be clearly
formulated in policy provisions
control access to information.
Users and service providers must
know clearly defined
production requirements,
satisfying management policy
access.
28

29. General description

When defining access control rules
the following need to be considered:
differences between the rules that should always
be followed, and the rules that are
optional or conditional;
It is better to formulate rules based on the premise
"everything that is not clearly permitted is prohibited" than on
the premise “everything is permitted that is not explicitly prohibited”;
changes in information labels that
initialized automatically by means
information processing and initialized according to
user discretion;
changes in user access rights that
initialized automatically by information
system and initialized by the administrator;
rules that require administrator approval
or anyone else before entry into force, and those
rules that do not require anyone's approval.
29

30. Access control models

Authority Access Control
Role-based access control
30

31. Selective access control

Selective Access Control
(English: discretionary access control, DAC) -

objects based on control lists
access or access matrix.
Titles are also used
"discretionary access control"
"controlled access control"
or "demarcation management"
access."
31

32. Selective access control

Each object of the system has a subject attached to it,
called the owner. It is the owner who sets the rights
access to the object.
The system has one dedicated subject - the superuser,
who has the right to establish ownership rights for everyone
other subjects of the system.
An entity with a certain access right can transfer this right
any other subject
The subject's access rights to the system object are determined by
based on some external (relative to the system) rule
(property of selectivity).
To describe the properties of selective access control
a system model is used based on the access matrix (AM,
sometimes called the access control matrix). This model
called matrix.
The access matrix is ​​a rectangular matrix, in
in which a row corresponds to a system object and a column to a subject. At the intersection of a matrix column and row, the type is indicated
(types) of permitted access of a subject to an object. Usually isolated
such types of subject access to an object as “read access”,
“write access”, “execute access”, etc.
32

33. Selective access control

The set of objects and types of access to them by a subject can
change according to certain rules,
existing in this system.
For example, a subject's access to a specific object may be
only allowed on certain days (date-dependent
condition), clock (time-dependent condition), depending on
other characteristics of the subject (context-dependent
condition) or depending on the nature of the previous work.
Such conditions on access to objects are usually used in
DBMS. In addition, a subject with certain powers
may transfer them to another entity (if this is not
contradicts the security policy rules).
The decision on a subject's access to an object is made in
in accordance with the type of access specified in the relevant
access matrix cell. Typically, electoral management
access implements the principle “what is not allowed is
denied", which implies explicit permission for access
subject to object.
33

34. Selective access control

Mixed options are also possible
constructions when simultaneously in
are present in the system as owners,
establishing access rights to their
objects, and the superuser,
having the ability to change rights
for any object and/or changing it
owner. Just so mixed
option implemented in most
operating systems such as Unix or
Windows NT.
34

35. Authorized access control

Mandatory access control
access control, MAC) - access control
subjects to objects, based on purpose
sensitivity labels for information,
contained in the objects, and the issuance of official
permissions (admission) for subjects to contact
information of this level of confidentiality.
Also sometimes translated as Forced
access control. This is a method that combines
protection and limitation of rights applied under
towards computer processes, given
And system devices and intended for
preventing their unwanted
use.
35

36. Authorized access control

all subjects and objects of the system must
be uniquely identified;
each object of the system is assigned
criticality label defining
the value contained in it
information;
each subject of the system is assigned
level of transparency (security clearance),
defining the maximum value
criticality labels of objects to which
subject has access.
36

37. Authorized access control

In the case where a set of labels have the same
meanings, they are said to belong to the same
security level. The organization of labels has
hierarchical structure and thus in the system
can be implemented hierarchically, non-descending (by
values) flow of information (for example, from ordinary
performers to management). The more important the object or
subject, the higher its criticality label. That's why
the most protected objects are those with
the highest values ​​of the criticality label.
Each subject, in addition to the level of transparency, has
current security level value that can
vary from some minimum value to
values ​​of its transparency level. For acceptance
decisions on access permission are made
comparison of an object's criticality label with its level
transparency and current level security
subject.
37

38. Authorized access control

The result of the comparison is determined by two
rules: simple condition protection (simple
security condition) and property. IN
in a simplified form, they determine that
information can only be transmitted
"up", that is, the subject can read
contents of an object if its current level
safety not lower than the criticality mark
object, and write to it, if not higher.
A simple condition of protection is that any
the subject can perform an operation on an object
perform only if its level
transparency not lower than the criticality mark
object.
38

39. Authorized access control

The main purpose of the authorization policy
security - regulation of subject access
systems to objects with different levels of criticality and
preventing information leakage from upper levels
position hierarchy to the lower ones, as well as
blocking possible penetrations from lower
levels to the upper ones. At the same time, it operates on
background of electoral politics, giving it
requirements hierarchically ordered nature (in
according to security levels).
The mandatory access control system is implemented in
FreeBSD Unix OS.
SUSE Linux and Ubuntu have a mandatory architecture
access control called AppArmor.
39

40. Role-based access control

Role-based access control
(eng. Role Based Access Control,
RBAC - policy development
selective access control,
in this case, the access rights of subjects
systems into objects are grouped with
taking into account the specifics of their application,
forming roles.
40

41. Role-based access control

The role-based access control model contains a number of
features that do not allow it to be classified
neither to the discretionary category, nor to the category
mandate models.
The main idea of ​​what is implemented in this model
approach is that the concept of “subject”
is replaced by two new concepts:
user – a person working in the system;
role – active in the system
abstract entity that is associated with
limited and logically consistent
set of powers required for
carrying out certain actions in the system.
41

42. Role-based access control

A classic example of a role is root in Unix-like systems - the superuser,
possessing unlimited powers.
This role may, as needed,
be involved in various
administrators.
The main advantage of a role model
is the proximity to real life: roles,
operating in the AS, can be lined up in
full compliance with the corporate hierarchy
and at the same time not tied to specific
users, and to positions – that, in particular,
simplifies administration in conditions
high staff turnover.
42

43. Role-based access control

Access control when in use
role model is carried out as follows
way:
1. For each role, a set of
powers, which is a set
access rights to AS objects.
2. Each user is assigned a list
roles available to him.
Note that the user can be
associated with several roles –
this opportunity is also significantly
simplifies the administration of complex
corporate speakers.
43

44. Role-based access control

RBAC is widely used for
user management
privileges within a single
systems or applications. List
such systems include Microsoft
Active Directory, SELinux, FreeBSD,
Solaris Oracle DBMS and many
others.
44

45. Bell Model - Lapadulas

Model Bella - Lapadula - model
access control and management,
based on the mandate model
access control. In the model
conditions under which
impossible to create
information flows from
subjects with a higher level
access to subjects with lower
access level.
45

46. ​​Bell Model - Lapadulas

The classical Bell-Lapadula model was described in
1975 by employees of the MITER Corporation
David Bell and Leonard LaPadula, to the creation
models were pushed by the security system for
work with secret documents US Government.
The essence of the system was as follows: everyone
subject (person working with documents) and object
(documents) are assigned a label
confidentiality, starting from the highest
(“of special importance”), ending with the lowest
(“unclassified” or “public”). Moreover, the subject
which is allowed access only to objects with more
low privacy label, can't get
accessing an object with a higher label
privacy. The subject is also prohibited
writing information to lower-level objects
security.
46

47. Harrison-Ruzzo-Ullman model

Harrison-Ruzzo-Ullman model
is a classic discretionary
model, implements arbitrary
managing subject access to
objects and control over distribution
access rights within this model.
47

48. Harrison-Ruzz-Ullman model

Harrison-Ruzz-Ullman model
The processing system is provided as
a set of active entities of subjects,
forming many subjects,
who access
users of passive entities
objects forming a set
objects containing protected
information, and a finite set of rights
access characterizing the authority to
taking appropriate action before
what to include in scope
models of relationships between subjects.
It is generally accepted that all subjects
are also objects at the same time.
48

49. Hordston's five-dimensional security space model

Now consider a model called
five-dimensional space
Hartstone's security. In this
models use five-dimensional
security space for
process modeling, establishing
powers and organization of access to them
basis. The model has five main
sets:
A – established powers; U –
users; E – operations; R –
resources; S – states.
49

50. Hordston's five-dimensional security space model

The security area will look like
Cartesian product: А×U×E×R×S. Access
treated as a series of requests,
carried out by users u for
performing operations e on resources R while
the time when the system is in state s.
For example, an access request is submitted
four-dimensional tuple q = (u, e, R, s), u U,e
E,s S,r R. The quantities u and s are specified by the system in
fixed form.
Thus, the access request is a subspace
four-dimensional projection of space
security. Requests are granted access rights
in the case where they are completely enclosed in
corresponding subspaces.
50

51. Call security monitor

Contact security monitor concept
is a fairly natural formalization
some mechanism that implements the distinction
access in the system.
Call Security Monitor (CSM)
is a filter that allows
or denies access based on
the rules of differentiation established in the system
access
51

52. Call security monitor

Having received an access request from subject S to object O, the monitor
call security analyzes the rule base,
corresponding to the policy established in the system
security, and either allows or denies access.
The call security monitor satisfies the following:
properties:
1. No request for subject access to an object should
be performed bypassing the MBO.
2. The operation of the MBO must be protected from outsiders
interventions.
3. The presentation of MBO should be simple enough for
possibility of verifying the correctness of its operation.
Although the concept of a security monitor
calls is an abstraction, enumerated properties
are also valid for software or hardware modules,
implementing the functions of a call monitor in real
systems.
52

53. Integrity Models

One of the policy goals
security - protection against violation
integrity of information.
Most famous in this class
models of Biba's integrity model and
Clark-Wilson model.
53

54. Clark-Wilson model

The Clark-Wilson model appeared in
the result of the analysis carried out by the authors
actually applied methods of ensuring
integrity of document flow in
commercial companies. Unlike
models Biba and Bella-LaPadula, she
initially focused on needs
commercial customers, and, in the opinion
authors, is more adequate to their requirements,
than the previously proposed commercial
interpretation of the integrity model based on
gratings.
54

55. Clark-Wilson model

The basic concepts of the model under consideration are
transaction correctness and delimitation
functional responsibilities. The model specifies
computer operating rules
system and defines two categories of objects
data and two classes of operations on them. All
The data contained in the system is divided
into controlled and uncontrolled
data elements (constrained data items - CDI and
unconstrained data items - UDI, respectively).
The integrity of the former is ensured by the model
Clark-Wilson. The latter contain
information, the integrity of which is within
this model is not controlled (this is why
the choice of terminology is explained).
55

56. Clark-Wilson model

Next, the model introduces two classes of operations
over data elements: procedures
integrity control
verification procedures - IVP) and procedures
transformation
procedures - TR). The first of them
provide integrity check
controlled data elements (CDI),
the latter change the composition of the set of all
CDI (for example, converting UDI elements
in CDI).
56

57. Clark-Wilson model

The model also contains nine rules,
defining relationships
data elements and procedures in
process of system functioning.
57

58.

58

59. Biba model

The Beebe model is based on levels
integrity, similar to levels
Bell-Lapadula models. Unlike
Bella-Lapadula model reading
Now only upwards is allowed (from
subject to object, level of value
which exceeds the level of the subject),
and the recording is only down. Rules for this
models are complete
opposite to the rules of the model
Bella-Lapadula.
59

60. Biba model

Beebe's model considers
the following subject accesses to
objects and other subjects: access
subject to modify an object,
subject's access to read an object,
subject access to execute and
subject access to subject.
60

61. Biba model

The question deserves a separate comment:
what exactly is meant by Beebe's model?
integrity levels.
Indeed, in most applications
data integrity is considered as something
a property that is either preserved or not
persists - and the introduction of hierarchical
integrity levels can be represented
unnecessary.
In fact, the levels of integrity in the model
Biba should be considered as levels
reliability, and the corresponding
information flows - like transmission
information from a more reliable population
data into less reliable data and vice versa.

Taking into account the above, we will highlight three levels of formation of an information security regime:

· legislative and legal;

· administrative (organizational);

· software and hardware.

Legislative level includes a set of legislative and other legal acts establishing the legal status of subjects of information relations, subjects and objects of protection, methods, forms and means of protection, their legal status. In addition, standards and specifications in the field of information security belong to this level. The system of legislative acts and regulatory, organizational and administrative documents developed on their basis should ensure the organization of effective supervision over their implementation by law enforcement agencies and the implementation of measures of judicial protection and liability of subjects of information relations. Moral and ethical standards of behavior that have developed traditionally or are developing as computing tools spread in society can also be attributed to this level. Moral and ethical standards can be regulated by law, that is, in the form of a set of rules and regulations. The most typical example of such norms is the Code of Professional Conduct for Members of the US Computer Users Association. However, these norms are mostly not mandatory, like legislative measures.

Administrative level includes a set of mutually coordinated measures and technical measures that implement practical protection mechanisms in the process of creating and operating information security systems. The organizational level should cover all structural elements of data processing systems at all stages of their life cycle: construction of premises, system design, installation and commissioning of equipment, testing and inspection, operation.

Software and hardware level includes three sublevels: physical, technical (hardware) and software. The physical sublayer solves problems with constraints physical access to information and information systems, accordingly they relate to it technical means, implemented in the form standalone devices and systems not related to the processing, storage and transmission of information: system burglar alarm, surveillance system, means of physically preventing access (locks, fences, bars, etc.).

Security measures at the hardware and software sublevels are directly related to the information processing system. These tools are either built into the processing hardware or interfaced with them via a standard interface. Hardware includes parity information control circuits, key access circuits, etc. Software security, forming a software sublayer, includes special software used to protect information, for example antivirus package etc. Protection programs can be either separate or built-in. Thus, data encryption can be performed built-in operating system EFS file encryption system (Windows 2000, XP) or special program encryption.

We emphasize that the formation of an information security regime is a complex systemic task, the solution of which differs in content in different countries and depends on factors such as the scientific potential of the country, the degree of implementation of information technology in the life of society and the economy, development production base, the general culture of society and, finally, traditions and norms of behavior.

Main tasks of information security:

1. protection of state secrets, i.e. secret and other confidential information that is the property of the state, from all types of unauthorized access, manipulation and destruction;
2. protection of the rights of citizens to own, dispose and manage their information;
3. protection of the constitutional rights of citizens to the privacy of correspondence, negotiations, and personal privacy;
4. protection of hardware and software information technology from erroneous actions of personnel and man-made impacts, as well as natural disasters;
5. protection of hardware and software information technology from intentional influences.

2. Principles for constructing information security systems

A systematic approach to information security presupposes the need to take into account all interconnected, interacting and time-varying elements, conditions and factors essential to ensuring the security of information systems.
Possibility of increasing protection. The security system must be built taking into account not only all known channels of penetration and unauthorized access to information, but also taking into account the possibility of the emergence of fundamentally new ways of implementing security threats.
An integrated approach involves the coordinated use of diverse information security tools.

Adequacy- ensuring the required level of protection with minimal costs for creating a protection mechanism and ensuring its functioning. It is important to correctly select the sufficient level of protection at which the costs, risk and scale of possible damage would be acceptable (risk analysis task).
Minimizing access privileges granted to users, e.g. Each user should be granted only the rights they really need to access system resources and data.

Complete control- mandatory control of all access to protected data.
Punishability of violations. The most common penalty is denial of access to the system.

Efficiency of the mechanism- ensuring minimal costs for the creation and operation of the mechanism.

Systematic principle boils down to the fact that to ensure reliable protection information in modern information systems must be provided with reliable and consistent protection in all structural elements, in all technological areas of automated information processing and during the entire operation of the IS.

Specialization, as a principle of organizing protection, presupposes that reliable mechanism protection can only be designed and organized by professional information security specialists. In addition, to ensure the effective functioning of the protection mechanism, appropriate specialists must be included in the IS.

The principle of informality means that the methodology for designing a protection mechanism and ensuring its functioning is informal. Currently, there is no engineering (in the traditional sense of the term) methodology for designing a protection mechanism. Design methods developed to date contain sets of requirements, rules, sequence and content of stages that are formulated at an informal level, i.e. their mechanical implementation is generally impossible.

Flexibility of the protection system. The measures taken and installed protective equipment, especially during the initial period of their operation, can provide either an excessive or insufficient level of protection. To ensure the ability to vary the level of security, security measures must have a certain flexibility. This property is especially important in cases where the installation of protective equipment must be carried out on a working system without disrupting its normal functioning.

Continuity of protection principle assumes that information protection is not a one-time event or even a certain set of measures taken and installed means of protection, but a continuous, purposeful process that involves taking appropriate measures at all stages of the IP life cycle. The development of a protection system must be carried out in parallel with the development of the protected system. This will allow security requirements to be taken into account when designing the architecture and, ultimately, create more efficient secure information systems.